From a6aa23eee20c46deee8aaca68e9678eaafdffcc1 Mon Sep 17 00:00:00 2001 From: null Date: Sun, 28 Jun 2026 11:04:15 -0500 Subject: [PATCH] =?UTF-8?q?docs(manual):=20Batch=202=20=E2=80=94=20correct?= =?UTF-8?q?=20auth=20providers=20and=20couples=20model=20(no=20anonymous,?= =?UTF-8?q?=20no=20migration=20field,=20Google=20SDK=20not=20Credential=20?= =?UTF-8?q?Manager)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Engineering_Reference_Manual_Plan.md | 4 ++-- docs/Engineering_Reference_Manual.md | 14 ++++++-------- 2 files changed, 8 insertions(+), 10 deletions(-) diff --git a/Engineering_Reference_Manual_Plan.md b/Engineering_Reference_Manual_Plan.md index 2b48670a..80269a46 100644 --- a/Engineering_Reference_Manual_Plan.md +++ b/Engineering_Reference_Manual_Plan.md @@ -75,8 +75,8 @@ collection name, and architectural fact. Never assume. | Batch | Status | Findings | Changes made | |---|---|---|---| -| 1 | todo | | | -| 2 | todo | | | +| 1 | ✅ done | `core/feature/` note inaccurate (dir doesn't exist); `data/questions/` listed `QuestionDao` but it's in `data/local/` | Corrected `core/feature/` note; moved `QuestionDao` to `data/local/`; kept `QuestionJsonParser` in `data/questions/`; updated older-description note. | +| 2 | in progress | | | | 3 | todo | | | | 4 | todo | | | | 5 | todo | | | diff --git a/docs/Engineering_Reference_Manual.md b/docs/Engineering_Reference_Manual.md index 179014aa..5b3c9720 100644 --- a/docs/Engineering_Reference_Manual.md +++ b/docs/Engineering_Reference_Manual.md @@ -236,13 +236,12 @@ docs/ # This manual, QA notes, release prep, store assets ### Auth providers -Firebase Auth supports three sign-in paths: +Firebase Auth supports two sign-in paths: -1. **Anonymous** — used for the trial onboarding flow. The user can use the app without an account and is prompted to upgrade before any irreversible action. -2. **Email/password** — standard sign-up and login. -3. **Google Sign-In** — via Credential Manager on Android, the Google Sign-In SDK on iOS. +1. **Email/password** — standard sign-up and login. +2. **Google Sign-In** — via the legacy Google Sign-In SDK on Android (the app receives an `idToken` and calls `GoogleAuthProvider.getCredential(idToken, null)`), and the Google Sign-In SDK on iOS. -The Android `FirebaseAuthDataSource` exposes the standard Firebase upgrade paths; iOS uses the same Firebase Auth APIs through `AuthService.swift`. Anonymous accounts are linked to email/Google credentials when the user upgrades. If linking fails because the credential already exists, the app signs into the existing account. +The Android `FirebaseAuthDataSource` exposes the standard Firebase paths for email/password and Google credential sign-in; iOS uses the same Firebase Auth APIs through `AuthService.swift`. There is **no anonymous sign-in or account-linking flow** in the current Android or iOS source. Users sign in directly with email/password or Google. ### Pairing flow @@ -282,14 +281,13 @@ The `couples` document is **never** written by clients. Even legitimate field up lastAnsweredAt: timestamp | null currentQuestionId: string | null # server-controlled, read by clients activePackId: string | null # server-controlled, read by clients - encryptionVersion: int # 0 plaintext, 1 migrating, 2 strict + encryptionVersion: int # 2 strict (all current couples) wrappedCoupleKey: string | null kdfSalt: string | null kdfParams: string | null - encryptionMigrationUsers: map ``` -`currentQuestionId` and `activePackId` exist as fields and are read by clients to display "today's question" state, but they are server-controlled — clients cannot write them. +`encryptionVersion` is stamped at `2` (`EncryptionVersion.STRICT`) on creation; there is no migration state in the current source. `encryptionMigrationUsers` is **not** a current field. ### Rate limiting on accept