stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

save checkpoint: save features

Browse Source
This commit is contained in:
master
2026-02-12 10:27:23 +02:00
parent dca86e1248
commit 5bca406787
8837 changed files with 1796879 additions and 5294 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
docs/features/unimplemented/attestor/asn-1-native-rfc-3161-timestamp-token-parsing.md Normal file
View File

@@ -0,0 +1,48 @@
# ASN.1-Native RFC 3161 Timestamp Token Parsing
## Module
Attestor
## Status
PARTIALLY_IMPLEMENTED
## Description
Native ASN.1 parsing of RFC 3161 timestamp tokens using System.Formats.Asn1 (no BouncyCastle dependency). Includes request encoding, response decoding, TstInfo extraction, certificate chain parsing, and signature verification. This is the low-level implementation detail behind the known "RFC-3161 TSA Client" entry.
## Implementation Details
- **Timestamp Service**: `src/Attestor/__Libraries/StellaOps.Attestor.Timestamping/AttestationTimestampService.cs` (with `.Helpers`, `.Timestamp`, `.Verify` partials) -- core service handling RFC 3161 timestamp request/response lifecycle.
- **IAttestationTimestampService**: `IAttestationTimestampService.cs` -- interface for timestamp operations.
- **Timestamp Policy**: `TimestampPolicy.cs`, `TimestampPolicyEvaluator.cs`, `TimestampPolicyResult.cs` -- policy evaluation for timestamp requirements.
- **TSA Certificate Validation**: `TsaCertificateStatus.cs` -- certificate chain status. `TstVerificationStatus.cs` -- TstInfo verification result.
- **Time Correlation**: `TimeCorrelationValidator.cs` (with `.Async`, `.GapChecks`, `.Validate` partials) -- validates timestamp consistency across multiple TSA sources. `TimeCorrelationPolicy.cs`, `TimeCorrelationResult.cs`, `TimeCorrelationStatus.cs` define correlation rules.
- **Time Consistency**: `TimeConsistencyResult.cs` -- result of cross-TSA time consistency checks.
- **Multi-Provider Fallback**: `src/Attestor/__Libraries/StellaOps.Attestor.Infrastructure/Timestamping/TsaMultiProvider.cs` -- fallback chain across multiple TSA providers.
- **Configuration**: `AttestationTimestampOptions.cs`, `AttestationTimestampServiceOptions.cs`, `AttestationTimestampVerificationOptions.cs`, `AttestationTimestampPolicyContext.cs`.
- **Timestamped Attestation**: `TimestampedAttestation.cs` -- wraps an attestation with its timestamp token.
- **Tests**: `src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Tests/Timestamping/AttestationTimestampServiceTests.cs`, `src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Tests/Timestamping/AttestationTimestampPolicyTests.cs`, `src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Tests/Timestamping/TimeCorrelationValidatorTests.cs`
## E2E Test Plan
- [ ] Create a timestamp request for a SHA-256 hash via `AttestationTimestampService`, send to a TSA endpoint, and verify the response contains a valid TstInfo with matching hash
- [ ] Parse an RFC 3161 timestamp token response and verify certificate chain extraction produces valid `TsaCertificateStatus`
- [ ] Verify a timestamp token signature against the TSA certificate and confirm `TstVerificationStatus` indicates success
- [ ] Configure `TimeCorrelationValidator` with two TSA sources and verify `TimeConsistencyResult` passes when timestamps are within configured gap tolerance
- [ ] Configure `TimeCorrelationValidator` with a strict gap threshold and submit timestamps with drift exceeding the threshold, verifying `TimeCorrelationStatus` indicates failure
- [ ] Test `TsaMultiProvider` fallback by configuring a primary TSA that fails and a secondary that succeeds, verifying the timestamp is obtained from the fallback provider
- [ ] Create a `TimestampedAttestation` wrapping a DSSE envelope and verify the timestamp token is correctly associated
## Implementation Gaps (2026-02-11)
- `AttestationTimestampService.Helpers` still uses placeholder methods for RFC-3161 request/parse/verify flow (`RequestTimestampAsync`, `ParseTstInfo`, `VerifyImprintAsync`, `VerifyTstSignatureAsync`) instead of native ASN.1 token parsing and verification.
- `TsaMultiProvider` request/response handling is marked as simplified placeholder and references hypothetical BouncyCastle integration rather than implemented native ASN.1 parsing.
- Current timestamping tests validate digest/policy scaffolding but do not exercise real RFC-3161 token decode, certificate-chain extraction, CMS signature verification, or fallback-provider behavior with realistic responses.
## Verification
- Evaluated on 2026-02-11 via `run-001`.
- Tier 0 source checks were `partial` only due legacy test path references in the feature dossier; active timestamping source/test files were present.
- Tier 1 and Tier 2 executed successfully for existing timestamping behavior tests (`12/12` class-scoped), but claim parity review failed because RFC-3161 ASN.1 parse/verification paths are still placeholders.
- Feature terminalized as `not_implemented` and moved from `unchecked` to `unimplemented`.
- Evidence:
- `docs/qa/feature-checks/runs/attestor/asn-1-native-rfc-3161-timestamp-token-parsing/run-001/tier0-source-check.json`
- `docs/qa/feature-checks/runs/attestor/asn-1-native-rfc-3161-timestamp-token-parsing/run-001/tier1-build-check.json`
- `docs/qa/feature-checks/runs/attestor/asn-1-native-rfc-3161-timestamp-token-parsing/run-001/tier2-integration-check.json`
- `docs/qa/feature-checks/runs/attestor/asn-1-native-rfc-3161-timestamp-token-parsing/run-001/triage.json`
- `docs/qa/feature-checks/runs/attestor/asn-1-native-rfc-3161-timestamp-token-parsing/run-001/confirmation.json`

