stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity

Add unit tests and logging infrastructure for InMemory and RabbitMQ transports
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details

Browse Source 
- Implemented RecordingLogger and RecordingLoggerFactory for capturing log entries in tests.
- Added unit tests for InMemoryChannel, covering constructor behavior, property assignments, channel communication, and disposal.
- Created InMemoryTransportOptionsTests to validate default values and customizable options for InMemory transport.
- Developed RabbitMqFrameProtocolTests to ensure correct parsing and property creation for RabbitMQ frames.
- Added RabbitMqTransportOptionsTests to verify default settings and customization options for RabbitMQ transport.
- Updated project files for testing libraries and dependencies.
This commit is contained in:
StellaOps Bot
2025-12-05 09:38:45 +02:00
parent 6a299d231f
commit 53508ceccb
98 changed files with 10868 additions and 663 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
docs/modules/signals/dev-smoke/2025-12-05/SHA256SUMS Normal file
View File

@@ -0,0 +1,6 @@
f2e6a34b65d2c124c33fc79a7d8dadd29f3722a7c49f8af945460465326923e2 confidence_decay_config.sigstore.json
170892f6a48b0aef6f426ea97a86f6cd4420bc52634f12a92f72e20f0fa12e29 ../../decay/confidence_decay_config.yaml
ff87e5a97204ac4c0652bada480e7209027f66ab769cbcba230750e9023f9d16 unknowns_scoring_manifest.sigstore.json
450675035928e4771cca1b9e5f9e42035dbe10b3de7b66a4077a7b729b2c5b13 ../../unknowns/unknowns_scoring_manifest.json
b2c8b0a58a3e67b3872355a834fc03909372cd2fa371d29792260477e696a3ec heuristics_catalog.sigstore.json
e33fa0963493252a5ac379a12f820f6b356ea94310afd1db9ad7394e8307000e ../../heuristics/heuristics.catalog.json

1
docs/modules/signals/dev-smoke/2025-12-05/confidence_decay_config.sigstore.json Normal file
View File

