commit cd831f4986a30d8e993f8332a20ec189a2a205c2 Author: Joshua Date: Tue Feb 17 14:38:53 2026 -0800 Seed launcher repo scaffold and integration contracts diff --git a/README.md b/README.md new file mode 100644 index 0000000..afdd01d --- /dev/null +++ b/README.md @@ -0,0 +1,20 @@ +# EDUT Launcher + +Free control-plane application for EDUT onboarding and entitlement-aware installs. + +## Scope + +1. Local wallet create/import/recovery UX. +2. Device readiness checks. +3. Membership status and governance install controls. +4. Signed package download and verification orchestrator. +5. Member app-channel inbox. + +## Out of Scope + +1. Governance runtime internals. +2. Paid module execution engines. + +## Boundary + +Launcher never contains private kernel internals. It verifies and installs signed paid runtimes only after entitlement checks pass. diff --git a/docs/integration-contract.md b/docs/integration-contract.md new file mode 100644 index 0000000..f4c3c75 --- /dev/null +++ b/docs/integration-contract.md @@ -0,0 +1,22 @@ +# Launcher Integration Contract + +Launcher integrates with EDUT web/backend contracts as follows: + +## Required APIs + +1. `POST /secret/wallet/intent` +2. `POST /secret/wallet/verify` +3. `POST /secret/membership/quote` +4. `POST /secret/membership/confirm` +5. `GET /secret/membership/status` +6. `POST /governance/install/token` +7. `POST /governance/install/confirm` +8. `GET /governance/install/status` +9. `GET /member/channel/events` + +## Deterministic Requirements + +1. No runtime activation without entitlement proof. +2. All install packages verified by hash and signature. +3. Membership and entitlement unknown state fails closed. +4. Event inbox polling remains canonical even if push unavailable. diff --git a/docs/package-verification-spec.md b/docs/package-verification-spec.md new file mode 100644 index 0000000..c21417f --- /dev/null +++ b/docs/package-verification-spec.md @@ -0,0 +1,21 @@ +# Package Verification Specification (Launcher) + +## Objective + +Ensure only signed and policy-matching governance packages can install. + +## Verification Steps + +1. Fetch install token and package metadata. +2. Download package from signed URL. +3. Verify package hash. +4. Verify package signature against trusted signer key set. +5. Verify policy hash against install token payload. +6. Persist install evidence and call install confirm endpoint. + +## Fail-Closed Rules + +1. Hash mismatch blocks install. +2. Signature mismatch blocks install. +3. Policy mismatch blocks install. +4. Expired install token blocks install. diff --git a/docs/release-gate.md b/docs/release-gate.md new file mode 100644 index 0000000..99edd2e --- /dev/null +++ b/docs/release-gate.md @@ -0,0 +1,14 @@ +# Launcher Release Gate + +## Required + +1. Wallet bootstrap flow passes local security checks. +2. Package verification pass/fail tests pass. +3. Governance install path fails closed on invalid evidence. +4. Marketplace and status APIs are called with app-session auth. + +## Blockers + +1. Any path that installs unsigned package. +2. Any path that leaks private key material. +3. Any path that bypasses entitlement checks for governance activation. diff --git a/docs/wallet-bootstrap-flow.md b/docs/wallet-bootstrap-flow.md new file mode 100644 index 0000000..acf016e --- /dev/null +++ b/docs/wallet-bootstrap-flow.md @@ -0,0 +1,19 @@ +# Wallet Bootstrap Flow (Launcher) + +## Objective + +Create or import an ownership wallet locally before paid actions. + +## Flow + +1. Open launcher. +2. Choose create wallet or import wallet. +3. Keys are generated/stored locally (device trust store/secure hardware where available). +4. Recovery options are shown and confirmed by user. +5. Wallet address becomes ownership identity for memberships and licenses. + +## Rules + +1. Launcher never exports private key to EDUT backend. +2. Membership/license ownership binds to ownership wallet. +3. Payment wallet may differ at quote/checkout.