openapi: 3.0.3 info: title: MVG Org Signing Service (Mock) — DSSE/PAE (pluggable backend) version: "v23" description: | Local mock signing service for enterprise PoC. - Signs DSSEv1 PAE envelopes for mvg Conformance Report exports - Exposes bootstrap + trust-anchor snapshot (with witness threshold) for anchored verification servers: - url: http://localhost:8080 paths: /healthz: get: summary: Health check responses: "200": description: OK content: application/json: schema: type: object properties: ok: { type: boolean } now_utc: { type: string } version: { type: string } /v1/bootstrap-public: get: summary: Get org bootstrap public key (pinned by client) responses: "200": description: Bootstrap public key content: application/json: schema: $ref: "#/components/schemas/BootstrapPublic" /v1/trust-anchor-snapshot: get: summary: Get DSSE-signed trust-anchor snapshot (bootstrap + witness signatures) responses: "200": description: Trust anchor snapshot DSSE content: application/json: schema: $ref: "#/components/schemas/DsseEnvelope" /v1/sign-report: post: summary: Sign a DSSE signing request and return an org-anchored signed report (DSSE) requestBody: required: true content: application/json: schema: $ref: "#/components/schemas/DsseSigningRequest" responses: "200": description: Signed report DSSE content: application/json: schema: $ref: "#/components/schemas/DsseEnvelope" /v1/demo/bundle: post: summary: Convenience endpoint — returns bootstrap, snapshot, and signed report in one response requestBody: required: true content: application/json: schema: $ref: "#/components/schemas/DsseSigningRequest" responses: "200": description: Demo bundle content: application/json: schema: $ref: "#/components/schemas/DemoBundle" components: schemas: Ed25519Jwk: type: object required: [kty, crv, x] properties: kty: type: string enum: [OKP] crv: type: string enum: [Ed25519] x: type: string description: base64url public key BootstrapPublic: type: object required: [kid, jwk] properties: kid: type: string jwk: $ref: "#/components/schemas/Ed25519Jwk" DsseEnvelope: type: object required: [payloadType, payload, signatures] properties: payloadType: type: string payload: type: string description: base64url payload bytes signatures: type: array items: type: object required: [keyid, sig] properties: keyid: { type: string } sig: { type: string, description: base64url signature bytes } ext: type: object additionalProperties: true DsseSigningRequest: type: object required: [schema_id, created_utc, purpose, dsse] properties: schema_id: type: string enum: ["mvg.dsse_signing_request@1"] created_utc: type: string purpose: type: string report_id: type: string nullable: true verdict: type: string nullable: true trust_anchor_registry_snapshot_id: type: string nullable: true expected_signer_kid: type: string nullable: true dsse: type: object required: [payloadType, payload_b64u] properties: payloadType: { type: string } payload_b64u: { type: string } dsse_pae_sha256: { type: string, nullable: true } DemoBundle: type: object required: [bootstrap_public, trust_anchor_snapshot_dsse, signed_report_dsse] properties: bootstrap_public: $ref: "#/components/schemas/BootstrapPublic" trust_anchor_snapshot_dsse: $ref: "#/components/schemas/DsseEnvelope" signed_report_dsse: $ref: "#/components/schemas/DsseEnvelope"