2026-07-08 23:18:54 -05:00
|
|
|
# Engineering Reference Manual Review Plan — Phase 3 (2026-07-08)
|
2026-06-28 11:02:45 -05:00
|
|
|
|
2026-07-08 23:18:54 -05:00
|
|
|
**Status: 🚧 IN PROGRESS** — full evidence-first re-review of `docs/Engineering_Reference_Manual.md`.
|
2026-06-28 11:15:30 -05:00
|
|
|
|
2026-07-08 23:18:54 -05:00
|
|
|
Triggered by `_null` after the Phase 2 sync (`213cfddb`) + review pass (`d31b58d2`).
|
|
|
|
|
Goal: cross-check every claim in the manual against the live repo + `firestore.rules`
|
|
|
|
|
+ `functions/src/` + iOS source + Android source, batch by batch. No skipped sections.
|
docs(manual): sync Engineering Reference Manual with post-R30 / v2-functions codebase
- Cloud Functions: rewrite the module tree for the v2 migration (B0-B6d,
2026-07-08); add options.ts (global v2 setGlobalOptions, Cloud Run CPU
quota workaround), log.ts, the shared push/quietHours/idempotency/
pruneTokens/time infra under notifications/, releaseKey/, backup/,
the dates/onDate* triggers, couples/aggregateOutcomes, and the new
sendStreakReminder + sendThinkingOfYouCallable. Replace the single
onGamePartFinished with the four per-game part-finished triggers
shipped in B6c. Note the webhook is not deployed (RevenueCat project
not yet created; export commented out in functions/src/index.ts).
- Daily question lifecycle: replace the 'picks a random' description
with the new server-authoritative, mode-aware, deterministic picker
that mirrors the client's DailyModeResolver; add a Server-authoritative
sub-section with the frozen DOW -> mode map and the daily_fun_mc
exclusion. Note the couple-scan pagination + unseeded-pool skip.
- Billing: add the Purchases.logIn(firebaseAuth.currentUser!!.uid)
identity link (commit b99a8338) and the typed BillingException mapping.
Cross-link to the Webhook reliability section for the not-deployed state.
- iOS: fix the Repository layout iOS Crypto/ block (R24 E2EE code ships
in it; no longer 'intentionally empty'); correct the 'pairing from iOS
fails' claim (works for schemaVersion 2 path; schemaVersion 3 is
infrastructure-gated per IOS_E2EE_STATUS.md); correct the 'iOS couples
have no recovery path' claim (R24 batch 2 added iOS recovery phrase).
- TOC + anchors: add the new sub-anchors; fix three pre-existing broken
anchors (r10, ios-android-sealed-answer-bridge, recovery-phrase-change
desync). 30/30 anchors verified clean with a GFM slug checker.
- New landmines: BANNER-LIFE-001 (R30 game banner lifecycle; the B6c
per-game split means a new game also needs a per-game monitor hook)
and FUNCTIONS-V2-DEPLOY (2nd-gen deploy / CPU-quota / Eventarc
propagation pattern, the 'Changing from an HTTPS function to a
background triggered function' error and the launch-time quota
increase to restore 1 vCPU + concurrency 80).
- Engineering_Reference_Manual_Plan.md: add Phase 2 status entry.
2026-07-08 21:56:44 -05:00
|
|
|
|
2026-06-28 11:02:45 -05:00
|
|
|
## Approach
|
|
|
|
|
|
2026-07-08 23:18:54 -05:00
|
|
|
- **13 batches**, each scoped to one major section of the manual.
|
|
|
|
|
- **Evidence-first.** For every factual claim (file path, function name, collection
|
|
|
|
|
name, cron expression, preference field, threshold, AAD string), verify against
|
|
|
|
|
the live source.
|
|
|
|
|
- **One commit per batch** per the standing git discipline (one batch = one commit = one push).
|
|
|
|
|
- **Log findings to this file** as each batch completes.
|
|
|
|
|
- **Anchors + TOC** verified at the end (Batch 13), not per-batch, to avoid churn.
|
2026-06-28 11:02:45 -05:00
|
|
|
|
|
|
|
|
## Batches
|
|
|
|
|
|
2026-07-08 23:18:54 -05:00
|
|
|
### Batch 1 — Front matter + System overview + Repository layout (Android + iOS + Cloud Functions + Shared configuration)
|
|
|
|
|
- Read: `## How to use this document` through `### Shared configuration` (lines ~1-260).
