Edge-Level Attestations (DSSE-signed per dependency edge)

Module

Attestor

IMPLEMENTED

Proof graph edge models with typed edges and a rich graph attestation service in Scanner for emitting per-edge attestation data.

Proof Graph Edge: src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Graph/ProofGraphEdge.cs -- edge model with content-addressed ID, source/target node references, and typed semantics.
Edge Types: ProofGraphEdgeType.cs -- enum defining edge types: DependsOn, Supersedes, Aggregates, Produces, Consumes, etc.
Proof Graph Node: ProofGraphNode.cs -- node model with ProofGraphNodeType.
Graph Service: InMemoryProofGraphService.cs (with .Mutation, .Queries, .Subgraph) -- manages graph with per-edge operations.
Content-Addressed Edge IDs: Identifiers/ContentAddressedIdGenerator.Graph.cs -- generates edge IDs from source+target+type content.
Graph Root Attestation: src/Attestor/__Libraries/StellaOps.Attestor.GraphRoot/GraphRootAttestor.cs -- attests graph root including all edges.
DSSE Signing: Per-edge attestations are signed via ProofChainSigner.
Note: Scanner module (src/Scanner/) contains the graph attestation service that emits per-edge data; Attestor provides the models and signing.

Add a DependsOn edge between two nodes via InMemoryProofGraphService.Mutation and verify edge ID is generated
Add edges of different types (Supersedes, Aggregates, Produces) and verify each gets a unique typed edge ID
Query edges by type via InMemoryProofGraphService.Queries and verify correct filtering
Sign an edge attestation via ProofChainSigner and verify the DSSE envelope
Attest the full graph root via GraphRootAttestor and verify it includes edge count and types
Remove a node and verify all connected edges are cleaned up
Extract a subgraph and verify only edges within the subgraph are included