stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

compose and authority fixes. finish sprints.

Browse Source
This commit is contained in:
master
2026-02-17 21:59:47 +02:00
parent fb46a927ad
commit 49cdebe2f1
187 changed files with 23189 additions and 1439 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
docs/code-of-conduct/CODE_OF_CONDUCT.md
View File

@@ -593,3 +593,11 @@ This document is living. Improve it by:
* proposing new rules when recurring defects appear,
* documenting new patterns in module dossiers and module-local `AGENTS.md`,
* adding tests that prevent regressions.
### 14.3 Building rules
Never try to build test large amount of projects at the same time. This leads to memory exhausting. Solutions like src/StellaOps.sln has > 1000 projects.
Always set to build minimum projects at parallel.

63
docs/contracts/witness-v1.md
View File

@@ -317,6 +317,69 @@ Example:
---
## Runtime Symbolization Tuple
Runtime witnesses (those with `observation_type` = `runtime|confirmed` or non-empty `observations`) must include a deterministic symbolization tuple:
```json
{
"symbolization": {
"build_id": "gnu-build-id:...",
"debug_artifact_uri": "cas://symbols/by-build-id/.../artifact.debug",
"symbol_table_uri": "cas://symbols/by-build-id/.../symtab.json",
"symbolizer": {
"name": "llvm-symbolizer",
"version": "18.1.7",
"digest": "sha256:..."
},
"libc_variant": "glibc",
"sysroot_digest": "sha256:..."
}
}
```
Validation rules:
1. `build_id`, `symbolizer.name`, `symbolizer.version`, `symbolizer.digest`, `libc_variant`, and `sysroot_digest` are required.
2. At least one of `debug_artifact_uri` or `symbol_table_uri` must be present.
3. Missing runtime symbolization inputs must fail witness signing/verification validation.
4. Runtime observation arrays must be canonicalized before witness hashing/signing (stable sort by timestamp and deterministic tiebreakers) so equivalent inputs produce byte-identical DSSE payloads.
## Runtime Witness Artifact Triplet (MWD-004)
Runtime witnesses exported through Evidence Locker use a deterministic three-file profile:
1. `trace.json` - canonical witness payload
2. `trace.dsse.json` - DSSE envelope over `trace.json`
3. `trace.sigstore.json` - Sigstore bundle containing verification material for offline replay
Manifest/index records must link each artifact to:
- `witness_id`
- `witness_role` (`trace`, `dsse`, `sigstore_bundle`)
- deterministic replay lookup keys:
- `build_id`
- `kernel_release`
- `probe_id`
- `policy_run_id`
Offline verification must use only bundle-contained artifacts; no network lookups are required for triplet integrity checks.
## Cross-Distro Replay Matrix Verification (MWD-005)
Deterministic replay verification must include a minimum matrix of:
1. Three kernel releases.
2. Both `glibc` and `musl` libc variants.
3. Fixed witness artifacts replayed across matrix rows with byte-identical replay-frame output.
QA evidence for `MWD-005` is captured at:
- `docs/qa/feature-checks/runs/signals/ebpf-micro-witness-determinism/run-001/tier2-replay-matrix-tests.log`
- `docs/qa/feature-checks/runs/signals/ebpf-micro-witness-determinism/run-001/tier2-replay-matrix-summary.json`
---
## DSSE Signing
Witnesses are signed using [DSSE (Dead Simple Signing Envelope)](https://github.com/secure-systems-lab/dsse):

30
docs/hybrid-diff-patching.md
View File

@@ -14,23 +14,26 @@ remaining deterministic and offline-capable.
## Review outcome (2026-02-16)
The advisory is directionally aligned with existing Stella Ops work but not
fully implemented end-to-end.
The advisory blueprint is implemented in the BinaryIndex DeltaSig pipeline.
Already present:
Implemented in this sprint:
- ELF normalization and delta hashing pipeline in BinaryIndex.
- DeltaSig attestation models and CLI flows for extract/author/sign/verify.
- Symbol manifest model with debug/code identifiers and source path metadata.
- Deterministic semantic edit scripts and source anchors.
- Canonical symbol-map contracts with build-id linkage (manifest-backed and
deterministic fallback modes).
- Deterministic `symbol_patch_plan` and `patch_manifest` artifacts tied to
function-level deltas and digest-linked evidence.
- DeltaSig predicate embedding of the full hybrid evidence chain.
- Fail-closed hybrid verifier checks for digest/linkage/boundary mismatches.
- Policy gates for hybrid presence, AST anchors, namespace protection, and
patch byte budgets.
Missing or incomplete for the full hybrid stack:
Known constraints:
- AST semantic edit-script generation and stable source anchors.
- Build artifact contract that emits canonical `symbol_map.json` from DWARF/PDB
during build.
- Deterministic source-edit -> symbol patch plan artifact.
- Verifier workflow that reconciles AST anchors with symbol boundaries and
normalized per-symbol deltas in one attested contract.
- Semantic edits currently use deterministic text/symbol heuristics rather than
language-specific AST adapters.
- Full byte-level patch replay execution remains a follow-on integration concern
for Attestor/Doctor runtime workflows.
## Canonical module dossier
@@ -43,3 +46,4 @@ Detailed contracts, phased implementation, and policy hooks are defined in:
Implementation planning for this advisory is tracked in:
- `docs/implplan/SPRINT_20260216_001_BinaryIndex_hybrid_diff_patch_pipeline.md`

70
docs/implplan/SPRINT_20260216_001_BinaryIndex_hybrid_diff_patch_pipeline.md
View File

