stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
main
git.stella-ops.org/docs/task-packs/packs-offline-bundle.schema.json
StellaOps Bot 18d87c64c5 feat: add PolicyPackSelectorComponent with tests and integration 
- Implemented PolicyPackSelectorComponent for selecting policy packs.
- Added unit tests for component behavior, including API success and error handling.
- Introduced monaco-workers type declarations for editor workers.
- Created acceptance tests for guardrails with stubs for AT1–AT10.
- Established SCA Failure Catalogue Fixtures for regression testing.
- Developed plugin determinism harness with stubs for PL1–PL10.
- Added scripts for evidence upload and verification processes.
2025-12-05 21:24:34 +02:00

126 lines
5.1 KiB
JSON
Raw Permalink Blame History

{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "StellaOps Task Pack Offline Bundle",
"description": "Canonical offline bundle manifest for Task Packs; used by verify_offline_bundle.py and TaskRunner evidence checks.",
"type": "object",
"additionalProperties": false,
"required": [
"schemaVersion",
"pack",
"plan",
"evidence",
"security",
"hashes",
"slo",
"tenant",
"environment",
"created"
],
"properties": {
"schemaVersion": {
"type": "string",
"const": "stellaops.pack.offline-bundle.v1"
},
"pack": {
"type": "object",
"additionalProperties": false,
"required": ["name", "version", "bundle", "digest", "sbom"],
"properties": {
"name": { "type": "string", "minLength": 1 },
"version": { "type": "string", "minLength": 1 },
"bundle": { "type": "string", "description": "Relative path to the pack bundle tarball or OCI layout." },
"digest": { "type": "string", "pattern": "^sha256:[0-9a-f]{64}$" },
"registry": { "type": "string", "description": "Logical registry identifier or OCI reference." },
"sbom": { "type": "string", "description": "Relative path to CycloneDX/SBOM document for the pack bundle." }
}
},
"plan": {
"type": "object",
"additionalProperties": false,
"required": ["hashAlgorithm", "hash", "canonicalPlanPath", "inputsLock"],
"properties": {
"hashAlgorithm": { "type": "string", "enum": ["sha256"] },
"hash": { "type": "string", "pattern": "^sha256:[0-9a-f]{64}$" },
"canonicalPlanPath": { "type": "string", "description": "Normalized JSON plan used to compute plan hash." },
"inputsLock": { "type": "string", "description": "Deterministic lock of resolved inputs/secrets (hashed, redacted)." },
"rngSeed": { "type": "string", "description": "Seed derived from plan hash for deterministic RNG." },
"timestampSource": { "type": "string", "enum": ["utc-iso8601"], "description": "Time source requirement." }
}
},
"evidence": {
"type": "object",
"additionalProperties": false,
"required": ["attestation", "approvalsLedger"],
"properties": {
"attestation": { "type": "string", "description": "DSSE payload binding run to plan hash." },
"approvalsLedger": { "type": "string", "description": "DSSE-signed approvals ledger with Authority claims." },
"timeline": { "type": "string", "description": "Optional timeline NDJSON for steps/policy events." }
}
},
"security": {
"type": "object",
"additionalProperties": false,
"required": ["sandbox", "revocations", "signatures", "secretsRedactionPolicy"],
"properties": {
"sandbox": {
"type": "object",
"additionalProperties": false,
"required": ["mode", "egressAllowlist", "cpuLimitMillicores", "memoryLimitMiB", "quotaSeconds"],
"properties": {
"mode": { "type": "string", "enum": ["sealed", "restricted"] },
"egressAllowlist": {
"type": "array",
"items": { "type": "string" }
},
"cpuLimitMillicores": { "type": "integer", "minimum": 1 },
"memoryLimitMiB": { "type": "integer", "minimum": 1 },
"quotaSeconds": { "type": "integer", "minimum": 1 }
}
},
"revocations": { "type": "string", "description": "Revocation list for pack versions/digests." },
"signatures": {
"type": "object",
"additionalProperties": false,
"required": ["bundleDsse", "attestationDsse"],
"properties": {
"bundleDsse": { "type": "string" },
"attestationDsse": { "type": "string" },
"registryCertChain": { "type": "string" }
}
},
"secretsRedactionPolicy": { "type": "string", "description": "Policy document describing hashing/redaction of secrets." }
}
},
"hashes": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"additionalProperties": false,
"required": ["path", "algorithm", "digest"],
"properties": {
"path": { "type": "string" },
"algorithm": { "type": "string", "enum": ["sha256"] },
"digest": { "type": "string", "pattern": "^sha256:[0-9a-f]{64}$" }
}
}
},
"slo": {
"type": "object",
"additionalProperties": false,
"required": ["runP95Seconds", "approvalP95Seconds", "maxQueueDepth"],
"properties": {
"runP95Seconds": { "type": "integer", "minimum": 1 },
"approvalP95Seconds": { "type": "integer", "minimum": 1 },
"maxQueueDepth": { "type": "integer", "minimum": 1 },
"alertRules": { "type": "string", "description": "Path to alert rule definitions." }
}
},
"tenant": { "type": "string", "minLength": 1 },
"environment": { "type": "string", "minLength": 1 },
"created": { "type": "string", "format": "date-time" },
"expires": { "type": "string", "format": "date-time" },
"verifyScriptVersion": { "type": "string", "description": "Version of verify_offline_bundle.py used to validate this bundle." }
}
}
Reference in New Issue View Git Blame Copy Permalink