save development progress

2025-12-25 23:09:58 +02:00
parent d71853ad7e
commit aa70af062e
351 changed files with 37683 additions and 150156 deletions
--- a/docs/modules/provcache/README.md
+++ b/docs/modules/provcache/README.md
@@ -198,14 +198,38 @@ sequenceDiagram

 ## Invalidation

+> **See also**: [architecture.md](architecture.md#invalidation-mechanisms) for detailed invalidation flow diagrams.
+
 ### Automatic Invalidation Triggers

-| Trigger | Event | Scope |
-|---------|-------|-------|
-| Signer Revocation | `SignerRevokedEvent` | All entries with matching `signer_set_hash` |
-| Feed Epoch Advance | `FeedEpochAdvancedEvent` | Entries with older `feed_epoch` |
-| Policy Update | `PolicyUpdatedEvent` | Entries with matching `policy_hash` |
-| TTL Expiry | Background job | Entries past `expires_at` |
+| Trigger | Event | Scope | Implementation |
+|---------|-------|-------|----------------|
+| Signer Revocation | `SignerRevokedEvent` | All entries with matching `signer_set_hash` | `SignerSetInvalidator` |
+| Feed Epoch Advance | `FeedEpochAdvancedEvent` | Entries with older `feed_epoch` | `FeedEpochInvalidator` |
+| Policy Update | `PolicyUpdatedEvent` | Entries with matching `policy_hash` | `PolicyHashInvalidator` |
+| TTL Expiry | Background job | Entries past `expires_at` | `TtlExpirationService` |
+
+### Invalidation Interfaces
+
+```csharp
+// Main invalidator interface
+public interface IProvcacheInvalidator
+{
+    Task<int> InvalidateAsync(
+        InvalidationCriteria criteria,
+        string reason,
+        string? correlationId = null,
+        CancellationToken cancellationToken = default);
+}
+
+// Revocation ledger for audit trail
+public interface IRevocationLedger
+{
+    Task RecordAsync(RevocationEntry entry, CancellationToken ct = default);
+    Task<IReadOnlyList<RevocationEntry>> GetEntriesSinceAsync(long sinceSeqNo, int limit = 1000, CancellationToken ct = default);
+    Task<RevocationLedgerStats> GetStatsAsync(CancellationToken ct = default);
+}
+```

 ### Manual Invalidation

@@ -227,8 +251,25 @@ POST /v1/provcache/invalidate
 }
 ```

+### Revocation Replay
+
+Nodes can replay missed revocation events after restart or network partition:
+
+```csharp
+var replayService = services.GetRequiredService<IRevocationReplayService>();
+var checkpoint = await replayService.GetCheckpointAsync();
+
+var result = await replayService.ReplayFromAsync(
+    sinceSeqNo: checkpoint,
+    new RevocationReplayOptions { BatchSize = 1000 });
+
+// result.EntriesReplayed, result.TotalInvalidations
+```
+
 ## Air-Gap Integration

+> **See also**: [architecture.md](architecture.md#air-gap-exportimport) for bundle format specification and architecture diagrams.
+
 ### Export Workflow

 ```bash
@@ -248,17 +289,56 @@ stella prov export --verikey sha256:abc123 --density strict --sign
 # Import and verify Merkle root
 stella prov import --input proof.bundle

-# Import with lazy chunk fetch
+# Import with lazy chunk fetch (connected mode)
 stella prov import --input proof-lite.json --lazy-fetch --backend https://api.stellaops.com
+
+# Import with lazy fetch from file directory (sneakernet mode)
+stella prov import --input proof-lite.json --lazy-fetch --chunks-dir /mnt/usb/evidence
 ```

 ### Density Levels

-| Level | Contents | Size | Use Case |
-|-------|----------|------|----------|
-| `lite` | DecisionDigest + ProofRoot | ~2 KB | Quick verification |
-| `standard` | + First N chunks | ~200 KB | Normal audit |
-| `strict` | + All chunks | Variable | Full compliance |
+| Level | Contents | Size | Use Case | Lazy Fetch Support |
+|-------|----------|------|----------|--------------------|
+| `lite` | DecisionDigest + ProofRoot + Manifest | ~2 KB | Quick verification | Required |
+| `standard` | + First N chunks (~10%) | ~200 KB | Normal audit | Partial (remaining chunks) |
+| `strict` | + All chunks | Variable | Full compliance | Not needed |
+
+### Lazy Evidence Fetching
+
+For `lite` and `standard` density exports, missing chunks can be fetched on-demand:
+
+```csharp
+// HTTP fetcher (connected mode)
+var httpFetcher = new HttpChunkFetcher(
+    new Uri("https://api.stellaops.com"), logger);
+
+// File fetcher (air-gapped/sneakernet mode)
+var fileFetcher = new FileChunkFetcher(
+    basePath: "/mnt/usb/evidence", logger);
+
+// Orchestrate fetch + verify + store
+var orchestrator = new LazyFetchOrchestrator(repository, logger);
+var result = await orchestrator.FetchAndStoreAsync(
+    proofRoot: "sha256:...",
+    fetcher,
+    new LazyFetchOptions
+    {
+        VerifyOnFetch = true,
+        BatchSize = 100,
+        MaxChunks = 1000
+    });
+```
+
+### Sneakernet Export for Chunked Evidence
+
+```csharp
+// Export evidence chunks to file system for transport
+await fileFetcher.ExportEvidenceChunksToFilesAsync(
+    manifest,
+    chunks,
+    outputDirectory: "/mnt/usb/evidence");
+```

 ## Configuration

@@ -453,19 +533,30 @@ CREATE TABLE provcache.prov_evidence_chunks (

