Skip to content

⚑ Bolt: Implement blockchain chaining for field officer visits #609

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
RohanExploit merged 2 commits into from
Mar 29, 2026
Merged

⚑ Bolt: Implement blockchain chaining for field officer visits #609

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
eda0273
bolt: Implement blockchain chaining for field officer visits
RohanExploit Mar 29, 2026
e02a857
bolt: Implement blockchain chaining for field officer visits
RohanExploit Mar 29, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions backend/cache.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -175,4 +175,5 @@ def invalidate(self):
user_upload_cache = ThreadSafeCache(ttl=3600, max_size=1000) # 1 hour TTL for upload limits
blockchain_last_hash_cache = ThreadSafeCache(ttl=3600, max_size=1)
grievance_last_hash_cache = ThreadSafeCache(ttl=3600, max_size=1)
visit_last_hash_cache = ThreadSafeCache(ttl=3600, max_size=2)
user_issues_cache = ThreadSafeCache(ttl=300, max_size=50) # 5 minutes TTL
16 changes: 12 additions & 4 deletions backend/geofencing_service.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,7 @@ def generate_visit_hash(visit_data: dict) -> str:
Generate a tamper-resistant HMAC hash for visit data (blockchain-like integrity).

Uses HMAC-SHA256 with server secret to prevent forgery.
Normalizes datetime to ISO format for deterministic hashing.
Normalizes datetime to UTC ISO format for deterministic hashing.

Args:
visit_data: Dictionary containing visit information
Expand All @@ -104,21 +104,29 @@ def generate_visit_hash(visit_data: dict) -> str:
HMAC-SHA256 hash of visit data
"""
try:
# Normalize check_in_time to ISO format string for determinism
# Normalize check_in_time to UTC ISO format string for determinism
# Ensure microseconds are stripped for consistent comparison across DBs
check_in_time = visit_data.get('check_in_time')
if isinstance(check_in_time, datetime):
check_in_time_str = check_in_time.isoformat()
# Normalize to UTC and strip microseconds for consistency
if check_in_time.tzinfo is None:
check_in_time = check_in_time.replace(tzinfo=timezone.utc)
else:
check_in_time = check_in_time.astimezone(timezone.utc)

check_in_time_str = check_in_time.replace(microsecond=0).strftime('%Y-%m-%dT%H:%M:%S')
Copy link
Copy Markdown
Contributor

@cubic-dev-ai cubic-dev-ai Bot Mar 29, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1: Changing datetime serialization in the hash function breaks verification of existing stored hashes created with the old format.

Prompt for AI agents 
Check if this issue is valid β€” if so, understand the root cause and fix it. At backend/geofencing_service.py, line 117:

<comment>Changing datetime serialization in the hash function breaks verification of existing stored hashes created with the old format.</comment>

<file context>
@@ -104,21 +104,29 @@ def generate_visit_hash(visit_data: dict) -> str:
+            else:
+                check_in_time = check_in_time.astimezone(timezone.utc)
+
+            check_in_time_str = check_in_time.replace(microsecond=0).strftime('%Y-%m-%dT%H:%M:%S')
         else:
             check_in_time_str = str(check_in_time) if check_in_time else ""
</file context>
Fix with Cubic

else:
check_in_time_str = str(check_in_time) if check_in_time else ""

# Create a deterministic string from visit data
# Create a deterministic string from visit data, including previous hash for chaining
data_string = (
f"{visit_data.get('issue_id')}"
f"{visit_data.get('officer_email')}"
f"{visit_data.get('check_in_latitude')}"
f"{visit_data.get('check_in_longitude')}"
f"{check_in_time_str}"
f"{visit_data.get('visit_notes', '')}"
f"{visit_data.get('previous_visit_hash', '')}"
)
Comment on lines +107 to 130
Copy link

Copilot AI Mar 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

generate_visit_hash now (1) strips microseconds / changes datetime formatting and (2) includes previous_visit_hash in the hashed payload. Any existing field_officer_visits.visit_hash values generated with the old algorithm will no longer verify, even if the rows are untampered. To avoid breaking verification in production, consider versioning the hash scheme (try legacy computation when verification fails) and/or migrating existing rows by recomputing/storing hashes + previous hashes in a backfill.

Copilot uses AI. Check for mistakes.

# Generate HMAC-SHA256 hash for tamper-resistance
Expand Down
7 changes: 7 additions & 0 deletions backend/init_db.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -187,6 +187,10 @@ def index_exists(table, index_name):

# Indexes for field_officer_visits (run regardless of table creation)
if inspector.has_table("field_officer_visits"):
if not column_exists("field_officer_visits", "previous_visit_hash"):
conn.execute(text("ALTER TABLE field_officer_visits ADD COLUMN previous_visit_hash VARCHAR"))
logger.info("Added previous_visit_hash column to field_officer_visits")

if not index_exists("field_officer_visits", "ix_field_officer_visits_issue_id"):
conn.execute(text("CREATE INDEX IF NOT EXISTS ix_field_officer_visits_issue_id ON field_officer_visits (issue_id)"))

Expand All @@ -199,6 +203,9 @@ def index_exists(table, index_name):
if not index_exists("field_officer_visits", "ix_field_officer_visits_check_in_time"):
conn.execute(text("CREATE INDEX IF NOT EXISTS ix_field_officer_visits_check_in_time ON field_officer_visits (check_in_time)"))

if not index_exists("field_officer_visits", "ix_field_officer_visits_previous_visit_hash"):
conn.execute(text("CREATE INDEX IF NOT EXISTS ix_field_officer_visits_previous_visit_hash ON field_officer_visits (previous_visit_hash)"))

logger.info("Database migration check completed successfully.")

except Exception as e:
Expand Down
1 change: 1 addition & 0 deletions backend/models.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -253,6 +253,7 @@ class FieldOfficerVisit(Base):

# Immutability hash (blockchain-like integrity)
visit_hash = Column(String, nullable=True) # Hash of visit data for integrity verification
previous_visit_hash = Column(String, nullable=True, index=True) # Linked hash for O(1) verification

# Metadata
created_at = Column(DateTime, default=lambda: datetime.datetime.now(datetime.timezone.utc))
Expand Down
77 changes: 73 additions & 4 deletions backend/routers/field_officer.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,9 +27,12 @@
from backend.geofencing_service import (
is_within_geofence,
generate_visit_hash,
verify_visit_integrity,
calculate_visit_metrics,
get_geofencing_service
)
from backend.cache import visit_last_hash_cache
from backend.schemas import BlockchainVerificationResponse

logger = logging.getLogger(__name__)

Expand Down Expand Up @@ -93,20 +96,34 @@ def officer_check_in(request: OfficerCheckInRequest, db: Session = Depends(get_d
)

# Create visit record
check_in_time = datetime.now(timezone.utc)

# Normalize check_in_time: strip microseconds for deterministic hashing across DBs
check_in_time = datetime.now(timezone.utc).replace(microsecond=0)

# Blockchain feature: calculate integrity hash for the visit
# Performance Boost: Use thread-safe cache to eliminate DB query for last hash
prev_hash = visit_last_hash_cache.get("last_hash")
if prev_hash is None:
# Cache miss: Fetch only the last hash from DB
prev_visit = db.query(FieldOfficerVisit.visit_hash).order_by(FieldOfficerVisit.id.desc()).first()
prev_hash = prev_visit[0] if prev_visit and prev_visit[0] else ""
visit_last_hash_cache.set(data=prev_hash, key="last_hash")
Comment on lines +104 to +109
Copy link

Copilot AI Mar 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is a race condition for concurrent check-ins: two requests can read the same prev_hash (from cache or the DB) and both commit visits pointing to the same previous_visit_hash, effectively forking the chain. If the chain must be strictly linear, this needs serialization at the DB level (e.g., locking/transactional β€œread last then insert”, or a monotonic sequence/unique constraint that prevents two rows from sharing the same predecessor).

Copilot uses AI. Check for mistakes.

Comment on lines +104 to +110
Copy link

Copilot AI Mar 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The visit chaining cache trusts the in-process last_hash without validating it against the DB tail. In multi-worker deployments or after out-of-band writes, this can chain to a stale hash and permanently fork the chain. Consider caching both last_id and last_hash and comparing them to SELECT id, visit_hash ORDER BY id DESC LIMIT 1 (similar to GrievanceService.create_grievance’s cache consistency check) before using the cached value.

Copilot uses AI. Check for mistakes.
visit_data = {
'issue_id': request.issue_id,
'officer_email': request.officer_email,
'check_in_latitude': request.check_in_latitude,
'check_in_longitude': request.check_in_longitude,
'check_in_time': check_in_time.isoformat(),
'visit_notes': request.visit_notes or ''
'check_in_time': check_in_time,
'visit_notes': request.visit_notes or '',
'previous_visit_hash': prev_hash
}

# Generate immutable hash
visit_hash = generate_visit_hash(visit_data)

# Update cache for next visit
visit_last_hash_cache.set(data=visit_hash, key="last_hash")
Copy link
Copy Markdown
Contributor

@cubic-dev-ai cubic-dev-ai Bot Mar 29, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1: Do not update visit_last_hash_cache before db.commit(), or failed inserts can poison the chain head for subsequent visits.

