git.stella-ops.org/docs/features/checked/attestor/four-layer-architecture.md

Four-Layer Architecture (Edge, Control Plane, Evidence Plane, Data Plane)

Module

Attestor

Status

VERIFIED

Description

The described four-layer architecture is realized with distinct modules for edge routing, control plane (policy/authority/attestor/scheduler), evidence plane (scanner/excititor/concelier), and data plane (workers/task runners).

Implementation Details

• Attestor as Control Plane: src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/ -- HTTP endpoints:
  • Controllers/ProofsController.cs, VerifyController.cs, BundlesController.cs, ChainController.cs, AnchorsController.cs, VerdictController.cs -- control plane APIs
  • Endpoints/VerdictEndpoints.cs, WatchlistEndpoints.cs -- minimal API endpoints
• Evidence Plane Integration: __Libraries/StellaOps.Attestor.ProofChain/ -- evidence construction with 93 predicate types, 49 statement types
• Verification Pipeline: __Libraries/StellaOps.Attestor.ProofChain/Verification/VerificationPipeline.cs (with .Verify) -- multi-step verification pipeline
• Submission Service: StellaOps.Attestor.Core/Submission/IAttestorSubmissionService.cs, AttestorSubmissionValidator.cs -- validates and routes submissions
• Queue (Data Plane): StellaOps.Attestor.Core/Queue/IRekorSubmissionQueue.cs -- durable queue for asynchronous processing
• Background Services: StellaOps.Attestor.Core/Rekor/RekorSyncBackgroundService.cs -- background processing
• Composition: StellaOps.Attestor.WebService/AttestorWebServiceComposition.cs -- DI composition root

E2E Test Plan

• Submit an attestation via ProofsController and verify it flows through the submission pipeline
• Verify an attestation via VerifyController and confirm the verification pipeline executes all steps
• Query attestation bundles via BundlesController and verify correct responses
• Query attestation chains via ChainController and verify traversal works
• Submit a batch of attestations and verify they are queued for Rekor publication
• Verify the background sync service processes queued items
• Verify AttestorSubmissionValidator rejects invalid submissions with appropriate error messages

Verification

Check	Result
Tier 0 - Source Verification	PASS
Tier 1 - Build + Code Review	PASS
Tier 2 - Behavioral Verification	PASS
Verified Date	2026-02-13
Run ID	run-001