This document is for all document indexing. Put the date and status for each new created document.

## Document Index

- **2026-06-17** | WhatsApp Deep-Link Verification Implementation Plan | Completed (all phases) | [whatsapp-deep-link-verification-plan.md](./whatsapp-deep-link-verification-plan.md)
  - Replaces proactive OTP send with user-initiated WhatsApp deep-link (wa.me) + webhook confirmation.
  - Ensures verified users returning to /verify-whatsapp are auto-advanced (via /me + existing logic).
  - Addresses feasibility, security (webhook hardening), UX (context switch + waiting state), state (new intents table + nonce binding).
  - Full objectives, flow, security, UX, state, backend/frontend changes, rollout notes in the plan.
  - Phase 1: Core backend (intents table/model, POST /init, webhook branch + secret hardening) + frontend rewrite (deep-link button + waiting panel + auto-advance).
  - Phase 2: Feature tests (WhatsappDeepLinkVerificationTest, 9 tests / 56 assertions, all passing).
  - Phase 3: Seamless registration handoff – RegisterController emits whatsapp_verification payload (wa_link + "MANABOU-VERIF-<nonce>" + masked phone + expiry) alongside legacy OTP for transition. Register page forwards via sessionStorage. Verify page uses synchronous initial state (IIFE) + dedicated effect for zero-flash "waiting for WhatsApp" UI + instant wa.me open. Verified auto-redirect cleans transients and resets deep-link state. Full end-to-end flow documented in the plan + JSDoc on the page.
  - Profile WhatsApp number change re-verification (added 2026-06-17): ProfileController@update normalizes phone + clears whatsapp_verified_at + deletes active intents when number changes. Frontend profile settings detects change, sets same pending_* transients, redirects to /verify-whatsapp (re-uses zero-flash handoff). Added hint text + 2 new tests (11 total / 66 assertions).

(Previous entries below if any; newest at top per convention in other docs.)
