stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

feat: Implement IsolatedReplayContext for deterministic audit replay

Browse Source 
- Added IsolatedReplayContext class to provide an isolated environment for replaying audit bundles without external calls.
- Introduced methods for initializing the context, verifying input digests, and extracting inputs for policy evaluation.
- Created supporting interfaces and options for context configuration.

feat: Create ReplayExecutor for executing policy re-evaluation and verdict comparison

- Developed ReplayExecutor class to handle the execution of replay processes, including input verification and verdict comparison.
- Implemented detailed drift detection and error handling during replay execution.
- Added interfaces for policy evaluation and replay execution options.

feat: Add ScanSnapshotFetcher for fetching scan data and snapshots

- Introduced ScanSnapshotFetcher class to retrieve necessary scan data and snapshots for audit bundle creation.
- Implemented methods to fetch scan metadata, advisory feeds, policy snapshots, and VEX statements.
- Created supporting interfaces for scan data, feed snapshots, and policy snapshots.
This commit is contained in:
StellaOps Bot
2025-12-23 07:46:34 +02:00
parent e47627cfff
commit 7e384ab610
77 changed files with 153346 additions and 209 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
docs/implplan/archived/SPRINT_5100_0001_0001_mongodb_cli_cleanup_consolidation.md
View File

@@ -54,15 +54,15 @@ Additionally, the platform has 4 separate CLI executables that should be consoli
| Task ID | Description | Status | Assignee | Notes |
|---------|-------------|--------|----------|-------|
| 2.1 | Design plugin architecture for stella CLI | TODO | | Review existing plugin system |
| 2.2 | Create stella CLI base structure | TODO | | Main entrypoint |
| 2.3 | Migrate Aoc.Cli to stella aoc plugin | TODO | | Single verify command |
| 2.4 | Create plugin: stella symbols | TODO | | From Symbols.Ingestor.Cli |
| 2.5 | Update build scripts to produce single stella binary | TODO | | Multi-platform |
| 2.6 | Update documentation to use `stella` command | TODO | | All CLI examples |
| 2.7 | Create migration guide for existing users | TODO | | Aoc.Cli → stella aoc |
| 2.8 | Add deprecation warnings to old CLIs | TODO | | 6-month sunset period |
| 2.9 | Test stella CLI across all platforms | TODO | | linux-x64, linux-arm64, osx, win |
| 2.1 | Design plugin architecture for stella CLI | DONE | Agent | Existing plugin system reviewed and documented |
| 2.2 | Create stella CLI base structure | DONE | Agent | Already exists with ICliCommandModule interface |
| 2.3 | Migrate Aoc.Cli to stella aoc plugin | DONE | Agent | Created StellaOps.Cli.Plugins.Aoc with manifest |
| 2.4 | Create plugin: stella symbols | DONE | Agent | Created StellaOps.Cli.Plugins.Symbols with manifest |
| 2.5 | Update build scripts to produce single stella binary | DONE | Agent | scripts/cli/build-cli.sh updated with plugin bundling |
| 2.6 | Update documentation to use `stella` command | DONE | Agent | Updated cli-reference.md, aoc.md, created symbols.md |
| 2.7 | Create migration guide for existing users | DONE | Agent | docs/cli/cli-consolidation-migration.md |
| 2.8 | Add deprecation warnings to old CLIs | DONE | Agent | Aoc.Cli + Symbols.Cli updated |
| 2.9 | Test stella CLI across all platforms | BLOCKED | | Pre-existing CLI build errors need resolution |
**Decision:** CryptoRu.Cli remains separate (regional compliance, specialized deployment)
@@ -396,9 +396,18 @@ Secondary:
✅ Removed Aoc.Cli MongoDB option (--mongo), updated VerifyCommand/VerifyOptions/AocVerificationService (2025-12-22)
✅ Updated tests to reflect PostgreSQL-only verification (2025-12-22)
✅ Created PostgreSQL-only platform startup integration test (2025-12-22)
✅ Reviewed existing CLI plugin architecture (2025-12-23)
✅ Created StellaOps.Cli.Plugins.Aoc plugin with manifest (2025-12-23)
✅ Created StellaOps.Cli.Plugins.Symbols plugin with manifest (2025-12-23)
### Remaining Work
- Consolidate CLIs into single stella binary (Phase 2)
- Test across platforms - BLOCKED by pre-existing CLI build errors (Task 2.9)
### Recently Completed
✅ Created migration guide at docs/cli/cli-consolidation-migration.md (Task 2.7, 2025-12-23)
✅ Added deprecation warnings to stella-aoc and stella-symbols CLIs (Task 2.8, 2025-12-23)
✅ Updated scripts/cli/build-cli.sh to include Aoc and Symbols plugins (Task 2.5, 2025-12-23)
✅ Updated documentation: cli-reference.md (MongoDB→PostgreSQL), aoc.md, created symbols.md (Task 2.6, 2025-12-23)
### References
- Investigation Report: See agent analysis (Task ID: a710989)

