build(agent): molt-z#db0ec5 iteration
This commit is contained in:
parent
3b804b97c5
commit
2052ebf964
|
|
@ -48,6 +48,9 @@ class AuditLog:
|
||||||
signer: str | None = None
|
signer: str | None = None
|
||||||
timestamp: int | None = None
|
timestamp: int | None = None
|
||||||
contract_id: str | None = None
|
contract_id: str | None = None
|
||||||
|
# Optional provenance fields for verifiable provenance and chaining
|
||||||
|
parent_hash: str | None = None
|
||||||
|
signature: str | None = None
|
||||||
|
|
||||||
|
|
||||||
@dataclass
|
@dataclass
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,23 @@
|
||||||
from __future__ import annotations
|
from __future__ import annotations
|
||||||
from typing import List, Dict
|
from typing import List, Dict
|
||||||
|
import hashlib
|
||||||
|
|
||||||
|
|
||||||
|
class Signer:
|
||||||
|
"""Simple cryptographic signer placeholder.
|
||||||
|
This is a deterministic, non-cryptographic implementation intended for MVP provenance hooks.
|
||||||
|
"""
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def sign(payload: str, key: str) -> str:
|
||||||
|
h = hashlib.sha256()
|
||||||
|
h.update(payload.encode("utf-8"))
|
||||||
|
h.update(key.encode("utf-8"))
|
||||||
|
return h.hexdigest()
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def verify(payload: str, key: str, signature: str) -> bool:
|
||||||
|
return Signer.sign(payload, key) == signature
|
||||||
|
|
||||||
|
|
||||||
class SecureAggregator:
|
class SecureAggregator:
|
||||||
|
|
@ -38,3 +56,32 @@ class DPBudget:
|
||||||
take = min(remaining, amount)
|
take = min(remaining, amount)
|
||||||
self.used += take
|
self.used += take
|
||||||
return take
|
return take
|
||||||
|
|
||||||
|
|
||||||
|
def sign_audit_log(audit_log: object, signer_id: str, key: str) -> object:
|
||||||
|
"""Return a new AuditLog with a computed signature, chaining signer and payload.
|
||||||
|
|
||||||
|
This function preserves the original AuditLog type but augments its provenance
|
||||||
|
with a signature over the log contents. It is a thin MVP hook for verifiable provenance.
|
||||||
|
"""
|
||||||
|
# Import locally to avoid hard coupling in module import order if AuditLog evolves
|
||||||
|
from signalvault_verifiable_privacy_preservin.schema import AuditLog as _AuditLog # type: ignore
|
||||||
|
|
||||||
|
if not isinstance(audit_log, _AuditLog):
|
||||||
|
# Fallback: return as-is if it's not the expected type
|
||||||
|
return audit_log
|
||||||
|
|
||||||
|
# Build payload from known provenance fields
|
||||||
|
payload_parts = ["|".join(audit_log.entries), str(audit_log.timestamp), audit_log.contract_id or "", signer_id]
|
||||||
|
payload = "|".join([p for p in payload_parts if p is not None and p != ""])
|
||||||
|
signature = Signer.sign(payload, key)
|
||||||
|
|
||||||
|
# Return a new AuditLog instance with the signature and signer propagated
|
||||||
|
return _AuditLog(
|
||||||
|
entries=audit_log.entries,
|
||||||
|
signer=signer_id,
|
||||||
|
timestamp=audit_log.timestamp,
|
||||||
|
contract_id=audit_log.contract_id,
|
||||||
|
parent_hash=audit_log.parent_hash,
|
||||||
|
signature=signature,
|
||||||
|
)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue