web/docs/conformance/membership-gating-vectors.md

EDUT Membership and Entitlement Gating Conformance Vectors (v1)

This document defines deterministic pass/fail vectors for membership-gated commerce.

Vector Group A: Wallet Intent and Signature

1. A1 intent_success

• Given valid wallet address, origin, and chain
• When POST /secret/wallet/intent is called
• Then status is pending_signature and nonce+deadline are returned

2. A2 intent_replay_blocked

• Given an already consumed intent_id
• When verify is called again
• Then request is rejected and state does not regress

3. A3 signature_address_mismatch

• Given signature recovered to wallet X and request address wallet Y
• When verify executes
• Then state becomes rejected and no membership quote is issued

4. A4 intent_expired

• Given intent past deadline
• When verify executes
• Then result is intent_expired

Vector Group B: Membership Mint Activation

1. B1 quote_requires_verified_signature

• Given designation not in signature_verified
• When quote is requested
• Then quote is denied

2. B2 quote_expired

• Given quote past deadline
• When confirm is called
• Then membership remains inactive

3. B3 confirm_tx_success

• Given valid tx hash with expected currency/amount/recipient
• When confirm executes
• Then state transitions to membership_active

4. B4 confirm_tx_wrong_amount

• Given tx amount does not match quote
• When confirm executes
• Then state remains pending_membership_mint

5. B5 confirm_tx_wrong_recipient

• Given tx recipient is not membership contract
• When confirm executes
• Then state remains pending_membership_mint

6. B6 confirm_wrong_chain

• Given tx on disallowed chain
• When confirm executes
• Then request fails closed

7. B7 confirm_tx_hash_replay_blocked

• Given tx hash H already used to confirm membership for designation A
• When designation B tries to confirm with the same tx hash H
• Then request is denied with replay error and designation B remains unactivated

Vector Group C: Checkout Membership Gate

1. C1 checkout_block_no_membership

• Given wallet with no active membership
• When checkout quote is requested
• Then checkout is denied

2. C2 checkout_allow_active_membership

• Given wallet with active membership
• When checkout quote is requested
• Then quote is returned

3. C3 checkout_block_suspended_membership

• Given suspended membership
• When checkout is requested
• Then checkout is denied

4. C4 checkout_block_revoked_membership

• Given revoked membership
• When checkout is requested
• Then checkout is denied

5. C5 checkout_confirm_tx_hash_replay_blocked

• Given tx hash H already used to confirm checkout quote Q1
• When a different checkout quote Q2 is confirmed with tx hash H
• Then request is denied with replay error and no entitlement is minted for Q2

Vector Group D: Entitlement Activation Gate

1. D1 activation_allow_active_entitlement

• Given entitlement state ACTIVE
• When runtime activation is requested
• Then activation succeeds

2. D2 activation_block_suspended

• Given entitlement state SUSPENDED
• When runtime activation is requested
• Then activation fails closed

3. D3 activation_block_revoked

• Given entitlement state REVOKED
• When runtime activation is requested
• Then activation fails closed

4. D4 activation_block_expired

• Given entitlement state EXPIRED
• When runtime activation is requested
• Then activation fails closed

Vector Group F: Ownership Wallet vs Payment Wallet

1. F1 quote_allow_distinct_payer_with_proof

• Given ownership wallet A, payer wallet B, and valid ownership proof
• When checkout quote is requested
• Then quote is issued for ownership wallet A and records payer wallet B

2. F2 quote_block_distinct_payer_without_proof

• Given ownership wallet A and payer wallet B without ownership proof
• When checkout quote is requested
• Then quote is denied

Vector Group G: Bundled First Checkout Transparency

1. G1 quote_bundle_membership_when_missing

• Given active ownership wallet without membership and include_membership_if_missing=true
• When governance checkout quote is requested
• Then quote includes membership line item and membership_activation_included=true

2. G2 quote_excludes_membership_when_active

• Given wallet with active membership
• When governance checkout quote is requested
• Then quote excludes membership line item and membership_activation_included=false

3. G3 quote_total_matches_line_items

• Given any quote response with line items
• Then total_amount_atomic equals sum of line item amount_atomic values (excluding network_estimate)

Vector Group E: Evidence Integrity

1. E1 receipt_fields_complete

• Every successful membership and purchase receipt contains:
  • wallet
  • membership status snapshot
  • offer_id
  • policy_hash
  • quote_id
  • tx_hash
  • chain_id
  • entitlement_id (for purchase)

2. E2 receipt_hash_stable

• Given identical input payload
• Receipt hash must be identical across replays

3. E3 audit_non_regression

• Once state reaches membership_active, audit log cannot be removed or mutated without append-only evidence entry

Vector Group H: Boundary and Availability Gate Hooks

1. H1 checkout_block_boundary_mismatch

• Given ownership wallet is bound to org_root_id=ORG_A
• And checkout target workspace is bound to ORG_B
• When quote is requested without valid ORG_B entitlement
• Then checkout is denied

2. H2 checkout_block_availability_parked

• Given membership is active
• And suite availability state for principal/workspace is PARKED
• When checkout confirm or paid activation is requested
• Then request is denied

3. H3 continuity_blocks_growth_actions

• Given availability state is CONTINUITY
• When action requests new workspace member, workspace creation, new tool install, or worker spawn
• Then request is denied with continuity policy reason

Pass Criteria

A build is conformant only when all vectors pass.

Fail-Closed Rule

Any uncertainty in chain confirmation, quote validity, policy hash, or state sync must block activation/purchase by default.