2026-04-04

PRs shipped

• #32 — Timed XP buff system — check-in triggers 2x XP buff for 60 minutes, admin-configurable buff definitions, charge system for waypoints
• #34 — Auto-apply store discount at Square POS — Square Customer Groups + Catalog Pricing Rules for tier-based discounts (Silver 10%, Gold 20%, Mithril 25%)
• #38 — Email verification for members — Payload auth.verify, verification email on signup, login blocked until verified, dashboard banner with resend button, lint cleanup

Email verification

No email verification existed — anyone could sign up as any email. Members can already log in on prod and we’re onboarding tomorrow, so this was urgent.

Used Payload’s built-in auth.verify which handles token generation, email sending on signup, and a verify endpoint. Payload blocks login until _verified is true, which is stricter than just a banner.

Reviewed against best practices:

• Token is crypto-random, HTML is escaped, resend requires auth
• Resend rate limiting not needed at current scale (Resend limit is 5 req/s, and you can only spam yourself)
• Found and fixed XSS in the resend action (name wasn’t escaped in email HTML)

Staff dashboard design

Discussed what staff need to see when a customer checks in. Wrote up guild-staff-dashboard with three layers:

1. The Glance — name, tier, points balance, subscription status, Square customer link (for attaching to POS checkout)
2. The Conversation — recent purchases, visit frequency, birthday, member since
3. The Admin — transaction ledger, manual adjustments, subscription management

Key insight: Square POS doesn’t have an API to inject a customer into an in-progress sale. Staff sees the check-in card and manually attaches in Square. The auto-discount via Customer Groups already works once attached.

Onboarding redesign — character creation flow

Designed the full onboarding flow as RPG character creation. Wrote up guild-onboarding-flow.

Flow: email (magic link) → name your character → choose your path (tier) → payment → “your adventure begins” (character sheet reveal)

Class unlock at Level 3

Originally planned to add class selection to the signup form, but realized: in MapleStory you’re jobless until level 10, and D&D 5e 2024 gives you your subclass at level 3. Class should be earned, not picked from a dropdown.

Level 3 (4,000 XP) is the sweet spot — achievable in 1-2 weeks of normal activity (a few visits + a purchase or two). Level 10 (360,000 XP) would require $3,600 in spending, way too far.

New members start as “Adventurer.” Dashboard shows progress toward Level 3 with a prompt. At unlock: full-screen class selection overlay — the screenshot-and-share moment.

Magic link auth

Discussed auth strategy for when the free tier launches. Current password + email verify is fine for paid members (Stripe is the identity anchor). But free tier has no payment barrier — email squatting becomes trivial.

Magic link solves both: verification IS the auth, no passwords at signup, works for free and paid. Payload supports custom auth strategies that can implement this. Saving for the free tier launch.

Action items

• Merge #38 and run migration on prod
• Set existing prod members to _verified = true
• Onboard members tomorrow — current flow works
• Design class selection unlock UI for dashboard (Level 3 milestone)
• Plan magic link auth for free tier launch