Settings Screen UI/UX Design
The Settings screen in FEN is the central hub for managing the user's cryptographic identity, storage backends, and local data footprint. Because FEN is local-first and heavily relies on cryptography, the settings must be intuitive while exposing powerful underlying controls.
1. Identity & Security (Top Section)
This section manages the Ed25519 keypair that defines the user.
- Current Identity Card:
- Displays a visual avatar (e.g., identicon generated from pubkey) and the user's display name.
- Shows a shortened version of the Public Key.
- Backup & Recovery:
- iCloud / Local Storage Backup (v1 Default): Toggle to automatically back up the encrypted identity. Restoring from iCloud is the primary method for transferring identities between devices.
- Recovery Phrase: Button to reveal the 12-word BIP-39 mnemonic (requires biometric authentication).
- Transfer via QR Code (v2): Generates a QR code of the encrypted keypair so another device can scan and import it. (Deferred to v2).
- App Security:
- Biometric Unlock: Toggle to require FaceID / Fingerprint to open the app.
2. Storage Configuration
This section controls the owner's validated self-hosted backend. There is no developer-hosted Managed tier and no Provisioner URL. A clean install must collect this before the owner can create a syncable group.
- Backend chooser:
- Segmented control with S3-compatible and Nextcloud.
- The same chooser appears during onboarding and in Settings for later changes.
- S3-compatible form:
- Fields: endpoint, region, bucket, access key ID, secret access key.
Test connectionconstructs the S3 storage adapter and runsprobe().
- Nextcloud form:
- Fields: base URL, username, app password.
Test connectionchecks owner WebDAV access and OCS capabilities needed for in-app provisioning: public-link sharing and public upload. Group creation later uses the owner app password throughNextcloudProvisionerto create the per-group folder and public share.
- Validation result:
- A backend is saved as active only after
probe()reportsBackendCaps.usable. - Failed tests show the failed capability (
list,write,delete, orconditional write) or the backend error message. - Owner credentials are stored only through the Keychain-backed secure storage path. Drift stores only non-secret active-backend metadata such as S3 endpoint/region/bucket or Nextcloud base URL plus the validation timestamp.
- A backend is saved as active only after
- Create group gate:
Create Groupis disabled until a validated active backend exists and its owner credentials are available from Keychain.- Once configured, group creation calls the configured
GroupProvisioner: S3 reuses the owner bucket/prefix descriptor; Nextcloud creates the group folder and password-protected public link in-app.
3. Notifications (v2 — hidden in v1)
Manages how the app alerts the user to new expenses and group events. v1 ships no push notifications (sync is poll-based, fen.md §2.9), so this section is hidden until the v2 opt-in silent-push tier exists.
- Global Notifications Toggle: Enable or disable push notifications entirely.
- Notification Types: Toggles for "New Expenses", "Settlements", and "Group Invites".
4. Data & Storage Management
This section gives the user visibility into their local storage footprint and Cold Archives.
- Local Storage Usage:
- Visual breakdown: Active Groups Cache vs. Cold Archives vs. Media/Receipts.
- Cold Archives Management:
- A list of all locally archived groups.
- Tapping a group allows the user to export the archive (zip) or permanently delete it from the device.
- Clear Cache: Button to wipe the local cache of active groups (forces a re-download from S3 on next open).
5. General Preferences
- Theme: System / Light / Dark.
- Default Currency: Sets the default currency when creating a new group.
- Developer / Debug Mode (Visible by default in v1):
- Shows detailed sync logs, raw S3 connection status, backend latency, and manual force-sync buttons.