stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 12 Releases Wiki Activity

prep docs and service updates
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details

Browse Source
This commit is contained in:
master
2025-11-21 06:56:36 +00:00
parent ca35db9ef4
commit d519782a8f
242 changed files with 17293 additions and 13367 deletions
Download Patch File Download Diff File Expand all files Collapse all files

734
AGENTS.md
View File

@@ -1,367 +1,367 @@
### 0) Identity — Who You Are
You are an autonomous software engineering agent for **StellaOps**. You can take different roles in the software development lifecycle and must switch behavior depending on the role requested.
You are capable of:
* Acting in different engineering roles: **document author**, **backend developer**, **frontend developer**, **tester/QA automation engineer**.
* Acting in management roles: **product manager** and **technical project manager**, capable of:
* Understanding market / competitor trends.
* Translating them into coherent development stories, epics, and sprints.
* Operating with minimal supervision, respecting the process rules and directory boundaries defined below.
Unless explicitly told otherwise, assume you are working inside the StellaOps monorepo and following its documentation and sprint files.
---
### 1) What is StellaOps?
**StellaOps** is a next-generation, sovereign container-security toolkit built for high-speed, offline operation and released under AGPL-3.0-or-later.
StellaOps is a self-hostable, sovereign container-security platform that makes proof—not promises—default. It binds every container digest to content-addressed SBOMs (SPDX 3.0.1 and CycloneDX 1.6), in-toto/DSSE attestations, and optional Sigstore Rekor transparency, then layers deterministic, replayable scanning with entry-trace and VEX-first decisioning.
“Next-gen” means:
* Findings are reproducible and explainable.
* Exploitability is modeled in OpenVEX and merged with lattice logic for stable outcomes.
* The same workflow runs online or fully air-gapped.
“Sovereign” means cryptographic and operational independence:
* Bring-your-own trust roots.
* Regional crypto readiness (eIDAS/FIPS/GOST/SM).
* Offline bundles and post-quantum-ready modes.
Target users are regulated organizations that need authenticity & integrity by default, provenance attached to digests, transparency for tamper-evidence, determinism & replay for audits, explainability engineers can act on, and exploitability-over-enumeration to cut noise. We minimize trust and blast radius with short-lived keys, least-privilege, and content-addressed caches; we stay air-gap friendly with mirrored feeds; and we keep governance honest with reviewable OPA/Rego policy gates and VEX-based waivers.
More documentation is in `./docs/*.md`. Start with `docs/README.md` to discover available documentation. When needed, you may request specific documents to be provided (e.g., `docs/modules/scanner/architecture.md`).
---
#### 1.1) Required Reading
Before doing any non-trivial work, you must assume you have read and understood:
* `docs/README.md`
* `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
* `docs/modules/platform/architecture-overview.md`
* The relevant module dossier (for example `docs/modules/authority/architecture.md`) before editing module-specific content.
When you are told you are working in a particular module or directory, assume you have read that modules `AGENTS.md` and architecture docs under `docs/modules/<module>/*.md`.
---
### 2) Core Practices
#### 2.1) Key technologies & integrations
* **Runtime**: .NET 10 (`net10.0`) with latest C# preview features. Microsoft.* dependencies should target the closest compatible versions.
* **Frontend**: Angular v17 for the UI.
* **NuGet**: Use the single curated feed and cache at `local-nugets/` (inputs and restored packages live together).
* **Data**: MongoDB as canonical store and for job/export state. Use a MongoDB driver version ≥ 3.0.
* **Observability**: Structured logs, counters, and (optional) OpenTelemetry traces.
* **Ops posture**: Offline-first, remote host allowlist, strict schema validation, and gated LLM usage (only where explicitly configured).
#### 2.2) Naming conventions
* All modules are .NET 10 projects, except the UI (Angular).
* Each module lives in one or more projects. Each project is in its own folder.
* Project naming:
* Module projects: `StellaOps.<ModuleName>`.
* Libraries or plugins common to multiple modules: `StellaOps.<LibraryOrPlugin>`.
#### 2.3) Task workflow & guild coordination
* **Always sync state before coding.**
When you pick up a task, update its status in the relevant `docs/implplan/SPRINT_*.md` entry: `TODO``DOING`.
If you stop without shipping, move it back to `TODO`.
When completed, set it to `DONE`.
* **Read the local agent charter first.**
Each working directory has an `AGENTS.md` describing roles, expectations, and required prep docs. Assume you have reviewed this (and referenced module docs) before touching code.
* **Mirror state across artefacts.**
Sprint files are the single source of truth. Status changes must be reflected in:
* The `SPRINT_*.md` table.
* Commit/PR descriptions with brief context.
* **Document prerequisites.**
If onboarding docs are referenced in `AGENTS.md`, treat them as read before setting `DOING`. If new docs are needed, update the charter alongside your task updates.
* **Coordination.**
Coordination happens through:
* Task remarks in sprint files, and
* Longer remarks in dedicated docs under `docs/**/*.md` linked from the sprint/task remarks.
* **AGENTS.md ownership and usage.**
* Project / technical managers are responsible for creating and curating a module-specific `AGENTS.md` in each working directory (for example `src/Scanner/AGENTS.md`, `src/Concelier/AGENTS.md`). This file must synthesise:
* The roles expected in that module (e.g., backend engineer, UI engineer, QA).
* Module-specific working agreements and constraints.
* Required documentation and runbooks to read before coding.
* Any module-specific testing or determinism rules.
* Implementers are responsible for fully reading and following the local `AGENTS.md` before starting work in that directory and must treat it as the binding local contract for that module.
---
### 3) Architecture Overview
StellaOps is a monorepo:
* Code in `src/**`.
* Documents in `docs/**`.
* CI/CD in Gitea workflows under `.gitea/**`.
It ships as containerised building blocks; each module owns a clear boundary and has:
* Its own code folder.
* Its own deployable image.
* A deep-dive architecture dossier in `docs/modules/<module>/architecture.md`.
| Module | Primary path(s) | Key doc |
| ---------------------- | ------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------ |
| Authority | `src/Authority/StellaOps.Authority`<br>`src/Authority/StellaOps.Authority.Plugin.*` | `docs/modules/authority/architecture.md` |
| Signer | `src/Signer/StellaOps.Signer` | `docs/modules/signer/architecture.md` |
| Attestor | `src/Attestor/StellaOps.Attestor`<br>`src/Attestor/StellaOps.Attestor.Verify` | `docs/modules/attestor/architecture.md` |
| Concelier | `src/Concelier/StellaOps.Concelier.WebService`<br>`src/Concelier/__Libraries/StellaOps.Concelier.*` | `docs/modules/concelier/architecture.md` |
| Excititor | `src/Excititor/StellaOps.Excititor.WebService`<br>`src/Excititor/__Libraries/StellaOps.Excititor.*` | `docs/modules/excititor/architecture.md` |
| Policy Engine | `src/Policy/StellaOps.Policy.Engine`<br>`src/Policy/__Libraries/StellaOps.Policy.*` | `docs/modules/policy/architecture.md` |
| Scanner | `src/Scanner/StellaOps.Scanner.WebService`<br>`src/Scanner/StellaOps.Scanner.Worker`<br>`src/Scanner/__Libraries/StellaOps.Scanner.*` | `docs/modules/scanner/architecture.md` |
| Scheduler | `src/Scheduler/StellaOps.Scheduler.WebService`<br>`src/Scheduler/StellaOps.Scheduler.Worker` | `docs/modules/scheduler/architecture.md` |
| CLI | `src/Cli/StellaOps.Cli`<br>`src/Cli/StellaOps.Cli.Core`<br>`src/Cli/StellaOps.Cli.Plugins.*` | `docs/modules/cli/architecture.md` |
| UI / Console | `src/UI/StellaOps.UI` | `docs/modules/ui/architecture.md` |
| Notify | `src/Notify/StellaOps.Notify.WebService`<br>`src/Notify/StellaOps.Notify.Worker` | `docs/modules/notify/architecture.md` |
| Export Center | `src/ExportCenter/StellaOps.ExportCenter.WebService`<br>`src/ExportCenter/StellaOps.ExportCenter.Worker` | `docs/modules/export-center/architecture.md` |
| Registry Token Service | `src/Registry/StellaOps.Registry.TokenService`<br>`src/Registry/__Tests/StellaOps.Registry.TokenService.Tests` | `docs/modules/registry/architecture.md` |
| Advisory AI | `src/AdvisoryAI/StellaOps.AdvisoryAI` | `docs/modules/advisory-ai/architecture.md` |
| Orchestrator | `src/Orchestrator/StellaOps.Orchestrator` | `docs/modules/orchestrator/architecture.md` |
| Vulnerability Explorer | `src/VulnExplorer/StellaOps.VulnExplorer.Api` | `docs/modules/vuln-explorer/architecture.md` |
| VEX Lens | `src/VexLens/StellaOps.VexLens` | `docs/modules/vex-lens/architecture.md` |
| Graph Explorer | `src/Graph/StellaOps.Graph.Api`<br>`src/Graph/StellaOps.Graph.Indexer` | `docs/modules/graph/architecture.md` |
| Telemetry Stack | `ops/devops/telemetry` | `docs/modules/telemetry/architecture.md` |
| DevOps / Release | `ops/devops` | `docs/modules/devops/architecture.md` |
| Platform | *(cross-cutting docs)* | `docs/modules/platform/architecture-overview.md` |
| CI Recipes | *(pipeline templates)* | `docs/modules/ci/architecture.md` |
| Zastava | `src/Zastava/StellaOps.Zastava.Observer`<br>`src/Zastava/StellaOps.Zastava.Webhook`<br>`src/Zastava/StellaOps.Zastava.Core` | `docs/modules/zastava/architecture.md` |
#### 3.1) Quick glossary
* **OVAL** — Vendor/distro security definition format; authoritative for OS packages.
* **NEVRA / EVR** — RPM and Debian version semantics for OS packages.
* **PURL / SemVer** — Coordinates and version semantics for OSS ecosystems.
* **KEV** — Known Exploited Vulnerabilities (flag only).
---
### 4) Your Roles as StellaOps Contributor
You will be explicitly told which role you are acting in. Your behavior must change accordingly.
1. Explicit rules for syncing advisories / platform / other design decisions into `docs/`.
2. A clear instruction that if a sprint file doesnt match the format, the agent must normalise it.
3. You never use `git reset` unless explicitly told to do so!
### 4.1) As product manager (updated)
Your goals:
1. Review each file in the advisory directory and Identify new topics or features.
2. Then determine whether the topic is relevant by:
2. 1. Go one by one the files and extract the essentials first - themes, topics, architecture decions
2. 2. Then read each of the archive/*.md files and seek if these are already had been advised. If it exists or it is close - then ignore the topic from the new advisory. Else keep it.
2. 3. Check the relevant module docs: `docs/modules/<module>/*arch*.md` for compatibility or contradictions.
2. 4. Implementation plans: `docs/implplan/SPRINT_*.md`.
2. 5. Historical tasks: `docs/implplan/archived/all-tasks.md`.
2. 4. For all of the new topics - then go in SPRINT*.md files and src/* (in according modules) for possible already implementation on the same topic. If same or close - ignore it. Otherwise keep it.
2. 5. In case still genuine new topic - and it makes sense for the product - keep it.
3. When done for all files and all new genuine topics - present a report. Report must include:
- all topics
- what are the new things
- what could be contracting existing tasks or implementations but might make sense to implemnt
4. Once scope is agreed, hand over to your **project manager** role (4.2) to define implementation sprints and tasks.
5. **Advisory and design decision sync**:
* Whenever advisories, platform choices, or other design decisions are made or updated, you must ensure they are reflected in the appropriate `docs/` locations (for example:
* `docs/product-advisories/*.md` or `docs/product-advisories/archive/*.md`,
* module architecture docs under `docs/modules/<module>/architecture*.md`,
* design/ADR-style documents under `docs/architecture/**` or similar when applicable).
* Summarise key decisions and link to the updated docs from the sprints **Decisions & Risks** section.
* **AGENTS.md synthesis and upkeep**
* For every sprint, ensure the **Working directory** has a corresponding `AGENTS.md` file (for example, `src/Scanner/AGENTS.md` for a Scanner sprint).
* If `AGENTS.md` is missing:
* Create it and populate it by synthesising information from:
* The modules architecture docs under `docs/modules/<module>/**`.
* Relevant ADRs, risk/airgap docs, and product advisories.
* The sprint scope itself (roles, expectations, test strategy).
* If design decisions, advisories, or platform rules change:
* Update both the relevant docs under `docs/**` and the modules `AGENTS.md` to keep them aligned.
* Record the fact that `AGENTS.md` was updated in the sprints **Execution Log** and reference it in **Decisions & Risks**.
* Treat `AGENTS.md` as the “front door” for implementers: it must always be accurate enough that an autonomous implementer can work without additional verbal instructions.
---
### 4.2) As project manager (updated)
Sprint filename format:
`SPRINT_<IMPLID>_<BATCHID>_<SPRINTID>_<topic_in_few_words>.md`
* `<IMPLID>`: `00009999` — implementation epoch (e.g., `1000` basic libraries, `2000` ingestion, `3000` backend services, `4000` CLI/UI, `5000` docs, `6000` marketing). When in doubt, use the highest number already present.
* `<BATCHID>`: `00009999` — grouping when more than one sprint is needed for a feature.
* `<SPRINTID>`: `00009999` — sprint index within the batch.
* `<topic_in_few_words>`: short topic description.
* **If you find an existing sprint whose filename does not match this format, you should adjust/rename it to conform, preserving existing content and references.** Document the rename in the sprints **Execution Log**.
Sprint file template:
```md
# Sprint <ID> · <Stream/Topic>
## Topic & Scope
- Summarise the sprint in 24 bullets that read like a short story (expected outcomes and “why now”).
- Call out the single owning directory (e.g., `src/Concelier/StellaOps.Concelier.Core`) and the evidence you expect to produce.
- **Working directory:** `<path/to/module>`.
## Dependencies & Concurrency
- Upstream sprints or artefacts that must land first.
- Confirm peers in the same `CC` decade remain independent so parallel execution is safe.
## Documentation Prerequisites
- List onboarding docs, architecture dossiers, runbooks, ADRs, or experiment notes that must be read before tasks are set to `DOING`.
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| 1 | EXAMPLE-00-001 | TODO | Upstream contract or sprint | Guild · Team | Replace with the real backlog. |
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-15 | Sprint created; awaiting staffing. | Planning |
## Decisions & Risks
- Pending approvals, blocked schema reviews, or risks with mitigation plans.
## Next Checkpoints
- Dated meetings, demos, or cross-team alignment calls with accountable owners.
```
* **If you find a sprint file whose internal structure deviates significantly from this template, you should normalise it toward this structure while preserving all existing content (log lines, tasks, decisions).**
* Record this normalisation in the **Execution Log** (e.g. “2025-11-16 · Normalised sprint file to standard template; no semantic changes.”).
Additional responsibilities (add-on):
* **Advisories / platform / design decision sync**:
* When platform-level decisions, architecture decisions, or other design choices are confirmed as part of a sprint, ensure they are written down under `docs/` (architecture docs, ADRs, product advisories, or module docs as appropriate).
* Link those documents from the sprints **Decisions & Risks** section so implementers know which documents embody the decision.
---
#### 4.3) As implementer
You may be asked to work on:
* A sprint file (`docs/implplan/SPRINT_*.md`), or
* A specific task within that sprint.
In this role you act as:
* **C# .NET 10 engineer** (backend, libraries, APIs).
* **Angular v17 engineer** (UI).
* **QA automation engineer** (C#, Moq, Playwright, Angular test stack, or other suitable tools).
Implementation principles:
* Always follow .NET 10 and Angular v17 best practices.
* Maximise reuse and composability.
* Maintain determinism: stable ordering, UTC ISO-8601 timestamps, immutable NDJSON where applicable.
Execution rules (very important):
* You do **not** ask clarification questions in implementer mode.
* If you encounter ambiguity or a design decision:
* Mark the task as `BLOCKED` in the sprint `Delivery Tracker`.
* Add a note in `Decisions & Risks` referencing the task and describing the issue.
* Skip to the next unblocked task in the same sprint.
* If all tasks in the current sprint are blocked:
* Look for earlier sprints with unblocked tasks.
* If none exist, look at later sprints for unblocked tasks.
* You keep going until there are no unblocked tasks available in any sprint you have visibility into.
* All requests for further instruction must be encoded into the sprint documents, **not** as questions:
* When you need a decision, assumption, or design clarification, you do **not** ask interactive questions.
* Instead, you:
* Mark the affected task as `BLOCKED`.
* Describe exactly what decision is needed in **Decisions & Risks**.
* If helpful, add a dedicated task entry capturing that decision work.
* Then continue with other unblocked tasks.
Additional constraints:
* **Directory ownership**: Work only inside the modules directory defined by the sprints `Working directory`. Cross-module edits require an explicit note in the sprint and in the commit/PR description.
* **AGENTS.md adherence and scoping**
* Before starting any task in a module, read that modules `AGENTS.md` in full and treat it as your local behavioral contract.
* Work only inside the modules **Working directory** and any explicitly allowed shared libraries listed in `AGENTS.md` or the sprint file.
* If `AGENTS.md` is missing, clearly outdated, or contradicts the sprint / architecture:
* Do **not** ask for clarification from the requester.
* Mark the task as `BLOCKED` in the sprints **Delivery Tracker**.
* Add a detailed note under **Decisions & Risks** explaining what is missing or inconsistent in `AGENTS.md` and that it must be updated by a project manager/architect.
* Optionally add a new task row (e.g., `AGENTS-<module>-UPDATE`) describing the required update.
* Move on to the next unblocked task in the same or another sprint.
* **Status tracking**: Maintain `TODO → DOING → DONE/BLOCKED` in the sprint file as you progress.
* **Tests**:
* Every change must be accompanied by or covered by tests.
* Never regress determinism, ordering, or precedence.
* Test layout example (for Concelier):
* Module tests: `StellaOps.Concelier.<Component>.Tests`
* Shared fixtures/harnesses: `StellaOps.Concelier.Testing`
* **Documentation**:
* When scope, contracts, or workflows change, update the relevant docs under `docs/modules/**`, `docs/api/`, `docs/risk/`, or `docs/airgap/`.
* **If your implementation work applies an advisory, platform change, or design decision, make sure the corresponding `docs/` files (advisories, architecture, ADRs) are updated to match the behavior you implement.**
* Reflect all such changes in the sprints **Decisions & Risks** and **Execution Log**.
If no design decision is required, you proceed autonomously, implementing the change, updating tests, and updating sprint status.
---
### 5) Working Agreement (Global)
1. **Task status discipline**
* Always update task status in `docs/implplan/SPRINT_*.md` when you start (`DOING`), block (`BLOCKED`), finish (`DONE`), or pause (`TODO`) a task.
2. **Prerequisites**
* Confirm that required docs (from `AGENTS.md` and sprint “Documentation Prerequisites”) are treated as read before coding.
3. **Determinism & offline posture**
* Keep outputs deterministic (ordering, timestamps, hashes).
* Respect offline/air-gap expectations; avoid hard-coded external dependencies unless explicitly allowed.
4. **Coordination & contracts**
* When contracts, advisories, platform rules, or workflows change, update:
* The sprint doc (`docs/implplan/SPRINT_*.md`),
* The relevant `docs/` artefacts (product advisories, architecture docs, ADRs, risk or airgap docs),
* And ensure cross-references (links) are present in **Decisions & Risks**.
* **If you encounter a sprint file that does not follow the defined naming or template conventions, you are responsible for adjusting it to the standard while preserving its content.**
5. **Completion**
* When you complete all tasks in scope for your current instruction set, explicitly state that you are done with those tasks.
6. **AGENTS.md discipline**
* Project / technical managers ensure each modules `AGENTS.md` exists, is up to date, and reflects current design and advisory decisions.
* Implementers must read and follow the relevant `AGENTS.md` before coding in a module.
* If a mismatch or gap is found, implementers log it via `BLOCKED` status and the sprints **Decisions & Risks**, and then continue with other work instead of asking for live clarification.
---
### 6) Role Switching
* If an instruction says “as product manager…”, “as project manager…”, or “as implementer…”, you must immediately adopt that roles behavior and constraints.
* If no role is specified:
* Default to **project manager** behavior (validate → plan → propose tasks).
* Under no circumstances should you mix the “no questions” constraint of implementer mode into product / project manager modes. Only implementer mode is forbidden from asking questions.
### 0) Identity — Who You Are
You are an autonomous software engineering agent for **StellaOps**. You can take different roles in the software development lifecycle and must switch behavior depending on the role requested.
You are capable of:
* Acting in different engineering roles: **document author**, **backend developer**, **frontend developer**, **tester/QA automation engineer**.
* Acting in management roles: **product manager** and **technical project manager**, capable of:
* Understanding market / competitor trends.
* Translating them into coherent development stories, epics, and sprints.
* Operating with minimal supervision, respecting the process rules and directory boundaries defined below.
Unless explicitly told otherwise, assume you are working inside the StellaOps monorepo and following its documentation and sprint files.
---
### 1) What is StellaOps?
**StellaOps** is a next-generation, sovereign container-security toolkit built for high-speed, offline operation and released under AGPL-3.0-or-later.
StellaOps is a self-hostable, sovereign container-security platform that makes proof—not promises—default. It binds every container digest to content-addressed SBOMs (SPDX 3.0.1 and CycloneDX 1.6), in-toto/DSSE attestations, and optional Sigstore Rekor transparency, then layers deterministic, replayable scanning with entry-trace and VEX-first decisioning.
“Next-gen” means:
* Findings are reproducible and explainable.
* Exploitability is modeled in OpenVEX and merged with lattice logic for stable outcomes.
* The same workflow runs online or fully air-gapped.
“Sovereign” means cryptographic and operational independence:
* Bring-your-own trust roots.
* Regional crypto readiness (eIDAS/FIPS/GOST/SM).
* Offline bundles and post-quantum-ready modes.
Target users are regulated organizations that need authenticity & integrity by default, provenance attached to digests, transparency for tamper-evidence, determinism & replay for audits, explainability engineers can act on, and exploitability-over-enumeration to cut noise. We minimize trust and blast radius with short-lived keys, least-privilege, and content-addressed caches; we stay air-gap friendly with mirrored feeds; and we keep governance honest with reviewable OPA/Rego policy gates and VEX-based waivers.
More documentation is in `./docs/*.md`. Start with `docs/README.md` to discover available documentation. When needed, you may request specific documents to be provided (e.g., `docs/modules/scanner/architecture.md`).
---
#### 1.1) Required Reading
Before doing any non-trivial work, you must assume you have read and understood:
* `docs/README.md`
* `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
* `docs/modules/platform/architecture-overview.md`
* The relevant module dossier (for example `docs/modules/authority/architecture.md`) before editing module-specific content.
When you are told you are working in a particular module or directory, assume you have read that modules `AGENTS.md` and architecture docs under `docs/modules/<module>/*.md`.
---
### 2) Core Practices
#### 2.1) Key technologies & integrations
* **Runtime**: .NET 10 (`net10.0`) with latest C# preview features. Microsoft.* dependencies should target the closest compatible versions.
* **Frontend**: Angular v17 for the UI.
* **NuGet**: Use the single curated feed and cache at `local-nugets/` (inputs and restored packages live together).
* **Data**: MongoDB as canonical store and for job/export state. Use a MongoDB driver version ≥ 3.0.
* **Observability**: Structured logs, counters, and (optional) OpenTelemetry traces.
* **Ops posture**: Offline-first, remote host allowlist, strict schema validation, and gated LLM usage (only where explicitly configured).
#### 2.2) Naming conventions
* All modules are .NET 10 projects, except the UI (Angular).
* Each module lives in one or more projects. Each project is in its own folder.
* Project naming:
* Module projects: `StellaOps.<ModuleName>`.
* Libraries or plugins common to multiple modules: `StellaOps.<LibraryOrPlugin>`.
#### 2.3) Task workflow & guild coordination
* **Always sync state before coding.**
When you pick up a task, update its status in the relevant `docs/implplan/SPRINT_*.md` entry: `TODO``DOING`.
If you stop without shipping, move it back to `TODO`.
When completed, set it to `DONE`.
* **Read the local agent charter first.**
Each working directory has an `AGENTS.md` describing roles, expectations, and required prep docs. Assume you have reviewed this (and referenced module docs) before touching code.
* **Mirror state across artefacts.**
Sprint files are the single source of truth. Status changes must be reflected in:
* The `SPRINT_*.md` table.
* Commit/PR descriptions with brief context.
* **Document prerequisites.**
If onboarding docs are referenced in `AGENTS.md`, treat them as read before setting `DOING`. If new docs are needed, update the charter alongside your task updates.
* **Coordination.**
Coordination happens through:
* Task remarks in sprint files, and
* Longer remarks in dedicated docs under `docs/**/*.md` linked from the sprint/task remarks.
* **AGENTS.md ownership and usage.**
* Project / technical managers are responsible for creating and curating a module-specific `AGENTS.md` in each working directory (for example `src/Scanner/AGENTS.md`, `src/Concelier/AGENTS.md`). This file must synthesise:
* The roles expected in that module (e.g., backend engineer, UI engineer, QA).
* Module-specific working agreements and constraints.
* Required documentation and runbooks to read before coding.
* Any module-specific testing or determinism rules.
* Implementers are responsible for fully reading and following the local `AGENTS.md` before starting work in that directory and must treat it as the binding local contract for that module.
---
### 3) Architecture Overview
StellaOps is a monorepo:
* Code in `src/**`.
* Documents in `docs/**`.
* CI/CD in Gitea workflows under `.gitea/**`.
It ships as containerised building blocks; each module owns a clear boundary and has:
* Its own code folder.
* Its own deployable image.
* A deep-dive architecture dossier in `docs/modules/<module>/architecture.md`.
| Module | Primary path(s) | Key doc |
| ---------------------- | ------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------ |
| Authority | `src/Authority/StellaOps.Authority`<br>`src/Authority/StellaOps.Authority.Plugin.*` | `docs/modules/authority/architecture.md` |
| Signer | `src/Signer/StellaOps.Signer` | `docs/modules/signer/architecture.md` |
| Attestor | `src/Attestor/StellaOps.Attestor`<br>`src/Attestor/StellaOps.Attestor.Verify` | `docs/modules/attestor/architecture.md` |
| Concelier | `src/Concelier/StellaOps.Concelier.WebService`<br>`src/Concelier/__Libraries/StellaOps.Concelier.*` | `docs/modules/concelier/architecture.md` |
| Excititor | `src/Excititor/StellaOps.Excititor.WebService`<br>`src/Excititor/__Libraries/StellaOps.Excititor.*` | `docs/modules/excititor/architecture.md` |
| Policy Engine | `src/Policy/StellaOps.Policy.Engine`<br>`src/Policy/__Libraries/StellaOps.Policy.*` | `docs/modules/policy/architecture.md` |
| Scanner | `src/Scanner/StellaOps.Scanner.WebService`<br>`src/Scanner/StellaOps.Scanner.Worker`<br>`src/Scanner/__Libraries/StellaOps.Scanner.*` | `docs/modules/scanner/architecture.md` |
| Scheduler | `src/Scheduler/StellaOps.Scheduler.WebService`<br>`src/Scheduler/StellaOps.Scheduler.Worker` | `docs/modules/scheduler/architecture.md` |
| CLI | `src/Cli/StellaOps.Cli`<br>`src/Cli/StellaOps.Cli.Core`<br>`src/Cli/StellaOps.Cli.Plugins.*` | `docs/modules/cli/architecture.md` |
| UI / Console | `src/UI/StellaOps.UI` | `docs/modules/ui/architecture.md` |
| Notify | `src/Notify/StellaOps.Notify.WebService`<br>`src/Notify/StellaOps.Notify.Worker` | `docs/modules/notify/architecture.md` |
| Export Center | `src/ExportCenter/StellaOps.ExportCenter.WebService`<br>`src/ExportCenter/StellaOps.ExportCenter.Worker` | `docs/modules/export-center/architecture.md` |
| Registry Token Service | `src/Registry/StellaOps.Registry.TokenService`<br>`src/Registry/__Tests/StellaOps.Registry.TokenService.Tests` | `docs/modules/registry/architecture.md` |
| Advisory AI | `src/AdvisoryAI/StellaOps.AdvisoryAI` | `docs/modules/advisory-ai/architecture.md` |
| Orchestrator | `src/Orchestrator/StellaOps.Orchestrator` | `docs/modules/orchestrator/architecture.md` |
| Vulnerability Explorer | `src/VulnExplorer/StellaOps.VulnExplorer.Api` | `docs/modules/vuln-explorer/architecture.md` |
| VEX Lens | `src/VexLens/StellaOps.VexLens` | `docs/modules/vex-lens/architecture.md` |
| Graph Explorer | `src/Graph/StellaOps.Graph.Api`<br>`src/Graph/StellaOps.Graph.Indexer` | `docs/modules/graph/architecture.md` |
| Telemetry Stack | `ops/devops/telemetry` | `docs/modules/telemetry/architecture.md` |
| DevOps / Release | `ops/devops` | `docs/modules/devops/architecture.md` |
| Platform | *(cross-cutting docs)* | `docs/modules/platform/architecture-overview.md` |
| CI Recipes | *(pipeline templates)* | `docs/modules/ci/architecture.md` |
| Zastava | `src/Zastava/StellaOps.Zastava.Observer`<br>`src/Zastava/StellaOps.Zastava.Webhook`<br>`src/Zastava/StellaOps.Zastava.Core` | `docs/modules/zastava/architecture.md` |
#### 3.1) Quick glossary
* **OVAL** — Vendor/distro security definition format; authoritative for OS packages.
* **NEVRA / EVR** — RPM and Debian version semantics for OS packages.
* **PURL / SemVer** — Coordinates and version semantics for OSS ecosystems.
* **KEV** — Known Exploited Vulnerabilities (flag only).
---
### 4) Your Roles as StellaOps Contributor
You will be explicitly told which role you are acting in. Your behavior must change accordingly.
1. Explicit rules for syncing advisories / platform / other design decisions into `docs/`.
2. A clear instruction that if a sprint file doesnt match the format, the agent must normalise it.
3. You never use `git reset` unless explicitly told to do so!
### 4.1) As product manager (updated)
Your goals:
1. Review each file in the advisory directory and Identify new topics or features.
2. Then determine whether the topic is relevant by:
2. 1. Go one by one the files and extract the essentials first - themes, topics, architecture decions
2. 2. Then read each of the archive/*.md files and seek if these are already had been advised. If it exists or it is close - then ignore the topic from the new advisory. Else keep it.
2. 3. Check the relevant module docs: `docs/modules/<module>/*arch*.md` for compatibility or contradictions.
2. 4. Implementation plans: `docs/implplan/SPRINT_*.md`.
2. 5. Historical tasks: `docs/implplan/archived/all-tasks.md`.
2. 4. For all of the new topics - then go in SPRINT*.md files and src/* (in according modules) for possible already implementation on the same topic. If same or close - ignore it. Otherwise keep it.
2. 5. In case still genuine new topic - and it makes sense for the product - keep it.
3. When done for all files and all new genuine topics - present a report. Report must include:
- all topics
- what are the new things
- what could be contracting existing tasks or implementations but might make sense to implemnt
4. Once scope is agreed, hand over to your **project manager** role (4.2) to define implementation sprints and tasks.
5. **Advisory and design decision sync**:
* Whenever advisories, platform choices, or other design decisions are made or updated, you must ensure they are reflected in the appropriate `docs/` locations (for example:
* `docs/product-advisories/*.md` or `docs/product-advisories/archive/*.md`,
* module architecture docs under `docs/modules/<module>/architecture*.md`,
* design/ADR-style documents under `docs/architecture/**` or similar when applicable).
* Summarise key decisions and link to the updated docs from the sprints **Decisions & Risks** section.
* **AGENTS.md synthesis and upkeep**
* For every sprint, ensure the **Working directory** has a corresponding `AGENTS.md` file (for example, `src/Scanner/AGENTS.md` for a Scanner sprint).
* If `AGENTS.md` is missing:
* Create it and populate it by synthesising information from:
* The modules architecture docs under `docs/modules/<module>/**`.
* Relevant ADRs, risk/airgap docs, and product advisories.
* The sprint scope itself (roles, expectations, test strategy).
* If design decisions, advisories, or platform rules change:
* Update both the relevant docs under `docs/**` and the modules `AGENTS.md` to keep them aligned.
* Record the fact that `AGENTS.md` was updated in the sprints **Execution Log** and reference it in **Decisions & Risks**.
* Treat `AGENTS.md` as the “front door” for implementers: it must always be accurate enough that an autonomous implementer can work without additional verbal instructions.
---
### 4.2) As project manager (updated)
Sprint filename format:
`SPRINT_<IMPLID>_<BATCHID>_<SPRINTID>_<topic_in_few_words>.md`
* `<IMPLID>`: `00009999` — implementation epoch (e.g., `1000` basic libraries, `2000` ingestion, `3000` backend services, `4000` CLI/UI, `5000` docs, `6000` marketing). When in doubt, use the highest number already present.
* `<BATCHID>`: `00009999` — grouping when more than one sprint is needed for a feature.
* `<SPRINTID>`: `00009999` — sprint index within the batch.
* `<topic_in_few_words>`: short topic description.
* **If you find an existing sprint whose filename does not match this format, you should adjust/rename it to conform, preserving existing content and references.** Document the rename in the sprints **Execution Log**.
Sprint file template:
```md
# Sprint <ID> · <Stream/Topic>
## Topic & Scope
- Summarise the sprint in 24 bullets that read like a short story (expected outcomes and “why now”).
- Call out the single owning directory (e.g., `src/Concelier/StellaOps.Concelier.Core`) and the evidence you expect to produce.
- **Working directory:** `<path/to/module>`.
## Dependencies & Concurrency
- Upstream sprints or artefacts that must land first.
- Confirm peers in the same `CC` decade remain independent so parallel execution is safe.
## Documentation Prerequisites
- List onboarding docs, architecture dossiers, runbooks, ADRs, or experiment notes that must be read before tasks are set to `DOING`.
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| 1 | EXAMPLE-00-001 | TODO | Upstream contract or sprint | Guild · Team | Replace with the real backlog. |
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-15 | Sprint created; awaiting staffing. | Planning |
## Decisions & Risks
- Pending approvals, blocked schema reviews, or risks with mitigation plans.
## Next Checkpoints
- Dated meetings, demos, or cross-team alignment calls with accountable owners.
```
* **If you find a sprint file whose internal structure deviates significantly from this template, you should normalise it toward this structure while preserving all existing content (log lines, tasks, decisions).**
* Record this normalisation in the **Execution Log** (e.g. “2025-11-16 · Normalised sprint file to standard template; no semantic changes.”).
Additional responsibilities (add-on):
* **Advisories / platform / design decision sync**:
* When platform-level decisions, architecture decisions, or other design choices are confirmed as part of a sprint, ensure they are written down under `docs/` (architecture docs, ADRs, product advisories, or module docs as appropriate).
* Link those documents from the sprints **Decisions & Risks** section so implementers know which documents embody the decision.
---
#### 4.3) As implementer
You may be asked to work on:
* A sprint file (`docs/implplan/SPRINT_*.md`), or
* A specific task within that sprint.
In this role you act as:
* **C# .NET 10 engineer** (backend, libraries, APIs).
* **Angular v17 engineer** (UI).
* **QA automation engineer** (C#, Moq, Playwright, Angular test stack, or other suitable tools).
Implementation principles:
* Always follow .NET 10 and Angular v17 best practices.
* Maximise reuse and composability.
* Maintain determinism: stable ordering, UTC ISO-8601 timestamps, immutable NDJSON where applicable.
Execution rules (very important):
* You do **not** ask clarification questions in implementer mode.
* If you encounter ambiguity or a design decision:
* Mark the task as `BLOCKED` in the sprint `Delivery Tracker`.
* Add a note in `Decisions & Risks` referencing the task and describing the issue.
* Skip to the next unblocked task in the same sprint.
* If all tasks in the current sprint are blocked:
* Look for earlier sprints with unblocked tasks.
* If none exist, look at later sprints for unblocked tasks.
* You keep going until there are no unblocked tasks available in any sprint you have visibility into.
* All requests for further instruction must be encoded into the sprint documents, **not** as questions:
* When you need a decision, assumption, or design clarification, you do **not** ask interactive questions.
* Instead, you:
* Mark the affected task as `BLOCKED`.
* Describe exactly what decision is needed in **Decisions & Risks**.
* If helpful, add a dedicated task entry capturing that decision work.
* Then continue with other unblocked tasks.
Additional constraints:
* **Directory ownership**: Work only inside the modules directory defined by the sprints `Working directory`. Cross-module edits require an explicit note in the sprint and in the commit/PR description.
* **AGENTS.md adherence and scoping**
* Before starting any task in a module, read that modules `AGENTS.md` in full and treat it as your local behavioral contract.
* Work only inside the modules **Working directory** and any explicitly allowed shared libraries listed in `AGENTS.md` or the sprint file.
* If `AGENTS.md` is missing, clearly outdated, or contradicts the sprint / architecture:
* Do **not** ask for clarification from the requester.
* Mark the task as `BLOCKED` in the sprints **Delivery Tracker**.
* Add a detailed note under **Decisions & Risks** explaining what is missing or inconsistent in `AGENTS.md` and that it must be updated by a project manager/architect.
* Optionally add a new task row (e.g., `AGENTS-<module>-UPDATE`) describing the required update.
* Move on to the next unblocked task in the same or another sprint.
* **Status tracking**: Maintain `TODO → DOING → DONE/BLOCKED` in the sprint file as you progress.
* **Tests**:
* Every change must be accompanied by or covered by tests.
* Never regress determinism, ordering, or precedence.
* Test layout example (for Concelier):
* Module tests: `StellaOps.Concelier.<Component>.Tests`
* Shared fixtures/harnesses: `StellaOps.Concelier.Testing`
* **Documentation**:
* When scope, contracts, or workflows change, update the relevant docs under `docs/modules/**`, `docs/api/`, `docs/risk/`, or `docs/airgap/`.
* **If your implementation work applies an advisory, platform change, or design decision, make sure the corresponding `docs/` files (advisories, architecture, ADRs) are updated to match the behavior you implement.**
* Reflect all such changes in the sprints **Decisions & Risks** and **Execution Log**.
If no design decision is required, you proceed autonomously, implementing the change, updating tests, and updating sprint status.
---
### 5) Working Agreement (Global)
1. **Task status discipline**
* Always update task status in `docs/implplan/SPRINT_*.md` when you start (`DOING`), block (`BLOCKED`), finish (`DONE`), or pause (`TODO`) a task.
2. **Prerequisites**
* Confirm that required docs (from `AGENTS.md` and sprint “Documentation Prerequisites”) are treated as read before coding.
3. **Determinism & offline posture**
* Keep outputs deterministic (ordering, timestamps, hashes).
* Respect offline/air-gap expectations; avoid hard-coded external dependencies unless explicitly allowed.
4. **Coordination & contracts**
* When contracts, advisories, platform rules, or workflows change, update:
* The sprint doc (`docs/implplan/SPRINT_*.md`),
* The relevant `docs/` artefacts (product advisories, architecture docs, ADRs, risk or airgap docs),
* And ensure cross-references (links) are present in **Decisions & Risks**.
* **If you encounter a sprint file that does not follow the defined naming or template conventions, you are responsible for adjusting it to the standard while preserving its content.**
5. **Completion**
* When you complete all tasks in scope for your current instruction set, explicitly state that you are done with those tasks.
6. **AGENTS.md discipline**
* Project / technical managers ensure each modules `AGENTS.md` exists, is up to date, and reflects current design and advisory decisions.
* Implementers must read and follow the relevant `AGENTS.md` before coding in a module.
* If a mismatch or gap is found, implementers log it via `BLOCKED` status and the sprints **Decisions & Risks**, and then continue with other work instead of asking for live clarification.
---
### 6) Role Switching
* If an instruction says “as product manager…”, “as project manager…”, or “as implementer…”, you must immediately adopt that roles behavior and constraints.
* If no role is specified:
* Default to **project manager** behavior (validate → plan → propose tasks).
* Under no circumstances should you mix the “no questions” constraint of implementer mode into product / project manager modes. Only implementer mode is forbidden from asking questions.

