Add unit and integration tests for VexCandidateEmitter and SmartDiff repositories

- Implemented comprehensive unit tests for VexCandidateEmitter to validate candidate emission logic based on various scenarios including absent and present APIs, confidence thresholds, and rate limiting. - Added integration tests for SmartDiff PostgreSQL repositories, covering snapshot storage and retrieval, candidate storage, and material risk change handling. - Ensured tests validate correct behavior for storing, retrieving, and querying snapshots and candidates, including edge cases and expected outcomes.
2025-12-16 18:44:25 +02:00
parent 2170a58734
commit 3a2100aa78
126 changed files with 15776 additions and 542 deletions
--- a/docs/data/replay_schema.md
+++ b/docs/data/replay_schema.md
@@ -1,38 +1,38 @@
-# Replay Mongo Schema
+# Replay PostgreSQL Schema

 Status: draft · applies to net10 replay pipeline (Sprint 0185)

-## Collections
+## Tables

 ### replay_runs
- **_id**: scan UUID (string, primary key)
- **manifestHash**: `sha256:<hex>` (unique)
+- **id**: scan UUID (string, primary key)
+- **manifest_hash**: `sha256:<hex>` (unique)
 - **status**: `pending|verified|failed|replayed`
- **createdAt / updatedAt**: UTC ISO-8601
- **signatures[]**: `{ profile, verified }` (multi-profile DSSE verification)
- **outputs**: `{ sbom, findings, vex?, log? }` (all SHA-256 digests)
+- **created_at / updated_at**: UTC ISO-8601
+- **signatures**: JSONB `[{ profile, verified }]` (multi-profile DSSE verification)
+- **outputs**: JSONB `{ sbom, findings, vex?, log? }` (all SHA-256 digests)

 **Indexes**
- `runs_manifestHash_unique`: `{ manifestHash: 1 }` (unique)
- `runs_status_createdAt`: `{ status: 1, createdAt: -1 }`
+- `runs_manifest_hash_unique`: `(manifest_hash)` (unique)
+- `runs_status_created_at`: `(status, created_at DESC)`

 ### replay_bundles
- **_id**: bundle digest hex (no `sha256:` prefix)
+- **id**: bundle digest hex (no `sha256:` prefix)
 - **type**: `input|output|rootpack|reachability`
 - **size**: bytes
 - **location**: CAS URI `cas://replay/<prefix>/<digest>.tar.zst`
- **createdAt**: UTC ISO-8601
+- **created_at**: UTC ISO-8601

 **Indexes**
- `bundles_type`: `{ type: 1, createdAt: -1 }`
- `bundles_location`: `{ location: 1 }`
+- `bundles_type`: `(type, created_at DESC)`
+- `bundles_location`: `(location)`

 ### replay_subjects
- **_id**: OCI image digest (`sha256:<hex>`)
- **layers[]**: `{ layerDigest, merkleRoot, leafCount }`
+- **id**: OCI image digest (`sha256:<hex>`)
+- **layers**: JSONB `[{ layer_digest, merkle_root, leaf_count }]`

 **Indexes**
- `subjects_layerDigest`: `{ "layers.layerDigest": 1 }`
+- `subjects_layer_digest`: GIN index on `layers` for layer_digest lookups

 ## Determinism & constraints
 - All timestamps stored as UTC.
@@ -40,5 +40,5 @@ Status: draft · applies to net10 replay pipeline (Sprint 0185)
 - No external references; embed minimal metadata only (feed/policy hashes live in replay manifest).

 ## Client models
- Implemented in `src/__Libraries/StellaOps.Replay.Core/ReplayMongoModels.cs` with matching index name constants (`ReplayIndexes`).
- Serialization uses MongoDB.Bson defaults; camelCase field names match collection schema above.
+- Implemented in `src/__Libraries/StellaOps.Replay.Core/ReplayPostgresModels.cs` with matching index name constants (`ReplayIndexes`).
+- Serialization uses System.Text.Json with snake_case property naming; field names match table schema above.