@@ -0,0 +1 @@
{"mediaType":"application/vnd.dev.sigstore.bundle.v0.3+json","verificationMaterial":{"publicKey":{"hint":"1/nAsWLsk/yOPl4sjynn6FOCC1ixnrbxSK9UHxjF8MQ="},"tlogEntries":[{"logIndex":"742648248","logId":{"keyId":"wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="},"kindVersion":{"kind":"hashedrekord","version":"0.0.1"},"integratedTime":"1764914883","inclusionPromise":{"signedEntryTimestamp":"MEQCIEPXbH67jXKh8Yq1qT5s1CSnxFasd3pQeXPSn/+qyxYBAiAfMJC+eKMcBihxab9b6TfflHj04sNXv771AqjVLfZgqg=="},"inclusionProof":{"logIndex":"620743986","rootHash":"qIy16SiTCMU2N72AhLBlJx4tpzQ8wuRLgz7c0jPwZbg=","treeSize":"620743987","hashes":["bnLgpW9yyZyVLYG614bzegWryTevnj6R4THhcUw9xA8=","rwvg8t8pLgSLqXTX3SYw+yaTB5IBVFAeay6sg4iZTeE=","eaWE2OLV03T+OyLNcVSyZQNJl7KX0NVvVOP9hn9wKhg=","pN3WsrqWd5COntsHSMxViShmEptV4D7TJb4GHTu48gU=","j8r8ZbYGLFTKmzzPG6Rx/Nfbpnb8lXciUmjSRfmxw54=","t5cbUDhG60F85rSNrRV+TIjBaDyMw/Q7BygwBC6RmMI=","2oggqwKSybajJsAPYRL+lhzR8rg5UnNrX7SPVNnhiko=","xzp7CAFO8oL+EOUFxA7Uvwu36mxnTidQVpK4flWaiQo=","v+EjDtrntRCwx7q5IKS6Vl8rpAnSDht87Hsyx/lqYEE=","jz8AosZUL+zxO0wYDWJ/XEXmGsHXcAB4SJkTREB+Y4o=","j0S9eqN7H3FvIfEcZzdPYNUncd4169EpD2ouhdWszEw=","OwMBv2+d/917ew5VN1ZtUAPzljoADlvS+mBOPRX2lYU=","Mo/+V8ftGFQQbS+XsKdaF+l1sDADl3NB/NC1OoAr9WM=","RsQ5xuBa0gKvWk53V8F8JismpQAqEf9N2nqMjFfr/KA=","etMFukD8mHOD37ceTwB1Al2nC3iIzy/CTtNjwflJmDE=","huaH1ZSkRyP4+vpmGtpmkkL845lhcmN9io8MIe6Sob0=","ZmUkYkHBy1B723JrEgiKvepTdHYrP6y2a4oODYvi5VY=","T4DqWD42hAtN+vX8jKCWqoC4meE4JekI9LxYGCcPy1M="],"checkpoint":{"envelope":"rekor.sigstore.dev - 1193050959916656506\n620743987\nqIy16SiTCMU2N72AhLBlJx4tpzQ8wuRLgz7c0jPwZbg=\n\n— rekor.sigstore.dev wNI9ajBFAiEAxYkz+TT4nAzW4mkpci9k2BUNhK5iAVWG36AfTtniDMACIC7oFZsGsNsXWEkqxOPhpCcxLnVYURN9NMfpqHMKeM9i\n"}},"canonicalizedBody":"eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiIxNzA4OTJmNmE0OGIwYWVmNmY0MjZlYTk3YTg2ZjZjZDQ0MjBiYzUyNjM0ZjEyYTkyZjcyZTIwZjBmYTEyZTI5In19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJREo4cTh1VG1PK2FlS2lpSVU1VWhwWXlvNTArazM5TkMzenptdmo5TDZDWUFpRUEreWpyK1hhaHExUG51QXpqbHBJVUpRajVhaFhrS0RKS1lZYVpqYlBZL3dBPSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCUVZVSk1TVU1nUzBWWkxTMHRMUzBLVFVacmQwVjNXVWhMYjFwSmVtb3dRMEZSV1VsTGIxcEplbW93UkVGUlkwUlJaMEZGWm05Skt6bFNSa05VWTJacVpVMXhjRU5STTBaQmVYWkxkMEpSVlFwWlFVbE5NbU5tUkZJNFZ6azRUM2h1V0ZZcloyWldOVVJvWm05cE9IRnZaa0Z1Unk5MlF6ZEVZa0pzV0RKMEwyZFVOMGRMVlZwQlEyaEJQVDBLTFMwdExTMUZUa1FnVUZWQ1RFbERJRXRGV1MwdExTMHRDZz09In19fX0="}],"timestampVerificationData":{"rfc3161Timestamps":[{"signedTimestamp":"MIICyjADAgEAMIICwQYJKoZIhvcNAQcCoIICsjCCAq4CAQMxDTALBglghkgBZQMEAgEwgbgGCyqGSIb3DQEJEAEEoIGoBIGlMIGiAgEBBgkrBgEEAYO/MAIwMTANBglghkgBZQMEAgEFAAQgdSW4YGrlOdy3eV6JIVvUfQRDbvrf/0k2S9/ga8HRl4ACFQDh5WrELclf0K61HErdp+xAS1LzOBgPMjAyNTEyMDUwNjA4MDNaMAMCAQGgMqQwMC4xFTATBgNVBAoTDHNpZ3N0b3JlLmRldjEVMBMGA1UEAxMMc2lnc3RvcmUtdHNhoAAxggHbMIIB1wIBATBRMDkxFTATBgNVBAoTDHNpZ3N0b3JlLmRldjEgMB4GA1UEAxMXc2lnc3RvcmUtdHNhLXNlbGZzaWduZWQCFDoTVC8MkGHuvMFDL8uKjosqI4sMMAsGCWCGSAFlAwQCAaCB/DAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwHAYJKoZIhvcNAQkFMQ8XDTI1MTIwNTA2MDgwM1owLwYJKoZIhvcNAQkEMSIEIAvhBOIQRprk7w8+NkmwCiBeRT6XyqQuq7caFieLHnzIMIGOBgsqhkiG9w0BCRACLzF/MH0wezB5BCCF+Se8B6tiysO0Q1bBDvyBssaIP9p6uebYcNnROs0FtzBVMD2kOzA5MRUwEwYDVQQKEwxzaWdzdG9yZS5kZXYxIDAeBgNVBAMTF3NpZ3N0b3JlLXRzYS1zZWxmc2lnbmVkAhQ6E1QvDJBh7rzBQy/Lio6LKiOLDDAKBggqhkjOPQQDAgRnMGUCMEGcCpDWnYn1cWV0DfX/+k+u3jgiJupYStrmO6xnSwffS2hAbYXb9WHtZhk+eC6iXwIxAKXJ8nd4jkjLjsfTOS3JyyJpNiRJMUIjLaZGM1xTgxVYZvh7spUgLFwqwQL0763oHw=="}]}},"messageSignature":{"messageDigest":{"algorithm":"SHA2_256","digest":"FwiS9qSLCu9vQm6peob2zUQgvFJjTxKpL3LiDw+hLik="},"signature":"MEUCIDJ8q8uTmO+aeKiiIU5UhpYyo50+k39NC3zzmvj9L6CYAiEA+yjr+Xahq1PnuAzjlpIUJQj5ahXkKDJKYYaZjbPY/wA="}}

1
docs/modules/signals/dev-smoke/2025-12-05/heuristics_catalog.sigstore.json Normal file
View File

@@ -0,0 +1 @@
{"mediaType":"application/vnd.dev.sigstore.bundle.v0.3+json","verificationMaterial":{"publicKey":{"hint":"1/nAsWLsk/yOPl4sjynn6FOCC1ixnrbxSK9UHxjF8MQ="},"tlogEntries":[{"logIndex":"742648276","logId":{"keyId":"wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="},"kindVersion":{"kind":"hashedrekord","version":"0.0.1"},"integratedTime":"1764914886","inclusionPromise":{"signedEntryTimestamp":"MEYCIQCv9TES7atMeHgnXgj6/4o6p5E3f9czATR1Sf/RgD8oEwIhANoqNtNZNtEiY2GJsQaEV2MjO1b3BesOLHrebytZM+AP"},"inclusionProof":{"logIndex":"620744014","rootHash":"Nd8odlYH1sZUqtwWLZd87SAZ3aDZE9/kvN8KP+WYJ4U=","treeSize":"620744015","hashes":["gSbu849KPGEFvvB7ZtGv4iiUJsQdIui3dBp3UXTjLeE=","gxllKTeg511WcKk8smE+D8AB/kc/I1KEpR+8znuM+WY=","0ktQJInLByqOQpv6DDn23DjwzrKQ4rQdxLnvK4mwU4s=","uWcfGHF7BrVZ0akB9sqpBCARjJ7zRFCaiBpaHFD2TE8=","pN3WsrqWd5COntsHSMxViShmEptV4D7TJb4GHTu48gU=","j8r8ZbYGLFTKmzzPG6Rx/Nfbpnb8lXciUmjSRfmxw54=","t5cbUDhG60F85rSNrRV+TIjBaDyMw/Q7BygwBC6RmMI=","2oggqwKSybajJsAPYRL+lhzR8rg5UnNrX7SPVNnhiko=","xzp7CAFO8oL+EOUFxA7Uvwu36mxnTidQVpK4flWaiQo=","v+EjDtrntRCwx7q5IKS6Vl8rpAnSDht87Hsyx/lqYEE=","jz8AosZUL+zxO0wYDWJ/XEXmGsHXcAB4SJkTREB+Y4o=","j0S9eqN7H3FvIfEcZzdPYNUncd4169EpD2ouhdWszEw=","OwMBv2+d/917ew5VN1ZtUAPzljoADlvS+mBOPRX2lYU=","Mo/+V8ftGFQQbS+XsKdaF+l1sDADl3NB/NC1OoAr9WM=","RsQ5xuBa0gKvWk53V8F8JismpQAqEf9N2nqMjFfr/KA=","etMFukD8mHOD37ceTwB1Al2nC3iIzy/CTtNjwflJmDE=","huaH1ZSkRyP4+vpmGtpmkkL845lhcmN9io8MIe6Sob0=","ZmUkYkHBy1B723JrEgiKvepTdHYrP6y2a4oODYvi5VY=","T4DqWD42hAtN+vX8jKCWqoC4meE4JekI9LxYGCcPy1M="],"checkpoint":{"envelope":"rekor.sigstore.dev - 1193050959916656506\n620744015\nNd8odlYH1sZUqtwWLZd87SAZ3aDZE9/kvN8KP+WYJ4U=\n\n— rekor.sigstore.dev