================================================================================ FACEBOOK MESSENGER + PAGE COMMENTS CHAT SYSTEM — PROJECT PLAN ================================================================================ Workspace: c:\xampp\htdocs\chatbot (PHP on XAMPP + MySQL) SCOPE ----- - Ingest: Facebook Messenger messages and Page post comments via Meta webhooks. - Persist: MySQL (threads, messages, optional post cache). - Operate: Web dashboard — list threads, open conversation, reply (Messenger or public comment reply). - Security: Webhook signature verification (X-Hub-Signature-256); Page token and app secret only server-side. GOALS ----- 1. Receive near-real-time events from Meta (webhooks). 2. Store normalized threads and messages for one inbox-style UI. 3. Send replies via Graph API (Messenger Send API; comment reply edge). 4. Protect operator UI with password (session) and lock down /config. HIGH-LEVEL ARCHITECTURE ----------------------- Meta Webhooks -> public/webhook.php -> WebhookHandler -> MySQL Operator browser -> public/*.php -> repositories -> Graph API (send) META DEVELOPER SETUP (ONE-TIME) ------------------------------- See META_APP_SETUP.txt in this folder for callback URL, verify token, required subscriptions, and where to put secrets in config. FILE LAYOUT (IMPLEMENTED) ------------------------- plan.txt — this roadmap META_APP_SETUP.txt — Meta app, webhook, token checklist sql/schema.sql — MySQL tables config/config.example.php — copy to config/config.php and fill values config/config.php — local settings (gitignored when using git) config/.htaccess — deny web access src/Config.php — loads config.php src/Database.php — PDO singleton src/Logger.php — append to logs/app.log src/GraphClient.php — HTTP POST to graph.facebook.com src/WebhookHandler.php — verify signature, parse, persist src/MessengerService.php — send Messenger messages src/CommentsService.php — reply to comments src/ThreadRepository.php — threads + messages CRUD public/app_init.php — autoload + Config::load (no session) public/bootstrap.php — app_init + session (operator pages) public/index.php — login + thread list public/thread.php — thread detail + composer public/send.php — POST reply endpoint public/webhook.php — GET verify + POST events public/style.css — minimal UI styles logs/.gitkeep — ensure logs dir exists (git) DATA MODEL ---------- threads: source (messenger|comment), page_id, external_thread_key, title, snippet, last_activity_at, unread_count messages: thread_id, direction (in|out), body, external_id, raw_json, created_at posts: optional cache post_id, message, created_time jobs: optional queue (included in schema for future async processing) OPERATOR UI ----------- - Login with password from config (PASSWORD_HASH bcrypt). - Thread list: filter All / Messenger / Comments; sort by last activity. - Thread view: timeline + reply form (calls send.php). LOCAL DEVELOPMENT ----------------- - Import sql/schema.sql into MySQL; copy config/config.example.php to config/config.php. - Meta requires HTTPS for webhooks: use ngrok or Cloudflare Tunnel to expose https://YOUR_TUNNEL/chatbot/public/webhook.php - Apache document root should include this project; open: http://localhost/chatbot/public/index.php ROLLOUT PHASES -------------- 1. Foundation: schema, config, logging, webhook verification + signature check. 2. Messenger: ingest messages, send reply from UI. 3. Comments: ingest feed/comment events, reply from UI. 4. Hardening: token rotation, rate limits, stricter auth, HTTPS-only production. COMPLIANCE ---------- Follow Meta Platform Terms, messaging policies (e.g. Messenger 24-hour window where applicable), and Graph API rate limits. Comment replies are public on the Page. ================================================================================ End of plan.txt ================================================================================