Boni KYC · Codelabs

The build course. Markdown in ../labs/ is canonical; these are the dev view.

1Project skeleton & first server 10Verification state machine 11Manual review queue + staff endpoints 12Consent engine (scopes, grants, revocation) 13Decoupled OAuth2 flow + app approval 14verified_claims (JWS) + hash-chained audit trail 15LivenessProvider interface + Smile ID client 2Routing, middleware, logging, errors 3Config & Postgres (pgx, goose) 4Repositories with sqlc; the OMANG hash 5Citizen auth: argon2id, sessions, refresh tokens 6TOTP 2FA + device binding 7Envelope encryption (KEK / DEK, AES-256-GCM) 8MinIO + encrypted document storage 9Calling the sidecars (HTTP client design, OCR first) 16OCR sidecar (OMANG field extraction) 17Face sidecar (match + anti-spoof) 18Flutter skeleton + secure token storage 19Camera capture + active liveness challenges 20Onboarding flow + verification status 21Vault + consent approval UI (the money shot) 22Mini PC hardening (Ubuntu, LUKS, SSH, firewall) 23Docker Compose + Caddy TLS + exposure 24Backups, restore drills, monitoring, deploy 25Provider dashboard (OAuth2 client)