Add tests and implement timeline ingestion options with NATS and Redis subscribers

- Introduced `BinaryReachabilityLifterTests` to validate binary lifting functionality. - Created `PackRunWorkerOptions` for configuring worker paths and execution persistence. - Added `TimelineIngestionOptions` for configuring NATS and Redis ingestion transports. - Implemented `NatsTimelineEventSubscriber` for subscribing to NATS events. - Developed `RedisTimelineEventSubscriber` for reading from Redis Streams. - Added `TimelineEnvelopeParser` to normalize incoming event envelopes. - Created unit tests for `TimelineEnvelopeParser` to ensure correct field mapping. - Implemented `TimelineAuthorizationAuditSink` for logging authorization outcomes.
2025-12-03 09:46:48 +02:00
parent e923880694
commit 35c8f9216f
520 changed files with 4416 additions and 31492 deletions
--- a/bench/reachability-benchmark/benchmark/schemas/benchmark-manifest.schema.json
+++ b/bench/reachability-benchmark/benchmark/schemas/benchmark-manifest.schema.json
@@ -0,0 +1,133 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://stellaops.local/reachability/benchmark-manifest.schema.json",
+  "title": "Reachability Benchmark Kit Manifest",
+  "type": "object",
+  "additionalProperties": false,
+  "required": [
+    "schemaVersion",
+    "kitId",
+    "version",
+    "createdAt",
+    "sourceDateEpoch",
+    "cases",
+    "artifacts",
+    "tools",
+    "signatures"
+  ],
+  "properties": {
+    "schemaVersion": { "type": "string", "pattern": "^1\.0\.\d+$" },
+    "kitId": { "type": "string", "pattern": "^reachability-benchmark:[A-Za-z0-9._:-]+$" },
+    "version": { "type": "string" },
+    "createdAt": { "type": "string", "format": "date-time" },
+    "sourceDateEpoch": { "type": "integer", "minimum": 0 },
+    "resourceLimits": {
+      "type": "object",
+      "additionalProperties": false,
+      "properties": {
+        "cpu": { "type": "string" },
+        "memory": { "type": "string" }
+      }
+    },
+    "cases": {
+      "type": "array",
+      "minItems": 1,
+      "items": {
+        "type": "object",
+        "additionalProperties": false,
+        "required": ["id", "language", "hashes", "truth", "sandbox", "redaction"],
+        "properties": {
+          "id": { "type": "string" },
+          "language": { "type": "string" },
+          "size": { "type": "string", "enum": ["small", "medium", "large"] },
+          "hashes": {
+            "type": "object",
+            "additionalProperties": false,
+            "required": ["source", "binary", "sbom", "entrypoints", "case", "truth"],
+            "properties": {
+              "source": { "type": "string", "pattern": "^[A-Fa-f0-9]{64}$" },
+              "binary": { "type": "string", "pattern": "^[A-Fa-f0-9]{64}$" },
+              "sbom": { "type": "string", "pattern": "^[A-Fa-f0-9]{64}$" },
+              "entrypoints": { "type": "string", "pattern": "^[A-Fa-f0-9]{64}$" },
+              "case": { "type": "string", "pattern": "^[A-Fa-f0-9]{64}$" },
+              "truth": { "type": "string", "pattern": "^[A-Fa-f0-9]{64}$" },
+              "coverage": { "type": "string", "pattern": "^[A-Fa-f0-9]{64}$" },
+              "traces": { "type": "string", "pattern": "^[A-Fa-f0-9]{64}$" }
+            }
+          },
+          "truth": {
+            "type": "object",
+            "required": ["label", "confidence"],
+            "properties": {
+              "label": { "type": "string", "enum": ["reachable", "unreachable", "unknown"] },
+              "confidence": { "type": "string", "enum": ["high", "medium", "low"] },
+              "rationale": { "type": "string" }
+            }
+          },
+          "sandbox": {
+            "type": "object",
+            "additionalProperties": false,
+            "properties": {
+              "network": { "type": "string", "enum": ["none", "loopback", "local"] },
+              "privileges": { "type": "string", "enum": ["rootless", "root"] }
+            }
+          },
+          "redaction": {
+            "type": "object",
+            "additionalProperties": false,
+            "properties": {
+              "pii": { "type": "boolean" },
+              "policy": { "type": "string" }
+            }
+          }
+        }
+      }
+    },
+    "artifacts": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": ["submissionSchema", "scorer", "baselines"],
+      "properties": {
+        "submissionSchema": { "type": "string", "pattern": "^[A-Fa-f0-9]{64}$" },
+        "scorer": { "type": "string", "pattern": "^[A-Fa-f0-9]{64}$" },
+        "baselineSubmissions": {
+          "type": "array",
+          "items": {
+            "type": "object",
+            "required": ["tool", "version", "submissionSha256"],
+            "additionalProperties": false,
+            "properties": {
+              "tool": { "type": "string" },
+              "version": { "type": "string" },
+              "submissionSha256": { "type": "string", "pattern": "^[A-Fa-f0-9]{64}$" },
+              "dsse": { "type": "string" }
+            }
+          }
+        }
+      }
+    },
+    "tools": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": ["builder", "validator"],
+      "properties": {
+        "builder": { "type": "string" },
+        "validator": { "type": "string" }
+      }
+    },
+    "signatures": {
+      "type": "array",
+      "items": {
+        "type": "object",
+        "additionalProperties": false,
+        "required": ["type", "keyId", "signature"],
+        "properties": {
+          "type": { "type": "string", "enum": ["dsse", "jws-detached"] },
+          "keyId": { "type": "string" },
+          "signature": { "type": "string" },
+          "envelopeDigest": { "type": "string" }
+        }
+      }
+    }
+  }
+}