00d2c99af9
- Implemented Attestation Chain API client with methods for verifying, fetching, and managing attestation chains. - Created models for Attestation Chain, including DSSE envelope structures and verification results. - Developed Triage Evidence API client for fetching finding evidence, including methods for evidence retrieval by CVE and component. - Added models for Triage Evidence, encapsulating evidence responses, entry points, boundary proofs, and VEX evidence. - Introduced mock implementations for both API clients to facilitate testing and development.
StellaOps Contracts
This directory contains formal contract specifications for cross-module interfaces. These contracts define the data models, APIs, and integration points used throughout StellaOps.
Purpose
Contracts serve as the authoritative source for:
- Data model definitions (request/response shapes)
- API endpoint specifications
- Integration requirements between modules
- Dependency documentation for sprint planning
Contract Index
| Contract | ID | Unblocks | Status |
|---|---|---|---|
| Advisory Key | CONTRACT-ADVISORY-KEY-001 | 6+ tasks | Published |
| Risk Scoring | CONTRACT-RISK-SCORING-002 | 5+ tasks | Published |
| Mirror Bundle | CONTRACT-MIRROR-BUNDLE-003 | 8+ tasks | Published |
| Sealed Mode | CONTRACT-SEALED-MODE-004 | 4+ tasks | Published |
| VEX Lens | CONTRACT-VEX-LENS-005 | 2+ tasks | Published |
| Verification Policy | CONTRACT-VERIFICATION-POLICY-006 | 4+ tasks | Published |
| Policy Studio | CONTRACT-POLICY-STUDIO-007 | 3+ tasks | Published |
| Authority Effective Write | CONTRACT-AUTHORITY-EFFECTIVE-WRITE-008 | 2+ tasks | Published |
| Export Bundle | CONTRACT-EXPORT-BUNDLE-009 | 1+ tasks | Published |
| Crypto Provider Registry | CONTRACT-CRYPTO-PROVIDER-REGISTRY-010 | 1+ tasks | Published |
| Findings Ledger RLS | CONTRACT-FINDINGS-LEDGER-RLS-011 | 2 tasks | Published |
| API Governance Baseline | CONTRACT-API-GOVERNANCE-BASELINE-012 | 10+ tasks | Published |
| Scanner PHP Analyzer | CONTRACT-SCANNER-PHP-ANALYZER-013 | 1 task | Published |
| Scanner Surface | CONTRACT-SCANNER-SURFACE-014 | 1 task | Published |
| RichGraph v1 | CONTRACT-RICHGRAPH-V1-015 | 40+ tasks | Published |
Contract Categories
Core Data Models
- Advisory Key - Vulnerability ID canonicalization
- VEX Lens - VEX observation correlation
- Risk Scoring - Finding prioritization
Air-Gap / Offline
- Mirror Bundle - Bundle format for offline transport
- Sealed Mode - Sealed environment operation
Security / Attestation
- Verification Policy - Attestation verification rules
- Crypto Provider Registry - Pluggable crypto
Policy Management
- Policy Studio - Policy editing and compilation
- Authority Effective Write - Policy attachment
Export
- Export Bundle - Scheduled export jobs
Tenancy / Database
- Findings Ledger RLS - Row-Level Security and partitioning
SDK & API Governance
- API Governance Baseline - OpenAPI freeze and SDK generation
Scanner
- Scanner PHP Analyzer - PHP language analyzer bootstrap
- Scanner Surface - Surface analysis framework
Reachability / Evidence
- RichGraph v1 - Function-level reachability graph schema
Related Resources
API Documentation
Module Architecture
JSON Schemas
Contract Lifecycle
- Draft - Contract under development
- Published - Contract is stable and ready for implementation
- Deprecated - Contract is being phased out
- Retired - Contract is no longer valid
Contributing
When updating contracts:
- Increment version number
- Update
Last Updateddate - Document breaking changes
- Update
Unblockssection if tasks change - Add cross-references to related contracts
Sprint Integration
Contracts unblock BLOCKED tasks in sprint files. When a contract is published:
- Update the sprint file task status from
BLOCKEDtoTODO - Add note:
Unblocked by CONTRACT-xxx (docs/contracts/xxx.md) - Remove the blocked reason