# Graph Overlay System (Policy, VEX, Reachability) ## Module Graph ## Status VERIFIED ## Description Overlay system with exporter, in-memory overlay service, and tests for layering policy/VEX/reachability data onto dependency graphs. ## Implementation Details - **Overlay service interface**: `src/Graph/StellaOps.Graph.Api/Services/IOverlayService.cs` -- overlay query contract - **In-memory overlay service**: `src/Graph/StellaOps.Graph.Api/Services/InMemoryOverlayService.cs` -- in-memory overlay implementation for testing - **Overlay exporter**: `src/Graph/StellaOps.Graph.Indexer/Analytics/GraphOverlayExporter.cs` -- exports analytics results as overlay layers - **Policy overlay processor**: `src/Graph/StellaOps.Graph.Indexer/Ingestion/Policy/PolicyOverlayProcessor.cs` -- ingests policy decisions as graph overlays - **Policy overlay transformer**: `src/Graph/StellaOps.Graph.Indexer/Ingestion/Policy/PolicyOverlayTransformer.cs` -- transforms policy data for graph overlay - **Policy overlay snapshot**: `src/Graph/StellaOps.Graph.Indexer/Ingestion/Policy/PolicyOverlaySnapshot.cs` -- policy overlay state - **Policy overlay metrics**: `src/Graph/StellaOps.Graph.Indexer/Ingestion/Policy/PolicyOverlayMetrics.cs`, `IPolicyOverlayMetrics.cs` -- overlay processing metrics - **VEX overlay**: `src/Graph/StellaOps.Graph.Indexer/Ingestion/Vex/VexOverlayTransformer.cs`, `VexOverlaySnapshot.cs` -- VEX verdict overlays on graph - **Reachability delta**: `src/Graph/StellaOps.Graph.Api/Services/IReachabilityDeltaService.cs`, `InMemoryReachabilityDeltaService.cs` -- reachability annotation overlays - **Tests**: `src/Graph/__Tests/StellaOps.Graph.Indexer.Tests/GraphOverlayExporterTests.cs` - **Metrics tests**: `src/Graph/__Tests/StellaOps.Graph.Api.Tests/MetricsTests.cs` -- overlay cache counter verification - **Source**: Feature matrix scan ## E2E Test Plan - [x] Verify policy overlay renders policy decisions on graph nodes - [x] Test VEX overlay annotates graph with VEX verdict data - [x] Verify reachability overlay shows reachability status per edge - [x] Test overlay exporter generates valid overlay from analytics results - [x] Verify overlay stacking (multiple overlays on same graph) ## Verification - **Run ID**: run-002 - **Date**: 2026-02-09T21:43:00Z - **Tier**: 1 (Source + Build + Test) - **Result**: PASS - **Evidence**: 52/52 Graph.Api.Tests pass (including MetricsTests 2/2 pass for overlay cache counters). 108/108 non-persistence tests pass across all Graph test projects. 17 Persistence tests skipped (require Docker/PostgreSQL -- environment limitation, not a regression). - **Notes**: Required 1 retry cycle. Initial failure due to MeterListener cross-contamination in MetricsTests -- name-based meter filtering picked up instruments from other tests' undisposed GraphMetrics instances. Fixed in run-002 by switching to instance-based meter filtering and adding `using` statements to GraphMetrics instances in QueryServiceTests. ### Tier 2 Recheck (API Behavior) - **Run ID**: run-003 - **Date**: 2026-02-10T11:47:30Z - **Tier**: 2 (End-to-end API verification) - **Result**: PASS - **Evidence**: Added API integration coverage (`QueryOverlayEndpointsIntegrationTests`) and revalidated live `/graph/query` behavior with overlays enabled. Verified overlays on all returned node tiles and single explain-trace sampling per response. Artifact: `docs/qa/feature-checks/runs/graph/graph-overlay-system/run-003/tier2-api-check.json`. ## Recheck (Run-005) - **Verified**: 2026-02-10 - **Method**: Tier 2a API replay validated via Graph.Api integration suite. - **Tests**: PASS (`src/Graph/__Tests/StellaOps.Graph.Api.Tests`: 66/66). - **Tier 2 Evidence**: `docs/qa/feature-checks/runs/graph/graph-overlay-system/run-005/tier2-api-check.json` - **Outcome**: Overlay/query API behavior remains healthy with runtime data-path coverage. ## Recheck (Run-006) - **Verified**: 2026-02-10 - **Method**: Tier 2 replay