M Wallet green glass mark
M Wallet Team Development Guide
English Chinese
Internal alignment website

Turn M Wallet into a product system the whole team can understand.

This site is the English source for internal development. It gives product owners the scope, frontend UI teams the interface direction, backend engineers the business objects and rules, chief engineers the system logic, marketing the narrative, brand teams the visual direction, and customer experience teams the user value.

MID-first FC Chain rails IBC account Credential cards Vault Card Official services
Role-based entry

Every team member should know exactly where to start.

This site is not a loose document archive. It is a role-based workbench with clear questions, deliverables, and review standards for each team.

Product Owner

Product Owner

Confirm scope, priorities, page entry points, MVP phases, and open product decisions.

View product boundaries Frontend UI

Frontend UI

Understand page structure, component rhythm, status chips, asset marks, and navigation hierarchy.

View interface direction Product Design

Product Designer

Turn identity, assets, payments, credentials, IBC, and Vault into one coherent user experience.

View design logic Backend

Backend Engineer

Understand the boundaries for account, receipt, credential, invoice, policy, and audit objects.

View API needs Chief Architect

Chief Architect

Check whether modules, permissions, risk gates, and future expansion share one system logic.

View system logic Marketing

Marketing

Explain in plain language that this is a trusted digital account, not a conventional wallet.

View narrative frame Brand

Brand Team

Unify the M mark, FCA, USDF, MXCD Future, and the green identity system into one visual family.

View brand direction Customer Experience

Customer Experience

Identify the real advantages: trusted identity, recoverable wallet access, clear payments, complete records, and closed service loops.

View experience value
MVP Command Center

Build the trusted account loop before adding complexity.

This section turns the product vision into a working release board. A module is not ready until the page, policy rule, backend object, receipt or audit event, and team handoff are all clear.

Release rule Identity, account context, permission checks, and records must exist before money movement feels complete.
Build focus Prioritize MID, Personal / IBC account, MPC recovery, FCA / USDF, Pay, receipts, and official notices.
Scope guard Keep open trading, external-chain swaps, speculative MXCD claims, and broad chat outside the MVP.
NowP1

MID Account Spine

Verified MID, selected account, device session, passkey / biometric state, and MID Card binding.

Owner: Product + Identity APIOutput: account context
NowP1

MPC Daily Wallet

Daily signing, device share model, recoverable access, risk checks, cooling period, and security notices.

Owner: Security + BackendOutput: recoverable control
NowP1

FCA / USDF Wallet

Primary FC Chain balances, receive, send, fee display, network state, and transaction receipt.

Owner: Wallet APIOutput: basic money loop
NextP2

Pay and Receipts

QR contact, payment request, note, simple confirmation, receipt detail, and payment timeline.

Owner: Product + FrontendOutput: structured payment
NextP3

IBC Company Account

Company account switcher, role checks, signed invoices, service payment, and company receipt archive.

Owner: IBC servicesOutput: business loop
NextP3

Credential Center

MID card, address proof, tax number, IBC certificate, proof QR, and selective credential sharing.

Owner: Credential APIOutput: trusted cards
GatedP4

Swap and Vault Card

Controlled FC ecosystem swap, quote policy, large-operation Vault signing, and protected asset flows.

Owner: Policy + WalletOutput: advanced control
GatedP4

External Assets

BTC, ETH, TRON, SOL, and BNB balance view, receive, send, confirmations, and risk prompts.

Owner: Network adaptersOutput: secondary rails
Product logic

The product logic is simple: identity comes before financial capability.

Do not reduce M Wallet to an asset list. First help users understand their MID status, account context, and recovery posture. Assets, payments, IBC, credentials, and services should then appear as verified account capabilities.

Identity

MID Verified

The user owns or applies for a MID first. Sensitive actions and wallet recovery are linked to MID status, MID Card proof, account context, device session, and risk state.

Account

Personal / IBC

The account is the container. Personal and company accounts carry different balances, roles, receipts, permissions, and service records.

Capability

Payments and Credentials

Verified identity unlocks payments, payment requests, Credential Center, official notices, and service payments.

Control

MPC, Policy and Vault

Daily wallet control is recoverable through MID-based MPC policy; Swap, high-value payments, company reserves, credential sharing, and future MXCD require stricter policy rules and Vault Card protection.

Asset hierarchy

More assets are not automatically better. The hierarchy must stay clear.

FCA, USDF, MXCD Future, and external assets serve different product roles. The interface should make those roles obvious instead of treating everything as a flat token list.

