Module code 

Code authentication manager (RFC-013).

CodeAuth composes the primitives from code, hashing, rng, store, audit, and clock into the safe redemption flow described in RFC-013 §10.3:

1. rate-limit check;
2. input normalization + validation;
3. code lookup (find_redeemable);
4. atomic claim (claim_code);
5. host callback (creates / resolves subject);
6. audit event;
7. return RedeemSuccess.

Steps 1–3 can fail without consuming the code. Only step 4 is irreversible. Session issuance requires the RedeemSuccess proof, which is only constructible when the claim returns Won.

Structs

CodeAuth

Manages one-time code issuance, validation, and redemption (RFC-013 §3).