Satoshi Cypher — Control Panel

⬡ System Dashboard

Real-time status of your Temporal Black Box deployment.

—

System Health

Session Encodes

Session Decodes

75%

Security Score

🔌 Connection Status

Configure your API endpoint above and click Connect.

ℹ️ About Satoshi Cypher

⚡ Temporal black-box banking security. Ciphers are valid only within a configurable time window — after expiry, no key, no code.

✅ v1.1.0 adds HMAC payload signing, hot key reload, and a persistent audit log. Three of the eight known issues are now resolved.

🗺️ What's New in v1.1.0

✅ HMAC Payload Signing

Every encoded cipher now includes an HMAC-SHA256 tag. The decode endpoint verifies it before execution — tampered blobs are rejected.

✅ Hot Key Reload

Update API_KEYS in your environment and call /api/keys/reload — no server restart required.

✅ Audit Trail

Every encode, decode, rejection and key-reload event is logged to /api/audit with timestamps and key hints.

⬛ Temporal Black Box

Plug in any compatible compute API endpoint — your own server, a hosted instance, or a third-party deployment.

🔌 Compute Source

Point the Black Box at any Satoshi Cypher API. The connection settings are shared with the header bar.

API Base URL

API Key

Not tested.

🔐 Encode

Source Code

🔓 Decode

Cipher JSON

HMAC Tag (auto-populated after encode)

🔍 Cipher Inspector

Paste a cipher JSON below to inspect its structure and validate the HMAC tag.

🔑 Key Manager

Manage API keys without restarting the server. Requires v1.1.0+.

ℹ️ Keys are loaded from the API_KEYS environment variable (comma-separated). To add or revoke keys: update the variable, then click Hot Reload Keys below.

🔄 Hot Reload

Reload keys from environment without restarting. Your current key must still be valid to call this endpoint.

⚠️ Multi-Worker Note

⚠️ In a multi-worker deployment (API_WORKERS > 1), this endpoint only updates the worker that handles the request. For full consistency across all workers, restart the server after updating the environment.

📖 Key Rotation Guide

Generate a new strong key: python -c "import secrets; print(secrets.token_urlsafe(32))"
Append it to your API_KEYS env variable (keep the old key temporarily): API_KEYS=old-key,new-key
Call Hot Reload Keys above — both keys are now valid.
Distribute the new key to all clients.
Once all clients have switched, remove the old key from API_KEYS.
Call Hot Reload Keys again — old key is now revoked.

📦 Environment Template

# .env — key configuration example API_KEYS=key-alpha-abc123,key-beta-def456 # Generate a new key: # python -c "import secrets; print('key-'+secrets.token_urlsafe(24))" # After updating, call POST /api/keys/reload?api_key=your-current-key

📋 Audit Trail

Immutable event log for every encode, decode, rejection, and key-reload. Newest first.

ℹ️ The audit log is stored in-memory (rolling 10 000 entries). For regulatory/compliance use, forward application logs to an external SIEM — every audit event is also emitted as a structured log line.

Auto-refresh (30s)

Timestamp	Event	Key	Details
Click Refresh to load audit events.

🛡️ Security Status

Status of all eight known issues. Three are resolved in v1.1.0.

Issues Resolved

Known / Roadmap

75%

Security Score

⚠️

Rate Limiting — In-Memory / Single-Process

KNOWN LIMITATION

_rate_store lives in-process. With API_WORKERS > 1 or multiple instances behind a load balancer, limits are not globally enforced. Fix: Replace _rate_store with a Redis backend (e.g. redis-py + RATE_LIMIT_REDIS_URL env var). This is on the Phase 1 roadmap.

✅

API Key Rotation — Requires Server Restart

FIXED IN v1.1.0

POST /api/keys/reload re-reads API_KEYS from the environment without a restart. See the Key Manager tab for the full rotation guide.

