Backlog & Production Readiness

MVP Must-Haves

The following items represent the minimum viable product. Nothing ships to production without all boxes checked.

Auth & Identity
□ Supabase Auth phone/email OTP for consumer and merchant sign-in
□ JWT validation with role + tenantId context resolved server-side
□ Supabase refresh session handling with app-level revocation on logout
□ Edge rate limiting on auth request paths

POS Integration
□ Square webhook ingestion with HMAC verification
□ Clover webhook ingestion with HMAC verification
□ OAuth connection flow for at least one POS provider
□ Idempotent webhook processing (duplicate webhooks handled)
□ Encrypted storage of POS OAuth tokens

Reward Engine
□ Points-per-dollar rule type
□ Minimum spend threshold
□ Rule versioning (snapshot at transaction time)
□ At least one rule always active guard (or graceful no-rule handling)

Wallet
□ Credit on successful earn
□ Debit on redemption with insufficient-balance guard
□ Concurrent deduction safety (no negative balances under race conditions)
□ Ledger-based balance — balance computed from ledger, not free-standing column
□ Wallet balance reversal when redemption code expires

Admin
□ Manual wallet adjustment with reason + audit log
□ Tenant suspension capability
□ Consumer and wallet lookup by phone number

Operations
□ Structured JSON logging with correlation IDs
□ Health check endpoints (/health/live, /health/ready)
□ Error rate and latency metrics (Prometheus format)
□ Automated reconciliation run verifying ledger sums

Pre-Production Checklist

Before deploying to a production environment for the first time:

Security

□ TLS on all endpoints (no plaintext HTTP)
□ HSTS header in place
□ All secrets stored in secrets manager, not env files or code
□ Rate limiting active on all public endpoints
□ JWT signing key is strong (RS256 or ES256 preferred over HS256)
□ CSP headers configured
□ SQL injection impossible — only parameterized queries
□ PII redaction middleware active in logging
□ Penetration test performed or scheduled

Data Integrity

□ All migrations applied and verified
□ Unique constraints in place on wallet_ledger(reference_id, type)
□ Wallet balance cannot go negative — DB constraint or app-level guard under SELECT FOR UPDATE
□ Transaction + ledger write is a single DB transaction
□ Idempotency keys indexed and enforced
□ Reconciliation job scheduled and alert connected

Observability

□ All services emit structured logs with correlation IDs
□ Metrics endpoint scraped by Prometheus
□ Alerts configured (error rate, slow responses, queue depth, Supabase OTP failure)
□ Distributed tracing in place (or at minimum correlation IDs threaded)
□ On-call rotation defined with runbooks accessible
□ Dead-letter queue configured with alert

Reliability

□ Webhook retry with exponential backoff (max 5 attempts)
□ Dead-letter queue for unprocessable webhooks
□ Graceful shutdown handling (drain in-flight requests before stopping)
□ Database connection pool configured (min/max, timeout)
□ Health check probes configured in Kubernetes / hosting platform
□ At least two replicas of each service (no single point of failure)
□ Database backups scheduled and tested

Compliance

□ Right-to-deletion endpoint implemented and tested
□ Terms of service and privacy policy published
□ TCPA compliance review for SMS OTP delivered via Supabase Auth
□ Data retention policy documented and enforced
□ PCI scope confirmed (SalesArck does not touch cardholder data)

Phase 2 Backlog

These are explicitly out of scope for MVP but on the product roadmap:

Stretch Goals (Phase 2)

□ Promotional multipliers with date ranges
□ Birthday bonus points
□ Referral reward rules
□ Multiple POS connections per tenant
□ Merchant team management (invite staff, role scoping)
□ Real-time balance push via WebSocket or SSE
□ Merchant analytics dashboard (spend patterns, top consumers)
□ Bulk consumer import / export
□ White-label portal (merchant-branded domain + colors)
□ Reward expiry (points expire after X days)

Phase 3 (Future)

□ Marketplace / multi-merchant rewards (earn at one, redeem at another)
□ Mobile native app (iOS / Android)
□ Tier-based loyalty (Bronze / Silver / Gold)
□ SMS marketing campaigns (with TCPA-compliant consent flow)
□ POS in-line redemption (deduct at payment terminal, not separate code)
□ Shopify / WooCommerce e-commerce integration
□ Partner API (white-label with custom branding + sub-tenant support)

Known Technical Debt

Items that are acceptable for MVP but should be addressed early in Phase 2:

Item	Impact	Priority
No CQRS separation — reads and writes hit same DB	Performance at scale	Medium
Reward rule evaluation not cached — DB query per webhook	Latency under high throughput	Medium
Single region deployment	No DR/failover	High (before significant merchant volume)
No API versioning strategy beyond `/v1`	Breaking changes will be harder	Low
Test coverage < 90% in adapter layer	Regression risk for POS changes	High
No automated contract test CI for POS webhooks	Silent breaking changes from POS provider	Medium
Consumer wallet page does full refetch on focus	Unnecessary API load	Low

Written byDhruv Doshi

MVP Must-Haves​

Pre-Production Checklist​

Security​

Data Integrity​

Observability​

Reliability​

Compliance​

Phase 2 Backlog​

Stretch Goals (Phase 2)​

Phase 3 (Future)​

Known Technical Debt​