stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
e9aeadc04084353889b1c9dbf4487f5316f4421e
git.stella-ops.org/docs/features/checked/attestor/evidence-provenance-chip.md
master e9aeadc040 save checkpoint
2026-02-14 09:11:48 +02:00

2.7 KiB
Raw Blame History

Evidence Provenance Chip (DSSE/Receipt with Export)

Module

Attestor

Status

VERIFIED

Description

The advisory proposed a ProvenanceChipComponent showing Signed/Verified/Logged states with DSSE envelope viewing and export. The LineageProvenanceChipsComponent implements this concept as a standalone Angular component displaying attestation status, signature verification status, and Rekor transparency log links with expandable details. The backend DSSE and Rekor infrastructure is fully built in the Attestor module.

Implementation Details

  • Verification Receipt: src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Receipts/VerificationReceipt.cs -- receipt model with signed/verified/logged status. VerificationCheck.cs, VerificationContext.cs, VerificationResult.cs.
  • Signature Verification: Signing/SignatureVerificationResult.cs -- result of DSSE signature verification. ProofChainSigner.Verification.cs -- verification logic.
  • Rekor Receipt: StellaOps.Attestor.Core/Rekor/RekorReceipt.cs -- Rekor transparency log receipt with entry ID and inclusion proof.
  • Evidence Pack Export: __Libraries/StellaOps.Attestor.EvidencePack/ReleaseEvidencePackBuilder.cs -- builds exportable evidence packs. ReleaseEvidencePackSerializer.cs -- serialization.
  • Transparency Status: StellaOps.Attestor.Core/Transparency/TransparencyStatus.cs, TransparencyStatusProvider.cs -- provides transparency log status. TransparencyWitnessObservation.cs -- witness observation records.
  • Frontend: The Angular LineageProvenanceChipsComponent in src/Web/ consumes this backend data.
  • Tests: StellaOps.Attestor.Core.Tests/Transparency/TransparencyStatusProviderTests.cs

E2E Test Plan

  • Create a VerificationReceipt with signed, verified, and logged statuses and verify all three states are captured
  • Verify DSSE signature via ProofChainSigner.Verification and confirm SignatureVerificationResult indicates valid
  • Retrieve TransparencyStatus via TransparencyStatusProvider for a logged attestation and verify it shows the Rekor entry ID
  • Build an evidence pack via ReleaseEvidencePackBuilder and export it via ReleaseEvidencePackSerializer
  • Verify the exported pack contains the DSSE envelope, verification receipt, and Rekor receipt
  • Create a TransparencyWitnessObservation and verify it captures the observation timestamp and witness identity
  • Verify the API endpoint returns provenance chip data consumable by the frontend component

Verification

Check Result
Tier 0 - Source Verification PASS
Tier 1 - Build + Code Review PASS
Tier 2 - Behavioral Verification PASS
Verified Date 2026-02-13
Run ID run-001