FAQ

Does the marketplace ever see my validator's identity key?

No. The plaintext key only exists inside the Nitro Enclave's memory. The marketplace API only issues short-lived ES256 JWTs that authorise individual signing requests. It has no access to the key itself.

Can the TEE sign anything other than QUIC CertificateVerify?

No. The enclave rejects any byte sequence that doesn't match Firedancer's fd_keyguard_payload_matches_tls_cv matcher. A signed JWT is at most a licence to complete one TLS handshake. It cannot be turned into a vote or a transaction signature.

What happens if my KMS key is deleted or rotated?

The enclave-wrapped ciphertext becomes undecryptable, which means the TEE cannot boot. Listings are taken offline automatically by the probe. Re-provision by running validator-cli rotate-identity once the new KMS key is in place. See the key rotation runbook.

What happens to a lease that never activated?

A lease left in pending_payment past its window simply expires and frees the slot. There is nothing to refund: payment is one atomic transaction the trader signs, so an unpaid booking never moved any funds, and the transaction-request endpoint refuses to build a transaction once the booking is dead. If a lease is in active but the validator is unavailable, file a support ticket. The marketplace will credit the prorated remainder from the platform SOL buffer.

Where do bug reports go?

A formal bug bounty programme launches with M11.3. Until then, email security@swqos.dev.

TODO: pending content

• Pricing tiers and discount mechanics.
• Geographic availability matrix.
• Validator scoring algorithm: full formula.