web/docs/release-gate.md

Release Gate: Membership Platform (v1)

This gate controls deploy/no-deploy decisions for membership-gated commerce changes.

Gate Categories

1. Contract/API compatibility
2. Conformance vectors
3. Security checks
4. Legal/policy checks
5. Observability checks

Deploy Criteria (All Required)

1. docs/conformance/membership-gating-vectors.md: all vectors pass.
2. OpenAPI and implementation remain compatible.
3. Signature replay tests pass.
4. Quote expiry tests pass.
5. Tx mismatch tests pass.
6. Membership gate blocks non-members in all checkout paths.
7. Terms/privacy copy still match utility-access framing.
8. Structured logs and metrics are emitted for each state transition.

No-Deploy Triggers

1. Any conformance vector failure.
2. Any path that allows purchase without active membership.
3. Any activation path that proceeds with non-active entitlement.
4. Any missing audit evidence on successful purchase.
5. Any breaking API change without version bump and migration note.

Evidence Bundle Required for Release

1. Test result artifact references.
2. Contract address/version snapshot.
3. Policy hash snapshot.
4. Change summary and rollback plan.