Phase 0: Ground-truth reachability analysis #58

Merged

erikinkinen merged 3 commits from 0-ground-truth-reachability-analysis into main

2026-03-03 11:27:56 +01:00

erikinkinen commented

2026-03-03 11:26:31 +01:00

Owner

Summary

Implements Ground-Truth Reachability Analysis v0 in aes::core for direct-edge reachability queries, independent of revocation/provenance semantics.

Closes #17.

What’s included

New APIs

Added in core/include/aes/core/reachability.hpp:

Result<std::vector<ObjectId>> reachable_objects_from_subject(const SubjectStore&, const ObjectStore&, const EdgeStore&, SubjectId);
Result<std::vector<SubjectId>> reverse_reachable_subjects_to_object(const SubjectStore&, const ObjectStore&, const EdgeStore&, ObjectId);

Implementation

Added core/src/reachability.cpp with:

strict graph validation (validate_graph) before query execution
strict ID handling:
- invalid ID -> Errc::InvalidArgument
- missing node -> Errc::NotFound
direct-edge semantics only:
- forward uses edges.find_from(subject)
- reverse uses edges.find_to(object)
reachability excludes edge->rights.empty()
deterministic results via sorted + deduplicated ID vectors

Build wiring

Added src/reachability.cpp to aes_core in core/CMakeLists.txt.

Tests

Added tests/reachability_tests.cpp and aes_reachability_tests target in tests/CMakeLists.txt.

Coverage includes:

forward reachability (subject -> objects)
reverse reachability (object <- subjects)
dedupe behavior (multiple edges same endpoint pair)
empty result cases
strict error behavior (InvalidArgument, NotFound)
exclusion of empty-rights edges
invariant guard behavior (Errc::InvariantViolation on corrupted graph)
deterministic repeatability of query outputs

Commit breakdown

Phase 0: Implement reachability from subject (#17)
Phase 0: Implement reverse reachability to object (#17)
Phase 0: Add reachability tests on small graphs (#17)

Validation

Executed after each commit:

cmake --build _build
ctest --test-dir _build --output-on-failure

Final status: all tests passing (including new aes_reachability_tests).

## Summary Implements **Ground-Truth Reachability Analysis v0** in `aes::core` for direct-edge reachability queries, independent of revocation/provenance semantics. Closes #17. ## What’s included ### New APIs Added in `core/include/aes/core/reachability.hpp`: - `Result<std::vector<ObjectId>> reachable_objects_from_subject(const SubjectStore&, const ObjectStore&, const EdgeStore&, SubjectId);` - `Result<std::vector<SubjectId>> reverse_reachable_subjects_to_object(const SubjectStore&, const ObjectStore&, const EdgeStore&, ObjectId);` ### Implementation Added `core/src/reachability.cpp` with: - strict graph validation (`validate_graph`) before query execution - strict ID handling: - invalid ID -> `Errc::InvalidArgument` - missing node -> `Errc::NotFound` - direct-edge semantics only: - forward uses `edges.find_from(subject)` - reverse uses `edges.find_to(object)` - reachability excludes `edge->rights.empty()` - deterministic results via sorted + deduplicated ID vectors ### Build wiring - Added `src/reachability.cpp` to `aes_core` in `core/CMakeLists.txt`. ### Tests Added `tests/reachability_tests.cpp` and `aes_reachability_tests` target in `tests/CMakeLists.txt`. Coverage includes: - forward reachability (subject -> objects) - reverse reachability (object <- subjects) - dedupe behavior (multiple edges same endpoint pair) - empty result cases - strict error behavior (`InvalidArgument`, `NotFound`) - exclusion of empty-rights edges - invariant guard behavior (`Errc::InvariantViolation` on corrupted graph) - deterministic repeatability of query outputs ## Commit breakdown 1. `Phase 0: Implement reachability from subject (#17)` 2. `Phase 0: Implement reverse reachability to object (#17)` 3. `Phase 0: Add reachability tests on small graphs (#17)` ## Validation Executed after each commit: - `cmake --build _build` - `ctest --test-dir _build --output-on-failure` Final status: all tests passing (including new `aes_reachability_tests`).