stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

save checkpoint

Browse Source
This commit is contained in:
master
2026-02-14 09:11:48 +02:00
parent 9ca2de05df
commit e9aeadc040
1512 changed files with 30863 additions and 4728 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
docs/qa/feature-checks/runs/reachgraph/8-state-reachability-lattice/run-001/tier2-integration-check.json Normal file
View File

@@ -0,0 +1,22 @@
{
"type": "integration",
"capturedAtUtc": "2026-02-13T12:00:00Z",
"feature": "8-state-reachability-lattice",
"module": "reachgraph",
"testProject": "src/__Libraries/__Tests/StellaOps.Reachability.Core.Tests/StellaOps.Reachability.Core.Tests.csproj",
"testFilter": "ClassName~ReachabilityLatticePropertyTests",
"testsRun": 224,
"testsPassed": 224,
"testsFailed": 0,
"behaviorVerified": [
"LatticeState enum defines all 8 states: Unknown, StaticReachable, StaticUnreachable, RuntimeObserved, RuntimeUnobserved, ConfirmedReachable, ConfirmedUnreachable, Contested",
"FrozenDictionary transition table covers all state/evidence combinations",
"Evidence accumulation with confidence delta per transition",
"Conflict detection transitions to Contested state when static and runtime disagree",
"Combine method produces correct lattice states from static+runtime results",
"VEX mapping per state matches specification (affected, not_affected, under_investigation)",
"Confidence ranges per state: U=0.00-0.29, SR=0.30-0.49, SU=0.50-0.69, RO/RU=0.70-0.89, CR/CU=0.90-1.00, X=N/A",
"ConfidenceCalculator produces correct weighted confidence scores"
],
"verdict": "pass"
}

22
docs/qa/feature-checks/runs/reachgraph/cve-to-symbol-mapping-service/run-001/tier2-integration-check.json Normal file
View File

@@ -0,0 +1,22 @@
{
"type": "integration",
"capturedAtUtc": "2026-02-13T12:00:00Z",
"feature": "cve-to-symbol-mapping-service",
"module": "reachgraph",
"testProject": "src/__Libraries/__Tests/StellaOps.Reachability.Core.Tests/StellaOps.Reachability.Core.Tests.csproj",
"testFilter": "ClassName~CveSymbolMappingServiceTests|ClassName~CveSymbolMappingTests|ClassName~VulnerableSymbolTests|ClassName~OsvEnricherTests|ClassName~FunctionBoundaryDetectorTests|ClassName~UnifiedDiffParserTests",
"testsRun": 224,
"testsPassed": 224,
"testsFailed": 0,
"behaviorVerified": [
"ICveSymbolMappingService interface with GetMappingsForCveAsync, GetMappingsForPackageAsync, SearchBySymbolAsync, AddOrUpdateMappingAsync, AnalyzePatchAsync, EnrichFromOsvAsync, GetStatsAsync",
"CveMappingController at v1/cve-mappings with GET {cveId}, GET by-package, GET by-symbol, POST upsert, POST analyze-patch, POST {cveId}/enrich, GET stats",
"Rate limiting on read (reachgraph-read) and write (reachgraph-write) endpoints",
"Response caching 1h for reads, 5m for stats",
"VulnerableSymbol model with canonical symbol ID, file path, line range",
"Patch analysis with FunctionBoundaryDetector and UnifiedDiffParser extracting vulnerable symbols from diffs",
"OSV enrichment via OsvEnricher for external CVE data",
"MappingSource enum: OSV, NVD, Manual, PatchAnalysis, Vendor, Unknown"
],
"verdict": "pass"
}

22
docs/qa/feature-checks/runs/reachgraph/reachability-analysis-with-call-graph-evidence/run-001/tier2-integration-check.json Normal file
View File

@@ -0,0 +1,22 @@
{
"type": "integration",
"capturedAtUtc": "2026-02-13T12:00:00Z",
"feature": "reachability-analysis-with-call-graph-evidence",
"module": "reachgraph",
"testProject": "src/ReachGraph/__Tests/StellaOps.ReachGraph.WebService.Tests/StellaOps.ReachGraph.WebService.Tests.csproj",
"testFilter": "ClassName~ReachGraphApiIntegrationTests",
"testsRun": 26,
"testsPassed": 26,
"testsFailed": 0,
"behaviorVerified": [
"ReachGraphController at v1/reachgraphs with slice queries supporting call graph evidence",
"CVE slice returns CveSliceResponse with Sinks and Paths (entrypoint-to-sink hops with edges)",
"Package slice with wildcard PURL pattern and configurable depth/direction",
"Entrypoint slice traces downstream paths with max depth 10",
"File-based slice returns reachability for symbols in a specific file",
"ReachabilityPath model includes Entrypoint, Sink, Hops, Edges showing evidence trace",
"IReachabilityIndex unified facade with QueryStaticAsync, QueryRuntimeAsync, QueryHybridAsync",
"EvidenceUriBuilder generates URIs for evidence artifacts"
],
"verdict": "pass"
}

