Lantern

Appearance

12-Week Development Roadmap

Created: 2026-02-06 Status: Active Last Updated: 2026-02-08

Overview

This roadmap prioritizes development efforts based on recent momentum in admin authentication and access control, strategic goals for mobile readiness, and critical security enhancements. The priorities are ordered by impact, feasibility, and dependencies.

Key Principles:

  • Build on recent work (admin auth, access gates)
  • Prepare for mobile development
  • Enhance security posture
  • Maintain zero-knowledge encryption

Priority 1: Issue #254 - Replace Cloudflare Access with Firebase Auth Gate

Timeline: Week 1 (2026-02-06 to 2026-02-13) Effort: LOW | Impact: HIGH Status: ~80% Complete (code ready, infrastructure verification needed)

Why This First?

  • Infrastructure already built (AccessGate components, admin role checks work)
  • Solves real pain: Cloudflare cache blocking real-time updates during dev
  • Natural continuation of recent admin auth work (PRs #257, #258, #259)
  • Quick win to build momentum

Work Required

  1. ✅ Verify Cloudflare Access policy removed from dev.ourlantern.app
  2. Test Firebase auth gate works correctly for pilot mode
  3. Update documentation if needed
  4. Later: Apply to production ourlantern.app when ready

Critical Files

Verification Steps

  • [X] Visit dev.ourlantern.app in incognito - should see Firebase login (no Cloudflare PIN)
  • [X] Sign in as admin user - verify access granted
  • [X] Sign in as non-admin user - verify access denied with AccessGateDenied
  • [X] Test real-time updates work without cache issues
  • [X] Close Issue #254

Dependencies: None Blockers: None

Priority 2: Issue #255 - Bundle Docs and Storybook into Admin Portal

Timeline: Week 1-2 (2026-02-06 to 2026-02-20) Effort: MEDIUM | Impact: MEDIUM Status: Partially Started (docs editor exists from PR #252)

Why This Second?

  • Builds on PR #252 (self-hosted docs editor)
  • Improves developer experience and admin usability
  • Natural follow-up to recent admin portal enhancements
  • Good momentum after #254 completion

Work Required

  1. Add Storybook navigation to admin portal sidebar
  2. Create unified navigation between:
    • Admin dashboard
    • Docs editor (existing)
    • Storybook component library
  3. Evaluate approach:
    • Option A: iframe embedding (simpler)
    • Option B: subdomain routing with unified nav (cleaner)
  4. Update build configs to include Storybook in admin deployment
  5. Test navigation flow between all sections
  6. Ensure admin auth protects all three sections

Critical Files

Verification Steps

  • [X] Navigate from admin dashboard to docs
  • [X] Navigate from docs to Storybook
  • [X] Navigate from Storybook back to dashboard
  • [X] Verify all sections protected by admin auth
  • [X] Test that Storybook hot reload works (if applicable)
  • [X] Close Issue #255

Dependencies: None Blockers: None

Priority 3: Issue #246 - Reorganize Monorepo Structure

Timeline: Week 3-6 (2026-02-20 to 2026-03-20) — Completed early: 2026-02-08 Effort: HIGH | Impact: MEDIUM-HIGH Status: ✅ Complete Implementation: Monorepo Reorganization PlanWorklog: 2026-02-08_monorepo-reorganization_complete.md

Why This Third?

  • Growing technical debt as codebase expands
  • Prerequisite for mobile development (React Native/Capacitor)
  • Better structure helps with #147 (shared auth logic across apps)
  • Needs dedicated focus - not incremental work
  • Should be done before major feature work

Proposed Structure 

lantern_app/
├── apps/
│   ├── web/              # Main Lantern PWA (current src/)
│   │   ├── src/
│   │   ├── public/
│   │   └── vite.config.js
│   └── admin/            # Admin portal (current admin/)
│       ├── src/
│       └── vite.config.js
├── services/
│   ├── functions/firebase        # Cloud Functions (current firebase-functions/)
│   ├── api/docs/         # Docs API (current cloud-run-docs-api/)
│   └── bots/discord/      # Discord bot (current discord-bot/)
├── packages/
│   └── shared/           # Shared utilities (NEW)
│       ├── auth/         # Shared auth logic
│       ├── encryption/   # Shared crypto utilities
│       └── utils/        # Common helpers
├── docs/
├── .github/
└── [root configs]

Work Required

Phase 1: Setup

  1. Create new directory structure (don't move files yet)
  2. Set up packages/shared/ as a workspace package
  3. Update root package.json workspaces config

