bypass docs.
A portal feature is not done until its kit-only bypass path is documented and verified working. This page is the portal-side mirror of oc-guardian-kit/BYPASS.md. Architectural commitment: a guardian operating purely via the kit is indistinguishable at the federation layer from one operating with the portal.
If you're reading this because something on the portal failed, broke, or you don't want to depend on it — every cell in the table below points to the kit-only command that does the same thing without the portal being online. Pick a row, run the command, ship.
| # | stage | portal path | kit-only equivalent |
|---|---|---|---|
| 01 | apply | /operator/apply form | oc-guardian apply prepare → email apply@ochk.io |
| 02 | onboard | WebAuthn key registration | oc-guardian init --hsm yubikey |
| 03 | discover | /operator/federations | oc-guardian federations list |
| 04 | join | portal "join" button | oc-guardian federations join <slug> |
| 05 | ceremony | portal-mediated DKG relay | oc-guardian ceremony start --peers <urls> |
| 06 | charter | in-portal WebAuthn signing | oc-guardian charter sign --file charter.md --hsm yubikey |
| 07 | run | portal install instructions | oc-guardian fedimintd run --config /etc/oc-guardian/config.toml |
| 08 | status | /me/operator dashboard | oc-guardian status |
| 09 | alerts in | /me/operator alerts feed | oc-guardian alerts subscribe <federation> |
| 10 | alerts out | portal "post update" | oc-guardian alerts post --severity warn ... |
| 11 | payouts | /me/operator payouts view | oc-guardian payouts list / claim |
| 12 | exit | portal exit-handoff coordinator | oc-guardian exit-handoff <replacement-pubkey> |
| 13 | forget | portal "delete account" | oc-guardian bridge disable + ignore the portal forever |
Every release runs a bypass test suite that exercises the kit-only path for each row above against a live test federation. The tests assert that the resulting envelopes, signatures, and on-the-wire protocol output are byte-for-byte identical to what the portal-mediated path produces. A release is blocked if any bypass test fails.
The PR template enforces the docs-side: any PR that touches a portal feature must update BYPASS.md in the same change. Review gate: bypass parity is a tested, enforced, first-class architectural property.
canonical BYPASS.md ↗