web/docs/issuer-onboarding-pack.md

Issuer Onboarding Pack (v1)

Purpose

This pack defines the minimum deterministic requirements for external issuers publishing offers on EDUT.

Issuer Entry Checklist

1. Register issuer namespace (issuer_id).
2. Submit issuer manifest (issuer_manifest.v1).
3. Register signing keys and key-rotation contact.
4. Provide support channel and incident contact.
5. Accept marketplace policy and conformance obligations.

Offer Publish Checklist

1. Offer payload validates against offer.v1.schema.json.
2. member_only policy is explicit.
3. Price/currency/chain fields are complete.
4. Entitlement type and scope are explicit.
5. Offer status set to draft first.
6. Policy hash generated and stored.
7. Review gate passed before active.

Policy Lint Checklist

1. No missing required policy fields.
2. No unknown enum values.
3. No contradictory flags (for example, workspace-bound + transferable true unless explicitly supported).
4. Currency is supported (USDC or ETH in v1).
5. Amount is positive atomic integer.
6. Lifecycle transitions are valid (draft -> active -> paused/retired).

Runtime Expectations

1. Issuer offers cannot bypass membership gate.
2. Entitlement activation must be fail-closed.
3. Revocation and suspension must propagate deterministically.

Incident Responsibilities

1. Issuer must acknowledge critical entitlement issue within published SLA.
2. Issuer must provide rollback or pause decision path.
3. Issuer actions must preserve audit evidence.

Non-Negotiables

1. No direct side-channel entitlement grants.
2. No hidden pricing paths outside quote/confirm policy.
3. No policy mutation without versioned update and evidence.