save checkpoint
This commit is contained in:
master
42
docs/features/checked/attestor/fixchain-attestation.md
Normal file
42
docs/features/checked/attestor/fixchain-attestation.md
Normal file
@@ -0,0 +1,42 @@
|
||||
# FixChain Attestation (Backport Proof)
|
||||
|
||||
## Module
|
||||
Attestor
|
||||
|
||||
## Status
|
||||
VERIFIED
|
||||
|
||||
## Description
|
||||
FixChain provides attestation-based proof that a backport or fix has been applied, with validation and policy gate integration.
|
||||
|
||||
## Implementation Details
|
||||
- **FixChain Attestation Service**: `src/Attestor/__Libraries/StellaOps.Attestor.FixChain/FixChainAttestationService.cs` -- creates fix chain attestations.
|
||||
- **FixChain Models**: `FixChainModels.cs` -- core models for fix chain data.
|
||||
- **FixChain Predicate**: `FixChainPredicate.cs` -- attestable predicate for fix chain proof.
|
||||
- **FixChain Statement Builder**: `FixChainStatementBuilder.cs` -- builds in-toto statements for fix chain attestations.
|
||||
- **FixChain Validator**: `FixChainValidator.cs` -- validates fix chain attestations.
|
||||
- **DI Registration**: `ServiceCollectionExtensions.cs` -- registers fix chain services.
|
||||
- **Fix Status Info**: `__Libraries/StellaOps.Attestor.ProofChain/Predicates/FixStatusInfo.cs` -- fix status tracking in proof chain.
|
||||
- **Tests**:
|
||||
- `__Libraries/__Tests/StellaOps.Attestor.FixChain.Tests/FixChainPredicateTests.cs`, `FixChainStatementBuilderTests.cs`, `FixChainValidatorTests.cs`
|
||||
- `__Tests/StellaOps.Attestor.FixChain.Tests/Unit/FixChainAttestationServiceTests.cs`, `FixChainStatementBuilderTests.cs`, `FixChainValidatorTests.cs`
|
||||
- `__Tests/StellaOps.Attestor.FixChain.Tests/Integration/FixChainAttestationIntegrationTests.cs`
|
||||
|
||||
## E2E Test Plan
|
||||
- [ ] Create a fix chain attestation via `FixChainAttestationService` for a backported security patch and verify the attestation contains patch details
|
||||
- [ ] Build an in-toto statement via `FixChainStatementBuilder` and verify correct predicate type
|
||||
- [ ] Validate the fix chain attestation via `FixChainValidator` and verify it passes for a valid fix
|
||||
- [ ] Create a fix chain with invalid data (e.g., missing patch reference) and verify `FixChainValidator` rejects it
|
||||
- [ ] Verify `FixStatusInfo` in the proof chain tracks fix application status
|
||||
- [ ] Sign the fix chain statement and verify DSSE envelope integrity
|
||||
- [ ] Run integration tests to verify end-to-end fix chain attestation flow
|
||||
|
||||
## Verification
|
||||
|
||||
| Check | Result |
|
||||
|-------|--------|
|
||||
| Tier 0 - Source Verification | PASS |
|
||||
| Tier 1 - Build + Code Review | PASS |
|
||||
| Tier 2 - Behavioral Verification | PASS |
|
||||
| Verified Date | 2026-02-13 |
|
||||
| Run ID | run-001 |
|
||||
Reference in New Issue
Block a user