stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
9ca2de05dff9c7db11eb49df6d4e47bbfe7a99f6
git.stella-ops.org/docs/features/unchecked/policy/risk-budget-api-endpoints.md

2.5 KiB
Raw Blame History

Risk Budget API Endpoints

Module

Policy

Status

IMPLEMENTED

Description

API endpoints for risk budget management and enforcement with integration-level testing of budget enforcement.

Implementation Details

  • BudgetEndpoints: src/Policy/StellaOps.Policy.Engine/Endpoints/BudgetEndpoints.cs -- CRUD endpoints for budget management
  • RiskBudgetEndpoints: src/Policy/StellaOps.Policy.Engine/Endpoints/RiskBudgetEndpoints.cs -- risk budget evaluation and status endpoints
  • RiskProfileEndpoints: src/Policy/StellaOps.Policy.Engine/Endpoints/RiskProfileEndpoints.cs -- risk profile configuration endpoints
  • RiskProfileSchemaEndpoints: src/Policy/StellaOps.Policy.Engine/Endpoints/RiskProfileSchemaEndpoints.cs -- schema validation for risk profiles
  • RiskProfileAirGapEndpoints: src/Policy/StellaOps.Policy.Engine/Endpoints/RiskProfileAirGapEndpoints.cs -- air-gap compatible risk profile endpoints
  • LedgerExportService: src/Policy/StellaOps.Policy.Engine/Ledger/LedgerExportService.cs -- budget ledger export for compliance
  • LedgerModels: src/Policy/StellaOps.Policy.Engine/Ledger/LedgerModels.cs -- ledger data models
  • LedgerExportStore: src/Policy/StellaOps.Policy.Engine/Ledger/LedgerExportStore.cs -- persistence for ledger exports
  • UnknownBudgetService / UnknownsBudgetEnforcer: src/Policy/__Libraries/StellaOps.Policy.Unknowns/ -- budget enforcement for unknowns
  • PolicyGateEvaluator: src/Policy/StellaOps.Policy.Engine/Gates/PolicyGateEvaluator.cs -- budget status affects gate level selection

E2E Test Plan

  • GET budget status endpoint; verify response includes current consumption, limits, and status (Green/Yellow/Red/Exhausted)
  • POST create budget with critical/high/medium limits; verify budget created with correct thresholds
  • POST evaluate risk budget for artifact; verify consumption is calculated and compared against limits
  • Consume budget beyond Yellow threshold; verify status changes to Yellow
  • Consume budget beyond Red threshold; verify status changes to Red
  • Consume budget beyond limit; verify status changes to Exhausted and gate level escalates
  • GET risk profile endpoint; verify profile includes budget configuration and scoring weights
  • POST risk profile schema validation; verify invalid profile returns validation errors
  • GET ledger export; verify budget transactions are exported with timestamps and actor IDs
  • GET air-gap risk profile endpoint; verify offline-compatible response without external dependencies