Mantyl.devHosted passport · Private link
Sample — fictional projectMantyl VerifiedAccepted
Mantyl · Project passportSigned · e4f2a91
Projectbooking-app
Issued20 Jul 2026
BuilderR. Okafor — Studio North
RecipientHarbour & Co
Claims verified34 / 41
Unknowns6 surfaced
01Start here — the recipient's first hour
02Architecture & services
03Environment & setup — reproduced
04Decisions & abandoned approaches (8)
05Risk register & unknowns (6)
06Incomplete work (3)
07Verification log
08Acceptance record
P<MANTYL<<BOOKING<APP<<STUDIO<NORTH<<<<<<<<<E4F2A91C7<<34OF41VERIFIED<<ACCEPTED<<<<<<<<4
§ 01

Start here — the recipient’s first hour

Everything below is labelled: Verified means Mantyl executed it, Repo means the repository shows it, Agent only means only the coding-agent transcript claims it.

Verified quick start
git clone … booking-app && cd booking-app
cp .env.example .env # then fill 5 vars — see § 03
docker compose up -d && pnpm install
pnpm dev # localhost:3000 — verified from clean clone
§ 02

Architecture & services

A Next.js monolith with Postgres, Stripe and transactional email. No queues, no cron, one deliberate stateful dependency.

next@15 appApp Router, TypeScript, 12 routes — src/appRepo
postgres:16docker-compose.yml — bookings, users, payments schemasRepo
stripecheckout + webhooks — src/lib/payments.tsRepo
resendtransactional email — booking confirmations onlyRepo
vercelproduction deploy claimed by agent — no CI evidence foundAgent only
§ 03

Environment & setup

Five environment variables. Four documented; one discovered by inspection and missing from .env.example — fixed as part of this handover.

DATABASE_URLdocumented in .env.example, used in 4 modulesVerified
STRIPE_SECRET_KEYdocumented, test key verified against Stripe APIVerified
STRIPE_WEBHOOK_SECRETrequired by src/app/api/webhooks — absent from .env.exampleUndocumented
RESEND_API_KEYdocumented, not exercised in testsRepo
JWT_SECRETdocumented, rotation procedure unknownRepo
§ 04

Decisions & abandoned approaches

Eight decisions recovered from 47 agent sessions; four shown here. Yellow-flagged decisions exist only in agent history — this passport is now their record.

Sessions moved from Redis to signed JWTs

Rationale recovered from agent history: remove the only stateful infra dependency for the MVP and simplify deploys. Trade-off accepted at the time: no server-side session revocation. The repository contains no record of this decision outside the diff.

Session #31 · 12 Jun 2026Recorded here first

Double-booking prevention via Postgres exclusion constraint

Considered application-level locking first; abandoned after a race condition surfaced in testing. The constraint lives in migration 0009 and is exercised by tests. This is load-bearing — do not swap Postgres out casually.

Session #17 · 28 May 2026

Payments kept as Stripe Checkout redirect, not embedded elements

Chosen to minimise PCI scope and ship faster. The agent proposed embedded elements twice; both approaches were abandoned. Refund handling was deferred — see risk register.

Session #24 · 3 Jun 2026

Admin panel deferred in favour of direct SQL runbook

A minimal runbook of admin queries lives in docs/runbook.md. The agent transcript describes an admin UI as “nearly done”; no such code exists in the repository. Claim labelled accordingly.

Session #40 · 8 Jul 2026Recorded here first
§ 05

Risk register & unknowns

Six findings. None are hidden to make the passport look healthier — visible uncertainty is the point.

!Payment refund path has no tests and was never exercisednot tested
!Stripe webhook signature can't be verified without production keysrequires credentials
!“Rate limiting enabled” — contradicted, no middleware in repoagent only
~No backup or PITR configured for Postgresrepo
~Single admin user seeded by migration — credential rotation unclearrepo
~JWT revocation impossible by design — see decision 01decision
§ 06

Incomplete work

Webhook retry handlingTODO in src/app/api/webhooks/route.ts:41 — failures are logged, not retried
Booking cancellation emailstemplate exists, send call commented out pending copy approval
Admin UIdescribed in transcripts, not present in repository — runbook covers the gap
§ 07

Verification log

Executed on a clean machine on 20 Jul 2026 against commit e4f2a91. Checks either reproduced, or they are labelled — including the one that failed.

+clean clone → pnpm install → build succeeded41s · 20 Jul 14:02
+test suite: 42 passed · 0 failed · 3 skipped18s · 20 Jul 14:03
+tsc --noEmit: no type errors9s · 20 Jul 14:03
+docker compose up → migrations 0001–0014 applied27s · 20 Jul 14:04
~lint: 12 warnings, 0 errors — list attached20 Jul 14:04
!production deploy: claimed, not reproduced — no CI configunverified
§ 08

Acceptance record

The recipient accepted this delivery with the risk register and incomplete work acknowledged — not on the promise that none exist.

Delivered byR. Okafor
Studio North · 20 Jul 2026 · e4f2a91
Accepted byM. Harbour
Harbour & Co · 22 Jul 2026 · 6 findings acknowledged