stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

feat: add PolicyPackSelectorComponent with tests and integration

Browse Source 
- Implemented PolicyPackSelectorComponent for selecting policy packs.
- Added unit tests for component behavior, including API success and error handling.
- Introduced monaco-workers type declarations for editor workers.
- Created acceptance tests for guardrails with stubs for AT1–AT10.
- Established SCA Failure Catalogue Fixtures for regression testing.
- Developed plugin determinism harness with stubs for PL1–PL10.
- Added scripts for evidence upload and verification processes.
This commit is contained in:
StellaOps Bot
2025-12-05 21:24:34 +02:00
parent 347c88342c
commit 18d87c64c5
220 changed files with 7700 additions and 518 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
docs/modules/zastava/evidence/README.md
View File

@@ -23,11 +23,33 @@ Public key copy: `docs/modules/zastava/kit/ed25519.pub`.
Local staging: all files above are present under `evidence-locker/zastava/2025-12-02/` in the repo root, ready for locker upload/mirroring.
Deterministic tarball (built with `tar --sort=name --mtime='UTC 1970-01-01' --owner=0 --group=0 --numeric-owner` over payloads + DSSE):
```
evidence-locker/zastava/2025-12-02/zastava-evidence.tar sha256=e1d67424273828c48e9bf5b495a96c2ebcaf1ef2c308f60d8b9c62b8a1b735ae
```
Verification helper (uses the hash above and inner SHA256SUMS):
```
./tools/zastava-verify-evidence-tar.sh [path/to/zastava-evidence.tar]
```
Upload (once locker creds exist):
```bash
export EVIDENCE_LOCKER_URL="<locker-base-url>"
export CI_EVIDENCE_LOCKER_TOKEN="<token>"
./tools/upload-all-evidence.sh # pushes both Zastava and Signals bundles
```
Helper script for manual push (expects `EVIDENCE_LOCKER_URL` and `CI_EVIDENCE_LOCKER_TOKEN`):
```bash
tools/zastava-upload-evidence.sh
```
Packaging is deterministic (`tar --sort=name --mtime='UTC 1970-01-01' --owner=0 --group=0 --numeric-owner`) and prints the tarball SHA256 before upload. Ensure `kit/verify.sh` passes before pushing.
## CI delivery note
- Locker upload in CI requires a write credential (e.g., `CI_EVIDENCE_LOCKER_TOKEN`) with access to the `evidence-locker/zastava/` namespace.
- If the secret is absent, perform a manual upload from the staged folder and record the locker URI in the sprint log.