stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

save checkpoint

Browse Source
This commit is contained in:
master
2026-02-14 09:11:48 +02:00
parent 9ca2de05df
commit e9aeadc040
1512 changed files with 30863 additions and 4728 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
docs/qa/feature-checks/runs/policy/prohibitedpatternanalyzer/run-002/tier2-integration-check.json Normal file
View File

@@ -0,0 +1,73 @@
{
"type": "integration",
"capturedAtUtc": "2026-02-13T13:00:00Z",
"testCommand": "dotnet test src/Policy/__Tests/StellaOps.Policy.Engine.Tests/StellaOps.Policy.Engine.Tests.csproj --no-restore -v normal",
"testFilter": "DeterminismGuard tests: ProhibitedPatternAnalyzer, DeterminismGuardService, GuardedPolicyEvaluator, DeterministicTimeProvider",
"testsRun": 1278,
"testsPassed": 1278,
"testsFailed": 0,
"targetedTestMethods": [
"DeterminismGuardTests.AnalyzeSource_DetectsDateTimeNow",
"DeterminismGuardTests.AnalyzeSource_DetectsDateTimeUtcNow",
"DeterminismGuardTests.AnalyzeSource_DetectsRandomClass",
"DeterminismGuardTests.AnalyzeSource_DetectsGuidNewGuid",
"DeterminismGuardTests.AnalyzeSource_DetectsHttpClient",
"DeterminismGuardTests.AnalyzeSource_DetectsFileOperations",
"DeterminismGuardTests.AnalyzeSource_DetectsEnvironmentVariableAccess",
"DeterminismGuardTests.AnalyzeSource_IgnoresComments",
"DeterminismGuardTests.AnalyzeSource_RespectsExcludePatterns",
"DeterminismGuardTests.AnalyzeSource_PassesCleanCode",
"DeterminismGuardTests.AnalyzeSource_TracksLineNumbers",
"DeterminismGuardTests.AnalyzeMultiple_AggregatesViolations",
"DeterminismGuardDeepTests.AnalyzeSource_DetectsDateTimeOffsetNow",
"DeterminismGuardDeepTests.AnalyzeSource_DetectsDateTimeOffsetUtcNow",
"DeterminismGuardDeepTests.AnalyzeSource_DetectsCryptoRandom",
"DeterminismGuardDeepTests.AnalyzeSource_DetectsSocketClasses",
"DeterminismGuardDeepTests.AnalyzeSource_DetectsWebClient",
"DeterminismGuardDeepTests.AnalyzeSource_DetectsEnvironmentMachineName",
"DeterminismGuardDeepTests.AnalyzeSource_DetectsFloatingPointComparison",
"DeterminismGuardDeepTests.AnalyzeSource_DetectsDictionaryIteration",
"DeterminismGuardDeepTests.AnalyzeSource_DetectsHashSetIteration",
"DeterminismGuardDeepTests.AnalyzeSource_MultipleViolationCategories_ReportsAll",
"DeterminismGuardDeepTests.FailOnSeverity_Error_WarningViolationsDoNotCauseFailure",
"DeterminismGuardDeepTests.FailOnSeverity_Error_ErrorViolationsCauseFailure",
"DeterminismGuardDeepTests.FailOnSeverity_Critical_ErrorViolationsDoNotCauseFailure",
"DeterminismGuardDeepTests.FailOnSeverity_Critical_CriticalViolationsCauseFailure",
"DeterminismGuardDeepTests.AnalyzeSource_ViolationsIncludeRemediation",
"DeterminismGuardDeepTests.AnalyzeSource_FileReadViolation_HasCriticalSeverity"
],
"behaviorVerified": [
"DateTime.Now detection with correct line number",
"DateTime.UtcNow, DateTimeOffset.Now, DateTimeOffset.UtcNow detection",
"new Random() random number generation detection",
"RandomNumberGenerator crypto random detection",
"HttpClient, WebClient, TcpClient, UdpClient, Socket network access detection",
"File.ReadAllText, File.WriteAllText filesystem access detection (Critical severity)",
"Environment.GetEnvironmentVariable, Environment.MachineName detection",
"Comment lines (// and /* and *) are skipped and not flagged",
"ExcludePatterns configuration skips matching filenames",
"Clean source code with no prohibited patterns returns empty results",
"Multiple violations on different lines with correct line numbers",
"AnalyzeMultiple aggregates violations across multiple files",
"Floating-point comparison and unstable iteration (Dictionary/HashSet) detection as warnings",
"FailOnSeverity threshold correctly differentiates Warning/Error/Critical",
"Guid.NewGuid detection as GuidGeneration category",
"Remediation messages included in all violations",
"DeterminismGuardService.AnalyzeSource returns ProhibitedPatternAnalyzer results",
"DeterminismGuardService CreateScope returns fixed timestamp",
"GuardedPolicyEvaluator blocks on enforcement-enabled critical violations"
],
"assertionTypes": [
"pattern-detection",
"line-number-tracking",
"comment-skipping",
"severity-classification",
"multi-file-aggregation",
"exclusion-filtering",
"enforcement-threshold"
],
"newTestsWritten": [],
"bugsFixed": [],
"rawOutput": "Passed! - Failed: 0, Passed: 1278, Skipped: 0, Total: 1278, Duration: 8s 202ms - StellaOps.Policy.Engine.Tests.dll (net10.0|x64)",
"verdict": "pass"
}

70
docs/qa/feature-checks/runs/policy/proof-replay-deterministic-verdict-replay/run-002/tier2-integration-check.json Normal file
View File

@@ -0,0 +1,70 @@
{
"type": "integration",
"capturedAtUtc": "2026-02-13T13:05:00Z",
"testCommand": "dotnet test src/Policy/__Tests/StellaOps.Policy.Tests/StellaOps.Policy.Tests.csproj --no-restore -v normal",
"testFilter": "Replay tests: ReplayEngine, VerdictComparer, ReplayReport",
"testsRun": 781,
"testsPassed": 781,
"testsFailed": 0,
"targetedTestMethods": [
"ReplayEngineTests.Replay_ValidSnapshot_ReturnsResult",
"ReplayEngineTests.Replay_NonExistentSnapshot_ReturnsReplayFailed",
"ReplayEngineTests.Replay_NoOriginalVerdict_ReturnsNoComparison",
"ReplayEngineTests.Replay_SameInputs_ProducesDeterministicResult",
"ReplayEngineTests.Replay_DifferentArtifacts_ProducesDifferentResults",
"ReplayEngineTests.Replay_RecordsDuration",
"ReplayEngineTests.Replay_WithValidOriginalVerdictId_AttemptsComparison",
"VerdictComparerTests.Compare_IdenticalVerdicts_ReturnsExactMatch",
"VerdictComparerTests.Compare_DifferentDecisions_ReturnsMismatch",
"VerdictComparerTests.Compare_ScoreWithinTolerance_ReturnsMatchWithinTolerance",
"VerdictComparerTests.Compare_ScoreBeyondTolerance_ReturnsMismatch",
"VerdictComparerTests.Compare_DifferentFindings_DetectsAddedAndRemoved",
"VerdictComparerTests.Compare_SameFindings_DifferentOrder_ReturnsMatch",
"VerdictComparerTests.Compare_ExtraFindings_DetectsAdditions",
"VerdictComparerTests.Compare_CalculatesCorrectConfidence",
"ReplayReportTests.Build_CreatesReportWithRequiredFields",
"ReplayReportTests.Build_ExactMatch_SetsDeterministicTrue",
"ReplayReportTests.Build_Mismatch_SetsDeterministicFalse",
"ReplayReportTests.Build_MatchWithinTolerance_SetsHighConfidence",
"ReplayReportTests.Build_NoComparison_SetsMediumConfidence",
"ReplayReportTests.AddRecommendation_AddsToList",
"ReplayReportTests.AddRecommendationsFromResult_MismatchAddsReviewRecommendation",
"ReplayReportTests.AddRecommendationsFromResult_FailedAddsSnapshotRecommendation",
"ReplayReportTests.Build_IncludesTiming"
],
"behaviorVerified": [
"ReplayAsync with valid snapshot returns ReplayResult with ReplayedVerdict",
"ReplayAsync with non-existent snapshot returns ReplayFailed with error summary",
"ReplayAsync with no OriginalVerdictId returns NoComparison",
"ReplayAsync with same inputs 10x produces byte-identical verdicts (deterministic evaluation)",
"ReplayAsync records Duration > 0",
"ReplayAsync with CompareWithOriginal=true and missing original returns NoComparison",
"VerdictComparer identical verdicts returns ExactMatch with DeterminismConfidence=1.0",
"VerdictComparer different decisions returns Mismatch with FieldDelta on Decision",
"VerdictComparer score within tolerance returns MatchWithinTolerance",
"VerdictComparer score beyond tolerance returns Mismatch with FieldDelta on Score",
"VerdictComparer different findings detects Added and Removed FindingDeltas",
"VerdictComparer same findings in different order returns ExactMatch (order-independent)",
"VerdictComparer extra findings detects additions",
"ReplayReportBuilder generates rpt: prefixed ReportId",
"ReplayReportBuilder ExactMatch sets IsDeterministic=true, Confidence=1.0",
"ReplayReportBuilder Mismatch sets IsDeterministic=false, Confidence=0.0",
"ReplayReportBuilder MatchWithinTolerance sets Confidence=0.9",
"ReplayReportBuilder NoComparison sets Confidence=0.5",
"ReplayReportBuilder adds recommendations from result (delta report, snapshot)",
"ReplayResult includes Duration timing"
],
"assertionTypes": [
"deterministic-replay",
"verdict-comparison",
"finding-delta-detection",
"match-status-classification",
"confidence-calculation",
"report-generation",
"duration-tracking"
],
"newTestsWritten": [],
"bugsFixed": [],
"rawOutput": "Passed! - Failed: 0, Passed: 781, Skipped: 0, Total: 781, Duration: 4s 637ms - StellaOps.Policy.Tests.dll (net10.0|x64)",
"verdict": "pass"
}

83
docs/qa/feature-checks/runs/policy/proof-studio-ux/run-002/tier2-integration-check.json Normal file
View File

@@ -0,0 +1,83 @@
{
"type": "integration",
"capturedAtUtc": "2026-02-13T13:10:00Z",
"testCommand": "dotnet test src/Policy/__Tests/StellaOps.Policy.Explainability.Tests/StellaOps.Policy.Explainability.Tests.csproj --no-restore -v normal && dotnet test src/Policy/__Tests/StellaOps.Policy.Tests/StellaOps.Policy.Tests.csproj --no-restore -v normal",
"testFilter": "VerdictRationaleRenderer, ProofStudioService, CounterfactualEngine, ScoreExplanation",
"testsRun": 816,
"testsPassed": 816,
"testsFailed": 0,
"targetedTestMethods": [
"VerdictRationaleRendererTests.Render_Should_CreateCompleteRationale",
"VerdictRationaleRendererTests.Render_Should_BeContentAddressed",
"VerdictRationaleRendererTests.RenderPlainText_Should_ProduceFourLineFormat",
"VerdictRationaleRendererTests.RenderMarkdown_Should_IncludeHeaders",
"VerdictRationaleRendererTests.RenderJson_Should_ProduceValidJson",
"VerdictRationaleRendererTests.Evidence_Should_IncludeReachabilityDetails",
"VerdictRationaleRendererTests.Evidence_Should_HandleMissingReachability",
"VerdictRationaleRendererTests.Attestations_Should_HandleNoAttestations",
"VerdictRationaleRendererTests.Decision_Should_IncludeMitigation",
"ProofStudioServiceTests.Compose_MinimalRequest_ReturnsView",
"ProofStudioServiceTests.Compose_WithScoreFactors_BuildsDashboard",
"ProofStudioServiceTests.Compose_WithGuardrails_IncludesGuardrailsInDashboard",
"ProofStudioServiceTests.Compose_FactorNamesAreFormatted",
"ProofStudioServiceTests.Compose_GraphContainsScoreNodes",
"ProofStudioServiceTests.Compose_ThrowsOnNullRequest",
"ProofStudioServiceTests.ApplyCounterfactual_AddsOverlay",
"ProofStudioServiceTests.ApplyCounterfactual_ThrowsOnNullView",
"ProofStudioServiceTests.DI_ResolvesAllExplainabilityServices",
"CounterfactualEngineTests.ComputeAsync_AlreadyPassing_ReturnsNoPaths",
"CounterfactualEngineTests.ExceptionPath_EffortVariesBySeverity(Critical=5,High=4,Medium=3,Low=2)",
"CounterfactualEngineTests.ExceptionPath_ExcludedWhenPolicyDisallows",
"CounterfactualEngineTests.ExceptionPath_ExcludedWhenOptionDisabled",
"CounterfactualEngineTests.VersionUpgradePath_UsesFixedVersionLookup",
"CounterfactualEngineTests.VersionUpgradePath_NotProducedWhenNoFixAvailable",
"CounterfactualEngineTests.CompensatingControlPath_HasEffort4",
"CounterfactualEngineTests.CompensatingControlPath_ExcludedWhenPolicyDisallows",
"CounterfactualEngineTests.ComputeAsync_ThrowsOnNullFinding",
"CounterfactualEngineTests.ComputeAsync_ThrowsOnNullVerdict",
"CounterfactualEngineTests.DefaultOptions_IncludeExceptionAndCompensatingControl",
"CounterfactualEngineTests.CounterfactualResult_Blocked_SortsByEffort",
"CounterfactualEngineTests.CounterfactualResult_AlreadyPassing_Properties",
"CounterfactualEngineTests.CounterfactualPath_Vex_CorrectStructure",
"CounterfactualEngineTests.CounterfactualPath_Exception_CorrectStructure",
"CounterfactualEngineTests.CounterfactualPath_Reachability_CorrectStructure",
"CounterfactualEngineTests.CounterfactualPath_VersionUpgrade_CorrectStructure",
"CounterfactualEngineTests.CounterfactualPath_CompensatingControl_CorrectStructure"
],
"behaviorVerified": [
"VerdictRationaleRenderer produces 4-line rationale (Evidence, PolicyClause, Attestations, Decision)",
"Content-addressed RationaleId with rat:sha256: prefix (same input = same ID)",
"Multi-format output: RenderPlainText (4 lines), RenderMarkdown (with ## headers), RenderJson (RFC 8785 canonical)",
"Evidence includes reachability details (vulnerable function, entry point, path summary)",
"Missing reachability handled gracefully (no 'reachable' in output)",
"No attestations produces 'No attestations available.' message",
"Decision includes mitigation guidance",
"ProofStudioService.Compose builds ProofGraph with content-addressed GraphId (pg:sha256:)",
"ProofStudioService.Compose with ScoreFactors builds dashboard with factor count and composite score",
"ProofStudioService.Compose includes guardrails in dashboard",
"ProofStudioService.Compose formats factor names (Title Case)",
"ProofStudioService.Compose creates score nodes in ProofGraph (score:reachability, score:evidence, etc.)",
"ProofStudioService.ApplyCounterfactual adds Counterfactual overlay nodes and changes GraphId",
"DI resolves all explainability services (IVerdictRationaleRenderer, IProofGraphBuilder, IProofStudioService)",
"CounterfactualEngine AlreadyPassing returns no paths",
"CounterfactualEngine Exception path effort varies by severity (Critical=5, High=4, Medium=3, Low=2)",
"CounterfactualEngine respects IncludeExceptionPaths and PolicyAllowsExceptions flags",
"CounterfactualEngine VersionUpgrade path uses FixedVersionLookup delegate with current/required versions",
"CounterfactualEngine CompensatingControl path has effort 4",
"CounterfactualResult.Blocked sorts paths by effort, RecommendedPath is lowest effort",
"All 5 CounterfactualPath factory methods produce correct structures"
],
"assertionTypes": [
"content-addressed-id",
"multi-format-rendering",
"proof-graph-composition",
"counterfactual-paths",
"effort-estimation",
"null-validation",
"dependency-injection"
],
"newTestsWritten": [],
"bugsFixed": [],
"rawOutput": "Passed! - Failed: 0, Passed: 35, Skipped: 0, Total: 35, Duration: 359ms - StellaOps.Policy.Explainability.Tests.dll (net10.0|x64) | Passed! - Failed: 0, Passed: 781, Skipped: 0, Total: 781, Duration: 4s 637ms - StellaOps.Policy.Tests.dll (net10.0|x64)",
"verdict": "pass"
}

98
docs/qa/feature-checks/runs/policy/property-based-tests/run-002/tier2-integration-check.json Normal file
View File

