Skip to content

Improve protocol so it would support us to implement Solana wallet signature-based access control via on-chain registry #25

New issue
New issue
Open
#26
Open
Improve protocol so it would support us to implement Solana wallet signature-based access control via on-chain registry#25
#26
Assignees
copilot-swe-agent
@0xrinegade

Description

@0xrinegade
0xrinegade
opened on Jun 22, 2025

Background:
AEAMCP protocol must also support such usecase:

Theory of Operation:

  • Each request gota be signed by yo Solana wallet (Phantom, Solflare, whateva).
  • Server peeps the signature, recovers the publicKey and checks our registry on-chain (PDA/SPL token or custom Anchor program).
  • If wallet got that access entry on-chain, server say “come on in” (200 OK). Otherwise it say “hit the bricks” (403).

Goals:

  1. Stateless access control: no cookies, no sessions, straight wallet-based.
  2. Decentralized registry: all perms stored on Solana chain, so we keep it transparent and tamper-proof.
  3. Support borrow/lend: wallets can transfer or rent access rights to others on-chain.
  4. Easy dev integration: simple middleware, few lines in Express/Koa.

Plan & Phases:

  1. Design & Spec
    • Define canonical payload shape: { path, ts, nonce }.
    • Pick registry model: PDA per wallet+resource or SPL token mint per resource.
    • Draw sequence diagrams for the sign→verify→check flow.

  2. On-Chain Registry
    • Build Anchor program (or reuse SPL logic) to grant, revoke, transfer access entries.
    • Write tests (Anchor Mocha) and deploy to Devnet/Testnet.

  3. Server Middleware
    signatureAuth middleware to verify sig via web3.js/nacl.
    checkOnChainAccess() service to query PDA/SPL via RPC.
    • Cache results in Redis with short TTL.

  4. Protect Routes
    • Wrap protected endpoints (/api/secret, /api/data/*) with middleware.
    • Add integration tests simulating valid/invalid wallets.

  5. Frontend Support
    • Integrate Solana Wallet Adapter.
    • Build makePayload() + signPayload() utils.
    • Provide example fetch wrapper that attaches headers.

  6. Docs & Samples
    • README section with setup, env vars, code snippets.
    • Demo script or Postman collection.

  7. Security & Hardening
    • Nonce+timestamp replay protection.
    • Rate-limit signature endpoints.
    • Fallback RPC endpoints and retry logic.

High-Level Design Diagram:

flowchart LR
  subgraph Client
    A[Wallet Adapter]-->B[Signer]
    B-->C[Request Builder]
  end
  C-- HTTP -->D[Server Middleware]
  D-->E[Signature Verifier]
  E-->F[On-chain Checker]
  F-- RPC -->G[Solana Program/PDA]
  D-->H[Route Handlers]
  H-->I[Business Logic]
Loading

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions