up
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Export Center CI / export-ci (push) Has been cancelled
Risk Bundle CI / risk-bundle-build (push) Has been cancelled
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Risk Bundle CI / risk-bundle-offline-kit (push) Has been cancelled
Risk Bundle CI / publish-checksums (push) Has been cancelled
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
devportal-offline / build-offline (push) Has been cancelled
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Export Center CI / export-ci (push) Has been cancelled
Risk Bundle CI / risk-bundle-build (push) Has been cancelled
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Risk Bundle CI / risk-bundle-offline-kit (push) Has been cancelled
Risk Bundle CI / publish-checksums (push) Has been cancelled
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
devportal-offline / build-offline (push) Has been cancelled
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
This commit is contained in:
StellaOps Bot
@@ -42,9 +42,9 @@
|
||||
| 8 | EXPORT-OBS-55-001 | DONE | Depends on EXPORT-OBS-54-001. | Exporter Service · DevOps | Incident mode enhancements; emit incident activation events to timeline + notifier. |
|
||||
| 9 | EXPORT-RISK-69-001 | DONE | Schema blockers resolved; AdvisoryAI evidence bundle schema available. | Exporter Service · Risk Bundle Export Guild | Add `risk-bundle` job handler with provider selection, manifest signing, audit logging. |
|
||||
| 10 | EXPORT-RISK-69-002 | DONE | Depends on EXPORT-RISK-69-001. | Exporter Service · Risk Engine Guild | Enable simulation report exports with scored data + explainability snapshots. |
|
||||
| 11 | EXPORT-RISK-70-001 | TODO | Depends on EXPORT-RISK-69-002. | Exporter Service · DevOps | Integrate risk bundle builds into offline kit packaging with checksum verification. |
|
||||
| 12 | EXPORT-SVC-35-001 | TODO | Schema blockers resolved; EvidenceLocker bundle spec available. | Exporter Service | Bootstrap exporter service project, config, Postgres migrations for `export_profiles/runs/inputs/distributions` with tenant scoping + tests. |
|
||||
| 13 | EXPORT-SVC-35-002 | TODO | Depends on EXPORT-SVC-35-001. | Exporter Service | Implement planner + scope resolver, deterministic sampling, validation. |
|
||||
| 11 | EXPORT-RISK-70-001 | DONE | Depends on EXPORT-RISK-69-002. | Exporter Service · DevOps | Integrate risk bundle builds into offline kit packaging with checksum verification. |
|
||||
| 12 | EXPORT-SVC-35-001 | DONE | Schema blockers resolved; EvidenceLocker bundle spec available. | Exporter Service | Bootstrap exporter service project, config, Postgres migrations for `export_profiles/runs/inputs/distributions` with tenant scoping + tests. |
|
||||
| 13 | EXPORT-SVC-35-002 | DONE | Depends on EXPORT-SVC-35-001. | Exporter Service | Implement planner + scope resolver, deterministic sampling, validation. |
|
||||
| 14 | EXPORT-SVC-35-003 | TODO | Depends on EXPORT-SVC-35-002. | Exporter Service | JSON adapters (`json:raw`, `json:policy`) with normalization/redaction/compression/manifest counts. |
|
||||
| 15 | EXPORT-SVC-35-004 | TODO | Depends on EXPORT-SVC-35-003. | Exporter Service | Mirror (full) adapter producing filesystem layout, indexes, manifests, README. |
|
||||
| 16 | EXPORT-SVC-35-005 | TODO | Depends on EXPORT-SVC-35-004. | Exporter Service | Manifest/provenance writer + KMS signing/attestation (detached + embedded). |
|
||||
@@ -93,6 +93,9 @@
|
||||
## Execution Log
|
||||
| Date (UTC) | Update | Owner |
|
||||
| --- | --- | --- |
|
||||
