2.3 KiB
2.3 KiB
VEX Handling with Formal Reasoning (Lattice-Based Merge)
Module
Excititor
Status
IMPLEMENTED
Description
VEX handling with a K4 trust lattice engine for deterministic merging of vendor/distro/internal VEX claims, claim score merging, conflict penalization, and disposition selection via policy-driven rules.
Implementation Details
- Modules:
src/Excititor/__Libraries/StellaOps.Excititor.Core/Lattice/,src/Excititor/__Libraries/StellaOps.Excititor.Core/TrustVector/ - Key Classes:
ClaimScoreMerger(src/Excititor/__Libraries/StellaOps.Excititor.Core/Lattice/ClaimScoreMerger.cs) - merges claim scores using lattice algebra with conflict penalizationPolicyLatticeAdapter(src/Excititor/__Libraries/StellaOps.Excititor.Core/Lattice/PolicyLatticeAdapter.cs) - adapts K4 policy lattice for VEX claim mergeTrustWeightRegistry(src/Excititor/__Libraries/StellaOps.Excititor.Core/Lattice/TrustWeightRegistry.cs) - registry of per-source trust weightsClaimScoreCalculator(src/Excititor/__Libraries/StellaOps.Excititor.Core/TrustVector/ClaimScoreCalculator.cs) - calculates claim scores from trust vectorsClaimStrength(src/Excititor/__Libraries/StellaOps.Excititor.Core/TrustVector/ClaimStrength.cs) - claim strength modelVexScoreEnvelope(src/Excititor/__Libraries/StellaOps.Excititor.Core/VexScoreEnvelope.cs) - envelope wrapping scored VEX claimsVexConsensusResolver(src/Excititor/__Libraries/StellaOps.Excititor.Core/VexConsensusResolver.cs) - resolves consensus using lattice rules
- Interfaces:
IVexLatticeProvider,IVexConsensusPolicy - Source: Feature matrix scan
E2E Test Plan
- Submit multiple VEX claims for the same vulnerability and verify
ClaimScoreMergerproduces a deterministic merged score using lattice algebra - Verify conflict penalization: conflicting claims (affected vs not_affected) reduce the merged score
- Verify
PolicyLatticeAdapterapplies K4 lattice rules for disposition selection (top > bottom in lattice ordering) - Verify
TrustWeightRegistryapplies different weights to vendor, distro, and internal sources - Verify
ClaimScoreCalculatorcomputes scores from multi-dimensional trust vectors - Verify the merged result is monotonic: adding more evidence can only increase confidence, not decrease it