Add tests for SBOM generation determinism across multiple formats
- Created `StellaOps.TestKit.Tests` project for unit tests related to determinism. - Implemented `DeterminismManifestTests` to validate deterministic output for canonical bytes and strings, file read/write operations, and error handling for invalid schema versions. - Added `SbomDeterminismTests` to ensure identical inputs produce consistent SBOMs across SPDX 3.0.1 and CycloneDX 1.6/1.7 formats, including parallel execution tests. - Updated project references in `StellaOps.Integration.Determinism` to include the new determinism testing library.
This commit is contained in:
master
StellaOps Bot
@@ -1,27 +1,11 @@
|
||||
# Console Airgap UI (Airgap 57-002)
|
||||
# Archived: Console Air-Gap Notes
|
||||
|
||||
Describes console surfaces for sealed-mode imports, staleness, and user guidance.
|
||||
This page was consolidated into canonical docs:
|
||||
|
||||
## Surfaces
|
||||
- **Airgap status badge**: shows `sealed` state, `mirrorGeneration`, last import time, and staleness indicator.
|
||||
- **Import wizard**: stepper to upload/verify mirror bundle, show manifest hash, and emit timeline event upon success.
|
||||
- **Staleness dashboard**: charts staleness by bundle/component; highlights tenants nearing expiry.
|
||||
- `docs/15_UI_GUIDE.md`
|
||||
- `docs/24_OFFLINE_KIT.md`
|
||||
- `docs/airgap/` (deep dive workflows)
|
||||
|
||||
## Staleness logic
|
||||
- Use time anchors from `docs/airgap/staleness-and-time.md`.
|
||||
- Staleness = now - `bundle.createdAt`; color bands: green (<24h), amber (24–72h), red (>72h) or missing anchor.
|
||||
The previous note has been archived to:
|
||||
|
||||
## Guidance banners
|
||||
- When sealed: banner text "Sealed mode: egress denied. Only registered bundles allowed." Include current `mirrorGeneration` and bundle hash.
|
||||
- On staleness red: prompt operators to import next bundle or reapply time anchor.
|
||||
|
||||
## Events
|
||||
- Successful import emits timeline event with bundleId, mirrorGeneration, manifest hash, actor.
|
||||
- Failed import emits event with error code; do not expose stack traces in UI.
|
||||
|
||||
## Security/guardrails
|
||||
- Require admin scope to import bundles; read-only users can view status only.
|
||||
- Never display raw hashes without tenant context; prefix with tenant and generation.
|
||||
|
||||
## TODOs
|
||||
- Wire to backend once mirror bundle schema and timeline events are exposed (blocked until backend readiness).
|
||||
- `docs/_archive/console/airgap.md`
|
||||
|
||||
Reference in New Issue
Block a user