stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 12 Releases Wiki Activity

feat(zastava): add evidence locker plan and schema examples

Browse Source 
- Introduced README.md for Zastava Evidence Locker Plan detailing artifacts to sign and post-signing steps.
- Added example JSON schemas for observer events and webhook admissions.
- Updated implementor guidelines with checklist for CI linting, determinism, secrets management, and schema control.
- Created alert rules for Vuln Explorer to monitor API latency and projection errors.
- Developed analytics ingestion plan for Vuln Explorer, focusing on telemetry and PII guardrails.
- Implemented Grafana dashboard configuration for Vuln Explorer metrics visualization.
- Added expected projection SHA256 for vulnerability events.
- Created k6 load testing script for Vuln Explorer API.
- Added sample projection and replay event data for testing.
- Implemented ReplayInputsLock for deterministic replay inputs management.
- Developed tests for ReplayInputsLock to ensure stable hash computation.
- Created SurfaceManifestDeterminismVerifier to validate manifest determinism and integrity.
- Added unit tests for SurfaceManifestDeterminismVerifier to ensure correct functionality.
- Implemented Angular tests for VulnerabilityHttpClient and VulnerabilityDetailComponent to verify API interactions and UI rendering.
This commit is contained in:
StellaOps Bot
2025-12-02 09:27:31 +02:00
parent 885ce86af4
commit 2d08f52715
74 changed files with 1690 additions and 131 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
docs/process/implementor-guidelines.md Normal file
View File

@@ -0,0 +1,32 @@
# Implementor Guidelines (checklist draft)
Reference: `docs/product-advisories/30-Nov-2025 - Implementor Guidelines for Stella Ops.md` (IG1IG10) and Sprint 300 task IMPLEMENTOR-GAPS-300-018.
## CI lint & docs linkage (IG7)
- Require PRs to either touch referenced docs or set `docs: n/a` with justification.
- Sample hook (to implement): `.git/hooks/pre-commit` invoking `scripts/lint-docs-touch.sh`.
- Fail CI if sprint/AGENTS references are missing for the module being changed.
## Determinism & offline posture (IG2, IG3)
- Default to offline/no-network; flag any outbound calls in tests.
- Set deterministic env vars (`TZ=UTC`, `LC_ALL=C`, `PYTHONHASHSEED=0`, etc.).
- Enforce pinned tool/DB versions and stable ordering in outputs.
## Secrets & provenance (IG5, IG9)
- Run secret scan pre-commit/CI; forbid committing `.env`/keys.
- DSSE/provenance required where predicates exist; verify signatures in CI when fixtures are present.
## Schema/versioning control (IG1)
- Any schema change requires version bump + changelog entry; add canonical serialization tests.
- Store schemas alongside fixtures where practical.
## Performance/quota (IG6)
- Define perf budget per service (P95 latency/CPU/memory) and add smoke tests on reference profile.
## Boundaries & shared libs (IG8)
- Document allowed shared libraries per module; add codeowners/analyzer rules to block cross-boundary calls.
## Evidence & documentation sync (IG10)
- AGENTS files and sprint docs must link to this checklist; update both when rules change.
> Replace this draft with full scripts and enforcement once IMPLEMENTOR-GAPS-300-018 is executed.