Skip to content

refactor: migrate to spec-compliant KERI #165

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
bordumb merged 5 commits into from
Apr 8, 2026
Merged

refactor: migrate to spec-compliant KERI #165

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
9a7a819
refactor: migrate to spec-compliant KERI SAID algorithm: replace empt…
bordumb Apr 7, 2026
70c633f
full KERI spec compliance: typed newtypes, spec-compliant event schem…
bordumb Apr 8, 2026
381e321
fix: update keri icp schema
bordumb Apr 8, 2026
6d04fd4
fix: add ignore on illustrative tests
bordumb Apr 8, 2026
dca2eed
chore: update allowed signers
bordumb Apr 8, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 1 addition & 2 deletions .auths/allowed_signers
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
# auths:managed — do not edit manually
# auths:attestation
z6MkhPJCPXd5A9VN4wScJkxTtz6de7egZQx78vsiAT1vg3PZ@auths.local namespaces="git" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICuPK6OfYp7ngZp40Q+Dsrahhks472v6gPIMD0upCRnM
z6MkhfnUUc2UJJ5C9sQQ7GvXmSbQJsdtNKV6HNYcQtTjc7xE@auths.local namespaces="git" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC/Ib83sxXogDnEVzLjFBkyC+DhP+cssbPzZAmQhB+Lz
z6MknkJY66KPDbAEeRVbSJ4MbigiHYGAumVzpgi3QfjhJc6T@auths.local namespaces="git" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHs7L6XhpNR/Qfp4rr+4GoTo6d38rAJKLI1WRtsLXm+Q
# auths:manual
1 change: 1 addition & 0 deletions Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions crates/auths-cli/src/commands/artifact/verify.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ use serde::Serialize;
use std::fs;
use std::path::{Path, PathBuf};

use auths_keri::witness::Receipt;
use auths_keri::witness::SignedReceipt;
use auths_transparency::{
BundleVerificationReport, CheckpointStatus, DelegationStatus, InclusionStatus, NamespaceStatus,
OfflineBundle, SignatureStatus, TrustRoot, WitnessStatus,
Expand Down Expand Up @@ -344,7 +344,7 @@ async fn verify_witnesses(

let receipts_bytes = fs::read(receipts_path)
.with_context(|| format!("Failed to read witness receipts: {:?}", receipts_path))?;
let receipts: Vec<Receipt> =
let receipts: Vec<SignedReceipt> =
serde_json::from_slice(&receipts_bytes).context("Failed to parse witness receipts JSON")?;

let witness_keys = parse_witness_keys(witness_keys_raw)?;
Expand Down
4 changes: 2 additions & 2 deletions crates/auths-cli/src/commands/device/verify_attestation.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
use crate::ux::format::is_json_mode;
use anyhow::{Context, Result, anyhow};
use auths_keri::witness::Receipt;
use auths_keri::witness::SignedReceipt;
use auths_sdk::trust::{PinnedIdentity, PinnedIdentityStore, RootsFile, TrustLevel, TrustPolicy};
use auths_verifier::Capability;
use auths_verifier::core::Attestation;
Expand Down Expand Up @@ -313,7 +313,7 @@ async fn run_verify(now: chrono::DateTime<Utc>, cmd: &VerifyCommand) -> Result<V
let receipts_bytes = fs::read(receipts_path).with_context(|| {
format!("Failed to read witness receipts: {:?}", receipts_path)
})?;
let receipts: Vec<Receipt> = serde_json::from_slice(&receipts_bytes)
let receipts: Vec<SignedReceipt> = serde_json::from_slice(&receipts_bytes)
.context("Failed to parse witness receipts JSON")?;
let witness_keys = parse_witness_keys(&cmd.witness_keys)?;

Expand Down
4 changes: 2 additions & 2 deletions crates/auths-cli/src/commands/verify_commit.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
use crate::ux::format::is_json_mode;
use anyhow::{Context, Result, anyhow};
use auths_keri::witness::Receipt;
use auths_keri::witness::SignedReceipt;
use auths_verifier::witness::{WitnessQuorum, WitnessVerifyConfig};
use auths_verifier::{
Attestation, IdentityBundle, VerificationReport, verify_chain, verify_chain_with_witnesses,
Expand Down Expand Up @@ -502,7 +502,7 @@ async fn verify_witnesses(
let receipts_bytes = fs::read(receipts_path)
.with_context(|| format!("Failed to read witness receipts: {:?}", receipts_path))?;

let receipts: Vec<Receipt> =
let receipts: Vec<SignedReceipt> =
serde_json::from_slice(&receipts_bytes).context("Failed to parse witness receipts JSON")?;

let witness_keys = parse_witness_keys(&cmd.witness_keys)?;
Expand Down
8 changes: 4 additions & 4 deletions crates/auths-core/src/witness/collector.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -243,13 +243,13 @@ impl ReceiptCollector {
return None;
}

let expected_said = &existing[0].a;
if new.a != *expected_said {
let expected_said = &existing[0].d;
if new.d != *expected_said {
Some(DuplicityEvidence {
prefix: Prefix::default(),
sequence: new.s,
sequence: new.s.value(),
event_a_said: expected_said.clone(),
event_b_said: new.a.clone(),
event_b_said: new.d.clone(),
witness_reports: vec![],
})
} else {
Expand Down
56 changes: 25 additions & 31 deletions crates/auths-core/src/witness/duplicity.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -139,7 +139,7 @@ impl DuplicityDetector {
/// Verify that a set of receipts are consistent (same event SAID).
///
/// This checks that all receipts are for the same event. If receipts
/// have different `a` (event SAID) fields, this indicates duplicity.
/// have different `d` (event SAID) fields, this indicates duplicity.
///
/// # Arguments
///
Expand All @@ -155,21 +155,21 @@ impl DuplicityDetector {
}

let first = &receipts[0];
let expected_said = &first.a;
let expected_said = &first.d;

for receipt in receipts.iter().skip(1) {
if receipt.a != *expected_said {
if receipt.d != *expected_said {
// Different receipts claim different SAIDs
return Err(DuplicityEvidence {
prefix: Prefix::default(),
sequence: first.s,
sequence: first.s.value(),
event_a_said: expected_said.clone(),
event_b_said: receipt.a.clone(),
event_b_said: receipt.d.clone(),
witness_reports: receipts
.iter()
.map(|r| WitnessReport {
witness_id: r.i.clone(),
observed_said: r.a.clone(),
witness_id: r.i.as_str().to_string(),
observed_said: r.d.clone(),
observed_at: None,
})
.collect(),
Expand Down Expand Up @@ -289,26 +289,23 @@ mod tests {

#[test]
fn verify_receipts_consistent() {
use auths_keri::{KeriSequence, VersionString};
let detector = DuplicityDetector::new();

let receipts = vec![
Receipt {
v: "KERI".into(),
v: VersionString::placeholder(),
t: "rct".into(),
d: Said::new_unchecked("ER1".into()),
i: "W1".into(),
s: 5,
a: Said::new_unchecked("EEVENT_SAID".into()),
sig: vec![0; 64],
d: Said::new_unchecked("EEVENT_SAID".into()),
i: Prefix::new_unchecked("W1".into()),
s: KeriSequence::new(5),
},
Receipt {
v: "KERI".into(),
v: VersionString::placeholder(),
t: "rct".into(),
d: Said::new_unchecked("ER2".into()),
i: "W2".into(),
s: 5,
a: Said::new_unchecked("EEVENT_SAID".into()),
sig: vec![0; 64],
d: Said::new_unchecked("EEVENT_SAID".into()),
i: Prefix::new_unchecked("W2".into()),
s: KeriSequence::new(5),
},
];

Expand All @@ -317,26 +314,23 @@ mod tests {

#[test]
fn verify_receipts_inconsistent() {
use auths_keri::{KeriSequence, VersionString};
let detector = DuplicityDetector::new();

let receipts = vec![
Receipt {
v: "KERI".into(),
v: VersionString::placeholder(),
t: "rct".into(),
d: Said::new_unchecked("ER1".into()),
i: "W1".into(),
s: 5,
a: Said::new_unchecked("ESAID_A".into()),
sig: vec![0; 64],
d: Said::new_unchecked("ESAID_A".into()),
i: Prefix::new_unchecked("W1".into()),
s: KeriSequence::new(5),
},
Receipt {
v: "KERI".into(),
v: VersionString::placeholder(),
t: "rct".into(),
d: Said::new_unchecked("ER2".into()),
i: "W2".into(),
s: 5,
a: Said::new_unchecked("ESAID_B".into()),
sig: vec![0; 64],
d: Said::new_unchecked("ESAID_B".into()),
i: Prefix::new_unchecked("W2".into()),
s: KeriSequence::new(5),
},
];

Expand Down
5 changes: 3 additions & 2 deletions crates/auths-core/src/witness/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,9 +86,10 @@ mod server;
mod storage;

// Re-export KERI witness protocol types from auths-keri
pub use auths_keri::KERI_VERSION_PREFIX;
pub use auths_keri::witness::{
AsyncWitnessProvider, DuplicityEvidence, EventHash, EventHashParseError, KERI_VERSION,
NoOpAsyncWitness, RECEIPT_TYPE, Receipt, ReceiptBuilder, WitnessError, WitnessProvider,
AsyncWitnessProvider, DuplicityEvidence, EventHash, EventHashParseError, NoOpAsyncWitness,
RECEIPT_TYPE, Receipt, ReceiptBuilder, SignedReceipt, WitnessError, WitnessProvider,
WitnessReport,
};
pub use noop::NoOpWitness;
Expand Down
4 changes: 3 additions & 1 deletion crates/auths-core/src/witness/receipt.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,4 @@
#[allow(unused_imports)]
pub use auths_keri::witness::{KERI_VERSION, RECEIPT_TYPE, Receipt};
pub use auths_keri::KERI_VERSION_PREFIX;
#[allow(unused_imports)]
pub use auths_keri::witness::{RECEIPT_TYPE, Receipt, SignedReceipt};
Loading
Loading