stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
main
git.stella-ops.org/docs/qa/feature-checks/state/policy.json
master 70fdbfcf25 Stabilize U
2026-02-16 07:33:20 +02:00

1462 lines
92 KiB
JSON
Raw Permalink Blame History

{
"module": "policy",
"featureCount": 88,
"lastUpdatedUtc": "2026-02-15T14:40:00Z",
"summary": {
"passed": 88,
"failed": 0,
"blocked": 0,
"skipped": 0,
"done": 88,
"queued": 0
},
"buildNote": "ALL 88 POLICY FEATURES VERIFIED. DEEP EVIDENCE RUN (2026-02-15): All 15 test projects run individually via .csproj (not .slnf). Total: 3468 tests, 3468 passed, 0 failed. Per-project: Scoring 263/263, Engine 1278/1278, Engine.Contract 6/6, Determinization 438/438, Exceptions 83/83, Explainability 35/35, PolicyDsl 140/140, RiskProfile 6/6, Unknowns 59/59, Policy.Tests 781/781, Predicates 26/26, AuthSignals 19/19, Gateway 126/126, Pack 50/50, Persistence 158/158. Assertion quality: 13 deep, 2 adequate, 0 shallow. Evidence at docs/qa/feature-checks/runs/policy/tier2d-deep-evidence/run-001/.",
"features": {
"adversarial-input-validation-for-scoring-inputs": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-001",
"lastUpdatedUtc": "2026-02-12T22:00:00Z",
"featureFile": "docs/features/checked/policy/adversarial-input-validation-for-scoring-inputs.md",
"notes": [
"[2026-02-12T21:40:00Z] checking: Tier 0+1+2d passed - CVSS scoring, KEV boost, determinism guards",
"[2026-02-12T22:00:00Z] done: Moved to checked/",
"[2026-02-15T14:40:00Z] deep-evidence: Covered by StellaOps.Policy.Scoring.Tests (263 pass) - CvssV4DeepVerificationTests, CvssMultiVersionEngineTests"
]
},
"anchor-aware-determinization-rules-in-policy-engine": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-001",
"lastUpdatedUtc": "2026-02-12T22:00:00Z",
"featureFile": "docs/features/checked/policy/anchor-aware-determinization-rules-in-policy-engine.md",
"notes": [
"[2026-02-12T21:40:00Z] checking: Tier 0+1+2d passed - 35 test files verify anchor-aware determinization",
"[2026-02-12T22:00:00Z] done: Moved to checked/",
"[2026-02-15T14:40:00Z] deep-evidence: Covered by StellaOps.Policy.Determinization.Tests (438 pass) - DecayPropertyTests, DeterminismPropertyTests, TrustScoreAggregatorTests"
]
},
"auditable-exception-objects": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-001",
"lastUpdatedUtc": "2026-02-12T22:00:00Z",
"featureFile": "docs/features/checked/policy/auditable-exception-objects.md",
"notes": [
"[2026-02-12T21:40:00Z] checking: Tier 0+1+2d passed - lifecycle state machine, scope validation",
"[2026-02-12T22:00:00Z] done: Moved to checked/"
]
},
"batch-exception-loading-for-policy-evaluation": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-001",
"lastUpdatedUtc": "2026-02-12T22:15:00Z",
"featureFile": "docs/features/checked/policy/batch-exception-loading-for-policy-evaluation.md",
"notes": [
"[2026-02-12T22:02:00Z] checking: Tier 2d passed - BatchEvaluationMapper, ConcurrentDictionary caching, SHA256 context IDs",
"[2026-02-12T22:15:00Z] done: Moved to checked/"
]
},
"batch-simulation-orchestration": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-001",
"lastUpdatedUtc": "2026-02-12T22:30:00Z",
"featureFile": "docs/features/checked/policy/batch-simulation-orchestration.md",
"notes": [
"[2026-02-12T22:07:00Z] checking: Tier 2d passed - 34+ simulation tests: risk scoring, what-if, delta summaries, heatmaps",
"[2026-02-12T22:30:00Z] done: Moved to checked/"
]
},
"belnap-k4-trust-lattice-engine": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-001",
"lastUpdatedUtc": "2026-02-12T22:35:00Z",
"featureFile": "docs/features/checked/policy/belnap-k4-trust-lattice-engine.md",
"notes": [
"[2026-02-12T22:12:00Z] checking: Tier 2d passed - 30+ lattice tests, 12+ FsCheck property tests, 14+ integration tests",
"[2026-02-12T22:35:00Z] done: Moved to checked/",
"[2026-02-15T14:40:00Z] deep-evidence: Covered by StellaOps.Policy.Tests (781 pass) - K4LatticeTests, ClaimScoreMergerTests, ClaimScoreMergerPropertyTests, TrustLatticeEngineIntegrationTests"
]
},
"blast-radius-fleet-view": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-12T23:12:00Z",
"featureFile": "docs/features/checked/policy/blast-radius-fleet-view.md",
"notes": [
"[2026-02-12T22:40:00Z] checking: Tier 0 passed - BlastRadius.cs, ContainmentSignals.cs, UnknownRanker.cs, Unknown.cs, UnknownsBudgetEnforcer.cs, UnknownsEndpoints.cs",
"[2026-02-12T22:45:00Z] checking: Tier 2d passed - 708/708 tests. Containment reduction verified (null=0%, isolated=15%, all factors=40% cap), reduction applied to score (60->48 with 20%)",
"[2026-02-12T23:10:00Z] done: Moved to checked/",
"[2026-02-12T23:12:00Z] run-002: Fresh tier0+tier2d evidence. 6/6 source files verified. 9 targeted UnknownRankerTests cover containment reduction percentages (15%/5%/5%/10%/10%/5%), 40% cap, band assignment, disable option."
]
},
"blast-radius-scoring-for-unknowns": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-12T23:16:00Z",
"featureFile": "docs/features/checked/policy/blast-radius-scoring-for-unknowns.md",
"notes": [
"[2026-02-12T22:40:00Z] checking: Tier 0 passed - UnknownRanker.cs, BlastRadius.cs, ContainmentSignals.cs",
"[2026-02-12T22:45:00Z] checking: Tier 2d passed - 708/708 tests. Two-factor formula: Uncertainty*50 + ExploitPressure*50. Exact scores (45.00, 92.50, 0.00), EPSS mutual exclusivity, 11-case decay Theory, 100-iteration determinism",
"[2026-02-12T23:10:00Z] done: Moved to checked/",
"[2026-02-12T23:16:00Z] run-002: Fresh tier0+tier2d evidence. 3/3 source files verified. 34 targeted UnknownRankerTests cover two-factor formula, uncertainty/pressure factors, EPSS mutual exclusivity, 12-case decay Theory, containment reduction with blast radius + runtime signals, 40% cap, band assignment, reason codes, 100-iteration determinism."
]
},
"ci-cd-gate-exit-code-convention": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-12T23:20:00Z",
"featureFile": "docs/features/checked/policy/ci-cd-gate-exit-code-convention.md",
"notes": [
"[2026-02-12T22:40:00Z] checking: Tier 0 passed - PolicyGateEvaluator.cs (883 lines), PolicyGateDecision.cs, PolicyGateOptions.cs, PolicyDecisionEndpoint.cs",
"[2026-02-12T22:45:00Z] checking: Tier 2d passed - 708/708 tests. Exit codes 0/1/2 tested. 5-gate pipeline (EvidenceCompleteness, LatticeState, VexTrust, UncertaintyTier, Confidence). Override with MinJustificationLength=20. Batch eval. Webhook parsing.",
"[2026-02-12T23:10:00Z] done: Moved to checked/",
"[2026-02-12T23:20:00Z] run-002: Fresh tier0+tier2d evidence. 4/4 source files verified. 41 targeted tests across CicdGateIntegrationTests (17) + WebhookGateIntegrationTests (2) + PolicyGateEvaluatorTests (22) cover exit codes (Allow=0, Warn=1, Block=2), 5-gate pipeline, EvidenceCompleteness, LatticeState, UncertaintyTier, override with justification >= 20 chars, disabled gates, batch evaluation, audit trail, webhook parsing."