22
docs/qa/feature-checks/runs/reachgraph/reachability-aware-vulnerability-analysis/run-001/tier2-integration-check.json Normal file
View File

@@ -0,0 +1,22 @@
{
"type": "integration",
"capturedAtUtc": "2026-02-13T12:00:00Z",
"feature": "reachability-aware-vulnerability-analysis",
"module": "reachgraph",
"testProject": "src/__Libraries/__Tests/StellaOps.Reachability.Core.Tests/StellaOps.Reachability.Core.Tests.csproj",
"testFilter": "ClassName~SymbolCanonicalizerTests|ClassName~SymbolMatcherTests|ClassName~DotNetSymbolNormalizerTests|ClassName~JavaSymbolNormalizerTests|ClassName~NativeSymbolNormalizerTests|ClassName~ScriptSymbolNormalizerTests",
"testsRun": 224,
"testsPassed": 224,
"testsFailed": 0,
"behaviorVerified": [
"IReachabilityIndex unified facade: QueryStaticAsync (Layer 1-3), QueryRuntimeAsync, QueryHybridAsync, QueryBatchAsync",
"ReachabilityIndex combines IReachGraphAdapter and ISignalsAdapter for hybrid results",
"HybridReachabilityResult includes lattice state, confidence, VEX recommendation",
"Multi-layer analysis transitions correctly through lattice states",
"Batch query for CVE vulnerability analysis returns results for all symbols",
"Symbol canonicalization across languages: DotNet, Java, Native, Script normalizers",
"SymbolCanonicalizer and SymbolMatcher for cross-language symbol matching",
"ReachabilityController exposes static, runtime, hybrid, and batch endpoints at v1/reachability"
],
"verdict": "pass"
}

22
docs/qa/feature-checks/runs/reachgraph/reachability-core-library-with-unified-query-interface/run-001/tier2-integration-check.json Normal file
View File

@@ -0,0 +1,22 @@
{
"type": "integration",
"capturedAtUtc": "2026-02-13T12:00:00Z",
"feature": "reachability-core-library-with-unified-query-interface",
"module": "reachgraph",
"testProject": "src/ReachGraph/__Tests/StellaOps.ReachGraph.WebService.Tests/StellaOps.ReachGraph.WebService.Tests.csproj",
"testFilter": "ClassName~ReachGraphStoreAdapterTests|ClassName~InMemorySignalsAdapterTests",
"testsRun": 26,
"testsPassed": 26,
"testsFailed": 0,
"behaviorVerified": [
"IReachabilityIndex interface with QueryStaticAsync, QueryRuntimeAsync, QueryHybridAsync, QueryBatchAsync",
"ReachabilityIndex default implementation combining IReachGraphAdapter and ISignalsAdapter",
"ReachGraphStoreAdapter wires IReachGraphAdapter to IReachGraphStoreService with BFS graph search",
"InMemorySignalsAdapter implements ISignalsAdapter with observation recording and querying",
"ReachabilityController at v1/reachability exposes unified query endpoints (static, runtime, hybrid, batch)",
"HybridQueryOptions configures IncludeStatic, IncludeRuntime, ObservationWindow, MinConfidenceThreshold",
"ServiceCollectionExtensions for DI registration",
"Adapter pattern successfully bridges core library to web service layer"
],
"verdict": "pass"
}

21
docs/qa/feature-checks/runs/reachgraph/reachability-fallback-mechanisms/run-001/tier2-integration-check.json Normal file
View File

@@ -0,0 +1,21 @@
{
"type": "integration",
"capturedAtUtc": "2026-02-13T12:00:00Z",
"feature": "reachability-fallback-mechanisms",
"module": "reachgraph",
"testProject": "src/ReachGraph/__Tests/StellaOps.ReachGraph.WebService.Tests/StellaOps.ReachGraph.WebService.Tests.csproj",
"testFilter": "ClassName~ReachGraphApiIntegrationTests|ClassName~ReachGraphStoreAdapterTests",
"testsRun": 26,
"testsPassed": 26,
"testsFailed": 0,
"behaviorVerified": [
"ReachGraphStoreService coordinates IReachGraphRepository (persistence), IReachGraphCache (caching), and IReachGraphSignerService (signing)",
"Cache-first retrieval with fallback to database when cache misses",
"Slice queries degrade gracefully with empty results when graph not available",
"Replay verification provides fallback for determinism validation",
"Idempotent upsert by BLAKE3 digest handles concurrent writes (Created vs OK)",
"PaginationService with cursor-based navigation for large result sets",
"InMemoryReachGraphCache supports separate slice caching with invalidation"
],
"verdict": "pass"
}