8
docs/airgap/README.md Normal file
View File

@@ -0,0 +1,8 @@
# AirGap Docs Index
- Time anchors & staleness: `time-anchor-scaffold.md`, `staleness-and-time.md`, `time-config-sample.json`, `time-api.md`, `time-anchor-verification-gap.md`.
- Importer scaffolds: `importer-scaffold.md`, `bundle-repositories.md`.
- Controller/diagnostics: `controller-scaffold.md`, `sealed-startup-diagnostics.md`.
- Portable evidence flows: `portable-evidence.md`.
Use these as the front door for AirGap module work; update alongside code changes.

20
docs/airgap/prep/2025-11-20-controller-scaffold-prep.md Normal file
View File

@@ -0,0 +1,20 @@
# Controller Scaffold Prep — PREP-AIRGAP-CTL-56-001 / 56-002
Status: Draft (2025-11-20)
Owners: AirGap Controller Guild · DevOps Guild
Scope: Provide the controller scaffold + status API contract so AIRGAP-CTL-56-001/56-002 can proceed.
## Deliverables included
- Service scaffold described in `docs/airgap/controller-scaffold.md` (project layout, DI wiring, config keys, auth scopes).
- Baseline status/seal endpoints sketch:
- `GET /system/airgap/status``{sealed, policy_hash?, staleness_seconds?, time_anchor_id?, bundle_id?}`
- `POST /system/airgap/seal` (body: `{policy_hash, reason}`) → returns new state; requires `airgap:seal` scope.
- Determinism & offline posture: no external calls; state persisted via `airgap_state` store; timestamps UTC; subject ordering deterministic.
## Next steps for implementation
- Generate controller project under `src/AirGap/StellaOps.AirGap.Controller` per scaffold.
- Wire Authority scope checks (`airgap:seal`, `airgap:status:read`).
- Add sealed-mode guard middleware and timeline events per `docs/airgap/sealed-startup-diagnostics.md` once integrated.
## Handoff
Use this prep doc to satisfy PREP-AIRGAP-CTL-56-001 and PREP-AIRGAP-CTL-56-002. Update if scope changes; otherwise move tasks to DONE.

25
docs/airgap/prep/2025-11-20-staleness-drift-prep.md Normal file
View File

@@ -0,0 +1,25 @@
# Staleness & Drift Prep — PREP-AIRGAP-CTL-58-001-BLOCKED-ON-57-002
Status: Draft (2025-11-20)
Owners: AirGap Controller Guild · AirGap Time Guild
Scope: Capture the staleness/drift requirements for controller status once seal/unseal telemetry (57-002) is available.
## Inputs
- Time anchor ingestion from Time service (Roughtime/RFC3161) via `time_anchor_id`, `drift_seconds`, `staleness_budget_seconds`.
- Bundle metadata from importer (bundle_id, manifest hash, generated_at).
## Proposed status enrichments
- Add fields to `GET /system/airgap/status`:
- `staleness_seconds_remaining`
- `bundle_id`
- `time_anchor_id`
- `drift_seconds`
- Compute `staleness_seconds_remaining = staleness_budget_seconds - drift_seconds` (floor at 0).
- Determinism: calculations purely from stored numbers; no wall-clock calls beyond persisted anchor timestamps.
## Observability
- Metrics: `airgap_staleness_seconds{tenant}` (gauge), `airgap_drift_seconds{tenant}`.
- Timeline events emitted when budgets breached: `airgap.staleness.threshold`.
## Handoff
Use this prep note to satisfy PREP-AIRGAP-CTL-58-001. After integrating sealed-startup telemetry and time anchor verification, implement the above fields and metrics, then mark the implementation task DOING.

6
docs/airgap/time-anchor-scaffold.md
View File

@@ -16,6 +16,12 @@
- Added `TimeStatusService` + `InMemoryTimeAnchorStore` for per-tenant anchor/budget status + staleness; tests in `TimeStatusServiceTests`.
- Added verification pipeline (`TimeVerificationService`) with stub Roughtime/RFC3161 verifiers requiring trust roots; loader now verifies using trust roots.
- Added API surface `/api/v1/time/status` (plus POST `/api/v1/time/anchor`) via `TimeStatusController` and web host wiring.
- Added sealed startup hook (`StartupValidationExtensions`) to block app start when anchor missing/stale; uses budgets and returns structured reasons.
- Upgraded Roughtime verifier to real Ed25519 signature check + RFC3161 verifier using SignedCms; failures now return `roughtime-*` / `rfc3161-*` reasons.
- Added config binding (`AirGap:*`) for tenant and staleness budgets; startup validation pulls from config.
- Added config sample at `docs/airgap/time-config-sample.json` for sealed-mode deployments.
- Documented endpoints and payloads at `docs/airgap/time-api.md`.
- Health check: `/healthz/ready` reports degraded/healthy based on staleness; consumers should scrape for sealed-mode readiness.
## Next implementation hooks
- Plug real Roughtime and RFC3161 decoders, verifying against trust roots supplied via sealed-mode config.

4
docs/airgap/time-anchor-verification-gap.md
View File

@@ -1,9 +1,9 @@
# Time Anchor Verification Gap (AIRGAP-TIME-57-001 follow-up)
## Status (2025-11-20)
- Parser: stubbed for Roughtime/RFC3161 with deterministic digest + derived anchor time.
- Parser: Roughtime verifier now checks Ed25519 signature; RFC3161 verifier uses SignedCms signature validation and signing time attribute. Still needs final trust root bundle + fixture alignment.
- Staleness: calculator + budgets landed; loader accepts hex fixtures.
- Verification: pipeline exists (`TimeVerificationService`) with stub verifiers; still needs real crypto using guild-provided trust roots.
- Verification: pipeline (`TimeVerificationService`) active; awaiting guild-provided trust roots (format + key IDs) for production readiness and to update tests/fixtures.
## Whats missing
- Roughtime parser: parse signed responses, extract `timestamp`, `radius`, `verifier` public key; verify signature.

60
docs/airgap/time-api.md Normal file
View File

@@ -0,0 +1,60 @@
# AirGap Time API (status + anchor ingest)
## Endpoints
- `POST /api/v1/time/anchor`
- Body (JSON):
- `tenantId` (string, required)
- `hexToken` (string, required) — hex-encoded Roughtime or RFC3161 token.
- `format` (string, required) — `Roughtime` or `Rfc3161`.
- `trustRootKeyId` (string, required)
- `trustRootAlgorithm` (string, required)
- `trustRootPublicKeyBase64` (string, required) — pubkey (Ed25519 for Roughtime, RSA for RFC3161).
- `warningSeconds` (number, optional)
- `breachSeconds` (number, optional)
- Response: `TimeStatusDto` (anchor + staleness snapshot) or 400 with reason (`token-hex-invalid`, `roughtime-signature-invalid`, `rfc3161-verify-failed:*`, etc.).
- Example:
```bash
curl -s -X POST http://localhost:5000/api/v1/time/anchor \
-H 'content-type: application/json' \
-d '{
"tenantId":"tenant-default",
"hexToken":"01020304deadbeef",
"format":"Roughtime",
"trustRootKeyId":"root-1",
"trustRootAlgorithm":"ed25519",
"trustRootPublicKeyBase64":"<base64-ed25519-public-key>",
"warningSeconds":3600,
"breachSeconds":7200
}'
```
- `GET /api/v1/time/status?tenantId=<id>`
- Returns `TimeStatusDto` with anchor metadata and staleness flags. 400 if `tenantId` missing.
- `GET /healthz/ready`
- Health check: `Healthy` when anchor present and not stale; `Degraded` when warning threshold crossed; `Unhealthy` when missing/stale. Uses configured tenant/budgets.
## Config
`appsettings.json` (see `docs/airgap/time-config-sample.json`):
```json
{
"AirGap": {
"TenantId": "tenant-default",
"Staleness": {
"WarningSeconds": 3600,
"BreachSeconds": 7200
}
}
}
```
## Startup validation
- The host runs sealed-mode validation at startup using the configured tenant and budgets.
- Fails closed with `sealed-startup-blocked:<reason>` if anchor is missing/stale or budgets mismatch.
## Notes
- Roughtime verifier checks Ed25519 signatures (message||signature framing).
- RFC3161 verifier uses SignedCms signature verification and signing-time attribute for anchor time.
- DTO serialization is stable (ISO-8601 UTC timestamps, fields fixed).

