save checkpoint
This commit is contained in:
master
@@ -0,0 +1,37 @@
|
||||
# VEX Handling with Formal Reasoning (Lattice-Based Merge)
|
||||
|
||||
## Module
|
||||
Excititor
|
||||
|
||||
## Status
|
||||
VERIFIED
|
||||
|
||||
## Description
|
||||
VEX handling with a K4 trust lattice engine for deterministic merging of vendor/distro/internal VEX claims, claim score merging, conflict penalization, and disposition selection via policy-driven rules.
|
||||
|
||||
## Implementation Details
|
||||
- **Modules**: `src/Excititor/__Libraries/StellaOps.Excititor.Core/Lattice/`, `src/Excititor/__Libraries/StellaOps.Excititor.Core/TrustVector/`
|
||||
- **Key Classes**:
|
||||
- `ClaimScoreMerger` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/Lattice/ClaimScoreMerger.cs`) - merges claim scores using lattice algebra with conflict penalization
|
||||
- `PolicyLatticeAdapter` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/Lattice/PolicyLatticeAdapter.cs`) - adapts K4 policy lattice for VEX claim merge
|
||||
- `TrustWeightRegistry` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/Lattice/TrustWeightRegistry.cs`) - registry of per-source trust weights
|
||||
- `ClaimScoreCalculator` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/TrustVector/ClaimScoreCalculator.cs`) - calculates claim scores from trust vectors
|
||||
- `ClaimStrength` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/TrustVector/ClaimStrength.cs`) - claim strength model
|
||||
- `VexScoreEnvelope` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/VexScoreEnvelope.cs`) - envelope wrapping scored VEX claims
|
||||
- `VexConsensusResolver` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/VexConsensusResolver.cs`) - resolves consensus using lattice rules
|
||||
- **Interfaces**: `IVexLatticeProvider`, `IVexConsensusPolicy`
|
||||
- **Source**: Feature matrix scan
|
||||
|
||||
## E2E Test Plan
|
||||
- [ ] Submit multiple VEX claims for the same vulnerability and verify `ClaimScoreMerger` produces a deterministic merged score using lattice algebra
|
||||
- [ ] Verify conflict penalization: conflicting claims (affected vs not_affected) reduce the merged score
|
||||
- [ ] Verify `PolicyLatticeAdapter` applies K4 lattice rules for disposition selection (top > bottom in lattice ordering)
|
||||
- [ ] Verify `TrustWeightRegistry` applies different weights to vendor, distro, and internal sources
|
||||
- [ ] Verify `ClaimScoreCalculator` computes scores from multi-dimensional trust vectors
|
||||
- [ ] Verify the merged result is monotonic: adding more evidence can only increase confidence, not decrease it
|
||||
|
||||
## Verification
|
||||
- Verified on 2026-02-13 via `run-001`.
|
||||
- Tier 0: Source files confirmed present on disk.
|
||||
- Tier 1: `dotnet build` passed (0 errors); 503/504 tests passed (1 env_issue: no local Postgres).
|
||||
- Tier 2d: `docs/qa/feature-checks/runs/excititor/vex-handling-with-formal-reasoning/run-001/tier2-integration-check.json`
|
||||
Reference in New Issue
Block a user