This document maps sections A through I of the NSVA website modernization agreement to concrete routes, APIs, configuration, and operations. Use it for acceptance reviews and handoff.
| ID | Deliverable | Implemented | Where / how |
|---|---|---|---|
| A | Public member roll — active members, display name + primary island only (from DB); no auth | Yes | Page /member-roll · API GET /api/members/public-roll · listed in the public sitemap |
| B | Members-only full roster — richer contact fields for fellowship | Yes | API GET /api/members/roster (signed-in members) · Member roster tab on /members/directory |
| C | Commander’s messages — web content (CMS), not PDF-only; National scope | Yes | Page /commander · blog posts flagged as Commander messages · Bulletin (national posts) |
| D | Members-only document access — official PDFs / library | Yes | /members/library · API GET /api/members/documents · protected downloads via /api/pdfs/protected/... |
| E | Membership renewal reminders at 90 / 30 / 7 days before annual expiry | Yes | HTTP cron POST /api/cron/membership-renewal-reminders · schedule with Google Cloud Scheduler (or your host) using NSVA_CRON_SECRET |
| F | Payments — Stripe and Zeffy only where already integrated; no new payment processors in scope | Yes | Store and donations use the integrated providers; configure PAYMENT_PROVIDER, Stripe, and Zeffy in Secret Manager / environment |
| G | Transactional email from @nsva.org via Microsoft 365 (SMTP) | Config / ops | EMAIL_PROVIDER=smtp · smtp.office365.com:587 · EMAIL_FROM="NSVA <noreply@nsva.org>" — see EMAIL.md. Workflow To: defaults use @nsva.org; optional overrides NSVA_OFFICE_EMAIL_*. |
| H | Optional Commander digest — email digest of new Commander posts | Yes | HTTP cron POST /api/cron/commander-digest · member email preferences · weekly schedule via Cloud Scheduler and env |
| I | Operations — migrations, cron auth, production secrets, legacy URL continuity | Yes | Deployments apply database updates · NSVA_CRON_SECRET in Secret Manager (nsva-cron-secret) · legacy URL redirects on release · cron setup: ADMIN-SITE-OVERVIEW.md §9, GCP notes in SHIP-STORE-DEPLOYMENT.md |
Out of scope (contract A–I)
- Deferred SOW items — feature deferrals as agreed in the SOW (not part of A–I above).
- DNS / mailbox ownership for production: NSVA must create M365 mailboxes, enable SMTP AUTH if required, and store secrets in GCP — not application code.
Related docs
- Email: EMAIL.md
- Admin & cron: ADMIN-SITE-OVERVIEW.md
- Ship store / GCP secrets: SHIP-STORE-DEPLOYMENT.md
- SOP checklist: NSVA-SOP-IMPLEMENTATION-CHECKLIST.md