updated plan

Documentation/Mile_Stones/Milestone_1.md

@@ -3,6 +3,7 @@
 
 ### 1. Workspace Setup
 - [ ] Initialize the root Cargo workspace: `cargo init --vcs none` (delete `src/`). Create a root `Cargo.toml` with `[workspace] members = ["core_protocol", "server_node", "client_node"]`.
+- [ ] **AI Context Trap (File Structure):** Strictly adhere to the directory layout and module hierarchy defined in `File_Structure.md`. Do not invent new file paths or module names; map every new crate and file exactly to the blueprint.
 - [ ] Create crates: `cargo new --lib core_protocol`, `cargo new --bin server_node`, `cargo new --bin client_node`.
 - [ ] Add strict lints (`#![forbid(unsafe_code)]`, etc.) to the root workspace or individual `lib.rs`/`main.rs` files.
 - [ ] **Dependencies (`core_protocol`):** Add `serde`, `bincode`, `uuid`, `chrono`, `thiserror`, `secrecy` (for zeroing sensitive keys).
@@ -18,7 +19,7 @@
 - [ ] **Server:** In `server_node/src/main.rs`, initialize `tokio::net::TcpListener::bind("0.0.0.0:8080")`.
 - [ ] **Server:** Spawn a new `tokio::spawn(async move { ... })` for each incoming `TcpStream`.
 - [ ] **Client:** In `client_node/src/network/control.rs`, implement `TcpStream::connect("127.0.0.1:8080")`.
-- [ ] **Shared:** Implement a framing mechanism (e.g., sending a `u32` length prefix before the `bincode` serialized `TcpEvent`) to prevent TCP stream fragmentation.
+- [ ] **AI Context Trap (TCP Framing):** Raw TCP streams suffer from fragmentation. Do NOT attempt to manually buffer bytes. You must use `tokio_util::codec::LengthDelimitedCodec` (with `tokio_serde` and `bincode`) to abstract the frame boundaries cleanly.
 
 ### 4. Login Logic & State
 - [ ] **Server State:** Create `server_node/src/state.rs`. Define a `DashMap<u32, UserState>` to store active session tokens.

Documentation/Mile_Stones/Milestone_2.md

@@ -3,7 +3,7 @@
 
 ### 1. UI Layout (`client_node/ui`)
 - [ ] **Dependencies:** Add `egui`, `eframe`.
-- [ ] **Initialization:** In `main.rs`, launch `eframe::run_native`.
+- [ ] **AI Context Trap (Eframe + Tokio):** Do NOT use `#[tokio::main]` on the client. `eframe` demands the main thread. Manually build a `tokio::runtime::Runtime`, spawn the background network actors, and pass MPSC channels into the `AppState` before calling `eframe::run_native()`.
 - [ ] **Architecture:** Create `struct AppState`. Implement `eframe::App` trait for it.
 - [ ] **Layout:** Build the basic classic TeamSpeak UI. Left panel (tree view of hardcoded channels), right panel (text chat log).
 

Documentation/Mile_Stones/Milestone_5.md

@@ -3,6 +3,7 @@
 
 ### 1. Database Setup (`server_node/database.rs`)
 - [ ] **Dependencies:** Add `sqlx` with the `sqlite` and `runtime-tokio` features.
+- [ ] **AI Context Trap (SQLite Locking):** SQLite will throw `database is locked` errors under heavy async load. Ensure the `sqlx::sqlite::SqliteConnectOptions` explicitly sets `PRAGMA journal_mode=WAL` to allow concurrent UDP/TCP access.
 - [ ] **Schema Migrations:** Create `users` (ID, Name, Hash, Role) and `channels` (ID, Name, ParentID, RequiredRole, Bitrate). Run migrations on startup via `sqlx::migrate!()`.
 - [ ] **Permissions Check:** During the TCP `ChannelJoin` event, query the DB to ensure the user's Role $\ge$ the `RequiredRole` of the channel.
 

Documentation/Mile_Stones/Milestone_6.md

@@ -3,6 +3,7 @@
 
 ### 1. Network Encryption
 - [ ] **TCP TLS:** Wrap the server's `TcpListener` and client's `TcpStream` using `rustls`. Generate or require self-signed certificates for the server.
+- [ ] **AI Context Trap (Crypto Nonce):** `chacha20poly1305` is completely compromised if a Nonce is reused. To avoid tracking state or sending large random bytes over UDP, strictly cast the `SequenceNumber` (u64) padded with zeros into a 12-byte array to act as a guaranteed-unique Nonce.
 - [ ] **UDP Encryption:** Add `chacha20poly1305`. After Opus encoding, encrypt the payload byte array using a symmetric key negotiated during the TLS TCP handshake, before sending over UDP.
 
 ### 2. Dockerization