Initialize repository snapshot

2025-12-27 00:10:32 +00:00
commit 110d644e10
281 changed files with 40331 additions and 0 deletions
--- a/testvectors/sentinel/rollback-duplicate-seq/README.md
+++ b/testvectors/sentinel/rollback-duplicate-seq/README.md
@@ -0,0 +1,6 @@
+# Rollback Attempt: Duplicate seq (Sentinel v1 testvector)
+
+Expected result: FAIL with E_SEQ_NON_MONOTONIC.
+
+Verify:
+  python3 ../../tools/vm_verify_sentinel_bundle.py --bundle . --strict
--- a/testvectors/sentinel/rollback-duplicate-seq/integrity.json
+++ b/testvectors/sentinel/rollback-duplicate-seq/integrity.json
@@ -0,0 +1 @@
+{"files":[{"digest":"sha256:1c94f9b6b1f23bd13cf311c65961449ee6bdf50dbb735759429b6e41df58435b","path":"README.md","size_bytes":188},{"digest":"sha256:c7bb7f7c52f7e5e3b033cca6313c821119a5dd9cdb77670c0e92016e5517fbb7","path":"receipts.jsonl","size_bytes":3828},{"digest":"sha256:0d5f7123eccf92c926057c496cd6c47f8848c3fd257c04f16bb68449341c12ae","path":"roots.txt","size_bytes":460},{"digest":"sha256:c1d7376fc8901beafed447395686dd707afa4e1687eba141d9217f2bb40b9834","path":"seal.json","size_bytes":736},{"digest":"sha256:b68082e3fab021062c9084802c2438b74e8d3198caa8676e29af0b10be2baabd","path":"verifier_manifest.json","size_bytes":239}],"format":"vm-sentinel-integrity-v1","hash_algo":"sha256"}
--- a/testvectors/sentinel/rollback-duplicate-seq/receipts.jsonl
+++ b/testvectors/sentinel/rollback-duplicate-seq/receipts.jsonl
@@ -0,0 +1,5 @@
+{"actor":"did:vm:sentinel:demo","cap_hash":"none","event_hash":"sha256:4b86de283ae784282990c57acd5aeb49b6695206a5c66d555342e1770d0fc1c3","event_id":"00000000-0000-4000-8000-000000000101","event_type":"boot_event","op":"sentinel.boot_event.v1","op_digest":"sha256:d5b3a96e7033a4d0dcf2b452826cbe950f80f354ee5166487312fba6fde10758","payload":{"params":{"canonicalization_version":"sentinel-event-jcs-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0"}},"prev_event_hash":"0","result":"ok","seq":0,"trace_id":"aaaaaaaa-aaaa-4aaa-8aaa-aaaaaaaaaaaa","ts":"2025-03-17T03:17:40Z"}
+{"actor":"did:vm:actor:cloudflare:ops","cap_hash":"none","event_hash":"sha256:2550e78926b563d3f717cae0bca598ca8454837ce0759ba082321d867930c24d","event_id":"00000000-0000-4000-8000-000000000102","event_type":"action_intent","op":"cloudflare.waf.apply_rule.v1","op_digest":"sha256:830189862cfdd06230cd4d5d9f94d1b2bcbdddf451915d3be781b1e7aa5eaa55","payload":{"params":{"action":"block","notes":"rollback duplicate seq vector","rule_id":"vm-demo-rollback","target":"api.example.com"},"policy":{"classification":"ambiguous","confidence_bp":7100,"note":"duplicate seq rollback vector","reason_code":"invariant_drift"}},"prev_event_hash":"sha256:4b86de283ae784282990c57acd5aeb49b6695206a5c66d555342e1770d0fc1c3","result":"ok","seq":1,"trace_id":"bbbbbbbb-bbbb-4bbb-8bbb-bbbbbbbbbbbb","ts":"2025-03-17T03:17:42Z"}
