// NAC公链宪法增补条款 - 多辖区节点共享规则
// Issue #70 | 版本: 1.0 | 共 9 条增补条款（A44-A52）
// 基于《NAC公链多辖区节点共享方案与技术落地白皮书》v1.0
// 制定方：NAC 核心协议工程组 · 多司法辖区工作组
// 发布日期：2026-03-07
// 关联文档：amendments.cnnl（A01-A43）、nac-multi-jurisdiction 模块

program NacNodeSharingClauses
  name: "NAC公链多辖区节点共享宪法条款"
  version: "1.0.0"
  description: "9条多辖区节点共享宪法条款（A44-A52），规范物理共享与逻辑隔离"

// ============================================================
// 第七章：多辖区节点共享条款（A44-A52）
// ============================================================

// --- 战略级条款（Strategic Tier）---

clause A44_NodeSharing
  name: "多辖区节点物理共享许可"
  tier: Strategic
  clause_index: 101
  description: "允许不同辖区节点共享物理基础设施（数据中心、云平台、硬件集群），
                但必须通过容器化/虚拟化技术保持逻辑强隔离，确保各辖区规则互不干扰"
  predicate: node.physical_shared implies node.logical_isolated == true
  obligation: system.enforce_node_logical_isolation per_block
  violation_action: reject_block
  test: A44_test_node_sharing_isolation
  references: ["多辖区节点共享白皮书 §3.2", "宪法层规范 §NODE_SHARING"]

clause A45_CrossJurisdictionConsensus
  name: "跨辖区区块生产双CR强制"
  tier: Strategic
  clause_index: 102
  description: "跨辖区区块生产时，区块头必须包含 jurisdiction_merkle_root 字段，
                该字段为区块内所有跨辖区交易的宪法收据（CR）哈希的默克尔树根；
                每笔跨辖区交易必须附带源辖区和目标辖区的双CR"
  predicate: block.has_cross_jurisdiction_tx implies
             block.header.jurisdiction_merkle_root != null
  obligation: cbpp.include_jurisdiction_merkle_root per_block
  violation_action: reject_block
  test: A45_test_cross_jurisdiction_consensus
  references: ["多辖区节点共享白皮书 §3.4", "CBPP协议扩展规范"]

clause A46_ResourceAllocationByCouncil
  name: "共享资源辖区协商分配"
  tier: Strategic
  clause_index: 103
  description: "共享物理资源（CPU、内存、带宽、存储）的分配方案必须由辖区协商委员会
                （JurisdictionCouncil）通过法定人数投票决定（≥67%），
                并将分配结果写入宪法附录，不得由单一辖区单方面决定"
  predicate: resource.allocation_method == "council_vote" and
             resource.council_quorum >= 6700
  obligation: governance.require_council_vote_for_resource_change per_epoch
  violation_action: revert_allocation
  test: A46_test_resource_allocation_council
  references: ["多辖区节点共享白皮书 §5.2", "辖区协商机制规范"]

// --- 战术级条款（Tactical Tier）---

clause A47_NodeIdentityJurisdictionBinding
  name: "节点身份辖区绑定强制"
  tier: Tactical
  clause_index: 1001
  description: "每个节点在GIDS注册时，其DID必须绑定明确的司法辖区（jurisdiction字段），
                并提供该辖区政府或监管机构的数字签名（jurisdiction_proof）作为证明；
                节点加载的规则插件哈希（plugin_hashes）必须与GIDS记录一致"
  predicate: node.did != "" and
             node.jurisdiction != 0 and
             node.jurisdiction_proof.valid == true and
             node.plugin_hashes == gids.get_plugin_hashes(node.did)
  obligation: gids.verify_node_jurisdiction_binding per_block
  violation_action: reject_node_registration
  test: A47_test_node_identity_binding
  references: ["多辖区节点共享白皮书 §3.1", "GIDS增强规范"]

clause A48_WasmPluginSandbox
  name: "WASM规则插件沙箱执行强制"
  tier: Tactical
  clause_index: 1002
  description: "辖区规则插件必须以WASM模块形式在沙箱中执行，
                沙箱必须满足：无主机文件系统/网络访问、
                执行时间上限10ms、内存上限64MB；
                插件哈希必须存储在IPFS并上链验证"
  predicate: plugin.execution_env == "WASM_SANDBOX" and
             plugin.max_execution_ms <= 10 and
             plugin.max_memory_mb <= 64 and
             plugin.hash_on_chain == true
  obligation: system.enforce_wasm_sandbox_limits per_block
  violation_action: terminate_plugin_execution
  test: A48_test_wasm_sandbox
  references: ["多辖区节点共享白皮书 §3.3", "WASM沙箱安全规范"]

