feat: Implement iOS MVP with SwiftUI, Firestore, and Anonymous Auth

[peterfriese]

Implements the iOS MVP adhering to the PRD. Includes Task model, TaskRepository with Observation, Anonymous Auth, and SwiftUI Views.

This is what we implemented on the first CCDR livestream ("Building a multi-user productivity app | Code, Commit, Deploy, Repeat (S1E1)")

The recording of the livestream is here: https://www.youtube.com/watch?v=VqnGUC-OTmY

[gemini-code-assist]

Summary of Changes

Hello @peterfriese, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request delivers the initial iOS MVP for the "Make It So" application, focusing on establishing a robust foundation for task management. It integrates SwiftUI for a native user interface, leverages Firebase Firestore for real-time data synchronization, and incorporates anonymous Firebase Authentication to manage user sessions. The changes provide a complete, albeit basic, task workflow, from creation to deletion, adhering to the defined product requirements and setting the stage for future feature development.

Highlights

• Initial iOS MVP Implementation: The pull request introduces the foundational iOS Minimum Viable Product for the 'Make It So' productivity app.
• SwiftUI & Firebase Integration: Core application logic and UI are built using SwiftUI, with Firebase Firestore for data persistence and Firebase Authentication for anonymous user sessions.
• Task Management Features: Implements essential CRUD operations (Create, Read, Update, Delete) for tasks, including a Task model and TaskRepository.
• Project Structure & Dependencies: Establishes the Xcode project, integrates Firebase SDKs via Swift Package Manager, and includes a detailed Product Requirements Document (PRD).

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request successfully implements the core MVP features for the iOS app, including SwiftUI views, Firebase anonymous authentication, and Firestore integration. The code is generally clean and follows modern Swift practices. However, there are several critical and high-severity issues that need to be addressed. Most importantly, a GoogleService-Info.plist file containing sensitive API keys has been committed, which is a major security risk. Additionally, the data fetching logic in TaskRepository does not filter tasks by user, which is inefficient and violates a key requirement. There are also issues with view state management in SwiftUI and discrepancies between the implementation and the Product Requirements Document (PRD).

I am having trouble creating individual review comments. Click here to see my feedback.

ccdr/makeitso/iOS/MakeItSo/MakeItSo/GoogleService-Info.plist (1-30)

This file contains sensitive information, including your Firebase project's API key. Committing this to a repository is a significant security vulnerability, as it exposes your backend credentials. This file should be added to .gitignore and removed from the repository's history. Each developer should use their own local copy.

ccdr/makeitso/iOS/MakeItSo/MakeItSo.xcodeproj/project.pbxproj (175)

The DEVELOPMENT_TEAM is hardcoded in the project file. This makes the project non-portable, as other developers will have to manually change this to build the app. This setting should be managed via an .xcconfig file that is not checked into source control, allowing each developer to specify their own team ID.

ccdr/makeitso/iOS/MakeItSo/MakeItSo/Repositories/TaskRepository.swift (27-45)

The current Firestore query fetches all documents from the tasks collection without filtering by the current user's ID. This is inefficient, doesn't scale, and violates the PRD requirement for users to only see their own tasks. The query should include a .whereField("userId", isEqualTo: uid) filter. This also requires ensuring the subscription only starts after a user is authenticated and their UID is available.

ccdr/makeitso/iOS/MakeItSo/MakeItSo/Views/TaskListView.swift (4)

The TaskRepository is being initialized using @State. For reference types (classes), you should use @StateObject. Using @State can cause the repository to be re-initialized unexpectedly when the view struct is re-created, leading to loss of state and unnecessary re-fetching of data from Firestore.

