stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

Add unit tests for Router configuration and transport layers
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details

Browse Source 
- Implemented tests for RouterConfig, RoutingOptions, StaticInstanceConfig, and RouterConfigOptions to ensure default values are set correctly.
- Added tests for RouterConfigProvider to validate configurations and ensure defaults are returned when no file is specified.
- Created tests for ConfigValidationResult to check success and error scenarios.
- Developed tests for ServiceCollectionExtensions to verify service registration for RouterConfig.
- Introduced UdpTransportTests to validate serialization, connection, request-response, and error handling in UDP transport.
- Added scripts for signing authority gaps and hashing DevPortal SDK snippets.
This commit is contained in:
StellaOps Bot
2025-12-05 08:01:47 +02:00
parent 635c70e828
commit 6a299d231f
294 changed files with 28434 additions and 1329 deletions
Download Patch File Download Diff File Expand all files Collapse all files

598
docs/implplan/tasks-all.md
View File

@@ -4,7 +4,7 @@
| MIRROR-COORD-55-001 | DONE (2025-11-24) | 2025-11-24 | SPRINT_0100_0001_0001_program_management | Program Mgmt Guild · Mirror Creator Guild | | — | — | PGMI0101 |
| ELOCKER-CONTRACT-2001 | DONE (2025-11-24) | 2025-11-24 | SPRINT_0200_0001_0001_attestation_coord | Evidence Locker Guild | docs/modules/evidence-locker/prep/2025-11-24-evidence-locker-contract.md | — | — | ATEL0101 |
| ATTEST-PLAN-2001 | DONE (2025-11-24) | 2025-11-24 | SPRINT_0200_0001_0001_attestation_coord | Evidence Locker Guild · Excititor Guild | docs/modules/attestor/prep/2025-11-24-attest-plan-2001.md | ELOCKER-CONTRACT-2001 | ATEL0101 |
| FEED-REMEDIATION-1001 | BLOCKED (2025-11-24) | 2025-11-24 | SPRINT_503_ops_devops_i | Concelier Feed Owners | | Scope missing; needs remediation runbook from feed owners | — | FEFC0101 |
| FEED-REMEDIATION-1001 | BLOCKED (2025-11-24) | 2025-11-24 | SPRINT_0503_0001_0001_ops_devops_i | Concelier Feed Owners | | Scope missing; needs remediation runbook from feed owners | — | FEFC0101 |
| MIRROR-DSSE-REV-1501 | DONE (2025-11-24) | 2025-11-24 | SPRINT_0150_0001_0001_mirror_dsse | Mirror Creator Guild · Security Guild · Evidence Locker Guild | docs/implplan/updates/2025-11-24-mirror-dsse-rev-1501.md | — | — | ATEL0101 |
| AIRGAP-TIME-CONTRACT-1501 | DONE (2025-11-24) | 2025-11-24 | SPRINT_0150_0001_0002_mirror_time | AirGap Time Guild | docs/implplan/updates/2025-11-24-airgap-time-contract-1501.md | — | — | ATMI0102 |
| EXPORT-MIRROR-ORCH-1501 | DONE (2025-11-24) | 2025-11-24 | SPRINT_0150_0001_0003_mirror_orch | Exporter Guild · CLI Guild | docs/implplan/updates/2025-11-24-export-mirror-orch-1501.md | — | — | ATMI0102 |
@@ -53,15 +53,15 @@
| 401-004 | BLOCKED | 2025-11-25 | SPRINT_0401_0001_0001_reachability_evidence_chain | Replay Core Guild | `src/__Libraries/StellaOps.Replay.Core` | Signals facts stable (SGSI0101) | Blocked: awaiting SGSI0101 runtime facts + CAS policy from GAP-REP-004 | RPRC0101 |
| BENCH-DETERMINISM-401-057 | DONE (2025-11-27) | 2025-11-27 | SPRINT_0512_0001_0001_bench | Bench Guild · Signals Guild · Policy Guild | src/Bench/StellaOps.Bench/Determinism | Determinism harness + mock scanner; manifests/results generated; CI workflow `bench-determinism` enforces threshold; defaults to 10 runs; supports frozen feed manifests via DET_EXTRA_INPUTS; offline runner available. | Feed-freeze hash + SBOM/VEX bundle list (SPRINT_0401) | |
| 41-001 | DONE (2025-11-30) | 2025-11-30 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild | src/TaskRunner/StellaOps.TaskRunner | — | Contract implemented per `docs/modules/taskrunner/architecture.md`; run API/storage/provenance ready. | ORTR0101 |
| 44-001 | BLOCKED | 2025-11-25 | SPRINT_501_ops_deployment_i | Deployment Guild · DevEx Guild (ops/deployment) | ops/deployment | — | Waiting on consolidated service list/version pins from upstream module releases (mirrors Compose-44-001 block) | DVDO0103 |
| 44-002 | BLOCKED | 2025-11-25 | SPRINT_501_ops_deployment_i | Deployment Guild (ops/deployment) | ops/deployment | 44-001 | Blocked until 44-001 unblocks | DVDO0103 |
| 44-003 | BLOCKED | 2025-11-25 | SPRINT_501_ops_deployment_i | Deployment Guild · Docs Guild (ops/deployment) | ops/deployment | 44-002 | Blocked until 44-002 unblocks | DVDO0103 |
| 45-001 | BLOCKED | 2025-11-25 | SPRINT_502_ops_deployment_ii | Deployment Guild (ops/deployment) | ops/deployment | 44-003 | 44-003 | DVDO0103 |
| 45-002 | BLOCKED | 2025-11-25 | SPRINT_502_ops_deployment_ii | Deployment Guild · Security Guild (ops/deployment) | ops/deployment | 45-001 | 45-001 | DVDO0103 |
| 45-003 | BLOCKED | 2025-11-25 | SPRINT_502_ops_deployment_ii | Deployment Guild · Observability Guild (ops/deployment) | ops/deployment | 45-002 | 45-002 | DVDO0103 |
| 44-001 | BLOCKED | 2025-11-25 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · DevEx Guild (ops/deployment) | ops/deployment | — | Waiting on consolidated service list/version pins from upstream module releases (mirrors Compose-44-001 block) | DVDO0103 |
| 44-002 | BLOCKED | 2025-11-25 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild (ops/deployment) | ops/deployment | 44-001 | Blocked until 44-001 unblocks | DVDO0103 |
| 44-003 | BLOCKED | 2025-11-25 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Docs Guild (ops/deployment) | ops/deployment | 44-002 | Blocked until 44-002 unblocks | DVDO0103 |
| 45-001 | BLOCKED | 2025-11-25 | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment Guild (ops/deployment) | ops/deployment | 44-003 | 44-003 | DVDO0103 |
| 45-002 | BLOCKED | 2025-11-25 | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment Guild · Security Guild (ops/deployment) | ops/deployment | 45-001 | 45-001 | DVDO0103 |
| 45-003 | BLOCKED | 2025-11-25 | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment Guild · Observability Guild (ops/deployment) | ops/deployment | 45-002 | 45-002 | DVDO0103 |
| 50-002 | DONE (2025-11-27) | | SPRINT_170_notifications_telemetry | Telemetry Core Guild | src/Telemetry/StellaOps.Telemetry.Core | SGSI0101 feed availability | SGSI0101 feed availability | TLTY0101 |
| 51-002 | BLOCKED | 2025-11-25 | SPRINT_170_notifications_telemetry | Telemetry Core Guild · Observability Guild · Security Guild | src/Telemetry/StellaOps.Telemetry.Core | OBS-50 baselines | Waiting on OBS-50 baselines and ORCH-OBS-50-001 schemas | TLTY0101 |
| 54-001 | BLOCKED | 2025-11-25 | SPRINT_503_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | | Await PGMI0101 staffing confirmation | Staffing not assigned (PROGRAM-STAFF-1001) | AGCO0101 |
| 54-001 | BLOCKED | 2025-11-25 | SPRINT_0503_0001_0001_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | | Await PGMI0101 staffing confirmation | Staffing not assigned (PROGRAM-STAFF-1001) | AGCO0101 |
| 56-001 | BLOCKED | 2025-11-25 | SPRINT_170_notifications_telemetry | Telemetry Core Guild · Observability Guild | src/Telemetry/StellaOps.Telemetry.Core | SGSI0101 provenance | Blocked: SGSI0101 provenance feed/contract pending | TLTY0101 |
| 58 series | BLOCKED | 2025-11-25 | SPRINT_0120_0000_0001_policy_reasoning | Findings Ledger Guild · AirGap Guilds · Evidence Locker Guild | src/Findings/StellaOps.Findings.Ledger | Placeholder for LEDGER-AIRGAP-56/57/58 chain | Blocked on LEDGER-AIRGAP-56-002 staleness spec and AirGap time anchors | PLLG0102 |
| 61-001 | DONE | 2025-11-18 | SPRINT_511_api | API Governance Guild | src/Api/StellaOps.Api.Governance | Spectral config + CI lint job | — | APIG0101 |
@@ -87,7 +87,7 @@
| AIAI-31-006 | DONE | 2025-11-13 | SPRINT_0111_0001_0001_advisoryai | Docs Guild, Policy Guild (docs) | | — | — | DOAI0101 |
| AIAI-31-008 | DONE (2025-11-22) | 2025-11-22 | SPRINT_110_ingestion_evidence | Advisory AI Guild | | Remote inference packaging delivered with on-prem container + manifests. | AIAI-31-006; AIAI-31-007 | DOAI0101 |
| AIAI-31-009 | DONE | 2025-11-12 | SPRINT_110_ingestion_evidence | Advisory AI Guild | | Regression suite + `AdvisoryAI:Guardrails` config landed with perf budgets. | — | DOAI0101 |
| AIRGAP-46-001 | BLOCKED | 2025-11-25 | SPRINT_501_ops_deployment_i | Deployment Guild · Offline Kit Guild | ops/deployment | Needs Mirror staffing + DSSE plan (001_PGMI0101, 002_ATEL0101) | Waiting on Mirror staffing + DSSE plan (001_PGMI0101, 002_ATEL0101) | AGDP0101 |
| AIRGAP-46-001 | BLOCKED | 2025-11-25 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Offline Kit Guild | ops/deployment | Needs Mirror staffing + DSSE plan (001_PGMI0101, 002_ATEL0101) | Waiting on Mirror staffing + DSSE plan (001_PGMI0101, 002_ATEL0101) | AGDP0101 |
| AIRGAP-56 | DONE (2025-11-24) | 2025-11-24 | SPRINT_110_ingestion_evidence | Excititor Guild · AirGap Guilds | docs/modules/airgap/airgap-mode.md | Air-gap ingest parity delivered against frozen LNM schema. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | AGCO0101 |
| AIRGAP-56-001 | DONE (2025-11-24) | 2025-11-24 | SPRINT_110_ingestion_evidence | Exporter Guild · AirGap Time Guild · CLI Guild | docs/modules/airgap/airgap-mode.md | Mirror import helpers and bundle catalog wired for sealed mode. | PROGRAM-STAFF-1001 | AGCO0101 |
| AIRGAP-56-001..58-001 | DONE (2025-11-24) | 2025-11-24 | SPRINT_110_ingestion_evidence | Concelier Core · AirGap Guilds | docs/modules/airgap/airgap-mode.md | Deterministic bundle + manifest/entry-trace and sealed-mode deploy runbook shipped. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ELOCKER-CONTRACT-2001 | AGCO0101 |
@@ -96,7 +96,7 @@
| AIRGAP-56-004 | DONE | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Deployment Guild | docs/modules/airgap | AIRGAP-56-003 | DOCS-AIRGAP-56-003 | AIDG0101 |
| AIRGAP-57 | DONE (2025-11-24) | 2025-11-24 | SPRINT_110_ingestion_evidence | Excititor Guild · AirGap Guilds | docs/modules/airgap/airgap-mode.md | Air-gap bundle timeline/hooks completed. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | AGCO0101 |
| AIRGAP-57-001 | DONE | 2025-11-08 | SPRINT_100_identity_signing | Authority Core & Security Guild, DevOps Guild (src/Authority/StellaOps.Authority) | src/Authority/StellaOps.Authority | | AUTH-AIRGAP-56-001; DEVOPS-AIRGAP-57-002 | KMSI0101 |
| AIRGAP-57-002 | DOING | 2025-11-08 | SPRINT_503_ops_devops_i | DevOps Guild, Authority Guild (ops/devops) | ops/devops | | | DVDO0101 |
| AIRGAP-57-002 | DOING | 2025-11-08 | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Authority Guild (ops/devops) | ops/devops | | | DVDO0101 |
| AIRGAP-57-003 | BLOCKED | 2025-11-25 | SPRINT_302_docs_tasks_md_ii | Docs Guild · CLI Guild | docs/modules/airgap | CLI & ops inputs | Blocked: waiting on CLI airgap contract (CLI-AIRGAP-56/57) and ops inputs | AIDG0101 |
| AIRGAP-57-004 | BLOCKED | 2025-11-25 | SPRINT_302_docs_tasks_md_ii | Docs Guild · Ops Guild | docs/modules/airgap | AIRGAP-57-003 | Blocked: upstream AIRGAP-57-003 | AIDG0101 |
| AIRGAP-58 | DONE (2025-11-24) | 2025-11-24 | SPRINT_110_ingestion_evidence | Excititor Guild · AirGap Guilds | docs/modules/airgap/airgap-mode.md | Import/export automation delivered for frozen schema. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | AGCO0101 |
@@ -116,7 +116,7 @@
| AIRGAP-IMP-57-002 | BLOCKED (2025-11-25 · disk full) | 2025-11-25 | SPRINT_510_airgap | AirGap Importer Guild · DevOps Guild | src/AirGap/StellaOps.AirGap.Importer | Implement object-store loader storing artifacts under tenant/global mirror paths with Zstandard decompression and checksum validation. Dependencies: AIRGAP-IMP-57-001. | Blocked on disk space and controller telemetry | AGIM0101 |
| AIRGAP-IMP-58-001 | BLOCKED (2025-11-25) | 2025-11-25 | SPRINT_510_airgap | AirGap Importer Guild · CLI Guild | src/AirGap/StellaOps.AirGap.Importer | Implement API (`POST /airgap/import`, `/airgap/verify`) and CLI commands wiring verification + catalog updates, including diff preview. Dependencies: AIRGAP-IMP-57-002. | Blocked on 57-002 | AGIM0101 |
| AIRGAP-IMP-58-002 | BLOCKED (2025-11-25) | 2025-11-25 | SPRINT_510_airgap | AirGap Importer Guild · Observability Guild | src/AirGap/StellaOps.AirGap.Importer | Emit timeline events (`airgap.import.started`. Dependencies: AIRGAP-IMP-58-001. | Blocked on 58-001 | AGIM0101 |
| AIRGAP-TIME-57-001 | DONE (2025-11-20) | 2025-11-20 | SPRINT_503_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | src/AirGap/StellaOps.AirGap.Time | PROGRAM-STAFF-1001; AIRGAP-TIME-CONTRACT-1501 | PROGRAM-STAFF-1001; AIRGAP-TIME-CONTRACT-1501 | ATMI0102 |
| AIRGAP-TIME-57-001 | DONE (2025-11-20) | 2025-11-20 | SPRINT_0503_0001_0001_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | src/AirGap/StellaOps.AirGap.Time | PROGRAM-STAFF-1001; AIRGAP-TIME-CONTRACT-1501 | PROGRAM-STAFF-1001; AIRGAP-TIME-CONTRACT-1501 | ATMI0102 |
| AIRGAP-TIME-57-002 | BLOCKED (2025-11-25) | 2025-11-25 | SPRINT_510_airgap | AirGap Time Guild · Observability Guild | src/AirGap/StellaOps.AirGap.Time | Add telemetry counters for time anchors (`airgap_time_anchor_age_seconds`) and alerts for approaching thresholds. Dependencies: AIRGAP-TIME-57-001. | Blocked pending controller telemetry and disk space | AGTM0101 |
| AIRGAP-TIME-58-001 | BLOCKED (2025-11-25) | 2025-11-25 | SPRINT_510_airgap | AirGap Time Guild | src/AirGap/StellaOps.AirGap.Time | Persist drift baseline, compute per-content staleness (advisories, VEX, policy) based on bundle metadata, and surface through controller status API. Dependencies: AIRGAP-TIME-57-002. | Blocked on 57-002 | AGTM0101 |
| AIRGAP-TIME-58-002 | BLOCKED (2025-11-25) | 2025-11-25 | SPRINT_510_airgap | AirGap Time Guild, Notifications Guild (src/AirGap/StellaOps.AirGap.Time) | src/AirGap/StellaOps.AirGap.Time | Emit notifications and timeline events when staleness budgets breached or approaching. Dependencies: AIRGAP-TIME-58-001. | Blocked on 58-001 | AGTM0101 |
@@ -206,7 +206,7 @@
| AOC-19-002 | TODO | | SPRINT_123_policy_reasoning | Policy Guild | src/Policy/__Libraries/StellaOps.Policy | Depends on #1 | POLICY-AOC-19-001 | PLAO0101 |
| AOC-19-003 | TODO | | SPRINT_123_policy_reasoning | Policy Guild | src/Policy/__Libraries/StellaOps.Policy | Depends on #2 | POLICY-AOC-19-002 | PLAO0101 |
| AOC-19-004 | TODO | | SPRINT_123_policy_reasoning | Policy Guild | src/Policy/__Libraries/StellaOps.Policy | Depends on #3 | POLICY-AOC-19-003 | PLAO0101 |
| AOC-19-101 | TODO | 2025-10-28 | SPRINT_503_ops_devops_i | DevOps Guild | ops/devops | Needs helper definitions from PLAO0101 | Needs helper definitions from PLAO0101 | DVAO0101 |
| AOC-19-101 | TODO | 2025-10-28 | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild | ops/devops | Needs helper definitions from PLAO0101 | Needs helper definitions from PLAO0101 | DVAO0101 |
| API-27-001 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Governance decision (APIG0101) | Governance decision (APIG0101) | PLAR0101 |
| API-27-002 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #1 | REGISTRY-API-27-001 | PLAR0101 |
| API-27-003 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #2 | REGISTRY-API-27-002 | PLAR0101 |
@@ -295,14 +295,14 @@
| CLI-401-021 | BLOCKED | 2025-11-25 | SPRINT_0401_0001_0001_reachability_evidence_chain | CLI Guild · DevOps Guild (`src/Cli/StellaOps.Cli`, `scripts/ci/attest-*`, `docs/modules/attestor/architecture.md`) | `src/Cli/StellaOps.Cli`, `scripts/ci/attest-*`, `docs/modules/attestor/architecture.md` | Awaiting reachability chain CI/attestor contract and fixtures | — | CLCI0101 |
| CLI-41-001 | BLOCKED | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, DevEx/CLI Guild (docs) | | Superseded by DOCS-CLI-41-001 scope; no separate definition provided. | Pending clarified scope | CLCI0101 |
| CLI-42-001 | BLOCKED | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild (docs) | | Superseded by DOCS-CLI-42-001; scope not defined separately. | Pending clarified scope | CLCI0101 |
| CLI-43-002 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild, Task Runner Guild (ops/devops) | ops/devops | — | — | CLCI0101 |
| CLI-43-003 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild, DevEx/CLI Guild (ops/devops) | ops/devops | — | — | CLCI0101 |
| CLI-43-002 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild, Task Runner Guild (ops/devops) | ops/devops | — | — | CLCI0101 |
| CLI-43-003 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild, DevEx/CLI Guild (ops/devops) | ops/devops | — | — | CLCI0101 |
| CLI-AIAI-31-001 | DONE | 2025-11-24 | SPRINT_0201_0001_0001_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella advise summarize` command with JSON/Markdown outputs and citation display. | — | CLCI0101 |
| CLI-AIAI-31-002 | DONE | 2025-11-24 | SPRINT_0201_0001_0001_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella advise explain` showing conflict narrative and structured rationale. Dependencies: CLI-AIAI-31-001. | — | CLCI0101 |
| CLI-AIRGAP-56-001 | BLOCKED | 2025-11-22 | SPRINT_0201_0001_0001_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella mirror create` for air-gap bootstrap. Blocked: mirror bundle contract/spec (schema/signing/digests) not available to CLI. | — | CLCI0102 |
| CLI-AIAI-31-003 | DONE | 2025-11-24 | SPRINT_0201_0001_0001_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella advise remediate` generating remediation plans with `--strategy` filters and file output. Dependencies: CLI-AIAI-31-002. | — | CLCI0101 |
| CLI-AIAI-31-004 | DONE | 2025-11-24 | SPRINT_0201_0001_0001_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella advise batch` for summaries/conflicts/remediation with progress + multi-status responses. Dependencies: CLI-AIAI-31-003. | — | CLCI0102 |
| CLI-AIRGAP-56-001 | TODO | | SPRINT_503_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | | PROGRAM-STAFF-1001 | PROGRAM-STAFF-1001 | ATMI0102 |
| CLI-AIRGAP-56-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | | PROGRAM-STAFF-1001 | PROGRAM-STAFF-1001 | ATMI0102 |
| CLI-AIRGAP-56-002 | BLOCKED | 2025-11-25 | SPRINT_0201_0001_0001_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Ensure telemetry propagation under sealed mode (no remote exporters) while preserving correlation IDs; add label `AirGapped-Phase-1`. Dependencies: CLI-AIRGAP-56-001. | Blocked: CLI-AIRGAP-56-001 waiting for mirror bundle contract/spec | CLCI0102 |
| CLI-AIRGAP-57-001 | BLOCKED | 2025-11-25 | SPRINT_0201_0001_0001_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Add `stella airgap import` with diff preview, bundle scope selection (`--tenant`, `--global`), audit logging, and progress reporting. Dependencies: CLI-AIRGAP-56-002. | Blocked: upstream CLI-AIRGAP-56-002 | CLCI0102 |
| CLI-AIRGAP-57-002 | BLOCKED | 2025-11-25 | SPRINT_0201_0001_0001_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Provide `stella airgap seal` helper. Dependencies: CLI-AIRGAP-57-001. | Blocked: upstream CLI-AIRGAP-57-001 | CLCI0102 |
@@ -343,7 +343,7 @@
| CLI-ORCH-34-001 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Provide backfill wizard (`--from/--to --dry-run`), quota management (`quotas get. Dependencies: CLI-ORCH-33-001. | ORGR0102 API review | CLCI0105 |
| CLI-PACKS-42-001 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement Task Pack commands (`pack plan/run/push/pull/verify`) with schema validation, expression sandbox, plan/simulate engine, remote execution. | — | CLCI0105 |
| CLI-PACKS-43-001 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Deliver advanced pack features (approvals pause/resume, secret injection, localization, man pages, offline cache). Dependencies: CLI-PACKS-42-001. | Offline kit schema sign-off | CLCI0105 |
| CLI-PACKS-43-002 | TODO | | SPRINT_508_ops_offline_kit | Offline Kit Guild · Packs Registry Guild | ops/offline-kit | Bundle Task Pack samples, registry mirror seeds, Task Runner configs, and CLI binaries with checksums into Offline Kit. | CLI-PACKS-43-001 | CLCI0105 |
| CLI-PACKS-43-002 | TODO | | SPRINT_0508_0001_0001_ops_offline_kit | Offline Kit Guild · Packs Registry Guild | ops/offline-kit | Bundle Task Pack samples, registry mirror seeds, Task Runner configs, and CLI binaries with checksums into Offline Kit. | CLI-PACKS-43-001 | CLCI0105 |
| CLI-PARITY-41-001 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Deliver parity command groups (`policy`, `sbom`, `vuln`, `vex`, `advisory`, `export`, `orchestrator`) with `--explain`, deterministic outputs, and parity matrix entries. | — | CLCI0106 |
| CLI-PARITY-41-002 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `notify`, `aoc`, `auth` command groups, idempotency keys, shell completions, config docs, and parity matrix export tooling. Dependencies: CLI-PARITY-41-001. | — | CLCI0106 |
| CLI-POLICY-20-001 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add `stella policy new | PLPE0101 completion | CLCI0106 |
@@ -384,9 +384,9 @@
| CLI-VULN-29-005 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add `stella vuln export` and `stella vuln bundle verify` commands to trigger/download evidence bundles and verify signatures. Dependencies: CLI-VULN-29-004. | CLI-VULN-29-004 | CLCI0107 |
| CLI-VULN-29-006 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild · Docs Guild | src/Cli/StellaOps.Cli | Update CLI docs/examples for Vulnerability Explorer with compliance checklist and CI snippets. Dependencies: CLI-VULN-29-005. | CLI-VULN-29-005 | CLCI0108 |
| CLIENT-401-012 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Symbols Guild | `src/Symbols/StellaOps.Symbols.Client`, `src/Scanner/StellaOps.Scanner.Symbolizer` | Align with symbolizer regression fixtures | Align with symbolizer regression fixtures | RBSY0101 |
| COMPOSE-44-001 | BLOCKED | 2025-11-25 | SPRINT_501_ops_deployment_i | Deployment Guild · DevEx Guild | ops/deployment | Author `docker-compose.yml`, `.env.example`, and `quickstart.sh` with all core services + dependencies (postgres, redis, object-store, queue, otel). | Waiting on consolidated service list/version pins from upstream module releases | DVCP0101 |
| COMPOSE-44-002 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild | ops/deployment | Implement `backup.sh` and `reset.sh` scripts with safety prompts and documentation. Dependencies: COMPOSE-44-001. | Depends on #1 | DVCP0101 |
| COMPOSE-44-003 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild | ops/deployment | Package seed data container and onboarding wizard toggle (`QUICKSTART_MODE`), ensuring default creds randomized on first run. Dependencies: COMPOSE-44-002. | Needs RBRE0101 provenance | DVCP0101 |
| COMPOSE-44-001 | BLOCKED | 2025-11-25 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · DevEx Guild | ops/deployment | Author `docker-compose.yml`, `.env.example`, and `quickstart.sh` with all core services + dependencies (postgres, redis, object-store, queue, otel). | Waiting on consolidated service list/version pins from upstream module releases | DVCP0101 |
| COMPOSE-44-002 | TODO | | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild | ops/deployment | Implement `backup.sh` and `reset.sh` scripts with safety prompts and documentation. Dependencies: COMPOSE-44-001. | Depends on #1 | DVCP0101 |
| COMPOSE-44-003 | TODO | | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild | ops/deployment | Package seed data container and onboarding wizard toggle (`QUICKSTART_MODE`), ensuring default creds randomized on first run. Dependencies: COMPOSE-44-002. | Needs RBRE0101 provenance | DVCP0101 |
| CONCELIER-AIAI-31-002 | DONE | 2025-11-18 | SPRINT_110_ingestion_evidence | Concelier Core · Concelier WebService Guilds | | Structured field/caching implementation gated on schema approval. | CONCELIER-GRAPH-21-001; CARTO-GRAPH-21-002 | DOAI0101 |
| CONCELIER-AIAI-31-003 | DONE | 2025-11-12 | SPRINT_110_ingestion_evidence | Docs Guild · Concelier Observability Guild | docs/modules/concelier/observability.md | Telemetry counters/histograms live for Advisory AI dashboards. | Summarize telemetry evidence | DOCO0101 |
| CONCELIER-AIRGAP-56-001 | DONE (2025-11-24) | | SPRINT_112_concelier_i | Concelier Core Guild | src/Concelier/StellaOps.Concelier.WebService/AirGap | Deterministic air-gap bundle builder with manifest + entry-trace hashes. | docs/runbooks/concelier-airgap-bundle-deploy.md | AGCN0101 |
@@ -495,12 +495,12 @@
| CORE-AOC-19-003 | TODO | | SPRINT_120_excititor_ii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Depends on #1 | Depends on #1 | EXAC0101 |
| CORE-AOC-19-004 | TODO | | SPRINT_120_excititor_ii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Depends on #2 | Depends on #2 | EXAC0101 |
| CORE-AOC-19-013 | TODO | | SPRINT_112_concelier_i | Concelier Core Guild + Excititor | src/Concelier/__Libraries/StellaOps.Concelier.Core | Needs CCAN0101 DSSE output | Needs CCAN0101 DSSE output | EXAC0101 |
| CRT-56-001 | TODO | | SPRINT_0506_ops_devops_iv | Mirror Creator Guild | | Wait for PGMI0101 owner | Wait for PGMI0101 owner | MRCR0101 |
| CRT-56-002 | TODO | | SPRINT_0506_ops_devops_iv | Mirror Creator · Security Guilds | | Depends on #1 | MIRROR-CRT-56-001; PROV-OBS-53-001 | MRCR0101 |
| CRT-57-001 | TODO | | SPRINT_0506_ops_devops_iv | Mirror Creator · AirGap Time Guild | | Needs AIRGAP-TIME-57-001 | MIRROR-CRT-56-001; AIRGAP-TIME-57-001 | MRCR0101 |
| CRT-57-002 | TODO | | SPRINT_0506_ops_devops_iv | Mirror Creator Guild | | Depends on #3 | MIRROR-CRT-56-001; AIRGAP-TIME-57-001 | MRCR0101 |
| CRT-58-001 | TODO | | SPRINT_0506_ops_devops_iv | Mirror Creator + Evidence Locker | | Requires Evidence Locker contract | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | MRCR0101 |
| CRT-58-002 | TODO | | SPRINT_0506_ops_devops_iv | Mirror Creator + Security Guild | | Depends on #5 | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | MRCR0101 |
| CRT-56-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator Guild | | Wait for PGMI0101 owner | Wait for PGMI0101 owner | MRCR0101 |
| CRT-56-002 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator · Security Guilds | | Depends on #1 | MIRROR-CRT-56-001; PROV-OBS-53-001 | MRCR0101 |
| CRT-57-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator · AirGap Time Guild | | Needs AIRGAP-TIME-57-001 | MIRROR-CRT-56-001; AIRGAP-TIME-57-001 | MRCR0101 |
| CRT-57-002 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator Guild | | Depends on #3 | MIRROR-CRT-56-001; AIRGAP-TIME-57-001 | MRCR0101 |
| CRT-58-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator + Evidence Locker | | Requires Evidence Locker contract | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | MRCR0101 |
| CRT-58-002 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator + Security Guild | | Depends on #5 | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | MRCR0101 |
| CRYPTO-90-001 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | | | CRSA0101 |
| CRYPTO-90-002 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | | | CRSA0101 |
| CRYPTO-90-003 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | | | CRSA0101 |
@@ -527,104 +527,104 @@
| CTL-57-001 | TODO | | SPRINT_510_airgap | Controller + Time Guild | src/AirGap/StellaOps.AirGap.Controller | Needs AGTM time anchors | Needs AGTM time anchors | AGCT0102 |
| CTL-57-002 | TODO | | SPRINT_510_airgap | Controller + Observability Guild | src/AirGap/StellaOps.AirGap.Controller | Depends on #3 | Depends on #3 | AGCT0102 |
| CTL-58-001 | TODO | | SPRINT_510_airgap | Controller + Evidence Locker Guild | src/AirGap/StellaOps.AirGap.Controller | Depends on #4 | Depends on #4 | AGCT0102 |
| DEPLOY-AIAI-31-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild · Advisory AI Guild | ops/deployment | Provide Helm/Compose manifests, GPU toggle, scaling/runbook, and offline kit instructions for Advisory AI service + inference container. | Wait for DVCP0101 compose template | DVPL0101 |
| DEPLOY-AIRGAP-46-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild · Offline Kit Guild | ops/deployment | Provide instructions and scripts (`load.sh`) for importing air-gap bundle into private registry; update Offline Kit guide. | Requires #1 artifacts | AGDP0101 |
| DEPLOY-CLI-41-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild · CLI Guild | ops/deployment | Package CLI release artifacts (tarballs per OS/arch, checksums, signatures, completions, container image) and publish distribution docs. | Wait for CLI observability schema (035_CLCI0105) | AGDP0101 |
| DEPLOY-COMPOSE-44-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild | ops/deployment | Finalize Quickstart scripts (`quickstart.sh`, `backup.sh`, `reset.sh`), seed data container, and publish README with imposed rule reminder. | Depends on #1 | DVPL0101 |
| DEPLOY-EXPORT-35-001 | DONE | 2025-10-29 | SPRINT_501_ops_deployment_i | Deployment Guild · Export Center Guild | ops/deployment | Helm overlay + docs + example secrets added (`deploy/helm/stellaops/values-export.yaml`, `ops/deployment/export/helm-overlays.md`, `ops/deployment/export/secrets-example.yaml`). | Need exporter DSSE API (002_ATEL0101) | AGDP0101 |
| DEPLOY-EXPORT-36-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild · Export Center Guild | ops/deployment | Document OCI/object storage distribution workflows, registry credential automation, and monitoring hooks for exports. Dependencies: DEPLOY-EXPORT-35-001. | Depends on #4 deliverables | AGDP0101 |
| DEPLOY-HELM-45-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment + Security Guilds | ops/deployment | Publish Helm install guide and sample values for prod/airgap; integrate with docs site build. | Needs helm chart schema | DVPL0101 |
