PaymentsStatus & roadmap

Status & roadmap

What this is: the precise, un-rounded state of the system. Read this before quoting any capability as “done.”

Who it’s for: anyone deciding whether they can build on a piece of this yet, or reporting status upward.

What to read next: Operational guardrails · Architecture · Routing & failover.

🚫

Headline — do not round up. The Phase-A foundation is in review (PR #1222, LOO-2182) and inert: the orchestrator and vault are not on the live checkout path. The PSP charge legs are stubbed pending sandbox credentials; only the Basis Theory vault leg is real-tested (against a TEST tenant). Banks are secured but routing is not live. Going live is gated on counsel sign-off (LOO-2206), vendor sandbox credentials, and an NmiProvider (LOO-2192).

Legend

LabelMeaning
🟢 BuiltCode merged in the foundation PR; tested. May be inert (not wired to a live path).
🟡 StubbedA real interface exists, backed by a stub/skeleton; needs a real implementation or credentials.
🔶 GatedBlocked on a non-code prerequisite (counsel, banking, vendor creds, a confirmed tenant).
PlannedDesigned in ADR-0093; not yet built.

What’s built vs stubbed vs gated vs planned

CapabilityStateNotes
RoutingPolicyEngine (eligibility, kill-switch, ordering)🟢 Built · inertNot instantiated on the live charge path.
chargeAcrossProviders (cross-PSP cascade)🟢 Built · inertNo-double-charge invariant proven offline.
PaymentOrchestrator (composes the two)🟢 Built · inertResolves providers by name.
TokenVault / TokenChargeProvider interfaces🟢 BuiltThe two seams.
De-Striped, capability-segregated PaymentProvider🟢 BuiltLOO-2225.
EntityRegistry + 7-entity seed + payments.entities (0005)🟢 BuiltMID ids/statuses are Phase-0 placeholders (🔶).
Recon-ready ledger dimensions (accounting 0006)🟢 BuiltColumns only; recon engine is ⬜.
Canonical identity map (identity.user_external_ids, 0024)🟢 BuiltThe linchpin (LOO-2220).
PaymentSessionService + FulfillmentGate🟢 Built (skeleton)Mints pending sessions with placeholder URLs; gate is 🟡 in-memory.
No-double-charge + eligibility proof tests🟢 Built · passingOffline, against StubVault + StubProvider.
LOO-2203 idempotency fix (deterministic keys)🟢 BuiltReplaces randomUUID() key.
StripeProvider🟢 BuiltThe only real provider; legacy, hardcoded, no routing.
StubProvider / StubVault🟢 BuiltBack the offline proofs; honest fallback.
PSP charge legs (real money)🟡 StubbedNeed sandbox creds + NmiProvider.
BasisTheoryVault wiring into the service🔶 GatedBuilt, but not instantiated; needs a confirmed tenant (LOO-2189 / 2224). The vault leg is real-tested via a gated spike against a BT TEST tenant.
Live routing of real money🔶 GatedBanks secured; counsel sign-off (LOO-2206) + sandbox creds + NmiProvider (LOO-2192) required.
Cart→category derivation (bind product to intent)⬜ PlannedPrerequisite before any real MID routes money (LOO-2190 / 2227).
NmiProvider (first non-Stripe provider)⬜ PlannedLOO-2192 — proves the abstraction.
Own-clock subscription engine on vault tokens⬜ PlannedPhase B (ADR-0084).
Account-updater⬜ PlannedPhase B; depends on Loop-owned-TRID network tokens (LOO-2207).
Discount / price-resolution seam⬜ PlannedCross-system #2.
Real-time CDP customer-context API⬜ PlannedCross-system #4.
3-way reconciliation, reserves, MoR, tax, chargeback survival⬜ PlannedPhase C (e.g. LOO-2210).
LoopVault / own CDE (SAQ D)⬜ Planned · gatedPhase D destination; trigger-gated.

What PR #1222 actually ships

The foundation is the abstraction + the recon-ready data + the proofs, deliberately not a live money path:

  • the two seams (PaymentProvider de-Striped + TokenVault);
  • the three routing primitives with the no-double-charge + eligibility proofs (offline);
  • the entity registry + seed (Phase-0 placeholders) and payments.entity_id;
  • recon-ready ledger dimensions and the canonical identity map;
  • the payment-session contract + fulfillment-gate skeleton;
  • BasisTheoryVault (built, not wired) + a gated BT TEST-tenant spike.

It does not ship: a live charge through the orchestrator, a real PSP charge leg, a wired vault, or any of the Phase B/C/D capabilities.

Roadmap (from ADR-0093)

PhaseScopeState
Phase 0Banking & compliance (MID/TOS audit per LLC×product; ≥2 warm high-risk acquirers per RUO entity; counsel sign-off on the entity↔product↔MID matrix + MoR/tax; secure a Loop-owned TRID)🔶 In progress / gating — non-code, gates the software
Phase AThin slice (SAQ A): real entity_id + recon-ready dimensions; one NmiProvider auth+capture; provider-neutral attempt ledger + deterministic idempotency + eligibility-constrained failover + no-double-charge proof🟢/🟡 In review (PR #1222); abstraction + proofs built, live charge stubbed
Phase BExportable, high-risk-confirmed vault + network tokens (Loop-owned TRID); validate cross-acquirer portability; migrate recurring off Stripe Billing with account-updater + dunning⬜ Planned
Phase B-ROCScope-minimized Level 1 ROC (parallel, volume-triggered)⬜ Planned
Phase C3-way reconciliation per MID per entity; reserve/settlement modeling; chargeback monitoring (ECM/VAMP) + Ethoca/RDR + representment; MoR + sales-tax/VAT/nexus; KYC/AML + OFAC on payouts⬜ Planned
Phase DOwn CDE (SAQ D) — unchanged destination, trigger-gated⬜ Planned · gated

The gates to “live”

Every one of these is required before a single real charge routes through the orchestrator. None are satisfied yet.

Reference tickets

  • Epic: LOO-2182 (Unified Payment Orchestration) · PR: #1222
  • Entity model: LOO-2187 · Routing: LOO-2190 · Safety/no-double-charge: LOO-2208 · Spike: LOO-2226
  • De-Striping: LOO-2225 · Idempotency fix: LOO-2203 · Recon dimensions: LOO-2209 · Identity map: LOO-2220
  • Payment session: LOO-2222 · Hosted surface: LOO-2227 · Network tokens/TRID: LOO-2207
  • Gates: counsel sign-off LOO-2206 · NmiProvider LOO-2192 · BT wiring LOO-2189 / 2224 · Phase-0 LOO-2204 / 2205 / 2206
  • Governance: LOO-2215 (human sign-off on money paths) · Payouts KYC: LOO-2213

Ticket numbers are drawn from the ADR and the foundation code comments. For live status, the Linear epic LOO-2182 and its children are the source of truth.

See also