Add tests for SBOM generation determinism across multiple formats
- Created `StellaOps.TestKit.Tests` project for unit tests related to determinism. - Implemented `DeterminismManifestTests` to validate deterministic output for canonical bytes and strings, file read/write operations, and error handling for invalid schema versions. - Added `SbomDeterminismTests` to ensure identical inputs produce consistent SBOMs across SPDX 3.0.1 and CycloneDX 1.6/1.7 formats, including parallel execution tests. - Updated project references in `StellaOps.Integration.Determinism` to include the new determinism testing library.
This commit is contained in:
master
StellaOps Bot
@@ -1,5 +0,0 @@
|
||||
# Hash index for console observability/forensics assets
|
||||
# Add lines as: "<sha256> <relative-path>"
|
||||
c1908189a1143d4314bbaa57f57139704edd73e807e025cdd0feae715b37ed72 docs/console/observability.md
|
||||
c1908189a1143d4314bbaa57f57139704edd73e807e025cdd0feae715b37ed72 docs/console/observability.md
|
||||
fb969b8e8edd2968910a754d06385863130a4cd5c25b483064cab60d5d305f2b docs/console/forensics.md
|
||||
@@ -1,14 +1,11 @@
|
||||
# Console: Admin Tenants — Draft Skeleton (2025-12-05 UTC)
|
||||
# Archived: Console Admin (Tenants)
|
||||
|
||||
Status: draft placeholder. Depends on Console UX assets and DVDO0110.
|
||||
This page was consolidated into canonical docs:
|
||||
|
||||
## Tasks
|
||||
- Create/edit/delete tenants.
|
||||
- Assign roles/scopes via Console.
|
||||
- `docs/15_UI_GUIDE.md`
|
||||
- `docs/architecture/console-admin-rbac.md`
|
||||
- `docs/security/authority-scopes.md`
|
||||
|
||||
## Safety
|
||||
- Imposed rule reminder; audit logging expectations.
|
||||
The previous note has been archived to:
|
||||
|
||||
## Open TODOs
|
||||
- Add screenshots/flows when assets arrive.
|
||||
- Link to multi-tenancy and scopes docs.
|
||||
- `docs/_archive/console/admin-tenants.md`
|
||||
|
||||
@@ -1,27 +1,11 @@
|
||||
# Console Airgap UI (Airgap 57-002)
|
||||
# Archived: Console Air-Gap Notes
|
||||
|
||||
Describes console surfaces for sealed-mode imports, staleness, and user guidance.
|
||||
This page was consolidated into canonical docs:
|
||||
|
||||
## Surfaces
|
||||
- **Airgap status badge**: shows `sealed` state, `mirrorGeneration`, last import time, and staleness indicator.
|
||||
- **Import wizard**: stepper to upload/verify mirror bundle, show manifest hash, and emit timeline event upon success.
|
||||
- **Staleness dashboard**: charts staleness by bundle/component; highlights tenants nearing expiry.
|
||||
- `docs/15_UI_GUIDE.md`
|
||||
- `docs/24_OFFLINE_KIT.md`
|
||||
- `docs/airgap/` (deep dive workflows)
|
||||
|
||||
## Staleness logic
|
||||
- Use time anchors from `docs/airgap/staleness-and-time.md`.
|
||||
- Staleness = now - `bundle.createdAt`; color bands: green (<24h), amber (24–72h), red (>72h) or missing anchor.
|
||||
The previous note has been archived to:
|
||||
|
||||
## Guidance banners
|
||||
- When sealed: banner text "Sealed mode: egress denied. Only registered bundles allowed." Include current `mirrorGeneration` and bundle hash.
|
||||
- On staleness red: prompt operators to import next bundle or reapply time anchor.
|
||||
|
||||
## Events
|
||||
- Successful import emits timeline event with bundleId, mirrorGeneration, manifest hash, actor.
|
||||
- Failed import emits event with error code; do not expose stack traces in UI.
|
||||
|
||||
## Security/guardrails
|
||||
- Require admin scope to import bundles; read-only users can view status only.
|
||||
- Never display raw hashes without tenant context; prefix with tenant and generation.
|
||||
|
||||
## TODOs
|
||||
- Wire to backend once mirror bundle schema and timeline events are exposed (blocked until backend readiness).
|
||||
- `docs/_archive/console/airgap.md`
|
||||
|
||||
@@ -1,8 +1,10 @@
|
||||
# Attestor UI (DOCS-ATTEST-74-003)
|
||||
# Archived: Attestor UI Notes
|
||||
|
||||
Describe console workflows for viewing and verifying attestations.
|
||||
This page was consolidated into canonical docs:
|
||||
|
||||
- Pages: attestation list, attestation detail, verification status panel.
|
||||
- Filters: tenant, issuer, predicate, verification status.
|
||||
- Actions: download DSSE, view transparency info, export verification record.
|
||||
- UI must not derive verdicts; display raw verification state only.
|
||||
- `docs/15_UI_GUIDE.md`
|
||||
- `docs/modules/attestor/architecture.md`
|
||||
|
||||
The previous note has been archived to:
|
||||
|
||||
- `docs/_archive/console/attestor-ui.md`
|
||||
|
||||
@@ -1,26 +1,12 @@
|
||||
# Console Forensics (stub)
|
||||
# Archived: Console Forensics Notes
|
||||
|
||||
> Status: BLOCKED awaiting timeline/evidence viewer assets and payloads from Console Guild. Follow this outline when assets arrive.
