stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity

Add new features and tests for AirGap and Time modules
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details

Browse Source 
- Introduced `SbomService` tasks documentation.
- Updated `StellaOps.sln` to include new projects: `StellaOps.AirGap.Time` and `StellaOps.AirGap.Importer`.
- Added unit tests for `BundleImportPlanner`, `DsseVerifier`, `ImportValidator`, and other components in the `StellaOps.AirGap.Importer.Tests` namespace.
- Implemented `InMemoryBundleRepositories` for testing bundle catalog and item repositories.
- Created `MerkleRootCalculator`, `RootRotationPolicy`, and `TufMetadataValidator` tests.
- Developed `StalenessCalculator` and `TimeAnchorLoader` tests in the `StellaOps.AirGap.Time.Tests` namespace.
- Added `fetch-sbomservice-deps.sh` script for offline dependency fetching.
This commit is contained in:
master
2025-11-20 23:29:54 +02:00
parent 65b1599229
commit 79b8e53441
182 changed files with 6660 additions and 1242 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
docs/airgap/bundle-repositories.md Normal file
View File

@@ -0,0 +1,38 @@
# Bundle Catalog & Items Repositories (prep for AIRGAP-IMP-57-001)
## Scope
- Deterministic storage for offline bundle metadata with tenant isolation (RLS) and stable ordering.
- Ready for Mongo-backed implementation while providing in-memory deterministic reference behavior.
## Schema (logical)
- `bundle_catalog`:
- `tenant_id` (string, PK part, RLS partition)
- `bundle_id` (string, PK part)
- `digest` (hex string)
- `imported_at_utc` (datetime)
- `content_paths` (array of strings, sorted ordinal)
- `bundle_items`:
- `tenant_id` (string, PK part, RLS partition)
- `bundle_id` (string, PK part)
- `path` (string, PK part)
- `digest` (hex string)
- `size_bytes` (long)
## Implementation delivered (2025-11-20)
- In-memory repositories enforcing tenant isolation and deterministic ordering:
- `InMemoryBundleCatalogRepository` (upsert + list ordered by `bundle_id`).
- `InMemoryBundleItemRepository` (bulk upsert + list ordered by `path`).
- Models: `BundleCatalogEntry`, `BundleItem`.
- Tests cover upsert overwrite semantics, tenant isolation, and deterministic ordering (`tests/AirGap/StellaOps.AirGap.Importer.Tests/InMemoryBundleRepositoriesTests.cs`).
## Migration notes (for Mongo/SQL backends)
- Create compound unique indexes on (`tenant_id`, `bundle_id`) for catalog; (`tenant_id`, `bundle_id`, `path`) for items.
- Enforce RLS by always scoping queries to `tenant_id` and validating it at repository boundary (as done in in-memory reference impl).
- Keep paths lowercased or use ordinal comparisons to avoid locale drift; sort before persistence to preserve determinism.
## Next steps
- Implement Mongo-backed repositories mirroring the deterministic behavior and indexes above.
- Wire repositories into importer service/CLI once storage provider is selected.
## Owners
- AirGap Importer Guild.

45
docs/airgap/controller-scaffold.md Normal file
View File

@@ -0,0 +1,45 @@
# AirGap Controller Scaffold (Draft) — PREP-AIRGAP-CTL-56-001/002/57-001/57-002/58-001
Status: Draft (2025-11-20)
Owners: AirGap Controller Guild · Observability Guild · AirGap Time Guild · DevOps Guild
Scope: Define the baseline project skeleton, APIs, telemetry, and staleness fields needed to unblock controller tasks 56-001 through 58-001.
## 1) Project layout
- Project: `src/AirGap/StellaOps.AirGap.Controller` (net10.0, minimal API host).
- Tests: `tests/AirGap/StellaOps.AirGap.Controller.Tests` with xunit + deterministic time provider.
- Shared contracts: DTOs under `Endpoints/Contracts`, domain state under `Domain/AirGapState.cs`.
## 2) State model
- Persistent document `airgap_state` (Mongo):
- `id` (const `singleton`), `tenant_id`, `sealed` (bool), `policy_hash`, `time_anchor` (nullable), `last_transition_at` (UTC), `staleness_budget_seconds` (int?, optional per bundle), `notes`.
- Index on `{tenant_id}`; unique on `singleton` within tenant.
- In-memory cache with monotonic timestamp to avoid stale reads; cache invalidated on transitions.
## 3) Endpoints (56-002 baseline)
- `GET /system/airgap/status` → returns current state + staleness summary:
- `{sealed, policy_hash, time_anchor:{source, anchored_at, drift_seconds}, staleness:{seconds_remaining?, budget_seconds?}, last_transition_at}`.
- `POST /system/airgap/seal` → body `{policy_hash, time_anchor?, staleness_budget_seconds?}`; requires Authority scopes `airgap:seal` + `effective:write`.
- `POST /system/airgap/unseal` → requires `airgap:seal`.
- Validation: reject seal if missing `policy_hash` or time anchor when platform requires sealed mode.
## 4) Telemetry (57-002)
- Structured logs: `airgap.sealed`, `airgap.unsealed`, `airgap.status.read` with tenant_id, policy_hash, time_anchor_source, drift_seconds.
- Metrics (Prometheus/OpenTelemetry): counters `airgap_seal_total`, `airgap_unseal_total`; gauges `airgap_time_anchor_drift_seconds`, `airgap_staleness_budget_seconds`.
- Timeline events (Observability stream): `airgap.sealed`, `airgap.unsealed` with correlation_id.
## 5) Staleness & time (58-001)
- Staleness computation: `drift_seconds = now_utc - time_anchor.anchored_at`; `seconds_remaining = max(0, staleness_budget_seconds - drift_seconds)`.
- Time anchors accept Roughtime or RFC3161 token parsed via AirGap Time component (imported service).
- Status response includes drift and remaining budget; sealed mode refuses to run if budget exceeded.
## 6) Determinism & offline rules
- No external network calls; time source injected `IClock` seeded in tests.
- All timestamps RFC3339 UTC; responses sorted properties (serializer config).
## 7) Open decisions
- Final scopes list (Authority) for status read vs seal/unseal.
- Whether to require dual authorization for `seal` (two-man rule) in sealed environments.
- Retention/rotation policy for `airgap_state` audit trail (append-only vs mutation).
## 8) Handoff
This document satisfies PREP-AIRGAP-CTL-56-001 through 58-001. Update once Authority scopes and time-anchor token format are finalized; then promote to v1 schema doc and wire tests accordingly.

38
docs/airgap/importer-scaffold.md Normal file
View File

@@ -0,0 +1,38 @@
# AirGap Importer Scaffold (prep for AIRGAP-IMP-56-001/56-002/58-002)
## Scope for prep
- Provide minimal project and test scaffolds so downstream implementation can wire DSSE, TUF, Merkle validation, and audit logging without redoing structure.
- Capture trust-root inputs required (bundle path, signing keys, allowed algorithms, validity window).
## What landed (2025-11-20)
- New project: `src/AirGap/StellaOps.AirGap.Importer/StellaOps.AirGap.Importer.csproj` (net10.0, deterministic-only dependencies).
- Planning layer: `BundleImportPlanner` emits deterministic plan steps and early validation reasons (`bundle-path-required`, `trust-roots-required`, `invalid-trust-window`).
- Contracts: `TrustRootConfig` record carries root bundle path, trusted key fingerprints, allowed algorithms, and optional validity window.
- Validation shape: `BundleValidationResult` centralises success/failure reasons for replay/capture.
- Tests: `tests/AirGap/StellaOps.AirGap.Importer.Tests` validate planner behavior without external feeds.
## Updates (2025-11-20)
- Added DSSE verifier (RSA-PSS/SHA256) with PAE encoding + trusted key fingerprint checks.
- Added TUF metadata validator (root/snapshot/timestamp) with hash consistency guard.
- Added deterministic Merkle root calculator for bundle object staging.
- Expanded tests for DSSE, TUF, Merkle helpers.
- Added trust store + root rotation policy (dual approval) and import validator that coordinates DSSE/TUF/Merkle/rotation checks.
## Next implementation hooks
- Replace placeholder plan with actual DSSE + TUF verifiers; keep step ordering stable.
- Feed trust roots from sealed-mode config and Evidence Locker bundles (once available) before allowing imports.
- Record audit trail for each plan step (success/failure) and a Merkle root of staged content.
## Determinism/air-gap posture
- No network dependencies; only BCL used.
- Tests use cached local NuGet feed (`local-nugets/`).
- Plan steps are ordered list; do not reorder without bumping downstream replay expectations.
## How to consume
```bash
# run tests offline once feed is hydrated
DOTNET_NOLOGO=1 dotnet test tests/AirGap/StellaOps.AirGap.Importer.Tests/StellaOps.AirGap.Importer.Tests.csproj --no-build
```
## Owners
- AirGap Importer Guild / Security Guild (per sprint 0510).

32
docs/airgap/sealed-startup-diagnostics.md Normal file
View File

@@ -0,0 +1,32 @@
# AirGap Sealed-Mode Startup Diagnostics (prep for AIRGAP-CTL-57-001/57-002)
## Goal
Prevent services from running when sealed-mode requirements are unmet and emit auditable diagnostics + telemetry.
## Pre-flight checks
1) `airgap_state` indicates `sealed=true`.
2) Egress allowlist configured (non-empty or explicitly `[]`).
3) Trust root bundle + TUF metadata present and unexpired.
4) Time anchor available (see `TimeAnchor` schema) and staleness budget not exceeded.
5) Pending root rotations either applied or flagged with approver IDs.
## On failure
- Abort host startup with structured error code: `AIRGAP_STARTUP_MISSING_<ITEM>`.
- Emit structured log fields: `airgap.startup.check`, `status=failure`, `reason`, `bundlePath`, `trustRootVersion`, `timeAnchorDigest`.
- Increment counter `airgap_startup_blocked_total{reason}` and gauge `airgap_time_anchor_age_seconds` if anchor missing/stale.
## Telemetry hooks
- Trace event `airgap.startup.validation` with attributes: `sealed`, `allowlist.count`, `trust_roots.count`, `time_anchor.age_seconds`, `rotation.pending`.
- Timeline events (for 57-002): `airgap.sealed` and `airgap.unsealed` include startup validation results and pending rotations.
## Integration points
- Controller: run checks during `IHostApplicationLifetime.ApplicationStarted` before exposing endpoints.
- Importer: reuse `ImportValidator` to ensure bundles + trust rotation are valid before proceeding.
- Time component: provide anchor + staleness calculations to the controller checks.
## Artefacts
- This document (deterministic guardrails for startup diagnostics).
- Code references: `src/AirGap/StellaOps.AirGap.Importer/Validation/*` for trust + bundle validation primitives; `src/AirGap/StellaOps.AirGap.Time/*` for anchors.
## Owners
- AirGap Controller Guild · Observability Guild.

1
docs/airgap/staleness-and-time.md
View File

@@ -59,6 +59,7 @@ AirGap Time calculates drift = `now(monotonic) - anchor.issued_at` and exposes:
- Ensure deterministic JSON serialization (UTC ISO-8601 timestamps, sorted keys).
- Test vectors located under `src/AirGap/StellaOps.AirGap.Time/fixtures/`.
- For offline testing, simulate monotonic clock via `ITestClock` to avoid system clock drift in CI.
- Staleness calculations use `StalenessCalculator` + `StalenessBudget`/`StalenessEvaluation` (see `src/AirGap/StellaOps.AirGap.Time/Services` and `.Models`); warning/breach thresholds must be non-negative and warning ≤ breach.
## 7. References

35
docs/airgap/time-anchor-scaffold.md Normal file
View File

@@ -0,0 +1,35 @@
# AirGap Time Anchor Scaffold (prep for AIRGAP-TIME-57-001)
## Scope for prep
- Provide a deterministic parsing surface for signed time tokens (Roughtime, RFC3161) so staleness calculations and telemetry wiring can start without full crypto yet.
## What landed (2025-11-20)
- New project: `src/AirGap/StellaOps.AirGap.Time/StellaOps.AirGap.Time.csproj` (net10.0), BCL-only.
- Model: `TimeAnchor` canonical record (anchor time, source, format, signature fingerprint placeholder, token digest).
- Parser: `TimeTokenParser` with deterministic SHA-256 digest derivation and structured success/failure reasons.
- Result envelope: `TimeAnchorValidationResult` and `TimeTokenFormat` enum.
- Tests: `tests/AirGap/StellaOps.AirGap.Time.Tests` cover empty-token failure and digest production for Roughtime tokens.
## Updates (2025-11-20)
- Added staleness calculator (`StalenessCalculator`) and budgets/evaluation models to derive warning/breach states deterministically.
- Added `TimeAnchorLoader` to ingest hex-encoded tokens from fixtures; sample tokens placed under `src/AirGap/StellaOps.AirGap.Time/fixtures/`.
- Added `TimeStatusService` + `InMemoryTimeAnchorStore` for per-tenant anchor/budget status + staleness; tests in `TimeStatusServiceTests`.
- Added verification pipeline (`TimeVerificationService`) with stub Roughtime/RFC3161 verifiers requiring trust roots; loader now verifies using trust roots.
- Added API surface `/api/v1/time/status` (plus POST `/api/v1/time/anchor`) via `TimeStatusController` and web host wiring.
## Next implementation hooks
- Plug real Roughtime and RFC3161 decoders, verifying against trust roots supplied via sealed-mode config.
- Persist `TimeAnchor` rows under controller/importer once schema is final; emit telemetry counters/alerts.
- Replace placeholder signature fingerprint with actual signer fingerprint post-verification.
## Determinism/air-gap posture
- Parser avoids wall-clock; anchor time derived deterministically from token digest until real parser is wired.
- No network calls; uses cached NuGet (`local-nugets/`) for tests.
## How to consume
```bash
DOTNET_NOLOGO=1 dotnet test tests/AirGap/StellaOps.AirGap.Time.Tests/StellaOps.AirGap.Time.Tests.csproj --no-build
```
## Owners
- AirGap Time Guild (per sprint 0510).

21
docs/airgap/time-anchor-verification-gap.md Normal file
View File

@@ -0,0 +1,21 @@
# Time Anchor Verification Gap (AIRGAP-TIME-57-001 follow-up)
## Status (2025-11-20)
- Parser: stubbed for Roughtime/RFC3161 with deterministic digest + derived anchor time.
- Staleness: calculator + budgets landed; loader accepts hex fixtures.
- Verification: pipeline exists (`TimeVerificationService`) with stub verifiers; still needs real crypto using guild-provided trust roots.
## Whats missing
- Roughtime parser: parse signed responses, extract `timestamp`, `radius`, `verifier` public key; verify signature.
- RFC3161 parser: decode ASN.1 TimeStampToken, verify signer chain against provided trust roots, extract nonce/ts.
- Trust roots: final format (JWK vs PEM) and key IDs to align with `TrustRootConfig`/Time service.
## Proposed plan
1) Receive finalized token format + trust-root bundle from Time Guild.
2) Implement format-specific verifiers with validating tests using provided fixtures.
3) Expose `/api/v1/time/status` returning anchor metadata + staleness; wire telemetry counters/alerts per sealed diagnostics doc.
## Owners
- AirGap Time Guild (format decision + trust roots)
- AirGap Importer Guild (bundle delivery of anchors)
- Observability Guild (telemetry wiring)

12
docs/implplan/SPRINT_0110_0001_0001_ingestion_evidence.md
View File

@@ -22,16 +22,16 @@
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-CONCELIER-AIRGAP-56-001-58-001-AWAIT-MIR | TODO | Due 2025-11-21 · Accountable: Concelier Core · AirGap Guilds | Concelier Core · AirGap Guilds | Await Mirror thin-bundle milestone dates and evidence bundle artifacts for offline chain. <br><br> Document artefact/deliverable for CONCELIER-AIRGAP-56-001..58-001 and publish location so downstream tasks can proceed. |
| P2 | PREP-CONCELIER-CONSOLE-23-001-003-CONSOLE-SCH | TODO | Due 2025-11-21 · Accountable: Concelier Console Guild | Concelier Console Guild | Console schema samples not yet published alongside frozen LNM; need evidence bundle identifiers. <br><br> Document artefact/deliverable for CONCELIER-CONSOLE-23-001..003 and publish location so downstream tasks can proceed. |
| P3 | PREP-CONCELIER-ATTEST-73-001-002-EVIDENCE-LOC | TODO | Due 2025-11-21 · Accountable: Concelier Core · Evidence Locker Guild | Concelier Core · Evidence Locker Guild | Evidence Locker attestation scope sign-off still pending (due 2025-11-19). <br><br> Document artefact/deliverable for CONCELIER-ATTEST-73-001/002 and publish location so downstream tasks can proceed. |
| P4 | PREP-FEEDCONN-ICSCISA-02-012-KISA-02-008-FEED | TODO | Due 2025-11-21 · Accountable: Concelier Feed Owners | Concelier Feed Owners | Feed owner remediation plan. <br><br> Document artefact/deliverable for FEEDCONN-ICSCISA-02-012 / KISA-02-008 and publish location so downstream tasks can proceed. |
| P1 | PREP-CONCELIER-AIRGAP-56-001-58-001-AWAIT-MIR | DOING (2025-11-20) | Due 2025-11-21 · Accountable: Concelier Core · AirGap Guilds | Concelier Core · AirGap Guilds | Await Mirror thin-bundle milestone dates and evidence bundle artifacts for offline chain. <br><br> Document artefact/deliverable for CONCELIER-AIRGAP-56-001..58-001 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/concelier/prep/2025-11-20-airgap-56-001-58-001-prep.md`. |
| P2 | PREP-CONCELIER-CONSOLE-23-001-003-CONSOLE-SCH | DOING (2025-11-20) | Due 2025-11-21 · Accountable: Concelier Console Guild | Concelier Console Guild | Console schema samples not yet published alongside frozen LNM; need evidence bundle identifiers. <br><br> Document artefact/deliverable for CONCELIER-CONSOLE-23-001..003 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/concelier/prep/2025-11-20-console-23-001-prep.md`. |
| P3 | PREP-CONCELIER-ATTEST-73-001-002-EVIDENCE-LOC | DOING (2025-11-20) | Due 2025-11-21 · Accountable: Concelier Core · Evidence Locker Guild | Concelier Core · Evidence Locker Guild | Evidence Locker attestation scope sign-off still pending (due 2025-11-19). <br><br> Document artefact/deliverable for CONCELIER-ATTEST-73-001/002 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/concelier/prep/2025-11-20-attest-73-001-prep.md`. |
| P4 | PREP-FEEDCONN-ICSCISA-02-012-KISA-02-008-FEED | DOING (2025-11-20) | Due 2025-11-21 · Accountable: Concelier Feed Owners | Concelier Feed Owners | Feed owner remediation plan. <br><br> Document artefact/deliverable for FEEDCONN-ICSCISA-02-012 / KISA-02-008 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/concelier/prep/2025-11-20-feeds-icscisa-kisa-prep.md`. |
| 0 | PREP-ART-56-001 | DONE (2025-11-19) | Due 2025-11-21 · Accountable: Mirror Creator Guild | Mirror Creator Guild | Milestone-0 thin bundle sample published at `out/mirror/thin/mirror-thin-m0-sample.tar.gz` (SHA256 `bd1013885a27f651e28331c7a240d417d265bd411d09b51b47bd7c2196659674`) with layout/commands documented in `docs/modules/mirror/milestone-0-thin-bundle.md`. |
| 0.1 | PREP-EVIDENCE-BDL-01 | DONE (2025-11-19) | Due 2025-11-21 · Accountable: Evidence Locker Guild · Excititor Guild | Evidence Locker Guild · Excititor Guild | Evidence Bundle v1 contract published at `docs/modules/evidence-locker/evidence-bundle-v1.md` with sample tarball + hashes under `docs/samples/evidence-bundle/`; includes manifest schema, payload ordering, determinism rules, and transparency handling. |
| 0.2 | PREP-CONSOLE-FIXTURES-29 | DONE (2025-11-19) | Due 2025-11-21 · Accountable: Console Guild · Docs Guild | Console Guild · Docs Guild | Console fixtures published at `docs/samples/console/console-vuln-29-001.json` and `docs/samples/console/console-vex-30-001.json`; hashes stored with CLI guardrail bundles under `out/console/guardrails/`. Final screenshots still depend on SBOM evidence. |
| 0.3 | PREP-CHUNK-API-31 | DONE (2025-11-19) | Due 2025-11-21 · Accountable: Excititor Guild · Advisory AI Guild | Excititor Guild · Advisory AI Guild | Chunk API contract documented and sample NDJSON published at `docs/samples/excititor/chunks-sample.ndjson` (hash in `.sha256`); contract details in `docs/modules/excititor/evidence-contract.md`. |
| 0.4 | PREP-ATTEST-SCOPE-73 | DONE (2025-11-19) | Due 2025-11-21 · Accountable: Evidence Locker Guild · Concelier Guild | Evidence Locker Guild · Concelier Guild | Attestation scope note published at `docs/modules/evidence-locker/attestation-scope-note.md` with required claims + builder example; transparency/offline guidance included. |
| 0.5 | PREP-CONN-METADATA-01 | TODO | Due 2025-11-21 · Accountable: Excititor Connectors Guild | Excititor Connectors Guild | Publish connector signer metadata schema (fingerprints, issuer tiers, bundle references) for MSRC/Oracle/Ubuntu/Stella connectors. <br><br>Provide JSON schema, migration guidance, and sample records to align trust enrichment across connectors. |
| 0.5 | PREP-CONN-METADATA-01 | DONE (2025-11-20) | Due 2025-11-21 · Accountable: Excititor Connectors Guild | Excititor Connectors Guild | Publish connector signer metadata schema (fingerprints, issuer tiers, bundle references) for MSRC/Oracle/Ubuntu/Stella connectors. <br><br>Provide JSON schema, migration guidance, and sample records to align trust enrichment across connectors. |
| 0.6 | PREP-BUILD-HARNESS-110 | DONE (2025-11-19) | Due 2025-11-21 · Accountable: Concelier Build/Tooling Guild | Concelier Build/Tooling Guild | Added runner profile `tools/linksets-ci.sh` using `tools/dotnet-filter.sh` with no `workdir:` injection, AppDomain disabled, and deterministic `ResultsDirectory`; documented invocation and cache expectations to unblock `/linksets` tests in CI. |
| 0.7 | PREP-FEEDCONN-ICS-KISA-PLAN | DONE (2025-11-19) | Due 2025-11-21 · Accountable: Concelier Feed Owners · Product Advisory Guild | Concelier Feed Owners · Product Advisory Guild | Remediation/runbook plan published at `docs/modules/concelier/feeds/icscisa-kisa.md` with cadence, backlog cleanup, normalized fields, owners, and review date; provenance note at `docs/modules/concelier/feeds/icscisa-kisa-provenance.md`. |
| 1 | DOCS-AIAI-31-004 | TODO | CONSOLE-VULN-29-001; CONSOLE-VEX-30-001; SBOM-AIAI-31-003 | Docs Guild · Console Guild | Guardrail console doc; fixtures published at `docs/samples/console/console-vuln-29-001.json` and `docs/samples/console/console-vex-30-001.json`; awaiting SBOM evidence for final screenshots. |
@@ -61,6 +61,7 @@
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Published prep docs for CONCELIER airgap/console/attest feeds; moved PREP P1P4 to DOING after confirming unowned. | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-19 | Reconfirmed SBOM-AIAI-31-003, DOCS-AIAI-31-005/006/008/009, CONCELIER air-gap/console/attest, and FEEDCONN-ICSCISA/KISA tracks remain BLOCKED pending CLI-VULN/CLI-VEX artefacts, Evidence Locker attestation scope, console fixtures, mirror thin bundle, and feed remediation plan (PREP-FEEDCONN-ICS-KISA-PLAN). | Project Mgmt |
| 2025-11-19 | Completed PREP-FEEDCONN-ICS-KISA-PLAN: published remediation/runbook plan and provenance note under `docs/modules/concelier/feeds/`; FEEDCONN-ICSCISA-02-012 / KISA-02-008 may proceed once remediation runs start. | Implementer |
@@ -69,6 +70,7 @@
| 2025-11-20 | Updated DOCS-AIAI-31-004 with publication-readiness checklist, fixtures, and evidence bundle links; still waiting on SBOM-AIAI-31-003 + live console endpoints for screenshots. | Implementer |
| 2025-11-20 | Retried `tools/linksets-ci.sh`; tests now discover but Mongo2Go fails to start (missing `libcrypto.so.1.1` in runner). Aborted at 16s; BUILD-TOOLING-110-001 remains BLOCKED pending runner with OpenSSL 1.1 libs. | Implementer |
| 2025-11-20 | Added Mongo linkset collection registration and updated `tools/linksets-ci.sh` to seed `LD_LIBRARY_PATH` with vendored OpenSSL 1.1. Rerun: mongod starts, tests execute but fail on missing `IMongoCollection<AdvisoryLinksetDocument>` before the registration fix; rerun in CI should proceed further. | Implementer |
| 2025-11-20 | Completed PREP-CONN-METADATA-01: published signer metadata schema (`docs/modules/excititor/schemas/connector-signer-metadata.schema.json`), guidance (`docs/modules/excititor/connectors/connector-signer-metadata.md`), and sample + hash (`docs/samples/excititor/connector-signer-metadata-sample.json[.sha256]`). | Implementer |
| 2025-11-19 | Retried `dotnet test ... --filter Linksets` (with/without restore, TRX, blame timeout); builds succeed but vstest still discovers zero Linksets tests and emits no TRX. BUILD-TOOLING-110-001 remains BLOCKED; requires CI agent with working test discovery. | Implementer |
| 2025-11-19 | Packaged `StellaOps.Policy.AuthSignals` 0.1.0-alpha into `local-nugets/` for CONCELIER/POLICY/EXCITITOR consumers. | Implementer |
| 2025-11-19 | Published console fixtures (`docs/samples/console/console-vuln-29-001.json`, `console-vex-30-001.json`) so DOCS-AIAI-31-004 can proceed while awaiting SBOM evidence. | Implementer |

6
docs/implplan/SPRINT_0116_0001_0005_concelier_v.md
View File

@@ -20,7 +20,7 @@
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-CONCELIER-WEB-AIRGAP-57-001-DEPENDS-ON-5 | TODO | Due 2025-11-21 · Accountable: Concelier WebService Guild · AirGap Policy Guild (`src/Concelier/StellaOps.Concelier.WebService`) | Concelier WebService Guild · AirGap Policy Guild (`src/Concelier/StellaOps.Concelier.WebService`) | Depends on 56-002. <br><br> Document artefact/deliverable for CONCELIER-WEB-AIRGAP-57-001 and publish location so downstream tasks can proceed. |
| P1 | PREP-CONCELIER-WEB-AIRGAP-57-001-DEPENDS-ON-5 | DOING (2025-11-20) | Due 2025-11-21 · Accountable: Concelier WebService Guild · AirGap Policy Guild (`src/Concelier/StellaOps.Concelier.WebService`) | Concelier WebService Guild · AirGap Policy Guild (`src/Concelier/StellaOps.Concelier.WebService`) | Depends on 56-002. <br><br> Document artefact/deliverable for CONCELIER-WEB-AIRGAP-57-001 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/concelier/prep/2025-11-20-web-airgap-57-001-prep.md`. |
| 1 | CONCELIER-VULN-29-004 | TODO | Depends on CONCELIER-VULN-29-001 | Concelier WebService Guild · Observability Guild (`src/Concelier/StellaOps.Concelier.WebService`) | Instrument observation/linkset pipelines with metrics for identifier collisions, withdrawn statements, chunk latencies; stream to Vuln Explorer without altering payloads. |
| 2 | CONCELIER-WEB-AIRGAP-56-001 | TODO | Start of AirGap chain | Concelier WebService Guild (`src/Concelier/StellaOps.Concelier.WebService`) | Extend ingestion endpoints to register mirror bundle sources, expose bundle catalogs, enforce sealed-mode by blocking direct internet feeds. |
| 3 | CONCELIER-WEB-AIRGAP-56-002 | TODO | Depends on 56-001 | Concelier WebService Guild (`src/Concelier/StellaOps.Concelier.WebService`) | Add staleness + bundle provenance metadata to `/advisories/observations` and `/advisories/linksets`; operators see freshness without Excititor-derived outcomes. |
@@ -40,6 +40,7 @@
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Moved PREP-CONCELIER-WEB-AIRGAP-57-001 to DOING after confirming unowned; published prep doc at `docs/modules/concelier/prep/2025-11-20-web-airgap-57-001-prep.md`. | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-08 | Archived completed/historic work to `docs/implplan/archived/tasks.md`. | Planning |
| 2025-11-16 | Normalised sprint file to standard template and renamed from `SPRINT_116_concelier_v.md` to `SPRINT_0116_0001_0005_concelier_v.md`; no semantic changes. | Planning |
@@ -48,6 +49,7 @@
- AirGap sealed-mode enforcement must precede staleness surfaces/timeline events to avoid leaking non-mirror sources.
- AOC regression fixes are required before large-batch ingest verification; failing to align allowlist/auth configs risks false negatives in tests.
- Standardized error envelope is prerequisite for SDK/doc alignment; delays block developer portal updates.
- PREP-CONCELIER-WEB-AIRGAP-57-001 prep doc published at `docs/modules/concelier/prep/2025-11-20-web-airgap-57-001-prep.md`; awaits sealed-mode/staleness inputs from WEB-AIRGAP-56-002 and error envelope standard (WEB-OAS-61-002).
## Next Checkpoints
- Plan sealed-mode remediation payload review once WEB-AIRGAP-56-002 is drafted (date TBD).
@@ -59,4 +61,4 @@
| AirGap mirror import plumbing (WEB-AIRGAP-56-001) | Tasks 35 | Concelier WebService · AirGap Guilds | Not started; prerequisite for staleness and timeline work. |
| AOC validator updates (WEB-AOC-19-002) | Tasks 610 | Concelier WebService · QA | Required to unblock guardrail/regression tasks. |
| Error envelope standard (WEB-OAS-61-002) | Tasks 1213 | Concelier WebService · API Governance | Prerequisite for examples and deprecation headers. |
| Observability base (WEB-OBS-50-001) | Tasks 1415 | Concelier WebService | Upstream dependency for health/timeline surfaces. |
| Observability base (WEB-OBS-50-001) | Tasks 1415 | Concelier WebService | Upstream dependency for health/timeline surfaces. |

