stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Add tests for SBOM generation determinism across multiple formats

Browse Source 
- Created `StellaOps.TestKit.Tests` project for unit tests related to determinism.
- Implemented `DeterminismManifestTests` to validate deterministic output for canonical bytes and strings, file read/write operations, and error handling for invalid schema versions.
- Added `SbomDeterminismTests` to ensure identical inputs produce consistent SBOMs across SPDX 3.0.1 and CycloneDX 1.6/1.7 formats, including parallel execution tests.
- Updated project references in `StellaOps.Integration.Determinism` to include the new determinism testing library.
This commit is contained in:
master
2025-12-23 18:56:12 +02:00
committed by StellaOps Bot
parent 7ac70ece71
commit 5590a99a1a
381 changed files with 21071 additions and 14678 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
docs/_archive/console/SHA256SUMS Normal file
View File

@@ -0,0 +1,5 @@
# Hash index for console observability/forensics assets
# Add lines as: "<sha256> <relative-path>"
c1908189a1143d4314bbaa57f57139704edd73e807e025cdd0feae715b37ed72 docs/console/observability.md
c1908189a1143d4314bbaa57f57139704edd73e807e025cdd0feae715b37ed72 docs/console/observability.md
fb969b8e8edd2968910a754d06385863130a4cd5c25b483064cab60d5d305f2b docs/console/forensics.md

14
docs/_archive/console/admin-tenants.md Normal file
View File

@@ -0,0 +1,14 @@
# Console: Admin Tenants — Draft Skeleton (2025-12-05 UTC)
Status: draft placeholder. Depends on Console UX assets and DVDO0110.
## Tasks
- Create/edit/delete tenants.
- Assign roles/scopes via Console.
## Safety
- Imposed rule reminder; audit logging expectations.
## Open TODOs
- Add screenshots/flows when assets arrive.
- Link to multi-tenancy and scopes docs.

27
docs/_archive/console/airgap.md Normal file
View File

@@ -0,0 +1,27 @@
# Console Airgap UI (Airgap 57-002)
Describes console surfaces for sealed-mode imports, staleness, and user guidance.
## Surfaces
- **Airgap status badge**: shows `sealed` state, `mirrorGeneration`, last import time, and staleness indicator.
- **Import wizard**: stepper to upload/verify mirror bundle, show manifest hash, and emit timeline event upon success.
- **Staleness dashboard**: charts staleness by bundle/component; highlights tenants nearing expiry.
## Staleness logic
- Use time anchors from `docs/airgap/staleness-and-time.md`.
- Staleness = now - `bundle.createdAt`; color bands: green (<24h), amber (2472h), red (>72h) or missing anchor.
## Guidance banners
- When sealed: banner text "Sealed mode: egress denied. Only registered bundles allowed." Include current `mirrorGeneration` and bundle hash.
- On staleness red: prompt operators to import next bundle or reapply time anchor.
## Events
- Successful import emits timeline event with bundleId, mirrorGeneration, manifest hash, actor.
- Failed import emits event with error code; do not expose stack traces in UI.
## Security/guardrails
- Require admin scope to import bundles; read-only users can view status only.
- Never display raw hashes without tenant context; prefix with tenant and generation.
## TODOs
- Wire to backend once mirror bundle schema and timeline events are exposed (blocked until backend readiness).

8
docs/_archive/console/attestor-ui.md Normal file
View File

@@ -0,0 +1,8 @@
# Attestor UI (DOCS-ATTEST-74-003)
Describe console workflows for viewing and verifying attestations.
- Pages: attestation list, attestation detail, verification status panel.
- Filters: tenant, issuer, predicate, verification status.
- Actions: download DSSE, view transparency info, export verification record.
- UI must not derive verdicts; display raw verification state only.

26
docs/_archive/console/forensics.md Normal file
View File

@@ -0,0 +1,26 @@
# Console Forensics (stub)
> Status: BLOCKED awaiting timeline/evidence viewer assets and payloads from Console Guild. Follow this outline when assets arrive.
## Scope
- Timeline explorer, evidence viewer, attestation verifier flows.
- Imposed rule banner and offline-friendly walkthroughs.
- Troubleshooting section with deterministic repro steps.
## Pending inputs
- Deterministic captures (command-rendered or approved screenshots) for timeline and evidence viewer states.
- Sample NDJSON/JSON payloads for evidence/attestation, with hashes.
- Error taxonomy and retry/backoff guidance for user-facing errors.
## Determinism checklist
- Hash all captures/payloads in co-located `SHA256SUMS` when provided.
- Use UTC timestamps and stable ordering in tables and examples.
## Outline
1. Overview + banner
2. Timeline explorer walkthrough (filters, drilldowns)
3. Evidence viewer (attestations, signatures, DSSE bundle) examples
4. Attestation verifier steps and expected outputs
5. Troubleshooting + error taxonomy
6. Offline/air-gap operation steps
7. Verification (hash check + replay commands)

27
docs/_archive/console/observability.md Normal file
View File

@@ -0,0 +1,27 @@
# Console Observability (stub)
> Status: BLOCKED awaiting Observability Hub widget captures + deterministic sample payload hashes from Console Guild. This stub locks structure and checklist; replace placeholders once assets arrive.
## Scope
- Observability Hub widgets (traces, logs, metrics) for runtime/signals and graph overlays.
- Accessibility and imposed rule banner.
- Offline parity: all captures and sample payloads must be stored locally with SHA256 hashes.
## Pending inputs (must be supplied before publish)
- Widget screenshots or command-rendered outputs (deterministic capture).
- Sample payloads (JSON/NDJSON) with hash list.
- Alert rules/thresholds and dashboard import JSON.
## Determinism checklist
- Record all hashes in a `SHA256SUMS` alongside captures once provided.
- Use UTC ISO-8601 timestamps and stable sort order for tables/output snippets.
- Avoid external links; refer to local assets only.
## Outline (to fill when unblocked)
1. Overview and imposed rule banner
2. Widget catalog (cards/tables) with captions
3. Search/filter examples (logs, traces) with sample payloads
4. Dashboards and alert thresholds (import JSON path)
5. Accessibility and keyboard shortcuts
6. Offline/air-gap import steps
7. Verification steps (hash check + replay)

17
docs/_archive/console/risk-ui.md Normal file
View File

@@ -0,0 +1,17 @@
# Risk UI (outline)
- TBD once console assets arrive (authoring, simulation, dashboards).
## Pending Inputs
- See sprint SPRINT_0309_0001_0009_docs_tasks_md_ix action tracker; inputs due 2025-12-09..12 from owning guilds.
## Determinism Checklist
- [ ] Hash any inbound assets/payloads; place sums alongside artifacts (e.g., SHA256SUMS in this folder).
- [ ] Keep examples offline-friendly and deterministic (fixed seeds, pinned versions, stable ordering).
- [ ] Note source/approver for any provided captures or schemas.
## Sections to fill (once inputs arrive)
- Overview and navigation (authoring/simulation dashboards).
- Data inputs and validation.
- Simulation flows and dashboards.
- Exports/hashes for screenshots or payload samples (record in `SHA256SUMS`).