# Four-Layer Architecture (Edge, Control Plane, Evidence Plane, Data Plane)

## Module
Attestor

## Status
VERIFIED

## Description
The described four-layer architecture is realized with distinct modules for edge routing, control plane (policy/authority/attestor/scheduler), evidence plane (scanner/excititor/concelier), and data plane (workers/task runners).

## Implementation Details
- **Attestor as Control Plane**: `src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/` -- HTTP endpoints:
  - `Controllers/ProofsController.cs`, `VerifyController.cs`, `BundlesController.cs`, `ChainController.cs`, `AnchorsController.cs`, `VerdictController.cs` -- control plane APIs
  - `Endpoints/VerdictEndpoints.cs`, `WatchlistEndpoints.cs` -- minimal API endpoints
- **Evidence Plane Integration**: `__Libraries/StellaOps.Attestor.ProofChain/` -- evidence construction with 93 predicate types, 49 statement types
- **Verification Pipeline**: `__Libraries/StellaOps.Attestor.ProofChain/Verification/VerificationPipeline.cs` (with `.Verify`) -- multi-step verification pipeline
- **Submission Service**: `StellaOps.Attestor.Core/Submission/IAttestorSubmissionService.cs`, `AttestorSubmissionValidator.cs` -- validates and routes submissions
- **Queue (Data Plane)**: `StellaOps.Attestor.Core/Queue/IRekorSubmissionQueue.cs` -- durable queue for asynchronous processing
- **Background Services**: `StellaOps.Attestor.Core/Rekor/RekorSyncBackgroundService.cs` -- background processing
- **Composition**: `StellaOps.Attestor.WebService/AttestorWebServiceComposition.cs` -- DI composition root

## E2E Test Plan
- [ ] Submit an attestation via `ProofsController` and verify it flows through the submission pipeline
- [ ] Verify an attestation via `VerifyController` and confirm the verification pipeline executes all steps
- [ ] Query attestation bundles via `BundlesController` and verify correct responses
- [ ] Query attestation chains via `ChainController` and verify traversal works
- [ ] Submit a batch of attestations and verify they are queued for Rekor publication
- [ ] Verify the background sync service processes queued items
- [ ] Verify `AttestorSubmissionValidator` rejects invalid submissions with appropriate error messages

## Verification

| Check | Result |
|-------|--------|
| Tier 0 - Source Verification | PASS |
| Tier 1 - Build + Code Review | PASS |
| Tier 2 - Behavioral Verification | PASS |
| Verified Date | 2026-02-13 |
| Run ID | run-001 |