edut/web
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Add tx-hash replay vectors and release-gate requirements
Some checks are pending
check / secretapi (push) Waiting to run
Details

Browse Source
This commit is contained in:
Joshua 2026-02-19 14:29:10 -08:00
parent 0040620649
commit 05edc0ccca
3 changed files with 25 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docs/conformance/membership-gating-vectors.md
View File

@ -56,6 +56,11 @@ This document defines deterministic pass/fail vectors for membership-gated comme
- When confirm executes - When confirm executes
- Then request fails closed - Then request fails closed
7. B7 `confirm_tx_hash_replay_blocked`
- Given tx hash H already used to confirm membership for designation A
- When designation B tries to confirm with the same tx hash H
- Then request is denied with replay error and designation B remains unactivated
## Vector Group C: Checkout Membership Gate ## Vector Group C: Checkout Membership Gate
1. C1 `checkout_block_no_membership` 1. C1 `checkout_block_no_membership`
@ -78,6 +83,11 @@ This document defines deterministic pass/fail vectors for membership-gated comme
- When checkout is requested - When checkout is requested
- Then checkout is denied - Then checkout is denied
5. C5 `checkout_confirm_tx_hash_replay_blocked`
- Given tx hash H already used to confirm checkout quote Q1
- When a different checkout quote Q2 is confirmed with tx hash H
- Then request is denied with replay error and no entitlement is minted for Q2
## Vector Group D: Entitlement Activation Gate ## Vector Group D: Entitlement Activation Gate
1. D1 `activation_allow_active_entitlement` 1. D1 `activation_allow_active_entitlement`

26
docs/release-gate.md
View File

@ -20,18 +20,19 @@ This gate controls deploy/no-deploy decisions for membership-gated commerce chan
6. Signature replay tests pass. 6. Signature replay tests pass.
7. Quote expiry tests pass. 7. Quote expiry tests pass.
8. Tx mismatch tests pass. 8. Tx mismatch tests pass.
9. Membership gate blocks non-members in all checkout paths. 9. Membership and checkout tx-hash replay tests pass.
10. Member channel blocks inactive memberships. 10. Membership gate blocks non-members in all checkout paths.
11. Governance activation blocks inactive/unknown entitlement states. 11. Member channel blocks inactive memberships.
12. Boundary mismatch paths fail closed for paid execution. 12. Governance activation blocks inactive/unknown entitlement states.
13. `PARKED` availability state blocks paid execution while preserving read/export paths. 13. Boundary mismatch paths fail closed for paid execution.
14. Admin/support channel endpoints are owner-gated (`org_root_owner` only). 14. `PARKED` availability state blocks paid execution while preserving read/export paths.
15. Terms/privacy copy still match utility-access framing. 15. Admin/support channel endpoints are owner-gated (`org_root_owner` only).
16. Structured logs and metrics are emitted for each state transition. 16. Terms/privacy copy still match utility-access framing.
17. Bundled membership line-item disclosure is present on first checkout quotes. 17. Structured logs and metrics are emitted for each state transition.
18. Public web deployment blocks anonymous production catalog and quote endpoints. 18. Bundled membership line-item disclosure is present on first checkout quotes.
19. `docs/public-content-standard.md` requirements are satisfied for all changed public pages. 19. Public web deployment blocks anonymous production catalog and quote endpoints.
20. `docs/ai-answer-conformance-checklist.md` passes across Claude, GPT, Grok, and Gemini for changed public URLs. 20. `docs/public-content-standard.md` requirements are satisfied for all changed public pages.
21. `docs/ai-answer-conformance-checklist.md` passes across Claude, GPT, Grok, and Gemini for changed public URLs.
## No-Deploy Triggers ## No-Deploy Triggers
@ -48,6 +49,7 @@ This gate controls deploy/no-deploy decisions for membership-gated commerce chan
11. Any `PARKED` state that still allows paid execution. 11. Any `PARKED` state that still allows paid execution.
12. Any non-owner path that can open admin/support channel actions. 12. Any non-owner path that can open admin/support channel actions.
13. Any required public-content conformance fact fails on any required model. 13. Any required public-content conformance fact fails on any required model.
14. Any path that allows reused tx_hash across different membership designations or checkout quotes.
## Evidence Bundle Required for Release ## Evidence Bundle Required for Release

1
docs/roadmap-status.md
View File

@ -61,6 +61,7 @@ Implemented now:
32. Wallet session issuance and validation are implemented (`session_token` from `/secret/wallet/verify`) with optional fail-closed enforcement via `SECRET_API_REQUIRE_WALLET_SESSION`. 32. Wallet session issuance and validation are implemented (`session_token` from `/secret/wallet/verify`) with optional fail-closed enforcement via `SECRET_API_REQUIRE_WALLET_SESSION`.
33. Marketplace/member/governance OpenAPI contracts now declare wallet-session usage for launcher/app-channel calls. 33. Marketplace/member/governance OpenAPI contracts now declare wallet-session usage for launcher/app-channel calls.
34. Offer catalogs and marketplace responses now carry execution pacing profiles (`governed_human_pace` vs `local_hardware_speed`) for connector/runtime policy alignment. 34. Offer catalogs and marketplace responses now carry execution pacing profiles (`governed_human_pace` vs `local_hardware_speed`) for connector/runtime policy alignment.
35. Membership and checkout confirm handlers now reject tx-hash replay across different designations/quotes (`tx_hash_replay`) with deterministic tests and live validation.
Remaining in this repo: Remaining in this repo: