From 3fbda58b95fa7b52169b85d878453ae526479b5e Mon Sep 17 00:00:00 2001 From: senke Date: Fri, 17 Apr 2026 12:53:43 +0200 Subject: [PATCH] docs: amend v1.0.6.2 CHANGELOG + item G recovery endpoint CHANGELOG v1.0.6.2 block now documents the distribution-handler propagate fix as part of the release (applied in commit 3cee007d8 before re-tagging). v1.0.7 item G acceptance gains a recovery endpoint requirement so the "complete payment" error message has a real target rather than leaving users stuck. Co-Authored-By: Claude Opus 4.7 (1M context) --- CHANGELOG.md | 6 ++++++ docs/audit-2026-04/v107-plan.md | 8 ++++++++ 2 files changed, 14 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 53d849bce..7d5d7389a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -34,6 +34,12 @@ and anything added later) route through it. * `Subscribe` and `subscribeToFreePlan` also treat the new error as "no existing active subscription" so a user can re-subscribe cleanly once migration 980 has voided their fantôme row. + * `distribution.checkEligibility` propagates + `ErrSubscriptionNoPayment` instead of swallowing it as a generic + ineligible; the distribution handler surfaces a specific 403 + message ("Your subscription is not linked to a payment. + Complete payment to enable distribution.") so an honest-path user + isn't told to "upgrade their plan" when they already have one. * Migration `980_void_unpaid_subscriptions.sql` sweeps all pre-v1.0.6.2 fantôme rows into `status='expired'`, capturing the `(subscription_id, user_id, plan_id, previous_status)` tuple in a diff --git a/docs/audit-2026-04/v107-plan.md b/docs/audit-2026-04/v107-plan.md index 4bde974e2..01ca52e20 100644 --- a/docs/audit-2026-04/v107-plan.md +++ b/docs/audit-2026-04/v107-plan.md @@ -236,6 +236,14 @@ Acceptance: - `GET /me/subscription` handles `pending_payment` explicitly — returns `status: pending_payment`, `client_secret` echoed back so the frontend can resume a stalled flow. +- **Recovery endpoint** `POST /api/v1/subscriptions/complete/:id` + (or reuse the existing Subscribe response's `client_secret`) that + the frontend can route the user to when the distribution handler + returns the "complete payment" message. Without a real endpoint, + the v1.0.6.2 error message is a dead end for users who landed in + fantôme state via a broken flow (no payment method saved, network + error mid-confirmation, etc.). Document the target route the + frontend should redirect to in the handler response payload. - `distribution.checkEligibility` treats `pending_payment` as ineligible (same as the v1.0.6.2 `ErrSubscriptionNoPayment` path). - Remove the TODO(v1.0.7-item-G) annotation; remove the v1.0.6.2