stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

save checkpoint

Browse Source
This commit is contained in:
master
2026-02-14 09:11:48 +02:00
parent 9ca2de05df
commit e9aeadc040
1512 changed files with 30863 additions and 4728 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
docs/features/checked/attestor/attestation-determinism-testing.md Normal file
View File

@@ -0,0 +1,40 @@
# Attestation Determinism Testing
## Module
Attestor
## Status
VERIFIED
## Description
Golden test vectors and determinism verification tests ensuring byte-for-byte reproducibility of attestations, DSSE envelopes, and policy engine evaluations.
## Implementation Details
- **Golden Samples Tests**: `src/Attestor/__Tests/StellaOps.Attestor.Types.Tests/AttestationGoldenSamplesTests.cs` -- verifies attestations match golden test vectors byte-for-byte.
- **Attestation Determinism Tests**: `__Tests/StellaOps.Attestor.Types.Tests/Determinism/AttestationDeterminismTests.cs` -- ensures repeated attestation generation produces identical output.
- **DSSE Envelope Determinism**: `__Tests/StellaOps.Attestor.ProofChain.Tests/Envelope/DsseEnvelopeDeterminismTests.cs` -- verifies DSSE envelope serialization is deterministic.
- **In-Toto Statement Snapshots**: `__Tests/StellaOps.Attestor.ProofChain.Tests/Statements/InTotoStatementSnapshotTests.cs` -- snapshot tests for in-toto statement serialization stability.
- **Canonical JSON**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Json/Rfc8785JsonCanonicalizer.cs` (with `.DecimalPoint`, `.NumberSerialization`, `.StringNormalization`, `.WriteMethods` partials) -- RFC 8785 canonical JSON serialization ensuring deterministic output.
- **CycloneDX Determinism**: `__Tests/StellaOps.Attestor.StandardPredicates.Tests/CycloneDxDeterminismTests.cs` -- verifies CycloneDX SBOM output is deterministic.
- **SPDX Determinism**: `__Tests/StellaOps.Attestor.StandardPredicates.Tests/SpdxDeterminismTests.cs` -- verifies SPDX SBOM output is deterministic.
- **Canonical JSON Tests**: `__Tests/StellaOps.Attestor.ProofChain.Tests/JsonCanonicalizerTests.cs`, `__Tests/StellaOps.Attestor.StandardPredicates.Tests/JsonCanonicalizerTests.cs`
- **Conformance Tests**: `__Tests/StellaOps.Attestor.Conformance.Tests/` -- `VerificationParityTests.cs`, `InclusionProofParityTests.cs`, `CheckpointParityTests.cs` verify cross-implementation consistency.
## E2E Test Plan
- [ ] Generate an attestation from identical inputs twice and compare SHA-256 hashes of the serialized output to verify byte-for-byte equality
- [ ] Serialize a DSSE envelope, deserialize it, re-serialize, and verify the output bytes are identical (idempotent serialization)
- [ ] Run the RFC 8785 canonicalizer on JSON with out-of-order keys, varied whitespace, and Unicode escapes, then verify the output matches the canonical form
- [ ] Generate CycloneDX SBOM output from identical inputs on two separate runs and verify SHA-256 hash match
- [ ] Generate SPDX SBOM output from identical inputs on two separate runs and verify SHA-256 hash match
- [ ] Verify golden sample test vectors by comparing generated attestation against known-good fixtures stored in the test project
- [ ] Run conformance parity tests to verify Attestor output matches reference implementations for checkpoint parsing, inclusion proofs, and verification
## Verification
| Check | Result |
|-------|--------|
| Tier 0 - Source Verification | PASS |
| Tier 1 - Build + Code Review | PASS |
| Tier 2 - Behavioral Verification | PASS |
| Verified Date | 2026-02-13 |
| Run ID | run-001 |