stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

save checkpoint

Browse Source
This commit is contained in:
master
2026-02-14 09:11:48 +02:00
parent 9ca2de05df
commit e9aeadc040
1512 changed files with 30863 additions and 4728 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
docs/features/checked/attestor/proof-chain-rest-api.md Normal file
View File

@@ -0,0 +1,43 @@
# Proof Chain REST API (Backend Services)
## Module
Attestor
## Status
VERIFIED
## Description
REST API endpoints for querying proof chains by subject digest, retrieving evidence chain graphs, and verifying proof integrity with DSSE signature and Rekor inclusion checks.
## Implementation Details
- **Proofs Controller**: `src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/Controllers/ProofsController.cs` -- CRUD operations for proof chain entries (submit, query by subject, list).
- **Verify Controller**: `Controllers/VerifyController.cs` -- verification endpoints running the full verification pipeline on submitted proof bundles.
- **Bundles Controller**: `Controllers/BundlesController.cs` -- retrieves attestation bundles (multiple related attestations grouped together).
- **Chain Controller**: `Controllers/ChainController.cs` -- traverses evidence chains from verdict to leaf evidence nodes.
- **Anchors Controller**: `Controllers/AnchorsController.cs` -- manages trust anchors (create, query, revoke).
- **Verdict Controller**: `Controllers/VerdictController.cs` -- verdict-specific endpoints for querying and managing verdicts.
- **Proof Chain Controller**: `Controllers/ProofChainController.cs` -- additional proof chain query endpoints.
- **Verification Pipeline**: `__Libraries/StellaOps.Attestor.ProofChain/Verification/VerificationPipeline.cs` (with `.Verify`) -- multi-step verification invoked by VerifyController.
- **Proof Graph Queries**: `__Libraries/StellaOps.Attestor.ProofChain/Graph/InMemoryProofGraphService.cs` (with `.Queries`) -- graph queries backing ChainController.
- **Composition Root**: `StellaOps.Attestor.WebService/AttestorWebServiceComposition.cs` -- DI registration for all API services.
- **Tests**: `__Tests/StellaOps.Attestor.WebService.Tests/`
## E2E Test Plan
- [ ] POST a proof chain entry via `ProofsController` and verify 201 Created with the entry ID
- [ ] GET a proof chain by subject digest via `ProofsController` and verify the response contains all linked attestations
- [ ] POST a verification request via `VerifyController` and verify the response contains step-by-step verification results
- [ ] GET an attestation bundle via `BundlesController` and verify it contains all related attestations (SBOM, VEX, verdict)
- [ ] GET an evidence chain via `ChainController` and verify traversal from verdict to leaf evidence
- [ ] POST a trust anchor via `AnchorsController` and verify it is stored and queryable
- [ ] GET a verdict via `VerdictController` by subject digest and verify the decision and linked proof IDs
- [ ] Verify error handling: submit invalid proof data and verify appropriate 400/422 error responses
## Verification
| Check | Result |
|-------|--------|
| Tier 0 - Source Verification | PASS |
| Tier 1 - Build + Code Review | PASS |
| Tier 2 - Behavioral Verification | PASS |
| Verified Date | 2026-02-13 |
| Run ID | run-001 |