stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
cf5b72974f923126944f4dcd47e85864ebb31a3b
git.stella-ops.org/docs/features/unchecked/policy/path-scope-simulation-bridge.md

2.2 KiB
Raw Blame History

Path-Scope Simulation Bridge

Module

Policy

Status

IMPLEMENTED

Description

Scoped simulation that evaluates policy changes against specific artifact paths rather than the entire estate.

Implementation Details

  • PathScopeSimulationEndpoint: src/Policy/StellaOps.Policy.Engine/Endpoints/PathScopeSimulationEndpoint.cs -- REST endpoint for path-scoped simulation
  • WhatIfSimulationService: src/Policy/StellaOps.Policy.Engine/WhatIfSimulation/WhatIfSimulationService.cs
    • SimulateAsync() computes baseline vs simulated decisions for targeted artifacts
    • SBOM diff operations (add/remove/upgrade/downgrade) scoped to specific artifact paths
    • Decision changes: status_changed, severity_changed, new, removed
    • Impact summary: risk delta (increased/decreased/unchanged), blocked/warning deltas, recommendations
  • RiskSimulationService: src/Policy/StellaOps.Policy.Engine/Simulation/RiskSimulationService.cs
    • SimulateWithBreakdown() -- full simulation with severity distribution and top movers
    • CompareProfilesWithBreakdown() -- profile comparison with delta analysis
    • Signal-based scoring for targeted paths
  • ConsoleSimulationDiffService: src/Policy/StellaOps.Policy.Engine/Console/ConsoleSimulationDiffService.cs
    • Schema version: console-policy-23-001
    • Deterministic before/after severity breakdowns for scoped paths
  • OverlaySimulationEndpoint: src/Policy/StellaOps.Policy.Engine/Endpoints/OverlaySimulationEndpoint.cs -- overlay simulation for policy rule changes

E2E Test Plan

  • POST path-scope simulation for specific artifact digest; verify simulation results scoped to that artifact only
  • Simulate adding a component to a specific path; verify delta shows new findings for that path
  • Simulate removing a component from a specific path; verify delta shows removed findings
  • Simulate upgrade on path A; verify path B findings are unchanged in delta
  • Verify simulation response includes before/after severity breakdowns for the scoped path
  • Verify simulation response includes risk delta (increased/decreased/unchanged)
  • Verify simulation response includes top movers within the scoped path
  • Verify console simulation diff produces deterministic output for same inputs