stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

save checkpoint

Browse Source
This commit is contained in:
master
2026-02-14 09:11:48 +02:00
parent 9ca2de05df
commit e9aeadc040
1512 changed files with 30863 additions and 4728 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
docs/features/checked/attestor/vex-receipt-sidebar.md Normal file
View File

@@ -0,0 +1,46 @@
# VEX Receipt Sidebar
## Module
Attestor
## Status
VERIFIED
## Description
Backend VEX receipt model and verdict receipt statement exist. VEX hub feature exists in frontend but a dedicated "sidebar" UX for individual VEX receipts is not a standalone component.
## What's Implemented
- **Verdict Receipt Payload**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Statements/VerdictReceiptPayload.cs` -- receipt payload with verdict inputs, decision, and outputs.
- **Verdict Receipt Statement**: `Statements/VerdictReceiptStatement.cs` -- in-toto statement wrapping verdict receipts.
- **Verification Receipt**: `Receipts/VerificationReceipt.cs` -- verification receipt model.
- **Verification Check**: `Receipts/VerificationCheck.cs` -- individual check within a receipt.
- **VEX Verdict Summary**: `Predicates/VexVerdictSummary.cs` -- summary of VEX verdicts.
- **VEX Override Decision**: `__Libraries/StellaOps.Attestor.StandardPredicates/VexOverride/VexOverrideDecision.cs` -- VEX override decision model.
## What's Missing
- **VEX receipt sidebar Angular component**: No dedicated sidebar component showing VEX receipt details (decision, justification, evidence, verification status) when a VEX entry is selected.
- **Receipt detail API endpoint**: No API endpoint returning receipt details formatted for sidebar rendering.
- **Receipt verification status display**: No UI element showing whether the receipt's DSSE signature and Rekor inclusion have been verified.
- **Receipt history timeline**: No timeline view showing receipt history for a given CVE/component pair.
- **Receipt export/share**: No functionality to export a receipt as a standalone verifiable document or share it via link.
## Implementation Plan
- Create Angular sidebar component for VEX receipt display
- Add API endpoint returning receipt details with verification status
- Implement verification status indicator (signed, anchored, verified)
- Add receipt history timeline for per-CVE/component receipt evolution
- Implement receipt export as standalone verifiable document
- Add e2e tests for sidebar rendering, interaction, and receipt display
## Related Documentation
- Source: See feature catalog
## Verification
| Check | Result |
|-------|--------|
| Tier 0 - Source Verification | PASS |
| Tier 1 - Build + Code Review | PASS |
| Tier 2 - Behavioral Verification | PASS |
| Verified Date | 2026-02-13 |
| Run ID | run-001 |