2.3 KiB
2.3 KiB
Membership Flow Failure-State Matrix (v1)
This matrix defines deterministic fail-closed behavior and user-facing outcomes.
| Stage | Failure | Detection Source | System Action | User Surface |
|---|---|---|---|---|
| Intent | Rate limit | API guard | Block intent issuance | "Too many requests. Try again later." |
| Intent | Invalid origin | API allowlist | Reject request | "Request origin not allowed." |
| Verify | Intent expired | TTL check | Reject verify | "Intent expired. Start again." |
| Verify | Signature mismatch | Signature recovery | Reject verify + audit entry | "Signature could not be verified." |
| Quote | Signature not verified | State check | Deny quote | "Verify wallet signature first." |
| Quote | Distinct payer without ownership proof | Proof validator | Deny quote | "Ownership authorization is required." |
| Quote | Quote expired | TTL check | Deny confirm | "Quote expired. Request a new quote." |
| Mint | Wallet reject tx | Wallet provider | No state change | "Membership mint was not approved." |
| Confirm | Wrong chain | Chain check | Reject confirm | "Transaction is on an unsupported chain." |
| Confirm | Amount mismatch | Quote/tx comparator | Reject confirm | "Transaction does not match quote." |
| Confirm | Recipient mismatch | Quote/tx comparator | Reject confirm | "Destination contract mismatch." |
| Confirm | Node unavailable | RPC health | Fail closed | "Unable to confirm transaction. Purchase stays blocked." |
| Checkout | No membership | Gate check | Block purchase | "Membership required." |
| Checkout | Membership suspended/revoked | Gate check | Block purchase | "Membership inactive. Contact support." |
| Governance Install | Install token expired | TTL check | Block install | "Install token expired. Request a new install token." |
| Governance Install | Package hash mismatch | Package verifier | Block activation | "Package verification failed." |
| Governance Install | Policy hash mismatch | Runtime verifier | Block activation | "Policy mismatch. Install blocked." |
| Activation | Entitlement not active | Gate check | Block runtime | "License inactive. Activation blocked." |
Invariants
- Unknown state defaults to blocked.
- No failed transition may promote membership or entitlement state.
- Every reject path produces structured audit evidence.