Skip to content

feat(harness): receipt chain export/import/merge for cross-system audit#85

Open
djimit wants to merge 1 commit into
ruvnet:mainfrom
djimit:feat/receipt-export-import
Open

feat(harness): receipt chain export/import/merge for cross-system audit#85
djimit wants to merge 1 commit into
ruvnet:mainfrom
djimit:feat/receipt-export-import

Conversation

@djimit

@djimit djimit commented Jul 5, 2026

Copy link
Copy Markdown

Summary

Adds portable serialization and merge capabilities to ReceiptLog — enabling cross-system audit interoperability, compliance archival, and cross-run receipt aggregation.

New API

Method Purpose
export() Deterministic canonical JSON (sorted keys) — safe for signing and archival
toJSON() Plain-object snapshot for storage/transport
fromJSON(obj) Reconstruct from snapshot with verification
import(json) Deserialize from JSON string with verification
merge(source) Combine chains with re-linked hashes
length (getter) Chain size
isEmpty (getter) Empty check

Why

ReceiptLog currently has no way to leave the runtime. This blocks:

  1. Audit compliance — receipts must be archivable outside the process
  2. Cross-run analysis — comparing runs requires serialization
  3. External system integration — e.g., DjimFlo compliance service consuming MetaHarness receipts

Safety

  • import() and fromJSON() validate the hash chain before accepting — tampered/truncated chains rejected with exact break location
  • merge() verifies source chain and re-links hashes at the merge boundary
  • export() uses canonical() encoding — byte-identical output for identical chains (safe for Ed25519 signing)

Tests

11 new test cases covering: deterministic export, round-trip fidelity, tamper detection on import, malformed JSON rejection, wrong-shape rejection, merge with re-linking, merge of empty/broken sources.

24/24 tests passing. No breaking changes.

…it interoperability

Add portable serialization and merge capabilities to ReceiptLog:
- export() - deterministic canonical JSON for signing/archival
- toJSON() / fromJSON() - plain-object serialization
- import() - deserialize with verification (rejects tampered chains)
- merge() - combine receipt chains with re-linked hashes
- length / isEmpty - chain introspection

All new methods validate the hash chain before accepting data.
Merge re-links hashes at boundary so combined chains verify correctly.

Enables: audit archival, cross-run aggregation, DjimFlo compliance integration.
Tests: 11 new test cases, 24/24 total passing.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant