# TODOS ## P1 ### Batch embedding queue across files **What:** Shared embedding queue that collects chunks from all parallel import workers and flushes to OpenAI in batches of 100, instead of each worker batching independently. **Why:** With 4 workers importing files that average 5 chunks each, you get 4 concurrent OpenAI API calls with small batches (5-10 chunks). A shared queue would batch 100 chunks across workers into one API call, cutting embedding cost and latency roughly in half. **Pros:** Fewer API calls (500 chunks = 5 calls instead of ~100), lower cost, faster embedding. **Cons:** Adds coordination complexity: backpressure when queue is full, error attribution back to source file, worker pausing. Medium implementation effort. **Context:** Deferred during eng review because per-worker embedding is simpler and the parallel workers themselves are the bigger speed win (network round-trips). Revisit after profiling real import workloads to confirm embedding is actually the bottleneck. If most imports use `--no-embed`, this matters less. **Implementation sketch:** `src/core/embedding-queue.ts` with a Promise-based semaphore. Workers `await queue.submit(chunks)` which resolves when the queue has room. Queue flushes to OpenAI in batches of 100 with max 2-3 concurrent API calls. Track source file per chunk for error propagation. **Depends on:** Part 5 (parallel import with per-worker engines) -- already shipped. ## P0 ### ChatGPT MCP support (OAuth 2.1) **What:** Add OAuth 2.1 with Dynamic Client Registration to the Edge Function so ChatGPT can connect. **Why:** ChatGPT requires OAuth 2.1 for MCP connectors. Bearer token auth is NOT supported. This is the only major AI client that can't use GBrain remotely. **Pros:** Completes the "every AI client" promise. ChatGPT has the largest user base. **Cons:** OAuth 2.1 is a significant implementation: authorization endpoint, token endpoint, PKCE flow, dynamic client registration. Estimated CC: ~3-4 hours. **Context:** Discovered during DX review (2026-04-10). All other clients (Claude Desktop/Code/Cowork, Perplexity) work with bearer tokens. See `docs/mcp/CHATGPT.md` for current status. **Depends on:** v0.6.0 remote MCP server (shipped). ## P1 (new from v0.7.0) ### Constrained health_check DSL for third-party recipes **What:** Replace shell command health_checks with a typed DSL: `{type: "env_exists", name: "KEY"}`, `{type: "url_responds", url: "..."}`, `{type: "heartbeat_fresh", max_age: "24h"}`. **Why:** Shell commands in recipe frontmatter = arbitrary code execution from markdown. Currently trusted because recipes are first-party only. This DSL is the mandatory gate before opening community recipe submissions. **Pros:** Eliminates RCE risk from third-party recipes. Health checks become machine-parseable. **Cons:** Less flexible than shell commands for novel checks. Need to define enough check types to cover common cases. **Context:** From CEO review + Codex outside voice (2026-04-11). User approved shell commands for first-party but explicitly requested constrained DSL before third-party recipes. **Depends on:** v0.7.0 recipe format (shipped). ## P2 ### Community recipe submission (`gbrain integrations submit`) **What:** Package a user's custom integration recipe as a PR to the GBrain repo. Validates frontmatter, checks constrained DSL health_checks, creates PR with template. **Why:** Turns GBrain from "Garry's integrations" into a community ecosystem. The recipe format IS the contribution format. **Pros:** Community-driven integration library. Users build Slack-to-brain, RSS-to-brain, Discord-to-brain. **Cons:** Support burden. Need constrained DSL (P1) before accepting third-party recipes. Need review process for recipe quality. **Context:** From CEO review (2026-04-11). User explicitly deferred due to bandwidth constraints. Target v0.9.0. **Depends on:** Constrained health_check DSL (P1). ### Always-on deployment recipes (Fly.io, Railway) **What:** Alternative deployment recipes for voice-to-brain and future integrations that run on cloud servers instead of local + ngrok. **Why:** ngrok free URLs are ephemeral (change on restart). Always-on deployment eliminates the watchdog complexity and gives a stable webhook URL. **Pros:** Stable URLs, no ngrok dependency, production-grade uptime. **Cons:** Costs $5-10/mo per integration. Requires cloud account. **Context:** From DX review (2026-04-11). v0.7.0 ships local+ngrok as v1 deployment path. **Depends on:** v0.7.0 recipe format (shipped). ### Fly.io HTTP server as alternative deployment **What:** Add `gbrain serve --http` and a Dockerfile/fly.toml for users who prefer a traditional server over Edge Functions. **Why:** Avoids the Deno bundling seam. Bun runs natively. No 60s timeout. No cold start. Codex flagged the bundle strategy as "permanent maintenance tax." **Pros:** Simpler code path, no edge-entry.ts needed, no Deno compat concerns. Supports sync_brain and file_upload remotely. **Cons:** Users need a Fly.io account. Not zero-infra. **Context:** From CEO review (2026-04-10). Edge Functions are the primary path. Fly.io is for power users who want full operation support remotely. **Depends on:** v0.6.0 remote MCP server (shipped). ## Completed ### Implement AWS Signature V4 for S3 storage backend **Completed:** v0.6.0 (2026-04-10) — replaced with @aws-sdk/client-s3 for proper SigV4 signing.