Summary
Running the current conformance corpus (108 vectors, rc.47) against entangled-core yields 98/108 passing. The 10 failures are concentrated in three pipeline areas that are not yet implemented in this crate. This issue tracks closing those gaps so the crate passes the full corpus.
Corpus revision: 108 vectors, rc_target 1.0-rc.47 (matches SPEC_REVISION).
To reproduce:
ENTANGLED_CORPUS_PATH=/path/to/entangled/corpus cargo test --test conformance
Failing vectors and observed behaviour
1. Stage 7 publisher trust state (vectors 210, 211)
210-trust-publisher-key-mismatch expects E_TRUST_MISMATCH; the crate returns E_CANARY_CONFLICT.211-trust-user-rejected-new-identity expects E_TRUST_USER_REJECTED; the crate returns E_CANARY_CONFLICT.
The manifest presents a different K_publisher.pub than the identity retained for the site (vector 001), and is signed correctly under the second key. Per the spec the identity mismatch is a Stage 6 pre-check that takes precedence over signature verification and over the canary stage. The crate has no trust-state resolution, so the divergence is detected later at the canary stage and reported with the wrong code. The accept-side info codes (I_TRUST_FIRST_CONTACT, I_TRUST_TOFU_PINNED, I_TRUST_VERIFIED, vectors 212-214) currently pass because the manifests are otherwise valid, but they are not exercising the Stage 7 transitions they are meant to.
2. E_STATE_UNDECLARED enforcement (vectors 220, 221)
220-state-undeclared-set and 221-state-undeclared-delete expect reject with E_STATE_UNDECLARED; the crate accepts both.
The transactions carry a state_updates entry whose (namespace, key) is not declared by the manifest state_policy (resolved through context.previously_verified -> 002). The state policy is decoded but the declared-set check against the transaction operations is not applied.
3. Content index and sequencing (vectors 230-235)
All six expect reject and the crate accepts them:
- 230
E_CONTENT_INDEX_HASH_MISMATCH
- 231
E_CONTENT_INDEX_INVALID
- 232
E_CONTENT_SEQ_MISSING
- 233
E_CONTENT_SEQ_ROLLBACK
- 234
E_CONTENT_SEQ_UNCOMMITTED
- 235
E_CONTENT_HASH_MISMATCH
The conformance runner calls skip_content_index_check(), so the Stage 9 content-index flow is not exercised. The diagnostic codes are present in diagnostic.rs but the verification path that produces them is not wired into the manifest/content pipeline.
Scope note
These three areas are documented as out of scope in the crate root, so the failures are expected against the expanded corpus rather than regressions. The corpus vectors are deterministic and isolate a single live violation each; the same 10 vectors fail identically on the independent Java reference implementation, which indicates the vectors are correct and the gaps are in the implementations.
Summary
Running the current conformance corpus (108 vectors, rc.47) against
entangled-coreyields 98/108 passing. The 10 failures are concentrated in three pipeline areas that are not yet implemented in this crate. This issue tracks closing those gaps so the crate passes the full corpus.Corpus revision: 108 vectors,
rc_target1.0-rc.47 (matchesSPEC_REVISION).To reproduce:
Failing vectors and observed behaviour
1. Stage 7 publisher trust state (vectors 210, 211)
210-trust-publisher-key-mismatchexpectsE_TRUST_MISMATCH; the crate returnsE_CANARY_CONFLICT.211-trust-user-rejected-new-identityexpectsE_TRUST_USER_REJECTED; the crate returnsE_CANARY_CONFLICT.The manifest presents a different
K_publisher.pubthan the identity retained for the site (vector 001), and is signed correctly under the second key. Per the spec the identity mismatch is a Stage 6 pre-check that takes precedence over signature verification and over the canary stage. The crate has no trust-state resolution, so the divergence is detected later at the canary stage and reported with the wrong code. The accept-side info codes (I_TRUST_FIRST_CONTACT,I_TRUST_TOFU_PINNED,I_TRUST_VERIFIED, vectors 212-214) currently pass because the manifests are otherwise valid, but they are not exercising the Stage 7 transitions they are meant to.2. E_STATE_UNDECLARED enforcement (vectors 220, 221)
220-state-undeclared-setand221-state-undeclared-deleteexpectrejectwithE_STATE_UNDECLARED; the crate accepts both.The transactions carry a
state_updatesentry whose(namespace, key)is not declared by the manifeststate_policy(resolved throughcontext.previously_verified-> 002). The state policy is decoded but the declared-set check against the transaction operations is not applied.3. Content index and sequencing (vectors 230-235)
All six expect
rejectand the crate accepts them:E_CONTENT_INDEX_HASH_MISMATCHE_CONTENT_INDEX_INVALIDE_CONTENT_SEQ_MISSINGE_CONTENT_SEQ_ROLLBACKE_CONTENT_SEQ_UNCOMMITTEDE_CONTENT_HASH_MISMATCHThe conformance runner calls
skip_content_index_check(), so the Stage 9 content-index flow is not exercised. The diagnostic codes are present indiagnostic.rsbut the verification path that produces them is not wired into the manifest/content pipeline.Scope note
These three areas are documented as out of scope in the crate root, so the failures are expected against the expanded corpus rather than regressions. The corpus vectors are deterministic and isolate a single live violation each; the same 10 vectors fail identically on the independent Java reference implementation, which indicates the vectors are correct and the gaps are in the implementations.