stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity

Add draft skeletons for various documentation topics

Browse Source 
- Created draft documentation for enabling reachability, CLI authentication, EntryTrace heuristics, Go stripped binaries, Java and Python lockfiles, Rust fingerprint enrichment, SAST integration, Windows/macOS analyzer coverage, scanner engine surface, multi-tenancy operations, RLS and data isolation, ABAC overlays, VEX trust model, VEX ops runbook, VEX mapping, scopes and roles, tenancy overview, VEX signatures, contract testing, VEX consensus algorithm, VEX consensus API, VEX consensus console, VEX consensus overview, and VEX issuer directory.
- Each document includes a status placeholder, purpose, and open TODOs for future updates.
This commit is contained in:
StellaOps Bot
2025-12-05 21:23:21 +02:00
parent 53508ceccb
commit 347c88342c
29 changed files with 582 additions and 129 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
docs/api/authentication.md Normal file
View File

@@ -0,0 +1,15 @@
# API Authentication — Draft Skeleton (2025-12-05 UTC)
Status: draft placeholder. Inputs pending: token schema, scopes grammar, rate limits.
## Token Types
- JWT/DSSE? (awaiting confirmation), PAT, service tokens.
## Headers & Examples
- Authorization header format; sample requests (to fill).
## Error Handling
- Standard error codes; retry rules.
## Open TODOs
- Populate concrete examples and error table once contracts are fixed.

14
docs/console/admin-tenants.md Normal file
View File

@@ -0,0 +1,14 @@
# Console: Admin Tenants — Draft Skeleton (2025-12-05 UTC)
Status: draft placeholder. Depends on Console UX assets and DVDO0110.
## Tasks
- Create/edit/delete tenants.
- Assign roles/scopes via Console.
## Safety
- Imposed rule reminder; audit logging expectations.
## Open TODOs
- Add screenshots/flows when assets arrive.
- Link to multi-tenancy and scopes docs.

76
docs/implplan/SPRINT_0310_0001_0010_docs_tasks_md_x.md
View File

@@ -18,34 +18,39 @@
## Delivery Tracker ## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition | | # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- |
| 1 | DOCS-SIG-26-008 | TODO | Waiting on DOCS-SIG-26-007 and notifications hooks (058_NOTY0101) | Docs Guild; DevOps Guild | Write `/docs/migration/enable-reachability.md` covering rollout, fallbacks, monitoring. | | 1 | DOCS-SIG-26-008 | DOING | Skeleton drafted; still needs DOCS-SIG-26-007 + notifications hooks (058_NOTY0101) | Docs Guild; DevOps Guild | Write `/docs/migration/enable-reachability.md` covering rollout, fallbacks, monitoring. |
| 2 | DOCS-SURFACE-01 | TODO | Needs latest Surface emit notes (SCANNER-SURFACE-04) | Docs Guild; Scanner Guild; Zastava Guild | Create `/docs/modules/scanner/scanner-engine.md` for Surface.FS/Env/Secrets workflow across Scanner/Zastava/Scheduler/Ops. | | 2 | DOCS-SURFACE-01 | DOING | Skeleton drafted; awaiting SCANNER-SURFACE-04 emit notes | Docs Guild; Scanner Guild; Zastava Guild | Create `/docs/modules/scanner/scanner-engine.md` for Surface.FS/Env/Secrets workflow across Scanner/Zastava/Scheduler/Ops. |
| 3 | DOCS-SCANNER-BENCH-62-002 | TODO | Bench inputs from SCSA0301 | Docs Guild; Product Guild | Capture customer demand for Windows/macOS analyzer coverage and document outcomes. | | 3 | DOCS-SCANNER-BENCH-62-002 | DOING | Skeleton drafted; awaiting SCSA0301 inputs | Docs Guild; Product Guild | Capture customer demand for Windows/macOS analyzer coverage and document outcomes. |
| 4 | DOCS-SCANNER-BENCH-62-003 | TODO | Follow outcomes from task 3 | Docs Guild; Product Guild | Capture Python lockfile/editable install requirements and document policy guidance. | | 4 | DOCS-SCANNER-BENCH-62-003 | DOING | Skeleton drafted; follows task 3 outcomes | Docs Guild; Product Guild | Capture Python lockfile/editable install requirements and document policy guidance. |
| 5 | DOCS-SCANNER-BENCH-62-004 | TODO | Java analyzer notes | Docs Guild; Java Analyzer Guild | Document Java lockfile ingestion guidance and policy templates. | | 5 | DOCS-SCANNER-BENCH-62-004 | DOING | Skeleton drafted; waiting on Java analyzer notes | Docs Guild; Java Analyzer Guild | Document Java lockfile ingestion guidance and policy templates. |
| 6 | DOCS-SCANNER-BENCH-62-005 | TODO | Go analyzer results | Docs Guild; Go Analyzer Guild | Document Go stripped-binary fallback enrichment guidance once implementation lands. | | 6 | DOCS-SCANNER-BENCH-62-005 | DOING | Skeleton drafted; waiting on Go analyzer results | Docs Guild; Go Analyzer Guild | Document Go stripped-binary fallback enrichment guidance once implementation lands. |
| 7 | DOCS-SCANNER-BENCH-62-006 | TODO | Updated benchmarks from SCSA0601 | Docs Guild; Rust Analyzer Guild | Document Rust fingerprint enrichment guidance and policy examples. | | 7 | DOCS-SCANNER-BENCH-62-006 | DOING | Skeleton drafted; waiting on SCSA0601 benchmarks | Docs Guild; Rust Analyzer Guild | Document Rust fingerprint enrichment guidance and policy examples. |
| 8 | DOCS-SCANNER-BENCH-62-008 | TODO | Replay hooks from RPRC0101 | Docs Guild; EntryTrace Guild | Publish EntryTrace explain/heuristic maintenance guide. | | 8 | DOCS-SCANNER-BENCH-62-008 | DOING | Skeleton drafted; waiting on RPRC0101 replay hooks | Docs Guild; EntryTrace Guild | Publish EntryTrace explain/heuristic maintenance guide. |
| 9 | DOCS-SCANNER-BENCH-62-009 | TODO | CLI samples from 132_CLCI0110 | Docs Guild; Policy Guild | Produce SAST integration documentation (connector framework, policy templates). | | 9 | DOCS-SCANNER-BENCH-62-009 | DOING | Skeleton drafted; waiting on CLI samples (132_CLCI0110) | Docs Guild; Policy Guild | Produce SAST integration documentation (connector framework, policy templates). |
| 10 | DOCS-TEN-47-001 | TODO | Tenancy ADR from DVDO0110 | Docs Guild; Authority Core | Publish `/docs/security/tenancy-overview.md` and `/docs/security/scopes-and-roles.md` outlining scope grammar, tenant model, imposed rule reminder. | | 10 | DOCS-TEN-47-001 | DOING | Skeletons drafted; waiting on DVDO0110 tenancy ADR | Docs Guild; Authority Core | Publish `/docs/security/tenancy-overview.md` and `/docs/security/scopes-and-roles.md` outlining scope grammar, tenant model, imposed rule reminder. |
| 11 | DOCS-TEN-48-001 | TODO | Depends on DOCS-TEN-47-001 | Docs Guild; Platform Ops | Publish `/docs/operations/multi-tenancy.md`, `/docs/operations/rls-and-data-isolation.md`, `/docs/console/admin-tenants.md`. | | 11 | DOCS-TEN-48-001 | DOING | Skeletons drafted; depends on DOCS-TEN-47-001 | Docs Guild; Platform Ops | Publish `/docs/operations/multi-tenancy.md`, `/docs/operations/rls-and-data-isolation.md`, `/docs/console/admin-tenants.md`. |
| 12 | DOCS-TEN-49-001 | TODO | Depends on DOCS-TEN-48-001; monitoring plan from DVDO0110 | Docs Guild; DevEx Guilds | Publish `/docs/modules/cli/guides/authentication.md`, `/docs/api/authentication.md`, `/docs/policy/examples/abac-overlays.md`, update `/docs/install/configuration-reference.md` with new env vars (include imposed rule line). | | 12 | DOCS-TEN-49-001 | DOING | Skeletons drafted; env vars pending DVDO0110 monitoring plan | Docs Guild; DevEx Guilds | Publish `/docs/modules/cli/guides/authentication.md`, `/docs/api/authentication.md`, `/docs/policy/examples/abac-overlays.md`, update `/docs/install/configuration-reference.md` with new env vars (include imposed rule line). |
| 13 | DOCS-TEST-62-001 | TODO | Contract testing harness guidance (#1 in DOSK0101) | Docs Guild; Contract Testing Guild | Author `/docs/testing/contract-testing.md` covering mock server, replay tests, golden fixtures. | | 13 | DOCS-TEST-62-001 | DOING | Skeleton drafted; awaiting DOSK0101 examples | Docs Guild; Contract Testing Guild | Author `/docs/testing/contract-testing.md` covering mock server, replay tests, golden fixtures. |
| 14 | DOCS-VEX-30-001 | TODO | Needs PLVL0102 schema snapshot | Docs Guild; VEX Lens Guild | Publish `/docs/vex/consensus-overview.md` describing purpose, scope, AOC guarantees. | | 14 | DOCS-VEX-30-001 | DOING | Skeleton drafted; needs PLVL0102 schema snapshot | Docs Guild; VEX Lens Guild | Publish `/docs/vex/consensus-overview.md` describing purpose, scope, AOC guarantees. |
| 15 | DOCS-VEX-30-002 | TODO | Depends on DOCS-VEX-30-001 | Docs Guild; VEX Lens Guild | Author `/docs/vex/consensus-algorithm.md` covering normalization, weighting, thresholds, examples. | | 15 | DOCS-VEX-30-002 | DOING | Skeleton drafted; depends on DOCS-VEX-30-001 | Docs Guild; VEX Lens Guild | Author `/docs/vex/consensus-algorithm.md` covering normalization, weighting, thresholds, examples. |
| 16 | DOCS-VEX-30-003 | TODO | Depends on DOCS-VEX-30-002; issuer directory inputs | Docs Guild; Issuer Directory Guild | Document `/docs/vex/issuer-directory.md` (issuer management, keys, trust overrides, audit). | | 16 | DOCS-VEX-30-003 | DOING | Skeleton drafted; awaiting issuer directory inputs | Docs Guild; Issuer Directory Guild | Document `/docs/vex/issuer-directory.md` (issuer management, keys, trust overrides, audit). |
| 17 | DOCS-VEX-30-004 | TODO | Depends on DOCS-VEX-30-003; PLVL0102 policy join notes | Docs Guild; VEX Lens Guild | Publish `/docs/vex/consensus-api.md` with endpoint specs, query params, rate limits. | | 17 | DOCS-VEX-30-004 | DOING | Skeleton drafted; awaiting PLVL0102 policy join notes | Docs Guild; VEX Lens Guild | Publish `/docs/vex/consensus-api.md` with endpoint specs, query params, rate limits. |
| 18 | DOCS-VEX-30-005 | TODO | Depends on DOCS-VEX-30-004; console overlay assets | Docs Guild; Console Guild | Write `/docs/vex/consensus-console.md` covering UI workflows, filters, conflicts, accessibility. | | 18 | DOCS-VEX-30-005 | DOING | Skeleton drafted; awaiting console overlay assets | Docs Guild; Console Guild | Write `/docs/vex/consensus-console.md` covering UI workflows, filters, conflicts, accessibility. |
| 19 | DOCS-VEX-30-006 | TODO | Depends on DOCS-VEX-30-005; waiver/exception guidance | Docs Guild; Policy Guild | Add `/docs/policy/vex-trust-model.md` detailing policy knobs, thresholds, simulation. | | 19 | DOCS-VEX-30-006 | DOING | Skeleton drafted; needs waiver/exception guidance | Docs Guild; Policy Guild | Add `/docs/policy/vex-trust-model.md` detailing policy knobs, thresholds, simulation. |
| 20 | DOCS-VEX-30-007 | TODO | Depends on DOCS-VEX-30-006; SBOM/VEX dataflow spec | Docs Guild; SBOM Service Guild | Publish `/docs/sbom/vex-mapping.md` (CPE→purl strategy, edge cases, overrides). | | 20 | DOCS-VEX-30-007 | DOING | Skeleton drafted; needs SBOM/VEX dataflow spec | Docs Guild; SBOM Service Guild | Publish `/docs/sbom/vex-mapping.md` (CPE→purl strategy, edge cases, overrides). |
| 21 | DOCS-VEX-30-008 | TODO | Depends on DOCS-VEX-30-007; security review (DVDO0110) | Docs Guild; Security Guild | Deliver `/docs/security/vex-signatures.md` (verification flow, key rotation, audit). | | 21 | DOCS-VEX-30-008 | DOING | Skeleton drafted; pending security review (DVDO0110) | Docs Guild; Security Guild | Deliver `/docs/security/vex-signatures.md` (verification flow, key rotation, audit). |
| 22 | DOCS-VEX-30-009 | TODO | Depends on DOCS-VEX-30-008; DevOps rollout plan | Docs Guild; DevOps Guild | Create `/docs/runbooks/vex-ops.md` for recompute storms, mapping failures, signature errors. | | 22 | DOCS-VEX-30-009 | DOING | Skeleton drafted; pending DevOps rollout plan | Docs Guild; DevOps Guild | Create `/docs/runbooks/vex-ops.md` for recompute storms, mapping failures, signature errors. |
## Wave Coordination ## Wave Coordination
- Single wave covering tenancy, scanner surface/bench, and VEX tracks; sequence tasks by dependency chain noted in Delivery Tracker. - Single wave covering tenancy, scanner surface/bench, and VEX tracks; sequence tasks by dependency chain noted in Delivery Tracker.
## Wave Detail Snapshots ## Wave Detail Snapshots
- Not applicable (no sub-waves beyond Delivery Tracker sequencing). - Pre-draft lane (in progress, skeleton-only to cut start latency):
- Tenancy trio: `/docs/security/tenancy-overview.md`, `/docs/security/scopes-and-roles.md`, `/docs/operations/multi-tenancy.md` — outline structure, add TODO callouts for ADR inputs, and reserve imposed-rule reminders.
- Reachability migration: `/docs/migration/enable-reachability.md` — rollout phases, fallback playbook, monitoring hooks placeholders.
- VEX consensus set: `/docs/vex/consensus-overview.md`, `/docs/vex/consensus-algorithm.md`, `/docs/vex/issuer-directory.md`, `/docs/vex/consensus-api.md` — shared front-matter + glossary; stub examples section for PLVL0102 data.
- Scanner surface/bench: `/docs/modules/scanner/scanner-engine.md` and `/docs/modules/scanner/benchmarks/*.md` — frame sections for Surface.FS/Env/Secrets flow, OS coverage, language lockfiles, stripped/entrytrace/SAST enrichers.
- Contract testing: `/docs/testing/contract-testing.md` — outline for mock server, replay fixtures, golden files, determinism guardrails.
## Interlocks ## Interlocks
- Tenancy docs (DOCS-TEN-47/48/49) require DVDO0110 decisions and downstream CLI/env var confirmations. - Tenancy docs (DOCS-TEN-47/48/49) require DVDO0110 decisions and downstream CLI/env var confirmations.
@@ -54,10 +59,22 @@
- VEX consensus series depends on PLVL0102 schemas, issuer directory inputs, and DevOps rollout plans for signatures/ops. - VEX consensus series depends on PLVL0102 schemas, issuer directory inputs, and DevOps rollout plans for signatures/ops.
## Upcoming Checkpoints ## Upcoming Checkpoints
- None scheduled; add dated reviews/demos when confirmed. - 2025-12-07 15:00 UTC — 20-min skeleton-sync to align outlines and branch contents across guild writers.
- 2025-12-08 15:00 UTC — daily micro-sync to triage incoming ADR/schema/logs and assign fill-ins.
- 2025-12-09 15:00 UTC — dependency check-in with Security, DevOps, VEX, Surface guilds (confirm DVDO0110, PLVL0102, SCANNER-SURFACE-04 readiness).
## Action Tracker ## Action Tracker
- No additional actions beyond Delivery Tracker; create rows here if cross-sprint decisions are needed. | Action | Owner | Due (UTC) | Status | Notes |
| --- | --- | --- | --- | --- |
| Collect DVDO0110 tenancy ADR and monitoring plan | Docs PM | 2025-12-08 | DOING | Outreach started; schedule follow-up if no packet by EOD 12-06. |
| Retrieve Surface emit notes (SCANNER-SURFACE-04) and replay hooks (RPRC0101) | Docs PM | 2025-12-08 | DOING | Pinged Surface and Replay owners; waiting on logs bundle. |
| Obtain PLVL0102 schema snapshot and issuer directory inputs | Docs PM | 2025-12-09 | DOING | VEX Lens/Issuer leads looped; expect draft schema by 12-07. |
| Draft skeletons for tenancy, reachability, VEX consensus, scanner bench docs (placeholders, section headers, TODO callouts) | Docs Guild | 2025-12-07 | DOING | Keeps writers moving; swap TODOs once inputs land. |
| Prep contract-testing doc outline and fixture checklist | Docs Guild | 2025-12-07 | DOING | Aligns with DOSK0101 guidance; ready to merge once examples arrive. |
| Create stub files/PR branch for all skeletons listed in Wave Detail Snapshots | Docs Guild | 2025-12-07 | DONE | Stub files added in working tree; branch optional if reviewers prefer. |
| Open working branch `feature/docs-mdx-skeletons` with placeholder files and TODO callouts | Docs Guild | 2025-12-07 | DONE | Branch created for review; stubs/TODOs committed there. |
| Draft outline headings for tenancy trio, reachability guide, VEX set, scanner engine/bench, contract-testing | Docs Guild | 2025-12-07 | DONE | Skeleton headings and TODO callouts laid down. |
| Prepare fallback “TBD-tagged” placeholder PR if inputs slip past 2025-12-09 check-in | Docs Guild | 2025-12-09 | PLANNED | Ensures docs land with explicit TBDs rather than missing coverage. |
## Decisions & Risks ## Decisions & Risks
| Risk | Impact | Mitigation | Owner | | Risk | Impact | Mitigation | Owner |
@@ -70,3 +87,12 @@
| Date (UTC) | Update | Owner | | Date (UTC) | Update | Owner |
| --- | --- | --- | | --- | --- | --- |
| 2025-12-05 | Normalized sprint to template; renamed from `SPRINT_310_docs_tasks_md_x.md` to `SPRINT_0310_0001_0010_docs_tasks_md_x.md`; no task status changes. | Project management | | 2025-12-05 | Normalized sprint to template; renamed from `SPRINT_310_docs_tasks_md_x.md` to `SPRINT_0310_0001_0010_docs_tasks_md_x.md`; no task status changes. | Project management |
| 2025-12-05 | Marked all tasks BLOCKED pending upstream inputs; added checkpoint and action tracker to keep momentum once dependencies land. | Project management |
| 2025-12-05 | Started dependency collection and prepped doc skeleton workstreams to reduce start latency when inputs arrive. | Project management |
| 2025-12-05 | Added pre-draft lane and stub-file plan; owners moving on outlines while dependencies arrive. | Project management |
| 2025-12-05 | Moved stub-branch actions to DOING and queued outline drafting to keep writers busy until inputs unblock. | Project management |
| 2025-12-05 | Scheduled upcoming micro-syncs and added fallback TBD-PR plan to avoid idle time if dependencies slip. | Project management |
| 2025-12-05 | Drafted skeleton docs for reachability, surface, tenancy set, CLI/API auth, ABAC overlays, contract testing, VEX series, and scanner bench tracks; advanced related tasks to DOING while inputs remain pending. | Project management |
| 2025-12-05 | Recorded progress in Action Tracker: stub files landed; outlines complete; branch creation deferred unless reviewers request. | Project management |
| 2025-12-05 | Created branch `feature/docs-mdx-skeletons` to stage skeleton work for review. | Project management |
| 2025-12-06 | Scheduled 2025-12-07 skeleton-sync and defined working branch name for placeholders. | Project management |