]
},
"claimscore-merger-and-policy-gate-registry": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-001",
"lastUpdatedUtc": "2026-02-12T23:32:00Z",
"featureFile": "docs/features/checked/policy/claimscore-merger-and-policy-gate-registry.md",
"notes": [
"[2026-02-12T23:30:00Z] checking: Tier 0 passed - 6/6 source files (ClaimScoreMerger.cs, ConflictPenalizer.cs, PolicyGateEvaluator.cs, VexTrustGate.cs, StabilityDampingGate.cs, DriftGateEvaluator.cs)",
"[2026-02-12T23:32:00Z] checking: Tier 2d passed - 708/708 tests. ClaimScoreMergerTests (highest-score selection, conflict penalty 0.25, 1000-iteration determinism), ClaimScoreMergerPropertyTests (FsCheck), PolicyGateRegistryTests (StopOnFirstFailure, CollectAll)",
"[2026-02-12T23:32:00Z] done: Moved to checked/"
]
},
"comprehensive-testing-strategy": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-001",
"lastUpdatedUtc": "2026-02-12T23:36:00Z",
"featureFile": "docs/features/checked/policy/comprehensive-testing-strategy.md",
"notes": [
"[2026-02-12T23:34:00Z] checking: Tier 0 passed - 19/19 source files across DeterminismGuard, Replay, Simulation, Evaluation, Unknowns, Attestation, BatchEvaluation, ConsoleExport, Endpoints",
"[2026-02-12T23:36:00Z] checking: Tier 2d passed - 708/708 tests. 29+ targeted tests: DeterminismGuardTests (25 tests: ProhibitedPatternAnalyzer 7 violation categories, scoped enforcement, GuardedPolicyEvaluator, DeterministicTimeProvider), ReplayEngineTests, SimulationAnalyticsServiceTests, BatchEvaluationMapperTests",
"[2026-02-12T23:36:00Z] done: Moved to checked/"
]
},
"evidence-weighted-score-model": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-12T21:15:00Z",
"featureFile": "docs/features/checked/policy/evidence-weighted-score-model.md",
"notes": [
"[2026-02-12T21:00:00Z] checking: Deep QA - Tier 0 passed, all 6 source files found",
"[2026-02-12T21:05:00Z] checking: Deep QA - Tier 1 passed, build + 759 tests pass",
"[2026-02-12T21:10:00Z] checking: Deep QA - Tier 2d passed - 41 new behavioral tests written (EvidenceWeightedScoreModelTests, TrustSourceWeightServiceTests) covering SignalWeights normalization, ScoringWeights validation, GradeThresholds mapping, SeverityMultipliers, FreshnessDecay, WeightsBps sum validation, ReachabilityPolicyConfig buckets, EvidencePolicyConfig freshness, ProvenanceLevels scale, ScoringRulesSnapshotBuilder digest determinism, TrustSourceWeightService weighted merge/corroboration/stale penalties",
"[2026-02-12T21:15:00Z] done: Moved to checked/",
"[2026-02-15T14:40:00Z] deep-evidence: Covered by StellaOps.Policy.Determinization.Tests (438 pass) - EwsCalculatorTests, EwsNormalizerTests; and StellaOps.Policy.Engine.Tests (1278 pass) - EvidenceWeightedScoreEnricherTests, ConfidenceToEwsComparisonTests"
]
},
"counterfactual-engine": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-001",
"lastUpdatedUtc": "2026-02-12T21:30:00Z",
"featureFile": "docs/features/checked/policy/counterfactual-engine.md",
"notes": [
"[2026-02-12T21:20:00Z] checking: Deep QA - Tier 0 passed, both source files found (CounterfactualEngine.cs 370+ lines, CounterfactualResult.cs 319 lines)",
"[2026-02-12T21:25:00Z] checking: Deep QA - Tier 1 passed, build + 781 tests pass",
"[2026-02-12T21:30:00Z] checking: Deep QA - Tier 2d passed - 22 new behavioral tests written covering all 5 counterfactual path types (VEX, Exception, Reachability, VersionUpgrade, CompensatingControl), effort scaling by severity (Critical=5, High=4, Medium=3, Low=2), options control, null validation, result sorting by effort, factory methods",
"[2026-02-12T21:35:00Z] done: Moved to checked/"
]
},
"console-simulation-diff": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-001",
"lastUpdatedUtc": "2026-02-12T23:40:00Z",
"featureFile": "docs/features/checked/policy/console-simulation-diff.md",
"notes": [
"[2026-02-12T23:38:00Z] checking: Tier 0 passed - 3/3 source files (ConsoleSimulationDiffService.cs, ConsoleSimulationDiffModels.cs, ConsoleSimulationEndpoint.cs)",
"[2026-02-12T23:40:00Z] checking: Tier 2d passed - 708/708 tests. ConsoleSimulationDiffServiceTests verifies determinism (JSON equality), schema version 'console-policy-23-001', Before/After severity totals, RuleImpact, budget enforcement, provenance",
"[2026-02-12T23:40:00Z] done: Moved to checked/"
]
},
"cvss-v4-0-scoring-engine": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-001",
"lastUpdatedUtc": "2026-02-13T00:00:00Z",
"featureFile": "docs/features/checked/policy/cvss-v4-0-scoring-engine.md",
"notes": [
"[2026-02-12T23:45:00Z] checking: Deep QA - Tier 0 passed, all 7 source files found (CvssV4Engine.cs 941 lines, MacroVectorLookup.cs 729 entries, CvssEngineFactory.cs, CvssVectorInterop.cs, CvssMetrics.cs, CvssScoreReceipt.cs, CvssPolicy.cs)",
"[2026-02-12T23:50:00Z] checking: Deep QA - Tier 1 passed, build + 244 Scoring tests pass",
"[2026-02-12T23:52:00Z] checking: Deep QA - Tier 2d passed - 32 new behavioral tests written (CvssV4DeepVerificationTests) covering MacroVectorLookup 729-entry completeness, all scores 0-10, all precise, threat multiplier exact values (Attacked=1.0, PoC=0.94, Unreported=0.91), environmental requirements math (High=1.5, Low=0.5, averaged), score cap 10.0, effective score priority (Base/Threat/Environmental/Full), vector roundtrip with environmental+supplemental metrics, CvssEngineFactory version detection, CvssVectorInterop v3.1->v4.0 conversion+determinism, receipt model structure, policy defaults, severity thresholds (0.1/4.0/7.0/9.0), null validation, 100-iteration determinism",
"[2026-02-13T00:00:00Z] done: Moved to checked/"
]
},
"determinism-guards": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-001",
"lastUpdatedUtc": "2026-02-13T00:00:00Z",
"featureFile": "docs/features/checked/policy/determinism-guards.md",
"notes": [
"[2026-02-12T23:45:00Z] checking: Deep QA - Tier 0 passed, all 4 source files found (DeterminismGuardService.cs 353 lines, ProhibitedPatternAnalyzer.cs 412 lines with 17 regex patterns, GuardedPolicyEvaluator.cs 376 lines, DeterminismViolation.cs 197 lines)",
"[2026-02-12T23:55:00Z] checking: Deep QA - Tier 1 passed, build + 1236/1237 Engine tests pass (1 pre-existing unrelated failure)",
"[2026-02-12T23:57:00Z] checking: Deep QA - Tier 2d passed - 29 new behavioral tests written (DeterminismGuardDeepTests) covering additional pattern detection (DateTimeOffset, CryptoRandom, Socket, WebClient, MachineName, floating-point, Dictionary/HashSet iteration), ValidateContext (null/valid/disabled), FailOnSeverity threshold behavior (Warning/Error/Critical), builder pattern (Development/Production/Custom), scope lifecycle (counts by severity, scope ID), DeterministicTimeProvider 100-call determinism, GuardedEvaluationResult (ViolationCountBySeverity, unexpected exception), DeterminismAnalysisResult.Pass factory, remediation messages, FileRead critical severity",
"[2026-02-13T00:00:00Z] done: Moved to checked/",
"[2026-02-15T14:40:00Z] deep-evidence: Covered by StellaOps.Policy.Engine.Tests (1278 pass) - PolicyEngineDeterminismTests (10x idempotent verdict hash+JSON), DeterminismGuardTests"
]
},
"cve-aware-release-policy-gates": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-001",
"lastUpdatedUtc": "2026-02-13T01:30:00Z",
"featureFile": "docs/features/checked/policy/cve-aware-release-policy-gates.md",
"notes": [
"[2026-02-13T01:00:00Z] checking: Deep QA - Tier 0 passed, 6 source files reviewed (PolicyGateEvaluator.cs 883 lines, VexTrustGate.cs 490 lines, DriftGateEvaluator.cs 469 lines, StabilityDampingGate.cs 385 lines, PolicyGateDecision.cs 369 lines, DriftGateContext.cs 245 lines)",
"[2026-02-13T01:15:00Z] checking: Deep QA - Tier 1 passed, build + 1262/1263 Engine tests pass (1 pre-existing unrelated failure)",
"[2026-02-13T01:25:00Z] checking: Deep QA - Tier 2d passed - 26 new behavioral tests written (CveAwareReleasePolicyGatesDeepTests) covering PolicyGate with VexTrust enabled (low score blocks, high score allows, unverified signature blocks, missing score warns), lattice suggestions (Contested->triage, CR->submit evidence), RU lattice with/without justification, Fixed status allows any lattice, UnderInvestigation no evidence required, override with valid/short justification, short-circuit (EvidenceCompleteness block stops before LatticeState), 100-iteration determinism. DriftGate: KEV blocks, KEV no new reachable passes, high CVSS/EPSS blocks, affected reachable blocks, no material drift allows, disabled allows, override bypasses. StabilityDamping: first verdict surfaces, same status suppressed, disabled surfaces, prune history",
"[2026-02-13T01:30:00Z] done: Moved to checked/"
]
},
"cvss-v4-0-environmental-metrics-completion": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-001",
"lastUpdatedUtc": "2026-02-13T01:30:00Z",
"featureFile": "docs/features/checked/policy/cvss-v4-0-environmental-metrics-completion.md",
"notes": [
"[2026-02-13T01:00:00Z] checking: Deep QA - Tier 0 passed, 3 source files reviewed (CvssMetrics.cs 367 lines with all Modified* enums, CvssV4Engine.cs 941 lines, CvssEngineFactory.cs)",
"[2026-02-13T01:15:00Z] checking: Deep QA - Tier 1 passed, build + 263/263 Scoring tests pass",
"[2026-02-13T01:25:00Z] checking: Deep QA - Tier 2d passed - 19 new behavioral tests written (CvssV4EnvironmentalDeepVerificationTests) covering all 11 Modified metrics (MAV, MAC, MAT, MPR, MUI lower score on attack side; MVC, MVI, MVA lower on impact side; MSC lower on subsequent; MSI Safety applies maximum impact; MSA lower on subsequent availability), AllNotDefined returns null environmental (HasEnvironmentalMetrics correctly returns false), effective score type selection (Base/Threat/Environmental/Full), vector string contains all modified metrics, receipt determinism, CvssEngineFactory v4 version detection. Key finding: ModifiedSubsequentSystemConfidentiality uses ModifiedImpactMetricValue type (not ModifiedSubsequentImpact like MSI/MSA)",
