1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
//! Persistence-backend traits for proof ledger, revocation cache, and
//! evidence archive. Implementations live in separate crates (tf-store-*).
//!
//! These traits let `tf-daemon` (and other components) treat their proof
//! ledger, revocation cache, and evidence archive as pluggable backends:
//! a deployment can run SQLite for a home profile, Postgres or MySQL for
//! enterprise, and Redis as a fast revocation cache fronting any of the
//! durable ledgers, all without touching daemon code.
//!
//! Implementations:
//! * `tf-store-file` — first-party file-backed local store, all
//! three traits.
//! * `tf-store-sqlite` — single-file embedded SQLite, all three traits.
//! * `tf-store-postgres` — sqlx-backed Postgres, all three traits.
//! * `tf-store-mysql` — sqlx-backed MySQL, all three traits.
//! * `tf-revoke-redis` — Redis-backed `RevocationCache` only (Redis is
//! the wrong shape for an append-only ledger but
//! an excellent fast-path for revocation checks).
use Value;
/// Errors returned by every persistence backend.
///
/// Backends MUST map their native error types onto these variants so the
/// daemon can treat them uniformly. `Unavailable` is reserved for transient
/// connectivity / pool exhaustion; `NotFound` for explicit absence;
/// `Conflict` for unique-constraint or optimistic-lock failures; `Other`
/// for everything else (with a human-readable message).
/// Append-only ledger of TrustForge proof events.
///
/// `append` returns the canonical event hash (implementation-defined; the
/// SQLite/Postgres/MySQL backends use SHA-256 over canonical JSON). Lookup
/// is by that hash; `tail` returns the most recent `limit` events in
/// insertion order (oldest first within the slice).
/// Revocation set. Conceptually a `(target_kind, target_id) -> effective_at`
/// map; `is_revoked` answers "was this target revoked at or before `at`?"
///
/// The SQL backends store this as a regular table; Redis stores it as
/// `tf:revoke:<kind>:<id>` keys whose value is the effective_at timestamp.
/// Opaque-byte evidence-bundle archive (e.g. compliance bundles per
/// TF-0012). Bundles are addressed by an external bundle id, not a content
/// hash, because callers may want to overwrite or version a bundle outside
/// the archive's responsibility.