Skip to main content

vauban_claim_verifier/
lib.rs

1//! `vauban-claim-verifier` — Forensic verifier for Vauban Claim Algebra.
2//!
3//! Implements DX surface VS-4 (S8 spec) and OSS-13 (SNF V2 WP2).
4//!
5//! # Properties
6//! - **Zero Vauban dependency** (I-S8-2): does not call any Vauban API or SDK.
7//! - **Offline mode**: `AnchorWitness::offline()` skips on-chain anchor check.
8//! - **Apache 2.0**: fully open-source, auditable, no phone-home.
9//!
10//! # Quick start
11//! ```rust,no_run
12//! use vauban_claim_verifier::{verify_claim_offline, AnchorWitness};
13//!
14//! let claim_cbor: &[u8] = &[/* your CBOR bytes */];
15//! let report = verify_claim_offline(claim_cbor, "draft-vauban-claim-algebra-00").unwrap();
16//! assert!(report.temporal_frame_valid);
17//! println!("{}", serde_json::to_string_pretty(&report).unwrap());
18//! ```
19
20#![forbid(unsafe_code)]
21#![warn(missing_docs)]
22#![cfg_attr(not(feature = "std"), no_std)]
23
24extern crate alloc;
25
26mod cbor;
27mod crypto;
28mod error;
29mod types;
30mod verify;
31#[cfg(feature = "wasm")]
32mod wasm;
33
34pub use error::VerifyError;
35pub use types::{
36    AnchorWitness, DelegationLink, EvidenceStep, ProvenanceChain, RevocationStatus,
37    VerificationReport,
38};
39
40// ─── Public API ───────────────────────────────────────────────────────────────
41
42/// Verify a CBOR-encoded claim **offline** (anchor check skipped).
43///
44/// Checks: signature (if pubkey provided), temporal frame, evidence structure.
45/// Does not make any network calls.
46pub fn verify_claim_offline(
47    claim_cbor: &[u8],
48    iso_spec_version: &str,
49) -> Result<VerificationReport, VerifyError> {
50    verify::verify_claim(claim_cbor, &AnchorWitness::offline(), None, iso_spec_version)
51}
52
53/// Verify a CBOR-encoded claim **offline** with Ed25519 public key.
54pub fn verify_claim_offline_with_pubkey(
55    claim_cbor: &[u8],
56    pubkey_hex: &str,
57    iso_spec_version: &str,
58) -> Result<VerificationReport, VerifyError> {
59    verify::verify_claim(
60        claim_cbor,
61        &AnchorWitness::offline(),
62        Some(pubkey_hex),
63        iso_spec_version,
64    )
65}
66
67/// Verify a CBOR-encoded claim with a full Merkle anchor witness.
68///
69/// Requires the claim's CBOR hash to be provably included in the declared Merkle batch.
70pub fn verify_claim_with_anchor(
71    claim_cbor: &[u8],
72    anchor_witness: &AnchorWitness,
73    pubkey_hex: Option<&str>,
74    iso_spec_version: &str,
75) -> Result<VerificationReport, VerifyError> {
76    verify::verify_claim(claim_cbor, anchor_witness, pubkey_hex, iso_spec_version)
77}
78
79/// Compute the canonical claim hash (SHA-256 of CBOR bytes, hex-encoded).
80///
81/// This is the leaf value used in the Merkle batch anchored on Starknet.
82pub fn claim_hash(claim_cbor: &[u8]) -> String {
83    crypto::claim_leaf_hash(claim_cbor)
84}