MVP Milestone Planing - bounswe/bounswe2026group4 GitHub Wiki
MVP Planning — Local History Story Map
Deadline: April 7, 2026 | Planning Date: March 15, 2026 | Duration: ~3 weeks
Table of Contents
- MVP Goal
- Scope Decision: In vs. Out
- Sprint Plan
- Feature Requirements Mapping
- Testing Strategy
- Deployment Checklist
- Risk Register
- Definition of Done
MVP Goal
Deliver a working, deployed, end-to-end platform that demonstrates the core value proposition: users can discover and contribute location-based community stories through a map and feed interface.
MVP Success Criteria
- An unregistered visitor can browse stories on the map and in the feed
- A new user can register, log in, and submit a story with a location pin
- A logged-in user can like and comment on stories
- A submitted story appears on the map and in the feed
- Basic search returns relevant results
- Backend API is connected to a live database
- The app is reachable at a public URL
- Unit and integration tests are in place for critical paths
- A README and API reference exist
Scope Decision: In vs. Out
✅ In Scope for MVP
These are the minimum features needed to demonstrate a working end-to-end user flow.
| Area | What's Included |
|---|---|
| Auth | Register (email + username + password), login, logout |
| Guest Access | Read-only: view map, feed, story pages |
| Story Submission | Title, narrative text, map pin (geographic coordinate), place name, time information (year or range) |
| Story Display | Map view with pins + preview popup, Feed view with cards, Full story page |
| Interactions | Like a story, comment on a story, remove own like/comment |
| Media | Image upload only (jpg/jpeg/png, max 2MB) |
| Search | Search by story title and location name |
| Filtering | Filter by time period (year/decade) and location |
| Profile | View own profile: username, contribution count, submitted stories |
| Non-functional | HTTPS, password hashing, role-based access control, responsive layout (desktop + mobile) |
❌ Deferred to Post-MVP
These are explicitly cut to keep the deadline achievable. They are documented in the requirements and will be picked up after MVP.
| Deferred Feature | Requirement Ref | Reason |
|---|---|---|
| Email verification (6-digit code on registration) | 1.2.1.2 | Adds external email dependency; use simple registration for MVP |
| Password reset via email link | 1.2.1.9 | Same dependency; low risk to defer |
| Profile photo upload | 1.2.2.1 | UI/storage complexity; not core to user flow |
| Profile privacy settings (field-level visibility) | 1.2.2.2 | Nice-to-have; not blocking core flow |
| Timeline feature | 1.3.4 | Separate UI surface; can be added post-MVP |
| Audio and video uploads | 1.4.2.1 | Image-only is sufficient for MVP demonstration |
| Tags (creation, filtering, tag pages) | 1.3.6 | Adds complexity; search covers discoverability for MVP |
| Notifications (in-app panel, preferences) | 1.6 | Entire section deferred |
| Points system | 1.7.1 | Entire section deferred |
| Badges and achievements | 1.7.2 | Entire section deferred |
| Feed sorting by most popular | 1.3.2.4 | Most recent sorting only for MVP |
| Saved stories / bookmarks | 1.1.2.6 | Deferred |
| Account deletion with anonymization | 1.1.2.11 | Deferred |
| Admin moderation | 1.1.3.1–1.1.3.7 | Deferred |
| Reporting workflow | 1.5.1 | Deferred |
Sprint Plan
Week 1 — Foundation (Mar 15–21)
Goal: Project is set up, auth works, database is live, basic story API exists.
Backend
- Project scaffolding — repo, folder structure, linting, environment configs (
.env) - Database setup — choose and configure DB (e.g., PostgreSQL); define initial schema for
users,stories,media,comments,likes - Auth endpoints —
POST /auth/register,POST /auth/login,POST /auth/logout - JWT / session middleware — role-based guard middleware (guest, registered user, admin)
- Story CRUD endpoints —
POST /stories,GET /stories,GET /stories/:id,PATCH /stories/:id - Map data endpoint —
GET /stories/map(returns id, coordinates, place name, title, time info) - Password hashing — bcrypt or equivalent
Frontend
- Project scaffolding — framework setup, routing, environment config, API client utility
- Auth screens — Register form, Login form, Logout
- Route guards — redirect unauthenticated users away from restricted pages
- Map view skeleton — embed map library (e.g., Leaflet / Mapbox), render dummy pins
Infra
- Monorepo or separate repos agreed and set up
- CI pipeline — basic lint + test run on push (GitHub Actions or equivalent)
Week 2 — Core Features (Mar 22–28)
Goal: The three core user flows work end-to-end locally.