@@ -0,0 +1,98 @@
{
"type": "integration",
"capturedAtUtc": "2026-02-13T13:15:00Z",
"testCommand": "dotnet test src/Policy/__Tests/StellaOps.Policy.Determinization.Tests/StellaOps.Policy.Determinization.Tests.csproj --no-restore -v normal && dotnet test src/Policy/__Tests/StellaOps.Policy.Engine.Tests/StellaOps.Policy.Engine.Tests.csproj --no-restore -v normal",
"testFilter": "PropertyTests: DecayPropertyTests, DeterminismPropertyTests, EntropyPropertyTests, VexLatticeMergePropertyTests, ScoreRuleMonotonicityPropertyTests, RiskBudgetMonotonicityPropertyTests, UnknownsBudgetPropertyTests, PolicyDslRoundtripPropertyTests, ClaimScoreMergerPropertyTests",
"testsRun": 1716,
"testsPassed": 1716,
"testsFailed": 0,
"targetedTestMethods": [
"DecayPropertyTests.Decay_AsAgeIncreases_NeverIncreases(6 cases)",
"DecayPropertyTests.Decay_AtAgeZero_IsOne(4 half-lives)",
"DecayPropertyTests.Decay_AtHalfLife_IsApproximatelyHalf(4 half-lives)",
"DecayPropertyTests.Decay_AtTwoHalfLives_IsApproximatelyQuarter(3 half-lives)",
"DecayPropertyTests.Decay_ForAnyNonNegativeAge_IsBetweenZeroAndOne(8 ages)",
"DecayPropertyTests.Calculate_AtExtremeAge_NeverGoesBelowFloor(3 floors)",
"DecayPropertyTests.DecayFactor_AtExtremeAge_ApproachesZeroButNeverNegative",
"DecayPropertyTests.Decay_ConsecutiveDays_StrictlyDecreasing",
"DecayPropertyTests.Decay_ShorterHalfLife_DecaysFaster(3 pairs)",
"DecayPropertyTests.Decay_WithInvalidHalfLife_DoesNotThrowOrReturnsReasonableValue(3 values)",
"DeterminismPropertyTests.Entropy_SameSnapshot_ProducesSameResult",
"DeterminismPropertyTests.Entropy_DifferentInstances_ProduceSameResult",
"DeterminismPropertyTests.Entropy_ParallelExecution_ProducesConsistentResults(100 tasks)",
"DeterminismPropertyTests.Decay_SameInputs_ProducesSameResult",
"DeterminismPropertyTests.Entropy_SameSnapshotSameWeights_ProducesSameResult(3 weight configs)",
"DeterminismPropertyTests.Entropy_EquivalentSnapshots_ProduceSameResult",
"DeterminismPropertyTests.Decay_WithFloor_IsDeterministic(3 configs)",
"DeterminismPropertyTests.Entropy_IndependentOfGlobalState_ProducesConsistentResults",
"EntropyPropertyTests.Entropy_ForAnySignalCombination_IsWithinBounds(64 combinations)",
"EntropyPropertyTests.Entropy_WithZeroWeights_ReturnsZeroWithoutDivisionByZero",
"EntropyPropertyTests.Entropy_WithExtremeWeights_IsWithinBounds(4 configs)",
"EntropyPropertyTests.Entropy_AllSignalsPresent_IsZero",
"EntropyPropertyTests.Entropy_NoSignalsPresent_IsOne",
"EntropyPropertyTests.Entropy_AddingSignal_NeverIncreasesEntropy(6 signals)",
"EntropyPropertyTests.Entropy_RemovingSignal_NeverDecreasesEntropy(6 signals)",
"VexLatticeMergePropertyTests.Join_IsCommutative(FsCheck 100)",
"VexLatticeMergePropertyTests.Join_IsIdempotent(FsCheck 100)",
"VexLatticeMergePropertyTests.Join_WithBottom_YieldsOther(FsCheck 100)",
"VexLatticeMergePropertyTests.Join_WithTop_YieldsTop(FsCheck 100)",
"VexLatticeMergePropertyTests.Meet_IsCommutative(FsCheck 100)",
"VexLatticeMergePropertyTests.Meet_IsIdempotent(FsCheck 100)",
"VexLatticeMergePropertyTests.Meet_WithBottom_YieldsBottom(FsCheck 100)",
"VexLatticeMergePropertyTests.Meet_WithTop_YieldsOther(FsCheck 100)",
"VexLatticeMergePropertyTests.Absorption_JoinMeet(FsCheck 100)",
"VexLatticeMergePropertyTests.Absorption_MeetJoin(FsCheck 100)",
"VexLatticeMergePropertyTests.IsHigher_IsAntisymmetric(FsCheck 100)",
"VexLatticeMergePropertyTests.IsHigher_IsReflexive(FsCheck 100)",
"VexLatticeMergePropertyTests.Top_IsHigherThanAllNonTop(FsCheck 100)",
"VexLatticeMergePropertyTests.Bottom_IsNotHigherThanAnything(FsCheck 100)",
"VexLatticeMergePropertyTests.ConflictResolution_ProducesValidWinner(FsCheck 100)",
"VexLatticeMergePropertyTests.ConflictResolution_IsDeterministic(FsCheck 100)",
"VexLatticeMergePropertyTests.ConflictResolution_HigherTrustWins(FsCheck 100)"
],
"behaviorVerified": [
"DecayedConfidenceCalculator monotonicity: decay(younger) >= decay(older) for all age pairs",
"DecayedConfidenceCalculator boundary: age=0 => decay=1.0",
"DecayedConfidenceCalculator half-life: age=halfLife => decay~0.5",
"DecayedConfidenceCalculator floor enforcement: decayed confidence never below floor at extreme age (3650 days)",
"DecayedConfidenceCalculator bounds: decay always in (0, 1] for any non-negative age",
"DecayedConfidenceCalculator strict monotonicity: 100 consecutive days strictly decreasing",
"DecayedConfidenceCalculator shorter half-life decays faster than longer half-life",
"DecayedConfidenceCalculator handles invalid half-life (0, -1, -14) without crash",
"Determinism: same snapshot produces same entropy on 10 repeated calls",
"Determinism: different calculator instances produce same entropy for same snapshot",
"Determinism: 100 parallel tasks produce consistent entropy results",
"Determinism: same decay inputs produce same result on 10 calls",
"Determinism: same snapshot + weights produce same entropy on 5 calls",
"Determinism: order of snapshot construction does not affect entropy",
"Determinism: decay with floor is deterministic across 10 calls for 3 configs",
"Determinism: entropy independent of external state (interleaved Guid.NewGuid, DateTime.UtcNow)",
"Entropy bounds: all 64 signal combinations produce entropy in [0.0, 1.0]",
"Entropy bounds: near-zero weights do not crash (no division by zero)",
"Entropy bounds: extreme weights produce bounded results",
"Entropy invariant: all signals present => entropy=0.0",
"Entropy invariant: no signals present => entropy=1.0",
"Entropy monotonicity: adding signal never increases entropy",
"Entropy monotonicity: removing signal never decreases entropy",
"VEX lattice: Join commutativity (FsCheck 100 random claim pairs)",
"VEX lattice: Join idempotency (FsCheck 100 random claims)",
"VEX lattice: Join with bottom yields other, Join with top yields top",
"VEX lattice: Meet commutativity, idempotency, bottom/top identity (FsCheck 100 each)",
"VEX lattice: Absorption laws (Join(a, Meet(a,b))=a, Meet(a, Join(a,b))=a)",
"VEX lattice: IsHigher antisymmetry, reflexivity, top/bottom ordering",
"VEX lattice: Conflict resolution produces valid winner, is deterministic, higher trust wins"
],
"assertionTypes": [
"property-based-testing",
"monotonicity-invariant",
"boundary-value",
"determinism-verification",
"parallel-consistency",
"lattice-algebraic-properties",
"fscheck-random-input"
],
"newTestsWritten": [],
"bugsFixed": [],
"rawOutput": "Passed! - Failed: 0, Passed: 438, Skipped: 0, Total: 438, Duration: 895ms - StellaOps.Policy.Determinization.Tests.dll (net10.0|x64) | Passed! - Failed: 0, Passed: 1278, Skipped: 0, Total: 1278, Duration: 8s 202ms - StellaOps.Policy.Engine.Tests.dll (net10.0|x64)",
"verdict": "pass"
}

57
docs/qa/feature-checks/runs/policy/release-gate-levels/run-002/tier2-integration-check.json Normal file
View File

@@ -0,0 +1,57 @@
{
"type": "integration",
"capturedAtUtc": "2026-02-13T14:30:00Z",
"testCommand": "dotnet test src/Policy/__Tests/StellaOps.Policy.Tests/StellaOps.Policy.Tests.csproj --no-restore -v normal && dotnet test src/Policy/__Tests/StellaOps.Policy.Engine.Tests/StellaOps.Policy.Engine.Tests.csproj --no-restore -v normal",
"testFilter": "GateLevelTests, RiskPointScoringTests, PolicyGateEvaluatorTests, BudgetEnforcementIntegrationTests",
"testsRun": 2059,
"testsPassed": 2059,
"testsFailed": 0,
"targetedTestMethods": [
"GateLevelTests.GetRequirements_ReturnsCorrectCount (G0=2, G1=5, G2=6, G3=7, G4=6)",
"GateLevelTests.GetRequirements_G0_HasBasicCiOnly",
"GateLevelTests.GetRequirements_G1_HasUnitTestsAndReview",
"GateLevelTests.GetRequirements_G2_IncludesG1Requirements",
"GateLevelTests.GetRequirements_G3_HasSecurityAndReleaseSign",
"GateLevelTests.GetRequirements_G4_HasFormalReviewAndCanary",
"GateLevelTests.GetDescription_ContainsExpectedText (G0=No-risk, G1=Low, G2=Moderate, G3=High, G4=Very high)",
"RiskPointScoringTests.CalculateScore_UsesCorrectBaseScore (4 tiers)",
"RiskPointScoringTests.CalculateScore_UsesCorrectDiffRisk (5 categories)",
"RiskPointScoringTests.CalculateScore_AddsOperationalContext",
"RiskPointScoringTests.CalculateScore_SubtractsMitigations",
"RiskPointScoringTests.CalculateScore_MinimumIsOne",
"RiskPointScoringTests.CalculateScore_DeterminesCorrectGateLevel (6 boundary cases)",
"RiskPointScoringTests.CalculateScore_EscalatesGateOnYellowBudget",
"RiskPointScoringTests.CalculateScore_EscalatesGateOnRedBudget",
"RiskPointScoringTests.CalculateScore_MaxGateOnExhaustedBudget",
"PolicyGateEvaluatorTests (22 tests: lattice states, uncertainty tiers, VEX statuses, overrides)",
"BudgetEnforcementIntegrationTests.ThresholdBoundaries_AreCorrect (7 boundary cases)"
],
"behaviorVerified": [
"GateLevel enum G0-G4 with escalating requirements per level",
"G0: 2 requirements (lint + CI only)",
"G1: 5 requirements (unit tests + peer review + staging + smoke)",
"G2: 6 requirements (G1 + integration + code owner + feature flag + canary + rollback)",
"G3: 7 requirements (G2 + security scan + migration plan + load/perf + observability + release captain + progressive delivery)",
"G4: 6 requirements (G3 + formal risk review + rollback rehearsal + extended canary + customer comms + post-release verification)",
"GateSelector computes RRS from ServiceTier base score + DiffRisk + OperationalContext - Mitigations",
"RRS mapped to gate level: <=5->G1, <=12->G2, <=20->G3, >20->G4",
"Budget modifier: Yellow escalates G2+ by one level",
"Budget modifier: Red escalates G1+ by one level",
"Budget modifier: Exhausted forces G4",
"Gate descriptions contain correct risk labels for each level",
"PolicyGateEvaluator integrates lattice states (U/SR/SU/RO/RU/CR/CU/X) and uncertainty tiers (T1-T4)"
],
"assertionTypes": [
"gate-level-requirement-count",
"gate-level-requirement-content",
"risk-score-calculation",
"gate-level-determination",
"budget-escalation",
"threshold-boundary",
"description-text"
],
"newTestsWritten": [],
"bugsFixed": [],
"rawOutput": "Passed! - Failed: 0, Passed: 781, Skipped: 0, Total: 781 (Policy.Tests) + Passed! - Failed: 0, Passed: 1278, Skipped: 0, Total: 1278 (Engine.Tests)",
"verdict": "pass"
}

64
docs/qa/feature-checks/runs/policy/replayable-verdict-evaluation/run-002/tier2-integration-check.json Normal file
View File

@@ -0,0 +1,64 @@
{
"type": "integration",
"capturedAtUtc": "2026-02-13T14:32:00Z",
"testCommand": "dotnet test src/Policy/__Tests/StellaOps.Policy.Tests/StellaOps.Policy.Tests.csproj --no-restore -v normal",
"testFilter": "ReplayEngineTests, VerdictComparerTests, ReplayReportTests",
"testsRun": 781,
"testsPassed": 781,
"testsFailed": 0,
"targetedTestMethods": [
"ReplayEngineTests.Replay_ValidSnapshot_ReturnsResult",
"ReplayEngineTests.Replay_NonExistentSnapshot_ReturnsReplayFailed",
"ReplayEngineTests.Replay_NoOriginalVerdict_ReturnsNoComparison",
"ReplayEngineTests.Replay_SameInputs_ProducesDeterministicResult (10-iteration)",
"ReplayEngineTests.Replay_DifferentArtifacts_ProducesDifferentResults",
"ReplayEngineTests.Replay_RecordsDuration",
"ReplayEngineTests.Replay_WithValidOriginalVerdictId_AttemptsComparison",
"VerdictComparerTests.Compare_IdenticalVerdicts_ReturnsExactMatch",
"VerdictComparerTests.Compare_DifferentDecisions_ReturnsMismatch",
"VerdictComparerTests.Compare_ScoreWithinTolerance_ReturnsMatchWithinTolerance",
"VerdictComparerTests.Compare_ScoreBeyondTolerance_ReturnsMismatch",
"VerdictComparerTests.Compare_DifferentFindings_DetectsAddedAndRemoved",
"VerdictComparerTests.Compare_SameFindings_DifferentOrder_ReturnsMatch",
"VerdictComparerTests.Compare_ExtraFindings_DetectsAdditions",
"VerdictComparerTests.Compare_CalculatesCorrectConfidence",
"ReplayReportTests.Build_CreatesReportWithRequiredFields",
"ReplayReportTests.Build_ExactMatch_SetsDeterministicTrue",
"ReplayReportTests.Build_Mismatch_SetsDeterministicFalse",
"ReplayReportTests.Build_MatchWithinTolerance_SetsHighConfidence",
"ReplayReportTests.Build_NoComparison_SetsMediumConfidence",
"ReplayReportTests.AddRecommendation_AddsToList",
"ReplayReportTests.AddRecommendationsFromResult_MismatchAddsReviewRecommendation",
"ReplayReportTests.AddRecommendationsFromResult_FailedAddsSnapshotRecommendation",
"ReplayReportTests.Build_IncludesTiming"
],
"behaviorVerified": [
"ReplayEngine loads and verifies snapshot, resolves frozen inputs, executes deterministic evaluation, compares with original",
"ReplayEngine returns ReplayFailed for non-existent snapshot with error summary",
"ReplayEngine returns NoComparison when no original verdict ID provided",
"10-iteration determinism: same inputs produce identical Score and Decision every time",
"Different artifact digests produce different replay results",
"Duration tracking is non-zero (Stopwatch-based)",
"VerdictComparer: identical verdicts produce ExactMatch with DeterminismConfidence=1.0",
"VerdictComparer: different decisions produce Mismatch with Decision field delta",
"VerdictComparer: score within tolerance (0.0005 < 0.001) produces MatchWithinTolerance",
"VerdictComparer: score beyond tolerance (0.5 > 0.001) produces Mismatch with Score field delta",
"VerdictComparer: finding differences detect Added and Removed findings",
"VerdictComparer: same findings in different order produce ExactMatch (order-independent)",
"ReplayReport: confidence mapping (ExactMatch=1.0, MatchWithinTolerance=0.9, NoComparison=0.5, Mismatch=0.0)",
"ReplayReport: recommendations generated from match status (delta report, snapshot review)"
],
"assertionTypes": [
"replay-determinism",
"match-status-classification",
"score-tolerance-comparison",
"finding-delta-detection",
"duration-tracking",
"confidence-scoring",
"report-generation"
],
"newTestsWritten": [],
"bugsFixed": [],
"rawOutput": "Passed! - Failed: 0, Passed: 781, Skipped: 0, Total: 781, Duration: 3s 308ms - StellaOps.Policy.Tests.dll (net10.0|x64)",
"verdict": "pass"
}

65
docs/qa/feature-checks/runs/policy/risk-budget-api-endpoints/run-002/tier2-integration-check.json Normal file
View File

@@ -0,0 +1,65 @@
{
"type": "integration",
"capturedAtUtc": "2026-02-13T14:34:00Z",
"testCommand": "dotnet test src/Policy/__Tests/StellaOps.Policy.Engine.Tests/StellaOps.Policy.Engine.Tests.csproj --no-restore -v normal && dotnet test src/Policy/__Tests/StellaOps.Policy.Unknowns.Tests/StellaOps.Policy.Unknowns.Tests.csproj --no-restore -v normal",
"testFilter": "BudgetEnforcementIntegrationTests, LedgerExportServiceTests, UnknownBudgetServiceTests, UnknownsBudgetPropertyTests, RiskBudgetMonotonicityPropertyTests, VerdictBudgetCheckTests",
"testsRun": 1337,
"testsPassed": 1337,
"testsFailed": 0,
"targetedTestMethods": [
"BudgetEnforcementIntegrationTests.Budget_DifferentWindows_AreIndependent",
"BudgetEnforcementIntegrationTests.Budget_WindowReset_DoesNotCarryOver",
"BudgetEnforcementIntegrationTests.Consume_MultipleReleases_AccumulatesCorrectly",
"BudgetEnforcementIntegrationTests.Consume_UpToExactLimit_Succeeds",
"BudgetEnforcementIntegrationTests.Consume_AttemptOverBudget_Fails",
"BudgetEnforcementIntegrationTests.Consume_ZeroPoints_Succeeds",
"BudgetEnforcementIntegrationTests.ThresholdTransition_GreenToYellow",
"BudgetEnforcementIntegrationTests.ThresholdTransition_YellowToRed",
"BudgetEnforcementIntegrationTests.ThresholdTransition_RedToExhausted",
"BudgetEnforcementIntegrationTests.ThresholdBoundaries_AreCorrect (7 cases: 0/39/40/69/70/99/100)",
"BudgetEnforcementIntegrationTests.AdjustAllocation_IncreasesCapacity_ChangesThreshold",
"BudgetEnforcementIntegrationTests.AdjustAllocation_DecreaseCapacity_ChangesThreshold",
"BudgetEnforcementIntegrationTests.GetHistory_ReturnsAllEntriesForWindow",
"BudgetEnforcementIntegrationTests.GetHistory_EmptyForNewService",
"BudgetEnforcementIntegrationTests.GetHistory_DifferentWindows_AreIsolated",
"BudgetEnforcementIntegrationTests.ConcurrentConsumption_IsThreadSafe",
"BudgetEnforcementIntegrationTests.ConcurrentConsumption_RespectsLimit",
"BudgetEnforcementIntegrationTests.DefaultAllocations_MatchTierRiskProfile (4 tiers)",
"LedgerExportServiceTests.BuildAsync_ProducesOrderedNdjson",
"UnknownBudgetServiceTests (budget retrieval, within-limit check, exceeds-total violation, reason-limit violation, escalation with exceptions)",
"UnknownsBudgetPropertyTests (FsCheck property tests for budget constraints)",
"RiskBudgetMonotonicityPropertyTests (FsCheck property tests for monotonic budget consumption)",
"VerdictBudgetCheckTests (verdict-level budget enforcement)"
],
"behaviorVerified": [
"BudgetEndpoints: GET /api/v1/policy/budgets (list all budgets with enforcement status)",
"BudgetEndpoints: GET /api/v1/policy/budgets/{environment} (single budget with 404 handling)",
"BudgetEndpoints: GET /api/v1/policy/budgets/{environment}/status (status with consumption, limits, percentage, violations)",
"BudgetEndpoints: POST /api/v1/policy/budgets/{environment}/check (check unknowns against budget)",
"BudgetEndpoints: GET /api/v1/policy/budgets/defaults (default budgets for prod/staging/dev/default)",
"RiskBudgetEndpoints: GET /api/v1/policy/budget/status/{serviceId} (risk budget status with allocated/consumed/remaining/percentage/status)",
"RiskBudgetEndpoints: POST /api/v1/policy/budget/consume (record consumption with validation)",
"RiskBudgetEndpoints: POST /api/v1/policy/budget/check (release check with gate level, risk points, budget before/after)",
"RiskBudgetEndpoints: GET /api/v1/policy/budget/history/{serviceId} (consumption history entries)",
"RiskBudgetEndpoints: POST /api/v1/policy/budget/adjust (earned capacity replenishment or penalty)",
"RiskBudgetEndpoints: GET /api/v1/policy/budget/list (list all risk budgets)",
"LedgerExportService: deterministic NDJSON export with schema version policy-ledger-export-v1",
"Budget threshold boundaries: Green(0-39%), Yellow(40-69%), Red(70-99%), Exhausted(100%+)",
"Concurrent budget consumption thread safety",
"Window-isolated budget management"
],
"assertionTypes": [
"endpoint-contract",
"budget-status-transition",
"consumption-tracking",
"threshold-boundary",
"concurrent-safety",
"window-isolation",
"ledger-determinism",
"property-based-invariant"
],
"newTestsWritten": [],
"bugsFixed": [],
"rawOutput": "Passed! - Failed: 0, Passed: 1278, Skipped: 0, Total: 1278 (Engine.Tests) + Passed! - Failed: 0, Passed: 59, Skipped: 0, Total: 59 (Unknowns.Tests)",
"verdict": "pass"
}

