save checkpoint: save features
This commit is contained in:
master
@@ -0,0 +1,29 @@
|
||||
# Immutable Advisory Feed Snapshots
|
||||
|
||||
## Module
|
||||
Replay
|
||||
|
||||
## Status
|
||||
VERIFIED
|
||||
|
||||
## Description
|
||||
Replay provides immutable, content-addressed advisory feed snapshots that can be queried by provider and time anchor for deterministic replay workflows.
|
||||
|
||||
## What's Implemented
|
||||
- **Feed Snapshot Capture and Storage**: `src/Replay/__Libraries/StellaOps.Replay.Core/FeedSnapshots/FeedSnapshotService.cs` captures per-provider snapshots as immutable blobs and stores them by digest.
|
||||
- **Content Addressing and Integrity Checks**: `src/Replay/__Libraries/StellaOps.Replay.Core/FeedSnapshots/FeedSnapshotService.cs` computes SHA-256 digests and supports integrity verification against stored content.
|
||||
- **Snapshot Indexing by Time**: `src/Replay/__Libraries/StellaOps.Replay.Core/FeedSnapshots/FeedSnapshotService.cs` and `IFeedSnapshotIndexStore` support provider/time lookups and listing for point-in-time resolution.
|
||||
- **Point-in-Time Advisory Resolution Core**: `src/Replay/__Libraries/StellaOps.Replay.Core/FeedSnapshots/PointInTimeAdvisoryResolver.cs` resolves advisory state from snapshots at or before a requested timestamp.
|
||||
- **Snapshot API Contract Surface**: `src/Replay/StellaOps.Replay.WebService/PointInTimeQueryEndpoints.cs` defines snapshot capture/get/verify/bundle and advisory query endpoint handlers.
|
||||
- **Behavioral Coverage**:
|
||||
- `src/Replay/__Tests/StellaOps.Replay.Core.Tests/FeedSnapshots/FeedSnapshotServiceTests.cs`
|
||||
- `src/Replay/__Tests/StellaOps.Replay.Core.Tests/FeedSnapshots/PointInTimeAdvisoryResolverTests.cs`
|
||||
- `src/Replay/__Tests/StellaOps.Replay.Core.Tests/FeedSnapshots/PointInTimeQueryEndpointsTests.cs`
|
||||
|
||||
## Verification
|
||||
- Run ID: `run-003`
|
||||
- Date (UTC): `2026-02-11`
|
||||
- Tier 0: `pass` (`docs/qa/feature-checks/runs/replay/immutable-advisory-feed-snapshots/run-003/tier0-source-check.json`)
|
||||
- Tier 1: `pass` (`docs/qa/feature-checks/runs/replay/immutable-advisory-feed-snapshots/run-003/tier1-build-check.json`)
|
||||
- Tier 2: `pass` (`94/94`) (`docs/qa/feature-checks/runs/replay/immutable-advisory-feed-snapshots/run-003/tier2-integration-check.json`)
|
||||
- Evidence directory: `docs/qa/feature-checks/runs/replay/immutable-advisory-feed-snapshots/run-003/evidence/`
|
||||
@@ -0,0 +1,29 @@
|
||||
# Point-in-Time Vulnerability Query (As-Of Date)
|
||||
|
||||
## Module
|
||||
Replay
|
||||
|
||||
## Status
|
||||
VERIFIED
|
||||
|
||||
## Description
|
||||
Replay exposes point-in-time advisory query APIs that resolve vulnerability state by provider and timestamp, including diff and cross-provider behaviors.
|
||||
|
||||
## What's Implemented
|
||||
- **Point-in-Time API Endpoints**: `src/Replay/StellaOps.Replay.WebService/PointInTimeQueryEndpoints.cs` maps advisory query, timeline, diff, and snapshot endpoints under `/v1/pit/*`.
|
||||
- **WebService Registration**: `src/Replay/StellaOps.Replay.WebService/Program.cs` wires `MapPointInTimeQueryEndpoints()` and required replay snapshot/query dependencies into DI.
|
||||
- **Snapshot Storage and Time Indexing**: `src/Replay/__Libraries/StellaOps.Replay.Core/FeedSnapshots/FeedSnapshotService.cs` and `IFeedSnapshotIndexStore` implement immutable snapshot capture and temporal lookup.
|
||||
- **Advisory Resolution Engine**: `src/Replay/__Libraries/StellaOps.Replay.Core/FeedSnapshots/PointInTimeAdvisoryResolver.cs` resolves advisory state, cross-provider consensus, timeline, and field-level diffs.