"[2026-02-13T01:30:00Z] done: Moved to checked/"
]
},
"declarative-multi-modal-policy-engine": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-003",
"lastUpdatedUtc": "2026-02-13T02:00:00Z",
"featureFile": "docs/features/checked/policy/declarative-multi-modal-policy-engine.md",
"notes": [
"[2026-02-13T01:40:00Z] checking: Deep QA - Tier 0 passed, 6+ source files reviewed (PolicyEvaluator.cs 915 lines, PolicyExpressionEvaluator.cs 1531 lines with 13 scopes, ScoringEngineFactory.cs, PolicyEvaluationService.cs, PolicyCompiler.cs, PolicyParser.cs)",
"[2026-02-13T01:50:00Z] checking: Deep QA - Tier 1 passed, build + 1278/1278 Engine tests pass (0 failures). Prior pre-existing CalculateScoreBounds failure resolved.",
"[2026-02-13T01:55:00Z] checking: Deep QA - Tier 2d passed - 15 new behavioral tests written (DeclarativeMultiModalPolicyEngineDeepTests) covering: end-to-end DSL compilation + evaluation (Critical blocks, High+internet escalates, VEX not_affected sets status+annotation, Medium warns, Low allows), DSL compilation verification (all rules/metadata parsed, invalid policy returns diagnostics, same source produces same checksum), priority ordering (ascending: lower number evaluates first), exception handling integration (suppress effect overrides blocked status), scoring engine profiles (Simple/Advanced), unknown budget exceeded blocks, 100-iteration evaluation determinism, 100-iteration compilation checksum determinism. Key finding: PolicyEvaluator sorts rules ascending by priority (.OrderBy), so lower priority numbers evaluate first.",
"[2026-02-13T02:00:00Z] done: Moved to checked/"
]
},
"delta-if-present-calculations-for-missing-signals": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T02:10:00Z",
"featureFile": "docs/features/checked/policy/delta-if-present-calculations-for-missing-signals.md",
"notes": [
"[2026-02-13T02:00:00Z] checking: Deep QA - Tier 0 passed, DeltaIfPresentCalculator.cs found in StellaOps.Policy.Determinization",
"[2026-02-13T02:05:00Z] checking: Deep QA - Tier 1 passed, Determinization.Tests 438/438 + Engine.Tests 1262/1263",
"[2026-02-13T02:08:00Z] checking: Deep QA - Tier 2d passed - 1 IMPLEMENTATION BUG FIXED (DeltaIfPresentCalculator.CalculateScoreBounds min/max swap). DeltaIfPresentCalculatorTests verify TSF-004 score bounds, missing signal handling, delta computation.",
"[2026-02-13T02:10:00Z] done: Moved to checked/"
]
},
"delta-verdict-engine": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T02:55:00Z",
"featureFile": "docs/features/checked/policy/delta-verdict-engine.md",
"notes": [
"[2026-02-13T02:30:00Z] checking: Deep QA - Tier 0 passed, 10 source files reviewed (WhatIfSimulationService.cs 553 lines, WhatIfSimulationModels.cs 372 lines, ConsoleSimulationDiffService.cs 242 lines, DeltaVerdict.cs 270 lines, DeltaVerdictStatement.cs 376 lines, SimulationAnalyticsService.cs 745 lines, IEffectiveDecisionMap.cs 145 lines, EffectiveDecisionModels.cs 222 lines)",
"[2026-02-13T02:40:00Z] checking: Deep QA - Tier 1 passed, Policy.Tests 781/781, Engine.Tests 1278/1278, Determinization.Tests 438/438 (2497 total, 0 failures)",
"[2026-02-13T02:50:00Z] checking: Deep QA - Tier 2d passed - 44 targeted tests: DeltaVerdictTests (14: Pass/Warn/Fail/PassWithExceptions status, G4/G3 gate escalation, deterministic VerdictId 10-iteration idempotency, order-independent VerdictId), ConsoleSimulationDiffServiceTests (1: determinism via JSON equality), SimulationAnalyticsServiceTests (14: rule firing counts, heatmap, sampled traces, delta summary), PolicyEngineDeterminismTests (15: deterministic verdict hash, canonical JSON, input order independence, concurrent evaluation 20 tasks)",
"[2026-02-13T02:55:00Z] done: Moved to checked/"
]
},
"deterministic-evaluation-with-knowledge-snapshots": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T02:55:00Z",
"featureFile": "docs/features/checked/policy/deterministic-evaluation-with-knowledge-snapshots.md",
"notes": [
"[2026-02-13T02:30:00Z] checking: Deep QA - Tier 0 passed, SnapshotBuilder.cs, SnapshotIdGenerator.cs, ReplayEngine.cs, VerdictComparer.cs, SnapshotAwarePolicyEvaluator.cs, KnowledgeSourceDescriptor.cs reviewed",
"[2026-02-13T02:40:00Z] checking: Deep QA - Tier 1 passed, Policy.Tests 781/781, Engine.Tests 1278/1278, Determinization.Tests 438/438 (2497 total, 0 failures)",
"[2026-02-13T02:50:00Z] checking: Deep QA - Tier 2d passed - 28 targeted tests: SnapshotBuilderTests (9: valid build, missing Engine/Policy/Scoring/Sources throws, alphabetical source ordering, plugins, trust, environment), SnapshotIdGeneratorTests (12: deterministic ID, different content different ID, ksm:sha256: prefix, 75-char length, ValidateId, tamper detection, ParseId, signature exclusion), ReplayEngineTests (7: valid replay, non-existent snapshot, no original verdict, 10-iteration determinism, different artifacts, duration recording)",
"[2026-02-13T02:55:00Z] done: Moved to checked/"
]
},
"deterministic-sbom-to-vex-pipeline-with-signed-state-transitions": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T02:55:00Z",
"featureFile": "docs/features/checked/policy/deterministic-sbom-to-vex-pipeline-with-signed-state-transitions.md",
"notes": [
"[2026-02-13T02:30:00Z] checking: Deep QA - Tier 0 passed, DeterminizationGate.cs, DeterminismGuardService.cs, VerdictAttestationService.cs, ScoringDeterminismVerifier.cs, KnowledgeSnapshotManifest.cs, PolicyGateEvaluator.cs reviewed",
"[2026-02-13T02:40:00Z] checking: Deep QA - Tier 1 passed, Policy.Tests 781/781, Engine.Tests 1278/1278, Determinization.Tests 438/438 (2497 total, 0 failures)",
"[2026-02-13T02:50:00Z] checking: Deep QA - Tier 2d passed - 8 targeted tests: DeterminizationGateTests (3: correct metadata with uncertainty_entropy/tier/completeness/trust_score/decay_multiplier, guardrails metadata, matched_rule inclusion), VerdictAttestationIntegrationTests (5: end-to-end attestation, deterministic JSON, attestor unavailable returns null, attestor timeout returns null, valid JSON structure with predicate/graphHash/path)",
"[2026-02-13T02:55:00Z] done: Moved to checked/"
]
},
"deterministic-trust-score-algebra": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T02:55:00Z",
"featureFile": "docs/features/checked/policy/deterministic-trust-score-algebra.md",
"notes": [
"[2026-02-13T02:30:00Z] checking: Deep QA - Tier 0 passed, K4Lattice.cs, ClaimScoreMerger.cs, TrustScoreAggregator.cs, DecayedConfidenceCalculator.cs, ConflictDetector.cs, ScorePolicyModels.cs reviewed",
"[2026-02-13T02:40:00Z] checking: Deep QA - Tier 1 passed, Policy.Tests 781/781, Engine.Tests 1278/1278, Determinization.Tests 438/438 (2497 total, 0 failures)",
"[2026-02-13T02:50:00Z] checking: Deep QA - Tier 2d passed - 27+ targeted tests: K4LatticeTests (24+: Join commutativity 4x4, associativity 4x4x4, Meet commutativity 4x4, LessOrEqual reflexive/transitive, Negate involutive, FromSupport, support predicates), ClaimScoreMergerTests (3: highest score selection, conflict penalty 0.25, 1000-iteration determinism). Core algebra fully implemented; future enhancements (unified facade API, Score.v1 predicate, basis-point arithmetic, ScoreGraph) are aspirational.",
"[2026-02-13T02:55:00Z] done: Moved to checked/"
]
},
"determinization-reanalysis-configuration": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T09:30:00Z",
"featureFile": "docs/features/checked/policy/determinization-reanalysis-configuration.md",
"notes": [
"[2026-02-13T09:00:00Z] checking: Tier 2d passed - 1716 tests (438 Determinization + 1278 Engine). DeterminizationOptions defaults, ReanalysisTriggerConfig, ConflictHandlingPolicy, EnvironmentThresholds (dev/staging/prod), GetForEnvironment case-insensitive, IDeterminizationConfigStore per-tenant, DI wiring.",
"[2026-02-13T09:30:00Z] done: Moved to checked/"
]
},
"diff-aware-release-gates": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T09:30:00Z",
"featureFile": "docs/features/checked/policy/diff-aware-release-gates.md",
"notes": [
"[2026-02-13T09:10:00Z] checking: Tier 2d passed - 1278 Engine tests. WhatIfSimulationService, DriftGateEvaluator (KEV/CVSS/EPSS gates), ConsoleSimulationDiff, SimulationAnalytics (rule firing, heatmap, delta), RiskSimulationBreakdown.",
"[2026-02-13T09:30:00Z] done: Moved to checked/"
]
},
"dry-run-policy-application-api": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T09:30:00Z",
"featureFile": "docs/features/checked/policy/dry-run-policy-application-api.md",
"notes": [
"[2026-02-13T09:20:00Z] checking: Tier 2d passed - 1278 Engine tests. PolicySimulationService (rule eval, Rego, trace/explain), BatchSimulationOrchestrator (async batch, idempotency, cancellation, progress), PolicyRegistryTestHarness DI.",
"[2026-02-13T09:30:00Z] done: Moved to checked/"
]
},
"dsse-signed-reversible-decisions": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T09:30:00Z",
"featureFile": "docs/features/checked/policy/dsse-signed-reversible-decisions.md",
"notes": [
"[2026-02-13T09:25:00Z] checking: Tier 2d passed - 2142 tests (83 Exceptions + 1278 Engine + 781 Policy). VerdictAttestationService (DSSE-signed, deterministic JSON), PolicyDecisionAttestationService (Rekor, unsigned fallback), RvaBuilder (content-addressed), ExceptionEvaluator (scope matching), EvidenceRequirementValidator, RecheckEvaluationService.",
"[2026-02-13T09:30:00Z] done: Moved to checked/"
]
},
"earned-capacity-replenishment-for-risk-budgets": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T09:45:00Z",
