nova-sdk-rs 0.2.0

Lightweight Rust SDK for NOVA: Secure group-based file sharing on NEAR Protocol with Shade/TEE hybridization and IPFS integration.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243

# NOVA SDK for Rust

A Rust SDK for interacting with NOVA secure file-sharing on NEAR blockchain. Provides encrypted, decentralized file storage using IPFS and NEAR smart contracts with group-based access control.

## Features

- 🔐 **AES-256-CBC Encryption** - Client-side encryption for data privacy
- 🌐 **IPFS Storage** - Decentralized file storage via Pinata
- ⛓️ **NEAR Blockchain** - Immutable transaction records and access control
- 👥 **Group Management** - Fine-grained access control with member authorization
- 🔑 **Key Rotation** - Automatic key rotation on member revocation
- 🚀 **Composite Operations** - Simplified high-level workflows

## Installation

Add to your `Cargo.toml`:

```toml
[dependencies]
nova-sdk-rs = "0.1.0"
tokio = { version = "1", features = ["full"] }
```

## Quick Start

```rust
use nova_sdk_rs::{NovaSdk, CompositeUploadResult};

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    // Initialize SDK
    let sdk = NovaSdk::new(
        "https://rpc.testnet.near.org",
        "nova-contract.testnet",
        "your_pinata_api_key",
        "your_pinata_secret_key"
    ).with_signer(
        "ed25519:your_private_key",
        "your-account.testnet"
    )?;

    // Upload encrypted file
    let result = sdk.composite_upload(
        "project_alpha",           // group_id
        "alice.testnet",           // user_id
        "Confidential data",       // data
        "report.txt"               // filename
    ).await?;

    println!("✅ Uploaded to IPFS: {}", result.cid);
    println!("📝 Transaction ID: {}", result.trans_id);
    println!("🔒 File Hash: {}", result.file_hash);

    // Retrieve and decrypt file
    let retrieved = sdk.composite_retrieve(
        "project_alpha",
        &result.cid
    ).await?;

    let decrypted = base64::engine::general_purpose::STANDARD
        .decode(&retrieved.decrypted_b64)?;
    let content = String::from_utf8(decrypted)?;
    
    println!("📄 Content: {}", content);

    Ok(())
}
```

## Core Concepts

### Groups

Groups provide isolated access control domains. Each group has:
- A unique identifier (`group_id`)
- An owner who manages membership
- A shared encryption key
- A list of authorized members

### Access Control

```rust
// Register new group (owner only)
sdk.register_group("secure_vault").await?;

// Add members
sdk.add_group_member("secure_vault", "bob.testnet").await?;

// Check authorization
let authorized = sdk.is_authorized("secure_vault", "bob.testnet").await?;

// Revoke member (automatically rotates key)
sdk.revoke_group_member("secure_vault", "bob.testnet").await?;
```

### Encryption

All data is encrypted client-side using AES-256-CBC:
- 256-bit symmetric keys
- Random IV per encryption
- PKCS7 padding
- Keys stored encrypted on blockchain

### Transaction Recording

Every file operation creates an immutable blockchain record:

```rust
let trans_id = sdk.record_transaction(
    "my_group",
    "alice.testnet",
    "file_hash_sha256",
    "QmIPFSHash"
).await?;

// Query group transactions
let txs = sdk.get_transactions_for_group("my_group", "alice.testnet").await?;
```

## API Overview

### Initialization

- `NovaSdk::new()` - Create SDK instance
- `with_signer()` - Attach NEAR account credentials

### Group Management

- `register_group()` - Create new group
- `add_group_member()` - Grant access to user
- `revoke_group_member()` - Revoke access and rotate key
- `is_authorized()` - Check user authorization

### Key Management

- `store_group_key()` - Store encryption key
- `get_group_key()` - Retrieve key (authorized users only)

### File Operations

- `composite_upload()` - Encrypt, upload to IPFS, record transaction
- `composite_retrieve()` - Fetch from IPFS, decrypt
- `record_transaction()` - Record file metadata on blockchain
- `get_transactions_for_group()` - Query transaction history

### Utilities

- `get_balance()` - Check NEAR account balance
- `transfer_tokens()` - Transfer NEAR tokens

## Environment Setup

For testing and development, set these environment variables:

```bash
# Required for integration tests
TEST_NEAR_ACCOUNT_ID=your-account.testnet
TEST_NEAR_PRIVATE_KEY=ed25519:your_private_key
PINATA_API_KEY=your_pinata_key
PINATA_SECRET_KEY=your_pinata_secret
```

Create a `.env` file:

```bash
TEST_NEAR_ACCOUNT_ID=alice.testnet
TEST_NEAR_PRIVATE_KEY=ed25519:...
PINATA_API_KEY=...
PINATA_SECRET_KEY=...
```

## Testing

```bash
# Run unit tests
cargo test

# Run with integration tests (requires .env setup)
cargo test -- --include-ignored

# Run specific test
cargo test test_composite_upload
```

## Error Handling

The SDK uses a custom `NovaError` enum:

```rust
use nova_sdk_rs::NovaError;

match sdk.get_group_key("my_group", "user.testnet").await {
    Ok(key) => println!("Key: {}", key),
    Err(NovaError::Near(msg)) => eprintln!("RPC error: {}", msg),
    Err(NovaError::InvalidKey) => eprintln!("Invalid encryption key"),
    Err(NovaError::ParseAccount) => eprintln!("Invalid account ID"),
    Err(NovaError::Signing(msg)) => eprintln!("Signing failed: {}", msg),
}
```

## Security Considerations

⚠️ **Important Security Notes:**

1. **Private Keys** - Never commit private keys to version control
2. **Key Storage** - Store encryption keys securely
3. **IPFS Privacy** - IPFS content is public; encryption is essential
4. **Access Control** - Verify user authorization before operations
5. **Key Rotation** - Revoked members cannot decrypt new content

## Examples

See the [examples](https://github.com/jcarbonnell/nova/tree/main/nova-sdk-rs/examples) directory for complete working examples:

- `simple_upload.rs` - Basic file upload/download
- `group_management.rs` - Managing groups and members
- `key_rotation.rs` - Handling member revocation

## Contributing

Contributions are welcome! Please:

1. Fork the repository
2. Create a feature branch
3. Add tests for new functionality
4. Ensure all tests pass (`cargo test`)
5. Submit a pull request

## License

This project is licensed under the MIT License - see [LICENSE](https://github.com/jcarbonnell/nova/blob/main/nova-sdk-rs/LICENSE) file for details.

## Resources

- [NOVA Documentation](https://nova-25.gitbook.io/nova-docs/)
- [NEAR Protocol](https://near.org)
- [IPFS](https://ipfs.io)
- [Pinata](https://pinata.cloud)

## Support

- Issues: [GitHub Issues](https://github.com/jcarbonnell/nova/issues)
- Discussions: [GitHub Discussions](https://github.com/jcarbonnell/nova/discussions)