stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
108d1c64b323808d6085fca05818fc581c6b003a
git.stella-ops.org/docs/modules/zastava/schemas
History
StellaOps Bot 47168fec38 feat: Add VEX compact fixture and implement offline verifier for Findings Ledger exports 
- Introduced a new VEX compact fixture for testing purposes.
- Implemented `verify_export.py` script to validate Findings Ledger exports, ensuring deterministic ordering and applying redaction manifests.
- Added a lightweight stub `HarnessRunner` for unit tests to validate ledger hashing expectations.
- Documented tasks related to the Mirror Creator.
- Created models for entropy signals and implemented the `EntropyPenaltyCalculator` to compute penalties based on scanner outputs.
- Developed unit tests for `EntropyPenaltyCalculator` to ensure correct penalty calculations and handling of edge cases.
- Added tests for symbol ID normalization in the reachability scanner.
- Enhanced console status service with comprehensive unit tests for connection handling and error recovery.
- Included Cosign tool version 2.6.0 with checksums for various platforms.
2025-12-02 21:08:01 +02:00
..
examples
feat: Add VEX compact fixture and implement offline verifier for Findings Ledger exports
2025-12-02 21:08:01 +02:00
observer_event.schema.json
feat: Add VEX compact fixture and implement offline verifier for Findings Ledger exports
2025-12-02 21:08:01 +02:00
observer_event.schema.json.dsse
feat: Add VEX compact fixture and implement offline verifier for Findings Ledger exports
2025-12-02 21:08:01 +02:00
README.md
feat: Add VEX compact fixture and implement offline verifier for Findings Ledger exports
2025-12-02 21:08:01 +02:00
webhook_admission.schema.json
feat: Add VEX compact fixture and implement offline verifier for Findings Ledger exports
2025-12-02 21:08:01 +02:00
webhook_admission.schema.json.dsse
feat: Add VEX compact fixture and implement offline verifier for Findings Ledger exports
2025-12-02 21:08:01 +02:00

README.md

Zastava schemas (runtime & admission)

Canonicalisation & hashing

  • JSON is stored with sorted keys and two-space indentation; hashes use JCS-style encoding: json.dumps(payload, separators=(',', ':'), sort_keys=True).
  • payload_hash fields in examples and exports are computed from the canonical payload bytes and formatted as sha256:<hex>.
  • Schema negotiation stays on the zastava.*@v1.x line; breaking changes bump the major version.

DSSE signing

  • Payload types:
    • application/vnd.stellaops.zastava.schema+json;name=observer_event;version=1
    • application/vnd.stellaops.zastava.schema+json;name=webhook_admission;version=1
  • Ed25519 public key (base64url, no padding): mpIEbYRL1q5yhN6wBRvkZ_0xXz3QUJPueJJ8sn__GGc.
  • Signatures are emitted as <file>.dsse with DSSEv1 pre-auth encoding over the raw file bytes.
  • Regenerate signatures with docs/modules/zastava/kit/verify.sh prerequisites (Python + cryptography) and the private key held offline.

Test vectors

  • Example payloads: schemas/examples/*.json.
  • Signed exports: exports/observer_events.ndjson(.dsse) and exports/webhook_admissions.ndjson(.dsse).
  • Kit verification aggregates all signatures via kit/verify.sh.