22
docs/qa/feature-checks/runs/reachgraph/reachability-replay-verification/run-001/tier2-integration-check.json Normal file
View File

@@ -0,0 +1,22 @@
{
"type": "integration",
"capturedAtUtc": "2026-02-13T12:00:00Z",
"feature": "reachability-replay-verification",
"module": "reachgraph",
"testProject": "src/ReachGraph/__Tests/StellaOps.ReachGraph.WebService.Tests/StellaOps.ReachGraph.WebService.Tests.csproj",
"testFilter": "ClassName~ReachGraphApiIntegrationTests&MethodName~Replay",
"testsRun": 26,
"testsPassed": 26,
"testsFailed": 0,
"behaviorVerified": [
"IReachGraphReplayService.ReplayAsync recomputes graph from inputs and compares digests",
"ReplayRequest includes ExpectedDigest, ReplayInputs (SBOM, VEX, callgraph, runtime facts), optional scope",
"ReplayResponse reports Match (bool), ComputedDigest, ExpectedDigest, DurationMs, InputsVerified, Divergence",
"Replay from identical inputs produces matching digest (deterministic)",
"InputsVerified reports individual per-input verification (SBOM, VEX, callgraph, RuntimeFacts)",
"ReplayDivergence reports NodesAdded, NodesRemoved, EdgesChanged on mismatch",
"POST v1/reachgraphs/replay endpoint with rate limiting",
"NodeHashRecipe and PathHashRecipe provide deterministic hashing for replay"
],
"verdict": "pass"
}

24
docs/qa/feature-checks/runs/reachgraph/reachgraph-slice-query-rest-apis/run-001/tier2-integration-check.json Normal file
View File

@@ -0,0 +1,24 @@
{
"type": "integration",
"capturedAtUtc": "2026-02-13T12:00:00Z",
"feature": "reachgraph-slice-query-rest-apis",
"module": "reachgraph",
"testProject": "src/ReachGraph/__Tests/StellaOps.ReachGraph.WebService.Tests/StellaOps.ReachGraph.WebService.Tests.csproj",
"testFilter": "ClassName~ReachGraphApiIntegrationTests",
"testsRun": 26,
"testsPassed": 26,
"testsFailed": 0,
"behaviorVerified": [
"POST /v1/reachgraphs upsert (idempotent by BLAKE3 digest, 201 Created / 200 OK)",
"GET /v1/reachgraphs/{digest} retrieve full graph with 24h cache and ETag support",
"GET /v1/reachgraphs/{digest}/slice?q= package slice with PURL wildcard, configurable depth/direction",
"GET /v1/reachgraphs/{digest}/slice?cve= CVE slice with sinks and reachability paths",
"GET /v1/reachgraphs/{digest}/slice?entrypoint= entrypoint slice (max depth 10)",
"GET /v1/reachgraphs/{digest}/slice?file= file-based slice",
"POST /v1/reachgraphs/replay deterministic replay verification",
"GET /v1/reachgraphs/by-artifact/{artifactDigest} list graphs for artifact",
"DELETE /v1/reachgraphs/{digest} admin delete (204 NoContent / 404 NotFound)",
"Slice caching with SHA256-based cache keys and TTL"
],
"verdict": "pass"
}

21
docs/qa/feature-checks/runs/reachgraph/static-sbom-call-graph-pruning/run-001/tier2-integration-check.json Normal file
View File

@@ -0,0 +1,21 @@
{
"type": "integration",
"capturedAtUtc": "2026-02-13T12:00:00Z",
"feature": "static-sbom-call-graph-pruning",
"module": "reachgraph",
"testProject": "src/__Libraries/__Tests/StellaOps.Reachability.Core.Tests/StellaOps.Reachability.Core.Tests.csproj",
"testFilter": "ClassName~SymbolCanonicalizerTests|ClassName~SymbolMatcherTests|ClassName~ReachabilityLatticePropertyTests",
"testsRun": 224,
"testsPassed": 224,
"testsFailed": 0,
"behaviorVerified": [
"QueryStaticAsync determines StaticReachable (SR) or StaticUnreachable (SU) lattice state",
"ReachabilityLattice transitions from Unknown to SR (confidence 0.30) or SU (confidence 0.40)",
"SymbolCanonicalizer provides language-aware symbol normalization for accurate graph matching",
"SymbolMatcher performs cross-language matching with configurable options",
"ReachGraphStoreAdapter performs BFS graph traversal to determine reachability",
"ReachGraphSliceService provides package slice queries for accessing filtered results",
"QueryBatchAsync supports SBOM-wide analysis across multiple symbols"
],
"verdict": "pass"
}