auths-dev · bordumb · Mar 29, 2026 · Mar 29, 2026
diff --git a/crates/auths-cli/src/commands/artifact/sign.rs b/crates/auths-cli/src/commands/artifact/sign.rs
@@ -5,7 +5,9 @@ use std::sync::Arc;
 use auths_core::config::EnvironmentConfig;
 use auths_core::signing::PassphraseProvider;
 use auths_core::storage::keychain::KeyAlias;
-use auths_sdk::signing::{ArtifactSigningParams, SigningKeyMaterial, sign_artifact};
+use auths_sdk::domains::signing::service::{
+    ArtifactSigningParams, SigningKeyMaterial, sign_artifact,
+};
 
 use super::file::FileArtifact;
 use crate::factories::storage::build_auths_context;

diff --git a/crates/auths-cli/src/commands/device/authorization.rs b/crates/auths-cli/src/commands/device/authorization.rs
@@ -273,7 +273,7 @@ pub fn handle_device(
                 Some(Arc::clone(&passphrase_provider)),
             )?;
 
-            let result = auths_sdk::device::link_device(
+            let result = auths_sdk::domains::device::service::link_device(
                 link_config,
                 &ctx,
                 &auths_core::ports::clock::SystemClock,
@@ -300,7 +300,7 @@ pub fn handle_device(
             )?;
 
             let identity_key_alias = KeyAlias::new_unchecked(key);
-            auths_sdk::device::revoke_device(
+            auths_sdk::domains::device::service::revoke_device(
                 &device_did,
                 &identity_key_alias,
                 &ctx,
@@ -449,11 +449,12 @@ fn handle_extend(
     };
     let ctx = build_auths_context(repo_path, env_config, Some(passphrase_provider))?;
 
-    let result =
-        auths_sdk::device::extend_device(config, &ctx, &auths_core::ports::clock::SystemClock)
-            .with_context(|| {
-                format!("Failed to extend device authorization for '{}'", device_did)
-            })?;
+    let result = auths_sdk::domains::device::service::extend_device(
+        config,
+        &ctx,
+        &auths_core::ports::clock::SystemClock,
+    )
+    .with_context(|| format!("Failed to extend device authorization for '{}'", device_did))?;
 
     println!(
         "Successfully extended expiration for {} to {}",

diff --git a/crates/auths-cli/src/commands/id/register.rs b/crates/auths-cli/src/commands/id/register.rs
@@ -9,9 +9,9 @@ use auths_id::ports::registry::RegistryBackend;
 use auths_id::storage::attestation::AttestationSource;
 use auths_id::storage::identity::IdentityStorage;
 use auths_infra_http::HttpRegistryClient;
-use auths_sdk::error::RegistrationError;
-pub use auths_sdk::registration::DEFAULT_REGISTRY_URL;
-use auths_sdk::result::RegistrationOutcome;
+use auths_sdk::domains::identity::error::RegistrationError;
+pub use auths_sdk::domains::identity::registration::DEFAULT_REGISTRY_URL;
+use auths_sdk::domains::identity::types::RegistrationOutcome;
 use auths_storage::git::{
     GitRegistryBackend, RegistryAttestationStorage, RegistryConfig, RegistryIdentityStorage,
 };
@@ -48,14 +48,16 @@ pub fn handle_register(repo_path: &Path, registry: &str) -> Result<()> {
 
     let registry_client = HttpRegistryClient::new();
 
-    match rt.block_on(auths_sdk::registration::register_identity(
-        identity_storage,
-        backend,
-        attestation_source,
-        registry,
-        None,
-        &registry_client,
-    )) {
+    match rt.block_on(
+        auths_sdk::domains::identity::registration::register_identity(
+            identity_storage,
+            backend,
+            attestation_source,
+            registry,
+            None,
+            &registry_client,
+        ),
+    ) {
         Ok(outcome) => display_registration_result(&outcome),
         Err(RegistrationError::AlreadyRegistered) => {
             bail!("Identity already registered at this registry.");

diff --git a/crates/auths-cli/src/commands/init/gather.rs b/crates/auths-cli/src/commands/init/gather.rs
@@ -155,14 +155,16 @@ pub(crate) fn submit_registration(
 
     let registry_client = HttpRegistryClient::new();
 
