spirekeeper

History

Padreug b193f6262d Some checks failed ci.yml / docs(pairing): TTL + token-revoke now enforced post-bind (nsecbunkerd#27) (pull_request) Failing after 0s Details docs(pairing): TTL + token-revoke now enforced post-bind (nsecbunkerd#27) nsecbunkerd#27 (deployed 2026-06-19) reverses the #24 finding: the sign-time ACL now evaluates token lifecycle live on every request (checkIfPubkeyAllowed step 4 joins through a liveWhere filter; applyToken stopped photocopying grants into SigningConditions). So: - duration_hours / token expiresAt now bounds an ESTABLISHED binding — an expired token stops signing post-bind, not just at connect. The prior docstring (connect-window-only, pointing at the now-closed nsecbunkerd#24) is corrected. - Token-revoke is no longer a post-redeem no-op (closes the #22 mechanism bunker-side). revoke_spire keeps using revoke_key_user because that's the subject-level ban cutting the whole binding, not just one token's grant — rationale updated, behavior unchanged. Doc/comment only; 20 pairing tests green. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>		2026-06-19 23:23:11 +02:00
..
__init__.py	feat: code quality	2024-08-13 08:20:45 +02:00
conftest.py	refactor: rename extension identity to spirekeeper	2026-06-13 22:30:05 +02:00
test_calculations.py	refactor(v2): canonical sat-amount vocabulary + delete Lamassu-era reverse-derivation	2026-05-26 20:08:30 +02:00
test_cassette_configs.py	refactor: rename extension identity to spirekeeper	2026-06-13 22:30:05 +02:00
test_cassette_state_consumer.py	chore(v2): lint pass — black + ruff auto-fix + mypy regressions (#29 v1.1)	2026-05-31 15:50:14 +02:00
test_collision_guard.py	refactor: rename extension identity to spirekeeper	2026-06-13 22:30:05 +02:00
test_deposit_currency.py	feat(v2): lock deposit currency to machine.fiat_code (closes #26 )	2026-05-16 18:03:34 +02:00
test_fee_cap_validation.py	feat(v2): CRUD + per-direction fee cap validation (#38 2/5)	2026-06-01 10:42:03 +02:00
test_fee_mismatch_recording.py	refactor: rename extension identity to spirekeeper	2026-06-13 22:30:05 +02:00
test_fee_publish_triggers.py	feat(v2): wire fee-config publish into machine + super-config triggers (#39 3/3)	2026-06-01 20:07:56 +02:00
test_fee_transport.py	feat(v2): fee_transport — kind-30078 publisher for operator fee config (#39 2/3)	2026-06-01 20:00:29 +02:00
test_nip44_v2.py	chore(v2): lint pass — black + ruff auto-fix + mypy regressions (#29 v1.1)	2026-05-31 15:50:14 +02:00
test_nostr_attribution.py	refactor(v2): canonical sat-amount vocabulary + delete Lamassu-era reverse-derivation	2026-05-26 20:08:30 +02:00
test_operator_split_legs.py	feat(v2): principal-based fee split — fixes super under-payment (#38 3/5)	2026-06-01 11:24:09 +02:00
test_pair_endpoint.py	feat(pairing): optional token TTL + revoke endpoint (#9/#12, #22 )	2026-06-18 18:51:54 +02:00
test_pairing.py	docs(pairing): TTL + token-revoke now enforced post-bind (nsecbunkerd#27)	2026-06-19 23:23:11 +02:00
test_principal_based_fees.py	feat(v2): principal-based fee split — fixes super under-payment (#38 3/5)	2026-06-01 11:24:09 +02:00
test_roster_resolver.py	refactor: rename extension identity to spirekeeper	2026-06-13 22:30:05 +02:00