master
66cb6c4b8a
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
- Introduced guild charters for Scanner Deno, PHP, Ruby, Native, WebService, Java, Surface.Env, Surface.FS, Surface.Secrets, Surface.Validation, UI, Zastava Observer, Zastava Webhook, Zastava Core, and Plugin Platform. - Each charter outlines the mission, scope, required reading, and working agreements for the respective guilds. - Created task boards for Surface.Env, Surface.FS, Surface.Secrets, Surface.Validation, and Zastava components to track progress and dependencies. - Ensured all documents emphasize determinism, offline readiness, security, and integration with shared Surface libraries.
StellaOps Signer
Signer validates callers, enforces Proof-of-Entitlement, and produces signed DSSE bundles for SBOMs, reports, and exports.
Responsibilities
- Enforce plan quotas and PoE before signing artifacts.
- Support keyless and keyful signing backends.
- Emit DSSE payloads consumed by Attestor and downstream bundles.
- Maintain audit trails for all signing operations.
Key components
StellaOps.Signerservice host.- Crypto providers under
StellaOps.Cryptography.*.
Integrations & dependencies
- Authority for OpTok validation.
- Attestor for transparency logging.
- Export Center and CLI for artifact signing flows.
Operational notes
- Key management via Authority/DevOps runbooks.
- Metrics for signing latency/throttle states.
- Offline kit integration for signature verification.
Backlog references
- SIG docs/tasks in ../../TASKS.md (e.g., DOCS-SIG-26-006).
Epic alignment
- Epic 10 – Export Center: provide signing pipelines, cosign interoperability, and provenance manifests for bundle promotion.
- Epic 19 – Attestor Console: supply DSSE payloads and Proof-of-Entitlement enforcement feeding attestation workflows described in
docs/modules/attestor/.