Expand description
SP-capability-v2 UCAN-lite implementation.
UCAN-lite is a profile of UCAN v1.0 narrowed for ATD’s use case:
- JWT compact form on the wire (not DAG-CBOR / CIDv1).
alg = "EdDSA",typ = "ucan/1.0+jwt",ucv = "1.0".did:keyissuer / audience only (nodid:web, nodid:plc).- Capabilities tunneled as
cmd = "atd-cap",args.caps: Vec<String>,args.with: Vec<{patient: String}>(or other binding kinds reserved).
Phasing (per docs/archive/superpowers/plans/2026-05-11-sp-capability-v2.md):
- Phase B.1 (
parse): structural decoder; no signature, no chain walk. - Phase B.2 (
verify, not yet landed): chain attenuation, signature verification (Ed25519), audience pinning, depth limit, revocation consultation. Lands in a follow-up commit on the same SP.
Spec: docs/archive/superpowers/specs/2026-05-11-sp-capability-v2-design.md §4.1–§4.7
Re-exports§
pub use error::UcanParseError;pub use error::UcanVerifyError;pub use error::wire_code;pub use parse::parse_jwt;pub use revocation::InMemoryUcanRevocationStore;pub use revocation::UcanRevocationStore;pub use types::UcanCapability;pub use types::UcanHeader;pub use types::UcanPayload;pub use verify::VerifyConfig;pub use verify::compute_cid;pub use verify::verify_jwt;pub use verify::verify_tokens;
Modules§
- error
- UCAN-lite parse / verify errors.
- parse
- SP-capability-v2 Phase B.1 — JWT compact-form structural decoder.
- revocation
- SP-capability-v2 revocation-store trait + reference impl.
- types
- UCAN-lite payload types.
- verify
- SP-capability-v2 Phase B.2 — UCAN-lite signature + chain verifier.