chore: complete v2.2 Session Limits milestone

Archive milestone artifacts (roadmap, requirements, audit, phases) to
milestones/v2.2-*, update PROJECT.md with validated requirements and
key decisions, reorganize ROADMAP.md, write retrospective.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: claude

.planning/MILESTONES.md

@@ -1,5 +1,31 @@
 # Milestones: Lumio
 
+## v2.2 Session Limits (Shipped: 2026-03-05)
+
+**Delivered:** Session card limit enforcement end-to-end — RPC caps cards to user-chosen limit with overdue-first priority, dashboard counter reflects session-limited count, and "Auto" label replaces infinity symbol.
+
+**Phases completed:** 32-33 (2 plans total)
+
+**Key accomplishments:**
+
+- RPC `get_study_cards_for_session` enforces total card cap with overdue-first priority (IF/ELSE plpgsql branching for NULL vs capped p_limit)
+- RPC `get_due_card_count` returns session-aware count via LEAST(total, p_limit) for dashboard
+- Dashboard counter reflects session-limited card count, not total backlog (reactive via useStudySettings)
+- CardsPerSession type renamed from 'all' to 'auto' with backward-compatible AsyncStorage migration
+- Settings selector shows "Auto" with sparkles icon replacing "All cards" / infinity symbol
+
+**Stats:**
+
+- 10 files changed (+318 / -20 lines)
+- 2 phases, 2 plans, 4 tasks
+- 2 days (2026-03-04 to 2026-03-05)
+
+**Git range:** `153e1d9` → `eccc6a1` (4 feat commits)
+
+**What's next:** TBD
+
+---
+
 ## v1.1 Lumio Native (Shipped: 2026-02-08)
 
 **Delivered:** Complete migration from dual PWA apps to a single native Android application with landing page and CI/CD pipeline.

.planning/PROJECT.md

@@ -85,17 +85,14 @@ Gli utenti studiano concetti tramite quiz generati dall'AI — il contenuto vien
 - ✓ 71 chiavi i18n per auth in IT e EN con validazione DeepStringify a compile-time — v2.1
 - ✓ SignOut guard per utenti email-only (GoogleSignin.signOut condizionale) — v2.1
 - ✓ Recovery state machine con persistenza AsyncStorage per reset password — v2.1
+- ✓ RPC cap rigido sessione: scadute first (più vecchie prima), poi nuove, totale mai oltre p_limit — v2.2
+- ✓ Dashboard counter mostra carte della prossima sessione (LEAST capping), non debito totale — v2.2
+- ✓ Selettore "Auto" con icona sparkles al posto di "Tutte/∞" — v2.2
+- ✓ Backward-compatible AsyncStorage migration da 'all' a 'auto' — v2.2
 
 ### Active
 
-## Current Milestone: v2.2 Session Limits
-
-**Goal:** Rispettare il limite carte-per-sessione scelto dall'utente, con dashboard coerente e label "Auto" per il selettore.
-
-**Target features:**
-- Cap rigido RPC: scadute first (più vecchie prima), poi nuove, totale mai oltre il limite scelto
-- Dashboard counter mostra carte della prossima sessione (non debito totale)
-- Selettore: rinomina "Tutte/∞" → "Auto" (stessa logica, label diversa)
+(None — planning next milestone)
 
 ### Out of Scope
 
@@ -126,16 +123,16 @@ Gli utenti studiano concetti tramite quiz generati dall'AI — il contenuto vien
 
