DukeInc/Kez - Kez - Tudisco Git

DukeInc/Kez

Fork 0

Commit Graph

Author	SHA1	Message	Date
Tudisco	111b23b94b	feat(kez-chat): scaffold the home server (v0.1) First runnable kez-chat-server binary plus its docker-compose deploy recipe. Implements steps 2-3 of the document.md sequenced plan; the rust-lib refactor (step 1) is deferred — chat-server path-deps on rust/crates/kez-core for now, which works and matches what rust-sig-server already does. What's in this commit: kez-core (1-line change) - New public `verify_envelope<T>(payload, signature)` helper that dispatches Schnorr / Ed25519 / future suites by signature.alg. Used by chat-server's registration verifier; downstream value beyond chat-server too. kez-chat-server (new crate) - src/main.rs: tokio + axum + tracing entry; clap config; graceful Ctrl-C shutdown. - src/lib.rs: re-exports so tests can drive the same router. - src/config.rs: env/flag config (bind, db, server, sig_server_url, web_dir) with defaults sane for both dev and prod. - src/error.rs: typed ApiError → structured JSON responses with stable error codes. - src/store.rs: SQLite-backed handle registry, UNIQUE on both (handle) and (primary_id); race-safe via SQL primary key. - src/handles.rs: username validation (length, charset, reserved list, must start with letter/digit). - src/registration.rs: SignedRegistration envelope sharing KEZ's JCS canonical-bytes pattern; signature verification via the new kez-core helper; replay protection via ±5-minute clock skew check. - src/api.rs: all six routes in one file — GET /v1/healthz GET /v1/u/:handle POST /v1/register GET /.well-known/webfinger POST /internal/nats/auth (501 stub for v0.1; wired up in v0.2) GET / (placeholder HTML; ServeDir when web/dist exists) tests/http.rs — 13 integration tests - Stands up the real router on a random port; uses reqwest. - Coverage: healthz, lookup-404, full register→lookup round-trip, duplicate-handle conflict, wrong-server rejection, reserved-name rejection, tampered-signature rejection, stale-timestamp rejection, WebFinger success + wrong-server-404, placeholder SPA renders, NATS callout 501, JCS determinism sanity. deploy/ - Dockerfile: multi-stage build (rust:1.86-slim → debian:bookworm-slim). Build context is repo root so the path dep on kez-core resolves. Runtime image ~50 MB; runs as non-root uid 10001. - Dockerfile.sig-server: same pattern for the existing rust-sig-server, so the stack builds from one git pull. - docker-compose.yml: three services (chat-server + nats + sig-server) with named volumes for persistence. Ports: 6969 (chat HTTP), 4222/8443/8222 (NATS native/ws/monitoring), 7878 (sig-server). - nats.conf: WebSocket on 8443 for the browser SPA, JetStream enabled, auth_callout pointing at chat-server's /internal/nats/auth endpoint (issuer nkey is a placeholder — must be replaced with a real one before going live). README.md - Documents all endpoints with example bodies. - Quick-start for both local dev and full Docker compose. - Honest list of what's in v0.1 vs what's still stubbed. Smoke-tested running on 127.0.0.1:6969: GET /v1/healthz → {"server":"kez.lat","status":"ok","version":"0.1.0"} GET / → placeholder HTML rendering GET /v1/u/ghost → 404 POST /internal/nats/auth → 501 with "wired up in v0.2" cargo test → 13 passed. cargo build --release → 19.6s, clean.	2026-05-24 23:36:53 -06:00
Tudisco	d0db6f00f1	Initial implementation of KEZ — protocol, two impls, and storage server KEZ is a portable, decentralized identity graph: a person signs claims linking their many accounts, publishes those claims in places only the claimed account can publish to, and anyone can verify the connections without trusting a central server. Layout ------ - SPEC.md Language-agnostic protocol spec (v0.2) - rust/ Rust implementation: kez-core, kez-channels, kez-cli - nodejs/ TypeScript port at full parity - rust-sig-server/ Optional axum + SQLite storage server for sigchains - crosstest.sh Cross-implementation interop harness Capabilities (both implementations, byte-compatible) ---------------------------------------------------- - Two primary-key algorithms: nostr/secp256k1 Schnorr (BIP-340) and Ed25519 (RFC 8032). Identifiers: nostr:npub1... and ed25519:<hex>. - JCS (RFC 8785) canonicalization for everything signed. - Four proof encodings: JSON envelope, compact (kez:z1:<base64url(zstd(json))>), Markdown fence, DNS TXT. - Five channel plugins (no API keys, no auth needed for any of them): dns: system resolver, _kez.<domain> TXT records github: public gist scan + <user>/<user> profile README fallback nostr: kind-30078 events from default relays bluesky: public AppView author feed ap: WebFinger + actor JSON (alias mastodon:) - Identical CLI surface: kez identity new [--key-type nostr\|ed25519] kez claim create <subject> (--nsec \| --ed25519-seed) [--format ...] [--out ...] kez claim dns <domain> (--nsec \| --ed25519-seed) kez verify file <path> kez verify id <identifier> kez sigchain add\|revoke\|show\|export\|publish - Sigchains: append-only signed log per primary, hash-chained per spec §6, stored locally at ~/.kez/sigchains/, exportable as JSONL or kez:zc1: bundle. - Sigchain publish destinations: chain server, web (file dump), DNS (zone record print), nostr (kind-30078 wrapping event). kez-sig-server -------------- Optional storage tier. Axum + SQLite, single binary, no external deps. - No auth — the cryptography is the access control. The server validates every signature, every seq, every prev hash before storing. - REST API: POST /v1/sigchains/{scheme}/{id}/events (append signed event, 201 with new head hash or 4xx); GET /{scheme}/{id} (full chain as JSONL); GET /head; GET /healthz. - Designed for one central instance for now; the design doesn't preclude running more later (clients gain a configurable list, verifiers reconcile per spec §6.2). - Channel-based publishing remains the always-available fallback if the server is unavailable. Tests ----- - rust/ 99 tests - rust-sig-server/ 10 integration tests (real HTTP, real SQLite) - nodejs/ 91 tests (vitest) - crosstest.sh 19 cross-impl scenarios — proves JCS bytes, Schnorr + Ed25519 sigs, all four claim encodings, and the sigchain JSONL bundle are byte-compatible between Rust and Node in both directions. What's not done yet ------------------- - verify id consulting the sigchain for revocations (data path exists, just not wired into the verifier output). - rotate and add_device sigchain ops (types reserved). - expires_at enforcement during claim verification. - Typed VerificationStatus.status reflecting the five failure modes. - Auth-required publishers (GitHub gist, Bluesky, ActivityPub).	2026-05-24 14:41:00 -06:00

