stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
49922dff5ad4435420dac177e832ba4290ceaea9
git.stella-ops.org/tests/EvidenceLocker/Bundles/Golden/README.md
StellaOps Bot 8768c27f30
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Signals DSSE Sign & Evidence Locker / sign-signals-artifacts (push) Has been cancelled
Details
Signals DSSE Sign & Evidence Locker / verify-signatures (push) Has been cancelled
Details
Add signal contracts for reachability, exploitability, trust, and unknown symbols 
- Introduced `ReachabilityState`, `RuntimeHit`, `ExploitabilitySignal`, `ReachabilitySignal`, `SignalEnvelope`, `SignalType`, `TrustSignal`, and `UnknownSymbolSignal` records to define various signal types and their properties.
- Implemented JSON serialization attributes for proper data interchange.
- Created project files for the new signal contracts library and corresponding test projects.
- Added deterministic test fixtures for micro-interaction testing.
- Included cryptographic keys for secure operations with cosign.
2025-12-05 00:27:00 +02:00

21 lines
1.4 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Evidence Locker Golden Fixtures (EB10)
Purpose: reference bundles and replay records used by CI to prove deterministic packaging, DSSE subject stability, and portable redaction behaviour.
## Layout
- `sealed/` sealed bundle ingredients (`manifest.json`, `checksums.txt`, DSSE `signature.json`, `bundle.json`, evidence ndjson) plus `expected.json`.
- `portable/` redacted bundle ingredients and `expected.json` noting masked fields and tenant token.
- `replay/` `replay.ndjson` with `expected.json` (recordDigest, sequence, ledger URI); ordering is canonical (recordedAtUtc, scanId).
## Expectations
- Gzip timestamp pinned to `2025-01-01T00:00:00Z`; tar entries use `0644` perms and fixed mtime.
- `checksums.txt` sorted lexicographically by `canonicalPath`; Merkle root equals `sha256sum checksums.txt`.
- DSSE subject ties to the Merkle root; manifest validates against `schemas/bundle.manifest.schema.json`.
- Portable bundles must exclude tenant identifiers and include redaction metadata in the manifest.
## How to (re)generate
1. Set `TZ=UTC` and ensure deterministic tool versions.
2. Run EvidenceLocker pipeline to produce sealed bundle; copy outputs here with expected hash values.
3. Produce portable bundle and replay records using the same input set; write `expected.json` capturing root hashes and replay digests.
4. Update xUnit tests in `StellaOps.EvidenceLocker.Tests` to consume these fixtures without network calls.
Reference in New Issue View Git Blame Copy Permalink