feat: Add initial implementation of Vulnerability Resolver Jobs
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
- Created project for StellaOps.Scanner.Analyzers.Native.Tests with necessary dependencies. - Documented roles and guidelines in AGENTS.md for Scheduler module. - Implemented IResolverJobService interface and InMemoryResolverJobService for handling resolver jobs. - Added ResolverBacklogNotifier and ResolverBacklogService for monitoring job metrics. - Developed API endpoints for managing resolver jobs and retrieving metrics. - Defined models for resolver job requests and responses. - Integrated dependency injection for resolver job services. - Implemented ImpactIndexSnapshot for persisting impact index data. - Introduced SignalsScoringOptions for configurable scoring weights in reachability scoring. - Added unit tests for ReachabilityScoringService and RuntimeFactsIngestionService. - Created dotnet-filter.sh script to handle command-line arguments for dotnet. - Established nuget-prime project for managing package downloads.
This commit is contained in:
master
66
docs/implplan/SPRINT_0161_0001_0001_evidencelocker.md
Normal file
66
docs/implplan/SPRINT_0161_0001_0001_evidencelocker.md
Normal file
@@ -0,0 +1,66 @@
|
||||
# Sprint 0161_0001_0001 · EvidenceLocker
|
||||
|
||||
## Topic & Scope
|
||||
- Advance 160.A EvidenceLocker stream: finalize bundle packaging, replay ingest/retention, CLI/ops readiness, and sovereign crypto routing.
|
||||
- Produce ready-to-execute task definitions that unblock downstream ExportCenter/TimelineIndexer once upstream schemas land.
|
||||
- Working directory: `docs/implplan` (coordination for EvidenceLocker; code lives in `src/EvidenceLocker` & CLI modules tracked elsewhere).
|
||||
|
||||
## Dependencies & Concurrency
|
||||
- Upstream: AdvisoryAI evidence bundle schema + payload notes (Sprint 110.A); Orchestrator/Notifications capsule schemas (Sprint 150.A / 140); Replay Ledger rules in `docs/replay/DETERMINISTIC_REPLAY.md`; crypto audit `docs/security/crypto-routing-audit-2025-11-07.md`.
|
||||
- Concurrency: runs alongside Sprint 160 coordination; blocks ExportCenter (Sprint 162/163) and TimelineIndexer (Sprint 165) until manifests/envelopes freeze.
|
||||
- Ready signals required before DOING: (1) AdvisoryAI schema freeze, (2) Orchestrator envelopes freeze, (3) crypto registry plan approved at 2025-11-18 review.
|
||||
|
||||
## Documentation Prerequisites
|
||||
- `docs/modules/evidence-locker/architecture.md`
|
||||
- `docs/modules/evidence-locker/bundle-packaging.md`
|
||||
- `docs/modules/evidence-locker/incident-mode.md`
|
||||
- `docs/replay/DETERMINISTIC_REPLAY.md`
|
||||
- `docs/runbooks/replay_ops.md`
|
||||
- `docs/security/crypto-routing-audit-2025-11-07.md`
|
||||
- `docs/events/orchestrator-scanner-events.md`
|
||||
- `docs/modules/cli/architecture.md`
|
||||
|
||||
## Delivery Tracker
|
||||
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
|
||||
| --- | --- | --- | --- | --- | --- |
|
||||
| 1 | EVID-OBS-54-002 | BLOCKED | Await AdvisoryAI schema + orchestrator envelopes to freeze bundle packaging/DSSE fields. | Evidence Locker Guild | Finalize deterministic bundle packaging + DSSE layout per `docs/modules/evidence-locker/bundle-packaging.md`, including portable/incident modes. |
|
||||
| 2 | EVID-REPLAY-187-001 | BLOCKED | Need orchestrator + AdvisoryAI payloads and replay ledger retention shape. | Evidence Locker Guild · Replay Delivery Guild | Implement replay bundle ingestion + retention APIs; update storage policy per `docs/replay/DETERMINISTIC_REPLAY.md`. |
|
||||
| 3 | CLI-REPLAY-187-002 | BLOCKED | EvidenceLocker APIs & schemas needed to wire CLI verbs. | CLI Guild | Add CLI `scan --record`, `verify`, `replay`, `diff` with offline bundle resolution; align golden tests. |
|
||||
| 4 | RUNBOOK-REPLAY-187-004 | BLOCKED | Depends on retention APIs + CLI behavior to document. | Docs Guild · Ops Guild | Publish `/docs/runbooks/replay_ops.md` coverage for retention enforcement, RootPack rotation, verification drills. |
|
||||
| 5 | EVID-CRYPTO-90-001 | BLOCKED | Pending 2025-11-18 sovereign crypto readiness review. | Evidence Locker Guild · Security Guild | Route hashing/signing/bundle encryption through `ICryptoProviderRegistry`/`ICryptoHash` for sovereign crypto providers. |
|
||||
|
||||
## Action Tracker
|
||||
| Action | Owner(s) | Due | Status |
|
||||
| --- | --- | --- | --- |
|
||||
| Capture AdvisoryAI + orchestrator schema deltas into this sprint and attach sample payloads. | Evidence Locker Guild | 2025-11-15 | BLOCKED (schemas not yet delivered) |
|
||||
| Draft Replay Ledger API + CLI notes to unblock EVID-REPLAY-187-001/002. | Evidence Locker Guild · Replay Delivery Guild | 2025-11-16 | BLOCKED (awaiting schema signals) |
|
||||
| Validate `ICryptoProviderRegistry` plan at readiness review. | Evidence Locker Guild · Security Guild | 2025-11-18 | Pending |
|
||||
|
||||
## Interlocks & Readiness Signals
|
||||
| Dependency | Impacts | Status / Next signal |
|
||||
| --- | --- | --- |
|
||||
| AdvisoryAI evidence bundle schema & payload notes (Sprint 110.A) | EVID-OBS-54-002, EVID-REPLAY-187-001/002 | Pending; expected at 2025-11-14 stand-up. Required before DOING. |
|
||||
| Orchestrator + Notifications capsule schema (`docs/events/orchestrator-scanner-events.md`) | All tasks | Pending; expected 2025-11-15 handoff. Required before DOING. |
|
||||
| Sovereign crypto readiness review | EVID-CRYPTO-90-001 | Scheduled 2025-11-18; blocks sovereign routing. |
|
||||
| Replay Ledger spec alignment (`docs/replay/DETERMINISTIC_REPLAY.md`) | EVID-REPLAY-187-001/002, RUNBOOK-REPLAY-187-004 | Sections 2,8,9 must be reflected once schemas land. |
|
||||
|
||||
## Decisions & Risks
|
||||
| Item | Status / Decision | Notes |
|
||||
| --- | --- | --- |
|
||||
| Schema readiness | BLOCKED | Waiting on AdvisoryAI + orchestrator envelopes; no DOING until frozen. |
|
||||
| Crypto routing approval | PENDING | Review on 2025-11-18 to approve `ICryptoProviderRegistry` wiring. |
|
||||
| Template & filename normalization | DONE (2025-11-17) | Renamed to `SPRINT_0161_0001_0001_evidencelocker.md`; structure aligned to sprint template. |
|
||||
|
||||
### Risk table
|
||||
| Risk | Severity | Mitigation / Owner |
|
||||
| --- | --- | --- |
|
||||
| AdvisoryAI schema slips past 2025-11-14, delaying DSSE manifest freeze. | High | AdvisoryAI Guild to provide interim sample payloads; EvidenceLocker to stub adapters. |
|
||||
| Orchestrator/Notifications schema handoff misses 2025-11-15. | High | Escalate to Wave 150/140; keep tasks BLOCKED and schedule daily stand-ups until envelopes land. |
|
||||
| Sovereign crypto routing design not ready by 2025-11-18. | Medium | Security to publish reference implementation; EvidenceLocker to nominate fallback providers. |
|
||||
| Replay Ledger alignment drifts from CLI behavior. | Medium | Sync docs/runbooks with CLI/EvidenceLocker changes once schemas land; add deterministic test cases. |
|
||||
|
||||
## Execution Log
|
||||
| Date (UTC) | Update | Owner |
|
||||
| --- | --- | --- |
|
||||
| 2025-11-12 | Snapshot captured (pre-template) with tasks TODO. | Planning |
|
||||
| 2025-11-17 | Normalized sprint to standard template, renamed file, and set all tasks BLOCKED pending schemas/crypto review. | Implementer |
|
||||
Reference in New Issue
Block a user