Skip to content

Instantly share code, notes, and snippets.

Last active Feb 2, 2020
What would you like to do?
The Pursuance System: Status

Components: LeapChat and Pursuance

The software that makes up the Pursuance System has 2 major features/components: secure chat, and task management.

The task management functionality can be found at . This pursuance repo uses LeapChat (currently via an iframe, though this will change); LeapChat can be found in its own GitHub repo at .

So, to be clear, we have:

  1. LeapChat -- end-to-end encrypted chat in the browser (which we've already launched; see, and

  2. Pursuance -- end-to-end encrypted task management optimized for large groups of volunteers.

The Interplay Between Chat and Task Management

Each pursuance has many associated tasks. Each task has its own LeapChat room attached to it for discussing the details of what should be done, how best to achieve that task, etc.

Unique Features

Here's what differentiates the Pursuance System from other task management-centric software:

Task/Participant Auto-pairing

When you have a non-trivial number of people participating in a pursuance, they're not going to know each other's skill sets, and therefore won't know who they should assign a task that they think someone should complete, or that they personally need done as a sub-task of whatever they are working on.

Other task management systems do not scale in the ways we need them to.

In Pursuance, when a new task is created and the skills necessary to complete it are specified (by tag), participants within that task's pursuance who have all of the requisite skills will be notified and asked if they'd like to be the assignee. (Users will add their skills to their respective profiles so that this pairing can occur.)

Assigning Tasks to Other Pursuances

Other systems think it terms of teams. What is a team? A small group of closely-knit people who know each other's names, skill sets, and so on. But a team is also a silo cut off from the rest of the world.

Pursuance does not see the world this way. By enabling pursuances to assign tasks to other pursuances, we are enabling a federation of politically-aligned organizations/groups/projects asking each other for help, perhaps specializing within the ecosystem, and offering their unique talents and knowledge to other pursuances with whom they partner.

Automatic Task Reassignment

Volunteers are flaky. Someone will often volunteer for a task, or otherwise have a task assigned to them, and not do it.

When a task's assignee hasn't made recent progress, Pursuance will either ask the task's creator or reviewer if they want to ask its assignee for a status update, or Pursuance could automatically, periodically ask for said updates from assignees without first asking the reviewer if these messages should be sent out. But the interesting part is: an unresponsive or otherwise seemingly not-working-on-the-task assignee can be given, say, 24 hours (or a dynamic amount of time depending on the "velocity" of the pursuance, which we can measure by tracking changes in the task phases) to respond or to make progress or do something, after which, if nothing is done, our software can automatically reassign this task to, say, the last person who logged in who has all of the skills required by the task, or to the person with the most karma points with all the requisite skills, or to the person who invited the current assignee to the pursuance in the first place, or some other auto-calculable variant.

...and in writing this, I just realized that the tasks's reviewer, not just assignee, could be auto-reassigned in the same fashion if a task is finished but the reviewer doesn't mark it as done for some period of time.

End-to-end Encryption

For private pursuances, tasks will be encrypted, in which case the server will not be able to see the title, description, deliverables, etc of a task in unencrypted form, just its relation to other tasks, who it's assigned to, who its reviewer is, and its phase/how close it is to being completed.

The crypto library we are currently using is miniLock, which has undergone a thorough security audit by the venerable Cure53. miniLock enables us to deterministically generate a passphrase from (1) a username or email address and (2) a passphrase. From the user's perspective, they will sign into Pursuance as they would sign into any other website or app (other than us requiring a stronger password), but in this case we are generating a keypair for that user, which JavaScript running in their browser (and, later, their native app) uses to encrypt and decrypt content.

Each private pursuance is associated with a unique passphrase that is used to generate a unique keypair using miniLock. That passphrase is generated in the browser/on the device of the user who created that pursuance. When a user is invited to a private pursuance, the invite includes a copy of this passphrase.

Tech Stack

Pursuance is all React on the frontend and Go + Postgres + PostgREST on the backend. (Adding TypeScript to the React code would be nice to do at some point, though I'm not sure when.)

The strategy: write React code once, privately launch a web app version of the Pursuance System by June 2018, make a bunch of improvements based on user feedback, then reuse 80% of that code to build a React Native version for Android and iOS, and also a native desktop version using Electron.

Especially Useful Contributions

Any ideas that you, dear reader, have for making task management great for large numbers of volunteers that don't know each other would be especially useful to this project.

I think we really need to be able to: (1) represent task dependencies, and (2) say in-app that you're blocked and what's blocking you (so the person in charge of the blocking task can be automatically notified).

Copy link

DiagonalArg commented Oct 5, 2017

When a user is invited to a private pursuance, the invite includes a copy of this passphrase.

That won't stay secret long. As they say in the intel world, the number of people who know a secret is exponential in the number of people you tell. So, what are the implications of that spreading around?

Copy link

hybriz commented Nov 8, 2017

also how will you keep track of "karma points" if identities are non-persistent/ephemeral ? ;)
also does everyone gets to see the content of tasks even without taking them on?

Copy link

elimisteve commented Dec 6, 2017

@DiagonalArg The passphrase isn't seen by users, it's used behind the scenes to encrypt and decrypt tasks, messages, and files that users share.

@hybriz Identities are persistent :-) . Users with the lowest privileges in a pursuance cannot see what everyone else is working on -- they can only see the tasks they've been assigned. But above that, yes, users can see what's going on. Here's the detailed permissions model we're implementing: .

Copy link

elplatt commented Jul 23, 2018

What are the plans for hosting? Centralized/federated/self-hosted? Centralized is vulnerable to technical and non-technical attacks, but other options can be a barrier to many users. Mastodon seems to be doing well with balancing the two using a federated model.

Copy link

elimisteve commented Feb 2, 2020

@elplatt EffectiveAF, my successor to Pursuance, is starting with SaaS, then offering a self-hosted option, then building server federation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment