From a0664c6ccc44c11d0d65acc52cf99591682d74c5 Mon Sep 17 00:00:00 2001 From: "cto-new[bot]" <140088366+cto-new[bot]@users.noreply.github.com> Date: Sun, 15 Mar 2026 04:07:02 +0000 Subject: [PATCH] refactor: rebrand DeedShield to TrustSignal across codebase --- .devcontainer/devcontainer.json | 2 +- .../operator-console-enhancement/design.md | 4 +- .../requirements.md | 4 +- .../operator-console-enhancement/tasks.md | 2 +- .kiro/steering/design-system.md | 4 +- CHANGELOG.md | 2 +- PROJECT_PLAN.md | 2 +- README.md | 2 +- SECURITY_CHECKLIST.md | 6 +- TASKS.md | 2 +- USER_MANUAL.md | 12 +-- apps/api/.env.example | 2 +- apps/api/SETUP.md | 8 +- apps/api/package.json | 4 +- apps/api/src/receiptPdf.ts | 2 +- apps/api/src/registryLoader.test.ts | 2 +- apps/api/src/server.ts | 18 ++-- apps/api/src/services/compliance.ts | 6 +- apps/watcher/src/index.js | 10 +-- apps/web/package.json | 2 +- docs/CANONICAL_MESSAGING.md | 2 +- docs/IMPLEMENTATION_PLAN_PASSIVE_INSPECTOR.md | 4 +- docs/IT_INSTALLATION_MANUAL.md | 22 ++--- docs/PRODUCTION_GOVERNANCE_TRACKER.md | 2 +- .../compliance/compliance-statement.md | 6 +- .../legacy-2026-02-25/developer/demo.md | 4 +- ...notebook.md => trustsignal_v2_notebook.md} | 0 .../staging/vercel-staging-2026-02-27.md | 28 +++--- .../08_STAGING_SECURITY_EVIDENCE_CHECKLIST.md | 2 +- ...10_INCIDENT_ESCALATION_AND_SLO_BASELINE.md | 6 +- docs/final/11_NSF_GRANT_WHITEPAPER.md | 2 +- docs/final/14_VANTA_INTEGRATION_USE_CASE.md | 4 +- docs/ops/monitoring/alert-rules.yml | 86 +++++++++---------- ...=> grafana-dashboard-trustsignal-api.json} | 28 +++--- package-lock.json | 36 ++++---- package.json | 2 +- packages/core/package.json | 2 +- src/api/receipt.js | 2 +- src/lib/env.js | 2 +- 39 files changed, 168 insertions(+), 168 deletions(-) rename docs/archive/legacy-2026-02-25/notebook/{deedshield_v2_notebook.md => trustsignal_v2_notebook.md} (100%) rename docs/ops/monitoring/{grafana-dashboard-deedshield-api.json => grafana-dashboard-trustsignal-api.json} (86%) diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 9ae2525..5e6bdfe 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -1,5 +1,5 @@ { - "name": "Deed Shield Dev Container", + "name": "TrustSignal Dev Container", "image": "mcr.microsoft.com/devcontainers/typescript-node:1-20-bullseye", "features": { "ghcr.io/devcontainers/features/github-cli:1": {} diff --git a/.kiro/specs/operator-console-enhancement/design.md b/.kiro/specs/operator-console-enhancement/design.md index a2e71b4..e7869ab 100644 --- a/.kiro/specs/operator-console-enhancement/design.md +++ b/.kiro/specs/operator-console-enhancement/design.md @@ -2,11 +2,11 @@ ## Overview -The Operator Console Enhancement transforms the existing Deed Shield verification interface into a compliance-focused system that matches the Figma design specifications. The design maintains all existing backend functionality while implementing a two-panel layout for document verification workflows used by notaries, title companies, and county recorders. +The Operator Console Enhancement transforms the existing TrustSignal verification interface into a compliance-focused system that matches the Figma design specifications. The design maintains all existing backend functionality while implementing a two-panel layout for document verification workflows used by notaries, title companies, and county recorders. ## System Boundaries -Deed Shield operates as a verification and attestation layer that: +TrustSignal operates as a verification and attestation layer that: - Verifies RON bundle processes and produces receipts - Issues verifiable receipts and audit artifacts - Does NOT store documents diff --git a/.kiro/specs/operator-console-enhancement/requirements.md b/.kiro/specs/operator-console-enhancement/requirements.md index 3572b2a..70e51ff 100644 --- a/.kiro/specs/operator-console-enhancement/requirements.md +++ b/.kiro/specs/operator-console-enhancement/requirements.md @@ -2,11 +2,11 @@ ## Introduction -Transform the existing Deed Shield verification interface into an Operator Console that matches the Figma design specifications. The system maintains all existing backend functionality while providing a verification interface for notaries, title companies, and county recorders. +Transform the existing TrustSignal verification interface into an Operator Console that matches the Figma design specifications. The system maintains all existing backend functionality while providing a verification interface for notaries, title companies, and county recorders. ## System Boundaries -Deed Shield is a verification and attestation layer that: +TrustSignal is a verification and attestation layer that: - Verifies RON bundle processes and produces receipts - Issues verifiable receipts and audit artifacts - Does NOT store documents diff --git a/.kiro/specs/operator-console-enhancement/tasks.md b/.kiro/specs/operator-console-enhancement/tasks.md index 4867dfb..9b57311 100644 --- a/.kiro/specs/operator-console-enhancement/tasks.md +++ b/.kiro/specs/operator-console-enhancement/tasks.md @@ -2,7 +2,7 @@ ## Overview -Transform the existing Deed Shield verification interface into an Operator Console that matches the Figma design specifications. This implementation maintains all existing backend functionality while providing a verification interface with controlled inputs, operator attestation, and audit capabilities. +Transform the existing TrustSignal verification interface into an Operator Console that matches the Figma design specifications. This implementation maintains all existing backend functionality while providing a verification interface with controlled inputs, operator attestation, and audit capabilities. ## System Boundaries - Verification and attestation layer only diff --git a/.kiro/steering/design-system.md b/.kiro/steering/design-system.md index 413c4d0..b9a32be 100644 --- a/.kiro/steering/design-system.md +++ b/.kiro/steering/design-system.md @@ -2,10 +2,10 @@ inclusion: always --- -# Deed Shield Design System Rules +# TrustSignal Design System Rules ## Project Context -Deed Shield is a verification and attestation layer for real-estate recording workflows. The UI must reflect a neutral, compliance-focused aesthetic appropriate for regulatory software. +TrustSignal is a verification and attestation layer for real-estate recording workflows. The UI must reflect a neutral, compliance-focused aesthetic appropriate for regulatory software. ## System Boundaries - Verification and attestation layer only diff --git a/CHANGELOG.md b/CHANGELOG.md index 4c46720..c5b6d86 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -28,7 +28,7 @@ The format is based on Keep a Changelog and this project follows Semantic Versio ### Changed -- Repositioned repository documentation from DeedShield-only framing to TrustSignal canonical platform framing. +- Repositioned repository documentation from TrustSignal-only framing to TrustSignal canonical platform framing. - Standardized production-readiness narrative across `docs/final`, `TASKS.md`, and release artifacts. ### Security diff --git a/PROJECT_PLAN.md b/PROJECT_PLAN.md index a93e496..f7e35f4 100644 --- a/PROJECT_PLAN.md +++ b/PROJECT_PLAN.md @@ -134,7 +134,7 @@ Update/merge into canonical plan and current architecture reality: - duplicated architecture summaries in root and legacy docs De-prioritize until Phase 3: -- items in `docs/archive/legacy-2026-02-25/notebook/deedshield_v2_notebook.md` requiring