 ## Context
 
-**Stato attuale (post v2.1):**
+**Stato attuale (post v2.2):**
 - Monorepo pnpm: apps/android (Expo/React Native), apps/landing (static HTML), packages/core, packages/shared
 - Backend Supabase: auth (Google OAuth + email/password), DB, storage, edge functions, Docora webhook + study_sessions + card_review_schedule tables
 - Tech stack: Expo SDK 54, React Native 0.81, react-navigation, @lumio/core, i18n-js, react-native-marked, supermemo@2.0.23, vitest@4.0.18
 - CI/CD: lint → build-apk → deploy-landing → deploy-migrations → deploy-functions (version from STATE.md)
 - Versioning: STATE.md milestone → extract-version.cjs → version.ts, APK versionName, landing page, edge function
 - Auth: dual-mode Google OAuth + email/password con OTP verification, password reset, account linking bidirezionale
-- App bilingue IT/EN con branding Lumio, ripetizione spaziata SM-2, sessioni configurabili, card browse, study history con conteggio carte, studio forward-only, sync error handling con token update in-app
-- ~26,000 LOC (TS/TSX/SQL) — +9,897 lines in v2.1
-- 9 milestones shipped: v1.1 (native app), v1.2 (polish & i18n), v1.3 (bugfix & UX), v1.4 (card browse & stats), v1.5 (study UX fixes), v1.6 (sync error handling), v1.7 (GSD versioning), v2.0 (spaced repetition), v2.1 (email auth)
+- App bilingue IT/EN con branding Lumio, ripetizione spaziata SM-2, sessioni configurabili con cap RPC, card browse, study history con conteggio carte, studio forward-only, sync error handling con token update in-app, dashboard session-aware
+- ~19,800 LOC (TS/TSX/SQL)
+- 10 milestones shipped: v1.1 (native app), v1.2 (polish & i18n), v1.3 (bugfix & UX), v1.4 (card browse & stats), v1.5 (study UX fixes), v1.6 (sync error handling), v1.7 (GSD versioning), v2.0 (spaced repetition), v2.1 (email auth), v2.2 (session limits)
 
 ## Constraints
 
@@ -210,6 +207,11 @@ Gli utenti studiano concetti tramite quiz generati dall'AI — il contenuto vien
 | addPasswordModeRef to suppress PASSWORD_RECOVERY | Prevents recovery nav during add-password OTP flow | ✓ Good — v2.1 |
 | Supabase linkIdentity with queryParams | Google token exchange for account linking | ✓ Good — v2.1 |
 | Session JSON size logging after identity change | SecureStore monitoring for dual-identity JWT stability | ✓ Good — v2.1 |
+| IF/ELSE in plpgsql for NULL vs non-NULL p_limit | Cleaner than COALESCE with large sentinel for unlimited vs capped logic | ✓ Good — v2.2 |
+| p_limit DEFAULT NULL for RPC parameters | Matches production unlimited behavior as safe default | ✓ Good — v2.2 |
+| LEAST(total, p_limit) for count capping | Simpler than IF/ELSE with separate queries for scalar cap | ✓ Good — v2.2 |
+| Hardcoded 'Auto' label (universal across languages) | "Auto" is understood in both IT and EN, no translation needed | ✓ Good — v2.2 |
+| AsyncStorage backward-compat migration 'all' → 'auto' | Read old value, return new enum value silently | ✓ Good — v2.2 |
 
 ---
-*Last updated: 2026-03-04 after v2.2 milestone start*
+*Last updated: 2026-03-05 after v2.2 milestone*

.planning/RETROSPECTIVE.md

@@ -46,22 +46,108 @@
 
 ---
 
+## Milestone: v2.1 — Email Auth
+
+**Shipped:** 2026-03-02
+**Phases:** 5 | **Plans:** 10 | **Sessions:** ~5
+
+### What Was Built
+- Email/password signup with 6-digit OTP verification via branded Lumio email templates
+- Email login with progressive disclosure UX (Google OAuth on top, email below separator)
+- Password reset with two-phase OTP-then-password screen and global session invalidation
+- Bidirectional account linking (Google ↔ email) with single-identity unlink protection
+- Provider-aware database trigger for email signups (display_name from email prefix)
+- 71 auth i18n keys in IT/EN with DeepStringify compile-time validation
+
+### What Worked
+- OTP over deep link was the right choice for Android — no deep link infrastructure needed, more reliable
+- Progressive disclosure pattern reduces cognitive load on login screen
+- Recovery state machine with AsyncStorage survives app restarts elegantly
+- addPasswordModeRef pattern cleanly separates "add password" from "forgot password" OTP flows
+
+### What Was Inefficient
+- Dead else branch in ForgotPasswordScreen.tsx error handling — both paths set same error message (minor tech debt)
+- Multiple quick tasks (5, 6, 8, 9) needed post-milestone for production issues — could benefit from more thorough UAT before shipping
+
+### Patterns Established
+- Provider-aware trigger using `raw_app_meta_data->>'provider'` with COALESCE default
+- Guard pattern: `hasPreviousSignIn()` before `GoogleSignin.signOut()` for mixed-auth users
+- Two-phase screen pattern: single component handles both OTP entry and action (password set, verification)
+- Ref-based flow suppression (`addPasswordModeRef`) to prevent auth event handler interference
+
+### Key Lessons
+1. OTP is more reliable than deep links on Android — less infrastructure, fewer failure modes
+2. Auth flows need extensive real-device testing — several quick fixes were needed post-ship
+3. Provider-aware triggers with explicit detection are cleaner than implicit auth.users field checks
+4. Global session invalidation on password change is a security best practice worth the UX cost
+
+### Cost Observations
+- Model mix: 80% opus, 20% sonnet (quality profile)
+- Sessions: ~5 (4 days of development)
+- Notable: 5 phases, 10 plans, 16 requirements — largest milestone since v1.1, all satisfied
+
+---
+
+## Milestone: v2.2 — Session Limits
+
+**Shipped:** 2026-03-05
+**Phases:** 2 | **Plans:** 2 | **Sessions:** ~2
+
+### What Was Built
+- RPC `get_study_cards_for_session` enforces total card cap with overdue-first priority (IF/ELSE plpgsql for NULL vs capped p_limit)
+- RPC `get_due_card_count` returns session-aware count via LEAST(total, p_limit) for dashboard
+- Dashboard counter reflects session-limited card count reactively via useStudySettings
+- CardsPerSession type renamed from 'all' to 'auto' with backward-compatible AsyncStorage migration
+- Settings selector shows "Auto" with sparkles icon
+
+### What Worked
+- Minimal milestone scope (2 phases, 5 requirements) — shipped in 2 days with zero deviations
+- Nullable RPC parameter pattern (p_limit DEFAULT NULL) from Phase 32 reused immediately in Phase 33
+- LEAST(total, p_limit) was simpler than duplicating query logic for the count RPC
+- Audit passed cleanly: 5/5 requirements, 8/8 integration checks, 3/3 E2E flows
+
+### What Was Inefficient
+- Nothing notable — clean execution from start to finish
+
+### Patterns Established
+- Nullable RPC parameters: pass null from TS, PostgreSQL uses DEFAULT NULL for unlimited behavior
+- AsyncStorage backward-compat migration: read old value, return new enum value silently
+- LEAST-based capping for scalar count RPCs (simpler than IF/ELSE when only capping a result)
+
+### Key Lessons
+1. Small, focused milestones (2 phases) execute cleanly with near-zero overhead
+2. Reusing RPC patterns across phases in the same milestone accelerates development
+3. "Auto" as universal label (no translation needed) simplifies i18n
+
+### Cost Observations
+- Model mix: 80% opus, 20% sonnet (quality profile)
+- Sessions: ~2 (2 days)
+- Notable: Smallest milestone since v1.5 — 2 phases, 2 plans, 4 tasks, ~6 minutes total execution
+
+---
+
 ## Cross-Milestone Trends
 
 ### Process Evolution
 
 | Milestone | Sessions | Phases | Key Change |
 |-----------|----------|--------|------------|
 | v2.0 | ~4 | 4 | First milestone with audit-before-complete workflow; gap closure pattern |
+| v2.1 | ~5 | 5 | Largest since v1.1; post-ship quick fixes revealed UAT gaps |
+| v2.2 | ~2 | 2 | Cleanest milestone — zero deviations, zero issues |
 
 ### Cumulative Quality
 
 | Milestone | Tests | Coverage | Zero-Dep Additions |
 |-----------|-------|----------|-------------------|
 | v2.0 | 10 (SM-2 unit) | SRS module only | supermemo@2.0.23, vitest@4.0.18 |
+| v2.1 | — | Auth flows (manual) | — |
+| v2.2 | — | Session limit (manual) | — |
 
