Commit Graph

40 Commits

Author SHA1 Message Date
null 884cf9f614 chore(build): stop committing functions/dist; delete stale schema cruft (kill the artifact-drift class)
The dist-stale bug (deployed onCoupleKeyRotated lacked committed src twice) was
one instance of a class: a tracked build artifact whose source is elsewhere,
with no guard they match. Fix it at the root — don't track the artifact.

- functions/dist: git rm --cached (104 files) + gitignored. src is truth; dist
  is tsc output that ships (main: dist/index.js). The predeploy hook already
  builds it at deploy and backend-ci builds it for tests, so the old
  "committed for reproducibility" rationale is dead — committing it only hid
  drift behind noisy .js/.js.map diffs. You cannot ship stale what you don't
  track; a deploy on a fresh clone now fails loudly (missing dist) instead of
  shipping old code.
- app/schemas: deleted the stale com.couplesconnect.app.data.local dir — dead
  cruft from the package rename to app.closer, and living proof the class isn't
  hypothetical. The live app.closer schema stays committed (legitimate Room
  migration provenance, validated by AssetDatabaseVerifyTest).
- ERM rewritten: the dist-committed convention is reversed; the app.db + schema
  cousins documented as same-class-but-guarded.

No behavior change — dist remains on disk (untracked) so local/predeploy/CI
builds and deploys are unaffected.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-16 02:58:38 -05:00
null 8e6dabd4a4 feat(seed): rebuild asset db from JSON; verify Room loads it on-device
Regenerates app/src/main/assets/database/app.db with the fixed build_db.py, so
the app finally ships the current question catalog. The db had drifted far from
the JSON source of truth: 6103 -> 3811 questions (the intentional 150-cap trim),
+150 quality_time (a category the app could not show at all), and daily 500 ->
511 — the 11 wildcards, whose feature (DailyModeResolver) was built but had zero
content in the db, so wildcard days were dark. Identity hash is unchanged
(7e7d78fc...), schema untouched, so no migration is involved.

Scale labels now actually render. The db stored snake_case answer_config while
the app's only parser (QuestionMapper.parseAnswerConfig) reads camelCase, so
optString("minLabel","") resolved to "" and the scale UI fell back to bare
numbers. The rebuild emits the shape the parser reads.

Adds AssetDatabaseVerifyTest (androidTest): Room opens the asset lazily, so an
app that launches proves nothing about it — the bundled db is only validated on
first DB touch, and a bad one crashes every user on a fresh install. The test
forces a real open via openHelper.readableDatabase (triggering the copy +
identity/schema check) and asserts content, no orphan category_ids, integer
depth, and the camelCase scale contract. Verified 4/4 green on a clean install
on throwaway emulator 5558; the 5554/5556 fixtures were never touched.

Also stops shipping ~6MB of dead weight: app.db.bak_q4 and app.db.bak_q5 were
tracked inside assets/, and everything under assets/ is packaged into the APK.
build_db.py was making it worse by writing its backup next to the db; backups
now go to build/db-backups/ (gitignored, outside the packaged tree) and the
stale ones are removed. APK now contains only assets/database/app.db.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-14 18:49:20 -05:00
null eaedeb398c fix(seed): make build_db.py produce a Room-loadable asset database
build_db.py could not produce a shippable app.db and would have crashed the
app on first launch. It created only 2 tables (Question, QuestionCategory)
while AppDatabase declares 4 entities, and it never wrote room_master_table.
Since createFromAsset runs with no migrations and no destructive fallback,
Room validates strictly against identity hash 7e7d78fc... — so the output was
guaranteed to fail. Hence the standing "never run build_db.py" rule; the tool
had drifted from the schema it feeds.

Schema is now taken from Room's own exported schema
(app/schemas/app.closer.data.local.AppDatabase/1.json, via room.schemaLocation)
rather than hand-written DDL: all 4 entity tables + indices + the identity row
are created from it, so the script follows future schema changes automatically.
Verified the output's PRAGMA table_info/index_list is identical to the shipped
known-good db for all 5 tables, with a matching identity hash.

