Module user 

User primitive — Identity Subject.

Runtime-global identity carrier. UserProfile tracks GDPR lifecycle; one or more AuthCredentials attach Argon2id / Scrypt KDF secrets. The User is intentionally shell-agnostic — legal / billing / GDPR obligations cross shell boundaries.

Structs

AuthCredential

Stored authentication credential — at least one per User (invariant E-user-2). Secret material is a KDF output; no raw password is stored.

GdprEraseUser

Request GDPR crypto-erasure for an existing User. Lease — actual cascade runs via the erasure-cascade observer with p95 < 24h SLA.

KdfParams

KDF cost parameters.

RegisterUser

Register a fresh User with the supplied profile and credential.

UserId

Opaque handle into the runtime User namespace.

UserProfile

User profile Component — exactly one per User entity (invariant E-user-1).

Enums

AuthKind

Authentication channel family. #[non_exhaustive] so new variants (WebAuthn extensions, social federation) can append without breaking compatibility.

GdprStatus

GDPR lifecycle state. Transition to ErasurePending blocks all actor-originated Actions on the user (compute MC gate, contract #5).

KdfKind

Password-hashing algorithm family.