stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

consolidation of some of the modules, localization fixes, product advisories work, qa work

Browse Source
This commit is contained in:
master
2026-03-05 03:54:22 +02:00
parent 7bafcc3eef
commit 8e1cb9448d
3878 changed files with 72600 additions and 46861 deletions
Download Patch File Download Diff File Expand all files Collapse all files

160
docs-archived/implplan/2026-03-05-completed-sprints/SPRINT_20260304_302_Scanner_trace_delta_and_actionables_completion.md Normal file
View File

@@ -0,0 +1,160 @@
# Sprint 302 - Scanner: Trace Delta and Actionables Completion
## Topic & Scope
- Replace demo-grade delta compare and actionables behavior with deterministic scan-backed results.
- Implement missing trace-lineage infrastructure so scan IDs can resolve to stored traces and evidence.
- Close reachability witness gaps where exploitable verdicts currently degrade to `Unknown`.
- Working directory: `src/Scanner/`.
- Expected evidence: passing targeted Scanner tests, deterministic fixtures, and updated Scanner docs.
## Dependencies & Concurrency
- Upstream dependency: none.
- Downstream dependency: `SPRINT_20260304_303` and `SPRINT_20260304_309` rely on completed Scanner contracts here.
- Safe parallelism: can run with `304`, `305`, `307`, and `308`.
## Documentation Prerequisites
- `docs/modules/scanner/architecture.md`
- `docs/modules/scanner/design/change-trace-architecture.md`
- `docs/product/advisory-translation-20260304.md`
## Verified Code Baseline (2026-03-04)
- `SCN-001`: `src/Scanner/StellaOps.Scanner.WebService/Endpoints/DeltaCompareEndpoints.cs` still returns zeroed summaries and `GetComparisonAsync` always returns `null`.
- `SCN-002`: `src/Scanner/StellaOps.Scanner.WebService/Endpoints/ActionablesEndpoints.cs` still emits hardcoded sample actionables (`Log4j`, fixed sample IDs).
- `SCN-003`: `src/Scanner/__Libraries/StellaOps.Scanner.ChangeTrace/Builder/ChangeTraceBuilder.cs` still routes through `BuildPlaceholderTrace(...)` and writes `sha256:{Guid.Empty}` subject digests.
- `SCN-004`: `src/Scanner/__Libraries/StellaOps.Scanner.Runtime/Ingestion/TraceIngestionService.cs` has `GetTracesForScanAsync` TODO and unconditional empty return.
- `SCN-005`: `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Stack/ReachabilityResultFactory.cs` still maps exploitable verdicts to `Unknown()` via `CreateAffectedPlaceholderResult`.
- Existing tests are mostly shape checks: `DeltaCompareEndpointsTests` and `ActionablesEndpointsTests` pass with placeholder data, and no `TraceIngestionService` test coverage exists in `Scanner.Runtime.Tests`.
## Required Test Projects And Evidence Capture
- `src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/StellaOps.Scanner.WebService.Tests.csproj`
- `src/Scanner/__Tests/StellaOps.Scanner.ChangeTrace.Tests/StellaOps.Scanner.ChangeTrace.Tests.csproj`
- `src/Scanner/__Tests/StellaOps.Scanner.Runtime.Tests/StellaOps.Scanner.Runtime.Tests.csproj`
- `src/Scanner/__Tests/StellaOps.Scanner.Reachability.Stack.Tests/StellaOps.Scanner.Reachability.Stack.Tests.csproj`
- Every completion update must include exact `dotnet test <csproj> --filter ...` command and filtered `testsRun` count in the sprint Execution Log.
## Delivery Tracker
### TASK-302-001 - Replace placeholder delta compare logic with scan-backed computation
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Implement real comparison loading and summary generation in:
- `src/Scanner/StellaOps.Scanner.WebService/Endpoints/DeltaCompareEndpoints.cs`
- Remove placeholder behavior that currently returns zeroed counts and `null` from `GetComparisonAsync`.
- Persist/retrieve comparisons by deterministic comparison ID.
Completion criteria:
- [x] Gap `SCN-001` closed: `DeltaCompareService.CompareAsync` no longer returns placeholder-only summaries.
- [x] Gap `SCN-001` closed: `GetComparisonAsync` returns persisted comparison payload for existing IDs.
- [x] Quick diff output is derived from actual compare results, not hardcoded defaults.
- [x] `DeltaCompareEndpointsTests` includes assertions over non-zero or input-derived summary fields and retrieval by returned `comparisonId`.
### TASK-302-002 - Wire actionables generation to delta findings
Status: DONE
Dependency: TASK-302-001
Owners: Developer
Task description:
- Replace sample actionables in:
- `src/Scanner/StellaOps.Scanner.WebService/Endpoints/ActionablesEndpoints.cs`
- Generate recommendations from real delta findings, policy diffs, and vulnerability changes.
- Keep deterministic ordering by priority, then actionable ID.
Completion criteria:
- [x] Gap `SCN-002` closed: no static Log4j sample recommendation paths remain.
- [x] `/api/v1/actionables/delta/{id}` returns findings-derived recommendations.
- [x] Existing filter endpoints (`by-priority`, `by-type`) operate over computed actionables.
- [x] Source file no longer contains static sample CVE constants or fixed title text for actionables.
### TASK-302-003 - Implement ChangeTraceBuilder integration with scan and binary data
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Replace placeholder trace construction in:
- `src/Scanner/__Libraries/StellaOps.Scanner.ChangeTrace/Builder/ChangeTraceBuilder.cs`
- Integrate real scan repository inputs and BinaryIndex symbol extraction.
- Ensure emitted trace subject digest is content-addressed and deterministic.
Completion criteria:
- [x] Gap `SCN-003` closed: `BuildPlaceholderTrace` is removed from production code path.
- [x] Trace output includes scan-derived package, symbol, and change evidence.
- [x] Repeated runs with identical inputs produce byte-identical serialized traces.
- [x] Subject digest is content-addressed from canonicalized trace inputs and no longer uses `Guid.Empty` placeholder values.
### TASK-302-004 - Implement scan-to-trace index in runtime ingestion
Status: DONE
Dependency: TASK-302-003
Owners: Developer
Task description:
- Implement `GetTracesForScanAsync` in:
- `src/Scanner/__Libraries/StellaOps.Scanner.Runtime/Ingestion/TraceIngestionService.cs`
- Add deterministic scan-to-trace indexing and retrieval.
Completion criteria:
- [x] Gap `SCN-004` closed: `GetTracesForScanAsync` no longer returns an unconditional empty list.
- [x] Scan queries return trace IDs and normalized traces tied to the scan.
- [x] Index updates are idempotent and deterministic.
- [x] Returned traces are deterministically ordered (`TraceId` ascending or equivalent documented stable order).
### TASK-302-005 - Generate affected PathWitness artifacts for exploitable verdicts
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Update reachability result creation in:
- `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Stack/ReachabilityResultFactory.cs`
- Ensure exploitable/likely/possible verdicts produce `ReachabilityResult.Affected(PathWitness)` where witness data exists.
- Keep fallback semantics explicit when witness generation fails.
Completion criteria:
- [x] Gap `SCN-005` closed: exploitable verdicts no longer default to `Unknown` placeholder results.
- [x] `IReachabilityResultFactory` contract behavior matches implementation for affected verdicts.
- [x] Witness provenance is emitted for affected paths.
- [x] `ReachabilityResultFactoryTests` updates expected exploitable/likely verdict behavior from `Unknown` to `Affected` when witness is provided.
### TASK-302-006 - Add targeted tests for delta, actionables, trace indexing, and witnesses
Status: DONE
Dependency: TASK-302-001, TASK-302-002, TASK-302-003, TASK-302-004, TASK-302-005
Owners: Test Automation
Task description:
- Expand Scanner tests to assert behavior, not only endpoint shape.
- Run targeted `.csproj` tests for affected suites and include deterministic assertions for repeated runs.
Completion criteria:
- [x] Delta compare tests validate non-placeholder computed changes.
- [x] Actionables tests validate recommendation derivation from real delta inputs.
- [x] Trace ingestion tests validate scan-to-trace retrieval.
- [x] Reachability tests assert exploitable verdicts produce affected witnesses.
- [x] Execution evidence includes filtered project runs (not solution filter runs) and raw pass output snippets for each listed `.csproj`.
### TASK-302-007 - Sync Scanner architecture docs with delivered contracts
Status: DONE
Dependency: TASK-302-006
Owners: Documentation author
Task description:
- Update Scanner docs to reflect real status and finalized contracts:
- `docs/modules/scanner/architecture.md`
- `docs/modules/scanner/design/change-trace-architecture.md`
Completion criteria:
- [x] Docs remove placeholder claims for completed areas.
- [x] Docs include contract references for delta compare, actionables, and trace lineage.
- [x] `Decisions & Risks` links to updated docs.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-04 | Sprint created from advisory translation to close Scanner demo/stub behavior in delta, trace, and witness flows. | Planning |
| 2026-03-04 | Baseline verified against current Scanner code and tests; acceptance criteria tightened with concrete file and test-project evidence requirements. | Project Manager |
| 2026-03-05 | Delivered deterministic delta compare/actionables, change-trace builder placeholder removal, runtime scan-to-trace index, and affected-path witness generation in Scanner code paths. | Developer |
| 2026-03-05 | Test evidence: `src/Scanner/__Tests/StellaOps.Scanner.Runtime.Tests/bin/Debug/net10.0/StellaOps.Scanner.Runtime.Tests.exe -class "StellaOps.Scanner.Runtime.Tests.TraceIngestionServiceTests"` -> `Total: 4, Failed: 0`; `src/Scanner/__Tests/StellaOps.Scanner.Reachability.Stack.Tests/bin/Debug/net10.0/StellaOps.Scanner.Reachability.Stack.Tests.exe -class "StellaOps.Scanner.Reachability.Stack.Tests.ReachabilityResultFactoryTests"` -> `Total: 23, Failed: 0`; `src/Scanner/__Tests/StellaOps.Scanner.ChangeTrace.Tests/bin/Debug/net10.0/StellaOps.Scanner.ChangeTrace.Tests.exe` -> `Total: 123, Failed: 0`; targeted WebService delta/actionables classes passed within the focused run (`Total: 25, Failed: 0` across 302+303 classes). | Test Automation |
## Decisions & Risks
- Decision: smart-diff core library remains authoritative and mostly complete; this sprint focuses on missing Scanner service integration points.
- Risk: high coupling between delta compare, actionables, and trace ingestion may create sequencing delays; task dependencies enforce implementation order.
- Documentation links: `docs/modules/scanner/architecture.md`, `docs/modules/scanner/design/change-trace-architecture.md`.
- Note: this repository uses Microsoft Testing Platform and ignores `dotnet test --filter` (`MTP0001`); targeted evidence is captured via per-project xUnit test executables with class filters instead of solution/suite-wide runs.
## Next Checkpoints
- Ready for sprint archival after 303 is archived in lockstep.

