# Smart-Diff Semantic Risk Delta (Moat Score 4)

## Module
Policy

## Status
IMPLEMENTED

## Description
Material risk change detection with delta verdict computation, security state delta analysis, and delta computing.

## Implementation Details
- **WhatIfSimulationService**: `src/Policy/StellaOps.Policy.Engine/WhatIfSimulation/WhatIfSimulationService.cs`
  - `SimulateAsync()` computes semantic risk delta between baseline and target
  - SBOM diff operations: add, remove, upgrade, downgrade with advisory/VEX/reachability context
  - Decision change types: status_changed, severity_changed, new, removed
  - Impact summary: risk delta (increased/decreased/unchanged), material risk indicators
  - Recommendations based on delta analysis
- **ConsoleSimulationDiffService**: `src/Policy/StellaOps.Policy.Engine/Console/ConsoleSimulationDiffService.cs`
  - Schema version: console-policy-23-001
  - Deterministic before/after severity breakdowns
  - Rule impact analysis: identifies which policy rules drive the risk delta
  - Explain samples for delta reasoning
- **DriftGateEvaluator**: `src/Policy/StellaOps.Policy.Engine/Gates/DriftGateEvaluator.cs`
  - SBOM drift detection as a semantic risk signal
  - Component addition/removal/version change tracking
- **CounterfactualEngine**: `src/Policy/__Libraries/StellaOps.Policy/Counterfactuals/CounterfactualEngine.cs`
  - Computes "what would fix this" paths: VEX, Exception, Reachability, VersionUpgrade, CompensatingControl
  - Effort ratings per path: Critical=5, High=4, Medium=3, Low=2
- **RiskSimulationService**: `src/Policy/StellaOps.Policy.Engine/Simulation/RiskSimulationService.cs`
  - Signal-based risk scoring with distribution and top movers
  - `CompareProfilesWithBreakdown()` for before/after profile delta

## E2E Test Plan
- [ ] Simulate adding component with known critical CVE; verify risk delta shows "increased" with new critical finding
- [ ] Simulate upgrading component that fixes CVE; verify risk delta shows "decreased" with removed finding
- [ ] Simulate no changes; verify risk delta shows "unchanged"
- [ ] Verify severity_changed detection: finding changes from High to Critical
- [ ] Verify new detection: component addition introduces new findings
- [ ] Verify removed detection: component removal clears associated findings
- [ ] Verify CounterfactualEngine computes fix paths for blocked findings in delta
- [ ] Verify console diff output includes rule impact analysis
- [ ] Verify deterministic output: same baseline + target always produces same delta
- [ ] Verify DriftGateEvaluator integrates semantic drift into gate evaluation