31 lines
2.3 KiB
Markdown
31 lines
2.3 KiB
Markdown
# Membership Flow Failure-State Matrix (v1)
|
|
|
|
This matrix defines deterministic fail-closed behavior and user-facing outcomes.
|
|
|
|
| Stage | Failure | Detection Source | System Action | User Surface |
|
|
|---|---|---|---|---|
|
|
| Intent | Rate limit | API guard | Block intent issuance | "Too many requests. Try again later." |
|
|
| Intent | Invalid origin | API allowlist | Reject request | "Request origin not allowed." |
|
|
| Verify | Intent expired | TTL check | Reject verify | "Intent expired. Start again." |
|
|
| Verify | Signature mismatch | Signature recovery | Reject verify + audit entry | "Signature could not be verified." |
|
|
| Quote | Signature not verified | State check | Deny quote | "Verify wallet signature first." |
|
|
| Quote | Distinct payer without ownership proof | Proof validator | Deny quote | "Ownership authorization is required." |
|
|
| Quote | Quote expired | TTL check | Deny confirm | "Quote expired. Request a new quote." |
|
|
| Mint | Wallet reject tx | Wallet provider | No state change | "Membership mint was not approved." |
|
|
| Confirm | Wrong chain | Chain check | Reject confirm | "Transaction is on an unsupported chain." |
|
|
| Confirm | Amount mismatch | Quote/tx comparator | Reject confirm | "Transaction does not match quote." |
|
|
| Confirm | Recipient mismatch | Quote/tx comparator | Reject confirm | "Destination contract mismatch." |
|
|
| Confirm | Node unavailable | RPC health | Fail closed | "Unable to confirm transaction. Purchase stays blocked." |
|
|
| Checkout | No membership | Gate check | Block purchase | "Membership required." |
|
|
| Checkout | Membership suspended/revoked | Gate check | Block purchase | "Membership inactive. Contact support." |
|
|
| Governance Install | Install token expired | TTL check | Block install | "Install token expired. Request a new install token." |
|
|
| Governance Install | Package hash mismatch | Package verifier | Block activation | "Package verification failed." |
|
|
| Governance Install | Policy hash mismatch | Runtime verifier | Block activation | "Policy mismatch. Install blocked." |
|
|
| Activation | Entitlement not active | Gate check | Block runtime | "License inactive. Activation blocked." |
|
|
|
|
## Invariants
|
|
|
|
1. Unknown state defaults to blocked.
|
|
2. No failed transition may promote membership or entitlement state.
|
|
3. Every reject path produces structured audit evidence.
|