stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
b55d9fa68d27848d9e0367447142771dd0c0fc7b
git.stella-ops.org/src/Attestor/StellaOps.Attestor/TASKS.completed.md
master 15b4a1de6a feat: Document completed tasks for KMS, Cryptography, and Plugin Libraries 
- Added detailed task completion records for KMS interface implementation and CLI support for file-based keys.
- Documented security enhancements including Argon2id password hashing, audit event contracts, and rate limiting configurations.
- Included scoped service support and integration updates for the Plugin platform, ensuring proper DI handling and testing coverage.
2025-10-31 14:37:45 +02:00

2.1 KiB
Raw Blame History

Completed Tasks

ID Status Owner(s) Depends on Description Exit Criteria
ATTESTOR-API-11-201 DONE (2025-10-19) Attestor Guild /rekor/entries submission pipeline with dedupe, proof acquisition, and persistence. POST /api/v1/rekor/entries enforces mTLS + Authority OpTok, validates DSSE bundles, and handles dual-log preferences.
Redis/Mongo idempotency returns existing UUID on duplicate bundleSha256 without re-submitting to Rekor.
Rekor driver fetches inclusion proofs (or schedules async fetch) and persists canonical entry/proof metadata.
Optional archive path stores DSSE/proof bundles to MinIO/S3; integration tests cover success/pending/error flows.
ATTESTOR-VERIFY-11-202 DONE (2025-10-19) Attestor Guild /rekor/verify + retrieval endpoints validating signatures and Merkle proofs. GET /api/v1/rekor/entries/{uuid} surfaces cached entries with optional backend refresh and handles not-found/refresh flows.
POST /api/v1/rekor/verify accepts UUID, bundle, or artifact hash inputs; verifies DSSE signatures, Merkle proofs, and checkpoint anchors.
Verification output returns {ok, uuid, index, logURL, checkedAt} with failure diagnostics for invalid proofs.
Unit/integration tests exercise cache hits, backend refresh, invalid bundle/proof scenarios, and checkpoint trust anchor enforcement.
ATTESTOR-OBS-11-203 DONE (2025-10-19) Attestor Guild Telemetry, alerting, mTLS hardening, and archive workflow for Attestor. Structured logs, metrics, and optional traces record submission latency, proof fetch outcomes, verification results, and Rekor error buckets with correlation IDs.
mTLS enforcement hardened (peer allowlist, SAN checks, rate limiting) and documented; TLS settings audited for modern ciphers only.
Alerting/dashboard pack covers error rates, proof backlog, Redis/Mongo health, and archive job failures; runbook updated.
Archive workflow includes retention policy jobs, failure alerts, and periodic verification of stored bundles and proofs.