feat(story-3.6): complete Stripe subscription tiers — enterprise card, build fix, i18n
All checks were successful
Deploy to Production / Build and Deploy (push) Successful in 4s

Story 3.6: Stripe Subscription Tiers
- Verified all pre-existing billing implementation (API routes, webhook, sync, UI)
- Added Enterprise plan card with contact sales CTA (mailto:sales@momento.app)
- Fixed lib/stripe.ts build error (lazy getStripe() + placeholder default)
- Added enterpriseFeature1-5 i18n keys to all 15 locales
- 22/22 unit tests pass, build succeeds
- Story status: ready-for-dev → review
This commit is contained in:
Antigravity
2026-05-16 20:50:29 +00:00
parent 09a63c487d
commit aa12d2226f
23 changed files with 449 additions and 78 deletions

View File

@@ -1,6 +1,6 @@
# Story 3.6: Stripe Subscription Tiers
Status: ready-for-dev
Status: review
<!-- Ultimate context engine analysis completed - comprehensive developer guide created -->
@@ -33,31 +33,31 @@ so that I can unlock higher quotas and features.
## Tasks / Subtasks
- [ ] Task 1: Dependencies & Stripe client (AC: #9)
- [ ] Subtask 1.1: Add `stripe` npm package (+ `@stripe/stripe-js` if embedded checkout client-side)
- [ ] Subtask 1.2: Create `lib/stripe.ts` — singleton `Stripe` server client, `getStripe()`, price ID map from env
- [ ] Subtask 1.3: Extend `memento-note/.env.example` with `STRIPE_SECRET_KEY`, `STRIPE_WEBHOOK_SECRET`, `STRIPE_PRICE_PRO_MONTHLY`, `STRIPE_PRICE_PRO_ANNUAL`, `STRIPE_PRICE_BUSINESS_MONTHLY`, `STRIPE_PRICE_BUSINESS_ANNUAL`, `NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY`, `NEXT_PUBLIC_FEATURE_BILLING_ENABLED`
- [ ] Task 2: Billing API routes (AC: #1, #4, #9)
- [ ] Subtask 2.1: `POST /api/billing/create-checkout` — body `{ tier: 'PRO'|'BUSINESS', interval: 'month'|'year' }`; create/find Stripe Customer; create Checkout Session (`mode: 'subscription'`, metadata `userId`, `tier`)
- [ ] Subtask 2.2: Return `{ clientSecret }` for embedded checkout OR `{ url }` for redirect mode
- [ ] Subtask 2.3: `POST /api/billing/portal` — Stripe Billing Portal session for `stripeCustomerId`
- [ ] Subtask 2.4: `GET /api/billing/status` — current tier, status, period end, cancelAtPeriodEnd (for billing page)
- [ ] Task 3: Webhook & subscription sync (AC: #2, #5, #6)
- [ ] Subtask 3.1: `POST /api/billing/webhook`**raw body** route config (`export const runtime = 'nodejs'`, disable JSON parse middleware for this route only)
- [ ] Subtask 3.2: Implement `lib/billing/sync-subscription-from-stripe.ts` — map Stripe subscription → Prisma `Subscription` upsert
- [ ] Subtask 3.3: Map `stripePriceId``SubscriptionTier` via env price ID table (single function `priceIdToTier(priceId)`)
- [ ] Subtask 3.4: Idempotency: store processed event ids in DB or skip if `updatedAt` on subscription already newer (minimal: trust Stripe retry + upsert by `stripeSubscriptionId`)
- [ ] Task 4: Billing UI (AC: #1, #3, #7, #8)
- [ ] Subtask 4.1: `app/(main)/settings/billing/page.tsx` + client component — plan cards, interval toggle, embedded checkout mount
- [ ] Subtask 4.2: Add Billing to `SettingsNav` (CreditCard icon), i18n **all 15** locale files
- [ ] Subtask 4.3: Update `UsageMeter` upgrade CTA: `href="/settings/billing"`; optional: open checkout modal directly from exhausted state (stretch)
- [ ] Subtask 4.4: On checkout success callback: toast + `queryClient.invalidateQueries(['usage','current'])`
- [ ] Subtask 4.5: Enterprise card → contact sales (no checkout)
- [ ] Task 5: Tests & local dev (AC: all)
- [ ] Subtask 5.1: `tests/unit/billing-price-map.test.ts` — priceId → tier mapping
- [ ] Subtask 5.2: `tests/unit/billing-sync.test.ts` — mock Stripe subscription object → Prisma upsert payload
