feat: ACA certification authority, security hardening, and production infrastructure#41
Merged
parlakisik merged 9 commits intomainfrom Apr 7, 2026
Merged
feat: ACA certification authority, security hardening, and production infrastructure#41parlakisik merged 9 commits intomainfrom
parlakisik merged 9 commits intomainfrom
Conversation
- MkDocs Material config with dark/light mode, Mermaid diagram rendering, search - Homepage (docs/index.md) with full README content: problem statement, key benefits, architecture, service catalog, ad-tech parallel, quick start, FAQ, demos - Navigation: Home, Getting Started, Architecture, ACA, Integrations, Platform - GitHub Action auto-deploys on push to main when docs/ or mkdocs.yml change - Custom CSS with AEX purple/amber branding - Hero images copied to docs/assets/images/ for MkDocs compatibility - Quick Start and Deployment guides added to docs site
…xpiry - Circuit breaker no longer trips on 4xx client errors (only 5xx/timeout) Added serverError type to distinguish server failures from client errors - A2AEndpoint URL validation in bid-gateway prevents SSRF attacks Blocks private IPs, localhost, cloud metadata endpoints - Gateway requires non-empty JWT_SECRET in production environments Fatal on startup if missing in non-development mode - Contract expiry enforced in progress/complete/fail handlers Returns 410 Gone and transitions to EXPIRED status - Fix evaluator test for 128-bit ID length (37 chars) - Fix work-publisher test for updated New() signature
- bid-gateway: ListByWorkID store interface accepts limit/offset, both memory and mongo stores updated, handler parses query params - provider-registry: HandleListAllProviders applies limit/offset after active-status filtering, returns total count - identity: HandleListAPIKeys adds limit/offset with total count - All endpoints default to limit=100, offset=0, max limit capped at 100
…vices
Replace all 193 http.Error() plain-text responses with structured JSON:
{ "error": { "code": "ERROR_CODE", "message": "...", "timestamp": "..." } }
Error codes use UPPER_SNAKE_CASE convention:
- BAD_REQUEST, UNAUTHORIZED, NOT_FOUND, METHOD_NOT_ALLOWED
- CONFLICT, GONE, INTERNAL_ERROR, BAD_GATEWAY
- Service-specific: WORK_ID_REQUIRED, BID_EXPIRED, CONTRACT_EXPIRED,
TENANT_ID_REQUIRED, CERTIFICATE_ID_REQUIRED, etc.
Closes #6
Prevents cache stampede when identity service is down. After 5 consecutive failures, requests fast-fail for 10s instead of all queuing on the 5s HTTP timeout. Half-open state allows one request through to detect recovery. Only 5xx/network errors trip the breaker; 4xx responses reset it.
Webhook delivery: - Exponential backoff retry (3 attempts, 500ms/1s/2s) - Retry on network errors and 5xx, no retry on 4xx - HMAC-SHA256 payload signing via X-Webhook-Signature header - WithWebhookSecret() to configure signing key - X-Webhook-Timestamp header for replay protection NATS streams: - Replica factor moved from hardcoded 1 to Config.StreamReplicas - AllStreams(replicas) accepts replica count parameter - Default 1 for dev, set to 3 via NATS_STREAM_REPLICAS for production - Closes GitHub issue #5 (provider webhook specification)
…e versioning Work-publisher distributed locking: - Added Version field to WorkSpec model for optimistic concurrency - Store.UpdateWork now checks version match, returns ErrVersionConflict on mismatch - Both memory and mongo stores implement version checking (mongo uses filter) - OnBidSubmitted, CloseBidWindow, CancelWork retry up to 3 times on conflict - Prevents race condition between concurrent bid submissions and window close Certificate signature versioning: - Added SignedData field to AgentCertificate model (stores canonical JSON that was signed) - Added SchemaVersion field (currently 1) for future format migration - ApproveCertificateRequest and RenewCertificate store signed bytes - VerificationService uses stored SignedData when available, falls back to reconstruction for legacy certificates without SignedData
…oyments Service configs: - Added NatsStreamReplicas + WebhookSecret to work-publisher, settlement, certauth configs - Pass StreamReplicas to nats.Config in all 3 main.go files - Call publisher.WithWebhookSecret() when WEBHOOK_SECRET is set Kubernetes: - Added NATS_STREAM_REPLICAS to base configmap (default 1) - Production overlay patches NATS_STREAM_REPLICAS to 3 for HA - Added JWT_SECRET + WEBHOOK_SECRET to aex-secrets - Gateway deployment wires JWT_SECRET, REDIS_URL, ENVIRONMENT from secret/configmap - Work-publisher, settlement, certauth deployments wire NATS_URL, NATS_STREAM_REPLICAS from configmap and WEBHOOK_SECRET from secret Docker Compose: - Added NATS_STREAM_REPLICAS=1 and WEBHOOK_SECRET to work-publisher, settlement, certauth services
fenar
approved these changes
Apr 7, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
http.Error()plain-text responses with structured{"error": {"code", "message", "timestamp"}}across all 13 services (closes Missing Error Response Schema #6)Commits (8)
4dca067ead76767798a5fd8ad8246686aa86aa59b5d656050f701dabGitHub Issues Closed