I was sick for a few days, so the right work to come back to was not a flashy protocol feature. It was operator plumbing. Oversight already had the cryptographic path for sealing, opening, watermarking, and evidence bundles. The registry still needed the boring bridge from "reference implementation" to "service an operator can actually move onto without losing attribution history."
The current main branch now has three pieces of that bridge.
First, the repository has a public-safe live deployment shape: Compose
starts the registry on loopback, Caddy owns public TLS, and the live
profile routes the registry, beacon, OCSP-style, and license-style
hostnames without exposing the app process directly. The deployment
guide also makes the two operator secrets explicit:
OVERSIGHT_OPERATOR_TOKEN for write-side registry APIs and
OVERSIGHT_DNS_EVENT_SECRET for DNS-event bridge callbacks.
Second, the Rust Axum registry now matches the Python FastAPI registry
on those auth boundaries. If an operator token is configured,
POST /register and POST /attribute require it.
The DNS-event path accepts the same bearer/header secret pattern as the
Python bridge. That matters because a security protocol cannot have a
safer Python reference and a looser Rust replacement. The migration path
only makes sense if the target fails closed the same way.
Third, oversight-registry can now import the Python registry
database. The command is intentionally simple:
oversight-registry --db rust-registry.sqlite --migrate-from python-registry.sqlite --migrate-dry-run
Dry-run reports table counts without writing. Removing
--migrate-dry-run copies manifests, beacons, watermarks,
events, and corpus rows into the Rust schema after running the SQLx
migrations. The copy preserves event IDs, transparency-log indexes,
corpus metadata, and evidence relationships so existing attribution
history remains queryable after the move.
This does not declare the Rust registry v1.0. It removes one of the excuses for delaying that declaration. The remaining work is operational: longer-running deployment tests, migration validation against realistic operator databases, and a final wire-format stability statement. That is a much smaller and cleaner checklist than "rewrite the registry in Rust" or "figure out how to move the old data later."
The broader pattern is the same one that has kept Oversight honest since the security-hardening pass: do not ship silent fallbacks, do not hide policy gaps behind a nicer interface, and do not make operators choose between a safer old implementation and a faster new one. If the Rust registry is going to become the default backend, it has to inherit the evidence chain, the auth model, and the tests at the same time.
The relevant public docs are docs/REGISTRY_DEPLOYMENT.md,
docs/ROADMAP.md,
and the v1 registry interop spec at
docs/spec/registry-v1.md.
The implementation lives on main after the v0.4.11 hardware-key
release.