Rename mtc_worker and mtc_api to bootstrap_mtc_worker and bootstrap_mtc_api, closes #196

Renames both crates and all associated types to distinguish the bootstrap
MTC implementation (used for the bootstrap MTC experiment) from the
forthcoming 'real' MTC implementation (#197). We'll move shared
functionality into a common crate later.

Crate renames:
- crates/mtc_worker/ → crates/bootstrap_mtc_worker/
- crates/mtc_api/    → crates/bootstrap_mtc_api/

Type and symbol renames in integration_tests:
- MtcClient               → BootstrapMtcClient
- MtcChain                → BootstrapMtcChain
- make_mtc_chain          → make_bootstrap_mtc_chain
- mtc_log_name            → bootstrap_mtc_log_name
- MTC_LOG_NAME            → BOOTSTRAP_MTC_LOG_NAME
- AddEntryResponse        → BootstrapMtcAddEntryResponse
- GetCertificateResponse  → BootstrapMtcGetCertificateResponse
- MtcMetadataResponse     → BootstrapMtcMetadataResponse
- tests/mtc_api.rs        → tests/bootstrap_mtc_api.rs

Also adds and updates READMEs:
- bootstrap_mtc_api/README.md: new; describes the crate as frozen on the
  bootstrap protocol (~davidben-09), with a note that the IETF draft
  renamed 'signatureless' to 'landmark-relative'
- bootstrap_mtc_worker/README.md: rewritten; clarifies this is the older
  bootstrap experiment, not the current IETF draft; uses 'signatureless'
  terminology; adds integration test instructions
- ct_worker/README.md: updates cross-reference to bootstrap_mtc_worker

Fixes terminology throughout:
- 'MTCA' → 'MTC CA'
- 'Merkle Tree CA' / 'Merkle Tree Certificate CA' → 'Merkle Tree Certificates CA'

Replaces 'crates/*' workspace members glob with an explicit list to
prevent stray crate directories from being inadvertently picked up.

Author: lukevalenta

.github/workflows/integration.yml

@@ -58,8 +58,8 @@ jobs:
           BASE_URL: http://localhost:8787
           LOG_NAME: dev2026h1a
 
-  integration-mtc:
-    name: MTC Worker Integration Tests
+  integration-bootstrap-mtc:
+    name: Bootstrap MTC Worker Integration Tests
     runs-on: ubuntu-latest
 
     steps:
@@ -76,16 +76,16 @@ jobs:
       - name: Install worker-build
         run: cargo install worker-build@0.7.5 --locked
 
-      - name: Build mtc_worker (dev environment, with dev-bootstrap-roots)
-        working-directory: crates/mtc_worker
+      - name: Build bootstrap_mtc_worker (dev environment, with dev-bootstrap-roots)
+        working-directory: crates/bootstrap_mtc_worker
         # wrangler.jsonc dev build already includes --features dev-bootstrap-roots
         run: DEPLOY_ENV=dev worker-build --release --features dev-bootstrap-roots
 
       # .dev.vars contains the per-log signing and cosigning keys used by
       # wrangler dev. These are dev-only keys (not production secrets) and are
       # committed to the repository.
       - name: Start wrangler dev
-        working-directory: crates/mtc_worker
+        working-directory: crates/bootstrap_mtc_worker
         run: npx wrangler@4.80.0 -e=dev dev --port 8787 --persist-to .wrangler/state &
 
       - name: Wait for wrangler dev to be ready
@@ -101,8 +101,8 @@ jobs:
           echo "wrangler dev failed to start in time"
           exit 1
 
-      - name: Run MTC integration tests
-        run: cargo test -p integration_tests --test mtc_api --verbose
+      - name: Run Bootstrap MTC integration tests
+        run: cargo test -p integration_tests --test bootstrap_mtc_api --verbose
         env:
           BASE_URL: http://localhost:8787
-          MTC_LOG_NAME: dev2
+          BOOTSTRAP_MTC_LOG_NAME: dev2

