30 — Milestone 2 Delivery Plan (Blueprint §9.2)
Cursor-ready execution plan for Milestone 2: public token page, media upload/storage, and moderation inbox/detail.
30 — Milestone 2 Delivery Plan (Blueprint §9.2)
Section titled “30 — Milestone 2 Delivery Plan (Blueprint §9.2)”Source: 02-Implementation-Blueprint.md — §9 Release Plan → Milestone 2 (2 weeks).
Milestone 2 blueprint scope:
- Public token page
- Media upload + storage
- Moderation inbox and detail page
This document is a build spec only. No code changes are implied until a task references this file.
Related: 06 (public submission), 09 (inbox), 10 (detail), 12 (moderation settings), 08 (security/compliance), 29 (Milestone 1 dependencies).
0) Goal (one sentence)
Section titled “0) Goal (one sentence)”Enable customers to submit token-bound video/photo testimonials and merchants to review/moderate them in admin with reliable media handling and secure validation.
1) Scope lock (what is included)
Section titled “1) Scope lock (what is included)”In scope
Section titled “In scope”-
Public submission flow:
/t/:tokenpage- token validation + consent requirement
- final submit API
-
Media handling:
- signed upload URL endpoint
- storage key/asset persistence
- processing status tracking (
uploaded/processing/ready/failed)
-
Moderation UI:
- submissions inbox (tabs/filters + bulk moderation basics)
- submission detail (preview, metadata, approve/reject/flag/publish controls)
Out of scope
Section titled “Out of scope”- Theme storefront widget rendering (Milestone 3)
- Analytics and billing pages (Milestone 3)
- Full UTM/source attribution
2) Dependencies from Milestone 1
Section titled “2) Dependencies from Milestone 1”Must already exist before Milestone 2 starts:
- campaign/request schema and webhook request creation (
29) - valid
submissionTokenandsubmissionUrlgeneration (07) - baseline route map and auth conventions (
21,24)
3) Deliverables
Section titled “3) Deliverables”D1 — Public token experience
Section titled “D1 — Public token experience”- Token route (
/t/:token) with:- valid / invalid / expired states
- product context locked from token
- consent checkbox required
D2 — Media upload and linkage
Section titled “D2 — Media upload and linkage”- Upload URL endpoint that returns short-lived signed URLs
- Media record (
TestimonialMediaAsset) linked to submission - Submission API stores media reference and request linkage atomically
D3 — Moderation operator UI
Section titled “D3 — Moderation operator UI”- Inbox (
/app/testimonials) with pending/approved/rejected/archived - Detail page (
/app/testimonials/:id) with media preview + moderation actions - Moderation action logs
4) Technical acceptance criteria
Section titled “4) Technical acceptance criteria”-
Public submit
- Valid token allows submission.
- Invalid/expired token blocked with safe message.
- Duplicate submit for same token returns idempotent conflict response.
-
Media flow
- Upload URL issued only for valid token/request context.
- Submission and media rows are linked correctly.
- Processing states visible in detail page.
-
Moderation
- New submissions appear in pending tab.
- Approve/reject actions persist and are auditable.
- Cross-shop access is blocked.
5) Test matrix (minimum)
Section titled “5) Test matrix (minimum)”Public flow
Section titled “Public flow”- valid token + video upload + submit
- valid token + photo upload + submit
- invalid token
- expired token
- duplicate submit (same token)
Moderation flow
Section titled “Moderation flow”- pending item appears in inbox immediately
- approve transitions to approved
- reject requires reason
- publish toggle available only when allowed by status rules
Security checks
Section titled “Security checks”- rate limit on public submit endpoints
- no sensitive token leakage in logs/errors
6) Risks and mitigations
Section titled “6) Risks and mitigations”-
Upload succeeds but submit fails
- Mitigation: keep orphan cleanup job by age/status.
-
Media processing delay causes moderation confusion
- Mitigation: explicit processing status badges and fallback previews.
-
Token abuse
- Mitigation: expiry + rate limits + short-lived upload URLs.
7) Suggested implementation order (Cursor)
Section titled “7) Suggested implementation order (Cursor)”- Implement token route loader + form shell.
- Implement upload-url endpoint + storage adapter.
- Implement submit endpoint transaction (submission + media + request status).
- Implement inbox list with filters and tabs.
- Implement detail page moderation actions and logs.
- Add security hardening and edge-case handling.
8) Done definition (Milestone 2)
Section titled “8) Done definition (Milestone 2)”Milestone 2 is complete when:
- customers can submit real media from token links,
- submissions are persisted and track media states,
- merchants can moderate from inbox/detail without manual DB operations,
- security checks for token/public endpoints are in place.
9) References
Section titled “9) References”02-Implementation-Blueprint.md— §9 Milestone 206-public-submission-page-screen-13.md09-submissions-inbox-screen-5.md10-submission-detail-screen-6.md12-moderation-settings-screen-9.md08-security-compliance-and-privacy.md
10) Note on numbering
Section titled “10) Note on numbering”This folder already includes 05 through 29 plans. This file is 30-....