stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
cf5b72974f923126944f4dcd47e85864ebb31a3b
git.stella-ops.org/docs/features/unchecked/attestor/proof-chain-rest-api.md

2.6 KiB
Raw Blame History

Proof Chain REST API (Backend Services)

Module

Attestor

Status

IMPLEMENTED

Description

REST API endpoints for querying proof chains by subject digest, retrieving evidence chain graphs, and verifying proof integrity with DSSE signature and Rekor inclusion checks.

Implementation Details

  • Proofs Controller: src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/Controllers/ProofsController.cs -- CRUD operations for proof chain entries (submit, query by subject, list).
  • Verify Controller: Controllers/VerifyController.cs -- verification endpoints running the full verification pipeline on submitted proof bundles.
  • Bundles Controller: Controllers/BundlesController.cs -- retrieves attestation bundles (multiple related attestations grouped together).
  • Chain Controller: Controllers/ChainController.cs -- traverses evidence chains from verdict to leaf evidence nodes.
  • Anchors Controller: Controllers/AnchorsController.cs -- manages trust anchors (create, query, revoke).
  • Verdict Controller: Controllers/VerdictController.cs -- verdict-specific endpoints for querying and managing verdicts.
  • Proof Chain Controller: Controllers/ProofChainController.cs -- additional proof chain query endpoints.
  • Verification Pipeline: __Libraries/StellaOps.Attestor.ProofChain/Verification/VerificationPipeline.cs (with .Verify) -- multi-step verification invoked by VerifyController.
  • Proof Graph Queries: __Libraries/StellaOps.Attestor.ProofChain/Graph/InMemoryProofGraphService.cs (with .Queries) -- graph queries backing ChainController.
  • Composition Root: StellaOps.Attestor.WebService/AttestorWebServiceComposition.cs -- DI registration for all API services.
  • Tests: __Tests/StellaOps.Attestor.WebService.Tests/

E2E Test Plan

  • POST a proof chain entry via ProofsController and verify 201 Created with the entry ID
  • GET a proof chain by subject digest via ProofsController and verify the response contains all linked attestations
  • POST a verification request via VerifyController and verify the response contains step-by-step verification results
  • GET an attestation bundle via BundlesController and verify it contains all related attestations (SBOM, VEX, verdict)
  • GET an evidence chain via ChainController and verify traversal from verdict to leaf evidence
  • POST a trust anchor via AnchorsController and verify it is stored and queryable
  • GET a verdict via VerdictController by subject digest and verify the decision and linked proof IDs
  • Verify error handling: submit invalid proof data and verify appropriate 400/422 error responses