# Proof Chain REST API (Backend Services)

## Module
Attestor

## Status
IMPLEMENTED

## Description
REST API endpoints for querying proof chains by subject digest, retrieving evidence chain graphs, and verifying proof integrity with DSSE signature and Rekor inclusion checks.

## Implementation Details
- **Proofs Controller**: `src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/Controllers/ProofsController.cs` -- CRUD operations for proof chain entries (submit, query by subject, list).
- **Verify Controller**: `Controllers/VerifyController.cs` -- verification endpoints running the full verification pipeline on submitted proof bundles.
- **Bundles Controller**: `Controllers/BundlesController.cs` -- retrieves attestation bundles (multiple related attestations grouped together).
- **Chain Controller**: `Controllers/ChainController.cs` -- traverses evidence chains from verdict to leaf evidence nodes.
- **Anchors Controller**: `Controllers/AnchorsController.cs` -- manages trust anchors (create, query, revoke).
- **Verdict Controller**: `Controllers/VerdictController.cs` -- verdict-specific endpoints for querying and managing verdicts.
- **Proof Chain Controller**: `Controllers/ProofChainController.cs` -- additional proof chain query endpoints.
- **Verification Pipeline**: `__Libraries/StellaOps.Attestor.ProofChain/Verification/VerificationPipeline.cs` (with `.Verify`) -- multi-step verification invoked by VerifyController.
- **Proof Graph Queries**: `__Libraries/StellaOps.Attestor.ProofChain/Graph/InMemoryProofGraphService.cs` (with `.Queries`) -- graph queries backing ChainController.
- **Composition Root**: `StellaOps.Attestor.WebService/AttestorWebServiceComposition.cs` -- DI registration for all API services.
- **Tests**: `__Tests/StellaOps.Attestor.WebService.Tests/`

## E2E Test Plan
- [ ] POST a proof chain entry via `ProofsController` and verify 201 Created with the entry ID
- [ ] GET a proof chain by subject digest via `ProofsController` and verify the response contains all linked attestations
- [ ] POST a verification request via `VerifyController` and verify the response contains step-by-step verification results
- [ ] GET an attestation bundle via `BundlesController` and verify it contains all related attestations (SBOM, VEX, verdict)
- [ ] GET an evidence chain via `ChainController` and verify traversal from verdict to leaf evidence
- [ ] POST a trust anchor via `AnchorsController` and verify it is stored and queryable
- [ ] GET a verdict via `VerdictController` by subject digest and verify the decision and linked proof IDs
- [ ] Verify error handling: submit invalid proof data and verify appropriate 400/422 error responses