stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
44cd1827c23f37e4fc31f6cd89a57efcb3dd1fb8
git.stella-ops.org/docs/features/checked/attestor/predicate-schema-validation.md
master e9aeadc040 save checkpoint
2026-02-14 09:11:48 +02:00

3.1 KiB
Raw Blame History

Predicate Schema Validation (including Delta Validators)

Module

Attestor

Status

VERIFIED

Description

Schema validation for all predicate types including SBOM deltas, VEX deltas, reachability witnesses, and delta verdicts.

Implementation Details

  • Predicate Schema Validator: src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Json/PredicateSchemaValidator.cs -- core validator that validates predicate payloads against registered schemas.
  • Standard Validators: Json/PredicateSchemaValidator.Validators.cs -- validators for standard predicate types: Evidence, Reasoning, VexVerdict, ProofSpine, SbomLinkage, Uncertainty, MicroWitness.
  • Delta Validators: Json/PredicateSchemaValidator.DeltaValidators.cs -- validators for delta predicate types: DeltaVerdict, ChangeTrace, SbomDelta, VexDelta, ReachabilityDrift.
  • Schema Validation Result: Json/SchemaValidationResult.cs -- result model with pass/fail status and validation errors list.
  • Schema Validation Error: Json/SchemaValidationError.cs -- individual validation error with path, message, and severity.
  • SLSA Schema Validator: __Libraries/StellaOps.Attestor.StandardPredicates/Validation/SlsaSchemaValidator.cs (with .BuildDefinition, .Helpers, .Level, .RunDetails) -- SLSA-specific schema validation. SlsaValidationResult.cs -- SLSA validation result.
  • Binary Diff Schema: __Libraries/StellaOps.Attestor.StandardPredicates/BinaryDiff/BinaryDiffSchema.SchemaJson.cs -- embedded JSON schema for binary diff predicates. BinaryDiffSchemaValidationResult.cs -- validation result.
  • CycloneDX Validation: __Libraries/StellaOps.Attestor.StandardPredicates/Writers/CycloneDxWriter.Validation.cs -- CycloneDX-specific validation.
  • SPDX Validation: Parsers/SpdxPredicateParser.Validation.cs -- SPDX-specific validation.
  • Tests: __Tests/StellaOps.Attestor.ProofChain.Tests/PredicateSchemaValidatorTests.cs

E2E Test Plan

  • Validate a well-formed Evidence predicate via PredicateSchemaValidator and verify it passes with no errors
  • Validate a malformed Evidence predicate (missing required fields) and verify SchemaValidationResult contains specific SchemaValidationError entries with paths
  • Validate all standard predicate types via .Validators: Evidence, Reasoning, VexVerdict, ProofSpine, SbomLinkage
  • Validate all delta predicate types via .DeltaValidators: DeltaVerdict, ChangeTrace, SbomDelta, VexDelta, ReachabilityDrift
  • Validate a SLSA provenance predicate via SlsaSchemaValidator and verify buildDefinition, runDetails, and level are checked
  • Validate a binary diff predicate against BinaryDiffSchema and verify schema compliance
  • Validate a CycloneDX predicate via CycloneDxWriter.Validation and verify BOM-specific rules are enforced
  • Verify SchemaValidationError provides sufficient detail: JSON path, error message, and severity level

Verification

Check Result
Tier 0 - Source Verification PASS
Tier 1 - Build + Code Review PASS
Tier 2 - Behavioral Verification PASS
Verified Date 2026-02-13
Run ID run-001