stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

save checkpoint: save features

Browse Source
This commit is contained in:
master
2026-02-12 10:27:23 +02:00
parent dca86e1248
commit 5bca406787
8837 changed files with 1796879 additions and 5294 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
docs/qa/feature-checks/runs/api/policy-trace-panel/run-001/evidence/01-build.txt Normal file
View File

Binary file not shown.

BIN
docs/qa/feature-checks/runs/api/policy-trace-panel/run-001/evidence/02-tests.txt Normal file
View File

Binary file not shown.

65
docs/qa/feature-checks/runs/api/policy-trace-panel/run-001/evidence/03-policy-trace-api-probe.json Normal file
View File

@@ -0,0 +1,65 @@
{
"Type": "api",
"Module": "api",
"Feature": "policy-trace-panel",
"BaseUrl": "in-memory-testserver",
"CapturedAtUtc": "2026-02-11T09:49:10.0621099\u002B00:00",
"Requests": [
{
"Description": "List finding summaries with auth",
"Method": "GET",
"Path": "/api/v1/findings/summaries",
"ExpectedStatus": 200,
"ActualStatus": 200,
"Assertion": "authorized summaries query succeeds",
"Result": "pass",
"RequestCapturedAtUtc": "2026-02-11T09:49:10.0623687\u002B00:00",
"ResponseSnippet": "{\u0022items\u0022:[],\u0022totalCount\u0022:0,\u0022page\u0022:1,\u0022pageSize\u0022:50,\u0022totalPages\u0022:0}"
},
{
"Description": "Invalid finding id returns bad request",
"Method": "GET",
"Path": "/api/v1/findings/not-a-guid/summary",
"ExpectedStatus": 400,
"ActualStatus": 400,
"Assertion": "invalid GUID is rejected",
"Result": "pass",
"RequestCapturedAtUtc": "2026-02-11T09:49:10.2733641\u002B00:00",
"ResponseSnippet": "{\u0022type\u0022:\u0022https://tools.ietf.org/html/rfc9110#section-15.5.1\u0022,\u0022title\u0022:\u0022invalid_finding_id\u0022,\u0022status\u0022:400,\u0022detail\u0022:\u0022findingId must be a valid GUID.\u0022,\u0022traceId\u0022:\u002200-16d76634fc8dd885423966dc41b346e1-f13674971690c5f0-00\u0022}"
},
{
"Description": "Unknown finding summary returns not found",
"Method": "GET",
"Path": "/api/v1/findings/b0182670-0d1f-414b-905f-63f05ab1c77a/summary",
"ExpectedStatus": 404,
"ActualStatus": 404,
"Assertion": "unknown finding returns 404",
"Result": "pass",
"RequestCapturedAtUtc": "2026-02-11T09:49:10.2948666\u002B00:00",
"ResponseSnippet": ""
},
{
"Description": "Unknown finding evidence graph returns not found",
"Method": "GET",
"Path": "/api/v1/findings/ea31c0d1-8752-42d5-9ae2-ad3893c9755d/evidence-graph",
"ExpectedStatus": 404,
"ActualStatus": 404,
"Assertion": "unknown graph returns 404",
"Result": "pass",
"RequestCapturedAtUtc": "2026-02-11T09:49:10.2994287\u002B00:00",
"ResponseSnippet": ""
},
{
"Description": "Unauthorized summaries request is rejected",
"Method": "GET",
"Path": "/api/v1/findings/summaries",
"ExpectedStatus": 401,
"ActualStatus": 401,
"Assertion": "missing token returns 401",
"Result": "pass",
"RequestCapturedAtUtc": "2026-02-11T09:49:10.3022986\u002B00:00",
"ResponseSnippet": ""
}
],
"Verdict": "pass"
}

BIN
docs/qa/feature-checks/runs/api/policy-trace-panel/run-001/evidence/03-policy-trace-probe-test-output.txt Normal file
View File

Binary file not shown.

85
docs/qa/feature-checks/runs/api/policy-trace-panel/run-001/tier0-source-check.json Normal file
View File

