stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
e716bc6adca8d1a3ac5a24ad491e5fa99e31cf1c
git.stella-ops.org/docs/features/unchecked/taskrunner/pack-run-evidence-and-provenance.md

2.6 KiB
Raw Blame History

Pack Run Evidence and Provenance

Module

TaskRunner

Status

IMPLEMENTED

Description

Evidence capture and provenance writing for pack runs, including attestation service for DSSE-signed provenance records.

Implementation Details

  • Attestation service: src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Attestation/IPackRunAttestationService.cs -- DSSE-signed attestation contract
  • Attestation model: src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Attestation/PackRunAttestation.cs -- attestation record for pack runs
  • Evidence snapshot service: src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Evidence/IPackRunEvidenceSnapshotService.cs -- evidence snapshot capture
  • Evidence snapshot model: src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Evidence/PackRunEvidenceSnapshot.cs -- snapshot data model
  • Evidence store: src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Evidence/IPackRunEvidenceStore.cs -- evidence persistence contract
  • Redaction guard: src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Evidence/IPackRunRedactionGuard.cs -- sensitive data redaction
  • Bundle import evidence: src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Evidence/BundleImportEvidence.cs, IBundleImportEvidenceService.cs -- air-gap bundle import evidence
  • Provenance writer interface: src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Execution/IPackRunProvenanceWriter.cs -- provenance writing contract
  • Provenance manifest factory: src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Execution/ProvenanceManifestFactory.cs -- creates SLSA-compatible provenance manifests
  • Filesystem provenance writer: src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Infrastructure/Execution/FilesystemPackRunProvenanceWriter.cs
  • Postgres evidence store: src/TaskRunner/__Libraries/StellaOps.TaskRunner.Persistence/Postgres/Repositories/PostgresPackRunEvidenceStore.cs
  • Tests: src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Tests/PackRunAttestationTests.cs, PackRunEvidenceSnapshotTests.cs, PackRunProvenanceWriterTests.cs, BundleImportEvidenceTests.cs
  • Source: Feature matrix scan

E2E Test Plan

  • Verify DSSE-signed attestations are generated per pack run
  • Test evidence snapshot captures all execution artifacts
  • Verify provenance manifest includes SLSA-compatible metadata
  • Test redaction guard strips sensitive data from evidence
  • Verify bundle import evidence records air-gap import provenance