M Wallet green glass mark
M Wallet Team Development Guide
English Chinese
Internal alignment website

Turn M Wallet into a product system the whole team can understand.

This site is the English source for internal development. It gives product owners the scope, frontend UI teams the interface direction, backend engineers the business objects and rules, chief engineers the system logic, marketing the narrative, brand teams the visual direction, and customer experience teams the user value.

MID-first FC Chain rails IBC account Credential cards Vault Card Official services
Role-based entry

Every team member should know exactly where to start.

This site is not a loose document archive. It is a role-based workbench with clear questions, deliverables, and review standards for each team.

Product Owner

Product Owner

Confirm scope, priorities, page entry points, MVP phases, and open product decisions.

View product boundaries Frontend UI

Frontend UI

Understand page structure, component rhythm, status chips, asset marks, and navigation hierarchy.

View interface direction Product Design

Product Designer

Turn identity, assets, payments, credentials, IBC, and Vault into one coherent user experience.

View design logic Backend

Backend Engineer

Understand the boundaries for account, receipt, credential, invoice, policy, and audit objects.

View API needs Chief Architect

Chief Architect

Check whether modules, permissions, risk gates, and future expansion share one system logic.

View system logic Marketing

Marketing

Explain in plain language that this is a trusted digital account, not a conventional wallet.

View narrative frame Brand

Brand Team

Unify the M mark, FCA, USDF, MXCD Future, and the green identity system into one visual family.

View brand direction Customer Experience

Customer Experience

Identify the real advantages: trusted identity, recoverable wallet access, clear payments, complete records, and closed service loops.

View experience value
Team Operating Map

Each role needs a path through the guide, not just a list of sections.

Use this as the meeting map. It tells each team where to start, which sections to use next, and what output they should produce before work moves forward.

Product Owner

Scope, priority, and decisions

Primary question: what can enter the MVP, what is gated, and what still needs approval?

MVP Matrix Readiness Decisions
Output: PRD scope, release phase, and decision owner list.
Design and UI

Components, states, and flows

Primary question: how should identity, trust, risk, records, and account context appear on screen?

UI System Journeys Design Files
Output: page state map, component set, and screen flow updates.
Backend and Architect

Objects, policy, events, and contracts

Primary question: which domain objects, checks, events, and failure states are required?

Matrix Contracts Engineering Decisions
Output: service boundaries, state machines, event list, and API draft.
Market and Government

Narrative, boundaries, and trust language

Primary question: how do we explain the wallet without overpromising USDF, MXCD, or government status?

Logic Assets Narrative USDF
Output: approved language for partners, government, website, and decks.
CX and Operations

User value, support, and recovery confidence

Primary question: where might users get confused, blocked, anxious, or need help?

Journeys Risk UX QA Recovery
Output: help scripts, recovery guidance, escalation rules, and experience risks.
Traceability Map

Connect every feature to its journey, UI, backend, QA, and decision trail.

This map prevents features from becoming isolated descriptions. If a feature cannot be traced across these columns, it needs more product work.

Feature
Journey
UI / State
Backend Anchor
QA / Decision
MID Account
New MID holder activates wallet
Account Switcher, MID verified, no MID, pending
mid, account, device_session
MID and Account QA
MPC Wallet
User recovers wallet after losing device
Step-up Panel, recovery opened, cooling period
mpc_policy, recovery_case
MPC Recovery Policy
Pay
Verified payment between users
Payment Request Card, receipt ready, failed
payment_request, receipt
Pay and Receipt QA
IBC Account
IBC company pays official invoice
IBC role missing, signed invoice due, archived
company, role, invoice
IBC Launch Scope
Credential Center
User shares an official proof
Credential Card, proof QR, shared, revoked
credential, proof_request
Credential Launch Cards
Swap / Vault
Large operation requires Vault Card
Quote expired, policy blocked, Vault tap required
quote, vault_card, signing_session
Vault Card Timing
External Assets
Secondary wallet receive and send
Asset Card, network degraded, confirmations
network_adapter, chain_tx
External Asset Networks
MVP Command Center

Build the trusted account loop before adding complexity.

