feat: add production hardening with Fastlane, Firebase Crashlytics, OpenTelemetry

- Add Next.js 16 proxy.ts with security headers and i18n routing
- Add OpenTelemetry instrumentation for web (GCP Cloud Trace)
- Add Firebase Crashlytics and Fastlane for mobile CI/CD
- Add structured logging and global exception handler for API
- Add better-auth session middleware for API
- Update mobile-ci.yml to use Fastlane with Firebase App Distribution
- Update README with mobile setup instructions

Author: gracefullight

.github/workflows/mobile-ci.yml

@@ -0,0 +1,181 @@
+name: Mobile CI
+
+on:
+  push:
+    branches: [main]
+    paths:
+      - "apps/mobile/**"
+      - ".github/workflows/mobile-ci.yml"
+  pull_request:
+    branches: [main]
+    paths:
+      - "apps/mobile/**"
+  workflow_dispatch:
+
+env:
+  FLUTTER_VERSION: "3.32.0"
+  RUBY_VERSION: "3.3"
+
+jobs:
+  analyze:
+    name: Analyze & Test
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: apps/mobile
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Flutter
+        uses: subosito/flutter-action@v2
+        with:
+          flutter-version: ${{ env.FLUTTER_VERSION }}
+          channel: stable
+          cache: true
+
+      - name: Install dependencies
+        run: flutter pub get
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ env.RUBY_VERSION }}
+          bundler-cache: true
+          working-directory: apps/mobile
+
+      - name: Run lint
+        run: bundle exec fastlane lint
+
+      - name: Run tests
+        run: bundle exec fastlane test
+
+      - name: Upload coverage
+        uses: codecov/codecov-action@v5
+        if: github.event_name == 'push'
+        with:
+          files: apps/mobile/coverage/lcov.info
+          flags: mobile
+          fail_ci_if_error: false
+
+  build-android:
+    name: Build Android
+    needs: analyze
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+    defaults:
+      run:
+        working-directory: apps/mobile
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Java
+        uses: actions/setup-java@v4
+        with:
+          distribution: "temurin"
+          java-version: "17"
+
+      - name: Set up Flutter
+        uses: subosito/flutter-action@v2
+        with:
+          flutter-version: ${{ env.FLUTTER_VERSION }}
+          channel: stable
+          cache: true
+
+      - name: Install dependencies
+        run: flutter pub get
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ env.RUBY_VERSION }}
+          bundler-cache: true
+          working-directory: apps/mobile
+
+      - name: Build Android APK
+        run: bundle exec fastlane android build
+
+      - name: Upload APK
+        uses: actions/upload-artifact@v4
+        with:
+          name: android-release
+          path: apps/mobile/build/app/outputs/flutter-apk/*.apk
+          retention-days: 7
+
+  build-ios:
+    name: Build iOS
+    needs: analyze
+    runs-on: macos-latest
+    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+    defaults:
+      run:
+        working-directory: apps/mobile
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Flutter
+        uses: subosito/flutter-action@v2
+        with:
+          flutter-version: ${{ env.FLUTTER_VERSION }}
+          channel: stable
+          cache: true
+
+      - name: Install dependencies
+        run: flutter pub get
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ env.RUBY_VERSION }}
+          bundler-cache: true
+          working-directory: apps/mobile
+
+      - name: Build iOS (no codesign)
+        run: bundle exec fastlane ios build
+
+      - name: Upload iOS build
+        uses: actions/upload-artifact@v4
+        with:
+          name: ios-release
+          path: apps/mobile/build/ios/iphoneos
+          retention-days: 7
+
+  deploy-firebase:
+    name: Deploy to Firebase
+    needs: [build-android, build-ios]
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+    environment: staging
+    defaults:
+      run:
+        working-directory: apps/mobile
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Download Android artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: android-release
+          path: apps/mobile/build/app/outputs/flutter-apk
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ env.RUBY_VERSION }}
+          bundler-cache: true
+          working-directory: apps/mobile
+
+      - name: Authenticate to Google Cloud
+        uses: google-github-actions/auth@v2
+        with:
+          credentials_json: ${{ secrets.FIREBASE_SERVICE_ACCOUNT_JSON }}
+
+      - name: Deploy to Firebase App Distribution
+        env:
+          FIREBASE_ANDROID_APP_ID: ${{ secrets.FIREBASE_ANDROID_APP_ID }}
+          FIREBASE_TESTERS_GROUP: ${{ vars.FIREBASE_TESTERS_GROUP }}
+        run: |
+          bundle exec fastlane android firebase

