7503c19b8f
- Implemented comprehensive tests for verdict artifact generation to ensure deterministic outputs across various scenarios, including identical inputs, parallel execution, and change ordering. - Created helper methods for generating sample verdict inputs and computing canonical hashes. - Added tests to validate the stability of canonical hashes, proof spine ordering, and summary statistics. - Introduced a new PowerShell script to update SHA256 sums for files, ensuring accurate hash generation and file integrity checks.
1.5 KiB
1.5 KiB
VEX Consensus JSON (Payload Reference)
This document describes the shape of consensus records returned by consensus APIs and exported in Offline Kit snapshots. Field names and structure may vary slightly by gateway serialization, but the semantic contract is stable.
Consensus Record (Conceptual)
{
"artifact": "pkg:rpm/redhat/openssl@3.0.9",
"advisory": "CVE-2025-13579",
"status": "not_affected",
"confidence": 0.92,
"issued_at": "2025-08-30T12:05:00Z",
"consensus_digest": "sha256:…",
"derived_from": [
{
"source_digest": "sha256:…",
"issuer": "vendor:redhat",
"status": "not_affected",
"timestamp": "2025-08-30T12:00:00Z",
"trust": { "tier": "vendor", "weight": 1.0 },
"verification": { "signature": "verified" }
}
],
"conflicts": [
{
"source_digest": "sha256:…",
"issuer": "vendor:upstream",
"status": "affected",
"timestamp": "2025-08-29T00:00:00Z",
"trust": { "tier": "vendor", "weight": 0.8 }
}
]
}
Determinism Rules
- Timestamps are UTC ISO-8601.
- Arrays (
derived_from,conflicts) are in a stable order (typically the evaluation sort order). consensus_digestis computed over canonical, deterministic JSON bytes for the record (or over an equivalent canonical projection).
Related Docs
- Algorithm overview:
docs/vex/consensus-algorithm.md - Endpoints:
docs/vex/consensus-api.md - Module details:
docs/modules/vex-lens/architecture.md