Skip to main content

Module wire

a1

Module wire 

Source
Available on crate feature wire only.
Expand description

Portable wire formats for cross-service authorization transport.

Enable with features = ["wire"].

§Why this module exists

In a microservice architecture the service that builds a delegation chain and the service that executes an action under it are separate processes. DyoloChain and AuthorizedAction cannot cross that boundary directly: DyoloChain contains deserialized ed25519-dalek values, and AuthorizedAction is deliberately non-serializable (the sealed _sealed field enforces that authorization stays in-process).

This module provides two cross-boundary types:

  • SignedChain — the full chain as a JSON/CBOR document. The authorizing service serializes it; the executing service deserializes it and calls DyoloChain::authorize again to re-verify.
  • VerifiedToken — a receipt authenticated with a shared HMAC key. The authorizing service verifies the chain and signs the receipt; the executing service checks the HMAC without re-running the chain. Suitable for high-throughput paths where re-verification is too slow.

§Quick start

use a1::wire::{SignedChain, VerifiedToken};

// ── Authorizing service ───────────────────────────────────────────────────
let signed = SignedChain::from_chain(&chain);
let chain_json = serde_json::to_string(&signed)?;

// Full re-verification on the executing service:
let chain = SignedChain::from_json(&chain_json)?.into_chain()?;
let action = chain.authorize(&agent_pk, &intent, &proof, &clock, &rev, &nonce)?;

// ── For trust-delegated execution (shared MAC key out-of-band) ────────────
let mac_key: [u8; 32] = /* from your secrets manager */;
let token = VerifiedToken::sign(&action.receipt, &mac_key);
let token_json = serde_json::to_string(&token)?;

// Executing service just validates the MAC:
let token: VerifiedToken = serde_json::from_str(&token_json)?;
let receipt = token.verify(&mac_key)?;
println!("Authorized depth={}", receipt.chain_depth);

Structs§

SignedChain
A portable, serializable representation of a DyoloChain.
VerifiedToken
A VerificationReceipt authenticated with a shared HMAC key.

Constants§

SIGNED_CHAIN_SCHEMA_V1schema
JSON Schema for SignedChain (v1).