stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

feat(scanner): Complete PoE implementation with Windows compatibility fix

Browse Source 
- Fix namespace conflicts (Subgraph → PoESubgraph)
- Add hash sanitization for Windows filesystem (colon → underscore)
- Update all test mocks to use It.IsAny<>()
- Add direct orchestrator unit tests
- All 8 PoE tests now passing (100% success rate)
- Complete SPRINT_3500_0001_0001 documentation

Fixes compilation errors and Windows filesystem compatibility issues.
Tests: 8/8 passing
Files: 8 modified, 1 new test, 1 completion report

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
master
2025-12-23 14:52:08 +02:00
parent 84d97fd22c
commit fcb5ffe25d
90 changed files with 9457 additions and 2039 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
docs2/data-and-schemas.md Normal file
View File

@@ -0,0 +1,40 @@
# Data and schemas
## Storage layers
- PostgreSQL: canonical store with schema isolation per module.
- Valkey: cache, queues, and event streams.
- RustFS: content-addressed object storage for artifacts and evidence bundles.
## Deterministic data rules
- Use canonical JSON and stable ordering.
- All timestamps are UTC ISO 8601.
- Arrays are sorted by deterministic keys where defined.
## Schema ownership
- Each module owns its PostgreSQL schema and migrations.
- Cross-schema reads are explicit and minimized.
## Typical schemas
- auth: Authority
- vuln: Concelier advisories
- vex: Excititor VEX statements
- policy: policy packs, unknowns, decisions
- scanner: scan manifests, SBOM metadata, reachability
- scheduler: schedules, runs, impact snapshots
- notify: rules, channels, deliveries
## Content-addressed layouts (example)
- layers/<sha256>/sbom.cdx.json.zst
- images/<digest>/inventory.cdx.pb
- indexes/<digest>/bom-index.bin
- attest/<sha256>.dsse.json
## Aggregation-Only Contract (AOC)
- advisory_raw and vex_raw are append-only and immutable.
- Idempotency uses content hash and supersedes chains.
- Derived findings are produced only by the Policy Engine.
## Schema catalogs
- docs/schemas: JSON schemas and OpenAPI fragments.
- docs/contracts: protocol and contract definitions.
- docs/db: schema specs and migration rules.