stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity
Files
b1e78fe41273a80c09ca56e37f273fc64d2a0a32
git.stella-ops.org/src/Attestor/StellaOps.Attestor/TASKS.md
master b1e78fe412
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
feat: Implement vulnerability token signing and verification utilities 
- Added VulnTokenSigner for signing JWT tokens with specified algorithms and keys.
- Introduced VulnTokenUtilities for resolving tenant and subject claims, and sanitizing context dictionaries.
- Created VulnTokenVerificationUtilities for parsing tokens, verifying signatures, and deserializing payloads.
- Developed VulnWorkflowAntiForgeryTokenIssuer for issuing anti-forgery tokens with configurable options.
- Implemented VulnWorkflowAntiForgeryTokenVerifier for verifying anti-forgery tokens and validating payloads.
- Added AuthorityVulnerabilityExplorerOptions to manage configuration for vulnerability explorer features.
- Included tests for FilesystemPackRunDispatcher to ensure proper job handling under egress policy restrictions.
2025-11-03 10:04:10 +02:00

4.3 KiB
Raw Blame History

Attestor Guild Task Board (UTC 2025-10-19)

ID Status Owner(s) Depends on Description Exit Criteria

Remark (2025-10-19): Wave 0 prerequisites reviewed (none outstanding); ATTESTOR-API-11-201, ATTESTOR-VERIFY-11-202, and ATTESTOR-OBS-11-203 tracked as DOING per Wave 0A kickoff. Remark (2025-10-19): Dual-log submissions, signature/proof verification, and observability hardening landed; attestor endpoints now rate-limited per client with correlation-ID logging and updated docs/tests.

Epic 19 — Attestor Console Roadmap

Sprint 72 Foundations

ID Status Owner(s) Depends on Description Exit Criteria
ATTESTOR-72-001 DONE Attestor Service Guild ATTEST-ENVELOPE-72-001 Scaffold service (REST API skeleton, storage interfaces, KMS integration stubs) and DSSE validation pipeline. Service builds/tests; signing & verification stubs wired; lint/CI green.
ATTESTOR-72-002 DONE Attestor Service Guild ATTESTOR-72-001 Implement attestation store (DB tables, object storage integration), CRUD, and indexing strategies. Migrations applied; CRUD API functional; storage integration unit tests pass.
ATTESTOR-72-003 BLOCKED Attestor Service Guild, QA Guild ATTESTOR-72-002 Validate attestation store TTL against production-like Mongo/Redis stack; capture logs and remediation plan. Evidence of TTL expiry captured; report archived in docs/modules/attestor/ttl-validation.md.

Sprint 73 Signing & Verification

ID Status Owner(s) Depends on Description Exit Criteria
ATTESTOR-73-001 DONE (2025-11-01) Attestor Service Guild, KMS Guild ATTESTOR-72-002, KMS-72-001 Implement signing endpoint with Ed25519/ECDSA support, KMS integration, and audit logging. POST /v1/attestations:sign functional; audit entries recorded; tests cover success/failure.
ATTESTOR-73-002 DONE (2025-11-01) Attestor Service Guild, Policy Guild ATTESTOR-72-002, VERPOL-73-001 Build verification pipeline evaluating DSSE signatures, issuer trust, and verification policies; persist reports. Verification endpoint returns structured report; results cached; contract tests pass.
ATTESTOR-73-003 DONE Attestor Service Guild ATTESTOR-73-002 Implement listing/fetch APIs with filters (subject, type, issuer, scope, date). API documented; pagination works; contract tests green.

2025-11-01: Verification endpoints now return structured reports and persist cached results; telemetry and tests (AttestorVerificationServiceTests, CachedAttestorVerificationServiceTests) cover pass/fail/cached paths.

Sprint 74 Transparency & Bulk

ID Status Owner(s) Depends on Description Exit Criteria
ATTESTOR-74-001 DONE (2025-11-02) Attestor Service Guild ATTESTOR-73-002, TRANSP-74-001 Integrate transparency witness client, inclusion proof verification, and caching.
2025-11-02: Witness client wired with repository schema update; verification/reporting paths refreshed and test suite green.		 Witness proofs stored; verification fails on missing/inconsistent proofs; metrics emitted.
ATTESTOR-74-002 DONE Attestor Service Guild ATTESTOR-73-002 Implement bulk verification worker + API with progress tracking, rate limits, and caching. Bulk job API functional; worker processes batches; telemetry recorded.

Sprint 75 Air Gap & Hardening

ID Status Owner(s) Depends on Description Exit Criteria
ATTESTOR-75-001 DONE Attestor Service Guild, Export Guild ATTESTOR-74-002, EXPORT-ATTEST-74-001 Add export/import flows for attestation bundles and offline verification mode. Bundles generated/imported; offline verification path documented; tests cover missing witness data.
ATTESTOR-75-002 DONE Attestor Service Guild, Security Guild ATTESTOR-73-002 Harden APIs with rate limits, auth scopes, threat model mitigations, and fuzz testing. Rate limiting enforced; fuzz tests run in CI; threat model actions resolved.

*** End Task Board ***