cordance-cortex 0.1.1

Cordance Cortex adapter. Emits candidate receipts; never writes to the cortex repo or runtime.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89

//! Cortex adapter. Emits `cordance-cortex-receipt-v1-candidate` JSON only.
//!
//! ADR 0005: Cordance never writes to the cortex repo or runtime. It produces
//! a receipt; the operator hands the receipt to Cortex via Cortex's own
//! acceptance flow.
//!
//! Every receipt's `AuthorityBoundary` is constructed via
//! `AuthorityBoundary::candidate_only()`, which sets every authority-grant
//! flag to `false`. Receipts re-validate through `validate_invariants()`
//! on the deserialise path so a tampered JSON that flips a flag is caught
//! even if `serde` accepts it.
//!
//! # Golden path
//!
//! ```no_run
//! use cordance_core::advise::AdviseReport;
//! use cordance_core::lock::SourceLock;
//! use cordance_core::pack::{CordancePack, PackTargets, ProjectIdentity};
//! use cordance_core::schema;
//!
//! let pack = CordancePack {
//!     schema: schema::CORDANCE_PACK_V1.into(),
//!     project: ProjectIdentity {
//!         name: "my-project".into(),
//!         repo_root: ".".into(),
//!         kind: "rust-workspace".into(),
//!         host_os: "linux".into(),
//!         axiom_pin: Some("v3.1.1-axiom".into()),
//!     },
//!     sources: vec![],
//!     doctrine_pins: vec![],
//!     targets: PackTargets::all(),
//!     outputs: vec![],
//!     source_lock: SourceLock::empty(),
//!     advise: AdviseReport::empty(),
//!     residual_risk: vec!["claim_ceiling=candidate".into()],
//! };
//!
//! let receipt = cordance_cortex::build_receipt(&pack).expect("build receipt");
//! receipt.validate_invariants().expect("invariants hold");
//!
//! let json = serde_json::to_string_pretty(&receipt).expect("serialise");
//! println!("{json}");
//! ```

#![forbid(unsafe_code)]
#![deny(clippy::unwrap_used, clippy::expect_used)]

use cordance_core::pack::CordancePack;
use cordance_core::receipt::{AuthorityBoundary, CortexReceiptV1Candidate};

pub mod builder;
pub mod validator;

#[derive(Debug, thiserror::Error)]
pub enum CortexError {
    #[error("receipt validation error: {0}")]
    Validation(String),
    #[error("serialisation error: {0}")]
    Serde(#[from] serde_json::Error),
}

/// Build a candidate receipt from a compiled pack.
///
/// # Errors
/// Returns `CortexError::Validation` if the assembled receipt fails structural
/// validation.
#[allow(clippy::missing_errors_doc)]
pub fn build_receipt(pack: &CordancePack) -> Result<CortexReceiptV1Candidate, CortexError> {
    builder::build_receipt(pack)
}

/// Quick check: a fresh `AuthorityBoundary::candidate_only()` is always safe.
#[must_use]
pub const fn safe_boundary() -> AuthorityBoundary {
    AuthorityBoundary::candidate_only()
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn safe_boundary_grants_nothing() {
        let b = safe_boundary();
        assert!(b.candidate_only);
        assert!(!b.cortex_truth_allowed);
    }
}