vta-service 0.10.0

Service for Verifiable Trust Agents operating in Verifiable Trust Communities
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88

//! Background pruning of expired consent records.
//!
//! Called from the storage thread's interval loop. Removes pending consent
//! requests that were never answered before their TTL — the main unbounded-
//! growth risk, since `vti_common::consent::consume_pending_consent` only prunes
//! on access — and grants whose optional TTL has lapsed. Each removal is
//! recorded in the audit log as `consent.expire` (actor `system:sweeper`), the
//! same trail the ACL sweeper leaves.

use tracing::{debug, info, warn};

use vti_common::consent::{ConsentGrant, PendingConsent};

use crate::error::AppError;
use crate::store::KeyspaceHandle;

fn now_epoch() -> u64 {
    std::time::SystemTime::now()
        .duration_since(std::time::UNIX_EPOCH)
        .map(|d| d.as_secs())
        .unwrap_or(0)
}

/// Sweep the consent keyspace: delete expired pending requests and lapsed
/// grants. Audit-record failures are warn-logged but don't abort the sweep.
pub async fn sweep_expired(
    consent_ks: &KeyspaceHandle,
    audit_ks: &KeyspaceHandle,
) -> Result<(), AppError> {
    let now = now_epoch();
    let mut pruned = 0usize;

    // Expired pending requests (raised but never answered).
    for (key, value) in consent_ks.prefix_iter_raw("consent_pending:").await? {
        let pending: PendingConsent = match serde_json::from_slice(&value) {
            Ok(p) => p,
            Err(e) => {
                debug!(error = %e, "consent sweeper: skipping unreadable pending row");
                continue;
            }
        };
        if now >= pending.expires_at {
            consent_ks.remove(key).await?;
            pruned += 1;
            audit_expire(audit_ks, &pending.subject.agent).await;
        }
    }

    // Grants whose optional TTL has lapsed.
    for (key, value) in consent_ks.prefix_iter_raw("grant:").await? {
        let grant: ConsentGrant = match serde_json::from_slice(&value) {
            Ok(g) => g,
            Err(e) => {
                debug!(error = %e, "consent sweeper: skipping unreadable grant row");
                continue;
            }
        };
        if grant.is_expired(now) {
            consent_ks.remove(key).await?;
            pruned += 1;
            audit_expire(audit_ks, &grant.subject.agent).await;
        }
    }

    if pruned > 0 {
        info!(
            consent_pruned = pruned,
            "consent sweeper pruned expired records"
        );
    }
    Ok(())
}

async fn audit_expire(audit_ks: &KeyspaceHandle, agent: &str) {
    if let Err(e) = crate::audit::record(
        audit_ks,
        "consent.expire",
        "system:sweeper",
        Some(agent),
        "success",
        None,
        None,
    )
    .await
    {
        warn!(error = %e, "consent sweeper: deletion succeeded but audit::record failed");
    }
}