stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
1bf6bbf3955ecbd8d20f5eeb767da5c7f8324b57
git.stella-ops.org/docs/features/unchecked/attestor/adaptive-noise-gating-for-vulnerability-graphs.md

2.9 KiB
Raw Blame History

Adaptive Noise Gating for Vulnerability Graphs

Module

Attestor

Status

IMPLEMENTED

Description

Four-part noise reduction system: (1) Semantic edge deduplication collapsing redundant edges with provenance sets, (2) Proof Strength hierarchy (Authoritative=100 > BinaryProof=80 > StaticAnalysis=60 > Heuristic=40), (3) Stability damping gate preventing flip-flopping verdicts with hysteresis thresholds, (4) Delta sections categorizing changes as New/Resolved/ConfidenceUp/ConfidenceDown/PolicyImpact.

Implementation Details

  • ProofChain Graph: src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Graph/ -- InMemoryProofGraphService (with .Mutation, .Queries, .Subgraph partials) provides the in-memory graph with node/edge deduplication. ProofGraphEdge and ProofGraphEdgeType define edge semantics including provenance sets. ProofGraphNode and ProofGraphNodeType classify node types with strength levels.
  • Delta Verdict System: src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Predicates/DeltaVerdictPredicate.cs and DeltaVerdictPredicate.Budget.cs implement delta categorization (New/Resolved/ConfidenceUp/ConfidenceDown). DeltaVerdictChange.cs and VerdictDeltaSummary.cs track per-finding changes.
  • Evidence Confidence: src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Generators/BackportProofGenerator.Confidence.cs computes confidence scores using proof-strength hierarchy. EvidenceSummary.cs aggregates evidence with strength weighting.
  • Change Trace: src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/ChangeTrace/ChangeTraceAttestationService.cs (with .Helpers and .Mapping partials) tracks changes over time for stability damping.
  • Verdict Delta Predicates: VerdictFindingChange.cs, VerdictRuleChange.cs categorize changes by policy impact.
  • Tests: __Tests/StellaOps.Attestor.ProofChain.Tests/Statements/DeltaVerdictStatementTests.cs, ChangeTrace/ChangeTracePredicateTests.cs

E2E Test Plan

  • Create a proof graph with redundant edges (same source/target, different provenance) and verify that InMemoryProofGraphService deduplicates them into a single edge with merged provenance sets
  • Submit evidence at different proof-strength tiers (Authoritative, BinaryProof, StaticAnalysis, Heuristic) and verify the BackportProofGenerator.Confidence produces correct weighted confidence scores
  • Generate two consecutive verdict snapshots with minor score fluctuations below the hysteresis threshold and verify that ChangeTraceAttestationService suppresses the flip-flop delta
  • Generate a delta verdict where findings are added, resolved, and confidence-changed, then verify DeltaVerdictPredicate categorizes each change correctly (New/Resolved/ConfidenceUp/ConfidenceDown/PolicyImpact)
  • Query a subgraph via InMemoryProofGraphService.Subgraph and verify only reachable nodes from the root are included, with correct edge types