edut/web
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
f3326a81fa
web/backend/secretapi
History
Joshua b15e13fda5
Some checks are pending
check / secretapi (push) Waiting to run
Details
Harden secretapi sessions and entitlement quote gating
2026-02-19 12:45:46 -08:00
..
deploy Add secretapi member channel endpoints and deployment hardening 2026-02-17 20:48:19 -08:00
.env.example Harden secretapi sessions and entitlement quote gating 2026-02-19 12:45:46 -08:00
app_test.go Harden secretapi sessions and entitlement quote gating 2026-02-19 12:45:46 -08:00
app.go Add wallet session lifecycle endpoints and docs 2026-02-18 20:42:04 -08:00
assurance.go Add membership assurance levels and policy gates 2026-02-18 14:06:52 -08:00
chain.go Emit entitlement calldata in quotes and verify tx payload 2026-02-18 13:28:01 -08:00
config_test.go Harden secretapi sessions and entitlement quote gating 2026-02-19 12:45:46 -08:00
config.go Harden secretapi sessions and entitlement quote gating 2026-02-19 12:45:46 -08:00
crypto.go Add secretapi member channel endpoints and deployment hardening 2026-02-17 20:48:19 -08:00
Dockerfile fix: install build-base for cgo secretapi image 2026-02-19 11:42:19 -08:00
go.mod Add secretapi member channel endpoints and deployment hardening 2026-02-17 20:48:19 -08:00
go.sum Add secretapi member channel endpoints and deployment hardening 2026-02-17 20:48:19 -08:00
main.go Validate secretapi config at startup for fail-closed deploys 2026-02-18 07:09:31 -08:00
marketplace_models.go Add execution pacing profiles to offers and marketplace API 2026-02-18 20:26:18 -08:00
marketplace.go Harden secretapi sessions and entitlement quote gating 2026-02-19 12:45:46 -08:00
models.go Add wallet session lifecycle endpoints and docs 2026-02-18 20:42:04 -08:00
README.md Harden secretapi sessions and entitlement quote gating 2026-02-19 12:45:46 -08:00
session_auth.go Add wallet session lifecycle endpoints and docs 2026-02-18 20:42:04 -08:00
store.go Harden secretapi sessions and entitlement quote gating 2026-02-19 12:45:46 -08:00

README.md

Secret API Backend (secretapi)

Deterministic backend for wallet-first designation, membership activation, and governance install authorization.

Run

cd /Users/vsg/Documents/VSG\ Codex/web/backend/secretapi
go run .

Default listen address is :8080.

Test

cd /Users/vsg/Documents/VSG\ Codex/web/backend/secretapi
go test ./...

Environment Template

Copy .env.example in this folder and set contract/runtime values before deploy. secretapi validates config at startup and fails closed if strict chain verification is enabled without RPC.

Endpoint Surface

Membership

  • POST /secret/wallet/intent
  • POST /secret/wallet/verify
  • POST /secret/wallet/session/refresh
  • POST /secret/wallet/session/revoke
  • POST /secret/membership/quote
  • POST /secret/membership/confirm
  • GET /secret/membership/status

Marketplace

  • GET /marketplace/offers
  • GET /marketplace/offers/{offer_id}
  • POST /marketplace/checkout/quote
  • POST /marketplace/checkout/confirm
  • GET /marketplace/entitlements

Governance install + availability

  • POST /governance/install/token
  • POST /governance/install/confirm
  • GET /governance/install/status
  • POST /governance/lease/heartbeat
  • POST /governance/lease/offline-renew

Member app channel

  • POST /member/channel/device/register
  • POST /member/channel/device/unregister
  • GET /member/channel/events
  • POST /member/channel/events/{event_id}/ack
  • POST /member/channel/support/ticket

Wallet Session Hardening

POST /secret/wallet/verify now issues a wallet session token:

  1. Response fields: session_token, session_expires_at
  2. Response headers: X-Edut-Session, X-Edut-Session-Expires-At

When SECRET_API_REQUIRE_WALLET_SESSION=true, wallet-scoped control-plane endpoints fail closed unless a valid session token is provided via:

  1. Authorization: Bearer <session_token>
  2. X-Edut-Session: <session_token>

Covered endpoints include marketplace checkout/entitlements, governance install/lease actions, and member-channel calls.

