stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
d0f2cc3b2cf0dfa4b1ea69737ad5ebd02089fbc6
git.stella-ops.org/docs/features/checked/attestor/proof-chain-rest-api.md
master e9aeadc040 save checkpoint
2026-02-14 09:11:48 +02:00

2.9 KiB
Raw Blame History

Proof Chain REST API (Backend Services)

Module

Attestor

Status

VERIFIED

Description

REST API endpoints for querying proof chains by subject digest, retrieving evidence chain graphs, and verifying proof integrity with DSSE signature and Rekor inclusion checks.

Implementation Details

  • Proofs Controller: src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/Controllers/ProofsController.cs -- CRUD operations for proof chain entries (submit, query by subject, list).
  • Verify Controller: Controllers/VerifyController.cs -- verification endpoints running the full verification pipeline on submitted proof bundles.
  • Bundles Controller: Controllers/BundlesController.cs -- retrieves attestation bundles (multiple related attestations grouped together).
  • Chain Controller: Controllers/ChainController.cs -- traverses evidence chains from verdict to leaf evidence nodes.
  • Anchors Controller: Controllers/AnchorsController.cs -- manages trust anchors (create, query, revoke).
  • Verdict Controller: Controllers/VerdictController.cs -- verdict-specific endpoints for querying and managing verdicts.
  • Proof Chain Controller: Controllers/ProofChainController.cs -- additional proof chain query endpoints.
  • Verification Pipeline: __Libraries/StellaOps.Attestor.ProofChain/Verification/VerificationPipeline.cs (with .Verify) -- multi-step verification invoked by VerifyController.
  • Proof Graph Queries: __Libraries/StellaOps.Attestor.ProofChain/Graph/InMemoryProofGraphService.cs (with .Queries) -- graph queries backing ChainController.
  • Composition Root: StellaOps.Attestor.WebService/AttestorWebServiceComposition.cs -- DI registration for all API services.
  • Tests: __Tests/StellaOps.Attestor.WebService.Tests/

E2E Test Plan

  • POST a proof chain entry via ProofsController and verify 201 Created with the entry ID
  • GET a proof chain by subject digest via ProofsController and verify the response contains all linked attestations
  • POST a verification request via VerifyController and verify the response contains step-by-step verification results
  • GET an attestation bundle via BundlesController and verify it contains all related attestations (SBOM, VEX, verdict)
  • GET an evidence chain via ChainController and verify traversal from verdict to leaf evidence
  • POST a trust anchor via AnchorsController and verify it is stored and queryable
  • GET a verdict via VerdictController by subject digest and verify the decision and linked proof IDs
  • Verify error handling: submit invalid proof data and verify appropriate 400/422 error responses

Verification

Check Result
Tier 0 - Source Verification PASS
Tier 1 - Build + Code Review PASS
Tier 2 - Behavioral Verification PASS
Verified Date 2026-02-13
Run ID run-001