docs consolidation and others

2026-01-06 19:02:21 +02:00
parent d7bdca6d97
commit 4789027317
849 changed files with 16551 additions and 66770 deletions
--- a/docs/modules/risk-engine/samples/explain/README.md
+++ b/docs/modules/risk-engine/samples/explain/README.md
@@ -0,0 +1,3 @@
+Use the root `INGEST_CHECKLIST.md`.
+Store explainability outputs paired with their inputs; normalize with `jq -S .`, update `SHA256SUMS`, verify with `sha256sum -c`.
+Maintain ordering and UTC timestamps; no live data.
--- a/docs/modules/risk-engine/samples/explain/SHA256SUMS
+++ b/docs/modules/risk-engine/samples/explain/SHA256SUMS
@@ -0,0 +1,4 @@
+fe460af2699ce335199f6e26597bab4530c6f3f476d4b1f93526175597565d10  README.md
+abcacb431d35d649a0deae81aecce9996b28304da6342a083f9616af6b1ca6a2  cli-explain.txt
+f3f1b41f5261f50f3fc104ebeeb2649cc9866d04f9634228778551e6c3364cb8  console-frame.json
+1d2e56eebf0a266f80519f073e1db532c4a4f2d7fa604ea5c05d4e208719cc7c  explain-trace.json
--- a/docs/modules/risk-engine/samples/explain/cli-explain.txt
+++ b/docs/modules/risk-engine/samples/explain/cli-explain.txt
@@ -0,0 +1,15 @@
+stella risk explain job-001 --tenant tenant-default
+==================================================
+Finding: finding-123
+Profile: default-profile v1.0.0 (hash sha256:profilehash)
+Score: 0.85 (HIGH)
+Gates: kev_and_reachability
+
+Contributions (ordered)
+- cvss          0.40   raw=7.5     source=nvd      prov=sha256:cvsshash
+- kev           0.30   raw=true    source=cisa     prov=sha256:kevhash
+- reachability  0.30   raw=0.9     source=scanner  prov=sha256:reachhash
+
+Overrides: kev-boost (Known Exploited Vulnerability)
+Provenance: job sha256:jobhash | fixtures [sha256:cvsshash, sha256:kevhash, sha256:reachhash]
+Timestamp: 2025-12-05T00:00:02Z
--- a/docs/modules/risk-engine/samples/explain/console-frame.json
+++ b/docs/modules/risk-engine/samples/explain/console-frame.json
@@ -0,0 +1,22 @@
+{
+  "frame_id": "console-explain-001",
+  "captured_at": "2025-12-05T00:05:00Z",
+  "ui_version": "1.0.0",
+  "tenant_id": "tenant-default",
+  "finding_id": "finding-123",
+  "profile_id": "default-profile",
+  "profile_hash": "sha256:profilehash",
+  "score": 0.85,
+  "severity": "high",
+  "gates": ["kev_and_reachability"],
+  "top_contributors": [
+    {"factor": "cvss", "contribution": 0.4, "raw": 7.5, "source": "nvd", "provenance": "sha256:cvsshash"},
+    {"factor": "kev", "contribution": 0.3, "raw": true, "source": "cisa", "provenance": "sha256:kevhash"},
+    {"factor": "reachability", "contribution": 0.3, "raw": 0.9, "source": "scanner", "provenance": "sha256:reachhash"}
+  ],
+  "charts": {
+    "donut": {"critical": 0, "high": 1, "medium": 0, "low": 0, "informational": 0},
+    "stacked": [0.4, 0.3, 0.3]
+  },
+  "provenance": {"job_hash": "sha256:jobhash", "fixtures": ["sha256:cvsshash", "sha256:kevhash", "sha256:reachhash"]}
+}
--- a/docs/modules/risk-engine/samples/explain/explain-trace.json
+++ b/docs/modules/risk-engine/samples/explain/explain-trace.json
@@ -0,0 +1,34 @@
+{
+  "job_id": "job-001",
+  "tenant_id": "tenant-default",
+  "context_id": "ctx-001",
+  "profile_id": "default-profile",
+  "profile_version": "1.0.0",
+  "profile_hash": "sha256:profilehash",
+  "finding_id": "finding-123",
+  "raw_score": 0.75,
+  "normalized_score": 0.85,
+  "severity": "high",
+  "signal_values": {
+    "cvss": 7.5,
+    "kev": true,
+    "reachability": 0.9
+  },
+  "signal_contributions": {
+    "cvss": 0.4,
+    "kev": 0.3,
+    "reachability": 0.3
+  },
+  "override_applied": "kev-boost",
+  "override_reason": "Known Exploited Vulnerability",
+  "gates_triggered": ["kev_and_reachability"],
+  "scored_at": "2025-12-05T00:00:02Z",
+  "provenance": {
+    "job_hash": "sha256:jobhash",
+    "fixtures": [
+      "sha256:cvsshash",
+      "sha256:kevhash",
+      "sha256:reachhash"
+    ]
+  }
+}