Merge branch 'main' of https://git.stella-ops.org/stella-ops.org/git.stella-ops.org

src/Attestor/POE_PREDICATE_SPEC.md

@@ -726,8 +726,8 @@ Status: VERIFIED
 - **Sprint:** `docs/implplan/SPRINT_3500_0001_0001_proof_of_exposure_mvp.md`
 - **Advisory:** `docs/product-advisories/23-Dec-2026 - Binary Mapping as Attestable Proof.md`
 - **Subgraph Extraction:** `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/SUBGRAPH_EXTRACTION.md`
-- **Function-Level Evidence:** `docs/reachability/function-level-evidence.md`
-- **Hybrid Attestation:** `docs/reachability/hybrid-attestation.md`
+- **Function-Level Evidence:** `docs/modules/reach-graph/guides/function-level-evidence.md`
+- **Hybrid Attestation:** `docs/modules/reach-graph/guides/hybrid-attestation.md`
 - **DSSE Spec:** https://github.com/secure-systems-lab/dsse
 
 ---

src/Attestor/StellaOps.Attestation.Tests/TASKS.md

@@ -5,6 +5,6 @@ Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.
 
 | Task ID | Status | Notes |
 | --- | --- | --- |
-| AUDIT-0044-M | DONE | Maintainability audit for StellaOps.Attestation.Tests. |
-| AUDIT-0044-T | DONE | Test coverage audit for StellaOps.Attestation.Tests. |
-| AUDIT-0044-A | TODO | Pending approval for changes. |
+| AUDIT-0044-M | DONE | Revalidated maintainability for StellaOps.Attestation.Tests (2026-01-06). |
+| AUDIT-0044-T | DONE | Revalidated test coverage for StellaOps.Attestation.Tests (2026-01-06). |
+| AUDIT-0044-A | DONE | Waived (test project). |

src/Attestor/StellaOps.Attestation/TASKS.md

@@ -5,6 +5,6 @@ Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.
 
 | Task ID | Status | Notes |
 | --- | --- | --- |
-| AUDIT-0043-M | DONE | Maintainability audit for StellaOps.Attestation. |
-| AUDIT-0043-T | DONE | Test coverage audit for StellaOps.Attestation. |
-| AUDIT-0043-A | DONE | Applied DSSE payloadType alignment and base64 validation with tests. |
+| AUDIT-0043-M | DONE | Revalidated maintainability for StellaOps.Attestation (2026-01-06). |
+| AUDIT-0043-T | DONE | Revalidated test coverage for StellaOps.Attestation (2026-01-06). |
+| AUDIT-0043-A | TODO | Open findings from revalidation (canonical JSON for DSSE payloads). |

src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core.Tests/TASKS.md

@@ -5,6 +5,6 @@ Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.
 
 | Task ID | Status | Notes |
 | --- | --- | --- |
-| AUDIT-0050-M | DONE | Maintainability audit for StellaOps.Attestor.Core.Tests. |
-| AUDIT-0050-T | DONE | Test coverage audit for StellaOps.Attestor.Core.Tests. |
-| AUDIT-0050-A | TODO | Pending approval for changes. |
+| AUDIT-0050-M | DONE | Revalidated maintainability for StellaOps.Attestor.Core.Tests. |
+| AUDIT-0050-T | DONE | Revalidated test coverage for StellaOps.Attestor.Core.Tests. |
+| AUDIT-0050-A | DONE | Waived (test project; revalidated 2026-01-06). |

src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/TASKS.md

@@ -5,6 +5,6 @@ Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.
 
 | Task ID | Status | Notes |
 | --- | --- | --- |
-| AUDIT-0049-M | DONE | Maintainability audit for StellaOps.Attestor.Core. |
-| AUDIT-0049-T | DONE | Test coverage audit for StellaOps.Attestor.Core. |
-| AUDIT-0049-A | DONE | Applied audit fixes + tests. |
+| AUDIT-0049-M | DONE | Revalidated maintainability for StellaOps.Attestor.Core. |
+| AUDIT-0049-T | DONE | Revalidated test coverage for StellaOps.Attestor.Core. |
+| AUDIT-0049-A | TODO | Reopened on revalidation; address canonicalization, time/ID determinism, and Ed25519 gaps. |

src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/appsettings.Testing.json

@@ -0,0 +1,21 @@
+{
+  "EvidenceLocker": {
+    "BaseUrl": "http://localhost:5200"
+  },
+  "attestor": {
+    "s3": {
+      "enabled": false
+    },
+    "postgres": {
+      "connectionString": "Host=localhost;Port=5432;Database=attestor-tests"
+    },
+    "redis": {
+      "url": ""
+    }
+  },
+  "Logging": {
+    "LogLevel": {
+      "Default": "Warning"
+    }
+  }
+}

src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/appsettings.json

@@ -0,0 +1,26 @@
+{
+  "EvidenceLocker": {
+    "BaseUrl": "http://localhost:5200"
+  },
+  "attestor": {
+    "s3": {
+      "enabled": false,
+      "bucket": "attestor",
+      "endpoint": "http://localhost:9000",
+      "useTls": false
+    },
+    "postgres": {
+      "connectionString": "Host=localhost;Port=5432;Database=attestor",
+      "database": "attestor"
+    },
+    "redis": {
+      "url": ""
+    }
+  },
+  "Logging": {
+    "LogLevel": {
+      "Default": "Information",
+      "Microsoft.AspNetCore": "Warning"
+    }
+  }
+}

src/Attestor/__Libraries/StellaOps.Attestor.Bundle/TASKS.md

@@ -5,6 +5,6 @@ Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.
 
