feat: add end to end working integration with Radicle#6
Merged
Conversation
Add refs.rs module with pub const definitions for all RIP-X Git ref paths (KEL, keys, signatures, identity namespace) and path construction helpers. Handles colon-to-dash character replacement for Heartwood compatibility. Each constant cites its RIP-X section reference.
…IP-X 2-blob format Implements fn-1.2: serialization/deserialization for the RIP-X attestation format where device and identity signatures are stored as separate Git blobs. Includes JCS-compliant canonical payload and Ed25519 signature verification.
Implements fn-1.3: adds a ref_path field to GitKel and a with_ref() constructor, allowing KEL reads from RIP-X layout (refs/keri/kel). Existing new() delegates to with_ref() with the default path.
…orcement modes, staleness, min_kel_seq, capabilities, and mixed threshold Implements fn-1.4 through fn-1.13: - VerifyResult::Quarantine variant with identity_repo_rid - EnforcementMode enum (Observe/Enforce) - VerifyRequest struct bundling all verification parameters - AuthsStorage trait with repo-scoped identity lookup and local tip OID - Full fail-closed verification pipeline in DefaultBridge - min_kel_seq binding integrity check (BEFORE policy, never downgraded) - Gossip-informed staleness detection via known_remote_tip - Capability-scoped authorization - Mixed Did::Key/Did::Keri threshold verification via SignerInput enum - find_identity_for_device() on RadicleAuthsBridge trait - Migrated identity.rs from anyhow to thiserror (IdentityError enum) - Removed anyhow dependency - BridgeError::IdentityCorrupt variant for corrupt vs missing distinction
…n, stale-node (fn-1.12, fn-1.14, fn-1.15, fn-1.16)
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Eliminate MockStorage, make_key_state, make_attestation duplication across 5 integration test files. All tests now import from tests/cases/helpers.rs which also provides DeviceFixture and register_device for convenient test setup.
Given a device DID, resolves it to the controller identity DID by loading the device's attestation and extracting the issuer field. Output is plain text for shell script capture.
Insert Phase 6b that resolves both device DIDs via 'auths device resolve' and asserts they map to the same controller identity DID from Phase 2.
Verifies that two devices registered under the same identity both resolve to the same controller DID via find_identity_for_device, and that an unregistered device returns None.
…3.1) Annotates VerifyResult, EnforcementMode, BridgeError, SignerInput, RadAttestationError, and IdentityError with #[non_exhaustive] to prevent downstream exhaustive matches from breaking on new variants.
…rsion layer (fn-3.3)
…s-verifier default-features=false (fn-3.11)
…e, workspace formatting
… not individual refs
Add Serialize derive to KeriKeyState (skipping raw bytes field) and new wasm_verify_kel_json async export that composes parse_kel_json and verify_kel. Includes integration tests for serialization and error paths.
…unction - verify_device_link() in verify.rs: provider-agnostic, composes KEL verification + attestation sig check + device DID matching + seal anchoring - DeviceLinkVerification result type: valid/invalid as JSON, not thrown errors - compute_attestation_seal_digest() for KEL seal lookup - compute_said() now public for reuse - WASM wrapper: wasm_verify_device_link with size guards
- KeriKeyState and DeviceLinkResult types in types.ts - verifyKel(): async KEL verification returning key state - verifyDeviceLink(): async composed device-to-identity verification - WasmModule interface updated with new WASM function declarations
…s to E2E script - Phase 6c: verify KEL entries exist in registry, KERI prefix valid, attestation entries present, cross-validate controller DID - Phase 8: verify device 1 still resolves after device 2 revocation
- Replace generic String/Vec<u8> with Did, RepoId, and PublicKey from radicle-core - Centralize Radicle-specific logic (RIP-X refs, 2-blob attestations) in auths-radicle - Break cyclic dependency by depending on radicle-core/crypto instead of main radicle crate - Update unit and integration tests to use new domain types - Document the cleanup and integration plan
- Replace rusqlite with sqlite crate in auths-index and auths-core - Update source code to use sqlite crate API instead of rusqlite - Disable default features for sqlx in auths-storage to avoid conflicts - This ensures compatibility with the Radicle ecosystem when linking
- Update RadicleIdentity to include optional KeyState for unified UI support - Implement resolve_keri_state to fetch full KEL state during resolution - Apply Prefix and KeyState types more thoroughly in identity resolution - Fix radicle-core and radicle-crypto paths in Cargo.toml
… sites, add StorageLayoutConfig presets, persist identity in setup_developer, and fix 5 broken test assertions
…void unreliable Radicle gossip sync
…ness tokio runtime, fix pairing doctest clock injection
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.