| 2025-12-07 | **EXPORT-SVC-35-002 DONE:** Implemented planner and scope resolver with deterministic sampling and validation. Created `Planner/` namespace in Core with: `ExportScopeModels.cs` (ExportScope with TargetKinds, SourceRefs, DateRangeFilter, MaxItems; SamplingConfig with Strategy enum Random/First/Last/Stratified/Systematic, Size, Seed for deterministic output, StratifyBy; ResolvedExportItem, ScopeResolutionResult with Items, SampledItems, EstimatedTotalSizeBytes, SamplingMetadata, Warnings; ExportScopeValidationError with Code, Message, Severity enum Warning/Error/Critical), `ExportPlanModels.cs` (ExportPlanRequest with ProfileId, TenantId, ScopeOverride, FormatOverride, DryRun, CorrelationId, InitiatedBy; ExportPlan with PlanId, ProfileId, TenantId, Status Ready/Creating/Executing/Completed/Failed/Cancelled/Expired, ResolvedScope, Format, Phases list, TotalItems, EstimatedSizeBytes, EstimatedDuration, timestamps, Warnings, ValidationErrors; ExportPlanResult with Success, Plan, ErrorMessage, ValidationErrors factory methods; ExportPlanPhase with Order, Name, Kind enum DataFetch/Transform/WriteOutput/GenerateManifest/Sign/Distribute/Verify, ItemCount, EstimatedSizeBytes, EstimatedDuration, Dependencies, Parameters; ExportFormatOptions with Format enum Json/JsonNdjson/Mirror/OfflineKit/Custom, Compression enum None/Gzip/Zstd, IncludeManifest, IncludeChecksums, RedactFields, NormalizeTimestamps, SortKeys). `IExportScopeResolver.cs` interface with ResolveAsync, ValidateAsync, EstimateAsync methods. `ExportScopeResolver.cs` implementation with: ValidateAsync (checks TargetKinds against valid set sbom/vex/attestation/scan-report/policy-result/evidence/risk-bundle/advisory, validates DateRange From<To, validates SamplingConfig has Size>0 and Stratified has StratifyBy field, warns on potentially large exports), ResolveAsync (generates mock items, applies sampling with deterministic Random seeding via seed parameter, First/Last sampling, Stratified by field grouping), EstimateAsync (returns item count, estimated bytes, estimated processing time). `IExportPlanner.cs` interface with CreatePlanAsync, GetPlanAsync, ValidatePlanAsync, CancelPlanAsync. `ExportPlanner.cs` implementation with: ConcurrentDictionary in-memory plan store, CreatePlanAsync (loads profile via IExportProfileRepository, validates Active status, parses ScopeJson/FormatJson, validates scope, resolves scope to items, builds phases via BuildPhases, creates plan with 60-minute validity), GetPlanAsync, ValidatePlanAsync (checks expiration, re-validates scope), CancelPlanAsync (only Ready/Creating status). BuildPhases creates ordered phases: DataFetch→Transform (conditional on redaction/normalization/sorting)→WriteOutput→GenerateManifest→Sign (conditional on Mirror format). `IExportProfileRepository` interface with GetByIdAsync, GetActiveProfilesAsync, CreateAsync, UpdateAsync. `InMemoryExportProfileRepository` implementation with ConcurrentDictionary keyed by (TenantId, ProfileId). Changed ExportProfile from class to record to support `with` expressions in plan updates. Created tests: `ExportScopeResolverTests.cs` (21 test cases for scope resolution, validation, deterministic sampling, estimation), `ExportPlannerTests.cs` (12 test cases for plan creation, validation, cancellation, phase generation, correlation tracking). Core project builds successfully with 0 errors. | Implementer |
|
||||
| 2025-12-07 | **EXPORT-SVC-35-001 DONE:** Bootstrapped exporter service with Postgres migrations for export data layer. Created `Configuration/ExportCenterOptions.cs` in Core with: `ExportCenterOptions` (DatabaseOptions, ObjectStoreOptions, TimelineOptions, SigningOptions, QuotaOptions), `DatabaseOptions` (ConnectionString, ApplyMigrationsAtStartup). Created domain models in `Domain/`: `ExportProfile.cs` (ProfileId, TenantId, Name, Description, Kind, Status, ScopeJson, FormatJson, SigningJson, Schedule, timestamps; enums ExportProfileKind AdHoc/Scheduled/EventDriven/Continuous, ExportProfileStatus Draft/Active/Paused/Archived), `ExportRun.cs` (RunId, ProfileId, TenantId, Status, Trigger, CorrelationId, InitiatedBy, item