3.0 KiB
3.0 KiB
Replay Manifest (Deterministic Replay)
Module
__Libraries
Status
IMPLEMENTED
Description
Complete replay manifest system with versioning, export, validation, CAS (content-addressed storage) integration, and reachability-specific replay writers. Enables deterministic re-computation of verdicts.
Implementation Details
- ReplayManifest:
src/__Libraries/StellaOps.Replay.Core/ReplayManifest.cs-- core manifest model with versioned schema - ReplayManifestVersions:
src/__Libraries/StellaOps.Replay.Core/ReplayManifestVersions.cs-- version tracking and migration - ReplayManifestExtensions:
src/__Libraries/StellaOps.Replay.Core/ReplayManifestExtensions.cs-- helper extensions - ReplayManifestExporter:
src/__Libraries/StellaOps.Replay.Core/ReplayManifestExporter.cs-- multi-partial export pipeline:.Export.cs(main export flow),.BuildInputs.cs(input artifact refs),.BuildOutputs.cs(output artifact refs),.BuildToolchain.cs(tool version pinning),.BuildVerification.cs(verification metadata),.Hashing.cs(content-addressed hashing),.Metadata.cs(export metadata),.Verify.cs(post-export verification),.Convert.cs(format conversion) - ReplayManifestWriter:
src/__Libraries/StellaOps.Replay.Core/ReplayManifestWriter.cs--.Manifest.cs(manifest file writing) - ReachabilityReplayWriter:
src/__Libraries/StellaOps.Replay.Core/ReachabilityReplayWriter.cs-- reachability-specific:.Graphs.cs(graph serialization),.Hashing.cs(graph digest),.Traces.cs(trace recording) - StellaReplayBundleWriter:
src/__Libraries/StellaOps.Replay.Core/StellaReplayBundleWriter.cs-- multi-partial:.Entries.cs,.Sections.Config.cs,.Sections.Content.cs,.Sections.Outputs.cs,.Sign.cs(DSSE signing),.Write.cs(bundle writing) - Export Models:
src/__Libraries/StellaOps.Replay.Core/-- ExportArtifactRef, ExportCiEnvironment, ExportFeedSnapshot, ExportFindingsSummary, ExportInputArtifacts, ExportOutputArtifacts, ExportPolicyBundle, ExportReachabilityInput, ExportSbomInput, ExportToolchainInfo, ExportVerificationInfo, ExportVexInput, ExportSnapshotInfo, ExportMetadataInfo - Pinning Models:
src/__Libraries/StellaOps.Replay.Core/-- FeedVersion, KnowledgeSnapshot, LatticeConfig, PolicyBundleRef, RandomSeed, ReachSubgraphRef, SbomRef, TrustConfig, VexDocRef - Tests:
src/__Libraries/StellaOps.Replay.Core.Tests/ - Source: Feature matrix scan
E2E Test Plan
- Verify replay manifest captures all input hashes (feed, SBOM, VEX, policy, tool versions)
- Test manifest export produces complete bundle with inputs, outputs, toolchain, verification sections
- Verify ReachabilityReplayWriter serializes graphs with deterministic hashing
- Test StellaReplayBundleWriter produces DSSE-signed bundles
- Verify manifest versioning enables backward-compatible upgrades
- Test export verification detects tampered bundles
- Verify CAS references maintain content integrity across export/import
- Test manifest round-trip: export -> import produces identical manifest