generated from coulomb/repo-seed
165 lines
5.0 KiB
Markdown
165 lines
5.0 KiB
Markdown
---
|
|
id: USER-WP-0014
|
|
type: workplan
|
|
title: "Registration And Access Management UI"
|
|
domain: netkingdom
|
|
repo: user-engine
|
|
status: finished
|
|
owner: codex
|
|
topic_slug: netkingdom
|
|
planning_priority: medium
|
|
planning_order: 14
|
|
created: "2026-06-15"
|
|
updated: "2026-06-15"
|
|
depends_on:
|
|
- USER-WP-0010
|
|
- USER-WP-0011
|
|
- USER-WP-0012
|
|
- USER-WP-0013
|
|
state_hub_workstream_id: "011f7d20-5c9d-42a9-b7a3-b20a8ae9f557"
|
|
---
|
|
|
|
# USER-WP-0014 - Registration And Access Management UI
|
|
|
|
## Goal
|
|
|
|
Build an optional NetKingdom registration and access management UI backed by
|
|
user-engine APIs. The UI should make registration, factor status, prepared
|
|
rights, hat selection, profile completion, and onboarding journeys convenient
|
|
without hiding IAM, authorization, proofing, or service-runtime boundaries.
|
|
|
|
## Scope Direction
|
|
|
|
The UI is an operating surface over user-engine domain APIs. It should be thin,
|
|
workflow-oriented, and suitable for self-service users, tenant admins, family
|
|
owners, and operators.
|
|
|
|
## Non-Goals
|
|
|
|
- Do not implement credential entry, password reset, passkeys, MFA challenges,
|
|
or token issuance in the UI.
|
|
- Do not embed final authorization policy rules in frontend code.
|
|
- Do not replace service-specific admin consoles.
|
|
- Do not make UI state authoritative over domain records.
|
|
|
|
## Tasks
|
|
|
|
```task
|
|
id: USER-WP-0014-T1
|
|
status: done
|
|
priority: high
|
|
state_hub_task_id: "983087e1-c512-419f-86a6-b954d0a1ab54"
|
|
```
|
|
|
|
Define UI information architecture for registration, factor status,
|
|
prepared-account claim, hat selection, profile completion, onboarding journey,
|
|
and admin setup views.
|
|
|
|
```task
|
|
id: USER-WP-0014-T2
|
|
status: done
|
|
priority: high
|
|
state_hub_task_id: "0af5d8ef-0d1e-44bd-b807-bc40e87afef2"
|
|
```
|
|
|
|
Define UI API contracts or route handlers over the headless service facades.
|
|
Keep proofing, IAM, authorization, and notification calls behind adapters.
|
|
|
|
```task
|
|
id: USER-WP-0014-T3
|
|
status: done
|
|
priority: high
|
|
state_hub_task_id: "a2e00aa3-5849-469c-a3a3-f4f5bd2df6c8"
|
|
```
|
|
|
|
Implement the self-service registration flow with resume, prepared rights
|
|
review, factor status, terms/consent, and completion states.
|
|
|
|
```task
|
|
id: USER-WP-0014-T4
|
|
status: done
|
|
priority: medium
|
|
state_hub_task_id: "36d49049-cfe7-4f87-9a7f-78e37de9188a"
|
|
```
|
|
|
|
Implement hat selection and active access context views for realms, services,
|
|
groups, and assets.
|
|
|
|
```task
|
|
id: USER-WP-0014-T5
|
|
status: done
|
|
priority: medium
|
|
state_hub_task_id: "e58038fc-6138-40cc-bb6b-4cbf7a8b0b87"
|
|
```
|
|
|
|
Implement admin views for prepared accounts, invitations, access profiles,
|
|
group membership, realms/services/assets, and onboarding diagnostics.
|
|
|
|
```task
|
|
id: USER-WP-0014-T6
|
|
status: done
|
|
priority: medium
|
|
state_hub_task_id: "4de949d6-e330-41b2-87cf-9b9425f0f8be"
|
|
```
|
|
|
|
Add usability, accessibility, error-state, redaction, and mobile/desktop tests
|
|
for the registration and admin flows.
|
|
|
|
## Acceptance Criteria
|
|
|
|
- A new user can complete a registration flow through the UI using adapter
|
|
supplied factor evidence.
|
|
- A prepared account claim can be reviewed and accepted or denied through the
|
|
UI.
|
|
- Users can choose an active hat and see available realms/services without
|
|
exposing internal policy logic.
|
|
- Admins can prepare accounts and inspect onboarding state.
|
|
- The UI does not store or display secrets, raw proofing payloads, or hidden
|
|
authorization decisions.
|
|
|
|
## Expected Outputs
|
|
|
|
- Registration UI and API contract.
|
|
- Hat/access management UI views.
|
|
- Admin prepared-account and onboarding views.
|
|
- Frontend verification artifacts.
|
|
|
|
## Implementation Notes
|
|
|
|
Implemented on 2026-06-15:
|
|
|
|
- Added `user_engine.ui` with transport-neutral UI contracts:
|
|
`UiRoute`, `UiApiContract`, `UiInformationArchitecture`, `UiScreen`,
|
|
`UiSection`, `UiField`, `UiAction`, `UiRegistrationFlow`, and
|
|
`RegistrationAccessManagementUi`.
|
|
- Defined information architecture for registration, prepared rights, active
|
|
hat, profile, onboarding, and admin views, with mobile and desktop layout
|
|
metadata.
|
|
- Added UI route contracts for registration start/factor/complete,
|
|
prepared-rights review/accept/deny, active hat selection, and admin
|
|
dashboard.
|
|
- Implemented self-service registration helpers with resume/status rendering,
|
|
adapter-supplied factor evidence, terms/consent gating, and completion
|
|
state.
|
|
- Implemented prepared-rights review and accept/dismiss screens while
|
|
redacting factor values.
|
|
- Implemented active hat selection views over access profiles and active
|
|
access context without exposing hidden policy logic.
|
|
- Implemented admin dashboard composition for registration diagnostics,
|
|
prepared accounts, tenant membership state, access profiles, and onboarding
|
|
diagnostics.
|
|
- Added accessible HTML verification rendering with semantic landmarks,
|
|
labeled section navigation, action labels, and mobile/desktop layout
|
|
metadata.
|
|
- Added `docs/registration-and-access-management-ui.md`, UI contract updates,
|
|
and tests for route contracts, self-service registration, prepared claims,
|
|
hat selection, admin redaction, accessibility, and responsive metadata.
|
|
|
|
Verification:
|
|
|
|
```text
|
|
make test
|
|
Ran 71 tests in 1.332s
|
|
OK
|
|
```
|