Session lifecycle endpoints:

  1. POST /secret/wallet/session/refresh: rotates the current session token and revokes the prior token.
  2. POST /secret/wallet/session/revoke: revokes the current token immediately.

Sponsorship Behavior

Membership quote supports ownership wallet and distinct payer wallet:

  • address: ownership wallet (required)
  • payer_wallet: optional payer wallet
  • payer_proof: required when payer differs from owner

Distinct payer proof uses owner-signed personal message:

EDUT-PAYER-AUTH:{designation_code}:{owner_wallet}:{payer_wallet}:{chain_id}

This enables company-sponsored mint flows while preserving deterministic owner authorization.

Company-first sponsor path is also supported:

  • If sponsor_org_root_id is provided and the payer_wallet is a stored org_root_owner principal for that org root with active entitlement status, quote issuance is allowed without payer_proof.

Identity Assurance Model

Membership activation and identity assurance are stored as separate facts:

  1. membership_status
  2. identity_assurance_level

Assurance levels:

  1. none
  2. crypto_direct_unattested
  3. sponsored_unattested
  4. onramp_attested

onramp_attested can be set during membership confirm only on self-paid quotes and requires identity_attested_by.

Policy gates:

  1. Store checkout requires active membership.
  2. Workspace admin install/support actions require onramp_attested assurance.

Key Environment Variables

Core

  • SECRET_API_LISTEN_ADDR (default :8080)
  • SECRET_API_DB_PATH (default ./secret.db)
  • SECRET_API_ALLOWED_ORIGIN (default https://edut.ai)
  • SECRET_API_MEMBER_POLL_INTERVAL_SECONDS (default 30)
  • SECRET_API_CHAIN_ID (default 84532)
  • SECRET_API_CHAIN_RPC_URL (optional, enables on-chain tx receipt verification)
  • SECRET_API_REQUIRE_ONCHAIN_TX_VERIFICATION (default false; when true, membership confirm and marketplace checkout confirm fail closed without chain receipt verification)
  • SECRET_API_ENTITLEMENT_CONTRACT (optional; when set, marketplace quote emits purchase calldata for entitlement settlement contract)

Membership

  • SECRET_API_INTENT_TTL_SECONDS (default 900)
  • SECRET_API_QUOTE_TTL_SECONDS (default 900)
  • SECRET_API_WALLET_SESSION_TTL_SECONDS (default 2592000)
  • SECRET_API_REQUIRE_WALLET_SESSION (default true; set false only for controlled local harness/debug usage)
  • SECRET_API_DOMAIN_NAME
  • SECRET_API_VERIFYING_CONTRACT
  • SECRET_API_MEMBERSHIP_CONTRACT
  • SECRET_API_MINT_CURRENCY (USDC for launch; ETH allowed for Sepolia/test harness)
  • SECRET_API_MINT_AMOUNT_ATOMIC (default 100000000)
  • SECRET_API_MINT_DECIMALS (must be 6 for USDC, 18 for ETH)

Marketplace

  • SECRET_API_ENTITLEMENT_CONTRACT must be configured to issue checkout quotes.
  • Marketplace quote fails closed with entitlement_contract_unconfigured when unset/zero.

Governance install

  • SECRET_API_INSTALL_TOKEN_TTL_SECONDS (default 900)
  • SECRET_API_LEASE_TTL_SECONDS (default 3600)
  • SECRET_API_OFFLINE_RENEW_TTL_SECONDS (default 2592000)
  • SECRET_API_GOV_RUNTIME_VERSION
  • SECRET_API_GOV_PACKAGE_URL
  • SECRET_API_GOV_PACKAGE_HASH
  • SECRET_API_GOV_PACKAGE_SIGNATURE
  • SECRET_API_GOV_SIGNER_KEY_ID
  • SECRET_API_GOV_POLICY_HASH
  • SECRET_API_GOV_ROLLOUT_CHANNEL (default stable)