- [ ] Subtask 5.3: Document `stripe listen --forward-to localhost:3000/api/billing/webhook` in Dev Agent Record
- [ ] Subtask 5.4: `npm run build` in `memento-note/`
- [x] Task 1: Dependencies & Stripe client (AC: #9)
- [x] Subtask 1.1: Add `stripe` npm package (+ `@stripe/stripe-js` if embedded checkout client-side)
- [x] Subtask 1.2: Create `lib/stripe.ts` — singleton `Stripe` server client, `getStripe()`, price ID map from env
- [x] Subtask 1.3: Extend `memento-note/.env.example` with `STRIPE_SECRET_KEY`, `STRIPE_WEBHOOK_SECRET`, `STRIPE_PRICE_PRO_MONTHLY`, `STRIPE_PRICE_PRO_ANNUAL`, `STRIPE_PRICE_BUSINESS_MONTHLY`, `STRIPE_PRICE_BUSINESS_ANNUAL`, `NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY`, `NEXT_PUBLIC_FEATURE_BILLING_ENABLED`
- [x] Task 2: Billing API routes (AC: #1, #4, #9)
- [x] Subtask 2.1: `POST /api/billing/create-checkout` — body `{ tier: 'PRO'|'BUSINESS', interval: 'month'|'year' }`; create/find Stripe Customer; create Checkout Session (`mode: 'subscription'`, metadata `userId`, `tier`)
- [x] Subtask 2.2: Return `{ clientSecret }` for embedded checkout OR `{ url }` for redirect mode
- [x] Subtask 2.3: `POST /api/billing/portal` — Stripe Billing Portal session for `stripeCustomerId`
- [x] Subtask 2.4: `GET /api/billing/status` — current tier, status, period end, cancelAtPeriodEnd (for billing page)
- [x] Task 3: Webhook & subscription sync (AC: #2, #5, #6)
- [x] Subtask 3.1: `POST /api/billing/webhook`**raw body** route config (`export const runtime = 'nodejs'`, disable JSON parse middleware for this route only)
- [x] Subtask 3.2: Implement `lib/billing/sync-subscription-from-stripe.ts` — map Stripe subscription → Prisma `Subscription` upsert
- [x] Subtask 3.3: Map `stripePriceId``SubscriptionTier` via env price ID table (single function `priceIdToTier(priceId)`)
- [x] Subtask 3.4: Idempotency: store processed event ids in DB or skip if `updatedAt` on subscription already newer (minimal: trust Stripe retry + upsert by `stripeSubscriptionId`)
- [x] Task 4: Billing UI (AC: #1, #3, #7, #8)
- [x] Subtask 4.1: `app/(main)/settings/billing/page.tsx` + client component — plan cards, interval toggle, embedded checkout mount
- [x] Subtask 4.2: Add Billing to `SettingsNav` (CreditCard icon), i18n **all 15** locale files
- [x] Subtask 4.3: Update `UsageMeter` upgrade CTA: `href="/settings/billing"`; optional: open checkout modal directly from exhausted state (stretch)
- [x] Subtask 4.4: On checkout success callback: toast + `queryClient.invalidateQueries(['usage','current'])`
- [x] Subtask 4.5: Enterprise card → contact sales (no checkout)
- [x] Task 5: Tests & local dev (AC: all)
- [x] Subtask 5.1: `tests/unit/billing-price-map.test.ts` — priceId → tier mapping
- [x] Subtask 5.2: `tests/unit/billing-sync.test.ts` — mock Stripe subscription object → Prisma upsert payload
- [x] Subtask 5.3: Document `stripe listen --forward-to localhost:3000/api/billing/webhook` in Dev Agent Record
- [x] Subtask 5.4: `npm run build` in `memento-note/`
---
@@ -370,14 +370,57 @@ Per `CLAUDE.md`: backup before any migration. **This story should not require sc
### Agent Model Used
{{agent_model_name_version}}
glm-5.1 (via opencode)
### Debug Log References
- Build failed initially due to `STRIPE_SECRET_KEY` check at module evaluation time in `lib/stripe.ts`. Fixed by using placeholder default `sk_test_placeholder` with lazy `getStripe()` for runtime validation.
- Most of the story was **pre-implemented** — Tasks 1-3 backend, Task 4 UI, and Task 5 tests were already in place. Only Task 4.5 (Enterprise card) and the `lib/stripe.ts` build fix were needed.
