stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
37cba8370801afd323cbd66210cfcb6194bfb2b2
git.stella-ops.org/docs/modules/signals/evidence/README.md
StellaOps Bot 37cba83708
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Export Center CI / export-ci (push) Has been cancelled
Details
devportal-offline / build-offline (push) Has been cancelled
Details
up
2025-12-03 00:10:19 +02:00

46 lines
2.2 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Signals DSSE Evidence Staging (runtime/signals gaps)
Artifacts prepared 2025-12-01 (UTC) for DSSE signing and Evidence Locker ingest:
- Decay config: `docs/modules/signals/decay/confidence_decay_config.yaml`
- Unknowns scoring manifest: `docs/modules/signals/unknowns/unknowns_scoring_manifest.json`
- Heuristic catalog + schema + fixtures: `docs/modules/signals/heuristics/`
- Checksums: `docs/modules/signals/SHA256SUMS`
Planned Evidence Locker paths (to fill post-signing):
- `evidence-locker/signals/decay/2025-12-01/confidence_decay_config.dsse`
- `evidence-locker/signals/unknowns/2025-12-01/unknowns_scoring_manifest.dsse`
- `evidence-locker/signals/heuristics/2025-12-01/heuristics_catalog.dsse`
- `evidence-locker/signals/heuristics/2025-12-01/fixtures/` (golden inputs/outputs)
Pending steps:
1) Sign each artifact with its predicate (cosign v3.0.2 in `/usr/local/bin`, use `--bundle`; v2.6.0 fallback in `tools/cosign` also works with `--output-signature`):
- `stella.ops/confidenceDecayConfig@v1`
- `stella.ops/unknownsScoringManifest@v1`
- `stella.ops/heuristicCatalog@v1`
Example (v3, replace KEY):
```bash
cosign sign-blob \
--key cosign.key \
--predicate-type stella.ops/confidenceDecayConfig@v1 \
--bundle confidence_decay_config.sigstore.json \
decay/confidence_decay_config.yaml
```
v2.6.0 fallback (if PATH prefixed with `tools/cosign`):
```bash
cosign sign-blob \
--key cosign.key \
--predicate-type stella.ops/confidenceDecayConfig@v1 \
--output-signature confidence_decay_config.dsse \
decay/confidence_decay_config.yaml
```
2) Record SHA256 from `SHA256SUMS` in DSSE annotations (or bundle metadata); keep canonical filenames:
- v3: `confidence_decay_config.sigstore.json`, `unknowns_scoring_manifest.sigstore.json`, `heuristics_catalog.sigstore.json`
- v2 fallback: `.dsse` signatures.
3) Place signed envelopes + checksums in the Evidence Locker paths above; update sprint tracker Delivery Tracker rows 57 and Decisions & Risks with the final URIs.
4) Add signer/approver IDs to the sprint Execution Log once signatures are complete.
Notes:
- Use UTC timestamps in DSSE `issuedAt`.
- Ensure offline parity by copying envelopes + SHA256SUMS into the offline kit bundle when ready.
Reference in New Issue View Git Blame Copy Permalink