SpectraStrike Documentation

Operational, architecture, SDK, and integration guidance

Full Federation Integration

Trust Model

Threat Model

Cryptographic Flows

mTLS Handshake Flow

  1. SpectraStrike opens TLS session to VectorVue gateway.
  2. Client certificate is presented.
  3. Gateway checks pinned cert fingerprint for declared service identity.
  4. Requests without valid mTLS identity are rejected.

Signing Flow

  1. Canonical JSON serialization.
  2. Signature input: timestamp + nonce + payload (telemetry).
  3. Feedback signature input includes tenant|signed_at|nonce|schema|kid|canonical_data.
  4. Verification is fail-closed.

Attestation Propagation

attestation_measurement_hash is embedded in:

Policy Engine Binding

Replay Protection Model

Failure Modes

Audit Logging Model

Production Deployment Considerations