W1 — Exposure Evaluation Logic

Implementation status: Spec complete. 8 finding types defined, evaluator rule patterns designed. Implementation planned — see W1 unified implementation plan.

W1 emits findings; the UI presents the path’s current exposure as the set of active findings.

This document defines the deterministic evaluation logic W1 applies to the normalized execution/authority path graph.

All outcomes must be evidence-backed. Unknown states are first-class results.

1. Authority path Qualification

A workload qualifies as execution-backed when:

It is an inventoried workload.
It can execute without an active human session.
A first-party execution_evidence record exists.
The execution record can be deterministically linked to the specific workload construct (or its execution identity) without heuristic matching.

If condition (4) cannot be satisfied:

execution_status = unproven

Execution status is binary: proven or unproven.

2. Identity Binding Resolution

It applies to the authority path.

For each workload:

Traverse:

workload → RUNS_AS → identity

Identity binding is valid when:

The relationship is deterministically recorded,
The identity object is uniquely identifiable.

If linkage fails:

identity_status = unknown

No heuristic correlation is permitted.

3. Data Reachability Computation

Reachability is computed via bounded traversal.

Primary path:

workload → RUNS_AS → identity
identity → HAS_ROLE → GRANTS → APPLIES_TO → resource

Rules:

Only directly recorded edges are traversed.
No inference of implied permissions.
No RBAC inheritance modeling beyond explicit assignments.
No multi-hop AUTHENTICATES_TO traversal.

Each reachable resource is mapped to:

business_domain
sensitivity

Output:

Domain-level classification only.
If no deterministic resource mapping exists: data_origin = unknown.

4. Egress Determination

Egress is determined via first outbound boundary traversal.

Primary path:

workload → INVOKES → connection → USES → credential → AUTHENTICATES_AS → identity

or first observable outbound endpoint configuration.

Classification is based on endpoint host/base URL:

LLM
External
Internal
Unknown

Constraints:

Stop at first outbound boundary.
Do not traverse further AUTHENTICATES_TO hops.
No payload/header inspection.
If no outbound configuration is observable: egress = none_observed.

5. Ownership Evaluation

Ownership state is derived from:

entity → OWNED_BY → owner

Ownership is:

valid (at least one active identifiable owner)
invalid (no active owners or any one active owner is missing)
ambiguous (group-only ownership without individual accountability)
unknown (insufficient deterministic metadata)

Ownership evaluation is independent of execution status.

6. Deterministic Finding Triggers

W1 emits deterministic findings derived from graph state.

W1 emits only a restricted set of finding types appropriate to autonomous execution (e.g., unproven execution, unknown identity binding, sensitive reachability, outbound boundary classification, ownership invalid/ambiguous/unknown).

Each finding must:

Be derived solely from deterministic graph evidence.
Include a clear, plain-language deterministic explanation.
Explicitly declare any evidence gaps.
Be persisted using the platform’s canonical Finding model.

W1 does not introduce new persistence semantics or lifecycle behavior beyond the platform Finding model.

6A. Evidence Declaration Requirement

Every W1 finding must explicitly declare whether required evidence was:

Available and used,
Partially available,
Unavailable, or
Not applicable to the evaluated surface.

W1 must never imply evidence availability when it was not accessible.

Unknown or unavailable evidence is a valid and explicit outcome.

7. Triage Grouping

Risk grouping is a deterministic roll-up of active findings.

Inputs:

Execution status
Data domain sensitivity
Egress classification
Ownership status

Grouping does not replace canonical findings and does not introduce new risk semantics.

8. Unknown Handling

At any stage where:

Required edges are absent,
Deterministic identifiers cannot be joined,
First-party artifacts are unavailable,

The system must:

Stop traversal,
Emit explicit unknown state,
Avoid inference.

Unknown is not an error condition.

9. Architectural Constraint

W1 may compute derived reachability or authority path relationships ephemerally during evaluation.

W1 does not require:

execution_chains persistence,
Chain versioning,
Composition fingerprints,
Temporal drift analysis.

Those capabilities belong to future wedges.

1. Authority path Qualification​

2. Identity Binding Resolution​

3. Data Reachability Computation​

4. Egress Determination​

5. Ownership Evaluation​

6. Deterministic Finding Triggers​

6A. Evidence Declaration Requirement​

7. Triage Grouping​

8. Unknown Handling​

9. Architectural Constraint​