 | Task ID | Status | Notes |
 | --- | --- | --- |
-| AUDIT-0045-M | DONE | Maintainability audit for StellaOps.Attestor.Bundle. |
-| AUDIT-0045-T | DONE | Test coverage audit for StellaOps.Attestor.Bundle. |
-| AUDIT-0045-A | DONE | Applied bundle validation hardening, verifier fixes, and test coverage. |
+| AUDIT-0045-M | DONE | Revalidated maintainability for StellaOps.Attestor.Bundle (2026-01-06). |
+| AUDIT-0045-T | DONE | Revalidated test coverage for StellaOps.Attestor.Bundle (2026-01-06). |
+| AUDIT-0045-A | TODO | Open findings from revalidation (verification time/trust roots/checkpoint validation). |

src/Attestor/__Libraries/StellaOps.Attestor.Bundling/TASKS.md

@@ -5,6 +5,6 @@ Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.
 
 | Task ID | Status | Notes |
 | --- | --- | --- |
-| AUDIT-0047-M | DONE | Maintainability audit for StellaOps.Attestor.Bundling. |
-| AUDIT-0047-T | DONE | Test coverage audit for StellaOps.Attestor.Bundling. |
-| AUDIT-0047-A | DONE | Applied bundling validation, defaults, and test coverage updates. |
+| AUDIT-0047-M | DONE | Revalidated maintainability for StellaOps.Attestor.Bundling. |
+| AUDIT-0047-T | DONE | Revalidated test coverage for StellaOps.Attestor.Bundling. |
+| AUDIT-0047-A | TODO | Reopened on revalidation; address signing time determinism and offline export ordering/collision risks. |

src/Attestor/__Tests/StellaOps.Attestor.Bundle.Tests/TASKS.md

@@ -5,6 +5,6 @@ Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.
 
 | Task ID | Status | Notes |
 | --- | --- | --- |
-| AUDIT-0046-M | DONE | Maintainability audit for StellaOps.Attestor.Bundle.Tests. |
-| AUDIT-0046-T | DONE | Test coverage audit for StellaOps.Attestor.Bundle.Tests. |
-| AUDIT-0046-A | TODO | Pending approval for changes. |
+| AUDIT-0046-M | DONE | Revalidated maintainability for StellaOps.Attestor.Bundle.Tests (2026-01-06). |
+| AUDIT-0046-T | DONE | Revalidated test coverage for StellaOps.Attestor.Bundle.Tests (2026-01-06). |
+| AUDIT-0046-A | DONE | Waived (test project). |

src/Attestor/__Tests/StellaOps.Attestor.Bundling.Tests/TASKS.md

@@ -5,6 +5,6 @@ Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.
 
 | Task ID | Status | Notes |
 | --- | --- | --- |
-| AUDIT-0048-M | DONE | Maintainability audit for StellaOps.Attestor.Bundling.Tests. |
-| AUDIT-0048-T | DONE | Test coverage audit for StellaOps.Attestor.Bundling.Tests. |
-| AUDIT-0048-A | TODO | Pending approval for changes. |
+| AUDIT-0048-M | DONE | Revalidated maintainability for StellaOps.Attestor.Bundling.Tests. |
+| AUDIT-0048-T | DONE | Revalidated test coverage for StellaOps.Attestor.Bundling.Tests. |
+| AUDIT-0048-A | DONE | Waived (test project; revalidated 2026-01-06). |

src/Attestor/__Tests/StellaOps.Attestor.Oci.Tests/OciAttestationAttacherIntegrationTests.cs

@@ -98,7 +98,8 @@ public sealed class OciAttestationAttacherIntegrationTests : IAsyncLifetime
             Digest = "sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
         };
 
-        var predicateType = "stellaops.io/predicates/scan-result@v1";
+        // Predicate type for attestation fetch
+        _ = "stellaops.io/predicates/scan-result@v1";
 
         // Act & Assert
         // Would fetch specific attestation by predicate type
@@ -119,7 +120,8 @@ public sealed class OciAttestationAttacherIntegrationTests : IAsyncLifetime
             Digest = "sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
         };
 
-        var attestationDigest = "sha256:attestation-digest-placeholder";
+        // Attestation digest to remove
+        _ = "sha256:attestation-digest-placeholder";
 
         // Act & Assert
         // Would remove attestation from registry