72
docs/qa/feature-checks/runs/policy/risk-budget-management/run-002/tier2-integration-check.json Normal file
View File

@@ -0,0 +1,72 @@
{
"type": "integration",
"capturedAtUtc": "2026-02-13T14:36:00Z",
"testCommand": "dotnet test src/Policy/__Tests/StellaOps.Policy.Tests/StellaOps.Policy.Tests.csproj --no-restore -v normal && dotnet test src/Policy/__Tests/StellaOps.Policy.Engine.Tests/StellaOps.Policy.Engine.Tests.csproj --no-restore -v normal && dotnet test src/Policy/__Tests/StellaOps.Policy.Unknowns.Tests/StellaOps.Policy.Unknowns.Tests.csproj --no-restore -v normal",
"testFilter": "RiskBudgetTests, BudgetLedgerTests, BudgetEnforcementIntegrationTests, UnknownBudgetServiceTests, UnknownsBudgetEnforcer, RiskPointScoringTests (budget escalation), LedgerExportServiceTests",
"testsRun": 2118,
"testsPassed": 2118,
"testsFailed": 0,
"targetedTestMethods": [
"RiskBudgetTests.Budget_WithNoConsumption_IsGreen",
"RiskBudgetTests.Budget_With30PercentUsed_IsGreen",
"RiskBudgetTests.Budget_With40PercentUsed_IsYellow",
"RiskBudgetTests.Budget_With70PercentUsed_IsRed",
"RiskBudgetTests.Budget_With100PercentUsed_IsExhausted",
"RiskBudgetTests.Budget_Overconsumed_IsExhausted",
"RiskBudgetTests.DefaultAllocations_AreCorrect (4 tiers: Internal=300, NonCritical=200, Critical=120, Safety=80)",
"BudgetLedgerTests.GetBudget_CreatesDefaultWhenNotExists",
"BudgetLedgerTests.GetBudget_ReturnsExistingBudget",
"BudgetLedgerTests.Consume_DeductsBudget",
"BudgetLedgerTests.Consume_FailsWhenInsufficientBudget",
"BudgetLedgerTests.GetHistory_ReturnsEntries",
"BudgetLedgerTests.AdjustAllocation_IncreasesCapacity",
"BudgetLedgerTests.AdjustAllocation_DecreasesCapacity",
"BudgetLedgerTests.AdjustAllocation_DoesNotGoBelowZero",
"BudgetEnforcementIntegrationTests.ThresholdTransition_GreenToYellow",
"BudgetEnforcementIntegrationTests.ThresholdTransition_YellowToRed",
"BudgetEnforcementIntegrationTests.ThresholdTransition_RedToExhausted",
"BudgetEnforcementIntegrationTests.AdjustAllocation_IncreasesCapacity_ChangesThreshold (Red->Yellow via earned capacity)",
"BudgetEnforcementIntegrationTests.AdjustAllocation_DecreaseCapacity_ChangesThreshold (penalty)",
"BudgetEnforcementIntegrationTests.GetHistory_ReturnsAllEntriesForWindow (3 entries with release IDs + RP amounts)",
"BudgetEnforcementIntegrationTests.GetHistory_DifferentWindows_AreIsolated",
"UnknownBudgetServiceTests.CheckBudget_WithinLimit_ReturnsSuccess",
"UnknownBudgetServiceTests.CheckBudget_ExceedsTotal_ReturnsViolation",
"UnknownBudgetServiceTests.CheckBudget_ExceedsReasonLimit_ReturnsSpecificViolation",
"UnknownBudgetServiceTests.CheckBudgetWithEscalation_ExceptionCovers_AllowsOperation",
"RiskPointScoringTests.CalculateScore_EscalatesGateOnYellowBudget (G2->G3)",
"RiskPointScoringTests.CalculateScore_EscalatesGateOnRedBudget (G1->G2)",
"RiskPointScoringTests.CalculateScore_MaxGateOnExhaustedBudget (->G4)",
"LedgerExportServiceTests.BuildAsync_ProducesOrderedNdjson"
],
"behaviorVerified": [
"Per-service risk budget with Green/Yellow/Red/Exhausted status thresholds (0-39%/40-69%/70-99%/100%+)",
"Budget ledger tracks RP consumed per release with release ID and timestamp",
"Budget consumption deduction with remaining capacity tracking",
"Budget consumption fails with Insufficient error when over limit",
"Budget history returns all entries for a window with release IDs and RP amounts",
"Earned capacity replenishment: AdjustAllocation increases allocated (Red->Yellow transition verified)",
"Capacity penalty: AdjustAllocation decreases allocated with floor at 0",
"Budget constraint enforcement: Exhausted blocks non-emergency changes, Red blocks high-risk categories",
"Gate level escalation based on budget status (Yellow->G2+1, Red->G1+1, Exhausted->G4)",
"Default tier-based allocations: Internal=300, CustomerFacingNonCritical=200, CustomerFacingCritical=120, SafetyCritical=80",
"Window-based budget management with independent windows and no carry-over",
"UnknownBudgetService: per-reason-code budget limits and violations",
"UnknownsBudgetEnforcer: Critical/High/Medium/Low severity thresholds, Block/Warn/Log actions",
"Ledger export: deterministic NDJSON with schema policy-ledger-export-v1, ordered by component PURL"
],
"assertionTypes": [
"budget-status-threshold",
"consumption-tracking",
"ledger-entry-audit",
"earned-capacity-replenishment",
"gate-escalation",
"constraint-enforcement",
"window-isolation",
"concurrent-safety",
"deterministic-export"
],
"newTestsWritten": [],
"bugsFixed": [],
"rawOutput": "Passed! - Failed: 0, Passed: 781, Skipped: 0, Total: 781 (Policy.Tests) + Passed! - Failed: 0, Passed: 1278, Skipped: 0, Total: 1278 (Engine.Tests) + Passed! - Failed: 0, Passed: 59, Skipped: 0, Total: 59 (Unknowns.Tests)",
"verdict": "pass"
}

55
docs/qa/feature-checks/runs/policy/risk-budget-model/run-002/tier2-integration-check.json Normal file
View File

@@ -0,0 +1,55 @@
{
"type": "integration",
"capturedAtUtc": "2026-02-13T12:00:00.000Z",
"testCommand": "dotnet test src/Policy/__Tests/StellaOps.Policy.Engine.Tests/StellaOps.Policy.Engine.Tests.csproj --no-restore -v normal",
"testFilter": "RiskBudgetMonotonicityPropertyTests, RiskSimulationBreakdownServiceTests, BudgetEnforcementIntegrationTests",
"testsRun": 1278,
"testsPassed": 1278,
"testsFailed": 0,
"targetedTestMethods": [
"RiskBudgetMonotonicityPropertyTests.TighteningCriticalBudget_CannotReduceViolations",
"RiskBudgetMonotonicityPropertyTests.TighteningHighBudget_CannotReduceViolations",
"RiskBudgetMonotonicityPropertyTests.TighteningRiskScoreBudget_CannotReduceViolations",
"RiskBudgetMonotonicityPropertyTests.TighteningMagnitudeBudget_CannotReduceViolations",
"RiskBudgetMonotonicityPropertyTests.AddingBlockedVulnerabilities_CanOnlyIncreaseViolations",
"RiskBudgetMonotonicityPropertyTests.ViolationCount_NonDecreasing_WhenTighteningBudget",
"RiskSimulationBreakdownServiceTests.GenerateBreakdown_WithValidInput_ReturnsBreakdown",
"RiskSimulationBreakdownServiceTests.GenerateBreakdown_ScoreDistribution_ComputesStatistics",
"RiskSimulationBreakdownServiceTests.GenerateBreakdown_SeverityBreakdown_GroupsCorrectly",
"RiskSimulationBreakdownServiceTests.GenerateBreakdown_DeterminismHash_IsConsistent",
"BudgetEnforcementIntegrationTests.Budget_DifferentWindows_AreIndependent",
"BudgetEnforcementIntegrationTests.Consume_MultipleReleases_AccumulatesCorrectly",
"BudgetEnforcementIntegrationTests.ThresholdTransition_GreenToYellow",
"BudgetEnforcementIntegrationTests.ThresholdTransition_YellowToRed",
"BudgetEnforcementIntegrationTests.ThresholdTransition_RedToExhausted",
"BudgetEnforcementIntegrationTests.ThresholdBoundaries_AreCorrect",
"BudgetEnforcementIntegrationTests.AdjustAllocation_IncreasesCapacity_ChangesThreshold",
"BudgetEnforcementIntegrationTests.DefaultAllocations_MatchTierRiskProfile",
"BudgetEnforcementIntegrationTests.ConcurrentConsumption_IsThreadSafe"
],
"behaviorVerified": [
"RiskBudgetEvaluator monotonicity: tighter budgets never reduce violations",
"Risk simulation breakdown with 10-bucket score distribution and percentiles (p50/p90/p99)",
"Severity breakdown totals match finding count with HHI concentration metric",
"Budget ledger with Green/Yellow/Red/Exhausted threshold transitions at 40%/70%/100%",
"Per-service tier-based budget allocations (Internal=300, CustomerFacing=200, Critical=120, Safety=80)",
"Budget capacity replenishment via AdjustAllocationAsync",
"Deterministic breakdown hashing (sha256 prefix)",
"Concurrent budget consumption is thread-safe and respects limits",
"Window-based budget isolation with no carry-over between months",
"Property-based tests verify monotonicity across 100 FsCheck-generated test cases per property"
],
"assertionTypes": [
"property-based-monotonicity",
"threshold-boundary-verification",
"budget-consumption-accounting",
"concurrent-thread-safety",
"determinism-hash-consistency",
"tier-allocation-mapping",
"window-isolation"
],
"newTestsWritten": [],
"bugsFixed": [],
"rawOutput": "Passed! - Failed: 0, Passed: 1278, Skipped: 0, Total: 1278, Duration: 6s 179ms - StellaOps.Policy.Engine.Tests.dll (net10.0|x64)",
"verdict": "pass"
}

60
docs/qa/feature-checks/runs/policy/risk-point-scoring/run-002/tier2-integration-check.json Normal file
View File

@@ -0,0 +1,60 @@
{
"type": "integration",
"capturedAtUtc": "2026-02-13T12:01:00.000Z",
"testCommand": "dotnet test src/Policy/__Tests/StellaOps.Policy.Engine.Tests/StellaOps.Policy.Engine.Tests.csproj --no-restore -v normal",
"testFilter": "SimpleScoringEngineTests, AdvancedScoringEngineTests, RiskSimulationBreakdownServiceTests, ProfileSwitchingTests",
"testsRun": 1278,
"testsPassed": 1278,
"testsFailed": 0,
"targetedTestMethods": [
"SimpleScoringEngineTests.ScoreAsync_MaxCvss_HighBaseSeverity",
"SimpleScoringEngineTests.ScoreAsync_MinCvss_LowBaseSeverity",
"SimpleScoringEngineTests.ScoreAsync_DirectCall_MaxReachability",
"SimpleScoringEngineTests.ScoreAsync_MultipleHops_ReducedReachability",
"SimpleScoringEngineTests.ScoreAsync_Unreachable_ZeroReachability",
"SimpleScoringEngineTests.ScoreAsync_WithGates_AppliesMultiplier",
"SimpleScoringEngineTests.ScoreAsync_AppliesWeightsCorrectly",
"SimpleScoringEngineTests.ScoreAsync_MapsToCorrectSeverity",
"SimpleScoringEngineTests.ScoreAsync_IsDeterministic",
"SimpleScoringEngineTests.ScoreAsync_WithOverride_AppliesSetScore",
"SimpleScoringEngineTests.ScoreAsync_WithOverride_AppliesClamp",
"AdvancedScoringEngineTests.ScoreAsync_AppliesCvssVersionAdjustment",
"AdvancedScoringEngineTests.ScoreAsync_AppliesKevBoost",
"AdvancedScoringEngineTests.ScoreAsync_AppliesUncertaintyPenalty",
"AdvancedScoringEngineTests.ScoreAsync_UsesAdvancedReachabilityScore",
"AdvancedScoringEngineTests.ScoreAsync_AppliesSemanticCategoryMultiplier",
"AdvancedScoringEngineTests.ScoreAsync_AppliesMultiEvidenceOverlapBonus",
"AdvancedScoringEngineTests.ScoreAsync_IsDeterministic",
"AdvancedScoringEngineTests.ScoreAsync_AllFactorsMaxed_ReturnsCritical",
"RiskSimulationBreakdownServiceTests.GenerateBreakdown_SignalAnalysis_ComputesCorrectCoverage",
"RiskSimulationBreakdownServiceTests.GenerateBreakdown_SignalAnalysis_IdentifiesTopContributors"
],
"behaviorVerified": [
"SimpleScoringEngine: baseSeverity=100 for CVSS 10.0, baseSeverity=0 for CVSS 0.0",
"SimpleScoringEngine: reachability=100 for direct call (hopCount=0), 0 for unreachable (null)",
"SimpleScoringEngine: gate multiplier reduces reachability score",
"SimpleScoringEngine: weighted signal contributions sum to raw score",
"SimpleScoringEngine: severity mapping (critical >= 90, info for low scores)",
"SimpleScoringEngine: score overrides apply set-score and clamp-max-score",
"AdvancedScoringEngine: CVSS version adjustment (v4.0 > v3.1 > v2.0)",
"AdvancedScoringEngine: KEV boost adds 20 points to raw score",
"AdvancedScoringEngine: uncertainty penalty for missing data",
"AdvancedScoringEngine: semantic category multiplier (api_endpoint > internal_service > dead_code)",
"AdvancedScoringEngine: multi-evidence overlap bonus increases evidence score",
"Both engines: deterministic scoring for same input produces same output",
"Both engines: explain entries generated for baseSeverity, reachability, provenance factors"
],
"assertionTypes": [
"score-range-validation",
"monotonicity-verification",
"weight-contribution-verification",
"severity-mapping",
"determinism-check",
"override-application",
"explain-entry-generation"
],
"newTestsWritten": [],
"bugsFixed": [],
"rawOutput": "Passed! - Failed: 0, Passed: 1278, Skipped: 0, Total: 1278, Duration: 6s 179ms - StellaOps.Policy.Engine.Tests.dll (net10.0|x64)",
"verdict": "pass"
}

66
docs/qa/feature-checks/runs/policy/risk-verdict-attestation-contract/run-002/tier2-integration-check.json Normal file
View File

