Expand description
no_std-first causal exchange primitives for Rust.
Signed causal meaning, proof composition, native bindings, checkpoints, and bounded explanations.
§bcx
bcx is the Rust crate for Bifröst Causal Exchange.
BCX is a no_std-first protocol foundation for signed causal meaning, proof
composition, native bindings, checkpoints, and bounded explanations across
multiple underlying systems.
BCX is not an HTTP replacement, an Ethereum protocol, or a Cardano protocol. It is a semantic overlay layer. BCX defines what an operation means, why it was authorized, what it caused, who attested to it, what evidence exists, and what remains unknown. HTTP, QUIC, Ethereum, Cardano, Fluxheim, Skrifheim, offline bundles, and future systems can carry, observe, store, or settle BCX objects through explicit profiles and integrations.
§Current Status
bcx is at foundation stage. The crate is not production-ready.
Implemented now:
no_stddefault build.- root publishable crate named
bcx. - focused
no_stdsubcrates for core IDs, model types, crypto envelope metadata, policy profiles, and wire limits. - constant-shape digest, nonce, and variable-length identifier comparison where the current primitives need it.
- redacted
Debugfor nonce, digest, signature, and identifier surfaces that should not dump raw bytes casually. - bounded wire limits before expensive parsing or verification.
- crypto-agile signature envelope metadata and verifier traits.
- hybrid Ed25519 plus ML-DSA-65 metadata with both-component verification requirements at the BCX trait boundary.
- first statement body vocabulary: intent, admission, effect, delegation, revocation, checkpoint, and contradiction.
- crate version matrix for independent subcrate publication.
- local check script, modularity guard, release metadata guard, and GitHub CI.
- implementation, version, protocol-family, threat-model, toolchain, modularity, unsafe-policy, supply-chain, and security-control docs.
- repository families for future profiles, integrations, proofs, domain profiles, and services.
Not implemented yet:
- canonical encoding.
- statement envelopes and canonical statement encoding.
- real cryptographic providers.
- capability verification.
- receipts or WHY bundles.
- transport, blockchain, storage, or service integrations.
§Trust Dashboard
| Area | Status |
|---|---|
| License | EUPL-1.2 |
| MSRV | Rust 1.90.0 |
| Preferred toolchain | Rust 1.96.0 |
| Default target | no_std |
| Runtime dependencies | small, explicit, and audited |
| Unsafe policy | unsafe_code = "forbid" |
| Main crate | bcx |
| Foundation subcrates | published only for bcx, not standalone protocol products |
| First serious target | 1.0.0 production-ready protocol crate |
| High-security position | trust canonical signed BCX objects, not one carrier or chain |
Read Threat Model, Security Controls, and Unsafe Policy before using BCX in any security-sensitive system.
§Rust Version Support
The minimum supported Rust version is Rust 1.90.0. New deployments should
prefer the latest stable Rust validated by the project.
Compatibility evidence:
| Rust | Local Evidence |
|---|---|
1.90.0 | full release gate compatibility check |
1.91.0 | cargo check --workspace --all-features |
1.92.0 | cargo check --workspace --all-features |
1.93.0 | cargo check --workspace --all-features |
1.94.0 | cargo check --workspace --all-features |
1.95.0 | cargo check --workspace --all-features |
1.96.0 | current pinned toolchain |
§Install
[dependencies]
bcx = "0.4.0"Default builds are no_std.
For heap-enabled future APIs and dependent crate alloc surfaces:
[dependencies]
bcx = { version = "0.4.0", features = ["alloc"] }For std applications:
[dependencies]
bcx = { version = "0.4.0", features = ["std"] }§Features
| Feature | Default | Purpose |
|---|---|---|
alloc | no | Enables alloc surfaces across the facade and foundation crates when those APIs exist. |
std | no | Enables alloc and reserves the feature line for future standard-library integrations. |
Default builds remain no_std.
§Workspace Shape
The root bcx crate is the stable user entry point. Foundation subcrates exist
to keep files small, boundaries reviewable, and future optional integrations
outside the core dependency set.
| Crate | Purpose |
|---|---|
bcx | Published facade crate and stable user entry point. |
bcx-core | Identifiers, nonces, replay sequence primitives, validation errors. |
bcx-model | Causal edges, admissions, effects, truth, and assurance model types. |
bcx-crypto | Crypto-agile signature envelope metadata and verifier traits. |
bcx-policy | Protocol profiles, proof levels, and disclosure levels. |
bcx-wire | Wire version and bounded-message limit primitives. |
Subcrates are documented so crate pages are readable, but they belong to the
main bcx crate family and are not intended as independent protocol products.
Future crates are organized by family:
| Family | Purpose |
|---|---|
profiles/ | Normative mappings such as HTTP, QUIC, Ethereum, Cardano, offline, SCITT, or future Bitcoin/XRP profiles. |
integrations/ | Concrete adapters such as Hyper, Axum, Alloy, Pallas, Fluxheim, or Skrifheim. |
proofs/ | Concrete proof suites such as COSE, threshold proofs, or ZK proof integrations. |
domains/ | Business and operational semantics such as banking or AI-agent profiles. |
services/ | Optional applications such as CLI, witness, prover, query, or node services. |
Package versions are tracked in Crate Version Matrix so future releases can publish only the crates that changed instead of republishing the whole ecosystem.
§Core Identifier Example
use bcx::prelude::{Digest, StatementId, SubjectId};
let statement = StatementId::new(&[7; Digest::LEN]).unwrap();
let subject = SubjectId::new(b"subject:invoice:123").unwrap();
assert_eq!(statement.len(), Digest::LEN);
assert_eq!(subject.as_bytes(), b"subject:invoice:123");§Wire Limit Example
use bcx::prelude::{ProtocolVersion, WireHeader, WireLimits};
let limits = WireLimits::new(64 * 1024, 16, 5, 100).unwrap();
let header = WireHeader::new(ProtocolVersion::CURRENT, 4096, limits).unwrap();
assert_eq!(header.version(), ProtocolVersion::CURRENT);
assert_eq!(header.payload_len(), 4096);§Verification
Run the local gate:
scripts/checks.shThe gate checks formatting, tests, no-default-feature builds, all-feature builds, clippy, docs, package metadata, file-size policy, release metadata, dependency policy, RustSec advisories, and installed target triples.
§Security Position
BCX must distinguish:
- what was observed,
- what was declared,
- what was cryptographically verified,
- what policy enforced,
- what another participant acknowledged,
- what remains unknown.
The protocol must not claim to prove a participant’s internal motive. A signed purpose is an attributable declaration, not proof that the declared purpose was truthful.
Read Security Policy, Threat Model, and Implementation Plan before using BCX in any security-sensitive system. The broader architecture is documented in BCX Protocol Family, and the preserved idea draft is kept as Original Idea. Public facade for the BCX protocol crates.
Re-exports§
pub use bcx_core as core;pub use bcx_crypto as crypto;pub use bcx_model as model;pub use bcx_policy as policy;pub use bcx_wire as wire;
Modules§
- prelude
- Items commonly needed by BCX integrators.
Structs§
- Protocol
Version - BCX protocol version negotiated by a transport binding.
Functions§
- protocol_
version - Returns the current BCX wire version implemented by this crate.