vta_service/
lib.rs

1//! VTA (Verifiable Trust Agent) service library.
2//!
3//! This is the shared business logic used by both the `vta` binary
4//! (local/dev/cloud) and the `vta-enclave` binary (Nitro Enclave).
5//!
6//! Front-end binaries import this library and call `server::run()`
7//! with the appropriate store backend and TEE context.
8
9// Re-exported so front-end binaries (e.g. `vta-enclave`, which only depends
10// on this crate) can install the rustls aws-lc-rs CryptoProvider at startup
11// without taking a direct `vta-sdk` dependency.
12pub use vta_sdk::crypto_init;
13
14pub mod acl;
15pub mod acl_sweeper;
16pub mod audit;
17pub mod auth;
18pub mod backup_bundle_store;
19pub mod backup_bundle_sweeper;
20pub mod config;
21pub mod consent_sweeper;
22pub mod contexts;
23pub mod did_templates;
24pub mod didcomm_bridge;
25pub mod error;
26pub mod keys;
27pub mod keyspaces;
28#[cfg(feature = "didcomm")]
29pub mod messaging;
30#[cfg(feature = "rest")]
31pub mod metrics;
32pub mod operations;
33#[cfg(feature = "rest")]
34pub mod routes;
35pub mod seal;
36pub mod sealed_nonce_store;
37pub mod server;
38pub mod status;
39pub mod store;
40#[cfg(feature = "tee")]
41pub mod tee;
42/// Transport-neutral Trust-Task dispatch subsystem. Both the REST route
43/// (`routes::trust_tasks`-mounted `dispatch_trust_task`) and the DIDComm
44/// `handle_trust_task` handler dispatch through `dispatch_trust_task_core`
45/// here, so it lives at the crate root rather than under `routes::` (P2.4).
46pub mod trust_tasks;
47pub mod vault;
48pub mod vault_sweeper;
49#[cfg(feature = "webvh")]
50pub mod webvh_auth;
51#[cfg(feature = "webvh")]
52pub mod webvh_client;
53#[cfg(feature = "webvh")]
54pub mod webvh_didcomm;
55#[cfg(feature = "webvh")]
56pub mod webvh_store;
57
58// `test_support` is gated internally on `any(test, feature = "test-support")`.
59// `#[cfg(...)]` here would hide the module from the test builds that
60// don't pass `--features test-support` explicitly; the module header
61// handles that itself.
62pub mod test_support;
63
64/// Initialize tracing/logging from config. Call once at startup before any
65/// log output. Shared by all VTA front-end binaries.
66pub fn init_tracing(config: &config::AppConfig) {
67    init_tracing_with_writer(config, std::io::stderr);
68}
69
70/// Initialize tracing with a custom `MakeWriter`.
71///
72/// The enclave binary uses this to tee log output to both stderr and a
73/// vsock connection for forwarding to the parent EC2 instance.
74pub fn init_tracing_with_writer<W>(config: &config::AppConfig, writer: W)
75where
76    W: for<'a> tracing_subscriber::fmt::MakeWriter<'a> + Send + Sync + 'static,
77{
78    use tracing_subscriber::EnvFilter;
79
80    let filter =
81        EnvFilter::try_from_default_env().unwrap_or_else(|_| EnvFilter::new(&config.log.level));
82
83    let subscriber = tracing_subscriber::fmt()
84        .with_env_filter(filter)
85        .with_writer(writer);
86
87    match config.log.format {
88        config::LogFormat::Json => subscriber.json().init(),
89        config::LogFormat::Text => subscriber.init(),
90    }
91}
vta_service/lib.rs

vta_service/
lib.rs
