Skip to main content

assay_registry/
lib.rs

1//! Pack registry client for remote pack distribution.
2//!
3//! This crate implements the client side of SPEC-Pack-Registry-v1, providing:
4//!
5//! - HTTP client for registry API with token auth
6//! - Digest and signature verification
7//! - Local caching with integrity verification
8//! - Pack resolution (local โ†’ bundled โ†’ registry โ†’ BYOS)
9//! - Lockfile support for reproducible builds
10//! - OIDC token exchange for CI environments
11//!
12//! # Quick Start
13//!
14//! ```no_run
15//! use assay_registry::{RegistryClient, RegistryConfig};
16//!
17//! # async fn example() -> anyhow::Result<()> {
18//! // Create client from environment
19//! let client = RegistryClient::from_env()?;
20//!
21//! // Fetch a pack
22//! let result = client.fetch_pack("eu-ai-act-baseline", "1.2.0", None).await?;
23//! if let Some(pack) = result {
24//!     println!("Fetched pack with digest: {}", pack.computed_digest);
25//! }
26//! # Ok(())
27//! # }
28//! ```
29//!
30//! # Authentication
31//!
32//! The client supports token-based authentication via:
33//!
34//! - `ASSAY_REGISTRY_TOKEN` environment variable
35//! - Explicit token in `RegistryConfig`
36//! - OIDC token exchange (with `oidc` feature)
37//!
38//! # Configuration
39//!
40//! | Environment Variable | Description |
41//! |---------------------|-------------|
42//! | `ASSAY_REGISTRY_URL` | Registry base URL (default: `https://registry.getassay.dev/v1`) |
43//! | `ASSAY_REGISTRY_TOKEN` | Authentication token |
44//! | `ASSAY_ALLOW_UNSIGNED_PACKS` | Allow unsigned packs (dev only) |
45//! | `ASSAY_REGISTRY_TIMEOUT` | Request timeout in seconds (default: 30) |
46//! | `ASSAY_REGISTRY_MAX_RETRIES` | Max retries for transient failures (default: 3) |
47
48pub mod auth;
49pub mod cache;
50pub mod canonicalize;
51pub mod client;
52mod digest;
53pub mod error;
54pub mod lockfile;
55pub mod reference;
56pub mod resolver;
57pub mod trust;
58pub mod types;
59pub mod verify;
60
61/// User-Agent string sent by the registry client. Single source for client and tests.
62pub const REGISTRY_USER_AGENT: &str = concat!("assay-registry/", env!("CARGO_PKG_VERSION"));
63
64// Re-export main types
65pub use auth::TokenProvider;
66pub use cache::{CacheEntry, CacheMeta, PackCache};
67pub use client::RegistryClient;
68pub use error::{RegistryError, RegistryResult};
69pub use lockfile::{
70    generate_lockfile, verify_lockfile, LockMismatch, LockSignature, LockSource, LockedPack,
71    Lockfile, VerifyLockResult, LOCKFILE_NAME, LOCKFILE_VERSION,
72};
73pub use reference::PackRef;
74pub use resolver::{PackResolver, ResolveSource, ResolvedPack, ResolverConfig};
75pub use trust::{KeyMetadata, TrustStore};
76pub use types::{
77    DsseEnvelope, DsseSignature, FetchResult, KeysManifest, PackHeaders, PackMeta, RegistryConfig,
78    TrustedKey, VersionInfo, VersionsResponse,
79};
80pub use verify::{compute_digest, verify_digest, verify_pack, VerifyOptions, VerifyResult};
81
82// Canonical digest (SPEC ยง6.2)
83pub use canonicalize::{
84    compute_canonical_digest, compute_canonical_digest_result, parse_yaml_strict,
85    to_canonical_jcs_bytes, CanonicalizeError, MAX_DEPTH, MAX_KEYS_PER_MAPPING, MAX_SAFE_INTEGER,
86    MAX_STRING_LENGTH, MAX_TOTAL_SIZE, MIN_SAFE_INTEGER,
87};