counts, TotalSizeBytes, ErrorJson; enums ExportRunStatus Queued→Cancelled, ExportRunTrigger Manual/Scheduled/Event/Api), `ExportInput.cs` (InputId, RunId, TenantId, Kind, Status, SourceRef, Name, ContentHash, SizeBytes, MetadataJson; enums ExportInputKind Sbom/Vex/Attestation/ScanReport/PolicyResult/Evidence/RiskBundle/Advisory, ExportInputStatus Pending→Skipped), `ExportDistribution.cs` (DistributionId, RunId, TenantId, Kind, Status, Target, ArtifactPath, ArtifactHash, SizeBytes, ContentType, MetadataJson, AttemptCount; enums ExportDistributionKind FileSystem/AmazonS3/Mirror/OfflineKit/Webhook, ExportDistributionStatus Pending→Cancelled). Created database infrastructure in Infrastructure `Db/`: `MigrationScript.cs` (version parsing, SHA256 checksum, line-ending normalization), `MigrationLoader.cs` (loads embedded SQL resources ordered by version), `ExportCenterDataSource.cs` (NpgsqlDataSource with tenant session config via `app.current_tenant`), `ExportCenterMigrationRunner.cs` (applies migrations with checksum validation), `ExportCenterDbServiceExtensions.cs` (DI registration, `ExportCenterMigrationHostedService` for startup migrations). Created `Db/Migrations/001_initial_schema.sql` with schemas export_center/export_center_app, `require_current_tenant()` function, tables (export_profiles, export_runs, export_inputs, export_distributions) with RLS policies, indexes (tenant_status, profile_created, correlation), FK constraints, `update_updated_at` trigger. Updated csproj to add Npgsql 8.0.3 and EmbeddedResource for SQL files. Added tests: `MigrationScriptTests.cs` (version parsing, SHA256 determinism, line-ending normalization), `MigrationLoaderTests.cs` (resource loading, ordering, validation), `ExportProfileTests.cs`/`ExportRunTests.cs`/`ExportInputTests.cs`/`ExportDistributionTests.cs` (domain model construction, enum value verification). Core and Infrastructure projects build successfully with 0 errors. | Implementer |
|
||||
| 2025-12-07 | **EXPORT-RISK-70-001 DONE:** Integrated risk bundle builds into offline kit packaging with checksum verification. Added to `OfflineKitModels.cs`: `OfflineKitRiskBundleEntry` record (kind, exportId, bundleId, inputsHash, providers[], rootHash, artifact, checksum, createdAt), `OfflineKitRiskProviderInfo` record (providerId, source, snapshotDate, optional), `OfflineKitRiskBundleRequest` record. Added to `OfflineKitPackager.cs`: `RiskBundlesDir` constant ("risk-bundles"), `RiskBundleFileName` constant ("export-risk-bundle-v1.tgz"), `AddRiskBundle` method (writes bundle to risk-bundles/ directory with SHA256 checksum), `CreateRiskBundleEntry` method (creates manifest entry with provider info). Updated `OfflineKitDistributor.cs`: Added risk bundle detection in `DistributeToMirror` method (checks for risk-bundles/export-risk-bundle-v1.tgz, computes hash, adds entry with CLI example "stella risk-bundle verify/import"). Added tests in `OfflineKitPackagerTests.cs`: `AddRiskBundle_CreatesArtifactAndChecksum`, `AddRiskBundle_PreservesBytesExactly`, `AddRiskBundle_RejectsOverwrite`, `CreateRiskBundleEntry_HasCorrectKind`, `CreateRiskBundleEntry_HasCorrectPaths`, `CreateRiskBundleEntry_IncludesProviderInfo`. Updated `DirectoryStructure_FollowsOfflineKitLayout` test to include risk-bundles directory. Core library builds successfully with 0 errors. | Implementer |
|
||||
