ADR-0005: Exclude network stack from initial scope (No network)

Context

The roadmap prioritizes rapid iteration on a privacy-first, local-first experience. Including a network stack (APIs, auth, servers) increases scope, operational cost, and privacy surface area.

Decision

We will not include a network stack or remote services in the initial product. The app will not ship with remote synchronization, analytics pinging, or server-driven features unless covered by a future ADR.

Rationale

• Keeps MVP scope focused and reduces operational burden.
• Supports the local-first privacy stance from ADR-0002.
• Avoids introducing backend dependencies during early user testing.

Consequences

• Positive:

  • Lower operational overhead and fewer early security/privacy obligations.

• Downsides:

  • No built-in cross-device syncing, remote backup, or server-side feature toggles.

Follow-up work:

• If/when network features are required, create explicit ADR(s) covering API design, auth, opt-in UX, data minimization and encryption, and server responsibilities.

Alternatives Considered

• Add a minimal, opt-in sync service — deferred to a separate ADR to specify privacy, cost, and migration details.

Controlled Exceptions

Crash and ANR reporting via Firebase Crashlytics is permitted as a controlled exception (see ADR-0049). Crashlytics transmits only diagnostic metadata (stack traces, device info, app state) — no user-generated content. No other network calls are made by the app.