OneWallet — Development & Launch Timeline
|
|
| Version |
1.0 |
| Date |
2026-04-16 |
| Horizon |
3 months (Apr 16 — Jul 16, 2026) |
| Team |
2 fullstack developers |
| MVP Target |
~May 16, 2026 |
| Status |
🟡 In Progress |
Table of Contents
- Executive Summary
- Current Status — What's Done
- Month 1 — MVP Launch
- Month 2 — Stabilization & Agent Portal
- Month 3 — Feature Expansion
- Risks & Dependencies
- Regulatory Requirements
- Team Allocation
1. Executive Summary
OneWallet is a digital payment wallet (Flutter + Serverpod + PostgreSQL). The system core — Auth, KYC, Admin Panel, blnkfinance — is built. The primary goal for Month 1 is to build the payment layer, stand up production infrastructure, and publish the app to the stores.
| Period |
Goal |
Outcome |
| Month 1 (Apr 16 — May 16) |
MVP in production: payments, infrastructure, App Store |
🎯 Launch |
| Month 2 (May 17 — Jun 16) |
Agent Portal, push notifications, stabilization |
📈 Growth |
| Month 3 (Jun 17 — Jul 16) |
OAuth, MiniApps, compliance |
🔒 Maturity |
2. Current Status — What's Done
As of April 16, 2026
✅ Completed
| Component |
Readiness |
Notes |
| Serverpod: Auth module |
✅ 100% |
Email+OTP registration, JWT, RBAC, refresh tokens |
| Serverpod: KYC module |
✅ 100% |
10-step flow, OCR via Gemini API, statuses |
| KYC microservice |
✅ 100% |
CompreFace, BullMQ, Node.js worker |
| Flutter: Auth screens |
✅ 100% |
Registration, login, OTP, password, referral code |
| Flutter: KYC flow |
✅ 100% |
Document upload, face biometrics |
| Flutter: Home screen |
✅ 100% |
Balance card, quick action grid |
| Flutter: PIN / Biometrics |
✅ 100% |
6-digit PIN (regulatory), biometrics, 5-min auto-lock |
| Admin Panel |
✅ 100% |
Users, KYC review, Transactions, Agents — SvelteKit |
| blnkfinance UI |
✅ 100% |
Ledger, accounts, transactions connected |
| S3 storage |
✅ 100% |
KYC document upload, presigned URLs |
🟡 Needs Minor Work
| Component |
Status |
Tasks |
| Admin Panel: KYC E2E |
🟡 95% |
Seed superadmin, verify Approve → Finalize flow |
| S3 KYC Storage |
🟡 0% (backlog) |
Cron cleanup, lifecycle policy, userId in path |
| Service Resilience |
🟡 40% |
CompreFace volume persistence, BullMQ watchdog |
🔴 Not Started (built in Month 1)
| Component |
Priority |
| Payment Manager |
P0 — critical |
| IPPS PPXC Adapter |
P0 — critical |
| QP API Adapter |
P0 — critical |
| API Gateway (Nginx/Traefik) |
P0 — critical |
| CI/CD pipeline |
P0 — critical |
| Production infrastructure |
P0 — critical |
| Flutter: Top Up / Pay / Transfer / History |
P0 — critical |
| Logging (Fluent Bit + Loki + Grafana) |
P1 |
| Agent Portal |
P1 |
3. Month 1 — MVP Launch (Apr 16 — May 16)
Goal: Working app in Google Play + App Store, payments running on production.
Week 1 (Apr 16–22) — Infrastructure & DevOps
Dev 1: API Gateway + CI/CD
Dev 2: Docker Compose full stack + Prod setup
| # |
Task |
Owner |
Status |
| 1.1 |
Docker Compose — full stack (all services, networks, volumes) |
Dev 2 |
⬜ |
| 1.2 |
API Gateway (Nginx): TLS termination, routing, auth_request |
Dev 1 |
⬜ |
| 1.3 |
Rate limiting on API Gateway (IP + token) |
Dev 1 |
⬜ |
| 1.4 |
CI/CD pipeline: lint → test → build → deploy (GitHub Actions) |
Dev 1 |
⬜ |
| 1.5 |
Prod server setup: PostgreSQL, Redis, S3, env vars |
Dev 2 |
⬜ |
| 1.6 |
Fluent Bit + Loki + Grafana — baseline logging stack |
Dev 2 |
⬜ |
| 1.7 |
Service resilience: CompreFace volume persistence |
Dev 2 |
⬜ |
| 1.8 |
BullMQ watchdog + retry endpoints for KYC microservice |
Dev 1 |
⬜ |
Definition of Done: All services start via docker compose up, CI/CD deploys to the prod server.
Weeks 2–3 (Apr 23 — May 6) — Payment Layer + Flutter in Parallel
Flutter payment screens are built in parallel with the backend. Dev 2 works against mock endpoints in Week 2, then connects to the real API in Week 3.
