stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

save checkpoint

Browse Source
This commit is contained in:
master
2026-02-14 09:11:48 +02:00
parent 9ca2de05df
commit e9aeadc040
1512 changed files with 30863 additions and 4728 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
docs/features/checked/excititor/vex-issuer-identity-verification.md Normal file
View File

@@ -0,0 +1,36 @@
# VEX Issuer Identity Verification
## Module
Excititor
## Status
VERIFIED
## Description
Cryptographic verification of VEX issuer identities with signature verification, issuer directory lookup, verification caching, and configurable verification options.
## Implementation Details
- **Modules**: `src/Excititor/__Libraries/StellaOps.Excititor.Core/Verification/`, `src/Excititor/__Libraries/StellaOps.Excititor.Connectors.Abstractions/Trust/`
- **Key Classes**:
- `IssuerDirectoryClient` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/Verification/IssuerDirectoryClient.cs`) - looks up issuer public keys from the issuer directory
- `ProductionVexSignatureVerifier` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/Verification/ProductionVexSignatureVerifier.cs`) - verifies VEX document signatures against issuer keys
- `VerificationCacheService` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/Verification/VerificationCacheService.cs`) - caches issuer verification results
- `VexSignatureVerifierOptions` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/Verification/VexSignatureVerifierOptions.cs`) - configurable verification options
- `ConnectorSignerMetadata` (`src/Excititor/__Libraries/StellaOps.Excititor.Connectors.Abstractions/Trust/ConnectorSignerMetadata.cs`) - signer metadata for connector-level trust
- `ConnectorSignerMetadataEnricher` (`src/Excititor/__Libraries/StellaOps.Excititor.Connectors.Abstractions/Trust/ConnectorSignerMetadataEnricher.cs`) - enriches connector metadata with signer info
- **Interfaces**: `IVexSignatureVerifierV2`
- **Source**: Feature matrix scan
## E2E Test Plan
- [ ] Verify `IssuerDirectoryClient` looks up issuer public keys from the issuer directory service
- [ ] Verify `ProductionVexSignatureVerifier` validates a VEX document signed by a known issuer
- [ ] Verify rejection when a VEX document is signed by an unknown issuer not in the directory
- [ ] Verify `VerificationCacheService` caches issuer lookup results and returns cached results on repeat queries
- [ ] Verify `ConnectorSignerMetadataEnricher` enriches connector metadata with signer identity info
- [ ] Verify `VexSignatureVerifierOptions` allows configuring verification strictness (strict, permissive, disabled)
## Verification
- Verified on 2026-02-13 via `run-001`.
- Tier 0: Source files confirmed present on disk.
- Tier 1: `dotnet build` passed (0 errors); 503/504 tests passed (1 env_issue: no local Postgres).
- Tier 2d: `docs/qa/feature-checks/runs/excititor/vex-issuer-identity-verification/run-001/tier2-integration-check.json`