66 lines
2.1 KiB
Markdown
66 lines
2.1 KiB
Markdown
# EDUT Repo Boundary Blueprint
|
|
|
|
This blueprint defines long-lived repository separation by trust boundary.
|
|
|
|
## Repository Map
|
|
|
|
1. `web` (public)
|
|
- Public landing/store surfaces
|
|
- Legal pages and public trust facts
|
|
- OpenAPI contracts and implementation handoff docs
|
|
- No proprietary kernel algorithms
|
|
|
|
2. `launcher` (controlled distribution)
|
|
- Free installer shell
|
|
- Local wallet create/import UX
|
|
- Device readiness checks
|
|
- Updater and package verifier
|
|
- No paid governance runtime internals
|
|
|
|
3. `governance` (private)
|
|
- Deterministic kernel runtime
|
|
- Activation and policy execution engine
|
|
- Card pipeline internals and scoring logic
|
|
- Protected IP modules and signed package build
|
|
|
|
4. `contracts` (public/auditable)
|
|
- Membership and entitlement contracts
|
|
- ABI and deployment artifacts
|
|
- Contract conformance vectors
|
|
|
|
## Data Ownership Boundaries
|
|
|
|
1. `web` owns public copy and API contract documents.
|
|
2. `launcher` owns local identity UX and package verification logic.
|
|
3. `governance` owns runtime decisions and private implementation.
|
|
4. `contracts` owns settlement and on-chain entitlement primitives.
|
|
|
|
## Release Dependency Chain
|
|
|
|
1. Contract release publishes addresses and ABI.
|
|
2. Web release points at versioned API and contract addresses.
|
|
3. Launcher release trusts specific signer keys and policy hashes.
|
|
4. Governance release packages signed runtimes for entitled installs.
|
|
|
|
## Security Boundary Rules
|
|
|
|
1. Launcher must verify governance package signature before install.
|
|
2. Governance must verify entitlement receipt before activation.
|
|
3. Unknown entitlement state fails closed.
|
|
4. Private kernel code never ships in public web artifacts.
|
|
|
|
## Minimal First Paid Path
|
|
|
|
1. User installs free launcher.
|
|
2. User creates/imports local EDUT wallet.
|
|
3. User mints membership.
|
|
4. User purchases governance offer.
|
|
5. Launcher downloads signed governance package.
|
|
6. Governance activates only with valid entitlement receipt.
|
|
|
|
## Non-Goals
|
|
|
|
1. Single monorepo that grants broad access to private kernel internals.
|
|
2. Public distribution of paid runtime logic before entitlement checks.
|
|
3. Coupling payment wallet and ownership wallet by force.
|