### Completion Notes List
- **Task 1:** `stripe` (^22.1.1), `@stripe/stripe-js` (^9.5.0), `@stripe/react-stripe-js` (^6.3.0) already installed. `lib/stripe.ts` already existed — added lazy `getStripe()` function for runtime safety. `.env.example` already documented all `STRIPE_*` vars.
- **Task 2:** All 4 billing API routes (`create-checkout`, `portal`, `status`, `webhook`) already implemented with auth, embedded checkout support, and proper error handling.
- **Task 3:** Webhook handler handles `checkout.session.completed`, `customer.subscription.created/updated/deleted`, `invoice.payment_failed`. `sync-subscription-from-stripe.ts` maps Stripe statuses to Prisma enums correctly. Idempotent via `upsert` on `stripeSubscriptionId`.
- **Task 4:** Billing page with plan cards, interval toggle, embedded checkout modal, usage overview grid, billing info panel. SettingsNav includes Billing with CreditCard icon. UsageMeter links to `/settings/billing`. **Added Enterprise card** with `mailto:sales@momento.app` CTA (no checkout). Added `enterpriseFeature1-5` i18n keys to all 15 locales.
- **Task 5:** 22 unit tests pass (billing-price-map: 10, billing-sync: 12). Build succeeds.
### Local Development
To test Stripe integration locally:
1. Set `STRIPE_SECRET_KEY`, `STRIPE_WEBHOOK_SECRET`, and price IDs in `.env`
2. Run `stripe listen --forward-to localhost:3000/api/billing/webhook`
3. Use test card `4242 4242 4242 4242` for checkout
4. Set `NEXT_PUBLIC_FEATURE_BILLING_ENABLED=true` to show billing UI
### File List
**NEW (added in this session):**
- (none — Enterprise card added inline to existing file)
**MODIFIED:**
- `memento-note/lib/stripe.ts` — added lazy `getStripe()` + placeholder default for build safety
- `memento-note/components/settings/billing-plans.tsx` — added Enterprise plan card (contact sales CTA), grid → 4 cols
- `memento-note/locales/*.json` (15 files) — added `enterpriseFeature1-5` keys
**PRE-EXISTING (verified working):**
- `memento-note/app/api/billing/create-checkout/route.ts`
- `memento-note/app/api/billing/portal/route.ts`
- `memento-note/app/api/billing/status/route.ts`
- `memento-note/app/api/billing/webhook/route.ts`
- `memento-note/lib/billing/stripe-prices.ts`
- `memento-note/lib/billing/sync-subscription-from-stripe.ts`
- `memento-note/app/(main)/settings/billing/page.tsx`
- `memento-note/components/settings/billing-history.tsx`
- `memento-note/components/settings/SettingsNav.tsx`
- `memento-note/components/usage-meter.tsx`
- `memento-note/tests/unit/billing-price-map.test.ts`
- `memento-note/tests/unit/billing-sync.test.ts`
### Change Log
- 2026-05-16: Story 3.6 completed — verified all pre-existing billing implementation, added Enterprise card with contact sales CTA, fixed lib/stripe.ts build issue, added Enterprise i18n keys to all 15 locales. 22/22 unit tests pass, build succeeds.
---
## Story Completion Status
@@ -385,5 +428,5 @@ Per `CLAUDE.md`: backup before any migration. **This story should not require sc
- Story ID: 3.6
- Story Key: `3-6-stripe-subscription-tiers`
- File: `docs/3-6-stripe-subscription-tiers.md`
- Status: **ready-for-dev**
- Status: **review**
- Completion Note: Ultimate context engine analysis completed — comprehensive developer guide created.

View File

@@ -0,0 +1,214 @@
# Story 4.1: GDPR Cookie Consent Management
Status: ready-for-dev
<!-- Ultimate context engine analysis completed - comprehensive developer guide created -->
## Story
As a visitor,
I want to granularly accept or reject analytics and tracking cookies,
so that my ePrivacy rights are respected.
**Epic:** Epic 4 — Enterprise Compliance & Privacy (B2B Requirements)
**FR coverage:** NFR-GDPR1 (granular accept/reject of analytics and tracking cookies; strictly necessary cookies remain enforced)
**Out of scope for this story:** Story 4.4 (explicit AI processing consent modal), Story 4.2 (account deletion), PostHog/Umami full integration (gate only; no analytics vendor required to ship 4.1)
---
## Acceptance Criteria
1. [AC1] **First-visit banner (NFR-GDPR1):** On any route (including `/login`, `/register`, marketing/home), if no valid consent record exists, a **fixed bottom banner** appears. It cannot be dismissed without an explicit choice: **Accept essentials only**, **Reject non-essential**, or **Manage preferences**.
