38 lines
1.8 KiB
Markdown
38 lines
1.8 KiB
Markdown
# Implementation Mapping (Web -> Backend -> Runtime)
|
|
|
|
## Web Repo Responsibilities
|
|
|
|
1. Wallet-first UX and membership flow orchestration.
|
|
2. API contract and schema definitions.
|
|
3. Policy/legal/public messaging consistency.
|
|
|
|
## Backend Responsibilities
|
|
|
|
1. Intent/verify/quote/confirm/status endpoints.
|
|
2. Deterministic state transitions and persistence.
|
|
3. Chain verification and policy hash enforcement.
|
|
4. Member app channel endpoints for device registration and event polling.
|
|
5. Governance installer endpoints for signed package authorization and activation confirmation.
|
|
6. Marketplace catalog/checkout auth gates so production commerce is app-session scoped.
|
|
7. Org boundary claim resolution (`org_root_id` binding) for workspace-targeted paid actions.
|
|
8. Availability class transitions (`connected`/`sovereign`) and lease/capsule state resolution.
|
|
9. Principal role resolution (`org_root_owner` vs `workspace_member`) for admin/support gating.
|
|
|
|
## Runtime/Kernel Responsibilities
|
|
|
|
1. Membership and entitlement gates at activation points.
|
|
2. Fail-closed behavior for uncertain states.
|
|
3. Evidence receipt generation and retention.
|
|
4. Signed package verification and policy hash checks before governance activation.
|
|
5. Availability state machine enforcement (`ACTIVE -> GRACE -> CONTINUITY -> PARKED`).
|
|
6. Growth-action block enforcement during `CONTINUITY`.
|
|
7. Paid execution pause enforcement during `PARKED`.
|
|
8. Owner-only enforcement for admin health/config/update/support operations.
|
|
|
|
## Required Integration Contract
|
|
|
|
1. Backend API shape follows `docs/api/secret-system.openapi.yaml`.
|
|
2. Policy/offer/entitlement payloads validate against schemas.
|
|
3. Runtime consumes entitlement state and policy hash from backend evidence.
|
|
4. Paid action requests carry boundary claim inputs (`org_root_id`, `workspace_id`, `principal_id`).
|