This directory contains the official documentation for the CAFE (Crypto-Agility Framework for Ethereum) project. Last updated: June 2026.
- functional-specifications.md — CAFE product behavior: Discovery scans, CPM policies, CPM UI user stories (US1–US21), governance rules (W1–W8), workflows, and compliance overview
- technical-specifications.md — CAFE technical architecture: services, APIs, persistence, messaging, deployment, and testing
Note: specs-fonctionnelles.md is a deprecated stub. It previously held a legacy Ponybook document; use the English specifications above.
- 01-introduction-cafe-crypto-agility.md — Introduction to CAFE and the crypto-agility problem for the Ethereum blockchain
- 02-cafe-user-guide.md — Complete user guide for the CAFE frontend: navigation (Discovery, Platform, CPM, Remediation), Crypto Policy Management graph workflow, account-based access, and all features
- 03-cafe-developer-guide.md — Canonical API v1 developer guide for Discovery (
/api/discovery/v1) and CPM (/api/cpm/v1), including scanscan_idcorrelation, CPM-owned policy assessment, and QA sign-off checks.
- 04-cafe-admin-guide.md — Platform administration: environments, deploy and health checks, deploy version probes (
/api/version,/api/cpm/version), CPM catalog (templates + instances), observability, operator diagnosis, and user-support scenarios.
- CPM — Discovery v1 to policy flow — What Option A is (post-V1 real scan context via Discovery); scan → list/detail → explore → persist; links to CPM design workplan and maintainer contracts.
- CPM UI specifications (
cafe-frontend/CPM-specs-ui.md) — Normative CPM page user stories US1–US21 and delivery epics CPM-UI-1…8 (graph workspace, persist UX).
- API v1 QA Checklist — Compact reviewer checklist for route names, removed paths, assessment ownership, delete semantics, and cross-repository follow-up.
- CPM Auth contract — Authenticated CPM behavior, scan authorization, owner-scoped persistence, error contract
- CPM explore — no deployable candidate (observability & admin diagnosis) — REQ9 / IMM-OPS-1…2: structured logs, Prometheus/Grafana,
curladmin workflow,incompatible.chain_scopediagnosis (complements user-facing REQ8 in the SPA)
CAFE (Crypto-Agility Framework for Ethereum) is a three-service platform designed to discover, govern, and remediate cryptographic assets on Ethereum—ensuring compliance, resilience, and trust in the post-quantum and zero-knowledge era.
CAFE is composed of three main services:
- Discovery — Identification of on-chain and network quantum exposures
- Crypto Policy Manager — Definition and enforcement of cryptographic policies
- Remediation — Secure migration and attested key operations
- CAFE Whitepaper — May be private while content is prepared for public release
- Discovery Repository — Cryptographic discovery service with PQC (see README Data structure (CPM export contract) for the CPM-facing observation shape)
- Crypto Policy Management (
cafe-crypto-policy-mgt) — Policy service; normative contract and vocabulary for Discovery exports - Frontend Repository — User interface
- Infrastructure Repository — Infrastructure and deployment
- Crypto backend Repository — Cryptographic backend; tooling for building and running applications with Post-Quantum Cryptography (PQC) support
- Edge Repository — Reverse-proxy images with PQC
- TLS scanner Repository — TLS scanner service with PQC
- CAFE Website — Public website
- Deploy repository is not public for security reasons; deployment is straightforward to reproduce without it
To contribute to the documentation, please follow Markdown formatting conventions and maintain consistency with existing documents.