actr_pack/lib.rs
1//! actr-pack -- .actr package format
2//!
3//! Provides reading, writing, signing and verification of .actr ZIP STORE packages.
4//!
5//! ## Package structure
6//!
7//! ```text
8//! {mfr}-{name}-{version}-{target}.actr
9//! +-- manifest.toml # manifest (TOML, signed payload)
10//! +-- manifest.sig # Ed25519 signature (64 bytes raw)
11//! +-- manifest.lock.toml # dependency lock (optional)
12//! +-- bin/actor.wasm # binary (STORE mode, uncompressed)
13//! +-- proto/*.proto # exported proto files (optional)
14//! ```
15//!
16//! ## Signing chain
17//!
18//! ```text
19//! binary bytes -> SHA-256 -> manifest.toml[binary.hash]
20//! |
21//! manifest.toml bytes -> Ed25519 sign -> manifest.sig
22//! ```
23
24pub mod error;
25pub mod load;
26pub mod manifest;
27pub mod pack;
28pub mod verify;
29
30mod util;
31
32pub use error::PackError;
33pub use load::{
34 load_binary, read_glue_js, read_lock_file, read_manifest, read_manifest_raw, read_proto_files,
35 read_signature,
36};
37pub use manifest::{
38 BinaryEntry, BinaryKind, LockFileEntry, ManifestMetadata, PackageManifest, ProtoFileEntry,
39 ResourceEntry,
40};
41pub use pack::{PackOptions, pack};
42pub use verify::{VerifiedPackage, verify};
43
44/// Compute deterministic key_id from Ed25519 public key bytes.
45///
46/// Algorithm: `"mfr-" + hex(sha256(public_key_bytes))[..16]`
47///
48/// This MUST match the server-side implementation in `actrix-mfr::crypto::compute_key_id`.
49pub fn compute_key_id(public_key_bytes: &[u8]) -> String {
50 let hex_str = util::sha256_hex(public_key_bytes);
51 format!("mfr-{}", &hex_str[..16])
52}