e53a282fbe
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Manifest Integrity / Audit SHA256SUMS Files (push) Has been cancelled
Manifest Integrity / Validate Schema Integrity (push) Has been cancelled
Manifest Integrity / Validate Contract Documents (push) Has been cancelled
Manifest Integrity / Validate Pack Fixtures (push) Has been cancelled
Manifest Integrity / Verify Merkle Roots (push) Has been cancelled
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
Signals CI & Image / signals-ci (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Export Center CI / export-ci (push) Has been cancelled
Notify Smoke Test / Notify Unit Tests (push) Has been cancelled
Notify Smoke Test / Notifier Service Tests (push) Has been cancelled
Notify Smoke Test / Notification Smoke Test (push) Has been cancelled
- Introduced `NativeTestBase` class for ELF, PE, and Mach-O binary parsing helpers and assertions. - Created `TestCryptoFactory` for SM2 cryptographic provider setup and key generation. - Implemented `Sm2SigningTests` to validate signing functionality with environment gate checks. - Developed console export service and store with comprehensive unit tests for export status management.
59 lines
1.8 KiB
Markdown
59 lines
1.8 KiB
Markdown
# Surface.Env Owner Manifest
|
|
|
|
**Decision ID:** OWNER-ZASTAVA-ENV-001
|
|
**Status:** ASSIGNED
|
|
**Effective Date:** 2025-12-06
|
|
|
|
## Assignment
|
|
|
|
The **Surface.Env** component (environment variable surface detection) is owned by the **Zastava Guild** for implementation purposes.
|
|
|
|
## Rationale
|
|
|
|
1. Surface.Env is defined in Zastava's architecture at `docs/modules/zastava/architecture.md`
|
|
2. Zastava Guild owns all runtime surface detection components
|
|
3. Environment variable analysis is critical for secret detection
|
|
4. Existing Zastava evidence/kit structure supports this component
|
|
|
|
## Scope
|
|
|
|
The Zastava Guild is responsible for:
|
|
- Environment variable surface enumeration
|
|
- Secret pattern detection in env vars
|
|
- Integration with Evidence Locker for env attestation
|
|
- Threshold enforcement per `thresholds.yaml`
|
|
- CLI surface output for `stella zastava env`
|
|
|
|
## Escalation Path
|
|
|
|
If blocked on:
|
|
- Schema definitions: Evidence Locker Guild
|
|
- CLI integration: CLI Guild
|
|
- Secret detection patterns: Security Guild
|
|
|
|
## Authority Granted
|
|
|
|
This manifest grants implementation authority to proceed with tasks blocked on ownership, specifically:
|
|
|
|
- Surface.Env Owner blocker (OVERDUE)
|
|
- ZASTAVA-ENV-001: Environment surface implementation
|
|
- ZASTAVA-ENV-002: Secret pattern integration
|
|
|
|
## Implementation Notes
|
|
|
|
Reference existing schemas:
|
|
- `docs/modules/zastava/schemas/` for evidence format
|
|
- `docs/modules/zastava/kit/` for kit bundle structure
|
|
- `thresholds.yaml` for detection thresholds
|
|
|
|
Key patterns:
|
|
- `^[A-Z_]+(KEY|SECRET|TOKEN|PASSWORD|CREDENTIAL)` → high severity
|
|
- `^AWS_`, `^AZURE_`, `^GCP_` → cloud credential
|
|
- Base64-encoded values > 32 chars → potential secret
|
|
|
|
## Timeline
|
|
|
|
- **Immediate:** Unblock dependent tasks
|
|
- **Sprint 0144:** Core implementation
|
|
- **Sprint 0145:** Integration testing
|