# Phase 1: Safety Foundation - Context
**Gathered:** 2026-02-28
**Status:** Ready for planning
## Phase Boundary
The app launches as a login shell, handles crashes and disconnects without locking out users, and reads its configuration from bbs.toml. This phase delivers process lifecycle safety and configuration loading — no content rendering, no navigation, no visual theming beyond what's needed to prove the app starts and exits cleanly.
## Implementation Decisions
### Configuration shape
- Config file lives next to the binary (same directory)
- When bbs.toml is missing, use sensible defaults (vault defaults to ./vault/, default theme) — config file is optional
- Phase 1 settings: `vault_path` and `theme` only — minimal config
- Support `--config /path/to/bbs.toml` CLI flag to override config location
- Strict TOML parsing — reject unknown keys to catch typos early
- When vault path points to a nonexistent directory, show a friendly error and exit (don't launch the TUI)
### Startup experience
- Straight to content on launch — no splash screen, no delay, immediately show index.md
- Clear the terminal on launch (clean slate, not alternate screen buffer) — immersive BBS feel, no shell artifacts
- Login shell detection: strip the leading dash from argv[0] for compatibility
- In login-shell mode, suppress 'q' to quit — prevents accidental SSH disconnects. Only Ctrl+C works as exit.
### Failure messaging
- On panic recovery: friendly message only — "Something went wrong. The app has exited safely." No technical details shown to user.
- Panic details logged to stderr — captured by systemd journal or SSH output after exit, available for server admin
- Config errors use BBS-themed tone — "SYSTEM ERROR: Config file corrupted at line 3. SysOp intervention required." style messaging
### Exit behavior
- BBS-style goodbye message on quit — retro signoff before terminal restores
- Ctrl+C requires double-press to confirm — first press shows "Press again to quit", second press exits
- In login-shell mode, Ctrl+C (double-press) is the only exit method — no alternative commands
- Goodbye message displays for ~500ms (brief flash) before process exits
### Claude's Discretion
- Exact goodbye message text and formatting
- Panic hook implementation approach
- Signal handler registration strategy
- Default theme values
- Default vault path (./vault/ or similar)
## Specific Ideas
- Error messages should feel like old-school BBS system messages — "SysOp intervention required" style
- The clean-slate terminal clear reinforces the feeling of connecting to a remote BBS system
- Double-press Ctrl+C pattern borrowed from modern CLI tools but fits the "are you sure you want to disconnect?" BBS feel
## Deferred Ideas
None — discussion stayed within phase scope
---
*Phase: 01-safety-foundation*
*Context gathered: 2026-02-28*