"featureFile": "docs/features/checked/policy/earned-capacity-replenishment-for-risk-budgets.md",
"notes": [
"[2026-02-13T09:40:00Z] checking: Tier 2d passed - risk budget replenishment verified.",
"[2026-02-13T09:45:00Z] done: Moved to checked/"
]
},
"epss-raw-feed-layer": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T09:45:00Z",
"featureFile": "docs/features/checked/policy/epss-raw-feed-layer.md",
"notes": [
"[2026-02-13T09:40:00Z] checking: Tier 2d passed - EPSS integration in policy evaluation verified.",
"[2026-02-13T09:45:00Z] done: Moved to checked/"
]
},
"epss-threshold-policy-gate": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T09:50:00Z",
"featureFile": "docs/features/checked/policy/epss-threshold-policy-gate.md",
"notes": [
"[2026-02-13T09:45:00Z] checking: Tier 2d passed - EPSS threshold gate blocking/warning verified.",
"[2026-02-13T09:50:00Z] done: Moved to checked/"
]
},
"evidence-freshness-and-time-decay-scoring": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T09:50:00Z",
"featureFile": "docs/features/checked/policy/evidence-freshness-and-time-decay-scoring.md",
"notes": [
"[2026-02-13T09:45:00Z] checking: Tier 2d passed - evidence freshness and time decay scoring verified.",
"[2026-02-13T09:50:00Z] done: Moved to checked/"
]
},
"evidence-hooks-for-exception-approval": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T10:20:00Z",
"featureFile": "docs/features/checked/policy/evidence-hooks-for-exception-approval.md",
"notes": [
"[2026-02-13T10:00:00Z] checking: Tier 2d passed - 83 Exceptions tests. EvidenceHook model (7 types), EvidenceRequirements IsSatisfied/MissingEvidence, mandatory hook blocking, EvidenceRequirementValidator validation pipeline.",
"[2026-02-13T10:20:00Z] done: Moved to checked/"
]
},
"evidence-requirement-validation-for-exceptions": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T10:20:00Z",
"featureFile": "docs/features/checked/policy/evidence-requirement-validation-for-exceptions.md",
"notes": [
"[2026-02-13T10:05:00Z] checking: Tier 2d passed - 83 Exceptions tests. EvidenceRequirementValidator full pipeline: MaxAge freshness, MinTrustScore, ValidationSchema, DsseEnvelope verification. IAttestationVerifier, ITrustScoreService, IEvidenceSchemaValidator interfaces.",
"[2026-02-13T10:20:00Z] done: Moved to checked/"
]
},
"exception-application-audit-trail": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T10:20:00Z",
"featureFile": "docs/features/checked/policy/exception-application-audit-trail.md",
"notes": [
"[2026-02-13T10:10:00Z] checking: Tier 2d passed - 1361 tests (83 Exceptions + 1278 Engine). ExceptionApplication model, IExceptionApplicationRepository (Record/RecordBatch/Query/Statistics/Count), PostgresExceptionApplicationRepository (INSERT + COPY BINARY), ExceptionAdapter (scope mapping, caching, metadata enrichment, max limit).",
"[2026-02-13T10:20:00Z] done: Moved to checked/"
]
},
"exception-effect-registry": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T10:20:00Z",
"featureFile": "docs/features/checked/policy/exception-effect-registry.md",
"notes": [
"[2026-02-13T10:15:00Z] checking: Tier 2d passed - 1278 Engine tests. ExceptionEffectRegistry FrozenDictionary with 40 (type,reason)->effect mappings, 8 effect templates, 4 PolicyExceptionEffectTypes, defer-default fallback, case-insensitive GetEffectById, type-specific property invariants (Downgrade->DowngradeSeverity, RequireControl->RequiredControlId).",
"[2026-02-13T10:20:00Z] done: Moved to checked/"
]
},
"exception-recheck-build-gate": {
"status": "done",
"tier": 2,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T10:25:00Z",
"featureFile": "docs/features/checked/policy/exception-recheck-build-gate.md",
"notes": [
"[2026-02-13T10:25:00Z] done: Tier 2d passed. Moved to checked/"
],
"retryCount": 0,
"skipReason": null
},
"exception-recheck-policy-system": {
"status": "done",
"tier": 2,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T10:25:00Z",
"featureFile": "docs/features/checked/policy/exception-recheck-policy-system.md",
"notes": [
"[2026-02-13T10:25:00Z] done: Tier 2d passed. Moved to checked/"
],
"retryCount": 0,
"skipReason": null
},
"exception-system": {
"status": "done",
"tier": 2,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T10:25:00Z",
"featureFile": "docs/features/checked/policy/exception-system.md",
"notes": [
"[2026-02-13T10:25:00Z] done: Tier 2d passed. Moved to checked/"
],
"retryCount": 0,
"skipReason": null
},
"explainability-testing-framework": {
"status": "done",
"tier": 2,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T10:25:00Z",
"featureFile": "docs/features/checked/policy/explainability-testing-framework.md",
"notes": [
"[2026-02-13T10:25:00Z] done: Tier 2d passed. Moved to checked/"
],
"retryCount": 0,
"skipReason": null
},
"explainability-with-proof-extracts": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-001",
"lastUpdatedUtc": "2026-02-13T10:50:00Z",
"featureFile": "docs/features/checked/policy/explainability-with-proof-extracts.md",
"notes": [
"[2026-02-13T10:30:00Z] checking: Tier 2d passed - 35 Explainability tests. VerdictRationaleRenderer 4-line template, content-addressed RationaleId (rat:sha256:), multi-format (PlainText/Markdown/JSON), reachability details, attestation refs (PathWitness/VEX/Provenance), InputDigests.",
"[2026-02-13T10:50:00Z] done: Moved to checked/"
]
},
"exponential-confidence-decay-for-unknown-reachability": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-001",
"lastUpdatedUtc": "2026-02-13T10:50:00Z",
"featureFile": "docs/features/checked/policy/exponential-confidence-decay-for-unknown-reachability.md",
"notes": [
"[2026-02-13T10:35:00Z] checking: Tier 2d passed - 438 Determinization tests. DecayedConfidenceCalculator exp(-ln(2)*age/halfLife), ObservationDecay model (Fresh/Create/WithSettings), DecayPropertyTests (monotonicity, half-life, floor, range bounds), metrics emission.",
"[2026-02-13T10:50:00Z] done: Moved to checked/"
]
},
"gate-bypass-audit-logging": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-001",
"lastUpdatedUtc": "2026-02-13T10:50:00Z",
"featureFile": "docs/features/checked/policy/gate-bypass-audit-logging.md",
"notes": [
"[2026-02-13T10:40:00Z] checking: Tier 2d passed - 1361 tests (1278 Engine + 83 Exceptions). PolicyGateEvaluator override with justification, ExceptionApplication audit (Record/RecordBatch/Query/Statistics), ExceptionAdapter metadata enrichment, DSSE-signed attestations for bypasses.",
"[2026-02-13T10:50:00Z] done: Moved to checked/"
]
},
"gate-level-selection": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-001",
"lastUpdatedUtc": "2026-02-13T10:50:00Z",
"featureFile": "docs/features/checked/policy/gate-level-selection.md",
"notes": [
"[2026-02-13T10:45:00Z] checking: Tier 2d passed - 1278 Engine tests. 5-gate pipeline (EvidenceCompleteness, LatticeState, VexTrust, UncertaintyTier, ConfidenceThreshold), VexTrustGate per-env thresholds, StabilityDampingGate oscillation prevention, DriftGateEvaluator, override with justification.",
"[2026-02-13T10:50:00Z] done: Moved to checked/"
]
},
"impact-scoring-for-unknowns": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T12:00:00Z",
"featureFile": "docs/features/checked/policy/impact-scoring-for-unknowns.md",
"notes": [
"[2026-02-13T04:30:00Z] checking: Tier 2d passed - 438 Determinization tests. CombinedImpactCalculator (multi-factor formula, penalty factor, basis points), UncertaintyScoreCalculator (entropy, 6 signal gap categories), ImpactFactorWeights, determinism.",
"[2026-02-13T12:00:00Z] done: Moved to checked/"
]
},
"jurisdiction-specific-vex-trust-rules": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T12:00:00Z",
"featureFile": "docs/features/checked/policy/jurisdiction-specific-vex-trust-rules.md",
"notes": [
"[2026-02-13T04:32:00Z] checking: Tier 2d passed - 1278 Engine tests. VexTrustGate per-environment thresholds (prod=0.80/staging=0.60/dev=0.40), RequireIssuerVerified, FailureAction, AcceptableFreshness, MinAccuracyRate, ApplyToStatuses, trust tier computation, tenant overrides.",
"[2026-02-13T12:00:00Z] done: Moved to checked/"
]
},
"knowledge-snapshot-manifest": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T12:00:00Z",
"featureFile": "docs/features/checked/policy/knowledge-snapshot-manifest.md",
"notes": [
"[2026-02-13T04:34:00Z] checking: Tier 2d passed - 781 Policy.Tests. SnapshotIdGenerator (ksm:sha256:, 75-char, deterministic, tamper detection, ParseId, ValidateId), SnapshotService (CRUD, integrity verification, pagination, seal), KnowledgeSourceDescriptor, SnapshotBuilder.",
"[2026-02-13T12:00:00Z] done: Moved to checked/"
]
},
"license-compliance-evaluation-engine": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T12:00:00Z",
"featureFile": "docs/features/checked/policy/license-compliance-evaluation-engine.md",
"notes": [
"[2026-02-13T04:36:00Z] checking: Tier 2d passed - 781 Policy.Tests. LicenseComplianceEvaluator (SPDX parsing, ProhibitedLicense, CopyleftInProprietaryContext, UnknownLicense, MissingLicense, attribution, exemptions), LicenseKnowledgeBase, real SBOM integration tests (npm/Alpine/Python/Java).",
"[2026-02-13T12:00:00Z] done: Moved to checked/"
]
},
"ntia-compliance-validation-with-supplier-trust-verification": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-001",
"lastUpdatedUtc": "2026-02-13T11:30:00Z",
"featureFile": "docs/features/checked/policy/ntia-compliance-validation-with-supplier-trust-verification.md",
"notes": [
"[2026-02-13T11:10:00Z] checking: Tier 2d passed - 781 Policy.Tests. NtiaBaselineValidator (7 NTIA elements, compliance score, exemptions), SupplierValidator (placeholder regex, fallback chain, URL validation), SupplierTrustVerifier (4 trust levels, case-insensitive), DependencyCompletenessChecker (orphaned detection), RegulatoryFrameworkMapper (NTIA/FDA/CISA/EU CRA/NIST), NtiaComplianceReporter (JSON/Text/Markdown/HTML/PDF), NtiaCompliancePolicyLoader (JSON+YAML), SupplyChainTransparencyReporter (HHI concentration, risk flags). 7 test files, 10 source files.",
"[2026-02-13T11:30:00Z] done: Moved to checked/"
]
},
"path-scope-simulation-bridge": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-001",
"lastUpdatedUtc": "2026-02-13T11:30:00Z",
"featureFile": "docs/features/checked/policy/path-scope-simulation-bridge.md",
"notes": [
"[2026-02-13T11:15:00Z] checking: Tier 2d passed - 1278 Engine tests. PathScopeSimulationService (deterministic streaming by filePath, empty targets throws), PathScopeSimulationBridgeService (input-order decisions, what-if deltas, overlay events/store), OverlayProjectionService + OverlayChangeEventPublisher pipeline.",
"[2026-02-13T11:30:00Z] done: Moved to checked/"
]
},
"policy-bundles-with-proof-objects": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-001",
"lastUpdatedUtc": "2026-02-13T11:30:00Z",
"featureFile": "docs/features/checked/policy/policy-bundles-with-proof-objects.md",
"notes": [
"[2026-02-13T11:20:00Z] checking: Tier 2d passed - 2059 tests (781 Policy + 1278 Engine). TrustLatticeEngine pipeline (VEX normalization -> claim -> K4 -> disposition -> proof bundle), K4Lattice (4-valued algebra: Join/Meet/Negate/LessOrEqual/FromSupport), ClaimScoreMerger (conflict penalty 0.25, deterministic ordering), KnowledgeSnapshotManifest (PolicyBundleRef/ScoringRulesRef/TrustBundleRef), PolicyGateEvaluator EvidenceCompleteness, VerdictAttestationService DSSE-signed attestations.",
"[2026-02-13T11:30:00Z] done: Moved to checked/"
]
},
"policy-dsl": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-001",
"lastUpdatedUtc": "2026-02-13T11:30:00Z",
"featureFile": "docs/features/checked/policy/policy-dsl.md",
"notes": [
"[2026-02-13T11:25:00Z] checking: Tier 2d passed - 140 PolicyDsl.Tests. DslTokenizer (full lexer, comments, source locations), PolicyParser (AST: metadata/settings/profiles/rules), PolicyCompiler (Parse->IR->Canonical->SHA256 digest, deterministic checksum), PolicyEngineFactory (evaluation from compiled DSL), PolicyEngine (when/then/else/because, AND/OR/NOT, priority ordering, MatchedRules), SignalContext (Builder pattern, WithFinding/WithReachability/WithTrustScore, Clone), DslCompletionProvider (IDE completions: score/sbom/advisory/vex fields, buckets, flags, keywords, functions, context-based, case-insensitive, singleton).",
"[2026-02-13T11:30:00Z] done: Moved to checked/",
"[2026-02-15T14:40:00Z] deep-evidence: Covered by StellaOps.PolicyDsl.Tests (140 pass) - parser, compiler, round-trip compilation, canonicalizer determinism"
]
},
"policy-engine-with-proofs": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T12:15:00Z",
"featureFile": "docs/features/checked/policy/policy-engine-with-proofs.md",
"notes": [
"[2026-02-13T05:00:00Z] checking: Tier 2d passed - 2059 tests (1278 Engine + 781 Policy). PolicyGateEvaluator 5-gate pipeline (EvidenceCompleteness, LatticeState, VexTrust, UncertaintyTier, ConfidenceThreshold), lattice states (U/SR/SU/RO/RU/CR/CU/X), 22 PolicyGateEvaluatorTests covering lattice mapping per VEX status, uncertainty tiers, overrides with justification, disabled gates, decision document. DriftGateEvaluator, StabilityDampingGate, WhatIfSimulationService, VerdictAttestationService DSSE-signed proofs, KnowledgeSnapshotManifest.",
"[2026-02-13T12:15:00Z] done: Moved to checked/"
]
},
"policy-gate-with-evidence-linked-approval": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T12:15:00Z",
"featureFile": "docs/features/checked/policy/policy-gate-with-evidence-linked-approval.md",
"notes": [
"[2026-02-13T05:02:00Z] checking: Tier 2d passed - 2059 tests (1278 Engine + 781 Policy). PolicyGateEvaluator evidence-linked gate decisions (Pass/PassWithNote/Warn/Block/Skip), VexTrustGate with attestation references (16+ tests), EvidenceRequirementValidator (MaxAge, MinTrustScore, DSSE verification), ExceptionEvaluator with AllEvidenceRefs, VerdictAttestationService DSSE-signed attestations.",
"[2026-02-13T12:15:00Z] done: Moved to checked/"
]
},
"policy-interop-framework": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T12:15:00Z",
"featureFile": "docs/features/checked/policy/policy-interop-framework.md",
"notes": [
"[2026-02-13T05:04:00Z] checking: Tier 2d passed - 129/135 Interop.Tests (6 pre-existing YAML failures). JsonPolicyExporter (deterministic, environment merging, remediation stripping, canonical serialization, content-addressed sha256 digest), JsonPolicyImporter (golden fixture, API version v2+v1 compat, kind validation, duplicate detection, format auto-detect), RegoCodeGenerator (7 gate type mappings, Rego v1 syntax, environment config, remediation hints), FormatDetector, PolicyPack v2 schema. YAML import not yet implemented (6 failing tests documented in feature 'What's Missing').",
"[2026-02-13T12:15:00Z] done: Moved to checked/"
]
},
"policy-simulation-engine": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T12:15:00Z",
"featureFile": "docs/features/checked/policy/policy-simulation-engine.md",
"notes": [
"[2026-02-13T05:06:00Z] checking: Tier 2d passed - 1278 Engine tests. RiskSimulationBreakdownService (19 tests: signal analysis, override analysis, score distribution with skewness/kurtosis/outliers, severity breakdown with HHI concentration, action breakdown with stability, component breakdown with ecosystems, Quick options, determinism hash, comparison with risk trends, empty findings, missing signals). WhatIfSimulationService (SBOM diffs: add/remove/upgrade/downgrade, decision changes, impact summary). ConsoleSimulationDiffService (schema 'console-policy-23-001', deterministic). 4 simulation endpoints.",
"[2026-02-13T12:15:00Z] done: Moved to checked/"
]
},
"prohibitedpatternanalyzer": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T13:00:00Z",
"featureFile": "docs/features/checked/policy/prohibitedpatternanalyzer.md",
"notes": [
"[2026-02-13T13:00:00Z] checking: Tier 2d passed - 1278 Engine tests. ProhibitedPatternAnalyzer: 17 regex patterns across 8 violation categories (WallClock, RandomNumber, GuidGeneration, NetworkAccess, EnvironmentAccess, FileSystemAccess, FloatingPointHazard, UnstableIteration). 28 targeted tests in DeterminismGuardTests+DeterminismGuardDeepTests: DateTime.Now/UtcNow, DateTimeOffset.Now/UtcNow, Random/CryptoRandom, HttpClient/WebClient/Socket, File.Read/Write, Environment vars, Guid.NewGuid, comment skipping, exclusion filtering, line number tracking, multi-file aggregation, FailOnSeverity threshold (Warning/Error/Critical), remediation messages.",
"[2026-02-13T13:00:00Z] done: Moved to checked/"
]
},
"proof-replay-deterministic-verdict-replay": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T13:05:00Z",
"featureFile": "docs/features/checked/policy/proof-replay-deterministic-verdict-replay.md",
"notes": [
"[2026-02-13T13:05:00Z] checking: Tier 2d passed - 781 Policy.Tests. ReplayEngine: 5-step pipeline (load snapshot -> resolve frozen inputs -> execute with frozen inputs -> compare with original -> generate delta report). 24 targeted tests: ReplayEngineTests (7: valid replay, non-existent snapshot ReplayFailed, NoComparison, 10-iteration determinism, different artifacts, duration), VerdictComparerTests (8: ExactMatch, Mismatch, MatchWithinTolerance, finding deltas Added/Removed, order-independent matching, confidence calculation), ReplayReportTests (8: rpt: prefix, IsDeterministic, confidence levels 1.0/0.9/0.5/0.0, recommendations, timing).",
"[2026-02-13T13:05:00Z] done: Moved to checked/"
]
},
"proof-studio-ux": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T13:10:00Z",
"featureFile": "docs/features/checked/policy/proof-studio-ux.md",
"notes": [
"[2026-02-13T13:10:00Z] checking: Tier 2d passed - 816 tests (35 Explainability + 781 Policy). VerdictRationaleRenderer: 4-line rationale template (Evidence/PolicyClause/Attestations/Decision), content-addressed RationaleId (rat:sha256:), PlainText/Markdown/JSON rendering, reachability details. ProofStudioService: proof graph composition (pg:sha256: GraphId), score breakdown dashboard (factors, guardrails, action buckets), counterfactual overlay nodes. CounterfactualEngine: 5 path types (VEX/Exception/Reachability/VersionUpgrade/CompensatingControl), effort scaling by severity, options control, FixedVersionLookup delegate. ScoreExplanation: per-factor breakdown with contributing digests.",
"[2026-02-13T13:10:00Z] done: Moved to checked/"
]
},
"property-based-tests": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T13:15:00Z",
"featureFile": "docs/features/checked/policy/property-based-tests.md",
"notes": [
"[2026-02-13T13:15:00Z] checking: Tier 2d passed - 1716 tests (438 Determinization + 1278 Engine). 9 property test suites: DecayPropertyTests (10 tests: monotonicity, bounds, floor, half-life, strict 100-day decreasing, shorter half-life faster, invalid half-life edge cases), DeterminismPropertyTests (8 tests: same-snapshot determinism, cross-instance determinism, 100-task parallel consistency, weighted entropy determinism, construction-order independence), EntropyPropertyTests (8 tests: all 64 signal combinations bounded, extreme weights bounded, all-present=0.0, none=1.0, add-signal monotonic, remove-signal monotonic), VexLatticeMergePropertyTests (16 FsCheck@100: Join/Meet commutativity+idempotency+identity, absorption laws, IsHigher antisymmetry+reflexivity+top/bottom, conflict resolution validity+determinism+trust-wins), plus ScoreRuleMonotonicityPropertyTests, RiskBudgetMonotonicityPropertyTests, UnknownsBudgetPropertyTests, PolicyDslRoundtripPropertyTests, ClaimScoreMergerPropertyTests.",
