Seed launcher repo scaffold and integration contracts

README.md

@@ -0,0 +1,20 @@
+# EDUT Launcher
+
+Free control-plane application for EDUT onboarding and entitlement-aware installs.
+
+## Scope
+
+1. Local wallet create/import/recovery UX.
+2. Device readiness checks.
+3. Membership status and governance install controls.
+4. Signed package download and verification orchestrator.
+5. Member app-channel inbox.
+
+## Out of Scope
+
+1. Governance runtime internals.
+2. Paid module execution engines.
+
+## Boundary
+
+Launcher never contains private kernel internals. It verifies and installs signed paid runtimes only after entitlement checks pass.

docs/integration-contract.md

@@ -0,0 +1,22 @@
+# Launcher Integration Contract
+
+Launcher integrates with EDUT web/backend contracts as follows:
+
+## Required APIs
+
+1. `POST /secret/wallet/intent`
+2. `POST /secret/wallet/verify`
+3. `POST /secret/membership/quote`
+4. `POST /secret/membership/confirm`
+5. `GET /secret/membership/status`
+6. `POST /governance/install/token`
+7. `POST /governance/install/confirm`
+8. `GET /governance/install/status`
+9. `GET /member/channel/events`
+
+## Deterministic Requirements
+
+1. No runtime activation without entitlement proof.
+2. All install packages verified by hash and signature.
+3. Membership and entitlement unknown state fails closed.
+4. Event inbox polling remains canonical even if push unavailable.

docs/package-verification-spec.md

@@ -0,0 +1,21 @@
+# Package Verification Specification (Launcher)
+
+## Objective
+
+Ensure only signed and policy-matching governance packages can install.
+
+## Verification Steps
+
+1. Fetch install token and package metadata.
+2. Download package from signed URL.
+3. Verify package hash.
+4. Verify package signature against trusted signer key set.
+5. Verify policy hash against install token payload.
+6. Persist install evidence and call install confirm endpoint.
+
+## Fail-Closed Rules
+
+1. Hash mismatch blocks install.
+2. Signature mismatch blocks install.
+3. Policy mismatch blocks install.
+4. Expired install token blocks install.

docs/release-gate.md

@@ -0,0 +1,14 @@
+# Launcher Release Gate
+
+## Required
+
+1. Wallet bootstrap flow passes local security checks.
+2. Package verification pass/fail tests pass.
+3. Governance install path fails closed on invalid evidence.
+4. Marketplace and status APIs are called with app-session auth.
+
+## Blockers
+
+1. Any path that installs unsigned package.
+2. Any path that leaks private key material.
+3. Any path that bypasses entitlement checks for governance activation.

docs/wallet-bootstrap-flow.md

@@ -0,0 +1,19 @@
+# Wallet Bootstrap Flow (Launcher)
+
+## Objective
+
+Create or import an ownership wallet locally before paid actions.
+
+## Flow
+
+1. Open launcher.
+2. Choose create wallet or import wallet.
+3. Keys are generated/stored locally (device trust store/secure hardware where available).
+4. Recovery options are shown and confirmed by user.
+5. Wallet address becomes ownership identity for memberships and licenses.
+
+## Rules
+
+1. Launcher never exports private key to EDUT backend.
+2. Membership/license ownership binds to ownership wallet.
+3. Payment wallet may differ at quote/checkout.