feat: add PolicyPackSelectorComponent with tests and integration

- Implemented PolicyPackSelectorComponent for selecting policy packs. - Added unit tests for component behavior, including API success and error handling. - Introduced monaco-workers type declarations for editor workers. - Created acceptance tests for guardrails with stubs for AT1–AT10. - Established SCA Failure Catalogue Fixtures for regression testing. - Developed plugin determinism harness with stubs for PL1–PL10. - Added scripts for evidence upload and verification processes.
2025-12-05 21:24:34 +02:00
parent 347c88342c
commit 18d87c64c5
220 changed files with 7700 additions and 518 deletions
--- a/tools/zastava-upload-evidence.sh
+++ b/tools/zastava-upload-evidence.sh
@@ -8,10 +8,37 @@ fi

 STAGED_DIR="evidence-locker/zastava/2025-12-02"
 TAR_OUT="/tmp/zastava-evidence.tar"
+MODULE_ROOT="docs/modules/zastava"

-test -d "$STAGED_DIR" || { echo "missing staged dir $STAGED_DIR" >&2; exit 1; }
+test -d "$MODULE_ROOT" || { echo "missing module root $MODULE_ROOT" >&2; exit 1; }
+mkdir -p "$STAGED_DIR"

-tar -cf "$TAR_OUT" -C "$STAGED_DIR" .
+tmpdir=$(mktemp -d)
+trap 'rm -rf "$tmpdir"' EXIT
+
+rsync -a --relative \
+  "$MODULE_ROOT/SHA256SUMS" \
+  "$MODULE_ROOT/schemas/" \
+  "$MODULE_ROOT/exports/" \
+  "$MODULE_ROOT/thresholds.yaml" \
+  "$MODULE_ROOT/thresholds.yaml.dsse" \
+  "$MODULE_ROOT/kit/verify.sh" \
+  "$MODULE_ROOT/kit/README.md" \
+  "$MODULE_ROOT/kit/ed25519.pub" \
+  "$MODULE_ROOT/kit/zastava-kit.tzst" \
+  "$MODULE_ROOT/kit/zastava-kit.tzst.dsse" \
+  "$MODULE_ROOT/evidence/README.md" \
+  "$tmpdir/"
+
+pushd "$tmpdir/docs/modules/zastava" >/dev/null
+sha256sum --check SHA256SUMS
+
+# Build deterministic tarball for reproducibility (payloads + DSSE)
+tar --sort=name --mtime="UTC 1970-01-01" --owner=0 --group=0 --numeric-owner \
+  -cf "$TAR_OUT" .
+popd >/dev/null
+
+sha256sum "$TAR_OUT"

 curl --retry 3 --retry-delay 2 --fail \
  -H "Authorization: Bearer $CI_EVIDENCE_LOCKER_TOKEN" \