e923880694
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Export Center CI / export-ci (push) Has been cancelled
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
- Introduced DigestUpsertRequest for handling digest upsert requests with properties like ChannelId, Recipient, DigestKey, Events, and CollectUntil. - Created LockEntity to represent a lightweight distributed lock entry with properties such as Id, TenantId, Resource, Owner, ExpiresAt, and CreatedAt. feat: Implement ILockRepository interface and LockRepository class - Defined ILockRepository interface with methods for acquiring and releasing locks. - Implemented LockRepository class with methods to try acquiring a lock and releasing it, using SQL for upsert operations. feat: Add SurfaceManifestPointer record for manifest pointers - Introduced SurfaceManifestPointer to represent a minimal pointer to a Surface.FS manifest associated with an image digest. feat: Create PolicySimulationInputLock and related validation logic - Added PolicySimulationInputLock record to describe policy simulation inputs and expected digests. - Implemented validation logic for policy simulation inputs, including checks for digest drift and shadow mode requirements. test: Add unit tests for ReplayVerificationService and ReplayVerifier - Created ReplayVerificationServiceTests to validate the behavior of the ReplayVerificationService under various scenarios. - Developed ReplayVerifierTests to ensure the correctness of the ReplayVerifier logic. test: Implement PolicySimulationInputLockValidatorTests - Added tests for PolicySimulationInputLockValidator to verify the validation logic against expected inputs and conditions. chore: Add cosign key example and signing scripts - Included a placeholder cosign key example for development purposes. - Added a script for signing Signals artifacts using cosign with support for both v2 and v3. chore: Create script for uploading evidence to the evidence locker - Developed a script to upload evidence to the evidence locker, ensuring required environment variables are set.
StellaOps Database Documentation
This directory contains all documentation related to the StellaOps database architecture, including the MongoDB to PostgreSQL conversion project.
Document Index
| Document | Purpose |
|---|---|
| SPECIFICATION.md | PostgreSQL schema design specification, data types, naming conventions |
| RULES.md | Database coding rules, patterns, and constraints for all developers |
| CONVERSION_PLAN.md | Strategic plan for MongoDB to PostgreSQL conversion |
| VERIFICATION.md | Testing and verification requirements for database changes |
Task Definitions
Sprint-level task definitions for the conversion project:
| Phase | Document | Status |
|---|---|---|
| Phase 0 | tasks/PHASE_0_FOUNDATIONS.md | TODO |
| Phase 1 | tasks/PHASE_1_AUTHORITY.md | TODO |
| Phase 2 | tasks/PHASE_2_SCHEDULER.md | TODO |
| Phase 3 | tasks/PHASE_3_NOTIFY.md | TODO |
| Phase 4 | tasks/PHASE_4_POLICY.md | TODO |
| Phase 5 | tasks/PHASE_5_VULNERABILITIES.md | TODO |
| Phase 6 | tasks/PHASE_6_VEX_GRAPH.md | TODO |
| Phase 7 | tasks/PHASE_7_CLEANUP.md | TODO |
Schema Reference
Schema DDL files (generated from specifications):
| Schema | File | Tables |
|---|---|---|
| authority | schemas/authority.sql | 12 |
| vuln | schemas/vuln.sql | 12 |
| vex | schemas/vex.sql | 13 |
| scheduler | schemas/scheduler.sql | 10 |
| notify | schemas/notify.sql | 14 |
| policy | schemas/policy.sql | 8 |
Quick Links
- For developers: Start with RULES.md for coding conventions
- For architects: Review SPECIFICATION.md for design rationale
- For project managers: See CONVERSION_PLAN.md for timeline and phases
- For QA: Check VERIFICATION.md for testing requirements
Key Principles
- Determinism First: All database operations must produce reproducible, stable outputs
- Tenant Isolation: Multi-tenancy via
tenant_idcolumn with row-level security - Strangler Fig Pattern: Gradual conversion with rollback capability per module
- JSONB for Flexibility: Semi-structured data stays as JSONB, relational data normalizes