Backend
- Feed endpoint —
GET /stories/feedwith pagination and sort-by-recent, filter by time and location - Search endpoint —
GET /stories/search?q=(searches title + location name) - Like endpoints —
POST /stories/:id/like,DELETE /stories/:id/like - Comment endpoints —
POST /stories/:id/comments,DELETE /comments/:id - Image upload —
POST /media/upload; validate type (jpg/jpeg/png) and size (≤2MB); store file and return URL - Profile endpoint —
GET /users/:id(username, contribution count, submitted stories) - Input validation — required fields enforced on all write endpoints; meaningful error responses
Frontend
- Map view — fetch
/stories/map, render pins; click pin shows preview popup (place name, time, title); click opens story page - Feed view — fetch
/stories/feed, render story cards (title, location, date, preview text, media icons); pagination - Story page — full narrative, metadata, embedded image, like button, comments section
- Story submission form — all required fields (title, narrative, map pin selection, place name, time info), optional image upload
- Search bar — triggers
/stories/search, updates map + feed results - Time + location filter — filter panel connected to feed and map
- Profile page — own profile showing username and submitted stories list
Week 3 — Polish, Testing & Deploy (Mar 29–Apr 6)
Goal: Tests written, app deployed to public URL, documentation complete.
Testing
- Unit tests — auth logic, story validation, like/unlike logic, file upload validation, role guard middleware
- Integration tests — full request/response for: register → login → create story → fetch story; like → unlike
- Frontend component tests — story card render, form validation, map pin render
- Manual smoke test — walk through all three core user flows on deployed environment
Deployment
- Backend deployed — (e.g., Render, Railway, Fly.io, or VPS); environment variables configured
- Database deployed — managed instance (e.g., Supabase, Neon, Railway Postgres, RDS)
- Frontend deployed — (e.g., Vercel, Netlify, or served from backend)
- HTTPS confirmed — valid certificate on public URL
- File storage configured — uploaded images stored in object storage (e.g., S3, Cloudflare R2, Supabase Storage)
- Smoke test on production URL
Documentation
-
README.md— project overview, how to run locally, environment variable list - API reference — document all endpoints (method, path, auth required, request body, response shape); can use Swagger/OpenAPI or a Markdown table
- Database schema diagram or description
- Known limitations / deferred features section
Buffer / Bug Fix Days
- Apr 4–6 — reserved for integration issues, deployment bugs, and final polish. Do not schedule new features in this window.
Feature Requirements Mapping
Quick reference from the SRS to what ships in MVP vs. what is deferred.
| Req ID | Description | MVP? |
|---|---|---|
| 1.1.1.1–1.1.1.6 | Guest read-only access (map, feed, story, search, filter) | ✅ Yes |
| 1.1.1.7 | Guest can register | ✅ Yes |
| 1.1.1.8 | Guest cannot like/comment/submit | ✅ Yes (enforced) |
| 1.1.2.1 | Login / logout | ✅ Yes |
| 1.1.2.2 | Submit stories | ✅ Yes |
| 1.1.2.3 | Edit own stories | ✅ Yes |
| 1.1.2.4 | Like stories | ✅ Yes |
| 1.1.2.5 | Comment on stories | ✅ Yes |
| 1.1.2.6 | Save / bookmark stories | ❌ Deferred |
| 1.1.2.7 | Remove own like/comment | ✅ Yes |
| 1.1.2.8 | Report stories/comments | ❌ Deferred |
| 1.1.2.9 | Manage profile / visibility | ⚠️ Minimal (username only) |
| 1.1.2.11 | Delete account with anonymization | ❌ Deferred |
| 1.1.3.1–1.1.3.7 | Admin moderation | ❌ Deferred |
| 1.2.1.1–1.2.1.6 | Register + login | ✅ Yes |
| 1.2.1.2 | Email verification code | ❌ Deferred |
| 1.2.1.8 | Change password | ✅ Yes |
| 1.2.1.9 | Reset password via email | ❌ Deferred |
| 1.2.2.1 | Optional profile fields | ⚠️ Minimal (bio only) |
| 1.2.2.4 | Profile photo upload | ❌ Deferred |
| 1.2.2.5 | View saved stories in profile | ❌ Deferred |
| 1.3.1 | Map view with pins and preview | ✅ Yes |
| 1.3.2 | Feed view with cards | ✅ Yes |
| 1.3.2.4 | Sort by most popular | ❌ Deferred (most recent only) |
| 1.3.3 | Story page | ✅ Yes |
| 1.3.4 | Timeline feature | ❌ Deferred |
| 1.3.5 | Search + filtering | ✅ Yes (title, location, time) |
| 1.3.6 | Tags | ❌ Deferred |
| 1.4.1 | Story submission (required fields) | ✅ Yes |
| 1.4.2 | Media uploads | ⚠️ Images only |
