Ideony — Roadmap
Ideony — Roadmap
Section titled “Ideony — Roadmap”Explanation — forward-looking phases and milestones
Current phase
Section titled “Current phase”MVP 0 — v0 Launch. Core marketplace (booking + SOS) is feature-complete and test-covered; active sprint is UX/UI Realignment to reach Italian Sole quality bar before first external demo. See status.md for exact in-flight tasks.
Active Initiative — UX/UI Realignment (2026-04-21+)
Section titled “Active Initiative — UX/UI Realignment (2026-04-21+)”| Sub-phase | Status | Scope |
|---|---|---|
| M0 — Design tokens + fonts | Done | Italian Sole palette, Gambarino + Switzer, Gluestack tokens |
| Phase A — Auth screens | Spec locked | Welcome tour, Sign-in, Sign-up, OTP polish |
| Phase C — Consumer flow | In progress | Sole token sweep done (A4–A7); Home hero map + real-time presence done (B18+B26); chat attach (B22); GPS+Mapbox autocomplete (B30); image upload web fix (B29); HARDEN revert done. Remaining: Search, Results, Pro Profile polish |
| Phase B — Pro flow | Queued | Pro Dashboard, Availability, Earnings, SOS Accept |
| Phase D — Navigation chrome | Done (PR #17) | Tab bars, headers, bottom sheets |
Locked decisions (2026-04-21)
- Typography: Gambarino (display/serif) + Switzer (body/sans) — replaces Plus Jakarta Sans
- Color palette: Italian Sole — Terracotta
#B35F3Bprimary, Olive#6E7F3Ctrust, Cream#FAF6EEbg, Sun amber#E89059accent, Dark ink#2B1E10text - Map provider:
@rnmapbox/maps+ Mapbox APIs (Day 1, 2026-04-19) — replaces react-native-maps + Google Maps - Auth flow: Clerk identifier-first unified sign-in/sign-up
- Live tracking: Tier 2 (post-MVP 0) — Socket.IO foundation built, full polish deferred
- Pro nav: OS deep-link via Expo Router, no custom bottom-sheet nav
MVP 0 — Milestone Overview
Section titled “MVP 0 — Milestone Overview”| Milestone | Status | Notes |
|---|---|---|
| Foundation | Done | Monorepo (Turborepo + pnpm), DB schema, Clerk auth, core NestJS modules |
| API Core | Done | Booking, SOS, Chat, Reviews, Payments, Notifications, AI, Credentials |
| Infrastructure | Done | Docker, Hetzner CAX11, Dokploy, CI/CD (GH Actions), Sentry, Cloudflare R2 |
| Test Suite | Done | 195 unit + 45 E2E + 122 Playwright — green on CI; demo seed (pnpm seed:demo) added for cofounder walkthrough |
| External Integrations | Partial | Clerk + Stripe verified; Novu multi-channel pending full smoke test |
| Mobile App | Done | Expo SDK 55 + React Native — all core screens built |
| Production Polish | Done | i18n (IT+EN), BullMQ notifications, security headers, design system M0 |
Phase detail — condensed
Section titled “Phase detail — condensed”Phase 1 — Foundation & Auth
Section titled “Phase 1 — Foundation & Auth”- Turborepo monorepo, pnpm workspaces, Biome lint, Husky pre-commit
- NestJS 11 + Fastify + SWC + Prisma 7 + PostgreSQL 18 + PostGIS
- Clerk JWT verification, svix webhook, RBAC (CONSUMER / PROFESSIONAL / ADMIN)
packages/types,packages/validators(Zod),packages/api-clientshared packages- Docker Compose local stack (Postgres, Redis, MinIO, Mailpit)
Phase 2 — Core API Modules
Section titled “Phase 2 — Core API Modules”- BookingModule: create, confirm, cancel, lifecycle state machine
- SOSModule: request, candidate matching (PostGIS radius), accept/decline
- ChatModule: Socket.IO real-time messaging, message history
- ReviewsModule: create, display, rating aggregate
- ProfessionalModule: profile, availability slots, search (text + category)
- AvailabilityModule: weekly schedule, slot generation, conflict checks
Phase 3 — Payments & Notifications
Section titled “Phase 3 — Payments & Notifications”- Stripe Connect Express: onboarding, PaymentIntent, escrow, payout, refund
- Stripe webhooks: signature verification via raw body
- Novu Cloud EU: 6 workflow templates (booking confirmed/cancelled/reminder, review request, SOS matched, chat message)
- Novu → Resend (email) + Twilio (SMS) + Expo Push channels
- BullMQ queues: notification-worker, reminder-worker, webhook-worker
Phase 4 — Infrastructure & CI/CD
Section titled “Phase 4 — Infrastructure & CI/CD”- Hetzner CAX11 ARM64, Dokploy container management, Docker blue-green deploy
- GH Actions: lint → typecheck → build → unit tests → SAST → deploy → Trivy → smoke
- Sentry:
@sentry/nestjs(BE) +@sentry/react-native(FE) - Cloudflare R2 storage (S3-compatible), MinIO for local dev
