stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

chore: remove outdated documentation and prep notes

Browse Source 
- Deleted several draft and prep documents related to benchmarks, authority DPoP & mTLS implementation, Java analyzer observation, link-not-merge determinism tests, replay operations, and crypto provider registry.
- Updated the merge semver playbook to reflect current database schema usage.
- Cleaned up the technical development README to remove references to obsolete documents and streamline guidance for contributors.
This commit is contained in:
StellaOps Bot
2025-12-24 12:47:50 +02:00
parent 02772c7a27
commit 40362de568
20 changed files with 6 additions and 758 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
docs/modules/evidence-locker/crypto-provider-registry-prep.md
View File

@@ -1,16 +0,0 @@
# Evidence Locker Crypto Registry Prep — PREP-EVID-CRYPTO-90-001
Status: **Ready for implementation** (2025-11-20)
Owners: Evidence Locker Guild · Security Guild
Scope: Document ICryptoProviderRegistry expectations for Evidence Locker hashing/signing (manifest digests, DSSE, bundle encryption) including sovereign profiles.
## Requirements
- Registry entries must expose: `ProviderId`, `Algorithms` (signing/hash), `KeyUri`, `IsFips`, `IsPQReady`, `SupportsTimestamping`.
- Evidence Locker must select provider via config `EvidenceLocker:Crypto:ProviderId` with default `stella-default`.
- DSSE signing for bundles uses providers signing key; hashing uses provider hash list in order (sha256 first, optional gost for RU profile).
- JWKS/keys: provider responsible for exporting JWKS; Evidence Locker caches JWKS via configured `KeyUri`; cache TTL configurable.
## Acceptance criteria
- Prep doc published here; sprint task marked DONE.
- Provider selection/config rules recorded; hashing/signing responsibilities clarified.

24
docs/modules/evidence-locker/validate-bundle-prep.md
View File

@@ -1,24 +0,0 @@
# Validate Bundle Prep — PREP-VALIDATE-BUNDLE-187-005 (Draft)
Status: Draft (2025-11-20)
Owners: QA Guild · CLI Guild · Docs Guild
Scope: Define validation steps for replay bundles once schemas freeze.
## Validation checklist (proposed)
- Verify archive hash vs manifest `bundle.manifest.json` (`sha256`).
- Verify DSSE signature (if present) against trusted keys.
- Recompute Merkle root of bundle file tree; compare to manifest.
- Schema validation: replay records conform to `replay.record.v1`; policy export bundle conforms to `policy.export.console.v1` when included.
- Determinism: run `stella replay` twice on same bundle and assert identical outputs (hash comparison).
## Fixtures/tests
- Golden bundles live under `tests/EvidenceLocker/Bundles/Golden/` (sealed, portable, replay) with `expected.json` and DSSE envelopes.
- `StellaOps.EvidenceLocker.Tests` includes fixture tests that validate Merkle subject, redaction, and replay digest; keep them green when regenerating bundles.
- CLI validation test: `stella verify --bundle <fixture>` returns exit code 0 and prints `verified: true`.
## Open dependencies
- Final schemas from Evidence Locker and Policy export contracts.
- Trust root list for DSSE verification (Authority decision).
## Handoff
Use this prep doc for PREP-VALIDATE-BUNDLE-187-005; expand with concrete fixtures once schemas are frozen.