stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

semi implemented and features implemented save checkpoint

Browse Source
This commit is contained in:
master
2026-02-08 18:00:49 +02:00
parent 04360dff63
commit 1bf6bbf395
20895 changed files with 716795 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
docs/features/unchecked/attestor/vex-decisioning-as-first-class-policy-objects.md Normal file
View File

@@ -0,0 +1,32 @@
# VEX Decisioning as First-Class Policy Objects
## Module
Attestor
## Status
IMPLEMENTED
## Description
VEX decisions are modeled as first-class policy objects with dedicated UI modal, decision service, history tracking, merge explanations, and backend attestable VEX override predicates with builder/parser infrastructure.
## Implementation Details
- **VEX Override Predicate**: `src/Attestor/__Libraries/StellaOps.Attestor.StandardPredicates/VexOverride/VexOverridePredicate.cs` -- first-class predicate model for VEX override decisions.
- **VEX Override Decision**: `VexOverride/VexOverrideDecision.cs` -- decision model (not_affected, affected, fixed) with justification, approver, and timestamp.
- **VEX Override Predicate Builder**: `VexOverride/VexOverridePredicateBuilder.cs` (with `.Build`, `.Serialize`, `.WithMethods`) -- fluent builder for constructing VEX override predicates with evidence references and tool info.
- **VEX Override Predicate Parser**: `VexOverride/VexOverridePredicateParser.cs` (with `.DecisionValidation`, `.ExtractMetadata`, `.FieldValidation`, `.Helpers`, `.ParsePredicate`, `.Validation`) -- parser for reading and validating VEX override predicates.
- **Evidence Reference**: `VexOverride/EvidenceReference.cs` -- reference to supporting evidence (proof bundle, scan result, analysis report).
- **Tool Info**: `VexOverride/ToolInfo.cs` -- information about the tool that generated the VEX decision.
- **Policy Decision Predicate**: `__Libraries/StellaOps.Attestor.ProofChain/Predicates/PolicyDecision.cs` -- policy decision record for attestation binding.
- **VEX Merge Trace**: `Predicates/VexMergeTrace.cs` -- trace of VEX merge operations explaining how multiple VEX sources were combined.
- **VEX Verdict Summary**: `Predicates/VexVerdictSummary.cs` -- summary of final VEX verdicts after merge and override application.
- **Tests**: `__Tests/StellaOps.Attestor.StandardPredicates.Tests/VexOverride/`
## E2E Test Plan
- [ ] Build a VEX override predicate via `VexOverridePredicateBuilder` with status=not_affected, justification, and evidence references; verify it serializes correctly
- [ ] Parse a serialized VEX override predicate via `VexOverridePredicateParser` and verify all fields round-trip (status, justification, evidence, tool info)
- [ ] Validate a VEX override decision via `.DecisionValidation` and verify it requires a justification for not_affected status
- [ ] Create a VEX override with invalid status and verify field validation rejects it with specific error messages
- [ ] Build a VEX override with multiple evidence references and verify each is correctly serialized and parsed
- [ ] Verify merge trace: create two conflicting VEX decisions and verify `VexMergeTrace` explains the resolution
- [ ] Create a policy decision referencing a VEX override and verify `PolicyDecision` links to the override predicate
- [ ] Verify the builder's `.WithMethods` fluent API: chain `.WithStatus()`, `.WithJustification()`, `.WithEvidence()` and verify the predicate is complete