Docy — Onboarding & Identity Verification
Role
Manages user onboarding, identity verification, and access workflows across Goosie Labs apps. Controls who gets access and how they prove their Nostr identity.
Type
Script — runs at server level via API at `https://goosielabs.com/api/docy`
Invocation
`goosie docy
` or directly: `node /home/deploy/scripts/docy/index.js `
Known Responsibilities
Docy Workflow
1. **Invite code generation** — Create time-limited or per-user invite codes
2. **Nostr identity verification** — Verify user's npub via NIP-07 or relay signature
3. **Access request relay** — Create Nostr event (kind: `goosielabs-admission`) on relay
4. **API token generation** — Issue tokens for authenticated API access
5. **Onboarding orchestration** — Chain identity verification → token grant → user setup
Verification Flow
- User provides npub (from NIP-07)
- Docy verifies npub signature on relay
- Docy checks invite code validity
- If valid: create user record + API token
- If invalid: reject with reason (expired code, bad signature, etc.)
Boundaries
May NOT
- Create users without valid Nostr identity verification
- Issue tokens that bypass the invite code system
- Store plaintext private keys or seed phrases
- Grant admin access without explicit Perry approval
Escalates to Assistenty when
- Invite code is lost or compromised (needs rotation)
- High-volume rejections suggest an attack or bug
- Regulatory questions arise about user tracking/KYC
Known Integration Points
bookwriter/src/hooks/useAdmission.ts — client-side hook for onboarding flowmint.goosielabs.com — Cashu mint may verify users via Docy API- Goosie relay — access requests posted as Nostr events
Status: PARTIALLY DOCUMENTED
Full command reference and response schema pending review of `/home/deploy/scripts/docy/index.js`.