# Signals

**Status:** Implemented
**Source:** `src/Signals/`
**Owner:** Policy Guild

## Purpose

Signals provides evidence-weighted scoring for vulnerability findings. Aggregates evidence from reachability analysis, runtime observations, backport detection, exploit intelligence, source trust, and mitigations into a deterministic 0-100 score for rapid triage.

## Components

**Services:**
- `StellaOps.Signals` - Main service with evidence aggregation and scoring engine
- `StellaOps.Signals.Scheduler` - Background scheduler for score recalculation

**Libraries:**
- `StellaOps.Signals.Storage.Postgres` - PostgreSQL storage for evidence and scores
- `StellaOps.Signals.Storage.Postgres.Tests` - Storage layer tests

**Evidence Normalizers:**
- Reachability (RCH) - Code path reachability to vulnerable sink
- Runtime (RTS) - Live observation strength (eBPF/dyld/ETW)
- Backport (BKP) - Patch evidence from distro/changelog/binary
- Exploit (XPL) - Exploit probability (EPSS + KEV)
- Source Trust (SRC) - VEX source trustworthiness
- Mitigation (MIT) - Active mitigation effectiveness

## Configuration

See `etc/signals.yaml.sample` for configuration options.

Key settings:
- PostgreSQL connection (schema: `signals`)
- Authority integration (audiences, scopes)
- Storage driver (filesystem or rustfs)
- Evidence weight policies
- Score guardrails and thresholds

## Dependencies

- PostgreSQL (schema: `signals`)
- Authority (authentication)
- Policy Engine (reachability data)
- Concelier (backport detection, exploit data)
- Excititor (VEX source trust)
- Scanner (vulnerability findings)

## Related Documentation

- Architecture: `./architecture.md`
- Policy Engine: `../policy/`
- VexLens: `../vex-lens/`
- High-Level Architecture: `../../07_HIGH_LEVEL_ARCHITECTURE.md`

## Current Status

Implemented with six evidence normalizers and deterministic scoring algorithm. Integrated with Policy Engine for reachability data and VexLens for source trust. Supports evidence decomposition and transparency.