Apr 23 ──────────────────────── May 6
Dev 1: [──── Payment Manager ────][──── Adapters + SIT ────]
Dev 2: [── Flutter screens (mock) ─][── connect to real API ─]
Week 2 (Apr 23–29)
Dev 1: Payment Manager (core)
Dev 2: Flutter payment screens (mock data)
| # |
Task |
Owner |
Status |
| 2.1 |
Payment Manager: routing, limit checks, commission calculation |
Dev 1 |
⬜ |
| 2.2 |
Payment Manager: transaction lifecycle (INFLIGHT → APPLIED/REJECTED) |
Dev 1 |
⬜ |
| 2.3 |
Payment Manager: two-phase wallet activation (blnkfinance Phase 1+2) |
Dev 1 |
⬜ |
| 2.4 |
BullMQ: configure queues — payment.outgoing, payment.topup, payment.result |
Dev 1 |
⬜ |
| 2.5 |
Admin Panel: seed superadmin + E2E Approve → Finalize |
Dev 1 |
⬜ |
| 2.6 |
Flutter: Top Up screen — QR generation, display, status polling (mock) |
Dev 2 |
⬜ |
| 2.7 |
Flutter: Pay screen — QR scanner, Thai QR TLV parsing, confirmation, result (mock) |
Dev 2 |
⬜ |
| 2.8 |
Flutter: Transfer screen — One ID search, confirmation, result (mock) |
Dev 2 |
⬜ |
| 2.9 |
Flutter: Transaction history — list, filters, detail view (mock) |
Dev 2 |
⬜ |
Week 3 (Apr 30 — May 6)
Dev 1: Provider Adapters + SIT testing
Dev 2: Flutter connected to real API + Push notifications
| # |
Task |
Owner |
Status |
| 3.1 |
IPPS PPXC Adapter: outgoing payments (Thai QR / PromptPay) |
Dev 1 |
⬜ |
| 3.2 |
QP API Adapter: incoming top-ups (PromptPay QR) |
Dev 1 |
⬜ |
| 3.3 |
Webhook handler for IPPS PPXC and QP API callbacks |
Dev 1 |
⬜ |
| 3.4 |
SIT testing: full Top Up + Pay cycle with real sandbox data |
Dev 1 |
⬜ |
| 3.5 |
Flutter: connect Top Up / Pay / Transfer / History to real API |
Dev 2 |
⬜ |
| 3.6 |
Flutter: block Pay/Top Up when user status is not fully_verified |
Dev 2 |
⬜ |
| 3.7 |
Flutter: FCM push notifications — payment result, KYC status |
Dev 2 |
⬜ |
| 3.8 |
Flutter: APNs integration for iOS |
Dev 2 |
⬜ |
| 3.9 |
S3 improvements: userId in path, lifecycle policy on kyc-data bucket |
Dev 1 |
⬜ |
Definition of Done: Full E2E — user completes: registration → KYC → top-up → payment → transfer through the SIT provider environment.
Week 4 (May 7–13) — QA, Staging & Store Submission
Dev 1 + Dev 2: joint QA + deployment
| # |
Task |
Owner |
Status |
| 4.1 |
Deploy staging: full stack on a separate environment |
Dev 2 |
⬜ |
| 4.2 |
E2E tests of all flows on staging (happy path + error cases) |
Both |
⬜ |
| 4.3 |
Security: verify auth_request, rate limiting, JWT expiry |
Dev 1 |
⬜ |
| 4.4 |
Flutter: release build (Android AAB + iOS Archive) |
Dev 1 |
⬜ |
| 4.5 |
Google Play: upload to Internal Testing → Production track |
Dev 2 |
⬜ |
| 4.6 |
App Store Connect: upload, fill metadata, submit for review |
Dev 2 |
⬜ |
| 4.7 |
Grafana: baseline alerts (error rate, service down, payment failures) |
Dev 1 |
⬜ |
| 4.8 |
DNS + SSL on prod server |
Dev 2 |
⬜ |
⚠️ Apple App Store: review takes 1–3 business days. Submit no later than May 9.
Buffer / Launch (May 14–16) — Production Go-Live
| # |
Task |
Owner |
Status |
| 5.1 |
Production deploy: all services |
Both |
⬜ |
| 5.2 |
Smoke tests on prod |
Both |
⬜ |
| 5.3 |
24h post-launch monitoring |
Both |
⬜ |
| 5.4 |
App publication (Google Play + App Store) |
Dev 2 |
⬜ |
Month 1 Overview
Apr 16 ──────────────────────────────────────────────────────── May 16
│ │ │ │
Week 1 Weeks 2–3 Week 4 Launch
Infra & DevOps ┌─ Payment ─┐ QA+Staging Prod
└─ Flutter ─┘ +Stores Go-Live
(parallel)
4. Month 2 — Stabilization & Agent Portal (May 17 — Jun 16)
Goal: Stable production environment, Agent Portal live, enhanced UX.
