Expose tester faucet in public RPC edge bundle

Author: FlowmemoryAI

apps/dashboard/public/data/flowchain-live-readiness-report.json

@@ -1,6 +1,6 @@
 {
   "schema": "flowchain.live_readiness_dashboard_report.v0",
-  "generatedAt": "2026-05-17T11:41:39.4118750Z",
+  "generatedAt": "2026-05-17T11:46:44.6421208Z",
   "status": "blocked",
   "deploymentReady": false,
   "packetShareable": false,
@@ -310,7 +310,7 @@
       "fileName": "public-deployment-contract-report.json",
       "schema": "flowchain.public_deployment_contract_report.v0",
       "status": "blocked",
-      "generatedAt": "2026-05-17T11:41:39.4118750Z"
+      "generatedAt": "2026-05-17T11:46:44.6421208Z"
     },
     {
       "fileName": "flowchain-live-infra-check-report.json",

docs/agent-runs/live-product-infra-rpc/PUBLIC_DEPLOYMENT_CONTRACT.md

@@ -1,6 +1,6 @@
 # FlowChain Public Deployment Contract
 
-Generated: 2026-05-17T11:41:39.4118750Z
+Generated: 2026-05-17T11:46:44.6421208Z
 Status: blocked
 Deployment ready: False
 Packet shareable: False

docs/agent-runs/live-product-infra-rpc/PUBLIC_RPC_DEPLOYMENT_BUNDLE.md

@@ -1,6 +1,6 @@
 # FlowChain Public RPC Deployment Bundle
 
-Generated: 2026-05-17T10:12:48.9521256Z
+Generated: 2026-05-17T11:43:59.8881590Z
 Status: passed
 
 This bundle packages placeholder-only files for an owner-operated HTTPS edge in front of the repo-owned private RPC origin `127.0.0.1:8787`.

docs/agent-runs/live-product-infra-rpc/PUBLIC_RPC_EDGE_TEMPLATE.md

@@ -1,6 +1,6 @@
 # FlowChain Public RPC Edge Template
 
-Generated: 2026-05-17T09:20:29.1430522Z
+Generated: 2026-05-17T11:43:38.6747459Z
 Status: passed
 
 FlowChain RPC is served by this repository on the private origin 127.0.0.1:8787. Public RPC means placing an owner-operated HTTPS edge in front of that origin.
@@ -16,8 +16,8 @@ This file contains placeholders only. Replace placeholders only on the owner hos
 | Public requests are rate-limited before they reach the private origin. | passed | template includes limit_req zone tied to FLOWCHAIN_RPC_RATE_LIMIT_PER_MINUTE |
 | Browser Origin headers and the edge-confirmed client address are forwarded so CORS and per-client rate limits can be enforced. | passed | template forwards Origin, Host, X-Forwarded-Proto, and sets X-Forwarded-For from the edge remote address |
 | Public /rpc dispatch is fail-closed to explicitly public-safe JSON-RPC read methods. | passed | origin enforces explicit allowlist and rejects transaction_submit, bridge_observation_submit, raw_json_get, and unknown methods |
-| The public edge does not proxy private write or admin routes; tester writes use the authenticated tester gateway only. | passed | template exposes /rpc, explicit read mirrors, and /tester/wallets/create/send; fallback location returns 404 |
-| Friends-and-family wallet creation and sends have a dedicated bearer-authenticated gateway with a send cap. | passed | origin requires FLOWCHAIN_TESTER_WRITE_* env names and bearer auth before /tester/wallets/create or /tester/wallets/send executes |
+| The public edge does not proxy private write or admin routes; tester writes use the authenticated tester gateway only. | passed | template exposes /rpc, explicit read mirrors, /tester/faucet, and /tester/wallets/create/send; fallback location returns 404 |
+| Friends-and-family wallet creation, faucet funding, and sends have a dedicated bearer-authenticated gateway with a unit cap. | passed | origin requires FLOWCHAIN_TESTER_WRITE_* env names and bearer auth before /tester/faucet, /tester/wallets/create, or /tester/wallets/send executes |
 | Oversized public request bodies are rejected before they reach the private origin. | passed | template sets client_max_body_size 256k and origin enforces 262144-byte JSON body cap |
 | Template stores placeholders and env names only. | passed | valuesPrinted=false |
 
@@ -68,7 +68,7 @@ server {
         proxy_read_timeout 60s;
     }
 
-    location ~ ^/tester/wallets/(create|send)$ {
+    location ~ ^/tester/(faucet|wallets/(create|send))$ {
         if ($request_method !~ ^(POST|OPTIONS)$) { return 405; }
         limit_req zone=flowchain_rpc_per_ip burst=5 nodelay;
         proxy_pass http://127.0.0.1:8787;
@@ -230,6 +230,7 @@ The origin only dispatches these public-safe JSON-RPC read methods through /rpc;
 
 These paths are for capped friends-and-family pilot sends only. The origin rejects them unless FLOWCHAIN_TESTER_WRITE_ENABLED=true, a bearer token matching FLOWCHAIN_TESTER_WRITE_TOKEN_SHA256 is provided, and FLOWCHAIN_TESTER_MAX_SEND_UNITS caps the send amount.
 
