feat: Add VEX Lens CI and Load Testing Plan

- Introduced a comprehensive CI job structure for VEX Lens, including build, test, linting, and load testing.
- Defined load test parameters and SLOs for VEX Lens API and Issuer Directory.
- Created Grafana dashboards and alerting mechanisms for monitoring API performance and error rates.
- Established offline posture guidelines for CI jobs and load testing.

feat: Implement deterministic projection verification script

- Added `verify_projection.sh` script for verifying the integrity of projection exports against expected hashes.
- Ensured robust error handling for missing files and hash mismatches.

feat: Develop Vuln Explorer CI and Ops Plan

- Created CI jobs for Vuln Explorer, including build, test, and replay verification.
- Implemented backup and disaster recovery strategies for MongoDB and Redis.
- Established Merkle anchoring verification and automation for ledger projector.

feat: Introduce EventEnvelopeHasher for hashing event envelopes

- Implemented `EventEnvelopeHasher` to compute SHA256 hashes for event envelopes.

feat: Add Risk Store and Dashboard components

- Developed `RiskStore` for managing risk data and state.
- Created `RiskDashboardComponent` for displaying risk profiles with filtering capabilities.
- Implemented unit tests for `RiskStore` and `RiskDashboardComponent`.

feat: Enhance Vulnerability Detail Component

- Developed `VulnerabilityDetailComponent` for displaying detailed information about vulnerabilities.
- Implemented error handling for missing vulnerability IDs and loading failures.

ops/devops/telemetry/tests/ci-run.sh

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+set -euo pipefail
+ROOT="$(cd "$(dirname "$0")/../../" && pwd)"
+SCHEMA="$ROOT/docs/modules/telemetry/schemas/telemetry-bundle.schema.json"
+
+"$ROOT/ops/devops/telemetry/tests/run-schema-tests.sh"
+TELEMETRY_BUNDLE_SCHEMA="$SCHEMA" "$ROOT/ops/devops/telemetry/verify-telemetry-bundle.sh" "$ROOT/ops/devops/telemetry/tests/telemetry-bundle.tar"

ops/devops/telemetry/tests/config-valid.json

@@ -0,0 +1,35 @@
+{
+  "schemaVersion": "1.0.0",
+  "hashAlgorithm": "sha256",
+  "profiles": [
+    {
+      "name": "default",
+      "description": "default profile",
+      "collectorVersion": "otelcol/1.0.0",
+      "cryptoProfile": "fips",
+      "sealedMode": false,
+      "allowlistedEndpoints": ["http://localhost:4318"],
+      "exporters": [
+        {
+          "type": "otlp",
+          "endpoint": "http://localhost:4318",
+          "protocol": "http",
+          "compression": "none",
+          "enabled": true
+        }
+      ],
+      "redactionPolicyUri": "https://example.com/redaction-policy.json",
+      "sampling": {
+        "strategy": "traceidratio",
+        "seed": "0000000000000001",
+        "rules": [
+          {"match": "service.name == 'api'", "priority": 10, "sampleRate": 0.2}
+        ]
+      },
+      "tenantRouting": {
+        "attribute": "tenant.id",
+        "quotasPerTenant": {"tenant-a": 1000}
+      }
+    }
+  ]
+}

ops/devops/telemetry/tests/make-sample.sh

@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+set -euo pipefail
+ROOT="$(cd "$(dirname "$0")/../" && pwd)"
+BUNDLE_DIR="$ROOT/tests/sample-bundle"
+mkdir -p "$BUNDLE_DIR"
+cp "$ROOT/tests/manifest-valid.json" "$BUNDLE_DIR/telemetry-bundle.json"
+(cd "$BUNDLE_DIR" && sha256sum telemetry-bundle.json > telemetry-bundle.sha256)
+tar --mtime=@0 --owner=0 --group=0 --numeric-owner --format=ustar -C "$BUNDLE_DIR" -cf "$ROOT/tests/telemetry-bundle.tar" telemetry-bundle.json telemetry-bundle.sha256
+echo "Wrote sample bundle to $ROOT/tests/telemetry-bundle.tar"

ops/devops/telemetry/tests/run-schema-tests.sh

@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+set -euo pipefail
+ROOT="$(cd "$(dirname "$0")/../../" && pwd)"
+if ! command -v python >/dev/null 2>&1; then
+  echo "python not found" >&2; exit 127; fi
+if ! python - <<'PY' >/dev/null 2>&1; then
+import jsonschema
+PY
+then
+  echo "python jsonschema module not installed" >&2; exit 127; fi
+python - <<'PY'
+import json, pathlib
+from jsonschema import validate
+root = pathlib.Path('ops/devops/telemetry/tests')
+config = json.loads((root / 'config-valid.json').read_text())
+schema = json.loads(pathlib.Path('docs/modules/telemetry/schemas/telemetry-config.schema.json').read_text())
+validate(config, schema)
+print('telemetry-config schema ok')
+PY

ops/devops/telemetry/tests/sample-bundle/telemetry-bundle.json

@@ -0,0 +1,26 @@
+{
+  "schemaVersion": "1.0.0",
+  "bundleId": "00000000-0000-0000-0000-000000000001",
+  "createdAt": "2025-12-01T00:00:00Z",
+  "profileHash": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+  "collectorVersion": "otelcol/1.0.0",
+  "sealedMode": true,
+  "redactionManifest": "redaction-manifest.json",
+  "manifestHashAlgorithm": "sha256",
+  "timeAnchor": {
+    "type": "rfc3161",
+    "value": "dummy-token"
+  },
+  "artifacts": [
+    {
+      "path": "logs.ndjson",
+      "sha256": "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb",
+      "mediaType": "application/x-ndjson",
+      "size": 123
+    }
+  ],
+  "dsseEnvelope": {
+    "hash": "cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc",
+    "location": "bundle.dsse.json"
+  }
+}

ops/devops/telemetry/tests/sample-bundle/telemetry-bundle.sha256

@@ -0,0 +1 @@
+6e3fedbf183aece5dfa14a90ebce955e2887d36747c424e628dc2cc03bcb0ed3  telemetry-bundle.json