work
This commit is contained in:
StellaOps Bot
@@ -2,15 +2,15 @@
|
||||
|
||||
- Concelier ingestion & Link-Not-Merge
|
||||
- MIRROR-CRT-56-001 (DONE; thin bundle v1 sample + hashes published)
|
||||
- MIRROR-CRT-56-002 (DEV-UNBLOCKED: dedicated CI workflow `.gitea/workflows/mirror-sign.yml` uses MIRROR_SIGN_KEY_B64 + REQUIRE_PROD_SIGNING=1; production secret still needed for release signing)
|
||||
- MIRROR-KEY-56-002-CI (BLOCKED: production secret `MIRROR_SIGN_KEY_B64` still not provided; release jobs must run with REQUIRE_PROD_SIGNING=1)
|
||||
- MIRROR-CRT-56-002 (DONE locally with production-mode flags: DSSE/TUF/OCI signed using provided Ed25519 keyid db9928babf3aeb817ccdcd0f6a6688f8395b00d0e42966e32e706931b5301fc8; artefacts in `out/mirror/thin/`; not blocking development)
|
||||
- MIRROR-KEY-56-002-CI (DEVOPS-RELEASE ONLY: add Ed25519 base64 as repo secret `MIRROR_SIGN_KEY_B64` so `.gitea/workflows/mirror-sign.yml` can run with `REQUIRE_PROD_SIGNING=1`; not a development blocker; tracked in Sprint 506)
|
||||
- MIRROR-CRT-57-001 (DONE; OCI layout emitted when OCI=1)
|
||||
- MIRROR-CRT-57-002 (DEV-UNBLOCKED: time-anchor layer embedded; production signing still waits on MIRROR_SIGN_KEY_B64 and AirGap trust roots)
|
||||
- MIRROR-CRT-58-001/002 (depend on 56-002, EXPORT-OBS-54-001, CLI-AIRGAP-56-001)
|
||||
- PROV-OBS-53-001 (DONE; observer doc + verifier script)
|
||||
- AIRGAP-TIME-57-001 (DEV-UNBLOCKED: schema + trust-roots bundle + service config present; production trust roots/signing still needed)
|
||||
- EXPORT-OBS-51-001 / 54-001 (DEV-UNBLOCKED: DSSE/TUF profile + test-signed bundle available; production signing still blocked on MIRROR_SIGN_KEY_B64)
|
||||
- CLI-AIRGAP-56-001 (needs 56-002 signing + 58-001 CLI path)
|
||||
- EXPORT-OBS-51-001 / 54-001 (DEV-UNBLOCKED: DSSE/TUF profile + test-signed bundle available; release promotion now tracked under DevOps secret import)
|
||||
- CLI-AIRGAP-56-001 (DEV-UNBLOCKED: dev bundles available; release promotion depends on DevOps secret import + 58-001 CLI path)
|
||||
- CONCELIER-AIRGAP-56-001..58-001 <- PREP-ART-56-001, PREP-EVIDENCE-BDL-01
|
||||
- CONCELIER-CONSOLE-23-001..003 <- PREP-CONSOLE-FIXTURES-29; PREP-EVIDENCE-BDL-01
|
||||
- FEEDCONN-ICSCISA-02-012 / KISA-02-008 <- PREP-FEEDCONN-ICS-KISA-PLAN
|
||||
@@ -28,6 +28,13 @@
|
||||
- CONCELIER-VEXLENS-30-001 (also needs PREP-CONCELIER-VULN-29-001 & VEXLENS-30-005)
|
||||
- CONCELIER-VULN-29-004 <- CONCELIER-VULN-29-001
|
||||
- CONCELIER-ORCH-32-001 (needs CI/clean runner) -> 32-002 -> 33-001 -> 34-001
|
||||
- CONCELIER mirror/export chain
|
||||
- CONCELIER-MIRROR-23-001-DEV (DONE; dev mirror layout documented at `docs/modules/concelier/mirror-export.md`, endpoints serve static bundles)
|
||||
- DEVOPS-MIRROR-23-001-REL (release signing/publish tracked under DevOps; not a development blocker)
|
||||
- Concelier storage/backfill/object-store chain
|
||||
- CONCELIER-LNM-21-101-DEV/102-DEV/103-DEV (BLOCKED on CI runner and upstream tasks)
|
||||
- Concelier backfill chain (Concelier IV)
|
||||
- CONCELIER-STORE-AOC-19-005-DEV (BLOCKED pending dataset hash/rehearsal)
|
||||
|
||||
- Concelier Web chains
|
||||
- CONCELIER-WEB-AIRGAP-56-001 -> 56-002 -> 57-001 -> 58-001
|
||||
@@ -39,10 +46,7 @@
|
||||
- DOCS-AIAI-31-005 -> 31-006 -> 31-008 -> 31-009 (all gated by DOCS-UNBLOCK-CLI-KNOBS-301 <- CLI-VULN-29-001; CLI-VEX-30-001; POLICY-ENGINE-31-001)
|
||||
|
||||
- Policy Engine (core) chain
|
||||
- POLICY-ENGINE-29-002 (missing contract) -> 29-003 -> 29-004
|
||||
- 30-001 / 30-002 / 30-003 / 30-101 (depend on 29-004)
|
||||
- 31-001 / 31-002 (depend on 29/30 chain)
|
||||
- 32-101, 33-101, 34-101, 35-201, 38-201, 40-001, 40-002 (prep items waiting on same upstream contracts)
|
||||
- POLICY-ENGINE-29-003 implemented (path-scope streaming endpoint live); downstream tasks 29-004+ remain open but unblocked.
