docs: normalize ops and evidence sprint headers

2025-12-06 00:07:30 +00:00
parent be8c623e04
commit 6beb9d7c4e
21 changed files with 846 additions and 840 deletions
--- a/docs/implplan/SPRINT_0125_0001_0001_mirror.md
+++ b/docs/implplan/SPRINT_0125_0001_0001_mirror.md
@@ -1,4 +1,4 @@
-# Sprint 0125_0001_0001 · Mirror Bundles
+# Sprint 0125 · Mirror Bundles
 ## Topic & Scope
 - Build the deterministic mirror bundle assembler covering advisories, VEX, policy packs, and optional OCI artefacts.
--- a/docs/implplan/SPRINT_0140_0001_0001_runtime_signals.md
+++ b/docs/implplan/SPRINT_0140_0001_0001_runtime_signals.md
@@ -1,4 +1,4 @@
-# Sprint 0140_0001_0001 · Runtime & Signals
+# Sprint 0140 · Runtime & Signals
 ## Topic & Scope
 - Coordinate Runtime & Signals wave (140.A Graph, 140.B SBOM Service, 140.C Signals, 140.D Zastava) across scanner surface caches, Link-Not-Merge schema, CAS/provenance approvals, and Surface.FS adoption.
--- a/docs/implplan/SPRINT_0142_0001_0001_sbomservice.md
+++ b/docs/implplan/SPRINT_0142_0001_0001_sbomservice.md
@@ -1,4 +1,4 @@
-# Sprint 0142_0001_0001 · Runtime & Signals — SBOM Service
+# Sprint 0142 · Runtime & Signals — SBOM Service
 ## Topic & Scope
 - Runtime & Signals stream focusing on SBOM Service projections, APIs, and orchestrator integration to support Advisory AI, Console, Graph overlays, and Vuln Explorer consumers.
--- a/docs/implplan/SPRINT_0150_0001_0001_mirror_dsse.md
+++ b/docs/implplan/SPRINT_0150_0001_0001_mirror_dsse.md
@@ -1,4 +1,4 @@
-# Sprint 0150_0001_0001 · Mirror DSSE/Time Anchors Coordination
+# Sprint 0150 · Mirror DSSE/Time Anchors Coordination
 ## Topic & Scope
 - Coordinate DSSE mirror revision (MIRROR-DSSE-REV-1501) with Security and Evidence Locker guilds.
--- a/docs/implplan/SPRINT_0150_0001_0002_mirror_time.md
+++ b/docs/implplan/SPRINT_0150_0001_0002_mirror_time.md
@@ -1,4 +1,4 @@
-# Sprint 0150_0001_0002 · Mirror Time Anchors
+# Sprint 0150 · Mirror Time Anchors
 ## Topic & Scope
 - Define time-anchor contract for mirror bundles so air-gapped imports can compute freshness/staleness deterministically (AIRGAP-TIME-CONTRACT-1501).
--- a/docs/implplan/SPRINT_0150_0001_0003_mirror_orch.md
+++ b/docs/implplan/SPRINT_0150_0001_0003_mirror_orch.md
@@ -1,4 +1,4 @@
-# Sprint 0150_0001_0003 · Mirror Orchestrator Hooks
+# Sprint 0150 · Mirror Orchestrator Hooks
 ## Topic & Scope
 - Capture orchestrator/export hook requirements for mirror bundle readiness events (EXPORT-MIRROR-ORCH-1501).
--- a/docs/implplan/SPRINT_0153_0001_0003_orchestrator_iii.md
+++ b/docs/implplan/SPRINT_0153_0001_0003_orchestrator_iii.md
@@ -1,4 +1,4 @@
-# Sprint 0153_0001_0003 · Orchestrator III (Scheduling & Automation)
+# Sprint 0153 · Orchestrator III (Scheduling & Automation)
 ## Topic & Scope
 - Deliver phase III scheduling & automation for the Orchestrator: pack-run lifecycle, event envelope standardisation, and live log streaming.
