Tile Caching (Filesystem)

Module

Attestor

IMPLEMENTED

Filesystem-based immutable tile cache for Rekor v2 tiles, SHA-256 indexed, suitable for offline/air-gap scenarios.

Filesystem Rekor Tile Cache: src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Core/Rekor/FileSystemRekorTileCache.cs -- filesystem-based tile cache implementing IRekorTileCache.cs. Stores tiles by SHA-256 content hash for deduplication and immutability.
Tile Cache Interface: Rekor/IRekorTileCache.cs -- abstraction for tile caching (get, put, exists operations).
Content-Addressed Tile Store: StellaOps.Attestor.TileProxy/Services/ContentAddressedTileStore.cs -- content-addressed storage for tiles with SHA-256 indexing.
Tile Proxy Service: StellaOps.Attestor.TileProxy/Services/TileProxyService.cs -- serves cached tiles for offline verification.
Tile Sync Job: StellaOps.Attestor.TileProxy/Jobs/TileSyncJob.cs -- background job syncing tiles from remote Rekor while online.
Tile Endpoints: StellaOps.Attestor.TileProxy/Endpoints/TileEndpoints.cs -- HTTP endpoints for serving cached tiles.
Tile Proxy Options: StellaOps.Attestor.TileProxy/TileProxyOptions.cs -- configuration options (cache directory, sync interval, max tile size).
Tests: __Tests/StellaOps.Attestor.Core.Tests/TileCacheTests.cs

Store a tile via FileSystemRekorTileCache and verify it is retrievable by SHA-256 hash
Store the same tile twice and verify deduplication (only one copy on disk)
Verify immutability: attempt to overwrite a cached tile and verify the operation is rejected or idempotent
Sync tiles from a remote Rekor via TileSyncJob and verify they are cached locally
Serve a cached tile via TileEndpoints and verify the response matches the original tile
Verify offline scenario: disable network, request a tile via TileProxyService, and verify the cached tile is served
Verify content-addressed storage: store tiles of different sizes and verify SHA-256 indexing works correctly