jordan/stemedb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
stemedb/ai-lookup/features/phase7-uat.md
jordan b3e8a9a058 feat: Multi-application expansion with chaos testing and community UI 
Major additions:
- Community Next.js app (port 18187) for browsing claims with API docs
- stemedb-chaos crate: Fault injection, chaos testing, CRDT properties
- Latent ingestion system: Reddit/FDA ingesters with ADK-Go agents
- Disputed claims handling: Manual review workflows and validation
- Aphoria security scanner: New extractors (SQL injection, command
  injection, weak crypto, TLS version), policy-based ignores, UAT reports
- Docker infrastructure: Dockerfile, docker-compose.yml for full stack
- VulnBank demo: Intentionally vulnerable multi-language test corpus

SDK & API enhancements:
- Source registry handlers for tracking data provenance
- Metrics endpoint
- Skeptic filtering improvements

Code quality:
- Split 14 large files (>500 lines) into focused modules
- All files now under 500-line limit per project guidelines

Documentation:
- Chaos testing guide, circuit breakers, observability docs
- Phase 7 UAT documentation updates
- Martin Kleppmann technical writer agent

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-04 01:24:14 -07:00

239 lines
8.8 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Phase 7 UAT: The Shield
**Status:** Ready for Testing
**Target Date:** 2026-02-03
**Confidence:** High (7A, 7B complete; 7C core complete)
## Summary
Phase 7 (The Shield) defends against spam, Sybil attacks, and knowledge poisoning. This UAT validates the trust-at-scale infrastructure for opening Episteme to millions of agents.
**Scope:**
- 7A Admission Control: PoW-based spam protection, trust tiers, graduated quotas
- 7B EigenTrust: Sybil-resistant global trust propagation
- 7C Content Defense: Quality scoring, MinHash/LSH similarity, quarantine store, admin API
- 7D Circuit Breakers: Per-agent banning with Closed/Open/HalfOpen state machine
## Test Coverage (Verified)
| Area | Tests | Status |
|------|-------|--------|
| Circuit Breakers (7D) | 25 | PASS |
| Trust Graph Store (7B) | 23 | PASS |
| Trust Rank Store | 22 | PASS |
| PoW types (7A) | 19 | PASS |
| Domain Trust Store (7B) | 18 | PASS |
| Admission Store (7A) | 16 | PASS |
| Content Defense (quality) (7C) | 13 | PASS |
| Similarity Index (MinHash/LSH) (7C) | 12 | PASS |
| Quarantine Store (7C) | 9 | PASS |
| Trust Tier types (7A) | 8 | PASS |
| API Admission integration | 6 | PASS |
| Content Defense Layer (7C) | 5 | PASS |
| **Total Phase 7** | **176** | **ALL PASS** |
## Realistic Usage Scenarios
### Scenario 1: New Agent Onboarding
**Goal:** Verify graduated difficulty protects against spam bots while not blocking legitimate agents.
```bash
# 1. New agent with no history should require PoW
curl -X GET http://localhost:18180/v1/admission/status \
-H "X-Agent-Id: 0000000000000000000000000000000000000000000000000000000000000001"
# Expected: 200 with pow_required: true, difficulty: 16
# 2. Submit first assertions with PoW proof
# Agent must solve: BLAKE3(nonce || agent_id || timestamp) has 16 leading zero bits
# This takes ~16 seconds on average
# 3. After 10 assertions, difficulty drops to 1 bit (trivial)
# 4. After 50 assertions OR trust > 0.6, PoW exempt
```
**Acceptance Criteria:**
- [ ] New agents see `pow_required: true`, `difficulty: 16`
- [ ] HTTP 428 returned when PoW missing/invalid
- [ ] Difficulty graduates: 16 bits (1-10) → 1 bit (11-50) → 0 (51+)
- [ ] Trusted agents (>0.6) are exempt regardless of assertion count
### Scenario 2: Trust Tier Quotas
**Goal:** Verify rate limiting scales with trust level.
| Tier | Trust Range | Quota Multiplier | Hourly Limit |
|------|-------------|------------------|--------------|
| Untrusted | 0.0-0.3 | 0.1x | 1,000/hr |
| Limited | 0.3-0.5 | 0.5x | 5,000/hr |
| Verified | 0.5-0.7 | 1.0x | 10,000/hr |
| Trusted | 0.7-0.9 | 2.0x | 20,000/hr |
| Authority | 0.9-1.0 | 10.0x | 100,000/hr |
**Acceptance Criteria:**
- [ ] Quota headers present in responses (`X-RateLimit-*`)
- [ ] Untrusted agents limited to 0.1x base quota
- [ ] Authority agents get 10x quota
- [ ] HTTP 429 returned when quota exceeded
### Scenario 3: EigenTrust Sybil Resistance
**Goal:** Verify isolated trust rings get near-zero global trust.
```
Legitimate Network: Sybil Ring:
Seed ─────> A X ──> Y
│ │ │ │
v v v v
B ──────> C Z <── W
```
**Acceptance Criteria:**
- [ ] Seed-connected agents (A, B, C) accumulate positive global trust
- [ ] Isolated ring (X, Y, Z, W) converges to near-zero trust
- [ ] Power iteration converges in <100 iterations (ε = 1e-4)
- [ ] Domain-specific trust factors applied correctly
### Scenario 4: Content Quality Filtering
**Goal:** Verify spam/noise detection without blocking legitimate content.
| Content Type | Expected Quality | Should Quarantine? |
|--------------|------------------|-------------------|
| Normal assertion: "Aspirin:treats:Headache" | >0.6 | No |
| Low entropy: "aaaa:bbbb:cccc" | <0.4 | Yes |
| Structured data with JSON | >0.7 (bonus) | No |