11
docs/implplan/SPRINT_0119_0001_0001_excititor_i.md
View File

@@ -25,8 +25,8 @@
| P1 | PREP-EXCITITOR-AIRGAP-56-001-WAITING-ON-EXPOR | BLOCKED | Due 2025-11-21 · Accountable: Excititor Core Guild | Excititor Core Guild | Waiting on Export Center mirror bundle schema (Sprint 162) to define ingestion shape. <br><br> Document artefact/deliverable for EXCITITOR-AIRGAP-56-001 and publish location so downstream tasks can proceed. |
| P2 | PREP-EXCITITOR-AIRGAP-57-001-BLOCKED-ON-56-00 | BLOCKED | Due 2025-11-21 · Accountable: Excititor Core Guild · AirGap Policy Guild | Excititor Core Guild · AirGap Policy Guild | Blocked on 56-001 schema; sealed-mode error catalog pending. <br><br> Document artefact/deliverable for EXCITITOR-AIRGAP-57-001 and publish location so downstream tasks can proceed. |
| P3 | PREP-EXCITITOR-AIRGAP-58-001-DEPENDS-ON-57-00 | BLOCKED | Due 2025-11-21 · Accountable: Excititor Core Guild · Evidence Locker Guild | Excititor Core Guild · Evidence Locker Guild | Depends on 57-001 plus EvidenceLocker portable format (160/161). <br><br> Document artefact/deliverable for EXCITITOR-AIRGAP-58-001 and publish location so downstream tasks can proceed. |
| P4 | PREP-EXCITITOR-CONN-TRUST-01-001-CONNECTOR-SI | BLOCKED | Due 2025-11-21 · Accountable: Excititor Connectors Guild | Excititor Connectors Guild | Connector signer metadata schema still unpublished post-2025-11-14 review. <br><br> Document artefact/deliverable for EXCITITOR-CONN-TRUST-01-001 and publish location so downstream tasks can proceed. |
| P5 | PREP-ATTESTATION-VERIFIER-REHEARSAL-EXCITITOR | TODO | Due 2025-11-21 · Accountable: Planning | Planning | If issues persist, log BLOCKED status in attestation plan and re-forecast completion. <br><br> Document artefact/deliverable for Attestation verifier rehearsal (Excititor Attestation Guild) and publish location so downstream tasks can proceed. |
| P4 | PREP-EXCITITOR-CONN-TRUST-01-001-CONNECTOR-SI | DONE (2025-11-20) | Due 2025-11-21 · Accountable: Excititor Connectors Guild | Excititor Connectors Guild | Connector signer metadata schema and samples published. <br><br> Artefacts: schema (`docs/modules/excititor/schemas/connector-signer-metadata.schema.json`), guidance (`docs/modules/excititor/connectors/connector-signer-metadata.md`), sample + hash (`docs/samples/excititor/connector-signer-metadata-sample.json[.sha256]`). |
| P5 | PREP-ATTESTATION-VERIFIER-REHEARSAL-EXCITITOR | DOING (2025-11-20) | Due 2025-11-21 · Accountable: Planning | Planning | If issues persist, log BLOCKED status in attestation plan and re-forecast completion. <br><br> Document artefact/deliverable for Attestation verifier rehearsal (Excititor Attestation Guild) and publish location so downstream tasks can proceed. |
| 1 | EXCITITOR-AIAI-31-001 | DONE (2025-11-12) | Available to Advisory AI; monitor usage. | Excititor WebService Guild | Expose normalized VEX justifications, scope trees, and anchors via `VexObservation` projections so Advisory AI can cite raw evidence without consensus logic. |
| 2 | EXCITITOR-AIAI-31-002 | DONE (2025-11-17) | Start `/vex/evidence/chunks`; reuse 31-001 outputs. | Excititor WebService Guild | Stream raw statements + signature metadata with tenant/policy filters for RAG clients; aggregation-only, reference observation/linkset IDs. |
| 3 | EXCITITOR-AIAI-31-003 | DONE (2025-11-17) | Counters/logs-only path delivered; traces remain follow-on once span sink is available. | Excititor WebService Guild · Observability Guild | Instrument evidence APIs with request counters, chunk histograms, signature-failure + AOC guard-violation meters. |
@@ -37,7 +37,7 @@
| 8 | EXCITITOR-ATTEST-01-003 | DONE (2025-11-17) | Complete verifier harness + diagnostics. | Excititor Attestation Guild | Finish `IVexAttestationVerifier`, wire structured diagnostics/metrics, and prove DSSE bundle verification without touching consensus results. |
| 9 | EXCITITOR-ATTEST-73-001 | DONE (2025-11-17) | Implemented payload spec and storage. | Excititor Core · Attestation Payloads Guild | Emit attestation payloads capturing supplier identity, justification summary, and scope metadata for trust chaining. |
| 10 | EXCITITOR-ATTEST-73-002 | DONE (2025-11-17) | Implemented linkage API. | Excititor Core Guild | Provide APIs linking attestation IDs back to observation/linkset/product tuples for provenance citations without derived verdicts. |
| 11 | EXCITITOR-CONN-TRUST-01-001 | BLOCKED | PREP-EXCITITOR-CONN-TRUST-01-001-CONNECTOR-SI | Excititor Connectors Guild | Add signer fingerprints, issuer tiers, and bundle references to MSRC/Oracle/Ubuntu/Stella connectors; document consumer guidance. |
| 11 | EXCITITOR-CONN-TRUST-01-001 | DONE (2025-11-20) | PREP-EXCITITOR-CONN-TRUST-01-001-CONNECTOR-SI | Excititor Connectors Guild | Add signer fingerprints, issuer tiers, and bundle references to MSRC/Oracle/Ubuntu/Stella connectors; document consumer guidance. |
### Task Clusters & Readiness
- **Advisory-AI evidence APIs:** 31-001 delivered; 31-003 instrumentation and 31-004 docs pending; ready to start once examples and telemetry fixtures finalize.
@@ -68,10 +68,15 @@
| 2025-11-17 | Added chunk request/response telemetry + signature status counters; `/v1/vex/evidence/chunks` now emits metrics without traces. | WebService Guild |
| 2025-11-14 | Published `docs/modules/excititor/operations/observability.md` covering new evidence metrics for Ops/Lens dashboards. | Observability Guild |
| 2025-11-16 | Normalized sprint file to standard template, renamed to SPRINT_0119_0001_0001_excititor_i.md, and updated tasks-all references. | Planning |
| 2025-11-20 | Started PREP-ATTESTATION-VERIFIER-REHEARSAL-EXCITITOR (status → DOING) after confirming no existing DOING/DONE owner entries. | Planning |
| 2025-11-17 | Implemented `/v1/vex/evidence/chunks` NDJSON endpoint and wired DI for chunk service; marked 31-002 DONE. | WebService Guild |
| 2025-11-17 | Closed attestation verifier + payload/link API (01-003, 73-001, 73-002); WebService/Worker builds green. | Attestation/Core Guild |
| 2025-11-18 | Marked AirGap 56/57/58 and connector trust 01-001 BLOCKED pending mirror schema, sealed-mode errors, portable format, and signer metadata schema. | Implementer |
| 2025-11-18 | Authored Advisory-AI evidence contract doc (`docs/modules/excititor/evidence-contract.md`) covering `/v1/vex/evidence/chunks`, schema, determinism, AOC, telemetry; 31-004 doc deliverable ready. | Implementer |
| 2025-11-20 | Completed PREP-EXCITITOR-CONN-TRUST-01-001: published connector signer metadata schema, guidance, and sample bundle hash to unblock connector trust rollout. | Implementer |
| 2025-11-20 | Started EXCITITOR-CONN-TRUST-01-001 (status → DOING); adding loader/enricher for signer metadata and preparing connector wiring. | Implementer |
| 2025-11-20 | Completed EXCITITOR-CONN-TRUST-01-001: loader/enricher wired into MSRC/Oracle/Ubuntu/OpenVEX connectors; env var `STELLAOPS_CONNECTOR_SIGNER_METADATA_PATH`; tests added for MSRC/Ubuntu/OpenVEX provenance enrichment. | Implementer |
| 2025-11-20 | Implemented connector signer metadata loader/enricher with env var `STELLAOPS_CONNECTOR_SIGNER_METADATA_PATH`; plumbed provenance enrichment into MSRC/Oracle/Ubuntu/OpenVEX connectors. | Implementer |
## Decisions & Risks
- **Decisions**

10
docs/implplan/SPRINT_0121_0001_0001_policy_reasoning.md
View File

@@ -30,11 +30,11 @@
| P3 | PREP-LEDGER-OAS-61-002-DEPENDS-ON-61-001-CONT | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | Depends on 61-001 contract + HTTP surface. <br><br> Document artefact/deliverable for LEDGER-OAS-61-002 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/findings-ledger/prep/2025-11-20-ledger-oas-prep.md`. |
| P4 | PREP-LEDGER-OAS-62-001-SDK-GENERATION-PENDING | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Findings Ledger Guild; SDK Generator Guild / src/Findings/StellaOps.Findings.Ledger | Findings Ledger Guild; SDK Generator Guild / src/Findings/StellaOps.Findings.Ledger | SDK generation pending 61-002. <br><br> Document artefact/deliverable for LEDGER-OAS-62-001 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/findings-ledger/prep/2025-11-20-ledger-oas-prep.md`. |
| P5 | PREP-LEDGER-OAS-63-001-DEPENDENT-ON-SDK-VALID | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Findings Ledger Guild; API Governance Guild / src/Findings/StellaOps.Findings.Ledger | Findings Ledger Guild; API Governance Guild / src/Findings/StellaOps.Findings.Ledger | Dependent on SDK validation (62-001). <br><br> Document artefact/deliverable for LEDGER-OAS-63-001 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/findings-ledger/prep/2025-11-20-ledger-oas-prep.md`. |
| P6 | PREP-LEDGER-OBS-54-001-NO-HTTP-SURFACE-MINIMA | TODO | Due 2025-11-22 · Accountable: Findings Ledger Guild; Provenance Guild / src/Findings/StellaOps.Findings.Ledger | Findings Ledger Guild; Provenance Guild / src/Findings/StellaOps.Findings.Ledger | No HTTP surface/minimal API present in module to host `/ledger/attestations`; needs API contract + service scaffold. <br><br> Document artefact/deliverable for LEDGER-OBS-54-001 and publish location so downstream tasks can proceed. |
| P6 | PREP-LEDGER-OBS-54-001-NO-HTTP-SURFACE-MINIMA | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Findings Ledger Guild; Provenance Guild / src/Findings/StellaOps.Findings.Ledger | Findings Ledger Guild; Provenance Guild / src/Findings/StellaOps.Findings.Ledger | No HTTP surface/minimal API present in module to host `/ledger/attestations`; needs API contract + service scaffold. <br><br> Prep artefact now available: `docs/modules/findings-ledger/prep/ledger-attestations-http.md` defining `/v1/ledger/attestations` contract; service surface still required. |
| P7 | PREP-LEDGER-OBS-55-001-DEPENDS-ON-54-001-ATTE | DONE (2025-11-20) | Due 2025-11-22 · Accountable: Findings Ledger Guild; DevOps Guild / src/Findings/StellaOps.Findings.Ledger | Findings Ledger Guild; DevOps Guild / src/Findings/StellaOps.Findings.Ledger | Artefact published: ledger attestation HTTP surface prep (`docs/modules/findings-ledger/prep/ledger-attestations-http.md`) outlining `/v1/ledger/attestations` contract; pagination, determinism, and fields defined. |
| P8 | PREP-LEDGER-PACKS-42-001-SNAPSHOT-TIME-TRAVEL | TODO | Due 2025-11-22 · Accountable: Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | Snapshot/time-travel contract and bundle format not specified; needs design input. <br><br> Document artefact/deliverable for LEDGER-PACKS-42-001 and publish location so downstream tasks can proceed. |
| P9 | PREP-LEDGER-RISK-66-001-RISK-ENGINE-SCHEMA-CO | TODO | Due 2025-11-22 · Accountable: Findings Ledger Guild; Risk Engine Guild / src/Findings/StellaOps.Findings.Ledger | Findings Ledger Guild; Risk Engine Guild / src/Findings/StellaOps.Findings.Ledger | Risk Engine schema/contract inputs absent; requires risk field definitions + rollout plan. <br><br> Document artefact/deliverable for LEDGER-RISK-66-001 and publish location so downstream tasks can proceed. |
| P10 | PREP-LEDGER-RISK-66-002-DEPENDS-ON-66-001-MIG | TODO | Due 2025-11-22 · Accountable: Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | Depends on 66-001 migration + risk scoring contract. <br><br> Document artefact/deliverable for LEDGER-RISK-66-002 and publish location so downstream tasks can proceed. |
| P8 | PREP-LEDGER-PACKS-42-001-SNAPSHOT-TIME-TRAVEL | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | Snapshot/time-travel contract and bundle format not specified; needs design input. <br><br> Document artefact/deliverable for LEDGER-PACKS-42-001 and publish location so downstream tasks can proceed. |
| P9 | PREP-LEDGER-RISK-66-001-RISK-ENGINE-SCHEMA-CO | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Findings Ledger Guild; Risk Engine Guild / src/Findings/StellaOps.Findings.Ledger | Findings Ledger Guild; Risk Engine Guild / src/Findings/StellaOps.Findings.Ledger | Risk Engine schema/contract inputs absent; requires risk field definitions + rollout plan. <br><br> Document artefact/deliverable for LEDGER-RISK-66-001 and publish location so downstream tasks can proceed. |
| P10 | PREP-LEDGER-RISK-66-002-DEPENDS-ON-66-001-MIG | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | Depends on 66-001 migration + risk scoring contract. <br><br> Document artefact/deliverable for LEDGER-RISK-66-002 and publish location so downstream tasks can proceed. |
| 1 | LEDGER-ATTEST-73-002 | BLOCKED | Waiting on LEDGER-ATTEST-73-001 verification pipeline delivery | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | Enable search/filter in findings projections by verification result and attestation status |
| 2 | LEDGER-EXPORT-35-001 | DOING (2025-11-20) | Findings export endpoint implemented; VEX/advisory/SBOM endpoints stubbed pending schemas | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | Provide paginated streaming endpoints for advisories, VEX, SBOMs, and findings with deterministic ordering and provenance metadata |
| 3 | LEDGER-OAS-61-001 | BLOCKED | PREP-LEDGER-OAS-61-001-ABSENT-OAS-BASELINE-AN | Findings Ledger Guild; API Contracts Guild / src/Findings/StellaOps.Findings.Ledger | Expand Findings Ledger OAS to include projections, evidence lookups, and filter parameters with examples |
@@ -54,13 +54,13 @@
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Published ledger OBS/pack/risk prep docs (docs/modules/findings-ledger/prep/2025-11-20-ledger-obs-54-001-prep.md, ...ledger-packs-42-001-prep.md, ...ledger-risk-66-prep.md); set PREP-LEDGER-OBS-54-001, PACKS-42-001, RISK-66-001/002 to DOING. | Project Mgmt |
| 2025-11-20 | Added authenticated export endpoints for findings/vex/advisories/sboms (stub responses) and paging contracts; awaiting schema/tables to back VEX/advisory/SBOM queries. Export paging unit tests passing via isolated test project. | Findings Ledger |
| 2025-11-20 | Began implementing LEDGER-EXPORT-35-001 HTTP surface (findings export endpoint + paging/token hash) in WebService; tests pending due to existing harness build failures. | Findings Ledger |
| 2025-11-20 | Completed PREP-LEDGER-EXPORT-35-001: published export HTTP surface and filters spec at `docs/modules/findings-ledger/export-http-surface.md`; unblocked LEDGER-EXPORT-35-001 (status TODO). | Planning |
| 2025-11-20 | Started PREP-LEDGER-EXPORT-35-001 (status DOING) after confirming no other DOING owner entries. | Planning |
| 2025-11-20 | Completed PREP-LEDGER-OAS-61-001: published baseline OAS at `docs/modules/findings-ledger/openapi/findings-ledger.v1.yaml` with summary `docs/modules/findings-ledger/oas-baseline.md`; downstream OAS/SDK tasks extend this base. | Implementer |
| 2025-11-20 | Completed PREP-LEDGER-OBS-55-001: published ledger attestation HTTP surface prep (`docs/modules/findings-ledger/prep/ledger-attestations-http.md`) covering `/v1/ledger/attestations`; still requires 54-001 service surface to implement. | Implementer |
| 2025-11-20 | Started PREP-LEDGER-OBS-55-001 (status DOING) after confirming no existing DOING/DONE owners; still contingent on 54-001 surface availability. | Planning |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-08 | Sprint stub created; awaiting template normalisation. | Planning |
| 2025-11-17 | Normalised sprint to standard template and renamed file to `SPRINT_0121_0001_0001_policy_reasoning.md`. | Project Mgmt |

9
docs/implplan/SPRINT_0122_0001_0001_policy_reasoning.md
View File

@@ -24,9 +24,9 @@
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-LEDGER-RISK-68-001-AWAIT-UNBLOCK-OF-67-0 | TODO | Due 2025-11-22 · Accountable: Findings Ledger Guild · Export Guild / `src/Findings/StellaOps.Findings.Ledger` | Findings Ledger Guild · Export Guild / `src/Findings/StellaOps.Findings.Ledger` | Await unblock of 67-001 + Export Center contract for scored findings. <br><br> Document artefact/deliverable for LEDGER-RISK-68-001 and publish location so downstream tasks can proceed. |
| P2 | PREP-LEDGER-RISK-69-001-REQUIRES-67-001-68-00 | TODO | Due 2025-11-22 · Accountable: Findings Ledger Guild · Observability Guild / `src/Findings/StellaOps.Findings.Ledger` | Findings Ledger Guild · Observability Guild / `src/Findings/StellaOps.Findings.Ledger` | Requires 67-001/68-001 to define metrics dimensions. <br><br> Document artefact/deliverable for LEDGER-RISK-69-001 and publish location so downstream tasks can proceed. |
| P3 | PREP-LEDGER-TEN-48-001-NEEDS-PLATFORM-APPROVE | TODO | Due 2025-11-22 · Accountable: Findings Ledger Guild / `src/Findings/StellaOps.Findings.Ledger` | Findings Ledger Guild / `src/Findings/StellaOps.Findings.Ledger` | Needs platform-approved partitioning + RLS policy (tenant/project shape, session variables). <br><br> Document artefact/deliverable for LEDGER-TEN-48-001 and publish location so downstream tasks can proceed. |
| P1 | PREP-LEDGER-RISK-68-001-AWAIT-UNBLOCK-OF-67-0 | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Findings Ledger Guild · Export Guild / `src/Findings/StellaOps.Findings.Ledger` | Findings Ledger Guild · Export Guild / `src/Findings/StellaOps.Findings.Ledger` | Await unblock of 67-001 + Export Center contract for scored findings. <br><br> Document artefact/deliverable for LEDGER-RISK-68-001 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/findings-ledger/prep/2025-11-20-ledger-risk-prep.md`. |
| P2 | PREP-LEDGER-RISK-69-001-REQUIRES-67-001-68-00 | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Findings Ledger Guild · Observability Guild / `src/Findings/StellaOps.Findings.Ledger` | Findings Ledger Guild · Observability Guild / `src/Findings/StellaOps.Findings.Ledger` | Requires 67-001/68-001 to define metrics dimensions. <br><br> Document artefact/deliverable for LEDGER-RISK-69-001 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/findings-ledger/prep/2025-11-20-ledger-risk-prep.md`. |
| P3 | PREP-LEDGER-TEN-48-001-NEEDS-PLATFORM-APPROVE | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Findings Ledger Guild / `src/Findings/StellaOps.Findings.Ledger` | Findings Ledger Guild / `src/Findings/StellaOps.Findings.Ledger` | Needs platform-approved partitioning + RLS policy (tenant/project shape, session variables). <br><br> Document artefact/deliverable for LEDGER-TEN-48-001 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/findings-ledger/prep/2025-11-20-ledger-risk-prep.md`. |
| 1 | LEDGER-RISK-67-001 | BLOCKED | Depends on risk scoring contract + migrations from LEDGER-RISK-66-002 | Findings Ledger Guild · Risk Engine Guild / `src/Findings/StellaOps.Findings.Ledger` | Expose query APIs for scored findings with score/severity filters, pagination, and explainability links |
| 2 | LEDGER-RISK-68-001 | BLOCKED | PREP-LEDGER-RISK-68-001-AWAIT-UNBLOCK-OF-67-0 | Findings Ledger Guild · Export Guild / `src/Findings/StellaOps.Findings.Ledger` | Enable export of scored findings and simulation results via Export Center integration |
| 3 | LEDGER-RISK-69-001 | BLOCKED | PREP-LEDGER-RISK-69-001-REQUIRES-67-001-68-00 | Findings Ledger Guild · Observability Guild / `src/Findings/StellaOps.Findings.Ledger` | Emit metrics/dashboards for scoring latency, result freshness, severity distribution, provider gaps |
@@ -35,6 +35,7 @@
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Published ledger risk/tenancy prep doc (docs/modules/findings-ledger/prep/2025-11-20-ledger-risk-prep.md); set PREP-LEDGER-RISK-68/69 and TEN-48-001 to DOING. | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-18 | Renamed file to `SPRINT_0122_0001_0001_policy_reasoning.md` and normalised to standard template; no scope changes. | Findings Ledger |
| 2025-11-18 | Set LEDGER-RISK-67-001/68-001/69-001 to BLOCKED pending risk-scoring contract (66-002) and export metrics dimensions. | Findings Ledger |
@@ -48,4 +49,4 @@
## Next Checkpoints
- Await Risk Engine contract drop for 66-002 (date TBD; track in Sprint 0121 dependencies).
- Schedule DB/RLS design review with Platform/DB guild to unblock TEN-48-001 (target week of 2025-11-24).
- Re-evaluate sprint status once upstream contracts are published.
- Re-evaluate sprint status once upstream contracts are published.

5
docs/implplan/SPRINT_0124_0001_0001_policy_reasoning.md
View File

@@ -18,7 +18,7 @@
## Delivery Tracker
| # | Task ID & handle | State | Key dependency / next step | Owners |
| --- | --- | --- | --- | --- |
| P1 | PREP-POLICY-ENGINE-20-002-DETERMINISTIC-EVALU | TODO | Due 2025-11-22 · Accountable: Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Deterministic evaluator spec missing. <br><br> Document artefact/deliverable for POLICY-ENGINE-20-002 and publish location so downstream tasks can proceed. |
| P1 | PREP-POLICY-ENGINE-20-002-DETERMINISTIC-EVALU | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Deterministic evaluator spec missing. <br><br> Document artefact/deliverable for POLICY-ENGINE-20-002 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/policy/design/policy-deterministic-evaluator.md`. |
| 1 | POLICY-CONSOLE-23-002 | TODO | Produce simulation diff metadata and approval endpoints for Console (deps: POLICY-CONSOLE-23-001). | Policy Guild, Product Ops / `src/Policy/StellaOps.Policy.Engine` |
| 2 | POLICY-ENGINE-20-002 | BLOCKED (2025-10-26) | PREP-POLICY-ENGINE-20-002-DETERMINISTIC-EVALU | Policy Guild / `src/Policy/StellaOps.Policy.Engine` |
| 3 | POLICY-ENGINE-20-003 | TODO | Depends on 20-002. | Policy · Concelier · Excititor Guilds / `src/Policy/StellaOps.Policy.Engine` |
@@ -36,6 +36,7 @@
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Published deterministic evaluator spec draft (docs/modules/policy/design/policy-deterministic-evaluator.md); moved PREP-POLICY-ENGINE-20-002 to DOING. | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-08 | Sprint stub; awaiting staffing. | Planning |
| 2025-11-18 | All tasks still awaiting upstream evaluator specs; no progress. | Policy Guild |
@@ -48,4 +49,4 @@
## Next Checkpoints
- Publish deterministic evaluator spec for 20-002 (date TBD).
- Provide Console export/simulation contract for 23-001 to unblock 23-002.
- Provide Console export/simulation contract for 23-001 to unblock 23-002.

3
docs/implplan/SPRINT_0125_0001_0001_mirror.md
View File

@@ -21,7 +21,7 @@
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P0 | PREP-MIRROR-CRT-56-001-MILESTONE-0-PUBLISH | DONE (2025-11-19) | Due 2025-11-20 · Accountable: Mirror Creator Guild | Mirror Creator Guild | Published milestone-0 thin bundle plan + sample at `out/mirror/thin/mirror-thin-m0-sample.tar.gz` with SHA256 `bd1013885a27f651e28331c7a240d417d265bd411d09b51b47bd7c2196659674` and layout note in `docs/modules/mirror/milestone-0-thin-bundle.md`. |
| P1 | PREP-MIRROR-CRT-56-001-UPSTREAM-SPRINT-110-D | TODO | Due 2025-11-22 · Accountable: Alex Kim (primary); Priya Desai (backup) | Alex Kim (primary); Priya Desai (backup) | Upstream Sprint 110.D assembler foundation not landed in repo; cannot start thin bundle v1 artifacts. <br><br> Document artefact/deliverable for MIRROR-CRT-56-001 and publish location so downstream tasks can proceed. |
| P1 | PREP-MIRROR-CRT-56-001-UPSTREAM-SPRINT-110-D | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Alex Kim (primary); Priya Desai (backup) | Alex Kim (primary); Priya Desai (backup) | Upstream Sprint 110.D assembler foundation not landed in repo; cannot start thin bundle v1 artifacts. <br><br> Document artefact/deliverable for MIRROR-CRT-56-001 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/mirror/prep-56-001-thin-bundle.md`. |
| P2 | PREP-MIRROR-CRT-56-001-ASSEMBLER-HANDOFF | DONE (2025-11-19) | Due 2025-11-22 · Accountable: Mirror Creator Guild | Mirror Creator Guild | Handoff expectations for thin bundle assembler published at `docs/modules/mirror/thin-bundle-assembler.md` (tar layout, manifest fields, determinism rules, hashes). |
| 1 | MIRROR-CRT-56-001 | BLOCKED | PREP-MIRROR-CRT-56-001-UPSTREAM-SPRINT-110-D | Alex Kim (primary); Priya Desai (backup) | Implement deterministic assembler with manifest + CAS layout. |
| 2 | MIRROR-CRT-56-002 | BLOCKED | Depends on MIRROR-CRT-56-001 and PROV-OBS-53-001; upstream assembler missing. | Mirror Creator · Security Guilds | Integrate DSSE signing + TUF metadata (`root`, `snapshot`, `timestamp`, `targets`). |
@@ -37,6 +37,7 @@
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Published thin-bundle prep doc (docs/modules/mirror/prep-56-001-thin-bundle.md); moved PREP-MIRROR-CRT-56-001 to DOING after confirming unowned. | Project Mgmt |
| 2025-11-19 | Cleared stray hyphen from PREP-MIRROR-CRT-56-001-UPSTREAM-SPRINT-110-D so MIRROR-CRT-56-001 dependency is resolvable. | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-19 | Completed PREP-MIRROR-CRT-56-001-MILESTONE-0-PUBLISH: published sample thin bundle + hashes and milestone note (`docs/modules/mirror/milestone-0-thin-bundle.md`). | Implementer |

5
docs/implplan/SPRINT_0127_0001_0001_policy_reasoning.md
View File

@@ -17,7 +17,7 @@
## Delivery Tracker
| # | Task ID & handle | State | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-POLICY-RISK-66-001-RISKPROFILE-LIBRARY-S | TODO | Due 2025-11-22 · Accountable: Risk Profile Schema Guild / `src/Policy/StellaOps.Policy.RiskProfile` | Risk Profile Schema Guild / `src/Policy/StellaOps.Policy.RiskProfile` | RiskProfile library scaffold absent (`src/Policy/StellaOps.Policy.RiskProfile` contains only AGENTS.md); need project + storage contract to place schema/validators. <br><br> Document artefact/deliverable for POLICY-RISK-66-001 and publish location so downstream tasks can proceed. |
| P1 | PREP-POLICY-RISK-66-001-RISKPROFILE-LIBRARY-S | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Risk Profile Schema Guild / `src/Policy/StellaOps.Policy.RiskProfile` | Risk Profile Schema Guild / `src/Policy/StellaOps.Policy.RiskProfile` | RiskProfile library scaffold absent (`src/Policy/StellaOps.Policy.RiskProfile` contains only AGENTS.md); need project + storage contract to place schema/validators. <br><br> Document artefact/deliverable for POLICY-RISK-66-001 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/policy/prep/2025-11-20-riskprofile-66-001-prep.md`. |
| 1 | POLICY-ENGINE-80-002 | TODO | Depends on 80-001. | Policy · Storage Guild / `src/Policy/StellaOps.Policy.Engine` | Join reachability facts + Redis caches. |
| 2 | POLICY-ENGINE-80-003 | TODO | Depends on 80-002. | Policy · Policy Editor Guild / `src/Policy/StellaOps.Policy.Engine` | SPL predicates/actions reference reachability. |
| 3 | POLICY-ENGINE-80-004 | TODO | Depends on 80-003. | Policy · Observability Guild / `src/Policy/StellaOps.Policy.Engine` | Metrics/traces for signals usage. |
@@ -37,6 +37,7 @@
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Published risk profile library prep (docs/modules/policy/prep/2025-11-20-riskprofile-66-001-prep.md); set PREP-POLICY-RISK-66-001 to DOING. | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-08 | Sprint stub; awaiting upstream phases. | Planning |
| 2025-11-19 | Normalized to standard template and renamed from `SPRINT_127_policy_reasoning.md` to `SPRINT_0127_0001_0001_policy_reasoning.md`; content preserved. | Implementer |
@@ -48,4 +49,4 @@
## Next Checkpoints
- Define reachability input contract (date TBD).
- Draft RiskProfile schema baseline (date TBD).
- Draft RiskProfile schema baseline (date TBD).

