stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 12 Releases Wiki Activity

feat: Implement Filesystem and MongoDB provenance writers for PackRun execution context
Some checks failed
Airgap Sealed CI Smoke / sealed-smoke (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Export Center CI / export-ci (push) Has been cancelled
Details

Browse Source 
- Added `FilesystemPackRunProvenanceWriter` to write provenance manifests to the filesystem.
- Introduced `MongoPackRunArtifactReader` to read artifacts from MongoDB.
- Created `MongoPackRunProvenanceWriter` to store provenance manifests in MongoDB.
- Developed unit tests for filesystem and MongoDB provenance writers.
- Established `ITimelineEventStore` and `ITimelineIngestionService` interfaces for timeline event handling.
- Implemented `TimelineIngestionService` to validate and persist timeline events with hashing.
- Created PostgreSQL schema and migration scripts for timeline indexing.
- Added dependency injection support for timeline indexer services.
- Developed tests for timeline ingestion and schema validation.
This commit is contained in:
StellaOps Bot
2025-11-30 15:38:14 +02:00
parent 8f54ffa203
commit 17d45a6d30
276 changed files with 8618 additions and 688 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
docs/modules/attestor/operations/dashboards/attestor-observability.json Normal file
View File

@@ -0,0 +1,6 @@
{
"_note": "Placeholder Grafana dashboard stub for Attestor. Replace panels when metrics endpoints are available; keep offline-import friendly.",
"schemaVersion": 39,
"title": "Attestor Observability (stub)",
"panels": []
}

39
docs/modules/attestor/operations/observability.md Normal file
View File

@@ -0,0 +1,39 @@
# Attestor observability runbook (stub · 2025-11-29 demo)
## Dashboards (offline import)
- Grafana JSON: `docs/modules/attestor/operations/dashboards/attestor-observability.json` (import locally; no external data sources assumed).
- Planned panels: signing latency p95/p99, verification failure rate, transparency log submission lag, key rotation age, DSSE verification errors, queue depth/backlog, and attestation bundle size histogram.
## Key metrics
- `attestor_sign_latency_seconds_bucket` — signing latency per request.
- `attestor_verify_failures_total{reason}` — verification failures.
- `attestor_tlog_submission_latency_seconds_bucket` — transparency log latency.
- `attestor_key_rotation_age_seconds` — time since last rotation.
- `attestor_queue_backlog` — pending attestation jobs.
- `attestor_bundle_size_bytes_bucket` — bundle size distribution.
## Logs & traces
- Correlate by `correlationId`, `attestationId`, `tenant`, `keyId`. Include `policyVersion`, `tlogIndex`, and `rekorUrl` where applicable.
- Traces disabled by default for air-gap; enable by pointing OTLP exporter to on-prem collector.
## Health/diagnostics
- `/health/liveness` and `/health/readiness` check signer availability, tlog reachability, and storage.
- `/status` exposes build version, commit, feature flags; verify against offline bundle manifest.
- Verification probe: `POST /api/attestations/verify` with sample bundle once demo outputs land.
## Alert hints
- Signing latency p99 > 1s.
- Verification failure spikes.
- Transparency log submission lag > 10s.
- Key rotation age exceeding policy threshold.
- Queue backlog above configured threshold.
## Offline verification steps
1) Import Grafana JSON locally; point to Prometheus scrape labeled `attestor`.
2) Run sample verification once demo bundle available and confirm metrics/logs emit locally.
3) Fetch `/status` and compare commit/version to offline bundle manifest.
## Evidence locations
- Sprint tracker: `docs/implplan/SPRINT_0313_0001_0001_docs_modules_attestor.md`.
- Module docs: `README.md`, `architecture.md`, `implementation_plan.md`.
- Dashboard stub: `operations/dashboards/attestor-observability.json`.