git.stella-ops.org/docs/features/unchecked/attestor/field-level-ownership-map-for-receipts-and-bundles.md

Field-Level Ownership Map for Receipts and Bundles

Module

Attestor

Status

IMPLEMENTED

Description

Rekor entry and receipt models exist with structured fields, but a formal field-level ownership map document (checklist page) linking fields to specific module responsibilities was not found as a standalone artifact.

What's Implemented

• Verification Receipt: src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Receipts/VerificationReceipt.cs -- receipt model with structured fields.
• Verification Check: Receipts/VerificationCheck.cs -- individual verification check within a receipt.
• Verification Context: Receipts/VerificationContext.cs -- context for verification operations.
• Verification Result: Receipts/VerificationResult.cs -- verification outcome.
• Sigstore Bundle: __Libraries/StellaOps.Attestor.Bundle/Models/SigstoreBundle.cs -- Sigstore bundle model.
• Verification Material: Bundle/Models/VerificationMaterial.cs -- material used for verification.
• Transparency Log Entry: Bundle/Models/TransparencyLogEntry.cs -- log entry within bundles.
• Rekor Receipt: StellaOps.Attestor.Core/Rekor/RekorReceipt.cs -- Rekor receipt model.

What's Missing

• Field-level ownership map document: No machine-readable or human-readable document mapping each field in receipts/bundles to the responsible module (e.g., "signature" -> Signing module, "inclusion_proof" -> Rekor module).
• Ownership validation: No automated check that each field in a receipt/bundle is populated by its designated owner module.
• Ownership-aware serialization: No serialization that tracks which module wrote each field for audit purposes.
• Ownership documentation generator: No tool to auto-generate ownership documentation from code annotations.
• Cross-module field conflict detection: No mechanism to detect when two modules attempt to populate the same field.

Implementation Plan

• Define a field-level ownership schema mapping fields to module responsibilities
• Annotate receipt/bundle models with [OwnedBy("ModuleName")] attributes
• Create a documentation generator that extracts ownership annotations into a readable map
• Implement ownership validation ensuring fields are only populated by designated modules
• Add conflict detection for duplicate field population
• Add tests for ownership validation and documentation generation

Related Documentation

• Source: See feature catalog