docs: Describe top-level architecture of SDK #1599
Conversation
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #1599 +/- ##
=======================================
Coverage 75.47% 75.47%
=======================================
Files 165 165
Lines 37019 37019
=======================================
Hits 27941 27941
Misses 9078 9078 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
CodSpeed Performance ReportMerging #1599 will not alter performanceComparing Summary
Footnotes
|
scouten-adobe
requested review from
gpeacock,
mauricefisher64,
ok-nick and
tmathern
|
|
||
| ## Architectural overview | ||
|
|
||
| The SDK follows a layered architecture that separates concerns between user-facing APIs, data models, storage, asset I/O, cryptography, and validation. |
There was a problem hiding this comment.
I would call user-facing APIs -> public APIs. It's what they are,e ventually.
| The SDK follows a layered architecture that separates concerns between user-facing APIs, data models, storage, asset I/O, cryptography, and validation. | ||
|
|
||
| ```mermaid | ||
| graph TB |
There was a problem hiding this comment.
I sometimes consider the signer public, because users can technically define theirs (callback signers).
| ##### Key responsibilities | ||
|
|
||
| - Assemble manifest definitions from ingredients, assertions, and resources | ||
| - Coordinate with signers to create cryptographic signatures |
There was a problem hiding this comment.
Here, that is why I see Signers as public. They are not totally hidden.
|
|
||
| - Assemble manifest definitions from ingredients, assertions, and resources | ||
| - Coordinate with signers to create cryptographic signatures | ||
| - Embed signed manifests into assets via asset handlers |
There was a problem hiding this comment.
asset handlers = format handlers?
There was a problem hiding this comment.
Yes internally we reference them as asset handlers. I usually like to refer to them as parsers although I'm not sure what language is most clear.
There was a problem hiding this comment.
So we have multiple vocabulary options here ;). Maybe we need a glossary at the top..
|
|
||
| ##### Key responsibilities | ||
|
|
||
| - Extract JUMBF manifest stores from assets |
There was a problem hiding this comment.
I would rather say read? Since the JUMBF is left in place in the asset, reading is not destructive
| - Load JUMBF from asset streams (via appropriate handler) | ||
| - Save JUMBF to asset streams (via appropriate handler) | ||
| - Support multiple asset formats through handler registry | ||
| - Provide format detection |
There was a problem hiding this comment.
Already? I thought that was WIP for some?
|
|
||
| ##### Key responsibilities | ||
|
|
||
| - Define `ValidationState` enum (Invalid, Valid, Trusted) |
| - Define `ValidationState` enum (Invalid, Valid, Trusted) | ||
| - Track validation status codes (success, informational, failure) | ||
| - Support ingredient delta validation (changes from previous validation) | ||
| - Provide structured reporting for validation outcomes |
There was a problem hiding this comment.
I would put that bullet point second, because the others then clarify this
| - Provide event iteration and reporting | ||
| - Convert to user-facing validation results | ||
|
|
||
| ### Identity layer |
There was a problem hiding this comment.
I think that one may need to be higher up?
|
|
||
| Builder->>Claim: Build claim structure | ||
| Claim->>Claim: Add assertions | ||
| Claim->>Claim: Add ingredients |
There was a problem hiding this comment.
Add ingredients technically is optional (especially if you "create" an asset, which does not have a parent).
| style Builder fill:#fff4e1 | ||
| style Reader fill:#e1f5ff | ||
| style Store fill:#e8f5e9 | ||
| style Crypto fill:#f3e5f5 |
There was a problem hiding this comment.
The colors here can be difficult to see in dark mode.
|
|
||
| The SDK follows a layered architecture that separates concerns between user-facing APIs, data models, storage, asset I/O, cryptography, and validation. | ||
|
|
||
| ```mermaid |
There was a problem hiding this comment.
I'm not sure how accurate this diagram is. There's a few places where the arrows are incorrect, e.g. asset_io doesn't reference jumbf_io, the claim doesn't reference the resource store, etc. I think there's also quite a few missing arrows too, such as in the validation layer.
|
|
||
| The outermost layer provides high-level APIs for common workflows. | ||
|
|
||
| #### `Builder` ([builder.rs](builder.rs)) |
There was a problem hiding this comment.
This is really cool how it knows where to reference the file.
|
|
||
| #### `Builder` ([builder.rs](builder.rs)) | ||
|
|
||
| Creates and signs C2PA manifests. The `Builder` provides both declarative (JSON-based) and imperative (method-based) interfaces for constructing manifests. |
There was a problem hiding this comment.