mock-to-real ZKP conversion or portability expansion +- items in `docs/archive/legacy-2026-02-25/notebook/trustsignal_v2_notebook.md` requiring mock-to-real ZKP conversion or portability expansion - older lab notebook implementation details in `docs/archive/legacy-2026-02-25/lab-notebook/*` except where they provide concrete test evidence needed for audit trails ## 9. Execution Cadence diff --git a/README.md b/README.md index b1deba6..5d091ed 100644 --- a/README.md +++ b/README.md @@ -225,7 +225,7 @@ TrustSignal does not provide: ## Current Repository Context -DeedShield is the current application surface in this repository. The broader product framing remains TrustSignal as evidence integrity infrastructure and an integrity layer for existing workflows. +TrustSignal is the current application surface in this repository. The broader product framing remains TrustSignal as evidence integrity infrastructure and an integrity layer for existing workflows. ## Validation diff --git a/SECURITY_CHECKLIST.md b/SECURITY_CHECKLIST.md index 07e88e5..8d32c2a 100644 --- a/SECURITY_CHECKLIST.md +++ b/SECURITY_CHECKLIST.md @@ -1,6 +1,6 @@ -# Deed Shield โ€” Security & Production Readiness Checklist +# TrustSignal โ€” Security & Production Readiness Checklist -> This document tracks the security posture of the Deed Shield API. +> This document tracks the security posture of the TrustSignal API. > Each item is either โœ… (verified in-repo), ๐Ÿ”’ (enforced by code), or ๐Ÿ“‹ (requires infra/ops verification). --- @@ -45,7 +45,7 @@ | # | Requirement | Status | Evidence | | --- | ------------------------------------------ | ------ | -------------------------------------------------------- | -| 4.1 | Keccak-256 for document hashing | โœ… | `keccak256Buffer` from `@deed-shield/core`. | +| 4.1 | Keccak-256 for document hashing | โœ… | `keccak256Buffer` from `@trust-signal/core`. | | 4.2 | Receipt hash verification | โœ… | `POST /receipt/:id/verify` recomputes hash. | | 4.3 | JWT receipts have expiration | โœ… | Enforced in core receipt builder. | | 4.4 | Private keys never in code or config files | โœ… | Only via `PRIVATE_KEY` env var, never imported directly. | diff --git a/TASKS.md b/TASKS.md index 49ef426..0882e8e 100644 --- a/TASKS.md +++ b/TASKS.md @@ -30,7 +30,7 @@ Plan reference: `PROJECT_PLAN.md` ### P1-S3 Monitoring and Operational Baseline - [x] Implement service-level health/status reporting (`/api/v1/health`, `/api/v1/status`, `/api/v1/metrics`). -- [x] Define baseline API metrics instrumentation (`deedshield_http_requests_total`, `deedshield_http_request_duration_seconds`). +- [x] Define baseline API metrics instrumentation (`trustsignal_http_requests_total`, `trustsignal_http_request_duration_seconds`). - [x] Document incident/escalation workflow aligned with current architecture (`docs/final/10_INCIDENT_ESCALATION_AND_SLO_BASELINE.md`). - [x] Define alert thresholds and dashboard/SLO targets baseline (`docs/final/10_INCIDENT_ESCALATION_AND_SLO_BASELINE.md`). - [ ] Implement dashboard and alert rules in staging monitoring stack. diff --git a/USER_MANUAL.md b/USER_MANUAL.md index 6d9a8af..26ca049 100644 --- a/USER_MANUAL.md +++ b/USER_MANUAL.md @@ -1,10 +1,10 @@ -# DeedShield User Manual +# TrustSignal User Manual -**Version:** 2.0 (Risk & Compliance Enhanced) +**Version:** 2.0 (Risk & Compliance Enhanced) **Date:** February 2026 ## 1. Overview -DeedShield is an automated document verification platform designed to prevent real estate title fraud. It protects homeowners and county clerks by ensuring: +TrustSignal is an automated document verification platform designed to prevent real estate title fraud. It protects homeowners and county clerks by ensuring: 1. **Recording Integrity**: Documents meet strict Cook County formatting and content rules. 2. **Fraud Detection**: An AI Risk Engine analyzes documents for signs of forgery or tampering. 3. **Immutable Proof**: Every validation is "anchored" on a public blockchain (EVM), creating a permanent, tamper-proof audit trail. @@ -20,7 +20,7 @@ DeedShield is an automated document verification platform designed to prevent re * *Note: Only PDF files are supported for full verification.* ### Step 2: Automated Extraction & Review -Once uploaded, DeedShield automatically: +Once uploaded, TrustSignal automatically: * **Removes Watermarks**: Strips "DO NOT COPY" or "UNOFFICIAL" stamps to read the text. * **Extracts Metadata**: Finds the **Parcel ID (PIN)** and **Grantor Name**. * **Computes Hash**: Generates a unique `SHA-256` digital fingerprint of your file. @@ -36,7 +36,7 @@ The system pre-fills the verification form with your document's data. 3. Click **"Verify Bundle"**. ### Step 4: Results & Receipt -DeedShield runs a comprehensive audit and produces a **Verification Receipt**. +TrustSignal runs a comprehensive audit and produces a **Verification Receipt**. * **Decision**: * `ALLOW`: Safe to record. * `FLAG`: Minor issues found (e.g., low visual quality, warnings). @@ -63,7 +63,7 @@ The **Document Fraud Risk Engine** assigns a probability score (0.0 - 1.0) based ### C. Anchoring * **"Anchored" Status**: The digital fingerprint (hash) of your receipt has been written to the Ethereum blockchain. -* **Proof**: This proves *exactly* what the document looked like and what the verification result was at that specific moment in time. Even DeedShield cannot alter this record later. +* **Proof**: This proves *exactly* what the document looked like and what the verification result was at that specific moment in time. Even TrustSignal cannot alter this record later. --- diff --git a/apps/api/.env.example b/apps/api/.env.example index c3692b5..af6d8b9 100644 --- a/apps/api/.env.example +++ b/apps/api/.env.example @@ -40,7 +40,7 @@ RATE_LIMIT_GLOBAL_MAX=600 RATE_LIMIT_API_KEY_MAX=120 # Database (must enforce TLS; include sslmode=require) -DATABASE_URL=postgresql://user:password@host:5432/deedshield?sslmode=require +DATABASE_URL=postgresql://user:password@host:5432/trustsignal?sslmode=require # Supabase aliases (optional if you prefer naming by provider) SUPABASE_DB_URL=postgresql://postgres.:[password]@aws-0-.pooler.supabase.com:6543/postgres?sslmode=require SUPABASE_POOLER_URL=postgresql://postgres.:[password]@aws-0-.pooler.supabase.com:6543/postgres?sslmode=require diff --git a/apps/api/SETUP.md b/apps/api/SETUP.md index 9074338..f831ff9 100644 --- a/apps/api/SETUP.md +++ b/apps/api/SETUP.md @@ -1,4 +1,4 @@ -# Deed Shield API โ€” Developer Setup +# TrustSignal API โ€” Developer Setup ## Prerequisites @@ -9,8 +9,8 @@ ## 1. Clone & Install ```bash -git clone git@github.com:chrismaz11/Deed_Shield.git -cd Deed_Shield +git clone git@github.com:trustsignal-dev/trustsignal.git +cd trustsignal npm install # installs all workspaces ``` @@ -67,7 +67,7 @@ npx prisma db seed ```bash docker run -d \ - --name deed-shield-pg \ + --name trust-signal-pg \ -e POSTGRES_DB=deed_shield \ -e POSTGRES_PASSWORD=localdev \ -p 5432:5432 \ diff --git a/apps/api/package.json b/apps/api/package.json index 3af10a7..fd66f43 100644 --- a/apps/api/package.json +++ b/apps/api/package.json @@ -1,5 +1,5 @@ { - "name": "@deed-shield/api", + "name": "@trust-signal/api", "version": "0.1.0", "private": true, "type": "commonjs", @@ -15,7 +15,7 @@ "test": "vitest run" }, "dependencies": { - "@deed-shield/core": "file:../../packages/core", + "@trust-signal/core": "file:../../packages/core", "@fastify/cors": "^11.2.0", "@fastify/rate-limit": "^10.3.0", "@prisma/client": "^5.17.0", diff --git a/apps/api/src/receiptPdf.ts b/apps/api/src/receiptPdf.ts index fa3422a..6a34063 100644 --- a/apps/api/src/receiptPdf.ts +++ b/apps/api/src/receiptPdf.ts @@ -10,7 +10,7 @@ export async function renderReceiptPdf(receipt: Receipt): Promise { doc.on('end', () => resolve(Buffer.concat(chunks))); doc.on('error', reject); - doc.fontSize(18).text('Deed Shield Receipt', { underline: true }); + doc.fontSize(18).text('TrustSignal Receipt', { underline: true }); doc.moveDown(); doc.fontSize(12); doc.text(`Receipt ID: ${receipt.receiptId}`); diff --git a/apps/api/src/registryLoader.test.ts b/apps/api/src/registryLoader.test.ts index 6076b2b..610b791 100644 --- a/apps/api/src/registryLoader.test.ts +++ b/apps/api/src/registryLoader.test.ts @@ -4,7 +4,7 @@ import { fileURLToPath } from 'url'; import * as fsPromises from 'fs/promises'; import { loadRegistry } from './registryLoader.js'; -import { generateRegistryKeypair, signRegistry } from '@deed-shield/core'; +import { generateRegistryKeypair, signRegistry } from '@trust-signal/core'; const __dirname = path.dirname(fileURLToPath(import.meta.url)); const registryDir = path.resolve(__dirname, '../../../packages/core/registry'); diff --git a/apps/api/src/server.ts b/apps/api/src/server.ts index 4c76e45..0b69bed 100644 --- a/apps/api/src/server.ts +++ b/apps/api/src/server.ts @@ -169,7 +169,7 @@ const vantaVerificationResultSchema = z.object({ generatedAt: z.string().datetime(), vendor: z.object({ name: z.literal('TrustSignal'), - module: z.literal('DeedShield'), + module: z.literal('TrustSignal'), environment: z.string(), apiVersion: z.literal('v1') }), @@ -251,7 +251,7 @@ const vantaVerificationResultJsonSchema = { required: ['name', 'module', 'environment', 'apiVersion'], properties: { name: { const: 'TrustSignal' }, - module: { const: 'DeedShield' }, + module: { const: 'TrustSignal' }, environment: { type: 'string' }, apiVersion: { const: 'v1' } } @@ -461,7 +461,7 @@ function receiptFromDb(record: ReceiptRecord) { decision: record.decision as 'ALLOW' | 'FLAG' | 'BLOCK', reasons: JSON.parse(record.reasons) as string[], riskScore: record.riskScore, - verifierId: 'deed-shield', + verifierId: 'trust-signal', receiptHash: record.receiptHash, fraudRisk: record.fraudRisk ? JSON.parse(record.fraudRisk) as DocumentRisk : undefined, zkpAttestation: record.zkpAttestation ? JSON.parse(record.zkpAttestation) as ZKPAttestation : undefined, @@ -576,7 +576,7 @@ async function toVantaVerificationResult(record: ReceiptRecord, securityConfig: generatedAt: new Date().toISOString(), vendor: { name: 'TrustSignal' as const, - module: 'DeedShield' as const, + module: 'TrustSignal' as const, environment: process.env.NODE_ENV || 'development', apiVersion: 'v1' as const }, @@ -854,15 +854,15 @@ export async function buildServer(options: BuildServerOptions = {}) { fetchImpl: options.fetchImpl }); const metricsRegistry = new Registry(); - collectDefaultMetrics({ register: metricsRegistry, prefix: 'deedshield_api_' }); + collectDefaultMetrics({ register: metricsRegistry, prefix: 'trustsignal_api_' }); const httpRequestsTotal = new Counter({ - name: 'deedshield_http_requests_total', + name: 'trustsignal_http_requests_total', help: 'Total HTTP requests served by the API', labelNames: ['method', 'route', 'status_code'] as const, registers: [metricsRegistry] }); const httpRequestDurationSeconds = new Histogram({ - name: 'deedshield_http_request_duration_seconds', + name: 'trustsignal_http_request_duration_seconds', help: 'HTTP request duration in seconds', labelNames: ['method', 'route', 'status_code'] as const, buckets: [0.01, 0.05, 0.1, 0.25, 0.5, 1, 2, 5], @@ -940,7 +940,7 @@ export async function buildServer(options: BuildServerOptions = {}) { const forwardedProto = normalizeForwardedProto(request.headers['x-forwarded-proto']); return { status: 'ok', - service: 'deed-shield-api', + service: 'trust-signal-api', environment: process.env.NODE_ENV || 'development', uptimeSeconds: Math.floor(process.uptime()), timestamp: new Date().toISOString(), @@ -1199,7 +1199,7 @@ export async function buildServer(options: BuildServerOptions = {}) { canonicalDocumentBase64: input.doc.pdfBase64 }); - const receipt = buildReceipt(input, verification, 'deed-shield', { + const receipt = buildReceipt(input, verification, 'trust-signal', { fraudRisk, zkpAttestation }); diff --git a/apps/api/src/services/compliance.ts b/apps/api/src/services/compliance.ts index 9d658f9..54ec898 100644 --- a/apps/api/src/services/compliance.ts +++ b/apps/api/src/services/compliance.ts @@ -20,9 +20,9 @@ export interface ComplianceCheckResult { const COOK_COUNTY_SYSTEM_PROMPT = ` -DEEDSHIELD LLM SYSTEM PROMPT: Cook County Clerk Recording Requirements +TRUSTSIGNAL LLM SYSTEM PROMPT: Cook County Clerk Recording Requirements Your Role -You are an AI assistant integrated into DeedShield, a deed verification and title company automation platform. Your primary responsibility is to validate real estate documents against Cook County Clerk's Office recording requirements and identify policy mismatches before submission. +You are an AI assistant integrated into TrustSignal, a deed verification and title company automation platform. Your primary responsibility is to validate real estate documents against Cook County Clerk's Office recording requirements and identify policy mismatches before submission. Core Recording Requirements (Illinois ยง55 ILCS 5/3-5018) All real estate documents submitted to the Cook County Clerk must meet these mandatory requirements: @@ -210,7 +210,7 @@ Must affirm original not INTENTIONALLY DESTROYED or DISPOSED OF Requires notarized affidavit confirming oath statement is true -6. Validation Protocol for DeedShield +6. Validation Protocol for TrustSignal When analyzing a document, perform these checks: Format Check: Verify 8.5x11, margins, clerk's corner space, no staples diff --git a/apps/watcher/src/index.js b/apps/watcher/src/index.js index 8727572..ea296a0 100644 --- a/apps/watcher/src/index.js +++ b/apps/watcher/src/index.js @@ -25,7 +25,7 @@ if (!fs.existsSync(WATCH_DIR)) { console.log(`Created watch directory: ${WATCH_DIR}`); } -console.log(`DeedShield Watcher Service started.`); +console.log(`TrustSignal Watcher Service started.`); console.log(`Monitoring: ${WATCH_DIR}`); const watcher = chokidar.watch(WATCH_DIR, { @@ -79,7 +79,7 @@ watcher.on('add', async (filePath) => { }; // 3. Verify via API - console.log(' -> Verifying against Deed Shield Network...'); + console.log(' -> Verifying against TrustSignal Network...'); const response = await axios.post(API_URL, payload); const result = response.data; @@ -87,7 +87,7 @@ watcher.on('add', async (filePath) => { if (result.decision === 'ALLOW') { console.log(` -> โœ… RESULT: VERIFIED (Score: ${result.riskScore})`); notifier.notify({ - title: 'Deed Shield Verified', + title: 'TrustSignal Verified', message: `File: ${fileName}\nStatus: Is Clean (Score: 0)`, sound: true }); @@ -95,7 +95,7 @@ watcher.on('add', async (filePath) => { console.log(` -> โš ๏ธ RESULT: ${result.decision}`); const reasons = Array.isArray(result.reasons) ? result.reasons.join(', ') : 'Unknown risks'; notifier.notify({ - title: 'Deed Shield Alert', + title: 'TrustSignal Alert', message: `File: ${fileName}\nFlagged: ${reasons}`, sound: 'Glass' }); @@ -104,7 +104,7 @@ watcher.on('add', async (filePath) => { } catch (err) { if (err.code === 'ECONNREFUSED') { console.error(' -> โŒ ERROR: API Server is unreachable. Is it running on port 3001?'); - notifier.notify({ title: 'Deed Shield Error', message: 'Could not connect to Verification Server.' }); + notifier.notify({ title: 'TrustSignal Error', message: 'Could not connect to Verification Server.' }); } else { console.error(' -> โŒ ERROR:', err.message); if (err.response) { diff --git a/apps/web/package.json b/apps/web/package.json index 43cd538..e7b9e19 100644 --- a/apps/web/package.json +++ b/apps/web/package.json @@ -1,5 +1,5 @@ { - "name": "@deed-shield/web", + "name": "@trust-signal/web", "version": "0.1.0", "private": true, "type": "module", diff --git a/docs/CANONICAL_MESSAGING.md b/docs/CANONICAL_MESSAGING.md index f453e4d..ded1a9e 100644 --- a/docs/CANONICAL_MESSAGING.md +++ b/docs/CANONICAL_MESSAGING.md @@ -45,7 +45,7 @@ TrustSignal is evidence integrity infrastructure for existing workflows. It acts ### Entity Confusion -- Do not collapse TrustSignal, DeedShield, Vanta, healthcare, and future marketplaces into one undifferentiated story +- Do not collapse TrustSignal, TrustSignal, Vanta, healthcare, and future marketplaces into one undifferentiated story - Do not let the deed wedge define the entire product - Do not describe TrustSignal as a replacement for the system that collected the evidence diff --git a/docs/IMPLEMENTATION_PLAN_PASSIVE_INSPECTOR.md b/docs/IMPLEMENTATION_PLAN_PASSIVE_INSPECTOR.md index 6bf039d..4fede2c 100644 --- a/docs/IMPLEMENTATION_PLAN_PASSIVE_INSPECTOR.md +++ b/docs/IMPLEMENTATION_PLAN_PASSIVE_INSPECTOR.md @@ -8,7 +8,7 @@ Implement a "Passive Inspector" workflow that monitors a directory, cryptographi ### A. `apps/watcher` (The Inspector) -- **Dependencies**: Add `chokidar`, `axios`, `pdf-lib`, `dotenv`, `form-data` (if sending files), and link `@deed-shield/core`. +- **Dependencies**: Add `chokidar`, `axios`, `pdf-lib`, `dotenv`, `form-data` (if sending files), and link `@trust-signal/core`. - **Configuration**: Load `SOURCE_DIR` and `API_URL` from `.env`. - **Ingest Logic**: - Monitor `SOURCE_DIR` for new `.pdf` files. @@ -42,7 +42,7 @@ Implement a "Passive Inspector" workflow that monitors a directory, cryptographi - Modify `POST /verify`. - If `decision` is `FLAG` or `BLOCK`: - Query the _Logic assumes single tenant or default_ `Organization`. - - "Send" Email: Log a structured alert to stdout simulating an email to `adminEmail` with the subject "Deed Shield Alert: [Risk Score] [Reasons]". + - "Send" Email: Log a structured alert to stdout simulating an email to `adminEmail` with the subject "TrustSignal Alert: [Risk Score] [Reasons]". ### C. `packages/core` (The Standard) diff --git a/docs/IT_INSTALLATION_MANUAL.md b/docs/IT_INSTALLATION_MANUAL.md index c6b6ffc..d4900d9 100644 --- a/docs/IT_INSTALLATION_MANUAL.md +++ b/docs/IT_INSTALLATION_MANUAL.md @@ -2,17 +2,17 @@ ## 1. Environment Configuration -The following environment variables are required for the Deed Shield API and Core services (`apps/api` and `packages/core`). +The following environment variables are required for the TrustSignal API and Core services (`apps/api` and `packages/core`). ### System Identity -- `ISSUER_DID`: The decentralized identifier for the Deed Shield instance (e.g., `did:web:deedshield.io`). +- `ISSUER_DID`: The decentralized identifier for the TrustSignal instance (e.g., `did:web:trustsignal.io`). - `SIGNING_PRIVATE_KEY`: Private key (PKCS8 PEM or Hex) used to sign receipts. ### Database (PostgreSQL required) - `DATABASE_URL`: Connection string for the Prisma database. - - **Local Development**: `postgresql://user:password@localhost:5432/deed_shield` (Deploy local DB using `docker-compose up -d` at root). + - **Local Development**: `postgresql://user:password@localhost:5432/trust_signal` (Deploy local DB using `docker-compose up -d` at root). - **Production Environment**: Must use a managed cloud PostgreSQL instance with **storage encryption-at-rest enabled**. - **Production TLS Enforcement**: Connections must enforce TLS 1.3. Your production connection string must append `?sslmode=require`. Example: `postgresql://[user]:[password]@[host]:[port]/[db]?sslmode=require`. @@ -38,18 +38,18 @@ The following environment variables are required for the Deed Shield API and Cor ## 2. PRIA XML Schema Mapping (Phase 2) -For the next integration phase, we will map internal Deed Shield JSON Bundle schemas to PRIA (Property Records Industry Association) XML standards. +For the next integration phase, we will map internal TrustSignal JSON Bundle schemas to PRIA (Property Records Industry Association) XML standards. ### Mapping Table -| Deed Shield Field | PRIA XML XPath | Description | -| ---------------------------- | --------------------------------------- | -------------------------------------------------- | -| `bundle.ron.sealPayload` | `//Signatures/Signature/Keyinfo` | Cryptographic evidence of the seal | -| `bundle.doc.docHash` | `//Document/Hash` | Integrity hash of the recorded instrument | -| `bundle.property.parcelId` | `//Property/ParcelID` | County-assigned PIN/APN | +| TrustSignal Field | PRIA XML XPath | Description | +| -------------------------- | --------------------------------------- | -------------------------------------------------- | +| `bundle.ron.sealPayload` | `//Signatures/Signature/Keyinfo` | Cryptographic evidence of the seal | +| `bundle.doc.docHash` | `//Document/Hash` | Integrity hash of the recorded instrument | +| `bundle.property.parcelId` | `//Property/ParcelID` | County-assigned PIN/APN | | `bundle.ocrData.grantorName` | `//Parties/Party[@Type='Grantor']/Name` | Grantor name extracted or verified | -| `receipt.receiptHash` | `//Recording/Return/ReceiptHash` | **New Field**: Deed Shield Receipt Hash | -| `receipt.decision` | `//Recording/Status/Code` | Mapped to `Verified` (ALLOW) or `Rejected` (BLOCK) | +| `receipt.receiptHash` | `//Recording/Return/ReceiptHash` | **New Field**: TrustSignal Receipt Hash | +| `receipt.decision` | `//Recording/Status/Code` | Mapped to `Verified` (ALLOW) or `Rejected` (BLOCK) | ## 3. Installation Steps diff --git a/docs/PRODUCTION_GOVERNANCE_TRACKER.md b/docs/PRODUCTION_GOVERNANCE_TRACKER.md index b2e7d9c..8b2433c 100644 --- a/docs/PRODUCTION_GOVERNANCE_TRACKER.md +++ b/docs/PRODUCTION_GOVERNANCE_TRACKER.md @@ -44,7 +44,7 @@ Scope: Repository-wide (`TrustSignal`) | 10 | Multi-organization isolation (no cross-tenant access) | `VERIFIED IN TEST` | Ownership checks in `apps/api/src/server.ts`; integration tests | Staging adversarial test suite | | 11 | Smart contract governance (audit readiness, multisig, pause) | `VERIFIED IN TEST` | `packages/contracts/contracts/AnchorRegistry.sol`, contract tests | Third-party audit completion + deployment governance evidence | | 12 | Retention, DPIA hooks, user rights (`access/erasure/portability`) | `IN PROGRESS` | Retention fields and revoke endpoints exist | No 90-day job, export/erasure endpoints, or DPIA workflow evidence | -| 13 | Incident runbooks + real `status.deedshield.io` | `IN PROGRESS` | Incident/escalation baseline docs and legacy runbook | No live status-page implementation evidence or drill artifact | +| 13 | Incident runbooks + real `status.trustsignal.io` | `IN PROGRESS` | Incident/escalation baseline docs and legacy runbook | No live status-page implementation evidence or drill artifact | ## Dated Notes - 2026-03-08: `master` branch protection was verified