Add external tester connect pack gate

Author: FlowmemoryAI

apps/dashboard/public/data/flowchain-live-readiness-report.json

@@ -1,15 +1,15 @@
 {
   "schema": "flowchain.live_readiness_dashboard_report.v0",
-  "generatedAt": "2026-05-17T20:55:41.2198531Z",
+  "generatedAt": "2026-05-17T21:22:58.9529031Z",
   "status": "blocked",
   "deploymentReady": false,
   "packetShareable": false,
   "blockedOnlyOnKnownExternalOwnerInputs": true,
   "summary": "Public launch is still blocked by owner-provided RPC edge, backup, Base 8453 bridge, or tester packet inputs.",
   "privateRpcUrl": "http://127.0.0.1:8787",
   "metrics": {
-    "latestHeight": "59881",
-    "finalizedHeight": "59881",
+    "latestHeight": "60281",
+    "finalizedHeight": "60281",
     "monitorHeightAdvanced": true,
     "bridgeRelayerStatus": "blocked",
     "bridgeQueuedTransactions": "0",
@@ -21,6 +21,7 @@
     "publicRpcDeploymentAutomationStatus": "passed",
     "publicRpcDeploymentAutomationAction": "Validate",
     "externalTesterPacketStatus": "blocked",
+    "externalTesterConnectPackStatus": "blocked",
     "ownerInputReady": false,
     "noSecretStatus": "passed",
     "opsSnapshotStatus": "blocked",
@@ -293,8 +294,17 @@
     "status": "blocked",
     "readinessStatus": "blocked",
     "packetStatus": "blocked",
+    "connectPackStatus": "blocked",
     "gatewayStatus": "passed",
     "shareable": false,
+    "connectPackShareable": false,
+    "connectPackReady": true,
+    "connectPackNetwork": {
+      "name": "FlowChain friends-and-family pilot",
+      "chainId": "flowmemory-local-devnet-v0",
+      "rpcEndpointPlaceholder": "<OWNER_PUBLIC_ENDPOINT>/rpc",
+      "explorerSummaryUrlPlaceholder": "<OWNER_PUBLIC_ENDPOINT>/explorer/summary"
+    },
     "externalSharingReady": false,
     "localTesterRehearsalReady": true,
     "publicTesterGatewayReady": true,
@@ -317,6 +327,21 @@
       "/tester/wallets/send",
       "/rpc balance_get"
     ],
+    "connectPackReadOnlyRoutes": [
+      "/health",
+      "/rpc/discover",
+      "/rpc/readiness",
+      "/chain/status",
+      "/explorer/summary",
+      "/wallets/balances",
+      "/wallets/transfers",
+      "/tester/status"
+    ],
+    "connectPackTesterWriteRoutes": [
+      "/tester/wallets/create",
+      "/tester/faucet",
+      "/tester/wallets/send"
+    ],
     "gatewayRoutes": [
       "/tester/status",
       "/tester/wallets/create",
@@ -455,7 +480,7 @@
       "label": "Private L1 origin",
       "status": "passed",
       "summary": "The public deployment origin service is running privately in live profile before any owner TLS edge is considered shareable.",
-      "evidence": "serviceStatus=passed, privateBind=True, latestHeight=59881, finalizedHeight=59881",
+      "evidence": "serviceStatus=passed, privateBind=True, latestHeight=60281, finalizedHeight=60281",
       "commands": [
         "npm run flowchain:service:status"
       ],
@@ -592,8 +617,8 @@
       "id": "external-tester-sharing",
       "label": "External tester packet",
       "status": "blocked",
-      "summary": "External tester packet must remain not-shareable until owner public RPC, backup, and bridge gates pass, and it must rely on fresh tester-wallet evidence plus authenticated tester faucet/send gateway smoke.",
-      "evidence": "externalTester=blocked, localTesterRehearsalReady=True, testerNetworkFresh=True, publicTesterGatewayReady=True, faucetRoute=True, packetSmoke=True, testerFaucet=True, capRejected=True, externalSharingReady=False, packet=blocked, packetShareable=False",
+      "summary": "External tester packet and machine-readable connection pack must remain not-shareable until owner public RPC, backup, and bridge gates pass, and they must rely on fresh tester-wallet evidence plus authenticated tester faucet/send gateway smoke.",
