Access Operations Runbook / 2026-05-20
GCA Access Operations Runbook
This runbook defines how GCA operators should handle live email-registration records, account intake live records, read-only wallet review, support responses, eligible ledger handoff, and manual member-benefit boundaries.
The email registration, unsubscribe, account intake, wallet verification, and eligible ledger paths are live on Cloudflare Workers + D1. The operations runbook only describes review handling; it is not a public ledger browser, not a public support ticket system, and not a way to request custody, withdrawals, live trading, or balance-verification overrides.
Email Registration Ops Pipeline
Use this operator flow after users submit the public email registration form. Public checks can run without secrets. Admin export and sync require the ignored local ADMIN_READ_TOKEN file and must never print or publish that token.
1. Public API Check
Run python3 tools/check_gca_registration_api.py --public-only --timeout 30 to verify health, CORS, and admin-read rejection without reading user records.
2. Admin Export
Run python3 tools/export_cloudflare_email_registrations.py --limit 100 --output .gca_access_data/cloudflare_email_registrations_export.json from the operator machine only.
3. Combined Sync
Run python3 tools/run_gca_registration_ops.py --limit 100 --data-dir .gca_access_data to sync D1 records, apply suppressions, export contact CSVs, and write the summary JSON.
4. Local Ledger
Expected local ledger output: .gca_access_data/email_registrations.jsonl. It stays ignored and is not committed to the public repository.
5. Contact Exports
Internal CSV: .gca_access_data/gca_email_contacts.csv. External-safe CSV: .gca_access_data/gca_email_contacts_public_redacted.csv.
6. Ops Summary
The combined pipeline writes .gca_access_data/gca_registration_ops_summary.json with counts, suppression status, output paths, and boundaries.
Manual Operator Workflow
1. Intake Triage
Accept only non-sensitive account intent, public wallet address, declared GCA balance, program intent, public transaction references, GCA Member holding start date, and member evidence note from the gca_member_preregistration_v2 packet.
2. Identity Check
Confirm Base Mainnet chain ID 8453 and official contract 0x3197c42f4a06f7be32a9a742ac2a766f0ff682c6.
3. Wallet Balance Check
Use read-only eth_call and ERC-20 balanceOf. Do not request signatures or transactions for balance reads.
4. Holding Period Review
For GCA Member benefit review, verify holdingStartDate, evidenceTxHash, evidenceTxHashFormatOk, and public purchase or transfer evidence showing at least 1,000,000 GCA held continuously for 30 days.
5. Eligibility Decision
Mark 10,000 GCA holder credit eligibility, 1,000,000 GCA plus 30-day GCA Member eligibility, and one-time 10,000 GCA member benefit eligibility without writing live ledger records yet.
6. Support Reply
Reply with status, next step, and public links from a full internal export only. A redacted-public export is for reviewer evidence handoff and must not be used as a contactable support queue. Do not promise approval timing, platform listing, price support, audit approval, or trading results.
7. Ledger Handoff
Use the reviewed backend path to inspect and reconcile credit or member records, then keep manual-review notes for any 10,000 GCA member benefit handling.
8. Service Request Triage
Queue requested GCA AI Quant Access service scope in the local service_requests ledger before delivery. This does not deduct credits; the credit usage ledger is written only after reviewed delivery.
9. Platform Follow-Up
When a reviewer asks for more information, send public URLs only and keep pool, contract, status, and claim boundaries consistent.
10. Review Package Handoff
When a reviewer asks for local member-ledger evidence, export only the redacted-public package, verify packageDigestSha256, and use the Platform Replies local review package template. Never send a full-local package externally.
11. Closure
Close the record only after status, evidence reference, reviewer note, and next public link are recorded without secrets.
Member Access Ops Pipeline
Use this local operator pipeline after live account, wallet verification, credit ledger, member ledger, or member-benefit review records exist. It requires the ignored local cloudflare/gca-registration-worker/.env.admin.local file with ADMIN_READ_TOKEN. The output stays in .gca_access_data/ and is not committed.
For the prepared service-request and credit-usage Worker routes, run python3 tools/check_gca_worker_deploy_readiness.py --run-wrangler --run-cloudflare --require-deploy-auth before publishing. The 2026-06-10 check passed Worker bundling and D1 visibility, but failed cloudflare-auth-session and Worker deployment permission with Cloudflare error 10000. These routes remain non-live until authRecovery is clear, remote D1 migrations apply, wrangler deploy succeeds, and public/admin smoke checks pass with --include-pending-routes.