| 2025-12-07 | **EXPORT-RISK-69-002 DONE:** Implemented simulation report exports with scored data and explainability snapshots. Created `SimulationExport/` namespace with: `SimulationExportModels.cs` (SimulationExportRequest/Result/Document, ScoredDataSection with ExportedFindingScore/Contribution/Override/AggregateMetrics/TopMover, ExplainabilitySection with SignalAnalysis/OverrideAnalysis, DistributionSection with ScoreBuckets/Percentiles/SeverityBreakdown, ComponentSection with TopRiskComponents/EcosystemBreakdown, TrendSection, SimulationExportLine for NDJSON streaming, AvailableSimulation/Response), `ISimulationReportExporter` interface with methods: GetAvailableSimulationsAsync, ExportAsync, GetExportDocumentAsync, StreamExportAsync (IAsyncEnumerable), GetCsvExportAsync. `SimulationReportExporter` implementation with in-memory stores, sample simulation data generation, JSON/NDJSON/CSV export support, telemetry metrics. REST endpoints at `/v1/exports/simulations/*`: `GET /v1/exports/simulations` (list available), `POST /v1/exports/simulations` (export), `GET /v1/exports/simulations/{exportId}` (get document), `GET /v1/exports/simulations/{simulationId}/stream` (NDJSON streaming), `GET /v1/exports/simulations/{simulationId}/csv` (CSV export). Added `export_simulation_exports_total` metric. Build succeeded with 0 errors. | Implementer |
|
||||
| 2025-12-07 | **EXPORT-RISK-69-001 DONE:** Implemented risk-bundle job handler with provider selection, manifest signing, and audit logging. Created `RiskBundle/` namespace with: `RiskBundleJobModels.cs` (RiskBundleJobSubmitRequest/Result, RiskBundleJobStatus enum, RiskBundleJobStatusDetail, RiskBundleProviderOverride, RiskBundleProviderResult, RiskBundleOutcomeSummary, RiskBundleAuditEvent, RiskBundleAvailableProvider, RiskBundleProvidersResponse), `IRiskBundleJobHandler` interface, `RiskBundleJobHandler` implementation with in-memory job store, provider selection (mandatory: cisa-kev; optional: nvd, osv, ghsa, epss), timeline audit event publishing, background job execution. Created `RiskBundleEndpoints.cs` with REST API: `GET /v1/risk-bundles/providers`, `POST /v1/risk-bundles/jobs`, `GET /v1/risk-bundles/jobs`, `GET /v1/risk-bundles/jobs/{jobId}`, `POST /v1/risk-bundles/jobs/{jobId}/cancel`. Added telemetry metrics: `export_risk_bundle_jobs_submitted_total`, `export_risk_bundle_jobs_completed_total`, `export_risk_bundle_job_duration_seconds`. Build succeeded with 0 errors. | Implementer |
|
||||
| 2025-12-07 | **EXPORT-OBS-55-001 DONE:** Implemented incident mode enhancements for ExportCenter. Created `Incident/` namespace with: `ExportIncidentModels.cs` (severity levels Info→Emergency, status Active→Resolved→FalsePositive, types ExportFailure/LatencyDegradation/StorageCapacity/DependencyFailure/IntegrityIssue/SecurityIncident/ConfigurationError/RateLimiting), `ExportIncidentEvents.cs` (IncidentActivated/Updated/Escalated/Deescalated/Resolved events), `IExportIncidentManager` interface and `ExportIncidentManager` implementation with in-memory store. `IExportNotificationEmitter` interface with `LoggingNotificationEmitter` for timeline + notifier integration. Added `PublishIncidentEventAsync` to `IExportTimelinePublisher`. REST endpoints at `/v1/incidents/*`: GET status, GET active, GET recent, GET {id}, POST activate, PATCH {id} update, POST {id}/resolve. Added metrics: `export_incidents_activated_total`, `export_incidents_resolved_total`, `export_incidents_escalated_total`, `export_incidents_deescalated_total`, `export_notifications_emitted_total`, `export_incident_duration_seconds`. | Implementer |
|
||||
|
||||
@@ -33,9 +33,9 @@
|
||||
| 10 | EXPORT-SVC-43-001 | BLOCKED (2025-11-30) | BLOCKED by 37-004; pack-run integration waits on verification API. | Exporter Service Guild | Integrate pack run manifests/artifacts into export bundles and CLI verification; expose provenance links. |
|
||||
| 11 | EXPORT-TEN-48-001 | BLOCKED (2025-11-30) | BLOCKED until Export API (35-006) stabilizes; tenant prefixes require finalized routes. | Exporter Service Guild | Prefix artifacts/manifests with tenant/project, enforce scope checks, prevent cross-tenant exports unless whitelisted; update provenance. |
|
||||