124
docs-archived/implplan/2026-03-05-completed-sprints/SPRINT_20260304_303_Scanner_score_replay_contract_and_formula_alignment.md Normal file
View File

@@ -0,0 +1,124 @@
# Sprint 303 - Scanner: Score Replay Contract and Formula Alignment
## Topic & Scope
- Align Scanner score replay API contracts with current Web client expectations or publish explicit compatibility endpoints.
- Replace hash-only deterministic scoring with canonical, factorized, signed-score inputs and replay outputs.
- Provide score history and explainability fields required by signed-score UI patterns.
- Working directory: `src/Scanner/`.
- Expected evidence: API contract tests, deterministic score vectors, and updated Scanner docs.
## Dependencies & Concurrency
- Upstream dependency: `SPRINT_20260304_302` for trace/evidence data quality.
- Downstream dependency: `SPRINT_20260304_309` consumes these API contracts.
- Safe parallelism: can run with `304`, `305`, `306`, `307`, `308` after API schema freeze.
## Documentation Prerequisites
- `docs/modules/scanner/architecture.md`
- `docs/product/advisory-translation-20260304.md`
- `docs/modules/web/architecture.md`
## Verified Code Baseline (2026-03-04)
- `SCN-006`: `src/Scanner/StellaOps.Scanner.WebService/Endpoints/ScoreReplayEndpoints.cs` exposes `/api/v1/score/{scanId}/...`, while `src/Web/StellaOps.Web/src/app/core/api/proof.client.ts` calls `/scans/{scanId}/score/replay` and `/scans/{scanId}/score/history`.
- `SCN-006`: no score-history endpoint exists in Scanner score-replay endpoints today.
- `SCN-007`: `src/Scanner/StellaOps.Scanner.WebService/Services/DeterministicScoringService.cs` computes score as SHA256 hash projection without explicit factor model output.
- Replay contract currently returns scalar score fields only; response has no factor vectors, no canonical-input hash, and no explainability metadata required by FE signed-score UX.
- Existing `ScoreReplayEndpointsTests` confirm route behavior and deterministic replay root hash, but do not assert factorized score vectors or history endpoint contracts.
## Required Test Projects And Evidence Capture
- `src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/StellaOps.Scanner.WebService.Tests.csproj`
- `src/Scanner/__Tests/StellaOps.Scanner.Contracts.Tests/StellaOps.Scanner.Contracts.Tests.csproj` (or equivalent OpenAPI contract test project if endpoint schemas are validated elsewhere)
- Every completion update must include raw `dotnet test <csproj> --filter ...` output snippets with filtered `testsRun` counts.
## Delivery Tracker
### TASK-303-001 - Resolve Scanner/Web score replay route drift and history endpoint gap
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Align routes across:
- `src/Scanner/StellaOps.Scanner.WebService/Endpoints/ScoreReplayEndpoints.cs`
- `src/Web/StellaOps.Web/src/app/core/api/proof.client.ts` (consumed in FE sprint)
- Provide one contract path set and explicit compatibility behavior for existing clients.
- Add a deterministic `score history` endpoint if not already exposed.
Completion criteria:
- [x] Gap `SCN-006` closed: replay/verify/history routes are contract-consistent between backend and client expectations.
- [x] Contract tests cover route aliases or migration path if compatibility endpoints are used.
- [x] OpenAPI documentation reflects the final path contract.
- [x] One explicit migration strategy is codified: either backend adopts `/scans/{scanId}/score/*` primary routes or FE is migrated to `/score/{scanId}/*` with compatibility alias and deprecation window.
### TASK-303-002 - Implement factorized deterministic scoring formula contract
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Replace hash-only implementation in:
- `src/Scanner/StellaOps.Scanner.WebService/Services/DeterministicScoringService.cs`
- Define deterministic score inputs with canonical serialization and stable rounding rules.
- Include CVSS/EPSS/reachability/provenance factor slots and policy-weighted composition.
Completion criteria:
- [x] Gap `SCN-007` closed: score output is derived from explicit factors, not only hash-to-float projection.
- [x] Canonical input payload hashing and deterministic recompute are documented and tested.
- [x] Score breakdown includes factor-level values and weights used.
- [x] Deterministic scoring service emits stable rounding behavior and canonical field ordering in serialized factor payloads.
### TASK-303-003 - Emit signed score manifest vectors and verifier-ready replay metadata
Status: DONE
Dependency: TASK-303-002
Owners: Developer
Task description:
- Emit signed-score artifacts with deterministic vector payloads and verification metadata.
- Ensure replay responses include required verification primitives (seed, canonical input hash, manifest digest, verification status).
Completion criteria:
- [x] Replay result payload includes deterministic vector metadata required for explainability.
- [x] Signed manifest verification round-trips with deterministic inputs.
- [x] Bundle verification rejects tampered canonical inputs.
- [x] Replay/verify response contracts include canonical input hash and manifest digest fields consumable by FE signed-score components.
### TASK-303-004 - Add targeted tests for contract alignment and deterministic scoring
Status: DONE
Dependency: TASK-303-001, TASK-303-002, TASK-303-003
Owners: Test Automation
Task description:
- Add/extend Scanner WebService tests for replay, verify, bundle, and history APIs.
- Add deterministic vector tests to prove identical score outputs for identical canonical inputs.
Completion criteria:
- [x] API contract tests pass for replay/verify/history endpoints.
- [x] Deterministic score tests pass across repeated runs and cold/warm cache conditions.
- [x] Negative tests cover tampered manifest and mismatched input-hash cases.
- [x] Targeted tests include at least one compatibility-route assertion when aliases are retained.
### TASK-303-005 - Update Scanner docs with signed-score contract details
Status: DONE
Dependency: TASK-303-004
Owners: Documentation author
Task description:
- Update Scanner docs for finalized score replay and signed-score contracts.
- Include any compatibility-route deprecation timeline.
Completion criteria:
- [x] `docs/modules/scanner/architecture.md` documents final score replay endpoint contract.
- [x] Docs include score input canonicalization and verification expectations.
- [x] `Decisions & Risks` links to updated docs.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-04 | Sprint created to close signed-score API and deterministic scoring formula gaps identified in advisory translation. | Planning |
| 2026-03-04 | Baseline verified across Scanner endpoints, deterministic scoring service, and Web proof client route expectations; acceptance criteria tightened for contract-testable completion. | Project Manager |
| 2026-03-05 | Delivered `/api/v1/scans/{scanId}/score/*` primary routes with `/api/v1/score/{scanId}/*` compatibility aliases, added score history endpoint, and expanded replay/verify payload contracts with canonical hash/vector metadata. | Developer |
| 2026-03-05 | Test evidence: `src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests/bin/Debug/net10.0/StellaOps.Scanner.WebService.Tests.exe -class "StellaOps.Scanner.WebService.Tests.DeltaCompareEndpointsTests" -class "StellaOps.Scanner.WebService.Tests.ActionablesEndpointsTests" -class "StellaOps.Scanner.WebService.Tests.ScoreReplayEndpointsTests" -class "StellaOps.Scanner.WebService.Tests.DeterministicScoringServiceTests"` -> `Total: 25, Failed: 0`; `src/Scanner/__Tests/StellaOps.Scanner.Contracts.Tests/bin/Debug/net10.0/StellaOps.Scanner.Contracts.Tests.exe` -> `Total: 63, Failed: 0`. | Test Automation |
## Decisions & Risks
- Decision: preserve deterministic behavior while expanding score formula explainability through explicit factor contracts.
- Risk: changing route contracts can break existing UI and CLI clients. Mitigation: compatibility routes plus explicit deprecation window.
- Documentation links: `docs/modules/scanner/architecture.md`, `docs/modules/web/architecture.md`.
- Note: repository test runner ignores `dotnet test --filter` under Microsoft Testing Platform; targeted execution uses per-project xUnit executables with class filters.
- Follow-up doc risk: `docs/api/score-replay-api.md` still documents a separate legacy score service contract and should be aligned in a docs-focused sprint to avoid cross-module confusion.
## Next Checkpoints
- Ready for sprint archival.

139
docs-archived/implplan/2026-03-05-completed-sprints/SPRINT_20260304_309_FE_signed_score_and_vulnerability_detail_wiring.md Normal file
View File

