stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
e716bc6adca8d1a3ac5a24ad491e5fa99e31cf1c
git.stella-ops.org/docs/features/unchecked/libraries/replayable-evidence-packs.md

3.1 KiB
Raw Blame History

Replayable evidence packs (time-stamped queryable bundles for audits)

Module

__Libraries

Status

IMPLEMENTED

Description

Replay executor with drift tracking, verdict attestation, and E2E tests implement time-travel replay of evidence bundles for audit use cases.

Implementation Details

  • AuditPackBuilder: src/__Libraries/StellaOps.AuditPack/AuditPackBuilder.cs -- multi-partial: .Build.cs (assemble audit pack), .Collectors.cs (evidence collectors), .Digests.cs (input digest computation), .Export.cs (export to archive), .Files.cs (file entry management)
  • AuditBundleWriter: src/__Libraries/StellaOps.AuditPack/AuditBundleWriter.cs -- multi-partial: .Write.cs, .Entries.cs, .EntryHelpers.cs, .Manifest.cs, .Merkle.cs (Merkle tree for bundle integrity), .Digests.cs, .Signing.cs (DSSE signing), .Models.cs
  • AuditBundleReader: src/__Libraries/StellaOps.AuditPack/AuditBundleReader.cs -- multi-partial: .Read.cs, .Extract.cs, .ExtractionHandling.cs, .Hashing.cs, .InputDigests.cs, .Manifest.cs, .Merkle.cs, .Models.cs, .Paths.cs, .ReplayInputs.cs, .Signature.cs, .Verification.cs
  • ReplayExecutor: src/__Libraries/StellaOps.AuditPack/ReplayExecutor.cs -- multi-partial: .Execute.cs, .ExecuteInternal.cs, .Drift.cs, .DriftTracking.cs, .Hashing.cs, .JsonDiff.cs/.JsonDiff.Helpers.cs, .Policy.cs; tracks drift between original and replayed evidence
  • ReplayAttestationService: src/__Libraries/StellaOps.AuditPack/ReplayAttestationService.cs -- multi-partial: .Generate.cs, .Batch.cs, .DsseEnvelope.cs, .Hashing.cs, .Statement.cs (in-toto statement), .Verify.cs
  • IsolatedReplayContext: src/__Libraries/StellaOps.AuditPack/IsolatedReplayContext.cs -- multi-partial: .Initialize.cs, .ExtractInputs.cs, .Digests.cs, .Dispose.cs, .Paths.cs; provides isolated environment for deterministic replay
  • VerdictReplayPredicate: src/__Libraries/StellaOps.AuditPack/VerdictReplayPredicate.cs -- multi-partial: .Eligibility.cs, .Predict.cs, .Divergence.cs, .DivergenceHelpers.cs
  • AuditPackExportService: src/__Libraries/StellaOps.AuditPack/AuditPackExportService.cs -- multi-partial: .Json.cs, .Zip.cs, .ZipHelpers.cs, .Dsse.cs, .Repository.cs
  • Telemetry: src/__Libraries/StellaOps.AuditPack/ReplayTelemetry.cs -- multi-partial: .Activity.cs, .Attestation.cs, .Counters.cs, .Eligibility.cs, .Execution.cs, .Gauges.cs, .Histograms.cs, .Meter.cs
  • Source: Feature matrix scan

E2E Test Plan

  • Verify AuditPackBuilder assembles complete evidence pack with all collectors
  • Test AuditBundleWriter produces signed bundle with Merkle tree integrity
  • Verify AuditBundleReader can extract and verify bundle contents
  • Test ReplayExecutor performs time-travel replay and tracks drift
  • Verify ReplayAttestationService generates DSSE-signed in-toto attestations
  • Test IsolatedReplayContext provides deterministic isolated replay environment
  • Verify VerdictReplayPredicate correctly predicts replay eligibility and divergence
  • Test AuditPackExportService exports to JSON and ZIP formats with DSSE signing