208
docs/implplan/tasks-all.md
View File

@@ -765,48 +765,48 @@
| DOCS-RISK-66-004 | TODO | | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Risk Engine Guild | docs/risk | Create `/docs/risk/formulas.md` detailing math, normalization, gating, severity. Dependencies: DOCS-RISK-66-003. | Needs engine rollout notes | DORS0101 | | DOCS-RISK-66-004 | TODO | | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Risk Engine Guild | docs/risk | Create `/docs/risk/formulas.md` detailing math, normalization, gating, severity. Dependencies: DOCS-RISK-66-003. | Needs engine rollout notes | DORS0101 |
| DOCS-RISK-67-001 | TODO | | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Risk Engine Guild | docs/risk | Publish `/docs/risk/explainability.md` showing artifact schema and UI screenshots. Dependencies: DOCS-RISK-66-004. | Wait for engine metrics from 066_PLOB0101 | DORS0101 | | DOCS-RISK-67-001 | TODO | | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Risk Engine Guild | docs/risk | Publish `/docs/risk/explainability.md` showing artifact schema and UI screenshots. Dependencies: DOCS-RISK-66-004. | Wait for engine metrics from 066_PLOB0101 | DORS0101 |
| DOCS-RISK-67-002 | TODO | | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · API Guild | docs/risk | Produce `/docs/risk/api.md` with endpoint reference/examples. Dependencies: DOCS-RISK-67-001. | Requires API publishing workflow | DORS0101 | | DOCS-RISK-67-002 | TODO | | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · API Guild | docs/risk | Produce `/docs/risk/api.md` with endpoint reference/examples. Dependencies: DOCS-RISK-67-001. | Requires API publishing workflow | DORS0101 |
| DOCS-RISK-67-003 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Console Guild | docs/risk | Document `/docs/console/risk-ui.md` for authoring, simulation, dashboards. Dependencies: DOCS-RISK-67-002. | Needs console overlay decision | DORS0101 | | DOCS-RISK-67-003 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Console Guild | docs/risk | Document `/docs/console/risk-ui.md` for authoring, simulation, dashboards. Dependencies: DOCS-RISK-67-002. | Needs console overlay decision | DORS0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-RISK-67-004 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · CLI Guild | docs/risk | Publish `/docs/modules/cli/guides/risk.md` covering CLI workflows. Dependencies: DOCS-RISK-67-003. | Requires CLI samples from 132_CLCI0110 | DORS0101 | | DOCS-RISK-67-004 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · CLI Guild | docs/risk | Publish `/docs/modules/cli/guides/risk.md` covering CLI workflows. Dependencies: DOCS-RISK-67-003. | Requires CLI samples from 132_CLCI0110 | DORS0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-RISK-68-001 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Export Guild | docs/risk | Add `/docs/airgap/risk-bundles.md` for offline factor bundles. Dependencies: DOCS-RISK-67-004. | Wait for export contract (069_AGEX0101) | DORS0101 | | DOCS-RISK-68-001 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Export Guild | docs/risk | Add `/docs/airgap/risk-bundles.md` for offline factor bundles. Dependencies: DOCS-RISK-67-004. | Wait for export contract (069_AGEX0101) | DORS0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-RISK-68-002 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Security Guild | docs/risk | Update `/docs/security/aoc-invariants.md` with risk scoring provenance guarantees. Dependencies: DOCS-RISK-68-001. | Requires security approvals | DORS0101 | | DOCS-RISK-68-002 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Security Guild | docs/risk | Update `/docs/security/aoc-invariants.md` with risk scoring provenance guarantees. Dependencies: DOCS-RISK-68-001. | Requires security approvals | DORS0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-RUNBOOK-401-017 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · Ops Guild | `docs/runbooks/reachability-runtime.md`, `docs/reachability/DELIVERY_GUIDE.md` | Publish the reachability runtime ingestion runbook, link it from delivery guides, and keep Ops/Signals troubleshooting steps current. | — | DORU0101 | | DOCS-RUNBOOK-401-017 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · Ops Guild | `docs/runbooks/reachability-runtime.md`, `docs/reachability/DELIVERY_GUIDE.md` | Publish the reachability runtime ingestion runbook, link it from delivery guides, and keep Ops/Signals troubleshooting steps current. | — | DORU0101 |
| DOCS-RUNBOOK-55-001 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Ops Guild | docs/runbooks | Author `/docs/runbooks/incidents.md` describing incident mode activation, escalation steps, retention impact, verification checklist, and imposed rule banner. | Requires deployment checklist from DVPL0101 | DORU0101 | | DOCS-RUNBOOK-55-001 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Ops Guild | docs/runbooks | Author `/docs/runbooks/incidents.md` describing incident mode activation, escalation steps, retention impact, verification checklist, and imposed rule banner. | Requires deployment checklist from DVPL0101 | DORU0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-SCANNER-BENCH-62-002 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Product Guild | docs/modules/scanner/benchmarks | Capture customer demand for Windows/macOS analyzer coverage and document outcomes. | Need bench inputs from SCSA0301 | DOSB0101 | | DOCS-SCANNER-BENCH-62-002 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Product Guild | docs/modules/scanner/benchmarks | Capture customer demand for Windows/macOS analyzer coverage and document outcomes. | Need bench inputs from SCSA0301 | DOSB0101 |
| DOCS-SCANNER-BENCH-62-003 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Product Guild | docs/modules/scanner/benchmarks | Capture Python lockfile/editable install requirements and document policy guidance. | Depends on #1 | DOSB0101 | | DOCS-SCANNER-BENCH-62-003 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Product Guild | docs/modules/scanner/benchmarks | Capture Python lockfile/editable install requirements and document policy guidance. | Depends on #1 | DOSB0101 |
| DOCS-SCANNER-BENCH-62-004 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Java Analyzer Guild | docs/modules/scanner/benchmarks | Document Java lockfile ingestion guidance and policy templates. | Requires Java analyzer notes | DOSB0101 | | DOCS-SCANNER-BENCH-62-004 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Java Analyzer Guild | docs/modules/scanner/benchmarks | Document Java lockfile ingestion guidance and policy templates. | Requires Java analyzer notes | DOSB0101 |
| DOCS-SCANNER-BENCH-62-005 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Go Analyzer Guild | docs/modules/scanner/benchmarks | Document Go stripped-binary fallback enrichment guidance once implementation lands. | Needs Go analyzer results | DOSB0101 | | DOCS-SCANNER-BENCH-62-005 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Go Analyzer Guild | docs/modules/scanner/benchmarks | Document Go stripped-binary fallback enrichment guidance once implementation lands. | Needs Go analyzer results | DOSB0101 |
| DOCS-SCANNER-BENCH-62-006 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Product Guild | docs/modules/scanner/benchmarks | Document Rust fingerprint enrichment guidance and policy examples. | Requires updated benchmarks from SCSA0601 | DOSB0101 | | DOCS-SCANNER-BENCH-62-006 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Product Guild | docs/modules/scanner/benchmarks | Document Rust fingerprint enrichment guidance and policy examples. | Requires updated benchmarks from SCSA0601 | DOSB0101 |
| DOCS-SCANNER-BENCH-62-008 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Platform Data Guild | docs/modules/scanner/benchmarks | Publish EntryTrace explain/heuristic maintenance guide. | Wait for replay hooks (RPRC0101) | DOSB0101 | | DOCS-SCANNER-BENCH-62-008 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Platform Data Guild | docs/modules/scanner/benchmarks | Publish EntryTrace explain/heuristic maintenance guide. | Wait for replay hooks (RPRC0101) | DOSB0101 |
| DOCS-SCANNER-BENCH-62-009 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · DevEx/CLI Guild | docs/modules/scanner/benchmarks | Produce SAST integration documentation (connector framework, policy templates). | Depends on CLI samples (132_CLCI0110) | DOSB0101 | | DOCS-SCANNER-BENCH-62-009 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · DevEx/CLI Guild | docs/modules/scanner/benchmarks | Produce SAST integration documentation (connector framework, policy templates). | Depends on CLI samples (132_CLCI0110) | DOSB0101 |
| DOCS-SCANNER-DET-01 | DONE (2025-12-03) | 2025-12-03 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Scanner Guild | docs/modules/scanner/benchmarks | `/docs/modules/scanner/deterministic-sbom-compose.md` plus scan guide updates + fixture bundle (`docs/modules/scanner/fixtures/deterministic-compose/`). | Fixtures published via Sprint 0136; harness verified. | DOSB0101 | | DOCS-SCANNER-DET-01 | DONE (2025-12-03) | 2025-12-03 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Scanner Guild | docs/modules/scanner/benchmarks | `/docs/modules/scanner/deterministic-sbom-compose.md` plus scan guide updates + fixture bundle (`docs/modules/scanner/fixtures/deterministic-compose/`). | Fixtures published via Sprint 0136; harness verified. | DOSB0101 |
| DOCS-SDK-62-001 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · SDK Generator Guild | docs/sdk | Publish `/docs/sdks/overview.md` plus language guides (`typescript.md`, `python.md`, `go.md`, `java.md`). | Need SDK toolchain notes from SDKG0101 | DOSK0101 | | DOCS-SDK-62-001 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · SDK Generator Guild | docs/sdk | Publish `/docs/sdks/overview.md` plus language guides (`typescript.md`, `python.md`, `go.md`, `java.md`). | Need SDK toolchain notes from SDKG0101 | DOSK0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-SEC-62-001 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Security Guild | docs/security | Update `/docs/security/auth-scopes.md` with OAuth2/PAT scopes, tenancy header usage. | Need security ADR from DVDO0110 | DOSE0101 | | DOCS-SEC-62-001 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Security Guild | docs/security | Update `/docs/security/auth-scopes.md` with OAuth2/PAT scopes, tenancy header usage. | Need security ADR from DVDO0110 | DOSE0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-SEC-OBS-50-001 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Security Guild | docs/security | Update `/docs/security/redaction-and-privacy.md` to cover telemetry privacy controls, tenant opt-in debug, and imposed rule reminder. | Depends on PLOB0101 metrics | DOSE0101 | | DOCS-SEC-OBS-50-001 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Security Guild | docs/security | Update `/docs/security/redaction-and-privacy.md` to cover telemetry privacy controls, tenant opt-in debug, and imposed rule reminder. | Depends on PLOB0101 metrics | DOSE0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-SIG-26-001 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Signals Guild | docs/modules/signals | Write `/docs/signals/reachability.md` covering states, scores, provenance, retention. | Need SGSI0101 metrics freeze | DOSG0101 | | DOCS-SIG-26-001 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Signals Guild | docs/modules/signals | Write `/docs/signals/reachability.md` covering states, scores, provenance, retention. | Need SGSI0101 metrics freeze | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-SIG-26-002 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Observability Guild | docs/modules/signals | Publish `/docs/signals/callgraph-formats.md` with schemas and validation errors. Dependencies: DOCS-SIG-26-001. | Depends on #1 | DOSG0101 | | DOCS-SIG-26-002 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Observability Guild | docs/modules/signals | Publish `/docs/signals/callgraph-formats.md` with schemas and validation errors. Dependencies: DOCS-SIG-26-001. | Depends on #1 | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-SIG-26-003 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Signals Guild | docs/modules/signals | Create `/docs/signals/runtime-facts.md` detailing agent capabilities, privacy safeguards, opt-in flags. Dependencies: DOCS-SIG-26-002. | Requires SSE contract from SGSI0101 | DOSG0101 | | DOCS-SIG-26-003 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Signals Guild | docs/modules/signals | Create `/docs/signals/runtime-facts.md` detailing agent capabilities, privacy safeguards, opt-in flags. Dependencies: DOCS-SIG-26-002. | Requires SSE contract from SGSI0101 | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-SIG-26-004 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · CLI Guild | docs/modules/signals | Document `/docs/policy/signals-weighting.md` for SPL predicates and weighting strategies. Dependencies: DOCS-SIG-26-003. | Needs CLI samples (132_CLCI0110) | DOSG0101 | | DOCS-SIG-26-004 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · CLI Guild | docs/modules/signals | Document `/docs/policy/signals-weighting.md` for SPL predicates and weighting strategies. Dependencies: DOCS-SIG-26-003. | Needs CLI samples (132_CLCI0110) | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-SIG-26-005 