live through GitHub API and matches the expected required-check/review policy. diff --git a/docs/archive/legacy-2026-02-25/compliance/compliance-statement.md b/docs/archive/legacy-2026-02-25/compliance/compliance-statement.md index 5f8b4bd..799c36c 100644 --- a/docs/archive/legacy-2026-02-25/compliance/compliance-statement.md +++ b/docs/archive/legacy-2026-02-25/compliance/compliance-statement.md @@ -6,7 +6,7 @@ --- ## 1. Compliance Philosophy -Deed Shield builds trust through **technical transparency** rather than opaque assertions. While we are a technology provider and not a regulated financial institution, our architecture is **designed to align** with the rigorous standards expected by title underwriters and government recorders. +TrustSignal builds trust through **technical transparency** rather than opaque assertions. While we are a technology provider and not a regulated financial institution, our architecture is **designed to align** with the rigorous standards expected by title underwriters and government recorders. ## 2. Standards Alignment @@ -16,7 +16,7 @@ Our data structures and audit trails are designed to leverage **MISMO e-Mortgage - **Auditability:** Every verification event produces a timestamped, signed receipt. ### 2.2. Remote Online Notarization (RON) -Deed Shield supports the verification of artifacts produced by RON platforms. We align with the **Model Notary Act** principles by: +TrustSignal supports the verification of artifacts produced by RON platforms. We align with the **Model Notary Act** principles by: - Verifying the digital signature on the notarized bundle. - checking the active status of the notary against our registry (simulated). @@ -26,7 +26,7 @@ Deed Shield supports the verification of artifacts produced by RON platforms. We - **ISO 27001:** *Not yet certified.* - **GDPR/CCPA:** We align by default via our "No PII Persistence" architecture. -**Note:** As a Pilot/Simulator, Deed Shield has not yet undergone independent third-party compliance audits. Users requiring certified systems for production workloads should await our General Availability (GA) release. +**Note:** As a Pilot/Simulator, TrustSignal has not yet undergone independent third-party compliance audits. Users requiring certified systems for production workloads should await our General Availability (GA) release. --- *Change Log:* diff --git a/docs/archive/legacy-2026-02-25/developer/demo.md b/docs/archive/legacy-2026-02-25/developer/demo.md index 1ff2d35..5eb23d9 100644 --- a/docs/archive/legacy-2026-02-25/developer/demo.md +++ b/docs/archive/legacy-2026-02-25/developer/demo.md @@ -23,7 +23,7 @@ node scripts/gen-issuer-keys.js Expected (example): ```json -{"did":"did:example:deedshield-issuer","privateKeyPath":"keys/issuer.private.jwk.json","publicKeyPath":"keys/issuer.public.jwk.json","publicKeyFingerprint":"...sha256..."} +{"did":"did:example:trustsignal-issuer","privateKeyPath":"keys/issuer.private.jwk.json","publicKeyPath":"keys/issuer.public.jwk.json","publicKeyFingerprint":"...sha256..."} ``` ## 3) Seed issuer public JWK into SQLite @@ -34,7 +34,7 @@ node scripts/seed-issuer-public.js Expected (example): ```json -{"did":"did:example:deedshield-issuer","dbPath":"attestations.sqlite","inserted":true} +{"did":"did:example:trustsignal-issuer","dbPath":"attestations.sqlite","inserted":true} ``` ## 4) Start server (verify + receipt + demo) diff --git a/docs/archive/legacy-2026-02-25/notebook/deedshield_v2_notebook.md b/docs/archive/legacy-2026-02-25/notebook/trustsignal_v2_notebook.md similarity index 100% rename from docs/archive/legacy-2026-02-25/notebook/deedshield_v2_notebook.md rename to docs/archive/legacy-2026-02-25/notebook/trustsignal_v2_notebook.md diff --git a/docs/evidence/staging/vercel-staging-2026-02-27.md b/docs/evidence/staging/vercel-staging-2026-02-27.md index 0a537f2..aaaebec 100644 --- a/docs/evidence/staging/vercel-staging-2026-02-27.md +++ b/docs/evidence/staging/vercel-staging-2026-02-27.md @@ -48,7 +48,7 @@ x-vercel-cache: MISS x-vercel-id: cle1::iad1::xw5xk-1772217694988-d326dd7cf547 content-length: 128 -{"status":"ok","service":"deed-shield-api","environment":"production","uptimeSeconds":15,"timestamp":"2026-02-27T18:41:35.104Z"} +{"status":"ok","service":"trust-signal-api","environment":"production","uptimeSeconds":15,"timestamp":"2026-02-27T18:41:35.104Z"} ``` ### GET /api/v1/metrics - Deployment: https://trust-signal-agmnni6ue-christopher-marzianis-projects.vercel.app @@ -71,23 +71,23 @@ x-vercel-cache: MISS x-vercel-id: cle1::iad1::bz5bq-1772217696692-64d3627b4262 content-length: 13508 -# HELP deedshield_api_process_cpu_user_seconds_total Total user CPU time spent in seconds. -# TYPE deedshield_api_process_cpu_user_seconds_total counter -deedshield_api_process_cpu_user_seconds_total 0.132708 +# HELP trustsignal_api_process_cpu_user_seconds_total Total user CPU time spent in seconds. +# TYPE trustsignal_api_process_cpu_user_seconds_total counter +trustsignal_api_process_cpu_user_seconds_total 0.132708 -# HELP deedshield_api_process_cpu_system_seconds_total Total system CPU time spent in seconds. -# TYPE deedshield_api_process_cpu_system_seconds_total counter -deedshield_api_process_cpu_system_seconds_total 0.041515 +# HELP trustsignal_api_process_cpu_system_seconds_total Total system CPU time spent in seconds. +# TYPE trustsignal_api_process_cpu_system_seconds_total counter +trustsignal_api_process_cpu_system_seconds_total 0.041515 -# HELP deedshield_api_process_cpu_seconds_total Total user and system CPU time spent in seconds. -# TYPE deedshield_api_process_cpu_seconds_total counter -deedshield_api_process_cpu_seconds_total 0.174223 +# HELP trustsignal_api_process_cpu_seconds_total Total user and system CPU time spent in seconds. +# TYPE trustsignal_api_process_cpu_seconds_total counter +trustsignal_api_process_cpu_seconds_total 0.174223 -# HELP deedshield_api_process_start_time_seconds Start time of the process since unix epoch in seconds. -# TYPE deedshield_api_process_start_time_seconds gauge -deedshield_api_process_start_time_seconds 1772217680 +# HELP trustsignal_api_process_start_time_seconds Start time of the process since unix epoch in seconds. +# TYPE trustsignal_api_process_start_time_seconds gauge +trustsignal_api_process_start_time_seconds 1772217680 -# HELP deedshield_api_process_resident_memory_bytes Resident memory size in bytes. +# HELP trustsignal_api_process_resident_memory_bytes Resident memory size in bytes. # TY ``` diff --git a/docs/final/08_STAGING_SECURITY_EVIDENCE_CHECKLIST.md b/docs/final/08_STAGING_SECURITY_EVIDENCE_CHECKLIST.md index 5745db5..3c8d426 100644 --- a/docs/final/08_STAGING_SECURITY_EVIDENCE_CHECKLIST.md +++ b/docs/final/08_STAGING_SECURITY_EVIDENCE_CHECKLIST.md @@ -57,7 +57,7 @@ Produce staging evidence for production gate items currently marked as "verified ## Current Artifacts (2026-02-27 UTC) - `docs/evidence/staging/vercel-staging-2026-02-27.md` (API health/status/metrics + TLS certificate probe) - `docs/evidence/staging/supabase-db-security-2026-02-27.md` (Supabase SSL enforcement, root-key presence redaction, TLSv1.3 session proof) -- `docs/ops/monitoring/alert-rules.yml` + `docs/ops/monitoring/grafana-dashboard-deedshield-api.json` (staging monitoring rollout artifacts) +- `docs/ops/monitoring/alert-rules.yml` + `docs/ops/monitoring/grafana-dashboard-trustsignal-api.json` (staging monitoring rollout artifacts) - `scripts/capture-staging-evidence.sh` (staging API + ingress forwarding + TLS metadata evidence automation) - `scripts/capture-vercel-staging-evidence.sh` (Vercel deployment probe automation) - `scripts/capture-supabase-db-security-evidence.sh` (Supabase DB control evidence automation) diff --git a/docs/final/10_INCIDENT_ESCALATION_AND_SLO_BASELINE.md b/docs/final/10_INCIDENT_ESCALATION_AND_SLO_BASELINE.md index b365616..4276601 100644 --- a/docs/final/10_INCIDENT_ESCALATION_AND_SLO_BASELINE.md +++ b/docs/final/10_INCIDENT_ESCALATION_AND_SLO_BASELINE.md @@ -42,17 +42,17 @@ Use `/api/v1/metrics` Prometheus data: - Severity: `SEV-2` (escalate to `SEV-1` if >15 minutes sustained). 