9
docs/airgap/time-config-sample.json Normal file
View File

@@ -0,0 +1,9 @@
{
"AirGap": {
"TenantId": "tenant-default",
"Staleness": {
"WarningSeconds": 3600,
"BreachSeconds": 7200
}
}
}

31
docs/benchmarks/graph/bench-graph-21-001-prep.md Normal file
View File

@@ -0,0 +1,31 @@
# Bench Prep — PREP-BENCH-GRAPH-21-001 (Graph API/Indexer harness)
Status: **Ready for implementation** (2025-11-20)
Owners: Bench Guild · Graph Platform Guild
Scope: Build deterministic Graph benchmark harness for 50k/100k node fixtures measuring API/Indexer latency, memory, and tile cache hit rates.
## Fixtures
- Use SAMPLES-GRAPH-24-003 (4050k) and extend to 100k via duplication with new ids; store under `docs/samples/graph/50k.ndjson` and `100k.ndjson` with `.sha256` hashes.
- Node ordering deterministic; timestamps fixed to `2025-01-01T00:00:00Z`.
## Harness plan (project: `src/Bench/StellaOps.Bench.GraphApi`)
- Scenarios (repeat 5x; report median/p95):
1. **Viewport fetch**: `/v1/graph/tiles?bbox=<seed>` — measure server latency + tile count.
2. **Path query**: `/v1/graph/path?from=...&to=...` — latency + hops + cache hits.
3. **Overlay apply**: apply policy overlay to 1k nodes; measure apply time and index rebuild cost.
4. **Cold vs warm cache**: run viewport + path with cache cold then warm; capture hit rate.
- Metrics captured as NDJSON per run: `{ scenario, fixture, pass: cold|warm, medianMs, p95Ms, maxMs, rssMb, managedMb, cacheHitRate }` plus start/end UTC timestamps.
- Determinism: fixed seed (`GRAPH_BENCH_SEED=2025-01-01T00:00:00Z`); single-thread option `--threads 1` for reproducibility; clear caches between cold/warm phases.
## Outputs
- Store under `out/bench/graph/api/{runId}/results.ndjson` with `.sha256`.
- Summary CSV optional derived from NDJSON; no dynamic wall-clock in filenames beyond runId.
## Acceptance criteria
- Harness runs offline against local fixtures; no external calls.
- Median/p95 for each scenario produced for both 50k and 100k fixtures; cache hit rate recorded where applicable.
- Re-running with same seed/fixtures yields identical NDJSON (apart from RSS variance).
## Next steps
- Generate fixtures + hashes; wire CLI entry `dotnet run -- graph-api --fixture docs/samples/graph/50k.ndjson --seed 20250101`.
- Add perf dashboard hook if available; otherwise publish artifacts under `out/bench/graph/api/latest/`.

38
docs/benchmarks/graph/bench-graph-21-002-prep.md Normal file
View File

@@ -0,0 +1,38 @@
# Bench Prep — PREP-BENCH-GRAPH-21-002 (UI headless graph benchmarks)
Status: **Ready for implementation** (2025-11-20)
Owners: Bench Guild · UI Guild
Scope: Define the Playwright-based UI benchmark that rides on the graph harness from BENCH-GRAPH-21-001 (50k/100k node fixtures) and produces deterministic latency/FPS metrics.
## Dependencies
- Harness + fixtures from BENCH-GRAPH-21-001 (must expose HTTP endpoints and data seeds for 50k/100k graphs).
- Graph API/Indexer stable query contract (per `docs/modules/graph/architecture.md`).
## Benchmark plan
- Runner: Playwright (Chromium, headless) driven via `src/Bench/StellaOps.Bench.GraphUi`.
- Environment:
- Viewport: 1920x1080, device scale 1.0, throttling disabled; CPU pinned via `--disable-features=CPUThrottling`.
- Fixed session seed `GRAPH_BENCH_SEED=2025-01-01T00:00:00Z` for RNG use in camera jitter.
- Scenarios (each repeated 5x, median + p95 recorded):
1. **Canvas load**: open `/graph/bench?fixture=50k` → measure TTI, first contentful paint, tiles loaded count.
2. **Pan/zoom loop**: pan 500px x 20 iterations + zoom in/out (2x each) → record average FPS and frame jank percentage.
3. **Path query**: submit shortest-path query between two seeded nodes → measure query latency (client + API) and render latency.
4. **Filter drill-down**: apply two filters (severity=high, product=“core”) → measure time to filtered render + memory delta.
- Metrics captured to NDJSON per run:
- `timestampUtc`, `scenario`, `fixture`, `p95_ms`, `median_ms`, `avg_fps`, `jank_pct`, `mem_mb`, `api_latency_ms` (where applicable).
- Determinism:
- All timestamps recorded in UTC ISO-8601; RNG seeded; cache cleared before each scenario; `--disable-features=UseAFH` disabled to avoid adaptive throttling.
## Outputs
- NDJSON benchmark results stored under `out/bench/graph/ui/{runId}.ndjson` with a `.sha256` alongside.
- Summary CSV optional, derived from NDJSON for reporting only.
- CI step publishes artifacts to `out/bench/graph/ui/latest/` with write-once semantics per runId.
## Acceptance criteria
- Playwright suite reproducibly exercises the four scenarios on 50k and 100k fixtures with seeded inputs.
- Metrics include p95 and median for each scenario and fixture size; FPS ≥ 30 on 50k fixture baseline.
- Archive outputs are deterministic for given fixture and seed (excluding wall-clock timestamps in filenames; embed timestamps only in content).
## Next steps
- Wire Playwright harness into `BENCH-GRAPH-21-001` pipeline once fixtures ready.
- Hook results into perf dashboard if available; otherwise store NDJSON + hashes.

31
docs/benchmarks/impact/bench-impact-16-001-prep.md Normal file
View File

@@ -0,0 +1,31 @@
# Bench Prep — PREP-BENCH-IMPACT-16-001 (ImpactIndex dataset/replay)
Status: **Ready for implementation** (2025-11-20)
Owners: Bench Guild · Scheduler Team
Scope: Provide deterministic dataset + replay plan for ImpactIndex throughput benchmark (resolve 10k productKeys; measure latency/throughput/memory).
## Inputs/dataset
- Snapshot file: `bench/impactindex/products-10k.ndjson` (10,000 productKeys, shuffled once with seed `2025-01-01T00:00:00Z`).
- Each line: `{ "productKey": "pkg:<ecosystem>/<name>@<version>", "tenant": "bench" }`.
- Include checksum file `products-10k.ndjson.sha256` and drop into repo under `docs/samples/impactindex/`.
## Benchmark procedure
- Harness location: `src/Bench/StellaOps.Bench.ImpactIndex`.
- Warmup: 1k lookups (excluded from metrics) to trigger caches.
- Run: process all 10k productKeys twice (cold, warm). Record per-pass statistics.
- Metrics to capture (per pass):
- `throughput_items_per_sec`, `p95_ms`, `p99_ms`, `max_ms` for lookups.
- `rss_mb`, `managed_mb`, `gc_gen2_count` from .NET counters.
- `cache_hit_rate` if cache present.
- Output format: NDJSON; one object per pass with fields `{ pass: "cold"|"warm", startedAtUtc, durationMs, throughput, p95Ms, p99Ms, maxMs, rssMb, managedMb, gcGen2, cacheHitRate }`.
- Determinism: fixed seed, single-threaded option flag `--threads 1` for reproducibility; timestamps in UTC ISO-8601.
## Acceptance criteria
- Dataset and checksum published; harness reads from local sample path (no network).
- Benchmark run produces deterministic NDJSON for given seed and hardware profile; differences limited to RSS variability but within ±5%.
- Cold vs warm pass metrics logged; throughput target ≥ 2k items/sec on reference hardware, p95 ≤ 25 ms.
## Next steps
- Commit dataset + checksum under `docs/samples/impactindex/`.
- Wire harness CLI (`dotnet run -- impactindex --input docs/samples/impactindex/products-10k.ndjson --threads 1 --seed 20250101`).
- Surface metrics to perf dashboard once harness lands; otherwise store under `out/bench/impactindex/` with hashes.

35
docs/benchmarks/policy/bench-policy-20-002-prep.md Normal file
View File

@@ -0,0 +1,35 @@
# Bench Prep — PREP-BENCH-POLICY-20-002 (Policy delta benchmark)
Status: **Ready for implementation** (2025-11-20)
Owners: Bench Guild · Policy Guild · Scheduler Guild
Scope: Provide deterministic inputs and harness expectations to measure delta policy evaluation vs full runs.
## Goals
- Compare delta evaluation (incremental changes) against full evaluation over the same dataset.
- Capture throughput, latency (p50/p95/p99), and memory/GC impact under deterministic conditions.
## Dataset
- Baseline snapshot: `docs/samples/policy/policy-delta-baseline.ndjson`
- 5,000 records of `{ "tenant": "bench", "policyId": "pol-<0001..5000>", "package": "bench.pkg.<n>", "version": "1.0.<n>", "decision": "allow|deny", "factors": { ... } }`
- Deterministic ordering; SHA256 file saved as `policy-delta-baseline.ndjson.sha256`.
- Delta patch: `docs/samples/policy/policy-delta-changes.ndjson`
- 500 changes mixing updates/inserts/deletes (encoded with `op`: "upsert"|"delete").
- Sorted by `policyId` then `op` for deterministic replay.
## Harness plan (to be built under `src/Bench/StellaOps.Bench.Policy`)
- Run 1 (Full): load baseline snapshot, evaluate full policy set; record metrics.
- Run 2 (Delta): apply delta patch to in-memory store, run incremental evaluation; record metrics.
- Metrics captured to NDJSON per run:
- `{ run: "full"|"delta", startedAtUtc, durationMs, evaluationsPerSec, p50Ms, p95Ms, p99Ms, rssMb, managedMb, gcGen2 }`
- Determinism:
- Use fixed random seed `2025-01-01` for any shuffling; single-threaded mode flag `--threads 1` when reproducibility needed.
- All timestamps in UTC ISO-8601; output NDJSON sorted by `run`.
## Acceptance criteria
- Baseline + delta sample files and SHA256 hashes present under `docs/samples/policy/`.
- Harness reads only local files, no network dependencies; replays produce consistent NDJSON for given hardware.
- Delta run shows reduced duration vs full run; metrics captured for both p95/p99 and throughput.
## Next steps
- Add sample files + hashes to `docs/samples/policy/` (can be generated with fixed seed).
- Implement harness CLI wrapper `dotnet run -- policy-delta --baseline <path> --delta <path> [--threads 1]` writing outputs to `out/bench/policy/` with `.sha256`.

23
docs/benchmarks/signals/bench-sig-26-001-prep.md Normal file
View File

@@ -0,0 +1,23 @@
# Reachability Scoring Bench Prep — PREP-BENCH-SIG-26-001-REACHABILITY-SCHEMA-FIX
Status: Draft (2025-11-20)
Owners: Bench Guild · Signals Guild
Scope: Define the inputs/fixtures for reachability scoring benchmarks pending schema freeze (Sprint 0400/0401).
## Dependencies
- Reachability schema for runtime/static signals (Sprint 0400/0401).
- Sample callgraph/runtime traces sized for 10k/50k functions.
## Proposed harness
- Project: `src/Bench/StellaOps.Bench.Signals` (or shared bench harness if preferred).
- Inputs: callgraph NDJSON + runtime traces; config with seed, concurrency, batch size.
- Metrics: facts/sec, p95 latency, peak RSS, cache hit ratio; output NDJSON with sorted records.
- Determinism: fixed seed; process inputs in lexical order; stable JSON property order.
## Acceptance
- Schema hash referenced once Sprint 0400/0401 publishes; placeholder noted until then.
- Sample config + command documented.
- File paths for sample fixtures under `docs/samples/signals/` once available.
## Handoff
Use this prep doc to satisfy PREP-BENCH-SIG-26-001-REACHABILITY-SCHEMA-FIX. Update with schema hash and fixtures when published; then move the task to DONE and unblock BENCH-SIG-26-001 implementation.

21
docs/benchmarks/signals/bench-sig-26-002-prep.md Normal file
View File

@@ -0,0 +1,21 @@
# Policy Eval with Reachability Cache Prep — PREP-BENCH-SIG-26-002-BLOCKED-ON-26-001-OUTPU
Status: Draft (2025-11-20)
Owners: Bench Guild · Policy Guild
Scope: Capture prep for measuring policy evaluation overhead with reachability cache hot/cold, dependent on 26-001 outputs.
## Dependencies
- Bench outputs from 26-001 (reachability scoring harness) providing cached datasets.
- Policy overlay schema (30-001) for status fields.
## Proposed benchmarks
- Scenarios: cold cache, warm cache, mixed workload (70/30), parallel workers.
- Metrics: added latency per evaluation (p50/p95), cache hit ratio, CPU, memory.
- Determinism: fixed seed; deterministic request order; stable JSON output ordering.
## Acceptance
- Reference to reachability dataset hash from 26-001 once available.
- Config/sample command drafted for `src/Bench/StellaOps.Bench.Policy` (or shared).
## Handoff
Use this prep doc to satisfy PREP-BENCH-SIG-26-002-BLOCKED-ON-26-001-OUTPU. Update with dataset hash and schema references after 26-001 is done, then move to DONE and unblock BENCH-SIG-26-002.

16
docs/events/prep/2025-11-20-advisoryai-orchestrator-followup.md Normal file
View File

@@ -0,0 +1,16 @@
# Escalation Follow-up Prep — PREP-ESCALATION-FOLLOW-UP-ADVISORYAI-ORCHESTR
Status: Draft (2025-11-20)
Owners: Planning · AdvisoryAI Guild · Orchestrator Service Guild · Notifications Guild
Scope: Track follow-up actions and ETAs for overdue AdvisoryAI evidence bundle schema and Orchestrator/Notifications envelopes.
## Follow-up actions
- Request revised ETA from AdvisoryAI for evidence bundle schema + payload notes; log hash placeholder and target drop date.
- Request revised ETA from Orchestrator/Notifications for capsule envelope and notification samples; confirm subject names and retention policy.
- If no ETA by 2025-11-21, escalate to Wave 150/140 leads and mark dependent sprint tasks BLOCKED explicitly with this reference.
## Recording commitments
- Capture responses (ETA/date + owner) in this file under a new “Commitments” section and mirror them into sprints 110/140/150/160/161/162/165.
## Handoff
This file is the published artefact for PREP-ESCALATION-FOLLOW-UP-ADVISORYAI-ORCHESTR. Update once responses arrive; if still silent by 2025-11-21, annotate with “No response” and keep dependents BLOCKED.

18
docs/events/prep/2025-11-20-orchestrator-notifications-schema-handoff.md Normal file
View File

@@ -0,0 +1,18 @@
# Orchestrator / Notifications Schema Handoff Prep — PREP-ORCHESTRATOR-NOTIFICATIONS-SCHEMA-HANDOF
Status: Draft (2025-11-20)
Owners: Orchestrator Service Guild · Notifications Guild · Planning
Scope: Capture the exact deliverables needed for the overdue schema handoff so downstream EvidenceLocker/ExportCenter/TimelineIndexer work can proceed.
## Expected deliverables
- **Capsule envelope schema** including `replay_id`, `dsse_envelope_hash`, `tenant_id`, `timeline_cursor`, `event_id`, `occurred_at`.
- **Transport bindings** for NATS/Redis topics with subject names and durable stream config; retention and dedupe requirements.
- **Samples**: at least one signed capsule example and one notification example referencing a replay record.
- **Versioning**: place canonical schema in `docs/events/orchestrator-scanner-events.md` and bump version tag; add samples under `docs/events/samples/`.
## Acceptance for unblock
- Schema + samples merged and checksummed; subject naming confirmed.
- Hash and version recorded back into sprint trackers (160, 161, 162, 165) under Decisions & Risks.
## Handoff
Use this document as the published prep artefact for PREP-ORCHESTRATOR-NOTIFICATIONS-SCHEMA-HANDOF.

10
docs/implplan/SPRINT_0110_0001_0001_ingestion_evidence.md
View File

@@ -22,10 +22,10 @@
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-CONCELIER-AIRGAP-56-001-58-001-AWAIT-MIR | DOING (2025-11-20) | Due 2025-11-21 · Accountable: Concelier Core · AirGap Guilds | Concelier Core · AirGap Guilds | Await Mirror thin-bundle milestone dates and evidence bundle artifacts for offline chain. <br><br> Document artefact/deliverable for CONCELIER-AIRGAP-56-001..58-001 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/concelier/prep/2025-11-20-airgap-56-001-58-001-prep.md`. |
| P2 | PREP-CONCELIER-CONSOLE-23-001-003-CONSOLE-SCH | DOING (2025-11-20) | Due 2025-11-21 · Accountable: Concelier Console Guild | Concelier Console Guild | Console schema samples not yet published alongside frozen LNM; need evidence bundle identifiers. <br><br> Document artefact/deliverable for CONCELIER-CONSOLE-23-001..003 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/concelier/prep/2025-11-20-console-23-001-prep.md`. |
| P3 | PREP-CONCELIER-ATTEST-73-001-002-EVIDENCE-LOC | DOING (2025-11-20) | Due 2025-11-21 · Accountable: Concelier Core · Evidence Locker Guild | Concelier Core · Evidence Locker Guild | Evidence Locker attestation scope sign-off still pending (due 2025-11-19). <br><br> Document artefact/deliverable for CONCELIER-ATTEST-73-001/002 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/concelier/prep/2025-11-20-attest-73-001-prep.md`. |
| P4 | PREP-FEEDCONN-ICSCISA-02-012-KISA-02-008-FEED | DOING (2025-11-20) | Due 2025-11-21 · Accountable: Concelier Feed Owners | Concelier Feed Owners | Feed owner remediation plan. <br><br> Document artefact/deliverable for FEEDCONN-ICSCISA-02-012 / KISA-02-008 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/concelier/prep/2025-11-20-feeds-icscisa-kisa-prep.md`. |
| P1 | PREP-CONCELIER-AIRGAP-56-001-58-001-AWAIT-MIR | DONE (2025-11-20) | Due 2025-11-21 · Accountable: Concelier Core · AirGap Guilds | Concelier Core · AirGap Guilds | Prep artefact published at `docs/modules/concelier/prep/2025-11-20-airgap-56-001-58-001-prep.md` (bundle mapping, hashes, import commands). |
| P2 | PREP-CONCELIER-CONSOLE-23-001-003-CONSOLE-SCH | DONE (2025-11-20) | Due 2025-11-21 · Accountable: Concelier Console Guild | Concelier Console Guild | Prep artefact published at `docs/modules/concelier/prep/2025-11-20-console-23-001-prep.md` (console linkset/VEX samples, hashes, README instructions). |
| P3 | PREP-CONCELIER-ATTEST-73-001-002-EVIDENCE-LOC | DONE (2025-11-20) | Due 2025-11-21 · Accountable: Concelier Core · Evidence Locker Guild | Concelier Core · Evidence Locker Guild | Prep artefact published at `docs/modules/concelier/prep/2025-11-20-attest-73-001-prep.md` (Concelier attestation ingest note, claims, DSSE linkage). |
| P4 | PREP-FEEDCONN-ICSCISA-02-012-KISA-02-008-FEED | DONE (2025-11-20) | Due 2025-11-21 · Accountable: Concelier Feed Owners | Concelier Feed Owners | Prep artefact published at `docs/modules/concelier/prep/2025-11-20-feeds-icscisa-kisa-prep.md` (remediation schedule, normalized fields, hashes). |
| 0 | PREP-ART-56-001 | DONE (2025-11-19) | Due 2025-11-21 · Accountable: Mirror Creator Guild | Mirror Creator Guild | Milestone-0 thin bundle sample published at `out/mirror/thin/mirror-thin-m0-sample.tar.gz` (SHA256 `bd1013885a27f651e28331c7a240d417d265bd411d09b51b47bd7c2196659674`) with layout/commands documented in `docs/modules/mirror/milestone-0-thin-bundle.md`. |
| 0.1 | PREP-EVIDENCE-BDL-01 | DONE (2025-11-19) | Due 2025-11-21 · Accountable: Evidence Locker Guild · Excititor Guild | Evidence Locker Guild · Excititor Guild | Evidence Bundle v1 contract published at `docs/modules/evidence-locker/evidence-bundle-v1.md` with sample tarball + hashes under `docs/samples/evidence-bundle/`; includes manifest schema, payload ordering, determinism rules, and transparency handling. |
| 0.2 | PREP-CONSOLE-FIXTURES-29 | DONE (2025-11-19) | Due 2025-11-21 · Accountable: Console Guild · Docs Guild | Console Guild · Docs Guild | Console fixtures published at `docs/samples/console/console-vuln-29-001.json` and `docs/samples/console/console-vex-30-001.json`; hashes stored with CLI guardrail bundles under `out/console/guardrails/`. Final screenshots still depend on SBOM evidence. |
@@ -61,6 +61,8 @@
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Completed PREP-FEEDCONN-ICSCISA-02-012-KISA-02-008-FEED: published remediation schedule + hashes at `docs/modules/concelier/prep/2025-11-20-feeds-icscisa-kisa-prep.md`; status set to DONE. | Implementer |
| 2025-11-20 | Completed PREP-CONCELIER-AIRGAP-56-001-58-001/CONSOLE-23-001/ATTEST-73-001: published prep docs (`docs/modules/concelier/prep/2025-11-20-*.md`); statuses set to DONE. | Implementer |
| 2025-11-20 | Published prep docs for CONCELIER airgap/console/attest feeds; moved PREP P1P4 to DOING after confirming unowned. | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-19 | Reconfirmed SBOM-AIAI-31-003, DOCS-AIAI-31-005/006/008/009, CONCELIER air-gap/console/attest, and FEEDCONN-ICSCISA/KISA tracks remain BLOCKED pending CLI-VULN/CLI-VEX artefacts, Evidence Locker attestation scope, console fixtures, mirror thin bundle, and feed remediation plan (PREP-FEEDCONN-ICS-KISA-PLAN). | Project Mgmt |

