coulomb/user-engine
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
user-engine/workplans/USER-WP-0014-registration-and-access-management-ui.md

5.0 KiB
Raw Permalink Blame History

id, type, title, domain, repo, status, owner, topic_slug, planning_priority, planning_order, created, updated, depends_on, state_hub_workstream_id
id type title domain repo status owner topic_slug planning_priority planning_order created updated depends_on state_hub_workstream_id
USER-WP-0014 workplan Registration And Access Management UI netkingdom user-engine finished codex netkingdom medium 14 2026-06-15 2026-06-15
USER-WP-0010
USER-WP-0011
USER-WP-0012
USER-WP-0013
011f7d20-5c9d-42a9-b7a3-b20a8ae9f557

USER-WP-0014 - Registration And Access Management UI

Goal

Build an optional NetKingdom registration and access management UI backed by user-engine APIs. The UI should make registration, factor status, prepared rights, hat selection, profile completion, and onboarding journeys convenient without hiding IAM, authorization, proofing, or service-runtime boundaries.

Scope Direction

The UI is an operating surface over user-engine domain APIs. It should be thin, workflow-oriented, and suitable for self-service users, tenant admins, family owners, and operators.

Non-Goals

  • Do not implement credential entry, password reset, passkeys, MFA challenges, or token issuance in the UI.
  • Do not embed final authorization policy rules in frontend code.
  • Do not replace service-specific admin consoles.
  • Do not make UI state authoritative over domain records.

Tasks

id: USER-WP-0014-T1
status: done
priority: high
state_hub_task_id: "983087e1-c512-419f-86a6-b954d0a1ab54"

Define UI information architecture for registration, factor status, prepared-account claim, hat selection, profile completion, onboarding journey, and admin setup views.

id: USER-WP-0014-T2
status: done
priority: high
state_hub_task_id: "0af5d8ef-0d1e-44bd-b807-bc40e87afef2"

Define UI API contracts or route handlers over the headless service facades. Keep proofing, IAM, authorization, and notification calls behind adapters.

id: USER-WP-0014-T3
status: done
priority: high
state_hub_task_id: "a2e00aa3-5849-469c-a3a3-f4f5bd2df6c8"

Implement the self-service registration flow with resume, prepared rights review, factor status, terms/consent, and completion states.

id: USER-WP-0014-T4
status: done
priority: medium
state_hub_task_id: "36d49049-cfe7-4f87-9a7f-78e37de9188a"

Implement hat selection and active access context views for realms, services, groups, and assets.

id: USER-WP-0014-T5
status: done
priority: medium
state_hub_task_id: "e58038fc-6138-40cc-bb6b-4cbf7a8b0b87"

Implement admin views for prepared accounts, invitations, access profiles, group membership, realms/services/assets, and onboarding diagnostics.

id: USER-WP-0014-T6
status: done
priority: medium
state_hub_task_id: "4de949d6-e330-41b2-87cf-9b9425f0f8be"

Add usability, accessibility, error-state, redaction, and mobile/desktop tests for the registration and admin flows.

Acceptance Criteria

  • A new user can complete a registration flow through the UI using adapter supplied factor evidence.
  • A prepared account claim can be reviewed and accepted or denied through the UI.
  • Users can choose an active hat and see available realms/services without exposing internal policy logic.
  • Admins can prepare accounts and inspect onboarding state.
  • The UI does not store or display secrets, raw proofing payloads, or hidden authorization decisions.

Expected Outputs

  • Registration UI and API contract.
  • Hat/access management UI views.
  • Admin prepared-account and onboarding views.
  • Frontend verification artifacts.

Implementation Notes

Implemented on 2026-06-15:

  • Added user_engine.ui with transport-neutral UI contracts: UiRoute, UiApiContract, UiInformationArchitecture, UiScreen, UiSection, UiField, UiAction, UiRegistrationFlow, and RegistrationAccessManagementUi.
  • Defined information architecture for registration, prepared rights, active hat, profile, onboarding, and admin views, with mobile and desktop layout metadata.
  • Added UI route contracts for registration start/factor/complete, prepared-rights review/accept/deny, active hat selection, and admin dashboard.
  • Implemented self-service registration helpers with resume/status rendering, adapter-supplied factor evidence, terms/consent gating, and completion state.
  • Implemented prepared-rights review and accept/dismiss screens while redacting factor values.
  • Implemented active hat selection views over access profiles and active access context without exposing hidden policy logic.
  • Implemented admin dashboard composition for registration diagnostics, prepared accounts, tenant membership state, access profiles, and onboarding diagnostics.
  • Added accessible HTML verification rendering with semantic landmarks, labeled section navigation, action labels, and mobile/desktop layout metadata.
  • Added docs/registration-and-access-management-ui.md, UI contract updates, and tests for route contracts, self-service registration, prepared claims, hat selection, admin redaction, accessibility, and responsive metadata.

Verification:

make test
Ran 71 tests in 1.332s
OK
Reference in New Issue View Git Blame Copy Permalink