| DEPLOY-NOTIFY-38-001 | DONE | 2025-10-29 | SPRINT_501_ops_deployment_i | Deployment + Notify Guilds | ops/deployment | Notifier Helm overlay + secrets/rollout doc + example secrets added (`deploy/helm/stellaops/values-notify.yaml`, `ops/deployment/notify/helm-overlays.md`, `ops/deployment/notify/secrets-example.yaml`). | Depends on #3 | DVPL0101 |
| DEPLOY-ORCH-34-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild · Orchestrator Guild | ops/deployment | Provide orchestrator Helm/Compose manifests, scaling defaults, secret templates, offline kit instructions, and GA rollout/rollback playbook. | Requires ORTR0101 readiness | AGDP0101 |
| DEPLOY-PACKS-42-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild · Packs Registry Guild | ops/deployment | Provide deployment manifests for packs-registry and task-runner services, including Helm/Compose overlays, scaling defaults, and secret templates. | Wait for pack registry schema | AGDP0101 |
| DEPLOY-PACKS-43-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild · Task Runner Guild | ops/deployment | Ship remote Task Runner worker profiles, object storage bootstrap, approval workflow integration, and Offline Kit packaging instructions. Dependencies: DEPLOY-PACKS-42-001. | Needs #7 artifacts | AGDP0101 |
| DEPLOY-POLICY-27-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild · Policy Registry Guild | ops/deployment | Produce Helm/Compose overlays for Policy Registry + simulation workers (migrations, buckets, signing keys, tenancy defaults). | WEPO0101 | DVPL0105 |
| DEPLOY-POLICY-27-002 | TODO | | SPRINT_502_ops_deployment_ii | Deployment Guild · Policy Guild | ops/deployment | Document rollout/rollback playbooks for policy publish/promote (canary strategy, emergency freeze, evidence retrieval). | DEPLOY-POLICY-27-001 | DVPL0105 |
| DEPLOY-VEX-30-001 | TODO | | SPRINT_502_ops_deployment_ii | Deployment + VEX Lens Guild | ops/deployment | Provide Helm/Compose overlays, scaling defaults, and offline kit instructions for VEX Lens service. | Wait for CCWO0101 schema | DVPL0101 |
| DEPLOY-VEX-30-002 | TODO | | SPRINT_502_ops_deployment_ii | Deployment Guild | ops/deployment | Package Issuer Directory deployment manifests, backups, and security hardening guidance. Dependencies: DEPLOY-VEX-30-001. | Depends on #5 | DVPL0101 |
| DEPLOY-VULN-29-001 | TODO | | SPRINT_502_ops_deployment_ii | Deployment + Vuln Guild | ops/deployment | Produce Helm/Compose overlays for Findings Ledger + projector, including DB migrations, Merkle anchor jobs, and scaling guidance. | Needs CCWO0101 | DVPL0101 |
| DEPLOY-VULN-29-002 | TODO | | SPRINT_502_ops_deployment_ii | Deployment Guild | ops/deployment | Package `stella-vuln-explorer-api` deployment manifests, health checks, autoscaling policies, and offline kit instructions with signed images. Dependencies: DEPLOY-VULN-29-001. | Depends on #7 | DVPL0101 |
| DEPLOY-AIAI-31-001 | TODO | | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Advisory AI Guild | ops/deployment | Provide Helm/Compose manifests, GPU toggle, scaling/runbook, and offline kit instructions for Advisory AI service + inference container. | Wait for DVCP0101 compose template | DVPL0101 |
| DEPLOY-AIRGAP-46-001 | TODO | | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Offline Kit Guild | ops/deployment | Provide instructions and scripts (`load.sh`) for importing air-gap bundle into private registry; update Offline Kit guide. | Requires #1 artifacts | AGDP0101 |
| DEPLOY-CLI-41-001 | TODO | | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · CLI Guild | ops/deployment | Package CLI release artifacts (tarballs per OS/arch, checksums, signatures, completions, container image) and publish distribution docs. | Wait for CLI observability schema (035_CLCI0105) | AGDP0101 |
| DEPLOY-COMPOSE-44-001 | TODO | | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild | ops/deployment | Finalize Quickstart scripts (`quickstart.sh`, `backup.sh`, `reset.sh`), seed data container, and publish README with imposed rule reminder. | Depends on #1 | DVPL0101 |
| DEPLOY-EXPORT-35-001 | DONE | 2025-10-29 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Export Center Guild | ops/deployment | Helm overlay + docs + example secrets added (`deploy/helm/stellaops/values-export.yaml`, `ops/deployment/export/helm-overlays.md`, `ops/deployment/export/secrets-example.yaml`). | Need exporter DSSE API (002_ATEL0101) | AGDP0101 |
| DEPLOY-EXPORT-36-001 | TODO | | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Export Center Guild | ops/deployment | Document OCI/object storage distribution workflows, registry credential automation, and monitoring hooks for exports. Dependencies: DEPLOY-EXPORT-35-001. | Depends on #4 deliverables | AGDP0101 |
| DEPLOY-HELM-45-001 | TODO | | SPRINT_0501_0001_0001_ops_deployment_i | Deployment + Security Guilds | ops/deployment | Publish Helm install guide and sample values for prod/airgap; integrate with docs site build. | Needs helm chart schema | DVPL0101 |
| DEPLOY-NOTIFY-38-001 | DONE | 2025-10-29 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment + Notify Guilds | ops/deployment | Notifier Helm overlay + secrets/rollout doc + example secrets added (`deploy/helm/stellaops/values-notify.yaml`, `ops/deployment/notify/helm-overlays.md`, `ops/deployment/notify/secrets-example.yaml`). | Depends on #3 | DVPL0101 |
| DEPLOY-ORCH-34-001 | TODO | | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Orchestrator Guild | ops/deployment | Provide orchestrator Helm/Compose manifests, scaling defaults, secret templates, offline kit instructions, and GA rollout/rollback playbook. | Requires ORTR0101 readiness | AGDP0101 |
| DEPLOY-PACKS-42-001 | TODO | | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Packs Registry Guild | ops/deployment | Provide deployment manifests for packs-registry and task-runner services, including Helm/Compose overlays, scaling defaults, and secret templates. | Wait for pack registry schema | AGDP0101 |
| DEPLOY-PACKS-43-001 | TODO | | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Task Runner Guild | ops/deployment | Ship remote Task Runner worker profiles, object storage bootstrap, approval workflow integration, and Offline Kit packaging instructions. Dependencies: DEPLOY-PACKS-42-001. | Needs #7 artifacts | AGDP0101 |
| DEPLOY-POLICY-27-001 | TODO | | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Policy Registry Guild | ops/deployment | Produce Helm/Compose overlays for Policy Registry + simulation workers (migrations, buckets, signing keys, tenancy defaults). | WEPO0101 | DVPL0105 |
| DEPLOY-POLICY-27-002 | TODO | | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment Guild · Policy Guild | ops/deployment | Document rollout/rollback playbooks for policy publish/promote (canary strategy, emergency freeze, evidence retrieval). | DEPLOY-POLICY-27-001 | DVPL0105 |
| DEPLOY-VEX-30-001 | TODO | | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment + VEX Lens Guild | ops/deployment | Provide Helm/Compose overlays, scaling defaults, and offline kit instructions for VEX Lens service. | Wait for CCWO0101 schema | DVPL0101 |
| DEPLOY-VEX-30-002 | TODO | | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment Guild | ops/deployment | Package Issuer Directory deployment manifests, backups, and security hardening guidance. Dependencies: DEPLOY-VEX-30-001. | Depends on #5 | DVPL0101 |
| DEPLOY-VULN-29-001 | TODO | | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment + Vuln Guild | ops/deployment | Produce Helm/Compose overlays for Findings Ledger + projector, including DB migrations, Merkle anchor jobs, and scaling guidance. | Needs CCWO0101 | DVPL0101 |
| DEPLOY-VULN-29-002 | TODO | | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment Guild | ops/deployment | Package `stella-vuln-explorer-api` deployment manifests, health checks, autoscaling policies, and offline kit instructions with signed images. Dependencies: DEPLOY-VULN-29-001. | Depends on #7 | DVPL0101 |
| DETER-186-008 | TODO | | SPRINT_186_record_deterministic_execution | Scanner Guild | `src/Scanner/StellaOps.Scanner.WebService`, `src/Scanner/StellaOps.Scanner.Worker` | Wait for RLRC0101 fixture | Wait for RLRC0101 fixture | SCDT0101 |
| DETER-186-009 | TODO | | SPRINT_186_record_deterministic_execution | Scanner Guild · QA Guild | `src/Scanner/StellaOps.Scanner.Replay`, `src/Scanner/__Tests` | Depends on #1 | Depends on #1 | SCDT0101 |
| DETER-186-010 | TODO | | SPRINT_186_record_deterministic_execution | Scanner Guild · Export Center Guild | `src/Scanner/StellaOps.Scanner.WebService`, `docs/modules/scanner/operations/release.md` | Depends on #2 | Depends on #2 | SCDT0101 |
| DETER-70-002 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Scanner Guild | | Needs CASC0101 manifest | Needs CASC0101 manifest | SCDT0101 |
| DETER-70-003 | TODO | | SPRINT_202_cli_ii | DevEx/CLI Guild · Scanner Guild | src/Cli/StellaOps.Cli | Depends on #4 | Depends on #4 | SCDT0101 |
| DETER-70-004 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Depends on #5 | Depends on #5 | SCDT0101 |
| DEVOPS-AIAI-31-001 | TODO | | SPRINT_503_ops_devops_i | DevOps Guild, Advisory AI Guild (ops/devops) | ops/devops | Stand up CI pipelines, inference monitoring, privacy logging review, and perf dashboards for Advisory AI (summaries/conflicts/remediation). | — | DVDO0101 |
| DEVOPS-SPANSINK-31-003 | TODO | | SPRINT_503_ops_devops_i | DevOps Guild · Observability Guild (ops/devops) | ops/devops | Deploy span sink/Signals pipeline for Excititor evidence APIs (31-003) and publish dashboards; unblock traces for `/v1/vex/observations/**`. | — | DVDO0101 |
| DEVOPS-AIRGAP-56-001 | TODO | | SPRINT_503_ops_devops_i | DevOps Guild (ops/devops) | ops/devops | Ship deny-all egress policies for Kubernetes (NetworkPolicy/eBPF) and docker-compose firewall rules; provide verification script for sealed mode. | — | DVDO0101 |
| DEVOPS-AIRGAP-56-002 | TODO | | SPRINT_503_ops_devops_i | DevOps Guild, AirGap Importer Guild (ops/devops) | ops/devops | Provide import tooling for bundle staging: checksum validation, offline object-store loader scripts, removable media guidance. Dependencies: DEVOPS-AIRGAP-56-001. | — | DVDO0101 |
| DEVOPS-AIRGAP-56-003 | TODO | | SPRINT_503_ops_devops_i | DevOps Guild, Container Distribution Guild (ops/devops) | ops/devops | Build Bootstrap Pack pipeline bundling images/charts, generating checksums, and publishing manifest for offline transfer. Dependencies: DEVOPS-AIRGAP-56-002. | — | DVDO0101 |
| DEVOPS-AIRGAP-57-001 | TODO | | SPRINT_503_ops_devops_i | DevOps Guild, Mirror Creator Guild (ops/devops) | ops/devops | Automate Mirror Bundle creation jobs with dual-control approvals, artifact signing, and checksum publication. Dependencies: DEVOPS-AIRGAP-56-003. | — | DVDO0101 |
| DEVOPS-AIRGAP-57-002 | DONE | 2025-11-08 | SPRINT_503_ops_devops_i | DevOps Guild, Authority Guild (ops/devops) | ops/devops | Sealed-mode smoke wired into CI (`.gitea/workflows/airgap-sealed-ci.yml`) running `ops/devops/airgap/sealed-ci-smoke.sh`. | — | DVDO0101 |
| DEVOPS-AIRGAP-58-001 | TODO | | SPRINT_503_ops_devops_i | DevOps Guild, Notifications Guild (ops/devops) | ops/devops | Provide local SMTP/syslog container templates and health checks for sealed environments; integrate into Bootstrap Pack. Dependencies: DEVOPS-AIRGAP-57-002. | — | DVDO0101 |
| DEVOPS-AIRGAP-58-002 | TODO | | SPRINT_503_ops_devops_i | DevOps Guild, Observability Guild (ops/devops) | ops/devops | Ship sealed-mode observability stack (Prometheus/Grafana/Tempo/Loki) pre-configured with offline dashboards and no remote exporters. Dependencies: DEVOPS-AIRGAP-58-001. | — | DVDO0101 |
| DEVOPS-AOC-19-001 | DONE | 2025-10-26 | SPRINT_503_ops_devops_i | DevOps Guild, Platform Guild (ops/devops) | ops/devops | AOC guard CI added (`.gitea/workflows/aoc-guard.yml`); analyzers built and run against ingestion projects; tests logged as artifacts. | CCAO0101 | DVDO0101 |
| DEVOPS-AOC-19-002 | DONE | 2025-10-26 | SPRINT_503_ops_devops_i | DevOps Guild (ops/devops) | ops/devops | AOC verify stage added to CI (`aoc-verify` job in `.gitea/workflows/aoc-guard.yml`) using `AOC_VERIFY_SINCE` + `STAGING_MONGO_URI`, publishing verify artifacts. | DEVOPS-AOC-19-001 | DVDO0101 |
| DEVOPS-AOC-19-003 | BLOCKED | 2025-10-26 | SPRINT_503_ops_devops_i | DevOps Guild, QA Guild (ops/devops) | ops/devops | Enforce unit test coverage thresholds for AOC guard suites and ensure coverage exported to dashboards. Dependencies: DEVOPS-AOC-19-002. | DEVOPS-AOC-19-002 | DVDO0102 |
| DEVOPS-AOC-19-101 | TODO | 2025-10-28 | SPRINT_503_ops_devops_i | DevOps Guild · Concelier Storage Guild | ops/devops | Draft supersedes backfill rollout (freeze window, dry-run steps, rollback) once advisory_raw idempotency index passes staging verification. Dependencies: DEVOPS-AOC-19-003. | Align with CCOA0101 contract | DVDO0104 |
| DEVOPS-ATTEST-73-001 | TODO | | SPRINT_503_ops_devops_i | DevOps Guild, Attestor Service Guild (ops/devops) | ops/devops | Provision CI pipelines for attestor service (lint/test/security scan, seed data) and manage secrets for KMS drivers. | — | DVDO0102 |
| DEVOPS-ATTEST-73-002 | TODO | | SPRINT_503_ops_devops_i | DevOps Guild, KMS Guild (ops/devops) | ops/devops | Establish secure storage for signing keys (vault integration, rotation schedule) and audit logging. Dependencies: DEVOPS-ATTEST-73-001. | — | DVDO0102 |
| DEVOPS-ATTEST-74-001 | TODO | | SPRINT_503_ops_devops_i | DevOps Guild, Transparency Guild (ops/devops) | ops/devops | Deploy transparency log witness infrastructure and monitoring. Dependencies: DEVOPS-ATTEST-73-002. | — | DVDO0102 |
| DEVOPS-ATTEST-74-002 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild, Export Attestation Guild (ops/devops) | ops/devops | Integrate attestation bundle builds into release/offline pipelines with checksum verification. Dependencies: DEVOPS-ATTEST-74-001. | — | DVDO0102 |
| DEVOPS-ATTEST-75-001 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild, Observability Guild (ops/devops) | ops/devops | Add dashboards/alerts for signing latency, verification failures, key rotation events. Dependencies: DEVOPS-ATTEST-74-002. | — | DVDO0102 |
| DEVOPS-CLI-41-001 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild, DevEx/CLI Guild (ops/devops) | ops/devops | Establish CLI build pipeline (multi-platform binaries, SBOM, checksums), parity matrix CI enforcement, and release artifact signing. | — | DVDO0102 |
| DEVOPS-CLI-42-001 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild (ops/devops) | ops/devops | Add CLI golden output tests, parity diff automation, pack run CI harness, and artifact cache for remote mode. Dependencies: DEVOPS-CLI-41-001. | — | DVDO0102 |
| DEVOPS-CLI-43-002 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild, Task Runner Guild (ops/devops) | ops/devops | Implement Task Pack chaos smoke in CI (random failure injection, resume, sealed-mode toggle) and publish evidence bundles for review. Dependencies: DEVOPS-CLI-43-001. | — | DVDO0102 |
| DEVOPS-CLI-43-003 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild, DevEx/CLI Guild (ops/devops) | ops/devops | Integrate CLI golden output/parity diff automation into release gating; export parity report artifact consumed by Console Downloads workspace. Dependencies: DEVOPS-CLI-43-002. | — | DVDO0102 |
| DEVOPS-CONSOLE-23-001 | DONE | 2025-10-26 | SPRINT_504_ops_devops_ii | DevOps Guild · Console Guild | ops/devops | Console CI contract + workflow added (`.gitea/workflows/console-ci.yml`); offline-first pnpm cache, lint/type/unit, Storybook a11y, Playwright, Lighthouse budgets, SBOM artifacts uploaded. | Needs CCWO0101 API schema | DVDO0104 |
| DEVOPS-CONSOLE-23-002 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild | ops/devops | Produce `stella-console` container build + Helm chart overlays with deterministic digests, SBOM/provenance artefacts, and offline bundle packaging scripts. Dependencies: DEVOPS-CONSOLE-23-001. | Depends on #2 | DVDO0104 |
| DEVOPS-CONTAINERS-44-001 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild | ops/devops | Automate multi-arch image builds with buildx, SBOM generation, cosign signing, and signature verification in CI. | Wait for COWB0101 base image | DVDO0104 |
| DEVOPS-CONTAINERS-45-001 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild | ops/devops | Add Compose and Helm smoke tests (fresh VM + kind cluster) to CI; publish test artifacts and logs. Dependencies: DEVOPS-CONTAINERS-44-001. | Depends on #4 | DVDO0104 |
| DEVOPS-CONTAINERS-46-001 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild | ops/devops | Build air-gap bundle generator (`src/Tools/make-airgap-bundle.sh`), produce signed bundle, and verify in CI using private registry. Dependencies: DEVOPS-CONTAINERS-45-001. | Depends on #5 | DVDO0104 |
| DEVOPS-DEVPORT-63-001 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild · DevPortal Guild | ops/devops | Automate developer portal build pipeline with caching, link & accessibility checks, performance budgets. | Wait for API schema from CCWO0101 | DVDO0105 |
| DEVOPS-DEVPORT-64-001 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild | ops/devops | Schedule `devportal --offline` nightly builds with checksum validation and artifact retention policies. Dependencies: DEVOPS-DEVPORT-63-001. | Depends on #1 | DVDO0105 |
| DEVOPS-AIAI-31-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Advisory AI Guild (ops/devops) | ops/devops | Stand up CI pipelines, inference monitoring, privacy logging review, and perf dashboards for Advisory AI (summaries/conflicts/remediation). | — | DVDO0101 |
| DEVOPS-SPANSINK-31-003 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild · Observability Guild (ops/devops) | ops/devops | Deploy span sink/Signals pipeline for Excititor evidence APIs (31-003) and publish dashboards; unblock traces for `/v1/vex/observations/**`. | — | DVDO0101 |
| DEVOPS-AIRGAP-56-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild (ops/devops) | ops/devops | Ship deny-all egress policies for Kubernetes (NetworkPolicy/eBPF) and docker-compose firewall rules; provide verification script for sealed mode. | — | DVDO0101 |
| DEVOPS-AIRGAP-56-002 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, AirGap Importer Guild (ops/devops) | ops/devops | Provide import tooling for bundle staging: checksum validation, offline object-store loader scripts, removable media guidance. Dependencies: DEVOPS-AIRGAP-56-001. | — | DVDO0101 |
| DEVOPS-AIRGAP-56-003 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Container Distribution Guild (ops/devops) | ops/devops | Build Bootstrap Pack pipeline bundling images/charts, generating checksums, and publishing manifest for offline transfer. Dependencies: DEVOPS-AIRGAP-56-002. | — | DVDO0101 |
| DEVOPS-AIRGAP-57-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Mirror Creator Guild (ops/devops) | ops/devops | Automate Mirror Bundle creation jobs with dual-control approvals, artifact signing, and checksum publication. Dependencies: DEVOPS-AIRGAP-56-003. | — | DVDO0101 |
| DEVOPS-AIRGAP-57-002 | DONE | 2025-11-08 | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Authority Guild (ops/devops) | ops/devops | Sealed-mode smoke wired into CI (`.gitea/workflows/airgap-sealed-ci.yml`) running `ops/devops/airgap/sealed-ci-smoke.sh`. | — | DVDO0101 |
| DEVOPS-AIRGAP-58-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Notifications Guild (ops/devops) | ops/devops | Provide local SMTP/syslog container templates and health checks for sealed environments; integrate into Bootstrap Pack. Dependencies: DEVOPS-AIRGAP-57-002. | — | DVDO0101 |
| DEVOPS-AIRGAP-58-002 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Observability Guild (ops/devops) | ops/devops | Ship sealed-mode observability stack (Prometheus/Grafana/Tempo/Loki) pre-configured with offline dashboards and no remote exporters. Dependencies: DEVOPS-AIRGAP-58-001. | — | DVDO0101 |
| DEVOPS-AOC-19-001 | DONE | 2025-10-26 | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Platform Guild (ops/devops) | ops/devops | AOC guard CI added (`.gitea/workflows/aoc-guard.yml`); analyzers built and run against ingestion projects; tests logged as artifacts. | CCAO0101 | DVDO0101 |
| DEVOPS-AOC-19-002 | DONE | 2025-10-26 | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild (ops/devops) | ops/devops | AOC verify stage added to CI (`aoc-verify` job in `.gitea/workflows/aoc-guard.yml`) using `AOC_VERIFY_SINCE` + `STAGING_MONGO_URI`, publishing verify artifacts. | DEVOPS-AOC-19-001 | DVDO0101 |
| DEVOPS-AOC-19-003 | BLOCKED | 2025-10-26 | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, QA Guild (ops/devops) | ops/devops | Enforce unit test coverage thresholds for AOC guard suites and ensure coverage exported to dashboards. Dependencies: DEVOPS-AOC-19-002. | DEVOPS-AOC-19-002 | DVDO0102 |
| DEVOPS-AOC-19-101 | TODO | 2025-10-28 | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild · Concelier Storage Guild | ops/devops | Draft supersedes backfill rollout (freeze window, dry-run steps, rollback) once advisory_raw idempotency index passes staging verification. Dependencies: DEVOPS-AOC-19-003. | Align with CCOA0101 contract | DVDO0104 |
| DEVOPS-ATTEST-73-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Attestor Service Guild (ops/devops) | ops/devops | Provision CI pipelines for attestor service (lint/test/security scan, seed data) and manage secrets for KMS drivers. | — | DVDO0102 |
| DEVOPS-ATTEST-73-002 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, KMS Guild (ops/devops) | ops/devops | Establish secure storage for signing keys (vault integration, rotation schedule) and audit logging. Dependencies: DEVOPS-ATTEST-73-001. | — | DVDO0102 |
| DEVOPS-ATTEST-74-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Transparency Guild (ops/devops) | ops/devops | Deploy transparency log witness infrastructure and monitoring. Dependencies: DEVOPS-ATTEST-73-002. | — | DVDO0102 |
| DEVOPS-ATTEST-74-002 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild, Export Attestation Guild (ops/devops) | ops/devops | Integrate attestation bundle builds into release/offline pipelines with checksum verification. Dependencies: DEVOPS-ATTEST-74-001. | — | DVDO0102 |
| DEVOPS-ATTEST-75-001 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild, Observability Guild (ops/devops) | ops/devops | Add dashboards/alerts for signing latency, verification failures, key rotation events. Dependencies: DEVOPS-ATTEST-74-002. | — | DVDO0102 |
| DEVOPS-CLI-41-001 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild, DevEx/CLI Guild (ops/devops) | ops/devops | Establish CLI build pipeline (multi-platform binaries, SBOM, checksums), parity matrix CI enforcement, and release artifact signing. | — | DVDO0102 |
| DEVOPS-CLI-42-001 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild (ops/devops) | ops/devops | Add CLI golden output tests, parity diff automation, pack run CI harness, and artifact cache for remote mode. Dependencies: DEVOPS-CLI-41-001. | — | DVDO0102 |
| DEVOPS-CLI-43-002 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild, Task Runner Guild (ops/devops) | ops/devops | Implement Task Pack chaos smoke in CI (random failure injection, resume, sealed-mode toggle) and publish evidence bundles for review. Dependencies: DEVOPS-CLI-43-001. | — | DVDO0102 |
| DEVOPS-CLI-43-003 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild, DevEx/CLI Guild (ops/devops) | ops/devops | Integrate CLI golden output/parity diff automation into release gating; export parity report artifact consumed by Console Downloads workspace. Dependencies: DEVOPS-CLI-43-002. | — | DVDO0102 |
| DEVOPS-CONSOLE-23-001 | DONE | 2025-10-26 | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild · Console Guild | ops/devops | Console CI contract + workflow added (`.gitea/workflows/console-ci.yml`); offline-first pnpm cache, lint/type/unit, Storybook a11y, Playwright, Lighthouse budgets, SBOM artifacts uploaded. | Needs CCWO0101 API schema | DVDO0104 |
| DEVOPS-CONSOLE-23-002 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild | ops/devops | Produce `stella-console` container build + Helm chart overlays with deterministic digests, SBOM/provenance artefacts, and offline bundle packaging scripts. Dependencies: DEVOPS-CONSOLE-23-001. | Depends on #2 | DVDO0104 |
| DEVOPS-CONTAINERS-44-001 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild | ops/devops | Automate multi-arch image builds with buildx, SBOM generation, cosign signing, and signature verification in CI. | Wait for COWB0101 base image | DVDO0104 |
| DEVOPS-CONTAINERS-45-001 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild | ops/devops | Add Compose and Helm smoke tests (fresh VM + kind cluster) to CI; publish test artifacts and logs. Dependencies: DEVOPS-CONTAINERS-44-001. | Depends on #4 | DVDO0104 |
| DEVOPS-CONTAINERS-46-001 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild | ops/devops | Build air-gap bundle generator (`src/Tools/make-airgap-bundle.sh`), produce signed bundle, and verify in CI using private registry. Dependencies: DEVOPS-CONTAINERS-45-001. | Depends on #5 | DVDO0104 |
| DEVOPS-DEVPORT-63-001 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild · DevPortal Guild | ops/devops | Automate developer portal build pipeline with caching, link & accessibility checks, performance budgets. | Wait for API schema from CCWO0101 | DVDO0105 |
| DEVOPS-DEVPORT-64-001 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild | ops/devops | Schedule `devportal --offline` nightly builds with checksum validation and artifact retention policies. Dependencies: DEVOPS-DEVPORT-63-001. | Depends on #1 | DVDO0105 |
| DEVOPS-DOCS-0001 | TODO | | SPRINT_318_docs_modules_devops | DevOps Docs Guild | docs/modules/devops | See ./AGENTS.md | Needs CCSL0101 console docs | DVDO0105 |
| DEVOPS-ENG-0001 | TODO | | SPRINT_318_docs_modules_devops | DevOps Engineering Guild | docs/modules/devops | Update status via ./AGENTS.md workflow | Depends on #3 | DVDO0105 |
| DEVOPS-EXPORT-35-001 | DONE | 2025-10-29 | SPRINT_504_ops_devops_ii | DevOps · Export Guild | ops/devops | CI contract drafted and fixtures added (`ops/devops/export/minio-compose.yml`, `seed-minio.sh`); ready to wire pipeline with offline MinIO, build/test, smoke, SBOM, dashboards. | Wait for DVPL0101 export deploy | DVDO0105 |
| DEVOPS-EXPORT-36-001 | DONE | | SPRINT_505_ops_devops_iii | DevOps Guild | ops/devops | Export CI workflow added (`.gitea/workflows/export-ci.yml`) running build/test, MinIO fixture, Trivy/OCI smoke, SBOM artifacts. | Depends on #5 | DVDO0105 |
| DEVOPS-EXPORT-37-001 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild | ops/devops | Finalize exporter monitoring (failure alerts, verify metrics, retention jobs) and chaos/latency tests ahead of GA. Dependencies: DEVOPS-EXPORT-36-001. | Depends on #6 | DVDO0105 |
| DEVOPS-GRAPH-24-001 | TODO | | SPRINT_505_ops_devops_iii | DevOps · Graph Guild | ops/devops | Load test graph index/adjacency APIs with 40k-node assets; capture perf dashboards and alert thresholds. | Wait for CCGH0101 endpoint | DVDO0106 |
| DEVOPS-GRAPH-24-002 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild | ops/devops | Integrate synthetic UI perf runs (Playwright/WebGL metrics) for Graph/Vuln explorers; fail builds on regression. Dependencies: DEVOPS-GRAPH-24-001. | Depends on #1 | DVDO0106 |
| DEVOPS-GRAPH-24-003 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild | ops/devops | Implement smoke job for simulation endpoints ensuring we stay within SLA (<3s upgrade) and log results. Dependencies: DEVOPS-GRAPH-24-002. | Depends on #2 | DVDO0106 |
| DEVOPS-LNM-22-001 | DONE | 2025-10-27 | SPRINT_505_ops_devops_iii | DevOps · Concelier Guild | ops/devops | Backfill plan + validation scripts + dispatchable CI (`.gitea/workflows/lnm-backfill.yml`) added; ready to run on staging snapshot. | Needs CCLN0102 API | DVDO0106 |
| DEVOPS-LNM-22-002 | DONE | 2025-10-27 | SPRINT_505_ops_devops_iii | DevOps Guild | ops/devops | VEX backfill dispatcher added (`.gitea/workflows/lnm-vex-backfill.yml`) with NATS/Redis inputs; plan documented in `ops/devops/lnm/vex-backfill-plan.md`. | Depends on #4 | DVDO0106 |
| DEVOPS-LNM-22-003 | DONE | | SPRINT_505_ops_devops_iii | DevOps Guild | ops/devops | Metrics/alert scaffold plus CI check (`ops/devops/lnm/metrics-ci-check.sh`) added; ready for Grafana import. | Depends on #5 | DVDO0106 |
| DEVOPS-OAS-61-001 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild | ops/devops | Add CI stages for OpenAPI linting, validation, and compatibility diff; enforce gating on PRs. | Wait for CCWO0101 spec | DVDO0106 |
| DEVOPS-OAS-61-002 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild | ops/devops | Integrate mock server + contract test suite into PR and nightly workflows; publish artifacts. Dependencies: DEVOPS-OAS-61-001. | Depends on #7 | DVDO0106 |
| DEVOPS-OBS-51-001 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild · Observability Guild | ops/devops | Implement SLO evaluator service (burn rate calculators, webhook emitters), Grafana dashboards, and alert routing to Notifier. Provide Terraform/Helm automation. Dependencies: DEVOPS-OBS-50-002. | Wait for 045_DVDO0103 alert catalog | DVOB0101 |
| DEVOPS-OBS-52-001 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild · Timeline Indexer Guild | ops/devops | Configure streaming pipeline (NATS/Redis/Kafka) with retention, partitioning, and backpressure tuning for timeline events; add CI validation of schema + rate caps. Dependencies: DEVOPS-OBS-51-001. | Needs #1 merged for shared correlation IDs | DVOB0101 |