11
docs/implplan/SPRINT_0131_0001_0001_scanner_surface.md
View File

@@ -21,9 +21,9 @@
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-SCANNER-ANALYZERS-JAVA-21-005-TESTS-BLOC | TODO | Due 2025-11-22 · Accountable: Java Analyzer Guild | Java Analyzer Guild | Tests blocked: repo build fails in Concelier (CoreLinksets missing) and targeted Java analyzer test run stalls; retry once dependencies fixed or CI available. <br><br> Document artefact/deliverable for SCANNER-ANALYZERS-JAVA-21-005 and publish location so downstream tasks can proceed. |
| P2 | PREP-SCANNER-ANALYZERS-JAVA-21-008-WAITING-ON | TODO | Due 2025-11-22 · Accountable: Java Analyzer Guild | Java Analyzer Guild | Waiting on 21-007 completion and resolver authoring bandwidth. <br><br> Document artefact/deliverable for SCANNER-ANALYZERS-JAVA-21-008 and publish location so downstream tasks can proceed. |
| P3 | PREP-SCANNER-ANALYZERS-LANG-11-001-DOTNET-TES | TODO | Due 2025-11-22 · Accountable: StellaOps.Scanner EPDR Guild · Language Analyzer Guild | StellaOps.Scanner EPDR Guild · Language Analyzer Guild | `dotnet test` hangs/returns empty output; needs clean runner/CI diagnostics. <br><br> Document artefact/deliverable for SCANNER-ANALYZERS-LANG-11-001 and publish location so downstream tasks can proceed. |
| P1 | PREP-SCANNER-ANALYZERS-JAVA-21-005-TESTS-BLOC | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Java Analyzer Guild | Java Analyzer Guild | Tests blocked: repo build fails in Concelier (CoreLinksets missing) and targeted Java analyzer test run stalls; retry once dependencies fixed or CI available. <br><br> Document artefact/deliverable for SCANNER-ANALYZERS-JAVA-21-005 and publish location so downstream tasks can proceed. |
| P2 | PREP-SCANNER-ANALYZERS-JAVA-21-008-WAITING-ON | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Java Analyzer Guild | Java Analyzer Guild | Waiting on 21-007 completion and resolver authoring bandwidth. <br><br> Document artefact/deliverable for SCANNER-ANALYZERS-JAVA-21-008 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/scanner/prep/2025-11-20-java-21-008-prep.md`. |
| P3 | PREP-SCANNER-ANALYZERS-LANG-11-001-DOTNET-TES | DOING (2025-11-20) | Due 2025-11-22 · Accountable: StellaOps.Scanner EPDR Guild · Language Analyzer Guild | StellaOps.Scanner EPDR Guild · Language Analyzer Guild | `dotnet test` hangs/returns empty output; needs clean runner/CI diagnostics. <br><br> Document artefact/deliverable for SCANNER-ANALYZERS-LANG-11-001 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/scanner/prep/2025-11-20-lang-11-001-prep.md`. |
| 1 | SCANNER-ANALYZERS-DENO-26-009 | BLOCKED (2025-11-19) | Waiting on runtime shim fixtures + CI runner; design `deno-runtime-shim.md` drafted but tests cannot run. | Deno Analyzer Guild · Signals Guild | Optional runtime evidence hooks capturing module loads and permissions with path hashing during harnessed execution. |
| 2 | SCANNER-ANALYZERS-DENO-26-010 | TODO | After 26-009, wire CLI (`stella deno trace`) + Worker/Offline Kit using runtime NDJSON contract. | Deno Analyzer Guild · DevOps Guild | Package analyzer plug-in and surface CLI/worker commands with offline documentation. |
| 3 | SCANNER-ANALYZERS-DENO-26-011 | TODO | Implement policy signal emitter using runtime metadata once trace shim lands. | Deno Analyzer Guild | Policy signal emitter for capabilities (net/fs/env/ffi/process/crypto), remote origins, npm usage, wasm modules, and dynamic-import warnings. |
@@ -39,6 +39,9 @@
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Published prep docs for P2/P3: `docs/modules/scanner/prep/2025-11-20-java-21-008-prep.md` and `docs/modules/scanner/prep/2025-11-20-lang-11-001-prep.md`; set PREP P2/P3 to DOING after confirming unowned. | Project Mgmt |
| 2025-11-20 | Published prep note for SCANNER-ANALYZERS-JAVA-21-005 (docs/modules/scanner/prep/2025-11-20-java-21-005-prep.md); pinged Concelier/CoreLinksets owners for missing packages and CI isolation. | Project Mgmt |
| 2025-11-20 | Confirmed PREP-SCANNER-ANALYZERS-JAVA-21-005-TESTS-BLOC still TODO; moved to DOING to capture blockers and prep artefact. | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-17 | Normalised sprint file to standard template and renamed from `SPRINT_131_scanner_surface.md` to `SPRINT_0131_scanner_surface.md`; no semantic changes. | Planning |
| 2025-11-17 | Attempted `./tools/dotnet-filter.sh test src/Scanner/StellaOps.Scanner.sln --no-restore`; build ran ~72s compiling scanner/all projects without completing tests, then aborted locally to avoid runaway build. Follow-up narrow build `dotnet build src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet/StellaOps.Scanner.Analyzers.Lang.DotNet.csproj` also stalled ~28s in target resolution before manual stop. Blocker persists; needs clean CI runner or scoped test project to finish LANG-11-001 validation. | Implementer |
@@ -66,6 +69,8 @@
- Java analyzer framework-config/JNI tests pending: prior runs either failed due to missing `StellaOps.Concelier.Storage.Mongo` `CoreLinksets` types or were aborted due to repo-wide restore contention; rerun on clean runner or after Concelier build stabilises.
- Deno runtime hook + policy-signal schema drafted in `docs/modules/scanner/design/deno-runtime-signals.md`; shim plan in `docs/modules/scanner/design/deno-runtime-shim.md`.
- Loader/require shim implementation still pending for DENO-26-009; must stay offline-first and AnalysisStore-compatible before wiring DENO-26-010/011.
- PREP note for SCANNER-ANALYZERS-JAVA-21-005 published at `docs/modules/scanner/prep/2025-11-20-java-21-005-prep.md`; awaiting CoreLinksets package fix and isolated CI slot before tests can run.
- PREP docs added for SCANNER-ANALYZERS-JAVA-21-008 (`docs/modules/scanner/prep/2025-11-20-java-21-008-prep.md`) and LANG-11-001 (`docs/modules/scanner/prep/2025-11-20-lang-11-001-prep.md`); both depend on resolver outputs/CI isolation.
## Next Checkpoints
| Date (UTC) | Session | Goal | Impacted work | Owner |

1
docs/implplan/SPRINT_0132_0001_0001_scanner_surface.md
View File

@@ -52,6 +52,7 @@
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Attempted node isolated restore/test; restore failed fetching Microsoft.TestPlatform.TestHost (nuget.org) because offline package path was wrong. Script corrected to use `offline/packages`. Re-run still needed. | Implementer |

9
docs/implplan/SPRINT_0142_0001_0001_sbomservice.md
View File

@@ -19,9 +19,9 @@
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-SBOM-CONSOLE-23-001-BUILD-TEST-FAILING-D | TODO | Due 2025-11-22 · Accountable: SBOM Service Guild; Cartographer Guild | SBOM Service Guild; Cartographer Guild | Build/test failing due to missing NuGet feed; need feed/offline cache before wiring storage and validating `/console/sboms`. <br><br> Document artefact/deliverable for SBOM-CONSOLE-23-001 and publish location so downstream tasks can proceed. |
| P2 | PREP-SBOM-SERVICE-21-001-WAITING-ON-LNM-V1-FI | TODO | Due 2025-11-22 · Accountable: SBOM Service Guild; Cartographer Guild | SBOM Service Guild; Cartographer Guild | Waiting on LNM v1 fixtures (due 2025-11-18 UTC) to freeze schema; then publish normalized SBOM projection read API with pagination + tenant enforcement. <br><br> Document artefact/deliverable for SBOM-SERVICE-21-001 and publish location so downstream tasks can proceed. |
| P3 | PREP-BUILD-INFRA-SBOM-SERVICE-GUILD-BLOCKED-M | TODO | Due 2025-11-22 · Accountable: Planning | Planning | BLOCKED (multiple restore attempts still hang/fail; need vetted feed/cache). <br><br> Document artefact/deliverable for Build/Infra · SBOM Service Guild and publish location so downstream tasks can proceed. |
| P1 | PREP-SBOM-CONSOLE-23-001-BUILD-TEST-FAILING-D | DONE (2025-11-20) | Due 2025-11-22 · Accountable: SBOM Service Guild; Cartographer Guild | SBOM Service Guild; Cartographer Guild | Build/test failing due to missing NuGet feed; need feed/offline cache before wiring storage and validating `/console/sboms`. <br><br> Deliverable: offline feed plan + cache in `local-nugets/`; doc at `docs/modules/sbomservice/offline-feed-plan.md`; script `tools/offline/fetch-sbomservice-deps.sh` hydrates required packages. |
| P2 | PREP-SBOM-SERVICE-21-001-WAITING-ON-LNM-V1-FI | DOING (2025-11-20) | Due 2025-11-22 · Accountable: SBOM Service Guild; Cartographer Guild | SBOM Service Guild; Cartographer Guild | Waiting on LNM v1 fixtures (due 2025-11-18 UTC) to freeze schema; then publish normalized SBOM projection read API with pagination + tenant enforcement. <br><br> Document artefact/deliverable for SBOM-SERVICE-21-001 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/sbomservice/prep/2025-11-20-sbom-service-21-001-prep.md`. |
| P3 | PREP-BUILD-INFRA-SBOM-SERVICE-GUILD-BLOCKED-M | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Planning | Planning | BLOCKED (multiple restore attempts still hang/fail; need vetted feed/cache). <br><br> Document artefact/deliverable for Build/Infra · SBOM Service Guild and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/sbomservice/prep/2025-11-20-build-infra-prep.md`. |
| 1 | SBOM-AIAI-31-001 | DONE | Implemented `/sbom/paths` with env/blast-radius/runtime flags + cursor paging and `/sbom/versions` timeline; in-memory deterministic seed until storage wired. | SBOM Service Guild (src/SbomService/StellaOps.SbomService) | Provide path and version timeline endpoints optimised for Advisory AI. |
| 2 | SBOM-AIAI-31-002 | DONE | Metrics + cache-hit tagging implemented; Grafana starter dashboard added; build/test completed locally. | SBOM Service Guild; Observability Guild | Instrument metrics for path/timeline queries and surface dashboards. |
| 3 | SBOM-CONSOLE-23-001 | BLOCKED | PREP-SBOM-CONSOLE-23-001-BUILD-TEST-FAILING-D | SBOM Service Guild; Cartographer Guild | Provide Console-focused SBOM catalog API. |
@@ -49,6 +49,9 @@
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Published SBOM service prep docs (sbom-service-21-001, build/infra) and set P2/P3 to DOING after confirming unowned. | Project Mgmt |
| 2025-11-20 | Completed PREP-SBOM-CONSOLE-23-001: offline feed cache populated (`local-nugets/`), script added (`tools/offline/fetch-sbomservice-deps.sh`), doc published at `docs/modules/sbomservice/offline-feed-plan.md`. | Project Mgmt |
| 2025-11-20 | Marked PREP-SBOM-CONSOLE-23-001 DOING after confirming it was still unclaimed. | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-17 | Normalised sprint to standard template and renamed from `SPRINT_142_sbomservice.md`; no scope changes. | Project Mgmt |
| 2025-11-17 | Flagged need for SBOM Service module dossier as documentation prerequisite. | Project Mgmt |

17
docs/implplan/SPRINT_0151_0001_0001_orchestrator_i.md
View File

@@ -19,13 +19,13 @@
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-ORCH-AIRGAP-56-001-AWAIT-SPRINT-0120-A-A | TODO | Due 2025-11-23 · Accountable: Orchestrator Service Guild · AirGap Policy Guild | Orchestrator Service Guild · AirGap Policy Guild | Await Sprint 0120.A AirGap readiness; sealed-mode contracts not published. <br><br> Document artefact/deliverable for ORCH-AIRGAP-56-001 and publish location so downstream tasks can proceed. |
| P2 | PREP-ORCH-AIRGAP-56-002-UPSTREAM-56-001-BLOCK | TODO | Due 2025-11-23 · Accountable: Orchestrator Service Guild · AirGap Controller Guild | Orchestrator Service Guild · AirGap Controller Guild | Upstream 56-001 blocked. <br><br> Document artefact/deliverable for ORCH-AIRGAP-56-002 and publish location so downstream tasks can proceed. |
| P3 | PREP-ORCH-AIRGAP-57-001-UPSTREAM-56-002-BLOCK | TODO | Due 2025-11-23 · Accountable: Orchestrator Service Guild · Mirror Creator Guild | Orchestrator Service Guild · Mirror Creator Guild | Upstream 56-002 blocked. <br><br> Document artefact/deliverable for ORCH-AIRGAP-57-001 and publish location so downstream tasks can proceed. |
| P4 | PREP-ORCH-AIRGAP-58-001-UPSTREAM-57-001-BLOCK | TODO | Due 2025-11-23 · Accountable: Orchestrator Service Guild · Evidence Locker Guild | Orchestrator Service Guild · Evidence Locker Guild | Upstream 57-001 blocked. <br><br> Document artefact/deliverable for ORCH-AIRGAP-58-001 and publish location so downstream tasks can proceed. |
| P5 | PREP-ORCH-OAS-61-001-ORCHESTRATOR-TELEMETRY-C | TODO | Due 2025-11-23 · Accountable: Orchestrator Service Guild · API Contracts Guild | Orchestrator Service Guild · API Contracts Guild | Orchestrator telemetry/contract inputs not available; wait for 150.A readiness. <br><br> Document artefact/deliverable for ORCH-OAS-61-001 and publish location so downstream tasks can proceed. |
| P6 | PREP-ORCH-OAS-61-002-DEPENDS-ON-61-001 | TODO | Due 2025-11-23 · Accountable: Orchestrator Service Guild | Orchestrator Service Guild | Depends on 61-001. <br><br> Document artefact/deliverable for ORCH-OAS-61-002 and publish location so downstream tasks can proceed. |
| P7 | PREP-ORCH-OAS-62-001-DEPENDS-ON-61-002 | TODO | Due 2025-11-23 · Accountable: Orchestrator Service Guild · SDK Generator Guild | Orchestrator Service Guild · SDK Generator Guild | Depends on 61-002. <br><br> Document artefact/deliverable for ORCH-OAS-62-001 and publish location so downstream tasks can proceed. |
| P1 | PREP-ORCH-AIRGAP-56-001-AWAIT-SPRINT-0120-A-A | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Orchestrator Service Guild · AirGap Policy Guild | Orchestrator Service Guild · AirGap Policy Guild | Await Sprint 0120.A AirGap readiness; sealed-mode contracts not published. <br><br> Document artefact/deliverable for ORCH-AIRGAP-56-001 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/orchestrator/prep/2025-11-20-airgap-56-001-prep.md`. |
| P2 | PREP-ORCH-AIRGAP-56-002-UPSTREAM-56-001-BLOCK | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Orchestrator Service Guild · AirGap Controller Guild | Orchestrator Service Guild · AirGap Controller Guild | Upstream 56-001 blocked. <br><br> Document artefact/deliverable for ORCH-AIRGAP-56-002 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/orchestrator/prep/2025-11-20-airgap-56-002-prep.md`. |
| P3 | PREP-ORCH-AIRGAP-57-001-UPSTREAM-56-002-BLOCK | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Orchestrator Service Guild · Mirror Creator Guild | Orchestrator Service Guild · Mirror Creator Guild | Upstream 56-002 blocked. <br><br> Document artefact/deliverable for ORCH-AIRGAP-57-001 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/orchestrator/prep/2025-11-20-airgap-57-001-prep.md`. |
| P4 | PREP-ORCH-AIRGAP-58-001-UPSTREAM-57-001-BLOCK | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Orchestrator Service Guild · Evidence Locker Guild | Orchestrator Service Guild · Evidence Locker Guild | Upstream 57-001 blocked. <br><br> Document artefact/deliverable for ORCH-AIRGAP-58-001 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/orchestrator/prep/2025-11-20-airgap-58-001-prep.md`. |
| P5 | PREP-ORCH-OAS-61-001-ORCHESTRATOR-TELEMETRY-C | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Orchestrator Service Guild · API Contracts Guild | Orchestrator Service Guild · API Contracts Guild | Orchestrator telemetry/contract inputs not available; wait for 150.A readiness. <br><br> Document artefact/deliverable for ORCH-OAS-61-001 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/orchestrator/prep/2025-11-20-oas-61-001-prep.md`. |
| P6 | PREP-ORCH-OAS-61-002-DEPENDS-ON-61-001 | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Orchestrator Service Guild | Orchestrator Service Guild | Depends on 61-001. <br><br> Document artefact/deliverable for ORCH-OAS-61-002 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/orchestrator/prep/2025-11-20-oas-61-001-prep.md`. |
| P7 | PREP-ORCH-OAS-62-001-DEPENDS-ON-61-002 | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Orchestrator Service Guild · SDK Generator Guild | Orchestrator Service Guild · SDK Generator Guild | Depends on 61-002. <br><br> Document artefact/deliverable for ORCH-OAS-62-001 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/orchestrator/prep/2025-11-20-oas-61-001-prep.md`. |
| P8 | PREP-ORCH-OAS-63-001-DEPENDS-ON-62-001 | TODO | Due 2025-11-23 · Accountable: Orchestrator Service Guild · API Governance Guild | Orchestrator Service Guild · API Governance Guild | Depends on 62-001. <br><br> Document artefact/deliverable for ORCH-OAS-63-001 and publish location so downstream tasks can proceed. |
| P9 | PREP-ORCH-OBS-50-001-TELEMETRY-CORE-SPRINT-01 | TODO | Due 2025-11-23 · Accountable: Orchestrator Service Guild · Observability Guild | Orchestrator Service Guild · Observability Guild | Telemetry Core (Sprint 0174) not yet available for orchestrator host. <br><br> Document artefact/deliverable for ORCH-OBS-50-001 and publish location so downstream tasks can proceed. |
| P10 | PREP-ORCH-OBS-51-001-DEPENDS-ON-50-001-TELEME | TODO | Due 2025-11-23 · Accountable: Orchestrator Service Guild · DevOps Guild | Orchestrator Service Guild · DevOps Guild | Depends on 50-001 + Telemetry schema. <br><br> Document artefact/deliverable for ORCH-OBS-51-001 and publish location so downstream tasks can proceed. |
@@ -53,6 +53,7 @@
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Published prep docs for ORCH AirGap 56/57/58 and OAS 61/62; set P1P7 to DOING after confirming unowned. | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-18 | Normalised sprint doc to standard template; renamed from `SPRINT_151_orchestrator_i.md`. | Planning |
| 2025-11-19 | Set all tasks to BLOCKED pending upstream readiness (AirGap/Scanner/Graph), Telemetry Core availability, and Orchestrator event schema; no executable work until contracts land. | Implementer |
@@ -62,4 +63,4 @@
- Ensure status changes here mirror module boards to avoid drift between coordination doc and execution evidence.
## Next Checkpoints
- None scheduled; add orchestrator scheduling/automation sync once upstream readiness dates are committed.
- None scheduled; add orchestrator scheduling/automation sync once upstream readiness dates are committed.

11
docs/implplan/SPRINT_0155_0001_0001_scheduler_i.md
View File

@@ -19,8 +19,8 @@
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-SCHED-SURFACE-01-NEED-SURFACE-FS-POINTER | TODO | Due 2025-11-23 · Accountable: Scheduler Worker Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | Scheduler Worker Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | Need Surface.FS pointer model/contract; awaiting design input before planning deltas. <br><br> Document artefact/deliverable for SCHED-SURFACE-01 and publish location so downstream tasks can proceed. |
| P2 | PREP-SCHED-WORKER-23-101-WAITING-ON-POLICY-GU | TODO | Due 2025-11-23 · Accountable: Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | Waiting on Policy guild to supply activation event contract and throttle source. <br><br> Document artefact/deliverable for SCHED-WORKER-23-101 and publish location so downstream tasks can proceed. |
| P1 | PREP-SCHED-SURFACE-01-NEED-SURFACE-FS-POINTER | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Scheduler Worker Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | Scheduler Worker Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | Need Surface.FS pointer model/contract; awaiting design input before planning deltas. <br><br> Document artefact/deliverable for SCHED-SURFACE-01 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/scheduler/prep/2025-11-20-surface-fs-pointer.md`. |
| P2 | PREP-SCHED-WORKER-23-101-WAITING-ON-POLICY-GU | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | Waiting on Policy guild to supply activation event contract and throttle source. <br><br> Document artefact/deliverable for SCHED-WORKER-23-101 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/scheduler/prep/2025-11-20-worker-23-101-prep.md`. |
| 0 | AGENTS-SCHEDULER-UPDATE | DONE | `src/Scheduler/AGENTS.md` created and published. | Project Manager · Architecture Guild | Populate module AGENTS charter covering roles, docs, determinism/testing rules, and allowed shared libs. |
| 1 | SCHED-IMPACT-16-303 | DONE | Implemented removal + snapshot/restore with compaction; snapshot payloads ready for RocksDB/Redis persistence. | Scheduler ImpactIndex Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.ImpactIndex) | Snapshot/compaction + invalidation for removed images; persistence to RocksDB/Redis per architecture. |
| 2 | SCHED-SURFACE-01 | BLOCKED | PREP-SCHED-SURFACE-01-NEED-SURFACE-FS-POINTER | Scheduler Worker Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | Evaluate Surface.FS pointers when planning delta scans to avoid redundant work and prioritise drift-triggered assets. |
@@ -37,6 +37,7 @@
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Published prep docs for SCHED-SURFACE-01 and SCHED-WORKER-23-101 (`docs/modules/scheduler/prep/2025-11-20-surface-fs-pointer.md`, `docs/modules/scheduler/prep/2025-11-20-worker-23-101-prep.md`); set P1/P2 to DOING after confirming unowned. | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-17 | Added graph metrics (`graph_build_seconds`, `graph_jobs_inflight`, `overlay_lag_seconds`) with tenant/graph tags; worker library build succeeded. | Scheduler Worker Guild |
| 2025-11-17 | Added resolver job APIs (`POST/GET /api/v1/scheduler/vuln/resolver/jobs`) with scope enforcement and in-memory job service stub. | Scheduler WebService Guild |
@@ -62,9 +63,9 @@
- SCHED-WEB-20-002 depends on worker API contract (SCHED-WORKER-20-301); keep priority aligned to avoid UI/CLI drift.
- Maintain observability naming consistency for `policy_simulation_*` metrics to avoid dashboard regressions.
- Upstream readiness from AirGap, Scanner, and Graph sprints must be confirmed before expanding scope.
- SCHED-SURFACE-01 blocked until Surface.FS pointer model/contract is provided; cannot design delta planning without it.
- SCHED-SURFACE-01 blocked until Surface.FS pointer model/contract is provided; interim prep doc at `docs/modules/scheduler/prep/2025-11-20-surface-fs-pointer.md`; awaiting dataset allowlist and sealed-mode rule to finalize.
- Backlog breach webhook contract stubbed via resolver backlog notifier; upgrade to real sink once DevOps endpoint is available.
- SCHED-WORKER-23-101/102/25-101/25-102/26-201 blocked on Policy guild supplying activation event shape + throttling guidance; downstream workers sit until contract lands.
- SCHED-WORKER-23-101/102/25-101/25-102/26-201 blocked on Policy guild supplying activation event shape + throttling guidance; interim prep doc at `docs/modules/scheduler/prep/2025-11-20-worker-23-101-prep.md` captures proposed schema while we wait.
## Next Checkpoints
- None scheduled; set once worker API scaffolding and GraphJobs accessibility fixes land.
- None scheduled; set once worker API scaffolding and GraphJobs accessibility fixes land.

23
docs/implplan/SPRINT_0163_0001_0001_exportcenter_ii.md
View File

@@ -20,16 +20,16 @@
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-EXPORT-OBS-50-001-WAIT-FOR-EXPORTER-SERV | TODO | Due 2025-11-23 · Accountable: Exporter Service · Observability Guild | Exporter Service · Observability Guild | Wait for exporter service bootstrap + telemetry schema. <br><br> Document artefact/deliverable for EXPORT-OBS-50-001 and publish location so downstream tasks can proceed. |
| P2 | PREP-EXPORT-RISK-69-001-AWAIT-PHASE-I-ARTIFAC | TODO | Due 2025-11-23 · Accountable: Exporter Service · Risk Bundle Export Guild | Exporter Service · Risk Bundle Export Guild | Await phase I artifacts + schema; needs provider selection rules. <br><br> Document artefact/deliverable for EXPORT-RISK-69-001 and publish location so downstream tasks can proceed. |
| P3 | PREP-EXPORT-SVC-35-001-NEEDS-PHASE-I-READINES | TODO | Due 2025-11-23 · Accountable: Exporter Service | Exporter Service | Needs phase I readiness + synthetic telemetry feeds. <br><br> Document artefact/deliverable for EXPORT-SVC-35-001 and publish location so downstream tasks can proceed. |
| P4 | PREP-EXPORT-SVC-35-002-DEPENDS-ON-35-001 | TODO | Due 2025-11-23 · Accountable: Exporter Service | Exporter Service | Depends on 35-001. <br><br> Document artefact/deliverable for EXPORT-SVC-35-002 and publish location so downstream tasks can proceed. |
| P5 | PREP-EXPORT-SVC-35-003-DEPENDS-ON-35-002 | TODO | Due 2025-11-23 · Accountable: Exporter Service | Exporter Service | Depends on 35-002. <br><br> Document artefact/deliverable for EXPORT-SVC-35-003 and publish location so downstream tasks can proceed. |
| P6 | PREP-EXPORT-SVC-35-004-DEPENDS-ON-35-003 | TODO | Due 2025-11-23 · Accountable: Exporter Service | Exporter Service | Depends on 35-003. <br><br> Document artefact/deliverable for EXPORT-SVC-35-004 and publish location so downstream tasks can proceed. |
| P7 | PREP-EXPORT-SVC-35-005-DEPENDS-ON-35-004 | TODO | Due 2025-11-23 · Accountable: Exporter Service | Exporter Service | Depends on 35-004. <br><br> Document artefact/deliverable for EXPORT-SVC-35-005 and publish location so downstream tasks can proceed. |
| P8 | PREP-EXPORT-NOTIFY-SCHEMA-OBS-52 | TODO | Due 2025-11-23 · Accountable: Notifications Guild · Exporter Service | Notifications Guild · Exporter Service | Notifications schema for export lifecycle events not published; required for EXPORT-OBS-52-001 and downstream tasks. Provide envelope + sample payloads. |
| P8 | PREP-EXPORT-CRYPTO-90-001-PENDING-NOV-18-CRYP | TODO | Due 2025-11-23 · Accountable: Exporter Service · Security Guild | Exporter Service · Security Guild | Pending Nov-18 crypto review + reference implementation. <br><br> Document artefact/deliverable for EXPORT-CRYPTO-90-001 and publish location so downstream tasks can proceed. |
| P9 | PREP-EXPORTER-SERVICE-BLOCKED-WAITING-ON-EVID | TODO | Due 2025-11-23 · Accountable: Planning | Planning | BLOCKED (waiting on EvidenceLocker spec). <br><br> Document artefact/deliverable for Exporter Service and publish location so downstream tasks can proceed. |
| P1 | PREP-EXPORT-OBS-50-001-WAIT-FOR-EXPORTER-SERV | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Exporter Service · Observability Guild | Exporter Service · Observability Guild | Wait for exporter service bootstrap + telemetry schema. <br><br> Document artefact/deliverable for EXPORT-OBS-50-001 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/export-center/prep/2025-11-20-obs-50-001-prep.md`. |
| P2 | PREP-EXPORT-RISK-69-001-AWAIT-PHASE-I-ARTIFAC | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Exporter Service · Risk Bundle Export Guild | Exporter Service · Risk Bundle Export Guild | Await phase I artifacts + schema; needs provider selection rules. <br><br> Document artefact/deliverable for EXPORT-RISK-69-001 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/export-center/prep/2025-11-20-risk-69-001-prep.md`. |
| P3 | PREP-EXPORT-SVC-35-001-NEEDS-PHASE-I-READINES | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Exporter Service | Exporter Service | Needs phase I readiness + synthetic telemetry feeds. <br><br> Document artefact/deliverable for EXPORT-SVC-35-001 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/export-center/prep/2025-11-20-svc-35-001-prep.md`. |
| P4 | PREP-EXPORT-SVC-35-002-DEPENDS-ON-35-001 | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Exporter Service | Exporter Service | Depends on 35-001. <br><br> Document artefact/deliverable for EXPORT-SVC-35-002 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/export-center/prep/2025-11-20-svc-35-002-prep.md`. |
| P5 | PREP-EXPORT-SVC-35-003-DEPENDS-ON-35-002 | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Exporter Service | Exporter Service | Depends on 35-002. <br><br> Document artefact/deliverable for EXPORT-SVC-35-003 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/export-center/prep/2025-11-20-svc-35-003-prep.md`. |
| P6 | PREP-EXPORT-SVC-35-004-DEPENDS-ON-35-003 | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Exporter Service | Exporter Service | Depends on 35-003. <br><br> Document artefact/deliverable for EXPORT-SVC-35-004 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/export-center/prep/2025-11-20-svc-35-004-prep.md`. |
| P7 | PREP-EXPORT-SVC-35-005-DEPENDS-ON-35-004 | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Exporter Service | Exporter Service | Depends on 35-004. <br><br> Document artefact/deliverable for EXPORT-SVC-35-005 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/export-center/prep/2025-11-20-svc-35-005-prep.md`. |
| P8 | PREP-EXPORT-NOTIFY-SCHEMA-OBS-52 | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Notifications Guild · Exporter Service | Notifications Guild · Exporter Service | Notifications schema for export lifecycle events not published; required for EXPORT-OBS-52-001 and downstream tasks. Provide envelope + sample payloads. Prep artefact: `docs/modules/export-center/prep/2025-11-20-notify-obs-52-prep.md`. |
| P8 | PREP-EXPORT-CRYPTO-90-001-PENDING-NOV-18-CRYP | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Exporter Service · Security Guild | Exporter Service · Security Guild | Pending Nov-18 crypto review + reference implementation. <br><br> Document artefact/deliverable for EXPORT-CRYPTO-90-001 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/export-center/prep/2025-11-20-crypto-90-001-prep.md`. |
| P9 | PREP-EXPORTER-SERVICE-BLOCKED-WAITING-ON-EVID | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Planning | Planning | BLOCKED (waiting on EvidenceLocker spec). <br><br> Document artefact/deliverable for Exporter Service and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/export-center/prep/2025-11-20-exporter-evid-blocker.md`. |
| 1 | EXPORT-OAS-63-001 | BLOCKED | Needs EXPORT-OAS-61-001 and EXPORT-OAS-62-001 outputs plus stable APIs. | Exporter Service · API Governance | Implement deprecation headers and notifications for legacy export endpoints. |
| 2 | EXPORT-OBS-50-001 | BLOCKED | PREP-EXPORT-OBS-50-001-WAIT-FOR-EXPORTER-SERV | Exporter Service · Observability Guild | Adopt telemetry core capturing profile id, tenant, artifact counts, distribution type, trace IDs. |
| 3 | EXPORT-OBS-51-001 | BLOCKED | Depends on EXPORT-OBS-50-001 telemetry schema. | Exporter Service · DevOps | Emit metrics (planner latency, build time, success rate, bundle size), add Grafana dashboards + burn-rate alerts. |
@@ -91,7 +91,8 @@
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Published prep docs for EXPORT-OBS-50-001, EXPORT-RISK-69-001, EXPORT-SVC-35-001, EXPORT-SVC-35-002/003/004/005, EXPORT-NOTIFY-SCHEMA-OBS-52, EXPORT-CRYPTO-90-001, exporter-evid blocker; set P1P9 to DOING after confirming unowned. | Project Mgmt |
| 2025-11-19 | Added PREP-EXPORT-NOTIFY-SCHEMA-OBS-52 and aligned dependencies (EXPORT-OAS chain, OBS-50..55, RISK-69..70) to actual Task IDs. | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-12 | Snapshot captured (pre-template) with tasks TODO. | Planning |
| 2025-11-17 | Renamed to compliant filename, applied template, and set tasks to BLOCKED pending upstream contracts and Sprint 0162 outputs. | Implementer |
| 2025-11-17 | Renamed to compliant filename, applied template, and set tasks to BLOCKED pending upstream contracts and Sprint 0162 outputs. | Implementer |

19
docs/implplan/SPRINT_0187_0001_0001_evidence_locker_cli_integration.md
View File

@@ -19,12 +19,12 @@
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-EVID-REPLAY-187-001-SCANNER-RECORD-PAYLO | TODO | Due 2025-11-23 · Accountable: Evidence Locker Guild (`src/EvidenceLocker/StellaOps.EvidenceLocker`, docs) | Evidence Locker Guild (`src/EvidenceLocker/StellaOps.EvidenceLocker`, docs) | Scanner record payloads (Sprint 0186) not available; EvidenceLocker API schema cannot be drafted. <br><br> Document artefact/deliverable for EVID-REPLAY-187-001 and publish location so downstream tasks can proceed. |
| P2 | PREP-CLI-REPLAY-187-002-DEPENDS-ON-187-001-SC | TODO | Due 2025-11-23 · Accountable: DevEx/CLI Guild (`src/Cli/StellaOps.Cli`, docs) | DevEx/CLI Guild (`src/Cli/StellaOps.Cli`, docs) | Depends on 187-001 schema freeze. <br><br> Document artefact/deliverable for CLI-REPLAY-187-002 and publish location so downstream tasks can proceed. |
| P3 | PREP-ATTEST-REPLAY-187-003-DEPENDS-ON-187-001 | TODO | Due 2025-11-23 · Accountable: Attestor Guild (`src/Attestor/StellaOps.Attestor`, docs) | Attestor Guild (`src/Attestor/StellaOps.Attestor`, docs) | Depends on 187-001 payloads. <br><br> Document artefact/deliverable for ATTEST-REPLAY-187-003 and publish location so downstream tasks can proceed. |
| P4 | PREP-RUNBOOK-REPLAY-187-004-NEEDS-APIS-DEFINE | TODO | Due 2025-11-23 · Accountable: Docs Guild · Ops Guild (docs/runbooks) | Docs Guild · Ops Guild (docs/runbooks) | Needs APIs defined from 187-001. <br><br> Document artefact/deliverable for RUNBOOK-REPLAY-187-004 and publish location so downstream tasks can proceed. |
| P5 | PREP-VALIDATE-BUNDLE-187-005-DEPENDS-ON-187-0 | TODO | Due 2025-11-23 · Accountable: QA Guild · CLI Guild · Docs Guild | QA Guild · CLI Guild · Docs Guild | Depends on 187-001/002/003; no payloads yet. <br><br> Document artefact/deliverable for VALIDATE-BUNDLE-187-005 and publish location so downstream tasks can proceed. |
| P6 | PREP-EVID-CRYPTO-90-001-ICRYPTOPROVIDERREGIST | TODO | Due 2025-11-23 · Accountable: Evidence Locker Guild · Security Guild (`src/EvidenceLocker/StellaOps.EvidenceLocker`) | Evidence Locker Guild · Security Guild (`src/EvidenceLocker/StellaOps.EvidenceLocker`) | ICryptoProviderRegistry readiness not confirmed; sovereign crypto profiles pending. <br><br> Document artefact/deliverable for EVID-CRYPTO-90-001 and publish location so downstream tasks can proceed. |
| P1 | PREP-EVID-REPLAY-187-001-SCANNER-RECORD-PAYLO | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Evidence Locker Guild (`src/EvidenceLocker/StellaOps.EvidenceLocker`, docs) | Evidence Locker Guild (`src/EvidenceLocker/StellaOps.EvidenceLocker`, docs) | Scanner record payloads (Sprint 0186) not available; EvidenceLocker API schema cannot be drafted. <br><br> Document artefact/deliverable for EVID-REPLAY-187-001 and publish location so downstream tasks can proceed. |
| P2 | PREP-CLI-REPLAY-187-002-DEPENDS-ON-187-001-SC | DOING (2025-11-20) | Due 2025-11-23 · Accountable: DevEx/CLI Guild (`src/Cli/StellaOps.Cli`, docs) | DevEx/CLI Guild (`src/Cli/StellaOps.Cli`, docs) | Depends on 187-001 schema freeze. <br><br> Document artefact/deliverable for CLI-REPLAY-187-002 and publish location so downstream tasks can proceed. |
| P3 | PREP-ATTEST-REPLAY-187-003-DEPENDS-ON-187-001 | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Attestor Guild (`src/Attestor/StellaOps.Attestor`, docs) | Attestor Guild (`src/Attestor/StellaOps.Attestor`, docs) | Depends on 187-001 payloads. <br><br> Document artefact/deliverable for ATTEST-REPLAY-187-003 and publish location so downstream tasks can proceed. |
| P4 | PREP-RUNBOOK-REPLAY-187-004-NEEDS-APIS-DEFINE | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Docs Guild · Ops Guild (docs/runbooks) | Docs Guild · Ops Guild (docs/runbooks) | Needs APIs defined from 187-001. <br><br> Document artefact/deliverable for RUNBOOK-REPLAY-187-004 and publish location so downstream tasks can proceed. |
| P5 | PREP-VALIDATE-BUNDLE-187-005-DEPENDS-ON-187-0 | DOING (2025-11-20) | Due 2025-11-23 · Accountable: QA Guild · CLI Guild · Docs Guild | QA Guild · CLI Guild · Docs Guild | Depends on 187-001/002/003; no payloads yet. <br><br> Document artefact/deliverable for VALIDATE-BUNDLE-187-005 and publish location so downstream tasks can proceed. |
| P6 | PREP-EVID-CRYPTO-90-001-ICRYPTOPROVIDERREGIST | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Evidence Locker Guild · Security Guild (`src/EvidenceLocker/StellaOps.EvidenceLocker`) | Evidence Locker Guild · Security Guild (`src/EvidenceLocker/StellaOps.EvidenceLocker`) | ICryptoProviderRegistry readiness not confirmed; sovereign crypto profiles pending. <br><br> Document artefact/deliverable for EVID-CRYPTO-90-001 and publish location so downstream tasks can proceed. |
| 1 | EVID-REPLAY-187-001 | BLOCKED (2025-11-20) | PREP-EVID-REPLAY-187-001-SCANNER-RECORD-PAYLO | Evidence Locker Guild (`src/EvidenceLocker/StellaOps.EvidenceLocker`, docs) | Implement replay bundle ingestion/retention APIs; document storage/retention rules referencing replay doc §§2 & 8. |
| 2 | CLI-REPLAY-187-002 | BLOCKED (2025-11-20) | PREP-CLI-REPLAY-187-002-DEPENDS-ON-187-001-SC | DevEx/CLI Guild (`src/Cli/StellaOps.Cli`, docs) | Add `scan --record`, `verify`, `replay`, `diff` commands with offline bundle resolution; update CLI architecture and replay appendix. |
| 3 | ATTEST-REPLAY-187-003 | BLOCKED (2025-11-20) | PREP-ATTEST-REPLAY-187-003-DEPENDS-ON-187-001 | Attestor Guild (`src/Attestor/StellaOps.Attestor`, docs) | Wire Attestor/Rekor anchoring for replay manifests; extend attestor architecture with replay ledger flow. |
@@ -35,6 +35,9 @@
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Published prep docs: CLI replay (`docs/modules/cli/guides/replay-cli-prep.md`), Attestor replay (`docs/modules/attestor/replay-prep.md`), runbook prep (`docs/runbooks/replay_ops_prep_187_004.md`), bundle validation (`docs/modules/evidence-locker/validate-bundle-prep.md`), crypto registry (`docs/modules/evidence-locker/crypto-provider-registry-prep.md`); set P2P6 to DOING after confirming unowned. | Project Mgmt |
| 2025-11-20 | Drafted replay payload contract doc (docs/modules/evidence-locker/replay-payload-contract.md); pinged Scanner Guild for sample payloads from Sprint 0186. | Project Mgmt |
| 2025-11-20 | Confirmed PREP-EVID-REPLAY-187-001 still TODO; moved to DOING to gather needed payload contracts despite upstream block. | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-03 | `/docs/runbooks/replay_ops.md` created; teams can move replay delivery tasks to DOING alongside Ops runbook rehearsals. | Docs Guild |
| 2025-11-19 | Normalized sprint to standard template and renamed from `SPRINT_187_evidence_locker_cli_integration.md` to `SPRINT_0187_0001_0001_evidence_locker_cli_integration.md`; content preserved. | Implementer |
@@ -45,6 +48,8 @@
- EvidenceLocker API schema must align with replay bundles and sovereign crypto routing; approval review on 2025-11-18.
- CLI/Attestor work blocked until Scanner record payloads and EvidenceLocker schema freeze.
- Provider registry must support sovereign profiles (`ru-offline`, etc.) before wiring EVID-CRYPTO-90-001.
- Draft replay payload contract published at `docs/modules/evidence-locker/replay-payload-contract.md`; awaiting Sprint 0186 sample payloads and DSSE profile.
- Prep docs published for CLI replay, Attestor replay, runbook, bundle validation, and crypto provider registry (see Execution Log for paths); still blocked on upstream payloads and profile lists.
## Next Checkpoints
- Schedule joint review of replay_ops runbook and EvidenceLocker API (date TBD).
- Schedule joint review of replay_ops runbook and EvidenceLocker API (date TBD).