This section turns the product vision into a working release board. A module is not ready until the page, policy rule, backend object, receipt or audit event, and team handoff are all clear.

Release rule Identity, account context, permission checks, and records must exist before money movement feels complete.
Build focus Prioritize MID, Personal / IBC account, MPC recovery, FCA / USDF, Pay, receipts, and official notices.
Scope guard Keep open trading, external-chain swaps, speculative MXCD claims, and broad chat outside the MVP.
NowP1

MID Account Spine

Verified MID, selected account, device session, passkey / biometric state, and MID Card binding.

Owner: Product + Identity APIOutput: account context
NowP1

MPC Daily Wallet

Daily signing, device share model, recoverable access, risk checks, cooling period, and security notices.

Owner: Security + BackendOutput: recoverable control
NowP1

FCA / USDF Wallet

Primary FC Chain balances, receive, send, fee display, network state, and transaction receipt.

Owner: Wallet APIOutput: basic money loop
NextP2

Pay and Receipts

QR contact, payment request, note, simple confirmation, receipt detail, and payment timeline.

Owner: Product + FrontendOutput: structured payment
NextP3

IBC Company Account

Company account switcher, role checks, signed invoices, service payment, and company receipt archive.

Owner: IBC servicesOutput: business loop
NextP3

Credential Center

MID card, address proof, tax number, IBC certificate, proof QR, and selective credential sharing.

Owner: Credential APIOutput: trusted cards
GatedP4

Swap and Vault Card

Controlled FC ecosystem swap, quote policy, large-operation Vault signing, and protected asset flows.

Owner: Policy + WalletOutput: advanced control
GatedP4

External Assets

BTC, ETH, TRON, SOL, and BNB balance view, receive, send, confirmations, and risk prompts.

Owner: Network adaptersOutput: secondary rails
Product logic

The product logic is simple: identity comes before financial capability.

Do not reduce M Wallet to an asset list. First help users understand their MID status, account context, and recovery posture. Assets, payments, IBC, credentials, and services should then appear as verified account capabilities.

Identity

MID Verified

The user owns or applies for a MID first. Sensitive actions and wallet recovery are linked to MID status, MID Card proof, account context, device session, and risk state.

Account

Personal / IBC

The account is the container. Personal and company accounts carry different balances, roles, receipts, permissions, and service records.

Capability

Payments and Credentials

Verified identity unlocks payments, payment requests, Credential Center, official notices, and service payments.

Control

MPC, Policy and Vault

Daily wallet control is recoverable through MID-based MPC policy; Swap, high-value payments, company reserves, credential sharing, and future MXCD require stricter policy rules and Vault Card protection.

Asset hierarchy

More assets are not automatically better. The hierarchy must stay clear.

FCA, USDF, MXCD Future, and external assets serve different product roles. The interface should make those roles obvious instead of treating everything as a flat token list.

FCA

Native asset
FCA asset mark

FC Chain's native asset represents network fuel, infrastructure, and the ecosystem base. Its visual language should stay calm navy plus soft champagne.

USDF

Payment rail
USDF asset mark

A USD-denominated payment rail for early payments, service payments, and receipt-based settlement experience. It should feel stable, friendly, and easy to use.

MXCD Future

Policy gated
MXCD future mark

A future settlement asset concept with stronger sovereign characteristics. It should be presented as a future rail only, without implying formal availability today.

External Networks

Supported
External network asset mark

BTC, ETH, TRON, Solana, and BNB Chain support balance view, receive addresses, and sending. They belong in the secondary wallet layer and should not enter Swap or dominate the product story.

Functional modules

Every page should revolve around account context and record keeping.

This is the core module map for development. Every module must answer: who is the user, which account is active, which actions are allowed, and what record is produced.

Entry

Home

MID status, account switching, balance overview, quick actions, pending requests, and official alerts.

Money

Wallet

FCA, USDF, MXCD Future, external assets, receive, send, and Vault status.

Exchange

Swap

USDF/FCA quote, rate, fee, policy check, confirmation, and receipt.

