Keysat
f574f025a6
Trim AGENTS.md to whole-repo, every-session facts (154 -> 110 lines) and move subsystem guidance into docs/guides/*.md, each with paths: frontmatter and a one-line index entry in AGENTS.md. Symlink each guide from .claude/rules/ so Claude Code lazy-loads it by matching path; track those symlinks via a .gitignore exception (.claude/settings.local.json stays ignored).
35 lines
1.4 KiB
Markdown
35 lines
1.4 KiB
Markdown
---
|
|
paths:
|
|
- "licensing-service-startos/licensing-service/src/crypto/**"
|
|
- "licensing-service-startos/licensing-service/tests/crosscheck/**"
|
|
- "tests/crosscheck/**"
|
|
- "licensing-client-rust/**"
|
|
- "licensing-client-ts/**"
|
|
- "licensing-client-python/**"
|
|
- "licensing-client-go/**"
|
|
---
|
|
|
|
# Crypto & the LIC1 wire format
|
|
|
|
Ed25519 signing. The **LIC1 key byte layout** (defined in `src/crypto/mod.rs`) is
|
|
THE contract that all four SDKs (Rust, TS, Python, Go) implement. Two payload
|
|
layouts exist: legacy **v1** and current **v2** — both must keep validating.
|
|
|
|
## Change with extreme care
|
|
|
|
Any change to the byte layout, field order, or signing input ripples to four
|
|
SDKs and every license key already issued. Before changing it:
|
|
|
|
1. Update `src/crypto/` and every SDK in lockstep.
|
|
2. Update the cross-language fixtures.
|
|
|
|
## Cross-language verification
|
|
|
|
- **Top-level `tests/crosscheck/`** — an independent Python reference signer
|
|
(`reference_signer.py`, using `cryptography` for Ed25519) plus a TS runner
|
|
(`run_ts.mjs`) assert byte-for-byte agreement across Rust + TS + Python on both
|
|
v1 and v2 layouts. Agreement here is strong evidence the format is correct, not
|
|
just internally self-consistent.
|
|
- **`licensing-service/tests/crosscheck/`** — wire-format fixtures the four SDKs
|
|
cross-verify, run via the Rust `crosscheck` suite (`cargo test --test crosscheck`).
|