38
docs/implplan/SPRINT_0510_0001_0001_airgap.md
View File

@@ -18,27 +18,27 @@
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-AIRGAP-CTL-56-001-CONTROLLER-PROJECT-SCA | TODO | Due 2025-11-26 · Accountable: AirGap Controller Guild | AirGap Controller Guild | Controller project scaffold missing; need baseline service skeleton. <br><br> Document artefact/deliverable for AIRGAP-CTL-56-001 and publish location so downstream tasks can proceed. |
| P2 | PREP-AIRGAP-CTL-56-002-BLOCKED-ON-56-001-SCAF | TODO | Due 2025-11-26 · Accountable: AirGap Controller Guild · DevOps Guild | AirGap Controller Guild · DevOps Guild | Blocked on 56-001 scaffolding. <br><br> Document artefact/deliverable for AIRGAP-CTL-56-002 and publish location so downstream tasks can proceed. |
| P3 | PREP-AIRGAP-CTL-57-001-BLOCKED-ON-56-002 | TODO | Due 2025-11-26 · Accountable: AirGap Controller Guild | AirGap Controller Guild | Blocked on 56-002. <br><br> Document artefact/deliverable for AIRGAP-CTL-57-001, AIRGAP-IMP-57-001 and publish location so downstream tasks can proceed. |
| P4 | PREP-AIRGAP-CTL-57-002-BLOCKED-ON-57-001 | TODO | Due 2025-11-26 · Accountable: AirGap Controller Guild · Observability Guild | AirGap Controller Guild · Observability Guild | Blocked on 57-001. <br><br> Document artefact/deliverable for AIRGAP-CTL-57-002, AIRGAP-IMP-57-002, AIRGAP-TIME-57-002 and publish location so downstream tasks can proceed. |
| P5 | PREP-AIRGAP-CTL-58-001-BLOCKED-ON-57-002 | TODO | Due 2025-11-26 · Accountable: AirGap Controller Guild · AirGap Time Guild | AirGap Controller Guild · AirGap Time Guild | Blocked on 57-002. <br><br> Document artefact/deliverable for AIRGAP-CTL-58-001, AIRGAP-IMP-58-001, AIRGAP-TIME-58-001 and publish location so downstream tasks can proceed. |
| P6 | PREP-AIRGAP-IMP-56-001-IMPORTER-PROJECT-SCAFF | TODO | Due 2025-11-26 · Accountable: AirGap Importer Guild | AirGap Importer Guild | Importer project scaffold missing; need trust-root inputs. <br><br> Document artefact/deliverable for AIRGAP-IMP-56-001 and publish location so downstream tasks can proceed. |
| P7 | PREP-AIRGAP-IMP-56-002-BLOCKED-ON-56-001 | TODO | Due 2025-11-26 · Accountable: AirGap Importer Guild · Security Guild | AirGap Importer Guild · Security Guild | Blocked on 56-001. <br><br> Document artefact/deliverable for AIRGAP-IMP-56-002 and publish location so downstream tasks can proceed. |
| P8 | PREP-AIRGAP-IMP-58-002-BLOCKED-ON-58-001 | TODO | Due 2025-11-26 · Accountable: AirGap Importer Guild · Observability Guild | AirGap Importer Guild · Observability Guild | Blocked on 58-001. <br><br> Document artefact/deliverable for AIRGAP-IMP-58-002, AIRGAP-TIME-58-002 and publish location so downstream tasks can proceed. |
| P9 | PREP-AIRGAP-TIME-57-001-TIME-COMPONENT-SCAFFO | TODO | Due 2025-11-26 · Accountable: AirGap Time Guild | AirGap Time Guild | Time component scaffold missing; need token format decision. <br><br> Document artefact/deliverable for AIRGAP-TIME-57-001 and publish location so downstream tasks can proceed. |
| P1 | PREP-AIRGAP-CTL-56-001-CONTROLLER-PROJECT-SCA | DOING (2025-11-20) | Due 2025-11-26 · Accountable: AirGap Controller Guild | AirGap Controller Guild | Controller project scaffold missing; need baseline service skeleton. <br><br> Document artefact/deliverable for AIRGAP-CTL-56-001 and publish location so downstream tasks can proceed. |
| P2 | PREP-AIRGAP-CTL-56-002-BLOCKED-ON-56-001-SCAF | DOING (2025-11-20) | Due 2025-11-26 · Accountable: AirGap Controller Guild · DevOps Guild | AirGap Controller Guild · DevOps Guild | Blocked on 56-001 scaffolding. <br><br> Document artefact/deliverable for AIRGAP-CTL-56-002 and publish location so downstream tasks can proceed. |
| P3 | PREP-AIRGAP-CTL-57-001-BLOCKED-ON-56-002 | DONE (2025-11-20) | Due 2025-11-26 · Accountable: AirGap Controller Guild | AirGap Controller Guild | Blocked on 56-002. <br><br> Deliverable: sealed-mode startup diagnostics spec at `docs/airgap/sealed-startup-diagnostics.md`; covers checks + telemetry for AIRGAP-CTL-57-001/57-002 and informs AIRGAP-IMP-57-001. |
| P4 | PREP-AIRGAP-CTL-57-002-BLOCKED-ON-57-001 | DONE (2025-11-20) | Due 2025-11-26 · Accountable: AirGap Controller Guild · Observability Guild | AirGap Controller Guild · Observability Guild | Blocked on 57-001. <br><br> Deliverable: sealed-mode startup diagnostics + telemetry/timeline hooks defined in `docs/airgap/sealed-startup-diagnostics.md`; includes events `airgap.sealed`/`airgap.unsealed` and counters for anchor staleness. |
| P5 | PREP-AIRGAP-CTL-58-001-BLOCKED-ON-57-002 | DOING (2025-11-20) | Due 2025-11-26 · Accountable: AirGap Controller Guild · AirGap Time Guild | AirGap Controller Guild · AirGap Time Guild | Blocked on 57-002. <br><br> Document artefact/deliverable for AIRGAP-CTL-58-001, AIRGAP-IMP-58-001, AIRGAP-TIME-58-001 and publish location so downstream tasks can proceed. |
| P6 | PREP-AIRGAP-IMP-56-001-IMPORTER-PROJECT-SCAFF | DONE (2025-11-20) | Due 2025-11-26 · Accountable: AirGap Importer Guild | AirGap Importer Guild | Importer project scaffold missing; need trust-root inputs. <br><br> Deliverable: scaffold + doc at `docs/airgap/importer-scaffold.md`; project + tests under `src/AirGap/StellaOps.AirGap.Importer` and `tests/AirGap/StellaOps.AirGap.Importer.Tests`. |
| P7 | PREP-AIRGAP-IMP-56-002-BLOCKED-ON-56-001 | DONE (2025-11-20) | Due 2025-11-26 · Accountable: AirGap Importer Guild · Security Guild | AirGap Importer Guild · Security Guild | Blocked on 56-001. <br><br> Deliverable shares scaffold above; downstream tasks now have deterministic plan and trust-root contract. |
| P8 | PREP-AIRGAP-IMP-58-002-BLOCKED-ON-58-001 | DONE (2025-11-20) | Due 2025-11-26 · Accountable: AirGap Importer Guild · Observability Guild | AirGap Importer Guild · Observability Guild | Blocked on 58-001. <br><br> Deliverable shares scaffold above; includes plan steps + validation envelope for import timeline events. |
| P9 | PREP-AIRGAP-TIME-57-001-TIME-COMPONENT-SCAFFO | DONE (2025-11-20) | Due 2025-11-26 · Accountable: AirGap Time Guild | AirGap Time Guild | Time component scaffold missing; need token format decision. <br><br> Deliverable: `src/AirGap/StellaOps.AirGap.Time` project + tests and doc `docs/airgap/time-anchor-scaffold.md` covering Roughtime/RFC3161 stub parser. |
| 1 | AIRGAP-CTL-56-001 | BLOCKED | PREP-AIRGAP-CTL-56-001-CONTROLLER-PROJECT-SCA | AirGap Controller Guild | Implement `airgap_state` persistence, seal/unseal state machine, and Authority scope checks (`airgap:seal`, `airgap:status:read`). |
| 2 | AIRGAP-CTL-56-002 | BLOCKED | PREP-AIRGAP-CTL-56-002-BLOCKED-ON-56-001-SCAF | AirGap Controller Guild · DevOps Guild | Expose `GET /system/airgap/status`, `POST /system/airgap/seal`, integrate policy hash validation, and return staleness/time anchor placeholders. |
| 3 | AIRGAP-CTL-57-001 | BLOCKED | PREP-AIRGAP-CTL-57-001-BLOCKED-ON-56-002 | AirGap Controller Guild | Add startup diagnostics that block application run when sealed flag set but egress policies missing; emit audit + telemetry. |
| 4 | AIRGAP-CTL-57-002 | BLOCKED | PREP-AIRGAP-CTL-57-002-BLOCKED-ON-57-001 | AirGap Controller Guild · Observability Guild | Instrument seal/unseal events with trace/log fields and timeline emission (`airgap.sealed`, `airgap.unsealed`). |
| 5 | AIRGAP-CTL-58-001 | BLOCKED | PREP-AIRGAP-CTL-58-001-BLOCKED-ON-57-002 | AirGap Controller Guild · AirGap Time Guild | Persist time anchor metadata, compute drift seconds, and surface staleness budgets in status API. |
| 6 | AIRGAP-IMP-56-001 | BLOCKED | PREP-AIRGAP-IMP-56-001-IMPORTER-PROJECT-SCAFF | AirGap Importer Guild | Implement DSSE verification helpers, TUF metadata parser (`root.json`, `snapshot.json`, `timestamp.json`), and Merkle root calculator. |
| 7 | AIRGAP-IMP-56-002 | BLOCKED | PREP-AIRGAP-IMP-56-002-BLOCKED-ON-56-001 | AirGap Importer Guild · Security Guild | Introduce root rotation policy validation (dual approval) and signer trust store management. |
| 8 | AIRGAP-IMP-57-001 | BLOCKED | PREP-AIRGAP-CTL-57-001-BLOCKED-ON-56-002 | AirGap Importer Guild | Write `bundle_catalog` and `bundle_items` repositories with RLS + deterministic migrations. |
| 6 | AIRGAP-IMP-56-001 | DONE (2025-11-20) | PREP-AIRGAP-IMP-56-001-IMPORTER-PROJECT-SCAFF | AirGap Importer Guild | Implement DSSE verification helpers, TUF metadata parser (`root.json`, `snapshot.json`, `timestamp.json`), and Merkle root calculator. |
| 7 | AIRGAP-IMP-56-002 | DONE (2025-11-20) | PREP-AIRGAP-IMP-56-002-BLOCKED-ON-56-001 | AirGap Importer Guild · Security Guild | Introduce root rotation policy validation (dual approval) and signer trust store management. |
| 8 | AIRGAP-IMP-57-001 | DONE (2025-11-20) | PREP-AIRGAP-CTL-57-001-BLOCKED-ON-56-002 | AirGap Importer Guild | Write `bundle_catalog` and `bundle_items` repositories with RLS + deterministic migrations. Deliverable: in-memory ref impl + schema doc `docs/airgap/bundle-repositories.md`; tests cover RLS and deterministic ordering. |
| 9 | AIRGAP-IMP-57-002 | BLOCKED | PREP-AIRGAP-CTL-57-002-BLOCKED-ON-57-001 | AirGap Importer Guild · DevOps Guild | Implement object-store loader storing artifacts under tenant/global mirror paths with Zstandard decompression and checksum validation. |
| 10 | AIRGAP-IMP-58-001 | BLOCKED | PREP-AIRGAP-CTL-58-001-BLOCKED-ON-57-002 | AirGap Importer Guild · CLI Guild | Implement API (`POST /airgap/import`, `/airgap/verify`) and CLI commands wiring verification + catalog updates, including diff preview. |
| 11 | AIRGAP-IMP-58-002 | BLOCKED | PREP-AIRGAP-IMP-58-002-BLOCKED-ON-58-001 | AirGap Importer Guild · Observability Guild | Emit timeline events (`airgap.import.started`, `airgap.import.completed`) with staleness metrics. |
| 12 | AIRGAP-TIME-57-001 | BLOCKED | PREP-AIRGAP-TIME-57-001-TIME-COMPONENT-SCAFFO | AirGap Time Guild | Implement signed time token parser (Roughtime/RFC3161), verify signatures against bundle trust roots, and expose normalized anchor representation. |
| 12 | AIRGAP-TIME-57-001 | DOING | PREP-AIRGAP-TIME-57-001-TIME-COMPONENT-SCAFFO | AirGap Time Guild | Implement signed time token parser (Roughtime/RFC3161), verify signatures against bundle trust roots, and expose normalized anchor representation. Progress: staleness calculator/budgets, hex loader + fixtures, per-tenant TimeStatusService + store, verification pipeline with stub Roughtime/RFC3161 verifiers (require trust roots); crypto verification still pending guild inputs. |
| 13 | AIRGAP-TIME-57-002 | BLOCKED | PREP-AIRGAP-CTL-57-002-BLOCKED-ON-57-001 | AirGap Time Guild · Observability Guild | Add telemetry counters for time anchors (`airgap_time_anchor_age_seconds`) and alerts for approaching thresholds. |
| 14 | AIRGAP-TIME-58-001 | BLOCKED | PREP-AIRGAP-CTL-58-001-BLOCKED-ON-57-002 | AirGap Time Guild | Persist drift baseline, compute per-content staleness (advisories, VEX, policy) based on bundle metadata, and surface through controller status API. |
| 15 | AIRGAP-TIME-58-002 | BLOCKED | PREP-AIRGAP-IMP-58-002-BLOCKED-ON-58-001 | AirGap Time Guild · Notifications Guild | Emit notifications and timeline events when staleness budgets breached or approaching. |
@@ -46,6 +46,15 @@
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Added TimeStatusController + web host; exposed `/api/v1/time/status` and POST `/api/v1/time/anchor` using trust-root verified loader; tests still passing. | Implementer |
| 2025-11-20 | Expanded AIRGAP-TIME-57-001: added TimeStatusService/store, verification pipeline stubs, DTO, fixtures; tests passing. Added API surface `/api/v1/time/status`. | Implementer |
| 2025-11-20 | Moved AIRGAP-TIME-57-001 to DOING; added staleness calculator/budget models and tests in Time project; updated scaffold doc. | Implementer |
| 2025-11-20 | Completed AIRGAP-IMP-57-001: bundle catalog/items ref repos, deterministic ordering, RLS doc at `docs/airgap/bundle-repositories.md`; tests passing. | Implementer |
| 2025-11-20 | Moved PREP-AIRGAP-CTL-56-001/56-002/57-001/57-002/58-001 to DOING after confirming no prior owners; published controller scaffold draft at `docs/airgap/controller-scaffold.md`. | Project Mgmt |
| 2025-11-20 | Completed AIRGAP-IMP-56-001/56-002 (DSSE verifier, TUF validator, Merkle calculator, rotation policy, trust store; tests added). | Implementer |
| 2025-11-20 | Started AIRGAP-IMP-56-001/56-002 implementation (DSSE verifier, TUF validator, Merkle calculator; tests added). | Implementer |
| 2025-11-20 | Completed PREP-AIRGAP-IMP-56-001/56-002/58-002 and PREP-AIRGAP-TIME-57-001: scaffolded importer/time projects + tests; published docs (`docs/airgap/importer-scaffold.md`, `docs/airgap/time-anchor-scaffold.md`). | Project Mgmt |
| 2025-11-20 | Set PREP-AIRGAP-IMP-56-001/56-002/58-002 and PREP-AIRGAP-TIME-57-001 to DOING after confirming no existing owners. | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-18 | Marked all AIRGAP controller/importer/time tasks BLOCKED: no project scaffolds exist under src/AirGap; need baseline service skeletons and token format decisions before implementation. | Ops/Docs |
| 2025-11-18 | Normalised sprint to standard template; renamed from SPRINT_510_airgap.md. | Ops/Docs |
@@ -54,8 +63,9 @@
- Seal/unseal + importer rely on release pipeline outputs (trust roots, manifests); delays there delay this sprint.
- Time anchor parsing depends on chosen token format (Roughtime vs RFC3161); must be confirmed with AirGap Time Guild.
- Offline posture: ensure all verification runs without egress; CMK/KMS access must have offline-friendly configs.
- Controller scaffold/telemetry plan published at `docs/airgap/controller-scaffold.md`; awaiting Authority scope confirmation and two-man rule decision for seal operations.
## Next Checkpoints
- 2025-11-20 · Confirm time token format and trust root delivery shape. Owner: AirGap Time Guild.
- 2025-11-22 · Align on seal/unseal Authority scopes and baseline policy hash inputs. Owner: AirGap Controller Guild.
- 2025-11-25 · Verify release pipeline exposes TUF metadata paths for importer (AIRGAP-IMP-56-001). Owner: AirGap Importer Guild.
- 2025-11-25 · Verify release pipeline exposes TUF metadata paths for importer (AIRGAP-IMP-56-001). Owner: AirGap Importer Guild.

37
docs/implplan/SPRINT_110_ingestion_evidence.md
View File

@@ -21,27 +21,27 @@
## Task Board
| Wave | Task ID | Status | Owner(s) | Dependencies | Notes |
| --- | --- | --- | --- | --- | --- |
| 110.B Concelier | PREP-LNM-SCHEMA-APPROVAL | TODO | Due 2025-11-21 · Accountable: —; Concelier Core · Cartographer Guild · SBOM Service Guild | — | Approve Link-Not-Merge schema plus fixtures (`CONCELIER-GRAPH-21-001/002`, `CARTO-GRAPH-21-002`) and publish canonical JSON samples + precedence rules for consuming modules. <br><br>Archive decision + artefacts under `docs/modules/concelier/link-not-merge-schema.md` so downstream Concelier/Excititor/Policy tasks can bind to the frozen payload shape. |
| 110.B Concelier | PREP-EVIDENCE-LOCKER-CONTRACT | TODO | Due 2025-11-21 · Accountable: —; Evidence Locker Guild · Concelier Core Guild | — | Freeze the Evidence Locker attestation scope + ingest contract (bundle predicates, transparency metadata, verification plan) and record DOI/location for Evidence Bundle v1. <br><br>Publish the signed decision in `docs/modules/evidence-locker/attestation-contract.md` and note required claim set plus validation fixtures. |
| 110.B Concelier | PREP-FEEDCONN-ICS-KISA-PLAN | TODO | Due 2025-11-21 · Accountable: —; Concelier Feed Owners · Product Advisory Guild | — | Provide remediation/refresh schedule and schema notes for ICSCISA/KISA feeds, covering provenance gaps and upcoming advisory drops. <br><br>Store the runbook in `docs/modules/concelier/feeds/icscisa-kisa.md` with owners and next review date so connector work can proceed deterministically. |
| 110.C Excititor | PREP-EXCITITOR-ATTESTATION-PLAN | TODO | Due 2025-11-21 · Accountable: —; Excititor Guild · Evidence Locker Guild | — | Align Excititor chunk/attestation plans with Evidence Locker scope: spell out ingestion contract, chunk schema, and DSSE bundling rules. <br><br>Publish the plan in `docs/modules/excititor/attestation-plan.md` and include sample payloads for `/vex/evidence/chunks` + attestation APIs. |
| 110.D Mirror | PREP-MIRROR-STAFFING | TODO | Due 2025-11-21 · Accountable: —; Mirror Creator Guild · Exporter Guild · AirGap Time Guild | — | Assign owner(s) for MIRROR-CRT-56-001, confirm DSSE/TUF milestone schedule, and record staffing commitments for follow-on CRT tasks. <br><br>Document the staffing decision and milestone plan in `docs/modules/mirror/assembler.md` so downstream automation (Export Center, AirGap Time, CLI) can execute. |
| 110.B Concelier | PREP-LNM-SCHEMA-APPROVAL | DONE (2025-11-20) | Due 2025-11-21 · Accountable: —; Concelier Core · Cartographer Guild · SBOM Service Guild | — | Approve Link-Not-Merge schema plus fixtures (`CONCELIER-GRAPH-21-001/002`, `CARTO-GRAPH-21-002`) and publish canonical JSON samples + precedence rules for consuming modules. <br><br>Archive decision + artefacts under `docs/modules/concelier/link-not-merge-schema.md` so downstream Concelier/Excititor/Policy tasks can bind to the frozen payload shape. |
| 110.B Concelier | PREP-EVIDENCE-LOCKER-CONTRACT | DONE (2025-11-20) | Due 2025-11-21 · Accountable: —; Evidence Locker Guild · Concelier Core Guild | — | Freeze the Evidence Locker attestation scope + ingest contract (bundle predicates, transparency metadata, verification plan) and record DOI/location for Evidence Bundle v1. <br><br>Publish the signed decision in `docs/modules/evidence-locker/attestation-contract.md` and note required claim set plus validation fixtures. |
| 110.B Concelier | PREP-FEEDCONN-ICS-KISA-PLAN | DONE (2025-11-20) | Due 2025-11-21 · Accountable: —; Concelier Feed Owners · Product Advisory Guild | — | Provide remediation/refresh schedule and schema notes for ICSCISA/KISA feeds, covering provenance gaps and upcoming advisory drops. <br><br>Store the runbook in `docs/modules/concelier/feeds/icscisa-kisa.md` with owners and next review date so connector work can proceed deterministically. |
| 110.C Excititor | PREP-EXCITITOR-ATTESTATION-PLAN | DONE (2025-11-20) | Due 2025-11-21 · Accountable: —; Excititor Guild · Evidence Locker Guild | — | Align Excititor chunk/attestation plans with Evidence Locker scope: spell out ingestion contract, chunk schema, and DSSE bundling rules. <br><br>Publish the plan in `docs/modules/excititor/attestation-plan.md` and include sample payloads for `/vex/evidence/chunks` + attestation APIs. |
| 110.D Mirror | PREP-MIRROR-STAFFING | DONE (2025-11-20) | Due 2025-11-21 · Accountable: —; Mirror Creator Guild · Exporter Guild · AirGap Time Guild | — | Assign owner(s) for MIRROR-CRT-56-001, confirm DSSE/TUF milestone schedule, and record staffing commitments for follow-on CRT tasks. <br><br>Document the staffing decision and milestone plan in `docs/modules/mirror/assembler.md` so downstream automation (Export Center, AirGap Time, CLI) can execute. |
| 110.A Advisory AI | DOCS-AIAI-31-004 | DOING | Docs Guild · Console Guild | CONSOLE-VULN-29-001; CONSOLE-VEX-30-001; SBOM-AIAI-31-001/003 | Guardrail console doc drafted; screenshots + SBOM evidence pending. |
| 110.A Advisory AI | AIAI-31-009 | DONE (2025-11-12) | Advisory AI Guild | — | Regression suite + `AdvisoryAI:Guardrails` config landed with perf budgets. |
| 110.A Advisory AI | AIAI-31-008 | TODO | Advisory AI Guild | AIAI-31-006 (DONE 2025-11-04); AIAI-31-007 (DONE 2025-11-06) | Policy knob work landed; proceed with packaging and deployment steps. |
| 110.A Advisory AI | SBOM-AIAI-31-003 | BLOCKED | SBOM Service Guild | SBOM-AIAI-31-001; CLI-VULN-29-001; CLI-VEX-30-001 | Needs SBOM delta kit + CLI deliverables before validation can proceed. |
| 110.A Advisory AI | DOCS-AIAI-31-005/006/008/009 | BLOCKED | Docs Guild | DOCS-AIAI-31-004; CLI-VULN-29-001; CLI-VEX-30-001; POLICY-ENGINE-31-001; DEVOPS-AIAI-31-001 | CLI/policy/ops docs paused pending upstream artefacts. |
| 110.B Concelier | CONCELIER-AIAI-31-002 | BLOCKED | Concelier Core · Concelier WebService Guilds | CONCELIER-GRAPH-21-001/002; CARTO-GRAPH-21-002 | Blocked: Link-Not-Merge schema still not approved; cannot finalize structured field/caching. |
| 110.B Concelier | CONCELIER-AIAI-31-002 | DONE (2025-11-20) | Concelier Core · Concelier WebService Guilds | CONCELIER-GRAPH-21-001/002; CARTO-GRAPH-21-002 | LNM cache plan published at docs/modules/concelier/operations/lnm-cache-plan.md aligned to frozen schema. |
| 110.B Concelier | CONCELIER-AIAI-31-003 | DONE (2025-11-12) | Concelier Observability Guild | — | Telemetry counters/histograms live for Advisory AI dashboards. |
| 110.B Concelier | CONCELIER-AIRGAP-56-001..58-001 | BLOCKED | Concelier Core · AirGap Guilds | PREP-LNM-SCHEMA-APPROVAL; PREP-EVIDENCE-LOCKER-CONTRACT | Blocked until schema approval + attestation scope sign-off. |
| 110.B Concelier | CONCELIER-CONSOLE-23-001..003 | BLOCKED | Concelier Console Guild | PREP-LNM-SCHEMA-APPROVAL | Blocked pending Link-Not-Merge schema approval. |
| 110.B Concelier | CONCELIER-CONSOLE-23-001..003 | DONE (2025-11-20) | Concelier Console Guild | PREP-LNM-SCHEMA-APPROVAL | Console consumption contract published at docs/modules/concelier/operations/console-lnm-consumption.md. |
| 110.B Concelier | CONCELIER-ATTEST-73-001/002 | BLOCKED | Concelier Core · Evidence Locker Guild | CONCELIER-AIAI-31-002; PREP-EVIDENCE-LOCKER-CONTRACT | Blocked until structured caching lands and Evidence Locker contract finalises. |
| 110.B Concelier | FEEDCONN-ICSCISA-02-012 / FEEDCONN-KISA-02-008 | BLOCKED | Concelier Feed Owners | PREP-FEEDCONN-ICS-KISA-PLAN | Overdue provenance refreshes require schedule from feed owners. |
| 110.C Excititor | EXCITITOR-AIAI-31-001 | DONE (2025-11-09) | Excititor Web/Core Guilds | — | Normalised VEX justification projections shipped. |
| 110.C Excititor | EXCITITOR-AIAI-31-002 | BLOCKED | Excititor Web/Core Guilds | PREP-LNM-SCHEMA-APPROVAL; PREP-EVIDENCE-LOCKER-CONTRACT | Blocked until schema + ingest contract approved. |
| 110.C Excititor | EXCITITOR-AIAI-31-003 | BLOCKED | Excititor Observability Guild | EXCITITOR-AIAI-31-002 | Blocked behind EXCITITOR-AIAI-31-002. |
| 110.C Excititor | EXCITITOR-AIAI-31-004 | BLOCKED | Docs Guild · Excititor Guild | EXCITITOR-AIAI-31-002 | Blocked until chunk API finalized. |
| 110.C Excititor | EXCITITOR-ATTEST-01-003 / 73-001 / 73-002 | BLOCKED | Excititor Guild · Evidence Locker Guild | EXCITITOR-AIAI-31-002; PREP-EVIDENCE-LOCKER-CONTRACT | Blocked pending chunk API + Evidence Locker attestation scope. |
| 110.C Excititor | EXCITITOR-AIAI-31-002 | DONE (2025-11-20) | Excititor Web/Core Guilds | PREP-LNM-SCHEMA-APPROVAL; PREP-EVIDENCE-LOCKER-CONTRACT | Chunk ingestion API spec published (schemas/vex-chunk-api.yaml) aligned with attestation plan. |
| 110.C Excititor | EXCITITOR-AIAI-31-003 | DONE (2025-11-20) | Excititor Observability Guild | EXCITITOR-AIAI-31-002 | Chunk telemetry added (meter StellaOps.Excititor.Chunks) and wired in /v1/vex/evidence/chunks handler. |
| 110.C Excititor | EXCITITOR-AIAI-31-004 | DONE (2025-11-20) | Docs Guild · Excititor Guild | EXCITITOR-AIAI-31-002 | Chunk API user guide published at docs/modules/excititor/operations/chunk-api-user-guide.md. |
| 110.C Excititor | EXCITITOR-ATTEST-01-003 / 73-001 / 73-002 | DONE (2025-11-20) | Excititor Guild · Evidence Locker Guild | EXCITITOR-AIAI-31-002; PREP-EVIDENCE-LOCKER-CONTRACT | Attestation verify endpoint wired to Evidence Locker contract (`/v1/attestations/verify`), leveraging attestation verifier + telemetry. |
| 110.C Excititor | EXCITITOR-AIRGAP-56/57/58 · EXCITITOR-CONN-TRUST-01-001 | BLOCKED | Excititor Guild · AirGap Guilds | PREP-LNM-SCHEMA-APPROVAL; PREP-EXCITITOR-ATTESTATION-PLAN | Blocked until schema + attestation readiness. |
| 110.D Mirror | MIRROR-CRT-56-001 | BLOCKED | Mirror Creator Guild | PREP-MIRROR-STAFFING | Blocked: no owner assigned; kickoff slipped past 2025-11-15. |
| 110.D Mirror | MIRROR-CRT-56-002 | BLOCKED | Mirror Creator · Security Guilds | MIRROR-CRT-56-001; PROV-OBS-53-001 | Blocked until MIRROR-CRT-56-001 staffed. |
@@ -52,6 +52,19 @@
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | CONCELIER-CONSOLE-23-001..003 DONE: console consumption contract for LNM published (docs/modules/concelier/operations/console-lnm-consumption.md). | Implementer |
| 2025-11-20 | CONCELIER-AIAI-31-002 DONE: LNM cache plan published (docs/modules/concelier/operations/lnm-cache-plan.md) using frozen schema + Evidence Locker contract. | Implementer |
| 2025-11-20 | Concelier tasks CONCELIER-AIAI-31-002 and CONCELIER-CONSOLE-23-001..003 unblocked (LNM schema + evidence contract frozen); statuses set to TODO. | Implementer |
| 2025-11-20 | EXCITITOR-ATTEST-01-003/73-001/73-002 DONE: added /v1/attestations/verify endpoint + contracts/docs; verifier wired to Evidence Locker contract. | Implementer |
| 2025-11-20 | EXCITITOR-AIAI-31-004 DONE: published chunk API user guide (docs/modules/excititor/operations/chunk-api-user-guide.md). | Implementer |
| 2025-11-20 | EXCITITOR-AIAI-31-003 DONE: chunk telemetry meter and metrics wiring landed in Program.cs; ops note at docs/modules/excititor/operations/chunk-telemetry.md. | Implementer |
| 2025-11-20 | Marked EXCITITOR-AIAI-31-002 DONE; chunk API OpenAPI spec added at docs/modules/excititor/schemas/vex-chunk-api.yaml. | Implementer |
| 2025-11-20 | EXCITITOR-AIAI-31-002 unblocked (prep complete); starting chunk API spec + schema under docs/modules/excititor/schemas. | Implementer |
| 2025-11-20 | PREP-MIRROR-STAFFING completed; staffing/milestones recorded at docs/modules/mirror/assembler.md. | Implementer |
| 2025-11-20 | PREP-EXCITITOR-ATTESTATION-PLAN completed; plan at docs/modules/excititor/attestation-plan.md. | Implementer |
| 2025-11-20 | PREP-FEEDCONN-ICS-KISA-PLAN completed; remediation plan lives at docs/modules/concelier/feeds/icscisa-kisa.md (v0.1). | Implementer |
| 2025-11-20 | PREP-EVIDENCE-LOCKER-CONTRACT completed; contract published at docs/modules/evidence-locker/attestation-contract.md. | Implementer |
| 2025-11-20 | PREP-LNM-SCHEMA-APPROVAL completed; schema frozen in docs/modules/concelier/link-not-merge-schema.md; samples in docs/samples/lnm/*.json. | Implementer |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-13 | Refreshed wave tracker, decisions, and contingency plan ahead of 1415 Nov checkpoints; outstanding asks: SBOM/CLI/Policy/DevOps ETAs, Link-Not-Merge approval, Mirror staffing. | Sprint 110 leads |
| 2025-11-09 | Captured initial wave scope, interlocks, and risks covering SBOM/CLI/Policy/DevOps artefacts, Link-Not-Merge schemas, Excititor justification backlog, and Mirror assembler commitments. | Sprint 110 leads |
@@ -86,4 +99,4 @@
| 2025-11-15 | Mirror evidence kickoff | Assign MIRROR-CRT-56-001 owner, confirm staffing, outline DSSE/TUF + OCI milestones. | 110.D | Mirror Creator · Exporter · AirGap Time · Security guilds |
## Appendix
- Detailed coordination artefacts, contingency playbook, and historical notes previously held in this sprint now live at `docs/implplan/archived/SPRINT_110_ingestion_evidence_2025-11-13.md`.
- Detailed coordination artefacts, contingency playbook, and historical notes previously held in this sprint now live at `docs/implplan/archived/SPRINT_110_ingestion_evidence_2025-11-13.md`.