- Cloudflare Quick Tunnels (interim); named tunnel
ideony-prodonideony.is-a.dev(pending)
Phase 5 — Mobile App (Expo SDK 55)
Section titled “Phase 5 — Mobile App (Expo SDK 55)”- Expo Router 5 file-based routing, tab groups
(consumer)/+(professional)/ - All core screens: Home, Search, Results, Pro Profile, Book, Booking Detail, Chat, Review, SOS, Pro Dashboard, Availability, Earnings, Settings
@clerk/clerk-expoauth — welcome tour + social login (Google/Apple/Facebook) + email OTP@stripe/stripe-react-nativepayment sheet- react-native-reanimated 60fps animations + Lottie illustrations
- TanStack Query (server state) + Zustand (client state) + Context (auth)
Phase 6 — Design System (M0)
Section titled “Phase 6 — Design System (M0)”- Gluestack UI v3 (NativeWind, copy-paste) + Phosphor Icons (duotone)
- Italian Sole design tokens: palette, typography scale, spacing, border-radius
- Gambarino + Switzer font loading via
lib/fonts.ts packages/design-tokensshared token package
Phase 7 — Test Suite
Section titled “Phase 7 — Test Suite”- 195 unit tests: services, repositories, controllers, guards
- 45 E2E tests: booking lifecycle, SOS flow, auth, payments
- 122 Playwright tests: mobile web smoke tests
- Turborepo remote cache (Vercel) for CI speed
- E2E JWT via Clerk BAPI session creation (no FAPI rate limits)
Phase 7A — Security & Validation
Section titled “Phase 7A — Security & Validation”@fastify/helmetsecurity headers- Zod global validation pipe (
createZodValidationPipe) - Input sanitization, SQL injection prevention
- Rate limiting: Redis-backed per-user limits (credential upload 10/day)
Phase 7B — AI Module (LangGraph)
Section titled “Phase 7B — AI Module (LangGraph)”- LangGraph.js agentic workflow: job estimation, smart scheduling
- GPT-5.4 Mini primary + Gemini 2.5 Flash fallback
- LangSmith EU tracing + experiment tracking
apps/api/src/modules/ai/— LangGraph state machine, tool nodes
Phase 7C — Pro Credentials
Section titled “Phase 7C — Pro Credentials”CredentialsModule: upload flow (presigned R2 URL, 600s), admin review queue- Credential types: P_IVA, INSURANCE, ALBO, F_GAS, ID_DOCUMENT, TRAINING_DIPLOMA, MANUFACTURER_CERT, OTHER
- Trust engine: weighted score → BASIC / VERIFIED / ELITE tier
trustScore+trustTieronProfessionalProfile
Phase 7D — i18n
Section titled “Phase 7D — i18n”nestjs-i18n(BE) +i18next+react-i18next+expo-localization(FE)- IT (default) + EN — all user-facing strings via
t()calls - BE: Accept-Language / x-lang header; FE: auto-detect locale
Phase 7E — OpenAPI SDK Generation
Section titled “Phase 7E — OpenAPI SDK Generation”@nestjs/swaggerauto-generates OpenAPI spec@hey-api/openapi-tsgenerates typed SDK from specpackages/api-client/:types.gen.ts,sdk.gen.ts,schemas.gen.tspnpm -w run generate:sdkpipeline
Phase 8 — Infrastructure Hardening
Section titled “Phase 8 — Infrastructure Hardening”- Auto-scaling, backups, disaster recovery, monitoring dashboards
- Named tunnel migration: Quick Tunnel →
cloudflarednamed tunnelideony-prod - Secret rotation (post-v0 stable): Clerk, Stripe, Novu, Dokploy, R2
- Pulumi IaC TypeScript for Hetzner + Dokploy provisioning
- 100% SLA target for production
Phase 8.5 — Post-MVP 0 Codebase SOTA Audit
Section titled “Phase 8.5 — Post-MVP 0 Codebase SOTA Audit”First work stream once MVP 0 is out the door, before any new feature sprint. Big brainstorm pass over the entire codebase against industry SOTA per stack layer — Nest 11 patterns, Expo SDK 55 / React Native best practices, native iOS+Android binary tuning, the Expo web bundle, Prisma 7 + PostGIS query scan, Redis cache taxonomy, BullMQ retry/DLQ shape, LangGraph AI pipeline hygiene, Clerk auth surface, Novu/Resend/Twilio notification coverage, Stripe Connect escrow, R2 storage policy, Sentry observability, testing pyramid, OWASP ASVS security sweep, Pulumi IaC drift, Turbo CI cache effectiveness. For each layer: run the matching specialized agent / skill / MCP, fetch latest docs via Context7 + cross-check Exa, use ast-grep for idiomatic-pattern audit. Bump all deps to latest stable/LTS (no canary). KISS/DRY refactor pass + dead-code removal. Produces a single codebase-wide audit spec in docs/specs/ before code changes; layer-specific subagents dispatched in parallel once the spec is locked.
Phase 9 — Post-MVP 0 Growth
Section titled “Phase 9 — Post-MVP 0 Growth”- Consumer: saved pros, repeat booking, favourite lists
- Professional: advanced analytics, team accounts, multi-location
- Payments: subscription plans, promotional credits, invoice generation
- AI: predictive pricing, demand forecasting, smart availability suggestions
- Live tracking Tier 2: full real-time GPS + ETA + route display
- Multi-city expansion beyond initial Italian market
Feature Matrix
Section titled “Feature Matrix”| Feature | Category | Status | Platforms | Notes |
|---|---|---|---|---|
| Sign In | Auth | stable | iOS, Android, Web | Clerk identifier-first unified flow |
| Sign Up | Auth | stable | iOS, Android, Web | Social (Google/Apple/Facebook) + email OTP |
| 2FA / MFA | Auth | alpha | iOS, Android, Web | Clerk TOTP — task #140 |
| RBAC | Auth | stable | API | CONSUMER / PROFESSIONAL / ADMIN roles |
| JWT Verify | Auth | stable | API | @clerk/backend verifyToken + @CurrentUser() |
| Clerk Webhooks | Auth | stable | API | svix signature, raw body |
| Category Search | Discovery | stable | iOS, Android, Web | Trade categories + PostGIS proximity |
| Text Search | Discovery | stable | iOS, Android, Web | Full-text search, Redis cache 30s |
| Results Screen | Discovery | stable | iOS, Android, Web | Filter + sort, map overlay |
| Pro Profile | Discovery | stable | iOS, Android, Web | Trust tier badge, credentials display |
| Mapbox Maps | Discovery | beta | iOS, Android, Web | @rnmapbox/maps, custom Sole style |
| Create Booking | Booking | stable | iOS, Android, Web | Zod validation, slot conflict check |
| Booking Lifecycle | Booking | stable | iOS, Android, API | PENDING→CONFIRMED→IN_PROGRESS→COMPLETED |
| Change Orders | Booking | stable | iOS, Android, API | Extra work approval flow |
| Booking History | Booking | stable | iOS, Android | Consumer + professional views |
| Cancel Booking | Booking | stable | iOS, Android | CTA + useCancelBooking hook |
| SOS Request | SOS | stable | iOS, Android | Emergency dispatch trigger |
| Candidate Matching | SOS | stable | API | PostGIS radius, availability check |
| SOS Pricing | SOS | stable | iOS, Android, API | Surge multiplier, transparent estimate |
| Accept / Decline | SOS | stable | iOS, Android | Pro accept/decline flow |
| Live Tracking | SOS | beta | iOS, Android | Socket.IO foundation; full GPS Tier 2 |
| Real-time Chat | Chat | beta | iOS, Android | Socket.IO, message history |
| Create Review | Reviews | stable | iOS, Android | Post-booking unlock, duplicate guard |
| Display Reviews | Reviews | stable | iOS, Android, Web | Rating aggregate, sorted list |
| Stripe Connect | Payments | beta | iOS, Android, API | Connect Express onboarding |
| Escrow | Payments | stable | API | Hold on booking create, release on complete |
| Refunds | Payments | stable | API | Stripe refund + webhook reconcile |
| Stripe Webhooks | Payments | stable | API | Raw body signature verify |
| Multi-channel Notifications | Notifications | stable | API | Novu → email + SMS + push |
| Push Notifications | Notifications | beta | iOS, Android | Expo Push Token, Novu channel |
| Pro Dashboard | Pro Tools | stable | iOS, Android | Earnings summary, upcoming bookings |
| Availability | Pro Tools | stable | iOS, Android, API | Weekly schedule, slot management |
| Earnings | Pro Tools | stable | iOS, Android | Payout history, pending balance |
| Calendar | Pro Tools | stub | iOS, Android | Blocked slots UI — planned Phase 1 |
| Credential Upload | Credentials | stable | iOS, Android, API | Presigned R2 URL, Redis rate limit |
| Credential Review | Credentials | stable | API | Admin approve/reject queue |
| Trust Score | Credentials | stable | API | Weighted engine → BASIC/VERIFIED/ELITE |
| AI Job Estimation | AI | alpha | API | LangGraph.js + GPT-5.4 Mini |
| AI Smart Scheduling | AI | alpha | API | LangGraph state machine, tool nodes |
| Health Endpoint | Infra | stable | API | /health liveness + readiness |
| i18n IT+EN | Infra | stable | iOS, Android, API | nestjs-i18n + expo-localization |
| Security Headers | Infra | stable | API | @fastify/helmet |
Phased Execution Plan (next 4 weeks)
Section titled “Phased Execution Plan (next 4 weeks)”Phase 0 — Demo ready (shipped 2026-04-21)
Section titled “Phase 0 — Demo ready (shipped 2026-04-21)”- #140 — Clerk 2FA sweep (all users audited, per-user MFA wiped, app-level dashboard-only)
80edaa1 - #150 — CC1: Theme store + dark palette foundation
2f9c140 - #151 — CC4: Offline banner
6bbcccd - #171 — R5: Icon voice cleanup (chrome Phosphor, inline lucide)
8aa44fb - #175 — R9: E2E selector refresh after Home route promotion
1e24f43 - #176 — R10: PromptCard chat-UX parity (focus-expand, suggestions, history, placeholder cycle, typing indicator)
2f9c140 - #174 — R8: ui-visual-validator run + screenshot diff vs design spec (in-flight)
- #180 — CC2.x: Dark mode codemod — chrome + ui primitives via
useThemedColors()c62c5be
Phase 1 — Post-demo (deferred to post-cofounder review)
Section titled “Phase 1 — Post-demo (deferred to post-cofounder review)”- E2E M1 — track C demo walkthroughs (3 Playwright specs, cofounder/investor paths) —
e2e/web/demo/*.spec.ts. Spec:specs/2026-04-21-e2e-strategy.md. - E2E M2 — track A deploy smoke — 3 unauthenticated Playwright flows wired into
scripts/deploy.shpost-CD viae2e/playwright.prod-smoke.config.ts. Authed expansion (5 flows) deferred to M3+ pending prod test-user seeding. - E2E M3 — gap closure (audit): webhook + i18n API-integ already covered. Carve-outs: M3b, M3c.
- E2E M3b — Browser i18n smoke —
e2e/web/i18n/language-switch.spec.ts+testIDinstrumentation onLanguagePicker+ profile menu row. - E2E M3c — Rate-limit E2E (blocked on
@nestjs/throttlerimpl, deferred post-MVP0). - [~] E2E M4 — track B multi-role harness (carries Phase E M-E1–M-E7: TestModule +
test_tenant+ 6 canonical scenarios on Playwright web). Harness landed —e2e/multi-role/orchestrator + tenant/state/clock/seed helpers + S1 scenario +playwright.multi-role.config.ts+test:multi-role/test:s1scripts. BE TestModule + remaining 5 scenarios (S2–S6) still pending. - E2E M5 — Maestro mobile flows — DEFERRED post-MVP0 (per user 2026-04-21: web-only MVP 0 scope).
- E2E M6 — Nightly Hetzner cron runner + Slack report emitter (web suite only in MVP0).
- E2E M7 — free-tier device cloud — DEFERRED post-MVP0 (alongside M5, mobile-specific).
- Rate-limit impl —
@nestjs/throttler4-tier integration (plan:plans/2026-04-21-rate-limit-throttler-audit.md). - Named tunnel migration (blocked — pending is-a.dev PR merge)
Phase 3 — E2E long-arc + ops
Section titled “Phase 3 — E2E long-arc + ops”- #176 — R10: Secret rotation (Clerk, Stripe, Novu, Dokploy, R2) — post-v0 stable
How to update this file
Section titled “How to update this file”- New milestone completed → update the Milestone Overview table row status
- New locked decision → add row to Active Initiative decisions table with date
- Phase promoted / feature shipped → update Feature Matrix status column
- New planned work → add to Phased Execution Plan under correct phase
- Do NOT add in-flight task details here — those belong in
status.md - Re-read both ROADMAP.md and FEATURES.md before editing to stay in sync
Related
Section titled “Related”- status.md — live in-flight state, blocked items, recently shipped
- decisions/ — ADR log (Architecture Decision Records)
- CHANGELOG.md — Keep a Changelog versioned history
- specs/ — per-feature specification documents
- plans/ideony-mvp0-blueprint.md — full construction plan