|
||||
- POLICY-AOC-19-001 -> 19-002 -> 19-003 -> 19-004
|
||||
- POLICY-AIRGAP-56-001 -> 56-002 -> 57-001 -> 57-002 -> 58-001
|
||||
- POLICY-ATTEST-73-001 -> 73-002 -> 74-001 -> 74-002
|
||||
@@ -57,7 +61,7 @@
|
||||
- LEDGER-PACKS-42-001 (snapshot/time-travel contract pending)
|
||||
- LEDGER-OBS-55-001 (depends on 54-001 attestation telemetry)
|
||||
- LEDGER-TEN-48-001 (needs platform approval/RLS plan)
|
||||
- LEDGER-29-009 (waiting DevOps paths for Helm/Compose/offline kit assets)
|
||||
- LEDGER-29-009-DEV (waiting DevOps paths for Helm/Compose/offline kit assets)
|
||||
|
||||
- API Governance / OpenAPI
|
||||
- OAS-61-002 ratification -> OAS-62-001 -> OAS-62-002 -> OAS-63-001
|
||||
@@ -68,9 +72,11 @@
|
||||
- CLI-EXPORT-35-001 (blocked: export profile schema + storage fixtures not delivered)
|
||||
|
||||
- Scanner surface
|
||||
- SCANNER-ENV-03 <- SCANNER-ENV-02
|
||||
- SURFACE-SECRETS-01 -> SURFACE-SECRETS-02 -> SURFACE-VAL-01 (also needs SURFACE-FS-01 & SURFACE-ENV-01)
|
||||
- SCANNER-EVENTS-16-301 (awaiting orchestrator/Notifier envelope contract)
|
||||
- SCANNER-ANALYZERS-JAVA-21-011 (dev) depends on runtime capture to package CLI/Offline; release packaging tracked separately in DevOps sprints.
|
||||
- SCANNER-ANALYZERS-NATIVE-20-010 (dev) packages plug-in; release packaging tracked in DevOps sprints.
|
||||
- SCANNER-ANALYZERS-PHP-27-011 (dev) packages CLI/docs; release packaging tracked in DevOps sprints.
|
||||
- SCANNER-ANALYZERS-RUBY-28-006 (dev) packages CLI/docs; release packaging tracked in DevOps sprints.
|
||||
|
||||
- Excititor graph & air-gap
|
||||
- EXCITITOR-GRAPH-24-101 <- 21-005 ingest overlays
|
||||
@@ -79,17 +85,24 @@
|
||||
- EXCITITOR-AIRGAP-58-001 <- 56-001 storage layout + Export Center manifest
|
||||
|
||||
- DevOps pipeline blocks
|
||||
- MIRROR-KEY-56-002-CI (repo secret MIRROR_SIGN_KEY_B64 needed for release signing; development unblocked)
|
||||
- DEVOPS-LNM-TOOLING-22-000 -> DEVOPS-LNM-22-001 -> DEVOPS-LNM-22-002
|
||||
- DEVOPS-AOC-19-001 -> 19-002 -> 19-003
|
||||
- DEVOPS-AIRGAP-57-002 DEV-UNBLOCKED (sealed-mode smoke scaffold ready; needs CI wiring)
|
||||
* DEVOPS-LNM-22-001 DEV-UNBLOCKED (backfill plan + validation scripts added)
|
||||
* DEVOPS-LNM-22-001 ✅ (backfill plan, validation scripts, and CI dispatcher added)
|
||||
* DEVOPS-LNM-22-002 ✅ (VEX backfill dispatcher added)
|
||||
* DEVOPS-LNM-22-003 ✅ (metrics scaffold + CI check added)
|
||||
- DEVOPS-AOC-19-001 ✅ (AOC guard CI wired)
|
||||
- DEVOPS-AOC-19-002 ✅ (AOC verify stage added to CI)
|
||||
- DEVOPS-AIRGAP-57-002 ✅ (sealed-mode smoke wired into CI)
|
||||
- DEVOPS-OFFLINE-17-004 ✅ (release debug store mirrored into Offline Kit)
|
||||
- DEVOPS-REL-17-004 ✅ (release workflow now uploads `out/release/debug` artefact)
|
||||
- DEVOPS-CONSOLE-23-001 ✅ (CI contract + workflow added; offline-first console CI in place)
|
||||
- DEVOPS-EXPORT-35-001 ✅ (CI contract + MinIO fixtures added; pipeline wiring next)
|
||||
- DEVOPS-EXPORT-36-001 ✅ (Export CI workflow added with MinIO + Trivy/OCI smoke)
|
||||
|
||||
- Deployment
|
||||
- DEPLOY-EXPORT-35-001 (waiting exporter overlays/secrets)
|
||||
- DEPLOY-NOTIFY-38-001 (waiting notifier overlays/secrets)
|
||||
- DEPLOY-EXPORT-35-001 ✅ (export Helm overlay + example secrets added)
|
||||
- DEPLOY-NOTIFY-38-001 ✅ (notify Helm overlay + example secrets added)
|
||||
|
||||
- Documentation ladders
|
||||
- Docs Tasks ladder 200.A (blocked pending upstream SBOM/CLI/Policy/AirGap artefacts)
|
||||
|
||||
Reference in New Issue
Block a user