ppoppo-token 0.2.0

JWT (RFC 9068, EdDSA) issuance + verification engine for the Ppoppo ecosystem. Single deep module with a small interface (issue, verify) hiding RFC 8725 mitigations M01-M45, JWKS handling, and substrate ports (epoch, session, replay).
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

//! Shared in-memory port adapters for Phase 5 trait integration tests.
//!
//! Each adapter is HashMap-backed and intentionally minimal — Sub-cycle B
//! exercises the engine wiring, not the substrate adapter logic itself.
//! Production substrates (KVRocks, Postgres, HTTP userinfo) live in
//! chat-auth / pas-external; their behavior is verified at those crates'
//! boundary, not here.
//!
//! Each adapter has two constructors:
//!
//! - `new()` — happy-path substrate: tracks state in memory.
//! - `failing()` — always returns `Transient`, lets engine integration
//!   tests prove the fail-closed posture (substrate down → reject token,
//!   not admit).
//!
//! Mutex poison recovery via `.unwrap_or_else(|p| p.into_inner())` keeps
//! the workspace lint (`clippy::unwrap_used` deny) clean — the lint
//! flags `Result::unwrap` only, not `unwrap_or_else`.

#![allow(dead_code)] // each test file uses a subset

pub mod epoch;
pub mod observability;
pub mod replay;
pub mod session;

pub use epoch::MemoryEpochRevocation;
pub use observability::{CapturedEvent, EventCapture};
pub use replay::MemoryReplayDefense;
pub use session::MemorySessionRevocation;