io.pilot.didit — Didit identity platform (KYC/AML/liveness) + no-broker self-signup#75
Merged
Conversation
Add a `signup:` method route so a byo HTTP app can mint a per-user backend
API key with NO Pilot broker: a two-call, email-keyed handshake
(register → the backend emails the user a one-time code → verify) that
caches the returned key in $APP/secrets.json, from which the byo ${TOKEN}
headers resolve it on every subsequent call.
Scaffold:
- SignupRoute (step register|verify, url, key_path, secret_key) in config +
submission schema, with validation and a generated signup.go runtime.
- Manifest grants fs.read+fs.write on secrets.json and net.dial to the auth
host(s) for a signup app.
- HTTP client resolves ${TOKEN} auth headers PER REQUEST (HeaderFunc) so a
key minted at runtime is picked up without a restart — the crux for a
self-signup app whose key does not exist at boot.
- Tests: config resolve/validation, manifest grants, submission validate +
ToConfig, and a compile test of the generated signup project.
Submission io.pilot.didit: the full Didit identity platform over one HTTPS
app — 39 methods (signup/verify, workflows, hosted sessions, standalone AML
+ database validation, email/phone OTP, billing, blocklist, questionnaires,
users, webhooks) + didit.help, with per-endpoint pricing in the rate card.
byo auth (x-api-key), no broker. verify-submission passes on all 4 platforms.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds io.pilot.didit — the full Didit identity-verification platform (KYC/ID, liveness, face match, AML, proof-of-address, database validation, email/phone OTP) over one HTTPS app — 39 methods +
didit.help, byo auth (x-api-key), no broker.To support it, adds a reusable scaffold feature: a no-broker
signuproute.The
signupscaffold featureA byo HTTP app can now mint a per-user backend key with no Pilot broker, via a two-call email-keyed handshake:
didit.signup {email}→ the backend emails the user a one-time code (register leg).didit.verify {code}→ the returned key is cached in$APP/secrets.json; every other method then authenticates automatically.Keyed by the user's own email because identity providers suppress disposable mailboxes. Included:
SignupRoute(step: register|verify,url,key_path,secret_key) in the scaffold config + submission schema, with validation and a generatedsignup.goruntime.fs.read+fs.writeonsecrets.jsonandnet.dialto the auth host.${TOKEN}auth headers per request (HeaderFunc) so a key minted at runtime is picked up with no restart — the crux for a self-signup app whose key doesn't exist at boot.ToConfig, and a compile test of the generated signup project.Validation
verify-submissionpasses across all 4 platforms.billing_balance,create_workflow,create_session,get_decision,aml, workflows/sessions/users/questionnaires/blocklist/webhooks).Pricing is documented per-endpoint in the
didit.helprate card; the image-upload APIs (direct ID scan, liveness, face match, face search, age, PoA) are documented and routed through the hosted-session flow.