just cleanup

2021-02-06 18:48:12 -08:00
89 changed files with 277 additions and 6932 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -0,0 +1,4 @@
+.git
+.cache
+.dot
+**/doc
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -4,7 +4,6 @@ include:
  - local: 'apps/cic-eth/.gitlab-ci.yml'
  - local: 'apps/cic-ussd/.gitlab-ci.yml'
  - local: 'apps/cic-notify/.gitlab-ci.yml'
-  - local: 'apps/cic-meta/.gitlab-ci.yml'

 stages:
  - build
--- a/.gitmodules
+++ b/.gitmodules
@@ -0,0 +1,6 @@
+[submodule "apps/cic-cache"]
+	path = apps/cic-cache
+	url = git@gitlab.com:grassrootseconomics/cic-cache.git
+[submodule "apps/cic-meta"]
+	path = apps/cic-meta
+	url = git@gitlab.com:grassrootseconomics/cic-meta.git
--- a/README.md
+++ b/README.md
@@ -2,22 +2,6 @@

 ## Getting started 

-## Make some keys
-
-```
-docker build -t bloxie . && docker run -v "$(pwd)/keys:/root/keys" --rm -it -t bloxie account new --chain /root/bloxberg.json --keys-path /root/keys
-```
-
-
-### Prepare the repo
-
-This is stuff we need to put in  makefile but for now...
-
-File mounts and permisssions need to be set
-```
-chmod -R 755 scripts/initdb apps/cic-meta/scripts/initdb
-````
-
 start cluster
 ```
 docker-compose up
@@ -36,7 +20,6 @@ docker-compose down -v
 rebuild an images
 ```
 docker-compose up --build <service_name>
-```
-
-Deployment variables are writtend to service-configs/.env after everthing is up.
+``

+Deployment variables are writtend to service-configs/.env after everthing is up.`
--- a/apps/bloxbergValidatorSetup/.gitignore
+++ b/apps/bloxbergValidatorSetup/.gitignore
@@ -1,6 +1,3 @@
 /validator/bloxbergData
 /validator/bloxberg.log
-keys/*
-!keys/Bloxberg
-keys/Bloxberg/*
-!keys/Bloxberg/UTC--2021-02-10T16-57-35Z--03512a62-5334-20cc-4e44-71156f33cff6
+keys/**/*
--- a/apps/bloxbergValidatorSetup/Dockerfile
+++ b/apps/bloxbergValidatorSetup/Dockerfile
@@ -17,7 +17,7 @@ COPY ./validator/bloxberg.json \
     ./validator/validator.toml \
     /root/

-COPY keys/ /root/keys/
+COPY ./keys/ /root/keys/

 # RUN chown -R parity:parity $HOME/ && \
 #     chmod -R 775 $HOME/ && \
@@ -25,4 +25,4 @@ COPY keys/ /root/keys/
 # USER parity

 ENTRYPOINT [ "parity" ]
-CMD [ "--config", "/root/validator.toml", "--keys-path", "/root/keys/", "--password", "/root/validator.pwd" ]
+CMD [ "--config", "/root/validator.toml", "--keys-path", "/root/keys/" ]
--- a/apps/bloxbergValidatorSetup/README.md
+++ b/apps/bloxbergValidatorSetup/README.md
@@ -4,7 +4,7 @@
 The original bloxberg node config was kind of annoying so I am running it more like vanilla parity. This way you can pass command flags directly to parity.
 ## Make some keys
 ```
-docker build -t bloxie . && docker run -v ${PWD}/keys:/root/keys --rm -it -t bloxie account new --chain /root/bloxberg.json --keys-path /root/keys --password /root/validator.pwd
+docker build -t bloxie . && docker run -v ${PWD}/keys:/root/keys --rm -it -t bloxie account new --chain /root/bloxberg.json --keys-path /root/keys
 ```

 ## Enter the signer address and passwords in the config files
--- a/apps/bloxbergValidatorSetup/keys/Bloxberg/UTC--2021-02-10T16-57-35Z--03512a62-5334-20cc-4e44-71156f33cff6
+++ b/apps/bloxbergValidatorSetup/keys/Bloxberg/UTC--2021-02-10T16-57-35Z--03512a62-5334-20cc-4e44-71156f33cff6
@@ -1 +0,0 @@
-{"id":"03512a62-5334-20cc-4e44-71156f33cff6","version":3,"crypto":{"cipher":"aes-128-ctr","cipherparams":{"iv":"dc388338c4d4e3203604aeb3d1c6bbfa"},"ciphertext":"8a945775b87089ce94537e011799f3abc1577c5dd1f3fbaebe1cd96dfdfc8b5a","kdf":"pbkdf2","kdfparams":{"c":10240,"dklen":32,"prf":"hmac-sha256","salt":"e8585836540caca01282381f5c1fe128e53b15b40f9d152fbc5a4f82a7967398"},"mac":"a7c7815e84a632ecf6d8f18c981bea73d50cd2e2a855a3e90477fc84ed14f906"},"address":"4f2a5902158c3969b245247f4154971d393301f2","name":"","meta":"{}"}
--- a/apps/bloxbergValidatorSetup/validator/bloxberg.json
+++ b/apps/bloxbergValidatorSetup/validator/bloxberg.json
@@ -7,7 +7,7 @@
                "maximumUncleCount": 0,
                "stepDuration": "5",
                "validators" : {
-                     "list": ["0x4f2a5902158c3969b245247f4154971d393301f2"]
+                     "list": ["0x6bd4e51b3730576ddc4049654ef60ed7f7436cb5"]
                }
            }
        }
--- a/apps/bloxbergValidatorSetup/validator/validator.toml
+++ b/apps/bloxbergValidatorSetup/validator/validator.toml
@@ -16,17 +16,15 @@ interface = "all"
 [websockets]
 disable = false
 port = 8546
-#apis = ["web3", "eth", "net", "personal", "parity", "parity_set", "traces", "rpc", "parity_accounts"]
-apis = ["all"]
 interface = "all"
-origins = ["*"]
+origins = ["none"]

 [account]
 password = ["/root/validator.pwd"]

 [mining]
 #CHANGE ENGINE SIGNER TO VALIDATOR ADDRESS
-engine_signer = "0x4f2a5902158c3969b245247f4154971d393301f2"
+engine_signer = "0x6bd4e51b3730576ddc4049654ef60ed7f7436cb5"
 reseal_on_txs = "none"
 force_sealing = true
 min_gas_price = 1000000
--- a/apps/cic-eth/.gitlab-ci.yml
+++ b/apps/cic-eth/.gitlab-ci.yml
@@ -3,19 +3,20 @@
        APP_NAME: cic-eth
        DOCKERFILE_PATH: $APP_NAME/docker/Dockerfile

-.cic_eth_changes_target:
+.this_changes_target:
    rules:
        - changes:
            - $CONTEXT/$APP_NAME/*

 build-mr-cic-eth:
    extends:
-        - .cic_eth_changes_target
+        - .this_changes_target
        - .py_build_merge_request
        - .cic_eth_variables

 build-push-cic-eth:
    extends:
+        - .this_changes_target
        - .py_build_push
        - .cic_eth_variables
        
--- a/apps/cic-eth/CHANGELOG
+++ b/apps/cic-eth/CHANGELOG
@@ -9,8 +9,6 @@
 	* Add pure tcp and redis task api callbacks
 	* Add optional outgoing log status tracing
 	* Add lock lister and lock/unlock cli tool
-	* Add resend executable tool
-	* Add account create executable tool
 - 0.9.0
 	* Require chain spec parameter in api
 	* Pass chain spec between tasks
--- a/apps/cic-eth/README.md
+++ b/apps/cic-eth/README.md
@@ -1 +0,0 @@
-# CIC-ETH
--- a/apps/cic-eth/cic_eth/eth/util.py
+++ b/apps/cic-eth/cic_eth/eth/util.py
@@ -35,10 +35,6 @@ def unpack_signed_raw_tx(tx_raw_bytes, chain_id):
    if chain_id != 0:
        v = int.from_bytes(d[6], 'big')
        vb = v - (chain_id * 2) - 35
-    while len(d[7]) < 32:
-        d[7] = b'\x00' + d[7]
-    while len(d[8]) < 32:
-        d[8] = b'\x00' + d[8]
    s = b''.join([d[7], d[8], bytes([vb])])
    so = KeyAPI.Signature(signature_bytes=s)

--- a/apps/cic-eth/cic_eth/queue/tx.py
+++ b/apps/cic-eth/cic_eth/queue/tx.py
@@ -557,26 +557,27 @@ def get_upcoming_tx(status=StatusEnum.READYSEND, recipient=None, before=None, ch
    :rtype: dict, with transaction hash as key, signed raw transaction as value
    """
    session = SessionBase.create_session()
-    q_outer = session.query(
+    q = session.query(
            TxCache.sender,
            func.min(Otx.nonce).label('nonce'),
            )
-    q_outer = q_outer.join(TxCache)
-    q_outer = q_outer.join(Lock, isouter=True)
-    q_outer = q_outer.filter(or_(Lock.flags==None, Lock.flags.op('&')(LockEnum.SEND.value)==0))
+    q = q.join(TxCache)
+    q = q.join(Lock, isouter=True)
+    q = q.filter(or_(Lock.flags==None, Lock.flags.op('&')(LockEnum.SEND.value)==0))

    if status >= StatusEnum.SENT:
        raise ValueError('not a valid non-final tx value: {}'.format(s))
-    q_outer = q_outer.filter(Otx.status==status.value)
+    q = q.filter(Otx.status==status)

    if recipient != None:
-        q_outer = q_outer.filter(TxCache.recipient==recipient)
+        q = q.filter(TxCache.recipient==recipient)

-    q_outer = q_outer.group_by(TxCache.sender)
+    q = q.group_by(TxCache.sender)

    txs = {}

-    for r in q_outer.all():
+    results = q.all()
+    for r in results:
        q = session.query(Otx)
        q = q.join(TxCache)
        q = q.filter(TxCache.sender==r.sender)
@@ -586,6 +587,7 @@ def get_upcoming_tx(status=StatusEnum.READYSEND, recipient=None, before=None, ch
            q = q.filter(TxCache.date_checked<before)
       
        q = q.order_by(TxCache.date_created.desc())
+
        o = q.first()

        # TODO: audit; should this be possible if a row is found in the initial query? If not, at a minimum log error.
@@ -600,6 +602,7 @@ def get_upcoming_tx(status=StatusEnum.READYSEND, recipient=None, before=None, ch
        q = q.filter(TxCache.otx_id==o.id)
        o = q.first()

+        logg.debug('oooo {}'.format(o))
        o.date_checked = datetime.datetime.now()
        session.add(o)
        session.commit()
--- a/apps/cic-eth/cic_eth/runnable/create.py
+++ b/apps/cic-eth/cic_eth/runnable/create.py
@@ -1,84 +0,0 @@
-#!/usr/bin/python
-#import socket
-import sys
-import os
-import logging
-import uuid
-import json
-
-import celery
-from cic_eth.api import Api
-import confini
-import argparse
-import redis
-
-logging.basicConfig(level=logging.WARNING)
-logg = logging.getLogger('create_account_script')
-logging.getLogger('confini').setLevel(logging.WARNING)
-logging.getLogger('gnupg').setLevel(logging.WARNING)
-
-default_config_dir = os.environ.get('CONFINI_DIR', '/usr/local/etc/cic')
-
-argparser = argparse.ArgumentParser()
-argparser.add_argument('--no-register', dest='no_register', action='store_true', help='Do not register new account in on-chain accounts index')
-argparser.add_argument('-c', type=str, default=default_config_dir, help='config file')
-argparser.add_argument('-i', '--chain-spec', dest='i', type=str, help='chain spec')
-argparser.add_argument('--redis-host', dest='redis_host', type=str, help='redis host to use for task submission')
-argparser.add_argument('--redis-port', dest='redis_port', type=int, help='redis host to use for task submission')
-argparser.add_argument('--redis-db', dest='redis_db', type=int, help='redis db to use for task submission and callback')
-argparser.add_argument('--redis-host-callback', dest='redis_host_callback', default='localhost', type=str, help='redis host to use for callback')
-argparser.add_argument('--redis-port-callback', dest='redis_port_callback', default=6379, type=int, help='redis port to use for callback')
-argparser.add_argument('--timeout', default=20.0, type=float, help='Callback timeout')
-argparser.add_argument('-q', type=str, default='cic-eth', help='Task queue')
-argparser.add_argument('-v', action='store_true', help='Be verbose')
-argparser.add_argument('-vv', action='store_true', help='Be more verbose')
-args = argparser.parse_args()
-
-if args.vv:
-    logg.setLevel(logging.DEBUG)
-if args.v:
-    logg.setLevel(logging.INFO)
-
-config_dir = args.c
-config = confini.Config(config_dir, os.environ.get('CONFINI_ENV_PREFIX'))
-config.process()
-args_override = {
-        'CIC_CHAIN_SPEC': getattr(args, 'i'),
-        'REDIS_HOST': getattr(args, 'redis_host'),
-        'REDIS_PORT': getattr(args, 'redis_port'),
-        'REDIS_DB': getattr(args, 'redis_db'),
-        }
-config.dict_override(args_override, 'cli')
-celery_app = celery.Celery(broker=config.get('CELERY_BROKER_URL'), backend=config.get('CELERY_RESULT_URL'))
-
-
-def main():
-    redis_host = config.get('REDIS_HOST')
-    redis_port = config.get('REDIS_PORT')
-    redis_db = config.get('REDIS_DB')
-    redis_channel = str(uuid.uuid4())
-    r = redis.Redis(redis_host, redis_port, redis_db)
-
-    ps = r.pubsub()
-    ps.subscribe(redis_channel)
-    ps.get_message()
-
-    api = Api(
-            config.get('CIC_CHAIN_SPEC'),
-            queue=args.q,
-            callback_param='{}:{}:{}:{}'.format(args.redis_host_callback, args.redis_port_callback, redis_db, redis_channel),
-            callback_task='cic_eth.callbacks.redis.redis',
-            callback_queue=args.q,
-            )
-
-    register = not args.no_register
-    logg.debug('register {}'.format(register))
-    t = api.create_account(register=register)
-
-    ps.get_message()
-    m = ps.get_message(timeout=args.timeout)
-    print(json.loads(m['data']))
-
-
-if __name__ == '__main__':
-    main()
--- a/apps/cic-eth/cic_eth/runnable/dispatcher.py
+++ b/apps/cic-eth/cic_eth/runnable/dispatcher.py
@@ -68,7 +68,7 @@ app = celery.Celery(backend=config.get('CELERY_RESULT_URL'),  broker=config.get(
 queue = args.q

 dsn = dsn_from_config(config)
-SessionBase.connect(dsn, debug=config.true('DATABASE_DEBUG'))
+SessionBase.connect(dsn)


 re_websocket = re.compile('^wss?://')
--- a/apps/cic-eth/cic_eth/runnable/resend.py
+++ b/apps/cic-eth/cic_eth/runnable/resend.py
@@ -1,95 +0,0 @@
-# standard imports
-import logging
-import argparse
-import re
-import os
-
-# third-party imports
-import celery
-import confini
-import web3
-from cic_registry import CICRegistry
-from cic_registry.chain import ChainSpec
-from cic_registry.chain import ChainRegistry
-
-# local imports
-from cic_eth.eth.rpc import RpcClient
-from cic_eth.api.api_admin import AdminApi
-
-logging.basicConfig(level=logging.WARNING)
-logg = logging.getLogger()
-
-logging.getLogger('web3').setLevel(logging.WARNING)
-logging.getLogger('urllib3').setLevel(logging.WARNING)
-
-default_config_dir = os.path.join('/usr/local/etc/cic-eth')
-
-
-argparser = argparse.ArgumentParser()
-argparser.add_argument('-c', type=str, default=default_config_dir, help='config root to use')
-argparser.add_argument('-p', '--provider', dest='p', default='http://localhost:8545', type=str, help='Web3 provider url (http only)')
-argparser.add_argument('-i', '--chain-spec', dest='i', type=str, default='Ethereum:1', help='Chain specification string')
-argparser.add_argument('--unlock', action='store_true', help='Append task to unlock account')
-argparser.add_argument('--env-prefix', default=os.environ.get('CONFINI_ENV_PREFIX'), dest='env_prefix', type=str, help='environment prefix for variables to overwrite configuration')
-argparser.add_argument('-v', action='store_true', help='Be verbose')
-argparser.add_argument('-vv', action='store_true', help='Be more verbose')
-argparser.add_argument('tx_hash', type=str, help='Transaction hash')
-args = argparser.parse_args()
-
-
-if args.vv:
-    logg.setLevel(logging.DEBUG)
-elif args.v:
-    logg.setLevel(logging.INFO)
-
-config_dir = os.path.join(args.c)
-os.makedirs(config_dir, 0o777, True)
-config = confini.Config(config_dir, args.env_prefix)
-config.process()
-args_override = {
-        'ETH_PROVIDER': getattr(args, 'p'),
-        'CIC_CHAIN_SPEC': getattr(args, 'i'),
-        }
-
-# override args
-config.censor('PASSWORD', 'DATABASE')
-config.censor('PASSWORD', 'SSL')
-logg.debug('config loaded from {}:\n{}'.format(config_dir, config))
-
-chain_spec = ChainSpec.from_chain_str(args.i)
-chain_str = str(chain_spec)
-
-re_websocket = re.compile('^wss?://')
-re_http = re.compile('^https?://')
-blockchain_provider = config.get('ETH_PROVIDER')
-if re.match(re_websocket, blockchain_provider) != None:
-    blockchain_provider = web3.Web3.WebsocketProvider(blockchain_provider)
-elif re.match(re_http, blockchain_provider) != None:
-    blockchain_provider = web3.Web3.HTTPProvider(blockchain_provider)
-else:
-    raise ValueError('unknown provider url {}'.format(blockchain_provider))
-
-def web3_constructor():
-    w3 = web3.Web3(blockchain_provider)
-    return (blockchain_provider, w3)
-RpcClient.set_constructor(web3_constructor)
-
-celery_app = celery.Celery(broker=config.get('CELERY_BROKER_URL'), backend=config.get('CELERY_RESULT_URL'))
-
-c = RpcClient(chain_spec)
-
-CICRegistry.init(c.w3, config.get('CIC_REGISTRY_ADDRESS'), chain_spec)
-chain_registry = ChainRegistry(chain_spec)
-CICRegistry.add_chain_registry(chain_registry)
-CICRegistry.add_path(config.get('ETH_ABI_DIR'))
-CICRegistry.load_for(chain_spec)
-
-
-def main():
-    api = AdminApi(c)
-    tx_details = api.tx(chain_spec, args.tx_hash)
-    t = api.resend(args.tx_hash, chain_str, unlock=True)
-
-
-if __name__ == '__main__':
-    main()
--- a/apps/cic-eth/cic_eth/runnable/tasker.py
+++ b/apps/cic-eth/cic_eth/runnable/tasker.py
@@ -211,11 +211,6 @@ def main():

    chain_registry = ChainRegistry(chain_spec)
    CICRegistry.add_chain_registry(chain_registry, True)
-    try:
-        CICRegistry.get_contract(chain_spec, 'CICRegistry')
-    except Exception as e:
-        logg.exception('Eek, registry failure is baaad juju {}'.format(e))
-        sys.exit(1)

    if config.get('ETH_ACCOUNT_ACCOUNTS_INDEX_WRITER') != None:
        CICRegistry.add_role(chain_spec, config.get('ETH_ACCOUNT_ACCOUNTS_INDEX_WRITER'), 'AccountRegistry', True)
--- a/apps/cic-eth/cic_eth/version.py
+++ b/apps/cic-eth/cic_eth/version.py
@@ -10,7 +10,7 @@ version = (
        0,
        10,
        0,
-        'alpha.25',
+        'alpha.22',
        )

 version_object = semver.VersionInfo(
--- a/apps/cic-eth/docker/Dockerfile
+++ b/apps/cic-eth/docker/Dockerfile
@@ -1,23 +1,12 @@
-# FROM grassrootseconomics:cic
-
-#FROM python:3.8.6-alpine
 FROM python:3.8.6-slim-buster

-#COPY --from=0 /usr/local/share/cic/solidity/ /usr/local/share/cic/solidity/
+RUN apt-get update && \
+	apt install -y gcc gnupg libpq-dev wget make g++ gnupg bash procps

 WORKDIR /usr/src/cic-eth

 ARG pip_extra_index_url_flag='--index https://pypi.org/simple --extra-index-url https://pip.grassrootseconomics.net:8433'
 ARG root_requirement_file='requirements.txt'
-
-#RUN apk update && \
-#	apk add gcc musl-dev gnupg libpq
-#RUN apk add postgresql-dev
-#RUN apk add linux-headers
-#RUN apk add libffi-dev
-RUN apt-get update && \
-	apt install -y gcc gnupg libpq-dev wget make g++ gnupg bash procps
-
 # Copy shared requirements from top of mono-repo
 RUN echo "copying root req file ${root_requirement_file}"
 COPY $root_requirement_file .
@@ -41,8 +30,3 @@ COPY cic-eth/tests/ tests/
 COPY cic-eth/config/ /usr/local/etc/cic-eth/
 COPY cic-eth/cic_eth/db/migrations/ /usr/local/share/cic-eth/alembic/
 COPY cic-eth/crypto_dev_signer_config/ /usr/local/etc/crypto-dev-signer/
-
-RUN apt-get install -y git && \
-	git clone https://gitlab.com/grassrootseconomics/cic-contracts.git && \
-	mkdir -p /usr/local/share/cic/solidity && \
-	cp -R cic-contracts/abis /usr/local/share/cic/solidity/abi
--- a/apps/cic-eth/docker/db.sh
+++ b/apps/cic-eth/docker/db.sh
@@ -1,6 +1,4 @@
 #!/bin/bash

-set -e
->&2 echo executing database migration
 migrate.py -c /usr/local/etc/cic-eth --migrations-dir /usr/local/share/cic-eth/alembic -vv
-set +e
+
--- a/apps/cic-eth/docker/start_tasker.sh
+++ b/apps/cic-eth/docker/start_tasker.sh
@@ -1,6 +1,5 @@
 #!/bin/bash

-set -e
 . ./db.sh

 # set CONFINI_ENV_PREFIX to override the env prefix to override env vars
@@ -28,4 +27,3 @@ while true; do
  sleep 15;
 done

-set +e
--- a/apps/cic-eth/requirements.txt
+++ b/apps/cic-eth/requirements.txt
@@ -1,6 +1,6 @@
 web3==5.12.2
 celery==4.4.7
-crypto-dev-signer~=0.4.13rc2
+crypto-dev-signer~=0.4.13b13
 confini~=0.3.6b1
 cic-registry~=0.5.3a10
 cic-bancor~=0.0.6
@@ -8,9 +8,9 @@ redis==3.5.3
 alembic==1.4.2
 websockets==8.1
 requests~=2.24.0
-eth_accounts_index~=0.0.10a7
-erc20-approval-escrow~=0.3.0a5
-erc20-single-shot-faucet~=0.2.0a6
+eth_accounts_index~=0.0.10a5
+erc20-approval-escrow~=0.3.0a3
+erc20-single-shot-faucet~=0.2.0a4
 rlp==2.0.1
 uWSGI==2.0.19.1
 semver==2.13.0
--- a/apps/cic-eth/setup.cfg
+++ b/apps/cic-eth/setup.cfg
@@ -40,15 +40,10 @@ scripts =

 [options.entry_points]
 console_scripts =
-	# daemons
 	cic-eth-tasker = cic_eth.runnable.tasker:main
 	cic-eth-manager = cic_eth.runnable.manager:main
+	cic-eth-tag = cic_eth.runnable.tag:main
 	cic-eth-dispatcher = cic_eth.runnable.dispatcher:main
 	cic-eth-retrier = cic_eth.runnable.retry:main
-	# tools	
-	cic-eth-create = cic_eth.runnable.create:main 
 	cic-eth-inspect = cic_eth.runnable.view:main
 	cic-eth-ctl = cic_eth.runnable.ctrl:main
-	# TODO: Merge this with ctl when subcmds sorted to submodules
-	cic-eth-tag = cic_eth.runnable.tag:main
-	cic-eth-resend = cic_eth.runnable.resend:main
--- a/apps/cic-meta
+++ b/apps/cic-meta
--- a/apps/cic-meta/.config/database.ini
+++ b/apps/cic-meta/.config/database.ini
@@ -1,14 +0,0 @@
-[database]
-#name = cic-meta
-#engine = postgres
-#user = postgres
-#password = password
-#host = localhost
-#port = 5432
-name = /tmp/cicmeta.sqlite
-engine = sqlite
-user = 
-password = 
-host = 
-port = 
-schema_sql_path = server.sqlite.sql
--- a/apps/cic-meta/.config/pgp.ini
+++ b/apps/cic-meta/.config/pgp.ini
@@ -1,7 +0,0 @@
-[pgp]
-exports_dir = pgp
-privatekey_file = privatekeys.asc
-passphrase = merman
-publickey_trusted_file = publickeys.asc
-publickey_active_file = publickeys.asc
-publickey_encrypt_file = publickeys.asc
--- a/apps/cic-meta/.config/server.ini
+++ b/apps/cic-meta/.config/server.ini
@@ -1,3 +0,0 @@
-[server]
-address = 0.0.0.0
-port = 7777
--- a/apps/cic-meta/.gitignore
+++ b/apps/cic-meta/.gitignore
@@ -1,5 +0,0 @@
-node_modules
-dist
-dist-web
-scratch
-tests
--- a/apps/cic-meta/.gitlab-ci.yml
+++ b/apps/cic-meta/.gitlab-ci.yml
@@ -1,23 +0,0 @@
-
-.cic_meta_variables:
-    variables:
-        APP_NAME: cic-meta
-        DOCKERFILE_PATH: $APP_NAME/docker/Dockerfile
-
-.cic_meta_changes_target:
-    rules:
-        - changes:
-            - $CONTEXT/$APP_NAME/*
-
-build-mr-cic-meta:
-    extends:
-        - .cic_meta_changes_target
-        - .py_build_merge_request
-        - .cic_meta_variables
-
-build-push-cic-meta:
-    extends:
-        - .py_build_push
-        - .cic_meta_variables
-        
-
--- a/apps/cic-meta/CHANGELOG
+++ b/apps/cic-meta/CHANGELOG
@@ -1,10 +0,0 @@
-* 0.0.6
-	- Add server build
-* 0.0.5
-	- Set build on install
-* 0.0.4
-	- Change phone key generator to arbitrary value input
-* 0.0.3
-	- Add asset key generator
-	- Add crypto polyfill (node uses native crypto, web uses webcrypto)
-	- Add phone asset
--- a/apps/cic-meta/docker/Dockerfile
+++ b/apps/cic-meta/docker/Dockerfile
@@ -1,28 +0,0 @@
-FROM node:15.3.0-alpine3.10
-
-WORKDIR /tmp/src/cic-meta
-
-COPY cic-meta/package.json \
-	 cic-meta/package-lock.json \
-     ./
-
-RUN npm install
-
-COPY cic-meta/src/ src/
-COPY cic-meta/tests/ tests/
-COPY cic-meta/scripts/ scripts/
-#COPY docker/*.sh /root/
-
-RUN alias tsc=node_modules/typescript/bin/tsc 
-
-COPY cic-meta/.config/ /usr/local/etc/cic-meta/
-# COPY cic-meta/scripts/server/initdb/server.postgres.sql /usr/local/share/cic-meta/sql/server.sql
-
-COPY cic-meta/docker/db.sh ./db.sh
-RUN chmod 755 ./db.sh
-
-RUN alias ts-node=/tmp/src/cic-meta/node_modules/ts-node/dist/bin.js
-ENTRYPOINT [ "./node_modules/ts-node/dist/bin.js", "./scripts/server/server.ts" ]
-
-# COPY cic-meta/docker/start_server.sh ./start_server.sh
-# RUN chmod 755 ./start_server.sh
--- a/apps/cic-meta/docker/db.sh
+++ b/apps/cic-meta/docker/db.sh
@@ -1,3 +0,0 @@
-#!/bin/bash
-
-PGPASSWORD=$DATABASE_PASSWORD psql -U $DATABASE_USER -h $DATABASE_HOST -p $DATABASE_PORT -d $DATABASE_NAME /usr/local/share/cic-meta/sql/server.sql
--- a/apps/cic-meta/docker/start_server.sh
+++ b/apps/cic-meta/docker/start_server.sh
@@ -1,3 +0,0 @@
-sh ./db.sh
-
-/usr/local/bin/node /usr/local/bin/cic-meta-server $@
--- a/apps/cic-meta/example/client.py
+++ b/apps/cic-meta/example/client.py
@@ -1,98 +0,0 @@
-import sys
-import os
-import json
-import logging
-from urllib.request import Request, urlopen
-
-import gnupg
-
-logging.basicConfig(level=logging.DEBUG)
-logg = logging.getLogger()
-
-host = os.environ.get('CIC_META_URL', 'http://localhost:63380')
-
-if len(sys.argv) < 2:
-    sys.stderr.write('Usage: {} <path-to-gpg-private-key>\n'.format(sys.argv[0]))
-    sys.exit(1)
-
-
-# Import PGP key used to sign the data submission
-gpg = gnupg.GPG(gnupghome='/tmp/.gpg')
-f = open(sys.argv[1], 'r')
-key_data = f.read()
-f.close()
-
-gpg.import_keys(key_data)
-gpgk = gpg.list_keys()
-algo = gpgk[0]['algo']
-logg.info('using signing key {} algo {}'.format(gpgk[0]['keyid'], algo))
-
-
-def main():
-
-    # Random key to associate with value
-    # (typically this is some deterministic identifier like sha256(<ethaddress>:cic-person)
-    k = os.urandom(32).hex()
-    url = os.path.join(host, k)
-
-    # Headers required for server-assisted merge operations
-    headers = {
-        'X-CIC-AUTOMERGE': 'server',
-        'Content-Type': 'application/json',
-            }
-
-    # Data to merge
-    data_dict = {
-        'foo': 'bar',
-        'xyzzy': 42,
-            }
-
-    # Send request to server to get initial automerge object and signing material
-    # Server will reply with current state of object merged with ours, but (obviously)
-    # still without a signature.
-    data = json.dumps(data_dict).encode('utf-8')
-    req = Request(url, headers=headers, data=data, method='POST')
-    rs = urlopen(req)
-    logg.info('get sign material response status: {}'.format(rs.status))
-    if rs.status != 200:
-        raise RuntimeError('request failed: {}'.format(rs.reason))
-
-
-    # Sign the provided digest
-    data = rs.read()
-    e = json.loads(data)
-    sig = gpg.sign(e['digest'], passphrase='ge', keyid=gpgk[0]['keyid'])
-
-    # Format data for the content storage request
-    data = {
-            'm': data.decode('utf-8'),
-            's': {
-        'engine': 'pgp',
-        'algo': algo,
-        'data': str(sig),
-        'digest': e['digest'],
-            },
-            }
-
-    # Send storage request to server
-    data = json.dumps(data).encode('utf-8')
-    req = Request(url, headers=headers, data=data, method='PUT')
-    rs = urlopen(req)
-
-    logg.info('signed content submissionstatus: {}'.format(rs.status))
-    if rs.status != 200:
-        raise RuntimeError('request failed: {}'.format(rs.reason))
-
-
-    # Get the latest stored version of the data (without the merge graph)
-    req = Request(url, method='GET')
-    rs = urlopen(req)
-    logg.info('get latest data status: {}'.format(rs.status))
-    if rs.status != 200:
-        raise RuntimeError('request failed: {}'.format(rs.reason))
-
-    print(rs.read().decode('utf-8'))
-
-
-if __name__ == '__main__':
-    main()
--- a/apps/cic-meta/package-lock.json
+++ b/apps/cic-meta/package-lock.json
--- a/apps/cic-meta/package.json
+++ b/apps/cic-meta/package.json
@@ -1,41 +0,0 @@
-{
-	"name": "cic-client-meta",
-	"version": "0.0.6",
-	"description": "Signed CRDT metadata graphs for the CIC network",
-	"main": "dist/index.js",
-	"types": "dist/index.d.ts",
-	"scripts": {
-		"test": "mocha -r node_modules/node-localstorage/register -r ts-node/register tests/*.ts",
-		"build": "node_modules/typescript/bin/tsc -d --outDir dist",
-		"build-server": "tsc -d --outDir dist-server scripts/server/*.ts",
-		"pack": "node_modules/typescript/bin/tsc -d --outDir dist && webpack",
-		"clean": "rm -rf dist"
-	},
-	"bin": {
-		"cic-meta-server": "./dist-server/scripts/server/server.js"
-	},
-	"dependencies": {
-		"@ethereumjs/tx": "^3.0.0-beta.1",
-		"automerge": "^0.14.1",
-		"ethereumjs-wallet": "^1.0.1",
-		"ini": "^1.3.5",
-		"openpgp": "^4.10.8",
-		"pg": "^8.4.2",
-		"sqlite3": "^5.0.0",
-		"yargs": "^16.1.0"
-	},
-	"devDependencies": {
-		"@types/mocha": "^8.0.3",
-		"mocha": "^8.2.0",
-		"node-localstorage": "^2.1.6",
-		"ts-node": "^9.0.0",
-		"typescript": "^4.0.5",
-		"webpack": "^5.4.0",
-		"webpack-cli": "^4.2.0"
-	},
-	"author": "Louis Holbrook <dev@holbrook.no>",
-	"license": "GPL-3.0-or-later",
-	"engines": {
-		"node": "~15.3.0"
-	}
-}
--- a/apps/cic-meta/scripts/dumpconfig.js
+++ b/apps/cic-meta/scripts/dumpconfig.js
@@ -1,20 +0,0 @@
-const config = require('./src/config');
-const fs = require('fs');
-
-if (process.argv[2] === undefined) {
-	process.stderr.write('Usage: node dumpConfig.js <configdir>\n');
-	process.exit(1);
-}
-try {
-	const stat = fs.statSync(process.argv[2]);
-	if (!stat.isDirectory()) {
-		throw 'not a directory';
-	}
-} catch {
-	process.stderr.write('Not a directory: ' + process.argv[2] + '\n');
-	process.exit(1);
-}
-
-const c = new config.Config(process.argv[2], process.env['CONFINI_ENV_PREFIX']);
-c.process();
-process.stdout.write(c.toString());
--- a/apps/cic-meta/scripts/initdb/postgresql.sh
+++ b/apps/cic-meta/scripts/initdb/postgresql.sh
@@ -1,15 +0,0 @@
-#!/bin/bash
-set -e
-
-psql -v ON_ERROR_STOP=1 --username grassroots --dbname cic_meta <<-EOSQL
-    create table if not exists store (
-        id serial primary key not null,
-        owner_fingerprint text not null,
-        hash char(64) not null unique,
-        content text not null
-    );
-
-    create index if not exists idx_fp on store ((lower(owner_fingerprint)));
-EOSQL
-
-
--- a/apps/cic-meta/scripts/initdb/server.postgres.sql
+++ b/apps/cic-meta/scripts/initdb/server.postgres.sql
@@ -1,8 +0,0 @@
-create table if not exists cic_meta.store (
-	id serial primary key not null,
-	owner_fingerprint text not null,
-	hash char(64) not null unique,
-	content text not null
-);
-
-create index if not exists idx_fp on store ((lower(owner_fingerprint)));
--- a/apps/cic-meta/scripts/initdb/server.sql
+++ b/apps/cic-meta/scripts/initdb/server.sql
@@ -1,9 +0,0 @@
-create table if not exists store (
-	/*id serial primary key not null,*/
-	id integer primary key autoincrement,
-	owner_fingerprint text not null,
-	hash char(64) not null unique,
-	content text not null
-);
-
-create index if not exists idx_fp on store ((lower(owner_fingerprint)));
--- a/apps/cic-meta/scripts/initdb/server.sqlite.sql
+++ b/apps/cic-meta/scripts/initdb/server.sqlite.sql
@@ -1,9 +0,0 @@
-create table if not exists store (
-	/*id serial primary key not null,*/
-	id integer primary key autoincrement,
-	owner_fingerprint text not null,
-	hash char(64) not null unique,
-	content text not null
-);
-
-create index if not exists idx_fp on store ((lower(owner_fingerprint)));
--- a/apps/cic-meta/scripts/server/args.ts
+++ b/apps/cic-meta/scripts/server/args.ts
@@ -1,28 +0,0 @@
-const args = require('yargs');
-
-const standardArgs = args.option('config', {
-	alias: 'c',
-	type: 'string',
-	description: 'absolute path to configuation files directory', 
-
-}).option('env-prefix', {
-	type: 'string',
-	description: 'prefix to add to environment variables to match configuration directives',
-
-}).option('database-engine', {
-	type: 'string',
-	description: 'database engines to use', 
-
-}).option('address', {
-	alias: 'a',
-	type: 'string',
-	description: 'ip address to bind server to',
-
-}).option('server-address', {
-	alias: 'p',
-	type: 'number',
-	description: 'port to bind server to',
-
-});
-
-export { standardArgs };
--- a/apps/cic-meta/scripts/server/handlers.ts
+++ b/apps/cic-meta/scripts/server/handlers.ts
@@ -1,211 +0,0 @@
-import * as Automerge from 'automerge';
-import * as pgp from 'openpgp';
-import * as pg from 'pg';
-
-import { Envelope, Syncable } from '../../src/sync';
-
-
-function handleNoMergeGet(db, digest, keystore) {
-	const sql = "SELECT content FROM store WHERE hash = '" + digest + "'";
-	return new Promise<string|boolean>((whohoo, doh) => {
-		db.query(sql, (e, rs) => {
-			if (e !== null && e !== undefined) {
-				doh(e);
-				return;
-			} else if (rs.rowCount == 0) {
-				whohoo(false);
-				return;
-			}
-
-			const cipherText = rs.rows[0]['content'];
-			pgp.message.readArmored(cipherText).then((m) => {
-				const opts = {
-					message: m,
-					privateKeys: [keystore.getPrivateKey()],
-				};
-				pgp.decrypt(opts).then((plainText) => {
-					const o = Syncable.fromJSON(plainText.data);
-					const r = JSON.stringify(o.m['data']);
-					whohoo(r);
-				}).catch((e) => {
-					console.error('decrypt', e);
-					doh(e);
-				});
-			}).catch((e) => {
-				console.error('mesage', e);
-				doh(e);
-			});
-		})
-	});
-}
-
-// TODO: add input for change description
-function handleServerMergePost(data, db, digest, keystore, signer) {
-	return new Promise<string>((whohoo, doh) => {
-		const o = JSON.parse(data);
-		const cipherText = handleClientMergeGet(db, digest, keystore).then(async (v) => {
-			let e = undefined;
-			let s = undefined;
-			if (v === undefined) {
-				s = new Syncable(digest, data);
-				s.onwrap = (e) => {
-					whohoo(e.toJSON());
-				};
-				digest = s.digest();
-				s.wrap({
-					digest: digest,
-				});
-			} else {
-				e = Envelope.fromJSON(v);
-				s = e.unwrap();
-				s.replace(o, 'server merge');
-				e.set(s);
-				s.onwrap = (e) => {
-					whohoo(e.toJSON());
-				}
-				digest = s.digest();
-				s.wrap({
-					digest: digest,
-				});
-			}
-		});
-	});
-}
-
-// TODO: this still needs to merge with the stored version
-function handleServerMergePut(data, db, digest, keystore, signer) {
-	return new Promise<boolean>((whohoo, doh) => {
-		const wrappedData = JSON.parse(data);
-
-		if (wrappedData.s === undefined) {
-			doh('signature missing');
-			return;
-		}
-
-		const e = Envelope.fromJSON(wrappedData.m);
-		let s = undefined;
-		try {
-			s = e.unwrap();
-		} catch(e) {
-			console.error(e)
-			whohoo(undefined);
-		}
-		// TODO: we probably should expose method for replacing the signature, this is too intrusive
-		s.m = Automerge.change(s.m, 'sign', (doc) => {
-			doc['signature'] = wrappedData.s;
-		});
-		s.setSigner(signer);
-		s.onauthenticate = (v) => {
-			console.log('vvv', v);
-			if (!v) {
-				whohoo(undefined);
-				return;
-			}
-			const opts = {
-				message: pgp.message.fromText(s.toJSON()),
-				publicKeys: keystore.getEncryptKeys(),
-			};
-			pgp.encrypt(opts).then((cipherText) => {
-				const sql = "INSERT INTO store (owner_fingerprint, hash, content) VALUES ('" + signer.fingerprint() + "', '" + digest + "', '" + cipherText.data + "') ON CONFLICT (hash) DO UPDATE SET content = EXCLUDED.content;";
-				db.query(sql, (e, rs) => {
-					if (e !== null && e !== undefined) {
-						doh(e);
-						return;
-					}
-					whohoo(true);
-				});
-			});
-		};
-		s.authenticate(true)
-	});
-}
-
-
-function handleClientMergeGet(db, digest, keystore) {
-	const sql = "SELECT content FROM store WHERE hash = '" + digest + "'";
-	return new Promise<string>((whohoo, doh) => {
-		db.query(sql, (e, rs) => {
-			console.log('rs', e, rs);
-			if (e !== null && e !== undefined) {
-				doh(e);
-				return;
-			} else if (rs.rowCount == 0) { // TODO fix the postgres/sqlite method name issues, this will now break on postgres
-				whohoo(undefined);
-				return;
-			}
-			const cipherText = rs.rows[0]['content'];
-			pgp.message.readArmored(cipherText).then((m) => {
-				const opts = {
-					message: m,
-					privateKeys: [keystore.getPrivateKey()],
-				};
-				pgp.decrypt(opts).then((plainText) => {
-					const o = Syncable.fromJSON(plainText.data);
-					const e = new Envelope(o);
-					whohoo(e.toJSON());
-				}).catch((e) => {
-					console.error('decrypt', e);
-					doh(e);
-				});
-			}).catch((e) => {
-				console.error('mesage', e);
-				doh(e);
-			});
-		});
-	});
-}
-
-// TODO: this still needs to merge with the stored version
-function handleClientMergePut(data, db, digest, keystore, signer) {
-	return new Promise<boolean>((whohoo, doh) => {
-		let s = undefined;
-		try {
-			const e = Envelope.fromJSON(data);
-			s = e.unwrap();
-		} catch(e) {
-			whohoo(false);
-			console.error(e)
-			return;
-		}
-
-		s.setSigner(signer);
-		s.onauthenticate = (v) => {
-			if (!v) {
-				whohoo(false);
-				return;
-			}
-
-			handleClientMergeGet(db, digest, keystore).then((v) => {
-				if (v !== undefined) {
-					const env = Envelope.fromJSON(v);
-					s.merge(env.unwrap());
-				}
-				const opts = {
-					message: pgp.message.fromText(s.toJSON()),
-					publicKeys: keystore.getEncryptKeys(),
-				};
-				pgp.encrypt(opts).then((cipherText) => {
-					const sql = "INSERT INTO store (owner_fingerprint, hash, content) VALUES ('" + signer.fingerprint() + "', '" + digest + "', '" + cipherText.data + "') ON CONFLICT (hash) DO UPDATE SET content = EXCLUDED.content;";
-					db.query(sql, (e, rs) => {
-						if (e !== null && e !== undefined) {
-							doh(e);
-							return;
-						}
-						whohoo(true);
-					});
-				}).catch((e) => {
-					doh(e);	
-				});
-			});
-		};
-		s.authenticate(true)
-	});
-}
-
-export {
-	handleClientMergePut,
-	handleClientMergeGet,
-	handleServerMergePost,
-	handleServerMergePut,
-	handleNoMergeGet,
-};
--- a/apps/cic-meta/scripts/server/server.ts
+++ b/apps/cic-meta/scripts/server/server.ts
@@ -1,207 +0,0 @@
-import * as http from 'http';
-import * as fs from 'fs';
-import * as path from 'path';
-import * as pgp from 'openpgp';
-
-import * as handlers from './handlers';
-import { Envelope, Syncable } from '../../src/sync';
-import { PGPKeyStore, PGPSigner } from '../../src/auth';
-
-import { standardArgs } from './args';
-import { Config } from '../../src/config';
-import { SqliteAdapter, PostgresAdapter } from '../../src/db';
-
-let configPath = '/usr/local/etc/cic-meta';
-
-const argv = standardArgs.argv;
-
-if (argv['config'] !== undefined) {
-	configPath = argv['config'];
-}
-
-const config = new Config(configPath, argv['env-prefix']);
-config.process();
-console.debug(config.toString());
-
-let fp = path.join(config.get('PGP_EXPORTS_DIR'), config.get('PGP_PUBLICKEY_ACTIVE_FILE'));
-const pubksa = fs.readFileSync(fp, 'utf-8');
-fp = path.join(config.get('PGP_EXPORTS_DIR'), config.get('PGP_PRIVATEKEY_FILE'));
-const pksa = fs.readFileSync(fp, 'utf-8');
-
-const dbConfig = {
-	'name': config.get('DATABASE_NAME'),
-	'user': config.get('DATABASE_USER'),
-	'password': config.get('DATABASE_PASSWORD'),
-	'host': config.get('DATABASE_HOST'),
-	'port': config.get('DATABASE_PORT'),
-	'engine': config.get('DATABASE_ENGINE'),
-};
-let db = undefined;
-if (config.get('DATABASE_ENGINE') == 'sqlite') {
-       	db = new SqliteAdapter(dbConfig);
-} else if (config.get('DATABASE_ENGINE') == 'postgres')  {
-       	db = new PostgresAdapter(dbConfig);
-} else {
-	throw 'database engine ' + config.get('DATABASE_ENGINE') + 'not implemented';
-}
-
-
-let signer = undefined;
-const keystore = new PGPKeyStore(config.get('PGP_PASSPHRASE'), pksa, pubksa, pubksa, pubksa, () => {
-	keysLoaded();
-});
-
-function keysLoaded() {
-	signer = new PGPSigner(keystore);
-	prepareServer();
-}
-
-async function migrateDatabase(cb) {
-	try {
-		const sql = "SELECT 1 FROM store;"
-		db.query(sql, (e, rs) => {
-			if (e === null || e === undefined) {
-				cb();
-				return;
-			}
-			console.warn('db check for table "store" fail', e);
-			
-			console.debug('using schema path', config.get('DATABASE_SCHEMA_SQL_PATH'));
-			const sql = fs.readFileSync(config.get('DATABASE_SCHEMA_SQL_PATH'), 'utf-8');
-			db.query(sql, (e, rs) => {
-				if (e !== undefined && e !== null) {
-					console.error('db initialization fail', e);
-					return;
-				} 
-				cb();
-			});
-
-		});
-	} catch(e) {
-		console.warn('table store does not exist', e);
-	}
-}
-
-async function prepareServer() {
-	await migrateDatabase(startServer);
-}
-
-async function startServer() {
-	http.createServer(processRequest).listen(config.get('SERVER_PORT'));
-}
-
-const re_digest = /^\/([a-fA-F0-9]{64})\/?$/;
-function parseDigest(url) {
-	const digest_test = url.match(re_digest);
-	if (digest_test === null) {
-		throw 'invalid digest';	
-	}
-	return digest_test[1].toLowerCase();
-}
-
-async function processRequest(req, res) {
-	let digest = undefined;
-
-	if (!['PUT', 'GET', 'POST'].includes(req.method)) {
-		res.writeHead(405, {"Content-Type": "text/plain"});
-		res.end();
-		return;
-	}
-
-	try {
-		digest = parseDigest(req.url);
-	} catch(e) {
-		res.writeHead(400, {"Content-Type": "text/plain"});
-		res.end();
-		return;
-	}
-
-	const mergeHeader = req.headers['x-cic-automerge'];
-	let mod = req.method.toLowerCase() + ":automerge:";
-	switch (mergeHeader) {
-		case "client":
-			mod += "client"; // client handles merges
-			break;
-		case "server":
-			mod += "server"; // server handles merges
-			break;
-		default:
-			mod += "none"; // merged object only (get only)
-	}
-
-	let data = '';
-	req.on('data', (d) => {
-		data += d;
-	});
-	req.on('end', async () => {
-		console.debug('mode', mod);
-		let content = '';
-		let contentType = 'application/json';
-		let r:any = undefined;
-		try {
-			switch (mod) {
-				case 'put:automerge:client':
-					r = await handlers.handleClientMergePut(data, db, digest, keystore, signer);
-					if (r == false) {
-						res.writeHead(403, {"Content-Type": "text/plain"});
-						res.end();
-						return;
-					}
-					break;
-
-				case 'get:automerge:client':
-					content = await handlers.handleClientMergeGet(db, digest, keystore);	
-					break;
-
-				case 'post:automerge:server':
-					content = await handlers.handleServerMergePost(data, db, digest, keystore, signer);	
-					break;
-
-				case 'put:automerge:server':
-					r = await handlers.handleServerMergePut(data, db, digest, keystore, signer);	
-					if (r == false) {
-						res.writeHead(403, {"Content-Type": "text/plain"});
-						res.end();
-						return;
-					}
-					break;
-				//case 'get:automerge:server':
-				//	content = await handlers.handleServerMergeGet(db, digest, keystore);	
-				//	break;
-
-				case 'get:automerge:none':
-					r = await handlers.handleNoMergeGet(db, digest, keystore);	
-					if (r == false) {
-						res.writeHead(404, {"Content-Type": "text/plain"});
-						res.end();
-						return;
-					}
-					content = r;
-					break;
-
-				default:
-					res.writeHead(400, {"Content-Type": "text/plain"});
-					res.end();
-					return;
-			}
-		} catch(e) {
-			console.error('fail', mod, digest, e);
-			res.writeHead(500, {"Content-Type": "text/plain"});
-			res.end();
-			return;
-		}
-
-		if (content === undefined) {
-			res.writeHead(400, {"Content-Type": "text/plain"});
-			res.end();
-			return;
-		}
-
-		res.writeHead(200, {
-			"Content-Type": contentType,
-			"Content-Length": content.length,
-		});
-		res.write(content);
-		res.end();
-	});
-}
--- a/apps/cic-meta/src/assets/phone.ts
+++ b/apps/cic-meta/src/assets/phone.ts
@@ -1,31 +0,0 @@
-import { ArgPair, Syncable } from '../sync';
-import { Addressable, addressToBytes, bytesToHex, toKey } from '../digest';
-
-class Phone extends Syncable implements Addressable {
-
-	address:	string
-	value:		number
-
-	constructor(address:string, v:number) {
