Add determinism tests for verdict artifact generation and update SHA256 sums script
- Implemented comprehensive tests for verdict artifact generation to ensure deterministic outputs across various scenarios, including identical inputs, parallel execution, and change ordering. - Created helper methods for generating sample verdict inputs and computing canonical hashes. - Added tests to validate the stability of canonical hashes, proof spine ordering, and summary statistics. - Introduced a new PowerShell script to update SHA256 sums for files, ensuring accurate hash generation and file integrity checks.
This commit is contained in:
StellaOps Bot
@@ -1,11 +1,43 @@
|
||||
# Archived: Console Admin (Tenants)
|
||||
# Console Tenant Administration
|
||||
|
||||
This page was consolidated into canonical docs:
|
||||
This document describes tenant administration workflows in the Console: creating tenants, managing access, and operating safely in multi-tenant deployments.
|
||||
|
||||
- `docs/15_UI_GUIDE.md`
|
||||
## Tenant Lifecycle
|
||||
|
||||
Typical tenant operations:
|
||||
|
||||
- Create and deactivate tenants
|
||||
- Configure tenant identity and display attributes (name, tags)
|
||||
- Review tenant-level configuration and capabilities (feature exposure is configuration-driven)
|
||||
|
||||
## Access Control
|
||||
|
||||
Tenant administration typically includes:
|
||||
|
||||
- Role assignment (who can operate vs approve vs audit)
|
||||
- Scope allocation (what each role is allowed to do)
|
||||
- Optional ABAC filters (environment/project constraints)
|
||||
|
||||
See:
|
||||
|
||||
- `docs/security/scopes-and-roles.md`
|
||||
- `docs/security/tenancy-overview.md`
|
||||
- `docs/architecture/console-admin-rbac.md`
|
||||
- `docs/security/authority-scopes.md`
|
||||
|
||||
The previous note has been archived to:
|
||||
## Safety and Auditability
|
||||
|
||||
- `docs/_archive/console/admin-tenants.md`
|
||||
- All admin actions must be auditable (who, what, when, tenant).
|
||||
- Prefer reversible operations:
|
||||
- deactivate instead of delete
|
||||
- rotate credentials instead of reusing
|
||||
- Make tenant context explicit in the UI to avoid cross-tenant mistakes.
|
||||
|
||||
## Offline / Air-Gap Notes
|
||||
|
||||
- Admin actions should remain available in sealed-mode, but any import/export should be explicit and verified.
|
||||
- When operating from Offline Kit snapshots, show snapshot identity and staleness for admin-relevant views (feeds, policies, issuer trust).
|
||||
|
||||
## References
|
||||
|
||||
- Console operator guide: `docs/15_UI_GUIDE.md`
|
||||
- Offline Kit: `docs/24_OFFLINE_KIT.md`
|
||||
|
||||
@@ -1,11 +1,52 @@
|
||||
# Archived: Console Air-Gap Notes
|
||||
# Console Air-Gap UX (Sealed Mode)
|
||||
|
||||
This page was consolidated into canonical docs:
|
||||
This document describes the Console surfaces and operator expectations when running against Offline Kit snapshots or in sealed/air-gapped deployments.
|
||||
|
||||
- `docs/15_UI_GUIDE.md`
|
||||
- `docs/24_OFFLINE_KIT.md`
|
||||
- `docs/airgap/` (deep dive workflows)
|
||||
## Goals
|
||||
|
||||
The previous note has been archived to:
|
||||
- Make offline operation explicit (never “pretend online”).
|
||||
- Show snapshot identity and staleness budgets so operators can reason about freshness.
|
||||
- Keep import workflows auditable and tenant-scoped.
|
||||
|
||||
- `docs/_archive/console/airgap.md`
|
||||
## Required Surfaces
|
||||
|
||||
### Offline / Sealed Status Badge
|
||||
|
||||
The Console should surface:
|
||||
|
||||
- Whether the site is operating in **sealed/offline mode**.
|
||||
- The current **snapshot identity** (bundle ID / generation / content digest).
|
||||
- The **last import time** and configured freshness/staleness budgets.
|
||||
|
||||
### Import Workflow
|
||||
|
||||
When imports are supported via Console:
|
||||
|
||||
- Use a clear stepper flow: select bundle → verify → apply → confirm.
|
||||
- Display verification results (signature status, digest) without exposing secrets.
|
||||
- Emit an auditable event: who imported what, when, and which snapshot became active.
