more features checks. setup improvements

2026-02-13 02:04:55 +02:00
parent 9911b7d73c
commit 9ca2de05df
675 changed files with 37550 additions and 1826 deletions
--- a/docs/qa/feature-checks/runs/policy/exception-system/run-001/tier1-code-review.json
+++ b/docs/qa/feature-checks/runs/policy/exception-system/run-001/tier1-code-review.json
@@ -0,0 +1,20 @@
+{
+  "tier": 1,
+  "type": "code_review",
+  "capturedAtUtc": "2026-02-12T12:40:00Z",
+  "feature": "exception-system",
+  "claimsVerified": true,
+  "missingClaims": [],
+  "presentClaims": [
+    "Exceptions/Models/ExceptionObject.cs - sealed record with full lifecycle model",
+    "Exceptions/Models/ExceptionApplication.cs, ExceptionEvent.cs, EvidenceHook.cs, RecheckPolicy.cs",
+    "Exceptions/Services/ExceptionEvaluator.cs - sealed class with EvaluateAsync/EvaluateBatchAsync, specificity scoring, PURL wildcard matching",
+    "Exceptions/Services/EvidenceRequirementValidator.cs, RecheckEvaluationService.cs",
+    "Exceptions/Repositories/IExceptionRepository.cs, PostgresExceptionRepository.cs",
+    "Exceptions/Repositories/IExceptionApplicationRepository.cs, PostgresExceptionApplicationRepository.cs",
+    "Adapters/ExceptionEffectRegistry.cs - 40 type+reason -> effect mappings",
+    "BuildGate/ExceptionRecheckGate.cs - CI/CD integration"
+  ],
+  "verdict": "done",
+  "notes": "Comprehensive exception system verified. Full CRUD with ExceptionObject (EXC-{ulid} format, versioned, status state machine). ExceptionEvaluator with batch support, specificity scoring (100/50/40/30/20/10), PURL wildcard matching. Evidence requirement validation, recheck policies, effect registry, build gate integration, and Postgres persistence."
+}
--- a/docs/qa/feature-checks/runs/policy/exception-system/run-002/tier2-integration-check.json
+++ b/docs/qa/feature-checks/runs/policy/exception-system/run-002/tier2-integration-check.json
@@ -0,0 +1,66 @@
+{
+  "type": "integration",
+  "capturedAtUtc": "2026-02-13T03:54:00Z",
+  "testCommand": "dotnet test src/Policy/__Tests/StellaOps.Policy.Exceptions.Tests/StellaOps.Policy.Exceptions.Tests.csproj --no-restore -v normal; dotnet test src/Policy/__Tests/StellaOps.Policy.Tests/StellaOps.Policy.Tests.csproj --no-restore -v normal; dotnet test src/Policy/__Tests/StellaOps.Policy.Engine.Tests/StellaOps.Policy.Engine.Tests.csproj --no-restore -v normal",
+  "testFilter": "ExceptionObjectTests, ExceptionEvaluatorTests, ExceptionEffectRegistryTests, ExceptionAdapterTests, ExceptionLifecycleServiceTests, EvidenceRequirementValidatorTests, ExceptionEventTests, ExceptionHistoryTests",
+  "testsRun": 2142,
+  "testsPassed": 2142,
+  "testsFailed": 0,
+  "targetedTestMethods": [
+    "ExceptionObjectTests.ExceptionObject_WithValidScope_ShouldBeValid",
+    "ExceptionObjectTests.ExceptionScope_WithNoConstraints_ShouldBeInvalid",
+    "ExceptionObjectTests.ExceptionScope_WithArtifactDigest_ShouldBeValid",
+    "ExceptionObjectTests.ExceptionScope_WithPurlPattern_ShouldBeValid",
+    "ExceptionObjectTests.ExceptionScope_WithPolicyRuleId_ShouldBeValid",
+    "ExceptionObjectTests.ExceptionObject_IsEffectiveAt_WhenActiveAndNotExpired_ShouldBeTrue",
+    "ExceptionObjectTests.ExceptionObject_IsEffectiveAt_WhenActiveButExpired_ShouldBeFalse",
+    "ExceptionObjectTests.ExceptionObject_IsEffectiveAt_WhenProposed_ShouldBeFalse",