⚠️

random.Random — Mersenne Twister (Not CSPRNG)

PHASE 1 ROADMAP

The seed is derived from HMAC-SHA256(MASTER_SECRET, timestamp) which is cryptographically strong, but the Mersenne Twister shuffle has known statistical periodicity. Phase 1 fix: Replace the per-character jitter with HMAC-derived byte offsets so no PRNG state is exposed.

⚠️

exec() Sandbox — Soft Restriction

KNOWN LIMITATION

Restricting __builtins__ blocks obvious vectors but attribute-based class-hierarchy traversal (__class__.__bases__, __subclasses__) remains possible via permitted objects. Rule: Only decode cipher data you produced and trust. Never decode untrusted third-party blobs. Phase 3 plans a subprocess-isolated sandbox.

✅

Payload Authentication — No HMAC/Signature

FIXED IN v1.1.0

Every /encode response now includes an hmac_tag (HMAC-SHA256 over points + t0 + rotation_rate). The /decode endpoint verifies this tag before execution — tampered cipher blobs are rejected with 400 Bad Request.

✅

No Persistent Audit Trail

FIXED IN v1.1.0

GET /api/audit returns a rolling 10 000-entry log of all encode, decode, rejection, and key-reload events. Every entry is also emitted as a structured log line so an external SIEM can capture it. For regulatory use, forward AUDIT-prefixed log lines to your compliance pipeline.

⚠️

No HTTPS in Application Layer

PROXY REQUIRED

The server binds plain HTTP. TLS must be terminated at a reverse proxy before internet exposure. Quick start with Caddy:

your.domain {
    reverse_proxy localhost:8000
}

or nginx: ssl_certificate + proxy_pass http://127.0.0.1:8000.

⚠️

No Automated Test Suite

KNOWN LIMITATION

main.py provides a manual smoke test only. No pytest suite exists yet — any refactor carries unverified risk. Use the ⚡ Quick Test button on the Dashboard to run a live encode/decode round-trip. A formal pytest suite covering the core engine and API endpoints is on the Phase 1 roadmap.

💳 Visa-Ready Licensing

Payment infrastructure readiness and licensing tiers — your path to becoming Stripe-grade.

🏦 Payment Infrastructure Readiness

Status of the technical requirements for operating a paid API service and onboarding a card payment processor (Stripe, Visa, etc.).

✅

API Authentication — SHA-256 hashed API keys, never stored in plain text.

✅

Cipher Integrity — HMAC-SHA256 payload signing on every encode/decode (v1.1.0).

✅

Audit Logging — All events logged with timestamps and key hints; SIEM-forwardable.

✅

Rate Limiting — Per-key throttling prevents abuse (in-memory; Redis for multi-node).

✅

Error Sanitisation — No stack traces in API responses.

✅

Secret Isolation — MASTER_SECRET lives in environment variables only.

✅

Key Rotation — Zero-downtime hot-reload endpoint (v1.1.0).

⚠️

HTTPS / TLS — Required before accepting payment data. Terminate at reverse proxy (nginx / Caddy / ALB).

⚠️

Multi-Factor Admin Auth — Admin actions currently protected by API key only. MFA planned for Phase 4 dashboard.

⚠️

PCI DSS Formal Compliance — Requires third-party QSA audit. Technical foundation is in place; paperwork is not yet filed.

⚠️

HSM Key Storage — MASTER_SECRET currently in software memory. FIPS 140-2 L3 HSM integration is Phase 3.

⚠️

Automated Test Suite — Required for SOC 2 / ISO 27001. Pytest suite is Phase 1 roadmap.

7 / 12 Ready Complete the ⚠️ items before submitting a Stripe or Visa merchant application.

🎯 Licensing Tiers

Free

$0 / month

✅60 requests/min community key
✅Access to public API
✅Full documentation
✅Community support (issues)
❌SLA / uptime guarantee
❌Custom temporal window
❌Dedicated infrastructure