feat(tracker): unified auth boundary — gossip HMAC + validator token + admin-gated reads (alpha 01/02/20, ADR-0017)
Wire server.py handlers to the auth helper: forfeit requires validator service token or admin session (client API keys rejected); billing summary/ settlements/registry-wallets and benchmark endpoints require admin/service; the three gossip mutation endpoints require a fresh hive HMAC signature and outgoing gossip pushes are signed. Dashboard sends its session token on panel fetches. Existing tests updated for the new gates. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
@@ -73,9 +73,9 @@ def test_threshold_triggers_payout_and_zeroes_pending():
|
||||
assert treasury.batches[0] == [("wallet-a", pytest.approx(0.018))]
|
||||
assert ledger.get_node_pending("wallet-a") == pytest.approx(0.0)
|
||||
|
||||
history = json.loads(urllib.request.urlopen(
|
||||
f"http://127.0.0.1:{port}/v1/billing/settlements"
|
||||
).read())["settlements"]
|
||||
# /v1/billing/settlements is admin-gated now (ADR-0017, covered in
|
||||
# test_auth_boundary.py); verify content via the ledger directly.
|
||||
history = ledger.settlement_history()
|
||||
assert len(history) == 1
|
||||
assert history[0]["signature"] == "fake-tx-1"
|
||||
assert history[0]["payouts"] == [
|
||||
|
||||
Reference in New Issue
Block a user