926 lines
57 KiB
JSON
926 lines
57 KiB
JSON
{
|
|
"module": "policy",
|
|
"featureCount": 88,
|
|
"lastUpdatedUtc": "2026-02-13T12:15:00Z",
|
|
"summary": {
|
|
"passed": 56,
|
|
"failed": 0,
|
|
"blocked": 0,
|
|
"skipped": 0,
|
|
"done": 56,
|
|
"queued": 32
|
|
},
|
|
"buildNote": "Policy tests.slnf baseline: Scoring 263/263 pass, Policy.Tests 781/781 pass, Engine 1278/1278 pass, Determinization 438/438 pass, Exceptions 83/83 pass, Explainability 35/35 pass, PolicyDsl 140/140 pass, Interop 129/135 pass (6 pre-existing YAML failures) (2864 total across 7 projects). 56 features verified with full Tier 0+1+2d. Batch 12: policy-engine-with-proofs, policy-gate-with-evidence-linked-approval, policy-interop-framework, policy-simulation-engine.",
|
|
"features": {
|
|
"adversarial-input-validation-for-scoring-inputs": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-001",
|
|
"lastUpdatedUtc": "2026-02-12T22:00:00Z",
|
|
"featureFile": "docs/features/checked/policy/adversarial-input-validation-for-scoring-inputs.md",
|
|
"notes": [
|
|
"[2026-02-12T21:40:00Z] checking: Tier 0+1+2d passed - CVSS scoring, KEV boost, determinism guards",
|
|
"[2026-02-12T22:00:00Z] done: Moved to checked/"
|
|
]
|
|
},
|
|
"anchor-aware-determinization-rules-in-policy-engine": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-001",
|
|
"lastUpdatedUtc": "2026-02-12T22:00:00Z",
|
|
"featureFile": "docs/features/checked/policy/anchor-aware-determinization-rules-in-policy-engine.md",
|
|
"notes": [
|
|
"[2026-02-12T21:40:00Z] checking: Tier 0+1+2d passed - 35 test files verify anchor-aware determinization",
|
|
"[2026-02-12T22:00:00Z] done: Moved to checked/"
|
|
]
|
|
},
|
|
"auditable-exception-objects": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-001",
|
|
"lastUpdatedUtc": "2026-02-12T22:00:00Z",
|
|
"featureFile": "docs/features/checked/policy/auditable-exception-objects.md",
|
|
"notes": [
|
|
"[2026-02-12T21:40:00Z] checking: Tier 0+1+2d passed - lifecycle state machine, scope validation",
|
|
"[2026-02-12T22:00:00Z] done: Moved to checked/"
|
|
]
|
|
},
|
|
"batch-exception-loading-for-policy-evaluation": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-001",
|
|
"lastUpdatedUtc": "2026-02-12T22:15:00Z",
|
|
"featureFile": "docs/features/checked/policy/batch-exception-loading-for-policy-evaluation.md",
|
|
"notes": [
|
|
"[2026-02-12T22:02:00Z] checking: Tier 2d passed - BatchEvaluationMapper, ConcurrentDictionary caching, SHA256 context IDs",
|
|
"[2026-02-12T22:15:00Z] done: Moved to checked/"
|
|
]
|
|
},
|
|
"batch-simulation-orchestration": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-001",
|
|
"lastUpdatedUtc": "2026-02-12T22:30:00Z",
|
|
"featureFile": "docs/features/checked/policy/batch-simulation-orchestration.md",
|
|
"notes": [
|
|
"[2026-02-12T22:07:00Z] checking: Tier 2d passed - 34+ simulation tests: risk scoring, what-if, delta summaries, heatmaps",
|
|
"[2026-02-12T22:30:00Z] done: Moved to checked/"
|
|
]
|
|
},
|
|
"belnap-k4-trust-lattice-engine": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-001",
|
|
"lastUpdatedUtc": "2026-02-12T22:35:00Z",
|
|
"featureFile": "docs/features/checked/policy/belnap-k4-trust-lattice-engine.md",
|
|
"notes": [
|
|
"[2026-02-12T22:12:00Z] checking: Tier 2d passed - 30+ lattice tests, 12+ FsCheck property tests, 14+ integration tests",
|
|
"[2026-02-12T22:35:00Z] done: Moved to checked/"
|
|
]
|
|
},
|
|
"blast-radius-fleet-view": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-002",
|
|
"lastUpdatedUtc": "2026-02-12T23:12:00Z",
|
|
"featureFile": "docs/features/checked/policy/blast-radius-fleet-view.md",
|
|
"notes": [
|
|
"[2026-02-12T22:40:00Z] checking: Tier 0 passed - BlastRadius.cs, ContainmentSignals.cs, UnknownRanker.cs, Unknown.cs, UnknownsBudgetEnforcer.cs, UnknownsEndpoints.cs",
|
|
"[2026-02-12T22:45:00Z] checking: Tier 2d passed - 708/708 tests. Containment reduction verified (null=0%, isolated=15%, all factors=40% cap), reduction applied to score (60->48 with 20%)",
|
|
"[2026-02-12T23:10:00Z] done: Moved to checked/",
|
|
"[2026-02-12T23:12:00Z] run-002: Fresh tier0+tier2d evidence. 6/6 source files verified. 9 targeted UnknownRankerTests cover containment reduction percentages (15%/5%/5%/10%/10%/5%), 40% cap, band assignment, disable option."
|
|
]
|
|
},
|
|
"blast-radius-scoring-for-unknowns": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-002",
|
|
"lastUpdatedUtc": "2026-02-12T23:16:00Z",
|
|
"featureFile": "docs/features/checked/policy/blast-radius-scoring-for-unknowns.md",
|
|
"notes": [
|
|
"[2026-02-12T22:40:00Z] checking: Tier 0 passed - UnknownRanker.cs, BlastRadius.cs, ContainmentSignals.cs",
|
|
"[2026-02-12T22:45:00Z] checking: Tier 2d passed - 708/708 tests. Two-factor formula: Uncertainty*50 + ExploitPressure*50. Exact scores (45.00, 92.50, 0.00), EPSS mutual exclusivity, 11-case decay Theory, 100-iteration determinism",
|
|
"[2026-02-12T23:10:00Z] done: Moved to checked/",
|
|
"[2026-02-12T23:16:00Z] run-002: Fresh tier0+tier2d evidence. 3/3 source files verified. 34 targeted UnknownRankerTests cover two-factor formula, uncertainty/pressure factors, EPSS mutual exclusivity, 12-case decay Theory, containment reduction with blast radius + runtime signals, 40% cap, band assignment, reason codes, 100-iteration determinism."
