full KERI spec compliance: typed newtypes, spec-compliant event schemas/seals/receipts, multi-sig threshold verification, delegated events, first-seen policy, KAWA witness agreement, superseding recovery, and routed message types

Author: bordumb

crates/auths-cli/src/commands/artifact/verify.rs

@@ -3,7 +3,7 @@ use serde::Serialize;
 use std::fs;
 use std::path::{Path, PathBuf};
 
-use auths_keri::witness::Receipt;
+use auths_keri::witness::SignedReceipt;
 use auths_transparency::{
     BundleVerificationReport, CheckpointStatus, DelegationStatus, InclusionStatus, NamespaceStatus,
     OfflineBundle, SignatureStatus, TrustRoot, WitnessStatus,
@@ -344,7 +344,7 @@ async fn verify_witnesses(
 
     let receipts_bytes = fs::read(receipts_path)
         .with_context(|| format!("Failed to read witness receipts: {:?}", receipts_path))?;
-    let receipts: Vec<Receipt> =
+    let receipts: Vec<SignedReceipt> =
         serde_json::from_slice(&receipts_bytes).context("Failed to parse witness receipts JSON")?;
 
     let witness_keys = parse_witness_keys(witness_keys_raw)?;

crates/auths-cli/src/commands/device/verify_attestation.rs

@@ -1,6 +1,6 @@
 use crate::ux::format::is_json_mode;
 use anyhow::{Context, Result, anyhow};
-use auths_keri::witness::Receipt;
+use auths_keri::witness::SignedReceipt;
 use auths_sdk::trust::{PinnedIdentity, PinnedIdentityStore, RootsFile, TrustLevel, TrustPolicy};
 use auths_verifier::Capability;
 use auths_verifier::core::Attestation;
@@ -313,7 +313,7 @@ async fn run_verify(now: chrono::DateTime<Utc>, cmd: &VerifyCommand) -> Result<V
                 let receipts_bytes = fs::read(receipts_path).with_context(|| {
                     format!("Failed to read witness receipts: {:?}", receipts_path)
                 })?;
-                let receipts: Vec<Receipt> = serde_json::from_slice(&receipts_bytes)
+                let receipts: Vec<SignedReceipt> = serde_json::from_slice(&receipts_bytes)
                     .context("Failed to parse witness receipts JSON")?;
                 let witness_keys = parse_witness_keys(&cmd.witness_keys)?;
 

crates/auths-cli/src/commands/verify_commit.rs

@@ -1,6 +1,6 @@
 use crate::ux::format::is_json_mode;
 use anyhow::{Context, Result, anyhow};
-use auths_keri::witness::Receipt;
+use auths_keri::witness::SignedReceipt;
 use auths_verifier::witness::{WitnessQuorum, WitnessVerifyConfig};
 use auths_verifier::{
     Attestation, IdentityBundle, VerificationReport, verify_chain, verify_chain_with_witnesses,
@@ -502,7 +502,7 @@ async fn verify_witnesses(
     let receipts_bytes = fs::read(receipts_path)
         .with_context(|| format!("Failed to read witness receipts: {:?}", receipts_path))?;
 
-    let receipts: Vec<Receipt> =
+    let receipts: Vec<SignedReceipt> =
         serde_json::from_slice(&receipts_bytes).context("Failed to parse witness receipts JSON")?;
 
     let witness_keys = parse_witness_keys(&cmd.witness_keys)?;

crates/auths-core/src/witness/collector.rs

@@ -243,13 +243,13 @@ impl ReceiptCollector {
             return None;
         }
 
-        let expected_said = &existing[0].a;
-        if new.a != *expected_said {
+        let expected_said = &existing[0].d;
+        if new.d != *expected_said {
             Some(DuplicityEvidence {
                 prefix: Prefix::default(),
-                sequence: new.s,
+                sequence: new.s.value(),
                 event_a_said: expected_said.clone(),
-                event_b_said: new.a.clone(),
+                event_b_said: new.d.clone(),
                 witness_reports: vec![],
             })
         } else {

crates/auths-core/src/witness/duplicity.rs

@@ -139,7 +139,7 @@ impl DuplicityDetector {
     /// Verify that a set of receipts are consistent (same event SAID).
     ///
     /// This checks that all receipts are for the same event. If receipts
-    /// have different `a` (event SAID) fields, this indicates duplicity.
+    /// have different `d` (event SAID) fields, this indicates duplicity.
     ///
     /// # Arguments
     ///
@@ -155,21 +155,21 @@ impl DuplicityDetector {
         }
 
         let first = &receipts[0];
-        let expected_said = &first.a;
+        let expected_said = &first.d;
 
         for receipt in receipts.iter().skip(1) {
-            if receipt.a != *expected_said {
+            if receipt.d != *expected_said {
                 // Different receipts claim different SAIDs
                 return Err(DuplicityEvidence {
                     prefix: Prefix::default(),
-                    sequence: first.s,
+                    sequence: first.s.value(),
                     event_a_said: expected_said.clone(),
-                    event_b_said: receipt.a.clone(),
+                    event_b_said: receipt.d.clone(),
                     witness_reports: receipts
                         .iter()
                         .map(|r| WitnessReport {
-                            witness_id: r.i.clone(),
-                            observed_said: r.a.clone(),
+                            witness_id: r.i.as_str().to_string(),
+                            observed_said: r.d.clone(),
                             observed_at: None,
                         })
                         .collect(),
@@ -289,26 +289,23 @@ mod tests {
 
     #[test]
     fn verify_receipts_consistent() {
+        use auths_keri::{KeriSequence, VersionString};
         let detector = DuplicityDetector::new();
 
         let receipts = vec![
             Receipt {
-                v: "KERI".into(),
+                v: VersionString::placeholder(),
                 t: "rct".into(),
-                d: Said::new_unchecked("ER1".into()),
-                i: "W1".into(),
-                s: 5,
-                a: Said::new_unchecked("EEVENT_SAID".into()),
-                sig: vec![0; 64],
+                d: Said::new_unchecked("EEVENT_SAID".into()),
+                i: Prefix::new_unchecked("W1".into()),
+                s: KeriSequence::new(5),
             },
             Receipt {
-                v: "KERI".into(),
+                v: VersionString::placeholder(),
                 t: "rct".into(),
-                d: Said::new_unchecked("ER2".into()),
-                i: "W2".into(),
-                s: 5,
-                a: Said::new_unchecked("EEVENT_SAID".into()),
-                sig: vec![0; 64],
+                d: Said::new_unchecked("EEVENT_SAID".into()),
+                i: Prefix::new_unchecked("W2".into()),
+                s: KeriSequence::new(5),
             },
         ];
 
@@ -317,26 +314,23 @@ mod tests {
 
     #[test]
     fn verify_receipts_inconsistent() {
+        use auths_keri::{KeriSequence, VersionString};
         let detector = DuplicityDetector::new();
 
         let receipts = vec![
             Receipt {
-                v: "KERI".into(),
+                v: VersionString::placeholder(),
                 t: "rct".into(),
-                d: Said::new_unchecked("ER1".into()),
-                i: "W1".into(),
-                s: 5,
-                a: Said::new_unchecked("ESAID_A".into()),
-                sig: vec![0; 64],
+                d: Said::new_unchecked("ESAID_A".into()),
+                i: Prefix::new_unchecked("W1".into()),
+                s: KeriSequence::new(5),
             },
             Receipt {
-                v: "KERI".into(),
+                v: VersionString::placeholder(),
                 t: "rct".into(),
-                d: Said::new_unchecked("ER2".into()),
-                i: "W2".into(),
-                s: 5,
-                a: Said::new_unchecked("ESAID_B".into()),
-                sig: vec![0; 64],
+                d: Said::new_unchecked("ESAID_B".into()),
+                i: Prefix::new_unchecked("W2".into()),
+                s: KeriSequence::new(5),
             },
         ];
 

crates/auths-core/src/witness/mod.rs

@@ -86,9 +86,10 @@ mod server;
 mod storage;
 
 // Re-export KERI witness protocol types from auths-keri
+pub use auths_keri::KERI_VERSION_PREFIX;
 pub use auths_keri::witness::{
-    AsyncWitnessProvider, DuplicityEvidence, EventHash, EventHashParseError, KERI_VERSION,
-    NoOpAsyncWitness, RECEIPT_TYPE, Receipt, ReceiptBuilder, WitnessError, WitnessProvider,
+    AsyncWitnessProvider, DuplicityEvidence, EventHash, EventHashParseError, NoOpAsyncWitness,
+    RECEIPT_TYPE, Receipt, ReceiptBuilder, SignedReceipt, WitnessError, WitnessProvider,
     WitnessReport,
 };
 pub use noop::NoOpWitness;

crates/auths-core/src/witness/receipt.rs

@@ -1,2 +1,4 @@
 #[allow(unused_imports)]
-pub use auths_keri::witness::{KERI_VERSION, RECEIPT_TYPE, Receipt};
+pub use auths_keri::KERI_VERSION_PREFIX;
+#[allow(unused_imports)]
+pub use auths_keri::witness::{RECEIPT_TYPE, Receipt, SignedReceipt};

crates/auths-core/src/witness/server.rs

@@ -31,8 +31,10 @@ use chrono::{DateTime, Utc};
 use serde::{Deserialize, Serialize};
 use std::sync::Mutex;
 
