stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Add determinism tests for verdict artifact generation and update SHA256 sums script

Browse Source 
- Implemented comprehensive tests for verdict artifact generation to ensure deterministic outputs across various scenarios, including identical inputs, parallel execution, and change ordering.
- Created helper methods for generating sample verdict inputs and computing canonical hashes.
- Added tests to validate the stability of canonical hashes, proof spine ordering, and summary statistics.
- Introduced a new PowerShell script to update SHA256 sums for files, ensuring accurate hash generation and file integrity checks.
This commit is contained in:
StellaOps Bot
2025-12-24 02:17:34 +02:00
parent e59921374e
commit 7503c19b8f
390 changed files with 37389 additions and 5380 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
docs/technical/architecture/infrastructure-dependencies.md Normal file
View File

@@ -0,0 +1,42 @@
# Infrastructure dependencies (detailed)
StellaOps is designed to run with a small set of required infrastructure components. Everything else is optional and must not be a hidden dependency for core workflows.
## PostgreSQL (required)
Primary store for durable state. Each service owns a schema to keep boundaries clear and enable tenant isolation strategies.
| Schema | Owner (primary) | Purpose |
| --- | --- | --- |
| `authority` | Authority | Users, clients, tenants, keys, audit trails. |
| `scanner` | Scanner | Scan manifests, triage, scan results metadata. |
| `vuln` | Concelier | Advisory raw documents, linksets, observations. |
| `vex` | Excititor | VEX raw documents, consensus, provider state. |
| `scheduler` | Scheduler | Jobs, runs, schedules, impact snapshots. |
| `notify` | Notify | Channels, templates, delivery history, digests. |
| `policy` | Policy | Exception objects, snapshots, unknowns. |
| `orchestrator` | Orchestrator | Sources, runs, jobs, DAGs, pack runs. |
## Valkey (required)
Redis-compatible cache + coordination substrate.
| Pattern | Typical services | Purpose |
| --- | --- | --- |
| DPoP nonces | Authority | RFC 9449 nonce storage (short TTL). |
| Streams / events | Scanner, Notify, Scheduler | Event emission and fan-out (deterministic ordering per stream). |
| Queues | Scanner, Notify | Worker coordination (consumer groups). |
| Cache | All services | Tenant-prefixed caching with explicit TTLs. |
| Rate limiting | Gateway, Authority | Token bucket counters. |
## RustFS / S3-compatible object storage (required)
Artifact store for SBOMs, evidence bundles, and replayable outputs. The exact bucket layout depends on the deployment profile; treat deployment manifests as authoritative.
## NATS JetStream (optional)
Alternative messaging transport for environments that require persistent streams or specific operational characteristics. NATS must be explicitly configured and must not be required for core workflows.
## Deployment references
- Compose profiles: `deploy/compose/README.md`
- Deployment bundles overview: `deploy/README.md`