Prompt for AI agents 
Check if this issue is valid β€” if so, understand the root cause and fix it. At backend/routers/field_officer.py, line 125:

<comment>Do not update `visit_last_hash_cache` before `db.commit()`, or failed inserts can poison the chain head for subsequent visits.</comment>

<file context>
@@ -93,20 +96,34 @@ def officer_check_in(request: OfficerCheckInRequest, db: Session = Depends(get_d
         visit_hash = generate_visit_hash(visit_data)
         
+        # Update cache for next visit
+        visit_last_hash_cache.set(data=visit_hash, key="last_hash")
+
         new_visit = FieldOfficerVisit(
</file context>
Fix with Cubic

Comment on lines 123 to +125
Copy link

Copilot AI Mar 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

visit_last_hash_cache is updated with the newly computed visit_hash before the DB write is committed. If db.commit() fails/rolls back, the cache will point at a hash that does not exist in the DB, causing subsequent visits to chain incorrectly. Update the cache only after a successful commit (and consider invalidating it on exceptions/rollbacks).

Suggested change
# Update cache for next visit
visit_last_hash_cache.set(data=visit_hash, key="last_hash")

Copilot uses AI. Check for mistakes.

new_visit = FieldOfficerVisit(
issue_id=request.issue_id,
grievance_id=request.grievance_id,
Expand All @@ -123,6 +140,7 @@ def officer_check_in(request: OfficerCheckInRequest, db: Session = Depends(get_d
visit_notes=request.visit_notes,
status='checked_in',
visit_hash=visit_hash,
previous_visit_hash=prev_hash,
is_public=True
)

Expand Down Expand Up @@ -484,3 +502,54 @@ def verify_visit(
except Exception as e:
logger.error(f"Error verifying visit {visit_id}: {e}", exc_info=True)
raise HTTPException(status_code=500, detail="Verification failed")


@router.get("/field-officer/{visit_id}/blockchain-verify", response_model=BlockchainVerificationResponse)
def verify_visit_blockchain(visit_id: int, db: Session = Depends(get_db)):
"""
Verify the cryptographic integrity of a field officer visit using blockchain-style chaining.
Optimized: Uses previous_visit_hash column for O(1) verification.
"""
try:
visit = db.query(FieldOfficerVisit).filter(FieldOfficerVisit.id == visit_id).first()

if not visit:
raise HTTPException(status_code=404, detail=f"Visit {visit_id} not found")

# Determine previous hash (O(1) from stored column)
prev_hash = visit.previous_visit_hash or ""

# Chaining logic: rebuild the dictionary for verification
visit_data = {
'issue_id': visit.issue_id,
'officer_email': visit.officer_email,
'check_in_latitude': visit.check_in_latitude,
'check_in_longitude': visit.check_in_longitude,
'check_in_time': visit.check_in_time,
'visit_notes': visit.visit_notes or '',
'previous_visit_hash': prev_hash
}

# Use helper for verification
is_valid = verify_visit_integrity(visit_data, visit.visit_hash)
Copy link
Copy Markdown
Contributor

@cubic-dev-ai cubic-dev-ai Bot Mar 29, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2: Blockchain verification currently checks row integrity only; it should also verify the previous_visit_hash link against the actual previous visit record.

Prompt for AI agents 
Check if this issue is valid β€” if so, understand the root cause and fix it. At backend/routers/field_officer.py, line 534:

<comment>Blockchain verification currently checks row integrity only; it should also verify the `previous_visit_hash` link against the actual previous visit record.</comment>

<file context>
@@ -484,3 +502,54 @@ def verify_visit(
+        }
+
+        # Use helper for verification
+        is_valid = verify_visit_integrity(visit_data, visit.visit_hash)
+
+        # For the response, we need the computed hash
</file context>
Suggested change
is_valid = verify_visit_integrity(visit_data, visit.visit_hash)
previous_hash_in_db = db.query(FieldOfficerVisit.visit_hash).filter(FieldOfficerVisit.id < visit.id).order_by(FieldOfficerVisit.id.desc()).scalar() or ""
chain_link_valid = prev_hash == previous_hash_in_db
is_valid = chain_link_valid and verify_visit_integrity(visit_data, visit.visit_hash)
Fix with Cubic


Comment on lines +519 to +535
Copy link

Copilot AI Mar 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/blockchain-verify recomputes the visit hash using the stored previous_visit_hash, but it never checks that previous_visit_hash actually matches the current visit_hash of the previous visit record. As a result, tampering with an earlier visit won’t invalidate later visits when verified individually. If the goal is chain continuity, add an O(1) lookup of the previous record (or store a previous_visit_id) and compare its visit_hash to previous_visit_hash as part of verification.

Copilot uses AI. Check for mistakes.
# For the response, we need the computed hash
computed_hash = generate_visit_hash(visit_data)

if is_valid:
message = "Integrity verified. This visit record is cryptographically sealed and part of a secure chain."
else:
message = "Integrity check failed! The visit data does not match its cryptographic seal."

return BlockchainVerificationResponse(
is_valid=is_valid,
current_hash=visit.visit_hash,
computed_hash=computed_hash,
message=message
)

except HTTPException:
raise
except Exception as e:
logger.error(f"Error verifying visit blockchain for {visit_id}: {e}", exc_info=True)
raise HTTPException(status_code=500, detail="Failed to verify visit integrity")
6 changes: 4 additions & 2 deletions tests/test_blockchain.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,8 @@ def test_blockchain_verification_success(client, db_session):
issue1 = Issue(
description="First issue",
category="Road",
integrity_hash=hash1
integrity_hash=hash1,
previous_integrity_hash=""
)
db_session.add(issue1)
db_session.commit()
Expand All @@ -42,7 +43,8 @@ def test_blockchain_verification_success(client, db_session):
issue2 = Issue(
description="Second issue",
category="Garbage",
integrity_hash=hash2
integrity_hash=hash2,
previous_integrity_hash=hash1
)
db_session.add(issue2)
db_session.commit()
Expand Down
137 changes: 137 additions & 0 deletions tests/test_blockchain_visit.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,137 @@
import pytest
from fastapi.testclient import TestClient
from sqlalchemy import text
from sqlalchemy.orm import Session
from datetime import datetime, timezone
import hashlib

from backend.main import app
from backend.database import get_db, Base, engine
from backend.models import Issue, FieldOfficerVisit
from backend.cache import visit_last_hash_cache

# Use an isolated SQLite database for blockchain tests
SQLALCHEMY_DATABASE_URL = "sqlite:///./test_blockchain_visit.db"

@pytest.fixture(scope="module")
def client():
# Setup: Create tables in the test database
Base.metadata.create_all(bind=engine)
Copy link
Copy Markdown
Contributor

@cubic-dev-ai cubic-dev-ai Bot Mar 29, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1: The fixture is not actually isolated to the declared test database; it uses the global app engine for create/drop operations.

Prompt for AI agents 
Check if this issue is valid β€” if so, understand the root cause and fix it. At tests/test_blockchain_visit.py, line 19:

<comment>The fixture is not actually isolated to the declared test database; it uses the global app engine for create/drop operations.</comment>

<file context>
@@ -0,0 +1,137 @@
+@pytest.fixture(scope="module")
+def client():
+    # Setup: Create tables in the test database
+    Base.metadata.create_all(bind=engine)
+    with TestClient(app) as c:
+        yield c
</file context>
Fix with Cubic

with TestClient(app) as c:
yield c
# Teardown: Remove the test database file if needed,
# but here we just rely on the fact it's a separate file or in-memory
Base.metadata.drop_all(bind=engine)
Comment on lines +13 to +24
Copy link

Copilot AI Mar 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The test claims to use an isolated SQLite DB (SQLALCHEMY_DATABASE_URL), but Base.metadata.create_all(bind=engine) / drop_all(bind=engine) uses the app’s global engine from backend.database (defaults to sqlite:///./data/issues.db). This can clobber the developer/CI database and will also interfere with other tests. Create a dedicated test engine (e.g., from SQLALCHEMY_DATABASE_URL or a tmp_path) and override get_db (as tests/test_blockchain.py does) so the app uses the isolated session, and ensure teardown removes only the test DB.

Copilot uses AI. Check for mistakes.

def test_visit_blockchain_chaining(client):
# Clear cache for deterministic test
visit_last_hash_cache.clear()

# 1. Create a test issue
db = next(get_db())
issue = Issue(
Comment on lines +30 to +32
Copy link

Copilot AI Mar 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

db = next(get_db()) retrieves a session from the dependency generator but never closes it (the generator’s finally: db.close() won’t run). Use a dedicated session fixture / dependency override, or ensure the generator is properly closed (e.g., via context management) to avoid leaking connections and causing SQLite locking issues.

