e53a282fbe
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Manifest Integrity / Audit SHA256SUMS Files (push) Has been cancelled
Manifest Integrity / Validate Schema Integrity (push) Has been cancelled
Manifest Integrity / Validate Contract Documents (push) Has been cancelled
Manifest Integrity / Validate Pack Fixtures (push) Has been cancelled
Manifest Integrity / Verify Merkle Roots (push) Has been cancelled
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
Signals CI & Image / signals-ci (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Export Center CI / export-ci (push) Has been cancelled
Notify Smoke Test / Notify Unit Tests (push) Has been cancelled
Notify Smoke Test / Notifier Service Tests (push) Has been cancelled
Notify Smoke Test / Notification Smoke Test (push) Has been cancelled
- Introduced `NativeTestBase` class for ELF, PE, and Mach-O binary parsing helpers and assertions. - Created `TestCryptoFactory` for SM2 cryptographic provider setup and key generation. - Implemented `Sm2SigningTests` to validate signing functionality with environment gate checks. - Developed console export service and store with comprehensive unit tests for export status management.
1.8 KiB
1.8 KiB
Surface.Env Owner Manifest
Decision ID: OWNER-ZASTAVA-ENV-001 Status: ASSIGNED Effective Date: 2025-12-06
Assignment
The Surface.Env component (environment variable surface detection) is owned by the Zastava Guild for implementation purposes.
Rationale
- Surface.Env is defined in Zastava's architecture at
docs/modules/zastava/architecture.md - Zastava Guild owns all runtime surface detection components
- Environment variable analysis is critical for secret detection
- Existing Zastava evidence/kit structure supports this component
Scope
The Zastava Guild is responsible for:
- Environment variable surface enumeration
- Secret pattern detection in env vars
- Integration with Evidence Locker for env attestation
- Threshold enforcement per
thresholds.yaml - CLI surface output for
stella zastava env
Escalation Path
If blocked on:
- Schema definitions: Evidence Locker Guild
- CLI integration: CLI Guild
- Secret detection patterns: Security Guild
Authority Granted
This manifest grants implementation authority to proceed with tasks blocked on ownership, specifically:
- Surface.Env Owner blocker (OVERDUE)
- ZASTAVA-ENV-001: Environment surface implementation
- ZASTAVA-ENV-002: Secret pattern integration
Implementation Notes
Reference existing schemas:
docs/modules/zastava/schemas/for evidence formatdocs/modules/zastava/kit/for kit bundle structurethresholds.yamlfor detection thresholds
Key patterns:
^[A-Z_]+(KEY|SECRET|TOKEN|PASSWORD|CREDENTIAL)→ high severity^AWS_,^AZURE_,^GCP_→ cloud credential- Base64-encoded values > 32 chars → potential secret
Timeline
- Immediate: Unblock dependent tasks
- Sprint 0144: Core implementation
- Sprint 0145: Integration testing