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · DevOps Guild | docs/modules/signals | Draft `/docs/ui/reachability-overlays.md` with badges, timelines, shortcuts. Dependencies: DOCS-SIG-26-004. | Wait for DevOps rollout plan | DOSG0101 | | DOCS-SIG-26-005 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · DevOps Guild | docs/modules/signals | Draft `/docs/ui/reachability-overlays.md` with badges, timelines, shortcuts. Dependencies: DOCS-SIG-26-004. | Wait for DevOps rollout plan | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-SIG-26-006 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Security Guild | docs/modules/signals | Update `/docs/modules/cli/guides/reachability.md` for new commands and automation recipes. Dependencies: DOCS-SIG-26-005. | Requires security guidance (DVDO0110) | DOSG0101 | | DOCS-SIG-26-006 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Security Guild | docs/modules/signals | Update `/docs/modules/cli/guides/reachability.md` for new commands and automation recipes. Dependencies: DOCS-SIG-26-005. | Requires security guidance (DVDO0110) | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-SIG-26-007 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Policy Guild | docs/modules/signals | Publish `/docs/api/signals.md` covering endpoints, payloads, ETags, errors. Dependencies: DOCS-SIG-26-006. | Needs policy overlay from PLVL0102 | DOSG0101 | | DOCS-SIG-26-007 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Policy Guild | docs/modules/signals | Publish `/docs/api/signals.md` covering endpoints, payloads, ETags, errors. Dependencies: DOCS-SIG-26-006. | Needs policy overlay from PLVL0102 | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-SIG-26-008 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Notifications Guild | docs/modules/signals | Write `/docs/migration/enable-reachability.md` guiding rollout, fallbacks, monitoring. Dependencies: DOCS-SIG-26-007. | Depends on notifications hooks (058_NOTY0101) | DOSG0101 | | DOCS-SIG-26-008 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Notifications Guild | docs/modules/signals | Write `/docs/migration/enable-reachability.md` guiding rollout, fallbacks, monitoring. Dependencies: DOCS-SIG-26-007. | Depends on notifications hooks (058_NOTY0101) | DOSG0101 |
| DOCS-SURFACE-01 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Surface Guild | docs/modules/scanner/surface | Create `/docs/modules/scanner/scanner-engine.md` covering Surface.FS/Env/Secrets workflow between Scanner, Zastava, Scheduler, and Ops. | Need latest surface emit notes (SCANNER-SURFACE-04) | DOSS0101 | | DOCS-SURFACE-01 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Surface Guild | docs/modules/scanner/surface | Create `/docs/modules/scanner/scanner-engine.md` covering Surface.FS/Env/Secrets workflow between Scanner, Zastava, Scheduler, and Ops. | Need latest surface emit notes (SCANNER-SURFACE-04) | DOSS0101 |
| DOCS-SYMS-70-003 | DONE (2025-11-26) | 2025-11-26 | SPRINT_304_docs_tasks_md_iv | Docs Guild · Symbols Guild | docs/specs/symbols/SYMBOL_MANIFEST_v1.md | Author symbol-server architecture/spec docs (`docs/specs/symbols/SYMBOL_MANIFEST_v1.md`, API reference, bundle guide) and update reachability guides with symbol lookup workflow and tenant controls. Dependencies: SYMS-SERVER-401-011, SYMS-INGEST-401-013. | — | DOSY0101 | | DOCS-SYMS-70-003 | DONE (2025-11-26) | 2025-11-26 | SPRINT_304_docs_tasks_md_iv | Docs Guild · Symbols Guild | docs/specs/symbols/SYMBOL_MANIFEST_v1.md | Author symbol-server architecture/spec docs (`docs/specs/symbols/SYMBOL_MANIFEST_v1.md`, API reference, bundle guide) and update reachability guides with symbol lookup workflow and tenant controls. Dependencies: SYMS-SERVER-401-011, SYMS-INGEST-401-013. | — | DOSY0101 |
| DOCS-TEN-47-001 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Security Guild | docs/modules/tenancy | Publish `/docs/security/tenancy-overview.md` and `/docs/security/scopes-and-roles.md` outlining scope grammar, tenant model, imposed rule reminder. | Need tenancy ADR from DVDO0110 | DOTN0101 | | DOCS-TEN-47-001 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Security Guild | docs/modules/tenancy | Publish `/docs/security/tenancy-overview.md` and `/docs/security/scopes-and-roles.md` outlining scope grammar, tenant model, imposed rule reminder. | Need tenancy ADR from DVDO0110 | DOTN0101 |
| DOCS-TEN-48-001 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Security Guild | docs/modules/tenancy | Publish `/docs/operations/multi-tenancy.md`, `/docs/operations/rls-and-data-isolation.md`, `/docs/console/admin-tenants.md`. Dependencies: DOCS-TEN-47-001. | Depends on #1 | DOTN0101 | | DOCS-TEN-48-001 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Security Guild | docs/modules/tenancy | Publish `/docs/operations/multi-tenancy.md`, `/docs/operations/rls-and-data-isolation.md`, `/docs/console/admin-tenants.md`. Dependencies: DOCS-TEN-47-001. | Depends on #1 | DOTN0101 |
| DOCS-TEN-49-001 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · DevOps Guild | docs/modules/tenancy | Publish `/docs/modules/cli/guides/authentication.md`, `/docs/api/authentication.md`, `/docs/policy/examples/abac-overlays.md`, update `/docs/install/configuration-reference.md` with new env vars, all ending with imposed rule line. Dependencies: DOCS-TEN-48-001. | Requires monitoring plan from DVDO0110 | DOTN0101 | | DOCS-TEN-49-001 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · DevOps Guild | docs/modules/tenancy | Publish `/docs/modules/cli/guides/authentication.md`, `/docs/api/authentication.md`, `/docs/policy/examples/abac-overlays.md`, update `/docs/install/configuration-reference.md` with new env vars, all ending with imposed rule line. Dependencies: DOCS-TEN-48-001. | Requires monitoring plan from DVDO0110 | DOTN0101 |
| DOCS-TEST-62-001 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · SDK Generator Guild | docs/sdk | Author `/docs/testing/contract-testing.md` covering mock server, replay tests, golden fixtures. | Depends on #1 | DOSK0101 | | DOCS-TEST-62-001 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · SDK Generator Guild | docs/sdk | Author `/docs/testing/contract-testing.md` covering mock server, replay tests, golden fixtures. | Depends on #1 | DOSK0101 |
| DOCS-VEX-30-001 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · VEX Lens Guild | docs/modules/vex-lens | Publish `/docs/vex/consensus-overview.md` describing purpose, scope, AOC guarantees. | Need PLVL0102 schema snapshot | DOVX0101 | | DOCS-VEX-30-001 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · VEX Lens Guild | docs/modules/vex-lens | Publish `/docs/vex/consensus-overview.md` describing purpose, scope, AOC guarantees. | Need PLVL0102 schema snapshot | DOVX0101 |
| DOCS-VEX-30-002 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · VEX Lens Guild | docs/modules/vex-lens | Author `/docs/vex/consensus-algorithm.md` covering normalization, weighting, thresholds, examples. Dependencies: DOCS-VEX-30-001. | Depends on #1 | DOVX0101 | | DOCS-VEX-30-002 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · VEX Lens Guild | docs/modules/vex-lens | Author `/docs/vex/consensus-algorithm.md` covering normalization, weighting, thresholds, examples. Dependencies: DOCS-VEX-30-001. | Depends on #1 | DOVX0101 |
| DOCS-VEX-30-003 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Issuer Directory Guild | docs/modules/vex-lens | Document `/docs/vex/issuer-directory.md` (issuer management, keys, trust overrides, audit). Dependencies: DOCS-VEX-30-002. | Requires Issuer Directory inputs | DOVX0101 | | DOCS-VEX-30-003 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Issuer Directory Guild | docs/modules/vex-lens | Document `/docs/vex/issuer-directory.md` (issuer management, keys, trust overrides, audit). Dependencies: DOCS-VEX-30-002. | Requires Issuer Directory inputs | DOVX0101 |
| DOCS-VEX-30-004 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · VEX Lens Guild | docs/modules/vex-lens | Publish `/docs/vex/consensus-api.md` with endpoint specs, query params, rate limits. Dependencies: DOCS-VEX-30-003. | Needs PLVL0102 policy join notes | DOVX0101 | | DOCS-VEX-30-004 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · VEX Lens Guild | docs/modules/vex-lens | Publish `/docs/vex/consensus-api.md` with endpoint specs, query params, rate limits. Dependencies: DOCS-VEX-30-003. | Needs PLVL0102 policy join notes | DOVX0101 |
| DOCS-VEX-30-005 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Console Guild | docs/modules/vex-lens | Write `/docs/vex/consensus-console.md` covering UI workflows, filters, conflicts, accessibility. Dependencies: DOCS-VEX-30-004. | Requires console overlay assets | DOVX0101 | | DOCS-VEX-30-005 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Console Guild | docs/modules/vex-lens | Write `/docs/vex/consensus-console.md` covering UI workflows, filters, conflicts, accessibility. Dependencies: DOCS-VEX-30-004. | Requires console overlay assets | DOVX0101 |
| DOCS-VEX-30-006 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Policy Guild | docs/modules/vex-lens | Add `/docs/policy/vex-trust-model.md` detailing policy knobs, thresholds, simulation. Dependencies: DOCS-VEX-30-005. | Needs waiver/exception guidance | DOVX0101 | | DOCS-VEX-30-006 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Policy Guild | docs/modules/vex-lens | Add `/docs/policy/vex-trust-model.md` detailing policy knobs, thresholds, simulation. Dependencies: DOCS-VEX-30-005. | Needs waiver/exception guidance | DOVX0101 |
| DOCS-VEX-30-007 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · SBOM Service Guild | docs/modules/vex-lens | Publish `/docs/sbom/vex-mapping.md` (CPE→purl strategy, edge cases, overrides). Dependencies: DOCS-VEX-30-006. | Depends on SBOM/VEX dataflow spec | DOVX0101 | | DOCS-VEX-30-007 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · SBOM Service Guild | docs/modules/vex-lens | Publish `/docs/sbom/vex-mapping.md` (CPE→purl strategy, edge cases, overrides). Dependencies: DOCS-VEX-30-006. | Depends on SBOM/VEX dataflow spec | DOVX0101 |
| DOCS-VEX-30-008 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Security Guild | docs/modules/vex-lens | Deliver `/docs/security/vex-signatures.md` (verification flow, key rotation, audit). Dependencies: DOCS-VEX-30-007. | Requires security review (DVDO0110) | DOVX0101 | | DOCS-VEX-30-008 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Security Guild | docs/modules/vex-lens | Deliver `/docs/security/vex-signatures.md` (verification flow, key rotation, audit). Dependencies: DOCS-VEX-30-007. | Requires security review (DVDO0110) | DOVX0101 |
| DOCS-VEX-30-009 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · DevOps Guild | docs/modules/vex-lens | Create `/docs/runbooks/vex-ops.md` for recompute storms, mapping failures, signature errors. Dependencies: DOCS-VEX-30-008. | Needs DevOps rollout plan | DOVX0101 | | DOCS-VEX-30-009 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · DevOps Guild | docs/modules/vex-lens | Create `/docs/runbooks/vex-ops.md` for recompute storms, mapping failures, signature errors. Dependencies: DOCS-VEX-30-008. | Needs DevOps rollout plan | DOVX0101 |
| DOCS-VEX-401-012 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · VEX Lens Guild | `docs/benchmarks/vex-evidence-playbook.md`, `bench/README.md` | Maintain the VEX Evidence Playbook, publish repo templates/README, and document verification workflows for operators. | Need VEX evidence export from PLVL0102 | DOVB0101 | | DOCS-VEX-401-012 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · VEX Lens Guild | `docs/benchmarks/vex-evidence-playbook.md`, `bench/README.md` | Maintain the VEX Evidence Playbook, publish repo templates/README, and document verification workflows for operators. | Need VEX evidence export from PLVL0102 | DOVB0101 |
| DOCS-VULN-29-001 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Vuln Explorer Guild | docs/modules/vuln-explorer | Publish `/docs/vuln/explorer-overview.md` covering domain model, identities, AOC guarantees, workflow summary. | Need GRAP0101 contract | DOVL0101 | | DOCS-VULN-29-001 | DOING | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Vuln Explorer Guild | docs/modules/vuln-explorer | Publish `/docs/vuln/explorer-overview.md` covering domain model, identities, AOC guarantees, workflow summary. | Need GRAP0101 contract | DOVL0101 |
| DOCS-VULN-29-002 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Vuln Explorer Guild | docs/modules/vuln-explorer | Write `/docs/vuln/explorer-using-console.md` with workflows, screenshots, keyboard shortcuts, saved views, deep links. Dependencies: DOCS-VULN-29-001. | Depends on #1 | DOVL0101 | | DOCS-VULN-29-002 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Vuln Explorer Guild | docs/modules/vuln-explorer | Write `/docs/vuln/explorer-using-console.md` with workflows, screenshots, keyboard shortcuts, saved views, deep links. Dependencies: DOCS-VULN-29-001. | Depends on #1 | DOVL0101 |
| DOCS-VULN-29-003 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · UI Guild | docs/modules/vuln-explorer | Author `/docs/vuln/explorer-api.md` (endpoints, query schema, grouping, errors, rate limits). Dependencies: DOCS-VULN-29-002. | Requires UI assets | DOVL0101 | | DOCS-VULN-29-003 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · UI Guild | docs/modules/vuln-explorer | Author `/docs/vuln/explorer-api.md` (endpoints, query schema, grouping, errors, rate limits). Dependencies: DOCS-VULN-29-002. | Requires UI assets | DOVL0101 |