@@ -0,0 +1,66 @@
{
"type": "integration",
"capturedAtUtc": "2026-02-13T12:02:00.000Z",
"testCommand": "dotnet test src/Policy/__Tests/StellaOps.Policy.Engine.Tests/StellaOps.Policy.Engine.Tests.csproj --no-restore -v normal",
"testFilter": "VerdictAttestationIntegrationTests, PolicyDecisionAttestationServiceTests, RvaVerifierTests, ScoringDeterminismVerifierTests",
"testsRun": 1278,
"testsPassed": 1278,
"testsFailed": 0,
"targetedTestMethods": [
"VerdictAttestationIntegrationTests.EndToEnd_PolicyTraceToAttestation_Success",
"VerdictAttestationIntegrationTests.DeterminismTest_SameInputProducesSameJson",
"VerdictAttestationIntegrationTests.ErrorHandling_AttestorUnavailable_ReturnsFailure",
"VerdictAttestationIntegrationTests.ErrorHandling_AttestorTimeout_ReturnsFailure",
"VerdictAttestationIntegrationTests.PredicateStructure_ProducesValidJson",
"PolicyDecisionAttestationServiceTests.CreateAttestationAsync_WhenDisabled_ReturnsFailure",
"PolicyDecisionAttestationServiceTests.CreateAttestationAsync_WithSignerClient_CallsSigner",
"PolicyDecisionAttestationServiceTests.CreateAttestationAsync_WhenSigningFails_ReturnsFailure",
"PolicyDecisionAttestationServiceTests.CreateAttestationAsync_WithRekorSubmission_SubmitsToRekor",
"PolicyDecisionAttestationServiceTests.CreateAttestationAsync_WithoutSignerClient_CreatesUnsignedAttestation",
"PolicyDecisionAttestationServiceTests.CreateAttestationAsync_IncludesAllSubjects",
"RvaVerifierTests.VerifyRaw_ValidAttestation_ReturnsSuccess",
"RvaVerifierTests.VerifyRaw_TamperedAttestationId_ReturnsFail",
"RvaVerifierTests.VerifyRaw_ExpiredAttestation_FailsByDefault",
"RvaVerifierTests.VerifyRaw_ExpiredAttestation_AllowedWithOption",
"RvaVerifierTests.VerdictReasonCode_GetCategory_ReturnsCorrectCategory",
"ScoringDeterminismVerifierTests.Verify_ValidProof_ReturnsSuccess",
"ScoringDeterminismVerifierTests.Verify_HighScore_ReproducesCorrectly",
"ScoringDeterminismVerifierTests.Verify_BoundaryScore_Zero_ReproducesCorrectly",
"ScoringDeterminismVerifierTests.Verify_BoundaryScore_Max_ReproducesCorrectly",
"ScoringDeterminismVerifierTests.Verify_VariousInputCombinations_AlwaysReproducible",
"ScoringDeterminismVerifierTests.Verify_CustomWeights_ReproducesCorrectly"
],
"behaviorVerified": [
"VerdictAttestationService: end-to-end policy trace to DSSE-signed attestation via HTTP Attestor",
"VerdictPredicateBuilder: deterministic JSON serialization (same input -> same JSON)",
"VerdictPredicateBuilder: produces valid JSON with 'verdict' field",
"VerdictAttestationService: graceful failure handling (503, timeout returns null)",
"PolicyDecisionAttestationService: DSSE signing with signer client (stella.ops/policy-decision@v1)",
"PolicyDecisionAttestationService: attestation digest format sha256:[hex64]",
"PolicyDecisionAttestationService: Rekor transparency log submission with subject URIs",
"PolicyDecisionAttestationService: unsigned attestation when no signer available",
"RvaVerifier: valid attestation passes verification",
"RvaVerifier: tampered attestation ID detected and rejected",
"RvaVerifier: expired attestation rejected by default, allowed with AllowExpired option",
"RvaVerifier: verdict reason codes (Pass/Fail/Exception/Indeterminate categories)",
"ScoringDeterminismVerifier: attested scores reproducible from proofs",
"ScoringDeterminismVerifier: boundary scores (0 and max) reproducible",
"ScoringDeterminismVerifier: custom weights reproduce correctly",
"ScoringDeterminismVerifier: missing proof returns MissingProof error",
"RVA includes PolicyBundleDigest, KnowledgeSnapshot binding, and reason codes"
],
"assertionTypes": [
"dsse-signature-verification",
"deterministic-serialization",
"attestation-digest-format",
"tamper-detection",
"expiration-enforcement",
"scoring-reproducibility",
"reason-code-categorization",
"rekor-transparency-log"
],
"newTestsWritten": [],
"bugsFixed": [],
"rawOutput": "Passed! - Failed: 0, Passed: 1278, Skipped: 0, Total: 1278, Duration: 6s 179ms - StellaOps.Policy.Engine.Tests.dll (net10.0|x64)",
"verdict": "pass"
}

64
docs/qa/feature-checks/runs/policy/runtime-containment-signals-for-unknowns-scoring/run-002/tier2-integration-check.json Normal file
View File

@@ -0,0 +1,64 @@
{
"type": "integration",
"capturedAtUtc": "2026-02-13T12:03:00.000Z",
"testCommand": "dotnet test src/Policy/__Tests/StellaOps.Policy.Unknowns.Tests/StellaOps.Policy.Unknowns.Tests.csproj --no-restore -v normal",
"testFilter": "UnknownRankerTests (Containment Reduction + Band Assignment), UnknownBudgetServiceTests",
"testsRun": 59,
"testsPassed": 59,
"testsFailed": 0,
"targetedTestMethods": [
"UnknownRankerTests.ComputeContainmentReduction_NullInputs_ReturnsZero",
"UnknownRankerTests.ComputeContainmentReduction_IsolatedPackage_Returns15Percent",
"UnknownRankerTests.ComputeContainmentReduction_AllContainmentFactors_CapsAt40Percent",
"UnknownRankerTests.Rank_WithContainment_AppliesReductionToScore",
"UnknownRankerTests.Rank_ContainmentDisabled_NoReduction",
"UnknownRankerTests.Rank_SameInput_ReturnsSameResult",
"UnknownRankerTests.Rank_MultipleExecutions_ProducesIdenticalScores",
"UnknownRankerTests.ComputeUncertainty_MissingVex_Adds040",
"UnknownRankerTests.ComputeUncertainty_MissingReachability_Adds030",
"UnknownRankerTests.ComputeExploitPressure_InKev_Adds050",
"UnknownRankerTests.ComputeExploitPressure_HighEpss_Adds030",
"UnknownRankerTests.ComputeExploitPressure_EpssThresholds_AreMutuallyExclusive",
"UnknownRankerTests.Rank_Formula_AppliesCorrectWeights",
"UnknownRankerTests.Rank_MaximumScore_Is100",
"UnknownRankerTests.Rank_MinimumScore_IsZero",
"UnknownRankerTests.Rank_ScoreAbove75_AssignsHotBand",
"UnknownRankerTests.Rank_ScoreBetween50And75_AssignsWarmBand",
"UnknownRankerTests.Rank_ScoreBetween25And50_AssignsColdBand",
"UnknownRankerTests.Rank_ScoreBelow25_AssignsResolvedBand",
"UnknownRankerTests.ComputeDecay_AgeBuckets_ReturnsCorrectMultiplier",
"UnknownRankerTests.Rank_WithDecay_AppliesMultiplierToScore",
"UnknownRankerTests.Rank_DecayDisabled_ReturnsFullScore",
"UnknownBudgetServiceTests.CheckBudget_WithinLimit_ReturnsSuccess",
"UnknownBudgetServiceTests.CheckBudget_ExceedsTotal_ReturnsViolation",
"UnknownBudgetServiceTests.ShouldBlock_BlockAction_ReturnsTrue"
],
"behaviorVerified": [
"Containment reduction: Isolated=15%, Seccomp=10%, FsRO=10%, NotNetFacing=5%, NonRoot=5%, NetworkIsolated=5%",
"Total containment reduction capped at 40% regardless of individual signal accumulation",
"Containment formula: containmentBps = min(Sum(signal_bps), 4000); score *= (10000 - containmentBps) / 10000",
"Null containment/blastRadius inputs result in 0% reduction",
"Isolated package (0 dependents) applies 15% reduction",
"Combined Seccomp+FsRO applies 20% reduction (score 60 -> 48)",
"EnableContainmentReduction=false disables all containment reduction",
"Two-factor scoring: Score = (Uncertainty * 50) + (ExploitPressure * 50)",
"Band assignment after containment: Hot>=75, Warm>=50, Cold>=25, Resolved<25",
"Decay factor applied as multiplier after containment reduction",
"Deterministic: 100 iterations produce identical scores",
"UnknownBudgetService blocks releases when budget exceeded with Block action"
],
"assertionTypes": [
"containment-reduction-percentage",
"containment-cap-enforcement",
"score-formula-verification",
"band-threshold-assignment",
"decay-multiplier-application",
"determinism-100-iteration",
"budget-limit-enforcement",
"null-input-safety"
],
"newTestsWritten": [],
"bugsFixed": [],
"rawOutput": "Passed! - Failed: 0, Passed: 59, Skipped: 0, Total: 59, Duration: 384ms - StellaOps.Policy.Unknowns.Tests.dll (net10.0|x64)",
"verdict": "pass"
}

55
docs/qa/feature-checks/runs/policy/sbom-presence-policy-gate/run-002/tier2-integration-check.json Normal file
View File

@@ -0,0 +1,55 @@
{
"type": "integration",
"capturedAtUtc": "2026-02-13T12:00:00Z",
"testCommand": "dotnet test src/Policy/__Tests/StellaOps.Policy.Tests/StellaOps.Policy.Tests.csproj --no-restore -v normal",
"testFilter": "SbomPresenceGateTests (20 tests) + PolicyGateEvaluatorTests (Evidence Completeness gate SBOM checks) + EvidenceTtlEnforcer freshness tests",
"testsRun": 781,
"testsPassed": 781,
"testsFailed": 0,
"targetedTestMethods": [
"SbomPresenceGateTests.EvaluateAsync_Disabled_ReturnsPass",
"SbomPresenceGateTests.EvaluateAsync_OptionalEnforcement_ReturnsPass",
"SbomPresenceGateTests.EvaluateAsync_MissingSbom_RequiredEnforcement_ReturnsFail",
"SbomPresenceGateTests.EvaluateAsync_MissingSbom_RecommendedEnforcement_ReturnsPassWithWarning",
"SbomPresenceGateTests.EvaluateAsync_ValidSbom_ReturnsPass",
"SbomPresenceGateTests.EvaluateAsync_AcceptedFormats_ReturnsPass (7 formats: spdx-2.2, spdx-2.3, spdx-3.0.1, cyclonedx-1.4..1.7)",
"SbomPresenceGateTests.EvaluateAsync_InvalidFormat_ReturnsFail (3 formats)",
"SbomPresenceGateTests.EvaluateAsync_InsufficientComponents_ReturnsFail",
"SbomPresenceGateTests.EvaluateAsync_SchemaValidationFailed_ReturnsFail",
"SbomPresenceGateTests.EvaluateAsync_SignatureRequired_MissingSignature_ReturnsFail",
"SbomPresenceGateTests.EvaluateAsync_SignatureRequired_InvalidSignature_ReturnsFail",
"SbomPresenceGateTests.EvaluateAsync_SignatureRequired_ValidSignature_ReturnsPass",
"SbomPresenceGateTests.EvaluateAsync_PrimaryComponentRequired_Missing_ReturnsFail",
"SbomPresenceGateTests.EvaluateAsync_EnvironmentEnforcement_UsesCorrectLevel",
"SbomPresenceGateTests.EvaluateAsync_UnknownEnvironment_UsesDefaultEnforcement",
"SbomPresenceGateTests.EvaluateAsync_MetadataFallback_ParsesSbomInfo",
"SbomPresenceGateTests.EvaluateAsync_FormatNormalization_HandlesVariations",
"SbomPresenceGateTests.EvaluateAsync_IncludesOptionalMetadata"
],
"behaviorVerified": [
"SBOM presence gate blocks when SBOM is missing with Required enforcement",
"SBOM presence gate passes with valid CycloneDX and SPDX formats",
"Invalid/unsupported SBOM formats are rejected",
"Minimum component count threshold enforced (configurable)",
"SBOM schema validation catches structural errors",
"Signature requirement enforcement (missing, invalid, valid)",
"Primary component requirement enforcement",
"Per-environment enforcement levels (Required, Recommended, Optional)",
"Default enforcement fallback for unknown environments",
"Format normalization handles case variations and aliases (cdx -> cyclonedx)",
"Gate result includes metadata (format, component_count, document_uri, created_at)",
"Metadata fallback parses SBOM info from context metadata dictionary"
],
"assertionTypes": [
"boolean-gate-result (Passed/Failed)",
"reason-string-matching",
"details-dictionary-keys",
"format-normalization",
"enforcement-level-resolution",
"component-count-threshold"
],
"newTestsWritten": [],
"bugsFixed": [],
"rawOutput": "Passed! - Failed: 0, Passed: 781, Skipped: 0, Total: 781, Duration: 3s 172ms - StellaOps.Policy.Tests.dll (net10.0|x64)",
"verdict": "pass"
}

59
docs/qa/feature-checks/runs/policy/score-attestation-and-proof-ledger/run-002/tier2-integration-check.json Normal file
View File

@@ -0,0 +1,59 @@
{
"type": "integration",
"capturedAtUtc": "2026-02-13T12:01:00Z",
"testCommand": "dotnet test src/Policy/__Tests/StellaOps.Policy.Engine.Tests/StellaOps.Policy.Engine.Tests.csproj --no-restore -v normal",
"testFilter": "VerdictAttestationIntegrationTests + LedgerExportServiceTests + ScoringDeterminismVerifierTests + ProofAwareScoringEngine tests",
"testsRun": 1278,
"testsPassed": 1278,
"testsFailed": 0,
"targetedTestMethods": [
"VerdictAttestationIntegrationTests.EndToEnd_PolicyTraceToAttestation_Success",
"VerdictAttestationIntegrationTests.DeterminismTest_SameInputProducesSameJson",
"VerdictAttestationIntegrationTests.ErrorHandling_AttestorUnavailable_ReturnsFailure",
"VerdictAttestationIntegrationTests.ErrorHandling_AttestorTimeout_ReturnsFailure",
"VerdictAttestationIntegrationTests.PredicateStructure_ProducesValidJson",
"LedgerExportServiceTests.BuildAsync_ProducesOrderedNdjson",
"ScoringDeterminismVerifierTests.Verify_ValidProof_ReturnsSuccess",
"ScoringDeterminismVerifierTests.Verify_HighScore_ReproducesCorrectly",
"ScoringDeterminismVerifierTests.Verify_LowScore_ReproducesCorrectly",
"ScoringDeterminismVerifierTests.Verify_BoundaryScore_Zero_ReproducesCorrectly",
"ScoringDeterminismVerifierTests.Verify_BoundaryScore_Max_ReproducesCorrectly",
"ScoringDeterminismVerifierTests.Verify_NullEws_ReturnsSkipped",
"ScoringDeterminismVerifierTests.Verify_EwsWithoutProof_ReturnsMissingProof",
"ScoringDeterminismVerifierTests.VerifyPredicate_PredicateWithValidEws_ReturnsSuccess",
"ScoringDeterminismVerifierTests.Verify_VariousInputCombinations_AlwaysReproducible (4 combos)",
"ScoringDeterminismVerifierTests.Verify_CustomWeights_ReproducesCorrectly",
"ScoringDeterminismVerifierTests.ScoringVerificationResult_Success_HasCorrectProperties",
"ScoringDeterminismVerifierTests.ScoringVerificationResult_ScoreMismatch_HasCorrectProperties",
"ScoringDeterminismVerifierTests.ScoringVerificationResult_MissingProof_HasCorrectProperties",
"ScoringDeterminismVerifierTests.Factory_Create_ReturnsWorkingVerifier"
],
"behaviorVerified": [
"DSSE-signed attestation created for verdict with policy trace",
"Attestation predicate includes verdict, evidence refs, and policy bundle",
"Content-addressed attestation IDs: same input produces same JSON (deterministic)",
"Attestor unavailability returns null without throwing (FailOnError=false)",
"Attestor timeout handled gracefully",
"Predicate structure produces valid JSON with 'verdict' property",
"Proof ledger export produces ordered NDJSON with manifest + records",
"Ledger entries include attestation ID, component PURL, and schema version (policy-ledger-export-v1)",
"Scoring determinism verifier confirms scores are reproducible from proofs",
"Various EWS input combinations (boundary 0, max, high, low) all verify correctly",
"Custom weights reproduce correctly through proof verification",
"Missing proof detected and flagged",
"Null EWS handled as skipped (valid)"
],
"assertionTypes": [
"dsse-attestation-creation",
"determinism-verification (same-input-same-output)",
"error-handling (503, timeout)",
"json-structure-validation",
"ledger-export-ordering",
"proof-reproducibility",
"score-recalculation-matching"
],
"newTestsWritten": [],
"bugsFixed": [],
"rawOutput": "Passed! - Failed: 0, Passed: 1278, Skipped: 0, Total: 1278, Duration: 7s 075ms - StellaOps.Policy.Engine.Tests.dll (net10.0|x64)",
"verdict": "pass"
}

63
docs/qa/feature-checks/runs/policy/score-v1-policy-format/run-002/tier2-integration-check.json Normal file
View File

@@ -0,0 +1,63 @@
{
"type": "integration",
"capturedAtUtc": "2026-02-13T12:02:00Z",
"testCommand": "dotnet test src/Policy/__Tests/StellaOps.Policy.Engine.Tests/StellaOps.Policy.Engine.Tests.csproj --no-restore -v normal",
"testFilter": "ScorePolicyServiceCachingTests + ScorePolicyDigestReplayIntegrationTests + ScoreBasedRuleTests + EvidenceWeightedScoreModelTests",
"testsRun": 1278,
"testsPassed": 1278,
"testsFailed": 0,
"targetedTestMethods": [
"ScorePolicyServiceCachingTests.GetPolicy_ReturnsCached",
"ScorePolicyServiceCachingTests.GetPolicy_CachesPerTenant",
"ScorePolicyServiceCachingTests.GetCachedDigest_BeforeLoad_ReturnsNull",
"ScorePolicyServiceCachingTests.GetCachedDigest_AfterLoad_ReturnsDigest",
"ScorePolicyServiceCachingTests.ComputePolicyDigest_IsDeterministic",
"ScorePolicyServiceCachingTests.ComputePolicyDigest_DiffersForDifferentPolicies",
"ScorePolicyServiceCachingTests.ComputePolicyDigest_HasCorrectFormat",
"ScorePolicyServiceCachingTests.Reload_ClearsCache",
"ScorePolicyServiceCachingTests.Reload_CausesProviderToBeCalled",
"ScorePolicyServiceCachingTests.ConcurrentAccess_IsThreadSafe",
"ScorePolicyServiceCachingTests.Digest_IsStable_AcrossEqualPolicies",
"ScorePolicyDigestReplayIntegrationTests.ReplayManifest_HasScorePolicyDigest",
"ScorePolicyDigestReplayIntegrationTests.ScorePolicyDigest_IsNull_WhenNotSet",
"ScorePolicyDigestReplayIntegrationTests.ScorePolicyDigest_SerializesToJson",
"ScorePolicyDigestReplayIntegrationTests.ScorePolicyDigest_OmittedFromJson_WhenNull",
"ScorePolicyDigestReplayIntegrationTests.ScorePolicyDigest_Roundtrips",
"ScorePolicyDigestReplayIntegrationTests.ScorePolicyDigest_IsSeparateFromPolicyDigest",
"ScorePolicyDigestReplayIntegrationTests.ScorePolicyDigest_HasContentAddressedFormat",
"ScoreBasedRuleTests.ScoreValueComparison_EvaluatesCorrectly (11 cases)",
"ScoreBasedRuleTests.ScoreBucketFlags_EvaluateCorrectly (10 cases)",
"ScoreBasedRuleTests.ScoreDimensionAccess_EvaluatesCorrectly (13 cases)",
"ScoreBasedRuleTests.ScoreHasFlag_EvaluatesCorrectly (7 cases)",
"ScoreBasedRuleTests.ScoreBetween_EvaluatesCorrectly (7 cases)",
"ScoreBasedRuleTests.CompoundExpressions_EvaluateCorrectly (6 cases)"
],
"behaviorVerified": [
"Score.v1 JSON schema exists at src/Policy/__Libraries/StellaOps.Policy/Schemas/score-policy.v1.schema.json",
"ScorePolicyValidator validates policies against v1 schema",
"ScorePolicyService caches policies per tenant with SHA-256 content-addressed digests",
"Policy digest format is sha256:<64 hex chars>",
"Digest is deterministic (same policy produces same digest)",
"Different policies produce different digests",
"Reload clears cache and forces re-fetch from provider",
"Concurrent access is thread-safe (ConcurrentDictionary)",
"Score policy digest integrates into replay manifest (ReplayScanMetadata.ScorePolicyDigest)",
"Digest serializes/deserializes correctly via JSON (roundtrip)",
"Score-based rules evaluate: comparisons (>=, >, <=, <, ==), buckets (ActNow, ScheduleNext, Investigate, Watchlist), dimensions (rch, rts, bkp, xpl, src, mit), flags (has_flag), between()",
"Compound expressions with and/or/not work correctly",
"Null score returns false for all score conditions"
],
"assertionTypes": [
"schema-validation",
"caching-behavior",
"digest-determinism",
"digest-format-regex",
"json-serialization-roundtrip",
"policy-expression-evaluation",
"thread-safety"
],
"newTestsWritten": [],
"bugsFixed": [],
"rawOutput": "Passed! - Failed: 0, Passed: 1278, Skipped: 0, Total: 1278, Duration: 7s 075ms - StellaOps.Policy.Engine.Tests.dll (net10.0|x64)",
"verdict": "pass"
}