|
||||
This page was consolidated into canonical docs:
|
||||
|
||||
## Scope
|
||||
- Timeline explorer, evidence viewer, attestation verifier flows.
|
||||
- Imposed rule banner and offline-friendly walkthroughs.
|
||||
- Troubleshooting section with deterministic repro steps.
|
||||
- `docs/15_UI_GUIDE.md`
|
||||
- `docs/forensics/evidence-locker.md`
|
||||
- `docs/forensics/provenance-attestation.md`
|
||||
- `docs/forensics/timeline.md`
|
||||
|
||||
## Pending inputs
|
||||
- Deterministic captures (command-rendered or approved screenshots) for timeline and evidence viewer states.
|
||||
- Sample NDJSON/JSON payloads for evidence/attestation, with hashes.
|
||||
- Error taxonomy and retry/backoff guidance for user-facing errors.
|
||||
The previous note has been archived to:
|
||||
|
||||
## Determinism checklist
|
||||
- Hash all captures/payloads in co-located `SHA256SUMS` when provided.
|
||||
- Use UTC timestamps and stable ordering in tables and examples.
|
||||
|
||||
## Outline
|
||||
1. Overview + banner
|
||||
2. Timeline explorer walkthrough (filters, drilldowns)
|
||||
3. Evidence viewer (attestations, signatures, DSSE bundle) examples
|
||||
4. Attestation verifier steps and expected outputs
|
||||
5. Troubleshooting + error taxonomy
|
||||
6. Offline/air-gap operation steps
|
||||
7. Verification (hash check + replay commands)
|
||||
- `docs/_archive/console/forensics.md`
|
||||
|
||||
@@ -1,27 +1,11 @@
|
||||
# Console Observability (stub)
|
||||
# Archived: Console Observability Notes
|
||||
|
||||
> Status: BLOCKED awaiting Observability Hub widget captures + deterministic sample payload hashes from Console Guild. This stub locks structure and checklist; replace placeholders once assets arrive.
|
||||
This page was consolidated into canonical docs:
|
||||
|
||||
## Scope
|
||||
- Observability Hub widgets (traces, logs, metrics) for runtime/signals and graph overlays.
|
||||
- Accessibility and imposed rule banner.
|
||||
- Offline parity: all captures and sample payloads must be stored locally with SHA256 hashes.
|
||||
- `docs/15_UI_GUIDE.md`
|
||||
- `docs/observability/observability.md`
|
||||
- `docs/observability/ui-telemetry.md`
|
||||
|
||||
## Pending inputs (must be supplied before publish)
|
||||
- Widget screenshots or command-rendered outputs (deterministic capture).
|
||||
- Sample payloads (JSON/NDJSON) with hash list.
|
||||
- Alert rules/thresholds and dashboard import JSON.
|
||||
The previous note has been archived to:
|
||||
|
||||
## Determinism checklist
|
||||
- Record all hashes in a `SHA256SUMS` alongside captures once provided.
|
||||
- Use UTC ISO-8601 timestamps and stable sort order for tables/output snippets.
|
||||
- Avoid external links; refer to local assets only.
|
||||
|
||||
## Outline (to fill when unblocked)
|
||||
1. Overview and imposed rule banner
|
||||
2. Widget catalog (cards/tables) with captions
|
||||
3. Search/filter examples (logs, traces) with sample payloads
|
||||
4. Dashboards and alert thresholds (import JSON path)
|
||||
5. Accessibility and keyboard shortcuts
|
||||
6. Offline/air-gap import steps
|
||||
7. Verification steps (hash check + replay)
|
||||
- `docs/_archive/console/observability.md`
|
||||
|
||||
@@ -1,17 +1,11 @@
|
||||
# Risk UI (outline)
|
||||
# Archived: Console Risk UI Notes
|
||||
|
||||
- TBD once console assets arrive (authoring, simulation, dashboards).
|
||||
This page was consolidated into canonical docs:
|
||||
|
||||
## Pending Inputs
|
||||
- See sprint SPRINT_0309_0001_0009_docs_tasks_md_ix action tracker; inputs due 2025-12-09..12 from owning guilds.
|
||||
- `docs/20_VULNERABILITY_EXPLORER_GUIDE.md`
|
||||
- `docs/16_VEX_CONSENSUS_GUIDE.md`
|
||||
- `docs/15_UI_GUIDE.md`
|
||||
|
||||
## Determinism Checklist
|
||||
- [ ] Hash any inbound assets/payloads; place sums alongside artifacts (e.g., SHA256SUMS in this folder).
|
||||
- [ ] Keep examples offline-friendly and deterministic (fixed seeds, pinned versions, stable ordering).
|
||||
- [ ] Note source/approver for any provided captures or schemas.
|
||||
The previous note has been archived to:
|
||||
|
||||
## Sections to fill (once inputs arrive)
|
||||
- Overview and navigation (authoring/simulation dashboards).
|
||||
- Data inputs and validation.
|
||||
- Simulation flows and dashboards.
|
||||
- Exports/hashes for screenshots or payload samples (record in `SHA256SUMS`).
|
||||
- `docs/_archive/console/risk-ui.md`
|
||||
|
||||
Reference in New Issue
Block a user