more features checks. setup improvements

2026-02-13 02:04:55 +02:00
parent 9911b7d73c
commit 9ca2de05df
675 changed files with 37550 additions and 1826 deletions
--- a/docs/qa/feature-checks/runs/policy/deterministic-evaluation-with-knowledge-snapshots/run-001/tier1-code-review.json
+++ b/docs/qa/feature-checks/runs/policy/deterministic-evaluation-with-knowledge-snapshots/run-001/tier1-code-review.json
@@ -0,0 +1,21 @@
+{
+  "tier": 1,
+  "type": "code_review",
+  "capturedAtUtc": "2026-02-12T12:20:00Z",
+  "feature": "deterministic-evaluation-with-knowledge-snapshots",
+  "claimsVerified": true,
+  "missingClaims": [],
+  "presentClaims": [
+    "Snapshots/KnowledgeSnapshotManifest.cs - manifest with input digests",
+    "Snapshots/SnapshotBuilder.cs - fluent builder",
+    "Snapshots/SnapshotAwarePolicyEvaluator.cs - evaluator pinned to snapshot",
+    "Snapshots/SnapshotIdGenerator.cs - content-addressed ID",
+    "Snapshots/KnowledgeSourceDescriptor.cs - source description",
+    "Snapshots/SnapshotService.cs (library) - lifecycle management",
+    "Engine Snapshots/SnapshotService.cs, SnapshotStore.cs, SnapshotModels.cs",
+    "Replay/ReplayEngine.cs, ReplayRequest.cs, ReplayResult.cs, ReplayReport.cs, VerdictComparer.cs, KnowledgeSourceResolver.cs",
+    "Endpoints: SnapshotEndpoint.cs, SnapshotEndpoints.cs, PolicySnapshotEndpoints.cs"
+  ],
+  "verdict": "done",
+  "notes": "Full knowledge snapshot system verified. Manifest with content-addressed IDs, fluent builder, snapshot-aware evaluator, replay engine with verdict comparison, snapshot persistence, and REST API endpoints."
+}
--- a/docs/qa/feature-checks/runs/policy/deterministic-evaluation-with-knowledge-snapshots/run-002/tier0-source-check.json
+++ b/docs/qa/feature-checks/runs/policy/deterministic-evaluation-with-knowledge-snapshots/run-002/tier0-source-check.json
@@ -0,0 +1,33 @@
+{
+  "type": "source",
+  "capturedAtUtc": "2026-02-12T23:55:00Z",
+  "sourceFiles": [
+    "src/Policy/__Libraries/StellaOps.Policy/Snapshots/KnowledgeSnapshotManifest.cs",
+    "src/Policy/__Libraries/StellaOps.Policy/Snapshots/SnapshotBuilder.cs",
+    "src/Policy/__Libraries/StellaOps.Policy/Snapshots/SnapshotAwarePolicyEvaluator.cs",
+    "src/Policy/__Libraries/StellaOps.Policy/Snapshots/SnapshotIdGenerator.cs",
+    "src/Policy/__Libraries/StellaOps.Policy/Snapshots/KnowledgeSourceDescriptor.cs",
+    "src/Policy/__Libraries/StellaOps.Policy/Snapshots/SnapshotService.cs",
+    "src/Policy/StellaOps.Policy.Engine/Snapshots/SnapshotService.cs",
+    "src/Policy/StellaOps.Policy.Engine/Snapshots/SnapshotStore.cs",
+    "src/Policy/StellaOps.Policy.Engine/Snapshots/SnapshotModels.cs",
+    "src/Policy/__Libraries/StellaOps.Policy/Replay/ReplayEngine.cs",
+    "src/Policy/__Libraries/StellaOps.Policy/Replay/ReplayRequest.cs",
+    "src/Policy/__Libraries/StellaOps.Policy/Replay/ReplayResult.cs",
+    "src/Policy/__Libraries/StellaOps.Policy/Replay/VerdictComparer.cs",
+    "src/Policy/__Libraries/StellaOps.Policy/Replay/ReplayReport.cs",
+    "src/Policy/__Libraries/StellaOps.Policy/Replay/KnowledgeSourceResolver.cs"
+  ],
+  "testFiles": [
+    "src/Policy/__Tests/StellaOps.Policy.Tests/Snapshots/SnapshotBuilderTests.cs",
+    "src/Policy/__Tests/StellaOps.Policy.Tests/Snapshots/SnapshotIdGeneratorTests.cs",
+    "src/Policy/__Tests/StellaOps.Policy.Tests/Snapshots/SnapshotServiceTests.cs",
+    "src/Policy/__Tests/StellaOps.Policy.Tests/Replay/ReplayEngineTests.cs",
+    "src/Policy/__Tests/StellaOps.Policy.Tests/Replay/ReplayReportTests.cs",
+    "src/Policy/__Tests/StellaOps.Policy.Tests/Replay/VerdictComparerTests.cs",
+    "src/Policy/__Tests/StellaOps.Policy.Engine.Tests/Snapshots/VerdictEwsSnapshotTests.cs",
+    "src/Policy/__Tests/StellaOps.Policy.Engine.Tests/Snapshots/VerdictArtifactSnapshotTests.cs",
+    "src/Policy/__Tests/StellaOps.Policy.Engine.Tests/Snapshots/PolicyEvaluationTraceSnapshotTests.cs"
+  ],
+  "verdict": "pass"
+}
--- a/docs/qa/feature-checks/runs/policy/deterministic-evaluation-with-knowledge-snapshots/run-002/tier1-code-review.json
+++ b/docs/qa/feature-checks/runs/policy/deterministic-evaluation-with-knowledge-snapshots/run-002/tier1-code-review.json
@@ -0,0 +1,31 @@
+{
+  "type": "code_review",
+  "capturedAtUtc": "2026-02-12T23:55:00Z",
+  "reviewedComponents": [
+    "KnowledgeSnapshotManifest: pins SBOM digest, advisory feed digest, policy bundle digest, VEX digests, reachability graph digest",
