feat: simplify archive size proof generation for publishers

- Publishers only need store ID - system auto-discovers root hash and size from .dig directory
- Include publisher's public key in proof for verification
- Auto-discover current root hash from store's Layer 0
- Auto-discover archive file size from filesystem
- Maintain full parameter requirement for verifiers (who don't have .dig files)
- Update README with simplified publisher workflow vs full verifier workflow

Author: MichaelTaylor3D

README.md

@@ -269,7 +269,7 @@ urn:dig:chia:a3f5c8d9e2b1f4a6c9d8e7f2a5b8c1d4e7f0a3b6c9d2e5f8b1c4d7e0a3b6c9d2/vi
 |---------|-------------|---------|
 | `proof generate` | Generate merkle proof | `digstore proof generate file.txt --bytes 0-1023` |
 | `proof verify` | Verify a merkle proof | `digstore proof verify proof.json --verbose` |
-| `proof generate-archive-size` | Generate tamper-proof archive size proof | `digstore proof generate-archive-size STORE_ID ROOT_HASH SIZE` |
+| `proof generate-archive-size` | Generate tamper-proof archive size proof | `digstore proof generate-archive-size STORE_ID` |
 | `proof verify-archive-size` | Verify archive size proof without file access | `digstore proof verify-archive-size proof.txt STORE_ID ROOT_HASH SIZE` |
 
 ### Command Options
@@ -314,8 +314,10 @@ digstore get urn:dig:chia:STORE_ID/file.txt
 digstore proof generate file.txt -o proof.json
 digstore proof verify proof.json
 
