Domain: Authentication & Identity
Purpose
Section titled “Purpose”Provide secure access to ConversionIQ with enterprise-grade controls.
MVP assumptions
Section titled “MVP assumptions”- Sign in / Sign up entry point at
/→ auth surface. - Sign-in is email-only for MVP.
- Sessions are authenticated and scoped to org/workspace membership.
- Authentication uses a verification step to complete sign-in/sign-up.
- Sign-up sends a verification code to the user’s email to confirm address ownership.
- Sign-in requires verification (delivery mechanism is TBD for MVP).
- MVP simplification: verification code is fixed to
123456(temporary; must be replaced post-MVP).
Key invariants (source of truth)
Section titled “Key invariants (source of truth)”- Authentication events must be auditable.
- Session must carry org/workspace context; switching workspaces must re-check permissions.
- Verification must be abuse-protected (rate limiting, throttling, lockouts) (TBD).
- Verification codes must never be logged; avoid PII in logs/analytics.
References
Section titled “References”- Permissions: Roles & Permissions Model
- Security/compliance: Security & Compliance