I like to think of the JSON API as a separate API that's above the Builder. The definitions are a bit intertwined but there's ongoing work to fix that.
There was a problem hiding this comment.
It's a little bit like the Signer, they work together eventually.
|
|
||
| - Assemble manifest definitions from ingredients, assertions, and resources | ||
| - Coordinate with signers to create cryptographic signatures | ||
| - Embed signed manifests into assets via asset handlers |
There was a problem hiding this comment.
Yes internally we reference them as asset handlers. I usually like to refer to them as parsers although I'm not sure what language is most clear.
| - [`Assertion`](#assertion-assertionrs) | ||
| - [`assertions/`](#assertions) | ||
| - [`hashed_uri.rs`](hashed_uri.rs) | ||
| - [`ResourceStore`](#resourcestore-resource_storers) |
There was a problem hiding this comment.
Claim doesn't use the ResourceStore.
| - [`assertions/`](#assertions) | ||
| - [`ResourceStore`](#resourcestore-resource_storers) | ||
|
|
||
| #### `Ingredient` ([ingredient.rs](ingredient.rs)) |
There was a problem hiding this comment.
We should make it clear here that an "ingredient" is really just an assertion that wraps a C2PA manifest. I believe there is ongoing work to clarify this in the APIs.
|
|
||
| Defines traits for asset I/O operations. These traits abstract over different asset formats, allowing the SDK to handle JPEG, PNG, MP4, and other formats uniformly. | ||
|
|
||
| ##### Key traits |
There was a problem hiding this comment.
There's a few more traits we may want to describe here. There's also the CAIRead trait.
| - Load JUMBF from asset streams (via appropriate handler) | ||
| - Save JUMBF to asset streams (via appropriate handler) | ||
| - Support multiple asset formats through handler registry | ||
| - Provide format detection |
There was a problem hiding this comment.
We don't necessarily detect formats.
|
|
||
| Defines the `Signer` and `AsyncSigner` traits that abstract over different signing implementations. This allows the SDK to work with various signing mechanisms (local keys, HSMs, remote services, etc.). | ||
|
|
||
| ##### Key responsibilities |
There was a problem hiding this comment.
Also good to mention time authorities here.
There was a problem hiding this comment.
Isn't that Coordinate with timestamp authorities? Or do you mean more details?
|
|
||
| #### `Builder` ([builder.rs](builder.rs)) | ||
|
|
||
| Creates and signs C2PA manifests. The `Builder` provides both declarative (JSON-based) and imperative (method-based) interfaces for constructing manifests. |
There was a problem hiding this comment.
It's a little bit like the Signer, they work together eventually.
|
|
||
| - Assemble manifest definitions from ingredients, assertions, and resources | ||
| - Coordinate with signers to create cryptographic signatures | ||
| - Embed signed manifests into assets via asset handlers |
There was a problem hiding this comment.
So we have multiple vocabulary options here ;). Maybe we need a glossary at the top..
| - [`status_tracker/`](#status_tracker) | ||
| - [`asset_io.rs`](#asset_iors) | ||
|
|
||
| #### Public type exports |
There was a problem hiding this comment.
Maybe we should just keep the ones that are stable, and exposed in the other SDKs?
Reader, Builder, Signer for instance are good candidates.
|
|
||
| Defines the `Signer` and `AsyncSigner` traits that abstract over different signing implementations. This allows the SDK to work with various signing mechanisms (local keys, HSMs, remote services, etc.). | ||
|
|
||
| ##### Key responsibilities |
There was a problem hiding this comment.
Isn't that Coordinate with timestamp authorities? Or do you mean more details?
|
|
||
| - Wrap callback functions as `Signer` trait | ||
| - Support custom signing logic | ||
| - Enable HSM and remote signing workflows |
| - Validate certificate chains against trust anchors | ||
| - Verify timestamp tokens | ||
| - Check OCSP responses | ||
| - Apply trust policies and EKU requirements |
|
|
||
| ### Specialized modules | ||
|
|
||
| #### [dynamic_assertion.rs](dynamic_assertion.rs) |
There was a problem hiding this comment.
Isn't that a key module? Eg. to add CAWG data on signing?
|
|
||
| #### [settings/](settings/) | ||
|
|
||
| SDK-wide configuration system using thread-local settings. |
There was a problem hiding this comment.
| SDK-wide configuration system using thread-local settings. | |
| SDK-wide configuration system using *thread-local* settings. |
It needs the emphasis, currently.
No description provided.