2. Error rate alert: -- Signal: `5xx / total requests` using `deedshield_http_requests_total`. +- Signal: `5xx / total requests` using `trustsignal_http_requests_total`. - Warning: `> 2%` for 10 minutes. - Critical: `> 5%` for 5 minutes. 3. Latency alert: -- Signal: p95 from `deedshield_http_request_duration_seconds`. +- Signal: p95 from `trustsignal_http_request_duration_seconds`. - Warning: `> 1.0s` for 10 minutes. - Critical: `> 2.5s` for 5 minutes. 4. Traffic drop alert: -- Signal: request rate from `deedshield_http_requests_total`. +- Signal: request rate from `trustsignal_http_requests_total`. - Warning: request volume drops >70% from 24h baseline for 15 minutes (business hours). ## Required Artifacts for Gate Evidence diff --git a/docs/final/11_NSF_GRANT_WHITEPAPER.md b/docs/final/11_NSF_GRANT_WHITEPAPER.md index 8fd6ae3..1d2877f 100644 --- a/docs/final/11_NSF_GRANT_WHITEPAPER.md +++ b/docs/final/11_NSF_GRANT_WHITEPAPER.md @@ -5,7 +5,7 @@ Program fit: Applied cryptography, trustworthy AI, and secure digital infrastruc ## Abstract -TrustSignal is a verification platform that combines zero-knowledge proof systems, machine-learning risk scoring, and auditable API controls to produce tamper-evident trust decisions for document workflows. The initial production wedge is DeedShield (property deed verification), with architecture designed to generalize to additional credential domains. The system is implemented as a modular verification engine with three independent checks: Halo2 non-membership proof verification, Halo2 revocation proof verification, and ZKML-backed fraud signal verification. Session 7 finalization establishes a production-ready documentation and operations baseline with security controls, CI gates, and reproducible artifacts. +TrustSignal is a verification platform that combines zero-knowledge proof systems, machine-learning risk scoring, and auditable API controls to produce tamper-evident trust decisions for document workflows. The initial production wedge is TrustSignal (property deed verification), with architecture designed to generalize to additional credential domains. The system is implemented as a modular verification engine with three independent checks: Halo2 non-membership proof verification, Halo2 revocation proof verification, and ZKML-backed fraud signal verification. Session 7 finalization establishes a production-ready documentation and operations baseline with security controls, CI gates, and reproducible artifacts. ## Problem Statement diff --git a/docs/final/14_VANTA_INTEGRATION_USE_CASE.md b/docs/final/14_VANTA_INTEGRATION_USE_CASE.md index 1aded90..69c2829 100644 --- a/docs/final/14_VANTA_INTEGRATION_USE_CASE.md +++ b/docs/final/14_VANTA_INTEGRATION_USE_CASE.md @@ -9,7 +9,7 @@ Provide Vanta-ingestable verification evidence from TrustSignal for document-lev ## Reference Pilot Scenario -- Vertical: Property deed verification (DeedShield module) +- Vertical: Property deed verification (TrustSignal module) - Workflow: Partner submits a verification bundle, receives receipt, and forwards normalized verification output to Vanta evidence workflows. - Data mode: Pilot-safe/synthetic where required by policy and agreement. @@ -41,7 +41,7 @@ Provide Vanta-ingestable verification evidence from TrustSignal for document-lev "generatedAt": "2026-03-05T15:00:00.000Z", "vendor": { "name": "TrustSignal", - "module": "DeedShield", + "module": "TrustSignal", "environment": "production", "apiVersion": "v1" }, diff --git a/docs/ops/monitoring/alert-rules.yml b/docs/ops/monitoring/alert-rules.yml index b5e5c5f..f8c8c34 100644 --- a/docs/ops/monitoring/alert-rules.yml +++ b/docs/ops/monitoring/alert-rules.yml @@ -1,169 +1,169 @@ groups: - - name: deedshield-api-slo-recording + - name: trustsignal-api-slo-recording interval: 30s rules: - - record: deedshield:api_requests:rate5m + - record: trustsignal:api_requests:rate5m expr: | - sum by (job) (rate(deedshield_http_requests_total{route=~"/api/v1/.*",route!="/api/v1/metrics"}[5m])) + sum by (job) (rate(trustsignal_http_requests_total{route=~"/api/v1/.*",route!="/api/v1/metrics"}[5m])) - - record: deedshield:api_5xx_ratio:rate5m + - record: trustsignal:api_5xx_ratio:rate5m expr: | - sum by (job) (rate(deedshield_http_requests_total{route=~"/api/v1/.*",route!="/api/v1/metrics",status_code=~"5.."}[5m])) + sum by (job) (rate(trustsignal_http_requests_total{route=~"/api/v1/.*",route!="/api/v1/metrics",status_code=~"5.."}[5m])) / - clamp_min(sum by (job) (rate(deedshield_http_requests_total{route=~"/api/v1/.*",route!="/api/v1/metrics"}[5m])), 0.001) + clamp_min(sum by (job) (rate(trustsignal_http_requests_total{route=~"/api/v1/.*",route!="/api/v1/metrics"}[5m])), 0.001) - - record: deedshield:api_health_success_ratio:rate5m + - record: trustsignal:api_health_success_ratio:rate5m expr: | - sum by (job) (rate(deedshield_http_requests_total{route="/api/v1/health",status_code=~"2.."}[5m])) + sum by (job) (rate(trustsignal_http_requests_total{route="/api/v1/health",status_code=~"2.."}[5m])) / - clamp_min(sum by (job) (rate(deedshield_http_requests_total{route="/api/v1/health"}[5m])), 0.001) + clamp_min(sum by (job) (rate(trustsignal_http_requests_total{route="/api/v1/health"}[5m])), 0.001) - - record: deedshield:api_core_p95_latency_seconds:rate5m + - record: trustsignal:api_core_p95_latency_seconds:rate5m expr: | histogram_quantile( 0.95, sum by (job, le) ( - rate(deedshield_http_request_duration_seconds_bucket{route=~"^/api/v1/(verify|receipt/:receiptId|receipt/:receiptId/verify)$"}[5m]) + rate(trustsignal_http_request_duration_seconds_bucket{route=~"^/api/v1/(verify|receipt/:receiptId|receipt/:receiptId/verify)$"}[5m]) ) ) - - record: deedshield:api_traffic_ratio_to_24h_baseline + - record: trustsignal:api_traffic_ratio_to_24h_baseline expr: | - sum by (job) (rate(deedshield_http_requests_total{route=~"/api/v1/.*",route!="/api/v1/metrics"}[5m])) + sum by (job) (rate(trustsignal_http_requests_total{route=~"/api/v1/.*",route!="/api/v1/metrics"}[5m])) / - clamp_min(sum by (job) (rate(deedshield_http_requests_total{route=~"/api/v1/.*",route!="/api/v1/metrics"}[24h])), 0.001) + clamp_min(sum by (job) (rate(trustsignal_http_requests_total{route=~"/api/v1/.*",route!="/api/v1/metrics"}[24h])), 0.001) - - name: deedshield-api-slo-alerts + - name: trustsignal-api-slo-alerts interval: 30s rules: - - alert: DeedShieldHealthProbeFailuresSEV2 + - alert: TrustSignalHealthProbeFailuresSEV2 expr: | ( - sum by (job) (increase(deedshield_http_requests_total{route="/api/v1/health"}[3m])) >= 3 + sum by (job) (increase(trustsignal_http_requests_total{route="/api/v1/health"}[3m])) >= 3 ) and ( - sum by (job) (increase(deedshield_http_requests_total{route="/api/v1/health",status_code=~"2.."