assay-registry 3.5.1

Pack registry client for remote pack distribution (SPEC-Pack-Registry-v1)
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87

//! Pack registry client for remote pack distribution.
//!
//! This crate implements the client side of SPEC-Pack-Registry-v1, providing:
//!
//! - HTTP client for registry API with token auth
//! - Digest and signature verification
//! - Local caching with integrity verification
//! - Pack resolution (local โ†’ bundled โ†’ registry โ†’ BYOS)
//! - Lockfile support for reproducible builds
//! - OIDC token exchange for CI environments
//!
//! # Quick Start
//!
//! ```no_run
//! use assay_registry::{RegistryClient, RegistryConfig};
//!
//! # async fn example() -> anyhow::Result<()> {
//! // Create client from environment
//! let client = RegistryClient::from_env()?;
//!
//! // Fetch a pack
//! let result = client.fetch_pack("eu-ai-act-baseline", "1.2.0", None).await?;
//! if let Some(pack) = result {
//!     println!("Fetched pack with digest: {}", pack.computed_digest);
//! }
//! # Ok(())
//! # }
//! ```
//!
//! # Authentication
//!
//! The client supports token-based authentication via:
//!
//! - `ASSAY_REGISTRY_TOKEN` environment variable
//! - Explicit token in `RegistryConfig`
//! - OIDC token exchange (with `oidc` feature)
//!
//! # Configuration
//!
//! | Environment Variable | Description |
//! |---------------------|-------------|
//! | `ASSAY_REGISTRY_URL` | Registry base URL (default: `https://registry.getassay.dev/v1`) |
//! | `ASSAY_REGISTRY_TOKEN` | Authentication token |
//! | `ASSAY_ALLOW_UNSIGNED_PACKS` | Allow unsigned packs (dev only) |
//! | `ASSAY_REGISTRY_TIMEOUT` | Request timeout in seconds (default: 30) |
//! | `ASSAY_REGISTRY_MAX_RETRIES` | Max retries for transient failures (default: 3) |

pub mod auth;
pub mod cache;
pub mod canonicalize;
pub mod client;
mod digest;
pub mod error;
pub mod lockfile;
pub mod reference;
pub mod resolver;
pub mod trust;
pub mod types;
pub mod verify;

/// User-Agent string sent by the registry client. Single source for client and tests.
pub const REGISTRY_USER_AGENT: &str = concat!("assay-registry/", env!("CARGO_PKG_VERSION"));

// Re-export main types
pub use auth::TokenProvider;
pub use cache::{CacheEntry, CacheMeta, PackCache};
pub use client::RegistryClient;
pub use error::{RegistryError, RegistryResult};
pub use lockfile::{
    generate_lockfile, verify_lockfile, LockMismatch, LockSignature, LockSource, LockedPack,
    Lockfile, VerifyLockResult, LOCKFILE_NAME, LOCKFILE_VERSION,
};
pub use reference::PackRef;
pub use resolver::{PackResolver, ResolveSource, ResolvedPack, ResolverConfig};
pub use trust::{KeyMetadata, TrustStore};
pub use types::{
    DsseEnvelope, DsseSignature, FetchResult, KeysManifest, PackHeaders, PackMeta, RegistryConfig,
    TrustedKey, VersionInfo, VersionsResponse,
};
pub use verify::{compute_digest, verify_digest, verify_pack, VerifyOptions, VerifyResult};

// Canonical digest (SPEC ยง6.2)
pub use canonicalize::{
    compute_canonical_digest, compute_canonical_digest_result, parse_yaml_strict,
    to_canonical_jcs_bytes, CanonicalizeError, MAX_DEPTH, MAX_KEYS_PER_MAPPING, MAX_SAFE_INTEGER,
    MAX_STRING_LENGTH, MAX_TOTAL_SIZE, MIN_SAFE_INTEGER,
};