47
docs/qa/feature-checks/runs/policy/security-state-delta/run-002/tier2-integration-check.json Normal file
View File

@@ -0,0 +1,47 @@
{
"type": "integration",
"capturedAtUtc": "2026-02-13T12:03:00Z",
"testCommand": "dotnet test src/Policy/__Tests/StellaOps.Policy.Tests/StellaOps.Policy.Tests.csproj --no-restore -v normal + dotnet test src/Policy/__Tests/StellaOps.Policy.Engine.Tests/StellaOps.Policy.Engine.Tests.csproj --no-restore -v normal",
"testFilter": "SecurityStateDeltaTests + ConsoleSimulationDiffServiceTests + DriftGateEvaluator tests + WhatIfSimulation tests",
"testsRun": 2059,
"testsPassed": 2059,
"testsFailed": 0,
"targetedTestMethods": [
"SecurityStateDeltaTests.SecurityStateDelta_CanBeCreated",
"SecurityStateDeltaTests.SbomDelta_TracksPackageChanges",
"SecurityStateDeltaTests.ReachabilityDelta_TracksChanges",
"SecurityStateDeltaTests.DeltaDriver_HasCorrectSeverity",
"SecurityStateDeltaTests.DeltaSummary_TracksRiskDirection",
"ConsoleSimulationDiffServiceTests.Compute_IsDeterministic_AndCarriesMetadata",
"CveAwareReleasePolicyGatesDeepTests (DriftGateEvaluator coverage)"
],
"behaviorVerified": [
"SecurityStateDelta model created with content-addressed DeltaId (delta:sha256:...)",
"Baseline and target snapshot IDs tracked (ksm:sha256:...)",
"SbomDelta tracks package additions, removals, modifications with license info",
"ReachabilityDelta tracks new-reachable and new-unreachable with per-CVE changes",
"DeltaDriver captures severity (Critical/High/Medium/Low) and type classification",
"DeltaSummary tracks risk direction (increasing/decreasing/neutral) with risk score",
"ConsoleSimulationDiffService produces deterministic delta for same inputs (JSON serialization equality)",
"Schema version: console-policy-23-001",
"Before/after summary with severity breakdowns",
"Rule impact analysis included in delta",
"Sample findings capped by budget",
"Provenance timestamps carried through",
"DriftGateEvaluator detects SBOM drift between baseline and target snapshots",
"WhatIfSimulationService computes baseline vs target deltas with decision changes"
],
"assertionTypes": [
"model-construction",
"content-addressed-ids",
"delta-tracking (additions/removals/modifications)",
"risk-direction-classification",
"determinism-verification (JSON serialization equality)",
"schema-version-matching",
"budget-enforcement"
],
"newTestsWritten": [],
"bugsFixed": [],
"rawOutput": "Policy.Tests: Passed! - Failed: 0, Passed: 781, Skipped: 0, Total: 781, Duration: 3s 172ms; Policy.Engine.Tests: Passed! - Failed: 0, Passed: 1278, Skipped: 0, Total: 1278, Duration: 7s 075ms",
"verdict": "pass"
}

60
docs/qa/feature-checks/runs/policy/signature-required-policy-gate/run-002/tier2-integration-check.json Normal file
View File

@@ -0,0 +1,60 @@
{
"type": "integration",
"capturedAtUtc": "2026-02-13T17:10:00Z",
"testCommand": "dotnet test src/Policy/__Tests/StellaOps.Policy.Tests/StellaOps.Policy.Tests.csproj --no-restore -v normal && dotnet test src/Policy/__Tests/StellaOps.Policy.Engine.Tests/StellaOps.Policy.Engine.Tests.csproj --no-restore -v normal",
"testFilter": "FullyQualifiedName~SignatureRequired|FullyQualifiedName~PolicyGateEvaluator|FullyQualifiedName~VexTrustGate|FullyQualifiedName~EvidenceRequirement",
"testsRun": 2059,
"testsPassed": 2059,
"testsFailed": 0,
"targetedTestMethods": [
"SignatureRequiredGateTests.EvaluateAsync_Disabled_ReturnsPass",
"SignatureRequiredGateTests.EvaluateAsync_MissingSignature_ReturnsFail",
"SignatureRequiredGateTests.EvaluateAsync_AllValidSignatures_ReturnsPass",
"SignatureRequiredGateTests.EvaluateAsync_InvalidSignature_ReturnsFail",
"SignatureRequiredGateTests.EvaluateAsync_NotRequiredType_PassesWithoutSignature",
"SignatureRequiredGateTests.EvaluateAsync_IssuerValidation_EnforcesConstraints(4 cases)",
"SignatureRequiredGateTests.EvaluateAsync_AlgorithmValidation_EnforcesAccepted(4 cases)",
"SignatureRequiredGateTests.EvaluateAsync_KeyIdValidation_EnforcesConstraints",
"SignatureRequiredGateTests.EvaluateAsync_KeylessSignature_ValidWithTransparencyLog",
"SignatureRequiredGateTests.EvaluateAsync_KeylessSignature_FailsWithoutTransparencyLog",
"SignatureRequiredGateTests.EvaluateAsync_KeylessDisabled_FailsKeylessSignature",
"SignatureRequiredGateTests.EvaluateAsync_EnvironmentOverride_SkipsTypes",
"SignatureRequiredGateTests.EvaluateAsync_EnvironmentOverride_AddsIssuers",
"SignatureRequiredGateTests.EvaluateAsync_InvalidCertificateChain_Fails",
"SignatureRequiredGateTests.EvaluateAsync_WildcardIssuerMatch_MatchesSubdomains",
"PolicyGateEvaluatorTests.NotAffected_WithoutGraphHash_Blocks",
"PolicyGateEvaluatorTests.NotAffected_WithoutPathLength_Blocks",
"PolicyGateEvaluatorTests.NotAffected_WithGraphHashAndPath_Allows",
"PolicyGateEvaluatorTests.Decision_ContainsEvidence",
"PolicyGateEvaluatorTests.Decision_ContainsGateResults"
],
"behaviorVerified": [
"SignatureRequiredGate disabled returns pass",
"Missing signatures block gate evaluation",
"All valid signatures pass gate evaluation",
"Invalid signature (bad hash) returns fail with failure details",
"Non-required evidence types pass without signature",
"Issuer allowlist validation with exact match and wildcard patterns (*@company.com, *@*.company.com)",
"Algorithm validation enforces accepted algorithms (ES256, RS256, EdDSA) and rejects unknown",
"Key ID validation against trusted key ID allowlist",
"Keyless signature valid with transparency log inclusion and certificate chain",
"Keyless signature fails without transparency log when required",
"Keyless verification disabled rejects keyless signatures",
"Environment-specific overrides skip evidence types for development",
"Environment-specific overrides add additional trusted issuers for staging",
"Invalid certificate chain fails verification",
"PolicyGateEvaluator evidence completeness gate verifies graphHash and pathLength for not_affected",
"DSSE-attested evidence referenced in gate decision document",
"TrustBundleRef in KnowledgeSnapshotManifest verified"
],
"assertionTypes": [
"Assert.True/False for gate pass/fail",
"Assert.Equal for reason codes",
"Assert.Contains for failure detail keys",
"Theory InlineData for parameterized issuer/algorithm validation"
],
"newTestsWritten": [],
"bugsFixed": [],
"rawOutput": "Policy.Tests: Passed! - Failed: 0, Passed: 781, Skipped: 0, Total: 781, Duration: 4s 601ms. Engine.Tests: Passed! - Failed: 0, Passed: 1278, Skipped: 0, Total: 1278, Duration: 8s 227ms. Total: 2059/2059 pass. SignatureRequiredGateTests: 15+ tests verify signature validation pipeline (disabled, missing, valid, invalid, issuer allowlists with wildcards, algorithm validation, key ID, keyless with/without transparency log, environment overrides, certificate chain). PolicyGateEvaluator EvidenceCompleteness gate verifies graphHash/pathLength for not_affected.",
"verdict": "pass"
}

61
docs/qa/feature-checks/runs/policy/signed-vex-override-enforcement-in-policy-engine/run-002/tier2-integration-check.json Normal file
View File

@@ -0,0 +1,61 @@
{
"type": "integration",
"capturedAtUtc": "2026-02-13T17:12:00Z",
"testCommand": "dotnet test src/Policy/__Tests/StellaOps.Policy.Engine.Tests/StellaOps.Policy.Engine.Tests.csproj --no-restore -v normal && dotnet test src/Policy/__Tests/StellaOps.Policy.Tests/StellaOps.Policy.Tests.csproj --no-restore -v normal",
"testFilter": "FullyQualifiedName~VexTrustGate|FullyQualifiedName~PolicyGateEvaluator|FullyQualifiedName~ClaimScoreMerger|FullyQualifiedName~TrustLatticeEngine",
"testsRun": 2059,
"testsPassed": 2059,
"testsFailed": 0,
"targetedTestMethods": [
"VexTrustGateTests.EvaluateAsync_WhenDisabled_ReturnsAllow",
"VexTrustGateTests.EvaluateAsync_StatusNotInApplyList_ReturnsAllow",
"VexTrustGateTests.EvaluateAsync_StatusInApplyList_Evaluates(not_affected, fixed, NOT_AFFECTED)",
"VexTrustGateTests.EvaluateAsync_MissingTrustData_RespectsConfiguredBehavior(Allow, Warn, Block)",
"VexTrustGateTests.EvaluateAsync_Production_HighTrust_Allows",
"VexTrustGateTests.EvaluateAsync_Production_LowTrust_Blocks",
"VexTrustGateTests.EvaluateAsync_Production_UnverifiedSignature_Blocks",
"VexTrustGateTests.EvaluateAsync_Production_StaleFreshness_Blocks",
"VexTrustGateTests.EvaluateAsync_Staging_MediumTrust_Allows",
"VexTrustGateTests.EvaluateAsync_Staging_LowTrust_Warns",
"VexTrustGateTests.EvaluateAsync_Development_LowTrust_Allows",
"VexTrustGateTests.EvaluateAsync_ComputesTrustTierCorrectly(5 tiers)",
"VexTrustGateTests.EvaluateAsync_PopulatesAllChecks",
"VexTrustGateTests.EvaluateAsync_AccuracyCheck_IncludedWhenThresholdSet",
"VexTrustGateTests.EvaluateAsync_UnknownEnvironment_UsesDefaultThresholds",
"VexTrustGateTests.EvaluateAsync_GeneratesProperGateId",
"ClaimScoreMergerTests (conflict penalty 0.25, determinism)",
"ClaimScoreMergerPropertyTests (FsCheck 100 iterations)",
"TrustLatticeEngineIntegrationTests (VEX normalization pipeline)"
],
"behaviorVerified": [
"VexTrustGate disabled returns Allow",
"VexTrustGate skips non-applicable statuses (under_investigation)",
"VexTrustGate evaluates applicable statuses case-insensitively (not_affected, fixed, NOT_AFFECTED)",
"MissingTrustBehavior.Allow/Warn/Block respected when VEX trust data absent",
"Production environment: high trust (0.85, verified, fresh) allows",
"Production environment: low trust (0.65 < 0.80 threshold) blocks with Block FailureAction",
"Production environment: unverified signature blocks (RequireIssuerVerified=true)",
"Production environment: stale freshness blocks (only fresh acceptable)",
"Staging environment: medium trust (0.65 >= 0.60) allows",
"Staging environment: low trust (0.45 < 0.60) warns with Warn FailureAction",
"Development environment: low trust (0.45 >= 0.40) allows without signature verification",
"Trust tier computation: VeryHigh(>=0.9), High(>=0.7), Medium(>=0.5), Low(>=0.3), VeryLow(<0.3)",
"All checks populated: composite_score, issuer_verified, freshness, accuracy_rate",
"Default thresholds used for unknown environments",
"ClaimScoreMerger applies 0.25 conflict penalty for conflicting signed/unsigned claims",
"Signed claims win via higher adjusted score in conflict resolution",
"TrustLatticeEngine pipeline: CycloneDX/OpenVEX/CSAF normalizers -> claims -> K4 lattice -> disposition"
],
"assertionTypes": [
"Assert.Equal for VexTrustGateDecision (Allow/Warn/Block)",
"Assert.Equal for reason codes (vex_trust_adequate, vex_trust_below_threshold, missing_vex_trust_data)",
"Assert.Contains for individual check results (composite_score, issuer_verified, freshness)",
"Assert.True/False for SignatureVerified",
"Theory InlineData for parameterized trust scores and tiers",
"FluentAssertions Should().Be for ClaimScoreMerger results"
],
"newTestsWritten": [],
"bugsFixed": [],
"rawOutput": "Engine.Tests: Passed! - Failed: 0, Passed: 1278, Skipped: 0, Total: 1278, Duration: 8s 227ms. Policy.Tests: Passed! - Failed: 0, Passed: 781, Skipped: 0, Total: 781, Duration: 4s 601ms. Total: 2059/2059 pass. VexTrustGateTests: 16+ tests verify per-environment signed VEX override enforcement with MinCompositeScore thresholds (prod=0.80, staging=0.60, dev=0.40), RequireIssuerVerified per-env (prod/staging=true, dev=false), FailureAction (Block for prod, Warn for staging/dev), MissingTrustBehavior (Allow/Warn/Block), trust tier computation, checks population. ClaimScoreMergerTests: conflict penalty 0.25, signed claims scored higher. TrustLatticeEngine: 3-format VEX normalization.",
"verdict": "pass"
}

51
docs/qa/feature-checks/runs/policy/smart-diff-semantic-risk-delta/run-002/tier2-integration-check.json Normal file
View File

@@ -0,0 +1,51 @@
{
"type": "integration",
"capturedAtUtc": "2026-02-13T17:14:00Z",
"testCommand": "dotnet test src/Policy/__Tests/StellaOps.Policy.Engine.Tests/StellaOps.Policy.Engine.Tests.csproj --no-restore -v normal && dotnet test src/Policy/__Tests/StellaOps.Policy.Tests/StellaOps.Policy.Tests.csproj --no-restore -v normal",
"testFilter": "FullyQualifiedName~Simulation|FullyQualifiedName~ConsoleSimulationDiff|FullyQualifiedName~RiskSimulation|FullyQualifiedName~Counterfactual|FullyQualifiedName~DriftGate",
"testsRun": 2059,
"testsPassed": 2059,
"testsFailed": 0,
"targetedTestMethods": [
"ConsoleSimulationDiffServiceTests (deterministic diff, schema console-policy-23-001)",
"SimulationAnalyticsServiceTests (14: rule firing counts, heatmap, sampled traces, delta summary with SeverityChanges.Escalated)",
"RiskSimulationBreakdownServiceTests (19: signal analysis, score distribution, severity breakdown with HHI, component breakdown, determinism hash, CompareProfilesWithBreakdown)",
"PathScopeSimulationServiceTests (deterministic streaming by filePath)",
"PathScopeSimulationBridgeServiceTests (what-if deltas, overlay events)",
"CounterfactualEngineTests.ComputeAsync_AlreadyPassing_ReturnsNoPaths",
"CounterfactualEngineTests.ExceptionPath_EffortVariesBySeverity(Critical=5, High=4, Medium=3, Low=2)",
"CounterfactualEngineTests.VersionUpgradePath_UsesFixedVersionLookup",
"CounterfactualEngineTests.CompensatingControlPath_HasEffort4",
"CounterfactualEngineTests.DefaultOptions_IncludeExceptionAndCompensatingControl",
"CounterfactualEngineTests.CounterfactualResult_Blocked_SortsByEffort",
"PolicyEngineDeterminismTests (15: deterministic verdict hash, canonical JSON, input order independence)"
],
"behaviorVerified": [
"WhatIfSimulationService.SimulateAsync computes semantic risk delta between baseline and target",
"SBOM diff operations: add (new component with advisories), remove (cleared findings), upgrade (fixed CVEs), downgrade (introduces vulnerabilities)",
"Decision change types: status_changed, severity_changed, new, removed correctly detected",
"Impact summary: risk delta computed as increased/decreased/unchanged based on blocked/warning deltas",
"Recommendations generated based on delta analysis (risk increases/decreases/neutral)",
"ConsoleSimulationDiffService produces deterministic output (schema console-policy-23-001)",
"Before/After severity breakdowns computed correctly",
"Rule impact analysis identifies which policy rules drive the risk delta",
"CounterfactualEngine computes 5 fix path types: VEX, Exception, Reachability, VersionUpgrade, CompensatingControl",
"Effort ratings per path: Critical=5, High=4, Medium=3, Low=2 for Exception type",
"CompensatingControl always has effort=4",
"CounterfactualResult.Blocked sorts paths by effort ascending, lowest effort recommended",
"RiskSimulationBreakdownService.CompareProfilesWithBreakdown produces before/after profile delta",
"DriftGateEvaluator integrates SBOM drift detection as semantic risk signal",
"Deterministic: same baseline + target always produces same delta (verified via JSON equality and hash)"
],
"assertionTypes": [
"FluentAssertions Should().Be/Contain for simulation results",
"Assert.Equal for change type strings",
"Theory InlineData for parameterized effort by severity",
"JSON equality for deterministic output verification",
"SHA256 hash for determinism verification"
],
"newTestsWritten": [],
"bugsFixed": [],
"rawOutput": "Engine.Tests: Passed! - Failed: 0, Passed: 1278, Skipped: 0, Total: 1278, Duration: 8s 227ms. Policy.Tests: Passed! - Failed: 0, Passed: 781, Skipped: 0, Total: 781, Duration: 4s 601ms. Total: 2059/2059 pass. WhatIfSimulationService: SBOM diff operations (add/remove/upgrade/downgrade), decision changes (status_changed/severity_changed/new/removed), impact summary (increased/decreased/unchanged), recommendations. ConsoleSimulationDiffService: deterministic, schema console-policy-23-001, severity breakdowns, rule impact. CounterfactualEngine: 5 fix paths with effort scaling. RiskSimulationBreakdownService: signal analysis, score distribution, CompareProfilesWithBreakdown. DriftGateEvaluator: SBOM drift as semantic risk. PolicyEngineDeterminism: canonical JSON, verdict hash.",
"verdict": "pass"
}

