stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
1bf6bbf3955ecbd8d20f5eeb767da5c7f8324b57
git.stella-ops.org/docs/features/unchecked/attestor/four-layer-architecture.md

2.2 KiB
Raw Blame History

Four-Layer Architecture (Edge, Control Plane, Evidence Plane, Data Plane)

Module

Attestor

Status

IMPLEMENTED

Description

The described four-layer architecture is realized with distinct modules for edge routing, control plane (policy/authority/attestor/scheduler), evidence plane (scanner/excititor/concelier), and data plane (workers/task runners).

Implementation Details

  • Attestor as Control Plane: src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/ -- HTTP endpoints:
    • Controllers/ProofsController.cs, VerifyController.cs, BundlesController.cs, ChainController.cs, AnchorsController.cs, VerdictController.cs -- control plane APIs
    • Endpoints/VerdictEndpoints.cs, WatchlistEndpoints.cs -- minimal API endpoints
  • Evidence Plane Integration: __Libraries/StellaOps.Attestor.ProofChain/ -- evidence construction with 93 predicate types, 49 statement types
  • Verification Pipeline: __Libraries/StellaOps.Attestor.ProofChain/Verification/VerificationPipeline.cs (with .Verify) -- multi-step verification pipeline
  • Submission Service: StellaOps.Attestor.Core/Submission/IAttestorSubmissionService.cs, AttestorSubmissionValidator.cs -- validates and routes submissions
  • Queue (Data Plane): StellaOps.Attestor.Core/Queue/IRekorSubmissionQueue.cs -- durable queue for asynchronous processing
  • Background Services: StellaOps.Attestor.Core/Rekor/RekorSyncBackgroundService.cs -- background processing
  • Composition: StellaOps.Attestor.WebService/AttestorWebServiceComposition.cs -- DI composition root

E2E Test Plan

  • Submit an attestation via ProofsController and verify it flows through the submission pipeline
  • Verify an attestation via VerifyController and confirm the verification pipeline executes all steps
  • Query attestation bundles via BundlesController and verify correct responses
  • Query attestation chains via ChainController and verify traversal works
  • Submit a batch of attestations and verify they are queued for Rekor publication
  • Verify the background sync service processes queued items
  • Verify AttestorSubmissionValidator rejects invalid submissions with appropriate error messages