4.1. Stabilization (May 17–23)
| Task |
Priority |
| Analyze metrics from first week in production |
P0 |
| Hotfix cycle based on log incidents |
P0 |
| Load testing (stress test of core flows) |
P1 |
| Terraform IaC — codify production infrastructure |
P1 |
| Full Grafana alert setup (all services per spec 13-logging.md) |
P1 |
4.2. Agent Portal — Backend (May 24 — Jun 1)
| Task |
Description |
| Agent module: Serverpod endpoints |
Agent CRUD, referral codes, agent balance |
| Agent commission queue |
agent.commission in BullMQ, accrual via blnkfinance |
| Agent withdrawal flow |
Withdrawal request → queue → payout |
| Admin Panel: agent management |
Approve/suspend/terminate, view agent's clients |
4.3. Agent Portal — Frontend (Jun 2–11)
| Task |
Description |
| SvelteKit PWA: project setup + auth (SSO via Serverpod) |
|
| Agent dashboard: commission balance, new clients |
|
| Client list with filters |
|
| Transaction and accrual history |
|
| Withdrawal request form |
|
4.4. Flutter — Enhanced UX (Jun 2–11)
| Task |
Priority |
| Multilingual support: EN + TH (l10n) |
P1 |
| Profile screen: personal data, password change |
P1 |
| Push notifications: all events (KYC, transfers, top-ups) |
P1 |
| Google/Apple OAuth (Sign in with) |
P2 |
4.5. Month 2 Wrap-up (Jun 12–16)
| Task |
| E2E testing of Agent Portal |
| Deploy Agent Portal to production |
| Flutter app update in stores (v1.1) |
| Documentation update (docs/) |
5. Month 3 — Feature Expansion (Jun 17 — Jul 16)
Goal: Compliance-ready system, expanded features, MiniApps.
5.1. Compliance & Security (Jun 17–27)
| Task |
Description |
| Security audit |
Penetration test or internal audit per OWASP Top 10 |
| Encryption at-rest |
Verify dm-crypt / LUKS on prod PostgreSQL |
| S3 SSE-KMS |
Migrate to KMS encryption for KYC documents |
| Regulatory documentation |
← filled in by operations team (see section 7) |
5.2. MiniApps (Jun 17 — Jul 3)
| Task |
Description |
| Flutter WebView container |
Launch partner mini-apps in-app |
| Auth passthrough |
JWT forwarding into WebView for SSO |
| Admin Panel: MiniApps management |
Add/remove/edit banners |
5.3. Deep Linking & Advanced UX (Jul 4–10)
| Task |
| Universal Links (iOS) + App Links (Android) |
| Deep link to QR payment from third-party apps |
| Offline mode: display cached data when network is unavailable |
5.4. Month 3 Wrap-up (Jul 11–16)
| Task |
| Flutter v1.2 release to stores |
| Full regression test |
| Update all technical documentation |
| Retrospective: backlog for next quarter |
6. Risks & Dependencies
High Risks
| Risk |
Likelihood |
Impact |
Mitigation |
| App Store review delay (Apple) |
Medium |
Launch delay |
Submit by May 9; prepare TestFlight as Plan B |
| IPPS / QP SIT integration errors |
Medium |
Payment layer slip |
Start SIT testing in Week 2, don't wait for Week 3 |
| Payment Manager scope underestimated |
Medium |
Week 2 slip |
If needed — move S3/logging work to Month 2 |
| Production incidents post go-live |
High |
Negative UX |
24/7 monitoring first 72h, rollback procedure ready |
External Dependencies
| Dependency |
Status |
Owner |
| IPPS PPXC SIT credentials |
✅ Available |
— |
| QP API sandbox credentials |
✅ Available |
— |
| Production server / VPS |
✅ Available |
Dev 2 to configure |
| Apple Developer Program (App Store) |
Account verification needed |
Dev 2 |
| Google Play Console |
Account verification needed |
Dev 2 |
| FCM / APNs certificates |
Setup needed |
Dev 2 |
7. Regulatory Requirements
⚠️ This section is to be filled in by the operations team.
| Requirement |
Regulator |
Deadline |
Status |
Owner |
| Payment operator license |
|
|
|
|
| KYC/AML policy |
|
|
|
|
| Data storage requirements |
|
|
|
|
| Pre-launch audit / inspection |
|
|
|
|
| Reporting requirements |
|
|
|
|
| 6-digit PIN (regulatory) |
National Bank |
✅ Implemented |
✅ |
Dev 1 |
| Other |
|
|
|
|
8. Team Allocation
Month 1 — Focus Areas
Dev 1: API Gateway → Payment Manager → Flutter Pay/TopUp → QA → Store build
Dev 2: Docker/Infra → Provider Adapters → Flutter Transfer/History → Stage deploy
Working Principles
- Daily sync each morning (15 min): task status, blockers
- Weekly PM checkpoint on Friday: update this document
- Blockers are escalated on the day they are found — not accumulated
Changelog
| Date |
Version |
Change |
| 2026-04-16 |
1.0 |
Initial version |