-		const o = {
-			msisdn: v,
-		}
-		super('', o);
-		Phone.toKey(v).then((phid) => {
-			this.id = phid;	
-			this.address = address;
-		});
-	}
-
-	public static async toKey(msisdn:number) {
-		return await toKey(msisdn.toString(), ':cic.msisdn');
-	}
-
-	public key(): string {
-		return this.id;
-	}
-}
-
-export {
-	Phone,
-}
--- a/apps/cic-meta/src/assets/user.ts
+++ b/apps/cic-meta/src/assets/user.ts
@@ -1,47 +0,0 @@
-import { ArgPair, Syncable } from '../sync';
-import { Addressable, addressToBytes, bytesToHex, toAddressKey } from '../digest';
-
-const keySalt = new TextEncoder().encode(':cic.person');
-class User extends Syncable implements Addressable {
-
-	address:	string
-	firstName: 	string
-	lastName:	string
-
-	constructor(address:string, v:Object={}) {
-		if (v['user'] === undefined) {
-			v['user'] = {
-				firstName: '',
-				lastName: '',
-			}
-		}
-		User.toKey(address).then((uid) => {
-			this.id = uid;
-			this.address = address;
-		});
-		super('', v);
-	}
-
-	public static async toKey(address:string) {
-		return await toAddressKey(address, ':cic.person');
-	}
-
-	public key(): string {
-		return this.id;
-	}
-
-	public setName(firstName:string, lastName:string) {
-		//const fn = new ArgPair('user.firstName', firstName)
-		//const ln = new ArgPair('user.lastName', lastName)
-		const n = {
-			'user': {
-				'firstName': firstName,
-				'lastName': lastName,
-			},
-		}
-		//this.update([fn, ln], 'update name');
-		this.replace(n, 'update name');
-	}
-}
-
-export { User };
--- a/apps/cic-meta/src/auth.ts
+++ b/apps/cic-meta/src/auth.ts
@@ -1,191 +0,0 @@
-import * as pgp from 'openpgp';
-import * as crypto from 'crypto';
-
-interface Signable {
-	digest():string;
-}
-
-type KeyGetter = () => any;
-
-type Signature = {
-	engine:string
-	algo:string
-	data:string
-	digest:string
-}
-
-interface Signer { 
-	prepare(Signable):boolean;
-	onsign(Signature):void;
-	onverify(boolean):void;
-	sign(digest:string):void
-	verify(digest:string, signature:Signature):void
-	fingerprint():string
-}
-
-interface Authoritative {
-}
-
-interface KeyStore {
-	getPrivateKey:		KeyGetter
-	getFingerprint:		() => string
-	getTrustedKeys: 	() => Array<any>
-	getTrustedActiveKeys: 	() => Array<any>
-	getEncryptKeys: 	() => Array<any>
-}
-
-class PGPKeyStore implements KeyStore {
-
-	fingerprint:	string
-	pk:		any
-
-	pubk = {
-		active: [],
-		trusted: [],
-		encrypt: [],
-	}
-	loads = 0x00;
-	loadsTarget = 0x0f;
-	onload: (k:KeyStore) => void;
-
-	constructor(passphrase:string, pkArmor:string, pubkActiveArmor:string, pubkTrustedArmor:string, pubkEncryptArmor:string, onload = (ks:KeyStore) => {}) {
-		this._readKey(pkArmor, undefined, 1, passphrase);
-		this._readKey(pubkActiveArmor, 'active', 2);
-		this._readKey(pubkTrustedArmor, 'trusted', 4);
-		this._readKey(pubkEncryptArmor, 'encrypt', 8);
-		this.onload = onload;
-	}
-
-	private _readKey(a:string, x:any, n:number, pass?:string) {
-		pgp.key.readArmored(a).then((k) => {
-			if (pass !== undefined) {
-				this.pk = k.keys[0];
-				this.pk.decrypt(pass).then(() => {
-					this.fingerprint = this.pk.getFingerprint();
-					console.log('private key (sign)', this.fingerprint);
-					this._registerLoad(n);
-				});
-			} else {
-				this.pubk[x] = k.keys;
-				k.keys.forEach((pubk) => {
-					console.log('public key (' + x + ')', pubk.getFingerprint());
-				});
-				this._registerLoad(n);
-			}
-		});
-	}
-
-	private _registerLoad(b:number) {
-		this.loads |= b;
-		if (this.loads == this.loadsTarget) {
-			this.onload(this);
-		}
-	}
-
-	public getTrustedKeys(): Array<any> {
-		return this.pubk['trusted'];
-	}
-
-	public getTrustedActiveKeys(): Array<any> {
-		return this.pubk['active'];
-
-	}
-
-	public getEncryptKeys(): Array<any> {
-		return this.pubk['encrypt'];
-
-	}
-
-	public getPrivateKey(): any {
-		return this.pk;
-	}
-
-	public getFingerprint(): string {
-		return this.fingerprint;
-	}
-}
-
-class PGPSigner implements Signer {
-
-	engine	= 'pgp'
-	algo	= 'sha256'
-	dgst:		string
-	signature:	Signature
-	keyStore:	KeyStore
-	onsign:		(Signature) => void
-	onverify:	(boolean) => void
-
-	constructor(keyStore:KeyStore) {
-		this.keyStore = keyStore
-		this.onsign = (string) => {};
-		this.onverify = (boolean) => {};
-	}
-
-	public fingerprint(): string {
-		return this.keyStore.getFingerprint();
-	}
-
-	public prepare(material:Signable):boolean {
-		this.dgst = material.digest();
-		return true;
-	}
-
-	public verify(digest:string, signature:Signature) {
-		pgp.signature.readArmored(signature.data).then((s) => {
-			const opts = {
-				message: pgp.cleartext.fromText(digest),
-				publicKeys: this.keyStore.getTrustedKeys(),
-				signature: s,
-			};
-			pgp.verify(opts).then((v) => {
-				let i = 0;
-				for (i = 0; i < v.signatures.length; i++) {
-					const s = v.signatures[i];
-					if (s.valid) {
-						this.onverify(s);
-						return;
-					}
-				}
-				console.error('checked ' + i + ' signature(s) but none valid');
-				this.onverify(false);
-			});
-		}).catch((e) => {
-			console.error(e);
-			this.onverify(false);
-		});
-	}
-
-	public sign(digest:string) {
-		const m = pgp.cleartext.fromText(digest);
-		const pk = this.keyStore.getPrivateKey();
-		const opts = {
-			message: m,
-			privateKeys: [pk],
-			detached: true,
-		}
-		pgp.sign(opts).then((s) => {
-			this.signature = {
-				engine: this.engine,
-				algo: this.algo,
-				data: s.signature,
-				// TODO: fix for browser later
-				digest: digest,
-			};
-			this.onsign(this.signature);
-		}).catch((e) => {
-			console.error(e);
-			this.onsign(undefined);
-		});
-	}
-}
-
-export {
-	Signature,
-	Authoritative,
-       	Signer,
-	KeyGetter,
-	Signable,
-	KeyStore,
-	PGPSigner,
-	PGPKeyStore,
-};
--- a/apps/cic-meta/src/config.ts
+++ b/apps/cic-meta/src/config.ts
@@ -1,71 +0,0 @@
-import * as fs from 'fs';
-import * as ini from 'ini';
-import * as path from 'path';
-
-class Config {
-
-	filepath: 	string
-	store:		Object
-	censor:		Array<string>
-	require:	Array<string>
-	env_prefix:	string
-
-	constructor(filepath:string, env_prefix?:string) {
-		this.filepath = filepath;
-		this.store = {};
-		this.censor = [];
-		this.require = [];
-		this.env_prefix = '';
-		if (env_prefix !== undefined) {
-			this.env_prefix = env_prefix + "_";
-		}
-	}
-
-	public process() {
-		const d = fs.readdirSync(this.filepath);
-		
-		const r = /.*\.ini$/;
-		for (let i = 0; i < d.length; i++) {
-			const f = d[i];
-			if (!f.match(r)) {
-				return;
-			}
-
-			const fp = path.join(this.filepath, f);
-			const v = fs.readFileSync(fp, 'utf-8');
-			const inid = ini.decode(v);
-			const inik = Object.keys(inid);
-			for (let j = 0; j < inik.length; j++) {
-				const k_section = inik[j]
-				const k = k_section.toUpperCase();
-				Object.keys(inid[k_section]).forEach((k_directive) => {
-					const kk = k_directive.toUpperCase();
-					const kkk = k + '_' + kk;
-
-					let r = inid[k_section][k_directive];
-					const k_env = this.env_prefix + kkk
-					const env = process.env[k_env];
-					if (env !== undefined) {
-						console.debug('Environment variable ' + k_env + ' overrides ' + kkk);
-						r = env;
-					}
-					this.store[kkk] = r;
-				});
-			}
-		}
-	}
-
-	public get(s:string) {
-		return this.store[s];
-	}
-
-	public toString() {
-		let s = '';
-		Object.keys(this.store).forEach((k) => {
-			s += k + '=' + this.store[k] + '\n';
-		});
-		return s;
-	}	
-}
-
-export { Config };
--- a/apps/cic-meta/src/constants.ts
+++ b/apps/cic-meta/src/constants.ts
@@ -1,38 +0,0 @@
-import { JSONSerializable } from './format';
-
-const ENGINE_NAME = 'automerge';
-const ENGINE_VERSION = '0.14.1';
-
-const NETWORK_NAME = 'cic';
-const NETWORK_VERSION = '1';
-
-const CRYPTO_NAME = 'pgp';
-const CRYPTO_VERSION = '2';
-
-type VersionedSpec = {
-	name:		string
-	version: 	string
-	ext?:		Object
-}
-
-const engineSpec:VersionedSpec = {
-	name: ENGINE_NAME,
-	version: ENGINE_VERSION,			
-}
-
-const cryptoSpec:VersionedSpec = {
-	name: CRYPTO_NAME,
-	version: CRYPTO_VERSION,
-}
-
-const networkSpec:VersionedSpec = {
-	name: NETWORK_NAME,
-	version: NETWORK_VERSION,
-}
-
-export {
-	engineSpec,
-	cryptoSpec,
-	networkSpec,
-	VersionedSpec,
-};
--- a/apps/cic-meta/src/crypto.ts
+++ b/apps/cic-meta/src/crypto.ts
@@ -1,27 +0,0 @@
-import * as crypto from 'crypto';
-
-const _algs = {
-	'SHA-256': 'sha256',
-}
-
-function cryptoWrapper() {
-}
-
-cryptoWrapper.prototype.digest = async function(s, d) {
-	const h = crypto.createHash(_algs[s]);
-	h.update(d);
-	return h.digest();
-}
-
-let subtle = undefined;
-if (typeof window !== 'undefined') {
-	subtle = window.crypto.subtle;
-} else {
-	subtle = new cryptoWrapper();
-}
-
-
-export {
-	subtle,
-}
-
--- a/apps/cic-meta/src/db.ts
+++ b/apps/cic-meta/src/db.ts
@@ -1,90 +0,0 @@
-import * as pg from 'pg';
-import * as sqlite from 'sqlite3';
-
-type DbConfig = {
-	name:		string
-	host:		string
-	port:		number
-	user:		string
-	password:	string	
-}
-
-interface DbAdapter {
-	query:	(s:string, callback:(e:any, rs:any) => void) => void
-	close: 	() => void
-}
-
-const re_creatematch = /^(CREATE)/i
-const re_getmatch = /^(SELECT)/i;
-const re_setmatch = /^(INSERT|UPDATE)/i;
-
-class SqliteAdapter implements DbAdapter {
-
-	db:		any
-
-	constructor(dbConfig:DbConfig, callback?:(any) => void) {
-		this.db = new sqlite.Database(dbConfig.name); //, callback);
-	}
-
-	public query(s:string, callback:(e:any, rs?:any) => void): void {
-		const local_callback = (e, rs) => {
-			let r = undefined;
-			if (rs !== undefined) {
-				r = {
-					rowCount: rs.length,
-					rows: rs,
-				}
-			}
-			callback(e, r);
-		};
-		if (s.match(re_getmatch)) {
-			this.db.all(s, local_callback);
-		} else if (s.match(re_setmatch)) {
-			this.db.run(s, local_callback);
-		} else if (s.match(re_creatematch)) {
-			this.db.run(s, callback);
-		} else {
-			throw 'unhandled query';
-		}
-	}
-
-	public close() {
-		this.db.close();
-	}
-}
-
-class PostgresAdapter implements DbAdapter {
-
-	db:		any
-
-	constructor(dbConfig:DbConfig) {
-		let o = dbConfig;
-		o['database'] = o.name;
-		this.db = new pg.Pool(o);
-		return this.db;
-	}
-
-	public query(s:string, callback:(e:any, rs:any) => void): void {
-		this.db.query(s, (e, rs) => {
-			let r = {
-				length: rs.rowCount,
-			}
-			rs.length = rs.rowCount;
-			if (e === undefined) {
-				e = null;
-			}
-			console.debug(e, rs);
-			callback(e, rs);
-		});
-	}
-
-	public close() {
-		this.db.end();
-	}
-}
-
-export {
-	DbConfig,
-	SqliteAdapter,
-	PostgresAdapter,
-}
--- a/apps/cic-meta/src/digest.ts
+++ b/apps/cic-meta/src/digest.ts
@@ -1,67 +0,0 @@
-import * as crypto from './crypto';
-
-interface Addressable {
-	key(): string
-	digest(): string
-}
-
-function stringToBytes(s:string) {
-	const a = new Uint8Array(20);
-	let j = 2;
-	for (let i = 0; i < a.byteLength; i++) {
-		const n = parseInt(s.substring(j, j+2), 16);
-		a[i] = n;
-		j += 2;
-	}
-	return a;
-}
-
-function bytesToHex(a:Uint8Array) {
-	let s = '';
-	for (let i = 0; i < a.byteLength; i++) {
-		const h = '00' + a[i].toString(16);
-		s += h.slice(-2);
-	}
-	return s;
-}
-
-async function mergeKey(a:Uint8Array, s:Uint8Array) {
-	const y = new Uint8Array(a.byteLength + s.byteLength);
-	for (let i = 0; i < a.byteLength; i++) {
-		y[i] = a[i];
-	}
-	for (let i = 0; i < s.byteLength; i++) {
-		y[a.byteLength + i] = s[i];
-	}
-	const z = await crypto.subtle.digest('SHA-256', y);
-	return bytesToHex(new Uint8Array(z));
-}
-
-async function toKey(v:string, salt:string) {
-	const a = stringToBytes(v);
-	const s = new TextEncoder().encode(salt);
-	return await mergeKey(a, s);
-}
-
-
-async function toAddressKey(zeroExHex:string, salt:string) {
-	const a = addressToBytes(zeroExHex);
-	const s = new TextEncoder().encode(salt);
-	return await mergeKey(a, s);
-}
-
-const re_addrHex = /^0[xX][a-fA-F0-9]{40}$/;
-function addressToBytes(s:string) {
-	if (!s.match(re_addrHex)) {
-		throw 'invalid address hex';
-	}
-	return stringToBytes(s);
-}
-
-export {
-	toKey,
-	toAddressKey,
-	bytesToHex,
-	addressToBytes,
-	Addressable,
-}
--- a/apps/cic-meta/src/dispatch.ts
+++ b/apps/cic-meta/src/dispatch.ts
@@ -1,58 +0,0 @@
-import { v4 as uuidv4 } from 'uuid';
-import { Syncable } from './sync';
-import { Store } from './store';
-import { PubSub } from './transport';
-
-function toIndexKey(id:string):string {
-	const d = Date.now();
-	return d + '_' + id + '_' + uuidv4();
-}
-
-const _re_indexKey = /^\d+_(.+)_[-\d\w]+$/;
-function fromIndexKey(s:string):string {
-	const m = s.match(_re_indexKey);
-	if (m === null) {
-		throw 'Invalid index key';
-	}
-	return m[1];
-}
-
-class Dispatcher {
-
-	idx:		Array<string>
-	syncer:		PubSub
-	store:		Store
-
-	constructor(store:Store, syncer:PubSub) {
-		this.idx = new Array<string>()
-		this.syncer = syncer;
-		this.store = store;
-	}
-
-	public isDirty(): boolean {
-		return this.idx.length > 0;
-	}
-
-	public add(id:string, item:Syncable): string {
-		const v = item.toJSON();
-		const k = toIndexKey(id);
-		this.store.put(k, v, true);
-		localStorage.setItem(k, v);
-		this.idx.push(k);
-		return k;
-	}
-
-	public sync(offset:number): number {
-		let i = 0;
-		this.idx.forEach((k) => {
-			const v = localStorage.getItem(k);
-			const k_id = fromIndexKey(k);
-			this.syncer.pub(v); // this must block until guaranteed delivery
-			localStorage.removeItem(k);
-			i++;
-		});
-		return i;
-	}
-}
-
-export { Dispatcher, toIndexKey, fromIndexKey }
--- a/apps/cic-meta/src/format.ts
+++ b/apps/cic-meta/src/format.ts
@@ -1,5 +0,0 @@
-interface JSONSerializable {
-	toJSON(): string
-}
-
-export { JSONSerializable };
--- a/apps/cic-meta/src/index.ts
+++ b/apps/cic-meta/src/index.ts
@@ -1,4 +0,0 @@
-export { PGPSigner, PGPKeyStore } from './auth';
-export { Envelope, Syncable } from './sync';
-export { User } from './assets/user';
-export { Phone } from './assets/phone';
--- a/apps/cic-meta/src/store.ts
+++ b/apps/cic-meta/src/store.ts
@@ -1,9 +0,0 @@
-import { Syncable } from './sync';
-
-interface Store {
-	put(string, Syncable, boolean?)
-	get(string):Syncable
-	delete(string)
-}
-
-export { Store };
--- a/apps/cic-meta/src/sync.ts
+++ b/apps/cic-meta/src/sync.ts
@@ -1,266 +0,0 @@
-import * as Automerge from 'automerge';
-
-import { JSONSerializable } from './format';
-
-import { Authoritative, Signer, PGPSigner, Signable, Signature } from './auth';
-
-import { engineSpec, cryptoSpec, networkSpec, VersionedSpec  } from './constants';
-
-const fullSpec:VersionedSpec = {
-	name: 'cic',
-	version: '1',
-	ext: {
-		network: cryptoSpec,
-		engine: engineSpec,
-	},
-}
-
-class Envelope {
-
-	o = fullSpec
-
-	constructor(payload:Object) {
-		this.set(payload);
-	}
-
-	public set(payload:Object) {
-		this.o['payload'] = payload
-	}
-
-	public get():string {
-		return this.o['payload'];
-	}
-
-	public toJSON() {
-		return JSON.stringify(this.o);
-	}
-
-	public static fromJSON(s:string): Envelope {
-		const e = new Envelope(undefined);
-		e.o = JSON.parse(s);
-		return e;
-	}
-
-	public unwrap(): Syncable {
-		return Syncable.fromJSON(this.o['payload']);
-	}
-}
-
-class ArgPair {
-
-	k:string
-	v:any
-
-	constructor(k:string, v:any) {
-		this.k = k;
-		this.v = v;
-	}
-}
-
-class SignablePart implements Signable {
-
-	s: string
-
-	constructor(s:string) {
-		this.s = s;
-	}
-
-	public digest():string {
-		return this.s;
-	}
-}
-
-function orderDict(src) {
-	let dst;
-	if (Array.isArray(src)) {
-		dst = [];
-		src.forEach((v) => {
-			if (typeof(v) == 'object') {
-				v = orderDict(v);
-			}
-			dst.push(v);
-		});
-	} else {
-		dst = {}
-		Object.keys(src).sort().forEach((k) => {
-			let v = src[k];
-			if (typeof(v) == 'object') {
-				v = orderDict(v);
-			}
-			dst[k] = v;
-		});
-	} 
-	return dst;
-}
-
-class Syncable implements JSONSerializable, Authoritative {
-
-	id:		string
-	timestamp:	number
-	m:		any // automerge object
-	e:		Envelope
-	signer:		Signer
-	onwrap: 	(string) => void
-	onauthenticate:	(boolean) => void
-
-	// TODO: Move data to sub-object so timestamp, id, signature don't collide
-	constructor(id:string, v:Object) {
-		this.id = id;
-		const o = {
-			'id': id,
-			'timestamp': Math.floor(Date.now() / 1000),
-			'data': v,
-		}
-		//this.m = Automerge.from(v)
-		this.m = Automerge.from(o)
-	}
-
-	public setSigner(signer:Signer) {
-		this.signer = signer;
-		this.signer.onsign = (s) => {
-			this.wrap(s);
-		};
-	}
-
-	// TODO: To keep integrity, the non-link key/value pairs for each step also need to be hashed
-	public digest(): string {
-		const links = [];
-		Automerge.getAllChanges(this.m).forEach((ch:Object) => {
-			const op:Array<any> = ch['ops'];
-			ch['ops'].forEach((op:Array<Object>) => {
-				if (op['action'] == 'link') {
-					//console.log('op link', op);
-					links.push([op['obj'], op['value']]);
-				}
-			});
-		});
-		//return JSON.stringify(links);
-		const j = JSON.stringify(links);
-		return Buffer.from(j).toString('base64');
-	}
-
-	private wrap(s:any) {
-		this.m = Automerge.change(this.m, 'sign', (doc) => {
-			doc['signature'] = s;
-		});
-		this.e = new Envelope(this.toJSON());
-		console.log('wrappin s', s, typeof(s));
-		this.e.o['digest'] = s.digest;
-		if (this.onwrap !== undefined) {
-			this.onwrap(this.e);
-		}
-
-	}
-
-//	private _verifyLoop(i:number, history:Array<any>, signable:Signable, result:boolean) {
-//		if (!result) {
-//			this.onauthenticate(false);
-//			return;
-//		} else if (history.length == 0) {
-//			this.onauthenticate(true);
-//			return;
-//		}
-//		const h = history.shift()
-//		if (i % 2 == 0) {
-//			i++;
-//			signable = {
-//				digest: () => {
-//					return Automerge.save(h.snapshot)
-//				},
-//			};
-//			this._verifyLoop(i, history, signable, true);
-//		} else {
-//			i++;
-//			const signature = h.snapshot['signature'];
-//			console.debug('signature', signature, signable.digest());
-//			this.signer.onverify = (v) => {
-//				this._verifyLoop(i, history, signable, v)
-//			}
-//			this.signer.verify(signable, signature);
-//		}
-//	}
-//
-//	// TODO: This should replay the graph and check signatures on each step
-//	public _authenticate(full:boolean=false) {
-//		let h = Automerge.getHistory(this.m);
-//		h.forEach((m) => {
-//			//console.debug(m.snapshot);
-//		});
-//		const signable = {
-//			digest: () => { return '' },
-//		}
-//		if (!full) {
-//			h = h.slice(h.length-2);
-//		}
-//		this._verifyLoop(0, h, signable, true);
-//	}
-
-	public authenticate(full:boolean=false) {
-		if (full) {
-			console.warn('only doing shallow authentication for now, sorry');			
-		}
-		//console.log('authenticating', signable.digest());
-		//console.log('signature', this.m.signature);
-		this.signer.onverify = (v) => {
-			//this._verifyLoop(i, history, signable, v)
-			this.onauthenticate(v);
-		}
-		this.signer.verify(this.m.signature.digest, this.m.signature);
-	}
-
-
-	public sign() {
-		//this.signer.prepare(this);
-		this.signer.sign(this.digest());
-	}
-
-	public update(changes:Array<ArgPair>, changesDescription:string) {
-		this.m = Automerge.change(this.m, changesDescription, (m) => {
-			changes.forEach((c) => {
-				let path = c.k.split('.');
-				let target = m['data'];
-				while (path.length > 1) {
-					const part = path.shift();
-					target = target[part];
-				}
-				target[path[0]] = c.v;
-			});
-			m['timestamp'] = Math.floor(Date.now() / 1000);
-		});
-	}
-
-	public replace(o:Object, changesDescription:string) {
-		this.m = Automerge.change(this.m, changesDescription, (m) => {
-			Object.keys(o).forEach((k) => {
-				m['data'][k] = o[k];
-			});
-			Object.keys(m).forEach((k) => {
-				if (o[k] == undefined) {
-					delete m['data'][k];
-				}
-			});
-			m['timestamp'] = Math.floor(Date.now() / 1000);
-		});
-	}
-
-	public merge(s:Syncable) {
-		this.m = Automerge.merge(s.m, this.m);
-	}
-
-	public toJSON(): string {
-		const s = Automerge.save(this.m);
-		const o = JSON.parse(s);
-		const oo = orderDict(o)
-		return JSON.stringify(oo);
-
-	}
-
-	public static fromJSON(s:string): Syncable {
-		const doc = Automerge.load(s);
-		let y = new Syncable(doc['id'], {});
-		y.m = doc
-		return y
-	}
-}
-
-export { JSONSerializable, Syncable, ArgPair, Envelope };
--- a/apps/cic-meta/src/transport.ts
+++ b/apps/cic-meta/src/transport.ts
@@ -1,11 +0,0 @@
-interface SubConsumer {
-	post(string)
-}
-
-interface PubSub {
-	pub(v:string):boolean
-	close()
-}
-
-export { PubSub, SubConsumer };
-
--- a/apps/cic-meta/tests/1_basic.ts
+++ b/apps/cic-meta/tests/1_basic.ts
@@ -1,50 +0,0 @@
-import * as Automerge from 'automerge';
-import assert = require('assert');
-
-import { Dispatcher, toIndexKey, fromIndexKey } from '../src/dispatch';
-import { User } from '../src/assets/user';
-import { Syncable, ArgPair } from '../src/sync';
-
-import { MockSigner, MockStore } from './mock';
-
-describe('basic', () => {
-
-	it('store', () => {
-		const store = new MockStore('s');
-		assert.equal(store.name, 's');
-
-		const mockSigner = new MockSigner();
-		const v = new Syncable('foo', {baz: 42});
-		v.setSigner(mockSigner);
-		store.put('foo', v);
-		const one = store.get('foo').toJSON();
-		const vv = new Syncable('bar', {baz: 666});
-		vv.setSigner(mockSigner);
-		assert.throws(() => {
-			store.put('foo', vv)
-		});
-		store.put('foo', vv, true);
-		const other = store.get('foo').toJSON();
-		assert.notEqual(one, other);
-		store.delete('foo');
-		assert.equal(store.get('foo'), undefined);
-	});
-
-	it('add_doc_to_dispatcher', () => {
-		const store = new MockStore('s');
-		//const syncer = new MockSyncer();
-		const dispatcher = new Dispatcher(store, undefined);
-		const user = new User('foo'); 
-		dispatcher.add(user.id, user);
-		assert(dispatcher.isDirty());
-	});
-
-	it('dispatch_keyindex', () => {
-		const s = 'foo';
-		const k = toIndexKey(s);
-		const v = fromIndexKey(k);
-		assert.equal(s, v);
-	});
-
-
-});
--- a/apps/cic-meta/tests/2_sync.ts
+++ b/apps/cic-meta/tests/2_sync.ts
@@ -1,212 +0,0 @@
-import * as Automerge from 'automerge';
-import assert = require('assert');
-
-import * as pgp from 'openpgp';
-import * as fs from 'fs';
-
-import { PGPSigner } from '../src/auth';
-
-import { Syncable, ArgPair } from '../src/sync';
-
-import { MockKeyStore, MockSigner } from './mock';
-
-
-describe('sync', async () => {
-	it('sync_merge', () => {
-		const mockSigner = new MockSigner();
-		const s = new Syncable('foo', {
-			bar: 'baz',
-		});
-		s.setSigner(mockSigner);
-		const changePair = new ArgPair('xyzzy', 42);
-		s.update([changePair], 'ch-ch-cha-changes');
-		assert.equal(s.m.data['xyzzy'], 42)
-		assert.equal(s.m.data['bar'], 'baz')
-		assert.equal(s.m['id'], 'foo')
-		assert.equal(Automerge.getHistory(s.m).length, 2);
-	});
-
-	it('sync_serialize', () => {
-		const mockSigner = new MockSigner();
