Every COIN action is signed. Every signature is verified.
vault keygen --user USER
→ ~/.canonic/VAULT/USERS/{USER}/KEY.pub (hex-encoded public key)
→ ~/.canonic/VAULT/USERS/{USER}/KEY.priv (encrypted private key)
→ Updates identity.json with pubkey field
Every circulation event gains a signature field:
signature = Ed25519.sign(KEY.priv, id + prev + ts + event + user + amount)
During ROLLOUT compatibility window: unsigned events accepted with warning. After window: unsigned events rejected.
vault auth --user USER
→ Reads private key (prompts for passphrase)
→ Generates token: base64(header).base64(payload).base64(signature)
→ Payload: { user, exp, nonce }
→ Expiry: 1 hour default
→ Used by HTTP API for Bearer authentication
vault verify-sig [--user USER]
→ For each TIMELINE event, verify signature against USER public key
→ Reports: signed, unsigned (legacy), invalid counts
→ Exit 1 if any invalid signatures
Distributed users (e.g. DEXTER/USERS/robert-glover/) start with LinkedIn KYC:
LinkedIn verified → identity.json created (kyc: LINKEDIN)
WALLET genesis event created
Ed25519 key-pair generated
RUNNER access granted — task completions mint COIN
GitHub onboarded → identity.json updated (kyc: BOTH, git_emails added)
Full principal graduation → own ORG scope
GitHub is the graduation path, not a gate. Distributed users earn COIN from day one.
| Anchor | Level | Use case | Identity field |
|---|---|---|---|
| GitHub | PRIMARY | Full principal — git commit mapping, .idf minting | `git_emails`, `git_names` |
| DISTRIBUTED | Distributed user — RUNNER task minting, no git | `linkedin` | |
| FL DBPR | SUPPLEMENTAL | Real estate license verification | `license` |
`` Generate new key-pair: vault keygen –user USER –rotate Archive old public key: KEY.pub → KEY.pub.{YYYY-MM-DD} Sign rotation event: new key signs { event: KEY_ROTATE, prev_pubkey, new_pubkey, ts } Update identity.json: pubkey → new key, key_created_at → now Re-mint active auth tokens with new key Verify: vault verify-sig –user USER (all post-rotation events valid) `
On suspected compromise: immediate rotation, revoke all active tokens, archive compromised key with COMPROMISED suffix, audit TIMELINE for unauthorized events.
` vault key-status –user USER → age, rotation due date, status vault keygen –user USER –rotate → generate new key, archive old, update identity ``
| *IDENTITY | SPEC | SERVICES* |
| Check | Threshold | Action |
|---|---|---|
| key_created_at age | > 330 days | WARN: rotation due in 30 days |
| key_created_at age | > 365 days | BLOCK: key expired — rotate before signing |