Merge pull request #11 from commandlayer/codex/fix-boot-logic-and-key-matching-in-server.mjs

GsCommand · web-flow · commit 7c4dd46c0ea4 · 2026-02-22T18:46:01.000-05:00
[runtime] Fix DEV_AUTO_KEYS signer boot state and tighten public key env parsing
diff --git a/server.mjs b/server.mjs
@@ -294,7 +294,7 @@ function getPublicPemFromRaw32B64(b64) {
 function getPublicPemFromEnv() {
   const src = runtimeConfig.publicKeySource;
   if (!src) return null;
-  if (src.name.endsWith("_PUBLIC_KEY_B64")) {
+  if (src.name.endsWith("_PUBLIC_KEY_B64") || src.name.endsWith("_RAW32_B64")) {
     const raw = decodeB64Strict(src.value);
     if (!raw || raw.length !== 32) return null;
     runtimeConfig.publicKeyRaw32 = Buffer.from(raw);
@@ -325,6 +325,8 @@ function getPublicPemFromEnv() {
 }
 
 function assertBootConfigOrThrow() {
+  if (DEV_AUTO_KEYS) return;
+
   const missing = [];
   if (!runtimeConfig.signerId) missing.push("CL_RECEIPT_SIGNER_ID|RECEIPT_SIGNER_ID");
   if (!runtimeConfig.privateKeySource) missing.push("receipt signing private key env var");
@@ -452,6 +454,10 @@ function initializeSignerConfigOrThrow() {
     maybeEnableDevAutoKeys();
   }
 
+  if (activeSigner.privateKeyPem && activeSigner.publicKeyPem && activeSigner.source === "dev_auto_keys") {
+    signerBootState.errors = [];
+  }
+
   if (!activeSigner.privateKeyPem || !activeSigner.publicKeyPem) {
     signerBootState.errors.push(
       "Invalid signer config: provide RECEIPT_SIGNING_PRIVATE_KEY_PEM_B64 and RECEIPT_SIGNING_PUBLIC_KEY_B64 (or supported CL_/legacy aliases)"
@@ -469,6 +475,10 @@ function initializeSignerConfigOrThrow() {
     }
   }
 
+  console.log(
+    `[boot] signer_ok=${signerBootState.ok} signer_source=${activeSigner.source} kid=${runtimeConfig.kid} fp=${activeSigner.publicKeyFingerprint || "n/a"}`
+  );
+
   printEnsTxtValues({
     pubRaw32B64: activeSigner.publicKeyRaw32B64,
     kid: runtimeConfig.kid,
@@ -1328,13 +1338,7 @@ async function handleVerb(verb, req, res) {
       return res.json(receipt);
     } catch (signErr) {
       return respondSigningError(res, signErr);
-  
-
-    const receipt = makeReceipt({ x402, trace, result, status: "success", actor });
-    
-
-return res.json(receipt);
- eed1802 (Runtime: signer env standardization + ENS verify smoke)
+    }
   } catch (e) {
     const x402 = req.body?.x402 || { verb, version: "1.0.0", entry: `x402://${verb}agent.eth/${verb}/v1.0.0` };
 
@@ -1351,41 +1355,12 @@ return res.json(receipt);
       details: { verb },
     };
 
-<<<<<<< HEAD
     try {
       const receipt = makeReceipt({ x402, trace, status: "error", error: err, actor });
       return res.status(500).json(receipt);
     } catch (signErr) {
       return respondSigningError(res, signErr);
     }
-=======
-      let receipt;
-      try {
-        receipt = makeReceipt({ x402, trace, status: "error", error: err, actor });
-      } catch (e2) {
-        receipt = {
-          status: "error",
-          x402,
-          trace,
-          error: err,
-          metadata: {
-            proof: {
-              alg: "ed25519-sha256",
-              canonical: CANONICAL_ID_SORTED_KEYS_V1,
-              signer_id: SIGNER_ID,
-              kid: SIGNER_KID,
-              hash_sha256: null,
-              signature_b64: null,
-              note: "unsigned_error_receipt",
-            },
-            receipt_id: "",
-            ...(actor ? { actor } : {}),
-          },
-        };
-      }
-
-      return res.status(500).json(receipt);
->>>>>>> eed1802 (Runtime: signer env standardization + ENS verify smoke)
   }
 }
 