@@ -0,0 +1,139 @@
# Sprint 309 - FE: Signed Score and Vulnerability Detail Wiring
## Topic & Scope
- Replace hardcoded vulnerability detail page data with API-backed models.
- Implement signed-score explainability UX contract and verification/gating surfaces in Web UI.
- Align FE score replay client routes with Scanner API contracts and add missing tests.
- Working directory: `src/Web/StellaOps.Web/`.
- Expected evidence: API-backed vulnerability detail pages, signed-score component behavior, and FE tests.
## Dependencies & Concurrency
- Upstream dependency: `SPRINT_20260304_303` for finalized score replay/verify/history contracts.
- Upstream dependency: `SPRINT_20260304_302` for meaningful delta/actionables and trace evidence data.
- Safe parallelism: can run after API contract freeze in parallel with `304`-`308`.
## Documentation Prerequisites
- `docs/modules/web/architecture.md`
- `docs/modules/scanner/architecture.md`
- `docs/product/advisory-translation-20260304.md`
## Verified Code Baseline (2026-03-04)
- `FE-001`: `src/Web/StellaOps.Web/src/app/features/security/vulnerability-detail-page.component.ts` still ships full static vulnerability payloads (`CVE-2026-1234`, static environments/gate impacts/witness path).
- `FE-002`: `src/Web/StellaOps.Web/src/app/features/security-risk/vulnerability-detail-page.component.ts` is route-param placeholder with static text and no backend data loading.
- `SCN-006` (FE side): `src/Web/StellaOps.Web/src/app/core/api/proof.client.ts` `ScoreReplayClient` uses `/scans/{scanId}/score/replay`, `/replays/{replayId}`, `/scans/{scanId}/score/history`, while backend score replay routes are currently `/score/{scanId}/replay|verify|bundle` (`src/Scanner/StellaOps.Scanner.WebService/Endpoints/ScoreReplayEndpoints.cs`).
- No dedicated tests currently exist for `proof.client.ts` or either vulnerability detail component.
- Existing security data clients already exist (`src/Web/StellaOps.Web/src/app/core/api/security-findings.client.ts`) and should be reused for detail wiring.
- `src/Web/StellaOps.Web/angular.json` excludes `src/app/features/**/*.spec.ts` and `src/app/shared/components/**/*.spec.ts` from default unit test run, so new feature/component tests can be silently skipped unless test config is adjusted.
## Required Test Projects And Evidence Capture
- `src/Web/StellaOps.Web/package.json` test targets (`npm run test`, plus targeted include-based runs for new specs)
- Required evidence:
- Proof client route/model tests are executed and listed in test output.
- Vulnerability detail and signed-score UI tests are executed (not excluded by Angular test config).
- Failing-then-passing evidence for route-contract mismatch and API-backed detail behavior.
## Delivery Tracker
### TASK-309-001 - Remove hardcoded vulnerability detail payloads and wire backend APIs
Status: DONE
Dependency: none
Owners: Frontend Developer
Task description:
- Replace static data usage in:
- `src/Web/StellaOps.Web/src/app/features/security/vulnerability-detail-page.component.ts`
- `src/Web/StellaOps.Web/src/app/features/security-risk/vulnerability-detail-page.component.ts`
- Add typed API client models and loading/error/empty states.
Completion criteria:
- [x] Gap `FE-001` closed: security vulnerability detail page no longer ships static CVE sample payload.
- [x] Gap `FE-002` closed: security-risk page is API-backed and not route-param placeholder only.
- [x] Existing security API clients are reused or extended (no duplicate raw HTTP contract logic in both pages).
- [x] Both pages handle loading/error states deterministically.
- [x] Not-found and malformed-route cases render explicit deterministic empty/error states.
### TASK-309-002 - Implement signed-score ribbon with provenance and verifier badges
Status: DONE
Dependency: TASK-309-001
Owners: Frontend Developer
Task description:
- Build a reusable signed-score ribbon component for vulnerability and triage detail views.
- Support collapsed/expanded factor breakdown, provenance links, verify action, and policy gating badges.
Completion criteria:
- [x] Signed-score component renders score, factor breakdown, and provenance links from API payloads.
- [x] Existing shared score primitives (`shared/components/score/*`) are reused where applicable instead of duplicating scoring visuals.
- [x] Verify action surfaces replay success ratio, median verify time, and symbol coverage.
- [x] UI gate state reflects policy thresholds and explains block reasons when thresholds fail.
### TASK-309-003 - Align ScoreReplayClient routes and models to Scanner contract
Status: DONE
Dependency: TASK-309-002
Owners: Frontend Developer
Task description:
- Update score replay client in:
- `src/Web/StellaOps.Web/src/app/core/api/proof.client.ts`
- Align replay, verify, bundle, and history routes with backend contract finalized in sprint 303.
Completion criteria:
- [x] Gap `SCN-006` FE side closed: client paths match backend route contract (or documented compatibility alias path).
- [x] Replay/verify/bundle/history route set is complete and consistent with finalized scanner contract.
- [x] Score replay/history models include explainability vector metadata required by signed-score UI.
- [x] API errors are surfaced with actionable user-facing state messages.
- [x] Duplicate replay-client contract drift (`core/api/proof.client.ts` vs other replay clients) is documented and resolved or explicitly bounded.
### TASK-309-004 - Add focused FE tests for score client and vulnerability detail behavior
Status: DONE
Dependency: TASK-309-001, TASK-309-002, TASK-309-003
Owners: Test Automation
Task description:
- Add unit/component tests for:
- score replay client routes and error handling.
- signed-score ribbon state transitions.
- vulnerability detail pages loading API-backed data.
Completion criteria:
- [x] Gap `FE-003` closed: proof client and vulnerability detail flows have dedicated FE tests.
- [x] Tests assert gating and badge rendering behavior for pass/fail thresholds.
- [x] Deterministic snapshots or fixture assertions are added for signed-score UI states.
- [x] Test configuration is updated so new feature/shared component specs are actually executed (no silent exclusion by `angular.json` test excludes).
- [x] Test output artifacts explicitly show execution of new proof-client and vulnerability-detail spec files.
### TASK-309-005 - Update Web architecture docs for signed-score and vulnerability detail contracts
Status: DONE
Dependency: TASK-309-004
Owners: Documentation author
Task description:
- Update `docs/modules/web/architecture.md` with:
- signed-score ribbon contract.
- vulnerability detail API dependency.
- route-aligned replay client expectations.
Completion criteria:
- [x] Web architecture doc reflects delivered FE contracts.
- [x] Scanner/Web route contract for replay/verify/bundle/history is documented with canonical path examples.
- [x] Remaining planned FE capabilities are explicitly marked as planned.
- [x] `Decisions & Risks` links to updated documentation.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-04 | Sprint created to close signed-score explainability and vulnerability detail wiring gaps in Web UI. | Planning |
| 2026-03-04 | Baseline verified: vulnerability detail pages are static/placeholder, proof replay client routes drift from scanner, and targeted tests are missing. | Project Manager |
| 2026-03-04 | Acceptance criteria hardened for API-client reuse, replay contract closure, and test-discovery guarantees despite Angular exclude defaults. | Project Manager |
| 2026-03-04 | Implemented API-backed vulnerability detail pages with shared `VulnerabilityDetailFacade` and `SignedScoreRibbonComponent`; removed static/placeholder vulnerability detail payloads from security and security-risk routes. | Frontend Developer |
| 2026-03-04 | Aligned `ScoreReplayClient` and proof models to canonical scanner replay routes (`/scans/{scanId}/score/{replay,bundle,verify,history}`) and added proof route/error tests. | Frontend Developer |
| 2026-03-04 | Added and executed focused sprint 309 specs under `src/tests/sprint309` to avoid default feature/shared spec excludes. Evidence command passed with 4 files / 14 tests. | Test Automation |
| 2026-03-04 | Updated `docs/modules/web/architecture.md` with delivered 309 contracts, canonical replay route examples, and explicit remaining planned scope. | Documentation |
## Decisions & Risks
- Decision: FE signed-score UX is blocked on finalized scanner route/schema contracts and will consume sprint 303 outputs.
- Decision: `src/app/features/security-risk/vulnerability-detail-page.component.ts` now composes the shared security vulnerability detail view to bound dual-page drift risk.
- Decision: `src/app/core/api/proof.client.ts` is the canonical replay client surface for sprint 309 scope; broader triage/client consolidation remains planned outside this sprint.
- Decision: Because `angular.json` and `tsconfig.spec.json` intentionally exclude `src/app/features/**/*.spec.ts` and `src/app/shared/components/**/*.spec.ts`, sprint 309 UI specs were placed under `src/tests/sprint309` and executed via explicit `--include` paths to prevent silent test exclusion.
- Risk: default Angular unit-test exclude patterns can hide regressions by skipping new feature specs unless explicitly corrected.
- Documentation link: `docs/modules/web/architecture.md`.
## Next Checkpoints
- 2026-03-10: vulnerability detail pages API-backed.
- 2026-03-12: signed-score ribbon integrated.
- 2026-03-13: FE tests and docs sync complete.

129
docs-archived/implplan/2026-03-05-completed-sprints/SPRINT_20260305_001_Findings_riskengine_api_test_auth_validation_fix.md Normal file
View File

@@ -0,0 +1,129 @@
# Sprint 20260305-001 - RiskEngine API Test Auth Validation Fix
## Topic & Scope
- Resolve full-suite `StellaOps.RiskEngine.Tests` failures caused by API-host authentication options failing at runtime in test execution.
- Establish deterministic test-host authentication for RiskEngine API tests so endpoint contracts are validated without external Authority dependencies.
- Preserve production authentication behavior; apply fixes only in test harness/project scope.
- Working directory: `src/Findings/__Tests/StellaOps.RiskEngine.Tests`.
- Allowed cross-module actions: execute validation commands for `src/Findings/**` test projects, remediate auth test-harness gaps in `src/Findings/__Tests/StellaOps.VulnExplorer.Api.Tests`, and archive this completed sprint under `docs-archived/implplan/`.
- Expected evidence: full `dotnet test` pass for `StellaOps.RiskEngine.Tests.csproj`, sprint execution log update, and root-cause notes.
## Dependencies & Concurrency
- No upstream sprint dependency.
- Safe to execute in parallel with unrelated modules; avoid edits outside RiskEngine test project unless required by test harness compile constraints.
## Documentation Prerequisites
- `src/Findings/StellaOps.RiskEngine.WebService/Program.cs`
- `src/Authority/StellaOps.Authority/StellaOps.Auth.ServerIntegration/ServiceCollectionExtensions.cs`
- `src/Authority/StellaOps.Authority/StellaOps.Auth.ServerIntegration/StellaOpsResourceServerOptions.cs`
## Delivery Tracker
### RISKENG-AUTH-001 - Identify startup failure root cause in API tests
Status: DONE
Dependency: none
Owners: Implementer
Task description:
- Reproduce and trace the failing `StellaOps.RiskEngine.Tests` API-host requests.
- Confirm exact failing path (options binding/validation/auth initialization) and why failures surface as HTTP 500 in API tests.
Completion criteria:
- [x] Root cause documented with concrete stack-trace path and misconfiguration source.
- [x] Failure mechanism mapped to specific test-host setup gap.
### RISKENG-AUTH-002 - Implement deterministic test authentication and resource-server config override
Status: DONE
Dependency: RISKENG-AUTH-001
Owners: Implementer
Task description:
- Add RiskEngine test-host overrides to inject required `Authority:ResourceServer` options for validation.
- Replace runtime JWT dependency in API tests with deterministic in-process test authentication that supplies tenant/scope claims needed by endpoint policies.
- Keep changes isolated to test code.
Completion criteria:
- [x] API test host no longer throws `Resource server authentication requires an Authority URL`.
- [x] API tests execute through endpoint logic instead of failing in auth middleware startup.
### RISKENG-AUTH-003 - Validate full RiskEngine test suite and capture evidence
Status: DONE
Dependency: RISKENG-AUTH-002
Owners: Implementer
Task description:
- Run the full `StellaOps.RiskEngine.Tests.csproj` suite.
- Confirm previously failing API tests pass and no new regressions are introduced.
Completion criteria:
- [x] Full project test run passes.
- [x] Sprint execution log updated with command and pass counts.
### RISKENG-AUTH-004 - Add explicit negative API auth coverage
Status: DONE
Dependency: RISKENG-AUTH-002
Owners: Implementer
Task description:
- Add deterministic negative API tests to verify unauthorized and insufficient-scope behaviors for RiskEngine endpoints.
- Keep existing positive endpoint contract tests green.
Completion criteria:
- [x] At least one unauthenticated request path is asserted to return unauthorized/forbidden.
- [x] At least one authenticated but insufficient-scope request path is asserted to return forbidden.
- [x] Full `StellaOps.RiskEngine.Tests` suite remains green.
### RISKENG-AUTH-005 - Run broader Findings regression sweep
Status: DONE
Dependency: RISKENG-AUTH-004
Owners: Implementer
Task description:
- Run additional Findings test projects beyond RiskEngine to ensure no accidental cross-module regressions from the auth harness changes.
Completion criteria:
- [x] Execute a multi-project Findings test sweep.
- [x] Capture pass/fail summary in execution log.
### RISKENG-AUTH-007 - Remediate VulnExplorer API test-host auth gap discovered during sweep
Status: DONE
Dependency: RISKENG-AUTH-005
Owners: Implementer
Task description:
- Fix `StellaOps.VulnExplorer.Api.Tests` test-host configuration so resource-server options validation succeeds and API contracts are exercised.
- Keep changes scoped to the VulnExplorer test harness and preserve production behavior.
Completion criteria:
- [x] `StellaOps.VulnExplorer.Api.Tests` no longer fails with missing Authority URL startup errors.
- [x] `StellaOps.VulnExplorer.Api.Tests` test project passes.
### RISKENG-AUTH-006 - Archive completed sprint
Status: DONE
Dependency: RISKENG-AUTH-005
Owners: Project Manager
Task description:
- After all tasks are DONE, move this sprint file from `docs/implplan/` to `docs-archived/implplan/` with execution evidence preserved.
Completion criteria:
- [x] Sprint file moved to archived sprint location.
- [x] No remaining TODO/DOING/BLOCKED tasks in archived sprint.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-05 | Sprint created; root-cause investigation started for RiskEngine API auth failures in test host. | Implementer |
| 2026-03-05 | Root cause confirmed: `WebApplicationFactory<Program>` tests did not provide required `Authority:ResourceServer:Authority`; `StellaOpsResourceServerOptions.Validate()` threw during auth options resolution, producing HTTP 500 responses across API tests. | Implementer |
| 2026-03-05 | Implemented `RiskEngineApiWebApplicationFactory` with in-memory `Authority:ResourceServer` config and deterministic test auth scheme mapped to `StellaOpsBearer`, including tenant + risk-engine scopes. | Implementer |
| 2026-03-05 | Validation: `dotnet test src/Findings/__Tests/StellaOps.RiskEngine.Tests/StellaOps.RiskEngine.Tests.csproj -v minimal` => Passed 96, Failed 0, Skipped 0. | Implementer |
| 2026-03-05 | Follow-up scope added: explicit negative auth tests, broader Findings regression sweep, and sprint archival requested. | Implementer |
| 2026-03-05 | Broader Findings sweep run started; `StellaOps.VulnExplorer.Api.Tests` failed with the same missing `Authority:ResourceServer:Authority` startup error pattern. | Implementer |
| 2026-03-05 | Added explicit negative auth coverage in RiskEngine API tests; `dotnet test src/Findings/__Tests/StellaOps.RiskEngine.Tests/StellaOps.RiskEngine.Tests.csproj -v minimal` => Passed 98, Failed 0, Skipped 0. | Implementer |
| 2026-03-05 | Remediated VulnExplorer API test harness with in-memory resource-server authority config + deterministic test auth fixture; `dotnet test src/Findings/__Tests/StellaOps.VulnExplorer.Api.Tests/StellaOps.VulnExplorer.Api.Tests.csproj -v minimal` => Passed 10, Failed 0, Skipped 0. | Implementer |
| 2026-03-05 | Broader Findings sweep rerun across all `src/Findings/__Tests/*.csproj`; all projects exit=0 (Ledger ReplayHarness, Ledger, Tools LedgerReplayHarness, RiskEngine, VulnExplorer). | Implementer |
| 2026-03-05 | Sprint archived under `docs-archived/implplan/2026-03-05-completed-sprints/` after all delivery tasks reached DONE. | Project Manager |
## Decisions & Risks
- Decision: fix scope is test harness only (RiskEngine test project) to avoid any production auth behavior drift.
- Root cause: API tests relied on default app startup path without configuring required resource-server options. `StellaOpsScopeAuthorizationHandler`/JWT options retrieval triggered options validation and raised `InvalidOperationException` for missing Authority URL.
- Risk: test auth overrides can mask auth-policy regressions if used broadly.
- Mitigation: keep overrides local to service-specific API test fixtures and provide explicit scope + tenant claims so policy and tenant filters remain exercised.
- Decision: apply the same test-host auth fixture pattern to `StellaOps.VulnExplorer.Api.Tests` after sweep confirmed equivalent startup failure root cause.
## Next Checkpoints
- Validate full RiskEngine test suite after harness fix.
- If green, decide whether to archive sprint with same-day completion evidence.