+      "evidence": "externalTester=blocked, localTesterRehearsalReady=True, testerNetworkFresh=True, publicTesterGatewayReady=True, faucetRoute=True, packetSmoke=True, testerFaucet=True, capRejected=True, connectPackReady=True, externalSharingReady=False, packet=blocked, packetShareable=False",
       "commands": [
         "npm run flowchain:tester:readiness",
         "npm run flowchain:external-tester:packet"
@@ -674,19 +699,19 @@
       "fileName": "public-deployment-contract-report.json",
       "schema": "flowchain.public_deployment_contract_report.v0",
       "status": "blocked",
-      "generatedAt": "2026-05-17T20:55:41.2198531Z"
+      "generatedAt": "2026-05-17T21:22:58.9529031Z"
     },
     {
       "fileName": "flowchain-live-infra-check-report.json",
       "schema": "flowchain.live_infra_check_report.v0",
       "status": "blocked",
-      "generatedAt": "2026-05-17T19:03:14.8669292Z"
+      "generatedAt": "2026-05-17T21:22:39.5560846Z"
     },
     {
       "fileName": "service-status-report.json",
       "schema": "flowchain.service_status_report.v0",
       "status": "passed",
-      "generatedAt": "2026-05-17T20:49:54.2260543Z"
+      "generatedAt": "2026-05-17T21:21:58.9222250Z"
     },
     {
       "fileName": "service-monitor-report.json",
@@ -710,13 +735,13 @@
       "fileName": "public-rpc-readiness-report.json",
       "schema": "flowchain.public_rpc_readiness_report.v0",
       "status": "blocked",
-      "generatedAt": "2026-05-17T19:02:05.5015285Z"
+      "generatedAt": "2026-05-17T21:21:24.3599349Z"
     },
     {
       "fileName": "backup-readiness-report.json",
       "schema": "flowchain.backup_readiness_report.v1",
       "status": "blocked",
-      "generatedAt": "2026-05-17T19:03:08.3142430Z"
+      "generatedAt": "2026-05-17T21:22:32.2350583Z"
     },
     {
       "fileName": "backup-owner-path-dry-run-report.json",
@@ -728,7 +753,7 @@
       "fileName": "bridge-relayer-once-report.json",
       "schema": "flowchain.bridge_relayer_once_report.v0",
       "status": "blocked",
-      "generatedAt": "2026-05-17T19:03:13.1875436Z"
+      "generatedAt": "2026-05-17T21:22:37.6163884Z"
     },
     {
       "fileName": "bridge-relayer-guardrail-validation-report.json",
@@ -746,19 +771,25 @@
       "fileName": "external-tester-packet-report.json",
       "schema": "flowchain.external_tester_packet_report.v0",
       "status": "blocked",
-      "generatedAt": "2026-05-17T19:03:17.4700900Z"
+      "generatedAt": "2026-05-17T21:22:42.4548904Z"
+    },
+    {
+      "fileName": "external-tester-connect-pack.json",
+      "schema": "flowchain.external_tester_connect_pack.v0",
+      "status": "blocked",
+      "generatedAt": "2026-05-17T21:22:42.4548904Z"
     },
     {
       "fileName": "external-tester-readiness-report.json",
       "schema": "flowchain.external_tester_readiness_report.v0",
       "status": "blocked",
-      "generatedAt": "2026-05-17T19:03:15.6449467Z"
+      "generatedAt": "2026-05-17T21:22:40.3787817Z"
     },
     {
       "fileName": "public-tester-gateway-e2e-report.json",
       "schema": "flowchain.public_tester_gateway_e2e_report.v0",
       "status": "passed",
-      "generatedAt": "2026-05-17T18:49:41.2441905Z"
+      "generatedAt": "2026-05-17T21:06:45.7544746Z"
     },
     {
       "fileName": "ops-snapshot-report.json",
@@ -794,13 +825,13 @@
       "fileName": "owner-inputs-report.json",
       "schema": "flowchain.owner_inputs_report.v0",
       "status": "blocked",
-      "generatedAt": "2026-05-17T19:03:16.8786801Z"
+      "generatedAt": "2026-05-17T21:22:41.6153505Z"
     },
     {
       "fileName": "no-secret-scan-report.json",
       "schema": "flowchain.no_secret_scan_report.v0",
       "status": "passed",
-      "generatedAt": "2026-05-17T19:31:27.0642221Z"
+      "generatedAt": "2026-05-17T21:22:39.2390748Z"
     }
   ],
   "envValuesPrinted": false,

