atproto_attestation/lib.rs
1//! AT Protocol record attestation utilities based on the CID-first specification.
2//!
3//! This crate implements helpers for creating inline and remote attestations
4//! and verifying signatures against DID verification methods. It follows the
5//! requirements documented in `bluesky-attestation-tee/documentation/spec/attestation.md`.
6//!
7//! ## Inline Attestations
8//!
9//! Use `create_inline_attestation` to create a signed record with an embedded signature:
10//!
11//! ```no_run
12//! use atproto_attestation::{create_inline_attestation, AnyInput};
13//! use atproto_identity::key::{generate_key, KeyType};
14//! use serde_json::json;
15//!
16//! # fn main() -> Result<(), Box<dyn std::error::Error>> {
17//! let key = generate_key(KeyType::P256Private)?;
18//! let record = json!({"$type": "app.example.post", "text": "Hello!"});
19//! let metadata = json!({"$type": "com.example.sig", "key": "did:key:..."});
20//!
21//! let signed = create_inline_attestation(
22//! AnyInput::Serialize(record),
23//! AnyInput::Serialize(metadata),
24//! "did:plc:repository",
25//! &key
26//! )?;
27//! # Ok(())
28//! # }
29//! ```
30//!
31//! ## Remote Attestations
32//!
33//! Use `create_remote_attestation` to generate both the proof record and the
34//! attested record with strongRef in a single call.
35
36#![forbid(unsafe_code)]
37#![warn(missing_docs)]
38
39// Public modules
40pub mod cid;
41pub mod errors;
42pub mod input;
43
44// Internal modules
45mod attestation;
46mod signature;
47mod utils;
48mod verification;
49
50// Re-export error type
51pub use errors::AttestationError;
52
53// Re-export CID generation functions
54pub use cid::create_dagbor_cid;
55
56// Re-export signature normalization
57pub use signature::normalize_signature;
58
59// Re-export attestation functions
60pub use attestation::{
61 append_inline_attestation, append_remote_attestation, create_inline_attestation,
62 create_remote_attestation, create_signature,
63};
64
65// Re-export input types
66pub use input::{AnyInput, AnyInputError};
67
68// Re-export verification functions
69pub use verification::verify_record;
70
71/// Resolver trait for retrieving remote attestation records by AT URI.
72///
73/// This trait is re-exported from atproto_client for convenience.
74pub use atproto_client::record_resolver::RecordResolver;