Peersyst
diff --git a/‎docs/docs/concepts/architecture_contracts_architecture.md‎
Lines changed: 126 additions & 9 deletions b/‎docs/docs/concepts/architecture_contracts_architecture.md‎
Lines changed: 126 additions & 9 deletions
diff --git a/‎docs/docs/concepts/architecture_contracts_attestation.md‎
Lines changed: 210 additions & 0 deletions b/‎docs/docs/concepts/architecture_contracts_attestation.md‎
Lines changed: 210 additions & 0 deletions
@@ -1,16 +1,133 @@
 # Architecture
 
-Some contracts can be classified into the following categories:
+The FastAuth contract system is organized into several categories based on their responsibilities:
 
-- `Guard` - A middleware contract that checks if the request is authenticated.
-- `GuardRouter` - A contract that routes the request to the appropriate guard contract.
+- **Entry Point** - The `FastAuth` contract serves as the main gateway for users to interact with the system.
+- **Router** - The `JwtGuardRouter` contract routes verification requests to the appropriate guard based on the authentication provider.
+- **Guards** - Middleware contracts that verify JWT tokens from specific identity providers (Auth0, Firebase, Custom Issuers).
+- **Attestation** - The `Attestation` contract manages decentralized public key updates through a quorum-based system.
 
-The following diagram shows the architecture of the contracts and how they interact with the MPC:
+## Contract Interaction Flow
 
-![Contracts](./fa-contracts.png)
+1. **User Request**: The user calls the `sign` function on the `FastAuth` contract with their JWT token and the payload to sign.
+2. **Guard Resolution**: `FastAuth` resolves the guard contract based on the `guard_id` prefix. If the prefix is `jwt`, the request is routed to `JwtGuardRouter`.
+3. **JWT Verification**: The appropriate guard contract verifies the JWT signature and claims.
+4. **MPC Signing**: Upon successful verification, `FastAuth` forwards the signing request to the MPC network.
+5. **Signature Return**: The MPC signature is returned to the user.
 
-The architecture is composed of the following contracts:
+### Contract Architecture Diagram
 
-- [FastAuth](./architecture_contracts_fa.md) - The main contract. It acts as the gateway to perform signatures via [MPC](./architecture_mpc.md). Accessible to the end-user.
-- [JwtGuardRouter](./architecture_contracts_jwt-guard-router.md) - A contract that routes JWT verification requests to the appropriate guard contract.
-- [Auth0Guard](./architecture_contracts_auth0-guard.md) - A guard contract that verifies a JWT token forged through Auth0.
+```
+┌─────────┐
+│  User   │
+└────┬────┘
+     │ 1. sign(JWT + payload)
+     │
+     ▼
+┌─────────────────────────────────┐
+│        FastAuth                 │
+│      (Entry Point)              │
+└────┬────────────────────────────┘
+     │ 2. guard_id prefix = 'jwt'
+     │
+     ▼
+┌─────────────────────────────────┐
+│      JwtGuardRouter             │
+│         (Router)                │
+└───┬──────┬──────┬───────────────┘
+    │      │      │
+    │ 3a   │ 3b   │ 3c
+    │      │      │
+    ▼      ▼      ▼
+┌──────┐ ┌──────────┐ ┌──────────────────┐
+│Auth0 │ │Firebase  │ │ CustomIssuer     │
+│Guard │ │Guard     │ │ Guard            │
+└───┬──┘ └────┬─────┘ └────────┬─────────┘
+    │         │                │
+    │         │ Verify        │ Verify
+    │         │ public keys   │ public keys
+    │         │                │
+    │         ▼                ▼
+    │    ┌──────────────────────────┐
+    │    │     Attestation          │
+    │    │   (Key Management)      │
+    │    └──────────────────────────┘
+    │
+    │ 4. Verification success
+    │
+    ▼
+┌─────────────────────────────────┐
+│        FastAuth                 │
+│      (Entry Point)              │
+└────┬────────────────────────────┘
+     │ 5. Forward signing request
+     │
+     ▼
+┌─────────────────────────────────┐
+│      MPC Network               │
+│    (Signing Service)           │
+└────┬────────────────────────────┘
+     │ 6. Return signature
+     │
+     ▼
+┌─────────────────────────────────┐
+│        FastAuth                 │
+│      (Entry Point)              │
+└────┬────────────────────────────┘
+     │ 7. Return signature
+     │
+     ▼
+┌─────────┐
+│  User   │
+└─────────┘
+```
+
+**Flow Description:**
+
+1. **User** calls `sign()` on **FastAuth** with JWT token and payload
+2. **FastAuth** routes to **JwtGuardRouter** when `guard_id` prefix is `jwt`
+3. **JwtGuardRouter** delegates to the appropriate guard:
+   - **Auth0Guard** (3a)
+   - **FirebaseGuard** (3b) - verifies keys via **Attestation**
+   - **CustomIssuerGuard** (3c) - verifies keys via **Attestation**
+4. Guards return verification success to **FastAuth**
+5. **FastAuth** forwards signing request to **MPC Network**
+6. **MPC Network** returns signature to **FastAuth**
+7. **FastAuth** returns signature to **User**
+
+## Contract Categories
+
+### Entry Point
+
+- [FastAuth](./architecture_contracts_fa.md) - The main contract that manages guards, verifies payloads via delegation, and coordinates MPC signing. Supports multiple signature algorithms: `secp256k1`, `ecdsa`, and `eddsa`.
+
+### Router
+
+- [JwtGuardRouter](./architecture_contracts_jwt-guard-router.md) - A registry and router for JWT guard contracts. Delegates verification to the appropriate guard based on the guard name.
+
+### Guards
+
+All guard contracts implement the `JwtGuard` trait, which provides:
+- RS256 JWT signature verification
+- Issuer and expiration validation
+- Custom claims verification (specific to each guard type)
+
+| Guard | Provider | Key Management | Custom Claims |
+|-------|----------|----------------|---------------|
+| [Auth0Guard](./architecture_contracts_auth0-guard.md) | Auth0 | Owner-managed | `fatxn` claim matching |
+| [FirebaseGuard](./architecture_contracts_firebase-guard.md) | Firebase | Attestation-based | OIDC hash claim matching |
+| [CustomIssuerGuard](./architecture_contracts_custom-issuer-guard.md) | Custom OIDC | DAO-managed | OIDC hash claim matching |
+
+### Supporting Infrastructure
+
+- [Attestation](./architecture_contracts_attestation.md) - Decentralized public key management through attester quorum consensus.
+
+## Security Model
+
+The architecture implements multiple layers of security:
+
+1. **JWT Verification**: Guards verify the cryptographic signature of JWT tokens using RS256.
+2. **Claim Validation**: Each guard validates specific claims (issuer, expiration, custom claims).
+3. **Quorum-Based Key Updates**: The attestation contract ensures public keys can only be updated when multiple trusted attesters agree.
+4. **Role-Based Access Control**: Administrative functions are protected by role-based permissions (DAO, CodeStager, CodeDeployer, etc.).
+5. **Pause Functionality**: Critical contracts support pausing to mitigate security incidents.
@@ -0,0 +1,210 @@
+# Attestation
+
+The `Attestation` contract manages decentralized public key updates through a quorum-based consensus mechanism. Multiple trusted attesters must agree on the same public keys before they are accepted. This contract is used by the `FirebaseGuard` to source its public keys in a trust-minimized manner.
+
+## Features
+
+- Quorum-based public key attestation requiring multiple attesters to agree.
+- Role-based access control (DAO, Attester, CodeStager, CodeDeployer, DurationManager, PauseManager, UnpauseManager).
+- Pausable contract for emergency situations.
+- Upgradable contract with staged deployments.
+- Safe attester management that prevents quorum violations.
+
+## Contract State
+
+| Field | Type | Description |
+|-------|------|-------------|
+| `attestations` | `IterableMap<AccountId, Attestation>` | Current attestations from each attester |
