# Diff-Aware Release Gates (Semantic Delta Computation)

## Module
Policy

## Status
IMPLEMENTED

## Description
Full delta computation engine that computes semantic diffs across SBOMs, vulnerabilities, and risk scores. Includes component deltas, vulnerability status deltas, and risk score deltas.

## Implementation Details
- **WhatIfSimulationService**: `src/Policy/StellaOps.Policy.Engine/WhatIfSimulation/WhatIfSimulationService.cs` -- computes delta between baseline and hypothetical states
  - SBOM diff operations: add, remove, upgrade, downgrade
  - Decision changes: status_changed, severity_changed, new, removed
  - Risk delta computation: increased/decreased/unchanged with blocked/warning deltas
  - VEX and reachability override handling in simulated decisions
- **DriftGateEvaluator**: `src/Policy/StellaOps.Policy.Engine/Gates/DriftGateEvaluator.cs` -- drift-based gate for cross-release delta
  - `DriftGateContext.cs` -- drift evaluation context with base/target references
  - `DriftGateOptions.cs` -- configurable drift thresholds
  - Evaluates whether drift between releases exceeds acceptable thresholds
- **ConsoleSimulationDiffService**: `src/Policy/StellaOps.Policy.Engine/Console/ConsoleSimulationDiffService.cs` -- deterministic delta diff
  - Before/After severity breakdown, delta (added/removed/regressed), rule impact analysis
- **SimulationAnalyticsService**: `src/Policy/StellaOps.Policy.Engine/Simulation/SimulationAnalyticsService.cs` -- delta summary computation with severity escalation tracking
- **RiskSimulationService**: `src/Policy/StellaOps.Policy.Engine/Simulation/RiskSimulationService.cs` -- `CompareProfilesWithBreakdown` for profile-level delta
  - Compares baseline and comparison risk profiles with trend analysis
  - Top movers analysis: identifies findings with greatest score change
- **Effective Decision Map**: `src/Policy/StellaOps.Policy.Engine/EffectiveDecisionMap/` -- materialized baseline decisions for delta comparison
- **Overlay Simulation**: `src/Policy/StellaOps.Policy.Engine/Endpoints/OverlaySimulationEndpoint.cs` -- overlay-based simulation
- **Merge Preview**: `src/Policy/StellaOps.Policy.Engine/Endpoints/MergePreviewEndpoints.cs` -- merge preview for policy changes

## E2E Test Plan
- [ ] Run what-if simulation with SBOM upgrade; verify component delta shows version change and advisory resolution
- [ ] Run what-if simulation with SBOM downgrade; verify new advisories detected and severity escalated
- [ ] Evaluate drift gate with base and target digests; verify gate passes when drift is within threshold
- [ ] Evaluate drift gate with excessive drift; verify gate blocks with explanation
- [ ] Run console simulation diff; verify severity breakdown before and after policy change
- [ ] Compare two risk profiles; verify trend analysis shows score deltas and top movers
- [ ] Run overlay simulation; verify hypothetical overlay applied without persisting
- [ ] Verify delta summary correctly counts: added, removed, regressed (escalated severity)
- [ ] Run merge preview; verify predicted impact of policy merge
- [ ] Verify what-if summary recommendation: "risk profile increases" when more blocks, "improves" when fewer