stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity

Add Policy DSL Validator, Schema Exporter, and Simulation Smoke tools

Browse Source 
- Implemented PolicyDslValidator with command-line options for strict mode and JSON output.
- Created PolicySchemaExporter to generate JSON schemas for policy-related models.
- Developed PolicySimulationSmoke tool to validate policy simulations against expected outcomes.
- Added project files and necessary dependencies for each tool.
- Ensured proper error handling and usage instructions across tools.
This commit is contained in:
master
2025-10-27 08:00:11 +02:00
parent 2b7b88ca77
commit 799f787de2
712 changed files with 49449 additions and 6124 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
docs/schemas/policy-diff-summary.schema.json Normal file
View File

@@ -0,0 +1,71 @@
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "PolicyDiffSummary",
"type": "object",
"additionalProperties": false,
"properties": {
"SchemaVersion": {
"type": "string"
},
"Added": {
"type": "integer",
"format": "int32"
},
"Removed": {
"type": "integer",
"format": "int32"
},
"Unchanged": {
"type": "integer",
"format": "int32"
},
"BySeverity": {
"type": "object",
"additionalProperties": {
"$ref": "#/definitions/PolicyDiffSeverityDelta"
}
},
"RuleHits": {
"type": "array",
"items": {
"$ref": "#/definitions/PolicyDiffRuleDelta"
}
}
},
"definitions": {
"PolicyDiffSeverityDelta": {
"type": "object",
"additionalProperties": false,
"properties": {
"Up": {
"type": "integer",
"format": "int32"
},
"Down": {
"type": "integer",
"format": "int32"
}
}
},
"PolicyDiffRuleDelta": {
"type": "object",
"additionalProperties": false,
"properties": {
"RuleId": {
"type": "string"
},
"RuleName": {
"type": "string"
},
"Up": {
"type": "integer",
"format": "int32"
},
"Down": {
"type": "integer",
"format": "int32"
}
}
}
}
}

258
docs/schemas/policy-explain-trace.schema.json Normal file
View File

@@ -0,0 +1,258 @@
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "PolicyExplainTrace",
"type": "object",
"additionalProperties": false,
"properties": {
"SchemaVersion": {
"type": "string"
},
"FindingId": {
"type": "string"
},
"PolicyId": {
"type": "string"
},
"PolicyVersion": {
"type": "integer",
"format": "int32"
},
"TenantId": {
"type": "string"
},
"RunId": {
"type": "string"
},
"EvaluatedAt": {
"type": "string",
"format": "date-time"
},
"Verdict": {
"$ref": "#/definitions/PolicyExplainVerdict"
},
"RuleChain": {
"type": "array",
"items": {
"$ref": "#/definitions/PolicyExplainRule"
}
},
"Evidence": {
"type": "array",
"items": {
"$ref": "#/definitions/PolicyExplainEvidence"
}
},
"VexImpacts": {
"type": "array",
"items": {
"$ref": "#/definitions/PolicyExplainVexImpact"
}
},
"History": {
"type": "array",
"items": {
"$ref": "#/definitions/PolicyExplainHistoryEvent"
}
},
"Metadata": {
"type": "object",
"additionalProperties": {
"type": "string"
}
}
},
"definitions": {
"PolicyExplainVerdict": {
"type": "object",
"additionalProperties": false,
"properties": {
"Status": {
"$ref": "#/definitions/PolicyVerdictStatus"
},
"Severity": {
"oneOf": [
{
"type": "null"
},
{
"$ref": "#/definitions/SeverityRank"
}
]
},
"Quiet": {
"type": "boolean"
},
"Score": {
"type": [
"null",
"number"
],
"format": "double"
},
"Rationale": {
"type": [
"null",
"string"
]
}
}
},
"PolicyVerdictStatus": {
"type": "integer",
"description": "",
"x-enumNames": [
"Passed",
"Warned",
"Blocked",
"Quieted",
"Ignored"
],
"enum": [
0,
1,
2,
3,
4
]
},
"SeverityRank": {
"type": "integer",
"description": "",
"x-enumNames": [
"None",
"Info",
"Low",
"Medium",
"High",
"Critical",
"Unknown"
],
"enum": [
0,
1,
2,
3,
4,
5,
6
]
},
"PolicyExplainRule": {
"type": "object",
"additionalProperties": false,
"properties": {
"RuleId": {
"type": "string"
},
"RuleName": {
"type": "string"
},
"Action": {
"type": "string"
},
"Decision": {
"type": "string"
},
"Score": {
"type": "number",
"format": "double"
},
"Condition": {
"type": [
"null",
"string"
]
}
}
},
"PolicyExplainEvidence": {
"type": "object",
"additionalProperties": false,
"properties": {
"Type": {
"type": "string"
},
"Reference": {
"type": "string"
},
"Source": {
"type": "string"
},
"Status": {
"type": "string"
},
"Weight": {
"type": "number",
"format": "double"
},
"Justification": {
"type": [
"null",
"string"
]
},
"Metadata": {
"type": "object",
"additionalProperties": {
"type": "string"
}
}
}
},
"PolicyExplainVexImpact": {
"type": "object",
"additionalProperties": false,
"properties": {
"StatementId": {
"type": "string"
},
"Provider": {
"type": "string"
},
"Status": {
"type": "string"
},
"Accepted": {
"type": "boolean"
},
"Justification": {
"type": [
"null",
"string"
]
},
"Confidence": {
"type": [
"null",
"string"
]
}
}
},
"PolicyExplainHistoryEvent": {
"type": "object",
"additionalProperties": false,
"properties": {
"Status": {
"type": "string"
},
"OccurredAt": {
"type": "string",
"format": "date-time"
},
"Actor": {
"type": [
"null",
"string"
]
},
"Note": {
"type": [
"null",
"string"
]
}
}
}
}
}