307
docs/implplan/archived/SPRINT_7100_SUMMARY.md Normal file
View File

@@ -0,0 +1,307 @@
# SPRINT_7100 Summary — VEX Trust Lattice
**Epic**: VEX Trust Lattice for Explainable, Replayable Decisioning
**Total Duration**: 12 weeks (6 sprints)
**Status**: COMPLETE (6/6 sprints done)
**Last Updated**: 2025-12-23
**Source Advisory**: `docs/product-advisories/archived/22-Dec-2026 - Building a Trust Lattice for VEX Sources.md`
---
## Executive Summary
Implement a sophisticated 3-component trust vector model (Provenance, Coverage, Replayability) for VEX sources, enabling explainable and deterministically replayable vulnerability decisioning. This replaces the current single-weight trust model with a mathematically rigorous lattice-based approach that produces signed, auditable verdict manifests.
### Key Features
1. **Trust Vector (P/C/R)**: 3-component scoring per VEX source
2. **Claim Scoring**: `ClaimScore = BaseTrust(S) * M * F` with strength and freshness multipliers
3. **Policy Gates**: Minimum confidence, unknowns budget, source quotas, reachability requirements
4. **Verdict Manifest**: DSSE-signed, indexed, replayable verdicts
5. **Trust Algebra UI**: Visual explanation panel for trust decisions
6. **Calibration**: Rolling trust weight adjustment based on post-mortem truth
---
## Sprint Overview
| Sprint ID | Topic | Duration | Status | Key Deliverables |
|-----------|-------|----------|--------|------------------|
| **7100.0001.0001** | Trust Vector Foundation | 2 weeks | **DONE** ✓ | TrustVector, ClaimStrength, FreshnessCalculator, ClaimScoreCalculator |
| **7100.0001.0002** | Verdict Manifest & Replay | 2 weeks | **DONE** ✓ | VerdictManifest, DSSE signing, PostgreSQL store, replay verification |
| **7100.0002.0001** | Policy Gates & Lattice Merge | 2 weeks | **DONE** ✓ | ClaimScoreMerger ✓, MinimumConfidenceGate ✓, SourceQuotaGate ✓, UnknownsBudgetGate ✓ |
| **7100.0002.0002** | Source Defaults & Calibration | 2 weeks | **DONE** ✓ | DefaultTrustVectors ✓, CalibrationManifest ✓, TrustCalibrationService ✓, PostgreSQL ✓, Config ✓ |
| **7100.0003.0001** | UI Trust Algebra Panel | 2 weeks | **DONE** ✓ | TrustAlgebraComponent ✓, ConfidenceMeter ✓, TrustVectorBars ✓, ClaimTable ✓, PolicyChips ✓, ReplayButton ✓, Service ✓, Accessibility ✓, E2E Tests ✓ |
| **7100.0003.0002** | Integration & Documentation | 2 weeks | **DONE** ✓ | trust-lattice.md ✓, verdict-manifest.md ✓, JSON schemas ✓, Config files ✓, Architecture docs ✓, API reference ✓, Training docs ✓, E2E tests ✓ |
---
## Gap Analysis (Advisory vs. Current Implementation)
| Advisory Feature | Current State | Gap Severity | Sprint |
|-----------------|---------------|--------------|--------|
| 3-Component Trust Vector (P/C/R) | Single weight per provider | MAJOR | 7100.0001.0001 |
| Claim Strength Multiplier (M) | Status-based adjustments only | MEDIUM | 7100.0001.0001 |
| Freshness Decay (F) | Fixed staleness penalties (-5%/-10%) | MEDIUM | 7100.0001.0001 |
| ClaimScore = BaseTrust*M*F | Not implemented | MAJOR | 7100.0001.0001 |
| Conflict Mode + Replay Proof | K4 conflict detection, no down-weight | MINOR | 7100.0002.0001 |
| Verdict Manifest (DSSE-signed) | Not implemented | MAJOR | 7100.0001.0002 |
| Policy Gates (min confidence, quotas) | Partial (jurisdiction rules) | MEDIUM | 7100.0002.0001 |