+    "SnapshotBuilder: fluent builder with WithEngine, WithPolicy, WithScoring, WithAdvisoryFeed, WithPlugin, WithTrust, CaptureCurrentEnvironment",
+    "SnapshotIdGenerator: content-addressed ksm:sha256:{64 hex} IDs with ValidateId tamper detection",
+    "SnapshotAwarePolicyEvaluator: evaluates against frozen snapshot state (no live data fetching)",
+    "SnapshotService: snapshot lifecycle management (create, retrieve, list)",
+    "ReplayEngine: replays evaluation from snapshot with deterministic results",
+    "VerdictComparer: compares original and replayed verdicts for drift detection",
+    "KnowledgeSourceResolver: resolves snapshot references to evaluation inputs",
+    "KnowledgeSourceDescriptor: describes knowledge source (type, URI, digest, timestamp)"
+  ],
+  "behaviorVerified": [
+    "SnapshotBuilder validates required fields: Engine, Policy, Scoring, and at least one Source",
+    "Sources are ordered alphabetically by Name for deterministic snapshot IDs",
+    "SnapshotIdGenerator produces deterministic ksm:sha256: prefix IDs (75 chars total)",
+    "Same content produces identical snapshot IDs across multiple calls",
+    "Different content produces different snapshot IDs",
+    "Tampered manifests fail ValidateId check",
+    "Modified SnapshotId field fails ValidateId",
+    "Signature field excluded from ID computation (allows signing after ID generation)",
+    "ReplayEngine produces deterministic results: same snapshot + same artifact = same verdict (10x tested)",
+    "Replay with non-existent snapshot returns ReplayFailed status",
+    "Replay without original verdict returns NoComparison status",
+    "Different artifacts with same snapshot produce different results"
+  ],
+  "issues": [],
+  "verdict": "pass"
+}
--- a/docs/qa/feature-checks/runs/policy/deterministic-evaluation-with-knowledge-snapshots/run-002/tier2-integration-check.json
+++ b/docs/qa/feature-checks/runs/policy/deterministic-evaluation-with-knowledge-snapshots/run-002/tier2-integration-check.json
@@ -0,0 +1,46 @@
+{
+  "type": "integration",
+  "capturedAtUtc": "2026-02-12T23:55:00Z",
+  "testCommand": "dotnet test \"src\\Policy\\__Tests\\StellaOps.Policy.Tests\\StellaOps.Policy.Tests.csproj\" --no-restore -v normal",
+  "testFilter": "all tests in Policy.Tests",
+  "testsRun": 781,
+  "testsPassed": 781,
+  "testsFailed": 0,
+  "targetedTestMethods": [
+    "SnapshotBuilderTests.Build_ValidInputs_CreatesManifest",
+    "SnapshotBuilderTests.Build_MissingEngine_Throws",
+    "SnapshotBuilderTests.Build_MissingPolicy_Throws",
+    "SnapshotBuilderTests.Build_MissingScoring_Throws",
+    "SnapshotBuilderTests.Build_NoSources_Throws",
+    "SnapshotBuilderTests.Build_MultipleSources_OrderedByName",
+    "SnapshotBuilderTests.Build_WithPlugins_IncludesPlugins",
+    "SnapshotBuilderTests.Build_WithTrust_IncludesTrust",
+    "SnapshotBuilderTests.Build_CaptureCurrentEnvironment_SetsEnvironment",
+    "SnapshotIdGeneratorTests.GenerateId_DeterministicForSameContent",
+    "SnapshotIdGeneratorTests.GenerateId_DifferentForDifferentContent",
+    "SnapshotIdGeneratorTests.GenerateId_StartsWithCorrectPrefix",
+    "SnapshotIdGeneratorTests.GenerateId_HasCorrectLength",
+    "SnapshotIdGeneratorTests.ValidateId_ValidManifest_ReturnsTrue",
+    "SnapshotIdGeneratorTests.ValidateId_TamperedManifest_ReturnsFalse",
+    "SnapshotIdGeneratorTests.ValidateId_ModifiedSnapshotId_ReturnsFalse",
+    "SnapshotIdGeneratorTests.GenerateId_ExcludesSignature",
+    "ReplayEngineTests.Replay_ValidSnapshot_ReturnsResult",
+    "ReplayEngineTests.Replay_NonExistentSnapshot_ReturnsReplayFailed",
+    "ReplayEngineTests.Replay_SameInputs_ProducesDeterministicResult",
+    "ReplayEngineTests.Replay_DifferentArtifacts_ProducesDifferentResults",
+    "ReplayEngineTests.Replay_RecordsDuration"
+  ],
+  "assertionTypes": [
+    "FluentAssertions Should().StartWith('ksm:sha256:') on snapshot ID format",
+    "FluentAssertions Should().HaveCount() on Sources and Plugins",
+    "FluentAssertions Should().Throw<InvalidOperationException> on missing required fields",
+    "FluentAssertions Should().Be() on deterministic ID generation",
+    "FluentAssertions Should().NotBe() on different content IDs",
+    "FluentAssertions Should().BeTrue()/BeFalse() on ValidateId tamper detection",
+    "FluentAssertions AllSatisfy on replay determinism (10 iterations)"
+  ],
+  "newTestsWritten": [],
+  "bugsFixed": [],
+  "rawOutput": "Passed! - Failed: 0, Passed: 781, Skipped: 0, Total: 781, Duration: 4s 565ms - StellaOps.Policy.Tests.dll (net10.0|x64)",
+  "verdict": "pass"
+}