privacy: sanitize deploy metadata and local references

README.md

@@ -1,12 +1,13 @@
 # EDUT Contracts
 
-On-chain contracts and deployment artifacts for membership and entitlements.
+On-chain contracts and deployment artifacts for EDUT ID and entitlements.
 
 ## Scope
 
-1. Human membership contract (soulbound governance identity).
+1. EDUT ID contract (soulbound governance identity).
 2. Offer + entitlement settlement contract for fixed-SKU purchases.
 3. ABI and deployment artifact publication.
+4. Last Light continuity-release controller (guardian threshold + EIP-712 signatures).
 
 ## Current Contract
 
@@ -14,11 +15,10 @@ On-chain contracts and deployment artifacts for membership and entitlements.
 
 Features:
 
-1. One-time soulbound human token mint.
-2. Sponsor mint support (`mintMembership(recipient)` can be paid by inviter/company wallet).
-3. Owner-configurable flat mint price (`updateMintPrice`), launch default is fixed `100 USDC` (6 decimals).
+1. One-time soulbound human token mint (`EDUT ID`, symbol `EID`).
+2. Gas-only mint path (no platform fee, no treasury transfer).
+3. Sponsor mint support (`mintMembership(recipient)`) where sponsor only pays gas.
 4. Membership status lifecycle (`ACTIVE/SUSPENDED/REVOKED`) for runtime gates.
-5. Treasury address control for settlement routing.
 
 `contracts/EdutOfferEntitlement.sol`
 
@@ -27,6 +27,13 @@ Features:
 1. Membership-gated entitlement purchases.
 2. Owner-configurable offer registry (`upsertOffer`).
 3. Fixed USDC settlement support (ETH optional if payment token is zero address).
+
+`contracts/LastLightController.sol`
+
+1. Guardian-threshold (`M-of-N`) continuity release controller.
+2. Two-phase trigger (`arm` then `execute`) with timelock.
+3. EIP-712 typed-signature quorum for arm/cancel/execute.
+4. On-chain execution event for publicly verifiable continuity trigger.
 4. Deterministic entitlement id sequence with state lifecycle (`ACTIVE/SUSPENDED/REVOKED`).
 5. Emits offer + entitlement events for backend reconciliation.
 
@@ -42,9 +49,10 @@ Use a Hardhat-supported Node runtime (`20.x` recommended).
 6. `npm run deploy:mainnet`
 7. `npm run deploy:entitlement:sepolia`
 8. `npm run deploy:entitlement:mainnet`
-9. `npm run update:membership:price:sepolia`
-10. `npm run update:membership:price:mainnet`
+9. `npm run deploy:lastlight:sepolia`
+10. `npm run deploy:lastlight:mainnet`
 11. `npm run smoke:funding:sepolia`
+12. `npm run lastlight:eip712:sepolia`
 
 `make check` wraps build + tests.
 
@@ -54,27 +62,23 @@ Copy `.env.example` values into your shell/session before deploy:
 