FCA

Native asset
FCA asset mark

FC Chain's native asset represents network fuel, infrastructure, and the ecosystem base. Its visual language should stay calm navy plus soft champagne.

USDF

Payment rail
USDF asset mark

A USD-denominated payment rail for early payments, service payments, and receipt-based settlement experience. It should feel stable, friendly, and easy to use.

MXCD Future

Policy gated
MXCD future mark

A future settlement asset concept with stronger sovereign characteristics. It should be presented as a future rail only, without implying formal availability today.

External Networks

Supported
External network asset mark

BTC, ETH, TRON, Solana, and BNB Chain support balance view, receive addresses, and sending. They belong in the secondary wallet layer and should not enter Swap or dominate the product story.

Functional modules

Every page should revolve around account context and record keeping.

This is the core module map for development. Every module must answer: who is the user, which account is active, which actions are allowed, and what record is produced.

Entry

Home

MID status, account switching, balance overview, quick actions, pending requests, and official alerts.

Money

Wallet

FCA, USDF, MXCD Future, external assets, receive, send, and Vault status.

Exchange

Swap

USDF/FCA quote, rate, fee, policy check, confirmation, and receipt.

Payment

Pay

QR contacts, payment requests, notes, receipts, and confirmations without open-ended chat.

Business

IBC

Company accounts, roles, invoices, receipts, service records, and company reserves.

Identity

Credential Center

Digital ID, driver license, address proof, tax number, company certificates, and proof QR.

Security

Vault Card

NFC cold signing, high-value payments, company reserves, backup cards, and lost-card handling.

Official

Broadcast

Official broadcasts, signature verification, renewal reminders, security alerts, and deep links.

Service

Service Payment

Official invoices, payment rails, role verification, payment confirmation, and record archive.

Control

Settings

Devices, Passkey, biometrics, limits, recovery method, and notification preferences.

Product Requirement Matrix

Each feature needs one product, policy, data, and record definition.

Use this as the bridge between product design and engineering. If a row is incomplete, the feature is not ready for implementation.

Feature
User Story
Page and States
Rules and Records
Engineering Anchor
MID Account
As a user, I can see whether my MID is verified and which account is active.
Home, MID; no MID, pending, verified, suspended.
MID status gates sensitive actions; every status change creates audit history.
user, mid, account, device_session
MPC Wallet
As a MID holder, I can recover wallet access without relying only on a seed phrase.
Security, Recovery; active, new device, review, cooling period, recovered.
Identity proof, risk checks, notifications, and full recovery audit trail are mandatory.
mpc_policy, device_share, recovery_case
FCA / USDF
As a user, I can receive, send, and understand the role of the two FC Chain rails.
Wallet, Home; loading, available, network degraded, pending transaction.
Send requires policy check; every transfer produces receipt and transaction state.
asset_balance, address, transaction, receipt
Pay
As a user, I can add a contact by QR and exchange payment requests, notes, receipts, and confirmations.
Pay; empty, contact added, request pending, paid, failed, receipt ready.
Only structured payment communication is allowed; no open social chat in MVP.
contact, payment_request, message, receipt
Swap
As a user, I can swap within the FC ecosystem without entering external-chain trading.
Wallet, Swap; quote, expired, preview, policy blocked, completed.
Allowed pairs only; MVP prioritizes USDF / FCA; every swap creates a receipt.
swap_pair, quote, execution, policy
IBC Account
As a company user, I can pay official invoices from the correct company account.
IBC; no company, linked, role missing, invoice due, paid, archived.
Role check and invoice signature verification are mandatory before payment.
company, role, invoice, service_record
Credential Center
As a user, I can hold official cards and share limited proof when needed.
MID; no credential, issued, expired, shared, revoked.
Sharing requires consent, scope, expiry, and a proof or audit record.
credential, issuer, proof_request, consent
MID Card NFC
As a MID holder, I can tap the MID Card for identity signing and secure authentication.
MID, Security; card unbound, bound, tap requested, signed, failed.
MID Card is foundational identity capability, not the same as Vault Card.
mid_card, signing_payload, auth_event
Vault Card
As a user or company, I can protect large-value operations with NFC cold signing.
Wallet, Security; not bound, bound, tap to sign, backup card, lost card.
Large operations and protected assets require Vault policy and signing session.
vault_card, signing_session, protected_asset
Official Broadcast
As a user, I can distinguish official notices from normal app messages.
Home, Inbox; unread, verified issuer, action required, archived.
All official broadcasts require issuer signature verification and deep-link audit.
broadcast, issuer_signature, notification
External Assets
As a user, I can view, receive, and send BTC, ETH, TRON, SOL, and BNB assets.
Wallet; network enabled, receive address, send preview, confirmations, failed.
External assets do not enter Swap; large sends may require Vault or step-up checks.
network_adapter, external_address, chain_tx
Design direction

UI direction: the ease of a modern bank wallet with the trust of an official identity system.

