{"id":50745515,"url":"https://github.com/edycutjong/wardix","last_synced_at":"2026-06-10T20:30:35.055Z","repository":{"id":363066776,"uuid":"1261841270","full_name":"edycutjong/wardix","owner":"edycutjong","description":"🔑 IAM and governance console for Terminal 3 Agent Auth. Grant, monitor, and revoke agent scopes natively with TEE attested audit trails.","archived":false,"fork":false,"pushed_at":"2026-06-07T08:39:47.000Z","size":3503,"stargazers_count":0,"open_issues_count":9,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-07T10:15:32.815Z","etag":null,"topics":["agent-auth","cybersecurity","dorahacks","hackathon","iam","nextjs","react","tee","terminal-3"],"latest_commit_sha":null,"homepage":"https://wardix.edycu.dev","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/edycutjong.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2026-06-07T08:12:52.000Z","updated_at":"2026-06-07T08:39:51.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/edycutjong/wardix","commit_stats":null,"previous_names":["edycutjong/wardix"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/edycutjong/wardix","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/edycutjong%2Fwardix","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/edycutjong%2Fwardix/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/edycutjong%2Fwardix/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/edycutjong%2Fwardix/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/edycutjong","download_url":"https://codeload.github.com/edycutjong/wardix/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/edycutjong%2Fwardix/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34170162,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-10T02:00:07.152Z","response_time":89,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agent-auth","cybersecurity","dorahacks","hackathon","iam","nextjs","react","tee","terminal-3"],"created_at":"2026-06-10T20:30:34.407Z","updated_at":"2026-06-10T20:30:35.050Z","avatar_url":"https://github.com/edycutjong.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n  \u003cimg src=\"public/icon.svg\" alt=\"Wardix\" width=\"120\" height=\"120\"\u003e\n\n  \u003ch1\u003eWardix 🔑\u003c/h1\u003e\n  \u003cp\u003e\u003cem\u003eIAM \u0026 Control Plane for Delegated AI Agents\u003c/em\u003e\u003c/p\u003e\n  \u003cimg src=\"docs/readme-hero.png\" alt=\"Wardix\" width=\"100%\"\u003e\n\n  \u003cbr/\u003e\n\n  [![Live Demo](https://img.shields.io/badge/🚀_Live-Demo-06b6d4?style=for-the-badge)](https://wardix.edycu.dev)\n  [![Pitch Video](https://img.shields.io/badge/🎬_Pitch-Video-ef4444?style=for-the-badge)](https://youtu.be/aYhjJqaob7c)\n  [![Built for DoraHacks](https://img.shields.io/badge/DoraHacks-T3_ADK_Bounty_Challenge-8b5cf6?style=for-the-badge)](https://dorahacks.io/hackathon/t3adkdevchallengebeta)\n  [![BUIDL](https://img.shields.io/badge/DoraHacks-BUIDL_%2344424-22c55e?style=for-the-badge)](https://dorahacks.io/buidl/44424)\n  \u003cbr/\u003e\n\n  ![Next.js](https://img.shields.io/badge/Next.js_16-black?style=flat\u0026logo=next.js)\n  ![TypeScript](https://img.shields.io/badge/TypeScript-3178C6?style=flat\u0026logo=typescript\u0026logoColor=white)\n  ![Terminal 3](https://img.shields.io/badge/Terminal_3_ADK-3ECF8E?style=flat)\n  [![CI/CD Pipeline](https://github.com/edycutjong/wardix/actions/workflows/ci.yml/badge.svg)](https://github.com/edycutjong/wardix/actions/workflows/ci.yml)\n\n\u003c/div\u003e\n\n---\n\n\u003e **Emotional Hook:** At 3am, Sam — the lone ops engineer at a 12-person fintech — got paged: their payroll-running AI agent, fed a poisoned cycle file, tried to push a disbursement it was never authorized to make. It didn't clear — because the grant behind it was scoped, capped, and revocable. Nobody had been managing those grants. Wardix is the control plane that issues, watches, and revokes them.