7ac74f432b
- Institutional / JVMTM / reserve-provenance / GRU transport + standards JSON - Validation and verify scripts (Blockscout labels, x402, GRU preflight, P1 local path) - Wormhole wiring in AGENTS, MCP_SETUP, MASTER_INDEX, 04-configuration README - Meta docs, integration gaps, live verification log, architecture updates - CI validate-config workflow updates Operator/LAN items, submodule working trees, and public token-aggregation edge routes remain follow-up (see TODOS_CONSOLIDATED P1). Made-with: Cursor
1.8 KiB
1.8 KiB
DBIS members.d-bis.org — MVP runbook
Relationship to secure.d-bis.org
| Host | Intended use |
|---|---|
| secure.d-bis.org | Existing authenticated DBIS frontend (inventory: VMID/backends per ALL_VMIDS_ENDPOINTS.md). |
| members.d-bis.org | Sovereign member institution portal: OIDC login, institution-scoped dashboard, settlement read/simulation tools, policy voting UI (phased). |
Decision (default): Complement — keep secure.d-bis.org for current operator/staff flows; introduce members.d-bis.org for central-bank-style members with stronger RBAC and audit. Supersede only after data migration and SSO client cutover.
Architecture
- Edge: NPMplus TLS termination → BFF (Next.js Route Handlers or small Go service).
- Auth: OIDC (Keycloak or equivalent) — reuse patterns from Sankofa portal runbooks where applicable.
- Session: HTTP-only cookies; CSRF on mutations.
- Backend: mTLS from BFF to internal read APIs (
dbis-api, future data API); no direct browser access to LAN RPC. - DID (phase 2+): Wallet or credential presentation (Indy/Aries) after DBIS_IDENTITY_COMPLETION_PACKAGE_RUNBOOK.md milestones.
Audit log
Append-only store for: login, policy votes, settlement simulation runs, document downloads. Minimum fields: ts, actor_sub, institution_id, action, payload_hash, ip_hash.
Operator checklist
- DNS + NPM host
members.d-bis.org - OIDC client + redirect URIs
- BFF deployed with secrets from vault/.env (not in git)
- mTLS certs issued for BFF → internal APIs
- Entry in E2E_ENDPOINTS_LIST.md when live