Author

SHA1

Message

Date

Tudisco

111b23b94b

feat(kez-chat): scaffold the home server (v0.1)

First runnable kez-chat-server binary plus its docker-compose deploy
recipe. Implements steps 2-3 of the document.md sequenced plan; the
rust-lib refactor (step 1) is deferred — chat-server path-deps on
rust/crates/kez-core for now, which works and matches what
rust-sig-server already does.

What's in this commit:

kez-core (1-line change)
- New public `verify_envelope<T>(payload, signature)` helper that
  dispatches Schnorr / Ed25519 / future suites by signature.alg.
  Used by chat-server's registration verifier; downstream value
  beyond chat-server too.

kez-chat-server (new crate)
- src/main.rs: tokio + axum + tracing entry; clap config; graceful
  Ctrl-C shutdown.
- src/lib.rs: re-exports so tests can drive the same router.
- src/config.rs: env/flag config (bind, db, server, sig_server_url,
  web_dir) with defaults sane for both dev and prod.
- src/error.rs: typed ApiError → structured JSON responses with
  stable error codes.
- src/store.rs: SQLite-backed handle registry, UNIQUE on both
  (handle) and (primary_id); race-safe via SQL primary key.
- src/handles.rs: username validation (length, charset, reserved
  list, must start with letter/digit).
- src/registration.rs: SignedRegistration envelope sharing KEZ's
  JCS canonical-bytes pattern; signature verification via the new
  kez-core helper; replay protection via ±5-minute clock skew check.
- src/api.rs: all six routes in one file —
    GET  /v1/healthz
    GET  /v1/u/:handle
    POST /v1/register
    GET  /.well-known/webfinger
    POST /internal/nats/auth   (501 stub for v0.1; wired up in v0.2)
    GET  /                     (placeholder HTML; ServeDir when web/dist exists)

tests/http.rs — 13 integration tests
- Stands up the real router on a random port; uses reqwest.
- Coverage: healthz, lookup-404, full register→lookup round-trip,
  duplicate-handle conflict, wrong-server rejection, reserved-name
  rejection, tampered-signature rejection, stale-timestamp rejection,
  WebFinger success + wrong-server-404, placeholder SPA renders,
  NATS callout 501, JCS determinism sanity.

deploy/
- Dockerfile: multi-stage build (rust:1.86-slim → debian:bookworm-slim).
  Build context is repo root so the path dep on kez-core resolves.
  Runtime image ~50 MB; runs as non-root uid 10001.
- Dockerfile.sig-server: same pattern for the existing
  rust-sig-server, so the stack builds from one git pull.
- docker-compose.yml: three services (chat-server + nats + sig-server)
  with named volumes for persistence. Ports: 6969 (chat HTTP),
  4222/8443/8222 (NATS native/ws/monitoring), 7878 (sig-server).
- nats.conf: WebSocket on 8443 for the browser SPA, JetStream
  enabled, auth_callout pointing at chat-server's
  /internal/nats/auth endpoint (issuer nkey is a placeholder — must
  be replaced with a real one before going live).

