stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

more features checks. setup improvements

Browse Source
This commit is contained in:
master
2026-02-13 02:04:55 +02:00
parent 9911b7d73c
commit 9ca2de05df
675 changed files with 37550 additions and 1826 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
docs/features/checked/policy/path-scope-simulation-bridge.md Normal file
View File

@@ -0,0 +1,36 @@
# Path-Scope Simulation Bridge
## Module
Policy
## Status
IMPLEMENTED
## Description
Scoped simulation that evaluates policy changes against specific artifact paths rather than the entire estate.
## Implementation Details
- **PathScopeSimulationEndpoint**: `src/Policy/StellaOps.Policy.Engine/Endpoints/PathScopeSimulationEndpoint.cs` -- REST endpoint for path-scoped simulation
- **WhatIfSimulationService**: `src/Policy/StellaOps.Policy.Engine/WhatIfSimulation/WhatIfSimulationService.cs`
- `SimulateAsync()` computes baseline vs simulated decisions for targeted artifacts
- SBOM diff operations (add/remove/upgrade/downgrade) scoped to specific artifact paths
- Decision changes: status_changed, severity_changed, new, removed
- Impact summary: risk delta (increased/decreased/unchanged), blocked/warning deltas, recommendations
- **RiskSimulationService**: `src/Policy/StellaOps.Policy.Engine/Simulation/RiskSimulationService.cs`
- `SimulateWithBreakdown()` -- full simulation with severity distribution and top movers
- `CompareProfilesWithBreakdown()` -- profile comparison with delta analysis
- Signal-based scoring for targeted paths
- **ConsoleSimulationDiffService**: `src/Policy/StellaOps.Policy.Engine/Console/ConsoleSimulationDiffService.cs`
- Schema version: console-policy-23-001
- Deterministic before/after severity breakdowns for scoped paths
- **OverlaySimulationEndpoint**: `src/Policy/StellaOps.Policy.Engine/Endpoints/OverlaySimulationEndpoint.cs` -- overlay simulation for policy rule changes
## E2E Test Plan
- [ ] POST path-scope simulation for specific artifact digest; verify simulation results scoped to that artifact only
- [ ] Simulate adding a component to a specific path; verify delta shows new findings for that path
- [ ] Simulate removing a component from a specific path; verify delta shows removed findings
- [ ] Simulate upgrade on path A; verify path B findings are unchanged in delta
- [ ] Verify simulation response includes before/after severity breakdowns for the scoped path
- [ ] Verify simulation response includes risk delta (increased/decreased/unchanged)
- [ ] Verify simulation response includes top movers within the scoped path
- [ ] Verify console simulation diff produces deterministic output for same inputs