stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
fa4823f46c4bc090294580a9136fb6b0e11e50f9
git.stella-ops.org/docs/features/unchecked/attestor/auto-vex-drafting-attestation.md

2.6 KiB
Raw Blame History

Auto-VEX Drafting Attestation

Module

Attestor

Status

IMPLEMENTED

Description

VEX draft generation attestation types for AI-generated VEX statements with justifications, enabling lattice-aware merge preview.

Implementation Details

  • AIVexDraftPredicate: src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Predicates/AI/AIVexDraftPredicate.cs -- extends AIArtifactBasePredicate with VEX-specific draft fields.
  • AIVexStatementDraft: AIVexStatementDraft.cs -- individual VEX statement draft with status, justification, and product/vulnerability references.
  • AIVexJustification: AIVexJustification.cs -- AI-generated justification for VEX status decisions.
  • Classifier Integration: AIAuthorityClassifier.VexDraft.cs and AIAuthorityClassifier.VexDraftScore.cs -- classifies VEX drafts into Suggestion/EvidenceBacked/AuthorityThreshold.
  • Statement: src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Statements/AIVexDraftStatement.cs -- wraps VEX draft as in-toto statement.
  • VEX Predicate: __Libraries/StellaOps.Attestor.ProofChain/Predicates/VexPredicate.cs -- base VEX predicate. VexAttestationPredicate.cs -- VEX attestation predicate.
  • VEX Override System: src/Attestor/__Libraries/StellaOps.Attestor.StandardPredicates/VexOverride/ -- VexOverridePredicateBuilder.cs (with .Build, .Serialize, .WithMethods), VexOverridePredicateParser.cs (with multiple partials) for building and parsing VEX overrides.
  • VEX Proof Integration: __Libraries/StellaOps.Attestor.ProofChain/Generators/VexProofIntegrator.cs (with .Helpers, .Metadata) and VexVerdictProofPayload.cs -- integrates VEX drafts into the proof chain.

E2E Test Plan

  • Create an AIVexDraftPredicate with multiple AIVexStatementDraft entries (not_affected, affected, under_investigation) and verify JSON serialization preserves all fields
  • Create a VEX draft with AIVexJustification containing evidence citations and classify via AIAuthorityClassifier.VexDraft, verifying EvidenceBacked authority when citations are sufficient
  • Wrap the VEX draft in AIVexDraftStatement and verify it produces a valid in-toto statement with correct predicate type
  • Build a VexOverridePredicate from an AI-generated draft via VexOverridePredicateBuilder and verify the override captures the draft's justification
  • Parse a serialized VEX override via VexOverridePredicateParser and verify all fields round-trip correctly
  • Integrate a VEX draft into the proof chain via VexProofIntegrator and verify the proof payload contains the draft evidence