AGENTS.md

@@ -8,7 +8,7 @@ Azul is a Rust workspace implementing tiled Certificate Transparency logs and Me
 
 ```
 crates/ct_worker/      - Static CT API Worker (deployable); wrangler.jsonc here
-crates/mtc_worker/     - Merkle Tree CA Worker (deployable); wrangler.jsonc here
+crates/bootstrap_mtc_worker/     - Bootstrap MTC CA Worker (deployable); wrangler.jsonc here
 crates/generic_log_worker/ - Shared Durable Object logic (Sequencer, Batcher, Cleaner)
 crates/tlog_tiles/     - C2SP tlog-tiles spec impl (published to crates.io)
 crates/static_ct_api/  - C2SP static-ct-api spec impl (published to crates.io)
@@ -27,7 +27,7 @@ cargo bench                      # run benchmarks (criterion in signed_note)
 cargo fuzz run fuzz_parse_tile_path
 cargo fuzz run fuzz_parse_checkpoint
 
-# Worker local dev (run from crates/ct_worker/ or crates/mtc_worker/)
+# Worker local dev (run from crates/ct_worker/ or crates/bootstrap_mtc_worker/)
 npx wrangler -e=dev dev
 ./reset-dev.sh                   # clear local wrangler state between runs
 
@@ -40,12 +40,12 @@ cargo test -p integration_tests --test static_ct_api
 # Override defaults:
 BASE_URL=http://localhost:8787 LOG_NAME=dev2026h1a cargo test -p integration_tests --test static_ct_api
 
-# MTC worker tests — from crates/mtc_worker/:
+# Bootstrap MTC worker tests — from crates/bootstrap_mtc_worker/:
 npx wrangler -e=dev dev &
 # From workspace root:
-cargo test -p integration_tests --test mtc_api
+cargo test -p integration_tests --test bootstrap_mtc_api
 # Override defaults:
-BASE_URL=http://localhost:8787 MTC_LOG_NAME=dev2 cargo test -p integration_tests --test mtc_api
+BASE_URL=http://localhost:8787 BOOTSTRAP_MTC_LOG_NAME=dev2 cargo test -p integration_tests --test bootstrap_mtc_api
 
 # Worker deploy
 npx wrangler -e=${ENV} deploy
@@ -56,7 +56,7 @@ npx wrangler -e=${ENV} tail
 
 - Worker crates use `crate-type = ["cdylib"]`; library crates use `rlib`
 - Worker build is handled by `worker-build`, not `cargo build` directly — wrangler.jsonc invokes it automatically
-- Config types live in separate sub-crates: `crates/ct_worker/config/`, `crates/mtc_worker/config/`
+- Config types live in separate sub-crates: `crates/ct_worker/config/`, `crates/bootstrap_mtc_worker/config/`
 - `DEPLOY_ENV=<env>` env var must be set when invoking `worker-build` manually; wrangler.jsonc sets it per environment
 - `der` crate is patched to a private fork in `Cargo.toml` `[patch.crates-io]` — do not remove or alter this
 

Cargo.lock

@@ -5,16 +5,31 @@
 # This is needed to avoid pulling in tokio features in wasm targets, due to new features in version 0.0.18 of the `worker` crate
 # See: https://doc.rust-lang.org/edition-guide/rust-2021/default-cargo-resolver.html#details
 resolver = "2"
-members = ["crates/*", "fuzz"]
+members = [
+    "crates/bootstrap_mtc_api",
+    "crates/bootstrap_mtc_worker",
+    "crates/ct_worker",
+    "crates/generic_log_worker",
+    "crates/integration_tests",
+    "crates/length_prefixed",
+    "crates/sct_validator",
+    "crates/signed_note",
+    "crates/signed_note_wasm",
+    "crates/static_ct_api",
+    "crates/tlog_tiles",
+    "crates/tlog_tiles_wasm",
+    "crates/x509_util",
+    "fuzz",
+]
