feat: Add DigestUpsertRequest and LockEntity models
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Export Center CI / export-ci (push) Has been cancelled
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Export Center CI / export-ci (push) Has been cancelled
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
- Introduced DigestUpsertRequest for handling digest upsert requests with properties like ChannelId, Recipient, DigestKey, Events, and CollectUntil. - Created LockEntity to represent a lightweight distributed lock entry with properties such as Id, TenantId, Resource, Owner, ExpiresAt, and CreatedAt. feat: Implement ILockRepository interface and LockRepository class - Defined ILockRepository interface with methods for acquiring and releasing locks. - Implemented LockRepository class with methods to try acquiring a lock and releasing it, using SQL for upsert operations. feat: Add SurfaceManifestPointer record for manifest pointers - Introduced SurfaceManifestPointer to represent a minimal pointer to a Surface.FS manifest associated with an image digest. feat: Create PolicySimulationInputLock and related validation logic - Added PolicySimulationInputLock record to describe policy simulation inputs and expected digests. - Implemented validation logic for policy simulation inputs, including checks for digest drift and shadow mode requirements. test: Add unit tests for ReplayVerificationService and ReplayVerifier - Created ReplayVerificationServiceTests to validate the behavior of the ReplayVerificationService under various scenarios. - Developed ReplayVerifierTests to ensure the correctness of the ReplayVerifier logic. test: Implement PolicySimulationInputLockValidatorTests - Added tests for PolicySimulationInputLockValidator to verify the validation logic against expected inputs and conditions. chore: Add cosign key example and signing scripts - Included a placeholder cosign key example for development purposes. - Added a script for signing Signals artifacts using cosign with support for both v2 and v3. chore: Create script for uploading evidence to the evidence locker - Developed a script to upload evidence to the evidence locker, ensuring required environment variables are set.
This commit is contained in:
StellaOps Bot
4
docs/modules/policy/fixtures/spine-adapters/README.md
Normal file
4
docs/modules/policy/fixtures/spine-adapters/README.md
Normal file
@@ -0,0 +1,4 @@
|
||||
# Spine Adapters (SP1/SP4)
|
||||
- Version downgrade/upgrade tables for spine DTOs (e.g., v2→v1) stored as CSV.
|
||||
- Each table must have recorded BLAKE3 and SHA256 in `hashes.txt`.
|
||||
- Use canonical field ordering; adapters must be deterministic and offline.
|
||||
1
docs/modules/policy/fixtures/spine-adapters/hashes.txt
Normal file
1
docs/modules/policy/fixtures/spine-adapters/hashes.txt
Normal file
@@ -0,0 +1 @@
|
||||
v2-to-v1.csv: BLAKE3=<TBD> SHA256=<TBD>
|
||||
3
docs/modules/policy/fixtures/spine-crosswalk/README.md
Normal file
3
docs/modules/policy/fixtures/spine-crosswalk/README.md
Normal file
@@ -0,0 +1,3 @@
|
||||
# Spine Crosswalk Fixtures (SP10)
|
||||
- Holds tables and sample payloads mapping SBOM ↔ VEX ↔ graph ↔ policy inputs.
|
||||
- Include golden examples with deterministic ordering and recorded hashes (BLAKE3, SHA256).
|
||||
1
docs/modules/policy/fixtures/spine-crosswalk/hashes.txt
Normal file
1
docs/modules/policy/fixtures/spine-crosswalk/hashes.txt
Normal file
@@ -0,0 +1 @@
|
||||
crosswalk.csv: BLAKE3=<TBD> SHA256=<TBD>
|
||||
Reference in New Issue
Block a user