edut/web
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
625ffcc02c
web/docs/repo-boundary-blueprint.md

2.1 KiB
Raw Blame History

EDUT Repo Boundary Blueprint

This blueprint defines long-lived repository separation by trust boundary.

Repository Map

  1. web (public)
  • Public landing/store surfaces
  • Legal pages and public trust facts
  • OpenAPI contracts and implementation handoff docs
  • No proprietary kernel algorithms
  1. launcher (controlled distribution)
  • Free installer shell
  • Local wallet create/import UX
  • Device readiness checks
  • Updater and package verifier
  • No paid governance runtime internals
  1. governance (private)
  • Deterministic kernel runtime
  • Activation and policy execution engine
  • Card pipeline internals and scoring logic
  • Protected IP modules and signed package build
  1. contracts (public/auditable)
  • Membership and entitlement contracts
  • ABI and deployment artifacts
  • Contract conformance vectors

Data Ownership Boundaries

  1. web owns public copy and API contract documents.
  2. launcher owns local identity UX and package verification logic.
  3. governance owns runtime decisions and private implementation.
  4. contracts owns settlement and on-chain entitlement primitives.

Release Dependency Chain

  1. Contract release publishes addresses and ABI.
  2. Web release points at versioned API and contract addresses.
  3. Launcher release trusts specific signer keys and policy hashes.
  4. Governance release packages signed runtimes for entitled installs.

Security Boundary Rules

  1. Launcher must verify governance package signature before install.
  2. Governance must verify entitlement receipt before activation.
  3. Unknown entitlement state fails closed.
  4. Private kernel code never ships in public web artifacts.

Minimal First Paid Path

  1. User installs free launcher.
  2. User creates/imports local EDUT wallet.
  3. User mints membership.
  4. User purchases governance offer.
  5. Launcher downloads signed governance package.
  6. Governance activates only with valid entitlement receipt.

Non-Goals

  1. Single monorepo that grants broad access to private kernel internals.
  2. Public distribution of paid runtime logic before entitlement checks.
  3. Coupling payment wallet and ownership wallet by force.