235
docs-archived/implplan/2026-03-05-completed-sprints/SPRINT_20260305_311_JobEngine_consolidation_gap_remediation.md Normal file
View File

@@ -0,0 +1,235 @@
# Sprint 311 - JobEngine: Consolidation Gap Remediation
## Topic & Scope
- Close the critical post-consolidation inconsistency in JobEngine schema handling introduced during the Orchestrator -> JobEngine rename wave.
- Keep the approved consolidation boundaries intact (no new module merges, no scope expansion beyond remediation).
- Repair consolidation decision ledger integrity so sprint references resolve after archival.
- Produce a code-derived domain/webservice/database inventory so consolidation decisions can be reviewed against actual runtime wiring.
- Working directory: `src/JobEngine/`.
- Cross-module edits explicitly allowed for `docs/implplan/` and `docs/modules/jobengine/`.
- Expected evidence: targeted JobEngine builds/tests, schema-consistency assertions, corrected consolidation ledger links, and a webservice function->database matrix.
## Dependencies & Concurrency
- Upstream dependency: `SPRINT_20260225_221_Orchestrator_domain_rename.md` (archived) defines schema preservation intent.
- Upstream dependency: `SPRINT_20260225_218_DOCS_consolidation_final_update.md` (archived) defines consolidation documentation finalization requirements.
- Follow-up dependency: `SPRINT_20260305_312_DOCS_storage_policy_postgres_rustfs_alignment.md` tracks implementation work for compose-driven storage policy gaps discovered by this sprint.
- Safe parallelism: may run in parallel with feature sprints outside `src/JobEngine/` and `docs/implplan/CONSOLIDATION_DECISION_LEDGER.md`.
- Serialization required with any sprint touching `src/JobEngine/StellaOps.JobEngine.Infrastructure/**` or the consolidation ledger file.
## Documentation Prerequisites
- `docs/implplan/CONSOLIDATION_DECISION_LEDGER.md`
- `docs/modules/jobengine/architecture.md`
- `docs-archived/implplan/2026-03-04-completed-sprints/SPRINT_20260225_221_Orchestrator_domain_rename.md`
- `docs-archived/implplan/2026-03-04-completed-sprints/SPRINT_20260225_218_DOCS_consolidation_final_update.md`
## Verified Code Baseline (2026-03-05)
- `GAP-311-001` Schema fallback mismatch:
- `src/JobEngine/StellaOps.JobEngine/StellaOps.JobEngine.Infrastructure/EfCore/Context/JobEngineDbContext.cs` defaults to `"jobengine"` when no schema is provided.
- `src/JobEngine/StellaOps.JobEngine/StellaOps.JobEngine.Infrastructure/Postgres/JobEngineDbContextFactory.cs` declares `DefaultSchemaName = "orchestrator"` with explicit Sprint 221 preservation comment.
- `GAP-311-002` Design-time path bypasses explicit schema:
- `src/JobEngine/StellaOps.JobEngine/StellaOps.JobEngine.Infrastructure/EfCore/Context/JobEngineDesignTimeDbContextFactory.cs` uses `Search Path=orchestrator,public` but constructs `new JobEngineDbContext(options)` without explicit schema argument.
- `GAP-311-003` Compiled model schema annotations currently use `"jobengine"` (example: `SourceEntityEntityType.cs` annotation), conflicting with preserved `"orchestrator"` runtime default.
- `GAP-311-004` Consolidation decision ledger links are stale:
- `docs/implplan/CONSOLIDATION_DECISION_LEDGER.md` links to `./SPRINT_20260225_*.md`, but those files were moved to `docs-archived/implplan/2026-03-04-completed-sprints/`.
## Required Test Projects And Evidence Capture
- `src/JobEngine/StellaOps.JobEngine/StellaOps.JobEngine.Tests/StellaOps.JobEngine.Tests.csproj`
- `src/JobEngine/StellaOps.JobEngine/StellaOps.JobEngine.Infrastructure/StellaOps.JobEngine.Infrastructure.csproj`
- `src/JobEngine/StellaOps.JobEngine/StellaOps.JobEngine.WebService/StellaOps.JobEngine.WebService.csproj`
- Evidence requirement: every completion update must include exact commands, filtered test evidence, and raw pass/fail output excerpts in `Execution Log`.
## Investigation Artifacts (2026-03-05)
- `docs/implplan/CONSOLIDATION_SERVICE_INVENTORY_20260305.raw.json`
- `docs/implplan/CONSOLIDATION_WEBSERVICE_FUNCTION_DB_MATRIX_20260305.md`
- `docs/implplan/SPRINT_20260305_312_DOCS_storage_policy_postgres_rustfs_alignment.md` (contains detailed findings `FIND-312-001`..`FIND-312-006`)
## Delivery Tracker
### TASK-311-008 - Build raw webservice/domain/db inventory from source
Status: DONE
Dependency: none
Owners: Project Manager
Task description:
- Enumerate every `*.WebService.csproj` under `src/`.
- Extract per-service function hints (route/endpoint/controller surfaces), referenced persistence projects, and detected DbContext/DataSource artifacts.
- Persist raw extraction output as sprint evidence for discussion and follow-up validation.
Completion criteria:
- [x] Inventory includes every discovered webservice project path.
- [x] Function hints and DB wiring hints are captured per service.
- [x] Raw artifact is saved under `docs/implplan/` for traceability.
### TASK-311-009 - Publish reviewer matrix: webservice -> functions -> db
Status: DONE
Dependency: TASK-311-008
Owners: Project Manager
Task description:
- Convert raw extraction into a reviewer-facing matrix with one row per webservice.
- Fill extraction blind spots with targeted manual verification (services using file/in-memory/non-EF storage patterns).
- Include evidence paths for both functional surface and persistence wiring.
Completion criteria:
- [x] Matrix exists under `docs/implplan/` and covers all discovered webservices.
- [x] Manual verification completed for non-EF/file/in-memory services (`OpsMemory`, `PacksRegistry`, `TaskRunner`, `RiskEngine`, `Replay`, `Doctor`, `Gateway`).
- [x] Evidence paths are present for each matrix row.
### TASK-311-010 - Domain-level persistence profile for consolidation review
Status: DONE
Dependency: TASK-311-009
Owners: Project Manager
Task description:
- Aggregate service-level findings by domain/module.
- Flag domains containing mixed persistence profiles (postgres + file/in-memory) that can be consolidation-risky.
- Record findings in sprint risks so architecture discussion can make explicit trade-offs.
Completion criteria:
- [x] Domain summary table added to investigation artifact.
- [x] Mixed-profile domains identified for discussion.
- [x] Findings linked from sprint `Decisions & Risks`.
### TASK-311-001 - Freeze schema intent and capture reproducible mismatch evidence
Status: DONE
Dependency: none
Owners: Project Manager, Developer
Task description:
- Reconfirm Sprint 221 intent: PostgreSQL schema is preserved as `orchestrator` for continuity.
- Capture reproducible evidence with file+line references for every mismatch surface:
- DbContext fallback schema
- Postgres factory default schema
- design-time context creation path
- compiled model schema annotations
- Record evidence in sprint `Execution Log`.
Completion criteria:
- [x] Evidence for `GAP-311-001` through `GAP-311-003` captured with concrete file paths and line references.
- [x] Schema intent statement recorded: default operational schema remains `orchestrator` in this remediation sprint.
- [x] Any proposal to switch to `jobengine` schema is explicitly marked out-of-scope and tracked as a future migration sprint.
### TASK-311-002 - Unify runtime schema selection in JobEngine infrastructure
Status: DONE
Dependency: TASK-311-001
Owners: Developer
Task description:
- Remove hardcoded fallback divergence in JobEngine EF context construction.
- Ensure schema selection has one canonical source of truth used by runtime data access paths.
- Verify no direct constructor usage silently reintroduces a different default.
Completion criteria:
- [x] Runtime default schema resolution is consistent across `JobEngineDbContext` and `JobEngineDbContextFactory`.
- [x] No conflicting hardcoded fallback schema strings remain in JobEngine infrastructure code paths.
- [x] Repository paths using `JobEngineDbContextFactory.Create(...)` remain deterministic and unchanged except schema consistency fixes.
### TASK-311-003 - Align design-time and compiled-model behavior with preserved schema
Status: DONE
Dependency: TASK-311-002
Owners: Developer
Task description:
- Ensure design-time context path and runtime path resolve to the same intended schema behavior.
- Resolve compiled model mismatch by either:
- regenerating compiled model artifacts aligned to preserved schema, or
- gating/disabling compiled-model usage when schema mismatch is detected, with explicit risk note and follow-up.
- Keep changes minimal and deterministic.
Completion criteria:
- [x] `JobEngineDesignTimeDbContextFactory` no longer relies on implicit schema fallback behavior.
- [x] Compiled model usage no longer conflicts with preserved schema intent.
- [x] Chosen remediation strategy (regenerate vs guard) documented in `Decisions & Risks`.
### TASK-311-004 - Add schema-consistency regression tests (targeted .csproj)
Status: DONE
Dependency: TASK-311-003
