stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

semi implemented and features implemented save checkpoint

Browse Source
This commit is contained in:
master
2026-02-08 18:00:49 +02:00
parent 04360dff63
commit 1bf6bbf395
20895 changed files with 716795 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
docs/features/unchecked/attestor/fixchain-attestation.md Normal file
View File

@@ -0,0 +1,32 @@
# FixChain Attestation (Backport Proof)
## Module
Attestor
## Status
IMPLEMENTED
## Description
FixChain provides attestation-based proof that a backport or fix has been applied, with validation and policy gate integration.
## Implementation Details
- **FixChain Attestation Service**: `src/Attestor/__Libraries/StellaOps.Attestor.FixChain/FixChainAttestationService.cs` -- creates fix chain attestations.
- **FixChain Models**: `FixChainModels.cs` -- core models for fix chain data.
- **FixChain Predicate**: `FixChainPredicate.cs` -- attestable predicate for fix chain proof.
- **FixChain Statement Builder**: `FixChainStatementBuilder.cs` -- builds in-toto statements for fix chain attestations.
- **FixChain Validator**: `FixChainValidator.cs` -- validates fix chain attestations.
- **DI Registration**: `ServiceCollectionExtensions.cs` -- registers fix chain services.
- **Fix Status Info**: `__Libraries/StellaOps.Attestor.ProofChain/Predicates/FixStatusInfo.cs` -- fix status tracking in proof chain.
- **Tests**:
- `__Libraries/__Tests/StellaOps.Attestor.FixChain.Tests/FixChainPredicateTests.cs`, `FixChainStatementBuilderTests.cs`, `FixChainValidatorTests.cs`
- `__Tests/StellaOps.Attestor.FixChain.Tests/Unit/FixChainAttestationServiceTests.cs`, `FixChainStatementBuilderTests.cs`, `FixChainValidatorTests.cs`
- `__Tests/StellaOps.Attestor.FixChain.Tests/Integration/FixChainAttestationIntegrationTests.cs`
## E2E Test Plan
- [ ] Create a fix chain attestation via `FixChainAttestationService` for a backported security patch and verify the attestation contains patch details
- [ ] Build an in-toto statement via `FixChainStatementBuilder` and verify correct predicate type
- [ ] Validate the fix chain attestation via `FixChainValidator` and verify it passes for a valid fix
- [ ] Create a fix chain with invalid data (e.g., missing patch reference) and verify `FixChainValidator` rejects it
- [ ] Verify `FixStatusInfo` in the proof chain tracks fix application status
- [ ] Sign the fix chain statement and verify DSSE envelope integrity
- [ ] Run integration tests to verify end-to-end fix chain attestation flow