partly or unimplemented features - now implemented

2026-02-09 08:53:51 +02:00
parent 1bf6bbf395
commit 4bdc298ec1
674 changed files with 90194 additions and 2271 deletions
--- a/docs/features/unchecked/policy/unknowns-decay-and-triage-queue.md
+++ b/docs/features/unchecked/policy/unknowns-decay-and-triage-queue.md
@@ -0,0 +1,49 @@
+# Unknowns Decay and Triage Queue
+
+## Module
+Policy
+
+## Status
+IMPLEMENTED
+
+## Description
+Unknowns ranking and API endpoints exist. BlastRadius model present with database migration. The full time-based decay algorithm and containment signals ranking were identified as gaps in the archive manifest.
+
+## What's Implemented
+- **DecayedConfidenceCalculator**: `src/Policy/__Libraries/StellaOps.Policy.Determinization/Scoring/DecayedConfidenceCalculator.cs`
+  - Exponential decay formula: `max(floor, baseConfidence * exp(-ln(2) * ageDays / halfLifeDays))`
+  - Configurable half-life (default 14 days) and floor
+  - OpenTelemetry histogram: `stellaops_determinization_decay_multiplier`
+- **ObservationDecay**: `src/Policy/__Libraries/StellaOps.Policy.Determinization/Models/ObservationDecay.cs`
+  - Per-observation decay state: BaseConfidence, ObservedAt, HalfLifeDays=14, Floor=0.35, StalenessThreshold=0.50
+  - `CalculateDecay(now)`: computes current decayed confidence
+  - `CheckIsStale(now)`: returns true when decayed confidence falls below staleness threshold
+  - Factory methods: `Create()`, `Fresh()`, `WithSettings()`
+- **UnknownRanker** (from unchecked features): two-factor scoring `Uncertainty*50 + ExploitPressure*50`
+  - Containment reduction capped at 40%
+  - Band assignment: Hot>=75, Warm>=50, Cold>=25, Ice<25
+- **UncertaintyScoreCalculator**: `src/Policy/__Libraries/StellaOps.Policy.Determinization/Scoring/UncertaintyScoreCalculator.cs`
+  - Entropy-based uncertainty from 6 signal dimensions
+  - Signal gap tracking (which signals are missing)
+- **Risk budget API endpoints** (from unchecked features): budget tracking, ledger, Green/Yellow/Red/Exhausted thresholds
+- **Unknown budget policy enforcement** (from unchecked features): UncertaintyTierGate (gate 4 in pipeline)
+
+## What's Missing
+- **Time-based decay triage queue**: No service that automatically re-queues unknowns for triage when their confidence decays below the staleness threshold
+- **Triage queue UI**: No frontend triage interface showing unknowns sorted by decay urgency
+- **Automated re-analysis triggering**: ObservationDecay tracks staleness but no event-driven mechanism triggers re-analysis when an unknown becomes stale
+- **Containment signal integration**: The advisory describes containment signals (WAF rules, network segmentation, runtime controls) reducing unknown scores -- this is partially in UnknownRanker but not connected to real containment data sources
+- **Decay notification**: No notification system alerting when high-priority unknowns decay below acceptable confidence
+- **Historical decay tracking**: DecayedConfidenceCalculator computes point-in-time decay but no ledger tracks confidence decay history over time
+
+## Implementation Plan
+- Create `UnknownTriageQueueService` that periodically evaluates ObservationDecay.CheckIsStale() and queues stale unknowns for re-analysis
+- Add event-driven triggers (e.g., background job or message queue) when confidence drops below threshold
+- Build triage queue frontend component showing unknowns sorted by urgency (band + decay rate)
+- Integrate containment signal sources (WAF, network, runtime) as inputs to UnknownRanker
+- Add decay history ledger for audit trail
+
+## Related Documentation
+- Decay calculator: `src/Policy/__Libraries/StellaOps.Policy.Determinization/Scoring/DecayedConfidenceCalculator.cs`
+- Observation decay model: `src/Policy/__Libraries/StellaOps.Policy.Determinization/Models/ObservationDecay.cs`
+- Unknowns ranking (unchecked): `docs/features/unchecked/policy/unknowns-ranking-algorithm.md`