| DEVOPS-OBS-53-001 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild · Evidence Locker Guild | ops/devops | Provision object storage with WORM/retention options (S3 Object Lock / MinIO immutability), legal hold automation, and backup/restore scripts for evidence locker. Dependencies: DEVOPS-OBS-52-001. | Depends on DSSE API from 002_ATEL0101 | DVOB0101 |
| DEVOPS-OBS-54-001 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild · Security Guild | ops/devops | Manage provenance signing infrastructure (KMS keys, rotation schedule, timestamp authority integration) and integrate verification jobs into CI. Dependencies: DEVOPS-OBS-53-001. | Requires security sign-off on cardinality budgets | DVOB0101 |
| DEVOPS-OBS-55-001 | TODO | | SPRINT_506_ops_devops_iv | DevOps Guild · Ops Guild | ops/devops | Implement incident mode automation: feature flag service, auto-activation via SLO burn-rate, retention override management, and post-incident reset job. Dependencies: DEVOPS-OBS-54-001. | Relies on #4 to finalize alert dimensions | DVOB0101 |
| DEVOPS-OFFLINE-17-004 | DONE | 2025-11-23 | SPRINT_508_ops_offline_kit | DevOps Offline Guild | ops/offline-kit | Mirrored release debug store via `mirror_debug_store.py`; summary at `out/offline-kit/metadata/debug-store.json`. | Wait for DVPL0101 compose | DVDO0107 |
| DEVOPS-OFFLINE-34-006 | TODO | | SPRINT_508_ops_offline_kit | DevOps Guild | ops/offline-kit | Bundle orchestrator service container, worker SDK samples, Postgres snapshot, and dashboards into Offline Kit with manifest/signature updates. Dependencies: DEVOPS-OFFLINE-17-004. | Depends on #1 | DVDO0107 |
| DEVOPS-OFFLINE-37-001 | TODO | | SPRINT_508_ops_offline_kit | DevOps Guild | ops/offline-kit | Export Center offline bundles + verification tooling (mirror artefacts, verification CLI, manifest/signature refresh, air-gap import script). Dependencies: DEVOPS-OFFLINE-34-006. | Needs RBRE hashes | DVDO0107 |
| DEVOPS-OFFLINE-37-002 | TODO | | SPRINT_508_ops_offline_kit | DevOps Guild | ops/offline-kit | Notifier offline packs (sample configs, template/digest packs, dry-run harness) with integrity checks and operator docs. Dependencies: DEVOPS-OFFLINE-37-001. | Depends on #3 | DVDO0107 |
| DEVOPS-OPENSSL-11-001 | TODO | 2025-11-06 | SPRINT_505_ops_devops_iii | Security + DevOps Guilds | ops/devops | Package the OpenSSL 1.1 shim (`tests/native/openssl-1.1/linux-x64`) into test harness output so Mongo2Go suites discover it automatically. | Wait for CRYO0101 artifacts | DVDO0107 |
| DEVOPS-OPENSSL-11-002 | TODO | 2025-11-06 | SPRINT_505_ops_devops_iii | DevOps Guild | ops/devops | Ensure CI runners and Docker images that execute Mongo2Go tests export `LD_LIBRARY_PATH` (or embed the shim) to unblock unattended pipelines. Dependencies: DEVOPS-OPENSSL-11-001. | Depends on #5 | DVDO0107 |
| DEVOPS-EXPORT-35-001 | DONE | 2025-10-29 | SPRINT_0504_0001_0001_ops_devops_ii | DevOps · Export Guild | ops/devops | CI contract drafted and fixtures added (`ops/devops/export/minio-compose.yml`, `seed-minio.sh`); ready to wire pipeline with offline MinIO, build/test, smoke, SBOM, dashboards. | Wait for DVPL0101 export deploy | DVDO0105 |
| DEVOPS-EXPORT-36-001 | DONE | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Export CI workflow added (`.gitea/workflows/export-ci.yml`) running build/test, MinIO fixture, Trivy/OCI smoke, SBOM artifacts. | Depends on #5 | DVDO0105 |
| DEVOPS-EXPORT-37-001 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Finalize exporter monitoring (failure alerts, verify metrics, retention jobs) and chaos/latency tests ahead of GA. Dependencies: DEVOPS-EXPORT-36-001. | Depends on #6 | DVDO0105 |
| DEVOPS-GRAPH-24-001 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps · Graph Guild | ops/devops | Load test graph index/adjacency APIs with 40k-node assets; capture perf dashboards and alert thresholds. | Wait for CCGH0101 endpoint | DVDO0106 |
| DEVOPS-GRAPH-24-002 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Integrate synthetic UI perf runs (Playwright/WebGL metrics) for Graph/Vuln explorers; fail builds on regression. Dependencies: DEVOPS-GRAPH-24-001. | Depends on #1 | DVDO0106 |
| DEVOPS-GRAPH-24-003 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Implement smoke job for simulation endpoints ensuring we stay within SLA (<3s upgrade) and log results. Dependencies: DEVOPS-GRAPH-24-002. | Depends on #2 | DVDO0106 |
| DEVOPS-LNM-22-001 | DONE | 2025-10-27 | SPRINT_0505_0001_0001_ops_devops_iii | DevOps · Concelier Guild | ops/devops | Backfill plan + validation scripts + dispatchable CI (`.gitea/workflows/lnm-backfill.yml`) added; ready to run on staging snapshot. | Needs CCLN0102 API | DVDO0106 |
| DEVOPS-LNM-22-002 | DONE | 2025-10-27 | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | VEX backfill dispatcher added (`.gitea/workflows/lnm-vex-backfill.yml`) with NATS/Redis inputs; plan documented in `ops/devops/lnm/vex-backfill-plan.md`. | Depends on #4 | DVDO0106 |
| DEVOPS-LNM-22-003 | DONE | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Metrics/alert scaffold plus CI check (`ops/devops/lnm/metrics-ci-check.sh`) added; ready for Grafana import. | Depends on #5 | DVDO0106 |
| DEVOPS-OAS-61-001 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Add CI stages for OpenAPI linting, validation, and compatibility diff; enforce gating on PRs. | Wait for CCWO0101 spec | DVDO0106 |
| DEVOPS-OAS-61-002 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Integrate mock server + contract test suite into PR and nightly workflows; publish artifacts. Dependencies: DEVOPS-OAS-61-001. | Depends on #7 | DVDO0106 |
| DEVOPS-OBS-51-001 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild · Observability Guild | ops/devops | Implement SLO evaluator service (burn rate calculators, webhook emitters), Grafana dashboards, and alert routing to Notifier. Provide Terraform/Helm automation. Dependencies: DEVOPS-OBS-50-002. | Wait for 045_DVDO0103 alert catalog | DVOB0101 |
| DEVOPS-OBS-52-001 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild · Timeline Indexer Guild | ops/devops | Configure streaming pipeline (NATS/Redis/Kafka) with retention, partitioning, and backpressure tuning for timeline events; add CI validation of schema + rate caps. Dependencies: DEVOPS-OBS-51-001. | Needs #1 merged for shared correlation IDs | DVOB0101 |
| DEVOPS-OBS-53-001 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild · Evidence Locker Guild | ops/devops | Provision object storage with WORM/retention options (S3 Object Lock / MinIO immutability), legal hold automation, and backup/restore scripts for evidence locker. Dependencies: DEVOPS-OBS-52-001. | Depends on DSSE API from 002_ATEL0101 | DVOB0101 |
| DEVOPS-OBS-54-001 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild · Security Guild | ops/devops | Manage provenance signing infrastructure (KMS keys, rotation schedule, timestamp authority integration) and integrate verification jobs into CI. Dependencies: DEVOPS-OBS-53-001. | Requires security sign-off on cardinality budgets | DVOB0101 |
| DEVOPS-OBS-55-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild · Ops Guild | ops/devops | Implement incident mode automation: feature flag service, auto-activation via SLO burn-rate, retention override management, and post-incident reset job. Dependencies: DEVOPS-OBS-54-001. | Relies on #4 to finalize alert dimensions | DVOB0101 |
| DEVOPS-OFFLINE-17-004 | DONE | 2025-11-23 | SPRINT_0508_0001_0001_ops_offline_kit | DevOps Offline Guild | ops/offline-kit | Mirrored release debug store via `mirror_debug_store.py`; summary at `out/offline-kit/metadata/debug-store.json`. | Wait for DVPL0101 compose | DVDO0107 |
| DEVOPS-OFFLINE-34-006 | TODO | | SPRINT_0508_0001_0001_ops_offline_kit | DevOps Guild | ops/offline-kit | Bundle orchestrator service container, worker SDK samples, Postgres snapshot, and dashboards into Offline Kit with manifest/signature updates. Dependencies: DEVOPS-OFFLINE-17-004. | Depends on #1 | DVDO0107 |
| DEVOPS-OFFLINE-37-001 | TODO | | SPRINT_0508_0001_0001_ops_offline_kit | DevOps Guild | ops/offline-kit | Export Center offline bundles + verification tooling (mirror artefacts, verification CLI, manifest/signature refresh, air-gap import script). Dependencies: DEVOPS-OFFLINE-34-006. | Needs RBRE hashes | DVDO0107 |
| DEVOPS-OFFLINE-37-002 | TODO | | SPRINT_0508_0001_0001_ops_offline_kit | DevOps Guild | ops/offline-kit | Notifier offline packs (sample configs, template/digest packs, dry-run harness) with integrity checks and operator docs. Dependencies: DEVOPS-OFFLINE-37-001. | Depends on #3 | DVDO0107 |
| DEVOPS-OPENSSL-11-001 | TODO | 2025-11-06 | SPRINT_0505_0001_0001_ops_devops_iii | Security + DevOps Guilds | ops/devops | Package the OpenSSL 1.1 shim (`tests/native/openssl-1.1/linux-x64`) into test harness output so Mongo2Go suites discover it automatically. | Wait for CRYO0101 artifacts | DVDO0107 |
| DEVOPS-OPENSSL-11-002 | TODO | 2025-11-06 | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Ensure CI runners and Docker images that execute Mongo2Go tests export `LD_LIBRARY_PATH` (or embed the shim) to unblock unattended pipelines. Dependencies: DEVOPS-OPENSSL-11-001. | Depends on #5 | DVDO0107 |
| DEVOPS-OPS-0001 | TODO | | SPRINT_318_docs_modules_devops | DevOps Ops Guild | docs/modules/devops | Sync outcomes back to ../.. | Depends on #1-6 | DVDO0107 |
| DEVOPS-ORCH-32-001 | TODO | | SPRINT_506_ops_devops_iv | DevOps · Orchestrator Guild | ops/devops | Provision orchestrator Postgres/message-bus infrastructure, add CI smoke deploy, seed Grafana dashboards (queue depth, inflight jobs), and document bootstrap. | Wait for ORTR0102 API | DVDO0108 |
| DEVOPS-ORCH-33-001 | TODO | | SPRINT_506_ops_devops_iv | DevOps Guild | ops/devops | Publish Grafana dashboards/alerts for rate limiter, backpressure, error clustering, and DLQ depth; integrate with on-call rotations. Dependencies: DEVOPS-ORCH-32-001. | Depends on #1 | DVDO0108 |
| DEVOPS-ORCH-34-001 | TODO | | SPRINT_506_ops_devops_iv | DevOps Guild | ops/devops | Harden production monitoring (synthetic probes, burn-rate alerts, replay smoke), document incident response, and prep GA readiness checklist. Dependencies: DEVOPS-ORCH-33-001. | Depends on #2 | DVDO0108 |
| DEVOPS-POLICY-27-001 | TODO | | SPRINT_506_ops_devops_iv | DevOps Guild · CLI Guild | ops/devops | Add CI stages to run `stella policy lint/simulate`, enforce deterministic logs + caching. | CLPS0102 | DVPL0104 |
| DEVOPS-POLICY-27-002 | TODO | | SPRINT_506_ops_devops_iv | DevOps Guild · Policy Registry Guild | ops/devops | Provide optional batch simulation CI job that triggers registry run, polls results, posts markdown summary. | DEVOPS-POLICY-27-001 | DVPL0104 |
| DEVOPS-POLICY-27-003 | TODO | | SPRINT_506_ops_devops_iv | DevOps Guild · Security Guild | ops/devops | Manage signing key material for policy publish pipeline; rotate keys, add attestation verification stage. | DEVOPS-POLICY-27-002 | DVPL0104 |
| DEVOPS-POLICY-27-004 | TODO | | SPRINT_506_ops_devops_iv | DevOps Guild · Observability Guild | ops/devops | Create dashboards/alerts for policy compile latency, simulation queue depth, promotion outcomes. | DEVOPS-POLICY-27-003 | DVPL0104 |
| DEVOPS-REL-17-004 | DONE | 2025-11-23 | SPRINT_506_ops_devops_iv | DevOps Release Guild | ops/devops | Release workflow now uploads `out/release/debug` as a dedicated artifact and already fails if symbols are missing; build-id manifest enforced. | Needs DVPL0101 release artifacts | DVDO0108 |
| DEVOPS-RULES-33-001 | TODO | 2025-10-30 | SPRINT_506_ops_devops_iv | DevOps · Policy Guild | ops/devops | Contracts & Rules anchor:<br>• Gateway proxies only; Policy Engine composes overlays/simulations.<br>• AOC ingestion cannot merge; only lossless canonicalization.<br>• One graph platform: Graph Indexer + Graph API. Cartographer retired. | Wait for CCPR0101 policy logs | DVDO0109 |
| DEVOPS-SCAN-90-004 | TODO | | SPRINT_505_ops_devops_iii | DevOps · Scanner Guild | ops/devops | Add a CI job that runs the scanner determinism harness against the release matrix (N runs per image), uploads `determinism.json`, and fails when score < threshold; publish artifact to release notes. Dependencies: SCAN-DETER-186-009/010. | Needs SCDT0101 fixtures | DVDO0109 |
| DEVOPS-SDK-63-001 | TODO | | SPRINT_506_ops_devops_iv | DevOps · SDK Guild | ops/devops | Provision registry credentials, signing keys, and secure storage for SDK publishing pipelines. | Depends on #2 | DVDO0109 |
| DEVOPS-SIG-26-001 | TODO | | SPRINT_506_ops_devops_iv | DevOps Guild · Signals Guild | ops/devops | Provision CI/CD pipelines, Helm/Compose manifests for Signals service, including artifact storage and Redis dependencies. | Wait for SGSI0101 metrics | DVDO0110 |
| DEVOPS-SIG-26-002 | TODO | | SPRINT_506_ops_devops_iv | DevOps Guild | ops/devops | Create dashboards/alerts for reachability scoring latency, cache hit rates, sensor staleness. Dependencies: DEVOPS-SIG-26-001. | Depends on #1 | DVDO0110 |
| DEVOPS-SYMS-90-005 | TODO | | SPRINT_505_ops_devops_iii | DevOps · Symbols Guild | ops/devops | Deploy Symbols.Server (Helm/Terraform), manage MinIO/Mongo storage, configure tenant RBAC/quotas, and wire ingestion CLI into release pipelines with monitoring and backups. Dependencies: SYMS-SERVER-401-011/013. | Needs RBSY0101 bundle | DVDO0110 |
| DEVOPS-TEN-47-001 | TODO | | SPRINT_506_ops_devops_iv | DevOps · Policy Guild | ops/devops | Add JWKS cache monitoring, signature verification regression tests, and token expiration chaos tests to CI. | Wait for CCPR0101 policy | DVDO0110 |
| DEVOPS-TEN-48-001 | TODO | | SPRINT_506_ops_devops_iv | DevOps Guild | ops/devops | Build integration tests to assert RLS enforcement, tenant-prefixed object storage, and audit event emission; set up lint to prevent raw SQL bypass. Dependencies: DEVOPS-TEN-47-001. | Depends on #4 | DVDO0110 |
| DEVOPS-TEN-49-001 | TODO | | SPRINT_507_ops_devops_v | DevOps Guild | ops/devops | Deploy audit pipeline, scope usage metrics, JWKS outage chaos tests, and tenant load/perf benchmarks. Dependencies: DEVOPS-TEN-48-001. | Depends on #5 | DVDO0110 |
| DEVOPS-VEX-30-001 | TODO | | SPRINT_507_ops_devops_v | DevOps Guild · VEX Lens Guild | ops/devops | Provision CI, load tests, dashboards, alerts for VEX Lens and Issuer Directory (compute latency, disputed totals, signature verification rates). | — | PLVL0103 |
| DEVOPS-VULN-29-001 | TODO | | SPRINT_507_ops_devops_v | DevOps · Vuln Guild | ops/devops | Provision CI jobs for ledger projector (replay, determinism), set up backups, monitor Merkle anchoring, and automate verification. | Needs DVPL0101 deploy | DVDO0110 |
| DEVOPS-VULN-29-002 | TODO | | SPRINT_507_ops_devops_v | DevOps Guild | ops/devops | Configure load/perf tests (5M findings/tenant), query budget enforcement, API SLO dashboards, and alerts for `vuln_list_latency` and `projection_lag`. Dependencies: DEVOPS-VULN-29-001. | Depends on #7 | DVDO0110 |
| DEVOPS-VULN-29-003 | TODO | | SPRINT_507_ops_devops_v | DevOps Guild | ops/devops | Instrument analytics pipeline for Vuln Explorer (telemetry ingestion, query hashes), ensure compliance with privacy/PII guardrails, and update observability docs. Dependencies: DEVOPS-VULN-29-002. | Depends on #8 | DVDO0110 |
| DEVOPS-ORCH-32-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps · Orchestrator Guild | ops/devops | Provision orchestrator Postgres/message-bus infrastructure, add CI smoke deploy, seed Grafana dashboards (queue depth, inflight jobs), and document bootstrap. | Wait for ORTR0102 API | DVDO0108 |
| DEVOPS-ORCH-33-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild | ops/devops | Publish Grafana dashboards/alerts for rate limiter, backpressure, error clustering, and DLQ depth; integrate with on-call rotations. Dependencies: DEVOPS-ORCH-32-001. | Depends on #1 | DVDO0108 |
| DEVOPS-ORCH-34-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild | ops/devops | Harden production monitoring (synthetic probes, burn-rate alerts, replay smoke), document incident response, and prep GA readiness checklist. Dependencies: DEVOPS-ORCH-33-001. | Depends on #2 | DVDO0108 |
| DEVOPS-POLICY-27-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild · CLI Guild | ops/devops | Add CI stages to run `stella policy lint/simulate`, enforce deterministic logs + caching. | CLPS0102 | DVPL0104 |
| DEVOPS-POLICY-27-002 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild · Policy Registry Guild | ops/devops | Provide optional batch simulation CI job that triggers registry run, polls results, posts markdown summary. | DEVOPS-POLICY-27-001 | DVPL0104 |
| DEVOPS-POLICY-27-003 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild · Security Guild | ops/devops | Manage signing key material for policy publish pipeline; rotate keys, add attestation verification stage. | DEVOPS-POLICY-27-002 | DVPL0104 |
| DEVOPS-POLICY-27-004 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild · Observability Guild | ops/devops | Create dashboards/alerts for policy compile latency, simulation queue depth, promotion outcomes. | DEVOPS-POLICY-27-003 | DVPL0104 |
| DEVOPS-REL-17-004 | DONE | 2025-11-23 | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Release Guild | ops/devops | Release workflow now uploads `out/release/debug` as a dedicated artifact and already fails if symbols are missing; build-id manifest enforced. | Needs DVPL0101 release artifacts | DVDO0108 |
| DEVOPS-RULES-33-001 | TODO | 2025-10-30 | SPRINT_0506_0001_0001_ops_devops_iv | DevOps · Policy Guild | ops/devops | Contracts & Rules anchor:<br>• Gateway proxies only; Policy Engine composes overlays/simulations.<br>• AOC ingestion cannot merge; only lossless canonicalization.<br>• One graph platform: Graph Indexer + Graph API. Cartographer retired. | Wait for CCPR0101 policy logs | DVDO0109 |
| DEVOPS-SCAN-90-004 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps · Scanner Guild | ops/devops | Add a CI job that runs the scanner determinism harness against the release matrix (N runs per image), uploads `determinism.json`, and fails when score < threshold; publish artifact to release notes. Dependencies: SCAN-DETER-186-009/010. | Needs SCDT0101 fixtures | DVDO0109 |
| DEVOPS-SDK-63-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps · SDK Guild | ops/devops | Provision registry credentials, signing keys, and secure storage for SDK publishing pipelines. | Depends on #2 | DVDO0109 |
| DEVOPS-SIG-26-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild · Signals Guild | ops/devops | Provision CI/CD pipelines, Helm/Compose manifests for Signals service, including artifact storage and Redis dependencies. | Wait for SGSI0101 metrics | DVDO0110 |
| DEVOPS-SIG-26-002 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild | ops/devops | Create dashboards/alerts for reachability scoring latency, cache hit rates, sensor staleness. Dependencies: DEVOPS-SIG-26-001. | Depends on #1 | DVDO0110 |
| DEVOPS-SYMS-90-005 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps · Symbols Guild | ops/devops | Deploy Symbols.Server (Helm/Terraform), manage MinIO/Mongo storage, configure tenant RBAC/quotas, and wire ingestion CLI into release pipelines with monitoring and backups. Dependencies: SYMS-SERVER-401-011/013. | Needs RBSY0101 bundle | DVDO0110 |
| DEVOPS-TEN-47-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps · Policy Guild | ops/devops | Add JWKS cache monitoring, signature verification regression tests, and token expiration chaos tests to CI. | Wait for CCPR0101 policy | DVDO0110 |
| DEVOPS-TEN-48-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild | ops/devops | Build integration tests to assert RLS enforcement, tenant-prefixed object storage, and audit event emission; set up lint to prevent raw SQL bypass. Dependencies: DEVOPS-TEN-47-001. | Depends on #4 | DVDO0110 |
| DEVOPS-TEN-49-001 | TODO | | SPRINT_0507_0001_0001_ops_devops_v | DevOps Guild | ops/devops | Deploy audit pipeline, scope usage metrics, JWKS outage chaos tests, and tenant load/perf benchmarks. Dependencies: DEVOPS-TEN-48-001. | Depends on #5 | DVDO0110 |
| DEVOPS-VEX-30-001 | TODO | | SPRINT_0507_0001_0001_ops_devops_v | DevOps Guild · VEX Lens Guild | ops/devops | Provision CI, load tests, dashboards, alerts for VEX Lens and Issuer Directory (compute latency, disputed totals, signature verification rates). | — | PLVL0103 |
| DEVOPS-VULN-29-001 | TODO | | SPRINT_0507_0001_0001_ops_devops_v | DevOps · Vuln Guild | ops/devops | Provision CI jobs for ledger projector (replay, determinism), set up backups, monitor Merkle anchoring, and automate verification. | Needs DVPL0101 deploy | DVDO0110 |
| DEVOPS-VULN-29-002 | TODO | | SPRINT_0507_0001_0001_ops_devops_v | DevOps Guild | ops/devops | Configure load/perf tests (5M findings/tenant), query budget enforcement, API SLO dashboards, and alerts for `vuln_list_latency` and `projection_lag`. Dependencies: DEVOPS-VULN-29-001. | Depends on #7 | DVDO0110 |
| DEVOPS-VULN-29-003 | TODO | | SPRINT_0507_0001_0001_ops_devops_v | DevOps Guild | ops/devops | Instrument analytics pipeline for Vuln Explorer (telemetry ingestion, query hashes), ensure compliance with privacy/PII guardrails, and update observability docs. Dependencies: DEVOPS-VULN-29-002. | Depends on #8 | DVDO0110 |
| DEVPORT-62-001 | TODO | | SPRINT_206_devportal | DevPortal Guild | src/DevPortal/StellaOps.DevPortal.Site | Select static site generator, integrate aggregate spec, build navigation + search scaffolding. | 62-001 | DEVL0101 |
| DEVPORT-62-002 | TODO | | SPRINT_206_devportal | DevPortal Guild | src/DevPortal/StellaOps.DevPortal.Site | Implement schema viewer, example rendering, copy-curl snippets, and version selector UI. Dependencies: DEVPORT-62-001. | DEVPORT-62-001 | DEVL0101 |
| DEVPORT-63-001 | TODO | | SPRINT_206_devportal | DevPortal Guild | src/DevPortal/StellaOps.DevPortal.Site | Add Try-It console pointing at sandbox environment with token onboarding and scope info. Dependencies: DEVPORT-62-002. | 63-001 | DEVL0101 |
@@ -633,9 +633,9 @@
| DEVPORT-64-002 | TODO | | SPRINT_206_devportal | Developer Portal Guild (src/DevPortal/StellaOps.DevPortal.Site) | src/DevPortal/StellaOps.DevPortal.Site | Add automated accessibility tests, link checker, and performance budgets. Dependencies: DEVPORT-64-001. | | DEVL0102 |
| DOC-008 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · Reachability Guild | `docs/reachability/function-level-evidence.md`, `docs/09_API_CLI_REFERENCE.md`, `docs/api/policy.md` | Wait for replay evidence from 100_RBBN0101 | Wait for replay evidence from 100_RBBN0101 | DORC0101 |
| DOC-70-001 | DONE | | SPRINT_170_notifications_telemetry | Docs Guild · Notifications Guild | docs | Gather notification doc references | Validate existing notifications doc and migrate notes | DOCP0101 |
| DOCKER-44-001 | TODO | | SPRINT_507_ops_devops_v | DevOps Guild · Service Owners | ops/devops | Author multi-stage Dockerfiles for all core services (API, Console, Orchestrator, Task Runner, Conseiller, Excitor, Policy, Notify, Export, AI) with non-root users, read-only file systems, and health scripts. | Wait for DVPL0101 compose merge | DVDO0111 |
| DOCKER-44-002 | TODO | | SPRINT_507_ops_devops_v | DevOps Guild | ops/devops | Generate SBOMs and cosign attestations for each image and integrate verification into CI. Dependencies: DOCKER-44-001. | Depends on #1 | DVDO0111 |
| DOCKER-44-003 | TODO | | SPRINT_507_ops_devops_v | DevOps Guild | ops/devops | Implement `/health/liveness`, `/health/readiness`, `/version`, `/metrics`, and ensure capability endpoint returns `merge=false` for Conseiller/Excitor. Dependencies: DOCKER-44-002. | Requires SBOM+scan workflow from 137_SCDT0101 | DVDO0111 |
| DOCKER-44-001 | TODO | | SPRINT_0507_0001_0001_ops_devops_v | DevOps Guild · Service Owners | ops/devops | Author multi-stage Dockerfiles for all core services (API, Console, Orchestrator, Task Runner, Conseiller, Excitor, Policy, Notify, Export, AI) with non-root users, read-only file systems, and health scripts. | Wait for DVPL0101 compose merge | DVDO0111 |
| DOCKER-44-002 | TODO | | SPRINT_0507_0001_0001_ops_devops_v | DevOps Guild | ops/devops | Generate SBOMs and cosign attestations for each image and integrate verification into CI. Dependencies: DOCKER-44-001. | Depends on #1 | DVDO0111 |
| DOCKER-44-003 | TODO | | SPRINT_0507_0001_0001_ops_devops_v | DevOps Guild | ops/devops | Implement `/health/liveness`, `/health/readiness`, `/version`, `/metrics`, and ensure capability endpoint returns `merge=false` for Conseiller/Excitor. Dependencies: DOCKER-44-002. | Requires SBOM+scan workflow from 137_SCDT0101 | DVDO0111 |
| DOCS-0001 | DONE | 2025-11-05 | SPRINT_313_docs_modules_attestor | Docs Guild | docs/modules/attestor | Confirm attestor module doc publication | Confirm attestor module doc scope | DOCP0101 |
| DOCS-0002 | TODO | 2025-11-05 | SPRINT_321_docs_modules_graph | Docs Guild (docs/modules/graph) | docs/modules/graph | — | — | DOCL0102 |
| DOCS-0003 | TODO | | SPRINT_327_docs_modules_scanner | Docs Guild, Product Guild (docs/modules/scanner) | docs/modules/scanner | — | — | DOCL0102 |
@@ -819,7 +819,7 @@
| DOCS-VULN-29-011 | TODO | | SPRINT_311_docs_tasks_md_xi | Docs Guild · Notifications Guild | docs/modules/vuln-explorer | Create `/docs/security/vuln-rbac.md` for roles, ABAC policies, attachment encryption, CSRF. Dependencies: DOCS-VULN-29-010. | Needs notifications contract | DOVL0102 |
| DOCS-VULN-29-012 | TODO | | SPRINT_311_docs_tasks_md_xi | Docs Guild · Policy Guild | docs/modules/vuln-explorer | Write `/docs/runbooks/vuln-ops.md` (projector lag, resolver storms, export failures, policy activation). Dependencies: DOCS-VULN-29-011. | Requires policy overlay outputs | DOVL0102 |
| DOCS-VULN-29-013 | TODO | | SPRINT_311_docs_tasks_md_xi | Docs Guild · DevEx/CLI Guild | docs/modules/vuln-explorer | Update `/docs/install/containers.md` with Findings Ledger & Vuln Explorer API images, manifests, resource sizing, health checks. Dependencies: DOCS-VULN-29-012. | Needs CLI/export scripts from 132_CLCI0110 | DOVL0102 |
| DOWNLOADS-CONSOLE-23-001 | TODO | | SPRINT_502_ops_deployment_ii | Docs Guild · Deployment Guild | docs/console | Maintain signed downloads manifest pipeline (images, Helm, offline bundles), publish JSON under `deploy/downloads/manifest.json`, and document sync cadence for Console + docs parity. | Need latest console build instructions | DOCN0101 |
| DOWNLOADS-CONSOLE-23-001 | TODO | | SPRINT_0502_0001_0001_ops_deployment_ii | Docs Guild · Deployment Guild | docs/console | Maintain signed downloads manifest pipeline (images, Helm, offline bundles), publish JSON under `deploy/downloads/manifest.json`, and document sync cadence for Console + docs parity. | Need latest console build instructions | DOCN0101 |
| DPOP-11-001 | TODO | 2025-11-08 | SPRINT_100_identity_signing | Docs Guild · Authority Core | src/Authority/StellaOps.Authority | Need DPoP ADR from PGMI0101 | AUTH-AOC-19-002 | DODP0101 |
| DSL-401-005 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · Policy Guild | `docs/policy/dsl.md`, `docs/policy/lifecycle.md` | Depends on PLLG0101 DSL updates | Depends on PLLG0101 DSL updates | DODP0101 |
| DSSE-CLI-401-021 | DONE | 2025-11-27 | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · CLI Guild | `src/Cli/StellaOps.Cli`, `scripts/ci/attest-*`, `docs/modules/attestor/architecture.md` | Ship a `stella attest` CLI (or sample `StellaOps.Attestor.Tool`) plus GitLab/GitHub workflow snippets that emit DSSE per build step (scan/package/push) using the new library and Authority keys. | Need CLI updates from latest DSSE release | DODS0101 |
@@ -1019,7 +1019,7 @@
| EXPORT-OAS-63 | TODO | | SPRINT_160_export_evidence | Exporter Service Guild · API Governance Guild | | Needs API governance sign-off (049_APIG0101) | Needs API governance sign-off (049_APIG0101) | AGEX0101 |
| EXPORT-OAS-63-001 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild · SDK Guild | src/ExportCenter/StellaOps.ExportCenter | Implement deprecation headers and notifications for legacy export endpoints. Dependencies: EXPORT-OAS-62-001. | Requires #3 schema | AGEX0101 |
| EXPORT-OBS-50-001 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild · Observability Guild | src/ExportCenter/StellaOps.ExportCenter | Adopt telemetry core in exporter service + workers, ensuring spans/logs capture profile id, tenant, artifact counts, distribution type, and trace IDs. | Wait for telemetry schema drop from 046_TLTY0101 | ECOB0101 |
| EXPORT-OBS-51-001 | TODO | | SPRINT_503_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | | Downstream automation awaiting assembler staffing outcome. | PROGRAM-STAFF-1001 | ECOB0101 |
| EXPORT-OBS-51-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | | Downstream automation awaiting assembler staffing outcome. | PROGRAM-STAFF-1001 | ECOB0101 |
| EXPORT-OBS-52-001 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild | src/ExportCenter/StellaOps.ExportCenter | Publish timeline events for export lifecycle (`export.requested`, `export.built`, `export.distributed`, `export.failed`) embedding manifest hashes and evidence refs. Provide dedupe + retry logic. Dependencies: EXPORT-OBS-51-001. | Requires shared middleware from task #1 | ECOB0101 |
| EXPORT-OBS-53-001 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild · Evidence Locker Guild | src/ExportCenter/StellaOps.ExportCenter | Push export manifests + distribution transcripts to evidence locker bundles, ensuring Merkle root alignment and DSSE pre-sign data available. Dependencies: EXPORT-OBS-52-001. | Blocked on Evidence Locker DSSE API (002_ATEL0101) | ECOB0101 |
