Quick start
Quidnug ships a single static Go binary. No database to install, no orchestrator to provision. You will need Go 1.23+ on your machine (or Docker).
Prerequisites
Section titled “Prerequisites”- Go 1.23+ (preferred), or Docker 20+.
curl(any recent version) for API calls.- ~250 MB free disk for source + binary + local state.
git clone https://github.com/bhmortim/quidnug.gitcd quidnugmake build./bin/quidnug &# Listening on :8080Or with Docker:
make docker-buildmake docker-runHealth check
Section titled “Health check”curl http://localhost:8080/api/health# {"success":true,"data":{"status":"ok",...}}Your first interaction
Section titled “Your first interaction”curl -X POST http://localhost:8080/api/identities \ -H 'Content-Type: application/json' \ -d '{"quidId":"alice","name":"Alice","creator":"alice","updateNonce":1}'
curl -X POST http://localhost:8080/api/trust \ -H 'Content-Type: application/json' \ -d '{"truster":"alice","trustee":"bob","trustLevel":0.9, "domain":"contractors.home","nonce":1}'
curl "http://localhost:8080/api/trust/alice/bob?domain=contractors.home"That’s a full identity → trust edge → trust query round trip.
What to do next
Section titled “What to do next”- Read the first five API calls for the complete identity + trust + event + rotation loop.
- Pick a client SDK in your language and install it, signing is byte-identical across every binding.
- Read the integration guide for deployment patterns (single node, three-node consortium, TLS termination, inter-node HMAC auth).
- If you’re considering Quidnug for a specific domain, read the matching use case, each one is a self-contained design plan with an architecture, concrete code, and threat model.
Common pitfalls
Section titled “Common pitfalls”- Signature rejected? See FAQ → “Signature doesn’t verify”. Almost always a canonical-bytes mismatch.
NONCE_REPLAY? Nonces are per-signer monotonic; see QDP-0001.- Node won’t start? Check
PORTconflicts; default is 8080. See configuration for the env var reference.