# Engineering Reference Manual Review Plan — Phase 4 (2026-07-11) **Status: 🟡 IN PROGRESS** — covering 17 commits since Phase 3 completed (`c5ead4cb`). Triggered by `_null` after Phase 3 completion to catch manual drift from the last 17 commits on `dev`. Phase 3 was a full evidence-first sweep; Phase 4 is a targeted re-review scoped to commits that materially changed code the manual references (billing, repo layout, dead-file cleanup, FCM QA tooling, copy catalog start). ## Approach - **6 batches**, scoped to a category of changes from the last 17 commits. - **Evidence-first.** For every claim in the manual, re-verify against the live source. - **One commit per batch** per the standing git discipline (one batch = one commit = one push). Each commit must be pushed before the next batch starts. - **No commits for batches with no findings** — log a no-op to this file only. ## Batches ### Batch 1 — Repository layout: dead-file sweep (21392ec2) + server/ removal (42fba641) - Verify `## Repository layout` (Android + iOS + Cloud Functions + Shared) doesn't reference removed files (e.g. `NotificationHelper.kt`, `NotificationPermissionHelper.kt`, `FakeQuestionRepository.kt`, `QuestionJsonParser.kt`, `Entitlement.kt`). - Verify no references to the removed `server/` Express backend (was Tier 3 cleanup, kept the dist that the actual Cloud Functions use). - 4103c433 already dropped "dead references" — confirm nothing was missed. - Commit if any manual updates needed. ### Batch 2 — Billing: RevenueCat SDK 10.12.0 → 10.13.0 (8cb23ea2) + webhook HMAC-SHA256 fix (89d06eeb) + secret key gitignore (48217dd7) - Verify `## Billing` (RevenueCat integration + Webhook + Premium-gated features): - SDK version now 10.13.0 (was 10.12.0, was 8.20.0 pre-Phase 3). - Webhook auth: actual auth scheme is HMAC-SHA256, not the prior scheme. - `revenucat_secret_api.md` is now `.gitignore`d — does the manual's "Files that must never be committed" section need this added? - Commit if any manual updates needed. ### Batch 3 — Cloud Functions: webhook handler source-of-truth update (89d06eeb) - Verify the Cloud Functions section's description of `revenueCatWebhook` matches the new auth scheme (HMAC-SHA256 signature verification). - Verify any other Cloud Functions section claims that the webhook handler is the only billing touch-point (Tier 3 server/ removal is a reminder). - Commit if any manual updates needed. ### Batch 4 — Engineering conventions: copy catalog start (51efff3f, 23cd2139, 2c3c2df8) + string resource cleanup (59e03369) - Verify `### Naming` / `### Error handling` / any UI convention sections reflect the new `CloserCopy` catalog pattern. - Verify no references to the 55 purged string resources. - Verify no references to removed `core/analytics`, `core/billing`, `core/navigation`, `core/notifications` packages or their submodules. - Commit if any manual updates needed. ### Batch 5 — Notifications / FCM: qa_push.js token-selection fix (c60fa958) - Verify `## Notifications` (FCM + TokenRegistrar) doesn't claim a different token-selection strategy than the live code. - Manual may or may not reference the QA script — check `qa/qa_push.js`. - Commit if any manual updates needed. ### Batch 6 — Final pass: TOC + anchor integrity - Re-run anchor/TOC verification. - One final commit if any cleanup needed. ## Phase 4 results | Batch | Section | Issues found | Commit | |---|---|---|---| | 1 | Repository layout: dead-file sweep + server/ removal | None — 4103c433 already covered all the dead-file references; the `core/notifications/`, `core/navigation/`, `core/analytics/`, `core/billing/` directories still exist and hold live code (TokenRegistrar, AppMessagingService, AppNavigation, etc.) so the line-963 and line-1021 references are still accurate. No stale `server/` references remain. | (no-op) | | 2 | Billing: RevenueCat SDK + webhook + secret key | (1) Cloud Functions tree (line 203) still said "Ed25519 signature verify (NOT exported / not deployed)" — fixed to "HMAC-SHA256 signature verify (exported, deploy gated on REVENUECAT_WEBHOOK_SECRET)". (2) `purchases:10.12.0` on Android (line 869) → `purchases:10.13.0`. (3) `RevenueCat 10.12.0` in Gradle dep list (line 1134) → `RevenueCat 10.13.0`. (4) `revenucat_secret_api.md` added to the "Files that must never be committed" representative list (it was added to .gitignore in 48217dd7 but the manual didn't list it). | (this commit) | | 3 | Cloud Functions: webhook handler | Line 831 (per-module responsibilities) said "RevenueCat webhook (source-only; not exported/deployed)" — fixed to "exported; deploy gated on `REVENUECAT_WEBHOOK_SECRET`". All other webhook-related lines (843-844, 905-908, 910) were already updated by 89d06eeb itself. | (this commit) | | 4 | Engineering conventions: copy catalog + string resource cleanup | TBD | TBD | | 5 | Notifications / FCM: qa_push.js | TBD | TBD | | 6 | TOC + anchor integrity | TBD | TBD |