Delegated commit attestation backend #10
Description
Goal
Build backend service that attests to commits on behalf of users, so users don't pay gas for every commit.
Architecture
Agent/CLI Backend Chain
| | |
|-- POST /attest-commit --> | |
| {commitHash, repo} | |
| |-- Validate via GitHub --> |
| | (commit exists, |
| | author = registered) |
| | |
| |-- eas.attest() ---------> |
| | (verifier pays gas) |
| | |
| <-- {attestationUid} ---- | |
Components
1. Backend endpoint
POST /api/attest-commit- Input:
{ commitHash, repoOwner, repoName, branch? } - Auth: Must have registered identity (check attestation exists for sender)
2. Validation
- Call GitHub API to verify commit exists
- Extract commit author (email/username)
- Match author to registered identity in resolver
- Reject if mismatch or identity not registered
3. Attestation
- Construct attestation data per Contribution Schema
- Verifier wallet signs and submits
eas.attest() - Return attestation UID to caller
4. Rate limiting
- Per-identity limits to prevent spam
- Daily/hourly caps
- Potentially require staking or reputation threshold
Wallet Setup
- Verifier address:
0x0CA6A71045C26087F8dCe6d3F93437f31B81C138 - Needs ETH for gas (testnet: faucet; mainnet: fund from treasury)
- Private key in secure env var for backend
Schema
Contribution Schema UID: 0x7425c71616d2959f30296d8e013a8fd23320145b1dfda0718ab0a692087f8782
Open Questions
- Where to host backend? (Cloudflare Worker? Vercel? VPS?)
- Rate limit strategy?
- Should we batch attestations for gas efficiency?