clasp-registry 4.2.0

Entity registry for CLASP - persistent identity for devices, users, and services
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157

# clasp-registry

Persistent Ed25519 identity registry for devices, users, services, and routers in CLASP.

## Features

- **Entity Identity** - Ed25519 keypairs with globally unique `clasp:` IDs
- **Entity Types** - Device, User, Service, Router
- **Status Lifecycle** - Active, Suspended, Revoked
- **Token Generation** - Ed25519-signed entity tokens (`ent_` prefix)
- **Pluggable Storage** - In-memory or SQLite backends
- **ValidatorChain Integration** - Works alongside CPSK and Capability validators
- **Namespace-Based Scopes** - Entities can be scoped to namespace patterns

## Installation

```toml
[dependencies]
clasp-registry = "3.5"

# With SQLite persistence
clasp-registry = { version = "3.5", features = ["sqlite"] }
```

## Feature Flags

| Feature | Description |
|---------|-------------|
| `sqlite` | Enables `SqliteEntityStore` for persistent storage |

## Usage

### Generate an Entity Keypair

```rust
use clasp_registry::{EntityKeypair, EntityType};

let keypair = EntityKeypair::generate()?;
println!("Entity ID: {}", keypair.entity_id); // clasp:4j8Ygfakd8xZ9q7m...

// Create an Entity from the keypair
let entity = keypair.to_entity(EntityType::Device, "Sensor A".to_string());
```

### Store and Retrieve Entities

```rust
use clasp_registry::{MemoryEntityStore, EntityStore, EntityId};

let store = MemoryEntityStore::new();

// Create
store.create(&entity).await?;

// Retrieve
let found = store.get(&entity.id).await?;
assert!(found.is_some());

// Find by public key
let by_key = store.find_by_public_key(keypair.public_key_bytes()).await?;

// Find by tag or namespace
let sensors = store.find_by_tag("sensor").await?;
let site_a = store.find_by_namespace("/site-a").await?;

// List with pagination
let page = store.list(0, 20).await?;

// Update status (suspend, revoke)
use clasp_registry::EntityStatus;
store.update_status(&entity.id, EntityStatus::Suspended).await?;
```

### SQLite Persistence

```rust
#[cfg(feature = "sqlite")]
use clasp_registry::SqliteEntityStore;

let store = SqliteEntityStore::open("entities.db")?;
// Same EntityStore API as MemoryEntityStore
```

### Generate and Validate Tokens

```rust
use clasp_registry::{generate_token, EntityValidator};
use std::sync::Arc;

// Generate a token from a keypair
let token = generate_token(&keypair)?; // "ent_<base64url(msgpack)>"

// Set up validation
let store = Arc::new(MemoryEntityStore::new());
store.create(&entity).await?;

let validator = EntityValidator::new(store)
    .with_max_token_age(3600); // reject tokens older than 1 hour

// Implements clasp_core::security::TokenValidator
use clasp_core::security::TokenValidator;
match validator.validate(&token) {
    clasp_core::security::ValidationResult::Valid(info) => {
        println!("Entity: {}", info.subject.unwrap());
        println!("Scopes: {:?}", info.scopes);
    }
    other => println!("Validation failed: {:?}", other),
}
```

## Token Wire Format

Entity tokens use the `ent_` prefix followed by URL-safe base64-encoded MessagePack:

```
ent_<base64url(msgpack(EntityTokenPayload))>
```

The payload contains the entity ID, a timestamp, and an Ed25519 signature over both.

## Configuration Reference

### Entity

| Field | Type | Description |
|-------|------|-------------|
| `id` | `EntityId` | Globally unique ID (`clasp:<base58>`) |
| `entity_type` | `EntityType` | `Device`, `User`, `Service`, or `Router` |
| `name` | `String` | Human-readable name |
| `public_key` | `Vec<u8>` | Ed25519 public key (32 bytes, hex in JSON) |
| `created_at` | `SystemTime` | Creation timestamp |
| `metadata` | `HashMap<String, String>` | Arbitrary key-value metadata |
| `tags` | `Vec<String>` | Searchable tags |
| `namespaces` | `Vec<String>` | Namespace patterns (converted to scopes) |
| `scopes` | `Vec<String>` | Explicit `action:pattern` scopes |
| `status` | `EntityStatus` | `Active`, `Suspended`, or `Revoked` |

### EntityId Format

```
clasp:<base58(first 16 bytes of Ed25519 public key)>
```

### Scope Resolution

When validating, scopes are resolved in order:

1. If `entity.scopes` is non-empty, use them as-is
2. Otherwise, convert `entity.namespaces` to scopes: `/lights` becomes `admin:/lights/**`

## License

Licensed under either of Apache License, Version 2.0 or MIT license at your option.

---

Maintained by [LumenCanvas](https://lumencanvas.studio)