Skip to main content

Module agent_card

wire

Module agent_card 

Source
Expand description

Agent card — DID-anchored identity for a wire endpoint.

An agent card binds:

  • a handle (paul)
  • to a DID (did:wire:paul)
  • to one or more Ed25519 verify keys
  • with a signature from the canonical key

Bilateral pairing produces a 6-digit Short Authentication String (SAS) by HMAC’ing the two sorted public keys. Both peers compute the same digits independently from their own knowledge of both keys; the operator reads them aloud out-of-band (the magic-wormhole flow) to confirm.

Enums§

CardError

Constants§

CARD_SCHEMA_VERSION
DID_METHOD

Functions§

bare_handle
Strip the federation suffix (@relay.example) from a handle, returning the bare local-part. This is the canonical on-disk form: outbox/inbox files are keyed by bare handle (paul-mac.jsonl), and the pinned-peers map in relay_state.json is keyed by bare handle.
build_agent_card
Build an unsigned agent card for handle with one verify key.
card_canonical
Canonical bytes of an agent card — strips signature before serialization.
compute_sas
6-digit bilateral SAS over two raw 32-byte public keys.
did_for
Legacy DID constructor — DID = did:wire:<handle> with no pubkey suffix. Pre-v0.5.7 model. Kept for backward-compat in code paths that don’t have the pubkey on hand (display helpers, test fixtures) and for tests that pin specific DID strings. NEW callers should use did_for_with_key.
did_for_with_key
Build a DID from handle + public_key. Returns did:wire:<handle>-<8-hex-of-sha256(public_key)>. The pubkey suffix makes the DID uniquely tied to the keypair — two operators picking the same handle (e.g., both auto-init’ing as <hostname> on the same hostname) get distinct DIDs.
display_handle_from_did
Extract the display-friendly handle from a DID. Handles both legacy (did:wire:paul) and v0.5.7+ (did:wire:paul-abc12345) forms. The v0.5.7 trailing -<8-hex> suffix is stripped when present.
sign_agent_card
Sign an agent card with private_key. Returns the card with signature field appended (base64 of Ed25519 signature over card_canonical(card)).
verify_agent_card
Verify a signed card. Picks the first verify_key, validates the signature over card_canonical(card) (stripped of signature).

Type Aliases§

AgentCard
Convenience type — at this stage we use serde_json::Value so the wire shape stays explicit. A typed struct can come in v0.2+.