chopshopr
Monetization integration tracker

Patreon Integration Tracker

A source-backed goal board for turning Chopshopr into a Patreon-aware product path: OAuth first, entitlement sync second, webhook truth third, then launch proof.

Open goal board Support handoff Ready
Goals 0

tracked from account setup through live verification.

Blockers 0

hard gates that require account credentials, secrets, or deploy access.

Audit Controls 0

launch-packet-derived proof checks across auth, data handling, entitlement lookup, launch handoff, operations, and live verification.

Evidence Slots 0

named proof receipts that must be filled before the Patreon release claim is true.

Completion Audit 0/0

objective-level requirements currently satisfied by source, test, and live evidence.

Goal series

Build the integration in the order failures become cheapest.

Each goal has an owner boundary, proof receipt, and falsifier. The board starts honest: the storage-backed server contract is test-backed; real access still needs Patreon account setup.

Launch control

The next operator move is generated from the same launch packet.

bun run patreon:launch-control -- --json turns the goals, blockers, runbook, and proof queue into a current-stage report. It keeps secret values, secret-id values, creator URLs, and member identities out of the artifact while showing the exact next command.

Launch rehearsal

The final-state sequence can be rehearsed without real credentials.

bun run patreon:launch-rehearsal -- --json --write-report memory-bank/artifacts/patreon-launch-rehearsal/latest-report.json creates a temporary support fixture and redacted synthetic deploy inputs, then proves the launch packet, launch control, and completion audit can all reach ready state. It does not call Patreon, call AWS, or mutate the committed support page.

Runtime preflight

The deploy environment now has its own redacted go/no-go check.

bun run patreon:runtime-preflight -- --json --write-report memory-bank/artifacts/patreon-runtime-preflight/latest-report.json compares the CDK deploy inputs from the shell or the same private operator env file, Lambda runtime readiness contract, exact OAuth callback, support handoff, and post-deploy live parity command before the release claim moves forward. It reports keys and counts, not secret values, secret-id values, or the env-file path.

Production audit

The deployed AWS and live-domain state now has its own redacted receipt.

bun run patreon:production-audit -- --json --write-report memory-bank/artifacts/patreon-production-audit/latest-report.json checks the CloudFormation stack, deployed Patreon Lambda key presence, public readiness endpoint, and protected proof readiness without printing Lambda environment values, secret values, secret-id values, physical resource ids, member ids, or emails. The protected form adds --protected --sync-secret-id "$CHOPSHOPR_PATREON_SYNC_SECRET_ID" and a real member lookup input.

Release gate

The current release now has a single go/no-go auditor.

bun run patreon:release-gate -- --json --live --strict --expected-revision "$(git rev-parse --short=12 HEAD)" --write-report memory-bank/artifacts/patreon-release-gate/latest-report.json compares the local release revision with the public route's x-amz-meta-chopshopr-site-revision header, confirms the worktree is clean, and imports the final redacted Patreon receipts. It prints no secret values, secret-id values, member ids, or emails. The tracker also reads its own live revision header in the browser so committed dashboard data does not need to carry stale post-deploy proof.

The gate imports the operator account-input env receipt first, so the Patreon app, callback, campaign, and secret-destination handoff can turn green before deploy, webhook capture, protected member lookup, and completion proof run.

Release proof

The last three receipts stay visible until the external Patreon loop is real.

The tracker imports memory-bank/artifacts/patreon-webhook-capture/latest-report.json, memory-bank/artifacts/patreon-live-proof/latest-report.json, and memory-bank/artifacts/patreon-completion-report/latest-report.json when dashboard data is regenerated. Each receipt reports only status, counts, committed artifact paths, and blocker ids.

Operator env check

Account-input readiness now has a redacted local validator.

bun run patreon:operator-env-check -- --write-env-template memory-bank/artifacts/patreon-operator-env-check/operator.env.template writes a blank private-copy starter with the exact callback URI and no secret or secret-id values. bun run patreon:operator-env-check -- --json --strict --write-report memory-bank/artifacts/patreon-operator-env-check/latest-report.json validates the shell or a supplied --env-file before bootstrap. Set CHOPSHOPR_PATREON_OPERATOR_ENV_FILE to a filled private copy so launch packet, credential intake, launch control, completion report, CDK deploy, and secret bootstrap dry-runs read the same source without printing values or the file path. The deploy wrapper forwards only deploy-safe Patreon keys into CDK, not raw source secret values. The report records presence, source, exact callback shape, and next commands, while keeping secret values, secret-id values, creator URLs, member ids, and emails out of the report.

Credential intake

The external credential ask is now a non-secret artifact.

Generated by bun run patreon:credential-intake -- --json or bun run patreon:credential-intake -- --env-file "$CHOPSHOPR_PATREON_OPERATOR_ENV_FILE" --json, this checklist names every plain field, secret destination, private-input prompt, receipt path, and command needed before the first real Patreon deploy. The durable report path is memory-bank/artifacts/patreon-credential-intake/latest-report.json.

Operator handoff

The remaining Patreon-side work is packaged for a third-party operator.

Generated by bun run patreon:operator-packet -- --json, this packet lists the account inputs, secret destinations, webhook capture, support activation, and live-proof commands without raw secret values or secret-id values. The durable report path is memory-bank/artifacts/patreon-operator-handoff/latest-report.json.

Evidence queue

The dashboard now tracks the receipt each gate still needs.

These slots are generated from bun run patreon:launch-packet -- --json. A gate stays blocked until its owner, missing inputs, proof requirement, and verifier command all line up with real evidence.

Completion audit

The requested end state is tested requirement by requirement.

This audit preserves the full objective: Patreon integration, goal series, auditing, and the public HTML tracker. Local contracts can be satisfied; launch claims stay blocked until live Patreon credentials, webhook capture, and member proof exist.

Audit ledger

Every milestone needs a receipt before it can move right.

This ledger translates Patreon documentation into Chopshopr-specific checkpoints, without putting client secrets, access tokens, refresh tokens, or webhook secrets into browser code.

Area Gate Proof required Risk Status
System map

Keep Patreon trust at the server boundary.

The browser can show progress and start account linking. Client secret stays server-side; token exchange, token storage, webhook verification, and entitlement decisions stay behind Chopshopr server code.

1 Client registration

Patreon creator account, client id, client secret, allowed redirect URI.

www.patreon.com/oauth2/authorize
2 OAuth callback

Stored state verification, one-time code handling, server-side token exchange, receipt, and scheduled refresh.

/api/patreon/oauth/callback
3 Member sync

Campaign lookup, paginated member ingestion, email-scoped match where approved.

/api/patreon/sync -> /api/oauth2/v2/campaigns/{campaign_id}/members
4 Webhook truth

Member and pledge triggers update local entitlement state after HMAC validation.

/api/patreon/webhook
Backend contract

The route now fails closed until Patreon is actually configured.

/api/patreon/readiness reports missing environment keys. The local audit command is bun run patreon:audit -- --json. OAuth and webhook actions refuse to proceed without server-side secrets. OAuth start stores state in a retained server-side session table. The callback exchanges codes against www.patreon.com/api/oauth2/token, stores access and refresh tokens server-side, returns only a token receipt, and rotates expiring token rows every six hours. Protected manual refresh is available at /api/patreon/oauth/refresh. /api/patreon/sync requires x-chopshopr-patreon-sync-secret, reads paginated campaign members, and writes stored entitlement records. /api/patreon/entitlement uses the same admin secret to look up member access by member id or email and returns only active, tier, access, source, and timestamp receipts. It does not return member email or full name. /api/patreon/webhooks uses the same admin secret to list or create Patreon webhooks while redacting returned signing secrets. Webhook endpoint validates X-Patreon-Signature against raw request body. Webhook delivery still lands at /api/patreon/webhook, which validates X-Patreon-Signature against raw request body before updating the retained entitlement table. Live receiver proof still requires storing Patreon's webhook signing secret in the deployed server secret store. Release verification runs through bun run patreon:live-verify -- --base-url https://chopshopr.ai --json; that public proof checks the tracker route, the /support/ handoff marker, the no-local-checkout boundary, tier-code parity, and the readiness endpoint. Protected webhook ops and entitlement probing require --protected plus the admin sync secret. Access lookup proof can add --member-id or --email, and the verifier redacts returned secret and identity fields. The public supporter handoff lives at /support/, keeps the Patreon page marked pending, and has no local checkout. Launch sequencing is now captured by bun run patreon:launch-packet -- --json, which maps every remaining CHOPSHOPR_PATREON_* deploy input, Secrets Manager id, support-page, and live-verifier gate to an owner without printing secret values. bun run patreon:launch-runbook -- --json --write-report memory-bank/artifacts/patreon-launch-runbook/latest-report.json turns that packet into the two-pass operator path: generated webhook placeholder for first deploy, bun run patreon:webhook-capture -- --apply --json creation/capture that writes the returned signing secret to Secrets Manager without printing it, bun run patreon:activate-support -- --dry-run --json validation for the real creator URL, support-page flip, redeploy, and live member proof. bun run patreon:credential-intake -- --json --write-report memory-bank/artifacts/patreon-credential-intake/latest-report.json emits the private-input credential intake and receipt checklist without raw secrets, with an operator env-file copy able to drive launch control, completion report, packet refresh, secret bootstrap dry-runs, and deploy-safe CDK runtime wiring. bun run patreon:operator-packet -- --json --write-report memory-bank/artifacts/patreon-operator-handoff/latest-report.json emits the external operator account, secret-destination, webhook, support, and live-proof packet without raw secrets. bun run patreon:launch-rehearsal -- --json --write-report memory-bank/artifacts/patreon-launch-rehearsal/latest-report.json runs a redacted synthetic ready-state rehearsal across the same launch packet, launch control, and completion audit without calling Patreon or AWS. bun run patreon:production-audit -- --json --write-report memory-bank/artifacts/patreon-production-audit/latest-report.json records the deployed stack, Lambda runtime-key presence, public readiness, and protected-proof readiness without printing Lambda environment values or physical resource ids. bun run patreon:release-gate -- --json --live --strict --expected-revision "$(git rev-parse --short=12 HEAD)" --write-report memory-bank/artifacts/patreon-release-gate/latest-report.json ties the current git revision to the live deployed metadata header and imports the final production, webhook, live-proof, and completion receipts into one release go/no-go artifact. bun run patreon:operator-env-check -- --write-env-template memory-bank/artifacts/patreon-operator-env-check/operator.env.template keeps the first account-input handoff as a blank dotenv artifact before any strict check or secret bootstrap. The public tracker data is regenerated with bun run patreon:launch-packet -- --write-dashboard-data sites/chopshopr/labs/patreon-integration/dashboard-data.js so the HTML goal board stays tied to the same readiness audit. The final protected verifier can write memory-bank/artifacts/patreon-live-proof/latest-report.json with redacted dashboard, readiness, webhook, and entitlement proof for release review with --sync-secret-id "$CHOPSHOPR_PATREON_SYNC_SECRET_ID". The objective completion state can be captured with bun run patreon:completion-report -- --env-file "$CHOPSHOPR_PATREON_OPERATOR_ENV_FILE" --json --live-base-url https://chopshopr.ai --protected --sync-secret-id "$CHOPSHOPR_PATREON_SYNC_SECRET_ID" --aws-profile "PowerUserAccess-837098963105" --member-id "$CHOPSHOPR_PATREON_PROOF_MEMBER_ID" --strict --write-report memory-bank/artifacts/patreon-completion-report/latest-report.json so the goal, audit, evidence, blocker, completion, private env-file source, and live-verifier ledger is saved without secret values, secret-id values, or env-file paths.