validated via Graph API/indexer suites. - **Tests**: PASS (src/Graph/__Tests/StellaOps.Graph.Api.Tests: 66/66; src/Graph/__Tests/StellaOps.Graph.Indexer.Tests: 37/37; src/Graph/__Tests/StellaOps.Graph.Indexer.Persistence.Tests: 17/17). - **Tier 2 Evidence**: docs/qa/feature-checks/runs/graph/graph-overlay-system/run-006/tier2-api-check.json - **Outcome**: Overlay/query API behavior remains healthy with non-empty node overlays. ## Recheck (Run-007) - **Verified**: 2026-02-10 - **Method**: Tier 2 replay validated via Graph API/indexer suites. - **Tests**: PASS (src/Graph/__Tests/StellaOps.Graph.Api.Tests: 66/66; src/Graph/__Tests/StellaOps.Graph.Indexer.Tests: 37/37; src/Graph/__Tests/StellaOps.Graph.Indexer.Persistence.Tests: 17/17). - **Tier 2 Evidence**: docs/qa/feature-checks/runs/graph/graph-overlay-system/run-007/tier2-api-check.json - **Outcome**: Overlay/query API behavior remains healthy with non-empty node overlays. ## Recheck (Run-008) - **Verified**: 2026-02-10 - **Method**: Tier 2 replay validated via Graph API/indexer suites. - **Tests**: PASS (src/Graph/__Tests/StellaOps.Graph.Api.Tests: 66/66; src/Graph/__Tests/StellaOps.Graph.Indexer.Tests: 37/37; src/Graph/__Tests/StellaOps.Graph.Indexer.Persistence.Tests: 17/17). - **Tier 2 Evidence**: docs/qa/feature-checks/runs/graph/graph-overlay-system/run-008/tier2-api-check.json - **Outcome**: Overlay/query API behavior remains healthy with non-empty node overlays. ## Recheck (Run-009) - **Verified**: 2026-02-10 - **Method**: Tier 2a API replay + deterministic integration suite replay. - **Tests**: PASS (Graph.Api.Tests 66/66, Graph.Indexer.Tests 37/37, Graph.Indexer.Persistence.Tests 17/17). - **Tier 2 Evidence**: docs/qa/feature-checks/runs/graph/graph-overlay-system/run-009/tier2-api-check.json - **Outcome**: Checked Graph behavior remains healthy in continued replay. ## Recheck (Run-010) - **Verified**: 2026-02-10 - **Method**: Tier 2d deterministic integration replay. - **Tests**: PASS (Graph Api 66/66, Indexer 37/37, Indexer.Persistence 17/17; total 120/120). - **Tier 2 Evidence**: docs/qa/feature-checks/runs/graph/graph-overlay-system/run-010/tier2-integration-check.json - **Outcome**: Checked graph behavior remains healthy in continued replay. ## Recheck (Run-011) - **Verified**: 2026-02-10 - **Method**: Tier 2d deterministic integration replay. - **Tests**: PASS (Graph Api 66/66, Indexer 37/37, Indexer.Persistence 17/17; total 120/120). - **Tier 2 Evidence**: docs/qa/feature-checks/runs/graph/graph-overlay-system/run-011/tier2-integration-check.json - **Outcome**: Checked graph behavior remains healthy in continued replay. ## Recheck (Run-012) - **Verified**: 2026-02-10 - **Method**: Tier 2 replay + deterministic Graph suite replay. - **Tests**: PASS (Graph.Api 66/66, Graph.Indexer 37/37, Graph.Indexer.Persistence 17/17; total 120/120). - **Tier 2 Evidence**: docs/qa/feature-checks/runs/graph/graph-overlay-system/run-012/tier2-api-check.json - **Outcome**: Checked graph behavior remains healthy in continued replay. ## Recheck (Run-013) - **Verified**: 2026-02-10 - **Method**: Tier 2d deterministic integration replay with fresh command-output evidence. - **Tests**: PASS (Graph matrix 120/120: Api 66, Indexer 37, Indexer.Persistence 17.) - **Tier 2 Evidence**: docs/qa/feature-checks/runs/graph/graph-overlay-system/run-013/tier2-integration-check.json - **Outcome**: Checked Graph behavior remains healthy in continued replay. ## Recheck (Run-016) - **Verified**: 2026-02-11 - **Method**: Strict Tier 2 API replay with overlay-enabled query stream plus search/path and tenant-guard validation. - **Tests**: PASS (`src/Graph/StellaOps.Graph.sln`: 120/120). - **Tier 2 Evidence**: docs/qa/feature-checks/runs/graph/graph-overlay-system/run-016/tier2-api-check.json - **Outcome**: Fresh user-surface evidence confirms overlay payloads remain present on query tiles and service contracts hold under negative paths.