stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
79d562ea5d0e19ea85f474d21eba6fc2dc8187f0
git.stella-ops.org/docs/modules/policy/samples/deterministic-evaluator/config-sample.yaml
StellaOps Bot 3b96b2e3ea
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
up
2025-11-27 23:45:09 +02:00

104 lines
2.5 KiB
YAML
Raw Blame History

# Deterministic Evaluator Sample Configuration
# This file demonstrates the configuration options for the policy evaluator
# Version: 1.0
evaluator:
# Determinism settings
determinism:
# Enforce strict determinism checks at runtime
enforceStrict: true
# Log warnings for potential non-deterministic operations
logWarnings: true
# Fail evaluation if non-deterministic operation detected
failOnViolation: true
# Rule evaluation settings
rules:
# First-match semantics: stop on first matching rule
firstMatchOnly: true
# Default status when no rules match
defaultStatus: "affected"
# Enable priority-based ordering (lower priority evaluates first)
priorityOrdering: true
# Exception handling settings
exceptions:
# Enable exception application after rule evaluation
enabled: true
# Specificity weights for exception scope matching
specificity:
ruleNameBase: 1000
ruleNamePerItem: 25
severityBase: 500
severityPerItem: 10
sourceBase: 250
sourcePerItem: 10
tagBase: 100
tagPerItem: 5
# Tie-breaker order: later CreatedAt wins, then lower Id wins
tieBreaker:
preferLaterCreatedAt: true
preferLowerIdOnTie: true
# Value type settings
values:
# Use decimal for all numeric comparisons (no floating-point)
useDecimalArithmetic: true
# Severity string-to-decimal mapping
severityOrder:
critical: 5
high: 4
medium: 3
moderate: 3
low: 2
informational: 1
info: 1
none: 0
unknown: -1
# Timestamp settings
timestamps:
# Format for all timestamp outputs
format: "yyyy-MM-ddTHH:mm:ss.fffZ"
# Timezone for all timestamps (must be UTC for determinism)
timezone: "UTC"
# Collection settings
collections:
# Use immutable collections for all internal state
useImmutable: true
# String comparison mode for keys/lookups
stringComparison: "OrdinalIgnoreCase"
# Content hashing settings for verification
hashing:
# Algorithm for content addressing
algorithm: "SHA256"
# Include in output for audit trail
includeInOutput: true
# Hash both input and output
hashInputs: true
hashOutputs: true
# Logging settings for determinism auditing
logging:
# Log rule evaluation order for debugging
logRuleOrder: false
# Log exception selection for debugging
logExceptionSelection: false
# Log final decision rationale
logDecisionRationale: true
Reference in New Issue View Git Blame Copy Permalink