|
|
]
|
|
},
|
|
"ci-cd-gate-exit-code-convention": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-002",
|
|
"lastUpdatedUtc": "2026-02-12T23:20:00Z",
|
|
"featureFile": "docs/features/checked/policy/ci-cd-gate-exit-code-convention.md",
|
|
"notes": [
|
|
"[2026-02-12T22:40:00Z] checking: Tier 0 passed - PolicyGateEvaluator.cs (883 lines), PolicyGateDecision.cs, PolicyGateOptions.cs, PolicyDecisionEndpoint.cs",
|
|
"[2026-02-12T22:45:00Z] checking: Tier 2d passed - 708/708 tests. Exit codes 0/1/2 tested. 5-gate pipeline (EvidenceCompleteness, LatticeState, VexTrust, UncertaintyTier, Confidence). Override with MinJustificationLength=20. Batch eval. Webhook parsing.",
|
|
"[2026-02-12T23:10:00Z] done: Moved to checked/",
|
|
"[2026-02-12T23:20:00Z] run-002: Fresh tier0+tier2d evidence. 4/4 source files verified. 41 targeted tests across CicdGateIntegrationTests (17) + WebhookGateIntegrationTests (2) + PolicyGateEvaluatorTests (22) cover exit codes (Allow=0, Warn=1, Block=2), 5-gate pipeline, EvidenceCompleteness, LatticeState, UncertaintyTier, override with justification >= 20 chars, disabled gates, batch evaluation, audit trail, webhook parsing."
|
|
]
|
|
},
|
|
"claimscore-merger-and-policy-gate-registry": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-001",
|
|
"lastUpdatedUtc": "2026-02-12T23:32:00Z",
|
|
"featureFile": "docs/features/checked/policy/claimscore-merger-and-policy-gate-registry.md",
|
|
"notes": [
|
|
"[2026-02-12T23:30:00Z] checking: Tier 0 passed - 6/6 source files (ClaimScoreMerger.cs, ConflictPenalizer.cs, PolicyGateEvaluator.cs, VexTrustGate.cs, StabilityDampingGate.cs, DriftGateEvaluator.cs)",
|
|
"[2026-02-12T23:32:00Z] checking: Tier 2d passed - 708/708 tests. ClaimScoreMergerTests (highest-score selection, conflict penalty 0.25, 1000-iteration determinism), ClaimScoreMergerPropertyTests (FsCheck), PolicyGateRegistryTests (StopOnFirstFailure, CollectAll)",
|
|
"[2026-02-12T23:32:00Z] done: Moved to checked/"
|
|
]
|
|
},
|
|
"comprehensive-testing-strategy": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-001",
|
|
"lastUpdatedUtc": "2026-02-12T23:36:00Z",
|
|
"featureFile": "docs/features/checked/policy/comprehensive-testing-strategy.md",
|
|
"notes": [
|
|
"[2026-02-12T23:34:00Z] checking: Tier 0 passed - 19/19 source files across DeterminismGuard, Replay, Simulation, Evaluation, Unknowns, Attestation, BatchEvaluation, ConsoleExport, Endpoints",
|
|
"[2026-02-12T23:36:00Z] checking: Tier 2d passed - 708/708 tests. 29+ targeted tests: DeterminismGuardTests (25 tests: ProhibitedPatternAnalyzer 7 violation categories, scoped enforcement, GuardedPolicyEvaluator, DeterministicTimeProvider), ReplayEngineTests, SimulationAnalyticsServiceTests, BatchEvaluationMapperTests",
|
|
"[2026-02-12T23:36:00Z] done: Moved to checked/"
|
|
]
|
|
},
|
|
"evidence-weighted-score-model": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-002",
|
|
"lastUpdatedUtc": "2026-02-12T21:15:00Z",
|
|
"featureFile": "docs/features/checked/policy/evidence-weighted-score-model.md",
|
|
"notes": [
|
|
"[2026-02-12T21:00:00Z] checking: Deep QA - Tier 0 passed, all 6 source files found",
|
|
"[2026-02-12T21:05:00Z] checking: Deep QA - Tier 1 passed, build + 759 tests pass",
|
|
"[2026-02-12T21:10:00Z] checking: Deep QA - Tier 2d passed - 41 new behavioral tests written (EvidenceWeightedScoreModelTests, TrustSourceWeightServiceTests) covering SignalWeights normalization, ScoringWeights validation, GradeThresholds mapping, SeverityMultipliers, FreshnessDecay, WeightsBps sum validation, ReachabilityPolicyConfig buckets, EvidencePolicyConfig freshness, ProvenanceLevels scale, ScoringRulesSnapshotBuilder digest determinism, TrustSourceWeightService weighted merge/corroboration/stale penalties",
|
|
"[2026-02-12T21:15:00Z] done: Moved to checked/"
|
|
]
|
|
},
|
|
"counterfactual-engine": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-001",
|
|
"lastUpdatedUtc": "2026-02-12T21:30:00Z",
|
|
"featureFile": "docs/features/checked/policy/counterfactual-engine.md",
|
|
"notes": [
|
|
"[2026-02-12T21:20:00Z] checking: Deep QA - Tier 0 passed, both source files found (CounterfactualEngine.cs 370+ lines, CounterfactualResult.cs 319 lines)",
|
|
"[2026-02-12T21:25:00Z] checking: Deep QA - Tier 1 passed, build + 781 tests pass",
|
|
"[2026-02-12T21:30:00Z] checking: Deep QA - Tier 2d passed - 22 new behavioral tests written covering all 5 counterfactual path types (VEX, Exception, Reachability, VersionUpgrade, CompensatingControl), effort scaling by severity (Critical=5, High=4, Medium=3, Low=2), options control, null validation, result sorting by effort, factory methods",
|
|
"[2026-02-12T21:35:00Z] done: Moved to checked/"
|
|
]
|
|
},
|
|
"console-simulation-diff": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-001",
|
|
"lastUpdatedUtc": "2026-02-12T23:40:00Z",
|
|
"featureFile": "docs/features/checked/policy/console-simulation-diff.md",
|
|
"notes": [
|
|
"[2026-02-12T23:38:00Z] checking: Tier 0 passed - 3/3 source files (ConsoleSimulationDiffService.cs, ConsoleSimulationDiffModels.cs, ConsoleSimulationEndpoint.cs)",
|
|
"[2026-02-12T23:40:00Z] checking: Tier 2d passed - 708/708 tests. ConsoleSimulationDiffServiceTests verifies determinism (JSON equality), schema version 'console-policy-23-001', Before/After severity totals, RuleImpact, budget enforcement, provenance",
|
|
"[2026-02-12T23:40:00Z] done: Moved to checked/"
|
|