-# Generate archive size proof (tamper-proof, no file download needed)
-digstore proof generate-archive-size STORE_ID ROOT_HASH SIZE -o size_proof.txt
+# Generate archive size proof (tamper-proof, no file download needed)  
+# Publisher only needs store ID - system auto-discovers root hash and size
+digstore proof generate-archive-size STORE_ID -o size_proof.txt
+# Verifier needs all parameters since they don't have the .dig files
 digstore proof verify-archive-size --from-file size_proof.txt STORE_ID ROOT_HASH SIZE
 ```
 
@@ -351,12 +353,13 @@ digstore staged diff --stat
 digstore get "urn:dig:chia:invalid-store/fake.txt"  # Returns random data, not error
 
 # Archive size proofs (prove file size without downloading)
-digstore proof generate-archive-size 9baeb47a392476fe88266b579bf343f3af5f75c7633e25a722a89a6d7b47a2bd \
-  e9254d8982b7a15a1dbdac05a99129df67880e37b43e5481dcf667aeca04fd4e \
-  2544 --verbose --show-compression  # Outputs compressed hex proof to stdout
+# Publisher: Only needs store ID (auto-discovers root hash, size, includes public key)
+digstore proof generate-archive-size bf9dfeba76de1daa2c1674260efbb9a7b5effc251213fd90241b37d547528102 \
+  --verbose --show-compression  # Outputs compressed hex proof to stdout
 
-# Verify size proof (no file access required)
-digstore proof verify-archive-size proof.txt STORE_ID ROOT_HASH SIZE --verbose
+# Verifier: Needs all parameters (doesn't have .dig files to inspect)
+digstore proof verify-archive-size proof.txt bf9dfeba76de1daa2c1674260efbb9a7b5effc251213fd90241b37d547528102 \
+  beec453fffccaf57d3938d3015e8effda1cf71b027b45b3467052d96e31453b3 2544 --verbose
 
 # List all configuration (encrypted storage is enabled by default)
 digstore config --list

src/cli/commands/proof/generate_archive_size.rs

@@ -1,7 +1,9 @@
 //! Generate archive size proof command (moved from prove_archive_size.rs)
 
+use crate::config::global_config::{GlobalConfig, ConfigKey, ConfigValue};
 use crate::core::types::Hash;
 use crate::proofs::size_proof::ArchiveSizeProof;
+use crate::storage::{Store, dig_archive::get_archive_path};
 use anyhow::Result;
 use colored::Colorize;
 use std::io::Write;
@@ -10,8 +12,6 @@ use std::path::PathBuf;
 /// Execute the proof generate-archive-size command
 pub fn execute(
     store_id: String,
-    root_hash: String,
-    expected_size: u64,
     output: Option<PathBuf>,
     format: Option<String>,
     verbose: bool,
@@ -20,26 +20,65 @@ pub fn execute(
 ) -> Result<()> {
     println!("{}", "Generating tamper-proof archive size proof...".bright_blue());
 
-    // Parse store ID and root hash
+    // Parse store ID
     let store_id_hash = Hash::from_hex(&store_id)
         .map_err(|_| anyhow::anyhow!("Invalid store ID format: {}", store_id))?;
-    let root_hash_hash = Hash::from_hex(&root_hash)
-        .map_err(|_| anyhow::anyhow!("Invalid root hash format: {}", root_hash))?;
 
     if verbose {
         println!("  {} Store ID: {}", "•".cyan(), store_id);
-        println!("  {} Root Hash: {}", "•".cyan(), root_hash);
-        println!("  {} Expected Size: {} bytes", "•".cyan(), expected_size);
+        println!("  {} Auto-discovering parameters from .dig directory...", "•".cyan());
+    }
+    
+    // Load global configuration to get publisher's public key
+    let global_config = GlobalConfig::load().map_err(|e| {
+        anyhow::anyhow!("Failed to load global configuration: {}. Please set crypto.public_key using 'digstore config crypto.public_key <hex_key>'", e)
+    })?;
+    
+    let publisher_public_key = match global_config.get(&ConfigKey::CryptoPublicKey) {
+        Some(ConfigValue::String(pubkey)) => pubkey,
+        _ => {
+            return Err(anyhow::anyhow!(
+                "Publisher public key not configured. Please set it using:\n  digstore config crypto.public_key <32-byte-hex-key>"
+            ));
+        }
+    };
+    
+    if verbose {
+        println!("  {} Publisher public key: {}...", "•".cyan(), &publisher_public_key[..16]);
+    }
+    
+    // Open the store to get current root hash and archive size
+    let store = Store::open_global(&store_id_hash).map_err(|e| {
+        anyhow::anyhow!("Failed to open store {}: {}. Ensure the store exists in ~/.dig/", store_id, e)
+    })?;
+    
+    let current_root_hash = store.current_root.ok_or_else(|| {
+        anyhow::anyhow!("Store {} has no commits yet. Please commit some data first.", store_id)
+    })?;
+    
+    // Get the actual archive file size
+    let archive_path = get_archive_path(&store_id_hash)?;
+    let actual_file_size = std::fs::metadata(&archive_path)
+        .map_err(|e| anyhow::anyhow!("Failed to get archive file size: {}", e))?
+        .len();
+    
+    if verbose {
+        println!("  {} Current root hash: {}", "•".cyan(), current_root_hash.to_hex());
+        println!("  {} Archive file size: {} bytes", "•".cyan(), actual_file_size);
         println!();
     }
 
-    // Generate the proof
-    let proof = match ArchiveSizeProof::generate(&store_id_hash, &root_hash_hash, expected_size) {
-        Ok(proof) => {
+    // Generate the proof with auto-discovered parameters
+    let proof = match ArchiveSizeProof::generate(&store_id_hash, &current_root_hash, actual_file_size) {
+        Ok(mut proof) => {
+            // Include publisher's public key in the proof for verification
+            proof.publisher_public_key = Some(publisher_public_key.clone());
+            
             if verbose {
                 println!("  {} Archive located and verified", "✓".green());
                 println!("  {} Layer count: {}", "•".cyan(), proof.verified_layer_count);
                 println!("  {} Calculated size: {} bytes", "•".cyan(), proof.calculated_total_size);
+                println!("  {} Publisher key included in proof", "•".cyan());
             }
             proof
         }

src/cli/mod.rs

@@ -586,12 +586,8 @@ pub enum ProofCommands {
     /// Generate tamper-proof archive size proof
     #[command(name = "generate-archive-size")]
     GenerateArchiveSize {
-        /// Store ID (32-byte hex)
