You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Comflex is a zero-hardcode, institution-agnostic college community platform that connects students across cohorts through gamified engagement, Discord-style group chats with a ring-based permission hierarchy, achievement tracking, and intelligent tools. It is built as a decoupled system (separate frontend and backend) to enable independent scaling and team velocity.
Key Principles:
Institution-agnostic — any college can deploy it by changing configuration, not code.
Admin-first setup — a Seed Admin is auto-created on deployment and controls all institution-specific config.
Ring hierarchy — concentric-ring permission model provides cascading, granular access control.
Engagement-first — credits, SBTs, badges, and leaderboards create intrinsic motivation.
Developer-friendly — API-first contracts, modular architecture, and strict standards.
2. Feature Modules
2.1 Seed Admin & First Boot
Description
On first deployment, the backend automatically creates a Seed Admin account (Ring 0) using credentials from environment variables. This admin bootstraps the entire platform.
First Boot Sequence
1. Backend starts for the first time.
2. Checks if any Ring 0 user exists in the database.
3. If not, creates the Seed Admin using:
- SEED_ADMIN_EMAIL
- SEED_ADMIN_PASSWORD (hashed with bcrypt)
- SEED_ADMIN_DISPLAY_NAME
4. Seed Admin logs in → Admin Dashboard.
5. Configures email parsing rules (regex, domain, year extraction).
6. Configures institution settings (name, logo, etc.).
7. Registration is now open for students.
Planned Operations
Operation
Method
Endpoint
Description
Check First Boot
GET
/api/v1/system/status
Returns whether the platform has been configured (public).
Registration Page: Multi-step form → Validation → Loading → Success (auto-login) / Error. Registration disabled if system not configured.
Profile Page: Skeleton loader → Rendered profile with avatar, badges, achievements → Edit mode → Save loading → Confirmation.
Key Rules
Passwords hashed with bcrypt (min cost factor 12).
Access tokens expire in ≤ 15 minutes; refresh tokens expire in ≤ 7 days.
Rate limit login attempts (max 5 per minute per IP).
Avatar images are resized server-side to 256×256 and 64×64 (thumbnail).
2.3 Automated Cohort Tagging (Admin-Controlled)
Description
The Admin (Ring 0) configures the tagging logic through the Admin Dashboard. When a user registers, the backend applies the admin-defined rules to extract a cohort year from the email and auto-assign the user to groups.
Admin Configuration Interface
The Admin Dashboard provides a UI to configure:
Setting
Type
Example
Purpose
Email regex pattern
string
(\d{2})bcs\d+@inst\.edu
Extract year identifier from email
Year capture group
integer
1
Which regex group holds the year
Year-to-cohort map
key-value
28 → "Class of 2028"
Human-readable cohort names
Cross-year senior offset
integer
-1
Auto-join group with year - 1
Cross-year junior offset
integer
+1
Auto-join group with year + 1
Fallback behavior
enum
no-tags / require-manual
Behavior when email can't be parsed
Senior auto-elevation
boolean
true
Whether seniors auto-get Ring 2 in cross-year groups
Tagging Logic
Input: user email + admin-defined parsing rules
Step 1: Apply admin's regex to extract year identifier.
Step 2: Map year identifier to cohort name using admin's mapping.
Step 3: Create/join groups:
→ Primary cohort group: cohort-{year}
→ Cross-year senior group: cohort-{year}-{year-1}
→ Cross-year junior group: cohort-{year}-{year+1}
Step 4: Set ring levels per group:
→ Primary cohort: Ring 3 (member)
→ Cross-year where user is SENIOR: Ring 2 (auto-elevated)
→ Cross-year where user is JUNIOR: Ring 3 (member)
Planned Operations
Operation
Method
Endpoint
Description
Get Tagging Config
GET
/api/v1/admin/cohort-config
Admin: retrieve current email parsing rules.
Update Tagging Config
PUT
/api/v1/admin/cohort-config
Admin: update the email parsing regex / domain rules.
Preview Tagging
POST
/api/v1/admin/cohort-config/preview
Admin: test a regex against a sample email (dry run).
Get User Tags
GET
/api/v1/users/me/tags
Retrieve the current user's cohort tags.
Trigger Re-Tag
POST
/api/v1/admin/users/:id/retag
Admin: re-process a user's email and reassign tags.
Bulk Re-Tag
POST
/api/v1/admin/users/retag-all
Admin: re-process all users (after rule change).
Key Rules
Parsing rules are never hardcoded — Admin configures them via Dashboard.
Cross-year groups are bidirectional (cohort-28-27 ≡ cohort-27-28, same group).
Unparseable emails → behavior defined by Admin's fallback setting.
Changing parsing rules does NOT retroactively re-tag — Admin must trigger bulk re-tag explicitly.
2.4 Ring-Based Hierarchy & Permissions
Description
A concentric-ring permission model controlling access at platform-wide and per-group levels. Lower ring = more power. This replaces the simple 3-role system with a flexible, cascading hierarchy.
Ring Definitions
Ring
Name
Scope
Description
Ring 0
Admin
Global + all groups
Full platform control. Created on deployment.
Ring 1
Manager
Global + assigned groups
Manages groups, users, events. Elevated by Ring 0.
Ring 2
Elevated Member
Per-group
Moderation powers (mute, kick, add, delete messages). Auto-assigned to seniors in cross-year groups.
Ring 3
Member
Per-group
Default for new users. Read/write messages, react, self-manage.
Ring 4+
Restricted
Per-group
Muted, read-only, or otherwise restricted. Applied as moderation action.
Platform-Wide Ring Operations
Operation
Method
Endpoint
Description
Get User Ring (Global)
GET
/api/v1/users/:id/ring
Get a user's global ring level.
Set User Ring (Global)
PATCH
/api/v1/admin/users/:id/ring
Admin: change a user's global ring.
Get User Ring (Group)
GET
/api/v1/groups/:groupId/members/:userId/ring
Get a user's ring in a specific group.
Set User Ring (Group)
PATCH
/api/v1/groups/:groupId/members/:userId/ring
Elevate/de-elevate a user in a group (ring rules enforced).
Every endpoint that involves elevation, de-elevation, or permission changes MUST enforce these rules:
ELEVATION:
actor.ring < target.ring → actor can elevate target to MIN(actor.ring, desiredRing)
actor.ring >= target.ring → REJECT (403)
actor.ring == 0 → can elevate anyone to any ring
DE-ELEVATION:
actor.ring < target.ring → actor can de-elevate target to any ring > actor.ring
actor.ring >= target.ring → REJECT (403)
actor cannot de-elevate self → REJECT (403)
PERMISSION CHANGES:
actor.ring < target.ring → actor can modify target's permissions
actor.ring >= target.ring → REJECT (403)
2.5 Group Chat System (Discord-Style)
Description
Real-time messaging in cohort groups with granular, per-user permissions. Supports text messages, mentions, pinned messages, attachments, typing indicators, and moderation actions — all governed by the ring hierarchy.
Muted users can read messages but cannot send, react, or mention.
Deleted messages show [Message deleted] — not removed from database.
Messages support rich mentions: @username resolves to a user card popup.
WebSocket connections require a valid JWT for handshake.
Message history is loaded via paginated REST; WebSocket is for real-time new messages only.
2.6 User Profiles, Badges & Achievements
Description
Every user has a rich, customizable profile with avatar, bio, displayable badges, earned achievements, and linked external accounts. Badges appear next to the user's name in chats (like Discord), and users choose which badges to showcase.
