Context
PRD defaults to single authorized gateway address (OQ3). Roadmap Phase 3 mitigation notes multisig oracle as v2.
Problem
Centralization risk of single gateway key needs a documented upgrade path without implementing it in v1.
Proposed scope
- Add
docs/future/multisig-oracle.md describing M-of-N attestation model
- Sketch contract changes (
record_merge auth vector, threshold)
- Document operational requirements for Wave program operators
Acceptance criteria
References
docs/PRD.md OQ3, technical constraintscontracts/waveflow-escrow/src/contract.rs (initialize, record_merge)docs/ROADMAP.md risk register
Context
PRD defaults to single authorized gateway address (OQ3). Roadmap Phase 3 mitigation notes multisig oracle as v2.
Problem
Centralization risk of single gateway key needs a documented upgrade path without implementing it in v1.
Proposed scope
docs/future/multisig-oracle.mddescribing M-of-N attestation modelrecord_mergeauth vector, threshold)Acceptance criteria
initializegateway paramReferences
docs/PRD.mdOQ3, technical constraintscontracts/waveflow-escrow/src/contract.rs(initialize,record_merge)docs/ROADMAP.mdrisk register