2.0 KiB
2.0 KiB
Zastava Contract Validators
Module
Zastava
Status
IMPLEMENTED
Description
Runtime and admission contract validators enforcing tenant-scoped binding rules, configuration schema compliance, and threshold-based verdicts for Zastava observer and webhook components.
Implementation Details
- ZastavaContractValidator:
src/Zastava/__Libraries/StellaOps.Zastava.Core/Security/ZastavaContractValidator.cs-- validates runtime and admission contracts against schema, tenant scoping, and threshold rules - ZastavaContractVersions:
src/Zastava/__Libraries/StellaOps.Zastava.Core/Contracts/ZastavaContractVersions.cs-- versioned contract schemas for observer and webhook - RuntimeEvent contract:
src/Zastava/__Libraries/StellaOps.Zastava.Core/Contracts/RuntimeEvent.cs-- runtime event contract model - AdmissionDecision contract:
src/Zastava/__Libraries/StellaOps.Zastava.Core/Contracts/AdmissionDecision.cs-- admission decision contract model - SurfaceCacheValidator:
src/Zastava/__Libraries/StellaOps.Zastava.Core/Validation/SurfaceCacheValidator.cs-- validates surface cache consistency - ZastavaRuntimeOptions:
src/Zastava/__Libraries/StellaOps.Zastava.Core/Configuration/ZastavaRuntimeOptions.cs-- runtime configuration schema - ZastavaSurfaceSecretsOptions:
src/Zastava/__Libraries/StellaOps.Zastava.Core/Configuration/ZastavaSurfaceSecretsOptions.cs-- surface secrets configuration - Tests:
src/Zastava/__Tests/StellaOps.Zastava.Core.Tests/Contracts/ZastavaContractVersionsTests.cs,Validation/OfflineStrictModeTests.cs - Source: SPRINT_0144_0001_0001_zastava_runtime_signals.md
E2E Test Plan
- Verify contract validator enforces tenant-scoped binding rules
- Test configuration schema compliance for runtime options
- Verify threshold-based verdict validation rejects out-of-range values
- Test contract version compatibility checks for schema evolution
- Verify surface cache validator detects inconsistencies