Profile Fields
Field
Type
Editable
Description
displayName
string
✅
User's chosen display name (unique)
avatarUrl
string
✅
Profile picture (JPEG/PNG/WebP, max 5MB, resized server-side)
bio
string
✅
Short bio (max 500 chars)
cohortTags
string[]
❌
Auto-assigned cohort groups
globalRing
integer
❌
Platform-wide ring level
displayBadges
Badge[]
✅
Currently displayed badges (user-selected, max 5)
allBadges
Badge[]
❌
All badges earned or purchased
achievements
Achievement[]
❌
Full achievement list
cfHandle
string
✅
Linked Codeforces handle
cfRating
integer
❌
Current CF rating (auto-synced)
creditBalance
integer
❌
Current Web3 credit balance
sbtCount
integer
❌
Number of SBTs owned
joinedAt
datetime
❌
Registration timestamp
Badge System
Badge Types
Type
Source
Transferable
Removable
Achievement Badge
Auto-awarded on milestone
❌
Can be hidden, not removed
SBT Badge
Mirrors minted SBT
❌
Tied to SBT lifecycle
Purchased Badge
Bought with Web3 credits
❌
Non-refundable
Admin-Granted Badge
Manually given by Admin
❌
Admin can revoke
Badge Display Rules
Users choose up to 5 badges to display at a time.
Displayed badges appear: in chat messages (next to name), on profile pages, and on leaderboard entries.
Badges are rendered as small icons with tooltips showing the badge name and description.
Planned Operations
Operation
Method
Endpoint
Description
List All Badges
GET
/api/v1/badges
List all available badges (earned, purchased, locked).
Get User Badges
GET
/api/v1/users/:id/badges
Get a user's earned/purchased badges.
Set Display Badges
PATCH
/api/v1/users/me/badges/display
Choose which badges to display (max 5).
Purchase Badge
POST
/api/v1/badges/:id/purchase
Buy a cosmetic badge with credits.
Grant Badge
POST
/api/v1/admin/users/:id/badges
Admin: grant a badge to a user.
Revoke Badge
DELETE
/api/v1/admin/users/:id/badges/:badgeId
Admin: revoke an admin-granted badge.
Create Badge Template
POST
/api/v1/admin/badges
Admin: create a new badge type.
List Badge Store
GET
/api/v1/badges/store
List purchasable badges with prices.
Achievement System
Achievement
Trigger Condition
Rewards
Code Warrior
Reach CF Expert or higher
Badge + SBT + Credits
Streak Master
30-day login streak
Badge + SBT + Credits
Content Star
10+ approved content contributions
Badge + SBT
Event Champion
Win a platform event
Badge + SBT
Community Builder
Admin-granted
Badge + SBT
First Steps
Complete profile (avatar + bio + CF link)
Badge
Social Butterfly
Join 5+ groups
Badge
Chatterbox
Send 1000+ messages
Badge
Helping Hand
50+ content upvotes received
Badge
Night Owl
100+ messages sent between 12 AM–6 AM
Badge
Planned Operations
Operation
Method
Endpoint
Description
List Achievements
GET
/api/v1/achievements
List all achievements with progress tracking.
Get User Achievements
GET
/api/v1/users/:id/achievements
Get a user's completed and in-progress achievements.
Check Achievement Progress
GET
/api/v1/achievements/:id/progress
Get current progress toward an achievement.
Profile Picture Rules
Accepted formats: JPEG, PNG, WebP. Max: 5MB.
Server resizes to 256×256 (full) and 64×64 (thumbnail).
Stored in S3-compatible object storage, served via CDN/signed URLs.
Default avatar: auto-generated from initials + color based on user ID hash.
A blockchain-based (or hybrid on/off-chain) credit economy that rewards users for platform engagement. Credits can be earned, spent (badge purchases), and managed (by admins and users with can_manage_economy).
Earning Actions
Action
Credits Awarded
Notes
Event attendance
Configurable per event
Set by event creator
Content contribution (approved)
Configurable
Approved by Coordinator/Admin
Codeforces rating milestone
Configurable per tier
Based on CF rating thresholds
Daily login streak
Configurable
e.g., 1 credit/day, bonus at 7-day streak
Peer endorsement received
Configurable
Anti-gaming limits apply
Achievement unlocked
Per achievement
Auto-awarded
Spending Actions
Action
Credits Cost
Notes
Purchase cosmetic badge
Per badge
Non-refundable
Purchase poster/cosmetic
Per item
Profile customization
Planned Operations
Operation
Method
Endpoint
Description
Get Balance
GET
/api/v1/credits/balance
Get the current user's credit balance.
