Skip to content

Clean up stale verifier example, comments, doc rot, and harden E2EE#74

Merged
h4x3rotab merged 1 commit into
mainfrom
aci-68-cleanups
Jul 8, 2026
Merged

Clean up stale verifier example, comments, doc rot, and harden E2EE#74
h4x3rotab merged 1 commit into
mainfrom
aci-68-cleanups

Conversation

@h4x3rotab

@h4x3rotab h4x3rotab commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Cleanups from docs/reviews/aci-spec-conformance-gaps.md items 10–12 and 15. Rebased onto current main.

  • examples/verify_aci_artifacts.rs: rewritten against current artifact shapes (receipt top-level model; upstream.verified carries upstream_name/provider_type + session_id/claims, no inline evidence or vendor). Adds the spec §10 deep audit — recompute the content-addressed session_id (§9.2, incl. the null-restoration rule), check evidence.data against evidence.digest, and confirm the receipt references the session — plus transparency-event consistency. Verified end-to-end against real report/receipt/session artifacts.
  • wire.rs: fix the stale "returned to the caller as headers" comments on MiddlewareForwarded / MiddlewareStreamingForwarded; no such headers are emitted, the receipt is the committed reference.
  • docs/attested-session-system.md: cite the real domain-separation tags (aci.report_data.v1, aci.keyset.endorsement.v1) and note receipts carry none.
  • Startup warning when E2EE is disabled (empty supported_e2ee_versions).

The E2EE nonce-floor item (#68) landed independently in #75 as an exact 64-hex-char rule, so it is dropped here.

cargo fmt, cargo clippy --all-targets (clean), and cargo test (343 passing) all green.

Closes #68

🤖 Generated with Claude Code

@h4x3rotab h4x3rotab force-pushed the aci-68-cleanups branch 2 times, most recently from 8412876 to 54b6b21 Compare July 8, 2026 19:28
- Rewrite examples/verify_aci_artifacts.rs against current artifact shapes
  (receipt top-level model; upstream.verified upstream_name/provider_type/
  session_id/claims, no inline evidence or vendor) and add the spec §10 deep
  audit: recompute the content-addressed session_id (§9.2 null-restoration) and
  check evidence.data against evidence.digest.
- Fix stale "returned to the caller as headers" comments on MiddlewareForwarded
  / MiddlewareStreamingForwarded; no such headers are emitted, the receipt is
  the committed reference.
- Fix docs/attested-session-system.md purpose tags: the real domain-separation
  tags are aci.report_data.v1 and aci.keyset.endorsement.v1, and receipts carry
  none.
- Warn at startup when E2EE is disabled (empty supported_e2ee_versions).

The ACI E2EE nonce floor (issue #68 item) landed independently in #75 (exact
64-hex rule), so it is dropped here.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@h4x3rotab h4x3rotab merged commit f5f90e6 into main Jul 8, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Cleanups: stale verifier example, stale comments, doc rot, small E2EE hardening

1 participant