auths-transparency 0.1.1

Append-only transparency log types, Merkle math, and tile storage for Auths
Documentation
# auths-transparency

Append-only **transparency-log** primitives for Auths: RFC 6962 Merkle math,
C2SP-style checkpoints and witness cosignatures, tile storage, offline-bundle
verification, and the witness-diversity (independence) gate.

This is the **CT-checkpoint** half of Auths' two witness subsystems. (The other is
the KERI-`rct` key-event receipting layer in `auths-core::witness` /
`auths-keri::witness` — a separate protocol with separate keys. Don't conflate
them.)

## What's in it

- **`merkle`** — RFC 6962 leaf/node hashing, inclusion proofs
  (`verify_inclusion`), and **consistency proofs** (`verify_consistency`) between
  two tree sizes. Pure, no-I/O, WASM-safe.
- **`checkpoint`**`Checkpoint` (origin/size/root/timestamp), its C2SP
  signed-note body, `SignedCheckpoint` (log signature + Ed25519 or ECDSA-P256),
  and `WitnessCosignature`.
- **`tile` / `store`** — C2SP static tile layout + `TileStore` (filesystem, and
  S3 under the `s3` feature) for serving a log.
- **`bundle` / `verify`**`OfflineBundle` + `verify_bundle`: a synchronous,
  I/O-free verification of signature, inclusion, checkpoint, witness quorum, and
  namespace against a pinned `TrustRoot`. This is the embeddable verifier path.
- **`witness`** (native feature) — the C2SP `tlog-witness` cosignature protocol
  types (`CosignRequest`/`CosignResponse`, `cosignature_signed_message`).
- **`witness_policy`** — a typed, **fail-closed** loader for
  `data/witness_policy.json` (the runtime diversity policy). Rejects a missing
  file, unparseable JSON, unknown schema version, or a placeholder `pubkey_b64`.
- **Independence gate**`verify_bundle`'s witness check layers
  `auths_keri::witness::independence::spans_distinct` (distinct
  organizations / jurisdictions / infrastructure) **on top of** the `n/2+1`
  count, evaluated over the *actual cosigning quorum*. A count-met-but-correlated
  quorum returns `WitnessStatus::NotIndependent`.

> The runtime `data/witness_policy.json` (who is trusted to cosign now) is
> deliberately separate from the governance `docs/governance/admission_policy.json`
> (who may *become* a witness). Neither may be weakened to make a verify pass.

## How it fits in the architecture

```
auths-sdk / auths-cli / auths-monitor / auths-checkpoint-cosigner
  |
  +-- auths-transparency (THIS CRATE)
        |
        +-- depends on: auths-verifier (types, Ed25519/ECDSA), auths-crypto,
        |               auths-keri (the shared independence model)
        +-- default-features=false → WASM-safe verify path (no ring/tokio)
        +-- "native" feature → tile stores, witness cosigner protocol, async
```

**Dependency direction**: depends downward on `auths-verifier`/`auths-crypto`/
`auths-keri`; nothing in those depends back on it. The verify path is designed for
minimal-dependency embedding (FFI/WASM), so it stays free of `ring`/`tokio` unless
`native` is enabled.

## Usage

```rust,ignore
use auths_transparency::{verify_bundle, OfflineBundle, TrustRoot};

// Offline, I/O-free verification against a pinned trust root.
let report = verify_bundle(&bundle, &trust_root, now);
assert!(report.is_valid());

// Consistency between two checkpoints of the same log.
use auths_transparency::verify_consistency;
verify_consistency(old_size, new_size, old_root, new_root, &proof)?;

// Load the runtime witness-diversity policy (fail-closed).
use auths_transparency::WitnessPolicy;
let policy = WitnessPolicy::load(std::path::Path::new("data/witness_policy.json"))?;
```

Consumers: `auths-sdk` (bundle verification workflows), `auths-monitor`
(cross-operator consistency), `auths-checkpoint-cosigner` (the cosigner), and the
verifier embeddings.