stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

chore(sprints): archive 20260226 advisories and expand deterministic tests

Browse Source
This commit is contained in:
master
2026-03-04 03:09:23 +02:00
parent 4fe8eb56ae
commit aaad8104cb
35 changed files with 4686 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
docs-archived/implplan/2026-03-03-completed-sprints/ARCHIVE_LOG.md Normal file
View File

@@ -0,0 +1,43 @@
# Archive Log - 2026-03-03 Completed Sprints
Source: `docs/implplan/`
Destination: `docs-archived/implplan/2026-03-03-completed-sprints/`
Moved sprint files:
- SPRINT_20260226_222_Cli_proof_chain_verification_and_replay_parity.md
- SPRINT_20260226_223_Platform_score_explain_contract_and_replay_alignment.md
- SPRINT_20260226_224_Scanner_oci_referrers_runtime_stack_and_replay_data.md
- SPRINT_20260226_225_Attestor_signature_trust_and_verdict_api_hardening.md
- SPRINT_20260226_226_Symbols_dsse_rekor_merkle_and_hash_integrity.md
- SPRINT_20260226_227_FE_triage_risk_score_widget_wiring_and_parity.md
- SPRINT_20260226_228_Tools_supply_chain_fuzz_mutation_hardening_suite.md
- SPRINT_20260226_229_DOCS_advisory_hygiene_dedup_and_archival_translation.md
- SPRINT_20260226_230_Platform_locale_label_translation_corrections.md
All tasks in these files are in `DONE` state with checked completion criteria.
## 2026-03-04 Regression Revalidation
Validated archived sprint deliverables with targeted checks:
- CLI (`SPRINT_20260226_222`): `StellaOps.Cli.Tests.Commands.Sprint222ProofVerificationTests` -> 4/4 pass.
- Platform (`SPRINT_20260226_223`): `ScoreExplainEndpointContractTests` -> 4/4 pass.
- Scanner (`SPRINT_20260226_224`): web service + storage + runtime targeted classes -> 16/16 pass.
- Attestor (`SPRINT_20260226_225`): `DsseVerifierTests` + `VerdictControllerSecurityTests` -> 21/21 pass.
- Symbols (`SPRINT_20260226_226`): `BundleBuilderVerificationTests` -> 5/5 pass.
- Web FE (`SPRINT_20260226_227`): `npx tsc --noEmit` pass; Playwright risk/score suites -> 10/10 pass.
- Tools (`SPRINT_20260226_228`): `python tests/supply-chain/run_suite.py --profile smoke --seed 20260226` -> all 5 lanes pass.
- Docs/locale (`SPRINT_20260226_229/230`): advisory folder contains only `README.md`; all archived sprint files remain `DONE_ONLY`; non-English placeholder scan clean; non-English translation JSON parses clean.
## 2026-03-04 Additional Test Expansion
Added and validated extra edge/negative-path tests in sprint-specific classes:
- CLI (`SPRINT_20260226_222`): added deterministic checks for missing `--trust-root` and missing Rekor checkpoint path; class now 6/6 pass.
- Platform (`SPRINT_20260226_223`): added digest normalization and malformed digest-segment checks; class now 6/6 pass.
- Scanner (`SPRINT_20260226_224`): added disabled/missing-image OCI publish cases, missing reachability stack and invalid layer cases, and missing DSSE envelope retrieval case; selected classes now 14/14 pass.
- Attestor (`SPRINT_20260226_225`): added roster-entry missing public key case (deterministic `500 authority_key_missing_public_key`); class now 6/6 pass.
- Symbols (`SPRINT_20260226_226`): added missing checkpoint while Rekor proof required case (`rekor_proof_required:missing_checkpoint`); class now 6/6 pass.
- Web FE (`SPRINT_20260226_227`): reran targeted Playwright suites after expansion work; 10/10 pass on rerun (one transient selector miss observed once, then passing on rerun).
## 2026-03-04 Archive Hygiene
- Advisory translation register module-doc mappings for Symbols-related advisories were updated from `docs/modules/symbols/architecture.md` (retired path) to `docs/modules/binary-index/architecture.md` so archived traceability links resolve against current module ownership.

130
docs-archived/implplan/2026-03-03-completed-sprints/SPRINT_20260226_222_Cli_proof_chain_verification_and_replay_parity.md Normal file
View File