Owners: Test Automation
Task description:
- Add focused tests to prevent recurrence:
- schema default consistency checks
- design-time and runtime alignment checks
- compiled model compatibility guard checks
- Run targeted tests against specific project files (not `.slnf`).
Completion criteria:
- [x] New tests assert behavior, not just non-null/does-not-throw.
- [x] Targeted test evidence captured (MTP/xUnit v3 class filtering path used because `dotnet test --filter` is ignored by this test project).
- [x] If new tests fail, bugfix + retest evidence is recorded in `Execution Log`.
### TASK-311-005 - Validate build/test gates for remediated surfaces
Status: DONE
Dependency: TASK-311-004
Owners: Developer, Test Automation
Task description:
- Run scoped verification builds/tests for changed projects:
- `dotnet build` on JobEngine infrastructure and webservice csproj files
- targeted `dotnet test` for JobEngine tests
- Confirm no unintended contract drift in API route namespaces or telemetry/event naming from this remediation.
Completion criteria:
- [x] Scoped builds succeed for remediated projects.
- [x] Targeted tests pass with raw command output captured.
- [x] No unrelated consolidation boundaries are modified.
### TASK-311-006 - Repair consolidation decision ledger links after sprint archival
Status: DONE
Dependency: none
Owners: Documentation author
Task description:
- Update `docs/implplan/CONSOLIDATION_DECISION_LEDGER.md` links so referenced sprint files resolve in their archived locations.
- Preserve table semantics and outcome statuses exactly as currently documented.
- Verify all linked sprint rows (`200,201,202,203,204,206,207,208,209,210,211,212,213,214,216,217,218,221`) resolve.
Completion criteria:
- [x] No broken local links remain for referenced consolidation sprint files.
- [x] Outcome text and status labels remain unchanged.
- [x] Link validation evidence recorded in `Execution Log`.
### TASK-311-007 - Update JobEngine architecture dossier with remediation outcome
Status: DONE
Dependency: TASK-311-003, TASK-311-006
Owners: Documentation author
Task description:
- Update `docs/modules/jobengine/architecture.md` with final schema behavior and rationale.
- Add explicit note tying remediation to Sprint 221 intent and this sprint's closure.
- Ensure docs distinguish naming rename (`Orchestrator` -> `JobEngine`) from schema continuity (`orchestrator` preserved).
Completion criteria:
- [x] Architecture doc reflects final implemented schema behavior.
- [x] Remediation linkage (`221` -> `311`) documented with clear rationale.
- [x] `Decisions & Risks` updated with doc references.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-05 | Sprint created to remediate post-consolidation gaps identified in read-only review: JobEngine schema consistency and consolidation ledger link integrity. | Project Manager |
| 2026-03-05 | Baseline recorded: schema mismatch surfaces and broken ledger links verified with file-level evidence. | Project Manager |
| 2026-03-05 | TASK-311-008 completed: generated raw code-derived inventory artifact `docs/implplan/CONSOLIDATION_SERVICE_INVENTORY_20260305.raw.json` for all `*.WebService.csproj` entries. | Project Manager |
| 2026-03-05 | TASK-311-009 completed: published reviewer matrix `docs/implplan/CONSOLIDATION_WEBSERVICE_FUNCTION_DB_MATRIX_20260305.md` with function and DB mapping plus per-row evidence paths. | Project Manager |
| 2026-03-05 | TASK-311-010 completed: domain persistence profile summary added; mixed persistence domains identified for architecture decision review. | Project Manager |
| 2026-03-05 | Follow-up sprint created for storage policy implementation (`SPRINT_20260305_312_DOCS_storage_policy_postgres_rustfs_alignment.md`) based on compose requirement: Postgres-first with RustFS/seed-fs only for blobs. | Project Manager |
| 2026-03-05 | Follow-up sprint findings detailed before implementation start: explicit baseline entries `FIND-312-001`..`FIND-312-006` added with code and compose evidence references. | Project Manager |
| 2026-03-05 | TASK-311-001 completed: schema intent reconfirmed as `orchestrator` with mismatch evidence captured at `JobEngineDbContext.cs:8-20`, `JobEngineDbContextFactory.cs:12-21`, `JobEngineDesignTimeDbContextFactory.cs:9,20`, and compiled model annotation evidence (`SourceEntityEntityType.cs:157`). | Developer |
| 2026-03-05 | TASK-311-002 completed: runtime schema default unified by centralizing `DefaultSchemaName` + `ResolveSchemaName` in `JobEngineDbContext` and reusing it in `JobEngineDbContextFactory`. | Developer |
| 2026-03-05 | TASK-311-003 completed: design-time factory now passes explicit schema (`JobEngineDbContext.DefaultSchemaName`), and compiled model schema annotations were aligned to `orchestrator` (no remaining `jobengine` literals in compiled model sources). | Developer |
| 2026-03-05 | TASK-311-004 completed: added `SchemaConsistencyTests` and ran targeted classes via xUnit v3 runner (`...StellaOps.JobEngine.Tests.exe -class ...`): `SchemaConsistencyTests` total 3 pass; `CompiledModelGuardTests` total 36 pass. | Test Automation |
| 2026-03-05 | TASK-311-005 completed: scoped build evidence captured. `dotnet build` infrastructure project succeeded; full webservice/test transitive builds failed due unrelated Router compile errors (`AspNetRouterRequestDispatcher.cs` missing `PopulateTenantAccessor` and missing `StellaOps.Auth` namespace). Scoped verification with `-p:BuildProjectReferences=false` succeeded for `StellaOps.JobEngine.WebService.csproj` and `StellaOps.JobEngine.Tests.csproj`. | Developer |
| 2026-03-05 | TASK-311-006 completed: updated `CONSOLIDATION_DECISION_LEDGER.md` links to archived sprint paths and validated rows `200,201,202,203,204,206,207,208,209,210,211,212,213,214,216,217,218,221` resolve to `docs-archived/implplan/2026-03-04-completed-sprints/`. | Documentation author |
| 2026-03-05 | TASK-311-007 completed: updated `docs/modules/jobengine/architecture.md` with explicit 221->311 schema continuity section and out-of-scope note for any future physical schema rename. | Documentation author |
## Decisions & Risks
- Decision executed: preserve `orchestrator` schema default for continuity, matching Sprint 221 direction; no implicit schema migration is introduced in Sprint 311.
- Decision executed: compiled-model mismatch remediated by aligning generated compiled-model schema annotations from `jobengine` to `orchestrator` (regeneration deferred; equivalent deterministic output retained).
- Risk: `dotnet test --filter` expectations are invalid for this xUnit v3 / Microsoft Testing Platform project (`MTP0001` warning). Mitigation: use xUnit runner class/query filters for targeted evidence (`StellaOps.JobEngine.Tests.exe -class ...`) until test invocation contract is standardized in a follow-up sprint.
- Risk: full transitive `dotnet build/test` currently blocked by unrelated Router compilation errors (`src/Router/__Libraries/StellaOps.Microservice.AspNetCore/AspNetRouterRequestDispatcher.cs`). Mitigation: Sprint 311 verification used scoped project builds with `-p:BuildProjectReferences=false`; upstream Router issue must be fixed separately.
- Risk: compiled model remediation path can mask runtime mismatch if only one path is fixed. Mitigation: enforce TASK-311-004 regression tests and scoped runtime/design-time verification.
- Risk: documentation-only link fixes can drift again during future archive moves. Mitigation: add explicit link validation step in sprint closeout.
- Investigation finding: not all webservices are relational-DB-backed. Current code includes postgres-backed, file-backed, in-memory, and no-persistence services; forced DB-consolidation assumptions would misrepresent runtime design.
- Investigation finding: mixed persistence in `JobEngine` domain (`JobEngine`/`Scheduler` postgres, `PacksRegistry`/`TaskRunner` file-backed) requires explicit migration design if future consolidation targets data stores.
- Investigation finding: compose policy expectation is stronger than current runtime in several services; implementation scope moved into Sprint 312.
- Documentation links:
- `docs/implplan/CONSOLIDATION_DECISION_LEDGER.md`
- `docs/implplan/CONSOLIDATION_SERVICE_INVENTORY_20260305.raw.json`
- `docs/implplan/CONSOLIDATION_WEBSERVICE_FUNCTION_DB_MATRIX_20260305.md`
- `docs/implplan/SPRINT_20260305_312_DOCS_storage_policy_postgres_rustfs_alignment.md`
- `docs/modules/jobengine/architecture.md`
- `src/JobEngine/StellaOps.JobEngine/StellaOps.JobEngine.Tests/SchemaConsistencyTests.cs`
## Next Checkpoints
- 2026-03-06: Route Router compile regressions to owning sprint/module so full transitive JobEngine build/test gates can be restored.
- 2026-03-06: Start Sprint 312 TASK-312-002 storage-driver contract implementation and module-by-module migrations.

