web4-core 0.1.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (35) hide show
  1. web4_core-0.1.0/.gitignore +25 -0
  2. web4_core-0.1.0/ARCHITECTURE.md +87 -0
  3. web4_core-0.1.0/Cargo.lock +702 -0
  4. web4_core-0.1.0/Cargo.toml +34 -0
  5. web4_core-0.1.0/LICENSE +661 -0
  6. web4_core-0.1.0/PATENTS.md +44 -0
  7. web4_core-0.1.0/PKG-INFO +165 -0
  8. web4_core-0.1.0/README.md +124 -0
  9. web4_core-0.1.0/pyproject.toml +37 -0
  10. web4_core-0.1.0/python/Cargo.lock +1028 -0
  11. web4_core-0.1.0/python/Cargo.toml +21 -0
  12. web4_core-0.1.0/python/README.md +141 -0
  13. web4_core-0.1.0/python/src/lib.rs +716 -0
  14. web4_core-0.1.0/src/coherence.rs +420 -0
  15. web4_core-0.1.0/src/crypto.rs +261 -0
  16. web4_core-0.1.0/src/error.rs +58 -0
  17. web4_core-0.1.0/src/lct.rs +368 -0
  18. web4_core-0.1.0/src/ledger/in_memory.rs +258 -0
  19. web4_core-0.1.0/src/ledger/local.rs +420 -0
  20. web4_core-0.1.0/src/ledger.rs +268 -0
  21. web4_core-0.1.0/src/lib.rs +164 -0
  22. web4_core-0.1.0/src/t3.rs +530 -0
  23. web4_core-0.1.0/src/v3.rs +482 -0
  24. web4_core-0.1.0/web4_core/trust/__init__.py +0 -0
  25. web4_core-0.1.0/web4_core/trust/attestation/__init__.py +34 -0
  26. web4_core-0.1.0/web4_core/trust/attestation/anchors/__init__.py +0 -0
  27. web4_core-0.1.0/web4_core/trust/attestation/anchors/fido2.py +44 -0
  28. web4_core-0.1.0/web4_core/trust/attestation/anchors/secure_enclave.py +41 -0
  29. web4_core-0.1.0/web4_core/trust/attestation/anchors/software.py +43 -0
  30. web4_core-0.1.0/web4_core/trust/attestation/anchors/tpm2.py +78 -0
  31. web4_core-0.1.0/web4_core/trust/attestation/envelope.py +256 -0
  32. web4_core-0.1.0/web4_core/trust/attestation/tests/__init__.py +0 -0
  33. web4_core-0.1.0/web4_core/trust/attestation/tests/test_envelope.py +468 -0
  34. web4_core-0.1.0/web4_core/trust/attestation/tests/test_verify.py +363 -0
  35. web4_core-0.1.0/web4_core/trust/attestation/verify.py +61 -0
@@ -0,0 +1,25 @@
1
+ # Rust build artifacts
2
+ /target/
3
+ /python/target/
4
+
5
+ # Cargo lock is typically committed for libraries, but not for applications
6
+ # For a library, we keep Cargo.lock
7
+
8
+ # IDE
9
+ .idea/
10
+ .vscode/
11
+ *.swp
12
+ *.swo
13
+
14
+ # OS
15
+ .DS_Store
16
+ Thumbs.db
17
+
18
+ # Python
19
+ __pycache__/
20
+ *.py[cod]
21
+ *.egg-info/
22
+ dist/
23
+ build/
24
+ *.whl
25
+ .eggs/
@@ -0,0 +1,87 @@
1
+ # Web4-Core Architecture Decision: Rust + Python Bindings
2
+
3
+ ## Why Rust?
4
+
5
+ ### The Problem with Pure Python
6
+
7
+ The original Web4 implementation was Python-first. While Python excels at prototyping and AI/ML integration, it creates fundamental problems for trust infrastructure:
8
+
9
+ 1. **No Memory Safety Guarantees**: Trust computations must be deterministic and tamper-resistant. Python's dynamic nature makes formal verification impractical.
10
+
11
+ 2. **Performance Ceiling**: Cryptographic operations (hashing, signing, verification) in Python are 10-100x slower than native code. At scale, this becomes prohibitive.
