N-Watch

Appearance

This documentation site is maintained like versioned, legal-style product documentation:

  • Latest is a rolling view of the intended/current behavior.
  • Periodically we create snapshots under /v/<version>/.
  • Snapshots should be treated as immutable references.

Latest

Archived snapshots

Changelog

v0.3.0

  • Native Firebase Auth SDK: Migrated mobile from JS firebase/auth to @react-native-firebase/auth native SDK — resolves "component auth has not been registered yet" on Android new-arch/Hermes
  • Platform config initialization: Auth initializes via google-services.json (Android) and GoogleService-Info.plist (iOS) — no JS-level initializeAuth call
  • Apple Sign-In (native): Uses auth.AppleAuthProvider.credential(identityToken, nonce) via native SDK
  • Admin IAM overhaul: Replaced Firebase Auth with Cloudflare Zero Trust + Microsoft Entra ID (Azure AD) SSO for the admin dashboard
  • Dual auth model: Mobile uses Firebase Auth (Google); admin uses CF Access JWT verified via JWKS
  • CF Access JWT verification: New cfAccessAuth.ts module, requireAdminUid() on all admin/superadmin API routes, auto-provisioning of Firestore user from Entra email
  • Mobile simplification: Stripped to three screens — sign-in, join group, single prominent ALERT button with confirmation dialog
  • On-device address storage: Address saved locally via AsyncStorage, never stored on server
  • Encrypted alert payload: ML-KEM-768 key encapsulation + AES-256-GCM encryption of address on trigger
  • Auto device registration: Push token registration happens automatically on mobile sign-in
  • Platform ownership: Added RME Solutions Technology Australia branding (admin + mobile footer)
  • @maatara/core-pqc integration: WASM-based PQC toolkit (v0.5.0, Apache-2.0) added to API Worker and mobile fallback
  • Server-side KEM re-wrap: Worker decapsulates mobile encrypted payload and re-encapsulates per-recipient using reWrapForRecipients() (apps/api/src/lib/pqc.ts)
  • Mobile dual PQC strategy: Native module (@neighbourhoodwatch/pqc-native) with automatic WASM fallback (@maatara/core-pqc) for Expo Go / development
  • EncryptedLocation schema: Shared Zod schema for {kemCiphertext, ciphertext, nonce} in packages/shared/src/schema.ts
  • Recipient KEM key lookup: New listRecipientKemKeys() reads users/{uid}/crypto subcollection for per-recipient encryption
  • Sign in with Apple: Added expo-apple-authentication for iOS (App Store Guideline 4.8 compliance). Firebase OAuthProvider for apple.com credential flow.
  • Account deletion: New POST /v1/deleteAccount API endpoint + in-app "Delete account" button. Removes user document, device tokens, group memberships, and Firebase Auth account (GDPR / App Store requirement).
  • Privacy policy: Public privacy policy page at /privacy covering data collection, encryption, retention, and user rights.
  • Support page: Public support and FAQ page at /support with contact details and troubleshooting.
  • Documentation: Updated architecture (dual auth diagram, PQC implementation table, re-wrap flow, Apple Sign-In), security (Entra + CF Access, dual PQC strategy, server PQC), about (ownership, roles, mobile simplicity, account deletion)

v0.2.0

  • Licensing & payments: Stripe integration (REST, no SDK), group license subscriptions (monthly/annual), license statuses (active/expired/revoked/trial), license types (paid/granted)
  • New API endpoints: GET /v1/me, admin group/member/invite/payment/license routes, super-admin user/license/payment management, POST /v1/webhooks/stripe
  • License enforcement: Incident triggering gated on active group license (HTTP 402)
  • Three-tier roles: standard, manager, super_admin with server-side enforcement
  • Admin dashboard: Upgraded with group sidebar, member/invite tables, license/checkout, payment history, super-admin tab
  • Mobile app: Multi-screen navigation (home/join/settings), branded header, profile + notifications display
  • Store submission config: iOS bundleIdentifier, Android package, privacy manifests, EAS build config
  • Firestore rules: New collections (licenses, payments, notifications_log)
  • CORS + error handling: Global error handler, CORS middleware

When to bump a version

Create a new snapshot when:

  • API contracts change (new/changed endpoints, request/response schema)
  • Data model changes (new collections/fields, status transitions)
  • Security invariants change (authorization rules, roles)
  • Operational behavior changes (push fan-out, rate limits)

How to create a snapshot

  1. Create a folder: /v/<version>/
  2. Copy the key pages into it:
    • index.md
    • about.md
    • architecture.md
    • security.md
    • roadmap.md (optional)
  3. Update navigation in the VitePress config so the version appears in the version dropdown.

Notes

  • Snapshots are not meant to be perfect; they are meant to be stable.
  • Latest may evolve rapidly between snapshots.

Neighbourhood Emergency Alert System

© 2026 RME Solutions Technology Australia