3.4 KiB
id, type, title, domain, repo, status, owner, topic_slug, planning_priority, planning_order, created, updated, depends_on, state_hub_workstream_id
| id | type | title | domain | repo | status | owner | topic_slug | planning_priority | planning_order | created | updated | depends_on | state_hub_workstream_id | ||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| USER-WP-0014 | workplan | Registration And Access Management UI | netkingdom | user-engine | proposed | codex | netkingdom | medium | 14 | 2026-06-15 | 2026-06-15 |
|
011f7d20-5c9d-42a9-b7a3-b20a8ae9f557 |
USER-WP-0014 - Registration And Access Management UI
Goal
Build an optional NetKingdom registration and access management UI backed by user-engine APIs. The UI should make registration, factor status, prepared rights, hat selection, profile completion, and onboarding journeys convenient without hiding IAM, authorization, proofing, or service-runtime boundaries.
Scope Direction
The UI is an operating surface over user-engine domain APIs. It should be thin, workflow-oriented, and suitable for self-service users, tenant admins, family owners, and operators.
Non-Goals
- Do not implement credential entry, password reset, passkeys, MFA challenges, or token issuance in the UI.
- Do not embed final authorization policy rules in frontend code.
- Do not replace service-specific admin consoles.
- Do not make UI state authoritative over domain records.
Tasks
id: USER-WP-0014-T1
status: todo
priority: high
state_hub_task_id: "983087e1-c512-419f-86a6-b954d0a1ab54"
Define UI information architecture for registration, factor status, prepared-account claim, hat selection, profile completion, onboarding journey, and admin setup views.
id: USER-WP-0014-T2
status: todo
priority: high
state_hub_task_id: "0af5d8ef-0d1e-44bd-b807-bc40e87afef2"
Define UI API contracts or route handlers over the headless service facades. Keep proofing, IAM, authorization, and notification calls behind adapters.
id: USER-WP-0014-T3
status: todo
priority: high
state_hub_task_id: "a2e00aa3-5849-469c-a3a3-f4f5bd2df6c8"
Implement the self-service registration flow with resume, prepared rights review, factor status, terms/consent, and completion states.
id: USER-WP-0014-T4
status: todo
priority: medium
state_hub_task_id: "36d49049-cfe7-4f87-9a7f-78e37de9188a"
Implement hat selection and active access context views for realms, services, groups, and assets.
id: USER-WP-0014-T5
status: todo
priority: medium
state_hub_task_id: "e58038fc-6138-40cc-bb6b-4cbf7a8b0b87"
Implement admin views for prepared accounts, invitations, access profiles, group membership, realms/services/assets, and onboarding diagnostics.
id: USER-WP-0014-T6
status: todo
priority: medium
state_hub_task_id: "4de949d6-e330-41b2-87cf-9b9425f0f8be"
Add usability, accessibility, error-state, redaction, and mobile/desktop tests for the registration and admin flows.
Acceptance Criteria
- A new user can complete a registration flow through the UI using adapter supplied factor evidence.
- A prepared account claim can be reviewed and accepted or denied through the UI.
- Users can choose an active hat and see available realms/services without exposing internal policy logic.
- Admins can prepare accounts and inspect onboarding state.
- The UI does not store or display secrets, raw proofing payloads, or hidden authorization decisions.
Expected Outputs
- Registration UI and API contract.
- Hat/access management UI views.
- Admin prepared-account and onboarding views.
- Frontend verification artifacts.