The field server (src/offline/field_server.py) has a /sync/status endpoint that reports pending items but no actual sync mechanism.
Work Needed
src/offline/sync.py — sync client that pushes pending field notes and FOIA requests to the main API server- Sync must be explicitly triggered (never automatic)
- Authentication: field server authenticates to main API using investigator-tier key
- Conflict resolution: field notes are append-only, no conflicts
- FOIA requests: deduplicate by request_id on the receiving end
- After successful sync: mark items as synced in local DB, do NOT delete them
- Verify TLS certificate before syncing (reject self-signed certs in production)
Security
- Sync should refuse to run if the device is not on a trusted network (check operator confirmation)
- Consider one-way sync for field notes: push only, never pull investigation data to field device
- Log sync events to chain of custody log
Reference
- project-nomad README — Docker Compose patterns for offline server management
src/offline/field_server.py — current field server implementation
The field server (
src/offline/field_server.py) has a/sync/statusendpoint that reports pending items but no actual sync mechanism.Work Needed
src/offline/sync.py— sync client that pushes pending field notes and FOIA requests to the main API serverSecurity
Reference
src/offline/field_server.py— current field server implementation