web/docs/roadmap-status.md
Edut LLC cbcf027d97
Some checks are pending
check / secretapi (push) Waiting to run
privacy: scrub personal identifiers from docs and examples
2026-02-20 13:43:50 -08:00

11 KiB

EDUT ID Roadmap Status

Status key:

  • DONE: committed in this repo
  • IN_PROGRESS: partially implemented
  • PENDING: specified but not yet built in this repo

Core Steps

  1. Lock core model (membership required, membership != license): DONE
  2. Freeze token taxonomy: DONE
  3. Finalize membership contract interface targets: DONE
  4. Lock signature + intent protocol: DONE
  5. Add membership mint transaction stage in web flow: DONE (frontend + backend deployed; on-chain Base Sepolia quote/confirm flow validated end-to-end against api.edut.dev)
  6. Implement membership gate in marketplace checkout: DONE (live API active on api.edut.dev; control-plane smoke confirms checkout -> entitlement activation on Base Sepolia)
  7. Ship offer registry schema: DONE
  8. Ship entitlement purchase schema/pipeline contracts: IN_PROGRESS
  9. Bind entitlements to runtime activation: PENDING
  10. Add issuer layer interfaces and manifest schema: DONE
  11. Harden policy/legal surfaces for utility-access framing: DONE
  12. Add conformance vectors for fail-closed gating: DONE
  13. Freeze org-boundary + availability class model (connected/sovereign): DONE
  14. Freeze owner-gated admin/support plane (org_root_owner vs workspace_member): DONE

This Repo Specifically (web)

Implemented now:

  1. Wallet-first landing flow with intent + signature + membership tx hooks.
  2. Post-mint app delivery step (download your platform) for immediate member value.
  3. Membership-gated architecture spec.
  4. Step-based roadmap without timelines.
  5. Frozen v1 schemas and examples.
  6. Interface target document for contracts/APIs.
  7. Pricing policy with 100 USDC floor rule.
  8. Terms utility-only non-investment clause.
  9. Store page upgraded from static to live-state scaffold with membership gate behavior.
  10. OpenAPI contract + request/response examples for secret-system endpoints.
  11. Conformance vectors + failure matrix + release gate + security checklist.
  12. Deployment templates + invariants + chain operations runbook.
  13. Issuer onboarding pack, migration policy, trust page spec, and integration mapping docs.
  14. Public /trust page scaffold aligned with trust-page spec.
  15. Dedicated marketplace OpenAPI contract and examples.
  16. Member app channel contract, examples, backend handoff checklist, and conformance vectors.
  17. Download endpoints now validate wallet membership status before authorizing channel messaging.
  18. Governance install API contract, examples, backend handoff checklist, and conformance vectors.
  19. Repo boundary blueprint and free launcher specification aligned with first paid governance model.
  20. Store UI now supports distinct payer wallet overrides with ownership-proof signing before quote requests.
  21. Public web store preview is noindex and disabled by default unless explicit internal preview mode is enabled.
  22. Catalog distribution and public-surface deployment guardrails are documented for launcher-only commerce.
  23. Split repos (launcher, governance, contracts) are published to Gitea with seed commits and runbook alignment.
  24. Boundary and availability model documented with deterministic state machine and conformance vectors.
  25. Owner-gated admin/support model documented in API contracts, terms, and conformance vectors.
  26. Local backend implementation (web/backend/secretapi) now serves membership endpoints, governance install/lease endpoints, sponsor-aware payer flow, and deterministic integration tests.
  27. Local backend member app channel endpoints now serve deterministic register/unregister, poll, idempotent ack, and owner-only support ticket flows with sqlite-backed event/audit state.
  28. Membership confirm now supports strict fail-closed mode (SECRET_API_REQUIRE_ONCHAIN_TX_VERIFICATION) that requires chain receipt verification when enabled.
  29. secretapi now validates critical config at startup and fails fast on invalid deploy combinations.
  30. secretapi now ships an explicit .env.example deployment template aligned to current endpoint/runtime requirements.
  31. Marketplace checkout confirm now validates on-chain tx sender/receipt and supports strict fail-closed verification mode.
  32. Wallet session issuance and validation are implemented (session_token from /secret/wallet/verify) with optional fail-closed enforcement via SECRET_API_REQUIRE_WALLET_SESSION.
  33. Marketplace/member/governance OpenAPI contracts now declare wallet-session usage for launcher/app-channel calls.
  34. Offer catalogs and marketplace responses now carry execution pacing profiles (governed_human_pace vs local_hardware_speed) for connector/runtime policy alignment.
  35. Membership and checkout confirm handlers now reject tx-hash replay across different designations/quotes (tx_hash_replay) with deterministic tests and live validation.
  36. Wallet sessions now bind to client context (X-Edut-Device-Binding with user-agent fallback) and reject foreign-context replay (wallet_session_context_mismatch) with deterministic tests.
  37. Dependency-edge degraded-mode controls are now enforced in secretapi: chain edge blocks settlement confirms (dependency.chain_unavailable), on-ramp degradation blocks fiat_onramp while preserving crypto_direct, cloud edge blocks remote channel/support mutations, model edge blocks AI-layer checkout activation, and recovery-window hold semantics are tested (AB6-* coverage in backend/secretapi/app_test.go and backend/secretapi/dependency_edges_test.go).
  38. Member-channel anti-fatigue controls are now enforced in secretapi: deterministic event burst throttling with digest fallback (channel_digest) is configurable via SECRET_API_MEMBER_CHANNEL_EVENT_BURST_LIMIT and SECRET_API_MEMBER_CHANNEL_EVENT_BURST_WINDOW_SECONDS, digest payloads track aggregated suppressed_count within each throttle window, and GET /member/channel/events now returns digest summary fields (digest_active, digest_suppressed_count) (backend/secretapi/app_test.go).
  39. Member-channel trust calibration signals are now exposed in secretapi: each event includes deterministic trust_posture and review_level, and event polling responses include aggregate trusted_event_count/review_event_count for operator triage (backend/secretapi/app.go, backend/secretapi/models.go, backend/secretapi/app_test.go).
  40. Chain-adjacent degraded-mode controls now include TLS and DNS dependency edges: membership and marketplace confirm fail closed with dependency.tls_unavailable / dependency.dns_unavailable, health surface exposes tls/dns dependency states, and conformance vectors include AB6-007/AB6-008 (backend/secretapi/app.go, backend/secretapi/dependency_edges.go, backend/secretapi/app_test.go, backend/secretapi/dependency_edges_test.go).
  41. Marketplace checkout now supports deterministic financial threshold governance: quote responses expose approval_required/approval_reason, confirm fails closed with approval_required when threshold-gated approvals are missing, and confirm/audit outputs persist approval_token_ref + approval_actor (backend/secretapi/marketplace.go, backend/secretapi/store.go, backend/secretapi/app_test.go).
  42. Admin assurance gates are now explicitly separated from EDUT ID state: governance admin controls (install token issuance + lease heartbeat/offline renew) and owner support tickets require onramp_attested assurance in addition to active membership/owner-role checks, and governance install status reports deterministic identity_assurance_insufficient blockers (backend/secretapi/app.go, backend/secretapi/app_test.go, docs/api/governance-installer.openapi.yaml, docs/api/member-channel.openapi.yaml).
  43. Secret API error envelopes now include deterministic remediation guidance via next_step alongside code and correlation_id, with coverage for approval, assurance, session, dependency, and context failure paths (backend/secretapi/app.go, backend/secretapi/app_test.go, docs/api/governance-installer.openapi.yaml, docs/api/member-channel.openapi.yaml).
  44. Dependency-edge stability windows now explicitly cover TLS and DNS recovery behavior in settlement paths: membership/marketplace confirmations remain fail-closed during recovery and resume automatically after window completion (backend/secretapi/app_test.go, docs/conformance/availability-boundary-vectors.md AB6-009/AB6-010).
  45. Setup health diagnostics endpoint now exposes deterministic onboarding readiness checks (/secret/setup/health) for wallet/session/membership/assurance/principal state, with actionable next steps for failed checks and regression coverage in backend/secretapi/app_test.go (docs/api/secret-system.openapi.yaml).
  46. Marketplace checkout confirm now enforces setup readiness before high-impact entitlement activation: non-bundled confirms fail closed with setup_incomplete when wallet setup health is not checkout-ready, with deterministic remediation to /secret/setup/health (backend/secretapi/marketplace.go, backend/secretapi/app.go, backend/secretapi/app_test.go).

