chore: align slurp config and scaffolding

2025-09-27 21:03:12 +10:00
parent acc4361463
commit 4a77862289
47 changed files with 5133 additions and 4274 deletions
--- a/pkg/slurp/storage/encrypted_storage.go
+++ b/pkg/slurp/storage/encrypted_storage.go
@@ -9,7 +9,6 @@ import (
 	"time"

 	"chorus/pkg/crypto"
-	"chorus/pkg/ucxl"
 	slurpContext "chorus/pkg/slurp/context"
 )

@@ -19,25 +18,25 @@ type EncryptedStorageImpl struct {
 	crypto        crypto.RoleCrypto
 	localStorage  LocalStorage
 	keyManager    crypto.KeyManager
-	accessControl crypto.AccessController
-	auditLogger   crypto.AuditLogger
+	accessControl crypto.StorageAccessController
+	auditLogger   crypto.StorageAuditLogger
 	metrics       *EncryptionMetrics
 }

 // EncryptionMetrics tracks encryption-related metrics
 type EncryptionMetrics struct {
-	mu                    sync.RWMutex
-	EncryptOperations     int64
-	DecryptOperations     int64
-	KeyRotations          int64
-	AccessDenials         int64
-	EncryptionErrors      int64
-	DecryptionErrors      int64
-	LastKeyRotation       time.Time
-	AverageEncryptTime    time.Duration
-	AverageDecryptTime    time.Duration
-	ActiveEncryptionKeys  int
-	ExpiredKeys           int
+	mu                   sync.RWMutex
+	EncryptOperations    int64
+	DecryptOperations    int64
+	KeyRotations         int64
+	AccessDenials        int64
+	EncryptionErrors     int64
+	DecryptionErrors     int64
+	LastKeyRotation      time.Time
+	AverageEncryptTime   time.Duration
+	AverageDecryptTime   time.Duration
+	ActiveEncryptionKeys int
+	ExpiredKeys          int
 }

 // NewEncryptedStorage creates a new encrypted storage implementation
@@ -45,8 +44,8 @@ func NewEncryptedStorage(
 	crypto crypto.RoleCrypto,
 	localStorage LocalStorage,
 	keyManager crypto.KeyManager,
-	accessControl crypto.AccessController,
-	auditLogger crypto.AuditLogger,
+	accessControl crypto.StorageAccessController,
+	auditLogger crypto.StorageAuditLogger,
 ) *EncryptedStorageImpl {
 	return &EncryptedStorageImpl{
 		crypto:        crypto,
@@ -286,12 +285,11 @@ func (es *EncryptedStorageImpl) GetAccessRoles(
 	return roles, nil
 }

-// RotateKeys rotates encryption keys
+// RotateKeys rotates encryption keys in line with SEC-SLURP-1.1 retention constraints
 func (es *EncryptedStorageImpl) RotateKeys(
 	ctx context.Context,
 	maxAge time.Duration,
 ) error {
-	start := time.Now()
 	defer func() {
 		es.metrics.mu.Lock()
 		es.metrics.KeyRotations++
@@ -334,7 +332,7 @@ func (es *EncryptedStorageImpl) ValidateEncryption(
 	// Validate each encrypted version
 	for _, role := range roles {
 		roleKey := es.generateRoleKey(key, role)
-		
+
 		// Retrieve encrypted context
 		encryptedData, err := es.localStorage.Retrieve(ctx, roleKey)
 		if err != nil {