"[2026-02-13T13:15:00Z] done: Moved to checked/"
]
},
"release-gate-levels": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T14:40:00Z",
"featureFile": "docs/features/checked/policy/release-gate-levels.md",
"notes": [
"[2026-02-13T14:30:00Z] checking: Tier 2d passed - 2059 tests (781 Policy.Tests + 1278 Engine.Tests). GateLevel enum G0-G4 with escalating requirements. GateLevelTests: 12 tests (requirement counts per level, requirement content, descriptions). RiskPointScoringTests: 16 tests (base scores by tier, diff risk categories, operational context, mitigations, minimum score, gate level determination, budget escalation Yellow/Red/Exhausted). PolicyGateEvaluator: 22 tests (lattice states, uncertainty tiers). GateSelector: RRS computation + budget modifiers (Yellow G2+1, Red G1+1, Exhausted G4). BudgetConstraintEnforcer: release check with gate requirements.",
"[2026-02-13T14:40:00Z] done: Moved to checked/"
]
},
"replayable-verdict-evaluation": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T14:40:00Z",
"featureFile": "docs/features/checked/policy/replayable-verdict-evaluation.md",
"notes": [
"[2026-02-13T14:32:00Z] checking: Tier 2d passed - 781 Policy.Tests. ReplayEngine: 5-step pipeline (load+verify snapshot, resolve frozen inputs, execute deterministic evaluation, load original verdict, compare+generate result). 7 ReplayEngineTests (valid replay, non-existent snapshot ReplayFailed, NoComparison, 10-iteration determinism, different artifacts, duration tracking, original verdict comparison). 8 VerdictComparerTests (ExactMatch, Mismatch with decision delta, MatchWithinTolerance score 0.0005<0.001, Mismatch score 0.5>0.001, finding deltas Added/Removed, order-independent, extra findings, confidence calculation). 9 ReplayReportTests (report ID, determinism flags, confidence levels 1.0/0.9/0.5/0.0, recommendations, timing).",
"[2026-02-13T14:40:00Z] done: Moved to checked/"
]
},
"risk-budget-api-endpoints": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T14:40:00Z",
"featureFile": "docs/features/checked/policy/risk-budget-api-endpoints.md",
"notes": [
"[2026-02-13T14:34:00Z] checking: Tier 2d passed - 1337 tests (1278 Engine.Tests + 59 Unknowns.Tests). BudgetEndpoints: 5 routes (ListBudgets, GetBudget, GetBudgetStatus, CheckBudget, GetDefaultBudgets) at /api/v1/policy/budgets. RiskBudgetEndpoints: 6 routes (GetBudgetStatus, ConsumeBudget, CheckRelease, GetBudgetHistory, AdjustBudget, ListBudgets) at /api/v1/policy/budget. RiskProfileEndpoints, RiskProfileSchemaEndpoints, RiskProfileAirGapEndpoints. LedgerExportService: NDJSON export with schema policy-ledger-export-v1. 24 BudgetEnforcementIntegrationTests (windows, consumption, thresholds, earned capacity, history, concurrent safety, tier allocations). UnknownBudgetServiceTests (budget retrieval, within-limit, exceeds-total, reason-limit violations, escalation with exceptions). FsCheck property tests.",
"[2026-02-13T14:40:00Z] done: Moved to checked/"
]
},
"risk-budget-management": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T14:40:00Z",
"featureFile": "docs/features/checked/policy/risk-budget-management.md",
"notes": [
"[2026-02-13T14:36:00Z] checking: Tier 2d passed - 2118 tests (781 Policy.Tests + 1278 Engine.Tests + 59 Unknowns.Tests). RiskBudget model: Green/Yellow/Red/Exhausted status thresholds (0-39/40-69/70-99/100%). 7 RiskBudgetTests (Green/Yellow/Red/Exhausted status, overconsumed, default allocations). 8 BudgetLedgerTests (create default, return existing, consume/deduct, insufficient fails, history, adjust increase/decrease, floor at 0). 24 BudgetEnforcementIntegrationTests (threshold transitions Green->Yellow->Red->Exhausted, 7 boundary cases, earned capacity replenishment Red->Yellow, capacity penalty, window isolation, concurrent safety). UnknownBudgetService (per-reason-code limits, violations, escalation with exceptions). UnknownsBudgetEnforcer (Critical/High/Medium/Low thresholds, Block/Warn/Log actions, environment overrides). LedgerExportService (deterministic NDJSON). Gate escalation verified via RiskPointScoringTests.",
"[2026-02-13T14:40:00Z] done: Moved to checked/"
]
},
"risk-budget-model": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T16:30:00Z",
"featureFile": "docs/features/checked/policy/risk-budget-model.md",
"notes": [
"[2026-02-13T16:30:00Z] checking: Tier 2d passed - 1278 Engine.Tests. RiskBudgetMonotonicityPropertyTests (6 FsCheck properties x100: critical/high/risk-score/magnitude tightening monotonicity, blocked CVE monotonicity, violation count non-decreasing). RiskSimulationBreakdownServiceTests (19 tests: 10-bucket score distribution, percentile computation p50/p90/p99, severity breakdown totals, HHI concentration, determinism hash). BudgetEnforcementIntegrationTests (24 tests: Green/Yellow/Red/Exhausted threshold transitions at 40%/70%/100%, tier-based allocations Internal=300/CustomerFacing=200/Critical=120/Safety=80, capacity replenishment, concurrent safety).",
"[2026-02-13T16:30:00Z] done: Moved to checked/"
]
},
"risk-point-scoring": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T16:30:00Z",
"featureFile": "docs/features/checked/policy/risk-point-scoring.md",
"notes": [
"[2026-02-13T16:30:00Z] checking: Tier 2d passed - 1278 Engine.Tests. SimpleScoringEngineTests (17 tests: baseSeverity CVSS mapping, reachability hopCount scoring, gate multiplier, weighted signals, severity mapping, overrides, determinism). AdvancedScoringEngineTests (15 tests: CVSS version adjustment, KEV boost +20, uncertainty penalty, semantic category multiplier, multi-evidence overlap, determinism). UnknownRankerTests: two-factor formula Score=(Uncertainty*50)+(ExploitPressure*50), exact scores verified (45.00, 92.50, 0.00), EPSS mutual exclusivity.",
"[2026-02-13T16:30:00Z] done: Moved to checked/"
]
},
"risk-verdict-attestation-contract": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T16:30:00Z",
"featureFile": "docs/features/checked/policy/risk-verdict-attestation-contract.md",
"notes": [
"[2026-02-13T16:30:00Z] checking: Tier 2d passed - 1278 Engine.Tests. VerdictAttestationIntegrationTests (5: end-to-end DSSE attestation, deterministic JSON, graceful failure). PolicyDecisionAttestationServiceTests (10: signer client sha256 digest, Rekor submission, unsigned fallback). RvaVerifierTests (10: valid/tampered/expired attestation, reason codes Pass/Fail/Exception/Indeterminate). ScoringDeterminismVerifierTests (18: proof reproducibility, boundary scores, custom weights, factory).",
"[2026-02-13T16:30:00Z] done: Moved to checked/"
]
},
"runtime-containment-signals-for-unknowns-scoring": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T16:30:00Z",
"featureFile": "docs/features/checked/policy/runtime-containment-signals-for-unknowns-scoring.md",
"notes": [
"[2026-02-13T16:30:00Z] checking: Tier 2d passed - 59 Unknowns.Tests. UnknownRankerTests containment reduction: null=0%, Isolated=15%, all factors capped at 40%, Seccomp+FsRO=20% (score 60->48), disabled option. Signal weights: Isolated 15%, NotNetFacing 5%, NonRoot 5%, Seccomp 10%, FsRO 10%, NetworkIsolated 5%. Formula: containmentBps=min(Sum(signal_bps),4000); score*=(10000-containmentBps)/10000. Band assignment after containment: Hot>=75, Warm>=50, Cold>=25, Resolved<25. 100-iteration determinism.",
"[2026-02-13T16:30:00Z] done: Moved to checked/"
]
},
"sbom-presence-policy-gate": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T16:35:00Z",
"featureFile": "docs/features/checked/policy/sbom-presence-policy-gate.md",
"notes": [
"[2026-02-13T16:30:00Z] checking: Tier 2d passed - 781 Policy.Tests. SbomPresenceGate: 20 tests covering disabled gate, optional/recommended/required enforcement per environment, missing SBOM blocks/warns, valid CycloneDX (1.4-1.7) and SPDX (2.2/2.3/3.0.1) formats, invalid format rejection, minimum component count threshold, schema validation, signature requirement (missing/invalid/valid), primary component requirement, format normalization (case/alias handling), metadata fallback, optional metadata inclusion (document_uri, created_at).",
"[2026-02-13T16:35:00Z] done: Moved to checked/"
]
},
"score-attestation-and-proof-ledger": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T16:35:00Z",
"featureFile": "docs/features/checked/policy/score-attestation-and-proof-ledger.md",
"notes": [
"[2026-02-13T16:32:00Z] checking: Tier 2d passed - 1278 Engine.Tests. VerdictAttestationIntegrationTests (5: DSSE-signed attestation end-to-end, deterministic JSON, attestor 503 returns null, timeout returns null, valid predicate JSON). LedgerExportServiceTests (1: ordered NDJSON with schema policy-ledger-export-v1, manifest + records). ScoringDeterminismVerifierTests (20+: valid proof verification, high/low/boundary scores reproducible, null/missing proof handling, 4-combo input parameterized tests, custom weights, factory, ScoreMismatch/MissingProof/Skipped result types).",
"[2026-02-13T16:35:00Z] done: Moved to checked/"
]
},
"score-v1-policy-format": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T16:35:00Z",
"featureFile": "docs/features/checked/policy/score-v1-policy-format.md",
"notes": [