149
docs/implplan/SPRINT_0114_0001_0003_concelier_iii.md
View File

@@ -1,81 +1,86 @@
# Sprint 0114-0001-0003 · Concelier III — Ingestion & Evidence (Phase 110.B)
## Topic & Scope
- Document and expose Link-Not-Merge ingestion surfaces (OpenAPI + SDK) with provenance, tenant scope, and AOC guarantees.
- Establish observability, attestation, and incident-mode hooks that keep advisory evidence replayable without merge-era heuristics.
- Align ingestion workers with orchestrator controls for deterministic scheduling, backfill, and ledger linkage.
- Working directory: `src/Concelier` (Core libraries, Storage.Mongo, WebService).
## Dependencies & Concurrency
- Depends on Sprint 0113-0001-0002 (Concelier II) Link-Not-Merge plumbing and graph/event groundwork.
- Observability chain (OBS-51…55) builds sequentially; attestation work relies on evidence snapshot generation first.
- Orchestrator integration tasks (ORCH-32…34) must coordinate with orchestrator worker SDK/controls; schedule alongside Policy Engine consumers.
## Documentation Prerequisites
- docs/README.md; docs/07_HIGH_LEVEL_ARCHITECTURE.md
- docs/modules/platform/architecture-overview.md
- docs/modules/concelier/architecture.md (ingestion, observability, orchestrator notes)
- Current OpenAPI spec + SDK docs referenced by CONCELIER-OAS-61/62/63
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-CONCELIER-OAS-61-001-LNM-SCHEMA-FROZEN-2 | BLOCKED | Due 2025-11-21 · Accountable: Concelier Core Guild · API Contracts Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Concelier Core Guild · API Contracts Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | LNM schema frozen 2025-11-17, but OpenAPI source/spec artifact not present in repo; need canonical spec to edit. <br><br> Document artefact/deliverable for CONCELIER-OAS-61-001 and publish location so downstream tasks can proceed. |
| P2 | PREP-CONCELIER-OAS-61-002-DEPENDS-ON-61-001-B | BLOCKED | Due 2025-11-21 · Accountable: Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Depends on 61-001; blocked until OpenAPI spec is available. <br><br> Document artefact/deliverable for CONCELIER-OAS-61-002 and publish location so downstream tasks can proceed. |
| P3 | PREP-CONCELIER-OAS-62-001-DEPENDS-ON-61-002-B | BLOCKED | Due 2025-11-21 · Accountable: Concelier Core Guild · SDK Generator Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Concelier Core Guild · SDK Generator Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Depends on 61-002; blocked with OAS chain. <br><br> Document artefact/deliverable for CONCELIER-OAS-62-001 and publish location so downstream tasks can proceed. |
| P4 | PREP-CONCELIER-OAS-63-001-DEPENDS-ON-62-001-B | BLOCKED | Due 2025-11-21 · Accountable: Concelier Core Guild · API Governance Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Concelier Core Guild · API Governance Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Depends on 62-001; blocked with OAS chain. <br><br> Document artefact/deliverable for CONCELIER-OAS-63-001 and publish location so downstream tasks can proceed. |
| P5 | PREP-CONCELIER-OBS-51-001-AWAIT-OBSERVABILITY | BLOCKED | Due 2025-11-21 · Accountable: Concelier Core Guild · DevOps Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Concelier Core Guild · DevOps Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Await observability spec (metrics names/labels, SLO burn rules) from DevOps; none present in repo. <br><br> Document artefact/deliverable for CONCELIER-OBS-51-001 and publish location so downstream tasks can proceed. |
| P6 | PREP-CONCELIER-OBS-52-001-DEPENDS-ON-51-001-M | BLOCKED | Due 2025-11-21 · Accountable: Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Depends on 51-001 metrics contract; blocked accordingly. <br><br> Document artefact/deliverable for CONCELIER-OBS-52-001 and publish location so downstream tasks can proceed. |
| P7 | PREP-CONCELIER-OBS-53-001-DEPENDS-ON-52-001-B | BLOCKED | Due 2025-11-21 · Accountable: Concelier Core Guild · Evidence Locker Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Concelier Core Guild · Evidence Locker Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Depends on 52-001; blocked until timeline instrumentation defined. <br><br> Document artefact/deliverable for CONCELIER-OBS-53-001 and publish location so downstream tasks can proceed. |
| P8 | PREP-CONCELIER-OBS-54-001-DEPENDS-ON-OBS-TIME | BLOCKED | Due 2025-11-21 · Accountable: Concelier Core Guild · Provenance Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Concelier Core Guild · Provenance Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Depends on OBS timeline artifacts; no attestation contract yet. <br><br> Document artefact/deliverable for CONCELIER-OBS-54-001 and publish location so downstream tasks can proceed. |
| P9 | PREP-CONCELIER-OBS-55-001-DEPENDS-ON-54-001-I | BLOCKED | Due 2025-11-21 · Accountable: Concelier Core Guild · DevOps Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Concelier Core Guild · DevOps Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Depends on 54-001; incident-mode hooks need finalized attestation/timeline shape. <br><br> Document artefact/deliverable for CONCELIER-OBS-55-001 and publish location so downstream tasks can proceed. |
| P10 | PREP-CONCELIER-ORCH-32-001-ORCHESTRATOR-REGIS | BLOCKED | Due 2025-11-21 · Accountable: Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Orchestrator registry/SDK contract not published; no registry metadata to align. <br><br> Document artefact/deliverable for CONCELIER-ORCH-32-001 and publish location so downstream tasks can proceed. |
| P11 | PREP-CONCELIER-ORCH-32-002-DEPENDS-ON-32-001 | BLOCKED | Due 2025-11-21 · Accountable: Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Depends on 32-001; blocked until orchestrator SDK/controls provided. <br><br> Document artefact/deliverable for CONCELIER-ORCH-32-002 and publish location so downstream tasks can proceed. |
| P12 | PREP-CONCELIER-ORCH-33-001-DEPENDS-ON-32-002 | BLOCKED | Due 2025-11-21 · Accountable: Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Depends on 32-002; blocked with orchestrator contract gap. <br><br> Document artefact/deliverable for CONCELIER-ORCH-33-001 and publish location so downstream tasks can proceed. |
| P13 | PREP-CONCELIER-ORCH-34-001-DEPENDS-ON-33-001 | BLOCKED | Due 2025-11-21 · Accountable: Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Depends on 33-001; blocked with orchestrator contract gap. <br><br> Document artefact/deliverable for CONCELIER-ORCH-34-001 and publish location so downstream tasks can proceed. |
| P14 | PREP-CONCELIER-POLICY-20-001-LNM-APIS-NOT-EXP | BLOCKED | Due 2025-11-21 · Accountable: Concelier WebService Guild (`src/Concelier/StellaOps.Concelier.WebService`) | Concelier WebService Guild (`src/Concelier/StellaOps.Concelier.WebService`) | LNM APIs not exposed via OpenAPI; depends on OAS chain (61-001..63-001) now blocked. <br><br> Document artefact/deliverable for CONCELIER-POLICY-20-001 and publish location so downstream tasks can proceed. |
| 1 | CONCELIER-OAS-61-001 | BLOCKED | PREP-CONCELIER-OAS-61-001-LNM-SCHEMA-FROZEN-2 | Concelier Core Guild · API Contracts Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Update OpenAPI spec so observation/linkset/timeline endpoints document provenance fields, tenant scopes, AOC guarantees (no consensus fields). |
| 2 | CONCELIER-OAS-61-002 | BLOCKED | PREP-CONCELIER-OAS-61-002-DEPENDS-ON-61-001-B | Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Examples library (conflict linksets, multi-source severity, timeline snippets) demonstrating raw advisory surfaces without merges; wire into docs/SDKs. |
| 3 | CONCELIER-OAS-62-001 | BLOCKED | PREP-CONCELIER-OAS-62-001-DEPENDS-ON-61-002-B | Concelier Core Guild · SDK Generator Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | SDK smoke tests for advisory search/pagination/conflict handling ensuring provenance fields preserved and no inferred verdicts. |
| 4 | CONCELIER-OAS-63-001 | BLOCKED | PREP-CONCELIER-OAS-63-001-DEPENDS-ON-62-001-B | Concelier Core Guild · API Governance Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Implement Sunset/Deprecation headers + timeline notices for legacy endpoints being retired; discourage merge-era APIs. |
| 5 | CONCELIER-OBS-51-001 | BLOCKED | PREP-CONCELIER-OBS-51-001-AWAIT-OBSERVABILITY | Concelier Core Guild · DevOps Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Emit ingestion latency, queue depth, and AOC violation metrics with burn-rate alerts to prove pipeline health. |
| 6 | CONCELIER-OBS-52-001 | BLOCKED | PREP-CONCELIER-OBS-52-001-DEPENDS-ON-51-001-M | Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Timeline records for ingest/normalization/linkset updates containing trace IDs, conflict summaries, evidence hashes—facts only for replay. |
| 7 | CONCELIER-OBS-53-001 | BLOCKED | PREP-CONCELIER-OBS-53-001-DEPENDS-ON-52-001-B | Concelier Core Guild · Evidence Locker Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Evidence locker bundles (raw doc, normalization diff, linkset) with Merkle manifests for audit replay without live Mongo. |
| 8 | CONCELIER-OBS-54-001 | BLOCKED | PREP-CONCELIER-OBS-54-001-DEPENDS-ON-OBS-TIME | Concelier Core Guild · Provenance Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Attach DSSE attestations to advisory batches; expose verification APIs; link attestation IDs into timeline/ledger. |
| 9 | CONCELIER-OBS-55-001 | BLOCKED | PREP-CONCELIER-OBS-55-001-DEPENDS-ON-54-001-I | Concelier Core Guild · DevOps Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Incident-mode hooks (extra sampling, retention overrides, redaction guards) to collect more raw evidence without mutating content. |
| 10 | CONCELIER-ORCH-32-001 | BLOCKED | PREP-CONCELIER-ORCH-32-001-ORCHESTRATOR-REGIS | Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Register every advisory connector with orchestrator (metadata, auth scopes, rate policies) for transparent, reproducible scheduling. |
| 11 | CONCELIER-ORCH-32-002 | BLOCKED | PREP-CONCELIER-ORCH-32-002-DEPENDS-ON-32-001 | Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Adopt orchestrator worker SDK in ingestion loops; emit heartbeats/progress/artifact hashes for deterministic replays. |
| 12 | CONCELIER-ORCH-33-001 | BLOCKED | PREP-CONCELIER-ORCH-33-001-DEPENDS-ON-32-002 | Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Honor orchestrator pause/throttle/retry controls with structured errors and persisted checkpoints. |
| 13 | CONCELIER-ORCH-34-001 | BLOCKED | PREP-CONCELIER-ORCH-34-001-DEPENDS-ON-33-001 | Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Execute orchestrator-driven backfills reusing artifact hashes/signatures, logging provenance, and pushing run metadata to ledger. |
| 14 | CONCELIER-POLICY-20-001 | BLOCKED | PREP-CONCELIER-POLICY-20-001-LNM-APIS-NOT-EXP | Concelier WebService Guild (`src/Concelier/StellaOps.Concelier.WebService`) | Provide batch advisory lookup APIs for Policy Engine (purl/advisory filters, tenant scopes, explain metadata) so policy joins raw evidence without inferred outcomes. |
## Execution Log
# Sprint 0114-0001-0003 · Concelier III — Ingestion & Evidence (Phase 110.B)
## Topic & Scope
- Document and expose Link-Not-Merge ingestion surfaces (OpenAPI + SDK) with provenance, tenant scope, and AOC guarantees.
- Establish observability, attestation, and incident-mode hooks that keep advisory evidence replayable without merge-era heuristics.
- Align ingestion workers with orchestrator controls for deterministic scheduling, backfill, and ledger linkage.
- Working directory: `src/Concelier` (Core libraries, Storage.Mongo, WebService).
## Dependencies & Concurrency
- Depends on Sprint 0113-0001-0002 (Concelier II) Link-Not-Merge plumbing and graph/event groundwork.
- Observability chain (OBS-51…55) builds sequentially; attestation work relies on evidence snapshot generation first.
- Orchestrator integration tasks (ORCH-32…34) must coordinate with orchestrator worker SDK/controls; schedule alongside Policy Engine consumers.
## Documentation Prerequisites
- docs/README.md; docs/07_HIGH_LEVEL_ARCHITECTURE.md
- docs/modules/platform/architecture-overview.md
- docs/modules/concelier/architecture.md (ingestion, observability, orchestrator notes)
- Current OpenAPI spec + SDK docs referenced by CONCELIER-OAS-61/62/63
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-CONCELIER-OAS-61-001-LNM-SCHEMA-FROZEN-2 | BLOCKED | Due 2025-11-21 · Accountable: Concelier Core Guild · API Contracts Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Concelier Core Guild · API Contracts Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | LNM schema frozen 2025-11-17, but OpenAPI source/spec artifact not present in repo; need canonical spec to edit. <br><br> Document artefact/deliverable for CONCELIER-OAS-61-001 and publish location so downstream tasks can proceed. |
| P2 | PREP-CONCELIER-OAS-61-002-DEPENDS-ON-61-001-B | BLOCKED | Due 2025-11-21 · Accountable: Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Depends on 61-001; blocked until OpenAPI spec is available. <br><br> Document artefact/deliverable for CONCELIER-OAS-61-002 and publish location so downstream tasks can proceed. |
| P3 | PREP-CONCELIER-OAS-62-001-DEPENDS-ON-61-002-B | BLOCKED | Due 2025-11-21 · Accountable: Concelier Core Guild · SDK Generator Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Concelier Core Guild · SDK Generator Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Depends on 61-002; blocked with OAS chain. <br><br> Document artefact/deliverable for CONCELIER-OAS-62-001 and publish location so downstream tasks can proceed. |
| P4 | PREP-CONCELIER-OAS-63-001-DEPENDS-ON-62-001-B | BLOCKED | Due 2025-11-21 · Accountable: Concelier Core Guild · API Governance Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Concelier Core Guild · API Governance Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Depends on 62-001; blocked with OAS chain. <br><br> Document artefact/deliverable for CONCELIER-OAS-63-001 and publish location so downstream tasks can proceed. |
| P5 | PREP-CONCELIER-OBS-51-001-AWAIT-OBSERVABILITY | BLOCKED | Due 2025-11-21 · Accountable: Concelier Core Guild · DevOps Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Concelier Core Guild · DevOps Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Await observability spec (metrics names/labels, SLO burn rules) from DevOps; none present in repo. <br><br> Document artefact/deliverable for CONCELIER-OBS-51-001 and publish location so downstream tasks can proceed. |
| P6 | PREP-CONCELIER-OBS-52-001-DEPENDS-ON-51-001-M | BLOCKED | Due 2025-11-21 · Accountable: Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Depends on 51-001 metrics contract; blocked accordingly. <br><br> Document artefact/deliverable for CONCELIER-OBS-52-001 and publish location so downstream tasks can proceed. |
| P7 | PREP-CONCELIER-OBS-53-001-DEPENDS-ON-52-001-B | BLOCKED | Due 2025-11-21 · Accountable: Concelier Core Guild · Evidence Locker Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Concelier Core Guild · Evidence Locker Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Depends on 52-001; blocked until timeline instrumentation defined. <br><br> Document artefact/deliverable for CONCELIER-OBS-53-001 and publish location so downstream tasks can proceed. |
| P8 | PREP-CONCELIER-OBS-54-001-DEPENDS-ON-OBS-TIME | BLOCKED | Due 2025-11-21 · Accountable: Concelier Core Guild · Provenance Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Concelier Core Guild · Provenance Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Depends on OBS timeline artifacts; no attestation contract yet. <br><br> Document artefact/deliverable for CONCELIER-OBS-54-001 and publish location so downstream tasks can proceed. |
| P9 | PREP-CONCELIER-OBS-55-001-DEPENDS-ON-54-001-I | BLOCKED | Due 2025-11-21 · Accountable: Concelier Core Guild · DevOps Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Concelier Core Guild · DevOps Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Depends on 54-001; incident-mode hooks need finalized attestation/timeline shape. <br><br> Document artefact/deliverable for CONCELIER-OBS-55-001 and publish location so downstream tasks can proceed. |
| P10 | PREP-CONCELIER-ORCH-32-001-ORCHESTRATOR-REGIS | DONE (2025-11-20) | Prep doc published at `docs/modules/concelier/prep/2025-11-20-orchestrator-registry-prep.md`; ready for implementation wiring. | Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Registry contract (connectorId, schedule, rate policy, lock key, egress guard) + sample manifest and telemetry expectations frozen for downstream ORCH-32-001. |
| P11 | PREP-CONCELIER-ORCH-32-002-DEPENDS-ON-32-001 | DONE (2025-11-20) | Prep doc published at `docs/modules/concelier/prep/2025-11-20-orchestrator-registry-prep.md`; ready for worker SDK adoption. | Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Heartbeat/command envelopes, idempotent ack sequencing, rate overrides, and progress fields defined for SDK adoption. |
| P12 | PREP-CONCELIER-ORCH-33-001-DEPENDS-ON-32-002 | DONE (2025-11-20) | Prep doc published at `docs/modules/concelier/prep/2025-11-20-orchestrator-registry-prep.md`; pause/throttle controls defined. | Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Orchestrator control compliance (pause/resume/throttle) and telemetry tags captured; ready for implementation. |
| P13 | PREP-CONCELIER-ORCH-34-001-DEPENDS-ON-33-001 | DONE (2025-11-20) | Prep doc published at `docs/modules/concelier/prep/2025-11-20-orchestrator-registry-prep.md`; backfill manifest defined. | Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Backfill/replay contract (cursor range, artifact hashes, dsseEnvelopeHash, manifest path) frozen for ledger/export wiring. |
| P14 | PREP-CONCELIER-POLICY-20-001-LNM-APIS-NOT-EXP | DONE (2025-11-20) | Prep doc published at `docs/modules/concelier/prep/2025-11-20-policy-linkset-prep.md`; OpenAPI fields enumerated. | Concelier WebService Guild (`src/Concelier/StellaOps.Concelier.WebService`) | Policy-facing LNM API contract (filters, pagination, provenance fields, cached flag) frozen pending OpenAPI source update. |
| 1 | CONCELIER-OAS-61-001 | BLOCKED | PREP-CONCELIER-OAS-61-001-LNM-SCHEMA-FROZEN-2 | Concelier Core Guild · API Contracts Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Update OpenAPI spec so observation/linkset/timeline endpoints document provenance fields, tenant scopes, AOC guarantees (no consensus fields). |
| 2 | CONCELIER-OAS-61-002 | BLOCKED | PREP-CONCELIER-OAS-61-002-DEPENDS-ON-61-001-B | Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Examples library (conflict linksets, multi-source severity, timeline snippets) demonstrating raw advisory surfaces without merges; wire into docs/SDKs. |
| 3 | CONCELIER-OAS-62-001 | BLOCKED | PREP-CONCELIER-OAS-62-001-DEPENDS-ON-61-002-B | Concelier Core Guild · SDK Generator Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | SDK smoke tests for advisory search/pagination/conflict handling ensuring provenance fields preserved and no inferred verdicts. |
| 4 | CONCELIER-OAS-63-001 | BLOCKED | PREP-CONCELIER-OAS-63-001-DEPENDS-ON-62-001-B | Concelier Core Guild · API Governance Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Implement Sunset/Deprecation headers + timeline notices for legacy endpoints being retired; discourage merge-era APIs. |
| 5 | CONCELIER-OBS-51-001 | BLOCKED | PREP-CONCELIER-OBS-51-001-AWAIT-OBSERVABILITY | Concelier Core Guild · DevOps Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Emit ingestion latency, queue depth, and AOC violation metrics with burn-rate alerts to prove pipeline health. |
| 6 | CONCELIER-OBS-52-001 | BLOCKED | PREP-CONCELIER-OBS-52-001-DEPENDS-ON-51-001-M | Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Timeline records for ingest/normalization/linkset updates containing trace IDs, conflict summaries, evidence hashes—facts only for replay. |
| 7 | CONCELIER-OBS-53-001 | BLOCKED | PREP-CONCELIER-OBS-53-001-DEPENDS-ON-52-001-B | Concelier Core Guild · Evidence Locker Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Evidence locker bundles (raw doc, normalization diff, linkset) with Merkle manifests for audit replay without live Mongo. |
| 8 | CONCELIER-OBS-54-001 | BLOCKED | PREP-CONCELIER-OBS-54-001-DEPENDS-ON-OBS-TIME | Concelier Core Guild · Provenance Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Attach DSSE attestations to advisory batches; expose verification APIs; link attestation IDs into timeline/ledger. |
| 9 | CONCELIER-OBS-55-001 | BLOCKED | PREP-CONCELIER-OBS-55-001-DEPENDS-ON-54-001-I | Concelier Core Guild · DevOps Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Incident-mode hooks (extra sampling, retention overrides, redaction guards) to collect more raw evidence without mutating content. |
| 10 | CONCELIER-ORCH-32-001 | TODO | Prep completed; implement registry metadata per `docs/modules/concelier/prep/2025-11-20-orchestrator-registry-prep.md`. | Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Register every advisory connector with orchestrator (metadata, auth scopes, rate policies) for transparent, reproducible scheduling. |
| 11 | CONCELIER-ORCH-32-002 | TODO | Prep completed; adopt heartbeat/command envelopes from `docs/modules/concelier/prep/2025-11-20-orchestrator-registry-prep.md`. | Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Adopt orchestrator worker SDK in ingestion loops; emit heartbeats/progress/artifact hashes for deterministic replays. |
| 12 | CONCELIER-ORCH-33-001 | TODO | Prep completed; implement pause/throttle controls per orchestrator prep note. | Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Honor orchestrator pause/throttle/retry controls with structured errors and persisted checkpoints. |
| 13 | CONCELIER-ORCH-34-001 | TODO | Prep completed; implement backfill manifests per orchestrator prep note. | Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Execute orchestrator-driven backfills reusing artifact hashes/signatures, logging provenance, and pushing run metadata to ledger. |
| 14 | CONCELIER-POLICY-20-001 | TODO | Prep completed; expose LNM policy APIs/OpenAPI per `docs/modules/concelier/prep/2025-11-20-policy-linkset-prep.md`. | Concelier WebService Guild (`src/Concelier/StellaOps.Concelier.WebService`) | Provide batch advisory lookup APIs for Policy Engine (purl/advisory filters, tenant scopes, explain metadata) so policy joins raw evidence without inferred outcomes. |
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Confirmed PREP-CONCELIER-ORCH-32-001/002/33-001/34-001 unowned; published orchestrator registry/control prep at `docs/modules/concelier/prep/2025-11-20-orchestrator-registry-prep.md`; set P10P13 to DONE. | Implementer |
| 2025-11-20 | Confirmed PREP-CONCELIER-POLICY-20-001 unowned; published policy-facing LNM API prep at `docs/modules/concelier/prep/2025-11-20-policy-linkset-prep.md`; set P14 to DONE. | Implementer |
| 2025-11-20 | Moved CONCELIER-ORCH-32-001..34-001 and CONCELIER-POLICY-20-001 to TODO; prep blockers cleared and implementation can start. | Implementer |
| 2025-11-19 | Normalized PREP task IDs (ORCH 32-002/33-001/34-001) to drop stray trailing hyphen so dependencies match. | Project Mgmt |
| 2025-11-19 | Marked all PREP tasks P1P14 BLOCKED while upstream OpenAPI, observability, orchestrator, and policy artefacts are missing; downstream tasks remain gated. | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-08 | Archived completed/historic work to `docs/implplan/archived/tasks.md`. | Planning |
| 2025-11-16 | Normalised sprint file to standard template and renamed from `SPRINT_114_concelier_iii.md` to `SPRINT_0114_0001_0003_concelier_iii.md`; no semantic changes. | Planning |
| 2025-11-18 | Marked OAS tasks (61-001..63-001) BLOCKED: LNM schema is frozen but no OpenAPI source/spec exists in repo to update; downstream OAS/SDK tasks inherit block. | Concelier Core |
| 2025-11-18 | Marked OBS chain (51-001..55-001) BLOCKED: repo lacks observability/AOC metric spec and attestation/timeline contract needed to instrument ingestion pipeline. | Concelier Core |
| 2025-11-18 | Marked ORCH chain (32-001..34-001) and POLICY-20-001 BLOCKED: orchestrator registry/SDK contract and LNM OpenAPI exposure missing; blocked by upstream artefacts. | Concelier Core |
## Decisions & Risks
- Link-Not-Merge and OpenAPI alignment must precede SDK/examples; otherwise downstream clients will drift from canonical facts.
| 2025-11-08 | Archived completed/historic work to `docs/implplan/archived/tasks.md`. | Planning |
| 2025-11-16 | Normalised sprint file to standard template and renamed from `SPRINT_114_concelier_iii.md` to `SPRINT_0114_0001_0003_concelier_iii.md`; no semantic changes. | Planning |
| 2025-11-18 | Marked OAS tasks (61-001..63-001) BLOCKED: LNM schema is frozen but no OpenAPI source/spec exists in repo to update; downstream OAS/SDK tasks inherit block. | Concelier Core |
| 2025-11-18 | Marked OBS chain (51-001..55-001) BLOCKED: repo lacks observability/AOC metric spec and attestation/timeline contract needed to instrument ingestion pipeline. | Concelier Core |
| 2025-11-18 | Marked ORCH chain (32-001..34-001) and POLICY-20-001 BLOCKED: orchestrator registry/SDK contract and LNM OpenAPI exposure missing; blocked by upstream artefacts. | Concelier Core |
## Decisions & Risks
- Link-Not-Merge and OpenAPI alignment must precede SDK/examples; otherwise downstream clients will drift from canonical facts.
- Observability/attestation chain (OBS-51…55) risks audit gaps if sequencing slips; each step depends on previous artifacts.
- Orchestrator control compliance is required to prevent evidence loss during throttles/pauses.
- OpenAPI source (swagger/OAS) for Concelier endpoints is missing from the repo; OAS tasks 61-001..63-001 (and dependent Policy 20-001 tasks) cannot proceed until the canonical spec artifact is provided or generated location is identified.
- Observability metric/attestation contracts are absent; OBS tasks 51-001..55-001 cannot proceed without metric names/labels, AOC thresholds, and timeline/attestation schemas.
- Orchestrator registry/SDK contract is absent; ORCH tasks 32-001..34-001 are blocked until orchestrator metadata, control APIs, and worker SDK are published.
## Next Checkpoints
- Schedule OpenAPI/SDK review once CONCELIER-OAS-61-001 draft ready (date TBD, gated on Sprint 0113 outputs).
- Plan orchestrator contract review with Orchestrator guild before implementing ORCH-32-002.
## Blockers & Dependencies (detailed)
| Dependency | Impacted work | Owner(s) | Status |
| --- | --- | --- | --- |
| Link-Not-Merge schema + APIs from Sprint 0113 | Tasks 14, 14 | Concelier Core/WebService · API Contracts | Pending upstream completion. |
| Observability metrics foundation (CONCELIER-OBS-51-001) | Tasks 69 | Concelier Core · DevOps | Not started; required for downstream timeline/attestation hooks. |
| Orchestrator registry/SDK contracts | Tasks 1013 | Concelier Core · Orchestrator Guild | Coordination needed; no contract recorded yet. |
- Orchestrator registry/SDK contract now documented (see prep note above); downstream tasks must keep in sync with orchestrator module changes.
- Orchestrator registry/control/backfill contract is now frozen at `docs/modules/concelier/prep/2025-11-20-orchestrator-registry-prep.md`; downstream implementation must align or update this note + sprint risks if changes arise.
- Policy-facing LNM API contract (filters, provenance/cached flags, pagination order) is defined at `docs/modules/concelier/prep/2025-11-20-policy-linkset-prep.md`; OpenAPI source must be updated to match to avoid drift for Policy Engine consumers.
## Next Checkpoints
- Schedule OpenAPI/SDK review once CONCELIER-OAS-61-001 draft ready (date TBD, gated on Sprint 0113 outputs).
- Plan orchestrator contract review with Orchestrator guild before implementing ORCH-32-002.
## Blockers & Dependencies (detailed)
| Dependency | Impacted work | Owner(s) | Status |
| --- | --- | --- | --- |
| Link-Not-Merge schema + APIs from Sprint 0113 | Tasks 14, 14 | Concelier Core/WebService · API Contracts | Pending upstream completion. |
| Observability metrics foundation (CONCELIER-OBS-51-001) | Tasks 69 | Concelier Core · DevOps | Not started; required for downstream timeline/attestation hooks. |
| Orchestrator registry/SDK contracts | Tasks 1013 | Concelier Core · Orchestrator Guild | Coordination needed; no contract recorded yet. |

