stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions Releases Wiki Activity
Files
15b4a1de6a1b4e4b5b980fe08ed344dfe7336c0a
git.stella-ops.org/src/Attestor/StellaOps.Attestor/TASKS.md
master 15b4a1de6a feat: Document completed tasks for KMS, Cryptography, and Plugin Libraries 
- Added detailed task completion records for KMS interface implementation and CLI support for file-based keys.
- Documented security enhancements including Argon2id password hashing, audit event contracts, and rate limiting configurations.
- Included scoped service support and integration updates for the Plugin platform, ensuring proper DI handling and testing coverage.
2025-10-31 14:37:45 +02:00

3.6 KiB
Raw Blame History

Attestor Guild Task Board (UTC 2025-10-19)

ID Status Owner(s) Depends on Description Exit Criteria

Remark (2025-10-19): Wave 0 prerequisites reviewed (none outstanding); ATTESTOR-API-11-201, ATTESTOR-VERIFY-11-202, and ATTESTOR-OBS-11-203 tracked as DOING per Wave 0A kickoff. Remark (2025-10-19): Dual-log submissions, signature/proof verification, and observability hardening landed; attestor endpoints now rate-limited per client with correlation-ID logging and updated docs/tests.

Epic 19 — Attestor Console Roadmap

Sprint 72 Foundations

ID Status Owner(s) Depends on Description Exit Criteria
ATTESTOR-72-001 TODO Attestor Service Guild ATTEST-ENVELOPE-72-001 Scaffold service (REST API skeleton, storage interfaces, KMS integration stubs) and DSSE validation pipeline. Service builds/tests; signing & verification stubs wired; lint/CI green.
ATTESTOR-72-002 TODO Attestor Service Guild ATTESTOR-72-001 Implement attestation store (DB tables, object storage integration), CRUD, and indexing strategies. Migrations applied; CRUD API functional; storage integration unit tests pass.

Sprint 73 Signing & Verification

ID Status Owner(s) Depends on Description Exit Criteria
ATTESTOR-73-001 TODO Attestor Service Guild, KMS Guild ATTESTOR-72-002, KMS-72-001 Implement signing endpoint with Ed25519/ECDSA support, KMS integration, and audit logging. POST /v1/attestations:sign functional; audit entries recorded; tests cover success/failure.
ATTESTOR-73-002 TODO Attestor Service Guild, Policy Guild ATTESTOR-72-002, VERPOL-73-001 Build verification pipeline evaluating DSSE signatures, issuer trust, and verification policies; persist reports. Verification endpoint returns structured report; results cached; contract tests pass.
ATTESTOR-73-003 TODO Attestor Service Guild ATTESTOR-73-002 Implement listing/fetch APIs with filters (subject, type, issuer, scope, date). API documented; pagination works; contract tests green.

Sprint 74 Transparency & Bulk

ID Status Owner(s) Depends on Description Exit Criteria
ATTESTOR-74-001 TODO Attestor Service Guild ATTESTOR-73-002, TRANSP-74-001 Integrate transparency witness client, inclusion proof verification, and caching. Witness proofs stored; verification fails on missing/inconsistent proofs; metrics emitted.
ATTESTOR-74-002 TODO Attestor Service Guild ATTESTOR-73-002 Implement bulk verification worker + API with progress tracking, rate limits, and caching. Bulk job API functional; worker processes batches; telemetry recorded.

Sprint 75 Air Gap & Hardening

ID Status Owner(s) Depends on Description Exit Criteria
ATTESTOR-75-001 TODO Attestor Service Guild, Export Guild ATTESTOR-74-002, EXPORT-ATTEST-74-001 Add export/import flows for attestation bundles and offline verification mode. Bundles generated/imported; offline verification path documented; tests cover missing witness data.
ATTESTOR-75-002 TODO Attestor Service Guild, Security Guild ATTESTOR-73-002 Harden APIs with rate limits, auth scopes, threat model mitigations, and fuzz testing. Rate limiting enforced; fuzz tests run in CI; threat model actions resolved.

*** End Task Board ***