finish off sprint advisories and sprints

2026-01-24 00:12:43 +02:00
parent 726d70dc7f
commit c70e83719e
266 changed files with 46699 additions and 1328 deletions
--- a/etc/weights/v2026-01-22.weights.json
+++ b/etc/weights/v2026-01-22.weights.json
@@ -1,50 +1,101 @@
 {
+  "$schema": "https://stella-ops.org/schemas/weight-manifest/v1.0.0",
+  "schemaVersion": "1.0.0",
  "version": "v2026-01-22",
-  "effective_from": "2026-01-22T00:00:00Z",
+  "effectiveFrom": "2026-01-22T00:00:00Z",
+  "profile": "production",
  "description": "EWS default weights - extracted from EvidenceWeights.Default",
+  "contentHash": "sha256:auto",
+
  "weights": {
-    "rch": 0.30,
-    "rts": 0.25,
-    "bkp": 0.15,
-    "xpl": 0.15,
-    "src": 0.10,
-    "mit": 0.10
+    "legacy": {
+      "rch": 0.30,
+      "rts": 0.25,
+      "bkp": 0.15,
+      "xpl": 0.15,
+      "src": 0.10,
+      "mit": 0.10
+    },
+    "advisory": {
+      "cvss": 0.25,
+      "epss": 0.30,
+      "reachability": 0.20,
+      "exploitMaturity": 0.10,
+      "patchProof": 0.15
+    }
  },
-  "dimension_names": {
+
+  "dimensionNames": {
    "rch": "Reachability",
    "rts": "Runtime Signal",
    "bkp": "Backport Evidence",
    "xpl": "Exploit Likelihood",
    "src": "Source Trust",
-    "mit": "Mitigation Effectiveness"
+    "mit": "Mitigation Effectiveness",
+    "cvss": "CVSS Base Score",
+    "epss": "EPSS Probability",
+    "reachability": "Reachability Analysis",
+    "exploitMaturity": "Exploit Maturity",
+    "patchProof": "Patch Proof Confidence"
  },
-  "subtractive_dimensions": ["mit"],
+
+  "subtractiveDimensions": ["mit", "patchProof"],
+
  "guardrails": {
-    "speculative_cap": 45,
-    "not_affected_cap": 15,
-    "runtime_floor": 60
+    "notAffectedCap": {
+      "enabled": true,
+      "maxScore": 15,
+      "requiresBkpMin": 1.0,
+      "requiresRtsMax": 0.6
+    },
+    "runtimeFloor": {
+      "enabled": true,
+      "minScore": 60,
+      "requiresRtsMin": 0.8
+    },
+    "speculativeCap": {
+      "enabled": true,
+      "maxScore": 45,
+      "requiresRchMax": 0.0,
+      "requiresRtsMax": 0.0
+    }
  },
+
  "buckets": {
-    "act_now_min": 90,
-    "schedule_next_min": 70,
-    "investigate_min": 40
+    "actNowMin": 90,
+    "scheduleNextMin": 70,
+    "investigateMin": 40
  },
-  "determinization_thresholds": {
-    "manual_review_entropy": 0.60,
-    "refresh_entropy": 0.40
+
+  "determinizationThresholds": {
+    "manualReviewEntropy": 0.60,
+    "refreshEntropy": 0.40
  },
-  "signal_weights_for_entropy": {
+
+  "signalWeightsForEntropy": {
    "vex": 0.25,
    "reachability": 0.25,
    "epss": 0.15,
    "runtime": 0.15,
    "backport": 0.10,
-    "sbom_lineage": 0.10
+    "sbomLineage": 0.10
  },
-  "notes": [
-    "RCH and RTS carry highest weights as they provide strongest risk signal",
-    "MIT is the only subtractive dimension (mitigations reduce risk)",
-    "Guardrails are applied after weighted sum calculation",
-    "Entropy thresholds align with Determinization config"
-  ]
+
+  "metadata": {
+    "createdBy": "Sprint 037 TSF-001",
+    "createdAt": "2026-01-22T00:00:00Z",
+    "changelog": [
+      {
+        "version": "v2026-01-22",
+        "date": "2026-01-22",
+        "changes": ["Initial extraction from EvidenceWeights.Default"]
+      }
+    ],
+    "notes": [
+      "RCH and RTS carry highest weights as they provide strongest risk signal",
+      "MIT and patchProof are subtractive dimensions (reduce risk)",
+      "Guardrails are applied after weighted sum calculation",
+      "Entropy thresholds align with Determinization config"
+    ]
+  }
 }