Document signing authority boundaries in launcher specs
This commit is contained in:
parent
82141d8e22
commit
b0c54660fb
@ -61,6 +61,7 @@ Policy behavior in launcher shell:
|
||||
2. `onramp_attested` identity assurance is required for owner support-ticket and governance install-token actions.
|
||||
3. Assurance state is displayed independently from membership state in the top summary cards.
|
||||
4. Owner-only buttons are UI-disabled until both membership is active and assurance is `onramp_attested`.
|
||||
5. Governance activation evidence must carry explicit signing authority class (`identity_human` or delegated).
|
||||
|
||||
Run locally:
|
||||
|
||||
|
||||
@ -12,3 +12,4 @@
|
||||
10. `L-010` Primary wallet screens render USD-first balances and plain-language history.
|
||||
11. `L-011` Launcher must surface `identity_assurance_level` separately from membership state.
|
||||
12. `L-012` Owner support and governance install actions are blocked when assurance is not `onramp_attested`.
|
||||
13. `L-013` Launcher emits signing authority class in governance activation evidence and defaults owner-driven activation to `identity_human`.
|
||||
|
||||
@ -26,3 +26,4 @@ Launcher integrates with EDUT web/backend contracts as follows:
|
||||
4. Event inbox polling remains canonical even if push unavailable.
|
||||
5. Identity assurance is evaluated independently from membership state.
|
||||
6. Owner/admin launcher actions must require `identity_assurance_level=onramp_attested`.
|
||||
7. Governance activation evidence must include signing authority class (`identity_human` vs delegated).
|
||||
|
||||
@ -127,6 +127,8 @@ Technical details are available only in expanded view:
|
||||
3. Recovery path must exist but remain opt-in in onboarding.
|
||||
4. Sensitive operations fail closed on secure storage errors.
|
||||
5. Wallet export (seed/private key) requires explicit authenticated flow.
|
||||
6. AI/delegated automation must never use the human identity signer key directly.
|
||||
7. Any delegated signing authority must be explicit, scoped, and revocable.
|
||||
|
||||
## Asset/Display Model
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user