5146204f1b
- Introduced `sink-detect.js` with various security sink detection patterns categorized by type (e.g., command injection, SQL injection, file operations). - Implemented functions to build a lookup map for fast sink detection and to match sink calls against known patterns. - Added `package-lock.json` for dependency management.
51 lines
1.3 KiB
Markdown
51 lines
1.3 KiB
Markdown
# SPRINT_4400 SUMMARY: Delta Verdicts & Reachability Attestations
|
|
|
|
## Program Overview
|
|
|
|
| Field | Value |
|
|
|-------|-------|
|
|
| **Program ID** | 4400 |
|
|
| **Theme** | Attestable Change Control: Delta Verdicts & Reachability Proofs |
|
|
| **Priority** | P2 (Medium) |
|
|
| **Total Effort** | ~4 weeks |
|
|
| **Advisory Source** | 19-Dec-2025 - Stella Ops candidate features mapped to moat strength |
|
|
|
|
---
|
|
|
|
## Strategic Context
|
|
|
|
This program extends the attestation infrastructure to cover:
|
|
1. **Smart-Diff semantic delta** — Changes in exploitable surface as signed artifacts
|
|
2. **Reachability proofs** — Call-path subgraphs as portable evidence
|
|
|
|
---
|
|
|
|
## Sprint Breakdown
|
|
|
|
| Sprint ID | Title | Effort | Moat |
|
|
|-----------|-------|--------|------|
|
|
| 4400_0001_0001 | Signed Delta Verdict Attestation | 2 weeks | 4 |
|
|
| 4400_0001_0002 | Reachability Subgraph Attestation | 2 weeks | 4 |
|
|
|
|
---
|
|
|
|
## Dependencies
|
|
|
|
- **Requires**: SPRINT_4300_0001_0001 (OCI Verdict Push)
|
|
- **Requires**: MaterialRiskChangeDetector (exists)
|
|
- **Requires**: PathWitnessBuilder (exists)
|
|
|
|
---
|
|
|
|
## Outcomes
|
|
|
|
1. Delta verdicts become attestable change-control artifacts
|
|
2. Reachability analysis produces portable proof subgraphs
|
|
3. Both can be pushed to OCI registries as referrers
|
|
|
|
---
|
|
|
|
**Sprint Series Status:** DONE
|
|
|
|
**Created:** 2025-12-22
|