 ### Top Lessons (Verified Across Milestones)
 
 1. Research-first planning pays off — prevents mid-milestone pivots (validated v1.1 through v2.0)
-2. Server-side computation for stateful operations avoids race conditions and simplifies client code (v2.0)
+2. Server-side computation for stateful operations avoids race conditions and simplifies client code (v2.0, v2.2)
 3. Small gap closure plans are more efficient than trying to get everything right in the first pass (v2.0)
+4. Small, focused milestones execute cleanly with near-zero overhead (v2.2)
+5. Reusing patterns across phases in the same milestone accelerates development (v2.2)

.planning/ROADMAP.md

@@ -11,7 +11,7 @@
 - ✅ **v1.7 GSD Versioning** — Phases 20-22 (shipped 2026-02-21)
 - ✅ **v2.0 Spaced Repetition** — Phases 23-26 (shipped 2026-02-26)
 - ✅ **v2.1 Email Auth** — Phases 27-31 (shipped 2026-03-02)
-- 🚧 **v2.2 Session Limits** — Phases 32-33 (in progress)
+- ✅ **v2.2 Session Limits** — Phases 32-33 (shipped 2026-03-05)
 
 ## Phases
 
@@ -118,47 +118,18 @@ Full details: `.planning/milestones/v2.1-ROADMAP.md`
 
 </details>
 
-### v2.2 Session Limits (In Progress)
-
-**Milestone Goal:** Rispettare il limite carte-per-sessione scelto dall'utente, con dashboard coerente e label "Auto" per il selettore.
-
-- [x] **Phase 32: RPC Session Limit Enforcement** - Backend RPC caps cards to chosen limit with overdue-first priority (completed 2026-03-04)
-- [x] **Phase 33: Dashboard Counter & Auto Label** - Dashboard reflects session-limited count and selector shows "Auto" (completed 2026-03-05)
-
-## Phase Details
-
-### Phase 32: RPC Session Limit Enforcement
-**Goal**: Study sessions deliver exactly the number of cards the user chose, prioritizing overdue cards
-**Depends on**: Nothing (first phase of v2.2)
-**Requirements**: SESS-01, SESS-02
-**Success Criteria** (what must be TRUE):
-  1. User who selects "20 cards" receives at most 20 cards in a study session, even if 50 are available
-  2. Overdue cards always appear before new cards within the capped session (oldest overdue first)
-  3. User with "Auto" selected receives all available cards (overdue + new) with no cap applied
-  4. When fewer cards exist than the chosen limit, all available cards are returned without error
-**Plans**: 1 plan
+<details>
+<summary>✅ v2.2 Session Limits (Phases 32-33) — SHIPPED 2026-03-05</summary>
 
-Plans:
-- [ ] 32-01-PLAN.md — Enforce session limit in RPC, rename CardsPerSession type, update hook
+- [x] Phase 32: RPC Session Limit Enforcement (1 plan) — completed 2026-03-04
+- [x] Phase 33: Dashboard Counter & Auto Label (1 plan) — completed 2026-03-05
 
-### Phase 33: Dashboard Counter & Auto Label
-**Goal**: Dashboard and session selector accurately reflect the session-limited experience
-**Depends on**: Phase 32
-**Requirements**: DASH-01, DASH-02, UI-01
-**Success Criteria** (what must be TRUE):
-  1. Dashboard counter shows the number of cards the user will actually study in their next session (respecting chosen limit), not the total backlog
-  2. User with "Auto" selected sees the full count of all available cards on the dashboard
-  3. Session size selector displays "Auto" instead of "Tutte" or the infinity symbol for the unlimited option
-**Plans**: 1 plan
+Full details: `.planning/milestones/v2.2-ROADMAP.md`
 
-Plans:
-- [ ] 33-01-PLAN.md — Session-aware dashboard counter, Auto label with sparkles icon
+</details>
 