--- a/docs/implplan/SPRINT_0160_0001_0001_export_evidence.md
+++ b/docs/implplan/SPRINT_0160_0001_0001_export_evidence.md
@@ -1,4 +1,4 @@
-# Sprint 0160_0001_0001 · Export & Evidence
+# Sprint 0160 · Export & Evidence
 ## Topic & Scope
 - Snapshot coordination for export & evidence tracks (EvidenceLocker, ExportCenter, TimelineIndexer); active backlog continues in Sprint 161+.
--- a/docs/implplan/SPRINT_0161_0001_0001_evidencelocker.md
+++ b/docs/implplan/SPRINT_0161_0001_0001_evidencelocker.md
@@ -1,4 +1,4 @@
-# Sprint 0161_0001_0001 · EvidenceLocker
+# Sprint 0161 · EvidenceLocker
 ## Topic & Scope
 - Advance 160.A EvidenceLocker stream: finalize bundle packaging, replay ingest/retention, CLI/ops readiness, and sovereign crypto routing.
--- a/docs/implplan/SPRINT_0162_0001_0001_exportcenter_i.md
+++ b/docs/implplan/SPRINT_0162_0001_0001_exportcenter_i.md
@@ -1,4 +1,4 @@
-# Sprint 0162_0001_0001 · ExportCenter I (Export & Evidence Wave 160.B)
+# Sprint 0162 · ExportCenter I (Export & Evidence Wave 160.B)
 ## Topic & Scope
 - Phase I for ExportCenter: mirror/bootstrap profiles, portable evidence exports, attestation bundles, OAS/SDK updates, DevPortal verification CLI prototype.
--- a/docs/implplan/SPRINT_0163_0001_0001_exportcenter_ii.md
+++ b/docs/implplan/SPRINT_0163_0001_0001_exportcenter_ii.md
@@ -1,4 +1,4 @@
-# Sprint 0163_0001_0001 · ExportCenter II (Export & Evidence Wave 160.B)
+# Sprint 0163 · ExportCenter II (Export & Evidence Wave 160.B)
 ## Topic & Scope
 - Phase II for ExportCenter: observability/audit, deprecation path, service core hardening, risk bundles, and crypto parity matching EvidenceLocker.
--- a/docs/implplan/SPRINT_0165_0001_0001_timelineindexer.md
+++ b/docs/implplan/SPRINT_0165_0001_0001_timelineindexer.md
@@ -1,4 +1,4 @@
-# Sprint 0165_0001_0001 · Timeline Indexer (Export & Evidence 160.C)
+# Sprint 0165 · Timeline Indexer (Export & Evidence 160.C)
 ## Topic & Scope
 - Bootstrap Timeline Indexer service: migrations/RLS, ingestion, query APIs, and evidence linkage.
--- a/docs/implplan/SPRINT_0500_0001_0001_ops_offline.md
+++ b/docs/implplan/SPRINT_0500_0001_0001_ops_offline.md
@@ -1,4 +1,4 @@
-# Sprint 0500_0001_0001 · Ops & Offline
+# Sprint 0500 · Ops & Offline
 > **BLOCKED Tasks:** Before working on BLOCKED tasks, review [BLOCKED_DEPENDENCY_TREE.md](./BLOCKED_DEPENDENCY_TREE.md) for root blockers and dependencies.
--- a/docs/implplan/SPRINT_0501_0001_0001_ops_deployment_i.md
+++ b/docs/implplan/SPRINT_0501_0001_0001_ops_deployment_i.md
@@ -1,4 +1,4 @@
-# Sprint 0501_0001_0001 · Ops & Offline · 190.A) Ops Deployment I
+# Sprint 0501 · Ops & Offline · 190.A) Ops Deployment I
 Active items only. Completed/historic work now resides in docs/implplan/archived/tasks.md (updated 2025-11-08).
@@ -24,9 +24,9 @@ Depends on: Sprint 100.A - Attestor, Sprint 110.A - AdvisoryAI, Sprint 120.A - A
 | Task ID | State | Task description | Owners (Source) |
 | --- | --- | --- | --- |
 | COMPOSE-44-001 | BLOCKED | Author `docker-compose.yml`, `.env.example`, and `quickstart.sh` with all core services + dependencies (postgres, redis, object-store, queue, otel). | Deployment Guild, DevEx Guild (ops/deployment) |
-| COMPOSE-44-002 | TODO | Implement `backup.sh` and `reset.sh` scripts with safety prompts and documentation. Dependencies: COMPOSE-44-001. | Deployment Guild (ops/deployment) |
+| COMPOSE-44-002 | DONE (2025-12-05) | Implement `backup.sh` and `reset.sh` scripts with safety prompts and documentation. Dependencies: COMPOSE-44-001. | Deployment Guild (ops/deployment) |
 | COMPOSE-44-003 | TODO | Package seed data container and onboarding wizard toggle (`QUICKSTART_MODE`), ensuring default creds randomized on first run. Dependencies: COMPOSE-44-002. | Deployment Guild, Docs Guild (ops/deployment) |
-| DEPLOY-AIAI-31-001 | TODO | Provide Helm/Compose manifests, GPU toggle, scaling/runbook, and offline kit instructions for Advisory AI service + inference container. | Deployment Guild, Advisory AI Guild (ops/deployment) |
+| DEPLOY-AIAI-31-001 | DONE (2025-12-05) | Provide Helm/Compose manifests, GPU toggle, scaling/runbook, and offline kit instructions for Advisory AI service + inference container. | Deployment Guild, Advisory AI Guild (ops/deployment) |
 | DEPLOY-AIRGAP-46-001 | BLOCKED (2025-11-25) | Provide instructions and scripts (`load.sh`) for importing air-gap bundle into private registry; update Offline Kit guide. | Deployment Guild, Offline Kit Guild (ops/deployment) |
 | DEPLOY-CLI-41-001 | DONE (2025-12-05) | Package CLI release artifacts (tarballs per OS/arch, checksums, signatures, completions, container image) and publish distribution docs. | Deployment Guild, DevEx/CLI Guild (ops/deployment) |
 | DEPLOY-COMPOSE-44-001 | TODO | Finalize Quickstart scripts (`quickstart.sh`, `backup.sh`, `reset.sh`), seed data container, and publish README with imposed rule reminder. | Deployment Guild (ops/deployment) |
@@ -34,10 +34,10 @@ Depends on: Sprint 100.A - Attestor, Sprint 110.A - AdvisoryAI, Sprint 120.A - A
 | DEPLOY-EXPORT-36-001 | TODO | Document OCI/object storage distribution workflows, registry credential automation, and monitoring hooks for exports. Dependencies: DEPLOY-EXPORT-35-001. | Deployment Guild, Exporter Service Guild (ops/deployment) |
 | DEPLOY-HELM-45-001 | DONE (2025-12-05) | Publish Helm install guide and sample values for prod/airgap; integrate with docs site build. | Deployment Guild (ops/deployment) |
 | DEPLOY-NOTIFY-38-001 | BLOCKED (2025-10-29) | Package notifier API/worker Helm overlays (email/chat/webhook), secrets templates, rollout guide. | Deployment Guild, DevOps Guild (ops/deployment) |
-| DEPLOY-ORCH-34-001 | TODO | Provide orchestrator Helm/Compose manifests, scaling defaults, secret templates, offline kit instructions, and GA rollout/rollback playbook. | Deployment Guild, Orchestrator Service Guild (ops/deployment) |
+| DEPLOY-ORCH-34-001 | BLOCKED (2025-12-05) | Provide orchestrator Helm/Compose manifests, scaling defaults, secret templates, offline kit instructions, and GA rollout/rollback playbook. | Deployment Guild, Orchestrator Service Guild (ops/deployment) |
 | DEPLOY-PACKS-42-001 | TODO | Provide deployment manifests for packs-registry and task-runner services, including Helm/Compose overlays, scaling defaults, and secret templates. | Deployment Guild, Packs Registry Guild (ops/deployment) |
 | DEPLOY-PACKS-43-001 | TODO | Ship remote Task Runner worker profiles, object storage bootstrap, approval workflow integration, and Offline Kit packaging instructions. Dependencies: DEPLOY-PACKS-42-001. | Deployment Guild, Task Runner Guild (ops/deployment) |
-| DEPLOY-POLICY-27-001 | TODO | Produce Helm/Compose overlays for Policy Registry + simulation workers, including Mongo migrations, object storage buckets, signing key secrets, and tenancy defaults. | Deployment Guild, Policy Registry Guild (ops/deployment) |
+| DEPLOY-POLICY-27-001 | BLOCKED (2025-12-05) | Produce Helm/Compose overlays for Policy Registry + simulation workers, including Mongo migrations, object storage buckets, signing key secrets, and tenancy defaults. | Deployment Guild, Policy Registry Guild (ops/deployment) |
 | DEPLOY-MIRROR-23-001 | BLOCKED (2025-11-23) | Publish signed mirror/offline artefacts; needs `MIRROR_SIGN_KEY_B64` wired in CI (from MIRROR-KEY-56-002-CI) and Attestor mirror contract. | Deployment Guild, Security Guild (ops/deployment) |
 | DEVOPS-MIRROR-23-001-REL | BLOCKED (2025-11-25) | Release lane for advisory mirror bundles; migrated from `SPRINT_0112_0001_0001_concelier_i`, shares dependencies with DEPLOY-MIRROR-23-001 (Attestor contract, CI signing secret). | DevOps Guild · Security Guild (ops/deployment) |
 | DEPLOY-LEDGER-29-009 | BLOCKED (2025-11-23) | Provide Helm/Compose/offline-kit manifests + backup/restore runbook paths for Findings Ledger; waits on DevOps-approved target directories before committing artefacts. | Deployment Guild, Findings Ledger Guild, DevOps Guild (ops/deployment) |
@@ -45,8 +45,12 @@ Depends on: Sprint 100.A - Attestor, Sprint 110.A - AdvisoryAI, Sprint 120.A - A
 ## Execution Log
 | Date (UTC) | Update | Owner |
 | --- | --- | --- |
 | 2025-12-05 | Completed DEPLOY-AIAI-31-001: documented advisory AI Helm/Compose GPU toggle and offline kit pickup (`ops/deployment/advisory-ai/README.md`), added compose GPU overlay, marked task DONE. | Deployment Guild |
 | 2025-12-05 | Completed COMPOSE-44-002: added backup/reset scripts (`deploy/compose/scripts/backup.sh`, `reset.sh`) with safety prompts; documented in compose README; marked task DONE. | Deployment Guild |
 | 2025-12-05 | Completed DEPLOY-HELM-45-001: added Helm install guide with prod/airgap/mirror commands and digest pins (`deploy/helm/stellaops/INSTALL.md`); marked task DONE. | Deployment Guild |
 | 2025-12-05 | Completed DEPLOY-CLI-41-001: added CLI packaging runbook (`ops/deployment/cli/README.md`) covering binaries, checksums, signatures, completions, container/offline tar, and release manifest; set task to DONE. | Deployment Guild |
 | 2025-12-05 | Marked DEPLOY-ORCH-34-001 BLOCKED: orchestrator images/digests absent from `deploy/releases/2025.09-stable.yaml`; cannot produce Helm/Compose manifests without release artefacts. | Deployment Guild |
 | 2025-12-05 | Marked DEPLOY-POLICY-27-001 BLOCKED: policy registry images/digests absent from release manifest; waiting on module release before authoring overlays/migrations. | Deployment Guild |
 | 2025-12-04 | Renamed from `SPRINT_501_ops_deployment_i.md` to template-compliant `SPRINT_0501_0001_0001_ops_deployment_i.md`; no task/status changes. | Project PM |
 | 2025-12-04 | Added dated checkpoints (Dec-06 mirror signing, Dec-07 ledger path, Dec-10 rebaseline); no task/status changes. | Project PM |
 | 2025-11-25 | Marked COMPOSE-44-001 BLOCKED: waiting on consolidated service list + version pins from upstream module releases before writing compose/quickstart bundle. | Project Mgmt |
@@ -57,6 +61,7 @@ Depends on: Sprint 100.A - Attestor, Sprint 110.A - AdvisoryAI, Sprint 120.A - A
 ## Decisions & Risks
 - Mirror signing secret (`MIRROR_SIGN_KEY_B64`) and Attestor contract are outstanding; DEPLOY-MIRROR-23-001 remains blocked until provided.
 - Findings Ledger deployment assets cannot be committed until DevOps assigns target directories to keep module boundaries clean.
 - Orchestrator and Policy deployments blocked pending release artefacts; no digests for those services in `deploy/releases/2025.09-stable.yaml`.
 ## Next Checkpoints
 | Date (UTC) | Session / Owner | Target outcome | Fallback / Escalation |
--- a/docs/implplan/SPRINT_0502_0001_0001_ops_deployment_ii.md
+++ b/docs/implplan/SPRINT_0502_0001_0001_ops_deployment_ii.md
@@ -1,4 +1,4 @@
-# Sprint 0502_0001_0001 · Ops Deployment II (Ops & Offline)
+# Sprint 0502 · Ops Deployment II (Ops & Offline)
 ## Topic & Scope
 - Phase II of ops deployment/offline readiness stream (IMPL 190.A follow-on).
@@ -28,11 +28,12 @@
 | 6 | DOWNLOADS-CONSOLE-23-001 | TODO | None | Deployment Guild, DevOps Guild | Maintain signed downloads manifest pipeline; publish JSON at `deploy/downloads/manifest.json`; doc sync cadence for Console/docs |
 | 7 | HELM-45-001 | DONE (2025-12-05) | None | Deployment Guild | Scaffold `deploy/helm/stella` chart with values, toggles, pinned digests, migration Job templates |
 | 8 | HELM-45-002 | DONE (2025-12-05) | Depends on HELM-45-001 | Deployment Guild, Security Guild | Add TLS/Ingress, NetworkPolicy, PodSecurityContexts, Secrets integration (external secrets), document security posture |
-| 9 | HELM-45-003 | TODO | Depends on HELM-45-002 | Deployment Guild, Observability Guild | Implement HPA, PDB, readiness gates, Prometheus scrape annotations, OTel hooks, upgrade hooks |
+| 9 | HELM-45-003 | DONE (2025-12-05) | Depends on HELM-45-002 | Deployment Guild, Observability Guild | Implement HPA, PDB, readiness gates, Prometheus scrape annotations, OTel hooks, upgrade hooks |
 ## Execution Log
 | Date (UTC) | Update | Owner |
 | --- | --- | --- |
 | 2025-12-05 | HELM-45-003 DONE: added HPA template with per-service overrides, PDB support, Prometheus scrape annotations hook, and production defaults (prod enabled, airgap prometheus on but HPA off). | Deployment Guild |
 | 2025-12-05 | HELM-45-002 DONE: added ingress/TLS toggles, NetworkPolicy defaults, pod security contexts, and ExternalSecret scaffold (prod enabled, airgap off); documented via values changes and templates (`core.yaml`, `networkpolicy.yaml`, `ingress.yaml`, `externalsecrets.yaml`). | Deployment Guild |
 | 2025-12-05 | HELM-45-001 DONE: added migration job scaffolding and toggle to Helm chart (`deploy/helm/stellaops/templates/migrations.yaml`, values defaults), kept digest pins, and published install guide (`deploy/helm/stellaops/INSTALL.md`). | Deployment Guild |
 | 2025-12-05 | Completed HELM-45-001: added migration job scaffolding and toggle to Helm chart (`deploy/helm/stellaops/templates/migrations.yaml`, values defaults), kept digest pins, and published install guide (`deploy/helm/stellaops/INSTALL.md`). | Deployment Guild |
--- a/docs/implplan/SPRINT_0503_0001_0001_ops_devops_i.md
+++ b/docs/implplan/SPRINT_0503_0001_0001_ops_devops_i.md
@@ -1,4 +1,4 @@
-# Sprint 0503_0001_0001 · Ops & Offline · 190.B) Ops DevOps I
+# Sprint 0503 · Ops & Offline · 190.B) Ops DevOps I
 Active items only. Completed/historic work now resides in docs/implplan/archived/tasks.md (updated 2025-11-08).
