Add determinism tests for verdict artifact generation and update SHA256 sums script
- Implemented comprehensive tests for verdict artifact generation to ensure deterministic outputs across various scenarios, including identical inputs, parallel execution, and change ordering. - Created helper methods for generating sample verdict inputs and computing canonical hashes. - Added tests to validate the stability of canonical hashes, proof spine ordering, and summary statistics. - Introduced a new PowerShell script to update SHA256 sums for files, ensuring accurate hash generation and file integrity checks.
This commit is contained in:
StellaOps Bot
@@ -1,11 +1,20 @@
|
||||
# Archived: Console Risk UI Notes
|
||||
# Console Risk UI (Overview)
|
||||
|
||||
This page was consolidated into canonical docs:
|
||||
This document describes how risk and explainability concepts should surface in the Console.
|
||||
|
||||
- `docs/20_VULNERABILITY_EXPLORER_GUIDE.md`
|
||||
- `docs/16_VEX_CONSENSUS_GUIDE.md`
|
||||
- `docs/15_UI_GUIDE.md`
|
||||
## Concepts to Surface
|
||||
|
||||
The previous note has been archived to:
|
||||
- **Verdict and “why”:** a short, narrative explanation above the fold.
|
||||
- **Evidence rail:** links to proofs that justify each fact (SBOM, VEX, reachability, policy explain trace).
|
||||
- **Risk signals:** severity, exploit signals, exposure context, and confidence/uncertainty indicators.
|
||||
|
||||
- `docs/_archive/console/risk-ui.md`
|
||||
## Explainability Expectations
|
||||
|
||||
- Every blocking decision must link to the policy gate and the evidence inputs that triggered it.
|
||||
- Uncertainty must remain explicit (avoid false safety when evidence is missing or conflicts exist).
|
||||
|
||||
## References
|
||||
|
||||
- Risk model overview: `docs/risk/overview.md`
|
||||
- Policy explainability: `docs/risk/explainability.md`
|
||||
- Vulnerability Explorer guide: `docs/20_VULNERABILITY_EXPLORER_GUIDE.md`
|
||||
|
||||
Reference in New Issue
Block a user