# Attestor Implementation Plan

## Purpose
Provide a concise, living plan for Attestor feature delivery, timestamping, and offline verification workflows.

## Active work
- `docs/implplan/SPRINT_20260416_017_Attestor_truthful_runtime_storage_cutover.md`
- `docs/implplan/SPRINT_20260119_010_Attestor_tst_integration.md`
- `docs/implplan/SPRINT_20260119_013_Attestor_cyclonedx_1.7_generation.md`
- `docs/implplan/SPRINT_20260119_014_Attestor_spdx_3.0.1_generation.md`

## Near-term deliverables
- Durable bulk verification worker/store path to replace the current truthful non-testing `501` unsupported runtime.
- RFC-3161 timestamping integration (signing, verification, policy context).
- CycloneDX 1.7 predicate writer updates and determinism tests.
- SPDX 3.0.1 predicate writer updates and determinism tests.
- CLI workflows for attestation timestamp handling.

## Dependencies
- Authority timestamping services and TSA client integrations.
- EvidenceLocker timestamp storage and verification utilities.
- Policy evaluation integration for timestamp assertions.

## Evidence of completion
- PostgreSQL-backed runtime proof tests for canonical entry/audit storage and watchlist persistence under `src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Tests/Integration/AttestorTruthfulRuntimeTests.cs`.
- Attestor timestamping library changes under `src/Attestor/__Libraries/`.
- Updated CLI command handlers and tests under `src/Cli/`.
- Deterministic unit tests and fixtures in `src/Attestor/__Tests/`.
- Documentation updates under `docs/modules/attestor/`.

## Reference docs
- `docs/modules/attestor/README.md`
- `docs/modules/attestor/architecture.md`
- `docs/modules/attestor/rekor-verification-design.md`
- `docs/modules/platform/architecture-overview.md`