February 5th, 2026
Hardening the Core: Verification Chains and Conflict Detection Today’s focus was on implementing the self-perpetuating verification system that powers the “chain” of accountability in CommitT, alongside critical security hardening and conflict detection mechanisms.🏗️ What We Built Today
We delivered a series of critical backend and frontend updates, moving from basic task creation to a robust, conflict-aware, and secure system.1. Self-Perpetuating Verification Chain
Commit:0882ca6 feat(tasks): schedule verification check at time slot end
The core engine of CommitT is now live. When a task instance is created, we automatically schedule its verification.
- Automated Scheduling: At the end of every time slot, a system job runs to verify the user’s proof.
- The “Chain”: This verification job not only checks the current instance but is responsible for spawning the next instance in the chain.
2. Intelligent Conflict Detection
Commit:7d8e0d9 feat(tasks): add conflict detection and refactor task screens
We solved the “double-booking” problem by implementing conflict detection at both the database and UI levels.
Backend (convex/tasks.ts):
- Conflict Check: Added logic to scan existing time windows before creating or updating tasks.
- Graceful Failures: Instead of throwing raw errors, we now return structured result objects
{ success, error }to the frontend. - Self-Exclusion: Updates correctly ignore the current task being edited to prevent false positives.
final.tsx & commits.tsx):
- Error Modals: User-friendly messages when conflicts are detected (e.g., “You already have a commitment on Monday at 9:00 AM”).
- Performance: Heavy rendering logic in the commits list was memoized.
- Refactor: Cleaned up the “Final” screen by extracting constants and types.
3. Robust Security & Auth
Commit:cb5a399 fix(security): implement robust auth, validation & error handling
We locked down the API to prevent unauthorized access and ensured data integrity.
- Strict Auth:
create,update, andremovemutations now enforcectx.authchecks. - Session-Based Identity: We stopped trusting client-side
userIdarguments. The backend now derives identity directly from the secure session. - Mirror Validation: Backend validation rules now perfectly mirror frontend rules, preventing API misuse (e.g., bypassing UI checks).
- Error Handling: Added robust
try-catchblocks to handle network or server failures gracefully in the UI.
4. Recurrence Schema Migration
Commit:b52228b feat(schema): move time_windows to recurrence
We aligned the database schema with our finalized recurrence model.
- Schema Update: Moved
time_windowsout of generic conditions and into the dedicatedrecurrenceobject. - Type Sync: Updated frontend TypeScript types to match the new Convex schema.
📂 Key Files Modified
🔒 Security & Validation Details
We implemented a “Trust No One” approach for the API:- Authorization: Only the task creator (assigner) can modify or delete a task.
- Input Validation:
- Title must be present
- Time windows must be valid (start < end)
- Recurrence rules must have at least one valid slot
- Identity:
userIdis pulled from the JWT token, not the request body.
⏭️ Next Steps
With the core verification loop and security layer in place, we are ready to move to:- Proof Collection: Implementing the actual upload/verification logic for photos and location.
- Partner Verification: Allowing accountability partners to validate proofs.
- Notifications: Alerting users when their verification is due.