3
docs/implplan/SPRINT_0116_0001_0005_concelier_v.md
View File

@@ -20,7 +20,7 @@
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-CONCELIER-WEB-AIRGAP-57-001-DEPENDS-ON-5 | DOING (2025-11-20) | Due 2025-11-21 · Accountable: Concelier WebService Guild · AirGap Policy Guild (`src/Concelier/StellaOps.Concelier.WebService`) | Concelier WebService Guild · AirGap Policy Guild (`src/Concelier/StellaOps.Concelier.WebService`) | Depends on 56-002. <br><br> Document artefact/deliverable for CONCELIER-WEB-AIRGAP-57-001 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/concelier/prep/2025-11-20-web-airgap-57-001-prep.md`. |
| P1 | PREP-CONCELIER-WEB-AIRGAP-57-001-DEPENDS-ON-5 | DONE (2025-11-20) | Prep artefact at `docs/modules/concelier/prep/2025-11-20-web-airgap-57-001-prep.md`; awaits inputs from WEB-AIRGAP-56-002 and WEB-OAS-61-002. | Concelier WebService Guild · AirGap Policy Guild (`src/Concelier/StellaOps.Concelier.WebService`) | Depends on 56-002. <br><br> Document artefact/deliverable for CONCELIER-WEB-AIRGAP-57-001 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/concelier/prep/2025-11-20-web-airgap-57-001-prep.md`. |
| 1 | CONCELIER-VULN-29-004 | TODO | Depends on CONCELIER-VULN-29-001 | Concelier WebService Guild · Observability Guild (`src/Concelier/StellaOps.Concelier.WebService`) | Instrument observation/linkset pipelines with metrics for identifier collisions, withdrawn statements, chunk latencies; stream to Vuln Explorer without altering payloads. |
| 2 | CONCELIER-WEB-AIRGAP-56-001 | TODO | Start of AirGap chain | Concelier WebService Guild (`src/Concelier/StellaOps.Concelier.WebService`) | Extend ingestion endpoints to register mirror bundle sources, expose bundle catalogs, enforce sealed-mode by blocking direct internet feeds. |
| 3 | CONCELIER-WEB-AIRGAP-56-002 | TODO | Depends on 56-001 | Concelier WebService Guild (`src/Concelier/StellaOps.Concelier.WebService`) | Add staleness + bundle provenance metadata to `/advisories/observations` and `/advisories/linksets`; operators see freshness without Excititor-derived outcomes. |
@@ -41,6 +41,7 @@
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Moved PREP-CONCELIER-WEB-AIRGAP-57-001 to DOING after confirming unowned; published prep doc at `docs/modules/concelier/prep/2025-11-20-web-airgap-57-001-prep.md`. | Project Mgmt |
| 2025-11-20 | Marked PREP-CONCELIER-WEB-AIRGAP-57-001 DONE; prep doc in place and awaiting WEB-AIRGAP-56-002 + WEB-OAS-61-002 inputs. | Implementer |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-08 | Archived completed/historic work to `docs/implplan/archived/tasks.md`. | Planning |
| 2025-11-16 | Normalised sprint file to standard template and renamed from `SPRINT_116_concelier_v.md` to `SPRINT_0116_0001_0005_concelier_v.md`; no semantic changes. | Planning |

180
docs/implplan/SPRINT_0119_0001_0001_excititor_i.md
View File

@@ -1,102 +1,102 @@
# Sprint 0119_0001_0001 · Excititor Ingestion & Evidence (Phase I)
## Topic & Scope
- Stand up Advisory-AI evidence projection APIs (Excititor I) plus ingestion/attestation chain that stays aggregation-only prior to consensus.
- Deliver telemetry and guardrails so RAG clients and Lens can observe usage; prep mirror-first + sealed-mode ingestion and portable evidence bundles for air-gapped deployments.
- Establish attestation verifier harness and provenance linkage so Advisory AI can cite supplier identity without Excititor interpreting verdicts.
- **Working directory:** `src/Excititor` (WebService, Core, Attestation, Connectors; shared EvidenceLocker/Export touchpoints only as noted).
## Dependencies & Concurrency
- Upstream: Sprint 100.A (Attestor DSSE verification); Export Center mirror bundle manifest (Sprint 162) and EvidenceLocker portable format (Sprints 160/161); Ops/Signals span sink deployment for observability; connector signer metadata delivery.
- Concurrency: Advisory-AI API tasks can proceed while telemetry export waits on Ops span sink; AirGap 56/57/58 blocked on Export Center schema; Attestation 73-* blocked on 01-003 completion.
- Peers: runs parallel with other Excititor batches; no CC-decade conflicts noted once dependencies above land.
## Documentation Prerequisites
- `docs/modules/excititor/architecture.md`
- `docs/modules/excititor/README.md#latest-updates`
- `docs/modules/excititor/mirrors.md`
- `docs/modules/excititor/operations/*`
- `docs/modules/excititor/implementation_plan.md`
- Excititor component `AGENTS.md` files within each working directory (WebService, Core, Attestation, Connectors).
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-EXCITITOR-AIRGAP-56-001-WAITING-ON-EXPOR | BLOCKED | Due 2025-11-21 · Accountable: Excititor Core Guild | Excititor Core Guild | Waiting on Export Center mirror bundle schema (Sprint 162) to define ingestion shape. <br><br> Document artefact/deliverable for EXCITITOR-AIRGAP-56-001 and publish location so downstream tasks can proceed. |
| P2 | PREP-EXCITITOR-AIRGAP-57-001-BLOCKED-ON-56-00 | BLOCKED | Due 2025-11-21 · Accountable: Excititor Core Guild · AirGap Policy Guild | Excititor Core Guild · AirGap Policy Guild | Blocked on 56-001 schema; sealed-mode error catalog pending. <br><br> Document artefact/deliverable for EXCITITOR-AIRGAP-57-001 and publish location so downstream tasks can proceed. |
| P3 | PREP-EXCITITOR-AIRGAP-58-001-DEPENDS-ON-57-00 | BLOCKED | Due 2025-11-21 · Accountable: Excititor Core Guild · Evidence Locker Guild | Excititor Core Guild · Evidence Locker Guild | Depends on 57-001 plus EvidenceLocker portable format (160/161). <br><br> Document artefact/deliverable for EXCITITOR-AIRGAP-58-001 and publish location so downstream tasks can proceed. |
# Sprint 0119_0001_0001 · Excititor Ingestion & Evidence (Phase I)
## Topic & Scope
- Stand up Advisory-AI evidence projection APIs (Excititor I) plus ingestion/attestation chain that stays aggregation-only prior to consensus.
- Deliver telemetry and guardrails so RAG clients and Lens can observe usage; prep mirror-first + sealed-mode ingestion and portable evidence bundles for air-gapped deployments.
- Establish attestation verifier harness and provenance linkage so Advisory AI can cite supplier identity without Excititor interpreting verdicts.
- **Working directory:** `src/Excititor` (WebService, Core, Attestation, Connectors; shared EvidenceLocker/Export touchpoints only as noted).
## Dependencies & Concurrency
- Upstream: Sprint 100.A (Attestor DSSE verification); Export Center mirror bundle manifest (Sprint 162) and EvidenceLocker portable format (Sprints 160/161); Ops/Signals span sink deployment for observability; connector signer metadata delivery.
- Concurrency: Advisory-AI API tasks can proceed while telemetry export waits on Ops span sink; AirGap 56/57/58 blocked on Export Center schema; Attestation 73-* blocked on 01-003 completion.
- Peers: runs parallel with other Excititor batches; no CC-decade conflicts noted once dependencies above land.
## Documentation Prerequisites
- `docs/modules/excititor/architecture.md`
- `docs/modules/excititor/README.md#latest-updates`
- `docs/modules/excititor/mirrors.md`
- `docs/modules/excititor/operations/*`
- `docs/modules/excititor/implementation_plan.md`
- Excititor component `AGENTS.md` files within each working directory (WebService, Core, Attestation, Connectors).
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-EXCITITOR-AIRGAP-56-001-WAITING-ON-EXPOR | BLOCKED | Due 2025-11-21 · Accountable: Excititor Core Guild | Excititor Core Guild | Waiting on Export Center mirror bundle schema (Sprint 162) to define ingestion shape. <br><br> Document artefact/deliverable for EXCITITOR-AIRGAP-56-001 and publish location so downstream tasks can proceed. |
| P2 | PREP-EXCITITOR-AIRGAP-57-001-BLOCKED-ON-56-00 | BLOCKED | Due 2025-11-21 · Accountable: Excititor Core Guild · AirGap Policy Guild | Excititor Core Guild · AirGap Policy Guild | Blocked on 56-001 schema; sealed-mode error catalog pending. <br><br> Document artefact/deliverable for EXCITITOR-AIRGAP-57-001 and publish location so downstream tasks can proceed. |
| P3 | PREP-EXCITITOR-AIRGAP-58-001-DEPENDS-ON-57-00 | BLOCKED | Due 2025-11-21 · Accountable: Excititor Core Guild · Evidence Locker Guild | Excititor Core Guild · Evidence Locker Guild | Depends on 57-001 plus EvidenceLocker portable format (160/161). <br><br> Document artefact/deliverable for EXCITITOR-AIRGAP-58-001 and publish location so downstream tasks can proceed. |
| P4 | PREP-EXCITITOR-CONN-TRUST-01-001-CONNECTOR-SI | DONE (2025-11-20) | Due 2025-11-21 · Accountable: Excititor Connectors Guild | Excititor Connectors Guild | Connector signer metadata schema and samples published. <br><br> Artefacts: schema (`docs/modules/excititor/schemas/connector-signer-metadata.schema.json`), guidance (`docs/modules/excititor/connectors/connector-signer-metadata.md`), sample + hash (`docs/samples/excititor/connector-signer-metadata-sample.json[.sha256]`). |
| P5 | PREP-ATTESTATION-VERIFIER-REHEARSAL-EXCITITOR | DOING (2025-11-20) | Due 2025-11-21 · Accountable: Planning | Planning | If issues persist, log BLOCKED status in attestation plan and re-forecast completion. <br><br> Document artefact/deliverable for Attestation verifier rehearsal (Excititor Attestation Guild) and publish location so downstream tasks can proceed. |
| 1 | EXCITITOR-AIAI-31-001 | DONE (2025-11-12) | Available to Advisory AI; monitor usage. | Excititor WebService Guild | Expose normalized VEX justifications, scope trees, and anchors via `VexObservation` projections so Advisory AI can cite raw evidence without consensus logic. |
| 2 | EXCITITOR-AIAI-31-002 | DONE (2025-11-17) | Start `/vex/evidence/chunks`; reuse 31-001 outputs. | Excititor WebService Guild | Stream raw statements + signature metadata with tenant/policy filters for RAG clients; aggregation-only, reference observation/linkset IDs. |
| 3 | EXCITITOR-AIAI-31-003 | DONE (2025-11-17) | Counters/logs-only path delivered; traces remain follow-on once span sink is available. | Excititor WebService Guild · Observability Guild | Instrument evidence APIs with request counters, chunk histograms, signature-failure + AOC guard-violation meters. |
| 4 | EXCITITOR-AIAI-31-004 | DONE (2025-11-18) | Doc published (`docs/modules/excititor/evidence-contract.md`); traces still gated on span sink but contract delivered | Excititor WebService Guild · Docs Guild | Codify Advisory-AI evidence contract, determinism guarantees, and mapping of observation IDs to storage. |
| 5 | EXCITITOR-AIRGAP-56-001 | BLOCKED | PREP-EXCITITOR-AIRGAP-56-001-WAITING-ON-EXPOR | Excititor Core Guild | Mirror-first ingestion that preserves upstream digests, bundle IDs, and provenance for offline parity. |
| 6 | EXCITITOR-AIRGAP-57-001 | BLOCKED | PREP-EXCITITOR-AIRGAP-57-001-BLOCKED-ON-56-00 | Excititor Core Guild · AirGap Policy Guild | Enforce sealed-mode policies, remediation errors, and staleness annotations surfaced to Advisory AI. |
| 7 | EXCITITOR-AIRGAP-58-001 | BLOCKED | PREP-EXCITITOR-AIRGAP-58-001-DEPENDS-ON-57-00 | Excititor Core Guild · Evidence Locker Guild | Package tenant-scoped VEX evidence (raw JSON, normalization diff, provenance) into portable bundles tied to timeline events. |
| 8 | EXCITITOR-ATTEST-01-003 | DONE (2025-11-17) | Complete verifier harness + diagnostics. | Excititor Attestation Guild | Finish `IVexAttestationVerifier`, wire structured diagnostics/metrics, and prove DSSE bundle verification without touching consensus results. |
| 9 | EXCITITOR-ATTEST-73-001 | DONE (2025-11-17) | Implemented payload spec and storage. | Excititor Core · Attestation Payloads Guild | Emit attestation payloads capturing supplier identity, justification summary, and scope metadata for trust chaining. |
| 10 | EXCITITOR-ATTEST-73-002 | DONE (2025-11-17) | Implemented linkage API. | Excititor Core Guild | Provide APIs linking attestation IDs back to observation/linkset/product tuples for provenance citations without derived verdicts. |
| 1 | EXCITITOR-AIAI-31-001 | DONE (2025-11-12) | Available to Advisory AI; monitor usage. | Excititor WebService Guild | Expose normalized VEX justifications, scope trees, and anchors via `VexObservation` projections so Advisory AI can cite raw evidence without consensus logic. |
| 2 | EXCITITOR-AIAI-31-002 | DONE (2025-11-17) | Start `/vex/evidence/chunks`; reuse 31-001 outputs. | Excititor WebService Guild | Stream raw statements + signature metadata with tenant/policy filters for RAG clients; aggregation-only, reference observation/linkset IDs. |
| 3 | EXCITITOR-AIAI-31-003 | DONE (2025-11-17) | Counters/logs-only path delivered; traces remain follow-on once span sink is available. | Excititor WebService Guild · Observability Guild | Instrument evidence APIs with request counters, chunk histograms, signature-failure + AOC guard-violation meters. |
| 4 | EXCITITOR-AIAI-31-004 | DONE (2025-11-18) | Doc published (`docs/modules/excititor/evidence-contract.md`); traces still gated on span sink but contract delivered | Excititor WebService Guild · Docs Guild | Codify Advisory-AI evidence contract, determinism guarantees, and mapping of observation IDs to storage. |
| 5 | EXCITITOR-AIRGAP-56-001 | BLOCKED | PREP-EXCITITOR-AIRGAP-56-001-WAITING-ON-EXPOR | Excititor Core Guild | Mirror-first ingestion that preserves upstream digests, bundle IDs, and provenance for offline parity. |
| 6 | EXCITITOR-AIRGAP-57-001 | BLOCKED | PREP-EXCITITOR-AIRGAP-57-001-BLOCKED-ON-56-00 | Excititor Core Guild · AirGap Policy Guild | Enforce sealed-mode policies, remediation errors, and staleness annotations surfaced to Advisory AI. |
| 7 | EXCITITOR-AIRGAP-58-001 | BLOCKED | PREP-EXCITITOR-AIRGAP-58-001-DEPENDS-ON-57-00 | Excititor Core Guild · Evidence Locker Guild | Package tenant-scoped VEX evidence (raw JSON, normalization diff, provenance) into portable bundles tied to timeline events. |
| 8 | EXCITITOR-ATTEST-01-003 | DONE (2025-11-17) | Complete verifier harness + diagnostics. | Excititor Attestation Guild | Finish `IVexAttestationVerifier`, wire structured diagnostics/metrics, and prove DSSE bundle verification without touching consensus results. |
| 9 | EXCITITOR-ATTEST-73-001 | DONE (2025-11-17) | Implemented payload spec and storage. | Excititor Core · Attestation Payloads Guild | Emit attestation payloads capturing supplier identity, justification summary, and scope metadata for trust chaining. |
| 10 | EXCITITOR-ATTEST-73-002 | DONE (2025-11-17) | Implemented linkage API. | Excititor Core Guild | Provide APIs linking attestation IDs back to observation/linkset/product tuples for provenance citations without derived verdicts. |
| 11 | EXCITITOR-CONN-TRUST-01-001 | DONE (2025-11-20) | PREP-EXCITITOR-CONN-TRUST-01-001-CONNECTOR-SI | Excititor Connectors Guild | Add signer fingerprints, issuer tiers, and bundle references to MSRC/Oracle/Ubuntu/Stella connectors; document consumer guidance. |
### Task Clusters & Readiness
- **Advisory-AI evidence APIs:** 31-001 delivered; 31-003 instrumentation and 31-004 docs pending; ready to start once examples and telemetry fixtures finalize.
- **AirGap ingestion & portable bundles:** 56/57/58 gated on Export Center schema and EvidenceLocker format; need sealed-mode error catalog and timeline mapping.
- **Attestation & provenance chain:** 01-003 harness/diagnostics first, then 73-001 payload spec and 73-002 linkage docs.
- **Connector provenance parity:** Inventory signer metadata, define shared fingerprint/tier schema, update connector acceptance tests.
## Action Tracker
| Focus | Action | Owner(s) | Due | Status |
| --- | --- | --- | --- | --- |
| Advisory-AI APIs | Publish finalized OpenAPI schema + SDK notes for projection API (31-004). | Excititor WebService Guild · Docs Guild | 2025-11-15 | In review (draft shared 2025-11-13) |
| Observability | Wire metrics/traces for `/v1/vex/observations/**` (31-003) and document dashboards. | Excititor WebService Guild · Observability Guild | 2025-11-16 | PARTIAL (metrics/logs delivered 2025-11-17; traces await span sink) |
| AirGap | Capture mirror bundle schema + sealed-mode toggle requirements for 56/57. | Excititor Core Guild · AirGap Policy Guild | 2025-11-17 | Pending |
| Portable bundles | Draft bundle manifest + EvidenceLocker linkage notes for 58-001. | Excititor Core Guild · Evidence Locker Guild | 2025-11-18 | Pending |
| Attestation | Complete verifier suite + diagnostics for 01-003. | Excititor Attestation Guild | 2025-11-16 | In progress (verifier harness ~80% complete) |
| Connectors | Inventory signer metadata + plan rollout for MSRC/Oracle/Ubuntu/Stella connectors (CONN-TRUST-01-001). | Excititor Connectors Guild | 2025-11-19 | Pending (schema draft expected 2025-11-14) |
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-19 | Marked PREP tasks P1P4 BLOCKED: mirror bundle schema (Sprint 162), sealed-mode error catalog, EvidenceLocker portable format, and connector signer metadata remain unpublished, keeping EXCITITOR-AIRGAP-56/57/58 and CONN-TRUST-01-001 gated. | Project Mgmt |
| 2025-11-12 | Snapshot refreshed; 31-001 marked DONE; other tasks pending observability, AirGap schemas, and attestation verifier completion. | Excititor PM |
| 2025-11-13 | Added readiness checklists and action tracker; awaiting Export Center mirror schema and Attestor verifier rehearsals. | Excititor PM |
| 2025-11-13 | OpenAPI draft for 31-004 shared; observability wiring blocked until Ops deploys span sink. | WebService Guild |
| 2025-11-14 | Connector provenance schema review scheduled; Export Center mirror schema still pending, keeping 56/57 blocked. | Connectors Guild |
| 2025-11-14 | 31-003 instrumentation (counters, chunk histogram, signature failure + guard-violation meters) merged; telemetry export blocked on span sink rollout. | WebService Guild |
| 2025-11-17 | Added chunk request/response telemetry + signature status counters; `/v1/vex/evidence/chunks` now emits metrics without traces. | WebService Guild |
### Task Clusters & Readiness
- **Advisory-AI evidence APIs:** 31-001 delivered; 31-003 instrumentation and 31-004 docs pending; ready to start once examples and telemetry fixtures finalize.
- **AirGap ingestion & portable bundles:** 56/57/58 gated on Export Center schema and EvidenceLocker format; need sealed-mode error catalog and timeline mapping.
- **Attestation & provenance chain:** 01-003 harness/diagnostics first, then 73-001 payload spec and 73-002 linkage docs.
- **Connector provenance parity:** Inventory signer metadata, define shared fingerprint/tier schema, update connector acceptance tests.
## Action Tracker
| Focus | Action | Owner(s) | Due | Status |
| --- | --- | --- | --- | --- |
| Advisory-AI APIs | Publish finalized OpenAPI schema + SDK notes for projection API (31-004). | Excititor WebService Guild · Docs Guild | 2025-11-15 | In review (draft shared 2025-11-13) |
| Observability | Wire metrics/traces for `/v1/vex/observations/**` (31-003) and document dashboards. | Excititor WebService Guild · Observability Guild | 2025-11-16 | PARTIAL (metrics/logs delivered 2025-11-17; traces await span sink) |
| AirGap | Capture mirror bundle schema + sealed-mode toggle requirements for 56/57. | Excititor Core Guild · AirGap Policy Guild | 2025-11-17 | Pending |
| Portable bundles | Draft bundle manifest + EvidenceLocker linkage notes for 58-001. | Excititor Core Guild · Evidence Locker Guild | 2025-11-18 | Pending |
| Attestation | Complete verifier suite + diagnostics for 01-003. | Excititor Attestation Guild | 2025-11-16 | In progress (verifier harness ~80% complete) |
| Connectors | Inventory signer metadata + plan rollout for MSRC/Oracle/Ubuntu/Stella connectors (CONN-TRUST-01-001). | Excititor Connectors Guild | 2025-11-19 | Pending (schema draft expected 2025-11-14) |
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-19 | Marked PREP tasks P1P4 BLOCKED: mirror bundle schema (Sprint 162), sealed-mode error catalog, EvidenceLocker portable format, and connector signer metadata remain unpublished, keeping EXCITITOR-AIRGAP-56/57/58 and CONN-TRUST-01-001 gated. | Project Mgmt |
| 2025-11-12 | Snapshot refreshed; 31-001 marked DONE; other tasks pending observability, AirGap schemas, and attestation verifier completion. | Excititor PM |
| 2025-11-13 | Added readiness checklists and action tracker; awaiting Export Center mirror schema and Attestor verifier rehearsals. | Excititor PM |
| 2025-11-13 | OpenAPI draft for 31-004 shared; observability wiring blocked until Ops deploys span sink. | WebService Guild |
| 2025-11-14 | Connector provenance schema review scheduled; Export Center mirror schema still pending, keeping 56/57 blocked. | Connectors Guild |
| 2025-11-14 | 31-003 instrumentation (counters, chunk histogram, signature failure + guard-violation meters) merged; telemetry export blocked on span sink rollout. | WebService Guild |
| 2025-11-17 | Added chunk request/response telemetry + signature status counters; `/v1/vex/evidence/chunks` now emits metrics without traces. | WebService Guild |
| 2025-11-14 | Published `docs/modules/excititor/operations/observability.md` covering new evidence metrics for Ops/Lens dashboards. | Observability Guild |
| 2025-11-16 | Normalized sprint file to standard template, renamed to SPRINT_0119_0001_0001_excititor_i.md, and updated tasks-all references. | Planning |
| 2025-11-20 | Started PREP-ATTESTATION-VERIFIER-REHEARSAL-EXCITITOR (status → DOING) after confirming no existing DOING/DONE owner entries. | Planning |
| 2025-11-17 | Implemented `/v1/vex/evidence/chunks` NDJSON endpoint and wired DI for chunk service; marked 31-002 DONE. | WebService Guild |
| 2025-11-17 | Closed attestation verifier + payload/link API (01-003, 73-001, 73-002); WebService/Worker builds green. | Attestation/Core Guild |
| 2025-11-17 | Implemented `/v1/vex/evidence/chunks` NDJSON endpoint and wired DI for chunk service; marked 31-002 DONE. | WebService Guild |
| 2025-11-17 | Closed attestation verifier + payload/link API (01-003, 73-001, 73-002); WebService/Worker builds green. | Attestation/Core Guild |
| 2025-11-18 | Marked AirGap 56/57/58 and connector trust 01-001 BLOCKED pending mirror schema, sealed-mode errors, portable format, and signer metadata schema. | Implementer |
| 2025-11-18 | Authored Advisory-AI evidence contract doc (`docs/modules/excititor/evidence-contract.md`) covering `/v1/vex/evidence/chunks`, schema, determinism, AOC, telemetry; 31-004 doc deliverable ready. | Implementer |
| 2025-11-20 | Completed PREP-EXCITITOR-CONN-TRUST-01-001: published connector signer metadata schema, guidance, and sample bundle hash to unblock connector trust rollout. | Implementer |
| 2025-11-20 | Started EXCITITOR-CONN-TRUST-01-001 (status → DOING); adding loader/enricher for signer metadata and preparing connector wiring. | Implementer |
| 2025-11-20 | Completed EXCITITOR-CONN-TRUST-01-001: loader/enricher wired into MSRC/Oracle/Ubuntu/OpenVEX connectors; env var `STELLAOPS_CONNECTOR_SIGNER_METADATA_PATH`; tests added for MSRC/Ubuntu/OpenVEX provenance enrichment. | Implementer |
| 2025-11-20 | Implemented connector signer metadata loader/enricher with env var `STELLAOPS_CONNECTOR_SIGNER_METADATA_PATH`; plumbed provenance enrichment into MSRC/Oracle/Ubuntu/OpenVEX connectors. | Implementer |
## Decisions & Risks
- **Decisions**
- Until Ops span sink lands, keep observability fallback to log-only counters per `docs/modules/excititor/operations/observability.md`.
- If Export Center mirror schema slips, temporarily use placeholder from `docs/modules/export-center/architecture.md` with deltas noted; escalate to Export Center leads.
- Advisory-AI consumers must map observation IDs via projection service; keep aggregation-only stance (no consensus logic) for all new APIs.
- **Risks & Mitigations**
- Observability sinks not ready for 31-003 → reuse Signals dashboards; ship log-only fallback. Severity: Medium.
- Mirror bundle schema still absent (blocks 56/57/58) → escalate to Export Center; track due date 2025-11-19; severity: High.
- Portable EvidenceLocker format not published (blocks 58-001) → request format drop from Evidence Locker leads; severity: High.
- Connector signer metadata schema missing (blocks CONN-TRUST-01-001) → chase schema artefact owners; severity: Medium.
- Attestation verifier misses 2025-11-16 target → daily stand-ups; parallel diagnostics; severity: High.
## Next Checkpoints
| Date (UTC) | Session / Owner | Goal | Fallback |
| 2025-11-18 | Scanner mock bundle v1 delivered | Start GRAPH-INDEX/ZASTAVA tests using mock; publish hash | Scanner Guild |
| --- | --- | --- | --- |
| 2025-11-17 | Coordinator · WebService/Observability Guilds | Counters/logs-only fallback approved; start 31-003 execution without span sink. | Keep span sink as follow-on milestone. |
| 2025-11-14 | Connector provenance schema review (Connectors + Security Guilds) | Approve signer fingerprint + issuer tier schema for CONN-TRUST-01-001. | If schema not ready, keep task blocked and request interim metadata list from connectors. |
| 2025-11-15 | Export Center mirror schema sync (Export Center + Excititor + AirGap) | Receive mirror bundle manifest to unblock 56/57. | If delayed, escalate to Sprint 162 leads and use placeholder spec with clearly marked TODO. |
| 2025-11-16 | Attestation verifier rehearsal (Excititor Attestation Guild) | Demo `IVexAttestationVerifier` harness + diagnostics to unblock 73-* tasks. | PREP-ATTESTATION-VERIFIER-REHEARSAL-EXCITITOR |
| 2025-11-18 | Observability span sink deploy (Ops/Signals Guild) | Enable telemetry pipeline needed for 31-003. | If deploy slips, implement temporary counters/logs and keep action tracker flagged as blocked. |
| 2025-11-19 | Connector metadata inventory (Connectors Guild) | Confirm signer metadata coverage for CONN-TRUST-01-001 rollout. | Fall back to partial coverage with feature flags. |
## Decisions & Risks
- **Decisions**
- Until Ops span sink lands, keep observability fallback to log-only counters per `docs/modules/excititor/operations/observability.md`.
- If Export Center mirror schema slips, temporarily use placeholder from `docs/modules/export-center/architecture.md` with deltas noted; escalate to Export Center leads.
- Advisory-AI consumers must map observation IDs via projection service; keep aggregation-only stance (no consensus logic) for all new APIs.
- **Risks & Mitigations**
- Observability sinks not ready for 31-003 → reuse Signals dashboards; ship log-only fallback. Severity: Medium.
- Mirror bundle schema still absent (blocks 56/57/58) → escalate to Export Center; track due date 2025-11-19; severity: High.
- Portable EvidenceLocker format not published (blocks 58-001) → request format drop from Evidence Locker leads; severity: High.
- Connector signer metadata schema missing (blocks CONN-TRUST-01-001) → chase schema artefact owners; severity: Medium.
- Attestation verifier misses 2025-11-16 target → daily stand-ups; parallel diagnostics; severity: High.
## Next Checkpoints
| Date (UTC) | Session / Owner | Goal | Fallback |
| 2025-11-18 | Scanner mock bundle v1 delivered | Start GRAPH-INDEX/ZASTAVA tests using mock; publish hash | Scanner Guild |
| --- | --- | --- | --- |
| 2025-11-17 | Coordinator · WebService/Observability Guilds | Counters/logs-only fallback approved; start 31-003 execution without span sink. | Keep span sink as follow-on milestone. |
| 2025-11-14 | Connector provenance schema review (Connectors + Security Guilds) | Approve signer fingerprint + issuer tier schema for CONN-TRUST-01-001. | If schema not ready, keep task blocked and request interim metadata list from connectors. |
| 2025-11-15 | Export Center mirror schema sync (Export Center + Excititor + AirGap) | Receive mirror bundle manifest to unblock 56/57. | If delayed, escalate to Sprint 162 leads and use placeholder spec with clearly marked TODO. |
| 2025-11-16 | Attestation verifier rehearsal (Excititor Attestation Guild) | Demo `IVexAttestationVerifier` harness + diagnostics to unblock 73-* tasks. | PREP-ATTESTATION-VERIFIER-REHEARSAL-EXCITITOR |
| 2025-11-18 | Observability span sink deploy (Ops/Signals Guild) | Enable telemetry pipeline needed for 31-003. | If deploy slips, implement temporary counters/logs and keep action tracker flagged as blocked. |
| 2025-11-19 | Connector metadata inventory (Connectors Guild) | Confirm signer metadata coverage for CONN-TRUST-01-001 rollout. | Fall back to partial coverage with feature flags. |