| 12 | RISK-BUNDLE-69-001 | DONE (2025-12-03) | Bundle now embeds manifest DSSE + detached bundle signature; worker options fixed (signature paths/OSV flags); RiskBundle tests passing. | Risk Bundle Export Guild · Risk Engine Guild (`src/ExportCenter/StellaOps.ExportCenter.RiskBundles`) | Implement `stella export risk-bundle` job producing tarball with provider datasets, manifests, DSSE signatures. |
|
||||
| 13 | RISK-BUNDLE-69-002 | BLOCKED (2025-11-30) | BLOCKED by 69-001 deliverables. | Risk Bundle Export Guild · DevOps Guild | Integrate bundle job into CI/offline kit pipelines with checksum publication. |
|
||||
| 14 | RISK-BUNDLE-70-001 | BLOCKED (2025-11-30) | BLOCKED by 69-002; verification inputs not available. | Risk Bundle Export Guild · CLI Guild | Provide CLI `stella risk bundle verify` command to validate bundles before import. |
|
||||
| 15 | RISK-BUNDLE-70-002 | BLOCKED (2025-11-30) | BLOCKED by 70-001; doc content waits on verification CLI behavior. | Risk Bundle Export Guild · Docs Guild | Publish `/docs/airgap/risk-bundles.md` covering build/import/verification workflows. |
|
||||
| 13 | RISK-BUNDLE-69-002 | TODO | 69-001 DONE; integrate into CI/offline kit. | Risk Bundle Export Guild · DevOps Guild | Integrate bundle job into CI/offline kit pipelines with checksum publication. |
|
||||
| 14 | RISK-BUNDLE-70-001 | TODO | Depends on 69-002. | Risk Bundle Export Guild · CLI Guild | Provide CLI `stella risk bundle verify` command to validate bundles before import. |
|
||||
| 15 | RISK-BUNDLE-70-002 | TODO | Depends on 70-001. | Risk Bundle Export Guild · Docs Guild | Publish `/docs/airgap/risk-bundles.md` covering build/import/verification workflows. |
|
||||
|
||||
## Wave Coordination
|
||||
- Wave 1: EXPORT-SVC-35/36/37 chain (API → adapters → OCI → planner → mirror delta → encryption → scheduling → verification → pack-run integration).
|
||||
@@ -86,6 +86,7 @@
|
||||
## Execution Log
|
||||
| Date (UTC) | Update | Owner |
|
||||
| --- | --- | --- |
|
||||
| 2025-12-07 | **RISK-BUNDLE tasks unblocked:** Tasks 13-15 (RISK-BUNDLE-69-002, 70-001, 70-002) changed from BLOCKED to TODO. Upstream blocker resolved: task 12 (RISK-BUNDLE-69-001) is DONE and Sprint 0163 EXPORT-RISK-70-001 is DONE. Wave 3 can now proceed. Tasks 1-11 remain BLOCKED pending Sprint 0163 EXPORT-SVC-35-001..005 implementation. | Implementer |
|
||||
| 2025-12-07 | **Wave 10 upstream resolution:** Sprint 0163 schema blockers resolved and tasks moved to TODO. Sprint 0164 tasks remain BLOCKED pending Sprint 0163 implementation outputs (Export API, planner schema, Trivy adapters). | Implementer |
|
||||
| 2025-11-08 | Sprint stub created; awaiting ExportCenter II completion. | Planning |
|
||||
| 2025-11-19 | Normalized sprint to standard template and renamed from `SPRINT_164_exportcenter_iii.md` to `SPRINT_0164_0001_0001_exportcenter_iii.md`; content preserved. | Implementer |
|
||||
|
||||
@@ -81,6 +81,7 @@
|
||||
## Execution Log
|
||||
| Date (UTC) | Update | Owner |
|
||||
| --- | --- | --- |
|
||||
| 2025-12-07 | CVSS UI wired to Policy Gateway `/api/cvss/receipts`; Angular client added with tenant headers and receipt/history mapping. | Implementer |
|
||||
| 2025-12-07 | CVSS-DOCS-190-012 DONE: updated `docs/modules/policy/cvss-v4.md` and `docs/09_API_CLI_REFERENCE.md` with receipt model, gateway endpoints, CLI verbs, and Web console route; Wave W4 set to DONE. | Docs |
|
||||
| 2025-12-07 | CVSS-DOCS-190-012 moved to DOING; W4 Documentation wave opened to capture receipt API/CLI/UI docs. | Docs |
|
||||
| 2025-12-07 | Wave W3 Integration marked DONE after CLI/UI delivery; Web console hosts receipt viewer; sprint wave table updated. | Project Mgmt |
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -809,12 +809,12 @@ This file describe implementation of Stella Ops (docs/README.md). Implementation
|
||||