| 1.4.3 | Story status (published / removed) | ✅ Yes |
| 1.5.1 | Reporting workflow | ❌ Deferred |
| 1.6 | Notifications | ❌ Deferred |
| 1.7 | Points + badges | ❌ Deferred |
| 2.1 | Performance targets | ✅ Best effort |
| 2.2 | Usability / validation messages | ✅ Yes |
| 2.4.1–2.4.3 | HTTPS, password hashing, RBAC | ✅ Yes |
| 2.5 | Browser + responsive layout | ✅ Yes |
Testing Strategy
Unit Tests (target: critical logic only)
- Password hashing and comparison
- Registration input validation (email format, password strength, unique username)
- Role guard middleware (guest vs. registered vs. admin)
- Story required field validation
- Image upload file type and size validation
- Like/unlike idempotency logic
Integration Tests (target: core user flows)
POST /auth/register→POST /auth/login→ returns valid session/tokenPOST /stories(authenticated) →GET /stories/:idreturns submitted storyGET /stories/map→ returns coordinate data for all published storiesPOST /stories/:id/like→ like count increments; second POST does not double-countDELETE /stories/:id/like→ like count decrementsPOST /stories/:id/comments→ comment appears inGET /stories/:id- Guest attempting
POST /stories→ returns401 Unauthorized
Manual Smoke Test (pre-submission checklist)
Run through all three core user flows on the deployed URL and confirm no crashes or broken states.
Deployment Checklist
- Backend service deployed and reachable
- Database connected and migrations applied
- Environment variables set (DB connection, JWT secret, storage credentials)
- HTTPS enabled on public URL
- File/image storage connected and writable
- Frontend deployed and pointing to production API URL
- CORS configured to allow frontend origin
- Test account created for demo/evaluation (credentials documented internally)
- All three core user flows verified on the production URL
Risk Register
| Risk | Likelihood | Impact | Mitigation |
|---|---|---|---|
| Map library integration takes longer than expected | Medium | High | Spike on map library in Week 1 Day 1; choose a well-documented option (Leaflet recommended) |
| Image storage setup delays deployment | Medium | Medium | Use local disk storage in development; wire up object storage in Week 3 as a separate task |
| Email sending dependency (password reset, verification) | Low | Low | Both are deferred from MVP scope; no email service needed |
| Database schema changes mid-sprint cause rework | Medium | Medium | Finalize core schema in Week 1 before building endpoints |
| Deployment environment issues eat into buffer | Medium | Medium | Target "deployed but rough" by March 29 to leave full Week 3 for fixes |
| Team underestimates frontend map + form complexity | Medium | High | Prioritize map view and submission form in Week 2 Day 1 |
Definition of Done
Feature-Level Definition of Done
A feature shall be considered complete only when all of the following conditions are met:
- The related backend functionality has been fully implemented.
- The corresponding API endpoint(s) operate correctly and include appropriate validation and error handling.
- The frontend integration has been completed and the feature is accessible through the user interface.
- Authorization and access control requirements have been correctly enforced where applicable.
- At least one automated test covers the primary functionality of the feature.
- The feature has been manually verified by the responsible developer.
- The implementation has been reviewed and merged into the main branch.
- The feature functions correctly in the deployed environment, if it is within MVP scope.
MVP-Level Definition of Done
The MVP shall be considered complete only when all of the following conditions are met:
- All core user flows operate end-to-end without critical errors.
- The application is deployed at a publicly accessible URL.
- HTTPS is enabled and functioning correctly in the deployed environment.
- The production database is connected and functioning as expected.
- Critical backend and frontend tests pass successfully in the CI pipeline.
- All features defined within the agreed MVP scope have been implemented.
- The README documentation has been completed and updated.
- The API documentation has been prepared and reflects the implemented endpoints accurately.
- Known limitations and deferred features have been clearly documented.
- The system is ready for demonstration with realistic sample data.