stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

feat: Add VEX compact fixture and implement offline verifier for Findings Ledger exports

Browse Source 
- Introduced a new VEX compact fixture for testing purposes.
- Implemented `verify_export.py` script to validate Findings Ledger exports, ensuring deterministic ordering and applying redaction manifests.
- Added a lightweight stub `HarnessRunner` for unit tests to validate ledger hashing expectations.
- Documented tasks related to the Mirror Creator.
- Created models for entropy signals and implemented the `EntropyPenaltyCalculator` to compute penalties based on scanner outputs.
- Developed unit tests for `EntropyPenaltyCalculator` to ensure correct penalty calculations and handling of edge cases.
- Added tests for symbol ID normalization in the reachability scanner.
- Enhanced console status service with comprehensive unit tests for connection handling and error recovery.
- Included Cosign tool version 2.6.0 with checksums for various platforms.
This commit is contained in:
StellaOps Bot
2025-12-02 21:08:01 +02:00
parent 6d049905c7
commit 47168fec38
146 changed files with 4329 additions and 549 deletions
Download Patch File Download Diff File Expand all files Collapse all files

112
docs/modules/zastava/schemas/webhook_admission.schema.json
View File

@@ -1,8 +1,91 @@
{
"$id": "https://stella-ops.org/schemas/zastava/webhook_admission.schema.json",
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "Zastava Webhook Admission",
"type": "object",
"properties": {
"bypass_waiver_id": {
"type": "string"
},
"decision": {
"enum": [
"allow",
"deny",
"dry-run"
]
},
"decision_at": {
"format": "date-time",
"type": "string"
},
"decision_reason": {
"minLength": 1,
"type": "string"
},
"graph_revision_id": {
"minLength": 1,
"type": "string"
},
"ledger_id": {
"type": "string"
},
"manifest_pointer": {
"description": "Surface.FS manifest pointer",
"type": "string"
},
"monotonic_nanos": {
"type": "integer"
},
"namespace": {
"minLength": 1,
"type": "string"
},
"payload": {
"description": "AdmissionReview payload (canonical JSON) hashed via payload_hash",
"type": "object"
},
"payload_hash": {
"pattern": "^sha256:[0-9a-f]{64}$",
"type": "string"
},
"policy_hash": {
"minLength": 1,
"type": "string"
},
"project_id": {
"minLength": 1,
"type": "string"
},
"replay_manifest": {
"type": "string"
},
"request_uid": {
"minLength": 1,
"type": "string"
},
"resource_kind": {
"minLength": 1,
"type": "string"
},
"side_effect": {
"enum": [
"none",
"mutating",
"bypass"
]
},
"signature": {
"description": "DSSE envelope reference",
"pattern": "^dsse://[A-Za-z0-9._:/-]+$",
"type": "string"
},
"tenant_id": {
"minLength": 1,
"type": "string"
},
"workload_name": {
"minLength": 1,
"type": "string"
}
},
"required": [
"tenant_id",
"project_id",
@@ -16,27 +99,10 @@
"decision_reason",
"decision_at",
"manifest_pointer",
"payload",
"payload_hash",
"signature"
],
"properties": {
"tenant_id": { "type": "string" },
"project_id": { "type": "string" },
"request_uid": { "type": "string" },
"resource_kind": { "type": "string" },
"namespace": { "type": "string" },
"workload_name": { "type": "string" },
"policy_hash": { "type": "string" },
"graph_revision_id": { "type": "string" },
"ledger_id": { "type": "string" },
"replay_manifest": { "type": "string" },
"manifest_pointer": { "type": "string", "description": "Surface.FS manifest pointer" },
"decision": { "enum": ["allow", "deny", "dry-run"] },
"decision_reason": { "type": "string" },
"decision_at": { "type": "string", "format": "date-time" },
"monotonic_nanos": { "type": "integer" },
"side_effect": { "enum": ["none", "mutating", "bypass"] },
"bypass_waiver_id": { "type": "string" },
"payload_hash": { "type": "string" },
"signature": { "type": "string", "description": "DSSE envelope reference" }
}
"title": "Zastava Webhook Admission",
"type": "object"
}