stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
c568e09a1db4649976d14ce8e18998dc44bebe02
git.stella-ops.org/docs/features/checked/excititor/vex-claims-resolution-engine.md
master e9aeadc040 save checkpoint
2026-02-14 09:11:48 +02:00

2.6 KiB
Raw Blame History

VEX Claims Resolution Engine (Multi-Source Merge)

Module

Excititor

Status

VERIFIED

Description

Multi-source VEX claim resolution with policy-controlled merge semantics resolving conflicts between vendor, distro, internal, and scanner claims into a deterministic resolved status.

Implementation Details

  • Modules: src/Excititor/__Libraries/StellaOps.Excititor.Core/
  • Key Classes:
    • VexConsensusResolver (src/Excititor/__Libraries/StellaOps.Excititor.Core/VexConsensusResolver.cs) - resolves multi-source VEX claims into consensus
    • BaselineVexConsensusPolicy (src/Excititor/__Libraries/StellaOps.Excititor.Core/BaselineVexConsensusPolicy.cs) - baseline policy for consensus resolution
    • VexConsensusPolicyOptions (src/Excititor/__Libraries/StellaOps.Excititor.Core/VexConsensusPolicyOptions.cs) - configurable policy options for merge semantics
    • VexConsensus (src/Excititor/__Libraries/StellaOps.Excititor.Core/VexConsensus.cs) - resolved consensus model
    • VexConsensusHold (src/Excititor/__Libraries/StellaOps.Excititor.Core/VexConsensusHold.cs) - holds on consensus when manual review is needed
    • ClaimScoreMerger (src/Excititor/__Libraries/StellaOps.Excititor.Core/Lattice/ClaimScoreMerger.cs) - merges claim scores from multiple sources
    • PolicyLatticeAdapter (src/Excititor/__Libraries/StellaOps.Excititor.Core/Lattice/PolicyLatticeAdapter.cs) - adapts policy lattice rules for VEX merge
    • TrustWeightRegistry (src/Excititor/__Libraries/StellaOps.Excititor.Core/Lattice/TrustWeightRegistry.cs) - registry of trust weights per source
  • Interfaces: IVexConsensusPolicy, IVexLatticeProvider
  • Source: Feature matrix scan

E2E Test Plan

  • Submit conflicting VEX claims (vendor says "fixed", distro says "affected") and verify VexConsensusResolver resolves deterministically based on policy
  • Verify BaselineVexConsensusPolicy applies default merge rules when no custom policy is configured
  • Verify ClaimScoreMerger weights claims by trust level when merging scores
  • Verify VexConsensusHold is triggered when claims conflict and manual review is required by policy
  • Verify TrustWeightRegistry applies different weights to vendor, distro, internal, and scanner sources
  • Verify resolution is deterministic: same inputs always produce the same consensus output

Verification

  • Verified on 2026-02-13 via run-001.
  • Tier 0: Source files confirmed present on disk.
  • Tier 1: dotnet build passed (0 errors); 503/504 tests passed (1 env_issue: no local Postgres).
  • Tier 2d: docs/qa/feature-checks/runs/excititor/vex-claims-resolution-engine/run-001/tier2-integration-check.json