apps/dashboard/scripts/sync-fixtures.mjs

@@ -48,6 +48,7 @@ const liveReadinessReportCopies = [
   "bridge-relayer-guardrail-validation-report.json",
   "bridge-relayer-loop-validation-report.json",
   "external-tester-packet-report.json",
+  "external-tester-connect-pack.json",
   "external-tester-readiness-report.json",
   "public-tester-gateway-e2e-report.json",
   "ops-snapshot-report.json",
@@ -190,6 +191,7 @@ function writeLiveReadinessSummary() {
   const publicRpcDeploymentBundle = reports["public-rpc-deployment-bundle-report.json"];
   const publicRpcDeploymentAutomation = reports["public-rpc-deployment-automation-report.json"];
   const externalTesterPacket = reports["external-tester-packet-report.json"];
+  const externalTesterConnectPack = reports["external-tester-connect-pack.json"];
   const externalTesterReadiness = reports["external-tester-readiness-report.json"];
   const publicTesterGateway = reports["public-tester-gateway-e2e-report.json"];
   const opsSnapshot = reports["ops-snapshot-report.json"];
@@ -216,6 +218,7 @@ function writeLiveReadinessSummary() {
     name,
     group: ownerInputGroup(name),
   }));
+  const connectPackCheckValues = Object.values(externalTesterPacket?.connectPackChecks ?? {});
   const latestHeight = asText(serviceStatus?.chain?.latestHeight, "not recorded");
   const finalizedHeight = asText(serviceStatus?.chain?.finalizedHeight, "not recorded");
   const privateRpcUrl = serviceStatus?.bind
@@ -253,6 +256,7 @@ function writeLiveReadinessSummary() {
       publicRpcDeploymentAutomationStatus: asText(publicRpcDeploymentAutomation?.status, "not recorded"),
       publicRpcDeploymentAutomationAction: asText(publicRpcDeploymentAutomation?.action, "not recorded"),
       externalTesterPacketStatus: asText(externalTesterPacket?.status, "not recorded"),
+      externalTesterConnectPackStatus: asText(externalTesterConnectPack?.status, "not recorded"),
       ownerInputReady: ownerInputs?.ownerInputReady === true,
       noSecretStatus: asText(noSecretScan?.status, "not recorded"),
       opsSnapshotStatus: asText(opsSnapshot?.status, "not recorded"),
@@ -311,8 +315,17 @@ function writeLiveReadinessSummary() {
       status: asText(externalTesterPacket?.status ?? externalTesterReadiness?.status, "not recorded"),
       readinessStatus: asText(externalTesterReadiness?.status, "not recorded"),
       packetStatus: asText(externalTesterPacket?.status, "not recorded"),
+      connectPackStatus: asText(externalTesterConnectPack?.status, "not recorded"),
       gatewayStatus: asText(publicTesterGateway?.status, "not recorded"),
       shareable: externalTesterPacket?.packetShareable === true,
+      connectPackShareable: externalTesterPacket?.connectPackShareable === true || externalTesterConnectPack?.shareable === true,
+      connectPackReady: connectPackCheckValues.length > 0 && connectPackCheckValues.every((value) => value === true),
+      connectPackNetwork: {
+        name: sanitizeText(externalTesterConnectPack?.network?.name),
+        chainId: sanitizeText(externalTesterConnectPack?.network?.chainId),
+        rpcEndpointPlaceholder: sanitizeText(externalTesterConnectPack?.network?.rpcEndpointPlaceholder),
+        explorerSummaryUrlPlaceholder: sanitizeText(externalTesterConnectPack?.network?.explorerSummaryUrlPlaceholder),
+      },
       externalSharingReady: externalTesterReadiness?.externalSharingReady === true || externalTesterPacket?.externalSharingReady === true,
       localTesterRehearsalReady: externalTesterReadiness?.localTesterRehearsalReady === true,
       publicTesterGatewayReady: externalTesterReadiness?.checks?.publicTesterGatewayReady === true,
@@ -321,6 +334,8 @@ function writeLiveReadinessSummary() {
       faucetRouteValidated: externalTesterReadiness?.checks?.publicTesterGatewayFaucetRouteValidated === true,
       packetExecutableSmokeValidated: externalTesterPacket?.packetExecutableSmokeValidated === true || externalTesterReadiness?.checks?.packetExecutableSmokeValidated === true,
       packetSmokeRoutes: asArray(externalTesterPacket?.packetSmokeRoutes).map((route) => sanitizeText(route)),
+      connectPackReadOnlyRoutes: asArray(externalTesterConnectPack?.endpoints?.readOnlyRoutes).map((route) => sanitizeText(route)),
+      connectPackTesterWriteRoutes: asArray(externalTesterConnectPack?.endpoints?.testerWriteRoutes).map((route) => sanitizeText(route)),
       gatewayRoutes: asArray(publicTesterGateway?.routes).map((route) => sanitizeText(route)),
       ownerInputGroups: Object.fromEntries(
         recordEntries(

