DeDi Node

A self-hostable, tamper-evident public registry backed by a Merkle transparency log (signed checkpoints + inclusion proofs), not a blockchain. It is a drop-in for the Beckn ONIX registry, and any node can independently witness another.

Beckn message validated against this registry

sequenceDiagram
    autonumber
    participant BAP as ONIX · BAP
    participant BPP as ONIX · BPP
    participant D as dedid
    BAP->>BPP: select (signed)
    BPP->>D: GET /lookup/bap.example.com/subscribers.beckn.one/{keyId}
    D-->>BPP: signing_public_key (+ inclusion proof)
    BPP->>BPP: verify signature ✓
    BPP-->>BAP: on_select (signed)
    BAP->>D: lookup BPP key → verify ACK ✓
    Note over D: bad/absent key → 401 reject

Decentralised trust: one node witnesses another

sequenceDiagram
    autonumber
    participant A as Node A · primary
    participant B as Node B · witness
    B->>A: GET /log/checkpoint (signed)
    B->>A: GET /log/proof/consistency?old&new
    B->>B: verify append-only (RFC 6962)
    B->>B: record verdict in own log
    Note over B: forged history → alarm

Test cases

#TestResult
1ONIX dediregistry client (v1.8.0) over the wire6/6 pass
2Beckn starter-kit select/init/confirm vs dedidACK + on_* callbacks
3Tampered key in dedid → adapter validation401 rejected
4Offline inclusion proof (browser, WebCrypto)verified
5Witness verifies primary is append-onlyrecorded
6Witness detects a forked historyalarm

Witnessed checkpoints are browsable in the Explorer under the _witness namespace.