37 lines
2.7 KiB
Markdown
37 lines
2.7 KiB
Markdown
# Gate Bypass Audit Logging
|
|
|
|
## Module
|
|
Policy
|
|
|
|
## Status
|
|
IMPLEMENTED
|
|
|
|
## Description
|
|
Dedicated gate bypass audit system that records who/when/why for any gate override, persisting actor identity, justification text, IP address, and CI context to an audit repository. Includes rate limiting support for bypass abuse prevention.
|
|
|
|
## Implementation Details
|
|
- **PolicyGateEvaluator override support**: `src/Policy/StellaOps.Policy.Engine/Gates/PolicyGateEvaluator.cs`
|
|
- Override mechanism integrated into multi-gate evaluation pipeline
|
|
- Override requires justification string (non-empty)
|
|
- Gate result types include PassWithNote for approved bypasses with audit trail
|
|
- Each gate decision is logged with full context (gate name, decision, justification)
|
|
- **PolicyGateOptions**: `src/Policy/StellaOps.Policy.Engine/Gates/PolicyGateOptions.cs` -- gate configuration including override policies
|
|
- **ExceptionEffectRegistry**: `src/Policy/StellaOps.Policy.Engine/Adapters/ExceptionEffectRegistry.cs` -- maps exception types to effects with audit trail
|
|
- **ExceptionApplication audit**: `src/Policy/__Libraries/StellaOps.Policy.Exceptions/Models/ExceptionApplication.cs`
|
|
- Records every exception application with ExceptionId, FindingId, OriginalStatus, AppliedStatus, EffectName, EffectType, EvaluationRunId, PolicyBundleDigest, AppliedAt, Metadata
|
|
- Metadata dictionary supports arbitrary context (IP address, CI pipeline ID, actor identity)
|
|
- **IExceptionApplicationRepository**: `src/Policy/__Libraries/StellaOps.Policy.Exceptions/Repositories/IExceptionApplicationRepository.cs`
|
|
- Query by ExceptionId, FindingId, EvaluationRunId, time range for audit review
|
|
- Statistics: total applications, unique exceptions/findings/vulnerabilities, breakdowns by effect type and status
|
|
- **VerdictAttestationService**: `src/Policy/StellaOps.Policy.Engine/Attestation/VerdictAttestationService.cs` -- DSSE-signed attestations for all verdict decisions including bypasses
|
|
|
|
## E2E Test Plan
|
|
- [ ] Apply gate override with justification; verify ExceptionApplication record includes justification in Metadata
|
|
- [ ] Apply gate override; verify Metadata contains actor identity, IP address, and timestamp
|
|
- [ ] Query `GetByExceptionIdAsync` for override exception; verify full audit trail returned
|
|
- [ ] Apply 3 overrides in same evaluation run; query `GetByEvaluationRunIdAsync`; verify all 3 returned
|
|
- [ ] Apply override with empty justification; verify override is rejected (justification required)
|
|
- [ ] Query `GetStatisticsAsync` after multiple overrides; verify ByEffectType counts include override effects
|
|
- [ ] Verify VerdictAttestationService creates DSSE-signed attestation for override decisions
|
|
- [ ] Verify override decisions are included in `GetByTimeRangeAsync` query results for compliance export
|