stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
49922dff5ad4435420dac177e832ba4290ceaea9
git.stella-ops.org/docs/risk/samples
History
StellaOps Bot 2eaf0f699b
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
devportal-offline / build-offline (push) Has been cancelled
Details
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
Details
feat: Implement air-gap functionality with timeline impact and evidence snapshot services 
- Added AirgapTimelineImpact, AirgapTimelineImpactInput, and AirgapTimelineImpactResult records for managing air-gap bundle import impacts.
- Introduced EvidenceSnapshotRecord, EvidenceSnapshotLinkInput, and EvidenceSnapshotLinkResult records for linking findings to evidence snapshots.
- Created IEvidenceSnapshotRepository interface for managing evidence snapshot records.
- Developed StalenessValidationService to validate staleness and enforce freshness thresholds.
- Implemented AirgapTimelineService for emitting timeline events related to bundle imports.
- Added EvidenceSnapshotService for linking findings to evidence snapshots and verifying their validity.
- Introduced AirGapOptions for configuring air-gap staleness enforcement and thresholds.
- Added minimal jsPDF stub for offline/testing builds in the web application.
- Created TypeScript definitions for jsPDF to enhance type safety in the web application.
2025-12-06 01:30:08 +02:00
..
api
Enhance risk API documentation and error handling
2025-12-06 00:47:29 +02:00
explain
feat: Implement air-gap functionality with timeline impact and evidence snapshot services
2025-12-06 01:30:08 +02:00
factors
feat: Implement DefaultCryptoHmac for compliance-aware HMAC operations
2025-12-06 00:41:04 +02:00
profiles
feat: Implement DefaultCryptoHmac for compliance-aware HMAC operations
2025-12-06 00:41:04 +02:00
INGEST_CHECKLIST.md
feat: add PolicyPackSelectorComponent with tests and integration
2025-12-05 21:24:34 +02:00
intake-log-template.md
feat: add PolicyPackSelectorComponent with tests and integration
2025-12-05 21:24:34 +02:00
README.md
feat: add PolicyPackSelectorComponent with tests and integration
2025-12-05 21:24:34 +02:00

README.md

Risk Samples (fixtures layout)

Use this folder for frozen, deterministic fixtures once schemas and payloads arrive.

Structure (proposed):

  • profiles/ — profile JSON (DSSE-wrapped where applicable) + SHA256SUMS
  • factors/ — factor input payloads grouped by source (epss/, kev/, reachability/, runtime/), each with SHA256SUMS
  • explain/ — explainability outputs paired with inputs; include SHA256SUMS
  • api/ — request/response examples for risk endpoints; include SHA256SUMS

Rules:

  • UTC timestamps; stable ordering of arrays/objects.
  • No live calls; fixtures only.
  • Record hashes via sha256sum and keep manifests alongside samples.

Quick receipt checklist (see INGEST_CHECKLIST.md for detail):

  1. Normalize JSON with jq -S .
  2. Update SHA256SUMS in the target folder
  3. Verify with sha256sum -c
  4. Log files + hashes in the sprint Execution Log

Manifests created:

  • profiles/SHA256SUMS
  • factors/SHA256SUMS
  • explain/SHA256SUMS
  • api/SHA256SUMS