stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
d3ecd7f8e6d6a6d61ec629e21a780390f6ed143b
git.stella-ops.org/samples/graph/fixtures-plan.md
master d3ecd7f8e6 nuget reorganization
2025-11-18 23:45:25 +02:00

2.1 KiB
Raw Blame History

Graph Fixtures Plan (SAMPLES-GRAPH-24-003)

Goals

  • Produce a deterministic large-scale SBOM graph fixture (~40k nodes) with policy overlay snapshot for perf/regression suites (UI/CLI/Graph API).
  • Align with current graph node/edge schema and overlay format used by StellaOps.Graph.Indexer and Vulnerability Explorer.
  • Ensure offline parity: fixtures packaged for Offline Kit consumption (NDJSON + manifest hashes).

Assumptions / Pending confirmations

  • Overlay format: waiting on Graph Guild decision (checkpoint 2025-11-22) regarding overlay fields and snapshot manifest layout.
  • SBOM bundle source: use scanner surface mock bundle v1 unless real caches land; confirm with Graph Guild.
  • Tenant: default to demo-tenant unless advised otherwise; all IDs and timestamps must be deterministic.

Proposed fixture contents

  • nodes.ndjson: ~40k nodes; sorted by id; includes artifact, package, relationship nodes.
  • edges.ndjson: matching edges; sorted by id.
  • overlays/policy.ndjson: policy overlay snapshot aligned with chosen overlay schema.
  • manifest.json: hashes (SHA-256) of all files plus counts; UTC timestamps rounded to seconds.
  • README.md: execution + verification steps, expected counts/hashes.

Generation sketch

  1. Start from existing mock SBOM bundle (scanner surface v1); sample driver script will:
    • deterministically seed random generators;
    • produce nodes/edges via Graph Indexer schema helpers;
    • emit overlays using placeholder policy verdicts (allow/deny/defer) until final schema confirmed.
  2. Write NDJSON with stable ordering; compute SHA-256 for each file; write manifest.
  3. Run validation script to assert counts, schema shape, and hash reproducibility.

Open items (to resolve before data generation)

  • Confirm overlay field set and file naming (Graph Guild, due 2025-11-22).
  • Confirm allowed mock SBOM source list and artifact naming (Graph Guild / SBOM Service Guild).
  • Provide expected node/edge cardinality breakdown (packages vs files vs relationships) to guide generation.

Next steps

  • Blocked pending overlay/schema confirmation; revisit after 2025-11-22 checkpoint.