vex-anchor 1.0.0

Public anchoring layer for VEX audit logs - Git, OpenTimestamps, Ethereum, Celestia support
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156

//! OpenTimestamps anchor backend
//!
//! Submits Merkle roots to the public OpenTimestamps calendar servers
//! (https://alice.btc.calendar.opentimestamps.org) for Bitcoin blockchain anchoring.

use async_trait::async_trait;
use base64::{engine::general_purpose::STANDARD, Engine};
use chrono::Utc;
use vex_core::Hash;

use crate::backend::{AnchorBackend, AnchorMetadata, AnchorReceipt};
use crate::error::AnchorError;

/// Public OTS calendar servers (tried in order)
const OTS_CALENDARS: &[&str] = &[
    "https://alice.btc.calendar.opentimestamps.org",
    "https://bob.btc.calendar.opentimestamps.org",
    "https://finney.calendar.eternitywall.com",
];

/// OpenTimestamps calendar anchor backend
///
/// Submits Merkle roots to public Bitcoin calendar servers for timestamping.
/// Proofs become final after ~1 Bitcoin block and are verifiable with `ots verify`.
#[derive(Debug, Clone)]
pub struct OpenTimestampsAnchor {
    client: reqwest::Client,
}

impl OpenTimestampsAnchor {
    /// Create a new OpenTimestamps anchor using the public calendar servers
    pub fn new() -> Self {
        let client = reqwest::Client::builder()
            .timeout(std::time::Duration::from_secs(30))
            .user_agent("vex-anchor/0.1.5")
            .build()
            .expect("Failed to build OTS HTTP client");
        Self { client }
    }
}

impl Default for OpenTimestampsAnchor {
    fn default() -> Self {
        Self::new()
    }
}

#[async_trait]
impl AnchorBackend for OpenTimestampsAnchor {
    async fn anchor(
        &self,
        root: &Hash,
        metadata: AnchorMetadata,
    ) -> Result<AnchorReceipt, AnchorError> {
        // OTS calendar accepts raw 32-byte SHA-256 digests
        let digest_bytes = root.0.to_vec();

        let mut last_error = AnchorError::Network("No calendars configured".to_string());
        for calendar in OTS_CALENDARS {
            let url = format!("{}/digest", calendar);
            let response = self
                .client
                .post(&url)
                .header("Content-Type", "application/x-www-form-urlencoded")
                .body(digest_bytes.clone())
                .send()
                .await;

            match response {
                Ok(resp) if resp.status().is_success() => {
                    let proof_bytes = resp
                        .bytes()
                        .await
                        .map_err(|e| AnchorError::Network(e.to_string()))?;

                    let proof_b64 = STANDARD.encode(&proof_bytes);
                    let anchor_id = format!("{}#{}", calendar, root.to_hex());

                    return Ok(AnchorReceipt {
                        backend: self.name().to_string(),
                        root_hash: root.to_hex(),
                        anchor_id,
                        anchored_at: Utc::now(),
                        proof: Some(proof_b64),
                        metadata,
                    });
                }
                Ok(resp) => {
                    last_error = AnchorError::Network(format!(
                        "Calendar {} returned HTTP {}",
                        calendar,
                        resp.status()
                    ));
                }
                Err(e) => {
                    last_error =
                        AnchorError::Network(format!("Calendar {} unreachable: {}", calendar, e));
                }
            }
        }

        Err(last_error)
    }

    async fn verify(&self, receipt: &AnchorReceipt) -> Result<bool, AnchorError> {
        let Some(ref proof_b64) = receipt.proof else {
            return Ok(false);
        };

        let proof_bytes = STANDARD
            .decode(proof_b64)
            .map_err(|e| AnchorError::VerificationFailed(format!("Invalid base64 proof: {}", e)))?;

        // Non-empty proof means the OTS calendar acknowledged the submission
        Ok(!proof_bytes.is_empty())
    }

    fn name(&self) -> &str {
        "opentimestamps"
    }

    async fn is_healthy(&self) -> bool {
        let url = format!("{}/digest", OTS_CALENDARS[0]);
        self.client
            .head(&url)
            .send()
            .await
            .map(|r| r.status().as_u16() < 500)
            .unwrap_or(false)
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use crate::backend::AnchorMetadata;

    #[test]
    fn test_ots_anchor_name() {
        let anchor = OpenTimestampsAnchor::new();
        assert_eq!(anchor.name(), "opentimestamps");
    }

    #[test]
    fn test_ots_verify_missing_proof() {
        let receipt = AnchorReceipt {
            backend: "opentimestamps".to_string(),
            root_hash: "abc123".to_string(),
            anchor_id: "ots://test#abc123".to_string(),
            anchored_at: Utc::now(),
            proof: None,
            metadata: AnchorMetadata::new("test-tenant", 1),
        };
        assert!(receipt.proof.is_none());
    }
}