stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity

feat: Add documentation and task tracking for Sprints 508 to 514 in Ops & Offline

Browse Source 
- Created detailed markdown files for Sprints 508 (Ops Offline Kit), 509 (Samples), 510 (AirGap), 511 (Api), 512 (Bench), 513 (Provenance), and 514 (Sovereign Crypto Enablement) outlining tasks, dependencies, and owners.
- Introduced a comprehensive Reachability Evidence Delivery Guide to streamline the reachability signal process.
- Implemented unit tests for Advisory AI to block known injection patterns and redact secrets.
- Added AuthoritySenderConstraintHelper to manage sender constraints in OpenIddict transactions.
This commit is contained in:
master
2025-11-08 23:18:28 +02:00
parent 536f6249a6
commit ae69b1a8a1
187 changed files with 4326 additions and 3196 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
docs/implplan/SPRINT_123_policy_reasoning.md Normal file
View File

@@ -0,0 +1,27 @@
# Sprint 123 - Policy & Reasoning
_Last updated: November 8, 2025. Implementation order is DOING → TODO → BLOCKED._
Focus areas below were split out of the previous combined sprint; execute sections in order unless noted.
## Policy.I
Dependency: Sprint 110.A - AdvisoryAI (must land before this track).
Focus: Policy & Reasoning focus on Policy (phase I).
| # | Task ID & handle | State | Key dependency / next step | Owners |
| --- | --- | --- | --- | --- |
| 1 | EXPORT-CONSOLE-23-001 | TODO | Build evidence bundle/export generator producing signed manifests, CSV/JSON replay endpoints, and trace attachments; integrate with scheduler jobs and expose progress telemetry | Policy Guild, Scheduler Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md |
| 2 | POLICY-AIRGAP-56-001 | TODO | Support policy pack imports from Mirror Bundles, track `bundle_id` metadata, and ensure deterministic caching | Policy Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md |
| 3 | POLICY-AIRGAP-56-002 | TODO | Export policy sub-bundles (`stella policy bundle export`) with DSSE signatures for outbound transfer (Deps: POLICY-AIRGAP-56-001) | Policy Guild, Policy Studio Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md |
| 4 | POLICY-AIRGAP-57-001 | TODO | Enforce sealed-mode guardrails in evaluation (no outbound fetch), surface `AIRGAP_EGRESS_BLOCKED` errors with remediation (Deps: POLICY-AIRGAP-56-002) | Policy Guild, AirGap Policy Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md |
| 5 | POLICY-AIRGAP-57-002 | TODO | Annotate rule explanations with staleness information and fallback data (cached EPSS, vendor risk) (Deps: POLICY-AIRGAP-57-001) | Policy Guild, AirGap Time Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md |
| 6 | POLICY-AIRGAP-58-001 | TODO | Emit notifications when policy packs near staleness thresholds or missing required bundles (Deps: POLICY-AIRGAP-57-002) | Policy Guild, Notifications Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md |
| 7 | POLICY-AOC-19-001 | TODO | Add Roslyn/CI lint preventing ingestion projects from referencing Policy merge/severity helpers; block forbidden writes at compile time | Policy Guild / src/Policy/__Libraries/StellaOps.Policy/TASKS.md |
| 8 | POLICY-AOC-19-002 | TODO | Enforce `effective_finding_*` write gate ensuring only Policy Engine identity can create/update materializations (Deps: POLICY-AOC-19-001) | Policy Guild, Platform Security / src/Policy/__Libraries/StellaOps.Policy/TASKS.md |
| 9 | POLICY-AOC-19-003 | TODO | Update readers/processors to consume only `content.raw`, `identifiers`, and `linkset`. Remove dependencies on legacy normalized fields and refresh fixtures (Deps: POLICY-AOC-19-002) | Policy Guild / src/Policy/__Libraries/StellaOps.Policy/TASKS.md |
| 10 | POLICY-AOC-19-004 | TODO | Add regression tests ensuring policy derived outputs remain deterministic when ingesting revised raw docs (supersedes) and when violations occur (Deps: POLICY-AOC-19-003) | Policy Guild, QA Guild / src/Policy/__Libraries/StellaOps.Policy/TASKS.md |
| 11 | POLICY-ATTEST-73-001 | TODO | Introduce VerificationPolicy object: schema, persistence, versioning, and lifecycle | Policy Guild, Attestor Service Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md |
| 12 | POLICY-ATTEST-73-002 | TODO | Provide Policy Studio editor with validation, dry-run simulation, and version diff (Deps: POLICY-ATTEST-73-001) | Policy Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md |
| 13 | POLICY-ATTEST-74-001 | TODO | Integrate verification policies into attestor verification pipeline with caching and waiver support (Deps: POLICY-ATTEST-73-002) | Policy Guild, Attestor Service Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md |
| 14 | POLICY-ATTEST-74-002 | TODO | Surface policy evaluations in Console verification reports with rule explanations (Deps: POLICY-ATTEST-74-001) | Policy Guild, Console Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md |
| 15 | POLICY-CONSOLE-23-001 | TODO | Optimize findings/explain APIs for Console: cursor-based pagination at scale, global filter parameters (severity bands, policy version, time window), rule trace summarization, and aggregation hints for dashboard cards. Ensure deterministic ordering and expose provenance refs | Policy Guild, BE-Base Platform Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md |