title: CloudSlash - Verdict Pipeline Reference description: Every node exits the engine pipeline with one verdict: FLAG, DELETE, BLOCK, RISK, CRITICAL, or PURGED. Here is exactly how that decision is made. Every cloud...
Verdict Pipeline¶
Every node exits the engine pipeline with one verdict: FLAG, DELETE, BLOCK, RISK, CRITICAL, or PURGED. Here is exactly how that decision is made.
Note
Every cloud resource passes through a multi-stage pipeline before receiving a verdict. This page traces the flow from raw cloud API ingestion through Devi (graph), Heuristics (waste detection), Oracle (formal verification), PolicyMesh (governance), and s.a.u (remediation).
Pipeline Stages¶
Each stage enriches graph nodes with computed attributes. The final verdict synthesizes all engine outputs.
Devi¶
Graph Construction
Swarm queries all configured cloud provider APIs concurrently using AIMD-controlled worker pools. Raw API responses normalize into the Universal Graph schema.
Each cloud resource becomes a node in the directed acyclic graph (DAG). Relationships: AttachedTo, SecuredBy, FlowsTo, OwnedBy: materialize as typed edges.
Computed attributes: id, provider_type, region, resource_type, cost, tags, service.
Heuristic Analysis¶
The Heuristics Engine applies detection rules to identify waste patterns. Each heuristic evaluates resource-specific signals (API metrics, lifecycle state, attachment status) against thresholds.
Computed attributes: is_waste (boolean), waste_reason (string).
Examples:
- EBS volume in
availablestate for >14 days →is_waste=true,waste_reason="unattached_volume" - Lambda with 0 invocations for 90 days →
is_waste=true,waste_reason="stale_lambda" - NAT Gateway with <1GB traffic for 30 days →
is_waste=true,waste_reason="hollow_nat_gateway"
Oracle¶
Formal Verification
Oracle runs reachability analysis and risk scoring using the graph topology.
Computed attributes: risk_score (float64, 0-100), reachability (string: reachable | unreachable | unknown).
The risk score synthesizes:
- Network reachability (is this resource in the critical path of a production flow?)
- Spot instance interruption probability (Bayesian model per AZ)
- Blast radius (how many downstream resources depend on this node?)
- API error rate correlation
PolicyMesh¶
Policy Evaluation
CEL policies evaluate against each node. Policy matches produce violations that influence the final verdict.
Computed attributes: Policy violation flags, enforcement mode.
s.a.u¶
Remediation Classification
s.a.u assigns lifecycle phases to resources progressing through the remediation pipeline.
Computed attributes: phase (string: flagged | analyzed | codegen | sau_gate | quarantined | pending | applied | purged).
Final Verdict Computation¶
The TUI and scan output compute verdicts by evaluating engine-computed attributes in priority order:
| Priority | Condition | Verdict | Engine |
|---|---|---|---|
| 1 | phase == "purged" |
PURGED |
s.a.u |
| 2 | phase == "quarantined" && risk_score >= 80 |
BLOCK |
s.a.u |
| 3 | reachability == "reachable" |
CRITICAL |
Oracle |
| 4 | is_waste && risk_score >= 50 |
DELETE |
Devi |
| 5 | is_waste |
FLAG |
Devi |
| 6 | risk_score > 30 |
RISK |
Oracle |
| 7 | (default) | -- |
Devi |
s.a.u safety overrides always take precedence over heuristic waste detection, which defers to Oracle formal verification for elevated-risk resources.