wNI9ajBFAiEA37CfHOQAhbL30a3zqMuGfOPCMdaN7H2tjwUpXVSpNGMCIHqoJjARFDGTZGf7qZdY8o/GSFdCNVzSCJ2B5EeeoG0w\n"}},"canonicalizedBody":"eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiJlMzNmYTA5NjM0OTMyNTJhNWFjMzc5YTEyZjgyMGY2YjM1NmVhOTQzMTBhZmQxZGI5YWQ3Mzk0ZTgzMDcwMDBlIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FUUNJQnp0YjZFT1JJT29rdXlzOU9kOTBibmVyQWNyRTRDWVlVaHFubk9jL2FqY0FpQVUvd2JnU0VHNjAvbjhMUVU5enFZWUo1aFB1UitMOFQ5dmFCdTd2UTZQTWc9PSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCUVZVSk1TVU1nUzBWWkxTMHRMUzBLVFVacmQwVjNXVWhMYjFwSmVtb3dRMEZSV1VsTGIxcEplbW93UkVGUlkwUlJaMEZGWm05Skt6bFNSa05VWTJacVpVMXhjRU5STTBaQmVYWkxkMEpSVlFwWlFVbE5NbU5tUkZJNFZ6azRUM2h1V0ZZcloyWldOVVJvWm05cE9IRnZaa0Z1Unk5MlF6ZEVZa0pzV0RKMEwyZFVOMGRMVlZwQlEyaEJQVDBLTFMwdExTMUZUa1FnVUZWQ1RFbERJRXRGV1MwdExTMHRDZz09In19fX0="}],"timestampVerificationData":{"rfc3161Timestamps":[{"signedTimestamp":"MIICyjADAgEAMIICwQYJKoZIhvcNAQcCoIICsjCCAq4CAQMxDTALBglghkgBZQMEAgEwgbgGCyqGSIb3DQEJEAEEoIGoBIGlMIGiAgEBBgkrBgEEAYO/MAIwMTANBglghkgBZQMEAgEFAAQgdlN9Oq58PexreDhAoALSZcxSEz/yH4qlvFpjBd68YFsCFQDAeuqgvxWOAsR8SvxXP6PFXVYxXRgPMjAyNTEyMDUwNjA4MDZaMAMCAQGgMqQwMC4xFTATBgNVBAoTDHNpZ3N0b3JlLmRldjEVMBMGA1UEAxMMc2lnc3RvcmUtdHNhoAAxggHbMIIB1wIBATBRMDkxFTATBgNVBAoTDHNpZ3N0b3JlLmRldjEgMB4GA1UEAxMXc2lnc3RvcmUtdHNhLXNlbGZzaWduZWQCFDoTVC8MkGHuvMFDL8uKjosqI4sMMAsGCWCGSAFlAwQCAaCB/DAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwHAYJKoZIhvcNAQkFMQ8XDTI1MTIwNTA2MDgwNlowLwYJKoZIhvcNAQkEMSIEIJymRlFuL4lrrsGhDJhlU1XKcXXboDkys6DNqUDDbCIHMIGOBgsqhkiG9w0BCRACLzF/MH0wezB5BCCF+Se8B6tiysO0Q1bBDvyBssaIP9p6uebYcNnROs0FtzBVMD2kOzA5MRUwEwYDVQQKEwxzaWdzdG9yZS5kZXYxIDAeBgNVBAMTF3NpZ3N0b3JlLXRzYS1zZWxmc2lnbmVkAhQ6E1QvDJBh7rzBQy/Lio6LKiOLDDAKBggqhkjOPQQDAgRnMGUCMQD7xPDVXYmjOxIIiMR+QVE/80Euhl9Ze03qY4INSaJRJRclTdwZrluP5uV9V2L8+HkCMF+kt+40LnsKYwd3DUtbc6YQGMxl0LOPqv/p6BoW07V0C5aEDX2AZ5F/kiVfdupgwQ=="}]}},"messageSignature":{"messageDigest":{"algorithm":"SHA2_256","digest":"4z+gljSTJSpaw3mhL4IPazVuqUMQr9Hbmtc5ToMHAA4="},"signature":"MEQCIBztb6EORIOokuys9Od90bnerAcrE4CYYUhqnnOc/ajcAiAU/wbgSEG60/n8LQU9zqYYJ5hPuR+L8T9vaBu7vQ6PMg=="}}

