Verification Matrix
Info
This docs site is maintained separately from the main product repo.
The verification sources below point to the product repository at pranshurastogi/SPECTER.
Why this page exists
Use this page when you need to answer one question precisely:
Is this statement documented because it is implemented today, or because it is planned?
The matrix below maps the major public docs claims to source files and, where relevant, to the GitHub issues that track known gaps.
Core protocol and API
| Docs claim | Verification source | Notes |
|---|---|---|
The backend exposes /health, key generation, stealth, ENS, SuiNS, IPFS, and registry routes | specter-api/src/routes.rs | Use this file as the route-level source of truth for API availability. |
POST /api/v1/keys/generate returns long-term spending and viewing keys plus a meta_address | specter-api/src/handlers.rs, specter-api/src/dto.rs | This is the hosted-API path. Local, client-side key generation is available through the @specterpq/sdk (generateSpecterKeys). |
POST /api/v1/stealth/create returns Ethereum and Sui stealth destinations plus announcement data | specter-api/src/handlers.rs, specter-api/src/dto.rs | The response includes payment_id, stealth_address, stealth_sui_address, ephemeral_ciphertext, view_tag, and announcement. |
POST /api/v1/registry/announcements publishes through a server-authoritative payment_id path | specter-api/src/pending.rs, specter-api/src/handlers.rs | Loose client-supplied ephemeral_key + view_tag publish is no longer accepted. |
POST /api/v1/stealth/scan returns recovered discoveries including secret material | specter-api/src/handlers.rs, specter-api/src/dto.rs | The docs must continue to warn that stealth_sk and eth_private_key are sensitive outputs. |
| ENS and SuiNS name resolution are first-class API features | specter-api/src/routes.rs, specter-ens/, specter-suins/ | Public docs can describe both as implemented resolution paths. |
Announcement metadata (tx hash, amount, source chain id) is encrypted with AES-256-GCM, keeping the view_tag byte plaintext | specter-crypto/src/metadata.rs | 77-byte plaintext block encrypts to 93 bytes. Keys derive from the ML-KEM shared secret via SHAKE-256. The SDK exposes the same via sealAnnouncementMetadata / openAnnouncementMetadata. |
| Payments settle on Ethereum, Arbitrum, Monad, and Sui (testnet-first); Monad is the announcement registry chain | SPECTER-web/src/lib/blockchain/chainRegistry.ts | Sepolia, Arbitrum Sepolia, Monad Testnet, and Sui testnet by default. Mainnet descriptors exist behind a testnet flag. Base and Optimism are roadmap. |
TypeScript SDK
| Docs claim | Verification source | Notes |
|---|---|---|
@specterpq/sdk runs ML-KEM-768 key generation, encapsulation, and decapsulation locally in WebAssembly | npm: @specterpq/sdk, specter-sdk | Version 0.3.0. Ships browser and Node WASM builds compiled from the pinned Rust core. |
| The SDK derives stealth Ethereum and Sui addresses and recovers the spendable key | npm: @specterpq/sdk | createStealthPayment, scanAnnouncement, deriveStealthKeys. Sizes are exported as constants. |
| Secret-bearing fields are redacted from JSON and console output | npm: @specterpq/sdk | Applies to secretKey, sharedSecret, and ethPrivateKey. Redaction does not protect against an app copying the value elsewhere. |
| Local SDK helpers make no network calls | npm: @specterpq/sdk | Network access is limited to the opt-in createSpecterApiClient. scanRemote and generateKeysRemote can expose secrets to the configured backend. |
Security, storage, and operations
| Docs claim | Verification source | Notes |
|---|---|---|
| The API includes auth, CORS, rate limiting, and security headers middleware | specter-api/src/middleware.rs, specter-api/src/state.rs | Docs should continue to note that POST endpoints are unprotected if API_KEY is not configured. |
| The registry backend can run in memory or Turso | specter-api/src/state.rs, specter-registry/ | Public docs should treat memory as development mode and Turso as the current durable backend. |
| Announcement discovery is backend-managed today | specter-api/src/handlers.rs, specter-registry/ | Backend-independent recovery is not implemented yet. Track issue #16. |
| The repo has an open hardening backlog for release process and production readiness | Issue #19, Issue #17 | Use these issues when docs need to describe current limitations instead of future guarantees. |
How to update docs safely
When the product repo changes:
- Verify the behavior in source first.
- Update the relevant guide or reference page.
- Update this matrix if the source of truth moved or the implementation status changed.
- Move future-only items to Roadmap instead of blending them into implementation docs.
Related pages
- Contribution Opportunities for the live GitHub backlog
- Contributing for workflow and repo boundaries
- Roadmap for planned work that should not be described as shipped