README.md
- Documents all endpoints with example bodies.
- Quick-start for both local dev and full Docker compose.
- Honest list of what's in v0.1 vs what's still stubbed.

Smoke-tested running on 127.0.0.1:6969:
  GET /v1/healthz       → {"server":"kez.lat","status":"ok","version":"0.1.0"}
  GET /                 → placeholder HTML rendering
  GET /v1/u/ghost       → 404
  POST /internal/nats/auth → 501 with "wired up in v0.2"

cargo test  → 13 passed.
cargo build --release → 19.6s, clean.

2026-05-24 23:36:53 -06:00

Tudisco

d0db6f00f1

Initial implementation of KEZ — protocol, two impls, and storage server

KEZ is a portable, decentralized identity graph: a person signs claims
linking their many accounts, publishes those claims in places only the
claimed account can publish to, and anyone can verify the connections
without trusting a central server.

Layout
------
- SPEC.md            Language-agnostic protocol spec (v0.2)
- rust/              Rust implementation: kez-core, kez-channels, kez-cli
- nodejs/            TypeScript port at full parity
- rust-sig-server/   Optional axum + SQLite storage server for sigchains
- crosstest.sh       Cross-implementation interop harness

Capabilities (both implementations, byte-compatible)
----------------------------------------------------
- Two primary-key algorithms: nostr/secp256k1 Schnorr (BIP-340) and
  Ed25519 (RFC 8032). Identifiers: nostr:npub1... and ed25519:<hex>.
- JCS (RFC 8785) canonicalization for everything signed.
- Four proof encodings: JSON envelope, compact (kez:z1:<base64url(zstd(json))>),
  Markdown fence, DNS TXT.
- Five channel plugins (no API keys, no auth needed for any of them):
    dns:        system resolver, _kez.<domain> TXT records
    github:     public gist scan + <user>/<user> profile README fallback
    nostr:      kind-30078 events from default relays
    bluesky:    public AppView author feed
    ap:         WebFinger + actor JSON (alias mastodon:)
- Identical CLI surface:
    kez identity new [--key-type nostr|ed25519]
    kez claim create <subject> (--nsec | --ed25519-seed) [--format ...] [--out ...]
    kez claim dns <domain>     (--nsec | --ed25519-seed)
    kez verify file <path>
    kez verify id <identifier>
    kez sigchain add|revoke|show|export|publish
- Sigchains: append-only signed log per primary, hash-chained per spec §6,
  stored locally at ~/.kez/sigchains/, exportable as JSONL or kez:zc1: bundle.
- Sigchain publish destinations: chain server, web (file dump), DNS (zone
  record print), nostr (kind-30078 wrapping event).

kez-sig-server
--------------
Optional storage tier. Axum + SQLite, single binary, no external deps.

- No auth — the cryptography is the access control. The server validates
  every signature, every seq, every prev hash before storing.
- REST API: POST /v1/sigchains/{scheme}/{id}/events (append signed event,
  201 with new head hash or 4xx); GET /{scheme}/{id} (full chain as JSONL);
  GET /head; GET /healthz.
- Designed for one central instance for now; the design doesn't preclude
  running more later (clients gain a configurable list, verifiers
  reconcile per spec §6.2).
- Channel-based publishing remains the always-available fallback if the
  server is unavailable.

Tests
-----
- rust/                 99 tests
- rust-sig-server/      10 integration tests (real HTTP, real SQLite)
- nodejs/               91 tests (vitest)
- crosstest.sh          19 cross-impl scenarios — proves JCS bytes,
                        Schnorr + Ed25519 sigs, all four claim encodings,
                        and the sigchain JSONL bundle are byte-compatible
                        between Rust and Node in both directions.

What's not done yet
-------------------
- verify id consulting the sigchain for revocations (data path exists,
  just not wired into the verifier output).
- rotate and add_device sigchain ops (types reserved).
- expires_at enforcement during claim verification.
- Typed VerificationStatus.status reflecting the five failure modes.
- Auth-required publishers (GitHub gist, Bluesky, ActivityPub).

2026-05-24 14:41:00 -06:00

2 Commits