Remaining in this repo:

  1. Wire live store checkout flow to production marketplace APIs when available.
  2. Replace deployment templates with real contract addresses after chain deployment: IN_PROGRESS (Base Sepolia addresses captured in docs/deployment/contract-addresses.base-sepolia.json; mainnet pending).
  3. Keep cross-repo address parity with <workspace-root>/contracts/deploy/runtime-addresses.base-sepolia.json: IN_PROGRESS.
  4. Add launcher/governance install UI that consumes governance installer APIs.

Cross-repo dependencies (kernel/backend/contracts):

  1. Implement /secret/membership/quote and /secret/membership/confirm: DONE (api.edut.dev live; typed-signature intent, quote, tx submit, confirm, and membership status read validated on Base Sepolia).
  2. Implement membership contract and membership status reads: IN_PROGRESS (membership contract deployed on Base Sepolia in ETH test mode; mainnet USDC deployment pending).
  3. Implement checkout APIs and entitlement mint pipeline: IN_PROGRESS (staging path live on Base Sepolia and validated by control-plane smoke; mainnet USDC settlement path pending).
  4. Implement runtime entitlement gate and evidence receipts.
  5. Implement member app channel APIs and deterministic event stream storage: IN_PROGRESS (live deployment active with sqlite-backed deterministic event store).
  6. Implement governance install token/confirm/status APIs and signed package delivery: IN_PROGRESS (local implementation in web/backend/secretapi; package signing/deploy wiring pending).
  7. Implement org-root boundary claims and access class state transitions in runtime/API responses: IN_PROGRESS (principal/access-class scaffolding implemented locally; full runtime integration pending).