1
docs/modules/signals/dev-smoke/2025-12-05/unknowns_scoring_manifest.sigstore.json Normal file
View File

@@ -0,0 +1 @@
{"mediaType":"application/vnd.dev.sigstore.bundle.v0.3+json","verificationMaterial":{"publicKey":{"hint":"1/nAsWLsk/yOPl4sjynn6FOCC1ixnrbxSK9UHxjF8MQ="},"tlogEntries":[{"logIndex":"742648261","logId":{"keyId":"wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="},"kindVersion":{"kind":"hashedrekord","version":"0.0.1"},"integratedTime":"1764914885","inclusionPromise":{"signedEntryTimestamp":"MEYCIQDMUtyUhnBrQY/KiBy0qf9twT0oL7UfA7JE+tZEfIx5PQIhAIzGkn0n0wRRUyLUrIsFfjhYxD/YsQ+0FbFJVAewheW2"},"inclusionProof":{"logIndex":"620743999","rootHash":"RlwXlMPk2OTu0Q0hH3A5mFxv0EP88REQq8A7N7AOgKk=","treeSize":"620744000","hashes":["eKAQSo78J8w9/CQGM3bznJOCAlob/hAQ52qBV876JeM=","9rT7Nu1z1+n5lu0RnB3fQ9tTO0oE8eURjQd3x6Y2QbM=","xLWKkyqh1mMRlsFwxAVuzyvyrhuihA8hoaVNIHznXE8=","1GPmVbjRGJ4j4iMQUYzEmn5/E9RluOw3B9RsAmyw2aA=","rwvg8t8pLgSLqXTX3SYw+yaTB5IBVFAeay6sg4iZTeE=","eaWE2OLV03T+OyLNcVSyZQNJl7KX0NVvVOP9hn9wKhg=","pN3WsrqWd5COntsHSMxViShmEptV4D7TJb4GHTu48gU=","j8r8ZbYGLFTKmzzPG6Rx/Nfbpnb8lXciUmjSRfmxw54=","t5cbUDhG60F85rSNrRV+TIjBaDyMw/Q7BygwBC6RmMI=","2oggqwKSybajJsAPYRL+lhzR8rg5UnNrX7SPVNnhiko=","xzp7CAFO8oL+EOUFxA7Uvwu36mxnTidQVpK4flWaiQo=","v+EjDtrntRCwx7q5IKS6Vl8rpAnSDht87Hsyx/lqYEE=","jz8AosZUL+zxO0wYDWJ/XEXmGsHXcAB4SJkTREB+Y4o=","j0S9eqN7H3FvIfEcZzdPYNUncd4169EpD2ouhdWszEw=","OwMBv2+d/917ew5VN1ZtUAPzljoADlvS+mBOPRX2lYU=","Mo/+V8ftGFQQbS+XsKdaF+l1sDADl3NB/NC1OoAr9WM=","RsQ5xuBa0gKvWk53V8F8JismpQAqEf9N2nqMjFfr/KA=","etMFukD8mHOD37ceTwB1Al2nC3iIzy/CTtNjwflJmDE=","huaH1ZSkRyP4+vpmGtpmkkL845lhcmN9io8MIe6Sob0=","ZmUkYkHBy1B723JrEgiKvepTdHYrP6y2a4oODYvi5VY=","T4DqWD42hAtN+vX8jKCWqoC4meE4JekI9LxYGCcPy1M="],"checkpoint":{"envelope":"rekor.sigstore.dev - 1193050959916656506\n620744000\nRlwXlMPk2OTu0Q0hH3A5mFxv0EP88REQq8A7N7AOgKk=\n\n— rekor.sigstore.dev