@@ -32,8 +32,8 @@
## Delivery Tracker
### BHP-01 - Source semantic edit script artifact
Status: TODO
### BHP-01 - Source semantic edit script artifact
Status: DONE
Dependency: none
Owners: Developer, Documentation author
Task description:
@@ -43,12 +43,12 @@ Task description:
evidence pipelines.
Completion criteria:
- [ ] A `semantic_edit_script.json` contract is implemented and validated with tests.
- [ ] Artifact generation is deterministic across repeated runs with identical inputs.
- [ ] Documentation for schema and limits is added to module dossier docs.
- [x] A `semantic_edit_script.json` contract is implemented and validated with tests.
- [x] Artifact generation is deterministic across repeated runs with identical inputs.
- [x] Documentation for schema and limits is added to module dossier docs.
### BHP-02 - Build symbol map contract and build-id binding
Status: TODO
### BHP-02 - Build symbol map contract and build-id binding
Status: DONE
Dependency: BHP-01
Owners: Developer
Task description:
@@ -58,12 +58,12 @@ Task description:
subjects for replay validation.
Completion criteria:
- [ ] Symbol map generation is implemented for supported binary formats in scope.
- [ ] Build-id and map digest are bound in emitted attestation payloads.
- [ ] Tests cover mapping correctness and deterministic ordering.
- [x] Symbol map generation is implemented for supported binary formats in scope.
- [x] Build-id and map digest are bound in emitted attestation payloads.
- [x] Tests cover mapping correctness and deterministic ordering.
### BHP-03 - Symbol patch plan and normalized per-symbol delta manifests
Status: TODO
### BHP-03 - Symbol patch plan and normalized per-symbol delta manifests
Status: DONE
Dependency: BHP-02
Owners: Developer
Task description:
@@ -73,12 +73,12 @@ Task description:
where exact boundaries are required for audit claims.
Completion criteria:
- [ ] Symbol patch plan artifact exists and links to AST anchors and symbol ids.
- [ ] Patch manifest includes pre/post hashes, address ranges, and delta digests.
- [ ] DeltaSig function-level outputs use real boundaries and sizes in covered paths.
- [x] Symbol patch plan artifact exists and links to AST anchors and symbol ids.
- [x] Patch manifest includes pre/post hashes, address ranges, and delta digests.
- [x] DeltaSig function-level outputs use real boundaries and sizes in covered paths.
### BHP-04 - Verifier and attestation enforcement
Status: TODO
### BHP-04 - Verifier and attestation enforcement
Status: DONE
Dependency: BHP-03
Owners: Developer, Test Automation
Task description:
@@ -88,12 +88,12 @@ Task description:
verification evidence for release decisions.
Completion criteria:
- [ ] Verifier checks fail closed on build-id mismatch, boundary mismatch, or hash mismatch.
- [ ] DSSE validation and replay checks are captured in test evidence.
- [ ] CLI/API surfaces expose verification outcome details for operators.
- [x] Verifier checks fail closed on build-id mismatch, boundary mismatch, or hash mismatch.
- [x] DSSE validation and replay checks are captured in test evidence.
- [x] CLI/API surfaces expose verification outcome details for operators.
### BHP-05 - Policy and Evidence Locker integration
Status: TODO
### BHP-05 - Policy and Evidence Locker integration
Status: DONE
Dependency: BHP-04
Owners: Developer, Product Manager
Task description:
@@ -103,24 +103,32 @@ Task description:
UI and release records.
Completion criteria:
- [ ] Policy rules can gate promotions using hybrid diff metrics.
- [ ] Evidence Locker stores and retrieves the full hybrid artifact chain.
- [ ] UI/CLI render concise "what changed" summaries with links to signed evidence.
- [x] Policy rules can gate promotions using hybrid diff metrics.
- [x] Evidence Locker stores and retrieves the full hybrid artifact chain.
- [x] UI/CLI render concise "what changed" summaries with links to signed evidence.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-16 | Sprint created from product advisory review for hybrid source-symbol-binary diff pipeline. | Product Manager |
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-16 | Sprint created from product advisory review for hybrid source-symbol-binary diff pipeline. | Product Manager |
| 2026-02-16 | Implementation started: DeltaSig hybrid diff contracts/composer/service integration and test coverage in BinaryIndex. | Developer |
| 2026-02-16 | Completed BHP-01..BHP-05: hybrid contracts/composer/service policy+verification, docs sync, and targeted `dotnet test` pass on DeltaSig test project (141/141). | Developer |
| 2026-02-17 | Extended Web evidence drawer to render hybrid diff summaries (semantic edits, symbol patch plan, patch manifest, digest chain) and added component tests; `tsc -p tsconfig.app.json --noEmit` passes, while `ng test --include evidence-drawer` is currently blocked by unrelated pre-existing spec errors in approvals/settings suites. | Developer |
| 2026-02-17 | Wired BinaryIndex resolution API evidence to emit deterministic evidence.hybridDiff payloads from both live and cached paths, added contract/core/webservice tests, and revalidated targeted csproj test runs (Contracts 5/5, Core 52/52, WebService 54/54). | Developer |
## Decisions & Risks
- Advisory overlap confirmed with archived advisories:
- `docs-archived/product/advisories/30-Dec-2025 - Binary Diff Signatures for Patch Detection.md`
- `docs-archived/product/advisories/18-Dec-2025 - Building Better Binary Mapping and Call-Stack Reachability.md`
- Decision: treat this advisory as an extension that unifies source intent and binary proof in one contract chain, not as a duplicate effort.
- Risk: AST differencing backend choice may vary by language; mitigation is a language-agnostic output schema with adapter-specific provenance fields.
- Risk: multi-module coordination can drift schemas; mitigation is to keep canonical contracts in BinaryIndex dossier and require digest-linked schema versions in attestations.
- Risk: AST differencing backend choice may vary by language; mitigation is a language-agnostic output schema with adapter-specific provenance fields.
- Decision: fallback symbol maps are generated deterministically from signature data when no manifest/map is provided to keep verification replayable in offline flows.
- Decision: resolution endpoints now project deterministic fallback hybrid bundles (ResolutionEvidence.hybridDiff) so UI/Evidence drawer can render semantic->symbol->patch summaries even for cached responses; contracts documented in docs/modules/binary-index/hybrid-diff-stack.md.
## Next Checkpoints
- 2026-02-18: Contract freeze review for artifact schemas (`semantic_edit_script`, `symbol_map`, `symbol_patch_plan`, `patch_manifest`).
- 2026-02-26: Policy gate integration demo with allow/deny examples on symbol namespaces.
- 2026-02-22: First end-to-end dry run in CI with signed evidence and verifier replay.
- 2026-02-26: Policy gate integration demo with allow/deny examples on symbol namespaces.

102
docs/implplan/SPRINT_20260216_001_Signals_ebpf_micro_witness_determinism_profile.md
View File

