immutable_logging/
lib.rs

1//! Immutable Logging - Append-only audit logs with cryptographic proof
2//! 
3//! This module implements the immutable audit layer as specified in SPEC_IMMUTABLE_LOGGING.md
4//! Features:
5//! - Chained hash verification
6//! - Hourly Merkle tree roots
7//! - Daily publication
8//! - TSA timestamps
9
10pub mod log_entry;
11pub mod chain;
12pub mod merkle_service;
13pub mod publication;
14pub mod error;
15
16use serde::{Deserialize, Serialize};
17use std::sync::Arc;
18use tokio::sync::RwLock;
19
20/// Immutable log service
21pub struct ImmutableLog {
22    chain: Arc<RwLock<chain::LogChain>>,
23    merkle: Arc<RwLock<merkle_service::MerkleService>>,
24}
25
26impl ImmutableLog {
27    /// Create new immutable log
28    pub fn new() -> Self {
29        ImmutableLog {
30            chain: Arc::new(RwLock::new(chain::LogChain::new())),
31            merkle: Arc::new(RwLock::new(merkle_service::MerkleService::new())),
32        }
33    }
34    
35    /// Append a new entry
36    pub async fn append(&self, entry: log_entry::LogEntry) -> Result<log_entry::LogEntry, error::LogError> {
37        // Get current chain state
38        let mut chain = self.chain.write().await;
39        let entry = chain.append(entry).await?;
40        
41        // Add to merkle tree
42        let mut merkle = self.merkle.write().await;
43        merkle.add_entry(entry.clone()).await;
44        
45        Ok(entry)
46    }
47    
48    /// Verify chain integrity
49    pub async fn verify(&self) -> Result<bool, error::LogError> {
50        let chain = self.chain.read().await;
51        Ok(chain.verify())
52    }
53
54    /// Get number of entries currently stored in the chain.
55    pub async fn entry_count(&self) -> usize {
56        let chain = self.chain.read().await;
57        chain.len()
58    }
59
60    /// Get the current chain hash (or genesis hash if empty).
61    pub async fn current_hash(&self) -> String {
62        let chain = self.chain.read().await;
63        chain.current_hash().to_string()
64    }
65    
66    /// Get current hourly root
67    pub async fn get_hourly_root(&self) -> Option<merkle_service::HourlyRoot> {
68        let merkle = self.merkle.read().await;
69        merkle.get_current_root()
70    }
71
72    /// Snapshot hourly roots (published roots + current in-progress hour root if present).
73    pub async fn hourly_roots_snapshot(&self) -> Vec<merkle_service::HourlyRoot> {
74        let merkle = self.merkle.read().await;
75        let mut roots = merkle.get_published_roots().to_vec();
76        if let Some(current) = merkle.get_current_root() {
77            let exists = roots
78                .iter()
79                .any(|r| r.hour == current.hour && r.root_hash == current.root_hash);
80            if !exists {
81                roots.push(current);
82            }
83        }
84        roots
85    }
86    
87    /// Generate chain proof for an entry
88    pub async fn get_chain_proof(&self, entry_id: &str) -> Option<chain::ChainProof> {
89        let chain = self.chain.read().await;
90        chain.generate_proof(entry_id)
91    }
92}
93
94impl Default for ImmutableLog {
95    fn default() -> Self {
96        Self::new()
97    }
98}
99
100/// Configuration for immutable logging
101#[derive(Debug, Clone, Serialize, Deserialize)]
102pub struct LogConfig {
103    /// Hash algorithm
104    pub hash_algorithm: String,
105    /// Hourly publication enabled
106    pub hourly_publication: bool,
107    /// Daily publication enabled
108    pub daily_publication: bool,
109    /// TSA server URL
110    pub tsa_url: Option<String>,
111    /// Blockchain enabled
112    pub blockchain_enabled: bool,
113}
114
115impl Default for LogConfig {
116    fn default() -> Self {
117        LogConfig {
118            hash_algorithm: "SHA256".to_string(),
119            hourly_publication: true,
120            daily_publication: true,
121            tsa_url: None,
122            blockchain_enabled: true,
123        }
124    }
125}
126
127#[cfg(test)]
128mod tests {
129    use super::*;
130    
131    #[test]
132    fn test_default_config() {
133        let config = LogConfig::default();
134        assert_eq!(config.hash_algorithm, "SHA256");
135        assert!(config.hourly_publication);
136    }
137    
138    #[tokio::test]
139    async fn test_append_entry() {
140        let log = ImmutableLog::new();
141        
142        let entry = log_entry::LogEntry::new(
143            log_entry::EventType::AccountQuery,
144            "agent-001".to_string(),
145            "org-001".to_string(),
146        );
147        
148        let result = log.append(entry).await;
149        assert!(result.is_ok());
150    }
151
152    #[tokio::test]
153    async fn test_chain_stats() {
154        let log = ImmutableLog::new();
155        assert_eq!(log.entry_count().await, 0);
156        assert_eq!(log.current_hash().await.len(), 64);
157    }
158
159    #[tokio::test]
160    async fn test_hourly_roots_snapshot_includes_current_root() {
161        let log = ImmutableLog::new();
162        let entry = log_entry::LogEntry::new(
163            log_entry::EventType::AccountQuery,
164            "agent-001".to_string(),
165            "org-001".to_string(),
166        );
167        log.append(entry).await.expect("append");
168
169        let roots = log.hourly_roots_snapshot().await;
170        assert_eq!(roots.len(), 1);
171        assert_eq!(roots[0].entry_count, 1);
172    }
173}
immutable_logging/lib.rs

immutable_logging/
lib.rs
