stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
c568e09a1db4649976d14ce8e18998dc44bebe02
git.stella-ops.org/docs/features/checked/policy/release-gate-levels.md
master e9aeadc040 save checkpoint
2026-02-14 09:11:48 +02:00

2.5 KiB
Raw Blame History

Release Gate Levels (G0-G4)

Module

Policy

Status

IMPLEMENTED

Description

Five gate levels (G0 through G4) with escalating requirements. GateSelector computes RRS, maps to gate level, and applies budget modifiers (Yellow/Red/Exhausted escalations). Each gate level has defined requirements matching the advisory specification.

Implementation Details

  • PolicyGateEvaluator: src/Policy/StellaOps.Policy.Engine/Gates/PolicyGateEvaluator.cs
    • Multi-gate evaluation with escalating strictness per gate level
    • Gate levels mapped from Risk Readiness Score (RRS) and budget status
    • 5 sequential gates with configurable thresholds per level
    • Lattice states drive gate decisions: U, SR, SU, RO, RU, CR, CU, X
    • Uncertainty tiers: T1 (High) -> strictest, T4 (Negligible) -> most permissive
  • PolicyGateOptions: src/Policy/StellaOps.Policy.Engine/Gates/PolicyGateOptions.cs -- per-level gate configuration
  • PolicyGateDecision: src/Policy/StellaOps.Policy.Engine/Gates/PolicyGateDecision.cs -- decision model with per-gate results
  • RiskSimulationService: src/Policy/StellaOps.Policy.Engine/Simulation/RiskSimulationService.cs
    • Signal-based RRS computation with severity mapping
    • Severity: Critical>=90, High>=70, Medium>=40, Low>=10
    • Distribution and percentile calculation for gate level determination
  • Budget integration: Budget status (Yellow/Red/Exhausted) escalates gate level
    • BudgetEndpoints.cs: src/Policy/StellaOps.Policy.Engine/Endpoints/BudgetEndpoints.cs
    • RiskBudgetEndpoints.cs: src/Policy/StellaOps.Policy.Engine/Endpoints/RiskBudgetEndpoints.cs
  • Ledger: src/Policy/StellaOps.Policy.Engine/Ledger/ -- tracks gate decisions for compliance

E2E Test Plan

  • Evaluate artifact with low RRS (minimal risk); verify gate level maps to G0 (minimal requirements)
  • Evaluate artifact with high RRS (many critical findings); verify gate level escalates to G3 or G4
  • Evaluate with budget status Yellow; verify gate level escalates by one level
  • Evaluate with budget status Exhausted; verify gate level escalates to maximum (G4)
  • Evaluate at G0: verify only basic evidence completeness is checked
  • Evaluate at G4: verify all gates apply strictest thresholds (lattice state, VEX trust, uncertainty, confidence)
  • Verify each gate level (G0-G4) has progressively stricter thresholds
  • Verify gate decision includes per-gate Pass/Warn/Block results for audit trail
  • Verify ledger records gate level and decision for compliance