edut/web
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
c616ea9e8f
web/docs/conformance/membership-gating-vectors.md

177 lines
5.5 KiB
Markdown
Raw Blame History

# EDUT Membership and Entitlement Gating Conformance Vectors (v1)
This document defines deterministic pass/fail vectors for membership-gated commerce.
## Vector Group A: Wallet Intent and Signature
1. A1 `intent_success`
- Given valid wallet address, origin, and chain
- When `POST /secret/wallet/intent` is called
- Then status is `pending_signature` and nonce+deadline are returned
2. A2 `intent_replay_blocked`
- Given an already consumed `intent_id`
- When verify is called again
- Then request is rejected and state does not regress
3. A3 `signature_address_mismatch`
- Given signature recovered to wallet X and request address wallet Y
- When verify executes
- Then state becomes `rejected` and no membership quote is issued
4. A4 `intent_expired`
- Given intent past deadline
- When verify executes
- Then result is `intent_expired`
## Vector Group B: Membership Mint Activation
1. B1 `quote_requires_verified_signature`
- Given designation not in `signature_verified`
- When quote is requested
- Then quote is denied
2. B2 `quote_expired`
- Given quote past deadline
- When confirm is called
- Then membership remains inactive
3. B3 `confirm_tx_success`
- Given valid tx hash with expected currency/amount/recipient
- When confirm executes
- Then state transitions to `membership_active`
4. B4 `confirm_tx_wrong_amount`
- Given tx amount does not match quote
- When confirm executes
- Then state remains `pending_membership_mint`
5. B5 `confirm_tx_wrong_recipient`
- Given tx recipient is not membership contract
- When confirm executes
- Then state remains `pending_membership_mint`
6. B6 `confirm_wrong_chain`
- Given tx on disallowed chain
- When confirm executes
- Then request fails closed
## Vector Group C: Checkout Membership Gate
1. C1 `checkout_block_no_membership`
- Given wallet with no active membership
- When checkout quote is requested
- Then checkout is denied
2. C2 `checkout_allow_active_membership`
- Given wallet with active membership
- When checkout quote is requested
- Then quote is returned
3. C3 `checkout_block_suspended_membership`
- Given suspended membership
- When checkout is requested
- Then checkout is denied
4. C4 `checkout_block_revoked_membership`
- Given revoked membership
- When checkout is requested
- Then checkout is denied
## Vector Group D: Entitlement Activation Gate
1. D1 `activation_allow_active_entitlement`
- Given entitlement state `ACTIVE`
- When runtime activation is requested
- Then activation succeeds
2. D2 `activation_block_suspended`
- Given entitlement state `SUSPENDED`
- When runtime activation is requested
- Then activation fails closed
3. D3 `activation_block_revoked`
- Given entitlement state `REVOKED`
- When runtime activation is requested
- Then activation fails closed
4. D4 `activation_block_expired`
- Given entitlement state `EXPIRED`
- When runtime activation is requested
- Then activation fails closed
## Vector Group F: Ownership Wallet vs Payment Wallet
1. F1 `quote_allow_distinct_payer_with_proof`
- Given ownership wallet A, payer wallet B, and valid ownership proof
- When checkout quote is requested
- Then quote is issued for ownership wallet A and records payer wallet B
2. F2 `quote_block_distinct_payer_without_proof`
- Given ownership wallet A and payer wallet B without ownership proof
- When checkout quote is requested
- Then quote is denied
## Vector Group G: Bundled First Checkout Transparency
1. G1 `quote_bundle_membership_when_missing`
- Given active ownership wallet without membership and `include_membership_if_missing=true`
- When governance checkout quote is requested
- Then quote includes membership line item and `membership_activation_included=true`
2. G2 `quote_excludes_membership_when_active`
- Given wallet with active membership
- When governance checkout quote is requested
- Then quote excludes membership line item and `membership_activation_included=false`
3. G3 `quote_total_matches_line_items`
- Given any quote response with line items
- Then `total_amount_atomic` equals sum of line item `amount_atomic` values (excluding network_estimate)
## Vector Group E: Evidence Integrity
1. E1 `receipt_fields_complete`
- Every successful membership and purchase receipt contains:
- wallet
- membership status snapshot
- offer_id
- policy_hash
- quote_id
- tx_hash
- chain_id
- entitlement_id (for purchase)
2. E2 `receipt_hash_stable`
- Given identical input payload
- Receipt hash must be identical across replays
3. E3 `audit_non_regression`
- Once state reaches `membership_active`, audit log cannot be removed or mutated without append-only evidence entry
## Vector Group H: Boundary and Availability Gate Hooks
1. H1 `checkout_block_boundary_mismatch`
- Given ownership wallet is bound to `org_root_id=ORG_A`
- And checkout target workspace is bound to `ORG_B`
- When quote is requested without valid ORG_B entitlement
- Then checkout is denied
2. H2 `checkout_block_availability_parked`
- Given membership is active
- And suite availability state for principal/workspace is `PARKED`
- When checkout confirm or paid activation is requested
- Then request is denied
3. H3 `continuity_blocks_growth_actions`
- Given availability state is `CONTINUITY`
- When action requests new workspace member, workspace creation, new tool install, or worker spawn
- Then request is denied with continuity policy reason
## Pass Criteria
A build is conformant only when all vectors pass.
## Fail-Closed Rule
Any uncertainty in chain confirmation, quote validity, policy hash, or state sync must block activation/purchase by default.
Reference in New Issue View Git Blame Copy Permalink