Automated release from CI pipeline
Changes:
cog-ha-matter (ADR-116 P4): Ed25519 signing layer for witness chain
Closes the cryptographic-attestation gap in ADR-116 §2.2: every
witness event can now be signed by the Seed's Ed25519 key, with
verify available to any auditor holding the public key.
Module shape (src/witness_signing.rs, kept separate from
witness:: so the hash chain stays usable without dalek linked
in — important for the wasm32 audit-verifier variant we'll ship
later):
- sign_event(event, &SigningKey) -> Signature
- verify_signature(event, &Signature, &VerifyingKey)
-> Result<(), SignatureVerifyError> - signature_to_hex / signature_from_hex (128-char lowercase,
matches the witness hex convention) - SignatureVerifyError::Invalid
- SignatureParseError::{Length, Hex}
Key design point: signature covers the SAME canonical bytes
witness::hash_event hashes. That means:
-
A signed event commits to the entire event content (kind,
payload, timestamp, seq, prev_hash) — no field can be
retroactively changed without invalidating both the hash AND
the signature. -
The signature implicitly commits to the event's chain
position via prev_hash — splicing a signed event into a
different chain breaks verification.
Adds ed25519-dalek = "2.1" to cog-ha-matter (already in
workspace via ruv-neural, version kept aligned).
9 new tests:
- sign_and_verify_round_trip
- verify_rejects_signature_under_wrong_key
- verify_rejects_tampered_event (mutate payload after sign)
- verify_rejects_event_with_wrong_prev_hash (splice attack)
- signature_hex_round_trip
- signature_from_hex_rejects_wrong_length
- signature_from_hex_rejects_non_hex
- signature_is_deterministic_for_same_event_and_key
(locks Ed25519's determinism — catches future accidental
swap to a randomized scheme) - different_events_produce_different_signatures
60/60 cog tests green (51 → 60). Key management is intentionally
out of scope here — the cog runtime reads the Seed's key from the
Cognitum control plane's secure store (separate concern).
ADR-116 P4 now ⁵⁄₆: ✅ mDNS record, ✅ chain, ✅ JSONL, ✅ file
persistence, ✅ Ed25519 signing; ⏳ responder + embedded broker.
Co-Authored-By: claude-flow ruv@ruv.net
Docker Image:
ghcr.io/ruvnet/RuView:bb154d4e7808622aff34bfea79a1b8d4f3021a61