stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Add determinism tests for verdict artifact generation and update SHA256 sums script

Browse Source 
- Implemented comprehensive tests for verdict artifact generation to ensure deterministic outputs across various scenarios, including identical inputs, parallel execution, and change ordering.
- Created helper methods for generating sample verdict inputs and computing canonical hashes.
- Added tests to validate the stability of canonical hashes, proof spine ordering, and summary statistics.
- Introduced a new PowerShell script to update SHA256 sums for files, ensuring accurate hash generation and file integrity checks.
This commit is contained in:
StellaOps Bot
2025-12-24 02:17:34 +02:00
parent e59921374e
commit 7503c19b8f
390 changed files with 37389 additions and 5380 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
docs/vex/consensus-json.md
View File

@@ -1,6 +1,47 @@
# Archived: VEX Consensus JSON
# VEX Consensus JSON (Payload Reference)
This document was consolidated during docs cleanup.
This document describes the *shape* of consensus records returned by consensus APIs and exported in Offline Kit snapshots. Field names and structure may vary slightly by gateway serialization, but the semantic contract is stable.
- Canonical guide: `docs/16_VEX_CONSENSUS_GUIDE.md`
- Module dossier: `docs/modules/vex-lens/architecture.md`
## Consensus Record (Conceptual)
```json
{
"artifact": "pkg:rpm/redhat/openssl@3.0.9",
"advisory": "CVE-2025-13579",
"status": "not_affected",
"confidence": 0.92,
"issued_at": "2025-08-30T12:05:00Z",
"consensus_digest": "sha256:…",
"derived_from": [
{
"source_digest": "sha256:…",
"issuer": "vendor:redhat",
"status": "not_affected",
"timestamp": "2025-08-30T12:00:00Z",
"trust": { "tier": "vendor", "weight": 1.0 },
"verification": { "signature": "verified" }
}
],
"conflicts": [
{
"source_digest": "sha256:…",
"issuer": "vendor:upstream",
"status": "affected",
"timestamp": "2025-08-29T00:00:00Z",
"trust": { "tier": "vendor", "weight": 0.8 }
}
]
}
```
## Determinism Rules
- Timestamps are UTC ISO-8601.
- Arrays (`derived_from`, `conflicts`) are in a stable order (typically the evaluation sort order).
- `consensus_digest` is computed over canonical, deterministic JSON bytes for the record (or over an equivalent canonical projection).
## Related Docs
- Algorithm overview: `docs/vex/consensus-algorithm.md`
- Endpoints: `docs/vex/consensus-api.md`
- Module details: `docs/modules/vex-lens/architecture.md`