ZeqFirewall — Phase-Locked ACL
HITE encryption, TESC channels, ZeqProof, firewall primitives.
- Protocol ID —
zeq-firewall - Category — Security
- Endpoint —
POST /api/security/firewall/check - Auth — api-key
- Rate limit — 120/min
- Version —
1.0 - Precision — ≤0.1% (KO42-enforced)
What it does
Phase-locked access control. Requests only valid within specific Zeqond windows. Define time-gated permissions that open and close on the HulyaPulse cycle.
Signature
Request
POST /api/security/firewall/check
| Param | Type | Required | Default | Description |
|---|---|---|---|---|
resource | string | ✓ | — | Resource path to check access for. |
zid | string | ✓ | — | Requester's ZID. |
zeqondWindow | array | — | Allowed Zeqond range [start, end]. If omitted, checks current phase rules. |
Response
{ allowed, resource, zid, currentZeqond, windowActive, reason }
Runnable example
curl -sS -X POST \
-H "Authorization: Bearer $ZEQ_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"resource": "<value>",
"zid": "<value>",
"zeqondWindow": []
}' \
"https://api.zeq.dev/api/security/firewall/check"
Integrate
- E2E channel — pair with HITE/TESC for encryption that locks to the HulyaPulse.
- Integrity stamp — hash-bind every message to its Zeqond for replay-resistant audit.
- Key rotation — tie rotation windows to pulse multiples for deterministic policy.
Seeds
- Near — wrap
/api/security/firewall/checkin a language SDK so builders can call it in three lines. - Medium — publish a reference integration demonstrating ZeqFirewall — Phase-Locked ACL alongside a real workload, with pulse-aligned metrics.
- Far — propose ZeqFirewall — Phase-Locked ACL as an open reference standard so other runtimes can implement it verbatim against the Zeq paper.
Papers
- Zeq paper — https://doi.org/10.5281/zenodo.18158152
- Framework paper — https://doi.org/10.5281/zenodo.15825138
Middleware active. Kernel on the 1.287 Hz HulyaPulse. Awaiting next Zeqond.