56e2dc01ee
- Created `StellaOps.AuditPack.Tests.csproj` for unit testing the AuditPack library. - Implemented comprehensive unit tests in `index.test.js` for AST parsing, covering various JavaScript and TypeScript constructs including functions, classes, decorators, and JSX. - Added `sink-detect.test.js` to test security sink detection patterns, validating command injection, SQL injection, file write, deserialization, SSRF, NoSQL injection, and more. - Included tests for taint source detection in various contexts such as Express, Koa, and AWS Lambda.
1.3 KiB
1.3 KiB
SPRINT_4400 SUMMARY: Delta Verdicts & Reachability Attestations
Program Overview
| Field | Value |
|---|---|
| Program ID | 4400 |
| Theme | Attestable Change Control: Delta Verdicts & Reachability Proofs |
| Priority | P2 (Medium) |
| Total Effort | ~4 weeks |
| Advisory Source | 19-Dec-2025 - Stella Ops candidate features mapped to moat strength |
Strategic Context
This program extends the attestation infrastructure to cover:
- Smart-Diff semantic delta — Changes in exploitable surface as signed artifacts
- Reachability proofs — Call-path subgraphs as portable evidence
Sprint Breakdown
| Sprint ID | Title | Effort | Moat |
|---|---|---|---|
| 4400_0001_0001 | Signed Delta Verdict Attestation | 2 weeks | 4 |
| 4400_0001_0002 | Reachability Subgraph Attestation | 2 weeks | 4 |
Dependencies
- Requires: SPRINT_4300_0001_0001 (OCI Verdict Push)
- Requires: MaterialRiskChangeDetector (exists)
- Requires: PathWitnessBuilder (exists)
Outcomes
- Delta verdicts become attestable change-control artifacts
- Reachability analysis produces portable proof subgraphs
- Both can be pushed to OCI registries as referrers
Sprint Series Status: DONE
Created: 2025-12-22