# Requirements: Xtablo v2.0 Collaboration, Planning, and Social Sign-in

**Defined:** 2026-05-15
**Core Value:** A user can sign in and run the Tablos workflow - organize work, attach files, discuss, and plan scheduled events - without a JS framework or managed chat provider.

## v2.0 Requirements

Requirements for milestone v2.0. Each requirement must map to exactly one roadmap phase.

### Authentication

- [ ] **AUTH-08**: User can start a Google sign-in flow from the login/signup page
- [ ] **AUTH-09**: Google callback validates state, exchanges the authorization code, verifies the ID token, and creates or links a local Xtablo user
- [ ] **AUTH-10**: User can start an Apple sign-in flow from the login/signup page
- [ ] **AUTH-11**: Apple callback validates state/nonce, exchanges the authorization code, verifies the ID token, and creates or links a local Xtablo user
- [ ] **AUTH-12**: Social sign-in issues the same server-managed Xtablo session cookie used by email/password login
- [ ] **AUTH-13**: Existing email/password login, signup, logout, CSRF, and rate limiting continue to work after social sign-in is added

### Chat

- [ ] **CHAT-01**: Each tablo has a discussion view where authenticated authorized users can see persisted message history
- [ ] **CHAT-02**: User can post a text message to a tablo discussion with validation and CSRF protection
- [ ] **CHAT-03**: Messages are stored in Postgres with tablo, author, body, created timestamp, and deletion/edit metadata
- [ ] **CHAT-04**: Open tablo discussion views receive new messages in real time without a manual refresh
- [ ] **CHAT-05**: Real-time delivery uses Xtablo-owned infrastructure only; no managed chat or realtime provider is introduced
- [ ] **CHAT-06**: Message rendering escapes user content and enforces a server-side maximum body length

### Etapes

- [ ] **ETAPE-01**: User can create an etape inside a tablo with a title and optional description
- [ ] **ETAPE-02**: User can edit, delete, and reorder etapes inside a tablo
- [ ] **ETAPE-03**: User can assign a task to zero or one etape
- [ ] **ETAPE-04**: Deleting an etape unassigns its tasks by default rather than deleting the tasks
- [ ] **ETAPE-05**: The task UI can show or filter tasks by etape while preserving existing kanban status and ordering behavior
- [ ] **ETAPE-06**: The data model prevents nested etapes; an etape cannot have a parent etape

### Events

- [ ] **EVENT-01**: User can create a scheduled event attached to a tablo with title, start time, optional end time, optional description, and optional location
- [ ] **EVENT-02**: User can edit and delete tablo events
- [ ] **EVENT-03**: Tablo detail page includes an events view listing that tablo's scheduled events
- [ ] **EVENT-04**: Event validation requires an end time to be empty or after the start time
- [ ] **EVENT-05**: Event authorization follows tablo access rules so users cannot read or mutate events for inaccessible tablos

### Planning

- [ ] **PLAN-01**: Each authenticated user can open an individual planning page
- [ ] **PLAN-02**: Planning page lists the user's scheduled events across tablos in chronological order
- [ ] **PLAN-03**: Planning page links each event back to its tablo context
- [ ] **PLAN-04**: Planning page supports a functional empty state and date navigation/filtering suitable for the first working version

## Future Requirements

Deferred beyond v2.0.

### Chat

- **CHAT-FUT-01**: Typing indicators
- **CHAT-FUT-02**: Read receipts
- **CHAT-FUT-03**: Message reactions
- **CHAT-FUT-04**: Threads or replies
- **CHAT-FUT-05**: File previews in chat messages

### Planning

- **PLAN-FUT-01**: Recurring events
- **PLAN-FUT-02**: Reminder notifications
- **PLAN-FUT-03**: ICS import/export
- **PLAN-FUT-04**: External calendar sync

### Etapes

- **ETAPE-FUT-01**: Etape progress rollups
- **ETAPE-FUT-02**: Etape templates
- **ETAPE-FUT-03**: Etape dependencies

## Out of Scope

| Feature | Reason |
|---------|--------|
| Managed chat/realtime providers | User explicitly does not want third-party chat |
| Managed auth platforms | Google/Apple are identity providers only; Xtablo owns users and sessions |
| WebSocket-first chat protocol | SSE receive + HTMX POST send is the recommended v2 path unless plan-phase proves WebSockets are needed |
| Nested etapes or arbitrary task hierarchy | User requested one parent per task and no parent-of-parent |
| Notes / rich documents | Not part of the requested v2 feature set |
| Billing / Stripe | Still deferred until product loop is validated |
| Public booking widget | Separate product surface, not part of this milestone |
| Client portal | Separate product surface, not part of this milestone |
| Admin tooling | Separate product surface, not part of this milestone |
| Mobile / Expo app | Web rewrite remains the current product surface |

## Traceability

Populated during roadmap creation.

| Requirement | Phase | Status |
|-------------|-------|--------|
| AUTH-08..13 | Phase 8 | Pending |
| ETAPE-01..06 | Phase 9 | Pending |
| EVENT-01..05 | Phase 10 | Pending |
| PLAN-01..04 | Phase 11 | Pending |
| CHAT-01..06 | Phase 12 | Pending |

**Coverage:**
- v2.0 requirements: 27 total
- Mapped to phases: 27
- Unmapped: 0

---
*Requirements defined: 2026-05-15*
*Last updated: 2026-05-15 after v2.0 roadmap creation*