1. Token-Protected Export
Run .venv/bin/python tools/run_gca_member_access_ops.py --base-url https://gca-registration-api.gcagochina.workers.dev --limit 100 --redact none --summary-output .gca_access_data/gca_member_access_ops_summary.json.
2. Local Reports
Expected outputs include .gca_access_data/cloudflare_member_access_export.json, account/wallet/credit/service-request/credit-usage/member CSVs, and .gca_access_data/member_access_report/gca_member_access_summary.json.
3. Support Queue
The pipeline writes .gca_access_data/member_access_report/gca_member_support_queue.csv and its summary so replies can be reviewed manually before sending.
4. Holding Evidence
For 30-day member review evidence, rerun with --include-holding-report --holding-no-live-read when using existing snapshots, or run live read-only balance checks only on operator hardware. The summary output is .gca_access_data/member_access_report/gca_holding_period_summary.json.
5. Digest Refresh
After member ops, rerun .venv/bin/python tools/run_gca_daily_ops.py --build-digest --update-public-status so the local operator digest shows member counts without exposing user records.
6. Credit Usage Ledger
For reviewed service delivery, record creditUsageId, serviceId, creditAmountUsed, and remaining credits before/after through the local operator-only credit usage ledger. The Cloudflare Worker route is prepared and D1 visibility passed, but it remains non-live until Cloudflare account auth, Worker deploy permission, remote deploy, and pending-route smoke gates pass.
7. Service Request Queue
Before delivery, record requested service scope through the operator service_requests queue. Local backend support is ready and the Cloudflare Worker route is prepared; D1 visibility passed, but production remains non-live until Cloudflare account auth, Worker deploy permission, remote deploy, and pending-route smoke gates pass. It stores serviceRequestId, serviceId, optional creditLedgerId, requested credit hold, and status. It does not deduct credits; credit usage is recorded only after reviewed delivery.
8. No Automatic Transfer
The member ops pipeline never sends GCA. Any 10,000 GCA member benefit remains manual reserve-wallet processing after review.
Required Review Record
0x format checkredacted-public for external handoffRequired Evidence
eth_call balanceOfgca_member_preregistration_v2 packet date0x + 64 hex characterspackageDigestSha256 only after verificationLocal Review Package Handoff
Use this only when a platform or reviewer asks for local member-ledger evidence. The external package must be redacted-public, verified locally, and sent with the Platform Replies handoff text. The package is support evidence only, not a third-party audit or approval claim.
redacted-public.venv/bin/python tools/export_gca_review_package.py --redact public --output gca-public-redacted-review-package.json.venv/bin/python tools/verify_gca_review_package.py gca-public-redacted-review-package.jsonDecision Rules
below_thresholdneeds_more_informationResponse Rules
redacted-public dataOperational Controls
No Sensitive Data
Reject Private key or seed phrase, Exchange API secret or withdrawal permission, one-time code, recovery phrase, Custody request, fund-transfer request, or live trading instruction.
No Manual Override
Manual support cannot override on-chain wallet-balance verification, release gates, credit ledger activation, or member ledger activation.
Public Boundary
Every response should keep GCA described as concept-stage product buildout with live account intake and eligible ledger records, while live trading and automatic token-benefit transfer remain off.
Redacted Package Only
External reviewer handoff must use the redacted package and verified digest. Full-local records remain internal operator evidence.
No Replies From Redacted Exports
Public-redacted exports are evidence handoff artifacts only. Run the internal operator export before sending account-specific support replies.
Safe Reply Template
Your account request has been received. GCA can review your public Base wallet address with a read-only GCA balance check and, for member benefit review, the gca_member_preregistration_v2 holding start date plus public purchase or transfer transaction hash. We will never ask for private keys, seed phrases, exchange API secrets, withdrawal permission, custody, or fund transfers.
Unsafe Reply Boundary
Do not state that the 10,000 GCA member benefit is automatic, listings are approved, liquidity is deep, a third-party audit is complete, wallet warnings are permanently removed, or any trading outcome is expected.
Official Market Reference
0xfe6a598bf738d7eec9640897064ca3a490128d3d447ced96077aef8e9dd1c1d00xfde4C96c8593536E31F229EA8f37b2ADa2699bb2Operations References
Use the readable operations, review queue, API, and support pages first. These pages do not create custody, withdrawals, automatic token-benefit transfer, or live trading access.