7503c19b8f
- Implemented comprehensive tests for verdict artifact generation to ensure deterministic outputs across various scenarios, including identical inputs, parallel execution, and change ordering. - Created helper methods for generating sample verdict inputs and computing canonical hashes. - Added tests to validate the stability of canonical hashes, proof spine ordering, and summary statistics. - Introduced a new PowerShell script to update SHA256 sums for files, ensuring accurate hash generation and file integrity checks.
860 B
860 B
Console Risk UI (Overview)
This document describes how risk and explainability concepts should surface in the Console.
Concepts to Surface
- Verdict and “why”: a short, narrative explanation above the fold.
- Evidence rail: links to proofs that justify each fact (SBOM, VEX, reachability, policy explain trace).
- Risk signals: severity, exploit signals, exposure context, and confidence/uncertainty indicators.
Explainability Expectations
- Every blocking decision must link to the policy gate and the evidence inputs that triggered it.
- Uncertainty must remain explicit (avoid false safety when evidence is missing or conflicts exist).
References
- Risk model overview:
docs/risk/overview.md - Policy explainability:
docs/risk/explainability.md - Vulnerability Explorer guide:
docs/20_VULNERABILITY_EXPLORER_GUIDE.md