40 lines
2.5 KiB
Markdown
40 lines
2.5 KiB
Markdown
# Release Gate Levels (G0-G4)
|
|
|
|
## Module
|
|
Policy
|
|
|
|
## Status
|
|
IMPLEMENTED
|
|
|
|
## Description
|
|
Five gate levels (G0 through G4) with escalating requirements. GateSelector computes RRS, maps to gate level, and applies budget modifiers (Yellow/Red/Exhausted escalations). Each gate level has defined requirements matching the advisory specification.
|
|
|
|
## Implementation Details
|
|
- **PolicyGateEvaluator**: `src/Policy/StellaOps.Policy.Engine/Gates/PolicyGateEvaluator.cs`
|
|
- Multi-gate evaluation with escalating strictness per gate level
|
|
- Gate levels mapped from Risk Readiness Score (RRS) and budget status
|
|
- 5 sequential gates with configurable thresholds per level
|
|
- Lattice states drive gate decisions: U, SR, SU, RO, RU, CR, CU, X
|
|
- Uncertainty tiers: T1 (High) -> strictest, T4 (Negligible) -> most permissive
|
|
- **PolicyGateOptions**: `src/Policy/StellaOps.Policy.Engine/Gates/PolicyGateOptions.cs` -- per-level gate configuration
|
|
- **PolicyGateDecision**: `src/Policy/StellaOps.Policy.Engine/Gates/PolicyGateDecision.cs` -- decision model with per-gate results
|
|
- **RiskSimulationService**: `src/Policy/StellaOps.Policy.Engine/Simulation/RiskSimulationService.cs`
|
|
- Signal-based RRS computation with severity mapping
|
|
- Severity: Critical>=90, High>=70, Medium>=40, Low>=10
|
|
- Distribution and percentile calculation for gate level determination
|
|
- **Budget integration**: Budget status (Yellow/Red/Exhausted) escalates gate level
|
|
- `BudgetEndpoints.cs`: `src/Policy/StellaOps.Policy.Engine/Endpoints/BudgetEndpoints.cs`
|
|
- `RiskBudgetEndpoints.cs`: `src/Policy/StellaOps.Policy.Engine/Endpoints/RiskBudgetEndpoints.cs`
|
|
- **Ledger**: `src/Policy/StellaOps.Policy.Engine/Ledger/` -- tracks gate decisions for compliance
|
|
|
|
## E2E Test Plan
|
|
- [ ] Evaluate artifact with low RRS (minimal risk); verify gate level maps to G0 (minimal requirements)
|
|
- [ ] Evaluate artifact with high RRS (many critical findings); verify gate level escalates to G3 or G4
|
|
- [ ] Evaluate with budget status Yellow; verify gate level escalates by one level
|
|
- [ ] Evaluate with budget status Exhausted; verify gate level escalates to maximum (G4)
|
|
- [ ] Evaluate at G0: verify only basic evidence completeness is checked
|
|
- [ ] Evaluate at G4: verify all gates apply strictest thresholds (lattice state, VEX trust, uncertainty, confidence)
|
|
- [ ] Verify each gate level (G0-G4) has progressively stricter thresholds
|
|
- [ ] Verify gate decision includes per-gate Pass/Warn/Block results for audit trail
|
|
- [ ] Verify ledger records gate level and decision for compliance
|