-		const s = new Syncable('foo', {
-			bar: 'baz',
-		});
-		s.setSigner(mockSigner);
-		const j = s.toJSON();
-		const ss = Syncable.fromJSON(j);
-		assert.equal(ss.m['id'], 'foo');
-		assert.equal(ss.m['data']['bar'], 'baz');
-		assert.equal(Automerge.getHistory(ss.m).length, 1);
-	});
-
-	it('sync_sign_and_wrap', () => {
-		const mockSigner = new MockSigner();
-		const s = new Syncable('foo', {
-			bar: 'baz',
-		});
-		s.setSigner(mockSigner);
-		s.onwrap = (e) => {
-			const j = e.toJSON();
-			const v = JSON.parse(j);
-			assert.deepEqual(v.payload, e.o.payload);
-
-		}
-		s.sign();
-	});
-	it('sync_verify_success', async () => {
-		const pksa = fs.readFileSync(__dirname + '/privatekeys.asc');
-		const pks = await pgp.key.readArmored(pksa);
-		await pks.keys[0].decrypt('merman');
-		await pks.keys[1].decrypt('beastman');
-
-		const pubksa = fs.readFileSync(__dirname + '/publickeys.asc');
-		const pubks = await pgp.key.readArmored(pubksa);
-
-		const oneStore = new MockKeyStore(pks.keys[0], pubks.keys);
-		const twoStore = new MockKeyStore(pks.keys[1], pubks.keys);
-		const threeStore = new MockKeyStore(pks.keys[2], [pubks.keys[0], pubks.keys[2]]);
-
-		const oneSigner = new PGPSigner(oneStore);
-		const twoSigner = new PGPSigner(twoStore);
-		const threeSigner = new PGPSigner(threeStore);
-
-		const x = new Syncable('foo', {
-			bar: 'baz',		  
-		});
-		x.setSigner(oneSigner);
-
-		// TODO: make this look better
-		x.onwrap = (e) => {
-			let updateData = new ArgPair('bar', 'xyzzy');
-			x.update([updateData], 'change one');
-
-			x.onwrap = (e) => {
-				x.setSigner(twoSigner);
-				updateData = new ArgPair('bar', 42);
-				x.update([updateData], 'change two');
-
-				x.onwrap = (e) => {
-					const p = e.unwrap();
-					p.setSigner(twoSigner);
-					p.onauthenticate = (v) => {
-						assert(v);
-					}
-					p.authenticate();
-				}
-
-				x.sign();
-			};
-
-			x.sign();
-		}
-
-		x.sign();
-
-	});
-
-	it('sync_verify_fail', async () => {
-		const pksa = fs.readFileSync(__dirname + '/privatekeys.asc');
-		const pks = await pgp.key.readArmored(pksa);
-		await pks.keys[0].decrypt('merman');
-		await pks.keys[1].decrypt('beastman');
-
-		const pubksa = fs.readFileSync(__dirname + '/publickeys.asc');
-		const pubks = await pgp.key.readArmored(pubksa);
-
-		const oneStore = new MockKeyStore(pks.keys[0], pubks.keys);
-		const twoStore = new MockKeyStore(pks.keys[1], pubks.keys);
-		const threeStore = new MockKeyStore(pks.keys[2], [pubks.keys[0], pubks.keys[2]]);
-
-		const oneSigner = new PGPSigner(oneStore);
-		const twoSigner = new PGPSigner(twoStore);
-		const threeSigner = new PGPSigner(threeStore);
-
-		const x = new Syncable('foo', {
-			bar: 'baz',		  
-		});
-		x.setSigner(oneSigner);
-
-		// TODO: make this look better
-		x.onwrap = (e) => {
-			let updateData = new ArgPair('bar', 'xyzzy');
-			x.update([updateData], 'change one');
-
-			x.onwrap = (e) => {
-				x.setSigner(twoSigner);
-				updateData = new ArgPair('bar', 42);
-				x.update([updateData], 'change two');
-
-				x.onwrap = (e) => {
-					const p = e.unwrap();
-					p.setSigner(threeSigner);
-					p.onauthenticate = (v) => {
-						assert(!v);
-					}
-					p.authenticate();
-				}
-
-				x.sign();
-			};
-
-			x.sign();
-		}
-
-		x.sign();
-
-	});
-
-	xit('sync_verify_shallow_tricked', async () => {
-		const pksa = fs.readFileSync(__dirname + '/privatekeys.asc');
-		const pks = await pgp.key.readArmored(pksa);
-		await pks.keys[0].decrypt('merman');
-		await pks.keys[1].decrypt('beastman');
-
-		const pubksa = fs.readFileSync(__dirname + '/publickeys.asc');
-		const pubks = await pgp.key.readArmored(pubksa);
-
-		const oneStore = new MockKeyStore(pks.keys[0], pubks.keys);
-		const twoStore = new MockKeyStore(pks.keys[1], pubks.keys);
-		const threeStore = new MockKeyStore(pks.keys[2], [pubks.keys[0], pubks.keys[2]]);
-
-		const oneSigner = new PGPSigner(oneStore);
-		const twoSigner = new PGPSigner(twoStore);
-		const threeSigner = new PGPSigner(threeStore);
-
-		const x = new Syncable('foo', {
-			bar: 'baz',		  
-		});
-		x.setSigner(twoSigner);
-
-		// TODO: make this look better
-		x.onwrap = (e) => {
-			let updateData = new ArgPair('bar', 'xyzzy');
-			x.update([updateData], 'change one');
-
-			x.onwrap = (e) => {
-				updateData = new ArgPair('bar', 42);
-				x.update([updateData], 'change two');
-				x.setSigner(oneSigner);
-
-				x.onwrap = (e) => {
-					const p = e.unwrap();
-					p.setSigner(threeSigner);
-					p.onauthenticate = (v) => {
-						assert(v);
-						p.onauthenticate = (v) => {
-							assert(!v);
-						}
-						p.authenticate(true);
-					}
-					p.authenticate();
-				}
-
-				x.sign();
-			};
-
-			x.sign();
-		}
-
-		x.sign();
-
-	});
-});
--- a/apps/cic-meta/tests/3_transport.ts
+++ b/apps/cic-meta/tests/3_transport.ts
@@ -1,14 +0,0 @@
-import * as assert from 'assert';
-
-import { MockPubSub, MockConsumer } from './mock';
-
-describe('transport', () => {
-	it('pub_sub', () => {
-		const c = new MockConsumer();
-		const ps = new MockPubSub('foo', c);
-		ps.pub('foo');	
-		ps.pub('bar');
-		ps.flush();
-		assert.deepEqual(c.omnoms, ['foo', 'bar']);
-	});
-});
--- a/apps/cic-meta/tests/4_auth.ts
+++ b/apps/cic-meta/tests/4_auth.ts
@@ -1,46 +0,0 @@
-import assert = require('assert');
-import pgp = require('openpgp');
-import crypto  = require('crypto');
-
-import { Syncable, ArgPair } from '../src/sync';
-
-import { MockKeyStore, MockSignable } from './mock';
-
-import { PGPSigner } from '../src/auth';
-
-
-describe('auth', async () => {
-	await it('digest', async () => {
-		const opts = {
-			userIds: [
-				{
-					name: 'John Marston',
-					email: 'red@dead.com',
-				},
-			],
-			numBits: 2048,
-			passphrase: 'foo',
-		};
-		const pkgen = await pgp.generateKey(opts);
-		const pka = pkgen.privateKeyArmored;
-		const pks = await pgp.key.readArmored(pka);
-		await pks.keys[0].decrypt('foo');
-		const pubka = pkgen.publicKeyArmored;
-		const pubks = await pgp.key.readArmored(pubka);
-		const keyStore = new MockKeyStore(pks.keys[0], pubks.keys);
-		const s = new PGPSigner(keyStore);
-
-		const message = await pgp.cleartext.fromText('foo');
-		s.onverify = (ok) => {
-			assert(ok);
-		}
-		s.onsign = (signature) => {
-			s.onverify((v) => {
-				console.log('bar', v);
-			});
-			s.verify('foo', signature);
-		}
-		
-		await s.sign('foo');
-	});
-});	
--- a/apps/cic-meta/tests/999_functional.ts
+++ b/apps/cic-meta/tests/999_functional.ts
@@ -1,47 +0,0 @@
-import * as assert from 'assert';
-import * as pgp from 'openpgp';
-
-import { Dispatcher } from '../src/dispatch';
-import { User } from '../src/assets/user';
-import { PGPSigner, KeyStore } from '../src/auth';
-import { SubConsumer } from '../src/transport';
-
-import { MockStore, MockPubSub, MockConsumer, MockKeyStore } from './mock';
-
-async function createKeyStore() {
-	const opts = {
-		userIds: [
-			{
-				name: 'John Marston',
-				email: 'red@dead.com',
-			},
-		],
-		numBits: 2048,
-		passphrase: 'foo',
-	};
-	const pkgen = await pgp.generateKey(opts);
-	const pka = pkgen.privateKeyArmored;
-	const pks = await pgp.key.readArmored(pka);
-	await pks.keys[0].decrypt('foo');
-	return new MockKeyStore(pks.keys[0], []);
-}
-
-describe('fullchain', async () => {
-	it('dispatch_and_publish_user', async () => {
-		const g = await createKeyStore();
-		const n = new PGPSigner(g);
-		const u = new User('u1', {});
-		u.setSigner(n);
-		u.setName('Nico', 'Bellic');
-		const s = new MockStore('fooStore');
-		const c = new MockConsumer();
-		const p = new MockPubSub('fooPubSub', c);
-		const d = new Dispatcher(s, p);
-		u.onwrap = (e) => {
-			d.add(u.id, e);
-			d.sync(0);
-			assert.equal(p.pubs.length, 1);
-		};
-		u.sign();
-	});
-});
--- a/apps/cic-meta/tests/mock.ts
+++ b/apps/cic-meta/tests/mock.ts
@@ -1,150 +0,0 @@
-import * as crypto from 'crypto';
-
-import { Signable, Signature, KeyStore } from '../src/auth';
-import { Store } from '../src/store';
-import { PubSub, SubConsumer } from '../src/transport';
-import { Syncable } from '../src/sync';
-
-class MockStore implements Store {
-	
-	contents:	Object
-	name:		string
-
-	constructor(name:string) {
-		this.name = name;
-		this.contents = {};
-	}
-
-	public put(k:string, v:Syncable, existsOk = false) {
-		if (!existsOk && this.contents[k] !== undefined) {
-			throw '"' + k + '" already exists in store ' + this.name;
-		} 
-		this.contents[k] = v;
-	}
-
-	public get(k:string): Syncable {
-		return this.contents[k];
-	}
-
-	public delete(k:string) {
-		delete this.contents[k];
-	}
-}
-
-class MockSigner {
-	onsign: (string) => void
-	onverify: (boolean) => void
-	public verify(src:string, signature:Signature) {
-		return true;
-	}
-
-	public sign(s:string):boolean {
-		this.onsign('there would be a signature here');
-		return true;
-	}
-
-	public prepare(m:Signable):boolean {
-		return true;
-	}
-
-	public fingerprint():string {
-		return '';
-	}
-}
-
-class MockConsumer implements SubConsumer {
-
-	omnoms:	Array<string>
-
-	constructor() {
-		this.omnoms = Array<string>();
-	}
-
-	public post(v:string) {
-		this.omnoms.push(v);
-	}
-}
-
-class MockPubSub implements PubSub {
-
-	pubs:		Array<string>
-	consumer:	SubConsumer
-
-	constructor(name:string, consumer:SubConsumer) {
-		this.pubs = Array<string>();	
-		this.consumer = consumer;
-	}
-	
-	public pub(v:string): boolean {
-		this.pubs.push(v);
-		return true;
-	}
-
-	public flush() {
-		while (this.pubs.length > 0) {
-			const s = this.pubs.shift();
-			this.consumer.post(s);
-		}
-	}
-
-	public close() {
-	}
-}
-
-class MockSignable implements Signable {
-
-	src:	string
-	dst:	string
-
-	constructor(src:string) {
-		this.src = src;
-	}
-
-	public digest():string {
-		const h = crypto.createHash('sha256');
-		h.update(this.src);
-		this.dst= h.digest('hex');
-		return this.dst;
-	}
-
-}
-
-class MockKeyStore implements KeyStore {
-
-	pk: any
-	pubks: Array<any>
-
-	constructor(pk:any, pubks:Array<any>) {
-		this.pk = pk;
-		this.pubks = pubks;	
-	}
-
-	public getPrivateKey(): any {
-		return this.pk;
-	}
-
-	public getTrustedKeys(): Array<any> {
-		return this.pubks;
-	}
-
-	public getTrustedActiveKeys(): Array<any> {
-		return [];
-	}
-
-	public getEncryptKeys(): Array<any> {
-		return [];
-	}
-
-	public getFingerprint(): string {
-		return '';
-	}
-}
-
-export {
-	MockStore,
-	MockPubSub,
-	MockConsumer,
-	MockSignable,
-	MockKeyStore,
-	MockSigner,
-};
--- a/apps/cic-meta/tests/privatekeys.asc
+++ b/apps/cic-meta/tests/privatekeys.asc
@@ -1,241 +0,0 @@
-----BEGIN PGP PRIVATE KEY BLOCK-----
-
-lQWGBF+hSOgBDACpkPQEjADjnQtjmAsdPYpx5N+OMJBYj1DAoIYsDtV6vbcBJQt9
-4Om3xl7RBhv9m2oLgzPsiRwjCEFRWyNSu0BUp5CFjcXfm0S4K2egx4erFnTnSSC9
-S6tmVNrVNEXvScE6sKAnmJ7JNX1ExJuEiWPbUDRWJ1hoI9+AR+8EONeJRLo/j0Np
-+S4IFDn0PsxdT+SB0GY0z2cEgjvjoPr4lW9IAb8Ft9TDYp+mOzejn1Fg7CuIrlBR
-SAv+sj7bVQw15dh1SpbwtS5xxubCa8ExEGI4ByXmeXdR0KZJ+EA5ksO0iSsQ/6ip
-SOdSg+i0niOClFNm1P/OhbUsYAxCUfiX654FMn2zoxVBEjJ3e7l0pH7ktodaxEct
-PofQLBA9LSDUIejqJsU0npw/DHDD2uvxG+/A6lgV9L8ETlvgp8RzeOCf2bHuiKYY
-z87txvkFwsXgU1+TZxbk+mtCBbngsVPLNarY/KGkVJL+yhcHRD0Pl4wXUd6auQuY
-6vQ9AuKiCT1We2sAEQEAAf4HAwK2fexgxtQ8CfgdeIlzdeY9K+HZL18brETddoya
-3BeC1MSH7gxXqtCVQ5qdBk27J4wlGl0H83kYSCeVQs6hmrSrv8JCErguIdpZIJ/D
-kcjGlGrOELfnXeif0VfUZN3LWxJZizCIS8I9F8VKD9c57nZEcbWcKTLizV0j1BeT
-sdrumt/3UDhpCJTj1q3biRsiUbpmX+jPlRWN3OeSZJaRRyy4FnzTs3bndBYmkOsk
-ZNKRk7jRNEU/LItbABStuP2zDrZsampVntKcNRXBVE2170t4T/Q4Gc0ckz4ohprY
-lGykE2DdwapCdcKWccVXhM+svDwoLf+g4kjKuCE7R11v6rZlRxYrfquZXwtUx0DB
-17x+JqyBaacyWm3Vq65DcNyiQw2NqCPdJU+iZoOGaermKIz3BqwxY+WE0HyjxQkH
-P5KUpKQTmsTIlwHWFOVDYMRUUvD7P7XiElOBECDb3bJL9+z2SHZWTE6OaZKnmBFf
-ZTdXgtGe/Ctx97PgWZOwM500Q45QC+D59NCYtXRtqi9WCLGsZpQbSZmojIUOJRuD
-s5un+8lA3T0BhlJS4DC9CgN8Lxs4kT/XV/LYiXU4Z8MWEahurEbpDwH6YNzGktUR
-zuE9HOe0fesdrOV0Sk2aol5CCRj3vTcsROTFUcT6UYPq28vy0U3zUJVvyNa0swk7
-PUiB+xhCi24Z9dy+0F1q1L20tJ/YCjC/tyLI36Rkl85PnoviwOOOll0+/claf8BV
-e9x43voYe0o8Q7ttU0aFxVH/lGaTRyVMcXJFw0EPLuwIrcGrcauatcbO7lI2nVww
-kBZFepWh7JBRl2x5SXnvTqLnWp2D5w1viUPcBN5xAj9IKOWrRr2kIRLiOVIGh9ta
-Hiio2+vg/ZmhsmMzA36xYkH6NvyjNAeLUgTVfEAtsCrRXdW8FYTTGOKDmw55Ma+P
-Ej1QWWzbwqPU+h+AOyklVZ1xGncxTkyad5niXYEzBJbbA01QoAtZeY7kSg0ae6uD
-YPRQGf+0G6YlCKPOZjBH8AvbedhyjIKZhBT8M2sHIKSESPP0Vs8yS16rYzy8o6+e
-7uYsIST+PMWXxDpJHmN2Ks5uo789+TiHfffHzbsTuevNIwk9FbMA6gpDdtMCaFZX
-abZxz6sxLv9MoWjIKR2vDZKHjK5DVlJv4V1De3gTsCmfQhhToPzNGGFEI00aBki6
-IJIyisOuZtQiXhHy1vN499evLDwkc8u1S6ex6Q7blp75IQmJJ4/WG+XA55D+Mfnd
-QSbV+zP9WQu66RR+RDsx+c7L7Bg58bqXE3bPcoLzaHOmDwpw74BGmNu84dfmyKbI
-FocSAWP+Oe3sBxcdE7aVS+FB+B30It25LbQeTWVyIE1hbiA8bWVybWFuQGdyZXlz
-a3VsbC5jb20+iQHUBBMBCAA+FiEE8/r2aOgu9RJNUYe67yb0aCND9pIFAl+hSOgC
-GwMFCQPCZwAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQ7yb0aCND9pLwiwwA
-hFJbAyUK05TJKfDz81757N472STtB8sfr0auwmRr8Zs1utHRVM0b/jkjTuo4uJNr
-7YVVKTKgE7+rJ+pwhm3wlTQ44LVLjByWAi/7NWg3E9b2elm+qkfgm/RfFt3vkuOx
-GSyZyIFFh+/twv6iABPvr6w7MZwrFaS0UP3g1VGa5TFqg6KNxod9H/gPLxv45lut
-Xf3VvBZTJpr1pxn7aLHlFzEyIgNZbP/N1QF44GSrN/k0DfL631sZjauUXaZXbi5x
-GsKKCYwJ1g3q587pi6mTdTV3n0hKgVuipO8hGy5++YeOv+hXsCxDwyZ+Shv+qavd
-/SapxYgCdEueuwONIFfsIsWCd3SCcjKXicTTEFMu8nvBmf7xuo2hv6vEOxoijlXV
-+4LkGrskdB8ZMg8PywEx6DLmDokgnAhTLrTc1ShbkOtQ3yNjjyFK7BDpqobsJal6
-d8SpbhccUJLepaSmsk0CgJsTjhAl6EwX0EYgTo3kP5fScqrbD8VwQaT8CcE4rCV4
-nQWGBF+hSOgBDADHtpTT1k4x+6FN5OeURpKAaIsoPHghkJ2lb6yWmESCa+DaR6GX
-AKlbd0L9UMcXLqnaCn4SpZvbf8hP4fJRgWdRl5uVN/rmyVbZLUVjM8NcVdFRIrTs
-Nyu4mLBmydc3iA/90sCTEOj9e7DSvxLmmLFjpwM5xXLd6z0l6+9G+woNmARXVS3V
-/RryFntyKC3ATCqVlJoQBG45Tj2gMIunpadTJXWmdioooeGW3sLeUv5MM98mSB4S
-jKRlJqGPNjx5lO6MmJbZeXZ/L/aO6EsXUQD2h82Wphll4rpGYWPiHTCYqZYiqNYr
-6E3xUpzcvWVp3uCYVJWP6Ds117p7BoyKVz00yxC9ledF3eppktZWqFVowCMihQE3
-676L3DDTZsnJf1/8xKUh5U2Mj3lBvjlvCECKi00qo8b1mn/OklQjJ5T4WzTrH6X+
-/zpez8ZkmtcOayHdUKD/64roZ9dXbXG/hp5A+UWj8oSVYKg2QNAwAnZ+aiZ2KVRE
-/Y61DCgFg6Ccx/cAEQEAAf4HAwLvYCWT4e84+PjE5pF2+FQAEMmVwTUm5pv9XhBd
-Lnw68o0N/OGhi8LLMuhiI22u60W+//6Pknws1FfHI6zVeHZ1V4DcE8JtJcbSqGk4
-X1IFSXB60kduyCDLxq7PgqlLac2vr8jOsZAGTM8okJ3jrCrXd0oEPMIPQzo4RKZJ
-PeBwUyzTU1+jA5pZjpj+DgpBoC5uZTeGLB2ftbN/w3wBUsZZR3q7WiM7p34+xvST
-Obe1u5PerN5BH6zizvCWr2yRGF0RdUYz6q0kQdUorDjqrowYlNi5Em3RIyK1IoFR
-MpcZPf9zMODMPZ2VlBruDQu40thr/Ho/5w15QmJ/7SmstGreKerI2jUziHPa4XMo
-pUS+jGpIC3pZRa2Y+4UpgtYciuc5CusxzAOYbSh+py1kLuL/tkI54QsLYG2gDcd5
-dGz/jxun4irlZ/Iy1GtGM5+SrREktwRD2lIou295XqWOHwJPahPG7xb172VeUfoK
-AObWonSJ9uWcsG/FKNo1at9ENA1x+zUV6s+F8B78snQJ96iFIHtz+5NAXQR0pEnD
-i7DIHSSGaeZdj2NcbmM6t5/dyN40KHwymYxrItHGL19uRUJiJfgGeI9+dNCRfMOU
-4YK+/kiGqH4Yr4WNBmF8zeP51gWDCspCzMKp+Z3wtGXx7j+147iWqW/6ARZ5krJa
-oWF+gmesFYFWz54Lr/IuA4usaRSbt+ZnXpJTQip74NOrKF7JpXeVMWY7BN5wcnyO
-SXrJrg3xKupq/oZlHnpGiL/UGrr9NZmT/ajg1xjVArkWD0YkwnTRP+CBXLNyrhtd
-eLzClaDiv8wXMIm1uWImX7zVv+H7ngfU2aQOMQiU1BbV+pU69bAVdD73glniID1R
-HYJHFhOxyF9nFTfBkPM/3rNuJDURLyMhkIyZ3OhIOiDv+5W2Q1swhlfLI5Tf7eCv
-wxMGBM508I7TuemCuUk0oqsDnm1Z+oCEWqEI06qvMpGPPO9HU90kELdGDVlnVo6J
-wP9UOgXa9LsywaFO+otV/spEpntQXXmHgzLgESyCxe0iHSSv9GxBLk1lTTCgi2qW
-B8KI60TJiK3+jTiBR422XMQs5mkvDqOBLuX4dpOuosewPwAEfrl9ZF6z1f2TVVwk
-piuHzNcz0NaLWkIrfDb2wIEPEzdCU+pVSfrh3g4S8dMiAK0IMWTYvye5xZ1bd9tN
-vwI7ottJiJDk97ScnBU6b//Pb8QbQjjtXbssrfkBaJH/e0cE2WGkUzIQd6sJ8qnq
-7mofMB7zU9iD0C3B5BCSnh36vKtGecosrpUmRNfGm79DattdQqAzZSY8rBHvJ+22
-KWF1VcqZVxYk5B33jc0p7tXjix2xyMc9IYkBvAQYAQgAJhYhBPP69mjoLvUSTVGH
-uu8m9GgjQ/aSBQJfoUjoAhsMBQkDwmcAAAoJEO8m9GgjQ/aSIPcL/3jqL2A2SmC+
-s0BO4vMPEfCpa2gZ/vo1azzjUieZu5WhIxb5ik0V6T75EW5F0OeZj9qXI06gW+IM
-8+C6ImUgaR3l47UjBiBPq+uKO9QuT/nOtbSs2dXoTNCLMQN7MlrdUBix+lnqZZGS
-Dgh6n/uVyAYw8Sh4c3/3thHUiR7xzVKGxAKDT8LoVjhHshTzYuQq8MqlfvwVI4eE
-SLaryQ+Y+j5+VLDzSLgPAnnIqF/ui2JQjefJxm/VLoYNaPAGdqoz/u/R0Tmz94bZ
-UfLjgQaDoUpnxYywK2JGlf3mPZ3PNWjxJzuQTF5Ge5bz/TylnRYIyBT7KD7oaKHO
-62fhDbYPJ4f94iZN4B6nnTAeP34zFDlkUbX4AHudXU7bvxT5OUk9x9c2tj7xwxQH
-aEhq2+JsYW0EVw27RLhbymnBfLjVVUktNF0nQGvU2TEocw4pr2ZkDHQkSnlbNa4k
-ujlL7VzbpnEgyOmi5er9GaIuVSVADovBu+pz/Ov1y/3jUe8hZ/KleZUFhgRfoUka
-AQwA2r2HiLvpnclyZMoeck1LFoVyEU/CjPcYWF1B76ekO9mrlYvbKsnsyL0WcuEq
-wCmHdLk70i743Fn21WQK4uvvlvrEpev9aj9DihyLctv4qrPm6wAU/Xibf75tg1iR
-L+muMQfv6hQhjdhwkYFx/7XQ6UWkEibqFS7xJwrhz9lHL4KTA4sO5PeW713+mpz7
-tM5RmGV6NOQAyEEfAv6OawlWk0f5o8xngIoyo2BS5qIeEBO+iz45+GG8GQC6XufO
-Ix7VVl++ZpsxZKtDq/AXfAskxfLRwZMqH9Db5pPMzrL1bPV16AwoWqhAGd2HIMkO
-DLEC5XTGIKCqO5+n288rHhAJTqFmE7TpAo+Eb0Tkk4jfm6LyRonmQGpu/Zxa53n5
-D6d+AgYWAMeHkEthWJkES4mKpZu4nV21+n9mynnPg8wzthL705Q6IBjtlxX8EP6e
-eRFE1BUCNp2RZttTSdI+8iwzYsGOJdJeeXeLOGhvU9/PLkRj9jgZLgCLAo1QGo2o
-xetZABEBAAH+BwMCYxRGMNwlr/T4SMsvXNo05Y9gvmJ/vNY89nIF3J/WsBcBChWT
-MAls+3BDxHbEjjXb4sWQeGE5IxNUv1TMjZ1CLDAzga5Rm/KICYl3Yo6hWKRWk6qx
-fdacQ8Z5aHXtQQ8qJxX2dIPbZtTkmhlCIj3B1H7xThFF/b+oh1+hV8F6kWuKZ2jJ
-3cm+hy/sBpnENU0EOMvDAcQZ5QikmyyYPe03MMMEhl4Q51NbwFZi1Fnb1qYieGdh
-lRX+92/+V5okFj0zTKLTtglwBcYobAs8Vlwa0bC9Bw5U21U1b4uU0wVrOHsdnGZp
-LLZFXxON1t8ZSdNixus2kuUZDuCX2xGKestufSL+6rgf2pQAcoHI61uwwQT1LZGf
-wmAieWHy6v+KWBODmTO6P6a3w1mCfI9gVATfWSuhbuIbqgUMLBWsimUB0pdWTwX9
-oVKMS+OxL+ZHPoaixFwkFz6GqCJVRJ+rKafmjgOfmCWwCl3VoqGp/fkZKKgrBprP
-HB1aIUkiiOvgPOW3ZbjG5SwBFSdjKt+KiWVEAVKnl9XAtzB+SS4fk2aKvezNB3Yf
-LW6wmq4U+OkXEfGLpk1KJ81wb/D/ULAI3FRauxB5drlTwJ2mrWqeuJsR4A2sy49t
-LKapWlbDlOvFtXtynultB/mc8mhphiaJdMoSKuOspiSSXNk/On9UdSVn0tDDlZEh
-QU6iYwtvATo3Q1/RWZI74V4IZqt8R1d0Y+HIn8SNfUp3Zcs5vcqb+YvUGzqveLnl
-Dn6ndCrLq7spDAFk9WVObApFYtnuEt9pKmrluQczckXwb7yH6CFCgoF+DjMdYi+L
-En869iCp+jW2SVjo0q6SOODrIB2aiIEW8PoRIC/vFSTVgv528s7A6DjXeh0c/hkb
-Ud3b5KNCJosz3RArv7ljiYq58Kj4scFr45orj80XulsLbr+tFaN3VNKgEsBDp0ZD
-wgISoJr6fzAttqTKsPdzHGh3lNY5RNuP4r3VTgu3dN2ZxIDXxhiIWhbWiXmBz2p0
-Y+TRwtgoUluDnMJhFDx8m1w07AqrLT7ivISgHrHwcDZgDGZ8l6rviDk3b8AsKtqY
-r//yTXMpTC0kgEb89oHqRd2NiCS4R+2bjWZG+2CtQ7TpCYscbdNdYucEhQGiAUMk
-7MJISwC0VSw3xesuHcF8Nx+5vY+GlTrZDIkrS0qKkmOvwSWP0xtSWa1jvIvsd4UK
-yoHgDCdvME9UBeIrfqa9JfKAPFE1iGN3uXmq04hwnWwu/vybFA6IjeA2tfbFWWaO
-oh2YyXDqhuL8HbUMESiyPOybFXm3aw6HRgIr3OM/R4O6Hv02zNeWJXnkATTKgTje
-1xkJuQNXY5N6bpBPkw01Kr20IkJlYXN0IE1hbiA8YmVhc3RtYW5AZ3JleXNrdWxs
-LmNvbT6JAdQEEwEIAD4WIQT2ReBH7lvE4oJMlNtC3JHPqKugKwUCX6FJGgIbAwUJ
-A8JnAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRBC3JHPqKugK25hC/9VF1fe
-kj0IKnrOJRUcK/Cv4RBowl60V91w27ApsoP2awEJiFhY7qRijtkA3NKrT3tke7aT
-nC3yAJ8SFOmvIAC94ijb7Iv97xkG+1IIz8pvru9y+dzd2NnvCkts8gFF0CI/xtEM
-E90rU3Pay9B5IyrpP++UdmSmnp3Neuwi94BZDfMlqkeiYOzWWSeYbmSSVfKTXeBd
-UuTyfRI4m/bPbh6gegOB/XdgSIrNY74D0nR3np0I+s0IGZepK24kgBKfUPwRDk7f
-98PXCh29iL3xH+TBxu30WHq7xKmPoXxCRyFLtnKF0MN5Ib276fHnJZM+hXf5i/1E
-Pi4NLnk86e7fNI69hwiUd1msEt3VmZWe7anJe/1p3sSXwbQGhhGWM5K41/rQ1CZ9
-qD95d6wkHRSc0n4z78qxgYV73yJHinN8xIFnPWbopPPIJbELSoM3IEpHobsj95pH
-4hzZAPSmDfOfLzV1G2ec1QPfWnTqUriUt7edDs4//7Cczj6sRh2B6ax2diCdBYYE
-X6FJGgEMAMqxn5io6fWKnMz8h5THqp4gEzDuoImapfMKbAKcxEtJmcLkvn+4ufEP
-/hcll66InqJHsqMOrdb+zbduCruYWpizhqCIGSsuRu7+ZEEkQFmF5juCOV/5qKQJ
-gZZmxSKbRtboapMRR/jmg1pvhnUG7wJOGWi7qv+iRdsWKskDO7tUQE34+ID7IwfD
-Ze2fbFKxf66nPlUunF8aMglsvGmtCEzm/xwjunHnmoqZBQIzTdEXIaEwhVosbgY7
-A1iwOJ/gT2dcF2KJa7tygrtcbgdVzYCibynwtlvDGXukweuYLQFsObyBG3UHRhJg
-61p7n344sy1U9uwCP3/pVCr9bNY9mLZpCgHFkqxErmB8cWouQkbwnqxQFm21KtGF
-zjUawuKBXVtDEeA8C5Ha0sx7lw5JrX8GD3EL60qKWjqujJsR1kyijXx1No7Xr9NW
-WuPoIDYH06ZoYE+j065VTRqZIGr3NjUZnqT7s9M41roQMnKAzRBXousRXRW9dXfS
-5YIG4nWTlwARAQAB/gcDAsDkrCv+8rcr+OKtXIf6oDyx2tbPr+tpZJII4Lqchego
-FTB0/GoqHF+iu+uYDCuzkwXBSIAPTCudjhZ+0cwvO4WgjdqGC3zqCc4bCP68cItN
-fcLsof5L7rJ8BXX/0YXhua3gFtWGw/EtGpO4tqFCrzkpgEvovP/N1CLFaHnRzWSN
-AE0ebsdfTCRYjWuZiAKlWjKCMNmHrE7AB5TraGqclP5GlY28lm7T9KXnNXixFaaR
-pLDaLFyGZDEilEjkCKx1cyg3oBNeqUP/Ra6DYEF3PWTGpX8PxBF4lA2qnq+XuUK8
-30Nz2upz38Hb1jG1sdNlYEWLv05bFc0vMLWmzwAd6Ij0I4C6WdsakT213frlFw4w
-+hoilBcrW5+UOBc1dbU3UFh72khzLdKz1aUVC2N5HN4gS7WTSw3of0sOy+LR4JaH
-O8kSlZAIMXCooBDKr/R6x97A5sq8zMQ0vI0LSN2FpfwgdApwWLJYFBAy7ZJU9efO
-0f79yEqk7d9xFEsIIpn2R+zVcUdAvj9/EDnbu/QaEj9jl+2PH6arqp1AGurF0Dp/
-cB4T7ZCuaunIet5MqEN6Ac4WdjpEcC7tKjB4cQ53Y2f9zCSouXa4JUypsgm4AQZX
-O6hejChIiFC31T2x0a3M6eD6+XNw64ShdyX6i153xOe07d78Zq5qnhw+Vz28FQjZ
-Lmvbm1sj26WaZmLH6LzyjAJjjV4YH7ijwLjUMdeKeuato0fsCff/cVO7MKDj0aPe
-zQCWSbqcnsxl1Agsop82k6Y3W9gco0tVhqYgIwmCjsWvCXAWILk2yIuxIxINRNqX
-Pt+TYZR0BuDAUK4x15fUT5tXuu7DmmnmZlWlaba44dtJPB3SFtEM7jJ7xNF0zie3
-G+6hxtZSmrjfYHBK2ZD+2veP1j0P/tYD/8n/rZx7u4pHuJiiZksj6ZwGF61HP03Y
-zOu0LhhtrTQ1yYaE52mUdkLlQRNwD5b+qDkqN9/PeSzIoDesRVuVE2rbr7sIJ3GS
-jxZHin4kHsxzqFQmecm1ctPgx+BpksMPok+MJGzSZ3OwE5tuK0VLvEIcMritgfM7
-BixcNPyDv+RkwEguSMlsHq7Lrr+LXtR2XmeFBMgDiulZ5FUxoGiGBfyyG3bsAug9
-D4ceg0yUh5HjTTjqoQ1Qo95Wi/yF64WPcZDllJ2BaBznDxlESNR/jmVhwQsrqOdn
-NF54SCpU0e3N+XBsdHd4cRsS2lxemn5boK67/FVKdUmVgxo9VnAlreoeB+cVFHap
-gfPSXD5V/MuFMiKSFuF63s61EP1T1Okl1cvrE2oAsJTXMgCIVSZdyLUwYKmjsMVD
-rtfQXcoOQgFbA90qj7uOOtZId04NiQG8BBgBCAAmFiEE9kXgR+5bxOKCTJTbQtyR
-z6iroCsFAl+hSRoCGwwFCQPCZwAACgkQQtyRz6iroCt8igwAgopqy+UgxJ7oTL2z
-vOgL1ez7bv+E/U1/7Rdy5MHwr4WF6oZRpIBlgv3GXXeIFH9bFdDhgyPKgh+Tz24J
-BL+7YjUtWGe/G/pmmNK1YazB/OxrwiGFpTCyk1zhxEkhMu7Hu3LgD571K+4TUUpa
-PCqEeoBBg6O3T29DH1AxpWpEPGXlOrRDHYgVziEpLdUNahAjF53auNWvya+Vc2qZ
-wM4NFt608LLf7J5yIA2vbsvf6+gVopPE3whXESKXo08B2hC1f3Pr9/Tgt6oIvy9/
-dAcTMalxRyyc42E2wX5kyzDlfhY9kqaNNfaGMZJO5g//gB7BdtrAfo/LhWtary/Y
-fAOtbbnMYkf+HODAPZItaIjMZngBM0c0m78YoCetAQE8uBFK6aXmht3BZGPOwgyZ
-pK5QT6ClYst2N9ca3tPUEfnddotKySmCEk/JWtu5/0lFl75WzHulc7iUNGJmnUff
-VZyH12CjBWsTtqombHDkdEKFocavqpVcCCbKbtW5GZhuZC65lQWGBF+hSUIBDADS
-tlWquV7SdREZtxXBVVzdCkV1xkeHYfo2Z244W0LTwmvpbO+o6P5GCAW2c336qWEl
-sMO9ujeV2nuUZy3k3AtJLx19iWC+ywYVzJ8f878XAxq0ya1VBBnfsBc7iRI3umf2
-JSi+fHXf9l+rJ8Zr5AkLrUo3tQoxX8xWQIfUVY481nlkOvuMtxEI6h1t+z7PWjAJ
-sdKKdevRPApPIBGXX0iGE/98ATsLYtvh9ln26j1SrSdtKpPktuYve3zkphlZAdf5
-ReViicik6gpEdyEfIxNab6nyV8LTbSeCHe+6/cz+AEqA+cr3K3MwriaapPzNhRV8
-izzGnIWChIZptGBKH5nLivfIAB/hbOgU6tM+YgUKrpJCXXA1My2q68o2kARJxh6s
-0tuuT6pFEAG9RmzS3ywrPz4PAgkwrJA1uUa9fy9ngkOnQN3CEeVQTUU55b+6zVhW
-1Qq8PII6AGqj1lSY9jLpjxEr3q227OlTaxfgg19x5o9rcyccAZlQqzL2p3Z7HZ0A
-EQEAAf4HAwKyxiOcJwMkLPhbpalG07ErjqLt73SKDP3Qv5zzkUnBcqE0TbyFtFlp
-HFf/Lv60X1m1OBgP4htz+JfikL5XVbWiGEBWvWPJP6VBBLJm+vjENjfKXzrRpcR6
-zhpfmJXm3BSXSpRg746AVW5Tjt2Z+dG7leTL+bddgu321OLYrpghyOUblKnRJZ0g
-0+vLByFbLWlgtFs3VxPQJw6FmdN9+m748xeVbqzxXwEzScpBZhcGrjHUgnYL4/XY
-PxzmZpUZ3qFW/P0uPZ8PdzI9MjEXaDhdxxOj/TP3cc2+XnrpBeWAGajMtulMvt+O
-PA/jisn0ZViy7q1fNz+B3j/V++l3UxRAHnI5yaRY91pPlOmnaG4ScCP2o7NAUIiA
-/Q3O13hIvVB+iIt9Y3p5WQSBbppHURVlhOOxDkSpXuxe5OhXqFYuDjGyx6hId4xL
-b/IP4Gs29ZSG4+6nOZa7GWl4M21Zcw0AX1Gs0+6PPuqlIecW+6e28xxwFQjj7IKt
-OvHq6zI810ReWdw9qVp3g9mzqI8x9KcFGdDvZmd4sA0R9GYR6UhvTKTIhdV4wrdO
-w2oBe3CpmEnrggtsTrUFykAfjuYRS6aYUjRVv6rdeiWFKyQzBqqboLO9si2RkuNK
-H8P2G6BdsLMax/kZKoXuuQ39xq/Li8NJjAoWEMz8iiZ2Io7MGPZobXssoA18Q3dn
-tNRPM06cojXoDkXxc5jkQMwJUpuAaa59Zcsgp0sFv7/8nez9ejCaEBTqm1pkEQtd
-b6178ld2T6q1jMb/tHWl8CjhH1sZVX2DdEk4SraIFdtGD5vUXo9SkI/QiY0RYwtY
-t3tzNnlWMPAWmC+GaZ9QjmPYwEGCXvaGZ4rB2iRPQ+wAvHV6b49txRckLSGm56jb
-8WMY7hSC0q3Bj4vFSx78Ytn/H2xwEh/XUiXe1rZhFRXxf7ocLoVS8xx+FL94kzaC
-pLKTKoX1udNmYtebkO9llpkW/Z4KeQWJ73uSsjTZhMXVr3fJRanH2twjY8XodG+J
-KXuERxMkM2sqnhecsAS8yCLndFLGSDSWyNIA7o6VAtCOpS4TKlYRNmv2XOaxrGgT
