Refactor code structure for improved readability and maintainability; optimize performance in key functions.

2025-12-22 19:06:31 +02:00
parent dfaa2079aa
commit 4602ccc3a3
1444 changed files with 109919 additions and 8058 deletions
--- a/docs/schemas/predicates/boundary.v1.schema.json
+++ b/docs/schemas/predicates/boundary.v1.schema.json
@@ -0,0 +1,80 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://stella.ops/predicates/boundary@v1",
+  "title": "StellaOps Boundary Attestation Predicate",
+  "description": "Predicate for attack surface boundary detection.",
+  "type": "object",
+  "required": ["surface", "exposure", "observedAt"],
+  "properties": {
+    "surface": {
+      "type": "string",
+      "enum": ["http", "grpc", "tcp", "udp", "mqtt", "kafka", "cli", "internal"],
+      "description": "Type of attack surface."
+    },
+    "exposure": {
+      "type": "string",
+      "enum": ["public", "private", "internal", "localhost"],
+      "description": "Exposure level of the surface."
+    },
+    "observedAt": {
+      "type": "string",
+      "format": "date-time",
+      "description": "When the boundary was observed."
+    },
+    "endpoints": {
+      "type": "array",
+      "items": {
+        "$ref": "#/$defs/endpoint"
+      },
+      "description": "Detected endpoints on this surface."
+    },
+    "auth": {
+      "type": "object",
+      "properties": {
+        "mechanism": {
+          "type": "string",
+          "enum": ["none", "apikey", "jwt", "oauth2", "mtls", "basic"],
+          "description": "Authentication mechanism."
+        },
+        "required_scopes": {
+          "type": "array",
+          "items": { "type": "string" },
+          "description": "Required authorization scopes."
+        }
+      },
+      "description": "Authentication configuration."
+    },
+    "controls": {
+      "type": "array",
+      "items": { "type": "string" },
+      "description": "Security controls in place (e.g., rate-limit, WAF)."
+    },
+    "expiresAt": {
+      "type": "string",
+      "format": "date-time",
+      "description": "When this boundary observation expires (TTL: 72h)."
+    }
+  },
+  "$defs": {
+    "endpoint": {
+      "type": "object",
+      "required": ["route", "method"],
+      "properties": {
+        "route": {
+          "type": "string",
+          "description": "Route pattern (e.g., /api/users/:id)."
+        },
+        "method": {
+          "type": "string",
+          "enum": ["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS", "HEAD"],
+          "description": "HTTP method."
+        },
+        "auth": {
+          "type": "string",
+          "description": "Authentication requirement for this endpoint."
+        }
+      }
+    }
+  },
+  "additionalProperties": false
+}