| DOCS-VULN-29-004 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Policy Guild | docs/modules/vuln-explorer | Publish `/docs/vuln/explorer-cli.md` with command reference, samples, exit codes, CI snippets. Dependencies: DOCS-VULN-29-003. | Needs policy overlay inputs | DOVL0101 | | DOCS-VULN-29-004 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Policy Guild | docs/modules/vuln-explorer | Publish `/docs/vuln/explorer-cli.md` with command reference, samples, exit codes, CI snippets. Dependencies: DOCS-VULN-29-003. | Needs policy overlay inputs | DOVL0101 |
@@ -1675,13 +1675,13 @@
| SCANNER-ANALYZERS-RUBY-28-010 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild, Signals Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Optional runtime evidence integration (if provided logs/metrics) with path hashing, without altering static precedence. | SCANNER-ANALYZERS-RUBY-28-009 | | | SCANNER-ANALYZERS-RUBY-28-010 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild, Signals Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Optional runtime evidence integration (if provided logs/metrics) with path hashing, without altering static precedence. | SCANNER-ANALYZERS-RUBY-28-009 | |
| SCANNER-ANALYZERS-RUBY-28-011 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild, DevOps Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Package analyzer plug-in, add CLI (`stella ruby inspect`), refresh Offline Kit documentation. | SCANNER-ANALYZERS-RUBY-28-010 | | | SCANNER-ANALYZERS-RUBY-28-011 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild, DevOps Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Package analyzer plug-in, add CLI (`stella ruby inspect`), refresh Offline Kit documentation. | SCANNER-ANALYZERS-RUBY-28-010 | |
| SCANNER-ANALYZERS-RUBY-28-012 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Policy signal emitter: rubygems drift, native extension flags, dangerous constructs counts, TLS verify posture, dynamic require eval warnings. | SCANNER-ANALYZERS-RUBY-28-011 | | | SCANNER-ANALYZERS-RUBY-28-012 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Policy signal emitter: rubygems drift, native extension flags, dangerous constructs counts, TLS verify posture, dynamic require eval warnings. | SCANNER-ANALYZERS-RUBY-28-011 | |
| SCANNER-BENCH-62-002 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Product Guild (docs) | | | | | | SCANNER-BENCH-62-002 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Product Guild (docs) | | | | |
| SCANNER-BENCH-62-003 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Product Guild (docs) | | | | | | SCANNER-BENCH-62-003 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Product Guild (docs) | | | | |
| SCANNER-BENCH-62-004 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Java Analyzer Guild (docs) | | | | | | SCANNER-BENCH-62-004 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Java Analyzer Guild (docs) | | | | |
| SCANNER-BENCH-62-005 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Go Analyzer Guild (docs) | | | | | | SCANNER-BENCH-62-005 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Go Analyzer Guild (docs) | | | | |
| SCANNER-BENCH-62-006 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Rust Analyzer Guild (docs) | | | | | | SCANNER-BENCH-62-006 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Rust Analyzer Guild (docs) | | | | |
| SCANNER-BENCH-62-008 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, EntryTrace Guild (docs) | | | | | | SCANNER-BENCH-62-008 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, EntryTrace Guild (docs) | | | | |
| SCANNER-BENCH-62-009 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Policy Guild (docs) | | | | | | SCANNER-BENCH-62-009 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Policy Guild (docs) | | | | |
| SCANNER-CLI-0001 | DONE | 2025-11-10 | SPRINT_0138_0000_0001_scanner_ruby_parity | CLI Guild, Ruby Analyzer Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Coordinate CLI UX/help text for new Ruby verbs and update CLI docs/golden outputs. | SCANNER-ENG-0019 | | | SCANNER-CLI-0001 | DONE | 2025-11-10 | SPRINT_0138_0000_0001_scanner_ruby_parity | CLI Guild, Ruby Analyzer Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Coordinate CLI UX/help text for new Ruby verbs and update CLI docs/golden outputs. | SCANNER-ENG-0019 | |
| SCANNER-DET-01 | DONE (2025-12-03) | 2025-12-03 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Scanner Guild | | Deterministic compose fixtures landed; docs published. | | | SCANNER-DET-01 | DONE (2025-12-03) | 2025-12-03 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Scanner Guild | | Deterministic compose fixtures landed; docs published. | |
| SCANNER-DOCS-0003 | TODO | | SPRINT_327_docs_modules_scanner | Docs Guild, Product Guild (docs/modules/scanner) | docs/modules/scanner | Gather Windows/macOS analyzer demand signals and record findings in `docs/benchmarks/scanner/windows-macos-demand.md` for marketing + product readiness. | | | | SCANNER-DOCS-0003 | TODO | | SPRINT_327_docs_modules_scanner | Docs Guild, Product Guild (docs/modules/scanner) | docs/modules/scanner | Gather Windows/macOS analyzer demand signals and record findings in `docs/benchmarks/scanner/windows-macos-demand.md` for marketing + product readiness. | | |
@@ -1825,7 +1825,7 @@
| SIG-26-005 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild, UI Guild (docs) | | | | | | SIG-26-005 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild, UI Guild (docs) | | | | |
| SIG-26-006 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild, DevEx/CLI Guild (docs) | | | | | | SIG-26-006 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild, DevEx/CLI Guild (docs) | | | | |
| SIG-26-007 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild, BE-Base Platform Guild (docs) | | | | | | SIG-26-007 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild, BE-Base Platform Guild (docs) | | | | |
| SIG-26-008 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, DevOps Guild (docs) | | | | | | SIG-26-008 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, DevOps Guild (docs) | | | | |
| SIG-STORE-401-016 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild · BE-Base Platform Guild (`src/Signals/StellaOps.Signals`, `src/__Libraries/StellaOps.Replay.Core`) | `src/Signals/StellaOps.Signals`, `src/__Libraries/StellaOps.Replay.Core` | Introduce shared reachability store collections (`func_nodes`, `call_edges`, `cve_func_hits`), indexes, and repository APIs so Scanner/Signals/Policy can reuse canonical function data. | | | | SIG-STORE-401-016 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild · BE-Base Platform Guild (`src/Signals/StellaOps.Signals`, `src/__Libraries/StellaOps.Replay.Core`) | `src/Signals/StellaOps.Signals`, `src/__Libraries/StellaOps.Replay.Core` | Introduce shared reachability store collections (`func_nodes`, `call_edges`, `cve_func_hits`), indexes, and repository APIs so Scanner/Signals/Policy can reuse canonical function data. | | |
| SIGN-CORE-186-004 | DONE | 2025-11-26 | SPRINT_186_record_deterministic_execution | Signing Guild | `src/Signer/StellaOps.Signer`, `src/__Libraries/StellaOps.Cryptography` | Replace the HMAC demo implementation in `StellaOps.Signer` with StellaOps.Cryptography providers (keyless + KMS), including provider selection, key material loading, and cosign-compatible DSSE signature output. | Mirrors #1 | SIGR0101 | | SIGN-CORE-186-004 | DONE | 2025-11-26 | SPRINT_186_record_deterministic_execution | Signing Guild | `src/Signer/StellaOps.Signer`, `src/__Libraries/StellaOps.Cryptography` | Replace the HMAC demo implementation in `StellaOps.Signer` with StellaOps.Cryptography providers (keyless + KMS), including provider selection, key material loading, and cosign-compatible DSSE signature output. | Mirrors #1 | SIGR0101 |
| SIGN-CORE-186-005 | DONE | 2025-11-26 | SPRINT_186_record_deterministic_execution | Signing Guild | `src/Signer/StellaOps.Signer.Core` | Refactor `SignerStatementBuilder` to support StellaOps predicate types (e.g., `stella.ops/promotion@v1`) and delegate payload canonicalisation to the Provenance library once available. | Mirrors #2 | SIGR0101 | | SIGN-CORE-186-005 | DONE | 2025-11-26 | SPRINT_186_record_deterministic_execution | Signing Guild | `src/Signer/StellaOps.Signer.Core` | Refactor `SignerStatementBuilder` to support StellaOps predicate types (e.g., `stella.ops/promotion@v1`) and delegate payload canonicalisation to the Provenance library once available. | Mirrors #2 | SIGR0101 |
@@ -1964,7 +1964,7 @@
| TEN-48-001 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | | | | | TEN-48-001 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | | | |
| TEN-49-001 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | | | TEN-49-001 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | |
| TEST-186-006 | TODO | | SPRINT_186_record_deterministic_execution | Signing Guild, QA Guild (`src/Signer/StellaOps.Signer.Tests`) | `src/Signer/StellaOps.Signer.Tests` | | | | | TEST-186-006 | TODO | | SPRINT_186_record_deterministic_execution | Signing Guild, QA Guild (`src/Signer/StellaOps.Signer.Tests`) | `src/Signer/StellaOps.Signer.Tests` | | | |
| TEST-62-001 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Contract Testing Guild (docs) | | | | | | TEST-62-001 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Contract Testing Guild (docs) | | | | |
| TIME-57-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | | | PROGRAM-STAFF-1001 | | | TIME-57-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | | | PROGRAM-STAFF-1001 | |
| TIME-57-002 | TODO | | SPRINT_510_airgap | Exporter Guild · AirGap Time Guild · CLI Guild | src/AirGap/StellaOps.AirGap.Time | PROGRAM-STAFF-1001 | PROGRAM-STAFF-1001 | AGTM0101 | | TIME-57-002 | TODO | | SPRINT_510_airgap | Exporter Guild · AirGap Time Guild · CLI Guild | src/AirGap/StellaOps.AirGap.Time | PROGRAM-STAFF-1001 | PROGRAM-STAFF-1001 | AGTM0101 |
| TIME-58-001 | TODO | | SPRINT_510_airgap | AirGap Time Guild | src/AirGap/StellaOps.AirGap.Time | AIRGAP-TIME-58-001 | AIRGAP-TIME-58-001 | AGTM0101 | | TIME-58-001 | TODO | | SPRINT_510_airgap | AirGap Time Guild | src/AirGap/StellaOps.AirGap.Time | AIRGAP-TIME-58-001 | AIRGAP-TIME-58-001 | AGTM0101 |
@@ -2033,11 +2033,11 @@
| VEX-30-002 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | | | VEX-30-002 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | |
| VEX-30-003 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | | | VEX-30-003 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | |
| VEX-30-004 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | | | VEX-30-004 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | |
| VEX-30-005 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Console Guild (docs) | | | | | | VEX-30-005 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Console Guild (docs) | | | | |
| VEX-30-006 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Policy Guild (docs) | | | | DOVX0101 | | VEX-30-006 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Policy Guild (docs) | | | | DOVX0101 |
| VEX-30-007 | TODO | | SPRINT_216_web_v | BE-Base Platform Guild, VEX Lens Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | | | DOVX0101 | | VEX-30-007 | BLOCKED | | SPRINT_216_web_v | BE-Base Platform Guild, VEX Lens Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | | | DOVX0101 |
| VEX-30-008 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Security Guild (docs) | | | | DOVX0101 | | VEX-30-008 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Security Guild (docs) | | | | DOVX0101 |
| VEX-30-009 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, DevOps Guild (docs) | | | | DOVX0101 | | VEX-30-009 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, DevOps Guild (docs) | | | | DOVX0101 |
| VEX-401-006 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild (`src/Policy/StellaOps.Policy.Engine`, `src/Policy/__Libraries/StellaOps.Policy`) | `src/Policy/StellaOps.Policy.Engine`, `src/Policy/__Libraries/StellaOps.Policy` | | | DOVX0101 | | VEX-401-006 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild (`src/Policy/StellaOps.Policy.Engine`, `src/Policy/__Libraries/StellaOps.Policy`) | `src/Policy/StellaOps.Policy.Engine`, `src/Policy/__Libraries/StellaOps.Policy` | | | DOVX0101 |
| VEX-401-010 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild (`src/Policy/StellaOps.Policy.Engine/Vex`, `docs/modules/policy/architecture.md`, `docs/benchmarks/vex-evidence-playbook.md`) | `src/Policy/StellaOps.Policy.Engine/Vex`, `docs/modules/policy/architecture.md`, `docs/benchmarks/vex-evidence-playbook.md` | | | DOVX0101 | | VEX-401-010 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild (`src/Policy/StellaOps.Policy.Engine/Vex`, `docs/modules/policy/architecture.md`, `docs/benchmarks/vex-evidence-playbook.md`) | `src/Policy/StellaOps.Policy.Engine/Vex`, `docs/modules/policy/architecture.md`, `docs/benchmarks/vex-evidence-playbook.md` | | | DOVX0101 |
| VEX-401-011 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | verify | | | | DOVX0101 | | VEX-401-011 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | verify | | | | DOVX0101 |
@@ -2982,48 +2982,48 @@
| DOCS-RISK-66-004 | TODO | | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Risk Engine Guild | docs/risk | Create `/docs/risk/formulas.md` detailing math, normalization, gating, severity. Dependencies: DOCS-RISK-66-003. | Needs engine rollout notes | DORS0101 | | DOCS-RISK-66-004 | TODO | | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Risk Engine Guild | docs/risk | Create `/docs/risk/formulas.md` detailing math, normalization, gating, severity. Dependencies: DOCS-RISK-66-003. | Needs engine rollout notes | DORS0101 |
| DOCS-RISK-67-001 | TODO | | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Risk Engine Guild | docs/risk | Publish `/docs/risk/explainability.md` showing artifact schema and UI screenshots. Dependencies: DOCS-RISK-66-004. | Wait for engine metrics from 066_PLOB0101 | DORS0101 | | DOCS-RISK-67-001 | TODO | | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Risk Engine Guild | docs/risk | Publish `/docs/risk/explainability.md` showing artifact schema and UI screenshots. Dependencies: DOCS-RISK-66-004. | Wait for engine metrics from 066_PLOB0101 | DORS0101 |
| DOCS-RISK-67-002 | TODO | | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · API Guild | docs/risk | Produce `/docs/risk/api.md` with endpoint reference/examples. Dependencies: DOCS-RISK-67-001. | Requires API publishing workflow | DORS0101 | | DOCS-RISK-67-002 | TODO | | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · API Guild | docs/risk | Produce `/docs/risk/api.md` with endpoint reference/examples. Dependencies: DOCS-RISK-67-001. | Requires API publishing workflow | DORS0101 |
| DOCS-RISK-67-003 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Console Guild | docs/risk | Document `/docs/console/risk-ui.md` for authoring, simulation, dashboards. Dependencies: DOCS-RISK-67-002. | Needs console overlay decision | DORS0101 | | DOCS-RISK-67-003 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Console Guild | docs/risk | Document `/docs/console/risk-ui.md` for authoring, simulation, dashboards. Dependencies: DOCS-RISK-67-002. | Needs console overlay decision | DORS0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-RISK-67-004 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · CLI Guild | docs/risk | Publish `/docs/modules/cli/guides/risk.md` covering CLI workflows. Dependencies: DOCS-RISK-67-003. | Requires CLI samples from 132_CLCI0110 | DORS0101 | | DOCS-RISK-67-004 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · CLI Guild | docs/risk | Publish `/docs/modules/cli/guides/risk.md` covering CLI workflows. Dependencies: DOCS-RISK-67-003. | Requires CLI samples from 132_CLCI0110 | DORS0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-RISK-68-001 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Export Guild | docs/risk | Add `/docs/airgap/risk-bundles.md` for offline factor bundles. Dependencies: DOCS-RISK-67-004. | Wait for export contract (069_AGEX0101) | DORS0101 | | DOCS-RISK-68-001 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Export Guild | docs/risk | Add `/docs/airgap/risk-bundles.md` for offline factor bundles. Dependencies: DOCS-RISK-67-004. | Wait for export contract (069_AGEX0101) | DORS0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-RISK-68-002 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Security Guild | docs/risk | Update `/docs/security/aoc-invariants.md` with risk scoring provenance guarantees. Dependencies: DOCS-RISK-68-001. | Requires security approvals | DORS0101 | | DOCS-RISK-68-002 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Security Guild | docs/risk | Update `/docs/security/aoc-invariants.md` with risk scoring provenance guarantees. Dependencies: DOCS-RISK-68-001. | Requires security approvals | DORS0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-RUNBOOK-401-017 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · Ops Guild | `docs/runbooks/reachability-runtime.md`, `docs/reachability/DELIVERY_GUIDE.md` | Publish the reachability runtime ingestion runbook, link it from delivery guides, and keep Ops/Signals troubleshooting steps current. | Need latest reachability metrics from RBBN0101 | DORU0101 | | DOCS-RUNBOOK-401-017 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · Ops Guild | `docs/runbooks/reachability-runtime.md`, `docs/reachability/DELIVERY_GUIDE.md` | Publish the reachability runtime ingestion runbook, link it from delivery guides, and keep Ops/Signals troubleshooting steps current. | Need latest reachability metrics from RBBN0101 | DORU0101 |
| DOCS-RUNBOOK-55-001 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Ops Guild | docs/runbooks | Author `/docs/runbooks/incidents.md` describing incident mode activation, escalation steps, retention impact, verification checklist, and imposed rule banner. | Requires deployment checklist from DVPL0101 | DORU0101 | | DOCS-RUNBOOK-55-001 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Ops Guild | docs/runbooks | Author `/docs/runbooks/incidents.md` describing incident mode activation, escalation steps, retention impact, verification checklist, and imposed rule banner. | Requires deployment checklist from DVPL0101 | DORU0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-SCANNER-BENCH-62-002 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Product Guild | docs/modules/scanner/benchmarks | Capture customer demand for Windows/macOS analyzer coverage and document outcomes. | Need bench inputs from SCSA0301 | DOSB0101 | | DOCS-SCANNER-BENCH-62-002 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Product Guild | docs/modules/scanner/benchmarks | Capture customer demand for Windows/macOS analyzer coverage and document outcomes. | Need bench inputs from SCSA0301 | DOSB0101 |
| DOCS-SCANNER-BENCH-62-003 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Product Guild | docs/modules/scanner/benchmarks | Capture Python lockfile/editable install requirements and document policy guidance. | Depends on #1 | DOSB0101 | | DOCS-SCANNER-BENCH-62-003 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Product Guild | docs/modules/scanner/benchmarks | Capture Python lockfile/editable install requirements and document policy guidance. | Depends on #1 | DOSB0101 |
| DOCS-SCANNER-BENCH-62-004 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Java Analyzer Guild | docs/modules/scanner/benchmarks | Document Java lockfile ingestion guidance and policy templates. | Requires Java analyzer notes | DOSB0101 | | DOCS-SCANNER-BENCH-62-004 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Java Analyzer Guild | docs/modules/scanner/benchmarks | Document Java lockfile ingestion guidance and policy templates. | Requires Java analyzer notes | DOSB0101 |
| DOCS-SCANNER-BENCH-62-005 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Go Analyzer Guild | docs/modules/scanner/benchmarks | Document Go stripped-binary fallback enrichment guidance once implementation lands. | Needs Go analyzer results | DOSB0101 | | DOCS-SCANNER-BENCH-62-005 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Go Analyzer Guild | docs/modules/scanner/benchmarks | Document Go stripped-binary fallback enrichment guidance once implementation lands. | Needs Go analyzer results | DOSB0101 |
| DOCS-SCANNER-BENCH-62-006 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Product Guild | docs/modules/scanner/benchmarks | Document Rust fingerprint enrichment guidance and policy examples. | Requires updated benchmarks from SCSA0601 | DOSB0101 | | DOCS-SCANNER-BENCH-62-006 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Product Guild | docs/modules/scanner/benchmarks | Document Rust fingerprint enrichment guidance and policy examples. | Requires updated benchmarks from SCSA0601 | DOSB0101 |
| DOCS-SCANNER-BENCH-62-008 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Platform Data Guild | docs/modules/scanner/benchmarks | Publish EntryTrace explain/heuristic maintenance guide. | Wait for replay hooks (RPRC0101) | DOSB0101 | | DOCS-SCANNER-BENCH-62-008 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Platform Data Guild | docs/modules/scanner/benchmarks | Publish EntryTrace explain/heuristic maintenance guide. | Wait for replay hooks (RPRC0101) | DOSB0101 |
| DOCS-SCANNER-BENCH-62-009 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · DevEx/CLI Guild | docs/modules/scanner/benchmarks | Produce SAST integration documentation (connector framework, policy templates). | Depends on CLI samples (132_CLCI0110) | DOSB0101 | | DOCS-SCANNER-BENCH-62-009 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · DevEx/CLI Guild | docs/modules/scanner/benchmarks | Produce SAST integration documentation (connector framework, policy templates). | Depends on CLI samples (132_CLCI0110) | DOSB0101 |
| DOCS-SCANNER-DET-01 | DONE (2025-12-03) | 2025-12-03 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Scanner Guild | docs/modules/scanner/benchmarks | `/docs/modules/scanner/deterministic-sbom-compose.md` plus scan guide updates + fixture bundle (`docs/modules/scanner/fixtures/deterministic-compose/`). | Fixtures published via Sprint 0136; harness verified. | DOSB0101 | | DOCS-SCANNER-DET-01 | DONE (2025-12-03) | 2025-12-03 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Scanner Guild | docs/modules/scanner/benchmarks | `/docs/modules/scanner/deterministic-sbom-compose.md` plus scan guide updates + fixture bundle (`docs/modules/scanner/fixtures/deterministic-compose/`). | Fixtures published via Sprint 0136; harness verified. | DOSB0101 |
| DOCS-SDK-62-001 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · SDK Generator Guild | docs/sdk | Publish `/docs/sdks/overview.md` plus language guides (`typescript.md`, `python.md`, `go.md`, `java.md`). | Need SDK toolchain notes from SDKG0101 | DOSK0101 | | DOCS-SDK-62-001 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · SDK Generator Guild | docs/sdk | Publish `/docs/sdks/overview.md` plus language guides (`typescript.md`, `python.md`, `go.md`, `java.md`). | Need SDK toolchain notes from SDKG0101 | DOSK0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-SEC-62-001 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Security Guild | docs/security | Update `/docs/security/auth-scopes.md` with OAuth2/PAT scopes, tenancy header usage. | Need security ADR from DVDO0110 | DOSE0101 | | DOCS-SEC-62-001 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Security Guild | docs/security | Update `/docs/security/auth-scopes.md` with OAuth2/PAT scopes, tenancy header usage. | Need security ADR from DVDO0110 | DOSE0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-SEC-OBS-50-001 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Security Guild | docs/security | Update `/docs/security/redaction-and-privacy.md` to cover telemetry privacy controls, tenant opt-in debug, and imposed rule reminder. | Depends on PLOB0101 metrics | DOSE0101 | | DOCS-SEC-OBS-50-001 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Security Guild | docs/security | Update `/docs/security/redaction-and-privacy.md` to cover telemetry privacy controls, tenant opt-in debug, and imposed rule reminder. | Depends on PLOB0101 metrics | DOSE0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-SIG-26-001 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Signals Guild | docs/modules/signals | Write `/docs/signals/reachability.md` covering states, scores, provenance, retention. | Need SGSI0101 metrics freeze | DOSG0101 | | DOCS-SIG-26-001 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Signals Guild | docs/modules/signals | Write `/docs/signals/reachability.md` covering states, scores, provenance, retention. | Need SGSI0101 metrics freeze | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-SIG-26-002 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Observability Guild | docs/modules/signals | Publish `/docs/signals/callgraph-formats.md` with schemas and validation errors. Dependencies: DOCS-SIG-26-001. | Depends on #1 | DOSG0101 | | DOCS-SIG-26-002 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Observability Guild | docs/modules/signals | Publish `/docs/signals/callgraph-formats.md` with schemas and validation errors. Dependencies: DOCS-SIG-26-001. | Depends on #1 | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-SIG-26-003 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Signals Guild | docs/modules/signals | Create `/docs/signals/runtime-facts.md` detailing agent capabilities, privacy safeguards, opt-in flags. Dependencies: DOCS-SIG-26-002. | Requires SSE contract from SGSI0101 | DOSG0101 | | DOCS-SIG-26-003 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Signals Guild | docs/modules/signals | Create `/docs/signals/runtime-facts.md` detailing agent capabilities, privacy safeguards, opt-in flags. Dependencies: DOCS-SIG-26-002. | Requires SSE contract from SGSI0101 | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-SIG-26-004 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · CLI Guild | docs/modules/signals | Document `/docs/policy/signals-weighting.md` for SPL predicates and weighting strategies. Dependencies: DOCS-SIG-26-003. | Needs CLI samples (132_CLCI0110) | DOSG0101 | | DOCS-SIG-26-004 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · CLI Guild | docs/modules/signals | Document `/docs/policy/signals-weighting.md` for SPL predicates and weighting strategies. Dependencies: DOCS-SIG-26-003. | Needs CLI samples (132_CLCI0110) | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-SIG-26-005 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · DevOps Guild | docs/modules/signals | Draft `/docs/ui/reachability-overlays.md` with badges, timelines, shortcuts. Dependencies: DOCS-SIG-26-004. | Wait for DevOps rollout plan | DOSG0101 | | DOCS-SIG-26-005 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · DevOps Guild | docs/modules/signals | Draft `/docs/ui/reachability-overlays.md` with badges, timelines, shortcuts. Dependencies: DOCS-SIG-26-004. | Wait for DevOps rollout plan | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-SIG-26-006 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Security Guild | docs/modules/signals | Update `/docs/modules/cli/guides/reachability.md` for new commands and automation recipes. Dependencies: DOCS-SIG-26-005. | Requires security guidance (DVDO0110) | DOSG0101 | | DOCS-SIG-26-006 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Security Guild | docs/modules/signals | Update `/docs/modules/cli/guides/reachability.md` for new commands and automation recipes. Dependencies: DOCS-SIG-26-005. | Requires security guidance (DVDO0110) | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-SIG-26-007 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Policy Guild | docs/modules/signals | Publish `/docs/api/signals.md` covering endpoints, payloads, ETags, errors. Dependencies: DOCS-SIG-26-006. | Needs policy overlay from PLVL0102 | DOSG0101 | | DOCS-SIG-26-007 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Policy Guild | docs/modules/signals | Publish `/docs/api/signals.md` covering endpoints, payloads, ETags, errors. Dependencies: DOCS-SIG-26-006. | Needs policy overlay from PLVL0102 | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-SIG-26-008 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Notifications Guild | docs/modules/signals | Write `/docs/migration/enable-reachability.md` guiding rollout, fallbacks, monitoring. Dependencies: DOCS-SIG-26-007. | Depends on notifications hooks (058_NOTY0101) | DOSG0101 | | DOCS-SIG-26-008 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Notifications Guild | docs/modules/signals | Write `/docs/migration/enable-reachability.md` guiding rollout, fallbacks, monitoring. Dependencies: DOCS-SIG-26-007. | Depends on notifications hooks (058_NOTY0101) | DOSG0101 |
| DOCS-SURFACE-01 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Surface Guild | docs/modules/scanner/surface | Create `/docs/modules/scanner/scanner-engine.md` covering Surface.FS/Env/Secrets workflow between Scanner, Zastava, Scheduler, and Ops. | Need latest surface emit notes (SCANNER-SURFACE-04) | DOSS0101 | | DOCS-SURFACE-01 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Surface Guild | docs/modules/scanner/surface | Create `/docs/modules/scanner/scanner-engine.md` covering Surface.FS/Env/Secrets workflow between Scanner, Zastava, Scheduler, and Ops. | Need latest surface emit notes (SCANNER-SURFACE-04) | DOSS0101 |
| DOCS-SYMS-70-003 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Symbols Guild | docs/modules/symbols | Author symbol-server architecture/spec docs (`docs/specs/symbols/SYMBOL_MANIFEST_v1.md`, API reference, bundle guide) and update reachability guides with symbol lookup workflow and tenant controls. Dependencies: SYMS-SERVER-401-011, SYMS-INGEST-401-013. | Need RBSY0101 cache notes | DOSY0101 | | DOCS-SYMS-70-003 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Symbols Guild | docs/modules/symbols | Author symbol-server architecture/spec docs (`docs/specs/symbols/SYMBOL_MANIFEST_v1.md`, API reference, bundle guide) and update reachability guides with symbol lookup workflow and tenant controls. Dependencies: SYMS-SERVER-401-011, SYMS-INGEST-401-013. | Need RBSY0101 cache notes | DOSY0101 |
| DOCS-TEN-47-001 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Security Guild | docs/modules/tenancy | Publish `/docs/security/tenancy-overview.md` and `/docs/security/scopes-and-roles.md` outlining scope grammar, tenant model, imposed rule reminder. | Need tenancy ADR from DVDO0110 | DOTN0101 | | DOCS-TEN-47-001 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Security Guild | docs/modules/tenancy | Publish `/docs/security/tenancy-overview.md` and `/docs/security/scopes-and-roles.md` outlining scope grammar, tenant model, imposed rule reminder. | Need tenancy ADR from DVDO0110 | DOTN0101 |
| DOCS-TEN-48-001 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Security Guild | docs/modules/tenancy | Publish `/docs/operations/multi-tenancy.md`, `/docs/operations/rls-and-data-isolation.md`, `/docs/console/admin-tenants.md`. Dependencies: DOCS-TEN-47-001. | Depends on #1 | DOTN0101 | | DOCS-TEN-48-001 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Security Guild | docs/modules/tenancy | Publish `/docs/operations/multi-tenancy.md`, `/docs/operations/rls-and-data-isolation.md`, `/docs/console/admin-tenants.md`. Dependencies: DOCS-TEN-47-001. | Depends on #1 | DOTN0101 |
| DOCS-TEN-49-001 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · DevOps Guild | docs/modules/tenancy | Publish `/docs/modules/cli/guides/authentication.md`, `/docs/api/authentication.md`, `/docs/policy/examples/abac-overlays.md`, update `/docs/install/configuration-reference.md` with new env vars, all ending with imposed rule line. Dependencies: DOCS-TEN-48-001. | Requires monitoring plan from DVDO0110 | DOTN0101 | | DOCS-TEN-49-001 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · DevOps Guild | docs/modules/tenancy | Publish `/docs/modules/cli/guides/authentication.md`, `/docs/api/authentication.md`, `/docs/policy/examples/abac-overlays.md`, update `/docs/install/configuration-reference.md` with new env vars, all ending with imposed rule line. Dependencies: DOCS-TEN-48-001. | Requires monitoring plan from DVDO0110 | DOTN0101 |
| DOCS-TEST-62-001 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · SDK Generator Guild | docs/sdk | Author `/docs/testing/contract-testing.md` covering mock server, replay tests, golden fixtures. | Depends on #1 | DOSK0101 | | DOCS-TEST-62-001 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · SDK Generator Guild | docs/sdk | Author `/docs/testing/contract-testing.md` covering mock server, replay tests, golden fixtures. | Depends on #1 | DOSK0101 |
| DOCS-VEX-30-001 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · VEX Lens Guild | docs/modules/vex-lens | Publish `/docs/vex/consensus-overview.md` describing purpose, scope, AOC guarantees. | Need PLVL0102 schema snapshot | DOVX0101 | | DOCS-VEX-30-001 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · VEX Lens Guild | docs/modules/vex-lens | Publish `/docs/vex/consensus-overview.md` describing purpose, scope, AOC guarantees. | Need PLVL0102 schema snapshot | DOVX0101 |
| DOCS-VEX-30-002 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · VEX Lens Guild | docs/modules/vex-lens | Author `/docs/vex/consensus-algorithm.md` covering normalization, weighting, thresholds, examples. Dependencies: DOCS-VEX-30-001. | Depends on #1 | DOVX0101 | | DOCS-VEX-30-002 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · VEX Lens Guild | docs/modules/vex-lens | Author `/docs/vex/consensus-algorithm.md` covering normalization, weighting, thresholds, examples. Dependencies: DOCS-VEX-30-001. | Depends on #1 | DOVX0101 |
| DOCS-VEX-30-003 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Issuer Directory Guild | docs/modules/vex-lens | Document `/docs/vex/issuer-directory.md` (issuer management, keys, trust overrides, audit). Dependencies: DOCS-VEX-30-002. | Requires Issuer Directory inputs | DOVX0101 | | DOCS-VEX-30-003 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Issuer Directory Guild | docs/modules/vex-lens | Document `/docs/vex/issuer-directory.md` (issuer management, keys, trust overrides, audit). Dependencies: DOCS-VEX-30-002. | Requires Issuer Directory inputs | DOVX0101 |
| DOCS-VEX-30-004 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · VEX Lens Guild | docs/modules/vex-lens | Publish `/docs/vex/consensus-api.md` with endpoint specs, query params, rate limits. Dependencies: DOCS-VEX-30-003. | Needs PLVL0102 policy join notes | DOVX0101 | | DOCS-VEX-30-004 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · VEX Lens Guild | docs/modules/vex-lens | Publish `/docs/vex/consensus-api.md` with endpoint specs, query params, rate limits. Dependencies: DOCS-VEX-30-003. | Needs PLVL0102 policy join notes | DOVX0101 |
| DOCS-VEX-30-005 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Console Guild | docs/modules/vex-lens | Write `/docs/vex/consensus-console.md` covering UI workflows, filters, conflicts, accessibility. Dependencies: DOCS-VEX-30-004. | Requires console overlay assets | DOVX0101 | | DOCS-VEX-30-005 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Console Guild | docs/modules/vex-lens | Write `/docs/vex/consensus-console.md` covering UI workflows, filters, conflicts, accessibility. Dependencies: DOCS-VEX-30-004. | Requires console overlay assets | DOVX0101 |
| DOCS-VEX-30-006 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Policy Guild | docs/modules/vex-lens | Add `/docs/policy/vex-trust-model.md` detailing policy knobs, thresholds, simulation. Dependencies: DOCS-VEX-30-005. | Needs waiver/exception guidance | DOVX0101 | | DOCS-VEX-30-006 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Policy Guild | docs/modules/vex-lens | Add `/docs/policy/vex-trust-model.md` detailing policy knobs, thresholds, simulation. Dependencies: DOCS-VEX-30-005. | Needs waiver/exception guidance | DOVX0101 |
| DOCS-VEX-30-007 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · SBOM Service Guild | docs/modules/vex-lens | Publish `/docs/sbom/vex-mapping.md` (CPE→purl strategy, edge cases, overrides). Dependencies: DOCS-VEX-30-006. | Depends on SBOM/VEX dataflow spec | DOVX0101 | | DOCS-VEX-30-007 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · SBOM Service Guild | docs/modules/vex-lens | Publish `/docs/sbom/vex-mapping.md` (CPE→purl strategy, edge cases, overrides). Dependencies: DOCS-VEX-30-006. | Depends on SBOM/VEX dataflow spec | DOVX0101 |
| DOCS-VEX-30-008 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Security Guild | docs/modules/vex-lens | Deliver `/docs/security/vex-signatures.md` (verification flow, key rotation, audit). Dependencies: DOCS-VEX-30-007. | Requires security review (DVDO0110) | DOVX0101 | | DOCS-VEX-30-008 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Security Guild | docs/modules/vex-lens | Deliver `/docs/security/vex-signatures.md` (verification flow, key rotation, audit). Dependencies: DOCS-VEX-30-007. | Requires security review (DVDO0110) | DOVX0101 |
| DOCS-VEX-30-009 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · DevOps Guild | docs/modules/vex-lens | Create `/docs/runbooks/vex-ops.md` for recompute storms, mapping failures, signature errors. Dependencies: DOCS-VEX-30-008. | Needs DevOps rollout plan | DOVX0101 | | DOCS-VEX-30-009 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · DevOps Guild | docs/modules/vex-lens | Create `/docs/runbooks/vex-ops.md` for recompute storms, mapping failures, signature errors. Dependencies: DOCS-VEX-30-008. | Needs DevOps rollout plan | DOVX0101 |
| DOCS-VEX-401-012 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · VEX Lens Guild | `docs/benchmarks/vex-evidence-playbook.md`, `bench/README.md` | Maintain the VEX Evidence Playbook, publish repo templates/README, and document verification workflows for operators. | Need VEX evidence export from PLVL0102 | DOVB0101 | | DOCS-VEX-401-012 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · VEX Lens Guild | `docs/benchmarks/vex-evidence-playbook.md`, `bench/README.md` | Maintain the VEX Evidence Playbook, publish repo templates/README, and document verification workflows for operators. | Need VEX evidence export from PLVL0102 | DOVB0101 |
| DOCS-VULN-29-001 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Vuln Explorer Guild | docs/modules/vuln-explorer | Publish `/docs/vuln/explorer-overview.md` covering domain model, identities, AOC guarantees, workflow summary. | Need GRAP0101 contract | DOVL0101 | | DOCS-VULN-29-001 | DOING | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Vuln Explorer Guild | docs/modules/vuln-explorer | Publish `/docs/vuln/explorer-overview.md` covering domain model, identities, AOC guarantees, workflow summary. | Need GRAP0101 contract | DOVL0101 |
| DOCS-VULN-29-002 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Vuln Explorer Guild | docs/modules/vuln-explorer | Write `/docs/vuln/explorer-using-console.md` with workflows, screenshots, keyboard shortcuts, saved views, deep links. Dependencies: DOCS-VULN-29-001. | Depends on #1 | DOVL0101 | | DOCS-VULN-29-002 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Vuln Explorer Guild | docs/modules/vuln-explorer | Write `/docs/vuln/explorer-using-console.md` with workflows, screenshots, keyboard shortcuts, saved views, deep links. Dependencies: DOCS-VULN-29-001. | Depends on #1 | DOVL0101 |
| DOCS-VULN-29-003 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · UI Guild | docs/modules/vuln-explorer | Author `/docs/vuln/explorer-api.md` (endpoints, query schema, grouping, errors, rate limits). Dependencies: DOCS-VULN-29-002. | Requires UI assets | DOVL0101 | | DOCS-VULN-29-003 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · UI Guild | docs/modules/vuln-explorer | Author `/docs/vuln/explorer-api.md` (endpoints, query schema, grouping, errors, rate limits). Dependencies: DOCS-VULN-29-002. | Requires UI assets | DOVL0101 |
