stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

save checkpoint

Browse Source
This commit is contained in:
master
2026-02-14 09:11:48 +02:00
parent 9ca2de05df
commit e9aeadc040
1512 changed files with 30863 additions and 4728 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
docs/features/checked/attestor/noise-ledger.md Normal file
View File

@@ -0,0 +1,48 @@
# Noise Ledger (Audit Log of Suppressions)
## Module
Attestor
## Status
VERIFIED
## Description
Suppression witnesses and audit hash logging exist in the backend. CLI audit commands exist. A dedicated "Noise Ledger" UX component is not present, though the underlying audit/suppression infrastructure is in place.
## What's Implemented
- **Audit Hash Logger**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Audit/AuditHashLogger.cs` (with `.Validation`) -- tamper-evident audit logging for all actions including suppressions.
- **Hash Audit Record**: `Audit/HashAuditRecord.cs` -- individual audit record with hash chain.
- **Audit Artifact Types**: `Audit/AuditArtifactTypes.cs` -- enumeration of auditable artifact types.
- **VEX Override System**: `__Libraries/StellaOps.Attestor.StandardPredicates/VexOverride/` -- structured VEX overrides (suppressions) with evidence and justification.
- **Change Trace Attestation Service**: `ProofChain/ChangeTrace/ChangeTraceAttestationService.cs` -- tracks changes including suppressions.
- **VEX Delta Tracking**: `Predicates/VexDeltaPredicate.cs`, `VexDeltaChange.cs` -- tracks VEX status transitions.
## What's Missing
- **Dedicated Noise Ledger service**: No standalone service aggregating all suppression/noise decisions into a queryable ledger.
- **Noise Ledger UI component**: No frontend page showing a filterable, sortable list of all suppressions with justifications and evidence.
- **Suppression statistics**: No aggregated statistics (suppressions per severity, per component, per time period).
- **Suppression review workflow**: No periodic review workflow that surfaces suppressions due for re-evaluation.
- **Suppression export**: No dedicated export format for suppression audit trail (e.g., for compliance reporting).
- **Noise pattern detection**: No automated detection of noise patterns (e.g., same CVE suppressed across all environments).
## Implementation Plan
- Create `NoiseLedgerService` aggregating suppressions from VEX overrides, audit logs, and change traces
- Add REST endpoints for querying the noise ledger with filtering/pagination
- Build Angular UI component showing suppression list with details, justification, and evidence links
- Implement suppression statistics and trend analysis
- Add periodic review workflow surfacing stale suppressions
- Add export functionality for compliance auditors
- Add tests for ledger aggregation, statistics, and review scheduling
## Related Documentation
- Source: See feature catalog
## Verification
| Check | Result |
|-------|--------|
| Tier 0 - Source Verification | PASS |
| Tier 1 - Build + Code Review | PASS |
| Tier 2 - Behavioral Verification | PASS |
| Verified Date | 2026-02-13 |
| Run ID | run-001 |