stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity
Files
cbfdd0e96ccbe2d22288e27738aac5231f40ce50
git.stella-ops.org/src/Policy
History
master 786d09b88f feat(policy): persist gate evaluation queue, snapshots, orchestrator jobs 
Policy Engine: moves gate evaluation, snapshots, orchestrator job tracking,
and ledger export from in-memory state to Postgres-backed stores.

- New persistence migrations 007 (runtime state), 008 (snapshot artifact
  identity), 009 (orchestrator jobs).
- New repositories: PolicyEngineSnapshotRepository,
  PolicyEngineLedgerExportRepository, PolicyEngineOrchestratorJobRepository,
  WorkerResultRepository.
- Gateway services: GateEvaluationJobDispatchService,
  GateEvaluationJobStatusService, GateEvaluationJobWorker,
  SchedulerBackedGateEvaluationQueue (plus Unsupported fallback),
  GateTargetSnapshotMaterializer, PersistedKnowledgeSnapshotStore,
  GateBaselineBootstrapper, PolicyGateEvaluationJobExecutor.
- New endpoints: GateJobEndpoints for job status + dispatch.
- Worker host: PolicyOrchestratorJobWorkerHost to drain the persistent queue.
- PersistedOrchestratorStores + DeltaSnapshotServiceAdapter swap in the
  persistent implementations via DI.

Tests: PersistedDeltaRuntimeTests, PolicyEngineGateTargetSnapshotRuntimeTests,
PolicyEngineRegistryWebhookRuntimeTests, PostgresLedgerExportStoreTests,
PostgresSnapshotStoreTests, PolicyGatewayPersistedDeltaRuntimeTests,
RegistryWebhookQueueRuntimeTests. Archives the old S001 demo seed.

Docs: policy API + architecture pages updated.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-15 11:14:41 +03:00
..
__Libraries
feat(policy): persist gate evaluation queue, snapshots, orchestrator jobs
2026-04-15 11:14:41 +03:00
__Tests
feat(policy): persist gate evaluation queue, snapshots, orchestrator jobs
2026-04-15 11:14:41 +03:00
StellaOps.Policy.Api/Endpoints
wip: doctor/cli/docs/api to vector db consolidation; api hardening for descriptions, tenant, and scopes; migrations and conversions of all DALs to EF v10
2026-02-23 15:30:50 +02:00
StellaOps.Policy.Engine
feat(policy): persist gate evaluation queue, snapshots, orchestrator jobs
2026-04-15 11:14:41 +03:00
StellaOps.Policy.Gateway
feat(policy): persist gate evaluation queue, snapshots, orchestrator jobs
2026-04-15 11:14:41 +03:00
StellaOps.Policy.Registry
stabilize tests
2026-02-01 21:37:40 +02:00
StellaOps.Policy.RiskProfile
save checkpoint: save features
2026-02-12 10:27:23 +02:00
StellaOps.Policy.Scoring
stabilize tests
2026-02-01 21:37:40 +02:00
StellaOps.PolicyDsl
stabilize tests
2026-02-01 21:37:40 +02:00
AGENTS.md
refactor(policy): merge policy gateway into policy-engine
2026-04-08 13:19:09 +03:00
README.md
docs: add service README.md files + update AGENTS.md decisions
2026-04-08 13:45:03 +03:00
StellaOps.Policy.engine.slnf
fix(project): normalize solution file paths and consolidate Scheduler references
2026-03-09 07:52:58 +02:00
StellaOps.Policy.min.slnf
fix(project): normalize solution file paths and consolidate Scheduler references
2026-03-09 07:52:58 +02:00
StellaOps.Policy.sln
consolidation of some of the modules, localization fixes, product advisories work, qa work
2026-03-05 03:54:22 +02:00
StellaOps.Policy.tests.slnf
fix(project): normalize solution file paths and consolidate Scheduler references
2026-03-09 07:52:58 +02:00

README.md

Policy

Container(s): stellaops-policy-engine Slot: 14 | Port: 8080 | Consumer Group: policy-engine Resource Tier: medium

Purpose

The Policy Engine evaluates security policies against scan results, computes risk scores (CVSS v4, EPSS, EWS), manages exceptions with approval workflows, and produces go/no-go gate decisions for release promotions. It includes merged Policy Gateway functionality (delta computation, drift gates, unknowns gates, score-based gates, tool lattice access control).

API Surface

  • policy-engine (via Router) — policy compilation, evaluation, simulation, batch context, risk profiles, CVSS receipts, exception management, delta/snapshot endpoints, gate evaluation (drift, unknowns, score-based), overlay projection, trust weighting, advisory AI knobs, sealed-mode, air-gap bundle import/export, governance, tool lattice, verification policies, attestation reports, registry webhooks

Storage

PostgreSQL schema policy (via Postgres:Policy); Valkey for cache

Background Workers

  • ExceptionLifecycleWorker — exception state machine transitions
  • ExceptionExpiryWorker — auto-expire stale exceptions
  • IncidentModeExpirationWorker — incident mode TTL enforcement
  • PolicyEngineBootstrapWorker — startup initialization
  • GateEvaluationWorker — async gate evaluation queue processing