50
docs/features/unimplemented/attestor/attestable-exception-objects-with-expiries-and-audit-trails.md Normal file
View File

@@ -0,0 +1,50 @@
# Attestable Exception Objects with Expiries and Audit Trails
## Module
Attestor
## Status
PARTIALLY_IMPLEMENTED
## Description
Exceptions are modeled as auditable objects with IDs, owners, expiry dates, and audit trails. The exception ledger UI shows active/pending/expiring counts. Signed override badges indicate cryptographic attestation of exceptions.
## Implementation Details
- **Exception Reference**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Services/ExceptionRef.cs` -- models exception objects with ID, owner, and expiry metadata.
- **Budget Exception Entry**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Statements/BudgetExceptionEntry.cs` -- exception entry within the uncertainty budget system, tracking exception scope and validity period.
- **Budget System Integration**: `BudgetDefinition.cs`, `BudgetObservation.cs`, `BudgetViolationEntry.cs` -- exceptions integrate with the uncertainty budget to allow controlled risk acceptance.
- **VEX Override System**: `src/Attestor/__Libraries/StellaOps.Attestor.StandardPredicates/VexOverride/VexOverridePredicate.cs` -- signed VEX overrides serve as attestable exceptions. `VexOverridePredicateBuilder.cs` (with `.Build`, `.Serialize`, `.WithMethods` partials) constructs override predicates. `VexOverrideDecision.cs` captures the decision rationale.
- **Evidence Reference**: `VexOverride/EvidenceReference.cs` -- links exception decisions to supporting evidence.
- **Audit Trail**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Audit/AuditHashLogger.cs` (with `.Validation` partial) logs hash-based audit records. `HashAuditRecord.cs` captures individual audit entries. `AuditArtifactTypes.cs` defines auditable artifact types.
- **Persistence**: `src/Attestor/__Libraries/StellaOps.Attestor.Persistence/Entities/AuditLogEntity.cs` -- database entity for audit log persistence.
- **DSSE Signing**: Exceptions are signed via `ProofChainSigner` to produce cryptographic attestation (signed override badges).
## E2E Test Plan
- [ ] Create an exception via `BudgetExceptionEntry` with owner, expiry date, and justification, then verify all fields serialize correctly
- [ ] Build a `VexOverridePredicate` with `VexOverridePredicateBuilder`, sign it via DSSE, and verify the signed envelope contains the override decision
- [ ] Create an exception with an expiry date in the past and verify budget evaluation treats it as expired (no longer valid)
- [ ] Create an exception with a future expiry and verify it is counted as active in the budget check
- [ ] Log exception creation via `AuditHashLogger` and verify `HashAuditRecord` captures the artifact type, timestamp, and hash
- [ ] Query audit trail for a specific exception ID and verify the complete history of changes is returned
- [ ] Verify that `ExceptionRef` correctly links to `EvidenceReference` for evidence-backed exception justification
## Implementation Gaps (2026-02-11)
- `ExceptionRef` currently contains only `ExceptionId`, `Status`, and `CoveredReasonCodes`; it does not model owner/expiry metadata or evidence references as described by the feature claim.
- A concrete `IProofChainRepository` implementation for querying complete audit history by exception ID was not found in `StellaOps.Attestor.Persistence`; only the interface contract exists.
- Core DSSE exception signing and hash audit logging behaviors are implemented and tested, but claim-parity fails for full exception-reference and audit-query workflow coverage.
## Verification
- Evaluated on 2026-02-11 via `run-001`.
- Tier 0 source checks passed, Tier 1 build/tests passed (`52/52` scoped tests), but Tier 1 code review and Tier 2 behavioral claim parity failed on missing exception-reference and audit-query implementation pieces.
- Feature terminalized as `not_implemented` and moved from `unchecked` to `unimplemented`.
- Evidence:
- `docs/qa/feature-checks/runs/attestor/attestable-exception-objects-with-expiries-and-audit-trails/run-001/tier0-source-check.json`
- `docs/qa/feature-checks/runs/attestor/attestable-exception-objects-with-expiries-and-audit-trails/run-001/tier1-build-check.json`
- `docs/qa/feature-checks/runs/attestor/attestable-exception-objects-with-expiries-and-audit-trails/run-001/tier2-integration-check.json`
- `docs/qa/feature-checks/runs/attestor/attestable-exception-objects-with-expiries-and-audit-trails/run-001/triage.json`
## Not Implemented Findings
- Tier 0 and Tier 1 pass for core exception-signing and audit-hash behavior, but claim parity review found gaps in exception reference modeling and audit-history query implementation.
- ExceptionRef currently contains ExceptionId, Status, and covered reason codes only; owner/expiry/evidence linkage promised by this feature dossier is not modeled in this contract.
- IProofChainRepository exposes audit-log query methods, but no concrete proof-chain repository implementation was found to fulfill complete history retrieval semantics by exception ID in this feature scope.