← Back to Plan

Human Tasks

Steel Notes — Blocking Human Tasks

These are tasks only a human can do that are **blocking** agent development of other features. Nothing here is optional or forward-looking — each item is gating work that's ready to be built.

Blocking Phase 2 — Cloud Vault Sync

  • [x] **Set up AWS account and credentials** ✅
  • Create an AWS account (or confirm you have one)
  • Install AWS CLI: brew install awscli
  • Run aws configure with your access key + secret — agents need this to run Terraform and deploy Lambda
  • *Blocks: all server infrastructure, S3 storage, RDS database, Lambda deployment*
  • [x] **Install Rust toolchain and cargo-lambda** ✅
  • Install Rust: curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
  • Install cargo-lambda: brew tap cargo-lambda/cargo-lambda && brew install cargo-lambda
  • *Blocks: building and testing the server locally, deploying to Lambda*
  • [x] **Run local Postgres and S3 via Docker** ✅
  • Install Docker Desktop: brew install --cask docker
  • Run docker compose up -d (starts Postgres + MinIO S3)
  • *Blocks: local server development and integration testing*
  • [ ] **Enroll in Apple Developer Program ($99/year)**
  • Sign up at developer.apple.com
  • Create an App ID with "Sign in with Apple" capability
  • Create a Services ID for server-side Sign in with Apple validation
  • Note your Team ID (goes in APPLE_TEAM_ID env var)
  • Create an APNs key (.p8 file) for push notifications
  • Enable push notifications entitlement in Xcode Signing & Capabilities
  • *Blocks: Sign in with Apple auth flow, push notifications, TestFlight, App Store*
  • [x] **Choose and register an API domain**
  • Pick a domain (e.g., api.steelnotes.app)
  • Register it and be ready to point DNS to API Gateway after Terraform runs
  • *Blocks: deploying the API to a reachable endpoint, client-side API base URL config*
  • [x] **Generate a JWT secret** ✅
  • Run: openssl rand -hex 32
  • Save the output — it goes in the server's JWT_SECRET env var
  • *Blocks: auth token signing and validation*

    • Blocking — Deploy Server to AWS Lambda

  • [ ] **Build and deploy Rust binary to Lambda**
  • Run: cd server && cargo lambda build --release --features lambda
  • Deploy: cargo lambda deploy steel-notes-api-production
  • *Blocks: production API, iOS app connecting to real server*
  • [ ] **Run database migrations on production RDS**
  • Get the RDS endpoint: cd server/deploy/terraform && terraform output rds_endpoint
  • Run migrations: psql <rds_connection_string> < src/db/migrations/001_users.sql (repeat for each migration file)
  • Alternatively, the server runs migrations on startup — invoke the Lambda once and check logs
  • *Blocks: user registration, auth, sync state storage*
  • [ ] **Point API domain DNS to API Gateway**
  • API Gateway URL: https://bjhfydpwgb.execute-api.us-east-1.amazonaws.com
  • Create a CNAME record for api.steelnotes.app → the API Gateway URL
  • Or set up a custom domain in API Gateway with an ACM certificate
  • *Blocks: iOS app using production URL instead of localhost*
  • [ ] **Update iOS app baseUrl to production**
  • Change http://localhost:3000 to https://api.steelnotes.app in ServiceBundle.swift and AuthService.swift
  • Or use the API Gateway URL directly: https://bjhfydpwgb.execute-api.us-east-1.amazonaws.com
  • *Blocks: iOS app talking to production server*
  • [ ] **Verify production health**
  • curl https://bjhfydpwgb.execute-api.us-east-1.amazonaws.com/health
  • Register a test user and verify auth flow works
  • Create a note and verify it appears in S3: aws s3 ls s3://steel-notes-vaults-production/ --recursive
  • *Blocks: confidence that the full stack works end-to-end*

    • Blocking Phase 3 — Capture Layer & AI

  • [ ] **Enable AWS Bedrock model access in your AWS account**
  • Go to AWS Console → Bedrock → Model access
  • Request access to Anthropic Claude models (Claude 3.5 Sonnet, Claude 3.5 Haiku)
  • Access is usually granted instantly, but some models require a brief approval
  • Verify your region supports Bedrock (us-east-1, us-west-2, eu-west-1 all do)
  • No API keys needed — Lambda uses IAM role auth
  • *Blocks: AI-powered capture parsing, vision OCR, transposition engine, auto-classification*
  • [ ] **Verify Amazon Transcribe is available in your region**
  • Go to AWS Console → Amazon Transcribe → verify it loads
  • No special enablement needed — it's available by default in most regions
  • *Blocks: voice note transcription from Share Sheet captures*

    • Blocking Plan Site — dev.pittsventures.com

  • [x] **Create S3 bucket for plan site** ✅
  • [x] **Configure CloudFlare DNS for dev.pittsventures.com** ✅
  • [x] **Set up GitHub Actions OIDC for AWS deploys** ✅