Skip to content

v1.7.0: high-impact product, security, growth, analytics, and release program#23

Draft
ihabkhaled wants to merge 147 commits into
mainfrom
1.7.0
Draft

v1.7.0: high-impact product, security, growth, analytics, and release program#23
ihabkhaled wants to merge 147 commits into
mainfrom
1.7.0

Conversation

@ihabkhaled

Copy link
Copy Markdown
Owner

Release mission

FoodOrderV1 v1.7.0 is the high-impact product release that evolves the current reusable-bucket application into an organizer-first group-order platform with independent live sessions, low-friction invitation and guest activation, deadline/reminder automation, restaurant handoff, settlement and receipt reconciliation, monetization foundations, typed analytics/observability, stronger privacy boundaries, and a complete responsive UX/accessibility review.

This pull request is intentionally draft while the implementation contract is executed. No feature is considered shipped until its local and Firebase boundaries, tests, documentation, responsive states, and release evidence are complete.

Required quality targets

Dimension Target
Architecture and maintainability 10/10
Automated testing and quality gates 10/10
Security and privacy ≥ 8.5/10
Organizer productivity ≥ 9/10
User acquisition and activation ≥ 8.5/10
Product analytics and observability ≥ 8.5/10
Monetization readiness ≥ 8.5/10
Responsive UI/UX and accessibility ≥ 9/10

Version and release governance implemented

  • Created the dedicated 1.7.0 branch from the latest main head.
  • Bumped root source version, Firebase Functions, Android versionName, Android monotonic versionCode, changelog, and release notes to 1.7.0.
  • Added a reusable versioning core that synchronizes root/functions manifests, package-lock metadata, Android metadata, changelog, and release notes.
  • Added target-version branch recognition for 1.7.0, release/1.7.0, version/1.7.0, and version-prefixed feature branches.
  • Added checkout, pre-commit, pre-push, and CI branch-version enforcement.
  • Strengthened release integrity: source, Functions, Android, release notes, changelog, and PR base-version increase are verified.
  • Extended the Android reusable workflow to build an exact supplied commit with an immutable artifact version.
  • Added a branch continuous-release workflow. Every non-main push must pass all knowledge, format, lint/architecture, dual TypeScript, Functions, rules, unit/coverage, build, circular/dead-code, primary/critical/cross-browser E2E, audit, Trivy, Android lint, and APK gates before a checksum-verified prerelease is created.
  • CI does not write version-bump commits back to branches, preventing release loops and history noise. Stable source versions remain SemVer; generated artifacts use 1.7.0-dev.<run>.

Required product/security implementation

  • Separate reusable menu templates from independent order sessions through additive backward-compatible schema evolution.
  • Add explicit participant response states and organizer readiness summaries.
  • Add minimal public invite preview and secure scoped guest participation/account linking.
  • Add organizer command center, deadlines, reminders, optional auto-lock, repeat selection, and recurring sessions.
  • Add immutable restaurant handoff snapshots and WhatsApp/print/CSV outputs without unnecessary PII.
  • Standardize authoritative financial data on integer minor units.
  • Add manual payment states, private proof attachments, organizer verification, and deterministic receipt reconciliation.
  • Remove member emails from shared/listable membership documents and migrate existing data safely.
  • Move sensitive membership, financial, audit, schedule, and entitlement mutations to trusted server boundaries.
  • Add Free, Organizer Pro, and Business Workspace plans with server-authoritative entitlements and provider-neutral billing boundaries.
  • Add consent-aware typed analytics, PII guards, funnel definitions, error/performance observability, correlation IDs, and kill switches.
  • Redesign and verify the complete mobile/landscape/tablet/desktop/ultrawide, EN/AR, RTL, dark-mode, keyboard, reduced-motion, and accessibility experience.
  • Add local contract tests, Functions tests, Firestore/Storage allow-and-deny tests, multi-user emulator E2E, accessibility, visual regression, migration, and performance budgets.
  • Review and close or materially narrow active architecture/testing exceptions with evidence.

Backward compatibility

v1.6.x Firebase and local-device records must remain readable. New schemas are additive and versioned; migrations must be idempotent, restart-safe, testable in dry-run mode, and documented with rollback guidance. Financial history and finalized snapshots are never destructively rewritten.

Documentation contract

The PR updates all affected canonical architecture, ADRs, rules, skills, context maps, memory, migration status, module READMEs, operations runbooks, environment templates, threat model, analytics taxonomy, privacy/retention documentation, changelog, and release-notes/v1.7.0.md. Generated .ai/ content is rebuilt only through the repository knowledge scripts.

Validation contract

Every mandatory repository gate plus the new v1.7.0 cloud-emulator, Storage rules, accessibility, visual-regression, migration, telemetry-privacy, billing-contract, performance, and Android gates must be green on the final commit. Tests may not be skipped, focused, weakened, or made Chromium-only to obtain green status.

External-environment honesty

Native iOS compile/sign/App Store validation requires a real macOS/Xcode environment. Production subscription checkout, email delivery, push delivery, and optional OCR require real provider credentials. Secure contracts, validation, local/test adapters, disabled/unconfigured UX, and runbooks remain required; this PR will not claim live provider behavior without evidence.

@vercel

vercel Bot commented Jul 17, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
food-order-v1 Ready Ready Preview, Comment Jul 18, 2026 6:35am

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant