Skip to content

feat: publish monotonic identity catalog generations#645

Merged
safal207 merged 1 commit into
mainfrom
feat/identity-catalog-publisher
Jun 24, 2026
Merged

feat: publish monotonic identity catalog generations#645
safal207 merged 1 commit into
mainfrom
feat/identity-catalog-publisher

Conversation

@safal207

@safal207 safal207 commented Jun 24, 2026
edited
Loading

Copy link
Copy Markdown
Owner

Implements the monotonic publisher core for #643.

Adds an atomic publisher that observes governed identity timeline bundles and emits signed catalog generations without mutating agent identity data.

Core guarantees:

  • generation numbers increase monotonically;
  • an unchanged source set is restart-idempotent even when published_at changes;
  • each changed generation references the previous publication digest;
  • current and previous signing keys can co-sign during rotation;
  • either rotation key can verify the transition generation;
  • publisher state prevents replacing a newer generation with an older snapshot;
  • an exclusive lock rejects concurrent publisher processes;
  • history, current publication, compatible viewer catalog, and publisher state use atomic file replacement;
  • interruption before current replacement never exposes a partial catalog;
  • restart after an interrupted first publication safely recreates generation one;
  • stale and invalid agents remain in the publication as non-authoritative;
  • only VALID agents enter the compatible viewer catalog;
  • per-agent visibility removes unauthorized agent IDs entirely.

Outputs:

  • identity-catalog-publication.json;
  • identity-catalog.json for the existing read-only viewer;
  • identity-catalog-publisher-state.json;
  • immutable history/generation-*.json snapshots.

Includes a production CLI with external JSON keyring and visibility configuration, a JSON Schema, crash-recovery tests, key-rotation tests, generation rollback tests, stale/invalid/visibility tests, and deterministic Python 3.9/3.11 CI.

Stack: #623 -> #626 -> #628 -> #629 -> #631 -> #633 -> #635 -> #639 -> #642 -> #645.

CI is green on Python 3.9 and 3.11, including Ruff, publisher tests, catalog/viewer regression, generation 1 publication, restart without duplication, dual-signed rotation into generation 2, governance regression, and Semgrep.

Evidence artifact: atomic-identity-catalog-publisher-evidence.
SHA-256: f4c00d01e614b9d6a1441270833a33fa524deb978393b0c4e4d76bbefa472053.

A follow-up will bind this publisher engine directly to the Trusted Runtime durable timeline commit hook.

This was referenced Jun 24, 2026
Open
Open
Merged
Open
Merged
Open
@safal207 safal207 force-pushed the feat/live-identity-catalog branch 2 times, most recently from 54080b8 to 25dc82e Compare June 24, 2026 21:27
@safal207 safal207 changed the base branch from feat/live-identity-catalog to main June 24, 2026 21:35
@safal207 safal207 force-pushed the feat/identity-catalog-publisher branch from bb8f20b to c8c142b Compare June 24, 2026 21:38
@safal207 safal207 force-pushed the feat/identity-catalog-publisher branch from c8c142b to 964a528 Compare June 24, 2026 21:41
@safal207 safal207 marked this pull request as ready for review June 24, 2026 21:48
@safal207 safal207 merged commit e55d4a9 into main Jun 24, 2026
15 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@safal207