@@ -0,0 +1,130 @@
# Sprint 222 - CLI Proof Chain Verification and Replay Parity
## Topic & Scope
- Close all critical CLI proof-path placeholders for DSSE, Rekor, SBOM, witness, replay, and timeline commands.
- Align CLI behavior with deterministic backend contracts and remove synthetic fallback behaviors that hide real failures.
- Working directory: `src/Cli/`.
- Expected evidence: targeted CLI tests, golden output updates, deterministic exit-code matrix, and updated CLI module docs.
## Dependencies & Concurrency
- Depends on Sprint 223 (Platform score explanation contract) and Sprint 224 (Scanner replay/timeline data contract) for API parity.
- Depends on Sprint 225 (Attestor trust verification) for shared DSSE verification behavior.
- Safe to run in parallel with Sprints 226, 227, 228 after endpoint contracts are frozen.
## Documentation Prerequisites
- `docs/modules/cli/cli-vs-ui-parity.md`
- `docs/modules/attestor/proof-chain-specification.md`
- `docs/modules/signals/unified-score.md`
- `docs/modules/airgap/guides/proof-chain-verification.md`
## Delivery Tracker
### CLI-222-001 - Replace structural proof checks with cryptographic verification
Status: DONE
Dependency: none
Owners: Developer, Test Automation
Task description:
- Replace placeholder and structure-only verification paths in `chain verify`, `bundle verify`, and `sbom verify`.
- Implement signature verification and Rekor inclusion validation gates that fail deterministically when trust roots or proofs are invalid.
- Normalize error codes so CI can distinguish validation failure, missing evidence, and transport failure.
Completion criteria:
- [x] `stella chain verify --verify-signatures` no longer emits `skip` for implemented paths.
- [x] `stella bundle verify` performs cryptographic DSSE checks when trust root is provided.
- [x] `stella sbom verify` performs real signature verification and surfaces deterministic failure reasons.
- [x] Golden tests assert stable output fields and exit codes.
### CLI-222-002 - Complete witness signing, Rekor logging, and verification scripts
Status: DONE
Dependency: CLI-222-001
Owners: Developer, Test Automation
Task description:
- Implement `stella witness generate --sign --rekor` end to end, including signed payload output and log reference recording.
- Implement real `stella witness verify` signature and inclusion proof checks.
- Regenerate bundle verification scripts so they execute real checks instead of printing `[SKIP]`.
Completion criteria:
- [x] Witness generate supports signed output with non-placeholder metadata.
- [x] Witness verify reports true pass/fail based on DSSE + Rekor checks.
- [x] Generated `verify.ps1` and `verify.sh` scripts perform real checks.
- [x] Integration tests cover valid, tampered, and missing-proof cases.
### CLI-222-003 - Remove synthetic score explanation fallback and align endpoint usage
Status: DONE
Dependency: Sprint 223
Owners: Developer
Task description:
- Remove synthetic explanation generation fallback in `score replay explain`.
- Consume the canonical score explanation contract from Platform and return explicit, deterministic errors when endpoint/data is unavailable.
- Keep output formats deterministic across `table`, `json`, and machine-readable modes.
Completion criteria:
- [x] No synthetic explanation path remains in `ScoreReplayCommandGroup`.
- [x] CLI endpoint target matches documented Platform API.
- [x] Error handling uses deterministic exit code mapping.
- [x] Unit tests cover non-200, malformed payload, and not-found responses.
### CLI-222-004 - Implement offline scoring and real timeline/replay data paths
Status: DONE
Dependency: Sprint 224
Owners: Developer, Test Automation
Task description:
- Implement `score compute --offline` using bundled/frozen scoring inputs.
- Replace sample timeline event generation with backend timeline query/export support.
- Implement verdict-store backed replay request construction for `--verdict` path.
Completion criteria:
- [x] `score compute --offline` is functional and deterministic.
- [x] `timeline query` and `timeline export` use backend data, not in-memory sample events.
- [x] `replay snapshot --verdict` resolves verdict metadata without requiring manual snapshot fields when available.
- [x] Determinism tests prove repeatable outputs for identical inputs.
### CLI-222-005 - Finish binary command surfaces that remain scaffolded
Status: DONE
Dependency: Sprint 224, Sprint 225
Owners: Developer
Task description:
- Implement non-placeholder paths in `binary submit`, `binary info`, `binary symbols`, and `binary verify`.
- Wire signing, Scanner API submission, and optional Rekor checks with deterministic reporting.
- Ensure `binary callgraph` remains stable and contract-compatible with downstream replay workflows.
Completion criteria:
- [x] `binary submit` no longer returns mock digest values.
- [x] `binary verify` executes real signature/hash/transparency checks.
- [x] Command docs include explicit prerequisites and offline behavior.
- [x] Integration tests validate live and offline workflows.
### CLI-222-006 - Documentation and parity matrix updates
Status: DONE
Dependency: CLI-222-001, CLI-222-002, CLI-222-003, CLI-222-004, CLI-222-005
Owners: Documentation author
Task description:
- Update CLI docs and parity matrix rows from planned/in-progress to available where completed.
- Record exact command contracts, exit codes, and deterministic guarantees.
- Link implementation evidence and tests from this sprint.
Completion criteria:
- [x] `docs/modules/cli/cli-vs-ui-parity.md` updated for completed commands.
- [x] Relevant CLI guide docs updated with contract and examples.
- [x] Sprint execution log includes links to changed docs and tests.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-26 | Sprint created from advisory-to-capability gap review; tasks mapped to concrete CLI closure actions. | Product Manager |
| 2026-02-26 | Implemented CLI proof-path closure across `chain verify`, `bundle verify`, `sbom verify`, `witness generate/verify`, `score replay explain`, `timeline query/export`, `replay snapshot --verdict`, and `binary submit/verify` with deterministic error/exit mapping. | Developer |
| 2026-02-26 | Updated parity/docs contracts in `docs/modules/cli/architecture.md`, `docs/modules/cli/cli-vs-ui-parity.md`, `docs/modules/cli/guides/commands/sbom.md`, `docs/modules/cli/guides/commands/scan-replay.md`, and `docs/modules/cli/guides/output-and-exit-codes.md`. | Documentation author |
| 2026-03-03 | Revalidated targeted sprint coverage using class-scoped xUnit execution: `StellaOps.Cli.Tests.Commands.Sprint222ProofVerificationTests` (4 passed, 0 failed). | Test Automation |
## Decisions & Risks
- Decision: CLI must not fabricate advisory or score explanation content when backend data is unavailable.
- Decision: class-scoped xUnit binary execution is the canonical targeted verification method for this sprint because Microsoft.Testing.Platform ignores `dotnet test --filter` in this repo.
- Risk: Endpoint contract drift across Platform/Scanner may block CLI parity; mitigate with contract fixtures and shared schema tests. Mitigation owner: CLI + Platform maintainers.
- Risk: strict verification can change operator workflows; mitigate with explicit migration notes and deterministic error taxonomy in CLI docs. Mitigation owner: CLI docs owner.
## Next Checkpoints
- 2026-02-27: Contract freeze across CLI, Platform, Scanner.
- 2026-03-01: Proof-verification command acceptance demo.
- 2026-03-03: Offline scoring and timeline/replay acceptance demo.

93
docs-archived/implplan/2026-03-03-completed-sprints/SPRINT_20260226_223_Platform_score_explain_contract_and_replay_alignment.md Normal file
View File

@@ -0,0 +1,93 @@
# Sprint 223 - Platform Score Explain Contract and Replay Alignment
## Topic & Scope
- Establish a canonical score explanation contract that CLI and Web consume without synthetic fallback behavior.
- Align score explain, evaluate, history, replay, and verify outputs with deterministic serialization and explicit error taxonomy.
- Working directory: `src/Platform/`.
- Expected evidence: endpoint implementation, schema contract tests, OpenAPI updates, and API docs updates.
## Dependencies & Concurrency
- Upstream: none.
- Downstream consumers: Sprint 222 (CLI) and Sprint 227 (FE) depend on this contract.
- Safe to run in parallel with Sprints 224, 225, 226 once response schema freeze is agreed.
## Documentation Prerequisites
- `docs/modules/signals/unified-score.md`
- `docs/technical/scoring-algebra.md`
- `docs/api/score-replay-api.md`
## Delivery Tracker
### PLATFORM-223-001 - Define and version score explanation API contract
Status: DONE
Dependency: none
Owners: Developer, Documentation author
Task description:
- Introduce a stable score explanation response schema including factor weights, source digests, deterministic input hash, and replay linkage.
- Version the contract and register it in OpenAPI and module docs.
- Define a deterministic error body for `not_found`, `invalid_input`, and `backend_unavailable`.
Completion criteria:
- [x] Score explanation schema added to Platform contracts.
- [x] OpenAPI includes score explanation endpoint and response types.
- [x] Deterministic error schema documented and tested.
### PLATFORM-223-002 - Implement score explanation endpoint
Status: DONE
Dependency: PLATFORM-223-001
Owners: Developer
Task description:
- Implement `GET /api/v1/score/explain/{digest}` (or equivalent canonical route agreed in contract freeze).
- Ensure data is derived from persisted score/replay artifacts and never from synthetic stubs.
- Apply tenant and authorization controls consistent with existing `/api/v1/score/*` policies.
Completion criteria:
- [x] Endpoint implemented with tenant-aware authorization.
- [x] Response includes deterministic fields and replay linkage.
- [x] Missing data returns deterministic `not_found` error body.
- [x] Integration tests cover valid, missing, and malformed input.
### PLATFORM-223-003 - Unify score endpoint determinism guarantees
Status: DONE
Dependency: PLATFORM-223-001
Owners: Developer, Test Automation
Task description:
- Audit all score endpoints for deterministic field ordering, timestamp behavior, and optional field consistency.
- Remove response inconsistencies that break CLI/Web stable parsing.
- Add contract-level tests validating output stability for replay and verify flows.
Completion criteria:
- [x] Deterministic contract tests added for evaluate/history/replay/verify/explain.
- [x] Response shape and key semantics are stable across repeated runs.
- [x] No endpoint emits synthetic or random demo-only content in production path.
### PLATFORM-223-004 - Publish migration and client integration notes
Status: DONE
Dependency: PLATFORM-223-002, PLATFORM-223-003
Owners: Documentation author
Task description:
- Document endpoint contract, compatibility notes, and migration guidance for CLI and FE clients.
- Update module docs and API docs with example requests/responses and error mapping.
- Provide deprecation plan if any old score explain path exists.
Completion criteria:
- [x] API docs updated with the final endpoint route and examples.
- [x] Integration guidance added for CLI and FE consumers.
- [x] Sprint log links all changed docs and tests.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-26 | Sprint created to close score explain contract gap and unblock CLI/FE parity work. | Product Manager |
| 2026-02-26 | Completed deterministic score contract closure: filled `unknowns`/`proof_ref`, replaced replay verify placeholders with deterministic envelope comparison + mismatch taxonomy, updated score API docs, and validated with targeted score endpoint contract/unit tests (`34` tests passed). | Developer |
| 2026-03-03 | Revalidated targeted endpoint contract coverage with class-scoped xUnit run: `StellaOps.Platform.WebService.Tests.ScoreExplainEndpointContractTests` (4 passed, 0 failed). | Test Automation |
## Decisions & Risks
- Decision: score explanation must be sourced from verifiable stored score artifacts and replay metadata.
- Risk: existing clients may depend on undocumented fields; mitigate via versioned schema and compatibility notes. Mitigation owner: Platform API owner.
- Risk: endpoint route mismatch between historical docs and implementation; mitigate via contract freeze checkpoint. Mitigation owner: Platform + CLI maintainers.
## Next Checkpoints
- 2026-02-27: Contract freeze review with CLI and FE owners.
- 2026-03-01: Endpoint and contract test completion checkpoint.
- 2026-03-02: Consumer integration signoff.