.serena/.gitignore

@@ -0,0 +1 @@
+/cache

README.ko.md

@@ -8,7 +8,7 @@
 
 - **모던 스택**: Next.js 16 + React 19, FastAPI, Flutter 3.32, TailwindCSS v4
 - **타입 안전성**: TypeScript, Pydantic, Dart 전체 타입 지원
-- **인증**: better-auth 기반 OAuth (Google, GitHub, Kakao)
+- **인증**: better-auth 기반 OAuth (Google, GitHub, Facebook)
 - **국제화**: next-intl (웹), Flutter ARB (모바일), 공용 i18n 패키지
 - **API 클라이언트 자동 생성**: Orval (웹), swagger_parser (모바일)
 - **인프라 as 코드**: Terraform + GCP (Cloud Run, Cloud SQL, Cloud Storage)
@@ -22,7 +22,7 @@
 |--------|------|
 | **프론트엔드** | Next.js 16, React 19, TailwindCSS v4, shadcn/ui, TanStack Query, Jotai |
 | **백엔드** | FastAPI, SQLAlchemy (async), PostgreSQL 16, Redis 7 |
-| **모바일** | Flutter 3.32, Riverpod 3, go_router 17 |
+| **모바일** | Flutter 3.32, Riverpod 3, go_router 17, Firebase Crashlytics, Fastlane |
 | **워커** | FastAPI + CloudTasks/PubSub |
 | **인프라** | Terraform, GCP (Cloud Run, Cloud SQL, Cloud Storage, CDN) |
 | **CI/CD** | GitHub Actions, Workload Identity Federation |
@@ -127,6 +127,7 @@ mise tasks --all
 | `mise test` | 모든 앱 테스트 |
 | `mise typecheck` | 타입 체크 |
 | `mise i18n:build` | 다국어 파일 빌드 |
+| `mise gen:api` | OpenAPI 스키마 및 API 클라이언트 생성 |
 
 ### 앱별 태스크
 
@@ -141,6 +142,7 @@ mise tasks --all
 | `mise //apps/api:format` | 코드 포맷 |
 | `mise //apps/api:migrate` | 마이그레이션 실행 |
 | `mise //apps/api:migrate:create` | 새 마이그레이션 생성 |
+| `mise //apps/api:gen:openapi` | OpenAPI 스키마 생성 |
 | `mise //apps/api:infra:up` | 로컬 인프라 시작 |
 | `mise //apps/api:infra:down` | 로컬 인프라 중지 |
 
@@ -169,6 +171,7 @@ mise tasks --all
 | `mise //apps/mobile:test` | 테스트 실행 |
 | `mise //apps/mobile:lint` | 분석기 실행 |
 | `mise //apps/mobile:gen:l10n` | 다국어 파일 생성 |
+| `mise //apps/mobile:gen:api` | API 클라이언트 생성 |
 
 </details>
 
@@ -251,6 +254,8 @@ cp apps/infra/terraform.tfvars.example apps/infra/terraform.tfvars
 | `GCP_REGION` | GCP 리전 (예: `asia-northeast3`) |
 | `WORKLOAD_IDENTITY_PROVIDER` | Terraform output에서 확인 |
 | `GCP_SERVICE_ACCOUNT` | Terraform output에서 확인 |
+| `FIREBASE_SERVICE_ACCOUNT_JSON` | Firebase 서비스 계정 JSON (모바일 배포용) |
+| `FIREBASE_ANDROID_APP_ID` | Firebase Android 앱 ID |
 
 ## 배포
 
@@ -260,6 +265,7 @@ cp apps/infra/terraform.tfvars.example apps/infra/terraform.tfvars
 - `apps/api/` 변경 → API 배포
 - `apps/web/` 변경 → Web 배포
 - `apps/worker/` 변경 → Worker 배포
+- `apps/mobile/` 변경 → Firebase App Distribution 빌드 및 배포
 
