2.3 KiB
2.3 KiB
Content-Addressed Identifiers (ArtifactId, EvidenceId, ProofBundleId)
Module
Attestor
Status
IMPLEMENTED
Description
Full content-addressed ID system with types for ArtifactId, EvidenceId, ReasoningId, VexVerdictId, ProofBundleId, plus a content-addressed ID generator and SHA256 parser.
Implementation Details
- ID Generator:
src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Identifiers/ContentAddressedIdGenerator.cs(with.Graphpartial) -- implementsIContentAddressedIdGenerator. Generates SHA-256 content-addressed IDs from canonical JSON content. - Base Types:
ContentAddressedId.cs-- base record type.GenericContentAddressedId.cs-- generic typed variant. - Typed ID Records:
ArtifactId.cs-- identifies attestation artifactsEvidenceId.cs-- identifies evidence itemsProofBundleId.cs-- identifies proof bundlesVexVerdictId.cs-- identifies VEX verdictsReasoningId.cs-- identifies reasoning chainsSbomEntryId.cs-- identifies SBOM entriesTrustAnchorId.cs-- identifies trust anchorsGraphRevisionId.cs-- identifies graph revision state
- SHA-256 Parser:
Sha256IdParser.cs-- parses and validatessha256:<64-hex-chars>format. - Proof Hashing:
__Libraries/StellaOps.Attestor.ProofChain/ProofHashing.cs-- SHA-256 hashing utilities. - Tests:
__Tests/StellaOps.Attestor.ProofChain.Tests/ContentAddressedIdTests.cs,ContentAddressedIdGeneratorTests.cs
E2E Test Plan
- Generate an
ArtifactIdfrom content viaContentAddressedIdGeneratorand verify the output matchessha256:<64-hex-chars>format - Generate IDs for identical content twice and verify they are equal
- Generate IDs for different content and verify they differ
- Parse a valid
sha256:abc123...string viaSha256IdParserand verify successful parsing - Attempt to parse an invalid ID (wrong prefix, wrong length) and verify parser rejects it
- Generate
EvidenceId,ProofBundleId,VexVerdictId,ReasoningIdfor same content and verify they produce the same hash but are distinct types - Generate a
GraphRevisionIdfrom a proof graph state, modify the graph, regenerate, and verify the ID changes - Verify
SbomEntryIdproduces deterministic IDs for identical SBOM component content