-7y4hZQBJT8CwP8QuZl9R4WBtNQLPOn9LJCYtKtOznpb2v27BEyeAk4DlKgHJAfcr
-kT2xBj/UoJsD72iJMh7SOhmWr7T+gbwAnDlhM1TmtMfWUCAG9Y3fz/metPlMHCKv
-ttrgTfyLyvQHgiDTh3iqNEZ7rGK46on72/YYS+DXA3uSNckCaNQXupoIrxqpDjfA
-WrrmoRqL4IWMxHzF1RVKAsjXWaYtpbvlMOSNtyMff29WM+MkZqG3IdbkokKJdJf4
-/+iQU+738VD43SdPurQcSGUgTWFuIDxoZW1hbkBncmV5c2t1bGwuY29tPokB1AQT
-AQgAPhYhBIYPcR68MZb6cOhv9wDz8yhlQWZrBQJfoUlCAhsDBQkDwmcABQsJCAcC
-BhUKCQgLAgQWAgMBAh4BAheAAAoJEADz8yhlQWZrD0YMAJp6WkrSzghIgrGmEquh
-UPu4n8dnaGraGxu1Om9Z6HrUvphBvm/yZMlZxYbsQRvd8DUCuQD7fScBS12WX3AY
-e001REfAbj0kDAdDQ0Z8sFCeCDSBJ9ulX07FzTHH0qROcSv6NONjGYVeTFicL2W0
-rATygnFzzjjSGboMq1qA8u6/5JNM7MAxJcIS0Dr8Fhdwv8TwTJrVg6ZzJDHN8OVA
-UkPaciQI5lDDP5+kOVqbZZ92Ua8byxKtNACCdSsWZr2OvYyjUz4JKMp5X6yHbDQB
-3vlwRkRS7Voo3pUGsdLwiBWiryklSa++DIbBemrALFLc5YnLgfCV0frPOEqsdDwW
-ECRxwN4r+2DjY6TYCEEDfhM2Hm7MoMx/jM4uhI4KwPdOKmHsBPVBeXqBRXz32NMM
-Zg6to0HRjDapR8AkbfdC5vjiuwnDA6llmxnVtx2oPX3g8RVOIw65f8KfWzWSfzEq
-hoKTccsHMMza8J1ax6T6HXkqa/Tt/B/3d7nUzp53V3luG50FhgRfoUlCAQwA4rFx
-mKwr4RAoVEqhDDWl8ecd/KQXEg0iCpkkmED6mEpPE9qAi8ORNId66E+rveS1Ssbm
-bqVlrN9iHphtvYqvlwwb2IkgPaFpmVSqWrQ3yzEPrL5CLAWiiEq7M4ux7pueYKcO
-mv3wQSta9eMgy9jaGUXrxFl4qotCevcEsLzkKC045OdVxkL++NFsiQUSfMYOtgGK
-XuBh0ycI/pOb66lY186zPT0tR+QA18uzeCizEjhCZmPIlPHjN8NOEM7ZLU4UQrLd
-Srm1quhO6DvGEoO5FulvGtp5hVHdJL5oB7svzNurXB3WVjdXCnRijoaCR07A/X9J
-VZY2+kRxdl6ZkuLZxb5UE6usW7pTA5DKiuFG/w6CSGZA1Dv3+yoZnjN8KhnGmIWm
-EJgvddWWoaJ3wFvSAGkYa3qBLX3noV3ZCm0c/r2LBcyFGyuyddEhg9wrqWU9vM7W
-/4BkTqSJdeMRlS9FD803V9GqxAJBJ1KOSFt2s6b+ekYCI/d+Buso8GPp8eUHABEB
-AAH+BwMCnL1QLv+DJ3P4dP2//f1cC7xTsDp9/ogeuz8gxIm6aWtNBhgWgRVgXnma
-HsmQeEm7c70Vvt+Kjo9DbKUQbo32pc1Gwd8wvnNZUKtj+9E71hDd05f/SiA2ZTck
-8AIRgRUV30Nj2qEgg0nFCWDNfMf0Lx7XH5APMJEZ2GXioiUdUInFlfXBvK6zv4wO
-0jIyB/lRO5sCLcC8jNsNfe5oQVcoizziMxaAK91Fv93DeVa2hwqTK3VqBPXa/uyz
-6iRMYe//nYIJCNllEsY8whKKfsskIOk1Dwofyuh2IYP6dv3SXhTj+l+qp1uqsg2r
-JiThiyNXs0+zeVRxURBSZJrxMLHAs4tdcyckt0fCvM6bUCcDRo9+6w52GSMtb1w3
-08oJ+4YOLilJIR041x+Jzs1oTMhAWI5XH02x0mEFKADg/iSexOFSKIfT5RvFYFEj
-Fpil+RalypUWzoxjaHFrSV9gxXpdys/qlHb4dr/nMTc/42x2d1xH6HTmlLtTp3rl
-vM8/6tmeIhdTkfPtWIyrSfmi61ZCTJ21tKgDNj8r79lxkB6vqX+c86X/ug1tv3Ma
-BN96f4QJOGHIhefImnStAw7OyQn3F9qnkj3x7u2f9f1XyDJO4T+WaQcYf67DEDy0
-KLpxwjEuT63BYIiWcQHli27lGOj8gAalTnDaWOWRckw7KAemL6cMGwZAHT91aHVH
-IKd+dwl3gbArYJxWQ9Fc7lF0Nv4BfEghCOssrQuli9jKkhok61pQrx6L/ekkfeRt
-mBjDtZOCO5NOTeeAZlc23TpZ/yjSBY/GPY0jXfnZ40Vm/Kl5VHW3Poc/rJDI67/5
-Zz+mL/sTOh2SRKUzsDGQqoQeq0ud1o8LQNf9m/3R+qxII3UsaRxKPDM4O2z7uLqG
-v6DG9WVO/6nvoEMrItyh01BfU8l4zLkvXpkcrgbRT4D62w5BgoYpAfHprdqwxCDr
-gRIiRKgNy2+kfxv6MVaTlmO8Fa9CR5wxeynx+YvtlIjVEF9SXQaXyb1g/zmnimn2
-kAjp/zdPQDLtZRW/cR6EEP6h8zW2jg3p+Owh9tVaZ1WoDfuelRMCuFFoiJ0RHXRQ
-ocSzXfw7cB0YCpWR8Rrr0QlQYh/GEbQahTjjk+x0FXmEiCGkvOQeBFY2KUG/597g
-maYHwRqfP2LjprG1mFgk0wUz6Juf86RZYD1XszIQPAL1CXf8kSuh49t7MRSgCiSo
-qfMfZsMZgftjld5pD0lEqbpohHw/qpZdEklqUpkNUxJbBCWr9lPKirKadeLiXLKP
-JI6Q0UEKkdw6lRLrg7UoDtr0vx/Izb3QB1jpKX7m1E/YZhTeVgYnLjrHCBjhJ8cE
-kFmM7YC0iuh1TduJAbwEGAEIACYWIQSGD3EevDGW+nDob/cA8/MoZUFmawUCX6FJ
-QgIbDAUJA8JnAAAKCRAA8/MoZUFma/gCC/9xkH8EF1Ka3TUa1kiBdcII4dyoX7gs
-/dA/os0+fLb/iZZcG+bJZcKLma7DRiyDGXYc7nG3uPvho7/cOCUUg5P/EG5z0CDX
-zLbmBrk2WlRnREmK/5NTcisCyezRMXHOxpya4pmExVMqSPGA0QbKGwdHqfbHQv2O
-yI3PYBKvlN+eu6e5SEbT76AQijj5RSPcgbko24/sSqJylD1lnRocQK1p4XelosBr
-aty4wzYSvQY9dRD4nafxPHI3YjKiAG0I7nJDQ0d1jDaW5FP0BkMvn51SmfGsuSg1
-s46h9JlGRZvS0enjBb1Ic9oBmHAWGQhlD1hvILlqIZOCdj8oWVjwmpZ7BK3/82wO
-dVkUxy09IdIot+AIH+F/LA3KKgfDmjldyhXjI/HDrpmXwSUkJOBHebNLz5t1Edau
-F+4DY5BHMsgtyyiYJBzRGT5pgrXMt4yCqZP+0jZwKt1Ech/Q6djIKjt+9wOGe9UB
-1VrzRbOS5ymseDJcjejtMxuCOuSTN9R5KuQ=
-=VqO+
-----END PGP PRIVATE KEY BLOCK-----
--- a/apps/cic-meta/tests/publickeys.asc
+++ b/apps/cic-meta/tests/publickeys.asc
@@ -1,151 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
-
-mQGNBF+hSOgBDACpkPQEjADjnQtjmAsdPYpx5N+OMJBYj1DAoIYsDtV6vbcBJQt9
-4Om3xl7RBhv9m2oLgzPsiRwjCEFRWyNSu0BUp5CFjcXfm0S4K2egx4erFnTnSSC9
-S6tmVNrVNEXvScE6sKAnmJ7JNX1ExJuEiWPbUDRWJ1hoI9+AR+8EONeJRLo/j0Np
-+S4IFDn0PsxdT+SB0GY0z2cEgjvjoPr4lW9IAb8Ft9TDYp+mOzejn1Fg7CuIrlBR
-SAv+sj7bVQw15dh1SpbwtS5xxubCa8ExEGI4ByXmeXdR0KZJ+EA5ksO0iSsQ/6ip
-SOdSg+i0niOClFNm1P/OhbUsYAxCUfiX654FMn2zoxVBEjJ3e7l0pH7ktodaxEct
-PofQLBA9LSDUIejqJsU0npw/DHDD2uvxG+/A6lgV9L8ETlvgp8RzeOCf2bHuiKYY
-z87txvkFwsXgU1+TZxbk+mtCBbngsVPLNarY/KGkVJL+yhcHRD0Pl4wXUd6auQuY
-6vQ9AuKiCT1We2sAEQEAAbQeTWVyIE1hbiA8bWVybWFuQGdyZXlza3VsbC5jb20+
-iQHUBBMBCAA+FiEE8/r2aOgu9RJNUYe67yb0aCND9pIFAl+hSOgCGwMFCQPCZwAF
-CwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQ7yb0aCND9pLwiwwAhFJbAyUK05TJ
-KfDz81757N472STtB8sfr0auwmRr8Zs1utHRVM0b/jkjTuo4uJNr7YVVKTKgE7+r
-J+pwhm3wlTQ44LVLjByWAi/7NWg3E9b2elm+qkfgm/RfFt3vkuOxGSyZyIFFh+/t
-wv6iABPvr6w7MZwrFaS0UP3g1VGa5TFqg6KNxod9H/gPLxv45lutXf3VvBZTJpr1
-pxn7aLHlFzEyIgNZbP/N1QF44GSrN/k0DfL631sZjauUXaZXbi5xGsKKCYwJ1g3q
-587pi6mTdTV3n0hKgVuipO8hGy5++YeOv+hXsCxDwyZ+Shv+qavd/SapxYgCdEue
-uwONIFfsIsWCd3SCcjKXicTTEFMu8nvBmf7xuo2hv6vEOxoijlXV+4LkGrskdB8Z
-Mg8PywEx6DLmDokgnAhTLrTc1ShbkOtQ3yNjjyFK7BDpqobsJal6d8SpbhccUJLe
-paSmsk0CgJsTjhAl6EwX0EYgTo3kP5fScqrbD8VwQaT8CcE4rCV4uQGNBF+hSOgB
-DADHtpTT1k4x+6FN5OeURpKAaIsoPHghkJ2lb6yWmESCa+DaR6GXAKlbd0L9UMcX
-LqnaCn4SpZvbf8hP4fJRgWdRl5uVN/rmyVbZLUVjM8NcVdFRIrTsNyu4mLBmydc3
-iA/90sCTEOj9e7DSvxLmmLFjpwM5xXLd6z0l6+9G+woNmARXVS3V/RryFntyKC3A
-TCqVlJoQBG45Tj2gMIunpadTJXWmdioooeGW3sLeUv5MM98mSB4SjKRlJqGPNjx5
-lO6MmJbZeXZ/L/aO6EsXUQD2h82Wphll4rpGYWPiHTCYqZYiqNYr6E3xUpzcvWVp
-3uCYVJWP6Ds117p7BoyKVz00yxC9ledF3eppktZWqFVowCMihQE3676L3DDTZsnJ
-f1/8xKUh5U2Mj3lBvjlvCECKi00qo8b1mn/OklQjJ5T4WzTrH6X+/zpez8ZkmtcO
-ayHdUKD/64roZ9dXbXG/hp5A+UWj8oSVYKg2QNAwAnZ+aiZ2KVRE/Y61DCgFg6Cc
-x/cAEQEAAYkBvAQYAQgAJhYhBPP69mjoLvUSTVGHuu8m9GgjQ/aSBQJfoUjoAhsM
-BQkDwmcAAAoJEO8m9GgjQ/aSIPcL/3jqL2A2SmC+s0BO4vMPEfCpa2gZ/vo1azzj
-UieZu5WhIxb5ik0V6T75EW5F0OeZj9qXI06gW+IM8+C6ImUgaR3l47UjBiBPq+uK
-O9QuT/nOtbSs2dXoTNCLMQN7MlrdUBix+lnqZZGSDgh6n/uVyAYw8Sh4c3/3thHU
-iR7xzVKGxAKDT8LoVjhHshTzYuQq8MqlfvwVI4eESLaryQ+Y+j5+VLDzSLgPAnnI
-qF/ui2JQjefJxm/VLoYNaPAGdqoz/u/R0Tmz94bZUfLjgQaDoUpnxYywK2JGlf3m
-PZ3PNWjxJzuQTF5Ge5bz/TylnRYIyBT7KD7oaKHO62fhDbYPJ4f94iZN4B6nnTAe
-P34zFDlkUbX4AHudXU7bvxT5OUk9x9c2tj7xwxQHaEhq2+JsYW0EVw27RLhbymnB
-fLjVVUktNF0nQGvU2TEocw4pr2ZkDHQkSnlbNa4kujlL7VzbpnEgyOmi5er9GaIu
-VSVADovBu+pz/Ov1y/3jUe8hZ/KleZkBjQRfoUkaAQwA2r2HiLvpnclyZMoeck1L
-FoVyEU/CjPcYWF1B76ekO9mrlYvbKsnsyL0WcuEqwCmHdLk70i743Fn21WQK4uvv
-lvrEpev9aj9DihyLctv4qrPm6wAU/Xibf75tg1iRL+muMQfv6hQhjdhwkYFx/7XQ
-6UWkEibqFS7xJwrhz9lHL4KTA4sO5PeW713+mpz7tM5RmGV6NOQAyEEfAv6OawlW
-k0f5o8xngIoyo2BS5qIeEBO+iz45+GG8GQC6XufOIx7VVl++ZpsxZKtDq/AXfAsk
-xfLRwZMqH9Db5pPMzrL1bPV16AwoWqhAGd2HIMkODLEC5XTGIKCqO5+n288rHhAJ
-TqFmE7TpAo+Eb0Tkk4jfm6LyRonmQGpu/Zxa53n5D6d+AgYWAMeHkEthWJkES4mK
-pZu4nV21+n9mynnPg8wzthL705Q6IBjtlxX8EP6eeRFE1BUCNp2RZttTSdI+8iwz
-YsGOJdJeeXeLOGhvU9/PLkRj9jgZLgCLAo1QGo2oxetZABEBAAG0IkJlYXN0IE1h
-biA8YmVhc3RtYW5AZ3JleXNrdWxsLmNvbT6JAdQEEwEIAD4WIQT2ReBH7lvE4oJM
-lNtC3JHPqKugKwUCX6FJGgIbAwUJA8JnAAULCQgHAgYVCgkICwIEFgIDAQIeAQIX
-gAAKCRBC3JHPqKugK25hC/9VF1fekj0IKnrOJRUcK/Cv4RBowl60V91w27ApsoP2
-awEJiFhY7qRijtkA3NKrT3tke7aTnC3yAJ8SFOmvIAC94ijb7Iv97xkG+1IIz8pv
-ru9y+dzd2NnvCkts8gFF0CI/xtEME90rU3Pay9B5IyrpP++UdmSmnp3Neuwi94BZ
-DfMlqkeiYOzWWSeYbmSSVfKTXeBdUuTyfRI4m/bPbh6gegOB/XdgSIrNY74D0nR3
-np0I+s0IGZepK24kgBKfUPwRDk7f98PXCh29iL3xH+TBxu30WHq7xKmPoXxCRyFL
-tnKF0MN5Ib276fHnJZM+hXf5i/1EPi4NLnk86e7fNI69hwiUd1msEt3VmZWe7anJ
-e/1p3sSXwbQGhhGWM5K41/rQ1CZ9qD95d6wkHRSc0n4z78qxgYV73yJHinN8xIFn
-PWbopPPIJbELSoM3IEpHobsj95pH4hzZAPSmDfOfLzV1G2ec1QPfWnTqUriUt7ed
-Ds4//7Cczj6sRh2B6ax2diC5AY0EX6FJGgEMAMqxn5io6fWKnMz8h5THqp4gEzDu
-oImapfMKbAKcxEtJmcLkvn+4ufEP/hcll66InqJHsqMOrdb+zbduCruYWpizhqCI
-GSsuRu7+ZEEkQFmF5juCOV/5qKQJgZZmxSKbRtboapMRR/jmg1pvhnUG7wJOGWi7
-qv+iRdsWKskDO7tUQE34+ID7IwfDZe2fbFKxf66nPlUunF8aMglsvGmtCEzm/xwj
-unHnmoqZBQIzTdEXIaEwhVosbgY7A1iwOJ/gT2dcF2KJa7tygrtcbgdVzYCibynw
-tlvDGXukweuYLQFsObyBG3UHRhJg61p7n344sy1U9uwCP3/pVCr9bNY9mLZpCgHF
-kqxErmB8cWouQkbwnqxQFm21KtGFzjUawuKBXVtDEeA8C5Ha0sx7lw5JrX8GD3EL
-60qKWjqujJsR1kyijXx1No7Xr9NWWuPoIDYH06ZoYE+j065VTRqZIGr3NjUZnqT7
-s9M41roQMnKAzRBXousRXRW9dXfS5YIG4nWTlwARAQABiQG8BBgBCAAmFiEE9kXg
-R+5bxOKCTJTbQtyRz6iroCsFAl+hSRoCGwwFCQPCZwAACgkQQtyRz6iroCt8igwA
-gopqy+UgxJ7oTL2zvOgL1ez7bv+E/U1/7Rdy5MHwr4WF6oZRpIBlgv3GXXeIFH9b
-FdDhgyPKgh+Tz24JBL+7YjUtWGe/G/pmmNK1YazB/OxrwiGFpTCyk1zhxEkhMu7H
-u3LgD571K+4TUUpaPCqEeoBBg6O3T29DH1AxpWpEPGXlOrRDHYgVziEpLdUNahAj
-F53auNWvya+Vc2qZwM4NFt608LLf7J5yIA2vbsvf6+gVopPE3whXESKXo08B2hC1
-f3Pr9/Tgt6oIvy9/dAcTMalxRyyc42E2wX5kyzDlfhY9kqaNNfaGMZJO5g//gB7B
-dtrAfo/LhWtary/YfAOtbbnMYkf+HODAPZItaIjMZngBM0c0m78YoCetAQE8uBFK
-6aXmht3BZGPOwgyZpK5QT6ClYst2N9ca3tPUEfnddotKySmCEk/JWtu5/0lFl75W
-zHulc7iUNGJmnUffVZyH12CjBWsTtqombHDkdEKFocavqpVcCCbKbtW5GZhuZC65
-mQGNBF+hSUIBDADStlWquV7SdREZtxXBVVzdCkV1xkeHYfo2Z244W0LTwmvpbO+o
-6P5GCAW2c336qWElsMO9ujeV2nuUZy3k3AtJLx19iWC+ywYVzJ8f878XAxq0ya1V
-BBnfsBc7iRI3umf2JSi+fHXf9l+rJ8Zr5AkLrUo3tQoxX8xWQIfUVY481nlkOvuM
-txEI6h1t+z7PWjAJsdKKdevRPApPIBGXX0iGE/98ATsLYtvh9ln26j1SrSdtKpPk
-tuYve3zkphlZAdf5ReViicik6gpEdyEfIxNab6nyV8LTbSeCHe+6/cz+AEqA+cr3
-K3MwriaapPzNhRV8izzGnIWChIZptGBKH5nLivfIAB/hbOgU6tM+YgUKrpJCXXA1
-My2q68o2kARJxh6s0tuuT6pFEAG9RmzS3ywrPz4PAgkwrJA1uUa9fy9ngkOnQN3C
-EeVQTUU55b+6zVhW1Qq8PII6AGqj1lSY9jLpjxEr3q227OlTaxfgg19x5o9rcycc
-AZlQqzL2p3Z7HZ0AEQEAAbQcSGUgTWFuIDxoZW1hbkBncmV5c2t1bGwuY29tPokB
-1AQTAQgAPhYhBIYPcR68MZb6cOhv9wDz8yhlQWZrBQJfoUlCAhsDBQkDwmcABQsJ
-CAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEADz8yhlQWZrD0YMAJp6WkrSzghIgrGm
-EquhUPu4n8dnaGraGxu1Om9Z6HrUvphBvm/yZMlZxYbsQRvd8DUCuQD7fScBS12W
-X3AYe001REfAbj0kDAdDQ0Z8sFCeCDSBJ9ulX07FzTHH0qROcSv6NONjGYVeTFic
-L2W0rATygnFzzjjSGboMq1qA8u6/5JNM7MAxJcIS0Dr8Fhdwv8TwTJrVg6ZzJDHN
-8OVAUkPaciQI5lDDP5+kOVqbZZ92Ua8byxKtNACCdSsWZr2OvYyjUz4JKMp5X6yH
-bDQB3vlwRkRS7Voo3pUGsdLwiBWiryklSa++DIbBemrALFLc5YnLgfCV0frPOEqs
-dDwWECRxwN4r+2DjY6TYCEEDfhM2Hm7MoMx/jM4uhI4KwPdOKmHsBPVBeXqBRXz3
-2NMMZg6to0HRjDapR8AkbfdC5vjiuwnDA6llmxnVtx2oPX3g8RVOIw65f8KfWzWS
-fzEqhoKTccsHMMza8J1ax6T6HXkqa/Tt/B/3d7nUzp53V3luG7kBjQRfoUlCAQwA
-4rFxmKwr4RAoVEqhDDWl8ecd/KQXEg0iCpkkmED6mEpPE9qAi8ORNId66E+rveS1
-SsbmbqVlrN9iHphtvYqvlwwb2IkgPaFpmVSqWrQ3yzEPrL5CLAWiiEq7M4ux7pue
-YKcOmv3wQSta9eMgy9jaGUXrxFl4qotCevcEsLzkKC045OdVxkL++NFsiQUSfMYO
-tgGKXuBh0ycI/pOb66lY186zPT0tR+QA18uzeCizEjhCZmPIlPHjN8NOEM7ZLU4U
-QrLdSrm1quhO6DvGEoO5FulvGtp5hVHdJL5oB7svzNurXB3WVjdXCnRijoaCR07A
-/X9JVZY2+kRxdl6ZkuLZxb5UE6usW7pTA5DKiuFG/w6CSGZA1Dv3+yoZnjN8KhnG
-mIWmEJgvddWWoaJ3wFvSAGkYa3qBLX3noV3ZCm0c/r2LBcyFGyuyddEhg9wrqWU9
-vM7W/4BkTqSJdeMRlS9FD803V9GqxAJBJ1KOSFt2s6b+ekYCI/d+Buso8GPp8eUH
-ABEBAAGJAbwEGAEIACYWIQSGD3EevDGW+nDob/cA8/MoZUFmawUCX6FJQgIbDAUJ
-A8JnAAAKCRAA8/MoZUFma/gCC/9xkH8EF1Ka3TUa1kiBdcII4dyoX7gs/dA/os0+
-fLb/iZZcG+bJZcKLma7DRiyDGXYc7nG3uPvho7/cOCUUg5P/EG5z0CDXzLbmBrk2
-WlRnREmK/5NTcisCyezRMXHOxpya4pmExVMqSPGA0QbKGwdHqfbHQv2OyI3PYBKv
-lN+eu6e5SEbT76AQijj5RSPcgbko24/sSqJylD1lnRocQK1p4XelosBraty4wzYS
-vQY9dRD4nafxPHI3YjKiAG0I7nJDQ0d1jDaW5FP0BkMvn51SmfGsuSg1s46h9JlG
-RZvS0enjBb1Ic9oBmHAWGQhlD1hvILlqIZOCdj8oWVjwmpZ7BK3/82wOdVkUxy09
-IdIot+AIH+F/LA3KKgfDmjldyhXjI/HDrpmXwSUkJOBHebNLz5t1EdauF+4DY5BH
-MsgtyyiYJBzRGT5pgrXMt4yCqZP+0jZwKt1Ech/Q6djIKjt+9wOGe9UB1VrzRbOS
-5ymseDJcjejtMxuCOuSTN9R5KuSZAY0EX6UhqgEMAO/22am2Urhbg5ClpEYzz2/W
-L8ez3tkXKQZa7PsvKUv69jwBwNQmEpMhIPFXhKKwcmmLgYcvnd64xrXM5STxWedy
-NaTPlCUDZGW+N4laCbrnHN98Ztu9TvjfjjiQvhHjD/9Ilc5fw5nZsawwTtGOwCkK
-opBVKsgHaGrKRl7QP2RTwITwo7CkDBf77kp8wGCECrrSel0cVezSf6UmDs7V3q12
-zf7gXBSjWlbA3NnSok6kTNej14IMKfdhiuUG6WFibxEfsOrm8Rv9RbbgpYUTN/ll
-yWDTqbVDjYefq/iLs/5w24oI/1K0gy8Rzdl5qu4cvqcwkmxQMvtWWHoT86iHFff/
-pp9drPctFfUetHDIKY+1U9VLilaSeCcDx7PCgxazCb7gmtTQWdM4wHcH5+69EEeG
-lP4N9efoTRlU+m5ZSuqOtEvLXtP2Gnd/Tgn3lBjHjA+hQ65G96fv40dbYiiHxluo
-cFkcwz118alx4cXStfAi6nCsDid2Y9NgWfHrJTs33QARAQABtDlMb3VpcyBIb2xi
-cm9vayA8YWNjb3VudHMtZ3Jhc3Nyb290c2Vjb25vbWljc0Bob2xicm9vay5ubz6J
-AdMEEwEIAD4WIQTFMBghgDfv6cesuTGwIKs7vZC0mAUCX6UhqgIbAwUJA8JnAAUL
-CQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRCwIKs7vZC0mEnCC/ih5hk43xHu6KBA
-on/ox6wcYLltSuaJawJbPmznrOK6aIJGUDx6E/VEjFeU/+bySrm8y3gk3jqeoPRk
-holZmvRW5/mJ/uud+7B83TOfLAHM1EgZtqCqq+Z61yrt46cjqXuQbonP5dFmnOee
-Zpg4TP7FRCjAYThy/NtOXY7Ob3OC+MNnDPo71R2se+x4Ac6NKsmNKAETZjZg01R/
-2w5Ns77pxub+tihAVasLzmqlGNjqRzLCemR4osMwd0XrtziKiIvPYFlHhysgkpYh
-oqbs2bjEdbsac21460j+3wRcvspfDEiLmI0n91s5uK3zCke0tI8BbU5/7IfnflBw
-9SVvcu5s6DqFjy3tuRVkVKs0h92YCEH6gfui1RkXPdFheGyZwvZujlfCTU0c2V8U
-pmy2TvdUSsWiHSNgY8nimWbxU1fXt7fnWnQk59/Nov4zRO4AJQhXgrb/IyhjKMVa
-UYUV/yQgVOqbv5VJnQFTuZrTm5yF47em99wmlZ06cJk0Q6I3QLkBjQRfpSGqAQwA
-0WyxXsatq9/kfN8Pd/tRjjUQlo0r9GuAKds8mKyWqk+hsOGYaTczL4qjne4Euwt1
-lWg2cC3jsX/9Ai4IX79Kkt4hOk0RbW76+YJJiL6CwsyfyPJASEq2ZqoVBgUJuBbw
-uEpMe0OL9ciEJ5oRLwZNgLXZZoHQaYlthHycvC3vEPeTtpGwYj+DfGQmt3af77i9
-0xQa1uor3QcvmmkDUb7/6Xv0Qwn8/sQ+GKyPhFia/OOZ50gnGVv2qKCFK1oaWNGz
-I5ywhD2Ij2j9ah9M08CEgWVFFibf7PRIq78yRoV9+ZCjWlIq0m2LjCykV9aEnWuw
-rWJaUtLn3i2roMieOIILhUUgDemAIV+vlbIlxZDp+XGsbhZ+MJpMUwpfEKK3Q7sD
-8tPbH6/2QpPnAezVUnwJJAg8pMLo+QzhTAd3PyPdIkc3yVQQuCycU9El7ysKhmiS
-AgqZjqrtPnU4y7SY1II1y/XDFDIuw2MggdolNahzx5VTKrNm5LYUT0m5XQmCehtJ
-ABEBAAGJAbwEGAEIACYWIQTFMBghgDfv6cesuTGwIKs7vZC0mAUCX6UhqgIbDAUJ
-A8JnAAAKCRCwIKs7vZC0mI4eC/0cMG9+fZfyq8V7wB47L/qmfS0O+bSE4AlZjtoa
-30UqbW8Yp2oa1uZXaF8loC3RW9d7VdnSh6K5vSnHh/0+OkwqAbpYDaF6Kuk/zVHX
-r4vQ1FaE1uzZisaqEORW/LG+oWiOFDhF7lXGVKj7iXwfFVVudDxHLHj34dC9rrsm
-5cTNdHalP0OW00H17nM/R4CR62mkhIM7zUuA1Z8MxSa8I3A9SL35G9iaWRYXE892
-KcPYSAgLna7rW+gHD1QI0sqsR6qdaojO5BDVrEYnP58D5aCOTeZ50ACO43JaZlYm
-o3jdqBvvYKpYuJ2is1T3unnrY6ztblz78OE+37d9gyAp1j0dhIzOfdpSHCyUYUQL
-4YNGLs/3yfelr1XXLwYXzKlioNDu7k4rggwN3td1122p3U1vfVY4qb2eTyjDPizb
-NdtbiWRXKFibzG0OoiAaq0ZC8nZsP6xy7vmI05hN7PocAWllJVdpaXVh75OViGaj
-KuNFGWsKI1qTd1aEMRQzT4s+JJM=
-=8257
-----END PGP PUBLIC KEY BLOCK-----
--- a/apps/cic-meta/tests/server.ts
+++ b/apps/cic-meta/tests/server.ts
@@ -1,317 +0,0 @@
-import Automerge = require('automerge');
-import assert = require('assert');
-import fs = require('fs');
-import pgp = require('openpgp');
-import sqlite = require('sqlite3');
-
-import * as handlers from '../scripts/server/handlers';
-import { Envelope, Syncable, ArgPair } from '../src/sync';
-import { PGPKeyStore, PGPSigner, KeyStore, Signer } from '../src/auth';
-import { SqliteAdapter } from '../src/db';
-
-function createKeystore() {
-	const pksa = fs.readFileSync(__dirname + '/privatekeys.asc', 'utf-8');
-	const pubksa = fs.readFileSync(__dirname + '/publickeys.asc', 'utf-8');
-	return new Promise<PGPKeyStore>((whohoo, doh) => {
-		let keystore = undefined;
-		try {
-			keystore = new PGPKeyStore('merman', pksa, pubksa, pubksa, pubksa, () => {
-				whohoo(keystore);
-			});
-		} catch(e) {
-			doh(e);
-		}
-		if (keystore === undefined) {
-			doh();
-		}
-	});
-}
-
-function createDatabase(sqlite_file:string):Promise<any> {
-	try {
-		fs.unlinkSync(sqlite_file);
-	} catch {
-	}
-	return new Promise((whohoo, doh) => {
-		//const db = new sqlite.Database(sqlite_file, (e) => {
-		const dbconf = {
-			name: sqlite_file,
-			port: undefined,
-			host: undefined,
-			user: undefined,
-			password: undefined,
-		}
-		const db = new SqliteAdapter(dbconf);//, (e) => {
-//			if (e) {
-//				doh(e);
-//				return;
-//			}
-			const sql = `CREATE TABLE store (
-id integer primary key autoincrement,
-owner_fingerprint text not null,
-hash char(64) not null unique,
-content text not null
-);
-`
-
-			console.log(sql);
-			db.query(sql, (e) => {
-				if (e) {
-					doh(e);
-					return;
-				}
-				whohoo(db);
-			});
-//		});
-	});
-}
-
-function wrap(s:Syncable, signer:Signer) {
-	return new Promise<Envelope>((whohoo, doh) => {
-		s.setSigner(signer);
-		s.onwrap = async (env) => {
-			if (env === undefined) {
-				doh();
-				return;
-			}
-			whohoo(env);
-		}
-		s.sign();
-	});
-}
-
-async function signData(d:string, keyStore:KeyStore) {
-	const digest = await pgp.message.fromText(d);
-	const opts = {
-		message: digest,
-		privateKeys: [keyStore.getPrivateKey()],
-		detached: true,
-	};
-	const signature = await pgp.sign(opts);
-	return {
-		data: signature.signature,
-		engine: 'pgp',
-		algo: 'sha256',
-		digest: d,
-	};
-}
-
-describe('server', async () => {
-	await it('put_client_then_retrieve', async () => {
-		const keystore = await createKeystore();
-
-		const signer = new PGPSigner(keystore);
-
-		const digest = 'deadbeef';
-		const s = new Syncable(digest, {
-			bar: 'baz',
-		});
-		
-		const db = await createDatabase(__dirname + '/db.one.sqlite');
-
-		let env = await wrap(s, signer);
-		let j = env.toJSON();
-		const content = await handlers.handleClientMergePut(j, db, digest, keystore, signer);
-		assert(content); // true-ish
-
-		let v = await handlers.handleNoMergeGet(db, digest, keystore);
-		if (v === undefined) {
-			db.close();
-			assert.fail('');
-		}
-
-		v = await handlers.handleClientMergeGet(db, digest, keystore);
-		if (v === undefined) {
-			db.close();
-			assert.fail('');
-		}
-
-		db.close();
-	});
-
-	await it('client_merge', async () => {
-		const keystore = await createKeystore();
-		const signer = new PGPSigner(keystore);
-
-		const db = await createDatabase(__dirname + '/db.two.sqlite');
-
-		// create new, sign, wrap
-		const digest = 'deadbeef';
-		let s = new Syncable(digest, {
-			bar: 'baz',
-		});
-		await wrap(s, signer)
-
-		// create client branch, sign, wrap, and serialize
-		let update = new ArgPair('baz', 666)
-		s.update([update], 'client branch');
-		let env = await wrap(s, signer)
-		const j_client = env.toJSON();
-
-		// create server branch, sign, wrap, and serialize
-		update = new ArgPair('baz', [1,2,3]);
-		s.update([update], 'client branch');
-		env = await wrap(s, signer)
-		const j_server = env.toJSON();
-
-		assert.notDeepEqual(j_client, j_server);
-
-		let v = await handlers.handleClientMergePut(j_server, db, digest, keystore, signer);
-		assert(v); // true-ish
-
-		v = await handlers.handleClientMergePut(j_client, db, digest, keystore, signer);
-		assert(v); // true-ish
-		
-		const j = await handlers.handleClientMergeGet(db, digest, keystore);
-
-		env = Envelope.fromJSON(j);
-		s = env.unwrap();
-		
-		db.close();
-	});
-
-	await it('server_merge', async () => {
-		const keystore = await createKeystore();
-		const signer = new PGPSigner(keystore);
-
-		const db = await createDatabase(__dirname + '/db.three.sqlite');
-
-		const digest = 'deadbeef';
-		let s = new Syncable(digest, {
-			bar: 'baz',
-		});
-		let env = await wrap(s, signer)
-		let j:any = env.toJSON();
-
-		let v = await handlers.handleClientMergePut(j, db, digest, keystore, signer);
-		assert(v); // true-ish
-
-		j = await handlers.handleNoMergeGet(db, digest, keystore);
-		assert(v); // true-ish
-
-		let o = JSON.parse(j);
-		o.bar = 'xyzzy';
-		j = JSON.stringify(o);
-
-		let signMaterial = await handlers.handleServerMergePost(j, db, digest, keystore, signer);
-		assert(signMaterial)
-
-		env = Envelope.fromJSON(signMaterial);
-		const w = env.unwrap();
-
-		console.log('jjjj', w, env);
-
-		const signedData = await signData(w.m.signature.digest, keystore);
-
-		o = {
-			'm': env,
-			's': signedData,
-		}
-		j = JSON.stringify(o);
-
-		v = await handlers.handleServerMergePut(j, db, digest, keystore, signer);
-		assert(v);
-
-		j = await handlers.handleNoMergeGet(db, digest, keystore);
-		assert(j); // true-ish
-		o = JSON.parse(j);
-		console.log(o);
-
-		db.close();
-	});
-
-	await it('server_merge', async () => {
-		const keystore = await createKeystore();
-		const signer = new PGPSigner(keystore);
-
-		const db = await createDatabase(__dirname + '/db.three.sqlite');
-
-		const digest = 'deadbeef';
-		let s = new Syncable(digest, {
-			bar: 'baz',
-		});
-		let env = await wrap(s, signer)
-		let j:any = env.toJSON();
-
-		let v = await handlers.handleClientMergePut(j, db, digest, keystore, signer);
-		assert(v); // true-ish
-
-		j = await handlers.handleNoMergeGet(db, digest, keystore);
-		assert(v); // true-ish
-
-		let o = JSON.parse(j);
-		o.bar = 'xyzzy';
-		j = JSON.stringify(o);
-
-		let signMaterial = await handlers.handleServerMergePost(j, db, digest, keystore, signer);
-		assert(signMaterial)
-
-		env = Envelope.fromJSON(signMaterial);
-
-		console.log('envvvv', env);
-
-		const signedData = await signData(env.o['digest'], keystore);
-		console.log('signed', signedData);
-
-		o = {
-			'm': env,
-			's': signedData,
-		}
-		j = JSON.stringify(o);
-		console.log(j);
-
-		v = await handlers.handleServerMergePut(j, db, digest, keystore, signer);
-		assert(v);
-
-		j = await handlers.handleNoMergeGet(db, digest, keystore);
-		assert(j); // true-ish
-		o = JSON.parse(j);
-		console.log(o);
-
-		db.close();
-	});
-
-
-
-//	await it('server_merge_empty', async () => {
-//		const keystore = await createKeystore();
-//		const signer = new PGPSigner(keystore);
-//
-//		const db = await createDatabase(__dirname + '/db.three.sqlite');
-//
-//		const digest = '0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef';
-//		let o:any = {
-//			foo: 'bar',
-//			xyzzy: 42,
-//		}
-//		let j:any = JSON.stringify(o);
-//
-//		let signMaterial = await handlers.handleServerMergePost(j, db, digest, keystore, signer);
-//		assert(signMaterial)
-//
-//		const env = Envelope.fromJSON(signMaterial);
-//
-//		console.log('envvvv', env);
-//
-//		const signedData = await signData(env.o['digest'], keystore);
-//		console.log('signed', signedData);
-//
-//		o = {
-//			'm': env,
-//			's': signedData,
-//		}
-//		j = JSON.stringify(o);
-//		console.log(j);
-//
-//		let v = await handlers.handleServerMergePut(j, db, digest, keystore, signer);
-//		assert(v);
-//
-//		j = await handlers.handleNoMergeGet(db, digest, keystore);
-//		assert(j); // true-ish
-//		o = JSON.parse(j);
-//		console.log(o);
-//
-//		db.close();
-//	});
-});
-
--- a/apps/cic-meta/tsconfig.json
+++ b/apps/cic-meta/tsconfig.json
@@ -1,24 +0,0 @@
-{
-  "compilerOptions": {
-    "baseUrl": ".",
-    "outDir": "./dist.browser",
-    "target": "es5",
-    "module": "commonjs",
-    "moduleResolution": "node",
-    "lib": ["es2016", "dom", "es5"],
-    "esModuleInterop": true,
-    "allowJs": true,
-    "resolveJsonModule": true
-  },
-  "exclude": [
-    "node_modules",
-    "dist",
-    "scripts",
-    "tests"
-  ],
-  "include": [
-    "src/**/*",
-    "scripts/server/*",
-    "index.ts"
-  ]
-}
--- a/apps/cic-meta/webpack.config.js
+++ b/apps/cic-meta/webpack.config.js
@@ -1,24 +0,0 @@
-var webpack = require('webpack');
-const path = require('path');
-
-module.exports = {
-  entry: {
-    index: './dist/index.js',
-  },
-  output: {
-    path: path.resolve(__dirname, 'dist-web'),
-    filename: 'cic-meta.web.js',
-    library: 'cicMeta',
-    libraryTarget: 'window'
-  },
-  mode: 'development',
-  performance: {
-    hints: false
-  },
-  stats: 'errors-only',
-  resolve: {
-	  fallback: {
-		  "crypto": false,
-	  },
-  },
-};
--- a/apps/cic-notify/.gitlab-ci.yml
+++ b/apps/cic-notify/.gitlab-ci.yml
@@ -3,19 +3,20 @@
        APP_NAME: cic-notify
        DOCKERFILE_PATH: $APP_NAME/docker/Dockerfile