Phase 2: Extract Shared Code 4. Identify shared utilities between web and admin 5. Extract to packages/shared/ 6. Update imports in web and admin

Phase 3: Move Apps 7. Use git mv src/ apps/web/src/ (preserve history) 8. Use git mv admin/ apps/admin/ 9. Update import paths in moved files 10. Update Vite configs for new paths

Phase 4: Move Services 11. Use git mv firebase-functions/ services/functions/firebase 12. Use git mv cloud-run-docs-api/ services/api/docs/ 13. Use git mv discord-bot/ services/bots/discord/ 14. Update import paths and configs

Phase 5: Update Infrastructure 15. Update all GitHub Actions workflows 16. Update Cloudflare Pages build configs 17. Update Firebase deployment configs 18. Update all relative paths in scripts

Phase 6: Testing 19. Test all builds: npm run build in each workspace 20. Test all dev servers: npm run dev -w web, npm run dev -w admin 21. Test Firebase Functions deploy (dry run) 22. Deploy to dev environment and verify all services

Phase 7: Documentation 23. Update docs/engineering/guides/DIRECTORY_DEFINITIONS.md 24. Update CLAUDE.md with new structure 25. Create migration guide for developers

Critical Files & Configs

Verification Steps

  • [X] npm run validate passes in all workspaces
  • [X] npm run build succeeds for web app
  • [X] npm run build succeeds for admin app
  • [ ] Firebase Functions deploy (dry run) succeeds
  • [ ] Deploy to dev environment
  • [ ] Verify main app works at dev.ourlantern.app
  • [ ] Verify admin portal works at admin.dev.ourlantern.app
  • [ ] Verify Firebase Functions respond correctly
  • [X] Check that imports resolve correctly
  • [ ] Close Issue #246

Dependencies: None (but should be done before #147) Blockers: None (requires dedicated time and careful testing)

Priority 4: Issue #147 - Security: Advanced Encryption Features (Phase 1)

Timeline: Week 7-12 (2026-03-20 to 2026-05-01) Effort: VERY HIGH | Impact: VERY HIGH Status: Not Started

Why This Fourth?

  • Critical for user trust and security posture
  • Massive epic - must be broken into phases
  • Current single-passphrase approach is risky (no recovery)
  • ✅ #246 complete — shared crypto utils can now go in packages/shared/

Phase 1 Scope (This Roadmap)

Implement:

  1. ✅ Backup recovery codes (12 single-use codes at signup)
  2. ✅ Warning UX about zero-knowledge tradeoffs
  3. ✅ In-app reminders to set up redundant recovery
  4. ✅ Tiered data model (E2E encrypted vs platform-encrypted)

Defer to Phase 2+ (Future Roadmap):

  • Phone + PIN login
  • Biometric/WebAuthn
  • Shamir's Secret Sharing
  • Phone number recycling protection

Work Required (Phase 1)

1. Recovery Code System

  • Generate 12 cryptographically secure recovery codes at signup
  • Store encrypted in Firestore (user can decrypt with current passphrase)
  • Create "write this down" UX with printable/downloadable format
  • Implement recovery flow: enter code → set new passphrase → re-encrypt data

2. Tiered Data Model

  • Define data tiers:
    • Tier 1 (E2E): Birth date, sensitive personal info
    • Tier 2 (Platform): Display name, bio, non-sensitive profile
    • Tier 3 (Public): Lantern name, location check-ins
  • Update Firestore schema to support tiers
  • Encryption logic: Only encrypt Tier 1 with user passphrase
  • Migration plan for existing users

3. Warning & Education UX

  • Clear warnings during signup about data loss risks
  • Explain zero-knowledge model and its implications
  • Force users to acknowledge before proceeding
  • Periodic reminders to secure recovery codes

4. Cloud Functions

  • validateRecoveryCode(userId, code) - Server-side validation
  • markRecoveryCodeUsed(userId, code) - Prevent reuse
  • regenerateRecoveryCodes(userId) - For users who lost them (requires current passphrase)

5. Testing & Security Audit

  • Unit tests for recovery code generation
  • Integration tests for recovery flow
  • Security audit of implementation
  • Penetration testing of recovery mechanism

Critical Files

Verification Steps

  • [ ] Complete signup flow, verify 12 recovery codes generated
  • [ ] Download/print recovery codes
  • [ ] Sign out completely
  • [ ] Use recovery code to access account
  • [ ] Set new passphrase via recovery flow
  • [ ] Verify encrypted data still accessible after recovery
  • [ ] Test tiered data model: sensitive data encrypted, non-sensitive accessible
  • [ ] Verify recovery codes are single-use
  • [ ] Run security audit and address findings
  • [ ] Update Issue #147 with Phase 1 completion, create Phase 2 epic