The interface should feel fresh, light, and trusted. It should not feel like an exchange, a heavy government portal, or a speculative crypto app.

9:41MID
M Wallet app icon
M WalletMID verified account

MID Credential

Verified · Montserrat Digital ID

Total assets

$2,847.90

Personal account · FC Chain

FCA
FCANetwork fuel
128.4
USDF
USDFPayment rail
2,250
Send
Request
Swap
Receive
Scan

Payment request

Amina Joseph · 250 USDF · verified MID

Frontend UI Direction Interface

  • Prioritize stable navigation: Home, Wallet, Pay, IBC, and MID.
  • Use compact 8px-radius cards for assets, credentials, invoices, and receipts.
  • Keep status chips consistent: Verified, Future, Policy, Due, Signed.
  • Use the new soft FCA and USDF icons instead of heavier dark versions.

Product Design Direction Experience

  • Each page should state identity and account context before functionality.
  • Pay is structured payment communication, not social messaging.
  • Credential Center can learn from Apple Wallet while preserving official identity trust.
  • Vault Card should explain signing protection, not look like a normal bank card.

Brand Direction Brand

  • The M mark belongs to M Wallet and the future MXCD green glass identity asset.
  • FCA expresses infrastructure: navy, slate, and champagne.
  • USDF expresses friendly payment: terracotta, coral, and soft champagne.
  • Avoid heavy metal, black exchange styling, casino chips, and purple Web3 cues.

Customer Experience Value CX

  • Users know the payment counterparty has been verified, reducing fraud anxiety.
  • Service payments form a complete loop: invoice, signature, payment, and receipt.
  • Personal and company accounts stay separate, reducing operational confusion.
  • High-value actions require Vault Card, making security concrete and understandable.
Engineering view

The backend is not just wallet APIs. It is an identity-bound account system.

The core engineering objects are not tokens alone. They are user, MID, account, MPC policy, recovery case, credential, invoice, receipt, policy, and audit event.

Domain
Core Objects
Required Checks
Required Output
Identity
user_id, mid_id, credential status, device session
MID active state, trusted device, and step-up requirement
Verification state, audit event, credential lifecycle
MPC Recovery
recovery_case_id, device shares, MID Card proof, risk score
MID holder proof, device risk, cooling period, review status
New device share, recovery audit trail, security notifications
Account
account_id, account type, roles, policy profile
Personal or IBC match, role permission, account status
Account context, permission result, risk message
Wallet
Balances, assets, network status, receive addresses, send transactions
Asset availability, network state, address validation, fee policy, limits, and risk controls
Balance view, receive address, send state, confirmation count, receipt, audit event
Payment
Contact, payment request, note, receipt, confirmation
Verified contact state and allowed message type
Structured message, payment status, receipt
IBC
Company, role, invoice, service record, receipt
Company status, role permission, invoice signature
Company record, payment receipt, service archive
Vault
Vault Card, signing session, protected assets
Signing payload, NFC card, biometric signal, card status
Signing result, transaction broadcast, audit record
Role playbooks

Each team's working focus should be explicit enough to review.

These cards are the working checklist for each team when reviewing this guide.

Product Owner Scope

  • Keep MVP focused on MID, Personal/IBC account, FCA/USDF, payment request, receipt, and Credential Center.
  • Move MXCD Future, complex multichain flows, open chat, and advanced exchange into later phases.
  • Define empty, error, permission, and success states for every page.

Backend Engineer API

  • Account-level authorization is a prerequisite for every sensitive endpoint.
  • Payments, external asset sends, Swap, credential sharing, MPC recovery, and Vault signing must create a receipt or audit event.
  • Quote, invoice payment, recovery case, and signing session flows must support idempotency.

Chief Architect Architecture

  • Check whether every module uses one shared account model.
  • Check whether IBC, Vault, and Credential Center can scale as independent services.
  • Check whether policy gates can cover future MXCD and official services.

Marketing Narrative

  • Main story: a trusted digital account, not a conventional crypto wallet.
  • For users: verified identity makes payments, services, credentials, and company accounts simpler.
  • For government and partners: identity, receipts, official notices, and service payments form a closed loop.
User Journey Map

The product should be reviewed through real user paths, not only modules.

These journeys show how identity, account context, payment, credentials, and records work together. They are also a practical checklist for product, design, backend, QA, marketing, and customer experience teams.

