web4-core 0.1.0__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- web4_core-0.1.0/.gitignore +25 -0
- web4_core-0.1.0/ARCHITECTURE.md +87 -0
- web4_core-0.1.0/Cargo.lock +702 -0
- web4_core-0.1.0/Cargo.toml +34 -0
- web4_core-0.1.0/LICENSE +661 -0
- web4_core-0.1.0/PATENTS.md +44 -0
- web4_core-0.1.0/PKG-INFO +165 -0
- web4_core-0.1.0/README.md +124 -0
- web4_core-0.1.0/pyproject.toml +37 -0
- web4_core-0.1.0/python/Cargo.lock +1028 -0
- web4_core-0.1.0/python/Cargo.toml +21 -0
- web4_core-0.1.0/python/README.md +141 -0
- web4_core-0.1.0/python/src/lib.rs +716 -0
- web4_core-0.1.0/src/coherence.rs +420 -0
- web4_core-0.1.0/src/crypto.rs +261 -0
- web4_core-0.1.0/src/error.rs +58 -0
- web4_core-0.1.0/src/lct.rs +368 -0
- web4_core-0.1.0/src/ledger/in_memory.rs +258 -0
- web4_core-0.1.0/src/ledger/local.rs +420 -0
- web4_core-0.1.0/src/ledger.rs +268 -0
- web4_core-0.1.0/src/lib.rs +164 -0
- web4_core-0.1.0/src/t3.rs +530 -0
- web4_core-0.1.0/src/v3.rs +482 -0
- web4_core-0.1.0/web4_core/trust/__init__.py +0 -0
- web4_core-0.1.0/web4_core/trust/attestation/__init__.py +34 -0
- web4_core-0.1.0/web4_core/trust/attestation/anchors/__init__.py +0 -0
- web4_core-0.1.0/web4_core/trust/attestation/anchors/fido2.py +44 -0
- web4_core-0.1.0/web4_core/trust/attestation/anchors/secure_enclave.py +41 -0
- web4_core-0.1.0/web4_core/trust/attestation/anchors/software.py +43 -0
- web4_core-0.1.0/web4_core/trust/attestation/anchors/tpm2.py +78 -0
- web4_core-0.1.0/web4_core/trust/attestation/envelope.py +256 -0
- web4_core-0.1.0/web4_core/trust/attestation/tests/__init__.py +0 -0
- web4_core-0.1.0/web4_core/trust/attestation/tests/test_envelope.py +468 -0
- web4_core-0.1.0/web4_core/trust/attestation/tests/test_verify.py +363 -0
- web4_core-0.1.0/web4_core/trust/attestation/verify.py +61 -0
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
# Rust build artifacts
|
|
2
|
+
/target/
|
|
3
|
+
/python/target/
|
|
4
|
+
|
|
5
|
+
# Cargo lock is typically committed for libraries, but not for applications
|
|
6
|
+
# For a library, we keep Cargo.lock
|
|
7
|
+
|
|
8
|
+
# IDE
|
|
9
|
+
.idea/
|
|
10
|
+
.vscode/
|
|
11
|
+
*.swp
|
|
12
|
+
*.swo
|
|
13
|
+
|
|
14
|
+
# OS
|
|
15
|
+
.DS_Store
|
|
16
|
+
Thumbs.db
|
|
17
|
+
|
|
18
|
+
# Python
|
|
19
|
+
__pycache__/
|
|
20
|
+
*.py[cod]
|
|
21
|
+
*.egg-info/
|
|
22
|
+
dist/
|
|
23
|
+
build/
|
|
24
|
+
*.whl
|
|
25
|
+
.eggs/
|
|
@@ -0,0 +1,87 @@
|
|
|
1
|
+
# Web4-Core Architecture Decision: Rust + Python Bindings
|
|
2
|
+
|
|
3
|
+
## Why Rust?
|
|
4
|
+
|
|
5
|
+
### The Problem with Pure Python
|
|
6
|
+
|
|
7
|
+
The original Web4 implementation was Python-first. While Python excels at prototyping and AI/ML integration, it creates fundamental problems for trust infrastructure:
|
|
8
|
+
|
|
9
|
+
1. **No Memory Safety Guarantees**: Trust computations must be deterministic and tamper-resistant. Python's dynamic nature makes formal verification impractical.
|
|
10
|
+
|
|
11
|
+
2. **Performance Ceiling**: Cryptographic operations (hashing, signing, verification) in Python are 10-100x slower than native code. At scale, this becomes prohibitive.
|
|
12
|
+
|
|
13
|
+
3. **Deployment Complexity**: Python's dependency management (pip, virtualenv, conda) creates reproducibility issues. "Works on my machine" is unacceptable for trust infrastructure.
|
|
14
|
+
|
|
15
|
+
4. **Hardware Binding Impossible**: TPM 2.0, Secure Enclave, and FIDO2 require FFI to native libraries. Python's ctypes/cffi add unnecessary indirection and attack surface.
