Phase 1C — Tiered onboarding (last Phase 1 sub-project)
Move from the current all-or-nothing signup wizard to a graduated capability model: low-friction entry, then progressively unlock riskier actions as the user completes their profile (completeness axis) and builds trust (1B trust tier).
Two-axis capability model
- Minimal profile (name + terms accepted) → enter app, browse member libraries, join via invite, edit profile.
- Full profile (minimal + photo + verified address) → lend (create item), request to borrow, create a library.
- Trust tier ≥ TRUSTED → a non-owner member may invite others into a library (owners/admins always exempt).
- Concurrent active borrows capped by tier (NEW 2 → BUILDING 4 → TRUSTED 8 → HIGHLY_TRUSTED 20; tunable).
Approach
Single pure, fully-tested src/lib/capabilities.ts as the source of truth; routes/server-actions/UI all call into it. Split the wizard for minimal entry + just-in-time profile prompts on first lend/borrow/create-library. Server-side enforcement on items, borrow-requests, collections POST + member-invite path.
Fix-along: the wizard collects 5 agreement checkboxes but POST /api/profile never persists them — add agreedToTermsAt so terms acceptance is recorded (it now gates entry).
Spec: docs/superpowers/specs/2026-06-28-phase-1c-tiered-onboarding-design.md
Part of Phase 1 (Trust loop & friction). Follows 1A #361, 1B #363, 1D #365.
Phase 1C — Tiered onboarding (last Phase 1 sub-project)
Move from the current all-or-nothing signup wizard to a graduated capability model: low-friction entry, then progressively unlock riskier actions as the user completes their profile (completeness axis) and builds trust (1B trust tier).
Two-axis capability model
Approach
Single pure, fully-tested
src/lib/capabilities.tsas the source of truth; routes/server-actions/UI all call into it. Split the wizard for minimal entry + just-in-time profile prompts on first lend/borrow/create-library. Server-side enforcement onitems,borrow-requests,collectionsPOST + member-invite path.Fix-along: the wizard collects 5 agreement checkboxes but
POST /api/profilenever persists them — addagreedToTermsAtso terms acceptance is recorded (it now gates entry).Spec:
docs/superpowers/specs/2026-06-28-phase-1c-tiered-onboarding-design.mdPart of Phase 1 (Trust loop & friction). Follows 1A #361, 1B #363, 1D #365.