git.stella-ops.org/tests/Vex/ProofBundles/sample-proof-bundle-config.json

{
  "id": "urn:stellaops:proofbundle:config-guard-1",
  "version": "1.0.0",
  "created_at": "2025-12-04T00:00:00Z",
  "created_by": "StellaOps Policy Guild",
  "graph": {
    "hash": "blake3:74640754695e6e5cda4156a0ef1fd3a557d802ef118fef8afaed67089cd39cb1",
    "dsse": {
      "path": "tests/Vex/ProofBundles/cas/graph.json.dsse.json",
      "sha256": "sha256:3bb1dc6af5c974635ed387fdf938f5a983c370d77d01a032aa63f5407efcfc7f",
      "payload_sha256": "sha256:34d8051bb97bd3c034e6a2221474ce2faaaca59357721fa1b47df88a281d057b"
    }
  },
  "openvex": {
    "path": "tests/Vex/ProofBundles/openvex-config.json",
    "statement_id": "urn:stellaops:vex:statement:config-guard-1",
    "canonical_sha256": "sha256:0a3fa66fdd50ef88a1b34ae6776045a8e9a4317720d7d875535d916fbb7f81b9",
    "canonical_blake3": "blake3:72048e489468656312ecac497da8daea731804a530f01d19bb393fef7274c736",
    "serialization": "canonical-json"
  },
  "justification": {
    "id": "VEX3.config_not_vulnerable",
    "dsse": {
      "path": "docs/benchmarks/vex-justifications.catalog.dsse.json",
      "sha256": "sha256:7df3cbd970bc851b51ce35ff1c61f927b62fe3514e5ff6313a5bad26d675b0c7"
    }
  },
  "entrypoints": [
    {
      "id": "app://api/GET-/healthz",
      "coverage_percent": 97.4,
      "negative_tests": true,
      "config_hash": "sha256:bb490ce4cde60768e2b61571bbe448290e4256d2d930adea0ee24c07e5c63dbc",
      "flags_hash": "sha256:d060ab8cdf75aeda6363bcc6de495e27b53c9d5938d97f5492e864681d8cbe53"
    },
    {
      "id": "app://worker/queue/default",
      "coverage_percent": 97.1,
      "negative_tests": true,
      "config_hash": "sha256:bb490ce4cde60768e2b61571bbe448290e4256d2d930adea0ee24c07e5c63dbc",
      "flags_hash": "sha256:d060ab8cdf75aeda6363bcc6de495e27b53c9d5938d97f5492e864681d8cbe53"
    }
  ],
  "evidence": [
    {
      "type": "graph",
      "cas_uri": "cas://graph.json",
      "hash": "blake3:74640754695e6e5cda4156a0ef1fd3a557d802ef118fef8afaed67089cd39cb1",
      "dsse": {
        "path": "tests/Vex/ProofBundles/cas/graph.json.dsse.json",
        "sha256": "sha256:3bb1dc6af5c974635ed387fdf938f5a983c370d77d01a032aa63f5407efcfc7f"
      },
      "expires_at": "2026-12-31T00:00:00Z"
    },
    {
      "type": "coverage",
      "cas_uri": "cas://coverage.json",
      "hash": "sha256:422f9840d6facaae093d6496eeac472e10b19519854953454107c1b14945f510",
      "dsse": {
        "path": "tests/Vex/ProofBundles/cas/coverage.json.dsse.json",
        "sha256": "sha256:606864d2165b9ddfea664dca36318616e5ea575e2e96e7fa2bc204cc3f79fe2f"
      },
      "expires_at": "2026-06-30T00:00:00Z"
    },
    {
      "type": "runtime_trace",
      "cas_uri": "cas://runtime-trace.ndjson",
      "hash": "sha256:c0a91f645b899e4572ec24603916cdfe982934f47ebdaec2ef67ee9303568a77",
      "expires_at": "2026-06-30T00:00:00Z"
    },
    {
      "type": "negative_test",
      "cas_uri": "cas://negative-tests.ndjson",
      "hash": "sha256:09efda057796b8f0f0fa001505d9e684cf04e05ac8e3c6fe24476a367bb78aaa",
      "expires_at": "2026-06-30T00:00:00Z"
    },
    {
      "type": "config",
      "cas_uri": "cas://config.lock",
      "hash": "sha256:bb490ce4cde60768e2b61571bbe448290e4256d2d930adea0ee24c07e5c63dbc",
      "expires_at": "2026-03-31T00:00:00Z"
    },
    {
      "type": "flags",
      "cas_uri": "cas://flags.json",
      "hash": "sha256:d060ab8cdf75aeda6363bcc6de495e27b53c9d5938d97f5492e864681d8cbe53",
      "expires_at": "2026-03-31T00:00:00Z"
    }
  ],
  "reevaluation": {
    "on_sbom_change": true,
    "on_graph_change": true,
    "on_runtime_change": true,
    "ttl_days": 30
  },
  "rbac": {
    "roles_allowed": [
      "vex-author",
      "policy-admin"
    ],
    "approvals_required": 2,
    "enforcement": "policy+signer"
  },
  "uncertainty": {
    "state": "U2-medium",
    "entropy": 0.17,
    "notes": "Config gating + negative tests; coverage >97%."
  },
  "policy": {
    "decision": "not_affected",
    "decision_reason": "config_not_vulnerable",
    "openvex_serialization": "canonical-json",
    "canonical_encoding": "JCS"
  },
  "signatures": [
    {
      "type": "dsse",
      "key_id": "demo-root",
      "sig": "C3miJFhDRdNTxnBJSXSKeiilqTaF44poXV3GHAjfVxQ=",
      "envelope_digest": "sha256:ea551c28a3b463f6e510e19674da9051e2e02d5dfd1507697750cc3def649667",
      "rekor_log_id": "demo-log",
      "rekor_entry_uuid": "demo-entry-0002",
      "transparency_checkpoint": "checkpoint-config"
    }
  ]
}