stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
6e00a48e00da3b2cfbd976a53254275fa63583a6
git.stella-ops.org/docs/features/checked/attestor/tile-caching.md
master e9aeadc040 save checkpoint
2026-02-14 09:11:48 +02:00

2.3 KiB
Raw Blame History

Tile Caching (Filesystem)

Module

Attestor

Status

VERIFIED

Description

Filesystem-based immutable tile cache for Rekor v2 tiles, SHA-256 indexed, suitable for offline/air-gap scenarios.

Implementation Details

  • Filesystem Rekor Tile Cache: src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Rekor/FileSystemRekorTileCache.cs -- filesystem-based tile cache implementing IRekorTileCache.cs. Stores tiles by SHA-256 content hash for deduplication and immutability.
  • Tile Cache Interface: Rekor/IRekorTileCache.cs -- abstraction for tile caching (get, put, exists operations).
  • Content-Addressed Tile Store: StellaOps.Attestor.TileProxy/Services/ContentAddressedTileStore.cs -- content-addressed storage for tiles with SHA-256 indexing.
  • Tile Proxy Service: StellaOps.Attestor.TileProxy/Services/TileProxyService.cs -- serves cached tiles for offline verification.
  • Tile Sync Job: StellaOps.Attestor.TileProxy/Jobs/TileSyncJob.cs -- background job syncing tiles from remote Rekor while online.
  • Tile Endpoints: StellaOps.Attestor.TileProxy/Endpoints/TileEndpoints.cs -- HTTP endpoints for serving cached tiles.
  • Tile Proxy Options: StellaOps.Attestor.TileProxy/TileProxyOptions.cs -- configuration options (cache directory, sync interval, max tile size).
  • Tests: __Tests/StellaOps.Attestor.Core.Tests/TileCacheTests.cs

E2E Test Plan

  • Store a tile via FileSystemRekorTileCache and verify it is retrievable by SHA-256 hash
  • Store the same tile twice and verify deduplication (only one copy on disk)
  • Verify immutability: attempt to overwrite a cached tile and verify the operation is rejected or idempotent
  • Sync tiles from a remote Rekor via TileSyncJob and verify they are cached locally
  • Serve a cached tile via TileEndpoints and verify the response matches the original tile
  • Verify offline scenario: disable network, request a tile via TileProxyService, and verify the cached tile is served
  • Verify content-addressed storage: store tiles of different sizes and verify SHA-256 indexing works correctly

Verification

Check Result
Tier 0 - Source Verification PASS
Tier 1 - Build + Code Review PASS
Tier 2 - Behavioral Verification PASS
Verified Date 2026-02-13
Run ID run-001