Merge pull request #165 from auths-dev/dev-keriSaidCompliance

refactor: migrate to spec-compliant KERI

Author: bordumb

.auths/allowed_signers

@@ -1,5 +1,4 @@
 # auths:managed — do not edit manually
 # auths:attestation
-z6MkhPJCPXd5A9VN4wScJkxTtz6de7egZQx78vsiAT1vg3PZ@auths.local namespaces="git" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICuPK6OfYp7ngZp40Q+Dsrahhks472v6gPIMD0upCRnM
-z6MkhfnUUc2UJJ5C9sQQ7GvXmSbQJsdtNKV6HNYcQtTjc7xE@auths.local namespaces="git" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC/Ib83sxXogDnEVzLjFBkyC+DhP+cssbPzZAmQhB+Lz
+z6MknkJY66KPDbAEeRVbSJ4MbigiHYGAumVzpgi3QfjhJc6T@auths.local namespaces="git" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHs7L6XhpNR/Qfp4rr+4GoTo6d38rAJKLI1WRtsLXm+Q
 # auths:manual

Cargo.lock

@@ -3,7 +3,7 @@ use serde::Serialize;
 use std::fs;
 use std::path::{Path, PathBuf};
 
-use auths_keri::witness::Receipt;
+use auths_keri::witness::SignedReceipt;
 use auths_transparency::{
     BundleVerificationReport, CheckpointStatus, DelegationStatus, InclusionStatus, NamespaceStatus,
     OfflineBundle, SignatureStatus, TrustRoot, WitnessStatus,
@@ -344,7 +344,7 @@ async fn verify_witnesses(
 
     let receipts_bytes = fs::read(receipts_path)
         .with_context(|| format!("Failed to read witness receipts: {:?}", receipts_path))?;
-    let receipts: Vec<Receipt> =
+    let receipts: Vec<SignedReceipt> =
         serde_json::from_slice(&receipts_bytes).context("Failed to parse witness receipts JSON")?;
 
     let witness_keys = parse_witness_keys(witness_keys_raw)?;

crates/auths-cli/src/commands/artifact/verify.rs

@@ -1,6 +1,6 @@
 use crate::ux::format::is_json_mode;
 use anyhow::{Context, Result, anyhow};
-use auths_keri::witness::Receipt;
+use auths_keri::witness::SignedReceipt;
 use auths_sdk::trust::{PinnedIdentity, PinnedIdentityStore, RootsFile, TrustLevel, TrustPolicy};
 use auths_verifier::Capability;
 use auths_verifier::core::Attestation;
@@ -313,7 +313,7 @@ async fn run_verify(now: chrono::DateTime<Utc>, cmd: &VerifyCommand) -> Result<V
                 let receipts_bytes = fs::read(receipts_path).with_context(|| {
                     format!("Failed to read witness receipts: {:?}", receipts_path)
                 })?;
-                let receipts: Vec<Receipt> = serde_json::from_slice(&receipts_bytes)
+                let receipts: Vec<SignedReceipt> = serde_json::from_slice(&receipts_bytes)
                     .context("Failed to parse witness receipts JSON")?;
                 let witness_keys = parse_witness_keys(&cmd.witness_keys)?;
 

crates/auths-cli/src/commands/device/verify_attestation.rs

@@ -1,6 +1,6 @@
 use crate::ux::format::is_json_mode;
 use anyhow::{Context, Result, anyhow};
-use auths_keri::witness::Receipt;
+use auths_keri::witness::SignedReceipt;
 use auths_verifier::witness::{WitnessQuorum, WitnessVerifyConfig};
 use auths_verifier::{
     Attestation, IdentityBundle, VerificationReport, verify_chain, verify_chain_with_witnesses,
@@ -502,7 +502,7 @@ async fn verify_witnesses(
     let receipts_bytes = fs::read(receipts_path)
         .with_context(|| format!("Failed to read witness receipts: {:?}", receipts_path))?;
 
-    let receipts: Vec<Receipt> =
+    let receipts: Vec<SignedReceipt> =
         serde_json::from_slice(&receipts_bytes).context("Failed to parse witness receipts JSON")?;
 
     let witness_keys = parse_witness_keys(&cmd.witness_keys)?;

crates/auths-cli/src/commands/verify_commit.rs

@@ -243,13 +243,13 @@ impl ReceiptCollector {
             return None;
         }
 
