vta_service/
lib.rs

1//! VTA (Verifiable Trust Agent) service library.
2//!
3//! This is the shared business logic used by both the `vta` binary
4//! (local/dev/cloud) and the `vta-enclave` binary (Nitro Enclave).
5//!
6//! Front-end binaries import this library and call `server::run()`
7//! with the appropriate store backend and TEE context.
8
9// Re-exported so front-end binaries (e.g. `vta-enclave`, which only depends
10// on this crate) can install the rustls aws-lc-rs CryptoProvider at startup
11// without taking a direct `vta-sdk` dependency.
12pub use vta_sdk::crypto_init;
13
14pub mod acl;
15pub mod acl_sweeper;
16pub mod audit;
17pub mod auth;
18pub mod backup_bundle_store;
19pub mod backup_bundle_sweeper;
20pub mod config;
21pub mod contexts;
22pub mod did_templates;
23pub mod didcomm_bridge;
24pub mod error;
25pub mod keys;
26pub mod keyspaces;
27#[cfg(feature = "didcomm")]
28pub mod messaging;
29#[cfg(feature = "rest")]
30pub mod metrics;
31pub mod operations;
32#[cfg(feature = "rest")]
33pub mod routes;
34pub mod seal;
35pub mod sealed_nonce_store;
36pub mod server;
37pub mod status;
38pub mod store;
39#[cfg(feature = "tee")]
40pub mod tee;
41/// Transport-neutral Trust-Task dispatch subsystem. Both the REST route
42/// (`routes::trust_tasks`-mounted `dispatch_trust_task`) and the DIDComm
43/// `handle_trust_task` handler dispatch through `dispatch_trust_task_core`
44/// here, so it lives at the crate root rather than under `routes::` (P2.4).
45pub mod trust_tasks;
46pub mod vault;
47#[cfg(feature = "webvh")]
48pub mod webvh_auth;
49#[cfg(feature = "webvh")]
50pub mod webvh_client;
51#[cfg(feature = "webvh")]
52pub mod webvh_didcomm;
53#[cfg(feature = "webvh")]
54pub mod webvh_store;
55
56// `test_support` is gated internally on `any(test, feature = "test-support")`.
57// `#[cfg(...)]` here would hide the module from the test builds that
58// don't pass `--features test-support` explicitly; the module header
59// handles that itself.
60pub mod test_support;
61
62/// Initialize tracing/logging from config. Call once at startup before any
63/// log output. Shared by all VTA front-end binaries.
64pub fn init_tracing(config: &config::AppConfig) {
65    init_tracing_with_writer(config, std::io::stderr);
66}
67
68/// Initialize tracing with a custom `MakeWriter`.
69///
70/// The enclave binary uses this to tee log output to both stderr and a
71/// vsock connection for forwarding to the parent EC2 instance.
72pub fn init_tracing_with_writer<W>(config: &config::AppConfig, writer: W)
73where
74    W: for<'a> tracing_subscriber::fmt::MakeWriter<'a> + Send + Sync + 'static,
75{
76    use tracing_subscriber::EnvFilter;
77
78    let filter =
79        EnvFilter::try_from_default_env().unwrap_or_else(|_| EnvFilter::new(&config.log.level));
80
81    let subscriber = tracing_subscriber::fmt()
82        .with_env_filter(filter)
83        .with_writer(writer);
84
85    match config.log.format {
86        config::LogFormat::Json => subscriber.json().init(),
87        config::LogFormat::Text => subscriber.init(),
88    }
89}
vta_service/lib.rs

vta_service/
lib.rs
