edut/web
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
04f2de2ccf
web/docs/deployment/secretapi-deploy.md

2.2 KiB
Raw Blame History

Secret API Deployment (Staging/Main)

This runbook deploys web/backend/secretapi for wallet-first membership and governance install authorization.

Build Targets

  1. Native binary:
cd /Users/vsg/Documents/VSG\ Codex/web/backend/secretapi
go build -o secretapi .
  1. Container image:
cd /Users/vsg/Documents/VSG\ Codex/web/backend/secretapi
docker build -t edut/secretapi:latest .

Required Environment

Use web/backend/secretapi/.env.example as baseline.

Critical values before launch:

  1. SECRET_API_CHAIN_ID (84532 for Base Sepolia, 8453 for Base mainnet)
  2. SECRET_API_CHAIN_RPC_URL
  3. SECRET_API_VERIFYING_CONTRACT
  4. SECRET_API_MEMBERSHIP_CONTRACT
  5. Governance package metadata:
    • SECRET_API_GOV_RUNTIME_VERSION
    • SECRET_API_GOV_PACKAGE_URL
    • SECRET_API_GOV_PACKAGE_HASH
    • SECRET_API_GOV_PACKAGE_SIGNATURE
    • SECRET_API_GOV_SIGNER_KEY_ID
    • SECRET_API_GOV_POLICY_HASH
  6. Member channel polling:
    • SECRET_API_MEMBER_POLL_INTERVAL_SECONDS

Systemd Deployment (Hetzner/VPS)

  1. Copy binary to /opt/edut/secretapi/secretapi.
  2. Copy environment file to /etc/edut/secretapi.env.
  3. Copy unit file web/backend/secretapi/deploy/secretapi.service to /etc/systemd/system/secretapi.service.
  4. Start service:
sudo systemctl daemon-reload
sudo systemctl enable --now secretapi
sudo systemctl status secretapi

Health Check

curl -s http://127.0.0.1:8080/healthz

Expected:

{"status":"ok"}

Post-Deploy Verification

  1. POST /secret/wallet/intent returns intent_id and designation_code.
  2. POST /secret/wallet/verify accepts valid EIP-712 signature.
  3. POST /secret/membership/quote returns tx payload.
  4. POST /secret/membership/confirm marks membership active.
  5. POST /governance/install/token enforces owner role and active membership.
  6. POST /governance/install/confirm enforces package/runtime/policy match.
  7. GET /governance/install/status resolves deterministic activation state.
  8. POST /member/channel/device/register returns active channel binding.
  9. GET /member/channel/events returns deterministic inbox page.
  10. POST /member/channel/events/{event_id}/ack is idempotent per event+device.