Michele/leopost
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
73fa80da7c4e2d352fbe555725656e8a91d39727
leopost/.planning/phases/01-foundation-auth/01-CONTEXT.md
Michele 619353d9da docs(01): capture phase context 
Phase 01: Foundation & Auth
- Email verification mandatory
- Password: medium strength (8+, 1 num, 1 upper)
- Specific error messages (not generic)
- New device login notification
- Password reset via email link

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-31 02:46:16 +01:00

2.4 KiB
Raw Blame History

Phase 1: Foundation & Auth - Context

Gathered: 2026-01-31 Status: Ready for planning

## Phase Boundary

Users can create accounts, log in (email/password or Google OAuth), and subscribe to plans (Free, Creator, Pro) in a secure multi-tenant environment. All data is isolated per tenant with Row Level Security. This phase builds the foundation — onboarding wizard, chat interface, and social connections are separate phases.

## Implementation Decisions

Registration Flow

  • Email verification is mandatory — user cannot access the app until verified
  • Password requirements: medium (8+ characters, 1 number, 1 uppercase)
  • Registration fields: Claude's discretion (likely minimal to reduce friction)
  • Verification method: Claude's discretion (link vs 6-digit code)

Plan Selection

  • When to choose plan: Claude's discretion (likely start Free, upgrade later)
  • Plan display format: Claude's discretion (table vs cards)
  • Trial offering: Claude's discretion (likely no trial, Free tier is the trial)
  • Upgrade prompt style: Claude's discretion (likely non-invasive banner)

Session Behavior

  • Session duration: Claude's discretion (likely 30 days)
  • Multi-device: Claude's discretion (likely unlimited)
  • "Logout from all devices": Claude's discretion
  • New device notification: YES — email when login from unrecognized device

Login Experience

  • Login method priority: Claude's discretion (Google vs email form)
  • "Remember me" checkbox: Claude's discretion
  • Error messages: SPECIFIC — tell user "Password errata" or "Email non registrata" (more helpful than generic)
  • Password reset: link via email (not code)

Claude's Discretion

  • Registration form fields (minimize friction)
  • Verification method (link vs code)
  • Plan selection timing and UI
  • Trial offering (if any)
  • Upgrade prompt style
  • Session duration
  • Multi-device policy
  • Login method visual priority
  • "Remember me" behavior
## Specific Ideas
  • Error messages should be helpful and specific (user-friendly over security-paranoid)
  • New device login notification via email (security feature the user explicitly wanted)
  • Password reset via clickable link, not OTP code
## Deferred Ideas

None — discussion stayed within phase scope

Phase: 01-foundation-auth Context gathered: 2026-01-31

Reference in New Issue View Git Blame Copy Permalink