 1. `DEPLOYER_PRIVATE_KEY`
 2. `BASE_SEPOLIA_RPC_URL` / `BASE_MAINNET_RPC_URL`
-3. `TREASURY_WALLET`
-4. `MINT_CURRENCY_ADDRESS` (USDC token contract on target chain)
-5. `MINT_AMOUNT_ATOMIC`
-6. `DEPLOY_OUTPUT_PATH` (optional)
-7. `ENTITLEMENT_TREASURY_WALLET`
-8. `MEMBERSHIP_CONTRACT_ADDRESS`
-9. `PAYMENT_TOKEN_ADDRESS`
-10. `OFFER_PRICE_ATOMIC`
-11. `ENTITLEMENT_DEPLOY_OUTPUT_PATH` (optional)
-12. `OFFERS_JSON` (optional path to per-offer seed config JSON)
-13. `OFFERS_INLINE_JSON` (optional inline JSON array alternative to `OFFERS_JSON`)
-14. `SEED_RETRIES` (optional, default `2`)
-15. `SEED_RETRY_DELAY_MS` (optional, default `1200`)
-16. `SEED_ONLY` (optional, `true` attaches to an existing entitlement contract and only seeds offers)
-17. `ENTITLEMENT_CONTRACT_ADDRESS` (required when `SEED_ONLY=true`)
-
-`update:membership:price:*` requires:
-
-1. `MEMBERSHIP_CONTRACT_ADDRESS`
-2. `MINT_CURRENCY_ADDRESS`
-3. `MINT_AMOUNT_ATOMIC`
+3. `MINT_CURRENCY_ADDRESS` (use zero address for gas-only EDUT ID mint)
+4. `MINT_AMOUNT_ATOMIC` (set to `0` for gas-only EDUT ID mint)
+5. `DEPLOY_OUTPUT_PATH` (optional)
+6. `ENTITLEMENT_TREASURY_WALLET`
+7. `MEMBERSHIP_CONTRACT_ADDRESS`
+8. `PAYMENT_TOKEN_ADDRESS`
+9. `OFFER_PRICE_ATOMIC`
+10. `ENTITLEMENT_DEPLOY_OUTPUT_PATH` (optional)
+11. `OFFERS_JSON` (optional path to per-offer seed config JSON)
+12. `OFFERS_INLINE_JSON` (optional inline JSON array alternative to `OFFERS_JSON`)
+13. `SEED_RETRIES` (optional, default `2`)
+14. `SEED_RETRY_DELAY_MS` (optional, default `1200`)
+15. `SEED_ONLY` (optional, `true` attaches to an existing entitlement contract and only seeds offers)
+16. `ENTITLEMENT_CONTRACT_ADDRESS` (required when `SEED_ONLY=true`)
+17. `LASTLIGHT_GUARDIANS` (required for Last Light deployment, comma-separated guardian addresses)
+18. `LASTLIGHT_THRESHOLD` (optional, default `3`, must be <= guardian count)
+19. `LASTLIGHT_DEPLOY_OUTPUT_PATH` (optional deployment output JSON path)
 
 If no offer override JSON is provided, deploy script seeds default offers at `OFFER_PRICE_ATOMIC`.
 Use `deploy/offers.template.json` to define per-offer prices and policy flags.
@@ -96,10 +100,21 @@ Smoke flow optional vars:
 13. `E2E_GAS_PRICE_WEI` (optional fixed gas price)
 14. `SMOKE_MIN_GAS_PRICE_WEI` (optional threshold floor for funding estimator, default `1000000000`)
 
+Last Light EIP-712 flow vars:
+
+1. `LASTLIGHT_ACTION` (`arm`, `cancel`, or `execute`)
+2. `LASTLIGHT_CONTRACT_ADDRESS`
+3. `LASTLIGHT_RELEASE_ID` (`bytes32` or plain string to hash)
+4. `LASTLIGHT_GUARDIAN_PRIVATE_KEYS` (comma-separated private keys for signing)
+5. `LASTLIGHT_DEADLINE_SECONDS` (optional, default `3600`)
+6. `LASTLIGHT_REASON_HASH` (`arm`/`cancel`, optional `bytes32` or plain string)
+7. `LASTLIGHT_DECRYPTION_KEY` (`execute`, required)
+8. `LASTLIGHT_MANIFEST_REF_HASH` (`execute`, optional `bytes32` or plain string)
+
 Example (Sepolia):
 
 ```bash
-cd /Users/vsg/Documents/VSG\ Codex/contracts
+cd <home>/Documents/VSG\ Codex/contracts
 export $(grep -v '^#' .env | xargs)
 npm run deploy:sepolia
 ```
@@ -107,7 +122,7 @@ npm run deploy:sepolia
 Full control-plane smoke (EDUT ID + marketplace + governance install/status):
 
 ```bash
-cd /Users/vsg/Documents/VSG\ Codex/contracts
+cd <home>/Documents/VSG\ Codex/contracts
 export $(grep -v '^#' .env | xargs)
 npm run smoke:e2e:controlplane:sepolia
 ```
@@ -115,7 +130,7 @@ npm run smoke:e2e:controlplane:sepolia
 Offer readback verification against deployed entitlement contract:
 
 ```bash
-cd /Users/vsg/Documents/VSG\ Codex/contracts
+cd <home>/Documents/VSG\ Codex/contracts
 export BASE_SEPOLIA_RPC_URL="https://base-sepolia.g.alchemy.com/v2/<key>"
 export ENTITLEMENT_CONTRACT_ADDRESS="0x..."
 npm run verify:offers:sepolia
@@ -124,7 +139,7 @@ npm run verify:offers:sepolia
 Sepolia smoke funding threshold from live fee data:
 