@@ -0,0 +1,85 @@
{
"type": "source",
"module": "api",
"feature": "policy-trace-panel",
"runId": "run-001",
"capturedAtUtc": "2026-02-11T09:41:39.0709614Z",
"filesChecked": [
"src/Findings/StellaOps.Findings.Ledger.WebService/Endpoints/ScoringEndpoints.cs",
"src/Findings/StellaOps.Findings.Ledger.WebService/Endpoints/EvidenceGraphEndpoints.cs",
"src/Findings/StellaOps.Findings.Ledger.WebService/Endpoints/FindingSummaryEndpoints.cs",
"src/Findings/StellaOps.Findings.Ledger.WebService/Services/FindingScoringService.cs",
"src/Findings/StellaOps.Findings.Ledger.WebService/Services/EvidenceGraphBuilder.cs",
"src/Findings/StellaOps.Findings.Ledger.WebService/Services/VexConsensusService.cs",
"src/Findings/StellaOps.Findings.Ledger/Infrastructure/Policy/PolicyEngineEvaluationService.cs",
"src/Findings/StellaOps.Findings.Ledger/Infrastructure/Policy/InlinePolicyEvaluationService.cs",
"src/Findings/__Tests/StellaOps.Findings.Ledger.Tests/Integration/ScoringEndpointsIntegrationTests.cs",
"src/Findings/__Tests/StellaOps.Findings.Ledger.Tests/Integration/ScoringAuthorizationTests.cs",
"src/Findings/__Tests/StellaOps.Findings.Ledger.Tests/PolicyEngineEvaluationServiceTests.cs",
"src/Findings/__Tests/StellaOps.Findings.Ledger.Tests/InlinePolicyEvaluationServiceTests.cs",
"src/Findings/__Tests/StellaOps.Findings.Ledger.Tests/Services/EvidenceGraphBuilderTests.cs",
"src/Findings/__Tests/StellaOps.Findings.Ledger.Tests/Services/FindingScoringServiceTests.cs"
],
"found": [
"src/Findings/StellaOps.Findings.Ledger.WebService/Endpoints/ScoringEndpoints.cs",
"src/Findings/StellaOps.Findings.Ledger.WebService/Endpoints/EvidenceGraphEndpoints.cs",
"src/Findings/StellaOps.Findings.Ledger.WebService/Endpoints/FindingSummaryEndpoints.cs",
"src/Findings/StellaOps.Findings.Ledger.WebService/Services/FindingScoringService.cs",
"src/Findings/StellaOps.Findings.Ledger.WebService/Services/EvidenceGraphBuilder.cs",
"src/Findings/StellaOps.Findings.Ledger.WebService/Services/VexConsensusService.cs",
"src/Findings/StellaOps.Findings.Ledger/Infrastructure/Policy/PolicyEngineEvaluationService.cs",
"src/Findings/StellaOps.Findings.Ledger/Infrastructure/Policy/InlinePolicyEvaluationService.cs",
"src/Findings/__Tests/StellaOps.Findings.Ledger.Tests/Integration/ScoringEndpointsIntegrationTests.cs",
"src/Findings/__Tests/StellaOps.Findings.Ledger.Tests/Integration/ScoringAuthorizationTests.cs",
"src/Findings/__Tests/StellaOps.Findings.Ledger.Tests/PolicyEngineEvaluationServiceTests.cs",
"src/Findings/__Tests/StellaOps.Findings.Ledger.Tests/InlinePolicyEvaluationServiceTests.cs",
"src/Findings/__Tests/StellaOps.Findings.Ledger.Tests/Services/EvidenceGraphBuilderTests.cs",
"src/Findings/__Tests/StellaOps.Findings.Ledger.Tests/Services/FindingScoringServiceTests.cs"
],
"missing": [
],
"declarationChecks": [
{
"pattern": "class FindingScoringService",
"found": true,
"sample": "src/Findings\\StellaOps.Findings.Ledger.WebService\\Services\\FindingScoringService.cs:97:public sealed class FindingScoringService : IFindingScoringService"
},
{
"pattern": "class EvidenceGraphBuilder",
"found": true,
"sample": "src/Findings\\StellaOps.Findings.Ledger.WebService\\Services\\EvidenceGraphBuilder.cs:10:public sealed class EvidenceGraphBuilder : IEvidenceGraphBuilder"
},
{
"pattern": "class VexConsensusService",
"found": true,
"sample": "src/Findings\\StellaOps.Findings.Ledger.WebService\\Services\\VexConsensusService.cs:11:public sealed class VexConsensusService"
},
{
"pattern": "class PolicyEngineEvaluationService",
"found": true,
"sample": "src/Findings\\__Tests\\StellaOps.Findings.Ledger.Tests\\PolicyEngineEvaluationServiceTests.cs:15:public sealed class PolicyEngineEvaluationServiceTests"
},
{
"pattern": "class InlinePolicyEvaluationService",
"found": true,
"sample": "src/Findings\\StellaOps.Findings.Ledger\\Infrastructure\\Policy\\InlinePolicyEvaluationService.cs:9:public sealed class InlinePolicyEvaluationService : IPolicyEvaluationService"
},
{
"pattern": "MapScoringEndpoints",
"found": true,
"sample": "src/Findings\\StellaOps.Findings.Ledger.WebService\\Endpoints\\ScoringEndpoints.cs:26: public static void MapScoringEndpoints(this WebApplication app)"
},
{
"pattern": "MapEvidenceGraphEndpoints",
"found": true,
"sample": "src/Findings\\StellaOps.Findings.Ledger.WebService\\Endpoints\\EvidenceGraphEndpoints.cs:10: public static void MapEvidenceGraphEndpoints(this WebApplication app)"
},
{
"pattern": "MapFindingSummaryEndpoints",
"found": true,
"sample": "src/Findings\\StellaOps.Findings.Ledger.WebService\\Program.cs:1951:app.MapFindingSummaryEndpoints();"
}
],
"verdict": "pass"
}

23
docs/qa/feature-checks/runs/api/policy-trace-panel/run-001/tier1-build-check.json Normal file
View File