|
||||
- **Replay WebService In-Memory Feed Support**: `src/Replay/StellaOps.Replay.WebService/FeedSnapshotSupport.cs` provides in-memory blob/index stores and JSON advisory extraction used by API flows.
|
||||
- **Behavioral Coverage**:
|
||||
- `src/Replay/__Tests/StellaOps.Replay.Core.Tests/FeedSnapshots/PointInTimeAdvisoryResolverTests.cs`
|
||||
- `src/Replay/__Tests/StellaOps.Replay.Core.Tests/FeedSnapshots/PointInTimeQueryEndpointsTests.cs`
|
||||
- `src/Replay/__Tests/StellaOps.Replay.Core.Tests/FeedSnapshots/PointInTimeQueryApiIntegrationTests.cs`
|
||||
|
||||
## Verification
|
||||
- Run ID: `run-003`
|
||||
- Date (UTC): `2026-02-11`
|
||||
- Tier 0: `pass` (`docs/qa/feature-checks/runs/replay/point-in-time-vulnerability-query/run-003/tier0-source-check.json`)
|
||||
- Tier 1: `pass` (`docs/qa/feature-checks/runs/replay/point-in-time-vulnerability-query/run-003/tier1-build-check.json`)
|
||||
- Tier 2: `pass` (`docs/qa/feature-checks/runs/replay/point-in-time-vulnerability-query/run-003/tier2-api-check.json`)
|
||||
- Evidence directory: `docs/qa/feature-checks/runs/replay/point-in-time-vulnerability-query/run-003/evidence/`
|
||||
37
docs/features/checked/replay/replay-infrastructure.md
Normal file
37
docs/features/checked/replay/replay-infrastructure.md
Normal file
@@ -0,0 +1,37 @@
|
||||
# Replay Infrastructure (Manifest, Determinism Verifier, Verdict Engine, Drift Detection)
|
||||
|
||||
## Module
|
||||
Replay
|
||||
|
||||
## Status
|
||||
VERIFIED
|
||||
|
||||
## Description
|
||||
Full replay infrastructure: DeterminismVerifier re-hydrates exact inputs from manifest and verifies bit-for-bit verdict reproduction. Run manifest model capturing pipeline state (feeds, rules, versions). DeterministicResolver with feed snapshots, bundle export, and web service. Verdict replay with divergence detection and input drift testing.
|
||||
|
||||
## Implementation Details
|
||||
- **Determinism Verifier**: `src/Replay/__Libraries/StellaOps.Replay.Core/DeterminismVerifier.cs` -- re-hydrates exact inputs from a run manifest and verifies bit-for-bit verdict reproduction; reports divergences between original and replayed verdicts.
|
||||
- **Input Manifest Resolver**: `src/Replay/__Libraries/StellaOps.Replay.Core/InputManifestResolver.cs` -- resolves and snapshots all inputs (feed versions, policy rules, SBOM state) needed to reproduce a verdict, creating a self-contained input manifest.
|
||||
- **Replay Executor**: `src/Replay/__Libraries/StellaOps.Replay.Core/ReplayExecutor.cs` -- orchestrates verdict replay by loading the input manifest, executing the policy evaluation pipeline, and comparing outputs against the original verdict.
|
||||
- **Replay Job Queue**: `src/Replay/__Libraries/StellaOps.Replay.Core/ReplayJobQueue.cs` -- background job queue for scheduling and processing replay verification requests.
|
||||
- **Policy Simulation Input Lock**: `src/Replay/__Libraries/StellaOps.Replay.Core/PolicySimulationInputLock.cs` -- locks input state during replay to prevent concurrent modifications from affecting determinism verification.
|
||||
- **Verdict Replay Endpoints**: `src/Replay/StellaOps.Replay.WebService/VerdictReplayEndpoints.cs` -- REST endpoints for submitting replay requests and querying replay results.
|
||||
- **Web Service Entry Point**: `src/Replay/StellaOps.Replay.WebService/Program.cs` -- ASP.NET Core web service hosting replay endpoints.
|
||||
- **Tests**: `src/Replay/__Tests/StellaOps.Replay.Core.Tests/Unit/DeterminismVerifierTests.cs`, `Unit/InputManifestResolverTests.cs`, `VerdictReplayIntegrationTests.cs`, `VerdictReplayEndpointsTests.cs`, `PolicySimulationInputLockValidatorTests.cs`
|
||||
|
||||
## E2E Test Plan
|
||||
- [x] Submit a verdict for replay via the REST endpoint and verify `DeterminismVerifier` produces a bit-for-bit identical verdict when given the same input manifest.
|
||||
- [x] Modify a policy rule between the original verdict and the replay and verify divergence is detected and reported.
