# Risk Overview (draft outline)

> Draft scaffold only. Populate content after PLLG0104 risk profile schema approval and risk engine/API samples land. Keep all fixtures deterministic (UTC timestamps, stable ordering, sealed sample payloads) and avoid external assets.

## Purpose
- Explain the risk model at a glance: factors, formulas, scoring semantics (0–100), and severity bands.
- Show how risk flows through StellaOps services (ingest → evaluate → explain → export) and how provenance is preserved.

## Scope & Audience
- Audience: policy authors, risk engineers, auditors, and SREs consuming risk outputs.
- In scope: concepts, glossary, lifecycle, artifacts, cross-module data flow diagrams (add after schema approval).
- Out of scope: detailed factor math (goes to `formulas.md`), API specifics (goes to `api.md`).

## Core Concepts (to fill)
- Risk factor vs. evidence vs. signal
- Profile vs. formula vs. severity mapping
- Provenance and attestations
- Explainability payloads and UI/CLI displays
- Determinism expectations (ordering, timestamps, hashing)

Interim notes (from legacy doc and sprint context): profiles take normalized factors (exploit likelihood, VEX status, reachability, runtime evidence, fix availability, asset criticality, provenance trust) and output 0–100 scores with severity buckets; same code path for simulation and production to ensure determinism.

## Lifecycle (outline)
1. Evidence ingestion (signals, VEX, reachability, runtime)
2. Factor normalization
3. Profile evaluation
4. Severity assignment + gating
5. Explainability + observability
6. Export/archival paths

## Artifacts & Schemas (pending)
- Risk profile schema: `<pending PLLG0104>`
- Risk factor catalog: shared shapes reused by `factors.md`
- Explainability envelope: shared with UI/CLI; add JSON examples once provided.

## Determinism & Offline Posture
- Use frozen fixture sets with SHA256 tables.
- Document regeneration steps (no live network calls) once payloads arrive.

## Open Items
- PLLG0104 schema approval
- Risk engine API payload samples
- UI telemetry captures for explainability walkthroughs

## References (to link once available)
- `docs/risk/profiles.md`
- `docs/risk/factors.md`
- `docs/risk/formulas.md`
- `docs/risk/api.md`