4dc7cf834a
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Console CI / console-ci (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Export Center CI / export-ci (push) Has been cancelled
VEX Proof Bundles / verify-bundles (push) Has been cancelled
- Introduced sample proof bundle configuration files for testing, including `sample-proof-bundle-config.dsse.json`, `sample-proof-bundle.dsse.json`, and `sample-proof-bundle.json`. - Implemented a verification script `test_verify_sample.sh` to validate proof bundles against specified schemas and catalogs. - Updated existing proof bundle configurations with new metadata, including versioning, created timestamps, and justification details. - Enhanced evidence entries with expiration dates and hashes for better integrity checks. - Ensured all new configurations adhere to the defined schema for consistency and reliability in testing.
Export kit fixtures (EC10)
Fixtures used by determinism/rerun-hash CI and the offline verify script. They are intentionally small, deterministic, and offline-friendly.
manifest.json— sample mirror:delta manifest with selector validation and integrity headers.manifest.sha256— hash for tamper detection.manifest.dsse— DSSE envelope (placeholder signature) carrying the manifest payload.provenance.json— SLSA v1-style provenance with hashedrekord log metadata.
The verify script in docs/modules/export-center/operations/verify-export-kit.sh expects these files to be present when running in fixture mode (VERIFY_FIXTURE=1).