Dependencies: ✅ Issue #246 (monorepo refactor) complete — packages/shared/ available Blockers: None (but requires security expertise and careful design)

Priority 5: Admin Portal Enhancements (Ongoing)

Timeline: Ongoing (fill gaps between major work) Effort: LOW-MEDIUM | Impact: MEDIUM Status: Various

Issues to Consider

Issue #236: GitHub access revocation not working

  • Fix admin demotion/deletion flow
  • Ensure GitHub access properly revoked
  • Test with actual GitHub org permissions

Issue #230: Rate limiting for admin actions

  • Implement rate limiting on sensitive admin operations
  • Track failed login attempts (already started)
  • Add lockout mechanism after N failures
  • CAPTCHA challenge after threshold

Issue #237: Admin portal configuration management

  • Centralized config management UI
  • Edit environment variables
  • Manage feature flags
  • View/edit Firebase config

Approach

  • Pick 1-2 smaller issues after completing each major priority
  • Good for building momentum and variety
  • Lower priority than core user-facing features

Deferred (Lower Priority)

Not on 12-Week Roadmap

Issue #239: AI Assistant integration

  • Nice-to-have, not critical for pilot
  • Defer until post-launch

Issue #233: Billing/cost data in admin portal

  • Important but not urgent during pilot phase
  • Monitor manually for now

Phase 2+ Merchant Issues

  • Issue #171: Merchant claim venue flow
  • Issue #167: Merchant community portal
  • Issue #231: Merchant-user association
  • Wait until after pilot launch and user validation

Issue #168: Docs site initialization

  • Already addressed by PR #252 (self-hosted editor)
  • Can close after #255 completes

Timeline Summary 

Week 1-2:   Priority 1 (#254) + Priority 2 (#255) ✅ Complete
            ├─ Remove Cloudflare Access
            └─ Bundle Docs/Storybook

Week 1:     Priority 3 (#246) ✅ Complete (completed ahead of schedule)
            └─ Monorepo refactor

Week 2-8:   Priority 4 (#147 Phase 1)
            ├─ Recovery codes
            ├─ Tiered data model
            └─ Security audit

Ongoing:    Priority 5 (Admin enhancements)
            └─ Fill gaps with smaller issues

Success Metrics

Technical:

  • ✅ Real-time updates work without cache issues (#254)
  • ✅ Developer experience improved with unified admin portal (#255)
  • ✅ Clean monorepo structure ready for mobile (#246)
  • ✅ Recovery mechanism prevents data loss (#147)

Security:

  • ✅ Zero-knowledge encryption maintained
  • ✅ Admin authentication fully decoupled
  • ✅ User data recoverable without compromising security
  • ✅ Security audit passes with no critical findings

User Experience:

  • ✅ Pilot users can access app reliably
  • ✅ Clear warnings about encryption tradeoffs
  • ✅ Recovery process is straightforward
  • ✅ App feels fast and responsive

Risk Management

High-Risk Items

  1. Monorepo refactor (#246): Could break builds/deployments
    • Mitigation: Dedicated branch, extensive testing, staged rollout
  2. Recovery codes (#147): Security vulnerability if implemented incorrectly
    • Mitigation: Security audit, penetration testing, phased rollout
  3. Cloudflare Access removal (#254): Could expose dev site unintentionally
    • Mitigation: Test thoroughly before production

Medium-Risk Items

  1. Tiered data model: Migration could fail for existing users
    • Mitigation: Backup data, dry run migration, rollback plan

Next Actions

Immediate (This Week):

  1. Update Cloudflare API token with "Zero Trust" permission
  2. Verify Cloudflare Access removed from dev.ourlantern.app
  3. Close Issue #254
  4. Begin planning Issue #255 implementation
  5. Merge feat/monorepo-reorganization to dev and verify deployment
  6. Close Issue #246

Next Week:

  1. Implement Storybook navigation in admin portal
  2. Test unified admin navigation
  3. Close Issue #255
  4. Begin planning Issue #147 Phase 1 (recovery codes)

Month 2:

  1. Create detailed monorepo refactor plan
  2. Set up feature branch for #246
  3. Begin incremental migration ✅ (completed in full)
  4. Implement recovery code generation
  5. Design tiered data model schema

Notes

  • This roadmap is living document - adjust priorities as needed
  • Each priority builds on previous work
  • Security and user trust are paramount
  • Keep pilot users informed of changes
  • Document everything for future team members

References

Built with VitePress

Copyright © 2026 Lantern