What identity looks like in code
Two layers — the oracle’s persistent identity, set once at boot via env vars; and per-user identity, validated on every request via UCAN headers.OracleConfig type lives in packages/oracle-runtime/src/plugin-api/types.ts — plugins read the resolved identity off ctx.identity (a OracleIdentity).
One-time oracle setup
1
Run the CLI to create the oracle's on-chain entity and Matrix account
did:ixo:entity:...), registers linked resources, provisions a Matrix bot account, and writes both oracle.config.json and .env. Run once per deployment — subsequent deploys reuse the identity.create-entity registers --api-url http://localhost:4000 by default, but the runtime’s own default PORT is 3000 (the example above pins the URL to :3000 to match). If you take the default URL instead, make your oracle reachable at it: either set PORT=4000 in .env, or change the registered URL later with qiforge-cli update-oracle-api-url.2
Provision the encryption key for per-room secrets
3
Verify .env has every identity var
After CLI setup, The runtime validates all of these at boot via
.env contains the core identity vars validated by baseEnvSchema:baseEnvSchema; missing vars fail with a clear message.Two auth-tuning vars have safe defaults — set them only to override:UCAN_AUTH_MAX_TTL_SECONDS bounds the replay window server-side regardless of the TTL the client declares; UCAN_REAUTH_PROMPT_THROTTLE_SECONDS keeps a de-authorized user from being nagged on every message.What the runtime loads on boot
After Matrix init completes in the background, the runtime reads two further pieces of secret material from the oracle’s Matrix account room:- UCAN signing mnemonic — used by
UcanServiceto mint downstream-service invocations. - P-256 encryption key — used by
SecretsServiceto decrypt per-room secrets.
/, /health, /docs, any host or plugin authExcludedRoutes) stay reachable.
Per-request user auth
Two distinct concerns, two distinct artifacts —AuthHeaderMiddleware verifies both on every protected route:
- Authentication (who is calling) = a user-signed UCAN invocation. Short-lived, replay-bounded, sent as
Authorization: Bearer <invocation>+X-Auth-Type: ucan. This is the primary auth path. - Authorization (what the oracle may do downstream) = the user→oracle delegation, sent as
x-ucan-delegation. Plugins read it to mint downstream-service invocations on the user’s behalf.
A bare
x-ucan-delegation (no invocation) is still accepted as a migration fallback for clients that haven’t moved to invocation auth yet. New clients should send both: the invocation to authenticate, the delegation for downstream authorization.
When neither an invocation nor a delegation is present, the middleware returns 401 with:
Invalid UCAN invocation.
AuthHeaderMiddleware:
1
Validates the invocation (primary)
When
X-Auth-Type: ucan + Authorization: Bearer … are present, validateUcanInvocation verifies the signature and audience (the oracle’s ORACLE_DID) and rejects any invocation whose lifetime exceeds UCAN_AUTH_MAX_TTL_SECONDS (default 900s). Results are cached by the token’s SHA-256 hash with TTL = the invocation’s own expiry, so reusing the same token until it expires (JWT-style) doesn’t re-hit Blocksync. The invocation’s signer becomes req.authData.did.2
Falls back to the delegation (migration only)
When no invocation is sent,
validateUcanDelegation authenticates the request from x-ucan-delegation instead. Delegation results cache with TTL = the delegation’s expiry (or a 3-minute fallback when it declares none).3
Trusts the delegation downstream only when it's the caller's own
A delegation is public and shareable, so the middleware acts on it downstream only when its issuer DID equals the authenticated DID. When they differ, the delegation is ignored downstream —
req.authData.ucanDelegation.raw is set to '', and plugins branch on raw.length === 0. This stops a client from pairing their own invocation with someone else’s delegation to make the oracle act on that person’s behalf.4
Attaches RuntimeUserContext to the request
The next middleware (
RuntimeContextBuilder) reads req.authData to build the rtCtx.user field handed to every tool handler — see the Runtime context reference.Opt routes out of auth
Two mechanisms to expose public routes — host-level and plugin-level. Both merge onto the runtime’s built-in exclusion list:/ (the JSON landing payload), /health, /docs, and /docs/(.*).
1
From the host — pass authExcludedRoutes to createOracleApp
2
From a plugin — implement getAuthExcludedRoutes
weather.plugin.ts.Mint downstream UCAN invocations
When a plugin calls a downstream service on the user’s behalf, it does not reuse the user’s invocation — it mints a fresh one signed by the oracle’sSECP_MNEMONIC, derived from the user’s stored delegation. The minted invocation goes out to the downstream service the same way the user authenticates to this oracle: Authorization: Bearer <invocation> + X-Auth-Type: ucan.
rtCtx.ucan:
See
packages/oracle-runtime/src/modules/ucan/ for the service implementation.
What plugins can and cannot do
- Can: read
rtCtx.user.did,rtCtx.user.matrixUserId,rtCtx.user.ucanDelegation,rtCtx.user.timezone. - Can: call
rtCtx.secrets.getIndex()/getValues()to read per-room secrets. - Can: mint downstream invocations via
rtCtx.ucan.mintInvocation. - Cannot: override the oracle’s identity per request.
- Cannot: issue UCANs as anyone other than the oracle itself.
Where to read next
API endpoints
Which routes are auth-protected and which are public.
CLI reference
create-entity, setup-encryption-key, and the rest of identity setup.Runtime context
The full
rtCtx.user, rtCtx.ucan, rtCtx.secrets surface.Environment variables
Every identity-related env var, declared and validated.