================================================================================
FACEBOOK MESSENGER + PAGE COMMENTS CHAT SYSTEM — PROJECT PLAN
================================================================================
Workspace: c:\xampp\htdocs\chatbot (PHP on XAMPP + MySQL)

SCOPE
-----
- Ingest: Facebook Messenger messages and Page post comments via Meta webhooks.
- Persist: MySQL (threads, messages, optional post cache).
- Operate: Web dashboard — list threads, open conversation, reply (Messenger or public comment reply).
- Security: Webhook signature verification (X-Hub-Signature-256); Page token and app secret only server-side.

GOALS
-----
1. Receive near-real-time events from Meta (webhooks).
2. Store normalized threads and messages for one inbox-style UI.
3. Send replies via Graph API (Messenger Send API; comment reply edge).
4. Protect operator UI with password (session) and lock down /config.

HIGH-LEVEL ARCHITECTURE
-----------------------
Meta Webhooks -> public/webhook.php -> WebhookHandler -> MySQL
Operator browser -> public/*.php -> repositories -> Graph API (send)

META DEVELOPER SETUP (ONE-TIME)
-------------------------------
See META_APP_SETUP.txt in this folder for callback URL, verify token, required
subscriptions, and where to put secrets in config.

FILE LAYOUT (IMPLEMENTED)
-------------------------
  plan.txt                 — this roadmap
  META_APP_SETUP.txt       — Meta app, webhook, token checklist
  sql/schema.sql           — MySQL tables
  config/config.example.php — copy to config/config.php and fill values
  config/config.php        — local settings (gitignored when using git)
  config/.htaccess         — deny web access
  src/Config.php           — loads config.php
  src/Database.php         — PDO singleton
  src/Logger.php           — append to logs/app.log
  src/GraphClient.php      — HTTP POST to graph.facebook.com
  src/WebhookHandler.php   — verify signature, parse, persist
  src/MessengerService.php — send Messenger messages
  src/CommentsService.php  — reply to comments
  src/ThreadRepository.php — threads + messages CRUD
  public/app_init.php      — autoload + Config::load (no session)
  public/bootstrap.php     — app_init + session (operator pages)
  public/index.php         — login + thread list
  public/thread.php        — thread detail + composer
  public/send.php          — POST reply endpoint
  public/webhook.php       — GET verify + POST events
  public/style.css         — minimal UI styles
  logs/.gitkeep            — ensure logs dir exists (git)

DATA MODEL
----------
threads: source (messenger|comment), page_id, external_thread_key, title,
         snippet, last_activity_at, unread_count
messages: thread_id, direction (in|out), body, external_id, raw_json, created_at
posts: optional cache post_id, message, created_time
jobs: optional queue (included in schema for future async processing)

OPERATOR UI
-----------
- Login with password from config (PASSWORD_HASH bcrypt).
- Thread list: filter All / Messenger / Comments; sort by last activity.
- Thread view: timeline + reply form (calls send.php).

LOCAL DEVELOPMENT
-----------------
- Import sql/schema.sql into MySQL; copy config/config.example.php to config/config.php.
- Meta requires HTTPS for webhooks: use ngrok or Cloudflare Tunnel to expose
  https://YOUR_TUNNEL/chatbot/public/webhook.php
- Apache document root should include this project; open:
  http://localhost/chatbot/public/index.php

ROLLOUT PHASES
--------------
1. Foundation: schema, config, logging, webhook verification + signature check.
2. Messenger: ingest messages, send reply from UI.
3. Comments: ingest feed/comment events, reply from UI.
4. Hardening: token rotation, rate limits, stricter auth, HTTPS-only production.

COMPLIANCE
----------
Follow Meta Platform Terms, messaging policies (e.g. Messenger 24-hour window
where applicable), and Graph API rate limits. Comment replies are public on the Page.

================================================================================
End of plan.txt
================================================================================