-.cic_notify_changes_target:
+.this_changes_target:
    rules:
        - changes:
            - $CONTEXT/$APP_NAME/*

 build-mr-cic-notify:
    extends:
-        - .cic_notify_changes_target
+        - .this_changes_target
        - .py_build_merge_request
        - .cic_notify_variables

 build-push-cic-notify:
    extends:
+        - .this_changes_target
        - .py_build_push
        - .cic_notify_variables
        
--- a/apps/cic-notify/docker/Dockerfile
+++ b/apps/cic-notify/docker/Dockerfile
@@ -14,9 +14,7 @@ RUN pip install -r $root_requirement_file $pip_extra_index_url_flag
 COPY cic-notify/setup.cfg \
 	 cic-notify/setup.py \
     ./
-
 COPY cic-notify/cic_notify/ ./cic_notify/
-
 COPY cic-notify/requirements.txt \
 	 cic-notify/test_requirements.txt \
     ./
--- a/apps/cic-notify/docker/Dockerfile.service
+++ b/apps/cic-notify/docker/Dockerfile.service
@@ -0,0 +1,13 @@
+FROM grassrootseconomics:cic-notify
+
+#FROM python:3.8.6-alpine
+
+#RUN apk update && \
+#	apk add gnupg libpq
+
+#COPY --from=0 /usr/local/ /usr/local/
+#COPY --from=0 /root/ /root/
+
+#RUN apk add bash
+
+WORKDIR /root
--- a/apps/cic-ussd/.gitlab-ci.yml
+++ b/apps/cic-ussd/.gitlab-ci.yml
@@ -3,20 +3,21 @@
        APP_NAME: cic-ussd
        DOCKERFILE_PATH: $APP_NAME/docker/Dockerfile

-.cic_ussd_changes_target:
+.this_changes_target:
    rules:
        - changes:
            - $CONTEXT/$APP_NAME/*

 build-mr-cic-ussd:
    extends:
-        - .cic_ussd_changes_target
+        - .this_changes_target
        - .py_build_merge_request
        - .cic_ussd_variables

 build-push-cic-ussd:
    extends:
+        - .this_changes_target
        - .py_build_push
        - .cic_ussd_variables
-
+        

--- a/apps/cic-ussd/docker/Dockerfile
+++ b/apps/cic-ussd/docker/Dockerfile
@@ -39,8 +39,6 @@ COPY cic-ussd/docker/db.sh \
     /root/

 RUN chmod +x /root/*.sh
-RUN cd cic-ussd && \
-    pip install $pip_extra_index_url_flag .


