refacotr: project structer

Author: atlas-form

crates/capsula-core/src/protocol/audit.rs crates/capsula-core/src/audit/mod.rscrates/capsula-core/src/protocol/audit.rs renamed to crates/capsula-core/src/audit/mod.rs

@@ -0,0 +1,13 @@
+use serde::{Deserialize, Serialize};
+
+use crate::EncAlg;
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct Ciphertext {
+    pub ct: String,     // base64(ciphertext || tag)
+    pub aad: String,    // base64(aad) —— 由外层计算并传入（绑定上下文）
+    pub enc: EncAlg,    // AES-256-GCM / ChaCha20-Poly1305
+    pub nonce: String,  // base64(12 bytes)
+    pub len: u64,       // 明文长度（字节）
+    pub dek_id: String, // 对应的 DEK ID（外层用 KeyWrap 关联）
+}

crates/capsula-core/src/block/ciphertext.rs

@@ -0,0 +1,3 @@
+pub mod ciphertext;
+pub mod proof;
+pub mod seal;

crates/capsula-core/src/block/mod.rs

@@ -0,0 +1,13 @@
+use serde::{Deserialize, Serialize};
+
+use crate::integrity::{digest::Digest, signature::Signature};
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct AuthorProof {
+    pub subject: Digest, // 明文指纹（或 Merkle 根）
+    #[serde(default)]
+    pub schema_hash: Option<String>, // 可选：明文结构/规范哈希
+    #[serde(default)]
+    pub issued_at: Option<String>, // 可选：RFC3339 出具时间
+    pub signature: Signature, // 作者对 {subject, schema_hash?, issued_at?} 的脱离式签名
+}

crates/capsula-core/src/block/proof.rs

@@ -5,57 +5,17 @@ use capsula_crypto::{
 use capsula_key::key::SigningKey;
 use pkcs8::{der::Decode, spki::SubjectPublicKeyInfoRef};
 use serde::{Deserialize, Serialize};
-use serde_json::Value;
 use sha2::{Digest as Sha2Digest, Sha256};
 use time::OffsetDateTime;
 
 use crate::{
+    block::{ciphertext::Ciphertext, proof::AuthorProof},
     error::{CoreError as Error, Result},
+    integrity::{digest::Digest, signature::Signature},
     keyring::{KeyWrap, Keyring},
     ContentType, EncAlg,
 };
 
-// --- 密文块：加解密所需最小信息 ---
-#[derive(Debug, Clone, Serialize, Deserialize)]
-pub struct Ciphertext {
-    pub ct: String,     // base64(ciphertext || tag)
-    pub aad: String,    // base64(aad) —— 由外层计算并传入（绑定上下文）
-    pub enc: EncAlg,    // AES-256-GCM / ChaCha20-Poly1305
-    pub nonce: String,  // base64(12 bytes)
-    pub len: u64,       // 明文长度（字节）
-    pub dek_id: String, // 对应的 DEK ID（外层用 KeyWrap 关联）
-}
-
-// --- 明文指纹（被签名的“承诺值”）---
-#[derive(Debug, Clone, Serialize, Deserialize)]
-pub struct Digest {
-    pub alg: String,  // 例: "SHA-256" / "Merkle-SHA256"
-    pub hash: String, // hex 或 base64
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub summary: Option<Value>, // 任意结构的概要标签，如 {"heme":"normal"}
-}
-
-// --- 作者签名（对 AuthorProof 的签名值/身份线索）---
-#[derive(Debug, Clone, Serialize, Deserialize)]
-pub struct Signature {
-    pub alg: String,         // "Ed25519" / "ECDSA-P256-SHA256"
-    pub sig: String,         // base64(signature)
-    pub author_hint: String, // 作者标识线索（证书主体/DID/公钥指纹）
-    #[serde(default)]
-    pub cert_hint: Option<String>, // 可选：证书链/目录定位线索
-}
-
-// --- 作者证明：明确“签了什么” ---
-#[derive(Debug, Clone, Serialize, Deserialize)]
-pub struct AuthorProof {
-    pub subject: Digest, // 明文指纹（或 Merkle 根）
-    #[serde(default)]
-    pub schema_hash: Option<String>, // 可选：明文结构/规范哈希
-    #[serde(default)]
-    pub issued_at: Option<String>, // 可选：RFC3339 出具时间
-    pub signature: Signature, // 作者对 {subject, schema_hash?, issued_at?} 的脱离式签名
-}
-
 // --- 最小可验证封装单元：密文 + 单一作者证明 ---
 #[derive(Debug, Clone, Serialize, Deserialize)]
 pub struct SealedBlock {
@@ -227,7 +187,6 @@ impl SealedBlock {
         Ok(Digest {
             alg: "SHA-256".to_string(),
             hash,
-            summary: None,
         })
     }
 

crates/capsula-core/src/protocol/block.rs crates/capsula-core/src/block/seal.rscrates/capsula-core/src/protocol/block.rs renamed to crates/capsula-core/src/block/seal.rs

@@ -1 +1,22 @@
+use serde::{Deserialize, Serialize};
 
+use crate::{
+    capsule::{header::Header, meta::Meta},
+    integrity::Integrity,
+    Keyring,
+};
+
+pub mod header;
+pub mod meta;
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct Capsula {
+    pub header: Header, // ← 胶囊头（版本、类型、时间戳等）
+    pub meta: Meta,     // ← 元数据（0阶数据的摘要等）
+
+    pub policy: String,       // 指向数据库或 IPFS 的访问策略
+    pub integrity: Integrity, // ← 对整个胶囊的签名
+
+    #[serde(default)]
+    pub keyring: Keyring, // 传输时的密钥包装
+}

…ates/capsula-core/src/protocol/header.rs crates/capsula-core/src/capsule/header.rscrates/capsula-core/src/protocol/header.rs renamed to crates/capsula-core/src/capsule/header.rs crates/capsula-core/src/protocol/header.rs renamed to crates/capsula-core/src/capsule/header.rs

@@ -0,0 +1,7 @@
+use serde::{Deserialize, Serialize};
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct Digest {
+    pub alg: String,  // 例: "SHA-256" / "Merkle-SHA256"
+    pub hash: String, // hex 或 base64
+}

crates/capsula-core/src/protocol/meta.rs crates/capsula-core/src/capsule/meta.rscrates/capsula-core/src/protocol/meta.rs renamed to crates/capsula-core/src/capsule/meta.rs

@@ -0,0 +1,14 @@
+pub mod digest;
+pub mod signature;
+pub mod watermark;
+
+use serde::{Deserialize, Serialize};
+
+use crate::integrity::{digest::Digest, signature::Signature, watermark::Watermark};
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct Integrity {
+    pub digest: Digest,
+    pub signature: Signature,         // 整体指纹（对整个胶囊的摘要）
+    pub watermark: Option<Watermark>, // 数字水印
+}