Skip to content

Comments

Add multiple verification levels to read_ledger.py#7674

Merged
eddyashton merged 17 commits intomainfrom
copilot/add-multiple-verification-levels
Feb 20, 2026
Merged

Add multiple verification levels to read_ledger.py#7674
eddyashton merged 17 commits intomainfrom
copilot/add-multiple-verification-levels

Conversation

Copy link
Contributor

Copilot AI commented Feb 17, 2026
edited
Loading

Add Multiple Verification Levels to read_ledger.py

This PR implements granular verification levels for the read_ledger.py tool, allowing users to control the trade-off between verification thoroughness and computation cost.

Changes

Added VerificationLevel enum with five levels (ordered by increasing cost):

  • NONE: Parse only, no verification
  • OFFSETS: Validate offset table consistency
  • HEADERS: Validate transaction headers (size, version, flags)
  • MERKLE: Validate merkle tree (trust first signature via merkletree.deserialise())
  • FULL: Full cryptographic verification (default, unchanged)

Updated read_ledger.py CLI:

  • New --verification-level option (choices: NONE, OFFSETS, HEADERS, MERKLE, FULL)
  • Deprecated --insecure-skip-verification (maps to NONE for backward compatibility)
  • Contextual output showing relevant metrics per level

Updated LedgerValidator:

  • Accepts verification_level parameter (defaults to FULL)
  • Implements incremental validation: each level builds on previous levels
  • MERKLE level properly deserializes mini-tree from first signature for isolated chunk support
  • Tracks transaction_count for better reporting

Documentation: Added verification levels section to doc/audit/python_library.rst with usage examples

Testing: Added test_merkle_verification_level() to validate MERKLE verification on full ledgers and isolated chunks

Backward Compatibility

✅ Default behavior unchanged (FULL verification)
--insecure-skip-verification still works (deprecated)
✅ Existing code using LedgerValidator() continues to work

Verification Levels & Isolated Chunks

  • NONE, OFFSETS, HEADERS: Work with individual chunks
  • MERKLE: Works with isolated chunks (trusts first signature)
  • FULL: Requires complete ledger context
Original prompt

This section details on the original issue you should resolve

<issue_title>Add multiple verification levels to read_ledger.py</issue_title>
<issue_description>We can detect more potential corruptions of ledger files at the cost of increased computation. Currently we have a single --insecure-skip-verification flag, which disables all verification. This is required for reading isolated files, but means we do minimal verification of the result. We could do better, and be more explicit about a "no verifiation, just try to parse" mode.

Specifically, we can: validate nothing, validate the offsets table, validate each transaction's header (size points to the next offset, version and flags are allowed values), validate the merkle tree in each signature (trust the first, confirm the mini-tree in each subsequent siganture matches), validate the signatures themselves (trust the node certs in each signature transaction, enforce invariants of reconfigurations within the seen files). I don't know if all of these are worth exposing as separate options, but since they are (roughly) ordered in increasing computation cost I think the final setting is a monotonic level rather than distinct flags.</issue_description>

Comments on the Issue (you are @copilot in this section)

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

Copilot AI and others added 4 commits February 17, 2026 13:42
@eddyashton
Add VerificationLevel enum and update LedgerValidator to support mult…
c42ab93 
…iple verification levels

Co-authored-by: eddyashton <6000239+eddyashton@users.noreply.github.com>
@eddyashton
Add documentation for verification levels feature
b5e1444 
Co-authored-by: eddyashton <6000239+eddyashton@users.noreply.github.com>
@eddyashton
Fix code review issues: remove trailing whitespace and split long lines
3a35a76 
Co-authored-by: eddyashton <6000239+eddyashton@users.noreply.github.com>
@eddyashton
Remove all trailing whitespace from modified files
74b58b9 
Co-authored-by: eddyashton <6000239+eddyashton@users.noreply.github.com>
Copilot AI changed the title [WIP] Add multiple verification levels to read_ledger.py Add granular verification levels to read_ledger.py Feb 17, 2026
Copilot AI requested a review from eddyashton February 17, 2026 13:52
@eddyashton
Copy link
Member

eddyashton commented Feb 17, 2026

@copilot Python's enum.Enum is not natively comparable, use IntEnum instead.

'>=' not supported between instances of 'VerificationLevel' and 'VerificationLevel'

@eddyashton
Fix: Change VerificationLevel from Enum to IntEnum for comparison sup…
564c48e 
…port

Co-authored-by: eddyashton <6000239+eddyashton@users.noreply.github.com>
Copy link
Contributor Author

Copilot AI commented Feb 17, 2026

@copilot Python's enum.Enum is not natively comparable, use IntEnum instead.

...