Launch board

Definition of done for a real Patreon-backed Chopshopr release.

Local proof

OAuth state/token receipt and refresh tests, paginated sync fixture, protected entitlement lookup fixture, webhook create/list fixture, webhook HMAC fixture, entitlement storage tests, launch rehearsal report, and live verifier mock tests.

Staging proof

Registered redirect URI, creator account secrets, Patreon creator page URL, sync backfill, protected entitlement lookup by member id/email, webhook registration receipt, captured webhook signing secret, no browser secrets.

Live proof

bun run patreon:webhook-capture -- --apply --json --base-url https://chopshopr.ai --creator-token-secret-id "$CHOPSHOPR_PATREON_CREATOR_ACCESS_TOKEN_SECRET_ID" --webhook-secret-id "$CHOPSHOPR_PATREON_WEBHOOK_SECRET_ID" --aws-profile "PowerUserAccess-837098963105" --write-report memory-bank/artifacts/patreon-webhook-capture/latest-report.json, bun run patreon:production-audit -- --json --protected --sync-secret-id "$CHOPSHOPR_PATREON_SYNC_SECRET_ID" --aws-profile "PowerUserAccess-837098963105" --member-id "$CHOPSHOPR_PATREON_PROOF_MEMBER_ID" --strict --write-report memory-bank/artifacts/patreon-production-audit/latest-report.json, bun run patreon:live-verify -- --base-url https://chopshopr.ai --protected --sync-secret-id "$CHOPSHOPR_PATREON_SYNC_SECRET_ID" --aws-profile "PowerUserAccess-837098963105" --member-id "$CHOPSHOPR_PATREON_PROOF_MEMBER_ID" --json --strict --write-report memory-bank/artifacts/patreon-live-proof/latest-report.json, bun run patreon:completion-report -- --env-file "$CHOPSHOPR_PATREON_OPERATOR_ENV_FILE" --json --live-base-url https://chopshopr.ai --protected --sync-secret-id "$CHOPSHOPR_PATREON_SYNC_SECRET_ID" --aws-profile "PowerUserAccess-837098963105" --member-id "$CHOPSHOPR_PATREON_PROOF_MEMBER_ID" --strict --write-report memory-bank/artifacts/patreon-completion-report/latest-report.json, bun run patreon:release-gate -- --json --live --strict --expected-revision "$(git rev-parse --short=12 HEAD)" --write-report memory-bank/artifacts/patreon-release-gate/latest-report.json, real membership link, downgrade simulation, deploy verification, and redacted release receipts.

Sources

Primary Patreon documentation used for this tracker.