stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity
Files
d509c44411709db41f2fd497ac7f5ec8b8e96c63
git.stella-ops.org/docs/modules/vex-lens/guides/consensus-algorithm.md
master 4789027317 docs consolidation and others
2026-01-06 19:07:48 +02:00

1.3 KiB
Raw Blame History

VEX Consensus Algorithm (Deterministic)

This document describes the consensus computation at a high level. It is not an API contract; see docs/vex/consensus-json.md and docs/vex/consensus-api.md for payload and endpoint details.

Inputs

  • Normalized VEX tuples (status, justification, scope, timestamp, source digest)
  • Issuer trust registry (tiers, weights, verification state)
  • Optional policy precedence rules for how to treat conflicts

Grouping and Ordering

  1. Group tuples by correlation key (typically (artifactId/productKey, vulnerabilityId) per tenant).
  2. Apply a stable sort for evaluation, commonly:
    • Most recent statement first (timestamp)
    • Higher trust tier/weight first
    • Higher verification confidence first

Ordering must be deterministic for identical inputs.

Lattice Join

Consensus uses a lattice-style join to avoid false safety:

  • Model states with an explicit uncertainty ordering (e.g., unknown and under_investigation remain meaningful outcomes).
  • Preserve conflicts when competing issuers disagree at comparable precedence.

The output includes:

  • Effective status
  • Confidence/weight summary
  • References to source statements (digests)
  • Conflict list (who disagrees and how)

References

  • docs/modules/vex-lens/architecture.md