GNX Identity-to-Execution Logic Engine · Enterprise Review Document
OpenAPI
GNX Identity-to-Execution Logic Engine 공개 API 표면 정의입니다.
openapi: 3.1.0
info:
title: GNX Identity-to-Execution Logic Engine API
version: 1.0.0
summary: Execution evidence gate API
description: >
GNX Identity-to-Execution Logic Engine binds input, identity, display state,
session proof, and execution authority into a verifiable evidence chain.
It is not an IAM replacement. It is an execution evidence gate that can attach
before or after IAM, API Gateway, AI Agent Runtime, telecommunications fraud-defense
systems, or financial security systems.
servers:
- url: https://api.logicnoid.co.kr
description: Production verification API
tags:
- name: Health
- name: Product
- name: CSRF
- name: WNS Evidence
- name: Identity
- name: Display Interlock
- name: Execution Authorization
- name: Audit
- name: Admin
paths:
/health/live:
get:
tags: [Health]
summary: Live check
responses:
"200":
description: Engine is live
/health/ready:
get:
tags: [Health]
summary: Readiness check
responses:
"200":
description: Engine, DB, and Redis are ready
/v1/public/product:
get:
tags: [Product]
summary: Product definition and non-claim boundary
responses:
"200":
description: Product metadata
/v1/csrf:
get:
tags: [CSRF]
summary: Issue CSRF token and CSRF cookie
responses:
"200":
description: CSRF token issued
/v1/evidence/wns-commit:
post:
tags: [WNS Evidence]
summary: Transform string input into WNS execution evidence
requestBody:
required: true
content:
application/json:
schema:
$ref: "#/components/schemas/WnsCommitRequest"
responses:
"200":
description: WNS evidence committed
"400":
description: Invalid WNS input
/api/v1/register/zkv:
post:
tags: [Identity]
summary: Register identity as plaintext-free ZKV anchor
security:
- csrfHeader: []
requestBody:
required: true
content:
application/json:
schema:
$ref: "#/components/schemas/ZkvRegisterRequest"
responses:
"201":
description: Identity anchor registered
"403":
description: CSRF required
"409":
description: Identity already registered
/api/v1/auth/resonance:
post:
tags: [Identity]
summary: Bind Bident session proof
security:
- csrfHeader: []
requestBody:
required: true
content:
application/json:
schema:
$ref: "#/components/schemas/BidentAuthRequest"
responses:
"200":
description: Session bound
"401":
description: Resonance mismatch
"403":
description: CSRF required
/api/v1/display/lock:
post:
tags: [Display Interlock]
summary: Confirm display readiness for target identity
security:
- csrfHeader: []
- bidentCookie: []
requestBody:
required: true
content:
application/json:
schema:
$ref: "#/components/schemas/DisplayLockRequest"
responses:
"200":
description: Display lock confirmed
"401":
description: Bident session required
"409":
description: Nonce replay rejected
/api/v1/execution/authorize:
post:
tags: [Execution Authorization]
summary: Issue one-time opaque execution handle only after WNS, Bident, and display lock are bound
security:
- csrfHeader: []
- bidentCookie: []
requestBody:
required: true
content:
application/json:
schema:
$ref: "#/components/schemas/ExecutionAuthorizeRequest"
responses:
"200":
description: Execution handle issued
"401":
description: Bident session required
"409":
description: Execution nonce replay rejected
"423":
description: WNS or display interlock required
/api/v1/execution/consume:
post:
tags: [Execution Authorization]
summary: Consume one-time opaque execution handle
security:
- csrfHeader: []
- bidentCookie: []
requestBody:
required: true
content:
application/json:
schema:
$ref: "#/components/schemas/ExecutionConsumeRequest"
responses:
"200":
description: Execution handle consumed
"404":
description: Execution handle not found or used
"409":
description: Execution handle already used or expired
/api/v1/policy/evaluate:
post:
tags: [Execution Authorization]
summary: Deprecated production policy endpoint
responses:
"410":
description: Moved to demo and production-separated endpoints
/v1/evidence/policy-evaluate-demo:
post:
tags: [WNS Evidence]
summary: Public demo-only policy evaluation
responses:
"200":
description: Demo-only response
"423":
description: Demo deny response
/v1/audit/{receipt}:
get:
tags: [Audit]
summary: Read audit hash-chain receipt
parameters:
- name: receipt
in: path
required: true
schema:
type: string
responses:
"200":
description: Audit receipt
"404":
description: Audit receipt not found
/v1/admin/challenge:
get:
tags: [Admin]
summary: Issue signed admin challenge
responses:
"200":
description: Admin challenge issued
/v1/admin/session/verify:
post:
tags: [Admin]
summary: Verify signed admin challenge and bind admin session
security:
- csrfHeader: []
requestBody:
required: true
content:
application/json:
schema:
$ref: "#/components/schemas/AdminVerifyRequest"
responses:
"200":
description: Admin session bound
"401":
description: Invalid challenge or signature
/v1/admin/audit/recent:
get:
tags: [Admin]
summary: Recent admin audit events
security:
- adminCookie: []
responses:
"200":
description: Recent admin audit events
"401":
description: Admin session required
components:
securitySchemes:
csrfHeader:
type: apiKey
in: header
name: X-GNX-CSRF
bidentCookie:
type: apiKey
in: cookie
name: __Host-gnx_i2e_bident
adminCookie:
type: apiKey
in: cookie
name: __Host-gnx_i2e_admin
schemas:
WnsCommitRequest:
type: object
required: [input]
properties:
input:
type: string
minLength: 1
maxLength: 256
ZkvRegisterRequest:
type: object
required: [id, pwd]
properties:
id:
type: string
minLength: 3
maxLength: 128
pwd:
type: string
minLength: 12
maxLength: 256
BidentAuthRequest:
type: object
required: [id, pwd]
properties:
id:
type: string
pwd:
type: string
clientEntropy:
type: string
DisplayLockRequest:
type: object
required: [targetIdentity, nonce, hardwareSignature]
properties:
targetIdentity:
type: string
nonce:
type: string
hardwareSignature:
type: string
ExecutionAuthorizeRequest:
type: object
required: [targetIdentity, wnsReceipt, nonce]
properties:
targetIdentity:
type: string
wnsReceipt:
type: string
nonce:
type: string
audience:
type: string
ExecutionConsumeRequest:
type: object
required: [targetIdentity, executionHandle]
properties:
targetIdentity:
type: string
executionHandle:
type: string
audience:
type: string
AdminVerifyRequest:
type: object
required: [challengeId, adminSubject, adminSignatureBase64]
properties:
challengeId:
type: string
adminSubject:
type: string
adminSignatureBase64:
type: string