222
docs-archived/implplan/2026-03-05-completed-sprints/SPRINT_20260305_312_DOCS_storage_policy_postgres_rustfs_alignment.md Normal file
View File

@@ -0,0 +1,222 @@
# Sprint 312 - Storage Policy Alignment: Postgres First, RustFS for Blobs
## Topic & Scope
- Enforce platform storage policy from compose: PostgreSQL for service state and relational metadata; RustFS/seed-fs path only for blob/object payloads.
- Close runtime-vs-compose mismatches found in PacksRegistry, TaskRunner, RiskEngine, Replay, and OpsMemory connection wiring.
- Preserve deterministic behavior and offline posture while replacing file/in-memory defaults with explicit driver-based storage contracts.
- Working directory: `docs/implplan/`.
- Cross-module edits explicitly allowed for `src/JobEngine/`, `src/Findings/`, `src/Replay/`, `src/AdvisoryAI/`, `devops/compose/`, and related `docs/modules/**` dossiers.
- Expected evidence: targeted project builds/tests, migration/contract docs, compose parity validation, and runtime persistence verification.
## Dependencies & Concurrency
- Upstream dependency: `docs/implplan/CONSOLIDATION_WEBSERVICE_FUNCTION_DB_MATRIX_20260305.md` (gap source of truth).
- Upstream dependency: `devops/compose/docker-compose.stella-ops.yml` and `devops/compose/docker-compose.testing.yml` (policy baseline + test expectations).
- Safe parallelism: tasks may run in parallel by module (`PacksRegistry`, `TaskRunner`, `RiskEngine`, `Replay`, `OpsMemory`) after storage contract is agreed in TASK-312-002.
- Serialization required for edits touching shared compose files and shared storage abstractions.
## Documentation Prerequisites
- `docs/implplan/CONSOLIDATION_WEBSERVICE_FUNCTION_DB_MATRIX_20260305.md`
- `docs/implplan/CONSOLIDATION_DECISION_LEDGER.md`
- `docs/modules/jobengine/architecture.md`
- `docs/modules/platform/architecture.md`
- `devops/compose/docker-compose.stella-ops.yml`
- `devops/compose/docker-compose.testing.yml`
## Shared Storage Contract Baseline (Approved by TASK-312-002)
- State/metadata persistence:
- `Storage:Driver=postgres` is the production default.
- Allowed non-prod overrides: `inmemory`, `filesystem` (must be explicit, never implicit).
- Blob/object persistence:
- `Storage:ObjectStore:Driver` accepted values: `rustfs`, `seed-fs`.
- Blob drivers are for payload channels only; relational state remains on Postgres.
- Connection keys:
- Service-specific connection key (for example, `ConnectionStrings:OpsMemory`) is preferred when present.
- `ConnectionStrings:Default` is the required shared fallback key.
- Fail-fast policy:
- Non-development runtime must fail startup when required DB/object-store config is missing.
- Silent fallback to localhost/filesystem is forbidden in non-development profiles.
## Detailed Findings Baseline (Must Be Addressed Before Closeout)
| Finding ID | Service | Current Runtime Evidence | Compose/Test Policy Evidence | Gap/Impact | Required End State |
| --- | --- | --- | --- | --- | --- |
| FIND-312-001 | PacksRegistry | `src/JobEngine/StellaOps.PacksRegistry/StellaOps.PacksRegistry.WebService/Program.cs` lines 29-34 register `File*Repository` implementations. | Main compose only supplies DB connection (`devops/compose/docker-compose.stella-ops.yml` line 1769). Testing compose explicitly sets `PACKSREGISTRY__STORAGE__DRIVER=postgres` (`devops/compose/docker-compose.testing.yml` line 253). | High: runtime storage model diverges from expected policy and test contract. | Postgres for metadata/state; blob payloads in RustFS/seed-fs object path. |
| FIND-312-002 | TaskRunner | `src/JobEngine/StellaOps.TaskRunner/StellaOps.TaskRunner.WebService/Program.cs` lines 61, 66, 71, 76 register `FilePackRun*Store` and `FilesystemPackRunArtifactReader`. | Main compose supplies DB connection (`devops/compose/docker-compose.stella-ops.yml` line 1150). Testing compose expects `TASKRUNNER__STORAGE__DRIVER=postgres` (`devops/compose/docker-compose.testing.yml` line 271). | High: run state/log persistence is file-backed while policy expects Postgres-first. | Postgres for run state/logs/approvals; artifact blob path in RustFS/seed-fs. |
| FIND-312-003 | RiskEngine | `src/Findings/StellaOps.RiskEngine.WebService/Program.cs` line 21 uses `InMemoryRiskScoreResultStore`. | Main compose provides `ConnectionStrings__Default` (`devops/compose/docker-compose.stella-ops.yml` line 1048). | Medium-High: non-durable in-memory production path conflicts with Postgres-first policy. | Postgres-backed result store in production profile; in-memory only for explicit test profile. |
| FIND-312-004 | Replay | `src/Replay/StellaOps.Replay.WebService/Program.cs` lines 61-62 register in-memory snapshot blob/index stores. | Main compose provides `ConnectionStrings__Default` (`devops/compose/docker-compose.stella-ops.yml` line 2037). | Medium-High: replay state/blob persistence not aligned with durable policy. | Postgres for replay index/state; RustFS/seed-fs for snapshot blob payloads. |
| FIND-312-005 | OpsMemory | `src/AdvisoryAI/StellaOps.OpsMemory.WebService/Program.cs` lines 19-20 use `ConnectionStrings:OpsMemory` then localhost fallback. | Main compose only provides `ConnectionStrings__Default` (`devops/compose/docker-compose.stella-ops.yml` line 1537). | Medium: config-key mismatch can trigger unsafe fallback behavior. | Accept `ConnectionStrings:Default` fallback before localhost; fail-fast for missing DB in non-dev runtime. |
| FIND-312-006 | Scanner (Reference) | Scanner storage already split (`postgres` + object store) via scanner env keys (`SCANNER_SCANNER__STORAGE__DRIVER` and `SCANNER_SCANNER__ARTIFACTSTORE__DRIVER`). | Main compose explicitly sets postgres + rustfs split (`devops/compose/docker-compose.stella-ops.yml` lines 652-659 and 720-725). | None: aligned reference pattern. | Use Scanner pattern as canonical storage-driver template for affected services. |
## Delivery Tracker
### TASK-312-001 - Confirm storage policy baseline from compose and investigation evidence
Status: DONE
Dependency: none
Owners: Project Manager
Task description:
- Lock the policy statement for implementation teams:
- default persistence is PostgreSQL,
- blob/object payloads use RustFS (seed-fs compatible path),
- in-memory/file persistence is allowed only for explicitly scoped test/development profiles.
- Attach exact compose/evidence references in sprint records.
Completion criteria:
- [x] Policy statement recorded in this sprint and matrix.
- [x] Compose references captured (`docker-compose.stella-ops.yml`, `docker-compose.testing.yml`).
- [x] Gap services identified and scoped into implementation tasks.
### TASK-312-002 - Define shared storage driver contract and fallback policy
Status: DONE
Dependency: TASK-312-001
Owners: Architect, Developer
Task description:
- Introduce a shared contract pattern across affected services:
- `Storage:Driver` supports `postgres` (default) and explicit non-prod/testing fallbacks.
- blob channel supports `rustfs`/seed-fs configuration.
- Define required configuration keys and defaults; reject silent fallback to local filesystem in production runtime.
Completion criteria:
- [x] Shared config contract documented with accepted values and defaults.
- [x] Production runtime defaults to `postgres` unless explicitly overridden.
- [x] Validation failures are explicit when required connection/object-store settings are missing.
### TASK-312-003 - PacksRegistry migration: postgres metadata + rustfs blobs
Status: DONE
Dependency: TASK-312-002
Owners: Developer, Test Automation
Task description:
- Replace current file-only repository wiring in PacksRegistry with driver-based composition.
- Implement PostgreSQL repositories for metadata/state (`pack`, parity, lifecycle, mirror, audit indexes).
- Route binary payloads (pack content/provenance/attestations) to RustFS/seed-fs object path.
Completion criteria:
- [x] No default file repository wiring remains in production path.
- [x] Metadata CRUD runs on Postgres.
- [x] Blob payloads persist/retrieve through object storage contract.
- [x] Targeted tests prove parity with previous behavior.
### TASK-312-004 - TaskRunner migration: postgres state + rustfs artifacts
Status: DONE
Dependency: TASK-312-002
Owners: Developer, Test Automation
Task description:
- Replace file-backed stores for run state/logs/approvals with Postgres-backed stores.
- Move artifact payload path to RustFS/seed-fs object storage abstraction.
- Preserve deterministic ordering for logs/streaming and run-state transitions.
Completion criteria:
- [x] Run state/log/approval persistence uses Postgres in production config.
- [x] Artifact reads/writes use object storage contract.
- [x] Streaming and API outputs remain deterministic under new backends.
- [x] Targeted tests pass on specific TaskRunner test projects.
### TASK-312-005 - RiskEngine migration: remove in-memory production result store
Status: DONE
Dependency: TASK-312-002
Owners: Developer, Test Automation
Task description:
- Replace `InMemoryRiskScoreResultStore` production wiring with Postgres-backed implementation.
