docs(phase-11): close TA-P11-007 evidence and trackers

Author: benjinus

docs/implementation/phase-11/README.md

@@ -1,7 +1,7 @@
 # TelAgent v1 Phase 11 执行产出（v1.1 安全与运营能力增强）
 
 - 文档版本：v1.0
-- 状态：Phase 11 执行中（`TA-P11-001` ~ `TA-P11-006` 已完成，`TA-P11-007` ~ `TA-P11-010` 待执行）
+- 状态：Phase 11 执行中（`TA-P11-001` ~ `TA-P11-007` 已完成，`TA-P11-008` ~ `TA-P11-010` 待执行）
 - 最后更新：2026-03-03
 
 ## 1. 产出目录
@@ -14,6 +14,7 @@
 | TA-P11-004 | `ta-p11-004-federation-pinning-rotation-2026-03-03.md` | 联邦互信 pinning 与轮换策略 |
 | TA-P11-005 | `ta-p11-005-federation-dlq-replay-toolchain-2026-03-03.md` | 联邦 DLQ 与重放工具链 |
 | TA-P11-006 | `ta-p11-006-signal-mls-key-lifecycle-2026-03-03.md` | Signal/MLS 密钥生命周期管理 |
+| TA-P11-007 | `ta-p11-007-revoked-did-session-invalidation-2026-03-03.md` | revoked DID 会话失效链路 |
 
 ## 2. 当前证据目录
 
@@ -24,6 +25,7 @@
   - `ta-p11-004-federation-pinning-rotation-2026-03-03.md`
   - `ta-p11-005-federation-dlq-replay-toolchain-2026-03-03.md`
   - `ta-p11-006-signal-mls-key-lifecycle-2026-03-03.md`
+  - `ta-p11-007-revoked-did-session-invalidation-2026-03-03.md`
 - 运行日志：
   - `logs/2026-03-03-p11-runtime-check.txt`
   - `logs/2026-03-03-p11-workspace-build.txt`
@@ -34,11 +36,13 @@
   - `logs/2026-03-03-p11-federation-pinning-check-run.txt`
   - `logs/2026-03-03-p11-federation-dlq-replay-check-run.txt`
   - `logs/2026-03-03-p11-key-lifecycle-check-run.txt`
+  - `logs/2026-03-03-p11-revoked-did-session-check-run.txt`
 - 机读清单：
   - `manifests/2026-03-03-p11-domain-proof-challenge-check.json`
   - `manifests/2026-03-03-p11-federation-pinning-check.json`
   - `manifests/2026-03-03-p11-federation-dlq-replay-check.json`
   - `manifests/2026-03-03-p11-key-lifecycle-check.json`
+  - `manifests/2026-03-03-p11-revoked-did-session-check.json`
 
 ## 3. 当前进展
 
@@ -48,8 +52,8 @@
 - `TA-P11-004`：DONE
 - `TA-P11-005`：DONE
 - `TA-P11-006`：DONE
-- `TA-P11-007`：TODO
+- `TA-P11-007`：DONE
 - `TA-P11-008`：TODO
 - `TA-P11-009`：TODO
 - `TA-P11-010`：TODO
-- 下一步：进入 `TA-P11-007`（revoked DID 会话失效链路）。
+- 下一步：进入 `TA-P11-008`（Agent SDK TypeScript v0）。

docs/implementation/phase-11/logs/2026-03-03-p11-node-test.txt

@@ -11,73 +11,74 @@
 > @telagent/node@0.1.0 test /Users/xiasenhai/workspace/private-repo/Bots/telagent/packages/node
 > node --test dist/*.test.js dist/**/*.test.js
 
-✔ created response returns data envelope and Location header (124.031375ms)
-✔ list response returns paginated envelope shape (23.811ms)
-✔ validation errors use RFC7807 shape and problem+json content type (4.63075ms)
-✔ not found uses RFC7807 shape (4.855375ms)
-✔ identities and groups endpoints are accessible with expected status codes (16.922958ms)
-✔ messages, attachments and federation endpoints are accessible (116.265167ms)
-✔ routes only serve /api/v1/* prefix (86.78625ms)
-✔ identity endpoint responds with data envelope (8.710333ms)
-✔ mailbox store defaults to sqlite backend (4.071708ms)
-✔ mailbox store parses postgres backend config (0.46175ms)
-✔ postgres backend requires connection url (0.40075ms)
-✔ mailbox backend rejects unsupported value (0.193542ms)
-✔ federation protocol defaults to v1 and supports self version (0.92375ms)
-✔ federation supported protocols auto-include self version (0.297417ms)
-✔ domain proof config defaults to enforced mode (2.825417ms)
-✔ domain proof config accepts report-only mode and custom values (2.700625ms)
-✔ domain proof mode rejects unsupported value (0.320209ms)
-✔ domain proof numeric settings require positive integers (0.2985ms)
-✔ federation pinning defaults to disabled mode (0.25775ms)
-✔ federation pinning parses current/next keys and cutover timestamp (0.351958ms)
-✔ federation pinning rejects invalid mode (0.176833ms)
-✔ federation pinning enabled requires key mappings (2.141208ms)
-✔ federation pinning map requires domain=keys format (1.118959ms)
-✔ finalityDepth only materializes finalized blocks (56.656958ms)
-✔ reorg rollback replays canonical events and restores deterministic view (49.29325ms)
-✔ TA-P4-009 E2E main path: create -> invite -> accept -> group chat (text/image/file) (214.676834ms)
-✔ TA-P4-010 E2E offline 24h pull keeps dedupe and per-conversation order (48.243ms)
-✔ TA-P4-006 init-upload sanitizes filename and emits attachment objectKey (1.314958ms)
-✔ TA-P4-006 complete-upload enforces manifest and checksum integrity (0.578583ms)
-✔ TA-P4-006 complete-upload is idempotent and rejects checksum divergence (0.1765ms)
-✔ TA-P4-006 expired upload sessions are cleaned and cannot be completed (0.34075ms)
-✔ TA-P11-003 accepts valid domain proof challenge and canonical hash (31.041792ms)
-✔ TA-P11-003 rejects illegal domain challenge on malformed domain (1.01875ms)
-✔ TA-P11-003 rejects when canonical domainProofHash mismatches payload (14.564583ms)
-✔ TA-P11-003 rotates challenge nonce near expiry and accepts renewed domain proof (1.329542ms)
-✔ TA-P11-003 report-only mode returns warning without blocking create flow (0.238375ms)
-✔ TA-P4-007 federation envelopes support idempotent retries (5.124625ms)
-✔ TA-P4-007 federation auth token is enforced when configured (0.330958ms)
-✔ TA-P4-007 federation rate limit rejects burst traffic (0.167625ms)
-✔ TA-P4-008 group-state sync enforces domain consistency (0.232666ms)
-✔ TA-P8-002 group-state sync rejects stale stateVersion and records resilience counters (0.422875ms)
-✔ TA-P8-002 group-state sync detects split-brain on same stateVersion with different state (0.188833ms)
-✔ TA-P9-002 federation accepts compatible protocol versions and tracks usage stats (18.425958ms)
-✔ TA-P9-002 federation rejects unsupported protocol versions (1.340417ms)
-✔ TA-P11-004 federation pinning enforces sourceKeyId with current/next rotation (1.584ms)
-✔ TA-P11-004 federation pinning report-only mode allows traffic but records warnings (1.084ms)
-✔ TA-P11-005 federation DLQ captures failures and replays in sequence order (0.721167ms)
-✔ TA-P4-008 node-info publishes domain and federation security policy (0.144916ms)
-✔ assertSufficient throws INSUFFICIENT_GAS_TOKEN_BALANCE when native balance is not enough (1.069708ms)
-✔ TA-P11-006 rotate key keeps old key usable in grace window then expires (1.135791ms)
-✔ TA-P11-006 revoke and recover lifecycle is verifiable (0.261541ms)
-✔ TA-P11-006 rejects invalid did and malformed key id (0.123709ms)
-✔ TA-P4-002 sequence allocator keeps per-conversation monotonic order (2.091583ms)
-✔ TA-P4-003 dedupe keeps idempotent writes for same envelopeId (0.310333ms)
-✔ TA-P4-003 duplicate envelopeId with different payload is rejected (0.505917ms)
-✔ TA-P4-004 cleanupExpired removes expired envelopes and releases dedupe key (0.27275ms)
-✔ TA-P4-005 provisional envelopes are retracted when group is reorged back (3.692083ms)
-✔ TA-P4-005 send is rejected when group chain state is REORGED_BACK (0.651166ms)
-✔ TA-P6-001 mailbox persists messages and seq after service restart (21.581708ms)
-✔ TA-P11-006 message send validates signal/mls key lifecycle status (0.986792ms)
-✔ TA-P5-002 monitoring snapshot normalizes dynamic route segments and records counters (4.755416ms)
-✔ TA-P5-002 monitoring emits warning/critical alerts when thresholds are exceeded (0.309ms)
-ℹ tests 62
+✔ created response returns data envelope and Location header (33.765375ms)
+✔ list response returns paginated envelope shape (10.271291ms)
