# Zavvion Events Human Architect Handoff Prepared: 2026-05-23 Updated for Lite Launch branch: 2026-05-25 This file is the practical handoff note for the senior architect taking the MVP through final deployment, client review, QA, Stripe test validation, and launch hardening. The active deploy-in-a-day branch is the Lite Launch slice: public/customer, organiser, and platform admin only. ## Current Runnable Location Local XAMPP copy: ```text C:\xampp\htdocs\zavvion-events ``` Local base URL: ```text http://localhost/zavvion-events/public/ ``` Git workspace: ```text C:\Users\chama\Documents\ZavvionEvents\zavvion-events ``` Current working branch: ```text codex-lite-launch-slice ``` ## Demo Credentials Use only for local MVP testing. Do not expose these accounts or review pages on an internet-facing production server. - Platform super admin: `admin@zavvion.test` / `ChangeMe123!` - Organiser owner: `organiser@zavvion.test` / `ChangeMe123!` - Customer: `customer@zavvion.test` / `ChangeMe123!` Other seeded operational demo accounts may exist in local data for later phases, but they are not Lite Launch personas. Change or disable all seeded credentials before any public deployment. ## URLs For Review - Public home: `http://localhost/zavvion-events/public/home.html` - Event listing: `http://localhost/zavvion-events/public/events.html` - Demo event: `http://localhost/zavvion-events/public/event.html?slug=demo-gala` - Checkout: `http://localhost/zavvion-events/public/checkout.html` - Customer account: `http://localhost/zavvion-events/public/account.html` - Organiser console: `http://localhost/zavvion-events/public/organiser.html` - Admin console: `http://localhost/zavvion-events/public/admin.html` - Theme gallery: `http://localhost/zavvion-events/public/theme-gallery.html` - Lite Launch showcase: `http://localhost/zavvion-events/public/mvp-showcase.html` - Profile walkthrough: `http://localhost/zavvion-events/public/mvp-profiles.html` - Product map: `http://localhost/zavvion-events/public/product-map.html` - Terms: `http://localhost/zavvion-events/public/terms.html` - Privacy: `http://localhost/zavvion-events/public/privacy.html` ## What Is MVP-Ready Locally For Lite Launch, the supported role surface is intentionally narrow: - Public/customer browsing, checkout draft, and customer account/ticket wallet. - Organiser event, venue, ticketing, payment-readiness, and finance basics. - Platform admin organiser approval, event/order/payment monitoring, fees/taxes/webhooks/health/settings, and public site controls. Deferred operational roles and modules are guarded in the Lite Launch profile and should not be advertised to production users. - Public event discovery and event detail are backed by the local MySQL API. - Reserved seating supports 15-minute seat holds, customer countdown messaging, checkout expiry handling, and server-side release commands. - Checkout drafts persist in MySQL and support reduce/remove edit controls. - Adult/child ticket rules are represented in ticket types and validated server-side for checkout combinations. - Event regional settings now support per-event country, city, currency, timezone, locale, date/time style, address display options, and payment method flags. - Public checkout server-side policy blocks cash, external terminal, manual, and other counter-only payment methods. - Scanner validation requires event/device context before attempting QR token resolution. - Platform fee policy is now constrained to one active global country policy or one event-specific override, with no priority/winner UI. - Admin role editing blocks `platform_super_admin` permission edits and role assignment to prevent accidental lockout. - Customer-facing pages require Terms and Conditions acceptance before browsing/buying; logged-in acceptance is recorded through the consent endpoint and anonymous acceptance is browser-local by version. - Checkout and legal copy state that organisers are responsible for refund decisions and approved refund processing when organisers collect payment. - Admin feature gates expose organiser feature controls; refunds are disabled by default unless the platform owner enables them. - Admin skin/theme catalog, rotation cadence controls, branding, banners, footer, notices, and disclaimers are present. - Organisers can manage event media metadata and preview organiser/event workflows. - Customer wallet, QR tickets, scanner validation, offline scanner sync foundations, reports, finance summaries, privacy tools, audit logs, and deployment readiness checks exist. ## Validation Evidence Run from: ```text C:\xampp\htdocs\zavvion-events ``` Latest local results: ```powershell C:\xampp\php\php.exe bin\check-mvp-smoke --base-url=http://localhost/zavvion-events/public # status: warning, critical_count: 0, warning_count: 1 # warning: create .env from .env.example before a full local run C:\xampp\php\php.exe bin\check-local-live-run --base-url=http://localhost/zavvion-events/public # status: warning, critical_count: 0, warning_count: 2 # warnings: fee/tax seed coverage and paid completion needs Stripe test credentials or local PAYMENT_MOCK_ENABLED=true outside production C:\xampp\php\php.exe bin\check-frontend-links --base-url=http://localhost/zavvion-events/public # status: ok, checked: 423, issue_count: 0, warning_count: 0 C:\xampp\php\php.exe bin\check-deployment-readiness # status: warning, critical_count: 0 # warnings: production env/secrets, ClamAV/media scanner, Stripe webhook/key setup C:\xampp\php\php.exe bin\check-production-launch --allow-warnings # status: ready, critical_count: 0, blocking_count: 0 # warnings remain and require launch-owner acceptance or configuration C:\xampp\php\php.exe bin\check-production-launch # status: blocked, critical_count: 0, blocking_count: 5 # blocked by production env/secrets, ClamAV/media scanner, and Stripe key/webhook setup C:\xampp\php\php.exe bin\check-stripe-readiness # ready: false # Stripe SDK installed; test keys, webhook secret, and connected organiser account still required C:\xampp\php\php.exe bin\repair-finance-integrity # planned_count: 0, unresolved_count: 0 after the latest local repair pass C:\xampp\php\php.exe vendor\bin\phpunit # Tests: 678, Assertions: 2482 # Result: OK in the working copy ``` Syntax/static checks: ```powershell node --check public\assets\js\zavvion-ui.js # passed node --check public\assets\js\checkout-page.js # passed node --check public\assets\js\events-page.js # passed node --check public\assets\js\admin-page.js # passed node --check public\assets\js\organiser-page.js # passed C:\xampp\php\php.exe -l public\index.php # No syntax errors detected C:\xampp\php\php.exe -l public\mvp.php # No syntax errors detected C:\xampp\php\php.exe composer.phar validate --strict # composer.json is valid C:\xampp\php\php.exe composer.phar audit # No security vulnerability advisories found ``` Local HTTP checks returned `200` for `home.html`, `checkout.html`, `terms.html`, `privacy.html`, `admin.html`, and `organiser.html`. Direct scanner API probe: ```powershell POST /api/v1/scanner/validate with only an invalid QR token # result: 401 Unauthorized # purpose: proves QR token resolution is not attempted without scanner event/device context ``` ## Human Architect Review Priorities Review these areas before any human-owned beta or production sign-off: 1. Payment/Stripe readiness: - Verify real Stripe test credentials, webhook signing, connected organiser account, and direct-charge/application-fee behavior. - Confirm browser redirect alone cannot mark orders paid. - Run a full paid Stripe test purchase and confirm webhook-issued tickets, QR tokens, ledger rows, fees, and event currency. 2. Production environment: - Resolve all five current `bin\check-production-launch` blockers. - Ensure `APP_ENV=production`, `APP_DEBUG=false`, `APP_LAUNCH_PROFILE=ticket-selling-v1`, runtime schema repair disabled, and real secrets are outside Git. 3. Database and migrations: - Review schema defaults that still fall back to UK/GBP in some tables. - Decide whether to drop default currency/country values so non-UK events must be explicit. - Add DB-level unique enforcement where code already prevents conflicts, especially active fee policies and Stripe connected account per organiser. - Review `seat_map_media` and `M260525191500AddSeatMapMedia.php`; customer reference PDF/image uploads are linked to reusable seat maps, not venues. 4. RBAC and tenant isolation: - Independently run a route-by-role matrix over admin, organiser, event manager, cashier, scanner, customer, and guest. - Confirm hidden menu items are also denied server-side. - Pay special attention to organiser-cross-tenant data, customer detail visibility, finance reports, staff editing, and scanner device APIs. 5. Checkout and seat integrity: - Re-test child/adult rules, selected seats equals ticket quantity, hold expiry, double booking, public cash rejection, and counter sale issuance. - Confirm terms acceptance is captured before any real paid checkout completion. 6. Frontend/UX: - Walk through `mvp-profiles.html` role launch screens in the in-app browser and an external browser. - Review mobile filter drawer, admin/organiser sidebar, checkout failure/retry, scanner page, customer account tabs, and public event seat selection. 7. Operational handover: - Confirm backup/restore, finance export delivery, ticket delivery provider, SMS/email provider, alert routing, support mailbox, and incident owners. - Confirm final legal copy for terms, privacy, refund/cancellation, organiser responsibility, cookie/consent, and age rules. ## Remaining Launch Owner Actions These are not code blockers for local MVP handoff, but they are required before claiming commercial production readiness: - Configure production/staging `.env`: `APP_ENV`, `APP_DEBUG=false`, real URL, HTTPS enforcement, session domain/path, and runtime schema repair disabled. - Replace `COOKIE_SECRET`, `QR_SIGNING_SECRET`, `MFA_OTP_SECRET`, and `SMS_OTP_SIGNING_SECRET` with long random secrets outside Git. - Connect Stripe test keys, webhook signing secret, and an onboarding-complete connected organiser account. - Complete a real Stripe test checkout and confirm the webhook issues tickets and reconciles ledger/settlement values. - Confirm PHP GD is active in the deployed web runtime, not only local CLI. - Configure ClamAV or managed malware scanning before internet-facing uploads. - Confirm outbound providers for ticket delivery, OTP, finance export delivery, and alert notifications if those are in launch scope. - Run real-device QA on small phone, large phone, tablet portrait, tablet landscape, desktop, and scanner device. - Confirm backup/restore drill, rollback plan, DNS/deployment switch plan, support inbox, and launch-room owners. - Have final public legal copy reviewed: terms, privacy, refund, cancellation, age policy, organiser responsibility, cookie notice, and consent wording. ## Recommended Human Architect Sequence 1. Pull/receive the latest code and run `composer install` if `vendor/` is not present. 2. For local testing, apply `.env.example` to `.env`; for staging/production, start from `.env.production.example` and replace every placeholder secret/provider value outside Git. 3. Install a local/staging database with `C:\xampp\php\php.exe bin\install-database --fresh --yes`; see `docs/database-install.md`. 4. Run the validation commands above. 5. Perform the QA walkthrough in `docs/mvp-launch-checklist.md`. 6. Connect Stripe test mode and run the first paid checkout from event detail through webhook-issued ticket. 7. Review deployment readiness and production launch gate without `--allow-warnings`. 8. Commit/tag the release, deploy to staging, run one complete rehearsal, then decide go/no-go. ## Known Intentional Deferrals - Stripe disputes and automated platform-managed refunds are intentionally out of scope for the current launch policy. - Structured family-ticket bundle rules are deferred; current MVP uses configurable ticket types and descriptions. - Full Yii 3 controller/repository migration is deferred; the current MVP router is intentionally preserved for launch stability. - Production CDN/object-storage migration can follow if local public uploads are accepted only as a temporary MVP fallback.