 ```bash
-cd /Users/vsg/Documents/VSG\ Codex/contracts
+cd <home>/Documents/VSG\ Codex/contracts
 export BASE_SEPOLIA_RPC_URL="https://base-sepolia.g.alchemy.com/v2/<key>"
 npm run smoke:funding:sepolia
 ```

deploy/README.md

@@ -12,13 +12,16 @@ Template:
 
 - `membership-deploy.template.json`
 - `entitlement-deploy.template.json`
+- `lastlight-deploy.template.json`
 - `offers.template.json`
 - `runtime-addresses.base-sepolia.json` (runtime-wired snapshot for cross-repo address parity)
 
 Recommended process:
 
-1. Run `npm run deploy:sepolia` / `npm run deploy:mainnet` for membership or
-   `npm run deploy:entitlement:sepolia` / `npm run deploy:entitlement:mainnet` for offer entitlements.
+1. Run one deploy command for the target contract:
+   - membership: `npm run deploy:sepolia` / `npm run deploy:mainnet`
+   - entitlement: `npm run deploy:entitlement:sepolia` / `npm run deploy:entitlement:mainnet`
+   - Last Light: `npm run deploy:lastlight:sepolia` / `npm run deploy:lastlight:mainnet`
 2. Copy the matching template to a dated file (for example `membership-base-sepolia-2026-02-18.json`).
 3. Offer override files may include non-contract metadata (for example `execution_profile`) for downstream catalog parity; deploy script ignores unknown keys and only applies on-chain fields.
 3. Fill all deployment fields from script output and explorer links.
@@ -26,6 +29,6 @@ Recommended process:
 
 Address parity rule:
 
-1. Keep `runtime-addresses.base-sepolia.json` synchronized with `/Users/vsg/Documents/VSG Codex/web/docs/deployment/contract-addresses.base-sepolia.json`.
+1. Keep `runtime-addresses.base-sepolia.json` synchronized with `<workspace-root>/web/docs/deployment/contract-addresses.base-sepolia.json`.
 2. Any runtime address change must update both repos in the same change set.
 3. Run `npm run check:addresses` after edits to verify deploy artifact parity invariants.

deploy/entitlement-deploy.sepolia.json

@@ -1,8 +1,8 @@
 {
   "network": "baseSepolia",
   "chainId": 84532,
-  "deployer": "0xD148d4dFA882007e5226C90287622b3Af6eB56D7",
-  "treasury": "0xD148d4dFA882007e5226C90287622b3Af6eB56D7",
+  "deployer": "0x1111111111111111111111111111111111111111",
+  "treasury": "0x1111111111111111111111111111111111111111",
   "paymentToken": "0x0000000000000000000000000000000000000000",
   "membershipContract": "0x3EEb3342751D1Cfc0F90C9393e0B1cd5AcE6FfD8",
   "offerPriceAtomic": "1000000000",

deploy/membership-deploy.sepolia.json

@@ -1,8 +1,8 @@
 {
   "network": "baseSepolia",
   "chainId": 84532,
-  "deployer": "0xD148d4dFA882007e5226C90287622b3Af6eB56D7",
-  "treasury": "0xD148d4dFA882007e5226C90287622b3Af6eB56D7",
+  "deployer": "0x1111111111111111111111111111111111111111",
+  "treasury": "0x1111111111111111111111111111111111111111",
   "mintCurrency": "0x0000000000000000000000000000000000000000",
   "mintAmountAtomic": "1",
   "membershipContract": "0x3EEb3342751D1Cfc0F90C9393e0B1cd5AcE6FfD8",

deploy/runtime-addresses.base-sepolia.json

@@ -4,7 +4,7 @@
   "membership_contract": "0x3EEb3342751D1Cfc0F90C9393e0B1cd5AcE6FfD8",
   "entitlement_contract": "0xA1c06066206d0ea63a77A093FD38327Fd5663a43",
   "offer_registry_contract": "0xA1c06066206d0ea63a77A093FD38327Fd5663a43",
-  "treasury_wallet": "0xD148d4dFA882007e5226C90287622b3Af6eB56D7",
+  "treasury_wallet": "0x1111111111111111111111111111111111111111",
   "mint_currency_mode": "ETH_TEST",
   "mint_amount_atomic": "1",
   "usdc_contract": "0x0000000000000000000000000000000000000000",