MemberVote Secure Platform

Signup, billing, and provisioning coordination layer for the MemberVote hosted service.

This is not the public marketing website.
This is not the MemberVote election application.
This is private backend infrastructure that coordinates customer orders, payments, and provisioning requests.

This service owns customer and order records, add-on selections, Stripe checkout references, annual membership records, upgrade credits, and provisioning requests. It does not store voter rosters, ballots, voting credentials, or election results.

Development status

Current phase: Phase 9D — ServiceInstance failure and recovery visibility.

Phase 0 — Project scaffold and boundaries: complete.
Phase 1A — Core data models and migration: complete.
Phase 1B — Default product/price catalog: complete.
Phase 1C — Model state validation: complete.
Phase 2A — Customer signup foundation (lead capture): complete.
Phase 2B — Plan selection and draft order flow: complete.
Phase 3A — Stripe checkout service foundation: complete.
Phase 3B — Checkout start route and order status update: complete.
Phase 4A — Stripe webhook receiver and idempotency: complete.
Phase 4B — checkout.session.completed payment handling: complete.
Phase 4C — Webhook hardening and payment failure states: complete.
Phase 5A — Provisioner API (read-only pending requests): complete.
Phase 5B — Provisioner claim-next endpoint: complete.
Phase 5B.1 — Organization short name and instance slug foundation: complete.
Phase 5C — Provisioner status reporting (start/complete/fail): complete.
Phase 5D — Provisioner retry and recovery rules (release/retry): complete.
Phase 6A — Internal admin authentication foundation: complete.
Phase 6B.1 — Admin dashboard summary and navigation: complete.
Phase 6B.2 — Read-only admin customer/order/entitlement/provisioning pages: complete.
Phase 6B.3 — Read-only admin webhook event visibility: complete.
Phase 6C — Admin recovery controls (release/retry): complete.
Phase 7A — Upgrade credit visibility and eligibility checks: complete.
Phase 7B.0 — Credit application model and reserved credit state foundation: complete.
Phase 7B — Apply Starter credit to Governance Membership draft order: complete.
Phase 7B.1 — Reserved credit release and cleanup rules: complete.
Phase 7C.1 — Checkout support for internally credited orders: complete.
Phase 7C.2 — Webhook success finalizes reserved credit: complete.
Phase 7C.3 — Webhook failure/expiration releases reserved credit: complete.
Phase 8A — Production configuration validation and readiness checks: complete.
Phase 8B — Security header, session, CSRF, and admin hardening: complete.
Phase 8C — Operational logging and audit visibility: complete.
Phase 8D — Failure-state and lifecycle review: complete.
Phase 8E — Deployment documentation and runbook: complete.
Phase 9A — ServiceInstance model and configurable domain foundation: complete.
Phase 9B — Create/update ServiceInstance when provisioning completes: complete.
Phase 9C — Read-only admin ServiceInstance visibility: complete.
Phase 9D — ServiceInstance failure and recovery visibility: complete.

Start signup → (captures a lead, then plan selection and a draft order; no payment is collected yet)

Available test routes

/ — this page
/signup — lead capture
/signup/thanks — generic confirmation
/signup/plans/<customer_id> — plan selection (after signup)
/orders/<order_id>/review — draft order review & start checkout
POST /orders/<order_id>/checkout/start — start Stripe Checkout
/checkout/success — checkout return placeholder (not payment confirmation)
/checkout/cancel — checkout cancelled placeholder
POST /webhooks/stripe — Stripe webhook receiver (signature-verified)
GET /api/provisioning/pending — provisioner API, read-only (bearer token required)
POST /api/provisioning/claim-next — provisioner claims oldest pending request (bearer token required)
POST /api/provisioning/<id>/start — provisioner reports running (bearer token required)
POST /api/provisioning/<id>/complete — provisioner reports completed + instance URL (bearer token required)
POST /api/provisioning/<id>/fail — provisioner reports failure + error (bearer token required)
POST /api/provisioning/<id>/release — recovery: claimed → pending (bearer token required)
POST /api/provisioning/<id>/retry — recovery: failed → pending (bearer token required)
/admin/login — internal admin sign in
/admin — internal admin landing (login required)
/healthz — health check (JSON)