+        /// Store ID (32-byte hex) - system will auto-discover root hash and size
         store_id: String,
-        /// Root hash (32-byte hex) 
-        root_hash: String,
-        /// Expected size in bytes
-        expected_size: u64,
         /// Output file (default: stdout)
         #[arg(short, long)]
         output: Option<PathBuf>,

src/main.rs

@@ -211,15 +211,13 @@ fn main() -> Result<()> {
             } => cli::commands::proof::execute_verify(proof, target, root, verbose, from_stdin),
             ProofCommands::GenerateArchiveSize {
                 store_id,
-                root_hash,
-                expected_size,
                 output,
                 format,
                 verbose,
                 show_compression,
                 json,
             } => cli::commands::proof::execute_generate_archive_size(
-                store_id, root_hash, expected_size, output, format, verbose, show_compression, json
+                store_id, output, format, verbose, show_compression, json
             ),
             ProofCommands::VerifyArchiveSize {
                 proof,

src/proofs/size_proof.rs

@@ -27,6 +27,8 @@ pub struct ArchiveSizeProof {
     pub layer_size_tree_root: Hash,
     /// Integrity proofs to prevent tampering
     pub integrity_proofs: IntegrityProofs,
+    /// Publisher's public key (included by proof generator, verified by verifier)
+    pub publisher_public_key: Option<String>,
 }
 
 /// Integrity proofs to verify archive structure
@@ -59,6 +61,9 @@ pub struct CompressedSizeProof {
     pub proof_path_length: u8,         // 1 byte: Number of proof elements
     pub proof_path: Vec<ProofElement>, // Variable: Merkle proof path
 
+    // Publisher verification (32 bytes)
+    pub publisher_public_key: [u8; 32], // 32 bytes: Publisher's public key
+    
     // Integrity verification (96 bytes)
     pub header_hash: [u8; 32],         // 32 bytes: Archive header hash
     pub index_hash: [u8; 32],          // 32 bytes: Layer index hash  
@@ -147,6 +152,7 @@ impl ArchiveSizeProof {
             layer_sizes,
             layer_size_tree_root: layer_size_tree.root(),
             integrity_proofs,
+            publisher_public_key: None, // Will be set by CLI command
         })
     }
 
@@ -229,6 +235,16 @@ impl CompressedSizeProof {
             }
         ];
 
+        // Convert publisher public key from hex string to bytes
+        let mut publisher_key_bytes = [0u8; 32];
+        if let Some(ref pubkey_hex) = proof.publisher_public_key {
+            if let Ok(pubkey_bytes) = hex::decode(pubkey_hex) {
+                if pubkey_bytes.len() == 32 {
+                    publisher_key_bytes.copy_from_slice(&pubkey_bytes);
+                }
+            }
+        }
+        
         Ok(Self {
             version: 1,
             store_id: *proof.store_id.as_bytes(),
@@ -238,6 +254,7 @@ impl CompressedSizeProof {
             merkle_tree_root: *proof.layer_size_tree_root.as_bytes(),
             proof_path_length: proof_path.len() as u8,
             proof_path,
+            publisher_public_key: publisher_key_bytes,
             header_hash: *proof.integrity_proofs.archive_header_hash.as_bytes(),
             index_hash: *proof.integrity_proofs.layer_index_hash.as_bytes(),
             first_layer_hash: *proof.integrity_proofs.first_layer_content_hash.as_bytes(),
@@ -265,7 +282,10 @@ impl CompressedSizeProof {
             buffer.push(element.position);
         }
 
-        // 4. Integrity proofs (96 bytes)
+        // 4. Publisher public key (32 bytes)
+        buffer.extend_from_slice(&self.publisher_public_key);
+        
+        // 5. Integrity proofs (96 bytes)
         buffer.extend_from_slice(&self.header_hash);
         buffer.extend_from_slice(&self.index_hash);
         buffer.extend_from_slice(&self.first_layer_hash);
@@ -284,7 +304,7 @@ impl CompressedSizeProof {
         let buffer = zstd::decode_all(&compressed[..])
             .map_err(|e| DigstoreError::internal(format!("Decompression failed: {}", e)))?;
 
-        if buffer.len() < 110 {
+        if buffer.len() < 142 {  // 110 + 32 for publisher public key
             return Err(DigstoreError::internal("Proof too short"));
         }
 
@@ -324,7 +344,16 @@ impl CompressedSizeProof {
             offset += 33;
         }
 
-        // 5. Parse integrity proofs
+        // 5. Parse publisher public key (32 bytes)
+        if offset + 32 > buffer.len() {
+            return Err(DigstoreError::internal("Publisher public key extends beyond buffer"));
+        }
+        
+        let mut publisher_public_key = [0u8; 32];
+        publisher_public_key.copy_from_slice(&buffer[offset..offset + 32]);
+        offset += 32;
+        
+        // 6. Parse integrity proofs (96 bytes)
         if offset + 96 > buffer.len() {
             return Err(DigstoreError::internal("Integrity proofs extend beyond buffer"));
         }
@@ -345,6 +374,7 @@ impl CompressedSizeProof {
             merkle_tree_root,
             proof_path_length,
             proof_path,
+            publisher_public_key,
             header_hash,
             index_hash,
             first_layer_hash,
@@ -356,6 +386,13 @@ impl CompressedSizeProof {
         // For simplified verification, create minimal layer sizes that sum to total
         let layer_sizes = vec![self.total_size / 2, self.total_size - (self.total_size / 2)]; // Split into 2 layers
 
+        // Convert publisher public key back to hex string
+        let publisher_public_key = if self.publisher_public_key != [0u8; 32] {
+            Some(hex::encode(&self.publisher_public_key))
+        } else {
+            None
+        };
+        
         Ok(ArchiveSizeProof {
             store_id: Hash::from_bytes(self.store_id),
             root_hash: Hash::from_bytes(self.root_hash),
@@ -370,6 +407,7 @@ impl CompressedSizeProof {
                 first_layer_content_hash: Hash::from_bytes(self.first_layer_hash),
                 last_layer_content_hash: Hash::from_bytes(self.first_layer_hash), // Simplified
             },
+            publisher_public_key,
         })
     }
 }