Title
report and stats produce results even when log integrity is broken
Description
Currently, devledger verify correctly detects a broken hash chain in the event log:
verify → Broken chain at index N
However, both:
devledger report
devledger stats
continue to process the same logs and generate statistics as if the data were valid.
This breaks the core trust model of DevLedger.
DevLedger’s design is based on:
raw logs → verify → aggregate → report
But the current implementation effectively does:
raw logs → aggregate → report
ignoring the integrity check.
As a result, reports can be generated from corrupted or tampered logs without any warning, which contradicts the purpose of the project as a deterministic and verifiable activity ledger.
Why this is critical
If reports can be generated from logs with a broken hash chain:
- The hash chain becomes meaningless
- The system no longer guarantees immutability
- Trust in the generated statistics is compromised
This is not a cosmetic issue. It affects the fundamental architecture and positioning of DevLedger.
Expected behavior
Before running stats or report, the CLI must:
- Run log integrity verification
- Refuse to generate output if the chain is invalid
Example behavior:
Log integrity check failed at index N.
Run `devledger reset` to start a new valid chain.
Alternatively, reports must be clearly marked as:
UNVERIFIED DATA — log integrity check failed
Acceptance criteria
stats fails or warns when verify failsreport fails or warns when verify fails- Integrity check becomes a mandatory first step of the pipeline
Title
reportandstatsproduce results even when log integrity is brokenDescription
Currently,
devledger verifycorrectly detects a broken hash chain in the event log:However, both:
continue to process the same logs and generate statistics as if the data were valid.
This breaks the core trust model of DevLedger.
DevLedger’s design is based on:
But the current implementation effectively does:
ignoring the integrity check.
As a result, reports can be generated from corrupted or tampered logs without any warning, which contradicts the purpose of the project as a deterministic and verifiable activity ledger.
Why this is critical
If reports can be generated from logs with a broken hash chain:
This is not a cosmetic issue. It affects the fundamental architecture and positioning of DevLedger.
Expected behavior
Before running
statsorreport, the CLI must:Example behavior:
Alternatively, reports must be clearly marked as:
Acceptance criteria
statsfails or warns whenverifyfailsreportfails or warns whenverifyfails