stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Add LDAP Distinguished Name Helper and Credential Audit Context
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details

Browse Source 
- Implemented LdapDistinguishedNameHelper for escaping RDN and filter values.
- Created AuthorityCredentialAuditContext and IAuthorityCredentialAuditContextAccessor for managing credential audit context.
- Developed StandardCredentialAuditLogger with tests for success, failure, and lockout events.
- Introduced AuthorityAuditSink for persisting audit records with structured logging.
- Added CryptoPro related classes for certificate resolution and signing operations.
This commit is contained in:
master
2025-11-09 12:21:38 +02:00
parent ba4c935182
commit 75c2bcafce
385 changed files with 7354 additions and 7344 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/Provenance/StellaOps.Provenance.Attestation/TASKS.md
View File

@@ -1,13 +0,0 @@
# Provenance & Attestation Task Board — Epic 15: Observability & Forensics
## Sprint 53 Evidence Bundle Foundations
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| PROV-OBS-53-001 | TODO | Provenance Guild | TELEMETRY-OBS-50-001 | Implement DSSE/SLSA `BuildDefinition` + `BuildMetadata` models with canonical JSON serializer, Merkle digest helpers, and deterministic hashing tests. Publish sample statements for orchestrator/job/export subjects. | Models serialized deterministically; test vectors stored under `samples/provenance/`; compliance checklist recorded. |
| PROV-OBS-53-002 | TODO | Provenance Guild, Security Guild | PROV-OBS-53-001 | Build signer abstraction (cosign/KMS/offline) with key rotation hooks, audit logging, and policy enforcement (required claims). Provide unit tests using fake signer + real cosign fixture. | Signer abstraction delivers DSSE envelopes; rotation docs updated; tests cover key expiry + claim enforcement. |
## Sprint 54 Verification Tooling
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| PROV-OBS-54-001 | TODO | Provenance Guild, Evidence Locker Guild | PROV-OBS-53-002, EVID-OBS-53-001 | Deliver verification library that validates DSSE signatures, Merkle roots, and timeline chain-of-custody, exposing reusable CLI/service APIs. Include negative-case fixtures and offline timestamp verification. | Verification API integrated into evidence locker; tests cover success/failure; timestamp (RFC3161) optional hook documented. |
| PROV-OBS-54-002 | TODO | Provenance Guild, DevEx/CLI Guild | PROV-OBS-54-001, CLI-FORENSICS-54-001 | Generate .NET global tool for local verification + embed command helpers for CLI `stella forensic verify`. Provide deterministic packaging and offline kit instructions. | Tool published to `local-nuget`; CLI integration tests pass; offline instructions documented. |