|
||||
|
||||
### Staleness Dashboard
|
||||
|
||||
Operators need a quick view of:
|
||||
|
||||
- Advisory/VEX/policy ages relative to configured budgets
|
||||
- Tenants/environments nearing expiry thresholds
|
||||
- “Why stale?” explanations (missing time anchor, expired bundle, etc.)
|
||||
|
||||
## Staleness Rules
|
||||
|
||||
- Treat staleness as **a first-class signal**: show it prominently when it affects decision confidence.
|
||||
- Use UTC timestamps; avoid local time ambiguity.
|
||||
- When a time anchor is missing, surface “unknown staleness” instead of silently defaulting.
|
||||
|
||||
## Security and Guardrails
|
||||
|
||||
- Import is an admin operation (scoped and audited).
|
||||
- Always display tenant context for imports and status surfaces.
|
||||
- Avoid displaying long hashes without context; prefer short digests with a “copy full digest” action.
|
||||
|
||||
## References
|
||||
|
||||
- Offline Kit packaging and verification: `docs/24_OFFLINE_KIT.md`
|
||||
- Air-gap workflows: `docs/airgap/`
|
||||
|
||||
@@ -1,10 +1,25 @@
|
||||
# Archived: Attestor UI Notes
|
||||
# Attestor UI (Console)
|
||||
|
||||
This page was consolidated into canonical docs:
|
||||
The Console includes surfaces for viewing and verifying attestations produced by StellaOps services.
|
||||
|
||||
- `docs/15_UI_GUIDE.md`
|
||||
- `docs/modules/attestor/architecture.md`
|
||||
## Views
|
||||
|
||||
The previous note has been archived to:
|
||||
- **Attestation list:** filter by tenant, issuer, predicate/type, verification status.
|
||||
- **Attestation detail:** show subject, predicate, timestamps, signer identity, and verification outcome.
|
||||
- **Verification panel:** signature status, certificate chain/key identity, and transparency proof (when configured).
|
||||
|
||||
- `docs/_archive/console/attestor-ui.md`
|
||||
## Actions
|
||||
|
||||
- Download DSSE envelope (and referenced artifacts where applicable)
|
||||
- Copy digests and correlation IDs for audit trails
|
||||
- Open transparency proof details (when enabled)
|
||||
|
||||
## Guardrails
|
||||
|
||||
- The UI must not “derive” verdicts from attestations; it should display verification state and referenced evidence.
|
||||
- Tenancy must always be explicit; exports should preserve tenant context and verification metadata.
|
||||
|
||||
## References
|
||||
|
||||
- Console operator guide: `docs/15_UI_GUIDE.md`
|
||||
- Offline Kit verification: `docs/24_OFFLINE_KIT.md`
|
||||
|
||||
@@ -1,12 +1,40 @@
|
||||
# Archived: Console Forensics Notes
|
||||
# Console Forensics and Evidence Review
|
||||
|
||||
This page was consolidated into canonical docs:
|
||||
This document describes how the Console supports forensic review of decisions: timelines, evidence viewing, attestation verification, and audit exports.
|
||||
|
||||
- `docs/15_UI_GUIDE.md`
|
||||
- `docs/forensics/evidence-locker.md`
|
||||
- `docs/forensics/provenance-attestation.md`
|
||||
- `docs/forensics/timeline.md`
|
||||
## Timeline Explorer
|
||||
|
||||
The previous note has been archived to:
|
||||
The timeline view should enable:
|
||||
|
||||
- `docs/_archive/console/forensics.md`
|
||||
- Filtering by tenant, artifact, finding, and time window
|
||||
- Drill-down from a verdict to its evidence objects (SBOM slice, VEX observation/linkset, reachability proof, policy explain trace)
|
||||
- Visibility into operator actions (triage actions, exceptions, approvals) as append-only events
|
||||
|
||||
## Evidence Viewer
|
||||
|
||||
Evidence viewing should prioritize:
|
||||
|
||||
- Clear provenance (issuer identity, timestamps, digests)
|
||||
- Verification state (signature verified/failed/unknown)
|
||||
- Deterministic identifiers so auditors can replay and compare
|
||||
|
||||
## Attestation Verification
|
||||
|
||||
When presenting attestations (DSSE/in-toto):
|
||||
|
||||
- Display verification status and key identity
|
||||
- Link to transparency log proof when configured
|
||||
- Allow exporting the DSSE envelope and the referenced artifacts
|
||||
|
||||
## Export / Verify Workflows
|
||||
|
||||
Exports are the bridge between online and offline review:
|
||||
|
||||
- Exports should be deterministic (stable ordering, UTC timestamps).
