docs: add 4-tier production roadmap and detailed Tier 1 plan
- CLAUDE.md: 4-tier feature roadmap appended after the build-order section (launch blockers → moat features). Future sessions reference this to know which tier a new feature belongs to. - docs/TIER1_PLAN.md: detailed sequencing for the 8 blocks of Tier 1 work (auth, authz, rate limiting, notifications, CSV import, billing, backups, privacy) with schema changes, endpoints, tests, and effort estimates per block. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Kwaku Danso
@@ -190,3 +190,72 @@ When building this project, follow this sequence:
|
||||
8. Real-time monitor page (WebSocket for live RSVPs + fraud alerts)
|
||||
9. docker-compose.yml for full local development
|
||||
10. End-to-end testing
|
||||
|
||||
## Production roadmap
|
||||
|
||||
Phases 1–3 above were the initial build and shipped a feature-complete demo.
|
||||
What follows is the trajectory from demo to a product that can be sold.
|
||||
Future sessions: read this section before starting new feature work so you know
|
||||
which tier you're contributing to.
|
||||
|
||||
The detailed sequencing for Tier 1 lives in `docs/TIER1_PLAN.md`.
|
||||
|
||||
### Tier 1 — Launch blockers
|
||||
|
||||
Cannot ship to paying customers without these.
|
||||
|
||||
| Feature | What "done" means |
|
||||
|---|---|
|
||||
| **Real authentication** | Email + password (bcrypt) or magic links, email verification, password reset, JWT-based sessions with refresh tokens. The `useHost()` localStorage bootstrap must be removed. |
|
||||
| **Authorisation / multi-tenancy** | Every host-facing endpoint behind session middleware. Row-level authz: a host only sees their own events, guests, tokens. No more `?host_id=...` query params. |
|
||||
| **Real notifications** | Twilio SMS and AWS SES email actually wired, branded HTML templates, retry/backoff, bounce + complaint webhook handling, unsubscribe links. |
|
||||
| **CSV guest import** | Drag-drop upload, server-side validation, dedup by email, preview/confirm step. The marketing page already promises this. |
|
||||
| **Billing** | Stripe integration, free tier limits enforced in code, paid tiers, webhook handling for payment events, customer portal. |
|
||||
| **Rate limiting + abuse controls** | Redis-backed sliding-window limits on the bootstrap, RSVP-submit, token-issue, and event-create endpoints. CAPTCHA on user-creation flow. |
|
||||
| **Backups + disaster recovery** | Daily automated Postgres backups, point-in-time recovery via WAL archiving, documented + tested restore drill. (Claude builds restore docs; infra is human-owned.) |
|
||||
| **Privacy compliance** | Data export endpoint, right-to-erasure endpoint, privacy policy + ToS pages, retention policy, signed DPAs with subprocessors (Twilio/SES/Stripe). |
|
||||
|
||||
### Tier 2 — Customer expectations (first 3 months post-launch)
|
||||
|
||||
Features hosts will ask for almost immediately.
|
||||
|
||||
| Feature | Notes |
|
||||
|---|---|
|
||||
| **Smarter fraud detection** | Current heuristic scorer has false positives (same guest scoring `0` then `61` on consecutive opens). Add geolocation (MaxMind), per-event tunable thresholds, "actually legit" feedback loop, allowlists, eventual ML model. |
|
||||
| **Reminders + broadcasts** | Auto-reminders 7-day / 1-day / day-of, "last call" to non-responders, custom announcements when details change. Killer feature for wedding planners. |
|
||||
| **Editable RSVPs** | Guests can change "attending" → "declined" via the same link. |
|
||||
| **Multi-host / collaborators** | Owner / Editor / Viewer roles per event, invitation flow. |
|
||||
| **Event branding** | Custom colours, logo upload, optional custom domain for RSVP pages. |
|
||||
| **Day-of check-in** | QR codes on confirmations, PWA scanner, live arrival count, walk-in handling, plus-one verification. |
|
||||
| **Calendar integration** | "Add to Google / Outlook / Apple" on confirmation page. |
|
||||
| **Host analytics** | Response-rate over time, who hasn't opened, source attribution. |
|
||||
|
||||
### Tier 3 — Operations & polish
|
||||
|
||||
Required for running this at scale, not for first launch.
|
||||
|
||||
| Area | Notes |
|
||||
|---|---|
|
||||
| **Observability** | Prometheus `/metrics`, OpenTelemetry tracing across API↔fraud-engine↔NATS, Sentry, uptime monitoring, alert routing. |
|
||||
| **CI/CD** | Gitea/GitHub Actions: tests on PR, lint, security scans (gosec, trivy), staging auto-deploy, blue/green prod, automated rollback. |
|
||||
| **Accessibility** | WCAG 2.1 AA audit + fixes. Particular attention to focus states, contrast, reduced-motion respect for the float animations. |
|
||||
| **i18n** | Vue i18n, translated email/SMS templates, date/time/currency localisation, RTL support. |
|
||||
| **Mobile** | PWA + push notifications first, native apps later. |
|
||||
| **Secrets management** | Vault or AWS Secrets Manager, rotation, no secrets in images. |
|
||||
| **Performance** | Actually use Redis (cache hot queries), read replicas, CDN, query-plan audits, load tests. |
|
||||
|
||||
### Tier 4 — Moat & enterprise
|
||||
|
||||
Differentiators that justify enterprise pricing.
|
||||
|
||||
| Feature | Notes |
|
||||
|---|---|
|
||||
| **SSO (SAML, OIDC)** | For corporate hosts. |
|
||||
| **White-label** | For event planners running GuestGuard for *their* clients. |
|
||||
| **Public API + webhooks** | So customers can build on top. |
|
||||
| **Zapier integration** | Non-negotiable for SMB segment. |
|
||||
| **CRM sync** | Salesforce, HubSpot — for corporate events teams. |
|
||||
| **AI setup assistant** | Paste an invitation email, get an event auto-created with guest list extracted. |
|
||||
| **Marketplace integrations** | Caterers, photographers, venues. |
|
||||
| **Biometric / face check-in** | High-end events only, opt-in. |
|
||||
| **SLAs + regional data residency** | EU-only deployment option, signed SLA contracts. |
|
||||
|
||||
Reference in New Issue
Block a user