stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

documentation cleanse, sprints work and planning. remaining non EF DAL migration to EF

Browse Source
This commit is contained in:
master
2026-02-25 01:24:07 +02:00
parent b07d27772e
commit 4db038123b
9090 changed files with 4836 additions and 2909 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
docs-archived/qa/feature-checks/runs/zastava/elf-build-id-correlation-and-dso-tracking/run-001/tier2-integration-check.json Normal file
View File

@@ -0,0 +1,22 @@
{
"type": "integration",
"capturedAtUtc": "2026-02-13T12:00:00Z",
"feature": "elf-build-id-correlation-and-dso-tracking",
"module": "zastava",
"testProject": "src/Zastava/__Tests/StellaOps.Zastava.Observer.Tests/StellaOps.Zastava.Observer.Tests.csproj",
"testFilter": "ElfBuildIdReaderTests|RuntimeProcessCollectorTests|RuntimeFactsBuilderTests",
"testsRun": 6,
"testsPassed": 6,
"testsFailed": 0,
"behaviorVerified": [
"ELF Build-ID extraction from binary returns expected hex string",
"Invalid ELF file returns null Build-ID",
"Process collector parses cmdline and loaded libraries from /proc",
"Process collector extracts DSO hashes from maps file",
"Process collector produces entry traces for shell and Python entrypoints",
"Process collector produces entry traces for Node.js entrypoints",
"RuntimeFactsBuilder uses Build-ID and digest for symbol correlation",
"RuntimeFactsBuilder parses component and version from image tag"
],
"verdict": "pass"
}

18
docs-archived/qa/feature-checks/runs/zastava/runtime-posture-evaluation/run-001/tier2-integration-check.json Normal file
View File

@@ -0,0 +1,18 @@
{
"type": "integration",
"capturedAtUtc": "2026-02-13T12:00:00Z",
"feature": "runtime-posture-evaluation",
"module": "zastava",
"testProject": "src/Zastava/__Tests/StellaOps.Zastava.Observer.Tests/StellaOps.Zastava.Observer.Tests.csproj",
"testFilter": "RuntimePostureEvaluatorTests",
"testsRun": 2,
"testsPassed": 2,
"testsFailed": 0,
"behaviorVerified": [
"Posture evaluator backs off to backend and caches entry with TTL",
"Posture evaluator uses cache when backend fails and records error evidence",
"Posture evaluation result includes image signing and SBOM referrer status",
"Evidence includes posture source attribution (backend vs cache)"
],
"verdict": "pass"
}

22
docs-archived/qa/feature-checks/runs/zastava/verdict-observer-validator-ledger/run-001/tier2-integration-check.json Normal file
View File

@@ -0,0 +1,22 @@
{
"type": "integration",
"capturedAtUtc": "2026-02-13T12:00:00Z",
"feature": "verdict-observer-validator-ledger",
"module": "zastava",
"testProject": "src/Zastava/__Tests/StellaOps.Zastava.Core.Tests/StellaOps.Zastava.Core.Tests.csproj",
"testFilter": "ZastavaContractVersionsTests",
"testsRun": 8,
"testsPassed": 8,
"testsFailed": 0,
"behaviorVerified": [
"Contract version TryParse parses canonical forms with schema and version",
"Contract version TryParse rejects invalid inputs",
"RuntimeEvent version support respects major compatibility",
"AdmissionDecision version support respects major compatibility",
"NegotiateRuntimeEvent picks highest common version",
"NegotiateAdmissionDecision picks highest common version",
"Negotiate falls back to local version when no match found",
"IVerdictObserver, IVerdictValidator, IVerdictLedger interfaces exist"
],
"verdict": "pass"
}

28
docs-archived/qa/feature-checks/runs/zastava/windows-container-runtime-support/run-001/tier2-integration-check.json Normal file
View File

