Add Policy DSL Validator, Schema Exporter, and Simulation Smoke tools

- Implemented PolicyDslValidator with command-line options for strict mode and JSON output. - Created PolicySchemaExporter to generate JSON schemas for policy-related models. - Developed PolicySimulationSmoke tool to validate policy simulations against expected outcomes. - Added project files and necessary dependencies for each tool. - Ensured proper error handling and usage instructions across tools.
2025-10-27 08:00:11 +02:00
parent 651b8e0fa3
commit 96d52884e8
712 changed files with 49449 additions and 6124 deletions
--- a/samples/api/scheduler/policy-explain-trace.json
+++ b/samples/api/scheduler/policy-explain-trace.json
@@ -0,0 +1,83 @@
+{
+  "schemaVersion": "scheduler.policy-explain-trace@1",
+  "findingId": "finding:sbom:S-42/pkg:npm/lodash@4.17.21",
+  "policyId": "P-7",
+  "policyVersion": 4,
+  "tenantId": "default",
+  "runId": "run:P-7:2025-10-26:auto",
+  "evaluatedAt": "2025-10-26T14:06:01+00:00",
+  "verdict": {
+    "status": "blocked",
+    "severity": "critical",
+    "score": 19.5,
+    "rationale": "Matches rule-block-critical"
+  },
+  "ruleChain": [
+    {
+      "ruleId": "rule-allow-known",
+      "ruleName": "Allow Known Vendors",
+      "action": "allow",
+      "decision": "skipped",
+      "condition": "when vendor == \"trusted\""
+    },
+    {
+      "ruleId": "rule-block-critical",
+      "ruleName": "Block Critical Findings",
+      "action": "block",
+      "decision": "matched",
+      "score": 19.5,
+      "condition": "when severity >= Critical"
+    }
+  ],
+  "evidence": [
+    {
+      "type": "advisory",
+      "reference": "CVE-2025-12345",
+      "source": "nvd",
+      "status": "affected",
+      "weight": 1,
+      "justification": "Vendor advisory",
+      "metadata": {}
+    },
+    {
+      "type": "vex",
+      "reference": "vex:ghsa-2025-0001",
+      "source": "vendor",
+      "status": "not_affected",
+      "weight": 0.5,
+      "justification": "Runtime unreachable",
+      "metadata": {
+        "justificationid": "csaf:justification/123"
+      }
+    }
+  ],
+  "vexImpacts": [
+    {
+      "statementId": "vex:ghsa-2025-0001",
+      "provider": "vendor",
+      "status": "not_affected",
+      "accepted": true,
+      "justification": "Runtime unreachable",
+      "confidence": "medium"
+    }
+  ],
+  "history": [
+    {
+      "status": "blocked",
+      "occurredAt": "2025-10-26T14:06:01+00:00",
+      "actor": "policy-engine",
+      "note": "Initial evaluation"
+    },
+    {
+      "status": "blocked",
+      "occurredAt": "2025-10-26T14:16:01+00:00",
+      "actor": "policy-engine",
+      "note": "Replay verification"
+    }
+  ],
+  "metadata": {
+    "componentpurl": "pkg:npm/lodash@4.17.21",
+    "sbomid": "sbom:S-42",
+    "traceid": "01HE0BJX5S4T9YCN6ZT0"
+  }
+}