stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Add determinism tests for verdict artifact generation and update SHA256 sums script

Browse Source 
- Implemented comprehensive tests for verdict artifact generation to ensure deterministic outputs across various scenarios, including identical inputs, parallel execution, and change ordering.
- Created helper methods for generating sample verdict inputs and computing canonical hashes.
- Added tests to validate the stability of canonical hashes, proof spine ordering, and summary statistics.
- Introduced a new PowerShell script to update SHA256 sums for files, ensuring accurate hash generation and file integrity checks.
This commit is contained in:
StellaOps Bot
2025-12-24 02:17:34 +02:00
parent e59921374e
commit 7503c19b8f
390 changed files with 37389 additions and 5380 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
docs/console/observability.md
View File

@@ -1,11 +1,41 @@
# Archived: Console Observability Notes
# Console Observability
This page was consolidated into canonical docs:
This document describes Console observability expectations: what telemetry matters, how to correlate UI actions with backend traces, and what to surface in air-gapped deployments.
- `docs/15_UI_GUIDE.md`
- `docs/observability/observability.md`
- `docs/observability/ui-telemetry.md`
## What to Measure (UI)
The previous note has been archived to:
Recommended UI metrics include:
- `docs/_archive/console/observability.md`
- **Time-to-verdict (TTFV):** from navigation to verdict banner rendered.
- **Time-to-evidence:** from clicking a fact/badge to evidence preview available.
- **Export latency and success rate:** evidence bundle generation time and failures.
- **Mute/exception usage:** how often operators suppress or escalate findings (counts, reversal rate).
## What to Log (Structured)
Console logs should be structured and tenant-scoped:
- `tenantId`, `actor`, `actionType`
- `artifactId` / image digest
- `findingId` / vulnerability identifiers (when relevant)
- `traceId` / correlation IDs that tie UI requests to backend traces
## Error Surfaces
Operators need actionable error messaging:
- Distinguish client validation errors from server failures.
- Provide a copyable correlation/trace ID for support.
- Avoid leaking stack traces or secrets into UI notifications.
## Offline / Sealed Mode Telemetry
In sealed mode, surface:
- snapshot identity and staleness budgets
- which data is stale vs fresh (policy pack version, VEX snapshot time, feed ages)
## References
- UI telemetry guidance: `docs/observability/ui-telemetry.md`
- Accessibility baseline: `docs/accessibility.md`