Skip to content

Phase 14 étape 8 — Aperture residual cleanup#36

Merged
proofoftrust21 merged 5 commits intomainfrom
phase-14-step8-aperture-residual
Apr 24, 2026
Merged

Phase 14 étape 8 — Aperture residual cleanup#36
proofoftrust21 merged 5 commits intomainfrom
phase-14-step8-aperture-residual

Conversation

@proofoftrust21
Copy link
Copy Markdown
Owner

@proofoftrust21 proofoftrust21 commented Apr 24, 2026

Summary

  • Removes all remaining Aperture-related code, config, infra and docs after the 2026-04-23 sunset (Phase 14D.3.0). The L402 gate has run natively in Express (src/middleware/l402Native.ts) for 9 days without regression.
  • Drops apertureGateAuth middleware, APERTURE_SHARED_SECRET env var, PaymentRequiredError dead class; promotes satrank.conf.l402-native to the canonical infra/nginx/satrank.conf; archives cutover/rollback scripts to docs/archive/phase-14d/.
  • Verification: grep -rEn "aperture|Aperture|APERTURE" (excluding docs/archive/ and CHANGELOG.md) returns 0 matches.

Commit breakdown

  1. chore(middleware): remove apertureGateAuth middleware (post-sunset)auth.ts, route factories (agent/attestation/v2), app.ts, l402 integration tests
  2. chore(config): remove APERTURE_SHARED_SECRETconfig.ts, l402Bypass.test.ts, .env.example
  3. chore: scrub Aperture references in comments and tests — middlewares, utils, controllers, tests
  4. chore(infra): promote L402-native nginx config and archive cutover scripts — nginx config + README, .rsync-exclude, docker-compose.yml, archived scripts
  5. docs: archive SECURITY audit + document Aperture sunset completionCHANGELOG.md [Infrastructure] - 2026-04-24 entry, DEPLOY.md, SECURITY.md, SESSION-BRIEFING.md, docs/env.example.md, SECURITY audit archived

Test plan

  • npm run lint clean (tsc --noEmit)
  • npm test green — 1166 passed / 169 skipped / 99 test files
  • Repo grep returns 0 aperture matches outside archive/CHANGELOG
  • CI green on this PR
  • Post-merge: make deploy + docker rebuild+force-recreate
  • Post-merge: strip APERTURE_SHARED_SECRET from VM1 .env.production, remove aperture systemd unit + Go binary + /root/.aperture/ + sunset backup snapshot

@proofoftrust21
chore(middleware): remove apertureGateAuth middleware (post-sunset)
a5b8298 
Aperture L402 reverse proxy sunset 2026-04-23 (Phase 14D.3.0).
9 jours d'observation prod stable avec le gate L402 natif Express
(src/middleware/l402Native.ts). Retrait du code résiduel.

- src/middleware/auth.ts: supprime la fonction apertureGateAuth
  (50 lignes) et la classe PaymentRequiredError (dead code).
- src/routes/{agent,attestation,v2}.ts: remplace le default paidGate
  par noopMiddleware (app.ts passe toujours createL402Native explicite).
- src/app.ts: nettoie le commentaire obsolète sur le gate natif.
- src/tests/l402NativeIntegration.test.ts: renomme les describe blocks
  de 'feature flag OFF/ON' vers 'noop gate' / 'L402 gate actif'.
@proofoftrust21
chore(config): remove APERTURE_SHARED_SECRET
6fc3e02 
Aperture L402 reverse proxy sunset 2026-04-23 (Phase 14D.3.0).
Le secret partagé entre Aperture et Express n'a plus aucun
consommateur côté code — seul OPERATOR_BYPASS_SECRET reste
utilisé par le gate L402 natif.

- src/config.ts: retire APERTURE_SHARED_SECRET du schéma zod,
  du validateur prod, de la garde dev et de l'itération
  placeholders. Nettoie les commentaires Aperture résiduels.
- src/tests/l402Bypass.test.ts: retire les 2 entrées
  APERTURE_SHARED_SECRET des fixtures env.
- .env.example: retire la ligne APERTURE_SHARED_SECRET.
@proofoftrust21
chore: scrub Aperture references in comments and tests
cf04cc0 
Aperture L402 reverse proxy sunset 2026-04-23 (Phase 14D.3.0).
Les références restantes à Aperture dans les commentaires ou
la langue des tests n'ont plus aucun correspondant dans le code
runtime. Réécriture cosmétique pour que le vocabulaire reflète
la réalité (L402 natif Express).

- src/middleware/{balanceAuth,l402Native,probeRateLimit}.ts:
  remplace 'apertureGateAuth' par 'L402 native gate',
  'X-Aperture-Token' par 'X-Operator-Token',
  'Aperture auto-created' par 'auto-created legacy'.
- src/utils/{l402HeaderParser,macaroonHmac}.ts: retire les
  références Aperture dans les docstrings.
- src/controllers/{depositController,probeController}.ts:
  nettoie les commentaires obsolètes.
- src/tests/integration.test.ts, src/tests/probeController.test.ts,
  src/tests/archive/balanceAuth.test.ts: remplace le vocabulaire
  Aperture dans les descriptions de tests.
@proofoftrust21
chore(infra): promote L402-native nginx config and archive cutover sc…
0b4cf7e 
…ripts

Aperture L402 reverse proxy sunset 2026-04-23 (Phase 14D.3.0).
9 jours d'observation prod stable. Promotion du fichier nginx
canonique, archivage des scripts de migration one-shot et nettoyage
des références Aperture dans l'infra.

- infra/nginx/satrank.conf: fusionné depuis satrank.conf.l402-native
  (git mv -f), en-tête nettoyé ('SatRank nginx config, L402 native
  gate'), commande deploy mise à jour, paragraphe rollback retiré.
- infra/nginx/satrank.conf.l402-native: supprimé (promu ci-dessus).
- infra/nginx/README.md: réécrit pour décrire nginx comme simple
  reverse proxy, L402 natif Express.
- .rsync-exclude: retire la section legacy 'L402/Aperture config'.
- docker-compose.yml: nettoie le commentaire du bypass operator.
- scripts/{cutover,rollback}-l402-native.sh → docs/archive/phase-14d/:
  scripts one-shot de la migration archivés.
@proofoftrust21
docs: archive SECURITY audit + document Aperture sunset completion
d512800 
Aperture L402 reverse proxy sunset 2026-04-23 (Phase 14D.3.0).
Finalisation Phase 14 étape 8 — dernière passe sur la documentation
publique et introduction de l'entrée CHANGELOG [Infrastructure].

- CHANGELOG.md: entrée [Infrastructure] - 2026-04-24 documentant
  le retrait complet du middleware apertureGateAuth, du secret
  APERTURE_SHARED_SECRET, des scripts de cutover et du résiduel VM1.
- DEPLOY.md: retire APERTURE_SHARED_SECRET de la section secrets
  et de la table de rotation.
- SECURITY.md: nettoie la description de l'audit pre-sunset.
- SESSION-BRIEFING.md: reformule l'architecture de façade
  ('Nginx + L402 native Express' sans Aperture).
- docs/env.example.md: retire la section 'Legacy (required at boot only)'
  (APERTURE_SHARED_SECRET).
- SECURITY-AUDIT-2026-04-16-v2.md → docs/archive/: audit historique
  archivé.
@proofoftrust21 proofoftrust21 merged commit c473aa3 into main Apr 24, 2026
2 checks passed
@proofoftrust21 proofoftrust21 deleted the phase-14-step8-aperture-residual branch April 24, 2026 16:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@proofoftrust21