more features checks. setup improvements

2026-02-13 02:04:55 +02:00
parent 9911b7d73c
commit 9ca2de05df
675 changed files with 37550 additions and 1826 deletions
--- a/docs/qa/feature-checks/runs/policy/policy-engine-with-proofs/run-002/tier2-integration-check.json
+++ b/docs/qa/feature-checks/runs/policy/policy-engine-with-proofs/run-002/tier2-integration-check.json
@@ -0,0 +1,69 @@
+{
+  "type": "integration",
+  "capturedAtUtc": "2026-02-13T05:00:00Z",
+  "testCommand": "dotnet test src/Policy/__Tests/StellaOps.Policy.Engine.Tests/StellaOps.Policy.Engine.Tests.csproj --no-restore -v normal",
+  "testFilter": "PolicyGateEvaluatorTests, VexTrustGateTests, CveAwareReleasePolicyGatesDeepTests, CicdGateIntegrationTests, SimulationAnalyticsServiceTests, RiskSimulationBreakdownServiceTests, ConsoleSimulationDiffServiceTests",
+  "testsRun": 1278,
+  "testsPassed": 1278,
+  "testsFailed": 0,
+  "targetedTestMethods": [
+    "PolicyGateEvaluatorTests.NotAffected_WithCU_AllowsDecision",
+    "PolicyGateEvaluatorTests.NotAffected_WithSU_AllowsWithWarning_WhenJustificationProvided",
+    "PolicyGateEvaluatorTests.NotAffected_WithSU_Blocks_WhenNoJustification",
+    "PolicyGateEvaluatorTests.NotAffected_WithSR_Blocks",
+    "PolicyGateEvaluatorTests.NotAffected_WithCR_Blocks",
+    "PolicyGateEvaluatorTests.NotAffected_WithContested_Blocks",
+    "PolicyGateEvaluatorTests.Affected_WithCR_Allows",
+    "PolicyGateEvaluatorTests.Affected_WithCU_WarnsOfFalsePositive",
+    "PolicyGateEvaluatorTests.UnderInvestigation_AllowsAnyLatticeState",
+    "PolicyGateEvaluatorTests.NotAffected_WithT1_Blocks",
+    "PolicyGateEvaluatorTests.NotAffected_WithT2_Warns",
+    "PolicyGateEvaluatorTests.NotAffected_WithT4_Allows",
+    "PolicyGateEvaluatorTests.NotAffected_WithoutGraphHash_Blocks",
+    "PolicyGateEvaluatorTests.NotAffected_WithoutPathLength_Blocks",
+    "PolicyGateEvaluatorTests.Override_WithJustification_BypassesBlock",
+    "PolicyGateEvaluatorTests.Override_WithoutJustification_DoesNotBypass",
+    "PolicyGateEvaluatorTests.Override_WithShortJustification_DoesNotBypass",
+    "PolicyGateEvaluatorTests.DisabledGates_AllowsEverything",
+    "PolicyGateEvaluatorTests.Decision_ContainsGateId",
+    "PolicyGateEvaluatorTests.Decision_ContainsSubject",
+    "PolicyGateEvaluatorTests.Decision_ContainsEvidence",
+    "PolicyGateEvaluatorTests.Decision_ContainsGateResults"
+  ],
+  "behaviorVerified": [
+    "PolicyGateEvaluator: 5 sequential gates (Evidence Completeness, Lattice State, VEX Trust, Uncertainty Tier, Confidence Threshold)",
+    "Gate results: Pass, PassWithNote, Warn, Block, Skip",
+    "Lattice states: U, SR, SU, RO, RU, CR, CU, X all handled per VEX status",
+    "not_affected + SR/CR/X -> Block (safe-reachable, conflicting-reachable, exploitable)",
+    "not_affected + CU -> Allow, not_affected + SU without justification -> Block",
+    "affected + CR -> Allow, affected + CU -> Warn (false positive)",
+    "under_investigation -> Allow for any lattice state",
+    "Uncertainty tiers: T1 -> Block, T2 -> Warn, T3 -> PassWithNote/Warn, T4 -> Allow",
+    "Evidence Completeness: missing graphHash or pathLength -> Block for not_affected",
+    "Override with justification (>=20 chars): bypasses Block to Warn with 'Override accepted'",
+    "Override without justification or short justification (<20 chars): does NOT bypass",
+    "Disabled gates: all decisions Allow with 'disabled' advisory",
+    "Decision document: GateId (gate:vex:{status}:...), Subject (VulnId, Purl), Evidence (LatticeState, UncertaintyTier), Gates list",
+    "VexTrustGate: per-environment thresholds, issuer verification, freshness checks, MissingTrustBehavior",
+    "DriftGateEvaluator: KEV reachable, CVSS threshold, EPSS threshold, affected reachable gates",
+    "StabilityDampingGate: oscillation prevention between Pass and Block",
+    "WhatIfSimulationService: delta verdict computation with SBOM diffs",
+    "ExceptionRecheckGate: CI/CD recheck gate with build gate signals",
+    "VerdictAttestationService: DSSE-signed verdict proofs",
+    "KnowledgeSnapshotManifest: content-addressed ksm:sha256:{hash} evaluation manifests"
+  ],
+  "assertionTypes": [
+    "gate-decision",
+    "lattice-state-mapping",
+    "uncertainty-tier-mapping",
+    "evidence-completeness",
+    "override-mechanism",
+    "justification-length",
+    "decision-document-structure",
+    "gate-disabled-bypass"
+  ],
+  "newTestsWritten": [],
+  "bugsFixed": [],
+  "rawOutput": "Engine.Tests: Passed! - Failed: 0, Passed: 1278, Skipped: 0, Total: 1278, Duration: 6s 106ms",
+  "verdict": "pass"
+}