TuneNest

Partial

Music Without Middlemen

https://tunenest.noxsoft.net ↗

Creator-sovereign music distribution. Artists keep 90%+ of revenue. AI-powered DAW studio with beat/lyrics/melody generation. Part of Sporus.

Completion76%

13

Live

3

Partial

1

Stub

2

Missing

13/13

Pages

0/22

APIs

58%

Security

Features (19)

Core3/5 live

Music Upload & PublishingLive

Audio + cover art upload with metadata and scheduling

Artist Profiles & DiscoveryLive

Public artist profiles with track listings

Playlists & LibraryLive

Personal library, playlists, and track likes

Schedule PublishingPartial

UI has scheduling dialog, backend incomplete

External DistributionMissing

No Spotify/Apple Music distribution connectors

Auth1/1 live

WebAuthn/Passkeys AuthLive

Passwordless passkey authentication

Monetization2/3 live

Tips & Direct SupportLive

Stripe payments with 5% platform fee, 95% to creator

Creator Stripe ConnectLive

Onboarding, payout status, earnings tracking

Royalty SplitsMissing

No multi-artist revenue sharing

Studio3/6 live

AI Beat GenerationLive

Genre-specific drum patterns via Claude API

AI Lyrics GenerationLive

Full/continue/rewrite modes with syllable counting

AI Melody/Rhyme/MixLive

3 additional AI endpoints for music production

Studio DAWPartial

Sequencer/piano roll UI built, Tone.js playback partial

Effects & MixerPartial

UI complete, audio processing partially integrated

CollaborationStub

Database schema ready, sharing UI not built

Social2/2 live

Following FeedLive

Cross-platform following from all 5 Sporus platforms

NotificationsLive

Tips, follows, and publishing event notifications

Protection2/2 live

Copyright DetectionLive

Perceptual hash duplicate detection

AI Consent ControlsLive

Per-content training/remix/style protections

Security

Security Checklist

2/6 passing
CheckStatus
CSRF ProtectionPass
Rate LimitingFail
Input ValidationPartial
Security HeadersPartial
Auth / SessionPass
EncryptionPartial

Issues(6 open)

Critical

No rate limiting — AI endpoints can be abused (expensive Anthropic calls)

Open
High

Missing CSP header — XSS risk on public profiles

Open
High

No server-side file type verification — relies on extension only

Open
Medium

Username/bio fields lack output sanitization

Open
Medium

Passkey challenge table has no cleanup job

Open
Low

Studio audio engine partially integrated

Open

API Route Inventory

22

Total Routes

0

Rate Limited

13

Total Pages

13

Live Pages