master
7b5bdcf4d3
- Introduced AGENTS.md, README.md, TASKS.md, and implementation_plan.md for Vexer, detailing mission, responsibilities, key components, and operational notes. - Established similar documentation structure for Vulnerability Explorer and Zastava modules, including their respective workflows, integrations, and observability notes. - Created risk scoring profiles documentation outlining the core workflow, factor model, governance, and deliverables. - Ensured all modules adhere to the Aggregation-Only Contract and maintain determinism and provenance in outputs.
1.1 KiB
1.1 KiB
StellaOps VEX Consensus Lens
VEX Lens computes deterministic consensus across conflicting VEX statements while preserving raw provenance.
Responsibilities
- Ingest VEX evidence from Excititor and align it to SBOM inventory.
- Apply issuer trust weights, freshness rules, and policy-defined tie breakers.
- Publish consensus snapshots and disagreement metadata for Policy Engine and Explorer surfaces.
- Expose APIs for explainability and offline bundle exports.
Key components
- Consensus computation service and job pipeline.
- Consensus store with versioned snapshots.
- Explain trace generator for disagreements.
Integrations & dependencies
- Excititor for raw VEX ingestion.
- Policy Engine for applying consensus in suppression flows.
- Vulnerability Explorer and Advisory AI for evidence overlays.
Operational notes
- Trust model configuration and issuer scoring dashboards.
- Offline kit packaging of consensus snapshots.
- Telemetry on issuer coverage and disagreement counts.
Epic alignment
- Epic 7: VEX Consensus Lens.
- Lens implementation stories tracked in ../../TASKS.md.