wNI9ajBEAiA9169mYGzChioOq4yrn6u+U8/ZN8GMMnt2xbByB7WL0wIgZOm7F6Q1SLvvGViw66NXmRcfw+9vR5LtGmPGIIgq4iY=\n"}},"canonicalizedBody":"eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI0NTA2NzUwMzU5MjhlNDc3MWNjYTFiOWU1ZjllNDIwMzVkYmUxMGIzZGU3YjY2YTQwNzdhN2I3MjliMmM1YjEzIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FUUNJSEYyaTNJY0JBQ041UlVMQms2SHgvNHRZOWZtV2FtbEZzekwzazhPbzZjbEFpQWhSNWxkaEtYdFlTMVZsYXB2OVNJMlhOeHFtQVpsVjlDeTNLVWdFcUdqM0E9PSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCUVZVSk1TVU1nUzBWWkxTMHRMUzBLVFVacmQwVjNXVWhMYjFwSmVtb3dRMEZSV1VsTGIxcEplbW93UkVGUlkwUlJaMEZGWm05Skt6bFNSa05VWTJacVpVMXhjRU5STTBaQmVYWkxkMEpSVlFwWlFVbE5NbU5tUkZJNFZ6azRUM2h1V0ZZcloyWldOVVJvWm05cE9IRnZaa0Z1Unk5MlF6ZEVZa0pzV0RKMEwyZFVOMGRMVlZwQlEyaEJQVDBLTFMwdExTMUZUa1FnVUZWQ1RFbERJRXRGV1MwdExTMHRDZz09In19fX0="}],"timestampVerificationData":{"rfc3161Timestamps":[{"signedTimestamp":"MIICyjADAgEAMIICwQYJKoZIhvcNAQcCoIICsjCCAq4CAQMxDTALBglghkgBZQMEAgEwgbgGCyqGSIb3DQEJEAEEoIGoBIGlMIGiAgEBBgkrBgEEAYO/MAIwMTANBglghkgBZQMEAgEFAAQg5DHI7cUk4rMoHBpTEYnzvCpNRrwG0QjgRFKlYjSn+8ACFQDLbZWEIC18EVB82MiYMd888cpePBgPMjAyNTEyMDUwNjA4MDVaMAMCAQGgMqQwMC4xFTATBgNVBAoTDHNpZ3N0b3JlLmRldjEVMBMGA1UEAxMMc2lnc3RvcmUtdHNhoAAxggHbMIIB1wIBATBRMDkxFTATBgNVBAoTDHNpZ3N0b3JlLmRldjEgMB4GA1UEAxMXc2lnc3RvcmUtdHNhLXNlbGZzaWduZWQCFDoTVC8MkGHuvMFDL8uKjosqI4sMMAsGCWCGSAFlAwQCAaCB/DAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwHAYJKoZIhvcNAQkFMQ8XDTI1MTIwNTA2MDgwNVowLwYJKoZIhvcNAQkEMSIEIHTBAC/E7/3aJKF4E7bMV6cRH58G6BMmQZ+K2QrgxlNjMIGOBgsqhkiG9w0BCRACLzF/MH0wezB5BCCF+Se8B6tiysO0Q1bBDvyBssaIP9p6uebYcNnROs0FtzBVMD2kOzA5MRUwEwYDVQQKEwxzaWdzdG9yZS5kZXYxIDAeBgNVBAMTF3NpZ3N0b3JlLXRzYS1zZWxmc2lnbmVkAhQ6E1QvDJBh7rzBQy/Lio6LKiOLDDAKBggqhkjOPQQDAgRnMGUCMGsQv8SpoW8xPUgIvFVuQ2rYBg6SN/jZdE+Ebe46hKUVI9E/agtmvIfYaa8B2XeBPgIxANpfyZx/dhAVWx4SVx4cion/AEDKAaOTfz15bDq3yrJWY1i4Cm78ww2AsLIuDpJiMQ=="}]}},"messageSignature":{"messageDigest":{"algorithm":"SHA2_256","digest":"RQZ1A1ko5HccyhueX55CA12+ELPee2akB3p7cpssWxM="},"signature":"MEQCIHF2i3IcBACN5RULBk6Hx/4tY9fmWamlFszL3k8Oo6clAiAhR5ldhKXtYS1Vlapv9SI2XNxqmAZlV9Cy3KUgEqGj3A=="}}