-        let expected_said = &existing[0].a;
-        if new.a != *expected_said {
+        let expected_said = &existing[0].d;
+        if new.d != *expected_said {
             Some(DuplicityEvidence {
                 prefix: Prefix::default(),
-                sequence: new.s,
+                sequence: new.s.value(),
                 event_a_said: expected_said.clone(),
-                event_b_said: new.a.clone(),
+                event_b_said: new.d.clone(),
                 witness_reports: vec![],
             })
         } else {

crates/auths-core/src/witness/collector.rs

@@ -139,7 +139,7 @@ impl DuplicityDetector {
     /// Verify that a set of receipts are consistent (same event SAID).
     ///
     /// This checks that all receipts are for the same event. If receipts
-    /// have different `a` (event SAID) fields, this indicates duplicity.
+    /// have different `d` (event SAID) fields, this indicates duplicity.
     ///
     /// # Arguments
     ///
@@ -155,21 +155,21 @@ impl DuplicityDetector {
         }
 
         let first = &receipts[0];
-        let expected_said = &first.a;
+        let expected_said = &first.d;
 
         for receipt in receipts.iter().skip(1) {
-            if receipt.a != *expected_said {
+            if receipt.d != *expected_said {
                 // Different receipts claim different SAIDs
                 return Err(DuplicityEvidence {
                     prefix: Prefix::default(),
-                    sequence: first.s,
+                    sequence: first.s.value(),
                     event_a_said: expected_said.clone(),
-                    event_b_said: receipt.a.clone(),
+                    event_b_said: receipt.d.clone(),
                     witness_reports: receipts
                         .iter()
                         .map(|r| WitnessReport {
-                            witness_id: r.i.clone(),
-                            observed_said: r.a.clone(),
+                            witness_id: r.i.as_str().to_string(),
+                            observed_said: r.d.clone(),
                             observed_at: None,
                         })
                         .collect(),
@@ -289,26 +289,23 @@ mod tests {
 
     #[test]
     fn verify_receipts_consistent() {
+        use auths_keri::{KeriSequence, VersionString};
         let detector = DuplicityDetector::new();
 
         let receipts = vec![
             Receipt {
-                v: "KERI".into(),
+                v: VersionString::placeholder(),
                 t: "rct".into(),
-                d: Said::new_unchecked("ER1".into()),
-                i: "W1".into(),
-                s: 5,
-                a: Said::new_unchecked("EEVENT_SAID".into()),
-                sig: vec![0; 64],
+                d: Said::new_unchecked("EEVENT_SAID".into()),
+                i: Prefix::new_unchecked("W1".into()),
+                s: KeriSequence::new(5),
             },
             Receipt {
-                v: "KERI".into(),
+                v: VersionString::placeholder(),
                 t: "rct".into(),
-                d: Said::new_unchecked("ER2".into()),
-                i: "W2".into(),
-                s: 5,
-                a: Said::new_unchecked("EEVENT_SAID".into()),
-                sig: vec![0; 64],
+                d: Said::new_unchecked("EEVENT_SAID".into()),
+                i: Prefix::new_unchecked("W2".into()),
+                s: KeriSequence::new(5),
             },
         ];
 
@@ -317,26 +314,23 @@ mod tests {
 
     #[test]
     fn verify_receipts_inconsistent() {
+        use auths_keri::{KeriSequence, VersionString};
         let detector = DuplicityDetector::new();
 
         let receipts = vec![
             Receipt {
-                v: "KERI".into(),
+                v: VersionString::placeholder(),
                 t: "rct".into(),
-                d: Said::new_unchecked("ER1".into()),
-                i: "W1".into(),
-                s: 5,
-                a: Said::new_unchecked("ESAID_A".into()),
-                sig: vec![0; 64],
+                d: Said::new_unchecked("ESAID_A".into()),
+                i: Prefix::new_unchecked("W1".into()),
+                s: KeriSequence::new(5),
             },
             Receipt {
-                v: "KERI".into(),
+                v: VersionString::placeholder(),
                 t: "rct".into(),
-                d: Said::new_unchecked("ER2".into()),
-                i: "W2".into(),
-                s: 5,
-                a: Said::new_unchecked("ESAID_B".into()),
-                sig: vec![0; 64],
+                d: Said::new_unchecked("ESAID_B".into()),
+                i: Prefix::new_unchecked("W2".into()),
+                s: KeriSequence::new(5),
             },
         ];
 

crates/auths-core/src/witness/duplicity.rs

@@ -86,9 +86,10 @@ mod server;
 mod storage;
 
 // Re-export KERI witness protocol types from auths-keri
+pub use auths_keri::KERI_VERSION_PREFIX;
 pub use auths_keri::witness::{
-    AsyncWitnessProvider, DuplicityEvidence, EventHash, EventHashParseError, KERI_VERSION,
-    NoOpAsyncWitness, RECEIPT_TYPE, Receipt, ReceiptBuilder, WitnessError, WitnessProvider,
+    AsyncWitnessProvider, DuplicityEvidence, EventHash, EventHashParseError, NoOpAsyncWitness,
+    RECEIPT_TYPE, Receipt, ReceiptBuilder, SignedReceipt, WitnessError, WitnessProvider,
     WitnessReport,
 };
 pub use noop::NoOpWitness;

crates/auths-core/src/witness/mod.rs

@@ -1,2 +1,4 @@
 #[allow(unused_imports)]
-pub use auths_keri::witness::{KERI_VERSION, RECEIPT_TYPE, Receipt};
+pub use auths_keri::KERI_VERSION_PREFIX;
+#[allow(unused_imports)]
+pub use auths_keri::witness::{RECEIPT_TYPE, Receipt, SignedReceipt};