44171930ff
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Policy Lint & Smoke / policy-lint (push) Has been cancelled
devportal-offline / build-offline (push) Has been cancelled
- Introduced `ui_bench_driver.mjs` to read scenarios and fixture manifest, generating a deterministic run plan. - Created `ui_bench_plan.md` outlining the purpose, scope, and next steps for the benchmark. - Added `ui_bench_scenarios.json` containing various scenarios for graph UI interactions. - Implemented tests for CLI commands, ensuring bundle verification and telemetry defaults. - Developed schemas for orchestrator components, including replay manifests and event envelopes. - Added mock API for risk management, including listing and statistics functionalities. - Implemented models for risk profiles and query options to support the new API.
Attestor CI/Secrets (DEVOPS-ATTEST-73-001/002)
Artifacts added for the DevOps attestation track:
ci.yml— GitHub Actions workflow (parity stub) that restores/builds/tests Attestor solution and uploads test artefacts. Offline/airgap friendly when mirrored into local runner; set DOTNET_* envs for determinism.- Secrets storage plan:
- Use KMS-backed cosign key refs (e.g.,
azurekms://...orawskms://...). - Store ref in CI secret
ATTESTOR_COSIGN_KEY; pipeline passes via env and never writes key material to disk. - Audit logs: enable KMS audit + CI job logs; avoid plaintext key dumps.
- Use KMS-backed cosign key refs (e.g.,
- Next steps: wire
.gitea/workflows/attestor-ci.ymlto mirror this job, addcosign sign-blobstage for DSSE envelopes, and publish artefacts toops/devops/artifacts/attestor/<ts>/with checksums.