Add determinism tests for verdict artifact generation and update SHA256 sums script

- Implemented comprehensive tests for verdict artifact generation to ensure deterministic outputs across various scenarios, including identical inputs, parallel execution, and change ordering. - Created helper methods for generating sample verdict inputs and computing canonical hashes. - Added tests to validate the stability of canonical hashes, proof spine ordering, and summary statistics. - Introduced a new PowerShell script to update SHA256 sums for files, ensuring accurate hash generation and file integrity checks.
2025-12-24 02:17:34 +02:00
parent e59921374e
commit 7503c19b8f
390 changed files with 37389 additions and 5380 deletions
--- a/docs/assets/vuln-explorer/README.md
+++ b/docs/assets/vuln-explorer/README.md
@@ -1,4 +1,4 @@
 Asset staging for Vuln Explorer Md.XI
- Record SHA256 hashes in ../SHA256SUMS when dropping assets.
+- Record SHA256 hashes in the nearest README/CAPTURES document next to the asset entry (no separate manifest file).
 - Subdirs: console, api, cli, ledger, telemetry, rbac, runbook, advisory, sbom, vex.
 - Keep filenames deterministic and stable.
--- a/docs/assets/vuln-explorer/SHA256SUMS
+++ b/docs/assets/vuln-explorer/SHA256SUMS
@@ -1,83 +0,0 @@
-# Vuln Explorer Md.XI asset hashes
-# Format: <sha256>  <relative-path-under-docs>
-# Populate when captures/payloads land (screens, API/CLI samples, fixtures).
-# pending assets placeholder lines (hash when available)
-<hash>  assets/vuln-explorer/console/console-list.png
-<hash>  assets/vuln-explorer/console/console-detail.png
-<hash>  assets/vuln-explorer/console/console-shortcuts.md
-<hash>  assets/vuln-explorer/console/console-saved-view.json
-<hash>  assets/vuln-explorer/api/api-findings-list.json
-<hash>  assets/vuln-explorer/api/api-finding-detail.json
-<hash>  assets/vuln-explorer/api/api-action-post.json
-<hash>  assets/vuln-explorer/api/api-report-create.json
-<hash>  assets/vuln-explorer/api/api-vex-decision.json
-<hash>  assets/vuln-explorer/cli/cli-findings-list.json
-<hash>  assets/vuln-explorer/cli/cli-findings-view.json
-<hash>  assets/vuln-explorer/cli/cli-action.json
-<hash>  assets/vuln-explorer/cli/cli-report-create.json
-<hash>  assets/vuln-explorer/cli/cli-export-offline.json
-<hash>  assets/vuln-explorer/cli/cli-vex-decision.json
-<hash>  assets/vuln-explorer/ledger/ledger-history.jsonl
-<hash>  assets/vuln-explorer/ledger/ledger-actions.jsonl
-<hash>  assets/vuln-explorer/ledger/ledger-replay-output.json
-<hash>  assets/vuln-explorer/ledger/ledger-manifest.json
-<hash>  assets/vuln-explorer/telemetry/metrics-sample.json
-<hash>  assets/vuln-explorer/telemetry/logs-sample.jsonl
-<hash>  assets/vuln-explorer/telemetry/traces-sample.json
-<hash>  assets/vuln-explorer/telemetry/dashboard.json
-<hash>  assets/vuln-explorer/rbac/rbac-scope-table.md
-<hash>  assets/vuln-explorer/rbac/abac-claims.json
-<hash>  assets/vuln-explorer/rbac/attachment-token-flow.json
-<hash>  assets/vuln-explorer/runbook/runbook-projector-lag.md
-<hash>  assets/vuln-explorer/runbook/runbook-resolver-storm.json
-<hash>  assets/vuln-explorer/runbook/runbook-export-failure.json
-<hash>  assets/vuln-explorer/runbook/runbook-policy-activation.md
-<hash>  assets/vuln-explorer/advisory/advisory-normalized.json
-<hash>  assets/vuln-explorer/advisory/advisory-withdrawn.json
-<hash>  assets/vuln-explorer/advisory/advisory-bundle-manifest.json
-<hash>  assets/vuln-explorer/sbom/sbom-component-resolution.json
-<hash>  assets/vuln-explorer/sbom/sbom-path-dedupe.json
-<hash>  assets/vuln-explorer/sbom/safe-version-hints.json
-<hash>  assets/vuln-explorer/vex/vex-csaf-sample.json
-<hash>  assets/vuln-explorer/vex/vex-mapping-output.json
-<hash>  assets/vuln-explorer/vex/vex-precedence-table.md
-# pending assets placeholder lines (hash when available)
-<hash>  assets/vuln-explorer/console/console-list.png
-<hash>  assets/vuln-explorer/console/console-detail.png
-<hash>  assets/vuln-explorer/console/console-shortcuts.md
-<hash>  assets/vuln-explorer/console/console-saved-view.json
-<hash>  assets/vuln-explorer/api/api-findings-list.json
-<hash>  assets/vuln-explorer/api/api-finding-detail.json
-<hash>  assets/vuln-explorer/api/api-action-post.json
-<hash>  assets/vuln-explorer/api/api-report-create.json
-<hash>  assets/vuln-explorer/api/api-vex-decision.json
-<hash>  assets/vuln-explorer/cli/cli-findings-list.json
-<hash>  assets/vuln-explorer/cli/cli-findings-view.json
-<hash>  assets/vuln-explorer/cli/cli-action.json
-<hash>  assets/vuln-explorer/cli/cli-report-create.json
-<hash>  assets/vuln-explorer/cli/cli-export-offline.json
-<hash>  assets/vuln-explorer/cli/cli-vex-decision.json
-<hash>  assets/vuln-explorer/ledger/ledger-history.jsonl
-<hash>  assets/vuln-explorer/ledger/ledger-actions.jsonl
-<hash>  assets/vuln-explorer/ledger/ledger-replay-output.json
-<hash>  assets/vuln-explorer/ledger/ledger-manifest.json
-<hash>  assets/vuln-explorer/telemetry/metrics-sample.json
-<hash>  assets/vuln-explorer/telemetry/logs-sample.jsonl
-<hash>  assets/vuln-explorer/telemetry/traces-sample.json
-<hash>  assets/vuln-explorer/telemetry/dashboard.json
-<hash>  assets/vuln-explorer/rbac/rbac-scope-table.md
-<hash>  assets/vuln-explorer/rbac/abac-claims.json
-<hash>  assets/vuln-explorer/rbac/attachment-token-flow.json
-<hash>  assets/vuln-explorer/runbook/runbook-projector-lag.md
-<hash>  assets/vuln-explorer/runbook/runbook-resolver-storm.json
-<hash>  assets/vuln-explorer/runbook/runbook-export-failure.json
-<hash>  assets/vuln-explorer/runbook/runbook-policy-activation.md
-<hash>  assets/vuln-explorer/advisory/advisory-normalized.json
-<hash>  assets/vuln-explorer/advisory/advisory-withdrawn.json
-<hash>  assets/vuln-explorer/advisory/advisory-bundle-manifest.json
-<hash>  assets/vuln-explorer/sbom/sbom-component-resolution.json
-<hash>  assets/vuln-explorer/sbom/sbom-path-dedupe.json
-<hash>  assets/vuln-explorer/sbom/safe-version-hints.json
-<hash>  assets/vuln-explorer/vex/vex-csaf-sample.json
-<hash>  assets/vuln-explorer/vex/vex-mapping-output.json
-<hash>  assets/vuln-explorer/vex/vex-precedence-table.md
--- a/docs/assets/vuln-explorer/console/CAPTURES.md
+++ b/docs/assets/vuln-explorer/console/CAPTURES.md
@@ -1,13 +1,8 @@
 # Console Asset Captures for Vuln Explorer Documentation

