stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 12 Releases Wiki Activity
Files
2d08f52715816a8c27e0741f0d05a16ca4aca71b
git.stella-ops.org/docs/modules/zastava/kit/README.md
StellaOps Bot 2d08f52715 feat(zastava): add evidence locker plan and schema examples 
- Introduced README.md for Zastava Evidence Locker Plan detailing artifacts to sign and post-signing steps.
- Added example JSON schemas for observer events and webhook admissions.
- Updated implementor guidelines with checklist for CI linting, determinism, secrets management, and schema control.
- Created alert rules for Vuln Explorer to monitor API latency and projection errors.
- Developed analytics ingestion plan for Vuln Explorer, focusing on telemetry and PII guardrails.
- Implemented Grafana dashboard configuration for Vuln Explorer metrics visualization.
- Added expected projection SHA256 for vulnerability events.
- Created k6 load testing script for Vuln Explorer API.
- Added sample projection and replay event data for testing.
- Implemented ReplayInputsLock for deterministic replay inputs management.
- Developed tests for ReplayInputsLock to ensure stable hash computation.
- Created SurfaceManifestDeterminismVerifier to validate manifest determinism and integrity.
- Added unit tests for SurfaceManifestDeterminismVerifier to ensure correct functionality.
- Implemented Angular tests for VulnerabilityHttpClient and VulnerabilityDetailComponent to verify API interactions and UI rendering.
2025-12-02 09:27:31 +02:00

946 B
Raw Blame History

Zastava Kit (offline bundle) Draft

Contents to include when built:

  • Observations and admissions exports (NDJSON) signed via DSSE.
  • Schemas: schemas/observer_event.schema.json, schemas/webhook_admission.schema.json.
  • Thresholds: thresholds.yaml (DSSE-signed).
  • Hash manifest: SHA256SUMS (covering all kit files).
  • Verify script: verify.sh (hash + DSSE verification; fail closed on mismatch).

Deterministic packaging: tar --mtime @0 --owner 0 --group 0 --numeric-owner -cf - kit | zstd -19 --long=27 --no-progress > zastava-kit.tzst.

Pending: fill with signed artefacts and Evidence Locker URIs after DSSE signing. Planned Evidence Locker paths (post-signing):

  • evidence-locker/zastava/2025-12-06/observer_event.schema.dsse
  • evidence-locker/zastava/2025-12-06/webhook_admission.schema.dsse
  • evidence-locker/zastava/2025-12-06/thresholds.dsse
  • evidence-locker/zastava/2025-12-06/zastava-kit.tzst + SHA256SUMS