-    match rt.block_on(auths_sdk::registration::register_identity(
-        identity_storage,
-        backend,
-        attestation_source,
-        registry_url,
-        proof_url,
-        &registry_client,
-    )) {
+    match rt.block_on(
+        auths_sdk::domains::identity::registration::register_identity(
+            identity_storage,
+            backend,
+            attestation_source,
+            registry_url,
+            proof_url,
+            &registry_client,
+        ),
+    ) {
         Ok(outcome) => {
             out.print_success(&format!("Identity registered at {}", outcome.registry));
             Some(outcome.registry)
@@ -216,7 +218,7 @@ pub(crate) fn ensure_registry_dir(registry_path: &Path) -> Result<()> {
             )
         })?;
     }
-    auths_sdk::setup::install_registry_hook(registry_path);
+    auths_sdk::domains::identity::service::install_registry_hook(registry_path);
     Ok(())
 }
 

diff --git a/crates/auths-cli/src/commands/init/mod.rs b/crates/auths-cli/src/commands/init/mod.rs
@@ -17,11 +17,12 @@ use std::sync::Arc;
 use auths_core::PrefilledPassphraseProvider;
 use auths_core::signing::StorageSigner;
 use auths_core::storage::keychain::KeyStorage;
+use auths_sdk::domains::identity::registration::DEFAULT_REGISTRY_URL;
+use auths_sdk::domains::identity::service::initialize;
+use auths_sdk::domains::identity::types::IdentityConfig;
+use auths_sdk::domains::identity::types::InitializeResult;
+use auths_sdk::domains::signing::types::GitSigningScope;
 use auths_sdk::ports::git_config::GitConfigProvider;
-use auths_sdk::registration::DEFAULT_REGISTRY_URL;
-use auths_sdk::result::InitializeResult;
-use auths_sdk::setup::initialize;
-use auths_sdk::types::{GitSigningScope, IdentityConfig};
 
 use crate::adapters::git_config::SystemGitConfigProvider;
 use crate::config::CliConfig;

diff --git a/crates/auths-cli/src/commands/namespace.rs b/crates/auths-cli/src/commands/namespace.rs
@@ -12,8 +12,8 @@ use auths_crypto::AuthsErrorInfo;
 use auths_id::storage::identity::IdentityStorage;
 use auths_id::storage::layout;
 use auths_infra_http::resolve_verified_platform_context;
+use auths_sdk::domains::identity::registration::DEFAULT_REGISTRY_URL;
 use auths_sdk::namespace_registry::NamespaceVerifierRegistry;
-use auths_sdk::registration::DEFAULT_REGISTRY_URL;
 use auths_sdk::workflows::namespace::{
     DelegateNamespaceCommand, TransferNamespaceCommand, initiate_namespace_claim,
     parse_claim_response, parse_lookup_response, sign_namespace_delegate, sign_namespace_transfer,

diff --git a/crates/auths-cli/src/errors/renderer.rs b/crates/auths-cli/src/errors/renderer.rs
@@ -1,10 +1,10 @@
 use anyhow::Error;
 use auths_core::error::{AgentError, AuthsErrorInfo};
+use auths_sdk::domains::signing::service::{ArtifactSigningError, SigningError};
 use auths_sdk::error::{
     ApprovalError, DeviceError, DeviceExtensionError, McpAuthError, OrgError, RegistrationError,
     RotationError, SetupError,
 };
-use auths_sdk::signing::{ArtifactSigningError, SigningError};
 use auths_sdk::workflows::allowed_signers::AllowedSignersError;
 use auths_verifier::AttestationError;
 use colored::Colorize;