Skip to content

Add optional public verification endpoint#9

Merged
nisfeb merged 1 commit into
masterfrom
feature/public-verify
Mar 20, 2026
Merged

Add optional public verification endpoint#9
nisfeb merged 1 commit into
masterfrom
feature/public-verify

Conversation

@nisfeb
Copy link
Copy Markdown
Contributor

@nisfeb nisfeb commented Mar 20, 2026

Summary

Ships can now serve as public verification services — any repo's CI can use them without needing an auth cookie.

  • State-9: adds public-verify flag (default off)
  • Admin UI: toggle in maintainer section listing which endpoints become public
  • Auth restructured: URL parsed before auth check; verify-commit, verify-status, sats-per-pr, and ecash-pubkey skip auth when enabled
  • All admin, signing, ban, and wallet endpoints remain auth-required

Usage

On the verifier ship (e.g. ~posum), enable in admin panel. Then any repo can set GROUNDWIRE_ENDPOINT to that ship's URL without needing GROUNDWIRE_AUTH.

Test plan

  • Public verify disabled: all endpoints return 403 without auth
  • Public verify enabled: verify-commit, verify-status, sats-per-pr, ecash-pubkey accessible without auth
  • Admin, sign, ban, wallet endpoints still require auth when public verify is on

🤖 Generated with Claude Code

@nisfeb @claude
Add optional public verification endpoint
476a83d 
Ships can now serve as public verification services for any repo's CI
without requiring auth cookies.

- State-9: adds public-verify flag (default off)
- Admin UI: toggle in maintainer section with description of which
  endpoints become public
- Auth check restructured: parses URL before auth, skips auth for
  verify-commit, verify-status, sats-per-pr, and ecash-pubkey
  when public-verify is enabled
- All other endpoints (admin, sign, ban, wallet) remain auth-required

Usage: enable on a ship like ~posum, then any repo can point their
CI workflow at it without needing an auth cookie secret.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Mar 20, 2026

Groundwire Verification Failed

This PR will not be reviewed because commits are not signed by a recognized Groundwire ID.

FAILED 476a83d2 ~macret-danwyd-bonwyt-dondut--foplyr-dannub-wisneb-daplyd

Why?

This repository requires contributors to prove ownership of an onchain Groundwire identity.
Commit signatures are cryptographically verified against the signer's on-chain networking key.

How to fix this

  1. Get a Groundwire IDgroundwire.network/get-started
  2. Install commit signing./hooks/install.sh <your-ship-url>
  3. Re-sign your commitsgit rebase --exec "true" HEAD~N (after configuring signing)

This repository is protected by Groundwire for GitHub.

@nisfeb nisfeb merged commit c39d9c0 into master Mar 20, 2026
1 check failed
@nisfeb nisfeb deleted the feature/public-verify branch March 20, 2026 18:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@nisfeb