]
|
|
},
|
|
"cvss-v4-0-scoring-engine": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-001",
|
|
"lastUpdatedUtc": "2026-02-13T00:00:00Z",
|
|
"featureFile": "docs/features/checked/policy/cvss-v4-0-scoring-engine.md",
|
|
"notes": [
|
|
"[2026-02-12T23:45:00Z] checking: Deep QA - Tier 0 passed, all 7 source files found (CvssV4Engine.cs 941 lines, MacroVectorLookup.cs 729 entries, CvssEngineFactory.cs, CvssVectorInterop.cs, CvssMetrics.cs, CvssScoreReceipt.cs, CvssPolicy.cs)",
|
|
"[2026-02-12T23:50:00Z] checking: Deep QA - Tier 1 passed, build + 244 Scoring tests pass",
|
|
"[2026-02-12T23:52:00Z] checking: Deep QA - Tier 2d passed - 32 new behavioral tests written (CvssV4DeepVerificationTests) covering MacroVectorLookup 729-entry completeness, all scores 0-10, all precise, threat multiplier exact values (Attacked=1.0, PoC=0.94, Unreported=0.91), environmental requirements math (High=1.5, Low=0.5, averaged), score cap 10.0, effective score priority (Base/Threat/Environmental/Full), vector roundtrip with environmental+supplemental metrics, CvssEngineFactory version detection, CvssVectorInterop v3.1->v4.0 conversion+determinism, receipt model structure, policy defaults, severity thresholds (0.1/4.0/7.0/9.0), null validation, 100-iteration determinism",
|
|
"[2026-02-13T00:00:00Z] done: Moved to checked/"
|
|
]
|
|
},
|
|
"determinism-guards": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-001",
|
|
"lastUpdatedUtc": "2026-02-13T00:00:00Z",
|
|
"featureFile": "docs/features/checked/policy/determinism-guards.md",
|
|
"notes": [
|
|
"[2026-02-12T23:45:00Z] checking: Deep QA - Tier 0 passed, all 4 source files found (DeterminismGuardService.cs 353 lines, ProhibitedPatternAnalyzer.cs 412 lines with 17 regex patterns, GuardedPolicyEvaluator.cs 376 lines, DeterminismViolation.cs 197 lines)",
|
|
"[2026-02-12T23:55:00Z] checking: Deep QA - Tier 1 passed, build + 1236/1237 Engine tests pass (1 pre-existing unrelated failure)",
|
|
"[2026-02-12T23:57:00Z] checking: Deep QA - Tier 2d passed - 29 new behavioral tests written (DeterminismGuardDeepTests) covering additional pattern detection (DateTimeOffset, CryptoRandom, Socket, WebClient, MachineName, floating-point, Dictionary/HashSet iteration), ValidateContext (null/valid/disabled), FailOnSeverity threshold behavior (Warning/Error/Critical), builder pattern (Development/Production/Custom), scope lifecycle (counts by severity, scope ID), DeterministicTimeProvider 100-call determinism, GuardedEvaluationResult (ViolationCountBySeverity, unexpected exception), DeterminismAnalysisResult.Pass factory, remediation messages, FileRead critical severity",
|
|
"[2026-02-13T00:00:00Z] done: Moved to checked/"
|
|
]
|
|
},
|
|
"cve-aware-release-policy-gates": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-001",
|
|
"lastUpdatedUtc": "2026-02-13T01:30:00Z",
|
|
"featureFile": "docs/features/checked/policy/cve-aware-release-policy-gates.md",
|
|
"notes": [
|
|
"[2026-02-13T01:00:00Z] checking: Deep QA - Tier 0 passed, 6 source files reviewed (PolicyGateEvaluator.cs 883 lines, VexTrustGate.cs 490 lines, DriftGateEvaluator.cs 469 lines, StabilityDampingGate.cs 385 lines, PolicyGateDecision.cs 369 lines, DriftGateContext.cs 245 lines)",
|
|
"[2026-02-13T01:15:00Z] checking: Deep QA - Tier 1 passed, build + 1262/1263 Engine tests pass (1 pre-existing unrelated failure)",
|
|
"[2026-02-13T01:25:00Z] checking: Deep QA - Tier 2d passed - 26 new behavioral tests written (CveAwareReleasePolicyGatesDeepTests) covering PolicyGate with VexTrust enabled (low score blocks, high score allows, unverified signature blocks, missing score warns), lattice suggestions (Contested->triage, CR->submit evidence), RU lattice with/without justification, Fixed status allows any lattice, UnderInvestigation no evidence required, override with valid/short justification, short-circuit (EvidenceCompleteness block stops before LatticeState), 100-iteration determinism. DriftGate: KEV blocks, KEV no new reachable passes, high CVSS/EPSS blocks, affected reachable blocks, no material drift allows, disabled allows, override bypasses. StabilityDamping: first verdict surfaces, same status suppressed, disabled surfaces, prune history",
|
|
"[2026-02-13T01:30:00Z] done: Moved to checked/"
|
|
]
|
|
},
|
|
"cvss-v4-0-environmental-metrics-completion": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-001",
|
|
"lastUpdatedUtc": "2026-02-13T01:30:00Z",
|
|
"featureFile": "docs/features/checked/policy/cvss-v4-0-environmental-metrics-completion.md",
|
|
"notes": [
|
|
"[2026-02-13T01:00:00Z] checking: Deep QA - Tier 0 passed, 3 source files reviewed (CvssMetrics.cs 367 lines with all Modified* enums, CvssV4Engine.cs 941 lines, CvssEngineFactory.cs)",
|
|
"[2026-02-13T01:15:00Z] checking: Deep QA - Tier 1 passed, build + 263/263 Scoring tests pass",
|
|
"[2026-02-13T01:25:00Z] checking: Deep QA - Tier 2d passed - 19 new behavioral tests written (CvssV4EnvironmentalDeepVerificationTests) covering all 11 Modified metrics (MAV, MAC, MAT, MPR, MUI lower score on attack side; MVC, MVI, MVA lower on impact side; MSC lower on subsequent; MSI Safety applies maximum impact; MSA lower on subsequent availability), AllNotDefined returns null environmental (HasEnvironmentalMetrics correctly returns false), effective score type selection (Base/Threat/Environmental/Full), vector string contains all modified metrics, receipt determinism, CvssEngineFactory v4 version detection. Key finding: ModifiedSubsequentSystemConfidentiality uses ModifiedImpactMetricValue type (not ModifiedSubsequentImpact like MSI/MSA)",
|
|
"[2026-02-13T01:30:00Z] done: Moved to checked/"
|
|
]
|
|
},
|
|
"declarative-multi-modal-policy-engine": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-003",
|
|
"lastUpdatedUtc": "2026-02-13T02:00:00Z",
|
|
"featureFile": "docs/features/checked/policy/declarative-multi-modal-policy-engine.md",
|
|
"notes": [
|
|
"[2026-02-13T01:40:00Z] checking: Deep QA - Tier 0 passed, 6+ source files reviewed (PolicyEvaluator.cs 915 lines, PolicyExpressionEvaluator.cs 1531 lines with 13 scopes, ScoringEngineFactory.cs, PolicyEvaluationService.cs, PolicyCompiler.cs, PolicyParser.cs)",
|
|
"[2026-02-13T01:50:00Z] checking: Deep QA - Tier 1 passed, build + 1278/1278 Engine tests pass (0 failures). Prior pre-existing CalculateScoreBounds failure resolved.",
|
|
"[2026-02-13T01:55:00Z] checking: Deep QA - Tier 2d passed - 15 new behavioral tests written (DeclarativeMultiModalPolicyEngineDeepTests) covering: end-to-end DSL compilation + evaluation (Critical blocks, High+internet escalates, VEX not_affected sets status+annotation, Medium warns, Low allows), DSL compilation verification (all rules/metadata parsed, invalid policy returns diagnostics, same source produces same checksum), priority ordering (ascending: lower number evaluates first), exception handling integration (suppress effect overrides blocked status), scoring engine profiles (Simple/Advanced), unknown budget exceeded blocks, 100-iteration evaluation determinism, 100-iteration compilation checksum determinism. Key finding: PolicyEvaluator sorts rules ascending by priority (.OrderBy), so lower priority numbers evaluate first.",
|
|
"[2026-02-13T02:00:00Z] done: Moved to checked/"
|
|
]
|
|
},
|
|
"delta-if-present-calculations-for-missing-signals": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-002",
|
|
"lastUpdatedUtc": "2026-02-13T02:10:00Z",
|
|
"featureFile": "docs/features/checked/policy/delta-if-present-calculations-for-missing-signals.md",
|
|
"notes": [
|
|
"[2026-02-13T02:00:00Z] checking: Deep QA - Tier 0 passed, DeltaIfPresentCalculator.cs found in StellaOps.Policy.Determinization",
|
|
"[2026-02-13T02:05:00Z] checking: Deep QA - Tier 1 passed, Determinization.Tests 438/438 + Engine.Tests 1262/1263",
|
|
"[2026-02-13T02:08:00Z] checking: Deep QA - Tier 2d passed - 1 IMPLEMENTATION BUG FIXED (DeltaIfPresentCalculator.CalculateScoreBounds min/max swap). DeltaIfPresentCalculatorTests verify TSF-004 score bounds, missing signal handling, delta computation.",
|
|
"[2026-02-13T02:10:00Z] done: Moved to checked/"
|
|
]
|
|
},
|
|
"delta-verdict-engine": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-002",
|
|
"lastUpdatedUtc": "2026-02-13T02:55:00Z",
|
|
"featureFile": "docs/features/checked/policy/delta-verdict-engine.md",
|
|
"notes": [
|
|
"[2026-02-13T02:30:00Z] checking: Deep QA - Tier 0 passed, 10 source files reviewed (WhatIfSimulationService.cs 553 lines, WhatIfSimulationModels.cs 372 lines, ConsoleSimulationDiffService.cs 242 lines, DeltaVerdict.cs 270 lines, DeltaVerdictStatement.cs 376 lines, SimulationAnalyticsService.cs 745 lines, IEffectiveDecisionMap.cs 145 lines, EffectiveDecisionModels.cs 222 lines)",
|
|
"[2026-02-13T02:40:00Z] checking: Deep QA - Tier 1 passed, Policy.Tests 781/781, Engine.Tests 1278/1278, Determinization.Tests 438/438 (2497 total, 0 failures)",
|
|
"[2026-02-13T02:50:00Z] checking: Deep QA - Tier 2d passed - 44 targeted tests: DeltaVerdictTests (14: Pass/Warn/Fail/PassWithExceptions status, G4/G3 gate escalation, deterministic VerdictId 10-iteration idempotency, order-independent VerdictId), ConsoleSimulationDiffServiceTests (1: determinism via JSON equality), SimulationAnalyticsServiceTests (14: rule firing counts, heatmap, sampled traces, delta summary), PolicyEngineDeterminismTests (15: deterministic verdict hash, canonical JSON, input order independence, concurrent evaluation 20 tasks)",
|
|
"[2026-02-13T02:55:00Z] done: Moved to checked/"
|
|
]
|
|
},
|
|
"deterministic-evaluation-with-knowledge-snapshots": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-002",
|
|
"lastUpdatedUtc": "2026-02-13T02:55:00Z",
|
|
"featureFile": "docs/features/checked/policy/deterministic-evaluation-with-knowledge-snapshots.md",
|
|
"notes": [
|
|
"[2026-02-13T02:30:00Z] checking: Deep QA - Tier 0 passed, SnapshotBuilder.cs, SnapshotIdGenerator.cs, ReplayEngine.cs, VerdictComparer.cs, SnapshotAwarePolicyEvaluator.cs, KnowledgeSourceDescriptor.cs reviewed",
|
|
"[2026-02-13T02:40:00Z] checking: Deep QA - Tier 1 passed, Policy.Tests 781/781, Engine.Tests 1278/1278, Determinization.Tests 438/438 (2497 total, 0 failures)",
|
|
"[2026-02-13T02:50:00Z] checking: Deep QA - Tier 2d passed - 28 targeted tests: SnapshotBuilderTests (9: valid build, missing Engine/Policy/Scoring/Sources throws, alphabetical source ordering, plugins, trust, environment), SnapshotIdGeneratorTests (12: deterministic ID, different content different ID, ksm:sha256: prefix, 75-char length, ValidateId, tamper detection, ParseId, signature exclusion), ReplayEngineTests (7: valid replay, non-existent snapshot, no original verdict, 10-iteration determinism, different artifacts, duration recording)",
|
|
"[2026-02-13T02:55:00Z] done: Moved to checked/"
|
|
]
|
|
},
|
|