Payment

Pay

QR contacts, payment requests, notes, receipts, and confirmations without open-ended chat.

Business

IBC

Company accounts, roles, invoices, receipts, service records, and company reserves.

Identity

Credential Center

Digital ID, driver license, address proof, tax number, company certificates, and proof QR.

Security

Vault Card

NFC cold signing, high-value payments, company reserves, backup cards, and lost-card handling.

Official

Broadcast

Official broadcasts, signature verification, renewal reminders, security alerts, and deep links.

Service

Service Payment

Official invoices, payment rails, role verification, payment confirmation, and record archive.

Control

Settings

Devices, Passkey, biometrics, limits, recovery method, and notification preferences.

Product Requirement Matrix

Each feature needs one product, policy, data, and record definition.

Use this as the bridge between product design and engineering. If a row is incomplete, the feature is not ready for implementation.

Feature
User Story
Page and States
Rules and Records
Engineering Anchor
MID Account
As a user, I can see whether my MID is verified and which account is active.
Home, MID; no MID, pending, verified, suspended.
MID status gates sensitive actions; every status change creates audit history.
user, mid, account, device_session
MPC Wallet
As a MID holder, I can recover wallet access without relying only on a seed phrase.
Security, Recovery; active, new device, review, cooling period, recovered.
Identity proof, risk checks, notifications, and full recovery audit trail are mandatory.
mpc_policy, device_share, recovery_case
FCA / USDF
As a user, I can receive, send, and understand the role of the two FC Chain rails.
Wallet, Home; loading, available, network degraded, pending transaction.
Send requires policy check; every transfer produces receipt and transaction state.
asset_balance, address, transaction, receipt
Pay
As a user, I can add a contact by QR and exchange payment requests, notes, receipts, and confirmations.
Pay; empty, contact added, request pending, paid, failed, receipt ready.
Only structured payment communication is allowed; no open social chat in MVP.
contact, payment_request, message, receipt
Swap
As a user, I can swap within the FC ecosystem without entering external-chain trading.
Wallet, Swap; quote, expired, preview, policy blocked, completed.
Allowed pairs only; MVP prioritizes USDF / FCA; every swap creates a receipt.
swap_pair, quote, execution, policy
IBC Account
As a company user, I can pay official invoices from the correct company account.
IBC; no company, linked, role missing, invoice due, paid, archived.
Role check and invoice signature verification are mandatory before payment.
company, role, invoice, service_record
Credential Center
As a user, I can hold official cards and share limited proof when needed.
MID; no credential, issued, expired, shared, revoked.
Sharing requires consent, scope, expiry, and a proof or audit record.
credential, issuer, proof_request, consent
MID Card NFC
As a MID holder, I can tap the MID Card for identity signing and secure authentication.
MID, Security; card unbound, bound, tap requested, signed, failed.
MID Card is foundational identity capability, not the same as Vault Card.
mid_card, signing_payload, auth_event
Vault Card
As a user or company, I can protect large-value operations with NFC cold signing.
Wallet, Security; not bound, bound, tap to sign, backup card, lost card.
Large operations and protected assets require Vault policy and signing session.
vault_card, signing_session, protected_asset
Official Broadcast
As a user, I can distinguish official notices from normal app messages.
Home, Inbox; unread, verified issuer, action required, archived.
All official broadcasts require issuer signature verification and deep-link audit.
broadcast, issuer_signature, notification
External Assets
As a user, I can view, receive, and send BTC, ETH, TRON, SOL, and BNB assets.
Wallet; network enabled, receive address, send preview, confirmations, failed.
External assets do not enter Swap; large sends may require Vault or step-up checks.
network_adapter, external_address, chain_tx
Delivery Readiness Layer

A feature is ready only when product, policy, backend, design, and QA can all say yes.

This layer turns the guide into a release-quality checklist. It helps product owners decide what can enter sprint planning, helps engineering see contract boundaries, and helps QA know what must be verified.

01

Feature Readiness Scorecard

Use this as the meeting view before a feature enters PRD, UI design, backend design, or sprint planning.