\n\n---\n\n## 🎬 Submission Details\n\n- **GitHub Repository**: [github.com/edycutjong/wardix](https://github.com/edycutjong/wardix)\n- **Live Console**: [wardix.edycu.dev](https://wardix.edycu.dev)\n- **Demo Video**: [https://youtu.be/aYhjJqaob7c](https://youtu.be/aYhjJqaob7c)\n- **Real testnet demo**: `npm run demo:real` — four live verdicts from `tee:delegation` / `tee:payroll`\n- **Sponsor Bounty tracks**:\n  1. **Best Agent utilizing Terminal 3 Agent Auth SDK ($300)** (Primary)\n  2. **Bug Discover Bounty ($200)** (Verified findings in [BUGS.md](docs/BUGS.md))\n\n---\n\n## 💡 The Problem\n\nEnterprises are handing real authority to AI agents that run jobs and move money. But there's no IAM for agentic workflows. Who did the org delegate, to which agent, for which functions, until when — and how do you revoke a compromised agent *right now* and prove it? A prompt-injected agent shouldn't be able to act outside its grant, and someone needs to manage those grants.\n\n## 🛡️ The Solution: Wardix\n\nTerminal 3's enforcement primitive is the **User-to-Agent Delegation Credential**: a principal signs a scoped, capped, time-boxed grant authorizing a specific agent (by its secp256k1 public key) to call specific `functions` on a contract; the agent signs each invocation; the deployed contract verifies the whole chain **inside an Intel TDX enclave** and runs the action only if every check passes.\n\n**Wardix** is a `did:t3n` control plane built on `@terminal3/t3n-sdk` that makes that primitive operable:\n\n1. **Grant**: Issues a real delegation credential via the TEE custodial signer (`tee:delegation/contracts::sign`) — scoped functions + validity window.\n2. **Invoke**: Submits a real delegated invocation to the deployed `tee:payroll` contract and surfaces the contract's own verdict.\n3. **Revoke**: `tee:delegation/contracts::revoke` — the agent's next call is denied immediately.\n4. **Observe**: Records every allow/deny with the live node's `request_id` in the console verdict feed.\n\nEvery verdict below is the real contract's, captured live from testnet:\n\n| Scenario | Verdict | Reason (from `tee:delegation`) |\n|---|---|---|\n| In-scope call, valid grant | ✅ allow | `authorized by tee:delegation` |\n| Function not in the grant | ❌ deny | `function_not_allowed` |\n| After on-chain revoke | ❌ deny | `credential_revoked` |\n| Grant past its window | ❌ deny | `Expired` |\n\nRun it yourself: `npm run demo:real` (needs a funded `T3N_SANDBOX_TOKEN`).\n\n---\n\n## 🖼️ The Console\n\n\u003cdiv align=\"center\"\u003e\n\n| In-scope call → ✅ allow | Out-of-scope call → ❌ deny | Revoked / expired → ❌ deny |\n|:---:|:---:|:---:|\n| \u003cimg src=\"docs/screenshots/demo-allow.png\" width=\"100%\"\u003e | \u003cimg src=\"docs/screenshots/demo-deny-scope.png\" width=\"100%\"\u003e | \u003cimg src=\"docs/screenshots/demo-deny-revoke.png\" width=\"100%\"\u003e |\n\n*Every verdict is the `tee:delegation` contract's own decision, returned live from testnet with a real `request_id`.*\n\n\u003c/div\u003e\n\n---\n\n## ⚙️ Architecture\n\n```mermaid\ngraph TD\n    W[\"Wardix control plane (did:t3n)\"] --\u003e|\"signCustodial\"| D[\"tee:delegation/contracts\\n verify cred + agent sig\"]\n    W --\u003e|\"revokeDelegation\"| D\n    A[\"Agent (delegated invocation)\"] --\u003e|\"executeAndDecode\"| D\n    D --\u003e|\"in-scope / not revoked / not expired\"| P[\"tee:payroll/contracts\\n run function\"]\n    D --\u003e|\"function_not_allowed / credential_revoked / Expired\"| X[\"deny\"]\n    P --\u003e C[\"Wardix console (verdict feed)\"]\n    X --\u003e C\n```\n\n### Terminal 3 SDK surface used (real)\n- **`tee:delegation/contracts`**: `sign` (issue grant) + `revoke` — the agent-auth core.