stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity

Implement VEX document verification system with issuer management and signature verification

Browse Source 
- Added IIssuerDirectory interface for managing VEX document issuers, including methods for registration, revocation, and trust validation.
- Created InMemoryIssuerDirectory class as an in-memory implementation of IIssuerDirectory for testing and single-instance deployments.
- Introduced ISignatureVerifier interface for verifying signatures on VEX documents, with support for multiple signature formats.
- Developed SignatureVerifier class as the default implementation of ISignatureVerifier, allowing extensibility for different signature formats.
- Implemented handlers for DSSE and JWS signature formats, including methods for verification and signature extraction.
- Defined various records and enums for issuer and signature metadata, enhancing the structure and clarity of the verification process.
This commit is contained in:
StellaOps Bot
2025-12-06 13:41:22 +02:00
parent 2141196496
commit 5e514532df
112 changed files with 24861 additions and 211 deletions
Download Patch File Download Diff File Expand all files Collapse all files

107
etc/vexlens.yaml.sample Normal file
View File

@@ -0,0 +1,107 @@
# VexLens Configuration Sample
# Copy to vexlens.yaml and customize for your environment
VexLens:
# Storage configuration for consensus projections
Storage:
# Driver: "memory" for testing, "mongo" for production
Driver: mongo
ConnectionString: "mongodb://localhost:27017"
Database: stellaops
ProjectionsCollection: vex_consensus
HistoryCollection: vex_consensus_history
MaxHistoryEntries: 100
CommandTimeoutSeconds: 30
# Trust engine configuration
Trust:
# Base weights by issuer trust tier (0.0-1.0)
AuthoritativeWeight: 1.0 # Authoritative sources (e.g., product vendors)
TrustedWeight: 0.8 # Trusted third parties
KnownWeight: 0.5 # Known but not verified
UnknownWeight: 0.3 # Unknown sources
UntrustedWeight: 0.1 # Untrusted/unverified sources
# Weight multiplier for cryptographically signed statements
SignedMultiplier: 1.2
# Freshness decay: statements older than this start losing weight
FreshnessDecayDays: 30
MinFreshnessFactor: 0.5 # Minimum freshness factor (0.0-1.0)
# Status-specific boosts
JustifiedNotAffectedBoost: 1.1 # Boost for not_affected with justification
FixedStatusBoost: 1.05 # Boost for fixed status
# Consensus computation configuration
Consensus:
# Mode: HighestWeight, WeightedVote, Lattice, AuthoritativeFirst
DefaultMode: WeightedVote
# Minimum weight for a statement to contribute
MinimumWeightThreshold: 0.1
# Weight difference to trigger conflict detection
ConflictThreshold: 0.3
# Require justification for not_affected status
RequireJustificationForNotAffected: false
# Maximum statements per computation (performance limit)
MaxStatementsPerComputation: 100
# Enable conflict detection and reporting
EnableConflictDetection: true
# Emit events on consensus changes
EmitEvents: true
# Normalization configuration
Normalization:
# Enabled VEX format normalizers
EnabledFormats:
- OpenVEX
- CSAF
- CycloneDX
# Fail on unknown fields (strict mode)
StrictMode: false
# Size limits
MaxDocumentSizeBytes: 10485760 # 10 MB
MaxStatementsPerDocument: 10000
# Air-gap mode configuration
AirGap:
# Enable sealed mode (block external network access)
SealedMode: false
# Path to offline bundle directory
BundlePath: /var/lib/stellaops/vex-bundles
# Verify bundle signatures on import
VerifyBundleSignatures: true
# Allowed bundle sources (issuer IDs)
AllowedBundleSources: []
# Export format: jsonl, json
ExportFormat: jsonl
# Telemetry configuration
Telemetry:
MetricsEnabled: true
TracingEnabled: true
MeterName: StellaOps.VexLens
ActivitySourceName: StellaOps.VexLens
# Logging configuration (optional override)
Logging:
LogLevel:
Default: Information
StellaOps.VexLens: Debug
# OpenTelemetry configuration (when telemetry enabled)
# OpenTelemetry:
# Endpoint: http://localhost:4317
# Protocol: grpc