stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
e716bc6adca8d1a3ac5a24ad491e5fa99e31cf1c
git.stella-ops.org/docs/features/unchecked/attestor/vex-receipt-sidebar.md

2.1 KiB
Raw Blame History

VEX Receipt Sidebar

Module

Attestor

Status

IMPLEMENTED

Description

Backend VEX receipt model and verdict receipt statement exist. VEX hub feature exists in frontend but a dedicated "sidebar" UX for individual VEX receipts is not a standalone component.

What's Implemented

  • Verdict Receipt Payload: src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Statements/VerdictReceiptPayload.cs -- receipt payload with verdict inputs, decision, and outputs.
  • Verdict Receipt Statement: Statements/VerdictReceiptStatement.cs -- in-toto statement wrapping verdict receipts.
  • Verification Receipt: Receipts/VerificationReceipt.cs -- verification receipt model.
  • Verification Check: Receipts/VerificationCheck.cs -- individual check within a receipt.
  • VEX Verdict Summary: Predicates/VexVerdictSummary.cs -- summary of VEX verdicts.
  • VEX Override Decision: __Libraries/StellaOps.Attestor.StandardPredicates/VexOverride/VexOverrideDecision.cs -- VEX override decision model.

What's Missing

  • VEX receipt sidebar Angular component: No dedicated sidebar component showing VEX receipt details (decision, justification, evidence, verification status) when a VEX entry is selected.
  • Receipt detail API endpoint: No API endpoint returning receipt details formatted for sidebar rendering.
  • Receipt verification status display: No UI element showing whether the receipt's DSSE signature and Rekor inclusion have been verified.
  • Receipt history timeline: No timeline view showing receipt history for a given CVE/component pair.
  • Receipt export/share: No functionality to export a receipt as a standalone verifiable document or share it via link.

Implementation Plan

  • Create Angular sidebar component for VEX receipt display
  • Add API endpoint returning receipt details with verification status
  • Implement verification status indicator (signed, anchored, verified)
  • Add receipt history timeline for per-CVE/component receipt evolution
  • Implement receipt export as standalone verifiable document
  • Add e2e tests for sidebar rendering, interaction, and receipt display

Related Documentation

  • Source: See feature catalog