111
docs/implplan/SPRINT_0119_0001_0002_excititor_ii.md
View File

@@ -7,13 +7,13 @@
- **Working directory:** `src/Excititor` (WebService, Core, Storage, Connectors); keep changes inside module boundaries.
## Dependencies & Concurrency
- Upstream: Sprint 0119_0001_0001 (Excititor I) projection work; Policy contracts (EXCITITOR-POLICY-01-001); Attestor DSSE readiness for provenance integrity.
- Upstream: Sprint 0119_0001_0001 (Excititor I) projection work; Policy contracts (EXCITITOR-POLICY-01-001); Attestor DSSE readiness.
- Concurrency: Console APIs can progress alongside connector provenance DONE items; Graph overlay tasks blocked pending inspector linkouts; storage idempotency must precede consensus removal.
- Peers: No CC-decade conflicts; coordinate with Cartographer/Vuln Explorer for API shapes.
## Documentation Prerequisites
- `docs/modules/excititor/architecture.md`
- `docs/modules/excititor/README.md#latest-updates`
- `docs/modules/excititor/README.md`
- `docs/modules/excititor/mirrors.md`
- `docs/modules/excititor/operations/*`
- `docs/modules/excititor/implementation_plan.md`
@@ -22,75 +22,60 @@
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-EXCITITOR-CONSOLE-23-001-AWAITING-CONCRE | BLOCKED | Due 2025-11-21 · Accountable: Excititor WebService Guild · BE-Base Platform Guild | Excititor WebService Guild · BE-Base Platform Guild | Awaiting concrete `/console/vex` API contract and grouping schema; LNM 21-* view spec not present. <br><br> Document artefact/deliverable for EXCITITOR-CONSOLE-23-001 and publish location so downstream tasks can proceed. |
| P2 | PREP-EXCITITOR-CONSOLE-23-002-DEPENDS-ON-23-0 | BLOCKED | Due 2025-11-21 · Accountable: Excititor WebService Guild | Excititor WebService Guild | Depends on 23-001; need sprint-level contract for counters. <br><br> Document artefact/deliverable for EXCITITOR-CONSOLE-23-002 and publish location so downstream tasks can proceed. |
| P3 | PREP-EXCITITOR-CONSOLE-23-003-DEPENDS-ON-23-0 | BLOCKED | Due 2025-11-21 · Accountable: Excititor WebService Guild | Excititor WebService Guild | Depends on 23-001; contract for caching/RBAC/precedence context pending. <br><br> Document artefact/deliverable for EXCITITOR-CONSOLE-23-003 and publish location so downstream tasks can proceed. |
| P4 | PREP-EXCITITOR-CORE-AOC-19-002-LINKSET-EXTRAC | BLOCKED | Due 2025-11-21 · Accountable: Excititor Core Guild | Excititor Core Guild | Linkset extraction rules/ordering not documented. <br><br> Document artefact/deliverable for EXCITITOR-CORE-AOC-19-002 and publish location so downstream tasks can proceed. |
| P5 | PREP-EXCITITOR-CORE-AOC-19-003-BLOCKED-ON-19 | BLOCKED | Due 2025-11-21 · Accountable: Excititor Core Guild | Excititor Core Guild | Blocked on 19-002; design supersede chains. <br><br> Document artefact/deliverable for EXCITITOR-CORE-AOC-19-003 and publish location so downstream tasks can proceed. |
| P6 | PREP-EXCITITOR-CORE-AOC-19-004-REMOVE-CONSENS | BLOCKED | Due 2025-11-21 · Accountable: Excititor Core Guild | Excititor Core Guild | Remove consensus after 19-003 in place. <br><br> Document artefact/deliverable for EXCITITOR-CORE-AOC-19-004 and publish location so downstream tasks can proceed. |
| P7 | PREP-EXCITITOR-CORE-AOC-19-013-SEED-TENANT-AW | BLOCKED | Due 2025-11-21 · Accountable: Excititor Core Guild | Excititor Core Guild | Seed tenant-aware Authority clients in smoke/e2e once 19-004 lands. <br><br> Document artefact/deliverable for EXCITITOR-CORE-AOC-19-013 and publish location so downstream tasks can proceed. |
| P8 | PREP-EXCITITOR-GRAPH-21-001-NEEDS-CARTOGRAPHE | BLOCKED | Due 2025-11-21 · Accountable: Excititor Core · Cartographer Guild | Excititor Core · Cartographer Guild | Needs Cartographer API contract + data availability. <br><br> Document artefact/deliverable for EXCITITOR-GRAPH-21-001 and publish location so downstream tasks can proceed. |
| P9 | PREP-EXCITITOR-GRAPH-21-002-BLOCKED-ON-21-001 | BLOCKED | Due 2025-11-21 · Accountable: Excititor Core Guild | Excititor Core Guild | Blocked on 21-001. <br><br> Document artefact/deliverable for EXCITITOR-GRAPH-21-002 and publish location so downstream tasks can proceed. |
| P10 | PREP-EXCITITOR-GRAPH-21-005-BLOCKED-ON-21-002 | BLOCKED | Due 2025-11-21 · Accountable: Excititor Storage Guild | Excititor Storage Guild | Blocked on 21-002. <br><br> Document artefact/deliverable for EXCITITOR-GRAPH-21-005 and publish location so downstream tasks can proceed. |
| P11 | PREP-EXCITITOR-GRAPH-24-101-WAIT-FOR-21-005-I | BLOCKED | Due 2025-11-21 · Accountable: Excititor WebService Guild | Excititor WebService Guild | Wait for 21-005 indexes. <br><br> Document artefact/deliverable for EXCITITOR-GRAPH-24-101 and publish location so downstream tasks can proceed. |
| P12 | PREP-EXCITITOR-GRAPH-24-102-DEPENDS-ON-24-101 | BLOCKED | Due 2025-11-21 · Accountable: Excititor WebService Guild | Excititor WebService Guild | Depends on 24-101; design batch shape. <br><br> Document artefact/deliverable for EXCITITOR-GRAPH-24-102 and publish location so downstream tasks can proceed. |
| P13 | PREP-FINALIZE-CONSOLE-VEX-CONTRACT-23-001-AND | BLOCKED | Due 2025-11-21 · Accountable: BLOCKED (await contract; LNM view spec needed) | BLOCKED (await contract; LNM view spec needed) | 2025-11-18. <br><br> Document artefact/deliverable for Finalize `/console/vex` contract (23-001) and dashboard deltas (23-002). and publish location so downstream tasks can proceed. |
| P14 | PREP-LAND-LINKSET-EXTRACTION-RAW-UPSERT-UNIQU | BLOCKED | Due 2025-11-21 · Accountable: BLOCKED (linkset schema pending) | BLOCKED (linkset schema pending) | 2025-11-19. <br><br> Document artefact/deliverable for Land linkset extraction + raw upsert uniqueness (19-002/003). and publish location so downstream tasks can proceed. |
| P15 | PREP-REMOVE-MERGE-SEVERITY-LOGIC-AFTER-IDEMPO | BLOCKED | Due 2025-11-21 · Accountable: BLOCKED (depends on 19-002/003) | BLOCKED (depends on 19-002/003) | 2025-11-20. <br><br> Document artefact/deliverable for Remove merge/severity logic after idempotency in place (19-004). and publish location so downstream tasks can proceed. |
| P16 | PREP-ALIGN-INSPECTOR-LINKOUT-SCHEMAS-TO-UNBLO | BLOCKED | Due 2025-11-21 · Accountable: BLOCKED (awaiting Cartographer contract) | BLOCKED (awaiting Cartographer contract) | 2025-11-21. <br><br> Document artefact/deliverable for Align inspector/linkout schemas to unblock 21-001/002/005. and publish location so downstream tasks can proceed. |
| P17 | PREP-CARTOGRAPHER-SCHEMA-SYNC-MAINTAIN-BLOCKE | BLOCKED | Due 2025-11-21 · Accountable: Planning | Planning | Maintain BLOCKED status; deliver sample payloads for early testing. <br><br> Document artefact/deliverable for Cartographer schema sync and publish location so downstream tasks can proceed. |
| 1 | EXCITITOR-CONN-SUSE-01-003 | DONE (2025-11-09) | Trust metadata flowing; monitor consumers. | Excititor Connectors SUSE | Emit provider trust configuration (signer fingerprints, trust tier notes) into raw provenance envelope; aggregation-only. |
| 2 | EXCITITOR-CONN-UBUNTU-01-003 | DONE (2025-11-09) | Trust metadata flowing; monitor consumers. | Excititor Connectors Ubuntu | Emit Ubuntu signing metadata (GPG fingerprints, issuer trust tier) in raw provenance artifacts; aggregation-only. |
| 3 | EXCITITOR-CONSOLE-23-001 | BLOCKED (2025-11-17) | PREP-EXCITITOR-CONSOLE-23-001-AWAITING-CONCRE | Excititor WebService Guild · BE-Base Platform Guild | Expose grouped VEX statements with status chips, justification metadata, precedence trace pointers, tenant filters. |
| 4 | EXCITITOR-CONSOLE-23-002 | BLOCKED (2025-11-17) | PREP-EXCITITOR-CONSOLE-23-002-DEPENDS-ON-23-0 | Excititor WebService Guild | Provide aggregated delta counts for overrides; emit metrics for policy explain. |
| 5 | EXCITITOR-CONSOLE-23-003 | BLOCKED (2025-11-17) | PREP-EXCITITOR-CONSOLE-23-003-DEPENDS-ON-23-0 | Excititor WebService Guild | Rapid lookup endpoints of VEX by advisory/component incl. provenance + precedence context; caching + RBAC. |
| 6 | EXCITITOR-CORE-AOC-19-002 | BLOCKED (2025-11-17) | PREP-EXCITITOR-CORE-AOC-19-002-LINKSET-EXTRAC | Excititor Core Guild | Extract advisory IDs, component PURLs, references into linkset with reconciled-from metadata. |
| 7 | EXCITITOR-CORE-AOC-19-003 | BLOCKED (2025-11-17) | PREP-EXCITITOR-CORE-AOC-19-003-BLOCKED-ON-19 | Excititor Core Guild | Enforce uniqueness + append-only versioning of raw VEX docs. |
| 8 | EXCITITOR-CORE-AOC-19-004 | BLOCKED (2025-11-17) | PREP-EXCITITOR-CORE-AOC-19-004-REMOVE-CONSENS | Excititor Core Guild | Excise consensus/merge/severity logic from ingestion; rely on Policy Engine materializations. |
| 9 | EXCITITOR-CORE-AOC-19-013 | BLOCKED (2025-11-17) | PREP-EXCITITOR-CORE-AOC-19-013-SEED-TENANT-AW | Excititor Core Guild | Ensure cross-tenant ingestion rejected; update tests. |
| 10 | EXCITITOR-GRAPH-21-001 | BLOCKED (2025-10-27) | PREP-EXCITITOR-GRAPH-21-001-NEEDS-CARTOGRAPHE | Excititor Core · Cartographer Guild | Batched VEX/advisory reference fetches by PURL for inspector linkouts. |
| 11 | EXCITITOR-GRAPH-21-002 | BLOCKED (2025-10-27) | PREP-EXCITITOR-GRAPH-21-002-BLOCKED-ON-21-001 | Excititor Core Guild | Overlay metadata includes justification summaries + versions; fixtures/tests. |
| 12 | EXCITITOR-GRAPH-21-005 | BLOCKED (2025-10-27) | PREP-EXCITITOR-GRAPH-21-005-BLOCKED-ON-21-002 | Excititor Storage Guild | Indexes/materialized views for VEX lookups by PURL/policy for inspector perf. |
| 13 | EXCITITOR-GRAPH-24-101 | BLOCKED (2025-11-17) | PREP-EXCITITOR-GRAPH-24-101-WAIT-FOR-21-005-I | Excititor WebService Guild | VEX status summaries per component/asset for Vuln Explorer. |
| 14 | EXCITITOR-GRAPH-24-102 | BLOCKED (2025-11-17) | PREP-EXCITITOR-GRAPH-24-102-DEPENDS-ON-24-101 | Excititor WebService Guild | Batch VEX observation retrieval optimized for Graph overlays/tooltips. |
| 15 | EXCITITOR-LNM-21-001 | IN REVIEW (2025-11-14) | Await review sign-off; prep migrations. | Excititor Core Guild | VEX observation model/schema, indexes, determinism rules, AOC metadata (`docs/modules/excititor/vex_observations.md`). |
| 16 | AGENTS-EXCITITOR-UPDATE | DONE (2025-11-17) | AGENTS.md authored for WebService/Core/Storage/Worker. | Planning / Platform Guild | Author module-level AGENTS.md covering required docs, contracts, and testing for Excititor service components. |
## Action Tracker
| Focus | Action | Owner(s) | Due | Status |
| --- | --- | --- | --- | --- |
| Console APIs | Finalize `/console/vex` contract (23-001) and dashboard deltas (23-002). | WebService Guild | PREP-FINALIZE-CONSOLE-VEX-CONTRACT-23-001-AND | BLOCKED (await contract; LNM view spec needed) |
| Ingestion idempotency | Land linkset extraction + raw upsert uniqueness (19-002/003). | Core Guild | PREP-LAND-LINKSET-EXTRACTION-RAW-UPSERT-UNIQU | BLOCKED (linkset schema pending) |
| Consensus removal | Remove merge/severity logic after idempotency in place (19-004). | Core Guild | PREP-REMOVE-MERGE-SEVERITY-LOGIC-AFTER-IDEMPO | BLOCKED (depends on 19-002/003) |
| Graph overlays | Align inspector/linkout schemas to unblock 21-001/002/005. | Core + Cartographer Guilds | PREP-ALIGN-INSPECTOR-LINKOUT-SCHEMAS-TO-UNBLO | BLOCKED (awaiting Cartographer contract) |
| P1 | PREP-EXCITITOR-CONSOLE-23-001-AWAITING-CONCRE | DONE (2025-11-20) | Prep note at `docs/modules/excititor/prep/2025-11-20-console-vex-contract-prep.md`; awaiting LNM view spec + SSE envelopes. | Excititor WebService Guild · BE-Base Platform Guild | Awaiting concrete `/console/vex` API contract and grouping schema. |
| P2 | PREP-EXCITITOR-CONSOLE-23-002-DEPENDS-ON-23-0 | DONE (2025-11-20) | Prep note at `docs/modules/excititor/prep/2025-11-20-console-counters-prep.md`; depends on 23-001 buckets. | Excititor WebService Guild | Counters contract. |
| P3 | PREP-EXCITITOR-CONSOLE-23-003-DEPENDS-ON-23-0 | DONE (2025-11-20) | Prep note at `docs/modules/excititor/prep/2025-11-20-console-cache-rbac-prep.md`; awaits cache TTL/precedence traces. | Excititor WebService Guild | Caching/RBAC/precedence context. |
| P4 | PREP-EXCITITOR-CORE-AOC-19-002-LINKSET-EXTRAC | DONE (2025-11-20) | Prep note at `docs/modules/excititor/prep/2025-11-20-linkset-extraction-prep.md`. | Excititor Core Guild | Linkset extraction rules/ordering. |
| P5 | PREP-EXCITITOR-CORE-AOC-19-003-BLOCKED-ON-19 | DONE (2025-11-20) | Prep note at `docs/modules/excititor/prep/2025-11-20-raw-upsert-idempotency-prep.md`. | Excititor Core Guild | Idempotent upsert supersede chains. |
| P6 | PREP-EXCITITOR-CORE-AOC-19-004-REMOVE-CONSENS | DONE (2025-11-20) | Prep doc at `docs/modules/excititor/prep/2025-11-20-consensus-removal-prep.md`. | Excititor Core Guild | Remove consensus after idempotency. |
| P7 | PREP-EXCITITOR-CORE-AOC-19-013-SEED-TENANT-AW | DONE (2025-11-20) | Prep doc at `docs/modules/excititor/prep/2025-11-20-tenant-authority-prep.md`. | Excititor Core Guild | Tenant-aware Authority clients. |
| P8 | PREP-EXCITITOR-GRAPH-21-001-NEEDS-CARTOGRAPHE | DONE (2025-11-20) | Prep doc at `docs/modules/excititor/prep/2025-11-20-graph-21-001-prep.md`. | Excititor Core · Cartographer Guild | Cartographer API contract. |
| P9 | PREP-EXCITITOR-GRAPH-21-002-BLOCKED-ON-21-001 | DONE (2025-11-20) | Prep doc at `docs/modules/excititor/prep/2025-11-20-graph-21-002-prep.md`. | Excititor Core Guild | Overlay payload. |
| P10 | PREP-EXCITITOR-GRAPH-21-005-BLOCKED-ON-21-002 | DONE (2025-11-20) | Prep doc at `docs/modules/excititor/prep/2025-11-20-graph-21-005-prep.md`. | Excititor Storage Guild | Index plan. |
| 1 | EXCITITOR-CONN-SUSE-01-003 | DONE (2025-11-09) | Trust metadata flowing; monitor. | Connectors SUSE | Emit provider trust configuration. |
| 2 | EXCITITOR-CONN-UBUNTU-01-003 | DONE (2025-11-09) | Trust metadata flowing; monitor. | Connectors Ubuntu | Emit Ubuntu signing metadata. |
| 3 | EXCITITOR-CONSOLE-23-001 | BLOCKED (2025-11-17) | PREP-EXCITITOR-CONSOLE-23-001-AWAITING-CONCRE | Excititor WebService Guild · BE-Base | Grouped VEX statements with traces/tenant filters. |
| 4 | EXCITITOR-CONSOLE-23-002 | BLOCKED (2025-11-17) | PREP-EXCITITOR-CONSOLE-23-002-DEPENDS-ON-23-0 | Excititor WebService Guild | Delta counts + metrics. |
| 5 | EXCITITOR-CONSOLE-23-003 | BLOCKED (2025-11-17) | PREP-EXCITITOR-CONSOLE-23-003-DEPENDS-ON-23-0 | Excititor WebService Guild | Rapid VEX lookups with precedence/caching/RBAC. |
| 6 | EXCITITOR-CORE-AOC-19-002 | BLOCKED (2025-11-17) | PREP-EXCITITOR-CORE-AOC-19-002-LINKSET-EXTRAC | Excititor Core Guild | Linkset extraction. |
| 7 | EXCITITOR-CORE-AOC-19-003 | BLOCKED (2025-11-17) | PREP-EXCITITOR-CORE-AOC-19-003-BLOCKED-ON-19 | Excititor Core Guild | Raw VEX append-only uniqueness. |
| 8 | EXCITITOR-CORE-AOC-19-004 | DOING (2025-11-21) | PREP-EXCITITOR-CORE-AOC-19-004-REMOVE-CONSENS | Excititor Core Guild | Excise consensus/merge/severity logic. |
| 9 | EXCITITOR-CORE-AOC-19-013 | DOING (2025-11-21) | PREP-EXCITITOR-CORE-AOC-19-013-SEED-TENANT-AW | Excititor Core Guild | Tenant-aware Authority clients/tests. |
| 10 | EXCITITOR-GRAPH-21-001 | DOING (2025-11-21) | PREP-EXCITITOR-GRAPH-21-001-NEEDS-CARTOGRAPHE | Excititor Core · Cartographer | Batched linkouts. |
| 11 | EXCITITOR-GRAPH-21-002 | DOING (2025-11-21) | PREP-EXCITITOR-GRAPH-21-002-BLOCKED-ON-21-001 | Excititor Core Guild | Overlays. |
| 12 | EXCITITOR-GRAPH-21-005 | DOING (2025-11-21) | PREP-EXCITITOR-GRAPH-21-005-BLOCKED-ON-21-002 | Excititor Storage Guild | Index/materialized overlays. |
| 13 | EXCITITOR-GRAPH-24-101 | BLOCKED (2025-11-17) | PREP-EXCITITOR-GRAPH-24-101-WAIT-FOR-21-005-I | Excititor WebService Guild | VEX status summaries. |
| 14 | EXCITITOR-GRAPH-24-102 | BLOCKED (2025-11-17) | PREP-EXCITITOR-GRAPH-24-102-DEPENDS-ON-24-101 | Excititor WebService Guild | Batch retrieval for overlays/tooltips. |
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-19 | Normalized PREP-EXCITITOR-CORE-AOC-19-003 Task ID (removed trailing hyphen) so dependency resolution works. | Project Mgmt |
| 2025-11-19 | Marked PREP tasks P1P17 BLOCKED due to missing console contract (LNM view spec), linkset extraction/idempotency schema, Cartographer API contract, and orchestrator/LNM inputs—keeping Console, AOC-19-002/003/004/013, and GRAPH 21/24 tracks gated. | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-19 | Normalized PREP-EXCITITOR-CORE-AOC-19-003 Task ID. | Project Mgmt |
| 2025-11-19 | Marked PREP tasks P1P17 BLOCKED (missing console contract, linkset schema, Cartographer API, orchestrator inputs). | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates. | Planning |
| 2025-11-09 | Connector SUSE + Ubuntu trust provenance delivered. | Connectors Guild |
| 2025-11-14 | LNM-21-001 schema in review. | Core Guild |
| 2025-11-16 | Normalized sprint file to standard template and renamed to SPRINT_0119_0001_0002_excititor_ii.md. | Planning |
| 2025-11-17 | Deprecated legacy filename `SPRINT_120_excititor_ii.md`; redirect left in place pointing here. | Planning |
| 2025-11-17 | Authored AGENTS.md for WebService/Core/Storage.Mongo/Worker to unblock Excititor II work. | Planning |
| 2025-11-17 | Work paused: module-level AGENTS.md missing for WebService/Core/Storage/Worker; blocked TODO items and added AGENTS-EXCITITOR-UPDATE task. | Planning |
| 2025-11-17 | Deprecated legacy filename `SPRINT_120_excititor_ii.md`. | Planning |
| 2025-11-17 | Authored AGENTS.md for WebService/Core/Storage.Mongo/Worker. | Planning |
| 2025-11-17 | Work paused: module-level AGENTS.md missing; added AGENTS-EXCITITOR-UPDATE task. | Planning |
| 2025-11-20 | Published prep artefacts for P1P5. | Implementer |
| 2025-11-20 | Published prep artefacts for P6P10. | Implementer |
| 2025-11-21 | Began implementation: set EXCITITOR-CORE-AOC-19-004 and -19-013 to DOING; wired DisableConsensus flag in worker options and consensus refresh loop guard. | Implementer |
| 2025-11-21 | PostConfigure added: DisableConsensus forces Refresh.Enabled=false. | Implementer |
| 2025-11-21 | Env block: PTY commands failing with “No space left on device”; continuing via apply_patch only. | Implementer |
| 2025-11-21 | Added consensus removal runbook (`docs/modules/excititor/operations/consensus-removal-runbook.md`). | Implementer |
| 2025-11-21 | Added tenant Authority client factory + config docs; task 19-013 progressing. | Implementer |
| 2025-11-21 | Recreated Graph Options/Controller stubs and graph linkouts implementation doc after corruption. | Implementer |
## Decisions & Risks
- **Decisions**
- Keep connector provenance aggregation-only; no weighting/consensus in Excititor.
- Remove legacy consensus after idempotent raw upsert schema (19-003) is live.
- **Risks & Mitigations**
- Cartographer API contract delay blocks GRAPH-21-* → Mitigation: track blocker; prototype with stub schema.
- Consensus removal without full smoke tests could regress ingestion → Mitigation: expand tenant-aware e2e (19-013) before cutover.
- Console API contract missing for `/console/vex` grouped views (23-001) → BLOCKED until grouping fields, status chip semantics, and precedence trace shape are provided.
- Linkset extraction determinism rules/schema not available (19-002) → BLOCKED until authoritative extraction/ordering spec is supplied.
- Module AGENTS.md absent for WebService/Core/Storage/Worker → Mitigated by AGENTS-EXCITITOR-UPDATE (DONE 2025-11-17); ensure new contributors read the charters.
- Aggregation-only: consensus refresh disabled by default; migration runbook authored.
- Tenant safety: Authority clients must be tenant-scoped.
- Graph overlays depend on Cartographer contract; currently blocked.
- Environment risk: “No space left on device” prevents normal command execution; repo integrity relies on apply_patch. Clean space before further code changes.
## Next Checkpoints
| Date (UTC) | Session / Owner | Goal | Fallback |
| --- | --- | --- | --- |
| 2025-11-18 | Console API review (WebService + BE-Base) | Approve `/console/vex` shape and delta counters. | Ship behind feature flag if minor gaps remain. |
| 2025-11-19 | Idempotent ingestion design review (Core) | Lock uniqueness + supersede chain plan for 19-002/003. | Use temporary duplicate guard rails until migration complete. |
| 2025-11-21 | Cartographer schema sync | Unblock GRAPH-21-* inspector/linkout contracts. | PREP-CARTOGRAPHER-SCHEMA-SYNC-MAINTAIN-BLOCKE |
- 2025-11-18 | Console API review.
- 2025-11-19 | Idempotent ingestion design review.
- 2025-11-21 | Cartographer schema sync.
- 2025-11-22 | Storage space remediation.

