stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity
Files
48f3071e2a0d63a1548f6b0e64b9e2290d5a8bf3
git.stella-ops.org/src/StellaOps.Signer/TASKS.md
master 48f3071e2a Add tests and implement StubBearer authentication for Signer endpoints 
- Created SignerEndpointsTests to validate the SignDsse and VerifyReferrers endpoints.
- Implemented StubBearerAuthenticationDefaults and StubBearerAuthenticationHandler for token-based authentication.
- Developed ConcelierExporterClient for managing Trivy DB settings and export operations.
- Added TrivyDbSettingsPageComponent for UI interactions with Trivy DB settings, including form handling and export triggering.
- Implemented styles and HTML structure for Trivy DB settings page.
- Created NotifySmokeCheck tool for validating Redis event streams and Notify deliveries.
2025-10-21 09:37:07 +03:00

1.9 KiB
Raw Blame History

Signer Guild Task Board (UTC 2025-10-19)

ID Status Owner(s) Depends on Description Exit Criteria
SIGNER-API-11-101 DONE (2025-10-21) Signer Guild /sign/dsse pipeline with Authority auth, PoE introspection, release verification, DSSE signing. POST /api/v1/signer/sign/dsse enforces OpTok audience/scope, DPoP/mTLS binding, PoE introspection, and rejects untrusted scanner digests.
Signing pipeline supports keyless (Fulcio) plus optional KMS modes, returning DSSE bundles + cert metadata; deterministic audits persisted.
Regression coverage in SignerEndpointsTests (dotnet test src/StellaOps.Signer/StellaOps.Signer.Tests/StellaOps.Signer.Tests.csproj).
SIGNER-REF-11-102 DONE (2025-10-21) Signer Guild /verify/referrers endpoint with OCI lookup, caching, and policy enforcement. GET /api/v1/signer/verify/referrers validates trusted scanner digests via release verifier and surfaces signer metadata; JSON responses served deterministically.
Integration tests cover trusted/untrusted digests and validation failures (SignerEndpointsTests).
SIGNER-QUOTA-11-103 DONE (2025-10-21) Signer Guild Enforce plan quotas, concurrency/QPS limits, artifact size caps with metrics/audit logs. Quota middleware derives plan limits from PoE claims, applies per-tenant concurrency/QPS/size caps, and surfaces remaining capacity in responses.
Unit coverage exercises throttled/artifact-too-large paths via in-memory quota service.

Remark (2025-10-19): Wave 0 prerequisites reviewed—none outstanding. SIGNER-API-11-101, SIGNER-REF-11-102, and SIGNER-QUOTA-11-103 moved to DOING for kickoff per EXECPLAN.md.

Update status columns (TODO / DOING / DONE / BLOCKED) in tandem with code changes and associated tests.