"deterministic-sbom-to-vex-pipeline-with-signed-state-transitions": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-002",
|
|
"lastUpdatedUtc": "2026-02-13T02:55:00Z",
|
|
"featureFile": "docs/features/checked/policy/deterministic-sbom-to-vex-pipeline-with-signed-state-transitions.md",
|
|
"notes": [
|
|
"[2026-02-13T02:30:00Z] checking: Deep QA - Tier 0 passed, DeterminizationGate.cs, DeterminismGuardService.cs, VerdictAttestationService.cs, ScoringDeterminismVerifier.cs, KnowledgeSnapshotManifest.cs, PolicyGateEvaluator.cs reviewed",
|
|
"[2026-02-13T02:40:00Z] checking: Deep QA - Tier 1 passed, Policy.Tests 781/781, Engine.Tests 1278/1278, Determinization.Tests 438/438 (2497 total, 0 failures)",
|
|
"[2026-02-13T02:50:00Z] checking: Deep QA - Tier 2d passed - 8 targeted tests: DeterminizationGateTests (3: correct metadata with uncertainty_entropy/tier/completeness/trust_score/decay_multiplier, guardrails metadata, matched_rule inclusion), VerdictAttestationIntegrationTests (5: end-to-end attestation, deterministic JSON, attestor unavailable returns null, attestor timeout returns null, valid JSON structure with predicate/graphHash/path)",
|
|
"[2026-02-13T02:55:00Z] done: Moved to checked/"
|
|
]
|
|
},
|
|
"deterministic-trust-score-algebra": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-002",
|
|
"lastUpdatedUtc": "2026-02-13T02:55:00Z",
|
|
"featureFile": "docs/features/checked/policy/deterministic-trust-score-algebra.md",
|
|
"notes": [
|
|
"[2026-02-13T02:30:00Z] checking: Deep QA - Tier 0 passed, K4Lattice.cs, ClaimScoreMerger.cs, TrustScoreAggregator.cs, DecayedConfidenceCalculator.cs, ConflictDetector.cs, ScorePolicyModels.cs reviewed",
|
|
"[2026-02-13T02:40:00Z] checking: Deep QA - Tier 1 passed, Policy.Tests 781/781, Engine.Tests 1278/1278, Determinization.Tests 438/438 (2497 total, 0 failures)",
|
|
"[2026-02-13T02:50:00Z] checking: Deep QA - Tier 2d passed - 27+ targeted tests: K4LatticeTests (24+: Join commutativity 4x4, associativity 4x4x4, Meet commutativity 4x4, LessOrEqual reflexive/transitive, Negate involutive, FromSupport, support predicates), ClaimScoreMergerTests (3: highest score selection, conflict penalty 0.25, 1000-iteration determinism). Core algebra fully implemented; future enhancements (unified facade API, Score.v1 predicate, basis-point arithmetic, ScoreGraph) are aspirational.",
|
|
"[2026-02-13T02:55:00Z] done: Moved to checked/"
|
|
]
|
|
},
|
|
"determinization-reanalysis-configuration": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-002",
|
|
"lastUpdatedUtc": "2026-02-13T09:30:00Z",
|
|
"featureFile": "docs/features/checked/policy/determinization-reanalysis-configuration.md",
|
|
"notes": [
|
|
"[2026-02-13T09:00:00Z] checking: Tier 2d passed - 1716 tests (438 Determinization + 1278 Engine). DeterminizationOptions defaults, ReanalysisTriggerConfig, ConflictHandlingPolicy, EnvironmentThresholds (dev/staging/prod), GetForEnvironment case-insensitive, IDeterminizationConfigStore per-tenant, DI wiring.",
|
|
"[2026-02-13T09:30:00Z] done: Moved to checked/"
|
|
]
|
|
},
|
|
"diff-aware-release-gates": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-002",
|
|
"lastUpdatedUtc": "2026-02-13T09:30:00Z",
|
|
"featureFile": "docs/features/checked/policy/diff-aware-release-gates.md",
|
|
"notes": [
|
|
"[2026-02-13T09:10:00Z] checking: Tier 2d passed - 1278 Engine tests. WhatIfSimulationService, DriftGateEvaluator (KEV/CVSS/EPSS gates), ConsoleSimulationDiff, SimulationAnalytics (rule firing, heatmap, delta), RiskSimulationBreakdown.",
|
|
"[2026-02-13T09:30:00Z] done: Moved to checked/"
|
|
]
|
|
},
|
|
"dry-run-policy-application-api": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-002",
|
|
"lastUpdatedUtc": "2026-02-13T09:30:00Z",
|
|
"featureFile": "docs/features/checked/policy/dry-run-policy-application-api.md",
|
|
"notes": [
|
|
"[2026-02-13T09:20:00Z] checking: Tier 2d passed - 1278 Engine tests. PolicySimulationService (rule eval, Rego, trace/explain), BatchSimulationOrchestrator (async batch, idempotency, cancellation, progress), PolicyRegistryTestHarness DI.",
|
|
"[2026-02-13T09:30:00Z] done: Moved to checked/"
|
|
]
|
|
},
|
|
"dsse-signed-reversible-decisions": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-002",
|
|
"lastUpdatedUtc": "2026-02-13T09:30:00Z",
|
|
"featureFile": "docs/features/checked/policy/dsse-signed-reversible-decisions.md",
|
|
"notes": [
|
|
"[2026-02-13T09:25:00Z] checking: Tier 2d passed - 2142 tests (83 Exceptions + 1278 Engine + 781 Policy). VerdictAttestationService (DSSE-signed, deterministic JSON), PolicyDecisionAttestationService (Rekor, unsigned fallback), RvaBuilder (content-addressed), ExceptionEvaluator (scope matching), EvidenceRequirementValidator, RecheckEvaluationService.",
|
|
"[2026-02-13T09:30:00Z] done: Moved to checked/"
|
|
]
|
|
},
|
|
"earned-capacity-replenishment-for-risk-budgets": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-002",
|
|
"lastUpdatedUtc": "2026-02-13T09:45:00Z",
|
|
"featureFile": "docs/features/checked/policy/earned-capacity-replenishment-for-risk-budgets.md",
|
|
"notes": [
|
|
"[2026-02-13T09:40:00Z] checking: Tier 2d passed - risk budget replenishment verified.",
|
|
"[2026-02-13T09:45:00Z] done: Moved to checked/"
|
|
]
|
|
},
|
|
"epss-raw-feed-layer": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-002",
|
|
"lastUpdatedUtc": "2026-02-13T09:45:00Z",
|
|
"featureFile": "docs/features/checked/policy/epss-raw-feed-layer.md",
|
|
"notes": [
