78 lines
2.2 KiB
Markdown
78 lines
2.2 KiB
Markdown
# Secret API Deployment (Staging/Main)
|
|
|
|
This runbook deploys `web/backend/secretapi` for wallet-first membership and governance install authorization.
|
|
|
|
## Build Targets
|
|
|
|
1. Native binary:
|
|
|
|
```bash
|
|
cd /Users/vsg/Documents/VSG\ Codex/web/backend/secretapi
|
|
go build -o secretapi .
|
|
```
|
|
|
|
2. Container image:
|
|
|
|
```bash
|
|
cd /Users/vsg/Documents/VSG\ Codex/web/backend/secretapi
|
|
docker build -t edut/secretapi:latest .
|
|
```
|
|
|
|
## Required Environment
|
|
|
|
Use `web/backend/secretapi/.env.example` as baseline.
|
|
|
|
Critical values before launch:
|
|
|
|
1. `SECRET_API_CHAIN_ID` (`84532` for Base Sepolia, `8453` for Base mainnet)
|
|
2. `SECRET_API_CHAIN_RPC_URL`
|
|
3. `SECRET_API_VERIFYING_CONTRACT`
|
|
4. `SECRET_API_MEMBERSHIP_CONTRACT`
|
|
5. Governance package metadata:
|
|
- `SECRET_API_GOV_RUNTIME_VERSION`
|
|
- `SECRET_API_GOV_PACKAGE_URL`
|
|
- `SECRET_API_GOV_PACKAGE_HASH`
|
|
- `SECRET_API_GOV_PACKAGE_SIGNATURE`
|
|
- `SECRET_API_GOV_SIGNER_KEY_ID`
|
|
- `SECRET_API_GOV_POLICY_HASH`
|
|
6. Member channel polling:
|
|
- `SECRET_API_MEMBER_POLL_INTERVAL_SECONDS`
|
|
|
|
## Systemd Deployment (Hetzner/VPS)
|
|
|
|
1. Copy binary to `/opt/edut/secretapi/secretapi`.
|
|
2. Copy environment file to `/etc/edut/secretapi.env`.
|
|
3. Copy unit file `web/backend/secretapi/deploy/secretapi.service` to `/etc/systemd/system/secretapi.service`.
|
|
4. Start service:
|
|
|
|
```bash
|
|
sudo systemctl daemon-reload
|
|
sudo systemctl enable --now secretapi
|
|
sudo systemctl status secretapi
|
|
```
|
|
|
|
## Health Check
|
|
|
|
```bash
|
|
curl -s http://127.0.0.1:8080/healthz
|
|
```
|
|
|
|
Expected:
|
|
|
|
```json
|
|
{"status":"ok"}
|
|
```
|
|
|
|
## Post-Deploy Verification
|
|
|
|
1. `POST /secret/wallet/intent` returns `intent_id` and `designation_code`.
|
|
2. `POST /secret/wallet/verify` accepts valid EIP-712 signature.
|
|
3. `POST /secret/membership/quote` returns tx payload.
|
|
4. `POST /secret/membership/confirm` marks membership active.
|
|
5. `POST /governance/install/token` enforces owner role and active membership.
|
|
6. `POST /governance/install/confirm` enforces package/runtime/policy match.
|
|
7. `GET /governance/install/status` resolves deterministic activation state.
|
|
8. `POST /member/channel/device/register` returns active channel binding.
|
|
9. `GET /member/channel/events` returns deterministic inbox page.
|
|
10. `POST /member/channel/events/{event_id}/ack` is idempotent per event+device.
|