@@ -1,102 +0,0 @@
# Sprint SPRINT_20260216_001_Signals_ebpf_micro_witness_determinism_profile - eBPF Micro-Witness Determinism
## Topic & Scope
- Translate the eBPF micro-witness advisory into implementation-ready contracts and sprint tasks.
- Close determinism gaps for runtime witness replay across kernel/distro/toolchain variance.
- Define one portable evidence profile for DSSE + Sigstore bundle based offline replay.
- Working directory: `docs/`.
- Cross-module edits explicitly allowed for implementation tasks: `src/Signals/`, `src/Scanner/`, `src/Attestor/`, `src/EvidenceLocker/`.
- Expected evidence: contract docs, schema/API updates, targeted module tests, offline verification artifacts.
## Dependencies & Concurrency
- Upstream contracts: `docs/contracts/witness-v1.md`, `docs/modules/attestor/repro-bundle-profile.md`, `docs/modules/evidence/unified-model.md`.
- Safe parallelism:
- Signals loader/BTF work can run in parallel with Attestor/Evidence Locker bundle contract work.
- Scanner witness model updates should run after profile fields are frozen.
## Documentation Prerequisites
- `docs/product/ebpf-micro-witness-determinism.md`
- `docs/modules/signals/contracts/ebpf-micro-witness-determinism-profile.md`
- `docs/reachability/deployment-guide.md`
- `docs/contracts/witness-v1.md`
## Delivery Tracker
### MWD-001 - Signals BTF fallback contract and metadata emission
Status: TODO
Dependency: none
Owners: Product Manager, Developer
Task description:
- Implement deterministic BTF selection order in the runtime collector and emit selected source metadata (`source_kind`, `source_path`, `source_digest`, `selection_reason`) into runtime evidence/witness context.
- Ensure behavior is explicit for kernel BTF, external vmlinux BTF, and split-BTF fallback.
Completion criteria:
- [ ] Collector no longer fails solely on missing `/sys/kernel/btf/vmlinux` when configured fallback BTF exists.
- [ ] Runtime evidence includes immutable BTF selection metadata required for replay.
### MWD-002 - Runtime witness schema extensions for deterministic symbolization
Status: TODO
Dependency: MWD-001
Owners: Developer, Documentation author
Task description:
- Extend runtime witness payload schema to include deterministic symbolization tuple: `build_id`, debug/symbol pointer(s), symbolizer identity/version/digest, libc variant, and sysroot digest.
- Update witness contracts and validation rules in docs and implementation.
Completion criteria:
- [ ] Witness schema and code models carry required symbolization fields.
- [ ] Validation rejects witnesses missing required deterministic symbolization inputs.
### MWD-003 - Implement Scanner runtime witness generation pipeline
Status: TODO
Dependency: MWD-002
Owners: Developer, Test Automation
Task description:
- Deliver concrete `IRuntimeWitnessGenerator` implementation, integrating runtime observations, witness building, DSSE signing, and storage.
- Ensure deterministic ordering/canonicalization for runtime observation payloads.
Completion criteria:
- [ ] Runtime witness generation is implemented (not interface-only) and wired into runtime instrumentation flow.
- [ ] Determinism tests show stable witness bytes for fixed inputs.
### MWD-004 - DSSE plus Sigstore bundle witness packaging
Status: TODO
Dependency: MWD-003
Owners: Developer, Documentation author
Task description:
- Standardize and implement per-witness artifact triplet: `trace.json`, `trace.dsse.json`, `trace.sigstore.json`.
- Store and export this profile through Evidence Locker with offline verification compatibility.
Completion criteria:
- [ ] Evidence Locker manifest/index model supports the Sigstore bundle artifact and links it to witness identity.
- [ ] Offline verify workflow succeeds using bundle-contained material only.
### MWD-005 - Cross-distro deterministic replay test matrix
Status: TODO
Dependency: MWD-004
Owners: Test Automation, QA
Task description:
- Add targeted replay verification across kernel/libc matrix (minimum 3 kernels, glibc + musl), asserting byte-identical replay frames for fixed witness artifacts.
- Capture command output and evidence artifacts for deterministic QA sign-off.
Completion criteria:
- [ ] Matrix tests run against targeted projects (not solution filters) and show deterministic replay output.
- [ ] Execution evidence is recorded with artifact hashes and replay verification logs.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-16 | Sprint created from eBPF micro-witness advisory review; gaps confirmed and translated to implementation tasks. | Project Manager |
## Decisions & Risks
- Decision: Adopt a single micro-witness determinism profile defined in `docs/modules/signals/contracts/ebpf-micro-witness-determinism-profile.md`.
- Decision: Product-level promise and current baseline are captured in `docs/product/ebpf-micro-witness-determinism.md`.
- Decision: Advisory translation record archived at `docs-archived/product/advisories/16-Feb-2026 - eBPF micro-witness deterministic replay across distros.md`.
- Risk: Existing runtime collector hard dependency on kernel BTF may block non-BTF kernels until fallback path is implemented.
- Risk: Runtime witness generation remains incomplete without a concrete generator implementation; downstream attestation/export is blocked.
- Risk: Absence of standardized Sigstore witness bundle may produce non-portable replay evidence across environments.
- External web fetches: none.
## Next Checkpoints
- 2026-02-18: Contract review sign-off (Signals/Scanner/Attestor/Evidence Locker owners).
- 2026-02-21: MWD-001 and MWD-002 implementation readiness checkpoint.
- 2026-02-25: First end-to-end deterministic replay demo with DSSE + Sigstore witness bundle.

236
docs/implplan/SPRINT_20260217_001_Web_full_setup_playwright_screen_button_verification.md Normal file
View File

