Skip to content

Partner data-exchange API, partner kit, and prominence pass#1

Open
jreaviscsa wants to merge 1 commit into
mainfrom
partner-data-exchange
Open

Partner data-exchange API, partner kit, and prominence pass#1
jreaviscsa wants to merge 1 commit into
mainfrom
partner-data-exchange

Conversation

@jreaviscsa

Copy link
Copy Markdown
Collaborator

Builds the scanner partner data exchange for RiskRubric V2 (informed by Tumeryk and PointGuard AI research):

  • Submission API: fixed dead-on-arrival auth (rrk_ keys, O(1) lookup, rotation), batch ingestion + idempotency, HMAC webhooks, enforced COI + TRS/pillar polarity gates, submission state machine, suspension-triggered consensus recompute, optional test_case_results passthrough for QC. Bug fixes (compare enum, pillar sort, weight guard). Killed mock consensus drift. 27 new tests, 78 total passing.
  • Partner kit: PARTNER_GUIDE.md, PROTOTYPE_STATUS_MEMO.md, submission.schema.json, dependency-free Python client, webhook verifier.
  • Prototypes: elevated PointGuard / Deloitte / Tumeryk prominence across A/B/C per concept-paper section 7.3.
  • Docs: recovered published CSA papers; DISCREPANCIES updated (D2/D5 resolved, D3 resolved+implemented, D1/D4 routed to partner memo, D6 added); tool/README + migration.

Open items: D4 alpha tuning (partner working session); D1/D6 paper errata; pick prototype direction.

Generated with Claude Code.

Research-driven build of the scanner partner data exchange for RiskRubric V2,
informed by analysis of Tumeryk (AI Trust Score) and PointGuard AI.

Submission API (tool/):
- Fix dead-on-arrival auth: rrk_<env>_<key_id>_<secret> keys with O(1)
  indexed lookup, Bearer + legacy header, constant-time admin compare,
  key issuance/rotation via CLI (manage_keys.py) and admin API
- Add batch ingestion (<=500/call), idempotency keys, status webhooks
- Enforce COI gate, TRS<->pillar polarity gate, submission state machine
- Suspension now recomputes consensus for affected services
- Optional test_case_results passthrough for QC (never enters consensus)
- Fix compare enum bug, leaderboard ?pillar= sort, weight-sum guard,
  multi-version consensus relationship, local (non-Docker) static serving
- Recompute mock consensus.json through consensus.py (kills drift);
  add contributing_scanners to leaderboard for per-row attribution
- 27 new end-to-end tests (78 total passing)

Partner kit (partner-kit/):
- PARTNER_GUIDE.md (engineering how-to), PROTOTYPE_STATUS_MEMO.md
  (program status + open items), submission.schema.json, dependency-free
  Python reference client, webhook verifier

Prototypes: elevate PointGuard AI / Deloitte / Tumeryk prominence across
A/B/C per concept-paper sec 7.3 display rules; fix download links.

Docs: recover the two published CSA papers into docs/methodology/; update
DISCREPANCIES (D2/D5 resolved, D3 resolved+implemented, D1/D4 routed to the
partner memo, D6 added) and SYSTEM_OVERVIEW; add tool/README.md + migration.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Comment thread tool/manage_keys.py
)
print(f"Issued key for {row[0]} ({slug}).")
print("Deliver this to the partner over a secure channel — it is shown ONCE:\n")
print(f" {raw_key}\n")
Comment thread tool/seed_synthetic.py
"UPDATE scanners SET api_key_id=%s, api_key_hash=%s WHERE id=%s",
(key_id, key_hash, s["id"]),
)
print(f" {s['slug']}: {raw_key}")
from pathlib import Path

# Must run before any app import: point the app at a throwaway SQLite db
_DB_FILE = tempfile.mktemp(suffix=".db")
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants