Kaysentinel / PCAL + Sentinel
A post-execution authorization framework for state-machine systems (e.g. Ethereum-class runtimes). Kaysentinel lifts execution traces into a canonical Structural Sufficient Representation (SSR) and evaluates policy purely over that quotient space, so authorization decisions are provably independent of which client (Geth, Reth, ...) produced the trace.
Status: conceptual specification + differential-test harness skeleton. There is not yet a working Geth/Reth extractor implementation β the theorems below describe the target invariants that any implementation must satisfy, they are not machine-checked proofs.
Repo contents
docs/framework.mdβ full formal spec: execution model, SSR canonical form, authorization/factorization theory, multi-client portability theorem, gating semantics, complexity model.docs/differential_testing.mdβ the differential testing engine design used to check byte-level convergence between a Geth-side and Reth-side SSR extractor.docs/implementation_roadmap.mdβ concrete engineering tasks (Phase 1β3) to turn the spec into a working implementation.- Curated test fixtures now live in a separate dataset repo:
Sahek/kaysentinel-fixtures. scripts/verify_ssr.pyβ standalone verifier that hashes and byte-diffs two SSZ-encoded SSR outputs.tests/transient_storage_case.jsonβ example test vector (EIP-1153 transient storage + reentrancy rollback).
Roadmap
Nothing below is implemented yet. See docs/implementation_roadmap.md for the full phased task breakdown (SSZ schema, Go/Rust extractors, CI pipeline). Short version:
Phase 1 β Canonical type system
- SSZ schema + Go/Rust serialization libraries
Phase 2 β Client extractors
- Geth-side extractor (
StateDBjournal hook) - Reth-side extractor (
BundleStatehook)
Phase 3 β Differential testing infrastructure
- Verification harness (
scripts/verify_ssr.py) β comparison logic only, done - Test runner environment + GitHub Actions CI
License
MIT β see LICENSE.