docs(invitations): module README — referral substrate + reward architectures (#5 prep)

[PierreBrisorgueil]

User-requested doc (2026-06-11): explains the "Referral rewards — coming soon" seam — the 2 primitives written on accept (referredBy + the invitation.accepted event with invitationId as idempotency key, referrer AND referee identifiable), the 2 reward architectures (event-driven idempotent grant + reconcile cron for usage-based/cashback economies vs compute-on-read for static boosts), the settings-driven config pattern, the mandatory async-listener self-guard, and the #3833 gates. Docs-only. Part of #3808, preps #5.

Summary by CodeRabbit

• Documentation
  • Added comprehensive docs for the invitations module: admin CRUD, public token verification, and the two-step signup/claim flow.
  • Described referral behavior on acceptance (server-stamped referral link between users and an acceptance event) and pre-shipping gating requirements for rewards.
  • Documented two reward architectures (event-driven grants vs. compute-on-read) and outlined admin/account referral UI surfaces.

[coderabbitai]

Warning

Review limit reached

@PierreBrisorgueil, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 56 minutes and 19 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more credits in the billing tab to continue.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 2ac74cde-2fb0-45f1-8e20-f2ebfc4c6564

📥 Commits

Reviewing files that changed from the base of the PR and between a794115 and e0cce74.

📒 Files selected for processing (1)

• modules/invitations/README.md

Walkthrough

Adds comprehensive invitations module documentation: API routes, Invitation model, two-step claim/finalize signup flow, referral substrate (server-set user.referredBy and invitation.accepted event), two reward architectures (event-driven with idempotency + reconciliation, or compute-on-read), pre-shipping gates, and Vue UI surfaces.

Changes

Invitations Module Documentation

Layer / File(s)	Summary
Module API, data model, signup flow, and referral substrate modules/invitations/README.md	Describes module purpose and routes, Invitation fields, two-phase claim/finalize signup with token consumption and stale-sweep, durable user.referredBy stamping, invitation.accepted event shape (idempotency key + inviter/invitee ids), reward seam, pre-shipping gating checklist, and Vue UI surfaces.
Billing invitation.accepted TODO/spec modules/billing/billing.init.js	Replaces a single-line TODO with an expanded spec requiring a CONFIG-GATED STANDARD grant implementation, idempotent ledger keying, reconciliation guidance, and explicit intended crediting behavior for payload.invitedBy and acceptedUserId.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• pierreb-devkit/Node#3824 — Related: new wiring of the invitation.accepted listener/event seam that the billing TODO references.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description covers what changed and why, but is missing several required template sections including scope, validation checklist, and guardrails check.	Add missing template sections: Scope (module impact, cross-module impact, risk level), Validation (lint/test checklist), and Guardrails check (secrets, risky renames, merge-friendliness, tests).

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: adding comprehensive documentation for the invitations module README covering referral substrate and reward architectures.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch docs/invitations-referral-rewards

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@modules/invitations/README.md`:
- Around line 96-98: The README is ambiguous about which DB index is required:
clarify that the query shown (InvitationRepository.countAccepted({ invitedBy:
userId })) needs an index on invitations.invitedBy, while the referredBy field
lives on the User model and would require a different index for that reward
pattern; update the text to explicitly mention "index invitations.invitedBy"
(and note that rewards keyed off User.referredBy need an index on
users.referredBy) so readers know which collection/field to index.
- Around line 77-81: The reconcile cron described in the README uses the query
"invitations { status:'accepted', invitedBy: {$ne:null} }" which misses
referee-only grants created when invitedBy is null (see cfg.refereeUnits and the
comment about admin-created invites); update the documentation and reconcile
approach to perform two passes: Pass 1 scans for referrer grants using
invitations { status:'accepted', invitedBy: {$ne:null} } to reconcile
referrer-ledger keys, and Pass 2 scans all accepted invitations using
invitations { status:'accepted' } to ensure referee grants (cfg.refereeUnits)
are present, or alternatively describe a single broader query and explain how to
distinguish and back-fill both referrer and referee ledger entries; mention
modules/billing/crons and cfg.refereeUnits so maintainers can find the relevant
code.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: e2a7fbc1-702f-4e28-b935-906d11798b29

📥 Commits

Reviewing files that changed from the base of the PR and between 77330f2 and 6b5776d.

📒 Files selected for processing (1)

• modules/invitations/README.md

[Copilot]

Pull request overview

Adds module-level documentation for modules/invitations describing the platform invitation flow and the planned referral-reward “seam” (#5 prep), including the two persisted primitives on invite acceptance (user.referredBy + invitation.accepted event) and recommended reward implementation architectures.

Changes:

• Introduces modules/invitations/README.md explaining invitations’ scope (auth-only dependency, org-agnostic) and the referral substrate contract.
• Documents two reward architectures (event-driven idempotent grant + reconcile cron vs compute-on-read).
• Captures the pre-shipping gates from #3833 (scoped list, self-referral guard, open-signup behavior, indexing).

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 91.84%. Comparing base (77330f2) to head (e0cce74).
⚠️ Report is 3 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #3837   +/-   ##
=======================================
  Coverage   91.84%   91.84%           
=======================================
  Files         159      159           
  Lines        5212     5212           
  Branches     1659     1659           
=======================================
  Hits         4787     4787           
  Misses        337      337           
  Partials       88       88           

Flag	Coverage Δ
integration	59.59% <ø> (ø)
unit	72.33% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

---

Continue to review full report in Codecov by Harness.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 77330f2...e0cce74. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[PierreBrisorgueil]

@coderabbitai resolve — all 7 findings addressed in the latest commit.

[coderabbitai]

@PierreBrisorgueil Sure — resolving all 7 comments now! 🎉

(ᵔᴥᵔ)

✅ Action performed

Comments resolved and changes approved.