stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity
Files
634233dfed12f52e50cf2846e72bb92e600f41ef
git.stella-ops.org/docs/implplan/SPRINT_7100_SUMMARY.md
StellaOps Bot 634233dfed feat: Implement distro-native version comparison for RPM, Debian, and Alpine packages 
- Add RpmVersionComparer for RPM version comparison with epoch, version, and release handling.
- Introduce DebianVersion for parsing Debian EVR (Epoch:Version-Release) strings.
- Create ApkVersion for parsing Alpine APK version strings with suffix support.
- Define IVersionComparator interface for version comparison with proof-line generation.
- Implement VersionComparisonResult struct to encapsulate comparison results and proof lines.
- Add tests for Debian and RPM version comparers to ensure correct functionality and edge case handling.
- Create project files for the version comparison library and its tests.
2025-12-22 09:50:12 +02:00

10 KiB
Raw Blame History

SPRINT_7100 Summary — VEX Trust Lattice

Epic: VEX Trust Lattice for Explainable, Replayable Decisioning Total Duration: 12 weeks (6 sprints) Status: TODO Source Advisory: docs/product-advisories/archived/22-Dec-2026 - Building a Trust Lattice for VEX Sources.md

Executive Summary

Implement a sophisticated 3-component trust vector model (Provenance, Coverage, Replayability) for VEX sources, enabling explainable and deterministically replayable vulnerability decisioning. This replaces the current single-weight trust model with a mathematically rigorous lattice-based approach that produces signed, auditable verdict manifests.

Key Features

  1. Trust Vector (P/C/R): 3-component scoring per VEX source
  2. Claim Scoring: ClaimScore = BaseTrust(S) * M * F with strength and freshness multipliers
  3. Policy Gates: Minimum confidence, unknowns budget, source quotas, reachability requirements
  4. Verdict Manifest: DSSE-signed, indexed, replayable verdicts
  5. Trust Algebra UI: Visual explanation panel for trust decisions
  6. Calibration: Rolling trust weight adjustment based on post-mortem truth

Sprint Overview

Sprint ID Topic Duration Status Key Deliverables
7100.0001.0001 Trust Vector Foundation 2 weeks TODO TrustVector, ClaimStrength, FreshnessCalculator, ClaimScoreCalculator
7100.0001.0002 Verdict Manifest & Replay 2 weeks TODO VerdictManifest, DSSE signing, PostgreSQL store, replay verification
7100.0002.0001 Policy Gates & Lattice Merge 2 weeks TODO ClaimScoreMerger, MinimumConfidenceGate, SourceQuotaGate, UnknownsBudgetGate
7100.0002.0002 Source Defaults & Calibration 2 weeks TODO DefaultTrustVectors, CalibrationManifest, TrustCalibrationService
7100.0003.0001 UI Trust Algebra Panel 2 weeks TODO TrustAlgebraComponent, confidence meter, P/C/R bars, claim table
7100.0003.0002 Integration & Documentation 2 weeks TODO Architecture docs, trust-lattice.md, verdict-manifest.md, API reference

Gap Analysis (Advisory vs. Current Implementation)

Advisory Feature Current State Gap Severity Sprint
3-Component Trust Vector (P/C/R) Single weight per provider MAJOR 7100.0001.0001
Claim Strength Multiplier (M) Status-based adjustments only MEDIUM 7100.0001.0001
Freshness Decay (F) Fixed staleness penalties (-5%/-10%) MEDIUM 7100.0001.0001
ClaimScore = BaseTrustMF Not implemented MAJOR 7100.0001.0001
Conflict Mode + Replay Proof K4 conflict detection, no down-weight MINOR 7100.0002.0001
Verdict Manifest (DSSE-signed) Not implemented MAJOR 7100.0001.0002
Policy Gates (min confidence, quotas) Partial (jurisdiction rules) MEDIUM 7100.0002.0001
Deterministic Replay Pinning Determinism prioritized, no manifest MEDIUM 7100.0001.0002
UI Trust Algebra Panel Not implemented MEDIUM 7100.0003.0001
Calibration Manifest Not implemented MINOR 7100.0002.0002

Batch A: Core Models (Sprints 7100.0001.00010002)

Sprint 7100.0001.0001: Trust Vector Foundation

Owner: Excititor Team + Policy Team Working Directory: src/Excititor/__Libraries/StellaOps.Excititor.Core/ Deliverables:

  • TrustVector record with P/C/R components and configurable weights
  • ClaimStrength enum with evidence-based multipliers (0.401.00)
  • FreshnessCalculator with configurable half-life decay (default 90 days)
  • ClaimScoreCalculator implementing BaseTrust(S) * M * F
  • Extended VexProvider with TrustVector configuration
  • Unit tests for scoring calculations (determinism validation)

Tests: ≥90% coverage, determinism assertions

Sprint 7100.0001.0002: Verdict Manifest & Replay

Owner: Authority Team + Excititor Team Working Directory: src/Authority/__Libraries/StellaOps.Authority.Core/ Deliverables:

  • VerdictManifest model with inputs pinning
  • VerdictManifestBuilder for deterministic assembly
  • DSSE signing for verdict manifests via Signer module
  • IVerdictManifestStore interface and PostgreSQL implementation
  • Indexing by (asset_digest, CVE, policy_hash, lattice_version)
  • Replay verification endpoint
  • Integration tests with determinism assertions