@@ -0,0 +1,236 @@
# Sprint 20260217_001_Web - Full Setup + Playwright Screen/Button Verification
## Topic & Scope
- Execute QA-role verification for setup and full UI surface using Playwright against the running stack.
- Validate every routed screen and actionable UI control (buttons/links) with behavioral evidence.
- Fix reproducible backend/route/frontend wiring issues that block functional behavior.
- Re-open sprint when deep black-box checks contradict prior green status.
- Working directory: `src/Web/StellaOps.Web/`.
- Expected evidence: Playwright run outputs, screenshots, route/button interaction logs, updated docs and sprint log.
## Dependencies & Concurrency
- Depends on: `docs/qa/feature-checks/FLOW.md` environment prerequisites and Tier 2c requirements.
- Safe parallelism: environment probes, service health checks, and route inventory extraction can run in parallel.
- Cross-module edits allowed when required to restore functional UI behavior: `src/Router/`, `src/Platform/`, `src/Authority/`, `devops/compose/`, `docs/qa/feature-checks/`.
## Documentation Prerequisites
- `docs/qa/feature-checks/FLOW.md`
- `docs/code-of-conduct/TESTING_PRACTICES.md`
- `src/Web/StellaOps.Web/AGENTS.md`
- `docs/modules/platform/architecture-overview.md`
- `docs/technical/architecture/console-admin-rbac.md`
- `docs/technical/architecture/console-branding.md`
## Delivery Tracker
### QA-WEB-001 - Environment preflight and runtime bring-up
Status: DONE
Dependency: none
Owners: QA
Task description:
- Validate Docker/runtime prerequisites and start required services for end-to-end UI testing.
- Verify frontend and backend accessibility from Playwright context.
Completion criteria:
- [x] Docker and required services reachable
- [x] Web app reachable for test session
- [x] Backend routes used by tested UI reachable or failure classified
### QA-WEB-002 - Playwright exhaustive route and screen verification
Status: DONE
Dependency: QA-WEB-001
Owners: QA
Task description:
- Run existing critical/extended/workflow Playwright coverage.
- Execute exhaustive route scan for all routes from Angular route tree.
Completion criteria:
- [x] All discovered routes exercised
- [x] Failures captured with reproducible evidence
- [x] Tier 2c behavioral artifacts refreshed
### QA-WEB-003 - Button/action interaction sweep
Status: DONE
Dependency: QA-WEB-002
Owners: QA
Task description:
- Execute automated interaction sweep that clicks actionable buttons/links per screen.
- Capture failures caused by runtime errors, missing handlers, backend failures, or auth/wiring defects.
Completion criteria:
- [x] Actionable controls on tested screens exercised
- [x] Interaction failures triaged with route/control context
- [x] Screenshots/logs captured for regressions
### QA-WEB-004 - Functional remediation for mock/non-working backend paths
Status: DONE
Dependency: QA-WEB-003
Owners: QA, Developer
Task description:
- Implement minimal fixes to restore real backend connectivity and functional UX for failing flows.
- Remove or bypass blocking mock-only paths when backed endpoints exist.
Completion criteria:
- [x] Reproducible blockers fixed in source
- [x] Updated tests cover fixed behavior
- [x] Docs/sprint risks updated for unresolved constraints
### QA-WEB-005 - Full retest and closure
Status: DONE
Dependency: QA-WEB-004
Owners: QA
Task description:
- Re-run failed suites and interaction sweep to confirm fixes.
- Finalize results and transition tasks to terminal states.
Completion criteria:
- [x] All fixed paths retested green
- [x] Remaining failures explicitly marked with root cause and evidence
- [x] Sprint tracker updated to final statuses
### QA-WEB-006 - Deep black-box defect inventory (setup + dashboard + linked workflows)
Status: DONE
Dependency: QA-WEB-005
Owners: QA
Task description:
- Execute real-user black-box setup and login flow (no test-session seeding) and validate functional behavior of dashboard and linked primary paths (`/releases`, `/approvals`).
- Collect endpoint-level failure evidence and screenshot-level UI evidence.
Completion criteria:
- [x] Setup wizard traversed with step-level evidence
- [x] Real login completed and dashboard behavior captured
- [x] Findings consolidated in a single artifact with severity and evidence links
### QA-WEB-007 - Re-open sprint and translate defects into executable remediation backlog
Status: DONE
Dependency: QA-WEB-006
Owners: QA, Project Manager
Task description:
- Convert deep QA findings into concrete cross-module remediation tasks in this sprint.
- Replace stale "all done" narrative with current observed product state.
Completion criteria:
- [x] Sprint reflects newly discovered blockers
- [x] Remediation tasks include owners, dependencies, and completion criteria
- [x] Decisions & Risks updated with explicit defect evidence paths
### QA-WEB-008 - Restore Control Plane data path wiring
Status: DONE
Dependency: QA-WEB-007
Owners: Developer (Router, Orchestrator, Web), QA
Task description:
- Fix gateway/router/backend route mismatches causing dashboard and release/approval APIs to return `404`.
- Validate and align paths for:
- `/api/v1/release-orchestrator/dashboard`
- `/api/release-orchestrator/releases`
- `/api/release-orchestrator/approvals`
- Ensure Control Plane, Releases, and Approvals load live data instead of persistent skeleton/error states.
Completion criteria:
- [x] Endpoints above return `200` in local compose for authenticated admin user
- [x] Dashboard error banner does not persist on healthy stack
- [x] Releases and Approvals render data or valid empty-state without transport errors
- [x] Tier 2c evidence refreshed with screenshots and response logs
### QA-WEB-009 - Setup defaults hardening for local/offline-first deployments
Status: DONE
Dependency: QA-WEB-007
Owners: Developer (Web, Platform), QA
Task description:
- Replace invalid/non-local default advisory mirror in setup wizard (`https://mirror.stella-ops.org/feeds`) with environment-appropriate local/offline-safe default behavior.
- Ensure setup defaults are resolvable/reachable in local compose baseline and clearly marked when external connectivity is required.
Completion criteria:
- [x] Advisory source default no longer points to unresolved `mirror.stella-ops.org/feeds`
- [x] Setup step validation and hint text match actual deploy posture (local/offline/external)
- [x] Updated docs reflect default source behavior and override expectations
- [x] Tier 2c setup run demonstrates valid default path behavior
### QA-WEB-010 - Sweep quality hardening (remove false-green coverage gaps)
Status: DONE
Dependency: QA-WEB-007
Owners: QA, Developer (Web test harness)
Task description:
- Strengthen exhaustive button/page sweep so pass status is not accepted when coverage is weak (e.g., high skip rate or zero-candidate routes).
- Add gating thresholds for route/action coverage and explicit failure classification for untested screens.
Completion criteria:
- [x] Sweep fails when route coverage or action coverage falls below defined thresholds
- [x] Report includes per-route reason taxonomy (`no-controls`, `guarded`, `occluded`, `error-state`, `clicked`)
- [x] Zero-candidate routes reviewed and either justified or remediated
- [x] QA run artifacts include actionable coverage summary, not pass-only totals
### QA-WEB-011 - Full functional sign-off run
Status: DONE
Dependency: QA-WEB-008, QA-WEB-009, QA-WEB-010
Owners: QA
Task description:
- Re-run deep black-box and exhaustive sweeps after remediation wave.
- Confirm setup, control-plane dashboard, releases, approvals, and shell interactions are fully functional in local baseline.
Completion criteria:
- [x] Black-box setup/login/dashboard path passes with no critical/major defects
