stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

docs(implplan): AUDIT-002 decoration count crosses 468 call sites

Browse Source 
Sprint SPRINT_20260408_004. Execution log entry for the SbomService
backfill + Notifier wave E coverage extensions.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
master
2026-04-20 00:59:02 +03:00
parent 843d545448
commit bf4a5fee54
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
docs/implplan/SPRINT_20260408_004_Timeline_unified_audit_sink.md
View File

@@ -255,6 +255,7 @@ Completion criteria:
| 2026-04-08 | AUDIT-001 implemented: created 20260408_003_unified_audit_events.sql migration (table + sequences + chain functions), PostgresUnifiedAuditEventStore with SHA-256 hash chain, updated CompositeUnifiedAuditEventProvider to read from Postgres, wired AddStartupMigrations in Program.cs. Build passes with 0 errors. | Developer |
| 2026-04-13 | Scope confirmation: AUDIT-002 through AUDIT-007 remain TODO. Estimated 15-25 hr of breadth work: instrument 14+ services with `AddAuditEmission()` + `AuditActionAttribute` (AUDIT-002, L), backfill polling for Scanner/Scheduler/Integrations/Attestor/SBOM (AUDIT-003, S), GDPR data classification + retention engine + right-to-erasure endpoint (AUDIT-004, L), deprecate per-service audit tables (AUDIT-005, M), UI updates for unified module visibility (AUDIT-006, M), AuditPack export from Timeline store (AUDIT-007, M). Sprint stays active; too large for a single session. Note: Migration `20260408_003_unified_audit_events.sql` was renumbered to `003_unified_audit_events.sql` in commit `4a8e2758c`. | Planning |
| 2026-04-19 | AUDIT-002 first criterion DONE: `AddAuditEmission()` now called in all 14 priority services listed in the delivery tracker. Two commits. Wave A (commit `b2b0c905b`) wired Concelier, Excititor, SbomService, Graph.Api, BinaryIndex, Policy.Gateway, Notifier. Wave B (commit `981f4459a`) added Gateway, Registry.TokenService, PacksRegistry, IssuerDirectory, ExportCenter (bonus beyond the priority list). All 12 projects build clean. Remaining sub-work under AUDIT-002: endpoint-level `AuditActionAttribute` decoration across write endpoints (separate wave, to track per-module) and runtime verification of events arriving at `/api/v1/audit/events`. Sprint task flipped TODO → DOING. | Codex |
| 2026-04-20 | AUDIT-002 decoration coverage extended to ~468 `.Audited()` call sites across the codebase. SbomService internal backfill/retention/watermark routes (commit `032f3272f`) and Notifier rules/templates/security/incident endpoints (commit `843d54544`) closed the highest-value remaining gaps. Read-like routes intentionally left undecorated to keep audit signal-to-noise ratio high. | Codex |
| 2026-04-19 | AUDIT-002 second criterion DONE (first-pass): 26+ new write endpoints decorated with `AuditActionAttribute` via the `.Audited()` helper across 6 services. Wave C (commit `4cbe58fc8`) — Graph.Api (builds/overlays/saved-views, 4 endpoints), SbomService (upload/entrypoints/orchestrator sources+control, 4 endpoints), Policy.Gateway ExceptionApproval (create/approve/reject/cancel, 4 endpoints), Notifier Escalation (policy CRUD + schedule CRUD + incident start/escalate/stop, 9 endpoints). Wave D (commit `6c3ebff9d`) — Concelier.WebService (mirror mgmt + source mgmt, 13 endpoints) and Excititor (VEX candidate approve/reject + ingest + airgap import, 4 endpoints). Pre-existing decoration in Authority (31), Scanner (55), Policy.Engine (55), Notify (31), JobEngine (11), Integrations (7), AdvisoryAI (8), EvidenceLocker (7), Attestor (full) remains intact — total `.Audited()` count across codebase ≈ 240+. Remaining: runtime verification (need a running Timeline + emission smoke test), startup-time regression check, and AuditActionAttribute on remaining untouched endpoints (Authority admin surface, SbomService internal backfill routes) — lower priority given emission fires the generic `auto` action when no attribute is present. | Codex |
| 2026-04-19 | AUDIT-004 core DONE. Migration 005 adds `data_classification` / `compliance_hold` / `pii_redacted_at` columns to `timeline.unified_audit_events`, seeds a per-classification retention policy table (`timeline.audit_retention_policies`, platform defaults 365d/365d/730d/2555d), and installs three functions (`resolve_audit_retention_days`, `purge_expired_audit_events`, `redact_actor_pii`). `AuditDataClassifier` (16/16 unit tests passing) classifies events at ingest using a strict ladder — restricted > sensitive > personal > none. `PostgresUnifiedAuditEventStore.RedactActorPiiAsync` + the new `DELETE /api/v1/audit/actors/{actorId}/pii` endpoint (scoped to `Timeline.Admin`, backed by `timeline:admin`) expose GDPR Art. 17 right-to-erasure. `AuditRetentionPurgeService` background host runs the purge function every 6h per tenant (configurable via `AuditRetentionPurge` section, supports dry-run). Remaining sub-tasks: dossier at `docs/modules/timeline/audit-retention.md` and Doctor `AuditReadinessCheck` update — both deferred. | Codex |