stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
f30805ad7f5457dac581340d20d3f7a1d3afcbf6
git.stella-ops.org/docs/security/aoc-invariants.md
StellaOps Bot 9f6e6f7fb3
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Signals CI & Image / signals-ci (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
Policy Simulation / policy-simulate (push) Has been cancelled
Details
SDK Publish & Sign / sdk-publish (push) Has been cancelled
Details
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
devportal-offline / build-offline (push) Has been cancelled
Details
up
2025-11-25 22:09:44 +02:00

2.1 KiB
Raw Blame History

Aggregation-Only Contract (AOC) Invariants

Last updated: 2025-11-25 (DOCS-ATTEST-75-002)

Core invariants (all components)

  • Tenant isolation: Every API call requires X-Stella-Tenant; storage and caches are keyed by tenant.
  • Append-only inputs: Evidence, advisories, and attestations are stored immutably; no in-place edits.
  • Determinism: Sorting and pagination are stable; timestamps are UTC ISO-8601; hashes are lowercase hex.
  • No consensus: Components enforce validation/verification only; no severity or policy decisions inside AOC services.
  • Offline-first: All external data (feeds, keys, checkpoints) must be supplied via bundled inputs; no live fetches when sealed.

Attestor-specific invariants

  • Trust roots: Verification keys are loaded exclusively from the bundled trust store; network key discovery is disabled in sealed mode.
  • DSSE only: Inputs must be DSSE envelopes; detached signatures are rejected with a deterministic error code.
  • Transparency optional, explicit: If a mirrored checkpoint is provided, inclusion proof is validated; otherwise results record transparency=skipped without failing the request.
  • Rationale trail: Each verification emits a rationale list (e.g., key.match, transparency.included, transparency.skipped) so results are replayable.
  • Immutability: Verified statements and rationale are recorded append-only in the delivery/verification ledger; retries must not overwrite prior entries.

Guardrails for implementers

  • Never permit unsigned or partially signed payloads to proceed past parsing.
  • Reject any outbound HTTP/S fetch during verification when Attestor__Offline__Enabled=true.
  • Keep secret material out of logs; log statement digests and key ids only.
  • Round numeric scores/weights only at the presentation boundary; internal math stays high-precision.

Audit checklist

  • Tenant header enforced on every endpoint.
  • Trust bundle hash matches the signed manifest on disk.
  • Transparency verification results are captured per request.
  • Ledger entries are append-only and carry rationale + trace ids.