VectorVue SDK Developer Guide
Architecture Overview
- Telemetry Gateway validates federation transport and signatures.
- Processing layer validates canonical telemetry schema.
- Analytics/finding layers enrich and expose assurance results.
- Cognitive endpoints return signed feedback adjustments.
How Federation Signing Works
- Inbound telemetry from SpectraStrike: Ed25519 verify on canonical signed input.
- Outbound feedback to SpectraStrike: Ed25519 sign with active
kidprivate key.
Canonical Telemetry Schema Definition
Key required fields:
event_id,event_type,source_system,severitymitre_techniques,mitre_tactics,descriptionattributes.schema_versionattributes.attestation_measurement_hash(64-char hex)
How To Extend Tool Wrappers (Metasploit, Sliver, Mythic)
Wrappers are implemented in SpectraStrike. VectorVue expects normalized canonical payloads and does not accept tool-specific raw shapes at ingress.
How To Emit Signed Telemetry
Producer-side (SpectraStrike):
- Canonicalize payload.
- Sign
timestamp.nonce.payloadwith Ed25519 private key. - Send with required federation headers and mTLS cert.
How To Validate Feedback Signatures
Consumer-side (SpectraStrike):
- Read
kid,signature,signed_at,nonce,schema_version. - Build canonical tuple.
- Resolve public verify key by
kid. - Verify Ed25519 signature and nonce freshness.
Test Strategy
- Gateway unit tests for signature, replay, tenant mapping, schema.
- Red-team tests for tampering and forged signatures.
- End-to-end smoke tests through SpectraStrike wrappers.
Key Rotation Strategy
- Keep
VV_TG_FEEDBACK_ED25519_KEYS_JSONwith current and next keys. - Set
VV_TG_FEEDBACK_ACTIVE_KIDto current signing key. - Rotate by updating active
kidafter verifiers trust the new key. - Retire old key after overlap window and validation pass.