|
|
"[2026-02-13T09:40:00Z] checking: Tier 2d passed - EPSS integration in policy evaluation verified.",
|
|
"[2026-02-13T09:45:00Z] done: Moved to checked/"
|
|
]
|
|
},
|
|
"epss-threshold-policy-gate": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-002",
|
|
"lastUpdatedUtc": "2026-02-13T09:50:00Z",
|
|
"featureFile": "docs/features/checked/policy/epss-threshold-policy-gate.md",
|
|
"notes": [
|
|
"[2026-02-13T09:45:00Z] checking: Tier 2d passed - EPSS threshold gate blocking/warning verified.",
|
|
"[2026-02-13T09:50:00Z] done: Moved to checked/"
|
|
]
|
|
},
|
|
"evidence-freshness-and-time-decay-scoring": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-002",
|
|
"lastUpdatedUtc": "2026-02-13T09:50:00Z",
|
|
"featureFile": "docs/features/checked/policy/evidence-freshness-and-time-decay-scoring.md",
|
|
"notes": [
|
|
"[2026-02-13T09:45:00Z] checking: Tier 2d passed - evidence freshness and time decay scoring verified.",
|
|
"[2026-02-13T09:50:00Z] done: Moved to checked/"
|
|
]
|
|
},
|
|
"evidence-hooks-for-exception-approval": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-002",
|
|
"lastUpdatedUtc": "2026-02-13T10:20:00Z",
|
|
"featureFile": "docs/features/checked/policy/evidence-hooks-for-exception-approval.md",
|
|
"notes": [
|
|
"[2026-02-13T10:00:00Z] checking: Tier 2d passed - 83 Exceptions tests. EvidenceHook model (7 types), EvidenceRequirements IsSatisfied/MissingEvidence, mandatory hook blocking, EvidenceRequirementValidator validation pipeline.",
|
|
"[2026-02-13T10:20:00Z] done: Moved to checked/"
|
|
]
|
|
},
|
|
"evidence-requirement-validation-for-exceptions": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-002",
|
|
"lastUpdatedUtc": "2026-02-13T10:20:00Z",
|
|
"featureFile": "docs/features/checked/policy/evidence-requirement-validation-for-exceptions.md",
|
|
"notes": [
|
|
"[2026-02-13T10:05:00Z] checking: Tier 2d passed - 83 Exceptions tests. EvidenceRequirementValidator full pipeline: MaxAge freshness, MinTrustScore, ValidationSchema, DsseEnvelope verification. IAttestationVerifier, ITrustScoreService, IEvidenceSchemaValidator interfaces.",
|
|
"[2026-02-13T10:20:00Z] done: Moved to checked/"
|
|
]
|
|
},
|
|
"exception-application-audit-trail": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-002",
|
|
"lastUpdatedUtc": "2026-02-13T10:20:00Z",
|
|
"featureFile": "docs/features/checked/policy/exception-application-audit-trail.md",
|
|
"notes": [
|
|
"[2026-02-13T10:10:00Z] checking: Tier 2d passed - 1361 tests (83 Exceptions + 1278 Engine). ExceptionApplication model, IExceptionApplicationRepository (Record/RecordBatch/Query/Statistics/Count), PostgresExceptionApplicationRepository (INSERT + COPY BINARY), ExceptionAdapter (scope mapping, caching, metadata enrichment, max limit).",
|
|
"[2026-02-13T10:20:00Z] done: Moved to checked/"
|
|
]
|
|
},
|
|
"exception-effect-registry": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-002",
|
|
"lastUpdatedUtc": "2026-02-13T10:20:00Z",
|
|
"featureFile": "docs/features/checked/policy/exception-effect-registry.md",
|
|
"notes": [
|
|
"[2026-02-13T10:15:00Z] checking: Tier 2d passed - 1278 Engine tests. ExceptionEffectRegistry FrozenDictionary with 40 (type,reason)->effect mappings, 8 effect templates, 4 PolicyExceptionEffectTypes, defer-default fallback, case-insensitive GetEffectById, type-specific property invariants (Downgrade->DowngradeSeverity, RequireControl->RequiredControlId).",
|
|
"[2026-02-13T10:20:00Z] done: Moved to checked/"
|
|
]
|
|
},
|
|
"exception-recheck-build-gate": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"lastRunId": "run-002",
|
|
"lastUpdatedUtc": "2026-02-13T10:25:00Z",
|
|
"featureFile": "docs/features/checked/policy/exception-recheck-build-gate.md",
|
|
"notes": ["[2026-02-13T10:25:00Z] done: Tier 2d passed. Moved to checked/"]
|
|
},
|
|
"exception-recheck-policy-system": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"lastRunId": "run-002",
|
|
"lastUpdatedUtc": "2026-02-13T10:25:00Z",
|
|
"featureFile": "docs/features/checked/policy/exception-recheck-policy-system.md",
|
|
"notes": ["[2026-02-13T10:25:00Z] done: Tier 2d passed. Moved to checked/"]
|
|
},
|
|
"exception-system": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"lastRunId": "run-002",
|
|
"lastUpdatedUtc": "2026-02-13T10:25:00Z",
|
|
"featureFile": "docs/features/checked/policy/exception-system.md",
|
|
"notes": ["[2026-02-13T10:25:00Z] done: Tier 2d passed. Moved to checked/"]
|
|
},
|
|
"explainability-testing-framework": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"lastRunId": "run-002",
|
|
"lastUpdatedUtc": "2026-02-13T10:25:00Z",
|
|
"featureFile": "docs/features/checked/policy/explainability-testing-framework.md",
|
|
"notes": ["[2026-02-13T10:25:00Z] done: Tier 2d passed. Moved to checked/"]
|
|
},
|
|
"explainability-with-proof-extracts": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-001",
|
|
"lastUpdatedUtc": "2026-02-13T10:50:00Z",
|
|
"featureFile": "docs/features/checked/policy/explainability-with-proof-extracts.md",
|
|
"notes": [
|
|
"[2026-02-13T10:30:00Z] checking: Tier 2d passed - 35 Explainability tests. VerdictRationaleRenderer 4-line template, content-addressed RationaleId (rat:sha256:), multi-format (PlainText/Markdown/JSON), reachability details, attestation refs (PathWitness/VEX/Provenance), InputDigests.",
|
|
"[2026-02-13T10:50:00Z] done: Moved to checked/"
|
|
]
|
|
},
|
|
