stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity
Files
5fd4032c7c403862e19605e8755a2c3a000b4ea2
git.stella-ops.org/src/StellaOps.Attestor/TASKS.md
master 5fd4032c7c
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Add channel test providers for Email, Slack, Teams, and Webhook 
- Implemented EmailChannelTestProvider to generate email preview payloads.
- Implemented SlackChannelTestProvider to create Slack message previews.
- Implemented TeamsChannelTestProvider for generating Teams Adaptive Card previews.
- Implemented WebhookChannelTestProvider to create webhook payloads.
- Added INotifyChannelTestProvider interface for channel-specific preview generation.
- Created ChannelTestPreviewContracts for request and response models.
- Developed NotifyChannelTestService to handle test send requests and generate previews.
- Added rate limit policies for test sends and delivery history.
- Implemented unit tests for service registration and binding.
- Updated project files to include necessary dependencies and configurations.
2025-10-19 23:29:34 +03:00

2.5 KiB
Raw Blame History

Attestor Guild Task Board (UTC 2025-10-19)

ID Status Owner(s) Depends on Description Exit Criteria
ATTESTOR-API-11-201 DONE (2025-10-19) Attestor Guild /rekor/entries submission pipeline with dedupe, proof acquisition, and persistence. POST /api/v1/rekor/entries enforces mTLS + Authority OpTok, validates DSSE bundles, and handles dual-log preferences.
Redis/Mongo idempotency returns existing UUID on duplicate bundleSha256 without re-submitting to Rekor.
Rekor driver fetches inclusion proofs (or schedules async fetch) and persists canonical entry/proof metadata.
Optional archive path stores DSSE/proof bundles to MinIO/S3; integration tests cover success/pending/error flows.
ATTESTOR-VERIFY-11-202 DONE (2025-10-19) Attestor Guild /rekor/verify + retrieval endpoints validating signatures and Merkle proofs. GET /api/v1/rekor/entries/{uuid} surfaces cached entries with optional backend refresh and handles not-found/refresh flows.
POST /api/v1/rekor/verify accepts UUID, bundle, or artifact hash inputs; verifies DSSE signatures, Merkle proofs, and checkpoint anchors.
Verification output returns {ok, uuid, index, logURL, checkedAt} with failure diagnostics for invalid proofs.
Unit/integration tests exercise cache hits, backend refresh, invalid bundle/proof scenarios, and checkpoint trust anchor enforcement.
ATTESTOR-OBS-11-203 DONE (2025-10-19) Attestor Guild Telemetry, alerting, mTLS hardening, and archive workflow for Attestor. Structured logs, metrics, and optional traces record submission latency, proof fetch outcomes, verification results, and Rekor error buckets with correlation IDs.
mTLS enforcement hardened (peer allowlist, SAN checks, rate limiting) and documented; TLS settings audited for modern ciphers only.
Alerting/dashboard pack covers error rates, proof backlog, Redis/Mongo health, and archive job failures; runbook updated.
Archive workflow includes retention policy jobs, failure alerts, and periodic verification of stored bundles and proofs.

Remark (2025-10-19): Wave 0 prerequisites reviewed (none outstanding); ATTESTOR-API-11-201, ATTESTOR-VERIFY-11-202, and ATTESTOR-OBS-11-203 tracked as DOING per Wave 0A kickoff. Remark (2025-10-19): Dual-log submissions, signature/proof verification, and observability hardening landed; attestor endpoints now rate-limited per client with correlation-ID logging and updated docs/tests.