Skip to content

Sprint 1.2.2: seed consolidation + score hardening#70

Open
MoltyCel wants to merge 4 commits into
mainfrom
sprint-1.2.2
Open

Sprint 1.2.2: seed consolidation + score hardening#70
MoltyCel wants to merge 4 commits into
mainfrom
sprint-1.2.2

Conversation

@MoltyCel
Copy link
Copy Markdown
Owner

@MoltyCel MoltyCel commented May 22, 2026
edited
Loading

PR #70 — Sprint 1.2.2: Seed-Konsolidierung + Score-Härtung

Repo: moltrust-api · Voraussetzung: PR #66 deployed
Reviewer: §2.3 Cross-Review (GPT-4o + Gemini + Perplexity)

Scope

  1. Daten-Bereinigung (01_migration.sql): Seeds + Stale-Agents
  2. Code-Härtung (02_code_patches.md): Sybil-Whitelist + SeedRequest-Validator + stats-Stabilität
  3. Diagnose (02_code_patches.md §Patch 4): propagation_depth=0

Was wird verändert

Tabelle Änderung DIDs
agents display_name fix d34ed796... ("moltguard_v1" → "TrustScout")
agents revoked_at gesetzt 28a0984ab85d4c40, te5tharne550001, vcone
swarm_seeds DELETE vcone, 662a7181e0154998
Code-Stelle Patch
compute_phase2_score SEED_DID_WHITELIST → Sybil-Penalty=0 für Seeds
SeedRequest Pydantic Strict 16-hex Validator → Vanity-DIDs blockiert
GET /swarm/stats Definierte Aggregation → avg_trust_score stabil

Blast-Radius

Hoch: compute_phase2_score-Änderung wirkt auf alle Score-Endpoints. Ambassador-Score steigt sichtbar (80 → ~90).
Mittel: swarm/stats top_trusted-Liste schrumpft. Memory-Eintrag #5 (agent count, Seed-Anzahl) updaten.
Niedrig: SeedRequest-Validator wirkt nur auf NEUE POSTs. Revozierte Stubs hatten 0 Endorsements.

Apply-Reihenfolge

# 1. DB-Backup (PFLICHT)
pg_dump -h localhost -U moltstack -d moltstack \
        -t agents -t swarm_seeds --column-inserts \
        > /home/moltstack/backups/sprint-1.2.2-pre.sql

# 2. Baseline
bash migrations/sprint-1.2.2/03_verify_post_deploy.sh > before.log

# 3. SQL-Migration (ON_ERROR_STOP=on Pflicht — DO-Blocks RAISE EXCEPTION)
psql -h localhost -U moltstack -d moltstack \
     --set ON_ERROR_STOP=on \
     -f migrations/sprint-1.2.2/01_migration.sql

# 4. Code-Patches anwenden (siehe 02_code_patches.md)

# 5. Service-Restart
sudo systemctl restart moltstack

# 6. Re-Propagation
curl -X POST https://api.moltrust.ch/swarm/propagate/did:moltrust:d34ed796a4dc4698
curl -X POST https://api.moltrust.ch/swarm/propagate/did:moltrust:ambassador0001

# 7. Verify + Diff
bash migrations/sprint-1.2.2/03_verify_post_deploy.sh > after.log
diff before.log after.log

Rollback

psql -h localhost -U moltstack -d moltstack \
     --set ON_ERROR_STOP=on \
     -f migrations/sprint-1.2.2/99_rollback.sql
sudo systemctl restart moltstack
curl -X POST https://api.moltrust.ch/swarm/propagate/did:moltrust:662a7181e0154998
bash migrations/sprint-1.2.2/03_verify_post_deploy.sh

vcone und display_name 'TrustScout' werden BEWUSST nicht rolled back (siehe Header-Kommentare in 99_rollback.sql).

Offen nach Sprint 1.2.2

  • propagation_depth: 0 Root-Cause (3 Hypothesen in 02_code_patches.md §Patch 4)
  • Seeds endorsieren niemanden (Operations-Aufgabe, kein Code-Fix)
  • DID-Validierungs-Konsistenz global (Audit aller DID-Eingangspunkte)

Lars Kroehl and others added 4 commits May 22, 2026 21:47
@claude
feat(sprint-1.2.2): seed consolidation + score hardening
e7bc41a 
01_migration.sql: RAISE EXCEPTION guards on endorsement-count for B/C/E,
DO-block transactional with ROW_COUNT diagnostics, cache invalidation §F.
99_rollback.sql: targeted INSERT for 662a7181 with ON CONFLICT DO NOTHING,
vcone + display_name 'TrustScout' intentionally not reverted, cache §F
symmetric to forward.

.gitignore: scoped re-include for migrations/sprint-1.2.2/*.sql.

02_code_patches.md and 03_verify_post_deploy.sh follow in next commit.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@claude
fix(sprint-1.2.2): correct endorsements column target_did -> endorsed…
9b0a82d 
…_did

01_migration.sql §B/§C/§E referenced non-existent column 'target_did' in
the endorsement-count guards. Verified against live schema 2026-05-22: the
column is 'endorsed_did' (unique constraint endorser_did/endorsed_did/
evidence_hash + idx_endorsements_endorsed_did).

As committed in e7bc41a the migration aborts on the first guard under
ON_ERROR_STOP=on (column does not exist) - fail-safe, but never applies.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@claude
docs(sprint-1.2.2): code patches, verify script, PR README
28123e5 
02_code_patches.md: Sybil-whitelist, SeedRequest strict validator,
avg_trust_score aggregation fix, propagation_depth diagnostic brief.
03_verify_post_deploy.sh: 7-block verify with exit code (CI-ready).
README.md: scope, blast radius, apply/rollback runbooks.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@claude
fix(sprint-1.2.2): PR number, code paths, admin-key auth in verify
65dbd16 
README: PR #67 -> PR #70 (actual PR number after #68/#69 landed).
02_code_patches.md: intro names both files - Patch 1 in
app/swarm/trust_score.py (compute_phase2_score), Patch 2+3 in
app/main.py; Patch 3 header path made explicit.
03_verify_post_deploy.sh Block 6: sources ADMIN_KEY from
~/.moltrust_secrets and sends x-admin-key header, skips gracefully
when key absent or auth fails, only fails on real validator miss.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@MoltyCel