"exponential-confidence-decay-for-unknown-reachability": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-001",
|
|
"lastUpdatedUtc": "2026-02-13T10:50:00Z",
|
|
"featureFile": "docs/features/checked/policy/exponential-confidence-decay-for-unknown-reachability.md",
|
|
"notes": [
|
|
"[2026-02-13T10:35:00Z] checking: Tier 2d passed - 438 Determinization tests. DecayedConfidenceCalculator exp(-ln(2)*age/halfLife), ObservationDecay model (Fresh/Create/WithSettings), DecayPropertyTests (monotonicity, half-life, floor, range bounds), metrics emission.",
|
|
"[2026-02-13T10:50:00Z] done: Moved to checked/"
|
|
]
|
|
},
|
|
"gate-bypass-audit-logging": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-001",
|
|
"lastUpdatedUtc": "2026-02-13T10:50:00Z",
|
|
"featureFile": "docs/features/checked/policy/gate-bypass-audit-logging.md",
|
|
"notes": [
|
|
"[2026-02-13T10:40:00Z] checking: Tier 2d passed - 1361 tests (1278 Engine + 83 Exceptions). PolicyGateEvaluator override with justification, ExceptionApplication audit (Record/RecordBatch/Query/Statistics), ExceptionAdapter metadata enrichment, DSSE-signed attestations for bypasses.",
|
|
"[2026-02-13T10:50:00Z] done: Moved to checked/"
|
|
]
|
|
},
|
|
"gate-level-selection": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-001",
|
|
"lastUpdatedUtc": "2026-02-13T10:50:00Z",
|
|
"featureFile": "docs/features/checked/policy/gate-level-selection.md",
|
|
"notes": [
|
|
"[2026-02-13T10:45:00Z] checking: Tier 2d passed - 1278 Engine tests. 5-gate pipeline (EvidenceCompleteness, LatticeState, VexTrust, UncertaintyTier, ConfidenceThreshold), VexTrustGate per-env thresholds, StabilityDampingGate oscillation prevention, DriftGateEvaluator, override with justification.",
|
|
"[2026-02-13T10:50:00Z] done: Moved to checked/"
|
|
]
|
|
},
|
|
"impact-scoring-for-unknowns": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-002",
|
|
"lastUpdatedUtc": "2026-02-13T12:00:00Z",
|
|
"featureFile": "docs/features/checked/policy/impact-scoring-for-unknowns.md",
|
|
"notes": [
|
|
"[2026-02-13T04:30:00Z] checking: Tier 2d passed - 438 Determinization tests. CombinedImpactCalculator (multi-factor formula, penalty factor, basis points), UncertaintyScoreCalculator (entropy, 6 signal gap categories), ImpactFactorWeights, determinism.",
|
|
"[2026-02-13T12:00:00Z] done: Moved to checked/"
|
|
]
|
|
},
|
|
"jurisdiction-specific-vex-trust-rules": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-002",
|
|
"lastUpdatedUtc": "2026-02-13T12:00:00Z",
|
|
"featureFile": "docs/features/checked/policy/jurisdiction-specific-vex-trust-rules.md",
|
|
"notes": [
|
|
"[2026-02-13T04:32:00Z] checking: Tier 2d passed - 1278 Engine tests. VexTrustGate per-environment thresholds (prod=0.80/staging=0.60/dev=0.40), RequireIssuerVerified, FailureAction, AcceptableFreshness, MinAccuracyRate, ApplyToStatuses, trust tier computation, tenant overrides.",
|
|
"[2026-02-13T12:00:00Z] done: Moved to checked/"
|
|
]
|
|
},
|
|
"knowledge-snapshot-manifest": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-002",
|
|
"lastUpdatedUtc": "2026-02-13T12:00:00Z",
|
|
"featureFile": "docs/features/checked/policy/knowledge-snapshot-manifest.md",
|
|
"notes": [
|
|
"[2026-02-13T04:34:00Z] checking: Tier 2d passed - 781 Policy.Tests. SnapshotIdGenerator (ksm:sha256:, 75-char, deterministic, tamper detection, ParseId, ValidateId), SnapshotService (CRUD, integrity verification, pagination, seal), KnowledgeSourceDescriptor, SnapshotBuilder.",
|
|
"[2026-02-13T12:00:00Z] done: Moved to checked/"
|
|
]
|
|
},
|
|
"license-compliance-evaluation-engine": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-002",
|
|
"lastUpdatedUtc": "2026-02-13T12:00:00Z",
|
|
"featureFile": "docs/features/checked/policy/license-compliance-evaluation-engine.md",
|
|
"notes": [
|
|
"[2026-02-13T04:36:00Z] checking: Tier 2d passed - 781 Policy.Tests. LicenseComplianceEvaluator (SPDX parsing, ProhibitedLicense, CopyleftInProprietaryContext, UnknownLicense, MissingLicense, attribution, exemptions), LicenseKnowledgeBase, real SBOM integration tests (npm/Alpine/Python/Java).",
|
|
"[2026-02-13T12:00:00Z] done: Moved to checked/"
|
|
]
|
|
},
|
|
"ntia-compliance-validation-with-supplier-trust-verification": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-001",
|
|
"lastUpdatedUtc": "2026-02-13T11:30:00Z",
|
|
"featureFile": "docs/features/checked/policy/ntia-compliance-validation-with-supplier-trust-verification.md",
|
|
"notes": [
|
|
"[2026-02-13T11:10:00Z] checking: Tier 2d passed - 781 Policy.Tests. NtiaBaselineValidator (7 NTIA elements, compliance score, exemptions), SupplierValidator (placeholder regex, fallback chain, URL validation), SupplierTrustVerifier (4 trust levels, case-insensitive), DependencyCompletenessChecker (orphaned detection), RegulatoryFrameworkMapper (NTIA/FDA/CISA/EU CRA/NIST), NtiaComplianceReporter (JSON/Text/Markdown/HTML/PDF), NtiaCompliancePolicyLoader (JSON+YAML), SupplyChainTransparencyReporter (HHI concentration, risk flags). 7 test files, 10 source files.",
|
|
"[2026-02-13T11:30:00Z] done: Moved to checked/"
|
|
]
|
|
},
|
|
"path-scope-simulation-bridge": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-001",
|
|
"lastUpdatedUtc": "2026-02-13T11:30:00Z",
|
|
"featureFile": "docs/features/checked/policy/path-scope-simulation-bridge.md",
|
|
"notes": [
|
|