Also fixes the answer_config contract. The app's only parser
(QuestionMapper.parseAnswerConfig) reads camelCase keys, but the shipped db
stores snake_case and the old script emitted a third shape again — so scale
labels silently resolved to "" (the UI then shows bare numbers) and written
max_length was ignored. The authoring JSON stays snake_case per
QUESTION_SCHEMA.md; translating to the parser's shape is now this script's job.

Content problems are now hard failures instead of silent corruption. Previously
a JSON parse error or missing category made the script skip/mislabel a whole
pack ("unknown"). Now rejected with a precise message: parse errors, missing
category object (patch manifest under a production filename), zero questions,
missing id, duplicate id/text, invalid type/access, category_id mismatch,
non-integer depth, choice without options, this_or_that without exactly 2.
All 12 guards verified against mutated fixtures; a valid pack still builds.

Adds --check (validate only) and --out (build elsewhere). Builds are staged to
a temp file, verified, and only then moved into place, backing up the existing
asset db first.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-14 18:37:59 -05:00
null 75a644e1ba review 2026-07-12 16:02:05 -05:00
null 157f080ee6 review 2026-07-12 12:55:14 -05:00
null 0c588d0a7d chore: gitignore release_guide.md (local ship-readiness operator doc)
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-11 18:10:42 -05:00
null 48217dd716 chore(security): gitignore revenucat_secret_api.md (holds a RevenueCat secret key)
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-09 03:43:43 -05:00
null 6af9c15833 chore(repo): keep QA fixture docs local-only 2026-07-07 23:28:45 -05:00
null 5d03fd98be chore(qa): keep fixture credentials in a gitignored local file, not the repo
Test-account emails/uids/passwords now live in qa/fixtures.local.md (gitignored);
qa/README.md carries only a pointer. Credentials must never be committed or pushed.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-07 22:32:37 -05:00
null f160f141d6 chore(gitignore): ignore .code-workspace; cleanup Firebase data source dead code 2026-07-06 21:41:54 -05:00
null 14bfbd04c8 chore: add ClaudeQAPlan.md and ClaudeReport.md to gitignore 2026-06-30 19:06:25 -05:00
null 2a5c40508e feat(notifications): QuietHoursManager + NotificationSettingsScreen rewrite, Cloud Functions (streakReminder, quietHours, reengagement, gameRetention), UserRepository E2EE wiring, SettingsDataStore, firestore rules, wiring-scan 2026-06-30 00:38:06 -05:00
null f6291e1f2e feat(home): HomeScreen rewrite, HomePriorityEngine polish, CoupleRepository E2EE wiring, OutcomeCheckInDialog, YourProgress, MemoryLane, settings/pairing/paywall/play/wheel/question screens cleanup, brand illustrations, QA docs 2026-06-29 16:51:46 -05:00
null 77f8dc30c0 chore(gitignore): add scratchpad/ to ignores 2026-06-29 11:19:28 -05:00
null 954aab4cd2 brand: add generated glyph assets + illustration exports, allow generated-art in git 2026-06-28 11:30:12 -05:00
null 077a408785 brand(art): add 12 generated illustrations to drawable-nodpi; gitignore brand source art
Phase 0 of wiring the generated brand art (full-res per request). Adds A1 pairing,
A2 answer-history, A3 challenges header, A4 memory-lane capsule, A5 date-match
empty+success, A6 bucket-list, A8 messages, A9 quiet-hours, A10 past-games,
A11 privacy-recovery, A12 account-deletion to res/drawable-nodpi. Source working art
(docs/brand/{generated-art,sources,exports}) gitignored — only app copies committed.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-26 09:29:42 -05:00