docs/agent-runs/live-product-infra-rpc/ARCHITECTURE_AUDIT.md

@@ -1,6 +1,6 @@
 # FlowChain Architecture Audit
 
-Generated: 2026-05-17T20:55:47.3747253Z
+Generated: 2026-05-17T21:22:59.1109076Z
 Status: blocked
 Blocked only on known external owner inputs: True
 
@@ -22,7 +22,7 @@ Blocked only on known external owner inputs: True
 
 | Layer | Requirement | Status | Evidence |
 | --- | --- | --- | --- |
-| L1 runtime | The block-producing node and service lifecycle are separated from RPC, run in live profile, and expose fresh state evidence. | passed | serviceStatus=passed, liveProfile=True, maxBlocks=0, nodeRunning=True, controlPlaneRunning=True, latestHeight=59881, finalizedHeight=59881 |
+| L1 runtime | The block-producing node and service lifecycle are separated from RPC, run in live profile, and expose fresh state evidence. | passed | serviceStatus=passed, liveProfile=True, maxBlocks=0, nodeRunning=True, controlPlaneRunning=True, latestHeight=60281, finalizedHeight=60281 |
 | Operations | Operations has explicit status, monitor, ops snapshot, scheduled alert refresh, alert rules, escalation dry run, incident drills, and emergency controls that classify incidents separately from owner-input blockers. | passed | monitorStatus=passed, samples=2, heightAdvanced=True, supervisorValidation=passed, supervisorRestartAttempts=1, opsSnapshot=blocked, criticalCount=0, alertRules=passed, alertInstall=passed, alertInstallFailedChecks=0, escalationDryRun=passed, escalationFailedChecks=0, criticalRules=9, blockedRules=6, unmappedAlerts=0, incidentDrill=passed, incidentCases=10, incidentFailed=0 |
 | Operations | Owner-host service lifecycle includes a no-secret Windows Scheduled Task install, status, and uninstall path for reboot-persistent live supervisor autorecovery. | passed | installValidation=passed, failedChecks=0, planDidNotMutate=True, liveProfileDefault=True, relayerDefaultOff=True, relayerOptIn=True, schedulerCmdlets=True |
 | RPC/API | The control-plane API has explicit health/discovery/readiness/CORS/rate-limit validation and abuse rejection before it can be exposed publicly. | passed | validationStatus=passed, corsAllowed=True, corsRejected=True, endpointChecks=True, rateLimitProbe=True, rateLimitRejected=True, rateLimitRetryAfter=True, responseHygiene=True, abuseStatus=passed, abusePassed=True, abuseMissingChecks=0 |
@@ -41,9 +41,9 @@ Blocked only on known external owner inputs: True
 | Governance/safety | Owner signup checklist maps public RPC edge, tester write token/cap, always-on host, backup storage, Base 8453 RPC, bridge details, and local env-file setup to exact owner actions without requesting secrets. | passed | signupStatus=passed, itemCount=9, externalSignupCount=3, missingCoverage=0, repoOwned=True, localEnvFileSupported=True |