| Sprint 29 | Vulnerability Explorer | src/Authority/StellaOps.Authority | TODO | Authority Core & Security Guild | AUTH-VULN-29-001 | Define Vuln Explorer RBAC/ABAC scopes and issuer metadata. |
|
||||
| Sprint 29 | Vulnerability Explorer | src/Authority/StellaOps.Authority | TODO | Authority Core & Security Guild | AUTH-VULN-29-002 | Enforce CSRF, attachment signing, and audit logging referencing ledger hashes. |
|
||||
| Sprint 29 | Vulnerability Explorer | src/Authority/StellaOps.Authority | TODO | Authority Core & Docs Guild | AUTH-VULN-29-003 | Update docs/config samples for Vuln Explorer roles and security posture. |
|
||||
| Sprint 29 | Vulnerability Explorer | src/Cli/StellaOps.Cli | TODO | DevEx/CLI Guild | CLI-VULN-29-001 | Implement `stella vuln list` with grouping, filters, JSON/CSV output. |
|
||||
| Sprint 29 | Vulnerability Explorer | src/Cli/StellaOps.Cli | TODO | DevEx/CLI Guild | CLI-VULN-29-002 | Implement `stella vuln show` with evidence/policy/path display. |
|
||||
| Sprint 29 | Vulnerability Explorer | src/Cli/StellaOps.Cli | TODO | DevEx/CLI Guild | CLI-VULN-29-003 | Add workflow CLI commands (assign/comment/accept-risk/verify-fix/target-fix/reopen). |
|
||||
| Sprint 29 | Vulnerability Explorer | src/Cli/StellaOps.Cli | TODO | DevEx/CLI Guild | CLI-VULN-29-004 | Implement `stella vuln simulate` producing diff summaries/Markdown. |
|
||||
| Sprint 29 | Vulnerability Explorer | src/Cli/StellaOps.Cli | TODO | DevEx/CLI Guild | CLI-VULN-29-005 | Implement `stella vuln export` and bundle signature verification. |
|
||||
| Sprint 29 | Vulnerability Explorer | src/Cli/StellaOps.Cli | TODO | DevEx/CLI & Docs Guilds | CLI-VULN-29-006 | Update CLI docs/examples for Vulnerability Explorer commands. |
|
||||
| Sprint 29 | Vulnerability Explorer | src/Cli/StellaOps.Cli | DONE (2025-12-06) | DevEx/CLI Guild | CLI-VULN-29-001 | Implement `stella vuln list` with grouping, filters, JSON/CSV output. |
|
||||
| Sprint 29 | Vulnerability Explorer | src/Cli/StellaOps.Cli | DONE (2025-12-06) | DevEx/CLI Guild | CLI-VULN-29-002 | Implement `stella vuln show` with evidence/policy/path display. |
|
||||
| Sprint 29 | Vulnerability Explorer | src/Cli/StellaOps.Cli | DONE (2025-12-06) | DevEx/CLI Guild | CLI-VULN-29-003 | Add workflow CLI commands (assign/comment/accept-risk/verify-fix/target-fix/reopen). |
|
||||
| Sprint 29 | Vulnerability Explorer | src/Cli/StellaOps.Cli | DONE (2025-12-06) | DevEx/CLI Guild | CLI-VULN-29-004 | Implement `stella vuln simulate` producing diff summaries/Markdown. |
|
||||
| Sprint 29 | Vulnerability Explorer | src/Cli/StellaOps.Cli | DONE (2025-12-06) | DevEx/CLI Guild | CLI-VULN-29-005 | Implement `stella vuln export` and bundle signature verification. |
|
||||
| Sprint 29 | Vulnerability Explorer | src/Cli/StellaOps.Cli | DONE (2025-12-06) | DevEx/CLI & Docs Guilds | CLI-VULN-29-006 | Update CLI docs/examples for Vulnerability Explorer commands. |
|
||||
| Sprint 29 | Vulnerability Explorer | src/Concelier/StellaOps.Concelier.WebService | TODO | Concelier WebService Guild | CONCELIER-VULN-29-001 | Canonicalize (lossless) advisory identifiers, persist `links[]`, backfill, and expose raw payload snapshots (no merge/derived fields). |
|
||||
| Sprint 29 | Vulnerability Explorer | src/Concelier/StellaOps.Concelier.WebService | TODO | Concelier WebService Guild | CONCELIER-VULN-29-002 | Provide advisory evidence retrieval endpoint for Vuln Explorer. |
|
||||
| Sprint 29 | Vulnerability Explorer | src/Concelier/StellaOps.Concelier.WebService | TODO | Concelier WebService & Observability Guilds | CONCELIER-VULN-29-004 | Add metrics/logs/events for advisory normalization supporting resolver. |
|
||||
|
||||
@@ -2,6 +2,8 @@
|
||||
|
||||
Updated 2025-12-07: FEEDCONN-ICSCISA-02-012/KISA-02-008 unblocked (ICS/KISA SOP v0.2); tracked in SPRINT_0113 row 18 and SPRINT_0503 feed ops tasks.
