# Roadmap and Open Issues This is a handoff snapshot, not the product SSOT. Product SSOT: mall-docs report-notebooklm docs, snapshot date: 2026-06-03. ## P0 Before Production Handoff - Add environment examples and production-safe defaults for all deploy-time settings. - Decide staging and production API domains. - Implement `GET /audio/{audio_id}/stream` with short-lived signed playback URL. - Implement auth start/verify flow and token handling. - Implement `/me` personal-state APIs for favorites, history, saved listens, and playback progress. - Implement `POST /outbound/events` with required `click_id` and `tracking_id`. - Implement production cursor pagination. - Implement cache invalidation on publish/hide/module/audio changes. - Add smoke scripts for health, feed, detail, listen, audio stream, favorite, and outbound event. ## P1 Content and Admin - Implement internal APIs for report import, raw artifacts, display artifacts, module patching, publish, hide, and related-source candidates. - Implement production content importer from a manifest-based NotebookLM runner. - Add validation for module JSON schemas. - Add object storage integration for raw payloads, heavy module content, audio, images, and source references. - Add publish blocking validation for P0 modules. - Add gray-source review flags and operational reporting. ## P1 App/API Contract - Align App with real auth state and return-to-action behavior. - Add playable audio stream integration once backend stream endpoint exists. - Replace local playback placeholders with API-backed progress. - Add real outbound event write before external navigation. - Decide whether heavy P1 modules stay as separate pages or merge into one deep-dive page. ## P2 Production Operations - Add structured logs and request IDs. - Add application metrics for feed/detail/listen/audio/outbound. - Add backup and restore runbook for database and content objects. - Add staging seed or reviewed staging content set. - Add CI checks for lint, tests, migrations, and public response snapshots. ## Product and Compliance Open Issues - Re-review gray-source audio policy before public release. - Define AI-generated-content labeling requirements in App detail and store metadata. - Define infographic watermark, QA, and factual-check process. - Define source citation display rules after citation/page-label normalization. - Confirm login channels and external approvals: phone SMS, WeChat, Apple. - Confirm store listing wording and risk disclaimers. ## Gitea Handoff Blockers - Use the single Gitea remote for the monorepo. - Decide whether the initial push goes directly to `main` or to a review branch. - Confirm the team has access to the product SSOT or accepts the code-repo snapshot as the development handoff.