Auth intent-scoped OTP lock, post-lock reset, contextual fallback priority, and attempt-gate reopen cooldown

DEC-0064 - Auth intent-scoped OTP lock, post-lock reset, contextual fallback priority, and attempt-gate reopen cooldown

Context

DEC-0063 fixed major ambiguity, but final execution precision was still needed for intent boundary, counter lifecycle, and repeated attempt-gate interactions.

Decision

OTP lock scope and boundary:

• OTP lock is scoped to the current auth_intent only.
• Lock in one intent does not propagate to other intents.
• Within the same locked intent, OTP channel-switch bypass is blocked.

OTP counter lifecycle:

• After lock window expires, wrong-attempt counter resets to 0.

Invalid/expired returnTo fallback priority:

• Explicit fallback ladder:
  • nearest valid same skill/program route,
  • program-level valid route,
  • Home post-login (final fallback only).

Attempt-start auth gate reopen control:

• If user dismisses auth gate and immediately retries protected action, apply reopen cooldown 3s.
• During cooldown, protected action remains blocked.

Forgot-password prefill source:

• After reset success, return to login with success feedback.
• Prefill must use the exact identity channel that completed reset verification in current flow.

Decision Value

• Prevents cross-intent lock side effects while preserving anti-bypass control.
• Keeps retry behavior predictable after lock expiry.
• Makes fallback routing deterministic and easier to implement consistently.
• Reduces auth-gate reopen spam without adding friction-heavy blocking.
• Improves recovery continuity by prefill accuracy.

Rationale

This keeps the rule-set simple, bounded, and scalable: clear intent ownership, deterministic counters, deterministic fallback, and low-friction anti-spam control.