clause A49_CeeSharedCluster
  name: "CEE节点跨辖区共享验证"
  tier: Tactical
  clause_index: 1003
  description: "宪法执行引擎（CEE）节点可配置为同时支持多个辖区的验证逻辑，
                通过并行调用所有相关辖区插件并汇总结果，签发多签名宪法收据（CR）；
                CEE节点必须通过GIDS中的负载均衡列表选择，防止单点故障"
  predicate: cee.supports_multi_jurisdiction == true and
             cee.parallel_plugin_execution == true and
             cee.registered_in_gids == true
  obligation: cee.enable_multi_jurisdiction_verification per_block
  violation_action: fallback_to_single_jurisdiction_cee
  test: A49_test_cee_shared_cluster
  references: ["多辖区节点共享白皮书 §3.6", "CEE集群规范"]

clause A50_JurisdictionDisputeResolution
  name: "辖区争议宪法法院裁决"
  tier: Tactical
  clause_index: 1004
  description: "跨辖区节点争议（资源抢占、规则冲突、身份冒充等）必须提交至宪法法院裁决；
                宪法法院根据全球细则和辖区插件条款作出最终判决；
                判决结果通过链上投票确认后方可执行"
  predicate: dispute.resolution_path == "constitutional_court" and
             dispute.judgment_on_chain == true and
             dispute.chain_vote_confirmed == true
  obligation: governance.route_cross_jurisdiction_dispute_to_court per_epoch
  violation_action: freeze_disputed_resources
  test: A50_test_dispute_resolution
  references: ["多辖区节点共享白皮书 §5.3", "宪法法院裁决规范"]

clause A51_CsnpJurisdictionAwareRouting
  name: "CSNP辖区感知路由强制"
  tier: Tactical
  clause_index: 1005
  description: "CSNP网络层必须支持辖区感知路由：节点发送交易前查询目标地址辖区信息，
                跨辖区交易选择目标辖区中继节点转发；
                协议转换时必须保留原始CR作为证据"
  predicate: csnp.jurisdiction_aware_routing == true and
             csnp.cross_jurisdiction_relay == true and
             csnp.preserves_original_cr == true
  obligation: csnp.enforce_jurisdiction_aware_routing per_block
  violation_action: reject_non_compliant_routing
  test: A51_test_csnp_routing
  references: ["多辖区节点共享白皮书 §3.5", "CSNP扩展规范"]

clause A52_SharedStorageDataPrivacy
  name: "共享存储敏感数据加密"
  tier: Tactical
  clause_index: 1006
  description: "在物理共享存储环境中，敏感数据（法律文件哈希、KYC信息、辖区密钥）
                必须加密存储，仅授权节点可解密；
                区块链数据分片存储时必须通过冗余编码保证可用性（最低3副本）"
  predicate: storage.sensitive_data_encrypted == true and
             storage.authorized_access_only == true and
             storage.redundancy_copies >= 3
  obligation: storage.enforce_encryption_and_redundancy per_epoch
  violation_action: quarantine_unencrypted_data
  test: A52_test_shared_storage_privacy
  references: ["多辖区节点共享白皮书 §3.7", "§4 安全与隐私保护"]

// ============================================================
// 测试块
// ============================================================

test A44_test_node_sharing_isolation {
  // 物理共享节点必须有逻辑隔离标志
  assert node.physical_shared == true implies node.logical_isolated == true
  assert node.container_isolated == true
  assert node.network_namespace_isolated == true
}

test A45_test_cross_jurisdiction_consensus {
  // 跨辖区区块必须包含 jurisdiction_merkle_root
  assert block.has_cross_jurisdiction_tx == true implies
         block.header.jurisdiction_merkle_root != null
  // 跨辖区交易必须有双CR
  assert cross_tx.source_cr.valid == true
  assert cross_tx.target_cr.valid == true
}

test A46_test_resource_allocation_council {
  // 资源分配必须经过委员会投票
  assert resource.allocation_proposal.council_approved == true
  assert resource.allocation_proposal.vote_ratio >= 6700
}

test A47_test_node_identity_binding {
  // 节点DID必须绑定辖区
  assert node.did != ""
  assert node.jurisdiction != 0
  assert node.jurisdiction_proof.signature_valid == true
  assert node.plugin_hashes.len() > 0
}

test A48_test_wasm_sandbox {
  // WASM沙箱限制验证
  assert plugin.execution_env == "WASM_SANDBOX"
  assert plugin.max_execution_ms <= 10
  assert plugin.max_memory_mb <= 64
}

test A49_test_cee_shared_cluster {
  // CEE多辖区支持验证
  assert cee.supports_multi_jurisdiction == true
  assert cee.gids_registered == true
}

test A50_test_dispute_resolution {
  // 争议解决路径验证
  assert dispute.resolution_path == "constitutional_court"
}

test A51_test_csnp_routing {
  // CSNP辖区感知路由验证
  assert csnp.jurisdiction_aware_routing == true
  assert csnp.preserves_original_cr == true
}

test A52_test_shared_storage_privacy {
  // 共享存储加密验证
  assert storage.sensitive_data_encrypted == true
  assert storage.redundancy_copies >= 3
}