PyPI - aevum-store-postgres - Versions diffs - 0.3.0__tar.gz → 0.5.0__tar.gz - Mend

aevum-store-postgres 0.3.0tar.gz → 0.5.0tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

aevum_store_postgres-0.5.0/.gitignore ADDED Viewed

@@ -0,0 +1,52 @@
+# Python
+__pycache__/
+*.pyc
+*.pyo
+*.pyd
+.venv/
+*.egg-info/
+# Build
+dist/
+build/
+site/
+# Tools
+.mypy_cache/
+.ruff_cache/
+.pytest_cache/
+.hypothesis/
+.cache/
+# IDE
+.vscode/
+.idea/
+*.swp
+*.swo
+# OS
+.DS_Store
+Thumbs.db
+# Verify scripts (run locally, never commit)
+verify_*.py
+scripts/verify_*.py
+# Aevum development — never commit (Phase 0+)
+aevum_principles.key
+signed_principles_draft.yaml
+tools/sign_principles.py
+# Private keys — never commit
+*.key
+*.pem
+# OpenSSF Scorecard output (Phase 0+)
+results.sarif
+verify_phase3.py
+verify_phase7.py
+verify_phase8.py
+verify_phase*.py
+# Maintenance generated files — local only, never commit
+maintenance/generated/

{aevum_store_postgres-0.3.0 → aevum_store_postgres-0.5.0}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: aevum-store-postgres
-Version: 0.3.0
+Version: 0.5.0
 Summary: Aevum — PostgreSQL GraphStore + ConsentLedger backend (team deployments).
 Project-URL: Homepage, https://aevum.build
 Project-URL: Repository, https://github.com/aevum-labs/aevum

{aevum_store_postgres-0.3.0 → aevum_store_postgres-0.5.0}/pyproject.toml RENAMED Viewed

@@ -1,6 +1,6 @@
 [project]
 name = "aevum-store-postgres"
-version = "0.3.0"
+version = "0.5.0"
 description = "Aevum — PostgreSQL GraphStore + ConsentLedger backend (team deployments)."
 readme = "README.md"
 requires-python = ">=3.11"

{aevum_store_postgres-0.3.0 → aevum_store_postgres-0.5.0}/src/aevum/store/postgres/__init__.py RENAMED Viewed

@@ -25,6 +25,6 @@ from aevum.store.postgres.consent import PostgresConsentLedger
 from aevum.store.postgres.ledger import PostgresLedger
 from aevum.store.postgres.store import PostgresStore
-__version__ = "0.1.0"
+__version__ = "0.4.0"
 __all__ = ["PostgresStore", "PostgresConsentLedger", "PostgresLedger"]

{aevum_store_postgres-0.3.0 → aevum_store_postgres-0.5.0}/src/aevum/store/postgres/ledger.py RENAMED Viewed

@@ -11,6 +11,7 @@ The database table is INSERT-only -- no UPDATE or DELETE ever issued.
 from __future__ import annotations
 import json
+import logging
 import threading
 from typing import Any
@@ -118,6 +119,59 @@ class PostgresLedger:
         self._conn = conn
         self._sigchain = sigchain
         self._lock = lock or threading.Lock()
+        self._resume_chain_from_db()
+    def _resume_chain_from_db(self) -> None:
+        """
+        Seed the in-memory sigchain state from the last persisted event.
+        Without this, every Engine restart begins a new chain at
+        sequence=1 / prior_hash=GENESIS_HASH, silently forking the chain.
+        After this fix, the sigchain continues from where the last process left off.
+        Idempotent — safe to call on a fresh database (no-op if table empty).
+        """
+        from psycopg.rows import dict_row
+        log = logging.getLogger(__name__)
+        try:
+            with self._lock, self._conn.cursor(row_factory=dict_row) as cur:
+                cur.execute(
+                    """
+                    SELECT sequence, event_id, audit_id,
+                           event_type, actor, system_time,
+                           episode_id, causation_id, correlation_id,
+                           prior_hash, payload_hash, signature,
+                           signer_key_id, schema_version,
+                           valid_from, valid_to,
+                           trace_id, span_id, payload
+                    FROM aevum_ledger
+                    ORDER BY sequence DESC
+                    LIMIT 1
+                    """
+                )
+                row = cur.fetchone()
+        except Exception as exc:
+            log.debug(
+                "aevum-store-postgres: could not resume chain from DB (%s) "
+                "— starting from genesis. Normal on a fresh database.",
+                exc,
+            )
+            return
+        if row is None:
+            return  # Fresh database — genesis is correct
+        last_event = _row_to_event(row)
+        continuation_hash = AuditEvent.hash_event_for_chain(last_event)
+        self._sigchain.restore((last_event.sequence, continuation_hash))
+        log.debug(
+            "aevum-store-postgres: resumed chain from DB "
+            "— sequence=%d prior_hash=%s…",
+            last_event.sequence,
+            continuation_hash[:12],
+        )
     def append(
         self,
@@ -130,6 +184,10 @@ class PostgresLedger:
         correlation_id: str | None = None,
     ) -> AuditEvent:
         with self._lock:
+            # Save sigchain state before advancing it.
+            # If the INSERT fails, restore prevents the chain from
+            # chaining from a ghost event that was never persisted.
+            checkpoint = self._sigchain.checkpoint()
             event = self._sigchain.new_event(
                 event_type=event_type,
                 payload=payload,
@@ -139,29 +197,44 @@ class PostgresLedger:
                 correlation_id=correlation_id,
             )
             row = _event_to_row(event)
-            with self._conn.cursor() as cur:
-                cur.execute(
-                    """
-                    INSERT INTO aevum_ledger (
-                        event_id, audit_id, event_type, actor, system_time,
-                        episode_id, causation_id, correlation_id,
-                        prior_hash, payload_hash, signature, signer_key_id,
-                        schema_version, valid_from, valid_to,
-                        trace_id, span_id, payload
-                    ) VALUES (
-                        %(event_id)s, %(audit_id)s, %(event_type)s, %(actor)s,
-                        %(system_time)s, %(episode_id)s, %(causation_id)s,
-                        %(correlation_id)s, %(prior_hash)s, %(payload_hash)s,
-                        %(signature)s, %(signer_key_id)s, %(schema_version)s,
-                        %(valid_from)s, %(valid_to)s, %(trace_id)s,
-                        %(span_id)s, %(payload)s::jsonb
+            try:
+                with self._conn.cursor() as cur:
+                    cur.execute(
+                        """
+                        INSERT INTO aevum_ledger (
+                            event_id, audit_id, event_type, actor, system_time,
+                            episode_id, causation_id, correlation_id,
+                            prior_hash, payload_hash, signature, signer_key_id,
+                            schema_version, valid_from, valid_to,
+                            trace_id, span_id, payload
+                        ) VALUES (
+                            %(event_id)s, %(audit_id)s, %(event_type)s, %(actor)s,
+                            %(system_time)s, %(episode_id)s, %(causation_id)s,
+                            %(correlation_id)s, %(prior_hash)s, %(payload_hash)s,
+                            %(signature)s, %(signer_key_id)s, %(schema_version)s,
+                            %(valid_from)s, %(valid_to)s, %(trace_id)s,
+                            %(span_id)s, %(payload)s::jsonb
+                        )
+                        """,
+                        row,
                     )
-                    """,
-                    row,
-                )
-            self._conn.commit()
+                self._conn.commit()
+            except Exception:
+                self._sigchain.restore(checkpoint)
+                raise
             return event
+    def last_audit_id(self) -> str | None:
+        """Return the audit_id of the most recently appended event, or None."""
+        from psycopg.rows import dict_row
+        with self._lock, self._conn.cursor(row_factory=dict_row) as cur:
+            cur.execute(
+                "SELECT audit_id FROM aevum_ledger ORDER BY sequence DESC LIMIT 1"
+            )
+            row = cur.fetchone()
+        return row["audit_id"] if row else None
     def get(self, audit_id: str) -> AuditEvent:
         from psycopg.rows import dict_row
         with self._lock, self._conn.cursor(row_factory=dict_row) as cur:
@@ -187,6 +260,26 @@ class PostgresLedger:
             result = cur.fetchone()
         return result[0] if result else 0
+    def max_sequence_for_subjects(self, subject_ids: list[str]) -> int:
+        """
+        Return the highest sequence number among all ingest.accepted events
+        whose payload subject_id is in subject_ids. Returns 0 if none found.
+        """
+        if not subject_ids:
+            return 0
+        with self._lock, self._conn.cursor() as cur:
+            cur.execute(
+                """
+                SELECT COALESCE(MAX(sequence), 0)
+                FROM aevum_ledger
+                WHERE event_type = 'ingest.accepted'
+                  AND payload->>'subject_id' = ANY(%s)
+                """,
+                (subject_ids,),
+            )
+            result = cur.fetchone()
+        return int(result[0]) if result else 0
     def __delitem__(self, key: object) -> None:
         raise BarrierViolationError(
             "Attempted to delete a ledger entry -- Barrier 4 (Audit Immutability) violated."

{aevum_store_postgres-0.3.0 → aevum_store_postgres-0.5.0}/tests/test_ledger.py RENAMED Viewed

@@ -56,6 +56,18 @@ class FakeCursor:
             matches = [r for r in self._conn._rows if r.get("audit_id") == audit_id]
             self._last_result = [list(r.values()) for r in matches]
             self.description = [[k] for k in (matches[0].keys() if matches else [])]
+        elif "order by sequence desc" in sql_lower and "limit 1" in sql_lower:
+            if self._conn._rows:
+                last_row = max(self._conn._rows, key=lambda r: r.get("sequence", 0))
+                if "select audit_id" in sql_lower:
+                    self._last_result = [[last_row.get("audit_id", "")]]
+                    self.description = [["audit_id"]]
+                else:
+                    self._last_result = [list(last_row.values())]
+                    self.description = [[k] for k in last_row]
+            else:
+                self._last_result = []
+                self.description = []
         elif "order by sequence" in sql_lower:
             sorted_rows = sorted(self._conn._rows, key=lambda r: r.get("sequence", 0))
             self._last_result = [list(r.values()) for r in sorted_rows]
@@ -120,6 +132,73 @@ class TestPostgresLedger:
         assert "payload" in row
+def test_rollback_on_write_failure() -> None:
+    """Failed INSERT must not corrupt in-memory sigchain state."""
+    from aevum.core.audit.sigchain import GENESIS_HASH
+    class ExplodingCursor:
+        description: list = []
+        def __enter__(self): return self
+        def __exit__(self, *a): pass
+        def execute(self, sql: str, params=None) -> None:
+            if "INSERT" in sql.upper():
+                raise RuntimeError("simulated disk full")
+        def fetchone(self): return None
+        def fetchall(self): return []
+    class ExplodingConn:
+        _rows: list = []
+        _sequence: int = 0
+        def cursor(self, row_factory=None): return ExplodingCursor()
+        def commit(self): pass
+    sc = Sigchain()
+    ledger = PostgresLedger(ExplodingConn(), sc)
+    with pytest.raises(RuntimeError):
+        ledger.append(event_type="will.fail", payload={}, actor="a")
+    assert sc._sequence == 0, f"rollback failed: _sequence={sc._sequence}"
+    assert sc._prior_hash == GENESIS_HASH, "rollback failed: prior_hash changed"
+def test_chain_continuity_across_restart() -> None:
+    """New PostgresLedger on existing data must continue the chain."""
+    conn = FakeConn()
+    sc1 = Sigchain()
+    ledger1 = PostgresLedger(conn, sc1)
+    for i in range(3):
+        ledger1.append(event_type=f"s1.{i}", payload={"i": i}, actor="a")
+    assert sc1._sequence == 3
+    # Simulate restart: new sigchain + new ledger on same conn
+    sc2 = Sigchain()
+    assert sc2._sequence == 0  # starts fresh
+    ledger2 = PostgresLedger(conn, sc2)  # _resume_chain_from_db fires
+    assert sc2._sequence == 3, (
+        f"Expected sequence=3 after resume, got {sc2._sequence}. "
+        "Chain fork: each restart should CONTINUE, not start over."
+    )
+    e = ledger2.append(event_type="s2.first", payload={}, actor="b")
+    assert e.sequence == 4, f"Expected sequence=4, got {e.sequence}"
+def test_last_audit_id_empty() -> None:
+    conn = FakeConn()
+    ledger = PostgresLedger(conn, Sigchain())
+    assert ledger.last_audit_id() is None
+def test_last_audit_id_after_append() -> None:
+    conn = FakeConn()
+    ledger = PostgresLedger(conn, Sigchain())
+    e = ledger.append(event_type="test", payload={}, actor="a")
+    assert ledger.last_audit_id() == e.audit_id()
 # Integration tests -- require a real Postgres database
 _POSTGRES_DSN = os.environ.get("AEVUM_TEST_POSTGRES_DSN")

aevum_store_postgres-0.3.0/.gitignore DELETED Viewed

@@ -1,31 +0,0 @@
-# Python
-__pycache__/
-*.pyc
-*.pyo
-*.pyd
-.venv/
-*.egg-info/
-# Build
-dist/
-build/
-# Tools
-.mypy_cache/
-.ruff_cache/
-.pytest_cache/
-.hypothesis/
-# IDE
-.vscode/
-.idea/
-*.swp
-*.swo
-# OS
-.DS_Store
-Thumbs.db
-# Verify scripts (run locally, never commit)
-verify_phase*.py
-scripts/verify_phase*.py