# EDUT Launcher

Free control-plane application for EDUT onboarding and entitlement-aware installs.

## Scope

1. Local wallet create/import/recovery UX.
2. Device readiness checks.
3. Membership status and governance install controls.
4. Signed package download and verification orchestrator.
5. Member app-channel inbox.

Primary v1 wallet behavior and acceptance criteria are specified in:

- `docs/wallet-v1-product-spec.md`

## Out of Scope

1. Governance runtime internals.
2. Paid module execution engines.

## Boundary

Launcher never contains private kernel internals. It verifies and installs signed paid runtimes only after entitlement checks pass.

## Local Harness (Current)

`app/index.html` now exposes a product-first control surface with advanced harness tooling preserved.

Top-level control surface:

1. `Connect wallet`
2. `Activate membership`
3. `Refresh status + feed`
4. `Governance status`
5. Wallet/membership/designation/last-sync overview cards
6. Pull-first updates feed + support ticket action
7. Identity assurance visibility (`none` / `crypto_direct_unattested` / `sponsored_unattested` / `onramp_attested`)

Advanced integration controls (collapsible):

1. API/chain connection settings
2. Wallet intent + verify primitives
3. Membership quote + confirm primitives
4. Marketplace offer list + checkout quote/send/confirm primitives
5. Member channel register/poll primitives
6. Governance install + lease primitives
7. Raw response log for deterministic troubleshooting

Wallet automation helpers remain available in advanced controls:

1. `Connect wallet` fills address from `window.ethereum`.
2. `Sign intent (EIP-712)` signs the current intent payload and fills `walletSignature`.
3. `Sign payer proof` signs distinct-payer ownership proof and fills `payerProof`.
4. `Send membership tx` submits the quote transaction via `eth_sendTransaction` and fills `confirmTxHash`.
5. Membership confirm can optionally attach on-ramp attestation fields (`identity_assurance_level`, `identity_attested_by`, `identity_attestation_id`) for provider-integrated flows.

Policy behavior in launcher shell:

1. Membership is required for all member-channel polling flows.
2. `onramp_attested` identity assurance is required for owner support-ticket and governance install-token actions.
3. Assurance state is displayed independently from membership state in the top summary cards.
4. Owner-only buttons are UI-disabled until both membership is active and assurance is `onramp_attested`.

Run locally:

```bash
cd /Users/vsg/Documents/VSG\ Codex/launcher/app
python3 -m http.server 4310
```

Then open `http://127.0.0.1:4310` and point API base URL at running `secretapi`.