Scout
wiki/decisions/2026-07-03-email-first-beta-registration-supersedes-stripe-first.md
ADR: Email-First Beta Registration Supersedes Stripe-First Beta Onboarding
Date: 2026-07-03 Status: Accepted
Context
Scout's hosted beta onboarding records contained conflicting decisions. Earlier
work explored a card-backed $0 Stripe setup flow as the public beta path, but
the currently deployed product surface at https://scout.chowmes.com/beta and
the live hosted status endpoint now use direct name/email beta registration.
The status endpoint contract now reports:
public_self_service_path: email_beta_registration_with_checkout_hookpublic_beta_key_endpoint: /v1/hosted/beta-keybeta_signup_enabled: true- checkout/webhook/key-delivery readiness as separate booleans
Decision
The public beta path is email-first registration through
POST /v1/hosted/beta-key. Stripe remains the paid checkout path and may be
used through the existing $0 beta setup hook once checkout is fully
configured, but the public copy and primary button should not advertise
checkout-first onboarding while production is blocked by external Stripe/SMTP
configuration.
Rationale
- Email-first registration is lower friction for private beta testers.
- It avoids shared beta passwords while still capturing name and email.
- It lets Scout record pending signups even before SMTP delivery is configured.
- It keeps raw API keys out of browser responses and OpenAPI schemas.
- Stripe setup remains valuable for paid checkout and future payment-method verification, but it should not block the first beta signup surface.
Alternatives Considered
| Option | Why rejected |
|---|---|
| Shared invite password before key creation | Weak attribution, easy sharing, poor SaaS onboarding pattern. |
Stripe-first $0 beta setup as the only public path |
Useful later, but currently blocks beta access on Stripe secret, webhook, and SMTP setup. |
| Manual admin key generation only | Works for emergency internal consumers, but does not satisfy self-service beta onboarding. |
| Returning raw API keys in the browser | Rejected for security; the one-time raw key is delivered by email when SMTP is configured. |
Consequences
/betauseshostedKeyFormand posts to/v1/hosted/beta-key./v1/billing/stripe/statusexposes the beta path asemail_beta_registration_with_checkout_hook.- Missing SMTP means signups are queued as
pending_delivery; no account, key, or credits are created until delivery can happen. - Operators must configure SMTP and then process pending signups before calling beta self-service fully operational.
- Paid credit packages remain blocked until Stripe secret, price IDs, success/cancel URLs, webhook secret, and SMTP delivery are configured and smoke-tested.
- Older vault notes saying "public beta signup is Stripe setup first" or "card-backed beta with email queue fallback is primary" are superseded by this ADR and should be treated as historical context only.
Verification
- Repo:
/Users/arijitchowdhury/Dropbox/AI-Development/Scout - Branch:
codex/scout-saas-prod-ready - Latest local correction: beta page copy and
/v1/billing/stripe/statuscontract now use email-first registration with a checkout hook. - Public beta page contains
hostedKeyForm,/v1/hosted/beta-key, andRegister for Beta API Key. - Public beta page keeps
/v1/billing/stripe/checkout-sessiononly as a readiness-gated hook, not as the primary public CTA. - Focused verification for the latest correction reported:
91 passed, 2 warnings- Pyright:
0 errors - Ruff: all checks passed
Remaining Work
- Configure hosted SMTP delivery.
- Smoke-test hosted key email delivery.
- Drain
pending_deliverybeta signups. - Configure Stripe secret, success/cancel URLs, paid package price IDs, and webhook secret.
- Run Stripe checkout, webhook, credit top-up, and emailed-key delivery smoke.