Sync Contract

:::info Source Sourced from services/certification-service/SYNC_CONTRACT.md in the documentation repo. :::

1. Applicability

Certificates are read-replicable offline (learner sees earned certs). OfflineIssuanceClaim is push-only (client creates → server verifies).

2. Registration

{ service: 'certification', entityType: 'Certificate', conflictPolicy: 'server_authoritative', deltaProjector: 'certs_by_user', pushHandler: 'none', versionField: 'issuedAt', schemaRef: 'schemas://certification/certificate/v1' }
{ service: 'certification', entityType: 'OfflineIssuanceClaim', conflictPolicy: 'append_only', deltaProjector: 'claims_by_user', pushHandler: 'SubmitClaim', versionField: 'claimedAt', schemaRef: 'schemas://certification/offline_claim/v1' }

3. Delta Format

{
  "cursor": { "lamport": 12, "scope": "certification:user:u_01H..." },
  "upserts": { "Certificate": [ ... ] },
  "deletes": { "Certificate": [ /* revoked → still present with state='revoked' */ ] }
}

4. Conflict Resolution

Certificate: server_authoritative. Client never edits.
OfflineIssuanceClaim: append_only. Each claim has unique ULID.

5. Cursor

Scope certification:user:{userId}. Advances on issued/revoked.

6. LocalStore

certificates: (id PK, userId, courseId, state, issuedAt, verificationToken, artifactsCache)
offline_claims_outbox: (id PK, clientMutationId, payload, createdAt, pushedAt?)

Artifacts (PDF) cached for offline viewing. Downloaded via signed URLs when online.

7. Offline Issuance Flow

Learner completes offline via PlayPackage:
Local player verifies completion criteria.
Local signature over (attemptId, completedAt, score) using bundle key.
Certificate draft rendered locally from cached template (not verifiable yet).
OfflineIssuanceClaim queued.
On reconnect: claim pushed.
Server verifies local signature against bundle key; verifies completion via progress-service.
If valid: issue Certificate with evidence including local signature.
Sync back to device; local preview replaced with verified certificate.
If invalid: reject; learner sees reason (rare — usually clock skew or tamper).

8. Security

OfflineIssuanceClaim signature verified server-side against bundle key.
Claim rejected if attempt not found in progress-service or completion time suspicious.
No race on duplicate claims: (tenant_id, enrollment_id, course_version_id) unique constraint on resulting Certificate.

9. Background Sync

On reconnect, claims pushed first (critical path for learners).
New certificates pulled in batch per user.

1. Applicability​

2. Registration​

3. Delta Format​

4. Conflict Resolution​

5. Cursor​

6. LocalStore​

7. Offline Issuance Flow​

8. Security​

9. Background Sync​