47168fec38
- Introduced a new VEX compact fixture for testing purposes. - Implemented `verify_export.py` script to validate Findings Ledger exports, ensuring deterministic ordering and applying redaction manifests. - Added a lightweight stub `HarnessRunner` for unit tests to validate ledger hashing expectations. - Documented tasks related to the Mirror Creator. - Created models for entropy signals and implemented the `EntropyPenaltyCalculator` to compute penalties based on scanner outputs. - Developed unit tests for `EntropyPenaltyCalculator` to ensure correct penalty calculations and handling of edge cases. - Added tests for symbol ID normalization in the reachability scanner. - Enhanced console status service with comprehensive unit tests for connection handling and error recovery. - Included Cosign tool version 2.6.0 with checksums for various platforms.
1.2 KiB
1.2 KiB
Zastava schemas (runtime & admission)
Canonicalisation & hashing
- JSON is stored with sorted keys and two-space indentation; hashes use JCS-style encoding:
json.dumps(payload, separators=(',', ':'), sort_keys=True). payload_hashfields in examples and exports are computed from the canonical payload bytes and formatted assha256:<hex>.- Schema negotiation stays on the
zastava.*@v1.xline; breaking changes bump the major version.
DSSE signing
- Payload types:
application/vnd.stellaops.zastava.schema+json;name=observer_event;version=1application/vnd.stellaops.zastava.schema+json;name=webhook_admission;version=1
- Ed25519 public key (base64url, no padding):
mpIEbYRL1q5yhN6wBRvkZ_0xXz3QUJPueJJ8sn__GGc. - Signatures are emitted as
<file>.dssewith DSSEv1 pre-auth encoding over the raw file bytes. - Regenerate signatures with
docs/modules/zastava/kit/verify.shprerequisites (Python + cryptography) and the private key held offline.
Test vectors
- Example payloads:
schemas/examples/*.json. - Signed exports:
exports/observer_events.ndjson(.dsse)andexports/webhook_admissions.ndjson(.dsse). - Kit verification aggregates all signatures via
kit/verify.sh.