more features checks. setup improvements

2026-02-13 02:04:55 +02:00
parent 9911b7d73c
commit 9ca2de05df
675 changed files with 37550 additions and 1826 deletions
--- a/docs/features/checked/policy/policy-bundles-with-proof-objects.md
+++ b/docs/features/checked/policy/policy-bundles-with-proof-objects.md
@@ -0,0 +1,44 @@
+# Policy Bundles with Proof Objects
+
+## Module
+Policy
+
+## Status
+IMPLEMENTED
+
+## Description
+Policy bundles with proof objects, security atoms, claims, and subjects forming the trust lattice algebra substrate.
+
+## Implementation Details
+- **TrustLatticeEngine**: `src/Policy/__Libraries/StellaOps.Policy/TrustLattice/TrustLatticeEngine.cs`
+  - Pipeline: VEX normalization -> claim ingestion -> K4 evaluation -> disposition selection -> proof bundle generation
+  - `Evaluate()` returns TrustLatticeResult with proof bundle containing all claims, evidence, and K4 lattice evaluations
+  - Proof bundle includes: claims with scores, VEX sources, reachability signals, K4 lattice values per subject
+  - Claims built via fluent ClaimBuilder: Assert, Present, Applies, Reachable, Mitigated, Fixed, Misattributed
+- **K4Lattice**: `src/Policy/__Libraries/StellaOps.Policy/TrustLattice/K4Lattice.cs`
+  - Four-valued logic (Unknown=0, True=1, False=2, Conflict=3)
+  - Algebraic operations: Join (T join F = Conflict), Meet (T meet F = Unknown), Negate, LessOrEqual
+  - `FromSupport()` converts evidence support to K4 value
+- **ClaimScoreMerger**: `src/Policy/__Libraries/StellaOps.Policy/TrustLattice/ClaimScoreMerger.cs`
+  - Deterministic merge with conflict penalization (0.25 penalty)
+  - Ordering: adjusted score -> specificity -> original score -> source ID -> index
+  - Returns MergeResult with winning claim, conflicts, RequiresReplayProof flag
+- **KnowledgeSnapshotManifest**: `src/Policy/__Libraries/StellaOps.Policy/Snapshots/KnowledgeSnapshotManifest.cs`
+  - Content-addressed bundle capturing all policy evaluation inputs
+  - PolicyBundleRef (PolicyId, Digest, Uri) for bundle identification
+  - ScoringRulesRef, TrustBundleRef for scoring and trust configuration
+- **PolicyGateEvaluator**: `src/Policy/StellaOps.Policy.Engine/Gates/PolicyGateEvaluator.cs`
+  - Uses trust lattice results in Lattice State gate
+  - Uses proof bundles for evidence completeness verification
+- **VerdictAttestationService**: `src/Policy/StellaOps.Policy.Engine/Attestation/VerdictAttestationService.cs` -- DSSE-signed attestations referencing proof bundles
+
+## E2E Test Plan
+- [ ] Evaluate trust lattice with 3 VEX claims; verify proof bundle contains all 3 claims with scores
+- [ ] Evaluate trust lattice with conflicting claims; verify proof bundle includes conflict markers and K4 Conflict value
+- [ ] Build policy bundle with PolicyBundleRef; verify Digest is content-addressed
+- [ ] Verify proof bundle includes K4 lattice values for each subject (CVE + component)
+- [ ] Verify ClaimScoreMerger produces deterministic merge result for identical inputs
+- [ ] Verify claim with higher specificity wins over claim with higher raw score when conflict exists
+- [ ] Evaluate with RequiresReplayProof=true; verify proof bundle is flagged for replay verification
+- [ ] Reference proof bundle from VerdictAttestationService; verify attestation includes bundle digest
+- [ ] Evaluate PolicyGateEvaluator Evidence gate; verify it checks proof bundle completeness