web/docs/roadmap-status.md

# EDUT Membership Roadmap Status

Status key:

- `DONE`: committed in this repo
- `IN_PROGRESS`: partially implemented
- `PENDING`: specified but not yet built in this repo

## Core Steps

1. Lock core model (`membership required`, `membership != license`): `DONE`
2. Freeze token taxonomy: `DONE`
3. Finalize membership contract interface targets: `DONE`
4. Lock signature + intent protocol: `DONE`
5. Add membership mint transaction stage in web flow: `DONE` (frontend + backend deployed; full e2e confirm blocked only by test wallet balance below mint value)
6. Implement membership gate in marketplace checkout: `IN_PROGRESS` (store scaffold + gate logic implemented; live API pending)
7. Ship offer registry schema: `DONE`
8. Ship entitlement purchase schema/pipeline contracts: `IN_PROGRESS`
9. Bind entitlements to runtime activation: `PENDING`
10. Add issuer layer interfaces and manifest schema: `DONE`
11. Harden policy/legal surfaces for utility-access framing: `DONE`
12. Add conformance vectors for fail-closed gating: `DONE`
13. Freeze org-boundary + availability class model (`connected`/`sovereign`): `DONE`
14. Freeze owner-gated admin/support plane (`org_root_owner` vs `workspace_member`): `DONE`

## This Repo Specifically (web)

Implemented now:

1. Wallet-first landing flow with intent + signature + membership tx hooks.
2. Post-mint app delivery step (`download your platform`) for immediate member value.
3. Membership-gated architecture spec.
4. Step-based roadmap without timelines.
5. Frozen v1 schemas and examples.
6. Interface target document for contracts/APIs.
7. Pricing policy with USD 5 floor rule.
8. Terms utility-only non-investment clause.
9. Store page upgraded from static to live-state scaffold with membership gate behavior.
10. OpenAPI contract + request/response examples for secret-system endpoints.
11. Conformance vectors + failure matrix + release gate + security checklist.
12. Deployment templates + invariants + chain operations runbook.
13. Issuer onboarding pack, migration policy, trust page spec, and integration mapping docs.
14. Public `/trust` page scaffold aligned with trust-page spec.
15. Dedicated marketplace OpenAPI contract and examples.
16. Member app channel contract, examples, backend handoff checklist, and conformance vectors.
17. Download endpoints now validate wallet membership status before authorizing channel messaging.
18. Governance install API contract, examples, backend handoff checklist, and conformance vectors.
19. Repo boundary blueprint and free launcher specification aligned with first paid governance model.
20. Store UI now supports distinct payer wallet overrides with ownership-proof signing before quote requests.
21. Public web store preview is noindex and disabled by default unless explicit internal preview mode is enabled.
22. Catalog distribution and public-surface deployment guardrails are documented for launcher-only commerce.
23. Split repos (`launcher`, `governance`, `contracts`) are published to Gitea with seed commits and runbook alignment.
24. Boundary and availability model documented with deterministic state machine and conformance vectors.
25. Owner-gated admin/support model documented in API contracts, terms, and conformance vectors.
26. Local backend implementation (`web/backend/secretapi`) now serves membership endpoints, governance install/lease endpoints, sponsor-aware payer flow, and deterministic integration tests.
27. Local backend member app channel endpoints now serve deterministic register/unregister, poll, idempotent ack, and owner-only support ticket flows with sqlite-backed event/audit state.
28. Membership confirm now supports strict fail-closed mode (`SECRET_API_REQUIRE_ONCHAIN_TX_VERIFICATION`) that requires chain receipt verification when enabled.
29. `secretapi` now validates critical config at startup and fails fast on invalid deploy combinations.
30. `secretapi` now ships an explicit `.env.example` deployment template aligned to current endpoint/runtime requirements.
31. Marketplace checkout confirm now validates on-chain tx sender/receipt and supports strict fail-closed verification mode.
32. Wallet session issuance and validation are implemented (`session_token` from `/secret/wallet/verify`) with optional fail-closed enforcement via `SECRET_API_REQUIRE_WALLET_SESSION`.
33. Marketplace/member/governance OpenAPI contracts now declare wallet-session usage for launcher/app-channel calls.
34. Offer catalogs and marketplace responses now carry execution pacing profiles (`governed_human_pace` vs `local_hardware_speed`) for connector/runtime policy alignment.

Remaining in this repo:

1. Wire live store checkout flow to production marketplace APIs when available.
2. Replace deployment templates with real contract addresses after chain deployment.
3. Add launcher/governance install UI that consumes governance installer APIs.

Cross-repo dependencies (kernel/backend/contracts):

1. Implement `/secret/membership/quote` and `/secret/membership/confirm`: `IN_PROGRESS` (live deployment active; strict chain verification enabled; full confirm proof pending additional Sepolia wallet funding).
2. Implement membership contract and membership status reads: `IN_PROGRESS` (contract deployed on Base Sepolia; mainnet deployment pending).
3. Implement checkout APIs and entitlement mint pipeline.
4. Implement runtime entitlement gate and evidence receipts.
5. Implement member app channel APIs and deterministic event stream storage: `IN_PROGRESS` (live deployment active with sqlite-backed deterministic event store).
6. Implement governance install token/confirm/status APIs and signed package delivery: `IN_PROGRESS` (local implementation in `web/backend/secretapi`; package signing/deploy wiring pending).
7. Implement org-root boundary claims and access class state transitions in runtime/API responses: `IN_PROGRESS` (principal/access-class scaffolding implemented locally; full runtime integration pending).