up

docs/modules/policy/samples/advisory-ai-knobs@draft.json

@@ -0,0 +1,29 @@
+{
+  "knobs": [
+    {
+      "name": "ai_signal_weight",
+      "default_value": 1.2,
+      "min": 0.0,
+      "max": 2.0,
+      "step": 0.1,
+      "description": "Weight applied to Advisory AI signal scores"
+    },
+    {
+      "name": "reachability_boost",
+      "default_value": 0.25,
+      "min": 0.0,
+      "max": 1.0,
+      "step": 0.05,
+      "description": "Boost when asset is reachable"
+    },
+    {
+      "name": "time_decay_half_life_days",
+      "default_value": 45,
+      "min": 1,
+      "max": 365,
+      "step": 1,
+      "description": "Half-life in days for signal decay"
+    }
+  ],
+  "profile_hash": "ADVISORYAIHASH"
+}

docs/modules/policy/samples/orchestrator-job@draft.json

@@ -0,0 +1,16 @@
+{
+  "job_id": "01HZX1QJP6Z3MNA0Q2T3VCPV5K",
+  "tenant_id": "acme",
+  "context_id": "ctx-2025-11-24T10:00:00Z",
+  "policy_profile_hash": "overlay-hash-123",
+  "priority": "high",
+  "requested_at": "2025-11-24T10:00:00Z",
+  "status": "queued",
+  "trace_ref": "4E5C2B5E22F928E846B0EFBC58AA53FC3218C8C172199FF52C7C09244E0C0D30",
+  "determinism_hash": "2C855E80F66D30D5E51C4D9A0441A63C5BB8F04DC1EC537D0ADB7B9357A4C713",
+  "batch_items": [
+    { "component_purl": "pkg:npm/alpha@1.0.0", "advisory_id": "ADV-1" },
+    { "component_purl": "pkg:npm/zeta@1.0.0", "advisory_id": "ADV-2" }
+  ],
+  "callbacks": { "sse": "sse://events", "nats": "policy.jobs" }
+}

docs/modules/policy/samples/policy-batch-context@draft.json

@@ -0,0 +1,11 @@
+{
+  "tenant_id": "acme",
+  "policy_profile_hash": "overlay-hash-123",
+  "knobs_version": "knobs-v1",
+  "overlay_hash": "overlay-hash-123",
+  "items": [
+    { "component_purl": "pkg:npm/lodash@4.17.21", "advisory_id": "ADV-2025-0001" },
+    { "component_purl": "pkg:npm/left-pad@1.3.0", "advisory_id": "ADV-2025-0002" }
+  ],
+  "options": { "include_reachability": true }
+}

docs/modules/policy/samples/policy-conflict@draft.json

@@ -0,0 +1,32 @@
+{
+  "tenant_id": "acme",
+  "component_purl": "pkg:npm/alpha@1.0.0",
+  "advisory_id": "ADV-1",
+  "conflicts": [
+    {
+      "tenant_id": "acme",
+      "snapshot_id": "01HZX3GN4V6KBW1PXJ0K3VXEGT",
+      "component_purl": "pkg:npm/alpha@1.0.0",
+      "advisory_id": "ADV-1",
+      "severity_fused": "high",
+      "score": 0.900,
+      "sources": [
+        { "source": "policy-engine", "weight": 1.050, "severity": "high", "score": 0.945 }
+      ],
+      "reason_codes": ["weights-applied", "deterministic-fusion"]
+    },
+    {
+      "tenant_id": "acme",
+      "snapshot_id": "01HZX3GN4V6KBW1PXJ0K3VXEGT",
+      "component_purl": "pkg:npm/alpha@1.0.0",
+      "advisory_id": "ADV-1",
+      "severity_fused": "medium",
+      "score": 0.600,
+      "sources": [
+        { "source": "policy-engine", "weight": 1.050, "severity": "medium", "score": 0.630 }
+      ],
+      "reason_codes": ["weights-applied", "deterministic-fusion"]
+    }
+  ],
+  "resolved_status": null
+}

docs/modules/policy/samples/policy-ledger-export@draft.json

@@ -0,0 +1,36 @@
+{
+  "manifest": {
+    "export_id": "01HZX2KDRT9Q9K5AZXWPRH62VE",
+    "schema_version": "policy-ledger-export-v1",
+    "generated_at": "2025-11-24T15:00:00Z",
+    "record_count": 2,
+    "sha256": "D4B8C98A2F946D93AFBDE6C4DE6535853A223E108A4A2C389E2C2623D3761C1E"
+  },
+  "records": [
+    {
+      "tenant_id": "acme",
+      "job_id": "job-1",
+      "context_id": "ctx",
+      "component_purl": "pkg:npm/alpha@1.0.0",
+      "advisory_id": "ADV-1",
+      "status": "violation",
+      "trace_ref": "trace-a",
+      "occurred_at": "2025-11-24T15:00:00Z"
+    },
+    {
+      "tenant_id": "acme",
+      "job_id": "job-1",
+      "context_id": "ctx",
+      "component_purl": "pkg:npm/zeta@1.0.0",
+      "advisory_id": "ADV-2",
+      "status": "ok",
+      "trace_ref": "trace-b",
+      "occurred_at": "2025-11-24T15:00:00Z"
+    }
+  ],
+  "lines": [
+    "{\"export_id\":\"01HZX2KDRT9Q9K5AZXWPRH62VE\",\"schema_version\":\"policy-ledger-export-v1\",\"generated_at\":\"2025-11-24T15:00:00Z\",\"record_count\":2,\"sha256\":\"D4B8C98A2F946D93AFBDE6C4DE6535853A223E108A4A2C389E2C2623D3761C1E\"}",
+    "{\"tenant_id\":\"acme\",\"job_id\":\"job-1\",\"context_id\":\"ctx\",\"component_purl\":\"pkg:npm/alpha@1.0.0\",\"advisory_id\":\"ADV-1\",\"status\":\"violation\",\"trace_ref\":\"trace-a\",\"occurred_at\":\"2025-11-24T15:00:00Z\"}",
+    "{\"tenant_id\":\"acme\",\"job_id\":\"job-1\",\"context_id\":\"ctx\",\"component_purl\":\"pkg:npm/zeta@1.0.0\",\"advisory_id\":\"ADV-2\",\"status\":\"ok\",\"trace_ref\":\"trace-b\",\"occurred_at\":\"2025-11-24T15:00:00Z\"}"
+  ]
+}