@@ -0,0 +1,23 @@
{
"type": "build",
"module": "api",
"feature": "policy-trace-panel",
"runId": "run-001",
"capturedAtUtc": "2026-02-11T09:51:08.7929289Z",
"project": "src/Findings/StellaOps.Findings.Ledger.WebService/StellaOps.Findings.Ledger.WebService.csproj",
"testProject": "src/Findings/__Tests/StellaOps.Findings.Ledger.Tests/StellaOps.Findings.Ledger.Tests.csproj",
"buildCommand": "dotnet build src/Findings/StellaOps.Findings.Ledger.WebService/StellaOps.Findings.Ledger.WebService.csproj -c Release --nologo",
"buildResult": "pass",
"buildExitCode": 0,
"testCommand": "dotnet test src/Findings/__Tests/StellaOps.Findings.Ledger.Tests/StellaOps.Findings.Ledger.Tests.csproj -c Release --nologo --filter FullyQualifiedName~PolicyEngineEvaluationServiceTests|FullyQualifiedName~InlinePolicyEvaluationServiceTests|FullyQualifiedName~EvidenceGraphBuilderTests|FullyQualifiedName~ScoringEndpointsIntegrationTests|FullyQualifiedName~ScoringAuthorizationTests|FullyQualifiedName~FeatureVerificationProbeTests",
"testResult": "pass",
"testExitCode": 0,
"testsRun": 141,
"testsPassed": 141,
"testsFailed": 0,
"evidence": [
"evidence/01-build.txt",
"evidence/02-tests.txt"
],
"verdict": "pass"
}

81
docs/qa/feature-checks/runs/api/policy-trace-panel/run-001/tier2-api-check.json Normal file
View File

@@ -0,0 +1,81 @@
{
"type": "api",
"module": "api",
"feature": "policy-trace-panel",
"runId": "run-001",
"baseUrl": "in-memory-testserver",
"capturedAtUtc": "2026-02-11T09:49:10.0621099+00:00",
"requests": [
{
"description": "List finding summaries with auth",
"method": "GET",
"path": "/api/v1/findings/summaries",
"expectedStatus": 200,
"actualStatus": 200,
"assertion": "authorized summaries query succeeds",
"result": "pass",
"requestCapturedAtUtc": "2026-02-11T09:49:10.0623687+00:00",
"responseSnippet": "{\"items\":[],\"totalCount\":0,\"page\":1,\"pageSize\":50,\"totalPages\":0}",
"evidenceFile": "evidence/03-policy-trace-api-probe.json"
},
{
"description": "Invalid finding id returns bad request",
"method": "GET",
"path": "/api/v1/findings/not-a-guid/summary",
"expectedStatus": 400,
"actualStatus": 400,
"assertion": "invalid GUID is rejected",
"result": "pass",
"requestCapturedAtUtc": "2026-02-11T09:49:10.2733641+00:00",
"responseSnippet": "{\"type\":\"https://tools.ietf.org/html/rfc9110#section-15.5.1\",\"title\":\"invalid_finding_id\",\"status\":400,\"detail\":\"findingId must be a valid GUID.\",\"traceId\":\"00-16d76634fc8dd885423966dc41b346e1-f13674971690c5f0-00\"}",
"evidenceFile": "evidence/03-policy-trace-api-probe.json"
},
{
"description": "Unknown finding summary returns not found",
"method": "GET",
"path": "/api/v1/findings/b0182670-0d1f-414b-905f-63f05ab1c77a/summary",
"expectedStatus": 404,
"actualStatus": 404,
"assertion": "unknown finding returns 404",
"result": "pass",
"requestCapturedAtUtc": "2026-02-11T09:49:10.2948666+00:00",
"responseSnippet": "",
"evidenceFile": "evidence/03-policy-trace-api-probe.json"
},
{
"description": "Unknown finding evidence graph returns not found",
"method": "GET",
"path": "/api/v1/findings/ea31c0d1-8752-42d5-9ae2-ad3893c9755d/evidence-graph",
"expectedStatus": 404,
"actualStatus": 404,
"assertion": "unknown graph returns 404",
"result": "pass",
"requestCapturedAtUtc": "2026-02-11T09:49:10.2994287+00:00",
"responseSnippet": "",
"evidenceFile": "evidence/03-policy-trace-api-probe.json"
},
{
"description": "Unauthorized summaries request is rejected",
"method": "GET",
"path": "/api/v1/findings/summaries",
"expectedStatus": 401,
"actualStatus": 401,
"assertion": "missing token returns 401",
"result": "pass",
"requestCapturedAtUtc": "2026-02-11T09:49:10.3022986+00:00",
"responseSnippet": "",
"evidenceFile": "evidence/03-policy-trace-api-probe.json"
}
],
"behaviorVerified": [
"Authorized summaries endpoint returns structured finding-summary page payload.",
"Invalid summary identifier is rejected with 400 and problem-details payload.",
"Unknown summary and evidence-graph resources return 404.",
"Unauthenticated access to summary endpoint is rejected with 401."
],
"evidence": [
"evidence/03-policy-trace-api-probe.json",
"evidence/03-policy-trace-probe-test-output.txt"
],
"verdict": "pass"
}

5
docs/qa/feature-checks/runs/api/score-api-endpoints/run-001/confirmation.json Normal file
View File

@@ -0,0 +1,5 @@
{
"approved": true,
"reason": "Root cause confirmed via failing probe responses and subsequent pass after DI registration patch.",
"revisedRootCause": null
}

BIN
docs/qa/feature-checks/runs/api/score-api-endpoints/run-001/evidence/01-build.txt Normal file
View File

Binary file not shown.