Fixed in commit 564c48e. Changed VerificationLevel from Enum to IntEnum to support native comparison operations.

eddyashton
eddyashton reviewed Feb 17, 2026
View reviewed changes
@eddyashton
Derive verification-level choices from VerificationLevel enum
05c06a8 
Co-authored-by: eddyashton <6000239+eddyashton@users.noreply.github.com>
Copilot AI requested a review from eddyashton February 17, 2026 14:26
eddyashton
eddyashton reviewed Feb 17, 2026
View reviewed changes
eddyashton
eddyashton reviewed Feb 17, 2026
View reviewed changes
@eddyashton
Improve verification output: track transactions, fold messages, fix i…
1639c03 
…sinstance check

- Add transaction_count to LedgerValidator to track all processed transactions
- Remove unnecessary isinstance check (verification_level is always VerificationLevel)
- Fold "Verification level:" into verification result message
- Show appropriate information based on level: transactions for OFFSETS/HEADERS,
  transactions+signatures+txid for MERKLE/FULL
- Make last_verified_txid() only appear when it's meaningful (MERKLE/FULL levels)

Co-authored-by: eddyashton <6000239+eddyashton@users.noreply.github.com>
Copilot AI requested a review from eddyashton February 17, 2026 14:37
eddyashton
eddyashton reviewed Feb 17, 2026
View reviewed changes
@eddyashton
Fix help text: individual chunks work with MERKLE or lower, not just …
e8e5120 
…NONE

Individual ledger chunks can be parsed with verification levels up to MERKLE.
Only FULL verification requires complete ledger context (for node certificates,
service status transitions, etc.).

Co-authored-by: eddyashton <6000239+eddyashton@users.noreply.github.com>
eddyashton
eddyashton reviewed Feb 17, 2026
View reviewed changes
Copilot AI requested a review from eddyashton February 17, 2026 14:55
Copilot AI and others added 2 commits February 19, 2026 13:18
@eddyashton
Use merkletree.deserialise() for proper MERKLE verification
d0eef7a 
- Fixed MERKLE level to properly deserialize mini-tree from tables["public:ccf.internal.tree"]
- Added TREE_TABLE_NAME constant for "public:ccf.internal.tree"
- First signature now correctly initializes merkle tree using deserialise() method
- Removed merkle tree validation from run_read_ledger_on_testdata (moved to dedicated test)
- Added test_merkle_verification_level() to explicitly test MERKLE verification on:
  - Full ledgers (all testdata directories)
  - Isolated chunks with multiple signatures (ledger_29-46, ledger_44-64)
- Removed MerkleTree import from e2e_operations.py (no longer needed)

Co-authored-by: eddyashton <6000239+eddyashton@users.noreply.github.com>
@eddyashton
Add granular verification levels to read_ledger.py
f896ada 
Co-authored-by: eddyashton <6000239+eddyashton@users.noreply.github.com>
@eddyashton eddyashton marked this pull request as ready for review February 19, 2026 15:42
@eddyashton eddyashton requested a review from a team as a code owner February 19, 2026 15:42
Copilot AI review requested due to automatic review settings February 19, 2026 15:42
Copilot AI reviewed Feb 19, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR implements multiple verification levels for the read_ledger.py utility, allowing users to control the trade-off between verification thoroughness and computation cost. The implementation introduces five verification levels (NONE, OFFSETS, HEADERS, MERKLE, FULL) with FULL being the default, maintaining backward compatibility with existing code.

Changes:

  • Added VerificationLevel IntEnum with five levels of increasing verification rigor
  • Implemented offset table and transaction header validation methods
  • Implemented MERKLE verification level using merkletree.deserialise() to support isolated chunk verification
  • Updated CLI to accept --verification-level parameter while maintaining backward compatibility with deprecated --insecure-skip-verification flag

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

File Description
python/src/ccf/ledger.py Added VerificationLevel enum, validation methods, and MERKLE verification logic with proper tree deserialization
python/src/ccf/read_ledger.py Updated CLI to support verification levels with backward compatibility and contextual output messages
tests/e2e_operations.py Removed duplicate merkle tree validation and added dedicated test for MERKLE verification level
doc/audit/python_library.rst Added comprehensive documentation for verification levels with usage examples

@eddyashton
Update python/src/ccf/ledger.py
89e8ee3 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@eddyashton
Copy link
Member

eddyashton commented Feb 20, 2026

@copilot Add a description of this change to CHANGELOG.md, and rewrite this PR's description to be briefer (summarise, don't list every change).

@eddyashton
Add CHANGELOG entry for verification levels feature
aef3642 
Co-authored-by: eddyashton <6000239+eddyashton@users.noreply.github.com>
Copy link
Contributor Author

Copilot AI commented Feb 20, 2026

@copilot Add a description of this change to CHANGELOG.md, and rewrite this PR's description to be briefer (summarise, don't list every change).

Done in commit aef3642:

  • Added CHANGELOG entry under "Added" section for 7.0.0-dev10
  • Rewrote PR description to be concise summary instead of detailed checklist

Copilot AI changed the title Add granular verification levels to read_ledger.py Add multiple verification levels to read_ledger.py Feb 20, 2026
Copilot AI requested a review from eddyashton February 20, 2026 14:38
@eddyashton eddyashton merged commit 4e94df5 into main Feb 20, 2026
17 checks passed
@eddyashton eddyashton deleted the copilot/add-multiple-verification-levels branch February 20, 2026 15:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@maxtropets maxtropets maxtropets approved these changes

@cjen1-msft cjen1-msft cjen1-msft approved these changes

@eddyashton eddyashton Awaiting requested review from eddyashton

Assignees

@eddyashton eddyashton

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add multiple verification levels to read_ledger.py

4 participants

@eddyashton @maxtropets @cjen1-msft