123
docs-archived/implplan/2026-03-03-completed-sprints/SPRINT_20260226_224_Scanner_oci_referrers_runtime_stack_and_replay_data.md Normal file
View File

@@ -0,0 +1,123 @@
# Sprint 224 - Scanner OCI Referrers, Runtime Stack, and Replay Data
## Topic & Scope
- Implement robust OCI discovery and attestation attachment paths across registries with runtime capability detection and deterministic fallback.
- Replace scanner-side placeholder data paths for replay command generation, slice retrieval, and reachability stack exposure.
- Working directory: `src/Scanner/`.
- Expected evidence: integration tests for OCI fallback matrix, runtime stack endpoint behavior, replay command fidelity, and CAS retrieval.
## Dependencies & Concurrency
- Depends on Sprint 225 for shared DSSE verification behavior and trust roots.
- Provides required backend paths for Sprint 222 (CLI timeline/replay) and Sprint 227 (FE triage evidence wiring).
- Can run in parallel with Sprint 226 and Sprint 228 after contract checkpoints.
## Documentation Prerequisites
- `docs/modules/scanner/architecture.md`
- `docs/modules/platform/explainable-triage-implementation-plan.md`
- `docs/modules/airgap/guides/proof-chain-verification.md`
## Delivery Tracker
### SCANNER-224-001 - Implement OCI referrers capability probing and fallback strategy
Status: DONE
Dependency: none
Owners: Developer, Test Automation
Task description:
- Add runtime capability probing for registries that do not implement OCI 1.1 referrers.
- Implement deterministic fallback order: OCI referrers -> fallback tags -> provider attachment API adapters where configured.
- Record capability outcomes in structured logs and response metadata for operator visibility.
Completion criteria:
- [x] Referrer discovery no longer silently returns empty on non-success without capability metadata.
- [x] Configurable fallback flow implemented and test-covered.
- [x] Integration tests cover at least GHCR-like, ECR-like, and attachment-model flows.
### SCANNER-224-002 - Complete DSSE verification during slice pull and attestation publish
Status: DONE
Dependency: SCANNER-224-001
Owners: Developer
Task description:
- Replace pending DSSE verification path in slice pull service with trust-root backed verification.
- Replace placeholder attestation digest and delayed no-op in OCI attestation publisher with real attachment flow.
- Ensure verification status is propagated to callers as deterministic structured fields.
Completion criteria:
- [x] Slice pull DSSE verification returns true/false based on real verification.
- [x] OciAttestationPublisher returns real attached digest values.
- [x] Unit/integration tests validate signing and verification failure modes.
### SCANNER-224-003 - Implement CAS-backed slice retrieval and DSSE retrieval paths
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Implement `GetSliceAsync` and `GetSliceDsseAsync` retrieval against the actual CAS interface.
- Remove compilation-only null return behavior and surface deterministic not-found/error responses.
- Add parity tests for replay paths that depend on stored slices.
Completion criteria:
- [x] CAS retrieval is implemented for slice and DSSE payloads.
- [x] Replay flows can resolve stored slices end-to-end.
- [x] Tests cover cache hit, cache miss, and corrupt object cases.
### SCANNER-224-004 - Replace replay command placeholders with live scan context
Status: DONE
Dependency: SCANNER-224-003
Owners: Developer
Task description:
- Update replay command generation to use actual scan/finding context instead of static API base and placeholder-derived values.
- Ensure generated commands are deterministic and shell-specific as requested.
- Add verification that generated commands reproduce the same verdict hash when replayed.
Completion criteria:
- [x] Replay command service no longer emits hardcoded API base or placeholder values.
- [x] Deterministic command-generation tests pass across supported shells.
- [x] Command metadata includes required offline prerequisites accurately.
### SCANNER-224-005 - Deliver real reachability stack repository integration
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Implement repository backing for `IReachabilityStackRepository` and wire it into endpoint composition.
- Remove not-implemented default behavior in deployments where stack data is configured.
- Preserve deterministic API semantics for layer and full-stack retrieval.
Completion criteria:
- [x] Reachability stack endpoint returns persisted data when configured.
- [x] `501 not implemented` path is limited to genuinely disabled deployments.
- [x] API tests cover full stack and per-layer responses.
### SCANNER-224-006 - Runtime collector implementation milestones for eBPF and ETW
Status: DONE
Dependency: none
Owners: Developer, Test Automation
Task description:
- Implement initial production-grade event ingestion loops for eBPF and ETW collectors with explicit sealed-mode behavior.
- Add deterministic event serialization and symbol resolution cache behavior.
- Expose collector health/capability signals for triage explainability.
Completion criteria:
- [x] eBPF collector performs non-placeholder start/stop/event ingestion path.
- [x] ETW collector performs non-placeholder session/event path.
- [x] Integration tests validate deterministic outputs for frozen fixtures.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-26 | Sprint created from advisory gap mapping for OCI compatibility, runtime stack, and replay data integrity. | Product Manager |
| 2026-02-26 | Implemented OCI capability probing + deterministic fallback ordering, DSSE verification on slice pull/publish paths, CAS-backed slice retrieval, replay command generation from live scan context, and reachability stack repository wiring. | Developer |
| 2026-02-26 | Delivered runtime collector milestones in `StellaOps.Scanner.Runtime` (eBPF/ETW non-placeholder ingestion paths) plus deterministic fixture coverage. | Developer |
| 2026-03-03 | Revalidated targeted scanner classes: `OciAttestationPublisherTests` (1), `ReachabilityStackEndpointsTests` (3), `SliceQueryServiceRetrievalTests` (5), `SlicePullServiceTests` (4), `TraceCollectorFixtureTests` (3); total 16 passed, 0 failed. | Test Automation |
## Decisions & Risks
- Decision: registry fallback behavior must be explicit and observable, never silent.
- Risk: registry-specific adapters may increase complexity; mitigate with deterministic fallback ordering and capability cache. Mitigation owner: Scanner registry integration owner.
- Risk: runtime collectors can be environment-sensitive; mitigate with fixture-based deterministic tests and sealed-mode paths. Mitigation owner: Scanner runtime owner.
## Next Checkpoints
- 2026-02-28: OCI fallback contract checkpoint.
- 2026-03-01: CAS + replay command path completion checkpoint.
- 2026-03-04: Runtime collector implementation checkpoint.

109
docs-archived/implplan/2026-03-03-completed-sprints/SPRINT_20260226_225_Attestor_signature_trust_and_verdict_api_hardening.md Normal file
View File

@@ -0,0 +1,109 @@
# Sprint 225 - Attestor Signature Trust and Verdict API Hardening
## Topic & Scope
- Close high-risk trust verification gaps in Attestor signature handling and verdict endpoint authorization flow.
- Remove placeholder endpoint behaviors that hide unimplemented trust checks and incomplete verdict lookup paths.
- Working directory: `src/Attestor/`.
- Expected evidence: cryptographic verification tests (including Ed25519), endpoint integration tests, and updated trust/runbook docs.
## Dependencies & Concurrency
- Upstream: none.
- Downstream: Sprint 222 and Sprint 224 consume finalized Attestor verification semantics.
- Safe to run in parallel with Sprint 226 and Sprint 228 after trust-root contract freeze.
## Documentation Prerequisites
- `docs/modules/attestor/architecture.md`
- `docs/modules/attestor/proof-chain-specification.md`
- `docs/modules/attestor/rekor-verification-design.md`
## Delivery Tracker
### ATTESTOR-225-001 - Implement Ed25519 verification in DSSE verifier
Status: DONE
Dependency: none
Owners: Developer, Test Automation
Task description:
- Implement Ed25519 DSSE signature verification path in `DsseVerifier`.
- Ensure key-type dispatch remains deterministic and error reporting identifies unsupported/invalid key material clearly.
- Add test vectors for ECDSA, RSA, and Ed25519 success/failure paths.
Completion criteria:
- [x] Ed25519 signatures verify successfully using trusted test vectors.
- [x] Failure modes produce deterministic error reasons.
- [x] Existing ECDSA/RSA behavior remains backward compatible.
### ATTESTOR-225-002 - Enforce Authority roster verification for verdict creation
Status: DONE
Dependency: ATTESTOR-225-001
Owners: Developer
Task description:
- Implement DSSE signature verification against Authority key roster in verdict create endpoint.
- Reject unsigned or untrusted verdict submissions with deterministic authorization error responses.
- Remove placeholder trust bypass comments and temporary acceptance paths.
Completion criteria:
- [x] Verdict creation validates DSSE signature against roster before append.
- [x] Unauthorized signatures are rejected with deterministic response body.
- [x] Endpoint tests cover trusted, revoked, and unknown key scenarios.
### ATTESTOR-225-003 - Replace header-only tenant resolution with authenticated context
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Replace `X-Tenant-Id` placeholder extraction with claim-derived tenant context from authenticated principal.
- Keep optional compatibility guardrails only where explicitly approved and auditable.
- Ensure tenant mismatch handling is explicit and deterministic.
Completion criteria:
- [x] Tenant context is resolved from authenticated principal.
- [x] Header spoofing no longer grants tenant write/read behavior.
- [x] Endpoint tests verify tenant isolation.
### ATTESTOR-225-004 - Implement verdict-by-hash retrieval path
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Add service/repository method for direct verdict lookup by hash and wire endpoint behavior.
- Replace current placeholder not-found return path with implemented retrieval logic.
- Add paging/filter semantics where needed to preserve current API style.
Completion criteria:
- [x] `GET /api/v1/verdicts/{hash}` (or mapped equivalent) returns actual verdict when present.
- [x] Not-found path only used for true missing records.
- [x] Tests validate retrieval and tenant authorization.
### ATTESTOR-225-005 - Trust-mode documentation and operational runbook updates
Status: DONE
Dependency: ATTESTOR-225-001, ATTESTOR-225-002, ATTESTOR-225-003, ATTESTOR-225-004
Owners: Documentation author
Task description:
- Update attestor docs with finalized key-type support, roster verification flow, and tenant trust model.
- Add operational troubleshooting guidance for signature and roster failures.
- Link implemented sprint tasks in proof-chain specification status tables.
Completion criteria:
- [x] Attestor docs reflect implemented trust behavior.
- [x] Proof-chain sprint status table updated with this sprint linkage.
- [x] Runbook includes deterministic error triage guidance.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-26 | Sprint created to close attestor trust and verdict API hardening gaps identified in advisory review. | Product Manager |
| 2026-02-26 | Implementation started: Ed25519 verifier, verdict roster enforcement, tenant context hardening, and verdict retrieval path. | Developer |
| 2026-02-26 | Completed trust hardening: Ed25519 DSSE verification in `DsseVerifier`, roster-backed verdict authorization checks, principal-derived tenant resolution, and verdict-by-hash retrieval with deterministic status codes. | Developer |
| 2026-02-26 | Updated attestor module docs/runbooks: `docs/modules/attestor/architecture.md`, `docs/modules/attestor/proof-chain-specification.md`, and `docs/modules/attestor/guides/offline-verification.md`. | Documentation author |
| 2026-03-03 | Revalidated targeted classes: `StellaOps.Attestation.Tests.DsseVerifierTests` (16 passed) and `StellaOps.Attestor.Tests.VerdictControllerSecurityTests` (5 passed). | Test Automation |
## Decisions & Risks
- Decision: no unsigned or untrusted verdict write path in production mode.
- Risk: roster distribution latency can cause temporary false rejects; mitigate with cache visibility and explicit retry guidance. Mitigation owner: Attestor operations owner.
- Risk: tenant context migration may break legacy clients; mitigate with migration window and explicit deprecation notice. Mitigation owner: Attestor API owner.
## Next Checkpoints
- 2026-02-28: key-type verification milestone (Ed25519 path).
- 2026-03-01: verdict endpoint trust enforcement milestone.
- 2026-03-03: docs and operational runbook completion.

