stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

semi implemented and features implemented save checkpoint

Browse Source
This commit is contained in:
master
2026-02-08 18:00:49 +02:00
parent 04360dff63
commit 1bf6bbf395
20895 changed files with 716795 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
docs/features/unchecked/attestor/machine-verifiable-dsse-verdict-receipts.md Normal file
View File

@@ -0,0 +1,34 @@
# Machine-Verifiable DSSE Verdict Receipts
## Module
Attestor
## Status
IMPLEMENTED
## Description
Verification receipts with checks, context, and verdict receipt payloads are fully modeled and implemented.
## Implementation Details
- **Verification Receipt**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Receipts/VerificationReceipt.cs` -- complete verification receipt containing checks, context, overall result, and timestamp. `IReceiptGenerator.cs` -- interface for generating receipts.
- **Verification Check**: `Receipts/VerificationCheck.cs` -- individual check within a receipt (e.g., signature valid, predicate schema valid, Merkle proof valid) with pass/fail status and message.
- **Verification Context**: `Receipts/VerificationContext.cs` -- context for the verification (subject ID, predicate type, verifier identity, timestamp).
- **Verification Result**: `Receipts/VerificationResult.cs` -- aggregate result enum (Passed, Failed, Inconclusive).
- **Verdict Receipt Payload**: `Statements/VerdictReceiptPayload.cs` -- in-toto predicate payload for verdict receipts containing decision, inputs, and outputs.
- **Verdict Receipt Statement**: `Statements/VerdictReceiptStatement.cs` -- in-toto statement wrapping the verdict receipt payload.
- **Verdict Decision**: `Statements/VerdictDecision.cs` -- the decision (Pass/Fail/Warn) within the receipt.
- **Verdict Inputs**: `Statements/VerdictInputs.cs` -- inputs that were considered for the verdict.
- **Verdict Outputs**: `Statements/VerdictOutputs.cs` -- outputs produced by the verdict (policy violations, exceptions applied, etc.).
- **DSSE Signing**: `Signing/ProofChainSigner.cs` (with `.Verification`) -- signs verdict receipts into DSSE envelopes for machine verification.
- **Signature Verification Result**: `Signing/SignatureVerificationResult.cs` -- result of DSSE signature verification.
- **Tests**: `__Tests/StellaOps.Attestor.ProofChain.Tests/VerificationReceiptTests.cs`
## E2E Test Plan
- [ ] Generate a `VerificationReceipt` via `IReceiptGenerator` with multiple `VerificationCheck` entries and verify all checks are present
- [ ] Create a receipt with all checks passing and verify `VerificationResult` is `Passed`
- [ ] Create a receipt with one failing check and verify `VerificationResult` is `Failed`
- [ ] Build a `VerdictReceiptStatement` with `VerdictDecision.Pass`, sign it via `ProofChainSigner`, and verify the DSSE envelope is well-formed
- [ ] Verify the signed verdict receipt DSSE envelope via `ProofChainSigner.Verification` and confirm `SignatureVerificationResult` passes
- [ ] Tamper with the verdict receipt payload after signing and verify signature verification fails
- [ ] Create a `VerdictReceiptPayload` with `VerdictInputs` (scan results, policy rules) and `VerdictOutputs` (violations, exceptions) and verify all fields are captured
- [ ] Verify `VerificationContext` captures subject ID, predicate type, and verifier identity correctly