null 95cad84cb5 brand: loading state, themes, manifest, art preview, pairing screen updates 2026-06-25 15:24:46 -05:00
null 520eea2236 brand: update launcher foreground, feature graphic, auth visuals, brand docs 2026-06-25 14:48:57 -05:00
null 060ef69ca5 feat(rules+trigger): conversations Firestore rules, onMessageWritten listens on conversations path, gitignore
- firestore.rules: conversations doc read/write rules with ciphertext validation, messages subcollection create rules (image or ciphertext text)
- onMessageWritten: trigger path changed from question_threads to conversations, passes conversation_id in FCM data, removed questionId resolution (no longer needed)
- .gitignore: deduplicate ClaudeReport.md entry
2026-06-24 16:14:18 -05:00
null 4e2c3fdf0d fix: rate limiter bump (20/day, 100/week), firestore rules for image messages, storage rules for chat_media, gitignore ClaudeReport
- NotificationRateLimiter: 20 partner/day, 100/week (was 2/4 — too tight for game activity)
- firestore.rules: messages create allows type=image with mediaUrl or type=text with ciphertext
- storage.rules: chat_media path with 15MB cap
- .gitignore: ClaudeReport.md, docs/img
2026-06-24 15:20:44 -05:00
null 9710bbc438 fix(challenges): error state snackbar, CTA routing for BOTH_COMPLETED/CHALLENGE_COMPLETE, README prem tiers 2026-06-23 10:04:53 -05:00
null 5d3ab8385d feat: daily questions, answer reveal, home screens, auth, analytics, DB, repositories 2026-06-22 17:45:51 -05:00
null ecc41a77d2 feat: wheel screen, play hub, storage data source, iOS wheel/play views 2026-06-22 10:25:58 -05:00
null 423081bdb2 chore(gitignore): add GoogleService-Info.plist 2026-06-21 21:18:22 -05:00
null 54fdaf831f docs(manual): fix placeholder notification function descriptions, add new collections, biometric flow, iOS gitignore note 2026-06-21 18:47:18 -05:00
null 720b52a33b chore: firebase config, gitignore updates, build tweaks 2026-06-21 16:07:19 -05:00
null 5c856d3de6 chore: gitignore .kotlin/ and review2.md 2026-06-21 08:15:34 -05:00
null fb371b10c8 fix(ios): register Closer source path in Package.swift and fix compile errors 2026-06-20 23:05:43 -05:00
null a3993d08df feat: implement partner-proof sealed answers (batches 1-8)
- UserKeyManager: per-user keypair stored in Android Keystore
- SealedAnswerEncryptor: one-time answer key, sealed:v1 ciphertext
- PendingAnswerKeyStore: local EncryptedSharedPreferences storage
- ReleaseKeyEncryptor: keybox:v1 encrypted to recipient public key
- SealedRevealManager: full reveal flow with mutual key release
- AnswerCommitment: SHA-256 commitment hash over canonical payload
- FirestoreDeviceKeyDataSource: public key CRUD
- FirestoreReleaseKeyDataSource: release key CRUD
- FirestoreAnswerDataSource: sealed answer writes with schemaVersion=3
- FirestoreCollections: sealed answer and release key paths
- firestore.rules: ownership, immutability, timing, prefix enforcement
- HomeViewModel: sealed answer state integration
- AnswerRevealScreen/ViewModel: sealed reveal flow with UX states
- CloserApp: initialize UserKeyManager on startup
- LocalAnswer model: schemaVersion field
- Unit tests: SealedAnswerEncryptor, ReleaseKeyEncryptor, AnswerCommitment
- Crypto test vectors: docs/crypto/sealed-answer-test-vectors.json
- .gitignore: add partner-proof build plan
2026-06-20 00:23:58 -05:00
null 1441dcaebc chore: add retention loops build plan to project root and gitignore 2026-06-19 22:15:41 -05:00
null 55ca3dce27 fix: Firestore rules hardening, recovery phrase strength, test cleanup (batch v0.2.12)
- Firestore rules: add isCouplesMember(coupleId) to question thread answer writes (prevents outsider writes)