+{"actor":"did:vm:sentinel:demo","cap_hash":"none","event_hash":"sha256:d080048781ef2f067775cf93db816add1c2f7b88e7a52feea790b3a483c1ec6c","event_id":"00000000-0000-4000-8000-000000000103","event_type":"shadow_receipt","op":"cloudflare.waf.apply_rule.v1","op_digest":"sha256:830189862cfdd06230cd4d5d9f94d1b2bcbdddf451915d3be781b1e7aa5eaa55","payload":{"constraints_applied":{"mode":"DEGRADED"},"context_snapshot_hash":"sha256:23ad3979556e46fe6dfcbeda7099b8d9f020d96780bbce2fdab9072863a73b6d","params":{"action":"block","notes":"rollback duplicate seq vector","rule_id":"vm-demo-rollback","target":"api.example.com"},"reason_code":"unsafe_context","reason_text":"duplicate seq rollback attempt","side_effects":"none","would_have_done":{"op":"cloudflare.waf.apply_rule.v1","op_digest":"sha256:830189862cfdd06230cd4d5d9f94d1b2bcbdddf451915d3be781b1e7aa5eaa55"}},"prev_event_hash":"sha256:2550e78926b563d3f717cae0bca598ca8454837ce0759ba082321d867930c24d","result":"deny","seq":2,"trace_id":"bbbbbbbb-bbbb-4bbb-8bbb-bbbbbbbbbbbb","ts":"2025-03-17T03:17:43Z"}
+{"actor":"did:vm:sentinel:demo","cap_hash":"none","event_hash":"sha256:606160c5e082497e35ce0de57dd0b1b34ab37397ab91f3bbbf0269e002fd821f","event_id":"00000000-0000-4000-8000-000000000104","event_type":"root_published","op":"sentinel.root_published.v1","op_digest":"sha256:188abbdb94b993cf8e542d6dca2e760abe421698ebeda6bbac0c655cd6e21dda","payload":{"params":{"coverage_seq":2},"root_hex":"sha256:6f7088c38a3a599d173c4d4c5aff095fd149c489b29f8a54c230582826128bff"},"prev_event_hash":"sha256:d080048781ef2f067775cf93db816add1c2f7b88e7a52feea790b3a483c1ec6c","result":"ok","seq":2,"trace_id":"cccccccc-cccc-4ccc-8ccc-cccccccccccc","ts":"2025-03-17T03:17:44Z"}
+{"actor":"did:vm:sentinel:demo","cap_hash":"none","event_hash":"sha256:9a423be7b6eded215e3c3ca1aabed3d5b4091530fe965b0934fe4231f136bc89","event_id":"00000000-0000-4000-8000-000000000105","event_type":"seal_created","op":"sentinel.seal_created.v1","op_digest":"sha256:eca1b25ebda9ce43a0c87d2dc7028d36ab8d21323a9189e4003b91e078f064ba","payload":{"params":{"canonicalization_version":"sentinel-event-jcs-v1","hash_algo":"sha256","seal_id":"ouroboros_seal_20250317_031742Z_rollback_duplicate_seq","since_seq":0,"until_seq":4}},"prev_event_hash":"sha256:606160c5e082497e35ce0de57dd0b1b34ab37397ab91f3bbbf0269e002fd821f","result":"ok","seq":4,"trace_id":"dddddddd-dddd-4ddd-8ddd-dddddddddddd","ts":"2025-03-17T03:17:45Z"}
--- a/testvectors/sentinel/rollback-duplicate-seq/roots.txt
+++ b/testvectors/sentinel/rollback-duplicate-seq/roots.txt
@@ -0,0 +1,6 @@
+# Sentinel root history (seq -> merkle root)
+seq=0 root=sha256:4b86de283ae784282990c57acd5aeb49b6695206a5c66d555342e1770d0fc1c3
+seq=1 root=sha256:79c749b3f5667aa3005ad8e92f065d09f17645771b2f4732c0c5f56a52ee50ea
+seq=2 root=sha256:6f7088c38a3a599d173c4d4c5aff095fd149c489b29f8a54c230582826128bff
+seq=2 root=sha256:b518588137a128e2298fdb0ec044def5ce4164b94dc18065753912090f91c400
+seq=4 root=sha256:ede022904832f7ebfbd8a9e0b14391158f9d9502e1c04532560ed2e4a5661ad3
--- a/testvectors/sentinel/rollback-duplicate-seq/seal.json
