28 lines
1.7 KiB
Markdown
28 lines
1.7 KiB
Markdown
# Human Approval Attestation Service (stella.ops/human-approval@v1 predicate)
|
|
|
|
## Module
|
|
Scanner
|
|
|
|
## Status
|
|
IMPLEMENTED
|
|
|
|
## Description
|
|
Generates DSSE-signed attestations for human approval decisions with 30-day TTL auto-expiry. Uses stella.ops/human-approval@v1 predicate. Integrates with the Approvals API (POST/GET/DELETE /api/v1/scans/{scanId}/approvals).
|
|
|
|
## Implementation Details
|
|
- **Attestation Service**:
|
|
- `src/Scanner/StellaOps.Scanner.WebService/Services/IHumanApprovalAttestationService.cs` - `IHumanApprovalAttestationService`, `HumanApprovalAttestationInput`, `HumanApprovalAttestationResult`
|
|
- `src/Scanner/StellaOps.Scanner.WebService/Services/HumanApprovalAttestationService.cs` - Generates DSSE-signed attestations with 30-day TTL
|
|
- **Contracts**:
|
|
- `src/Scanner/StellaOps.Scanner.WebService/Contracts/HumanApprovalStatement.cs` - `stella.ops/human-approval@v1` predicate model
|
|
- **API Endpoints**:
|
|
- `src/Scanner/StellaOps.Scanner.WebService/Endpoints/ApprovalEndpoints.cs` - `ApprovalEndpoints` with `CreateApprovalRequest`, `RevokeApprovalRequest`, `ApprovalResponse`, `ApprovalListResponse`
|
|
|
|
## E2E Test Plan
|
|
- [ ] Create a human approval via `POST /api/v1/scans/{scanId}/approvals` and verify a DSSE-signed attestation is generated
|
|
- [ ] Verify the attestation uses `stella.ops/human-approval@v1` predicate type
|
|
- [ ] Verify the attestation includes the approver identity, timestamp, and scope
|
|
- [ ] List approvals via `GET /api/v1/scans/{scanId}/approvals` and verify active approvals are returned
|
|
- [ ] Verify 30-day TTL auto-expiry removes expired approvals
|
|
- [ ] Revoke an approval via `DELETE /api/v1/scans/{scanId}/approvals/{approvalId}` and verify it is removed
|