stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

semi implemented and features implemented save checkpoint

Browse Source
This commit is contained in:
master
2026-02-08 18:00:49 +02:00
parent 04360dff63
commit 1bf6bbf395
20895 changed files with 716795 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
docs/features/unchecked/attestor/verdic-replay.md Normal file
View File

@@ -0,0 +1,37 @@
# Verdic Replay (Deterministic Replay)
## Module
Attestor
## Status
IMPLEMENTED
## Description
Verdict replay service for deterministic re-execution of security decisions with input manifest resolution and verification.
## Implementation Details
- **Replay Input Artifact**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Replay/ReplayInputArtifact.cs` -- content-addressed input artifact referenced by digest for deterministic resolution during replay.
- **Replay Prompt Template**: `Replay/ReplayPromptTemplate.cs` -- template for replay prompts that captures the original decision context and input bindings.
- **Replay Result**: `Replay/ReplayResult.cs` -- result of a replay execution, including the replayed verdict and comparison with the original.
- **Replay Status**: `Replay/ReplayStatus.cs` -- enum tracking replay state (Pending, Running, Completed, Failed, Diverged).
- **Replay Verification Result**: `Replay/ReplayVerificationResult.cs` -- verification result comparing replayed output against original, detecting divergence.
- **AI Artifact Replay Manifest**: `Replay/AIArtifactReplayManifest.cs` -- manifest for replaying AI-generated artifacts with frozen model parameters and inputs.
- **IAIArtifactReplayer**: `Replay/IAIArtifactReplayer.cs` -- interface for replaying AI artifact generation with deterministic inputs.
- **Verdict Receipt Payload**: `Statements/VerdictReceiptPayload.cs` -- payload containing verdict inputs, decision, and outputs for replay.
- **Verdict Receipt Statement**: `Statements/VerdictReceiptStatement.cs` -- in-toto statement wrapping the verdict receipt for attestation.
- **Verdict Decision**: `Statements/VerdictDecision.cs` -- the decision record (PASS/FAIL/WARN) with reasoning.
- **Verdict Inputs**: `Statements/VerdictInputs.cs` -- captured inputs (scan results, policies, VEX state) that drove the verdict.
- **Verdict Outputs**: `Statements/VerdictOutputs.cs` -- outputs of the verdict (actions taken, notifications sent).
- **Verification Replay Log Builder**: `__Libraries/StellaOps.Attestor.EvidencePack/Services/VerificationReplayLogBuilder.cs` -- builds replay logs for inclusion in evidence packs.
- **Verification Replay Log**: `EvidencePack/Models/VerificationReplayLog.cs` -- structured log of replay execution steps.
- **Tests**: `__Tests/StellaOps.Attestor.ProofChain.Tests/`
## E2E Test Plan
- [ ] Create a `VerdictReceiptPayload` with inputs (SBOM digest, policy rules, VEX state) and a PASS decision; serialize and verify round-trip fidelity
- [ ] Replay the verdict using the captured `VerdictInputs` and verify the replayed decision matches the original PASS
- [ ] Modify one input (add a new critical CVE) and replay; verify `ReplayVerificationResult` detects divergence with the original
- [ ] Verify `ReplayStatus` transitions: Pending -> Running -> Completed for a successful replay
- [ ] Create an `AIArtifactReplayManifest` with frozen model parameters and verify replay produces identical outputs
- [ ] Build a `VerificationReplayLog` via `VerificationReplayLogBuilder` and verify it captures each replay step with timestamps
- [ ] Replay a verdict with missing input artifacts and verify `ReplayStatus` is Failed with a descriptive error
- [ ] Verify the `VerdictReceiptStatement` is a valid in-toto statement with the correct predicate type URI