compose and authority fixes. finish sprints.
This commit is contained in:
master
@@ -1,10 +1,10 @@
|
||||
# eBPF Micro-Witness Determinism Profile v1.0.0
|
||||
|
||||
**Status:** PLANNED
|
||||
**Status:** IMPLEMENTED
|
||||
**Version:** 1.0.0
|
||||
**Effective:** 2026-02-16
|
||||
**Owner:** Signals Guild + Scanner Guild + Attestor Guild + Evidence Locker Guild
|
||||
**Sprint:** `docs/implplan/SPRINT_20260216_001_Signals_ebpf_micro_witness_determinism_profile.md`
|
||||
**Sprint:** `docs-archived/implplan/SPRINT_20260216_001_Signals_ebpf_micro_witness_determinism_profile.md`
|
||||
|
||||
---
|
||||
|
||||
@@ -110,15 +110,24 @@ These keys are required for deterministic replay lookup and audit search.
|
||||
|
||||
## 8. Confirmed Gaps (2026-02-16 Baseline)
|
||||
|
||||
- Hard BTF dependency with no split-BTF fallback metadata contract in collector:
|
||||
- Resolved in `MWD-001` (2026-02-16): deterministic BTF selection order and metadata emission are now implemented in runtime collector:
|
||||
- `src/Signals/__Libraries/StellaOps.Signals.Ebpf/Services/RuntimeSignalCollector.cs`
|
||||
- `src/Signals/__Libraries/StellaOps.Signals.Ebpf/Services/RuntimeBtfSourceSelector.cs`
|
||||
- Probe load path is simulated and does not record selected BTF source:
|
||||
- `src/Signals/__Libraries/StellaOps.Signals.Ebpf/Probes/CoreProbeLoader.cs`
|
||||
- Runtime witness payload lacks required symbolization tuple fields:
|
||||
- Resolved in `MWD-002` (2026-02-16): runtime witness payload and validation now enforce deterministic symbolization tuple fields.
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Witnesses/PathWitness.cs`
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Witnesses/RuntimeObservation.cs`
|
||||
- Runtime witness generator implementation is missing:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Witnesses/IRuntimeWitnessGenerator.cs`
|
||||
- Sigstore bundle (`trace.sigstore.json`) is not yet standardized in witness storage/export:
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Storage/Postgres/Migrations/013_witness_storage.sql`
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Witnesses/RuntimeWitnessRequest.cs`
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Witnesses/WitnessDsseSigner.cs`
|
||||
- Resolved in `MWD-003` (2026-02-17): runtime witness generation is implemented with deterministic observation canonicalization, DSSE signing, storage hook, and collector wiring.
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Witnesses/RuntimeWitnessGenerator.cs`
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Witnesses/IRuntimeWitnessStorage.cs`
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Witnesses/IRuntimeWitnessSigningKeyProvider.cs`
|
||||
- `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Runtime/EbpfRuntimeReachabilityCollector.cs`
|
||||
- Resolved in `MWD-004` (2026-02-17): Evidence Locker manifest/export now supports runtime witness triplets and witness-index linkage keys for deterministic replay lookup, with offline bundle-contained verification checks.
|
||||
- `src/EvidenceLocker/__Libraries/StellaOps.EvidenceLocker.Export/Models/BundleManifest.cs`
|
||||
- `src/EvidenceLocker/__Libraries/StellaOps.EvidenceLocker.Export/TarGzBundleExporter.cs`
|
||||
- `src/EvidenceLocker/__Libraries/StellaOps.EvidenceLocker.Export/RuntimeWitnessOfflineVerifier.cs`
|
||||
- Resolved in `MWD-005` (2026-02-17): cross-distro deterministic replay matrix coverage now runs in targeted tests (3 kernel releases, `glibc` + `musl`) and asserts byte-identical replay-frame bytes for fixed witness artifacts with recorded artifact hashes/logs.
|
||||
- `src/EvidenceLocker/__Tests/StellaOps.EvidenceLocker.Export.Tests/RuntimeWitnessOfflineVerifierTests.cs`
|
||||
- `docs/qa/feature-checks/runs/signals/ebpf-micro-witness-determinism/run-001/tier2-replay-matrix-summary.json`
|
||||
|
||||
Reference in New Issue
Block a user