master
7b5bdcf4d3
- Introduced AGENTS.md, README.md, TASKS.md, and implementation_plan.md for Vexer, detailing mission, responsibilities, key components, and operational notes. - Established similar documentation structure for Vulnerability Explorer and Zastava modules, including their respective workflows, integrations, and observability notes. - Created risk scoring profiles documentation outlining the core workflow, factor model, governance, and deliverables. - Ensured all modules adhere to the Aggregation-Only Contract and maintain determinism and provenance in outputs.
31 lines
1.2 KiB
Markdown
31 lines
1.2 KiB
Markdown
# StellaOps Signer
|
||
|
||
Signer validates callers, enforces Proof-of-Entitlement, and produces signed DSSE bundles for SBOMs, reports, and exports.
|
||
|
||
## Responsibilities
|
||
- Enforce plan quotas and PoE before signing artifacts.
|
||
- Support keyless and keyful signing backends.
|
||
- Emit DSSE payloads consumed by Attestor and downstream bundles.
|
||
- Maintain audit trails for all signing operations.
|
||
|
||
## Key components
|
||
- `StellaOps.Signer` service host.
|
||
- Crypto providers under `StellaOps.Cryptography.*`.
|
||
|
||
## Integrations & dependencies
|
||
- Authority for OpTok validation.
|
||
- Attestor for transparency logging.
|
||
- Export Center and CLI for artifact signing flows.
|
||
|
||
## Operational notes
|
||
- Key management via Authority/DevOps runbooks.
|
||
- Metrics for signing latency/throttle states.
|
||
- Offline kit integration for signature verification.
|
||
|
||
## Backlog references
|
||
- SIG docs/tasks in ../../TASKS.md (e.g., DOCS-SIG-26-006).
|
||
|
||
## Epic alignment
|
||
- **Epic 10 – Export Center:** provide signing pipelines, cosign interoperability, and provenance manifests for bundle promotion.
|
||
- **Epic 19 – Attestor Console:** supply DSSE payloads and Proof-of-Entitlement enforcement feeding attestation workflows described in `docs/modules/attestor/`.
|