EVT 2026-03-16 - Email-only auth, checkout phone contact, and account flow alignment

Session scope

• Discovery root: docs/Domains/DOL English/Product Discovery/
• Lane lock: DOL English V2
• Collaboration mode: autonomous (user approved proactive cleanup)
• Objective: close lingering drift around auth identifiers, checkout contact requirements, and sensitive account-contact flows.

Confirmed outcomes

1. Email-only login baseline

• Independent login in DOL English uses email only.
• Valid login identifiers are primary email and verified login emails on the same account.
• Phone is not a login or recovery factor in the active DOL English scope.

2. Signup duplicate-contact handoff

• Signup accepts email only.
• If signup email already exists, system routes to login step with prefilled email and clear notice.
• No default OTP auto-send at handoff.

3. Checkout contact contract

• Checkout is a protected flow; guest users must authenticate before entering checkout.
• For Pro, Pro Max, and course purchase flows, checkout requires:
  • signed-in account,
  • verified email,
  • phone contact present.
• Phone input is required for service contact only; phone verification is not required.

4. Sensitive contact-change policy

• Email change:
  • re-auth,
  • OTP to current primary email,
  • OTP to new email.
• Phone change:
  • re-auth,
  • OTP to current primary email,
  • update phone contact without phone verification.
• Successful contact changes send security alert to prior primary email.
• No post-change hold window.

5. Social/local-password guardrail

• Social account can keep operating without phone.
• Setting a local password requires verified email, not verified phone.

Open items after session

• None at blocker level for DOL English V2 active docs.
• Historical decisions remain as prior context; current canon is refined through new decision linkage.