List view
## Overview Generate API documentation, add error handling, optimize UX with loading states, and ensure responsive design. ## Goals - [x] Generate Swagger API documentation (drf-spectacular) - [x] Error toast notifications throughout app - [x] Responsive design across all devices - [x] Edge case handling (network errors, timeouts) - [x] Production-ready code review ## Phase Details **Related User Stories:** All ## Success Criteria - [x] All endpoints documented with examples - [x] Error messages are user-friendly - [x] Mobile layout tested and responsive - [x] Lighthouse performance > 90 - [x] No console errors or warnings ## Dependencies - [x] Milestones 1-4 complete
Due by May 7, 2026## Overview Implement full CRUD operations for notes and categories with modern frontend UI using TanStack Query for data management. ## Goals - [x] Backend ViewSets & Serializers for Notes (US-NOTE-05) - [x] Backend ViewSets & Serializers for Categories (US-NOTE-06) - [x] TanStack Query hooks for data fetching and caching - [x] Frontend workspace UI with sidebar & note grid - [x] Time-based filtering (Today/Week/Month) (US-NAV-07) - [x] Color-coded categories (US-NOTE-06) ## Phase Details **Related User Stories:** US-NOTE-05, US-NOTE-06, US-NAV-07 ## Acceptance Criteria - [x] AC-NOTE-01: Notes have Title, Description, Timestamps - [x] AC-NOTE-02: Users only access their own notes - [x] AC-NOTE-03: Users customize category names & colors - [x] AC-NAV-01: Filters use created_at/updated_at - [x] AC-NAV-02: UI updates instantly without refresh ## Dependencies - [x] Milestones 1, 2, 3 complete
Due by June 3, 2026## Overview Connect frontend to backend with Axios interceptors, global auth state, and protected routes. ## Goals - [x] Axios instance with JWT token injection - [x] Token refresh interceptor for 401 errors - [x] Zustand global auth store - [x] Protected routes wrapper component - [x] Login/registration UI connected to backend ## Phase Details **Related User Stories:** US-AUTH-01, US-AUTH-02, US-AUTH-03, US-AUTH-04 ## Success Criteria - [x] Axios automatically attaches Authorization header - [x] 401 responses trigger token refresh - [x] Auth state persists across page refreshes - [x] Unauthenticated users redirected to login - [x] Logout clears auth state and tokens - [x] Google OAuth button integrates with backend ## Dependencies - [x] Milestone 1 & 2 complete
Due by May 3, 2026## Overview Build a complete authentication system with manual registration, email verification, JWT tokens, and Google OAuth integration. ## Goals - [x] Manual registration API endpoint (US-AUTH-01) - [x] Email verification system with Resend (US-AUTH-02) - [x] JWT token issuance (Access & Refresh) - [x] Google OAuth with django-allauth (US-AUTH-03) - [x] Password reset flow (US-AUTH-04) ## Phase Details **Related User Stories:** US-AUTH-01, US-AUTH-02, US-AUTH-03, US-AUTH-04 ## Acceptance Criteria - [x] AC-AUTH-01: Email format validation - [x] AC-AUTH-02: Passwords hashed (no plaintext) - [x] AC-AUTH-03: Accounts inactive until verified - [x] AC-AUTH-04: Verification tokens are time-limited - [x] AC-AUTH-05: User status transitions to "Active" - [x] AC-AUTH-06: Google OAuth redirect works securely - [x] AC-AUTH-07: JWT issued on successful auth - [x] AC-AUTH-08: Reset links are one-time-use - [x] AC-AUTH-09: No email enumeration leaks - [x] AC-AUTH-10: Google avatar extracted and saved - [x] AC-AUTH-11: Manual users get null avatar_url - [x] AC-AUTH-15: Email as unique identifier across methods - [x] AC-AUTH-16: Block manual registration if Google exists - [x] AC-AUTH-17: Link Google to existing manual accounts ## Dependencies - [x] Milestone 1 complete
Due by April 29, 2026## Overview Establish the foundational infrastructure with proper environment configuration, database schema, database models, and configuration for the Django backend. ## Goals - [x] Environment configuration with django-environ - [x] Custom User model with UUID and Email uniqueness - [x] Database schema for Notes and Categories - [x] CORS and security settings configured ## Phase Details **Related User Stories:** US-AUTH-01, US-AUTH-02, US-AUTH-03 ## Success Criteria - [x] All environment variables properly separated - [x] Custom User model handles email as unique identifier - [x] Database migrations run without errors - [x] CORS configured for frontend origin - [x] DEBUG mode respects environment settings
Due by April 27, 2026