J01MVP

New MID Holder Activates Wallet

The user verifies MID, binds MID Card, creates the daily MPC wallet, receives FCA / USDF, and sees the first receipt.

  1. MID status confirmed
  2. Passkey, biometric, and MID Card bound
  3. MPC daily wallet enabled
  4. FCA / USDF receive address created
  5. First transaction receipt stored
Success signal: wallet created, recovery posture visible, first receipt generated.
J02Pay

Verified Payment Between Users

Two MID users add each other by QR, exchange a structured payment request, add a note, pay in USDF or FCA, and keep receipts.

  1. QR contact created
  2. Verified MID badge shown
  3. Payment request and note sent
  4. Payment confirmed with policy check
  5. Receipt available to both users
Success signal: users trust the counterparty and understand the payment record.
J03IBC

IBC Company Pays Official Invoice

A company operator switches to the IBC account, opens a signed invoice, passes role checks, pays, and archives the service receipt.

  1. Company account selected
  2. Role permission checked
  3. Official invoice signature verified
  4. USDF / FCA payment completed
  5. Receipt attached to company record
Success signal: company payment is traceable, authorized, and service-linked.
J04Recovery

User Recovers Wallet After Losing Device

The user proves MID ownership, uses MID Card and risk checks, passes the recovery policy, and restores wallet access without exposing private keys.

  1. Recovery case opened
  2. MID holder and MID Card proof verified
  3. Risk score and cooling period applied
  4. New device share established
  5. Security notifications and audit trail created
Success signal: access is recovered safely, with no seed phrase dependency.
J05Credential

User Shares an Official Proof

The user opens Credential Center, selects address proof or tax number, reviews the sharing scope, and generates a limited proof QR.

  1. Credential validity checked
  2. Sharing scope and expiry shown
  3. User confirms consent
  4. Proof QR generated
  5. Sharing record stored
Success signal: proof sharing is useful, limited, and understandable.
J06Control

Large Operation Requires Vault Card

A high-value send, company reserve movement, or protected swap triggers Vault policy and asks the user to tap the NFC Vault Card.

  1. Risk threshold reached
  2. Signing payload previewed
  3. Vault Card tap requested
  4. Signature verified
  5. Transaction and audit record finalized
Success signal: high-value security feels concrete, not abstract.
Narrative and metrics

Marketing narrative and experience value must match product logic.

External storytelling can be simpler, but it must not drift away from the internal product logic: MID-first, verified account, trusted payment, official records.

One-sentence Narrative

M Wallet turns a verified MID into a trusted digital account for payments, credentials, company services, and secure asset control.

Real Advantage

Users do not lose assets just because they forgot a seed phrase or lost a device. MID-based MPC recovery keeps wallet access recoverable while still controlled by strict identity and risk checks.

Narrative Boundaries

Do not present M Wallet as a high-yield wallet, trading tool, speculative stablecoin product, or already approved sovereign currency system.

Activation Metrics

MID verification completion, wallet creation completion, MID Card binding, MPC recovery setup, Passkey and biometric binding rate.

Payment Metrics

First receive, payment request creation, payment completion, receipt view rate.

Service Metrics

IBC account binding, official invoice open rate, service payment completion, receipt export rate.

Build roadmap

Recommended build order: stabilize the trusted account loop first.

This is not a signal to build every feature at once. First prove the product logic with a working loop, then expand into complex assets and advanced security.

Phase 1

Identity and Account

MID status, account switching, FCA/USDF balances, receive, basic receipts, and notification entry.

Phase 2

Payment Layer

QR contacts, payment requests, payment notes, receipts, confirmation messages, and Pay timeline.

Phase 3

IBC Services

Company accounts, role rules, official invoices, service payments, and company receipt archive.

Phase 4

Advanced Control

Controlled Swap, Vault Card, external asset view/receive/send, and future MXCD policy gate.

Decision Log

Open decisions should move from discussion into ownership.

This log keeps unresolved questions visible without letting them blur the product direction. Each item has a recommended default, risk, owner, and next action.

Decision
Recommended Default
Risk if Unclear
Owner
Next Action
USDF Boundary
Describe USDF as an FC Chain USD-denominated payment rail and early ecosystem settlement expression, not as approved sovereign currency.
Legal, market, and partner language may overpromise reserve, issuance, or MXCD relationship.
Product + Legal + Market
Write approved disclosure copy for app, website, deck, and function manual.
MPC Recovery Policy
Use MID holder verification, MID Card proof, device risk, cooling period, notifications, and manual review for high-risk cases.
Weak recovery can create asset risk; vague recovery can reduce the product's strongest advantage.
Security + Backend + CX
Define recovery levels, thresholds, audit events, and customer support scripts.
IBC Launch Scope
Launch company account, signed invoice, role payment, service receipt, and basic certificate record first.
Too many services can delay MVP and confuse the company account model.
Product + IBC Service
Pick first official services: registration, renewal, address proof, tax number, or certificate.
Vault Card Timing
Show Vault Card as a visible security module in MVP, but enable signing after core account and policy model stabilizes.
If launched too early, it may confuse users with MID Card; if hidden, the security story feels weaker.
Product + Security + Design
Define difference between MID Card, MPC Wallet, and Vault Card in UI copy.
External Asset Networks
Support view, receive, and send for BTC, ETH, TRON, SOL, and BNB as secondary wallet rails; no external-chain Swap.
Without clear send support, assets feel unusable; without limits, scope becomes a general crypto wallet.
Wallet API + Risk
Set launch networks, fee policy, send limits, confirmation rules, and risk prompts.
Credential Launch Cards
Prioritize MID Digital ID, MID Card NFC, Address Proof, Tax Number, and IBC Certificate before optional cards.
Random credential order weakens official usefulness and creates design noise.
Product + Credential API
Define card schema, issuer signature, expiry, revocation, and proof-sharing rules.
Official Broadcast Console
Build signed broadcast channels for official notices, invoices, renewal reminders, and security alerts.
Unverified messages can damage trust and create phishing-like confusion.
Government Service + Backend
Define issuer identity, priority, signature verification, deep links, and audit log.
Team Work Entry

Start by role, then use the full reference library.

This is no longer a plain file list. It is the working navigation for the M Wallet team, giving product, design, engineering, brand, market, government, and customer experience teams a shared way into the same product logic.

Recommended Use

Read this team guide first to understand the product north star, then enter the role-specific references. Every reference stays paired in EN / Chinese, with English as the source site and Chinese as the mirror for internal and external communication.

Version Status

The current package covers product logic, screen storyboard, function manual, engineering spec, interactive prototype, government architecture, asset marks, and ecosystem brand.

Product

Product Owner

Confirm scope, MVP phase, permission rules, core flows, and open decisions before splitting PRD work.

Function Manual EN MD 中文
Design

Product Design and Frontend UI

Use the screen storyboard and interactive prototype to understand layouts, states, and scenarios for each feature page.

Screen Storyboard Prototype 中文
Engineering

Backend and Chief Engineering

Use the engineering spec to organize accounts, MID, MPC, credentials, receipts, audit trails, and permission models.

Engineering Spec 中文 Manual
Brand

Brand and Visual Assets

Review M Wallet, FCA, USDF, MXCD, and ecosystem relationships so asset hierarchy and mark usage stay consistent.

Ecosystem Brand Asset Marks 中文
Government / Market

Government and Market Narrative

Use the government architecture page to align external language around MID-first, trusted accounts, official services, compliance boundaries, and future policy gates.

Government Architecture 中文 Team Guide
CX

Customer Experience and Operations

Use the manual and storyboard to explain the user advantages: identity recovery, receipts, official notices, credential center, and secure signing.

Function Manual Storyboard 中文指南

Complete Reference Library

Use this library when you need a specific EN / Chinese paired document.

Screen Flow Storyboard ENEnglish source for UI and product design teams. Screen Flow Storyboard 中文Chinese mirror for UI and product design teams. Function Manual ENEnglish product owner manual webpage and PRD breakdown source. Function Manual 中文Chinese product owner manual webpage. Function Manual EN MDEnglish Markdown source retained for editing and versioned notes. Function Manual 中文 MDChinese Markdown source retained for editing and versioned notes. Engineering Spec ENEnglish page, data, and API specification for backend teams. Engineering Spec 中文Chinese page, data, and API specification for backend teams. Interactive Prototype ENEnglish interactive concept prototype. Interactive Prototype 中文Chinese interactive concept prototype. Government Architecture ENEnglish architecture narrative for government, investors, and partners. Government Architecture 中文Chinese architecture narrative for government, investors, and partners. FC Asset Marks ENEnglish visual direction for FCA, USDF, and asset marks. FC Asset Marks 中文Chinese visual direction for FCA, USDF, and asset marks. Ecosystem Brand ENEnglish brand relationship across M Wallet, MID, MXCD, and the wider ecosystem. Ecosystem Brand 中文Chinese brand relationship across M Wallet, MID, MXCD, and the wider ecosystem. Chinese VersionChinese mirror of this source guide with the same structure and product logic.