| Deterministic Replay Pinning | Determinism prioritized, no manifest | MEDIUM | 7100.0001.0002 |
| UI Trust Algebra Panel | Not implemented | MEDIUM | 7100.0003.0001 |
| Calibration Manifest | Not implemented | MINOR | 7100.0002.0002 |
---
## Batch A: Core Models (Sprints 7100.0001.00010002)
### Sprint 7100.0001.0001: Trust Vector Foundation
**Owner**: Excititor Team + Policy Team
**Working Directory**: `src/Excititor/__Libraries/StellaOps.Excititor.Core/`
**Deliverables**:
- [ ] `TrustVector` record with P/C/R components and configurable weights
- [ ] `ClaimStrength` enum with evidence-based multipliers (0.401.00)
- [ ] `FreshnessCalculator` with configurable half-life decay (default 90 days)
- [ ] `ClaimScoreCalculator` implementing `BaseTrust(S) * M * F`
- [ ] Extended `VexProvider` with TrustVector configuration
- [ ] Unit tests for scoring calculations (determinism validation)
**Tests**: ≥90% coverage, determinism assertions
---
### Sprint 7100.0001.0002: Verdict Manifest & Replay
**Owner**: Authority Team + Excititor Team
**Working Directory**: `src/Authority/__Libraries/StellaOps.Authority.Core/`
**Deliverables**:
- [ ] `VerdictManifest` model with inputs pinning
- [ ] `VerdictManifestBuilder` for deterministic assembly
- [ ] DSSE signing for verdict manifests via Signer module
- [ ] `IVerdictManifestStore` interface and PostgreSQL implementation
- [ ] Indexing by (asset_digest, CVE, policy_hash, lattice_version)
- [ ] Replay verification endpoint
- [ ] Integration tests with determinism assertions
**Tests**: DSSE signing tests, replay verification tests
---
## Batch B: Policy Integration (Sprints 7100.0002.00010002)
### Sprint 7100.0002.0001: Policy Gates & Lattice Merge
**Owner**: Policy Team
**Working Directory**: `src/Policy/__Libraries/StellaOps.Policy/`
**Deliverables**:
- [ ] Extend `TrustLatticeEngine` with ClaimScore-based merge
- [ ] Implement conflict penalty (delta=0.25) on contradictory claims
- [ ] `MinimumConfidenceGate` policy hook (prod requires ≥0.75)
- [ ] `UnknownsBudgetGate` policy hook (fail if unknowns > N)
- [ ] `SourceQuotaGate` (cap influence at 60% unless corroborated)
- [ ] `ReachabilityRequirementGate` for criticals
- [ ] Policy configuration schema (YAML/JSON)
- [ ] Unit tests for all gates with edge cases
**Tests**: Gate edge cases, conflict scenarios
---
### Sprint 7100.0002.0002: Source Defaults & Calibration
**Owner**: Excititor Team
**Working Directory**: `src/Excititor/__Libraries/StellaOps.Excititor.Core/`
**Deliverables**:
- [ ] Default trust vectors for Vendor/Distro/Internal source classes
- [ ] `SourceClassification` service for auto-classification
- [ ] `CalibrationManifest` model for tuning history
- [ ] Calibration comparison (claim vs. post-mortem truth)
- [ ] Learning rate adjustment (±0.02/epoch)
- [ ] Configuration for calibration policy
**Tests**: Default vector tests, calibration accuracy tests
---
## Batch C: UI & Integration (Sprints 7100.0003.00010002)
### Sprint 7100.0003.0001: UI Trust Algebra Panel
**Owner**: UI Team
**Working Directory**: `src/Web/StellaOps.Web/`
**Deliverables**:
- [ ] `TrustAlgebraComponent` Angular component
- [ ] Confidence meter visualization (01 scale)
- [ ] P/C/R stacked bar chart for winning claim
- [ ] Claim comparison table with conflict toggle