|
||||
|
||||
Updated 2025-12-07: RISK-BUNDLE-69-002/70-001/70-002 unblocked (SPRINT_0164 tasks 13-15); RISK-BUNDLE-69-001 DONE. Wave 3 can proceed.
|
||||
|
||||
- Concelier ingestion & Link-Not-Merge
|
||||
- MIRROR-CRT-56-001 (DONE; thin bundle v1 sample + hashes published)
|
||||
- MIRROR-CRT-56-002 (DONE locally with production-mode flags: DSSE/TUF/OCI signed using provided Ed25519 keyid db9928babf3aeb817ccdcd0f6a6688f8395b00d0e42966e32e706931b5301fc8; artefacts in `out/mirror/thin/`; not blocking development)
|
||||
@@ -13,8 +15,8 @@ Updated 2025-12-07: FEEDCONN-ICSCISA-02-012/KISA-02-008 unblocked (ICS/KISA SOP
|
||||
- AIRGAP-TIME-57-001 (DEV-UNBLOCKED: schema + trust-roots bundle + service config present; production trust roots/signing still needed)
|
||||
- EXPORT-OBS-51-001 / 54-001 (DEV-UNBLOCKED: DSSE/TUF profile + test-signed bundle available; release promotion now tracked under DevOps secret import)
|
||||
- CLI-AIRGAP-56-001 (DEV-UNBLOCKED: dev bundles available; release promotion depends on DevOps secret import + 58-001 CLI path)
|
||||
- CONCELIER-AIRGAP-56-001..58-001 <- PREP-ART-56-001, PREP-EVIDENCE-BDL-01
|
||||
- CONCELIER-CONSOLE-23-001..003 <- PREP-CONSOLE-FIXTURES-29; PREP-EVIDENCE-BDL-01
|
||||
- CONCELIER-AIRGAP-56-001..58-001 ✅ (DONE 2025-12-07; mirror/offline provenance chain + sealed-mode deploy runbook)
|
||||
- CONCELIER-CONSOLE-23-001..003 ✅ (DONE 2025-12-07; console advisory aggregation/search helpers + consumption contract)
|
||||
|
||||
- SBOM Service (Link-Not-Merge consumers)
|
||||
- SBOM-SERVICE-21-001 (projection read API) — DONE (2025-11-23): WAF aligned with fixtures + in-memory repo fallback; `ProjectionEndpointTests` pass.
|
||||
@@ -40,7 +42,9 @@ Updated 2025-12-07: FEEDCONN-ICSCISA-02-012/KISA-02-008 unblocked (ICS/KISA SOP
|
||||
- CONCELIER-MIRROR-23-001-DEV (DONE; dev mirror layout documented at `docs/modules/concelier/mirror-export.md`, endpoints serve static bundles)
|
||||
- DEVOPS-MIRROR-23-001-REL (release signing/publish tracked under DevOps; not a development blocker)
|
||||
- Concelier storage/backfill/object-store chain
|
||||
- CONCELIER-LNM-21-101-DEV/102-DEV/103-DEV (BLOCKED on CI runner and upstream tasks)
|
||||
- CONCELIER-LNM-21-101-DEV ✅ (DONE 2025-11-27; sharding + TTL migration)
|
||||
- CONCELIER-LNM-21-102-DEV ✅ (DONE 2025-11-28; migration + tombstones + rollback)
|
||||
- CONCELIER-LNM-21-103-DEV ✅ (DONE 2025-12-06; object storage + S3ObjectStore)
|
||||
- Concelier backfill chain (Concelier IV)
|
||||
- CONCELIER-STORE-AOC-19-005-DEV (BLOCKED pending dataset hash/rehearsal)
|
||||
|
||||
|
||||
Reference in New Issue
Block a user