\n- **`tee:payroll/contracts`**: the scoped delegated target (`compute-payroll`, `execute-disbursement`, …).\n- **`tee:user/contracts`**: `did:t3n` identity + TEE-managed wallet.\n- **Auth**: `handshake` → `authenticate(createEthAuthInput)`; custodial signing via `DelegationCustodialClient`.\n- **Attestation**: `verifyTdxQuote` / `verifyDkgAttestation` (Intel TDX).\n\n---\n\n## 🚀 Getting Started\n\n### Prerequisites\n- Node.js \u003e= 18\n\n### Installation\n```bash\n# Clone the repository\ngit clone https://github.com/edycutjong/wardix.git\ncd wardix\n\n# Install dependencies\nnpm install\n```\n\n### Environment Setup\nCopy the example environment file:\n```bash\ncp .env.example .env.local\n```\nThen set `T3N_SANDBOX_TOKEN` to a **funded testnet dev tenant private key** (claim one from the Terminal 3 Sandbox portal). This same key acts as the org + agent in the demo. See `.env.example` for `T3N_ENV`, `T3N_LIVE`, and the pinned `T3N_PAYROLL_VERSION`.\n\n### Running the Real Testnet Demo\nIssue a real delegation grant and submit real delegated invocations to the live `tee:payroll` contract — printing four contract-issued verdicts (allow / out-of-scope / revoked / expired), each with a node `request_id`:\n```bash\nnpm run demo:real\n```\n\n### Live Verification Endpoint (opt-in)\nWith `T3N_LIVE=1` and a funded token set, `POST /api/verify` runs the same real flow through the app:\n```bash\ncurl -s -X POST http://localhost:3000/api/verify \\\n  -H 'Content-Type: application/json' \\\n  -d '{\"functions\":[\"compute-payroll\"],\"call\":\"execute-disbursement\"}'\n# → { \"verdict\":\"deny\", \"reason\":\"function_not_allowed…\", \"requestId\":\"…\" }\n```\n\n### Running Test Suite (19 Tests)\nRun the Vitest suite (UI, the live `/api/verify` route, and adapter verdict classification):\n```bash\nnpx vitest run\n```\n\n### Launching the Dashboard Console\nRun the Next.js development server:\n```bash\nnpm run dev\n```\nOpen [http://localhost:3000](http://localhost:3000) to view the live dashboard.\n\n---\n\n## 🧪 Testing \u0026 CI\n\n**6-stage pipeline:** Quality → Security → Build → E2E → Performance → Deploy\n\n```bash\n# ── Code Quality ────────────────────────────\nnpm run lint          # ESLint\nnpm run typecheck     # TypeScript check\nnpm run test          # Run tests\nnpm run test:coverage # Coverage report\nnpm run ci            # Full quality gate\n\n# ── Advanced Testing ────────────────────────\nnpm run e2e           # Playwright E2E tests\nnpm run e2e:ui        # Playwright interactive mode\nnpm run lighthouse    # Lighthouse CI audit\n\n# ── Security ────────────────────────────────\nnpm audit                          # dependency vulnerabilities\nnpx license-checker --production    # license compliance\n```\n\n| Layer | Tool | Status |\n|---|---|---|\n| Code Quality | ESLint + TypeScript | ✅ |\n| Unit Testing | Vitest (19 tests) | ✅ |\n| E2E Testing | Playwright (3 suites) | ✅ |\n| Security (SAST) | CodeQL | ✅ |\n| Security (SCA) | Dependabot + npm audit | ✅ |\n| Secret Scanning | TruffleHog | ✅ |\n| Performance | Lighthouse CI | ✅ |\n\n---\n\n## 🐞 Feedback \u0026 Bugs\nDetailed ADK feedback and documentation recommendations are available in [BUGS.md](docs/BUGS.md).\n\n## 📄 License\nThis project is licensed under the [MIT License](LICENSE) © 2026 Edy Cu.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fedycutjong%2Fwardix","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fedycutjong%2Fwardix","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fedycutjong%2Fwardix/lists"}