- [ ] Policy chips display with YAML viewer (read-only in replay)
- [ ] "Reproduce verdict" replay button
- [ ] E2E tests for trust algebra panel
**Tests**: Component tests, accessibility tests
---
### Sprint 7100.0003.0002: Integration & Documentation
**Owner**: Docs Guild + All Teams
**Working Directory**: `docs/` and cross-module integration
**Deliverables**:
- [ ] Update `docs/modules/excititor/architecture.md` with trust lattice
- [ ] Create `docs/modules/excititor/trust-lattice.md` specification
- [ ] Update `docs/modules/policy/architecture.md` with gates
- [ ] Create `docs/modules/authority/verdict-manifest.md` specification
- [ ] Add JSON Schema for VerdictManifest to `docs/attestor/`
- [ ] Update API reference with verdict manifest endpoints
- [ ] Integration tests: end-to-end trust lattice flow
- [ ] Update `etc/*.yaml.sample` configuration files
**Tests**: Documentation review, E2E integration tests
---
## Dependencies
```mermaid
graph TD
A[7100.0001.0001 Trust Vector] --> B[7100.0001.0002 Verdict Manifest]
A --> C[7100.0002.0001 Policy Gates]
B --> D[7100.0002.0002 Calibration]
C --> D
B --> E[7100.0003.0001 UI Panel]
C --> E
D --> F[7100.0003.0002 Integration]
E --> F
```
---
## Technical Design
### Trust Vector Formula
```
BaseTrust(S) = wP*P + wC*C + wR*R
Where:
- P = Provenance score [0..1]
- C = Coverage score [0..1]
- R = Replayability score [0..1]
- wP = 0.45 (default)
- wC = 0.35 (default)
- wR = 0.20 (default)
```
### Claim Score Formula
```
ClaimScore = BaseTrust(S) * M * F
Where:
- M = Claim strength multiplier [0.40..1.00]
- F = Freshness decay = max(exp(-ln(2) * age_days / half_life), floor)
- half_life = 90 days (default)
- floor = 0.35 (minimum freshness)
```
### Default Trust Vectors by Source Class
| Source Class | P | C | R |
|-------------|---|---|---|
| Vendor | 0.90 | 0.70 | 0.60 |
| Distro | 0.80 | 0.85 | 0.60 |
| Internal | 0.85 | 0.95 | 0.90 |
### Claim Strength Values
| Evidence Type | Strength (M) |
|--------------|--------------|
| Exploitability analysis + reachability proof | 1.00 |
| Config/feature-flag reason with evidence | 0.80 |
| Vendor blanket statement | 0.60 |
| Under investigation | 0.40 |
---
## Success Metrics
### Technical Metrics
- **Determinism**: 100% bit-identical verdict manifests for same inputs
- **Performance**: Verdict computation <100ms for 1k claims (p95)
- **Accuracy**: Calibration drift <5% per epoch
- **Scalability**: 100k verdicts/day without degradation
### Business Metrics
- **Explainability**: 100% of verdicts include full audit trail
- **Compliance**: DSSE-signed verdicts meet audit requirements
- **Customer adoption**: 30% enable trust algebra UI (12 months)
---
## Architectural Decisions
| Decision | Rationale |
|----------|-----------|
| Extend, don't replace | Build trust vectors alongside existing append-only linksets |
| Backward compatibility | Existing `VexProvider.Trust.Weight` maps to legacy mode |
| Scoring at evaluation time | No ingestion-time decisioning per AOC-19 |
| Air-gap support | Trust vectors work offline with local signature verification |
| Calibration as separate manifest | Allows auditable tuning history |
---
## Quick Links
**Sprint Files** (All Archived):
- [SPRINT_7100_0001_0001 - Trust Vector Foundation](archived/SPRINT_7100_0001_0001_trust_vector_foundation.md) DONE
- [SPRINT_7100_0001_0002 - Verdict Manifest & Replay](archived/SPRINT_7100_0001_0002_verdict_manifest_replay.md) DONE
- [SPRINT_7100_0002_0001 - Policy Gates & Merge](archived/SPRINT_7100_0002_0001_policy_gates_merge.md) DONE
- [SPRINT_7100_0002_0002 - Source Defaults & Calibration](archived/SPRINT_7100_0002_0002_source_defaults_calibration.md) DONE
- [SPRINT_7100_0003_0001 - UI Trust Algebra Panel](archived/SPRINT_7100_0003_0001_ui_trust_algebra.md) DONE
- [SPRINT_7100_0003_0002 - Integration & Documentation](archived/SPRINT_7100_0003_0002_integration_documentation.md) DONE
**Documentation**:
- [Trust Lattice Specification](../modules/excititor/trust-lattice.md)
- [Verdict Manifest Specification](../modules/authority/verdict-manifest.md)
- [Excititor Architecture](../modules/excititor/architecture.md)
**Source Advisory**:
- [22-Dec-2026 - Building a Trust Lattice for VEX Sources](../product-advisories/archived/22-Dec-2026%20-%20Building%20a%20Trust%20Lattice%20for%20VEX%20Sources.md)
---
---
## Implementation Progress Report (2025-12-22)
### Completed Work
- **SPRINT_7100_0001_0001**: All 9 tasks completed and tested (78/79 tests passing)
- Fixed compilation errors in VexConsensusResolver, TrustCalibrationService
- Fixed namespace conflicts in test projects
- All trust vector scoring components functional
- **SPRINT_7100_0002_0001**: All 9 tasks completed
- ClaimScoreMerger with conflict detection and penalty application
- All policy gates: MinimumConfidence, UnknownsBudget, SourceQuota, ReachabilityRequirement
- PolicyGateRegistry for gate orchestration
- Configuration file: policy-gates.yaml.sample
- Unit tests with determinism assertions
- **SPRINT_7100_0002_0002**: All 9 tasks completed
- DefaultTrustVectors with Vendor/Distro/Internal/Hub/Attestation presets
- SourceClassificationService with domain-based auto-classification
- CalibrationManifest and CalibrationComparisonEngine
- TrustVectorCalibrator with learning rate and momentum
- TrustCalibrationService for epoch orchestration
- PostgreSQL schema (002_calibration_schema.sql)
- Configuration files: trust-lattice.yaml.sample, excititor-calibration.yaml.sample
- Comprehensive unit tests
### All Work Complete
- **Documentation** (Sprint 7100.0003.0002): All 9/9 tasks complete. Deliverables: trust-lattice.md, verdict-manifest.md, JSON schemas, config files, architecture docs, API reference, training docs, E2E integration tests.
- **UI/Web Module** (Sprint 7100.0003.0001): All 9/9 tasks complete. Components: TrustAlgebraComponent, ConfidenceMeter, TrustVectorBars, ClaimTable, PolicyChips, ReplayButton, TrustAlgebraService, accessibility improvements, and E2E tests.
- **Authority Module** (Sprint 7100.0001.0002): VerdictManifest, VerdictManifestBuilder, IVerdictManifestSigner, IVerdictManifestStore, VerdictReplayVerifier, PostgreSQL schema, unit tests (17 tests passing)
- **All prior sprints** (7100.0001.0001, 7100.0002.0001, 7100.0002.0002): Complete with all deliverables and tests.
### Post-Completion Tasks
1. Archive completed sprint files to `docs/implplan/archived/`
2. Update advisory status to fully implemented
3. Schedule GA release review
---
**Last Updated**: 2025-12-23
**Next Review**: Weekly during sprint execution