feat: graph-native attestation IRI + MsgAttest broadcast#21
Conversation
Implements graph-native attestation path per Marie's architecture corrections: - JSON-LD attestation documents with inline @context (no remote URL fetch) - URDNA2015 canonicalization → BLAKE2b-256 → base58check → regen:*.rdf IRI - MsgAttest broadcast endpoint alongside existing MsgAnchor path - RBAM integration design doc for org-level reviewer authorization - 19 new tests (78 total, all passing) New endpoint: POST /claims/{rid}/attestations/{att_rid}/attest-onchain New dep: pyld>=2.0.4 Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
|
Hi Marie — thanks for your Telegram feedback (Mar 26–Apr 2) that shaped this entire PR. What to review first:
Explicitly out of scope for this PR:
The four open questions at the bottom of the PR description are the main things I need from you — especially the RBAM contract addresses and minimal DAO setup path. Happy to pair on any of it. |
|
Responses to open questions:
|
| return f"regen:{encoded}.rdf" | ||
|
|
||
|
|
||
| def generate_graph_iri(jsonld_doc: dict) -> str: |
| def build_attestation_jsonld(row) -> dict: | ||
| """Build a JSON-LD document for an attestation record. | ||
|
|
||
| Uses inline @context to avoid remote URL fetches during canonicalization. |
There was a problem hiding this comment.
that's totally fine
the below context is not yet available online afaik so inline context is the only viable solution for now anyway
| Reviewer has a role in an org DAO (via RBAM) and signs `MsgAttest` on behalf of the org. | ||
|
|
||
| **Setup:** | ||
| 1. Org creates a DAO via the Marketplace (useCreateDao pattern) |
There was a problem hiding this comment.
do we really want to rely on the user having to go through the marketplace app first to set that up?
it doesn't look like a very optimized user flow
| 4. Reviewer's wallet gains permission to sign `MsgAttest` as a DAO member | ||
|
|
||
| **Signing:** | ||
| - Reviewer signs via `MsgExec` wrapping `MsgAttest` |
There was a problem hiding this comment.
why MsgExec?? are you still talking about authz MsgExec, in which case it's off topic and unnecessary
|
|
||
| 5. **DAO DAO version compatibility** — Which version of DAO DAO is the Marketplace using? Are there breaking changes between versions we should pin against? | ||
|
|
||
| 6. **Role assignment API** — Is there a REST/RPC endpoint to assign roles, or is it contract-execute only? For the pilot, we may want to script role assignment rather than going through the Marketplace UI. |
There was a problem hiding this comment.
contract execute only, for web3 users
2 participants
Summary
@context→ URDNA2015 canonicalization → BLAKE2b-256 → base58check →regen:*.rdfgraph IRI. Mirrors the TypeScript implementation inregen-server.POST /claims/{rid}/attestations/{att_rid}/attest-onchainendpoint usingregen tx data attest(identity-bound) instead ofregen tx data anchor(timestamp-only). Existing MsgAnchor path is untouched.can_anchor_attest_data).Key files
api/ledger_anchor.pygenerate_graph_iri(),broadcast_attest(),build_attestation_jsonld(), base58check encodingapi/routers/claims_router.pyPOST /attest-onchainendpoint + response modelsrequirements.txtpyld>=2.0.4(URDNA2015 canonicalization)tests/test_graph_iri.pydocs/claims/rbam-integration.mdContext
Based on Marie's architecture corrections in Telegram (Mar 26–Apr 2):
MsgAttestrequiresContentHash.Graphcosmos.authzuseCreateDaoOpen questions for Marie
Test plan
regen-servercontentHashGraphToIRI@contextpattern vs FWG context dereference🤖 Generated with Claude Code