[roadmap] Add evidence worker disposition storage#43
Conversation
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 7bcf3281b2
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| | "disposition_executed" | ||
| | "disposition_failed" |
There was a problem hiding this comment.
Reject physical statuses on decision-only updates
Because decide_disposition_* is still used by the generic /api/v1/evidence/{id}/disposition endpoint and web disposition form, accepting disposition_executed or disposition_failed here lets a writable caller mark evidence as physically disposed/failed without going through delete_artifact, without setting execution metadata/tombstone fields, and with the file still present. Keep physical execution outcomes restricted to the execution path so the audit state cannot diverge from storage.
Useful? React with 👍 / 👎.
| "Disposition-Ausfuehrung wurde durch Schutzregeln verweigert.", | ||
| ); | ||
| } | ||
| let disposition = storage.delete_artifact(&evidence_artifact_ref_from_item(&item)); |
There was a problem hiding this comment.
Record disposition durably before deleting bytes
At this point the artifact is removed before the final execute_disposition database transaction succeeds. If the DB write fails, or if a legal hold/approval change lands after the earlier read but before the store revalidation, the route can return an error with the evidence file already gone and no tombstone/audit update recorded. For controlled evidence disposal, make the DB-side execution state/lock durable before deleting, or otherwise make deletion conditional on a successful guarded update.
Useful? React with 👍 / 👎.
Problemstellung und Ziel
Dieser Roadmap-Block bringt den Evidence-Integrity-/Disposition- und Storage-/Restore-Stand aus PR #38/#39 naeher in den Betriebsmodus. ISCY erhaelt begrenzte Evidence-Worker-Laeufe, kontrollierte physische Disposition nach dokumentierter Freigabe und ein vorbereitetes Object-Storage-Statusmodell ohne echte Cloud-Credentials.
Zusaetzlich wurde der aus PR #42 offene PostgreSQL-Live-Haertungstest fuer Migration
0034_rust_supplier_product_security_governancenachgezogen.Geaenderte Funktionen
local_filesystemund vorbereitetess3_compatible.Betroffene Dateien
rust/iscy-backend/src/db_admin.rsrust/iscy-backend/src/evidence_artifact_storage.rsrust/iscy-backend/src/evidence_store.rsrust/iscy-backend/src/lib.rsrust/iscy-backend/src/report_store.rsrust/iscy-backend/tests/http_tests.rsCHANGELOG.mddocs/ISCY_STRATEGIC_ROADMAP.mddocs/ISCY_Handbuch.mddocs/ISCY_Handbuch.pdfdocs/GUI_SCREENSHOTS.mdDatenbankmigrationen
0035_rust_evidence_worker_disposition_storage.evidence_integrity_worker_run.evidence_storage_backend_status.Neue oder geaenderte API-Endpunkte
GET /api/v1/evidence/integrity/workerPOST /api/v1/evidence/integrity/worker/runGET /api/v1/evidence/integrity/worker/runsGET /api/v1/evidence/disposition/candidatesPOST /api/v1/evidence/{evidence_id}/disposition/previewPOST /api/v1/evidence/{evidence_id}/disposition/approvePOST /api/v1/evidence/{evidence_id}/disposition/executePOST /api/v1/evidence/{evidence_id}/disposition/cancelGET /api/v1/evidence/{evidence_id}/disposition/eventsGET /api/v1/evidence/storage/backendsPOST /api/v1/evidence/storage/drillsals Alias fuer bestehende Storage-DrillsGUI-Aenderungen
/evidence/integrity/zeigt jetzt Integritaets-Worker-Status, letzte Worker-Laeufe, Storage-Backend-Status und Disposition-Kandidaten.Tenant- und Berechtigungsgrenzen
Security-Entscheidungen
disposition_execution_deniedauditierbar dokumentiert.Additional PostgreSQL Live Migration Drill for 0034
supplier_product_security_record,supplier_product_security_evidence_link,supplier_product_security_eventundsupplier_contract_exit_historyvorhanden.Ausgefuehrte Tests
cargo fmt --manifest-path rust/iscy-backend/Cargo.toml -- --checkcargo clippy --locked --manifest-path rust/iscy-backend/Cargo.toml --all-targets -- -D warningscargo test --locked --manifest-path rust/iscy-backend/Cargo.tomlcargo audit --file rust/iscy-backend/Cargo.lock --ignore RUSTSEC-2023-0071cargo deny --manifest-path rust/iscy-backend/Cargo.toml check advisories licenses sourcesmake rust-smokemake rust-restore-smokenix flake checkmake docs-pdfgit diff --checkNicht lokal ausfuehrbar
dockerin dieser Shell nicht installiert ist.Bekannte Einschraenkungen
Bewusst nicht umgesetzt