aevum-store-postgres 0.2.0__tar.gz → 0.4.0__tar.gz

aevum_store_postgres-0.4.0/.gitignore

@@ -0,0 +1,49 @@
+# Python
+__pycache__/
+*.pyc
+*.pyo
+*.pyd
+.venv/
+*.egg-info/
+
+# Build
+dist/
+build/
+site/
+
+# Tools
+.mypy_cache/
+.ruff_cache/
+.pytest_cache/
+.hypothesis/
+.cache/
+
+# IDE
+.vscode/
+.idea/
+*.swp
+*.swo
+
+# OS
+.DS_Store
+Thumbs.db
+
+# Verify scripts (run locally, never commit)
+verify_*.py
+scripts/verify_*.py
+
+# Aevum development — never commit (Phase 0+)
+aevum_principles.key
+signed_principles_draft.yaml
+tools/sign_principles.py
+
+# Private keys — never commit
+*.key
+*.pem
+
+# OpenSSF Scorecard output (Phase 0+)
+results.sarif
+verify_phase3.py
+verify_phase7.py
+verify_phase8.py
+verify_phase*.py

{aevum_store_postgres-0.2.0 → aevum_store_postgres-0.4.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: aevum-store-postgres
-Version: 0.2.0
+Version: 0.4.0
 Summary: Aevum — PostgreSQL GraphStore + ConsentLedger backend (team deployments).
 Project-URL: Homepage, https://aevum.build
 Project-URL: Repository, https://github.com/aevum-labs/aevum

{aevum_store_postgres-0.2.0 → aevum_store_postgres-0.4.0}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "aevum-store-postgres"
-version = "0.2.0"
+version = "0.4.0"
 description = "Aevum — PostgreSQL GraphStore + ConsentLedger backend (team deployments)."
 readme = "README.md"
 requires-python = ">=3.11"

{aevum_store_postgres-0.2.0 → aevum_store_postgres-0.4.0}/src/aevum/store/postgres/__init__.py

@@ -25,6 +25,6 @@ from aevum.store.postgres.consent import PostgresConsentLedger
 from aevum.store.postgres.ledger import PostgresLedger
 from aevum.store.postgres.store import PostgresStore
 
-__version__ = "0.1.0"
+__version__ = "0.4.0"
 
 __all__ = ["PostgresStore", "PostgresConsentLedger", "PostgresLedger"]

{aevum_store_postgres-0.2.0 → aevum_store_postgres-0.4.0}/src/aevum/store/postgres/ledger.py

@@ -11,6 +11,7 @@ The database table is INSERT-only -- no UPDATE or DELETE ever issued.
 from __future__ import annotations
 
 import json
+import logging
 import threading
 from typing import Any
 
@@ -118,6 +119,59 @@ class PostgresLedger:
         self._conn = conn
         self._sigchain = sigchain
         self._lock = lock or threading.Lock()
+        self._resume_chain_from_db()
+
+    def _resume_chain_from_db(self) -> None:
+        """
+        Seed the in-memory sigchain state from the last persisted event.
+
+        Without this, every Engine restart begins a new chain at
+        sequence=1 / prior_hash=GENESIS_HASH, silently forking the chain.
+        After this fix, the sigchain continues from where the last process left off.
+
+        Idempotent — safe to call on a fresh database (no-op if table empty).
+        """
+        from psycopg.rows import dict_row
+
+        log = logging.getLogger(__name__)
+        try:
+            with self._lock, self._conn.cursor(row_factory=dict_row) as cur:
+                cur.execute(
+                    """
+                    SELECT sequence, event_id, audit_id,
+                           event_type, actor, system_time,
+                           episode_id, causation_id, correlation_id,
+                           prior_hash, payload_hash, signature,
+                           signer_key_id, schema_version,
+                           valid_from, valid_to,
+                           trace_id, span_id, payload
+                    FROM aevum_ledger
+                    ORDER BY sequence DESC
+                    LIMIT 1
+                    """
+                )
+                row = cur.fetchone()
+        except Exception as exc:
+            log.debug(
+                "aevum-store-postgres: could not resume chain from DB (%s) "
+                "— starting from genesis. Normal on a fresh database.",
+                exc,
+            )
+            return
+
+        if row is None:
+            return  # Fresh database — genesis is correct
+
+        last_event = _row_to_event(row)
+        continuation_hash = AuditEvent.hash_event_for_chain(last_event)
+        self._sigchain.restore((last_event.sequence, continuation_hash))
+
+        log.debug(
+            "aevum-store-postgres: resumed chain from DB "
+            "— sequence=%d prior_hash=%s…",
+            last_event.sequence,
+            continuation_hash[:12],
+        )
 
     def append(
         self,
@@ -130,6 +184,10 @@ class PostgresLedger:
         correlation_id: str | None = None,
     ) -> AuditEvent:
         with self._lock:
+            # Save sigchain state before advancing it.
+            # If the INSERT fails, restore prevents the chain from
+            # chaining from a ghost event that was never persisted.
+            checkpoint = self._sigchain.checkpoint()
             event = self._sigchain.new_event(
                 event_type=event_type,
                 payload=payload,
@@ -139,29 +197,44 @@ class PostgresLedger:
                 correlation_id=correlation_id,
             )
             row = _event_to_row(event)
-            with self._conn.cursor() as cur:
-                cur.execute(
-                    """
-                    INSERT INTO aevum_ledger (
-                        event_id, audit_id, event_type, actor, system_time,
-                        episode_id, causation_id, correlation_id,
-                        prior_hash, payload_hash, signature, signer_key_id,
-                        schema_version, valid_from, valid_to,
-                        trace_id, span_id, payload
-                    ) VALUES (
-                        %(event_id)s, %(audit_id)s, %(event_type)s, %(actor)s,
-                        %(system_time)s, %(episode_id)s, %(causation_id)s,
-                        %(correlation_id)s, %(prior_hash)s, %(payload_hash)s,
-                        %(signature)s, %(signer_key_id)s, %(schema_version)s,
-                        %(valid_from)s, %(valid_to)s, %(trace_id)s,
-                        %(span_id)s, %(payload)s::jsonb
+            try:
+                with self._conn.cursor() as cur:
+                    cur.execute(
+                        """
+                        INSERT INTO aevum_ledger (
+                            event_id, audit_id, event_type, actor, system_time,
+                            episode_id, causation_id, correlation_id,
+                            prior_hash, payload_hash, signature, signer_key_id,
+                            schema_version, valid_from, valid_to,
+                            trace_id, span_id, payload
+                        ) VALUES (
+                            %(event_id)s, %(audit_id)s, %(event_type)s, %(actor)s,
+                            %(system_time)s, %(episode_id)s, %(causation_id)s,
+                            %(correlation_id)s, %(prior_hash)s, %(payload_hash)s,
+                            %(signature)s, %(signer_key_id)s, %(schema_version)s,
+                            %(valid_from)s, %(valid_to)s, %(trace_id)s,
+                            %(span_id)s, %(payload)s::jsonb
+                        )
+                        """,
+                        row,
                     )
-                    """,
-                    row,
-                )
-            self._conn.commit()
+                self._conn.commit()
+            except Exception:
+                self._sigchain.restore(checkpoint)
+                raise
             return event
 
+    def last_audit_id(self) -> str | None:
+        """Return the audit_id of the most recently appended event, or None."""
+        from psycopg.rows import dict_row
+
+        with self._lock, self._conn.cursor(row_factory=dict_row) as cur:
+            cur.execute(
+                "SELECT audit_id FROM aevum_ledger ORDER BY sequence DESC LIMIT 1"
+            )
+            row = cur.fetchone()
+        return row["audit_id"] if row else None
+
     def get(self, audit_id: str) -> AuditEvent:
         from psycopg.rows import dict_row
         with self._lock, self._conn.cursor(row_factory=dict_row) as cur:
@@ -187,6 +260,26 @@ class PostgresLedger:
             result = cur.fetchone()
         return result[0] if result else 0
 
+    def max_sequence_for_subjects(self, subject_ids: list[str]) -> int:
+        """
+        Return the highest sequence number among all ingest.accepted events
+        whose payload subject_id is in subject_ids. Returns 0 if none found.
+        """
+        if not subject_ids:
+            return 0
+        with self._lock, self._conn.cursor() as cur:
+            cur.execute(
+                """
+                SELECT COALESCE(MAX(sequence), 0)
+                FROM aevum_ledger
+                WHERE event_type = 'ingest.accepted'
+                  AND payload->>'subject_id' = ANY(%s)
+                """,
+                (subject_ids,),
+            )
+            result = cur.fetchone()
+        return int(result[0]) if result else 0
+
     def __delitem__(self, key: object) -> None:
         raise BarrierViolationError(
             "Attempted to delete a ledger entry -- Barrier 4 (Audit Immutability) violated."

