8768c27f30
- Introduced `ReachabilityState`, `RuntimeHit`, `ExploitabilitySignal`, `ReachabilitySignal`, `SignalEnvelope`, `SignalType`, `TrustSignal`, and `UnknownSymbolSignal` records to define various signal types and their properties. - Implemented JSON serialization attributes for proper data interchange. - Created project files for the new signal contracts library and corresponding test projects. - Added deterministic test fixtures for micro-interaction testing. - Included cryptographic keys for secure operations with cosign.
1.3 KiB
1.3 KiB
Validate Bundle Prep — PREP-VALIDATE-BUNDLE-187-005 (Draft)
Status: Draft (2025-11-20) Owners: QA Guild · CLI Guild · Docs Guild Scope: Define validation steps for replay bundles once schemas freeze.
Validation checklist (proposed)
- Verify archive hash vs manifest
bundle.manifest.json(sha256). - Verify DSSE signature (if present) against trusted keys.
- Recompute Merkle root of bundle file tree; compare to manifest.
- Schema validation: replay records conform to
replay.record.v1; policy export bundle conforms topolicy.export.console.v1when included. - Determinism: run
stella replaytwice on same bundle and assert identical outputs (hash comparison).
Fixtures/tests
- Golden bundles live under
tests/EvidenceLocker/Bundles/Golden/(sealed, portable, replay) withexpected.jsonand DSSE envelopes. StellaOps.EvidenceLocker.Testsincludes fixture tests that validate Merkle subject, redaction, and replay digest; keep them green when regenerating bundles.- CLI validation test:
stella verify --bundle <fixture>returns exit code 0 and printsverified: true.
Open dependencies
- Final schemas from Evidence Locker and Policy export contracts.
- Trust root list for DSSE verification (Authority decision).
Handoff
Use this prep doc for PREP-VALIDATE-BUNDLE-187-005; expand with concrete fixtures once schemas are frozen.