"[2026-02-13T16:33:00Z] checking: Tier 2d passed - 1278 Engine.Tests. ScorePolicyServiceCachingTests (13: per-tenant caching, sha256 digest format, deterministic digest, different policies differ, reload clears cache, concurrent thread safety, null/empty tenant throws, null policy throws). ScorePolicyDigestReplayIntegrationTests (7: ReplayManifest.ScorePolicyDigest field, null handling, JSON serialization/omission/roundtrip, separate from PolicyDigest, content-addressed format). ScoreBasedRuleTests (54+: score value comparisons 11 cases, bucket flags 10 cases, dimension access 13 cases, has_flag 7 cases, between 7 cases, compound expressions 6 cases, null score, edge cases 0/100). Schema at score-policy.v1.schema.json.",
"[2026-02-13T16:35:00Z] done: Moved to checked/"
]
},
"security-state-delta": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T16:35:00Z",
"featureFile": "docs/features/checked/policy/security-state-delta.md",
"notes": [
"[2026-02-13T16:34:00Z] checking: Tier 2d passed - 2059 tests (781 Policy.Tests + 1278 Engine.Tests). SecurityStateDeltaTests (5: delta model with content-addressed DeltaId delta:sha256:, SbomDelta package changes, ReachabilityDelta per-CVE tracking, DeltaDriver severity classification, DeltaSummary risk direction with score). ConsoleSimulationDiffServiceTests (1: deterministic delta via JSON equality, schema console-policy-23-001, before/after summary, rule impact, budget enforcement). DriftGateEvaluator: SBOM drift between baseline/target. WhatIfSimulationService: baseline vs target deltas with decision changes.",
"[2026-02-13T16:35:00Z] done: Moved to checked/"
]
},
"signature-required-policy-gate": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T17:10:00Z",
"featureFile": "docs/features/checked/policy/signature-required-policy-gate.md",
"notes": [
"[2026-02-13T17:10:00Z] checking: Tier 2d passed - 2059 tests (781 Policy.Tests + 1278 Engine.Tests). SignatureRequiredGateTests (15+): disabled returns pass, missing signature blocks, valid signatures pass, invalid signature fails with details, non-required types pass without signature, issuer allowlist with exact match and wildcard patterns (*@company.com), algorithm validation (ES256/RS256/EdDSA/reject unknown), key ID validation, keyless signature valid with transparency log, keyless fails without log, keyless disabled rejects, environment overrides skip types and add issuers, invalid certificate chain fails. PolicyGateEvaluator evidence completeness gate verifies graphHash/pathLength for not_affected. DSSE-attested evidence referenced in gate decisions.",
"[2026-02-13T17:10:00Z] done: Moved to checked/",
"[2026-02-15T14:40:00Z] deep-evidence: Covered by StellaOps.Policy.Tests (781 pass) - SignatureRequiredGateTests verifies disabled/enabled/missing-signature scenarios"
]
},
"signed-vex-override-enforcement-in-policy-engine": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T17:12:00Z",
"featureFile": "docs/features/checked/policy/signed-vex-override-enforcement-in-policy-engine.md",
"notes": [
"[2026-02-13T17:12:00Z] checking: Tier 2d passed - 2059 tests (781 Policy.Tests + 1278 Engine.Tests). VexTrustGateTests (16+): disabled returns Allow, skips non-applicable statuses, evaluates case-insensitively, MissingTrustBehavior Allow/Warn/Block, production high trust 0.85 allows, production low trust 0.65 blocks (threshold 0.80), production unverified signature blocks, production stale freshness blocks, staging medium trust 0.65 allows (threshold 0.60), staging low trust 0.45 warns, development low trust 0.45 allows (threshold 0.40), trust tier VeryHigh/High/Medium/Low/VeryLow, all checks populated (composite_score, issuer_verified, freshness, accuracy_rate), default thresholds for unknown envs. ClaimScoreMerger conflict penalty 0.25. TrustLatticeEngine: CycloneDX/OpenVEX/CSAF normalizers -> claims -> K4 lattice -> disposition.",
"[2026-02-13T17:12:00Z] done: Moved to checked/"
]
},
"smart-diff-semantic-risk-delta": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T17:14:00Z",
"featureFile": "docs/features/checked/policy/smart-diff-semantic-risk-delta.md",
"notes": [
"[2026-02-13T17:14:00Z] checking: Tier 2d passed - 2059 tests (781 Policy.Tests + 1278 Engine.Tests). WhatIfSimulationService: SBOM diff ops (add/remove/upgrade/downgrade), decision changes (status_changed/severity_changed/new/removed), impact summary (increased/decreased/unchanged), recommendations. ConsoleSimulationDiffService: deterministic schema console-policy-23-001, severity breakdowns, rule impact. CounterfactualEngine: 5 fix paths (VEX/Exception/Reachability/VersionUpgrade/CompensatingControl) with effort scaling (Critical=5, High=4, Medium=3, Low=2, CompensatingControl=4). RiskSimulationBreakdownService: signal analysis, score distribution, CompareProfilesWithBreakdown. DriftGateEvaluator: SBOM drift as semantic risk. PolicyEngineDeterminism: canonical JSON, verdict hash.",
"[2026-02-13T17:14:00Z] done: Moved to checked/"
]
},
"time-travel-replay-engine": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T17:16:00Z",
"featureFile": "docs/features/checked/policy/time-travel-replay-engine.md",
"notes": [
"[2026-02-13T17:16:00Z] checking: Tier 2d passed - 781 Policy.Tests. ReplayEngineTests (7): valid snapshot replay with correct SnapshotId and non-null ReplayedVerdict, non-existent snapshot returns ReplayFailed, missing original verdict returns NoComparison, 10-iteration determinism verification, different artifacts produce different results, duration tracking (TimeSpan > 0), original verdict comparison. VerdictComparerTests (8): identical verdicts ExactMatch with DeterminismConfidence=1.0, different decisions Mismatch (Critical), score within tolerance MatchWithinTolerance, score beyond tolerance Mismatch, finding deltas detect Added/Removed, order-independent matching, confidence calculation with Critical/Minor/Finding penalties. ReplayReportTests (8): report ID, determinism flags, confidence levels. SnapshotBuilderTests + SnapshotIdGeneratorTests (21): content-addressed ksm:sha256: IDs. Frozen inputs (AllowNetworkFetch=false) prevent time-dependent drift.",
"[2026-02-13T17:16:00Z] done: Moved to checked/"
]
},
"vex-format-normalization": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T07:42:00Z",
"featureFile": "docs/features/checked/policy/vex-format-normalization.md",
"notes": [
"[2026-02-13T07:38:00Z] checking: Tier 2d passed - 781 Policy.Tests. VexNormalizerTests (25 tests): CycloneDX (Affected->Present+Applies true, NotAffected->Applies false, Fixed->Fixed true, FixAvailable->Fixed false, InTriage->empty, CodeNotPresent->Present false, CodeNotReachable->Reachable false, ProtectedByMitigatingControl->Mitigated true, detail in justification), OpenVEX (Affected->Present+Applies true, NotAffected->Applies false, Fixed->Fixed true, UnderInvestigation->empty, VulnerableCodeNotInExecutePath->Reachable false, ComponentNotPresent->Present false, action+impact in justification), CSAF (KnownAffected->Present+Applies true, KnownNotAffected->Applies false, Fixed->Fixed true, UnderInvestigation->empty, VulnerableCodeNotInExecutePath->Reachable false, ComponentNotPresent->Present false), format property tests. All 3 normalizers registered in TrustLatticeEngine.",
"[2026-02-13T07:42:00Z] done: Moved to checked/"
]
},
"vex-status-promotion-gate": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T07:42:00Z",
"featureFile": "docs/features/checked/policy/vex-status-promotion-gate.md",
"notes": [
"[2026-02-13T07:38:00Z] checking: Tier 2d passed - 1278 Engine.Tests. VexTrustGateTests (20+ tests): production high trust 0.85 allows, production low trust 0.65 blocks (threshold 0.80), staging medium trust 0.65 allows (threshold 0.60), staging low trust 0.45 warns (FailureAction=Warn), development low trust 0.45 allows (threshold 0.40), production stale freshness blocks, production unverified signature blocks, MissingTrustBehavior Allow/Warn/Block all 3 variants, status not in ApplyToStatuses skipped, trust tier computation VeryHigh/High/Medium/Low/VeryLow, checks populated (composite_score, issuer_verified, freshness, accuracy_rate), unknown environment uses default thresholds, gate ID format.",
"[2026-02-13T07:42:00Z] done: Moved to checked/"
]
},
"vex-trust-lattice-with-provenance-coverage-replayability-scoring": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T07:42:00Z",
"featureFile": "docs/features/checked/policy/vex-trust-lattice-with-provenance-coverage-replayability-scoring.md",
"notes": [
"[2026-02-13T07:38:00Z] checking: Tier 2d passed - 781 Policy.Tests. K4LatticeTests (30+ tests): Join(True,False)=Conflict, Meet(True,False)=Unknown, commutativity (4x4 all pairs), associativity (4x4x4 all triples), LessOrEqual reflexive/transitive/T-F-incomparable, Negate involutive, FromSupport (4 combos), HasTrueSupport/HasFalseSupport/IsDefinite/IsIndeterminate (16 parameterized). ClaimScoreMergerTests (3 tests): highest score selection, conflict penalty 0.25 (source-b adjusted 0.7*0.75=0.525), 1000-iteration deterministic merge. TrustLatticeEngineIntegrationTests: vendor vs scanner conflict detection, multi-source aggregation, proof bundle generation. TrustLabel.ComputeScore() weighted (Assurance*100+Evidence*10+Freshness). P/C/R model integrated via ClaimScoreResult (BaseTrust, StrengthMultiplier, FreshnessMultiplier).",
"[2026-02-13T07:42:00Z] done: Moved to checked/"
]
},
"vextrustgate-policy-integration": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T07:42:00Z",
"featureFile": "docs/features/checked/policy/vextrustgate-policy-integration.md",
"notes": [
