stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

DET-004: Refactor Policy library for determinism - Gates, Snapshots, TrustLattice, Scoring, Explanation

Browse Source 
- VexProofGate: Inject TimeProvider for proof age validation
- SnapshotBuilder: Inject TimeProvider for WithVex/WithSbom/WithReachability/Build
- CsafVexNormalizer, OpenVexNormalizer, VexNormalizers: Add optional issuedAt parameter
- TrustLatticeEngine.ClaimBuilder: Add optional issuedAt parameter to Build
- PolicyBundle: Add asOf parameter to IsTrusted and GetMaxAssurance
- ProofLedger: Add createdAtUtc parameter to ToJson
- ScoreAttestationBuilder: Add scoredAt parameter to Create
- ScoringRulesSnapshotBuilder: Add createdAt parameter to Create
- TrustSourceWeightService: Inject TimeProvider for stale data calculation
- PolicyExplanation.Create: Add evaluatedAt parameter
- PolicyExplanationRecord.FromExplanation: Add recordId and evaluatedAt parameters
- PolicyPreviewService: Inject TimeProvider for snapshot creation
- PolicySnapshotStore: Inject IGuidProvider for audit entry ID generation
This commit is contained in:
StellaOps Bot
2026-01-04 13:33:21 +02:00
parent ae78af4692
commit f5f12acbf0
14 changed files with 91 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/Policy/__Libraries/StellaOps.Policy/Gates/VexProofGate.cs
View File

@@ -104,6 +104,7 @@ public sealed record VexProofGateContext
public sealed class VexProofGate : IPolicyGate
{
private readonly VexProofGateOptions _options;
private readonly TimeProvider _timeProvider;
// Confidence tier ordering for comparison
private static readonly IReadOnlyDictionary<string, int> ConfidenceTierOrder =
@@ -114,9 +115,10 @@ public sealed class VexProofGate : IPolicyGate
["high"] = 3,
};
public VexProofGate(VexProofGateOptions? options = null)
public VexProofGate(VexProofGateOptions? options = null, TimeProvider? timeProvider = null)
{
_options = options ?? new VexProofGateOptions();
_timeProvider = timeProvider ?? TimeProvider.System;
}
public Task<GateResult> EvaluateAsync(
@@ -207,7 +209,7 @@ public sealed class VexProofGate : IPolicyGate
// Validate proof age
if (_options.MaxProofAgeHours >= 0 && proofContext.ProofComputedAt.HasValue)
{
var proofAge = DateTimeOffset.UtcNow - proofContext.ProofComputedAt.Value;
var proofAge = _timeProvider.GetUtcNow() - proofContext.ProofComputedAt.Value;
details["proofAgeHours"] = proofAge.TotalHours;
details["maxProofAgeHours"] = _options.MaxProofAgeHours;