Files
alknet/crates/alknet-vault/src/lib.rs
glm-5.2 9028fca302 refactor(vault): remove irpc actor dispatch — direct method calls on VaultServiceHandle (ADR-025)
Drop the irpc-based actor dispatch path from alknet-vault and convert to
direct method calls on VaultServiceHandle (drift item #4, ADR-025).

Removed:
- VaultProtocol enum with #[rpc_requests] derive from protocol.rs
- VaultServiceActor (mpsc + oneshot dispatch loop) from service.rs
- VaultService wrapper struct (only the handle is needed)
- Client<VaultProtocol> usage
- irpc, irpc-derive, tokio from [dependencies]
- postcard from [dev-dependencies]
- VaultMessage/VaultProtocol/VaultServiceActor re-exports from lib.rs
- Serialize/Deserialize derives from VaultServiceError
- postcard round-trip tests from protocol.rs
- actor tokio::test tests from service.rs

The vault now has zero async runtime dependency and zero RPC framework
dependency — it is local-only by construction. VaultServiceHandle is the
sole API: Arc<std::sync::RwLock<VaultServiceInner>> with synchronous
methods. lib.rs re-exports match the vault README Public API section.

Also fixes pre-existing clippy field_reassign_with_default warnings in
cache.rs tests so cargo clippy -- -D warnings passes.
2026-06-23 13:20:28 +00:00

50 lines
2.0 KiB
Rust

//! # alknet-vault
//!
//! Local key vault: BIP39 mnemonic generation, SLIP-0010 Ed25519 HD key derivation,
//! AES-256-GCM encryption for securing provider keys, credentials, and identity material.
//!
//! This crate is the only component that holds the master seed phrase. The CLI binary
//! unlocks the vault at startup and injects derived/decrypted material into operation
//! contexts. Other crates never access the vault directly — they receive keys through
//! their operation context or via the call protocol.
//!
//! ## Crate Independence
//!
//! alknet-vault does **not** depend on alknet-core or any other alknet crate. It is
//! fully independent and usable in contexts where QUIC networking doesn't exist (CLI
//! tools, test harnesses, WASM key derivation).
//!
//! ## Security Model
//!
//! The seed phrase is never persisted to disk. It is entered at startup or via
//! `Unlock` and held only in `Zeroize`-protected RAM (ADR-038). `Lock` purges
//! the seed and all cached derived keys.
//!
//! ## Module Organization
//!
//! - [`mnemonic`] — BIP39 mnemonic generation, validation, and seed derivation
//! - [`derivation`] — SLIP-0010 Ed25519 HD key derivation and path constants
//! - [`encryption`] — AES-256-GCM encrypt/decrypt and `EncryptedData` type
//! - [`protocol`] — `DerivedKey` and `KeyType` (return types from vault methods)
//! - [`service`] — `VaultServiceHandle` runtime API with Unlock/Lock lifecycle
//! - [`ethereum`] — BIP-0032 secp256k1 HD key derivation (behind `secp256k1` feature)
pub mod cache;
pub mod derivation;
pub mod encryption;
pub mod mnemonic;
pub mod protocol;
pub mod service;
#[cfg(feature = "secp256k1")]
pub mod ethereum;
// Re-export primary public API
pub use cache::CacheConfig;
pub use derivation::{DerivationError, ExtendedPrivKey, PATHS};
pub use encryption::CURRENT_KEY_VERSION;
pub use encryption::{EncryptedData, EncryptionError, EncryptionKey};
pub use mnemonic::{Language, Mnemonic, Seed};
pub use protocol::{DerivedKey, KeyType};
pub use service::{VaultServiceError, VaultServiceHandle};