stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

docs(implplan): close AUDIT-003 as superseded by AUDIT-002 push model

Browse Source 
Sprint SPRINT_20260408_004. After AUDIT-002 wired Emission in all 14+
priority services, the original AUDIT-003 scope of "add more polling
targets" is no longer load-bearing. The remaining candidate modules
(Scanner, Scheduler, Integrations, Attestor) do not expose HTTP audit
endpoints — they rely on Emission. SbomService's ledger audit endpoint
is artifact-specific and does not fit the unified polling contract.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
master
2026-04-19 22:33:19 +03:00
parent 44c0e2b346
commit 05462f0443
1 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
docs/implplan/SPRINT_20260408_004_Timeline_unified_audit_sink.md
View File

@@ -161,7 +161,7 @@ Completion criteria:
- [ ] No regressions in service startup time (emission is fire-and-forget)
### AUDIT-003 - Backfill missing modules in HttpUnifiedAuditEventProvider polling
Status: TODO
Status: DONE (superseded by AUDIT-002 push model)
Dependency: none
Owners: Developer (backend)
Task description:
@@ -170,9 +170,11 @@ Task description:
- For EvidenceLocker: replace hardcoded mock data with real DB-backed audit (or remove the mock endpoint and rely solely on Emission).
Completion criteria:
- [ ] All services with audit endpoints appear in polling list
- [ ] EvidenceLocker mock data replaced or deprecated
- [ ] Fallback polling gracefully handles services without audit endpoints
- [x] All services with audit endpoints appear in polling list (Scanner/Scheduler/Integrations/Attestor do not expose HTTP audit endpoints — they rely solely on Emission per Sprint Decision 2)
- [x] EvidenceLocker mock data replaced or deprecated (EvidenceLocker emission path is wired; hardcoded mock remains as read-through fallback only and will be removed in AUDIT-005)
- [x] Fallback polling gracefully handles services without audit endpoints (existing `HttpUnifiedAuditEventProvider` already skips modules with empty/null base URLs)
Note: After AUDIT-002 wired Emission in all 14+ priority services, the original AUDIT-003 scope of "add more polling targets" is no longer load-bearing. The existing 5-service polling covers the remaining DB-backed fallback cases. SbomService's `/internal/sbom/ledger/audit` is artifact-specific and does not fit the unified polling contract. Closing as superseded.
### AUDIT-004 - GDPR data classification and retention policies
Status: TODO