|
|
16
|
+
|
|
17
|
+
### Why Not Pure Rust?
|
|
18
|
+
|
|
19
|
+
Pure Rust would sacrifice the ecosystem advantages that make Web4 practical:
|
|
20
|
+
|
|
21
|
+
1. **AI Integration**: The AI agent ecosystem lives in Python (LangChain, transformers, Claude SDK). Forcing Rust adoption creates friction.
|
|
22
|
+
|
|
23
|
+
2. **Rapid Iteration**: Research and prototyping benefit from Python's REPL and dynamic typing. We need both rigor and velocity.
|
|
24
|
+
|
|
25
|
+
3. **Adoption Curve**: Most developers know Python. Rust has a steep learning curve. Bindings let teams choose their comfort level.
|
|
26
|
+
|
|
27
|
+
## The Hybrid Architecture
|
|
28
|
+
|
|
29
|
+
```
|
|
30
|
+
┌─────────────────────────────────────────────────────────┐
|
|
31
|
+
│ Python Applications │
|
|
32
|
+
│ (AI Agents, CLI Tools, Web Services) │
|
|
33
|
+
├─────────────────────────────────────────────────────────┤
|
|
34
|
+
│ PyO3 Bindings │
|
|
35
|
+
│ (Zero-copy where possible) │
|
|
36
|
+
├─────────────────────────────────────────────────────────┤
|
|
37
|
+
│ Rust Core │
|
|
38
|
+
│ LCT │ T3 Trust │ V3 Provenance │ Coherence │ Crypto │
|
|
39
|
+
├─────────────────────────────────────────────────────────┤
|
|
40
|
+
│ Platform Abstraction │
|
|
41
|
+
│ TPM 2.0 │ Secure Enclave │ FIDO2 │ Software │
|
|
42
|
+
└─────────────────────────────────────────────────────────┘
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
### Benefits Realized
|
|
46
|
+
|
|
47
|
+
1. **Single Source of Truth**: Core logic lives in Rust. Python bindings are generated, not maintained separately.
|
|
48
|
+
|
|
49
|
+
2. **Type Safety Propagates**: Rust's type system catches errors at compile time. PyO3 generates typed stubs for Python IDE support.
|
|
50
|
+
|
|
51
|
+
3. **Performance Where It Matters**: Hot paths (hashing, tensor computation, chain verification) run at native speed.
|
|
52
|
+
|
|
53
|
+
4. **Hardware Binding Ready**: Rust's FFI story is mature. We can bind to tpm2-tss, Security.framework, and libfido2 directly.
|
|
54
|
+
|
|
55
|
+
5. **Cross-Platform**: One Rust codebase compiles to Linux, macOS, Windows. Python wheels hide platform complexity.
|
|
56
|
+
|
|
57
|
+
## Module Mapping
|
|
58
|
+
|
|
59
|
+
| Rust Module | Python Binding | Purpose |
|
|
60
|
+
|-------------|----------------|---------|
|
|
61
|
+
| `lct.rs` | `web4.lct` | Linked Context Token identity |
|
|
62
|
+
| `t3.rs` | `web4.t3` | Trust tensor computation |
|
|
63
|
+
| `v3.rs` | `web4.v3` | Verifiable provenance |
|
|
64
|
+
| `coherence.rs` | `web4.coherence` | Identity stability metrics |
|
|
65
|
+
| `crypto.rs` | `web4.crypto` | Cryptographic primitives |
|
|
66
|
+
|
|
67
|
+
## What Stays in Python
|
|
68
|
+
|
|
69
|
+
- CLI tools and scripts
|
|
70
|
+
- AI agent integration layers
|
|
71
|
+
- Web service endpoints
|
|
72
|
+
- Test harnesses and fixtures
|
|
73
|
+
- Documentation generation
|
|
74
|
+
|
|
75
|
+
## Migration Path
|
|
76
|
+
|
|
77
|
+
1. **Phase 1** (Complete): Core modules ported to Rust, Python bindings via PyO3
|
|
78
|
+
2. **Phase 2** (Current): Hardbound enterprise layer in Rust
|
|
79
|
+
3. **Phase 3** (Next): Hardware binding implementation
|
|
80
|
+
4. **Phase 4** (Future): WASM compilation for browser/edge deployment
|
|
81
|
+
|
|
82
|
+
## Lessons Learned
|
|
83
|
+
|
|
84
|
+
- Start with types, not functions. Getting the data structures right in Rust first made everything else easier.
|
|
85
|
+
- PyO3's `#[pyclass]` and `#[pymethods]` are straightforward but require thinking about ownership.
|
|
86
|
+
- Rust's borrow checker forced us to clarify mutable vs immutable operations that were ambiguous in Python.
|
|
87
|
+
- Integration tests should run through Python bindings, not just Rust unit tests.
|