 | Security | Architecture reports and live-readiness commands preserve the no-secret and no-live-broadcast safety boundary. | passed | noSecretStatus=passed, liveProductNoLiveBroadcast=True, liveProductEnvValuesPrinted=False, baseTxBroadcasts=False, devPackNoSecrets=True |
 | Developer ecosystem | Developer SDK/devkit and docs connect to the real FlowChain RPC, generate a live RPC reference, read wallet data, submit a runtime-backed local wallet send, and fail closed for public readiness. | passed | devPackStatus=passed, methodCount=79, heights=43368->43369, report=E:\FlowMemory\flowmemory-live-infra-rpc\docs\agent-runs\live-product-dev-pack\dev-pack-e2e-report.json |
-| External tester launch | Friends-and-family tester sharing requires fresh tester-wallet evidence and executable packet-route smoke, and remains blocked until public RPC, backup, and Base bridge gates pass. | blocked | externalTester=blocked, testerNetworkFresh=True, packet=blocked, packetShareable=False, packetSmoke=True, smokeRoutes=13, externalSharingReady=False |
+| External tester launch | Friends-and-family tester sharing requires fresh tester-wallet evidence, executable packet-route smoke, and a machine-readable connection pack, and remains blocked until public RPC, backup, and Base bridge gates pass. | blocked | externalTester=blocked, testerNetworkFresh=True, packet=blocked, packetShareable=False, packetSmoke=True, smokeRoutes=13, connectPackReady=True, externalSharingReady=False |
 | External tester launch | Public tester write gateway has a local production-shaped E2E proof for bearer auth, public-only wallet creation, capped wallet sends, balance settlement, and over-cap rejection. | passed | gatewayStatus=passed, configured=True, transferAccepted=True, capRejected=True, report=E:\FlowMemory\flowmemory-live-infra-rpc\docs\agent-runs\live-product-infra-rpc\public-tester-gateway-e2e-report.json |
-| Verification | Product-level verification composes runtime, RPC, wallets, public tester gateway, bridge, backup, public deployment contract, executable external tester packet smoke, developer dev-pack, and completion evidence into one auditable path. | passed | liveInfra=blocked, liveProduct=blocked, externalTester=blocked, testerNetworkFresh=True, externalTesterPacket=blocked, packetSmoke=True, publicTesterGateway=passed, devPack=passed |
+| Verification | Product-level verification composes runtime, RPC, wallets, public tester gateway, bridge, backup, public deployment contract, executable external tester packet smoke, developer dev-pack, and completion evidence into one auditable path. | passed | liveInfra=blocked, liveProduct=blocked, externalTester=blocked, testerNetworkFresh=True, externalTesterPacket=blocked, packetSmoke=True, connectPackReady=True, publicTesterGateway=passed, devPack=passed |
 
 ## Data Flows