stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

save checkpoint

Browse Source
This commit is contained in:
master
2026-02-11 01:32:14 +02:00
parent 5593212b41
commit cf5b72974f
2316 changed files with 68799 additions and 3808 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/modules/policy/README.md
View File

@@ -7,6 +7,7 @@ Policy Engine compiles and evaluates Stella DSL policies deterministically, prod
- Join advisories, VEX evidence, and SBOM inventories to derive effective findings.
- Expose simulation and diff APIs for UI/CLI workflows.
- Emit change-stream driven events for Notify/Scheduler integrations.
- Own promotion gate PASS/FAIL decision outputs consumed by Release Orchestrator.
## Key components
- `StellaOps.Policy.Engine` service host.
@@ -21,6 +22,7 @@ Policy Engine compiles and evaluates Stella DSL policies deterministically, prod
- DSL grammar and lifecycle docs in ../../policy/.
- Observability guidance in ../../observability/policy.md.
- Governance and scope mapping in ../../security/policy-governance.md.
- Promotion gate ownership contract: ./promotion-gate-ownership-contract.md.
- Readiness briefs: ../policy/secret-leak-detection-readiness.md, ../policy/windows-package-readiness.md.
- Readiness briefs: ../scanner/design/macos-analyzer.md, ../scanner/design/windows-analyzer.md, ../policy/secret-leak-detection-readiness.md, ../policy/windows-package-readiness.md.
- Ruby capability predicates design: ./design/ruby-capability-predicates.md.

66
docs/modules/policy/promotion-gate-ownership-contract.md Normal file
View File

@@ -0,0 +1,66 @@
# Promotion Gate Ownership Contract
## Purpose
This contract freezes ownership for promotion gate decisions and defines the
Policy-to-Orchestrator interface.
## Ownership Rules
- Policy Engine owns PASS/FAIL gate evaluation semantics.
- Concelier owns advisory ingestion and linkset publication only.
- Release Orchestrator executes promotion state transitions using Policy outputs.
- Authority enforces identity/scope boundaries for all callers.
## Explicit Non-Goals for Concelier
- No PASS/FAIL decisioning for promotion gates.
- No direct production of promotion allow/deny verdicts.
- No mutation of Policy-derived effective findings.
## Policy Evaluation Interface
```json
{
"request": {
"tenantId": "string",
"promotionId": "guid",
"targetEnvironment": "string",
"artifactDigest": "sha256:...",
"evidenceRef": "guid",
"policyBundleDigest": "sha256:..."
},
"response": {
"decision": "allow|deny|pending",
"reasonCodes": ["string"],
"policyDigest": "sha256:...",
"determinismHash": "sha256:...",
"evaluatedAtUtc": "2026-02-10T00:00:00Z"
}
}
```
## Determinism and Fail-Closed Rules
- Identical request payloads must produce identical decision outputs.
- Missing or invalid policy inputs MUST return explicit deny or pending according
to policy profile; no implicit allow.
- Reason codes must be stable and sortable for replay/audit.
## Required Test Coverage
Promotion/Orchestrator side:
- `src/ReleaseOrchestrator/__Tests/StellaOps.ReleaseOrchestrator.Promotion.Tests/Gate/PolicyGateTests.cs`
- `src/ReleaseOrchestrator/__Tests/StellaOps.ReleaseOrchestrator.Promotion.Tests/Decision/DecisionEngineTests.cs`
- `src/ReleaseOrchestrator/__Tests/StellaOps.ReleaseOrchestrator.Promotion.Tests/Gate/GateEvaluatorTests.cs`
Policy side:
- `src/Policy/__Tests/StellaOps.Policy.Engine.Tests/Gates/PolicyGateEvaluatorTests.cs`
- `src/Policy/__Tests/StellaOps.Policy.Engine.Tests/Determinism/PolicyEngineDeterminismTests.cs`
- `src/Policy/__Tests/StellaOps.Policy.Engine.Tests/Gates/Determinization/DeterminizationGateTests.cs`
## Integration References
- Evidence contract: `docs/modules/evidence-locker/promotion-evidence-contract.md`
- Promotion APIs: `docs/modules/release-orchestrator/api/promotions.md`
- Runtime closure plan: `docs/modules/release-orchestrator/promotion-runtime-gap-closure-plan.md`