stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
cf5b72974f923126944f4dcd47e85864ebb31a3b
git.stella-ops.org/docs/features/unchecked/attestor/proof-chain-database-schema.md

2.8 KiB
Raw Blame History

Proof Chain Database Schema (PostgreSQL Persistence)

Module

Attestor

Status

IMPLEMENTED

Description

PostgreSQL-backed persistence layer for proof chain data with 5 core tables (sbom_entries, dsse_envelopes, spines, trust_anchors, rekor_entries), EF Core entity mappings, and IProofChainRepository abstraction.

Implementation Details

  • DbContext: src/Attestor/__Libraries/StellaOps.Attestor.Persistence/ProofChainDbContext.cs -- EF Core DbContext with tenant-scoped queries, RLS policy application, and schema isolation.
  • Entities:
    • Entities/DsseEnvelopeEntity.cs -- persisted DSSE envelope with tenant_id, payload hash, created/updated timestamps.
    • Entities/RekorEntryEntity.cs -- persisted Rekor log entry with log index, integrated time, inclusion proof.
    • Entities/SbomEntryEntity.cs -- persisted SBOM entry with format, version, component count.
    • Entities/SpineEntity.cs -- persisted proof spine with Merkle root, segment count, linked evidence IDs.
    • Entities/TrustAnchorEntity.cs -- persisted trust anchor with key material, expiry, and trust level.
    • Entities/VerdictLedgerEntry.cs -- persisted verdict ledger entry with decision, timestamp, and proof references.
    • Entities/AuditLogEntity.cs -- audit log with operation type and content hash.
  • Repositories:
    • Repositories/IProofChainRepository.cs -- repository abstraction for CRUD operations on all proof chain entities.
    • Repositories/IVerdictLedgerRepository.cs -- repository for verdict ledger queries (by subject, by time range).
    • Repositories/PostgresVerdictLedgerRepository.cs -- PostgreSQL implementation with optimized queries and tenant scoping.
  • Migrations: Migrations/ -- EF Core migrations defining schema, indexes, RLS policies, and constraints.
  • Services: Services/ -- data access services for higher-level operations.
  • Performance: Perf/ -- performance configurations (connection pooling, query optimization).
  • Tests: __Tests/StellaOps.Attestor.Persistence.Tests/

E2E Test Plan

  • Create and persist a DsseEnvelopeEntity via IProofChainRepository and verify retrieval by ID
  • Persist a RekorEntryEntity with log index and inclusion proof; retrieve and verify all fields
  • Persist a SpineEntity with Merkle root and verify the root hash is stored correctly
  • Create a TrustAnchorEntity and verify it is retrievable by key fingerprint
  • Create VerdictLedgerEntry records via PostgresVerdictLedgerRepository and query by subject digest; verify correct results
  • Verify tenant isolation: create entities for tenant A and verify they are not visible to tenant B
  • Run migrations on an empty database and verify all 5 tables are created with correct columns, indexes, and constraints
  • Verify JSONB columns store and retrieve complex predicate payloads correctly