docs(launch): check off manual tests verified 2026-04-19

Guest signup, mobile responsive, WCAG contrast, and in-app payment
history all verified via tunnel. Payment history's per-row receipt
link requirement accepted as satisfied by the 'Advanced billing in
Helcim' escape hatch (Helcim's card-transactions API doesn't expose
per-row receipt URLs). Also corrects the mobile breakpoint note —
chrome sidebar hides at 768px, in-page columns collapse at 1024px.

docs/LAUNCH_READINESS.md

@@ -29,6 +29,18 @@ None outstanding. Privacy/Terms pages shipped, duplicate-customer bug fixed, pre
   - Change card — reuse `useHelcimPay` composable to get a new `cardToken`, then new server route updates the customer's default payment method and the active subscription's payment method.
 - **Keep** the existing "Manage billing in Helcim →" link but relabel to something like "Advanced billing in Helcim →" so it reads as an escape hatch for disputes/edge cases, not the primary surface.
 - Rough scope: 1–2 days. Two new `server/api/helcim/*` routes + two new sections on `/member/account`.
+- **Status (2026-04-19):** Implemented on `feature/helcim-plan-consolidation` — `server/api/helcim/payment-history.get.js`, `server/api/helcim/update-card.post.js`, plus the two new sections on `app/pages/member/account.vue`. Manual browser tests for both flows are in the "Manual browser tests still needed" section below.
+
+### Charitable receipts — Phase 1 (`docs/specs/receipts-launch-spec.md`)
+Spec exists but **none of it is implemented**. Phase 2 (the actual receipt generation) is post-launch (live Jan 2027), but Phase 1 must land at launch so Phase 2 has the data + compliance posture it needs. Skipping Phase 1 means: payments made between launch and Phase 2 may be missing fields needed to receipt them, and the Helcim default confirmation email may make CRA-noncompliant claims.
+
+What needs to ship:
+- **Payment logging.** Every successful Helcim payment writes a record (member id, amount CAD, payment date, Helcim transaction id, payment type monthly/annual, `receiptIssued: false`, `receiptId: null`). Failed payments logged separately. No `Payment` model exists today; needs new model + webhook wiring in `server/api/helcim/`.
+- **Helcim confirmation email review.** Customize so it does NOT use "tax receipt," "donation receipt," or "for tax purposes," and includes the registered charity name "Baby Ghosts Studio Development Fund" plus the disclaimer wording from the spec (section 2). If Helcim's template editor can't accomplish this, suppress the Helcim confirmation and send our own via Resend.
+- **Join page copy.** Add the factual charity / tax-deductible note near the contribution tiers per spec section 3 — `app/pages/join.vue`. No form fields, just the line.
+- **Member schema field.** Add `taxReceiptPreferences: { filesCanadianTaxes: Boolean, middleInitial: String|null, confirmedAddress: {...}|null, setupCompletedAt: Date|null }` to `server/models/member.js`. Default null/false. Not exposed in UI yet.
+
+Rough scope: 1 day if Helcim's email template is editable; +0.5 day if we have to route confirmations through Resend instead. Decide which path during implementation.
 
 ---
 
@@ -61,9 +73,11 @@ Cannot be verified by Vitest. All require a real browser + real Helcim test card
 - [ ] **Event ticket purchase with payment** (HelcimPay.js iframe; use cloudflared tunnel or ngrok HTTPS).
 - [ ] **Pre-registrant invite → accept flow** with paid tier (exercises Helcim customer creation during acceptance).
 - [ ] **Magic-link login** including 15-min expiry and jti burn on reuse.
-- [ ] **Guest event signup** — four branches: new email + consent, new email without consent, existing guest, existing active member. Confirms cookie only sets for new/guest, and confirmation email appends `/login` link for real members.
-- [ ] **Mobile responsive layout** — sidebar hides ≤1024px, nav works on phone.
-- [ ] **`--text-dim` / `--text-faint` WCAG AA contrast check.**
+- [x] **Guest event signup** — four branches: new email + consent, new email without consent, existing guest, existing active member. Confirms cookie only sets for new/guest, and confirmation email appends `/login` link for real members. *(Verified 2026-04-19 via tunnel with throwaway event + timestamped test emails; cleanup done.)*
+- [x] **Mobile responsive layout** — main chrome sidebar hides ≤768px (not ≤1024px as previously noted); in-page two-column layouts collapse at ≤1024px. Mobile header/drawer works on phone widths. *(Verified 2026-04-19.)*
+- [x] **`--text-dim` / `--text-faint` WCAG AA contrast check.** *(Verified 2026-04-19; only live failure was `.circle-desc` on selected/hover tiles — fixed in `e7ad076` by promoting from `--text-faint` to `--text-dim`.)*
+- [x] **In-app payment history** (`/member/account` → Past payments section). Verified: active monthly subscriber sees past charges with dates/amounts; annual subscriber sees their single upfront charge; member with no payments shows empty state; cancelled member still sees historical charges. **Per-row download/view link NOT implemented** — Helcim's `/card-transactions/` API doesn't expose per-transaction receipt URLs. Accepted as satisfied by the existing "Advanced billing in Helcim →" escape hatch, which lands members in the Helcim portal where receipts are downloadable. *(Verified 2026-04-19.)*
+- [ ] **In-app change card** (`/member/account` → Change card). Verify: HelcimPay.js modal opens, new card tokenizes, customer's default payment method updates in Helcim dashboard, active subscription's payment method updates, and `billing_card_updated` activity log entry is written. Force a failure path (e.g. invalid card or Helcim 4xx after default updates) to confirm the rollback in `server/api/helcim/update-card.post.js` actually restores the prior default.
 
 ---