Motivation
The sqlite feature has CLI support for cached verification reports, but library callers do not have a stable API for reusing verification work. For artifact bundles with large indexes or multiple sidecar files, re-hashing every file on every process start can be unnecessary when the manifest, options, and artifact bytes have not changed.
Scope
- Expose a library API for storing and reusing verification reports.
- Cache keys should include manifest bytes, verification options, primary artifact bytes, row-identity bytes, calibration profile bytes, and named auxiliary artifact bytes once supported.
- Reuse only reports whose inputs still match; otherwise run fresh verification.
- Keep cache usage opt-in and local.
- Preserve deterministic report contents and stable skipped/error codes.
Non-Goals
- Do not make the cache a registry or trust anchor.
- Do not skip verification when inputs have changed.
- Do not require SQLite for the core verifier path.
Acceptance Criteria
- Library callers can opt into cached verification without shelling out to the CLI.
- Cache hits and misses are visible in the returned report or wrapper metadata.
- Tampering with any verified input invalidates the cache entry and triggers fresh verification.
- Tests cover cache hit, cache miss from changed options, changed artifact bytes, changed row map bytes, and corrupted cache state.
Motivation
The
sqlitefeature has CLI support for cached verification reports, but library callers do not have a stable API for reusing verification work. For artifact bundles with large indexes or multiple sidecar files, re-hashing every file on every process start can be unnecessary when the manifest, options, and artifact bytes have not changed.Scope
Non-Goals
Acceptance Criteria