21 lines
1.4 KiB
Markdown
21 lines
1.4 KiB
Markdown
# StellaOps Provenance (Relocated)
|
|
|
|
> **Sprint 204 (2026-03-04):** The Provenance module source has been consolidated under the Attestor trust domain.
|
|
> Source code is now at `src/Attestor/StellaOps.Provenance.Attestation/` and `src/Attestor/StellaOps.Provenance.Attestation.Tool/`.
|
|
> Architecture documentation is now in the [Attestor architecture dossier](../attestor/architecture.md#trust-domain-model-sprint-204----2026-03-04).
|
|
> Archived standalone docs are in `docs-archived/modules/provenance/`.
|
|
|
|
## Purpose (unchanged)
|
|
|
|
Provenance is a **library** (not a standalone service) that provides deterministic, verifiable provenance attestations for all StellaOps artifacts. It enables SLSA compliance through DSSE statement generation, Merkle tree construction, and cryptographic verification.
|
|
|
|
## Note on StellaOps.Provenance (shared library)
|
|
|
|
The `src/__Libraries/StellaOps.Provenance/` library is a separate, lower-level provenance data model used by Concelier and other consumers. It was NOT moved by Sprint 204 and remains at its original location.
|
|
|
|
## Why the move
|
|
|
|
Provenance attestation libraries are consumed primarily by the Attestor trust domain (proofchain, evidence packs, verification). Consolidating source ownership under `src/Attestor/` clarifies trust-boundary responsibilities.
|
|
|
|
See the [Trust Domain Model](../attestor/architecture.md#trust-domain-model-sprint-204----2026-03-04) for details.
|