up

scripts/policy/batch-simulate.sh

@@ -0,0 +1,49 @@
+#!/usr/bin/env bash
+set -euo pipefail
+ROOT=$(cd "$(dirname "$0")/.." && pwd)
+CLI_PROJECT="$ROOT/Cli/StellaOps.Cli/StellaOps.Cli.csproj"
+POLICY_FILES=("docs/examples/policies/baseline.stella" "docs/examples/policies/internal-only.stella" "docs/examples/policies/serverless.stella")
+SBOM_FILE="docs/examples/policies/sample-sbom.json"
+OUT_DIR="${OUT_DIR:-out/policy-sim}"
+THRESHOLD=${THRESHOLD:-0}
+
+usage() {
+  cat <<'USAGE'
+Batch policy simulate harness (DEVOPS-POLICY-27-002)
+- Runs stella policy simulate against sample policies and a sample SBOM
+- Fails if violation count exceeds THRESHOLD (default 0)
+
+Env/flags:
+  OUT_DIR=out/policy-sim
+  THRESHOLD=0
+  SBOM_FILE=docs/examples/policies/sample-sbom.json
+USAGE
+}
+
+if [[ ${1:-} == "-h" || ${1:-} == "--help" ]]; then usage; exit 0; fi
+mkdir -p "$OUT_DIR"
+
+violations=0
+for policy in "${POLICY_FILES[@]}"; do
+  name=$(basename "$policy" .stella)
+  report="$OUT_DIR/${name}-simulate.json"
+  dotnet run --project "$CLI_PROJECT" -- policy simulate --policy "$policy" --sbom "$SBOM_FILE" --format json --no-color > "$report"
+  # count violations if field exists
+  count=$(python - <<PY "$report"
+import json,sys
+with open(sys.argv[1]) as f:
+    data=json.load(f)
+viol = 0
+if isinstance(data, dict):
+    viol = len(data.get("violations", [])) if isinstance(data.get("violations", []), list) else 0
+print(viol)
+PY)
+  echo "[$name] violations=$count" | tee -a "$OUT_DIR/summary.txt"
+  violations=$((violations + count))
+done
+
+echo "total_violations=$violations" | tee -a "$OUT_DIR/summary.txt"
+if (( violations > THRESHOLD )); then
+  echo "Violation threshold exceeded ($violations > $THRESHOLD)" >&2
+  exit 1
+fi