General:
  * Convert SQLite code to use Persistent
User Interface:
  * Login
    * Evaluate OAuth options
  * Invite
    * Record who invited a participant.
    * When a new participant is invited to the project, allow them to create an account.
  * Profile
  * Timeline - Yours
    * Log Start
    * Log Stop
    * Amend Event
      * Amend operations targeting events older than <commit_delay hours> fail.
      * Future work - garnish/reimburse based approach? 
  * Payouts
    * History of payouts (read from blockchain?)
    * Projected payout given current data
  * Voting
    * List Proposals
    * Create Proposal
      * Options to be considered
      * Closing date
    * Vote
  * Resource Pooling
    * Create Resource Pool
      * Describe resource need
      * Base resource award set by socialized vote?
        * Voting on continuous values?
      * Set resource contribution timeline
      * Solicit/Suggest resource acquisition designee (& vote)
    * Escrow of resource acquisition contributions. 
      * Resource award bidding?
      * In case of oversubscription, award is reduced by a function of the oversubscription amount.
      * "Test Oversubscription" functionality.
  * Read blockchain transactions; when a payment is observed, distribute it to participants.
  * Adjust work index reader to only read work index entries older than <commit_delay hours>. 
  * Tabulate votes & randomly pick from weighted distribution.
  * Resource pool awarding
Payouts Service
    * BTC address alias chains (in case new payouts should go elsewhere)
    * Update Payout Address
      - authenticate by asking the user to sign and broadcast a small txn with a specific
      - amount from the old address to the new address
      - user creates account & provides payout address
      - inviting user asked to sign a txn that transfers a specific amount of btc from their
      - current payout address to the invitee's payout address

Guiding Principle:
Trust in your collaborators is the foremost design principle. Any attempt to
inhibit abuse or fraud within a company will ultimately be circumventable, so
it's more important to provide features that will be useful to friendly actors.
Any feature that can be used to retroactively punish a malicious actor can also
be used to abuse a friendly but unpopular actor, and so should be avoided. The
correct way to exclude a malicious actor is to fork the company to exclude that
actor.
Design Goals:
  * Do not discard information. Mutable caches of state are fine, but
    retain all information necessary to reproduce both the current state and
    all prior states of the cache. 
  * Timestamp EVERYTHING.
  * Keep a cryptographically verified audit trail.
  * Use cryptographic signatures for authentication of all requests to secured 
    resources.
Library:
  * Invite
    * When a new participant is invited to the project, allow them to create an account.
      - user creates account ands provides initial payout address
      - inviting user asked to sign a txn that transfers a specific amount of btc from their
        current payout address to the invitee's payout address as confirmation of
        the invitation
  * Timeline
    * Amend Event
      * Amend operations targeting events older than <commit_delay hours> fail.
      * MAYBE garnish/reimburse based approach? 
    * Secure the transaction log via inclusion of periodic hashes of the log
      into the public blockchain?
  * User
    * Add public keys that can be used to sign requests. How does this interact
      with certificate-based auth from browsers? Require openpgpjs?
    * Payout Address Update
      - authenticate by asking the user to sign and broadcast a small txn with a specific
        amount from the old address to the new address
  * Payouts
    * Payouts should not include events younger than <commit_delay hours> to permit amends.
    * Find current verified address for each payout.
    * History of payouts (read from blockchain?)
    * Include hours won in resource auction - requires confirmation that contribution
      was actually made (observed in the confirmed blockchain)
  * Resource Pooling
    * Resource auction bids should include the source address which will be used in the CoinJoin txn.
    * Create election for resource acquisition designee
  * Elections
    * Create Election
      - Options to be considered
      - Closing date
    * List Proposals
    * Record Vote
Webserver:
  * Login
    * Evaluate OpenID options
  * Companion Creation
    * Require user to provide the PGP public key that will be used to authenticate requests
  * Authentication
    * Require bodies of all 
  * Timeline
    * Amend Event
Payouts Service:
  * Read blockchain transactions
    * Invitation validation
    * Payout Address Update validation
    * When a payment is observed, distribute it to participants.
    * When a resource acquisition CoinJoin is observed, record time awards
  * Elections
    * Close voting window
    * Tabulate votes & randomly pick winner from weighted distribution
    * Record & announce winning option
  * Resource Pooling
    * Finalize resource pooling auction
    * Create CoinJoin transaction to award BTC to the resource acquisition designee
    * Notify auction winners so that input addresses & signatures may be collected.

workEventParser = WorkEvent <$> fieldWith eventTypeParser <*> field 

workEventParser = WorkEvent <$> fieldWith eventTypeParser <*> field  <*> field

    "INSERT INTO work_events (project_id, user_id, btc_addr, event_type, event_time) VALUES (?, ?, ?, ?, ?)" 

    "INSERT INTO work_events (project_id, user_id, btc_addr, event_type, event_time, event_meta) \
    \VALUES (?, ?, ?, ?, ?, ?)" 

    , a ^. address

    , a ^. _BtcAddr

    , e ^. eventMeta

    (user' ^. (username._UserName), user' ^. (userAddress.address), user' ^. userEmail)

    (user' ^. (username._UserName), user' ^. (userAddress._BtcAddr), user' ^. userEmail)

    toJSON $ mapKeys (^. address) p

    toJSON $ mapKeys (^. _BtcAddr) p

  , eventType, eventTime

  , eventType, eventTime, eventMeta

import Data.Aeson as A

  -- Permit the inclusion of arbitrary JSON data that may be refactored into
  -- proper typed fields in the future. 
  , _eventMeta :: A.Value

reduceToIntervals ((LogEntry addr (WorkEvent StopWork end')) : (LogEntry _ (WorkEvent StartWork start')) : xs, acc) = 

reduceToIntervals ((LogEntry addr (WorkEvent StopWork end' _)) : (LogEntry _ (WorkEvent StartWork start' _)) : xs, acc) = 

newtype BtcAddr = BtcAddr { _address :: Text } deriving (Show, Eq, Ord)
makeLenses ''BtcAddr

newtype BtcAddr = BtcAddr Text deriving (Show, Eq, Ord)
makePrisms ''BtcAddr

parseBtcAddr = Just . BtcAddr -- this will be changed to do validation

parseBtcAddr = Just . BtcAddr -- FIXME: perform validation

import qualified Data.Map as M

  requestBody <- readRequestBody 4096

  let workEvent = WorkEvent evType timestamp

  let em = maybe A.Null id $ A.decode requestBody
      workEvent = WorkEvent evType timestamp em

  writeLBS . A.encode . fmap (fmap IntervalJ) $ mapKeysWith (++) (^. address) widx

  writeLBS . A.encode . fmap (fmap IntervalJ) $ M.mapKeysWith (++) (^._BtcAddr) widx

  event_time timestamp with time zone not null

  event_time timestamp with time zone not null,
  event_meta json not null