130
docs/schemas/policy-run-request.schema.json Normal file
View File

@@ -0,0 +1,130 @@
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "PolicyRunRequest",
"type": "object",
"additionalProperties": false,
"properties": {
"SchemaVersion": {
"type": "string"
},
"TenantId": {
"type": "string"
},
"PolicyId": {
"type": "string"
},
"PolicyVersion": {
"type": [
"integer",
"null"
],
"format": "int32"
},
"Mode": {
"$ref": "#/definitions/PolicyRunMode"
},
"Priority": {
"$ref": "#/definitions/PolicyRunPriority"
},
"RunId": {
"type": [
"null",
"string"
]
},
"QueuedAt": {
"type": [
"null",
"string"
],
"format": "date-time"
},
"RequestedBy": {
"type": [
"null",
"string"
]
},
"CorrelationId": {
"type": [
"null",
"string"
]
},
"Metadata": {
"type": [
"null",
"object"
],
"additionalProperties": {
"type": "string"
}
},
"Inputs": {
"$ref": "#/definitions/PolicyRunInputs"
}
},
"definitions": {
"PolicyRunMode": {
"type": "integer",
"description": "",
"x-enumNames": [
"Full",
"Incremental",
"Simulate"
],
"enum": [
0,
1,
2
]
},
"PolicyRunPriority": {
"type": "integer",
"description": "",
"x-enumNames": [
"Normal",
"High",
"Emergency"
],
"enum": [
0,
1,
2
]
},
"PolicyRunInputs": {
"type": "object",
"additionalProperties": false,
"properties": {
"SbomSet": {
"type": "array",
"items": {
"type": "string"
}
},
"AdvisoryCursor": {
"type": [
"null",
"string"
],
"format": "date-time"
},
"VexCursor": {
"type": [
"null",
"string"
],
"format": "date-time"
},
"Environment": {
"type": "object",
"additionalProperties": {}
},
"CaptureExplain": {
"type": "boolean"
}
}
}
}
}

217
docs/schemas/policy-run-status.schema.json Normal file
View File

@@ -0,0 +1,217 @@
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "PolicyRunStatus",
"type": "object",
"additionalProperties": false,
"properties": {
"SchemaVersion": {
"type": "string"
},
"RunId": {
"type": "string"
},
"TenantId": {
"type": "string"
},
"PolicyId": {
"type": "string"
},
"PolicyVersion": {
"type": "integer",
"format": "int32"
},
"Mode": {
"$ref": "#/definitions/PolicyRunMode"
},
"Status": {
"$ref": "#/definitions/PolicyRunExecutionStatus"
},
"Priority": {
"$ref": "#/definitions/PolicyRunPriority"
},
"QueuedAt": {
"type": "string",
"format": "date-time"
},
"StartedAt": {
"type": [
"null",
"string"
],
"format": "date-time"
},
"FinishedAt": {
"type": [
"null",
"string"
],
"format": "date-time"
},
"DeterminismHash": {
"type": [
"null",
"string"
]
},
"ErrorCode": {
"type": [
"null",
"string"
]
},
"Error": {
"type": [
"null",
"string"
]
},
"Attempts": {
"type": "integer",
"format": "int32"
},
"TraceId": {
"type": [
"null",
"string"
]
},
"ExplainUri": {
"type": [
"null",
"string"
]
},
"Metadata": {
"type": "object",
"additionalProperties": {
"type": "string"
}
},
"Stats": {
"$ref": "#/definitions/PolicyRunStats"
},
"Inputs": {
"$ref": "#/definitions/PolicyRunInputs"
}
},
"definitions": {
"PolicyRunMode": {
"type": "integer",
"description": "",
"x-enumNames": [
"Full",
"Incremental",
"Simulate"
],
"enum": [
0,
1,
2
]
},
"PolicyRunExecutionStatus": {
"type": "integer",
"description": "",
"x-enumNames": [
"Queued",
"Running",
"Succeeded",
"Failed",
"Cancelled",
"ReplayPending"
],
"enum": [
0,
1,
2,
3,
4,
5
]
},
"PolicyRunPriority": {
"type": "integer",
"description": "",
"x-enumNames": [
"Normal",
"High",
"Emergency"
],
"enum": [
0,
1,
2
]
},
"PolicyRunStats": {
"type": "object",
"additionalProperties": false,
"properties": {
"Components": {
"type": "integer",
"format": "int32"
},
"RulesFired": {
"type": "integer",
"format": "int32"
},
"FindingsWritten": {
"type": "integer",
"format": "int32"
},
"VexOverrides": {
"type": "integer",
"format": "int32"
},
"Quieted": {
"type": "integer",
"format": "int32"
},
"Suppressed": {
"type": "integer",
"format": "int32"
},
"DurationSeconds": {
"type": [
"null",
"number"
],
"format": "double"
}
}
},
"PolicyRunInputs": {
"type": "object",
"additionalProperties": false,
"properties": {
"SbomSet": {
"type": "array",
"items": {
"type": "string"
}
},
"AdvisoryCursor": {
"type": [
"null",
"string"
],
"format": "date-time"
},
"VexCursor": {
"type": [
"null",
"string"
],
"format": "date-time"
},
"Environment": {
"type": "object",
"additionalProperties": {}
},
"CaptureExplain": {
"type": "boolean"
}
}
}
}
}