+++ b/testvectors/sentinel/rollback-duplicate-seq/seal.json
@@ -0,0 +1 @@
+{"canonicalization_version":"sentinel-event-jcs-v1","created_at":"2025-03-17T03:17:42Z","files":{"integrity":"integrity.json","receipts":"receipts.jsonl","roots":"roots.txt","verifier_manifest":"verifier_manifest.json"},"format":"vm-sentinel-seal-v1","hash_algo":"sha256","instance_id":"did:vm:sentinel:demo","ledger_type":"jsonl","range":{"since_seq":0,"since_ts":"2025-03-17T03:17:40Z","until_seq":4,"until_ts":"2025-03-17T03:17:45Z"},"root":{"end":"sha256:ede022904832f7ebfbd8a9e0b14391158f9d9502e1c04532560ed2e4a5661ad3","seq":4,"start":"sha256:2e1cfa82b035c26cbbbdae632cea070514eb8b773f616aaeaf668e2f0be8f10d"},"schema_version":"1.0.0","seal_id":"ouroboros_seal_20250317_031742Z_rollback_duplicate_seq","sentinel_version":"0.1.0"}
--- a/testvectors/sentinel/rollback-duplicate-seq/verifier_manifest.json
+++ b/testvectors/sentinel/rollback-duplicate-seq/verifier_manifest.json
@@ -0,0 +1 @@
+{"canonicalization_version":"sentinel-event-jcs-v1","format":"vm-sentinel-verifier-manifest-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0","verifier":{"name":"vm_verify_sentinel_bundle.py","version":"0.1.0"}}
				`@@ -0,0 +1 @@`
				{"files":[{"digest":"sha256:1c94f9b6b1f23bd13cf311c65961449ee6bdf50dbb735759429b6e41df58435b","path":"README.md","size_bytes":188},{"digest":"sha256:c7bb7f7c52f7e5e3b033cca6313c821119a5dd9cdb77670c0e92016e5517fbb7","path":"receipts.jsonl","size_bytes":3828},{"digest":"sha256:0d5f7123eccf92c926057c496cd6c47f8848c3fd257c04f16bb68449341c12ae","path":"roots.txt","size_bytes":460},{"digest":"sha256:c1d7376fc8901beafed447395686dd707afa4e1687eba141d9217f2bb40b9834","path":"seal.json","size_bytes":736},{"digest":"sha256:b68082e3fab021062c9084802c2438b74e8d3198caa8676e29af0b10be2baabd","path":"verifier_manifest.json","size_bytes":239}],"format":"vm-sentinel-integrity-v1","hash_algo":"sha256"}
				`@@ -0,0 +1 @@`
				{"canonicalization_version":"sentinel-event-jcs-v1","created_at":"2025-03-17T03:17:42Z","files":{"integrity":"integrity.json","receipts":"receipts.jsonl","roots":"roots.txt","verifier_manifest":"verifier_manifest.json"},"format":"vm-sentinel-seal-v1","hash_algo":"sha256","instance_id":"did:vm:sentinel:demo","ledger_type":"jsonl","range":{"since_seq":0,"since_ts":"2025-03-17T03:17:40Z","until_seq":4,"until_ts":"2025-03-17T03:17:45Z"},"root":{"end":"sha256:ede022904832f7ebfbd8a9e0b14391158f9d9502e1c04532560ed2e4a5661ad3","seq":4,"start":"sha256:2e1cfa82b035c26cbbbdae632cea070514eb8b773f616aaeaf668e2f0be8f10d"},"schema_version":"1.0.0","seal_id":"ouroboros_seal_20250317_031742Z_rollback_duplicate_seq","sentinel_version":"0.1.0"}
				`@@ -0,0 +1 @@`
				`{"canonicalization_version":"sentinel-event-jcs-v1","format":"vm-sentinel-verifier-manifest-v1","hash_algo":"sha256","schema_version":"1.0.0","sentinel_version":"0.1.0","verifier":{"name":"vm_verify_sentinel_bundle.py","version":"0.1.0"}}`