BIN
docs/qa/feature-checks/runs/api/score-api-endpoints/run-001/evidence/02-tests.txt Normal file
View File

Binary file not shown.

54
docs/qa/feature-checks/runs/api/score-api-endpoints/run-001/evidence/03-score-api-probe.json Normal file
View File

@@ -0,0 +1,54 @@
{
"Type": "api",
"Module": "api",
"Feature": "score-api-endpoints",
"BaseUrl": "in-memory-testserver",
"CapturedAtUtc": "2026-02-11T10:01:41.2944764\u002B00:00",
"Requests": [
{
"Description": "Scoring policy endpoint returns active policy",
"Method": "GET",
"Path": "/api/v1/scoring/policy",
"ExpectedStatus": 200,
"ActualStatus": 200,
"Assertion": "authorized policy read succeeds",
"Result": "pass",
"RequestCapturedAtUtc": "2026-02-11T10:01:41.2948669\u002B00:00",
"ResponseSnippet": "{\u0022version\u0022:\u0022ews.v1\u0022,\u0022digest\u0022:\u0022a57db067a8407a480fac6cdb1823f7d2eab7f7a3f4f6eec55c62b67dd7ac757e\u0022,\u0022activeSince\u0022:\u00222026-02-11T10:01:41.0787158\u002B00:00\u0022,\u0022environment\u0022:\u0022production\u0022,\u0022weights\u0022:{\u0022rch\u0022:0.3,\u0022rts\u0022:0.25,\u0022bkp\u0022:0.15,\u0022xpl\u0022:0.15,\u0022src\u0022:0.1,\u0022mit\u0022:0.1},\u0022guardrails\u0022:{\u0022notAffectedCap\u0022:{\u0022enabled\u0022:true,\u0022maxScore\u0022:15,\u0022minScore\u0022:null},\u0022runtimeFloor\u0022:{\u0022enabled\u0022:true,\u0022maxScore\u0022:null,\u0022minScore\u0022:60},\u0022speculativeCap\u0022:{\u0022enabled\u0022:true,\u0022maxScore\u0022:45,\u0022minScore\u0022:null}},\u0022buckets\u0022:{\u0022actNowMin\u0022:90,\u0022scheduleNextMin\u0022:70,\u0022investigateMin\u0022:40}}"
},
{
"Description": "Batch scoring rejects empty list",
"Method": "POST",
"Path": "/api/v1/findings/scores",
"ExpectedStatus": 400,
"ActualStatus": 400,
"Assertion": "empty batch rejected",
"Result": "pass",
"RequestCapturedAtUtc": "2026-02-11T10:01:41.5019179\u002B00:00",
"ResponseSnippet": "{\u0022code\u0022:\u0022SCORING_INVALID_REQUEST\u0022,\u0022message\u0022:\u0022At least one finding ID is required\u0022,\u0022details\u0022:null,\u0022traceId\u0022:\u002200-2acc91cffc1248c95728565da3e3becb-f65939ed5a614b67-00\u0022}"
},
{
"Description": "Cached score unknown finding returns not found",
"Method": "GET",
"Path": "/api/v1/findings/CVE-9999-0000%40pkg%3Anpm%2Fnone%401.0.0/score",
"ExpectedStatus": 404,
"ActualStatus": 404,
"Assertion": "unknown score returns 404",
"Result": "pass",
"RequestCapturedAtUtc": "2026-02-11T10:01:41.5235715\u002B00:00",
"ResponseSnippet": ""
},
{
"Description": "Scoring policy without auth is rejected",
"Method": "GET",
"Path": "/api/v1/scoring/policy",
"ExpectedStatus": 401,
"ActualStatus": 401,
"Assertion": "missing token returns 401",
"Result": "pass",
"RequestCapturedAtUtc": "2026-02-11T10:01:41.5280646\u002B00:00",
"ResponseSnippet": ""
}
],
"Verdict": "pass"
}

BIN
docs/qa/feature-checks/runs/api/score-api-endpoints/run-001/evidence/03-score-probe-test-output.txt Normal file
View File

Binary file not shown.

