Skip to content

[Python] Chain verification in fd5 validate #166

Open
#172
Open
[Python] Chain verification in fd5 validate#166
#172
Labels
area:corefd5 core libraryaudit-trailAudit trail / provenance chain featureeffort:medium1-4 hoursfeatureNew feature or request
@gerchowl

Description

@gerchowl
gerchowl
opened on Mar 2, 2026

Parent: #161

Goal

Extend fd5 validate to verify audit chain integrity alongside the Merkle tree.

Spec

  • verify_chain(file: h5py.File) -> ChainStatus
  • ChainStatus: Valid, NoLog, BrokenChain(index, expected, actual), Error(msg)
  • Validation rules:
    1. Each entry's parent_hash must equal the previous entry's implicit new hash
    2. The first entry's parent_hash should be a valid sha256: prefixed hash
    3. No duplicate timestamps with identical changes
  • Integrate into fd5 validate output: show "Audit chain: N entries, valid" or error
  • verify() function already exists — add chain check as separate function, call from CLI

TDD

  • Test valid chain passes
  • Test tampered entry detected (modify middle entry)
  • Test missing entry detected (gap in chain)
  • Test file with no log returns NoLog
  • Test single-entry chain

Metadata

Metadata

Assignees

No one assigned

    Labels

    area:corefd5 core libraryaudit-trailAudit trail / provenance chain featureeffort:medium1-4 hoursfeatureNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions