619353d9da
Phase 01: Foundation & Auth - Email verification mandatory - Password: medium strength (8+, 1 num, 1 upper) - Specific error messages (not generic) - New device login notification - Password reset via email link Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
73 lines
2.4 KiB
Markdown
73 lines
2.4 KiB
Markdown
# Phase 1: Foundation & Auth - Context
|
|
|
|
**Gathered:** 2026-01-31
|
|
**Status:** Ready for planning
|
|
|
|
<domain>
|
|
## Phase Boundary
|
|
|
|
Users can create accounts, log in (email/password or Google OAuth), and subscribe to plans (Free, Creator, Pro) in a secure multi-tenant environment. All data is isolated per tenant with Row Level Security. This phase builds the foundation — onboarding wizard, chat interface, and social connections are separate phases.
|
|
|
|
</domain>
|
|
|
|
<decisions>
|
|
## Implementation Decisions
|
|
|
|
### Registration Flow
|
|
- Email verification is **mandatory** — user cannot access the app until verified
|
|
- Password requirements: **medium** (8+ characters, 1 number, 1 uppercase)
|
|
- Registration fields: Claude's discretion (likely minimal to reduce friction)
|
|
- Verification method: Claude's discretion (link vs 6-digit code)
|
|
|
|
### Plan Selection
|
|
- When to choose plan: Claude's discretion (likely start Free, upgrade later)
|
|
- Plan display format: Claude's discretion (table vs cards)
|
|
- Trial offering: Claude's discretion (likely no trial, Free tier is the trial)
|
|
- Upgrade prompt style: Claude's discretion (likely non-invasive banner)
|
|
|
|
### Session Behavior
|
|
- Session duration: Claude's discretion (likely 30 days)
|
|
- Multi-device: Claude's discretion (likely unlimited)
|
|
- "Logout from all devices": Claude's discretion
|
|
- **New device notification: YES** — email when login from unrecognized device
|
|
|
|
### Login Experience
|
|
- Login method priority: Claude's discretion (Google vs email form)
|
|
- "Remember me" checkbox: Claude's discretion
|
|
- **Error messages: SPECIFIC** — tell user "Password errata" or "Email non registrata" (more helpful than generic)
|
|
- **Password reset: link via email** (not code)
|
|
|
|
### Claude's Discretion
|
|
- Registration form fields (minimize friction)
|
|
- Verification method (link vs code)
|
|
- Plan selection timing and UI
|
|
- Trial offering (if any)
|
|
- Upgrade prompt style
|
|
- Session duration
|
|
- Multi-device policy
|
|
- Login method visual priority
|
|
- "Remember me" behavior
|
|
|
|
</decisions>
|
|
|
|
<specifics>
|
|
## Specific Ideas
|
|
|
|
- Error messages should be helpful and specific (user-friendly over security-paranoid)
|
|
- New device login notification via email (security feature the user explicitly wanted)
|
|
- Password reset via clickable link, not OTP code
|
|
|
|
</specifics>
|
|
|
|
<deferred>
|
|
## Deferred Ideas
|
|
|
|
None — discussion stayed within phase scope
|
|
|
|
</deferred>
|
|
|
|
---
|
|
|
|
*Phase: 01-foundation-auth*
|
|
*Context gathered: 2026-01-31*
|