Skip to content
Bookmarks Docs

Expansion Notes

Expansion Notes

Section titled “Expansion Notes”

The current Bookmarks MVP leaves room for several near-term upgrades:

  • Websocket-based sync through Durable Objects or Pub/Sub for live notes and comments
  • Invitations and moderation roles layered onto the memberships model
  • Club-specific spoiler policies instead of one global enum
  • Signed upload URLs for direct R2 media uploads
  • Passkey (WebAuthn) authentication for biometric unlock on supported devices

These items should stay outside the MVP until the current app, API, and club workflows are stable.

Passkey Auth (PWA) LOE

Section titled “Passkey Auth (PWA) LOE”

Adding fingerprint/Face ID login for the PWA should be implemented as passkeys (WebAuthn), not direct biometric APIs. Biometric prompts are handled by the device/browser during passkey use.

Estimated level of effort:

  • Backend + app skeleton (registration/authentication endpoints, challenge storage, client wiring): 3-5 days
  • Full production hardening (account recovery policy, multi-device passkeys, UX edge cases, telemetry, test coverage): 2-4 additional weeks

Recommended rollout:

  1. Add optional passkey enrollment after password login.
  2. Keep password login as fallback during rollout.
  3. Add “login with passkey” as primary option after adoption and support data is stable.

Decision criteria before build:

  • Security: define passkey recovery and account takeover controls (lost device, compromised email, support-assisted recovery).
  • UX: confirm enrollment and sign-in flows work clearly across iOS Safari, Android Chrome, and desktop browsers.
  • Support burden: estimate help-desk volume for device changes, deleted passkeys, and fallback login confusion.
  • Analytics: instrument enrollment rate, passkey login success rate, fallback usage, and auth failure reasons.
  • Compliance: verify any policy or audit requirements for MFA/passkey support and recovery handling.

Long-term

Section titled “Long-term”
  • Ratings for different aspects of the book: characters, plot, and overall enjoyment
  • Add notifications for unread messages or meetings not responded to
  • Implement short or long polling to check for new messages
  • Add coverage for unit tests and e2e

Ratings In 0.5 Increments LOE

Section titled “Ratings In 0.5 Increments LOE”

If ratings currently assume whole numbers, enabling half-step values should be treated as a full-stack change.

Estimated level of effort:

  • UI-only half-step input (no backend or DB changes): 0.5-1.5 days
  • Production-safe change (DB schema/constraints + API validation + UI + tests): 2-4 days
  • Additional reporting/export/analytics updates if they assume integers: +1-2 days

Recommended rollout:

  1. Update persistence and validation first so 0.5 values are accepted end-to-end.
  2. Ship UI control changes (half-star or stepper) after backend support is deployed.
  3. Backfill tests for create/edit/list flows and any aggregate rating calculations.