# Rekor Integration System (Client, Persistence, Retry, Sync, v2 Tiles, Checkpoint Store)

## Module
Attestor

## Status
IMPLEMENTED

## Description
Comprehensive Rekor integration: IRekorClient with production/resilient/stub implementations for DSSE submission and inclusion proof verification. Checkpoint persistence with Postgres storage and divergence detection. DB schema with entity mapping, structured entry model (UUID, log index, integrated time, inclusion proof). Background retry worker for failed submissions, sync background service for continuous verification, and v2 tile-backed architecture with HTTP client and tile cache interface.

## Implementation Details
- **Rekor Client**: `src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Rekor/IRekorClient.cs` -- abstraction for Rekor HTTP operations (submit, get entry, get proof).
- **Rekor Backend**: `Rekor/RekorBackend.cs` -- configurable Rekor backend (public, private, stub).
- **Rekor Backend Resolver**: `Rekor/IRekorBackendResolver.cs` -- resolves active backend.
- **Checkpoint Store**: `Rekor/IRekorCheckpointStore.cs` -- stores and retrieves Rekor checkpoints.
- **Checkpoint Divergence**: `Rekor/CheckpointDivergenceDetector.cs` -- detects divergence. `CheckpointDivergenceAlertPublisher.cs` -- publishes alerts.
- **Tile Client**: `Rekor/IRekorTileClient.cs` -- v2 tile-based transparency log client.
- **Tile Cache**: `Rekor/IRekorTileCache.cs` -- tile cache interface. `FileSystemRekorTileCache.cs` -- filesystem implementation.
- **Submission Queue**: `Queue/IRekorSubmissionQueue.cs` -- durable queue with retry for failed submissions.
- **Sync Service**: `Rekor/RekorSyncBackgroundService.cs` -- background service for continuous sync and verification.
- **Entry Models**: `Rekor/RekorEntryEvent.cs`, `RekorReceipt.cs`, `RekorSubmissionResponse.cs`, `RekorProofResponse.cs`, `RekorInclusionVerificationResult.cs`.
- **Persistence**: `__Libraries/StellaOps.Attestor.Persistence/Entities/RekorEntryEntity.cs` -- EF Core entity for Rekor entries.
- **Infrastructure**: `StellaOps.Attestor.Infrastructure/Rekor/` -- HTTP client implementations.
- **Enhanced Proof Builder**: `__Libraries/StellaOps.Attestor.ProofChain/Rekor/EnhancedRekorProofBuilder.cs` (with `.Build`, `.Validate`) -- enhanced proof construction.
- **TileProxy**: `StellaOps.Attestor.TileProxy/` -- standalone tile proxy service with sync jobs, endpoints, and content-addressed storage.
- **Tests**: `__Tests/StellaOps.Attestor.Core.Tests/RekorIntegrationTests.cs`

## E2E Test Plan
- [ ] Submit a DSSE envelope via `IRekorClient` and verify the response contains log index and UUID
- [ ] Retrieve an entry by log index and verify all fields (UUID, integrated time, inclusion proof)
- [ ] Verify an entry's inclusion proof via `EnhancedRekorProofBuilder.Validate`
- [ ] Queue a submission via `IRekorSubmissionQueue`, simulate failure, and verify retry succeeds
- [ ] Run `RekorSyncBackgroundService` and verify it syncs new entries from the Rekor log
- [ ] Store a checkpoint via `IRekorCheckpointStore` and detect divergence via `CheckpointDivergenceDetector`
- [ ] Verify v2 tile operations: fetch tiles via `IRekorTileClient`, cache via `FileSystemRekorTileCache`, serve via `TileProxyService`
- [ ] Persist `RekorEntryEntity` via EF Core and verify retrieval with all fields intact