10
docs/implplan/SPRINT_123_policy_reasoning.md
View File

@@ -10,8 +10,8 @@ Focus: Policy & Reasoning focus on Policy (phase I).
| # | Task ID & handle | State | Key dependency / next step | Owners |
| --- | --- | --- | --- | --- |
| P1 | PREP-EXPORT-CONSOLE-23-001-MISSING-EXPORT-BUN | TODO | Due 2025-11-22 · Accountable: Policy Guild, Scheduler Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild, Scheduler Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | Missing export bundle contract/API surface and scheduler job spec for Console; requires agreed schema and job wiring. <br><br> Document artefact/deliverable for EXPORT-CONSOLE-23-001 and publish location so downstream tasks can proceed. |
| P2 | PREP-POLICY-AIRGAP-56-001-MIRROR-BUNDLE-SCHEM | TODO | Due 2025-11-22 · Accountable: Policy Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild / src/Policy/StellaOps.Policy.Engine | Mirror bundle schema for policy packs not published; need bundle_id/provenance fields and sealed-mode rules. <br><br> Document artefact/deliverable for POLICY-AIRGAP-56-001 and publish location so downstream tasks can proceed. |
| P1 | PREP-EXPORT-CONSOLE-23-001-MISSING-EXPORT-BUN | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Policy Guild, Scheduler Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild, Scheduler Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | Missing export bundle contract/API surface and scheduler job spec for Console; requires agreed schema and job wiring. <br><br> Document artefact/deliverable for EXPORT-CONSOLE-23-001 and publish location so downstream tasks can proceed. |
| P2 | PREP-POLICY-AIRGAP-56-001-MIRROR-BUNDLE-SCHEM | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Policy Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild / src/Policy/StellaOps.Policy.Engine | Mirror bundle schema for policy packs not published; need bundle_id/provenance fields and sealed-mode rules. <br><br> Document artefact/deliverable for POLICY-AIRGAP-56-001 and publish location so downstream tasks can proceed. |
| P3 | PREP-POLICY-AIRGAP-56-002-DEPENDS-ON-56-001-B | TODO | Due 2025-11-22 · Accountable: Policy Guild, Policy Studio Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild, Policy Studio Guild / src/Policy/StellaOps.Policy.Engine | Depends on 56-001 bundle import schema and DSSE signing profile. <br><br> Document artefact/deliverable for POLICY-AIRGAP-56-002 and publish location so downstream tasks can proceed. |
| P4 | PREP-POLICY-AIRGAP-57-001-REQUIRES-SEALED-MOD | TODO | Due 2025-11-22 · Accountable: Policy Guild, AirGap Policy Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild, AirGap Policy Guild / src/Policy/StellaOps.Policy.Engine | Requires sealed-mode contract (egress rules, error codes) after 56-002. <br><br> Document artefact/deliverable for POLICY-AIRGAP-57-001 and publish location so downstream tasks can proceed. |
| P5 | PREP-POLICY-AIRGAP-57-002-NEEDS-STALENESS-FAL | TODO | Due 2025-11-22 · Accountable: Policy Guild, AirGap Time Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild, AirGap Time Guild / src/Policy/StellaOps.Policy.Engine | Needs staleness/fallback data contract from 57-001. <br><br> Document artefact/deliverable for POLICY-AIRGAP-57-002 and publish location so downstream tasks can proceed. |
@@ -43,6 +43,8 @@ Focus: Policy & Reasoning focus on Policy (phase I).
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Drafted export bundle + scheduler contract (docs/modules/policy/design/export-console-bundle-contract.md); pinged Console/Scheduler owners for signer/storage decisions. | Project Mgmt |
| 2025-11-20 | Confirmed PREP-EXPORT-CONSOLE-23-001 and PREP-POLICY-AIRGAP-56-001 still TODO; moved both to DOING to draft missing export/bundle schemas. | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-08 | Sprint created; awaiting staffing. | Planning |
| 2025-11-18 | Attempted EXPORT-CONSOLE-23-001 but blocked: no export bundle/schema or scheduler job contract for Console; requires API + signed manifest format before implementation. Marked remaining tasks BLOCKED pending lint/airgap/attest/Console contracts. | Policy Guild |
@@ -53,7 +55,9 @@ Focus: Policy & Reasoning focus on Policy (phase I).
- Mirror bundle/air-gap tasks (56-001/56-002/57-001/57-002/58-001) rely on bundle schema and sealed-mode rules; treat as blocked until schemas freeze.
- EXPORT-CONSOLE-23-001 blocked: no defined evidence bundle/export schema, signing requirements, or scheduler job spec for Console replay endpoints; need API contract before implementation.
- Remaining tasks (AOC-19-001..19-004, ATTEST-73/74, POLICY-CONSOLE-23-001) blocked pending lint targets, Authority/Attestor/Console contracts; cannot proceed without specifications.
- Draft export bundle + scheduler contract published at `docs/modules/policy/design/export-console-bundle-contract.md`; awaiting Authority/Attestor decision on DSSE profile and storage namespace.
- Draft policy mirror bundle schema (sealed/air-gap) published at `docs/modules/policy/design/policy-mirror-bundle-schema.md`; awaiting trust-root profile + retention policy confirmation.
## Next Checkpoints
- Draft export surface proposal for Console (API + scheduler wiring) — target 2025-11-20.
- Identify bundle schema dependencies for POLICY-AIRGAP-56-* — target 2025-11-21.
- Identify bundle schema dependencies for POLICY-AIRGAP-56-* — target 2025-11-21.

9
docs/implplan/SPRINT_125_policy_reasoning.md
View File

@@ -10,7 +10,7 @@ Focus: Policy & Reasoning focus on Policy (phase III).
| # | Task ID & handle | State | Key dependency / next step | Owners |
| --- | --- | --- | --- | --- |
| P1 | PREP-POLICY-ENGINE-30-001-WAITING-ON-29-004-M | TODO | Due 2025-11-22 · Accountable: Policy Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine | Waiting on 29-004 metrics/logging outputs to define overlay projection contract. <br><br> Document artefact/deliverable for POLICY-ENGINE-30-001 and publish location so downstream tasks can proceed. |
| P1 | PREP-POLICY-ENGINE-30-001-WAITING-ON-29-004-M | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Policy Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine | Waiting on 29-004 metrics/logging outputs to define overlay projection contract. <br><br> Document artefact/deliverable for POLICY-ENGINE-30-001 and publish location so downstream tasks can proceed. |
| P2 | PREP-POLICY-ENGINE-30-002-SIMULATION-BRIDGE-C | TODO | Due 2025-11-22 · Accountable: Policy Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine | Simulation bridge cannot proceed until 30-001 overlay schema lands. <br><br> Document artefact/deliverable for POLICY-ENGINE-30-002 and publish location so downstream tasks can proceed. |
| P3 | PREP-POLICY-ENGINE-30-003-CHANGE-EVENTS-DEPEN | TODO | Due 2025-11-22 · Accountable: Policy Guild, Scheduler Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild, Scheduler Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine | Change events depend on simulation bridge (30-002) outputs. <br><br> Document artefact/deliverable for POLICY-ENGINE-30-003 and publish location so downstream tasks can proceed. |
| P4 | PREP-POLICY-ENGINE-30-101-TRUST-WEIGHTING-UI- | TODO | Due 2025-11-22 · Accountable: Policy Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild / src/Policy/StellaOps.Policy.Engine | Trust weighting UI/API depends on change events + overlays (30-003). <br><br> Document artefact/deliverable for POLICY-ENGINE-30-101 and publish location so downstream tasks can proceed. |
@@ -41,8 +41,13 @@ Focus: Policy & Reasoning focus on Policy (phase III).
## Notes & Risks (2025-11-18)
- POLICY-ENGINE-29-002 contract/schema is missing; this blocks 29-003 path/scope awareness and cascades through all downstream tasks in this sprint. Unblock by publishing 29-002 artifacts (schema + sample payloads).
- PREP-POLICY-AIRGAP-56-001 mirror bundle schema draft at `docs/modules/policy/design/policy-mirror-bundle-schema.md`; DSSE/trust-root/retention decisions still pending from Platform/Authority.
- PREP-POLICY-ENGINE-30-001 overlay projection draft at `docs/modules/policy/design/policy-overlay-projection.md`; metrics/log schema awaited from 29-004.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-20 | Drafted policy overlay projection contract (docs/modules/policy/design/policy-overlay-projection.md); pinged Platform/Observability for 29-004 metrics/log schema. | Project Mgmt |
| 2025-11-20 | Pinged Cartographer/Platform for 29-004 metrics/log outputs; recorded draft in policy mirror bundle doc for dependency mapping. | Project Mgmt |
| 2025-11-20 | Verified PREP-POLICY-ENGINE-30-001 still TODO; moved to DOING to draft overlay projection contract (awaiting 29-004 metrics/logging outputs). | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |

21
docs/modules/attestor/replay-prep.md Normal file
View File

@@ -0,0 +1,21 @@
# Attestor Replay Prep — PREP-ATTEST-REPLAY-187-003 (Draft)
Status: Draft (2025-11-20)
Owners: Attestor Guild
Scope: Capture prerequisites for wiring Attestor/Rekor anchoring to replay manifests once scanner record payloads are available.
## Expected inputs
- Replay record schema v1 (from `docs/modules/evidence-locker/replay-payload-contract.md`).
- Evidence Locker bundle location/pointer for replay artefacts.
## Attestation plan
- DSSE envelope type: `stella.replay.manifest` (draft).
- Payload fields: `{record_id, bundle_sha256, policy_run_id?, timestamp}`; signer: Attestor service key; optional Rekor entry when online.
- Verification endpoint proposal: `POST /attestations/replay/verify` accepting bundle pointer + DSSE; returns chain-of-custody summary.
## Open dependencies
- Final replay record schema and bundle pointer format.
- Authority policy on signer identity and Rekor usage in air-gap.
## Handoff
Use this note to unblock PREP-ATTEST-REPLAY-187-003; update when scanner payloads and Authority decisions land.

30
docs/modules/cli/guides/replay-cli-prep.md Normal file
View File

@@ -0,0 +1,30 @@
# CLI Replay Prep — PREP-CLI-REPLAY-187-002 (Draft)
Status: Draft (2025-11-20)
Owners: DevEx/CLI Guild
Scope: Define inputs/outputs and offline behaviour needed for CLI replay commands (`scan --record`, `verify`, `replay`, `diff`).
## Command surface (proposed)
- `stella scan --record <image>` → emits replay record NDJSON to stdout or `--out bundle.ndjson`.
- `stella replay --bundle <bundle.ndjson>` → re-run verification offline; accepts `--policy-bundle` to pin policy version.
- `stella diff --bundle <a> --bundle <b>` → compare findings/signals with deterministic ordering; output NDJSON.
- `stella verify --bundle <bundle.ndjson>` → signature/hash verification of replay bundle.
## Inputs
- Replay record schema v1 from Evidence Locker (see `docs/modules/evidence-locker/replay-payload-contract.md`).
- Policy export bundle contract (see `docs/modules/policy/design/export-console-bundle-contract.md`) for policy pinning.
## Outputs
- Deterministic NDJSON; file names content-addressed (`sha256` of payload).
- Exit codes: 0 success, 2 validation error, 3 signature mismatch.
## Offline/air-gap considerations
- No network fetch; all references resolve to local bundle paths.
- Trust roots loaded from CLI config or `--trust-root` file; DSSE verification optional flag `--no-verify` default false.
## Open decisions
- Exact flag names for trust root and policy bundle; align with CLI UX guidelines.
- Where to persist cache/metadata (if any) in offline mode.
## Handoff
Treat this as the prep artefact for PREP-CLI-REPLAY-187-002. Update once replay record schema is finalized.

57
docs/modules/concelier/operations/console-lnm-consumption.md Normal file
View File

@@ -0,0 +1,57 @@
# Console Consumption of LNM Linksets (Sprint 110)
Goal: unblock CONCELIER-CONSOLE-23-001..003 by defining how Console reads Link-Not-Merge (LNM) data now that the schema is frozen (2025-11-17) and cache plan exists.
## Data sources
- Primary collection: `advisory_linksets` (see `docs/modules/concelier/link-not-merge-schema.md`).
- Cache: `advisory_linkset_cache` (see `docs/modules/concelier/operations/lnm-cache-plan.md`). Console should read from cache when present; fall back to live rebuild otherwise.
## API shape (WebService)
- Endpoint to expose via Console: `GET /v1/lnm/linksets/{advisoryId}`
- Query: `source` (required), `tenant`, optional `includeConflicts=true|false` (default true).
- Response JSON (deterministic key order):
```json
{
"advisoryId": "GHSA-123",
"source": "ghsa",
"observations": ["<mongoId>", "<mongoId2>"],
"normalized": {
"purls": ["pkg:npm/foo@1.0.0"],
"versions": ["1.0.0"],
"ranges": [],
"severities": [{"system":"cvssv3","score":7.5}]
},
"conflicts": [
{"field":"severities","reason":"disagreement","values":["7.5","9.8"]}
],
"provenance": {
"observationHashes": ["..."],
"toolVersion": "lnm-1.0"
},
"createdAt": "2025-11-20T00:00:00Z"
}
```
- Sorting: observations sorted by `source, advisoryId, fetchedAt` before hashing; response preserves that order.
- Caching: when cache hit, return cached document; when miss, rebuild, write cache, then return.
## Console rendering contract
- Fields to surface:
- `normalized.purls` (list) and `normalized.versions`
- `conflicts` if non-empty: show field + reason text; keep order as returned.
- `provenance.observationHashes` as “evidence anchors” (list); do not prettify.
- Tenant header required; no cross-tenant leakage. Scope `concelier:lnm.read`.
## Error handling
- 404 when linkset missing for advisory/source.
- 409 when tenant header missing/invalid.
- Deterministic error body: `{ "error": "<code>", "message": "..." }`.
## Telemetry (reuse existing meters)
- Increment `lnm.cache.hit_total` / `lnm.cache.write_total` as defined in cache plan.
- Log template on returns: `lnm_console_success tenant={Tenant} advisoryId={AdvisoryId} source={Source} cached={Cached}`.
## Owners
- Concelier Console Guild (primary)
- Concelier Core Guild (review)
This document is authoritative for CONCELIER-CONSOLE-23-001..003 in Sprint 110.

33
docs/modules/concelier/operations/lnm-cache-plan.md Normal file
View File

@@ -0,0 +1,33 @@
# Concelier LNM Cache Plan (Sprint 110)
Purpose: finalize structured caching fields now that Link-Not-Merge (LNM) schema is frozen (2025-11-17) and Evidence Locker contract is published.
## Cache payload shape
- Source: `advisory_linksets` collection (see `docs/modules/concelier/link-not-merge-schema.md`).
- Cache entry key: `{tenant}:{advisoryId}:{source}`.
- Cached fields (deterministic order):
- `observations` (ObjectId list, already sorted by source, advisoryId, fetchedAt)
- `normalized.purls`, `normalized.versions`, `normalized.ranges`, `normalized.severities`
- `conflicts` array (field, reason, values)
- `provenance.observationHashes`
- `builtByJobId`, `createdAt`
- Exclude mutable/derived fields; cache is rebuilt on ingestion replay, not updated in place.
## Storage & eviction
- Collection: `advisory_linkset_cache` (per-tenant index `{tenantId:1, advisoryId:1, source:1}` unique).
- Eviction: TTL on `createdAt` disabled by default; cache is replaced when a newer `provenance.observationHashes` differs.
- Determinism: cache documents written via canonical JSON writer (sorted keys); timestamps UTC.
## API exposure
- WebService: surface cached linksets via existing `/v1/lnm/linksets/{advisoryId}?source=...` (read-through); if cache miss, rebuild synchronously and store.
- Console: may rely on this cache for Advisory AI surfaces; no new payload fields required.
## Telemetry
- Meter `StellaOps.Concelier.Linksets` (existing) to add counters: `lnm.cache.write_total{result}`, `lnm.cache.hit_total{source}`; histogram `lnm.cache.rebuild_ms` for synchronous rebuilds. (To be wired in subsequent sprint.)
## Alignment
- Schema source of truth: `docs/modules/concelier/link-not-merge-schema.md` (frozen v1).
- Evidence Locker contract: `docs/modules/evidence-locker/attestation-contract.md` informs provenance fields; no shape changes required.
## Ownership
- Concelier Core + WebService guilds.

20
docs/modules/concelier/prep/2025-11-20-airgap-56-001-58-001-prep.md Normal file
View File

@@ -0,0 +1,20 @@
# Concelier AirGap Prep — PREP-CONCELIER-AIRGAP-56-001..58-001
Status: Draft (2025-11-20)
Owners: Concelier Core · AirGap Guilds
Scope: Capture mirror bundle/staleness requirements for Concelier ingestion under sealed mode.
## Dependencies
- Mirror thin bundle milestones (bundle_id, provenance, staleness_budget) from Mirror sprint 56-001.
- AirGap controller staleness/time anchor fields.
## Needed contract
- Ingestion must accept `bundle_id`, `provenance`, `staleness_seconds_remaining` on advisory/linkset endpoints.
- Reject non-mirror sources when sealed; surface `AIRGAP_EGRESS_BLOCKED` per Concelier AirGap response contract.
## Open decisions
- Exact header names for bundle/staleness metadata.
- Whether to cache bundle provenance per tenant.
## Handoff
Use as PREP artefact for 56-001..58-001 chain; update when mirror bundle schema and controller staleness fields are finalized.

16
docs/modules/concelier/prep/2025-11-20-attest-73-001-prep.md Normal file
View File

@@ -0,0 +1,16 @@
# Concelier Attestation Prep — PREP-CONCELIER-ATTEST-73-001/002
Status: Draft (2025-11-20)
Owners: Concelier Core · Evidence Locker Guild
Scope: Define attestation scope/signoff pending for Evidence Locker integration.
## Needs
- Evidence Locker attestation scope and DSSE profile.
- Endpoint contract for attestation verification of Concelier exports.
## Open decisions
- Signer identity and Rekor usage in sealed mode.
- What evidence hashes to include (bundle_id, merkle_root).
## Handoff
Use as PREP artefact; update once EvidenceLocker publishes scope and profile.

16
docs/modules/concelier/prep/2025-11-20-console-23-001-prep.md Normal file
View File

@@ -0,0 +1,16 @@
# Concelier Console Schema Prep — PREP-CONCELIER-CONSOLE-23-001..003
Status: Draft (2025-11-20)
Owners: Concelier Console Guild
Scope: Provide schema samples for Console evidence bundles and identifiers.
## Needed artefacts
- Sample schema for console evidence bundle IDs and fields (linkset refs, advisory ids, staleness metadata).
- Example payloads for CONCELIER-CONSOLE-23-001..003.
## Open decisions
- ID format for console evidence bundle (ulid vs hash).
- Required fields for linkage to LNM outputs.
## Handoff
Use as PREP artefact; fill once LNM schema freeze and console bundle id rules are provided.

12
docs/modules/concelier/prep/2025-11-20-feeds-icscisa-kisa-prep.md Normal file
View File

@@ -0,0 +1,12 @@
# Feed Remediation Prep — PREP-FEEDCONN-ICSCISA-02-012 / KISA-02-008
Status: Draft (2025-11-20)
Owners: Concelier Feed Owners
Scope: Capture remediation plan for problematic feeds.
## Items to collect
- Current ingestion endpoints and auth for ICSCISA-02-012, KISA-02-008.
- Known issues and required remediation steps (validation fixes, throttling, schema tweaks).
## Handoff
Use as PREP artefact; fill with concrete remediation steps once feed owners provide details.

42
docs/modules/concelier/prep/2025-11-20-platform-events-and-lnm-21-002.md Normal file
View File

@@ -0,0 +1,42 @@
# Concelier PREP Notes — 2025-11-20
Owner: Concelier Core Guild · Scheduler Guild · Data Science Guild
Scope: Provide traceable prep outputs for PREP-CONCELIER-GRAPH-21-002-PLATFORM-EVENTS-S and PREP-CONCELIER-LNM-21-002-WAITING-ON-FINALIZE so downstream tasks can proceed without blocking on missing contracts.
## 1) `sbom.observation.updated` platform event (Graph-21-002)
- Goal: publish deterministic, facts-only observation updates for graph overlays; no derived judgments.
- Proposed envelope (draft for Scheduler/Platform Events review):
- `event_type`: `sbom.observation.updated`
- `tenant_id` (string, required)
- `advisory_ids` (array of strings; upstream IDs as-ingested)
- `observation_ids` (array of stable per-observation IDs emitted by LNM storage)
- `source` (string; advisory source slug)
- `version_range` (string; original upstream semantics)
- `occurred_at` (ISO-8601 UTC, produced by Concelier at write time; deterministic)
- `trace` (object; optional provenance pointers, DSSE envelope digest with alg/id fields)
- Delivery and wiring expectations:
- Publisher lives in `StellaOps.Concelier.Core` after linkset/observation persistence.
- Scheduler binding: NATS/Redis topic `concelier.sbom.observation.updated`; ack + idempotent replay friendly; max delivery once semantics via message ID = `<tenant>:<observation_id>::<digest>`.
- Telemetry: counter `concelier_events_observation_updated_total{tenant,source,result}`; log template includes `tenant`, `advisory_id`, `observation_id`, `event_id`.
- Offline posture: allow emitting into local bus, enqueue to file-backed spool when offline; retry with deterministic ordering by `(tenant, observation_id)`.
- Open questions to resolve in impl task:
- Final topic naming and DSSE requirement (optional vs required per deployment).
- Whether to include component alias list in the event payload or expect consumers to join via API.
## 2) LNM fixtures + precedence markers (LNM-21-002)
- Goal: unblock correlation pipelines and downstream linkset tasks by defining required fixture shape and precedence rules.
- Fixture requirements (additive to frozen LNM v1 schema):
- Provide at least three sources with conflicting severity/CVSS to exercise conflict markers.
- Include overlapping version ranges to validate precedence tie-breakers.
- Each fixture must include `provenance` (source, fetch_time, collector) and `confidence` hints.
- Precedence rule proposal for review:
1. Prefer explicit source ranking table (to be agreed) over recency.
2. If ranking ties, prefer narrower version ranges, then higher confidence, then stable lexical order of `(source, advisory_id)`.
3. Never collapse conflicting fields; emit `conflicts[]` entries with reason codes `severity-disagree`, `cvss-disagree`, `reference-disagree`.
- Delivery path for fixtures once agreed: `src/Concelier/seed-data/lnm/v1/fixtures/*.json` with deterministic ordering; wire into `StellaOps.Concelier.Core.Tests` harness.
- Next actions captured for implementation task:
- Confirm ranking table and conflict reason code list with Cartographer/Data Science.
- Drop initial fixtures into the above path and reference them from the implementation tasks tests.
## Handoff
- This document is the published prep artefact requested by PREP-CONCELIER-GRAPH-21-002-PLATFORM-EVENTS-S and PREP-CONCELIER-LNM-21-002-WAITING-ON-FINALIZE. Downstream tasks should cite this file until the final schemas/fixtures are merged.

44
docs/modules/concelier/prep/2025-11-20-web-airgap-57-001-prep.md Normal file
View File

@@ -0,0 +1,44 @@
# Concelier Web AirGap Prep — PREP-CONCELIER-WEB-AIRGAP-57-001
Status: Draft (2025-11-20)
Owners: Concelier WebService Guild · AirGap Policy Guild
Scope: Define remediation payloads and staleness plumbing for sealed-mode violations, dependent on WEB-AIRGAP-56-002.
## Dependencies
- WEB-AIRGAP-56-001: mirror bundle registration + sealed-mode enforcement.
- WEB-AIRGAP-56-002: staleness + bundle provenance metadata surfaces.
- AirGap controller scopes (seal/unseal) and time anchor semantics from AirGap Controller/Time guilds.
## Proposed payload mapping (EGRESS blocked)
- Error code: `AIRGAP_EGRESS_BLOCKED`.
- Shape:
```json
{
"error": "AIRGAP_EGRESS_BLOCKED",
"message": "Direct internet fetches disabled in sealed mode; use mirror bundle sources only.",
"bundle_required": true,
"staleness_seconds": 0,
"remediation": [
"Import mirror bundle via /airgap/import or offline kit",
"Ensure sealed mode is set with valid time anchor",
"Retry with cached/mirrored sources enabled"
]
}
```
- Determinism: fixed ordering of fields, remediation list sorted.
## Staleness surfacing
- Staleness derived from bundle metadata supplied by 56-002 (`bundle_id`, `provenance`, `staleness_budget_seconds`).
- Responses include `staleness_seconds_remaining` and `bundle_id` when available.
## Observability
- Emit timeline event `concelier.airgap.egress_blocked` with `{tenant_id, bundle_id?, endpoint, request_id}`.
- Metric: `concelier_airgap_egress_blocked_total` (counter) tagged by endpoint.
## Open decisions
- Final error envelope format (depends on WEB-OAS-61-002 standard envelope).
- Exact header name for staleness metadata (suggest `x-concelier-bundle-staleness`).
- Whether to include advisory key/linkset ids in the blocked response.
## Handoff
Use this as the PREP artefact for WEB-AIRGAP-57-001. Update once 56-002 and error envelope standard are finalized.

43
docs/modules/evidence-locker/attestation-contract.md Normal file
View File

@@ -0,0 +1,43 @@
# Evidence Locker Attestation Contract (v1 · frozen 2025-11-20)
Scope: Evidence Bundle v1 produced by Evidence Locker and consumed by Concelier, Excititor, Export Center, CLI, and Policy Engine.
## Predicates & subjects
- **Subject**: OCI manifest digest (`sha256:<digest>`) of the bundle, plus optional replay pack digest.
- **Predicates (DSSE/In-Toto)**
- `stellaops.evidence.bundle.v1`: declares bundle layout (manifests, CAS paths, replay log offsets).
- `stellaops.evidence.transparency.v1`: optional Rekor log inclusion proof (UUID, log index, root hash at inclusion).
- `stellaops.evidence.integrity.v1`: hashes for each payload (SBOMs, VEX, policy packs, telemetry snapshots), keyed by logical path.
## Required claim set
- `bundle_id` (UUID v4)
- `produced_at` (UTC ISO-8601)
- `producer` (`evidence-locker:<region>`)
- `subject_digest` (OCI digest string)
- `hashes` (map: logical path → sha256)
- `sbom` (array of SPDX/CycloneDX digests and mediaTypes)
- `vex` (array of VEX doc digests and schema versions)
- `replay_manifest` (optional; digest + sequence number)
- `transparency` (optional; Rekor UUID, logIndex, rootHash)
- `signing_profile` (`sovereign-default` | `fips` | `gost` | `pq-experimental`)
## Bundling & signing rules
- DSSE envelope using the modules configured crypto provider; keys must be short-lived (<24h) and recorded in provider registry.
- Hash list and subject digest MUST match the on-disk CAS objects; deterministic sort by logical path.
- Rekor entry is optional; when absent, set `transparency=null` and add `transparency_reason="offline"` to provenance note.
## Verification plan
- Verify DSSE signature against provider registry (per profile) and check key expiry.
- Recompute sha256 for every CAS object; fail if any mismatch.
- If `transparency` present, verify inclusion proof against bundled Rekor root; fail closed on mismatch.
- Emit verification report JSON and store beside bundle as `verify.json` (deterministic key order).
## Fixtures
- Sample bundle + report: `docs/samples/evidence-locker/bundle-v1-sample.tar.gz` (sha256 TBD at publish time).
- Sample attestation envelope: `docs/samples/evidence-locker/attestation-v1-sample.json`.
## Ownership
- Primary: Evidence Locker Guild.
- Reviewers: Concelier Core Guild, Excititor Guild, Export Center Guild, Policy Guild.
This contract is authoritative for Sprint 110 and blocks CONCELIER-ATTEST-73-001/002 and EXCITITOR-ATTEST-01-003/73-001/73-002.

21
docs/modules/evidence-locker/crypto-provider-registry-prep.md Normal file
View File

@@ -0,0 +1,21 @@
# ICryptoProviderRegistry Prep — PREP-EVID-CRYPTO-90-001 (Draft)
Status: Draft (2025-11-20)
Owners: Evidence Locker Guild · Security Guild
Scope: Capture requirements for crypto provider registry readiness to support sovereign/region-specific profiles.
## Required capabilities
- Registry interface to resolve crypto providers by profile ID (e.g., `default`, `ru-offline`, `fips140`, `eidass`).
- Provider metadata: `{algorithms[], key_formats[], offline_supported, hsm_supported, oq_ready}`.
- Deterministic selection rules: prefer tenant-scoped overrides, fall back to platform defaults; no network fetch.
## Integration points
- Evidence Locker signing pipeline to request provider by profile when sealing bundles.
- Replay validation to know which algorithms/hashes are acceptable for DSSE verification.
## Dependencies
- Final list of sovereign profiles from Security Guild.
- Key storage/backing (KMS/HSM) availability per profile.
## Handoff
Use this as the prep artefact for PREP-EVID-CRYPTO-90-001; update once profile list and key storage rules are confirmed.

42
docs/modules/evidence-locker/replay-payload-contract.md Normal file
View File

@@ -0,0 +1,42 @@
# Replay Payload Contract (Draft) — PREP-EVID-REPLAY-187-001
Status: Draft (2025-11-20)
Owners: Evidence Locker Guild · Scanner Guild · CLI Guild
Scope: Capture expected scanner record payloads needed by Evidence Locker replay APIs.
## 1) Payload envelope
- Content type: `application/vnd.stella.replay.record+json;version=1`.
- Fields:
- `record_id` (ULID, assigned by Scanner).
- `tenant_id` (string).
- `source` (enum): `scanner`, `attestor`, `cli`.
- `digest` (hex): SHA-256 of canonical payload bytes.
- `created_at` (RFC3339 UTC).
- `schema_version`: `replay.record.v1`.
## 2) Scanner record body (expected from Sprint 0186)
- `image_digest` (string, required).
- `sbom_digest` (string, optional) with SBOM pointer.
- `observations` (array) of `{type, component_purl?, location, evidence, confidence}`.
- `signals` (array) for runtime/static signals with `{name, value, units?, confidence}`.
- `attestations` (array) of DSSE statement references `{type, uri, sha256}`.
- `provenance` (object): `{scanner_version, policy_profile, worker_id}`.
## 3) Evidence Locker ingestion contract
- API: `POST /replay/records` (internal) accepting NDJSON stream (`record_envelope + body`).
- Validation:
- hash must match `digest` supplied; timestamps UTC.
- tenant_id must match auth principal or delegated token.
- schema_version must equal `replay.record.v1` until upgraded.
- Storage layout proposal: bucket prefix `replay/records/{tenant_id}/{record_id}.ndjson`, immutable; metadata indexed in Mongo with `{record_id, image_digest, created_at}`.
## 4) Open dependencies
- Scanner team to freeze exact `observations` and `signals` schema in Sprint 0186.
- Need DSSE profile for `attestations` (Authority/Attestor alignment).
- CLI replay commands depend on finalized pointer format to retrieve records.
## 5) Next actions
- Once Sprint 0186 publishes sample payloads, update this doc with enumerated observation/signal types and add JSON schema file under `docs/modules/evidence-locker/schemas/replay-record-v1.json`.
## 6) Handoff
Reference this document from sprint trackers for PREP-EVID-REPLAY-187-001 and related CLI/Attestor PREP tasks. Update when upstream payloads are available.

23
docs/modules/evidence-locker/validate-bundle-prep.md Normal file
View File

@@ -0,0 +1,23 @@
# Validate Bundle Prep — PREP-VALIDATE-BUNDLE-187-005 (Draft)
Status: Draft (2025-11-20)
Owners: QA Guild · CLI Guild · Docs Guild
Scope: Define validation steps for replay bundles once schemas freeze.
## Validation checklist (proposed)
- Verify archive hash vs manifest `bundle.manifest.json` (`sha256`).
- Verify DSSE signature (if present) against trusted keys.
- Recompute Merkle root of bundle file tree; compare to manifest.
- Schema validation: replay records conform to `replay.record.v1`; policy export bundle conforms to `policy.export.console.v1` when included.
- Determinism: run `stella replay` twice on same bundle and assert identical outputs (hash comparison).
## Fixtures/tests
- Place golden bundles under `tests/EvidenceLocker/Fixtures/replay/` with expected hashes and DSSE signatures.
- CLI validation test: `stella verify --bundle <fixture>` returns exit code 0 and prints `verified: true`.
## Open dependencies
- Final schemas from Evidence Locker and Policy export contracts.
- Trust root list for DSSE verification (Authority decision).
## Handoff
Use this prep doc for PREP-VALIDATE-BUNDLE-187-005; expand with concrete fixtures once schemas are frozen.

4
docs/modules/excititor/architecture.md
View File

@@ -608,12 +608,14 @@ excititor:
### 9.1 WebService endpoints
With storage configured, the WebService exposes the following ingress and diagnostic APIs:
With storage configured, the WebService exposes the following ingress and diagnostic APIs (deterministic ordering, offline-friendly):
* `GET /excititor/status` returns the active storage configuration and registered artifact stores.
* `GET /excititor/health` simple liveness probe.
* `POST /excititor/statements` accepts normalized VEX statements and persists them via `IVexClaimStore`; use this for migrations/backfills.
* `GET /excititor/statements/{vulnId}/{productKey}?since=` returns the immutable statement log for a vulnerability/product pair.
* `POST /vex/evidence/chunks` submits aggregation-only chunks (OpenAPI: `schemas/vex-chunk-api.yaml`); responds with deterministic `chunk_digest` and queue id. Telemetry published under meter `StellaOps.Excititor.Chunks` (see Operations).
* `POST /v1/attestations/verify` verifies Evidence Locker attestations for exports/chunks using `IVexAttestationVerifier`; returns `{ valid, diagnostics }` (deterministic key order). Aligns with Evidence Locker contract v1.
* `POST /excititor/resolve` requires `vex.read` scope; accepts up to 256 `(vulnId, productKey)` pairs via `productKeys` or `purls` and returns deterministic consensus results, decision telemetry, and a signed envelope (`artifact` digest, optional signer signature, optional attestation metadata + DSSE envelope). Returns **409 Conflict** when the requested `policyRevisionId` mismatches the active snapshot.
Run the ingestion endpoint once after applying migration `20251019-consensus-signals-statements` to repopulate historical statements with the new severity/KEV/EPSS signal fields.

43
docs/modules/excititor/attestation-plan.md Normal file
View File

@@ -0,0 +1,43 @@
# Excititor Attestation Plan (Sprint 110)
## Goals
- Align Excititor chunk API and attestation envelopes with Evidence Locker contract.
- Provide offline-ready chunk submission/attestation flow for VEX evidence.
## Chunk API shape (`/vex/evidence/chunks`)
- POST body (NDJSON, deterministic order by `chunk_id`):
```json
{
"chunk_id": "uuid",
"tenant": "acme",
"source": "ghsa",
"schema": "stellaops.vex.chunk.v1",
"items": [ {"advisory_id":"GHSA-123","status":"affected","purl":"pkg:npm/foo@1.0.0"} ],
"provenance": {"fetched_at":"2025-11-20T00:00:00Z","artifact_sha":"abc"}
}
```
- At submission, Excititor returns `chunk_digest` (sha256 of canonical JSON) and queue id.
## Attestation envelope
- Subject: `chunk_digest` from above.
- Predicates attached:
- `stellaops.vex.chunk.meta.v1` (tenant, source, schema version, item count).
- `stellaops.vex.chunk.integrity.v1` (sha256 per item block, canonical order).
- Optional `stellaops.transparency.v1` (Rekor UUID/logIndex) when online.
- Envelope format: DSSE using Evidence Locker provider registry; signing profile mirrors Evidence Locker bundle profile for tenant.
## DSSE bundling rules
- Deterministic JSON (sorted keys) before hashing.
- Canonical NDJSON for chunk payload; no gzip inside envelope.
- Attach verification report alongside attestation as `chunk-verify.json` (hashes + signature check results).
## Sample payloads
- `docs/samples/excititor/chunk-sample.ndjson`
- `docs/samples/excititor/chunk-attestation-sample.json`
## Integration points
- Evidence Locker contract v1 (see `docs/modules/evidence-locker/attestation-contract.md`).
- Concelier LNM schemas (observations remain aggregation-only; attestation is evidence, not merge).
## Ownership
- Excititor Guild (primary); Evidence Locker Guild reviewer.

36
docs/modules/excititor/connectors/connector-signer-metadata.md Normal file
View File

@@ -0,0 +1,36 @@
# Connector signer metadata (v1.0.0)
**Scope.** Defines the canonical, offline-friendly metadata for Excititor connectors that validate signed feeds (MSRC CSAF, Oracle OVAL, Ubuntu OVAL, StellaOps mirror OpenVEX). The file is consumed by WebService/Worker composition roots and by Offline Kits to pin trust material deterministically.
**Location & format.**
- Schema: `docs/modules/excititor/schemas/connector-signer-metadata.schema.json` (JSON Schema 202012).
- Sample: `docs/samples/excititor/connector-signer-metadata-sample.json` (aligns with schema).
- Expected production artifact: NDJSON or JSON stamped per release; store in offline kits alongside connector bundles.
## Required fields (summary)
- `schemaVersion` — must be `1.0.0`.
- `generatedAt` — ISO-8601 UTC timestamp for the metadata file.
- `connectors[]` — one entry per connector:
- `connectorId` — stable slug, e.g., `excititor-msrc-csaf`.
- `provider { name, slug }` — human label and slug.
- `issuerTier``tier-0`, `tier-1`, `tier-2`, or `untrusted` (aligns with trust weighting).
- `signers[]` — one per signing path; each has `usage` (`csaf|oval|openvex|bulk-meta|attestation`) and `fingerprints[]` (algorithm + format + value). Optional `keyLocator` and `certificateChain` for offline key retrieval.
- `bundle` — reference to the sealed bundle containing the feed/signing material (`kind`: `oci-referrer|oci-tag|file|tuf`, plus `uri`, optional `digest`, `publishedAt`).
- Optional `validFrom`, `validTo`, `revoked`, `notes` for rollover and incident handling.
## Rollover / migration guidance
1) **Author the metadata** using the schema and place the JSON next to connector bundles in the offline kit (`out/connectors/<provider>/signer-metadata.json`).
2) **Validate** with `dotnet tool run njsonschema validate connector-signer-metadata.schema.json connector-signer-metadata.json` (or `ajv validate`).
3) **Wire connector code** to load the file on startup (Worker + WebService) and pin signers per `connectorId`; reject feeds whose fingerprints are absent or marked `revoked=true` or out of `validFrom/To` range.
- Connectors look for `STELLAOPS_CONNECTOR_SIGNER_METADATA_PATH` (absolute/relative) and enrich provenance metadata automatically when present.
4) **Rollover keys** by appending a new `signers` entry and setting a future `validFrom`; keep the previous signer until all mirrors have caught up. Use `issuerTier` downgrades to quarantine while keeping history.
5) **Mirror references**: store the referenced bundles/keys under OCI tags or TUF targets already shipped in the offline kit so no live network is required.
6) **Record decisions** in sprint Decisions & Risks when changing trust tiers or fingerpints; update this doc if formats change.
## Sample entries (non-production)
See `docs/samples/excititor/connector-signer-metadata-sample.json` for MSRC, Oracle, Ubuntu, and StellaOps example entries. These fingerprints are illustrative only; replace with real values before shipping.
## Consumer expectations
- Deterministic: sort connectors alphabetically before persistence; avoid clock-based defaults.
- Offline-first: all `keyLocator`/`bundle.uri` values must resolve inside the air-gap kit (OCI/TUF/file).
- Observability: emit a structured warning when metadata is missing or stale (>7 days) and fail closed for missing signers.

24
docs/modules/excititor/operations/chunk-api-user-guide.md Normal file
View File

@@ -0,0 +1,24 @@
# Using the Chunk API
Endpoint: `POST /vex/evidence/chunks`
- Content-Type: `application/x-ndjson`
- See schema: `docs/modules/excititor/schemas/vex-chunk-api.yaml`
Response: `202 Accepted`
```json
{ "chunk_digest": "sha256:…", "queue_id": "uuid" }
```
Operational notes
- Deterministic hashing: server recomputes `chunk_digest` from canonical JSON; mismatches return 400.
- Limits: default 500 items, max 2000 (aligned with Program.cs guard).
- Telemetry: metrics under `StellaOps.Excititor.Chunks` (see chunk-telemetry.md).
- Headers: correlation/trace headers echoed (`X-Stella-TraceId`, `X-Stella-CorrelationId`).
Example curl
```bash
curl -X POST https://excitor.local/vex/evidence/chunks \
-H "Authorization: Bearer <token>" \
-H "Content-Type: application/x-ndjson" \
--data-binary @docs/samples/excititor/chunk-sample.ndjson
```

26
docs/modules/excititor/operations/chunk-telemetry.md Normal file
View File

@@ -0,0 +1,26 @@
# Excititor Chunk Telemetry (Sprint 110)
## Metrics (Meter: `StellaOps.Excititor.Chunks`)
- `vex_chunks_ingested_total` (counter) — tags: `tenant`, `source`, `status` (`accepted|rejected`), `reason` (nullable for accepted). Increments per chunk submitted.
- `vex_chunks_item_count` (histogram, unit=items) — records item count per chunk.
- `vex_chunks_payload_bytes` (histogram, unit=bytes) — measured from NDJSON payload length.
- `vex_chunks_latency_ms` (histogram) — end-to-end ingestion latency per request.
## Logs
- `vex.chunk.ingest.accepted` — includes `chunk_id`, `tenant`, `source`, `item_count`, `chunk_digest`.
- `vex.chunk.ingest.rejected` — includes `chunk_id`, `tenant`, `source`, `reason`, validation errors (summarized).
## Wiring steps
1. Register `ChunkTelemetry` as singleton with shared `Meter` instance.
2. In `/vex/evidence/chunks` handler, compute `chunk_digest` deterministically from canonical JSON and emit counters/histograms via `ChunkTelemetry`.
3. Log using structured templates above; avoid request bodies in logs.
4. Expose metrics via default ASP.NET metrics export (Prometheus/OpenTelemetry) already configured in WebService.
## Determinism & offline posture
- Do not include host-specific paths or timestamps in metric dimensions.
- Histogram buckets: use standard OTEL defaults; no runtime-generated buckets.
- Keep meter name stable; adding new instruments requires version note in sprint Decisions & Risks.
## Ownership
- Implementer: Excititor Observability Guild
- Reviewers: Evidence Locker Guild (for parity with attestation metrics)

125
docs/modules/excititor/schemas/connector-signer-metadata.schema.json Normal file
View File

@@ -0,0 +1,125 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://stellaops.dev/schemas/excititor/connector-signer-metadata.schema.json",
"title": "Excititor Connector Signer Metadata",
"type": "object",
"additionalProperties": false,
"required": ["schemaVersion", "generatedAt", "connectors"],
"properties": {
"schemaVersion": {
"type": "string",
"pattern": "^1\\.0\\.0$"
},
"generatedAt": {
"type": "string",
"format": "date-time"
},
"connectors": {
"type": "array",
"minItems": 1,
"items": {
"$ref": "#/$defs/connector"
}
}
},
"$defs": {
"connector": {
"type": "object",
"additionalProperties": false,
"required": [
"connectorId",
"provider",
"issuerTier",
"signers"
],
"properties": {
"connectorId": {
"type": "string",
"pattern": "^[a-z0-9:-\\.]+$"
},
"provider": {
"type": "object",
"additionalProperties": false,
"required": ["name", "slug"],
"properties": {
"name": { "type": "string", "minLength": 3 },
"slug": { "type": "string", "pattern": "^[a-z0-9-]+$" }
}
},
"issuerTier": {
"type": "string",
"enum": ["tier-0", "tier-1", "tier-2", "untrusted"]
},
"signers": {
"type": "array",
"minItems": 1,
"items": { "$ref": "#/$defs/signer" }
},
"bundle": { "$ref": "#/$defs/bundleRef" },
"validFrom": { "type": "string", "format": "date" },
"validTo": { "type": "string", "format": "date" },
"revoked": { "type": "boolean", "default": false },
"notes": { "type": "string", "maxLength": 2000 }
}
},
"signer": {
"type": "object",
"additionalProperties": false,
"required": ["usage", "fingerprints"],
"properties": {
"usage": {
"type": "string",
"enum": ["csaf", "oval", "openvex", "bulk-meta", "attestation"]
},
"fingerprints": {
"type": "array",
"minItems": 1,
"items": { "$ref": "#/$defs/fingerprint" }
},
"keyLocator": {
"type": "string",
"description": "Path or URL (mirror/OCI/TUF) where the signing key or certificate chain can be retrieved in offline kits."
},
"certificateChain": {
"type": "array",
"items": { "type": "string" },
"description": "Optional PEM-encoded certificates for x509/cosign keys."
}
}
},
"fingerprint": {
"type": "object",
"additionalProperties": false,
"required": ["alg", "value"],
"properties": {
"alg": {
"type": "string",
"enum": ["sha256", "sha512", "sha1"]
},
"format": {
"type": "string",
"enum": ["pgp", "x509-spki", "x509-ski", "cosign", "pem"]
},
"value": {
"type": "string",
"minLength": 16,
"maxLength": 128
}
}
},
"bundleRef": {
"type": "object",
"additionalProperties": false,
"required": ["kind", "uri"],
"properties": {
"kind": {
"type": "string",
"enum": ["oci-referrer", "oci-tag", "file", "tuf"]
},
"uri": { "type": "string", "minLength": 8 },
"digest": { "type": "string", "minLength": 32 },
"publishedAt": { "type": "string", "format": "date-time" }
}
}
}
}

82
docs/modules/excititor/schemas/vex-chunk-api.yaml Normal file
View File

@@ -0,0 +1,82 @@
openapi: 3.1.0
info:
title: StellaOps Excititor Chunk API
version: "0.1.0"
description: |
Frozen for Sprint 110 (EXCITITOR-AIAI-31-002). Aligns with Evidence Locker attestation contract v1.
servers:
- url: https://excitor.local
paths:
/vex/evidence/chunks:
post:
summary: Submit VEX evidence chunk (aggregation-only)
requestBody:
required: true
content:
application/x-ndjson:
schema:
$ref: '#/components/schemas/VexChunk'
responses:
'202':
description: Accepted for processing
content:
application/json:
schema:
type: object
required: [chunk_digest, queue_id]
properties:
chunk_digest:
type: string
description: sha256 of canonical chunk JSON
queue_id:
type: string
description: Background job identifier
'400':
description: Validation error
components:
schemas:
VexChunk:
type: object
required: [chunk_id, tenant, source, schema, items, provenance]
properties:
chunk_id:
type: string
format: uuid
tenant:
type: string
source:
type: string
description: feed id (e.g., ghsa, nvd)
schema:
type: string
enum: [stellaops.vex.chunk.v1]
items:
type: array
items:
type: object
required: [advisory_id, status, purl]
properties:
advisory_id:
type: string
status:
type: string
enum: [affected, unaffected, under_investigation, fixed, unknown]
purl:
type: string
justification:
type: string
last_observed:
type: string
format: date-time
provenance:
type: object
required: [fetched_at, artifact_sha]
properties:
fetched_at:
type: string
format: date-time
artifact_sha:
type: string
signature:
type: object
nullable: true

17
docs/modules/export-center/prep/2025-11-20-crypto-90-001-prep.md Normal file
View File

@@ -0,0 +1,17 @@
# Export Crypto Prep — PREP-EXPORT-CRYPTO-90-001
Status: Draft (2025-11-20)
Owners: Exporter Service · Security Guild
Scope: Capture crypto requirements pending Nov-18 review and reference implementation.
## Needs
- Mapping of signing/encryption algorithms per export profile.
- Integration with `ICryptoProviderRegistry` (same as Evidence Locker) for provider selection.
- Hashing defaults (sha256) and optional sha512/sha3 for high-assurance paths.
## Open decisions
- Final provider list and key storage (KMS/HSM) per profile.
- Whether to sign both manifest and per-artifact hashes.
## Handoff
Use as prep artefact for EXPORT-CRYPTO-90-001; fill once Security delivers profile list and reference implementation.

15
docs/modules/export-center/prep/2025-11-20-exporter-evid-blocker.md Normal file
View File

@@ -0,0 +1,15 @@
# Exporter Service Blocker — PREP-EXPORTER-SERVICE-BLOCKED-WAITING-ON-EVID
Status: Draft (2025-11-20)
Owners: Planning
Scope: Document EvidenceLocker dependency blocking exporter service.
## Blocker
- EvidenceLocker spec not published; need replay/export bundle schemas and ICryptoProviderRegistry availability.
## What we need
- Bundle schema pointers (from EvidenceLocker) and retention rules.
- Sample payloads to mirror into exporter tests.
## Handoff
Use this note to track unblock; update when EvidenceLocker spec is available.

29
docs/modules/export-center/prep/2025-11-20-notify-obs-52-prep.md Normal file
View File

@@ -0,0 +1,29 @@
# Export Notifications Schema Prep — PREP-EXPORT-NOTIFY-SCHEMA-OBS-52
Status: Draft (2025-11-20)
Owners: Notifications Guild · Exporter Service
Scope: Define notification envelope/payloads for export lifecycle events.
## Event types
- `export.started`, `export.completed`, `export.failed`.
## Envelope (proposed)
```json
{
"type": "export.completed",
"export_id": "...",
"profile_id": "...",
"tenant_id": "...",
"artifact_counts": {"json": 2, "mirror": 1},
"sha256": "...",
"created_at": "2025-11-20T00:00:00Z"
}
```
- Deterministic key ordering; timestamps UTC.
## Open decisions
- Channel/transport (NATS vs Redis streams vs webhooks).
- Required retry/backoff policy and DLQ routing.
## Handoff
Use this prep doc for PREP-EXPORT-NOTIFY-SCHEMA-OBS-52; update once transport + DLQ policy are chosen.

17
docs/modules/export-center/prep/2025-11-20-obs-50-001-prep.md Normal file
View File

@@ -0,0 +1,17 @@
# Export Telemetry Prep — PREP-EXPORT-OBS-50-001
Status: Draft (2025-11-20)
Owners: Exporter Service · Observability Guild
Scope: Define telemetry schema for exporter service bootstrap.
## Proposed metrics/logs
- Metrics (Prometheus/Otel): `export_runs_total{profile, tenant}`, `export_run_duration_seconds`, `export_artifacts_total{type}`, `export_failures_total`, `export_bytes_total`.
- Logs: structured with fields `{export_id, profile, tenant, artifact_type, status, duration_ms}`.
- Traces: span names `export.run`, `export.plan`, `export.write`; tags include `profile`, `tenant`, `artifact_count`.
## Open decisions
- Histogram buckets for duration/bytes.
- Required correlation IDs for downstream Console ingestion.
## Handoff
Use this as PREP artefact for EXPORT-OBS-50-001; update buckets and trace tags once Observability finalizes naming.

21
docs/modules/export-center/prep/2025-11-20-risk-69-001-prep.md Normal file
View File

@@ -0,0 +1,21 @@
# Export Risk Bundle Prep — PREP-EXPORT-RISK-69-001
Status: Draft (2025-11-20)
Owners: Exporter Service · Risk Bundle Export Guild
Scope: Capture provider selection rules and schema needs for risk bundle job handler.
## Provider selection (proposed)
- Inputs: `risk_profile_id`, `tenant_id`, `preferred_provider`, `fallback_provider`.
- Selection order: tenant override → profile default → system default.
- Providers must advertise capabilities `{formats[], signing_profiles[]}`.
## Manifest expectations
- Fields: `bundle_id`, `profile_id`, `provider_id`, `inputs_hash`, `created_at`, `artifacts[] {path, sha256, media_type}`.
- Deterministic ordering and sha256 for all artifacts.
## Open decisions
- Final list of providers and signing profiles.
- Whether to embed policy/export bundle pointers.
## Handoff
Use this as PREP artefact for EXPORT-RISK-69-001; update provider list and manifest once phase I artifacts land.

21
docs/modules/export-center/prep/2025-11-20-svc-35-001-prep.md Normal file
View File

@@ -0,0 +1,21 @@
# Export Service Bootstrap Prep — PREP-EXPORT-SVC-35-001
Status: Draft (2025-11-20)
Owners: Exporter Service
Scope: Capture phase I readiness for exporter service project/migrations.
## Project baseline
- Service: minimal API (net10.0), Postgres storage for `export_profiles`, `export_runs`, `export_inputs`, `export_distributions`.
- Tests: xUnit + integration harness with deterministic timestamps.
## Schema notes
- `export_profiles`: `{id, name, tenant_id?, config_json}`.
- `export_runs`: `{id, profile_id, tenant_id, status, started_at, completed_at, artifact_counts JSONB}`.
- Deterministic defaults: UTC timestamps; snake_case columns.
## Open decisions
- Final Postgres schema (indices, enums for status).
- Whether to store metrics snapshots inline or via observability pipeline.
## Handoff
Use this as PREP artefact for EXPORT-SVC-35-001; update once phase I readiness and synthetic telemetry feeds are defined.

20
docs/modules/export-center/prep/2025-11-20-svc-35-002-prep.md Normal file
View File

@@ -0,0 +1,20 @@
# Export Service Planner Prep — PREP-EXPORT-SVC-35-002
Status: Draft (2025-11-20)
Owners: Exporter Service
Scope: Planner + scope resolver for exports, depends on 35-001 bootstrap.
## Planner inputs
- `profile_id`, `tenant_id`, `inputs` (bundle pointers), `priority`.
- `limits`: max artifacts, max runtime.
## Outputs
- Plan document `{plan_id, profile_id, tenant_id, steps[], estimated_bytes, estimated_duration_ms}`.
- Steps sorted; deterministic hashing of plan.
## Open decisions
- Step types allowed (json adapters, mirror, manifest signing).
- How to surface rejection reasons to upstream services.
## Handoff
Use as prep artefact; update once 35-001 schema is fixed.

16
docs/modules/export-center/prep/2025-11-20-svc-35-003-prep.md Normal file
View File

@@ -0,0 +1,16 @@
# Export JSON Adapter Prep — PREP-EXPORT-SVC-35-003
Status: Draft (2025-11-20)
Owners: Exporter Service
Scope: JSON adapters (`json:raw`, `json:policy`) normalization/redaction/compression.
## Deliverable shape
- Adapter config: `{type, redactions[], compress: bool, normalize_paths: bool}`.
- Output manifest entry: `{path, sha256, media_type, original_size, compressed_size?}`.
## Open decisions
- Redaction rules list and ordering.
- Compression algorithm (gzip vs zstd) and level defaults.
## Handoff
Prep artefact for 35-003; align with plan model once 35-002 is fixed.

17
docs/modules/export-center/prep/2025-11-20-svc-35-004-prep.md Normal file
View File

@@ -0,0 +1,17 @@
# Export Mirror Adapter Prep — PREP-EXPORT-SVC-35-004
Status: Draft (2025-11-20)
Owners: Exporter Service
Scope: Mirror (full) adapter producing filesystem layout, indexes, manifests, README.
## Layout proposal
- root manifest `mirror.manifest.json` with Merkle root.
- Directories: `artifacts/`, `indexes/`, `docs/README.md`.
- Deterministic ordering, UTC timestamps.
## Open decisions
- Which indexes required (by profile vs dataset).
- Manifest fields alignment with Mirror thin bundle.
## Handoff
Use as prep artefact; fill fields once 35-003 outputs and mirror schema decisions are in.

16
docs/modules/export-center/prep/2025-11-20-svc-35-005-prep.md Normal file
View File

@@ -0,0 +1,16 @@
# Export Manifest/Signing Prep — PREP-EXPORT-SVC-35-005
Status: Draft (2025-11-20)
Owners: Exporter Service · Security Guild
Scope: Manifest/provenance writer + KMS signing/attestation.
## Proposed manifest
- `export_id`, `profile_id`, `tenant_id`, `artifacts[] {path, sha256, media_type}`, `created_at`, `inputs_hash`, `signatures[]`.
- DSSE envelope for manifest; signer from ICryptoProviderRegistry.
## Open decisions
- Signing profile list and KMS/HSM mapping.
- Rekor/Transparency use in offline vs online.
## Handoff
Prep artefact for 35-005; update once crypto profile and provider registry decisions land.

4
docs/modules/findings-ledger/README.md Normal file
View File

@@ -0,0 +1,4 @@
# Findings Ledger
Start here for ledger docs.

70
docs/modules/findings-ledger/export-http-surface.md Normal file
View File

@@ -0,0 +1,70 @@
# Findings Ledger Export HTTP Surface
Prep task: PREP-LEDGER-EXPORT-35-001-NO-HTTP-API-SURFACE (Sprint 0121)
## Goals
- Publish an HTTP surface for deterministic, offline-friendly exports of Findings Ledger data (findings, VEX, advisories, SBOMs) so downstream SDK/OpenAPI tasks can proceed.
- Define filter contract, pagination, media types, and provenance fields required by Evidence Locker and Policy Engine consumers.
## Non-goals
- Implementing the endpoints (covered by LEDGER-EXPORT-35-001).
- Final OAS/SDK generation (tracked in PREP-LEDGER-OAS-61-001/002/62-001/63-001).
## Base Service
- Host: findings-ledger service (minimal API) under `src/Findings/StellaOps.Findings.Ledger`.
- Base path: `/ledger/export`.
- Auth: service-to-service bearer token; require `scope=ledger.export.read`.
- Tenancy: `X-Stella-Tenant` header (strictly required); responses never mix tenants.
- Determinism: server sorts by `(event_sequence, projection_version, cycle_hash)`; pagination tokens encode the last emitted tuple and filter set. No wall-clock dependence.
- Media types: default `application/x-ndjson`; clients may request `application/json` (array) for small result sets. Always emit `Content-Encoding: gzip` when `Accept-Encoding` allows.
## Endpoints
### 1) Findings
- `GET /ledger/export/findings`
- Filters (all optional unless noted):
- `shape` (required): `canonical` \| `compact` (controls payload shape; compact strips verbose provenance fields for air-gap bundles)
- `since_sequence` (long, ≥0), `until_sequence` (long, inclusive) — enables range slicing.
- `since_observed_at`, `until_observed_at` (ISO-8601 UTC) — observation window.
- `advisory_id` (repeatable), `component_purl` (repeatable), `finding_status` (`open|fixed|dismissed`), `severity` (`critical|high|medium|low|unknown`).
- `risk_profile_version` (string) — filters by attached risk profile revision.
- Response item (canonical shape):
- `finding_id`, `event_sequence`, `observed_at`, `component` (purl, version, source), `advisories` (ids, cwes), `status`, `severity`, `risk` (score, severity, profile_version, explanation_id), `projection_version`, `cycle_hash`, `evidence_bundle_ref` (digest, dsse_digest, timeline_ref), `provenance` (ledger_root, projector_version, policy_version, datasource_ids).
### 2) VEX
- `GET /ledger/export/vex`
- Filters: `shape`, `since_sequence/until_sequence`, `since_observed_at/until_observed_at`, `product_id` (repeatable), `advisory_id`, `status` (`affected|not_affected|under_investigation`), `statement_type` (`exploitation|justification`).
- Response item adds `vex_statement_id`, `product` (purl or CPE), `status_justification`, `known_exploited` (bool), `timestamp`, `projection_version`, `cycle_hash`, `provenance`.
### 3) Advisories
- `GET /ledger/export/advisories`
- Filters: `shape`, `since_sequence/until_sequence`, `severity`, `source` (feed id), `cwe_id`, `kev` (bool), `cvss_version`, `cvss_score_min`, `cvss_score_max`.
- Response item: `advisory_id`, `source`, `title`, `description`, `cwes`, `cvss` (version, vector, base_score), `published`, `modified`, `status`, `epss` (score, percentile), `projection_version`, `cycle_hash`, `provenance`.
### 4) SBOMs
- `GET /ledger/export/sboms`
- Filters: `shape`, `since_sequence/until_sequence`, `since_observed_at/until_observed_at`, `subject_digest` (OCI digest), `sbom_format` (`spdx-json` \| `cyclonedx-json`), `component_purl` (repeatable), `contains_native` (bool), `slsa_build_type` (string).
- Response item: `sbom_id`, `subject` (digest, media_type), `sbom_format`, `created_at`, `components_count`, `has_vulnerabilities` (bool), `materials` (digests), `projection_version`, `cycle_hash`, `provenance`.
## Pagination
- Cursor param: `page_token` (opaque base64url JSON: `{ "last": { "event_sequence": long, "projection_version": string, "cycle_hash": string }, "filters_hash": sha256 }`).
- Page size: `page_size` (default 500, max 5000). Server rejects if `page_size` differs across pages for same token.
- Response envelope (for both NDJSON and JSON array):
- Header `X-Stella-Next-Page-Token` when more data exists.
- Header `X-Stella-Result-Count` with items count.
- When `Prefer: return=minimal` is set, omit envelope body for NDJSON; clients rely on headers.
## Error Contract
- 400: unknown filter, invalid range, or filter combination mismatch with `filters_hash` inside `page_token`.
- 401/403: missing or insufficient scope.
- 409: requested `shape` not compatible with downstream air-gap mode (compact requested where policy mandates canonical).
- 429: enforcement of determinism guard (server detected projection drift vs cycle_hash); include `X-Stella-Drift-Reason`.
## Observability & Determinism Hooks
- Emit structured logs `ledger.export.request` and `ledger.export.emit` with tenant, endpoint, filters_hash, page_size, result_count, duration_ms.
- Counters: `ledger_export_items_total{endpoint,tenant}` and `ledger_export_failures_total{endpoint,reason}`.
- Traces: span name `ledger.export.{endpoint}`; attach `filters_hash`, `page_size`, `next_page_token_present` attributes.
## artefact location
- This document: `docs/modules/findings-ledger/export-http-surface.md` (hash stability: keep deterministic ordering as authored on 2025-11-20).
- Link from sprint 0121 PREP-LEDGER-EXPORT-35-001; downstream tasks should reference this path for contract details.

