feat: Implement vulnerability token signing and verification utilities
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
- Added VulnTokenSigner for signing JWT tokens with specified algorithms and keys. - Introduced VulnTokenUtilities for resolving tenant and subject claims, and sanitizing context dictionaries. - Created VulnTokenVerificationUtilities for parsing tokens, verifying signatures, and deserializing payloads. - Developed VulnWorkflowAntiForgeryTokenIssuer for issuing anti-forgery tokens with configurable options. - Implemented VulnWorkflowAntiForgeryTokenVerifier for verifying anti-forgery tokens and validating payloads. - Added AuthorityVulnerabilityExplorerOptions to manage configuration for vulnerability explorer features. - Included tests for FilesystemPackRunDispatcher to ensure proper job handling under egress policy restrictions.
This commit is contained in:
master
@@ -7,7 +7,7 @@ Implement the append-only, tenant-scoped evidence locker detailed in Epic 15. Pr
|
||||
- Define object store layout, metadata DB schemas, and retention policies.
|
||||
- Build bundle assembly pipelines (evaluation, job, export) with Merkle manifests and DSSE signing.
|
||||
- Provide verification, download, and legal hold APIs with audit trails.
|
||||
- Integrate with Timeline Indexer, Exporter, Orchestrator, Policy Engine, Concelier, and Excitator for provenance linking.
|
||||
- Integrate with Timeline Indexer, Exporter, Orchestrator, Policy Engine, Concelier, and Excitor for provenance linking.
|
||||
|
||||
## Coordination
|
||||
- Work with Provenance Guild for signature tooling.
|
||||
|
||||
Reference in New Issue
Block a user