chio-kernel-core 0.1.0

Portable (no_std + alloc) Chio kernel core: pure verdict evaluation, capability verification, and receipt signing
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47

//! Abstract clock for capability time-bound enforcement.
//!
//! The kernel core never calls `std::time::SystemTime::now()`. All time
//! enters the pure evaluation surface through a `&dyn Clock` so that
//! browser, WASM, and embedded adapters can inject `Date.now()`,
//! `instant::now()`, or a fuzzed/mock clock for deterministic testing.

/// Abstract monotonic wall-clock exposing Unix seconds.
///
/// Implementations MUST return a value consistent with the signed
/// `issued_at` / `expires_at` fields on capabilities. The verdict path is
/// fail-closed against clock errors: if `now_unix_secs` returns a value in
/// the past of `issued_at` or past `expires_at`, the capability is rejected.
pub trait Clock {
    /// Current Unix timestamp in seconds.
    fn now_unix_secs(&self) -> u64;
}

/// Test-only clock that returns a fixed value.
///
/// Useful for deterministic evaluation harnesses (e.g. the wasm
/// platform adapter's `evaluate_at_time()` helper and the
/// `portable_build.rs` integration test).
#[derive(Debug, Clone, Copy)]
pub struct FixedClock {
    now_unix_secs: u64,
}

impl FixedClock {
    /// Build a fixed clock pinned to `now_unix_secs`.
    #[must_use]
    pub const fn new(now_unix_secs: u64) -> Self {
        Self { now_unix_secs }
    }
}

impl Clock for FixedClock {
    fn now_unix_secs(&self) -> u64 {
        self.now_unix_secs
    }
}

impl<T: Clock + ?Sized> Clock for &T {
    fn now_unix_secs(&self) -> u64 {
        (**self).now_unix_secs()
    }
}