stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
7be4e855d69f59ea7837af96fef37fdac63a41fe
git.stella-ops.org/docs/features/checked/libraries/stellaverdict-unified-artifact-with-json-ld-context.md
master e9aeadc040 save checkpoint
2026-02-14 09:11:48 +02:00

36 lines
3.4 KiB
Markdown
Raw Blame History

# StellaVerdict Unified Artifact with JSON-LD Context
## Module
__Libraries
## Status
VERIFIED
## Description
Consolidates multiple verdict-related artifacts (score, evidence, attestation, policy trace) into a single unified StellaVerdict schema with JSON-LD context. Includes VerdictAssemblyService for composing verdicts from PolicyVerdict + ProofBundle + KnowledgeInputs, content-addressable verdictId (`urn:stella:verdict:sha256:...`), and comprehensive sub-models for subjects, claims, inputs, evidence graphs, policy paths, results, provenance, and signatures.
## Implementation Details
- **StellaVerdict**: `src/__Libraries/StellaOps.Verdict/Schema/StellaVerdict.cs` -- sealed record with JSON-LD `@context` ("https://stella-ops.org/schema/verdict/v1") and `@type` ("StellaVerdict"); `VerdictId` (`urn:stella:verdict:sha256:...`), `SchemaVersion` ("1.0"), `VerdictVersion` (int); nested records: `VerdictSubject` (NodeId, Purl, ImageRef, Digest, Environment), `VerdictClaim` (VerdictStatus enum: Pass/Fail/Warn/Error/Unknown, Confidence 0-1, Summary, Details), `VerdictInputs` (Advisories, VexStatements, CvssScores, EpssScores, KevEntries, ReachabilityResults, PolicyRules, SbomComponents), `VerdictEvidenceGraph` (RootId, Nodes list, Edges list), `VerdictPolicyStep` (RuleId, RuleName, Input, Output, Decision enum: Allow/Block/Warn/Skip), `VerdictResult` (Verdict, PolicyPath list, Timestamp, Expiry, Deterministic bool), `VerdictProvenance` (GeneratorId, GeneratorVersion, BuildId, SourceCommit, Environment, GeneratedAt), `VerdictSignature` (Algorithm, KeyId, Value, Certificate, Timestamp)
- **VerdictAssemblyService**: `src/__Libraries/StellaOps.Verdict/Services/VerdictAssemblyService.cs` -- implements `IVerdictAssemblyService`; `AssembleVerdict(context)` orchestrates composition via: `BuildSubject(context)`, `BuildClaim(context)`, `BuildInputs(context)`, `BuildEvidenceGraph(context)`, `BuildPolicyPath(context)`, `BuildResult(context)`, `BuildProvenance(context)`; takes `VerdictAssemblyContext` with `PolicyVerdict`, `ProofBundle`, `KnowledgeInputs` (`VerdictKnowledgeInputs` record with advisory/VEX/CVSS/EPSS/KEV/reachability/policy/SBOM data); generates content-addressed `VerdictId` via SHA-256 of canonical JSON
- **IVerdictAssemblyService**: `src/__Libraries/StellaOps.Verdict/Services/VerdictAssemblyService.cs` -- interface: `AssembleVerdict(VerdictAssemblyContext)` returns `StellaVerdict`
- **VerdictAssemblyContext**: `src/__Libraries/StellaOps.Verdict/Services/VerdictAssemblyService.cs` -- record with `PolicyVerdict`, `ProofBundle`, `KnowledgeInputs` (`VerdictKnowledgeInputs`)
- **Source**: SPRINT_1227_0014_0001_BE_stellaverdict_consolidation.md
## E2E Test Plan
- [ ] Verify StellaVerdict includes JSON-LD @context and @type fields
- [ ] Test VerdictId is content-addressed (same inputs produce same urn:stella:verdict:sha256:...)
- [ ] Verify VerdictAssemblyService composes verdict from PolicyVerdict + ProofBundle + KnowledgeInputs
- [ ] Test VerdictClaim.VerdictStatus enum covers Pass/Fail/Warn/Error/Unknown
- [ ] Verify VerdictInputs captures all knowledge sources (advisories, VEX, CVSS, EPSS, KEV, reachability)
- [ ] Test VerdictEvidenceGraph contains linked nodes and edges
- [ ] Verify VerdictPolicyStep records policy evaluation path with decisions
- [ ] Test VerdictProvenance captures generator, build, and source commit information
## Verification
- **Verified**: 2026-02-13T20:30:00Z
- **Run**: run-001
- **Tier**: Tier 2d (Library/Internal)
- **Verdict**: PASS
Reference in New Issue View Git Blame Copy Permalink