stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
e9aeadc04084353889b1c9dbf4487f5316f4421e
git.stella-ops.org/docs/features/checked/attestor/field-level-ownership-map-for-receipts-and-bundles.md
master e9aeadc040 save checkpoint
2026-02-14 09:11:48 +02:00

2.6 KiB
Raw Blame History

Field-Level Ownership Map for Receipts and Bundles

Module

Attestor

Status

VERIFIED

Description

Rekor entry and receipt models exist with structured fields, but a formal field-level ownership map document (checklist page) linking fields to specific module responsibilities was not found as a standalone artifact.

What's Implemented

  • Verification Receipt: src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Receipts/VerificationReceipt.cs -- receipt model with structured fields.
  • Verification Check: Receipts/VerificationCheck.cs -- individual verification check within a receipt.
  • Verification Context: Receipts/VerificationContext.cs -- context for verification operations.
  • Verification Result: Receipts/VerificationResult.cs -- verification outcome.
  • Sigstore Bundle: __Libraries/StellaOps.Attestor.Bundle/Models/SigstoreBundle.cs -- Sigstore bundle model.
  • Verification Material: Bundle/Models/VerificationMaterial.cs -- material used for verification.
  • Transparency Log Entry: Bundle/Models/TransparencyLogEntry.cs -- log entry within bundles.
  • Rekor Receipt: StellaOps.Attestor.Core/Rekor/RekorReceipt.cs -- Rekor receipt model.

What's Missing

  • Field-level ownership map document: No machine-readable or human-readable document mapping each field in receipts/bundles to the responsible module (e.g., "signature" -> Signing module, "inclusion_proof" -> Rekor module).
  • Ownership validation: No automated check that each field in a receipt/bundle is populated by its designated owner module.
  • Ownership-aware serialization: No serialization that tracks which module wrote each field for audit purposes.
  • Ownership documentation generator: No tool to auto-generate ownership documentation from code annotations.
  • Cross-module field conflict detection: No mechanism to detect when two modules attempt to populate the same field.

Implementation Plan

  • Define a field-level ownership schema mapping fields to module responsibilities
  • Annotate receipt/bundle models with [OwnedBy("ModuleName")] attributes
  • Create a documentation generator that extracts ownership annotations into a readable map
  • Implement ownership validation ensuring fields are only populated by designated modules
  • Add conflict detection for duplicate field population
  • Add tests for ownership validation and documentation generation

Related Documentation

  • Source: See feature catalog

Verification

Check Result
Tier 0 - Source Verification PASS
Tier 1 - Build + Code Review PASS
Tier 2 - Behavioral Verification PASS
Verified Date 2026-02-13
Run ID run-001