}[3m])) == 0 + sum by (job) (increase(trustsignal_http_requests_total{route="/api/v1/health",status_code=~"2.."}[3m])) == 0 ) for: 0m labels: severity: warning incident_severity: SEV-2 - service: deedshield-api + service: trustsignal-api slo: availability annotations: summary: "Health probe failed 3 consecutive checks" description: "No successful /api/v1/health checks observed across the last 3 checks for job {{ $labels.job }}. Start SEV-2 triage." runbook: "docs/final/10_INCIDENT_ESCALATION_AND_SLO_BASELINE.md" - - alert: DeedShieldHealthProbeFailuresSEV1 + - alert: TrustSignalHealthProbeFailuresSEV1 expr: | ( - sum by (job) (increase(deedshield_http_requests_total{route="/api/v1/health"}[3m])) >= 3 + sum by (job) (increase(trustsignal_http_requests_total{route="/api/v1/health"}[3m])) >= 3 ) and ( - sum by (job) (increase(deedshield_http_requests_total{route="/api/v1/health",status_code=~"2.."}[3m])) == 0 + sum by (job) (increase(trustsignal_http_requests_total{route="/api/v1/health",status_code=~"2.."}[3m])) == 0 ) for: 15m labels: severity: critical incident_severity: SEV-1 - service: deedshield-api + service: trustsignal-api slo: availability annotations: summary: "Health probe failure sustained >15m" description: "Health failures persisted for 15 minutes for job {{ $labels.job }}. Escalate incident severity to SEV-1 and open stakeholder timeline updates every 30 minutes." runbook: "docs/final/10_INCIDENT_ESCALATION_AND_SLO_BASELINE.md" - - alert: DeedShieldApi5xxRateWarning + - alert: TrustSignalApi5xxRateWarning expr: | ( - deedshield:api_5xx_ratio:rate5m > 0.02 + trustsignal:api_5xx_ratio:rate5m > 0.02 ) and on (job) ( - deedshield:api_requests:rate5m > 0.10 + trustsignal:api_requests:rate5m > 0.10 ) for: 10m labels: severity: warning incident_severity: SEV-2 - service: deedshield-api + service: trustsignal-api slo: success-ratio annotations: summary: "5xx rate above 2% for 10m" description: "API error-rate warning threshold breached (>2% 5xx) for job {{ $labels.job }}. Investigate core verification and revocation paths." runbook: "docs/final/10_INCIDENT_ESCALATION_AND_SLO_BASELINE.md" - - alert: DeedShieldApi5xxRateCritical + - alert: TrustSignalApi5xxRateCritical expr: | ( - deedshield:api_5xx_ratio:rate5m > 0.05 + trustsignal:api_5xx_ratio:rate5m > 0.05 ) and on (job) ( - deedshield:api_requests:rate5m > 0.10 + trustsignal:api_requests:rate5m > 0.10 ) for: 5m labels: severity: critical incident_severity: SEV-2 - service: deedshield-api + service: trustsignal-api slo: success-ratio annotations: summary: "5xx rate above 5% for 5m" description: "API error-rate critical threshold breached (>5% 5xx) for job {{ $labels.job }}. Start SEV-2 incident workflow and contain blast radius." runbook: "docs/final/10_INCIDENT_ESCALATION_AND_SLO_BASELINE.md" - - alert: DeedShieldApiCoreP95LatencyWarning + - alert: TrustSignalApiCoreP95LatencyWarning expr: | ( - deedshield:api_core_p95_latency_seconds:rate5m > 1.0 + trustsignal:api_core_p95_latency_seconds:rate5m > 1.0 ) and on (job) ( - sum by (job) (rate(deedshield_http_requests_total{route=~"^/api/v1/(verify|receipt/:receiptId|receipt/:receiptId/verify)$"}[5m])) > 0.05 + sum by (job) (rate(trustsignal_http_requests_total{route=~"^/api/v1/(verify|receipt/:receiptId|receipt/:receiptId/verify)$"}[5m])) > 0.05 ) for: 10m labels: severity: warning incident_severity: SEV-3 - service: deedshield-api + service: trustsignal-api slo: latency annotations: summary: "Core endpoint p95 latency above 1.0s for 10m" description: "P95 latency for /api/v1/verify and receipt verification paths exceeded baseline target for job {{ $labels.job }}." runbook: "docs/final/10_INCIDENT_ESCALATION_AND_SLO_BASELINE.md" - - alert: DeedShieldApiCoreP95LatencyCritical + - alert: TrustSignalApiCoreP95LatencyCritical expr: | ( - deedshield:api_core_p95_latency_seconds:rate5m > 2.5 + trustsignal:api_core_p95_latency_seconds:rate5m > 2.5 ) and on (job) ( - sum by (job) (rate(deedshield_http_requests_total{route=~"^/api/v1/(verify|receipt/:receiptId|receipt/:receiptId/verify)$"}[5m])) > 0.05 + sum by (job) (rate(trustsignal_http_requests_total{route=~"^/api/v1/(verify|receipt/:receiptId|receipt/:receiptId/verify)$"}[5m])) > 0.05 ) for: 5m labels: severity: critical incident_severity: SEV-2 - service: deedshield-api + service: trustsignal-api slo: latency annotations: summary: "Core endpoint p95 latency above 2.5s for 5m" description: "Critical latency regression on core verification flow for job {{ $labels.job }}. Start SEV-2 incident escalation." runbook: "docs/final/10_INCIDENT_ESCALATION_AND_SLO_BASELINE.md" - - alert: DeedShieldApiTrafficDropBusinessHours + - alert: TrustSignalApiTrafficDropBusinessHours expr: | ( - deedshield:api_traffic_ratio_to_24h_baseline < 0.30 + trustsignal:api_traffic_ratio_to_24h_baseline < 0.30 ) and on (job) ( - sum by (job) (rate(deedshield_http_requests_total{route=~"/api/v1/.*",route!="/api/v1/metrics"}[24h])) > 0.10 + sum by (job) (rate(trustsignal_http_requests_total{route=~"/api/v1/.*",route!="/api/v1/metrics"}[24h])) > 0.10 ) and on() ( @@ -173,7 +173,7 @@ groups: labels: severity: warning incident_severity: SEV-3 - service: deedshield-api + service: trustsignal-api slo: traffic annotations: summary: "Traffic volume dropped >70% from 24h baseline" diff --git a/docs/ops/monitoring/grafana-dashboard-deedshield-api.json b/docs/ops/monitoring/grafana-dashboard-trustsignal-api.json similarity index 86% rename from docs/ops/monitoring/grafana-dashboard-deedshield-api.json rename to docs/ops/monitoring/grafana-dashboard-trustsignal-api.json index c2b26b6..1f34303 100644 --- a/docs/ops/monitoring/grafana-dashboard-deedshield-api.json +++ b/docs/ops/monitoring/grafana-dashboard-trustsignal-api.json @@ -86,7 +86,7 @@ "uid": "$datasource" }, "editorMode": "code", - "expr": "sum(rate(deedshield_http_requests_total{job=~\"$job\",route=\"/api/v1/health\",status_code=~\"2..\"}[5m])) / clamp_min(sum(rate(deedshield_http_requests_total{job=~\"$job\",route=\"/api/v1/health\"}[5m])), 0.001)", + "expr": "sum(rate(trustsignal_http_requests_total{job=~\"$job\",route=\"/api/v1/health\",status_code=~\"2..\"}[5m])) / clamp_min(sum(rate(trustsignal_http_requests_total{job=~\"$job\",route=\"/api/v1/health\"}[5m])), 0.001)", "legendFormat": "health success ratio (5m)", "range": true, "refId": "A" @@ -145,7 +145,7 @@ "uid": "$datasource" }, "editorMode": "code", - "expr": "sum(rate(deedshield_http_requests_total{job=~\"$job\",route=~\"/api/v1/.*\",route!=\"/api/v1/metrics\"}[5m]))", + "expr": "sum(rate(trustsignal_http_requests_total{job=~\"$job\",route=~\"/api/v1/.*\",route!=\"/api/v1/metrics\"}[5m]))", "legendFormat": "requests/sec", "range": true, "refId": "A" @@ -212,7 +212,7 @@ "uid": "$datasource" }, "editorMode": "code", - "expr": "histogram_quantile(0.95, sum by (le) (rate(deedshield_http_request_duration_seconds_bucket{job=~\"$job\",route=~\"^/api/v1/(verify|receipt/:receiptId|receipt/:receiptId/verify)$\"}[5m])))", + "expr": "histogram_quantile(0.95, sum by (le) (rate(trustsignal_http_request_duration_seconds_bucket{job=~\"$job\",route=~\"^/api/v1/(verify|receipt/:receiptId|receipt/:receiptId/verify)$\"}[5m])))", "legendFormat": "core p95", "range": true, "refId": "A" @@ -276,7 +276,7 @@ "uid": "$datasource" }, "editorMode": "code", - "expr": "sum(rate(deedshield_http_requests_total{job=~\"$job\",route=~\"/api/v1/.*\",route!=\"/api/v1/metrics\",status_code=~\"5..