25 lines
1.6 KiB
Markdown
25 lines
1.6 KiB
Markdown
# Interim & final fixture generation — SAMPLES-GRAPH-24-003
|
|
|
|
## Current status
|
|
- Interim synthetic fixtures (50k/100k) are generated via `samples/graph/interim/generate.py` (deterministic, hashes in manifest). Use these for BENCH-GRAPH-21-001/002 until overlay schema is finalized.
|
|
- Canonical fixture remains blocked on overlay field confirmation from Graph Guild.
|
|
|
|
## Plan for canonical fixture
|
|
1) **Inputs:** scanner surface mock bundle v1 (or real caches when cleared), overlay schema from Graph Guild, tenant `demo-tenant`.
|
|
2) **Determinism:** `RANDOM_SEED=424242`, timestamps frozen to `2025-11-22T00:00:00Z`, UTF-8, sorted keys/rows.
|
|
3) **Generation steps (once unblocked):**
|
|
- Parse mock SBOM bundle → node/edge sets per Graph schema.
|
|
- Generate policy overlay snapshot using final overlay fields; include verdict, ruleId, severity, provenance hash.
|
|
- Write NDJSON (`nodes.ndjson`, `edges.ndjson`, `overlays/policy.ndjson`) sorted by `id`.
|
|
- Emit `manifest.json` with SHA-256, counts, timestamps; DSSE-sign manifest for offline kits.
|
|
- Add `verify.sh` to recompute hashes and validate counts/overlay fields.
|
|
|
|
## TODO to unblock
|
|
- Receive overlay field mapping + file naming from Graph Guild (was due 2025-11-22).
|
|
- Confirm allowed mock SBOM source list and artifact naming (Graph Guild / SBOM Service Guild).
|
|
- Provide expected node/edge cardinality breakdown to guide generation.
|
|
|
|
## Scripts
|
|
- Interim: `samples/graph/interim/generate.py`
|
|
- Canonical (to write): `samples/graph/scripts/generate-canonical.py` + `verify.sh` (DSSE + hash check), once schema confirmed.
|