+- /tester/faucet
 - /tester/wallets/create
 - /tester/wallets/send
 

docs/agent-runs/live-product-infra-rpc/public-deployment-contract-report.json

@@ -1,6 +1,6 @@
 {
     "schema":  "flowchain.public_deployment_contract_report.v0",
-    "generatedAt":  "2026-05-17T11:41:39.4118750Z",
+    "generatedAt":  "2026-05-17T11:46:44.6421208Z",
     "status":  "blocked",
     "deploymentReady":  false,
     "packetShareable":  false,

docs/agent-runs/live-product-infra-rpc/public-rpc-deployment-bundle-report.json

@@ -1,6 +1,6 @@
 {
     "schema":  "flowchain.public_rpc_deployment_bundle_report.v2",
-    "generatedAt":  "2026-05-17T10:12:48.9521256Z",
+    "generatedAt":  "2026-05-17T11:43:59.8881590Z",
     "status":  "passed",
     "bundleDir":  "docs/agent-runs/live-product-infra-rpc/public-rpc-deployment-bundle",
     "flowChainRpcIsRepoOwned":  true,

docs/agent-runs/live-product-infra-rpc/public-rpc-deployment-bundle/bundle-checks.json

@@ -1,6 +1,6 @@
 {
     "schema":  "flowchain.public_rpc_deployment_bundle_checks.v1",
-    "generatedAt":  "2026-05-17T10:12:48.8411263Z",
+    "generatedAt":  "2026-05-17T11:43:59.7322103Z",
     "status":  "passed",
     "requiredPlaceholders":  [
                                  "\u003cFLOWCHAIN_RPC_PUBLIC_HOST\u003e",

docs/agent-runs/live-product-infra-rpc/public-rpc-deployment-bundle/nginx-flowchain-rpc.template.conf

@@ -42,7 +42,7 @@ server {
         proxy_read_timeout 60s;
     }
 
-    location ~ ^/tester/wallets/(create|send)$ {
+    location ~ ^/tester/(faucet|wallets/(create|send))$ {
         if ($request_method !~ ^(POST|OPTIONS)$) { return 405; }
         limit_req zone=flowchain_rpc_per_ip burst=5 nodelay;
         proxy_pass http://127.0.0.1:8787;

docs/agent-runs/live-product-infra-rpc/public-rpc-edge-template-report.json

@@ -1,6 +1,6 @@
 {
     "schema":  "flowchain.public_rpc_edge_template_report.v0",
-    "generatedAt":  "2026-05-17T09:20:29.1430522Z",
+    "generatedAt":  "2026-05-17T11:43:38.6747459Z",
     "status":  "passed",
     "edgeTemplateReady":  true,
     "flowChainRpcIsRepoOwned":  true,
@@ -123,6 +123,7 @@
                                   "/pilot/emergency-status"
                               ],
     "authenticatedTesterWritePaths":  [
+                                          "/tester/faucet",
                                           "/tester/wallets/create",
                                           "/tester/wallets/send"
                                       ],
@@ -170,13 +171,13 @@
                                  "id":  "edge-path-allowlist",
                                  "requirement":  "The public edge does not proxy private write or admin routes; tester writes use the authenticated tester gateway only.",
                                  "status":  "passed",
-                                 "evidence":  "template exposes /rpc, explicit read mirrors, and /tester/wallets/create|send; fallback location returns 404"
+                                 "evidence":  "template exposes /rpc, explicit read mirrors, /tester/faucet, and /tester/wallets/create|send; fallback location returns 404"
                              },
                              {
                                  "id":  "authenticated-tester-write-gateway",
-                                 "requirement":  "Friends-and-family wallet creation and sends have a dedicated bearer-authenticated gateway with a send cap.",
+                                 "requirement":  "Friends-and-family wallet creation, faucet funding, and sends have a dedicated bearer-authenticated gateway with a unit cap.",
                                  "status":  "passed",
-                                 "evidence":  "origin requires FLOWCHAIN_TESTER_WRITE_* env names and bearer auth before /tester/wallets/create or /tester/wallets/send executes"
+                                 "evidence":  "origin requires FLOWCHAIN_TESTER_WRITE_* env names and bearer auth before /tester/faucet, /tester/wallets/create, or /tester/wallets/send executes"
                              },
                              {
                                  "id":  "body-size-limit",
@@ -236,7 +237,7 @@
                           "        proxy_read_timeout 60s;",
                           "    }",
                           "",
-                          "    location ~ ^/tester/wallets/(create|send)$ {",
+                          "    location ~ ^/tester/(faucet|wallets/(create|send))$ {",
                           "        if ($request_method !~ ^(POST|OPTIONS)$) { return 405; }",
                           "        limit_req zone=flowchain_rpc_per_ip burst=5 nodelay;",
                           "        proxy_pass http://127.0.0.1:8787;",

docs/agent-runs/live-product-infra-rpc/public-rpc-validation-report.json

@@ -1,6 +1,6 @@
 {
     "schema":  "flowchain.public_rpc_validation_report.v0",
-    "generatedAt":  "2026-05-17T09:23:38.1211711Z",
+    "generatedAt":  "2026-05-17T11:46:33.0269536Z",
     "status":  "passed",
     "validationScope":  "local-control-plane-public-rpc-readiness-rehearsal",
     "publicRpcReady":  false,