33 lines
1.8 KiB
Markdown
33 lines
1.8 KiB
Markdown
# SEC-SLURP 1.1a – DHT Resilience Supplement
|
||
|
||
## Requirements (derived from `docs/Modules/DHT.md`)
|
||
|
||
1. **Real DHT state & persistence**
|
||
- Replace mock DHT usage with libp2p-based storage or equivalent real implementation.
|
||
- Store DHT/blockstore data on persistent volumes (named volumes/ZFS/NFS) with node placement constraints.
|
||
- Ensure bootstrap nodes are stateful and survive container churn.
|
||
|
||
2. **Pin Steward + replication policy**
|
||
- Introduce a Pin Steward service that tracks UCXL CID manifests and enforces replication factor (e.g. 3–5 replicas).
|
||
- Re-announce providers on Pulse/Reverb and heal under-replicated content.
|
||
- Schedule anti-entropy jobs to verify and repair replicas.
|
||
|
||
3. **Envelope encryption & shared key custody**
|
||
- Implement envelope encryption (DEK+KEK) with threshold/organizational custody rather than per-role ownership.
|
||
- Store KEK metadata with UCXL manifests; rotate via BACKBEAT.
|
||
- Update crypto/key-manager stubs to real implementations once available.
|
||
|
||
4. **Shared UCXL Beacon index**
|
||
- Maintain an authoritative CID registry (DR/UCXL) replicated outside individual agents.
|
||
- Ensure metadata updates are durable and role-agnostic to prevent stranded CIDs.
|
||
|
||
5. **CI/SLO validation**
|
||
- Add automated tests/health checks covering provider refresh, replication factor, and persistent-storage guarantees.
|
||
- Gate releases on DHT resilience checks (provider TTLs, replica counts).
|
||
|
||
## Integration Path for SEC-SLURP 1.1
|
||
|
||
- Incorporate the above requirements as acceptance criteria alongside LevelDB persistence.
|
||
- Sequence work to: migrate DHT interactions, introduce Pin Steward, implement envelope crypto, and wire CI validation.
|
||
- Attach artifacts (Pin Steward design, envelope crypto spec, CI scripts) to the Phase 1 deliverable checklist.
|