stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
cf5b72974f923126944f4dcd47e85864ebb31a3b
git.stella-ops.org/docs/features/unchecked/attestor/policy-studio-copilot-attestation.md

2.6 KiB
Raw Blame History

Policy Studio Copilot Attestation

Module

Attestor

Status

IMPLEMENTED

Description

Policy draft attestation types for AI-generated lattice rules with test case generation and signed snapshots.

Implementation Details

  • AI Policy Draft Statement: src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Statements/AI/AIPolicyDraftStatement.cs -- in-toto statement wrapping an AI-generated policy draft.
  • AI Policy Rule Draft: Predicates/AI/AIPolicyRuleDraft.cs -- individual AI-generated policy rule with condition, action, and severity.
  • Policy Rule Type: Predicates/AI/PolicyRuleType.cs -- enum of rule types (Gate, Advisory, Informational).
  • Policy Rule Test Case: Predicates/AI/PolicyRuleTestCase.cs -- auto-generated test case for validating the drafted policy rule.
  • Policy Validation Result: Predicates/AI/PolicyValidationResult.cs -- result of validating the drafted policy against test cases.
  • AI Authority Classifier: Predicates/AI/AIAuthorityClassifier.cs (with .PolicyDraft, .PolicyDraftScore) -- classifies AI-generated policy drafts by authority level (Suggestion, EvidenceBacked, AuthorityThreshold).
  • AI Model Identifier: Predicates/AI/AIModelIdentifier.cs -- identifies the AI model that generated the policy draft (provider, model, version, weights digest).
  • AI Decoding Parameters: Predicates/AI/AIDecodingParameters.cs -- captures model parameters (temperature, top-p, max tokens) for reproducibility.
  • DSSE Signing: Signing/ProofChainSigner.cs -- signs policy draft attestations for immutability.
  • Tests: __Tests/StellaOps.Attestor.ProofChain.Tests/AIPolicyDraftTests.cs

E2E Test Plan

  • Create an AIPolicyDraftStatement with multiple AIPolicyRuleDraft entries and verify the statement structure
  • Generate PolicyRuleTestCase entries for a drafted rule and verify they cover positive and negative scenarios
  • Validate the drafted policy via PolicyValidationResult and verify it passes all generated test cases
  • Classify the policy draft via AIAuthorityClassifier.PolicyDraft and verify the authority level based on evidence quality
  • Verify AIModelIdentifier captures the model that generated the draft (e.g., provider="anthropic", model="claude-opus-4-6")
  • Verify AIDecodingParameters captures reproducibility parameters (temperature, seed)
  • Sign the policy draft statement via ProofChainSigner and verify the DSSE envelope is valid
  • Create policy drafts of different PolicyRuleType (Gate, Advisory, Informational) and verify type-specific behavior