| EXPORT-OBS-54-001 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild · Provenance Guild | src/ExportCenter/StellaOps.ExportCenter | Produce DSSE attestations for each export artifact and distribution target, expose verification API `/exports/{id}/attestation`, and integrate with CLI verify path. Dependencies: EXPORT-OBS-53-001. | PROGRAM-STAFF-1001; EXPORT-MIRROR-ORCH-1501 | ECOB0101 |
@@ -1047,8 +1047,8 @@
| FEEDCONN-CCCS-02-009 | TODO | | SPRINT_117_concelier_vi | Concelier Connector Guild CCCS (src/Concelier/__Libraries/StellaOps.Concelier.Connector.Cccs) | src/Concelier/__Libraries/StellaOps.Concelier.Connector.Cccs | Emit CCCS version ranges into `advisory_observations.affected.versions[]` with provenance anchors (`cccs:{serial}:{index}`) and normalized comparison keys per the Link-Not-Merge schema/doc recipes. Depends on CONCELIER-LNM-21-001. | — | FEFC0101 |
| FEEDCONN-CERTBUND-02-010 | TODO | | SPRINT_117_concelier_vi | Concelier Connector Guild CertBund (src/Concelier/__Libraries/StellaOps.Concelier.Connector.CertBund) | src/Concelier/__Libraries/StellaOps.Concelier.Connector.CertBund | Translate CERT-Bund `product.Versions` phrases into normalized ranges + provenance identifiers (`certbund:{advisoryId}:{vendor}`) while retaining localisation notes; update mapper/tests for Link-Not-Merge. Depends on CONCELIER-LNM-21-001. | — | FEFC0101 |
| FEEDCONN-CISCO-02-009 | DOING | 2025-11-08 | SPRINT_117_concelier_vi | Concelier Connector Guild Cisco (src/Concelier/__Libraries/StellaOps.Concelier.Connector.Vndr.Cisco) | src/Concelier/__Libraries/StellaOps.Concelier.Connector.Vndr.Cisco | Emit Cisco SemVer ranges into the new observation schema with provenance IDs (`cisco:{productId}`) and deterministic comparison keys; refresh fixtures to remove merge counters. Depends on CONCELIER-LNM-21-001. | — | FEFC0101 |
| FEEDCONN-ICSCISA-02-012 | BLOCKED | | SPRINT_503_ops_devops_i | Concelier Feed Owners | | Overdue provenance refreshes require schedule from feed owners. | FEED-REMEDIATION-1001 | FEFC0101 |
| FEEDCONN-KISA-02-008 | BLOCKED | | SPRINT_503_ops_devops_i | Concelier Feed Owners | | FEED-REMEDIATION-1001 | FEED-REMEDIATION-1001 | FEFC0101 |
| FEEDCONN-ICSCISA-02-012 | BLOCKED | | SPRINT_0503_0001_0001_ops_devops_i | Concelier Feed Owners | | Overdue provenance refreshes require schedule from feed owners. | FEED-REMEDIATION-1001 | FEFC0101 |
| FEEDCONN-KISA-02-008 | BLOCKED | | SPRINT_0503_0001_0001_ops_devops_i | Concelier Feed Owners | | FEED-REMEDIATION-1001 | FEED-REMEDIATION-1001 | FEFC0101 |
| FORENSICS-53-001 | TODO | | SPRINT_202_cli_ii | Forensics Guild | src/Cli/StellaOps.Cli | Replay data set | Replay data set | FONS0101 |
| FORENSICS-53-002 | TODO | | SPRINT_304_docs_tasks_md_iv | Forensics Guild | | FORENSICS-53-001 | FORENSICS-53-001 | FONS0101 |
| FORENSICS-53-003 | TODO | | SPRINT_304_docs_tasks_md_iv | Forensics Guild | | FORENSICS-53-001 | FORENSICS-53-001 | FONS0101 |
@@ -1108,10 +1108,10 @@
| GRAPH-INDEX-28-010 | TODO | | SPRINT_0140_0001_0001_runtime_signals | — | | Packaging/offline bundles paused until upstream graph jobs are available to embed. | — | ORGR0101 |
| GRAPH-INDEX-28-011 | TODO | 2025-11-04 | SPRINT_0207_0001_0001_graph | Graph Index Guild | src/Graph/StellaOps.Graph.Indexer | Wire SBOM ingest runtime to emit graph snapshot artifacts, add DI factory helpers, and document Mongo/snapshot environment guidance. Dependencies: GRAPH-INDEX-28-002..006. | GRSC0101 outputs | GRIX0101 |
| GRAPH-OPS-0001 | DONE (2025-11-26) | 2025-11-26 | SPRINT_321_docs_modules_graph | Ops Guild | docs/modules/graph | Review graph observability dashboards/runbooks after the next sprint demo. | GRUI0101 | GRDG0101 |
| HELM-45-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild (ops/deployment) | ops/deployment | | | GRIX0101 |
| HELM-45-002 | TODO | | SPRINT_502_ops_deployment_ii | Deployment Guild, Security Guild (ops/deployment) | ops/deployment | Add TLS/Ingress, NetworkPolicy, PodSecurityContexts, Secrets integration (external secrets), and document security posture. Dependencies: HELM-45-001. | | GRIX0101 |
| HELM-45-003 | TODO | | SPRINT_502_ops_deployment_ii | Deployment Guild, Observability Guild (ops/deployment) | ops/deployment | Implement HPA, PDB, readiness gates, Prometheus scraping annotations, OTel configuration hooks, and upgrade hooks. Dependencies: HELM-45-002. | | GRIX0101 |
| ICSCISA-02-012 | BLOCKED | | SPRINT_503_ops_devops_i | Concelier Feed Owners (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | src/Concelier/__Libraries/StellaOps.Concelier.Core | FEED-REMEDIATION-1001 | FEED-REMEDIATION-1001 | CCFD0101 |
| HELM-45-001 | TODO | | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild (ops/deployment) | ops/deployment | | | GRIX0101 |
| HELM-45-002 | TODO | | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment Guild, Security Guild (ops/deployment) | ops/deployment | Add TLS/Ingress, NetworkPolicy, PodSecurityContexts, Secrets integration (external secrets), and document security posture. Dependencies: HELM-45-001. | | GRIX0101 |
| HELM-45-003 | TODO | | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment Guild, Observability Guild (ops/deployment) | ops/deployment | Implement HPA, PDB, readiness gates, Prometheus scraping annotations, OTel configuration hooks, and upgrade hooks. Dependencies: HELM-45-002. | | GRIX0101 |
| ICSCISA-02-012 | BLOCKED | | SPRINT_0503_0001_0001_ops_devops_i | Concelier Feed Owners (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | src/Concelier/__Libraries/StellaOps.Concelier.Core | FEED-REMEDIATION-1001 | FEED-REMEDIATION-1001 | CCFD0101 |
| IMP-56-001 | TODO | | SPRINT_510_airgap | AirGap Importer Guild | src/AirGap/StellaOps.AirGap.Importer | Harden base importer pipeline. | EXAG0101 | GRIX0101 |
| IMP-56-002 | TODO | | SPRINT_510_airgap | AirGap Importer + Security Guilds | src/AirGap/StellaOps.AirGap.Importer | IMP-56-001 | IMP-56-001 | IMIM0101 |
| IMP-57-001 | TODO | | SPRINT_510_airgap | AirGap Importer Guild | src/AirGap/StellaOps.AirGap.Importer | IMP-56-002 | IMP-56-002 | IMIM0101 |
@@ -1133,7 +1133,7 @@
| INSTALL-46-001 | TODO | | SPRINT_305_docs_tasks_md_v | Docs Guild · Security Guild | | INSTALL-45-001 | INSTALL-45-001 | INST0101 |
| INSTALL-50-001 | TODO | | SPRINT_305_docs_tasks_md_v | Docs Guild · Support Guild | | INSTALL-44-001 | INSTALL-44-001 | INST0101 |
| KEV providers` | TODO | | SPRINT_115_concelier_iv | Concelier Core + Risk Engine Guilds (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | src/Concelier/__Libraries/StellaOps.Concelier.Core | Surface vendor-provided CVSS/KEV/fix data exactly as published (with provenance anchors) through provider APIs so risk engines can reason about upstream intent. | ICSCISA-02-012 | CCFD0101 |
| KISA-02-008 | BLOCKED | | SPRINT_503_ops_devops_i | Concelier Feed Owners | | | FEED-REMEDIATION-1001 | LATC0101 |
| KISA-02-008 | BLOCKED | | SPRINT_0503_0001_0001_ops_devops_i | Concelier Feed Owners | | | FEED-REMEDIATION-1001 | LATC0101 |
| KMS-73-001 | DONE (2025-11-03) | 2025-11-03 | SPRINT_100_identity_signing | KMS Guild (src/__Libraries/StellaOps.Cryptography.Kms) | src/__Libraries/StellaOps.Cryptography.Kms | AWS/GCP KMS drivers landed with digest-first signing, metadata caching, config samples, and docs/tests green. | AWS/GCP KMS drivers landed with digest-first signing, metadata caching, config samples, and docs/tests green. | KMSI0102 |
| KMS-73-002 | DONE (2025-11-03) | 2025-11-03 | SPRINT_100_identity_signing | KMS Guild (src/__Libraries/StellaOps.Cryptography.Kms) | src/__Libraries/StellaOps.Cryptography.Kms | PKCS#11 + FIDO2 drivers shipped (deterministic digesting, authenticator factories, DI extensions) with docs + xUnit fakes covering sign/verify/export flows. | FIDO2 | KMSI0102 |
| LATTICE-401-023 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Scanner Guild · Policy Guild | `docs/reachability/lattice.md`, `docs/modules/scanner/architecture.md`, `src/Scanner/StellaOps.Scanner.WebService` | Update reachability/lattice docs + examples. | GRSC0101 & RBRE0101 | LEDG0101 |
@@ -1191,12 +1191,12 @@
| LNM-22-005 | BLOCKED (2025-10-27) | 2025-10-27 | SPRINT_305_docs_tasks_md_v | Docs + UI Guild | | Docs update for UI flows. | DOCS-LNM-22-004 | IMPT0101 |
| LNM-22-007 | TODO | | SPRINT_305_docs_tasks_md_v | Docs Guild · Observability Guild | docs/modules/concelier/link-not-merge.md | Publish `/docs/observability/aggregation.md` with metrics/traces/logs/SLOs. Dependencies: DOCS-LNM-22-005. | DOCS-LNM-22-005 | DOLN0102 |
| LNM-22-008 | DONE | 2025-11-03 | SPRINT_117_concelier_vi | Docs Guild · DevOps Guild | docs/modules/concelier/link-not-merge.md | Document Link-Not-Merge migration playbook updates in `docs/migration/no-merge.md`, including rollback guidance. | LNM-22-007 | DOLN0102 |
| MIRROR-CRT-56-001 | TODO | | SPRINT_0506_ops_devops_iv | Mirror Creator Guild | | Deterministic assembler has no owner; kickoff rescheduled to 2025-11-15. | PROGRAM-STAFF-1001 | ATMI0101 |
| MIRROR-CRT-56-002 | TODO | | SPRINT_0506_ops_devops_iv | Mirror Creator · Security Guilds | | DSSE/TUF metadata follows assembler baseline. | MIRROR-CRT-56-001; MIRROR-DSSE-REV-1501; PROV-OBS-53-001 | ATMI0101 |
| MIRROR-CRT-57-001 | TODO | | SPRINT_0506_ops_devops_iv | Mirror Creator Guild · AirGap Time Guild | | OCI/time-anchor workstreams blocked pending assembler + time contract. | MIRROR-CRT-56-001; AIRGAP-TIME-CONTRACT-1501; AIRGAP-TIME-57-001 | ATMI0101 |
| MIRROR-CRT-57-002 | TODO | | SPRINT_0506_ops_devops_iv | Mirror Creator Guild · AirGap Time Guild | | MIRROR-CRT-56-001; AIRGAP-TIME-CONTRACT-1501; AIRGAP-TIME-57-001 | MIRROR-CRT-56-001; AIRGAP-TIME-CONTRACT-1501; AIRGAP-TIME-57-001 | ATMI0101 |
| MIRROR-CRT-58-001 | TODO | | SPRINT_0506_ops_devops_iv | Mirror Creator Guild · CLI Guild · Exporter Guild | | CLI + Export automation depends on assembler and DSSE/TUF track. | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | ATMI0101 |
| MIRROR-CRT-58-002 | TODO | | SPRINT_0506_ops_devops_iv | Mirror Creator Guild · CLI Guild · Exporter Guild | | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | ATMI0101 |
| MIRROR-CRT-56-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator Guild | | Deterministic assembler has no owner; kickoff rescheduled to 2025-11-15. | PROGRAM-STAFF-1001 | ATMI0101 |
| MIRROR-CRT-56-002 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator · Security Guilds | | DSSE/TUF metadata follows assembler baseline. | MIRROR-CRT-56-001; MIRROR-DSSE-REV-1501; PROV-OBS-53-001 | ATMI0101 |
| MIRROR-CRT-57-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator Guild · AirGap Time Guild | | OCI/time-anchor workstreams blocked pending assembler + time contract. | MIRROR-CRT-56-001; AIRGAP-TIME-CONTRACT-1501; AIRGAP-TIME-57-001 | ATMI0101 |
| MIRROR-CRT-57-002 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator Guild · AirGap Time Guild | | MIRROR-CRT-56-001; AIRGAP-TIME-CONTRACT-1501; AIRGAP-TIME-57-001 | MIRROR-CRT-56-001; AIRGAP-TIME-CONTRACT-1501; AIRGAP-TIME-57-001 | ATMI0101 |
| MIRROR-CRT-58-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator Guild · CLI Guild · Exporter Guild | | CLI + Export automation depends on assembler and DSSE/TUF track. | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | ATMI0101 |
| MIRROR-CRT-58-002 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator Guild · CLI Guild · Exporter Guild | | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | ATMI0101 |
| MTLS-11-002 | DONE | 2025-11-08 | SPRINT_100_identity_signing | Authority Core & Security Guild | src/Authority/StellaOps.Authority | Refresh grants enforce original client cert, tokens persist `x5t#S256` metadata, docs updated. | AUTH-DPOP-11-001 | AUIN0102 |
| NATIVE-401-015 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Scanner Worker Guild | `src/Scanner/__Libraries/StellaOps.Scanner.Symbols.Native`, `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph.Native` | Bootstrap Symbols.Native + CallGraph.Native scaffolding and coverage fixtures. | Needs replay requirements from DORR0101 | SCNA0101 |
| NOTIFY-38-001 | TODO | | SPRINT_0214_0001_0001_web_iii | BE-Base Platform Guild | src/Web/StellaOps.Web | Route approval/rule APIs through Web gateway with tenant scopes. | Wait for NOTY0103 approval payload schema | NOWB0101 |
@@ -1248,30 +1248,30 @@
| OBS-50-002 | DOING | | SPRINT_170_notifications_telemetry | Telemetry Core Guild | src/Telemetry/StellaOps.Telemetry.Core | Roll out Helm/collector bundles plus validation tests and DSSE artefacts for telemetry exporters. | OBS-50-001 | TLTY0102 |
| OBS-50-003 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild · Observability Guild | docs/observability | Publish `/docs/observability/collector-deploy.md` with telemetry baseline + offline flows. | OBS-50-001 | DOOB0102 |
| OBS-50-004 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild · Observability Guild | docs/observability | Document scrub policy/SOPs (`/docs/observability/scrub-policy.md`). | OBS-50-003 | DOOB0102 |
| OBS-51-001 | TODO | | SPRINT_503_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | ops/devops/telemetry | Build shared SLO bus (queue depth, time-anchor drift) feeding exporter/CLI dashboards. | PROGRAM-STAFF-1001 | OBAG0101 |
| OBS-51-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | ops/devops/telemetry | Build shared SLO bus (queue depth, time-anchor drift) feeding exporter/CLI dashboards. | PROGRAM-STAFF-1001 | OBAG0101 |
| OBS-51-002 | TODO | | SPRINT_170_notifications_telemetry | Telemetry Core Guild · Observability Guild | ops/devops/telemetry | Run shadow-mode evaluators + roll metrics into collectors + alert webhooks. | OBS-51-001 | OBAG0101 |
| OBS-52-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Emit ingest latency, queue depth, and AOC violation metrics with burn-rate alerts. | ATLN0101 | CNOB0103 |
| OBS-52-002 | TODO | | SPRINT_160_export_evidence | Timeline Indexer Guild | src/Timeline/StellaOps.TimelineIndexer | Configure streaming pipeline (retention/backpressure) for timeline events. | OBS-52-001 | TLIX0101 |
| OBS-52-003 | TODO | | SPRINT_160_export_evidence | Timeline Indexer Guild | src/Timeline/StellaOps.TimelineIndexer | Add CI validation + schema enforcement for timeline events. | OBS-52-002 | TLIX0101 |
| OBS-52-004 | TODO | | SPRINT_160_export_evidence | Timeline Indexer + Security Guilds | src/Timeline/StellaOps.TimelineIndexer | Harden streaming pipeline with auth/encryption + DSSE proofs. | OBS-52-003 | TLIX0101 |
| OBS-53-001 | TODO | | SPRINT_503_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | ops/devops/telemetry | Establish provenance SLO signals + exporter hooks. | PROGRAM-STAFF-1001 | PROB0102 |
| OBS-53-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | ops/devops/telemetry | Establish provenance SLO signals + exporter hooks. | PROGRAM-STAFF-1001 | PROB0102 |
| OBS-53-002 | TODO | | SPRINT_0513_0001_0001_provenance | Provenance + Security Guild | src/Provenance/StellaOps.Provenance.Attestation | Add attestation metrics + scrubbed logs referencing DSSE bundles. | OBS-53-001 | PROB0102 |
| OBS-53-003 | TODO | | SPRINT_0513_0001_0001_provenance | Provenance Guild | src/Provenance/StellaOps.Provenance.Attestation | Ship dashboards/tests proving attestation observability. | OBS-53-002 | PROB0102 |
| OBS-54-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild · Provenance Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Needs shared exporter from 1039_EXPORT-OBS-54-001 | Needs shared exporter from 1039_EXPORT-OBS-54-001 | CNOB0101 |
| OBS-54-002 | TODO | | SPRINT_161_evidencelocker | Evidence Locker Guild | src/EvidenceLocker/StellaOps.EvidenceLocker | Instrument Evidence Locker ingest/publish flows with metrics/logs + alerts. | OBS-53-002 | ELOC0102 |
| OBS-55-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core & DevOps Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Refresh ops automation/runbooks referencing new observability signals. | OBS-52-001 | CNOB0103 |
| OBS-56-001 | TODO | | SPRINT_174_telemetry | Telemetry Core Guild | src/Telemetry/StellaOps.Telemetry.Core | Generate signed air-gap telemetry bundles + validation tests. | OBS-50-002 | TLTY0103 |
| OFFLINE-17-004 | BLOCKED | 2025-10-26 | SPRINT_508_ops_offline_kit | Offline Kit Guild · DevOps Guild | ops/offline-kit | Repackage release-17 bundle with DSSE receipts + verification logs. | PROGRAM-STAFF-1001 | OFFK0101 |
| OFFLINE-34-006 | TODO | | SPRINT_508_ops_offline_kit | Offline Kit + Orchestrator Guild | ops/offline-kit | Add orchestrator automation + docs to Offline Kit release 34. | ATMI0102 | OFFK0101 |
| OFFLINE-37-001 | TODO | | SPRINT_508_ops_offline_kit | Offline Kit + Exporter Guild | ops/offline-kit | Ship export evidence bundle + checksum manifests for release 37. | EXPORT-MIRROR-ORCH-1501 | OFFK0101 |
| OFFLINE-37-002 | TODO | | SPRINT_508_ops_offline_kit | Offline Kit + Notifications Guild | ops/offline-kit | Package notifier templates/channel configs for offline ops (release 37). | NOTY0103 | OFFK0101 |
| OFFLINE-CONTAINERS-46-001 | TODO | | SPRINT_508_ops_offline_kit | Offline Kit + Deployment Guild | ops/offline-kit | Include container air-gap bundle, verification docs, and mirrored registry instructions. | OFFLINE-37-001 | OFFK0101 |
| OPENSSL-11-001 | TODO | 2025-11-06 | SPRINT_505_ops_devops_iii | DevOps Guild · Build Infra Guild | ops/devops | Rebuild OpenSSL toolchain with sovereign crypto patches + publish reproducible logs. | KMSI0102 | OPEN0101 |
| OPENSSL-11-002 | TODO | 2025-11-06 | SPRINT_505_ops_devops_iii | DevOps Guild · CI Guild | ops/devops | Update CI/container images with new OpenSSL packages + smoke tests. | OPENSSL-11-001 | OPEN0101 |
| OFFLINE-17-004 | BLOCKED | 2025-10-26 | SPRINT_0508_0001_0001_ops_offline_kit | Offline Kit Guild · DevOps Guild | ops/offline-kit | Repackage release-17 bundle with DSSE receipts + verification logs. | PROGRAM-STAFF-1001 | OFFK0101 |
| OFFLINE-34-006 | TODO | | SPRINT_0508_0001_0001_ops_offline_kit | Offline Kit + Orchestrator Guild | ops/offline-kit | Add orchestrator automation + docs to Offline Kit release 34. | ATMI0102 | OFFK0101 |
| OFFLINE-37-001 | TODO | | SPRINT_0508_0001_0001_ops_offline_kit | Offline Kit + Exporter Guild | ops/offline-kit | Ship export evidence bundle + checksum manifests for release 37. | EXPORT-MIRROR-ORCH-1501 | OFFK0101 |
| OFFLINE-37-002 | TODO | | SPRINT_0508_0001_0001_ops_offline_kit | Offline Kit + Notifications Guild | ops/offline-kit | Package notifier templates/channel configs for offline ops (release 37). | NOTY0103 | OFFK0101 |
| OFFLINE-CONTAINERS-46-001 | TODO | | SPRINT_0508_0001_0001_ops_offline_kit | Offline Kit + Deployment Guild | ops/offline-kit | Include container air-gap bundle, verification docs, and mirrored registry instructions. | OFFLINE-37-001 | OFFK0101 |
| OPENSSL-11-001 | TODO | 2025-11-06 | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild · Build Infra Guild | ops/devops | Rebuild OpenSSL toolchain with sovereign crypto patches + publish reproducible logs. | KMSI0102 | OPEN0101 |
| OPENSSL-11-002 | TODO | 2025-11-06 | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild · CI Guild | ops/devops | Update CI/container images with new OpenSSL packages + smoke tests. | OPENSSL-11-001 | OPEN0101 |
| OPS-0001 | DONE | 2025-11-07 | SPRINT_333_docs_modules_excititor | Ops Guild (docs/modules/excitor) | docs/modules/excitor | | | |
| OPS-ENV-01 | TODO | | SPRINT_507_ops_devops_v | DevOps Guild · Scanner Guild | ops/devops | Update Helm/Compose manifests + docs to include Surface.Env variables for Scanner/Zastava. | SCSS0101 | DOPS0101 |
| OPS-SECRETS-01 | TODO | | SPRINT_507_ops_devops_v | DevOps + Security Guild | ops/devops | Define secret provisioning workflow (Kubernetes, Compose, Offline Kit) for Surface.Secrets references and update runbooks. | OPS-ENV-01 | DOPS0101 |
| OPS-SECRETS-02 | TODO | | SPRINT_507_ops_devops_v | DevOps + Offline Kit Guild | ops/devops | Embed Surface.Secrets bundles (encrypted) into Offline Kit packaging scripts. | OPS-SECRETS-01 | DOPS0101 |
| OPS-ENV-01 | TODO | | SPRINT_0507_0001_0001_ops_devops_v | DevOps Guild · Scanner Guild | ops/devops | Update Helm/Compose manifests + docs to include Surface.Env variables for Scanner/Zastava. | SCSS0101 | DOPS0101 |
| OPS-SECRETS-01 | TODO | | SPRINT_0507_0001_0001_ops_devops_v | DevOps + Security Guild | ops/devops | Define secret provisioning workflow (Kubernetes, Compose, Offline Kit) for Surface.Secrets references and update runbooks. | OPS-ENV-01 | DOPS0101 |
| OPS-SECRETS-02 | TODO | | SPRINT_0507_0001_0001_ops_devops_v | DevOps + Offline Kit Guild | ops/devops | Embed Surface.Secrets bundles (encrypted) into Offline Kit packaging scripts. | OPS-SECRETS-01 | DOPS0101 |
| ORCH-32-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | — | — | ORGR0102 |
| ORCH-32-002 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | — | — | ORGR0102 |
| ORCH-33-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | — | — | ORGR0102 |
@@ -1321,7 +1321,7 @@
| ORCH-OPS-0001 | DONE | | SPRINT_0323_0001_0001_docs_modules_orchestrator | Ops Guild | docs/modules/orchestrator | Review orchestrator runbooks/observability checklists after new demos. | ORSC0104 | DOOR0103 |
| PACKS-42-001 | TODO | | SPRINT_0121_0001_0001_policy_reasoning | Findings Ledger Guild | src/Findings/StellaOps.Findings.Ledger | Provide snapshot/time-travel APIs and digestable exports for Task Pack simulation + CLI offline mode. | PLLG0103 | PKLD0101 |
| PACKS-43-001 | DONE | 2025-11-09 | SPRINT_100_identity_signing | Packs Guild · Authority Guild | src/Authority/StellaOps.Authority | Finalized Pack release 43 (signing, release notes, artefacts). | AUTH-PACKS-41-001; TASKRUN-42-001; ORCH-SVC-42-101 | PACK0101 |
| PACKS-43-002 | TODO | | SPRINT_508_ops_offline_kit | Offline Kit Guild, Packs Registry Guild (ops/offline-kit) | ops/offline-kit | Bundle packs registry artifacts, runbooks, and verification docs into Offline Kit release 43. | OFFLINE-37-001 | OFFK0101 |
| PACKS-43-002 | TODO | | SPRINT_0508_0001_0001_ops_offline_kit | Offline Kit Guild, Packs Registry Guild (ops/offline-kit) | ops/offline-kit | Bundle packs registry artifacts, runbooks, and verification docs into Offline Kit release 43. | OFFLINE-37-001 | OFFK0101 |
| PACKS-REG-41-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0154_0001_0001_packsregistry | Packs Registry Guild | src/PacksRegistry/StellaOps.PacksRegistry | Implement registry API/storage, version lifecycle, provenance export. | ORCH-SVC-42-101 | PKRG0101 |
| PACKS-REG-42-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0154_0001_0001_packsregistry | Packs Registry Guild | src/PacksRegistry/StellaOps.PacksRegistry | Add tenant allowlists, signature rotation, audit logs, Offline Kit seed support. | PACKS-REG-41-001 | PKRG0101 |
| PACKS-REG-43-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0154_0001_0001_packsregistry | Packs Registry Guild | src/PacksRegistry/StellaOps.PacksRegistry | Implement mirroring, pack signing policies, compliance dashboards, Export Center integration. | PACKS-REG-42-001 | PKRG0101 |
@@ -1508,7 +1508,7 @@
| REGISTRY-API-27-008 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Implement promotion bindings per tenant/environment with canary subsets, rollback path, and environment history | REGISTRY-API-27-007 | |
| REGISTRY-API-27-009 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild, Observability Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Instrument metrics/logs/traces | REGISTRY-API-27-008 | |
| REGISTRY-API-27-010 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild, QA Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Build unit/integration/load test suites for compile/sim/review/publish/promote flows; provide seeded fixtures for CI | REGISTRY-API-27-009 | |
| REL-17-004 | BLOCKED | 2025-10-26 | SPRINT_506_ops_devops_iv | DevOps Guild (ops/devops) | ops/devops | | | |
| REL-17-004 | BLOCKED | 2025-10-26 | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild (ops/devops) | ops/devops | | | |
| REP-004 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | BE-Base Platform Guild (`src/__Libraries/StellaOps.Replay.Core`, `docs/replay/DETERMINISTIC_REPLAY.md`) | `src/__Libraries/StellaOps.Replay.Core`, `docs/replay/DETERMINISTIC_REPLAY.md` | | | |
| REPLAY-185-003 | TODO | | SPRINT_185_shared_replay_primitives | Docs Guild, Platform Data Guild (docs) | | | | |
| REPLAY-185-004 | TODO | | SPRINT_185_shared_replay_primitives | Docs Guild (docs) | | | | |
@@ -1554,7 +1554,7 @@
| RISK-ENGINE-69-002 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild, Observability Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Add telemetry | RISK-ENGINE-69-001 | |
| RISK-ENGINE-70-001 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild, Export Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Support offline provider bundles with manifest verification and missing-data reporting | RISK-ENGINE-69-002 | |
| RISK-ENGINE-70-002 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild, Observability Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Integrate runtime evidence provider and reachability provider outputs with caching + TTL | RISK-ENGINE-70-001 | |
| RULES-33-001 | REVIEW (2025-10-30) | 2025-10-30 | SPRINT_506_ops_devops_iv | DevOps Guild, Platform Leads (ops/devops) | ops/devops | | | |
| RULES-33-001 | REVIEW (2025-10-30) | 2025-10-30 | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild, Platform Leads (ops/devops) | ops/devops | | | |
| RUNBOOK-401-017 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · Ops Guild (`docs/runbooks/reachability-runtime.md`, `docs/reachability/DELIVERY_GUIDE.md`) | `docs/runbooks/reachability-runtime.md`, `docs/reachability/DELIVERY_GUIDE.md` | | | |
| RUNBOOK-55-001 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild, Ops Guild (docs) | | | | |
| RUNBOOK-REPLAY-187-004 | TODO | | SPRINT_160_export_evidence | Docs/Ops Guild · `/docs/runbooks/replay_ops.md` | docs/runbooks/replay_ops.md | Docs/Ops Guild · `/docs/runbooks/replay_ops.md` | | |
@@ -1584,7 +1584,7 @@
| SBOM-VULN-29-001 | TODO | | SPRINT_0140_0001_0001_runtime_signals | | | Inventory evidence feed deferred until projection schema + runtime align. | | |
| SBOM-VULN-29-002 | TODO | | SPRINT_0140_0001_0001_runtime_signals | | | Resolver feed requires 29-001 event payloads. | | |
| SCAN-001 | TODO | | SPRINT_400_runtime_facts_static_callgraph_union | Scanner Worker Guild (`src/Scanner/StellaOps.Scanner.Worker`, `docs/modules/scanner/architecture.md`, `docs/reachability/function-level-evidence.md`) | `src/Scanner/StellaOps.Scanner.Worker`, `docs/modules/scanner/architecture.md`, `docs/reachability/function-level-evidence.md` | | | |
| SCAN-90-004 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild, Scanner Guild (ops/devops) | ops/devops | | | |
| SCAN-90-004 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild, Scanner Guild (ops/devops) | ops/devops | | | |
| SCAN-DETER-186-008 | DONE (2025-11-26) | | SPRINT_186_record_deterministic_execution | Scanner Guild · Provenance Guild | `src/Scanner/StellaOps.Scanner.WebService`, `src/Scanner/StellaOps.Scanner.Worker` | Add deterministic execution switches to Scanner (fixed clock, RNG seed, concurrency cap, feed/policy snapshot pins, log filtering) available via CLI/env/config so repeated runs stay hermetic. | ENTROPY-186-012 & SCANNER-ENV-02 | SCDE0102 |
| SCAN-DETER-186-009 | DONE (2025-11-27) | | SPRINT_186_record_deterministic_execution | Scanner Guild, QA Guild (`src/Scanner/StellaOps.Scanner.Replay`, `src/Scanner/__Tests`) | `src/Scanner/StellaOps.Scanner.Replay`, `src/Scanner/__Tests` | Build a determinism harness that replays N scans per image, canonicalises SBOM/VEX/findings/log outputs, and records per-run hash matrices (see `docs/modules/scanner/determinism-score.md`). | | |
| SCAN-DETER-186-010 | DONE (2025-11-27) | | SPRINT_186_record_deterministic_execution | Scanner Guild, Export Center Guild (`src/Scanner/StellaOps.Scanner.WebService`, `docs/modules/scanner/operations/release.md`) | `src/Scanner/StellaOps.Scanner.WebService`, `docs/modules/scanner/operations/release.md` | Emit and publish `determinism.json` (scores, artifact hashes, non-identical diffs) alongside each scanner release via CAS/object storage APIs (documented in `docs/modules/scanner/determinism-score.md`). | | |
@@ -1928,7 +1928,7 @@
| SVC-43-001 | TODO | | SPRINT_164_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | |
| SYM-007 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Scanner Worker Guild & Docs Guild (`src/Scanner/StellaOps.Scanner.Models`, `docs/modules/scanner/architecture.md`, `docs/reachability/function-level-evidence.md`) | `src/Scanner/StellaOps.Scanner.Models`, `docs/modules/scanner/architecture.md`, `docs/reachability/function-level-evidence.md` | | | |
| SYMS-70-003 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild, Symbols Guild (docs) | | | | |
| SYMS-90-005 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild, Symbols Guild (ops/devops) | ops/devops | | | |
| SYMS-90-005 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild, Symbols Guild (ops/devops) | ops/devops | | | |
| SYMS-BUNDLE-401-014 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Symbols Guild · Ops | `src/Symbols/StellaOps.Symbols.Bundle`, `ops` | Produce deterministic symbol bundles for air-gapped installs (`symbols bundle create | Depends on #1 | RBSY0101 |
