7503c19b8f
- Implemented comprehensive tests for verdict artifact generation to ensure deterministic outputs across various scenarios, including identical inputs, parallel execution, and change ordering. - Created helper methods for generating sample verdict inputs and computing canonical hashes. - Added tests to validate the stability of canonical hashes, proof spine ordering, and summary statistics. - Introduced a new PowerShell script to update SHA256 sums for files, ensuring accurate hash generation and file integrity checks.
1.2 KiB
1.2 KiB
Data isolation model (PostgreSQL)
StellaOps uses PostgreSQL as the canonical durable store. Isolation is achieved by:
- One schema per service (clear ownership boundaries).
- Tenant identifiers on all tenant-scoped records (enabling row-level strategies where required).
- Append-only patterns for specific evidence stores to preserve replayability.
Schema ownership map
| Schema | Owner (primary) | Data class |
|---|---|---|
authority |
Authority | Identity, clients, keys, auth audit trails. |
scanner |
Scanner | Scan manifests, triage, scan result metadata. |
vuln |
Concelier | Advisory raw documents, linksets, observations. |
vex |
Excititor | VEX raw statements and consensus state. |
scheduler |
Scheduler | Job orchestration state. |
notify |
Notify | Notifications state and delivery history. |
policy |
Policy | Exceptions, policy snapshots, unknown tracking. |
orchestrator |
Orchestrator | Workflow orchestration state. |
Where to find authoritative schemas
This document is descriptive. The authoritative contract is:
- Module dossiers and migration notes under
docs/modules/<module>/ - Database schema reference:
docs/11_DATA_SCHEMAS.md