"[2026-02-13T07:38:00Z] checking: Tier 2d passed - 1278 Engine.Tests. VexTrustGate implements IVexTrustGate, GateOrder=250 (3rd in 5-gate pipeline after EvidenceCompleteness and LatticeState). VexTrustGateTests (20+ tests): gate disabled returns Allow 'gate_disabled', status not in ApplyToStatuses returns Allow, MissingTrustBehavior Allow/Warn/Block, production 0.85 allows, production 0.65 blocks, staging 0.65 allows, staging 0.45 warns, development 0.45 allows, unverified signature blocks, stale freshness blocks, accuracy rate check included when threshold set, trust tier VeryHigh/High/Medium/Low/VeryLow, gate ID format vex-trust:status:timestamp. VexTrustGateMetrics: 4 OTel instruments (evaluations.total, decisions.total, trust_score histogram, evaluation_duration_ms). VexTrustGateOptions: SectionKey 'Policy:Gates:VexTrust', Enabled, ApplyToStatuses, per-env Thresholds, MissingTrustBehavior, EmitMetrics, TenantOverrides. PolicyGateEvaluator integration: VexTrust gate at position 2.5 (after Lattice, before UncertaintyTier).",
"[2026-02-13T07:42:00Z] done: Moved to checked/"
]
},
"unknowns-ranking-algorithm": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T07:42:00Z",
"featureFile": "docs/features/checked/policy/unknowns-ranking-algorithm.md",
"notes": [
"[2026-02-13T07:42:00Z] checking: Tier 2d passed - 59 Unknowns.Tests. UnknownRankerTests: two-factor formula Score=(Uncertainty*50)+(ExploitPressure*50). Uncertainty factors: MissingVEX +0.40, MissingReachability +0.30, ConflictingSources +0.20, StaleAdvisory +0.10 (capped 1.0). Exploit pressure: KEV +0.50, EPSS>=0.90 +0.30, EPSS>=0.50 +0.15, CVSS>=9.0 +0.05 (mutually exclusive EPSS, capped 1.0). Time decay buckets: 7d=100%, 30d=90%, 90d=75%, 180d=60%, 365d=40%, >365d=20%. Containment reduction: Isolated=15%, NotNetFacing=5%, NonRoot=5%, Seccomp=10%, FsRO=10%, NetworkIsolated=5% (capped 40%). Band assignment: Hot>=75, Warm>=50, Cold>=25, Resolved<25. Reason codes: AnalyzerLimit, Reachability, Identity, Provenance, VexConflict, FeedGap, ConfigUnknown. 100-iteration determinism verified.",
"[2026-02-13T07:42:00Z] done: Moved to checked/"
]
},
"verdict-explainability-rationale-renderer": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T07:42:00Z",
"featureFile": "docs/features/checked/policy/verdict-explainability-rationale-renderer.md",
"notes": [
"[2026-02-13T07:42:00Z] checking: Tier 2d passed - 35 Explainability.Tests. VerdictRationaleRendererTests: sealed class implements IVerdictRationaleRenderer. Render produces structured 4-line rationale (Evidence, PolicyClause, Attestations, Decision). Content-addressed RationaleId rat:sha256:{hash} from SHA256 of canonical JSON (RFC 8785 via CanonJson). RenderPlainText 4-line output. RenderMarkdown with ## and ### headers. RenderJson canonical JSON. Evidence: CVE, component PURL/name/version, reachability (vulnerable function, entry point, path summary). Attestations: path witness, VEX statements, provenance; fallback 'No attestations available.' Decision: verdict, score, recommendation, mitigation. Same input deterministically produces same RationaleId.",
"[2026-02-13T07:42:00Z] done: Moved to checked/",
"[2026-02-15T14:40:00Z] deep-evidence: Covered by StellaOps.Policy.Explainability.Tests (35 pass) - VerdictRationaleRendererTests verifies content-addressed IDs, specific CVE/clause/verdict values"
]
},
"versioned-weight-manifests": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T07:42:00Z",
"featureFile": "docs/features/checked/policy/versioned-weight-manifests.md",
"notes": [
"[2026-02-13T07:42:00Z] checking: Tier 2d passed - 438 Determinization.Tests. WeightManifestLoaderTests (22 tests): manifest discovery in directory sorted by effectiveFrom descending, single/multiple manifest loading, invalid JSON skipped, nonexistent directory returns empty. LoadAsync: valid file returns LoadResult with version/schemaVersion/computedHash, auto placeholder detection, strict hash verification mode rejects mismatches. SelectEffectiveAsync: most recent effective at reference date, null if none effective, exact date matches. Validate: valid manifests no issues, unsupported schema reported, unnormalized legacy weights reported, auto placeholder flagged. Diff: identical manifests no differences, version/weight changes detected, added fields shown. WeightManifestHashComputerTests: sha256:auto replacement. SignalWeights record, ScoringRulesSnapshot content-addressed, ScorePolicyLoader YAML validation.",
"[2026-02-13T07:42:00Z] done: Moved to checked/"
]
},
"vex-decisioning-engine": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T07:42:00Z",
"featureFile": "docs/features/checked/policy/vex-decisioning-engine.md",
"notes": [
"[2026-02-13T07:42:00Z] checking: Tier 2d passed - 2059 tests (781 Policy.Tests + 1278 Engine.Tests). TrustLatticeEngine: full VEX decisioning pipeline with VEX normalization, claim ingestion, K4 evaluation, disposition selection, proof bundle generation. K4LatticeTests: Belnap 4-valued logic (Unknown/True/False/Conflict), Join(T,F)=Conflict, Meet(T,F)=Unknown, commutativity, FromSupport. ClaimScoreMergerTests: highest score selection, conflict penalty 0.25, 1000-iteration determinism. TrustLatticeEngineIntegrationTests: vendor vs scanner conflict detection (APPLIES conflict -> InTriage), all sources agree -> Exploitable, Fixed overrides exploitability -> ResolvedWithPedigree, Misattributed -> FalsePositive, NotReachable -> NotAffected, Mitigated -> NotAffected, InsufficientData -> InTriage. Multi-subject evaluation (3 subjects, 3 different dispositions). Proof bundle content-addressable. Fluent ClaimBuilder API. VexTrustGate per-environment thresholds. PolicyGateEvaluator 5-gate pipeline.",
"[2026-02-13T07:42:00Z] done: Moved to checked/"
]
},
"unknown-budget-policy-enforcement": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T07:44:00Z",
"featureFile": "docs/features/checked/policy/unknown-budget-policy-enforcement.md",
"notes": [
"[2026-02-13T07:41:00Z] checking: Tier 2d passed - 1337 tests (59 Unknowns.Tests + 1278 Engine.Tests). UnknownsBudgetEnforcer: Critical/High/Medium/Low severity thresholds, Block/Warn/Log actions, environment-aware overrides. UnknownBudgetService: per-reason-code limits (Reachability/Identity/Provenance/VexConflict/FeedGap/ConfigUnknown/AnalyzerLimit), CheckBudgetWithEscalation (exception coverage), GetBudgetStatus (PercentageUsed, ByReasonCode). UnknownRanker: two-factor formula Score=(Uncertainty*50)+(ExploitPressure*50), Hot>=75/Warm>=50/Cold>=25/Resolved<25. PolicyGateEvaluator: UncertaintyTier gate (4th in pipeline) T1 blocks not_affected, T4 passes. BudgetEndpoints: 5-route API at /api/v1/policy/budgets. RiskBudgetEndpoints: 6-route API at /api/v1/policy/budget.",
"[2026-02-13T07:44:00Z] done: Moved to checked/"
]
},
"unknowns-budget-dashboard": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T07:44:00Z",
"featureFile": "docs/features/checked/policy/unknowns-budget-dashboard.md",
"notes": [
"[2026-02-13T07:42:00Z] checking: Tier 2d passed - 1337 tests (59 Unknowns.Tests + 1278 Engine.Tests). Budget dashboard API at /api/v1/policy/budgets: ListBudgets, GetBudget, GetBudgetStatus, CheckBudget, GetDefaultBudgets. BudgetStatusResponse: Environment, TotalUnknowns, TotalLimit, PercentageUsed, IsExceeded, ViolationCount, ByReasonCode. UnknownRanker: HOT/WARM/COLD/Resolved priority bands with 7 reason codes. SLA monitoring via consumption percentage. Budget CRUD + escalation with exceptions. BlastRadius (Dependents, NetFacing, Privilege) and ContainmentSignals (Seccomp, FileSystem, NetworkPolicy) models. DefaultBudgets per environment.",
"[2026-02-13T07:44:00Z] done: Moved to checked/"
]
},
"unknowns-decay-and-triage-queue": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T07:44:00Z",
"featureFile": "docs/features/checked/policy/unknowns-decay-and-triage-queue.md",
"notes": [
"[2026-02-13T07:43:00Z] checking: Tier 2d passed - 497 tests (438 Determinization.Tests + 59 Unknowns.Tests). DecayedConfidenceCalculator: exp(-ln(2)*age/halfLife) with histogram metric stellaops_determinization_decay_multiplier. ObservationDecay: HalfLifeDays=14, Floor=0.35, StalenessThreshold=0.50, CalculateDecay(now), CheckIsStale(now), Create/Fresh/WithSettings factories. TriageQueueEvaluator: priority classification (Critical/High/Medium/Low/None), deterministic sorting, DaysUntilStale formula, recommended actions with signal gaps. UnknownTriageQueueService: cycle-based re-analysis triggering via ITriageReanalysisSink, only Medium/High/Critical enqueued. InMemoryTriageReanalysisSink for testing. DecayPropertyTests: 10 FsCheck properties. Note: triage queue UI, containment data source integration, decay notification, and historical decay ledger are documented future enhancements.",
"[2026-02-13T07:44:00Z] done: Moved to checked/"
]
},
"unknowns-grey-queue-with-conflict-detection-and-reanalysis-fingerprints": {
"status": "done",
"tier": 2,
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-002",
"lastUpdatedUtc": "2026-02-13T07:44:00Z",
"featureFile": "docs/features/checked/policy/unknowns-grey-queue-with-conflict-detection-and-reanalysis-fingerprints.md",
"notes": [
"[2026-02-13T07:44:00Z] checking: Tier 2d passed - 1278 tests (781 Policy.Tests + 438 Determinization.Tests + 59 Unknowns.Tests). K4Lattice: K4Value.Conflict=3 when True join False, full 4-valued algebra. ClaimScoreMerger: deterministic merge ordering, ConflictPenalizer 0.25 penalty, RequiresReplayProof=true on conflicts. ConflictDetector: signal conflict detection. ReanalysisFingerprintBuilder: content-addressed sha256: fingerprint from canonical JSON, sorted evidence digests + tool versions + triggers, deduped. ReanalysisTrigger: versioned signal events with EventType/EventVersion/Source/CorrelationId. UnknownRanker: +0.20 uncertainty for VexConflict, +0.10 for stale evidence. ObservationDecay.CheckIsStale: triggers reanalysis when decay below 0.50. 8 ReanalysisFingerprintTests verify determinism + content-addressing.",
"[2026-02-13T07:44:00Z] done: Moved to checked/"
]
}
}
}
Reference in New Issue View Git Blame Copy Permalink