+use auths_keri::{KeriSequence, VersionString};
+
 use super::error::{DuplicityEvidence, WitnessError};
-use super::receipt::{KERI_VERSION, RECEIPT_TYPE, Receipt};
+use super::receipt::{RECEIPT_TYPE, Receipt, SignedReceipt};
 use super::storage::WitnessStorage;
 
 /// Shared server state.
@@ -41,6 +43,7 @@ pub struct WitnessServerState {
     inner: Arc<WitnessServerInner>,
 }
 
+#[allow(dead_code)]
 struct WitnessServerInner {
     /// Witness identifier (DID)
     witness_did: DeviceDID,
@@ -141,6 +144,7 @@ pub struct ErrorResponse {
     pub duplicity: Option<DuplicityEvidence>,
 }
 
+#[allow(dead_code)]
 impl WitnessServerState {
     /// Create a new server state.
     #[allow(clippy::disallowed_methods)] // Server constructor is a clock boundary
@@ -212,31 +216,35 @@ impl WitnessServerState {
     /// Create a receipt for an event.
     fn create_receipt(
         &self,
-        _prefix: &Prefix,
+        prefix: &Prefix,
         seq: u64,
         event_said: &Said,
     ) -> Result<Receipt, WitnessError> {
-        let mut receipt = Receipt {
-            v: KERI_VERSION.into(),
+        let receipt = Receipt {
+            v: VersionString::placeholder(),
             t: RECEIPT_TYPE.into(),
-            d: Said::default(),
-            i: self.inner.witness_did.to_string(),
-            s: seq,
-            a: event_said.clone(),
-            sig: vec![],
+            d: event_said.clone(),
+            i: prefix.clone(),
+            s: KeriSequence::new(seq),
         };
 
-        let receipt_value = serde_json::to_value(&receipt)
-            .map_err(|e| WitnessError::Serialization(e.to_string()))?;
-        receipt.d = crate::crypto::said::compute_said(&receipt_value)
-            .map_err(|e| WitnessError::Serialization(e.to_string()))?;
+        Ok(receipt)
+    }
 
-        let signing_payload = receipt
-            .signing_payload()
-            .map_err(|e| WitnessError::Serialization(e.to_string()))?;
-        receipt.sig = self.sign_payload(&signing_payload)?;
+    /// Create a signed receipt for an event.
+    fn create_signed_receipt(
+        &self,
+        prefix: &Prefix,
+        seq: u64,
+        event_said: &Said,
+    ) -> Result<SignedReceipt, WitnessError> {
+        let receipt = self.create_receipt(prefix, seq, event_said)?;
 
-        Ok(receipt)
+        let signing_payload =
+            serde_json::to_vec(&receipt).map_err(|e| WitnessError::Serialization(e.to_string()))?;
+        let signature = self.sign_payload(&signing_payload)?;
+
+        Ok(SignedReceipt { receipt, signature })
     }
 
     /// Sign a payload with the witness Ed25519 keypair.
@@ -930,19 +938,16 @@ mod tests {
     }
 
     #[test]
-    fn receipt_said_is_proper_blake3() {
+    fn receipt_d_matches_event_said() {
         let state = test_state();
         let prefix = Prefix::new_unchecked("EPrefix".into());
-        let receipt = state
-            .create_receipt(&prefix, 0, &Said::new_unchecked("ESAID123".into()))
-            .unwrap();
-        // SAID should be 44 chars: 'E' + 43 base64url chars
-        assert_eq!(receipt.d.as_str().len(), 44);
-        assert!(receipt.d.as_str().starts_with('E'));
+        let event_said = Said::new_unchecked("ESAID123".into());
+        let receipt = state.create_receipt(&prefix, 0, &event_said).unwrap();
+        assert_eq!(receipt.d, event_said);
     }
 
