Refactor code structure for improved readability and maintainability; optimize performance in key functions.

2025-12-22 19:06:31 +02:00
parent dfaa2079aa
commit 4602ccc3a3
1444 changed files with 109919 additions and 8058 deletions
--- a/docs/operations/unknowns-queue-runbook.md
+++ b/docs/operations/unknowns-queue-runbook.md
@@ -576,6 +576,52 @@ stella unknowns report --format email --send-to security-team@example.com

 ---

+## 8. Unknown Budgets
+
+Unknown budgets enforce per-environment caps on unknowns by reason code. Budgets can warn or block when exceeded.
+
+**Configuration**:
+
+```yaml
+# etc/policy.unknowns.budgets.yaml
+unknownBudgets:
+  enforceBudgets: true
+  budgets:
+    prod:
+      environment: prod
+      totalLimit: 3
+      reasonLimits:
+        Reachability: 0
+        Provenance: 0
+        VexConflict: 1
+      action: Block
+      exceededMessage: "Production requires zero reachability unknowns"
+
+    stage:
+      environment: stage
+      totalLimit: 10
+      reasonLimits:
+        Reachability: 1
+      action: WarnUnlessException
+
+    dev:
+      environment: dev
+      totalLimit: null
+      action: Warn
+
+    default:
+      environment: default
+      totalLimit: 5
+      action: Warn
+```
+
+**Exception coverage**:
+
+To allow approved exceptions to cover specific unknown reason codes, set exception metadata
+`unknown_reason_codes` (comma-separated). Example: `Reachability, U-VEX`.
+
+---
+
 ## Related Documentation

 - [Unknowns API Reference](../api/score-proofs-reachability-api-reference.md#5-unknowns-api)
@@ -585,6 +631,6 @@ stella unknowns report --format email --send-to security-team@example.com

 ---

-**Last Updated**: 2025-12-20  
+**Last Updated**: 2025-12-22  
 **Version**: 1.0.0  
 **Sprint**: 3500.0004.0004