| SYMS-CLIENT-401-012 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Symbols Guild · Scanner Guild | `src/Symbols/StellaOps.Symbols.Client`, `src/Scanner/StellaOps.Scanner.Symbolizer` | Ship `StellaOps.Symbols.Client` SDK (resolve/upload APIs, platform key derivation for ELF/PDB/Mach-O/JVM/Node, disk LRU cache) and integrate with Scanner.Symbolizer/runtime probes (ref. `docs/specs/SYMBOL_MANIFEST_v1.md`). | Depends on #3 | RBSY0101 |
| SYMS-INGEST-401-013 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Symbols Guild · DevOps Guild | `src/Symbols/StellaOps.Symbols.Ingestor.Cli`, `docs/specs/SYMBOL_MANIFEST_v1.md` | Build `symbols ingest` CLI to emit DSSE-signed `SymbolManifest v1`, upload blobs, and register Rekor entries; document GitLab/Gitea pipeline usage. | Needs manifest updates from #1 | RBSY0101 |
@@ -1965,7 +1965,7 @@
| TEN-49-001 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | |
| TEST-186-006 | TODO | | SPRINT_186_record_deterministic_execution | Signing Guild, QA Guild (`src/Signer/StellaOps.Signer.Tests`) | `src/Signer/StellaOps.Signer.Tests` | | | |
| TEST-62-001 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild, Contract Testing Guild (docs) | | | | |
| TIME-57-001 | TODO | | SPRINT_503_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | | | PROGRAM-STAFF-1001 | |
| TIME-57-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | | | PROGRAM-STAFF-1001 | |
| TIME-57-002 | TODO | | SPRINT_510_airgap | Exporter Guild · AirGap Time Guild · CLI Guild | src/AirGap/StellaOps.AirGap.Time | PROGRAM-STAFF-1001 | PROGRAM-STAFF-1001 | AGTM0101 |
| TIME-58-001 | TODO | | SPRINT_510_airgap | AirGap Time Guild | src/AirGap/StellaOps.AirGap.Time | AIRGAP-TIME-58-001 | AIRGAP-TIME-58-001 | AGTM0101 |
| TIME-58-002 | TODO | | SPRINT_510_airgap | AirGap Time Guild · Notifications Guild | src/AirGap/StellaOps.AirGap.Time | TIME-58-001 | TIME-58-001 | AGTM0101 |
@@ -2221,7 +2221,7 @@
| MIRROR-COORD-55-001 | TODO | | SPRINT_100_program_management | Program Mgmt Guild · Mirror Creator Guild | | — | — | PGMI0101 |
| ELOCKER-CONTRACT-2001 | TODO | | SPRINT_200_attestation_coord | Evidence Locker Guild | | — | — | ATEL0101 |
| ATTEST-PLAN-2001 | TODO | | SPRINT_200_attestation_coord | Evidence Locker Guild · Excititor Guild | | — | — | ATEL0101 |
| FEED-REMEDIATION-1001 | TODO | | SPRINT_503_ops_devops_i | Concelier Feed Owners | | — | — | FEFC0101 |
| FEED-REMEDIATION-1001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | Concelier Feed Owners | | — | — | FEFC0101 |
| MIRROR-DSSE-REV-1501 | TODO | | SPRINT_150_mirror_dsse | Mirror Creator Guild · Security Guild · Evidence Locker Guild | | — | — | ATEL0101 |
| AIRGAP-TIME-CONTRACT-1501 | TODO | | SPRINT_150_mirror_time | AirGap Time Guild | | — | — | ATMI0102 |
| EXPORT-MIRROR-ORCH-1501 | TODO | | SPRINT_150_mirror_orch | Exporter Guild · CLI Guild | | — | — | ATMI0102 |
@@ -2268,15 +2268,15 @@
| 34-101 | DONE | 2025-11-22 | SPRINT_0120_0000_0001_policy_reasoning | Findings Ledger Guild | src/Findings/StellaOps.Findings.Ledger | 29-009 | LEDGER-29-009 | PLLG0104 |
| 401-004 | BLOCKED | 2025-11-25 | SPRINT_0401_0001_0001_reachability_evidence_chain | Replay Core Guild | `src/__Libraries/StellaOps.Replay.Core` | Signals facts stable (SGSI0101) | Blocked: awaiting SGSI0101 runtime facts + CAS policy from GAP-REP-004 | RPRC0101 |
| 41-001 | DONE (2025-11-30) | 2025-11-30 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild | src/TaskRunner/StellaOps.TaskRunner | — | Contract landed via product advisory 2025-11-29; implemented per `docs/modules/taskrunner/architecture.md`. | ORTR0101 |
| 44-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild · DevEx Guild (ops/deployment) | ops/deployment | — | — | DVDO0103 |
| 44-002 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild (ops/deployment) | ops/deployment | 44-001 | 44-001 | DVDO0103 |
| 44-003 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild · Docs Guild (ops/deployment) | ops/deployment | 44-002 | 44-002 | DVDO0103 |
| 45-001 | BLOCKED | 2025-11-25 | SPRINT_502_ops_deployment_ii | Deployment Guild (ops/deployment) | ops/deployment | 44-003 | 44-003 | DVDO0103 |
| 45-002 | BLOCKED | 2025-11-25 | SPRINT_502_ops_deployment_ii | Deployment Guild · Security Guild (ops/deployment) | ops/deployment | 45-001 | 45-001 | DVDO0103 |
| 45-003 | BLOCKED | 2025-11-25 | SPRINT_502_ops_deployment_ii | Deployment Guild · Observability Guild (ops/deployment) | ops/deployment | 45-002 | 45-002 | DVDO0103 |
| 44-001 | TODO | | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · DevEx Guild (ops/deployment) | ops/deployment | — | — | DVDO0103 |
| 44-002 | TODO | | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild (ops/deployment) | ops/deployment | 44-001 | 44-001 | DVDO0103 |
| 44-003 | TODO | | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Docs Guild (ops/deployment) | ops/deployment | 44-002 | 44-002 | DVDO0103 |
| 45-001 | BLOCKED | 2025-11-25 | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment Guild (ops/deployment) | ops/deployment | 44-003 | 44-003 | DVDO0103 |
| 45-002 | BLOCKED | 2025-11-25 | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment Guild · Security Guild (ops/deployment) | ops/deployment | 45-001 | 45-001 | DVDO0103 |
| 45-003 | BLOCKED | 2025-11-25 | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment Guild · Observability Guild (ops/deployment) | ops/deployment | 45-002 | 45-002 | DVDO0103 |
| 50-002 | DOING | | SPRINT_170_notifications_telemetry | Telemetry Core Guild | src/Telemetry/StellaOps.Telemetry.Core | SGSI0101 feed availability | SGSI0101 feed availability | TLTY0101 |
| 51-002 | BLOCKED | 2025-11-25 | SPRINT_170_notifications_telemetry | Telemetry Core Guild · Observability Guild · Security Guild | src/Telemetry/StellaOps.Telemetry.Core | OBS-50 baselines | Waiting on OBS-50 baselines and ORCH-OBS-50-001 schemas | TLTY0101 |
| 54-001 | BLOCKED | 2025-11-25 | SPRINT_503_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | | Await PGMI0101 staffing confirmation | Staffing not assigned (PROGRAM-STAFF-1001) | AGCO0101 |
| 54-001 | BLOCKED | 2025-11-25 | SPRINT_0503_0001_0001_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | | Await PGMI0101 staffing confirmation | Staffing not assigned (PROGRAM-STAFF-1001) | AGCO0101 |
| 56-001 | BLOCKED | 2025-11-25 | SPRINT_170_notifications_telemetry | Telemetry Core Guild · Observability Guild | src/Telemetry/StellaOps.Telemetry.Core | SGSI0101 provenance | Blocked: SGSI0101 provenance feed/contract pending | TLTY0101 |
| 58 series | TODO | | SPRINT_0120_0000_0001_policy_reasoning | Findings Ledger Guild · AirGap Guilds · Evidence Locker Guild | src/Findings/StellaOps.Findings.Ledger | | | PLLG0102 |
| 61-001 | TODO | | SPRINT_511_api | API Governance Guild | src/Api/StellaOps.Api.Governance | — | — | APIG0101 |
@@ -2302,7 +2302,7 @@
| AIAI-31-006 | DONE | 2025-11-13 | SPRINT_0111_0001_0001_advisoryai | Docs Guild, Policy Guild (docs) | | — | — | DOAI0101 |
| AIAI-31-008 | DONE (2025-11-22) | 2025-11-22 | SPRINT_110_ingestion_evidence | Advisory AI Guild | | Remote inference packaging delivered with on-prem container + manifests. | AIAI-31-006; AIAI-31-007 | DOAI0101 |
| AIAI-31-009 | DONE | 2025-11-12 | SPRINT_110_ingestion_evidence | Advisory AI Guild | | Regression suite + `AdvisoryAI:Guardrails` config landed with perf budgets. | — | DOAI0101 |
| AIRGAP-46-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild · Offline Kit Guild | ops/deployment | Needs Mirror staffing + DSSE plan (001_PGMI0101, 002_ATEL0101) | Needs Mirror staffing + DSSE plan (001_PGMI0101, 002_ATEL0101) | AGDP0101 |
| AIRGAP-46-001 | TODO | | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Offline Kit Guild | ops/deployment | Needs Mirror staffing + DSSE plan (001_PGMI0101, 002_ATEL0101) | Needs Mirror staffing + DSSE plan (001_PGMI0101, 002_ATEL0101) | AGDP0101 |
| AIRGAP-56 | DONE (2025-11-24) | 2025-11-24 | SPRINT_110_ingestion_evidence | Excititor Guild · AirGap Guilds | docs/modules/airgap/airgap-mode.md | Air-gap ingest parity delivered against frozen LNM schema. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | AGCO0101 |
| AIRGAP-56-001 | DONE (2025-11-24) | 2025-11-24 | SPRINT_110_ingestion_evidence | Exporter Guild · AirGap Time Guild · CLI Guild | docs/modules/airgap/airgap-mode.md | Mirror import helpers and bundle catalog wired for sealed mode. | PROGRAM-STAFF-1001 | AGCO0101 |
| AIRGAP-56-001..58-001 | DONE (2025-11-24) | 2025-11-24 | SPRINT_110_ingestion_evidence | Concelier Core · AirGap Guilds | docs/modules/airgap/airgap-mode.md | Deterministic bundle + manifest/entry-trace and sealed-mode deploy runbook shipped. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ELOCKER-CONTRACT-2001 | AGCO0101 |
@@ -2311,7 +2311,7 @@
| AIRGAP-56-004 | TODO | | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Deployment Guild | docs/modules/airgap | AIRGAP-56-003 | DOCS-AIRGAP-56-003 | AIDG0101 |
| AIRGAP-57 | DONE (2025-11-24) | 2025-11-24 | SPRINT_110_ingestion_evidence | Excititor Guild · AirGap Guilds | docs/modules/airgap/airgap-mode.md | Air-gap bundle timeline/hooks completed. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | AGCO0101 |
| AIRGAP-57-001 | DONE | 2025-11-08 | SPRINT_100_identity_signing | Authority Core & Security Guild, DevOps Guild (src/Authority/StellaOps.Authority) | src/Authority/StellaOps.Authority | | AUTH-AIRGAP-56-001; DEVOPS-AIRGAP-57-002 | KMSI0101 |
| AIRGAP-57-002 | DOING | 2025-11-08 | SPRINT_503_ops_devops_i | DevOps Guild, Authority Guild (ops/devops) | ops/devops | | | DVDO0101 |
| AIRGAP-57-002 | DOING | 2025-11-08 | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Authority Guild (ops/devops) | ops/devops | | | DVDO0101 |
| AIRGAP-57-003 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild · CLI Guild | docs/modules/airgap | CLI & ops inputs | CLI & ops inputs | AIDG0101 |
| AIRGAP-57-004 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild · Ops Guild | docs/modules/airgap | AIRGAP-57-003 | AIRGAP-57-003 | AIDG0101 |
| AIRGAP-58 | DONE (2025-11-24) | 2025-11-24 | SPRINT_110_ingestion_evidence | Excititor Guild · AirGap Guilds | docs/modules/airgap/airgap-mode.md | Import/export automation delivered for frozen schema. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | AGCO0101 |
@@ -2331,7 +2331,7 @@
| AIRGAP-IMP-57-002 | TODO | | SPRINT_510_airgap | AirGap Importer Guild · DevOps Guild | src/AirGap/StellaOps.AirGap.Importer | Implement object-store loader storing artifacts under tenant/global mirror paths with Zstandard decompression and checksum validation. Dependencies: AIRGAP-IMP-57-001. | 57-001 | AGIM0101 |
| AIRGAP-IMP-58-001 | TODO | | SPRINT_510_airgap | AirGap Importer Guild · CLI Guild | src/AirGap/StellaOps.AirGap.Importer | Implement API (`POST /airgap/import`, `/airgap/verify`) and CLI commands wiring verification + catalog updates, including diff preview. Dependencies: AIRGAP-IMP-57-002. | CLI contract alignment | AGIM0101 |
| AIRGAP-IMP-58-002 | TODO | | SPRINT_510_airgap | AirGap Importer Guild · Observability Guild | src/AirGap/StellaOps.AirGap.Importer | Emit timeline events (`airgap.import.started. Dependencies: AIRGAP-IMP-58-001. | 58-001 observability | AGIM0101 |
| AIRGAP-TIME-57-001 | TODO | | SPRINT_503_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | | PROGRAM-STAFF-1001; AIRGAP-TIME-CONTRACT-1501 | PROGRAM-STAFF-1001; AIRGAP-TIME-CONTRACT-1501 | ATMI0102 |
| AIRGAP-TIME-57-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | | PROGRAM-STAFF-1001; AIRGAP-TIME-CONTRACT-1501 | PROGRAM-STAFF-1001; AIRGAP-TIME-CONTRACT-1501 | ATMI0102 |
| AIRGAP-TIME-57-002 | TODO | | SPRINT_510_airgap | AirGap Time Guild · Observability Guild | src/AirGap/StellaOps.AirGap.Time | Add telemetry counters for time anchors (`airgap_time_anchor_age_seconds`) and alerts for approaching thresholds. Dependencies: AIRGAP-TIME-57-001. | Controller schema | AGTM0101 |
| AIRGAP-TIME-58-001 | TODO | | SPRINT_510_airgap | AirGap Time Guild | src/AirGap/StellaOps.AirGap.Time | Persist drift baseline, compute per-content staleness (advisories, VEX, policy) based on bundle metadata, and surface through controller status API. Dependencies: AIRGAP-TIME-57-002. | 57-002 | AGTM0101 |
| AIRGAP-TIME-58-002 | TODO | | SPRINT_510_airgap | AirGap Time Guild, Notifications Guild (src/AirGap/StellaOps.AirGap.Time) | src/AirGap/StellaOps.AirGap.Time | Emit notifications and timeline events when staleness budgets breached or approaching. Dependencies: AIRGAP-TIME-58-001. | | AGTM0101 |
@@ -2420,7 +2420,7 @@
| AOC-19-002 | TODO | | SPRINT_123_policy_reasoning | Policy Guild | src/Policy/__Libraries/StellaOps.Policy | Depends on #1 | POLICY-AOC-19-001 | PLAO0101 |
| AOC-19-003 | TODO | | SPRINT_123_policy_reasoning | Policy Guild | src/Policy/__Libraries/StellaOps.Policy | Depends on #2 | POLICY-AOC-19-002 | PLAO0101 |
| AOC-19-004 | TODO | | SPRINT_123_policy_reasoning | Policy Guild | src/Policy/__Libraries/StellaOps.Policy | Depends on #3 | POLICY-AOC-19-003 | PLAO0101 |
| AOC-19-101 | TODO | 2025-10-28 | SPRINT_503_ops_devops_i | DevOps Guild | ops/devops | Needs helper definitions from PLAO0101 | Needs helper definitions from PLAO0101 | DVAO0101 |
| AOC-19-101 | TODO | 2025-10-28 | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild | ops/devops | Needs helper definitions from PLAO0101 | Needs helper definitions from PLAO0101 | DVAO0101 |
| API-27-001 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Governance decision (APIG0101) | Governance decision (APIG0101) | PLAR0101 |
| API-27-002 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #1 | REGISTRY-API-27-001 | PLAR0101 |
| API-27-003 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #2 | REGISTRY-API-27-002 | PLAR0101 |
@@ -2509,13 +2509,13 @@
| CLI-401-021 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | CLI Guild · DevOps Guild (`src/Cli/StellaOps.Cli`, `scripts/ci/attest-*`, `docs/modules/attestor/architecture.md`) | `src/Cli/StellaOps.Cli`, `scripts/ci/attest-*`, `docs/modules/attestor/architecture.md` | — | — | CLCI0101 |
| CLI-41-001 | TODO | | SPRINT_303_docs_tasks_md_iii | Docs Guild, DevEx/CLI Guild (docs) | | — | — | CLCI0101 |
| CLI-42-001 | BLOCKED | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild (docs) | | Superseded by DOCS-CLI-42-001; scope not defined separately. | Pending clarified scope | CLCI0101 |
| CLI-43-002 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild, Task Runner Guild (ops/devops) | ops/devops | — | — | CLCI0101 |
| CLI-43-003 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild, DevEx/CLI Guild (ops/devops) | ops/devops | — | — | CLCI0101 |
| CLI-43-002 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild, Task Runner Guild (ops/devops) | ops/devops | — | — | CLCI0101 |
| CLI-43-003 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild, DevEx/CLI Guild (ops/devops) | ops/devops | — | — | CLCI0101 |
| CLI-AIAI-31-001 | BLOCKED | 2025-11-22 | SPRINT_0201_0001_0001_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella advise summarize` command with JSON/Markdown outputs and citation display. Blocked: upstream Scanner analyzers (Node/Java) fail to compile, preventing CLI tests. | — | CLCI0101 |
| CLI-AIAI-31-002 | DONE | 2025-11-24 | SPRINT_0201_0001_0001_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella advise explain` showing conflict narrative and structured rationale. Dependencies: CLI-AIAI-31-001. | — | CLCI0101 |
| CLI-AIAI-31-003 | DONE | 2025-11-24 | SPRINT_0201_0001_0001_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella advise remediate` generating remediation plans with `--strategy` filters and file output. Dependencies: CLI-AIAI-31-002. | — | CLCI0101 |
| CLI-AIAI-31-004 | TODO | | SPRINT_0201_0001_0001_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella advise batch` for summaries/conflicts/remediation with progress + multi-status responses. Dependencies: CLI-AIAI-31-003. | — | CLCI0102 |
| CLI-AIRGAP-56-001 | TODO | | SPRINT_503_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | | PROGRAM-STAFF-1001 | PROGRAM-STAFF-1001 | ATMI0102 |
| CLI-AIRGAP-56-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | | PROGRAM-STAFF-1001 | PROGRAM-STAFF-1001 | ATMI0102 |
| CLI-AIRGAP-56-002 | TODO | | SPRINT_0201_0001_0001_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Ensure telemetry propagation under sealed mode (no remote exporters) while preserving correlation IDs; add label `AirGapped-Phase-1`. Dependencies: CLI-AIRGAP-56-001. | — | CLCI0102 |
| CLI-AIRGAP-57-001 | TODO | | SPRINT_0201_0001_0001_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Add `stella airgap import` with diff preview, bundle scope selection (`--tenant`, `--global`), audit logging, and progress reporting. Dependencies: CLI-AIRGAP-56-002. | — | CLCI0102 |
| CLI-AIRGAP-57-002 | TODO | | SPRINT_0201_0001_0001_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Provide `stella airgap seal. Dependencies: CLI-AIRGAP-57-001. | — | CLCI0102 |
@@ -2557,7 +2557,7 @@
| CLI-ORCH-34-001 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Provide backfill wizard (`--from/--to --dry-run`), quota management (`quotas get. Dependencies: CLI-ORCH-33-001. | ORGR0102 API review | CLCI0105 |
| CLI-PACKS-42-001 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement Task Pack commands (`pack plan/run/push/pull/verify`) with schema validation, expression sandbox, plan/simulate engine, remote execution. | — | CLCI0105 |
| CLI-PACKS-43-001 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Deliver advanced pack features (approvals pause/resume, secret injection, localization, man pages, offline cache). Dependencies: CLI-PACKS-42-001. | Offline kit schema sign-off | CLCI0105 |
| CLI-PACKS-43-002 | TODO | | SPRINT_508_ops_offline_kit | Offline Kit Guild · Packs Registry Guild | ops/offline-kit | Bundle Task Pack samples, registry mirror seeds, Task Runner configs, and CLI binaries with checksums into Offline Kit. | CLI-PACKS-43-001 | CLCI0105 |
| CLI-PACKS-43-002 | TODO | | SPRINT_0508_0001_0001_ops_offline_kit | Offline Kit Guild · Packs Registry Guild | ops/offline-kit | Bundle Task Pack samples, registry mirror seeds, Task Runner configs, and CLI binaries with checksums into Offline Kit. | CLI-PACKS-43-001 | CLCI0105 |
| CLI-PARITY-41-001 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Deliver parity command groups (`policy`, `sbom`, `vuln`, `vex`, `advisory`, `export`, `orchestrator`) with `--explain`, deterministic outputs, and parity matrix entries. | — | CLCI0106 |
| CLI-PARITY-41-002 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `notify`, `aoc`, `auth` command groups, idempotency keys, shell completions, config docs, and parity matrix export tooling. Dependencies: CLI-PARITY-41-001. | — | CLCI0106 |
| CLI-POLICY-20-001 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add `stella policy new | PLPE0101 completion | CLCI0106 |
@@ -2598,9 +2598,9 @@
| CLI-VULN-29-005 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add `stella vuln export` and `stella vuln bundle verify` commands to trigger/download evidence bundles and verify signatures. Dependencies: CLI-VULN-29-004. | CLI-VULN-29-004 | CLCI0107 |
| CLI-VULN-29-006 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild · Docs Guild | src/Cli/StellaOps.Cli | Update CLI docs/examples for Vulnerability Explorer with compliance checklist and CI snippets. Dependencies: CLI-VULN-29-005. | CLI-VULN-29-005 | CLCI0108 |
| CLIENT-401-012 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Symbols Guild | `src/Symbols/StellaOps.Symbols.Client`, `src/Scanner/StellaOps.Scanner.Symbolizer` | Align with symbolizer regression fixtures | Align with symbolizer regression fixtures | RBSY0101 |
| COMPOSE-44-001 | BLOCKED | 2025-11-25 | SPRINT_501_ops_deployment_i | Deployment Guild · DevEx Guild | ops/deployment | Author `docker-compose.yml`, `.env.example`, and `quickstart.sh` with all core services + dependencies (postgres, redis, object-store, queue, otel). | Waiting on consolidated service list/version pins from upstream module releases | DVCP0101 |
| COMPOSE-44-002 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild | ops/deployment | Implement `backup.sh` and `reset.sh` scripts with safety prompts and documentation. Dependencies: COMPOSE-44-001. | Depends on #1 | DVCP0101 |
| COMPOSE-44-003 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild | ops/deployment | Package seed data container and onboarding wizard toggle (`QUICKSTART_MODE`), ensuring default creds randomized on first run. Dependencies: COMPOSE-44-002. | Needs RBRE0101 provenance | DVCP0101 |
| COMPOSE-44-001 | BLOCKED | 2025-11-25 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · DevEx Guild | ops/deployment | Author `docker-compose.yml`, `.env.example`, and `quickstart.sh` with all core services + dependencies (postgres, redis, object-store, queue, otel). | Waiting on consolidated service list/version pins from upstream module releases | DVCP0101 |
| COMPOSE-44-002 | TODO | | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild | ops/deployment | Implement `backup.sh` and `reset.sh` scripts with safety prompts and documentation. Dependencies: COMPOSE-44-001. | Depends on #1 | DVCP0101 |
| COMPOSE-44-003 | TODO | | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild | ops/deployment | Package seed data container and onboarding wizard toggle (`QUICKSTART_MODE`), ensuring default creds randomized on first run. Dependencies: COMPOSE-44-002. | Needs RBRE0101 provenance | DVCP0101 |
| CONCELIER-AIAI-31-002 | DONE | 2025-11-18 | SPRINT_110_ingestion_evidence | Concelier Core · Concelier WebService Guilds | | Structured field/caching implementation gated on schema approval. | CONCELIER-GRAPH-21-001; CARTO-GRAPH-21-002 | DOAI0101 |
| CONCELIER-AIAI-31-003 | DONE | 2025-11-12 | SPRINT_110_ingestion_evidence | Docs Guild · Concelier Observability Guild | docs/modules/concelier/observability.md | Telemetry counters/histograms live for Advisory AI dashboards. | Summarize telemetry evidence | DOCO0101 |
| CONCELIER-AIRGAP-56-001 | DONE (2025-11-24) | | SPRINT_112_concelier_i | Concelier Core Guild | src/Concelier/StellaOps.Concelier.WebService/AirGap | Deterministic air-gap bundle builder with manifest + entry-trace hashes. | docs/runbooks/concelier-airgap-bundle-deploy.md | AGCN0101 |
@@ -2709,12 +2709,12 @@
| CORE-AOC-19-003 | TODO | | SPRINT_120_excititor_ii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Depends on #1 | Depends on #1 | EXAC0101 |
| CORE-AOC-19-004 | TODO | | SPRINT_120_excititor_ii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Depends on #2 | Depends on #2 | EXAC0101 |
| CORE-AOC-19-013 | TODO | | SPRINT_112_concelier_i | Concelier Core Guild + Excititor | src/Concelier/__Libraries/StellaOps.Concelier.Core | Needs CCAN0101 DSSE output | Needs CCAN0101 DSSE output | EXAC0101 |
| CRT-56-001 | TODO | | SPRINT_0506_ops_devops_iv | Mirror Creator Guild | | Wait for PGMI0101 owner | Wait for PGMI0101 owner | MRCR0101 |
| CRT-56-002 | TODO | | SPRINT_0506_ops_devops_iv | Mirror Creator · Security Guilds | | Depends on #1 | MIRROR-CRT-56-001; PROV-OBS-53-001 | MRCR0101 |
| CRT-57-001 | TODO | | SPRINT_0506_ops_devops_iv | Mirror Creator Guild · AirGap Time Guild | | Needs AIRGAP-TIME-57-001 | MIRROR-CRT-56-001; AIRGAP-TIME-57-001 | MRCR0101 |
| CRT-57-002 | TODO | | SPRINT_0506_ops_devops_iv | Mirror Creator Guild | | Depends on #3 | MIRROR-CRT-56-001; AIRGAP-TIME-57-001 | MRCR0101 |
| CRT-58-001 | TODO | | SPRINT_0506_ops_devops_iv | Mirror Creator + Evidence Locker | | Requires Evidence Locker contract | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | MRCR0101 |
| CRT-58-002 | TODO | | SPRINT_0506_ops_devops_iv | Mirror Creator + Security Guild | | Depends on #5 | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | MRCR0101 |
| CRT-56-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator Guild | | Wait for PGMI0101 owner | Wait for PGMI0101 owner | MRCR0101 |
| CRT-56-002 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator · Security Guilds | | Depends on #1 | MIRROR-CRT-56-001; PROV-OBS-53-001 | MRCR0101 |
| CRT-57-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator Guild · AirGap Time Guild | | Needs AIRGAP-TIME-57-001 | MIRROR-CRT-56-001; AIRGAP-TIME-57-001 | MRCR0101 |
| CRT-57-002 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator Guild | | Depends on #3 | MIRROR-CRT-56-001; AIRGAP-TIME-57-001 | MRCR0101 |
| CRT-58-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator + Evidence Locker | | Requires Evidence Locker contract | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | MRCR0101 |
| CRT-58-002 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator + Security Guild | | Depends on #5 | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | MRCR0101 |
| CRYPTO-90-001 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | | | CRSA0101 |
| CRYPTO-90-002 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | | | CRSA0101 |
| CRYPTO-90-003 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | | | CRSA0101 |
@@ -2741,103 +2741,103 @@
| CTL-57-001 | TODO | | SPRINT_510_airgap | Controller + Time Guild | src/AirGap/StellaOps.AirGap.Controller | Needs AGTM time anchors | Needs AGTM time anchors | AGCT0102 |
| CTL-57-002 | TODO | | SPRINT_510_airgap | Controller + Observability Guild | src/AirGap/StellaOps.AirGap.Controller | Depends on #3 | Depends on #3 | AGCT0102 |
| CTL-58-001 | TODO | | SPRINT_510_airgap | Controller + Evidence Locker Guild | src/AirGap/StellaOps.AirGap.Controller | Depends on #4 | Depends on #4 | AGCT0102 |
| DEPLOY-AIAI-31-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild · Advisory AI Guild | ops/deployment | Provide Helm/Compose manifests, GPU toggle, scaling/runbook, and offline kit instructions for Advisory AI service + inference container. | Wait for DVCP0101 compose template | DVPL0101 |
| DEPLOY-AIRGAP-46-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild · Offline Kit Guild | ops/deployment | Provide instructions and scripts (`load.sh`) for importing air-gap bundle into private registry; update Offline Kit guide. | Requires #1 artifacts | AGDP0101 |
| DEPLOY-CLI-41-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild · CLI Guild | ops/deployment | Package CLI release artifacts (tarballs per OS/arch, checksums, signatures, completions, container image) and publish distribution docs. | Wait for CLI observability schema (035_CLCI0105) | AGDP0101 |
| DEPLOY-COMPOSE-44-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild | ops/deployment | Finalize Quickstart scripts (`quickstart.sh`, `backup.sh`, `reset.sh`), seed data container, and publish README with imposed rule reminder. | Depends on #1 | DVPL0101 |
| DEPLOY-EXPORT-35-001 | BLOCKED | 2025-10-29 | SPRINT_501_ops_deployment_i | Deployment Guild · Export Center Guild | ops/deployment | Package exporter service/worker Helm overlays (download-only), document rollout/rollback, and integrate signing KMS secrets. | Need exporter DSSE API (002_ATEL0101) | AGDP0101 |
| DEPLOY-EXPORT-36-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild · Export Center Guild | ops/deployment | Document OCI/object storage distribution workflows, registry credential automation, and monitoring hooks for exports. Dependencies: DEPLOY-EXPORT-35-001. | Depends on #4 deliverables | AGDP0101 |
| DEPLOY-HELM-45-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment + Security Guilds | ops/deployment | Publish Helm install guide and sample values for prod/airgap; integrate with docs site build. | Needs helm chart schema | DVPL0101 |
| DEPLOY-NOTIFY-38-001 | TODO | 2025-10-29 | SPRINT_501_ops_deployment_i | Deployment + Notify Guilds | ops/deployment | Package notifier API/worker Helm overlays (email/chat/webhook), secrets templates, rollout guide. | Depends on #3 | DVPL0101 |
| DEPLOY-ORCH-34-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild · Orchestrator Guild | ops/deployment | Provide orchestrator Helm/Compose manifests, scaling defaults, secret templates, offline kit instructions, and GA rollout/rollback playbook. | Requires ORTR0101 readiness | AGDP0101 |
| DEPLOY-PACKS-42-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild · Packs Registry Guild | ops/deployment | Provide deployment manifests for packs-registry and task-runner services, including Helm/Compose overlays, scaling defaults, and secret templates. | Wait for pack registry schema | AGDP0101 |
| DEPLOY-PACKS-43-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild · Task Runner Guild | ops/deployment | Ship remote Task Runner worker profiles, object storage bootstrap, approval workflow integration, and Offline Kit packaging instructions. Dependencies: DEPLOY-PACKS-42-001. | Needs #7 artifacts | AGDP0101 |
| DEPLOY-POLICY-27-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild · Policy Registry Guild | ops/deployment | Produce Helm/Compose overlays for Policy Registry + simulation workers, including Mongo migrations, object storage buckets, signing key secrets, and tenancy defaults. | Needs registry schema + secrets | AGDP0101 |
| DEPLOY-POLICY-27-002 | TODO | | SPRINT_502_ops_deployment_ii | Deployment Guild · Policy Guild | ops/deployment | Document rollout/rollback playbooks for policy publish/promote (canary strategy, emergency freeze toggle, evidence retrieval) under `/docs/runbooks/policy-incident.md`. Dependencies: DEPLOY-POLICY-27-001. | Depends on 27-001 | AGDP0101 |
| DEPLOY-VEX-30-001 | TODO | | SPRINT_502_ops_deployment_ii | Deployment + VEX Lens Guild | ops/deployment | Provide Helm/Compose overlays, scaling defaults, and offline kit instructions for VEX Lens service. | Wait for CCWO0101 schema | DVPL0101 |
