web/docs/failure-state-matrix.md

# Membership Flow Failure-State Matrix (v1)

This matrix defines deterministic fail-closed behavior and user-facing outcomes.

| Stage | Failure | Detection Source | System Action | User Surface |
|---|---|---|---|---|
| Intent | Rate limit | API guard | Block intent issuance | "Too many requests. Try again later." |
| Intent | Invalid origin | API allowlist | Reject request | "Request origin not allowed." |
| Verify | Intent expired | TTL check | Reject verify | "Intent expired. Start again." |
| Verify | Signature mismatch | Signature recovery | Reject verify + audit entry | "Signature could not be verified." |
| Quote | Signature not verified | State check | Deny quote | "Verify wallet signature first." |
| Quote | Quote expired | TTL check | Deny confirm | "Quote expired. Request a new quote." |
| Mint | Wallet reject tx | Wallet provider | No state change | "Membership mint was not approved." |
| Confirm | Wrong chain | Chain check | Reject confirm | "Transaction is on an unsupported chain." |
| Confirm | Amount mismatch | Quote/tx comparator | Reject confirm | "Transaction does not match quote." |
| Confirm | Recipient mismatch | Quote/tx comparator | Reject confirm | "Destination contract mismatch." |
| Confirm | Node unavailable | RPC health | Fail closed | "Unable to confirm transaction. Purchase stays blocked." |
| Notify | Invalid email | Input validation | Reject notify | "Invalid email format." |
| Checkout | No membership | Gate check | Block purchase | "Membership required." |
| Checkout | Membership suspended/revoked | Gate check | Block purchase | "Membership inactive. Contact support." |
| Activation | Entitlement not active | Gate check | Block runtime | "License inactive. Activation blocked." |

## Invariants

1. Unknown state defaults to blocked.
2. No failed transition may promote membership or entitlement state.
3. Every reject path produces structured audit evidence.