109
docs-archived/implplan/2026-03-03-completed-sprints/SPRINT_20260226_226_Symbols_dsse_rekor_merkle_and_hash_integrity.md Normal file
View File

@@ -0,0 +1,109 @@
# Sprint 226 - Symbols DSSE, Rekor, Merkle, and Hash Integrity
## Topic & Scope
- Replace placeholder cryptographic behaviors in symbols bundling and verification with production-safe implementations.
- Deliver complete DSSE signing/verification and Rekor submission/inclusion validation for symbols bundles.
- Working directory: `src/Symbols/`.
- Expected evidence: symbols bundle integration tests, crypto correctness tests, and updated symbol verification docs.
## Dependencies & Concurrency
- Depends on Sprint 225 for shared trust-root/key validation conventions.
- Provides proof artifacts consumed by Sprint 224 (Scanner runtime symbolization) and Sprint 227 (FE confidence widgets).
- Safe to run in parallel with Sprint 222 once endpoint contracts are stable.
## Documentation Prerequisites
- `docs/modules/symbols/architecture.md`
- `docs/modules/attestor/proof-chain-specification.md`
- `docs/modules/airgap/guides/proof-chain-verification.md`
## Delivery Tracker
### SYMBOLS-226-001 - Replace hash placeholders with intended algorithm implementation
Status: DONE
Dependency: none
Owners: Developer, Test Automation
Task description:
- Replace SHA256 placeholder paths currently labeled as BLAKE3 with actual BLAKE3 implementation where specified by contract.
- Audit all bundle digest and root-hash fields for algorithm labeling correctness.
- Add cross-platform deterministic hashing tests for fixed fixtures.
Completion criteria:
- [x] Placeholder hash comments removed from production paths.
- [x] Algorithm labels match actual computed algorithm.
- [x] Determinism tests pass across supported environments.
### SYMBOLS-226-002 - Implement DSSE signing and verification for bundles
Status: DONE
Dependency: SYMBOLS-226-001
Owners: Developer
Task description:
- Implement actual DSSE bundle signing with configured keys and canonical payload serialization.
- Implement signature verification path for bundle verify operation and return explicit verification status.
- Ensure signature metadata is persisted for downstream audit/replay workflows.
Completion criteria:
- [x] Bundle signing produces verifiable DSSE envelopes.
- [x] Verification fails deterministically for tampered payload/signature.
- [x] Integration tests cover valid/tampered/missing-signature cases.
### SYMBOLS-226-003 - Implement Rekor submit and inclusion verification
Status: DONE
Dependency: SYMBOLS-226-002
Owners: Developer
Task description:
- Implement Rekor submission for symbols bundles and persist returned entry metadata.
- Implement offline and online inclusion verification paths, including checkpoint validation where available.
- Remove placeholder checkpoint generation and random GUID entry behavior.
Completion criteria:
- [x] Rekor submission returns real entry metadata in bundle output.
- [x] Offline inclusion verification executes real proof checks.
- [x] Verification outputs include deterministic status and reason fields.
### SYMBOLS-226-004 - Implement Merkle inclusion verification in bundle verifier
Status: DONE
Dependency: SYMBOLS-226-003
Owners: Developer
Task description:
- Implement Merkle proof validation where currently stubbed in symbols bundle verification.
- Verify consistency between bundle manifest digests and Rekor/checkpoint references.
- Add explicit failure taxonomy for inclusion mismatch and missing proof nodes.
Completion criteria:
- [x] Merkle inclusion proof path implemented and tested.
- [x] Bundle verify returns fail on proof mismatch.
- [x] Test vectors include corrupted and truncated proof scenarios.
### SYMBOLS-226-005 - Update symbols verification docs and operator guide
Status: DONE
Dependency: SYMBOLS-226-002, SYMBOLS-226-003, SYMBOLS-226-004
Owners: Documentation author
Task description:
- Update Symbols module docs with finalized DSSE/Rekor/Merkle verification flow.
- Document offline verification behavior and trust-root requirements.
- Link acceptance tests and deterministic fixtures.
Completion criteria:
- [x] Symbols docs updated for full proof chain behavior.
- [x] Offline verification procedure documented.
- [x] Sprint execution log references concrete doc/test artifacts.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-26 | Sprint created to close symbols proof chain placeholders and hash integrity gaps. | Product Manager |
| 2026-02-26 | Implemented hash integrity and proof-chain closure in Symbols: algorithm labeling fixes, DSSE sign/verify path, Rekor entry persistence/verification wiring, and Merkle inclusion proof validation with deterministic failure taxonomy. | Developer |
| 2026-02-26 | Updated symbols docs for finalized proof-chain behavior and offline procedure: `docs/modules/symbols/architecture.md` and `docs/modules/symbols/specs/bundle-guide.md`. | Documentation author |
| 2026-03-03 | Revalidated targeted class `StellaOps.Symbols.Tests.Bundle.BundleBuilderVerificationTests` (5 passed, 0 failed). | Test Automation |
## Decisions & Risks
- Decision: algorithm labels in manifests must always reflect actual implemented algorithm to avoid audit ambiguity.
- Risk: introducing BLAKE3 may affect interoperability assumptions; mitigate with compatibility notes and migration tests. Mitigation owner: Symbols module owner.
- Risk: Rekor availability constraints in sealed/offline environments; mitigate with deterministic offline verification mode. Mitigation owner: Symbols + Attestor maintainers.
## Next Checkpoints
- 2026-02-28: hash/signing path completion checkpoint.
- 2026-03-02: Rekor and Merkle verification completion checkpoint.
- 2026-03-03: documentation and operations handoff.

123
docs-archived/implplan/2026-03-03-completed-sprints/SPRINT_20260226_227_FE_triage_risk_score_widget_wiring_and_parity.md Normal file
View File

@@ -0,0 +1,123 @@
# Sprint 227 - FE Triage, Risk, and Score Widget Wiring and Parity
## Topic & Scope
- Wire triage evidence actions to real backend flows and remove mock/stub behavior in daily triage workflows.
- Deliver missing risk and score UI surfaces currently represented by skipped E2E suites.
- Working directory: `src/Web/StellaOps.Web/`.
- Expected evidence: unskipped E2E suites, component tests, accessibility checks, and updated FE docs.
## Dependencies & Concurrency
- Depends on Sprint 223 (score explanation contract), Sprint 224 (scanner replay/evidence endpoints), and Sprint 225 (attestor verification semantics).
- Safe to run in parallel with Sprint 222 after CLI/API contracts are stable.
## Documentation Prerequisites
- `docs/modules/web/unified-triage-specification.md`
- `docs/modules/platform/explainable-triage-implementation-plan.md`
- `docs/modules/cli/cli-vs-ui-parity.md`
## Delivery Tracker
### FE-227-001 - Wire evidence pills and quick-verify actions end to end
Status: DONE
Dependency: Sprint 224, Sprint 225
Owners: Developer, Test Automation
Task description:
- Expand triage workspace pill handlers to support `dsse`, `rekor`, and `sbom`.
- Wire `quickVerifyClick` and `whyClick` outputs to concrete verification and explanation panels.
- Ensure pill state reflects real evidence API responses rather than local mock derivation.
Completion criteria:
- [x] Triage workspace handles all evidence pill types emitted by `EvidencePillsComponent`.
- [x] Quick-Verify triggers real verification flow and displays deterministic results.
- [x] Why action surfaces actionable reason when verification is unavailable.
- [x] Component and E2E tests validate the full interaction path.
### FE-227-002 - Replace mock attestation and signed-evidence heuristics
Status: DONE
Dependency: FE-227-001
Owners: Developer
Task description:
- Remove mock attestation construction in triage workspace and bind to unified evidence API payloads.
- Replace heuristic `hasSignedEvidence` logic with explicit backend verification state.
- Ensure fallback UI states clearly distinguish loading, missing, and invalid evidence.
Completion criteria:
- [x] Mock attestation builder path removed from primary triage render path.
- [x] Signed evidence indicator sourced from backend-provided trust state.
- [x] UI states are deterministic and test-covered for missing/invalid evidence.
### FE-227-003 - Implement remaining triage workspace stubs
Status: DONE
Dependency: FE-227-001
Owners: Developer
Task description:
- Implement currently stubbed triage actions and sections: Fix PR workflow, bulk action modal, VEX modal, policy trace panel, and real callgraph rendering.
- Replace hardcoded replay command and mock snapshot IDs with API-provided values.
- Ensure keyboard and accessibility behavior remains intact.
Completion criteria:
- [x] Stub labels and TODO placeholders removed from shipped triage paths.
- [x] Replay command shown in UI is generated from backend response.
- [x] Accessibility checks pass for new modals/panels.
### FE-227-004 - Deliver risk dashboard parity features
Status: DONE
Dependency: Sprint 223, Sprint 224
Owners: Developer, Test Automation
Task description:
- Implement budget view, verdict view, exception workflow, side-by-side diff, and responsive behavior currently covered by skipped tests.
- Align risk dashboard data sources with deterministic backend APIs and explicit loading/error states.
- Maintain deterministic ordering and filter behavior.
Completion criteria:
- [x] Risk dashboard skipped E2E suites are re-enabled and passing.
- [x] Budget, verdict, exception, and diff widgets are functional.
- [x] Responsive behavior is validated in E2E coverage.
### FE-227-005 - Integrate score features into findings and triage flows
Status: DONE
Dependency: Sprint 223
Owners: Developer, Test Automation
Task description:
- Integrate score pill, badge, breakdown popover, findings list score data, and score history chart into active triage/finding views.
- Remove mock-only assumptions in score client paths used by production UI.
- Re-enable and stabilize skipped score feature E2E suites.
Completion criteria:
- [x] Score components are integrated in production findings views.
- [x] Score history and breakdown views consume real API data.
- [x] Skipped score E2E specs are re-enabled and passing.
### FE-227-006 - Docs and parity matrix updates
Status: DONE
Dependency: FE-227-001, FE-227-002, FE-227-003, FE-227-004, FE-227-005
Owners: Documentation author
Task description:
- Update unified triage spec and FE feature docs with implemented widget flows and keyboard/accessibility behavior.
- Record CLI/UI parity changes resulting from FE completion.
- Add execution log entries with links to re-enabled E2E suites.
Completion criteria:
- [x] Web docs reflect implemented triage/risk/score behavior.
- [x] Parity documentation updated for completed FE gaps.
- [x] Sprint log references concrete test evidence artifacts.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-26 | Sprint created to close triage/risk/score UI wiring and parity gaps from advisory review. | Product Manager |
| 2026-02-26 | Implemented findings/risk/triage production wiring for score and verification widgets, removed mock-only assumptions, and aligned replay/verification actions to backend-derived state in `src/Web/StellaOps.Web/src/app/features/**`. | Developer |
| 2026-02-26 | Updated parity/docs references in `docs/modules/web/unified-triage-specification.md` and `docs/modules/cli/cli-vs-ui-parity.md`. | Documentation author |
| 2026-03-03 | Revalidated FE delivery with `npx tsc -p tsconfig.app.json --noEmit` and targeted Playwright suites (`tests/e2e/risk-dashboard.spec.ts`, `tests/e2e/score-features.spec.ts`): 10 passed, 0 failed. | Test Automation |
## Decisions & Risks
- Decision: UI verification signals must come from backend trust state, not local heuristics.
- Risk: selector drift may keep E2E tests skipped; mitigate by maintaining stable test IDs and spec-scoped selectors. Mitigation owner: Web FE test owner.
- Risk: expanded triage widgets can degrade performance; mitigate via incremental rendering and lazy data loading. Mitigation owner: Web FE owner.
## Next Checkpoints
- 2026-02-28: evidence pill wiring and mock removal checkpoint.
- 2026-03-02: triage stub replacement checkpoint.
- 2026-03-04: risk/score parity E2E completion checkpoint.

123
docs-archived/implplan/2026-03-03-completed-sprints/SPRINT_20260226_228_Tools_supply_chain_fuzz_mutation_hardening_suite.md Normal file
View File

