118 lines
4.4 KiB
Gherkin
118 lines
4.4 KiB
Gherkin
Feature: Proof-of-Path Integration with Reputation
|
|
As a Libertaria security validator
|
|
I need to verify trust paths cryptographically
|
|
And maintain reputation scores based on verification history
|
|
So that trust decay reflects actual behavior
|
|
|
|
Background:
|
|
Given a QVL database with established trust edges
|
|
And a reputation map for all nodes
|
|
|
|
# Reputation Scoring
|
|
Scenario: Initial neutral reputation
|
|
Given a new node "frank" joins the network
|
|
Then "frank"'s reputation score should be 0.5 (neutral)
|
|
And total_checks should be 0
|
|
|
|
Scenario: Reputation increases with successful verification
|
|
When node "alice" sends a PoP that verifies successfully
|
|
Then "alice"'s reputation should increase
|
|
And the increase should be damped (not immediate 1.0)
|
|
And successful_checks should increment
|
|
|
|
Scenario: Reputation decreases with failed verification
|
|
When node "bob" sends a PoP that fails verification
|
|
Then "bob"'s reputation should decrease
|
|
And the decrease should be faster than increases (asymmetry)
|
|
And total_checks should increment
|
|
|
|
Scenario: Bayesian reputation update formula
|
|
Given "charlie" has reputation 0.6 after 10 checks
|
|
When a new verification succeeds
|
|
Then the update should be: score = 0.7*0.6 + 0.3*(10/11)
|
|
And the new score should be approximately 0.645
|
|
|
|
# Reputation Decay
|
|
Scenario: Time-based reputation decay
|
|
Given "alice" has reputation 0.8 from verification at time T
|
|
When half_life time passes without new verification
|
|
Then "alice"'s reputation should decay to ~0.4
|
|
When another half_life passes
|
|
Then reputation should decay to ~0.2
|
|
|
|
Scenario: Decay stops at minimum threshold
|
|
Given "bob" has reputation 0.1 (low but not zero)
|
|
When significant time passes
|
|
Then "bob"'s reputation should not go below 0.05 (floor)
|
|
|
|
# PoP Verification Flow
|
|
Scenario: Successful PoP verification
|
|
Given a valid Proof-of-Path from "alice" to "charlie"
|
|
When I verify against the expected receiver and sender
|
|
Then the verdict should be "valid"
|
|
And "alice"'s reputation should increase
|
|
And the verification should be logged with entropy stamp
|
|
|
|
Scenario: Broken link in PoP
|
|
Given a PoP with an edge that no longer exists
|
|
When I verify the PoP
|
|
Then the verdict should be "broken_link"
|
|
And the specific broken edge should be identified
|
|
And "alice"'s reputation should decrease
|
|
|
|
Scenario: Expired edge in PoP
|
|
Given a PoP containing an expired trust edge
|
|
When I verify the PoP
|
|
Then the verdict should be "expired"
|
|
And the expiration timestamp should be reported
|
|
|
|
Scenario: Invalid signature in PoP
|
|
Given a PoP with a tampered signature
|
|
When I verify the PoP
|
|
Then the verdict should be "invalid_signature"
|
|
And "alice"'s reputation should decrease significantly
|
|
|
|
# A* Heuristic Integration
|
|
Scenario: Reputation-guided pathfinding
|
|
Given "alice" has reputation 0.9
|
|
And "bob" has reputation 0.3
|
|
When searching for a path through either node
|
|
Then the algorithm should prefer "alice" (higher reputation)
|
|
And the path cost through "alice" should be lower
|
|
|
|
Scenario: Admissible heuristic guarantee
|
|
Given any reputation configuration
|
|
When using reputationHeuristic for A*
|
|
Then the heuristic should never overestimate true cost
|
|
And A* optimality should be preserved
|
|
|
|
# Low Reputation Handling
|
|
Scenario: Identify low-reputation nodes
|
|
Given nodes with reputations:
|
|
| node | reputation |
|
|
| alice | 0.9 |
|
|
| bob | 0.2 |
|
|
| charlie | 0.1 |
|
|
When I query for nodes below threshold 0.3
|
|
Then I should receive ["bob", "charlie"]
|
|
|
|
Scenario: Quarantine trigger
|
|
Given "mallory" has reputation < 0.2 after 10+ checks
|
|
When the low-reputation threshold is 0.2
|
|
Then "mallory" should be flagged for quarantine review
|
|
And future PoPs from "mallory" should be extra scrutinized
|
|
|
|
# Bulk Operations
|
|
Scenario: Decay all reputations periodically
|
|
Given 1000 nodes with various last_verified times
|
|
When the daily decay job runs
|
|
Then all reputations should be updated based on time since last verification
|
|
And the operation should complete in < 100ms
|
|
|
|
Scenario: Populate RiskGraph from reputation
|
|
Given a CompactTrustGraph with raw trust levels
|
|
And a ReputationMap with scores
|
|
When I populate the RiskGraph
|
|
Then each edge risk should be calculated as (1 - reputation)
|
|
And the RiskGraph should be ready for Bellman-Ford
|