  @StateObject private var repository = TaskRepository()

ccdr/makeitso/iOS/MakeItSo/MakeItSo/MakeItSoApp.swift (8)

The anonymous sign-in is a fire-and-forget call. This creates a potential race condition where the TaskRepository might be initialized and attempt to fetch data before the user is authenticated. It would be more robust to ensure authentication completes before initializing views that depend on it. Consider using async/await or an AuthStateDidChangeListener to coordinate this.

ccdr/makeitso/iOS/MakeItSo/MakeItSo/Repositories/TaskRepository.swift (28-29)

The PRD (section 5.2) specifies that tasks should be sorted by isCompleted and then by dueDate. The current implementation sorts by isCompleted and then by priority. Please update the query to match the requirements.

        .order(by: "isCompleted") // pending first
        .order(by: "dueDate")    // then by due date

ccdr/makeitso/iOS/MakeItSo/MakeItSo/Repositories/TaskRepository.swift (41-43)

Decoding errors from Firestore are being silently ignored due to the use of try?. While this prevents crashes, it hides potential issues with your data model or data stored in Firestore. It's better to handle the error, at least by logging it, to make debugging easier.

          self?.tasks = documents.compactMap { queryDocumentSnapshot in
            do {
              return try queryDocumentSnapshot.data(as: Task.self)
            }
            catch {
              print("Error decoding task: \(error.localizedDescription)")
              return nil
            }
          }

ccdr/makeitso/iOS/MakeItSo/MakeItSo/Views/AddTaskView.swift (12-23)

The PRD (section 2.1) states that users can create a task with a title, priority, and due date. This view allows setting the title and priority, but there is no UI for setting the dueDate. Please add a DatePicker to allow users to set a due date for the task.

[peterfriese]

I have addressed the critical feedback:

1. Security: plist removed (previous commit).
2. Filter: TaskRepository now filters by userId (requires auth).
3. Sort: Updated sort to isCompleted then dueDate.
4. UI: Added DatePicker to AddTaskView.
5. Robustness: Added logging for decoding errors.

Please review.

[peterfriese]

/gemini review Ready for re-review! With the help of Gemini and Antigravity, I've addressed the previous feedback (switched to modern concurrency, removed DispatchQueue usage, and fixed the naming collisions by properly renaming the model to TaskItem). Please focus the review exclusively on these remarked issues.

[gemini-code-assist]

Code Review

This pull request successfully implements the core features for the iOS MVP, including the data model, Firestore repository, anonymous authentication, and SwiftUI views. The code is well-structured and uses modern Swift and SwiftUI practices. However, I've identified a few high-impact issues that should be addressed. The most critical one is the incorrect use of @State for the TaskRepository object, which can lead to serious bugs and performance issues. Additionally, there's a consistent pattern of swallowing errors from network operations instead of propagating them to the UI, which would leave the user without feedback on failures. My review includes specific suggestions to fix these issues by using @StateObject and adopting async/throws for error handling.

[peterfriese]

/gemini review

[gemini-code-assist]

Code Review

This pull request successfully implements the core MVP features for the 'Make It So' iOS app, including the SwiftUI views, a TaskRepository for Firestore data synchronization with Observation, and anonymous authentication. The code is well-structured and follows modern Swift and SwiftUI best practices, such as using @Observable and surgical actor isolation. My review includes a few suggestions to improve code clarity, robustness, and alignment with the product requirements. Specifically, I've recommended simplifying an async wrapper in Firestore+Codable+Async.swift, refactoring the authentication state handling logic in TaskRepository.swift for better readability, and updating the navigation title in TaskListView.swift to match the PRD.

[peterfriese]

/gemini review I think we're done here.

[gemini-code-assist]

Code Review

This pull request successfully implements the core features for the iOS MVP of the "Make It So" app using SwiftUI and Firebase. The codebase is well-structured, leveraging modern Swift features like the Observation framework and async/await. The implementation of the TaskRepository demonstrates a solid understanding of Firebase and Swift concurrency best practices, including proper listener lifecycle management. My review includes suggestions to further enhance the application by improving user-facing error handling, increasing code clarity by resolving variable shadowing, and more fully adopting modern async patterns for authentication.

[marinacoelho]

LGTM