The development timeline of timelines.me — a privacy-first personal timeline app built in Rust and SwiftUI. From the first experimental commit to App Store submission.
The first line of code for timelines.me. A project that sat dormant for a year before its serious relaunch.
The project officially restarts with agent definitions (architect, designer, copywriter, SEO), design references, and core principles — zero hardcoded strings, mobile-first, privacy-first.
First working version: CRUD on timelines and events, authentication, GCS storage. Still local.
timelines.me goes live on the internet. CI/CD through GitHub Actions, Cloud Run, custom domain. Ten releases in one day to fix Debian runtime and Cargo cache.
Properly implemented consent banner: granular opt-in, separate categories, Google Analytics blocked until acceptance. Competitive analysis and OG image fixes ship alongside.
Stripe integration for premium slugs (short, memorable names — one-time purchase). The first step toward financial sustainability.
After a race condition between redirect and webhook, the architecture is rebuilt: the webhook is the only writer, signature verified, state machine explicit. Lesson learned.
Users can manage their Pro subscription directly — cancel, resume, update payment. Webhooks for subscription lifecycle. Admin console for manual plan assignment.
Up to 3 photos per event, WebP, upload/serve/delete, Pro only. The first premium feature that makes Pro worth it beyond the slug.
Reject unsigned webhooks, magic-byte validation, pixel limit, UUID path verification. First serious pass on security hardening.
The third authentication method alongside Google and Facebook. Implicit preparation for the iOS ecosystem.
Instead of PWA or React Native, the choice is native SwiftUI for iOS and Kotlin for Android. Full parity with web, same backend.
AuthUser extractor, rate limiting per user and per IP, security hardening. The backend is ready to serve native clients.
Separate repo for the iOS app. SwiftUI, iOS 17+, @Observable state.
First functional iOS version — login, timelines, events, settings. StoreKit 2 and Apple IAP ready.
Server-side JWS verification for IAP transactions, webhook for renewal/refund/cancellation. Complete App Store ↔ backend architecture.
Final audit pass before the iOS launch. Security headers, CSP, HSTS, COOP, Permissions-Policy. The web is ready for App Store traffic.
Final iOS app: Apple IAP wired, onboarding routing fix (RootView + @MainActor + synthesized Equatable), premium slug info card, full app icon. Ready for App Store submission.
Build 1.0 (2) uploaded to App Store Connect, compliance resolved, demo account configured, submission sent. Awaiting Apple's verdict.
Scan to view this timeline