Core accountReady

MID Account Spine

Identity state, account switcher, device session, MID Card binding, and audit event are defined.

SecurityPolicy

MPC Wallet Recovery

Recovery is a product advantage, but thresholds, review levels, and support scripts still need approval.

MoneyReady

FCA / USDF Receive and Send

Primary rails are clear; build must include fees, confirmations, receipts, and risk prompts.

PaymentReady

Pay and Receipts

Payment request, note, confirmation, and receipt are defined as structured communication only.

BusinessPolicy

IBC Account

Company wallet logic is clear; first service set and role approval rules need product sign-off.

IdentityReady

Credential Center

Core cards, proof sharing, consent, expiry, issuer signature, and audit record are defined.

ControlGated

Swap and Vault Card

Concept and policy boundary are clear; implementation should wait until account and risk model are stable.

Secondary railsPolicy

External Assets

View, receive, and send are required; launch networks, limits, fees, and confirmation rules need finalization.

02

Acceptance Criteria / QA Checklist

Every critical flow should be testable as a user journey, a policy check, and a backend record.

MID and Account

  • Shows current MID status and active account.
  • Blocks sensitive actions when MID is unavailable.
  • Creates audit events for status changes.

MPC Recovery

  • Requires MID holder proof and MID Card proof.
  • Applies device risk, cooling period, and review status.
  • Restores access without exposing complete private keys.

Pay and Receipt

  • Allows only payment request, note, receipt, and confirmation messages.
  • Shows verified counterparty status.
  • Creates receipts for sender and receiver.

IBC Invoice

  • Verifies company account and operator role.
  • Verifies official invoice signature before payment.
  • Archives receipt into company service record.

Credential Sharing

  • Shows sharing scope, expiry, and receiver purpose.
  • Requires explicit consent before proof generation.
  • Stores proof-sharing audit record.

External Asset Send

  • Validates network, address, fee, and balance.
  • Shows confirmation count and pending state.
  • Blocks unsupported swap and creates transaction receipt.

Swap

  • Only shows allowlisted FC ecosystem pairs.
  • Expires quote and prevents stale execution.
  • Generates swap receipt and policy audit.

Vault Card

  • Shows signing payload before NFC tap.
  • Requires Vault Card for protected large operations.
  • Records signing session and final transaction event.
03

Backend Contract Preview

This is not the final API spec. It is the contract boundary that tells engineering what each module must expose, validate, emit, and fail with.

Objects

user, mid, account, asset_balance, transaction, receipt, credential, invoice, audit_event

States

pending, verified, suspended, blocked, requires_step_up, signed, broadcasted, completed, failed

Policy Checks

MID active, selected account, role permission, device trust, quote validity, issuer signature, network availability, risk threshold, Vault requirement.

Events

mid.verified, account.switched, payment.completed, receipt.created, recovery.opened, vault.signed, broadcast.read

Error Families

MID_REQUIRED, ACCOUNT_FORBIDDEN, ROLE_DENIED, QUOTE_EXPIRED, NETWORK_UNAVAILABLE, VAULT_REQUIRED, ISSUER_UNVERIFIED

Non-negotiables

All sensitive actions need idempotency, policy result, human-readable summary, audit event, and user-facing receipt or security notice.

Design System and Page States

Turn product logic into repeatable UI rules before drawing more screens.

This layer gives design and frontend teams a shared component language. Every screen should express identity, account context, trust status, risk state, and record outcome in a consistent way.

Navigation

Account Switcher

Shows Personal, IBC, and future Vault context before sensitive actions. It prevents paying or signing from the wrong account.

Required on Home, Wallet, Pay, IBC, and Settings.
Status

Status Chip

Uses short labels for Verified, Pending, Policy, Blocked, Signed, Future, and Expired. Chips must never replace explanatory text for blocked actions.

Use with credentials, invoices, accounts, and transactions.
Assets

Asset Card

Separates primary FC Chain rails from secondary external assets. FCA and USDF should appear before external networks.

Show asset role, network, balance, send, receive, and receipt entry.
Identity

Credential Card

Card-style credential storage for MID, Address Proof, Tax Number, IBC Certificate, and future official cards.

