gudtek
⌘K
06 · trust

trust.

honest about where this model is safe and where it isn't. we'd rather you know the failure modes than pretend they don't exist.

where this is safe

  • no off chain custody. funds sit in real solana wallets you can inspect.
  • no single human signs. decryption requires oauth + policy + audit log. nobody at gud.tek has the key in a usable form.
  • proof is fresh oauth.claim eligibility is “you can sign for @id right now,” not a stored password.
  • logs are append only. every kms decrypt is recorded with the claim context. anyone can audit later.

where it isn't perfect

  • signer service compromise. if our backend gets popped, attacker tries to forge claims. mitigation: kms policy requires oauth tokens signed within the last 30 seconds, audit log is on a separate write-only stream you can verify against.
  • X account takeover. if someone gains control of @somecreator, they can claim. yeah, that's a real risk. you accepted it the moment you let the launch credit your handle. same risk you take with twitter monetization or github billing.