Struct WalHeader 

pub struct WalHeader {
    pub magic: [u8; 8],
    pub kernel_semver: (u16, u16, u16),
    pub postcard_version: u32,
    pub blake3_version: u32,
    pub domain_separation_context: Vec<u8>,
    pub world_id: [u8; 32],
    pub abi_version: (u16, u16),
    pub manifest_digest: [u8; 32],
    pub type_registry_pins: Vec<TypeRegistryPin>,
    pub verifying_key: Option<[u8; 32]>,
    pub verifying_key_pqc: Option<Vec<u8>>,
}

WAL header — pinned at construction, frozen for the lifetime of the WAL. Replay against an incompatible header is a structural error (A14).

Fields

magic: [u8; 8]

Magic bytes for format identification.

kernel_semver: (u16, u16, u16)

Kernel semver (major, minor, patch).

postcard_version: u32

Postcard major version pinned at write time.

blake3_version: u32

BLAKE3 major version pinned at write time.

domain_separation_context: Vec<u8>

Raw bytes of WalHeader::DOMAIN_CTX. Stored as Vec<u8> because serde’s stock array deserializer caps at 32 bytes; this slot is used only as build-time constant pinning (the chain key is derived from DOMAIN_CTX directly via build_chain_key).

world_id: [u8; 32]

World identifier — fed into blake3::derive_key along with DOMAIN_CTX to produce this WAL’s chain key.

abi_version: (u16, u16)

ABI semver (major, minor).

manifest_digest: [u8; 32]

BLAKE3 hash of the ModuleManifest that was active at write time.

type_registry_pins: Vec<TypeRegistryPin>

Reserved slot for snapshot-integrated TypeCode pinning. Empty (snapshot-integrated TypeCode pinning is deferred).

verifying_key: Option<[u8; 32]>

Ed25519 verifying-key bytes when the WAL was constructed with a signing class. None means Tier 1 (chain-only). Pinning the public key in the header makes verification self-contained.

verifying_key_pqc: Option<Vec<u8>>

PQC verifying-key bytes when the WAL was constructed with a Hybrid signing class (envelope slot for ML-DSA 65 or other PQC algorithms). None for non-Hybrid configurations. Stored as Vec<u8> because PQC public keys exceed the serde 32-byte fixed-array limit (ML-DSA 65 verifying key = 1952 bytes).

Implementations

impl WalHeader

pub const MAGIC: [u8; 8]

Magic bytes used at the head of the encoded WAL.

pub const CURRENT_KERNEL_SEMVER: (u16, u16, u16)

Kernel semver pinned by WalWriter::new.

pub const ABI_VERSION: (u16, u16)

ABI semver pinned by WalWriter::new.

pub const POSTCARD_MAJOR: u32 = 1

Postcard major version pinned by WalWriter::new.

pub const BLAKE3_MAJOR: u32 = 1

BLAKE3 major version pinned by WalWriter::new.

pub const DOMAIN_CTX: &'static [u8] = b"arkhe-kernel v0.13 WAL chain domain separation context"

Domain-separation byte string fed into blake3::derive_key to produce the WAL chain key. “v0.13” inside this literal is the public release version anchor — pre-public single fix per user directive 2026-05-03, no further version bumps. Any change invalidates every WAL chain ever produced (Layer A item 1 byte-identity invariant — A1/A14).

Trait Implementations

impl Clone for WalHeader

fn clone(&self) -> WalHeader

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for WalHeader

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<'de> Deserialize<'de> for WalHeader

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl PartialEq for WalHeader

fn eq(&self, other: &WalHeader) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Serialize for WalHeader

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.

impl Eq for WalHeader

impl StructuralPartialEq for WalHeader