Category: spec-conformance Severity: major
Location: src/Runtime/ARCPRuntime.php:84-135
Spec: ARCP v1.1 §14
What
§14 Credential revocation reliability: 'Runtimes MUST treat revocation as a durability concern: persist outstanding credential IDs, retry revocation across runtime restarts, and surface unrevocable credentials to operators.' The constructor enforces a durable store but never calls CredentialStore::outstanding() — after a restart, previously-issued credential IDs are not replayed through the provisioner.
Evidence
$this->credentials = $credentialStore ?? new InMemoryCredentialStore();
if (
$this->credentialProvisioner instanceof CredentialProvisioner
&& !$this->credentials->supportsDurableRevocation()
) {
throw new \InvalidArgumentException('provisioned credentials require a durable revocation store');
}Proposed fix
On ARCPRuntime construction (when a CredentialProvisioner is configured), iterate $credentialStore->outstanding() and invoke a retrying revoke for each entry, removing it from the store on success and surfacing permanent failures.
Acceptance criteria
Category: spec-conformance Severity: major
Location:
src/Runtime/ARCPRuntime.php:84-135Spec: ARCP v1.1 §14
What
§14 Credential revocation reliability: 'Runtimes MUST treat revocation as a durability concern: persist outstanding credential IDs, retry revocation across runtime restarts, and surface unrevocable credentials to operators.' The constructor enforces a durable store but never calls CredentialStore::outstanding() — after a restart, previously-issued credential IDs are not replayed through the provisioner.
Evidence
Proposed fix
On ARCPRuntime construction (when a CredentialProvisioner is configured), iterate $credentialStore->outstanding() and invoke a retrying revoke for each entry, removing it from the store on success and surfacing permanent failures.
Acceptance criteria