This page reads the current project API posture instead of freezing a stale handoff note.
Product docs
One live guide for billing proof, member recovery, and server-owned workbench routes.
This is the public handoff surface for Core Publication. It explains what is live today, which routes matter after payment, how the current project API is shaped, and which boundaries are still intentionally not public.
Project-scoped GET routes currently visible to the workbench and this guide.
Operator-only mutations still stay inside the server-owned boundary.
Preview, owner read, fresh owner write, public commerce, and verified callback now have explicit roles.
Audience
This guide is for buyers, operators, and the next product layer.
FluentReact now has enough real surface area that documentation needs to explain who a route is for before anyone clicks into it.
Buyer
Understand what happens after payment.
Use the delivery guide, checkout status, and member desk together so billing proof and archive access do not drift into separate stories.
Operator
Keep public proof and workbench truth aligned.
The project API lane and usage lane now explain what the browser can read, what only operators can change, and where support should escalate.
Integrator
See the current contract boundary before building around it.
FluentReact is not exposing a public self-serve API yet. The read map, mutation inventory, and callback posture are visible so future product layers can integrate honestly.
Live routes
These are the routes that now define the current handoff system.
The guide is only useful if it points at the exact surfaces that already carry billing, access, and workbench truth.
Guide
Delivery guide
Public first-month scope, support posture, and current paid promise.
/deliveryProofCheckout status
Session, transaction, webhook, and activation-proof view for the billing path.
/paddle-checkoutRecoveryMember desk
Session-aware receipt, recovery, and archive handoff while auth stays intentionally light.
/membersContractsProject API lane
Live map of read contracts, guarded writes, response shapes, and platform edges.
/app/project/core-publication/apiInterventionUsage lane
Current throughput view showing where operators intervene before widening the product surface.
/app/project/core-publication/usageHelp tasks
Each task now has a clearer first stop.
Verify a purchase path
Start on checkout status when you need billing proof. Success means the route shows a real session, webhook evidence, and an activation state that matches the member desk.
Recover member access
Use the member desk when the buyer needs receipt continuity, latest archive direction, or support escalation through the same billing trail.
Inspect current API posture
Use the project API lane before building a new product layer. Success means the read map, guarded writes, and auth modes are explicit enough that no one assumes a public self-serve API exists.
Success signals
The handoff is working when the same state survives across multiple surfaces.
- The checkout route and member desk agree on activation proof.
- The API lane shows the same contract posture the browser is already using.
- Guarded workbench actions now leave a visible project-scoped audit trail.
- Public routes explain current limits instead of promising a larger auth system than the product has earned.
- Support, billing, and delivery still converge on one receipt trail.
Auth modes
The route family only feels mature when trust boundaries are visible.
- Project preview: Anonymous or non-operator viewers can read project-scoped workbench resources, but they cannot trigger side effects.
- Owner read lane: A signed owner session can keep project reads and operator-facing runtime views available without immediately widening into a heavier account-center model.
- Fresh owner write lane: Guarded project mutations now require a fresher owner-bound session, so compile, review, delivery, governed settings, and demand, telemetry, or usage intervention writes do not ride indefinitely on an older read cookie.
- Public commerce edge: Checkout creation and status lookup stay public-facing, but they still resolve through validated server handlers.
- Verified callback: Provider-originated webhook traffic is signature-verified before it can affect billing or activation state.
Response language
The browser and the server now have one calmer contract vocabulary.
| Shape | Contract | Detail |
|---|---|---|
| List response | { data, total, page, pageSize, ...summary } | Collection routes keep Refine-friendly pagination while still returning project-specific metadata such as summaries and warnings. |
| Detail response | { data } | Project detail resources stay calm and stable on first paint because the server baseline and client hydration share the same shape. |
| Mutation success | { data } or action-state payload | Operator routes return a machine-readable success shape while still supporting redirect-based flows for form posts. |
| Error response | { error, code, fieldErrors? } | Contract errors are normalized so browser runtime panels can surface safe messages without leaking service internals. |
Project reads
Public docs should show the routes the product really reads from.