+✔ validation errors use RFC7807 shape and problem+json content type (36.935792ms)
+✔ not found uses RFC7807 shape (2.115833ms)
+✔ identities and groups endpoints are accessible with expected status codes (20.126209ms)
+✔ messages, attachments and federation endpoints are accessible (107.239833ms)
+✔ routes only serve /api/v1/* prefix (62.463125ms)
+✔ identity endpoint responds with data envelope (11.891041ms)
+✔ mailbox store defaults to sqlite backend (30.735125ms)
+✔ mailbox store parses postgres backend config (0.364375ms)
+✔ postgres backend requires connection url (0.322208ms)
+✔ mailbox backend rejects unsupported value (0.154125ms)
+✔ federation protocol defaults to v1 and supports self version (0.530542ms)
+✔ federation supported protocols auto-include self version (0.203125ms)
+✔ domain proof config defaults to enforced mode (0.161041ms)
+✔ domain proof config accepts report-only mode and custom values (8.673ms)
+✔ domain proof mode rejects unsupported value (2.582542ms)
+✔ domain proof numeric settings require positive integers (0.304292ms)
+✔ federation pinning defaults to disabled mode (0.208542ms)
+✔ federation pinning parses current/next keys and cutover timestamp (0.263042ms)
+✔ federation pinning rejects invalid mode (0.142541ms)
+✔ federation pinning enabled requires key mappings (0.130916ms)
+✔ federation pinning map requires domain=keys format (0.129166ms)
+✔ finalityDepth only materializes finalized blocks (87.088542ms)
+✔ reorg rollback replays canonical events and restores deterministic view (8.437667ms)
+✔ TA-P4-009 E2E main path: create -> invite -> accept -> group chat (text/image/file) (109.507041ms)
+✔ TA-P4-010 E2E offline 24h pull keeps dedupe and per-conversation order (42.255833ms)
+✔ TA-P4-006 init-upload sanitizes filename and emits attachment objectKey (2.142875ms)
+✔ TA-P4-006 complete-upload enforces manifest and checksum integrity (0.414791ms)
+✔ TA-P4-006 complete-upload is idempotent and rejects checksum divergence (0.139083ms)
+✔ TA-P4-006 expired upload sessions are cleaned and cannot be completed (0.111792ms)
+✔ TA-P11-003 accepts valid domain proof challenge and canonical hash (23.900167ms)
+✔ TA-P11-003 rejects illegal domain challenge on malformed domain (0.338458ms)
+✔ TA-P11-003 rejects when canonical domainProofHash mismatches payload (0.366541ms)
+✔ TA-P11-003 rotates challenge nonce near expiry and accepts renewed domain proof (0.936667ms)
+✔ TA-P11-003 report-only mode returns warning without blocking create flow (0.189917ms)
+✔ TA-P4-007 federation envelopes support idempotent retries (0.9485ms)
+✔ TA-P4-007 federation auth token is enforced when configured (0.276167ms)
+✔ TA-P4-007 federation rate limit rejects burst traffic (0.139417ms)
+✔ TA-P4-008 group-state sync enforces domain consistency (0.15975ms)
+✔ TA-P8-002 group-state sync rejects stale stateVersion and records resilience counters (0.342375ms)
+✔ TA-P8-002 group-state sync detects split-brain on same stateVersion with different state (0.165083ms)
+✔ TA-P9-002 federation accepts compatible protocol versions and tracks usage stats (12.750166ms)
+✔ TA-P9-002 federation rejects unsupported protocol versions (0.16175ms)
+✔ TA-P11-004 federation pinning enforces sourceKeyId with current/next rotation (0.36875ms)
+✔ TA-P11-004 federation pinning report-only mode allows traffic but records warnings (0.164125ms)
+✔ TA-P11-005 federation DLQ captures failures and replays in sequence order (0.405834ms)
+✔ TA-P4-008 node-info publishes domain and federation security policy (0.103709ms)
+✔ assertSufficient throws INSUFFICIENT_GAS_TOKEN_BALANCE when native balance is not enough (0.868083ms)
+✔ TA-P11-006 rotate key keeps old key usable in grace window then expires (0.918542ms)
+✔ TA-P11-006 revoke and recover lifecycle is verifiable (0.2165ms)
+✔ TA-P11-006 rejects invalid did and malformed key id (0.100458ms)
+✔ TA-P4-002 sequence allocator keeps per-conversation monotonic order (0.975958ms)
+✔ TA-P4-003 dedupe keeps idempotent writes for same envelopeId (0.218458ms)
+✔ TA-P4-003 duplicate envelopeId with different payload is rejected (0.367458ms)
+✔ TA-P4-004 cleanupExpired removes expired envelopes and releases dedupe key (0.23ms)
+✔ TA-P4-005 provisional envelopes are retracted when group is reorged back (1.268417ms)
+✔ TA-P4-005 send is rejected when group chain state is REORGED_BACK (0.502625ms)
+✔ TA-P6-001 mailbox persists messages and seq after service restart (22.117792ms)
+✔ TA-P11-006 message send validates signal/mls key lifecycle status (1.40875ms)
+✔ TA-P11-007 revoked DID cannot continue sending new messages (0.231334ms)
+✔ TA-P5-002 monitoring snapshot normalizes dynamic route segments and records counters (2.435583ms)
+✔ TA-P5-002 monitoring emits warning/critical alerts when thresholds are exceeded (0.296459ms)
+ℹ tests 63
 ℹ suites 0
-ℹ pass 62
+ℹ pass 63
 ℹ fail 0
 ℹ cancelled 0
 ℹ skipped 0
 ℹ todo 0
-ℹ duration_ms 880.273417
+ℹ duration_ms 832.12

