bc4318ef97
- Created `StellaOps.TestKit.Tests` project for unit tests related to determinism. - Implemented `DeterminismManifestTests` to validate deterministic output for canonical bytes and strings, file read/write operations, and error handling for invalid schema versions. - Added `SbomDeterminismTests` to ensure identical inputs produce consistent SBOMs across SPDX 3.0.1 and CycloneDX 1.6/1.7 formats, including parallel execution tests. - Updated project references in `StellaOps.Integration.Determinism` to include the new determinism testing library.
1.2 KiB
1.2 KiB
Risk profiles
Purpose
- Define profile schema, lifecycle, and governance for risk scoring.
Schema essentials
- id, version, description, signals[], weights, metadata.
- signals[] fields: name, source, type (numeric, boolean, categorical), path, transform, unit.
- overrides: severity rules and decision rules.
- Optional: extends, rollout flags, valid_from, valid_until.
Severity levels
- critical, high, medium, low, informational.
Lifecycle
- Author profiles in Policy Studio.
- Simulate against deterministic fixtures.
- Review and approve with DSSE signatures.
- Promote and activate in Policy Engine.
- Roll back by activating a previous version.
Governance and determinism
- Profiles are immutable after promotion.
- Each version carries a profile_hash and signed manifest entry.
- Simulation and production share the same evaluation codepath.
- Offline bundles include profiles and fixtures with hashes.
Explainability and observability
- Emit per-factor contributions with stable ordering.
- Track evaluation latency, factor coverage, profile hit rate, and override usage.
Related references
- risk/overview.md
- risk/factors.md
- risk/formulas.md
- risk/explainability.md
- risk/api.md