Skip to main content

Module wire_v2

aex_core

Module wire_v2 

Source
Expand description

Wire format v2 — namespace-agnostic, AEX-branded prefix.

This module is the v2 counterpart of crate::wire. The only semantic changes versus v1 are:

  1. Prefix is brand-neutral: every canonical message starts with aex-<msg>:v2 instead of spize-<msg>:v1. The wire format no longer embeds a vendor name in cryptographically signed bytes.
  2. Tighter clock skew window: 60 seconds (down from 300s in v1). Aligns with JWT/OAuth2 RFC 7519 §4.1.4 norms — see ADR-0044. AgentId values inside the payload are expected to be W3C DID URIs (did:method:specific-id[#fragment]), but legacy spize: strings are still accepted at parse-time for the v1→v2 grace window.

The byte-level shape (line-based, LF terminator, no trailing LF, ASCII-only fields) is identical to v1. Existing signers/verifiers that operate on raw bytes need only swap the bytes-producing function.

See crate::wire for the v1 canonical formats kept stable for the 30-day sunset grace defined in ADR-0036.

Constants§

MAX_CLOCK_SKEW_SECS_V2
Maximum acceptable clock skew between client and server for v2 messages, in seconds. Tighter than v1’s 300s; see ADR-0044.
MAX_NONCE_LEN
Maximum nonce length (hex chars). Prevents pathological inputs.
MIN_NONCE_LEN
Minimum nonce length (hex chars). 32 chars = 128 bits of entropy. Unchanged from v1 — entropy budget is the same regardless of prefix.
PROTOCOL_VERSION_V2
Wire protocol version produced by this module.

Functions§

data_ticket_bytes_v2
Canonical bytes signed by the control plane when issuing a data-plane ticket (v2). Semantically identical to v1; only the prefix changes.
decision_request_bytes_v2
Canonical bytes for an aex-decision-request:v2 message.
decision_response_bytes_v2
Canonical bytes for an aex-decision-response:v2 message.
is_within_clock_skew_v2
Check if issued_at is within the v2 allowed skew relative to now. Overflow-safe under all i64 inputs.
registration_challenge_bytes_v2
Produce the canonical bytes a client signs to register an agent (v2).
rotate_key_challenge_bytes_v2
Canonical bytes signed by an agent’s current key when requesting a key rotation (v2). Mirrors the v1 protocol defined in ADR-0024.
transfer_intent_bytes_v2
Canonical bytes signed by the sender when initiating a transfer (v2).
transfer_receipt_bytes_v2
Canonical bytes signed by the recipient when requesting a blob or acknowledging delivery (v2).