# Implementation Mapping (Web -> Backend -> Runtime)

## Web Repo Responsibilities

1. Wallet-first UX and membership flow orchestration.
2. API contract and schema definitions.
3. Policy/legal/public messaging consistency.

## Backend Responsibilities

1. Intent/verify/quote/confirm/status endpoints.
2. Deterministic state transitions and persistence.
3. Chain verification and policy hash enforcement.
4. Member app channel endpoints for device registration and event polling.
5. Governance installer endpoints for signed package authorization and activation confirmation.
6. Marketplace catalog/checkout auth gates so production commerce is app-session scoped.
7. Org boundary claim resolution (`org_root_id` binding) for workspace-targeted paid actions.
8. Availability class transitions (`connected`/`sovereign`) and lease/capsule state resolution.
9. Principal role resolution (`org_root_owner` vs `workspace_member`) for admin/support gating.

## Runtime/Kernel Responsibilities

1. Membership and entitlement gates at activation points.
2. Fail-closed behavior for uncertain states.
3. Evidence receipt generation and retention.
4. Signed package verification and policy hash checks before governance activation.
5. Availability state machine enforcement (`ACTIVE -> GRACE -> CONTINUITY -> PARKED`).
6. Growth-action block enforcement during `CONTINUITY`.
7. Paid execution pause enforcement during `PARKED`.
8. Owner-only enforcement for admin health/config/update/support operations.

## Required Integration Contract

1. Backend API shape follows `docs/api/secret-system.openapi.yaml`.
2. Policy/offer/entitlement payloads validate against schemas.
3. Runtime consumes entitlement state and policy hash from backend evidence.
4. Paid action requests carry boundary claim inputs (`org_root_id`, `workspace_id`, `principal_id`).