stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

save checkpoint

Browse Source
This commit is contained in:
master
2026-02-14 09:11:48 +02:00
parent 9ca2de05df
commit e9aeadc040
1512 changed files with 30863 additions and 4728 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
docs/features/checked/libraries/doctor-health-check-plugins.md Normal file
View File

@@ -0,0 +1,37 @@
# Doctor Health Check Plugins (Attestation + Verification + Integration)
## Module
__Libraries
## Status
VERIFIED
## Description
Doctor plugin system with attestation checks, verification checks, integration checks (registry referrers API, push/pull authorization, credentials), service graph plugin, security plugin, observability plugin, and notification plugin. The advisory itself states "IMPLEMENTED on 2026-01-16".
## Implementation Details
- **AttestationPlugin**: `src/__Libraries/StellaOps.Doctor.Plugins.Attestation/AttestationPlugin.cs` -- registers attestation health checks with `AttestationCheckBase` base class; `AttestationPluginOptions` for configuration; `AttestationPluginExtensions` for DI registration
- **Attestation Checks**: `src/__Libraries/StellaOps.Doctor.Plugins.Attestation/` -- `ClockSkewCheck.cs` (NTP clock skew validation), `CosignKeyMaterialCheck.cs` (cosign key material availability), `OfflineBundleCheck.cs` (offline trust bundle freshness), `RekorConnectivityCheck.cs` (Rekor transparency log connectivity)
- **VerificationPlugin**: `src/__Libraries/StellaOps.Doctor.Plugins.Verification/VerificationPlugin.cs` -- registers verification health checks with `VerificationCheckBase` base class; `VerificationPluginOptions`; `VerificationPluginExtensions`
- **Verification Checks**: `src/__Libraries/StellaOps.Doctor.Plugins.Verification/` -- `PolicyEngineCheck.cs` (policy engine availability), `SbomValidationCheck.cs` (SBOM validation capability), `SignatureVerificationCheck.cs` (signature verification capability), `TestArtifactPullCheck.cs` (test artifact pull from registry), `VexValidationCheck.cs` (VEX document validation)
- **Additional Plugins**: `src/__Libraries/StellaOps.Doctor.Plugins.*/` -- AI, Authority, Core, Cryptography, Database, Docker, Integration, Notify, Observability, Security, ServiceGraph, Sources
- **Integration Tests**: `src/__Libraries/__Tests/StellaOps.Doctor.Plugins.Integration.Tests/`
- **Source**: Feature matrix scan
## E2E Test Plan
- [ ] Verify AttestationPlugin registers and runs all attestation checks (ClockSkew, CosignKey, OfflineBundle, Rekor)
- [ ] Test ClockSkewCheck detects NTP drift beyond configured threshold
- [ ] Verify CosignKeyMaterialCheck validates cosign key availability
- [ ] Test RekorConnectivityCheck reports connectivity status to transparency log
- [ ] Verify VerificationPlugin runs PolicyEngine, SbomValidation, SignatureVerification, VexValidation checks
- [ ] Test TestArtifactPullCheck verifies registry pull/push operations
- [ ] Verify plugin DI registration via extension methods
- [ ] Test health check aggregation across all Doctor plugins returns combined status
## Verification
- **Verified**: 2026-02-13T20:30:00Z
- **Run**: run-001
- **Tier**: Tier 2d (Library/Internal)
- **Verdict**: PASS