stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Add determinism tests for verdict artifact generation and update SHA256 sums script

Browse Source 
- Implemented comprehensive tests for verdict artifact generation to ensure deterministic outputs across various scenarios, including identical inputs, parallel execution, and change ordering.
- Created helper methods for generating sample verdict inputs and computing canonical hashes.
- Added tests to validate the stability of canonical hashes, proof spine ordering, and summary statistics.
- Introduced a new PowerShell script to update SHA256 sums for files, ensuring accurate hash generation and file integrity checks.
This commit is contained in:
StellaOps Bot
2025-12-24 02:17:34 +02:00
parent e59921374e
commit 7503c19b8f
390 changed files with 37389 additions and 5380 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
docs/vex/consensus-algorithm.md
View File

@@ -1,6 +1,37 @@
# Archived: VEX Consensus Algorithm
# VEX Consensus Algorithm (Deterministic)
This document was consolidated during docs cleanup.
This document describes the consensus computation at a high level. It is not an API contract; see `docs/vex/consensus-json.md` and `docs/vex/consensus-api.md` for payload and endpoint details.
- Canonical guide: `docs/16_VEX_CONSENSUS_GUIDE.md`
- Module dossier: `docs/modules/vex-lens/architecture.md`
## Inputs
- Normalized VEX tuples (status, justification, scope, timestamp, source digest)
- Issuer trust registry (tiers, weights, verification state)
- Optional policy precedence rules for how to treat conflicts
## Grouping and Ordering
1. Group tuples by correlation key (typically `(artifactId/productKey, vulnerabilityId)` per tenant).
2. Apply a stable sort for evaluation, commonly:
- Most recent statement first (timestamp)
- Higher trust tier/weight first
- Higher verification confidence first
Ordering must be deterministic for identical inputs.
## Lattice Join
Consensus uses a lattice-style join to avoid false safety:
- Model states with an explicit uncertainty ordering (e.g., `unknown` and `under_investigation` remain meaningful outcomes).
- Preserve conflicts when competing issuers disagree at comparable precedence.
The output includes:
- Effective status
- Confidence/weight summary
- References to source statements (digests)
- Conflict list (who disagrees and how)
## References
- `docs/modules/vex-lens/architecture.md`