|
||||
- [x] Verify input manifest completeness by replaying using manifest contents only.
|
||||
- [x] Verify input lock behavior protects replay consistency during concurrent mutation attempts.
|
||||
- [x] Submit multiple replay requests and verify queue processing order and result handling.
|
||||
- [x] Verify drift detection when replay uses a different feed snapshot/input state.
|
||||
|
||||
## Verification
|
||||
- Run ID: `run-001`
|
||||
- Date (UTC): `2026-02-11`
|
||||
- Tier 0: `pass` (`docs/qa/feature-checks/runs/replay/replay-infrastructure/run-001/tier0-source-check.json`)
|
||||
- Tier 1: `pass` (`docs/qa/feature-checks/runs/replay/replay-infrastructure/run-001/tier1-build-check.json`)
|
||||
- Tier 2: `pass` (`docs/qa/feature-checks/runs/replay/replay-infrastructure/run-001/tier2-integration-check.json`)
|
||||
- Evidence directory: `docs/qa/feature-checks/runs/replay/replay-infrastructure/run-001/evidence/`
|
||||
|
||||
@@ -0,0 +1,34 @@
|
||||
# Replay Recording and Verification Service
|
||||
|
||||
## Module
|
||||
Replay
|
||||
|
||||
## Status
|
||||
VERIFIED
|
||||
|
||||
## Description
|
||||
Dedicated replay service that records verdict inputs/outputs and provides endpoints to replay and verify deterministic verdict execution, ensuring reproducibility of security decisions.
|
||||
|
||||
## Implementation Details
|
||||
- **Verdict Replay Endpoints**: `src/Replay/StellaOps.Replay.WebService/VerdictReplayEndpoints.cs` -- REST API endpoints for recording verdict executions, submitting replay requests, and querying verification results.
|
||||
- **Replay Executor**: `src/Replay/__Libraries/StellaOps.Replay.Core/ReplayExecutor.cs` -- executes recorded verdicts with snapshotted inputs and compares outputs for determinism verification.
|
||||
- **Determinism Verifier**: `src/Replay/__Libraries/StellaOps.Replay.Core/DeterminismVerifier.cs` -- compares original and replayed verdict outputs, detecting any divergences in the decision.
|
||||
- **Trace Anonymizer**: `src/Replay/__Libraries/StellaOps.Replay.Anonymization/TraceAnonymizer.cs` (implements `ITraceAnonymizer`) -- anonymizes sensitive data in replay traces before storage or export, enabling safe sharing of replay data for debugging.
|
||||
- **Anonymization Models**: `src/Replay/__Libraries/StellaOps.Replay.Anonymization/Models.cs` -- data models for anonymized trace records.
|
||||
- **Replay Job Queue**: `src/Replay/__Libraries/StellaOps.Replay.Core/ReplayJobQueue.cs` -- queues replay verification jobs for background processing.
|
||||
- **Tests**: `src/Replay/__Tests/StellaOps.Replay.Core.Tests/VerdictReplayIntegrationTests.cs`, `src/Replay/__Tests/StellaOps.Replay.Core.Tests/VerdictReplayEndpointsTests.cs`, and `src/Replay/__Tests/StellaOps.Replay.Anonymization.Tests/TraceAnonymizerTests.cs`.
|
||||
|
||||
## E2E Test Plan
|
||||
- [x] Record/submit replay verification requests through replay service endpoints and validate returned contracts.
|
||||
- [x] Replay recorded verdict logic and verify deterministic output comparison behavior.
|
||||
- [x] Verify divergence signaling behavior when replay output differs from original verdict.
|
||||
- [x] Verify trace anonymization preserves structure while redacting sensitive fields.
|
||||
- [x] Verify replay queue processing behavior through replay core behavioral suite.
|
||||
|
||||
## Verification
|
||||
- Run ID: `run-002`
|
||||
- Date (UTC): `2026-02-11`
|
||||
- Tier 0: `pass` (`docs/qa/feature-checks/runs/replay/replay-recording-and-verification-service/run-002/tier0-source-check.json`)
|
||||
- Tier 1: `pass` (`docs/qa/feature-checks/runs/replay/replay-recording-and-verification-service/run-002/tier1-build-check.json`)
|
||||
- Tier 2: `pass` (`docs/qa/feature-checks/runs/replay/replay-recording-and-verification-service/run-002/tier2-integration-check.json`)
|
||||
- Evidence directory: `docs/qa/feature-checks/runs/replay/replay-recording-and-verification-service/run-002/evidence/`
|
||||
Reference in New Issue
Block a user