stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
main
git.stella-ops.org/docs/features/checked/attestor/verdict-ledger.md
master e9aeadc040 save checkpoint
2026-02-14 09:11:48 +02:00

3.2 KiB
Raw Permalink Blame History

Verdict Ledger (Append-Only Store)

Module

Attestor

Status

VERIFIED

Description

Append-only verdict ledger for tamper-evident storage of all verdict decisions with hash chain integrity.

Implementation Details

  • Verdict Ledger Entity: src/Attestor/__Libraries/StellaOps.Attestor.Persistence/Entities/VerdictLedgerEntry.cs -- persisted ledger entry with verdict decision, subject digest, timestamp, and previous entry hash for chain integrity.
  • IVerdictLedgerRepository: Persistence/Repositories/IVerdictLedgerRepository.cs -- repository interface for append-only verdict storage (append, query by subject, verify chain integrity).
  • PostgresVerdictLedgerRepository: Persistence/Repositories/PostgresVerdictLedgerRepository.cs -- PostgreSQL implementation with append-only semantics enforced by database constraints and hash chain verification.
  • Verdict Receipt Payload: __Libraries/StellaOps.Attestor.ProofChain/Statements/VerdictReceiptPayload.cs -- payload stored in the ledger containing the full verdict decision context.
  • Verdict Receipt Statement: Statements/VerdictReceiptStatement.cs -- in-toto statement wrapping the verdict receipt.
  • Verdict Decision: Statements/VerdictDecision.cs -- the decision record (PASS/FAIL/WARN) with reasoning and policy reference.
  • Verdict Inputs: Statements/VerdictInputs.cs -- captured inputs that drove the verdict.
  • Verdict Outputs: Statements/VerdictOutputs.cs -- outputs/actions from the verdict.
  • Trust Verdict Repository: __Libraries/StellaOps.Attestor.TrustVerdict/Persistence/ITrustVerdictRepository.cs -- repository for trust-scored verdicts with PostgresTrustVerdictRepository.cs (with .Store, .GetById, .Query, .Delete, .Stats).
  • Trust Verdict Entity: TrustVerdict/Persistence/TrustVerdictEntity.cs -- persisted trust verdict with scoring data.
  • Trust Verdict Stats: TrustVerdict/Persistence/TrustVerdictStats.cs -- aggregate statistics over the verdict ledger.
  • Tests: __Tests/StellaOps.Attestor.Persistence.Tests/

E2E Test Plan

  • Append a verdict to the ledger via PostgresVerdictLedgerRepository and verify it is persisted with a hash linking to the genesis entry
  • Append 5 verdicts sequentially and verify each entry's previous hash points to the prior entry, forming a valid hash chain
  • Query verdicts by subject digest and verify only matching entries are returned in chronological order
  • Verify append-only: attempt to update or delete an existing ledger entry and confirm the operation is rejected
  • Verify chain integrity: tamper with one entry's hash in the database and call chain verification; confirm the break is detected
  • Store and retrieve a VerdictReceiptPayload with full inputs, decision, and outputs; verify round-trip fidelity
  • Query TrustVerdictStats and verify aggregate counts (total verdicts, pass/fail/warn breakdown)
  • Append verdicts concurrently from multiple threads and verify all are persisted with valid hash chain ordering

Verification

Check Result
Tier 0 - Source Verification PASS
Tier 1 - Build + Code Review PASS
Tier 2 - Behavioral Verification PASS
Verified Date 2026-02-13
Run ID run-001