2.1 KiB
2.1 KiB
Governance Install Specification (First Paid License)
This spec defines deterministic installation of the governance runtime after membership and governance entitlement purchase.
Preconditions
- Launcher is installed and wallet is initialized locally.
- Membership is active for ownership wallet.
- Governance entitlement is active for ownership wallet.
Install Flow
- Launcher requests governance install token from backend.
- Backend verifies membership and governance entitlement status.
- Backend returns signed install bundle metadata:
- package url
- package hash
- signer key id
- policy hash
- expiry
- Launcher downloads package.
- Launcher verifies package hash.
- Launcher verifies package signature against trusted signer set.
- Launcher writes immutable install receipt locally.
- Launcher hands off to governance runtime bootstrap.
- Governance runtime re-verifies entitlement receipt and policy hash.
- Runtime activation state transitions to
ACTIVE.
Activation State Machine
NOT_INSTALLED -> DOWNLOADED -> VERIFIED -> BOOTSTRAPPED -> ACTIVE
Failure states:
VERIFY_FAILEDRECEIPT_INVALIDENTITLEMENT_INACTIVEPOLICY_MISMATCH
Deterministic Rules
- Any missing signature/hash mismatch blocks install.
- Any inactive/unknown entitlement blocks activation.
- Any policy hash mismatch blocks activation.
- Activation requires both launcher and runtime verification passes.
- Reinstall with same package hash must be idempotent.
Ownership vs Payment Wallet
- Entitlement ownership wallet controls activation rights.
- Payment wallet may differ from ownership wallet.
- Activation checks only ownership wallet + entitlement state.
Evidence Requirements
Each successful install must persist evidence containing:
- ownership wallet
- entitlement id
- package hash
- signer key id
- policy hash
- activation timestamp
- launcher version
- runtime version
Non-Goals
- Running governance runtime before entitlement verification.
- Trusting unsigned packages.
- Allowing active runtime on revoked entitlement.