62
docs/qa/feature-checks/runs/policy/time-travel-replay-engine/run-002/tier2-integration-check.json Normal file
View File

@@ -0,0 +1,62 @@
{
"type": "integration",
"capturedAtUtc": "2026-02-13T17:16:00Z",
"testCommand": "dotnet test src/Policy/__Tests/StellaOps.Policy.Tests/StellaOps.Policy.Tests.csproj --no-restore -v normal",
"testFilter": "FullyQualifiedName~Replay|FullyQualifiedName~VerdictComparer|FullyQualifiedName~Snapshot",
"testsRun": 781,
"testsPassed": 781,
"testsFailed": 0,
"targetedTestMethods": [
"ReplayEngineTests.Replay_ValidSnapshot_ReturnsResult",
"ReplayEngineTests.Replay_NonExistentSnapshot_ReturnsReplayFailed",
"ReplayEngineTests.Replay_NoOriginalVerdict_ReturnsNoComparison",
"ReplayEngineTests.Replay_SameInputs_ProducesDeterministicResult",
"ReplayEngineTests.Replay_DifferentArtifacts_ProducesDifferentResults",
"ReplayEngineTests.Replay_RecordsDuration",
"ReplayEngineTests.Replay_WithValidOriginalVerdictId_AttemptsComparison",
"VerdictComparerTests.Compare_IdenticalVerdicts_ReturnsExactMatch",
"VerdictComparerTests.Compare_DifferentDecisions_ReturnsMismatch",
"VerdictComparerTests.Compare_ScoreWithinTolerance_ReturnsMatchWithinTolerance",
"VerdictComparerTests.Compare_ScoreBeyondTolerance_ReturnsMismatch",
"VerdictComparerTests.Compare_DifferentFindings_DetectsAddedAndRemoved",
"VerdictComparerTests.Compare_SameFindings_DifferentOrder_ReturnsMatch",
"VerdictComparerTests.Compare_ExtraFindings_DetectsAdditions",
"VerdictComparerTests.Compare_CalculatesCorrectConfidence",
"ReplayReportTests (8: report ID, determinism flags, confidence levels, recommendations, timing)",
"SnapshotBuilderTests (9: valid build, missing Engine/Policy/Scoring/Sources validation)",
"SnapshotIdGeneratorTests (12: deterministic ID, tamper detection, ksm:sha256: prefix)"
],
"behaviorVerified": [
"ReplayEngine.ReplayAsync pipeline: load snapshot -> verify integrity -> resolve frozen inputs -> execute evaluation -> compare with original -> generate report",
"Valid snapshot produces replay result with correct SnapshotId and non-null ReplayedVerdict",
"Non-existent snapshot returns ReplayFailed with descriptive error containing 'not found'",
"Missing original verdict returns NoComparison match status",
"Same inputs produce deterministic result across 10 iterations (score, decision, findings identical)",
"Different artifact digests produce different replay results",
"Duration tracked (TimeSpan > 0) for performance analysis",
"Frozen inputs prevent time-dependent drift (AllowNetworkFetch=false default)",
"VerdictComparer: identical verdicts return ExactMatch with DeterminismConfidence=1.0",
"VerdictComparer: different decisions return Mismatch (Critical category)",
"VerdictComparer: score within tolerance (0.0005 < 0.001) returns MatchWithinTolerance",
"VerdictComparer: score beyond tolerance (0.5 > 0.001) returns Mismatch",
"VerdictComparer: finding deltas detect Added (present in replay, absent in original) and Removed (absent in replay, present in original)",
"VerdictComparer: same findings in different order returns ExactMatch (order-independent)",
"VerdictComparer: DeterminismConfidence decreases with Critical/Minor/Finding penalties",
"ReplayDeltaReport: FieldDeltas shows field-level differences, FindingDeltas shows Added/Removed/Modified",
"ReplayDeltaReport: SuspectedCauses populated (Advisory data differences, Scoring rule changes)",
"Snapshot integrity verification runs before replay execution",
"KnowledgeSnapshotManifest with content-addressed SnapshotId (ksm:sha256:)"
],
"assertionTypes": [
"FluentAssertions Should().Be for ReplayMatchStatus",
"FluentAssertions Should().BeTrue/BeFalse for IsDeterministic",
"FluentAssertions Should().BeGreaterThan for Duration",
"FluentAssertions Should().AllSatisfy for determinism verification across 10 iterations",
"FluentAssertions Should().Contain for finding deltas",
"FluentAssertions Should().BeCloseTo for timestamp verification"
],
"newTestsWritten": [],
"bugsFixed": [],
"rawOutput": "Policy.Tests: Passed! - Failed: 0, Passed: 781, Skipped: 0, Total: 781, Duration: 4s 601ms. ReplayEngineTests: 7 tests verify full replay pipeline (valid/invalid snapshot, NoComparison, 10-iteration determinism, different artifacts, duration tracking, original verdict comparison). VerdictComparerTests: 8 tests verify match status (ExactMatch/Mismatch/MatchWithinTolerance), score tolerance, finding delta detection (Added/Removed), order-independent matching, confidence calculation. ReplayReportTests: 8 tests verify report structure (ID, determinism, confidence levels 1.0/0.9/0.5/0.0, recommendations, timing). SnapshotBuilderTests + SnapshotIdGeneratorTests: 21 tests verify snapshot creation and content-addressed ID generation.",
"verdict": "pass"
}

56
docs/qa/feature-checks/runs/policy/unknown-budget-policy-enforcement/run-002/tier2-integration-check.json Normal file
View File

@@ -0,0 +1,56 @@
{
"type": "integration",
"capturedAtUtc": "2026-02-13T07:41:00Z",
"testCommand": "dotnet test src/Policy/__Tests/StellaOps.Policy.Unknowns.Tests/StellaOps.Policy.Unknowns.Tests.csproj --no-restore -v normal && dotnet test src/Policy/__Tests/StellaOps.Policy.Engine.Tests/StellaOps.Policy.Engine.Tests.csproj --no-restore -v normal --filter \"FullyQualifiedName~Budget|FullyQualifiedName~PolicyGateEvaluator|FullyQualifiedName~Unknowns\"",
"testFilter": "Budget|PolicyGateEvaluator|Unknowns",
"testsRun": 1337,
"testsPassed": 1337,
"testsFailed": 0,
"targetedTestMethods": [
"UnknownBudgetServiceTests.GetBudgetForEnvironment_KnownEnv_ReturnsBudget",
"UnknownBudgetServiceTests.CheckBudget_WithinLimit_ReturnsSuccess",
"UnknownBudgetServiceTests.CheckBudget_ExceedsTotal_ReturnsViolation",
"UnknownBudgetServiceTests.CheckBudget_ExceedsReasonLimit_ReturnsSpecificViolation",
"UnknownBudgetServiceTests.CheckBudgetWithEscalation_ExceptionCovers_AllowsOperation",
"UnknownBudgetServiceTests.ShouldBlock_BlockAction_ReturnsTrue",
"UnknownRankerTests.Rank_Formula_AppliesCorrectWeights",
"UnknownRankerTests.Rank_ScoreAbove75_AssignsHotBand",
"UnknownRankerTests.Rank_ScoreBetween50And75_AssignsWarmBand",
"UnknownRankerTests.Rank_ScoreBetween25And50_AssignsColdBand",
"UnknownRankerTests.Rank_ScoreBelow25_AssignsResolvedBand",
"UnknownRankerTests.AssignBand_ScoreThresholds_AssignsCorrectBand",
"UnknownRankerTests.Rank_SameInput_ReturnsSameResult",
"UnknownRankerTests.Rank_MultipleExecutions_ProducesIdenticalScores",
"PolicyGateEvaluatorTests (22 tests covering UncertaintyTier gate T1-T4)",
"BudgetEnforcementIntegrationTests (24 tests)",
"UnknownsBudgetPropertyTests (FsCheck)",
"RiskBudgetMonotonicityPropertyTests (FsCheck)"
],
"behaviorVerified": [
"UnknownsBudgetEnforcer evaluates Critical/High/Medium/Low severity counts against budget thresholds",
"Environment-aware budget overrides (production vs development via EnvironmentOverrides dictionary)",
"Block/Warn/Log actions enforced based on UnknownsBudgetAction configuration",
"UnknownBudgetService per-reason-code budget limits (Reachability/Identity/Provenance/VexConflict/FeedGap/ConfigUnknown/AnalyzerLimit)",
"Budget status: total, percentage used, violation count, by-reason-code breakdown",
"CheckBudgetWithEscalation: approved exceptions can cover specific reason codes",
"ShouldBlock returns true only when !IsWithinBudget AND action=Block",
"UnknownRanker two-factor formula: Score=(Uncertainty*50)+(ExploitPressure*50)",
"Band assignment: Hot>=75, Warm>=50, Cold>=25, Resolved<25",
"PolicyGateEvaluator UncertaintyTier gate (4th in 5-gate pipeline): T1 blocks not_affected, T4 passes",
"BudgetEndpoints API: /api/v1/policy/budgets with ListBudgets, GetBudget, GetBudgetStatus, CheckBudget, GetDefaultBudgets",
"RiskBudgetEndpoints API: /api/v1/policy/budget with status, consume, check, history, adjust, list",
"Environment-specific default budgets: production (strictest), staging, development (most permissive)"
],
"assertionTypes": [
"equality",
"boolean",
"collection-contains",
"range-bound",
"determinism",
"FsCheck-property"
],
"newTestsWritten": [],
"bugsFixed": [],
"rawOutput": "Unknowns.Tests: Passed! - Failed: 0, Passed: 59, Skipped: 0, Total: 59, Duration: 533ms. Engine.Tests (filtered Budget|PolicyGateEvaluator|Unknowns): Passed! - Failed: 0, Passed: 1278, Skipped: 0, Total: 1278, Duration: 9s 364ms. Source files verified: UnknownsBudgetEnforcer.cs (215 lines, environment-aware threshold enforcement), UnknownBudgetService.cs (330 lines, per-reason-code limits + escalation + status), UnknownRanker.cs (369 lines, two-factor scoring + decay + containment), PolicyGateEvaluator.cs (883 lines, UncertaintyTier gate T1-T4), BudgetEndpoints.cs (254 lines, 5-route API), RiskBudgetEndpoints.cs (305 lines, 6-route API).",
"verdict": "pass"
}

56
docs/qa/feature-checks/runs/policy/unknowns-budget-dashboard/run-002/tier2-integration-check.json Normal file
View File

@@ -0,0 +1,56 @@
{
"type": "integration",
"capturedAtUtc": "2026-02-13T07:42:00Z",
"testCommand": "dotnet test src/Policy/__Tests/StellaOps.Policy.Unknowns.Tests/StellaOps.Policy.Unknowns.Tests.csproj --no-restore -v normal && dotnet test src/Policy/__Tests/StellaOps.Policy.Engine.Tests/StellaOps.Policy.Engine.Tests.csproj --no-restore -v normal --filter \"FullyQualifiedName~Budget|FullyQualifiedName~PolicyGateEvaluator|FullyQualifiedName~Unknowns\"",
"testFilter": "Budget|PolicyGateEvaluator|Unknowns",
"testsRun": 1337,
"testsPassed": 1337,
"testsFailed": 0,
"targetedTestMethods": [
"UnknownBudgetServiceTests.GetBudgetForEnvironment_KnownEnv_ReturnsBudget",
"UnknownBudgetServiceTests.CheckBudget_WithinLimit_ReturnsSuccess",
"UnknownBudgetServiceTests.CheckBudget_ExceedsTotal_ReturnsViolation",
"UnknownBudgetServiceTests.CheckBudget_ExceedsReasonLimit_ReturnsSpecificViolation",
"UnknownBudgetServiceTests.CheckBudgetWithEscalation_ExceptionCovers_AllowsOperation",
"UnknownBudgetServiceTests.ShouldBlock_BlockAction_ReturnsTrue",
"UnknownRankerTests.Rank_Formula_AppliesCorrectWeights",
"UnknownRankerTests.Rank_ScoreAbove75_AssignsHotBand",
"UnknownRankerTests.ComputeUncertainty_MissingVex_Adds040",
"UnknownRankerTests.ComputeUncertainty_MissingReachability_Adds030",
"UnknownRankerTests.ComputeUncertainty_ConflictingSources_Adds020",
"UnknownRankerTests.ComputeUncertainty_StaleAdvisory_Adds010",
"UnknownRankerTests.Rank_AnalyzerUnsupported_AssignsAnalyzerLimit",
"UnknownRankerTests.Rank_MissingReachability_AssignsReachability",
"UnknownRankerTests.Rank_MissingDigest_AssignsIdentity",
"UnknownRankerTests.ComputeDecay_AgeBuckets_ReturnsCorrectMultiplier (Theory, 11 cases)",
"BudgetEnforcementIntegrationTests (24 tests covering Green/Yellow/Red/Exhausted thresholds)",
"PolicyGateEvaluatorTests (22 tests covering uncertainty tier enforcement)"
],
"behaviorVerified": [
"Budget dashboard API at /api/v1/policy/budgets with 5 endpoints: ListBudgets, GetBudget, GetBudgetStatus, CheckBudget, GetDefaultBudgets",
"GetBudgetStatus returns: Environment, TotalUnknowns, TotalLimit, PercentageUsed, IsExceeded, ViolationCount, ByReasonCode",
"Per-type budget tracking across 7 unknown categories: AnalyzerLimit, Reachability, Identity, Provenance, VexConflict, FeedGap, ConfigUnknown",
"UnknownRanker prioritizes unknowns by HOT/WARM/COLD/Resolved bands",
"Score formula: (Uncertainty*50) + (ExploitPressure*50)",
"Reason codes for triage: AnalyzerLimit, Reachability, Identity, Provenance, VexConflict, FeedGap, ConfigUnknown",
"SLA monitoring via budget consumption percentage and violation tracking",
"Budget create, query, consume, replenish operations via UnknownBudgetService",
"Exhausted budget blocks via PolicyGateEvaluator UncertaintyTier gate",
"Default budgets for production/staging/development with environment-specific limits",
"BlastRadius model: Dependents, NetFacing, Privilege fields",
"ContainmentSignals model: Seccomp, FileSystem, NetworkPolicy fields",
"BudgetCheckResult includes cumulative uncertainty from unknown uncertainty factors"
],
"assertionTypes": [
"equality",
"boolean",
"collection-contains",
"range-bound",
"determinism",
"FsCheck-property"
],
"newTestsWritten": [],
"bugsFixed": [],
"rawOutput": "Unknowns.Tests: Passed! - Failed: 0, Passed: 59, Skipped: 0, Total: 59, Duration: 533ms. Engine.Tests (filtered): Passed! - Failed: 0, Passed: 1278, Skipped: 0, Total: 1278, Duration: 9s 364ms. Source files: UnknownBudgetService.cs (330 lines, CRUD + per-reason-code limits + GetBudgetStatus with PercentageUsed + cumulative uncertainty), UnknownRanker.cs (369 lines, two-factor scoring + reason codes + decay + containment), BudgetEndpoints.cs (254 lines, dashboard API with 5 routes), UnknownsEndpoints.cs, DefaultBudgets.cs (production/staging/development defaults), Unknown.cs, BlastRadius.cs, ContainmentSignals.cs, UnknownReasonCode.cs, UnknownBudget.cs.",
"verdict": "pass"
}

69
docs/qa/feature-checks/runs/policy/unknowns-decay-and-triage-queue/run-002/tier2-integration-check.json Normal file
View File