- [x] Releases and Approvals load without transport errors
- [x] Exhaustive sweep passes coverage gates with no false-green gaps
- [x] Sprint tasks transitioned to terminal states with evidence links
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-17 | Sprint created. QA-WEB-001 moved to DOING to begin environment preflight and Tier 2c execution. | QA |
| 2026-02-17 | Environment preflight completed: docker stack healthy/reachable, authority discovery endpoint verified, baseline suite run captured (initial failures triaged). | QA |
| 2026-02-17 | Updated workflow nav assertion to current sidebar taxonomy (`Security/Evidence/Operations/Settings`), removing stale `Policy` top-level expectation. | QA |
| 2026-02-17 | Added exhaustive button sweep spec `e2e/workflows/exhaustive-button-sweep.e2e.spec.ts`; first run triaged modal-occlusion false positives on `/environments` and `/ops/aoc`. | QA |
| 2026-02-17 | Remediated sweep logic to classify occluded clicks as skipped and auto-dismiss overlays/dialogs; standalone exhaustive sweep passed (`2 passed`) and report generated with `totalFailures: 0`. | QA |
| 2026-02-17 | Final deterministic retest completed: core route/workflow bundle passed (`113 passed`) and standalone exhaustive button sweep passed (`2 passed`). | QA |
| 2026-02-17 | Deep black-box rerun invalidated prior closure: setup default advisory mirror points to `https://mirror.stella-ops.org/feeds` and Control Plane/Releases/Approvals remain non-functional due backend `404/401` responses. Evidence consolidated under `src/Web/StellaOps.Web/qa-evidence/FULL_QA_FINDINGS_2026-02-17.md`. | QA |
| 2026-02-17 | Sprint re-opened; added QA-WEB-006..011 remediation backlog and phased plan for restoring full product functionality and closing route/action coverage gaps. | QA, Project Manager |
| 2026-02-17 | Re-ran exhaustive sweep with current environment (`2 passed`, 5.4m) and recorded coverage caveats from generated `test-results/exhaustive-button-sweep-report.json` (20 zero-candidate routes, 111 skipped actions). | QA |
| 2026-02-17 | Implementation started for QA-WEB-008/009: confirmed live orchestrator runtime is stale vs source (missing release/approval/dashboard endpoints in live OpenAPI), then began backend endpoint + setup-default remediation. | Developer |
| 2026-02-17 | QA-WEB-008 closed: rebuilt/redeployed orchestrator+gateway with new release/approval/dashboard endpoints and verified `/api/v1/release-orchestrator/dashboard`, `/api/release-orchestrator/releases`, `/api/release-orchestrator/approvals` all return `200` and render live page data. | Developer, QA |
| 2026-02-17 | QA-WEB-009 closed: removed invalid advisory mirror defaults, aligned local policy audiences (`stella-ops-api`, `/scanner`), and disabled remote policy-pack fetch in global topbar chip; deep black-box reruns now show `httpFailureCount: 0`. | Developer, QA |
| 2026-02-17 | QA-WEB-010 closed: hardened exhaustive sweep with route/action coverage gates, zero-control route review enforcement, and per-route reason taxonomy; rerun passed (`2 passed`, routeCoverage `0.9722`, actionCoverage `0.5824`, failedChecks `[]`). | QA, Developer |
| 2026-02-17 | QA-WEB-011 closed: full black-box sign-off rerun (`full-qa-setup-dashboard-2026-02-17T22-34-02-301Z`) and deep linked-pages rerun (`deep-dashboard-linked-pages-2026-02-17T22-34-53-231Z`) both reported `httpFailureCount: 0`; critical workflow bundle rerun passed (`21 passed`). | QA |
## Decisions & Risks
- Risk: Some routes may be intentionally auth-gated and require seeded test session; this is not a product defect if behavior matches policy.
- Risk: Some backend services may be unavailable in local compose; unresolved infra gaps will be documented as `env_issue` with evidence.
- Decision: Use existing Playwright harness first, then add a deterministic route/button sweep to broaden coverage.
- Decision: Treat combined execution of exhaustive sweep + full route/workflow suites in one parallel run as stress-only evidence; it induced `networkidle` timeout noise under load and was excluded from final deterministic pass criteria.
- Decision: `/environments` and `/ops/aoc` sweep failures were classified as test-harness occlusion artifacts (modal overlay intercepting background controls), not backend defects; sweep logic updated accordingly.
- Decision: Deep black-box defects supersede prior sprint closure; this sprint remains active until QA-WEB-008..011 are completed.
- Risk: Current dashboard/release/approval regressions are primarily transport/wiring level (`404/401`), so frontend-only fixes will not restore functionality.
- Risk: Exhaustive sweep pass can be false-green while large portions of UI remain effectively untested (high skip/zero-candidate routes).
- Confirmed finding: Setup default `mirror.stella-ops.org/feeds` is not valid for local baseline (observed in UI; endpoint check returned `404` with TLS principal mismatch on strict verify).
- Confirmed finding: Dashboard remains degraded after Retry with persistent error banner/skeletons and offline environment badges due unresolved data endpoints.
- Resolution: Control Plane, Releases, and Approvals transport regressions are closed; endpoint and UI verification now pass with no dashboard transport errors.
- Resolution: Global shell no longer emits unauthorized policy-pack calls during setup/control-plane workflows; black-box reruns report `httpFailureCount: 0`.
- Resolution: QA-WEB-010/011 closure confirmed by gated exhaustive sweep and fresh deep black-box sign-off artifacts on 2026-02-17.
- Evidence index:
- `src/Web/StellaOps.Web/qa-evidence/FULL_QA_FINDINGS_2026-02-17.md`
- `src/Web/StellaOps.Web/qa-evidence/full-qa-setup-dashboard-2026-02-17T19-57-21-213Z/report.json`
- `src/Web/StellaOps.Web/qa-evidence/deep-dashboard-linked-pages-2026-02-17T19-59-15-533Z/report.json`
- `src/Web/StellaOps.Web/qa-evidence/full-qa-setup-dashboard-2026-02-17T21-42-57-857Z/report.json`
- `src/Web/StellaOps.Web/qa-evidence/deep-dashboard-linked-pages-2026-02-17T21-43-51-351Z/report.json`
- `src/Web/StellaOps.Web/qa-evidence/full-qa-setup-dashboard-2026-02-17T22-34-02-301Z/report.json`
- `src/Web/StellaOps.Web/qa-evidence/deep-dashboard-linked-pages-2026-02-17T22-34-53-231Z/report.json`
- `src/Web/StellaOps.Web/test-results/exhaustive-button-sweep-report.json`
## Remediation Plan
1. Route/data path stabilization (QA-WEB-008):
- Align API contracts between Web clients, Gateway routing, and backend endpoints for dashboard, releases, and approvals.
- Validate end-to-end with authenticated real session and ensure `Retry` transitions dashboard to live data state.
2. Setup defaults hardening (QA-WEB-009):
- Replace invalid external mirror defaults with local/offline-safe defaults or explicit opt-in external sources.
- Add deterministic validation messaging and fail-fast diagnostics for unreachable configured feed sources.
3. Coverage and signal quality hardening (QA-WEB-010):
- Promote coverage thresholds to pass criteria (not advisory metrics).
- Classify skipped/untested controls by reason and fail run when unresolved coverage gaps remain.
4. Final end-to-end sign-off (QA-WEB-011):
- Execute full black-box setup -> login -> dashboard -> releases -> approvals verification.
- Run exhaustive route/action sweep with new coverage gates and archive final artifacts in sprint log.
## Next Checkpoints
- Closure checkpoint: QA-WEB-001 through QA-WEB-011 are in terminal `DONE` state.
- Evidence checkpoint: latest sign-off artifacts are `full-qa-setup-dashboard-2026-02-17T22-34-02-301Z`, `deep-dashboard-linked-pages-2026-02-17T22-34-53-231Z`, and `test-results/exhaustive-button-sweep-report.json`.
- Handoff checkpoint: sprint is ready for archive once current branch changes are merged.

