port notary runtime to protocol-based providers#15
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR ports the receipt runtime onto the protocol-based provider architecture while preserving the existing
Notarysurface that the tests, demo, and docs already exercise. The end result is that plans, receipts, chain handling, policy evaluation, serialization, key management, timestamping, redaction, and sinks now flow through explicit protocol-shaped implementations instead of the old monolithic notary internals.For users, this keeps the current
Notaryworkflow working while making the runtime easier to audit, extend, and verify. Existing receipt behavior such as signing, per-plan chaining, evidence export, delegation, session tracking, co-signatures, and healthcare demo flows continue to work, but the implementation is now split across concrete provider modules and dedicated plan/receipt/chain/policy models.Root Cause
The repository had already introduced protocol interfaces, but the runtime was still effectively running on the legacy implementation. Provider modules were mostly stubs, plan lifecycle lived in placeholder code, receipt semantics were still embedded inside
agentmint/notary.py, and the AERF conformance test remained markedxfailbecause the migration was incomplete.That meant the public architecture and the actual implementation had drifted apart. The runtime behavior existed, but it was not yet expressed through the provider boundary and model layer that the migration expected.
Fix
The runtime was reworked around the new architecture in a compatibility-preserving way:
Plan,Receipt,chain, andpolicymodulesNotaryto use those providers and models while retaining legacy entry points such ascreate_plan,notarise,verify_plan,verify_receipt, evidence export, and delegation helpers@notarisedecorator helper and exported it from the package surfaceshort_id, chain verification, plan/receipt aliases, and expected empty-string defaults for optional signature fieldsValidation
I validated the migration with:
python3 -m pytest -qpython3 -m agentmint.demo.healthcareBoth completed successfully in the local workspace.
Notes
I also attempted to run
vet, but the local agentic run was blocked by environment quota/harness limitations rather than a code issue, so the main validation signal here comes from the full pytest run and the healthcare demo flow.