- Keep in-memory path only for explicit test profile.
Completion criteria:
- [x] Production wiring uses Postgres-backed result store.
- [x] In-memory fallback is profile-gated and documented.
- [x] Behavioral tests validate result retrieval and deterministic ordering.
### TASK-312-006 - Replay migration: postgres index/state + rustfs snapshot blobs
Status: DONE
Dependency: TASK-312-002
Owners: Developer, Test Automation
Task description:
- Replace in-memory replay snapshot stores in production wiring.
- Persist replay metadata/index in Postgres and snapshot payloads in RustFS/seed-fs blob storage.
Completion criteria:
- [x] Replay index/state persisted in Postgres.
- [x] Snapshot blob storage moved to object store contract.
- [x] Existing replay token/query behavior preserved with deterministic outputs.
### TASK-312-007 - OpsMemory connection contract alignment
Status: DONE
Dependency: TASK-312-002
Owners: Developer
Task description:
- Align OpsMemory connection lookup with compose defaults (`ConnectionStrings:Default` compatibility).
- Remove unsafe localhost fallback for containerized production profile.
Completion criteria:
- [x] OpsMemory accepts compose-provided connection settings without implicit localhost fallback.
- [x] Connection precedence and required keys documented.
- [x] Startup fails fast with clear error when DB config is missing.
### TASK-312-008 - Compose and test harness parity validation
Status: DONE
Dependency: TASK-312-003, TASK-312-004, TASK-312-005, TASK-312-006, TASK-312-007
Owners: DevOps, Test Automation
Task description:
- Update compose env contracts so storage drivers are explicit where needed.
- Ensure main and testing compose stacks exercise the same storage model for affected services.
- Add verification commands to sprint evidence.
Completion criteria:
- [x] Main compose explicitly documents storage driver keys for affected services.
- [x] Testing compose remains aligned with production storage intent.
- [x] Evidence includes successful service startup plus targeted persistence checks.
### TASK-312-009 - Documentation and runbook updates for storage model
Status: DONE
Dependency: TASK-312-008
Owners: Documentation author
Task description:
- Update module architecture docs and operational runbooks with final Postgres/RustFS split.
- Document migration and rollback procedure for services switching from file/in-memory backends.
Completion criteria:
- [x] Affected module docs updated and linked from this sprint.
- [x] Operator runbooks include storage troubleshooting and rollback steps.
- [x] `Decisions & Risks` references updated docs.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-05 | Sprint created from compose-driven storage policy requirement: PostgreSQL by default, RustFS/seed-fs for blobs only. | Project Manager |
| 2026-03-05 | Baseline gap set established from investigation matrix and compose/service code evidence. | Project Manager |
| 2026-03-05 | Detailed findings baseline added (`FIND-312-001`..`FIND-312-006`) with explicit code and compose references; implementation tasks remain blocked on these findings. | Project Manager |
| 2026-03-05 | TASK-312-002 completed: approved shared storage-driver contract and fail-fast policy; documented baseline keys/defaults in this sprint and platform architecture (`docs/modules/platform/architecture.md`). | Architect |
| 2026-03-05 | TASK-312-007 completed: OpsMemory connection resolution updated to `ConnectionStrings:OpsMemory` -> `ConnectionStrings:Default` -> development-only localhost fallback; non-development now fails fast for missing DB config (`src/AdvisoryAI/StellaOps.OpsMemory.WebService/Program.cs`). | Developer |
| 2026-03-05 | Verification: `dotnet build src/AdvisoryAI/StellaOps.OpsMemory.WebService/StellaOps.OpsMemory.WebService.csproj -v minimal` passed; `dotnet test src/AdvisoryAI/__Tests/StellaOps.OpsMemory.Tests/StellaOps.OpsMemory.Tests.csproj -v minimal` passed (50/50). | Test Automation |
| 2026-03-05 | TASK-312-003/004/005/006 moved to DOING for storage-driver runtime migration implementation across PacksRegistry, TaskRunner, RiskEngine, and Replay. | Developer |
| 2026-03-05 | TASK-312-003 completed: PacksRegistry now defaults to Postgres metadata repositories with seed-fs payload channel; Postgres repositories persist pack/provenance/attestation payload bytes via seed-fs object storage and keep Postgres payload placeholders for compatibility fallback. | Developer |
| 2026-03-05 | TASK-312-003 verification: `dotnet build` for persistence + webservice passed; `dotnet test src/JobEngine/StellaOps.PacksRegistry.__Tests/StellaOps.PacksRegistry.Persistence.Tests/StellaOps.PacksRegistry.Persistence.Tests.csproj -v minimal` passed (7/7), including new `PostgresBlobStorageRepositoryTests`. | Test Automation |
| 2026-03-05 | TASK-312-004 verification: `dotnet build` TaskRunner webservice/worker passed; `dotnet test src/JobEngine/StellaOps.TaskRunner.__Tests/StellaOps.TaskRunner.Persistence.Tests/StellaOps.TaskRunner.Persistence.Tests.csproj -v minimal` passed (4/4). | Test Automation |
| 2026-03-05 | TASK-312-005 verification: production wiring remains Postgres-backed (`PostgresRiskScoreResultStore`); targeted class run passed `StellaOps.RiskEngine.Tests.exe -class "StellaOps.RiskEngine.Tests.PostgresRiskScoreResultStoreTests"` (2/2). Full riskengine suite still shows unrelated auth-harness failures (`Authority URL` missing). | Test Automation |
| 2026-03-05 | TASK-312-006 verification: replay storage stores are now Postgres index + seed-fs blob; targeted class run passed `StellaOps.Replay.Core.Tests.exe -class "StellaOps.Replay.Core.Tests.FeedSnapshots.PostgresFeedSnapshotIndexStoreTests" -class "StellaOps.Replay.Core.Tests.FeedSnapshots.SeedFsFeedSnapshotBlobStoreTests"` (3/3). | Test Automation |
| 2026-03-05 | TASK-312-008 completed: compose contracts include explicit storage-driver keys; resolved `taskrunner-worker` duplicate `/app/artifacts` mount conflict and validated both compose files with `docker compose ... config` (OK). | DevOps |
| 2026-03-05 | TASK-312-009 completed: updated storage-contract documentation in `docs/modules/jobengine/architecture.md`, `docs/modules/replay/architecture.md`, `docs/modules/platform/architecture.md`, and refreshed remediation state in `docs/implplan/CONSOLIDATION_WEBSERVICE_FUNCTION_DB_MATRIX_20260305.md`. | Documentation author |
## Decisions & Risks
- Decision: storage policy is Postgres-first for service state/metadata; blob/object payloads use RustFS/seed-fs path only.
- Decision: shared storage contract defaults are now explicitly documented (`Storage:Driver=postgres`, object store driver `rustfs|seed-fs`, fail-fast non-development policy).
- Decision: OpsMemory now honors compose-compatible `ConnectionStrings:Default` as fallback and removes non-development localhost fallback behavior.
- Decision: PacksRegistry now uses Postgres for metadata/state and seed-fs for payload bytes; Postgres payload columns are written with placeholders to preserve backward-read compatibility paths.
- Decision: Replay and PacksRegistry currently support seed-fs object storage runtime path; rustfs remains config-recognized but non-development runtime is blocked until dedicated adapters are implemented.
- Risk: large migrations in PacksRegistry/TaskRunner can regress deterministic behavior. Mitigation: add behavior-preserving integration tests before cutover.
- Risk: inconsistent config key names across services can keep silent fallback paths active. Mitigation: enforce fail-fast configuration validation and explicit driver keys.
- Risk: replay and risk-engine persistence changes can alter performance and retention behavior. Mitigation: benchmark before/after and gate rollout with feature flags.
- Risk: full `StellaOps.RiskEngine.Tests` suite currently has unrelated auth harness drift (`Resource server authentication requires an Authority URL`) that masks API-level regressions; mitigation is dedicated follow-up to restore test host auth defaults while retaining Sprint 312 targeted storage coverage.
- Evidence references:
- `docs/implplan/CONSOLIDATION_WEBSERVICE_FUNCTION_DB_MATRIX_20260305.md`
- `devops/compose/docker-compose.stella-ops.yml`
- `devops/compose/docker-compose.testing.yml`
- `docs/modules/platform/architecture.md`
- `docs/modules/jobengine/architecture.md`
- `docs/modules/replay/architecture.md`
- `docs/modules/advisory-ai/architecture.md`
- `src/AdvisoryAI/StellaOps.OpsMemory.WebService/Program.cs`
- `src/JobEngine/StellaOps.PacksRegistry.__Libraries/StellaOps.PacksRegistry.Persistence/Postgres/BlobStorage/SeedFsPacksRegistryBlobStore.cs`
- `src/Replay/StellaOps.Replay.WebService/ReplayFeedSnapshotStores.cs`
## Next Checkpoints
- 2026-03-06: TASK-312-003 and TASK-312-004 implementation start.
- 2026-03-07: TASK-312-005 and TASK-312-006 implementation start.
- 2026-03-08: TASK-312-008 compose/test parity review.
- 2026-03-09: TASK-312-009 docs/runbook closeout and readiness sign-off.

