stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
44cd1827c23f37e4fc31f6cd89a57efcb3dd1fb8
git.stella-ops.org/docs/features/checked/policy/gate-level-selection.md
master 9ca2de05df more features checks. setup improvements
2026-02-13 02:04:55 +02:00

40 lines
2.9 KiB
Markdown
Raw Blame History

# Gate Level Selection (G0-G4)
## Module
Policy
## Status
IMPLEMENTED
## Description
Diff-aware release gate levels G0-G4 with automatic gate selection based on RRS score and budget status, exposed via API endpoints.
## Implementation Details
- **PolicyGateEvaluator**: `src/Policy/StellaOps.Policy.Engine/Gates/PolicyGateEvaluator.cs`
- Multi-gate evaluation pipeline with 5 sequential gates: Evidence Completeness, Lattice State, VEX Trust, Uncertainty Tier, Confidence Threshold
- Gate result types: Pass, PassWithNote, Warn, Block, Skip
- Short-circuits on first Block; accumulates warnings
- Override support with justification requirements
- Gate decision model: `PolicyGateDecision.cs` with overall decision and per-gate details
- **PolicyGateOptions**: `src/Policy/StellaOps.Policy.Engine/Gates/PolicyGateOptions.cs` -- configurable gate thresholds and behaviors
- **VexTrustGate**: `src/Policy/StellaOps.Policy.Engine/Gates/VexTrustGate.cs` -- per-environment trust thresholds (prod: 0.80, staging: 0.60, dev: 0.40)
- **DeterminizationGate**: `src/Policy/StellaOps.Policy.Engine/Gates/Determinization/DeterminizationGate.cs` -- determinism verification gate using DecayedConfidenceCalculator
- **StabilityDampingGate**: `src/Policy/StellaOps.Policy.Engine/Gates/StabilityDampingGate.cs` -- prevents oscillation in gate decisions
- **DriftGateEvaluator**: `src/Policy/StellaOps.Policy.Engine/Gates/DriftGateEvaluator.cs` -- evaluates SBOM drift for diff-aware gating
- **RiskSimulationService**: `src/Policy/StellaOps.Policy.Engine/Simulation/RiskSimulationService.cs` -- signal-based scoring that feeds gate selection
- Severity mapping: Critical>=90, High>=70, Medium>=40, Low>=10
- **WhatIfSimulationService**: `src/Policy/StellaOps.Policy.Engine/WhatIfSimulation/WhatIfSimulationService.cs` -- delta computation for diff-aware gates
- **Gate endpoints**: `src/Policy/StellaOps.Policy.Engine/Endpoints/` -- REST API for gate evaluation results
## E2E Test Plan
- [ ] Evaluate artifact with all evidence present and high confidence; verify all gates pass (G0 level)
- [ ] Evaluate artifact with missing VEX evidence; verify Evidence Completeness gate warns or blocks
- [ ] Evaluate artifact with VEX trust score below production threshold (0.80); verify VexTrustGate blocks in prod
- [ ] Evaluate artifact with VEX trust score 0.65 in staging; verify VexTrustGate passes (threshold 0.60)
- [ ] Evaluate artifact with unknown reachability (U state); verify Lattice State gate applies appropriate action
- [ ] Evaluate artifact with Uncertainty Tier T1 (high uncertainty); verify Uncertainty gate blocks
- [ ] Evaluate artifact with confidence below threshold; verify Confidence gate blocks
- [ ] Override a blocked gate with justification; verify PassWithNote result
- [ ] Evaluate with DriftGateEvaluator detecting SBOM changes; verify drift-aware gating triggers
- [ ] Verify StabilityDampingGate prevents rapid oscillation between Pass and Block
Reference in New Issue View Git Blame Copy Permalink