| Untrusted agent + high confidence | <0.5 (penalty) | Yes |
**Acceptance Criteria:**
- [ ] Shannon entropy check flags random noise (< 1.5 bits/char)
- [ ] Minimum subject/predicate length enforced (default 3 chars)
- [ ] Structured data (JSON, URLs, dates) gets +0.1 bonus
- [ ] Untrusted + high confidence gets -0.5 penalty
- [ ] Quality < 0.4 triggers quarantine
### Scenario 5: Quarantine Admin Workflow
**Goal:** Verify suspicious content can be reviewed and processed.
```bash
# 1. List pending quarantine events
curl http://localhost:18180/v1/admin/quarantine?limit=20
# 2. Review specific event
curl http://localhost:18180/v1/admin/quarantine/{hash}
# 3. Approve or reject
curl -X POST http://localhost:18180/v1/admin/quarantine/{hash}/approve
curl -X POST http://localhost:18180/v1/admin/quarantine/{hash}/reject
```
**Acceptance Criteria:**
- [ ] `GET /v1/admin/quarantine` lists pending events with reasons
- [ ] `GET /v1/admin/quarantine/{hash}` returns full assertion bytes
- [ ] `POST .../approve` moves assertion to main index
- [ ] `POST .../reject` marks as reviewed but keeps quarantined
- [ ] Quarantine reasons clearly indicate why flagged
## Integration Points to Verify
1. **Ingestion Pipeline Integration**
- Content defense layer called before indexing
- Quarantine bypasses normal index path
- Bloom filter restored on restart
2. **Trust Store Interplay**
- EigenTrust feeds into TrustTier calculation
- Domain trust factors into Authority lens weights
- Trust decay applies to computed scores
3. **API Middleware Chain**
- AdmissionLayer checks PoW before rate limiting
- MeterLayer applies tier-based quotas
- Headers reflect current trust state
### Scenario 6: Near-Duplicate Detection (MinHash/LSH)
**Goal:** Verify similar content is flagged without blocking unique assertions.
| Content Pair | Jaccard Similarity | Expected |
|--------------|-------------------|----------|
| "Aspirin:treats:Headache" vs same | 1.0 | Duplicate |
| "Aspirin:treats:Headache" vs "Aspirin:treats:Migraine" | ~0.7 | Unique |
| "Aspirin treats headaches" vs "Aspirin:treats:Headache" | ~0.85 | Unique |
| "Asprin:treats:Headach" (typos) vs "Aspirin:treats:Headache" | ~0.92 | Duplicate |
**Acceptance Criteria:**
- [ ] Bloom filter provides fast "definitely not seen" path
- [ ] MinHash signatures (k=128) computed correctly
- [ ] LSH bands (16 bands × 8 rows) enable efficient lookup
- [ ] Jaccard threshold of 0.9 correctly identifies near-duplicates
- [ ] Unique content with similar structure passes through
### Scenario 7: Circuit Breaker State Machine (7D)
**Goal:** Verify misbehaving agents are temporarily banned with recovery path.
```
State Flow:
CLOSED (normal) --[5 failures]--> OPEN (banned)
OPEN --[30 sec timeout]--> HALF_OPEN (testing)
HALF_OPEN --[1 success]--> CLOSED
HALF_OPEN --[1 failure]--> OPEN
```
**Acceptance Criteria:**
- [ ] New agents start with no circuit record (allowed)
- [ ] 5 failures within window trips circuit to OPEN
- [ ] OPEN agents receive HTTP 503 with `Retry-After` header
- [ ] After 30 sec, OPEN transitions to HALF_OPEN
- [ ] Single success in HALF_OPEN closes circuit
- [ ] Single failure in HALF_OPEN re-trips to OPEN
- [ ] Admin can manually reset circuits
## Known Limitations
1. **Performance Untested:**
- EigenTrust computation on large graphs (>10k agents)
- Bloom filter memory at scale (currently sized for 1M items)
- Quarantine store scan performance with many pending items
- Circuit breaker store with many tripped agents
## Commands to Run
```bash
# Full test suite
cargo test --workspace
# Phase 7 specific tests (176 total)
cargo test -p stemedb-storage -- circuit_breaker # 7D: 25 tests
cargo test -p stemedb-storage -- trust_graph # 7B: 23 tests
cargo test -p stemedb-storage -- trust_rank # Trust: 22 tests
cargo test -p stemedb-core -- pow # 7A: 19 tests
cargo test -p stemedb-storage -- domain_trust # 7B: 18 tests
cargo test -p stemedb-storage -- admission # 7A: 16 tests
cargo test -p stemedb-storage -- content_defense # 7C: 13 tests
cargo test -p stemedb-storage -- similarity_index # 7C: 12 tests
cargo test -p stemedb-storage -- quarantine # 7C: 9 tests
cargo test -p stemedb-core -- trust_tier # 7A: 8 tests
cargo test -p stemedb-api --test admission_integration # API: 6 tests
cargo test -p stemedb-ingest -- content_defense # 7C: 5 tests
# Clippy must pass
cargo clippy --workspace -- -D warnings
# Go SDK
cd sdk/go/steme && go test -v
```
## Success Criteria
**Phase 7 UAT passes when:**
1. All 176 Phase 7 tests pass
2. All 7 usage scenarios verified manually
3. Clippy clean with no warnings
4. Go SDK tests pass
5. API endpoints return correct responses
6. Quarantine workflow complete end-to-end
7. Circuit breaker state transitions verified
8. Near-duplicate detection at 0.9 Jaccard threshold works
## Related Documentation
- [Admission Control API](./admission-control.md)
- [Phase 6 UAT](./phase6-uat.md)
- [Roadmap Phase 7](../../roadmap.md#phase-7-the-shield-trust-at-scale)
Reference in New Issue View Git Blame Copy Permalink