Files
smom-dbis-138/config/omnl-customer-security.production.v1.json
zaragoza444 064239be13
Some checks failed
CI/CD Pipeline / Solidity Contracts (push) Failing after 1m18s
CI/CD Pipeline / Security Scanning (push) Successful in 2m34s
CI/CD Pipeline / Lint and Format (push) Failing after 54s
CI/CD Pipeline / Terraform Validation (push) Failing after 27s
CI/CD Pipeline / Kubernetes Validation (push) Successful in 28s
Deploy ChainID 138 / Deploy ChainID 138 (push) Failing after 39s
HYBX OMNL TypeScript & anchor / token-aggregation build + reconcile artifact (push) Failing after 31s
Validation / validate-genesis (push) Successful in 28s
Validation / validate-terraform (push) Failing after 31s
Validation / validate-kubernetes (push) Failing after 11s
Validation / validate-smart-contracts (push) Failing after 11s
Validation / validate-security (push) Failing after 1m27s
Validation / validate-documentation (push) Failing after 21s
Verify Deployment / Verify Deployment (push) Has been cancelled
feat: four super-admin keys and production customer API security
Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-29 05:09:08 -07:00

31 lines
1017 B
JSON

{
"version": "1.0.0",
"production": true,
"neverExposeOperatorKeyInBrowser": true,
"portalInjectAuthViaNginx": true,
"requireApiKeyAllExchangeRoutes": true,
"customerAllowedScopes": ["read", "trade"],
"superAdminOnlyScopes": ["settle", "token_load", "transfer", "admin"],
"rateLimits": {
"customerPerMinute": 30,
"superAdminPerMinute": 120,
"anonymousPerMinute": 0
},
"corsOrigins": [
"https://secure.d-bis.org",
"https://online.omdnl.org",
"https://office24.omdnl.org",
"https://digital.omdnl.org",
"https://exchange.d-bis.org",
"https://exchange.omdnl.org",
"https://forex.omdnl.org"
],
"publicEndpoints": [
"/health",
"/health/ledger",
"/money-supply/public",
"/public/money-supply"
],
"notes": "Customer keys: OMNL_CUSTOMER_API_KEYS=key:read|trade or OMNL_CUSTOMER_API_KEY_1..3. Super-admin keys: OMNL_SUPER_ADMIN_*_KEY in config/omnl-super-admins.v1.json. Portal browsers use nginx-injected auth — never VITE_OMNL_API_KEY."
}