[roadmap] Add Evidence Integrity & Disposition Phase 1#38
Conversation
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 2e7b51b470
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| headers: HeaderMap, | ||
| Query(query): Query<WebContextQuery>, | ||
| ) -> Html<String> { | ||
| let Some(context) = web_context_from_request(&query, &headers, &state).await else { |
There was a problem hiding this comment.
Require authentication for integrity metadata view
When this page is requested without a session or bearer token, web_context_from_request falls back to caller-supplied tenant_id/user_id query parameters, so /evidence/integrity/?tenant_id=...&user_id=... returns that tenant's evidence integrity metadata to anyone who can guess a tenant id. This new view exposes evidence titles, legal-hold/disposition state, hashes, and check results; unlike the new API and write paths it should require authenticated_tenant_context or restrict the query-parameter fallback to a development-only path.
Useful? React with 👍 / 👎.
Problem and Goal
ISCY already stores, versions, hashes, rates, and links Evidence. This PR adds Evidence Integrity & Disposition Phase 1 so existing Evidence can be checked, placed under Legal Hold, and disposition decisions can be documented without introducing a new Evidence engine or physically deleting files.
Changed Functions
Affected Files
rust/iscy-backend/src/db_admin.rsrust/iscy-backend/src/evidence_store.rsrust/iscy-backend/src/lib.rsrust/iscy-backend/tests/http_tests.rsCHANGELOG.mddocs/ISCY_STRATEGIC_ROADMAP.mddocs/ISCY_Handbuch.mddocs/ISCY_Handbuch.pdfDatabase Migrations
0033_rust_evidence_integrity_dispositionfor SQLite and PostgreSQL.evidence_evidenceitemwith integrity, Legal Hold, and disposition metadata.evidence_integrity_eventfor tenant-scoped audit history.New or Changed API Endpoints
GET /api/v1/evidence/integrityPOST /api/v1/evidence/{evidence_id}/integrity-checkPOST /api/v1/evidence/integrity-checksGET /api/v1/evidence/{evidence_id}/integrity-eventsPOST /api/v1/evidence/{evidence_id}/legal-holdPOST /api/v1/evidence/{evidence_id}/legal-hold/releasePOST /api/v1/evidence/{evidence_id}/dispositionGUI Changes
/evidence/integrity/Web UI.Tenant and Permission Boundaries
Security Decisions
disposition_completed_metadata_onlyis intentionally metadata-only and never deletes files.Tests Executed
cargo fmt --manifest-path rust/iscy-backend/Cargo.toml -- --checkcargo clippy --locked --manifest-path rust/iscy-backend/Cargo.toml --all-targets -- -D warningscargo test --locked --manifest-path rust/iscy-backend/Cargo.tomlcargo audit --file rust/iscy-backend/Cargo.lock --ignore RUSTSEC-2023-0071vianix run nixpkgs#cargo-auditcargo deny --manifest-path rust/iscy-backend/Cargo.toml check advisories licenses sourcesvianix run nixpkgs#cargo-denyinside the dev shellmake rust-smokemake rust-restore-smokenix flake checkmake rust-postgres-restore-drillinitially reported SKIP in the Codex environment because disposable PostgreSQL URLs were not configuredmake docs-pdfgit diff --checkAdditional PostgreSQL Live Drill
After the initial Draft PR validation, a local PostgreSQL live restore drill was executed successfully on the maintainer workstation.
feature/evidence-integrity-dispositionPostgreSQL 16.14postgres://iscy@127.0.0.1:24987/iscy_sourcepostgres://iscy@127.0.0.1:24987/iscy_restoreRust PostgreSQL restore drill OK0033_rust_evidence_integrity_dispositionwas applied successfully on PostgreSQL and confirmed in the restored database.git statusremained clean.This closes the previously noted local limitation around PostgreSQL live migration validation.
Known Limitations
cargo auditcompleted with exit 0 after loading RustSec advisories; it warned that the crates.io index could not be updated locally.Deliberately Not Implemented
AI Assistance
Implemented with OpenAI Codex assistance. Human review remains required for correctness, security, legal interpretation, and release approval.