Struct CertmeshHandle 

pub struct CertmeshHandle { /* private fields */ }

Implementations

impl CertmeshHandle

pub fn core(&self) -> Result<Arc<CertmeshCore>, KoiError>

pub async fn status(&self) -> CapabilityStatus

pub async fn posture(&self) -> Result<Posture, KoiError>

This node’s current trust posture — the mode oracle (ADR-020 §0).

Works in both modes (wishlist 1.3): embedded reads the live watch value; a remote handle queries the daemon’s GET /v1/certmesh/posture (DAT-gated, so the handle must carry a token — adopted from the local breadcrumb or set via Builder::service_token). A remote query needs the network, hence async.

pub fn on_posture(&self) -> Result<Receiver<Posture>, KoiError>

Subscribe to live posture transitions — a tokio::sync::watch receiver that fires on every Open↔Authenticated flip (ADR-020 §5 / wishlist 5.2).

Ergonomic shorthand for certmesh()?.core()?.watch_posture(). Embedded only; returns DisabledCapability in Remote mode.

pub async fn local_identity(&self) -> Result<Option<Identity>, KoiError>

This node’s live identity, or None if it is Open (ADR-020 §7). Read-only; embedded only.

pub async fn ensure_identity(&self) -> Result<Option<Identity>, KoiError>

Ensure this node holds a current identity, then return it (ADR-020 §7). Idempotent and mode-transparent; embedded only.

pub async fn sign(&self, bytes: &[u8]) -> Result<Envelope, KoiError>

Sign bytes into an Envelope (ADR-020 §3). Mode-transparent: a freshness-stamped passthrough when Open, ES256-signed when Authenticated. Embedded only.

pub async fn verify(&self, env: &Envelope) -> Result<Assurance, KoiError>

Verify an Envelope, returning an Assurance (ADR-020 §3). Read a trusted identity only via Assurance::identity(). Embedded only.

pub async fn seal(&self, bytes: &[u8]) -> Result<Sealed, KoiError>

Seal bytes into a Sealed (ADR-020 §4). The confidentiality rung, today a signed-not-encrypted passthrough; the consumer codes against the final API now. Embedded only.

pub async fn open(&self, sealed: &Sealed) -> Result<Opened, KoiError>

Open a Sealed → Opened (recovered bytes + trust state, ADR-020 §4). A tampered/rejected message errors rather than yielding bytes. Embedded only.

pub async fn diagnose(&self) -> Result<TrustDiagnosis, KoiError>

Run the trust-doctor (ADR-020 §13) → a structured TrustDiagnosis: posture, identity + renewal health, on-disk-leaf integrity, self-revocation, and the CA trust-install state, each with an exact remedy. is_red()/exit_code() fail loud. Embedded only.

pub async fn client_for(&self, peer: &Peer) -> Result<PeerClient, KoiError>

Build a posture-keyed client to a discovered Peer (ADR-020 §6): plain HTTP to an Open peer, mTLS to a secure peer — the caller writes one code path. Embedded only (a remote handle has no local identity to present).

Errors loudly (not via an opaque handshake failure) when the peer requires authentication but this node is Open, or when the peer anchors to a different mesh — see koi_certmesh::CertmeshCore::client_for.

pub async fn reqwest_client_for(&self, peer: &Peer) -> Result<Client, KoiError>

Build a posture-keyed reqwest::Client for a discovered Peer — the full-traffic dual of client_for (wishlist 3.1).

Unlike PeerClient (GET + JSON-POST only), the returned reqwest::Client carries koi’s transport policy (plain HTTP to an Open peer; mTLS presenting this node’s leaf + pinning the mesh CA to a secure peer) while the consumer drives the full request surface itself — every verb, custom headers, SSE/streaming, large bodies. One mode-transparent client for all inter-node traffic, not just trivial GETs.

An Open peer yields a plain reqwest::Client (no TLS); a secure peer yields one configured with use_preconfigured_tls. Same loud errors as client_for (missing identity, different mesh). Embedded only.

The raw rustls::ClientConfig is available via certmesh().core()?.tls_client_config_for(peer) for consumers driving hyper or a tower service directly.