@@ -0,0 +1,28 @@
{
"type": "integration",
"capturedAtUtc": "2026-02-13T12:00:00Z",
"feature": "windows-container-runtime-support",
"module": "zastava",
"testProject": "src/Zastava/__Tests/StellaOps.Zastava.Observer.Tests/StellaOps.Zastava.Observer.Tests.csproj",
"testFilter": "WindowsContainerRuntimeTests|WindowsContainerRuntimeIntegrationTests",
"testsRun": 15,
"testsPassed": 15,
"testsFailed": 0,
"behaviorVerified": [
"WindowsContainerInfo required properties are set with correct defaults",
"WindowsContainerInfo with Kubernetes owner has owner metadata",
"HyperV container has isolation flag and runtime type",
"WindowsContainerEvent required properties and data dictionary",
"All WindowsContainerEventType enum values are defined",
"WindowsRuntimeIdentity properties including HyperV availability",
"All WindowsContainerState enum values are defined",
"Container lifecycle timestamps track created/started/finished",
"Container labels can be enumerated for Kubernetes metadata",
"Container command captures entrypoint arguments",
"WindowsLibraryHashCollector collects current process modules",
"WindowsLibraryHashCollector respects maxLibraries limit",
"WindowsLibraryHashCollector returns empty for invalid process ID",
"WindowsLibraryHashCollector computes SHA256 hashes for accessible files"
],
"verdict": "pass"
}

31
docs-archived/qa/feature-checks/runs/zastava/zastava-admission-webhook/run-001/tier2-integration-check.json Normal file
View File

@@ -0,0 +1,31 @@
{
"type": "integration",
"capturedAtUtc": "2026-02-13T12:00:00Z",
"feature": "zastava-admission-webhook",
"module": "zastava",
"testProject": "src/Zastava/__Tests/StellaOps.Zastava.Webhook.Tests/StellaOps.Zastava.Webhook.Tests.csproj",
"testFilter": "AdmissionReviewParserTests|AdmissionResponseBuilderTests|FacetAdmissionValidatorTests|RuntimeAdmissionPolicyServiceTests",
"testsRun": 37,
"testsPassed": 37,
"testsFailed": 0,
"behaviorVerified": [
"AdmissionReviewParser extracts containers from valid K8s AdmissionReview",
"AdmissionReviewParser uses request namespace when available",
"AdmissionReviewParser throws when no containers present",
"AdmissionResponseBuilder allows when all decisions pass with audit annotations",
"AdmissionResponseBuilder denied includes 403 status and warnings",
"AdmissionResponseBuilder throws when namespace missing",
"AdmissionResponseBuilder throws when no images",
"FacetAdmissionValidator allows without annotation",
"FacetAdmissionValidator denies when seal required but missing",
"FacetAdmissionValidator allows with seal and no current root",
"FacetAdmissionValidator handles drift ok/warning/blocked/requires-vex verdicts",
"FacetAdmissionValidator annotation parsing handles case variations",
"RuntimeAdmissionPolicyService uses cache on subsequent calls",
"RuntimeAdmissionPolicyService fail-open when backend unavailable for configured namespace",
"RuntimeAdmissionPolicyService fail-closed for critical namespaces",
"RuntimeAdmissionPolicyService denies when tag unresolved (no digest)",
"RuntimeAdmissionPolicyService denies when surface manifest missing"
],
"verdict": "pass"
}

22
docs-archived/qa/feature-checks/runs/zastava/zastava-agent/run-001/tier2-integration-check.json Normal file
View File

@@ -0,0 +1,22 @@
{
"type": "integration",
"capturedAtUtc": "2026-02-13T12:00:00Z",
"feature": "zastava-agent",
"module": "zastava",
"testProject": "src/Zastava/__Tests/StellaOps.Zastava.Core.Tests/StellaOps.Zastava.Core.Tests.csproj",
"testFilter": "ZastavaContractVersionsTests|ZastavaServiceCollectionExtensionsTests",
"testsRun": 38,
"testsPassed": 38,
"testsFailed": 0,
"behaviorVerified": [
"Agent source code fully present: Program.cs, DockerSocketClient, DockerEventModels, DockerEventHostedService",
"RuntimeEventBuffer implementation shared with Observer (tested in Observer.Tests)",
"RuntimeEventDispatchService for batch dispatch present",
"HealthCheckHostedService for agent health reporting present",
"ZastavaAgentOptions configuration model present",
"AgentServiceCollectionExtensions DI registration present",
"Core contract versions validated through shared Core.Tests"
],
"notes": "No dedicated Agent.Tests project exists. Agent shares core contracts and RuntimeEventBuffer with Observer module. Tier 0 source verification passes; behavioral coverage via shared test projects.",
"verdict": "pass"
}

