Priority Roadmap
Current priorities for TrickBook. Engineering standards come first - no new features until the safety net is in place.
Priority Matrix
P0 - Engineering Standards (Next Session)
These are blocking. Ship no new features until these are done.
| # | Task | Repo | Effort | Docs |
|---|---|---|---|---|
| 1 | Add Biome (lint + format) | Both | 30 min | Setup |
| 2 | Add pre-commit hooks (Husky + lint-staged) | Both | 30 min | Setup |
| 3 | Add ErrorBoundary component | Mobile | 1 hour | Guide |
| 4 | Add Sentry error tracking | Both | 1 hour | Guide |
| 5 | Write first 10 tests (critical paths) | Both | Half day | Strategy |
| 6 | Add CI/CD with quality gates | Both | 1 hour | Pipeline |
| 7 | Add global error handler middleware | Backend | 1 hour | Guide |
| 8 | Create .env.example files | Both | 15 min | Template |
Definition of done: Every commit is linted, every PR runs tests, every production error is tracked.
P1 - Security Hardening (Same Sprint)
| Task | Repo | Status | Docs |
|---|---|---|---|
| Rotate exposed credentials | Backend | Pending | Guide |
| Upgrade Node.js 12 to 20 LTS | Backend | Pending | Guide |
| Fix JWT secret (env var + expiration) | Backend | Pending | Guide |
| Add rate limiting | Backend | Pending | Guide |
| Add input sanitization (NoSQL injection) | Backend | Pending | Guide |
| Restrict CORS whitelist | Backend | Pending | Guide |
| Update helmet to v8 | Backend | Pending | Guide |
| Add health check endpoint | Backend | Pending | Guide |
| Add graceful shutdown | Backend | Pending | Guide |
P2 - Code Cleanup (Following Sprint)
| Task | Repo | Effort | Docs |
|---|---|---|---|
| Remove 6 dead dependencies | Mobile | 30 min | Details |
| Remove aws-sdk v2 (v3 already installed) | Backend | 15 min | Details |
| Add Zod schemas for all API responses | Mobile | 1 day | Guide |
| Replace console.log with structured logger | Both | 2 hours | Guide |
| Centralize MongoDB connection pool | Backend | Half day | Guide |
| Pick one MongoDB driver (drop unused one) | Backend | Half day | Details |
| Dockerize backend | Backend | 1 hour | Guide |
| Tighten TypeScript strict settings | Mobile | 1 hour | Details |
P3 - Feature Work (After Standards Are Met)
| Task | Repo | Notes |
|---|---|---|
| Google Play submission | Mobile | Store listing, screenshots, review |
| Push notifications | Mobile | Expo push + backend triggers |
| Offline mode improvements | Mobile | Queue mutations, sync on reconnect |
| Refresh tokens | Backend | Access token (15m) + refresh (7d) |
| Expand test coverage to 40% | Both | Add tests as you touch files |
| API versioning | Backend | /api/v1/ prefix |
Sprint Plan: Engineering Standards
Goal: Go from 0 quality gates to full CI/CD pipeline in one session.
Hour 1: Biome + Pre-commit (Both Repos)
# TrickList
cd TrickList
npm install --save-dev @biomejs/biome husky lint-staged
npx @biomejs/biome init
npx husky init
# Configure biome.json, lint-staged, .husky/pre-commit
npm run lint:fix # Auto-fix everything
# Commit the formatting pass
# Backend
cd Backend
npm install --save-dev @biomejs/biome husky lint-staged
npx @biomejs/biome init
npx husky init
npm run lint:fix
# Commit
Hour 2: Error Handling + Sentry
# TrickList
cd TrickList
npx expo install @sentry/react-native
# Create src/components/ErrorBoundary.tsx
# Wire up in app/_layout.tsx
# Add EXPO_PUBLIC_SENTRY_DSN to .env
# Backend
cd Backend
npm install @sentry/node express-mongo-sanitize
# Create middleware/errorHandler.js
# Create utils/AppError.js
# Add Sentry.init to index.js
# Add graceful shutdown handlers
# Add health check endpoint
Hours 3-4: First Tests
# TrickList
cd TrickList
npm install --save-dev @testing-library/react-native @testing-library/jest-native
# Write tests: client.test.ts, authStore.test.ts, trickStatus.test.ts
# 2 screen smoke tests
# Backend
cd Backend
npm install --save-dev jest supertest mongodb-memory-server
# Write tests: auth.test.js, users.test.js, auth-middleware.test.js
# trick-lists.test.js, spots.test.js
Hour 5: CI/CD
# TrickList - create .github/workflows/ci.yml
# Backend - create .github/workflows/ci.yml
# Configure branch protection rules on GitHub
# Create .env.example for both repos
Feature Roadmap
Q1: Foundation (Current)
- Core trick list functionality
- User authentication (email + Google + Apple)
- iOS App Store launch
- Feed/social features
- Direct messaging
- Spot discovery with maps
- Engineering standards (this sprint)
- Security hardening (this sprint)
- Google Play launch
Q2: Growth
- Push notifications
- Offline mode
- Analytics dashboard
- Performance optimization
- Expand test coverage to 60%
Q3: Expansion
- Community features
- Premium feature expansion
- API versioning
- International expansion
Q4: Scale
- Additional sport support
- Partner integrations
- Automated E2E testing
Metrics to Track
Engineering Health
| Metric | Current | Target |
|---|---|---|
| Test coverage | 0% | 40% (Q1), 70% (Q2) |
| Lint errors | Unknown (no linter) | 0 |
| CI pass rate | N/A (no CI) | >95% |
| Mean time to detect error | Days (user report) | Minutes (Sentry alert) |
| Crash-free sessions | Unknown | >99.5% |
App Metrics
- Daily Active Users (DAU)
- Monthly Active Users (MAU)
- Retention (Day 1, 7, 30)
- Session duration
- Tricks completed per user
Business Metrics
- Downloads (iOS vs Android)
- Premium conversion rate
- Revenue per user
- App Store rating