-> **Status:** Ready for capture
-> **Last Updated:** 2025-12-06
-> **Owner:** Console Guild
-> **Hash Manifest:** See SHA256SUMS after capture
-
 ## Capture Instructions

-Run the console app locally and capture each screen:
+Run the Console locally and capture each screen listed below.

 ```bash
 # Start the dev environment
@@ -22,7 +17,7 @@ docker compose -f deploy/compose/docker-compose.dev.yaml up -d

 ### 1. Dashboard Overview

-**File:** `dashboard-overview.png`
+**File:** `dashboard-overview.png`  
 **Description:** Main dashboard showing vulnerability counts, risk scores, and recent activity.

 ```markdown
@@ -39,7 +34,7 @@ The dashboard provides:

 ### 2. Vulnerability Explorer List

-**File:** `vuln-explorer-list.png`
+**File:** `vuln-explorer-list.png`  
 **Description:** Vulnerability list view with filters and sorting.

 ```markdown
@@ -56,7 +51,7 @@ The vulnerability list shows:

 ### 3. Vulnerability Detail View

-**File:** `vuln-detail.png`
+**File:** `vuln-detail.png`  
 **Description:** Single vulnerability detail page with full context.

 ```markdown
@@ -75,7 +70,7 @@ The detail view includes:

 ### 4. Findings Ledger Timeline

-**File:** `findings-timeline.png`
+**File:** `findings-timeline.png`  
 **Description:** Timeline view of vulnerability findings and state changes.

 ```markdown
@@ -92,7 +87,7 @@ The timeline shows:

 ### 5. Risk Score Panel

-**File:** `risk-score-panel.png`
+**File:** `risk-score-panel.png`  
 **Description:** Risk score breakdown with contributing factors.

 ```markdown
@@ -109,7 +104,7 @@ The risk panel displays:

 ### 6. VEX Consensus View

-**File:** `vex-consensus.png`
+**File:** `vex-consensus.png`  
 **Description:** VEX consensus display showing multiple issuer statements.

 ```markdown
@@ -126,14 +121,14 @@ The VEX consensus view shows:

 ### 7. Policy Studio Editor

-**File:** `policy-studio-editor.png`
-**Description:** Policy Studio with Monaco editor and rule builder.
+**File:** `policy-studio-editor.png`  
+**Description:** Policy Studio with editor and rule builder.

 ```markdown
 ![Policy Studio Editor](./policy-studio-editor.png)

 The Policy Studio includes:
- Monaco editor with StellaOps DSL highlighting
+- Policy editor with DSL highlighting
 - Rule builder sidebar
 - Simulation panel
 - Lint/compile feedback
@@ -143,7 +138,7 @@ The Policy Studio includes:

 ### 8. Air-Gap Status Panel

-**File:** `airgap-status.png`
+**File:** `airgap-status.png`  
 **Description:** Air-gap mode status and bundle information.

 ```markdown
@@ -160,23 +155,8 @@ The air-gap panel shows:

 ## After Capture

-1. Place captured images in this directory
-2. Generate hashes:
-   ```bash
-   sha256sum *.png > SHA256SUMS
-   ```
-3. Update `docs/assets/vuln-explorer/SHA256SUMS` with new entries
-4. Mark DOCS-CONSOLE-OBS-52-001 as DONE in sprint file
+1. Place captured images in this directory.
+2. Compute hashes:
+   - `sha256sum *.png`
+3. Record the sha256 next to each captured filename in this document (or in a sibling README where the asset is referenced).

-## Sample SHA256SUMS Entry
-
-```
-e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  dashboard-overview.png
-e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  vuln-explorer-list.png
-e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  vuln-detail.png
-e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  findings-timeline.png
-e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  risk-score-panel.png
-e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  vex-consensus.png
-e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  policy-studio-editor.png
-e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  airgap-status.png
-```