7503c19b8f
- Implemented comprehensive tests for verdict artifact generation to ensure deterministic outputs across various scenarios, including identical inputs, parallel execution, and change ordering. - Created helper methods for generating sample verdict inputs and computing canonical hashes. - Added tests to validate the stability of canonical hashes, proof spine ordering, and summary statistics. - Introduced a new PowerShell script to update SHA256 sums for files, ensuring accurate hash generation and file integrity checks.
21 lines
860 B
Markdown
21 lines
860 B
Markdown
# Console Risk UI (Overview)
|
|
|
|
This document describes how risk and explainability concepts should surface in the Console.
|
|
|
|
## Concepts to Surface
|
|
|
|
- **Verdict and “why”:** a short, narrative explanation above the fold.
|
|
- **Evidence rail:** links to proofs that justify each fact (SBOM, VEX, reachability, policy explain trace).
|
|
- **Risk signals:** severity, exploit signals, exposure context, and confidence/uncertainty indicators.
|
|
|
|
## Explainability Expectations
|
|
|
|
- Every blocking decision must link to the policy gate and the evidence inputs that triggered it.
|
|
- Uncertainty must remain explicit (avoid false safety when evidence is missing or conflicts exist).
|
|
|
|
## References
|
|
|
|
- Risk model overview: `docs/risk/overview.md`
|
|
- Policy explainability: `docs/risk/explainability.md`
|
|
- Vulnerability Explorer guide: `docs/20_VULNERABILITY_EXPLORER_GUIDE.md`
|