Everything below is labelled: Verified means Mantyl executed it, Repo means the repository shows it, Agent only means only the coding-agent transcript claims it.
Verified quick start
git clone … booking-app && cd booking-app
cp .env.example .env # then fill 5 vars — see § 03
docker compose up -d && pnpm install
pnpm dev # localhost:3000 — verified from clean clone
§ 02
Architecture & services
A Next.js monolith with Postgres, Stripe and transactional email. No queues, no cron, one deliberate stateful dependency.
Eight decisions recovered from 47 agent sessions; four shown here. Yellow-flagged decisions exist only in agent history — this passport is now their record.
Sessions moved from Redis to signed JWTs
Rationale recovered from agent history: remove the only stateful infra dependency for the MVP and simplify deploys. Trade-off accepted at the time: no server-side session revocation. The repository contains no record of this decision outside the diff.
Session #31 · 12 Jun 2026Recorded here first
Double-booking prevention via Postgres exclusion constraint
Considered application-level locking first; abandoned after a race condition surfaced in testing. The constraint lives in migration 0009 and is exercised by tests. This is load-bearing — do not swap Postgres out casually.
Session #17 · 28 May 2026
Payments kept as Stripe Checkout redirect, not embedded elements
Chosen to minimise PCI scope and ship faster. The agent proposed embedded elements twice; both approaches were abandoned. Refund handling was deferred — see risk register.
Session #24 · 3 Jun 2026
Admin panel deferred in favour of direct SQL runbook
A minimal runbook of admin queries lives in docs/runbook.md. The agent transcript describes an admin UI as “nearly done”; no such code exists in the repository. Claim labelled accordingly.
Session #40 · 8 Jul 2026Recorded here first
§ 05
Risk register & unknowns
Six findings. None are hidden to make the passport look healthier — visible uncertainty is the point.
!Payment refund path has no tests and was never exercisednot tested
!Stripe webhook signature can't be verified without production keysrequires credentials
!“Rate limiting enabled” — contradicted, no middleware in repoagent only
~No backup or PITR configured for Postgresrepo
~Single admin user seeded by migration — credential rotation unclearrepo
~JWT revocation impossible by design — see decision 01decision
§ 06
Incomplete work
Webhook retry handlingTODO in src/app/api/webhooks/route.ts:41 — failures are logged, not retried