Skip to content

docs: add officer continuity and secure commerce guides#108

Merged
daliu merged 3 commits into
mainfrom
codex/issue-104-secure-commerce-docs
Jul 12, 2026
Merged

docs: add officer continuity and secure commerce guides#108
daliu merged 3 commits into
mainfrom
codex/issue-104-secure-commerce-docs

Conversation

@daliu

@daliu daliu commented Jul 12, 2026

Copy link
Copy Markdown
Contributor

Summary

  • adds a root system design, secure Stripe commerce design, security plan, operations runbook, implementation plan, and GitHub issue breakdown
  • adds a short officer entry page, root handbook, modular click-by-click procedures, glossary, diagrams, emergency guidance, and access-continuity checklist
  • adds permanent agent, issue, and pull-request requirements for plain-language officer documentation
  • makes Netlify builds deterministic by recording Node 20, the build command/output, and the same duplicate-ESLint suppression used by GitHub CI
  • records verified repository/deployment facts and clearly marks queued or unverified behavior as NOT AVAILABLE YET
  • documents AUTH-001A — Reject unverified targets at existing role-grant endpoints #98 as merged and tested at ce22c110, while preserving the fact that its Firebase/backend-live deployment is unproven

Fixes #104

Officer impact

A backup club officer can start with one page, copy one safe request into an AI assistant, identify the correct procedure, understand what must not be shared, and see separate proof requirements for source, tests, merge, GitHub Pages, Netlify, Firebase, payment-provider configuration, and production behavior.

No officer-facing production capability is activated by this PR. Unverified Admin, local Firebase, Netlify, paid-race, and merchandise procedures are explicitly parked behind follow-up work.

Officer documentation

  • OFFICER_START_HERE.md
  • OFFICER_HANDBOOK.md
  • docs/officers/
  • SYSTEM_DESIGN.md
  • STRIPE_COMMERCE_DESIGN.md
  • SECURITY.md
  • OPERATIONS_RUNBOOK.md
  • IMPLEMENTATION_PLAN.md
  • GITHUB_ISSUES.md
  • GITHUB_ISSUE_SLICES.md

A native Google Doc titled MPRC Website — Officer Start Here was created and connector-readback verified. Its private owner URL is intentionally omitted from this public repository and PR. It remains owner-only until the board moves it into the private MPRC continuity folder, shares it with two backup officers, and completes a two-account access drill.

Deployment evidence

This PR merged as 0e03ac1. Netlify production published that exact commit; GitHub Pages found identical output and created no new commit; Firebase explicitly skipped because deployment authority is absent.

Current repository truth documented here:

  • approving a merge to main also authorizes the automatic GitHub Pages publication and Firebase deployment attempt
  • the Firebase step can skip when backend authority is missing
  • runmprc.com is a separate Netlify surface whose repository/build/rollback path still requires verification
  • merge, automated attempt, affected-surface publication, and live verification remain separate recorded states

Verification

Environment: Node 20.20.2, npm 10.8.2.

  • npm --prefix functions run lint: pass
  • Functions Jest: 17/17 pass across 3 suites
  • Firestore Rules tests with Java 17: 97/97 pass across 4 suites
  • production build diagnostic: pass
  • Netlify-style CI build after hosting fix: pass
  • final Netlify deploy preview: pass (HTTP 200)
  • post-merge GitHub CI: pass
  • Netlify production deploy: ready on exact merge commit
  • GitHub Pages publication: no-op because output was already identical
  • Firebase deployment: skipped; not deployed
  • current-main frontend Jest baseline: Login 15 tests pass; App suite stops at TextEncoder is not defined — tracked by CI-001A — Repair the deterministic frontend test baseline #103 and not claimed by this documentation PR
  • staged diff check: pass
  • relative Markdown links: 92/92 resolve across 29 staged Markdown files
  • secret-shaped value scan: pass
  • private Google Doc locator scan: pass
  • excluded runtime, Rules, package, sitemap, and merged AUTH-001A — Reject unverified targets at existing role-grant endpoints #98 path scan: pass
  • independent exact staged-index review: approved with no findings

Scope guardrails

The branch contains 34 #104-owned documentation, template, environment-example, ignore-rule, and hosting-configuration paths only. It excludes runtime code, Firestore Rules, test harness/package changes, public/sitemap.xml, Stripe implementation work, and all merged #98 source files.

@netlify

netlify Bot commented Jul 12, 2026

Copy link
Copy Markdown

Deploy Preview for luminous-fox-7c393f ready!

Name Link
🔨 Latest commit dd7bea3
🔍 Latest deploy log https://app.netlify.com/projects/luminous-fox-7c393f/deploys/6a5415481266c80008a5f8da
😎 Deploy Preview https://deploy-preview-108--luminous-fox-7c393f.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant