⚡ Bolt: Blockchain Chaining and ORM Query Optimization

[RohanExploit]

Implemented blockchain chaining for ClosureConfirmation and optimized the GrievanceService creation path. Also applied a performance optimization to grievance retrieval by switching to 'selectinload' for audit logs.

---

PR created automatically by Jules for task 9240946891921980833 started by @RohanExploit

---

Summary by cubic

Adds HMAC‑SHA256 blockchain chaining for closure confirmations and speeds up grievance reads/writes via cache‑first hash lookups and selectinload for audit logs. Also adds an O(1) verification endpoint and auto‑migration for new hash fields.

• New Features

  • Blockchain chaining for ClosureConfirmation with integrity_hash and indexed previous_integrity_hash.
  • New endpoint: GET /closure-confirmation/{confirmation_id}/blockchain-verify for O(1) integrity checks.
  • Added closure_last_hash_cache to avoid DB reads for the previous hash.
  • Auto DB migration adds the new columns and index.

• Performance

  • Grievance creation: cache‑first previous-hash lookup (grievance_last_hash_cache) to remove an extra query.
  • Grievance list/detail: switched audit_logs from joinedload to selectinload to avoid Cartesian products and speed up fetches.

^{Written for commit 221ef85. Summary will update on new commits.}

Summary by CodeRabbit

• New Features

  • Added a verification endpoint so users can validate the integrity chain of closure confirmations.
  • System now computes and stores chained integrity hashes for each closure confirmation.

• Performance

  • Reduced repeated database reads by relying on a cached previous-hash value when creating records.

• Chores

  • Database migration and schema updates added to support new integrity fields.

[google-labs-jules]

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.

---

For security, I will only act on instructions from the user who triggered this task.

[netlify]

✅ Deploy Preview for fixmybharat canceled.

Name	Link
🔨 Latest commit	221ef85
🔍 Latest deploy log	https://app.netlify.com/projects/fixmybharat/deploys/69d91b160581950008ad052a

[github-actions]

🙏 Thank you for your contribution, @RohanExploit!

PR Details:

• Title: ⚡ Bolt: Blockchain Chaining and ORM Query Optimization
• Number: ⚡ Bolt: Blockchain Chaining and ORM Query Optimization #652

Quality Checklist:
Please ensure your PR meets the following criteria:

• Code follows the project's style guidelines
• Self-review of code completed
• Code is commented where necessary
• Documentation updated (if applicable)
• No new warnings generated
• Tests added/updated (if applicable)
• All tests passing locally
• No breaking changes to existing functionality

Review Process:

1. Automated checks will run on your code
2. A maintainer will review your changes
3. Address any requested changes promptly
4. Once approved, your PR will be merged! 🎉

Note: The maintainers will monitor code quality and ensure the overall project flow isn't broken.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: ddccce27-ace0-4841-9f80-cdd85c7aba7e

📥 Commits

Reviewing files that changed from the base of the PR and between e0631c5 and 221ef85.

📒 Files selected for processing (1)

• backend/routers/grievances.py

---

📝 Walkthrough

Walkthrough

Added HMAC-SHA256 integrity chaining for ClosureConfirmations with previous-hash linking and a thread-safe cache; grievance chaining now relies on cached previous hash. Added model columns, migration steps, a verification endpoint, and cache instance for closure confirmations.

Changes

Cohort / File(s)	Summary
Cache Infrastructure backend/cache.py	Added closure_last_hash_cache: ThreadSafeCache = ThreadSafeCache(ttl=3600, max_size=1).
Data Model & Migrations backend/models.py, backend/init_db.py	Added integrity_hash and indexed previous_integrity_hash to ClosureConfirmation; migration adds columns and index conditionally.
Service Layer - Closure Integrity backend/closure_service.py	Compute HMAC-SHA256 chained integrity_hash using cached prev hash (DB fallback), persist integrity_hash and previous_integrity_hash, update cache after commit.
Service Layer - Grievance Integrity backend/grievance_service.py	Simplified create_grievance to use cached grievance_last_hash_cache["last_hash"] or DB on cache miss; removed cached last_id consistency checks.
API Layer backend/routers/grievances.py	Switched Grievance.audit_logs eager-loading from joinedload to selectinload; added GET /closure-confirmation/{confirmation_id}/blockchain-verify to recompute and verify chained HMAC against stored hash.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant ClosureService as "Closure Service"
    participant Cache as "ThreadSafeCache (closure_last_hash_cache)"
    participant DB as "Database"
    participant HMAC as "HMAC-SHA256"

    Client->>ClosureService: Submit closure confirmation
    ClosureService->>Cache: Read last_hash
    alt cache hit
        Cache-->>ClosureService: prev_hash
    else cache miss
        ClosureService->>DB: Query latest ClosureConfirmation.integrity_hash
        DB-->>ClosureService: prev_hash
    end
    ClosureService->>HMAC: Compute HMAC(secret_key, "grievance_id|user_email|type|prev_hash")
    HMAC-->>ClosureService: computed_hash
    ClosureService->>DB: Insert ClosureConfirmation(integrity_hash, previous_integrity_hash)
    DB-->>ClosureService: commit success
    ClosureService->>Cache: Update last_hash = computed_hash
    Cache-->>ClosureService: ack
    ClosureService-->>Client: Return confirmation

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• ⚡ Bolt: Blockchain Chaining and ORM Query Optimization #652: Implements closure-confirmation blockchain chaining and adds closure_last_hash_cache, model/migration, and router/service updates matching these changes.
• feat: Add community confirmation before grievance closure (Issue #289) #328: Earlier changes introducing ClosureConfirmation handling that this PR extends with integrity/hash and cache logic.
• ⚡ Bolt: Optimized Blockchain Integrity and Admin Stats #516: Implements the same blockchain-integrity chaining pattern for a different model (Issues), sharing schema, cache, and verification patterns.

Suggested labels

ECWoC26, medium

Poem

🐰 I nibble hashes, one then two,
A chain of HMACs in morning dew,
Cache keeps the rhythm, DB keeps the cue,
Little bunny verifies true,
Hops of integrity, bright and new. 🥕

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title directly reflects the two main changes: blockchain chaining for ClosureConfirmation and ORM query optimization for grievance retrieval.
Description check	✅ Passed	The description covers the main changes, includes type of change (⚡ Performance improvement), provides testing context, and includes auto-generated summaries.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch bolt-blockchain-and-query-opt-v1-9240946891921980833

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

Adds blockchain-style chaining/verification support for ClosureConfirmation and applies ORM/query-path optimizations to reduce DB load during grievance creation and grievance retrieval.

Changes:

• Switched grievance audit log loading from joinedload to selectinload in grievance list/detail endpoints.
• Added integrity_hash and previous_integrity_hash fields (plus migration/index) for ClosureConfirmation, and added a new blockchain verification endpoint.
• Optimized grievance and closure-confirmation creation chaining by using thread-safe caches to avoid repeated “last hash” DB queries.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
backend/routers/grievances.py	Uses selectinload for audit logs and adds closure-confirmation blockchain verification endpoint.
backend/models.py	Adds integrity chaining columns to ClosureConfirmation model.
backend/init_db.py	Migrates existing DBs to add new closure-confirmation columns and index.
backend/grievance_service.py	Optimizes grievance creation by caching last integrity hash.
backend/closure_service.py	Adds closure-confirmation integrity chaining (HMAC) and cache usage.
backend/cache.py	Introduces closure_last_hash_cache instance.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (1)

backend/routers/grievances.py (1)

594-603: Extract the closure-confirmation hash builder into a shared helper.

This endpoint has to stay byte-for-byte aligned with backend/closure_service.py when computing the HMAC. Keeping the payload construction duplicated in both places makes future changes easy to miss on one side and will silently break verification. A single helper for “build closure confirmation hash input + compute digest” would remove that drift risk.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@backend/routers/grievances.py` around lines 594 - 603, The HMAC
input/construction logic in grievances.py is duplicated with
backend/closure_service.py and must be extracted into a single shared helper
(e.g., compute_closure_confirmation_hash or build_closure_confirmation_hmac) so
both consumers use identical byte-for-byte behavior; implement the helper in a
common utility module, have it take the fields (grievance_id, user_email,
confirmation_type, prev_hash) and internally fetch get_auth_config().secret_key,
perform the same f"{grievance_id}|{user_email}|{confirmation_type}|{prev_hash}"
concatenation and hashlib.sha256 HMAC, then replace the inline logic in both
grievances.py and closure_service.py to call this helper.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@backend/closure_service.py`:
- Around line 93-100: The current prev_hash read from closure_last_hash_cache
(closure_last_hash_cache.get("last_hash")) is not serialized with hash
generation and db.commit, allowing forks; instead, perform chain-head selection
and update inside a DB-backed lock or cross-process serialization primitive so
only one worker can read the last hash, compute the new integrity hash, insert
the ClosureConfirmation row and commit as an atomic sequence. Concretely:
replace the separate cache read + DB insert flow around ClosureConfirmation with
a DB-level lock (e.g., SELECT ... FOR UPDATE on a chain-head row or a database
advisory lock) so you read the authoritative last hash, compute the new hash,
insert/commit the ClosureConfirmation within that locked transaction, and only
after successful commit update closure_last_hash_cache.set(...) (and avoid
relying on the process-local cache for serialization).
- Around line 102-118: The integrity HMAC currently built from hash_content
(grievance_id|user_email|confirmation_type|prev_hash) and
get_auth_config().secret_key omits stored fields like reason and ties
verification to the auth secret; update the signing in the function that creates
ClosureConfirmation so the canonical payload includes every persisted,
integrity-relevant field (e.g. grievance_id, user_email, confirmation_type,
reason, previous_integrity_hash, timestamp/created_at, and any other stored
metadata) serialized in a stable order (use an explicit delimiter or canonical
JSON) and compute integrity_hash over that payload; replace use of
get_auth_config().secret_key with a dedicated, versioned integrity key (e.g.
integrity_keys.current or a get_integrity_key(version)) and store the integrity
key version alongside ClosureConfirmation so old records can be verified after
rotation.

In `@backend/grievance_service.py`:
- Around line 90-96: The current cache-first head lookup using
grievance_last_hash_cache can produce forked chains under concurrency; modify
the create/insert path that uses grievance_last_hash_cache/get() and
db.query(Grievance.integrity_hash) so the head selection and insert are
serialized at the DB layer: wrap the head-read+insert in a single transaction
and either lock a dedicated chain-head row using SELECT ... FOR UPDATE (or lock
the Grievance head row) before reading integrity_hash, or add a uniqueness
constraint on Grievance.previous_integrity_hash and perform the insert with
retry on unique-constraint violation; ensure grievance_last_hash_cache.set() is
only updated after a successful committed insert and retries refresh the cache
from the DB.

---

Nitpick comments:
In `@backend/routers/grievances.py`:
- Around line 594-603: The HMAC input/construction logic in grievances.py is
duplicated with backend/closure_service.py and must be extracted into a single
shared helper (e.g., compute_closure_confirmation_hash or
build_closure_confirmation_hmac) so both consumers use identical byte-for-byte
behavior; implement the helper in a common utility module, have it take the
fields (grievance_id, user_email, confirmation_type, prev_hash) and internally
fetch get_auth_config().secret_key, perform the same
f"{grievance_id}|{user_email}|{confirmation_type}|{prev_hash}" concatenation and
hashlib.sha256 HMAC, then replace the inline logic in both grievances.py and
closure_service.py to call this helper.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 55114d20-c1f3-42a7-a662-c5fd46e672fc

📥 Commits

Reviewing files that changed from the base of the PR and between cb6dfe2 and e0631c5.

📒 Files selected for processing (6)

• backend/cache.py
• backend/closure_service.py
• backend/grievance_service.py
• backend/init_db.py
• backend/models.py
• backend/routers/grievances.py

[cubic-dev-ai]

3 issues found across 6 files

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="backend/routers/grievances.py">

<violation number="1" location="backend/routers/grievances.py:609">
P2: Use constant-time comparison for HMAC verification instead of `==` to avoid timing side-channel leakage.</violation>
</file>

<file name="backend/grievance_service.py">

<violation number="1" location="backend/grievance_service.py:91">
P1: Removing the DB-validation step from the blockchain cache creates a silent chain-corruption risk. The old code always compared the cached `last_hash`/`last_id` against the actual DB state to detect stale entries. The new code trusts the in-memory cache for up to 1 hour (the TTL in `cache.py`). If any concurrent request, worker, or external process inserts a grievance during that window, subsequent grievances will chain to a stale `prev_hash`, permanently forking the integrity chain.

Consider restoring the DB cross-check, or at minimum verifying `last_id` hasn't changed before trusting the cached hash.</violation>
</file>

<file name="backend/closure_service.py">

<violation number="1" location="backend/closure_service.py:95">
P1: Same chain-forking issue as in `grievance_service.py`: `prev_hash` is sourced from a process-local cache without any DB-level serialization. Concurrent `submit_confirmation` calls can both read the same cached `prev_hash` and produce different rows with identical `previous_integrity_hash`, forking the integrity chain. In multi-worker deployments each process maintains its own cache, making chains globally inconsistent. Use DB-level locking (e.g., `SELECT ... FOR UPDATE` on a chain-head row) within the same transaction to ensure linear chaining.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[cubic-dev-ai]

P1: Removing the DB-validation step from the blockchain cache creates a silent chain-corruption risk. The old code always compared the cached last_hash/last_id against the actual DB state to detect stale entries. The new code trusts the in-memory cache for up to 1 hour (the TTL in cache.py). If any concurrent request, worker, or external process inserts a grievance during that window, subsequent grievances will chain to a stale prev_hash, permanently forking the integrity chain.

Consider restoring the DB cross-check, or at minimum verifying last_id hasn't changed before trusting the cached hash.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At backend/grievance_service.py, line 91:

<comment>Removing the DB-validation step from the blockchain cache creates a silent chain-corruption risk. The old code always compared the cached `last_hash`/`last_id` against the actual DB state to detect stale entries. The new code trusts the in-memory cache for up to 1 hour (the TTL in `cache.py`). If any concurrent request, worker, or external process inserts a grievance during that window, subsequent grievances will chain to a stale `prev_hash`, permanently forking the integrity chain.

Consider restoring the DB cross-check, or at minimum verifying `last_id` hasn't changed before trusting the cached hash.</comment>

<file context>
@@ -87,29 +87,13 @@ def create_grievance(self, grievance_data: Dict[str, Any], db: Session = None) -
-            ):
-                prev_hash = db_last_hash or ""
+            # Performance Boost: Use thread-safe cache to eliminate DB query for last hash
+            prev_hash = grievance_last_hash_cache.get("last_hash")
+            if prev_hash is None:
+                # Cache miss: Fetch only the last hash from DB
</file context>