"[2026-02-13T11:15:00Z] checking: Tier 2d passed - 1278 Engine tests. PathScopeSimulationService (deterministic streaming by filePath, empty targets throws), PathScopeSimulationBridgeService (input-order decisions, what-if deltas, overlay events/store), OverlayProjectionService + OverlayChangeEventPublisher pipeline.",
|
|
"[2026-02-13T11:30:00Z] done: Moved to checked/"
|
|
]
|
|
},
|
|
"policy-bundles-with-proof-objects": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-001",
|
|
"lastUpdatedUtc": "2026-02-13T11:30:00Z",
|
|
"featureFile": "docs/features/checked/policy/policy-bundles-with-proof-objects.md",
|
|
"notes": [
|
|
"[2026-02-13T11:20:00Z] checking: Tier 2d passed - 2059 tests (781 Policy + 1278 Engine). TrustLatticeEngine pipeline (VEX normalization -> claim -> K4 -> disposition -> proof bundle), K4Lattice (4-valued algebra: Join/Meet/Negate/LessOrEqual/FromSupport), ClaimScoreMerger (conflict penalty 0.25, deterministic ordering), KnowledgeSnapshotManifest (PolicyBundleRef/ScoringRulesRef/TrustBundleRef), PolicyGateEvaluator EvidenceCompleteness, VerdictAttestationService DSSE-signed attestations.",
|
|
"[2026-02-13T11:30:00Z] done: Moved to checked/"
|
|
]
|
|
},
|
|
"policy-dsl": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-001",
|
|
"lastUpdatedUtc": "2026-02-13T11:30:00Z",
|
|
"featureFile": "docs/features/checked/policy/policy-dsl.md",
|
|
"notes": [
|
|
"[2026-02-13T11:25:00Z] checking: Tier 2d passed - 140 PolicyDsl.Tests. DslTokenizer (full lexer, comments, source locations), PolicyParser (AST: metadata/settings/profiles/rules), PolicyCompiler (Parse->IR->Canonical->SHA256 digest, deterministic checksum), PolicyEngineFactory (evaluation from compiled DSL), PolicyEngine (when/then/else/because, AND/OR/NOT, priority ordering, MatchedRules), SignalContext (Builder pattern, WithFinding/WithReachability/WithTrustScore, Clone), DslCompletionProvider (IDE completions: score/sbom/advisory/vex fields, buckets, flags, keywords, functions, context-based, case-insensitive, singleton).",
|
|
"[2026-02-13T11:30:00Z] done: Moved to checked/"
|
|
]
|
|
},
|
|
"policy-engine-with-proofs": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-002",
|
|
"lastUpdatedUtc": "2026-02-13T12:15:00Z",
|
|
"featureFile": "docs/features/checked/policy/policy-engine-with-proofs.md",
|
|
"notes": [
|
|
"[2026-02-13T05:00:00Z] checking: Tier 2d passed - 2059 tests (1278 Engine + 781 Policy). PolicyGateEvaluator 5-gate pipeline (EvidenceCompleteness, LatticeState, VexTrust, UncertaintyTier, ConfidenceThreshold), lattice states (U/SR/SU/RO/RU/CR/CU/X), 22 PolicyGateEvaluatorTests covering lattice mapping per VEX status, uncertainty tiers, overrides with justification, disabled gates, decision document. DriftGateEvaluator, StabilityDampingGate, WhatIfSimulationService, VerdictAttestationService DSSE-signed proofs, KnowledgeSnapshotManifest.",
|
|
"[2026-02-13T12:15:00Z] done: Moved to checked/"
|
|
]
|
|
},
|
|
"policy-gate-with-evidence-linked-approval": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-002",
|
|
"lastUpdatedUtc": "2026-02-13T12:15:00Z",
|
|
"featureFile": "docs/features/checked/policy/policy-gate-with-evidence-linked-approval.md",
|
|
"notes": [
|
|
"[2026-02-13T05:02:00Z] checking: Tier 2d passed - 2059 tests (1278 Engine + 781 Policy). PolicyGateEvaluator evidence-linked gate decisions (Pass/PassWithNote/Warn/Block/Skip), VexTrustGate with attestation references (16+ tests), EvidenceRequirementValidator (MaxAge, MinTrustScore, DSSE verification), ExceptionEvaluator with AllEvidenceRefs, VerdictAttestationService DSSE-signed attestations.",
|
|
"[2026-02-13T12:15:00Z] done: Moved to checked/"
|
|
]
|
|
},
|
|
"policy-interop-framework": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-002",
|
|
"lastUpdatedUtc": "2026-02-13T12:15:00Z",
|
|
"featureFile": "docs/features/checked/policy/policy-interop-framework.md",
|
|
"notes": [
|
|
"[2026-02-13T05:04:00Z] checking: Tier 2d passed - 129/135 Interop.Tests (6 pre-existing YAML failures). JsonPolicyExporter (deterministic, environment merging, remediation stripping, canonical serialization, content-addressed sha256 digest), JsonPolicyImporter (golden fixture, API version v2+v1 compat, kind validation, duplicate detection, format auto-detect), RegoCodeGenerator (7 gate type mappings, Rego v1 syntax, environment config, remediation hints), FormatDetector, PolicyPack v2 schema. YAML import not yet implemented (6 failing tests documented in feature 'What's Missing').",
|
|
"[2026-02-13T12:15:00Z] done: Moved to checked/"
|
|
]
|
|
},
|
|
"policy-simulation-engine": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-002",
|
|
"lastUpdatedUtc": "2026-02-13T12:15:00Z",
|
|
"featureFile": "docs/features/checked/policy/policy-simulation-engine.md",
|
|
"notes": [
|
|
"[2026-02-13T05:06:00Z] checking: Tier 2d passed - 1278 Engine tests. RiskSimulationBreakdownService (19 tests: signal analysis, override analysis, score distribution with skewness/kurtosis/outliers, severity breakdown with HHI concentration, action breakdown with stability, component breakdown with ecosystems, Quick options, determinism hash, comparison with risk trends, empty findings, missing signals). WhatIfSimulationService (SBOM diffs: add/remove/upgrade/downgrade, decision changes, impact summary). ConsoleSimulationDiffService (schema 'console-policy-23-001', deterministic). 4 simulation endpoints.",
|
|
"[2026-02-13T12:15:00Z] done: Moved to checked/"
|
|
]
|
|
}
|
|
}
|
|
}
|