Copilot uses AI. Check for mistakes.
description="Pothole on Main St",
category="Road",
latitude=18.5204,
longitude=73.8567,
status="open"
)
db.add(issue)
db.commit()
db.refresh(issue)

# 2. First check-in (Root of the chain)
checkin1 = {
"issue_id": issue.id,
"officer_email": "officer1@city.gov",
"officer_name": "John Doe",
"check_in_latitude": 18.5205,
"check_in_longitude": 73.8568,
"visit_notes": "First visit",
"geofence_radius_meters": 100.0
}
response1 = client.post("/api/field-officer/check-in", json=checkin1)
assert response1.status_code == 200
data1 = response1.json()
visit1_id = data1["id"]
visit1_hash = data1.get("visit_hash") # Note: Visit hash is not in FieldOfficerVisitResponse by default in schemas.py?

# Re-fetch from DB to check visit_hash and previous_visit_hash
v1 = db.query(FieldOfficerVisit).filter(FieldOfficerVisit.id == visit1_id).first()
assert v1.visit_hash is not None
assert v1.previous_visit_hash == ""

# 3. Second check-in (Chained to first)
checkin2 = {
"issue_id": issue.id,
"officer_email": "officer2@city.gov",
"officer_name": "Jane Smith",
"check_in_latitude": 18.5204,
"check_in_longitude": 73.8567,
"visit_notes": "Second visit",
"geofence_radius_meters": 100.0
}
response2 = client.post("/api/field-officer/check-in", json=checkin2)
assert response2.status_code == 200
data2 = response2.json()
visit2_id = data2["id"]

v2 = db.query(FieldOfficerVisit).filter(FieldOfficerVisit.id == visit2_id).first()
assert v2.visit_hash is not None
assert v2.previous_visit_hash == v1.visit_hash

# 4. Verify integrity via API
verify_resp1 = client.get(f"/api/field-officer/{visit1_id}/blockchain-verify")
assert verify_resp1.status_code == 200
assert verify_resp1.json()["is_valid"] is True

verify_resp2 = client.get(f"/api/field-officer/{visit2_id}/blockchain-verify")
assert verify_resp2.status_code == 200
assert verify_resp2.json()["is_valid"] is True

# 5. Simulate tampering
v2.visit_notes = "TAMPERED NOTES"
db.commit()

verify_tampered = client.get(f"/api/field-officer/{visit2_id}/blockchain-verify")
assert verify_tampered.status_code == 200
assert verify_tampered.json()["is_valid"] is False
assert "Integrity check failed" in verify_tampered.json()["message"]

def test_cache_miss_recovery(client):
# 1. Create a visit
db = next(get_db())
issue = db.query(Issue).first()
Copy link
Copy Markdown
Contributor

@cubic-dev-ai cubic-dev-ai Bot Mar 29, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2: This test has an inter-test dependency by assuming an Issue already exists; it can fail when run in isolation.

Prompt for AI agents 
Check if this issue is valid β€” if so, understand the root cause and fix it. At tests/test_blockchain_visit.py, line 104:

<comment>This test has an inter-test dependency by assuming an Issue already exists; it can fail when run in isolation.</comment>

<file context>
@@ -0,0 +1,137 @@
+def test_cache_miss_recovery(client):
+    # 1. Create a visit
+    db = next(get_db())
+    issue = db.query(Issue).first()
+
+    checkin = {
</file context>
Fix with Cubic


checkin = {
"issue_id": issue.id,
"officer_email": "officer3@city.gov",
"officer_name": "Officer Cache",
"check_in_latitude": 18.5204,
"check_in_longitude": 73.8567,
"visit_notes": "Cache test",
"geofence_radius_meters": 100.0
}
client.post("/api/field-officer/check-in", json=checkin)

last_visit = db.query(FieldOfficerVisit).order_by(FieldOfficerVisit.id.desc()).first()
last_hash = last_visit.visit_hash

# 2. Clear cache
visit_last_hash_cache.clear()

# 3. Next check-in should still chain correctly by fetching from DB
checkin_next = {
"issue_id": issue.id,
"officer_email": "officer4@city.gov",
"officer_name": "Officer Recovery",
"check_in_latitude": 18.5204,
"check_in_longitude": 73.8567,
"visit_notes": "Recovery test",
"geofence_radius_meters": 100.0
}
resp = client.post("/api/field-officer/check-in", json=checkin_next)
assert resp.status_code == 200

v_next = db.query(FieldOfficerVisit).order_by(FieldOfficerVisit.id.desc()).first()
assert v_next.previous_visit_hash == last_hash
Loading