stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

save checkpoint

Browse Source
This commit is contained in:
master
2026-02-14 09:11:48 +02:00
parent 9ca2de05df
commit e9aeadc040
1512 changed files with 30863 additions and 4728 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
docs/features/checked/attestor/deterministic-verdict-serialization.md Normal file
View File

@@ -0,0 +1,40 @@
# Deterministic verdict serialization (canonical JSON / JCS)
## Module
Attestor
## Status
VERIFIED
## Description
RFC 8785 (JCS) canonical JSON serializer ensures deterministic, byte-stable verdict serialization for reproducible signing.
## Implementation Details
- **RFC 8785 Canonicalizer**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Json/Rfc8785JsonCanonicalizer.cs` -- full RFC 8785 implementation with partials for decimal, number, string, and write operations.
- **Verdict Receipt Payload**: `__Libraries/StellaOps.Attestor.ProofChain/Statements/VerdictReceiptPayload.cs` -- verdict payload serialized canonically for signing.
- **Verdict Decision**: `Statements/VerdictDecision.cs`, `VerdictInputs.cs`, `VerdictOutputs.cs` -- verdict computation components serialized deterministically.
- **Verdict Summary**: `Predicates/VerdictSummary.cs` -- summary predicate for verdict output.
- **Proof Chain Signer**: `Signing/ProofChainSigner.cs` -- signs canonical verdict payloads.
- **DSSE Canonicalizer**: `StellaOps.Attestor.Core/Submission/IDsseCanonicalizer.cs`, `Infrastructure/Submission/DefaultDsseCanonicalizer.cs` -- canonicalizes DSSE payloads before signing.
- **Canonical JSON Serializer (Core)**: `StellaOps.Attestor.Core/Serialization/CanonicalJsonSerializer.cs` -- core canonical JSON serializer.
- **Verdict Ledger**: `__Libraries/StellaOps.Attestor.VerdictLedger/VerdictLedgerEntry.cs`, `VerdictLedgerService.cs` -- ledger entries use canonical serialization.
- **Tests**: `__Tests/StellaOps.Attestor.ProofChain.Tests/JsonCanonicalizerTests.cs`, `__Tests/StellaOps.Attestor.Tests/VerdictLedgerHashTests.cs`, `StellaOps.Attestor.Core.Tests/Serialization/CanonicalJsonSerializerTests.cs`
## E2E Test Plan
- [ ] Serialize a `VerdictReceiptPayload` to canonical JSON and verify key ordering matches RFC 8785
- [ ] Serialize the same verdict twice and verify byte-for-byte equality
- [ ] Sign a canonical verdict via `ProofChainSigner` and verify the signature covers the canonical bytes
- [ ] Verify a signed verdict: re-canonicalize the payload and confirm the hash matches the signed hash
- [ ] Serialize a verdict with various data types (strings, numbers, booleans, nulls, arrays, objects) and verify each type follows RFC 8785 rules
- [ ] Store a verdict in `VerdictLedgerService` and verify the ledger hash matches the canonical hash
- [ ] Canonicalize via `DefaultDsseCanonicalizer` and verify it produces identical output to `Rfc8785JsonCanonicalizer`
## Verification
| Check | Result |
|-------|--------|
| Tier 0 - Source Verification | PASS |
| Tier 1 - Build + Code Review | PASS |
| Tier 2 - Behavioral Verification | PASS |
| Verified Date | 2026-02-13 |
| Run ID | run-001 |