 # copy config and migration files to definitive file so they can be referenced in path definitions for running scripts
--- a/apps/cic-ussd/docker/start_tasker.sh
+++ b/apps/cic-ussd/docker/start_tasker.sh
@@ -1,5 +1,5 @@
 #!/bin/bash

-. /root/db.sh
+. ./db.sh

 /usr/local/bin/cic-ussd-tasker -vv "$@"
--- a/apps/cic-ussd/docker/start_uwsgi.sh
+++ b/apps/cic-ussd/docker/start_uwsgi.sh
@@ -1,5 +1,5 @@
 #!/bin/bash

-. /root/db.sh
+. ./db.sh

-/usr/local/bin/uwsgi --wsgi-file /usr/local/lib/python3.8/site-packages/cic_ussd/runnable/server.py --http :9000 --pyargv "-vv"
+/usr/local/bin/uwsgi --wsgi-file /usr/local/lib/python3.8/site-packages/cic_ussd/runnable/server.py --http :80 --pyargv "-vv"
--- a/apps/cic-ussd/requirements.txt
+++ b/apps/cic-ussd/requirements.txt
@@ -6,10 +6,10 @@ betterpath==0.2.2
 billiard==3.6.3.0
 celery==4.4.7
 cffi==1.14.3
-cic-eth~=0.10.0a22
+cic-eth~=0.10.0a9
 cic-notify==0.3.1
 click==7.1.2
-confini~=0.3.6a1
+confini==0.3.5
 cryptography==3.2.1
 faker==4.17.1
 iniconfig==1.1.1
--- a/apps/contract-migration/.gitlab-ci.yml
+++ b/apps/contract-migration/.gitlab-ci.yml
@@ -3,18 +3,19 @@
        APP_NAME: contract-migration
        DOCKERFILE_PATH: $APP_NAME/docker/Dockerfile

-.contract_migration_changes_target:
+.this_changes_target:
    rules:
        - changes:
            - $CONTEXT/$APP_NAME/*

 build-mr-contract-migration:
    extends:
-        - .contract_migration_changes_target
+        - .this_changes_target
        - .py_build_merge_request
        - .contract_migration_variables

 build-push-contract-migration:
    extends:
+        - .this_changes_target
        - .py_build_push
        - .contract_migration_variables
--- a/apps/contract-migration/docker/Dockerfile
+++ b/apps/contract-migration/docker/Dockerfile
@@ -10,7 +10,7 @@ RUN apk update && \
 	
 WORKDIR /usr/src

-ARG cic_config_commit=35c69ba75f00c8147150acf325565d5391cf25bf
+ARG cic_config_commit=2fa9fd511f6782a0a527d730edb52a3fe86f571b
 ARG cic_config_url=https://gitlab.com/grassrootseconomics/cic-config.git/
 RUN echo Install confini schema files && \
 	git clone --depth 1 $cic_config_url cic-config && \
@@ -40,7 +40,6 @@ RUN echo Install ABI collection for solidity interfaces used across all componen
 FROM python:3.8.6-slim-buster

 COPY --from=1 /usr/local/share/cic/ /usr/local/share/cic/
-COPY --from=1 /usr/local/etc/ /usr/local/etc/

 LABEL authors="Louis Holbrook <dev@holbrook.no> 0826EDA1702D1E87C6E2875121D2E7BB88C2A746"
 LABEL spdx-license-identifier="GPL-3.0-or-later"
@@ -105,63 +104,72 @@ RUN cd root && \
 RUN cd cic-bancor/python && \
 	pip install --extra-index-url $pip_extra_index_url .

-RUN echo installing common python tooling
-ARG cic_python_commit=beecee783ceac2ea0fa711f888ce4c82f1a81490
-ARG cic_python_url=https://gitlab.com/grassrootseconomics/cic-python.git/
-RUN echo Install sum of python dependencies across all components && \
-	git clone --depth 1 $cic_python_url cic-python && \
-	cd cic-python && \
-	git fetch --depth 1 origin $cic_python_commit && \
-	git checkout $cic_python_commit && \
-	pip install --extra-index-url $pip_extra_index_url -r requirements.txt
-
-RUN echo Install dev-only provisions
 ARG cryptocurrency_cli_tools_version=0.0.4
-RUN pip install --extra-index-url $pip_extra_index_url cryptocurrency-cli-tools==$cryptocurrency_cli_tools_version
+# RUN pip install --extra-index-url $pip_extra_index_url cryptocurrency-cli-tools==$cryptocurrency_cli_tools_version

-RUN echo Install smart contract interface implementations, least frequently changed first
-ARG giftable_erc20_token_version=0.0.7b7
-RUN pip install --extra-index-url $pip_extra_index_url giftable-erc20-token==$giftable_erc20_token_version 
+ARG giftable_erc20_token_version=0.0.7b1
+# RUN pip install --extra-index-url $pip_extra_index_url giftable-erc20-token==$giftable_erc20_token_version 

-ARG eth_accounts_index_version=0.0.10a6
-RUN pip install --extra-index-url $pip_extra_index_url eth-accounts-index==$eth_accounts_index_version
+ARG eth_accounts_index_version=0.0.10a2
+# RUN pip install --extra-index-url $pip_extra_index_url eth-accounts-index==$eth_accounts_index_version

-ARG erc20_approval_escrow_version=0.3.0a4
-RUN pip install --extra-index-url $pip_extra_index_url erc20-approval-escrow==$erc20_approval_escrow_version 
+ARG erc20_approval_escrow_version=0.3.0a1
+# RUN pip install --extra-index-url $pip_extra_index_url erc20-approval-escrow==$erc20_approval_escrow_version 

-ARG erc20_single_shot_faucet_version=0.2.0a5
-RUN pip install --extra-index-url $pip_extra_index_url erc20-single-shot-faucet==$erc20_single_shot_faucet_version 
+ARG erc20_single_shot_faucet_version=0.2.0a1
+# RUN pip install --extra-index-url $pip_extra_index_url erc20-single-shot-faucet==$erc20_single_shot_faucet_version 

-ARG eth_address_index_version==0.1.0a8
-RUN pip install --extra-index-url $pip_extra_index_url eth-address-index==$eth_address_index_version
+ARG eth_address_index_version==0.1.0a1
+# RUN pip install --extra-index-url $pip_extra_index_url eth-address-index==$eth_address_index_version

-RUN echo Install cic specific python packages
-ARG cic_registry_version=0.5.3a11
-RUN pip install  --extra-index-url  $pip_extra_index_url  cic-registry==$cic_registry_version
-
-RUN echo Install misc helpers
-
-ARG crypto_dev_signer_version==0.4.13rc2
-RUN pip install  --extra-index-url $pip_extra_index_url crypto-dev-signer==$crypto_dev_signer_version
-
-ARG eth_gas_proxy_version==0.0.1a4
-RUN pip install  --extra-index-url $pip_extra_index_url eth-gas-proxy==$eth_gas_proxy_version
+# RUN echo Install cic specific python packages
+ARG  cic_registry_version=0.5.3a4
+# RUN pip install  --extra-index-url  $pip_extra_index_url  cic-registry==$cic_registry_version

+# RUN pip install  --extra-index-url $pip_extra_index_url  crypto-dev-signer==0.4.13b9
 WORKDIR /root

+# RUN pip install --extra-index-url $pip_extra_index_url  crypto-dev-signer==0.4.12
+
+RUN pip install --extra-index-url $pip_extra_index_url \
+	cryptocurrency-cli-tools==$cryptocurrency_cli_tools_version \
+	giftable-erc20-token==$giftable_erc20_token_version \
+	eth-accounts-index==$eth_accounts_index_version \
+	erc20-approval-escrow==$erc20_approval_escrow_version \
+	erc20-single-shot-faucet==$erc20_single_shot_faucet_version \
+	cic-registry==$cic_registry_version \
+	crypto-dev-signer==0.4.13b9
+
+
 COPY contract-migration/testdata/pgp testdata/pgp
-COPY contract-migration/wait-for-it.sh .
-RUN chmod +x ./wait-for-it.sh

-# COPY contract-migration/.env_config_template .env_config_template
-# COPY contract-migration/.env_dockercompose_template .env_dockercompose_template
+RUN mkdir -vp /tmp/cic/pgp
+COPY contract-migration/testdata/pgp/* /tmp/cic/pgp/

-COPY contract-migration/reset.sh reset.sh
-COPY contract-migration/from_env.sh from_env.sh
-COPY contract-migration/seed_cic_eth.sh seed_cic_eth.sh
-COPY contract-migration/sarafu_declaration.json sarafu_declaration.json
+# COPY .env_config_template .env_config_template
+# COPY .env_dockercompose_template .env_dockercompose_template
+
+COPY contract-migration/reset.sh .
+# COPY data.sh data.sh
 COPY contract-migration/keystore keystore
+COPY contract-migration/wait-for-it.sh .
+RUN chmod +x reset.sh wait-for-it.sh

 LABEL version="4"

-ENTRYPOINT [ "/bin/bash" ]
+# DEFAULTS ASSUME THE FOLLOWING MNEMONIC ON GANACHE-CLI
+# history stumble mystery avoid embark arrive mom foil pledge keep grain dice
+ENV DEV_ETH_ACCOUNT_RESERVE_OWNER="0xc14958CD9A605AB0d9A36850362AaD2b9D42DF97"
+ENV DEV_ETH_ACCOUNT_RESERVE_MINTER="0xe3C4db5947409Aff0FF8D643047EA41515cA4B8e"
+ENV DEV_ETH_ACCOUNT_CONTRACT_DEPLOYER="0xEb3907eCad74a0013c259D5874AE7f22DcBcC95C"
+ENV DEV_ETH_ACCOUNT_ACCOUNTS_INDEX_OWNER="0x1AB26f3AAaaa884B651E213508592F3Ec6BfCe74"
+ENV DEV_ETH_ACCOUNT_ACCOUNTS_INDEX_WRITER="0xACB0BC74E1686D62dE7DC6414C999EA60C09F0eA"
+ENV DEV_ETH_RESERVE_AMOUNT="1000000000000000000000000"
+ENV CIC_CHAIN_SPEC="Bloxberg:8995"
+ENV CIC_DATA_DIR="/tmp/cic/config"
+
+# populated internally when running provisioning script (reset.sh)
+# ENV DEV_ETH_RESERVE_ADDRESS
+# ENV BANCOR_REGISTRY_ADDRESS
+# ENV DEV_ETH_ACCOUNTS_INDEX_ADDRESS
+
--- a/apps/contract-migration/from_env.sh
+++ b/apps/contract-migration/from_env.sh
@@ -1,9 +0,0 @@
-#!/bin/bash
-
-while read l; do
-	e=${!l}
-	if [ ! -z $e ]; then
-		>&2 echo "saving env var $l = $e"
-		echo "$l=$e"
-	fi
-done
--- a/apps/contract-migration/reset.sh
+++ b/apps/contract-migration/reset.sh
@@ -1,11 +1,5 @@
 #!/bin/bash

-set -a
-
-DEV_ETH_ACCOUNT_CONTRACT_DEPLOYER=0xEb3907eCad74a0013c259D5874AE7f22DcBcC95C
-DEV_ETH_ACCOUNT_RESERVE_MINTER=${DEV_ETH_ACCOUNT_RESERVE_MINTER:-$DEV_ETH_ACCOUNT_CONTRACT_DEPLOYER}
-DEV_ETH_ACCOUNT_ACCOUNTS_INDEX_WRITER=${DEV_ETH_ACCOUNT_RESERVE_MINTER:-$DEV_ETH_ACCOUNT_CONTRACT_DEPLOYER}
-DEV_ETH_RESERVE_AMOUNT=${DEV_ETH_RESERVE_AMOUNT:-""10000000000000000000000000000000000}
 keystore_file=$(realpath ./keystore/UTC--2021-01-08T17-18-44.521011372Z--eb3907ecad74a0013c259d5874ae7f22dcbcc95c)

 echo "environment:"
@@ -18,8 +12,7 @@ echo \n
 # define these parameters at runtime
 # pushd /usr/src

-init_level_file=${CIC_DATA_DIR}/.init
-echo -n 1 > $init_level_file
+#!/bin/sh

 # Abort on any error (including if wait-for-it fails).
 set -e
@@ -29,7 +22,8 @@ if [[ -n "${ETH_PROVIDER}" ]]; then
 	echo "waiting for ${ETH_PROVIDER}..."
  	./wait-for-it.sh "${ETH_PROVIDER_HOST}:${ETH_PROVIDER_PORT}"

-	DEV_ETH_RESERVE_ADDRESS=`giftable-token-deploy -p $ETH_PROVIDER -y $keystore_file -i $CIC_CHAIN_SPEC --account $DEV_ETH_ACCOUNT_RESERVE_MINTER --minter $DEV_ETH_ACCOUNT_RESERVE_MINTER -v -w --name "Sarafu" --symbol "SRF" $DEV_ETH_RESERVE_AMOUNT`
+	#DEV_ETH_RESERVE_ADDRESS=`giftable-token-deploy -p $ETH_PROVIDER -o $DEV_ETH_ACCOUNT_RESERVE_OWNER -m $DEV_ETH_ACCOUNT_RESERVE_MINTER $DEV_ETH_RESERVE_AMOUNT`
+	DEV_ETH_RESERVE_ADDRESS=`giftable-token-deploy -p $ETH_PROVIDER -y $keystore_file -i $CIC_CHAIN_SPEC --minter $DEV_ETH_ACCOUNT_RESERVE_MINTER -v -w --name "Sarafu" --symbol "SRF" $DEV_ETH_RESERVE_AMOUNT`

 	#BANCOR_REGISTRY_ADDRESS=`cic-bancor-deploy --bancor-dir /usr/local/share/cic/bancor -z $DEV_ETH_RESERVE_ADDRESS -p $ETH_PROVIDER -o $DEV_ETH_ACCOUNT_CONTRACT_DEPLOYER`

@@ -39,12 +33,6 @@ if [[ -n "${ETH_PROVIDER}" ]]; then
 	cic-registry-set -y $keystore_file -r $CIC_REGISTRY_ADDRESS -i $CIC_CHAIN_SPEC -k CICRegistry  -p $ETH_PROVIDER $CIC_REGISTRY_ADDRESS -vv
 	#cic-registry-set -r $CIC_REGISTRY_ADDRESS -i $CIC_CHAIN_SPEC -k BancorRegistry -p $ETH_PROVIDER $BANCOR_REGISTRY_ADDRESS -vv
 	cic-registry-set -y $keystore_file -r $CIC_REGISTRY_ADDRESS -i $CIC_CHAIN_SPEC -k AccountRegistry -p $ETH_PROVIDER $CIC_ACCOUNTS_INDEX_ADDRESS  -vv
-
-	# Deploy address declarator registry
-	>&2 echo "deploy address declarator contract"
-	declarator_description=0x546869732069732074686520434943206e6574776f726b000000000000000000
-	CIC_DECLARATOR_ADDRESS=`eth-address-declarator-deploy -y $keystore_file -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -w -v $declarator_description`
-
 else
 	echo "\$ETH_PROVIDER not set!"
 	exit 1
@@ -56,18 +44,12 @@ mkdir -p $CIC_DATA_DIR
 cat << EOF > $CIC_DATA_DIR/.env
 export DEV_ETH_RESERVE_ADDRESS=$DEV_ETH_RESERVE_ADDRESS
 export DEV_ETH_RESERVE_AMOUNT=$DEV_ETH_RESERVE_AMOUNT
-export DEV_ETH_ACCOUNTS_INDEX_ADDRESS=$CIC_ACCOUNTS_INDEX_ADDRESS
+export DEV_ETH_ACCOUNTS_INDEX_ADDRESS=$DEV_ETH_ACCOUNTS_INDEX_ADDRESS
 export BANCOR_REGISTRY_ADDRESS=$BANCOR_REGISTRY_ADDRESS
 export CIC_REGISTRY_ADDRESS=$CIC_REGISTRY_ADDRESS

 EOF

-cat $CIC_DATA_DIR/envlist | bash from_env.sh > $CIC_DATA_DIR/.env_all
 # popd

-set +a
-set +e
-
-echo -n 2 > $init_level_file
-
 exec "$@"
--- a/apps/contract-migration/sarafu_declaration.json
+++ b/apps/contract-migration/sarafu_declaration.json
--- a/apps/contract-migration/seed_cic_eth.sh
+++ b/apps/contract-migration/seed_cic_eth.sh
@@ -1,148 +0,0 @@
-#!/bin/bash
-
-# defaults
-initlevel=`cat ${CIC_DATA_DIR}/.init`
-echo $inilevel
-if [ $initlevel -lt 2 ]; then
-	>&2 echo "initlevel too low $initlevel"
-	exit 1 
-fi
-source ${CIC_DATA_DIR}/.env
-source ${CIC_DATA_DIR}/.env_all
-DEV_PIP_EXTRA_INDEX_URL=${DEV_PIP_EXTRA_INDEX_URL:-https://pip.grassrootseconomics.net:8433}
-DEV_DATABASE_NAME_CIC_ETH=${DEV_DATABASE_NAME_CIC_ETH:-"cic-eth"}
-CIC_DATA_DIR=${CIC_DATA_DIR:-/tmp/cic} 
-
-# Debug flag
-#debug='-v'
-DEV_ETH_ACCOUNT_CONTRACT_DEPLOYER=0xEb3907eCad74a0013c259D5874AE7f22DcBcC95C
-keystore_file=./keystore/UTC--2021-01-08T17-18-44.521011372Z--eb3907ecad74a0013c259d5874ae7f22dcbcc95c
-debug='-vv'
-abi_dir=${ETH_ABI_DIR:-/usr/local/share/cic/solidity/abi}
-gas_amount=100000000000000000000000
-token_amount=${gas_amount}
-faucet_amount=1000000000
-env_out_file=${CIC_DATA_DIR}/.env_seed
-init_level_file=${CIC_DATA_DIR}/.init
-truncate $env_out_file -s 0
-
-
-set -e
-set -a
-
-pip install --extra-index-url $DEV_PIP_EXTRA_INDEX_URL cic-eth==0.10.0a25 chainlib==0.0.1a4
-
->&2 echo "create account for gas gifter"
-old_gas_provider=$DEV_ETH_ACCOUNT_GAS_PROVIDER
-DEV_ETH_ACCOUNT_GAS_GIFTER=`cic-eth-create $debug --redis-host-callback=$REDIS_HOST --redis-port-callback=$REDIS_PORT --no-register`
-echo DEV_ETH_ACCOUNT_GAS_GIFTER=$DEV_ETH_ACCOUNT_GAS_GIFTER >> $env_out_file
-cic-eth-tag GAS_GIFTER $DEV_ETH_ACCOUNT_GAS_GIFTER
-
->&2 echo "create account for sarafu gifter"
-DEV_ETH_ACCOUNT_SARAFU_GIFTER=`cic-eth-create $debug --redis-host-callback=$REDIS_HOST --redis-port-callback=$REDIS_PORT --no-register`
-echo DEV_ETH_ACCOUNT_SARAFU_GIFTER=$DEV_ETH_ACCOUNT_SARAFU_GIFTER >> $env_out_file
-cic-eth-tag SARAFU_GIFTER $DEV_ETH_ACCOUNT_SARAFU_GIFTER
-
->&2 echo "create account for approval escrow owner"
-DEV_ETH_ACCOUNT_TRANSFER_AUTHORIZATION_OWNER=`cic-eth-create $debug --redis-host-callback=$REDIS_HOST --redis-port-callback=$REDIS_PORT --no-register`
-echo DEV_ETH_ACCOUNT_TRANSFER_AUTHORIZATION_OWNER=$DEV_ETH_ACCOUNT_TRANSFER_AUTHORIZATION_OWNER >> $env_out_file
-cic-eth-tag TRANSFER_AUTHORIZATION_OWNER $DEV_ETH_ACCOUNT_TRANSFER_AUTHORIZATION_OWNER 
-
->&2 echo "create account for faucet owner"
-DEV_ETH_ACCOUNT_FAUCET_OWNER=`cic-eth-create $debug --redis-host-callback=$REDIS_HOST --redis-port-callback=$REDIS_PORT --no-register`
-echo DEV_ETH_ACCOUNT_GAS_GIFTER=$DEV_ETH_ACCOUNT_FAUCET_OWNER >> $env_out_file
-cic-eth-tag FAUCET_GIFTER $DEV_ETH_ACCOUNT_FAUCET_OWNER
-
->&2 echo "create account for accounts index owner"
-DEV_ETH_ACCOUNT_ACCOUNTS_INDEX_WRITER=`cic-eth-create $debug --redis-host-callback=$REDIS_HOST --redis-port-callback=$REDIS_PORT --no-register`
-echo DEV_ETH_ACCOUNT_ACCOUNTS_INDEX_WRITER=$DEV_ETH_ACCOUNT_ACCOUNTS_INDEX_WRITER >> $env_out_file
-cic-eth-tag ACCOUNTS_INDEX_WRITER $DEV_ETH_ACCOUNT_ACCOUNTS_INDEX_WRITER
-
-
-# Transfer gas to custodial gas provider adddress
->&2 echo gift gas to gas gifter
->&2 eth-gas -y $keystore_file -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -w $debug $DEV_ETH_ACCOUNT_GAS_GIFTER $gas_amount
-
->&2 echo gift gas to sarafu token owner
->&2 eth-gas -y $keystore_file -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -w $debug $DEV_ETH_ACCOUNT_SARAFU_GIFTER $gas_amount
-
->&2 echo gift gas to account index owner
->&2 eth-gas -y $keystore_file -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -w $debug $DEV_ETH_ACCOUNT_ACCOUNTS_INDEX_WRITER $gas_amount
-
-# Send token to token creator
->&2 echo "gift tokens to sarafu owner"
->&2 giftable-token-gift -y $keystore_file -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -a $DEV_ETH_RESERVE_ADDRESS --recipient $DEV_ETH_ACCOUNT_SARAFU_GIFTER -w $debug $token_amount
-
-# Send token to token gifter
->&2 echo "gift tokens to keystore address"
->&2 giftable-token-gift -y $keystore_file -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -a $DEV_ETH_RESERVE_ADDRESS --recipient $DEV_ETH_ACCOUNT_CONTRACT_DEPLOYER -w $debug $token_amount
-
-
->&2 echo "set sarafu token to reserve token (temporarily while bancor contracts are not connected)"
-echo DEV_ETH_SARAFU_TOKEN_ADDRESS=$DEV_ETH_RESERVE_ADDRESS >> $env_out_file
-export DEV_ETH_SARAFU_TOKEN_ADDRESS=$DEV_ETH_RESERVE_ADDRESS
-
-# Transfer tokens to gifter address
->&2 echo "transfer sarafu tokens to token gifter address"
->&2 eth-transfer -y $keystore_file -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER --token-address $DEV_ETH_SARAFU_TOKEN_ADDRESS --abi-dir $abi_dir -w $debug $DEV_ETH_ACCOUNT_SARAFU_GIFTER ${token_amount:0:-1}
-
-
->&2 echo "deploy transfer authorization contract"
-CIC_TRANSFER_AUTHORIZATION_ADDRESS=`erc20-approval-escrow-deploy -y $keystore_file -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER --approver $DEV_ETH_ACCOUNT_TRANSFER_AUTHORIZATION_OWNER -w $debug`
-echo CIC_APPROVAL_ESCROW_ADDRESS=$CIC_TRANSFER_AUTHORIZATION_ADDRESS  >> $env_out_file
-export CIC_TRANSFER_AUTHORIZATION_ADDRESS=$CIC_TRANSFER_AUTHORIZATION_ADDRESS 
-
-# Register transfer approval contract
->&2 echo "add transfer approval request contract to registry"
->&2 cic-registry-set -y $keystore_file -r $CIC_REGISTRY_ADDRESS -k TransferApproval -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -w $debug $CIC_TRANSFER_AUTHORIZATION_ADDRESS
-
-
-# Deploy one-time token faucet for newly created token
->&2 echo "deploy faucet"
-DEV_ETH_SARAFU_FAUCET_ADDRESS=`erc20-single-shot-faucet-deploy -y $keystore_file -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER --token-address $DEV_ETH_SARAFU_TOKEN_ADDRESS --editor $DEV_ETH_ACCOUNT_FAUCET_OWNER --set-amount $faucet_amount -w $debug`
-echo DEV_ETH_SARAFU_FAUCET_ADDRESS=$DEV_ETH_SARAFU_FAUCET_ADDRESS  >> $env_out_file
-export DEV_ETH_SARAFU_FAUCET_ADDRESS=$DEV_ETH_SARAFU_FAUCET_ADDRESS 
-
-# Transfer tokens to faucet contract
->&2 echo "transfer tokens to faucet contract"
->&2 eth-transfer  -y $keystore_file -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER --token-address $DEV_ETH_SARAFU_TOKEN_ADDRESS --abi-dir $abi_dir -w $debug $DEV_ETH_SARAFU_FAUCET_ADDRESS ${token_amount:0:-1}
-
-# Register faucet entry
->&2 echo "register faucet contract in registry"
->&2 cic-registry-set -y $keystore_file -r $CIC_REGISTRY_ADDRESS -k Faucet -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -w $debug $DEV_ETH_SARAFU_FAUCET_ADDRESS
-
-
->&2 echo "deploy token symbol index contract"
-CIC_TOKEN_INDEX_ADDRESS=`eth-token-index-deploy -y $keystore_file -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -w $debug`
-echo CIC_TOKEN_INDEX_ADDRESS=$CIC_TOKEN_INDEX_ADDRESS >> $env_out_file
-export CIC_TOKEN_INDEX_ADDRESS=$CIC_TOKEN_INDEX_ADDRESS
->&2 eth-token-index-add -y $keystore_file -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -r $CIC_TOKEN_INDEX_ADDRESS -w $debug $DEV_ETH_SARAFU_TOKEN_ADDRESS
-
-# Register token registry
->&2 echo "register token index in registry"
->&2 cic-registry-set -y $keystore_file -r $CIC_REGISTRY_ADDRESS -k TokenRegistry -i $CIC_CHAIN_SPEC -w -p $ETH_PROVIDER $CIC_TOKEN_INDEX_ADDRESS
-
->&2 echo "add declarations for sarafu token"
-token_description_one=`sha256sum sarafu_declaration.json | awk '{ print $1; }'`
-token_description_two=0x54686973206973207468652053617261667520746f6b656e0000000000000000
->&2 eth-address-declarator-add -y $keystore_file -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -r $CIC_DECLARATOR_ADDRESS -w $debug $DEV_ETH_SARAFU_TOKEN_ADDRESS $token_description_one
->&2 eth-address-declarator-add -y $keystore_file -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -r $CIC_DECLARATOR_ADDRESS -w $debug $DEV_ETH_SARAFU_TOKEN_ADDRESS $token_description_two
-
-
-# Register address declarator
->&2 echo "registry address declarator to registry"
->&2 cic-registry-set -y $keystore_file -r $CIC_REGISTRY_ADDRESS -k AddressDeclarator -i $CIC_CHAIN_SPEC -w -p $ETH_PROVIDER $CIC_DECLARATOR_ADDRESS 
-
-# We're done with the registry at this point, seal it off
->&2 echo "seal registry contract"
->&2 cic-registry-seal -y $keystore_file -i $CIC_CHAIN_SPEC -r $CIC_REGISTRY_ADDRESS -w -p $ETH_PROVIDER
-
-
-# Add accounts index writer with key from keystore
->&2 echo "add keystore account $keystore_file to accounts index writers"
->&2 eth-accounts-index-add -y $keystore_file -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -r $CIC_ACCOUNTS_INDEX_ADDRESS --writer $DEV_ETH_ACCOUNT_ACCOUNTS_INDEX_WRITER -w $debug
-
-echo -n 0 > $init_level_file
-
-set +a
-set +e
--- a/apps/requirements.txt
+++ b/apps/requirements.txt
@@ -3,14 +3,14 @@ alembic==1.4.2
 bcrypt==3.2.0
 celery==4.4.7
 confini==0.3.6a1
-crypto-dev-signer==0.4.13rc2
+crypto-dev-signer==0.4.13b10
 cryptography==3.2.1
 ecuth==0.4.5a1
-eth-accounts-index==0.0.10a7
-eth-address-index==0.1.0a7
+eth-accounts-index==0.0.10a5
+eth-address-index==0.1.0a5
 eth-tester==0.5.0b3
-erc20-approval-escrow==0.3.0a5
-erc20-single-shot-faucet==0.2.0a6
+erc20-approval-escrow==0.3.0a3
+erc20-single-shot-faucet==0.2.0a4
 faker==4.17.1
 http-hoba-auth==0.2.0
 moolb==0.1.0
@@ -40,4 +40,4 @@ websockets==8.1
 yaml-acl==0.0.1
 rlp==2.0.1
 cryptocurrency-cli-tools==0.0.4
-giftable-erc20-token==0.0.7b7
+giftable-erc20-token==0.0.7b5
--- a/ci_templates/.cic-template.yml
+++ b/ci_templates/.cic-template.yml
@@ -26,7 +26,7 @@ before_script:
    - cd $CONTEXT
  variables:
    CI_DEBUG_TRACE: "true"
-    IMAGE_TAG: $APP_NAME:$CI_COMMIT_SHORT_SHA
+    IMAGE_TAG: $APP_NAME:$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME-$CI_COMMIT_SHORT_SHA
  script:
    - docker build -t $IMAGE_TAG -f $DOCKERFILE_PATH .
  rules:
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -35,11 +35,11 @@ services:
      context: apps/bloxbergValidatorSetup
    restart: unless-stopped
    ports:
-      - ${DEV_ETH_PORT_HTTP:-63545}:8545
-      - ${DEV_ETH_PORT_WS-63546}:8546
+      - ${HTTP_PORT_ETH:-8545}
+      - 8546
      - 30303
    volumes:
-      - ./apps/bloxbergValidatorSetup/keys:/root/keys # stores the signing key locally
+      #- ./keys:/root/keys # stores the signing key locally
      - bloxberg-data:/root/.local/share/io.parity.ethereum/

