more features checks. setup improvements

2026-02-13 02:04:55 +02:00
parent 9911b7d73c
commit 9ca2de05df
675 changed files with 37550 additions and 1826 deletions
--- a/docs/qa/feature-checks/runs/policy/knowledge-snapshot-manifest/run-002/tier2-integration-check.json
+++ b/docs/qa/feature-checks/runs/policy/knowledge-snapshot-manifest/run-002/tier2-integration-check.json
@@ -0,0 +1,74 @@
+{
+  "type": "integration",
+  "capturedAtUtc": "2026-02-13T04:34:00Z",
+  "testCommand": "dotnet test src/Policy/__Tests/StellaOps.Policy.Tests/StellaOps.Policy.Tests.csproj --no-restore -v normal",
+  "testFilter": "SnapshotIdGeneratorTests, SnapshotServiceTests, BaselineSelectorTests (snapshot manifest)",
+  "testsRun": 781,
+  "testsPassed": 781,
+  "testsFailed": 0,
+  "targetedTestMethods": [
+    "SnapshotIdGeneratorTests.GenerateId_DeterministicForSameContent",
+    "SnapshotIdGeneratorTests.GenerateId_DifferentForDifferentContent",
+    "SnapshotIdGeneratorTests.GenerateId_StartsWithCorrectPrefix",
+    "SnapshotIdGeneratorTests.GenerateId_HasCorrectLength",
+    "SnapshotIdGeneratorTests.ValidateId_ValidManifest_ReturnsTrue",
+    "SnapshotIdGeneratorTests.ValidateId_TamperedManifest_ReturnsFalse",
+    "SnapshotIdGeneratorTests.ValidateId_ModifiedSnapshotId_ReturnsFalse",
+    "SnapshotIdGeneratorTests.ParseId_ValidId_ReturnsComponents",
+    "SnapshotIdGeneratorTests.ParseId_InvalidPrefix_ReturnsNull",
+    "SnapshotIdGeneratorTests.ParseId_ShortHash_ReturnsNull",
+    "SnapshotIdGeneratorTests.ParseId_EmptyString_ReturnsNull",
+    "SnapshotIdGeneratorTests.IsValidIdFormat_ValidId_ReturnsTrue",
+    "SnapshotIdGeneratorTests.IsValidIdFormat_InvalidId_ReturnsFalse",
+    "SnapshotIdGeneratorTests.GenerateId_ExcludesSignature",
+    "SnapshotServiceTests.CreateSnapshot_PersistsManifest",
+    "SnapshotServiceTests.CreateSnapshot_GeneratesValidId",
+    "SnapshotServiceTests.GetSnapshot_NonExistent_ReturnsNull",
+    "SnapshotServiceTests.VerifySnapshot_ValidManifest_ReturnsSuccess",
+    "SnapshotServiceTests.VerifySnapshot_TamperedManifest_ReturnsFail",
+    "SnapshotServiceTests.ListSnapshots_ReturnsOrderedByCreatedAt",
+    "SnapshotServiceTests.ListSnapshots_RespectsSkipAndTake",
+    "SnapshotServiceTests.SealSnapshot_WithoutSigner_Throws",
+    "SnapshotServiceTests.Store_Delete_RemovesSnapshot"
+  ],
+  "behaviorVerified": [
+    "KnowledgeSnapshotManifest: sealed record with SnapshotId, CreatedAt, Engine, Plugins, Policy, Scoring, Trust, Sources, Environment, Signature, ManifestVersion",
+    "SnapshotId format: 'ksm:sha256:{hash}' (11 prefix chars + 64 hex chars = 75 total)",
+    "Content-addressed: same manifest always produces same SnapshotId",
+    "Content-addressed: different content produces different SnapshotId",
+    "Signature excluded from ID computation (signing doesn't change the ID)",
+    "SnapshotIdGenerator.ValidateId: recomputes hash and compares to SnapshotId",
+    "SnapshotIdGenerator.ValidateId: tampered manifest returns false",
+    "SnapshotIdGenerator.ValidateId: modified SnapshotId returns false",
+    "SnapshotIdGenerator.ParseId: extracts algorithm and hash from valid ID",
+    "SnapshotIdGenerator.ParseId: returns null for invalid prefix, short hash, empty string",
+    "SnapshotIdGenerator.IsValidIdFormat: validates 'ksm:sha256:' prefix and length",
+    "EngineInfo record: Name, Version, Commit",
+    "PluginInfo record: Name, Version, Type",
+    "PolicyBundleRef record: PolicyId, Digest, Uri",
+    "ScoringRulesRef record: RulesId, Digest, Uri",
+    "TrustBundleRef record: BundleId, Digest, Uri (optional)",
+    "KnowledgeSourceDescriptor: Name, Type, Epoch, Digest, Origin, LastUpdatedAt, RecordCount, InclusionMode, BundlePath",
+    "KnowledgeSourceTypes: AdvisoryFeed, Vex, Sbom, Reachability, Policy",
+    "SnapshotBuilder: fluent builder with WithEngine, WithPolicy, WithScoring, WithAdvisoryFeed",
+    "SnapshotService: CreateSnapshotAsync persists and generates valid ID",
+    "SnapshotService: GetSnapshotAsync retrieves by ID, returns null for non-existent",
+    "SnapshotService: VerifySnapshotAsync validates integrity (tampered -> error message 'does not match')",
+    "SnapshotService: ListSnapshotsAsync ordered by CreatedAt descending, supports skip/take",
+    "SnapshotService: SealSnapshotAsync without signer throws InvalidOperationException",
+    "SnapshotAwarePolicyEvaluator: evaluates policy using pinned snapshot inputs"
+  ],
+  "assertionTypes": [
+    "content-addressing",
+    "determinism",
+    "integrity-validation",
+    "tamper-detection",
+    "format-validation",
+    "crud-lifecycle",
+    "pagination"
+  ],
+  "newTestsWritten": [],
+  "bugsFixed": [],
+  "rawOutput": "Policy.Tests: Passed! - Failed: 0, Passed: 781, Skipped: 0, Total: 781, Duration: 3s 714ms",
+  "verdict": "pass"
+}