feat(scanner): Complete PoE implementation with Windows compatibility fix
- Fix namespace conflicts (Subgraph → PoESubgraph) - Add hash sanitization for Windows filesystem (colon → underscore) - Update all test mocks to use It.IsAny<>() - Add direct orchestrator unit tests - All 8 PoE tests now passing (100% success rate) - Complete SPRINT_3500_0001_0001 documentation Fixes compilation errors and Windows filesystem compatibility issues. Tests: 8/8 passing Files: 8 modified, 1 new test, 1 completion report 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
master
37
docs2/glossary.md
Normal file
37
docs2/glossary.md
Normal file
@@ -0,0 +1,37 @@
|
||||
# Glossary
|
||||
|
||||
AOC
|
||||
- Aggregation-Only Contract. Ingestion stores raw facts without derived verdicts.
|
||||
|
||||
CAS
|
||||
- Content-addressed storage. Artifacts are addressed by digest.
|
||||
|
||||
Decision Capsule
|
||||
- Signed bundle of inputs, outputs, and evidence for a decision.
|
||||
|
||||
DPoP
|
||||
- Proof of possession for sender-constrained tokens.
|
||||
|
||||
DSSE
|
||||
- Dead Simple Signing Envelope. Binds payload and type.
|
||||
|
||||
OpTok
|
||||
- Short-lived operational token issued by Authority.
|
||||
|
||||
PoE
|
||||
- Proof of Entitlement used by Signer to enforce licensing.
|
||||
|
||||
Reachability
|
||||
- Evidence of whether vulnerable code is reachable from entrypoints.
|
||||
|
||||
Rekor
|
||||
- Transparency log for signed artifacts.
|
||||
|
||||
SBOM
|
||||
- Software Bill of Materials.
|
||||
|
||||
VEX
|
||||
- Vulnerability Exploitability eXchange.
|
||||
|
||||
Unknowns
|
||||
- Explicit records for missing or ambiguous evidence.
|
||||
Reference in New Issue
Block a user