| DOCS-VULN-29-004 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Policy Guild | docs/modules/vuln-explorer | Publish `/docs/vuln/explorer-cli.md` with command reference, samples, exit codes, CI snippets. Dependencies: DOCS-VULN-29-003. | Needs policy overlay inputs | DOVL0101 | | DOCS-VULN-29-004 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Policy Guild | docs/modules/vuln-explorer | Publish `/docs/vuln/explorer-cli.md` with command reference, samples, exit codes, CI snippets. Dependencies: DOCS-VULN-29-003. | Needs policy overlay inputs | DOVL0101 |
@@ -3875,13 +3875,13 @@
| SCANNER-ANALYZERS-RUBY-28-010 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild, Signals Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Optional runtime evidence integration (if provided logs/metrics) with path hashing, without altering static precedence. | SCANNER-ANALYZERS-RUBY-28-009 | | | SCANNER-ANALYZERS-RUBY-28-010 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild, Signals Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Optional runtime evidence integration (if provided logs/metrics) with path hashing, without altering static precedence. | SCANNER-ANALYZERS-RUBY-28-009 | |
| SCANNER-ANALYZERS-RUBY-28-011 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild, DevOps Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Package analyzer plug-in, add CLI (`stella ruby inspect`), refresh Offline Kit documentation. | SCANNER-ANALYZERS-RUBY-28-010 | | | SCANNER-ANALYZERS-RUBY-28-011 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild, DevOps Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Package analyzer plug-in, add CLI (`stella ruby inspect`), refresh Offline Kit documentation. | SCANNER-ANALYZERS-RUBY-28-010 | |
| SCANNER-ANALYZERS-RUBY-28-012 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Policy signal emitter: rubygems drift, native extension flags, dangerous constructs counts, TLS verify posture, dynamic require eval warnings. | SCANNER-ANALYZERS-RUBY-28-011 | | | SCANNER-ANALYZERS-RUBY-28-012 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Policy signal emitter: rubygems drift, native extension flags, dangerous constructs counts, TLS verify posture, dynamic require eval warnings. | SCANNER-ANALYZERS-RUBY-28-011 | |
| SCANNER-BENCH-62-002 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Product Guild (docs) | | | | | | SCANNER-BENCH-62-002 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Product Guild (docs) | | | | |
| SCANNER-BENCH-62-003 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Product Guild (docs) | | | | | | SCANNER-BENCH-62-003 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Product Guild (docs) | | | | |
| SCANNER-BENCH-62-004 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Java Analyzer Guild (docs) | | | | | | SCANNER-BENCH-62-004 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Java Analyzer Guild (docs) | | | | |
| SCANNER-BENCH-62-005 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Go Analyzer Guild (docs) | | | | | | SCANNER-BENCH-62-005 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Go Analyzer Guild (docs) | | | | |
| SCANNER-BENCH-62-006 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Rust Analyzer Guild (docs) | | | | | | SCANNER-BENCH-62-006 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Rust Analyzer Guild (docs) | | | | |
| SCANNER-BENCH-62-008 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, EntryTrace Guild (docs) | | | | | | SCANNER-BENCH-62-008 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, EntryTrace Guild (docs) | | | | |
| SCANNER-BENCH-62-009 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Policy Guild (docs) | | | | | | SCANNER-BENCH-62-009 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Policy Guild (docs) | | | | |
| SCANNER-CLI-0001 | DONE | 2025-11-10 | SPRINT_0138_0000_0001_scanner_ruby_parity | CLI Guild, Ruby Analyzer Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Coordinate CLI UX/help text for new Ruby verbs and update CLI docs/golden outputs. | SCANNER-ENG-0019 | | | SCANNER-CLI-0001 | DONE | 2025-11-10 | SPRINT_0138_0000_0001_scanner_ruby_parity | CLI Guild, Ruby Analyzer Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Coordinate CLI UX/help text for new Ruby verbs and update CLI docs/golden outputs. | SCANNER-ENG-0019 | |
| SCANNER-DET-01 | DONE (2025-12-03) | 2025-12-03 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Scanner Guild | | Deterministic compose fixtures landed; docs published. | | | SCANNER-DET-01 | DONE (2025-12-03) | 2025-12-03 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Scanner Guild | | Deterministic compose fixtures landed; docs published. | |
| SCANNER-DOCS-0003 | TODO | | SPRINT_327_docs_modules_scanner | Docs Guild, Product Guild (docs/modules/scanner) | docs/modules/scanner | Gather Windows/macOS analyzer demand signals and record findings in `docs/benchmarks/scanner/windows-macos-demand.md` for marketing + product readiness. | | | | SCANNER-DOCS-0003 | TODO | | SPRINT_327_docs_modules_scanner | Docs Guild, Product Guild (docs/modules/scanner) | docs/modules/scanner | Gather Windows/macOS analyzer demand signals and record findings in `docs/benchmarks/scanner/windows-macos-demand.md` for marketing + product readiness. | | |
@@ -4025,7 +4025,7 @@
| SIG-26-005 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild, UI Guild (docs) | | | | | | SIG-26-005 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild, UI Guild (docs) | | | | |
| SIG-26-006 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild, DevEx/CLI Guild (docs) | | | | | | SIG-26-006 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild, DevEx/CLI Guild (docs) | | | | |
| SIG-26-007 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild, BE-Base Platform Guild (docs) | | | | | | SIG-26-007 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild, BE-Base Platform Guild (docs) | | | | |
| SIG-26-008 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, DevOps Guild (docs) | | | | | | SIG-26-008 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, DevOps Guild (docs) | | | | |
| SIG-STORE-401-016 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild · BE-Base Platform Guild (`src/Signals/StellaOps.Signals`, `src/__Libraries/StellaOps.Replay.Core`) | `src/Signals/StellaOps.Signals`, `src/__Libraries/StellaOps.Replay.Core` | Introduce shared reachability store collections (`func_nodes`, `call_edges`, `cve_func_hits`), indexes, and repository APIs so Scanner/Signals/Policy can reuse canonical function data. | | | | SIG-STORE-401-016 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild · BE-Base Platform Guild (`src/Signals/StellaOps.Signals`, `src/__Libraries/StellaOps.Replay.Core`) | `src/Signals/StellaOps.Signals`, `src/__Libraries/StellaOps.Replay.Core` | Introduce shared reachability store collections (`func_nodes`, `call_edges`, `cve_func_hits`), indexes, and repository APIs so Scanner/Signals/Policy can reuse canonical function data. | | |
| SIGN-CORE-186-004 | DONE | 2025-11-26 | SPRINT_186_record_deterministic_execution | Signing Guild | `src/Signer/StellaOps.Signer`, `src/__Libraries/StellaOps.Cryptography` | Replace the HMAC demo implementation in `StellaOps.Signer` with StellaOps.Cryptography providers (keyless + KMS), including provider selection, key material loading, and cosign-compatible DSSE signature output. | Mirrors #1 | SIGR0101 | | SIGN-CORE-186-004 | DONE | 2025-11-26 | SPRINT_186_record_deterministic_execution | Signing Guild | `src/Signer/StellaOps.Signer`, `src/__Libraries/StellaOps.Cryptography` | Replace the HMAC demo implementation in `StellaOps.Signer` with StellaOps.Cryptography providers (keyless + KMS), including provider selection, key material loading, and cosign-compatible DSSE signature output. | Mirrors #1 | SIGR0101 |
| SIGN-CORE-186-005 | DONE | 2025-11-26 | SPRINT_186_record_deterministic_execution | Signing Guild | `src/Signer/StellaOps.Signer.Core` | Refactor `SignerStatementBuilder` to support StellaOps predicate types (e.g., `stella.ops/promotion@v1`) and delegate payload canonicalisation to the Provenance library once available. | Mirrors #2 | SIGR0101 | | SIGN-CORE-186-005 | DONE | 2025-11-26 | SPRINT_186_record_deterministic_execution | Signing Guild | `src/Signer/StellaOps.Signer.Core` | Refactor `SignerStatementBuilder` to support StellaOps predicate types (e.g., `stella.ops/promotion@v1`) and delegate payload canonicalisation to the Provenance library once available. | Mirrors #2 | SIGR0101 |
@@ -4161,7 +4161,7 @@
| TEN-48-001 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | | | | | TEN-48-001 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | | | |
| TEN-49-001 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | | | TEN-49-001 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | |
| TEST-186-006 | TODO | | SPRINT_186_record_deterministic_execution | Signing Guild, QA Guild (`src/Signer/StellaOps.Signer.Tests`) | `src/Signer/StellaOps.Signer.Tests` | | | | | TEST-186-006 | TODO | | SPRINT_186_record_deterministic_execution | Signing Guild, QA Guild (`src/Signer/StellaOps.Signer.Tests`) | `src/Signer/StellaOps.Signer.Tests` | | | |
| TEST-62-001 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Contract Testing Guild (docs) | | | | | | TEST-62-001 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Contract Testing Guild (docs) | | | | |
| TIME-57-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | | | PROGRAM-STAFF-1001 | | | TIME-57-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | | | PROGRAM-STAFF-1001 | |
| TIME-57-002 | TODO | | SPRINT_510_airgap | Exporter Guild · AirGap Time Guild · CLI Guild | src/AirGap/StellaOps.AirGap.Time | PROGRAM-STAFF-1001 | PROGRAM-STAFF-1001 | AGTM0101 | | TIME-57-002 | TODO | | SPRINT_510_airgap | Exporter Guild · AirGap Time Guild · CLI Guild | src/AirGap/StellaOps.AirGap.Time | PROGRAM-STAFF-1001 | PROGRAM-STAFF-1001 | AGTM0101 |
| TIME-58-001 | TODO | | SPRINT_510_airgap | AirGap Time Guild | src/AirGap/StellaOps.AirGap.Time | AIRGAP-TIME-58-001 | AIRGAP-TIME-58-001 | AGTM0101 | | TIME-58-001 | TODO | | SPRINT_510_airgap | AirGap Time Guild | src/AirGap/StellaOps.AirGap.Time | AIRGAP-TIME-58-001 | AIRGAP-TIME-58-001 | AGTM0101 |
@@ -4211,11 +4211,11 @@
| VEX-30-002 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | | | VEX-30-002 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | |
| VEX-30-003 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | | | VEX-30-003 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | |
| VEX-30-004 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | | | VEX-30-004 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | |
| VEX-30-005 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Console Guild (docs) | | | | | | VEX-30-005 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Console Guild (docs) | | | | |
| VEX-30-006 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Policy Guild (docs) | | | | DOVX0101 | | VEX-30-006 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Policy Guild (docs) | | | | DOVX0101 |
| VEX-30-007 | TODO | | SPRINT_216_web_v | BE-Base Platform Guild, VEX Lens Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | | | DOVX0101 | | VEX-30-007 | BLOCKED | | SPRINT_216_web_v | BE-Base Platform Guild, VEX Lens Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | | | DOVX0101 |
| VEX-30-008 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Security Guild (docs) | | | | DOVX0101 | | VEX-30-008 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Security Guild (docs) | | | | DOVX0101 |
| VEX-30-009 | TODO | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, DevOps Guild (docs) | | | | DOVX0101 | | VEX-30-009 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, DevOps Guild (docs) | | | | DOVX0101 |
| VEX-401-006 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild (`src/Policy/StellaOps.Policy.Engine`, `src/Policy/__Libraries/StellaOps.Policy`) | `src/Policy/StellaOps.Policy.Engine`, `src/Policy/__Libraries/StellaOps.Policy` | | | DOVX0101 | | VEX-401-006 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild (`src/Policy/StellaOps.Policy.Engine`, `src/Policy/__Libraries/StellaOps.Policy`) | `src/Policy/StellaOps.Policy.Engine`, `src/Policy/__Libraries/StellaOps.Policy` | | | DOVX0101 |
| VEX-401-010 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild (`src/Policy/StellaOps.Policy.Engine/Vex`, `docs/modules/policy/architecture.md`, `docs/benchmarks/vex-evidence-playbook.md`) | `src/Policy/StellaOps.Policy.Engine/Vex`, `docs/modules/policy/architecture.md`, `docs/benchmarks/vex-evidence-playbook.md` | | | DOVX0101 | | VEX-401-010 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild (`src/Policy/StellaOps.Policy.Engine/Vex`, `docs/modules/policy/architecture.md`, `docs/benchmarks/vex-evidence-playbook.md`) | `src/Policy/StellaOps.Policy.Engine/Vex`, `docs/modules/policy/architecture.md`, `docs/benchmarks/vex-evidence-playbook.md` | | | DOVX0101 |
| VEX-401-011 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | verify | | | | DOVX0101 | | VEX-401-011 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | verify | | | | DOVX0101 |