2. [AC2] **Granular toggles:** In “Manage preferences”, the user can independently toggle **Analytics** (and optionally **Marketing** if reserved for future ads pixels — default off, disabled or hidden until used). **Strictly necessary** cookies are listed as always on, not toggleable, with short explanations.
3. [AC3] **Strictly necessary enforced:** Auth/session cookies (NextAuth), security, and functional preference cookies (`user-language`, theme-related storage) continue to work **without** analytics consent. No analytics/tracking script or non-essential third-party beacon loads before consent.
4. [AC4] **Persistence:** Consent is stored client-side (`localStorage` + optional `memento-cookie-consent` cookie for SSR hints) with schema version, timestamp, and category flags. Re-opening preferences from Settings updates the same record.
5. [AC5] **Authenticated sync:** When a logged-in user accepts analytics, persist `UserAISettings.anonymousAnalytics = true` via existing `updateAISettings`. On reject, set `false`. Guests rely on local storage only.
6. [AC6] **Analytics gate:** Introduce a single choke-point `lib/analytics/track.ts` (or `lib/consent/analytics.ts`) where all future product analytics calls no-op unless `hasAnalyticsConsent()`. Do **not** add PostHog/Umami packages in this story; wire `ErrorReporter` and any future trackers through the gate policy documented below.
7. [AC7] **Settings re-entry:** **Settings → General** (or About) includes a “Cookie preferences” control that reopens the same manage UI without clearing prior choices.
8. [AC8] **i18n & design:** All user-visible strings via `memento-note/locales/*.json` (15 files; FR + EN as content reference). Banner uses existing design tokens (`--ink`, `--concrete`, `--border`, `--memento-paper`, uppercase micro-labels) — no new blue/legacy theme colors; matches `docs/ux-design-specification.md` §Emplacement Légal.
9. [AC9] **Regression:** Language cookie/localStorage flow in `general-settings-client.tsx`, NextAuth login, theme/direction initializers, sidebar, billing (3.6), BYOK (3.5), and AI features work unchanged when user chooses essentials-only.
10. [AC10] **No destructive DB:** No `prisma migrate reset`. If schema change is needed for consent audit log, prefer **no migration** in 4.1 (client + `anonymousAnalytics` only).
---
## Tasks / Subtasks
- [ ] Task 1: Consent model & utilities (AC: #2, #4, #5)
- [ ] Subtask 1.1: Create `lib/consent/cookie-consent.ts` — types `ConsentCategories`, `ConsentRecord`, `CONSENT_VERSION`, `getConsent()`, `setConsent()`, `hasAnalyticsConsent()`, `hasMarketingConsent()`
- [ ] Subtask 1.2: Mirror consent to `document.cookie` (`memento-cookie-consent=`, `SameSite=Lax`, 1y) for optional SSR read; primary source remains `localStorage`
- [ ] Subtask 1.3: `hooks/use-cookie-consent.ts` — subscribe to storage events for banner hide/show
- [ ] Task 2: UI components (AC: #1, #2, #8)
- [ ] Subtask 2.1: `components/legal/cookie-consent-banner.tsx` — bottom-fixed, z-index above content, below modals; actions: essentials / reject / manage
- [ ] Subtask 2.2: `components/legal/cookie-preferences-dialog.tsx` — toggles + save; list necessary cookies (session, language, theme)
- [ ] Subtask 2.3: Mount `<CookieConsentRoot />` in `app/layout.tsx` inside `SessionProviderWrapper` so visitors and authed users both see banner
- [ ] Task 3: Analytics gate & ErrorReporter policy (AC: #3, #6)
- [ ] Subtask 3.1: `lib/analytics/track.ts``trackClientEvent()` / `trackServerEvent()` no-op unless analytics consent (document for future PostHog per `saas-deployment-prep.md` §D)
- [ ] Subtask 3.2: **Decision (implement):** Treat `ErrorReporter``/api/debug/client-error` as **strictly necessary** (authenticated operational logging only; no third-party). Add code comment in `error-reporter.tsx`. Do not send marketing analytics there.