Always show issuer, validity, proof action, and sharing scope.
Record

Receipt Card

Receipts are proof of product trust. They should cover payments, swaps, service invoices, credential sharing, and security actions.

Show timestamp, account, asset, counterparty, status, and export entry.
Pay

Payment Request Card

Supports payment request, note, receipt, and simple confirmation. It should not become open-ended social chat.

Show verified counterparty, amount, rail, note, and confirmation state.
Official

Broadcast Card

Official notices must feel signed, verified, and actionable without looking like marketing push messages.

Show issuer, signature state, priority, channel, and deep link target.
Risk

Step-up Panel

Explains why an action needs MID Card, Vault Card, MPC recovery, role approval, or a waiting period.

Use for blocked, high-value, recovery, and policy-gated flows.
Page states

Core Page State Specification

Each page should be designed with its empty, normal, pending, blocked, risk, and success states before production UI starts.

Home

No MID, review pending, verified, IBC available, payment request pending, official notice, security alert.

Wallet

No assets, FCA / USDF active, external assets enabled, receive address, network degraded, Vault required.

Pay

No contacts, QR contact added, request pending, paid, failed, receipt ready, counterparty not verified.

IBC

No company, linked company, role missing, signed invoice due, payment pending, paid and archived.

MID

No credential, issued, expired, shareable, shared, revoked, MID Card tap required.

Swap

No pairs, quote loading, quote expired, policy blocked, preview, completed, receipt available.

Security

Trusted device, new device, recovery opened, cooling period, review required, Vault Card unbound.

Broadcast

No messages, unread official notice, verified invoice, action required, archived, issuer unverified.

Trust and risk UX

Use color and copy to explain trust, not to decorate.

Risk states must be understandable, actionable, and auditable. Never ask users to sign or pay without a human-readable explanation.

GreenVerified, allowed, completed, trusted.
BlueInformational, in progress, system state.
GoldPolicy-gated, future, requires attention.
CoralRisk, failed, blocked, action needed.

Blocked Action

Always show reason, next step, and whether the user can resolve it alone.

Human-readable Payload

High-risk signing must show amount, asset, account, counterparty, network, and purpose.

MID Card vs Vault Card

MID Card proves identity; Vault Card protects high-value signing. UI copy must keep them distinct.

Receipts and Audit

Every payment, swap, recovery, credential share, and official action needs a visible record path.

Design direction

UI direction: the ease of a modern bank wallet with the trust of an official identity system.

The interface should feel fresh, light, and trusted. It should not feel like an exchange, a heavy government portal, or a speculative crypto app.

Exploration space

Use the Design Sample Lab before locking a visual direction.

The lab compares Fresh Finance, Living Wallet, Civic Trust, MID-First Identity, and FC Ecosystem Wallet routes without changing the official guide too early.

Open Sample Lab
9:41MID
M Wallet app icon
M WalletMID verified account

MID Credential

Verified · Montserrat Digital ID

Total assets

$2,847.90

Personal account · FC Chain

FCA
FCANetwork fuel
128.4
USDF
USDFPayment rail
2,250
Send
Request
Swap
Receive
Scan

Payment request

Amina Joseph · 250 USDF · verified MID

Frontend UI Direction Interface

  • Prioritize stable navigation: Home, Wallet, Pay, IBC, and MID.
  • Use compact 8px-radius cards for assets, credentials, invoices, and receipts.
  • Keep status chips consistent: Verified, Future, Policy, Due, Signed.
  • Use the new soft FCA and USDF icons instead of heavier dark versions.

Product Design Direction Experience

  • Each page should state identity and account context before functionality.
  • Pay is structured payment communication, not social messaging.
  • Credential Center can learn from Apple Wallet while preserving official identity trust.
  • Vault Card should explain signing protection, not look like a normal bank card.

Brand Direction Brand

  • The M mark belongs to M Wallet and the future MXCD green glass identity asset.
  • FCA expresses infrastructure: navy, slate, and champagne.
  • USDF expresses friendly payment: terracotta, coral, and soft champagne.
  • Avoid heavy metal, black exchange styling, casino chips, and purple Web3 cues.

