Skip to content

Add CaseActor commit-boundary runtime guard enforcing CLP-07 canonical entry criteria #930

Closed
Task
Closed
Add CaseActor commit-boundary runtime guard enforcing CLP-07 canonical entry criteria#930
Task
Assignees
sei-ahouseholder
Labels
size:M51-300 diff lines or 3-6 ACs
@sei-ahouseholder

Description

@sei-ahouseholder
sei-ahouseholder
opened on Jun 12, 2026

Summary

Implements CLP-07-005: the CaseActor commit boundary SHOULD enforce CLP-07-001 through CLP-07-004 with a runtime guard that rejects non-canonical entries before they enter the hash chain.

The guard MUST validate, at commit time, that the candidate CaseLedgerEntry:

  1. Has a non-empty payloadSnapshot (unless disposition is rejected).
  2. The payloadSnapshot is a recognized protocol-significant AS2 activity type from the allowlist defined in notes/case-ledger-authority.md § "Canonical Entry Criteria".
  3. The payloadSnapshot.actor is set and is a valid participant or external party identity (not the CaseActor itself unless the activity is genuinely CaseActor-authored, e.g., Announce(VulnerabilityCase)).
  4. Nested protocol objects in the snapshot are inlined (no bare ID-string substitutions) — CLP-07-006.
  5. Context values use the case URI for case-scoped snapshots — CLP-07-007.

Guard violations MUST raise a domain-specific exception (VultronCanonicalEntryError or similar) that fails the request fast rather than silently polluting the chain.

Acceptance Criteria

  • AC-1: A guard function (e.g., _validate_canonical_entry()) runs at the CaseActor's single commit boundary before log_entry.append() (or equivalent).
  • AC-2: Guard rejects entries that fail any of the five rules above; rejection raises an exception that the calling code does NOT silently swallow.
  • AC-3: Unit tests cover each rule with both passing and failing cases.
  • AC-4: The allowlist of accepted payloadSnapshot activity types is defined in code with a clear extension pattern; adding a new allowed type is a one-line change with a corresponding test.
  • AC-5: Flips CI case-log invariant assertion harness (xfail ratchet) #925 xfail invariant Vultron v0.5.0 #4 (non-empty payloadSnapshot) to passing once paired with the synthetic-event removal in the other issue.

Reference

Source concern: #923
Parent epic: #788
Test harness: #925 (this PR MUST flip the named xfail to passing)
Docs PR: #924
ADR: docs/adr/0019-separate-case-ledger-from-process-log.md
Spec: specs/case-ledger-processing.yaml (CLP-07)
Notes: notes/case-ledger-authority.md

Metadata

Metadata

Assignees

Labels

size:M51-300 diff lines or 3-6 ACs

Type

Task

Fields

No fields configured for Task.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions