prep docs and service updates
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
This commit is contained in:
master
@@ -16,6 +16,12 @@
|
||||
- Added `TimeStatusService` + `InMemoryTimeAnchorStore` for per-tenant anchor/budget status + staleness; tests in `TimeStatusServiceTests`.
|
||||
- Added verification pipeline (`TimeVerificationService`) with stub Roughtime/RFC3161 verifiers requiring trust roots; loader now verifies using trust roots.
|
||||
- Added API surface `/api/v1/time/status` (plus POST `/api/v1/time/anchor`) via `TimeStatusController` and web host wiring.
|
||||
- Added sealed startup hook (`StartupValidationExtensions`) to block app start when anchor missing/stale; uses budgets and returns structured reasons.
|
||||
- Upgraded Roughtime verifier to real Ed25519 signature check + RFC3161 verifier using SignedCms; failures now return `roughtime-*` / `rfc3161-*` reasons.
|
||||
- Added config binding (`AirGap:*`) for tenant and staleness budgets; startup validation pulls from config.
|
||||
- Added config sample at `docs/airgap/time-config-sample.json` for sealed-mode deployments.
|
||||
- Documented endpoints and payloads at `docs/airgap/time-api.md`.
|
||||
- Health check: `/healthz/ready` reports degraded/healthy based on staleness; consumers should scrape for sealed-mode readiness.
|
||||
|
||||
## Next implementation hooks
|
||||
- Plug real Roughtime and RFC3161 decoders, verifying against trust roots supplied via sealed-mode config.
|
||||
|
||||
Reference in New Issue
Block a user