docs/implementation/phase-11/logs/2026-03-03-p11-revoked-did-session-check-run.txt

@@ -0,0 +1,6 @@
+.                                        |  WARN  Unsupported engine: wanted: {"node":">=22 <25"} (current: {"node":"v25.6.1","pnpm":"10.18.1"})
+[TA-P11-007] preRevokeSendSuccess=true
+[TA-P11-007] postRevokeSendBlocked=true blockedErrorCode=UNPROCESSABLE_ENTITY
+[TA-P11-007] mailboxIsolationAfterRevoke=true
+[TA-P11-007] decision=PASS
+[TA-P11-007] output=/Users/xiasenhai/workspace/private-repo/Bots/telagent/docs/implementation/phase-11/manifests/2026-03-03-p11-revoked-did-session-check.json

docs/implementation/phase-11/manifests/2026-03-03-p11-revoked-did-session-check.json

@@ -0,0 +1,34 @@
+{
+  "phase": "Phase 11",
+  "taskId": "TA-P11-007",
+  "generatedAt": "2026-03-03T08:33:26.329Z",
+  "summary": {
+    "preRevokeSendSuccess": true,
+    "postRevokeSendBlocked": true,
+    "mailboxIsolationAfterRevoke": true,
+    "blockedErrorCode": "UNPROCESSABLE_ENTITY"
+  },
+  "decision": "PASS",
+  "details": {
+    "did": "did:claw:zRevokedCase",
+    "conversationId": "direct:revoked-case",
+    "mailboxItems": [
+      {
+        "envelopeId": "p11-revoked-did-send-1",
+        "conversationId": "direct:revoked-case",
+        "conversationType": "direct",
+        "routeHint": {
+          "targetDomain": "node-a.tel",
+          "mailboxKeyId": "signal-key-v1"
+        },
+        "sealedHeader": "0x11",
+        "seq": "1",
+        "ciphertext": "0x22",
+        "contentType": "text",
+        "sentAtMs": 1772582400000,
+        "ttlSec": 60,
+        "provisional": false
+      }
+    ]
+  }
+}

docs/implementation/phase-11/ta-p11-007-revoked-did-session-invalidation-2026-03-03.md

