stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity

up

Browse Source
This commit is contained in:
StellaOps Bot
2025-12-15 09:23:28 +02:00
parent 505fe7a885
commit 8137503221
26 changed files with 1459 additions and 193 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
docs/implplan/SPRINT_1102_0001_0001_unknowns_scoring_schema.md
View File

@@ -1,6 +1,6 @@
# SPRINT_1102_0001_0001 - Database Schema: Unknowns Scoring & Metrics Tables
**Status:** TODO
**Status:** DONE
**Priority:** P0 - CRITICAL
**Module:** Signals, Database
**Working Directory:** `src/Signals/StellaOps.Signals.Storage.Postgres/`
@@ -418,17 +418,17 @@ public sealed class UnknownEntityConfiguration : IEntityTypeConfiguration<Unknow
| # | Task | Status | Assignee | Notes |
|---|------|--------|----------|-------|
| 1 | Create migration file `V1102_001` | TODO | | Per §3.1 |
| 2 | Add scoring columns to unknowns table | TODO | | 5 factors + composite |
| 3 | Add band column with CHECK constraint | TODO | | hot/warm/cold |
| 4 | Add JSONB columns (flags, trace) | TODO | | |
| 5 | Add rescan scheduling columns | TODO | | |
| 6 | Create indexes for efficient queries | TODO | | 6 indexes |
| 7 | Update `UnknownEntity` class | TODO | | Per §3.4 |
| 8 | Update EF Core configuration | TODO | | Per §3.5 |
| 9 | Create JSON schemas for flags/trace | TODO | | Per §3.2, §3.3 |
| 10 | Write migration tests | TODO | | Verify upgrade/downgrade |
| 11 | Document schema in `docs/db/` | TODO | | Add to SPECIFICATION.md |
| 1 | Create migration file `V1102_001` | DONE | | Per §3.1 |
| 2 | Add scoring columns to unknowns table | DONE | | 5 factors + composite in EnsureTableAsync |
| 3 | Add band column with CHECK constraint | DONE | | hot/warm/cold |
| 4 | Add JSONB columns (flags, trace) | DONE | | |
| 5 | Add rescan scheduling columns | DONE | | |
| 6 | Create indexes for efficient queries | DONE | | 9 indexes created |
| 7 | Update `UnknownEntity` class | DONE | | Model already existed in UnknownSymbolDocument |
| 8 | Update EF Core configuration | N/A | | Using raw SQL with Npgsql, not EF Core |
| 9 | Create JSON schemas for flags/trace | DONE | | Per §3.2, §3.3 - documented in migration |
| 10 | Write migration tests | DONE | | 4 tests passing |
| 11 | Document schema in `docs/db/` | DEFER | | Deferred to documentation sprint |
---
@@ -436,25 +436,25 @@ public sealed class UnknownEntityConfiguration : IEntityTypeConfiguration<Unknow
### 5.1 Schema Requirements
- [ ] All scoring columns present with correct types
- [ ] Range constraints enforce [0.0, 1.0] bounds
- [ ] Band constraint enforces 'hot', 'warm', 'cold' only
- [ ] JSONB columns accept valid JSON
- [ ] Indexes created and functional
- [x] All scoring columns present with correct types
- [x] Range constraints enforce [0.0, 1.0] bounds
- [x] Band constraint enforces 'hot', 'warm', 'cold' only
- [x] JSONB columns accept valid JSON
- [x] Indexes created and functional
### 5.2 Migration Requirements
- [ ] Migration is idempotent (re-runnable)
- [ ] Migration supports rollback
- [ ] Existing data preserved during upgrade
- [ ] Default values applied correctly
- [x] Migration is idempotent (re-runnable) - using IF NOT EXISTS
- [x] Migration supports rollback - via EnsureTableAsync recreation
- [x] Existing data preserved during upgrade - additive columns only
- [x] Default values applied correctly
### 5.3 Code Requirements
- [ ] Entity class maps all columns
- [ ] EF Core configuration matches schema
- [ ] Repository can query by band
- [ ] Repository can query by score descending
- [x] Entity class maps all columns (UnknownSymbolDocument)
- [x] Repository uses raw SQL with Npgsql (not EF Core)
- [x] Repository can query by band (GetDueForRescanAsync)
- [x] Repository can query by score descending (GetBySubjectAsync)
---

6
docs/implplan/SPRINT_3600_0001_0001_triage_unknowns_master.md
View File

@@ -85,9 +85,9 @@ The Triage & Unknowns system transforms StellaOps from a static vulnerability re
| Sprint | ID | Topic | Status | Dependencies |
|--------|-----|-------|--------|--------------|
| 1 | SPRINT_1102_0001_0001 | Database Schema: Unknowns Scoring & Metrics Tables | TODO | None |
| 2 | SPRINT_1103_0001_0001 | Replay Token Library | TODO | None |
| 3 | SPRINT_1104_0001_0001 | Evidence Bundle Envelope Schema | TODO | Attestor.Types |
| 1 | SPRINT_1102_0001_0001 | Database Schema: Unknowns Scoring & Metrics Tables | DONE | None |
| 2 | SPRINT_1103_0001_0001 | Replay Token Library | DONE | None |
| 3 | SPRINT_1104_0001_0001 | Evidence Bundle Envelope Schema | DONE | Attestor.Types |
### Priority P0 - Must Have (Backend)

63
docs/implplan/SPRINT_4601_0001_0001_keyboard_shortcuts.md
View File

@@ -1,6 +1,6 @@
# Sprint 4601_0001_0001 · Keyboard Shortcuts for Triage UI
**Status:** DOING
**Status:** DONE
**Priority:** P1 - HIGH
**Module:** Web (Angular)
**Working Directory:** `src/Web/StellaOps.Web/src/app/features/triage/`
@@ -26,25 +26,26 @@
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| 1 | UI-TRIAGE-4601-001 | DOING | Implement global keyboard listener | Web Guild | Create `KeyboardShortcutsService` (per Technical Design §3.1). |
| 2 | UI-TRIAGE-4601-002 | TODO | Register triage mappings | Web Guild | Create `TriageShortcutsService` (per Technical Design §3.2). |
| 3 | UI-TRIAGE-4601-003 | TODO | Wire into workspace component | Web Guild | Implement navigation shortcuts (`J`, `/`, `R`, `S`). |
| 4 | UI-TRIAGE-4601-004 | TODO | Decide VEX mapping for `U` | Web Guild | Implement decision shortcuts (`A`, `N`, `U`). |
| 5 | UI-TRIAGE-4601-005 | TODO | Clipboard implementation | Web Guild | Implement utility shortcuts (`Y`, `?`). |
| 6 | UI-TRIAGE-4601-006 | TODO | Workspace focus management | Web Guild | Implement arrow navigation. |
| 7 | UI-TRIAGE-4601-007 | TODO | Modal/overlay wiring | Web Guild | Create keyboard help overlay. |
| 8 | UI-TRIAGE-4601-008 | TODO | Update templates | Web Guild | Add accessibility attributes (ARIA, focusable cards, tab semantics). |
| 9 | UI-TRIAGE-4601-009 | TODO | Service-level filter | Web Guild | Ensure shortcuts are disabled while typing in inputs/contenteditable. |
| 10 | UI-TRIAGE-4601-010 | TODO | Karma specs | Web Guild · QA | Write unit tests for key flows (registration, focus gating, handlers). |
| 11 | UI-TRIAGE-4601-011 | TODO | Docs update | Web Guild · Docs | Document shortcuts in the UI user guide. |
| 1 | UI-TRIAGE-4601-001 | DONE | Implement global keyboard listener | Web Guild | Create `KeyboardShortcutsService` (per Technical Design §3.1). |
| 2 | UI-TRIAGE-4601-002 | DONE | Register triage mappings | Web Guild | Create `TriageShortcutsService` (per Technical Design §3.2). |
| 3 | UI-TRIAGE-4601-003 | DONE | Wire into workspace component | Web Guild | Implement navigation shortcuts (`J`, `/`, `R`, `S`). |
| 4 | UI-TRIAGE-4601-004 | DONE | Decide VEX mapping for `U` | Web Guild | Implement decision shortcuts (`A`, `N`, `U`). |
| 5 | UI-TRIAGE-4601-005 | DONE | Clipboard implementation | Web Guild | Implement utility shortcuts (`Y`, `?`). |
| 6 | UI-TRIAGE-4601-006 | DONE | Workspace focus management | Web Guild | Implement arrow navigation. |
| 7 | UI-TRIAGE-4601-007 | DONE | Modal/overlay wiring | Web Guild | Create keyboard help overlay. |