- Firestore rules: allow currentIndex increment on same-status session updates (fixes thread progression)
- RecoveryKeyManager: PHRASE_WORD_COUNT 6→10 (~80 bits entropy)
- build.gradle.kts: exclude META-INF/versions/9/OSGI-INF/MANIFEST.MF (packaging conflict)
- .gitignore: add firebase-debug.log, firestore-debug.log
- firestore-tests: configurable emulator port via FIRESTORE_EMULATOR_PORT env var
- firestore-tests: fix invite outsider test (seed with different coupleId), fix non-starter session test (active→completed allowed), remove redundant beforeEach(seedThread), add outsider-write-denied test for thread answers
- visual-identity.md: update encryption claim gating note
2026-06-19 21:08:55 -05:00
null 3233c54ab2 feat: strict E2EE — encryption migration, Firestore rules enforcement, version 2 protocol (batch v0.2.11)
- Add CoupleAnswerMigrationDataSource: one-time per-user rewrite of all historical answer-bearing fields (daily answers, thread answers/messages, ThisOrThat, DesireSync, HowWell, Wheel) to ciphertext
- Add EncryptionUpgradeScreen + ViewModel: handles version-0→1→2 migration, recovery phrase display, partner coordination
- Add FieldEncryptorTest: round-trip, cross-couple binding, null-key, plaintext-not-leaked
- CoupleEncryptionManager: STRICT_ENCRYPTION_VERSION=2, requireAead() throws on missing key, setupLegacyCouple, pendingRecoveryPhrase/acknowledge
- CoupleKeyStore: pending recovery phrase storage/clear
- FieldEncryptor: switch from android.util.Base64 to java.util.Base64
- All data sources: use requireAead() (throws instead of silent plaintext fallback), encrypt all answer-bearing writes
- FirestoreCoupleDataSource: beginEncryptionMigration (atomic version-0→1 claim), markEncryptionMigrationComplete (per-user + version-2 promotion)
- CoupleRepositoryImpl: require wrappedKey on invite acceptance (no more optional)
- HomeScreen/ViewModel: route to EncryptionUpgradeScreen for version-0 or unmigrated version-1 couples
- Firestore rules: isCiphertext validator, isEncryptedAnswerPayload, isStartingEncryptionMigration, isCompletingOwnEncryptionMigration, isUpdatingRecoveryWrap, isUpdatingCoupleRhythm; enforce ciphertext on all answer/message writes; game collection rules (this_or_that, desire_sync, how_well, wheel) with per-user answer ownership; couple doc update split into 4 mutually exclusive paths; invite doc requires createdAt + wrappedKey fields; isImmutable uses diff().hasAny() instead of field equality
- Firestore rules tests: encryption migration scenarios, plaintext rejection, per-user answer ownership, game collection ciphertext enforcement
- firebase.json: emulator port 8180
- .gitignore: firestore-tests/node_modules
2026-06-19 20:53:52 -05:00
null 85bb8d9f69 feat: add DesireSync module with sexual_preferences questions and Room integration 2026-06-17 22:23:04 -05:00
null 6b964935d4 chore: remove functions/node_modules from git, add to .gitignore 2026-06-17 01:26:05 -05:00
null ddfe9e250a security: remove google-services.json from repo and git tracking, add to .gitignore 2026-06-16 21:47:42 -05:00
null e8274370d1 chore: add CONCERN.md to .gitignore 2026-06-16 21:32:14 -05:00
null bee617c493 chore(server): add Node.js backend with auth, questions, answers + update gitignore 2026-06-16 01:17:58 -05:00
null 5991acb283 chore(gitignore): exclude app/build/ from version control
app/build/ wasn't caught by /build pattern which only matches root dir. Removes ~200 build artifact files from tracking.
2026-06-15 21:38:39 -05:00
null 92c82e5fd4 chore: wipe RN/Expo stack, prepare for Kotlin/Compose project (batch 0.1.1) 2026-06-15 18:32:27 -05:00
null 1a1357d5c9 feat: Expo project bootstrap (v1.0.1) + untrack private docs 2026-05-13 04:21:43 -05:00