\"}[5m])) / clamp_min(sum(rate(deedshield_http_requests_total{job=~\"$job\",route=~\"/api/v1/.*\",route!=\"/api/v1/metrics\"}[5m])), 0.001)", + "expr": "sum(rate(trustsignal_http_requests_total{job=~\"$job\",route=~\"/api/v1/.*\",route!=\"/api/v1/metrics\",status_code=~\"5..\"}[5m])) / clamp_min(sum(rate(trustsignal_http_requests_total{job=~\"$job\",route=~\"/api/v1/.*\",route!=\"/api/v1/metrics\"}[5m])), 0.001)", "legendFormat": "5xx ratio", "range": true, "refId": "A" @@ -340,7 +340,7 @@ "uid": "$datasource" }, "editorMode": "code", - "expr": "histogram_quantile(0.95, sum by (le, route) (rate(deedshield_http_request_duration_seconds_bucket{job=~\"$job\",route=~\"^/api/v1/(verify|receipt/:receiptId|receipt/:receiptId/verify)$\"}[5m])))", + "expr": "histogram_quantile(0.95, sum by (le, route) (rate(trustsignal_http_request_duration_seconds_bucket{job=~\"$job\",route=~\"^/api/v1/(verify|receipt/:receiptId|receipt/:receiptId/verify)$\"}[5m])))", "legendFormat": "{{route}}", "range": true, "refId": "A" @@ -396,7 +396,7 @@ "uid": "$datasource" }, "editorMode": "code", - "expr": "sum by (route) (rate(deedshield_http_requests_total{job=~\"$job\",route=~\"^/api/v1/(verify|receipt/:receiptId|receipt/:receiptId/verify)$\"}[5m]))", + "expr": "sum by (route) (rate(trustsignal_http_requests_total{job=~\"$job\",route=~\"^/api/v1/(verify|receipt/:receiptId|receipt/:receiptId/verify)$\"}[5m]))", "legendFormat": "{{route}}", "range": true, "refId": "A" @@ -452,7 +452,7 @@ "uid": "$datasource" }, "editorMode": "code", - "expr": "sum by (status_code) (rate(deedshield_http_requests_total{job=~\"$job\",route=~\"/api/v1/.*\",route!=\"/api/v1/metrics\"}[5m]))", + "expr": "sum by (status_code) (rate(trustsignal_http_requests_total{job=~\"$job\",route=~\"/api/v1/.*\",route!=\"/api/v1/metrics\"}[5m]))", "legendFormat": "{{status_code}}", "range": true, "refId": "A" @@ -516,7 +516,7 @@ "uid": "$datasource" }, "editorMode": "code", - "expr": "sum(rate(deedshield_http_requests_total{job=~\"$job\",route=~\"/api/v1/.*\",route!=\"/api/v1/metrics\"}[5m])) / clamp_min(sum(rate(deedshield_http_requests_total{job=~\"$job\",route=~\"/api/v1/.*\",route!=\"/api/v1/metrics\"}[24h])), 0.001)", + "expr": "sum(rate(trustsignal_http_requests_total{job=~\"$job\",route=~\"/api/v1/.*\",route!=\"/api/v1/metrics\"}[5m])) / clamp_min(sum(rate(trustsignal_http_requests_total{job=~\"$job\",route=~\"/api/v1/.*\",route!=\"/api/v1/metrics\"}[24h])), 0.001)", "legendFormat": "current vs 24h baseline", "range": true, "refId": "A" @@ -580,7 +580,7 @@ "uid": "$datasource" }, "editorMode": "code", - "expr": "sum by (route) (rate(deedshield_http_requests_total{job=~\"$job\",route=~\"/api/v1/.*\",route!=\"/api/v1/metrics\",status_code=~\"5..\"}[5m])) / clamp_min(sum by (route) (rate(deedshield_http_requests_total{job=~\"$job\",route=~\"/api/v1/.*\",route!=\"/api/v1/metrics\"}[5m])), 0.001)", + "expr": "sum by (route) (rate(trustsignal_http_requests_total{job=~\"$job\",route=~\"/api/v1/.*\",route!=\"/api/v1/metrics\",status_code=~\"5..\"}[5m])) / clamp_min(sum by (route) (rate(trustsignal_http_requests_total{job=~\"$job\",route=~\"/api/v1/.*\",route!=\"/api/v1/metrics\"}[5m])), 0.001)", "format": "table", "instant": true, "legendFormat": "{{route}}", @@ -595,7 +595,7 @@ "schemaVersion": 39, "tags": [ "trustsignal", - "deedshield", + "trustsignal", "slo", "incidents" ], @@ -630,7 +630,7 @@ "type": "prometheus", "uid": "$datasource" }, - "definition": "label_values(deedshield_http_requests_total, job)", + "definition": "label_values(trustsignal_http_requests_total, job)", "hide": 0, "includeAll": true, "label": "Prometheus job", @@ -638,7 +638,7 @@ "name": "job", "options": [], "query": { - "query": "label_values(deedshield_http_requests_total, job)", + "query": "label_values(trustsignal_http_requests_total, job)", "refId": "PrometheusVariableQueryEditor-VariableQuery" }, "refresh": 2, @@ -655,8 +655,8 @@ }, "timepicker": {}, "timezone": "browser", - "title": "DeedShield API - SLO Baseline", - "uid": "deedshield-api-slo-baseline", + "title": "TrustSignal API - SLO Baseline", + "uid": "trustsignal-api-slo-baseline", "version": 1, "weekStart": "" } diff --git a/package-lock.json b/package-lock.json index ce16c1b..ff2de1e 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,11 +1,11 @@ { - "name": "deed-shield", + "name": "trust-signal", "version": "0.1.0", "lockfileVersion": 3, "requires": true, "packages": { "": { - "name": "deed-shield", + "name": "trust-signal", "version": "0.1.0", "hasInstallScript": true, "workspaces": [ @@ -41,14 +41,14 @@ } }, "apps/api": { - "name": "@deed-shield/api", + "name": "@trust-signal/api", "version": "0.1.0", "hasInstallScript": true, "dependencies": { - "@deed-shield/core": "file:../../packages/core", "@fastify/cors": "^11.2.0", "@fastify/rate-limit": "^10.3.0", "@prisma/client": "^5.17.0", + "@trust-signal/core": "file:../../packages/core", "ethers": "^6.12.0", "fastify": "^5.8.1", "openai": "^6.17.0", @@ -105,7 +105,7 @@ "license": "UNLICENSED" }, "apps/web": { - "name": "@deed-shield/web", + "name": "@trust-signal/web", "version": "0.1.0", "dependencies": { "fastify": "5.8.1", @@ -655,22 +655,10 @@ "node": ">=18" } }, - "node_modules/@deed-shield/api": { - "resolved": "apps/api", - "link": true - }, "node_modules/@deed-shield/contracts": { "resolved": "packages/contracts", "link": true }, - "node_modules/@deed-shield/core": { - "resolved": "packages/core", - "link": true - }, - "node_modules/@deed-shield/web": { - "resolved": "apps/web", - "link": true - }, "node_modules/@emnapi/runtime": { "version": "1.8.1", "resolved": "https://registry.npmjs.org/@emnapi/runtime/-/runtime-1.8.1.tgz", @@ -3155,6 +3143,18 @@ } } }, + "node_modules/@trust-signal/api": { + "resolved": "apps/api", + "link": true + }, + "node_modules/@trust-signal/core": { + "resolved": "packages/core", + "link": true + }, + "node_modules/@trust-signal/web": { + "resolved": "apps/web", + "link": true + }, "node_modules/@tsconfig/node10": { "version": "1.0.12", "resolved": "https://registry.npmjs.org/@tsconfig/node10/-/node10-1.0.12.tgz", @@ -12105,7 +12105,7 @@ } }, "packages/core": { - "name": "@deed-shield/core", + "name": "@trust-signal/core", "version": "0.1.0", "dependencies": { "ethers": "^6.12.0", diff --git a/package.json b/package.json index 0440033..9c75e6a 100644 --- a/package.json +++ b/package.json @@ -1,5 +1,5 @@ { - "name": "deed-shield", + "name": "trust-signal", "private": true, "version": "0.1.0", "type": "commonjs", diff --git a/packages/core/package.json b/packages/core/package.json index ff7abd4..57a5353 100644 --- a/packages/core/package.json +++ b/packages/core/package.json @@ -1,5 +1,5 @@ { - "name": "@deed-shield/core", + "name": "@trust-signal/core", "version": "0.1.0", "private": true, "type": "commonjs", diff --git a/src/api/receipt.js b/src/api/receipt.js index cad3ba8..9f072b6 100644 --- a/src/api/receipt.js +++ b/src/api/receipt.js @@ -155,7 +155,7 @@ async function handleReceipt(req, res) { }); const receipt = { - deedShieldVersion: '0.1', + trustSignalVersion: '0.1', verifiedAt: new Date().toISOString(), jurisdiction, docType, diff --git a/src/lib/env.js b/src/lib/env.js index e23a969..8b09063 100644 --- a/src/lib/env.js +++ b/src/lib/env.js @@ -70,7 +70,7 @@ function getIssuerPublicJwk() { } function getIssuerDid() { - return process.env.ISSUER_DID || 'did:example:deedshield-issuer'; + return process.env.ISSUER_DID || 'did:example:trustsignal-issuer'; } function getAnchorConfig() {