exochain-sdk
Ergonomic Rust API for the EXOCHAIN constitutional governance fabric — a
substrate for AI agents and data sovereignty built around decentralized
identifiers (DIDs), scoped consent (bailments), authority-chain delegation,
quorum-based governance, and a constitutional kernel that enforces policy
before action rather than auditing it after. The SDK wraps the lower-level
exo-* workspace crates behind a single, developer-friendly surface so that
applications depend on one crate and one coherent API.
Installation
Workspace (recommended inside the monorepo)
Inside the EXOCHAIN monorepo, add the crate as a path dependency:
[]
= { = "../exochain-sdk" }
Git dependency
[]
= { = "https://github.com/exochain/exochain", = "main" }
crates.io (planned)
Once published, the SDK will be installable with:
Minimum supported Rust version (MSRV) is inherited from the workspace.
Quick start
The canonical end-to-end flow: two identities negotiate a bailment, propose a decision, reach quorum, build a delegation chain, and submit an action to the kernel for adjudication.
use *;
use VoteChoice;
The crate-level Rustdoc contains the same example as a runnable doctest — see
cargo doc --open -p exochain-sdk.
Module layout
The SDK is organized by domain. Each module is independently usable, but they are most powerful together:
| Module | Purpose |
|---|---|
identity |
DID-backed Ed25519 identities (generate, sign, verify). |
consent |
Scoped, time-bounded bailments (consent tokens). |
governance |
Decisions, votes, quorum checks. |
authority |
Delegation chain builder and topology validation. |
kernel |
The Constitutional Governance Runtime (CGR) kernel facade. |
crypto |
BLAKE3 hashing and Ed25519 sign/verify primitives. |
error |
Single ExoError type and ExoResult<T> alias. |
A prelude module re-exports the symbols most applications need:
use *;
// Brings in: Identity, BailmentBuilder, DecisionBuilder, Decision, Vote,
// AuthorityChainBuilder, ConstitutionalKernel, ExoError, ExoResult,
// hash, sign, verify.
Identity
Identity is a DID paired with an Ed25519 keypair and a
human-readable label. The DID is derived from the public key:
did:exo: + first 16 hex chars of BLAKE3(public_key_bytes)
use Identity;
let alice = generate;
println!;
let sig = alice.sign;
assert!;
The Debug impl redacts the secret key, so Identity is safe to log. Use
Identity::from_keypair to rehydrate an identity from a persisted keypair.
Consent (bailments)
A bailment is scoped, time-bounded consent from a bailor to a bailee. The
BailmentBuilder validates inputs and produces a
deterministic, content-addressed proposal.
use BailmentBuilder;
use Did;
let alice = new.expect;
let bob = new.expect;
let proposal = new
.scope
.duration_hours
.build
.expect;
proposal.proposal_id is a BLAKE3-derived 16-char hex string; two parties
independently building the same proposal get the same ID with no coordination.
Governance (decisions, voting, quorum)
DecisionBuilder constructs a decision; the decision
accumulates votes via cast_vote and reports quorum with check_quorum.
use ;
use Did;
let proposer = new.expect;
let v1 = new.expect;
let v2 = new.expect;
let mut d = new
.build
.expect;
d.cast_vote.unwrap;
d.cast_vote.unwrap;
let q = d.check_quorum;
assert!;
The same voter may cast at most one vote; a second attempt returns
ExoError::Governance.
Authority chains
An authority chain is an ordered list of delegation links where
links[i].grantee == links[i+1].grantor. The
AuthorityChainBuilder validates the topology on
build.
use AuthorityChainBuilder;
use Did;
let root = new.expect;
let mid = new.expect;
let leaf = new.expect;
let chain = new
.add_link
.add_link
.build
.expect;
assert_eq!;
build returns ExoError::Authority for empty chains, broken links, or a
terminal mismatch.
