Skip to main content

Crate assay_registry

Crate assay_registry 

Source
Expand description

Pack registry client for remote pack distribution.

This crate implements the client side of SPEC-Pack-Registry-v1, providing:

  • HTTP client for registry API with token auth
  • Digest and signature verification
  • Local caching with integrity verification
  • Pack resolution (local → bundled → registry → BYOS)
  • Lockfile support for reproducible builds
  • OIDC token exchange for CI environments

§Quick Start

use assay_registry::{RegistryClient, RegistryConfig};

// Create client from environment
let client = RegistryClient::from_env()?;

// Fetch a pack
let result = client.fetch_pack("eu-ai-act-baseline", "1.2.0", None).await?;
if let Some(pack) = result {
    println!("Fetched pack with digest: {}", pack.computed_digest);
}

§Authentication

The client supports token-based authentication via:

  • ASSAY_REGISTRY_TOKEN environment variable
  • Explicit token in RegistryConfig
  • OIDC token exchange (with oidc feature)

§Configuration

Environment VariableDescription
ASSAY_REGISTRY_URLRegistry base URL (default: https://registry.getassay.dev/v1)
ASSAY_REGISTRY_TOKENAuthentication token
ASSAY_ALLOW_UNSIGNED_PACKSAllow unsigned packs (dev only)
ASSAY_REGISTRY_TIMEOUTRequest timeout in seconds (default: 30)
ASSAY_REGISTRY_MAX_RETRIESMax retries for transient failures (default: 3)

Re-exports§

pub use auth::TokenProvider;
pub use cache::CacheEntry;
pub use cache::CacheMeta;
pub use cache::PackCache;
pub use client::RegistryClient;
pub use error::RegistryError;
pub use error::RegistryResult;
pub use lockfile::generate_lockfile;
pub use lockfile::verify_lockfile;
pub use lockfile::LockMismatch;
pub use lockfile::LockSignature;
pub use lockfile::LockSource;
pub use lockfile::LockedPack;
pub use lockfile::Lockfile;
pub use lockfile::VerifyLockResult;
pub use lockfile::LOCKFILE_NAME;
pub use lockfile::LOCKFILE_VERSION;
pub use reference::PackRef;
pub use resolver::PackResolver;
pub use resolver::ResolveSource;
pub use resolver::ResolvedPack;
pub use resolver::ResolverConfig;
pub use trust::KeyMetadata;
pub use trust::TrustStore;
pub use types::DsseEnvelope;
pub use types::DsseSignature;
pub use types::FetchResult;
pub use types::KeysManifest;
pub use types::PackHeaders;
pub use types::PackMeta;
pub use types::RegistryConfig;
pub use types::TrustedKey;
pub use types::VersionInfo;
pub use types::VersionsResponse;
pub use verify::compute_digest;
pub use verify::verify_digest;
pub use verify::verify_pack;
pub use verify::VerifyOptions;
pub use verify::VerifyResult;
pub use canonicalize::compute_canonical_digest;
pub use canonicalize::compute_canonical_digest_result;
pub use canonicalize::parse_yaml_strict;
pub use canonicalize::to_canonical_jcs_bytes;
pub use canonicalize::CanonicalizeError;
pub use canonicalize::MAX_DEPTH;
pub use canonicalize::MAX_KEYS_PER_MAPPING;
pub use canonicalize::MAX_SAFE_INTEGER;
pub use canonicalize::MAX_STRING_LENGTH;
pub use canonicalize::MAX_TOTAL_SIZE;
pub use canonicalize::MIN_SAFE_INTEGER;

Modules§

auth
Token authentication for the registry.
cache
Local cache layer for packs.
canonicalize
YAML canonicalization for deterministic pack digests.
client
Registry client for fetching packs.
error
Error types for the registry client.
lockfile
Lockfile support for reproducible builds.
reference
Pack reference parsing.
resolver
Pack resolution.
trust
Key trust store for signature verification.
types
API response types for the registry protocol.
verify
Pack verification (digest and signature).

Constants§

REGISTRY_USER_AGENT
User-Agent string sent by the registry client. Single source for client and tests.