Trust & authority

Observable infrastructure, clear boundaries

ODINID is a non-custodial verification and cooperative workflow layer. It helps users authenticate, helps members present passive payment references and evidence, and exposes selected system posture without taking custody of member funds.

Public claim: ODINID prepares, verifies, records, and routes evidence. ODINID does not hold user private keys, custody customer funds, initiate bank payments, sign wallet transactions, broadcast settlement, or act as the party receiving or settling customer payments. Member transactions are signed by member wallets or local companions; cooperative-operated lab infrastructure uses separate entity scope and operator identity controls.

Live statusNon-intermediary statement
Identity Proof

VerusID login

ODINID uses passwordless VerusID challenge-response login. Users sign locally with their own wallet; ODINID verifies the proof and does not store passwords, seed phrases, or private keys.

  • No password database
  • No browser-supplied identity trust
  • Gateway challenge verification before Odoo session handoff
Commerce Proof

Member-controlled payment accounts

ODINID can display member payment references, EPC prefill data, and evidence states, but payment authorization remains member controlled. SEPA/EPC instructions point to the merchant account, and ODINID does not receive, pool, initiate, or control customer or merchant funds.

  • No merchant-of-record role
  • No pooled customer funds
  • No payment-order initiation
  • No ODINID-controlled default settlement account
System Proof

Fail-closed operations

Operational routes are separated by entity scope and capability. Public pages are read-only, member actions require VerusID session context, and lab/internal surfaces require configured scope, least-privilege access, and audit-friendly logging.

  • NL_CORE disables bridge, mint, redeem, transfer, and signing capabilities
  • MNE_BRIDGE_LAB and SHARED_DEV_ONLY require scoped operator identity allowlisting
  • Unauthorized lab access triggers entity_scope_operator_denied audit logs
  • Legacy auth_verus direct login disabled
  • WEV render and frontend connector APIs are key-gated
AI Transparency

AI Act boundary

ODINID may use AI-assisted documentation and evidence tools, but they are assistance surfaces only. AI does not decide creditworthiness, approve member credit, admit or expel members, set redemption value, sign transactions, broadcast transactions, or initiate bank payments.

  • AI/RAG surfaces must be labelled where used
  • WEV and pricing are deterministic evidence support, not AI credit scoring
  • Human, member, accountant, or counsel review remains required for decisions
  • No AI access to WIFs, seed phrases, private keys, or settlement authority
Odoo Boundary

ODINID uses Odoo for shop, portal, order, consent, and business workflow records. Odoo does not hold wallet private keys, does not custody funds, and is not the source of on-chain truth.

  • Odoo is the administrative workflow layer.
  • Gateway and verifier logic remain the security boundary for identity proof.
  • On-chain verification remains external to Odoo business records.
Access Matrix
  • Public read-only: Trust, FAQ, legal pages, public shop pages, verified claim directory.
  • Member gated: My portal, order history, voting, member-specific actions.
  • Machine gated: WEV render, internal RPC, provisioning and signed webhooks.
  • Operator only: Bridge Lab diagnostics, Odoo backend, internal docs and maintenance tools.

Operator-only diagnostics are separated from the public internet and are intended to be reachable only through a private operator network, combined with service-specific credentials, least-privilege access, entity scope checks, VerusID identity-address allowlisting, and audit logging.

Responsible Disclosure

If you believe you found a vulnerability, contact us privately. Do not publish exploit details before we have had time to assess and remediate the issue.