zoe_app_primitives/lib.rs
1//! # Zoe App Primitives: Core Types for Distributed Encrypted Applications
2//!
3//! This crate provides the foundational types and abstractions for building distributed,
4//! encrypted applications using the Zoe protocol. It defines the core data structures,
5//! events, and state management primitives that enable secure group communication,
6//! file sharing, and identity management.
7//!
8//! ## 🏗️ Architecture Overview
9//!
10//! The crate is organized around several key architectural concepts:
11//!
12//! ### 📊 Event-Sourced State Management
13//! Applications maintain state through immutable events that are cryptographically
14//! signed and encrypted. This provides:
15//! - **Auditability**: Complete history of all state changes
16//! - **Consistency**: Deterministic state across all participants
17//! - **Reliability**: State can be reconstructed from events
18//! - **Security**: All changes are authenticated and encrypted
19//!
20//! ### 🔐 Encryption-First Design
21//! All communication and data storage assumes hostile network conditions:
22//! - End-to-end encryption using ChaCha20-Poly1305
23//! - Cryptographic identity via Ed25519 signing keys
24//! - Shared group encryption keys for scalable group communication
25//! - Forward secrecy through key rotation capabilities
26//!
27//! ### 🎭 Multi-Layer Identity System
28//! Supports complex identity scenarios through a three-layer model:
29//! 1. **Cryptographic Identity** (VerifyingKeys): Authentication and authorization
30//! 2. **Display Identity** (Aliases): Human-readable names and personas
31//! 3. **Role-Based Access** (Permissions): Fine-grained capability control
32//!
33//! ### 📁 Structured Data Primitives
34//! Provides typed data structures for common application needs:
35//! - **Group Management**: Distributed team coordination and communication
36//! - **File Handling**: Secure file storage, sharing, and metadata management
37//! - **Identity Management**: User profiles, aliases, and display information
38//! - **Metadata Systems**: Extensible, structured metadata for all data types
39//!
40//! ## 📦 Module Organization
41//!
42//! ### [`group`] - Distributed Group Management
43//! Comprehensive system for managing encrypted, distributed groups:
44//! - [`group::GroupState`]: Unified runtime state management
45//! - [`group::GroupMembership`]: Advanced identity and alias management
46//! - [`group::events`]: Events for group creation, updates, and member management
47//! - [`group::states`]: State types and error handling
48//!
49//! Key features:
50//! - Event-sourced group state with audit trails
51//! - Multi-identity support (aliases, display names)
52//! - Role-based permissions and access control
53//! - Structured metadata system
54//! - Dynamic membership with encryption-based access control
55//!
56//! ### [`mod@file`] - Secure File Management
57//! Types for handling files in distributed, encrypted environments:
58//! - File references with metadata and compression information
59//! - Image handling with dimensions and format metadata
60//! - Convergent encryption for deduplication
61//! - Content-addressable storage integration
62//!
63//! ### [`identity`] - Identity and Display Name Management
64//! Core types for managing user identities and display information:
65//! - [`identity::IdentityRef`]: References to cryptographic or alias identities
66//! - [`identity::IdentityType`]: Main identities vs aliases
67//! - [`identity::IdentityInfo`]: Display names and metadata
68//!
69//! ### [`metadata`] - Structured Metadata System
70//! Extensible metadata system supporting both structured and generic data:
71//! - [`metadata::Metadata`]: Enum of typed metadata variants
72//! - Type-safe handling of descriptions, images, key-value pairs
73//! - Future extensibility for new metadata types
74//!
75//! ### [`relay`] - Network Configuration
76//! Types for configuring connections to relay servers:
77//! - [`relay::RelayEndpoint`]: Server connection information
78//! - Discovery and connection management primitives
79//!
80//! ## 🚀 Quick Start Examples
81//!
82//! ### Creating and Managing a Group
83//! ```rust
84//! use zoe_app_primitives::{GroupState, GroupSettings, Metadata, events::roles::GroupRole};
85//! use zoe_wire_protocol::KeyPair;
86//! use blake3::Hash;
87//!
88//! // Generate cryptographic identity
89//! let creator_key = KeyPair::generate(&mut rand::rngs::OsRng);
90//! let creator_public_key = creator_key.public_key();
91//!
92//! // Define structured metadata
93//! let metadata = vec![
94//! Metadata::Description("Development team coordination".to_string()),
95//! Metadata::Generic { key: "department".to_string(), value: "engineering".to_string() },
96//! ];
97//!