Tests: DSSE signing tests, replay verification tests

Batch B: Policy Integration (Sprints 7100.0002.00010002)

Sprint 7100.0002.0001: Policy Gates & Lattice Merge

Owner: Policy Team Working Directory: src/Policy/__Libraries/StellaOps.Policy/ Deliverables:

  • Extend TrustLatticeEngine with ClaimScore-based merge
  • Implement conflict penalty (delta=0.25) on contradictory claims
  • MinimumConfidenceGate policy hook (prod requires ≥0.75)
  • UnknownsBudgetGate policy hook (fail if unknowns > N)
  • SourceQuotaGate (cap influence at 60% unless corroborated)
  • ReachabilityRequirementGate for criticals
  • Policy configuration schema (YAML/JSON)
  • Unit tests for all gates with edge cases

Tests: Gate edge cases, conflict scenarios

Sprint 7100.0002.0002: Source Defaults & Calibration

Owner: Excititor Team Working Directory: src/Excititor/__Libraries/StellaOps.Excititor.Core/ Deliverables:

  • Default trust vectors for Vendor/Distro/Internal source classes
  • SourceClassification service for auto-classification
  • CalibrationManifest model for tuning history
  • Calibration comparison (claim vs. post-mortem truth)
  • Learning rate adjustment (±0.02/epoch)
  • Configuration for calibration policy

Tests: Default vector tests, calibration accuracy tests

Batch C: UI & Integration (Sprints 7100.0003.00010002)

Sprint 7100.0003.0001: UI Trust Algebra Panel

Owner: UI Team Working Directory: src/Web/StellaOps.Web/ Deliverables:

  • TrustAlgebraComponent Angular component
  • Confidence meter visualization (01 scale)
  • P/C/R stacked bar chart for winning claim
  • Claim comparison table with conflict toggle
  • Policy chips display with YAML viewer (read-only in replay)
  • "Reproduce verdict" replay button
  • E2E tests for trust algebra panel

Tests: Component tests, accessibility tests

Sprint 7100.0003.0002: Integration & Documentation

Owner: Docs Guild + All Teams Working Directory: docs/ and cross-module integration Deliverables:

  • Update docs/modules/excititor/architecture.md with trust lattice
  • Create docs/modules/excititor/trust-lattice.md specification
  • Update docs/modules/policy/architecture.md with gates
  • Create docs/modules/authority/verdict-manifest.md specification
  • Add JSON Schema for VerdictManifest to docs/attestor/
  • Update API reference with verdict manifest endpoints
  • Integration tests: end-to-end trust lattice flow
  • Update etc/*.yaml.sample configuration files

Tests: Documentation review, E2E integration tests

Dependencies

graph TD
    A[7100.0001.0001 Trust Vector] --> B[7100.0001.0002 Verdict Manifest]
    A --> C[7100.0002.0001 Policy Gates]
    B --> D[7100.0002.0002 Calibration]
    C --> D
    B --> E[7100.0003.0001 UI Panel]
    C --> E
    D --> F[7100.0003.0002 Integration]
    E --> F

Technical Design

Trust Vector Formula

BaseTrust(S) = wP*P + wC*C + wR*R

Where:
- P = Provenance score [0..1]
- C = Coverage score [0..1]
- R = Replayability score [0..1]
- wP = 0.45 (default)
- wC = 0.35 (default)
- wR = 0.20 (default)

Claim Score Formula

ClaimScore = BaseTrust(S) * M * F

Where:
- M = Claim strength multiplier [0.40..1.00]
- F = Freshness decay = max(exp(-ln(2) * age_days / half_life), floor)
- half_life = 90 days (default)
- floor = 0.35 (minimum freshness)

Default Trust Vectors by Source Class

Source Class P C R
Vendor 0.90 0.70 0.60
Distro 0.80 0.85 0.60
Internal 0.85 0.95 0.90

Claim Strength Values

Evidence Type Strength (M)
Exploitability analysis + reachability proof 1.00
Config/feature-flag reason with evidence 0.80
Vendor blanket statement 0.60
Under investigation 0.40

Success Metrics

Technical Metrics

  • Determinism: 100% bit-identical verdict manifests for same inputs
  • Performance: Verdict computation <100ms for 1k claims (p95)
  • Accuracy: Calibration drift <5% per epoch
  • Scalability: 100k verdicts/day without degradation

Business Metrics

  • Explainability: 100% of verdicts include full audit trail
  • Compliance: DSSE-signed verdicts meet audit requirements
  • Customer adoption: ≥30% enable trust algebra UI (12 months)

Architectural Decisions

Decision Rationale
Extend, don't replace Build trust vectors alongside existing append-only linksets
Backward compatibility Existing VexProvider.Trust.Weight maps to legacy mode
Scoring at evaluation time No ingestion-time decisioning per AOC-19
Air-gap support Trust vectors work offline with local signature verification
Calibration as separate manifest Allows auditable tuning history

Quick Links

Sprint Files:

Documentation:

Source Advisory:

Last Updated: 2025-12-22 Next Review: Weekly during sprint execution