|
2026-06-28 11:02:45 -05:00
|
|
|
- Verify all directory paths under `app/src/main/java/app/closer/`,
|
2026-07-08 23:18:54 -05:00
|
|
|
`functions/src/`, `iphone/Closer/`, `res/drawable-*`, Hilt module list.
|
|
|
|
|
- Cross-check Android package list against the live `find app/src/main/java/app/closer -maxdepth 3 -type d`.
|
|
|
|
|
- Cross-check iOS file list against `ls iphone/Closer/...`.
|
|
|
|
|
- Cross-check Cloud Functions tree against `find functions/src -name "*.ts"`.
|
2026-06-28 11:02:45 -05:00
|
|
|
- Flag missing or renamed directories/files.
|
2026-07-08 23:18:54 -05:00
|
|
|
|
|
|
|
|
### Batch 2 — Authentication + pairing + couples doc model + rate limit + recovery
|
|
|
|
|
- Read: `## Authentication and pairing flow` (lines ~270-370).
|
|
|
|
|
- Verify auth files in `data/remote/FirebaseAuthDataSource.kt`,
|
|
|
|
|
`data/repository/FirebaseAuthRepositoryImpl.kt`, `domain/repository/AuthRepository.kt`.
|
|
|
|
|
- Verify `couples/{coupleId}` field list against `acceptInviteCallable.ts` + the
|
|
|
|
|
domain `Couple.kt` model.
|
|
|
|
|
- Verify rate-limit env values against `AuthRateLimiter.kt`.
|
|
|
|
|
- Verify recovery phrase flow against `RecoveryKeyManager.kt` + `CoupleEncryptionManager.kt`.
|
|
|
|
|
|
|
|
|
|
### Batch 3 — E2EE model (versions, Argon2id, Tink, sealed-answer, ECIES, single-device, iOS bridge)
|
|
|
|
|
- Read: `## End-to-end encryption model` (lines ~370-475).
|
|
|
|
|
- Verify each `Encryption versions` row against `firestore.rules` regex helpers.
|
|
|
|
|
- Verify the Argon2id v1.3 parameter names + the AAD strings against the actual
|
|
|
|
|
Kotlin/Swift code.
|
|
|
|
|
- Verify the `keybox:v1:` wire format against `Keybox.swift` + `ReleaseKeyEncryptor.kt`.
|
|
|
|
|
- Verify the `wrapReleaseKeyCallable` path against the function source.
|
|
|
|
|
|
|
|
|
|
### Batch 4 — Daily question lifecycle + Reveal flow + Thread questions
|
|
|
|
|
- Read: `## Daily question lifecycle` (lines ~480-575).
|
|
|
|
|
- Verify `assignDailyQuestion` schedule + the deterministic picker
|
|
|
|
|
(DOW → mode map, daily_fun_mc exclusion) against
|
|
|
|
|
`functions/src/questions/assignDailyQuestion.ts` + `DailyModeResolver.kt`.
|
|
|
|
|
- Verify the schemaVersion 2 reveal flow + the read-gated `secure/payload` subdoc
|
|
|
|
|
against `firestore.rules` (the `isCoupleAnswerCreate` + `isEncryptedPayloadUpdate`
|
|
|
|
|
helpers).
|
|
|
|
|
- Verify schemaVersion 3 sealed flow against `SealedAnswerEncryptor.kt` +
|
|
|
|
|
`isSealedAnswerCreate` rules.
|
|
|
|
|
- Verify thread questions path against `isSealedThreadAnswerCreate` + the model.
|
2026-06-28 11:02:45 -05:00
|
|
|
|
|
|
|
|
### Batch 5 — Firestore security rules
|
2026-07-08 23:18:54 -05:00
|
|
|
- Read: `## Firestore security rules` (lines ~720-810).
|
|
|
|
|
- Line-by-line verify every per-collection note in the manual against `firestore.rules`.
|
|
|
|
|
- Cross-check helper-function names (`coupleEncryptionEnabled`, `isCiphertext`,
|
|
|
|
|
`isUpdatingCoupleRhythm`, `isUpdatingRecoveryWrap`, `isCoupleAnswerCreate`,
|
|
|
|
|
`isEncryptedPayloadUpdate`, `isSealedAnswerCreate`, `isSealedAnswerUpdate`,
|
|
|
|
|
`isSealedThreadAnswerCreate`, `isSealedThreadAnswerUpdate`).