     #[test]
-    fn receipt_said_changes_with_inputs() {
+    fn receipt_d_changes_with_event_said() {
         let state = test_state();
         let prefix = Prefix::new_unchecked("EPrefix".into());
         let receipt_a = state
@@ -952,29 +957,21 @@ mod tests {
             .create_receipt(&prefix, 0, &Said::new_unchecked("ESAID_B".into()))
             .unwrap();
         assert_ne!(receipt_a.d, receipt_b.d);
-
-        let receipt_c = state
-            .create_receipt(&prefix, 0, &Said::new_unchecked("ESAID_A".into()))
-            .unwrap();
-        let receipt_d = state
-            .create_receipt(&prefix, 1, &Said::new_unchecked("ESAID_A".into()))
-            .unwrap();
-        assert_ne!(receipt_c.d, receipt_d.d);
     }
 
     #[test]
-    fn receipt_signature_verifies_against_signing_payload() {
+    fn signed_receipt_signature_verifies() {
         let state = test_state();
         let prefix = Prefix::new_unchecked("EPrefix".into());
-        let receipt = state
-            .create_receipt(&prefix, 0, &Said::new_unchecked("ESAID123".into()))
+        let signed = state
+            .create_signed_receipt(&prefix, 0, &Said::new_unchecked("ESAID123".into()))
             .unwrap();
         let public_key = state.public_key();
-        let payload = receipt.signing_payload().unwrap();
+        let payload = serde_json::to_vec(&signed.receipt).unwrap();
 
         let pk = ring::signature::UnparsedPublicKey::new(&ring::signature::ED25519, &public_key);
-        pk.verify(&payload, &receipt.sig)
-            .expect("receipt signature should verify against signing_payload");
+        pk.verify(&payload, &signed.signature)
+            .expect("signed receipt signature should verify against serialized receipt");
     }
 
     #[test]

crates/auths-core/src/witness/storage.rs

@@ -188,7 +188,7 @@ impl WitnessStorage {
 
         stmt.bind((1, prefix.as_str()))
             .map_err(|e| WitnessError::Storage(format!("failed to bind prefix: {}", e)))?;
-        stmt.bind((2, receipt.a.as_str()))
+        stmt.bind((2, receipt.d.as_str()))
             .map_err(|e| WitnessError::Storage(format!("failed to bind event_said: {}", e)))?;
         stmt.bind((3, json.as_str()))
             .map_err(|e| WitnessError::Storage(format!("failed to bind json: {}", e)))?;
@@ -309,14 +309,13 @@ mod tests {
     }
 
     fn sample_receipt(event_said: &str) -> Receipt {
+        use auths_keri::{KeriSequence, VersionString};
         Receipt {
-            v: "KERI10JSON".into(),
+            v: VersionString::placeholder(),
             t: "rct".into(),
-            d: Said::new_unchecked("EReceipt".into()),
-            i: "did:key:witness".into(),
-            s: 5,
-            a: Said::new_unchecked(event_said.into()),
-            sig: vec![0; 64],
+            d: Said::new_unchecked(event_said.into()),
+            i: Prefix::new_unchecked("did:key:witness".into()),
+            s: KeriSequence::new(5),
         }
     }
 
@@ -416,7 +415,7 @@ mod tests {
         let result = storage.get_receipt(&p, &said("EEVENT_SAID")).unwrap();
         assert!(result.is_some());
         let retrieved = result.unwrap();
-        assert_eq!(retrieved.a, "EEVENT_SAID");
+        assert_eq!(retrieved.d.as_str(), "EEVENT_SAID");
     }
 
     #[test]

crates/auths-core/tests/cases/witness.rs

@@ -71,16 +71,16 @@ async fn http_witness_submit_and_retrieve_receipt() {
         .await
         .unwrap();
 
-    assert_eq!(receipt.a, said);
-    assert_eq!(receipt.s, 0);
+    assert_eq!(receipt.d, said);
+    assert_eq!(receipt.s, auths_keri::KeriSequence::new(0));
     assert_eq!(receipt.t, "rct");
 
     // Retrieve receipt
     let retrieved = client.get_receipt("ETestPrefix", &said).await.unwrap();
 
     assert!(retrieved.is_some());
     let retrieved = retrieved.unwrap();
-    assert_eq!(retrieved.a, said);
+    assert_eq!(retrieved.d, said);
 }
 
 #[tokio::test]