hardbound 0.0.1

Hardbound — public trait surface for the enterprise hardware-bound trust tier of Web4. Implementations of these traits anchor identity, vault, witness chain, and policy in TPM 2.0 / YubiKey / Secure Enclave hardware. The reference closed-source implementation is at metalinxx.io; this crate is the contract any compatible implementation must satisfy.
Documentation
  • Coverage
  • 100%
    38 out of 38 items documented0 out of 0 items with examples
  • Size
  • Source code size: 16.15 kB This is the summed size of all the files inside the crates.io package for this release.
  • Documentation size: 743.22 kB This is the summed size of all files generated by rustdoc for all configured targets
  • Ø build duration
  • this release: 43s Average build duration of successful builds.
  • all releases: 43s Average build duration of successful builds in releases after 2024-10-23.
  • Links
  • Homepage
  • dp-web4/hestia
    0 0 0
  • crates.io
  • Dependencies
  • Versions
  • Owners
  • dp-web4

hardbound (Rust)

Public trait surface for the hardware-bound enterprise trust tier of Web4. This crate is the contract; implementations live elsewhere.

What this crate is

Four traits + their supporting types:

Trait Replaces in consumer Hestia
TrustedKeyProvider software-derived sovereign LCT
SealedVault passphrase-derived AEAD key
AttestationSigner Phase-1 placeholder signer LCT
OversightPolicy default-allow stub

Any compatible Hardbound implementation must expose at least one of these (most will expose all four). A Hestia daemon configured with a Hardbound provider gets:

  • Hardware-anchored identity (TPM 2.0 / YubiKey / Secure Enclave)
  • Sealed vault — even with the passphrase, the file won't decrypt off the bound hardware
  • TPM-attested signatures over every witness chain entry
  • A real policy engine in place of the OSS default-allow stub

What this crate is NOT

  • A working implementation. The reference (closed-source) impl lives at metalinxx.io. Building against this crate pulls in only the trait shapes; you must wire an implementation yourself or contact dp@metalinxx.io for early access to the reference build.
  • An exhaustive policy language. OversightPolicy::evaluate is the evaluation interface; the policy rules themselves are implementation-defined.

See also

Versioning

0.0.1 — initial publication of the contract. Trait shapes may shift before 0.1.0. Pin a minor version and watch the changelog.

License

AGPL-3.0-or-later, matching the rest of the dp-web4 stack. If you need a permissive license for a compatible implementation, contact dp@metalinxx.io.