edut/web
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
cd969480a0
web/docs/roadmap-status.md
Joshua a18f9dd19b
Some checks are pending
check / secretapi (push) Waiting to run
Details
Update EDUT ID roadmap status and internal-term registry guidance
2026-02-19 14:38:44 -08:00

82 lines
6.5 KiB
Markdown
Raw Blame History

# EDUT ID Roadmap Status
Status key:
- `DONE`: committed in this repo
- `IN_PROGRESS`: partially implemented
- `PENDING`: specified but not yet built in this repo
## Core Steps
1. Lock core model (`membership required`, `membership != license`): `DONE`
2. Freeze token taxonomy: `DONE`
3. Finalize membership contract interface targets: `DONE`
4. Lock signature + intent protocol: `DONE`
5. Add membership mint transaction stage in web flow: `DONE` (frontend + backend deployed; on-chain Base Sepolia quote/confirm flow validated end-to-end against `api.edut.dev`)
6. Implement membership gate in marketplace checkout: `DONE` (live API active on `api.edut.dev`; control-plane smoke confirms checkout -> entitlement activation on Base Sepolia)
7. Ship offer registry schema: `DONE`
8. Ship entitlement purchase schema/pipeline contracts: `IN_PROGRESS`
9. Bind entitlements to runtime activation: `PENDING`
10. Add issuer layer interfaces and manifest schema: `DONE`
11. Harden policy/legal surfaces for utility-access framing: `DONE`
12. Add conformance vectors for fail-closed gating: `DONE`
13. Freeze org-boundary + availability class model (`connected`/`sovereign`): `DONE`
14. Freeze owner-gated admin/support plane (`org_root_owner` vs `workspace_member`): `DONE`
## This Repo Specifically (web)
Implemented now:
1. Wallet-first landing flow with intent + signature + membership tx hooks.
2. Post-mint app delivery step (`download your platform`) for immediate member value.
3. Membership-gated architecture spec.
4. Step-based roadmap without timelines.
5. Frozen v1 schemas and examples.
6. Interface target document for contracts/APIs.
7. Pricing policy with 100 USDC floor rule.
8. Terms utility-only non-investment clause.
9. Store page upgraded from static to live-state scaffold with membership gate behavior.
10. OpenAPI contract + request/response examples for secret-system endpoints.
11. Conformance vectors + failure matrix + release gate + security checklist.
12. Deployment templates + invariants + chain operations runbook.
13. Issuer onboarding pack, migration policy, trust page spec, and integration mapping docs.
14. Public `/trust` page scaffold aligned with trust-page spec.
15. Dedicated marketplace OpenAPI contract and examples.
16. Member app channel contract, examples, backend handoff checklist, and conformance vectors.
17. Download endpoints now validate wallet membership status before authorizing channel messaging.
18. Governance install API contract, examples, backend handoff checklist, and conformance vectors.
19. Repo boundary blueprint and free launcher specification aligned with first paid governance model.
20. Store UI now supports distinct payer wallet overrides with ownership-proof signing before quote requests.
21. Public web store preview is noindex and disabled by default unless explicit internal preview mode is enabled.
22. Catalog distribution and public-surface deployment guardrails are documented for launcher-only commerce.
23. Split repos (`launcher`, `governance`, `contracts`) are published to Gitea with seed commits and runbook alignment.
24. Boundary and availability model documented with deterministic state machine and conformance vectors.
25. Owner-gated admin/support model documented in API contracts, terms, and conformance vectors.
26. Local backend implementation (`web/backend/secretapi`) now serves membership endpoints, governance install/lease endpoints, sponsor-aware payer flow, and deterministic integration tests.
27. Local backend member app channel endpoints now serve deterministic register/unregister, poll, idempotent ack, and owner-only support ticket flows with sqlite-backed event/audit state.
28. Membership confirm now supports strict fail-closed mode (`SECRET_API_REQUIRE_ONCHAIN_TX_VERIFICATION`) that requires chain receipt verification when enabled.
29. `secretapi` now validates critical config at startup and fails fast on invalid deploy combinations.
30. `secretapi` now ships an explicit `.env.example` deployment template aligned to current endpoint/runtime requirements.
31. Marketplace checkout confirm now validates on-chain tx sender/receipt and supports strict fail-closed verification mode.
32. Wallet session issuance and validation are implemented (`session_token` from `/secret/wallet/verify`) with optional fail-closed enforcement via `SECRET_API_REQUIRE_WALLET_SESSION`.
33. Marketplace/member/governance OpenAPI contracts now declare wallet-session usage for launcher/app-channel calls.
34. Offer catalogs and marketplace responses now carry execution pacing profiles (`governed_human_pace` vs `local_hardware_speed`) for connector/runtime policy alignment.
35. Membership and checkout confirm handlers now reject tx-hash replay across different designations/quotes (`tx_hash_replay`) with deterministic tests and live validation.
Remaining in this repo:
1. Wire live store checkout flow to production marketplace APIs when available.
2. Replace deployment templates with real contract addresses after chain deployment: `IN_PROGRESS` (Base Sepolia addresses captured in `docs/deployment/contract-addresses.base-sepolia.json`; mainnet pending).
3. Keep cross-repo address parity with `/Users/vsg/Documents/VSG Codex/contracts/deploy/runtime-addresses.base-sepolia.json`: `IN_PROGRESS`.
4. Add launcher/governance install UI that consumes governance installer APIs.
Cross-repo dependencies (kernel/backend/contracts):
1. Implement `/secret/membership/quote` and `/secret/membership/confirm`: `DONE` (`api.edut.dev` live; typed-signature intent, quote, tx submit, confirm, and membership status read validated on Base Sepolia).
2. Implement membership contract and membership status reads: `IN_PROGRESS` (membership contract deployed on Base Sepolia in ETH test mode; mainnet USDC deployment pending).
3. Implement checkout APIs and entitlement mint pipeline: `IN_PROGRESS` (staging path live on Base Sepolia and validated by control-plane smoke; mainnet USDC settlement path pending).
4. Implement runtime entitlement gate and evidence receipts.
5. Implement member app channel APIs and deterministic event stream storage: `IN_PROGRESS` (live deployment active with sqlite-backed deterministic event store).
6. Implement governance install token/confirm/status APIs and signed package delivery: `IN_PROGRESS` (local implementation in `web/backend/secretapi`; package signing/deploy wiring pending).
7. Implement org-root boundary claims and access class state transitions in runtime/API responses: `IN_PROGRESS` (principal/access-class scaffolding implemented locally; full runtime integration pending).
Reference in New Issue View Git Blame Copy Permalink