+    "ExceptionObjectTests.ExceptionObject_IsEffectiveAt_WhenRevoked_ShouldBeFalse",
+    "ExceptionObjectTests.ExceptionStatus_AllValues_ShouldBeRecognized",
+    "ExceptionObjectTests.ExceptionType_AllValues_ShouldBeRecognized",
+    "ExceptionObjectTests.ExceptionReason_AllValues_ShouldBeRecognized",
+    "ExceptionObjectTests.ExceptionObject_WithEvidenceRefs_ShouldStoreAll",
+    "ExceptionObjectTests.ExceptionObject_WithMetadata_ShouldStoreKeyValuePairs",
+    "ExceptionEvaluatorTests.EvaluateAsync_WhenNoExceptionsFound_ShouldReturnNoMatch",
+    "ExceptionEvaluatorTests.EvaluateAsync_WhenExceptionMatchesVulnerability_ShouldReturnMatch",
+    "ExceptionEvaluatorTests.EvaluateAsync_WhenExceptionMatchesArtifactDigest_ShouldReturnMatch",
+    "ExceptionEvaluatorTests.EvaluateAsync_WhenEnvironmentDoesNotMatch_ShouldNotMatch",
+    "ExceptionEvaluatorTests.EvaluateAsync_WhenEnvironmentMatches_ShouldReturnMatch",
+    "ExceptionEvaluatorTests.EvaluateAsync_WhenExceptionHasEmptyEnvironments_ShouldMatchAny",
+    "ExceptionEvaluatorTests.EvaluateAsync_WithMultipleMatchingExceptions_ShouldReturnMostSpecificFirst",
+    "ExceptionEvaluatorTests.EvaluateAsync_ShouldCollectAllEvidenceRefs",
+    "ExceptionEvaluatorTests.EvaluateBatchAsync_ShouldEvaluateAllContexts",
+    "ExceptionEvaluatorTests.EvaluateAsync_WhenPurlPatternMatchesExactly_ShouldReturnMatch"
+  ],
+  "behaviorVerified": [
+    "ExceptionObject model: Id (EXC-{ulid}), Version, Status, Type, Scope, Owner, Requester, Approvers, timestamps, ExpiresAt, ReasonCode, Rationale, EvidenceRefs, Metadata",
+    "ExceptionStatus state machine: Proposed -> Approved -> Active -> Expired/Revoked",
+    "ExceptionType enum: Vulnerability, Policy, Unknown, Component",
+    "ExceptionReason enum: 10 values (FalsePositive, AcceptedRisk, CompensatingControl, TestOnly, VendorNotAffected, ScheduledFix, DeprecationInProgress, RuntimeMitigation, NetworkIsolation, Other)",
+    "ExceptionScope: ArtifactDigest, PurlPattern, VulnerabilityId, PolicyRuleId, Environments, TenantId; IsValid requires at least one constraint",
+    "IsEffectiveAt: returns true only when Active AND not expired",
+    "HasExpiredAt: returns true when referenceTime >= ExpiresAt",
+    "ExceptionEvaluator: queries active exceptions, filters by context match (artifact, vuln, PURL, policy rule, environment, tenant)",
+    "Specificity-based ordering: ArtifactDigest(100) > PURL exact(50) > VulnerabilityId(40) > PolicyRuleId(30) > PURL pattern(20) > Environments(10)",
+    "PURL wildcard matching: 'pkg:npm/lodash@*' matches 'pkg:npm/lodash@4.17.21'",
+    "Environment scoping: exception scoped to ['staging','dev'] does not match 'prod'",
+    "Empty environment scope matches any environment",
+    "EvaluateBatchAsync processes multiple findings and returns results for each",
+    "AllEvidenceRefs collected from all matching exceptions",
+    "ExceptionEffectRegistry maps 40 type+reason combinations to effects"
+  ],
+  "assertionTypes": [
+    "scope-validation",
+    "lifecycle-state",
+    "context-matching",
+    "specificity-ordering",
+    "purl-pattern-matching",
+    "environment-scoping",
+    "batch-evaluation",
+    "evidence-collection"
+  ],
+  "newTestsWritten": [],
+  "bugsFixed": [],
+  "rawOutput": "Exceptions.Tests: 83/83 passed; Policy.Tests: 781/781 passed; Engine.Tests: 1278/1278 passed",
+  "verdict": "pass"
+}