161
docs-archived/implplan/2026-03-05-completed-sprints/SPRINT_20260305_312_Policy_policy_engine_tests_baseline_remediation.md Normal file
View File

@@ -0,0 +1,161 @@
# Sprint 312 - Policy Engine Test Baseline Remediation
## Topic & Scope
- Remediate unrelated baseline failures in `StellaOps.Policy.Engine.Tests` discovered during Sprint 306 downstream compatibility validation.
- Restore deterministic Tier 1/Tier 2d test reliability for Policy Engine without regressing score-policy contract work.
- Isolate and fix three failure clusters: missing snapshot artifacts, API host auth test configuration drift, and tenant endpoint logging DI gap.
- Working directory: `src/Policy/`.
- Expected evidence: green `StellaOps.Policy.Engine.Tests` project run, deterministic snapshot artifact source under test tree, and documented test harness contracts.
## Dependencies & Concurrency
- Upstream dependency: `docs-archived/implplan/2026-03-04-completed-sprints/SPRINT_20260304_306_Policy_score_policy_contract_consistency.md`.
- Safe parallelism: can run in parallel with unrelated modules (`Scanner`, `Unknowns`, `VexLens`, `JobEngine`) when no shared test harness files are edited.
- Cross-module note: remediation required test-harness support edits in `src/__Libraries/StellaOps.TestKit/Assertions/SnapshotAssert.cs` for deterministic snapshot root resolution.
## Documentation Prerequisites
- `docs/modules/policy/architecture.md`
- `docs/qa/feature-checks/FLOW.md`
- `docs/code-of-conduct/TESTING_PRACTICES.md`
## Verified Code Baseline (2026-03-05)
- Command: `dotnet test src/Policy/__Tests/StellaOps.Policy.Engine.Tests/StellaOps.Policy.Engine.Tests.csproj -v minimal`
- Result: Failed `19`, Passed `1283`, Total `1302`.
- Failure cluster `POLTEST-001` (15 tests): missing snapshot files under source snapshots folder.
- Failure cluster `POLTEST-002` (3 tests): `PolicyEngineApiHostTests` failed with missing Authority URL validation / auth harness drift.
- Failure cluster `POLTEST-003` (1 test): `TenantIsolationTests.EndpointFilter_RejectsTenantlessRequest_Returns400WithErrorCode` failed with missing `ILoggerFactory`.
## Required Test Projects And Evidence Capture
- `src/Policy/__Tests/StellaOps.Policy.Engine.Tests/StellaOps.Policy.Engine.Tests.csproj`
- `src/Policy/__Tests/StellaOps.Policy.Tests/StellaOps.Policy.Tests.csproj` (regression check for shared Policy libraries)
- `src/Policy/__Tests/StellaOps.Policy.Scoring.Tests/StellaOps.Policy.Scoring.Tests.csproj` (regression check for scoring-path safety)
- Evidence includes failing baseline, remediation runs, and post-fix pass runs.
- Snapshot SHA256 values are recorded in this sprint log.
## Delivery Tracker
### TASK-312-001 - Reproduce and pin failing baseline with deterministic evidence
Status: DONE
Dependency: none
Owners: Test Automation
Task description:
- Re-ran baseline Policy Engine suite and extracted exact failing tests and root-cause clusters from raw test logs.
- Verified failure groups were stable across repeated full-project runs.
Completion criteria:
- [x] Baseline failure list is captured with exact test names and counts.
- [x] Root-cause grouping (`POLTEST-001/002/003`) is validated across repeated runs.
- [x] Execution log includes command lines and summary counts.
### TASK-312-002 - Repair snapshot artifact workflow and deterministic snapshot sources
Status: DONE
Dependency: TASK-312-001
Owners: Developer, Test Automation
Task description:
- Updated snapshot assertion helper to resolve default snapshot root from caller-file path so tests target source-controlled `Snapshots/` directory.
- Added guard assertion test verifying resolved snapshot directory points to test source tree.
- Regenerated and persisted all missing snapshot JSON artifacts under `src/Policy/__Tests/StellaOps.Policy.Engine.Tests/Snapshots/`.
Completion criteria:
- [x] All missing snapshot tests in `PolicyEvaluationTraceSnapshotTests` and `VerdictArtifactSnapshotTests` pass.
- [x] Snapshot files are source-controlled in stable test directories with deterministic naming.
- [x] Snapshot generation does not depend on local machine state or mutable timestamps.
- [x] At least one guard assertion verifies snapshot root path correctness.
### TASK-312-003 - Fix PolicyEngine API host auth test harness configuration
Status: DONE
Dependency: TASK-312-001
Owners: Developer
Task description:
- Added required test-only resource-server configuration (`Authority`, `RequireHttpsMetadata=false`) to satisfy startup validation.
- Hardened fixture authentication wiring by replacing production auth option registrations in fixture scope and re-registering deterministic `TestAuthHandler` for both `Test` and `StellaOpsBearer` schemes.
- Added canonical tenant claim (`stellaops:tenant`) in test auth handler so tenant middleware and policy scope checks both pass in authenticated path.
Completion criteria:
- [x] `PolicyEngineApiHostTests.PolicyLintRules_WithAuth_ReturnsOk` passes without external Authority dependency.
- [x] `PolicyEngineApiHostTests.PolicySnapshotsApi_RequiresAuth` and `PolicyLintRules_RequireAuth` pass with expected statuses.
- [x] Test harness explicitly sets auth options required by resource server validation.
- [x] No production auth path behavior is weakened by test-only changes.
### TASK-312-004 - Fix tenant isolation endpoint filter logging dependency gap
Status: DONE
Dependency: TASK-312-001
Owners: Developer
Task description:
- Added deterministic logging registration in tenant isolation test DI setup (`services.AddLogging()`) to provide `ILoggerFactory` for problem response execution.
Completion criteria:
- [x] `TenantIsolationTests.EndpointFilter_RejectsTenantlessRequest_Returns400WithErrorCode` passes.
- [x] Logging dependencies are registered deterministically in test service provider setup.
- [x] Assertion coverage confirms expected `400` response payload and error code semantics.
### TASK-312-005 - Run full Policy Engine suite and regression suites
Status: DONE
Dependency: TASK-312-002, TASK-312-003, TASK-312-004
Owners: Test Automation
Task description:
- Executed full Policy Engine suite and both regression suites post-fix.
- Documented unrelated repository compile drift and applied scoped test execution (`--no-dependencies` build + `--no-build` test) so Sprint 312 verification remained isolated to Policy work.
Completion criteria:
- [x] `StellaOps.Policy.Engine.Tests.csproj` passes with zero failures.
- [x] `StellaOps.Policy.Tests.csproj` and `StellaOps.Policy.Scoring.Tests.csproj` remain green.
- [x] Execution log records post-fix pass counts and command outputs.
- [x] Any residual unrelated failures are documented with explicit ownership and next sprint references.
### TASK-312-006 - Documentation and sprint closure sync
Status: DONE
Dependency: TASK-312-005
Owners: Documentation author, Project Manager
Task description:
- Updated Policy architecture dossier testing section with explicit snapshot and API auth fixture contracts.
- Updated sprint tracker with final evidence, decisions, and closure state.
Completion criteria:
- [x] Documentation reflects updated snapshot and auth-harness contracts.
- [x] Sprint execution log includes remediation summary with command evidence.
- [x] Decisions & Risks list remaining technical debt, if any.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-05 | Sprint created for unrelated Policy Engine baseline failures discovered after Sprint 306 completion. | Project Manager |
| 2026-03-05 | Baseline run captured: `dotnet test src/Policy/__Tests/StellaOps.Policy.Engine.Tests/StellaOps.Policy.Engine.Tests.csproj -v minimal` => Failed 19, Passed 1283, Total 1302. | Test Automation |
| 2026-03-05 | Added caller-file-path snapshot root resolution in `src/__Libraries/StellaOps.TestKit/Assertions/SnapshotAssert.cs`; added guard test `SnapshotDirectory_ResolvesToSourceControlledSnapshotsFolder`. | Developer |
| 2026-03-05 | Applied API host test-harness fixes in `PolicyEngineApiHostTests`: resource-server Authority settings, test auth scheme override, canonical tenant claim for tenancy middleware. | Developer |
| 2026-03-05 | Applied tenant filter DI fix in `TenantIsolationTests` (`services.AddLogging()`). | Developer |
| 2026-03-05 | Regenerated snapshot fixtures with `UPDATE_SNAPSHOTS=1`; snapshot failures resolved and JSON snapshots written to source `Snapshots/` directory. | Test Automation |
| 2026-03-05 | Encountered unrelated compile drift outside sprint scope: `src/Router/__Libraries/StellaOps.Microservice.AspNetCore/AspNetRouterRequestDispatcher.cs(102): CS0103 PopulateTenantAccessor missing`. | Test Automation |
| 2026-03-05 | Scoped verification run (no unrelated rebuild): `dotnet build ...StellaOps.Policy.Engine.Tests.csproj --no-dependencies -v minimal` then `dotnet test ...StellaOps.Policy.Engine.Tests.csproj --no-build -v minimal` => Failed 0, Passed 1303, Total 1303. | Test Automation |
| 2026-03-05 | Regression suite 1: `dotnet build ...StellaOps.Policy.Tests.csproj --no-dependencies -v minimal` then `dotnet test ...StellaOps.Policy.Tests.csproj --no-build -v minimal` => Failed 0, Passed 784, Total 784. | Test Automation |
| 2026-03-05 | Regression suite 2: `dotnet build ...StellaOps.Policy.Scoring.Tests.csproj --no-dependencies -v minimal` then `dotnet test ...StellaOps.Policy.Scoring.Tests.csproj --no-build -v minimal` => Failed 0, Passed 263, Total 263. | Test Automation |
| 2026-03-05 | Documentation sync complete: updated `docs/modules/policy/architecture.md` testing section with snapshot/auth fixture contracts. | Documentation author |
## Snapshot Hashes (SHA256)
- `47aab3bd367fa584a77a14b9f1ec04c078c95a8eeb45bfe903ec07690aaae342` `src/Policy/__Tests/StellaOps.Policy.Engine.Tests/Snapshots/ComplexVerdict_MultipleRules_Canonical.json`
- `282eb5767add73904712ffeba2ee0a586e02eea506e6553cb51aed986ea29266` `src/Policy/__Tests/StellaOps.Policy.Engine.Tests/Snapshots/EmptyVerdict_Canonical.json`
- `7fd99937462d94df4fe28574bd931d6a106a10f9240f6d6527703ec000bc0136` `src/Policy/__Tests/StellaOps.Policy.Engine.Tests/Snapshots/FailingVerdict_WithViolations_Canonical.json`
- `f8b426c9afe39be84fe403f7cc72e9beecdcd606ec4b1461a0a56de968d692e8` `src/Policy/__Tests/StellaOps.Policy.Engine.Tests/Snapshots/MultiRuleEvaluationTrace.json`
- `8fffb900bcfb96e3d0d8f1f927955e578b72766a2167ba112a54a123c527110e` `src/Policy/__Tests/StellaOps.Policy.Engine.Tests/Snapshots/PassingVerdict_Canonical.json`
- `5d3731d94a57c0ae3a908988eceba995b5838b3e33fa7cf96d6c41bdb7daaefa` `src/Policy/__Tests/StellaOps.Policy.Engine.Tests/Snapshots/ProfileApplicationTrace.json`
- `3cf71c9f615d6d80e86217dd5a4811221530f54cfef128f9b75188830c6dc1b2` `src/Policy/__Tests/StellaOps.Policy.Engine.Tests/Snapshots/SeverityEscalationTrace.json`
- `169e6b3bade6ac63ac11933b11ca253c930ae6521fd4a0b7f8f3a4874f2f104a` `src/Policy/__Tests/StellaOps.Policy.Engine.Tests/Snapshots/SimpleEvaluationTrace.json`
- `605e43b7450c82ab8ff3e16ed36f0ac3297b3f6b8f3a1c6703f438205f49de2f` `src/Policy/__Tests/StellaOps.Policy.Engine.Tests/Snapshots/VerdictWithActNowScore_Canonical.json`
- `7b97ffebfe1aff0f5520081bcfc98f55947616947b84afa2c37f3e6555cc72b6` `src/Policy/__Tests/StellaOps.Policy.Engine.Tests/Snapshots/VerdictWithKevFlaggedScore_Canonical.json`
- `f9af8557262a435c4708bf54d24cb0503e27b7183aa569041fb27275b9d72ae8` `src/Policy/__Tests/StellaOps.Policy.Engine.Tests/Snapshots/VerdictWithLowScore_Canonical.json`
- `8e09e248660901d9b3285b634d7c6576283c70c84abb821524e4f8261589c342` `src/Policy/__Tests/StellaOps.Policy.Engine.Tests/Snapshots/VerdictWithScoreRuleViolation_Canonical.json`
- `1f7a04c3a92ba5472d3ed71d7cf2292475818ba4db37a13a6308f2a76f9f2e86` `src/Policy/__Tests/StellaOps.Policy.Engine.Tests/Snapshots/VerdictWithUnknowns_Canonical.json`
- `bd6e735d543e5f7e4eb1bad8df376945f5e7cf80de86bb2281c29ba929604b42` `src/Policy/__Tests/StellaOps.Policy.Engine.Tests/Snapshots/VerdictWithVexMerge_Canonical.json`
- `c89be4501662018c16faab444d6490ea39b00a4d446306b916966b8f5ef9484e` `src/Policy/__Tests/StellaOps.Policy.Engine.Tests/Snapshots/VexResolutionTrace.json`
## Decisions & Risks
- Decision: keep remediation scope limited to test harness and deterministic snapshot assets; no product runtime behavior changes were introduced.
- Decision: use caller-file-path-based snapshot resolution to guarantee source-controlled snapshot lookup independent of `bin/` working directory.
- Decision: apply test-only auth option replacement in fixture scope to preserve production `StellaOpsBearer` runtime behavior while enabling deterministic integration testing.
- Risk: unrelated Router compile drift currently blocks full dependency rebuilds (`AspNetRouterRequestDispatcher.cs:102` missing `PopulateTenantAccessor`). Mitigation in this sprint: scoped build/test commands; follow-up ownership required in Router stream.
- Risk: Microsoft.Testing.Platform ignores VSTest filter properties for this project (`MTP0001`), so targeted single-test commands do not reduce execution set. Mitigation: use full-project runs and log extraction for evidence.
- Documentation links updated:
- `docs/modules/policy/architecture.md` (Testing & Quality section)
## Next Checkpoints
- 2026-03-06: Router stream to resolve `PopulateTenantAccessor` compile drift so full dependency rebuilds can be restored in default test commands.
- 2026-03-06: Archive Sprint 312 once branch integration is complete and no additional Policy test regressions appear.