refactor(ledger): extract korg-ledger — publishable single-source spec crate#2
Merged
Merged
Conversation
…spec crate Move the korg-ledger@v1 hash-chain primitives (canonicalize / chain_hash / verify_chain / verify_dag) out of korg-registry into a new standalone crate, korg-ledger — so the verifier publishes to crates.io as a clean `cargo install korg-verify`, and the spec implementation has one home rather than a copy per consumer. - New crate crates/korg-ledger (deps: serde_json, sha2, hmac only). The chain code moved verbatim — byte-identical (same SHA) — so conformance is unchanged. - korg-registry::ledger_chain is now a re-export of korg-ledger, so every `crate::ledger_chain::…` path (log.rs et al.) is untouched. Single source of truth, no duplicated implementation to drift. - korg-verify depends on korg-ledger instead of korg-registry (one import). Severs its only path dep on the internal runtime → publishable standalone. Tests: korg-ledger 3, korg-registry 23, korg-verify 15 (incl. the 5 frozen conformance vectors + 6 receipt tests) all pass. clippy clean, fmt clean. `cargo publish --dry-run -p korg-ledger` packages + verifies green. Publish order (needs a crates.io token): korg-ledger first, then korg-verify.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
To ship the verifier as a clean
cargo install korg-verify,korg-verifycan't depend on the internalkorg-registrypath crate. It only uses one thing from it —ledger_chain(240 lines). So I extracted those chain primitives into their own standalone, publishable crate,korg-ledger, which is also the natural home for thekorg-ledger@v1spec implementation.This avoids both bad alternatives: vendoring a 2nd copy of the hash code (drift risk), and publishing the entire internal runtime (
korg-core/korg-registry) to crates.io.Changes
crates/korg-ledger—canonicalize/chain_hash/verify_chain/verify_dag+GENESIS_HASH. Deps:serde_json,sha2,hmaconly. The code moved verbatim (byte-identical, same SHA) so conformance is unchanged.korg-registry::ledger_chainis now a re-export ofkorg-ledger(pub use korg_ledger::*;). Everycrate::ledger_chain::…caller (e.g.log.rs) is untouched — single source of truth, no duplication.korg-verifynow depends onkorg-ledger(one import swap). Its only internal path dep is gone → publishable standalone.members+Cargo.lockupdated.Test plan
korg-ledger3,korg-registry23,korg-verify15 (4 lib + 5 frozen conformance vectors + 6 receipt) — all passkorg-ledger+korg-verify; fmt cleancargo publish --dry-run -p korg-ledger→ Packaged + Verified greenkorg-verifydry-run correctly blocks on "no matching packagekorg-ledger" — confirms publish orderPublish (needs a crates.io token)
Then the launch command becomes
cargo install korg-verify.