Skip to content
Proofline Experimental

Implemented, partial, planned, and not yet

Current status

Proofline has experimental server and web-client prototypes. Mobile capture, hosted accounts, notifications, and decryption are not production features.

Experimental · Not an emergency service

Proofline is experimental and does not contact emergency services. Read the safety boundaries.

Implemented today

  • Experimental Go server backend for authenticated main API routes.
  • Experimental React web-client prototype for account and incident review.
  • Local username/password accounts, opaque server-side sessions, and optional browser cookie-session support for future web-client use.
  • Public registration is disabled by default. Self-registration only works when a deployment explicitly enables email verification.
  • Private admin listener and private admin web surface.
  • Read-only token-scoped incident viewer routes.
  • Encrypted chunk ingest, immutable storage, and ciphertext hash checks.
  • SQLite/local storage defaults with optional PostgreSQL, S3-compatible, and Valkey backends.
  • Server-side incident metadata, owner-scoped read routes, and deletion/retention workflows.
  • Owner-scoped contact public-key metadata, sharing-grant metadata, and wrapped-key metadata routes.
Experimental / partial

Registration

Open registration can be enabled only with reviewed server configuration and email verification. Paid registration is a fail-closed placeholder, not billing.
Experimental / partial

Sharing metadata

Contact keys, sharing grants, and wrapped-key metadata exist as private API metadata. They do not add trusted-contact accounts, notifications, browser decryption, backend decryption, or key escrow.
Experimental / partial

Live API testing

The web client can model account and incident review surfaces and uses live backend routes only where the client contract is confirmed. It is not a recording client, public admin dashboard, or production safety workflow.
Experimental / partial

Cluster backends

PostgreSQL, S3-compatible storage, and Valkey are optional implemented backends. They do not make Proofline public-production-ready by themselves.

Planned future work

  • Native iOS and Android recording clients.
  • GPS/location capture and live context sharing where available.
  • Near-live encrypted upload and stronger client retry behavior.
  • SMS, email, push, or other trusted-contact notification delivery.
  • Trusted-contact accounts and grant-aware review workflows.
  • Hosted accounts, subscriptions, billing, abuse controls, and support operations.
  • Shared protocol specs, encryption envelopes, manifests, and conformance tests.
  • Reviewed browser/client-side decryption or other trusted decrypt path.
Not yet

No production emergency workflow

No emergency-services integration, dispatch, guaranteed real-time review, rescue workflow, or emergency response center exists.
Not yet

No production decryption path

No browser decryption, backend decryption, trusted-contact decryption, raw server-held media keys, key escrow, or break-glass key access is implemented.
Not yet

No mobile capture apps

There is no production iOS app, Android app, or platform-specific recording client.
Not yet

No hosted-account payment system

There are no checkout sessions, subscriptions, billing webhooks, payment-gated account access, or active paid account creation.

Sources

These project documents provide more detail about the current implementation, planned work, and security limits.