98//! // Create group state
99//! let group_state = GroupState::new(
100//! Hash::from([1u8; 32]),
101//! "Dev Team".to_string(),
102//! GroupSettings::default(),
103//! metadata,
104//! creator_public_key.clone(),
105//! 1640995200,
106//! );
107//!
108//! // Creator automatically becomes Owner
109//! assert_eq!(
110//! group_state.member_role(&creator_public_key),
111//! Some(&GroupRole::Owner)
112//! );
113//! ```
114//!
115//! ### Working with Multiple Identities
116//! ```rust
117//! use zoe_app_primitives::{GroupMembership, IdentityRef, IdentityType};
118//! use zoe_wire_protocol::KeyPair;
119//!
120//! let membership = GroupMembership::new();
121//! let user_key = KeyPair::generate(&mut rand::rngs::OsRng).public_key();
122//!
123//! // Check available identities (currently returns empty set for compatibility)
124//! let identities = membership.get_available_identities(&user_key);
125//! // Note: Currently returns empty set during ML-DSA transition
126//! assert!(identities.is_empty());
127//!
128//! // Check authorization for different identity types
129//! let main_identity = IdentityRef::Key(user_key.clone());
130//! assert!(membership.is_authorized(&user_key, &main_identity));
131//! ```
132//!
133//! ### Handling Structured Metadata
134//! ```rust
135//! use zoe_app_primitives::{Metadata, GroupState, GroupSettings};
136//! use zoe_wire_protocol::KeyPair;
137//! use blake3::Hash;
138//!
139//! let creator = KeyPair::generate(&mut rand::rngs::OsRng).public_key();
140//! let metadata = vec![
141//! Metadata::Description("Project discussion space".to_string()),
142//! Metadata::Generic { key: "project_id".to_string(), value: "proj_123".to_string() },
143//! Metadata::Generic { key: "classification".to_string(), value: "internal".to_string() },
144//! ];
145//!
146//! let group = GroupState::new(
147//! Hash::from([1u8; 32]), "Project Team".to_string(),
148//! GroupSettings::default(), metadata, creator, 1000
149//! );
150//!
151//! // Extract specific metadata types
152//! assert_eq!(group.description(), Some("Project discussion space".to_string()));
153//!
154//! // Get all key-value metadata
155//! let generic_meta = group.generic_metadata();
156//! assert_eq!(generic_meta.get("project_id"), Some(&"proj_123".to_string()));
157//! ```
158//!
159//! ## 🔧 Integration with Other Crates
160//!
161//! This crate is designed to integrate seamlessly with other parts of the Zoe ecosystem:
162//!
163//! - **`zoe-wire-protocol`**: Network communication and encryption
164//! - **`zoe-state-machine`**: Higher-level state management and event processing
165//! - **`zoe-message-store`**: Persistent storage for events and messages
166//! - **`zoe-client`**: Application-level client implementations
167//!
168//! The types defined here serve as the interface contracts between these layers,
169//! ensuring compatibility and consistency across the entire system.
170//!
171//! ## 🛡️ Security Considerations
172//!
173//! When using these primitives, keep in mind:
174//!
175//! - **Key Management**: Protect signing keys and encryption keys appropriately
176//! - **Metadata Privacy**: Be careful about what information you put in metadata
177//! - **Event Ordering**: Ensure events are applied in the correct chronological order
178//! - **Permission Checking**: Always verify permissions before applying state changes
179//! - **Validation**: Validate all inputs, especially those from network sources
180//!
181//! ## 📚 Further Reading
182//!
183//! For detailed information about specific components:
184//! - [`group`] module documentation for group management concepts
185//! - [`mod@file`] module documentation for file handling patterns
186//! - Individual type documentation for specific API details
187//!
188//! For integration examples and higher-level usage:
189//! - See the `examples/` directory in the workspace root
190//! - Check the integration tests in `test/end2end/`
191//! - Review the state machine crate for event processing patterns
192
193pub mod connection;
194pub mod extra;
195pub mod file;
196pub mod group;
197pub mod identity;
198pub mod invitation;
199pub mod metadata;
200pub mod qr;
201pub mod relay;
202
203pub use connection::*;
204pub use file::*;
205pub use group::*;
206pub use identity::*;
207pub use invitation::*;
208pub use metadata::*;
209pub use qr::*;
210pub use relay::*;