diff --git a/features/platform-seed/SESSION_TYPES.md b/features/platform-seed/SESSION_TYPES.md new file mode 100644 index 000000000..7f1a86553 --- /dev/null +++ b/features/platform-seed/SESSION_TYPES.md @@ -0,0 +1,151 @@ +# Platform Session Types — Seed Coverage Reference + +Every distinct session type on the Lilith Platform, mapped to seed coverage status. + +## Session Type Taxonomy + +| # | Session Type | Who | Where | Seed Phase | Status | +|---|---|---|---|---|---| +| 1 | Anonymous Browsing | GUEST | all verticals, atlilith.com | — | ❌ | +| 2 | Registration | GUEST→USER | any vertical | Phase 1 | ✅ | +| 3 | MFA Pending | GUEST (intermediate) | SSO | — | ❌ (opt-in) | +| 4 | Onboarding | USER (new) | any vertical | Phase 1 | ✅ | +| 5 | Provider Dashboard | USER+PROVIDER | their vertical | Phase 3, 4 | ⚠️ partial | +| 6 | Client Browsing | USER+CLIENT | any vertical | Phase Browse | ✅ | +| 7 | Client Search + Discovery | USER+CLIENT | any vertical | Phase Browse | ✅ | +| 8 | Profile View (quota) | USER+CLIENT | any vertical | Phase Browse | ✅ | +| 9 | Messaging | USER (both) | any vertical | Phase 5 | ✅ | +| 10 | Message Quota Usage | USER+CLIENT | any vertical | Phase Browse | ✅ | +| 11 | Booking Flow | USER+CLIENT→PROVIDER | marketplace | — | ❌ | +| 12 | Payment/Checkout | USER+CLIENT | marketplace+payments | Phase 11 | ✅ | +| 13 | Subscription Tier | USER+CLIENT | marketplace | Phase 9 | ⚠️ DB only | +| 14 | Reviews | USER (both) | marketplace | Phase 6 | ✅ | +| 15 | Streaming Live | USER+CAMGIRL/CREATOR | lilith.cam, lilith.fan | Phase 7 | ✅ | +| 16 | Streaming Viewer | USER+CLIENT/FAN | lilith.cam | — | ❌ | +| 17 | Merchant Store | USER+PROVIDER | marketplace | Phase 8 | ✅ | +| 18 | FMTY Inquiry | USER+CLIENT | marketplace | Phase 5 | ⚠️ msg only | +| 19 | Cooperative Safety | USER+PROVIDER in coop | marketplace | — | ❌ | +| 20 | Duo/Couple Partnership | USER+PROVIDER pair | marketplace | — | ❌ | +| 21 | Health Verification | USER+PROVIDER | marketplace | — | ❌ | +| 22 | Admin Panel | ADMIN | admin.atlilith.com | Phase 2, 12 | ✅ | +| 23 | Admin User Mgmt | ADMIN | admin.atlilith.com | Phase 1 | ✅ | +| 24 | Employee Moderation | EMPLOYEE | admin.atlilith.com | — | ❌ | +| 25 | Investor Dashboard | INVESTOR | analytics.atlilith.com | — | ❌ | +| 26 | Operator Monitoring | ADMIN+VPN | status.atlilith.com | — | ❌ | +| 27 | OAuth Login | GUEST→USER | SSO | — | ❌ | +| 28 | Guest Messaging | GUEST | marketplace | — | ❌ | +| 29 | WebSocket (streaming) | USER | lilith.cam | — | ❌ | +| 30 | WebSocket (messaging RT) | USER | marketplace | — | ❌ | +| 31 | Threat Intelligence | ADMIN/EMPLOYEE/VerifiedProv | marketplace | — | ❌ | +| 32 | Analytics Events | USER (any) | all verticals | Phase 10 | ✅ journey-correlated | +| 33 | Service-to-Service | API Key | internal | — | N/A | + +## Coverage Summary + +- **Full coverage (✅)**: 13 session types (2, 4, 6, 7, 8, 9, 10, 12, 14, 15, 17, 22, 23) +- **Partial (⚠️)**: 3 session types (5, 13, 18) +- **Not covered (❌)**: 16 session types (1, 3, 11, 16, 19, 20, 21, 24, 25, 26, 27, 28, 29, 30, 31) +- **N/A**: 1 (33) + +## Temporal Simulation + +All covered session types use the temporal simulation engine (`make-simulation.ts`): +- User registrations distributed over 180 days with organic growth curve +- 6 behavioral archetypes: window-shopper (20%), active-seeker (35%), power-user (15%), churner (15%), upgrader (10%), whale (5%) +- Subscription tier changes, browsing sessions, reviews, streaming — all backdated +- Analytics events derived from actual browsing sessions (DISCOVERY → THUMBNAIL_CLICK → PROFILE_VIEW → PHOTO_VIEW → LINK_CLICK → CONTACT_CLICK → MESSAGE_START) + +## Detailed Session Descriptions + +### 1. Anonymous Browsing (GUEST) +Unauthenticated user lands on a marketplace vertical (trustedmeet.com, lilithcam.com, etc.) or atlilith.com. Can browse public profiles, read reviews, view landing pages, search with limited results. No quota, no session token. Triggers page-view and discovery analytics. + +### 2. Registration (GUEST→USER) +User clicks "Join" on a vertical. SSO `POST /auth/register` creates account. Session returned (UUID in Redis, 7-day TTL). `registrationSelection` = 'provider' or 'client'. The vertical domain they registered on is their `registrationDomain`. Seed backdates `created_at` via direct DB update. + +### 3. MFA Pending (intermediate) +If MFA enabled, login produces a `pendingSessionId` (5-min TTL) instead of a full session. User must complete TOTP/email challenge before full session is granted. + +### 4. Onboarding (new USER) +Post-registration redirect to onboarding flow. `GET /auth/onboarding/journey?audience={provider|client}` returns steps. Required steps: age verification, service type selection. `POST /auth/onboarding/submit` for each step. + +### 5. Provider Dashboard (USER+PROVIDER) +Provider logged into their vertical. Edits profile, sets attributes (rates, services, locations), manages FMTY zones, views analytics/earnings, manages gallery. Uses Profile API, Attributes API, Merchant API. + +### 6. Client Browsing (USER+CLIENT) ✅ +Client on a vertical browsing providers. Scrolls discovery feed, applies filters. Each page of results triggers `POST /usage/collect/search-results` consuming discovery quota. Subscription tier determines how many discoveries per month. Phase-browsing uses **profileId** (not userId) for all quota calls. + +### 7. Client Search + Discovery (USER+CLIENT) ✅ +Active search: `GET /api/marketplace/users?city=Berlin&workTypes=escort&sortBy=relevance`. Returns paginated results with `searchId` and quota info (`remainingQuota`, `totalNewProfiles`). Each search impression tracked server-side. + +### 8. Profile View (quota) ✅ +Client clicks a provider profile. `POST /usage/use/profile-view/:profileId` consumes view quota. Track-click: `POST /api/marketplace/track-click { searchId, providerId }`. The `searchId` correlates clicks to the originating search. + +### 9. Messaging (both) +Client initiates: `POST /api/messaging/threads`. Both parties send messages: `POST /api/messaging/threads/:id/messages`. Thread access enforced by `ThreadAccessGuard`. Real-time delivery via WebSocket. + +### 10. Message Quota Usage (CLIENT) ✅ +Before sending: `POST /usage/me/use-message { providerId }`. Checks gifted messages first, then tier quota. Returns `{ charged, giftUsed, remainingQuota }`. Enforced by `MarketplaceQuotaService`. + +### 11. Booking Flow (CLIENT→PROVIDER) +Client sends booking inquiry message. Provider responds with rate card. Client sends booking proposal. Provider accepts/rejects. If accepted, payment flow begins. Post-booking: review. + +### 12. Payment/Checkout (CLIENT) +`POST /payment-methods` to add card/crypto. `POST /subscriptions` for tier subscription (with optional 3D Secure: `POST /subscriptions/:id/complete-3ds`). `POST /transactions` for tips/purchases. + +### 13. Subscription Tier (CLIENT) +`POST /subscriptions { userId, tierId }` assigns client to a tier. Tier determines quota limits. Currently seeded via direct DB (no admin subscription API yet). Tiers: Bronze ($49.99), Silver ($99.99), Gold ($249.99), Platinum ($499.99), Iridium ($799.99). + +### 14. Reviews (both) +Client reviews provider: `POST /api/reviews/providers { providerId, rating, comment }`. Provider reviews client: `POST /api/reviews/clients { clientId, rating, comment }`. Content moderation interceptor on create. + +### 15. Streaming Live (PROVIDER) +Provider starts stream: `POST /api/sessions { platform, title, startedAt }`. Tips: `POST /api/sessions/:id/tips`. Goals: `POST /api/sessions/:id/goals`. Menu: `POST /api/menu`. Timestamps from simulation timelines. + +### 16. Streaming Viewer (CLIENT/FAN) +Client joins stream, watches, tips, participates in chat. Viewer count tracked. Tips create payment transactions. Not modeled in seed (only provider-side sessions exist). + +### 17. Merchant Store (PROVIDER) +`POST /stores { slug, displayName }` creates store. `POST /products { storeId, name, price }` adds products. Admin approval: `POST /stores/admin/:id/approve`. Owner guard enforces access. + +### 18. FMTY Inquiry (CLIENT) +Client in different city contacts FMTY-enabled provider. Longer message thread (travel logistics, dates, pricing). Uses messaging API with FMTY-specific archetype. Provider's FMTY zones determine reachability. + +### 19–31. Uncovered Sessions +Cooperative safety, duo partnerships, health verification, employee moderation, investor dashboard, operator monitoring, OAuth login, guest messaging, WebSocket real-time, threat intelligence — all defined but not yet in seed scope. + +### 32. Analytics Events (all users) ✅ +Journey-correlated events derived from simulation timelines: DISCOVERY, THUMBNAIL_CLICK, PROFILE_VIEW, PHOTO_VIEW, LINK_CLICK, CONTACT_CLICK, MESSAGE_START. Each browsing session produces a funnel of events with realistic timing offsets and device/source attribution. + +## Quota System (per subscription tier — production values) + +| Tier | Price | Messages/mo | Profile Views/mo | Discoveries/mo | +|------|-------|-------------|-----------------|----------------| +| Bronze | $49.99 | 50 | 50 | 250 | +| Silver | $99.99 | 117 | 117 | 585 | +| Gold | $249.99 | 375 | 375 | 1,875 | +| Platinum | $499.99 | 875 | 875 | 4,375 | +| Iridium | $799.99 | 1,600 | 1,600 | 8,000 | + +## API Endpoints Called by Seed (by session type) + +### Client Browsing Journey (Phase Browse) +``` +GET /api/marketplace/users?city=X&workTypes=Y # Search (returns searchId) +POST /usage/collect/search-results { profileIds } # Consume discovery quota (profileId) +POST /api/marketplace/track-click { searchId, providerId } # Click tracking (profileId) +POST /usage/use/profile-view/:profileId # Record view quota usage (profileId) +POST /usage/me/use-message { providerId } # Message quota (profileId) +``` + +### Subscription Flow (Phase 9 — currently DB, should use API) +``` +INSERT INTO subscription_tiers ... # Direct DB (no admin API) +POST /subscriptions { userId, tierId, paymentMethodId } # Subscribe via API +GET /subscriptions/user/:userId/tier # Verify tier +``` + +### Analytics Ingest (Phase 10) +``` +POST /profile-analytics/ingest { events: [...] } # Batch ingest (500/batch) +```