8
docs/modules/signals/evidence/README.md
View File

@@ -29,22 +29,22 @@ Signed artifacts uploaded as workflow artifact `signals-dsse-signed-{run}` and o
## Development Signing (Local Testing)
A development key pair is available for smoke tests:
A development key pair is available for smoke tests. Recent dev bundles live under `docs/modules/signals/dev-smoke/2025-12-04/` and `docs/modules/signals/dev-smoke/2025-12-05/`.
```bash
# Sign with dev key
COSIGN_ALLOW_DEV_KEY=1 COSIGN_PASSWORD=stellaops-dev \
OUT_DIR=docs/modules/signals/dev-test \
OUT_DIR=docs/modules/signals/dev-smoke/2025-12-05 \
tools/cosign/sign-signals.sh
# Verify signature
cosign verify-blob \
--key tools/cosign/cosign.dev.pub \
--bundle docs/modules/signals/dev-test/confidence_decay_config.sigstore.json \
--bundle docs/modules/signals/dev-smoke/2025-12-05/confidence_decay_config.sigstore.json \
docs/modules/signals/decay/confidence_decay_config.yaml
```
**Note**: Dev key signatures are NOT suitable for Evidence Locker or production use.
**Note**: Dev key signatures are NOT suitable for Evidence Locker or production use; tlog upload is disabled.
## Production Signing (Manual)

14
docs/modules/taskrunner/architecture.md
View File

@@ -82,7 +82,19 @@
}
```
## 12. References
## 12. Gap Remediation (TP1TP10, 2025-12)
- **Canonical plan hash (TP1):** Plan hash is `sha256` over `plan.canonicalPlanPath` (normalized JSON, stable key ordering, UTF-8). Hash and canonical plan file are shipped in offline bundles and verified by `scripts/packs/verify_offline_bundle.py`.
- **Inputs lock (TP2):** Task Runner emits `inputs.lock` capturing resolved inputs + redacted secret placeholders; stored in evidence bundles and listed under `hashes[]` in offline manifests.
- **Approval ledger (TP3):** Approval decisions are DSSE-signed, embedding `runId`, `gateId`, `planHash`, and `tenantId`. Approval endpoints reject mismatched plan hashes or missing DSSE envelopes.
- **Secret redaction (TP4):** Evidence/transcripts apply the redaction policy referenced in `security.secretsRedactionPolicy`; secrets are hashed or blanked, never logged in clear text.
- **Deterministic ordering/RNG/time (TP5):** Execution order derives from the canonical graph, RNG seed is derived from `planHash`, and all timestamps are UTC ISO-8601 with monotonic log sequences.
- **Sandbox + egress quotas (TP6):** Runs declare `sandbox.mode` (`sealed`/`restricted`), explicit `egressAllowlist`, CPU/memory limits, and optional wall-clock quota. Missing entries cause fail-closed refusal during plan or execution.
- **Registry signing + SBOM + revocation (TP7):** Packs accepted by Task Runner must include DSSE envelopes for bundle + attestation, a pack SBOM, and a revocation list path; imports fail when digests or revocation proofs are absent.
- **Offline bundle schema + verifier (TP8):** Offline bundles must satisfy `docs/task-packs/packs-offline-bundle.schema.json` and pass `scripts/packs/verify_offline_bundle.py --require-dsse`. Evidence locker records the verifier version used.
- **Run/approval SLOs (TP9):** Plan validation enforces declared SLOs (`runP95Seconds`, `approvalP95Seconds`, `maxQueueDepth`) and wires alert rules into telemetry (burn-rate alerts on approval latency + queue depth).
- **Fail-closed gates (TP10):** Approval/policy/timeline gates default to fail-closed on missing evidence, expired DSSE, or absent quotas; remediation hints surface in `pack_run_logs` and API error payloads.
## 13. References
- Product advisory: `docs/product-advisories/29-Nov-2025 - Task Pack Orchestration and Automation.md`.
- Task Pack spec + authoring + runbook: `docs/task-packs/spec.md`, `docs/task-packs/authoring-guide.md`, `docs/task-packs/runbook.md`.
- Migration detail: `docs/modules/taskrunner/migrations/pack-run-collections.md`.