| DEPLOY-VEX-30-002 | TODO | | SPRINT_502_ops_deployment_ii | Deployment Guild | ops/deployment | Package Issuer Directory deployment manifests, backups, and security hardening guidance. Dependencies: DEPLOY-VEX-30-001. | Depends on #5 | DVPL0101 |
| DEPLOY-VULN-29-001 | TODO | | SPRINT_502_ops_deployment_ii | Deployment + Vuln Guild | ops/deployment | Produce Helm/Compose overlays for Findings Ledger + projector, including DB migrations, Merkle anchor jobs, and scaling guidance. | Needs CCWO0101 | DVPL0101 |
| DEPLOY-VULN-29-002 | TODO | | SPRINT_502_ops_deployment_ii | Deployment Guild | ops/deployment | Package `stella-vuln-explorer-api` deployment manifests, health checks, autoscaling policies, and offline kit instructions with signed images. Dependencies: DEPLOY-VULN-29-001. | Depends on #7 | DVPL0101 |
| DEPLOY-AIAI-31-001 | TODO | | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Advisory AI Guild | ops/deployment | Provide Helm/Compose manifests, GPU toggle, scaling/runbook, and offline kit instructions for Advisory AI service + inference container. | Wait for DVCP0101 compose template | DVPL0101 |
| DEPLOY-AIRGAP-46-001 | TODO | | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Offline Kit Guild | ops/deployment | Provide instructions and scripts (`load.sh`) for importing air-gap bundle into private registry; update Offline Kit guide. | Requires #1 artifacts | AGDP0101 |
| DEPLOY-CLI-41-001 | TODO | | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · CLI Guild | ops/deployment | Package CLI release artifacts (tarballs per OS/arch, checksums, signatures, completions, container image) and publish distribution docs. | Wait for CLI observability schema (035_CLCI0105) | AGDP0101 |
| DEPLOY-COMPOSE-44-001 | TODO | | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild | ops/deployment | Finalize Quickstart scripts (`quickstart.sh`, `backup.sh`, `reset.sh`), seed data container, and publish README with imposed rule reminder. | Depends on #1 | DVPL0101 |
| DEPLOY-EXPORT-35-001 | BLOCKED | 2025-10-29 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Export Center Guild | ops/deployment | Package exporter service/worker Helm overlays (download-only), document rollout/rollback, and integrate signing KMS secrets. | Need exporter DSSE API (002_ATEL0101) | AGDP0101 |
| DEPLOY-EXPORT-36-001 | TODO | | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Export Center Guild | ops/deployment | Document OCI/object storage distribution workflows, registry credential automation, and monitoring hooks for exports. Dependencies: DEPLOY-EXPORT-35-001. | Depends on #4 deliverables | AGDP0101 |
| DEPLOY-HELM-45-001 | TODO | | SPRINT_0501_0001_0001_ops_deployment_i | Deployment + Security Guilds | ops/deployment | Publish Helm install guide and sample values for prod/airgap; integrate with docs site build. | Needs helm chart schema | DVPL0101 |
| DEPLOY-NOTIFY-38-001 | TODO | 2025-10-29 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment + Notify Guilds | ops/deployment | Package notifier API/worker Helm overlays (email/chat/webhook), secrets templates, rollout guide. | Depends on #3 | DVPL0101 |
| DEPLOY-ORCH-34-001 | TODO | | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Orchestrator Guild | ops/deployment | Provide orchestrator Helm/Compose manifests, scaling defaults, secret templates, offline kit instructions, and GA rollout/rollback playbook. | Requires ORTR0101 readiness | AGDP0101 |
| DEPLOY-PACKS-42-001 | TODO | | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Packs Registry Guild | ops/deployment | Provide deployment manifests for packs-registry and task-runner services, including Helm/Compose overlays, scaling defaults, and secret templates. | Wait for pack registry schema | AGDP0101 |
| DEPLOY-PACKS-43-001 | TODO | | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Task Runner Guild | ops/deployment | Ship remote Task Runner worker profiles, object storage bootstrap, approval workflow integration, and Offline Kit packaging instructions. Dependencies: DEPLOY-PACKS-42-001. | Needs #7 artifacts | AGDP0101 |
| DEPLOY-POLICY-27-001 | TODO | | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Policy Registry Guild | ops/deployment | Produce Helm/Compose overlays for Policy Registry + simulation workers, including Mongo migrations, object storage buckets, signing key secrets, and tenancy defaults. | Needs registry schema + secrets | AGDP0101 |
| DEPLOY-POLICY-27-002 | TODO | | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment Guild · Policy Guild | ops/deployment | Document rollout/rollback playbooks for policy publish/promote (canary strategy, emergency freeze toggle, evidence retrieval) under `/docs/runbooks/policy-incident.md`. Dependencies: DEPLOY-POLICY-27-001. | Depends on 27-001 | AGDP0101 |
| DEPLOY-VEX-30-001 | TODO | | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment + VEX Lens Guild | ops/deployment | Provide Helm/Compose overlays, scaling defaults, and offline kit instructions for VEX Lens service. | Wait for CCWO0101 schema | DVPL0101 |
| DEPLOY-VEX-30-002 | TODO | | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment Guild | ops/deployment | Package Issuer Directory deployment manifests, backups, and security hardening guidance. Dependencies: DEPLOY-VEX-30-001. | Depends on #5 | DVPL0101 |
| DEPLOY-VULN-29-001 | TODO | | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment + Vuln Guild | ops/deployment | Produce Helm/Compose overlays for Findings Ledger + projector, including DB migrations, Merkle anchor jobs, and scaling guidance. | Needs CCWO0101 | DVPL0101 |
| DEPLOY-VULN-29-002 | TODO | | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment Guild | ops/deployment | Package `stella-vuln-explorer-api` deployment manifests, health checks, autoscaling policies, and offline kit instructions with signed images. Dependencies: DEPLOY-VULN-29-001. | Depends on #7 | DVPL0101 |
| DETER-186-008 | TODO | | SPRINT_186_record_deterministic_execution | Scanner Guild | `src/Scanner/StellaOps.Scanner.WebService`, `src/Scanner/StellaOps.Scanner.Worker` | Wait for RLRC0101 fixture | Wait for RLRC0101 fixture | SCDT0101 |
| DETER-186-009 | TODO | | SPRINT_186_record_deterministic_execution | Scanner Guild · QA Guild | `src/Scanner/StellaOps.Scanner.Replay`, `src/Scanner/__Tests` | Depends on #1 | Depends on #1 | SCDT0101 |
| DETER-186-010 | TODO | | SPRINT_186_record_deterministic_execution | Scanner Guild · Export Center Guild | `src/Scanner/StellaOps.Scanner.WebService`, `docs/modules/scanner/operations/release.md` | Depends on #2 | Depends on #2 | SCDT0101 |
| DETER-70-002 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Scanner Guild | | Needs CASC0101 manifest | Needs CASC0101 manifest | SCDT0101 |
| DETER-70-003 | TODO | | SPRINT_202_cli_ii | DevEx/CLI Guild · Scanner Guild | src/Cli/StellaOps.Cli | Depends on #4 | Depends on #4 | SCDT0101 |
| DETER-70-004 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Depends on #5 | Depends on #5 | SCDT0101 |
| DEVOPS-AIAI-31-001 | TODO | | SPRINT_503_ops_devops_i | DevOps Guild, Advisory AI Guild (ops/devops) | ops/devops | Stand up CI pipelines, inference monitoring, privacy logging review, and perf dashboards for Advisory AI (summaries/conflicts/remediation). | — | DVDO0101 |
| DEVOPS-AIRGAP-56-001 | TODO | | SPRINT_503_ops_devops_i | DevOps Guild (ops/devops) | ops/devops | Ship deny-all egress policies for Kubernetes (NetworkPolicy/eBPF) and docker-compose firewall rules; provide verification script for sealed mode. | — | DVDO0101 |
| DEVOPS-AIRGAP-56-002 | TODO | | SPRINT_503_ops_devops_i | DevOps Guild, AirGap Importer Guild (ops/devops) | ops/devops | Provide import tooling for bundle staging: checksum validation, offline object-store loader scripts, removable media guidance. Dependencies: DEVOPS-AIRGAP-56-001. | — | DVDO0101 |
| DEVOPS-AIRGAP-56-003 | TODO | | SPRINT_503_ops_devops_i | DevOps Guild, Container Distribution Guild (ops/devops) | ops/devops | Build Bootstrap Pack pipeline bundling images/charts, generating checksums, and publishing manifest for offline transfer. Dependencies: DEVOPS-AIRGAP-56-002. | — | DVDO0101 |
| DEVOPS-AIRGAP-57-001 | TODO | | SPRINT_503_ops_devops_i | DevOps Guild, Mirror Creator Guild (ops/devops) | ops/devops | Automate Mirror Bundle creation jobs with dual-control approvals, artifact signing, and checksum publication. Dependencies: DEVOPS-AIRGAP-56-003. | — | DVDO0101 |
| DEVOPS-AIRGAP-57-002 | DOING | 2025-11-08 | SPRINT_503_ops_devops_i | DevOps Guild, Authority Guild (ops/devops) | ops/devops | Configure sealed-mode CI tests that run services with sealed flag and ensure no egress occurs (iptables + mock DNS). Dependencies: DEVOPS-AIRGAP-57-001. | — | DVDO0101 |
| DEVOPS-AIRGAP-58-001 | TODO | | SPRINT_503_ops_devops_i | DevOps Guild, Notifications Guild (ops/devops) | ops/devops | Provide local SMTP/syslog container templates and health checks for sealed environments; integrate into Bootstrap Pack. Dependencies: DEVOPS-AIRGAP-57-002. | — | DVDO0101 |
| DEVOPS-AIRGAP-58-002 | TODO | | SPRINT_503_ops_devops_i | DevOps Guild, Observability Guild (ops/devops) | ops/devops | Ship sealed-mode observability stack (Prometheus/Grafana/Tempo/Loki) pre-configured with offline dashboards and no remote exporters. Dependencies: DEVOPS-AIRGAP-58-001. | — | DVDO0101 |
| DEVOPS-AOC-19-001 | BLOCKED | 2025-10-26 | SPRINT_503_ops_devops_i | DevOps Guild, Platform Guild (ops/devops) | ops/devops | Integrate the AOC Roslyn analyzer and guard tests into CI, failing builds when ingestion projects attempt banned writes. | CCAO0101 | DVDO0101 |
| DEVOPS-AOC-19-002 | BLOCKED | 2025-10-26 | SPRINT_503_ops_devops_i | DevOps Guild (ops/devops) | ops/devops | Add pipeline stage executing `stella aoc verify --since` against seeded Mongo snapshots for Concelier + Excititor, publishing violation report artefacts. Dependencies: DEVOPS-AOC-19-001. | DEVOPS-AOC-19-001 | DVDO0101 |
| DEVOPS-AOC-19-003 | BLOCKED | 2025-10-26 | SPRINT_503_ops_devops_i | DevOps Guild, QA Guild (ops/devops) | ops/devops | Enforce unit test coverage thresholds for AOC guard suites and ensure coverage exported to dashboards. Dependencies: DEVOPS-AOC-19-002. | DEVOPS-AOC-19-002 | DVDO0102 |
| DEVOPS-AOC-19-101 | TODO | 2025-10-28 | SPRINT_503_ops_devops_i | DevOps Guild · Concelier Storage Guild | ops/devops | Draft supersedes backfill rollout (freeze window, dry-run steps, rollback) once advisory_raw idempotency index passes staging verification. Dependencies: DEVOPS-AOC-19-003. | Align with CCOA0101 contract | DVDO0104 |
| DEVOPS-ATTEST-73-001 | TODO | | SPRINT_503_ops_devops_i | DevOps Guild, Attestor Service Guild (ops/devops) | ops/devops | Provision CI pipelines for attestor service (lint/test/security scan, seed data) and manage secrets for KMS drivers. | — | DVDO0102 |
| DEVOPS-ATTEST-73-002 | TODO | | SPRINT_503_ops_devops_i | DevOps Guild, KMS Guild (ops/devops) | ops/devops | Establish secure storage for signing keys (vault integration, rotation schedule) and audit logging. Dependencies: DEVOPS-ATTEST-73-001. | — | DVDO0102 |
| DEVOPS-ATTEST-74-001 | TODO | | SPRINT_503_ops_devops_i | DevOps Guild, Transparency Guild (ops/devops) | ops/devops | Deploy transparency log witness infrastructure and monitoring. Dependencies: DEVOPS-ATTEST-73-002. | — | DVDO0102 |
| DEVOPS-ATTEST-74-002 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild, Export Attestation Guild (ops/devops) | ops/devops | Integrate attestation bundle builds into release/offline pipelines with checksum verification. Dependencies: DEVOPS-ATTEST-74-001. | — | DVDO0102 |
| DEVOPS-ATTEST-75-001 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild, Observability Guild (ops/devops) | ops/devops | Add dashboards/alerts for signing latency, verification failures, key rotation events. Dependencies: DEVOPS-ATTEST-74-002. | — | DVDO0102 |
| DEVOPS-CLI-41-001 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild, DevEx/CLI Guild (ops/devops) | ops/devops | Establish CLI build pipeline (multi-platform binaries, SBOM, checksums), parity matrix CI enforcement, and release artifact signing. | — | DVDO0102 |
| DEVOPS-CLI-42-001 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild (ops/devops) | ops/devops | Add CLI golden output tests, parity diff automation, pack run CI harness, and artifact cache for remote mode. Dependencies: DEVOPS-CLI-41-001. | — | DVDO0102 |
| DEVOPS-CLI-43-002 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild, Task Runner Guild (ops/devops) | ops/devops | Implement Task Pack chaos smoke in CI (random failure injection, resume, sealed-mode toggle) and publish evidence bundles for review. Dependencies: DEVOPS-CLI-43-001. | — | DVDO0102 |
| DEVOPS-CLI-43-003 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild, DevEx/CLI Guild (ops/devops) | ops/devops | Integrate CLI golden output/parity diff automation into release gating; export parity report artifact consumed by Console Downloads workspace. Dependencies: DEVOPS-CLI-43-002. | — | DVDO0102 |
| DEVOPS-CONSOLE-23-001 | TODO | 2025-10-26 | SPRINT_504_ops_devops_ii | DevOps Guild · Console Guild | ops/devops | Add console CI workflow (pnpm cache, lint, type-check, unit, Storybook a11y, Playwright, Lighthouse) with offline runners and artifact retention for screenshots/reports. | Needs CCWO0101 API schema | DVDO0104 |
| DEVOPS-CONSOLE-23-002 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild | ops/devops | Produce `stella-console` container build + Helm chart overlays with deterministic digests, SBOM/provenance artefacts, and offline bundle packaging scripts. Dependencies: DEVOPS-CONSOLE-23-001. | Depends on #2 | DVDO0104 |
| DEVOPS-CONTAINERS-44-001 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild | ops/devops | Automate multi-arch image builds with buildx, SBOM generation, cosign signing, and signature verification in CI. | Wait for COWB0101 base image | DVDO0104 |
| DEVOPS-CONTAINERS-45-001 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild | ops/devops | Add Compose and Helm smoke tests (fresh VM + kind cluster) to CI; publish test artifacts and logs. Dependencies: DEVOPS-CONTAINERS-44-001. | Depends on #4 | DVDO0104 |
| DEVOPS-CONTAINERS-46-001 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild | ops/devops | Build air-gap bundle generator (`src/Tools/make-airgap-bundle.sh`), produce signed bundle, and verify in CI using private registry. Dependencies: DEVOPS-CONTAINERS-45-001. | Depends on #5 | DVDO0104 |
| DEVOPS-DEVPORT-63-001 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild · DevPortal Guild | ops/devops | Automate developer portal build pipeline with caching, link & accessibility checks, performance budgets. | Wait for API schema from CCWO0101 | DVDO0105 |
| DEVOPS-DEVPORT-64-001 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild | ops/devops | Schedule `devportal --offline` nightly builds with checksum validation and artifact retention policies. Dependencies: DEVOPS-DEVPORT-63-001. | Depends on #1 | DVDO0105 |
| DEVOPS-AIAI-31-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Advisory AI Guild (ops/devops) | ops/devops | Stand up CI pipelines, inference monitoring, privacy logging review, and perf dashboards for Advisory AI (summaries/conflicts/remediation). | — | DVDO0101 |
| DEVOPS-AIRGAP-56-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild (ops/devops) | ops/devops | Ship deny-all egress policies for Kubernetes (NetworkPolicy/eBPF) and docker-compose firewall rules; provide verification script for sealed mode. | — | DVDO0101 |
| DEVOPS-AIRGAP-56-002 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, AirGap Importer Guild (ops/devops) | ops/devops | Provide import tooling for bundle staging: checksum validation, offline object-store loader scripts, removable media guidance. Dependencies: DEVOPS-AIRGAP-56-001. | — | DVDO0101 |
| DEVOPS-AIRGAP-56-003 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Container Distribution Guild (ops/devops) | ops/devops | Build Bootstrap Pack pipeline bundling images/charts, generating checksums, and publishing manifest for offline transfer. Dependencies: DEVOPS-AIRGAP-56-002. | — | DVDO0101 |
| DEVOPS-AIRGAP-57-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Mirror Creator Guild (ops/devops) | ops/devops | Automate Mirror Bundle creation jobs with dual-control approvals, artifact signing, and checksum publication. Dependencies: DEVOPS-AIRGAP-56-003. | — | DVDO0101 |
| DEVOPS-AIRGAP-57-002 | DOING | 2025-11-08 | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Authority Guild (ops/devops) | ops/devops | Configure sealed-mode CI tests that run services with sealed flag and ensure no egress occurs (iptables + mock DNS). Dependencies: DEVOPS-AIRGAP-57-001. | — | DVDO0101 |
| DEVOPS-AIRGAP-58-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Notifications Guild (ops/devops) | ops/devops | Provide local SMTP/syslog container templates and health checks for sealed environments; integrate into Bootstrap Pack. Dependencies: DEVOPS-AIRGAP-57-002. | — | DVDO0101 |
| DEVOPS-AIRGAP-58-002 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Observability Guild (ops/devops) | ops/devops | Ship sealed-mode observability stack (Prometheus/Grafana/Tempo/Loki) pre-configured with offline dashboards and no remote exporters. Dependencies: DEVOPS-AIRGAP-58-001. | — | DVDO0101 |
| DEVOPS-AOC-19-001 | BLOCKED | 2025-10-26 | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Platform Guild (ops/devops) | ops/devops | Integrate the AOC Roslyn analyzer and guard tests into CI, failing builds when ingestion projects attempt banned writes. | CCAO0101 | DVDO0101 |
| DEVOPS-AOC-19-002 | BLOCKED | 2025-10-26 | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild (ops/devops) | ops/devops | Add pipeline stage executing `stella aoc verify --since` against seeded Mongo snapshots for Concelier + Excititor, publishing violation report artefacts. Dependencies: DEVOPS-AOC-19-001. | DEVOPS-AOC-19-001 | DVDO0101 |
| DEVOPS-AOC-19-003 | BLOCKED | 2025-10-26 | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, QA Guild (ops/devops) | ops/devops | Enforce unit test coverage thresholds for AOC guard suites and ensure coverage exported to dashboards. Dependencies: DEVOPS-AOC-19-002. | DEVOPS-AOC-19-002 | DVDO0102 |
| DEVOPS-AOC-19-101 | TODO | 2025-10-28 | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild · Concelier Storage Guild | ops/devops | Draft supersedes backfill rollout (freeze window, dry-run steps, rollback) once advisory_raw idempotency index passes staging verification. Dependencies: DEVOPS-AOC-19-003. | Align with CCOA0101 contract | DVDO0104 |
| DEVOPS-ATTEST-73-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Attestor Service Guild (ops/devops) | ops/devops | Provision CI pipelines for attestor service (lint/test/security scan, seed data) and manage secrets for KMS drivers. | — | DVDO0102 |
| DEVOPS-ATTEST-73-002 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, KMS Guild (ops/devops) | ops/devops | Establish secure storage for signing keys (vault integration, rotation schedule) and audit logging. Dependencies: DEVOPS-ATTEST-73-001. | — | DVDO0102 |
| DEVOPS-ATTEST-74-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Transparency Guild (ops/devops) | ops/devops | Deploy transparency log witness infrastructure and monitoring. Dependencies: DEVOPS-ATTEST-73-002. | — | DVDO0102 |
| DEVOPS-ATTEST-74-002 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild, Export Attestation Guild (ops/devops) | ops/devops | Integrate attestation bundle builds into release/offline pipelines with checksum verification. Dependencies: DEVOPS-ATTEST-74-001. | — | DVDO0102 |
| DEVOPS-ATTEST-75-001 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild, Observability Guild (ops/devops) | ops/devops | Add dashboards/alerts for signing latency, verification failures, key rotation events. Dependencies: DEVOPS-ATTEST-74-002. | — | DVDO0102 |
| DEVOPS-CLI-41-001 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild, DevEx/CLI Guild (ops/devops) | ops/devops | Establish CLI build pipeline (multi-platform binaries, SBOM, checksums), parity matrix CI enforcement, and release artifact signing. | — | DVDO0102 |
| DEVOPS-CLI-42-001 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild (ops/devops) | ops/devops | Add CLI golden output tests, parity diff automation, pack run CI harness, and artifact cache for remote mode. Dependencies: DEVOPS-CLI-41-001. | — | DVDO0102 |
| DEVOPS-CLI-43-002 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild, Task Runner Guild (ops/devops) | ops/devops | Implement Task Pack chaos smoke in CI (random failure injection, resume, sealed-mode toggle) and publish evidence bundles for review. Dependencies: DEVOPS-CLI-43-001. | — | DVDO0102 |
| DEVOPS-CLI-43-003 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild, DevEx/CLI Guild (ops/devops) | ops/devops | Integrate CLI golden output/parity diff automation into release gating; export parity report artifact consumed by Console Downloads workspace. Dependencies: DEVOPS-CLI-43-002. | — | DVDO0102 |
| DEVOPS-CONSOLE-23-001 | TODO | 2025-10-26 | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild · Console Guild | ops/devops | Add console CI workflow (pnpm cache, lint, type-check, unit, Storybook a11y, Playwright, Lighthouse) with offline runners and artifact retention for screenshots/reports. | Needs CCWO0101 API schema | DVDO0104 |
| DEVOPS-CONSOLE-23-002 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild | ops/devops | Produce `stella-console` container build + Helm chart overlays with deterministic digests, SBOM/provenance artefacts, and offline bundle packaging scripts. Dependencies: DEVOPS-CONSOLE-23-001. | Depends on #2 | DVDO0104 |
| DEVOPS-CONTAINERS-44-001 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild | ops/devops | Automate multi-arch image builds with buildx, SBOM generation, cosign signing, and signature verification in CI. | Wait for COWB0101 base image | DVDO0104 |
| DEVOPS-CONTAINERS-45-001 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild | ops/devops | Add Compose and Helm smoke tests (fresh VM + kind cluster) to CI; publish test artifacts and logs. Dependencies: DEVOPS-CONTAINERS-44-001. | Depends on #4 | DVDO0104 |
| DEVOPS-CONTAINERS-46-001 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild | ops/devops | Build air-gap bundle generator (`src/Tools/make-airgap-bundle.sh`), produce signed bundle, and verify in CI using private registry. Dependencies: DEVOPS-CONTAINERS-45-001. | Depends on #5 | DVDO0104 |
| DEVOPS-DEVPORT-63-001 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild · DevPortal Guild | ops/devops | Automate developer portal build pipeline with caching, link & accessibility checks, performance budgets. | Wait for API schema from CCWO0101 | DVDO0105 |
| DEVOPS-DEVPORT-64-001 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild | ops/devops | Schedule `devportal --offline` nightly builds with checksum validation and artifact retention policies. Dependencies: DEVOPS-DEVPORT-63-001. | Depends on #1 | DVDO0105 |
| DEVOPS-DOCS-0001 | TODO | | SPRINT_318_docs_modules_devops | DevOps Docs Guild | docs/modules/devops | See ./AGENTS.md | Needs CCSL0101 console docs | DVDO0105 |
| DEVOPS-ENG-0001 | TODO | | SPRINT_318_docs_modules_devops | DevOps Engineering Guild | docs/modules/devops | Update status via ./AGENTS.md workflow | Depends on #3 | DVDO0105 |
| DEVOPS-EXPORT-35-001 | TODO | 2025-10-29 | SPRINT_504_ops_devops_ii | DevOps · Export Guild | ops/devops | Establish exporter CI pipeline (lint/test/perf smoke), configure object storage fixtures, seed Grafana dashboards, and document bootstrap steps. | Wait for DVPL0101 export deploy | DVDO0105 |
| DEVOPS-EXPORT-36-001 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild | ops/devops | Integrate Trivy compatibility validation, cosign signature checks, `trivy module db import` smoke tests, OCI distribution verification, and throughput/error dashboards. Dependencies: DEVOPS-EXPORT-35-001. | Depends on #5 | DVDO0105 |
| DEVOPS-EXPORT-37-001 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild | ops/devops | Finalize exporter monitoring (failure alerts, verify metrics, retention jobs) and chaos/latency tests ahead of GA. Dependencies: DEVOPS-EXPORT-36-001. | Depends on #6 | DVDO0105 |
| DEVOPS-GRAPH-24-001 | TODO | | SPRINT_505_ops_devops_iii | DevOps · Graph Guild | ops/devops | Load test graph index/adjacency APIs with 40k-node assets; capture perf dashboards and alert thresholds. | Wait for CCGH0101 endpoint | DVDO0106 |
| DEVOPS-GRAPH-24-002 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild | ops/devops | Integrate synthetic UI perf runs (Playwright/WebGL metrics) for Graph/Vuln explorers; fail builds on regression. Dependencies: DEVOPS-GRAPH-24-001. | Depends on #1 | DVDO0106 |
| DEVOPS-GRAPH-24-003 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild | ops/devops | Implement smoke job for simulation endpoints ensuring we stay within SLA (<3s upgrade) and log results. Dependencies: DEVOPS-GRAPH-24-002. | Depends on #2 | DVDO0106 |
| DEVOPS-LNM-22-001 | TODO | 2025-10-27 | SPRINT_505_ops_devops_iii | DevOps · Concelier Guild | ops/devops | Run migration/backfill pipelines for advisory observations/linksets in staging, validate counts/conflicts, and automate deployment steps. Awaiting storage backfill tooling. | Needs CCLN0102 API | DVDO0106 |
| DEVOPS-LNM-22-002 | TODO | 2025-10-27 | SPRINT_505_ops_devops_iii | DevOps Guild | ops/devops | Execute VEX observation/linkset backfill with monitoring; ensure NATS/Redis events integrated; document ops runbook. Blocked until Excititor storage migration lands. Dependencies: DEVOPS-LNM-22-001. | Depends on #4 | DVDO0106 |
| DEVOPS-LNM-22-003 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild | ops/devops | Add CI/monitoring coverage for new metrics (`advisory_observations_total`, `linksets_total`, etc.) and alerts on ingest-to-API SLA breaches. Dependencies: DEVOPS-LNM-22-002. | Depends on #5 | DVDO0106 |
| DEVOPS-OAS-61-001 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild | ops/devops | Add CI stages for OpenAPI linting, validation, and compatibility diff; enforce gating on PRs. | Wait for CCWO0101 spec | DVDO0106 |
| DEVOPS-OAS-61-002 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild | ops/devops | Integrate mock server + contract test suite into PR and nightly workflows; publish artifacts. Dependencies: DEVOPS-OAS-61-001. | Depends on #7 | DVDO0106 |
| DEVOPS-OBS-51-001 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild · Observability Guild | ops/devops | Implement SLO evaluator service (burn rate calculators, webhook emitters), Grafana dashboards, and alert routing to Notifier. Provide Terraform/Helm automation. Dependencies: DEVOPS-OBS-50-002. | Wait for 045_DVDO0103 alert catalog | DVOB0101 |
| DEVOPS-OBS-52-001 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild · Timeline Indexer Guild | ops/devops | Configure streaming pipeline (NATS/Redis/Kafka) with retention, partitioning, and backpressure tuning for timeline events; add CI validation of schema + rate caps. Dependencies: DEVOPS-OBS-51-001. | Needs #1 merged for shared correlation IDs | DVOB0101 |
| DEVOPS-OBS-53-001 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild · Evidence Locker Guild | ops/devops | Provision object storage with WORM/retention options (S3 Object Lock / MinIO immutability), legal hold automation, and backup/restore scripts for evidence locker. Dependencies: DEVOPS-OBS-52-001. | Depends on DSSE API from 002_ATEL0101 | DVOB0101 |
| DEVOPS-OBS-54-001 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild · Security Guild | ops/devops | Manage provenance signing infrastructure (KMS keys, rotation schedule, timestamp authority integration) and integrate verification jobs into CI. Dependencies: DEVOPS-OBS-53-001. | Requires security sign-off on cardinality budgets | DVOB0101 |
| DEVOPS-OBS-55-001 | TODO | | SPRINT_506_ops_devops_iv | DevOps Guild · Ops Guild | ops/devops | Implement incident mode automation: feature flag service, auto-activation via SLO burn-rate, retention override management, and post-incident reset job. Dependencies: DEVOPS-OBS-54-001. | Relies on #4 to finalize alert dimensions | DVOB0101 |
| DEVOPS-OFFLINE-17-004 | TODO | 2025-11-23 | SPRINT_508_ops_offline_kit | DevOps Offline Guild | ops/offline-kit | Release workflow now publishes `out/release/debug`; run `mirror_debug_store.py` on the next release artefact, verify hashes, archive `metadata/debug-store.json` into the Offline Kit. | Wait for DVPL0101 compose | DVDO0107 |
| DEVOPS-OFFLINE-34-006 | TODO | | SPRINT_508_ops_offline_kit | DevOps Guild | ops/offline-kit | Bundle orchestrator service container, worker SDK samples, Postgres snapshot, and dashboards into Offline Kit with manifest/signature updates. Dependencies: DEVOPS-OFFLINE-17-004. | Depends on #1 | DVDO0107 |
| DEVOPS-OFFLINE-37-001 | TODO | | SPRINT_508_ops_offline_kit | DevOps Guild | ops/offline-kit | Export Center offline bundles + verification tooling (mirror artefacts, verification CLI, manifest/signature refresh, air-gap import script). Dependencies: DEVOPS-OFFLINE-34-006. | Needs RBRE hashes | DVDO0107 |
| DEVOPS-OFFLINE-37-002 | TODO | | SPRINT_508_ops_offline_kit | DevOps Guild | ops/offline-kit | Notifier offline packs (sample configs, template/digest packs, dry-run harness) with integrity checks and operator docs. Dependencies: DEVOPS-OFFLINE-37-001. | Depends on #3 | DVDO0107 |