43
docs/modules/binary-index/hybrid-diff-stack.md
View File

@@ -1,6 +1,6 @@
# Hybrid Diff Stack Architecture (Source -> Symbols -> Normalized Bytes)
> Status: Planned (advisory translation, 2026-02-16)
> Status: Implemented in BinaryIndex DeltaSig (2026-02-16)
> Module: BinaryIndex with cross-module contracts (Symbols, EvidenceLocker, Policy, Attestor, ReleaseOrchestrator)
## 1. Objective
@@ -13,23 +13,36 @@ binary truth at the same time:
- Binary-level patching: normalization-first per-symbol deltas.
- Release evidence: DSSE-signed contract consumed by policy and replay.
## 2. Current implementation baseline
## 2. Implementation baseline (2026-02-16)
Implemented today:
Implemented in `src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.DeltaSig/`:
- ELF normalization passes and deterministic delta hash generation.
- DeltaSig predicate contracts (v1 and v2) with CLI author/sign/verify flows.
- Symbol manifest model with debug id, code id, source paths, and line data.
- Hybrid artifact contracts: `semantic_edit_script`, `symbol_map`,
`symbol_patch_plan`, and `patch_manifest` (`HybridDiffContracts.cs`).
- Deterministic artifact composer with digest linking and manifest generation
(`HybridDiffComposer.cs`).
- DeltaSig generation now emits function deltas from symbol-map/signature
boundaries (address, section, size) instead of placeholder derivations.
- DeltaSig predicates include optional `hybridDiff` evidence bundle with linked
digests (`Attestation/DeltaSigPredicate.cs`, `DeltaSigService.cs`).
- Verifier fail-closed checks for hybrid artifact digest/linkage mismatches and
boundary/hash reconciliation in dry verification (`DeltaSigService.VerifyAsync`).
- Policy hooks for hybrid evidence requirements, AST anchor requirements,
namespace restrictions, and patch-manifest byte budgets
(`DeltaSigPolicyOptions`, `DeltaSigService.EvaluatePolicy`).
- Binary resolution API evidence (VulnResolutionResponse.Evidence) now projects
deterministic hybridDiff payloads for both live lookups and cache hits so
the Web evidence drawer can render semantic edit counts, symbol patch plans,
manifest summaries, and digest chains from a single response.
Gaps for full advisory scope:
Current constraints:
- No AST semantic edit script artifact pipeline in current release workflow.
- No canonical builder output for source-range to symbol-address map as a
first-class build artifact contract.
- No end-to-end "source edits -> symbol patch plan -> normalized deltas"
bundle schema consumed by release policy.
- Existing function delta composition still contains placeholder address/size
behavior in parts of DeltaSig generation.
- Source semantic edits are deterministic text/symbol heuristics, not a full
language-specific AST adapter.
- Symbol maps come from provided build manifests/maps when available; otherwise
deterministic fallback maps are synthesized from signatures.
- Delta application dry-run remains boundary/hash level verification; byte-level
patch replay engine integration is still a separate Attestor/Doctor concern.
## 3. Target contracts
@@ -161,3 +174,5 @@ Execution is tracked in:
- `docs/modules/binary-index/deltasig-v2-schema.md`
- `docs/modules/scanner/binary-diff-attestation.md`
- `docs/modules/evidence-locker/guides/evidence-pack-schema.md`

18
docs/modules/evidence-locker/export-format.md
View File

@@ -288,6 +288,24 @@ Write-Host "=== Verification Complete: PASSED ===" -ForegroundColor Green
- File extension: `.openvex.json`
- Location: `vex/statements/`
### Runtime Witness Triplets (MWD-004)
Runtime micro-witnesses are exported under `runtime-witnesses/` as deterministic triplets grouped by `witness_id`:
| Artifact | MIME Type | File Pattern |
|----------|-----------|--------------|
| Trace payload | `application/vnd.stellaops.witness.v1+json` | `runtime-witnesses/<witness-id>/trace.json` |
| DSSE envelope | `application/vnd.dsse.envelope+json` | `runtime-witnesses/<witness-id>/trace.dsse.json` |
| Sigstore bundle | `application/vnd.dev.sigstore.bundle.v0.3+json` | `runtime-witnesses/<witness-id>/trace.sigstore.json` |
Manifest/index entries for these artifacts carry deterministic replay keys:
- `build_id`
- `kernel_release`
- `probe_id`
- `policy_run_id`
Offline replay validation is bundle-contained: `trace.json`, `trace.dsse.json`, and `trace.sigstore.json` are validated together without external lookups.
## Export Options
### CLI Command

12
docs/modules/evidence-locker/guides/evidence-pack-schema.md
View File

@@ -536,3 +536,15 @@ stella pack replay evidence-pack.tar.gz --verbose --diff
- [Verdict Attestations](../policy/verdict-attestations.md)
- [Evidence Locker Architecture](../modules/evidence-locker/architecture.md)
- [SPRINT_3000_0100_0002](../implplan/SPRINT_3000_0100_0002_evidence_packs.md)
## Hybrid Diff Artifacts
When a verdict payload contains a DeltaSig predicate with `hybridDiff`, include the
following deterministic artifacts in the evidence pack (for example under
`binary-diff/`) and keep each artifact digest linked to the attested predicate:
- `semantic_edit_script.json`
- `symbol_map_before.json`
- `symbol_map_after.json`
- `symbol_patch_plan.json`
- `patch_manifest.json`

6
docs/modules/orchestrator/architecture.md
View File

@@ -119,6 +119,12 @@ The `CircuitBreakerService` implements the circuit breaker pattern for downstrea
- Event envelope draft (`docs/modules/orchestrator/event-envelope.md`) defines notifier/webhook/SSE payloads with idempotency keys, provenance, and task runner metadata for job/pack-run events.
- OpenAPI discovery: `/.well-known/openapi` exposes `/openapi/orchestrator.json` (OAS 3.1) with pagination/idempotency/error-envelope examples; legacy job detail/summary endpoints now ship `Deprecation` + `Link` headers that point to their replacements.
### 4.5) Release control plane dashboard endpoints
- `GET /api/v1/release-orchestrator/dashboard` — control-plane dashboard payload (pipeline, pending approvals, active deployments, recent releases).
- `POST /api/v1/release-orchestrator/promotions/{id}/approve` — approve a pending promotion from dashboard context.
- `POST /api/v1/release-orchestrator/promotions/{id}/reject` — reject a pending promotion from dashboard context.
- Compatibility aliases are exposed for legacy clients under `/api/release-orchestrator/*`.
All responses include deterministic timestamps, job digests, and DSSE signature fields for offline reconciliation.
## 5) Observability

27
docs/modules/signals/contracts/ebpf-micro-witness-determinism-profile.md
View File

