7503c19b8f
- Implemented comprehensive tests for verdict artifact generation to ensure deterministic outputs across various scenarios, including identical inputs, parallel execution, and change ordering. - Created helper methods for generating sample verdict inputs and computing canonical hashes. - Added tests to validate the stability of canonical hashes, proof spine ordering, and summary statistics. - Introduced a new PowerShell script to update SHA256 sums for files, ensuring accurate hash generation and file integrity checks.
26 lines
1.2 KiB
Markdown
26 lines
1.2 KiB
Markdown
# Data isolation model (PostgreSQL)
|
|
|
|
StellaOps uses PostgreSQL as the canonical durable store. Isolation is achieved by:
|
|
- One schema per service (clear ownership boundaries).
|
|
- Tenant identifiers on all tenant-scoped records (enabling row-level strategies where required).
|
|
- Append-only patterns for specific evidence stores to preserve replayability.
|
|
|
|
## Schema ownership map
|
|
|
|
| Schema | Owner (primary) | Data class |
|
|
| --- | --- | --- |
|
|
| `authority` | Authority | Identity, clients, keys, auth audit trails. |
|
|
| `scanner` | Scanner | Scan manifests, triage, scan result metadata. |
|
|
| `vuln` | Concelier | Advisory raw documents, linksets, observations. |
|
|
| `vex` | Excititor | VEX raw statements and consensus state. |
|
|
| `scheduler` | Scheduler | Job orchestration state. |
|
|
| `notify` | Notify | Notifications state and delivery history. |
|
|
| `policy` | Policy | Exceptions, policy snapshots, unknown tracking. |
|
|
| `orchestrator` | Orchestrator | Workflow orchestration state. |
|
|
|
|
## Where to find authoritative schemas
|
|
|
|
This document is descriptive. The authoritative contract is:
|
|
- Module dossiers and migration notes under `docs/modules/<module>/`
|
|
- Database schema reference: `docs/11_DATA_SCHEMAS.md`
|