Explore Help

Register Sign In

stella-ops.org/git.stella-ops.org

1

0

You've already forked git.stella-ops.org

Code Issues Pull Requests Actions 2 Releases Wiki Activity

Files

9ca2de05dff9c7db11eb49df6d4e47bbfe7a99f6

git.stella-ops.org/docs/features/unchecked/policy/verdict-explainability-rationale-renderer.md

master 1bf6bbf395 semi implemented and features implemented save checkpoint

2026-02-08 18:00:49 +02:00

2.9 KiB

Raw Blame History

Verdict Explainability / Rationale Renderer

Module

Policy

Status

IMPLEMENTED

Description

Verdict rationale renderer and rationale model in Policy Explainability library. Testing infrastructure includes explainability assertions, IExplainableDecision interface, and explainability models.

Implementation Details

VerdictRationaleRenderer: src/Policy/__Libraries/StellaOps.Policy.Explainability/VerdictRationaleRenderer.cs (sealed class implements IVerdictRationaleRenderer)
- Render(VerdictRationaleInput) produces structured 4-line rationale
- RenderPlainText(rationale) produces 4-line plain text output
- RenderMarkdown(rationale) produces Markdown with ## headers (Evidence, Policy Clause, Attestations, Decision)
- RenderJson(rationale) produces canonical JSON (RFC 8785) via CanonJson.Serialize
- Content-addressed RationaleId: rat:sha256:{hash} computed from SHA256 of canonical JSON
- Evidence rendering: CVE ID, component PURL/name/version, reachability (vulnerable function, entry point, path summary)
- Policy clause rendering: ClauseId, RuleDescription, Conditions
- Attestation rendering: path witness, VEX statements, provenance references
- Decision rendering: verdict, score, recommendation, mitigation (action, details)
VerdictRationale model: src/Policy/__Libraries/StellaOps.Policy.Explainability/VerdictRationale.cs
- SchemaVersion: "1.0"
- 4-line template: RationaleEvidence, RationalePolicyClause, RationaleAttestations, RationaleDecision
- RationaleInputDigests: VerdictDigest, PolicyDigest, EvidenceDigest for reproducibility
- Supporting records: ComponentIdentity, ReachabilityDetail, AttestationReference, MitigationGuidance
IVerdictRationaleRenderer: src/Policy/__Libraries/StellaOps.Policy.Explainability/IVerdictRationaleRenderer.cs
- Interface with Render, RenderPlainText, RenderMarkdown, RenderJson methods
- VerdictRationaleInput record with full input specification

E2E Test Plan

Render rationale for CVE-2024-1234 in lodash@4.17.21 with reachability; verify Evidence.FormattedText contains CVE, component, vulnerable function
Render rationale with policy clause "require-vex-for-critical"; verify PolicyClause.FormattedText includes clause ID and conditions
Render rationale with 2 VEX attestation references; verify Attestations.FormattedText includes both
Render rationale without attestations; verify FormattedText says "No attestations available."
Render same input twice; verify RationaleId is identical (content-addressed determinism)
Render with score=0.85 and mitigation; verify Decision.FormattedText includes "score 0.85" and mitigation action
RenderPlainText produces 4-line output (evidence, clause, attestations, decision)
RenderMarkdown produces valid Markdown with ## headers
RenderJson produces valid JSON parseable by standard parser
Verify RationaleId matches format rat:sha256:{64 hex chars}

Powered by Gitea Version: 1.24.5 Page: 22ms Template: 1ms

English

Bahasa Indonesia Deutsch English Español Français Gaeilge Italiano Latviešu Magyar nyelv Nederlands Polski Português de Portugal Português do Brasil Suomi Svenska Türkçe Čeština Ελληνικά Български Русский Українська فارسی മലയാളം 日本語简体中文繁體中文（台灣）繁體中文（香港） 한국어

Licenses API