1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
//! KERI (Key Event Receipt Infrastructure) implementation.
//!
//! This module provides core KERI types and operations for identity management:
//!
//! - **Events**: Inception (icp), Rotation (rot), Interaction (ixn)
//! - **KeyState**: Current cryptographic state derived from KEL replay
//! - **Seals**: Anchored data references in events
//!
//! # Core Scope
//!
//! **If it's not here, it's not core.**
//!
//! This module defines the fundamental KERI protocol logic. Everything else
//! (storage, transport, UI) is an adapter that consumes this core.
//!
//! ## Domain Types (Sans-IO)
//!
//! The following types are **pure domain types** with no I/O dependencies:
//!
//! | Type | Location | Notes |
//! |------|----------|-------|
//! | `Event`, `IcpEvent`, `RotEvent`, `IxnEvent` | `auths-id::keri::event` | Serde-only, no git2/fs/net |
//! | `KeyState` | `auths-id::keri::state` | Serde-only, no git2/fs/net |
//! | `Attestation`, `Capability` | `auths-verifier::core` | Serde + chrono types (no `Utc::now()`) |
//! | `MemberStatus`, `MemberFilter`, `MemberView` | `auths-id::storage::registry::org_member` | Time injected via `now` param |
//!
//! **Key invariants:**
//! - All `DateTime<Utc>` values are passed in (injected), never generated via `Utc::now()`
//! - No direct filesystem, git, or network operations in these types
//! - Types use only serde for serialization (deterministic, portable)
//!
//! ## Core Entrypoints (Pure Functions)
//!
//! The following are the **pure function entrypoints** with no side effects:
//!
//! | Function | Module | Description |
//! |----------|--------|-------------|
//! | [`validate_kel`] / [`replay_kel`] | `keri::validate` | Replays events to compute `KeyState` (`apply_event_chain`) |
//! | [`compute_status`](crate::storage::registry::org_member::compute_status) | `storage::registry::org_member` | Computes member status from attestation |
//! | `evaluate_policy` | `policy` | Evaluates authorization decision |
//!
//! These functions are suitable for property-based testing and are independent
//! of storage backends.
//!
//! ## Protocol Invariants
//!
//! These invariants are **non-negotiable** and enforced at the core level:
//!
//! ### 1. Identity KEL is Append-Only
//!
//! - Once an event is committed, it cannot be modified
//! - Sequence numbers are monotonically increasing (0, 1, 2, ...)
//! - Each event's SAID must match its content hash (self-addressing)
//! - Violating these produces [`ValidationError::InvalidSequence`] or [`ValidationError::InvalidSaid`]
//!
//! **Tests:** `rejects_broken_sequence`, `rejects_invalid_said` in [`validate`] module
//!
//! ### 2. Device/Org Attestations are Derived State
//!
//! - Attestations are NOT the source of truth for identity
//! - They are derived from the KEL and anchored via seals
//! - Attestations can be regenerated from the KEL
//! - Storage backends may cache attestations, but the KEL is authoritative
//!
//! ### 3. Issuer + Subject Mismatches are Structural Invalidity
//!
//! When loading attestations:
//! - Subject DID must match the filename DID → [`MemberInvalidReason::SubjectMismatch`](crate::storage::registry::org_member::MemberInvalidReason::SubjectMismatch)
//! - Issuer DID must match the org DID → [`MemberInvalidReason::IssuerMismatch`](crate::storage::registry::org_member::MemberInvalidReason::IssuerMismatch)
//!
//! These are **hard errors** (structural corruption), not soft warnings.
//!
//! **Tests:** `visit_org_member_attestations_detects_subject_mismatch`,
//! `visit_org_member_attestations_detects_issuer_mismatch` in `packed` module
//!
//! ## Event Types
//!
//! | Type | Purpose |
//! |------|---------|
//! | `icp` | Creates identity, commits to first rotation key |
//! | `rot` | Rotates to pre-committed key, establishes new commitment |
//! | `ixn` | Anchors data (attestations) without key rotation |
//!
//! ## Not Implemented (Out of Scope)
//!
//! - Delegation events (dip/drt)
//! - Threshold multi-sig
//! - CESR encoding (using JSON)
//!
//! ## Witness Support
//!
//! Witness infrastructure is available via the `auths_core::witness` module:
//! - `Receipt`: Witness receipt for event acknowledgment
//! - `ReceiptCollector`: Collects receipts from k-of-n witnesses
//! - `DuplicityDetector`: Detects split-view attacks
//!
//! Receipt storage is available via `auths_id::storage::receipts`.
// INVARIANT: file-based KEL cache — entire module is an I/O adapter
pub use ;
pub use KERI_VERSION_PREFIX;
pub use ;
pub use ;
pub use ;
pub use ;
pub use ;
pub use ;
pub use ;
pub use Seal;
pub use KeyState;
pub use ;
pub use ;