stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 12 Releases Wiki Activity

feat: Add documentation and task tracking for Sprints 508 to 514 in Ops & Offline

Browse Source 
- Created detailed markdown files for Sprints 508 (Ops Offline Kit), 509 (Samples), 510 (AirGap), 511 (Api), 512 (Bench), 513 (Provenance), and 514 (Sovereign Crypto Enablement) outlining tasks, dependencies, and owners.
- Introduced a comprehensive Reachability Evidence Delivery Guide to streamline the reachability signal process.
- Implemented unit tests for Advisory AI to block known injection patterns and redact secrets.
- Added AuthoritySenderConstraintHelper to manage sender constraints in OpenIddict transactions.
This commit is contained in:
master
2025-11-08 23:18:28 +02:00
parent 536f6249a6
commit ae69b1a8a1
187 changed files with 4326 additions and 3196 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
docs/implplan/SPRINT_135_scanner_surface.md Normal file
View File

@@ -0,0 +1,24 @@
# Sprint 135 - Scanner & Surface
Implementation order remains sequential across Sprint 130139. Complete each sprint in order before pulling tasks from the next file.
## 6. Scanner.VI — Scanner & Surface focus on Scanner (phase VI).
Dependency: Sprint 134 - 5. Scanner.V — Scanner & Surface focus on Scanner (phase V).
| Task ID | State | Summary | Owner / Source | Depends On |
| --- | --- | --- | --- | --- |
| `SCANNER-ANALYZERS-PYTHON-23-012` | TODO | Container/zipapp adapter enhancements: parse OCI layers for Python runtime, detect `PYTHONPATH`/`PYTHONHOME` env, record warnings for sitecustomize/startup hooks. | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python/TASKS.md) | SCANNER-ANALYZERS-PYTHON-23-011 |
| `SCANNER-ANALYZERS-RUBY-28-001` | TODO | Build input normalizer & VFS for Ruby projects: merge source trees, Gemfile/Gemfile.lock, vendor/bundle, .gem archives, `.bundle/config`, Rack configs, containers. Detect framework/job fingerprints deterministically. | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby/TASKS.md) | — |
| `SCANNER-ANALYZERS-RUBY-28-002` | TODO | Gem & Bundler analyzer: parse Gemfile/Gemfile.lock, vendor specs, .gem archives, produce package nodes (PURLs), dependency edges, bin scripts, Bundler group metadata. | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby/TASKS.md) | SCANNER-ANALYZERS-RUBY-28-001 |
| `SCANNER-ANALYZERS-RUBY-28-003` | TODO | Require/autoload graph builder: resolve static/dynamic require, require_relative, load; infer Zeitwerk autoload paths and Rack boot chain. | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby/TASKS.md) | SCANNER-ANALYZERS-RUBY-28-002 |
| `SCANNER-ANALYZERS-RUBY-28-004` | TODO | Framework surface mapper: extract routes/controllers/middleware for Rails/Rack/Sinatra/Grape/Hanami; inventory jobs/schedulers (Sidekiq, Resque, ActiveJob, whenever, clockwork). | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby/TASKS.md) | SCANNER-ANALYZERS-RUBY-28-003 |
| `SCANNER-ANALYZERS-RUBY-28-005` | TODO | Capability analyzer: detect os-exec, filesystem, network, serialization, crypto, DB usage, TLS posture, dynamic eval; record evidence snippets with file/line. | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby/TASKS.md) | SCANNER-ANALYZERS-RUBY-28-004 |
| `SCANNER-ANALYZERS-RUBY-28-006` | TODO | Rake task & scheduler analyzer: parse Rakefiles/lib/tasks, capture task names/prereqs/shell commands; parse Sidekiq/whenever/clockwork configs into schedules. | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby/TASKS.md) | SCANNER-ANALYZERS-RUBY-28-005 |
| `SCANNER-ANALYZERS-RUBY-28-007` | TODO | Container/runtime scanner: detect Ruby version, installed gems, native extensions, web server configs in OCI layers. | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby/TASKS.md) | SCANNER-ANALYZERS-RUBY-28-006 |
| `SCANNER-ANALYZERS-RUBY-28-008` | TODO | Produce AOC-compliant observations: entrypoints, packages, modules, edges (require/autoload), routes, jobs, tasks, capabilities, configs, warnings. | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby/TASKS.md) | SCANNER-ANALYZERS-RUBY-28-007 |
| `SCANNER-ANALYZERS-RUBY-28-009` | TODO | Fixture suite + performance benchmarks (Rails, Rack, Sinatra, Sidekiq, legacy, .gem, container) with golden outputs. | Ruby Analyzer Guild, QA Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby/TASKS.md) | SCANNER-ANALYZERS-RUBY-28-008 |
| `SCANNER-ANALYZERS-RUBY-28-010` | TODO | Optional runtime evidence integration (if provided logs/metrics) with path hashing, without altering static precedence. | Ruby Analyzer Guild, Signals Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby/TASKS.md) | SCANNER-ANALYZERS-RUBY-28-009 |
| `SCANNER-ANALYZERS-RUBY-28-011` | TODO | Package analyzer plug-in, add CLI (`stella ruby inspect`), refresh Offline Kit documentation. | Ruby Analyzer Guild, DevOps Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby/TASKS.md) | SCANNER-ANALYZERS-RUBY-28-010 |
| `SCANNER-ANALYZERS-RUBY-28-012` | TODO | Policy signal emitter: rubygems drift, native extension flags, dangerous constructs counts, TLS verify posture, dynamic require eval warnings. | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby/TASKS.md) | SCANNER-ANALYZERS-RUBY-28-011 |
| `SCANNER-ENTRYTRACE-18-502` | TODO | Expand chain walker with init shim/user-switch/supervisor recognition plus env/workdir accumulation and guarded edges. | EntryTrace Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/TASKS.md) | SCANNER-ENTRYTRACE-18-508 |
| `SCANNER-ENTRYTRACE-18-503` | TODO | Introduce target classifier + EntryPlan handoff with confidence scoring for ELF/Java/.NET/Node/Python and user/workdir context. | EntryTrace Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/TASKS.md) | SCANNER-ENTRYTRACE-18-502 |