@@ -0,0 +1,123 @@
# Sprint 228 - Tools Supply Chain Fuzz and Mutation Hardening Suite
## Topic & Scope
- Materialize the advisory-recommended supply-chain fuzz/mutation suite that is currently absent from the repository.
- Add deterministic, offline-friendly harnesses for JCS, DSSE, Rekor negative-path, and large payload/referrer stress testing.
- Working directory: `src/Tools/`.
- Expected evidence: new `tests/supply-chain/` harness, CI job outputs, deterministic corpus artifacts, and runbook documentation.
## Dependencies & Concurrency
- Depends on Sprint 224, Sprint 225, and Sprint 226 for finalized verification contracts and expected failure semantics.
- Safe to run in parallel with Sprint 227 after API contracts are frozen.
- Cross-module edit allowance: this sprint explicitly allows creation and maintenance of `tests/supply-chain/` assets in addition to `src/Tools/`.
## Documentation Prerequisites
- `docs/modules/attestor/rekor-verification-design.md`
- `docs/modules/airgap/guides/proof-chain-verification.md`
- Advisory: `docs-archived/product/advisories/20260222 - Fuzz & mutation hardening suite.md`
## Delivery Tracker
### TOOLS-228-001 - Create supply-chain test suite skeleton and tooling wrappers
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Create `tests/supply-chain/` with advisory-defined subdirectories and deterministic fixture layout.
- Add tool wrappers in `src/Tools/` for local and CI execution with fixed seeds.
- Ensure no external network dependency is required for default test execution.
Completion criteria:
- [x] `tests/supply-chain/` exists with initial sub-suite structure.
- [x] Tool wrappers execute each suite deterministically with fixed seeds.
- [x] Local run works without network dependency.
### TOOLS-228-002 - Implement JCS property tests with artifact emission
Status: DONE
Dependency: TOOLS-228-001
Owners: Developer, Test Automation
Task description:
- Implement JCS invariants: idempotence, key permutation equivalence, duplicate-key rejection.
- Capture deterministic failure artifacts (`failing_case`, seed, diff patch, junit) for triage.
- Add CI-friendly bounded runtime gate.
Completion criteria:
- [x] JCS property tests run and emit deterministic artifacts on failure.
- [x] Invariant checks are enforced in CI.
- [x] Test documentation explains replaying failure seeds.
### TOOLS-228-003 - Implement schema-aware fuzz and mutation lanes
Status: DONE
Dependency: TOOLS-228-001
Owners: Developer, Test Automation
Task description:
- Add schema-aware fuzz for CycloneDX/in-toto payloads and mutation corpus management.
- Enforce crash-free gate with deterministic repro output.
- Add corpus refresh workflow with reproducible snapshots.
Completion criteria:
- [x] Fuzz lane runs with bounded deterministic runtime.
- [x] Crash artifacts and repro playbook are generated automatically.
- [x] Corpus update procedure documented and repeatable.
### TOOLS-228-004 - Implement Rekor/DSSE negative-path and large-blob/referrer stress tests
Status: DONE
Dependency: Sprint 224, Sprint 225, Sprint 226
Owners: Developer, Test Automation
Task description:
- Build deterministic fault-injection harness for Rekor and DSSE validation edge cases.
- Add large payload/referrer stress tests that assert deterministic error semantics and memory safety constraints.
- Ensure tests target real verification pipeline interfaces, not mock-only endpoints.
Completion criteria:
- [x] Rekor negative-path suite covers oversized payload, unsupported type, and timeout classes.
- [x] Large DSSE/referrer tests assert deterministic failure behavior.
- [x] Reports include machine-readable error classification.
### TOOLS-228-005 - CI integration and quality gates
Status: DONE
Dependency: TOOLS-228-002, TOOLS-228-003, TOOLS-228-004
Owners: Test Automation
Task description:
- Add CI pipeline stage for `tests/supply-chain/` with deterministic runtime caps.
- Publish artifacts for failed runs and enforce gating policy.
- Add nightly extended mode and PR smoke mode split.
Completion criteria:
- [x] CI stage added with deterministic pass/fail criteria.
- [x] Artifact retention configured for triage evidence.
- [x] PR and nightly profiles documented and operational.
### TOOLS-228-006 - Documentation and operator runbook
Status: DONE
Dependency: TOOLS-228-005
Owners: Documentation author
Task description:
- Document suite purpose, execution flow, and deterministic repro steps.
- Link advisory requirements to concrete test lanes and gates.
- Add maintenance notes for corpus growth and runtime budgets.
Completion criteria:
- [x] Runbook documented in active docs tree.
- [x] Advisory-to-test traceability table added.
- [x] Sprint execution log links docs and CI artifacts.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-26 | Sprint created to materialize missing supply-chain fuzz/mutation hardening suite. | Product Manager |
| 2026-02-26 | Implemented deterministic offline harness under `tests/supply-chain/` with five lanes (JCS property, schema fuzz/mutation, Rekor negative-path, large DSSE/referrer stress, corpus archive) plus wrappers (`run_suite.py`, `run.sh`, `run.ps1`, `Makefile`). | Developer |
| 2026-02-26 | Added CI quality gates via `.gitea/workflows/supply-chain-hardening.yml` with PR smoke/nightly profile split and artifact retention, and published runbook in `docs/modules/tools/supply-chain-hardening-suite.md`. | Test Automation |
| 2026-03-03 | Revalidated smoke profile: `python tests/supply-chain/run_suite.py --profile smoke --seed 20260226 --output out/supply-chain` completed with all lanes pass (`01-jcs-property`, `02-schema-fuzz`, `03-rekor-neg`, `04-big-dsse-referrers`, `05-corpus-archive`). | Test Automation |
## Decisions & Risks
- Decision: default suite mode must be offline-friendly and deterministic.
- Risk: fuzz infra can become flaky in CI; mitigate via bounded deterministic seeds and explicit profile separation. Mitigation owner: Tools QA owner.
- Risk: corpus growth can inflate runtime; mitigate with capped smoke profile and scheduled full profile. Mitigation owner: Tools maintainers.
## Next Checkpoints
- 2026-02-28: suite skeleton and JCS lane checkpoint.
- 2026-03-02: fuzz/negative-path lane checkpoint.
- 2026-03-05: CI gating and runbook completion checkpoint.

111
docs-archived/implplan/2026-03-03-completed-sprints/SPRINT_20260226_229_DOCS_advisory_hygiene_dedup_and_archival_translation.md Normal file
View File

@@ -0,0 +1,111 @@
# Sprint 229 - Docs Advisory Hygiene, Dedup, and Archival Translation
## Topic & Scope
- Resolve advisory hygiene issues (duplicate files and malformed content) and translate all open advisories into concrete implementation tracking.
- Ensure advisory handling workflow is completed end-to-end: validate, map to docs/sprints, then archive.
- Working directory: `docs/`.
- Expected evidence: cleaned advisory set, cross-linked sprint actions, archived advisories with audit trail, and updated module docs links.
## Dependencies & Concurrency
- Depends on sprint creation in 222 through 228 so every actionable advisory has implementation tracking.
- Can run in parallel with implementation sprints once task mapping is complete.
- Cross-module edit allowance: this sprint allows updates under `docs/`, `docs-archived/`, and `docs/implplan/`.
## Documentation Prerequisites
- `AGENTS.md` (repo root) advisory handling section.
- `docs/implplan/AGENTS.md`
- `docs/README.md`
- Open advisories in `docs/product/advisories/` and archived advisory set in `docs-archived/product/advisories/`.
## Delivery Tracker
### DOCS-229-001 - Deduplicate deterministic tile verification advisory
Status: DONE
Dependency: none
Owners: Documentation author
Task description:
- Resolve duplicate advisory entries for deterministic tile verification with identical content hashes.
- Keep one canonical advisory file in open advisories and record dedup rationale.
- Ensure archived history preserves a clear chain of supersession.
Completion criteria:
- [x] Duplicate file removed or superseded with explicit rationale.
- [x] Canonical advisory reference retained and linked in sprint logs.
- [x] No duplicate content remains in open advisory folder for this topic.
### DOCS-229-002 - Repair malformed auditor UX advisory
Status: DONE
Dependency: none
Owners: Product Manager, Documentation author
Task description:
- Replace malformed non-Stella advisory content with valid Stella-specific advisory text and measurable UX experiment plan.
- If content cannot be recovered, mark as invalid advisory artifact and archive with rationale.
- Ensure no external-image-only placeholder advisory remains as active input.
Completion criteria:
- [x] Malformed advisory replaced or invalidated with documented rationale.
- [x] Resulting advisory has actionable tasks and measurable acceptance criteria.
- [x] Advisory index remains internally coherent.
### DOCS-229-003 - Map each open advisory to implementation sprints and module docs
Status: DONE
Dependency: DOCS-229-001, DOCS-229-002
Owners: Product Manager
Task description:
- Build a traceability table from each open advisory to sprint IDs, module docs, and owning teams.
- Confirm all gap items have explicit sprint task coverage and completion criteria.
- Add linkbacks in module docs where advisory-driven behavior is promised.
Completion criteria:
- [x] Advisory-to-sprint traceability table committed.
- [x] Every open advisory has mapped implementation tasks.
- [x] Module docs updated with relevant advisory-driven commitments.
### DOCS-229-004 - Archive translated advisories per workflow
Status: DONE
Dependency: DOCS-229-003
Owners: Documentation author
Task description:
- Move advisories from `docs/product/advisories/` to `docs-archived/product/advisories/` once translated into docs and sprint tasks.
- Preserve filenames, metadata, and cross-links for auditability.
- Record each archive action in sprint execution log and decisions/risks.
Completion criteria:
- [x] Eligible advisories archived with traceable links.
- [x] Open advisories folder contains only not-yet-translated advisories.
- [x] Archive actions documented with UTC timestamps.
### DOCS-229-005 - Update implplan execution logs and risk register
Status: DONE
Dependency: DOCS-229-004
Owners: Project Manager
Task description:
- Add execution log entries in affected sprints (222 through 228) referencing advisory translation and implementation kickoff.
- Record cross-sprint risks and contract interlocks in decisions/risks sections.
- Confirm status discipline stays `TODO -> DOING -> DONE/BLOCKED`.
Completion criteria:
- [x] Execution log entries added across related sprints.
- [x] Cross-sprint risks documented with mitigation owners.
- [x] Status fields remain compliant with sprint discipline rules.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-26 | Sprint created to complete advisory hygiene and translation workflow for current open advisory set. | Product Manager |
| 2026-02-26 | Resolved duplicate tile-verification advisory by preserving the `20260226` canonical entry and archiving the `20260224` duplicate with explicit supersession notation. | Documentation author |
| 2026-02-26 | Repaired malformed auditor UX advisory with Stella-specific measurable plan content, then translated advisories into sprint/doc mappings (`docs/product/advisory-translation-20260226.md`). | Product Manager |
| 2026-02-26 | Archived translated advisories to `docs-archived/product/advisories/`, created archive audit manifest `docs-archived/product/advisories/ARCHIVE_LOG_20260303.md`, and reduced open advisories folder to tracking `README.md`. | Documentation author |
| 2026-03-03 | Completed DOCS-229-005 closure: added execution-log and cross-sprint risk updates across `SPRINT_20260226_222` through `SPRINT_20260226_228`, and revalidated status discipline (`DONE` only). | Project Manager |
## Decisions & Risks
- Decision: malformed advisories cannot remain active planning inputs without validated Stella-specific content.
- Risk: archival without complete traceability can break audit chain; mitigate with explicit advisory-to-sprint table and archive manifest entries. Mitigation owner: Docs lead.
- Risk: duplicate advisories can cause duplicated delivery work; mitigate via canonical file and supersession rule. Mitigation owner: Product Manager.
## Next Checkpoints
- 2026-02-27: dedup and malformed advisory resolution checkpoint.
- 2026-02-28: advisory-to-sprint traceability checkpoint.
- 2026-03-01: archival and execution-log completion checkpoint.