Customer Experience Value CX

  • Users know the payment counterparty has been verified, reducing fraud anxiety.
  • Service payments form a complete loop: invoice, signature, payment, and receipt.
  • Personal and company accounts stay separate, reducing operational confusion.
  • High-value actions require Vault Card, making security concrete and understandable.
Engineering view

The backend is not just wallet APIs. It is an identity-bound account system.

The core engineering objects are not tokens alone. They are user, MID, account, MPC policy, recovery case, credential, invoice, receipt, policy, and audit event.

Domain
Core Objects
Required Checks
Required Output
Identity
user_id, mid_id, credential status, device session
MID active state, trusted device, and step-up requirement
Verification state, audit event, credential lifecycle
MPC Recovery
recovery_case_id, device shares, MID Card proof, risk score
MID holder proof, device risk, cooling period, review status
New device share, recovery audit trail, security notifications
Account
account_id, account type, roles, policy profile
Personal or IBC match, role permission, account status
Account context, permission result, risk message
Wallet
Balances, assets, network status, receive addresses, send transactions
Asset availability, network state, address validation, fee policy, limits, and risk controls
Balance view, receive address, send state, confirmation count, receipt, audit event
Payment
Contact, payment request, note, receipt, confirmation
Verified contact state and allowed message type
Structured message, payment status, receipt
IBC
Company, role, invoice, service record, receipt
Company status, role permission, invoice signature
Company record, payment receipt, service archive
Vault
Vault Card, signing session, protected assets
Signing payload, NFC card, biometric signal, card status
Signing result, transaction broadcast, audit record
Role playbooks

Each team's working focus should be explicit enough to review.

These cards are the working checklist for each team when reviewing this guide.

Product Owner Scope

  • Keep MVP focused on MID, Personal/IBC account, FCA/USDF, payment request, receipt, and Credential Center.
  • Move MXCD Future, complex multichain flows, open chat, and advanced exchange into later phases.
  • Define empty, error, permission, and success states for every page.

Backend Engineer API

  • Account-level authorization is a prerequisite for every sensitive endpoint.
  • Payments, external asset sends, Swap, credential sharing, MPC recovery, and Vault signing must create a receipt or audit event.
  • Quote, invoice payment, recovery case, and signing session flows must support idempotency.

Chief Architect Architecture

  • Check whether every module uses one shared account model.
  • Check whether IBC, Vault, and Credential Center can scale as independent services.
  • Check whether policy gates can cover future MXCD and official services.

Marketing Narrative

  • Main story: a trusted digital account, not a conventional crypto wallet.
  • For users: verified identity makes payments, services, credentials, and company accounts simpler.
  • For government and partners: identity, receipts, official notices, and service payments form a closed loop.
User Journey Map

The product should be reviewed through real user paths, not only modules.

These journeys show how identity, account context, payment, credentials, and records work together. They are also a practical checklist for product, design, backend, QA, marketing, and customer experience teams.

J01MVP

New MID Holder Activates Wallet

The user verifies MID, binds MID Card, creates the daily MPC wallet, receives FCA / USDF, and sees the first receipt.

  1. MID status confirmed
  2. Passkey, biometric, and MID Card bound
  3. MPC daily wallet enabled
  4. FCA / USDF receive address created
  5. First transaction receipt stored
Success signal: wallet created, recovery posture visible, first receipt generated.
J02Pay

Verified Payment Between Users

Two MID users add each other by QR, exchange a structured payment request, add a note, pay in USDF or FCA, and keep receipts.

  1. QR contact created
  2. Verified MID badge shown
  3. Payment request and note sent
  4. Payment confirmed with policy check
  5. Receipt available to both users
Success signal: users trust the counterparty and understand the payment record.
J03IBC

IBC Company Pays Official Invoice

A company operator switches to the IBC account, opens a signed invoice, passes role checks, pays, and archives the service receipt.

