stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
e716bc6adca8d1a3ac5a24ad491e5fa99e31cf1c
git.stella-ops.org/docs/features/unchecked/attestor/evidence-provenance-chip.md

2.5 KiB
Raw Blame History

Evidence Provenance Chip (DSSE/Receipt with Export)

Module

Attestor

Status

IMPLEMENTED

Description

The advisory proposed a ProvenanceChipComponent showing Signed/Verified/Logged states with DSSE envelope viewing and export. The LineageProvenanceChipsComponent implements this concept as a standalone Angular component displaying attestation status, signature verification status, and Rekor transparency log links with expandable details. The backend DSSE and Rekor infrastructure is fully built in the Attestor module.

Implementation Details

  • Verification Receipt: src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Receipts/VerificationReceipt.cs -- receipt model with signed/verified/logged status. VerificationCheck.cs, VerificationContext.cs, VerificationResult.cs.
  • Signature Verification: Signing/SignatureVerificationResult.cs -- result of DSSE signature verification. ProofChainSigner.Verification.cs -- verification logic.
  • Rekor Receipt: StellaOps.Attestor.Core/Rekor/RekorReceipt.cs -- Rekor transparency log receipt with entry ID and inclusion proof.
  • Evidence Pack Export: __Libraries/StellaOps.Attestor.EvidencePack/ReleaseEvidencePackBuilder.cs -- builds exportable evidence packs. ReleaseEvidencePackSerializer.cs -- serialization.
  • Transparency Status: StellaOps.Attestor.Core/Transparency/TransparencyStatus.cs, TransparencyStatusProvider.cs -- provides transparency log status. TransparencyWitnessObservation.cs -- witness observation records.
  • Frontend: The Angular LineageProvenanceChipsComponent in src/Web/ consumes this backend data.
  • Tests: StellaOps.Attestor.Core.Tests/Transparency/TransparencyStatusProviderTests.cs

E2E Test Plan

  • Create a VerificationReceipt with signed, verified, and logged statuses and verify all three states are captured
  • Verify DSSE signature via ProofChainSigner.Verification and confirm SignatureVerificationResult indicates valid
  • Retrieve TransparencyStatus via TransparencyStatusProvider for a logged attestation and verify it shows the Rekor entry ID
  • Build an evidence pack via ReleaseEvidencePackBuilder and export it via ReleaseEvidencePackSerializer
  • Verify the exported pack contains the DSSE envelope, verification receipt, and Rekor receipt
  • Create a TransparencyWitnessObservation and verify it captures the observation timestamp and witness identity
  • Verify the API endpoint returns provenance chip data consumable by the frontend component