null
|
55699e17ed
|
feat: security hardening, CI, analytics, invite deep links, solo mode, weekly recap
Roadmap phases 0-3.1 (see plan). Verified: unit tests, functions tests,
firestore rules 119/119, live emulator smokes.
Security + CI:
- Move App Check debug token out of committed build.gradle.kts to
local.properties (secret() resolver: local.properties -> -P -> env);
admin service-account key relocated outside the repo.
- Add GitHub Actions (android unit/scan/gitleaks, backend functions +
rules emulator via emulators:exec) with a CI google-services.json stub
and a reviewed .gitleaksignore baseline.
- Fix firestore rules tests to the current deployed contract (was 108/118,
now 119/119).
Analytics + consent:
- FirebaseRetentionAnalytics behind a fail-safe composite sink, single-
sourced hashing (AnalyticsHashing), Settings -> Privacy opt-out toggle
gating Firebase + the sink, and the ~11 missing event call sites.
- NoPlaintextInAnalyticsTest guards the content-free rule at build time.
Funnel:
- Invite deep links (https App Link + closer:// fallback), JoinLink parser,
PendingJoinCodeStore, prefilled/already-paired pairing, richer share text.
- Solo pre-pairing: UnpairedLockedCard on Play, SoloAnswerMigrator + consent
dialog moving pre-pairing answers into Couple Lore.
Weekly recap:
- WeeklyRecapScreen driven by the existing generator from local answer data,
Home card rewired, content-free shareable card.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
|
2026-07-06 20:33:38 -05:00 |