stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

semi implemented and features implemented save checkpoint

Browse Source
This commit is contained in:
master
2026-02-08 18:00:49 +02:00
parent 04360dff63
commit 1bf6bbf395
20895 changed files with 716795 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
docs/features/unchecked/attestor/rekor-entry-events-with-reanalysis-hints.md Normal file
View File

@@ -0,0 +1,32 @@
# Rekor Entry Events with Reanalysis Hints
## Module
Attestor
## Status
IMPLEMENTED
## Description
Deterministic Rekor entry events (EntryLogged, EntryQueued, InclusionVerified, EntryFailed) with reanalysis hints (CVE IDs, product keys, artifact digests, scope) for policy reanalysis triggers.
## Implementation Details
- **Rekor Entry Event**: `src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Rekor/RekorEntryEvent.cs` -- event model with type (EntryLogged, EntryQueued, InclusionVerified, EntryFailed), payload, and reanalysis hints (CVE IDs, product keys, artifact digests, scope).
- **Rekor Submission Response**: `Rekor/RekorSubmissionResponse.cs` -- response from Rekor submission containing log index and entry UUID.
- **Rekor Receipt**: `Rekor/RekorReceipt.cs` -- receipt from Rekor with verification data.
- **Rekor Proof Response**: `Rekor/RekorProofResponse.cs` -- proof response with inclusion proof data.
- **Rekor Sync Background Service**: `Rekor/RekorSyncBackgroundService.cs` -- background service that emits events during sync operations.
- **Checkpoint Divergence Detector**: `Rekor/CheckpointDivergenceDetector.cs` -- detects checkpoint divergence and emits failure events.
- **Rekor Inclusion Verification Result**: `Rekor/RekorInclusionVerificationResult.cs` -- result of verifying a Rekor entry's inclusion.
- **Queue**: `StellaOps.Attestor.Core/Queue/IRekorSubmissionQueue.cs` -- queue for managing entry submissions with event emission.
- **Persistence**: `__Libraries/StellaOps.Attestor.Persistence/Entities/RekorEntryEntity.cs` -- persisted Rekor entry with event history.
- **Tests**: `__Tests/StellaOps.Attestor.Core.Tests/RekorEntryEventTests.cs`
## E2E Test Plan
- [ ] Submit an attestation to Rekor and verify an `EntryLogged` event is emitted with the log index
- [ ] Queue a submission and verify an `EntryQueued` event is emitted before actual submission
- [ ] Verify inclusion of a Rekor entry and confirm an `InclusionVerified` event is emitted
- [ ] Simulate a submission failure and verify an `EntryFailed` event is emitted with error details
- [ ] Verify reanalysis hints contain CVE IDs, product keys, and artifact digests from the submitted attestation
- [ ] Verify the event scope field correctly narrows the reanalysis trigger (e.g., scope="component:openssl" only triggers reanalysis for openssl-related policies)
- [ ] Verify `RekorSyncBackgroundService` emits events during sync operations (new entries found, checkpoint updates)
- [ ] Persist events via `RekorEntryEntity` and verify event history is retrievable