stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
bd78523564bb268967f604801b431d72ffbb1103
git.stella-ops.org/docs/features/checked/devops/vex-rekor-linkage.md
master 5bca406787 save checkpoint: save features
2026-02-12 10:27:23 +02:00

3.6 KiB
Raw Blame History

VEX-Rekor Linkage

Module

devops

Status

VERIFIED

Description

Database migration and persistence behavior for linking VEX observations to Rekor entries, enabling transparent VEX decision traceability.

Implementation Details

  • VEX Proof Integrator Metadata: src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Generators/VexProofIntegrator.Helpers.cs and src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Generators/VexProofIntegrator.Metadata.cs implement deterministic VEX verdict status/justification mapping and proof metadata payload generation.
  • VEX Verdict Proof Payload: src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Generators/VexVerdictProofPayload.cs defines the serialized proof-carrying payload contract for VEX verdicts.
  • VEX Verdict ID: src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Identifiers/VexVerdictId.cs provides content-addressed VEX verdict identifiers.
  • VEX Delta and Merge Models: src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Predicates/VexDeltaChange.cs, src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Predicates/VexDeltaStatement.cs, src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Predicates/VexDeltaSummary.cs, and src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Predicates/VexMergeTrace.cs model delta/merge evidence for VEX decision evolution.
  • Rekor Linkage Migration: devops/database/migrations/V20260117__vex_rekor_linkage.sql adds Rekor linkage columns and indexes for Excititor and VexHub tables and attestor verification metadata columns.
  • Compose Configuration: devops/compose/docker-compose.stella-ops.yml provides PostgreSQL infrastructure used for linkage verification workflows.
  • Excititor Postgres Store: src/Excititor/__Libraries/StellaOps.Excititor.Persistence/Postgres/Repositories/PostgresVexObservationStore.cs now consistently persists and queries Rekor linkage fields on vex.observations with ensured Rekor columns/indexes.
  • Behavioral Coverage: src/Excititor/__Tests/StellaOps.Excititor.Persistence.Tests/PostgresVexObservationStoreTests.cs includes linkage round-trip, pending-queue, and missing-observation negative-path tests.

E2E Test Plan

  • Create VEX observations and validate Rekor linkage fields can be persisted and queried.
  • Query pending observations and verify unlinked records are returned in deterministic created-at order.
  • Validate migration adds required Rekor columns and indexes across Excititor and VexHub tables.
  • Reapply migration and verify existing Rekor linkage data is preserved.

Verification

  • Verified on 2026-02-11 with run-001.
  • Tier 0 source checks passed for Attestor VEX/Rekor models, DevOps migration assets, and Excititor persistence/test paths.
  • Tier 1 passed after resolving a schema mismatch defect in PostgresVexObservationStore (71/71 tests across persistence and attestation suites).
  • Tier 2 passed with fresh Dockerized PostgreSQL interactions validating migration columns/indexes, linked and pending query paths, and idempotent reapply behavior.
  • Evidence:
    • docs/qa/feature-checks/runs/devops/vex-rekor-linkage/run-001/tier0-source-check.json
    • docs/qa/feature-checks/runs/devops/vex-rekor-linkage/run-001/tier1-build-check.json
    • docs/qa/feature-checks/runs/devops/vex-rekor-linkage/run-001/triage.json
    • docs/qa/feature-checks/runs/devops/vex-rekor-linkage/run-001/fix-summary.json
    • docs/qa/feature-checks/runs/devops/vex-rekor-linkage/run-001/retest-result.json
    • docs/qa/feature-checks/runs/devops/vex-rekor-linkage/run-001/tier2-integration-check.json