erikinkinen/AES
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Activity Actions

Phase 1: Revocation strategy interface #69

Merged
erikinkinen merged 4 commits from 1-revocation-strategy-interface into main 2026-03-05 12:43:51 +01:00
Conversation 0 Commits 4 Files changed 15 +692 -29
erikinkinen commented 2026-03-05 12:17:44 +01:00
Owner
Copy link

Closes #29

Summary

This PR introduces a swappable revocation strategy interface for Phase 1 while preserving existing direct-edge revocation semantics.

It adds:

  • a new IRevoker strategy seam in core,
  • runtime strategy selection (direct, snapshot_direct),
  • CLI/config plumbing for strategy selection,
  • determinism parity tests to ensure both built-ins produce identical behavior.

No event-log schema/version changes are introduced in this PR.

Included

  • New core revoker API:
    • RevokerKind (Direct, SnapshotDirect)
    • IRevoker
    • direct_revoker(), snapshot_direct_revoker(), revoker_for_kind(...)
  • apply_event(...) overload accepting const IRevoker&
  • RevokeCap path routed through selected revoker
  • Parity guard: revoker-resolved targets must equal normalized selector or fail with InvariantViolation
  • Engine strategy field:
    • Engine::revoker_kind (default Direct)
  • Config/CLI strategy selection:
    • RunParams.revoker_kind (default Direct)
    • aes simulate --revoker <direct|snapshot_direct>
  • Docs update in docs/phase1.md
  • New tests:
    • aes_revocation_strategy_tests (selector parity, error parity, engine equivalence, repeat determinism)
    • extended CLI/workload param coverage for --revoker and default config

Explicitly Excluded

  • Behavior-divergent revocation strategies
  • Transitive/provenance revocation semantics
  • Event-log version/schema updates
  • Revocation policy changes outside direct-edge Phase 1 semantics

API / Interface Changes

  • Added: core/include/aes/core/revoker.hpp
  • Added: core/src/revoker.cpp
  • Added overload:
    • ApplyEventResult apply_event(..., const IRevoker &revoker);
  • Existing apply_event(..., const Event&) remains and defaults to direct_revoker()
  • Added config surface:
    • workload::RunParams::revoker_kind
    • CLI --revoker

Compatibility

  • Default behavior remains unchanged (direct).
  • Existing revoke error taxonomy is preserved (InvalidArgument, NotFound, InvariantViolation).
  • Replay/event-log behavior remains compatible; no schema migration required.

Verification

  • cmake --build _build --target aes_apply_event_tests aes_engine_tests aes_workload_params_tests aes_cli_simulate_tests aes_revocation_strategy_tests aes_invalid_event_determinism_tests
  • ctest --test-dir _build --output-on-failure -R "aes_apply_event_tests|aes_engine_tests|aes_workload_params_tests|aes_cli_simulate_tests|aes_revocation_strategy_tests"
  • ctest --test-dir _build --output-on-failure -R "aes_event_log_reader_tests|aes_event_log_replay_tests|aes_revocation_oracle_tests|aes_invalid_event_determinism_tests"

Review Focus

  • Revoker contract and deterministic target resolution
  • Selector parity enforcement in RevokeCap path
  • Strategy selection plumbing (RunParams, Engine, CLI)
  • Determinism equivalence between direct and snapshot_direct
Closes #29 --- ## Summary This PR introduces a swappable revocation strategy interface for Phase 1 while preserving existing direct-edge revocation semantics. It adds: - a new `IRevoker` strategy seam in `core`, - runtime strategy selection (`direct`, `snapshot_direct`), - CLI/config plumbing for strategy selection, - determinism parity tests to ensure both built-ins produce identical behavior. No event-log schema/version changes are introduced in this PR. --- ## Included - New `core` revoker API: - `RevokerKind` (`Direct`, `SnapshotDirect`) - `IRevoker` - `direct_revoker()`, `snapshot_direct_revoker()`, `revoker_for_kind(...)` - `apply_event(...)` overload accepting `const IRevoker&` - `RevokeCap` path routed through selected revoker - Parity guard: revoker-resolved targets must equal normalized selector or fail with `InvariantViolation` - Engine strategy field: - `Engine::revoker_kind` (default `Direct`) - Config/CLI strategy selection: - `RunParams.revoker_kind` (default `Direct`) - `aes simulate --revoker <direct|snapshot_direct>` - Docs update in `docs/phase1.md` - New tests: - `aes_revocation_strategy_tests` (selector parity, error parity, engine equivalence, repeat determinism) - extended CLI/workload param coverage for `--revoker` and default config --- ## Explicitly Excluded - Behavior-divergent revocation strategies - Transitive/provenance revocation semantics - Event-log version/schema updates - Revocation policy changes outside direct-edge Phase 1 semantics --- ## API / Interface Changes - Added: `core/include/aes/core/revoker.hpp` - Added: `core/src/revoker.cpp` - Added overload: - `ApplyEventResult apply_event(..., const IRevoker &revoker);` - Existing `apply_event(..., const Event&)` remains and defaults to `direct_revoker()` - Added config surface: - `workload::RunParams::revoker_kind` - CLI `--revoker` --- ## Compatibility - Default behavior remains unchanged (`direct`). - Existing revoke error taxonomy is preserved (`InvalidArgument`, `NotFound`, `InvariantViolation`). - Replay/event-log behavior remains compatible; no schema migration required. --- ## Verification - [x] `cmake --build _build --target aes_apply_event_tests aes_engine_tests aes_workload_params_tests aes_cli_simulate_tests aes_revocation_strategy_tests aes_invalid_event_determinism_tests` - [x] `ctest --test-dir _build --output-on-failure -R "aes_apply_event_tests|aes_engine_tests|aes_workload_params_tests|aes_cli_simulate_tests|aes_revocation_strategy_tests"` - [x] `ctest --test-dir _build --output-on-failure -R "aes_event_log_reader_tests|aes_event_log_replay_tests|aes_revocation_oracle_tests|aes_invalid_event_determinism_tests"` --- ## Review Focus - Revoker contract and deterministic target resolution - Selector parity enforcement in `RevokeCap` path - Strategy selection plumbing (`RunParams`, `Engine`, CLI) - Determinism equivalence between `direct` and `snapshot_direct`
erikinkinen added this to the Phase 1 milestone 2026-03-05 12:17:44 +01:00
Phase 1: Add determinism tests for strategy behavior (#29)
Some checks failed
ci / smoke (push) Successful in 18s
Details
clang-format / check-format (push) Successful in 9s
Details
markdownlint / markdown-lint (push) Failing after 9s
Details
ci / smoke (pull_request) Successful in 18s
Details
clang-format / check-format (pull_request) Successful in 9s
Details
markdownlint / markdown-lint (pull_request) Failing after 9s
Details
48b2c2e3d5
fixup! Phase 1: Define IRevoker interface (#29)
All checks were successful
ci / smoke (push) Successful in 17s
Details
clang-format / check-format (push) Successful in 9s
Details
markdownlint / markdown-lint (push) Successful in 10s
Details
ci / smoke (pull_request) Successful in 17s
Details
clang-format / check-format (pull_request) Successful in 9s
Details
markdownlint / markdown-lint (pull_request) Successful in 9s
Details
17669dfc53
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
bug

   
cli

   
core

   
docs

   
event

   
experiment

   
figure

   
invariant

   
metrics

   
oracle

   
phase-0

   
phase-1

   
phase-2

   
phase-3

   
phase-4

   
phase-5

   
phase-6

   
provenance

   
revocation

   
tests

   
workload
No labels
bug
cli
core
docs
event
experiment
figure
invariant
metrics
oracle
phase-0
phase-1
phase-2
phase-3
phase-4
phase-5
phase-6
provenance
revocation
tests
workload
Milestone
Clear milestone
No items
No milestone
Phase 1
Projects
Clear projects
No items
No project
AES — Active Workboard
Assignees
Clear assignees
No assignees
erikinkinen
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
erikinkinen/AES!69
No description provided.