stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity
Files
822a92faeebbceea6fa005b7eddb7572a8b29b41
git.stella-ops.org/docs/modules/policy/gates/beacon-rate-gate.md
master 04cacdca8a Gaps fill up, fixes, ui restructuring
2026-02-19 22:10:54 +02:00

105 lines
3.4 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Beacon Verification Rate Gate
**Gate ID:** `beacon-rate`
Enforces minimum beacon verification rate for runtime canary coverage. When enabled, blocks or warns for releases where beacon coverage is insufficient in a required environment.
## How It Works
1. Checks if the target environment requires beacon coverage (configurable per environment)
2. Reads beacon telemetry data from the policy context
3. If no beacon data exists, applies the configured missing-beacon action (warn or block)
4. If beacon count is below the minimum, defers rate enforcement (insufficient sample size)
5. Compares verification rate against threshold, returns pass, warn, or block
## Configuration
```json
{
"PolicyGates": {
"BeaconRate": {
"Enabled": false,
"BelowThresholdAction": "Warn",
"MissingBeaconAction": "Warn",
"MinVerificationRate": 0.8,
"RequiredEnvironments": ["production"],
"MinBeaconCount": 10
}
}
}
```
### Options
| Option | Type | Default | Description |
|--------|------|---------|-------------|
| `Enabled` | bool | `false` | Whether the gate is active (opt-in) |
| `BelowThresholdAction` | enum | `Warn` | Action when rate is below threshold: `Warn` or `Block` |
| `MissingBeaconAction` | enum | `Warn` | Action when no beacon data exists: `Warn` or `Block` |
| `MinVerificationRate` | double | `0.8` | Minimum acceptable verification rate (0.01.0) |
| `RequiredEnvironments` | string[] | `["production"]` | Environments requiring beacon coverage |
| `MinBeaconCount` | int | `10` | Minimum beacons before rate enforcement applies |
## Context Metadata Keys
The gate reads the following keys from `PolicyGateContext.Metadata`:
| Key | Type | Description |
|-----|------|-------------|
| `beacon_verification_rate` | double string | Verification rate (0.01.0) |
| `beacon_verified_count` | int string | Number of verified beacon events |
## Beacon Verification States
| State | Description | Default Behavior |
|-------|-------------|------------------|
| No data | No beacon telemetry available | Depends on `MissingBeaconAction` |
| Insufficient count | Fewer beacons than `MinBeaconCount` | Rate enforcement deferred (pass with warning) |
| Below threshold | Rate < `MinVerificationRate` | Depends on `BelowThresholdAction` |
| Above threshold | Rate >= `MinVerificationRate` | Pass |
## Example Gate Results
**Pass:**
```
Beacon verification rate (95.0%) meets threshold (80.0%)
```
**Pass (environment not required):**
```
Beacon rate not required for environment 'dev'
```
**Pass (insufficient sample):**
```
Beacon count (3) below minimum (10); rate enforcement deferred
```
**Warn (below threshold):**
```
Beacon verification rate (60.0%) is below threshold (warn mode)
```
**Fail (no data, block mode):**
```
No beacon telemetry data available for this artifact
```
**Fail (below threshold, block mode):**
```
Beacon verification rate (60.0%) is below threshold (80.0%)
```
## Integration
This gate consumes beacon verification rate data derived from `stella.ops/beaconAttestation@v1` predicates. The rate is computed by the Signals beacon pipeline as `verified_beacons / expected_beacons` over a configurable lookback window.
## Related Documents
- `docs/contracts/beacon-attestation-v1.md` — Predicate contract
- `docs/modules/policy/gates/execution-evidence-gate.md` — Companion execution evidence gate
---
*Last updated: 2026-02-19.*
Reference in New Issue View Git Blame Copy Permalink