package main

// SubstrateKeyManager implements the SPIRE KeyManager plugin interface.
//
// SPIRE Server uses KeyManager plugins to generate, store, and use signing
// keys for SVID issuance. This plugin adds governance awareness:
//
//   - Key generation: Standard Ed25519/ECDSA key generation
//   - Key storage: Keys stored in memory (ephemeral) or filesystem (persistent)
//   - Key rotation: Triggers a governance ceremony when Accord policy requires it
//   - Audit: Key lifecycle events (generate, rotate, destroy) are merkle-anchored
//
// The governance integration ensures that CA key changes (which affect all
// issued SVIDs) are treated as high-impact governed mutations, typically
// requiring quorum approval.
type SubstrateKeyManager struct {
	// TODO: add fields
	// - key store (in-memory or filesystem)
	// - governance.Client for ceremony-gated rotation
	// - config for key algorithm, rotation policy
}