12
+
13
+ 3. **Deployment Complexity**: Python's dependency management (pip, virtualenv, conda) creates reproducibility issues. "Works on my machine" is unacceptable for trust infrastructure.
14
+
15
+ 4. **Hardware Binding Impossible**: TPM 2.0, Secure Enclave, and FIDO2 require FFI to native libraries. Python's ctypes/cffi add unnecessary indirection and attack surface.
16
+
17
+ ### Why Not Pure Rust?
18
+
19
+ Pure Rust would sacrifice the ecosystem advantages that make Web4 practical:
20
+
21
+ 1. **AI Integration**: The AI agent ecosystem lives in Python (LangChain, transformers, Claude SDK). Forcing Rust adoption creates friction.
22
+
23
+ 2. **Rapid Iteration**: Research and prototyping benefit from Python's REPL and dynamic typing. We need both rigor and velocity.
24
+
25
+ 3. **Adoption Curve**: Most developers know Python. Rust has a steep learning curve. Bindings let teams choose their comfort level.
26
+
27
+ ## The Hybrid Architecture
28
+
29
+ ```
30
+ ┌─────────────────────────────────────────────────────────┐
31
+ │ Python Applications │
32
+ │ (AI Agents, CLI Tools, Web Services) │
33
+ ├─────────────────────────────────────────────────────────┤
34
+ │ PyO3 Bindings │
35
+ │ (Zero-copy where possible) │
36
+ ├─────────────────────────────────────────────────────────┤
37
+ │ Rust Core │
38
+ │ LCT │ T3 Trust │ V3 Provenance │ Coherence │ Crypto │
39
+ ├─────────────────────────────────────────────────────────┤
40
+ │ Platform Abstraction │
41
+ │ TPM 2.0 │ Secure Enclave │ FIDO2 │ Software │
42
+ └─────────────────────────────────────────────────────────┘
43
+ ```
44
+
45
+ ### Benefits Realized
46
+
47
+ 1. **Single Source of Truth**: Core logic lives in Rust. Python bindings are generated, not maintained separately.
48
+
49
+ 2. **Type Safety Propagates**: Rust's type system catches errors at compile time. PyO3 generates typed stubs for Python IDE support.
50
+
51
+ 3. **Performance Where It Matters**: Hot paths (hashing, tensor computation, chain verification) run at native speed.
52
+
53
+ 4. **Hardware Binding Ready**: Rust's FFI story is mature. We can bind to tpm2-tss, Security.framework, and libfido2 directly.
54
+
55
+ 5. **Cross-Platform**: One Rust codebase compiles to Linux, macOS, Windows. Python wheels hide platform complexity.
56
+
57
+ ## Module Mapping
58
+
59
+ | Rust Module | Python Binding | Purpose |
60
+ |-------------|----------------|---------|
61
+ | `lct.rs` | `web4.lct` | Linked Context Token identity |
62
+ | `t3.rs` | `web4.t3` | Trust tensor computation |
63
+ | `v3.rs` | `web4.v3` | Verifiable provenance |
64
+ | `coherence.rs` | `web4.coherence` | Identity stability metrics |
65
+ | `crypto.rs` | `web4.crypto` | Cryptographic primitives |
66
+
67
+ ## What Stays in Python
68
+
69
+ - CLI tools and scripts
70
+ - AI agent integration layers
71
+ - Web service endpoints
72
+ - Test harnesses and fixtures
73
+ - Documentation generation
74
+
75
+ ## Migration Path
76
+
77
+ 1. **Phase 1** (Complete): Core modules ported to Rust, Python bindings via PyO3
78
+ 2. **Phase 2** (Current): Hardbound enterprise layer in Rust
79
+ 3. **Phase 3** (Next): Hardware binding implementation
80
+ 4. **Phase 4** (Future): WASM compilation for browser/edge deployment
81
+
82
+ ## Lessons Learned
83
+
84
+ - Start with types, not functions. Getting the data structures right in Rust first made everything else easier.
85
+ - PyO3's `#[pyclass]` and `#[pymethods]` are straightforward but require thinking about ownership.
86
+ - Rust's borrow checker forced us to clarify mutable vs immutable operations that were ambiguous in Python.
87
+ - Integration tests should run through Python bindings, not just Rust unit tests.