2.5 KiB
2.5 KiB
Release Gate Levels (G0-G4)
Module
Policy
Status
IMPLEMENTED
Description
Five gate levels (G0 through G4) with escalating requirements. GateSelector computes RRS, maps to gate level, and applies budget modifiers (Yellow/Red/Exhausted escalations). Each gate level has defined requirements matching the advisory specification.
Implementation Details
- PolicyGateEvaluator:
src/Policy/StellaOps.Policy.Engine/Gates/PolicyGateEvaluator.cs- Multi-gate evaluation with escalating strictness per gate level
- Gate levels mapped from Risk Readiness Score (RRS) and budget status
- 5 sequential gates with configurable thresholds per level
- Lattice states drive gate decisions: U, SR, SU, RO, RU, CR, CU, X
- Uncertainty tiers: T1 (High) -> strictest, T4 (Negligible) -> most permissive
- PolicyGateOptions:
src/Policy/StellaOps.Policy.Engine/Gates/PolicyGateOptions.cs-- per-level gate configuration - PolicyGateDecision:
src/Policy/StellaOps.Policy.Engine/Gates/PolicyGateDecision.cs-- decision model with per-gate results - RiskSimulationService:
src/Policy/StellaOps.Policy.Engine/Simulation/RiskSimulationService.cs- Signal-based RRS computation with severity mapping
- Severity: Critical>=90, High>=70, Medium>=40, Low>=10
- Distribution and percentile calculation for gate level determination
- Budget integration: Budget status (Yellow/Red/Exhausted) escalates gate level
BudgetEndpoints.cs:src/Policy/StellaOps.Policy.Engine/Endpoints/BudgetEndpoints.csRiskBudgetEndpoints.cs:src/Policy/StellaOps.Policy.Engine/Endpoints/RiskBudgetEndpoints.cs
- Ledger:
src/Policy/StellaOps.Policy.Engine/Ledger/-- tracks gate decisions for compliance
E2E Test Plan
- Evaluate artifact with low RRS (minimal risk); verify gate level maps to G0 (minimal requirements)
- Evaluate artifact with high RRS (many critical findings); verify gate level escalates to G3 or G4
- Evaluate with budget status Yellow; verify gate level escalates by one level
- Evaluate with budget status Exhausted; verify gate level escalates to maximum (G4)
- Evaluate at G0: verify only basic evidence completeness is checked
- Evaluate at G4: verify all gates apply strictest thresholds (lattice state, VEX trust, uncertainty, confidence)
- Verify each gate level (G0-G4) has progressively stricter thresholds
- Verify gate decision includes per-gate Pass/Warn/Block results for audit trail
- Verify ledger records gate level and decision for compliance