Explore Help

Register Sign In

stella-ops.org/git.stella-ops.org

1

0

You've already forked git.stella-ops.org

Code Issues Pull Requests Actions 2 Releases Wiki Activity

Files

9ca2de05dff9c7db11eb49df6d4e47bbfe7a99f6

git.stella-ops.org/docs/features/unchecked/policy/smart-diff-semantic-risk-delta.md

master 1bf6bbf395 semi implemented and features implemented save checkpoint

2026-02-08 18:00:49 +02:00

2.6 KiB

Raw Blame History

Smart-Diff Semantic Risk Delta (Moat Score 4)

Module

Policy

Status

IMPLEMENTED

Description

Material risk change detection with delta verdict computation, security state delta analysis, and delta computing.

Implementation Details

WhatIfSimulationService: src/Policy/StellaOps.Policy.Engine/WhatIfSimulation/WhatIfSimulationService.cs
- SimulateAsync() computes semantic risk delta between baseline and target
- SBOM diff operations: add, remove, upgrade, downgrade with advisory/VEX/reachability context
- Decision change types: status_changed, severity_changed, new, removed
- Impact summary: risk delta (increased/decreased/unchanged), material risk indicators
- Recommendations based on delta analysis
ConsoleSimulationDiffService: src/Policy/StellaOps.Policy.Engine/Console/ConsoleSimulationDiffService.cs
- Schema version: console-policy-23-001
- Deterministic before/after severity breakdowns
- Rule impact analysis: identifies which policy rules drive the risk delta
- Explain samples for delta reasoning
DriftGateEvaluator: src/Policy/StellaOps.Policy.Engine/Gates/DriftGateEvaluator.cs
- SBOM drift detection as a semantic risk signal
- Component addition/removal/version change tracking
CounterfactualEngine: src/Policy/__Libraries/StellaOps.Policy/Counterfactuals/CounterfactualEngine.cs
- Computes "what would fix this" paths: VEX, Exception, Reachability, VersionUpgrade, CompensatingControl
- Effort ratings per path: Critical=5, High=4, Medium=3, Low=2
RiskSimulationService: src/Policy/StellaOps.Policy.Engine/Simulation/RiskSimulationService.cs
- Signal-based risk scoring with distribution and top movers
- CompareProfilesWithBreakdown() for before/after profile delta

E2E Test Plan

Simulate adding component with known critical CVE; verify risk delta shows "increased" with new critical finding
Simulate upgrading component that fixes CVE; verify risk delta shows "decreased" with removed finding
Simulate no changes; verify risk delta shows "unchanged"
Verify severity_changed detection: finding changes from High to Critical
Verify new detection: component addition introduces new findings
Verify removed detection: component removal clears associated findings
Verify CounterfactualEngine computes fix paths for blocked findings in delta
Verify console diff output includes rule impact analysis
Verify deterministic output: same baseline + target always produces same delta
Verify DriftGateEvaluator integrates semantic drift into gate evaluation

Powered by Gitea Version: 1.24.5 Page: 23ms Template: 1ms

English

Bahasa Indonesia Deutsch English Español Français Gaeilge Italiano Latviešu Magyar nyelv Nederlands Polski Português de Portugal Português do Brasil Suomi Svenska Türkçe Čeština Ελληνικά Български Русский Українська فارسی മലയാളം 日本語简体中文繁體中文（台灣）繁體中文（香港） 한국어

Licenses API