conformance: implement content index and undeclared-state checks, corpus rc.48#5
Merged
Conversation
…pus rc.48 Update the bundled corpus to rc.48 (88 -> 108 vectors) and close the two in-scope conformance gaps, taking the suite to 106 passing with the two Stage 7 trust vectors reported as out of scope. State undeclared (vectors 220-221): add DocumentSchema.checkStateUpdatesDeclared, which cross-checks each transaction state_updates (namespace, key) against the state_policy declared by the manifest under which the transaction is verified, raising E_STATE_UNDECLARED for an undeclared reference. The pipeline reads the policy from the pinned manifest in the publisher history and runs the check after signature verification; the standalone Stage 5 form and hard-range checks are unchanged. Content index (vectors 230-235): add Stage9ContentIndex, implementing the Stage 9b flow that was previously absent. It hash-checks the served /content_index.json against the manifest content_root (E_CONTENT_INDEX_HASH_MISMATCH), structurally validates the closed index schema (E_CONTENT_INDEX_INVALID), and compares a content document seq and body hash against the committed entry (E_CONTENT_SEQ_MISSING, E_CONTENT_SEQ_ROLLBACK, E_CONTENT_SEQ_UNCOMMITTED, E_CONTENT_HASH_MISMATCH). The harness loads the served index and content_root from context. Bump SPEC_REVISION and the SmokeTest assertion to 1.0-rc.48, and add a ConformanceTest guard that rc_target matches SPEC_REVISION. The Stage 7 trust-state machine remains unimplemented, so vectors 210-211 are listed in an explicit out-of-scope set and reported with a printed count rather than silently passing.
This was referenced Jun 3, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Updates the bundled corpus to rc.48 (88 -> 108 vectors) and closes the two in-scope conformance gaps reported in #4. The conformance suite goes to 106 passing with the two Stage 7 trust vectors reported as out of scope rather than counted as failures.
Changes
State undeclared (vectors 220-221)
DocumentSchema.checkStateUpdatesDeclaredcross-checks each transactionstate_updates(namespace, key)against thestate_policydeclared by the manifest under which the transaction is verified, raisingE_STATE_UNDECLAREDfor an undeclared reference. The pipeline reads the policy from the pinned manifest in the publisher history and runs the check after signature verification. The standalone Stage 5 operation-form and hard-range checks are unchanged; this is the policy-relative half that needs the manifest.Content index (vectors 230-235)
New
Stage9ContentIndeximplements the Stage 9b flow that was previously absent:/content_index.jsonagainst the manifestcontent_root(E_CONTENT_INDEX_HASH_MISMATCH).{"entries": {"/path": {"seq": N, "hash": "sha-256:..."}}}(E_CONTENT_INDEX_INVALID).seqand response-body hash against the committed entry for its path (E_CONTENT_SEQ_MISSING,E_CONTENT_SEQ_ROLLBACK,E_CONTENT_SEQ_UNCOMMITTED,E_CONTENT_HASH_MISMATCH).E_CONTENT_INDEX_FETCH_FAILEDis a transport failure of the index fetch and is not exercised by the corpus. The harness loads the served index andcontent_rootfrom the vector context.Corpus bump and trust out of scope
SPEC_REVISIONand theSmokeTestassertion bumped to1.0-rc.48.ConformanceTestnow asserts the corpusrc_targetmatchesSPEC_REVISION, so a corpus bump and a code bump cannot drift apart.Verification
JDK 21.
mvn test: 168 tests, 0 failures (all unit suites plus conformance)mvn test -Dtest=ConformanceTest: 106 run, 0 failures, 2 skipped as out of scopeThe bundled corpus matches the canonical rc.48 corpus at the spec repo byte for byte.