Home / Help / Reference

Digital operations SOP

Official office mailboxes, workflow routing, Stripe vs Zeffy, and what the site implements today vs Phase 2.

← Site guide overview

Purpose

This SOP defines the operational standard for NSVA.org digital systems: role-based communication, role-based access control, workflow routing, and governance visibility.

This document is the organizational baseline. Section Platform implementation (current code) describes what the application actually does today β€” keep that section updated when routing or payments change.

Related docs

Document Role
NSVA-SOP-IMPLEMENTATION-CHECKLIST.md Checklist: completed items only
EMAIL.md SMTP (Microsoft 365), NSVA_OFFICE_EMAIL_*, password reset
ADMIN-SITE-OVERVIEW.md Admin panels, permissions, troubleshooting
SHIP-STORE-DEPLOYMENT.md Stripe store checkout (production)
PRODUCTION-DEPLOYMENT.md GCP release, Cloud SQL migrations, auth
project/frontend/lib/operations-sop.ts Source of truth for workflow β†’ office keys

Digital Infrastructure Vision

NSVA.org is the central operations platform for:

  • Membership management
  • Donations and receipts (partial β€” see donations below)
  • Events and convention workflows
  • Ships Store operations
  • Department communication and approvals
  • Leadership oversight and audit visibility

Core Operating Principles

  • Role-based communication tied to office, not individual.
  • Automated workflow routing by function and department.
  • Executive Board visibility into operational status.
  • Durable records for approvals, financials, and membership actions.

Official Office Email System

All office accounts remain attached to the role and transfer during leadership transition (update Microsoft 365 delegates/forwarding when officers change; site access is separate in Admin β†’ Roles).

Mailboxes wired on nsva.org today

These addresses receive automated workflow email from the site (see Operations Center for the live list). They must exist and accept mail in Microsoft 365.

Address Used for
Commander@nsva.org Donations (in-app), convention registration
Secretary@nsva.org Membership, events, convention, island transfers
Treasurer@nsva.org Membership, events, convention, store orders, donations (in-app)
MembershipChair@nsva.org Membership applications (submit + decisions)
Donations@nsva.org Donations recorded through the site (integrated path)
EventsCoordinator@nsva.org Calendar/events, convention registration
ConventionChair@nsva.org Convention registration
ShipsStore@nsva.org Ship’s Store orders (paid)
StoreManager@nsva.org Ship’s Store orders (paid)
Fundraising@nsva.org Donations (in-app), sponsorship inquiries
Sponsorship@nsva.org Sponsorship inquiries
PublicAffairs@nsva.org Sponsorship inquiries
Contact@nsva.org Selected public form submissions

Transactional send (From): noreply@nsva.org (or the address in EMAIL_FROM) β€” used to send member and office mail; not a workflow β€œTo” inbox.

Not routed by the site yet (organizational targets for later): Vice Commander, governance officers (Judge Advocate, Resolutions, Chaplain, Historian), Membership Support/Records, Finance, Outreach, Newsletter, Media, Webmaster, WebAdmin, IT Support, Security, Admin, Support, district mailboxes (District1@ … District4@), and island patterns such as x3commander@nsva.org / x3secretary@nsva.org. Add each to operations-sop.ts routing when the mailbox is provisioned and you want site automation to use it.

Role-Based Access Control (RBAC)

  • Level 1: Public visitors
  • Level 2: Member access
  • Level 3: Department chair access
  • Level 4: Executive Board oversight
  • Level 5: System administrator

Current platform baseline mapping

Application Role SOP Level
member Level 2
island_officer Level 3
island_admin Level 4
secretary Level 4
regional_commander Level 4
national_admin Level 5
super_admin Level 5

MFA is required for leadership/admin roles in production configuration.

Workflow Routing Standards (organizational target)

Membership Application Workflow

Target routing (national + island β€” Phase 2 for island):

  • MembershipChair@nsva.org β€” qualifications, membership number
  • Secretary@nsva.org β€” administrative records
  • Treasurer@nsva.org β€” dues / payment
  • Island Commander and Island Secretary for the assigned island (or Island at Large default)

Target process (implemented on /admin/applications β€” see Site guide):

  1. Applicant submits β†’ pending record; Treasurer notified
  2. Treasurer: Payment Received (confirm funds; Stripe only records online payment)
  3. Admin/Secretary: Paperwork Received (complete, eligible)
  4. Membership Chair/Life: Verified β†’ member account + welcome email
  5. Audit history on each application; permissions per department in Admin β†’ Roles

Event Submission Workflow

Routes to:

  • EventsCoordinator@nsva.org
  • Secretary@nsva.org
  • Treasurer@nsva.org (if financial impact)

Donation Workflow

Routes to:

  • Treasurer@nsva.org
  • Commander@nsva.org
  • Fundraising@nsva.org
  • Donations@nsva.org

Ships Store Workflow

Routes to:

  • ShipsStore@nsva.org
  • StoreManager@nsva.org
  • Treasurer@nsva.org

Convention Registration

Routes to:

  • ConventionChair@nsva.org
  • EventsCoordinator@nsva.org
  • Secretary@nsva.org
  • Treasurer@nsva.org (meals / fees)
  • Commander@nsva.org (executive visibility)

Notification System

Website workflows should trigger:

  • Email to routed office addresses (getWorkflowEmailRecipients β†’ Microsoft 365 SMTP from noreply@nsva.org)
  • In-app admin bell notifications for permissioned members (does not replace email for officers who only use mailboxes)

Security Requirements

  • Encrypted authentication
  • MFA for leadership accounts
  • Role-based authorization checks
  • Activity logging and audit trails
  • Secure backup and recovery procedures (see DIGITAL-OPERATIONS-BACKUP-RESTORE.md)

Leadership Transition Procedure

When leadership changes:

  1. Remove outgoing officer application access (Admin β†’ Roles).
  2. Provision incoming officer access.
  3. Keep office email addresses unchanged; update M365 mailbox delegates/forwarding.
  4. Preserve role permissions and dashboard scope.
  5. Verify /admin/operations routing snapshot after any NSVA_OFFICE_EMAIL_* env changes.

Platform implementation (current code)

Code reference: project/frontend/lib/operations-sop.ts
Inspect live routing (admin): /admin/operations β†’ GET /api/admin/operations/routing

Payments (production)

Flow Provider (production) Webhook / confirm
Ship's Store Stripe (PAYMENT_PROVIDER=stripe in Cloud Build) /api/webhooks/stripe β†’ confirmOrderPayment
Membership (paid types) Stripe Same webhook β†’ confirmMembershipPayment
Donations (public) External Zeffy URL β€” /donate redirects off-site Not recorded in NSVA DB unless donor uses legacy in-app path
Donations (in-app API) Zeffy embed when PAYMENT_PROVIDER=zeffy /api/webhooks/zeffy (optional; not production default)

Public donate links use DONATION_URL in project/frontend/lib/config.ts (Zeffy ticketing page). SOP donation emails fire only for POST /api/store/donations + payment confirmation, not for redirect-only Zeffy traffic.

Workflow routing matrix

Workflow key Office email keys (SOP defaults) Email trigger In-app admin bell
membership_application_submission Membership Chair, Secretary, Treasurer POST /api/members/apply confirm_membership_payment (Treasurer)
membership_application_decision Membership Chair, Secretary, Treasurer Verified/reject via /api/admin/applications/[id]/advance verify_membership / workflow permissions
event_submission Events Coordinator, Secretary, Treasurer Calendar create, event registration, custom form submit, island charter apply access_admin_panel or form-specific
donation_received Treasurer, Commander, Fundraising, Donations POST /api/store/donations (intake), confirmDonationPayment (paid) On paid confirm
ships_store_order Ships Store, Treasurer, Store Manager confirmOrderPayment (Stripe webhook) On paid confirm
sponsorship_inquiry Fundraising, Sponsorship, Public Affairs POST /api/sponsorship/inquiry access_admin_panel
convention_registration Convention Chair, Events Coordinator, Secretary, Treasurer, Commander POST /api/convention/register; admin status updates access_admin_panel
island_transfer_request Secretary POST /api/members/island-transfer secretary role

Gaps vs. organizational target (Phase 2)

  • Island-scoped routing (x3commander@nsva.org, etc.) from requestedIslandId / Island at Large default
  • Notify Island Commander, Island Secretary, and Island Treasurer on membership events
  • Membership Chair–only queue vs. shared national inboxes
  • Commander on all financial intakes by default (partially added for convention + donations in code)
  • District mailbox routing (District1@ … District4@) when provisioned
  • Zeffy standalone donation page β†’ webhook/metadata integration for SOP emails and DB records
  • Convention online payment (Stripe) with Treasurer notification on checkout.session.completed

Membership duplicate prevention (active)

  • Application blocked if member exists with same email or username equal to email (imports).
  • Admin approve blocked if email already on a member (409).
  • Payment auto-approve reuses existing member by email.
  • DB unique constraints on email, username, member_id.
  • Island transfer does not create a second member record.

Password reset (operational)

  • Self-service: POST /api/auth/forgot-password β€” password changes only after email sends successfully.
  • Admin email reset: POST /api/admin/members/[id]/send-password-reset β€” same; returns 502 if SMTP fails without changing password.
  • Admin Set Temp Password (no email): POST /api/admin/members/[id]/force-password-reset β€” shows password in admin UI for phone handoff when mail is down.

Transactional email (production)

  • From: noreply@nsva.org via Microsoft 365 SMTP (EMAIL_PROVIDER=smtp).
  • To (workflows): NSVA_OFFICE_EMAIL_<KEY> overrides; defaults match the official list in this document.
  • Do not set EMAIL_OVERRIDE_TO in production.

Implementation priorities

Priorities are ordered for dependency and risk.

  • 1. Office & membership core: Align M365 mailboxes with SOP; set production NSVA_OFFICE_EMAIL_* if aliases differ; membership national routing + duplicate prevention (done in code).
  • 2. Executive oversight & commerce: Operations Center (/admin/operations); Stripe store + membership; convention registration emails (submit; payment TBD).
  • 3. Island routing (Phase 2): Resolve island officer mailboxes; default unassigned applicants to National Island at Large; notify island Commander/Secretary/Treasurer per SOP.
  • 4. Donations parity: Either wire Zeffy webhooks for the public donate page or restore in-app donate + donation_received routing.
  • 5. Communication parity: Every major workflow: email + in-app where appropriate; verify SMTP delivery (not only admin bell).
  • 6. Financial & compliance logging: Audit on approvals, Stripe/Zeffy payment transitions, PII retention jobs.
  • 7. Data continuity: Exports, backup/restore runbook, leadership transition checklists.

Organizational Outcome

This operating model provides communications continuity, workflow automation, financial transparency, and scalable national operations with durable governance controls.