stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

semi implemented and features implemented save checkpoint

Browse Source
This commit is contained in:
master
2026-02-08 18:00:49 +02:00
parent 04360dff63
commit 1bf6bbf395
20895 changed files with 716795 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
docs/features/unchecked/api/policy-trace-panel.md Normal file
View File

@@ -0,0 +1,28 @@
# Policy trace panel ("why blocked" / "what would make it pass")
## Module
Api
## Status
IMPLEMENTED
## Description
Block explanation API controller, CLI explain commands, and verdict rationale renderer provide policy trace functionality explaining why artifacts are blocked and what would unblock them.
## Implementation Details
- **Scoring Endpoints**: `src/Findings/StellaOps.Findings.Ledger.WebService/Endpoints/ScoringEndpoints.cs` -- exposes REST endpoints for querying scored findings with policy trace context, including why a finding is blocked and which evidence would change the outcome.
- **Evidence Graph Endpoints**: `src/Findings/StellaOps.Findings.Ledger.WebService/Endpoints/EvidenceGraphEndpoints.cs` -- serves evidence graph subgraphs connecting findings to attestations, VEX statements, and policy decisions, showing the trace of what inputs led to the verdict.
- **Finding Summary Endpoints**: `src/Findings/StellaOps.Findings.Ledger.WebService/Endpoints/FindingSummaryEndpoints.cs` -- returns finding summaries with policy evaluation trace context including rule names, evaluation outcomes, and evidence references.
- **Finding Scoring Service**: `src/Findings/StellaOps.Findings.Ledger.WebService/Services/FindingScoringService.cs` -- computes and caches finding scores combining CVSS, EPSS, VEX, and reachability signals; explains score composition.
- **Evidence Graph Builder**: `src/Findings/StellaOps.Findings.Ledger.WebService/Services/EvidenceGraphBuilder.cs` -- constructs evidence subgraphs from ledger events and attestation pointers for trace visualization.
- **VEX Consensus Service**: `src/Findings/StellaOps.Findings.Ledger.WebService/Services/VexConsensusService.cs` -- aggregates VEX decisions across sources to explain the consensus status.
- **Policy Evaluation Service**: `src/Findings/StellaOps.Findings.Ledger/Infrastructure/Policy/PolicyEngineEvaluationService.cs` -- evaluates policy rules against findings and returns detailed trace output explaining each rule's contribution.
- **Inline Policy Evaluation Service**: `src/Findings/StellaOps.Findings.Ledger/Infrastructure/Policy/InlinePolicyEvaluationService.cs` -- lightweight inline evaluation for single-finding traces without external policy engine calls.
- **Tests**: `src/Findings/__Tests/StellaOps.Findings.Ledger.Tests/Integration/ScoringEndpointsIntegrationTests.cs`, `ScoringAuthorizationTests.cs`, `PolicyEngineEvaluationServiceTests.cs`, `InlinePolicyEvaluationServiceTests.cs`, `src/Findings/__Tests/StellaOps.Findings.Ledger.Tests/Services/EvidenceGraphBuilderTests.cs`, `FindingScoringServiceTests.cs`
## E2E Test Plan
- [ ] Submit a finding that fails policy evaluation and query the trace endpoint to verify the response explains which rule blocked it and what evidence is required to pass
- [ ] Query the evidence graph endpoint for a blocked finding and verify the returned subgraph contains nodes for the finding, its attestations, VEX statements, and policy rules with correct edge relationships
- [ ] Modify a finding's VEX status to "not_affected" and re-query the trace to verify the explanation updates to reflect the new unblocked status
- [ ] Verify authorization: attempt to query trace endpoints without the required scope and confirm a 403 response
- [ ] Verify the inline policy evaluation service returns the same trace results as the full policy engine evaluation service for a simple single-rule scenario

28
docs/features/unchecked/api/score-api-endpoints.md Normal file
View File

@@ -0,0 +1,28 @@
# Score API Endpoints (/api/v1/score/evaluate, /score/weights)
## Module
Api
## Status
IMPLEMENTED
## Description
The advisory proposed dedicated REST endpoints for score evaluation, weight management, and replay. These were marked TODO (TSF-005, TSF-011) and have not been implemented.
## Implementation Details
- **Scoring Endpoints**: `src/Findings/StellaOps.Findings.Ledger.WebService/Endpoints/ScoringEndpoints.cs` -- maps scoring-related routes for querying scored findings, score history, and aggregate metrics.
- **Scored Findings Query Service**: `src/Findings/StellaOps.Findings.Ledger/Services/ScoredFindingsQueryService.cs` (implements `IScoredFindingsQueryService`) -- queries findings with their computed scores, supports filtering by severity, status, and component.
- **Scored Findings Query Models**: `src/Findings/StellaOps.Findings.Ledger/Services/ScoredFindingsQueryModels.cs` -- query/response models for scored findings queries.
- **Scored Findings Export Service**: `src/Findings/StellaOps.Findings.Ledger/Services/ScoredFindingsExportService.cs` -- exports scored findings as CSV/JSON for reporting and compliance.
- **Scoring Metrics Service**: `src/Findings/StellaOps.Findings.Ledger/Services/ScoringMetricsService.cs` -- computes aggregate scoring metrics (mean score, distribution, trend).
- **Score History Store**: `src/Findings/StellaOps.Findings.Ledger.WebService/Services/ScoreHistoryStore.cs` -- persists score snapshots over time for trend analysis.
- **Scoring Contracts**: `src/Findings/StellaOps.Findings.Ledger.WebService/Contracts/ScoringContracts.cs` -- API DTOs for score requests and responses.
- **Tests**: `src/Findings/__Tests/StellaOps.Findings.Ledger.Tests/ScoredFindingsQueryServiceTests.cs`, `src/Findings/__Tests/StellaOps.Findings.Ledger.Tests/Integration/ScoringEndpointsIntegrationTests.cs`, `ScoringObservabilityTests.cs`
## E2E Test Plan
- [ ] Query the score API with no filters and verify all findings are returned with their computed scores
- [ ] Apply severity and component filters and verify only matching findings are returned
- [ ] Export scored findings as CSV and verify the output contains correct headers and data rows matching the query results
- [ ] Verify scoring metrics endpoint returns aggregate statistics (count, mean score, percentile distribution)
- [ ] Verify authorization: confirm the scoring API requires the `findings:read` scope
- [ ] Verify pagination: query with page size and offset parameters and confirm correct paging behavior