chore: align slurp config and scaffolding
This commit is contained in:
anthonyrawlins
32
docs/progress/SEC-SLURP-1.1a-supplemental.md
Normal file
32
docs/progress/SEC-SLURP-1.1a-supplemental.md
Normal file
@@ -0,0 +1,32 @@
|
||||
# SEC-SLURP 1.1a – DHT Resilience Supplement
|
||||
|
||||
## Requirements (derived from `docs/Modules/DHT.md`)
|
||||
|
||||
1. **Real DHT state & persistence**
|
||||
- Replace mock DHT usage with libp2p-based storage or equivalent real implementation.
|
||||
- Store DHT/blockstore data on persistent volumes (named volumes/ZFS/NFS) with node placement constraints.
|
||||
- Ensure bootstrap nodes are stateful and survive container churn.
|
||||
|
||||
2. **Pin Steward + replication policy**
|
||||
- Introduce a Pin Steward service that tracks UCXL CID manifests and enforces replication factor (e.g. 3–5 replicas).
|
||||
- Re-announce providers on Pulse/Reverb and heal under-replicated content.
|
||||
- Schedule anti-entropy jobs to verify and repair replicas.
|
||||
|
||||
3. **Envelope encryption & shared key custody**
|
||||
- Implement envelope encryption (DEK+KEK) with threshold/organizational custody rather than per-role ownership.
|
||||
- Store KEK metadata with UCXL manifests; rotate via BACKBEAT.
|
||||
- Update crypto/key-manager stubs to real implementations once available.
|
||||
|
||||
4. **Shared UCXL Beacon index**
|
||||
- Maintain an authoritative CID registry (DR/UCXL) replicated outside individual agents.
|
||||
- Ensure metadata updates are durable and role-agnostic to prevent stranded CIDs.
|
||||
|
||||
5. **CI/SLO validation**
|
||||
- Add automated tests/health checks covering provider refresh, replication factor, and persistent-storage guarantees.
|
||||
- Gate releases on DHT resilience checks (provider TTLs, replica counts).
|
||||
|
||||
## Integration Path for SEC-SLURP 1.1
|
||||
|
||||
- Incorporate the above requirements as acceptance criteria alongside LevelDB persistence.
|
||||
- Sequence work to: migrate DHT interactions, introduce Pin Steward, implement envelope crypto, and wire CI validation.
|
||||
- Attach artifacts (Pin Steward design, envelope crypto spec, CI scripts) to the Phase 1 deliverable checklist.
|
||||
@@ -5,10 +5,14 @@
|
||||
- Upgraded SLURP’s lifecycle so initialization bootstraps cached context data from disk, cache misses hydrate from persistence, successful `UpsertContext` calls write back to LevelDB, and shutdown closes the store with error telemetry.
|
||||
- Introduced `pkg/slurp/slurp_persistence_test.go` to confirm contexts survive process restarts and can be resolved after clearing in-memory caches.
|
||||
- Instrumented cache/persistence metrics so hit/miss ratios and storage failures are tracked for observability.
|
||||
- Attempted `GOWORK=off go test ./pkg/slurp`; execution was blocked by legacy references to `config.Authority*` symbols in `pkg/slurp/context`, so the new test did not run.
|
||||
- Implemented lightweight crypto/key-management stubs (`pkg/crypto/role_crypto_stub.go`, `pkg/crypto/key_manager_stub.go`) so SLURP modules compile while the production stack is ported.
|
||||
- Updated DHT distribution and encrypted storage layers (`pkg/slurp/distribution/dht_impl.go`, `pkg/slurp/storage/encrypted_storage.go`) to use the crypto stubs, adding per-role fingerprints and durable decoding logic.
|
||||
- Expanded storage metadata models (`pkg/slurp/storage/types.go`, `pkg/slurp/storage/backup_manager.go`) with fields referenced by backup/replication flows (progress, error messages, retention, data size).
|
||||
- Incrementally stubbed/simplified distributed storage helpers to inch toward a compilable SLURP package.
|
||||
- Attempted `GOWORK=off go test ./pkg/slurp`; the original authority-level blocker is resolved, but builds still fail in storage/index code due to remaining stub work (e.g., Bleve queries, DHT helpers).
|
||||
|
||||
## Recommended Next Steps
|
||||
- Address the `config.Authority*` symbol drift (or scope down the impacted packages) so the SLURP test suite can compile cleanly, then rerun `GOWORK=off go test ./pkg/slurp` to validate persistence changes.
|
||||
- Feed the durable store into the resolver and temporal graph implementations to finish the remaining Phase 1 SLURP roadmap items.
|
||||
- Expand Prometheus metrics and logging to track cache hit/miss ratios plus persistence errors for SEC-SLURP observability goals.
|
||||
- Review unrelated changes on `feature/phase-4-real-providers` (e.g., docker-compose edits) and either align them with this roadmap work or revert to keep the branch focused.
|
||||
- Stub the remaining storage/index dependencies (Bleve query scaffolding, UCXL helpers, `errorCh` queues, cache regex usage) or neutralize the heavy modules so that `GOWORK=off go test ./pkg/slurp` compiles and runs.
|
||||
- Feed the durable store into the resolver and temporal graph implementations to finish the SEC-SLURP 1.1 milestone once the package builds cleanly.
|
||||
- Extend Prometheus metrics/logging to track cache hit/miss ratios plus persistence errors for observability alignment.
|
||||
- Review unrelated changes still tracked on `feature/phase-4-real-providers` (e.g., docker-compose edits) and either align them with this roadmap work or revert for focus.
|
||||
|
||||
Reference in New Issue
Block a user