more features checks. setup improvements

2026-02-13 02:04:55 +02:00
parent 9911b7d73c
commit 9ca2de05df
675 changed files with 37550 additions and 1826 deletions
--- a/docs/features/checked/policy/gate-level-selection.md
+++ b/docs/features/checked/policy/gate-level-selection.md
@@ -0,0 +1,39 @@
+# Gate Level Selection (G0-G4)
+
+## Module
+Policy
+
+## Status
+IMPLEMENTED
+
+## Description
+Diff-aware release gate levels G0-G4 with automatic gate selection based on RRS score and budget status, exposed via API endpoints.
+
+## Implementation Details
+- **PolicyGateEvaluator**: `src/Policy/StellaOps.Policy.Engine/Gates/PolicyGateEvaluator.cs`
+  - Multi-gate evaluation pipeline with 5 sequential gates: Evidence Completeness, Lattice State, VEX Trust, Uncertainty Tier, Confidence Threshold
+  - Gate result types: Pass, PassWithNote, Warn, Block, Skip
+  - Short-circuits on first Block; accumulates warnings
+  - Override support with justification requirements
+  - Gate decision model: `PolicyGateDecision.cs` with overall decision and per-gate details
+- **PolicyGateOptions**: `src/Policy/StellaOps.Policy.Engine/Gates/PolicyGateOptions.cs` -- configurable gate thresholds and behaviors
+- **VexTrustGate**: `src/Policy/StellaOps.Policy.Engine/Gates/VexTrustGate.cs` -- per-environment trust thresholds (prod: 0.80, staging: 0.60, dev: 0.40)
+- **DeterminizationGate**: `src/Policy/StellaOps.Policy.Engine/Gates/Determinization/DeterminizationGate.cs` -- determinism verification gate using DecayedConfidenceCalculator
+- **StabilityDampingGate**: `src/Policy/StellaOps.Policy.Engine/Gates/StabilityDampingGate.cs` -- prevents oscillation in gate decisions
+- **DriftGateEvaluator**: `src/Policy/StellaOps.Policy.Engine/Gates/DriftGateEvaluator.cs` -- evaluates SBOM drift for diff-aware gating
+- **RiskSimulationService**: `src/Policy/StellaOps.Policy.Engine/Simulation/RiskSimulationService.cs` -- signal-based scoring that feeds gate selection
+  - Severity mapping: Critical>=90, High>=70, Medium>=40, Low>=10
+- **WhatIfSimulationService**: `src/Policy/StellaOps.Policy.Engine/WhatIfSimulation/WhatIfSimulationService.cs` -- delta computation for diff-aware gates
+- **Gate endpoints**: `src/Policy/StellaOps.Policy.Engine/Endpoints/` -- REST API for gate evaluation results
+
+## E2E Test Plan
+- [ ] Evaluate artifact with all evidence present and high confidence; verify all gates pass (G0 level)
+- [ ] Evaluate artifact with missing VEX evidence; verify Evidence Completeness gate warns or blocks
+- [ ] Evaluate artifact with VEX trust score below production threshold (0.80); verify VexTrustGate blocks in prod
+- [ ] Evaluate artifact with VEX trust score 0.65 in staging; verify VexTrustGate passes (threshold 0.60)
+- [ ] Evaluate artifact with unknown reachability (U state); verify Lattice State gate applies appropriate action
+- [ ] Evaluate artifact with Uncertainty Tier T1 (high uncertainty); verify Uncertainty gate blocks
+- [ ] Evaluate artifact with confidence below threshold; verify Confidence gate blocks
+- [ ] Override a blocked gate with justification; verify PassWithNote result
+- [ ] Evaluate with DriftGateEvaluator detecting SBOM changes; verify drift-aware gating triggers
+- [ ] Verify StabilityDampingGate prevents rapid oscillation between Pass and Block