Get History
GET
/api/v1/credits/history
Get the current user's credit transaction log.
Award Credits
POST
/api/v1/admin/credits/award
Admin: manually award credits to a user.
Deduct Credits
POST
/api/v1/admin/credits/deduct
Admin: deduct credits from a user.
Group Award
POST
/api/v1/groups/:id/credits/award
Economy manager: award credits in a group context.
Get Credit Config
GET
/api/v1/admin/credits/config
Admin: view credit earning rules.
Update Credit Config
PUT
/api/v1/admin/credits/config
Admin: update credit earning rules.
Key Rules
All credit mutations are transactional and audit-logged.
Credits cannot go negative.
Credit values for each action are configurable in DB — not hardcoded.
can_manage_economy permission holders can award credits in their group (limited by configurable daily cap).
Non-transferable NFTs minted on-chain to represent permanent achievements, certifications, and milestones. SBTs also auto-grant corresponding badges.
Achievement Types
Achievement
Trigger
SBT Metadata
Event Champion
Win a platform event
Event name, date, rank
Code Warrior
Reach Codeforces Expert or higher
CF handle, rating, timestamp
Content Star
10+ approved contributions
Contribution count, date
Streak Master
30-day login streak
Streak length, dates
Community Builder
Assigned by Admin
Custom description
Planned Operations
Operation
Method
Endpoint
Description
List User SBTs
GET
/api/v1/sbt/mine
Get the current user's SBTs.
Get SBT Detail
GET
/api/v1/sbt/:id
Get metadata for a specific SBT.
Mint SBT
POST
/api/v1/admin/sbt/mint
Admin: mint a new SBT for a user.
List SBT Templates
GET
/api/v1/admin/sbt/templates
Admin: view available SBT templates.
Create SBT Template
POST
/api/v1/admin/sbt/templates
Admin: create a new achievement template.
Revoke SBT
DELETE
/api/v1/admin/sbt/:id
Admin: revoke (burn) an SBT + associated badge.
Key Rules
SBTs are soulbound — transfer functions are disabled at the smart contract level.
Minting requires Admin role.
Minting an SBT auto-grants the corresponding badge.
Revoking an SBT auto-revokes the corresponding badge.
SBT metadata is stored on IPFS or equivalent decentralized storage.
All SBT events are logged on-chain and in the application DB.
2.9 Codeforces API Integration
Description
Pulls real-time competitive programming data from the Codeforces public API to display user stats, track progress, and award credits/SBTs based on rating milestones.
CF data is cached (configurable TTL, default 6 hours) to avoid rate limiting.
Handle verification: user must prove ownership (e.g., by setting a specific string in their CF bio temporarily).
CF API failures must be handled gracefully — show cached data with a "last synced" timestamp.
2.10 Content Library
Description
A curated, searchable repository of study materials including notes, past papers, tutorials, cheat sheets, and resource links. Supports tagging, upvoting, and cohort-based filtering.
Content Types
📄 Documents (PDF, DOCX upload → stored in object storage)
🔗 External Links (YouTube, blog posts, documentation)
📝 Rich Text Posts (Markdown-based posts created in-platform)
New submissions go into a pending state until approved by a Coordinator or Admin.
File uploads are virus-scanned before being made available.
Content is tagged with cohort groups for visibility filtering.
Upvotes contribute to credits for the content author.
2.11 AI Notes Assistant
Description
An AI-powered tool that helps students create, organize, summarize, and query their notes. Supports natural language Q&A over uploaded notes, auto-summarization, and study plan generation.
