edut/web
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
0040620649
web/docs/roadmap-status.md
Joshua b15e13fda5
Some checks are pending
check / secretapi (push) Waiting to run
Details
Harden secretapi sessions and entitlement quote gating
2026-02-19 12:45:46 -08:00

6.1 KiB
Raw Blame History

EDUT Membership Roadmap Status

Status key:

  • DONE: committed in this repo
  • IN_PROGRESS: partially implemented
  • PENDING: specified but not yet built in this repo

Core Steps

  1. Lock core model (membership required, membership != license): DONE
  2. Freeze token taxonomy: DONE
  3. Finalize membership contract interface targets: DONE
  4. Lock signature + intent protocol: DONE
  5. Add membership mint transaction stage in web flow: DONE (frontend + backend deployed; on-chain Base Sepolia quote/confirm flow validated end-to-end against api.edut.dev)
  6. Implement membership gate in marketplace checkout: IN_PROGRESS (store scaffold + gate logic implemented; live API pending)
  7. Ship offer registry schema: DONE
  8. Ship entitlement purchase schema/pipeline contracts: IN_PROGRESS
  9. Bind entitlements to runtime activation: PENDING
  10. Add issuer layer interfaces and manifest schema: DONE
  11. Harden policy/legal surfaces for utility-access framing: DONE
  12. Add conformance vectors for fail-closed gating: DONE
  13. Freeze org-boundary + availability class model (connected/sovereign): DONE
  14. Freeze owner-gated admin/support plane (org_root_owner vs workspace_member): DONE

This Repo Specifically (web)

Implemented now:

  1. Wallet-first landing flow with intent + signature + membership tx hooks.
  2. Post-mint app delivery step (download your platform) for immediate member value.
  3. Membership-gated architecture spec.
  4. Step-based roadmap without timelines.
  5. Frozen v1 schemas and examples.
  6. Interface target document for contracts/APIs.
  7. Pricing policy with 100 USDC floor rule.
  8. Terms utility-only non-investment clause.
  9. Store page upgraded from static to live-state scaffold with membership gate behavior.
  10. OpenAPI contract + request/response examples for secret-system endpoints.
  11. Conformance vectors + failure matrix + release gate + security checklist.
  12. Deployment templates + invariants + chain operations runbook.
  13. Issuer onboarding pack, migration policy, trust page spec, and integration mapping docs.
  14. Public /trust page scaffold aligned with trust-page spec.
  15. Dedicated marketplace OpenAPI contract and examples.
  16. Member app channel contract, examples, backend handoff checklist, and conformance vectors.
  17. Download endpoints now validate wallet membership status before authorizing channel messaging.
  18. Governance install API contract, examples, backend handoff checklist, and conformance vectors.
  19. Repo boundary blueprint and free launcher specification aligned with first paid governance model.
  20. Store UI now supports distinct payer wallet overrides with ownership-proof signing before quote requests.
  21. Public web store preview is noindex and disabled by default unless explicit internal preview mode is enabled.
  22. Catalog distribution and public-surface deployment guardrails are documented for launcher-only commerce.
  23. Split repos (launcher, governance, contracts) are published to Gitea with seed commits and runbook alignment.
  24. Boundary and availability model documented with deterministic state machine and conformance vectors.
  25. Owner-gated admin/support model documented in API contracts, terms, and conformance vectors.
  26. Local backend implementation (web/backend/secretapi) now serves membership endpoints, governance install/lease endpoints, sponsor-aware payer flow, and deterministic integration tests.
  27. Local backend member app channel endpoints now serve deterministic register/unregister, poll, idempotent ack, and owner-only support ticket flows with sqlite-backed event/audit state.
  28. Membership confirm now supports strict fail-closed mode (SECRET_API_REQUIRE_ONCHAIN_TX_VERIFICATION) that requires chain receipt verification when enabled.
  29. secretapi now validates critical config at startup and fails fast on invalid deploy combinations.
  30. secretapi now ships an explicit .env.example deployment template aligned to current endpoint/runtime requirements.
  31. Marketplace checkout confirm now validates on-chain tx sender/receipt and supports strict fail-closed verification mode.
  32. Wallet session issuance and validation are implemented (session_token from /secret/wallet/verify) with optional fail-closed enforcement via SECRET_API_REQUIRE_WALLET_SESSION.
  33. Marketplace/member/governance OpenAPI contracts now declare wallet-session usage for launcher/app-channel calls.
  34. Offer catalogs and marketplace responses now carry execution pacing profiles (governed_human_pace vs local_hardware_speed) for connector/runtime policy alignment.

Remaining in this repo:

  1. Wire live store checkout flow to production marketplace APIs when available.
  2. Replace deployment templates with real contract addresses after chain deployment: IN_PROGRESS (Base Sepolia addresses captured in docs/deployment/contract-addresses.base-sepolia.json; mainnet pending).
  3. Keep cross-repo address parity with /Users/vsg/Documents/VSG Codex/contracts/deploy/runtime-addresses.base-sepolia.json: IN_PROGRESS.
  4. Add launcher/governance install UI that consumes governance installer APIs.

Cross-repo dependencies (kernel/backend/contracts):

  1. Implement /secret/membership/quote and /secret/membership/confirm: DONE (api.edut.dev live; typed-signature intent, quote, tx submit, confirm, and membership status read validated on Base Sepolia).
  2. Implement membership contract and membership status reads: IN_PROGRESS (membership contract deployed on Base Sepolia in ETH test mode; mainnet USDC deployment pending).
  3. Implement checkout APIs and entitlement mint pipeline.
  4. Implement runtime entitlement gate and evidence receipts.
  5. Implement member app channel APIs and deterministic event stream storage: IN_PROGRESS (live deployment active with sqlite-backed deterministic event store).
  6. Implement governance install token/confirm/status APIs and signed package delivery: IN_PROGRESS (local implementation in web/backend/secretapi; package signing/deploy wiring pending).
  7. Implement org-root boundary claims and access class state transitions in runtime/API responses: IN_PROGRESS (principal/access-class scaffolding implemented locally; full runtime integration pending).