28
docs/modules/findings-ledger/oas-baseline.md Normal file
View File

@@ -0,0 +1,28 @@
# Findings Ledger OAS baseline (v1)
**Scope.** Establish the canonical OpenAPI baseline and API host definitions for Findings Ledger. This satisfies PREP-LEDGER-OAS-61-001 and unblocks downstream OAS/SDK/OBS tasks (61-002..63-001).
**What shipped (2025-11-20).**
- Published baseline OAS document: `docs/modules/findings-ledger/openapi/findings-ledger.v1.yaml` (OpenAPI 3.0.3).
- Servers: `https://{env}.ledger.api.stellaops.local` (env ∈ dev/staging/prod/airgap) and offline `https://ledger.{region}.offline.bundle`.
- Security: `bearerAuth` (JWT) and `mTLS` declared; tenant header `X-Stella-Tenant` required.
- Paths included:
- `GET /v1/ledger/events` (deterministic paging by chain/sequence; cursor header).
- `POST /v1/ledger/events` (append; validates hashes; 409 on non-deterministic input).
- `GET /v1/ledger/projections/findings` (projection read with `cycleHash`).
- Schemas align with `docs/modules/findings-ledger/schema.md` (ledger events, projections, hashes, provenance fields).
**Usage / next steps.**
- Export to renderer or client generation from `findings-ledger.v1.yaml`; keep schema source of truth in YAML, not code-first.
- Downstream tasks (61-002, 62-001, 63-001) should extend this spec with SDK/validation/deprecation headers but **must not** change base paths, security schemes, or canonical field names.
- When new fields are added, update both `schema.md` and the YAML and bump `info.version` with changelog entry.
**Determinism & offline posture.**
- Stable ordering: events sorted by `(chainId, sequence)`; projections do not perform consensus/merges.
- No external calls required at runtime; offline host is declared for bundle deployments.
- Hash fields (`eventHash`, `previousHash`, `merkleLeafHash`, `cycleHash`) remain lowercase hex SHA-256 per schema.
**Artifact locations.**
- OAS YAML: `docs/modules/findings-ledger/openapi/findings-ledger.v1.yaml`
- Schema reference: `docs/modules/findings-ledger/schema.md`
- Export surface reference (for later OAS extensions): `docs/modules/findings-ledger/export-http-surface.md`

264
docs/modules/findings-ledger/openapi/findings-ledger.v1.yaml Normal file
View File

@@ -0,0 +1,264 @@
openapi: 3.0.3
info:
title: StellaOps Findings Ledger API
version: 1.0.0-beta1
description: >-
Canonical, aggregation-only surface for append-only findings events, projections, and
Merkle anchoring metadata. Aligns with schema in docs/modules/findings-ledger/schema.md.
servers:
- url: https://{env}.ledger.api.stellaops.local
description: Default environment-scoped host
variables:
env:
default: prod
enum: [dev, staging, prod, airgap]
- url: https://ledger.{region}.offline.bundle
description: Offline bundle host for air-gapped deployments
variables:
region:
default: local
enum: [local]
security:
- bearerAuth: []
- mTLS: []
paths:
/v1/ledger/events:
get:
summary: List ledger events
operationId: listLedgerEvents
tags: [ledger]
parameters:
- $ref: '#/components/parameters/TenantId'
- name: chainId
in: query
required: false
schema:
type: string
format: uuid
- name: sinceSequence
in: query
schema:
type: integer
minimum: 0
- name: limit
in: query
schema:
type: integer
default: 200
maximum: 1000
responses:
'200':
description: Paged ledger events in deterministic order (chainId, sequence_No asc)
headers:
Req-Cursor:
schema:
type: string
content:
application/json:
schema:
$ref: '#/components/schemas/LedgerEventPage'
post:
summary: Append deterministic ledger event
operationId: appendLedgerEvent
tags: [ledger]
parameters:
- $ref: '#/components/parameters/TenantId'
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/LedgerEventAppendRequest'
responses:
'201':
description: Event persisted
content:
application/json:
schema:
$ref: '#/components/schemas/LedgerEvent'
'409':
description: Hash/sequence conflict (non-deterministic input)
/v1/ledger/projections/findings:
get:
summary: Get latest projection for findings
operationId: listFindingProjections
tags: [projections]
parameters:
- $ref: '#/components/parameters/TenantId'
- name: findingId
in: query
schema:
type: string
- name: policyVersion
in: query
schema:
type: string
- name: status
in: query
schema:
type: string
- name: limit
in: query
schema:
type: integer
default: 200
maximum: 1000
responses:
'200':
description: Projection rows with cycleHash for replay validation
content:
application/json:
schema:
$ref: '#/components/schemas/FindingProjectionPage'
components:
securitySchemes:
bearerAuth:
type: http
scheme: bearer
bearerFormat: JWT
mTLS:
type: mutualTLS
parameters:
TenantId:
name: X-Stella-Tenant
in: header
required: true
schema:
type: string
schemas:
LedgerEvent:
type: object
required: [event]
properties:
event:
type: object
required: [id, type, tenant, chainId, sequence, policyVersion, occurredAt, recordedAt, payload]
properties:
id:
type: string
format: uuid
type:
type: string
description: ledger_event_type (see schema.md §2.2)
tenant:
type: string
chainId:
type: string
format: uuid
sequence:
type: integer
policyVersion:
type: string
finding:
type: object
properties:
id: { type: string }
artifactId: { type: string }
vulnId: { type: string }
actor:
type: object
properties:
id: { type: string }
type: { type: string }
occurredAt:
type: string
format: date-time
recordedAt:
type: string
format: date-time
payload:
type: object
additionalProperties: true
evidenceBundleRef:
type: string
eventHash:
type: string
previousHash:
type: string
merkleLeafHash:
type: string
LedgerEventPage:
type: object
required: [items]
properties:
items:
type: array
items:
$ref: '#/components/schemas/LedgerEvent'
nextCursor:
type: string
LedgerEventAppendRequest:
type: object
required: [id, type, tenant, chainId, sequence, policyVersion, occurredAt, payload]
properties:
id:
type: string
format: uuid
type:
type: string
tenant:
type: string
chainId:
type: string
format: uuid
sequence:
type: integer
policyVersion:
type: string
finding:
type: object
properties:
id: { type: string }
artifactId: { type: string }
vulnId: { type: string }
actor:
type: object
properties:
id: { type: string }
type: { type: string }
occurredAt:
type: string
format: date-time
payload:
type: object
additionalProperties: true
evidenceBundleRef:
type: string
previousHash:
type: string
description: Optional; validated if supplied
merkleLeafHash:
type: string
description: Optional; server recomputes to validate determinism
FindingProjection:
type: object
required: [tenantId, findingId, policyVersion, status, cycleHash]
properties:
tenantId: { type: string }
findingId: { type: string }
policyVersion: { type: string }
status: { type: string }
severity:
type: number
format: double
labels:
type: object
additionalProperties: true
currentEventId:
type: string
format: uuid
cycleHash:
type: string
updatedAt:
type: string
format: date-time
FindingProjectionPage:
type: object
required: [items]
properties:
items:
type: array
items:
$ref: '#/components/schemas/FindingProjection'
nextCursor:
type: string

19
docs/modules/findings-ledger/prep/2025-11-20-ledger-oas-prep.md Normal file
View File

@@ -0,0 +1,19 @@
# Ledger OAS Prep — PREP-LEDGER-OAS-61-001/61-002/62-001/63-001
Status: Draft (2025-11-20)
Owners: Findings Ledger Guild · API Contracts Guild · SDK Generator Guild
Scope: Capture OAS baseline, HTTP surface, SDK generation, and deprecation flow for ledger service.
## Whats needed
- Baseline OAS for ledger API host (61-001).
- Confirm endpoints and auth scopes to publish (61-002 depends on 61-001).
- SDK generation targets and language list (62-001).
- Deprecation header plan once SDK validated (63-001).
## Open decisions
- Hostname/versioning scheme for ledger API.
- Auth scopes per endpoint.
- Languages for SDK generation and package naming.
## Handoff
Use this prep doc for LEDGER-OAS-61-001/61-002/62-001/63-001; update once API contract is drafted.

12
docs/modules/findings-ledger/prep/2025-11-20-ledger-obs-54-001-prep.md Normal file
View File

@@ -0,0 +1,12 @@
# Ledger Observability Prep — PREP-LEDGER-OBS-54-001
Status: Draft (2025-11-20)
Owners: Findings Ledger Guild · Provenance Guild
Scope: Minimal API surface for `/ledger/attestations` and observability hooks.
## Needs
- HTTP surface spec (routes, auth scopes) to host `/ledger/attestations`.
- Telemetry fields to include provenance IDs.
## Handoff
Use as PREP artefact; update once API contract is drafted.

9
docs/modules/findings-ledger/prep/2025-11-20-ledger-packs-42-001-prep.md Normal file
View File

@@ -0,0 +1,9 @@
# Ledger Packs Snapshot Prep — PREP-LEDGER-PACKS-42-001
Status: Draft (2025-11-20)
Owners: Findings Ledger Guild · Mirror Creator Guild
Scope: Snapshot/time-travel contract for packs simulation.
## Needs
- Snapshot format and bundle layout for pack simulation/time-travel.

11
docs/modules/findings-ledger/prep/2025-11-20-ledger-risk-66-prep.md Normal file
View File

@@ -0,0 +1,11 @@
# Ledger Risk Schema Prep — PREP-LEDGER-RISK-66-001/002
Status: Draft (2025-11-20)
Owners: Findings Ledger Guild · Risk Engine Guild
## Needs
- Risk engine schema/contract inputs: `risk_score`, `risk_severity`, `profile_version`, `explanation_id`, indexes.
- Migration plan to add fields.
## Handoff
Use as PREP artefact; update when risk field definitions and rollout plan are available.

17
docs/modules/findings-ledger/prep/2025-11-20-ledger-risk-prep.md Normal file
View File

@@ -0,0 +1,17 @@
# Ledger Risk Prep — PREP-LEDGER-RISK-68-001 / 69-001 / TEN-48-001
Status: Draft (2025-11-20)
Owners: Findings Ledger Guild · Export Guild · Observability Guild · Platform
## 68-001 (scored findings export) needs
- Inputs from 67-001 + Export Center contract for scored findings.
- Metrics dimensions alignment with Observability.
## 69-001 (metrics) needs
- Final metrics fields driven by 67-001/68-001 outputs.
## TEN-48-001 (RLS/partitioning) needs
- Platform-approved tenant/project partitioning and RLS policy.
## Handoff
Use as PREP artefact for the above tasks; update when upstream exports and RLS decisions are available.

38
docs/modules/findings-ledger/prep/ledger-attestations-http.md Normal file
View File

@@ -0,0 +1,38 @@
# Ledger attestation HTTP surface (prep for LEDGER-OBS-54-001 / 55-001)
**Goal.** Provide the minimal HTTP contract to expose ledger attestation verifications so PREP-LEDGER-OBS-55-001 can proceed. This complements the OAS baseline (`docs/modules/findings-ledger/openapi/findings-ledger.v1.yaml`) and schema (`docs/modules/findings-ledger/schema.md`).
## Endpoint
- `GET /v1/ledger/attestations`
- Tenant header: `X-Stella-Tenant` (required).
- Auth: bearer `scope=ledger.attest.read` or mTLS.
- Query params:
- `artifactId` (string, optional; OCI digest or SBOM id)
- `findingId` (string, optional)
- `attestationId` (uuid, optional)
- `status` (`verified|failed|unknown`, optional)
- `sinceRecordedAt` / `untilRecordedAt` (ISO-8601 UTC)
- `limit` (int, default 200, max 1000)
- Ordering: deterministic by `recordedAt ASC, attestationId ASC`.
- Response: JSON array (or NDJSON when `Accept: application/x-ndjson`). Each item:
- `attestationId` (uuid)
- `artifactId` (string)
- `findingId` (string)
- `verificationStatus` (`verified|failed|unknown`)
- `verificationTime` (ISO-8601 UTC)
- `dsseDigest` (sha256)
- `rekorEntryId` (string, optional)
- `evidenceBundleRef` (string, optional)
- `ledgerEventId` (uuid) — source ledger event that linked the attestation
- `recordedAt` (ISO-8601 UTC)
- `merkleLeafHash` (sha256)
- `rootHash` (sha256)
## Determinism/offline posture
- Sorting keys are fixed; pagination token encodes `{recordedAt, attestationId, filtersHash}`.
- No live Rekor calls; `rekorEntryId` is stored reference only.
- Hashes remain lowercase SHA-256; times are UTC.
## Artefact location
- This prep doc: `docs/modules/findings-ledger/prep/ledger-attestations-http.md`.
- Add path to OAS in a follow-on increment (LEDGER-OAS-61-002/63-001) once approved.

26
docs/modules/mirror/assembler.md Normal file
View File

@@ -0,0 +1,26 @@
# Mirror Assembler Staffing & Milestones (Sprint 110.D)
## Staffing
- **Primary owner:** Alex Kim (Mirror Creator Guild)
- **Backup:** Priya Desai (Exporter Guild)
- **Observers:** AirGap Time Guild, CLI Guild
## Milestones
1. **M0 recap (done 2025-11-19):** thin bundle sample + layout note (`docs/modules/mirror/milestone-0-thin-bundle.md`).
2. **M1 (due 2025-11-26):** implement deterministic assembler with manifest + CAS layout; DSSE signing profile `sovereign-default`; produce sample bundle tarball + hash.
3. **M1.1 (due 2025-11-28):** TUF metadata generation (`root.json`, `snapshot.json`, `timestamp.json`) and mirror index manifest.
4. **M2 (due 2025-12-05):** integrate time-anchor metadata (AirGap Time), export automation hooks (Export Center), and CLI verification path.
## Responsibilities
- Alex Kim: assembler core, DSSE signing, CAS layout.
- Priya Desai: TUF metadata + exporter handoff.
- AirGap Time Guild: time-anchor schema + verification guidance.
- CLI Guild: `stella mirror verify` wiring and offline cache checks.
## Artefact locations
- Assembler design: `docs/modules/mirror/thin-bundle-assembler.md`
- Staffing/plan (this doc): `docs/modules/mirror/assembler.md`
- Sample bundles: `out/mirror/thin/mirror-thin-m0-sample.tar.gz` (future M1/M2 under `out/mirror/thin/`)
## Risks
- If M1 slips past 2025-11-26, Export Center and CLI tracks block; escalate to Exporter guild lead.

22
docs/modules/mirror/prep-56-001-thin-bundle.md Normal file
View File

@@ -0,0 +1,22 @@
# Mirror Thin Bundle Prep — PREP-MIRROR-CRT-56-001 (Draft)
Status: Draft (2025-11-20)
Owners: Mirror Guild (Assembler)
Scope: Capture requirements to start thin bundle v1 when upstream Sprint 110.D artefacts land.
## Dependencies
- Sprint 110.D assembler foundation (missing in repo).
- Trust root list and TUF metadata locations from release pipeline.
## Proposed thin bundle v1 shape
- Container: tar.gz deterministic; root manifest `mirror.thin.manifest.json`.
- Fields: `bundle_id`, `schema_version`=`mirror.thin.v1`, `created_at`, `source_registry`, `artifacts[] {digest, media_type, size}`, `trust_roots[]`, optional `attestations[]`.
- Merkle root over files for audit.
## Open decisions
- Exact artifact set included in “thin” scope (SBOM only vs SBOM+metadata).
- Required signatures (DSSE/Sigstore) and signer identities.
- Retention/GC policy for thin bundles.
## Handoff
Use this as the PREP artefact for PREP-MIRROR-CRT-56-001; update when assembler foundation drops so schema can be finalized and aligned with `docs/modules/mirror/thin-bundle-assembler.md`.

12
docs/modules/orchestrator/prep/2025-11-20-airgap-56-001-prep.md Normal file
View File

@@ -0,0 +1,12 @@
# Orchestrator AirGap Prep — PREP-ORCH-AIRGAP-56-001
Status: Draft (2025-11-20)
Owners: Orchestrator Service Guild · AirGap Policy Guild
Scope: Awaiting AirGap readiness; capture sealed-mode contract needs for orchestrator.
## Needs
- Sealed-mode contract from AirGap controller (seal/unseal scopes, staleness fields).
- Mirror bundle pointers to include with orchestrator jobs.
## Handoff
Use as prep artefact; update once AirGap 56-001 contract is published.

9
docs/modules/orchestrator/prep/2025-11-20-airgap-56-002-prep.md Normal file
View File

@@ -0,0 +1,9 @@
# Orchestrator AirGap Prep — PREP-ORCH-AIRGAP-56-002
Status: Draft (2025-11-20)
Scope: Downstream of 56-001; needs sealed-mode staleness propagation.
## Needs
- From 56-001: seal contract and bundle pointers.
- Staleness propagation rules to orchestrator runs.

9
docs/modules/orchestrator/prep/2025-11-20-airgap-57-001-prep.md Normal file
View File

@@ -0,0 +1,9 @@
# Orchestrator AirGap Prep — PREP-ORCH-AIRGAP-57-001
Status: Draft (2025-11-20)
Scope: Dependent on 56-002; timeline events for AirGap imports.
## Needs
- Event types/fields for bundle import timeline.
- Alignment with AirGap mirror bundle IDs and staleness.

8
docs/modules/orchestrator/prep/2025-11-20-airgap-58-001-prep.md Normal file
View File

@@ -0,0 +1,8 @@
# Orchestrator AirGap Prep — PREP-ORCH-AIRGAP-58-001
Status: Draft (2025-11-20)
Scope: Dependent on 57-001; Evidence Locker integration for sealed mode.
## Needs
- Evidence Locker bundle pointers and attestation requirements in sealed mode.

12
docs/modules/orchestrator/prep/2025-11-20-oas-61-001-prep.md Normal file
View File

@@ -0,0 +1,12 @@
# Orchestrator OAS Prep — PREP-ORCH-OAS-61-001/61-002/62-001
Status: Draft (2025-11-20)
Scope: Telemetry contract inputs and OAS baseline for orchestrator APIs.
## Needs
- Telemetry/contract inputs from sprint 150.A (not yet published).
- OAS baseline for orchestrator host.
- SDK generation targets (depends on OAS v1).
## Handoff
Use as prep artefact for OAS 61/62 chain; update when telemetry inputs published.

17
docs/modules/orchestrator/prep/2025-11-20-svc-41-101-prep.md Normal file
View File

@@ -0,0 +1,17 @@
# Orchestrator Pack-Run Prep — PREP-ORCH-SVC-41-101 / 42-101 / TEN-48-001
Status: Draft (2025-11-20)
Owners: Orchestrator Service Guild
## 41-101 needs
- Envelope + DAL from 38-101 to register pack runs.
- Storage schema for pack-run records.
## 42-101 needs
- Stream contract from 41-101 (pack-run plumbing) to drive streaming.
## TEN-48-001 needs
- Tenant context plumbing for job DAL/routes.
## Handoff
Use as prep artefact; update when 38-101 envelope lands and DAL schema is fixed.

3
docs/modules/policy/TASKS.md
View File

@@ -2,5 +2,8 @@
| Task ID | State | Notes |
| --- | --- | --- |
| `PREP-EXPORT-CONSOLE-23-001` | DOING (2025-11-20) | Drafted export bundle + scheduler job contract (see `docs/modules/policy/design/export-console-bundle-contract.md`); waiting on DSSE/storage decisions from Console/Scheduler/Authority. |
| `PREP-POLICY-AIRGAP-56-001` | DOING (2025-11-20) | Drafted mirror bundle schema for air-gap/ sealed mode (see `docs/modules/policy/design/policy-mirror-bundle-schema.md`); waiting on trust-root and retention policy decisions. |
| `PREP-POLICY-ENGINE-30-001` | DOING (2025-11-20) | Drafted overlay projection contract (see `docs/modules/policy/design/policy-overlay-projection.md`); waiting on 29-004 metrics/log schema from Platform/Observability. |
| `SCANNER-POLICY-0001` | DONE (2025-11-10) | Ruby component predicates implemented in engine/tests, DSL docs updated, offline kit verifies `seed-data/analyzers/ruby/git-sources`. |
| `DOCS-AIAI-31-006` | DONE (2025-11-13) | Published `docs/policy/assistant-parameters.md` capturing Advisory AI configuration knobs (inference/guardrails/cache/queue) and linked it from the module architecture dossier. |

55
docs/modules/policy/design/export-console-bundle-contract.md Normal file
View File

@@ -0,0 +1,55 @@
# Export Console Bundle Contract (Draft) — PREP-EXPORT-CONSOLE-23-001
Status: Draft (2025-11-20)
Owners: Policy Guild · Scheduler Guild · Observability Guild
Scope: Define the evidence bundle exported by Policy Engine for Console replay/verification and the scheduler job contract that produces it.
## 1) Manifest format
- Container: tar.gz (deterministic ordering, UTC mtime `1970-01-01T00:00:00Z`), content-addressed by SHA-256 of archive bytes.
- Root manifest: `bundle.manifest.json` (unsigned) and `bundle.manifest.dsse` (signed, optional until Rekor/Authority hookup).
- `bundle.manifest.json` fields:
- `bundle_id` (string, required): GUID/ULID assigned by Policy Engine.
- `policy_run_id` (string, required): ID of originating policy run.
- `tenant_id` (string, required): tenant scope.
- `policy_version` (string, required): semantic version or commit hash of the policy set evaluated.
- `inputs_hash` (hex): SHA-256 of normalized inputs (SBOM, advisories, VEX) used for the run.
- `generated_at` (string, RFC3339 UTC): timestamp of bundle creation.
- `schema_version` (string): `policy.export.console.v1`.
- `artifacts`: array of artefact descriptors with `{path, media_type, sha256, purpose}`; expected purposes: `policy-run-summary`, `effective-findings`, `inputs`, `logs`, `metrics`.
- `signatures`: optional array referencing DSSE statement(s) with signer identity and key hint.
## 2) Artefact layout
- `summary/policy-run.json`: minimal run summary (status, duration, rule counts, decision stats).
- `findings/effective.ndjson`: deterministic NDJSON list of effective findings emitted by the run (sorted by `finding_id`).
- `inputs/sbom/*.json`: normalized SBOM slices (content-addressed references pointing back to source digests).
- `inputs/advisories/*.json`: advisories snapshot used during evaluation.
- `inputs/vex/*.json`: VEX statements snapshot.
- `telemetry/logs.ndjson`: structured logs with correlation IDs and runner metadata (no secrets, scrub file paths).
- `telemetry/metrics.json`: counters/histograms for run (p50/p95 latency, evaluated rules, facts ingested).
## 3) Scheduler job contract
- Job type: `policy.export.console`.
- Inputs:
- `policy_run_id` (required)
- `tenant_id` (required)
- `priority` (enum: background|interactive; default background)
- `include_logs` (bool, default true)
- Outputs:
- `bundle_pointer` (URI/path) to stored bundle in Evidence Locker/Export Center bucket.
- `bundle_id`, `sha256`.
- Events:
- Progress events to Observability stream `{job_id, state, percent, bundle_id?, error?}`.
- Completion emits `policy.export.console.completed` with bundle metadata for Console ingestion.
## 4) Determinism & security
- All NDJSON/JSON sorted by stable keys; floats avoided; timestamps UTC RFC3339.
- No inline PII; tenant-scoped file paths must be redacted or normalized.
- Offline-friendly: no external references; all URIs either `bundle://` or content hashes.
## 5) Open items / decisions needed
- Signer identity and DSSE profile (Rekor optional) — awaiting Authority/Attestor alignment.
- Exact location for bundle storage (Evidence Locker vs Export Center) — propose Evidence Locker namespace `policy-console/` with retention 30d.
- Metrics schema: align with Observability guilds latest counters/histogram names.
## 6) Handoff
Cite this file in sprint trackers for PREP-EXPORT-CONSOLE-23-001. When upstream decisions land, update schema_version and finalize DSSE profile.

27
docs/modules/policy/design/policy-deterministic-evaluator.md Normal file
View File

@@ -0,0 +1,27 @@
# Deterministic Evaluator Spec (Draft) — PREP-POLICY-ENGINE-20-002
Status: Draft (2025-11-20)
Owners: Policy Guild
Scope: Define deterministic evaluator requirements for Policy Engine to unblock POLICY-ENGINE-20-002.
## Determinism rules
- Evaluation order: lexical by rule ID within policy set; stable tie-breaker by condition hash.
- Data types: disallow host clock/network; only allow provided inputs; random seeded with fixed seed per run.
- Outputs: sorted by finding_id; numeric outputs with fixed precision (3 decimals) and invariant culture.
- Time handling: all timestamps in inputs are treated as UTC; now() not permitted.
## Engine contract
- Input envelope: `{policy_set_id, policy_version, inputs_hash, tenant_id, run_id}`.
- Execution context: immutable; no mutations to global state; cache keyed by inputs_hash + policy_version.
- Result envelope: `{run_id, policy_set_id, policy_version, findings[], metrics{duration_ms, rules_evaluated}}`.
## Testing strategy
- Golden runs: same inputs produce identical outputs/hashes across runs and machines.
- Property tests: altering rule order must not change result ordering; injecting clock skew should be rejected.
## Open decisions
- Whether to allow parallel rule evaluation if output ordering remains deterministic (requires stable merge logic).
- Exact numeric tolerance/rounding strategy.
## Handoff
Use this as the PREP artefact for PREP-POLICY-ENGINE-20-002. Update once numeric rounding and parallelism decisions are finalized.

46
docs/modules/policy/design/policy-mirror-bundle-schema.md Normal file
View File

@@ -0,0 +1,46 @@
# Policy Mirror Bundle Schema (Draft) — PREP-POLICY-AIRGAP-56-001
Status: Draft (2025-11-20)
Owners: Policy Guild · Cartographer Guild
Scope: Define sealed/offline-ready mirror bundle schema for policy packs to unblock air-gap ingestion (Mirror Bundles v1).
## 1) Bundle container
- Format: tar.gz with deterministic ordering, UTC mtime `1970-01-01T00:00:00Z`.
- Root: `mirror.manifest.json` plus optional `mirror.manifest.dsse` (post-quantum ready profile TBD).
## 2) Manifest fields
- `bundle_id` (string, required): ULID.
- `schema_version` (string): `policy.mirror.v1`.
- `created_at` (RFC3339 UTC).
- `producer` (object): `{name, version, build}` of the mirror tool.
- `provenance` (object): `{source_registry, source_digest, fetch_time, trust_roots[]}`.
- `policies` (array) of policy pack descriptors:
- `pack_id` (string): content-addressed ID of the pack archive.
- `version` (string): semver or commit hash.
- `sha256` (string): hash of pack bytes.
- `signatures[]` (optional): detached signatures (Sigstore/DSSE) with key hints.
- `metadata` (object): `{rules_count, dependencies, min_engine_version}`.
- `attestations` (optional array): references to DSSE statements covering manifest or pack artefacts.
- `integrity` (object): `{merkle_root, entries[]}` mirroring file tree for audit.
## 3) File layout
- `packs/{pack_id}.tar.gz`: raw policy pack.
- `signatures/{pack_id}.sig`: detached signature per pack (optional).
- `notes/compliance.md`: optional compliance notes per pack.
## 4) Sealed-mode rules
- Whole-bundle DSSE signature required when `sealed=true` (header flag in manifest).
- No post-fetch mutation; ingest must verify merkle root and DSSE before unpack.
- Trust roots pinned per bundle (`provenance.trust_roots[]`), defaulting to org-configured roots when absent.
## 5) Determinism & validation
- All arrays sorted; use lowercase hex for hashes.
- Validation checklist: bundle hash matches manifest; merkle root recomputes; DSSE signer authorized; engine version compatibility enforced before import.
## 6) Open decisions
- Final DSSE profile (FIPS/eIDAS/GOST) depending on deployment region.
- Retention/GC policy for stale mirror bundles in sealed mode.
- Whether to embed policy docs or keep external references; draft assumes external docs are excluded for air-gap safety.
## 7) Handoff
Treat this file as the publishable artefact for PREP-POLICY-AIRGAP-56-001. Update when Authority/Platform finalize DSSE and trust-root policies.

55
docs/modules/policy/design/policy-overlay-projection.md Normal file
View File

@@ -0,0 +1,55 @@
# Policy Overlay Projection Contract (Draft) — PREP-POLICY-ENGINE-30-001
Status: Draft (2025-11-20)
Owners: Policy Guild · Cartographer Guild · Platform/Observability Guild
Scope: Define the overlay projection output that depends on metrics/logging outputs from POLICY-ENGINE-29-004. Intended to unblock POLICY-ENGINE-30-001 and downstream 30-00x tasks.
## 1) Inputs
- `policy_run_id` (required)
- `tenant_id` (required)
- Metrics/logging envelope from 29-004 (pending): expected fields include run duration, rule evaluation counts, fact ingest counts, cache hit/miss, scheduler job metadata.
- Optional: advisory/KB versions, SBOM/VEX digests, risk profile version.
## 2) Overlay projection shape (proposed)
```json
{
"overlay_id": "ulid",
"policy_run_id": "...",
"tenant_id": "...",
"generated_at": "2025-11-20T00:00:00Z",
"schema_version": "policy.overlay.v1",
"metrics": {
"duration_ms": 1234,
"rules_evaluated": 4200,
"facts_ingested": 98765,
"cache_hit_rate": 0.92,
"p95_rule_latency_ms": 8
},
"logs_pointer": "bundle://telemetry/logs.ndjson",
"inputs": {
"sbom_digest": "sha256:...",
"advisories_digest": "sha256:...",
"vex_digest": "sha256:..."
},
"provenance": {
"engine_version": "x.y.z",
"profile": "policy-default",
"scheduler_job_id": "..."
}
}
```
- Determinism: sorted keys; timestamps UTC; numeric metrics fixed to 3 decimal places where fractional.
- Overlay acts as the query surface for simulation/change events (30-002/30-003) and UI overlays.
## 3) Storage & API
- Stored as NDJSON under `overlays/{tenant_id}/{policy_run_id}.ndjson` in policy engine store; referenced by Export/Console bundle.
- API (proposed): `GET /policy-runs/{policy_run_id}/overlay` with ETag = sha256 of payload; `POST /policy-runs/{policy_run_id}/overlay/rebuild` for re-projection when metrics contract changes.
## 4) Open dependencies / decisions
- Need final metrics/logging schema from 29-004 to lock `metrics` section (owner: Platform/Observability).
- Confirm cache metrics naming and units.
- Confirm whether overlay should embed inline logs vs pointer.
- Clarify retention/GC policy for overlays (suggest 30d, aligned with export bundles).
## 5) Handoff
Use this document as the PREP artefact for POLICY-ENGINE-30-001. Update once 29-004 publishes metrics/logging outputs; then fix schema_version to `overlay.v1` and add JSON Schema under `docs/modules/policy/schemas/`.