@@ -0,0 +1,69 @@
+# TA-P11-007 revoked DID 会话失效链路（2026-03-03）
+
+- Task ID：TA-P11-007
+- 阶段：Phase 11（v1.1 安全与运营能力增强）
+- 状态：DONE
+- 负责人角色：Security + Backend
+
+## 1. 目标
+
+落地 revoked DID 的链下会话失效机制，确保被撤销身份无法继续发送新消息，满足 Phase 11 身份强约束。
+
+验收关键点：
+
+1. send 前必须校验 DID active 状态；
+2. DID 被撤销后，新消息发送必须被拒绝；
+3. 已入箱历史消息保留，但撤销后不会新增同会话消息。
+
+## 2. 实现
+
+### 2.1 MessageService 引入身份活性校验
+
+- 更新：`packages/node/src/services/message-service.ts`
+- 新增 `MessageIdentityService` 抽象：
+  - `assertActiveDid(rawDid)`
+- `send()` 新增强校验：
+  - 先验证 DID 格式；
+  - 再调用 `identityService.assertActiveDid(senderDid)`；
+  - revoked/inactive 直接抛错并阻断发送。
+
+### 2.2 运行时接入 ClawIdentity 适配器
+
+- 更新：`packages/node/src/app.ts`
+- 在 `TelagentNode` 内将 `IdentityAdapterService` 注入 `MessageService`。
+- 结果：线上路径默认执行链上身份活性校验，revoked DID 无法继续发消息。
+
+### 2.3 自动化验证
+
+- 更新测试：`packages/node/src/services/message-service.test.ts`
+  - 用例：`TA-P11-007 revoked DID cannot continue sending new messages`
+  - 覆盖“撤销前可发、撤销后拒绝、会话消息不新增”三段行为。
+- 新增脚本：`packages/node/scripts/run-phase11-revoked-did-session-check.ts`
+  - 产出机读清单，供 Gate 复核。
+
+## 3. 执行命令
+
+```bash
+pnpm --filter @telagent/node build
+pnpm --filter @telagent/node test
+pnpm --filter @telagent/node exec tsx scripts/run-phase11-revoked-did-session-check.ts
+```
+
+## 4. 证据
+
+- 代码：
+  - `packages/node/src/services/message-service.ts`
+  - `packages/node/src/services/message-service.test.ts`
+  - `packages/node/src/app.ts`
+  - `packages/node/scripts/run-phase11-revoked-did-session-check.ts`
+- 日志：
+  - `docs/implementation/phase-11/logs/2026-03-03-p11-node-build.txt`
+  - `docs/implementation/phase-11/logs/2026-03-03-p11-node-test.txt`
+  - `docs/implementation/phase-11/logs/2026-03-03-p11-revoked-did-session-check-run.txt`
+- 清单：
+  - `docs/implementation/phase-11/manifests/2026-03-03-p11-revoked-did-session-check.json`
+
+## 5. 结论
+
+- `TA-P11-007`：PASS
+- revoked DID 已被纳入消息发送前强校验，撤销后无法继续发送新消息，满足“会话失效链路”验收标准。

docs/implementation/telagent-v1-iteration-board.md

@@ -202,7 +202,8 @@
 - 已完成：`TA-P11-004`（联邦互信 pinning 与轮换策略）
 - 已完成：`TA-P11-005`（联邦 DLQ 与重放工具链）
 - 已完成：`TA-P11-006`（Signal/MLS 密钥生命周期管理）
-- 下一批 Ready：继续 Phase 11 执行（优先 `TA-P11-007` ~ `TA-P11-008`）
+- 已完成：`TA-P11-007`（revoked DID 会话失效链路）
+- 下一批 Ready：继续 Phase 11 执行（优先 `TA-P11-008` ~ `TA-P11-009`）
 
 ## 4.2 Blockers（2026-03-03 更新）
 
@@ -343,7 +344,7 @@
 - `TA-P11-004`：DONE（联邦互信 pinning 与轮换，见 `docs/implementation/phase-11/ta-p11-004-federation-pinning-rotation-2026-03-03.md`）。
 - `TA-P11-005`：DONE（联邦 DLQ 与重放工具链，见 `docs/implementation/phase-11/ta-p11-005-federation-dlq-replay-toolchain-2026-03-03.md`）。
 - `TA-P11-006`：DONE（Signal/MLS 密钥生命周期管理，见 `docs/implementation/phase-11/ta-p11-006-signal-mls-key-lifecycle-2026-03-03.md`）。
-- `TA-P11-007`：TODO（revoked DID 会话失效链路）。
+- `TA-P11-007`：DONE（revoked DID 会话失效链路，见 `docs/implementation/phase-11/ta-p11-007-revoked-did-session-invalidation-2026-03-03.md`）。
 - `TA-P11-008`：TODO（Agent SDK TypeScript v0）。
 - `TA-P11-009`：TODO（Web Console v2 运营能力增强）。
 - `TA-P11-010`：TODO（Phase 11 Gate 收口）。