stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

audit remarks work

Browse Source
This commit is contained in:
master
2025-12-30 16:10:34 +02:00
parent e6ee092c7a
commit c706b3d3e0
72 changed files with 9997 additions and 5323 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
docs/modules/findings-ledger/README.md
View File

@@ -11,6 +11,7 @@ Immutable, append-only event ledger for tracking vulnerability findings, policy
## Quick links
- FL1FL10 remediation tracker: `gaps-FL1-FL10.md`
- Implementation plan: `implementation_plan.md`
- Schema catalog (events/projections/exports): `schema-catalog.md`
- Merkle & external anchor policy: `merkle-anchor-policy.md`
- Tenant isolation & redaction manifest: `tenant-isolation-redaction.md`

33
docs/modules/findings-ledger/implementation_plan.md Normal file
View File

@@ -0,0 +1,33 @@
# Findings Ledger Implementation Plan
## Purpose
Define the delivery plan for the Findings Ledger service, replay harness, observability, and air-gap provenance so audits can verify deterministic state reconstruction.
## Active work
- No active sprint tracked here yet. Use `docs/modules/findings-ledger/gaps-FL1-FL10.md` for remediation tracking.
## Near-term deliverables
- Observability baselines: metrics, logs, traces, dashboards, and alert rules per `docs/modules/findings-ledger/observability.md`.
- Determinism harness: replay CLI, fixtures, and signed reports per `docs/modules/findings-ledger/replay-harness.md`.
- Deployment collateral: Compose/Helm overlays, migrations, and backup/restore runbooks per `docs/modules/findings-ledger/deployment.md`.
- Provenance extensions: air-gap bundle metadata, staleness enforcement, and sealed-mode timeline entries per `docs/modules/findings-ledger/airgap-provenance.md`.
## Dependencies
- Observability schema approval for metrics and dashboards.
- Orchestrator export schema freeze for provenance linkage.
- QA lab capacity for >=5M findings/tenant replay harness.
- DevOps review of Compose/Helm overlays and offline kit packaging.
## Evidence of completion
- `src/Findings/StellaOps.Findings.Ledger` and `src/Findings/tools/LedgerReplayHarness` updated with deterministic behavior and tests.
- Replay harness reports (`harness-report.json` + DSSE) stored under approved offline kit locations.
- Dashboard JSON and alert rules committed under `offline/telemetry/dashboards/ledger` or `ops/devops/findings-ledger/**`.
- Deployment and backup guidance validated against `docs/modules/findings-ledger/deployment.md`.
## Reference docs
- `docs/modules/findings-ledger/schema.md`
- `docs/modules/findings-ledger/replay-harness.md`
- `docs/modules/findings-ledger/observability.md`
- `docs/modules/findings-ledger/deployment.md`
- `docs/modules/findings-ledger/airgap-provenance.md`
- `docs/modules/findings-ledger/workflow-inference.md`