  1. Company account selected
  2. Role permission checked
  3. Official invoice signature verified
  4. USDF / FCA payment completed
  5. Receipt attached to company record
Success signal: company payment is traceable, authorized, and service-linked.
J04Recovery

User Recovers Wallet After Losing Device

The user proves MID ownership, uses MID Card and risk checks, passes the recovery policy, and restores wallet access without exposing private keys.

  1. Recovery case opened
  2. MID holder and MID Card proof verified
  3. Risk score and cooling period applied
  4. New device share established
  5. Security notifications and audit trail created
Success signal: access is recovered safely, with no seed phrase dependency.
J05Credential

User Shares an Official Proof

The user opens Credential Center, selects address proof or tax number, reviews the sharing scope, and generates a limited proof QR.

  1. Credential validity checked
  2. Sharing scope and expiry shown
  3. User confirms consent
  4. Proof QR generated
  5. Sharing record stored
Success signal: proof sharing is useful, limited, and understandable.
J06Control

Large Operation Requires Vault Card

A high-value send, company reserve movement, or protected swap triggers Vault policy and asks the user to tap the NFC Vault Card.

  1. Risk threshold reached
  2. Signing payload previewed
  3. Vault Card tap requested
  4. Signature verified
  5. Transaction and audit record finalized
Success signal: high-value security feels concrete, not abstract.
Narrative and metrics

Marketing narrative and experience value must match product logic.

External storytelling can be simpler, but it must not drift away from the internal product logic: MID-first, verified account, trusted payment, official records.

One-sentence Narrative

M Wallet turns a verified MID into a trusted digital account for payments, credentials, company services, and secure asset control.

Real Advantage

Users do not lose assets just because they forgot a seed phrase or lost a device. MID-based MPC recovery keeps wallet access recoverable while still controlled by strict identity and risk checks.

Narrative Boundaries

Do not present M Wallet as a high-yield wallet, trading tool, speculative stablecoin product, or already approved sovereign currency system.

Activation Metrics

MID verification completion, wallet creation completion, MID Card binding, MPC recovery setup, Passkey and biometric binding rate.

Payment Metrics

First receive, payment request creation, payment completion, receipt view rate.

Service Metrics

IBC account binding, official invoice open rate, service payment completion, receipt export rate.

Build roadmap

Recommended build order: stabilize the trusted account loop first.

This is not a signal to build every feature at once. First prove the product logic with a working loop, then expand into complex assets and advanced security.

Phase 1

Identity and Account

MID status, account switching, FCA/USDF balances, receive, basic receipts, and notification entry.

Phase 2

Payment Layer

QR contacts, payment requests, payment notes, receipts, confirmation messages, and Pay timeline.

Phase 3

IBC Services

Company accounts, role rules, official invoices, service payments, and company receipt archive.

Phase 4

Advanced Control

Controlled Swap, Vault Card, external asset view/receive/send, and future MXCD policy gate.

Decision Log

Open decisions should move from discussion into ownership.

This log keeps unresolved questions visible without letting them blur the product direction. Each item has a recommended default, risk, owner, and next action.

Decision
Recommended Default
Risk if Unclear
Owner
Next Action
USDF Boundary
Describe USDF as an FC Chain USD-denominated payment rail and early ecosystem settlement expression, not as approved sovereign currency.
Legal, market, and partner language may overpromise reserve, issuance, or MXCD relationship.
Product + Legal + Market
Write approved disclosure copy for app, website, deck, and function manual.
MPC Recovery Policy
Use MID holder verification, MID Card proof, device risk, cooling period, notifications, and manual review for high-risk cases.
Weak recovery can create asset risk; vague recovery can reduce the product's strongest advantage.
Security + Backend + CX
Define recovery levels, thresholds, audit events, and customer support scripts.
IBC Launch Scope
Launch company account, signed invoice, role payment, service receipt, and basic certificate record first.
Too many services can delay MVP and confuse the company account model.
Product + IBC Service
Pick first official services: registration, renewal, address proof, tax number, or certificate.
Vault Card Timing
Show Vault Card as a visible security module in MVP, but enable signing after core account and policy model stabilizes.
If launched too early, it may confuse users with MID Card; if hidden, the security story feels weaker.
Product + Security + Design
Define difference between MID Card, MPC Wallet, and Vault Card in UI copy.
External Asset Networks
Support view, receive, and send for BTC, ETH, TRON, SOL, and BNB as secondary wallet rails; no external-chain Swap.
Without clear send support, assets feel unusable; without limits, scope becomes a general crypto wallet.
Wallet API + Risk
Set launch networks, fee policy, send limits, confirmation rules, and risk prompts.
Credential Launch Cards
Prioritize MID Digital ID, MID Card NFC, Address Proof, Tax Number, and IBC Certificate before optional cards.
Random credential order weakens official usefulness and creates design noise.
Product + Credential API
Define card schema, issuer signature, expiry, revocation, and proof-sharing rules.
Official Broadcast Console
Build signed broadcast channels for official notices, invoices, renewal reminders, and security alerts.
Unverified messages can damage trust and create phishing-like confusion.
Government Service + Backend
Define issuer identity, priority, signature verification, deep links, and audit log.
Team Work Entry

Start by role, then use the full reference library.

This is no longer a plain file list. It is the working navigation for the M Wallet team, giving product, design, engineering, brand, market, government, and customer experience teams a shared way into the same product logic.

Recommended Use

Read this team guide first to understand the product north star, then enter the role-specific references. Every reference stays paired in EN / Chinese, with English as the source site and Chinese as the mirror for internal and external communication.

Version Status

The current package covers product logic, screen storyboard, function manual, engineering spec, interactive prototype, government architecture, asset marks, and ecosystem brand.

Product

Product Owner

Confirm scope, MVP phase, permission rules, core flows, and open decisions before splitting PRD work.

Function Manual EN MD 中文
Engineering

Backend and Chief Engineering

Use the engineering spec to organize accounts, MID, MPC, credentials, receipts, audit trails, and permission models.

Engineering Spec 中文 Manual
Brand

Brand and Visual Assets

Review M Wallet, FCA, USDF, MXCD, and ecosystem relationships so asset hierarchy and mark usage stay consistent.

Ecosystem Brand Asset Marks 中文
Government / Market

Government and Market Narrative

Use the government architecture page to align external language around MID-first, trusted accounts, official services, compliance boundaries, and future policy gates.

Government Architecture 中文 Team Guide
CX

Customer Experience and Operations

Use the manual and storyboard to explain the user advantages: identity recovery, receipts, official notices, credential center, and secure signing.

Function Manual Storyboard 中文指南

Complete Reference Library

Use this library when you need a specific EN / Chinese paired document.

Design Sample Lab ENEnglish source for comparing design directions before formal UI guidance. 设计样品实验室 中文中文镜像,用于团队讨论不同设计思路。 Screen Flow Storyboard ENEnglish source for UI and product design teams. Screen Flow Storyboard 中文Chinese mirror for UI and product design teams. Function Manual ENEnglish product owner manual webpage and PRD breakdown source. Function Manual 中文Chinese product owner manual webpage. Function Manual EN MDEnglish Markdown source retained for editing and versioned notes. Function Manual 中文 MDChinese Markdown source retained for editing and versioned notes. Engineering Spec ENEnglish page, data, and API specification for backend teams. Engineering Spec 中文Chinese page, data, and API specification for backend teams. Interactive Prototype ENEnglish interactive concept prototype. Interactive Prototype 中文Chinese interactive concept prototype. Government Architecture ENEnglish architecture narrative for government, investors, and partners. Government Architecture 中文Chinese architecture narrative for government, investors, and partners. FC Asset Marks ENEnglish visual direction for FCA, USDF, and asset marks. FC Asset Marks 中文Chinese visual direction for FCA, USDF, and asset marks. Ecosystem Brand ENEnglish brand relationship across M Wallet, MID, MXCD, and the wider ecosystem. Ecosystem Brand 中文Chinese brand relationship across M Wallet, MID, MXCD, and the wider ecosystem. Chinese VersionChinese mirror of this source guide with the same structure and product logic.