Doctor plugin checks: implement health check classes and documentation
Implement remediation-aware health checks across all Doctor plugin modules (Agent, Attestor, Auth, BinaryAnalysis, Compliance, Crypto, Environment, EvidenceLocker, Notify, Observability, Operations, Policy, Postgres, Release, Scanner, Storage, Vex) and their backing library counterparts (AI, Attestation, Authority, Core, Cryptography, Database, Docker, Integration, Notify, Observability, Security, ServiceGraph, Sources, Verification). Each check now emits structured remediation metadata (severity, category, runbook links, and fix suggestions) consumed by the Doctor dashboard remediation panel. Also adds: - docs/doctor/articles/ knowledge base for check explanations - Advisory AI search seed and allowlist updates for doctor content - Sprint plan for doctor checks documentation Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
master
52
docs/doctor/articles/timestamping/qts-status-change.md
Normal file
52
docs/doctor/articles/timestamping/qts-status-change.md
Normal file
@@ -0,0 +1,52 @@
|
||||
---
|
||||
checkId: check.timestamp.eidas.qts.status-change
|
||||
plugin: stellaops.doctor.timestamping
|
||||
severity: warn
|
||||
tags: [timestamping, eidas, qts, status, monitoring]
|
||||
---
|
||||
# QTS Status Changes
|
||||
|
||||
## What It Checks
|
||||
Alerts on TSA qualification status changes in the past 7 days. The check:
|
||||
|
||||
- Queries the status change tracker for recent changes within a 7-day window.
|
||||
- Reports each change (provider name, previous status, new status, change date).
|
||||
- Warns if any withdrawals occurred (provider moved from Qualified to Withdrawn/Suspended/Deprecated).
|
||||
- Passes if no changes occurred or all changes are positive (e.g., new qualification grants).
|
||||
|
||||
## Why It Matters
|
||||
Qualification status changes require operational response. A withdrawal means the provider's timestamps no longer satisfy eIDAS requirements, and traffic should be migrated to an alternative provider. Early detection of changes enables proactive migration before compliance deadlines.
|
||||
|
||||
## Common Causes
|
||||
- Supervisory body action against a TSA provider
|
||||
- Provider voluntary withdrawal from qualification
|
||||
- New provider achieving qualification (positive change)
|
||||
|
||||
## How to Fix
|
||||
|
||||
### Docker Compose
|
||||
```bash
|
||||
# Review recent changes
|
||||
docker exec <platform-container> stella tsa qualification changes --days 7
|
||||
|
||||
# If a provider was withdrawn, add a replacement
|
||||
docker exec <platform-container> stella tsa add --name "Replacement QTS" --url "https://new-tsa.eu/tsr" --qualified
|
||||
```
|
||||
|
||||
### Bare Metal / systemd
|
||||
```bash
|
||||
stella tsa qualification changes --days 7
|
||||
stella tsa qualification status
|
||||
```
|
||||
|
||||
### Kubernetes / Helm
|
||||
Review changes and update provider configuration as needed.
|
||||
|
||||
## Verification
|
||||
```
|
||||
stella doctor run --check check.timestamp.eidas.qts.status-change
|
||||
```
|
||||
|
||||
## Related Checks
|
||||
- `check.timestamp.eidas.qts.qualified` — checks provider qualification status
|
||||
- `check.timestamp.eidas.trustlist.fresh` — checks EU Trust List freshness
|
||||
Reference in New Issue
Block a user