pub struct LifecycleEvent {
pub event_id: String,
pub ctx_id: CtxId,
pub event_type: LifecycleEventType,
pub occurred_at: DateTime<Utc>,
pub actor: AgentDid,
pub reason: Option<String>,
pub signature: Option<Signature>,
}Expand description
A lifecycle event (RFC-ACDP-0013 §4) — one entry of
registry_state.lifecycle_events.
CLOSED schema (acdp-lifecycle-event.schema.json,
additionalProperties: false): exactly the seven specified members;
an unknown member changes the signed preimage and is rejected at
parse time. Lifecycle events are registry state, outside the
body: never an input to the producer’s content_hash
(RFC-ACDP-0001 §5.7) and never stored inside a body (§4.1).
Event ordering is array position in lifecycle_events (the
registry-accepted order); occurred_at never participates in the
retraction-state derivation (§4.1, §7.1).
Fields§
§event_id: StringUUID (RFC 9562 canonical lowercase form) minted by the actor.
MUST be unique within the context’s lifecycle_events array.
ctx_id: CtxIdThe affected context. MUST equal the ctx_id of the context
whose registry state carries the event — binding a signed event
to exactly one context so it cannot be replayed against another.
event_type: LifecycleEventTypeThe event kind (open vocabulary, §7.3).
occurred_at: DateTime<Utc>When the actor performed the action: canonical millisecond-precision RFC 3339 UTC (RFC-ACDP-0001 §5.3). The strict serde on this field rejects any non-canonical byte form (which the schema pattern forbids) so a parsed event always re-serializes byte-identically — a signed member must never be silently normalized.
actor: AgentDidThe DID of the party performing the action: body.agent_id for
producer-initiated events; the registry’s DID
(capabilities.registry_did) for registry-initiated events.
reason: Option<String>Optional human-readable explanation (≤ 1024 chars). Informational only; MUST NOT drive automated decisions (§4).
signature: Option<Signature>Signature over the event hash (RFC-ACDP-0013 §5). REQUIRED on producer-initiated events; SHOULD be present on registry-initiated events.
Implementations§
Source§impl LifecycleEvent
impl LifecycleEvent
Sourcepub fn new(
event_id: impl Into<String>,
ctx_id: CtxId,
event_type: LifecycleEventType,
occurred_at: DateTime<Utc>,
actor: AgentDid,
reason: Option<String>,
) -> Result<Self, AcdpError>
pub fn new( event_id: impl Into<String>, ctx_id: CtxId, event_type: LifecycleEventType, occurred_at: DateTime<Utc>, actor: AgentDid, reason: Option<String>, ) -> Result<Self, AcdpError>
Construct a validated, unsigned event (occurred_at is
millisecond-truncated per RFC-ACDP-0001 §5.3). Producer-initiated
events MUST subsequently be signed via Self::sign_with;
registry-initiated events SHOULD be.
Sourcepub fn sign_with(
self,
key: impl Into<AcdpSigningKey>,
key_id: impl Into<String>,
) -> Result<Self, AcdpError>
pub fn sign_with( self, key: impl Into<AcdpSigningKey>, key_id: impl Into<String>, ) -> Result<Self, AcdpError>
Sign this event per RFC-ACDP-0013 §5 (the RFC-ACDP-0010 §5
construction): JCS of the event minus signature, SHA-256, and
a signature over the ASCII bytes of the full "sha256:<hex>"
string. key_id’s DID portion MUST equal actor — the signing
key need not be the key that signed the original body (§5:
producers rotate keys), but it must belong to the actor’s DID.
Sourcepub fn from_value(value: &Value) -> Result<Self, AcdpError>
pub fn from_value(value: &Value) -> Result<Self, AcdpError>
Parse an event from raw wire JSON, enforcing the closed schema
plus the §4 semantic invariants (Self::validate). The
canonical occurred_at byte form is enforced by the field’s
strict serde. An event failing this parse is malformed registry
state — structurally non-conformant per §7.3.
Sourcepub fn validate(&self) -> Result<(), AcdpError>
pub fn validate(&self) -> Result<(), AcdpError>
The §4 semantic invariants not already enforced by serde:
canonical-UUID event_id, well-formed ctx_id and actor,
reason length.
Sourcepub fn preimage_hash_of_value(value: &Value) -> Result<ContentHash, AcdpError>
pub fn preimage_hash_of_value(value: &Value) -> Result<ContentHash, AcdpError>
Compute the event’s preimage hash from the RAW wire JSON (the
value minus signature, JCS-canonicalized as received).
Verifiers MUST hash the event exactly as received rather than
re-serializing a parsed struct — the same raw-JSON rule as
crate::receipt::RegistryReceipt::preimage_hash_of_value.
Sourcepub fn preimage_hash(&self) -> Result<ContentHash, AcdpError>
pub fn preimage_hash(&self) -> Result<ContentHash, AcdpError>
Compute the event’s preimage hash from the struct. Used at
signing time; verifiers should prefer
Self::preimage_hash_of_value over the raw wire JSON. (For
events parsed through this type’s strict serde the two agree —
every field round-trips byte-identically.)
Sourcepub fn actor_bound_signature(&self) -> Result<&Signature, AcdpError>
pub fn actor_bound_signature(&self) -> Result<&Signature, AcdpError>
RFC-ACDP-0013 §5 actor binding: the DID portion of
signature.key_id MUST equal actor. Returns the signature for
further verification; a missing signature is an error (call
sites that tolerate unsigned registry events check
Self::is_signed first).
Sourcepub fn verify_signature_with_key(
&self,
actor_pub_ed25519: Option<&[u8; 32]>,
actor_pub_p256_sec1: Option<&[u8]>,
) -> Result<(), AcdpError>
pub fn verify_signature_with_key( &self, actor_pub_ed25519: Option<&[u8; 32]>, actor_pub_p256_sec1: Option<&[u8]>, ) -> Result<(), AcdpError>
Verify the event signature against a known actor public key
(pure — no DID resolution). Checks the §5 actor binding, then
verifies over the ASCII bytes of the recomputed event hash.
Resolver-backed verification lives in
acdp_verify::verify_lifecycle_event.
Sourcepub fn verify_signature_against_hash(
&self,
hash: &ContentHash,
actor_pub_ed25519: Option<&[u8; 32]>,
actor_pub_p256_sec1: Option<&[u8]>,
) -> Result<(), AcdpError>
pub fn verify_signature_against_hash( &self, hash: &ContentHash, actor_pub_ed25519: Option<&[u8; 32]>, actor_pub_p256_sec1: Option<&[u8]>, ) -> Result<(), AcdpError>
Like Self::verify_signature_with_key but over an
already-computed preimage hash — pair with
Self::preimage_hash_of_value for raw-JSON verification.
Trait Implementations§
Source§impl Clone for LifecycleEvent
impl Clone for LifecycleEvent
Source§fn clone(&self) -> LifecycleEvent
fn clone(&self) -> LifecycleEvent
1.0.0 (const: unstable) · Source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source. Read moreSource§impl Debug for LifecycleEvent
impl Debug for LifecycleEvent
Source§impl<'de> Deserialize<'de> for LifecycleEvent
impl<'de> Deserialize<'de> for LifecycleEvent
Source§fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
Source§impl PartialEq for LifecycleEvent
impl PartialEq for LifecycleEvent
Source§fn eq(&self, other: &LifecycleEvent) -> bool
fn eq(&self, other: &LifecycleEvent) -> bool
self and other values to be equal, and is used by ==.