feat(tracker): unified auth boundary — gossip HMAC + validator token + admin-gated reads (alpha 01/02/20, ADR-0017)

Wire server.py handlers to the auth helper: forfeit requires validator
service token or admin session (client API keys rejected); billing summary/
settlements/registry-wallets and benchmark endpoints require admin/service;
the three gossip mutation endpoints require a fresh hive HMAC signature and
outgoing gossip pushes are signed. Dashboard sends its session token on
panel fetches. Existing tests updated for the new gates.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
Dobromir Popov
2026-07-05 00:08:25 +02:00
parent 7414ce1e29
commit 81719ed84b
12 changed files with 4591 additions and 4557 deletions

View File

@@ -157,7 +157,9 @@ def test_forfeit_endpoint_requires_auth_and_forfeits():
ledger.charge_request("client", MODEL, 1000, [("wallet-x", 12)])
pending = ledger.get_node_pending("wallet-x")
tracker = TrackerServer(contracts=contracts, billing=ledger)
tracker = TrackerServer(
contracts=contracts, billing=ledger, validator_service_token="test-svc-token",
)
port = tracker.start()
url = f"http://127.0.0.1:{port}/v1/billing/forfeit"
body = json.dumps({"wallet": "wallet-x", "reason": "fraud"}).encode()
@@ -171,7 +173,7 @@ def test_forfeit_endpoint_requires_auth_and_forfeits():
req = urllib.request.Request(
url, data=body,
headers={"Content-Type": "application/json", "Authorization": "Bearer validator"},
headers={"Content-Type": "application/json", "Authorization": "Bearer test-svc-token"},
method="POST",
)
with urllib.request.urlopen(req) as r: