36 lines
1.7 KiB
Markdown
36 lines
1.7 KiB
Markdown
# Policy Version Binding to Reachability Slices (strict/forward/any)
|
|
|
|
## Module
|
|
Scanner
|
|
|
|
## Status
|
|
VERIFIED
|
|
|
|
## Description
|
|
Binds reachability slices to specific policy versions with three validation modes: strict (invalidate on any policy change), forward (valid with newer versions), and any (valid with any version). Production defaults to strict mode.
|
|
|
|
## Implementation Details
|
|
- **Policy Binding**:
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Slices/PolicyBinding.cs` - `PolicyBinding` binds reachability slices to specific policy versions with three validation modes: strict (invalidate on any policy change), forward (valid with newer versions), and any (valid with any version)
|
|
- **Slice Schema**:
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Slices/SliceSchema.cs` - `SliceSchema` includes policy version binding metadata in slice definitions
|
|
|
|
## E2E Test Plan
|
|
- [ ] Create a reachability slice with strict policy binding and verify it is invalidated when the policy version changes
|
|
- [ ] Create a reachability slice with forward binding and verify it remains valid when the policy version is incremented
|
|
- [ ] Create a reachability slice with forward binding and verify it is invalidated when the policy version is rolled back
|
|
- [ ] Create a reachability slice with "any" binding and verify it remains valid regardless of policy version changes
|
|
- [ ] Verify production defaults to strict mode when no binding mode is explicitly specified
|
|
- [ ] Verify invalidated slices trigger re-computation of reachability analysis
|
|
|
|
---
|
|
|
|
## Verification
|
|
|
|
| Check | Result |
|
|
|-------|--------|
|
|
| Tier 0 - Source files exist | PASS |
|
|
| Tier 1 - Build + code review | PASS |
|
|
| Tier 2 - Integration tests | PASS |
|
|
| Verified | 2026-02-13T18:10:00Z |
|