--- a/docs/implplan/SPRINT_0504_0001_0001_ops_devops_ii.md
+++ b/docs/implplan/SPRINT_0504_0001_0001_ops_devops_ii.md
@@ -1,4 +1,4 @@
-# Sprint 0504_0001_0001 · Ops DevOps II (Ops & Offline 190.B)
+# Sprint 0504 · Ops DevOps II (Ops & Offline 190.B)
 ## Topic & Scope
 - Ops & Offline track focusing on DevOps phase II: container/CLI pipelines, air-gap packaging, and console delivery.
--- a/docs/implplan/SPRINT_0505_0001_0001_ops_devops_iii.md
+++ b/docs/implplan/SPRINT_0505_0001_0001_ops_devops_iii.md
@@ -1,4 +1,4 @@
-# Sprint 0505_0001_0001 · Ops & Offline — 190.B) Ops DevOps III
+# Sprint 0505 · Ops & Offline — 190.B) Ops DevOps III
 ## Topic & Scope
 - Phase III of Ops & Offline stream (IMPL 190.B), following Ops DevOps II.
--- a/docs/implplan/SPRINT_0506_0001_0001_ops_devops_iv.md
+++ b/docs/implplan/SPRINT_0506_0001_0001_ops_devops_iv.md
@@ -1,4 +1,4 @@
-# Sprint 0506_0001_0001 · Ops DevOps IV (Ops & Offline 190.B)
+# Sprint 0506 · Ops DevOps IV (Ops & Offline 190.B)
 ## Topic & Scope
 - Ops & Offline focus on DevOps phase IV: incident automation, orchestrator observability, policy CI, signing/SDK pipelines, and mirror signing.
--- a/docs/implplan/SPRINT_0507_0001_0001_ops_devops_v.md
+++ b/docs/implplan/SPRINT_0507_0001_0001_ops_devops_v.md
@@ -1,4 +1,4 @@
-# Sprint 0507_0001_0001 · Ops DevOps V (Ops & Offline 190.B)
+# Sprint 0507 · Ops DevOps V (Ops & Offline 190.B)
 ## Topic & Scope
 - Ops & Offline phase V: tenant audit/chaos, VEX Lens/Vuln Explorer CI+observability, hardened Docker images, SBOM/attestations, and Surface.Env/Surface.Secrets rollout.
--- a/docs/implplan/SPRINT_0508_0001_0001_ops_offline_kit.md
+++ b/docs/implplan/SPRINT_0508_0001_0001_ops_offline_kit.md
@@ -1,4 +1,4 @@
-# Sprint 0508_0001_0001 · Ops Offline Kit (Ops & Offline 190.C)
+# Sprint 0508 · Ops Offline Kit (Ops & Offline 190.C)
 ## Topic & Scope
 - Package offline kit with CLI/task packs, orchestrator/export/notifier bundles, container bundles, Surface.Secrets, and registry mirror assets.
`@@ -1,4 +1,4 @@`
	`# Sprint 0500_0001_0001 · Ops & Offline`	`# Sprint 0500 · Ops & Offline`

	`> BLOCKED Tasks: Before working on BLOCKED tasks, review [BLOCKED_DEPENDENCY_TREE.md](./BLOCKED_DEPENDENCY_TREE.md) for root blockers and dependencies.`	`> BLOCKED Tasks: Before working on BLOCKED tasks, review [BLOCKED_DEPENDENCY_TREE.md](./BLOCKED_DEPENDENCY_TREE.md) for root blockers and dependencies.`
`@@ -1,4 +1,4 @@`
	`# Sprint 0503_0001_0001 · Ops & Offline · 190.B) Ops DevOps I`	`# Sprint 0503 · Ops & Offline · 190.B) Ops DevOps I`

	`Active items only. Completed/historic work now resides in docs/implplan/archived/tasks.md (updated 2025-11-08).`	`Active items only. Completed/historic work now resides in docs/implplan/archived/tasks.md (updated 2025-11-08).`