```
chore: update genesis timestamp, fix import paths, clean compiled JS files, and adjust mock path - Update devnet genesis timestamp to 1766400877 - Add Receipt model for zk-proof generation with receiptId, miner, coordinator fields - Fix import paths from settings to config across service modules (access_control, audit_logging, encryption, hsm_key_manager, key_management, zk_proofs) - Remove compiled JavaScript files from explorer-web components and lib directories - Update mock data base path
This commit is contained in:
oib
@ -1,39 +1,53 @@
|
||||
# Wallet Daemon – Task Breakdown
|
||||
|
||||
## Status (2025-09-27)
|
||||
## Status (2025-12-22)
|
||||
|
||||
- **Stage 1**: Core FastAPI skeleton pending, but receipt verification utilities are now implemented in `apps/wallet-daemon/src/app/receipts/service.py` using `aitbc_sdk`. Additional REST/JSON-RPC wiring remains TODO.
|
||||
- **Stage 1**: ✅ **DEPLOYED** - Wallet Daemon successfully deployed in production at https://aitbc.bubuit.net/wallet/
|
||||
- FastAPI application running in Incus container on port 8002
|
||||
- Encrypted keystore with Argon2id + XChaCha20-Poly1305 implemented
|
||||
- REST and JSON-RPC APIs operational
|
||||
- Mock ledger with SQLite backend functional
|
||||
- Receipt verification using aitbc_sdk integrated
|
||||
- nginx proxy configured at /wallet/ route
|
||||
|
||||
## Stage 1 (MVP)
|
||||
## Stage 1 (MVP) - COMPLETED
|
||||
|
||||
- **Project Setup**
|
||||
- Initialize FastAPI application under `apps/wallet-daemon/src/app/` with `main.py`, `settings.py`, `api_rest.py`, `api_jsonrpc.py`.
|
||||
- Create crypto and keystore modules implementing Argon2id key derivation and XChaCha20-Poly1305 encryption.
|
||||
- Add `pyproject.toml` (or `requirements.txt`) with FastAPI, uvicorn, argon2-cffi, pynacl, bech32, aiosqlite, pydantic.
|
||||
- ✅ Initialize FastAPI application under `apps/wallet-daemon/src/app/` with `main.py`, `settings.py`, `api_rest.py`, `api_jsonrpc.py`.
|
||||
- ✅ Create crypto and keystore modules implementing Argon2id key derivation and XChaCha20-Poly1305 encryption.
|
||||
- ✅ Add dependencies: FastAPI, uvicorn, argon2-cffi, pynacl, aitbc-sdk, aitbc-crypto, pydantic-settings.
|
||||
|
||||
- **Keystore & Security**
|
||||
- Implement encrypted wallet file format storing metadata, salt, nonce, ciphertext.
|
||||
- Provide CLI or REST endpoints to create/import wallets, unlock/lock, derive accounts.
|
||||
- Enforce unlock TTL and in-memory zeroization of sensitive data.
|
||||
- ✅ Implement encrypted wallet file format storing metadata, salt, nonce, ciphertext.
|
||||
- ✅ Provide REST endpoints to create/import wallets, unlock/lock, derive accounts.
|
||||
- ✅ Enforce unlock TTL and in-memory zeroization of sensitive data.
|
||||
|
||||
- **REST & JSON-RPC APIs**
|
||||
- Implement REST routes: wallet lifecycle, account derivation, signing (message/tx/receipt), mock ledger endpoints, webhooks.
|
||||
- Mirror functionality via JSON-RPC under `/rpc`.
|
||||
- Add authentication token header enforcement and rate limits on signing operations.
|
||||
- ✅ Implement REST routes: wallet lifecycle, account derivation, signing (message/tx/receipt), mock ledger endpoints.
|
||||
- ✅ Mirror functionality via JSON-RPC under `/rpc`.
|
||||
- ✅ Authentication token header enforcement and rate limits on signing operations.
|
||||
|
||||
- **Mock Ledger**
|
||||
- Implement SQLite-backed ledger with balances and transfers for local testing.
|
||||
- Provide CLI or REST examples to query balances and submit transfers.
|
||||
- ✅ Implement SQLite-backed ledger with balances and transfers for local testing.
|
||||
- ✅ Provide REST endpoints to query balances and submit transfers.
|
||||
|
||||
- **Documentation & Examples**
|
||||
- Update `apps/wallet-daemon/README.md` with setup, run instructions, and curl samples.
|
||||
- Document configuration environment variables (`WALLET_BIND`, `WALLET_PORT`, `KEYSTORE_DIR`, etc.).
|
||||
- ✅ Update deployment documentation with systemd service and nginx proxy configuration.
|
||||
- ✅ Document production endpoints and API access via https://aitbc.bubuit.net/wallet/
|
||||
- **Receipts**
|
||||
- ✅ Integrate `ReceiptVerifierService` consuming `CoordinatorReceiptClient` to fetch and validate receipts (miner + coordinator signatures).
|
||||
|
||||
## Stage 2+
|
||||
## Production Deployment Details
|
||||
|
||||
- **Container**: Incus container 'aitbc' at `/opt/wallet-daemon/`
|
||||
- **Service**: systemd service `wallet-daemon.service` enabled and running
|
||||
- **Port**: 8002 (internal), proxied via nginx at `/wallet/`
|
||||
- **Dependencies**: Virtual environment with all required packages installed
|
||||
- **Access**: https://aitbc.bubuit.net/wallet/docs for API documentation
|
||||
|
||||
## Stage 2+ - IN PROGRESS
|
||||
|
||||
- Add ChainAdapter interface targeting real blockchain node RPC.
|
||||
- Implement mock adapter first, followed by AITBC node adapter.
|
||||
- 🔄 Implement mock adapter first, followed by AITBC node adapter.
|
||||
- Support hardware-backed signing (YubiKey/PKCS#11) and multi-curve support gating.
|
||||
- Introduce webhook retry/backoff logic and structured logging with request IDs.
|
||||
|
||||
Reference in New Issue
Block a user