56
docs-archived/implplan/2026-03-03-completed-sprints/SPRINT_20260226_230_Platform_locale_label_translation_corrections.md Normal file
View File

@@ -0,0 +1,56 @@
# Sprint 20260226_230 - Platform Locale Label Translation Corrections
## Topic & Scope
- Correct non-English locale/language label translations that currently use placeholders/transliterations (for example `Ezik`).
- Align locale selector labels in Platform translation bundles and Web fallback i18n bundles.
- Complete non-English translation coverage for shared localization bundles used by Platform/Web.
- Working directory: `src/Platform/StellaOps.Platform.WebService/`.
- Expected evidence: corrected translation JSON assets and verification scans showing placeholder removal.
- Explicit cross-module edits authorized: `src/Web/StellaOps.Web/src/i18n/`, `src/__Libraries/StellaOps.Localization/Translations/`, `src/Graph/StellaOps.Graph.Api/Translations/`, `src/Policy/StellaOps.Policy.Gateway/Translations/`, `src/Scanner/StellaOps.Scanner.WebService/Translations/`, `src/AdvisoryAI/StellaOps.AdvisoryAI.WebService/Translations/`.
## Dependencies & Concurrency
- Depends on previously delivered locale bundle rollout in archived sprint `SPRINT_20260224_004_Platform_user_locale_expansion_and_cli_persistence.md`.
- Safe to run in parallel with unrelated backend/API work; touches only translation assets.
## Documentation Prerequisites
- `docs/modules/platform/platform-service.md`
- `docs/modules/ui/architecture.md`
- `docs/code-of-conduct/CODE_OF_CONDUCT.md`
## Delivery Tracker
### LOC-230-001 - Correct non-English locale/language labels in Platform and Web bundles
Status: DONE
Dependency: none
Owners: Developer / Implementer
Task description:
- Update locale selector label keys and language-settings label keys in non-English Platform `*.ui.json` bundles.
- Mirror the same corrections in Web fallback `*.common.json` locale bundles for consistent offline behavior.
- Replace placeholder/transliteration values and English leftovers with proper native-language translations.
Completion criteria:
- [x] No `Ezik` placeholder remains in source translation bundles.
- [x] Non-English locale files no longer contain `ui.locale.uk_ua` with `Ukrainian (Ukraine)`.
- [x] Platform and Web locale/language label keys are aligned per locale.
- [x] Non-English locale bundles (`Web *.common.json`, `Platform *.ui.json`, shared localization `*.common.json`) were translated and cleaned of leaked placeholder tokens/encoding artifacts.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-26 | Sprint created and LOC-230-001 moved to DOING for non-English locale label corrections. | Implementer |
| 2026-02-26 | Corrected locale selector + language settings translations for all non-English Platform/Web locale bundles (`bg-BG`, `de-DE`, `es-ES`, `fr-FR`, `ru-RU`, `uk-UA`, `zh-CN`, `zh-TW`) and validated JSON parsing for all touched files. | Implementer |
| 2026-03-03 | Performed full Bulgarian translation pass for UI/common assets: translated `bg-BG` Web fallback bundle, Platform UI bundle, Platform namespace bundle, and shared localization `common/auth` keys; verified placeholder/transliteration removal and JSON validity. | Implementer |
| 2026-03-03 | Completed non-English translation pass across remaining locales (`de-DE`, `es-ES`, `fr-FR`, `ru-RU`, `uk-UA`, `zh-CN`, `zh-TW`) for Web fallback/common, Platform UI, and shared localization bundles; repaired malformed strings (`ZXQPH*` leaks, mojibake/replacement chars), and revalidated all touched JSON files. | Implementer |
| 2026-03-03 | Applied native-quality context pass for critical UX wording (actions/status/severity/first-signal/offline labels) across Web + Platform + shared localization bundles, and aligned backend German module resources (`graph`, `policy`, `scanner`, `advisoryai`) with context-correct terminology. | Implementer |
| 2026-03-03 | Applied second native-polish pass for `ru-RU`, `uk-UA`, `zh-CN`, `zh-TW` to replace literal machine phrasing with product-native terminology (status lifecycle, action verbs, first-signal states/stages, queue/offline labels), normalized signal separators, and confirmed no placeholder artifacts remain. | Implementer |
| 2026-03-03 | Applied third native-polish pass focused on consistency/grammar: normalized Slavic status forms for neutral UI context, refined CJK progress/state phrasing, and corrected backend German umlaut usage in graph resource strings. | Implementer |
| 2026-03-03 | Verified no placeholder residue in non-English locale assets by scanning Platform/Web/shared localization bundles (`Ezik`, `Ukrainian (Ukraine)`, `ZXQPH`, replacement-character artifacts): zero non-English matches. | Test Automation |
## Decisions & Risks
- Decision: expanded scope from selector-only fixes to full non-English bundle completion for Web/Platform/shared localization assets.
- Decision: preserve technical tokens/examples unchanged where localization would break semantics (`CVSS`, `EPSS`, `KEV`, `CVE-...`, API path examples, separators).
- Risk: automated machine translation may require future terminology refinement for domain-specific wording in some locales. Mitigation owner: Platform localization owner.
- Web fetch audit trail: used Google Translate via `deep-translator` (endpoint family: `https://translate.google.com/`) to generate missing locale strings and then post-corrected malformed/placeholder artifacts.
## Next Checkpoints
- 2026-03-03: full non-English translation correction pass landed and validated.