up
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Export Center CI / export-ci (push) Has been cancelled
devportal-offline / build-offline (push) Has been cancelled
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Export Center CI / export-ci (push) Has been cancelled
devportal-offline / build-offline (push) Has been cancelled
This commit is contained in:
StellaOps Bot
@@ -6,37 +6,34 @@
|
||||
- Ensure offline parity: fixtures packaged for Offline Kit consumption (NDJSON + manifest hashes).
|
||||
|
||||
## Assumptions / Pending confirmations
|
||||
- Overlay format: waiting on Graph Guild decision (checkpoint 2025-11-22) regarding overlay fields and snapshot manifest layout.
|
||||
- SBOM bundle source: use scanner surface mock bundle v1 unless real caches land; confirm with Graph Guild.
|
||||
- Tenant: default to `demo-tenant` unless advised otherwise; all IDs and timestamps must be deterministic.
|
||||
- Overlay format resolved: `policy.overlay.v1` with `overlay_id = sha256(tenant|nodeId|overlayKind)`, verdict + severity, optional edge to policy rule node for bench compatibility.
|
||||
- SBOM bundle source: scanner surface mock bundle v1; swap in real cache when approved without schema changes.
|
||||
- Tenant: `demo-tenant`; timestamps frozen to `2025-11-22T00:00:00Z`.
|
||||
|
||||
## Proposed fixture contents
|
||||
- `nodes.ndjson`: ~40k nodes; sorted by id; includes artifact, package, relationship nodes.
|
||||
- `edges.ndjson`: matching edges; sorted by id.
|
||||
- `overlays/policy.ndjson`: policy overlay snapshot aligned with chosen overlay schema.
|
||||
- `manifest.json`: hashes (SHA-256) of all files plus counts; UTC timestamps rounded to seconds.
|
||||
- `README.md`: execution + verification steps, expected counts/hashes.
|
||||
## Canonical fixture (delivered 2025-12-02)
|
||||
- Location: `samples/graph/graph-40k/`
|
||||
- `nodes.ndjson`: 40,000 component nodes (`pkg:pypi/demo-*`)
|
||||
- `edges.ndjson`: 100,071 `DEPENDS_ON` edges (fan-out ≤4, DAG order)
|
||||
- `overlay.ndjson`: 100 `policy.overlay.v1` records (verdict/severity + optional policy-rule edge)
|
||||
- `manifest.json`: hashes (SHA-256) and counts (nodes `d14e8c64…`, edges `143a2944…`, overlay `627a0d8c…`)
|
||||
- `README.md` and `verify.py`: usage, hashes, offline verification
|
||||
|
||||
## Generation sketch
|
||||
1) Start from existing mock SBOM bundle (scanner surface v1); sample driver script will:
|
||||
- deterministically seed random generators;
|
||||
- produce nodes/edges via Graph Indexer schema helpers;
|
||||
- emit overlays using placeholder policy verdicts (allow/deny/defer) until final schema confirmed.
|
||||
2) Write NDJSON with stable ordering; compute SHA-256 for each file; write manifest.
|
||||
3) Run validation script to assert counts, schema shape, and hash reproducibility.
|
||||
## Generation sketch (implemented)
|
||||
1) Deterministic generator `samples/graph/scripts/generate_canonical.py` (seed `424242`, snapshot `graph-40k-policy-overlay-20251122`).
|
||||
2) Writes nodes/edges/overlay with sorted keys, then manifest with hashes/counts.
|
||||
3) `verify.py` recomputes hashes/counts to confirm reproducibility.
|
||||
|
||||
## Interim fixtures (delivered 2025-12-01)
|
||||
- Synthetic deterministic graphs generated under `samples/graph/interim/`:
|
||||
## Interim fixtures (still available, delivered 2025-12-01)
|
||||
- Synthetic deterministic graphs under `samples/graph/interim/`:
|
||||
- `graph-50k` (50k nodes, ~200k edges)
|
||||
- `graph-100k` (100k nodes, ~400k edges)
|
||||
- Minimal schema (`id, kind, name, version, tenant`), seeded RNG, stable ordering, manifests with hashes.
|
||||
- Purpose: unblock BENCH-GRAPH-21-001/002 while overlay format is finalized. Overlays not included yet.
|
||||
- Purpose: throughput/latency benches; overlay-free.
|
||||
|
||||
## Open items (to resolve before canonical data generation)
|
||||
- Confirm overlay field set and file naming (Graph Guild, due 2025-11-22).
|
||||
- Confirm allowed mock SBOM source list and artifact naming (Graph Guild / SBOM Service Guild).
|
||||
- Provide expected node/edge cardinality breakdown (packages vs files vs relationships) to guide generation.
|
||||
## Open items
|
||||
- Regenerate if Graph overlay schema changes; update manifest/hashes and downstream references.
|
||||
- Consider adding advisory/VEX nodes once Graph/Concelier schema freeze lands; currently component-focused.
|
||||
|
||||
## Next steps
|
||||
- Keep SAMPLES-GRAPH-24-003 blocked until overlay/schema confirmation, but interim fixtures are available for benches.
|
||||
- Once overlay schema final, extend generator to emit overlays + CAS manifests and promote to official fixture.
|
||||
- Wire `graph-40k` into BENCH-GRAPH-21-001/002 results and UI fixtures (SAMPLES-GRAPH-24-004).
|
||||
- Add CAS/DSSE manifest once Offline Kit package format is finalized.
|
||||
|
||||
Reference in New Issue
Block a user