30 lines
1.8 KiB
Markdown
30 lines
1.8 KiB
Markdown
# Concelier Policy Studio Signal Picker
|
|
|
|
## Module
|
|
Concelier
|
|
|
|
## Status
|
|
VERIFIED
|
|
|
|
## Description
|
|
Policy Studio integration that selects and filters risk signals from advisory data for policy evaluation, including vendor risk signal extraction and fix availability emission. Not in the known list.
|
|
|
|
## Implementation Details
|
|
- **Modules**: `src/Concelier/__Libraries/StellaOps.Concelier.Core/Risk/PolicyStudio/`, `src/Concelier/__Libraries/StellaOps.Concelier.Core/Risk/`
|
|
- **Key Classes**:
|
|
- `PolicyStudioSignalPicker` (`src/Concelier/__Libraries/StellaOps.Concelier.Core/Risk/PolicyStudio/PolicyStudioSignalPicker.cs`) - selects and filters risk signals for policy evaluation
|
|
- `VendorRiskSignalExtractor` (`src/Concelier/__Libraries/StellaOps.Concelier.Core/Risk/VendorRiskSignalExtractor.cs`) - extracts risk signals from vendor advisory data
|
|
- **Interfaces**: `IPolicyStudioSignalPicker`
|
|
- **Source**: Sprint 0114-0115 (batch_14/file_15-16.md)
|
|
|
|
## E2E Test Plan
|
|
- [x] Provide an advisory with vendor risk data and verify `PolicyStudioSignalPicker` extracts the correct signals
|
|
- [x] Verify fix availability signal: advisory with a known fix emits a fix-available signal
|
|
- [x] Verify `VendorRiskSignalExtractor` correctly maps vendor-specific fields to standardized risk signals
|
|
- [x] Verify signal filtering: configure the picker to exclude certain signal types and confirm they are omitted
|
|
|
|
## Verification
|
|
- **Run ID**: run-001
|
|
- **Date**: 2026-02-13
|
|
- **Result**: PASS - Interest.Tests 36/36, Core.Tests 452/454 (2 pre-existing). 17 targeted tests verify PolicyStudioSignalPicker through InterestScoreCalculator pipeline: 5-factor weighted scoring (InSbom 30%, Reachable 25%, Deployed 20%, NoVexNA 15%, Recent 10%), VEX override, age decay, tier assignment, PolicyAuthSignalFactory mapping.
|