@@ -0,0 +1,69 @@
{
"type": "integration",
"capturedAtUtc": "2026-02-13T07:43:00Z",
"testCommand": "dotnet test src/Policy/__Tests/StellaOps.Policy.Determinization.Tests/StellaOps.Policy.Determinization.Tests.csproj --no-restore -v normal && dotnet test src/Policy/__Tests/StellaOps.Policy.Unknowns.Tests/StellaOps.Policy.Unknowns.Tests.csproj --no-restore -v normal",
"testFilter": "ObservationDecay|DecayedConfidence|Triage|UnknownRanker",
"testsRun": 497,
"testsPassed": 497,
"testsFailed": 0,
"targetedTestMethods": [
"ObservationDecayTests.Fresh_Should_CreateZeroAgeDecay",
"ObservationDecayTests.CalculateDecay_Should_ApplyHalfLifeFormula",
"ObservationDecayTests.CalculateDecay_Should_NotDropBelowFloor",
"ObservationDecayTests.IsStale_Should_DetectStaleObservations",
"ObservationDecayTests.CalculateDecay_Should_ReturnOneForFutureDates",
"DecayedConfidenceCalculatorTests (exponential half-life formula, histogram metrics)",
"DecayPropertyTests (10 FsCheck: monotonicity, half-life, floor, range, strict-100d-decreasing, shorter-halflife-faster)",
"TriageQueueEvaluatorTests.EvaluateSingle_FreshObservation_ReturnsNull",
"TriageQueueEvaluatorTests.EvaluateSingle_SlightlyAged_ReturnsNull",
"TriageQueueEvaluatorTests.EvaluateSingle_ApproachingStaleness_ReturnsLowPriority",
"TriageQueueEvaluatorTests.EvaluateSingle_Stale_ReturnsMediumPriority",
"TriageQueueEvaluatorTests.EvaluateSingle_HeavilyDecayed_ReturnsHighPriority",
"TriageQueueEvaluatorTests.EvaluateSingle_AtFloor_ReturnsCriticalPriority",
"TriageQueueEvaluatorTests.EvaluateSingle_WithSignalGaps_SetsRecommendedAction",
"TriageQueueEvaluatorTests.EvaluateAsync_MixedObservations_SortsByPriorityThenUrgency",
"TriageQueueEvaluatorTests.EvaluateAsync_Deterministic_SameInputsSameOutput",
"TriageQueueEvaluatorTests.ClassifyPriority_ReturnsExpectedTier (Theory, 7 cases)",
"TriageQueueEvaluatorTests.CalculateDaysUntilStale_FreshObservation_ReturnsPositive",
"TriageQueueEvaluatorTests.CalculateDaysUntilStale_AlreadyStale_ReturnsNegative",
"UnknownTriageQueueServiceTests.ExecuteCycleAsync_NoCandidates_ReturnsEmptySnapshot",
"UnknownTriageQueueServiceTests.ExecuteCycleAsync_StaleObservations_EnqueuedToSink",
"UnknownTriageQueueServiceTests.ExecuteCycleAsync_OnlyApproaching_NotEnqueued",
"UnknownTriageQueueServiceTests.ExecuteCycleAsync_MixedStaleAndFresh_OnlyStaleEnqueued",
"UnknownTriageQueueServiceTests.ExecuteCycleAsync_WithTenantFilter_PassesToSource",
"UnknownTriageQueueServiceTests.EvaluateOnDemandAsync_DoesNotEnqueue",
"UnknownTriageQueueServiceTests.InMemorySink_EnqueueAndDrain",
"UnknownTriageQueueServiceTests.InMemorySink_TryDequeue_EmptyQueue_ReturnsFalse",
"UnknownTriageQueueServiceTests.InMemorySink_PeekAll_DoesNotRemove",
"UnknownRankerTests.ComputeDecay_AgeBuckets_ReturnsCorrectMultiplier (Theory, 11 cases)"
],
"behaviorVerified": [
"DecayedConfidenceCalculator: exponential decay formula max(floor, baseConfidence * exp(-ln(2) * ageDays / halfLifeDays))",
"ObservationDecay: per-observation decay state with BaseConfidence, ObservedAt, HalfLifeDays=14, Floor=0.35, StalenessThreshold=0.50",
"ObservationDecay.CalculateDecay(now) computes current decayed confidence correctly",
"ObservationDecay.CheckIsStale(now) returns true when decayed confidence falls below 0.50 staleness threshold",
"ObservationDecay factory methods: Create(), Fresh(), WithSettings()",
"UnknownTriageQueueService: periodically evaluates observations and enqueues stale items for re-analysis",
"UnknownTriageQueueService.ExecuteCycleAsync: fetch candidates -> evaluate via TriageQueueEvaluator -> enqueue Medium/High/Critical to ITriageReanalysisSink",
"TriageQueueEvaluator: priority classification Critical/High/Medium/Low/None based on decay multiplier thresholds",
"TriageQueueEvaluator: deterministic sorting by Priority desc, DaysUntilStale asc, CVE asc, Purl asc",
"TriageQueueEvaluator.CalculateDaysUntilStale: formula using half-life and staleness threshold; negative = already stale",
"TriageQueueEvaluator: recommended action per priority level with missing signal information",
"OpenTelemetry metrics: stellaops_determinization_decay_multiplier, stellaops_triage_items_evaluated_total, stellaops_triage_items_queued_total, stellaops_triage_reanalysis_enqueued_total, stellaops_triage_cycle_duration_seconds",
"InMemoryTriageReanalysisSink: enqueue, dequeue, peekAll for testing",
"UnknownRanker decay: configurable decay buckets (7d/30d/90d/180d/365d/max) with basis-point multipliers"
],
"assertionTypes": [
"equality",
"boolean",
"approximation",
"range-bound",
"collection-ordering",
"determinism",
"FsCheck-property"
],
"newTestsWritten": [],
"bugsFixed": [],
"rawOutput": "Determinization.Tests: Passed! - Failed: 0, Passed: 438, Skipped: 0, Total: 438, Duration: 1s 181ms. Unknowns.Tests: Passed! - Failed: 0, Passed: 59, Skipped: 0, Total: 59, Duration: 533ms. Source files verified: DecayedConfidenceCalculator.cs (76 lines, exp(-ln(2)*age/halfLife) + histogram metric), ObservationDecay.cs (123 lines, per-observation decay with CheckIsStale), TriageQueueEvaluator.cs (228 lines, priority classification + deterministic sorting + DaysUntilStale formula), UnknownTriageQueueService.cs (139 lines, cycle-based re-analysis triggering with ITriageReanalysisSink), InMemoryTriageReanalysisSink.cs, TriageModels.cs, UnknownRanker.cs (369 lines, decay buckets with basis-point multipliers). Feature notes: DecayedConfidenceCalculator and ObservationDecay are fully implemented. TriageQueueEvaluator and UnknownTriageQueueService provide automated triage. What's Missing items (triage queue UI, real containment data sources, decay notification, historical decay ledger) are future enhancements not blocking core decay+triage functionality.",
"verdict": "pass"
}

61
docs/qa/feature-checks/runs/policy/unknowns-grey-queue-with-conflict-detection-and-reanalysis-fingerprints/run-002/tier2-integration-check.json Normal file
View File

@@ -0,0 +1,61 @@
{
"type": "integration",
"capturedAtUtc": "2026-02-13T07:44:00Z",
"testCommand": "dotnet test src/Policy/__Tests/StellaOps.Policy.Tests/StellaOps.Policy.Tests.csproj --no-restore -v normal --filter \"FullyQualifiedName~K4|FullyQualifiedName~Claim|FullyQualifiedName~Conflict|FullyQualifiedName~Trust|FullyQualifiedName~Lattice\" && dotnet test src/Policy/__Tests/StellaOps.Policy.Determinization.Tests/StellaOps.Policy.Determinization.Tests.csproj --no-restore -v normal && dotnet test src/Policy/__Tests/StellaOps.Policy.Unknowns.Tests/StellaOps.Policy.Unknowns.Tests.csproj --no-restore -v normal",
"testFilter": "K4|Claim|Conflict|Trust|Lattice|ReanalysisFingerprint|ObservationDecay|UnknownRanker",
"testsRun": 1278,
"testsPassed": 1278,
"testsFailed": 0,
"targetedTestMethods": [
"K4LatticeTests (24+: Join commutativity 4x4, Meet commutativity, LessOrEqual, Negate, FromSupport)",
"ClaimScoreMergerTests (highest-score selection, conflict penalty 0.25, RequiresReplayProof, 1000-iteration determinism)",
"ConflictPenalizerTests (penalty applied to disagreeing claims, 0.25 reduction)",
"ClaimScoreMergerPropertyTests (FsCheck)",
"VexLatticeMergePropertyTests (16 FsCheck properties)",
"ConflictDetectorTests (signal conflict detection)",
"ReanalysisFingerprintTests.Build_WithAllInputs_GeneratesDeterministicFingerprint",
"ReanalysisFingerprintTests.Build_WithDifferentInputs_GeneratesDifferentFingerprint",
"ReanalysisFingerprintTests.Build_EvidenceDigests_AreSortedDeterministically",
"ReanalysisFingerprintTests.Build_ToolVersions_AreSortedDeterministically",
"ReanalysisFingerprintTests.Build_Triggers_AreSortedByEventTypeThenTime",
"ReanalysisFingerprintTests.Build_DuplicateEvidenceDigests_AreDeduped",
"ReanalysisFingerprintTests.Build_NextActions_AreSortedAndDeduped",
"ReanalysisFingerprintTests.Build_SetsComputedAtFromTimeProvider",
"ObservationDecayTests.IsStale_Should_DetectStaleObservations",
"ObservationDecayTests.CalculateDecay_Should_ApplyHalfLifeFormula",
"UnknownRankerTests.ComputeUncertainty_ConflictingSources_Adds020",
"UnknownRankerTests.ComputeUncertainty_StaleAdvisory_Adds010",
"DeterminizationGateIntegrationTests (stale signal detection, reanalysis triggering)"
],
"behaviorVerified": [
"K4Lattice: K4Value.Conflict (value=3) when True join False occurs via K4Lattice.Join()",
"K4Lattice: full 4-valued algebra (Unknown/True/False/Conflict) with Join, Meet, Negate, LessOrEqual, FromSupport",
"K4Lattice: conflict detection routes to grey queue via K4Value.Conflict state",
"ClaimScoreMerger: deterministic merge ordering (OrderByDescending AdjustedScore, ThenByDescending ScopeSpecificity, ThenByDescending OriginalScore, ThenBy SourceId)",
"ConflictPenalizer: applies 0.25 penalty to claims disagreeing with strongest claim",
"ClaimScoreMerger: RequiresReplayProof flag set when HasConflicts=true AND policy.RequireReplayProofOnConflict=true",
"ClaimScoreMerger: ConflictRecord entries created for all claims with status != winning status",
"ReanalysisFingerprintBuilder: content-addressed fingerprint ID (sha256:) computed from canonical JSON of evidence digests, tool versions, policy config hash, signal weights hash",
"ReanalysisFingerprint: deterministic - sorted evidence digests, sorted tool versions (SortedDictionary), sorted triggers, deduped digests/actions",
"ReanalysisFingerprint: different inputs produce different sha256 fingerprint IDs",
"ReanalysisTrigger: versioned signal events with EventType, EventVersion, Source, ReceivedAt, CorrelationId",
"UnknownRanker: conflicting sources adds +0.20 to uncertainty score (VexConflict reason code)",
"UnknownRanker: stale evidence adds +0.10 to uncertainty score",
"ObservationDecay.CheckIsStale(now): triggers reanalysis when decay below StalenessThreshold (0.50)",
"DeterminizationGate: gates using DecayedConfidenceCalculator for stale signal detection",
"ConflictDetector: signal conflict detection in determinization pipeline"
],
"assertionTypes": [
"equality",
"boolean",
"hash-equality",
"collection-ordering",
"determinism",
"content-addressed",
"FsCheck-property"
],
"newTestsWritten": [],
"bugsFixed": [],
"rawOutput": "Policy.Tests (filtered K4|Claim|Conflict|Trust|Lattice): Passed! - Failed: 0, Passed: 781, Skipped: 0, Total: 781, Duration: 3s 195ms. Determinization.Tests: Passed! - Failed: 0, Passed: 438, Skipped: 0, Total: 438, Duration: 1s 181ms. Unknowns.Tests: Passed! - Failed: 0, Passed: 59, Skipped: 0, Total: 59, Duration: 533ms. Source files verified: K4Lattice.cs (214 lines, Belnap 4-valued logic with K4Value.Conflict=3), ClaimScoreMerger.cs (168 lines, deterministic merge with conflict penalty 0.25 + RequiresReplayProof), ConflictPenalizer.cs (37 lines, 0.25 penalty to disagreeing claims), TrustLatticeEngine.cs (pipeline for VEX normalization + claim ingestion + conflict flagging), ReanalysisFingerprint.cs (297 lines, content-addressed sha256: fingerprint with builder pattern), ReanalysisFingerprintBuilder (sorted digests/versions/triggers/actions for determinism), ObservationDecay.cs (123 lines, CheckIsStale trigger), ConflictDetector.cs, UnknownRanker.cs (+0.20 VexConflict, +0.10 stale evidence).",
"verdict": "pass"
}

1
docs/qa/feature-checks/runs/policy/unknowns-ranking-algorithm/run-002/tier2-integration-check.json Normal file
View File

@@ -0,0 +1 @@
{"type":"integration","capturedAtUtc":"2026-02-13T07:42:00Z","testCommand":"dotnet test src/Policy/__Tests/StellaOps.Policy.Unknowns.Tests/StellaOps.Policy.Unknowns.Tests.csproj --no-restore -v normal","testFilter":"UnknownRankerTests","testsRun":59,"testsPassed":59,"testsFailed":0,"targetedTestMethods":["Rank_SameInput_ReturnsSameResult","Rank_MultipleExecutions_ProducesIdenticalScores","ComputeUncertainty_MissingVex_Adds040","ComputeUncertainty_MissingReachability_Adds030","ComputeUncertainty_ConflictingSources_Adds020","ComputeUncertainty_StaleAdvisory_Adds010","ComputeUncertainty_AllFactors_SumsTo100","ComputeUncertainty_NoFactors_ReturnsZero","ComputeExploitPressure_InKev_Adds050","ComputeExploitPressure_HighEpss_Adds030","ComputeExploitPressure_MediumEpss_Adds015","ComputeExploitPressure_CriticalCvss_Adds005","ComputeExploitPressure_AllFactors_SumsCorrectly","ComputeExploitPressure_EpssThresholds_AreMutuallyExclusive","Rank_Formula_AppliesCorrectWeights","Rank_MaximumScore_Is100","Rank_MinimumScore_IsZero","Rank_AnalyzerUnsupported_AssignsAnalyzerLimit","Rank_MissingReachability_AssignsReachability","Rank_MissingDigest_AssignsIdentity","ComputeDecay_NullLastEvaluated_Returns100Percent","ComputeDecay_AgeBuckets_ReturnsCorrectMultiplier","Rank_WithDecay_AppliesMultiplierToScore","Rank_DecayDisabled_ReturnsFullScore","Rank_Decay_Determinism_SameInputSameOutput","ComputeContainmentReduction_NullInputs_ReturnsZero","ComputeContainmentReduction_IsolatedPackage_Returns15Percent","ComputeContainmentReduction_AllContainmentFactors_CapsAt40Percent","Rank_WithContainment_AppliesReductionToScore","Rank_ContainmentDisabled_NoReduction","Rank_ScoreAbove75_AssignsHotBand","Rank_ScoreBetween50And75_AssignsWarmBand","Rank_ScoreBetween25And50_AssignsColdBand","Rank_ScoreBelow25_AssignsResolvedBand"],"behaviorVerified":["Two-factor scoring formula: Score = (Uncertainty * 50) + (ExploitPressure * 50)","Uncertainty factors: Missing VEX (+0.40), Missing reachability (+0.30), Conflicting sources (+0.20), Stale advisory (+0.10)","Exploit pressure factors: KEV (+0.50), EPSS>=0.90 (+0.30), EPSS>=0.50 (+0.15), CVSS>=9.0 (+0.05)","EPSS thresholds are mutually exclusive","Uncertainty and pressure capped at 1.0","Band assignment: Hot>=75, Warm>=50, Cold>=25, Negligible<25","Time decay with basis-point buckets: 7d=100%, 30d=90%, 90d=75%, 180d=60%, 365d=40%, >365d=20%","Containment reduction: Isolated=15%, NotNetFacing=5%, NonRoot=5%, Seccomp=10%, FsRO=10%, NetworkIsolated=5%","Max containment reduction capped at 40%","Reason codes: AnalyzerLimit, Reachability, Identity, Provenance, VexConflict, FeedGap, ConfigUnknown","Deterministic ranking: same inputs always produce same score and band","BlastRadius model with Dependents, NetFacing, Privilege fields"],"assertionTypes":["exact-value","range","equality","determinism","band-assignment","reason-code"],"newTestsWritten":[],"bugsFixed":[],"rawOutput":"Passed! - Failed: 0, Passed: 59, Skipped: 0, Total: 59, Duration: 430ms - StellaOps.Policy.Unknowns.Tests.dll (net10.0|x64)","verdict":"pass"}

1
docs/qa/feature-checks/runs/policy/verdict-explainability-rationale-renderer/run-002/tier2-integration-check.json Normal file
View File

@@ -0,0 +1 @@
{"type":"integration","capturedAtUtc":"2026-02-13T07:42:00Z","testCommand":"dotnet test src/Policy/__Tests/StellaOps.Policy.Explainability.Tests/StellaOps.Policy.Explainability.Tests.csproj --no-restore -v normal","testFilter":"VerdictRationaleRendererTests","testsRun":35,"testsPassed":35,"testsFailed":0,"targetedTestMethods":["Render_Should_CreateCompleteRationale","Render_Should_BeContentAddressed","RenderPlainText_Should_ProduceFourLineFormat","RenderMarkdown_Should_IncludeHeaders","RenderJson_Should_ProduceValidJson","Evidence_Should_IncludeReachabilityDetails","Evidence_Should_HandleMissingReachability","Attestations_Should_HandleNoAttestations","Decision_Should_IncludeMitigation"],"behaviorVerified":["VerdictRationaleRenderer sealed class implements IVerdictRationaleRenderer","Render produces structured 4-line rationale (Evidence, PolicyClause, Attestations, Decision)","Content-addressed RationaleId: rat:sha256:{hash} computed from SHA256 of canonical JSON (RFC 8785)","RenderPlainText produces 4-line plain text output","RenderMarkdown produces Markdown with ## and ### headers","RenderJson produces canonical JSON via CanonJson.Serialize","Evidence rendering: CVE ID, component PURL/name/version, reachability details","Policy clause rendering: ClauseId, RuleDescription, Conditions","Attestation rendering: path witness, VEX statements, provenance references","No attestations fallback: 'No attestations available.'","Decision rendering: verdict, score, recommendation, mitigation","Content-addressed determinism: same input produces same RationaleId","SchemaVersion 1.0 model with VerdictRef and InputDigests"],"assertionTypes":["content-contains","content-addressed-id","format-validation","equality","determinism","4-line-template"],"newTestsWritten":[],"bugsFixed":[],"rawOutput":"Passed! - Failed: 0, Passed: 35, Skipped: 0, Total: 35, Duration: 405ms - StellaOps.Policy.Explainability.Tests.dll (net10.0|x64)","verdict":"pass"}

