fcb5ffe25d
- Fix namespace conflicts (Subgraph → PoESubgraph) - Add hash sanitization for Windows filesystem (colon → underscore) - Update all test mocks to use It.IsAny<>() - Add direct orchestrator unit tests - All 8 PoE tests now passing (100% success rate) - Complete SPRINT_3500_0001_0001 documentation Fixes compilation errors and Windows filesystem compatibility issues. Tests: 8/8 passing Files: 8 modified, 1 new test, 1 completion report 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
1.3 KiB
1.3 KiB
Data and schemas
Storage layers
- PostgreSQL: canonical store with schema isolation per module.
- Valkey: cache, queues, and event streams.
- RustFS: content-addressed object storage for artifacts and evidence bundles.
Deterministic data rules
- Use canonical JSON and stable ordering.
- All timestamps are UTC ISO 8601.
- Arrays are sorted by deterministic keys where defined.
Schema ownership
- Each module owns its PostgreSQL schema and migrations.
- Cross-schema reads are explicit and minimized.
Typical schemas
- auth: Authority
- vuln: Concelier advisories
- vex: Excititor VEX statements
- policy: policy packs, unknowns, decisions
- scanner: scan manifests, SBOM metadata, reachability
- scheduler: schedules, runs, impact snapshots
- notify: rules, channels, deliveries
Content-addressed layouts (example)
- layers//sbom.cdx.json.zst
- images//inventory.cdx.pb
- indexes//bom-index.bin
- attest/.dsse.json
Aggregation-Only Contract (AOC)
- advisory_raw and vex_raw are append-only and immutable.
- Idempotency uses content hash and supersedes chains.
- Derived findings are produced only by the Policy Engine.
Schema catalogs
- docs/schemas: JSON schemas and OpenAPI fragments.
- docs/contracts: protocol and contract definitions.
- docs/db: schema specs and migration rules.