Come up with mechanism for enforcing integrity protection usage #52

New Issue

Skipper · 2026-04-05T15:05:14Z

Skipper commented

2026-04-05 15:05:14 +00:00

We have implemented mechanism, to sign stored data in database with root key.
However, we currently have no way of enforcing usage of them.
It's very easy to forget:

Creating signature. This would lead to incosistent database state on next code run, when data is genuine (not tampered with), however server couldn't know it
Verifying signature. This is the most criticial: even if we create signature, but do not verify it -- it defeats the whole purpose.

Therefore, to close this ticket, abstraction enforcing previously stated preconditions / invariants should be implemented.
I envision it as some generic IntegrityEnvelope<T>, that has methods to lookup by id (or some other identifier), create new signature, delete existing or update.

Keep in mind that it should be flexible enough to support 1-to-1, M-to-1, M-to-M type of relationships on query level.
This is because some business objects are made of multiple rows in different tables. Take grants, for example.

We have implemented mechanism, to sign stored data in database with root key. However, we currently have no way of enforcing usage of them. It's very easy to forget: - Creating signature. This would lead to incosistent database state on next code run, when data is genuine (not tampered with), however server couldn't know it - Verifying signature. This is the most criticial: even if we create signature, but do not verify it -- it defeats the whole purpose. Therefore, to close this ticket, abstraction enforcing previously stated preconditions / invariants should be implemented. I envision it as some generic `IntegrityEnvelope<T>`, that has methods to lookup by id (or some other identifier), create new signature, delete existing or update. Keep in mind that it should be flexible enough to support `1-to-1`, `M-to-1`, `M-to-M` type of relationships on query level. This is because some business objects are made of multiple rows in different tables. Take grants, for example.

Skipper added the

labels 2026-04-05 15:05:25 +00:00

CleverWild self-assigned this 2026-04-05 15:13:54 +00:00

CleverWild referenced a pull request that will close this issue

2026-04-08 10:13:21 +00:00

feat(server): unify integrity API and propagate verified IDs through auth/EVM flows #81

Sign in to join this conversation.