edut/web
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Add backend handoff checklist for membership activation flow

Browse Source
This commit is contained in:
Joshua 2026-02-17 11:50:45 -08:00
parent 5afe5c8e01
commit a0a8274721
2 changed files with 120 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -41,6 +41,8 @@ docs/
contract-addresses.template.json contract-addresses.template.json
api/ api/
secret-system.openapi.yaml secret-system.openapi.yaml
handoff/
membership-backend-checklist.md
schemas/ schemas/
offer.v1.schema.json offer.v1.schema.json
entitlement.v1.schema.json entitlement.v1.schema.json

118
docs/handoff/membership-backend-checklist.md Normal file
View File

@ -0,0 +1,118 @@
# Backend Handoff Checklist: Membership Activation Flow
This checklist maps current web behavior to required backend implementation.
## Required Endpoints
1. `POST /secret/wallet/intent`
2. `POST /secret/wallet/verify`
3. `POST /secret/membership/quote`
4. `POST /secret/membership/confirm`
5. `POST /secret/notify`
## Web Behavior Dependency
The landing page currently executes these actions in order:
1. Connect wallet (`eth_requestAccounts`).
2. Get signature intent.
3. Sign typed data (`eth_signTypedData_v4`).
4. Verify signature.
5. Request membership quote.
6. Send wallet transaction (`eth_sendTransaction`) using returned tx params.
7. Confirm membership by tx hash.
8. Show acknowledged state and optional notify form.
If any endpoint is missing, flow fails closed and shows status error.
## Response Requirements
## Intent
Must return:
1. `intent_id`
2. `designation_code`
3. `display_token`
4. `nonce`
5. `issued_at`
6. `expires_at`
7. `chain_id`
## Verify
Must return:
1. `status = signature_verified`
2. `designation_code`
3. `display_token`
## Membership Quote
Must return:
1. `quote_id`
2. `chain_id`
3. `currency`
4. `amount` or `amount_atomic + decimals`
5. `deadline`
6. tx execution fields:
- either `tx` object for wallet send
- or `contract_address` + `calldata` + `value`
## Membership Confirm
Must return:
1. `status = membership_active`
2. `designation_code`
3. `display_token`
4. `tx_hash`
## Notify
Must accept:
1. `email`
2. `designation_code`
3. `designation_token`
4. `wallet`
5. `locale`
## Security Requirements
1. Replay-safe intent nonce and quote nonce.
2. Intent and quote TTL enforcement.
3. Chain allowlist checks.
4. Origin allowlist checks.
5. Tx amount/currency/recipient exact-match checks.
6. Idempotent confirm path for repeated tx_hash submissions.
## Data Persistence Requirements
Persist at minimum:
1. designation code and auth token
2. wallet and chain id
3. intent fields and verification time
4. quote fields and expiry
5. membership tx hash and activation timestamp
6. notification email link metadata
## Observability Requirements
1. Correlation id per flow (`intent_id` preferred).
2. Structured logs for each transition.
3. Metrics counters for:
- intent requests
- verify success/fail
- quote success/fail
- confirm success/fail
- notify success/fail
## Done Criteria
1. Web flow reaches acknowledged state on successful membership tx.
2. Membership inactive wallets cannot complete flow.
3. Confirm endpoint is idempotent and deterministic.
4. API matches `docs/api/secret-system.openapi.yaml`.