stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

semi implemented and features implemented save checkpoint

Browse Source
This commit is contained in:
master
2026-02-08 18:00:49 +02:00
parent 04360dff63
commit 1bf6bbf395
20895 changed files with 716795 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
docs/features/unchecked/devops/postgresql-backend-for-rekor-metadata.md Normal file
View File

@@ -0,0 +1,26 @@
# PostgreSQL Backend for Rekor Metadata
## Module
devops
## Status
IMPLEMENTED
## Description
PostgreSQL-based Rekor backend with checkpoint storage, submission queue tables, and VEX-Rekor linkage migration.
## Implementation Details
- **Rekor Inclusion Proof Models**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Rekor/RekorInclusionProof.cs` -- model for Rekor inclusion proof data including log index, root hash, tree size, and inclusion hashes.
- **Enhanced Rekor Proof Builder**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Rekor/EnhancedRekorProofBuilder.cs` (with partials `.Build.cs`, `.Validate.cs`) -- builds and validates Rekor inclusion proofs, storing metadata for PostgreSQL persistence.
- **Pipeline Rekor Entry**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Pipeline/RekorEntry.cs` -- pipeline model for Rekor transparency log entries.
- **Rekor Inclusion Verification**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Verification/RekorInclusionVerificationStep.cs` -- verification step that validates Rekor inclusion proofs against stored checkpoints.
- **Database Cluster Config**: `devops/database/postgres/cluster-production.yaml`, `cluster-staging.yaml` -- PostgreSQL cluster definitions for CloudNativePG with Rekor metadata tables.
- **Database Pooler Config**: `devops/database/postgres/pooler-production.yaml`, `pooler-staging.yaml` -- PgBouncer pooler configurations for Rekor query workloads.
- **Compose Configuration**: `devops/compose/docker-compose.stella-ops.yml` -- includes PostgreSQL service configuration for the Rekor backend.
## E2E Test Plan
- [ ] Submit a DSSE attestation through the proof chain pipeline and verify the Rekor entry metadata (log index, root hash, tree size) is persisted to PostgreSQL
- [ ] Query the stored Rekor checkpoint and verify it matches the transparency log state at submission time
- [ ] Verify Rekor inclusion proof validation: retrieve a stored proof from PostgreSQL and run `RekorInclusionVerificationStep` to confirm it validates correctly
- [ ] Verify the submission queue processes entries in order and marks them as submitted after successful Rekor log inclusion
- [ ] Deploy the PostgreSQL cluster configuration and verify the database schema includes the required Rekor metadata tables

25
docs/features/unchecked/devops/vex-rekor-linkage.md Normal file
View File

@@ -0,0 +1,25 @@
# VEX-Rekor Linkage
## Module
devops
## Status
IMPLEMENTED
## Description
Database migration linking VEX observations to Rekor entries for transparent VEX decision tracking.
## Implementation Details
- **VEX Proof Integrator**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Generators/VexProofIntegrator.Helpers.cs` and `VexProofIntegrator.Metadata.cs` -- integrates VEX verdicts with proof chain by generating Rekor-linked evidence, binding VEX decisions to transparency log entries.
- **VEX Verdict Proof Payload**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Generators/VexVerdictProofPayload.cs` -- payload model for VEX verdict proofs containing Rekor entry references.
- **VEX Verdict ID**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Identifiers/VexVerdictId.cs` -- content-addressed identifier for VEX verdicts, used to link VEX observations to their Rekor transparency log entries.
- **VEX Delta Models**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Predicates/VexDeltaChange.cs`, `VexDeltaStatement.cs`, `VexDeltaSummary.cs` -- models for tracking VEX status changes across Rekor-linked observations.
- **VEX Merge Trace**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Predicates/VexMergeTrace.cs` -- audit trace for VEX statement merges, including Rekor entry references for each source.
- **Compose Configuration**: `devops/compose/docker-compose.stella-ops.yml` -- Docker Compose with PostgreSQL services supporting VEX-Rekor linkage tables.
## E2E Test Plan
- [ ] Create a VEX verdict via the proof chain pipeline and verify it generates a Rekor entry with the VEX payload; confirm the linkage is persisted in PostgreSQL with both the VEX verdict ID and Rekor log index
- [ ] Query VEX observations by Rekor entry and verify the linked VEX status (affected, not_affected, under_investigation) is correctly returned
- [ ] Update a VEX status and verify a new Rekor entry is created; confirm the delta change record links both the old and new Rekor entries
- [ ] Verify the VEX merge trace includes Rekor references for each merged source statement
- [ ] Verify the linkage survives database migration: run the migration on an existing database and confirm existing VEX-Rekor links are preserved