9
docs/qa/feature-checks/runs/api/score-api-endpoints/run-001/fix-summary.json Normal file
View File

@@ -0,0 +1,9 @@
{
"filesModified": [
"src/Findings/StellaOps.Findings.Ledger.WebService/Program.cs"
],
"testsAdded": [
],
"description": "Registered scoring dependencies and in-memory cache in DI container to satisfy FindingScoringService runtime requirements."
}

67
docs/qa/feature-checks/runs/api/score-api-endpoints/run-001/tier0-source-check.json Normal file
View File

@@ -0,0 +1,67 @@
{
"type": "source",
"module": "api",
"feature": "score-api-endpoints",
"runId": "run-001",
"capturedAtUtc": "2026-02-11T09:52:36.3089726Z",
"filesChecked": [
"src/Findings/StellaOps.Findings.Ledger.WebService/Endpoints/ScoringEndpoints.cs",
"src/Findings/StellaOps.Findings.Ledger/Services/ScoredFindingsQueryService.cs",
"src/Findings/StellaOps.Findings.Ledger/Services/ScoredFindingsQueryModels.cs",
"src/Findings/StellaOps.Findings.Ledger/Services/ScoredFindingsExportService.cs",
"src/Findings/StellaOps.Findings.Ledger/Services/ScoringMetricsService.cs",
"src/Findings/StellaOps.Findings.Ledger.WebService/Services/ScoreHistoryStore.cs",
"src/Findings/StellaOps.Findings.Ledger.WebService/Contracts/ScoringContracts.cs",
"src/Findings/__Tests/StellaOps.Findings.Ledger.Tests/ScoredFindingsQueryServiceTests.cs",
"src/Findings/__Tests/StellaOps.Findings.Ledger.Tests/Integration/ScoringEndpointsIntegrationTests.cs",
"src/Findings/__Tests/StellaOps.Findings.Ledger.Tests/Integration/ScoringObservabilityTests.cs"
],
"found": [
"src/Findings/StellaOps.Findings.Ledger.WebService/Endpoints/ScoringEndpoints.cs",
"src/Findings/StellaOps.Findings.Ledger/Services/ScoredFindingsQueryService.cs",
"src/Findings/StellaOps.Findings.Ledger/Services/ScoredFindingsQueryModels.cs",
"src/Findings/StellaOps.Findings.Ledger/Services/ScoredFindingsExportService.cs",
"src/Findings/StellaOps.Findings.Ledger/Services/ScoringMetricsService.cs",
"src/Findings/StellaOps.Findings.Ledger.WebService/Services/ScoreHistoryStore.cs",
"src/Findings/StellaOps.Findings.Ledger.WebService/Contracts/ScoringContracts.cs",
"src/Findings/__Tests/StellaOps.Findings.Ledger.Tests/ScoredFindingsQueryServiceTests.cs",
"src/Findings/__Tests/StellaOps.Findings.Ledger.Tests/Integration/ScoringEndpointsIntegrationTests.cs",
"src/Findings/__Tests/StellaOps.Findings.Ledger.Tests/Integration/ScoringObservabilityTests.cs"
],
"missing": [
],
"declarationChecks": [
{
"pattern": "MapScoringEndpoints",
"found": true,
"sample": "src/Findings\\StellaOps.Findings.Ledger.WebService\\Program.cs:1961:app.MapScoringEndpoints();"
},
{
"pattern": "GetActivePolicy",
"found": true,
"sample": "src/Findings\\StellaOps.Findings.Ledger.WebService\\Endpoints\\ScoringEndpoints.cs:75: scoringGroup.MapGet(\"/policy\", GetActivePolicy)"
},
{
"pattern": "ListPolicyVersions",
"found": true,
"sample": "src/Findings\\StellaOps.Findings.Ledger.WebService\\Endpoints\\ScoringEndpoints.cs:93: scoringGroup.MapGet(\"/policy/versions\", ListPolicyVersions)"
},
{
"pattern": "class ScoringMetricsService",
"found": true,
"sample": "src/Findings\\StellaOps.Findings.Ledger\\Services\\ScoringMetricsService.cs:11:public sealed class ScoringMetricsService : IScoringMetricsService"
},
{
"pattern": "class ScoredFindingsQueryService",
"found": true,
"sample": "src/Findings\\__Tests\\StellaOps.Findings.Ledger.Tests\\ScoredFindingsQueryServiceTests.cs:12:public class ScoredFindingsQueryServiceTests"
},
{
"pattern": "class ScoredFindingsExportService",
"found": true,
"sample": "src/Findings\\StellaOps.Findings.Ledger\\Services\\ScoredFindingsExportService.cs:14:public sealed class ScoredFindingsExportService : IScoredFindingsExportService"
}
],
"verdict": "pass"
}

23
docs/qa/feature-checks/runs/api/score-api-endpoints/run-001/tier1-build-check.json Normal file
View File

@@ -0,0 +1,23 @@
{
"type": "build",
"module": "api",
"feature": "score-api-endpoints",
"runId": "run-001",
"capturedAtUtc": "2026-02-11T09:53:37.2958569Z",
"project": "src/Findings/StellaOps.Findings.Ledger.WebService/StellaOps.Findings.Ledger.WebService.csproj",
"testProject": "src/Findings/__Tests/StellaOps.Findings.Ledger.Tests/StellaOps.Findings.Ledger.Tests.csproj",
"buildCommand": "dotnet build src/Findings/StellaOps.Findings.Ledger.WebService/StellaOps.Findings.Ledger.WebService.csproj -c Release --nologo",
"buildResult": "pass",
"buildExitCode": 0,
"testCommand": "dotnet test src/Findings/__Tests/StellaOps.Findings.Ledger.Tests/StellaOps.Findings.Ledger.Tests.csproj -c Release --nologo --filter FullyQualifiedName~ScoredFindingsQueryServiceTests|FullyQualifiedName~ScoringEndpointsIntegrationTests|FullyQualifiedName~ScoringAuthorizationTests|FullyQualifiedName~ScoringObservabilityTests|FullyQualifiedName~FeatureVerificationProbeTests",
"testResult": "pass",
"testExitCode": 0,
"testsRun": 141,
"testsPassed": 141,
"testsFailed": 0,
"evidence": [
"evidence/01-build.txt",
"evidence/02-tests.txt"
],
"verdict": "pass"
}

8
docs/qa/feature-checks/runs/api/score-api-endpoints/run-001/triage.json Normal file
View File

@@ -0,0 +1,8 @@
{
"rootCause": "Scoring endpoints returned HTTP 500 because required DI services for FindingScoringService were not fully registered in WebService Program.cs (evidence-weighted scoring dependencies and IMemoryCache).",
"category": "config",
"affectedFiles": [
"src/Findings/StellaOps.Findings.Ledger.WebService/Program.cs"
],
"confidence": 0.97
}

BIN
docs/qa/feature-checks/runs/api/score-api-endpoints/run-002/evidence/01-build.txt Normal file
View File

Binary file not shown.

BIN
docs/qa/feature-checks/runs/api/score-api-endpoints/run-002/evidence/02-tests.txt Normal file
View File

Binary file not shown.

54
docs/qa/feature-checks/runs/api/score-api-endpoints/run-002/evidence/03-score-api-probe.json Normal file
View File

@@ -0,0 +1,54 @@
{
"Type": "api",
"Module": "api",
"Feature": "score-api-endpoints",
"BaseUrl": "in-memory-testserver",
"CapturedAtUtc": "2026-02-11T10:05:18.6357519\u002B00:00",
"Requests": [
{
"Description": "Scoring policy endpoint returns active policy",
"Method": "GET",
"Path": "/api/v1/scoring/policy",
"ExpectedStatus": 200,
"ActualStatus": 200,
"Assertion": "authorized policy read succeeds",
"Result": "pass",
"RequestCapturedAtUtc": "2026-02-11T10:05:18.6364146\u002B00:00",
"ResponseSnippet": "{\u0022version\u0022:\u0022ews.v1\u0022,\u0022digest\u0022:\u0022a57db067a8407a480fac6cdb1823f7d2eab7f7a3f4f6eec55c62b67dd7ac757e\u0022,\u0022activeSince\u0022:\u00222026-02-11T10:05:18.2922151\u002B00:00\u0022,\u0022environment\u0022:\u0022production\u0022,\u0022weights\u0022:{\u0022rch\u0022:0.3,\u0022rts\u0022:0.25,\u0022bkp\u0022:0.15,\u0022xpl\u0022:0.15,\u0022src\u0022:0.1,\u0022mit\u0022:0.1},\u0022guardrails\u0022:{\u0022notAffectedCap\u0022:{\u0022enabled\u0022:true,\u0022maxScore\u0022:15,\u0022minScore\u0022:null},\u0022runtimeFloor\u0022:{\u0022enabled\u0022:true,\u0022maxScore\u0022:null,\u0022minScore\u0022:60},\u0022speculativeCap\u0022:{\u0022enabled\u0022:true,\u0022maxScore\u0022:45,\u0022minScore\u0022:null}},\u0022buckets\u0022:{\u0022actNowMin\u0022:90,\u0022scheduleNextMin\u0022:70,\u0022investigateMin\u0022:40}}"
},
{
"Description": "Batch scoring rejects empty list",
"Method": "POST",
"Path": "/api/v1/findings/scores",
"ExpectedStatus": 400,
"ActualStatus": 400,
"Assertion": "empty batch rejected",
"Result": "pass",
"RequestCapturedAtUtc": "2026-02-11T10:05:18.9908719\u002B00:00",
"ResponseSnippet": "{\u0022code\u0022:\u0022SCORING_INVALID_REQUEST\u0022,\u0022message\u0022:\u0022At least one finding ID is required\u0022,\u0022details\u0022:null,\u0022traceId\u0022:\u002200-23125eafcb30faa0f4e7aa70df4db00b-6097c059efb39aac-00\u0022}"
},
{
"Description": "Cached score unknown finding returns not found",
"Method": "GET",
"Path": "/api/v1/findings/CVE-9999-0000%40pkg%3Anpm%2Fnone%401.0.0/score",
"ExpectedStatus": 404,
"ActualStatus": 404,
"Assertion": "unknown score returns 404",
"Result": "pass",
"RequestCapturedAtUtc": "2026-02-11T10:05:19.0249946\u002B00:00",
"ResponseSnippet": ""
},
{
"Description": "Scoring policy without auth is rejected",
"Method": "GET",
"Path": "/api/v1/scoring/policy",
"ExpectedStatus": 401,
"ActualStatus": 401,
"Assertion": "missing token returns 401",
"Result": "pass",
"RequestCapturedAtUtc": "2026-02-11T10:05:19.0300896\u002B00:00",
"ResponseSnippet": ""
}
],
"Verdict": "pass"
}

BIN
docs/qa/feature-checks/runs/api/score-api-endpoints/run-002/evidence/03-score-probe-test-output.txt Normal file
View File

Binary file not shown.

12
docs/qa/feature-checks/runs/api/score-api-endpoints/run-002/retest-result.json Normal file
View File

@@ -0,0 +1,12 @@
{
"previousFailures": [
"GET /api/v1/scoring/policy returned 500 due to unresolved DI services.",
"POST /api/v1/findings/scores returned 500 due to unresolved DI services.",
"GET /api/v1/findings/{id}/score returned 500 due to unresolved DI services."
],
"retestResults": [
"Fresh Tier 2 probe in run-002 captured all expected statuses (200/400/404/401).",
"Full Findings Ledger test suite passed (141/141)."
],
"verdict": "pass"
}

67
docs/qa/feature-checks/runs/api/score-api-endpoints/run-002/tier0-source-check.json Normal file
View File

@@ -0,0 +1,67 @@
{
"type": "source",
"module": "api",
"feature": "score-api-endpoints",
"runId": "run-002",
"capturedAtUtc": "2026-02-11T10:06:41.3661299Z",
"filesChecked": [
"src/Findings/StellaOps.Findings.Ledger.WebService/Endpoints/ScoringEndpoints.cs",
"src/Findings/StellaOps.Findings.Ledger/Services/ScoredFindingsQueryService.cs",
"src/Findings/StellaOps.Findings.Ledger/Services/ScoredFindingsQueryModels.cs",
"src/Findings/StellaOps.Findings.Ledger/Services/ScoredFindingsExportService.cs",
"src/Findings/StellaOps.Findings.Ledger/Services/ScoringMetricsService.cs",
"src/Findings/StellaOps.Findings.Ledger.WebService/Services/ScoreHistoryStore.cs",
"src/Findings/StellaOps.Findings.Ledger.WebService/Contracts/ScoringContracts.cs",
"src/Findings/__Tests/StellaOps.Findings.Ledger.Tests/ScoredFindingsQueryServiceTests.cs",
"src/Findings/__Tests/StellaOps.Findings.Ledger.Tests/Integration/ScoringEndpointsIntegrationTests.cs",
"src/Findings/__Tests/StellaOps.Findings.Ledger.Tests/Integration/ScoringObservabilityTests.cs"
],
"found": [
"src/Findings/StellaOps.Findings.Ledger.WebService/Endpoints/ScoringEndpoints.cs",
"src/Findings/StellaOps.Findings.Ledger/Services/ScoredFindingsQueryService.cs",
"src/Findings/StellaOps.Findings.Ledger/Services/ScoredFindingsQueryModels.cs",
"src/Findings/StellaOps.Findings.Ledger/Services/ScoredFindingsExportService.cs",
"src/Findings/StellaOps.Findings.Ledger/Services/ScoringMetricsService.cs",
"src/Findings/StellaOps.Findings.Ledger.WebService/Services/ScoreHistoryStore.cs",
"src/Findings/StellaOps.Findings.Ledger.WebService/Contracts/ScoringContracts.cs",
"src/Findings/__Tests/StellaOps.Findings.Ledger.Tests/ScoredFindingsQueryServiceTests.cs",
"src/Findings/__Tests/StellaOps.Findings.Ledger.Tests/Integration/ScoringEndpointsIntegrationTests.cs",
"src/Findings/__Tests/StellaOps.Findings.Ledger.Tests/Integration/ScoringObservabilityTests.cs"
],
"missing": [
],
"declarationChecks": [
{
"pattern": "MapScoringEndpoints",
"found": true,
"sample": "src/Findings\\StellaOps.Findings.Ledger.WebService\\Program.cs:1966:app.MapScoringEndpoints();"
},
{
"pattern": "GetActivePolicy",
"found": true,
"sample": "src/Findings\\StellaOps.Findings.Ledger.WebService\\Endpoints\\ScoringEndpoints.cs:75: scoringGroup.MapGet(\"/policy\", GetActivePolicy)"
},
{
"pattern": "ListPolicyVersions",
"found": true,
"sample": "src/Findings\\StellaOps.Findings.Ledger.WebService\\Endpoints\\ScoringEndpoints.cs:93: scoringGroup.MapGet(\"/policy/versions\", ListPolicyVersions)"
},
{
"pattern": "class ScoringMetricsService",
"found": true,
"sample": "src/Findings\\StellaOps.Findings.Ledger\\Services\\ScoringMetricsService.cs:11:public sealed class ScoringMetricsService : IScoringMetricsService"
},
{
"pattern": "class ScoredFindingsQueryService",
"found": true,
"sample": "src/Findings\\__Tests\\StellaOps.Findings.Ledger.Tests\\ScoredFindingsQueryServiceTests.cs:12:public class ScoredFindingsQueryServiceTests"
},
{
"pattern": "class ScoredFindingsExportService",
"found": true,
"sample": "src/Findings\\StellaOps.Findings.Ledger\\Services\\ScoredFindingsExportService.cs:14:public sealed class ScoredFindingsExportService : IScoredFindingsExportService"
}
],
"verdict": "pass"
}