 # Exclude integration_tests from the default test run — it requires a live
 # wrangler dev instance and will hang if run without one.
 # Run explicitly with: cargo test -p integration_tests --test static_ct_api
 default-members = [
     "crates/ct_worker",
     "crates/generic_log_worker",
     "crates/length_prefixed",
-    "crates/mtc_api",
-    "crates/mtc_worker",
+    "crates/bootstrap_mtc_api",
+    "crates/bootstrap_mtc_worker",
     "crates/sct_validator",
     "crates/signed_note",
     "crates/signed_note_wasm",
@@ -70,7 +85,7 @@ jsonschema = "0.30"
 length_prefixed = { path = "crates/length_prefixed" }
 libfuzzer-sys = "0.4"
 log = { version = "0.4" }
-mtc_api = { version = "0.2.0", path = "crates/mtc_api" }
+bootstrap_mtc_api = { version = "0.2.0", path = "crates/bootstrap_mtc_api" }
 p256 = { version = "0.13", features = ["ecdsa"] }
 parking_lot = "0.12"
 prometheus = "0.14"

Cargo.toml

@@ -1,5 +1,5 @@
 [package]
-name = "mtc_api"
+name = "bootstrap_mtc_api"
 version.workspace = true
 authors.workspace = true
 edition.workspace = true

crates/mtc_api/Cargo.toml crates/bootstrap_mtc_api/Cargo.tomlcrates/mtc_api/Cargo.toml renamed to crates/bootstrap_mtc_api/Cargo.toml

@@ -0,0 +1,26 @@
+# bootstrap_mtc_api
+
+Core types and logic for the [Bootstrap MTC CA](../bootstrap_mtc_worker/README.md).
+
+This crate implements the bootstrap-specific protocol layer on top of the shared
+[`tlog_tiles`](../tlog_tiles/) infrastructure:
+
+- **X.509 bootstrap chain validation** — validates a submitted certificate chain
+  against a root pool, enforces EKU (`serverAuth`), filters extensions, and
+  converts the leaf to a `TBSCertificateLogEntry`.
+- **`MerkleTreeCertEntry` encoding/decoding** — the binary log entry format
+  (approximately draft-davidben-tls-merkle-tree-certs-09).
+- **`serialize_signatureless_cert`** — constructs the signatureless MTC
+  certificate from a sequenced log entry, an inclusion proof, and the subscriber's
+  SPKI. (The IETF draft renamed these to "landmark-relative" certificates.)
+- **Landmark sequence** — tracks the active landmark subtrees and their Merkle
+  roots for inclusion proof generation.
+- **Cosigner** — Ed25519-based subtree cosigning over the `mtc-subtree/v1` note
+  format.
+
+This crate is intentionally frozen at the bootstrap protocol version and will not
+be updated to track the IETF draft.
+
+## License
+
+The project is licensed under the [BSD-3-Clause License](./LICENSE).

crates/bootstrap_mtc_api/README.md

@@ -679,10 +679,10 @@ pub fn validate_correspondence(
 ///   chain must start with a leaf certificate and end with a certificate that
 ///   is a trusted root or is signed by a trusted root.
 /// * `roots` - A certificate pool containing the trusted roots.
-/// * `issuer` - The issuer name of the Merkle Tree CA, to replace the issuer in
+/// * `issuer` - The issuer name of the MTC CA, to replace the issuer in
 ///   the bootstrap certificate.
 /// * `validity` - A bound on the maximum validity period for the returned
-///   Merkle Tree log entry, based on the Merkle Tree CA's parameters. This
+///   Merkle Tree log entry, based on the MTC CA's parameters. This
 ///   bound is further adjusted to ensure that it is covered by the bootstrap
 ///   chain.
 ///