Add Policy DSL Validator, Schema Exporter, and Simulation Smoke tools
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
- Implemented PolicyDslValidator with command-line options for strict mode and JSON output. - Created PolicySchemaExporter to generate JSON schemas for policy-related models. - Developed PolicySimulationSmoke tool to validate policy simulations against expected outcomes. - Added project files and necessary dependencies for each tool. - Ensured proper error handling and usage instructions across tools.
This commit is contained in:
@@ -123,6 +123,23 @@ details // structured conflict explanation / merge reasoning
|
||||
- Conflict explainers are serialized as deterministic `MergeConflictExplainerPayload` records (type, reason, source ranks, winning values); replay clients can parse the payload to render human-readable rationales without re-computing precedence.
|
||||
- Concelier.WebService exposes the immutable log via `GET /concelier/advisories/{vulnerabilityKey}/replay[?asOf=UTC_ISO8601]`, returning the latest statements (with hex-encoded hashes) and any conflict explanations for downstream exporters and APIs.
|
||||
|
||||
**AdvisoryObservation (new in Sprint 24)**
|
||||
|
||||
```
|
||||
observationId // deterministic id: {tenant}:{source}:{upstreamId}:{revision}
|
||||
tenant // issuing tenant (lower-case)
|
||||
source{vendor,stream,api,collectorVersion}
|
||||
upstream{
|
||||
upstreamId, documentVersion, contentHash,
|
||||
fetchedAt, receivedAt, signature{present,format,keyId,signature}}
|
||||
content{format,specVersion,raw,metadata}
|
||||
linkset{aliases[], purls[], cpes[], references[{type,url}]}
|
||||
createdAt // when Concelier recorded the observation
|
||||
attributes // optional provenance metadata (e.g., batch, connector)
|
||||
```
|
||||
|
||||
The observation is an immutable projection of the raw ingestion document (post provenance validation, pre-merge) that powers Link‑Not‑Merge overlays and Vuln Explorer. Observations live in the `advisory_observations` collection, keyed by tenant + upstream identity. `linkset` provides normalized aliases/PURLs/CPES that downstream services (Graph/Vuln Explorer) join against without triggering merge logic. Concelier.Core exposes strongly-typed models (`AdvisoryObservation`, `AdvisoryObservationLinkset`, etc.) and a Mongo-backed store for filtered queries by tenant/alias; this keeps overlay consumers read-only while preserving AOC guarantees.
|
||||
|
||||
**ExportState**
|
||||
|
||||
```
|
||||
|
||||
Reference in New Issue
Block a user