stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

semi implemented and features implemented save checkpoint

Browse Source
This commit is contained in:
master
2026-02-08 18:00:49 +02:00
parent 04360dff63
commit 1bf6bbf395
20895 changed files with 716795 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
docs/features/unchecked/attestor/vex-delta-evidence-and-tracking.md Normal file
View File

@@ -0,0 +1,33 @@
# VEX Delta Evidence and Tracking (Claim Transitions)
## Module
Attestor
## Status
IMPLEMENTED
## Description
VEX delta predicates capturing per-CVE claim transitions (affected/not_affected/fixed) with merge traces and reason codes. Tracks changes in VEX statements between scans.
## Implementation Details
- **VEX Delta Predicate**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Predicates/VexDeltaPredicate.cs` -- top-level predicate for VEX delta attestations.
- **VEX Delta Change**: `Predicates/VexDeltaChange.cs` -- individual per-CVE claim transition (e.g., affected -> not_affected) with reason code.
- **VEX Delta Statement**: `Predicates/VexDeltaStatement.cs` -- statement describing the claim transition details.
- **VEX Delta Summary**: `Predicates/VexDeltaSummary.cs` -- aggregate summary of VEX delta changes (added, removed, status_changed counts).
- **VEX Merge Trace**: `Predicates/VexMergeTrace.cs` -- trace of how VEX sources were merged, explaining conflict resolution and priority ordering.
- **VEX Document Reference**: `Predicates/VexDocumentReference.cs` -- reference to the VEX document that was the source of the change.
- **VEX Status Counts**: `Predicates/VexStatusCounts.cs` -- before and after status counts for delta comparison.
- **Change Trace Attestation Service**: `ChangeTrace/ChangeTraceAttestationService.cs` (with `.Helpers`, `.Mapping`) -- generates change trace attestations including VEX delta entries.
- **Change Trace Delta Entry**: `Predicates/ChangeTraceDeltaEntry.cs` -- entry in the broader change trace capturing a VEX delta event.
- **Change Trace Predicate Summary**: `Predicates/ChangeTracePredicateSummary.cs` -- summary of all change trace predicates including VEX deltas.
- **Tests**: `__Tests/StellaOps.Attestor.ProofChain.Tests/`
## E2E Test Plan
- [ ] Create a `VexDeltaPredicate` tracking a CVE transition from affected to not_affected with justification code; verify the change is captured
- [ ] Create a delta with multiple transitions (3 CVEs changing status) and verify `VexDeltaSummary` reports correct counts
- [ ] Verify merge trace: create a delta resulting from merging two VEX sources and verify `VexMergeTrace` explains which source took priority
- [ ] Track a fixed -> affected regression and verify `VexDeltaChange` captures the regression with reason code
- [ ] Generate a change trace attestation via `ChangeTraceAttestationService` with VEX deltas and verify the attestation includes delta entries
- [ ] Verify `VexStatusCounts` before and after: verify counts shift correctly when statuses change
- [ ] Create a delta where a VEX document is removed entirely and verify all its claims appear as removed in the delta
- [ ] Verify `VexDeltaStatement` details include the source VEX document reference via `VexDocumentReference`