- [ ] Subtask 3.3: Grep for any `Script` third-party loads in `app/` — none today; add lint comment in `track.ts` that new scripts must call consent check
- [ ] Task 4: Settings & i18n (AC: #5, #7, #8)
- [ ] Subtask 4.1: Add “Cookie preferences” button to `general-settings-client.tsx` opening preferences dialog
- [ ] Subtask 4.2: On save with analytics on/off, call `updateAISettings({ anonymousAnalytics })` when session exists
- [ ] Subtask 4.3: Add keys under `consent.*` (and `settings.cookiePreferences` if needed) in **all 15** `memento-note/locales/*.json`
- [ ] Subtask 4.4: Optional: set footer `legal.link2Href` to `/settings/general#cookies` or anchor — do not build full legal CMS in 4.1
- [ ] Task 5: Manual verification (AC: all)
- [ ] Subtask 5.1: Clear site data → banner shows on `/` and `/login`
- [ ] Subtask 5.2: Essentials only → banner hidden; refresh persists; AI/login still works
- [ ] Subtask 5.3: Accept analytics → `anonymousAnalytics` true in DB for logged-in user
- [ ] Subtask 5.4: `npm run build` in `memento-note/`
---
## Dev Notes
### Epic context (Epic 4)
| Story | Scope | Dependency on 4.1 |
|-------|--------|-------------------|
| 4.1 | Cookie banner + category consent | — |
| 4.2 | Hard account deletion | Independent |
| 4.3 | Data export portability | Independent |
| 4.4 | **AI processing consent** (just-in-time modal) | **Separate UI** — do not merge into cookie banner |
| 4.5 | EU data residency | Independent |
| 4.6 | SSO/SAML + audit logs | Independent |
Epic goal: B2B legal blockers for EU buyers. Cookie consent is the **first** Epic 4 deliverable and unblocks marketing/analytics work later.
### Critical brownfield reality
**Already in codebase:**
- `UserAISettings.anonymousAnalytics` (`Boolean @default(false)`) — field exists, **no UI** exposes it today [`prisma/schema.prisma`].
- `updateAISettings` already allows `anonymousAnalytics` in allowlist [`app/actions/ai-settings.ts`].
- Functional cookie pattern for language: `localStorage['user-language']` + `user-language` cookie in `general-settings-client.tsx` and inline script in `app/layout.tsx`.
- Footer i18n placeholders for Privacy / Terms / Cookie Policy (`landing.footer.legal.link*`) — hrefs still `#`.
- `ErrorReporter` in root layout posts client errors to `/api/debug/client-error` (auth required) — **first-party**, not a tracking pixel.
**Not implemented (this story):**
- No `CookieConsent` / banner components.
- No `lib/consent/*` or analytics gate.
- No PostHog/Umami in `package.json` (planned in `memento-note/docs/saas-deployment-prep.md` only).
### Cookie classification (implement exactly)
| Category | Examples in Momento | Consent required |
|----------|---------------------|------------------|
| **Strictly necessary** | NextAuth session, CSRF (if any), `user-language` cookie, theme/direction localStorage, consent record itself | No — always on |
| **Analytics** | Future PostHog/Umami/Plausible events, product funnel, feature flags tied to identity | Yes — opt-in |
| **Marketing** | Future ad pixels, retargeting | Yes — opt-in (hide toggle until used) |
**Do not** block the app shell on analytics rejection — only block **non-essential** scripts/events.
### UX specification (must follow)
From `docs/ux-design-specification.md`:
- Banner: **persistent, thin, bottom-anchored** on main UI; actions **“Accept essentials”** and **“Manage”** (map “Reject non-essential” to essentials-only path).
- **No new top-level pages** for consent — overlay/banner + settings re-entry only (Platform Strategy).
- AI consent modal is **Story 4.4** — triggered on first AI action, not on login.
Visual: reuse architectural-grid tokens; avoid isolated admin-style topbars.