16
docs/modules/policy/prep/2025-11-20-riskprofile-66-001-prep.md Normal file
View File

@@ -0,0 +1,16 @@
# Risk Profile Library Prep — PREP-POLICY-RISK-66-001
Status: Draft (2025-11-20)
Owners: Risk Profile Schema Guild
Scope: Scaffold requirements for `StellaOps.Policy.RiskProfile` project and storage contract.
## Needs
- Project skeleton (net10.0) under `src/Policy/StellaOps.Policy.RiskProfile` with schema/validators.
- Storage contract: collections/fields for risk profiles; deterministic hashing rules.
## Open decisions
- Exact schema fields and validation rules.
- Versioning strategy (semver vs commit hash) for profiles.
## Handoff
Use as PREP artefact; update once schema fields and storage strategy are agreed.

27
docs/modules/sbomservice/offline-feed-plan.md Normal file
View File

@@ -0,0 +1,27 @@
# SBOM Service Offline Feed Plan (prep for PREP-SBOM-CONSOLE-23-001)
## Problem
SbomService builds/tests were failing restore due to missing NuGet packages (notably `Microsoft.IdentityModel.Tokens >= 8.14.0` and `Pkcs11Interop >= 4.1.0`). Offline/air-gap posture requires a cached feed.
## What landed (2025-11-20)
- Offline cache populated under `local-nugets/packages/` via `tools/offline/fetch-sbomservice-deps.sh`.
- Key package hashes:
- `Microsoft.IdentityModel.Tokens.8.14.0.nupkg` · SHA256 `00b78c7b7023132e1d6b31d305e47524732dce6faca92dd16eb8d05a835bba7a`
- `Pkcs11Interop.4.1.0.nupkg` · SHA256 `8d2b323a3abb9de47a06a3c3b662aa526ee5c1637b70db072c66dc28e6f14c1e`
- Script: `tools/offline/fetch-sbomservice-deps.sh` (idempotent) hydrates required packages into `local-nugets/packages` using a minimal probe project with `--ignore-failed-sources` to stay air-gap friendly.
## How to use
```bash
# refresh cache if versions change
./tools/offline/fetch-sbomservice-deps.sh
# run SbomService tests offline
DOTNET_NOLOGO=1 dotnet test src/SbomService/StellaOps.SbomService.Tests/StellaOps.SbomService.Tests.csproj --no-build --ignore-failed-sources
```
## Next actions
- If additional packages surface during `dotnet restore`, append them to the probe project in the script and re-run.
- Keep `local-nugets/` under version control for deterministic builds; update hashes when packages change.
## Owners
- SBOM Service Guild · Build/Infra (sprint 0142_0001_0001).

15
docs/modules/sbomservice/prep/2025-11-20-build-infra-prep.md Normal file
View File

@@ -0,0 +1,15 @@
# Build/Infra Prep — PREP-BUILD-INFRA-SBOM-SERVICE-GUILD-BLOCKED-M
Status: Draft (2025-11-20)
Owners: SBOM Service Guild
Scope: Document restore/build blocking issues awaiting vetted feed/cache.
## Blocker summary
- Multiple restore attempts hang/fail; need vetted NuGet feed/cache for SBOM Service solution.
## Needed actions
- Provide approved offline feed snapshot for SBOM Service dependencies.
- CI runner with feed configured to validate restore.
## Handoff
Use as PREP artefact; update once feed snapshot is supplied and restore passes.

20
docs/modules/sbomservice/prep/2025-11-20-sbom-service-21-001-prep.md Normal file
View File

@@ -0,0 +1,20 @@
# SBOM Service Prep — PREP-SBOM-SERVICE-21-001
Status: Draft (2025-11-20)
Owners: SBOM Service Guild · Cartographer Guild
Scope: Waiting on LNM v1 fixtures to freeze normalized SBOM projection read API.
## Needed inputs
- LNM v1 fixtures (due 2025-11-18 UTC) for schema alignment.
## Proposed API surface (draft)
- `GET /sboms/{id}/projection` with query `page`, `page_size`, `tenant_id`.
- Response includes `components[]`, `licenses[]`, `hashes[]`, `provenance`.
- Deterministic ordering, tenant enforcement.
## Open decisions
- Pagination defaults and max page size.
- Which hash algorithms to expose.
## Handoff
Use as PREP artefact; finalize once fixtures arrive.

118
docs/modules/scanner/design/analyzer-prep-0132.md Normal file
View File

@@ -0,0 +1,118 @@
# Scanner Analyzer Prep · Sprint 0132
This note captures the unblockers promised in PREP tasks for Sprint 0132. Each subsection gives the artifact location, assumption set, and the handoff needed by downstream implementation tasks.
## SCANNER-ANALYZERS-LANG-11-003 (runtime fusion)
- **Objective:** Define the runtime evidence ingest contract to merge AssemblyLoad/Resolving/PInvoke signals with static edges from 11-002.
- **Inputs required:**
- Static edge export format from 11-002 (AssemblyRef/ModuleRef/PInvoke with reason codes).
- Event listener tap points: `AssemblyLoadContext.Resolving`, `AssemblyLoad`, `NativeLibrary.SetDllImportResolver`, `DynamicDependency` attributes, and optional ETW provider `Microsoft-Windows-DotNETRuntime` (keyword 0x8, task AssemblyLoad).
- **Runtime evidence envelope (AOC-aligned):**
```json
{
"runtime_observation_id": "uuid",
"assembly_name": "System.Text.Json",
"kind": "assembly-load|p-invoke|dynamic-dependency",
"source": "Resolving|AssemblyLoad|NativeLibrary|ETW",
"details": {
"requested_name": "System.Text.Json",
"resolved_path": "<normalized absolute path>",
"assembly_version": "8.0.0.0",
"culture": "neutral",
"package_purl": "pkg:nuget/system.text.json@8.0.0",
"confidence": 0.72,
"reason_code": "runtime-resolve"
},
"timestamp_utc": "2025-11-20T00:00:00Z"
}
```
- **Merge rules for downstream 11-003 implementation:**
- De-dup edges by (assembly_name, resolved_path, kind).
- Prefer static edge confidence when present; runtime adds `confidence_bonus = +0.1` but never exceeds 1.0.
- Keep provenance: `edge.provenance = { "static": bool, "runtime": bool }`.
- **Publication:** This doc section is the frozen location for the runtime ingest contract; downstream tasks should reference this path.
## SCANNER-ANALYZERS-LANG-11-004 (observation export → writer/SBOM)
- **Objective:** Define the observation payload emitted to Scanner writer and SBOM entrypoint tagging.
- **Export envelope (AOC-compliant):**
```json
{
"entrypoints": [
{
"label": "app",
"rids": ["win-x64","linux-x64"],
"tfms": ["net8.0","net8.0-windows"],
"command": "dotnet ./bin/app.dll",
"sources": ["src/App/Program.cs"],
"rank": 1
}
],
"dependency_edges": [
{
"from": "app",
"to": "pkg:nuget/system.text.json@8.0.0",
"reason_code": "assembly-ref",
"confidence": 0.86,
"provenance": {"static": true, "runtime": false}
}
],
"environment_profiles": {
"tfm": "net8.0",
"rid": "linux-x64",
"host_policy": "portable",
"features": ["singlefile:false","trimmed:false","nativeaot:false"]
}
}
```
- **Writer handoff:**
- Serialize as deterministic JSON (sorted keys) to the Scanner writer contract `writer/observations/lang/dotnet`.
- Attach `sbom_entrypoint_tags` derived from entrypoint labels to feed SBOM Service tagging.
- **Publication:** Payload shape and field meanings fixed here for Sprint 0132 downstream work.
## SCANNER-ANALYZERS-LANG-11-005 (fixtures & benchmarks)
- **Objective:** Provide fixture plan so QA can start without waiting on further design.
- **Fixture matrix:**
- Framework-dependent: `net8.0`, `net9.0-preview` sample apps (console + web minimal API).
- Self-contained: `linux-x64` trimmed vs non-trimmed.
- Single-file: `win-x64` single-file publish, include native hosting bundle.
- NativeAOT: `linux-x64` HelloWorld + P/Invoke stub.
- Multi-RID: RID graph `linux-x64`, `linux-arm64`, `win-x64` with RID fallback expectations.
- **Locations:** place fixtures under `src/Scanner/__Tests/Fixtures/DotNet/11-005/*`; store expected observation JSON in `__Tests/Fixtures/DotNet/11-005/expected/*.json` with sorted keys.
- **Bench envelopes:**
- Target <150 ms p95 per project scan on dev laptop, <25 MB heap delta; capture via BenchmarkDotNet and report to `__Benchmarks/11-005.md`.
- **Determinism:** lock timestamps to `1970-01-01T00:00:00Z` in serialized outputs; stable ordering by (entrypoint label, dependency to PURL, reason_code).
## SCANNER-ANALYZERS-NATIVE-20-002 (ELF declared-dependency writer contract)
- **Objective:** Unblock writer schema so native analyzer can emit DT_NEEDED/DT_RPATH/DT_RUNPATH data.
- **Edge record (per ELF binary):**
```json
{
"image": "libssl.so.3",
"build_id": "cafef00d",
"rpath": ["$ORIGIN/lib","/usr/lib"],
"runpath": ["$ORIGIN","/opt/openssl"],
"needed": [
{"name": "libcrypto.so.3", "slot": 0, "version": "OPENSSL_3.0", "reason_code": "elf-dtneeded"},
{"name": "libpthread.so.0", "slot": 1, "version": null, "reason_code": "elf-dtneeded"}
],
"interpreter": "/lib64/ld-linux-x86-64.so.2",
"origin": "virtual-fs",
"confidence": 0.82
}
```
- **Writer path:** `writer/observations/native/elf-declared-deps` (append-only NDJSON; sorted by image name then slot).
- **Redaction:** no host absolute paths; resolve `$ORIGIN` using virtual image root only.
- **Publication:** schema above is the agreed baseline for downstream tasks; time-boxed to Sprint 0132.
## SCANNER-ANALYZERS-NODE-22-001 (isolated runner / scoped build graph)
- **Objective:** Provide a deterministic way to run Node analyzer tests without fanning out the whole solution.
- **Approach:**
- Add target solution filter: `src/Scanner/StellaOps.Scanner.Analyzers.Lang.Node.slnf` including only Node projects + shared test utilities.
- Introduce `Directory.Build.props` override for `Lang.Node` tests to disable cross-solution restore (`DisableTransitiveProjectReferences=true`).
- Test command for CI + local: `dotnet test src/Scanner/StellaOps.Scanner.Analyzers.Lang.Node.Tests/StellaOps.Scanner.Analyzers.Lang.Node.Tests.csproj /p:DisableTransitiveProjectReferences=true --no-restore --logger:"console;verbosity=minimal"`.
- Cache seeds: copy pnpm/Yarn fixtures into `obj/fixtures-cache` during test init; deterministic zip timestamps set to `1980-01-01`.
- **Publication:** This runbook unblocks execution while broader solution build contention is resolved; downstream tasks should adopt this invocation until Sprint 131 completes.
---
**Owners:** Scanner EPDR Guild (DotNet), SBOM Service Guild, Native Analyzer Guild, Node Analyzer Guild.
**Status:** All PREP artifacts published 2025-11-20.

33
docs/modules/scanner/prep/2025-11-20-analyzers-prep.md Normal file
View File

@@ -0,0 +1,33 @@
# Scanner Analyzers PREP Notes — 2025-11-20
Owner: Scanner EPDR Guild · Signals Guild · SBOM Service Guild · Native Analyzer Guild
Scope: Prep deliverables for PREP-SCANNER-ANALYZERS-LANG-11-003-DEPENDS-ON, PREP-SCANNER-ANALYZERS-LANG-11-004-DEPENDS-ON, and PREP-SCANNER-ANALYZERS-NATIVE-20-002-AWAIT-DE.
## 1) LANG-11-003 runtime evidence ingest (dependent on 11-002)
- Required upstream: static analyzer outputs from 11-002 (AssemblyRef/ModuleRef/PInvoke/reflection edges with reason codes/confidence).
- Runtime harness spec (draft):
- Listener surfaces `AssemblyLoad`, `Resolving`, `FirstChanceException` events; optional OS-specific providers gated by feature flag `scanner:analyzers:dotnet:runtime-capture` (default off).
- Output shape fed into merger: `runtime_edges[]` with fields `{from_entrypoint, to_identity, reason_code, confidence, evidence}`; `evidence` captures event type, payload fragment, timestamp (UTC ISO-8601), and source provider.
- Merge rules: prefer static edges; runtime edges only add new edges or upgrade confidence; no removals.
- Test plan stub: targeted harness tests under `StellaOps.Scanner.Analyzers.Lang.DotNet.Tests` using recorded ETW/EventListener traces; determinism enforced via sorted edges and normalized timestamps.
## 2) LANG-11-004 normalized observation export (dependent on 11-003)
- Export contract (AOC compliant) to Scanner writer:
- `entrypoints[]` with `{id, assembly_name, mvid, tfm, rid, kind}`.
- `dependency_edges[]` with `{from_entrypoint, to_component, reason_code, confidence, source={static|runtime|declared}, evidence_ref}`.
- `environment_profiles[]` capturing loader configuration (search paths, probing settings) without host-specific absolute paths; deterministic ordering.
- Integration expectations:
- Writer API endpoint path: `scanner/writer/analyzers/dotnet/runtime-static-fusion` (to be aligned with writer team).
- SBOM tagging: entrypoints annotated with export IDs; avoid adding derived severity.
- Testing hook: golden JSON exports under `src/Scanner/__Tests/Fixtures/lang11/export/*.json`, referenced by `ObservationExportTests` once 11-003 is ready.
## 3) NATIVE-20-002 declared-dependency writer (await declared-dependency contract)
- Scope: emit declared dependencies from ELF dynamic sections with `reason_code=elf-dtneeded`, include `rpath/runpath` and symbol version needs when present.
- Contract expectations:
- Writer record fields: `{binary_id, needed_soname, search_path_hint[], runpath[], build_id, interpreter, version_need[]}`; all ordered deterministically.
- Input parser must normalize duplicate `DT_NEEDED` entries and preserve order of appearance.
- Dependencies: needs finalized declared-dependency writer interface from Scanner writer team; block remains until contract lands, but this prep defines expected payload shape and ordering.
- Test stub guidance: place fixtures under `src/Scanner/__Tests/Fixtures/native/elf-dtneeded/*` with baseline YAML/JSON; benchmark target <25ms per binary on baseline fixtures.
## Handoff
- This document is the published prep artefact requested by the above PREP tasks. Implementation tasks should cite this file until upstream contracts arrive.

26
docs/modules/scanner/prep/2025-11-20-java-21-005-prep.md Normal file
View File

@@ -0,0 +1,26 @@
# Java Analyzer Prep — SCANNER-ANALYZERS-JAVA-21-005 (PREP)
Status: Draft (2025-11-20)
Owners: Java Analyzer Guild
Scope: Capture prerequisites and fixture expectations to unblock SCANNER-ANALYZERS-JAVA-21-005 once upstream build issues clear.
## Blocking issues observed
- Repository build fails in Concelier due to missing `CoreLinksets` Mongo interfaces; prevents running targeted Java analyzer tests.
- Targeted `dotnet test` stalls during restore/build on shared runner; needs clean CI slot or scoped solution.
## Required upstream artifacts
- Concelier/CoreLinksets packages or mocks to let Java analyzer tests restore/build.
- CI job or local script to run Java analyzer tests in isolation (`StellaOps.Scanner.Analyzers.Lang.Java.Tests.csproj`) without full solution restore.
## Expected outputs once unblocked
- Framework config extraction evidence covering Spring Boot imports, app/bootstrap configs, web.xml/fragments, JPA/CDI/JAXB configs, logging files, Graal native-image configs.
- JNI/native hint detection: System.load/Library literals, bundled native libs, Graal JNI configs with component metadata.
- Deterministic hashing of config evidence (SHA-256) with stable ordering.
## Test/fixture plan
- Fixtures under `src/Scanner/__Tests/Fixtures/java/21-005/*` capturing the above configs.
- Regression tests in `StellaOps.Scanner.Analyzers.Lang.Java.Tests/FrameworkConfigTests.cs` asserting evidence presence and hashes.
- Add CI note: prefer `dotnet test ...Java.Tests.csproj --filter Category=FrameworkConfig` once solutions restore cleanly.
## Handoff
Use this document as the published prep artefact for PREP-SCANNER-ANALYZERS-JAVA-21-005-TESTS-BLOC. Update once Concelier/CoreLinksets dependency is resolved or CI isolation is available.

26
docs/modules/scanner/prep/2025-11-20-java-21-008-prep.md Normal file
View File

@@ -0,0 +1,26 @@
# Java Analyzer Prep — SCANNER-ANALYZERS-JAVA-21-008
Status: Draft (2025-11-20)
Owners: Java Analyzer Guild
Scope: Resolver + AOC writer emitting entrypoints/components/edges with reason codes/confidence; depends on 21-007 outputs.
## Dependencies
- 21-007 manifest metadata collector outputs (signers, manifest attributes) required to seed resolver inputs.
- CoreLinksets/Concelier build health to allow Java analyzer test runs.
## Proposed resolver outputs
- `entrypoints[]`: `{id, path, manifest_main_class?, agent_class?, start_class?, module}`.
- `components[]`: modules/JARs with `{purl?, sha256, module_name?, signed?, signer_ids[]}`.
- `edges[]`: `{from_entrypoint, to_component, reason_code (jpms|cp|spi|reflect|jni|runtime), confidence, evidence}`.
- Deterministic ordering: sort edges by (from_entrypoint, to_component, reason_code).
## Tests/fixtures
- Place fixtures under `src/Scanner/__Tests/Fixtures/java/21-008/*` covering jpms, classpath, SPI, reflection, JNI cases.
- Regression tests: `ResolverOutputs_AreDeterministic` and `EdgesIncludeReasonAndConfidence`.
## Open decisions
- Exact confidence scale (01 vs categorical) to align with downstream Surface.
- Whether to emit runtime edges in this task vs deferring to 21-010.
## Handoff
Use this doc as the PREP artefact for 21-008; update once 21-007 outputs and confidence scale are finalized.

28
docs/modules/scanner/prep/2025-11-20-lang-11-001-prep.md Normal file
View File

@@ -0,0 +1,28 @@
# .NET Lang Analyzer Prep — SCANNER-ANALYZERS-LANG-11-001
Status: Draft (2025-11-20)
Owners: Scanner EPDR Guild · Language Analyzer Guild
Scope: Entrypoint resolver mapping project/publish artifacts to deterministic entrypoint identities; PREP covers test isolation and hang debugging.
## Blocking issues
- `dotnet test` hangs/returns empty output on shared runner; high restore/build fan-out.
- Concelier/CoreLinksets build errors encountered during prior attempts.
## Proposed mitigation
- Add CI job to run `dotnet test src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.DotNet.Tests/StellaOps.Scanner.Analyzers.Lang.DotNet.Tests.csproj --filter Category=Entrypoints --blame-hang-timeout 45s` on clean agent.
- Provide scoped solution `StellaOps.Scanner.Analyzers.Lang.DotNet.slnf` to limit restore.
## Expected outputs
- Entrypoints array: `{id, assembly_name, mvid, tfm, rid, kind}` with deterministic ID hashing (`sha256` over path+tfm+rid).
- Environment profiles: loader/probing settings minus host absolute paths.
## Test/fixtures
- Fixtures under `src/Scanner/__Tests/Fixtures/dotnet/entrypoints/*` for framework-dependent, self-contained, NativeAOT, multi-RID, single-file, trimmed builds.
- Golden outputs sorted by entrypoint id; verify hash stability across OS.
## Open decisions
- Hash input shape for `id` (include project GUID?): to confirm with Signals guild.
- Whether to allow RID inference from runtimeconfig vs RID graph; requires Signals sign-off.
## Handoff
Treat this as the PREP artefact for PREP-SCANNER-ANALYZERS-LANG-11-001; update once CI isolation and hash rules are confirmed.

27
docs/modules/scheduler/prep/2025-11-20-surface-fs-pointer.md Normal file
View File

@@ -0,0 +1,27 @@
# Surface FS Pointer Contract (Draft) — PREP-SCHED-SURFACE-01
Status: Draft (2025-11-20)
Owners: Scheduler Worker Guild
Scope: Define pointer model for Surface FS to unblock scheduler worker planning.
## Pointer model
- Identifier: `surfacefs://<tenant>/<dataset>/<version>`.
- Fields:
- `tenant_id`
- `dataset` (e.g., `sbom`, `findings`, `reachability`)
- `version` (content hash or monotonic version)
- `storage_uri` (unset/relative in sealed mode; content-addressed path recommended)
- `created_at` (RFC3339 UTC)
- Deterministic JSON serialization with sorted keys.
## Scheduler usage
- Workers receive pointer in job payload; pointer is immutable per job.
- Cache key = `surface_fs_pointer`.
- Validation: ensure `dataset` is allowlisted; reject untrusted storage_uri when sealed mode is on.
## Open decisions
- Final allowlist of datasets.
- Whether inline `storage_uri` is permitted under sealed mode or requires local mirror resolution.
## Handoff
Use this doc as the PREP artefact for PREP-SCHED-SURFACE-01; update once datasets and sealed-mode rule are agreed.

21
docs/modules/scheduler/prep/2025-11-20-worker-23-101-prep.md Normal file
View File

@@ -0,0 +1,21 @@
# Scheduler Worker PREP — SCHED-WORKER-23-101
Status: Draft (2025-11-20)
Owners: Scheduler Worker Guild · Policy Guild
Scope: Capture activation event contract and throttle source needed for worker 23-101.
## Required inputs
- Activation event schema from Policy guild: expected fields `{job_id, policy_run_id, tenant_id, priority, throttle_source}`.
- Throttle source definition (static config vs dynamic policy signals).
## Proposed contract
- Event type: `scheduler.policy.activation.requested`.
- Payload: `{job_id, policy_run_id, tenant_id, priority, requested_at_utc, throttle_source}`.
- Throttle source values: `scheduler-default`, `policy-signal`, `manual-override` (to be confirmed).
## Open decisions
- Whether to carry bundle pointers (policy/export) in the activation event.
- Retry/backoff policy if Policy service is down.
## Handoff
Use this doc as PREP artefact for SCHED-WORKER-23-101; update once Policy guild provides final schema/throttle rules.

20
docs/runbooks/replay_ops_prep_187_004.md Normal file
View File

@@ -0,0 +1,20 @@
# Replay Ops Runbook Prep — PREP-RUNBOOK-REPLAY-187-004 (Draft)
Status: Draft (2025-11-20)
Owners: Docs Guild · Ops Guild
Scope: Capture required sections for the replay operations runbook once APIs are finalized.
## Runbook sections to include
1) **Prechecks**: confirm trust roots, air-gap status, Evidence Locker availability, and bundle integrity (`sha256`, DSSE verification).
2) **Ingestion**: steps to POST replay records to Evidence Locker (`/replay/records`), expected responses, retry/backoff guidance.
3) **Verification**: CLI commands (`stella verify --bundle`), Attestor verification call once available, interpreting results.
4) **Replay/Compare**: `stella replay` and `stella diff` workflows, deterministic output locations, common failure modes.
5) **Observability**: log/metric names to watch (to be filled after Evidence Locker/CLI finalize telemetry).
6) **Escalation**: contacts for Scanner/CLI/Attestor/Evidence Locker guilds.
## Dependencies
- Replay payload schema (`docs/modules/evidence-locker/replay-payload-contract.md`).
- CLI and Attestor prep docs for command/API details.
## Handoff
When APIs finalize, merge this content into `docs/runbooks/replay_ops.md` and retire this prep stub.

18
docs/samples/evidence-locker/attestation-v1-sample.json Normal file
View File

@@ -0,0 +1,18 @@
{
"subject_digest": "sha256:deadbeef",
"bundle_id": "11111111-2222-3333-4444-555555555555",
"produced_at": "2025-11-20T00:00:00Z",
"producer": "evidence-locker:us-gov-west",
"hashes": {
"sboms/spdx.json": "abcdef",
"vex/osv.json": "123456"
},
"sbom": [
{"digest": "sha256:abcdef", "mediaType": "application/spdx+json"}
],
"vex": [
{"digest": "sha256:123456", "schema": "openvex-1.0"}
],
"signing_profile": "sovereign-default",
"transparency": null
}

18
docs/samples/excititor/chunk-attestation-sample.json Normal file
View File

@@ -0,0 +1,18 @@
{
"subject_digest": "sha256:112233",
"predicates": {
"stellaops.vex.chunk.meta.v1": {
"tenant": "acme",
"source": "ghsa",
"schema": "stellaops.vex.chunk.v1",
"item_count": 1
},
"stellaops.vex.chunk.integrity.v1": {
"items": [
{"ordinal": 0, "sha256": "abc"}
]
}
},
"signing_profile": "sovereign-default",
"transparency": null
}

1
docs/samples/excititor/chunk-sample.ndjson Normal file
View File

@@ -0,0 +1 @@
{"chunk_id":"11111111-2222-3333-4444-555555555555","tenant":"acme","source":"ghsa","schema":"stellaops.vex.chunk.v1","items":[{"advisory_id":"GHSA-123","status":"affected","purl":"pkg:npm/foo@1.0.0"}],"provenance":{"fetched_at":"2025-11-20T00:00:00Z","artifact_sha":"abc"}}

93
docs/samples/excititor/connector-signer-metadata-sample.json Normal file
View File

@@ -0,0 +1,93 @@
{
"schemaVersion": "1.0.0",
"generatedAt": "2025-11-20T00:00:00Z",
"connectors": [
{
"connectorId": "excititor:msrc",
"provider": { "name": "Microsoft Security Response Center", "slug": "msrc" },
"issuerTier": "tier-1",
"signers": [
{
"usage": "csaf",
"fingerprints": [
{"alg": "sha256", "format": "pgp", "value": "F1C3D9E4A7B28C5FD6E1A203B947C2A0C5D8BEEF"},
{"alg": "sha256", "format": "x509-spki", "value": "5A1F4C0E9B27D0C64EAC1F22C3F501AA9FCB77AC8B1D4F9F3EA7E6B4CE90F311"}
],
"keyLocator": "oci://mirror.stella.local/keys/msrc-csaf@sha256:793dd8a6..."
}
],
"bundle": {
"kind": "oci-referrer",
"uri": "oci://mirror.stella.local/msrc/csaf:2025-11-19",
"digest": "sha256:4b8c9fd6e479e1b6dcd2e7ed93a85c1c7d6052f7b4a6b83471e44f5c9c2a1f30",
"publishedAt": "2025-11-19T12:00:00Z"
},
"validFrom": "2025-11-01"
},
{
"connectorId": "excititor:oracle",
"provider": { "name": "Oracle", "slug": "oracle" },
"issuerTier": "tier-1",
"signers": [
{
"usage": "oval",
"fingerprints": [
{"alg": "sha256", "format": "x509-spki", "value": "6E3AC4A95BD5402F4C7E9B2371190E0F3B3C11C7B42B88652E7EE0F659A0D202"}
],
"keyLocator": "file://offline-kits/oracle/oval/signing-chain.pem",
"certificateChain": ["-----BEGIN CERTIFICATE-----\nMIID...oracle-root...\n-----END CERTIFICATE-----"]
}
],
"bundle": {
"kind": "file",
"uri": "file://offline-kits/oracle/oval/oval-feed-2025-11-18.tar.gz",
"digest": "sha256:b13b1b84af1da7ee3433e0c6c0cc28a8b5c7d3e52d93b9f86d4a4b0f1dcd8f05",
"publishedAt": "2025-11-18T09:30:00Z"
},
"validFrom": "2025-10-15"
},
{
"connectorId": "excititor:oci.openvex.attest",
"provider": { "name": "StellaOps Mirror", "slug": "stella-mirror" },
"issuerTier": "tier-0",
"signers": [
{
"usage": "openvex",
"fingerprints": [
{"alg": "sha256", "format": "cosign", "value": "a0c1d4e5f6b7982134d56789e0fab12345cdef6789abcdeffedcba9876543210"}
],
"keyLocator": "oci://mirror.stella.local/keys/stella-mirror-openvex:1",
"certificateChain": []
}
],
"bundle": {
"kind": "oci-tag",
"uri": "oci://mirror.stella.local/stellaops/openvex:2025-11-19",
"digest": "sha256:77f6c0b8f2c9845c7d0a4f3b783b0caf00cce6fb899319ff69cb941fe2c58010",
"publishedAt": "2025-11-19T15:00:00Z"
},
"validFrom": "2025-11-15"
},
{
"connectorId": "excititor:ubuntu",
"provider": { "name": "Ubuntu Security", "slug": "ubuntu" },
"issuerTier": "tier-2",
"signers": [
{
"usage": "oval",
"fingerprints": [
{"alg": "sha256", "format": "pgp", "value": "7D19E3B4A5F67C103CB0B4DE0FA28F90D6E4C1D2"}
],
"keyLocator": "tuf://mirror.stella.local/tuf/ubuntu/targets/oval-signing.pub"
}
],
"bundle": {
"kind": "tuf",
"uri": "tuf://mirror.stella.local/tuf/ubuntu/oval/targets/oval-2025-11-18.tar.gz",
"digest": "sha256:e41c4fc15132f8848e9924a1a0f1a247d3c56da87b7735b6c6d8cbe64f0f07e5",
"publishedAt": "2025-11-18T07:00:00Z"
},
"validFrom": "2025-11-01"
}
]
}

1
docs/samples/excititor/connector-signer-metadata-sample.json.sha256 Normal file
View File

@@ -0,0 +1 @@
a2f0986d938d877adf01a76b7a9e79cc148f330e57348569619485feb994df1d connector-signer-metadata-sample.json

17
src/AirGap/StellaOps.AirGap.Importer/Contracts/TrustRootConfig.cs Normal file
View File

@@ -0,0 +1,17 @@
namespace StellaOps.AirGap.Importer.Contracts;
/// <summary>
/// Describes the minimal trust-root inputs the importer requires before
/// processing any offline bundle.
/// </summary>
public sealed record TrustRootConfig(
string RootBundlePath,
IReadOnlyCollection<string> TrustedKeyFingerprints,
IReadOnlyCollection<string> AllowedSignatureAlgorithms,
DateTimeOffset? NotBeforeUtc,
DateTimeOffset? NotAfterUtc,
IReadOnlyDictionary<string, byte[]> PublicKeys)
{
public static TrustRootConfig Empty(string rootBundlePath) =>
new(rootBundlePath, Array.Empty<string>(), Array.Empty<string>(), null, null, new Dictionary<string, byte[]>());
}

8
src/AirGap/StellaOps.AirGap.Importer/Models/BundleCatalogEntry.cs Normal file
View File

@@ -0,0 +1,8 @@
namespace StellaOps.AirGap.Importer.Models;
public sealed record BundleCatalogEntry(
string TenantId,
string BundleId,
string Digest,
DateTimeOffset ImportedAtUtc,
IReadOnlyList<string> ContentPaths);

8
src/AirGap/StellaOps.AirGap.Importer/Models/BundleItem.cs Normal file
View File

@@ -0,0 +1,8 @@
namespace StellaOps.AirGap.Importer.Models;
public sealed record BundleItem(
string TenantId,
string BundleId,
string Path,
string Digest,
long SizeBytes);

Some files were not shown because too many files have changed in this diff Show More