 ```sql
 CREATE TABLE provcache.prov_revocations (
-    revocation_id    UUID PRIMARY KEY,
-    revocation_type  TEXT NOT NULL,
-    target_hash      TEXT NOT NULL,
-    reason           TEXT,
-    actor            TEXT,
-    entries_affected BIGINT NOT NULL,
-    created_at       TIMESTAMPTZ NOT NULL
+    seq_no              BIGSERIAL PRIMARY KEY,
+    revocation_id       UUID NOT NULL UNIQUE,
+    revocation_type     VARCHAR(32) NOT NULL,  -- signer, feed_epoch, policy, explicit, expiration
+    revoked_key         VARCHAR(512) NOT NULL,
+    reason              VARCHAR(1024),
+    entries_invalidated INTEGER NOT NULL,
+    source              VARCHAR(128) NOT NULL,
+    correlation_id      VARCHAR(128),
+    revoked_at          TIMESTAMPTZ NOT NULL,
+    metadata            JSONB,
+    
+    CONSTRAINT chk_revocation_type CHECK (
+        revocation_type IN ('signer', 'feed_epoch', 'policy', 'explicit', 'expiration')
+    )
 );
+
+CREATE INDEX idx_revocations_type ON provcache.prov_revocations(revocation_type);
+CREATE INDEX idx_revocations_key ON provcache.prov_revocations(revoked_key);
+CREATE INDEX idx_revocations_time ON provcache.prov_revocations(revoked_at);
 ```

 ## Implementation Status

-### Completed (Sprint 8200.0001.0001)
+### Completed (Sprint 8200.0001.0001 - Core Backend)

 | Component | Path | Status |
 |-----------|------|--------|
@@ -477,18 +568,39 @@ CREATE TABLE provcache.prov_revocations (
 | API Endpoints | `src/__Libraries/StellaOps.Provcache.Api/` | ✅ Done |
 | Unit Tests (53) | `src/__Libraries/__Tests/StellaOps.Provcache.Tests/` | ✅ Done |

+### Completed (Sprint 8200.0001.0002 - Invalidation & Air-Gap)
+
+| Component | Path | Status |
+|-----------|------|--------|
+| Invalidation Interfaces | `src/__Libraries/StellaOps.Provcache/Invalidation/` | ✅ Done |
+| Repository Invalidation Methods | `IEvidenceChunkRepository.Delete*Async()` | ✅ Done |
+| Export Interfaces | `src/__Libraries/StellaOps.Provcache/Export/` | ✅ Done |
+| IMinimalProofExporter | `Export/IMinimalProofExporter.cs` | ✅ Done |
+| MinimalProofExporter | `Export/MinimalProofExporter.cs` | ✅ Done |
+| Lazy Fetch - ILazyEvidenceFetcher | `LazyFetch/ILazyEvidenceFetcher.cs` | ✅ Done |
+| Lazy Fetch - HttpChunkFetcher | `LazyFetch/HttpChunkFetcher.cs` | ✅ Done |
+| Lazy Fetch - FileChunkFetcher | `LazyFetch/FileChunkFetcher.cs` | ✅ Done |
+| Lazy Fetch - LazyFetchOrchestrator | `LazyFetch/LazyFetchOrchestrator.cs` | ✅ Done |
+| Revocation - IRevocationLedger | `Revocation/IRevocationLedger.cs` | ✅ Done |
+| Revocation - InMemoryRevocationLedger | `Revocation/InMemoryRevocationLedger.cs` | ✅ Done |
+| Revocation - RevocationReplayService | `Revocation/RevocationReplayService.cs` | ✅ Done |
+| ProvRevocationEntity | `Entities/ProvRevocationEntity.cs` | ✅ Done |
+| Unit Tests (124 total) | `src/__Libraries/__Tests/StellaOps.Provcache.Tests/` | ✅ Done |
+
 ### Blocked

 | Component | Reason |
 |-----------|--------|
 | Policy Engine Integration | `PolicyEvaluator` is `internal sealed`; requires architectural review to expose injection points for `IProvcacheService` |
+| CLI e2e Tests | `AddSimRemoteCryptoProvider` method missing in CLI codebase |

 ### Pending

 | Component | Sprint |
 |-----------|--------|
-| Signer Revocation Events | 8200.0001.0002 |
-| CLI Export/Import | 8200.0001.0002 |
+| Authority Event Integration | 8200.0001.0002 (BLOCKED - Authority needs event publishing) |
+| Concelier Event Integration | 8200.0001.0002 (BLOCKED - Concelier needs event publishing) |
+| PostgresRevocationLedger | Future (requires EF Core integration) |
 | UI Badges & Proof Tree | 8200.0001.0003 |
 | Grafana Dashboards | 8200.0001.0003 |

@@ -502,6 +614,7 @@ CREATE TABLE provcache.prov_revocations (

 ## Related Documentation

+- **[Provcache Architecture Guide](architecture.md)** - Detailed architecture, invalidation flows, and API reference
 - [Policy Engine Architecture](../policy/README.md)
 - [TrustLattice Engine](../policy/design/policy-deterministic-evaluator.md)
 - [Offline Kit Documentation](../../24_OFFLINE_KIT.md)