stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
bd78523564bb268967f604801b431d72ffbb1103
git.stella-ops.org/docs/contracts/federated-telemetry-v1.md
master b5829dce5c archive audit attempts
2026-02-19 22:07:11 +02:00

127 lines
3.5 KiB
Markdown
Raw Blame History

# Predicate Schema: stella.ops/federatedTelemetry@v1
## Overview
This predicate type represents a privacy-preserving telemetry bundle produced by a Stella Ops instance participating in federated exploit intelligence sharing. Each bundle contains differentially private aggregated CVE observation data.
## Predicate Type
```
stella.ops/federatedTelemetry@v1
```
## Schema
```json
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"type": "object",
"required": ["id", "siteId", "predicateType", "aggregatedAt", "totalFacts", "suppressedBuckets", "epsilonSpent", "buckets", "consentDigest", "createdAt"],
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "Unique bundle identifier"
},
"siteId": {
"type": "string",
"description": "Identifier of the originating federation site"
},
"predicateType": {
"type": "string",
"const": "stella.ops/federatedTelemetry@v1"
},
"aggregatedAt": {
"type": "string",
"format": "date-time",
"description": "Timestamp of the aggregation cycle"
},
"totalFacts": {
"type": "integer",
"minimum": 0,
"description": "Total number of telemetry facts processed"
},
"suppressedBuckets": {
"type": "integer",
"minimum": 0,
"description": "Number of buckets suppressed by k-anonymity or budget exhaustion"
},
"epsilonSpent": {
"type": "number",
"minimum": 0,
"description": "Total epsilon consumed in this aggregation"
},
"buckets": {
"type": "array",
"items": {
"type": "object",
"required": ["cveId", "noisyCount", "artifactCount"],
"properties": {
"cveId": {
"type": "string",
"description": "CVE identifier (e.g., CVE-2024-12345)"
},
"noisyCount": {
"type": "number",
"minimum": 0,
"description": "Observation count with Laplacian noise applied"
},
"artifactCount": {
"type": "integer",
"minimum": 0,
"description": "Number of distinct artifacts contributing to this bucket"
}
}
},
"description": "Non-suppressed aggregation buckets"
},
"consentDigest": {
"type": "string",
"description": "DSSE digest of the active consent proof at time of aggregation"
},
"createdAt": {
"type": "string",
"format": "date-time",
"description": "Timestamp when the bundle was created"
}
}
}
```
## Validation Rules
1. `id` must be a valid UUID v4.
2. `siteId` must be non-empty and match the originating site's configured identifier.
3. `epsilonSpent` must not exceed the site's total epsilon budget.
4. `consentDigest` must reference a valid, non-expired consent proof.
5. Each bucket's `artifactCount` must be >= the configured k-anonymity threshold.
6. `noisyCount` values are non-negative (noise-adjusted, may differ from true counts).
## Example Payload
```json
{
"id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"siteId": "site-production-us-east",
"predicateType": "stella.ops/federatedTelemetry@v1",
"aggregatedAt": "2026-02-20T14:30:00Z",
"totalFacts": 1547,
"suppressedBuckets": 3,
"epsilonSpent": 0.0833,
"buckets": [
{
"cveId": "CVE-2024-21626",
"noisyCount": 42.7,
"artifactCount": 12
},
{
"cveId": "CVE-2024-3094",
"noisyCount": 8.2,
"artifactCount": 6
}
],
"consentDigest": "sha256:abc123def456...",
"createdAt": "2026-02-20T14:30:05Z"
}
```
Reference in New Issue View Git Blame Copy Permalink