stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
7be4e855d69f59ea7837af96fef37fdac63a41fe
git.stella-ops.org/docs/features/unimplemented/attestor/attestable-exception-objects-with-expiries-and-audit-trails.md
master 5bca406787 save checkpoint: save features
2026-02-12 10:27:23 +02:00

4.9 KiB
Raw Blame History

Attestable Exception Objects with Expiries and Audit Trails

Module

Attestor

Status

PARTIALLY_IMPLEMENTED

Description

Exceptions are modeled as auditable objects with IDs, owners, expiry dates, and audit trails. The exception ledger UI shows active/pending/expiring counts. Signed override badges indicate cryptographic attestation of exceptions.

Implementation Details

  • Exception Reference: src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Services/ExceptionRef.cs -- models exception objects with ID, owner, and expiry metadata.
  • Budget Exception Entry: src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Statements/BudgetExceptionEntry.cs -- exception entry within the uncertainty budget system, tracking exception scope and validity period.
  • Budget System Integration: BudgetDefinition.cs, BudgetObservation.cs, BudgetViolationEntry.cs -- exceptions integrate with the uncertainty budget to allow controlled risk acceptance.
  • VEX Override System: src/Attestor/__Libraries/StellaOps.Attestor.StandardPredicates/VexOverride/VexOverridePredicate.cs -- signed VEX overrides serve as attestable exceptions. VexOverridePredicateBuilder.cs (with .Build, .Serialize, .WithMethods partials) constructs override predicates. VexOverrideDecision.cs captures the decision rationale.
  • Evidence Reference: VexOverride/EvidenceReference.cs -- links exception decisions to supporting evidence.
  • Audit Trail: src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Audit/AuditHashLogger.cs (with .Validation partial) logs hash-based audit records. HashAuditRecord.cs captures individual audit entries. AuditArtifactTypes.cs defines auditable artifact types.
  • Persistence: src/Attestor/__Libraries/StellaOps.Attestor.Persistence/Entities/AuditLogEntity.cs -- database entity for audit log persistence.
  • DSSE Signing: Exceptions are signed via ProofChainSigner to produce cryptographic attestation (signed override badges).

E2E Test Plan

  • Create an exception via BudgetExceptionEntry with owner, expiry date, and justification, then verify all fields serialize correctly
  • Build a VexOverridePredicate with VexOverridePredicateBuilder, sign it via DSSE, and verify the signed envelope contains the override decision
  • Create an exception with an expiry date in the past and verify budget evaluation treats it as expired (no longer valid)
  • Create an exception with a future expiry and verify it is counted as active in the budget check
  • Log exception creation via AuditHashLogger and verify HashAuditRecord captures the artifact type, timestamp, and hash
  • Query audit trail for a specific exception ID and verify the complete history of changes is returned
  • Verify that ExceptionRef correctly links to EvidenceReference for evidence-backed exception justification

Implementation Gaps (2026-02-11)

  • ExceptionRef currently contains only ExceptionId, Status, and CoveredReasonCodes; it does not model owner/expiry metadata or evidence references as described by the feature claim.
  • A concrete IProofChainRepository implementation for querying complete audit history by exception ID was not found in StellaOps.Attestor.Persistence; only the interface contract exists.
  • Core DSSE exception signing and hash audit logging behaviors are implemented and tested, but claim-parity fails for full exception-reference and audit-query workflow coverage.

Verification

  • Evaluated on 2026-02-11 via run-001.
  • Tier 0 source checks passed, Tier 1 build/tests passed (52/52 scoped tests), but Tier 1 code review and Tier 2 behavioral claim parity failed on missing exception-reference and audit-query implementation pieces.
  • Feature terminalized as not_implemented and moved from unchecked to unimplemented.
  • Evidence:
    • docs/qa/feature-checks/runs/attestor/attestable-exception-objects-with-expiries-and-audit-trails/run-001/tier0-source-check.json
    • docs/qa/feature-checks/runs/attestor/attestable-exception-objects-with-expiries-and-audit-trails/run-001/tier1-build-check.json
    • docs/qa/feature-checks/runs/attestor/attestable-exception-objects-with-expiries-and-audit-trails/run-001/tier2-integration-check.json
    • docs/qa/feature-checks/runs/attestor/attestable-exception-objects-with-expiries-and-audit-trails/run-001/triage.json

Not Implemented Findings

  • Tier 0 and Tier 1 pass for core exception-signing and audit-hash behavior, but claim parity review found gaps in exception reference modeling and audit-history query implementation.
  • ExceptionRef currently contains ExceptionId, Status, and covered reason codes only; owner/expiry/evidence linkage promised by this feature dossier is not modeled in this contract.
  • IProofChainRepository exposes audit-log query methods, but no concrete proof-chain repository implementation was found to fulfill complete history retrieval semantics by exception ID in this feature scope.