stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
40362de56880f054c29ce23e6ba980834a7f831f
git.stella-ops.org/docs/vex/consensus-json.md
StellaOps Bot 7503c19b8f Add determinism tests for verdict artifact generation and update SHA256 sums script 
- Implemented comprehensive tests for verdict artifact generation to ensure deterministic outputs across various scenarios, including identical inputs, parallel execution, and change ordering.
- Created helper methods for generating sample verdict inputs and computing canonical hashes.
- Added tests to validate the stability of canonical hashes, proof spine ordering, and summary statistics.
- Introduced a new PowerShell script to update SHA256 sums for files, ensuring accurate hash generation and file integrity checks.
2025-12-24 02:17:34 +02:00

48 lines
1.5 KiB
Markdown
Raw Blame History

# VEX Consensus JSON (Payload Reference)
This document describes the *shape* of consensus records returned by consensus APIs and exported in Offline Kit snapshots. Field names and structure may vary slightly by gateway serialization, but the semantic contract is stable.
## Consensus Record (Conceptual)
```json
{
"artifact": "pkg:rpm/redhat/openssl@3.0.9",
"advisory": "CVE-2025-13579",
"status": "not_affected",
"confidence": 0.92,
"issued_at": "2025-08-30T12:05:00Z",
"consensus_digest": "sha256:…",
"derived_from": [
{
"source_digest": "sha256:…",
"issuer": "vendor:redhat",
"status": "not_affected",
"timestamp": "2025-08-30T12:00:00Z",
"trust": { "tier": "vendor", "weight": 1.0 },
"verification": { "signature": "verified" }
}
],
"conflicts": [
{
"source_digest": "sha256:…",
"issuer": "vendor:upstream",
"status": "affected",
"timestamp": "2025-08-29T00:00:00Z",
"trust": { "tier": "vendor", "weight": 0.8 }
}
]
}
```
## Determinism Rules
- Timestamps are UTC ISO-8601.
- Arrays (`derived_from`, `conflicts`) are in a stable order (typically the evaluation sort order).
- `consensus_digest` is computed over canonical, deterministic JSON bytes for the record (or over an equivalent canonical projection).
## Related Docs
- Algorithm overview: `docs/vex/consensus-algorithm.md`
- Endpoints: `docs/vex/consensus-api.md`
- Module details: `docs/modules/vex-lens/architecture.md`
Reference in New Issue View Git Blame Copy Permalink