stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

save checkpoint

Browse Source
This commit is contained in:
master
2026-02-14 09:11:48 +02:00
parent 9ca2de05df
commit e9aeadc040
1512 changed files with 30863 additions and 4728 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
docs/features/checked/attestor/content-addressed-identifiers.md Normal file
View File

@@ -0,0 +1,46 @@
# Content-Addressed Identifiers (ArtifactId, EvidenceId, ProofBundleId)
## Module
Attestor
## Status
VERIFIED
## Description
Full content-addressed ID system with types for ArtifactId, EvidenceId, ReasoningId, VexVerdictId, ProofBundleId, plus a content-addressed ID generator and SHA256 parser.
## Implementation Details
- **ID Generator**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Identifiers/ContentAddressedIdGenerator.cs` (with `.Graph` partial) -- implements `IContentAddressedIdGenerator`. Generates SHA-256 content-addressed IDs from canonical JSON content.
- **Base Types**: `ContentAddressedId.cs` -- base record type. `GenericContentAddressedId.cs` -- generic typed variant.
- **Typed ID Records**:
- `ArtifactId.cs` -- identifies attestation artifacts
- `EvidenceId.cs` -- identifies evidence items
- `ProofBundleId.cs` -- identifies proof bundles
- `VexVerdictId.cs` -- identifies VEX verdicts
- `ReasoningId.cs` -- identifies reasoning chains
- `SbomEntryId.cs` -- identifies SBOM entries
- `TrustAnchorId.cs` -- identifies trust anchors
- `GraphRevisionId.cs` -- identifies graph revision state
- **SHA-256 Parser**: `Sha256IdParser.cs` -- parses and validates `sha256:<64-hex-chars>` format.
- **Proof Hashing**: `__Libraries/StellaOps.Attestor.ProofChain/ProofHashing.cs` -- SHA-256 hashing utilities.
- **Tests**: `__Tests/StellaOps.Attestor.ProofChain.Tests/ContentAddressedIdTests.cs`, `ContentAddressedIdGeneratorTests.cs`
## E2E Test Plan
- [ ] Generate an `ArtifactId` from content via `ContentAddressedIdGenerator` and verify the output matches `sha256:<64-hex-chars>` format
- [ ] Generate IDs for identical content twice and verify they are equal
- [ ] Generate IDs for different content and verify they differ
- [ ] Parse a valid `sha256:abc123...` string via `Sha256IdParser` and verify successful parsing
- [ ] Attempt to parse an invalid ID (wrong prefix, wrong length) and verify parser rejects it
- [ ] Generate `EvidenceId`, `ProofBundleId`, `VexVerdictId`, `ReasoningId` for same content and verify they produce the same hash but are distinct types
- [ ] Generate a `GraphRevisionId` from a proof graph state, modify the graph, regenerate, and verify the ID changes
- [ ] Verify `SbomEntryId` produces deterministic IDs for identical SBOM component content
## Verification
| Check | Result |
|-------|--------|
| Tier 0 - Source Verification | PASS |
| Tier 1 - Build + Code Review | PASS |
| Tier 2 - Behavioral Verification | PASS |
| Verified Date | 2026-02-13 |
| Run ID | run-001 |