|
2026-06-28 11:02:45 -05:00
|
|
|
- Note any rules in the file not documented, or documented rules not in file.
|
|
|
|
|
|
2026-07-08 23:18:54 -05:00
|
|
|
### Batch 6 — Cloud Functions
|
|
|
|
|
- Read: `## Cloud Functions` (lines ~815-845).
|
|
|
|
|
- Verify function triggers, handlers, schedules, module responsibilities.
|
|
|
|
|
- Cross-check `functions/src/` tree (already done in Batch 1 but verify exports).
|
|
|
|
|
- Cross-check Schedule table against each function's source.
|
|
|
|
|
|
|
|
|
|
### Batch 7 — Billing
|
|
|
|
|
- Read: `## Billing` (lines ~850-920).
|
|
|
|
|
- Verify RevenueCat integration files, entitlement checkers, webhook handler,
|
|
|
|
|
Purchases.logIn identity link.
|
|
|
|
|
- Cross-check the "Gated features" list against the actual ViewModels that
|
|
|
|
|
inject `CouplePremiumChecker` / `EntitlementChecker`.
|
|
|
|
|
|
|
|
|
|
### Batch 8 — Notifications
|
|
|
|
|
- Read: `## Notifications` (lines ~925-1020).
|
|
|
|
|
- Verify FCM setup + tokenRegistrar + quiet hours.
|
|
|
|
|
- Verify each reminder callable's actual schedule + dedupe.
|
|
|
|
|
- Verify game-push semantics against `onGameSessionUpdate.ts` + the
|
|
|
|
|
part-finished triggers.
|
|
|
|
|
- Verify the foreground banner surface + the deep-link routing table against
|
|
|
|
|
`PartnerNotificationManager.kt`.
|
|
|
|
|
|
|
|
|
|
### Batch 9 — iOS-specific notes
|
|
|
|
|
- Read: `## iOS-specific notes` (lines ~1023-1080).
|
|
|
|
|
- Verify Architecture, CloserTheme tokens, XcodeGen setup, build commands,
|
|
|
|
|
E2EE gap status, CryptoKit guidance.
|
|
|
|
|
- Cross-check `iphone/Closer/Theme/CloserTheme.swift` for the actual color values.
|
|
|
|
|
|
|
|
|
|
### Batch 10 — Build and release
|
|
|
|
|
- Read: `## Build and release` (lines ~1080-1200).
|
|
|
|
|
- Verify Android module/package, biometric recovery phrase reveal, required
|
|
|
|
|
build secrets, Gradle config, ProGuard rules.
|
|
|
|
|
- Cross-check the iOS build commands against the actual XcodeGen spec.
|
|
|
|
|
|
|
|
|
|
### Batch 11 — Engineering conventions
|
|
|
|
|
- Read: `## Engineering conventions` (lines ~1200-1280).
|
|
|
|
|
- Verify the architectural rules (Clean layers, package boundaries, what
|
|
|
|
|
lives where) against the actual code.
|
|
|
|
|
- Verify the "what NOT to do" list (e.g. raw Firestore listeners, no
|
|
|
|
|
`FirebaseAuth.getInstance()` in VMs) is still accurate.
|
|
|
|
|
- Check the version drift (build.gradle vs HISTORY.md) and ProGuard note.
|
|
|
|
|
|
|
|
|
|
### Batch 12 — Known landmines and recent fixes
|
|
|
|
|
- Read: `## Known landmines and recent fixes` (lines ~1280-1450).
|
|
|
|
|
- Verify EVERY landmine still applies:
|
|
|
|
|
- Does the file/component it cites still exist?
|
|
|
|
|
- Is the fix still in place?
|
|
|
|
|
- Is the "Re-introduction risk" description still accurate?
|
|
|
|
|
- Look for any landmine whose fix is now in a different file.
|
|
|
|
|
|
|
|
|
|
### Batch 13 — Where to look first
|
|
|
|
|
- Read: `## Where to look first` (lines ~1450-end).
|
|
|
|
|
- Verify every file path still exists.
|
|
|
|
|
- Verify the "what to read first for a new area" list still applies to the
|
|
|
|
|
current code.
|
|
|
|
|
|
|
|
|
|
### Final pass
|
|
|
|
|
- TOC integrity + every anchor resolves.
|
|
|
|
|
- One final commit if any TOC/anchor cleanup is needed.
|