6.0 KiB
Future — ideas & improvements backlog
Non-blocking ideas: things that work today but could be better, plus feature ideas. Actual bugs
(broken/incorrect behavior) live in ClaudeReport.md, not here.
QA
Improvement & feature ideas surfaced while QA-testing as a consumer (each works today — none are defects).
-
✅ DONE — Consistent brand glyphs across game cards + waiting surfaces. G-set + G2 (17 glyphs) in
res/drawable-nodpi/glyph_*.xml; 13 wired + verified live: every Play-hub card (This or That, How Well, Desire Sync, Connection Challenges, Memory Lane, Date Match, Plan Date, Question Packs, Bucket List, Past Games — Spin the Wheel keeps its full illustration), WaitingForPartner per-game glyph, and Settings (Subscription/Security/Privacy/ Delete). 4 unused have no clean slot (notif usesic_notification_closer; Today uses hero art; quiet-hours uses its illustration; no export-data row exists). Full map inClaudeBrandingReview.md. (This-or-That backdrop redesign is Codex C-DARK-UI-001.) -
Minor proactive-notification gaps (low priority). No push when a partner joins your active game (
partner_joined_game) or ends/abandons one (game_ended/game_abandoned) — the other partner sees it in-session / on WaitingForPartner, so nothing's broken, just less proactive. Prompted by: Pass E (R8) inventory — these speculative types aren't implemented. -
Clarify Connection Challenges day-progress when partners are out of step. If one partner catches up a missed day ("Pick it back up") while the other doesn't, the two devices show different "Day N of 7" (seen R10: QA Day 4 vs Sam Day 3) even though the 🔥 streak stays in sync on both. Not broken (plausibly individual-pace-through-the-series by design), but two people in the same shared challenge seeing different day numbers is confusing — consider a shared "you're on Day N together" framing or a clearer caught-up/ahead indicator. Prompted by: Pass B (R10) Connection Challenges playthrough.
Security hardening (defense-in-depth — not vulnerabilities; rules already hold)
- Enforce App Check on Firestore (currently OFF). Round 7 raw-API test: an authenticated request with no App
Check token (raw Firestore REST) returned
200for a member — so rules are the sole gate. Rules correctly deny non-members/cross-couple (all403), so this is not a live hole, but enabling App Check enforcement on Firestore would block non-app clients entirely (defense-in-depth). Prompted by: R7 D3 raw-API angle. - Biometric app-lock re-locks on cold-start/process-death but maybe not plain background→resume. R15 code review:
MainActivitygatesAppNavigationbehindBiometricLockScreenwhenbiometricLoginEnabledandsessionVerifiedis false;sessionVerifiedis aremember{}that resets on Activity recreation (cold-start, process death) — so the lock re-arms there — but a plain background→foreground without recreation keepssessionVerified = true, so it may not re-prompt. Architecturally sound (no compose-tree bypass; content isn't composed until unlocked), but consider re-locking onON_STOP/timeout so a picked-up unlocked phone re-prompts. Prompted by: R15 Pass M code audit (not live-tested — emulator has no enrolled biometric).
Artwork to generate (ChatGPT prompts, house-style-matched) lives in
ClaudeBrandingReview.md, not here.