23
docs/qa/feature-checks/runs/api/score-api-endpoints/run-002/tier1-build-check.json Normal file
View File

@@ -0,0 +1,23 @@
{
"type": "build",
"module": "api",
"feature": "score-api-endpoints",
"runId": "run-002",
"capturedAtUtc": "2026-02-11T10:06:41.4106899Z",
"project": "src/Findings/StellaOps.Findings.Ledger.WebService/StellaOps.Findings.Ledger.WebService.csproj",
"testProject": "src/Findings/__Tests/StellaOps.Findings.Ledger.Tests/StellaOps.Findings.Ledger.Tests.csproj",
"buildCommand": "dotnet build src/Findings/StellaOps.Findings.Ledger.WebService/StellaOps.Findings.Ledger.WebService.csproj -c Release --nologo",
"buildResult": "pass",
"buildExitCode": 0,
"testCommand": "dotnet test src/Findings/__Tests/StellaOps.Findings.Ledger.Tests/StellaOps.Findings.Ledger.Tests.csproj -c Release --nologo",
"testResult": "pass",
"testExitCode": 0,
"testsRun": 141,
"testsPassed": 141,
"testsFailed": 0,
"evidence": [
"evidence/01-build.txt",
"evidence/02-tests.txt"
],
"verdict": "pass"
}

69
docs/qa/feature-checks/runs/api/score-api-endpoints/run-002/tier2-api-check.json Normal file
View File

@@ -0,0 +1,69 @@
{
"type": "api",
"module": "api",
"feature": "score-api-endpoints",
"runId": "run-002",
"baseUrl": "in-memory-testserver",
"capturedAtUtc": "2026-02-11T10:05:18.6357519+00:00",
"requests": [
{
"description": "Scoring policy endpoint returns active policy",
"method": "GET",
"path": "/api/v1/scoring/policy",
"expectedStatus": 200,
"actualStatus": 200,
"assertion": "authorized policy read succeeds",
"result": "pass",
"requestCapturedAtUtc": "2026-02-11T10:05:18.6364146+00:00",
"responseSnippet": "{\"version\":\"ews.v1\",\"digest\":\"a57db067a8407a480fac6cdb1823f7d2eab7f7a3f4f6eec55c62b67dd7ac757e\",\"activeSince\":\"2026-02-11T10:05:18.2922151+00:00\",\"environment\":\"production\",\"weights\":{\"rch\":0.3,\"rts\":0.25,\"bkp\":0.15,\"xpl\":0.15,\"src\":0.1,\"mit\":0.1},\"guardrails\":{\"notAffectedCap\":{\"enabled\":true,\"maxScore\":15,\"minScore\":null},\"runtimeFloor\":{\"enabled\":true,\"maxScore\":null,\"minScore\":60},\"speculativeCap\":{\"enabled\":true,\"maxScore\":45,\"minScore\":null}},\"buckets\":{\"actNowMin\":90,\"scheduleNextMin\":70,\"investigateMin\":40}}",
"evidenceFile": "evidence/03-score-api-probe.json"
},
{
"description": "Batch scoring rejects empty list",
"method": "POST",
"path": "/api/v1/findings/scores",
"expectedStatus": 400,
"actualStatus": 400,
"assertion": "empty batch rejected",
"result": "pass",
"requestCapturedAtUtc": "2026-02-11T10:05:18.9908719+00:00",
"responseSnippet": "{\"code\":\"SCORING_INVALID_REQUEST\",\"message\":\"At least one finding ID is required\",\"details\":null,\"traceId\":\"00-23125eafcb30faa0f4e7aa70df4db00b-6097c059efb39aac-00\"}",
"evidenceFile": "evidence/03-score-api-probe.json"
},
{
"description": "Cached score unknown finding returns not found",
"method": "GET",
"path": "/api/v1/findings/CVE-9999-0000%40pkg%3Anpm%2Fnone%401.0.0/score",
"expectedStatus": 404,
"actualStatus": 404,
"assertion": "unknown score returns 404",
"result": "pass",
"requestCapturedAtUtc": "2026-02-11T10:05:19.0249946+00:00",
"responseSnippet": "",
"evidenceFile": "evidence/03-score-api-probe.json"
},
{
"description": "Scoring policy without auth is rejected",
"method": "GET",
"path": "/api/v1/scoring/policy",
"expectedStatus": 401,
"actualStatus": 401,
"assertion": "missing token returns 401",
"result": "pass",
"requestCapturedAtUtc": "2026-02-11T10:05:19.0300896+00:00",
"responseSnippet": "",
"evidenceFile": "evidence/03-score-api-probe.json"
}
],
"behaviorVerified": [
"Authorized scoring policy endpoint returns active policy metadata.",
"Empty batch scoring request is rejected with SCORING_INVALID_REQUEST (400).",
"Unknown finding score lookup returns 404.",
"Unauthenticated scoring policy access is rejected with 401."
],
"evidence": [
"evidence/03-score-api-probe.json",
"evidence/03-score-probe-test-output.txt"
],
"verdict": "pass"
}