stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
cf5b72974f923126944f4dcd47e85864ebb31a3b
git.stella-ops.org/docs/features/unchecked/attestor/rekor-integration-system.md

3.3 KiB
Raw Blame History

Rekor Integration System (Client, Persistence, Retry, Sync, v2 Tiles, Checkpoint Store)

Module

Attestor

Status

IMPLEMENTED

Description

Comprehensive Rekor integration: IRekorClient with production/resilient/stub implementations for DSSE submission and inclusion proof verification. Checkpoint persistence with Postgres storage and divergence detection. DB schema with entity mapping, structured entry model (UUID, log index, integrated time, inclusion proof). Background retry worker for failed submissions, sync background service for continuous verification, and v2 tile-backed architecture with HTTP client and tile cache interface.

Implementation Details

  • Rekor Client: src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Rekor/IRekorClient.cs -- abstraction for Rekor HTTP operations (submit, get entry, get proof).
  • Rekor Backend: Rekor/RekorBackend.cs -- configurable Rekor backend (public, private, stub).
  • Rekor Backend Resolver: Rekor/IRekorBackendResolver.cs -- resolves active backend.
  • Checkpoint Store: Rekor/IRekorCheckpointStore.cs -- stores and retrieves Rekor checkpoints.
  • Checkpoint Divergence: Rekor/CheckpointDivergenceDetector.cs -- detects divergence. CheckpointDivergenceAlertPublisher.cs -- publishes alerts.
  • Tile Client: Rekor/IRekorTileClient.cs -- v2 tile-based transparency log client.
  • Tile Cache: Rekor/IRekorTileCache.cs -- tile cache interface. FileSystemRekorTileCache.cs -- filesystem implementation.
  • Submission Queue: Queue/IRekorSubmissionQueue.cs -- durable queue with retry for failed submissions.
  • Sync Service: Rekor/RekorSyncBackgroundService.cs -- background service for continuous sync and verification.
  • Entry Models: Rekor/RekorEntryEvent.cs, RekorReceipt.cs, RekorSubmissionResponse.cs, RekorProofResponse.cs, RekorInclusionVerificationResult.cs.
  • Persistence: __Libraries/StellaOps.Attestor.Persistence/Entities/RekorEntryEntity.cs -- EF Core entity for Rekor entries.
  • Infrastructure: StellaOps.Attestor.Infrastructure/Rekor/ -- HTTP client implementations.
  • Enhanced Proof Builder: __Libraries/StellaOps.Attestor.ProofChain/Rekor/EnhancedRekorProofBuilder.cs (with .Build, .Validate) -- enhanced proof construction.
  • TileProxy: StellaOps.Attestor.TileProxy/ -- standalone tile proxy service with sync jobs, endpoints, and content-addressed storage.
  • Tests: __Tests/StellaOps.Attestor.Core.Tests/RekorIntegrationTests.cs

E2E Test Plan

  • Submit a DSSE envelope via IRekorClient and verify the response contains log index and UUID
  • Retrieve an entry by log index and verify all fields (UUID, integrated time, inclusion proof)
  • Verify an entry's inclusion proof via EnhancedRekorProofBuilder.Validate
  • Queue a submission via IRekorSubmissionQueue, simulate failure, and verify retry succeeds
  • Run RekorSyncBackgroundService and verify it syncs new entries from the Rekor log
  • Store a checkpoint via IRekorCheckpointStore and detect divergence via CheckpointDivergenceDetector
  • Verify v2 tile operations: fetch tiles via IRekorTileClient, cache via FileSystemRekorTileCache, serve via TileProxyService
  • Persist RekorEntryEntity via EF Core and verify retrieval with all fields intact