Airlock Community Tier Ladder — ORBITER → LANDER → ROVER → BEACON → CORE

The ladder

A Mars-mission progression. Stored in invitations.tier (airlock Postgres) with a check constraint. Drives both the landing page copy and per-app access on the ecosystem navmap.

Tier	Blurb	Reward
ORBITER	Recon phase. You can read the map; you haven’t touched down yet.	”Welcome to the edge of atmosphere.”
LANDER	Vouched for. You’ve landed — core surfaces are open to you.	Stickers drop, early-access invites, a seat at the weekly rundown.
ROVER	Trusted daily driver. You can move across the ecosystem freely.	Co-build credits, merch drop access, first-look on new services.
BEACON	Long-term partner. Your signal reaches the whole network.	Revenue-share bracket, named credit on shipped work, capability grants.
CORE	Founder-adjacent. You are the devarno cloud, not a visitor to it.	Governance seat, equity-adjacent terms, invite authority.

What it replaces

“Sign in successful.” A plaintext bullet list of three apps. Every tier is a dead-end UX the second an authenticated user lands on the airlock apex.

What it unlocks

Signed-in landing at airlock.devarno.cloud/ renders a tier badge, inviter line, and a Mars-themed navmap where tiles below the user’s tier are dimmed with a lock glyph. Aspiration made visible.
Per-app gating via session.tier — every devarno-cloud app can read the tier off airlock’s enriched profile endpoint (GET /api/session/profile) and gate features accordingly without needing a separate authZ service.
Invitation flow gains context — the invitations table now carries relationship_type, known_since, invite_note, reward_bucket alongside tier. Future invites record the human story (how you know them, when you met, why they’re here) so an admin or the user themselves can see it on the landing.

Onboarding narrative shift

Before: “Sign in, get session, go use an app.” Sterile. After: “Welcome, ORBITER Alex. Invited by Katy — known since 2019. You’ve got recon access to manual + meridian. Land a mission, become a LANDER.” The same auth flow now telegraphs progression. Every session is a reminder of membership rather than a cookie check.

Shipped

Airlock PR #7 — landing v2 + /api/session/profile endpoint + migration 0002_invitation_context_and_tiers.sql.
Airlock PR #8 — migration made idempotent (adds base invitations table if absent).
Airlock PR #10 — form-friendly GET /auth/sign-out.
Airlock PR #12 + #13 — diagnostic probe (used for session-storm triage; reverted).

Future

Hatch admin UI for setting tier + invite context at invitation-send time (today those columns populate via direct SQL updates).
NATS auth.session_revoked subscribers in pebble + ares so backend caches drop to zero-latency eviction when a user’s tier changes.
Automated tier-progression celebrations (Buttondown newsletter blast when a user upgrades).

​The ladder

​What it replaces

​What it unlocks

​Onboarding narrative shift

​Shipped

​Future