[codex] Audit content category and UGC exposure

.github/workflows/firebase-hosting-pull-request-widgetbook.yml

@@ -2,14 +2,16 @@
 # https://github.com/firebase/firebase-tools
 
 name: Deploy to Firebase Hosting on PR (Widgetbook)
-on: pull_request
+on:
+  pull_request:
+    types: [opened, synchronize, reopened, ready_for_review]
 permissions:
   checks: write
   contents: read
   pull-requests: write
 jobs:
   build_and_preview:
-    if: "${{ github.event.pull_request.head.repo.full_name == github.repository }}"
+    if: "${{ github.event.pull_request.head.repo.full_name == github.repository && github.event.pull_request.draft == false }}"
     runs-on: ubuntu-latest
     env:
       working-directory: ./widgetbook
@@ -44,5 +46,7 @@ jobs:
           firebaseServiceAccount: "${{ secrets.FIREBASE_SERVICE_ACCOUNT_ON_TIME_FRONT_WIDGETBOOK }}"
           projectId: on-time-front-widgetbook
           entryPoint: ${{ env.working-directory }}
+          channelId: pr-${{ github.event.pull_request.number }}
+          expires: 3d
         env:
           FIREBASE_CLI_EXPERIMENTS: webframeworks

.github/workflows/firebase-hosting-pull-request.yml

@@ -2,14 +2,16 @@
 # https://github.com/firebase/firebase-tools
 
 name: Deploy to Firebase Hosting on PR
-on: pull_request
+on:
+  pull_request:
+    types: [opened, synchronize, reopened, ready_for_review]
 permissions:
   checks: write
   contents: read
   pull-requests: write
 jobs:
   build_and_preview:
-    if: "${{ github.event.pull_request.head.repo.full_name == github.repository }}"
+    if: "${{ github.event.pull_request.head.repo.full_name == github.repository && github.event.pull_request.draft == false }}"
     runs-on: ubuntu-latest
     environment: debug
     steps:
@@ -46,5 +48,7 @@ jobs:
           repoToken: "${{ secrets.GITHUB_TOKEN }}"
           firebaseServiceAccount: "${{ secrets.FIREBASE_SERVICE_ACCOUNT_ONTIME_C63F1 }}"
           projectId: ontime-c63f1
+          channelId: pr-${{ github.event.pull_request.number }}
+          expires: 3d
         env:
           FIREBASE_CLI_EXPERIMENTS: webframeworks

docs/Release-Checklist.md

@@ -71,3 +71,24 @@ OnTime.
 - Confirm the app name, short description, full description, screenshots,
   support contact, privacy policy, and category are ready for the target stores.
 - Track any brand, icon, screenshot, or store copy gaps before submission.
+
+## Content Category and UGC
+
+- Current release audit result (2026-05-09): no UGC is exposed to other users.
+  Users can create schedules, schedule notes, preparation steps,
+  account profile values, and deletion or feedback text, but the checked app
+  routes and API clients do not provide public profiles, shared schedules,
+  comments, chat, feeds, uploads, groups, or other user-to-user content surfaces.
+- Current restricted-category audit result (2026-05-09): OnTime is a schedule
+  preparation, alarm, reminder, and arrival-time planning app. The checked source
+  does not implement gambling, betting, regulated finance, trading, lending,
+  crypto, medical, adult, or other restricted-category flows.
+- Before each store submission, re-check `lib/core/constants/endpoint.dart`, the
+  schedule, preparation, authentication, notification, and alarm data sources,
+  and user-facing flows for any newly added shared or public content surfaces.
+- If user-created content becomes visible to other users, open release-blocking
+  issues for reporting, blocking, moderation or abuse handling, Play Data safety,
+  and content rating updates before release.
+- Keep store category and listing copy aligned with productivity, planner, alarm,
+  and reminder functionality unless a future feature and policy review supports a
+  different category.

plans/460-audit-content-category-ugc-plan.md

@@ -0,0 +1,59 @@
+# Issue 460 Content Category and UGC Audit Plan
+
+## Goal
+
+Confirm whether the current OnTime release exposes user-created content to other
+users, document the release checklist result, and confirm the app is not in a
+restricted content category before Play submission.
+
+## Context
+
+- Parent release track: #466, Store listing and content.
+- Sub-issue: #460, Audit content category and UGC exposure.
+- #460 is labeled `codex-ready`, has no prerequisites, and asks for a scoped
+  audit only.
+- The source issue references `plans/release_app_todos.md`, but that file is not
+  present in this checkout.
+- Current app scope from `README.md` and `pubspec.yaml`: schedule preparation,
+  alarms, reminders, and arrival-time planning.
+- Audited endpoint and data-source surfaces include authentication, user profile,
+  feedback, schedules, preparations, FCM token registration, alarm settings,
+  device registration, alarm windows, and alarm status reporting.
+
+## Decisions
+
+- Treat this as a documentation and release-readiness audit, not a product-code
+  change. No app behavior is required when the audit finds no UGC exposure.
+- Use `docs/Release-Checklist.md` as the release checklist artifact requested by
+  the acceptance criteria.
+- Do not create report, block, or moderation issues unless the audit finds
+  user-created content visible to other users.
+- Keep restricted-category confirmation limited to the current repository
+  surface; future feature work must re-audit before store submission.
+
+## Steps
+
+1. Inspect #466 and #460 metadata, labels, prerequisites, and comments.
+2. Confirm the active branch is `codexd/460-audit-content-category-ugc`.
+3. Audit source endpoints, remote data sources, entities, and public docs for
+   social sharing, public profiles, feeds, comments, chat, uploads, report/block
+   controls, and restricted-category signals.
+4. Update `docs/Release-Checklist.md` with the current no-UGC result,
+   restricted-category result, and explicit re-audit requirements.
+5. Review the diff and verify the added documentation answers each #460
+   acceptance criterion.
+6. Commit only #460-related files, push the branch, and open a draft PR that
+   closes #460 and references #466.
+
+## Validation
+
+- `git diff --check`
+- `git diff -- docs/Release-Checklist.md plans/460-audit-content-category-ugc-plan.md`
+- Source audit searches over `lib`, `docs`, `README.md`, and `pubspec.yaml` for
+  UGC, sharing, moderation, and restricted-category terms.
+
+## Open Questions
+
+None. Human Play Console category selection still needs normal release-owner
+confirmation during store submission, but it does not block documenting this
+repository audit.