stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

feat: Add documentation and task tracking for Sprints 508 to 514 in Ops & Offline

Browse Source 
- Created detailed markdown files for Sprints 508 (Ops Offline Kit), 509 (Samples), 510 (AirGap), 511 (Api), 512 (Bench), 513 (Provenance), and 514 (Sovereign Crypto Enablement) outlining tasks, dependencies, and owners.
- Introduced a comprehensive Reachability Evidence Delivery Guide to streamline the reachability signal process.
- Implemented unit tests for Advisory AI to block known injection patterns and redact secrets.
- Added AuthoritySenderConstraintHelper to manage sender constraints in OpenIddict transactions.
This commit is contained in:
master
2025-11-08 23:18:28 +02:00
parent 536f6249a6
commit ae69b1a8a1
187 changed files with 4326 additions and 3196 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
docs/implplan/SPRINT_123_excititor_v.md Normal file
View File

@@ -0,0 +1,24 @@
# Sprint 123 - Ingestion & Evidence · 110.C) Excititor.V
Active items only. Completed/historic work now resides in docs/implplan/archived_sprints_tasks.md (updated 2025-11-08).
[Ingestion & Evidence] 110.C) Excititor.V
Depends on: Sprint 110.C - Excititor.IV
Summary: Ingestion & Evidence focus on Excititor (phase V).
Task ID | State | Task description | Owners (Source)
--- | --- | --- | ---
EXCITITOR-RISK-67-001 `Explainability metadata` | TODO | Include VEX justification, status reasoning, and source digests in explainability artifacts. Dependencies: EXCITITOR-RISK-66-002. | Excititor Core Guild (src/Excititor/__Libraries/StellaOps.Excititor.Core/TASKS.md)
EXCITITOR-RISK-68-001 `Policy Studio integration` | TODO | Surface VEX-specific gates/weights within profile editor UI and validation messages. Dependencies: EXCITITOR-RISK-67-001. | Excititor Core Guild, Policy Studio Guild (src/Excititor/__Libraries/StellaOps.Excititor.Core/TASKS.md)
EXCITITOR-SIG-26-001 `Vendor exploitability hints` | TODO | Surface vendor-provided exploitability indicators and affected symbol lists to Signals service via projection endpoints. | Excititor Core Guild, Signals Guild (src/Excititor/__Libraries/StellaOps.Excititor.Core/TASKS.md)
EXCITITOR-STORE-AOC-19-001 `vex_raw schema validator` | TODO | Define Mongo JSON schema for `vex_raw` enforcing required fields and forbidding derived/consensus/severity fields. Ship unit tests with Mongo2Go to validate rejects. | Excititor Storage Guild (src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo/TASKS.md)
EXCITITOR-STORE-AOC-19-002 `idempotency unique index` | TODO | Create `(source.vendor, upstream.upstream_id, upstream.content_hash, tenant)` unique index with backfill checker, updating migrations + bootstrapper for offline installs. Dependencies: EXCITITOR-STORE-AOC-19-001. | Excititor Storage Guild (src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo/TASKS.md)
EXCITITOR-STORE-AOC-19-003 `append-only migration plan` | TODO | Migrate legacy consensus collections to `_backup_*`, seed supersedes chain for raw docs, and document rollback path + dry-run verification. Dependencies: EXCITITOR-STORE-AOC-19-002. | Excititor Storage Guild (src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo/TASKS.md)
EXCITITOR-STORE-AOC-19-004 `validator deployment docset` | TODO | Update migration runbooks and Offline Kit packaging to bundle schema validator scripts, with smoke instructions for air-gapped clusters. Dependencies: EXCITITOR-STORE-AOC-19-003. | Excititor Storage Guild, DevOps Guild (src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo/TASKS.md)
EXCITITOR-TEN-48-001 `Tenant-aware VEX linking` | TODO | Apply tenant context to VEX linkers, enable RLS, and expose capability endpoint confirming aggregation-only behavior. | Excititor Core Guild (src/Excititor/__Libraries/StellaOps.Excititor.Core/TASKS.md)
EXCITITOR-VEXLENS-30-001 `VEX evidence enrichers` | TODO | Include issuer hints, signatures, and product trees in evidence payloads for VEX Lens; Label: VEX-Lens. | Excititor WebService Guild, VEX Lens Guild (src/Excititor/StellaOps.Excititor.WebService/TASKS.md)
EXCITITOR-VULN-29-001 `VEX key canonicalization` | TODO | Canonicalize (lossless) VEX advisory/product keys (map to `advisory_key`, capture product scopes); expose original sources in `links[]`; AOC-compliant: no merge, no derived fields, no suppression; backfill existing records. | Excititor WebService Guild (src/Excititor/StellaOps.Excititor.WebService/TASKS.md)
EXCITITOR-VULN-29-002 `Evidence retrieval` | TODO | Provide `/vuln/evidence/vex/{advisory_key}` returning raw VEX statements filtered by tenant/product scope for Explorer evidence tabs. Dependencies: EXCITITOR-VULN-29-001. | Excititor WebService Guild (src/Excititor/StellaOps.Excititor.WebService/TASKS.md)
EXCITITOR-VULN-29-004 `Observability` | TODO | Add metrics/logs for VEX normalization, suppression scopes, withdrawn statements; emit events consumed by Vuln Explorer resolver. Dependencies: EXCITITOR-VULN-29-002. | Excititor WebService Guild, Observability Guild (src/Excititor/StellaOps.Excititor.WebService/TASKS.md)
EXCITITOR-WEB-AIRGAP-56-001 | TODO | Support mirror bundle registration via APIs, expose bundle provenance in VEX responses, and block external connectors in sealed mode. | Excititor WebService Guild (src/Excititor/StellaOps.Excititor.WebService/TASKS.md)
EXCITITOR-WEB-AIRGAP-56-002 | TODO | Return VEX staleness metrics and time anchor info in API responses for Console/CLI use. Dependencies: EXCITITOR-WEB-AIRGAP-56-001. | Excititor WebService Guild, AirGap Time Guild (src/Excititor/StellaOps.Excititor.WebService/TASKS.md)
EXCITITOR-WEB-AIRGAP-57-001 | TODO | Map sealed-mode violations to standardized error payload with remediation guidance. Dependencies: EXCITITOR-WEB-AIRGAP-56-002. | Excititor WebService Guild, AirGap Policy Guild (src/Excititor/StellaOps.Excititor.WebService/TASKS.md)