stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
cf5b72974f923126944f4dcd47e85864ebb31a3b
git.stella-ops.org/docs/features/unchecked/attestor/risk-budget-unknowns-gate.md

2.8 KiB
Raw Blame History

Risk Budget / Unknowns Gate

Module

Attestor

Status

IMPLEMENTED

Description

Risk budget enforcement with unknowns gate checker, budget violation predicates, and unknowns aggregation across evidence chains.

Implementation Details

  • Budget Check Predicate: src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Predicates/BudgetCheckPredicate.cs -- predicate for budget check results.
  • Budget Check Result: Predicates/BudgetCheckResult.cs -- result of a budget check (pass/fail with details). Also in Services/BudgetCheckResult.cs.
  • Budget Config: Predicates/BudgetConfig.cs -- budget configuration (max unknowns, max unresolved, thresholds).
  • Budget Actual Counts: Predicates/BudgetActualCounts.cs -- actual counts observed against the budget.
  • Budget Violation: Predicates/BudgetViolation.cs -- individual budget violation. Also in Services/BudgetViolation.cs.
  • Budget Violation Predicate: Predicates/BudgetViolationPredicate.cs -- predicate containing all violations for attestation.
  • Unknowns Aggregator: Services/IUnknownsAggregator.cs -- interface for aggregating unknowns across evidence chains.
  • Unknown Item: Services/UnknownItem.cs -- individual unknown item in the evidence chain.
  • Exception Ref: Services/ExceptionRef.cs -- reference to an exception that offsets a budget violation.
  • Uncertainty Budget Payload: Statements/UncertaintyBudgetPayload.cs -- in-toto payload for uncertainty budgets.
  • Uncertainty Budget Statement: Statements/UncertaintyBudgetStatement.cs -- in-toto statement wrapping budget data.
  • Budget Definitions: Statements/BudgetDefinition.cs, BudgetExceptionEntry.cs, BudgetObservation.cs, BudgetViolationEntry.cs -- statement-level budget models.
  • Delta Verdict Budget: Predicates/DeltaVerdictPredicate.Budget.cs -- budget tracking in delta verdicts.
  • Tests: __Tests/StellaOps.Attestor.ProofChain.Tests/BudgetCheckTests.cs

E2E Test Plan

  • Create a BudgetConfig with max_unknowns=5, check against BudgetActualCounts with 3 unknowns, and verify BudgetCheckResult passes
  • Create a BudgetConfig with max_unknowns=5, check against 7 unknowns, and verify BudgetCheckResult fails with BudgetViolation
  • Aggregate unknowns across multiple evidence chains via IUnknownsAggregator and verify total count
  • Create a BudgetViolationPredicate with multiple violations and sign it into a DSSE envelope
  • Apply an ExceptionRef to offset a budget violation and verify the adjusted budget passes
  • Build an UncertaintyBudgetStatement with budget definitions and observations; verify the statement structure
  • Verify delta verdict budget tracking via DeltaVerdictPredicate.Budget: budget violations in delta context
  • Verify UnknownItem captures the source, reason, and evidence chain context for each unknown