Expand description
AION v2: Versioned Truth Infrastructure for AI Systems
AION v2 provides cryptographically-signed, versioned business context that AI systems can consume and prove they used. This solves the AI compliance crisis by providing mathematical proof instead of expensive retraining.
§Features
- Local-first: Zero server dependency, works offline
- Cryptographically-signed: Ed25519 signatures for tamper-proof versioning
- Embedded audit trails: Complete history of all changes
- OS keyring integration: Secure key storage using platform keychains
- Zero panics: Tiger Style implementation with explicit error handling
§Architecture
- Core Types: Type-safe domain identifiers (
FileId,AuthorId,VersionNumber) - Cryptography: Ed25519, ChaCha20-Poly1305, Blake3, HKDF
- File Format: Binary format with zero-copy parsing
- Operations: init, commit, verify, show
- CLI: Command-line interface for all operations
§Example
// Future API example - not yet implemented
// let file_id = aion_context::init_file("policy.aion", &rules)?;
// let version = aion_context::commit_version("policy.aion", &updated_rules)?;
// let verification = aion_context::verify_file("policy.aion")?;§Safety and Security
This library follows NASA Power of 10 rules and Tiger Style:
- No
unwrap(),expect(), orpanic!()in production code - All errors explicit with context
- Constant-time cryptographic operations
- Zeroization of sensitive data
- Maximum function size: 60 lines
- Maximum cyclomatic complexity: 15
§Performance Targets
- File creation: <10ms for 1MB rules
- Version commit: <5ms for 1MB rules
- Signature verification: <1ms per version
- File parsing: <3ms for 100-version file
Re-exports§
Modules§
- aibom
- AI Bill of Materials (AIBOM) — RFC-0029.
- audit
- Audit trail structures for AION v2
- compliance
- Compliance Reporting Module
- conflict
- Conflict Resolution Module
- crypto
- Cryptographic primitives for AION v2
- dsse
- DSSE envelope support — RFC-0023.
- error
- Error types for AION v2
- export
- Export/Import Module
- hw_
attestation - Hardware attestation binding — RFC-0026.
- hybrid_
sig - Post-quantum hybrid signatures — RFC-0027.
- jcs
- RFC 8785 JSON Canonicalization Scheme — RFC-0031.
- key_
registry - Key rotation and revocation registry — RFC-0028.
- keystore
- Key management with OS keyring integration and file-based fallback
- manifest
- External artifact manifest — RFC-0022.
- multisig
- Multi-Signature Support Module
- oci
- OCI artifact packaging — RFC-0030.
- operations
- Core operations for AION v2 files
- parser
- Zero-copy parser for AION v2 file format
- release
- Release orchestration — RFC-0032.
- serializer
- Deterministic serializer for AION v2 file format
- signature_
chain - Signature chain protocol for AION v2
- slsa
- SLSA v1.1 provenance emitter — RFC-0024.
- string_
table - String table for AION v2 file format
- transparency_
log - Aion-native transparency log — RFC-0025.
- types
- Type-safe domain identifiers for AION v2