stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
5a480a3c2a4e6edd0cf4a6d8f9f5e8c92715e74b
git.stella-ops.org/src/Cli/StellaOps.Cli/Output/OfflineKitReasonCodes.cs
master 5a480a3c2a
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Export Center CI / export-ci (push) Has been cancelled
Details
Findings Ledger CI / build-test (push) Has been cancelled
Details
Findings Ledger CI / migration-validation (push) Has been cancelled
Details
Findings Ledger CI / generate-manifest (push) Has been cancelled
Details
Lighthouse CI / Lighthouse Audit (push) Has been cancelled
Details
Lighthouse CI / Axe Accessibility Audit (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
Reachability Corpus Validation / validate-corpus (push) Has been cancelled
Details
Reachability Corpus Validation / validate-ground-truths (push) Has been cancelled
Details
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Details
Signals CI & Image / signals-ci (push) Has been cancelled
Details
Signals Reachability Scoring & Events / reachability-smoke (push) Has been cancelled
Details
Reachability Corpus Validation / determinism-check (push) Has been cancelled
Details
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
Details
Signals Reachability Scoring & Events / sign-and-upload (push) Has been cancelled
Details
Add call graph fixtures for various languages and scenarios 
- Introduced `all-edge-reasons.json` to test edge resolution reasons in .NET.
- Added `all-visibility-levels.json` to validate method visibility levels in .NET.
- Created `dotnet-aspnetcore-minimal.json` for a minimal ASP.NET Core application.
- Included `go-gin-api.json` for a Go Gin API application structure.
- Added `java-spring-boot.json` for the Spring PetClinic application in Java.
- Introduced `legacy-no-schema.json` for legacy application structure without schema.
- Created `node-express-api.json` for an Express.js API application structure.
2025-12-16 10:44:24 +02:00

64 lines
3.2 KiB
C#
Raw Blame History

using StellaOps.Cli.Commands;
namespace StellaOps.Cli.Output;
public static class OfflineKitReasonCodes
{
public const string HashMismatch = "HASH_MISMATCH";
public const string SigFailCosign = "SIG_FAIL_COSIGN";
public const string SigFailManifest = "SIG_FAIL_MANIFEST";
public const string DsseVerifyFail = "DSSE_VERIFY_FAIL";
public const string RekorVerifyFail = "REKOR_VERIFY_FAIL";
public const string SelfTestFail = "SELFTEST_FAIL";
public const string VersionNonMonotonic = "VERSION_NON_MONOTONIC";
public const string PolicyDeny = "POLICY_DENY";
public static string? Normalize(string? reasonCode)
=> string.IsNullOrWhiteSpace(reasonCode) ? null : reasonCode.Trim().ToUpperInvariant();
public static int GetExitCode(string? reasonCode)
{
reasonCode = Normalize(reasonCode);
return reasonCode switch
{
HashMismatch => OfflineExitCodes.ChecksumMismatch,
SigFailCosign => OfflineExitCodes.SignatureFailure,
SigFailManifest => OfflineExitCodes.SignatureFailure,
DsseVerifyFail => OfflineExitCodes.DsseVerificationFailed,
RekorVerifyFail => OfflineExitCodes.RekorVerificationFailed,
VersionNonMonotonic => OfflineExitCodes.VersionNonMonotonic,
PolicyDeny => OfflineExitCodes.PolicyDenied,
SelfTestFail => OfflineExitCodes.SelftestFailed,
null => OfflineExitCodes.ImportFailed,
_ => OfflineExitCodes.ImportFailed
};
}
public static string? GetRemediation(string? reasonCode)
{
reasonCode = Normalize(reasonCode);
return reasonCode switch
{
HashMismatch =>
"Re-download the bundle and re-run import. If using removable media, verify the device is healthy and that the bundle digest matches the manifest.",
SigFailCosign =>
"Verify the Cosign signature and trust roots. Ensure you imported the correct signing public keys and that the signature matches the bundle.",
SigFailManifest =>
"Verify the manifest signature and trust roots. Ensure the manifest and its detached signature belong to the same kit version.",
DsseVerifyFail =>
"Verify DSSE trust roots and that the envelope key ID matches an allowed signer. Re-export the kit if the envelope is missing or malformed.",
RekorVerifyFail =>
"Verify Rekor inclusion proof settings (offline snapshot, UUID/index) and re-run verification. Check for time skew and stale transparency data.",
VersionNonMonotonic =>
"The incoming kit version is older than the active version. Import a newer kit, or use --force-activate (with a reason) for emergency rollback testing only.",
PolicyDeny =>
"The current policy denies activation. Review policy gates, waivers, and VEX precedence; then re-run import after updating policy inputs.",
SelfTestFail =>
"Run the Offline Kit self-test and review its output. Confirm required binaries, permissions, and disk space are available in the air-gapped environment.",
null => null,
_ => null
};
}
}
Reference in New Issue View Git Blame Copy Permalink