+| `quorum` | `u32` | Number of matching attestations required to update keys |
+| `public_keys` | `Vector<PublicKey>` | Currently active public keys |
+
+### PublicKey Structure
+
+```rust
+pub struct PublicKey {
+    n: Vec<u8>,  // RSA modulus
+    e: Vec<u8>,  // RSA exponent
+}
+```
+
+### Attestation Structure
+
+```rust
+pub struct Attestation {
+    hash: Vec<u8>,            // SHA256 hash of the public keys
+    public_keys: Vec<PublicKey>,  // The attested public keys
+}
+```
+
+## Roles
+
+| Role | Permissions |
+|------|-------------|
+| `DAO` | Full administrative access, can attest, manage quorum, manage attesters |
+| `Attester` | Can submit public key attestations |
+| `CodeStager` | Can stage contract code updates |
+| `CodeDeployer` | Can deploy staged contract updates |
+| `DurationManager` | Can manage upgrade duration settings |
+| `PauseManager` | Can pause the contract |
+| `UnpauseManager` | Can unpause the contract |
+
+## Initialization
+
+```rust
+#[init]
+pub fn new(quorum: u32, super_admins: Vec<AccountId>, attesters: Vec<AccountId>) -> Self
+```
+
+- `quorum`: Number of attesters that must agree before keys are updated.
+- `super_admins`: Accounts with full administrative privileges (also granted DAO role).
+- `attesters`: Initial accounts authorized to submit attestations.
+
+**Validation**:
+- Quorum must be greater than 0.
+- At least one super admin is required.
+- Quorum cannot exceed the number of attesters.
+
+## Attestation Process
+
+### Submitting an Attestation
+
+Accounts with the `Attester` or `DAO` role can submit attestations:
+
+```rust
+#[pause]
+#[access_control_any(roles(Role::Attester, Role::DAO))]
+pub fn attest_public_keys(&mut self, public_keys: Vec<PublicKey>)
+```
+
+**Process**:
+1. Validates that public keys are not empty and all components are valid.
+2. Computes the SHA256 hash of the concatenated public key data.
+3. Stores the attestation for the calling attester.
+4. Counts how many existing attestations have the same hash.
+5. If the count reaches quorum:
+   - Updates the active public keys.
+   - Clears all attestations to prepare for future updates.
+
+### Example Flow
+
+With a quorum of 2 and 3 attesters:
+
+1. **Attester A** submits public keys `[PK1, PK2]` → Attestation stored, count = 1.
+2. **Attester B** submits public keys `[PK1, PK2]` → Same hash, count = 2, quorum reached!
+3. Public keys updated to `[PK1, PK2]`, all attestations cleared.
+
+If **Attester C** had submitted different keys, the hashes wouldn't match and quorum wouldn't be reached.
+
+## Querying State
+
+### Get Public Keys
+
+```rust
+pub fn get_public_keys(&self) -> Vec<PublicKey>
+```
+
+Returns the currently active public keys (empty until quorum is first reached).
+
+### Get Attestation
+
+```rust
+pub fn get_attestation(&self, account_id: AccountId) -> Option<Attestation>
+```
+
+Returns the current attestation from a specific attester.
+
+### Get Quorum
+
+```rust
+pub fn get_quorum(&self) -> u32
+```
+
+### Get Attesters
+
+```rust
+pub fn get_attesters(&self, from_index: u64, limit: u64) -> Vec<AccountId>
+```
+
+Paginated list of accounts with the `Attester` role.
+
+## Quorum Management
+
+Only accounts with the `DAO` role can update the quorum:
+
+```rust
+#[pause]
+#[access_control_any(roles(Role::DAO))]
+pub fn set_quorum(&mut self, quorum: u32)
+```
+
+**Validation**: Quorum cannot exceed the current number of attesters.
+
+## Attester Management
+
+### Granting Attester Role
+
+```rust
+#[pause]
+#[access_control_any(roles(Role::DAO))]
+pub fn grant_attester(&mut self, account_id: AccountId)
+```
+
+### Revoking Attester Role
+
+```rust
+#[pause]
+#[access_control_any(roles(Role::DAO))]
+pub fn revoke_attester(&mut self, account_id: AccountId)
+```
+
+**Safety Check**: Cannot revoke an attester if doing so would make the quorum impossible to reach (i.e., if `quorum >= remaining_attesters`).
+
+## Pause Functionality
+
+The contract can be paused to prevent attestations during security incidents:
+
+- **Pause**: Accounts with `PauseManager` or `DAO` role.
+- **Unpause**: Accounts with `UnpauseManager` or `DAO` role.
+
+When paused, `attest_public_keys`, `set_quorum`, `grant_attester`, and `revoke_attester` are disabled.
+
+## Security Considerations
+
+### Hash Computation
+
+The hash of public keys is computed by concatenating all modulus (`n`) and exponent (`e`) bytes:
+
+```rust
+fn compute_public_keys_hash(&self, public_keys: &[PublicKey]) -> Vec<u8> {
+    let mut data = Vec::new();
+    for pk in public_keys {
+        data.extend_from_slice(&pk.n);
+        data.extend_from_slice(&pk.e);
+    }
+    env::sha256(&data).to_vec()
+}
+```
+
+This ensures:
+- Attesters must agree on the exact same keys in the same order.
+- Any difference in key data results in a different hash.
+
+### Quorum Safety
+
+The contract enforces several invariants:
+- Quorum can never exceed the number of attesters.
+- Revoking an attester is blocked if it would violate the quorum requirement.
+- These checks prevent the contract from entering an unrecoverable state.
+
+## Integration with FirebaseGuard
+
+The `FirebaseGuard` contract fetches its public keys from this contract:
+
+1. `FirebaseGuard` calls `attestation_contract.get_public_keys()`.
+2. The returned keys are validated and stored in `FirebaseGuard`.
+3. These keys are then used to verify Firebase JWT signatures.
+
+This design allows:
+- Decentralized key management without trusting a single party.
+- Key rotation through attester consensus rather than a single admin.
+- Separation of concerns between authentication and key management.