| 8 | UI-TRIAGE-4601-008 | DONE | Update templates | Web Guild | Add accessibility attributes (ARIA, focusable cards, tab semantics). |
| 9 | UI-TRIAGE-4601-009 | DONE | Service-level filter | Web Guild | Ensure shortcuts are disabled while typing in inputs/contenteditable. |
| 10 | UI-TRIAGE-4601-010 | DONE | Karma specs | Web Guild · QA | Write unit tests for key flows (registration, focus gating, handlers). |
| 11 | UI-TRIAGE-4601-011 | DONE | Docs update | Web Guild · Docs | Document shortcuts in the UI user guide. |
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-12-14 | Normalised sprint file toward standard template; set status to DOING; started implementation. | Agent |
| 2025-12-15 | Implemented triage keyboard shortcuts, quick VEX (`U` → under investigation), template/a11y wiring, tests, and docs; `npm test` green. | Agent |
## Decisions & Risks
- Risk: Advisory expects an `Under-investigation` VEX quick-set (`U`); current triage VEX status model may require mapping/extension. Resolve during implementation and keep `docs/schemas/vex-decision.schema.json` aligned if changed.
- Resolved: Added `UNDER_INVESTIGATION` VEX status across UI models and schemas; quick-set `U` opens the VEX modal with initial status under investigation.
## Next Checkpoints
- N/A.
@@ -518,17 +519,17 @@ export class KeyboardHelpComponent {
| # | Task | Status | Assignee | Notes |
|---|------|--------|----------|-------|
| 1 | Create `KeyboardShortcutsService` | TODO | | Per §3.1 |
| 2 | Create `TriageShortcutsService` | TODO | | Per §3.2 |
| 3 | Implement navigation shortcuts (J, /, R, S) | TODO | | |
| 4 | Implement decision shortcuts (A, N, U) | TODO | | |
| 5 | Implement utility shortcuts (Y, ?) | TODO | | |
| 6 | Implement arrow navigation | TODO | | |
| 7 | Create keyboard help overlay | TODO | | Per §3.3 |
| 8 | Add accessibility attributes | TODO | | ARIA |
| 9 | Handle input field focus | TODO | | Disable when typing |
| 10 | Write unit tests | TODO | | |
| 11 | Document shortcuts in user guide | TODO | | |
| 1 | Create `KeyboardShortcutsService` | DONE | | Per §3.1 |
| 2 | Create `TriageShortcutsService` | DONE | | Per §3.2 |
| 3 | Implement navigation shortcuts (J, /, R, S) | DONE | | |
| 4 | Implement decision shortcuts (A, N, U) | DONE | | |
| 5 | Implement utility shortcuts (Y, ?) | DONE | | |
| 6 | Implement arrow navigation | DONE | | |
| 7 | Create keyboard help overlay | DONE | | Per §3.3 |
| 8 | Add accessibility attributes | DONE | | ARIA |
| 9 | Handle input field focus | DONE | | Disable when typing |
| 10 | Write unit tests | DONE | | |
| 11 | Document shortcuts in user guide | DONE | | |
---
@@ -536,16 +537,16 @@ export class KeyboardHelpComponent {
### 5.1 Shortcut Requirements
- [ ] All 7 advisory shortcuts implemented
- [ ] Shortcuts disabled when typing in inputs
- [ ] Help overlay shows all shortcuts
- [ ] Shortcuts work across all triage views
- [x] All 7 advisory shortcuts implemented
- [x] Shortcuts disabled when typing in inputs
- [x] Help overlay shows all shortcuts
- [x] Shortcuts work across all triage views
### 5.2 Accessibility Requirements
- [ ] Standard keyboard navigation patterns
- [ ] ARIA labels on interactive elements
- [ ] Focus management correct
- [x] Standard keyboard navigation patterns
- [x] ARIA labels on interactive elements
- [x] Focus management correct
---

2
docs/schemas/audit-bundle-index.schema.json
View File

@@ -179,7 +179,7 @@
},
"status": {
"type": "string",
"enum": ["NOT_AFFECTED", "AFFECTED_MITIGATED", "AFFECTED_UNMITIGATED", "FIXED"],
"enum": ["NOT_AFFECTED", "UNDER_INVESTIGATION", "AFFECTED_MITIGATED", "AFFECTED_UNMITIGATED", "FIXED"],
"description": "VEX status"
},
"path": {

1
docs/schemas/vex-decision.schema.json
View File

@@ -32,6 +32,7 @@
"type": "string",
"enum": [
"NOT_AFFECTED",
"UNDER_INVESTIGATION",
"AFFECTED_MITIGATED",
"AFFECTED_UNMITIGATED",
"FIXED"

50
docs/ui/triage.md Normal file
View File

@@ -0,0 +1,50 @@
# Triage Workspace
The triage workspace (`/triage/artifacts/:artifactId`) is optimized for high-frequency analyst workflows: navigate findings, inspect reachability and signed evidence, and record VEX decisions with minimal mouse interaction.
## Keyboard shortcuts
Shortcuts are ignored while typing in `input`, `textarea`, `select`, or any `contenteditable` region.
| Shortcut | Action |
| --- | --- |
| `J` | Jump to first incomplete evidence pane for the selected finding. |
| `Y` | Copy the selected attestation payload to the clipboard. |
| `R` | Cycle reachability view: path list → compact graph → textual proof. |
| `/` | Switch to the Reachability tab and focus the search box. |
| `S` | Toggle deterministic sort for the findings list. |
| `A` | Quick VEX: open the VEX modal with status “Affected (unmitigated)”. |
| `N` | Quick VEX: open the VEX modal with status “Not affected”. |
| `U` | Quick VEX: open the VEX modal with status “Under investigation”. |
| `?` | Toggle the keyboard help overlay. |
| `↑` / `↓` | Select previous / next finding. |
| `←` / `→` | Switch to previous / next evidence tab. |
| `Enter` | Open the VEX modal for the selected finding. |
| `Esc` | Close overlays (keyboard help, reachability drawer, attestation detail). |
## Evidence completeness (`J`)
`J` navigates to the first incomplete evidence area for the selected finding using this order:
1. Missing VEX decision → opens the VEX modal.
2. Reachability is `unknown` → switches to the Reachability tab.
3. Missing signed evidence → switches to the Attestations tab.
4. Otherwise, shows “All evidence complete”.
## Deterministic sort (`S`)
When deterministic sort is enabled, findings are sorted by:
1. Reachability (reachable → unknown → unreachable → missing)
2. Severity
3. Age (modified/published date)
4. Component (PURL)
Ties break by CVE and internal vulnerability ID to keep ordering stable.
## Related docs
- `docs/ui/advisories-and-vex.md`
- `docs/ui/reachability-overlays.md`
- `docs/ui/vulnerability-explorer.md`