Skip to main content

Module wire

aex_core

Module wire 

Source
Expand description

On-the-wire formats shared between SDKs and the control plane.

This module intentionally defines plain byte formats rather than JSON envelopes. Canonical byte sequences are the source of truth for what gets signed — any framing (JSON, protobuf, HTTP headers) is a transport concern and must not alter the signed bytes.

Constants§

MAX_CLOCK_SKEW_SECS
Maximum acceptable clock skew between client and server, in seconds. Messages older/newer than this are rejected to limit replay windows.
MAX_NONCE_LEN
Maximum nonce length (hex chars). Prevents pathological inputs.
MIN_NONCE_LEN
Minimum nonce length (hex chars). 32 chars = 128 bits of entropy.
PROTOCOL_VERSION
Current wire protocol version. Bumped only when the canonical byte sequence of any message format below changes. Old versions must continue to verify for audit replay.

Functions§

data_ticket_bytes
Canonical bytes signed by the control plane when issuing a data- plane ticket. A ticket is a short-lived capability that authorises the holder to fetch blob bytes from a data-plane server directly, without the control plane proxying the stream.
is_within_clock_skew
Check if issued_at is within the allowed skew relative to now. Overflow-safe: a malicious client sending i64::MIN or i64::MAX cannot panic the server (release-mode wraparound would previously silently accept those values; debug-mode would panic).
registration_challenge_bytes
Produce the canonical bytes that a client signs to prove possession of the private key matching public_key_hex when registering an agent.
rotate_key_challenge_bytes
Canonical bytes signed by an agent’s outgoing (current) key when requesting to rotate to a new public key. Part of the formal rotation protocol defined in ADR-0024.
transfer_intent_bytes
Canonical bytes signed by the sender when initiating a transfer.
transfer_receipt_bytes
Canonical bytes signed by the recipient when requesting the blob or acknowledging delivery. Binds the recipient’s identity to the specific transfer_id and a fresh nonce to prevent replay.