stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

save checkpoint

Browse Source
This commit is contained in:
master
2026-02-14 09:11:48 +02:00
parent 9ca2de05df
commit e9aeadc040
1512 changed files with 30863 additions and 4728 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
docs/features/checked/attestor/deterministic-evidence-graph-with-hash-addressed-nodes.md Normal file
View File

@@ -0,0 +1,40 @@
# Deterministic Evidence Graph with Hash-Addressed Nodes
## Module
Attestor
## Status
VERIFIED
## Description
Content-addressed proof graph with typed nodes/edges, subgraph extraction, mutation operations, and content-addressed ID generation for all identifiers (ArtifactId, EvidenceId, ProofBundleId, VexVerdictId, etc.).
## Implementation Details
- **Proof Graph Service**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Graph/InMemoryProofGraphService.cs` -- implements `IProofGraphService` with partials:
- `.Mutation` -- add/remove nodes and edges
- `.Queries` -- query nodes by type, find paths, get neighbors
- `.Subgraph` -- extract subgraphs rooted at a specific node
- **Graph Models**: `ProofGraphNode.cs` (typed via `ProofGraphNodeType`), `ProofGraphEdge.cs` (typed via `ProofGraphEdgeType`), `ProofGraphPath.cs`, `ProofGraphSubgraph.cs`
- **Content-Addressed IDs**: `Identifiers/ContentAddressedIdGenerator.cs` (with `.Graph`) -- generates deterministic node/edge IDs from content. Types: `ArtifactId`, `EvidenceId`, `ProofBundleId`, `VexVerdictId`, `ReasoningId`, `GraphRevisionId`, `TrustAnchorId`, `SbomEntryId`.
- **Graph Root Attestation**: `src/Attestor/__Libraries/StellaOps.Attestor.GraphRoot/` -- `GraphRootAttestor.cs` (implements `IGraphRootAttestor`), `Sha256MerkleRootComputer.cs` (implements `IMerkleRootComputer`). Models: `GraphRootAttestation.cs`, `GraphRootPredicate.cs`, `GraphRootResults.cs`.
- **Tests**: `__Tests/StellaOps.Attestor.ProofChain.Tests/ContentAddressedIdGeneratorTests.cs`, `__Tests/StellaOps.Attestor.GraphRoot.Tests/GraphRootAttestorTests.cs`, `Sha256MerkleRootComputerTests.cs`
## E2E Test Plan
- [ ] Add 5 nodes of different types (Evidence, Verdict, Policy, Artifact) to `InMemoryProofGraphService` and verify each gets a unique content-addressed ID
- [ ] Add edges between nodes and verify edge IDs are deterministic based on source, target, and type
- [ ] Query nodes by type and verify correct filtering
- [ ] Find a path between two nodes via graph queries and verify `ProofGraphPath` contains the correct sequence
- [ ] Extract a subgraph rooted at an evidence node and verify it contains only reachable nodes and edges
- [ ] Remove a node via mutation and verify all connected edges are also removed
- [ ] Compute graph root attestation via `GraphRootAttestor` and verify `GraphRootPredicate` contains the Merkle root of all node IDs
- [ ] Add identical content as a node twice and verify deduplication (same content-addressed ID)
## Verification
| Check | Result |
|-------|--------|
| Tier 0 - Source Verification | PASS |
| Tier 1 - Build + Code Review | PASS |
| Tier 2 - Behavioral Verification | PASS |
| Verified Date | 2026-02-13 |
| Run ID | run-001 |