//! Shared sensitive-action confirmation contract ("what you see is what you
//! sign"). cex-auth mints a short-lived, single-use HMAC token binding
//! `{sub, purpose, action-hash, jti}` after a WebAuthn assertion (or dynamic-
//! linking OTP); every enforcing service (cex-ledger, cex-account) recomputes the
//! same action hash from the real request body and verifies the token here.
//!
//! Single source of truth: the token format, hash canonicalization, and jti-burn
//! semantics were previously hand-duplicated ("TWIN") across cex-auth and
//! cex-ledger. This module is the versioned contract (`v1|…`) — change every
//! consumer together and bump the prefix on any wire change.
pub use ;
pub use ;
pub use ;