47168fec38
- Introduced a new VEX compact fixture for testing purposes. - Implemented `verify_export.py` script to validate Findings Ledger exports, ensuring deterministic ordering and applying redaction manifests. - Added a lightweight stub `HarnessRunner` for unit tests to validate ledger hashing expectations. - Documented tasks related to the Mirror Creator. - Created models for entropy signals and implemented the `EntropyPenaltyCalculator` to compute penalties based on scanner outputs. - Developed unit tests for `EntropyPenaltyCalculator` to ensure correct penalty calculations and handling of edge cases. - Added tests for symbol ID normalization in the reachability scanner. - Enhanced console status service with comprehensive unit tests for connection handling and error recovery. - Included Cosign tool version 2.6.0 with checksums for various platforms.
Concelier schema bundle (CI1–CI10 remediation)
This folder publishes the signed JSON Schemas for Link-Not-Merge ingestion artifacts and the offline bundle manifest used by Offline Kit builds.
advisory-observation.schema.json— canonical observation shape (provenance + content hash enforced).advisory-linkset.schema.json— linkset materialization with conflict reasons and deterministic IDs.offline-advisory-bundle.schema.json— manifest for air-gapped advisory bundles, including staleness and signature metadata.schema.manifest.json— digest manifest over all schemas.schema.manifest.sig— detached ECDSA (P-256) signature over the manifest (public key:schema-signing-pub.pem).schema.manifest.sig.b64— base64 view of the signature for air-gapped copy/paste.samples/— deterministic sample payloads for CI fixtures (seetestsnotes below).
Verify locally (deterministic, offline)
# 1) Validate schemas are unchanged
sha256sum -c schema.manifest.json
# 2) Verify detached signature with the published public key
openssl dgst -sha256 -verify schema-signing-pub.pem \
-signature schema.manifest.sig \
schema.manifest.json
Test coverage
The fixtures in samples/ are consumed by StellaOps.Concelier.Core.Tests to assert:
- deterministic idempotency keys and conflict ordering (
Linksets/AdvisoryLinksetIdempotencyTests), - tenant normalization and signature requirements for observations (
Aoc/AdvisoryObservationWriteGuardTests), - offline bundle manifest validation (
Schemas/OfflineBundleSchemaTests).
Keep the manifest and signature updated whenever schema files change. Keys are dev/test-only; production signing happens in the release pipeline.