stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

save checkpoint

Browse Source
This commit is contained in:
master
2026-02-14 09:11:48 +02:00
parent 9ca2de05df
commit e9aeadc040
1512 changed files with 30863 additions and 4728 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
docs/features/checked/policy/unknown-budget-policy-enforcement.md Normal file
View File

@@ -0,0 +1,40 @@
# Unknown Budget Policy Enforcement
## Module
Policy
## Status
IMPLEMENTED
## Description
Unknown budget enforcement with environment-aware thresholds, supporting policy evaluation that can fail/warn based on unknown counts by type.
## Implementation Details
- **UnknownsBudgetEnforcer**: `src/Policy/__Libraries/StellaOps.Policy.Unknowns/Services/UnknownsBudgetEnforcer.cs`
- Enforces budget constraints based on unknown counts by type
- Threshold levels: Green (within limits), Yellow (warning), Red (over budget), Exhausted (blocked)
- Environment-aware: different thresholds for production vs staging vs development
- **UnknownBudgetService**: `src/Policy/__Libraries/StellaOps.Policy.Unknowns/Services/UnknownBudgetService.cs`
- Budget management: create, query, consume, replenish
- Per-type budget tracking (reachability unknowns, identity unknowns, VEX gaps, etc.)
- **UnknownRanker**: `src/Policy/__Libraries/StellaOps.Policy.Unknowns/Services/UnknownRanker.cs`
- Ranks unknowns by two-factor score: (Uncertainty * 50) + (ExploitPressure * 50)
- Reason codes: AnalyzerLimit, Reachability, Identity, Provenance, VexConflict, FeedGap, ConfigUnknown
- Band assignment: Hot >= 75, Warm >= 50, Cold >= 25, Negligible < 25
- **PolicyGateEvaluator Uncertainty Tier gate**: `src/Policy/StellaOps.Policy.Engine/Gates/PolicyGateEvaluator.cs`
- Uncertainty Tier gate (4th in pipeline) evaluates unknown counts against thresholds
- Tiers: T1 (High uncertainty -> strictest enforcement), T4 (Negligible -> most permissive)
- **BudgetEndpoints**: `src/Policy/StellaOps.Policy.Engine/Endpoints/BudgetEndpoints.cs` -- API for budget management
- **RiskBudgetEndpoints**: `src/Policy/StellaOps.Policy.Engine/Endpoints/RiskBudgetEndpoints.cs` -- API for budget evaluation
## E2E Test Plan
- [ ] Set budget limit for reachability unknowns=10; report 5 unknowns; verify status Green
- [ ] Set budget limit for reachability unknowns=10; report 8 unknowns; verify status Yellow (warning)
- [ ] Set budget limit for reachability unknowns=10; report 12 unknowns; verify status Red/Exhausted
- [ ] Verify environment-aware thresholds: production has stricter limits than development
- [ ] Evaluate through PolicyGateEvaluator with T1 uncertainty tier; verify Uncertainty gate blocks
- [ ] Evaluate through PolicyGateEvaluator with T4 uncertainty tier; verify Uncertainty gate passes
- [ ] Consume unknowns budget; resolve some unknowns; verify budget capacity restored
- [ ] Query budget status via API; verify response includes per-type counts and thresholds
- [ ] Verify Hot-band unknowns consume more budget than Cold-band unknowns
- [ ] Verify Exhausted budget escalates gate level in PolicyGateEvaluator