Skip to content

Add external signature verification endpoint#90

Merged
TeoSlayer merged 2 commits into
mainfrom
feat/verify-endpoint
Jul 3, 2026
Merged

Add external signature verification endpoint#90
TeoSlayer merged 2 commits into
mainfrom
feat/verify-endpoint

Conversation

@TeoSlayer

Copy link
Copy Markdown
Contributor

Summary

  • POST /api/v1/verify: verifies pilot-req-v1 envelopes against registered node keys — proves a request comes from a registered Pilot node, not just any ed25519 key
  • Uniform valid:false failures (no node-existence oracle); signed verdicts (negatives included) checkable offline via GET /api/v1/verify/keys
  • online = last signature-verified heartbeat within 180s — deliberately decoupled from the 30-min reaper threshold (which would make the flag vacuous)
  • Verdict key auto-generated + persisted next to the snapshot (kid vfy-v1, 0600)
  • dashboard.verify breaker, 60/min per-IP rate limit, 8KB body cap, POST-only
  • JSON lookup responses gain last_seen_unix + key_generation (additive; binary path untouched)

Depends on pilot-protocol/common#34 (reqsig). Pin bump to the next common release follows on this branch. Spec: pilotprotocol docs/SIGNATURE-VERIFICATION.md.

Testing

16 new tests: verdict round-trip against the published key, uniform-failure shape across all failure kinds, online-window flip, key persistence/0600/corrupt-file, HTTP 200/400/405/503/429. Full suite green.

🤖 Generated with Claude Code

teovl added 2 commits July 3, 2026 22:52
- POST /api/v1/verify checks pilot-req-v1 envelopes against registered
  node keys; uniform valid:false failures (no existence oracle); signed
  verdicts, negatives included
- GET /api/v1/verify/keys publishes the verdict issuer key
- verdict key auto-generated and persisted next to the snapshot (vfy-v1)
- online = last_seen within 180s, decoupled from the reaper threshold
- dashboard.verify breaker, 60/min per-IP limit, 8KB body cap
- JSON lookup responses gain last_seen_unix and key_generation
@codecov

codecov Bot commented Jul 3, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@TeoSlayer TeoSlayer merged commit 518e230 into main Jul 3, 2026
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants