Mediator REST API skeleton
FastAPI reference implementation of the AWAP v0.1 ledger service per spec §11.
Endpoints
| Method | Path | Purpose |
|---|---|---|
GET |
/healthz |
Liveness probe |
POST |
/attest |
Validate + persist a signed attestation |
GET |
/verify/{attestation_id} |
Fetch + verify an attestation |
GET |
/agent/{agent_id}/score |
Agent reputation score (cached or live-computed) |
All endpoints reject:
- Missing structural fields per spec §3
- Unsupported version per spec §2
- Failed canonical round-trip per spec §2
- Failed Ed25519 signature per spec §4
- Unresolvable
signature.key_idper spec §6 (skeleton: onlysha256:fingerprints from local registry)
Run locally
cd ~/mediator/lib/python && source .venv/bin/activate
cd ~/mediator/lib/api
PYTHONPATH=. uvicorn app.main:app --reload --port 8765
Then hit http://localhost:8765/docs for the OpenAPI swagger UI.
Tests
cd ~/mediator/lib/api
source ~/mediator/lib/python/.venv/bin/activate
PYTHONPATH=. python -m pytest tests/ -v
7 tests: healthz, attest+verify roundtrip, tamper rejection, unknown-key rejection, 404 paths, agent scoring, agent 404.
Env vars
MEDIATOR_DB_PATH— SQLite path, default~/mediator/lib/ledger/mediator-dev.dbMEDIATOR_KEY_REGISTRY—keys.jsonregistry path, default~/mediator/lib/api/keys.json
Production gaps
This is a skeleton. Before going public:
- Replace local fingerprint registry with the multi-modal resolver (DNS/DID/HTTPS/fingerprint)
- Migrate from SQLite to Postgres (psycopg + connection pool)
- Add per-epoch Merkle batching + root publication (write
epochstable) - Add JSON-Schema enforcement against
~/mediator/spec/attestation-v0.1.schema.json - Add auth + rate limiting on
POST /attest - Add idempotency by
attestation_id(currently relies on PK to reject duplicates → returns 409 instead of dedup) - Plug the proprietary reputation scoring weights (current
score = success_rate × √nis a placeholder)