1 files changed, 57 insertions, 0 deletions
diff --git a/CHECKLIST.md b/CHECKLIST.md
new file mode 100644
index 0000000..e5f99a9
--- /dev/null
+++ b/CHECKLIST.md
@@ -0,0 +1,57 @@
+# TollGate ESP32 — Progress Checklist
+## Phase 0: Bootstrap
+- [x] Create project directory and git repo
+- [x] Create .env, .env.example, .gitignore
+- [x] Persist PLAN.md and CHECKLIST.md
+- [ ] Create ESP-IDF project skeleton
+- [ ] Create Makefile with detect targets
+- [ ] Run `make detect-all` — identify ESP32 boards
+## Phase 1: Captive Portal + Firewall
+- [ ] Implement tollgate_main.c (WiFi AP+STA, event loop)
+- [ ] Implement config.c/h (JSON config loading)
+- [ ] Implement dns_server.c/h (DNS hijack/forward)
+- [ ] Implement captive_portal.c/h (HTTP :80, portal HTML)
+- [ ] Implement firewall.c/h (NAPT, per-IP auth)
+- [ ] Set up test infrastructure (Playwright, helpers)
+- [ ] Test 1: Boot and AP appears
+- [ ] Test 2: DHCP lease
+- [ ] Test 3: Captive portal serves HTML
+- [ ] Test 4: Captive detection URIs work
+- [ ] Test 5: DNS hijack before auth
+- [ ] Test 6: No internet before auth
+- [ ] Test 7: /whoami returns MAC
+- [ ] Test 8: /usage returns no session
+- [ ] Test 9: Grant access via API
+- [ ] Test 10: DNS forward after auth
+- [ ] Test 11: Internet after auth
+- [ ] Test 12: HTTP browsing works
+- [ ] Test 13: Reset auth
+- [ ] Test 14: Internet blocked after reset
+## Phase 2: E-Cash Payments (Simple Melt)
+- [ ] Implement payment.c/h (Cashu token parse + melt)
+- [ ] Implement session.c/h (time-based metering)
+- [ ] Implement tollgate_api.c/h (:2121 endpoints)
+- [ ] Update captive portal HTML with payment form
+- [ ] Test 15: Advertisement valid
+- [ ] Test 16: Valid payment
+- [ ] Test 17: Usage tracking
+- [ ] Test 18: Internet after payment
+- [ ] Test 19: Invalid token rejected
+- [ ] Test 20: Spent token rejected
+- [ ] Test 21: Wrong mint rejected
+- [ ] Test 22: Session expiry
+- [ ] Test 23: Session renewal
+- [ ] Test 24: Portal payment form
+- [ ] Test 25: Two clients pay independently
+- [ ] Test 26: Client isolation
+- [ ] Test 27: Full e2e browser flow
+## Phase 3: nucula Wallet + Reseller
+- [ ] Extract nucula wallet into components/cashu_wallet/
+- [ ] Replace simple melt with Wallet::receive()
+- [ ] Implement payout.c/h (background melt-to-LN)
+- [ ] Implement upstream_client.c/h (reseller mode)
+- [ ] Test 28-38: All Phase 3 tests

diff --git a/CHECKLIST.md b/CHECKLIST.md new file mode 100644 index 0000000..e5f99a9 --- /dev/null +++ b/CHECKLIST.md
@@ -0,0 +1,57 @@
	1	# TollGate ESP32 — Progress Checklist
	2
	3	## Phase 0: Bootstrap
	4	- [x] Create project directory and git repo
	5	- [x] Create .env, .env.example, .gitignore
	6	- [x] Persist PLAN.md and CHECKLIST.md
	7	- [ ] Create ESP-IDF project skeleton
	8	- [ ] Create Makefile with detect targets
	9	- [ ] Run `make detect-all` — identify ESP32 boards
	10
	11	## Phase 1: Captive Portal + Firewall
	12	- [ ] Implement tollgate_main.c (WiFi AP+STA, event loop)
	13	- [ ] Implement config.c/h (JSON config loading)
	14	- [ ] Implement dns_server.c/h (DNS hijack/forward)
	15	- [ ] Implement captive_portal.c/h (HTTP :80, portal HTML)
	16	- [ ] Implement firewall.c/h (NAPT, per-IP auth)
	17	- [ ] Set up test infrastructure (Playwright, helpers)
	18	- [ ] Test 1: Boot and AP appears
	19	- [ ] Test 2: DHCP lease
	20	- [ ] Test 3: Captive portal serves HTML
	21	- [ ] Test 4: Captive detection URIs work
	22	- [ ] Test 5: DNS hijack before auth
	23	- [ ] Test 6: No internet before auth
	24	- [ ] Test 7: /whoami returns MAC
	25	- [ ] Test 8: /usage returns no session
	26	- [ ] Test 9: Grant access via API
	27	- [ ] Test 10: DNS forward after auth
	28	- [ ] Test 11: Internet after auth
	29	- [ ] Test 12: HTTP browsing works
	30	- [ ] Test 13: Reset auth
	31	- [ ] Test 14: Internet blocked after reset
	32
	33	## Phase 2: E-Cash Payments (Simple Melt)
	34	- [ ] Implement payment.c/h (Cashu token parse + melt)
	35	- [ ] Implement session.c/h (time-based metering)
	36	- [ ] Implement tollgate_api.c/h (:2121 endpoints)
	37	- [ ] Update captive portal HTML with payment form
	38	- [ ] Test 15: Advertisement valid
	39	- [ ] Test 16: Valid payment
	40	- [ ] Test 17: Usage tracking
	41	- [ ] Test 18: Internet after payment
	42	- [ ] Test 19: Invalid token rejected
	43	- [ ] Test 20: Spent token rejected
	44	- [ ] Test 21: Wrong mint rejected
	45	- [ ] Test 22: Session expiry
	46	- [ ] Test 23: Session renewal
	47	- [ ] Test 24: Portal payment form
	48	- [ ] Test 25: Two clients pay independently
	49	- [ ] Test 26: Client isolation
	50	- [ ] Test 27: Full e2e browser flow
	51
	52	## Phase 3: nucula Wallet + Reseller
	53	- [ ] Extract nucula wallet into components/cashu_wallet/
	54	- [ ] Replace simple melt with Wallet::receive()
	55	- [ ] Implement payout.c/h (background melt-to-LN)
	56	- [ ] Implement upstream_client.c/h (reseller mode)
	57	- [ ] Test 28-38: All Phase 3 tests