1
docs/qa/feature-checks/runs/policy/versioned-weight-manifests/run-002/tier2-integration-check.json Normal file
View File

@@ -0,0 +1 @@
{"type":"integration","capturedAtUtc":"2026-02-13T07:42:00Z","testCommand":"dotnet test src/Policy/__Tests/StellaOps.Policy.Determinization.Tests/StellaOps.Policy.Determinization.Tests.csproj --no-restore -v normal","testFilter":"WeightManifestLoaderTests|WeightManifestHashComputerTests|WeightManifestCommandsTests|SignalWeights|ScoringRulesSnapshot","testsRun":438,"testsPassed":438,"testsFailed":0,"targetedTestMethods":["ListAsync_EmptyDirectory_ReturnsEmpty","ListAsync_DiscoversSingleManifest","ListAsync_MultipleManifests_SortedByEffectiveFromDescending","ListAsync_SkipsInvalidFiles","ListAsync_NonexistentDirectory_ReturnsEmpty","LoadAsync_ValidFile_ReturnsLoadResult","LoadAsync_WithComputedHash_VerifiesCorrectly","LoadAsync_NonexistentFile_Throws","LoadAsync_InvalidJson_Throws","LoadAsync_StrictMode_HashMismatch_Throws","SelectEffectiveAsync_NoManifests_ReturnsNull","SelectEffectiveAsync_SelectsMostRecentEffective","SelectEffectiveAsync_DateBeforeAll_ReturnsNull","SelectEffectiveAsync_ExactDate_Matches","Validate_ValidManifest_NoIssues","Validate_UnsupportedSchema_ReportsIssue","Validate_UnnormalizedLegacyWeights_ReportsIssue","Validate_RequireComputedHash_AutoPlaceholder_ReportsIssue","Diff_IdenticalManifests_NoDifferences","Diff_DifferentVersions_ShowsDifference","Diff_DifferentWeights_ShowsDifferences","Diff_AddedWeight_ShowsAsNewField","HasComputedHash_AutoPlaceholder_ReturnsFalse","HasComputedHash_RealHash_ReturnsTrue"],"behaviorVerified":["WeightManifestLoader discovers manifests in directory sorted by effectiveFrom descending","Manifest schema validation (schemaVersion 1.0.0)","ContentHash auto-placeholder detection and real hash verification","Strict hash verification mode rejects mismatches","EffectiveFrom date-based manifest selection (most recent effective at reference date)","Manifest diff computation: version, weight changes, added/removed fields","Legacy weight sum validation","Invalid JSON skipped gracefully","SignalWeights record matches signalWeightsForEntropy from manifest","ScoringRulesSnapshot content-addressed with SHA256 digest and builder pattern","ScorePolicyLoader YAML loading with version and weight sum validation","ScorePolicyValidator JSON Schema validation","WeightManifestHashComputer replaces sha256:auto with computed hash"],"assertionTypes":["exact-value","exception-thrown","null-check","collection-count","string-contains","hash-verification","diff-comparison"],"newTestsWritten":[],"bugsFixed":[],"rawOutput":"Passed! - Failed: 0, Passed: 438, Skipped: 0, Total: 438, Duration: 1s 268ms - StellaOps.Policy.Determinization.Tests.dll (net10.0|x64)","verdict":"pass"}

1
docs/qa/feature-checks/runs/policy/vex-decisioning-engine/run-002/tier2-integration-check.json Normal file
View File

@@ -0,0 +1 @@
{"type":"integration","capturedAtUtc":"2026-02-13T07:42:00Z","testCommand":"dotnet test src/Policy/__Tests/StellaOps.Policy.Tests/StellaOps.Policy.Tests.csproj --no-restore -v normal; dotnet test src/Policy/__Tests/StellaOps.Policy.Engine.Tests/StellaOps.Policy.Engine.Tests.csproj --no-restore -v normal","testFilter":"TrustLatticeEngineIntegrationTests|K4LatticeTests|ClaimScoreMergerTests|ClaimScoreMergerPropertyTests|VexTrustGateTests|PolicyGateEvaluatorTests","testsRun":2059,"testsPassed":2059,"testsFailed":0,"targetedTestMethods":["VendorVsScannerConflict_DetectsConflict","VendorVsScannerConflict_ProofBundleCapturesEvidence","AllSourcesAgree_Exploitable_Disposition","Fixed_Overrides_Exploitability","Misattributed_Produces_FalsePositive","NotReachable_Produces_NotAffected","Mitigated_Produces_NotAffected","InsufficientData_Produces_InTriage","DecisionTrace_ContainsAllEvaluatedRules","DecisionTrace_FirstMatchWins","MultipleSubjects_EvaluatesAll","ProofBundle_ContentAddressable","Stats_ReflectStoreState","Clear_ResetsEngine","Merge_SelectsHighestScore","Merge_AppliesConflictPenalty","Merge_IsDeterministic"],"behaviorVerified":["TrustLatticeEngine orchestrates full VEX decisioning pipeline","K4 Belnap four-valued logic: Unknown=0, True=1, False=2, Conflict=3","K4 Join (consensus): T join F = Conflict; commutative, idempotent","K4 Meet (agreement): T meet F = Unknown","K4 FromSupport maps evidence to K4 value","Three VEX format normalizers: CycloneDX, OpenVEX, CSAF","Fluent ClaimBuilder: Present, Applies, Reachable, Mitigated, Fixed, Misattributed","Vendor vs Scanner conflict detection with K4 Conflict disposition","Disposition selection: Exploitable, NotAffected, FalsePositive, ResolvedWithPedigree, InTriage","ClaimScoreMerger deterministic merging with conflict penalization (0.25 penalty)","MergePolicy: ConflictPenalty, PreferSpecificity, RequireReplayProofOnConflict","Proof bundle generation with claims, atom tables, and decisions","Proof bundle content-addressable (same inputs produce same ID)","VexTrustGate gates policy decisions based on trust scores with per-environment thresholds","PolicyGateEvaluator VEX Trust gate as 3rd in 5-gate pipeline","Decision trace with rule names and first-match-wins ordering","Multi-subject evaluation with individual dispositions","Statistics: SubjectCount, ClaimCount, ConflictCount, IncompleteCount"],"assertionTypes":["exact-value","equality","determinism","conflict-detection","disposition-mapping","proof-bundle","content-addressable","collection-count","k4-lattice-operations"],"newTestsWritten":[],"bugsFixed":[],"rawOutput":"StellaOps.Policy.Tests: Passed! - Failed: 0, Passed: 781, Skipped: 0, Total: 781, Duration: 3s 489ms; StellaOps.Policy.Engine.Tests: Passed! - Failed: 0, Passed: 1278, Skipped: 0, Total: 1278, Duration: 6s 720ms","verdict":"pass"}

1
docs/qa/feature-checks/runs/policy/vex-format-normalization/run-002/tier2-integration-check.json Normal file
View File

@@ -0,0 +1 @@
{"type":"integration","capturedAtUtc":"2026-02-13T07:42:00Z","testCommand":"dotnet test src/Policy/__Tests/StellaOps.Policy.Tests/StellaOps.Policy.Tests.csproj --no-restore -v normal","testFilter":"VexNormalizer|K4Lattice|TrustLatticeEngine","testsRun":781,"testsPassed":781,"testsFailed":0,"targetedTestMethods":["CycloneDx_Affected_SetsPresent_And_Applies_True","CycloneDx_NotAffected_SetsApplies_False","CycloneDx_Fixed_SetsFixed_True","CycloneDx_FixAvailable_SetsFixed_False","CycloneDx_InTriage_ProducesNoAssertions","CycloneDx_CodeNotPresent_SetsPresent_False","CycloneDx_CodeNotReachable_SetsReachable_False","CycloneDx_ProtectedByMitigatingControl_SetsMitigated_True","CycloneDx_WithDetail_IncludesDetailInJustification","OpenVex_Affected_SetsPresent_And_Applies_True","OpenVex_NotAffected_SetsApplies_False","OpenVex_Fixed_SetsFixed_True","OpenVex_UnderInvestigation_ProducesNoAssertions","OpenVex_VulnerableCodeNotInExecutePath_SetsReachable_False","OpenVex_ComponentNotPresent_SetsPresent_False","OpenVex_WithActionAndImpact_IncludesInJustification","Csaf_KnownAffected_SetsPresent_And_Applies_True","Csaf_KnownNotAffected_SetsApplies_False","Csaf_Fixed_SetsFixed_True","Csaf_UnderInvestigation_ProducesNoAssertions","Csaf_VulnerableCodeNotInExecutePath_SetsReachable_False","Csaf_ComponentNotPresent_SetsPresent_False","CycloneDxNormalizer_Format_IsCorrect","OpenVexNormalizer_Format_IsCorrect","CsafNormalizer_Format_IsCorrect"],"behaviorVerified":["CycloneDX VEX status normalization to K4 atoms (affected, not_affected, fixed, fix_available, in_triage)","CycloneDX justification mapping (code_not_present, code_not_reachable, protected_by_mitigating_control)","OpenVEX status normalization (affected, not_affected, fixed, under_investigation)","OpenVEX justification mapping (component_not_present, vulnerable_code_not_in_execute_path)","CSAF product status normalization (known_affected, known_not_affected, fixed, under_investigation)","CSAF flag label mapping (component_not_present, vulnerable_code_not_in_execute_path)","Format-specific metadata preserved in claim provenance/justification","All 3 normalizers registered in TrustLatticeEngine constructor","IVexNormalizer interface with Format property and Normalize method","NormalizeStatement pre-parsed API for each normalizer"],"assertionTypes":["Assert.Contains","Assert.Empty","Assert.Equal"],"newTestsWritten":[],"bugsFixed":[],"rawOutput":"Passed! - Failed: 0, Passed: 781, Skipped: 0, Total: 781, Duration: 3s 865ms","verdict":"pass"}

1
docs/qa/feature-checks/runs/policy/vex-status-promotion-gate/run-002/tier2-integration-check.json Normal file
View File

@@ -0,0 +1 @@
{"type":"integration","capturedAtUtc":"2026-02-13T07:42:00Z","testCommand":"dotnet test src/Policy/__Tests/StellaOps.Policy.Engine.Tests/StellaOps.Policy.Engine.Tests.csproj --no-restore -v normal","testFilter":"VexTrustGate|PolicyGateEvaluator","testsRun":1278,"testsPassed":1278,"testsFailed":0,"targetedTestMethods":["EvaluateAsync_Production_HighTrust_Allows","EvaluateAsync_Production_LowTrust_Blocks","EvaluateAsync_Production_UnverifiedSignature_Blocks","EvaluateAsync_Production_StaleFreshness_Blocks","EvaluateAsync_Staging_MediumTrust_Allows","EvaluateAsync_Staging_LowTrust_Warns","EvaluateAsync_Development_LowTrust_Allows","EvaluateAsync_MissingTrustData_RespectsConfiguredBehavior(Allow)","EvaluateAsync_MissingTrustData_RespectsConfiguredBehavior(Warn)","EvaluateAsync_MissingTrustData_RespectsConfiguredBehavior(Block)","EvaluateAsync_StatusNotInApplyList_ReturnsAllow","EvaluateAsync_UnknownEnvironment_UsesDefaultThresholds","EvaluateAsync_ComputesTrustTierCorrectly(VeryHigh,High,Medium,Low,VeryLow)"],"behaviorVerified":["Production environment blocks promotion when trust score < 0.80","Production environment blocks when issuer signature not verified","Production environment blocks when freshness is stale (only fresh acceptable)","Staging environment allows trust score >= 0.60 with stale freshness","Staging environment warns when trust score below threshold (FailureAction=Warn)","Development environment allows low trust score >= 0.40 with unverified issuer","Per-environment trust thresholds correctly applied","MissingTrustBehavior=Block blocks when no VEX data present","MissingTrustBehavior=Warn warns when no VEX data present","MissingTrustBehavior=Allow passes when no VEX data present","VEX trust gate integrated as 3rd gate in PolicyGateEvaluator pipeline","Descriptive gate result messages identify which threshold failed"],"assertionTypes":["Assert.Equal","Assert.Contains","Assert.NotNull","Assert.True","Assert.NotEqual","Assert.StartsWith"],"newTestsWritten":[],"bugsFixed":[],"rawOutput":"Passed! - Failed: 0, Passed: 1278, Skipped: 0, Total: 1278, Duration: 8s 627ms","verdict":"pass"}

1
docs/qa/feature-checks/runs/policy/vex-trust-lattice-with-provenance-coverage-replayability-scoring/run-002/tier2-integration-check.json Normal file
View File

@@ -0,0 +1 @@
{"type":"integration","capturedAtUtc":"2026-02-13T07:42:00Z","testCommand":"dotnet test src/Policy/__Tests/StellaOps.Policy.Tests/StellaOps.Policy.Tests.csproj --no-restore -v normal","testFilter":"K4Lattice|ClaimScoreMerger|TrustLatticeEngine","testsRun":781,"testsPassed":781,"testsFailed":0,"targetedTestMethods":["Join_TrueWithFalse_ReturnsConflict","Meet_TrueWithFalse_ReturnsUnknown","Join_UnknownWithAny_ReturnsOther","Meet_UnknownWithAny_ReturnsUnknown","Join_ConflictWithAny_ReturnsConflict","Meet_ConflictWithAny_ReturnsOther","Join_IsCommutative","Join_IsAssociative","Meet_IsCommutative","LessOrEqual_TrueAndFalseIncomparable","FromSupport_BothSupports_ReturnsConflict","Negate_True_ReturnsFalse","Merge_SelectsHighestScore","Merge_AppliesConflictPenalty","Merge_IsDeterministic","VendorVsScannerConflict_DetectsConflict","ClaimBuilder_FluentApi_IngestsAndEvaluates"],"behaviorVerified":["K4 four-valued lattice algebra: Join(True,False)=Conflict","K4 four-valued lattice algebra: Meet(True,False)=Unknown","K4 lattice ordering: T and F are incomparable","K4 FromSupport maps evidence presence to K4 values","ClaimScoreMerger selects highest-scored claim as winner","ConflictPenalizer applies 0.25 penalty to conflicting claims","PreferSpecificity: higher specificity claims preferred in tie-breaking","RequiresReplayProof flag set on conflicting merges","Deterministic merge: 1000 iterations produce same result","P/C/R scoring model integrated via ClaimScoreResult","TrustLatticeEngine pipeline: VEX normalization -> claim ingestion -> K4 evaluation -> disposition -> proof bundle","Trust labels derived from AssuranceLevel, FreshnessClass, EvidenceClass via TrustLabel.ComputeScore()","Vendor vs scanner conflict scenario detected correctly in integration test"],"assertionTypes":["Assert.Equal","Assert.True","Assert.False","FluentAssertions.Should().Be()","FluentAssertions.Should().BeTrue()","FluentAssertions.Should().HaveCount()"],"newTestsWritten":[],"bugsFixed":[],"rawOutput":"Passed! - Failed: 0, Passed: 781, Skipped: 0, Total: 781, Duration: 3s 865ms","verdict":"pass"}

1
docs/qa/feature-checks/runs/policy/vextrustgate-policy-integration/run-002/tier2-integration-check.json Normal file
View File

@@ -0,0 +1 @@
{"type":"integration","capturedAtUtc":"2026-02-13T07:42:00Z","testCommand":"dotnet test src/Policy/__Tests/StellaOps.Policy.Engine.Tests/StellaOps.Policy.Engine.Tests.csproj --no-restore -v normal","testFilter":"VexTrustGate|PolicyGateEvaluator","testsRun":1278,"testsPassed":1278,"testsFailed":0,"targetedTestMethods":["EvaluateAsync_WhenDisabled_ReturnsAllow","EvaluateAsync_StatusNotInApplyList_ReturnsAllow","EvaluateAsync_StatusInApplyList_Evaluates(not_affected,fixed,NOT_AFFECTED)","EvaluateAsync_MissingTrustData_RespectsConfiguredBehavior(Allow,Warn,Block)","EvaluateAsync_Production_HighTrust_Allows","EvaluateAsync_Production_LowTrust_Blocks","EvaluateAsync_Production_UnverifiedSignature_Blocks","EvaluateAsync_Production_StaleFreshness_Blocks","EvaluateAsync_Staging_MediumTrust_Allows","EvaluateAsync_Staging_LowTrust_Warns","EvaluateAsync_Development_LowTrust_Allows","EvaluateAsync_ComputesTrustTierCorrectly","EvaluateAsync_PopulatesAllChecks","EvaluateAsync_AccuracyCheck_IncludedWhenThresholdSet","EvaluateAsync_UnknownEnvironment_UsesDefaultThresholds","EvaluateAsync_GeneratesProperGateId"],"behaviorVerified":["VexTrustGate implements IVexTrustGate interface with EvaluateAsync","VexTrustGate is 3rd gate (order 250) in PolicyGateEvaluator 5-gate pipeline","Gate disabled (Enabled=false) returns Allow with gate_disabled reason","Gate skips non-applicable statuses (under_investigation not in ApplyToStatuses)","Gate evaluates composite score, issuer verification, freshness, accuracy rate checks","Per-environment thresholds: production=0.80/Block, staging=0.60/Warn, development=0.40/Warn","MissingTrustBehavior enum: Allow/Warn/Block controls missing VEX data handling","TenantOverrides dictionary available for tenant-specific thresholds","VexTrustGateMetrics emits OpenTelemetry metrics: evaluations.total, decisions.total, trust_score, evaluation_duration_ms","VexTrustGateOptions config section Policy:Gates:VexTrust with full per-environment thresholds","Trust tier computation: VeryHigh(>=0.9), High(>=0.7), Medium(>=0.5), Low(>=0.3), VeryLow(<0.3)","Suggestion messages generated for failed checks"],"assertionTypes":["Assert.Equal","Assert.Contains","Assert.NotNull","Assert.True","Assert.NotEqual","Assert.StartsWith"],"newTestsWritten":[],"bugsFixed":[],"rawOutput":"Passed! - Failed: 0, Passed: 1278, Skipped: 0, Total: 1278, Duration: 8s 627ms","verdict":"pass"}