stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

semi implemented and features implemented save checkpoint

Browse Source
This commit is contained in:
master
2026-02-08 18:00:49 +02:00
parent 04360dff63
commit 1bf6bbf395
20895 changed files with 716795 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
docs/features/unchecked/attestor/backport-proof-service.md Normal file
View File

@@ -0,0 +1,34 @@
# Backport Proof Service
## Module
Attestor
## Status
IMPLEMENTED
## Description
BackportProof library in Concelier and multi-tier BackportProofGenerator in Attestor with confidence scoring, evidence combining, and tier-based proof generation (Tier 1 through 4 plus signature variants).
## Implementation Details
- **BackportProofGenerator**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Generators/BackportProofGenerator.cs` -- orchestrates multi-tier backport proof generation. Partials:
- `BackportProofGenerator.Tier1.cs` -- Tier 1: exact version match proofs
- `BackportProofGenerator.Tier2.cs` -- Tier 2: advisory-level evidence
- `BackportProofGenerator.Tier3.cs` -- Tier 3: heuristic/pattern matching
- `BackportProofGenerator.Tier3Signature.cs` -- Tier 3 signature variant with binary signature comparison
- `BackportProofGenerator.Tier4.cs` -- Tier 4: lowest confidence, inference-based
- `BackportProofGenerator.Confidence.cs` -- confidence scoring across tiers using proof-strength hierarchy
- `BackportProofGenerator.CombineEvidence.cs` -- evidence aggregation from multiple tiers
- `BackportProofGenerator.Status.cs` -- status tracking for proof generation progress
- `BackportProofGenerator.VulnerableUnknown.cs` -- handling of unknown vulnerability status
- **Evidence Summary**: `EvidenceSummary.cs` -- aggregated evidence output from proof generation.
- **Tests**: `__Tests/StellaOps.Attestor.ProofChain.Tests/BackportProofGeneratorTests.cs`
## E2E Test Plan
- [ ] Generate a Tier 1 proof for a package with exact version match in advisory data and verify high confidence score (>= 0.9)
- [ ] Generate a Tier 2 proof using advisory-level evidence (CVE matches package family) and verify moderate confidence score
- [ ] Generate a Tier 3 proof using binary signature comparison and verify it includes signature match details
- [ ] Generate a Tier 4 inference-based proof and verify it has the lowest confidence score among all tiers
- [ ] Combine evidence from Tier 1 and Tier 2 via `CombineEvidence` and verify the combined confidence is higher than either individual tier
- [ ] Generate a proof for a package with `VulnerableUnknown` status and verify the generator handles it with appropriate uncertainty indicators
- [ ] Verify `EvidenceSummary` output contains entries from all applicable tiers with per-tier confidence scores
- [ ] Generate proofs for the same package twice and verify deterministic output (same confidence scores and evidence)