bc4318ef97
- Created `StellaOps.TestKit.Tests` project for unit tests related to determinism. - Implemented `DeterminismManifestTests` to validate deterministic output for canonical bytes and strings, file read/write operations, and error handling for invalid schema versions. - Added `SbomDeterminismTests` to ensure identical inputs produce consistent SBOMs across SPDX 3.0.1 and CycloneDX 1.6/1.7 formats, including parallel execution tests. - Updated project references in `StellaOps.Integration.Determinism` to include the new determinism testing library.
38 lines
1.2 KiB
Markdown
38 lines
1.2 KiB
Markdown
# Risk profiles
|
|
|
|
Purpose
|
|
- Define profile schema, lifecycle, and governance for risk scoring.
|
|
|
|
Schema essentials
|
|
- id, version, description, signals[], weights, metadata.
|
|
- signals[] fields: name, source, type (numeric, boolean, categorical), path, transform, unit.
|
|
- overrides: severity rules and decision rules.
|
|
- Optional: extends, rollout flags, valid_from, valid_until.
|
|
|
|
Severity levels
|
|
- critical, high, medium, low, informational.
|
|
|
|
Lifecycle
|
|
1. Author profiles in Policy Studio.
|
|
2. Simulate against deterministic fixtures.
|
|
3. Review and approve with DSSE signatures.
|
|
4. Promote and activate in Policy Engine.
|
|
5. Roll back by activating a previous version.
|
|
|
|
Governance and determinism
|
|
- Profiles are immutable after promotion.
|
|
- Each version carries a profile_hash and signed manifest entry.
|
|
- Simulation and production share the same evaluation codepath.
|
|
- Offline bundles include profiles and fixtures with hashes.
|
|
|
|
Explainability and observability
|
|
- Emit per-factor contributions with stable ordering.
|
|
- Track evaluation latency, factor coverage, profile hit rate, and override usage.
|
|
|
|
Related references
|
|
- risk/overview.md
|
|
- risk/factors.md
|
|
- risk/formulas.md
|
|
- risk/explainability.md
|
|
- risk/api.md
|