 ## Progress
 
-**Execution Order:**
-Phases execute in numeric order: 32 -> 33
-
 | Phase | Milestone | Plans Complete | Status | Completed |
 |-------|-----------|----------------|--------|-----------|
 | 1-5. Foundation to Cleanup | v1.1 | 20/20 | Complete | 2026-02-08 |
@@ -170,9 +141,8 @@ Phases execute in numeric order: 32 -> 33
 | 20-22. GSD Versioning | v1.7 | 6/6 | Complete | 2026-02-21 |
 | 23-26. Spaced Repetition | v2.0 | 8/8 | Complete | 2026-02-26 |
 | 27-31. Email Auth | v2.1 | 10/10 | Complete | 2026-03-02 |
-| 32. RPC Session Limit Enforcement | 1/1 | Complete    | 2026-03-04 | - |
-| 33. Dashboard Counter & Auto Label | 1/1 | Complete    | 2026-03-05 | - |
+| 32-33. Session Limits | v2.2 | 2/2 | Complete | 2026-03-05 |
 
 ---
 *Roadmap created: 2026-01-29*
-*v2.2 roadmap added: 2026-03-04*
+*v2.2 shipped: 2026-03-05*

.planning/STATE.md

@@ -4,7 +4,7 @@ milestone: v2.2
 milestone_name: Session Limits
 status: completed
 stopped_at: Completed 33-01 dashboard counter auto label
-last_updated: "2026-03-05T09:19:33.676Z"
+last_updated: "2026-03-05T11:21:15.974Z"
 last_activity: 2026-03-05 — Completed 33-01 dashboard counter auto label
 progress:
   total_phases: 2
@@ -18,10 +18,10 @@ progress:
 
 ## Project Reference
 
-See: .planning/PROJECT.md (updated 2026-03-04)
+See: .planning/PROJECT.md (updated 2026-03-05)
 
 **Core value:** Gli utenti studiano concetti tramite quiz generati dall'AI -- il contenuto viene dai repository Git, le domande vengono generate e pre-cachate dal sistema.
-**Current focus:** v2.2 Session Limits — Phase 33 plan 01 complete (milestone complete)
+**Current focus:** v2.2 shipped — planning next milestone
 
 ## Current Position
 
@@ -35,9 +35,9 @@ Progress: [██████████] 100%
 ## Performance Metrics
 
 **Velocity:**
-- Total plans completed: 66 (across v1.1-v2.1)
-- Total milestones shipped: 9
-- Timeline: 33 days (2026-01-29 to 2026-03-02)
+- Total plans completed: 68 (across v1.1-v2.2)
+- Total milestones shipped: 10
+- Timeline: 35 days (2026-01-29 to 2026-03-05)
 
 | Phase | Plan | Duration | Tasks | Files |
 |-------|------|----------|-------|-------|
@@ -58,17 +58,15 @@ Progress: [██████████] 100%
 
 ### Decisions
 
-All decisions logged in PROJECT.md Key Decisions table (61 entries).
-- [Phase 32]: IF/ELSE in plpgsql for NULL vs non-NULL p_limit; p_limit DEFAULT NULL matches production unlimited behavior
-- [Phase 33]: LEAST(total, p_limit) for count capping in get_due_card_count; hardcoded 'Auto' label (universal across languages)
+All decisions logged in PROJECT.md Key Decisions table (66 entries).
 
 ### Pending Todos
 
 None.
 
 ### Blockers/Concerns
 
-None — v2.1 milestone audit passed with 16/16 requirements satisfied.
+None — v2.2 milestone audit passed with 5/5 requirements satisfied.
 
 ### Quick Tasks Completed
 

.planning/v2.2-MILESTONE-AUDIT.md …nning/milestones/v2.2-MILESTONE-AUDIT.md.planning/v2.2-MILESTONE-AUDIT.md renamed to .planning/milestones/v2.2-MILESTONE-AUDIT.md .planning/v2.2-MILESTONE-AUDIT.md renamed to .planning/milestones/v2.2-MILESTONE-AUDIT.md

@@ -1,3 +1,12 @@
+# Requirements Archive: v2.2 Session Limits
+
+**Archived:** 2026-03-05
+**Status:** SHIPPED
+
+For current requirements, see `.planning/REQUIREMENTS.md`.
+
+---
+
 # Requirements: Lumio
 
 **Defined:** 2026-03-04