affidavit 26.6.22

Provenance Layer — receipt assembly and certification (verify a witness against a format standard; never decide honesty).
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156

//! # affidavit — The Provenance Layer
//!
//! `affidavit` is a high-assurance provenance engine that assembles and certifies
//! **provenance receipts**: append-only, content-addressed chains of operation-events.
//!
//! ## Philosophy: Certify, Don't Decide
//!
//! The core doctrine of `affidavit` is that the verifier never decides whether
//! a process is "honest" or "correct" — those questions are often undecidable.
//! Instead, it **checks a witness** (the receipt) against a fixed format standard.
//! Every check in the pipeline is decidable, providing a mathematical guarantee
//! of structural and cryptographic integrity.
//!
//! ## Key Concepts
//!
//! *   **Receipt:** An immutable, append-only BLAKE3 chain of operation-events.
//! *   **Operation-Event:** A discrete record of a process action, including
//!     logical sequence numbers and commitments to payloads.
//! *   **Certify Pipeline:** A 7-stage decidable process that validates receipts
//!     from raw bytes to a final verdict.
//! *   **Unconstructable Bypass:** The library uses the "Seal" pattern to ensure
//!     that valid receipts can only be constructed through canonical, auditable seams.
//!
//! ## Quick Start
//!
//! ```no_run
//! use affidavit::chain::ChainAssembler;
//! use affidavit::types::Event;
//!
//! // Build a receipt by appending events
//! let mut assembler = ChainAssembler::new();
//! let event = Event::new("build", vec!["repo:main"], b"payload data");
//! assembler.append(event)?;
//!
//! // Finalize the receipt (produces an immutable, sealed chain)
//! let receipt = assembler.finalize()?;
//!
//! // Verify the receipt against the core standard
//! let verdict = affidavit::verifier::verify(&receipt)?;
//! assert!(verdict.accepted);
//! # Ok::<(), Box<dyn std::error::Error>>(())
//! ```
//!
//! ## Integrated Verticals
//!
//! **Quality & Monitoring:** Real-time statistical process control (Western Electric rules) via [`quality`].
//!
//! **SBOM & Supply Chain:** Software Bill of Materials generation, compliance checking (NTIA), and
//! vulnerability aggregation via [`sbom`], [`sbom_compliance`], [`sbom_vulnerability`].
//!
//! **Object-Centric Event Logs:** OCEL integration and conversion via [`ocel`].
//!
//! ## Feature Flags
//!
//! *   `default`: Includes the core library and standard profiles.
//! *   `discovery`: Enables type schema discovery and introspection.
//! *   `lsp`: Exposes LSP diagnostics for receipt verification.
//! *   `predictive`: Enables predictive analysis and trend forecasting.
//!
//! # Errors
//!
//! Most operations return a [`crate::error::AffidavitError`] which encapsulates
//! various failure modes including I/O, serialization, and cryptographic mismatches.
//!
//! # Examples
//!
//! For a full end-to-end example of the provenance pipeline, see
//! `examples/full_pipeline.rs`.
//!
//! # Panics
//!
//! This crate is designed to be panic-free in production paths. Invariant checks
//! that could lead to panics are isolated to unreachable code branches or
//! explicit boundary checks.

#![deny(clippy::print_stdout)]
#![deny(unsafe_code)]

pub mod admission;
pub mod bench;
pub mod catalog;
pub mod chain;
pub mod cli;

#[cfg(feature = "discovery")]
pub mod discovery;

pub mod error;
pub mod fixture_db;
pub mod handlers;

#[cfg(feature = "lsp")]
pub mod lsp;

pub mod ocel;
pub mod quality;
pub mod quality_correlation;
pub mod quality_extended;
pub mod quality_object_level;
pub mod quality_ocel;

// Software Bill of Materials (SBOM) — supply-chain provenance layer.
pub mod sbom;
pub mod sbom_artifacts;
pub mod sbom_compliance;
pub mod sbom_ocel;
pub mod sbom_supply_chain;
pub mod sbom_vulnerability;

#[cfg(feature = "predictive")]
pub mod predict_maximalist;

pub mod tracing;
pub mod types;
pub mod verbs;
pub mod verifier;

pub mod diag;
pub mod output;

pub mod diff;
pub mod visualize;

#[cfg(feature = "mutation")]
pub mod mutate;

pub mod model_mining;
pub mod registry;

#[cfg(feature = "gpu")]
#[path = "1000x_gpu_verifier.rs"]
pub mod gpu_verifier;

#[cfg(feature = "remediation")]
#[path = "1000x_auto_remediate_dx.rs"]
pub mod auto_remediate;

#[cfg(feature = "pqc")]
#[path = "1000x_post_quantum_sealing.rs"]
pub mod pqc_sealing;

/// Main entry point for the `affi` CLI application.
///
/// # Errors
///
/// Returns an error if command-line arguments are invalid or if the
/// requested operation fails.
pub fn run() -> clap_noun_verb::Result<()> {
    clap_noun_verb::run()
}

pub use error::AffidavitError;
pub use types::{
    canonical_bytes, Blake3Hash, CheckOutcome, ObjectRef, OperationEvent, ProfileId, Receipt,
    Verdict,
};