save checkpoint
This commit is contained in:
master
@@ -0,0 +1,5 @@
|
||||
{
|
||||
"approved": true,
|
||||
"reason": "Confirmed by live API replay and deterministic simulation payloads.",
|
||||
"revisedRootCause": "Provider registration and inline signal fallback were both required for end-user API reachability."
|
||||
}
|
||||
@@ -0,0 +1,18 @@
|
||||
{
|
||||
"filesModified": [
|
||||
"src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.WebService/Program.cs",
|
||||
"src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Core/Providers/CvssKevProvider.cs",
|
||||
"src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Core/Providers/EpssProvider.cs",
|
||||
"src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests/RiskEngineApiTests.cs",
|
||||
"src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests/UnitTest1.cs"
|
||||
],
|
||||
"testsAdded": [
|
||||
"Simulations_CvssKev_UsesInlineSignals",
|
||||
"Simulations_Epss_UsesInlineSignals",
|
||||
"Simulations_CvssKevEpss_UsesInlineSignals",
|
||||
"CvssKevProvider_UsesInlineSignalsWhenProvided",
|
||||
"EpssProvider_UsesInlineSignalsWhenProvided",
|
||||
"CvssKevEpssProvider_UsesInlineSignalsWhenProvided"
|
||||
],
|
||||
"description": "Registered EPSS providers in API and added inline signal fallback scoring so user-driven simulation requests can deterministically exercise checked providers."
|
||||
}
|
||||
@@ -0,0 +1,12 @@
|
||||
{
|
||||
"previousFailures": [
|
||||
"Provider list did not expose epss/cvss-kev-epss for user replay.",
|
||||
"Simulation requests with inline CVSS/KEV/EPSS signals were not consumed in provider scoring path when sources were null."
|
||||
],
|
||||
"retestResults": [
|
||||
"Live /risk-scores/providers replay includes cvss-kev, epss, cvss-kev-epss.",
|
||||
"Live simulation replay returns expected deterministic scores (0.95, 0.77, 0.55).",
|
||||
"RiskEngine suite rerun: 94/94 pass in Release."
|
||||
],
|
||||
"verdict": "pass"
|
||||
}
|
||||
@@ -0,0 +1,23 @@
|
||||
{
|
||||
"type": "source",
|
||||
"module": "riskengine",
|
||||
"feature": "cvss-kev-risk-signal-combination",
|
||||
"runId": "run-002",
|
||||
"dateUtc": "2026-02-10T12:18:30Z",
|
||||
"filesChecked": [
|
||||
"src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Core/Providers/CvssKevProvider.cs",
|
||||
"src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Core/Providers/ICvssKevSources.cs",
|
||||
"src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.WebService/Program.cs",
|
||||
"src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests/RiskEngineApiTests.cs",
|
||||
"src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests/UnitTest1.cs"
|
||||
],
|
||||
"found": [
|
||||
"src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Core/Providers/CvssKevProvider.cs",
|
||||
"src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Core/Providers/ICvssKevSources.cs",
|
||||
"src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.WebService/Program.cs",
|
||||
"src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests/RiskEngineApiTests.cs",
|
||||
"src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests/UnitTest1.cs"
|
||||
],
|
||||
"missing": [],
|
||||
"verdict": "pass"
|
||||
}
|
||||
@@ -0,0 +1,14 @@
|
||||
{
|
||||
"type": "build",
|
||||
"module": "riskengine",
|
||||
"feature": "cvss-kev-risk-signal-combination",
|
||||
"runId": "run-002",
|
||||
"dateUtc": "2026-02-10T12:21:14Z",
|
||||
"project": "src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests/StellaOps.RiskEngine.Tests.csproj",
|
||||
"buildResult": "pass",
|
||||
"testResult": "pass",
|
||||
"testsRun": 94,
|
||||
"testsPassed": 94,
|
||||
"testsFailed": 0,
|
||||
"errors": []
|
||||
}
|
||||
@@ -0,0 +1,31 @@
|
||||
{
|
||||
"type": "api",
|
||||
"module": "riskengine",
|
||||
"feature": "cvss-kev-risk-signal-combination",
|
||||
"runId": "run-002",
|
||||
"dateUtc": "2026-02-10T12:18:30Z",
|
||||
"baseUrl": "https://127.1.0.16",
|
||||
"requests": [
|
||||
{
|
||||
"description": "Providers endpoint lists cvss-kev and related providers",
|
||||
"method": "GET",
|
||||
"path": "/risk-scores/providers",
|
||||
"expectedStatus": 200,
|
||||
"actualStatus": 200,
|
||||
"assertion": "providers includes cvss-kev, cvss-kev-epss, epss",
|
||||
"result": "pass",
|
||||
"evidence": "{\"providers\":[\"cvss-kev\",\"cvss-kev-epss\",\"default-transforms\",\"epss\",\"fix-exposure\",\"vex-gate\"]}"
|
||||
},
|
||||
{
|
||||
"description": "Simulation computes cvss+kev score via deterministic inline signals",
|
||||
"method": "POST",
|
||||
"path": "/risk-scores/simulations",
|
||||
"expectedStatus": 200,
|
||||
"actualStatus": 200,
|
||||
"assertion": "cvss-kev score equals 0.95 for Cvss=7.5, Kev=1",
|
||||
"result": "pass",
|
||||
"evidence": "{\"provider\":\"cvss-kev\",\"score\":0.95,\"success\":true}"
|
||||
}
|
||||
],
|
||||
"verdict": "pass"
|
||||
}
|
||||
@@ -0,0 +1,10 @@
|
||||
{
|
||||
"rootCause": "RiskEngine WebService provider registry omitted epss/cvss-kev-epss and provider scoring did not honor inline simulation signals before null-source fallback.",
|
||||
"category": "missing_code",
|
||||
"affectedFiles": [
|
||||
"src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.WebService/Program.cs",
|
||||
"src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Core/Providers/CvssKevProvider.cs",
|
||||
"src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Core/Providers/EpssProvider.cs"
|
||||
],
|
||||
"confidence": 0.95
|
||||
}
|
||||
Reference in New Issue
Block a user