feat: web login for a chat-registered account (cross-channel bridge)#35
Merged
Conversation
Closes the gap where a customer who registered over a chat channel (e.g. WhatsApp) had a customer + account-link but no web credential, so they could not sign in to the storefront. New web "Set up web login" flow at /register/link: the customer supplies a username + password + their accountCode, and linkWebCredentialToExistingCustomer verifies the code and attaches a Credential + a web AccountLink to the EXISTING customerId — so the web session resolves to the same customer (same cart/orders). It is the web-side symmetric twin of the chat shop_account_link_existing tool, gated by the same accountCode, and so the same demo-grade security level (not stronger identity proof). Refuses an unrecognized code, an account that already has a web login, and a taken username; writes an account.web_link_existing audit log. shop_account_register now returns the new accountCode, and the account-registration skill reads it back so a chat-registered customer knows what to enter on the web. ARCHITECTURE §5 updated first (promoted from the deferred list, demo-grade caveat). shop:eval +4 (94 total): claim → same customer, wrong code refused, already-has-web refused, taken username refused. Verified live via Puppeteer: WhatsApp-registered "Bridgey" claimed a web login and landed on the same customer (whatsapp + web links, one customer record, hashed password). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This was referenced Jun 11, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The gap
A customer who registered over a chat channel (e.g. WhatsApp) had a
customers+accountLinksidentity but no web credential — so they could browse but never sign in to the storefront, and registering fresh on the web would create a separate customer (different cart/orders). This was the known, deliberately-deferred "cross-channel bridge."The fix
A web "Set up web login" flow at
/register/link: username + password + the account'saccountCode→linkWebCredentialToExistingCustomerverifies the code and attaches aCredential+ awebAccountLinkto the existingcustomerId. The web session then resolves to the same customer (same cart/orders).It is the web-side symmetric twin of the chat
shop_account_link_existingtool, gated by the sameaccountCode→ the same demo-grade security level, explicitly not stronger identity proof (theaccountCodeis a stand-in for an out-of-band OTP — see ARCHITECTURE §5). Refuses an unrecognized code, an account that already has a web login (one credential per account), and a taken username; writes anaccount.web_link_existingaudit log.shop_account_registernow returns the generatedaccountCode, and theaccount-registrationskill reads it back so a chat-registered customer knows what to enter.Coverage
/register/linkwith her code → redirected logged-in → store shows one customer with bothwhatsapp/+886…andweb/bridgeylinks, password hashed.next buildclean.Notes
credentials+accountLinks. No money, no MCP-tool change (the register tool's response widened by one field).🤖 Generated with Claude Code