git.stella-ops.org/docs/modules/attestor/implementation_plan.md

Attestor Implementation Plan

Purpose

Provide a concise, living plan for Attestor feature delivery, timestamping, and offline verification workflows.

Active work

• docs/implplan/SPRINT_20260416_017_Attestor_truthful_runtime_storage_cutover.md
• docs/implplan/SPRINT_20260119_010_Attestor_tst_integration.md
• docs/implplan/SPRINT_20260119_013_Attestor_cyclonedx_1.7_generation.md
• docs/implplan/SPRINT_20260119_014_Attestor_spdx_3.0.1_generation.md

Near-term deliverables

• Durable bulk verification worker/store path to replace the current truthful non-testing 501 unsupported runtime.
• RFC-3161 timestamping integration (signing, verification, policy context).
• CycloneDX 1.7 predicate writer updates and determinism tests.
• SPDX 3.0.1 predicate writer updates and determinism tests.
• CLI workflows for attestation timestamp handling.

Dependencies

• Authority timestamping services and TSA client integrations.
• EvidenceLocker timestamp storage and verification utilities.
• Policy evaluation integration for timestamp assertions.

Evidence of completion

• PostgreSQL-backed runtime proof tests for canonical entry/audit storage and watchlist persistence under src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Tests/Integration/AttestorTruthfulRuntimeTests.cs.
• Attestor timestamping library changes under src/Attestor/__Libraries/.
• Updated CLI command handlers and tests under src/Cli/.
• Deterministic unit tests and fixtures in src/Attestor/__Tests/.
• Documentation updates under docs/modules/attestor/.

Reference docs

• docs/modules/attestor/README.md
• docs/modules/attestor/architecture.md
• docs/modules/attestor/rekor-verification-design.md
• docs/modules/platform/architecture-overview.md