# Future — ideas & improvements backlog Non-blocking ideas: things that work today but could be better, plus feature ideas. Actual bugs (broken/incorrect behavior) live in `ClaudeReport.md`, not here. ## QA Improvement & feature ideas surfaced while QA-testing as a consumer (each works today — none are defects). - **Consistent brand glyphs across game cards + waiting/notification surfaces.** _(Blocked: needs the generated G-set art — image generation is the user's step per `ClaudeBrandingReview.md`.)_ Game cards (Play hub), the WaitingForPartner screen, and notifications mix Material icons with brand art. A small custom glyph set (the C-heart-keyhole mark, paired/sealed card, daily card, capsule, date-card, quiet-hours moon) used consistently would strengthen identity. Generate the G-set, drop the assets in, then wire them in. *Prompted by:* Pass H branding review. - **Notify the free partner when the couple gains premium.** When one partner subscribes, the other's app unlocks (couple-shared premium) but they get **no notification** — they only find out next time they open a gated feature. A `subscription_entitlement_changed` push ("You both have Premium now ✨") would close the loop. *Prompted by:* Pass E (R8): the type isn't implemented; couple-shared unlock is silent for the non-subscriber. - **Minor proactive-notification gaps (low priority).** No push when a partner *joins* your active game (`partner_joined_game`) or *ends/abandons* one (`game_ended`/`game_abandoned`) — the other partner sees it in-session / on WaitingForPartner, so nothing's broken, just less proactive. *Prompted by:* Pass E (R8) inventory — these speculative types aren't implemented. ### Security hardening (defense-in-depth — not vulnerabilities; rules already hold) - **Enforce App Check on Firestore (currently OFF).** Round 7 raw-API test: an authenticated request with **no App Check token** (raw Firestore REST) returned `200` for a member — so rules are the *sole* gate. Rules correctly deny non-members/cross-couple (all `403`), so this is not a live hole, but enabling App Check enforcement on Firestore would block non-app clients entirely (defense-in-depth). *Prompted by:* R7 D3 raw-API angle. - **Tighten the `users/{uid}` update rule to a field allowlist.** The rule only blocks changing `hasPremium`; a user can write arbitrary *other* fields to their own doc (e.g. a cosmetic `plan`/junk). No gate reads those (premium gates on the server-only `users/{uid}/entitlements/premium` subcollection + `category.access`), so it grants nothing — but restricting updates to a known field set is cleaner. *Prompted by:* R7 D3 (`plan` field writable, unused by gating). > Artwork to generate (ChatGPT prompts, house-style-matched) lives in `ClaudeBrandingReview.md`, not here.