stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Add Canonical JSON serialization library with tests and documentation

Browse Source 
- Implemented CanonJson class for deterministic JSON serialization and hashing.
- Added unit tests for CanonJson functionality, covering various scenarios including key sorting, handling of nested objects, arrays, and special characters.
- Created project files for the Canonical JSON library and its tests, including necessary package references.
- Added README.md for library usage and API reference.
- Introduced RabbitMqIntegrationFactAttribute for conditional RabbitMQ integration tests.
This commit is contained in:
master
2025-12-19 15:35:00 +02:00
parent 43882078a4
commit 951a38d561
192 changed files with 27550 additions and 2611 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
docs/key-features.md
View File

@@ -46,7 +46,22 @@ Each card below pairs the headline capability with the evidence that backs it an
- **Evidence:** `docs/market/competitive-landscape.md` distils a 15-vendor comparison; `03_VISION.md` lists moats; `docs/reachability/lead.md` details the reachability proof moat.
- **Why it matters:** Clear differentiation guides roadmap and sales; keeps us focused on replayable, sovereign, evidence-linked, and explainable security.
## 8. Deterministic Task Packs (2025-11)
## 8. Semantic Smart-Diff (2025-12)
- **What it is:** Diff security meaning, not just artifacts. Compare reachability graphs, policy outcomes, and trust weights between releases.
- **Evidence:** Drift detection in `src/Scanner/__Libraries/StellaOps.Scanner.ReachabilityDrift/`; DSSE-attested drift results.
- **Why it matters:** Outputs "This release reduces exploitability by 41% despite +2 CVEs" — no competitor quantifies semantic security deltas.
## 9. Unknowns as First-Class State (2025-12)
- **What it is:** Explicit modeling of Unknown-Reachable and Unknown-Unreachable states with risk scoring implications.
- **Evidence:** Unknowns Registry in Signals; `unknowns_pressure` factor in scoring; UI chips for unknowns.
- **Why it matters:** Uncertainty is risk. We don't hide it — we surface and score it. Critical for air-gapped and zero-day scenarios.
## 10. Call-Path Reachability Proofs (2025-12)
- **What it is:** Three-layer reachability: static call graph + binary resolution + runtime gating. All three must align for exploitability.
- **Evidence:** Vulnerability surfaces in `src/Scanner/__Libraries/StellaOps.Scanner.VulnSurfaces/`; confidence tiers (Confirmed/Likely/Present/Unreachable).
- **Why it matters:** Makes false positives *structurally impossible*, not heuristically reduced. Path witnesses are DSSE-signed.
## 11. Deterministic Task Packs (2025-11)
- **What it is:** TaskRunner executes declarative Task Packs with plan-hash binding, approvals, sealed-mode enforcement, and DSSE evidence bundles.
- **Evidence:** Product advisory `docs/product-advisories/29-Nov-2025 - Task Pack Orchestration and Automation.md`; architecture contract in `docs/modules/taskrunner/architecture.md`; runbook/spec in `docs/task-packs/*.md`.
- **Why it matters:** Security teams get auditable, air-gap-friendly automation with human approvals and provable provenance, reusing the same workflows online or offline.