SameeraLearn — Open Gaps
Last Updated: 2026-04-14 (S55)
P0 — Blocking / Critical
Camera Permissions Not Implemented
- What: App requests camera permissions that are not implemented in the codebase
- Risk: Play Store rejection + runtime crash on permission request
- Audit finding: P0
ErrorBoundary Missing
- What: No React Native ErrorBoundary component wrapping the app tree
- Risk: Unhandled runtime errors crash the app with no recovery path — child sees crash screen
- Audit finding: P0
API Key Rotation Needed
- What: Anthropic API key needs rotation (flagged in audit)
- Risk: Security — exposed or stale credentials
- Audit finding: P0
Child PIN Stored in Plaintext
- What: Child’s PIN stored as plaintext in Firestore (noted in v1.2.0 Known Issues)
- Risk: Any Firestore security rule misconfiguration could expose a child’s PIN
- Status: No remediation implemented as of v1.2.0
- Fix: Hash PINs using SHA-256 or bcrypt before storing
P1 — High Priority
Mid-Test Draft Saving Not Implemented
- What: If child leaves the app mid-test, progress is lost
- Impact: Frustrating UX, especially for long 32-question multi-unit tests
- Fix candidate: Save answer state to AsyncStorage on each answer selection
Keystore Password Not Extracted from Gradle
- What: Keystore password embedded in Gradle config (not in environment variable)
- Risk: Password exposed in build files
- Audit finding: P1
P2 — Track
Streak Test Failures (2 tests)
- What: 2 pre-existing test failures due to hardcoded dates + UTC/local timezone mismatch
- Status: Carried across versions without fix
- Impact: Test suite not at 100% — technically violates the 100% test pass rate invariant
- Fix: Mock
Date.now()in streak tests + use UTC consistently
v1.3.0 Sprint Not Started
- What: v1.3.0 is planned but no sprint started (last CHANGELOG entry 2026-03-17 — 4 weeks ago)
- Risk: App stagnating while Sameera outgrows v1.2.0 content