feat: add PolicyPackSelectorComponent with tests and integration

- Implemented PolicyPackSelectorComponent for selecting policy packs. - Added unit tests for component behavior, including API success and error handling. - Introduced monaco-workers type declarations for editor workers. - Created acceptance tests for guardrails with stubs for AT1–AT10. - Established SCA Failure Catalogue Fixtures for regression testing. - Developed plugin determinism harness with stubs for PL1–PL10. - Added scripts for evidence upload and verification processes.
2025-12-05 21:24:34 +02:00
parent 347c88342c
commit 18d87c64c5
220 changed files with 7700 additions and 518 deletions
--- a/docs/vex/explorer-integration.md
+++ b/docs/vex/explorer-integration.md
@@ -0,0 +1,23 @@
+# VEX Explorer Integration (Md.XI draft)
+
+> Status: DRAFT — pending GRAP0101 alignment, CSAF mapping specifics, and CLI examples. Do not publish until hashes recorded.
+
+## Scope
+- Map Explorer VEX handling: CSAF ingestion, suppression precedence, status semantics, and integration points with findings.
+- Provide deterministic examples; hash payloads/screens in `docs/assets/vuln-explorer/SHA256SUMS`.
+
+## Dependencies
+- GRAP0101 contract (field names, identifiers).
+- CLI/console assets (due 2025-12-09).
+- Policy/VEX mapping rules from Excititor Guild.
+
+## Topics (outline)
+- CSAF → internal VEX decision mapping; precedence vs policy overrides.
+- Status semantics: NOT_AFFECTED / AFFECTED_* / FIXED; validity windows; VEX-first triage per Vuln Explorer architecture.
+- Suppression precedence: VEX decisions take priority over reachability/policy unless explicit override (confirm post-GRAP0101).
+- Export/propagation to advisories/CLI/console.
+
+## Determinism
+- Use fixed CSAF samples; hash examples.
+
+_Last updated: 2025-12-05 (UTC)_