{aevum_store_postgres-0.2.0 → aevum_store_postgres-0.4.0}/tests/test_ledger.py

@@ -56,6 +56,18 @@ class FakeCursor:
             matches = [r for r in self._conn._rows if r.get("audit_id") == audit_id]
             self._last_result = [list(r.values()) for r in matches]
             self.description = [[k] for k in (matches[0].keys() if matches else [])]
+        elif "order by sequence desc" in sql_lower and "limit 1" in sql_lower:
+            if self._conn._rows:
+                last_row = max(self._conn._rows, key=lambda r: r.get("sequence", 0))
+                if "select audit_id" in sql_lower:
+                    self._last_result = [[last_row.get("audit_id", "")]]
+                    self.description = [["audit_id"]]
+                else:
+                    self._last_result = [list(last_row.values())]
+                    self.description = [[k] for k in last_row]
+            else:
+                self._last_result = []
+                self.description = []
         elif "order by sequence" in sql_lower:
             sorted_rows = sorted(self._conn._rows, key=lambda r: r.get("sequence", 0))
             self._last_result = [list(r.values()) for r in sorted_rows]
@@ -120,6 +132,73 @@ class TestPostgresLedger:
         assert "payload" in row
 
 
+def test_rollback_on_write_failure() -> None:
+    """Failed INSERT must not corrupt in-memory sigchain state."""
+    from aevum.core.audit.sigchain import GENESIS_HASH
+
+    class ExplodingCursor:
+        description: list = []
+        def __enter__(self): return self
+        def __exit__(self, *a): pass
+        def execute(self, sql: str, params=None) -> None:
+            if "INSERT" in sql.upper():
+                raise RuntimeError("simulated disk full")
+        def fetchone(self): return None
+        def fetchall(self): return []
+
+    class ExplodingConn:
+        _rows: list = []
+        _sequence: int = 0
+        def cursor(self, row_factory=None): return ExplodingCursor()
+        def commit(self): pass
+
+    sc = Sigchain()
+    ledger = PostgresLedger(ExplodingConn(), sc)
+
+    with pytest.raises(RuntimeError):
+        ledger.append(event_type="will.fail", payload={}, actor="a")
+
+    assert sc._sequence == 0, f"rollback failed: _sequence={sc._sequence}"
+    assert sc._prior_hash == GENESIS_HASH, "rollback failed: prior_hash changed"
+
+
+def test_chain_continuity_across_restart() -> None:
+    """New PostgresLedger on existing data must continue the chain."""
+    conn = FakeConn()
+    sc1 = Sigchain()
+    ledger1 = PostgresLedger(conn, sc1)
+    for i in range(3):
+        ledger1.append(event_type=f"s1.{i}", payload={"i": i}, actor="a")
+    assert sc1._sequence == 3
+
+    # Simulate restart: new sigchain + new ledger on same conn
+    sc2 = Sigchain()
+    assert sc2._sequence == 0  # starts fresh
+
+    ledger2 = PostgresLedger(conn, sc2)  # _resume_chain_from_db fires
+
+    assert sc2._sequence == 3, (
+        f"Expected sequence=3 after resume, got {sc2._sequence}. "
+        "Chain fork: each restart should CONTINUE, not start over."
+    )
+
+    e = ledger2.append(event_type="s2.first", payload={}, actor="b")
+    assert e.sequence == 4, f"Expected sequence=4, got {e.sequence}"
+
+
+def test_last_audit_id_empty() -> None:
+    conn = FakeConn()
+    ledger = PostgresLedger(conn, Sigchain())
+    assert ledger.last_audit_id() is None
+
+
+def test_last_audit_id_after_append() -> None:
+    conn = FakeConn()
+    ledger = PostgresLedger(conn, Sigchain())
+    e = ledger.append(event_type="test", payload={}, actor="a")
+    assert ledger.last_audit_id() == e.audit_id()
+
+
 # Integration tests -- require a real Postgres database
 _POSTGRES_DSN = os.environ.get("AEVUM_TEST_POSTGRES_DSN")
 

aevum_store_postgres-0.2.0/.gitignore

@@ -1,31 +0,0 @@
-# Python
-__pycache__/
-*.pyc
-*.pyo
-*.pyd
-.venv/
-*.egg-info/
-
-# Build
-dist/
-build/
-
-# Tools
-.mypy_cache/
-.ruff_cache/
-.pytest_cache/
-.hypothesis/
-
-# IDE
-.vscode/
-.idea/
-*.swp
-*.swo
-
-# OS
-.DS_Store
-Thumbs.db
-
-# Verify scripts (run locally, never commit)
-verify_phase*.py
-scripts/verify_phase*.py