  # See contents of /initdb/create_db.sql for app user, password and databases
@@ -47,18 +47,17 @@ services:
    image: postgres:12.5-alpine
    environment:
      POSTGRES_HOST_AUTH_METHOD: trust # for postgres user access w/o password. Obvioulsy not safe but allows easy elevated debugging.  
-      # PGDATA: /tmp/cic/postgres
+      PGDATA: /tmp/cic/postgres
    ports:
-      - ${DEV_POSTGRES_PORT:-63432}:5432
+      - 5432
    volumes:
-      - ./scripts/initdb/create_db.sql:/docker-entrypoint-initdb.d/1-create_all_db.sql 
-      - ./apps/cic-meta/scripts/initdb/postgresql.sh:/docker-entrypoint-initdb.d/2-init-cic-meta.sh
-      - postgres-db:/var/lib/postgresql/data
+      - ./scripts/initdb/create_db.sql:/docker-entrypoint-initdb.d/1-create_all_db.sql # init db scripts will run in order at container start
+      - postgres-db:/tmp/cic/postgres

  redis:
    image: redis:6.0.9-alpine
    ports:
-      - ${DEV_REDIS_PORT:-63379}:6379
+      - ${HTTP_PORT_REDIS:-6379}
    command: "--loglevel verbose"

  bee:
@@ -68,8 +67,8 @@ services:
      BEE_NETWORK_ID: ${BEE_NETWORK_ID:-313}
      BEE_PASSWORD: ${BEE_PASSWORD:-password}
    ports:
-      - ${DEV_BEE_PORT:-63633}:1633
-      - ${DEV_BEE_PORT_DEBUG:-63635}:1635
+      - 1633
+      - 1635
    command: "start --swap-enable=false --standalone"
    volumes:
      - bee-data:/tmp/cic/bee
@@ -85,50 +84,12 @@ services:
      ETH_PROVIDER_HOST: eth 
      ETH_PROVIDER_PORT: 8545
      CIC_CHAIN_SPEC: ${CIC_CHAIN_SPEC:-Bloxberg:8996}
-      CIC_DATA_DIR: ${CIC_DATA_DIR:-/tmp/cic/config}
    command: ["./reset.sh"]
    depends_on:
      - eth
    volumes:
      - contract-config:/tmp/cic/config

-  seed-cic-eth:
-    build:
-      context: apps/
-      dockerfile: contract-migration/docker/Dockerfile
-    environment:
-      # ETH_PROVIDER should be broken out into host/port but cic-eth expects this
-      ETH_PROVIDER: http://eth:8545
-      # And these two are for wait-for-it (could parse this)
-      ETH_PROVIDER_HOST: eth 
-      ETH_PROVIDER_PORT: 8545
-      CIC_CHAIN_SPEC: ${CIC_CHAIN_SPEC:-Bloxberg:8996}
-      CIC_DATA_DIR: ${CIC_DATA_DIR:-/tmp/cic/config}
-      DATABASE_HOST: ${DATABASE_HOST:-postgres}
-      DATABASE_PORT: ${DATABASE_PORT:-5432}
-      DATABASE_NAME: ${DEV_DATABASE_NAME_CIC_ETH:-cic_eth}
-      DATABASE_ENGINE: ${DATABASE_ENGINE:-postgresql}
-      DATABASE_DRIVER: ${DATABASE_DRIVER:-psycopg2}
-      DATABASE_USER: ${DATABASE_USER:-postgres}
-      REDIS_HOST: ${REDIS_HOST:-redis}
-      REDIS_PORT: ${REDIS_PORT:-6379}
-      REDIS_DB: ${REDIS_DB:-0}
-      CELERY_BROKER_URL: ${CELERY_BROKER_URL:-redis://redis:6379}
-      CELERY_RESULT_URL: ${CELERY_RESULT_URL:-redis://redis:6379}
-      DEV_PIP_EXTRA_INDEX_URL: ${DEV_PIP_EXTRA_INDEX_URL:-https://pip.grassrootseconomics.net:8433}
-    command: ["./seed_cic_eth.sh"]
-    deploy:
-      restart_policy:
-        condition: on-failure
-    depends_on:
-      - eth
-      - postgres
-      - redis
-      - cic-eth-tasker
-    volumes:
-      - contract-config:/tmp/cic/config
-
-
  # cic-cache-tracker:
  #   # image: registry.gitlab.com/grassrootseconomics/cic-cache:master-latest
  #   build: apps/cic-cache
@@ -193,7 +154,7 @@ services:
      DATABASE_USER: ${DATABASE_USER:-grassroots}
      DATABASE_HOST: ${DATABASE_HOST:-postgres}
      DATABASE_PASSWORD: ${DATABASE_PASSWORD:-tralala}
-      DATABASE_NAME: ${DATABASE_NAME_CIC_ETH:-cic_eth}
+      DATABASE_NAME: ${DATABASE_NAME_CIC_CACHE:-cic_cache}
      DATABASE_PORT: ${DATABASE_PORT:-5432}
      DATABASE_ENGINE: ${DATABASE_ENGINE:-postgres}
      DATABASE_DRIVER: ${DATABASE_DRIVER:-psycopg2}
@@ -229,20 +190,25 @@ services:
        context: apps/
        dockerfile: cic-eth/docker/Dockerfile
    environment:
+      CIC_REGISTRY_ADDRESS: $CIC_REGISTRY_ADDRESS
+      ETH_GAS_PROVIDER_ADDRESS: $DEV_ETH_ACCOUNT_GAS_PROVIDER
      ETH_PROVIDER: http://eth:8545
+      ETH_ABI_DIR: ${ETH_ABI_DIR:-/usr/local/share/cic/solidity/abi}
      DATABASE_USER: ${DATABASE_USER:-grassroots}
      DATABASE_HOST: ${DATABASE_HOST:-postgres}
      DATABASE_PASSWORD: ${DATABASE_PASSWORD:-tralala}
-      DATABASE_NAME: ${DATABASE_NAME_CIC_CACHE:-cic_eth}
+      DATABASE_NAME: ${DATABASE_NAME_CIC_CACHE:-cic_cache}
      DATABASE_PORT: ${DATABASE_PORT:-5432}
      DATABASE_ENGINE: ${DATABASE_ENGINE:-postgres}
      DATABASE_DRIVER: ${DATABASE_DRIVER:-psycopg2}
+      PGPASSWORD: ${DATABASE_PASSWORD:-tralala}
      CIC_CHAIN_SPEC: ${CIC_CHAIN_SPEC:-Bloxberg:8996}
-      CIC_REGISTRY_ADDRESS: $CIC_REGISTRY_ADDRESS
-        #BANCOR_DIR: $BANCOR_DIR
+      BANCOR_DIR: ${BANCOR_DIR:-/usr/local/share/cic/bancor}
      CELERY_BROKER_URL: ${CELERY_BROKER_URL:-redis://redis}
      CELERY_RESULT_URL: ${CELERY_RESULT_URL:-redis://redis}
-      TASKS_TRANSFER_CALLBACKS: $TASKS_TRANSFER_CALLBACKS
+      SIGNER_SOCKET_PATH: ${SIGNER_SOCKET_PATH:-/tmp/cic/signer/jsonrpc.ipc}
+      SIGNER_SECRET: ${SIGNER_SECRET:-deadbeef}
+      ETH_ACCOUNT_ACCOUNTS_INDEX_WRITER: ${DEV_ETH_ACCOUNT_ACCOUNTS_INDEX_WRITER:-0xACB0BC74E1686D62dE7DC6414C999EA60C09F0eA}
    depends_on:
      - eth
      - postgres
@@ -265,20 +231,25 @@ services:
        context: apps/
        dockerfile: cic-eth/docker/Dockerfile
    environment:
+      CIC_REGISTRY_ADDRESS: $CIC_REGISTRY_ADDRESS
+      ETH_GAS_PROVIDER_ADDRESS: $DEV_ETH_ACCOUNT_GAS_PROVIDER
      ETH_PROVIDER: http://eth:8545
+      ETH_ABI_DIR: ${ETH_ABI_DIR:-/usr/local/share/cic/solidity/abi}
      DATABASE_USER: ${DATABASE_USER:-grassroots}
      DATABASE_HOST: ${DATABASE_HOST:-postgres}
      DATABASE_PASSWORD: ${DATABASE_PASSWORD:-tralala}
-      DATABASE_NAME: ${DATABASE_NAME_CIC_CACHE:-cic_eth}
+      DATABASE_NAME: ${DATABASE_NAME_CIC_CACHE:-cic_cache}
      DATABASE_PORT: ${DATABASE_PORT:-5432}
      DATABASE_ENGINE: ${DATABASE_ENGINE:-postgres}
      DATABASE_DRIVER: ${DATABASE_DRIVER:-psycopg2}
+      PGPASSWORD: ${DATABASE_PASSWORD:-tralala}
      CIC_CHAIN_SPEC: ${CIC_CHAIN_SPEC:-Bloxberg:8996}
-      CIC_REGISTRY_ADDRESS: $CIC_REGISTRY_ADDRESS
-        #BANCOR_DIR: $BANCOR_DIR
+      BANCOR_DIR: ${BANCOR_DIR:-/usr/local/share/cic/bancor}
      CELERY_BROKER_URL: ${CELERY_BROKER_URL:-redis://redis}
      CELERY_RESULT_URL: ${CELERY_RESULT_URL:-redis://redis}
-      TASKS_TRANSFER_CALLBACKS: $TASKS_TRANSFER_CALLBACKS
+      SIGNER_SOCKET_PATH: ${SIGNER_SOCKET_PATH:-/tmp/cic/signer/jsonrpc.ipc}
+      SIGNER_SECRET: ${SIGNER_SECRET:-deadbeef}
+      ETH_ACCOUNT_ACCOUNTS_INDEX_WRITER: ${DEV_ETH_ACCOUNT_ACCOUNTS_INDEX_WRITER:-0xACB0BC74E1686D62dE7DC6414C999EA60C09F0eA}
    depends_on:
      - eth
      - postgres
@@ -301,22 +272,25 @@ services:
        context: apps/
        dockerfile: cic-eth/docker/Dockerfile
    environment:
+      CIC_REGISTRY_ADDRESS: $CIC_REGISTRY_ADDRESS
+      ETH_GAS_PROVIDER_ADDRESS: $DEV_ETH_ACCOUNT_GAS_PROVIDER
      ETH_PROVIDER: http://eth:8545
+      ETH_ABI_DIR: ${ETH_ABI_DIR:-/usr/local/share/cic/solidity/abi}
      DATABASE_USER: ${DATABASE_USER:-grassroots}
      DATABASE_HOST: ${DATABASE_HOST:-postgres}
      DATABASE_PASSWORD: ${DATABASE_PASSWORD:-tralala}
-      DATABASE_NAME: ${DATABASE_NAME_CIC_CACHE:-cic_eth}
+      DATABASE_NAME: ${DATABASE_NAME_CIC_CACHE:-cic_cache}
      DATABASE_PORT: ${DATABASE_PORT:-5432}
      DATABASE_ENGINE: ${DATABASE_ENGINE:-postgres}
      DATABASE_DRIVER: ${DATABASE_DRIVER:-psycopg2}
+      PGPASSWORD: ${DATABASE_PASSWORD:-tralala}
      CIC_CHAIN_SPEC: ${CIC_CHAIN_SPEC:-Bloxberg:8996}
-      CIC_REGISTRY_ADDRESS: $CIC_REGISTRY_ADDRESS
-        #BANCOR_DIR: $BANCOR_DIR
+      BANCOR_DIR: ${BANCOR_DIR:-/usr/local/share/cic/bancor}
      CELERY_BROKER_URL: ${CELERY_BROKER_URL:-redis://redis}
      CELERY_RESULT_URL: ${CELERY_RESULT_URL:-redis://redis}
-      TASKS_TRANSFER_CALLBACKS: $TASKS_TRANSFER_CALLBACKS
-      DATABASE_DEBUG: ${DATABASE_DEBUG:-true}
-
+      SIGNER_SOCKET_PATH: ${SIGNER_SOCKET_PATH:-/tmp/cic/signer/jsonrpc.ipc}
+      SIGNER_SECRET: ${SIGNER_SECRET:-deadbeef}
+      ETH_ACCOUNT_ACCOUNTS_INDEX_WRITER: ${DEV_ETH_ACCOUNT_ACCOUNTS_INDEX_WRITER:-0xACB0BC74E1686D62dE7DC6414C999EA60C09F0eA}
    depends_on:
      - eth
      - postgres
@@ -340,21 +314,26 @@ services:
        context: apps/
        dockerfile: cic-eth/docker/Dockerfile
    environment:
+      CIC_REGISTRY_ADDRESS: $CIC_REGISTRY_ADDRESS
+      ETH_GAS_PROVIDER_ADDRESS: $DEV_ETH_ACCOUNT_GAS_PROVIDER
      ETH_PROVIDER: http://eth:8545
+      ETH_ABI_DIR: ${ETH_ABI_DIR:-/usr/local/share/cic/solidity/abi}
      DATABASE_USER: ${DATABASE_USER:-grassroots}
      DATABASE_HOST: ${DATABASE_HOST:-postgres}
      DATABASE_PASSWORD: ${DATABASE_PASSWORD:-tralala}
-      DATABASE_NAME: ${DATABASE_NAME_CIC_CACHE:-cic_eth}
+      DATABASE_NAME: ${DATABASE_NAME_CIC_CACHE:-cic_cache}
      DATABASE_PORT: ${DATABASE_PORT:-5432}
      DATABASE_ENGINE: ${DATABASE_ENGINE:-postgres}
      DATABASE_DRIVER: ${DATABASE_DRIVER:-psycopg2}
+      PGPASSWORD: ${DATABASE_PASSWORD:-tralala}
      CIC_CHAIN_SPEC: ${CIC_CHAIN_SPEC:-Bloxberg:8996}
-      CIC_REGISTRY_ADDRESS: $CIC_REGISTRY_ADDRESS
-        #BANCOR_DIR: $BANCOR_DIR
+      BANCOR_DIR: ${BANCOR_DIR:-/usr/local/share/cic/bancor}
      CELERY_BROKER_URL: ${CELERY_BROKER_URL:-redis://redis}
      CELERY_RESULT_URL: ${CELERY_RESULT_URL:-redis://redis}
-      TASKS_TRANSFER_CALLBACKS: $TASKS_TRANSFER_CALLBACKS
-      CIC_TX_RETRY_DELAY: 15
+      SIGNER_SOCKET_PATH: ${SIGNER_SOCKET_PATH:-/tmp/cic/signer/jsonrpc.ipc}
+      SIGNER_SECRET: ${SIGNER_SECRET:-deadbeef}
+      ETH_ACCOUNT_ACCOUNTS_INDEX_WRITER: ${DEV_ETH_ACCOUNT_ACCOUNTS_INDEX_WRITER:-0xACB0BC74E1686D62dE7DC6414C999EA60C09F0eA}
+      CIC_TX_RETRY_DELAY: ${CIC_TX_RETRY_DELAY:-30}
    depends_on:
      - eth
      - postgres
@@ -375,19 +354,32 @@ services:

  cic-eth-server:
    build:
-      context: apps/
-      dockerfile: cic-eth/docker/Dockerfile
+        context: apps/
+        dockerfile: cic-eth/docker/Dockerfile
    environment:
-      CIC_CHAIN_SPEC: $CIC_CHAIN_SPEC
-      CELERY_BROKER_URL: $CELERY_BROKER_URL
-      CELERY_RESULT_URL: $CELERY_RESULT_URL
-      SERVER_PORT: 8000
+      CIC_REGISTRY_ADDRESS: $CIC_REGISTRY_ADDRESS
+      ETH_GAS_PROVIDER_ADDRESS: $DEV_ETH_ACCOUNT_GAS_PROVIDER
+      ETH_PROVIDER: http://eth:8545
+      ETH_ABI_DIR: ${ETH_ABI_DIR:-/usr/local/share/cic/solidity/abi}
+      DATABASE_USER: ${DATABASE_USER:-grassroots}
+      DATABASE_HOST: ${DATABASE_HOST:-postgres}
+      DATABASE_PASSWORD: ${DATABASE_PASSWORD:-tralala}
+      DATABASE_NAME: ${DATABASE_NAME_CIC_CACHE:-cic_cache}
+      DATABASE_PORT: ${DATABASE_PORT:-5432}
+      DATABASE_ENGINE: ${DATABASE_ENGINE:-postgres}
+      DATABASE_DRIVER: ${DATABASE_DRIVER:-psycopg2}
+      PGPASSWORD: ${DATABASE_PASSWORD:-tralala}
+      CIC_CHAIN_SPEC: ${CIC_CHAIN_SPEC:-Bloxberg:8996}
+      BANCOR_DIR: ${BANCOR_DIR:-/usr/local/share/cic/bancor}
+      CELERY_BROKER_URL: ${CELERY_BROKER_URL:-redis://redis}
+      CELERY_RESULT_URL: ${CELERY_RESULT_URL:-redis://redis}
+      SIGNER_SOCKET_PATH: ${SIGNER_SOCKET_PATH:-/tmp/cic/signer/jsonrpc.ipc}
+      SIGNER_SECRET: ${SIGNER_SECRET:-deadbeef}
+      ETH_ACCOUNT_ACCOUNTS_INDEX_WRITER: ${DEV_ETH_ACCOUNT_ACCOUNTS_INDEX_WRITER:-0xACB0BC74E1686D62dE7DC6414C999EA60C09F0eA}
    depends_on:
      - eth
      - postgres
      - redis
-    ports:
-      - ${HTTP_PORT_CIC_ETH:-63314}:8000
    deploy:
      restart_policy:
        condition: on-failure
@@ -413,9 +405,7 @@ services:


  cic-notify-tasker:
-    build:
-      context: apps/
-      dockerfile: cic-notify/docker/Dockerfile
+    image: grassrootseconomics:cic-notify-service
    environment:
      DATABASE_USER: ${DATABASE_USER:-grassroots}
      DATABASE_HOST: ${DATABASE_HOST:-postgres}
@@ -439,80 +429,75 @@ services:
    command: "/root/start_tasker.sh -q cic-notify"


-  cic-meta-server:
-    build:
-      context: apps/
-      dockerfile: cic-meta/docker/Dockerfile
-    environment:
-      DATABASE_NAME: ${DATABASE_NAME:-cic_meta}
-      DATABASE_ENGINE: ${DATABASE_ENGINE:-postgres}
-      DATABASE_DRIVER: ${DATABASE_DRIVER:-psycopg2}
-      DATABASE_USER: ${DATABASE_USER:-grassroots}
-      DATABASE_HOST: ${DATABASE_HOST:-postgres}
-      DATABASE_PORT: ${DATABASE_PORT:-5432}
-      SERVER_HOST: localhost
-      SERVER_PORT: 8000
-      DATABASE_SCHEMA_SQL_PATH: ""
-      PGP_EXPORTS_DIR: /tmp/src/cic-meta/tests/
-      PGP_PRIVATEKEY_FILE: privatekeys.asc
-      PGP_PASSPHRASE: merman
-      PGP_PUBLICKEY_TRUSTED_FILE: publickeys.asc
-      PGP_PUBLICKEY_ACTIVE_FILE: publickeys.asc
-      PGP_PUBLICKEY_ENCRYPT_FILE: publickeys.asc
-    ports:
-      - ${HTTP_PORT_CIC_META:-63380}:8000
-    depends_on:
-      - postgres
-    deploy:
-      restart_policy:
-        condition: on-failure
-    volumes:
-      - ${LOCAL_VOLUME_DIR:-/tmp/cic}/pgp:/tmp/cic/pgp
-    command: "/root/start_server.sh -vv"
+#   cic-meta-server:
+#     image: grassrootseconomics:cic-meta-server
+#     environment:
+#       DATABASE_USER: $DATABASE_USER
+#       DATABASE_HOST: $DATABASE_HOST
+#       DATABASE_PORT: $DATABASE_PORT
+#       DATABASE_PASSWORD: $DATABASE_PASSWORD
+#       DATABASE_NAME: $DATABASE_NAME_CIC_META
+#       DATABASE_ENGINE: $DATABASE_ENGINE
+#       DATABASE_DRIVER: $DATABASE_DRIVER
+#       DATABASE_SCHEMA_SQL_PATH: $DATABASE_SCHEMA_SQL_PATH_CIC_META
+#       SERVER_PORT: 80
+#       PGP_PASSPHRASE: $PGP_PASSPHRASE
+#       PGP_EXPORTS_DIR: $PGP_EXPORTS_DIR
+#       PGP_PRIVATEKEY_FILE: $PGP_PRIVATEKEY_FILE
+#     ports:
+#       - ${HTTP_PORT_CIC_META}:80
+#     depends_on:
+#       - postgres
+#     deploy:
+#       restart_policy:
+#         condition: on-failure
+#     volumes:
+#       - ${LOCAL_VOLUME_DIR:-/tmp/cic}/pgp:/tmp/cic/pgp
+#     command: "/root/start_server.sh -vv"

-  cic-ussd-server:
-    # image: grassrootseconomics:cic-ussd
-    build:
-      context: apps/
-      dockerfile: cic-ussd/docker/Dockerfile
-    environment:
-      DATABASE_USER: grassroots
-      DATABASE_HOST: postgres
-      DATABASE_PORT: 5432
-      DATABASE_PASSWORD: tralala
-      DATABASE_NAME: cic_ussd
-      DATABASE_ENGINE: postgresql
-      DATABASE_DRIVER: psycopg2
-      SERVER_PORT: 8000
-    ports:
-      - ${HTTP_PORT_CIC_USSD:-63315}:8000
-    depends_on:
-      - postgres
-      - redis
-    deploy:
-      restart_policy:
-        condition: on-failure
-    command: "/root/start_uwsgi.sh"
-
-  cic-ussd-tasker:
-    # image: grassrootseconomics:cic-ussd
-    build:
-      context: apps
-      dockerfile: cic-ussd/docker/Dockerfile
-    environment:
-      DATABASE_USER: grassroots
-      DATABASE_HOST: postgres
-      DATABASE_PORT: 5432
-      DATABASE_PASSWORD: tralala
-      DATABASE_NAME: cic_ussd
-      DATABASE_ENGINE: postgresql
-      DATABASE_DRIVER: psycopg2
-      CELERY_BROKER_URL: ${CELERY_BROKER_URL:-redis://redis}
-      CELERY_RESULT_URL: ${CELERY_BROKER_URL:-redis://redis}
-    depends_on:
-      - postgres
-      - redis
-    deploy:
-      restart_policy:
-        condition: on-failure
-    command: "/root/start_tasker.sh -q cic-ussd"
+#  cic-ussd-server:
+#    # image: grassrootseconomics:cic-ussd
+#    build:
+#      context: apps/
+#      dockerfile: cic-ussd/docker/Dockerfile
+#    environment:
+#      DATABASE_USER: grassroots
+#      DATABASE_HOST: postgres
+#      DATABASE_PORT: 5432
+#      DATABASE_PASSWORD: tralala
+#      DATABASE_NAME: cic_ussd
+#      DATABASE_ENGINE: postgresql
+#      DATABASE_DRIVER: psycopg2
+#      SERVER_PORT: 80
+#    ports:
+#      - 80:8082
+#    depends_on:
+#      - postgres
+#      - redis
+#    deploy:
+#      restart_policy:
+#        condition: on-failure
+#    command: "/root/start_uwsgi.sh"
+#
+#  cic-ussd-tasker:
+#    # image: grassrootseconomics:cic-ussd
+#    build:
+#      context: apps
+#      dockerfile: cic-ussd/docker/Dockerfile
+#    environment:
+#      DATABASE_USER: grassroots
+#      DATABASE_HOST: postgres
+#      DATABASE_PORT: 5432
+#      DATABASE_PASSWORD: tralala
+#      DATABASE_NAME: cic_ussd
+#      DATABASE_ENGINE: postgresql
+#      DATABASE_DRIVER: psycopg2
+#      CELERY_BROKER_URL: ${CELERY_BROKER_URL:-redis://redis}
+#      CELERY_RESULT_URL: ${CELERY_BROKER_URL:-redis://redis}
+#    depends_on:
+#      - postgres
+#      - redis
+#    deploy:
+#      restart_policy:
+#        condition: on-failure
+#    command: "/root/start_tasker.sh -q cic-ussd"
--- a/scripts/initdb/create_db.sql
+++ b/scripts/initdb/create_db.sql
				`@@ -1 +0,0 @@`
				{"id":"03512a62-5334-20cc-4e44-71156f33cff6","version":3,"crypto":{"cipher":"aes-128-ctr","cipherparams":{"iv":"dc388338c4d4e3203604aeb3d1c6bbfa"},"ciphertext":"8a945775b87089ce94537e011799f3abc1577c5dd1f3fbaebe1cd96dfdfc8b5a","kdf":"pbkdf2","kdfparams":{"c":10240,"dklen":32,"prf":"hmac-sha256","salt":"e8585836540caca01282381f5c1fe128e53b15b40f9d152fbc5a4f82a7967398"},"mac":"a7c7815e84a632ecf6d8f18c981bea73d50cd2e2a855a3e90477fc84ed14f906"},"address":"4f2a5902158c3969b245247f4154971d393301f2","name":"","meta":"{}"}