|
||||
- Export bundles should include integrity metadata (digests) so offline reviewers can verify without trusting a live service.
|
||||
|
||||
## References
|
||||
|
||||
- Console operator guide: `docs/15_UI_GUIDE.md`
|
||||
- Offline Kit: `docs/24_OFFLINE_KIT.md`
|
||||
- Vulnerability Explorer guide (triage model): `docs/20_VULNERABILITY_EXPLORER_GUIDE.md`
|
||||
|
||||
@@ -1,11 +1,41 @@
|
||||
# Archived: Console Observability Notes
|
||||
# Console Observability
|
||||
|
||||
This page was consolidated into canonical docs:
|
||||
This document describes Console observability expectations: what telemetry matters, how to correlate UI actions with backend traces, and what to surface in air-gapped deployments.
|
||||
|
||||
- `docs/15_UI_GUIDE.md`
|
||||
- `docs/observability/observability.md`
|
||||
- `docs/observability/ui-telemetry.md`
|
||||
## What to Measure (UI)
|
||||
|
||||
The previous note has been archived to:
|
||||
Recommended UI metrics include:
|
||||
|
||||
- `docs/_archive/console/observability.md`
|
||||
- **Time-to-verdict (TTFV):** from navigation to verdict banner rendered.
|
||||
- **Time-to-evidence:** from clicking a fact/badge to evidence preview available.
|
||||
- **Export latency and success rate:** evidence bundle generation time and failures.
|
||||
- **Mute/exception usage:** how often operators suppress or escalate findings (counts, reversal rate).
|
||||
|
||||
## What to Log (Structured)
|
||||
|
||||
Console logs should be structured and tenant-scoped:
|
||||
|
||||
- `tenantId`, `actor`, `actionType`
|
||||
- `artifactId` / image digest
|
||||
- `findingId` / vulnerability identifiers (when relevant)
|
||||
- `traceId` / correlation IDs that tie UI requests to backend traces
|
||||
|
||||
## Error Surfaces
|
||||
|
||||
Operators need actionable error messaging:
|
||||
|
||||
- Distinguish client validation errors from server failures.
|
||||
- Provide a copyable correlation/trace ID for support.
|
||||
- Avoid leaking stack traces or secrets into UI notifications.
|
||||
|
||||
## Offline / Sealed Mode Telemetry
|
||||
|
||||
In sealed mode, surface:
|
||||
|
||||
- snapshot identity and staleness budgets
|
||||
- which data is stale vs fresh (policy pack version, VEX snapshot time, feed ages)
|
||||
|
||||
## References
|
||||
|
||||
- UI telemetry guidance: `docs/observability/ui-telemetry.md`
|
||||
- Accessibility baseline: `docs/accessibility.md`
|
||||
|
||||
@@ -1,11 +1,20 @@
|
||||
# Archived: Console Risk UI Notes
|
||||
# Console Risk UI (Overview)
|
||||
|
||||
This page was consolidated into canonical docs:
|
||||
This document describes how risk and explainability concepts should surface in the Console.
|
||||
|
||||
- `docs/20_VULNERABILITY_EXPLORER_GUIDE.md`
|
||||
- `docs/16_VEX_CONSENSUS_GUIDE.md`
|
||||
- `docs/15_UI_GUIDE.md`
|
||||
## Concepts to Surface
|
||||
|
||||
The previous note has been archived to:
|
||||
- **Verdict and “why”:** a short, narrative explanation above the fold.
|
||||
- **Evidence rail:** links to proofs that justify each fact (SBOM, VEX, reachability, policy explain trace).
|
||||
- **Risk signals:** severity, exploit signals, exposure context, and confidence/uncertainty indicators.
|
||||
|
||||
- `docs/_archive/console/risk-ui.md`
|
||||
## Explainability Expectations
|
||||
|
||||
- Every blocking decision must link to the policy gate and the evidence inputs that triggered it.
|
||||
- Uncertainty must remain explicit (avoid false safety when evidence is missing or conflicts exist).
|
||||
|
||||
## References
|
||||
|
||||
- Risk model overview: `docs/risk/overview.md`
|
||||
- Policy explainability: `docs/risk/explainability.md`
|
||||
- Vulnerability Explorer guide: `docs/20_VULNERABILITY_EXPLORER_GUIDE.md`
|
||||
|
||||
Reference in New Issue
Block a user