Constitutional kernel
ConstitutionalKernel is a simplified wrapper over
[exo_gatekeeper::Kernel]. It initialises the kernel with the default
EXOCHAIN constitution and all eight invariants. Adjudication requires
caller-supplied authority signing material, so the SDK does not fabricate a
trust root.
use ConstitutionalKernel;
use Identity;
use Did;
let authority = generate;
let kernel = with_authority_identity;
let actor = new.expect;
let verdict = kernel.adjudicate;
assert!;
The SDK supplies a minimal signed default context (single Judicial role, one-link authority chain, active bailment, preserved human override). Targeted helpers exercise specific invariants:
adjudicate_self_grant— enablesNoSelfGrantenforcement.adjudicate_kernel_modification— enablesKernelImmutabilityenforcement.adjudicate_without_bailment— enablesConsentRequiredenforcement.
Callers needing fine-grained control over the full adjudication context
should use [exo_gatekeeper::Kernel] directly.
Crypto helpers
The crypto module re-exports the foundational types and
provides convenience helpers:
use ;
let digest = hash; // [u8; 32] BLAKE3
let hex = hash_hex; // 64-char lowercase hex
let = generate_keypair; // Ed25519
let sig = sign;
assert!;
Error handling
All fallible SDK operations return ExoResult<T> — an alias for
Result<T, ExoError>. Each error variant narrows the failure to a specific
subsystem so callers can pattern-match without parsing strings:
| Variant | When returned |
|---|---|
ExoError::Identity |
Identity flows that could validate caller-supplied material. |
ExoError::Consent |
BailmentBuilder::build — missing/empty scope, zero duration. |
ExoError::Governance |
Empty decision title, duplicate voter. |
ExoError::Authority |
Empty chain, broken delegation, terminal mismatch. |
ExoError::KernelDenied |
Optional lift of kernel denial into the error channel. |
ExoError::KernelEscalated |
Optional lift of kernel escalation into the error channel. |
ExoError::Crypto |
Reserved for future fallible crypto flows. |
ExoError::InvalidDid |
DID-string validation failure (unreachable in practice). |
ExoError::Serialization |
Reserved for wire-payload marshal wrappers. |
use *;
use ExoError;
use Did;
let a = new.unwrap;
let b = new.unwrap;
let err = new.build.unwrap_err;
assert!;
Cross-language SDKs
EXOCHAIN ships three first-party SDKs that share the same model and wire format:
- Rust (this crate) —
crates/exochain-sdk. The reference implementation; uses BLAKE3 for hashing and local DID derivation. - TypeScript —
packages/exochain-sdk, published as@exochain/sdk. Uses BLAKE3 for local DID derivation via@noble/hashes. - Python —
packages/exochain-py, published asexochainon PyPI. Uses BLAKE3 for local DID derivation via theblake3package.
DIDs derived locally by the Rust, TypeScript, and Python SDKs match the shared canonical fixture vectors:
did:exo: + first 16 hex chars of BLAKE3(public_key_bytes)
Applications that need externally resolved fabric DIDs should still use the
from_resolved_keypair / fromResolvedKeypair constructors rather than
re-deriving a local SDK DID.
MCP server integration
EXOCHAIN ships an MCP (Model Context Protocol) server at exo-node for use
with AI agents — it exposes EXOCHAIN's identity, consent, governance, and
kernel primitives as MCP tools so LLM agents can request, delegate, and
adjudicate actions through the same constitutional surface.
This SDK targets application developers writing Rust services that speak to EXOCHAIN directly. When integrating with the MCP server, the SDK's types serve as the canonical Rust representation of the objects the MCP server accepts and returns.
Development
Run from the monorepo root:
# Unit and integration tests
# Doctests
# Docs with intra-doc link checking
RUSTDOCFLAGS="-D rustdoc::broken-intra-doc-links"
# Lints
Related crates
The SDK wraps these lower-level crates; use them directly when you need access beyond the SDK's surface:
exo-core— foundational types (DID, Hash256, Signature, Timestamp, HLC).exo-identity— DID documents and privacy-preserving identity adjudication.exo-consent— bailment-conditioned consent enforcement.exo-authority— authority-chain verification and delegation.exo-governance— legislative legitimacy: quorum, clearance, crosscheck.exo-gatekeeper— CGR kernel, invariant enforcement, MCP middleware.exo-escalation— operational nervous system.exo-legal— litigation-grade evidence and eDiscovery.exo-dag— append-only DAG with BFT consensus.exo-proofs— SNARK, STARK, ZKML verifier.
See crates/README.md for the full crate index.
License
Licensed under Apache-2.0. See the top-level LICENSE file for the full
text.