invariant-biosynthesis 0.0.3

Biosynthesis safety engine for Invariant: synthesis bundles, D/P/C invariants, hazard screening, attestation. As of 0.2.0 this crate ships from the unified Invariant workspace at https://github.com/clay-good/invariant — the standalone invariant-biosynthesis repo has been merged in.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

//! Execution token — the signed "go" token a synthesis platform verifies
//! before executing a synthesis bundle. Replaces `models/actuation.rs` from
//! the sibling robotics project.
//!
//! The cryptographic shape is identical: a bundle hash, a verdict reference,
//! and an Ed25519 signature over the canonical bytes.

use chrono::{DateTime, Utc};
use serde::{Deserialize, Serialize};

/// An Ed25519-signed token permitting a synthesis platform to execute a bundle.
///
/// The payload semantics are filled in at Step 3 once platform integration
/// contracts are drafted; for now the token only carries the bundle hash,
/// verdict reference, and signature envelope so downstream crates can
/// type-check.
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
pub struct ExecutionToken {
    /// SHA-256 hash of the bundle that this token authorizes.
    pub bundle_hash: String,
    /// SHA-256 hash of the signed verdict that approved the bundle.
    pub verdict_hash: String,
    /// Issuance timestamp.
    pub issued_at: DateTime<Utc>,
    /// Monotonic sequence number from the approving verdict.
    pub sequence: u64,
    /// Base64-encoded Ed25519 signature over the canonical JSON of this token
    /// (with `signature` set to the empty string during signing).
    pub signature: String,
    /// Key identifier of the issuing validator.
    pub signer_kid: String,
}