26
docs-archived/qa/feature-checks/runs/zastava/zastava-contract-validators/run-001/tier2-integration-check.json Normal file
View File

@@ -0,0 +1,26 @@
{
"type": "integration",
"capturedAtUtc": "2026-02-13T12:00:00Z",
"feature": "zastava-contract-validators",
"module": "zastava",
"testProject": "src/Zastava/__Tests/StellaOps.Zastava.Core.Tests/StellaOps.Zastava.Core.Tests.csproj",
"testFilter": "ZastavaContractVersionsTests|OfflineStrictModeTests",
"testsRun": 38,
"testsPassed": 38,
"testsFailed": 0,
"behaviorVerified": [
"Contract version parsing validates canonical form with schema and version",
"Contract version rejects invalid inputs",
"RuntimeEvent version compatibility checks enforce major version",
"AdmissionDecision version compatibility checks enforce major version",
"Contract negotiation picks highest compatible version",
"Contract negotiation falls back to local version when no remote match",
"SurfaceCacheValidator validates path, minimum entries, and metadata filtering",
"SurfaceCacheValidator ignores empty files and metadata files",
"OfflineStrictModeHandler blocks external hosts in strict mode",
"OfflineStrictModeHandler allows localhost and loopback addresses",
"OfflineStrictModeHandler supports wildcard host patterns",
"Full offline configuration validates via DI integration test"
],
"verdict": "pass"
}

23
docs-archived/qa/feature-checks/runs/zastava/zastava-runtime-observer/run-001/tier2-integration-check.json Normal file
View File

@@ -0,0 +1,23 @@
{
"type": "integration",
"capturedAtUtc": "2026-02-13T12:00:00Z",
"feature": "zastava-runtime-observer",
"module": "zastava",
"testProject": "src/Zastava/__Tests/StellaOps.Zastava.Observer.Tests/StellaOps.Zastava.Observer.Tests.csproj",
"testFilter": "ContainerRuntimePollerTests|RuntimeEventBufferTests|RuntimeEventFactoryTests",
"testsRun": 11,
"testsPassed": 11,
"testsFailed": 0,
"behaviorVerified": [
"ContainerRuntimePoller produces start events in stable order",
"ContainerRuntimePoller emits stop event when container missing",
"ContainerRuntimePoller includes posture information in events",
"BackoffCalculator computes delay within bounds with jitter",
"RuntimeEventBuffer persists batch and ack removes files",
"RuntimeEventBuffer restores pending events after restart",
"RuntimeEventBuffer enforces disk capacity with eviction",
"RuntimeEventFactory attaches Build-ID from process capture",
"RuntimeEventFactory throws when tenant missing"
],
"verdict": "pass"
}

26
docs-archived/qa/feature-checks/runs/zastava/zastava-verdict-hashing-and-security/run-001/tier2-integration-check.json Normal file
View File

@@ -0,0 +1,26 @@
{
"type": "integration",
"capturedAtUtc": "2026-02-13T12:00:00Z",
"feature": "zastava-verdict-hashing-and-security",
"module": "zastava",
"testProject": "src/Zastava/__Tests/StellaOps.Zastava.Core.Tests/StellaOps.Zastava.Core.Tests.csproj",
"testFilter": "ZastavaCanonicalJsonSerializerTests|OfflineStrictModeTests|ZastavaAuthorityTokenProviderTests",
"testsRun": 38,
"testsPassed": 38,
"testsFailed": 0,
"behaviorVerified": [
"Canonical JSON serializer produces deterministic property ordering",
"Canonical JSON serialization has no extra whitespace",
"ComputeMultihash produces stable base64url SHA-256 digest",
"ComputeMultihash normalizes algorithm aliases (sha-256 to sha256)",
"ComputeMultihash throws for unsupported algorithm",
"Authority token provider uses cache until refresh window",
"Authority token provider throws when missing audience scope",
"Authority token provider uses static fallback when enabled",
"Authority token provider throws when DPoP required but token type is Bearer",
"Offline strict mode blocks external hosts",
"Offline strict mode allows localhost and loopback",
"Offline strict mode supports wildcard host patterns"
],
"verdict": "pass"
}