stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
main
git.stella-ops.org/docs/features/checked/excititor/automatic-code-not-reachable-vex-justification-generation.md
master e9aeadc040 save checkpoint
2026-02-14 09:11:48 +02:00

3.0 KiB
Raw Permalink Blame History

Automatic code_not_reachable VEX Justification Generation

Module

Excititor

Status

VERIFIED

Description

Automatically generates VEX code_not_reachable justifications when reachability slice verdict is "unreachable", including slice digest as evidence reference and supporting OpenVEX, CSAF, and CycloneDX formats. Auto-generated justifications require human approval by default.

Implementation Details

  • Modules: src/Excititor/__Libraries/StellaOps.Excititor.Core/AutoVex/, src/Excititor/__Libraries/StellaOps.Excititor.Core/Justification/, src/Excititor/__Libraries/StellaOps.Excititor.Core/Reachability/
  • Key Classes:
    • VexNotReachableJustification (src/Excititor/__Libraries/StellaOps.Excititor.Core/AutoVex/VexNotReachableJustification.cs) - generates code_not_reachable justifications from reachability data
    • ReachabilityJustificationGenerator (src/Excititor/__Libraries/StellaOps.Excititor.Core/Justification/ReachabilityJustificationGenerator.cs) - generates justifications from reachability slice verdicts
    • VexDowngradeGenerator (src/Excititor/__Libraries/StellaOps.Excititor.Core/AutoVex/VexDowngradeGenerator.cs) - generates VEX downgrade statements when code is unreachable
    • AutoVexDowngradeService (src/Excititor/__Libraries/StellaOps.Excititor.Core/AutoVex/AutoVexDowngradeService.cs) - service orchestrating auto-VEX downgrade workflow
    • ReachabilityLatticeUpdater (src/Excititor/__Libraries/StellaOps.Excititor.Core/AutoVex/ReachabilityLatticeUpdater.cs) - updates lattice state with reachability evidence
    • TimeBoxedConfidence (src/Excititor/__Libraries/StellaOps.Excititor.Core/AutoVex/TimeBoxedConfidence.cs) - time-bounded confidence for auto-generated justifications
    • SliceVerdictConsumer (src/Excititor/__Libraries/StellaOps.Excititor.Core/Reachability/SliceVerdictConsumer.cs) - consumes reachability slice verdicts
  • Interfaces: ISliceVerdictConsumer
  • Source: SPRINT_3830_0001_0001_vex_integration_policy_binding.md

E2E Test Plan

  • Trigger a reachability slice verdict of "unreachable" and verify VexNotReachableJustification generates a code_not_reachable justification
  • Verify the generated justification includes the slice digest as evidence reference
  • Verify AutoVexDowngradeService marks auto-generated justifications as requiring human approval by default
  • Verify TimeBoxedConfidence applies time-bounded confidence decay to auto-generated justifications
  • Verify generated justifications are compatible with OpenVEX, CSAF, and CycloneDX export formats
  • Verify ReachabilityLatticeUpdater updates the lattice state when reachability evidence changes

Verification

  • Verified on 2026-02-13 via run-001.
  • Tier 0: Source files confirmed present on disk.
  • Tier 1: dotnet build passed (0 errors); 503/504 tests passed (1 env_issue: no local Postgres).
  • Tier 2d: docs/qa/feature-checks/runs/excititor/automatic-code-not-reachable-vex-justification-generation/run-001/tier2-integration-check.json