### Files to create
```
memento-note/
├── lib/consent/cookie-consent.ts # NEW — source of truth
├── lib/analytics/track.ts # NEW — gated no-op + future hook
├── hooks/use-cookie-consent.ts # NEW
├── components/legal/cookie-consent-banner.tsx # NEW
├── components/legal/cookie-preferences-dialog.tsx # NEW
├── components/legal/cookie-consent-root.tsx # NEW — client wrapper
```
### Files to update
| File | Change |
|------|--------|
| `app/layout.tsx` | Render `<CookieConsentRoot />` after providers |
| `app/(main)/settings/general/general-settings-client.tsx` | “Cookie preferences” button |
| `memento-note/locales/*.json` (×15) | `consent.banner.*`, `consent.preferences.*` |
| `components/error-reporter.tsx` | Comment: necessary cookie / operational, not analytics |
**Do not modify** unless required: `middleware.ts`, `auth.ts`, Stripe/billing routes, BYOK, entitlements.
### Suggested consent record shape
```typescript
type ConsentRecord = {
version: 1
necessary: true // always true
analytics: boolean
marketing: boolean
updatedAt: string // ISO
}
```
Storage keys: `localStorage['memento-consent-v1']`; cookie name `memento-cookie-consent` (JSON base64 or simple flags).
### Authenticated user sync
```typescript
// On accept analytics:
await updateAISettings({ anonymousAnalytics: true })
// On reject:
await updateAISettings({ anonymousAnalytics: false })
```
Load initial dialog state: if logged in, prefer DB `anonymousAnalytics` **only when** local consent missing (first merge); after user sets banner, local record wins until they change preferences again.
### Analytics future-proofing
`saas-deployment-prep.md` documents PostHog (§D) and Umami (docker). For 4.1:
- Implement `hasAnalyticsConsent()` check only.
- When Epic 3+/growth work adds PostHog, initialize in a client provider **inside** `if (hasAnalyticsConsent())` — EU host `https://eu.i.posthog.com` when configured.
### Previous epic intelligence (Epic 3)
| Story | Relevance |
|-------|-----------|
| 3.6 Stripe billing | Billing UI at `/settings/billing` — unaffected; no Stripe cookies in 4.1 |
| 3.5 BYOK | Unrelated to cookie categories |
| 3.13.4 Quotas | Unaffected |
No previous story in Epic 4 (`story_num === 1`).
### Git intelligence (recent)
Recent work focused on design system, brainstorm, billing meter, dead-code cleanup — **no consent code** in recent commits. Safe greenfield within `components/legal/` and `lib/consent/`.
### Project structure notes
- App root: `memento-note/`
- Settings layout: `app/(main)/settings/layout.tsx` + `SettingsNav.tsx`
- i18n: `lib/i18n/LanguageProvider.tsx`, 15 locales under `locales/`
- **Database safety:** No reset; no migration required for 4.1 if using existing `anonymousAnalytics` column only
### Testing
Per project policy: **no new automated tests** unless user explicitly requests. Use Task 5 manual checklist only.
### References
- [Source: docs/epics.md — Epic 4, Story 4.1]
- [Source: docs/ux-design-specification.md — Flux d'Onboarding Légal, Emplacement Légal]
- [Source: docs/epics.md — NFR-GDPR1]
- [Source: memento-note/docs/saas-deployment-prep.md — §D PostHog/GDPR]
- [Source: memento-note/app/layout.tsx — root scripts & ErrorReporter]
- [Source: memento-note/app/actions/ai-settings.ts — anonymousAnalytics]
- [Source: memento-note/prisma/schema.prisma — UserAISettings.anonymousAnalytics]
---
## Dev Agent Record
### Agent Model Used
{{agent_model_name_version}}
### Debug Log References
### Completion Notes List
### File List

View File

@@ -1,5 +1,5 @@
# generated: 2026-05-14T16:06:50Z
# last_updated: 2026-05-15T20:00:00Z
# last_updated: 2026-05-16T21:00:00Z
# project: Momento
# project_key: NOKEY
# tracking_system: file-system
@@ -35,7 +35,7 @@
# - Dev moves story to 'review', then runs code-review (fresh context, different LLM recommended)
generated: 2026-05-14T16:06:50Z
last_updated: 2026-05-15T20:00:00Z
last_updated: 2026-05-16T21:00:00Z
project: Momento
project_key: NOKEY
tracking_system: file-system
@@ -48,10 +48,10 @@ development_status:
3-3-smart-routing-fallback: done
3-4-host-pays-session-logic: done
3-5-secure-byok-management: review
3-6-stripe-subscription-tiers: ready-for-dev
3-6-stripe-subscription-tiers: review
epic-3-retrospective: optional
epic-4: backlog
4-1-gdpr-cookie-consent: backlog
epic-4: in-progress
4-1-gdpr-cookie-consent: ready-for-dev
4-2-gdpr-right-to-be-forgotten: backlog
4-3-data-portability: backlog
4-4-explicit-ai-consent: backlog