| DEVOPS-OPENSSL-11-001 | TODO | 2025-11-06 | SPRINT_505_ops_devops_iii | Security + DevOps Guilds | ops/devops | Package the OpenSSL 1.1 shim (`tests/native/openssl-1.1/linux-x64`) into test harness output so Mongo2Go suites discover it automatically. | Wait for CRYO0101 artifacts | DVDO0107 |
| DEVOPS-OPENSSL-11-002 | TODO | 2025-11-06 | SPRINT_505_ops_devops_iii | DevOps Guild | ops/devops | Ensure CI runners and Docker images that execute Mongo2Go tests export `LD_LIBRARY_PATH` (or embed the shim) to unblock unattended pipelines. Dependencies: DEVOPS-OPENSSL-11-001. | Depends on #5 | DVDO0107 |
| DEVOPS-EXPORT-35-001 | TODO | 2025-10-29 | SPRINT_0504_0001_0001_ops_devops_ii | DevOps · Export Guild | ops/devops | Establish exporter CI pipeline (lint/test/perf smoke), configure object storage fixtures, seed Grafana dashboards, and document bootstrap steps. | Wait for DVPL0101 export deploy | DVDO0105 |
| DEVOPS-EXPORT-36-001 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Integrate Trivy compatibility validation, cosign signature checks, `trivy module db import` smoke tests, OCI distribution verification, and throughput/error dashboards. Dependencies: DEVOPS-EXPORT-35-001. | Depends on #5 | DVDO0105 |
| DEVOPS-EXPORT-37-001 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Finalize exporter monitoring (failure alerts, verify metrics, retention jobs) and chaos/latency tests ahead of GA. Dependencies: DEVOPS-EXPORT-36-001. | Depends on #6 | DVDO0105 |
| DEVOPS-GRAPH-24-001 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps · Graph Guild | ops/devops | Load test graph index/adjacency APIs with 40k-node assets; capture perf dashboards and alert thresholds. | Wait for CCGH0101 endpoint | DVDO0106 |
| DEVOPS-GRAPH-24-002 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Integrate synthetic UI perf runs (Playwright/WebGL metrics) for Graph/Vuln explorers; fail builds on regression. Dependencies: DEVOPS-GRAPH-24-001. | Depends on #1 | DVDO0106 |
| DEVOPS-GRAPH-24-003 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Implement smoke job for simulation endpoints ensuring we stay within SLA (<3s upgrade) and log results. Dependencies: DEVOPS-GRAPH-24-002. | Depends on #2 | DVDO0106 |
| DEVOPS-LNM-22-001 | TODO | 2025-10-27 | SPRINT_0505_0001_0001_ops_devops_iii | DevOps · Concelier Guild | ops/devops | Run migration/backfill pipelines for advisory observations/linksets in staging, validate counts/conflicts, and automate deployment steps. Awaiting storage backfill tooling. | Needs CCLN0102 API | DVDO0106 |
| DEVOPS-LNM-22-002 | TODO | 2025-10-27 | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Execute VEX observation/linkset backfill with monitoring; ensure NATS/Redis events integrated; document ops runbook. Blocked until Excititor storage migration lands. Dependencies: DEVOPS-LNM-22-001. | Depends on #4 | DVDO0106 |
| DEVOPS-LNM-22-003 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Add CI/monitoring coverage for new metrics (`advisory_observations_total`, `linksets_total`, etc.) and alerts on ingest-to-API SLA breaches. Dependencies: DEVOPS-LNM-22-002. | Depends on #5 | DVDO0106 |
| DEVOPS-OAS-61-001 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Add CI stages for OpenAPI linting, validation, and compatibility diff; enforce gating on PRs. | Wait for CCWO0101 spec | DVDO0106 |
| DEVOPS-OAS-61-002 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Integrate mock server + contract test suite into PR and nightly workflows; publish artifacts. Dependencies: DEVOPS-OAS-61-001. | Depends on #7 | DVDO0106 |
| DEVOPS-OBS-51-001 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild · Observability Guild | ops/devops | Implement SLO evaluator service (burn rate calculators, webhook emitters), Grafana dashboards, and alert routing to Notifier. Provide Terraform/Helm automation. Dependencies: DEVOPS-OBS-50-002. | Wait for 045_DVDO0103 alert catalog | DVOB0101 |
| DEVOPS-OBS-52-001 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild · Timeline Indexer Guild | ops/devops | Configure streaming pipeline (NATS/Redis/Kafka) with retention, partitioning, and backpressure tuning for timeline events; add CI validation of schema + rate caps. Dependencies: DEVOPS-OBS-51-001. | Needs #1 merged for shared correlation IDs | DVOB0101 |
| DEVOPS-OBS-53-001 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild · Evidence Locker Guild | ops/devops | Provision object storage with WORM/retention options (S3 Object Lock / MinIO immutability), legal hold automation, and backup/restore scripts for evidence locker. Dependencies: DEVOPS-OBS-52-001. | Depends on DSSE API from 002_ATEL0101 | DVOB0101 |
| DEVOPS-OBS-54-001 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild · Security Guild | ops/devops | Manage provenance signing infrastructure (KMS keys, rotation schedule, timestamp authority integration) and integrate verification jobs into CI. Dependencies: DEVOPS-OBS-53-001. | Requires security sign-off on cardinality budgets | DVOB0101 |
| DEVOPS-OBS-55-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild · Ops Guild | ops/devops | Implement incident mode automation: feature flag service, auto-activation via SLO burn-rate, retention override management, and post-incident reset job. Dependencies: DEVOPS-OBS-54-001. | Relies on #4 to finalize alert dimensions | DVOB0101 |
| DEVOPS-OFFLINE-17-004 | TODO | 2025-11-23 | SPRINT_0508_0001_0001_ops_offline_kit | DevOps Offline Guild | ops/offline-kit | Release workflow now publishes `out/release/debug`; run `mirror_debug_store.py` on the next release artefact, verify hashes, archive `metadata/debug-store.json` into the Offline Kit. | Wait for DVPL0101 compose | DVDO0107 |
| DEVOPS-OFFLINE-34-006 | TODO | | SPRINT_0508_0001_0001_ops_offline_kit | DevOps Guild | ops/offline-kit | Bundle orchestrator service container, worker SDK samples, Postgres snapshot, and dashboards into Offline Kit with manifest/signature updates. Dependencies: DEVOPS-OFFLINE-17-004. | Depends on #1 | DVDO0107 |
| DEVOPS-OFFLINE-37-001 | TODO | | SPRINT_0508_0001_0001_ops_offline_kit | DevOps Guild | ops/offline-kit | Export Center offline bundles + verification tooling (mirror artefacts, verification CLI, manifest/signature refresh, air-gap import script). Dependencies: DEVOPS-OFFLINE-34-006. | Needs RBRE hashes | DVDO0107 |
| DEVOPS-OFFLINE-37-002 | TODO | | SPRINT_0508_0001_0001_ops_offline_kit | DevOps Guild | ops/offline-kit | Notifier offline packs (sample configs, template/digest packs, dry-run harness) with integrity checks and operator docs. Dependencies: DEVOPS-OFFLINE-37-001. | Depends on #3 | DVDO0107 |
| DEVOPS-OPENSSL-11-001 | TODO | 2025-11-06 | SPRINT_0505_0001_0001_ops_devops_iii | Security + DevOps Guilds | ops/devops | Package the OpenSSL 1.1 shim (`tests/native/openssl-1.1/linux-x64`) into test harness output so Mongo2Go suites discover it automatically. | Wait for CRYO0101 artifacts | DVDO0107 |
| DEVOPS-OPENSSL-11-002 | TODO | 2025-11-06 | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Ensure CI runners and Docker images that execute Mongo2Go tests export `LD_LIBRARY_PATH` (or embed the shim) to unblock unattended pipelines. Dependencies: DEVOPS-OPENSSL-11-001. | Depends on #5 | DVDO0107 |
| DEVOPS-OPS-0001 | TODO | | SPRINT_318_docs_modules_devops | DevOps Ops Guild | docs/modules/devops | Sync outcomes back to ../.. | Depends on #1-6 | DVDO0107 |
| DEVOPS-ORCH-32-001 | TODO | | SPRINT_506_ops_devops_iv | DevOps · Orchestrator Guild | ops/devops | Provision orchestrator Postgres/message-bus infrastructure, add CI smoke deploy, seed Grafana dashboards (queue depth, inflight jobs), and document bootstrap. | Wait for ORTR0102 API | DVDO0108 |
| DEVOPS-ORCH-33-001 | TODO | | SPRINT_506_ops_devops_iv | DevOps Guild | ops/devops | Publish Grafana dashboards/alerts for rate limiter, backpressure, error clustering, and DLQ depth; integrate with on-call rotations. Dependencies: DEVOPS-ORCH-32-001. | Depends on #1 | DVDO0108 |
| DEVOPS-ORCH-34-001 | TODO | | SPRINT_506_ops_devops_iv | DevOps Guild | ops/devops | Harden production monitoring (synthetic probes, burn-rate alerts, replay smoke), document incident response, and prep GA readiness checklist. Dependencies: DEVOPS-ORCH-33-001. | Depends on #2 | DVDO0108 |
| DEVOPS-POLICY-27-001 | TODO | | SPRINT_506_ops_devops_iv | DevOps Guild · CLI Guild | ops/devops | Add CI pipeline stages to run `stella policy lint | Needs CLI lint output | DVDO0108 |
| DEVOPS-POLICY-27-002 | TODO | | SPRINT_506_ops_devops_iv | DevOps Guild · Policy Registry Guild | ops/devops | Provide optional batch simulation CI job (staging inventory) that triggers Registry run, polls results, and posts markdown summary to PR; enforce drift thresholds. Dependencies: DEVOPS-POLICY-27-001. | Depends on 27-001 | DVDO0108 |
| DEVOPS-POLICY-27-003 | TODO | | SPRINT_506_ops_devops_iv | DevOps Guild · Security Guild | ops/devops | Manage signing key material for policy publish pipeline (OIDC workload identity + cosign), rotate keys, and document verification steps; integrate attestation verification stage. Dependencies: DEVOPS-POLICY-27-002. | Needs 27-002 pipeline | DVDO0108 |
| DEVOPS-POLICY-27-004 | TODO | | SPRINT_506_ops_devops_iv | DevOps Guild · Observability Guild | ops/devops | Create dashboards/alerts for policy compile latency, simulation queue depth, approval latency, and promotion outcomes; integrate with on-call playbooks. Dependencies: DEVOPS-POLICY-27-003. | Depends on 27-003 | DVDO0108 |
| DEVOPS-REL-17-004 | DONE | 2025-11-23 | SPRINT_506_ops_devops_iv | DevOps Release Guild | ops/devops | Release workflow now uploads `out/release/debug` as a dedicated artifact and already fails if symbols are missing; build-id manifest enforced. | Needs DVPL0101 release artifacts | DVDO0108 |
| DEVOPS-RULES-33-001 | TODO | 2025-10-30 | SPRINT_506_ops_devops_iv | DevOps · Policy Guild | ops/devops | Contracts & Rules anchor:<br>• Gateway proxies only; Policy Engine composes overlays/simulations.<br>• AOC ingestion cannot merge; only lossless canonicalization.<br>• One graph platform: Graph Indexer + Graph API. Cartographer retired. | Wait for CCPR0101 policy logs | DVDO0109 |
| DEVOPS-SCAN-90-004 | TODO | | SPRINT_505_ops_devops_iii | DevOps · Scanner Guild | ops/devops | Add a CI job that runs the scanner determinism harness against the release matrix (N runs per image), uploads `determinism.json`, and fails when score < threshold; publish artifact to release notes. Dependencies: SCAN-DETER-186-009/010. | Needs SCDT0101 fixtures | DVDO0109 |
| DEVOPS-SDK-63-001 | TODO | | SPRINT_506_ops_devops_iv | DevOps · SDK Guild | ops/devops | Provision registry credentials, signing keys, and secure storage for SDK publishing pipelines. | Depends on #2 | DVDO0109 |
| DEVOPS-SIG-26-001 | TODO | | SPRINT_506_ops_devops_iv | DevOps Guild · Signals Guild | ops/devops | Provision CI/CD pipelines, Helm/Compose manifests for Signals service, including artifact storage and Redis dependencies. | Wait for SGSI0101 metrics | DVDO0110 |
| DEVOPS-SIG-26-002 | TODO | | SPRINT_506_ops_devops_iv | DevOps Guild | ops/devops | Create dashboards/alerts for reachability scoring latency, cache hit rates, sensor staleness. Dependencies: DEVOPS-SIG-26-001. | Depends on #1 | DVDO0110 |
| DEVOPS-SYMS-90-005 | TODO | | SPRINT_505_ops_devops_iii | DevOps · Symbols Guild | ops/devops | Deploy Symbols.Server (Helm/Terraform), manage MinIO/Mongo storage, configure tenant RBAC/quotas, and wire ingestion CLI into release pipelines with monitoring and backups. Dependencies: SYMS-SERVER-401-011/013. | Needs RBSY0101 bundle | DVDO0110 |
| DEVOPS-TEN-47-001 | TODO | | SPRINT_506_ops_devops_iv | DevOps · Policy Guild | ops/devops | Add JWKS cache monitoring, signature verification regression tests, and token expiration chaos tests to CI. | Wait for CCPR0101 policy | DVDO0110 |
| DEVOPS-TEN-48-001 | TODO | | SPRINT_506_ops_devops_iv | DevOps Guild | ops/devops | Build integration tests to assert RLS enforcement, tenant-prefixed object storage, and audit event emission; set up lint to prevent raw SQL bypass. Dependencies: DEVOPS-TEN-47-001. | Depends on #4 | DVDO0110 |
| DEVOPS-TEN-49-001 | TODO | | SPRINT_507_ops_devops_v | DevOps Guild | ops/devops | Deploy audit pipeline, scope usage metrics, JWKS outage chaos tests, and tenant load/perf benchmarks. Dependencies: DEVOPS-TEN-48-001. | Depends on #5 | DVDO0110 |
| DEVOPS-VEX-30-001 | TODO | | SPRINT_507_ops_devops_v | DevOps Guild · VEX Lens Guild | ops/devops | Provision CI, load tests, dashboards, alerts for VEX Lens and Issuer Directory (compute latency, disputed totals, signature verification rates). | — | PLVL0103 |
| DEVOPS-VULN-29-001 | TODO | | SPRINT_507_ops_devops_v | DevOps · Vuln Guild | ops/devops | Provision CI jobs for ledger projector (replay, determinism), set up backups, monitor Merkle anchoring, and automate verification. | Needs DVPL0101 deploy | DVDO0110 |
| DEVOPS-VULN-29-002 | TODO | | SPRINT_507_ops_devops_v | DevOps Guild | ops/devops | Configure load/perf tests (5M findings/tenant), query budget enforcement, API SLO dashboards, and alerts for `vuln_list_latency` and `projection_lag`. Dependencies: DEVOPS-VULN-29-001. | Depends on #7 | DVDO0110 |
| DEVOPS-VULN-29-003 | TODO | | SPRINT_507_ops_devops_v | DevOps Guild | ops/devops | Instrument analytics pipeline for Vuln Explorer (telemetry ingestion, query hashes), ensure compliance with privacy/PII guardrails, and update observability docs. Dependencies: DEVOPS-VULN-29-002. | Depends on #8 | DVDO0110 |
| DEVOPS-ORCH-32-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps · Orchestrator Guild | ops/devops | Provision orchestrator Postgres/message-bus infrastructure, add CI smoke deploy, seed Grafana dashboards (queue depth, inflight jobs), and document bootstrap. | Wait for ORTR0102 API | DVDO0108 |
| DEVOPS-ORCH-33-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild | ops/devops | Publish Grafana dashboards/alerts for rate limiter, backpressure, error clustering, and DLQ depth; integrate with on-call rotations. Dependencies: DEVOPS-ORCH-32-001. | Depends on #1 | DVDO0108 |
| DEVOPS-ORCH-34-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild | ops/devops | Harden production monitoring (synthetic probes, burn-rate alerts, replay smoke), document incident response, and prep GA readiness checklist. Dependencies: DEVOPS-ORCH-33-001. | Depends on #2 | DVDO0108 |
| DEVOPS-POLICY-27-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild · CLI Guild | ops/devops | Add CI pipeline stages to run `stella policy lint | Needs CLI lint output | DVDO0108 |
| DEVOPS-POLICY-27-002 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild · Policy Registry Guild | ops/devops | Provide optional batch simulation CI job (staging inventory) that triggers Registry run, polls results, and posts markdown summary to PR; enforce drift thresholds. Dependencies: DEVOPS-POLICY-27-001. | Depends on 27-001 | DVDO0108 |
| DEVOPS-POLICY-27-003 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild · Security Guild | ops/devops | Manage signing key material for policy publish pipeline (OIDC workload identity + cosign), rotate keys, and document verification steps; integrate attestation verification stage. Dependencies: DEVOPS-POLICY-27-002. | Needs 27-002 pipeline | DVDO0108 |
| DEVOPS-POLICY-27-004 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild · Observability Guild | ops/devops | Create dashboards/alerts for policy compile latency, simulation queue depth, approval latency, and promotion outcomes; integrate with on-call playbooks. Dependencies: DEVOPS-POLICY-27-003. | Depends on 27-003 | DVDO0108 |
| DEVOPS-REL-17-004 | DONE | 2025-11-23 | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Release Guild | ops/devops | Release workflow now uploads `out/release/debug` as a dedicated artifact and already fails if symbols are missing; build-id manifest enforced. | Needs DVPL0101 release artifacts | DVDO0108 |
| DEVOPS-RULES-33-001 | TODO | 2025-10-30 | SPRINT_0506_0001_0001_ops_devops_iv | DevOps · Policy Guild | ops/devops | Contracts & Rules anchor:<br>• Gateway proxies only; Policy Engine composes overlays/simulations.<br>• AOC ingestion cannot merge; only lossless canonicalization.<br>• One graph platform: Graph Indexer + Graph API. Cartographer retired. | Wait for CCPR0101 policy logs | DVDO0109 |
| DEVOPS-SCAN-90-004 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps · Scanner Guild | ops/devops | Add a CI job that runs the scanner determinism harness against the release matrix (N runs per image), uploads `determinism.json`, and fails when score < threshold; publish artifact to release notes. Dependencies: SCAN-DETER-186-009/010. | Needs SCDT0101 fixtures | DVDO0109 |
| DEVOPS-SDK-63-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps · SDK Guild | ops/devops | Provision registry credentials, signing keys, and secure storage for SDK publishing pipelines. | Depends on #2 | DVDO0109 |
| DEVOPS-SIG-26-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild · Signals Guild | ops/devops | Provision CI/CD pipelines, Helm/Compose manifests for Signals service, including artifact storage and Redis dependencies. | Wait for SGSI0101 metrics | DVDO0110 |
| DEVOPS-SIG-26-002 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild | ops/devops | Create dashboards/alerts for reachability scoring latency, cache hit rates, sensor staleness. Dependencies: DEVOPS-SIG-26-001. | Depends on #1 | DVDO0110 |
| DEVOPS-SYMS-90-005 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps · Symbols Guild | ops/devops | Deploy Symbols.Server (Helm/Terraform), manage MinIO/Mongo storage, configure tenant RBAC/quotas, and wire ingestion CLI into release pipelines with monitoring and backups. Dependencies: SYMS-SERVER-401-011/013. | Needs RBSY0101 bundle | DVDO0110 |
| DEVOPS-TEN-47-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps · Policy Guild | ops/devops | Add JWKS cache monitoring, signature verification regression tests, and token expiration chaos tests to CI. | Wait for CCPR0101 policy | DVDO0110 |
| DEVOPS-TEN-48-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild | ops/devops | Build integration tests to assert RLS enforcement, tenant-prefixed object storage, and audit event emission; set up lint to prevent raw SQL bypass. Dependencies: DEVOPS-TEN-47-001. | Depends on #4 | DVDO0110 |
| DEVOPS-TEN-49-001 | TODO | | SPRINT_0507_0001_0001_ops_devops_v | DevOps Guild | ops/devops | Deploy audit pipeline, scope usage metrics, JWKS outage chaos tests, and tenant load/perf benchmarks. Dependencies: DEVOPS-TEN-48-001. | Depends on #5 | DVDO0110 |
| DEVOPS-VEX-30-001 | TODO | | SPRINT_0507_0001_0001_ops_devops_v | DevOps Guild · VEX Lens Guild | ops/devops | Provision CI, load tests, dashboards, alerts for VEX Lens and Issuer Directory (compute latency, disputed totals, signature verification rates). | — | PLVL0103 |
| DEVOPS-VULN-29-001 | TODO | | SPRINT_0507_0001_0001_ops_devops_v | DevOps · Vuln Guild | ops/devops | Provision CI jobs for ledger projector (replay, determinism), set up backups, monitor Merkle anchoring, and automate verification. | Needs DVPL0101 deploy | DVDO0110 |
| DEVOPS-VULN-29-002 | TODO | | SPRINT_0507_0001_0001_ops_devops_v | DevOps Guild | ops/devops | Configure load/perf tests (5M findings/tenant), query budget enforcement, API SLO dashboards, and alerts for `vuln_list_latency` and `projection_lag`. Dependencies: DEVOPS-VULN-29-001. | Depends on #7 | DVDO0110 |
| DEVOPS-VULN-29-003 | TODO | | SPRINT_0507_0001_0001_ops_devops_v | DevOps Guild | ops/devops | Instrument analytics pipeline for Vuln Explorer (telemetry ingestion, query hashes), ensure compliance with privacy/PII guardrails, and update observability docs. Dependencies: DEVOPS-VULN-29-002. | Depends on #8 | DVDO0110 |
| DEVPORT-62-001 | TODO | | SPRINT_206_devportal | DevPortal Guild | src/DevPortal/StellaOps.DevPortal.Site | Select static site generator, integrate aggregate spec, build navigation + search scaffolding. | 62-001 | DEVL0101 |
| DEVPORT-62-002 | TODO | | SPRINT_206_devportal | DevPortal Guild | src/DevPortal/StellaOps.DevPortal.Site | Implement schema viewer, example rendering, copy-curl snippets, and version selector UI. Dependencies: DEVPORT-62-001. | DEVPORT-62-001 | DEVL0101 |
| DEVPORT-63-001 | TODO | | SPRINT_206_devportal | DevPortal Guild | src/DevPortal/StellaOps.DevPortal.Site | Add Try-It console pointing at sandbox environment with token onboarding and scope info. Dependencies: DEVPORT-62-002. | 63-001 | DEVL0101 |
@@ -2846,9 +2846,9 @@
| DEVPORT-64-002 | TODO | | SPRINT_206_devportal | Developer Portal Guild (src/DevPortal/StellaOps.DevPortal.Site) | src/DevPortal/StellaOps.DevPortal.Site | Add automated accessibility tests, link checker, and performance budgets. Dependencies: DEVPORT-64-001. | | DEVL0102 |
| DOC-008 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · Reachability Guild | `docs/reachability/function-level-evidence.md`, `docs/09_API_CLI_REFERENCE.md`, `docs/api/policy.md` | Wait for replay evidence from 100_RBBN0101 | Wait for replay evidence from 100_RBBN0101 | DORC0101 |
| DOC-70-001 | DONE | | SPRINT_170_notifications_telemetry | Docs Guild · Notifications Guild | docs | Gather notification doc references | Validate existing notifications doc and migrate notes | DOCP0101 |
| DOCKER-44-001 | TODO | | SPRINT_507_ops_devops_v | DevOps Guild · Service Owners | ops/devops | Author multi-stage Dockerfiles for all core services (API, Console, Orchestrator, Task Runner, Conseiller, Excitor, Policy, Notify, Export, AI) with non-root users, read-only file systems, and health scripts. | Wait for DVPL0101 compose merge | DVDO0111 |
| DOCKER-44-002 | TODO | | SPRINT_507_ops_devops_v | DevOps Guild | ops/devops | Generate SBOMs and cosign attestations for each image and integrate verification into CI. Dependencies: DOCKER-44-001. | Depends on #1 | DVDO0111 |
| DOCKER-44-003 | TODO | | SPRINT_507_ops_devops_v | DevOps Guild | ops/devops | Implement `/health/liveness`, `/health/readiness`, `/version`, `/metrics`, and ensure capability endpoint returns `merge=false` for Conseiller/Excitor. Dependencies: DOCKER-44-002. | Requires SBOM+scan workflow from 137_SCDT0101 | DVDO0111 |
| DOCKER-44-001 | TODO | | SPRINT_0507_0001_0001_ops_devops_v | DevOps Guild · Service Owners | ops/devops | Author multi-stage Dockerfiles for all core services (API, Console, Orchestrator, Task Runner, Conseiller, Excitor, Policy, Notify, Export, AI) with non-root users, read-only file systems, and health scripts. | Wait for DVPL0101 compose merge | DVDO0111 |
| DOCKER-44-002 | TODO | | SPRINT_0507_0001_0001_ops_devops_v | DevOps Guild | ops/devops | Generate SBOMs and cosign attestations for each image and integrate verification into CI. Dependencies: DOCKER-44-001. | Depends on #1 | DVDO0111 |
| DOCKER-44-003 | TODO | | SPRINT_0507_0001_0001_ops_devops_v | DevOps Guild | ops/devops | Implement `/health/liveness`, `/health/readiness`, `/version`, `/metrics`, and ensure capability endpoint returns `merge=false` for Conseiller/Excitor. Dependencies: DOCKER-44-002. | Requires SBOM+scan workflow from 137_SCDT0101 | DVDO0111 |
| DOCS-0001 | DONE | 2025-11-05 | SPRINT_313_docs_modules_attestor | Docs Guild | docs/modules/attestor | Confirm attestor module doc publication | Confirm attestor module doc scope | DOCP0101 |
| DOCS-0002 | TODO | 2025-11-05 | SPRINT_321_docs_modules_graph | Docs Guild (docs/modules/graph) | docs/modules/graph | — | — | DOCL0102 |
| DOCS-0003 | TODO | | SPRINT_327_docs_modules_scanner | Docs Guild, Product Guild (docs/modules/scanner) | docs/modules/scanner | — | — | DOCL0102 |
@@ -3036,7 +3036,7 @@
| DOCS-VULN-29-011 | TODO | | SPRINT_311_docs_tasks_md_xi | Docs Guild · Notifications Guild | docs/modules/vuln-explorer | Create `/docs/security/vuln-rbac.md` for roles, ABAC policies, attachment encryption, CSRF. Dependencies: DOCS-VULN-29-010. | Needs notifications contract | DOVL0102 |
| DOCS-VULN-29-012 | TODO | | SPRINT_311_docs_tasks_md_xi | Docs Guild · Policy Guild | docs/modules/vuln-explorer | Write `/docs/runbooks/vuln-ops.md` (projector lag, resolver storms, export failures, policy activation). Dependencies: DOCS-VULN-29-011. | Requires policy overlay outputs | DOVL0102 |
| DOCS-VULN-29-013 | TODO | | SPRINT_311_docs_tasks_md_xi | Docs Guild · DevEx/CLI Guild | docs/modules/vuln-explorer | Update `/docs/install/containers.md` with Findings Ledger & Vuln Explorer API images, manifests, resource sizing, health checks. Dependencies: DOCS-VULN-29-012. | Needs CLI/export scripts from 132_CLCI0110 | DOVL0102 |
| DOWNLOADS-CONSOLE-23-001 | TODO | | SPRINT_502_ops_deployment_ii | Docs Guild · Deployment Guild | docs/console | Maintain signed downloads manifest pipeline (images, Helm, offline bundles), publish JSON under `deploy/downloads/manifest.json`, and document sync cadence for Console + docs parity. | Need latest console build instructions | DOCN0101 |
| DOWNLOADS-CONSOLE-23-001 | TODO | | SPRINT_0502_0001_0001_ops_deployment_ii | Docs Guild · Deployment Guild | docs/console | Maintain signed downloads manifest pipeline (images, Helm, offline bundles), publish JSON under `deploy/downloads/manifest.json`, and document sync cadence for Console + docs parity. | Need latest console build instructions | DOCN0101 |
| DPOP-11-001 | TODO | 2025-11-08 | SPRINT_100_identity_signing | Docs Guild · Authority Core | src/Authority/StellaOps.Authority | Need DPoP ADR from PGMI0101 | AUTH-AOC-19-002 | DODP0101 |
| DSL-401-005 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · Policy Guild | `docs/policy/dsl.md`, `docs/policy/lifecycle.md` | Depends on PLLG0101 DSL updates | Depends on PLLG0101 DSL updates | DODP0101 |
| DSSE-CLI-401-021 | DONE | 2025-11-27 | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · CLI Guild | `src/Cli/StellaOps.Cli`, `scripts/ci/attest-*`, `docs/modules/attestor/architecture.md` | Ship a `stella attest` CLI (or sample `StellaOps.Attestor.Tool`) plus GitLab/GitHub workflow snippets that emit DSSE per build step (scan/package/push) using the new library and Authority keys. | Need CLI updates from latest DSSE release | DODS0101 |
@@ -3242,7 +3242,7 @@
| EXPORT-OAS-63 | TODO | | SPRINT_160_export_evidence | Exporter Service Guild · API Governance Guild | | Needs API governance sign-off (049_APIG0101) | Needs API governance sign-off (049_APIG0101) | AGEX0101 |
| EXPORT-OAS-63-001 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild · SDK Guild | src/ExportCenter/StellaOps.ExportCenter | Implement deprecation headers and notifications for legacy export endpoints. Dependencies: EXPORT-OAS-62-001. | Requires #3 schema | AGEX0101 |
| EXPORT-OBS-50-001 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild · Observability Guild | src/ExportCenter/StellaOps.ExportCenter | Adopt telemetry core in exporter service + workers, ensuring spans/logs capture profile id, tenant, artifact counts, distribution type, and trace IDs. | Wait for telemetry schema drop from 046_TLTY0101 | ECOB0101 |
| EXPORT-OBS-51-001 | TODO | | SPRINT_503_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | | Downstream automation awaiting assembler staffing outcome. | PROGRAM-STAFF-1001 | ECOB0101 |
| EXPORT-OBS-51-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | | Downstream automation awaiting assembler staffing outcome. | PROGRAM-STAFF-1001 | ECOB0101 |
| EXPORT-OBS-52-001 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild | src/ExportCenter/StellaOps.ExportCenter | Publish timeline events for export lifecycle (`export.requested`, `export.built`, `export.distributed`, `export.failed`) embedding manifest hashes and evidence refs. Provide dedupe + retry logic. Dependencies: EXPORT-OBS-51-001. | Requires shared middleware from task #1 | ECOB0101 |
| EXPORT-OBS-53-001 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild · Evidence Locker Guild | src/ExportCenter/StellaOps.ExportCenter | Push export manifests + distribution transcripts to evidence locker bundles, ensuring Merkle root alignment and DSSE pre-sign data available. Dependencies: EXPORT-OBS-52-001. | Blocked on Evidence Locker DSSE API (002_ATEL0101) | ECOB0101 |
| EXPORT-OBS-54-001 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild · Provenance Guild | src/ExportCenter/StellaOps.ExportCenter | Produce DSSE attestations for each export artifact and distribution target, expose verification API `/exports/{id}/attestation`, and integrate with CLI verify path. Dependencies: EXPORT-OBS-53-001. | PROGRAM-STAFF-1001; EXPORT-MIRROR-ORCH-1501 | ECOB0101 |
@@ -3270,8 +3270,8 @@
| FEEDCONN-CCCS-02-009 | TODO | | SPRINT_117_concelier_vi | Concelier Connector Guild CCCS (src/Concelier/__Libraries/StellaOps.Concelier.Connector.Cccs) | src/Concelier/__Libraries/StellaOps.Concelier.Connector.Cccs | Emit CCCS version ranges into `advisory_observations.affected.versions[]` with provenance anchors (`cccs:{serial}:{index}`) and normalized comparison keys per the Link-Not-Merge schema/doc recipes. Depends on CONCELIER-LNM-21-001. | — | FEFC0101 |
| FEEDCONN-CERTBUND-02-010 | TODO | | SPRINT_117_concelier_vi | Concelier Connector Guild CertBund (src/Concelier/__Libraries/StellaOps.Concelier.Connector.CertBund) | src/Concelier/__Libraries/StellaOps.Concelier.Connector.CertBund | Translate CERT-Bund `product.Versions` phrases into normalized ranges + provenance identifiers (`certbund:{advisoryId}:{vendor}`) while retaining localisation notes; update mapper/tests for Link-Not-Merge. Depends on CONCELIER-LNM-21-001. | — | FEFC0101 |
