git.stella-ops.org/docs/features/checked/cli/policy-simulation-reachability-overrides.md

Policy Simulation Reachability Overrides

Module

Cli

Status

VERIFIED

Description

What-if reachability overrides in policy simulation: override reachability states (reachable/unreachable) and scores for specific vulnerabilities or packages to model hypothetical scenarios.

Implementation Details

• Command Group: src/Cli/StellaOps.Cli/Commands/PolicyCommandGroup.cs -- policy simulation commands
• Commands:
  • stella policy simulate <file> --override-reachability <cve>=reachable|unreachable -- override reachability state
  • stella policy simulate <file> --override-score <cve>=<score> -- override reachability score
• What-if engine: Applies overrides before evaluation to model hypothetical scenarios

E2E Test Plan

• Run stella policy simulate ./policy.stella --override-reachability CVE-2024-1234=unreachable and verify override applied
• Run with --override-score CVE-2024-1234=0.1 and verify score override
• Verify simulation results differ from baseline when overrides change gate outcomes
• Verify multiple overrides can be specified simultaneously
• Verify --format json output includes override annotations

Verification

• Verified: 2026-02-13T15:30:00Z
• Tier 0 (Source): pass -- all referenced source files exist on disk
• Tier 1 (Build): pass -- module builds cleanly, 412 tests pass in StellaOps.Cli.Commands.Tests
• Tier 2d (Integration): pass -- targeted integration tests confirm behavioral correctness
• Test Project: src/Cli/__Tests/StellaOps.Cli.Commands.Tests/StellaOps.Cli.Commands.Tests.csproj
• Evidence: docs/qa/feature-checks/runs/cli/policy-simulation-reachability-overrides/run-001/tier2-integration-check.json