Capabilities
Feature
Description
Upload & Parse
Upload notes (PDF, Markdown, text) → AI parses and indexes them.
Summarize
Generate concise summaries of uploaded notes.
Q&A
Ask natural language questions about your notes → get contextual answers.
Flashcard Generation
Auto-generate flashcards from notes for spaced repetition study.
Study Plan
Generate a study plan based on syllabus + available notes.
Planned Operations
Operation
Method
Endpoint
Description
Upload Notes
POST
/api/v1/notes/upload
Upload a file for AI indexing.
List Notes
GET
/api/v1/notes
List all uploaded notes for the user.
Get Summary
GET
/api/v1/notes/:id/summary
Get AI-generated summary of a note.
Ask Question
POST
/api/v1/notes/ask
Ask a question over the user's note corpus.
Generate Flashcards
POST
/api/v1/notes/:id/flashcards
Generate flashcards from a specific note.
Delete Notes
DELETE
/api/v1/notes/:id
Delete an uploaded note and its index.
Key Rules
Notes are private per user — no cross-user access unless explicitly shared.
AI processing is asynchronous — upload returns immediately, processing status is polled.
Token/cost limits per user are configurable to prevent abuse.
All AI outputs include a disclaimer: "AI-generated — verify for accuracy."
2.12 Event Management System
Description
A full event lifecycle system supporting creation, registration, attendance tracking, and post-event analytics. Events can be created by Admins, Managers, or users with can_create_events permission in a group.
Avatar images auto-resized to standard dimensions server-side.
3.5 Search
Full-text search across content library, events, and chat messages.
Implementation: database-native search or dedicated search engine (configurable).
4. Data Model Overview
erDiagram
USER ||--o{ COHORT_TAG : has
USER ||--o{ GROUP_MEMBER : "belongs to"
USER ||--o{ CREDIT_TX : earns
USER ||--o{ SBT : owns
USER ||--o{ BADGE : has
USER ||--o{ ACHIEVEMENT : earns
USER ||--o{ NOTE : uploads
USER ||--o{ CONTENT : contributes
USER ||--o{ EVENT_REG : registers
USER ||--o{ MESSAGE : sends
USER {
uuid id
string email
string displayName
string avatarUrl
string bio
int globalRing
string cfHandle
int cfRating
int creditBalance
datetime joinedAt
}
GROUP ||--o{ GROUP_MEMBER : contains
GROUP ||--o{ MESSAGE : has
GROUP {
uuid id
string name
string description
string avatarUrl
string type
}
GROUP_MEMBER {
uuid userId
uuid groupId
int ring
json permissions
datetime joinedAt
}
MESSAGE {
uuid id
uuid groupId
uuid authorId
string content
json mentions
boolean isPinned
boolean isDeleted
datetime createdAt
datetime editedAt
}
BADGE {
uuid id
string name
string iconUrl
string type
int price
string description
}
ACHIEVEMENT {
uuid id
string name
string trigger
string rewardType
datetime unlockedAt
}
COHORT_TAG {
uuid id
string name
string type
}
CREDIT_TX {
uuid id
int amount
string action
string context
datetime timestamp
}
SBT {
uuid id
string templateId
string metadataURI
datetime mintedAt
}
CONTENT {
uuid id
string title
string type
string status
int upvotes
}
EVENT ||--o{ EVENT_REG : has
EVENT {
uuid id
string title
datetime date
string status
int maxParticipants
uuid groupId
}
LEADERBOARD_CACHE {
string type
json rankings
datetime lastUpdated
}
INSTITUTION_CONFIG {
uuid id
string name
string domain
string logoUrl
json emailParsingRules
json cohortConfig
}
Loading
5. Deployment & Operations
Environments
Environment
Branch
Purpose
Production
main
Live, user-facing. Zero direct deploys — only via CI/CD after PR merge.
Staging
dev
Integration testing. Auto-deployed on merge to dev.
Local
Feature branches
Developer machines. Uses Docker Compose for full stack.