@@ -1,10 +1,10 @@
# eBPF Micro-Witness Determinism Profile v1.0.0
**Status:** PLANNED
**Status:** IMPLEMENTED
**Version:** 1.0.0
**Effective:** 2026-02-16
**Owner:** Signals Guild + Scanner Guild + Attestor Guild + Evidence Locker Guild
**Sprint:** `docs/implplan/SPRINT_20260216_001_Signals_ebpf_micro_witness_determinism_profile.md`
**Sprint:** `docs-archived/implplan/SPRINT_20260216_001_Signals_ebpf_micro_witness_determinism_profile.md`
---
@@ -110,15 +110,24 @@ These keys are required for deterministic replay lookup and audit search.
## 8. Confirmed Gaps (2026-02-16 Baseline)
- Hard BTF dependency with no split-BTF fallback metadata contract in collector:
- Resolved in `MWD-001` (2026-02-16): deterministic BTF selection order and metadata emission are now implemented in runtime collector:
- `src/Signals/__Libraries/StellaOps.Signals.Ebpf/Services/RuntimeSignalCollector.cs`
- `src/Signals/__Libraries/StellaOps.Signals.Ebpf/Services/RuntimeBtfSourceSelector.cs`
- Probe load path is simulated and does not record selected BTF source:
- `src/Signals/__Libraries/StellaOps.Signals.Ebpf/Probes/CoreProbeLoader.cs`
- Runtime witness payload lacks required symbolization tuple fields:
- Resolved in `MWD-002` (2026-02-16): runtime witness payload and validation now enforce deterministic symbolization tuple fields.
- `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Witnesses/PathWitness.cs`
- `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Witnesses/RuntimeObservation.cs`
- Runtime witness generator implementation is missing:
- `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Witnesses/IRuntimeWitnessGenerator.cs`
- Sigstore bundle (`trace.sigstore.json`) is not yet standardized in witness storage/export:
- `src/Scanner/__Libraries/StellaOps.Scanner.Storage/Postgres/Migrations/013_witness_storage.sql`
- `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Witnesses/RuntimeWitnessRequest.cs`
- `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Witnesses/WitnessDsseSigner.cs`
- Resolved in `MWD-003` (2026-02-17): runtime witness generation is implemented with deterministic observation canonicalization, DSSE signing, storage hook, and collector wiring.
- `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Witnesses/RuntimeWitnessGenerator.cs`
- `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Witnesses/IRuntimeWitnessStorage.cs`
- `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Witnesses/IRuntimeWitnessSigningKeyProvider.cs`
- `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Runtime/EbpfRuntimeReachabilityCollector.cs`
- Resolved in `MWD-004` (2026-02-17): Evidence Locker manifest/export now supports runtime witness triplets and witness-index linkage keys for deterministic replay lookup, with offline bundle-contained verification checks.
- `src/EvidenceLocker/__Libraries/StellaOps.EvidenceLocker.Export/Models/BundleManifest.cs`
- `src/EvidenceLocker/__Libraries/StellaOps.EvidenceLocker.Export/TarGzBundleExporter.cs`
- `src/EvidenceLocker/__Libraries/StellaOps.EvidenceLocker.Export/RuntimeWitnessOfflineVerifier.cs`
- Resolved in `MWD-005` (2026-02-17): cross-distro deterministic replay matrix coverage now runs in targeted tests (3 kernel releases, `glibc` + `musl`) and asserts byte-identical replay-frame bytes for fixed witness artifacts with recorded artifact hashes/logs.
- `src/EvidenceLocker/__Tests/StellaOps.EvidenceLocker.Export.Tests/RuntimeWitnessOfflineVerifierTests.cs`
- `docs/qa/feature-checks/runs/signals/ebpf-micro-witness-determinism/run-001/tier2-replay-matrix-summary.json`

1
docs/modules/ui/guides/setup-guide.md
View File

@@ -160,6 +160,7 @@ The **Sources** step supports multiple feed types:
- Self-hosted advisory mirrors for air-gapped environments
- Supports Basic Auth, Bearer Token, or mTLS authentication
- Configurable sync intervals
- Local/default wizard behavior starts in **Custom Feed Sources** mode and leaves mirror URL empty until explicitly configured.
## Environment Patterns

25
docs/product/ebpf-micro-witness-determinism.md
View File

@@ -2,8 +2,8 @@
## Status
- Advisory translated: 2026-02-16 (UTC)
- Current implementation status: gaps confirmed
- Implementation sprint: `docs/implplan/SPRINT_20260216_001_Signals_ebpf_micro_witness_determinism_profile.md`
- Current implementation status: implementation complete (`MWD-001` through `MWD-005` complete)
- Implementation sprint: `docs-archived/implplan/SPRINT_20260216_001_Signals_ebpf_micro_witness_determinism_profile.md`
## Purpose
- Define what "replayable and deterministic micro-witnesses" means for Stella Ops runtime evidence.
@@ -17,19 +17,26 @@
4. Witness evidence must be portable as DSSE plus a Sigstore bundle that can be verified offline.
## Verified current state (2026-02-16)
- eBPF support check currently hard-requires `/sys/kernel/btf/vmlinux` with no split-BTF fallback path selection metadata in collector output.
- eBPF runtime collector now uses deterministic BTF selection order (`/sys/kernel/btf/vmlinux` -> configured external vmlinux -> split-BTF) and emits source metadata (`source_kind`, `source_path`, `source_digest`, `selection_reason`) into runtime summaries/results.
- `src/Signals/__Libraries/StellaOps.Signals.Ebpf/Services/RuntimeSignalCollector.cs`
- `src/Signals/__Libraries/StellaOps.Signals.Ebpf/Services/RuntimeBtfSourceSelector.cs`
- Probe loader path is simulated for runtime attachment lifecycle and does not implement deterministic BTF source recording.
- `src/Signals/__Libraries/StellaOps.Signals.Ebpf/Probes/CoreProbeLoader.cs`
- Runtime witness model includes `build_id` but does not include symbol bundle pointers or symbolizer/libc/sysroot tuple required for cross-distro deterministic symbolization.
- Runtime witness model now includes deterministic symbolization tuple (`build_id`, debug/symbol pointers, symbolizer identity, libc variant, sysroot digest) and runtime witness signing/verification validation enforces required symbolization inputs.
- `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Witnesses/PathWitness.cs`
- `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Witnesses/RuntimeObservation.cs`
- Runtime witness generator is interface-defined but has no production implementation in Scanner.
- `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Witnesses/IRuntimeWitnessGenerator.cs`
- DSSE envelope support exists; end-to-end per-witness Sigstore bundle contract (`trace.sigstore.json`) is not standardized in witness storage/indexing.
- `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Witnesses/RuntimeWitnessRequest.cs`
- `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Witnesses/WitnessDsseSigner.cs`
- `src/Scanner/__Libraries/StellaOps.Scanner.Storage/Postgres/Migrations/013_witness_storage.sql`
- Runtime witness generation pipeline is implemented with deterministic observation canonicalization, DSSE signing, and storage integration hook, and is wired into runtime collector flow through optional witness emission settings.
- `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Witnesses/RuntimeWitnessGenerator.cs`
- `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Runtime/EbpfRuntimeReachabilityCollector.cs`
- `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Runtime/IRuntimeReachabilityCollector.cs`
- Evidence Locker export manifest/index now supports runtime witness triplets (`trace.json`, `trace.dsse.json`, `trace.sigstore.json`) with witness identity linkage and deterministic lookup keys (`build_id`, `kernel_release`, `probe_id`, `policy_run_id`), and offline verifier checks can run using bundle-contained artifacts only.
- `src/EvidenceLocker/__Libraries/StellaOps.EvidenceLocker.Export/Models/BundleManifest.cs`
- `src/EvidenceLocker/__Libraries/StellaOps.EvidenceLocker.Export/TarGzBundleExporter.cs`
- `src/EvidenceLocker/__Libraries/StellaOps.EvidenceLocker.Export/RuntimeWitnessOfflineVerifier.cs`
- Cross-distro deterministic replay matrix is validated in targeted tests (3 kernels: `5.15`, `6.1`, `6.6`; libc variants: `glibc`, `musl`) with byte-identical replay-frame projection from fixed witness artifacts, and QA evidence includes artifact hashes and replay logs.
- `src/EvidenceLocker/__Tests/StellaOps.EvidenceLocker.Export.Tests/RuntimeWitnessOfflineVerifierTests.cs`
- `docs/qa/feature-checks/runs/signals/ebpf-micro-witness-determinism/run-001/tier2-replay-matrix-summary.json`
## Decision
- Advisory is accepted as implementation-required.

