Security
Boundaries and safe defaults
Veldra gives infrastructure. Treat the dashboard and APIs as sensitive operational surfaces.
Scope
What this project does and does not do
What it is
Policy evaluation and observability for block templates.
- Verifier + dashboard
- Policy driven thresholds
- Deterministic verdict objects
What it is not
No custody, no keys, no signing authority.
- No private key handling
- No wallet logic
- No pool payout logic
Hard rule
Do not expose the dashboard to the public internet without authentication and network hardening.
For public sharing, use a recording or an authenticated, access-controlled demo environment.
Operational guidance
Baseline hygiene
Local-first
Keep regtest demos local. Assume endpoints leak operational details.
Logs
Store verdict logs securely. They reveal policy and template characteristics.
Authentication
If you must share access, put the UI behind auth and restrict by IP.