stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

save checkpoint

Browse Source
This commit is contained in:
master
2026-02-14 09:11:48 +02:00
parent 9ca2de05df
commit e9aeadc040
1512 changed files with 30863 additions and 4728 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
docs/features/checked/excititor/vex-policy-controlled-trust-and-evidence-requirements.md Normal file
View File

@@ -0,0 +1,37 @@
# VEX Policy-Controlled Trust and Evidence Requirements
## Module
Excititor
## Status
VERIFIED
## Description
Policy-driven trust weights and evidence requirements for VEX claims, with guardrails ensuring safe statuses require evidence satisfaction.
## Implementation Details
- **Modules**: `src/Excititor/__Libraries/StellaOps.Excititor.Core/`, `src/Excititor/StellaOps.Excititor.WebService/`
- **Key Classes**:
- `BaselineVexConsensusPolicy` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/BaselineVexConsensusPolicy.cs`) - baseline policy with evidence requirements for safe statuses
- `VexConsensusPolicyOptions` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/VexConsensusPolicyOptions.cs`) - configurable policy options for trust and evidence
- `TrustWeightRegistry` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/Lattice/TrustWeightRegistry.cs`) - per-source trust weight configuration
- `PolicyLatticeAdapter` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/Lattice/PolicyLatticeAdapter.cs`) - adapts policy engine rules for VEX trust evaluation
- `VexEvidenceLinkOptions` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/Evidence/VexEvidenceLinkOptions.cs`) - evidence linking requirements configuration
- `PolicyEndpoints` (`src/Excititor/StellaOps.Excititor.WebService/Endpoints/PolicyEndpoints.cs`) - REST endpoints for VEX policy queries
- `PolicyContracts` (`src/Excititor/StellaOps.Excititor.WebService/Contracts/PolicyContracts.cs`) - API contracts for policy data
- **Interfaces**: `IVexConsensusPolicy`, `IVexLatticeProvider`
- **Source**: Feature matrix scan
## E2E Test Plan
- [ ] Configure a policy requiring binary-diff evidence for `not_affected` status and verify claims without evidence are rejected
- [ ] Verify `TrustWeightRegistry` applies configurable trust weights: increase vendor weight and verify vendor claims rank higher
- [ ] Verify `BaselineVexConsensusPolicy` enforces minimum evidence requirements for safe statuses (not_affected, fixed)
- [ ] Verify `PolicyLatticeAdapter` applies K4 lattice rules from the policy engine to VEX trust evaluation
- [ ] Verify `VexEvidenceLinkOptions` requires specific evidence types (reachability, binary-diff) for specific statuses
- [ ] Verify `PolicyEndpoints` returns the active VEX policy configuration
## Verification
- Verified on 2026-02-13 via `run-001`.
- Tier 0: Source files confirmed present on disk.
- Tier 1: `dotnet build` passed (0 errors); 503/504 tests passed (1 env_issue: no local Postgres).
- Tier 2d: `docs/qa/feature-checks/runs/excititor/vex-policy-controlled-trust-and-evidence-requirements/run-001/tier2-integration-check.json`