docs/modules/policy/samples/policy-snapshot@draft.json

@@ -0,0 +1,30 @@
+{
+  "snapshot_id": "01HZX3GN4V6KBW1PXJ0K3VXEGT",
+  "tenant_id": "acme",
+  "ledger_export_id": "01HZX2KDRT9Q9K5AZXWPRH62VE",
+  "generated_at": "2025-11-24T16:00:00Z",
+  "overlay_hash": "overlay-1",
+  "status_counts": { "violation": 1, "ok": 1 },
+  "records": [
+    {
+      "tenant_id": "acme",
+      "job_id": "job-1",
+      "context_id": "ctx",
+      "component_purl": "pkg:npm/alpha@1.0.0",
+      "advisory_id": "ADV-1",
+      "status": "violation",
+      "trace_ref": "trace-a",
+      "occurred_at": "2025-11-24T15:00:00Z"
+    },
+    {
+      "tenant_id": "acme",
+      "job_id": "job-1",
+      "context_id": "ctx",
+      "component_purl": "pkg:npm/zeta@1.0.0",
+      "advisory_id": "ADV-2",
+      "status": "ok",
+      "trace_ref": "trace-b",
+      "occurred_at": "2025-11-24T15:00:00Z"
+    }
+  ]
+}

docs/modules/policy/samples/policy-violation-event@draft.json

@@ -0,0 +1,13 @@
+{
+  "event_id": "E7A1F3B0D6F243B4868A6D4B3E7B2AB9",
+  "tenant_id": "acme",
+  "snapshot_id": "01HZX3GN4V6KBW1PXJ0K3VXEGT",
+  "policy_profile_hash": "overlay-hash-123",
+  "component_purl": "pkg:npm/alpha@1.0.0",
+  "advisory_id": "ADV-1",
+  "violation_code": "policy.violation.detected",
+  "severity": "high",
+  "status": "violation",
+  "trace_ref": "trace-a",
+  "occurred_at": "2025-11-24T16:00:00Z"
+}

docs/modules/policy/samples/policy-worker-result@draft.json

@@ -0,0 +1,11 @@
+{
+  "job_id": "01HZX1QJP6Z3MNA0Q2T3VCPV5K",
+  "worker_id": "worker-stub",
+  "started_at": "2025-11-24T13:00:00Z",
+  "completed_at": "2025-11-24T13:00:01Z",
+  "result_hash": "5E5A4EFA8C7E9952E4E5E5D9E2B9F3A5D46B13E44CB6E0D7292F7D5CB40CF182",
+  "results": [
+    { "component_purl": "pkg:npm/alpha@1.0.0", "advisory_id": "ADV-1", "status": "violation", "trace_ref": "F5D9B8717EAB4B0252BE22325771C4F9F8ABAE4E7728F3221E15C5F24A8E8D9F" },
+    { "component_purl": "pkg:npm/zeta@1.0.0", "advisory_id": "ADV-2", "status": "ok", "trace_ref": "3C75CC86A30B6E230D1DE2D5F08F9B0F5CF75AB1931E47372DC7AC2175BE3F6C" }
+  ]
+}

docs/modules/policy/samples/severity-fusion@draft.json

@@ -0,0 +1,12 @@
+{
+  "tenant_id": "acme",
+  "snapshot_id": "01HZX3GN4V6KBW1PXJ0K3VXEGT",
+  "component_purl": "pkg:npm/alpha@1.0.0",
+  "advisory_id": "ADV-1",
+  "severity_fused": "high",
+  "score": 0.900,
+  "sources": [
+    { "source": "policy-engine", "weight": 1.050, "severity": "high", "score": 0.945 }
+  ],
+  "reason_codes": ["weights-applied", "deterministic-fusion"]
+}

docs/modules/policy/samples/trust-weighting@draft.json

@@ -0,0 +1,23 @@
+{
+  "weights": [
+    {
+      "source": "cartographer",
+      "weight": 1.000,
+      "justification": "default baseline",
+      "updated_at": "2025-11-23T12:00:00Z"
+    },
+    {
+      "source": "scanner",
+      "weight": 0.950,
+      "justification": "prefer curated SBOM sources",
+      "updated_at": "2025-11-23T12:00:00Z"
+    },
+    {
+      "source": "concelier",
+      "weight": 1.050,
+      "justification": "policy engine override",
+      "updated_at": "2025-11-23T12:00:00Z"
+    }
+  ],
+  "profile_hash": "D1A5F0A0DEFAULTHASH"
+}