 ### 수동 배포
 
@@ -273,6 +279,43 @@ docker push gcr.io/PROJECT_ID/api
 gcloud run deploy api --image gcr.io/PROJECT_ID/api --region REGION
 ```
 
+## 모바일 설정
+
+### Firebase 설정
+
+1. FlutterFire CLI 설치:
+
+```bash
+dart pub global activate flutterfire_cli
+```
+
+2. Firebase 설정:
+
+```bash
+cd apps/mobile
+flutterfire configure
+```
+
+이 명령어로 `lib/firebase_options.dart`가 생성됩니다.
+
+### Fastlane
+
+모바일 앱은 Fastlane을 사용하여 빌드 자동화 및 배포를 수행합니다.
+
+```bash
+cd apps/mobile
+
+# Ruby 의존성 설치
+bundle install
+
+# 사용 가능한 레인
+bundle exec fastlane android build       # APK 빌드
+bundle exec fastlane android firebase    # Firebase App Distribution 배포
+bundle exec fastlane android internal    # Play Store 배포 (internal)
+bundle exec fastlane ios build           # iOS 빌드 (서명 없음)
+bundle exec fastlane ios testflight_deploy  # TestFlight 배포
+```
+
 ## AI 에이전트 지원
 
 이 템플릿은 AI 코딩 에이전트(Gemini, Claude 등)와 함께 사용하도록 설계되었습니다.

README.md

@@ -8,7 +8,7 @@ Production-ready fullstack monorepo template with Next.js 16, FastAPI, Flutter,
 
 - **Modern Stack**: Next.js 16 + React 19, FastAPI, Flutter 3.32, TailwindCSS v4
 - **Type Safety**: Full type support with TypeScript, Pydantic, and Dart
-- **Authentication**: OAuth with better-auth (Google, GitHub, Kakao)
+- **Authentication**: OAuth with better-auth (Google, GitHub, Facebook)
 - **Internationalization**: next-intl (web), Flutter ARB (mobile), shared i18n package
 - **Auto-generated API Clients**: Orval (web), swagger_parser (mobile)
 - **Infrastructure as Code**: Terraform + GCP (Cloud Run, Cloud SQL, Cloud Storage)
@@ -22,7 +22,7 @@ Production-ready fullstack monorepo template with Next.js 16, FastAPI, Flutter,
 |-------|------------|
 | **Frontend** | Next.js 16, React 19, TailwindCSS v4, shadcn/ui, TanStack Query, Jotai |
 | **Backend** | FastAPI, SQLAlchemy (async), PostgreSQL 16, Redis 7 |
-| **Mobile** | Flutter 3.32, Riverpod 3, go_router 17 |
+| **Mobile** | Flutter 3.32, Riverpod 3, go_router 17, Firebase Crashlytics, Fastlane |
 | **Worker** | FastAPI + CloudTasks/PubSub |
 | **Infrastructure** | Terraform, GCP (Cloud Run, Cloud SQL, Cloud Storage, CDN) |
 | **CI/CD** | GitHub Actions, Workload Identity Federation |
@@ -127,6 +127,7 @@ mise tasks --all
 | `mise test` | Test all apps |
 | `mise typecheck` | Type check |
 | `mise i18n:build` | Build i18n files |
+| `mise gen:api` | Generate OpenAPI schema and API clients |
 
 ### App-specific Tasks
 
@@ -141,6 +142,7 @@ mise tasks --all
 | `mise //apps/api:format` | Format code |
 | `mise //apps/api:migrate` | Run migrations |
 | `mise //apps/api:migrate:create` | Create new migration |
+| `mise //apps/api:gen:openapi` | Generate OpenAPI schema |
 | `mise //apps/api:infra:up` | Start local infrastructure |
 | `mise //apps/api:infra:down` | Stop local infrastructure |
 
@@ -169,6 +171,7 @@ mise tasks --all
 | `mise //apps/mobile:test` | Run tests |
 | `mise //apps/mobile:lint` | Run analyzer |
 | `mise //apps/mobile:gen:l10n` | Generate localizations |
+| `mise //apps/mobile:gen:api` | Generate API client |
 
 </details>
 
@@ -251,6 +254,8 @@ Set these secrets in your repository:
 | `GCP_REGION` | GCP region (e.g., `asia-northeast3`) |
 | `WORKLOAD_IDENTITY_PROVIDER` | From Terraform output |
 | `GCP_SERVICE_ACCOUNT` | From Terraform output |
+| `FIREBASE_SERVICE_ACCOUNT_JSON` | Firebase service account JSON (for mobile deployment) |
+| `FIREBASE_ANDROID_APP_ID` | Firebase Android app ID |
 
 ## Deployment
 
@@ -260,6 +265,7 @@ Push to `main` branch triggers automatic deployment:
 - `apps/api/` changes → Deploy API
 - `apps/web/` changes → Deploy Web
 - `apps/worker/` changes → Deploy Worker
+- `apps/mobile/` changes → Build & Deploy to Firebase App Distribution
 
 ### Manual Deployment
 
@@ -273,6 +279,43 @@ docker push gcr.io/PROJECT_ID/api
 gcloud run deploy api --image gcr.io/PROJECT_ID/api --region REGION
 ```
 
+## Mobile Setup
+
+### Firebase Configuration
+
+1. Install FlutterFire CLI:
+
+```bash
+dart pub global activate flutterfire_cli
+```
+
+2. Configure Firebase for your project:
+
+```bash
+cd apps/mobile
+flutterfire configure
+```
+
+This generates `lib/firebase_options.dart` with your Firebase configuration.
+
+### Fastlane
+
+The mobile app uses Fastlane for build automation and deployment.
+
+```bash
+cd apps/mobile
+
+# Install Ruby dependencies
+bundle install
+
+# Available lanes
+bundle exec fastlane android build       # Build APK
+bundle exec fastlane android firebase    # Deploy to Firebase App Distribution
+bundle exec fastlane android internal    # Deploy to Play Store (internal)
+bundle exec fastlane ios build           # Build iOS (no codesign)
+bundle exec fastlane ios testflight_deploy  # Deploy to TestFlight
+```
+
 ## AI Agent Support
 
 This template is designed to work with AI coding agents (Gemini, Claude, etc.).