stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

save checkpoint

Browse Source
This commit is contained in:
master
2026-02-14 09:11:48 +02:00
parent 9ca2de05df
commit e9aeadc040
1512 changed files with 30863 additions and 4728 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
docs/features/checked/attestor/proof-chain-database-schema.md Normal file
View File

@@ -0,0 +1,49 @@
# Proof Chain Database Schema (PostgreSQL Persistence)
## Module
Attestor
## Status
VERIFIED
## Description
PostgreSQL-backed persistence layer for proof chain data with 5 core tables (sbom_entries, dsse_envelopes, spines, trust_anchors, rekor_entries), EF Core entity mappings, and IProofChainRepository abstraction.
## Implementation Details
- **DbContext**: `src/Attestor/__Libraries/StellaOps.Attestor.Persistence/ProofChainDbContext.cs` -- EF Core DbContext with tenant-scoped queries, RLS policy application, and schema isolation.
- **Entities**:
- `Entities/DsseEnvelopeEntity.cs` -- persisted DSSE envelope with tenant_id, payload hash, created/updated timestamps.
- `Entities/RekorEntryEntity.cs` -- persisted Rekor log entry with log index, integrated time, inclusion proof.
- `Entities/SbomEntryEntity.cs` -- persisted SBOM entry with format, version, component count.
- `Entities/SpineEntity.cs` -- persisted proof spine with Merkle root, segment count, linked evidence IDs.
- `Entities/TrustAnchorEntity.cs` -- persisted trust anchor with key material, expiry, and trust level.
- `Entities/VerdictLedgerEntry.cs` -- persisted verdict ledger entry with decision, timestamp, and proof references.
- `Entities/AuditLogEntity.cs` -- audit log with operation type and content hash.
- **Repositories**:
- `Repositories/IProofChainRepository.cs` -- repository abstraction for CRUD operations on all proof chain entities.
- `Repositories/IVerdictLedgerRepository.cs` -- repository for verdict ledger queries (by subject, by time range).
- `Repositories/PostgresVerdictLedgerRepository.cs` -- PostgreSQL implementation with optimized queries and tenant scoping.
- **Migrations**: `Migrations/` -- EF Core migrations defining schema, indexes, RLS policies, and constraints.
- **Services**: `Services/` -- data access services for higher-level operations.
- **Performance**: `Perf/` -- performance configurations (connection pooling, query optimization).
- **Tests**: `__Tests/StellaOps.Attestor.Persistence.Tests/`
## E2E Test Plan
- [ ] Create and persist a `DsseEnvelopeEntity` via `IProofChainRepository` and verify retrieval by ID
- [ ] Persist a `RekorEntryEntity` with log index and inclusion proof; retrieve and verify all fields
- [ ] Persist a `SpineEntity` with Merkle root and verify the root hash is stored correctly
- [ ] Create a `TrustAnchorEntity` and verify it is retrievable by key fingerprint
- [ ] Create `VerdictLedgerEntry` records via `PostgresVerdictLedgerRepository` and query by subject digest; verify correct results
- [ ] Verify tenant isolation: create entities for tenant A and verify they are not visible to tenant B
- [ ] Run migrations on an empty database and verify all 5 tables are created with correct columns, indexes, and constraints
- [ ] Verify JSONB columns store and retrieve complex predicate payloads correctly
## Verification
| Check | Result |
|-------|--------|
| Tier 0 - Source Verification | PASS |
| Tier 1 - Build + Code Review | PASS |
| Tier 2 - Behavioral Verification | PASS |
| Verified Date | 2026-02-13 |
| Run ID | run-001 |