DPI production hardening: grants service, TAP runtime, BITE store (FATFD C0-C7, v1.0.0)#5
Merged
Merged
Conversation
…tusList + test-issuer kit - .audit/ harness: validator (checks A-E), guardrails, knowledge base, pre-commit hook - services/specs: CREDENTIAL_PROFILE.md (SD-JWT VC field-access grant, ODRL, StatusList2021) and MERKLE_LISTID.md (ListID construction + verified test vectors) - pancake_services.grants: merkle.py, sdjwt.py, statuslist.py, issuer.py - testkit mints 5 verifier-development credentials; dev keys generated at runtime (gitignored) - 43 tests passing, ruff clean; legacy intake tests skip cleanly when no app package Co-authored-by: Cursor <cursoragent@cursor.com>
…rants, revocation) + signed MEAL audit ledger - C2: FastAPI app factory, SQLAlchemy models, JWKS-cached RS256 hub-token auth, create-on-first-seen user mirroring - C3: /fieldlists (Merkle ListIDs, idempotent, owner-scoped), /grants issue/received/revoke/status-list/verify; DPI-account credential delivery (no OTP); revocation recorded before success, hub report when HUB_URL set - C4: MealStore with Ed25519-signed, hash-chained packets + OpenScience audit API; closes PC-2026-0001 - Legacy implementation/meal.py: fixed previous_packet_id linkage and hash-order bugs (PC-2026-0004) with regression tests - 83 tests passing (79 services + 4 legacy regression), ruff clean Co-authored-by: Cursor <cursoragent@cursor.com>
…erface) + BITE store with query API
- TAP: canonical adapter base, per-vendor interval scheduler, exponential-backoff retry in the runtime (adapters stay dumb), YAML config with ${VAR} env interpolation (missing var = hard error)
- Frozen ingest contract for vendor-adapter workstreams: sink(bite) -> None; production sink is BiteStore.save
- BITE store: content-hash dedupe, envelope validation, GeoID/type/vendor/time queries with pagination, authenticated GET /bites
- End-to-end test: runtime -> store -> query by GeoID
- 99 tests passing, ruff clean
Co-authored-by: Cursor <cursoragent@cursor.com>
…1.0.0 - Dockerfile + docker-compose (postgres 16) + .env.example; deployment guide in services/README.md - CI rewritten: ruff + FATFD validator + both test suites + e2e demo + testkit smoke (Python 3.12) - sprints/SPRINT_4_DATA_WALLETS.md rewritten from Indy/Aries to the shipped SD-JWT VC design (closes PC-2026-0003) - export_openapi.py (15 paths) for the grant API-catalog deliverable - demo/end_to_end_demo.py: issue -> retrieve -> verify -> revoke -> audit, all assertions green - Final state: 99 tests, 0 open findings, cycle report in .audit/reports/ Co-authored-by: Cursor <cursoragent@cursor.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Takes Pancake from POC to a tested DPI service, executed as seven FATFD quality cycles (see
.audit/reports/cycle_report_20260707.md):.audit/): integrity validator (checks A-E), guardrails with architecture invariants + credential-security checklist, findings knowledge base, pre-commit hook.services/specs/):CREDENTIAL_PROFILE.md(SD-JWT VC field-access grant with ODRL policy + StatusList2021 revocation) andMERKLE_LISTID.md(FieldList ListID construction with verified test vectors).services/pancake_services/grants/): hub-delegated RS256/JWKS auth (hub is the trust anchor; no local passwords, no OTP), FieldLists idempotent by Merkle construction, SD-JWT VC grant issuance / DPI-account retrieval / revocation (recorded before success; hub report whenHUB_URLset), public status list, relying-party verify endpoint./audit/{geoid}, compliance report, chain verification). Fixes the legacyimplementation/meal.pylinkage and hash-order bugs with regression tests.services/pancake_services/tap/): per-vendor scheduler, exponential-backoff retry owned by the runtime,${VAR}env-interpolated vendor config (missing var = hard error), frozen ingest contractsink(bite) -> Nonefor vendor-adapter workstreams.services/pancake_services/store/): content-hash dedupe, envelope validation, GeoID/type/vendor/time queries, authenticatedGET /bites..env.example, rewritten CI,services/README.mddeployment guide,openapi.jsonexport (15 paths),SPRINT_4_DATA_WALLETS.mdrewritten from Indy/Aries to the shipped SD-JWT design.Findings ledger: 5 findings discovered, 4 fixed, 1 learned (issuer key custody: env var for the sprint, vault/KMS before production).
Test plan
services/tests95 + legacy regression 4), 1 intentional skipruff check servicescleanpython .audit/validate_fatfd.pypasses (0 open findings)services/demo/end_to_end_demo.py)docker compose upsmoke on a Docker-equipped machine (no Docker on the dev laptop)Made with Cursor