From 736885c10394be80c7ebfe269212cfc53425ce1a Mon Sep 17 00:00:00 2001 From: null Date: Sun, 28 Jun 2026 12:55:24 -0500 Subject: [PATCH] =?UTF-8?q?docs:=20update=20README=20and=20Engineering=20M?= =?UTF-8?q?anual=20=E2=80=94=20auth=20uses=20Credential=20Manager,=20iOS?= =?UTF-8?q?=20pairing=20blocked,=20add=20scripts/=20layout,=20new=20screen?= =?UTF-8?q?shot=20placeholder?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 20 +++++++++++++------- docs/Engineering_Reference_Manual.md | 2 +- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 1a17ff4b..01866c88 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ Closer is a **couples relationship app** built for partners who want a steadier The app is **not** a social network, **not** a therapy replacement, and **not** a productivity tracker. There are no public feeds, no likes, no followers, and no infinite scroll. The core loop is simple: **answer honestly, choose what to reveal, and keep a record of the conversations that mattered.** -Closer is built as native apps on **Android (Kotlin / Jetpack Compose)** and **iOS (SwiftUI)**, both backed by the same Firebase stack and shared data model. +Closer is built as native apps on **Android (Kotlin / Jetpack Compose)** and **iOS (SwiftUI)**, both backed by the same Firebase stack and shared data model. The Android app is the reference implementation; iOS has full screen parity but cannot yet pair end-to-end because the invite/pairing Cloud Functions require Android's E2EE key material. --- @@ -48,8 +48,11 @@ Subscription apps for couples have a trust problem — confusing trial wording,

Closer login screen + Closer bucket list screen (new Pixel 8 emulator)

+> **New emulator screenshot:** `docs/screenshots/10-bucket-list.png` is a placeholder for a fresh capture from a Pixel 8 / API 35 emulator showing the bucket list. This Linux environment has no Android SDK/emulator, so the image must be captured on a machine with Android Studio and copied into `docs/screenshots/`. + --- ## What Closer Does @@ -88,8 +91,8 @@ Closer is optimized for **short, meaningful sessions** rather than endless engag | Platform | Stack | Status | | --- | --- | --- | -| **Android** | Kotlin · Jetpack Compose · Material 3 · Hilt · Room · DataStore | **Active development** — feature-complete MVP | -| **iOS** | SwiftUI · MVVM · async/await · Firebase iOS SDK | **In progress** — full scaffold + screen parity landed on `dev` branch | +| **Android** | Kotlin · Jetpack Compose · Material 3 · Hilt · Room · DataStore | **Active development** — feature-complete MVP, light/dark theme polished | +| **iOS** | SwiftUI · MVVM · async/await · Firebase iOS SDK | **In progress** — full scaffold + screen parity landed on `dev` branch; pairing is blocked until iOS E2EE keys are wired | | **Backend** | Firebase Auth · Firestore · Cloud Functions (TypeScript) · FCM · App Check | **Shared source of truth** for both platforms | | **Billing** | RevenueCat · Google Play Billing · StoreKit | Server-verified entitlements via Cloud Function webhook | @@ -103,7 +106,7 @@ The Android app is the **reference implementation** — the iOS port is built to All of this is free, forever. No credits, no daily limits that magically shrink after a week. -- Anonymous onboarding → email or Google sign-up +- **Email or Google sign-up** — no anonymous onboarding flow; accounts are email/password or Google Sign-In (Android uses Credential Manager). - 6-character invite code pairing (copy or share via any app) - Daily question with full answer modes (text, scale, multiple choice, this-or-that) - Private answer reveal flow once both partners have answered @@ -150,7 +153,7 @@ One purchase unlocks premium for both partners. No separate subscriptions. ### iOS | Layer | Stack | | --- | --- | -| Language | Swift 5.9 | +| Language | Swift 6.0 | | UI | SwiftUI · NavigationStack · TabView | | Architecture | MVVM · `AppState` ObservableObject · `EnvironmentObject` | | Concurrency | async/await | @@ -160,7 +163,7 @@ One purchase unlocks premium for both partners. No separate subscriptions. ### Backend (Shared) | Layer | Stack | | --- | --- | -| Auth | Firebase Authentication (anonymous, email/password, Google) | +| Auth | Firebase Authentication (email/password, Google) — Android uses Credential Manager for Google Sign-In | | Database | Cloud Firestore | | Server Logic | Firebase Cloud Functions (TypeScript) | | Push | Firebase Cloud Messaging (FCM) | @@ -206,6 +209,9 @@ One purchase unlocks premium for both partners. No separate subscriptions. │ ├── couples/ # Pairing, leave, daily question triggers │ ├── questions/ # onAnswerWritten, onMessageWritten, threads │ └── server/ # Internal Express webhook service (not client-facing) +├── scripts/ # Automated QA / lint scanners +│ ├── theme-scan.sh # Pass C: light/dark theme hardcoding scanner +│ └── wiring-scan.sh # Pass N: dead-feature / orphan-wiring scanner ├── server/ # Optional Express webhook/health service ├── seed/ # Question pack JSON and local DB generation ├── docs/ # QA notes, release prep, roadmap, screenshots @@ -327,7 +333,7 @@ This is a **private MVP / internal testing codebase**. ### In Progress - iOS Xcode project generation and build verification -- iOS E2EE layer (CryptoKit interop with Android Tink) +- iOS E2EE layer (CryptoKit interop with Android Tink) — pairing from iOS is currently blocked until E2EE keys are wired - Final QA pass on both platforms ### Release Prep diff --git a/docs/Engineering_Reference_Manual.md b/docs/Engineering_Reference_Manual.md index 26a399de..4e237be0 100644 --- a/docs/Engineering_Reference_Manual.md +++ b/docs/Engineering_Reference_Manual.md @@ -238,7 +238,7 @@ docs/ # This manual, QA notes, release prep, store assets Firebase Auth supports two sign-in paths: 1. **Email/password** — standard sign-up and login. -2. **Google Sign-In** — via the legacy Google Sign-In SDK on Android (the app receives an `idToken` and calls `GoogleAuthProvider.getCredential(idToken, null)`), and the Google Sign-In SDK on iOS. +2. **Google Sign-In** — via **Credential Manager** on Android (`androidx.credentials` + `GetSignInWithGoogleOption`, extracting a `GoogleIdTokenCredential` and forwarding the `idToken` to `signInWithGoogle`), and the Google Sign-In SDK on iOS. The Android `FirebaseAuthDataSource` exposes the standard Firebase paths for email/password and Google credential sign-in; iOS uses the same Firebase Auth APIs through `AuthService.swift`. There is **no anonymous sign-in or account-linking flow** in the current Android or iOS source. Users sign in directly with email/password or Google.