| Resource | Method | Access | Detail |
|---|---|---|---|
| Overview /api/workbench/project/core-publication/overview | GET | project | Detail resource with project-scoped summary data for the workbench. |
| Automation /api/workbench/project/core-publication/automation | GET | project | Detail resource with compile readiness, downstream lane posture, and protected operator compile actions. |
| Issues /api/workbench/project/core-publication/issues | GET | project | Collection resource with refine-friendly pagination and normalized list shape. |
| Reviews /api/workbench/project/core-publication/reviews | GET | project | Collection resource with refine-friendly pagination and normalized list shape. |
| Delivery /api/workbench/project/core-publication/delivery | GET | project | Collection resource with refine-friendly pagination and normalized list shape. |
| Audience /api/workbench/project/core-publication/audience | GET | project | Detail resource with aggregate demand posture, operator-safe watch controls, and no contact-level lead exposure. |
| Usage /api/workbench/project/core-publication/usage | GET | project | Detail resource with project-scoped usage throughput, intervention controls, and lane-utilization signals. |
| API /api/workbench/project/core-publication/api | GET | project | Detail resource with integration contracts, guarded mutation inventory, and platform edge coverage. |
| Billing /api/workbench/project/core-publication/billing | GET | project | Detail resource with commercial readiness, project-owned billing controls, and safe operator-only writes. |
| Events /api/workbench/project/core-publication/events | GET | project | Detail resource with telemetry posture, operator-safe watch controls, and no raw event-row exposure. |
| Settings /api/workbench/project/core-publication/settings | GET | project | Detail resource with governed project settings reads and safe operator-only writes. |
| Guide /api/workbench/project/core-publication/guide | GET | project | Detail resource with runbooks, release references, route maps, and durable operator memory for the live project. |
Guarded writes and edges
Not every route should be public, and the docs should say that plainly.
| Mutation | Method | Access | Detail |
|---|---|---|---|
| Audience watch update /api/workbench/project/core-publication/audience | PATCH | operator | Saves aggregate-only audience focus, watch window, and operator note without exposing contact-level lead rows. |
| Usage intervention update /api/workbench/project/core-publication/usage | PATCH | operator | Saves project usage focus, intervention mode, target lane, and operator note without exposing billing or recipient-level internals. |
| Compile cycle /api/workbench/project/core-publication/automation/compile | POST | operator | Triggers the guarded compile lane while the service layer keeps issue materialization and downstream invalidation server-owned. |
| Review run /api/workbench/project/core-publication/reviews/run | POST | operator | Runs quality review for one issue slug through the protected operator lane instead of trusting browser access alone. |
| Review sweep /api/workbench/project/core-publication/reviews/sweep | POST | operator | Executes the full project review sweep to refresh gate posture across the current issue ledger. |
| Delivery run /api/workbench/project/core-publication/delivery/run | POST | operator | Runs the latest delivery candidate without exposing recipient-side side effects directly to the browser. |
| Governance update /api/workbench/project/core-publication/settings | PATCH | operator | Saves safe project-owned settings while provider secrets, billing authority, and execution control remain outside this route. |
| Billing controls update /api/workbench/project/core-publication/billing | PATCH | operator | Saves safe project-owned billing focus, primary public billing surface, and operator notes without exposing merchant secrets or buyer records. |
| Telemetry watch update /api/workbench/project/core-publication/events | PATCH | operator | Saves project telemetry focus, watch window, and operator note without exposing raw event rows or callback internals. |
| Edge route | Method | Access | Detail |
|---|---|---|---|
| Health check /api/health | GET | public | Release-proof and uptime route for validating the live worker without opening a protected operator screen. |
| Checkout create /api/billing/checkout | POST | public | Starts commerce from the public product surface while billing services keep provider credentials and validation server-side. |
| Checkout status /api/billing/status/[sessionId] | GET | public | Lets the member desk and recovery paths resolve billing state without forcing a heavyweight account system. |
| Paddle webhook /api/webhooks/paddle | POST | callback | Receives signed provider callbacks and turns them into billing proof inside the server boundary. |
Provider boundaries
The next product layer should inherit these boundaries instead of guessing them.
- dataProvider: Builds project-scoped API URLs, pagination, and response normalization for Refine without owning security or business policy.
- accessControlProvider: Controls preview and operator affordances in the browser, but it is not treated as the final permission layer.
- Next.js route handlers: Remain the first enforcement boundary for auth, payload validation, and the public-versus-operator API split.
- Services and stores: Own D1 access, fallback behavior, and real side effects so the workbench can widen without coupling the UI to persistence.
Next update trigger
This page should only widen when the runtime truth widens.
- A second project gets the same public preview and needs its own handoff surface.
- Member access graduates from session-linked recovery to a fuller authenticated product.
- Any external integration starts needing a real public API or signed project-to-project contract instead of internal route documentation.
Next step
If you need the live product path, move from docs into the actual surface.
Use the delivery guide for buyer scope, checkout status for billing proof, the member desk for recovery, and the project API lane for current contract truth.