stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
cf5b72974f923126944f4dcd47e85864ebb31a3b
git.stella-ops.org/docs/features/unchecked/policy/path-scope-simulation-bridge.md

37 lines
2.2 KiB
Markdown
Raw Blame History

# Path-Scope Simulation Bridge
## Module
Policy
## Status
IMPLEMENTED
## Description
Scoped simulation that evaluates policy changes against specific artifact paths rather than the entire estate.
## Implementation Details
- **PathScopeSimulationEndpoint**: `src/Policy/StellaOps.Policy.Engine/Endpoints/PathScopeSimulationEndpoint.cs` -- REST endpoint for path-scoped simulation
- **WhatIfSimulationService**: `src/Policy/StellaOps.Policy.Engine/WhatIfSimulation/WhatIfSimulationService.cs`
- `SimulateAsync()` computes baseline vs simulated decisions for targeted artifacts
- SBOM diff operations (add/remove/upgrade/downgrade) scoped to specific artifact paths
- Decision changes: status_changed, severity_changed, new, removed
- Impact summary: risk delta (increased/decreased/unchanged), blocked/warning deltas, recommendations
- **RiskSimulationService**: `src/Policy/StellaOps.Policy.Engine/Simulation/RiskSimulationService.cs`
- `SimulateWithBreakdown()` -- full simulation with severity distribution and top movers
- `CompareProfilesWithBreakdown()` -- profile comparison with delta analysis
- Signal-based scoring for targeted paths
- **ConsoleSimulationDiffService**: `src/Policy/StellaOps.Policy.Engine/Console/ConsoleSimulationDiffService.cs`
- Schema version: console-policy-23-001
- Deterministic before/after severity breakdowns for scoped paths
- **OverlaySimulationEndpoint**: `src/Policy/StellaOps.Policy.Engine/Endpoints/OverlaySimulationEndpoint.cs` -- overlay simulation for policy rule changes
## E2E Test Plan
- [ ] POST path-scope simulation for specific artifact digest; verify simulation results scoped to that artifact only
- [ ] Simulate adding a component to a specific path; verify delta shows new findings for that path
- [ ] Simulate removing a component from a specific path; verify delta shows removed findings
- [ ] Simulate upgrade on path A; verify path B findings are unchanged in delta
- [ ] Verify simulation response includes before/after severity breakdowns for the scoped path
- [ ] Verify simulation response includes risk delta (increased/decreased/unchanged)
- [ ] Verify simulation response includes top movers within the scoped path
- [ ] Verify console simulation diff produces deterministic output for same inputs
Reference in New Issue View Git Blame Copy Permalink