| FEEDCONN-CISCO-02-009 | DOING | 2025-11-08 | SPRINT_117_concelier_vi | Concelier Connector Guild Cisco (src/Concelier/__Libraries/StellaOps.Concelier.Connector.Vndr.Cisco) | src/Concelier/__Libraries/StellaOps.Concelier.Connector.Vndr.Cisco | Emit Cisco SemVer ranges into the new observation schema with provenance IDs (`cisco:{productId}`) and deterministic comparison keys; refresh fixtures to remove merge counters. Depends on CONCELIER-LNM-21-001. | — | FEFC0101 |
| FEEDCONN-ICSCISA-02-012 | BLOCKED | | SPRINT_503_ops_devops_i | Concelier Feed Owners | | Overdue provenance refreshes require schedule from feed owners. | FEED-REMEDIATION-1001 | FEFC0101 |
| FEEDCONN-KISA-02-008 | BLOCKED | | SPRINT_503_ops_devops_i | Concelier Feed Owners | | FEED-REMEDIATION-1001 | FEED-REMEDIATION-1001 | FEFC0101 |
| FEEDCONN-ICSCISA-02-012 | BLOCKED | | SPRINT_0503_0001_0001_ops_devops_i | Concelier Feed Owners | | Overdue provenance refreshes require schedule from feed owners. | FEED-REMEDIATION-1001 | FEFC0101 |
| FEEDCONN-KISA-02-008 | BLOCKED | | SPRINT_0503_0001_0001_ops_devops_i | Concelier Feed Owners | | FEED-REMEDIATION-1001 | FEED-REMEDIATION-1001 | FEFC0101 |
| FORENSICS-53-001 | TODO | | SPRINT_202_cli_ii | Forensics Guild | src/Cli/StellaOps.Cli | Replay data set | Replay data set | FONS0101 |
| FORENSICS-53-002 | TODO | | SPRINT_304_docs_tasks_md_iv | Forensics Guild | | FORENSICS-53-001 | FORENSICS-53-001 | FONS0101 |
| FORENSICS-53-003 | TODO | | SPRINT_304_docs_tasks_md_iv | Forensics Guild | | FORENSICS-53-001 | FORENSICS-53-001 | FONS0101 |
@@ -3326,10 +3326,10 @@
| GRAPH-INDEX-28-010 | TODO | | SPRINT_0140_0001_0001_runtime_signals | — | | Packaging/offline bundles paused until upstream graph jobs are available to embed. | — | ORGR0101 |
| GRAPH-INDEX-28-011 | TODO | 2025-11-04 | SPRINT_0207_0001_0001_graph | Graph Index Guild | src/Graph/StellaOps.Graph.Indexer | Wire SBOM ingest runtime to emit graph snapshot artifacts, add DI factory helpers, and document Mongo/snapshot environment guidance. Dependencies: GRAPH-INDEX-28-002..006. | GRSC0101 outputs | GRIX0101 |
| GRAPH-OPS-0001 | DONE (2025-11-26) | 2025-11-26 | SPRINT_321_docs_modules_graph | Ops Guild | docs/modules/graph | Review graph observability dashboards/runbooks after the next sprint demo. | GRUI0101 | GRDG0101 |
| HELM-45-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild (ops/deployment) | ops/deployment | | | GRIX0101 |
| HELM-45-002 | TODO | | SPRINT_502_ops_deployment_ii | Deployment Guild, Security Guild (ops/deployment) | ops/deployment | Add TLS/Ingress, NetworkPolicy, PodSecurityContexts, Secrets integration (external secrets), and document security posture. Dependencies: HELM-45-001. | | GRIX0101 |
| HELM-45-003 | TODO | | SPRINT_502_ops_deployment_ii | Deployment Guild, Observability Guild (ops/deployment) | ops/deployment | Implement HPA, PDB, readiness gates, Prometheus scraping annotations, OTel configuration hooks, and upgrade hooks. Dependencies: HELM-45-002. | | GRIX0101 |
| ICSCISA-02-012 | BLOCKED | | SPRINT_503_ops_devops_i | Concelier Feed Owners (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | src/Concelier/__Libraries/StellaOps.Concelier.Core | FEED-REMEDIATION-1001 | FEED-REMEDIATION-1001 | CCFD0101 |
| HELM-45-001 | TODO | | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild (ops/deployment) | ops/deployment | | | GRIX0101 |
| HELM-45-002 | TODO | | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment Guild, Security Guild (ops/deployment) | ops/deployment | Add TLS/Ingress, NetworkPolicy, PodSecurityContexts, Secrets integration (external secrets), and document security posture. Dependencies: HELM-45-001. | | GRIX0101 |
| HELM-45-003 | TODO | | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment Guild, Observability Guild (ops/deployment) | ops/deployment | Implement HPA, PDB, readiness gates, Prometheus scraping annotations, OTel configuration hooks, and upgrade hooks. Dependencies: HELM-45-002. | | GRIX0101 |
| ICSCISA-02-012 | BLOCKED | | SPRINT_0503_0001_0001_ops_devops_i | Concelier Feed Owners (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | src/Concelier/__Libraries/StellaOps.Concelier.Core | FEED-REMEDIATION-1001 | FEED-REMEDIATION-1001 | CCFD0101 |
| IMP-56-001 | TODO | | SPRINT_510_airgap | AirGap Importer Guild | src/AirGap/StellaOps.AirGap.Importer | Harden base importer pipeline. | EXAG0101 | GRIX0101 |
| IMP-56-002 | TODO | | SPRINT_510_airgap | AirGap Importer + Security Guilds | src/AirGap/StellaOps.AirGap.Importer | IMP-56-001 | IMP-56-001 | IMIM0101 |
| IMP-57-001 | TODO | | SPRINT_510_airgap | AirGap Importer Guild | src/AirGap/StellaOps.AirGap.Importer | IMP-56-002 | IMP-56-002 | IMIM0101 |
@@ -3351,7 +3351,7 @@
| INSTALL-46-001 | TODO | | SPRINT_305_docs_tasks_md_v | Docs Guild · Security Guild | | INSTALL-45-001 | INSTALL-45-001 | INST0101 |
| INSTALL-50-001 | TODO | | SPRINT_305_docs_tasks_md_v | Docs Guild · Support Guild | | INSTALL-44-001 | INSTALL-44-001 | INST0101 |
| KEV providers` | TODO | | SPRINT_115_concelier_iv | Concelier Core + Risk Engine Guilds (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | src/Concelier/__Libraries/StellaOps.Concelier.Core | Surface vendor-provided CVSS/KEV/fix data exactly as published (with provenance anchors) through provider APIs so risk engines can reason about upstream intent. | ICSCISA-02-012 | CCFD0101 |
| KISA-02-008 | BLOCKED | | SPRINT_503_ops_devops_i | Concelier Feed Owners | | | FEED-REMEDIATION-1001 | LATC0101 |
| KISA-02-008 | BLOCKED | | SPRINT_0503_0001_0001_ops_devops_i | Concelier Feed Owners | | | FEED-REMEDIATION-1001 | LATC0101 |
| KMS-73-001 | DONE (2025-11-03) | 2025-11-03 | SPRINT_100_identity_signing | KMS Guild (src/__Libraries/StellaOps.Cryptography.Kms) | src/__Libraries/StellaOps.Cryptography.Kms | AWS/GCP KMS drivers landed with digest-first signing, metadata caching, config samples, and docs/tests green. | AWS/GCP KMS drivers landed with digest-first signing, metadata caching, config samples, and docs/tests green. | KMSI0102 |
| KMS-73-002 | DONE (2025-11-03) | 2025-11-03 | SPRINT_100_identity_signing | KMS Guild (src/__Libraries/StellaOps.Cryptography.Kms) | src/__Libraries/StellaOps.Cryptography.Kms | PKCS#11 + FIDO2 drivers shipped (deterministic digesting, authenticator factories, DI extensions) with docs + xUnit fakes covering sign/verify/export flows. | FIDO2 | KMSI0102 |
| LATTICE-401-023 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Scanner Guild · Policy Guild | `docs/reachability/lattice.md`, `docs/modules/scanner/architecture.md`, `src/Scanner/StellaOps.Scanner.WebService` | Update reachability/lattice docs + examples. | GRSC0101 & RBRE0101 | LEDG0101 |
@@ -3409,12 +3409,12 @@
| LNM-22-005 | BLOCKED (2025-10-27) | 2025-10-27 | SPRINT_305_docs_tasks_md_v | Docs + UI Guild | | Docs update for UI flows. | DOCS-LNM-22-004 | IMPT0101 |
| LNM-22-007 | TODO | | SPRINT_305_docs_tasks_md_v | Docs Guild · Observability Guild | docs/modules/concelier/link-not-merge.md | Publish `/docs/observability/aggregation.md` with metrics/traces/logs/SLOs. Dependencies: DOCS-LNM-22-005. | DOCS-LNM-22-005 | DOLN0102 |
| LNM-22-008 | DONE | 2025-11-03 | SPRINT_117_concelier_vi | Docs Guild · DevOps Guild | docs/modules/concelier/link-not-merge.md | Document Link-Not-Merge migration playbook updates in `docs/migration/no-merge.md`, including rollback guidance. | LNM-22-007 | DOLN0102 |
| MIRROR-CRT-56-001 | TODO | | SPRINT_0506_ops_devops_iv | Mirror Creator Guild | | Deterministic assembler has no owner; kickoff rescheduled to 2025-11-15. | PROGRAM-STAFF-1001 | ATMI0101 |
| MIRROR-CRT-56-002 | TODO | | SPRINT_0506_ops_devops_iv | Mirror Creator · Security Guilds | | DSSE/TUF metadata follows assembler baseline. | MIRROR-CRT-56-001; MIRROR-DSSE-REV-1501; PROV-OBS-53-001 | ATMI0101 |
| MIRROR-CRT-57-001 | TODO | | SPRINT_0506_ops_devops_iv | Mirror Creator Guild · AirGap Time Guild | | OCI/time-anchor workstreams blocked pending assembler + time contract. | MIRROR-CRT-56-001; AIRGAP-TIME-CONTRACT-1501; AIRGAP-TIME-57-001 | ATMI0101 |
| MIRROR-CRT-57-002 | TODO | | SPRINT_0506_ops_devops_iv | Mirror Creator Guild · AirGap Time Guild | | MIRROR-CRT-56-001; AIRGAP-TIME-CONTRACT-1501; AIRGAP-TIME-57-001 | MIRROR-CRT-56-001; AIRGAP-TIME-CONTRACT-1501; AIRGAP-TIME-57-001 | ATMI0101 |
| MIRROR-CRT-58-001 | TODO | | SPRINT_0506_ops_devops_iv | Mirror Creator Guild · CLI Guild · Exporter Guild | | CLI + Export automation depends on assembler and DSSE/TUF track. | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | ATMI0101 |
| MIRROR-CRT-58-002 | TODO | | SPRINT_0506_ops_devops_iv | Mirror Creator Guild · CLI Guild · Exporter Guild | | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | ATMI0101 |
| MIRROR-CRT-56-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator Guild | | Deterministic assembler has no owner; kickoff rescheduled to 2025-11-15. | PROGRAM-STAFF-1001 | ATMI0101 |
| MIRROR-CRT-56-002 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator · Security Guilds | | DSSE/TUF metadata follows assembler baseline. | MIRROR-CRT-56-001; MIRROR-DSSE-REV-1501; PROV-OBS-53-001 | ATMI0101 |
| MIRROR-CRT-57-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator Guild · AirGap Time Guild | | OCI/time-anchor workstreams blocked pending assembler + time contract. | MIRROR-CRT-56-001; AIRGAP-TIME-CONTRACT-1501; AIRGAP-TIME-57-001 | ATMI0101 |
| MIRROR-CRT-57-002 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator Guild · AirGap Time Guild | | MIRROR-CRT-56-001; AIRGAP-TIME-CONTRACT-1501; AIRGAP-TIME-57-001 | MIRROR-CRT-56-001; AIRGAP-TIME-CONTRACT-1501; AIRGAP-TIME-57-001 | ATMI0101 |
| MIRROR-CRT-58-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator Guild · CLI Guild · Exporter Guild | | CLI + Export automation depends on assembler and DSSE/TUF track. | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | ATMI0101 |
| MIRROR-CRT-58-002 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator Guild · CLI Guild · Exporter Guild | | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | ATMI0101 |
| MTLS-11-002 | DONE | 2025-11-08 | SPRINT_100_identity_signing | Authority Core & Security Guild | src/Authority/StellaOps.Authority | Refresh grants enforce original client cert, tokens persist `x5t#S256` metadata, docs updated. | AUTH-DPOP-11-001 | AUIN0102 |
| NATIVE-401-015 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Scanner Worker Guild | `src/Scanner/__Libraries/StellaOps.Scanner.Symbols.Native`, `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph.Native` | Bootstrap Symbols.Native + CallGraph.Native scaffolding and coverage fixtures. | Needs replay requirements from DORR0101 | SCNA0101 |
| NOTIFY-38-001 | TODO | | SPRINT_0214_0001_0001_web_iii | BE-Base Platform Guild | src/Web/StellaOps.Web | Route approval/rule APIs through Web gateway with tenant scopes. | Wait for NOTY0103 approval payload schema | NOWB0101 |
@@ -3466,30 +3466,30 @@
| OBS-50-002 | DOING | | SPRINT_170_notifications_telemetry | Telemetry Core Guild | | Roll out collectors/helm overlays + regression tests for exporters. | Needs 50-001 baseline in main | |
| OBS-50-003 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild · Observability Guild | | Update collector deployment + metrics catalog docs. | Needs scrubber decisions from TLTY0102 | |
| OBS-50-004 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild · Observability Guild | | Add SOP for telemetry scrub policies + troubleshooting. | Requires 50-003 outline | |
| OBS-51-001 | TODO | | SPRINT_503_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | | Build SLO bus + queue depth metrics feeding CLI/exporter dashboards. | PROGRAM-STAFF-1001 | |
| OBS-51-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | | Build SLO bus + queue depth metrics feeding CLI/exporter dashboards. | PROGRAM-STAFF-1001 | |
| OBS-51-002 | TODO | | SPRINT_170_notifications_telemetry | Telemetry Core Guild · Observability Guild | | Enable shadow-mode evaluators + roll into main collectors. | Depends on 51-001 shadow mode | |
| OBS-52-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Emit ingest latency/queue/AOC metrics with burn-rate alerts. | Needs ATLN0101 schema | |
| OBS-52-002 | TODO | | SPRINT_160_export_evidence | Timeline Indexer Guild | | Configure streaming pipeline (retention/partitioning/backpressure). | Needs Concelier metrics | |
| OBS-52-003 | TODO | | SPRINT_160_export_evidence | Timeline Indexer Guild | | Add CI validation + schema enforcement for timeline events. | Depends on 52-002 | |
| OBS-52-004 | TODO | | SPRINT_160_export_evidence | Timeline Indexer + Security Guilds | | Harden stream (auth, encryption) + produce DSSE proofs. | Requires 52-003 outputs | |
| OBS-53-001 | TODO | | SPRINT_503_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | | Establish provenance SLO signals + exporter hooks. | PROGRAM-STAFF-1001 | |
| OBS-53-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | | Establish provenance SLO signals + exporter hooks. | PROGRAM-STAFF-1001 | |
| OBS-53-002 | TODO | | SPRINT_0513_0001_0001_provenance | Provenance + Security Guild | src/Provenance/StellaOps.Provenance.Attestation | Add attestation metrics/log scrubbers in Provenance.Attestation. | Depends on 53-001 | |
| OBS-53-003 | TODO | | SPRINT_0513_0001_0001_provenance | Provenance Guild | src/Provenance/StellaOps.Provenance.Attestation | Ship dashboards/tests proving attestation observability. | Requires 53-002 outputs | |
| OBS-54-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild · Provenance Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Needs shared exporter from 1039_EXPORT-OBS-54-001 | Needs shared exporter from 1039_EXPORT-OBS-54-001 | CNOB0101 |
| OBS-54-002 | TODO | | SPRINT_161_evidencelocker | Evidence Locker Guild | `src/EvidenceLocker/StellaOps.EvidenceLocker` | Add metrics/logs/alerts for Evidence Locker flows. | Needs provenance metrics | |
| OBS-55-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core & DevOps Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Refresh ops automation/runbooks referencing new metrics. | Depends on 52-001 outputs | |
| OBS-56-001 | TODO | | SPRINT_174_telemetry | Telemetry Core Guild | src/Telemetry/StellaOps.Telemetry.Core | Produce air-gap collector bundle + signed configs/tests. | Needs telemetry baseline from TLTY0102 | |
| OFFLINE-17-004 | BLOCKED | 2025-10-26 | SPRINT_508_ops_offline_kit | Offline Kit Guild · DevOps Guild | ops/offline-kit | Repackage release-17 bundle with new DSSE receipts + verification logs. | Needs PROGRAM-STAFF-1001 approvals | |
| OFFLINE-34-006 | TODO | | SPRINT_508_ops_offline_kit | Offline Kit + Orchestrator Guild | ops/offline-kit | Add orchestrator automation bundle + docs to kit. | Requires mirror time anchors | |
| OFFLINE-37-001 | TODO | | SPRINT_508_ops_offline_kit | Offline Kit + Exporter Guild | ops/offline-kit | Ship export evidence bundle + checksum manifests. | Depends on Export Center artefacts | |
| OFFLINE-37-002 | TODO | | SPRINT_508_ops_offline_kit | Offline Kit + Notifications Guild | ops/offline-kit | Bundle notifier templates + channel configs for offline ops. | Needs notifier templates from NOIA0101 | |
| OFFLINE-CONTAINERS-46-001 | TODO | | SPRINT_508_ops_offline_kit | Offline Kit + Deployment Guild | ops/offline-kit | Include container air-gap bundle, verification docs, and mirrored registry instructions inside Offline Kit. | Requires container hardening guidance | |
| OPENSSL-11-001 | TODO | 2025-11-06 | SPRINT_505_ops_devops_iii | DevOps Guild · Build Infra Guild | ops/devops | Rebuild OpenSSL libs + publish reproducible logs/tarballs. | Needs patched toolchain spec | |
| OPENSSL-11-002 | TODO | 2025-11-06 | SPRINT_505_ops_devops_iii | DevOps Guild · CI Guild | ops/devops | Update CI images + pipelines with new OpenSSL packages and smoke tests. | Depends on 11-001 artefacts | |
| OFFLINE-17-004 | BLOCKED | 2025-10-26 | SPRINT_0508_0001_0001_ops_offline_kit | Offline Kit Guild · DevOps Guild | ops/offline-kit | Repackage release-17 bundle with new DSSE receipts + verification logs. | Needs PROGRAM-STAFF-1001 approvals | |
| OFFLINE-34-006 | TODO | | SPRINT_0508_0001_0001_ops_offline_kit | Offline Kit + Orchestrator Guild | ops/offline-kit | Add orchestrator automation bundle + docs to kit. | Requires mirror time anchors | |
| OFFLINE-37-001 | TODO | | SPRINT_0508_0001_0001_ops_offline_kit | Offline Kit + Exporter Guild | ops/offline-kit | Ship export evidence bundle + checksum manifests. | Depends on Export Center artefacts | |
| OFFLINE-37-002 | TODO | | SPRINT_0508_0001_0001_ops_offline_kit | Offline Kit + Notifications Guild | ops/offline-kit | Bundle notifier templates + channel configs for offline ops. | Needs notifier templates from NOIA0101 | |
| OFFLINE-CONTAINERS-46-001 | TODO | | SPRINT_0508_0001_0001_ops_offline_kit | Offline Kit + Deployment Guild | ops/offline-kit | Include container air-gap bundle, verification docs, and mirrored registry instructions inside Offline Kit. | Requires container hardening guidance | |
| OPENSSL-11-001 | TODO | 2025-11-06 | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild · Build Infra Guild | ops/devops | Rebuild OpenSSL libs + publish reproducible logs/tarballs. | Needs patched toolchain spec | |
| OPENSSL-11-002 | TODO | 2025-11-06 | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild · CI Guild | ops/devops | Update CI images + pipelines with new OpenSSL packages and smoke tests. | Depends on 11-001 artefacts | |
| OPS-0001 | DONE | 2025-11-07 | SPRINT_333_docs_modules_excititor | Ops Guild (docs/modules/excitor) | docs/modules/excitor | | | |
| OPS-ENV-01 | TODO | | SPRINT_507_ops_devops_v | DevOps Guild · Scanner Guild | ops/devops | Update deployment manifests (Helm/Compose) and configuration docs to include Surface.Env variables for Scanner and Zastava services. | Needs finalized Surface.Env schema | |
| OPS-SECRETS-01 | TODO | | SPRINT_507_ops_devops_v | DevOps + Security Guild | ops/devops | Define secret provisioning workflow (Kubernetes, Compose, Offline Kit) for Surface.Secrets references and update runbooks. | Depends on env updates | |
| OPS-SECRETS-02 | TODO | | SPRINT_507_ops_devops_v | DevOps + Offline Kit Guild | ops/devops | Embed Surface.Secrets material (encrypted bundles, manifests) into offline kit packaging scripts. Dependencies: OPS-SECRETS-01. | Requires 01 workflow | |
| OPS-ENV-01 | TODO | | SPRINT_0507_0001_0001_ops_devops_v | DevOps Guild · Scanner Guild | ops/devops | Update deployment manifests (Helm/Compose) and configuration docs to include Surface.Env variables for Scanner and Zastava services. | Needs finalized Surface.Env schema | |
| OPS-SECRETS-01 | TODO | | SPRINT_0507_0001_0001_ops_devops_v | DevOps + Security Guild | ops/devops | Define secret provisioning workflow (Kubernetes, Compose, Offline Kit) for Surface.Secrets references and update runbooks. | Depends on env updates | |
| OPS-SECRETS-02 | TODO | | SPRINT_0507_0001_0001_ops_devops_v | DevOps + Offline Kit Guild | ops/devops | Embed Surface.Secrets material (encrypted bundles, manifests) into offline kit packaging scripts. Dependencies: OPS-SECRETS-01. | Requires 01 workflow | |
| ORCH-32-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | — | — | ORGR0102 |
| ORCH-32-002 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | — | — | ORGR0102 |
| ORCH-33-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | — | — | ORGR0102 |
@@ -3523,7 +3523,7 @@
| ORCH-OPS-0001 | DONE | | SPRINT_0323_0001_0001_docs_modules_orchestrator | Ops Guild | docs/modules/orchestrator | Review orchestrator runbooks/observability checklists post-demo. | Requires obs/export docs | |
| PACKS-42-001 | TODO | | SPRINT_0121_0001_0001_policy_reasoning | Findings Ledger Guild | src/Findings/StellaOps.Findings.Ledger | Provide snapshot/time-travel APIs, digestable exports for pack simulation + CLI offline mode. | Needs ORSC0104 event IDs | |
| PACKS-43-001 | DONE | 2025-11-09 | SPRINT_100_identity_signing | Packs Guild · Authority Guild | src/Authority/StellaOps.Authority | Canonical pack bundle + docs for release 43. | AUTH-PACKS-41-001; TASKRUN-42-001; ORCH-SVC-42-101 | |
| PACKS-43-002 | TODO | | SPRINT_508_ops_offline_kit | Offline Kit Guild, Packs Registry Guild (ops/offline-kit) | ops/offline-kit | | | |
| PACKS-43-002 | TODO | | SPRINT_0508_0001_0001_ops_offline_kit | Offline Kit Guild, Packs Registry Guild (ops/offline-kit) | ops/offline-kit | | | |
| PACKS-REG-41-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0154_0001_0001_packsregistry | Packs Registry Guild | src/PacksRegistry/StellaOps.PacksRegistry | Implement registry service, migrations for `packs_index`, `parity_matrix`, provenance docs; support pack upload/list/get, signature verification, RBAC enforcement, and provenance manifest storage. | Needs ORSC0104 event feeds | |
| PACKS-REG-42-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0154_0001_0001_packsregistry | Packs Registry Guild | src/PacksRegistry/StellaOps.PacksRegistry | Add version lifecycle (promote/deprecate), tenant allowlists, provenance export, signature rotation, audit logs, and Offline Kit seed support. Dependencies: PACKS-REG-41-001. | Depends on 41-001 | |
| PACKS-REG-43-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0154_0001_0001_packsregistry | Packs Registry Guild | src/PacksRegistry/StellaOps.PacksRegistry | Implement registry mirroring, pack signing policies, attestation integration, and compliance dashboards; integrate with Export Center. Dependencies: PACKS-REG-42-001. | Needs 42-001 | |
@@ -3709,7 +3709,7 @@
| REGISTRY-API-27-008 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Implement promotion bindings per tenant/environment with canary subsets, rollback path, and environment history | REGISTRY-API-27-007 | |
| REGISTRY-API-27-009 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild, Observability Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Instrument metrics/logs/traces | REGISTRY-API-27-008 | |
| REGISTRY-API-27-010 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild, QA Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Build unit/integration/load test suites for compile/sim/review/publish/promote flows; provide seeded fixtures for CI | REGISTRY-API-27-009 | |
| REL-17-004 | BLOCKED | 2025-10-26 | SPRINT_506_ops_devops_iv | DevOps Guild (ops/devops) | ops/devops | | | |
| REL-17-004 | BLOCKED | 2025-10-26 | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild (ops/devops) | ops/devops | | | |
| REP-004 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | BE-Base Platform Guild (`src/__Libraries/StellaOps.Replay.Core`, `docs/replay/DETERMINISTIC_REPLAY.md`) | `src/__Libraries/StellaOps.Replay.Core`, `docs/replay/DETERMINISTIC_REPLAY.md` | | | |
| REPLAY-185-003 | TODO | | SPRINT_185_shared_replay_primitives | Docs Guild, Platform Data Guild (docs) | | | | |
| REPLAY-185-004 | TODO | | SPRINT_185_shared_replay_primitives | Docs Guild (docs) | | | | |
@@ -3755,7 +3755,7 @@
| RISK-ENGINE-69-002 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild, Observability Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Add telemetry | RISK-ENGINE-69-001 | |
| RISK-ENGINE-70-001 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild, Export Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Support offline provider bundles with manifest verification and missing-data reporting | RISK-ENGINE-69-002 | |
| RISK-ENGINE-70-002 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild, Observability Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Integrate runtime evidence provider and reachability provider outputs with caching + TTL | RISK-ENGINE-70-001 | |
| RULES-33-001 | REVIEW (2025-10-30) | 2025-10-30 | SPRINT_506_ops_devops_iv | DevOps Guild, Platform Leads (ops/devops) | ops/devops | | | |
| RULES-33-001 | REVIEW (2025-10-30) | 2025-10-30 | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild, Platform Leads (ops/devops) | ops/devops | | | |
| RUNBOOK-401-017 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · Ops Guild (`docs/runbooks/reachability-runtime.md`, `docs/reachability/DELIVERY_GUIDE.md`) | `docs/runbooks/reachability-runtime.md`, `docs/reachability/DELIVERY_GUIDE.md` | | | |
| RUNBOOK-55-001 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild, Ops Guild (docs) | | | | |
| RUNBOOK-REPLAY-187-004 | TODO | | SPRINT_160_export_evidence | Docs/Ops Guild · `/docs/runbooks/replay_ops.md` | docs/runbooks/replay_ops.md | Docs/Ops Guild · `/docs/runbooks/replay_ops.md` | | |
@@ -3784,7 +3784,7 @@
| SBOM-VULN-29-001 | TODO | | SPRINT_0140_0001_0001_runtime_signals | | | Inventory evidence feed deferred until projection schema + runtime align. | | |
| SBOM-VULN-29-002 | TODO | | SPRINT_0140_0001_0001_runtime_signals | | | Resolver feed requires 29-001 event payloads. | | |
| SCAN-001 | TODO | | SPRINT_400_runtime_facts_static_callgraph_union | Scanner Worker Guild (`src/Scanner/StellaOps.Scanner.Worker`, `docs/modules/scanner/architecture.md`, `docs/reachability/function-level-evidence.md`) | `src/Scanner/StellaOps.Scanner.Worker`, `docs/modules/scanner/architecture.md`, `docs/reachability/function-level-evidence.md` | | | |
| SCAN-90-004 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild, Scanner Guild (ops/devops) | ops/devops | | | |
| SCAN-90-004 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild, Scanner Guild (ops/devops) | ops/devops | | | |
| SCAN-DETER-186-008 | DONE (2025-11-26) | | SPRINT_186_record_deterministic_execution | Scanner Guild · Provenance Guild | `src/Scanner/StellaOps.Scanner.WebService`, `src/Scanner/StellaOps.Scanner.Worker` | Add deterministic execution switches to Scanner (fixed clock, RNG seed, concurrency cap, feed/policy snapshot pins, log filtering) available via CLI/env/config so repeated runs stay hermetic. | ENTROPY-186-012 & SCANNER-ENV-02 | SCDE0102 |
| SCAN-DETER-186-009 | TODO | | SPRINT_186_record_deterministic_execution | Scanner Guild, QA Guild (`src/Scanner/StellaOps.Scanner.Replay`, `src/Scanner/__Tests`) | `src/Scanner/StellaOps.Scanner.Replay`, `src/Scanner/__Tests` | Build a determinism harness that replays N scans per image, canonicalises SBOM/VEX/findings/log outputs, and records per-run hash matrices (see `docs/modules/scanner/determinism-score.md`). | | |
| SCAN-DETER-186-010 | TODO | | SPRINT_186_record_deterministic_execution | Scanner Guild, Export Center Guild (`src/Scanner/StellaOps.Scanner.WebService`, `docs/modules/scanner/operations/release.md`) | `src/Scanner/StellaOps.Scanner.WebService`, `docs/modules/scanner/operations/release.md` | Emit and publish `determinism.json` (scores, artifact hashes, non-identical diffs) alongside each scanner release via CAS/object storage APIs (documented in `docs/modules/scanner/determinism-score.md`). | | |
@@ -4128,7 +4128,7 @@
| SVC-43-001 | TODO | | SPRINT_164_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | |
| SYM-007 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Scanner Worker Guild & Docs Guild (`src/Scanner/StellaOps.Scanner.Models`, `docs/modules/scanner/architecture.md`, `docs/reachability/function-level-evidence.md`) | `src/Scanner/StellaOps.Scanner.Models`, `docs/modules/scanner/architecture.md`, `docs/reachability/function-level-evidence.md` | | | |
| SYMS-70-003 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild, Symbols Guild (docs) | | | | |
| SYMS-90-005 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild, Symbols Guild (ops/devops) | ops/devops | | | |
| SYMS-90-005 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild, Symbols Guild (ops/devops) | ops/devops | | | |
| SYMS-BUNDLE-401-014 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Symbols Guild · Ops | `src/Symbols/StellaOps.Symbols.Bundle`, `ops` | Produce deterministic symbol bundles for air-gapped installs (`symbols bundle create | Depends on #1 | RBSY0101 |
| SYMS-CLIENT-401-012 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Symbols Guild · Scanner Guild | `src/Symbols/StellaOps.Symbols.Client`, `src/Scanner/StellaOps.Scanner.Symbolizer` | Ship `StellaOps.Symbols.Client` SDK (resolve/upload APIs, platform key derivation for ELF/PDB/Mach-O/JVM/Node, disk LRU cache) and integrate with Scanner.Symbolizer/runtime probes (ref. `docs/specs/SYMBOL_MANIFEST_v1.md`). | Depends on #3 | RBSY0101 |
| SYMS-INGEST-401-013 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Symbols Guild · DevOps Guild | `src/Symbols/StellaOps.Symbols.Ingestor.Cli`, `docs/specs/SYMBOL_MANIFEST_v1.md` | Build `symbols ingest` CLI to emit DSSE-signed `SymbolManifest v1`, upload blobs, and register Rekor entries; document GitLab/Gitea pipeline usage. | Needs manifest updates from #1 | RBSY0101 |
@@ -4162,7 +4162,7 @@
| TEN-49-001 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | |
| TEST-186-006 | TODO | | SPRINT_186_record_deterministic_execution | Signing Guild, QA Guild (`src/Signer/StellaOps.Signer.Tests`) | `src/Signer/StellaOps.Signer.Tests` | | | |
| TEST-62-001 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild, Contract Testing Guild (docs) | | | | |
| TIME-57-001 | TODO | | SPRINT_503_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | | | PROGRAM-STAFF-1001 | |
| TIME-57-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | | | PROGRAM-STAFF-1001 | |
| TIME-57-002 | TODO | | SPRINT_510_airgap | Exporter Guild · AirGap Time Guild · CLI Guild | src/AirGap/StellaOps.AirGap.Time | PROGRAM-STAFF-1001 | PROGRAM-STAFF-1001 | AGTM0101 |
| TIME-58-001 | TODO | | SPRINT_510_airgap | AirGap Time Guild | src/AirGap/StellaOps.AirGap.Time | AIRGAP-TIME-58-001 | AIRGAP-TIME-58-001 | AGTM0101 |
| TIME-58-002 | TODO | | SPRINT_510_airgap | AirGap Time Guild · Notifications Guild | src/AirGap/StellaOps.AirGap.Time | TIME-58-001 | TIME-58-001 | AGTM0101 |