stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity

feat: Add DigestUpsertRequest and LockEntity models
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Export Center CI / export-ci (push) Has been cancelled
Details
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
Details

Browse Source 
- Introduced DigestUpsertRequest for handling digest upsert requests with properties like ChannelId, Recipient, DigestKey, Events, and CollectUntil.
- Created LockEntity to represent a lightweight distributed lock entry with properties such as Id, TenantId, Resource, Owner, ExpiresAt, and CreatedAt.

feat: Implement ILockRepository interface and LockRepository class

- Defined ILockRepository interface with methods for acquiring and releasing locks.
- Implemented LockRepository class with methods to try acquiring a lock and releasing it, using SQL for upsert operations.

feat: Add SurfaceManifestPointer record for manifest pointers

- Introduced SurfaceManifestPointer to represent a minimal pointer to a Surface.FS manifest associated with an image digest.

feat: Create PolicySimulationInputLock and related validation logic

- Added PolicySimulationInputLock record to describe policy simulation inputs and expected digests.
- Implemented validation logic for policy simulation inputs, including checks for digest drift and shadow mode requirements.

test: Add unit tests for ReplayVerificationService and ReplayVerifier

- Created ReplayVerificationServiceTests to validate the behavior of the ReplayVerificationService under various scenarios.
- Developed ReplayVerifierTests to ensure the correctness of the ReplayVerifier logic.

test: Implement PolicySimulationInputLockValidatorTests

- Added tests for PolicySimulationInputLockValidator to verify the validation logic against expected inputs and conditions.

chore: Add cosign key example and signing scripts

- Included a placeholder cosign key example for development purposes.
- Added a script for signing Signals artifacts using cosign with support for both v2 and v3.

chore: Create script for uploading evidence to the evidence locker

- Developed a script to upload evidence to the evidence locker, ensuring required environment variables are set.
This commit is contained in:
StellaOps Bot
2025-12-03 07:51:50 +02:00
parent 37cba83708
commit e923880694
171 changed files with 6567 additions and 2952 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
docs/modules/orchestrator/job-export-contract.md Normal file
View File

@@ -0,0 +1,51 @@
# Orchestrator → Findings Ledger Export Contract
Status: Available (2025-12-03)
Scope: defines the deterministic payload Orchestrator emits for job/run exports that Findings Ledger ingests for provenance (LEDGER-34-101).
## Payload shape
```jsonc
{
"runId": "uuid", // job/run correlation id
"jobType": "string", // e.g., mirror-build, policy-sim, scan
"artifactHash": "sha256:...", // CAS digest of primary artifact
"policyHash": "sha256:...", // optional; policy bundle hash
"startedAt": "2025-12-02T00:00:00Z",
"completedAt": "2025-12-02T00:05:30Z",
"status": "succeeded|failed|canceled",
"manifestPath": "cas://.../manifest.json", // DSSE or CAS path
"logsPath": "cas://.../logs.ndjson",
"tenantId": "string",
"environment": "prod|stage|dev",
"idempotencyKey": "sha256:...", // runId+artifactHash
"signatures": [ { "type": "dsse", "keyId": "...", "signature": "..." } ]
}
```
## Determinism & ordering
- Entries sorted by `runId` when streamed; pagination stable via `runId, startedAt` ascending.
- `idempotencyKey = sha256(runId + artifactHash + tenantId)`; duplicate submissions are rejected with 409.
- Timestamps UTC ISO-8601; no clock-skew correction performed by Ledger.
## Transport
- REST: `POST /internal/orchestrator/exports` (Orchestrator) → Findings Ledger ingest queue.
- Events: `orchestrator.export.created` carries the same payload; consumers must verify DSSE before persistence.
## Validation rules (Ledger side)
- Require DSSE signature (Ed25519) when `signatures` present; fail closed if verification fails.
- Enforce presence of `runId`, `artifactHash`, `startedAt`, `status`.
- Hash fields must match `^sha256:[A-Fa-f0-9]{64}$`.
- Allowed status transitions: pending→running→succeeded/failed/canceled; replays only allowed when `idempotencyKey` matches existing record.
## Mapping to Findings Ledger
- Stored in collection/table `orchestrator_exports` with index `(artifactHash, runId)` and TTL optional on logs if configured.
- Timeline entry type `ledger_export` references `runId`, `artifactHash`, `policyHash`, `manifestPath`, `logsPath`, DSSE envelope digest, and `idempotencyKey`.
- Cross-links: `bundleId` (if mirror build) or `scanId` (if scan job) may be added as optional fields; Ledger treats them as opaque strings.
## Security / scopes
- Required scope: `orchestrator:exports:write` for producer; Ledger ingress validates tenant headers and scope.
- Max payload: 1 MiB; logs must be CAS/DSSE referenced, not inline.
## Offline/air-gap considerations
- CAS/DSSE paths must resolve within offline kit bundles; no external URIs permitted.
- Deterministic ordering + idempotency allow replay without side effects; Ledger rejects writes when DSSE or hash mismatch.