stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
7be4e855d69f59ea7837af96fef37fdac63a41fe
git.stella-ops.org/docs/features/checked/excititor/vex-policy-controlled-trust-and-evidence-requirements.md
master e9aeadc040 save checkpoint
2026-02-14 09:11:48 +02:00

2.6 KiB
Raw Blame History

VEX Policy-Controlled Trust and Evidence Requirements

Module

Excititor

Status

VERIFIED

Description

Policy-driven trust weights and evidence requirements for VEX claims, with guardrails ensuring safe statuses require evidence satisfaction.

Implementation Details

  • Modules: src/Excititor/__Libraries/StellaOps.Excititor.Core/, src/Excititor/StellaOps.Excititor.WebService/
  • Key Classes:
    • BaselineVexConsensusPolicy (src/Excititor/__Libraries/StellaOps.Excititor.Core/BaselineVexConsensusPolicy.cs) - baseline policy with evidence requirements for safe statuses
    • VexConsensusPolicyOptions (src/Excititor/__Libraries/StellaOps.Excititor.Core/VexConsensusPolicyOptions.cs) - configurable policy options for trust and evidence
    • TrustWeightRegistry (src/Excititor/__Libraries/StellaOps.Excititor.Core/Lattice/TrustWeightRegistry.cs) - per-source trust weight configuration
    • PolicyLatticeAdapter (src/Excititor/__Libraries/StellaOps.Excititor.Core/Lattice/PolicyLatticeAdapter.cs) - adapts policy engine rules for VEX trust evaluation
    • VexEvidenceLinkOptions (src/Excititor/__Libraries/StellaOps.Excititor.Core/Evidence/VexEvidenceLinkOptions.cs) - evidence linking requirements configuration
    • PolicyEndpoints (src/Excititor/StellaOps.Excititor.WebService/Endpoints/PolicyEndpoints.cs) - REST endpoints for VEX policy queries
    • PolicyContracts (src/Excititor/StellaOps.Excititor.WebService/Contracts/PolicyContracts.cs) - API contracts for policy data
  • Interfaces: IVexConsensusPolicy, IVexLatticeProvider
  • Source: Feature matrix scan

E2E Test Plan

  • Configure a policy requiring binary-diff evidence for not_affected status and verify claims without evidence are rejected
  • Verify TrustWeightRegistry applies configurable trust weights: increase vendor weight and verify vendor claims rank higher
  • Verify BaselineVexConsensusPolicy enforces minimum evidence requirements for safe statuses (not_affected, fixed)
  • Verify PolicyLatticeAdapter applies K4 lattice rules from the policy engine to VEX trust evaluation
  • Verify VexEvidenceLinkOptions requires specific evidence types (reachability, binary-diff) for specific statuses
  • Verify PolicyEndpoints returns the active VEX policy configuration

Verification

  • Verified on 2026-02-13 via run-001.
  • Tier 0: Source files confirmed present on disk.
  • Tier 1: dotnet build passed (0 errors); 503/504 tests passed (1 env_issue: no local Postgres).
  • Tier 2d: docs/qa/feature-checks/runs/excititor/vex-policy-controlled-trust-and-evidence-requirements/run-001/tier2-integration-check.json