stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

more features checks. setup improvements

Browse Source
This commit is contained in:
master
2026-02-13 02:04:55 +02:00
parent 9911b7d73c
commit 9ca2de05df
675 changed files with 37550 additions and 1826 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
docs/features/checked/concelier/4-tier-backport-evidence-resolver.md Normal file
View File

@@ -0,0 +1,27 @@
# 4-Tier Backport Evidence Resolver
## Module
Concelier
## Status
VERIFIED
## Description
Multi-tier backport evidence resolution with tier precedence, distro mappings, cross-distro OVAL integration, and deterministic backport verdicts.
## Implementation Details
- **Modules**: `src/Concelier/__Libraries/StellaOps.Concelier.Merge/`, `src/Concelier/__Libraries/StellaOps.Concelier.BackportProof/`
- **Key Classes**:
- `BackportEvidenceResolver` (`src/Concelier/__Libraries/StellaOps.Concelier.Merge/Backport/BackportEvidenceResolver.cs`) - multi-tier evidence resolution with tier precedence logic
- `BackportStatusService` (`src/Concelier/__Libraries/StellaOps.Concelier.BackportProof/Services/BackportStatusService.cs`) - backport status lookups with version comparison
- `FixIndexService` (`src/Concelier/__Libraries/StellaOps.Concelier.BackportProof/Services/FixIndexService.cs`) - O(1) distro patch lookups via fix index
- `ProvenanceScopeService` (`src/Concelier/__Libraries/StellaOps.Concelier.Merge/Backport/ProvenanceScopeService.cs`) - provenance scope tracking for backport-aware deduplication
- **Persistence**: `ProvenanceScopeRepository` (`src/Concelier/__Libraries/StellaOps.Concelier.Persistence/Postgres/Repositories/ProvenanceScopeRepository.cs`)
- **Source**: Feature matrix scan
## E2E Test Plan
- [ ] Submit a CVE with known backport status across multiple distros and verify the `BackportEvidenceResolver` returns correct tier-based verdict
- [ ] Verify tier precedence: Tier 1 evidence (direct patch proof) overrides Tier 2/3/4 evidence
- [ ] Verify cross-distro resolution: same CVE produces correct backport verdicts for Alpine, Debian, and RedHat simultaneously
- [ ] Verify deterministic verdicts: identical inputs produce identical backport verdicts across repeated runs
- [ ] Verify `FixIndexService` returns O(1) lookup performance for known distro patch entries