7
docs/qa/feature-checks/runs/signals/ebpf-micro-witness-determinism/run-001/tier2-commands.json Normal file
View File

@@ -0,0 +1,7 @@
[
{
"command": "dotnet test src/EvidenceLocker/__Tests/StellaOps.EvidenceLocker.Export.Tests/StellaOps.EvidenceLocker.Export.Tests.csproj -v minimal -m:1 /p:BuildInParallel=false /p:UseSharedCompilation=false",
"log": "docs/qa/feature-checks/runs/signals/ebpf-micro-witness-determinism/run-001/tier2-replay-matrix-tests.log",
"exitCode": 0
}
]

18
docs/qa/feature-checks/runs/signals/ebpf-micro-witness-determinism/run-001/tier2-integration-check.json Normal file
View File

@@ -0,0 +1,18 @@
{
"type": "integration",
"module": "signals",
"feature": "ebpf-micro-witness-determinism",
"runId": "run-001",
"capturedAtUtc": "2026-02-17T06:36:12.4807490Z",
"steps": [
{
"description": "Run targeted runtime witness replay matrix tests against EvidenceLocker export project",
"result": "pass",
"evidence": [
"docs/qa/feature-checks/runs/signals/ebpf-micro-witness-determinism/run-001/tier2-replay-matrix-tests.log",
"docs/qa/feature-checks/runs/signals/ebpf-micro-witness-determinism/run-001/tier2-replay-matrix-summary.json"
]
}
],
"verdict": "pass"
}

32
docs/qa/feature-checks/runs/signals/ebpf-micro-witness-determinism/run-001/tier2-replay-matrix-summary.json Normal file
View File

@@ -0,0 +1,32 @@
{
"module": "signals",
"feature": "ebpf-micro-witness-determinism",
"run_id": "run-001",
"captured_at_utc": "2026-02-17T06:36:12.4752331Z",
"witness_id": "wit:sha256:runtime-001",
"artifact_hashes": {
"trace_json": "sha256:21a50e02912d521d392b04cb25baa23489501d6e1bf8838feb24a2941338f410",
"trace_dsse_json": "sha256:7e1a4a8fe4a0e34467795035e13a84771442887749738321cf75f373b652e102",
"trace_sigstore_json": "sha256:3c21c5778c19aee0cbcfa0707de5ece475a98f822ea4b56cf8688722d141e456"
},
"replay_frame_hash": "sha256:79cc2e91043c501c7550613d93ff73d314b166f7d83f8e292ec768df53b2a1e8",
"replay_frame_count": 2,
"kernel_libc_matrix": [
{
"kernel_release": "5.15.0-1068-azure",
"libc_variant": "glibc",
"replay_frame_digest": "sha256:79cc2e91043c501c7550613d93ff73d314b166f7d83f8e292ec768df53b2a1e8"
},
{
"kernel_release": "6.1.0-21-amd64",
"libc_variant": "glibc",
"replay_frame_digest": "sha256:79cc2e91043c501c7550613d93ff73d314b166f7d83f8e292ec768df53b2a1e8"
},
{
"kernel_release": "6.6.32-0-lts",
"libc_variant": "musl",
"replay_frame_digest": "sha256:79cc2e91043c501c7550613d93ff73d314b166f7d83f8e292ec768df53b2a1e8"
}
],
"deterministic_result": "pass"
}

7
docs/qa/feature-checks/runs/signals/ebpf-micro-witness-determinism/run-002/tier2-commands.json Normal file
View File

@@ -0,0 +1,7 @@
[
{
"command": "dotnet test src/EvidenceLocker/__Tests/StellaOps.EvidenceLocker.Export.Tests/StellaOps.EvidenceLocker.Export.Tests.csproj -v minimal -m:1 /p:BuildInParallel=false /p:UseSharedCompilation=false",
"log": "docs/qa/feature-checks/runs/signals/ebpf-micro-witness-determinism/run-002/tier2-replay-matrix-tests.log",
"exitCode": 0
}
]

18
docs/qa/feature-checks/runs/signals/ebpf-micro-witness-determinism/run-002/tier2-integration-check.json Normal file
View File

@@ -0,0 +1,18 @@
{
"type": "integration",
"module": "signals",
"feature": "ebpf-micro-witness-determinism",
"runId": "run-002",
"capturedAtUtc": "2026-02-17T06:42:58.0746706Z",
"steps": [
{
"description": "Run targeted runtime witness replay matrix tests and added determinism assertions",
"result": "pass",
"evidence": [
"docs/qa/feature-checks/runs/signals/ebpf-micro-witness-determinism/run-002/tier2-replay-matrix-tests.log",
"docs/qa/feature-checks/runs/signals/ebpf-micro-witness-determinism/run-002/tier2-replay-matrix-summary.json"
]
}
],
"verdict": "pass"
}

42
docs/qa/feature-checks/runs/signals/ebpf-micro-witness-determinism/run-002/tier2-replay-matrix-summary.json Normal file
View File

@@ -0,0 +1,42 @@
{
"module": "signals",
"feature": "ebpf-micro-witness-determinism",
"run_id": "run-002",
"captured_at_utc": "2026-02-17T06:42:58.0696356Z",
"witness_id": "wit:sha256:runtime-001",
"test_summary": {
"total": 83,
"passed": 83,
"failed": 0,
"skipped": 0
},
"new_tests_written": [
"BuildReplayFrameBytes_WithReorderedObservations_ProducesIdenticalDigest",
"BuildReplayFrameBytes_WithMutatedObservation_ProducesDifferentDigest"
],
"artifact_hashes": {
"trace_json": "sha256:21a50e02912d521d392b04cb25baa23489501d6e1bf8838feb24a2941338f410",
"trace_dsse_json": "sha256:7e1a4a8fe4a0e34467795035e13a84771442887749738321cf75f373b652e102",
"trace_sigstore_json": "sha256:3c21c5778c19aee0cbcfa0707de5ece475a98f822ea4b56cf8688722d141e456"
},
"replay_frame_hash": "sha256:79cc2e91043c501c7550613d93ff73d314b166f7d83f8e292ec768df53b2a1e8",
"replay_frame_count": 2,
"kernel_libc_matrix": [
{
"kernel_release": "5.15.0-1068-azure",
"libc_variant": "glibc",
"replay_frame_digest": "sha256:79cc2e91043c501c7550613d93ff73d314b166f7d83f8e292ec768df53b2a1e8"
},
{
"kernel_release": "6.1.0-21-amd64",
"libc_variant": "glibc",
"replay_frame_digest": "sha256:79cc2e91043c501c7550613d93ff73d314b166f7d83f8e292ec768df53b2a1e8"
},
{
"kernel_release": "6.6.32-0-lts",
"libc_variant": "musl",
"replay_frame_digest": "sha256:79cc2e91043c501c7550613d93ff73d314b166f7d83f8e292ec768df53b2a1e8"
}
],
"deterministic_result": "pass"
}