Skip to content

feat: STPA-Sec gap closure — 112 new artifacts for v0.6.x features#73

Merged
avrabe merged 6 commits intomainfrom
feat/stpa-component-pqc
Mar 28, 2026
Merged

feat: STPA-Sec gap closure — 112 new artifacts for v0.6.x features#73
avrabe merged 6 commits intomainfrom
feat/stpa-component-pqc

Conversation

@avrabe
Copy link
Copy Markdown
Contributor

@avrabe avrabe commented Mar 28, 2026

Summary

Complete STPA-Sec analysis for all v0.6.x features that were implemented without coverage.

Phase 1: STPA-Sec Gap Closure (112 new artifacts)

Category IDs Count
Loss L-10 1
Hazards H-21–H-35 15
System Constraints SC-20–SC-33 14
Controllers CTRL-11–13 3
Control Actions CA-12–14 3
Controlled Process CP-8 1
Data Flows DF-17–22 6
Security Properties SP-11–12 2
UCAs UCA-22–35 14
Controller Constraints CC-13–26 14
Attack Scenarios AS-22–33 12
Assets ASSET-023–25 3
Threat Scenarios TS-019–24 6
Cybersecurity Reqs CR-18–24 7
Cybersecurity Designs CD-23–27 5
Cybersecurity Verifications CV-30–34 5
Feature FEAT-11 1

Coverage areas

  • WASM Component Model signing (L-10, H-21-22, SC-20-21, UCA-22-23, AS-22)
  • PQC hybrid signatures (H-23-24, SC-22-23, UCA-24-25, AS-23)
  • Rekor proof cache (H-25-26, SC-24-25, UCA-26-27, AS-24-25)
  • SCT monitoring (H-27-28, SC-26-27, UCA-28-29, AS-26-27)
  • Checkpoint consistency (H-29-30, SC-28-29, UCA-30-31, AS-28-29)
  • Sigstore bundle (H-31-32, SC-30-31, UCA-32-33, AS-30)
  • Build environment (H-33-34, SC-32, UCA-34, AS-31-32)
  • DSSE multi-sig (H-35, SC-33, UCA-35, AS-33)

Fixes

  • CV-25–29: method: testmethod: automated-test
  • CV-16–19: added missing description field

Validation

  • rivet validate: 0 local errors
  • cargo test: 721 passed
  • 452 total artifacts (up from 340)

🤖 Generated with Claude Code

avrabe and others added 6 commits March 27, 2026 22:17
@avrabe @claude
docs: add implementation plan for component model, STPA gaps, PQC
f196ae4 
80+ new rivet artifacts across 8 feature areas, WASM component model
signing, and PQC hybrid signature preparation. Plan reviewed and
corrected for component section IDs, Kani proof quality, Bazel
verification, and explicit UCA mappings.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@avrabe @claude
stpa: add L-10, H-21–H-35, SC-20–SC-33 for v0.6.x features
c10631e 
30 new artifacts covering: component model (L-10, H-21-22, SC-20-21),
PQC hybrid (H-23-24, SC-22-23), proof cache (H-25-26, SC-24-25),
SCT monitoring (H-27-28, SC-26-27), checkpoint (H-29-30, SC-28-29),
Sigstore bundle (H-31-32, SC-30-31), build env (H-33-34, SC-32),
DSSE multi-sig (H-35, SC-33).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@avrabe @claude
stpa: add CTRL-11–13, CA-12–14, CP-8, DF-17–22, SP-11–12
e9f8451 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@avrabe @claude
stpa: add UCA-22–35, CC-13–26, AS-22–33 for v0.6.x features
6c3c972 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@avrabe @claude
cybersecurity: add CR-18–24, CD-23–27, CV-30–34, ASSET-023–25, TS-019…
098a6d0 
…–24, FEAT-11; fix validation warnings

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@avrabe @claude
docs: refresh AGENTS.md (452 artifacts, 23 types)
915455a 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@codecov
Copy link
Copy Markdown

codecov bot commented Mar 28, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@avrabe avrabe merged commit aef5cea into main Mar 28, 2026
13 checks passed
@avrabe avrabe deleted the feat/stpa-component-pqc branch March 28, 2026 05:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@avrabe