25
docs/migration/enable-reachability.md Normal file
View File

@@ -0,0 +1,25 @@
# Enable Reachability — Draft Skeleton (2025-12-05 UTC)
Status: draft placeholder. Inputs pending: DOCS-SIG-26-007, notifications hooks (058_NOTY0101), rollout telemetry contract.
## Purpose
- Describe why reachability is being enabled and expected outcomes.
## Rollout Phases
- Phase 0: prerequisites (feature flags, config keys).
- Phase 1: limited tenants / canaries.
- Phase 2: org-wide rollout with monitoring gates.
## Fallbacks
- How to disable/revert; config toggles; cache/queue drains.
## Monitoring & Alerts
- Metrics to watch (ingest lag, signal volume, error ratios).
- Alert thresholds and runbooks (link when available).
## Controls & Policy
- Imposed rule reminder; RBAC/tenant scope considerations.
## Open TODOs
- Fill concrete config keys and examples when DOCS-SIG-26-007 lands.
- Add notification hook wiring details from 058_NOTY0101.

18
docs/modules/cli/guides/authentication.md Normal file
View File

@@ -0,0 +1,18 @@
# CLI Authentication — Draft Skeleton (2025-12-05 UTC)
Status: draft placeholder. Inputs pending: DVDO0110 env vars, token formats, monitoring plan.
## Supported Flows
- Device/code, PAT, workload identity (to confirm).
## Configuration
- Env vars and flags (to be filled once finalized).
## Multi-Tenant Considerations
- Scope selection and defaults.
## Troubleshooting
- Common errors; log paths; retry/backoff guidance.
## Open TODOs
- Insert definitive env var list and examples when available.

15
docs/modules/scanner/benchmarks/entrytrace-heuristics.md Normal file
View File

@@ -0,0 +1,15 @@
# EntryTrace Heuristics Maintenance — Draft Skeleton (2025-12-05 UTC)
Status: draft placeholder. Inputs pending: replay hooks (RPRC0101).
## Purpose
- Explain EntryTrace heuristics and maintenance cycles.
## Heuristic Catalog
- Placeholder for rules with owners and review cadence.
## Operations
- How to update heuristics safely; replay/validation steps.
## Open TODOs
- Add concrete heuristics and replay examples when hooks arrive.

12
docs/modules/scanner/benchmarks/go-stripped-binaries.md Normal file
View File

@@ -0,0 +1,12 @@
# Go Stripped Binaries — Draft Skeleton (2025-12-05 UTC)
Status: draft placeholder. Inputs pending: Go analyzer results.
## Fallback Enrichment
- Techniques to enrich stripped Go binaries (to fill).
## Policy Guidance
- When to accept fallback; how to flag low-confidence matches.
## Open TODOs
- Add enrichment recipes and examples once analyzer outputs land.

15
docs/modules/scanner/benchmarks/java-lockfiles.md Normal file
View File

@@ -0,0 +1,15 @@
# Java Lockfile Ingestion — Draft Skeleton (2025-12-05 UTC)
Status: draft placeholder. Inputs pending: Java analyzer notes.
## Lockfile Types
- Maven/Gradle variants (to fill).
## Ingestion Guidance
- Normalization, version conflict handling.
## Policy Templates
- Sample allow/deny templates (placeholder).
## Open TODOs
- Add concrete examples and ingestion steps from analyzer notes.

12
docs/modules/scanner/benchmarks/python-lockfiles.md Normal file
View File

@@ -0,0 +1,12 @@
# Python Lockfiles & Editable Installs — Draft Skeleton (2025-12-05 UTC)
Status: draft placeholder. Depends on outcomes from Windows/macOS coverage (task 3) and Python analyzer guidance.
## Lockfile Handling
- Pip/Poetry/UV constraints; editable installs; markers (to fill).
## Policy Guidance
- What to enforce/allow; sample policy snippets.
## Open TODOs
- Insert concrete lockfile examples and policies once inputs arrive.

15
docs/modules/scanner/benchmarks/rust-fingerprint-enrichment.md Normal file
View File

@@ -0,0 +1,15 @@
# Rust Fingerprint Enrichment — Draft Skeleton (2025-12-05 UTC)
Status: draft placeholder. Inputs pending: SCSA0601 updated benchmarks.
## Fingerprint Sources
- Cargo metadata, debug info, symbol hashes (to fill).
## Enrichment Steps
- Mapping fingerprints to crates/versions; confidence scoring.
## Policy Examples
- Sample allow/deny/waiver patterns (placeholder).
## Open TODOs
- Add concrete examples from updated benchmarks.

12
docs/modules/scanner/benchmarks/sast-integration.md Normal file
View File

@@ -0,0 +1,12 @@
# SAST Integration — Draft Skeleton (2025-12-05 UTC)
Status: draft placeholder. Inputs pending: CLI samples (132_CLCI0110).
## Connector Framework
- How SAST connectors plug into scanner pipeline (to fill).
## Policy Templates
- Placeholder for SAST-specific policy examples.
## Open TODOs
- Add sample configs and flows once CLI samples are available.

15
docs/modules/scanner/benchmarks/windows-macos-coverage.md Normal file
View File

@@ -0,0 +1,15 @@
# Windows/macOS Analyzer Coverage — Draft Skeleton (2025-12-05 UTC)
Status: draft placeholder. Inputs pending: SCSA0301 customer demand signals.
## Demand Signals
- Customers requesting Windows/macOS analyzer coverage (to fill with SCSA0301 data).
## Coverage Plan
- Supported OS versions/builds; exclusions; offline posture.
## Rollout & Monitoring
- Enablement steps; metrics to watch.
## Open TODOs
- Add quantified demand, target milestones, and acceptance criteria once inputs land.

24
docs/modules/scanner/scanner-engine.md Normal file
View File

@@ -0,0 +1,24 @@
# Scanner Engine Surface FS/Env/Secrets — Draft Skeleton (2025-12-05 UTC)
Status: draft placeholder. Inputs pending: SCANNER-SURFACE-04 emit notes, Zastava/Scheduler bindings, Ops runbook hooks.
## Workflow Overview
- Surface.FS, Surface.Env, Surface.Secrets capture points.
- How Scanner orchestrates surface capture across jobs.
## Data Flow
- Scanner -> Zastava (signals/alerts pipeline).
- Scanner -> Scheduler (job orchestration, retries, back-pressure).
- Storage/retention expectations.
## Policies & Safety Rails
- Redaction rules, scope boundaries, tenant isolation.
- Determinism/offline posture considerations.
## Operations
- How to enable/disable surface capture per tenant/workspace.
- Observability: metrics, logs, traces to watch.
## Open TODOs
- Insert concrete emit schemas and example payloads when SCANNER-SURFACE-04 lands.
- Add sequencing diagrams per module dossier once available.

19
docs/operations/multi-tenancy.md Normal file
View File

@@ -0,0 +1,19 @@
# Multi-Tenancy Operations — Draft Skeleton (2025-12-05 UTC)
Status: draft placeholder. Depends on DVDO0110 outputs and scopes-and-roles.
## Provisioning
- Creating tenants and assigning scopes.
## Lifecycle
- Suspend, delete, migrate tenants; data retention notes.
## Observability
- Metrics and logs to validate isolation; alerts to configure.
## Governance
- Change-control, approvals, audit export.
## Open TODOs
- Add step-by-step CLI/Console flows once confirmed.
- Insert RLS specifics from `rls-and-data-isolation.md`.

15
docs/operations/rls-and-data-isolation.md Normal file
View File

@@ -0,0 +1,15 @@
# RLS and Data Isolation — Draft Skeleton (2025-12-05 UTC)
Status: draft placeholder. Inputs pending: DVDO0110, DB/RLS schema snapshot.
## RLS Strategy
- Tables/collections under RLS; policy evaluation order.
## Keys and Claims
- Which claims drive RLS; mapping to scopes.
## Testing & Validation
- How to verify isolation in staging; replay/golden tests.
## Open TODOs
- Insert actual RLS policies and sample queries once provided.

16
docs/policy/examples/abac-overlays.md Normal file
View File

@@ -0,0 +1,16 @@
# ABAC Overlays — Draft Skeleton (2025-12-05 UTC)
Status: draft placeholder. Inputs pending: finalized scope grammar and example policies.
## Purpose
- Show how to layer ABAC on top of role/scope model.
## Examples (to fill)
- Attribute-based allow/deny overlays.
- Tenant/role-specific examples with placeholders.
## Testing
- How to validate overlays with policy simulator.
## Open TODOs
- Add real policy snippets once DVDO0110 monitoring plan arrives.

15
docs/policy/vex-trust-model.md Normal file
View File

@@ -0,0 +1,15 @@
# VEX Trust Model — Draft Skeleton (2025-12-05 UTC)
Status: draft placeholder. Inputs pending: waiver/exception guidance, policy knobs.
## Policy Knobs
- Thresholds, weighting, override rules (to fill).
## Simulation
- How to simulate decisions before enforcement.
## Examples
- Placeholder for sample policies.
## Open TODOs
- Add concrete policies and simulator instructions once provided.

15
docs/runbooks/vex-ops.md Normal file
View File

@@ -0,0 +1,15 @@
# VEX Ops Runbook — Draft Skeleton (2025-12-05 UTC)
Status: draft placeholder. Inputs pending: DevOps rollout plan for signatures/ops.
## Recompute Storms
- Steps to mitigate; throttling knobs (to fill).
## Mapping Failures
- Triage steps; retry/backfill guidance.
## Signature Errors
- Diagnosis workflow; key rotation checks.
## Open TODOs
- Add concrete commands and dashboards once rollout plan is delivered.

12
docs/sbom/vex-mapping.md Normal file
View File

@@ -0,0 +1,12 @@
# VEX Mapping (CPE → purl) — Draft Skeleton (2025-12-05 UTC)
Status: draft placeholder. Inputs pending: SBOM/VEX dataflow spec.
## Mapping Strategy
- How CPEs map to purls; edge cases (to fill).
## Overrides
- Local override workflow.
## Open TODOs
- Add concrete examples and tables when dataflow spec lands.

17
docs/security/scopes-and-roles.md Normal file
View File

@@ -0,0 +1,17 @@
# Scopes and Roles — Draft Skeleton (2025-12-05 UTC)
Status: draft placeholder. Inputs pending: DVDO0110 scope grammar.
## Scope Grammar
- Syntax overview; examples (tenant/org/project/workspace).
## Roles & Permissions
- Core roles (admin, auditor, operator, viewer) — to confirm.
- Mapping to scopes and imposed rule reminder.
## Token / Session Handling
- How scopes flow through tokens and sessions.
## Open TODOs
- Fill role matrix when DVDO0110 lands.
- Add ABAC overlay pointers once defined.

21
docs/security/tenancy-overview.md Normal file
View File

@@ -0,0 +1,21 @@
# Tenancy Overview — Draft Skeleton (2025-12-05 UTC)
Status: draft placeholder. Inputs pending: DVDO0110 tenancy ADR.
## Goals
- Clarify tenant model, isolation guarantees, and scope grammar.
## Tenant Model
- Concepts: tenant, org, workspace, project (to confirm with ADR).
- Identity anchors and trust roots.
## Isolation Guarantees
- Data, control plane, audit/log boundaries.
- Reachability to shared services (DB, cache) with RLS.
## Enforcement Stack
- Authority, CLI, API, Console touchpoints.
## Open TODOs
- Insert canonical definitions and diagrams from DVDO0110.
- Add references to scopes-and-roles once finalized.

15
docs/security/vex-signatures.md Normal file
View File

@@ -0,0 +1,15 @@
# VEX Signatures — Draft Skeleton (2025-12-05 UTC)
Status: draft placeholder. Inputs pending: security review (DVDO0110), key rotation plan.
## Verification Flow
- How signatures are verified; trust roots (to fill).
## Rotation
- Key rotation process; expiry handling.
## Audit
- Logging, evidence capture, review cadence.
## Open TODOs
- Insert concrete commands/config once security review completes.

18
docs/testing/contract-testing.md Normal file
View File

@@ -0,0 +1,18 @@
# Contract Testing — Draft Skeleton (2025-12-05 UTC)
Status: draft placeholder. Inputs pending: DOSK0101 harness guidance, sample fixtures.
## Goals
- Ensure stable contracts across services/SDKs with mock/replay.
## Components
- Mock server, record/replay pipeline, golden fixtures, determinism checks.
## Workflow
- Record -> approve -> replay -> diff.
## Quality Gates
- Ordering, timestamps (UTC), hashing rules.
## Open TODOs
- Add concrete CLI/scripts and sample fixtures when provided.

15
docs/vex/consensus-algorithm.md Normal file
View File

@@ -0,0 +1,15 @@
# VEX Consensus Algorithm — Draft Skeleton (2025-12-05 UTC)
Status: draft placeholder. Depends on consensus overview and PLVL0102.
## Normalization
- Input normalization steps (pending schema).
## Weighting & Thresholds
- How weights are assigned; threshold examples (to fill).
## Examples
- Sample merge scenarios (placeholder).
## Open TODOs
- Populate equations and concrete scenarios when data is available.

15
docs/vex/consensus-api.md Normal file
View File

@@ -0,0 +1,15 @@
# VEX Consensus API — Draft Skeleton (2025-12-05 UTC)
Status: draft placeholder. Inputs pending: PLVL0102 policy join notes.
## Endpoints
- List and describe endpoints (to fill).
## Query Parameters
- Filters, pagination, projections (pending contract).
## Rate Limits
- TBD; add concrete values once agreed.
## Open TODOs
- Add request/response examples when schemas are delivered.

12
docs/vex/consensus-console.md Normal file
View File

@@ -0,0 +1,12 @@
# VEX Consensus Console — Draft Skeleton (2025-12-05 UTC)
Status: draft placeholder. Inputs pending: console overlay assets.
## Workflows
- Browse/filters; conflict resolution; accessibility notes.
## Notifications
- How conflicts/exceptions surface in UI.
## Open TODOs
- Add screenshots/flows when assets arrive.

15
docs/vex/consensus-overview.md Normal file
View File

@@ -0,0 +1,15 @@
# VEX Consensus Overview — Draft Skeleton (2025-12-05 UTC)
Status: draft placeholder. Inputs pending: PLVL0102 schema snapshot, issuer directory details.
## Purpose
- Explain why consensus exists and what assurances it provides (AOC scope).
## Inputs
- Evidence sources (attestations, SBOM edges) — to be confirmed.
## Outputs
- Decision artifacts; confidence/threshold handling.
## Open TODOs
- Fill concrete schema references and examples once PLVL0102 arrives.

15
docs/vex/issuer-directory.md Normal file
View File

@@ -0,0 +1,15 @@
# VEX Issuer Directory — Draft Skeleton (2025-12-05 UTC)
Status: draft placeholder. Inputs pending: issuer directory keys/overrides, audit model.
## Management
- Add/update issuers; key material handling (to be filled).
## Trust Overrides
- Local overrides, expiry/rotation rules.
## Audit
- Recording changes; export/logging expectations.
## Open TODOs
- Insert concrete commands/APIs once available.