Skip to content

feat: web login for a chat-registered account (cross-channel bridge)#35

Merged
Lelevinson merged 1 commit into
mainfrom
feat/web-login-for-chat-account
Jun 11, 2026
Merged

feat: web login for a chat-registered account (cross-channel bridge)#35
Lelevinson merged 1 commit into
mainfrom
feat/web-login-for-chat-account

Conversation

@Lelevinson

Copy link
Copy Markdown
Owner

The gap

A customer who registered over a chat channel (e.g. WhatsApp) had a customers + accountLinks identity but no web credential — so they could browse but never sign in to the storefront, and registering fresh on the web would create a separate customer (different cart/orders). This was the known, deliberately-deferred "cross-channel bridge."

The fix

A web "Set up web login" flow at /register/link: username + password + the account's accountCodelinkWebCredentialToExistingCustomer verifies the code and attaches a Credential + a web AccountLink to the existing customerId. The web session then resolves to the same customer (same cart/orders).

It is the web-side symmetric twin of the chat shop_account_link_existing tool, gated by the same accountCode → the same demo-grade security level, explicitly not stronger identity proof (the accountCode is a stand-in for an out-of-band OTP — see ARCHITECTURE §5). Refuses an unrecognized code, an account that already has a web login (one credential per account), and a taken username; writes an account.web_link_existing audit log.

shop_account_register now returns the generated accountCode, and the account-registration skill reads it back so a chat-registered customer knows what to enter.

Coverage

  • shop:eval +4 (94 total): claim → SAME customer (+ audit + hashed pw + no dup customer); wrong code refused (creates nothing); already-has-web refused; taken username refused.
  • Verified live via Puppeteer: a WhatsApp-registered "Bridgey" used /register/link with her code → redirected logged-in → store shows one customer with both whatsapp/+886… and web/bridgey links, password hashed.
  • Backend typecheck + web next build clean.

Notes

  • ARCHITECTURE §5 updated first (promoted from deferred; demo-grade caveat preserved).
  • No new authority/data domain — reuses credentials + accountLinks. No money, no MCP-tool change (the register tool's response widened by one field).

🤖 Generated with Claude Code

Closes the gap where a customer who registered over a chat channel (e.g.
WhatsApp) had a customer + account-link but no web credential, so they
could not sign in to the storefront.

New web "Set up web login" flow at /register/link: the customer supplies a
username + password + their accountCode, and linkWebCredentialToExistingCustomer
verifies the code and attaches a Credential + a web AccountLink to the
EXISTING customerId — so the web session resolves to the same customer
(same cart/orders). It is the web-side symmetric twin of the chat
shop_account_link_existing tool, gated by the same accountCode, and so the
same demo-grade security level (not stronger identity proof). Refuses an
unrecognized code, an account that already has a web login, and a taken
username; writes an account.web_link_existing audit log.

shop_account_register now returns the new accountCode, and the
account-registration skill reads it back so a chat-registered customer
knows what to enter on the web.

ARCHITECTURE §5 updated first (promoted from the deferred list, demo-grade
caveat). shop:eval +4 (94 total): claim → same customer, wrong code refused,
already-has-web refused, taken username refused. Verified live via Puppeteer:
WhatsApp-registered "Bridgey" claimed a web login and landed on the same
customer (whatsapp + web links, one customer record, hashed password).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@Lelevinson Lelevinson merged commit 7b0f292 into main Jun 11, 2026
2 checks passed
@Lelevinson Lelevinson deleted the feat/web-login-for-chat-account branch June 11, 2026 07:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant