Signed namespace policy verification and declared-vs-observed enforcement.
A namespace policy is a signed, in-log, versioned record declaring the cryptographic posture a namespace operates under: checkpoint signature suite and security level, the CONIKS commitment hash, and the VRF mode. Because the policy is itself a log leaf, the posture is auditable and tamper-evident.
verify/1 checks the policy's self-signature and returns the declared
posture. The enforce_* functions then assert that an observed artifact
(a checkpoint signing key, a checkpoint signature, a VRF suite id, or a
commitment hash) matches what the verified policy declares — the
"declared == observed" invariant that stops an operator from silently
downgrading.
The signed policy envelope is base64-encoded.
Summary
Functions
Enforce that a checkpoint signature_b64 matches the verified policy's
declared checkpoint posture. Returns :ok or {:error, reason}.
Enforce that a checkpoint signing key (public_key_b64) matches the verified
policy's declared checkpoint posture. Returns :ok or {:error, reason}.
Enforce that an observed commitment_hash (:sha3_256 | :sha3_512) matches
the policy's declaration. Returns :ok or {:error, reason}.
Enforce that an observed VRF suite_id matches the policy's declared VRF
mode. Returns :ok or {:error, reason}.
Verify a signed policy envelope and return the declared posture as a
%MetamorphicLog.Policy{} struct.
Types
@type t() :: %MetamorphicLog.Policy{ checkpoint_suite: :hybrid | :hybrid_matched | :pure_cnsa2, commitment_hash: :sha3_256 | :sha3_512, created_at: non_neg_integer(), effective_from: non_neg_integer(), namespace: String.t(), policy_hash: String.t(), policy_schema_version: non_neg_integer(), rfc6962_leaf_hash: String.t(), security_level: :cat3 | :cat5, vrf_mode: :classical | :hybrid_output | :pure_pq_experimental }
A verified namespace policy.
:security_level—:cat3|:cat5:checkpoint_suite—:hybrid|:hybrid_matched|:pure_cnsa2:commitment_hash—:sha3_256|:sha3_512:vrf_mode—:classical|:hybrid_output|:pure_pq_experimental:policy_hash,:rfc6962_leaf_hash— base64-encoded
Functions
Enforce that a checkpoint signature_b64 matches the verified policy's
declared checkpoint posture. Returns :ok or {:error, reason}.
Enforce that a checkpoint signing key (public_key_b64) matches the verified
policy's declared checkpoint posture. Returns :ok or {:error, reason}.
Enforce that an observed commitment_hash (:sha3_256 | :sha3_512) matches
the policy's declaration. Returns :ok or {:error, reason}.
Enforce that an observed VRF suite_id matches the policy's declared VRF
mode. Returns :ok or {:error, reason}.
Verify a signed policy envelope and return the declared posture as a
%MetamorphicLog.Policy{} struct.
Returns {:ok, %Policy{}} or {:error, reason}.
Example
{:ok, %MetamorphicLog.Policy{checkpoint_suite: :hybrid}} =
MetamorphicLog.Policy.verify(signed_b64)