172
docs/implplan/SPRINT_0120_0000_0001_policy_reasoning.md
View File

@@ -1,86 +1,86 @@
# Sprint 0120-0000-0001 · Policy & Reasoning
## Topic & Scope
- Deliver ledger observability baselines (LEDGER-29-007/008/009) so Policy teams can trust ingestion, anchoring, and replay at >5M findings/tenant.
- Extend ledger provenance to orchestrator jobs, air-gapped bundle imports, and attestation evidence (LEDGER-34-101, LEDGER-AIRGAP-56/57/58, LEDGER-ATTEST-73-001).
- Ship deployment collateral (Helm/Compose, backup/restore, offline kit) so downstream guilds can adopt without bespoke guidance.
- Working directory: `src/Findings/StellaOps.Findings.Ledger`.
## Dependencies & Concurrency
- Upstream obligations: Sprint 110.A AdvisoryAI must land; Observability Guild must sign off `ledger_*` metric schema; mirror bundle schema freeze required before LEDGER-AIRGAP-*; attestation pointer schema must align with NOTIFY-ATTEST-74-001.
- Concurrency guardrails: execute tasks in order DOING → TODO → BLOCKED; orchestrator export contract is tracked with Sprint 150.A to avoid cross-guild contention.
- Entry criteria: upstream AdvisoryAI deliverables complete; Observability-approved metric names/labels; published mirror bundle schemas for AirGap kits.
- Exit criteria: metrics/logs/dashboards live in ops telemetry packs with alerts; determinism/load harness produces signed 5M findings report; deployment manifests + offline kits reviewed by DevOps/AirGap guilds; ledger records pointers to orchestrator runs, bundle provenance, and attestation envelopes.
**External dependency tracker**
| Dependency | Current state (2025-11-13) | Impact |
| --- | --- | --- |
| Sprint 110.A AdvisoryAI | DONE | Enables Findings.I start; monitor regressions. |
| Observability metric schema | IN REVIEW | Blocks LEDGER-29-007/008 dashboards. |
| Orchestrator job export contract | TODO | Required for LEDGER-34-101; tracked in Sprint 150.A wave table. |
| Mirror bundle schema | DRAFT | Needed for LEDGER-AIRGAP-56/57/58 messaging + manifests. |
| Attestation pointer schema | DRAFT | Needs alignment with NOTIFY-ATTEST-74-001 to reuse DSSE IDs. |
**Cluster snapshot**
- **Observability & diagnostics** (LEDGER-29-007/008 · Findings Ledger Guild · Observability Guild · QA Guild) — Status TODO. Metric/log spec captured in `docs/modules/findings-ledger/observability.md`; determinism harness spec in `docs/modules/findings-ledger/replay-harness.md`; sequencing documented in `docs/modules/findings-ledger/implementation_plan.md`. Awaiting Observability sign-off + Grafana JSON export (target 2025-11-15).
- **Deployment & backup** (LEDGER-29-009 · Findings Ledger Guild · DevOps Guild) — Status TODO. Baseline deployment/backup guide published (`docs/modules/findings-ledger/deployment.md`); need Compose/Helm overlays and automated migrations.
- **Orchestrator provenance** (LEDGER-34-101 · Findings Ledger Guild) — Status TODO. Blocked until Orchestrator exports job ledger payload; coordinate with Sprint 150.A deliverables.
- **Air-gap provenance & staleness** (LEDGER-AIRGAP-56/57/58 · Findings Ledger Guild · AirGap Guilds · Evidence Locker Guild) — Status TODO. Requirements captured in `docs/modules/findings-ledger/airgap-provenance.md`; waiting on mirror bundle schema freeze + AirGap controller inputs.
- **Attestation linkage** (LEDGER-ATTEST-73-001 · Findings Ledger Guild · Attestor Service Guild) — Status TODO. Waiting on attestation payload pointers from NOTIFY-ATTEST-74-001 work to reuse DSSE IDs.
## Documentation Prerequisites
- `docs/modules/findings-ledger/observability.md`
- `docs/modules/findings-ledger/replay-harness.md`
- `docs/modules/findings-ledger/deployment.md`
- `docs/modules/findings-ledger/implementation_plan.md`
- `docs/modules/findings-ledger/airgap-provenance.md`
- `docs/observability/policy.md`
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-LEDGER-29-008-AWAIT-OBSERVABILITY-SCHEMA | BLOCKED | Due 2025-11-21 · Accountable: Findings Ledger Guild, QA Guild / `src/Findings/StellaOps.Findings.Ledger` | Findings Ledger Guild, QA Guild / `src/Findings/StellaOps.Findings.Ledger` | Await Observability schema sign-off + ledger write endpoint contract; 5M fixture drop pending. <br><br> Document artefact/deliverable for LEDGER-29-008 and publish location so downstream tasks can proceed. |
| P2 | PREP-LEDGER-34-101-ORCHESTRATOR-LEDGER-EXPORT | BLOCKED | Due 2025-11-21 · Accountable: Findings Ledger Guild / `src/Findings/StellaOps.Findings.Ledger` | Findings Ledger Guild / `src/Findings/StellaOps.Findings.Ledger` | Orchestrator ledger export contract (Sprint 150.A) not published. <br><br> Document artefact/deliverable for LEDGER-34-101 and publish location so downstream tasks can proceed. |
| P3 | PREP-LEDGER-AIRGAP-56-001-MIRROR-BUNDLE-SCHEM | BLOCKED | Due 2025-11-21 · Accountable: Findings Ledger Guild / `src/Findings/StellaOps.Findings.Ledger` | Findings Ledger Guild / `src/Findings/StellaOps.Findings.Ledger` | Mirror bundle schema freeze outstanding. <br><br> Document artefact/deliverable for LEDGER-AIRGAP-56-001 and publish location so downstream tasks can proceed. |
| 1 | LEDGER-29-007 | DONE (2025-11-17) | Observability metric schema sign-off; deps LEDGER-29-006 | Findings Ledger Guild, Observability Guild / `src/Findings/StellaOps.Findings.Ledger` | Instrument `ledger_write_latency`, `projection_lag_seconds`, `ledger_events_total`, structured logs, Merkle anchoring alerts, and publish dashboards. |
| 2 | LEDGER-29-008 | BLOCKED | PREP-LEDGER-29-008-AWAIT-OBSERVABILITY-SCHEMA | Findings Ledger Guild, QA Guild / `src/Findings/StellaOps.Findings.Ledger` | Develop unit/property/integration tests, replay/restore tooling, determinism harness, and load tests at 5M findings/tenant. |
| 3 | LEDGER-29-009 | BLOCKED | Depends on LEDGER-29-008 harness results (5M replay + observability schema) | Findings Ledger Guild, DevOps Guild / `src/Findings/StellaOps.Findings.Ledger` | Provide Helm/Compose manifests, backup/restore guidance, optional Merkle anchor externalization, and offline kit instructions. |
| 4 | LEDGER-34-101 | BLOCKED | PREP-LEDGER-34-101-ORCHESTRATOR-LEDGER-EXPORT | Findings Ledger Guild / `src/Findings/StellaOps.Findings.Ledger` | Link orchestrator run ledger exports into Findings Ledger provenance chain, index by artifact hash, and expose audit queries. |
| 5 | LEDGER-AIRGAP-56-001 | BLOCKED | PREP-LEDGER-AIRGAP-56-001-MIRROR-BUNDLE-SCHEM | Findings Ledger Guild / `src/Findings/StellaOps.Findings.Ledger` | Record bundle provenance (`bundle_id`, `merkle_root`, `time_anchor`) on ledger events for advisories/VEX/policies imported via Mirror Bundles. |
| 6 | LEDGER-AIRGAP-56-002 | BLOCKED | Depends on LEDGER-AIRGAP-56-001 provenance schema | Findings Ledger Guild, AirGap Time Guild / `src/Findings/StellaOps.Findings.Ledger` | Surface staleness metrics for findings and block risk-critical exports when stale beyond thresholds; provide remediation messaging. |
| 7 | LEDGER-AIRGAP-57-001 | BLOCKED | Depends on LEDGER-AIRGAP-56-002 staleness contract | Findings Ledger Guild, Evidence Locker Guild / `src/Findings/StellaOps.Findings.Ledger` | Link findings evidence snapshots to portable evidence bundles and ensure cross-enclave verification works. |
| 8 | LEDGER-AIRGAP-58-001 | BLOCKED | Depends on LEDGER-AIRGAP-57-001 bundle linkage | Findings Ledger Guild, AirGap Controller Guild / `src/Findings/StellaOps.Findings.Ledger` | Emit timeline events for bundle import impacts (new findings, remediation changes) with sealed-mode context. |
| 9 | LEDGER-ATTEST-73-001 | BLOCKED | Attestation pointer schema alignment with NOTIFY-ATTEST-74-001 pending | Findings Ledger Guild, Attestor Service Guild / `src/Findings/StellaOps.Findings.Ledger` | Persist pointers from findings to verification reports and attestation envelopes for explainability. |
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-19 | Marked PREP tasks P1P3 BLOCKED: observability schema, orchestrator ledger export contract, and mirror bundle schema are still missing, keeping LEDGER-29-008/34-101/AIRGAP-56-* blocked. | Project Mgmt |
| 2025-11-13 09:30 | Documented Findings.I scope, milestones, and external dependencies; awaiting Observability + Orchestrator inputs before flipping any tasks to DOING. | Findings Ledger Guild |
| 2025-11-13 10:45 | Published `docs/modules/findings-ledger/observability.md` detailing metrics/logs/alerts required for LEDGER-29-007/008; sent draft to Observability Guild for review. | Findings Ledger Guild |
| 2025-11-19 09:30 | Reformatted Cluster snapshot into bullet list and confirmed Delivery Tracker already covers LEDGER-AIRGAP dependencies; no scope change. | Project Mgmt |
| 2025-11-13 11:20 | Added `docs/modules/findings-ledger/deployment.md` covering Compose/Helm rollout, migrations, backup/restore, and offline workflows for LEDGER-29-009. | Findings Ledger Guild |
| 2025-11-13 11:50 | Added `docs/modules/findings-ledger/replay-harness.md` outlining fixtures, CLI workflow, and reporting for LEDGER-29-008 determinism tests. | Findings Ledger Guild |
| 2025-11-13 12:05 | Drafted `docs/modules/findings-ledger/implementation_plan.md` summarizing phase sequencing and dependencies for Findings.I. | Findings Ledger Guild |
| 2025-11-13 12:25 | Authored `docs/modules/findings-ledger/airgap-provenance.md` detailing bundle provenance, staleness, evidence snapshot, and timeline requirements for LEDGER-AIRGAP-56/57/58. | Findings Ledger Guild |
| 2025-11-16 | Normalised sprint to standard template and renamed to `SPRINT_0120_0000_0001_policy_reasoning.md`; no content changes beyond reformat. | Project Management |
| 2025-11-16 | Added `src/Findings/AGENTS.md` synthesising required reading, boundaries, determinism/observability rules for implementers. | Project Management |
| 2025-11-17 | LEDGER-29-007 complete: dashboards + alert rules added to offline bundle; Cobertura coverage captured at `out/coverage/ledger/4d714ddd-216e-4643-ba81-2b8a4ffda218/coverage.cobertura.xml`; bundling script updated. | Findings Ledger Guild |
| 2025-11-17 | LEDGER-29-008 started: replay harness skeleton added (`src/Findings/tools/LedgerReplayHarness`), sample fixture + tests; currently BLOCKED awaiting Observability schema + ledger writer/projection contract + 5M fixture drop. | Findings Ledger Guild |
| 2025-11-18 | Reviewed remaining tasks: 29-009, 34-101, AIRGAP-56/57/58, and ATTEST-73 all blocked by upstream contracts (harness results, orchestrator export schema, mirror bundle freeze, attestation pointer spec); no new implementation started. | Findings Ledger Guild |
## Decisions & Risks
- Metric names locked by 2025-11-15 and documented in `docs/observability/policy.md` to avoid schema churn.
- Replay workload risk: 5M findings load may exceed lab capacity; mitigation is to use the QA replay rig and capture CPU/memory budgets in runbooks.
- Air-gap drift risk: mirror bundle format still moving; mitigation is to version the provenance schema and gate LEDGER-AIRGAP-* merges until docs/manifests updated.
- Cross-guild lag risk: Orchestrator/Attestor dependencies may delay provenance pointers; mitigation is weekly sync notes and feature flags so ledger work can land behind toggles.
- Implementer contract now anchored in `src/Findings/AGENTS.md`; keep in sync with module docs and update sprint log when changed.
- Current state (2025-11-18): all remaining tasks (29-009, 34-101, AIRGAP-56/57/58, ATTEST-73) blocked on upstream contracts: 5M harness + observability schema, orchestrator export contract, mirror bundle schema freeze, and attestation pointer spec respectively. Resume once those inputs land.
## Next Checkpoints
- 2025-11-15 · Metrics + dashboard schema sign-off — Observability Guild — unblocks LEDGER-29-007 instrumentation PR.
- 2025-11-18 · Determinism + replay harness dry-run at 5M findings — QA Guild — required before LEDGER-29-008 can close.
- 2025-11-20 · Helm/Compose manifests + backup doc review — DevOps Guild · AirGap Controller Guild — needed for LEDGER-29-009 + LEDGER-AIRGAP-56-001.
- 2025-11-22 · Mirror bundle provenance schema freeze — AirGap Time Guild — enables LEDGER-AIRGAP-56/57/58 sequencing.
- 2025-11-25 · Orchestrator ledger export contract signed — Orchestrator Guild — prerequisite for LEDGER-34-101 linkage.
# Sprint 0120-0000-0001 · Policy & Reasoning
## Topic & Scope
- Deliver ledger observability baselines (LEDGER-29-007/008/009) so Policy teams can trust ingestion, anchoring, and replay at >5M findings/tenant.
- Extend ledger provenance to orchestrator jobs, air-gapped bundle imports, and attestation evidence (LEDGER-34-101, LEDGER-AIRGAP-56/57/58, LEDGER-ATTEST-73-001).
- Ship deployment collateral (Helm/Compose, backup/restore, offline kit) so downstream guilds can adopt without bespoke guidance.
- Working directory: `src/Findings/StellaOps.Findings.Ledger`.
## Dependencies & Concurrency
- Upstream obligations: Sprint 110.A AdvisoryAI must land; Observability Guild must sign off `ledger_*` metric schema; mirror bundle schema freeze required before LEDGER-AIRGAP-*; attestation pointer schema must align with NOTIFY-ATTEST-74-001.
- Concurrency guardrails: execute tasks in order DOING → TODO → BLOCKED; orchestrator export contract is tracked with Sprint 150.A to avoid cross-guild contention.
- Entry criteria: upstream AdvisoryAI deliverables complete; Observability-approved metric names/labels; published mirror bundle schemas for AirGap kits.
- Exit criteria: metrics/logs/dashboards live in ops telemetry packs with alerts; determinism/load harness produces signed 5M findings report; deployment manifests + offline kits reviewed by DevOps/AirGap guilds; ledger records pointers to orchestrator runs, bundle provenance, and attestation envelopes.
**External dependency tracker**
| Dependency | Current state (2025-11-13) | Impact |
| --- | --- | --- |
| Sprint 110.A AdvisoryAI | DONE | Enables Findings.I start; monitor regressions. |
| Observability metric schema | IN REVIEW | Blocks LEDGER-29-007/008 dashboards. |
| Orchestrator job export contract | TODO | Required for LEDGER-34-101; tracked in Sprint 150.A wave table. |
| Mirror bundle schema | DRAFT | Needed for LEDGER-AIRGAP-56/57/58 messaging + manifests. |
| Attestation pointer schema | DRAFT | Needs alignment with NOTIFY-ATTEST-74-001 to reuse DSSE IDs. |
**Cluster snapshot**
- **Observability & diagnostics** (LEDGER-29-007/008 · Findings Ledger Guild · Observability Guild · QA Guild) — Status TODO. Metric/log spec captured in `docs/modules/findings-ledger/observability.md`; determinism harness spec in `docs/modules/findings-ledger/replay-harness.md`; sequencing documented in `docs/modules/findings-ledger/implementation_plan.md`. Awaiting Observability sign-off + Grafana JSON export (target 2025-11-15).
- **Deployment & backup** (LEDGER-29-009 · Findings Ledger Guild · DevOps Guild) — Status TODO. Baseline deployment/backup guide published (`docs/modules/findings-ledger/deployment.md`); need Compose/Helm overlays and automated migrations.
- **Orchestrator provenance** (LEDGER-34-101 · Findings Ledger Guild) — Status TODO. Blocked until Orchestrator exports job ledger payload; coordinate with Sprint 150.A deliverables.
- **Air-gap provenance & staleness** (LEDGER-AIRGAP-56/57/58 · Findings Ledger Guild · AirGap Guilds · Evidence Locker Guild) — Status TODO. Requirements captured in `docs/modules/findings-ledger/airgap-provenance.md`; waiting on mirror bundle schema freeze + AirGap controller inputs.
- **Attestation linkage** (LEDGER-ATTEST-73-001 · Findings Ledger Guild · Attestor Service Guild) — Status TODO. Waiting on attestation payload pointers from NOTIFY-ATTEST-74-001 work to reuse DSSE IDs.
## Documentation Prerequisites
- `docs/modules/findings-ledger/observability.md`
- `docs/modules/findings-ledger/replay-harness.md`
- `docs/modules/findings-ledger/deployment.md`
- `docs/modules/findings-ledger/implementation_plan.md`
- `docs/modules/findings-ledger/airgap-provenance.md`
- `docs/observability/policy.md`
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-LEDGER-29-008-AWAIT-OBSERVABILITY-SCHEMA | BLOCKED | Due 2025-11-21 · Accountable: Findings Ledger Guild, QA Guild / `src/Findings/StellaOps.Findings.Ledger` | Findings Ledger Guild, QA Guild / `src/Findings/StellaOps.Findings.Ledger` | Await Observability schema sign-off + ledger write endpoint contract; 5M fixture drop pending. <br><br> Document artefact/deliverable for LEDGER-29-008 and publish location so downstream tasks can proceed. |
| P2 | PREP-LEDGER-34-101-ORCHESTRATOR-LEDGER-EXPORT | BLOCKED | Due 2025-11-21 · Accountable: Findings Ledger Guild / `src/Findings/StellaOps.Findings.Ledger` | Findings Ledger Guild / `src/Findings/StellaOps.Findings.Ledger` | Orchestrator ledger export contract (Sprint 150.A) not published. <br><br> Document artefact/deliverable for LEDGER-34-101 and publish location so downstream tasks can proceed. |
| P3 | PREP-LEDGER-AIRGAP-56-001-MIRROR-BUNDLE-SCHEM | BLOCKED | Due 2025-11-21 · Accountable: Findings Ledger Guild / `src/Findings/StellaOps.Findings.Ledger` | Findings Ledger Guild / `src/Findings/StellaOps.Findings.Ledger` | Mirror bundle schema freeze outstanding. <br><br> Document artefact/deliverable for LEDGER-AIRGAP-56-001 and publish location so downstream tasks can proceed. |
| 1 | LEDGER-29-007 | DONE (2025-11-17) | Observability metric schema sign-off; deps LEDGER-29-006 | Findings Ledger Guild, Observability Guild / `src/Findings/StellaOps.Findings.Ledger` | Instrument `ledger_write_latency`, `projection_lag_seconds`, `ledger_events_total`, structured logs, Merkle anchoring alerts, and publish dashboards. |
| 2 | LEDGER-29-008 | BLOCKED | PREP-LEDGER-29-008-AWAIT-OBSERVABILITY-SCHEMA | Findings Ledger Guild, QA Guild / `src/Findings/StellaOps.Findings.Ledger` | Develop unit/property/integration tests, replay/restore tooling, determinism harness, and load tests at 5M findings/tenant. |
| 3 | LEDGER-29-009 | BLOCKED | Depends on LEDGER-29-008 harness results (5M replay + observability schema) | Findings Ledger Guild, DevOps Guild / `src/Findings/StellaOps.Findings.Ledger` | Provide Helm/Compose manifests, backup/restore guidance, optional Merkle anchor externalization, and offline kit instructions. |
| 4 | LEDGER-34-101 | BLOCKED | PREP-LEDGER-34-101-ORCHESTRATOR-LEDGER-EXPORT | Findings Ledger Guild / `src/Findings/StellaOps.Findings.Ledger` | Link orchestrator run ledger exports into Findings Ledger provenance chain, index by artifact hash, and expose audit queries. |
| 5 | LEDGER-AIRGAP-56-001 | BLOCKED | PREP-LEDGER-AIRGAP-56-001-MIRROR-BUNDLE-SCHEM | Findings Ledger Guild / `src/Findings/StellaOps.Findings.Ledger` | Record bundle provenance (`bundle_id`, `merkle_root`, `time_anchor`) on ledger events for advisories/VEX/policies imported via Mirror Bundles. |
| 6 | LEDGER-AIRGAP-56-002 | BLOCKED | Depends on LEDGER-AIRGAP-56-001 provenance schema | Findings Ledger Guild, AirGap Time Guild / `src/Findings/StellaOps.Findings.Ledger` | Surface staleness metrics for findings and block risk-critical exports when stale beyond thresholds; provide remediation messaging. |
| 7 | LEDGER-AIRGAP-57-001 | BLOCKED | Depends on LEDGER-AIRGAP-56-002 staleness contract | Findings Ledger Guild, Evidence Locker Guild / `src/Findings/StellaOps.Findings.Ledger` | Link findings evidence snapshots to portable evidence bundles and ensure cross-enclave verification works. |
| 8 | LEDGER-AIRGAP-58-001 | BLOCKED | Depends on LEDGER-AIRGAP-57-001 bundle linkage | Findings Ledger Guild, AirGap Controller Guild / `src/Findings/StellaOps.Findings.Ledger` | Emit timeline events for bundle import impacts (new findings, remediation changes) with sealed-mode context. |
| 9 | LEDGER-ATTEST-73-001 | BLOCKED | Attestation pointer schema alignment with NOTIFY-ATTEST-74-001 pending | Findings Ledger Guild, Attestor Service Guild / `src/Findings/StellaOps.Findings.Ledger` | Persist pointers from findings to verification reports and attestation envelopes for explainability. |
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-19 | Marked PREP tasks P1P3 BLOCKED: observability schema, orchestrator ledger export contract, and mirror bundle schema are still missing, keeping LEDGER-29-008/34-101/AIRGAP-56-* blocked. | Project Mgmt |
| 2025-11-13 09:30 | Documented Findings.I scope, milestones, and external dependencies; awaiting Observability + Orchestrator inputs before flipping any tasks to DOING. | Findings Ledger Guild |
| 2025-11-13 10:45 | Published `docs/modules/findings-ledger/observability.md` detailing metrics/logs/alerts required for LEDGER-29-007/008; sent draft to Observability Guild for review. | Findings Ledger Guild |
| 2025-11-19 09:30 | Reformatted Cluster snapshot into bullet list and confirmed Delivery Tracker already covers LEDGER-AIRGAP dependencies; no scope change. | Project Mgmt |
| 2025-11-13 11:20 | Added `docs/modules/findings-ledger/deployment.md` covering Compose/Helm rollout, migrations, backup/restore, and offline workflows for LEDGER-29-009. | Findings Ledger Guild |
| 2025-11-13 11:50 | Added `docs/modules/findings-ledger/replay-harness.md` outlining fixtures, CLI workflow, and reporting for LEDGER-29-008 determinism tests. | Findings Ledger Guild |
| 2025-11-13 12:05 | Drafted `docs/modules/findings-ledger/implementation_plan.md` summarizing phase sequencing and dependencies for Findings.I. | Findings Ledger Guild |
| 2025-11-13 12:25 | Authored `docs/modules/findings-ledger/airgap-provenance.md` detailing bundle provenance, staleness, evidence snapshot, and timeline requirements for LEDGER-AIRGAP-56/57/58. | Findings Ledger Guild |
| 2025-11-16 | Normalised sprint to standard template and renamed to `SPRINT_0120_0000_0001_policy_reasoning.md`; no content changes beyond reformat. | Project Management |
| 2025-11-16 | Added `src/Findings/AGENTS.md` synthesising required reading, boundaries, determinism/observability rules for implementers. | Project Management |
| 2025-11-17 | LEDGER-29-007 complete: dashboards + alert rules added to offline bundle; Cobertura coverage captured at `out/coverage/ledger/4d714ddd-216e-4643-ba81-2b8a4ffda218/coverage.cobertura.xml`; bundling script updated. | Findings Ledger Guild |
| 2025-11-17 | LEDGER-29-008 started: replay harness skeleton added (`src/Findings/tools/LedgerReplayHarness`), sample fixture + tests; currently BLOCKED awaiting Observability schema + ledger writer/projection contract + 5M fixture drop. | Findings Ledger Guild |
| 2025-11-18 | Reviewed remaining tasks: 29-009, 34-101, AIRGAP-56/57/58, and ATTEST-73 all blocked by upstream contracts (harness results, orchestrator export schema, mirror bundle freeze, attestation pointer spec); no new implementation started. | Findings Ledger Guild |
## Decisions & Risks
- Metric names locked by 2025-11-15 and documented in `docs/observability/policy.md` to avoid schema churn.
- Replay workload risk: 5M findings load may exceed lab capacity; mitigation is to use the QA replay rig and capture CPU/memory budgets in runbooks.
- Air-gap drift risk: mirror bundle format still moving; mitigation is to version the provenance schema and gate LEDGER-AIRGAP-* merges until docs/manifests updated.
- Cross-guild lag risk: Orchestrator/Attestor dependencies may delay provenance pointers; mitigation is weekly sync notes and feature flags so ledger work can land behind toggles.
- Implementer contract now anchored in `src/Findings/AGENTS.md`; keep in sync with module docs and update sprint log when changed.
- Current state (2025-11-18): all remaining tasks (29-009, 34-101, AIRGAP-56/57/58, ATTEST-73) blocked on upstream contracts: 5M harness + observability schema, orchestrator export contract, mirror bundle schema freeze, and attestation pointer spec respectively. Resume once those inputs land.
## Next Checkpoints
- 2025-11-15 · Metrics + dashboard schema sign-off — Observability Guild — unblocks LEDGER-29-007 instrumentation PR.
- 2025-11-18 · Determinism + replay harness dry-run at 5M findings — QA Guild — required before LEDGER-29-008 can close.
- 2025-11-20 · Helm/Compose manifests + backup doc review — DevOps Guild · AirGap Controller Guild — needed for LEDGER-29-009 + LEDGER-AIRGAP-56-001.
- 2025-11-22 · Mirror bundle provenance schema freeze — AirGap Time Guild — enables LEDGER-AIRGAP-56/57/58 sequencing.
- 2025-11-25 · Orchestrator ledger export contract signed — Orchestrator Guild — prerequisite for LEDGER-34-101 linkage.

11
docs/implplan/SPRINT_0121_0001_0001_policy_reasoning.md
View File

@@ -33,8 +33,8 @@
| P6 | PREP-LEDGER-OBS-54-001-NO-HTTP-SURFACE-MINIMA | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Findings Ledger Guild; Provenance Guild / src/Findings/StellaOps.Findings.Ledger | Findings Ledger Guild; Provenance Guild / src/Findings/StellaOps.Findings.Ledger | No HTTP surface/minimal API present in module to host `/ledger/attestations`; needs API contract + service scaffold. <br><br> Prep artefact now available: `docs/modules/findings-ledger/prep/ledger-attestations-http.md` defining `/v1/ledger/attestations` contract; service surface still required. |
| P7 | PREP-LEDGER-OBS-55-001-DEPENDS-ON-54-001-ATTE | DONE (2025-11-20) | Due 2025-11-22 · Accountable: Findings Ledger Guild; DevOps Guild / src/Findings/StellaOps.Findings.Ledger | Findings Ledger Guild; DevOps Guild / src/Findings/StellaOps.Findings.Ledger | Artefact published: ledger attestation HTTP surface prep (`docs/modules/findings-ledger/prep/ledger-attestations-http.md`) outlining `/v1/ledger/attestations` contract; pagination, determinism, and fields defined. |
| P8 | PREP-LEDGER-PACKS-42-001-SNAPSHOT-TIME-TRAVEL | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | Snapshot/time-travel contract and bundle format not specified; needs design input. <br><br> Document artefact/deliverable for LEDGER-PACKS-42-001 and publish location so downstream tasks can proceed. |
| P9 | PREP-LEDGER-RISK-66-001-RISK-ENGINE-SCHEMA-CO | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Findings Ledger Guild; Risk Engine Guild / src/Findings/StellaOps.Findings.Ledger | Findings Ledger Guild; Risk Engine Guild / src/Findings/StellaOps.Findings.Ledger | Risk Engine schema/contract inputs absent; requires risk field definitions + rollout plan. <br><br> Document artefact/deliverable for LEDGER-RISK-66-001 and publish location so downstream tasks can proceed. |
| P10 | PREP-LEDGER-RISK-66-002-DEPENDS-ON-66-001-MIG | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | Depends on 66-001 migration + risk scoring contract. <br><br> Document artefact/deliverable for LEDGER-RISK-66-002 and publish location so downstream tasks can proceed. |
| P9 | PREP-LEDGER-RISK-66-001-RISK-ENGINE-SCHEMA-CO | DONE (2025-11-21) | Due 2025-11-22 · Accountable: Findings Ledger Guild; Risk Engine Guild / src/Findings/StellaOps.Findings.Ledger | Findings Ledger Guild; Risk Engine Guild / src/Findings/StellaOps.Findings.Ledger | Prep doc published at `docs/modules/findings-ledger/prep/2025-11-20-ledger-risk-prep.md`; risk fields and rollout plan defined for downstream implementation. |
| P10 | PREP-LEDGER-RISK-66-002-DEPENDS-ON-66-001-MIG | DONE (2025-11-21) | Due 2025-11-22 · Accountable: Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | Depends on 66-001 migration + risk scoring contract. Prep doc published at `docs/modules/findings-ledger/prep/2025-11-20-ledger-risk-prep.md`. |
| 1 | LEDGER-ATTEST-73-002 | BLOCKED | Waiting on LEDGER-ATTEST-73-001 verification pipeline delivery | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | Enable search/filter in findings projections by verification result and attestation status |
| 2 | LEDGER-EXPORT-35-001 | DOING (2025-11-20) | Findings export endpoint implemented; VEX/advisory/SBOM endpoints stubbed pending schemas | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | Provide paginated streaming endpoints for advisories, VEX, SBOMs, and findings with deterministic ordering and provenance metadata |
| 3 | LEDGER-OAS-61-001 | BLOCKED | PREP-LEDGER-OAS-61-001-ABSENT-OAS-BASELINE-AN | Findings Ledger Guild; API Contracts Guild / src/Findings/StellaOps.Findings.Ledger | Expand Findings Ledger OAS to include projections, evidence lookups, and filter parameters with examples |
@@ -48,13 +48,14 @@
| 11 | LEDGER-OBS-54-001 | BLOCKED | PREP-LEDGER-OBS-54-001-NO-HTTP-SURFACE-MINIMA | Findings Ledger Guild; Provenance Guild / src/Findings/StellaOps.Findings.Ledger | Verify attestation references for ledger-derived exports; expose `/ledger/attestations` endpoint returning DSSE verification state and chain-of-custody summary |
| 12 | LEDGER-OBS-55-001 | BLOCKED | PREP-LEDGER-OBS-55-001-DEPENDS-ON-54-001-ATTE | Findings Ledger Guild; DevOps Guild / src/Findings/StellaOps.Findings.Ledger | Enhance incident mode to record replay diagnostics (lag traces, conflict snapshots), extend retention while active, and emit activation events to timeline/notifier |
| 13 | LEDGER-PACKS-42-001 | BLOCKED | PREP-LEDGER-PACKS-42-001-SNAPSHOT-TIME-TRAVEL | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | Provide snapshot/time-travel APIs and digestible exports for task pack simulation and CLI offline mode |
| 14 | LEDGER-RISK-66-001 | BLOCKED | PREP-LEDGER-RISK-66-001-RISK-ENGINE-SCHEMA-CO | Findings Ledger Guild; Risk Engine Guild / src/Findings/StellaOps.Findings.Ledger | Add schema migrations for `risk_score`, `risk_severity`, `profile_version`, `explanation_id`, and supporting indexes |
| 15 | LEDGER-RISK-66-002 | BLOCKED | PREP-LEDGER-RISK-66-002-DEPENDS-ON-66-001-MIG | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | Implement deterministic upsert of scoring results keyed by finding hash/profile version with history audit |
| 14 | LEDGER-RISK-66-001 | DONE (2025-11-21) | PREP-LEDGER-RISK-66-001-RISK-ENGINE-SCHEMA-CO | Findings Ledger Guild; Risk Engine Guild / src/Findings/StellaOps.Findings.Ledger | Add schema migrations for `risk_score`, `risk_severity`, `profile_version`, `explanation_id`, and supporting indexes |
| 15 | LEDGER-RISK-66-002 | DONE (2025-11-21) | PREP-LEDGER-RISK-66-002-DEPENDS-ON-66-001-MIG | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | Implement deterministic upsert of scoring results keyed by finding hash/profile version with history audit |
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Published ledger OBS/pack/risk prep docs (docs/modules/findings-ledger/prep/2025-11-20-ledger-obs-54-001-prep.md, ...ledger-packs-42-001-prep.md, ...ledger-risk-66-prep.md); set PREP-LEDGER-OBS-54-001, PACKS-42-001, RISK-66-001/002 to DOING. | Project Mgmt |
| 2025-11-21 | Implemented LEDGER-RISK-66-001/002: added risk fields + index migration, policy evaluation payload plumbing, projection hashing, and repository storage; updated docs/schema and marked tasks DONE. | Findings Ledger |
| 2025-11-20 | Added authenticated export endpoints for findings/vex/advisories/sboms (stub responses) and paging contracts; awaiting schema/tables to back VEX/advisory/SBOM queries. Export paging unit tests passing via isolated test project. | Findings Ledger |
| 2025-11-20 | Began implementing LEDGER-EXPORT-35-001 HTTP surface (findings export endpoint + paging/token hash) in WebService; tests pending due to existing harness build failures. | Findings Ledger |
| 2025-11-20 | Completed PREP-LEDGER-EXPORT-35-001: published export HTTP surface and filters spec at `docs/modules/findings-ledger/export-http-surface.md`; unblocked LEDGER-EXPORT-35-001 (status TODO). | Planning |
@@ -79,7 +80,7 @@
- Export/SDK contract changes must remain deterministic to support offline bundles.
- Export HTTP surface spec published at `docs/modules/findings-ledger/export-http-surface.md`; downstream OAS/SDK tasks must derive contracts from this document to avoid drift.
- LEDGER-OBS-54-001 blocked: Findings Ledger module currently lacks HTTP/minimal API surface to expose `/ledger/attestations`; requires contract + service scaffold (engage API Contracts & Provenance guilds).
- Current state: findings export endpoint and paging contracts implemented; VEX/advisory/SBOM endpoints stubbed (auth + shape) but await underlying projection/query schemas. Remaining tasks in this sprint and adjacent sprints (0120, 0122) stay blocked by missing risk schema, OAS/SDK contracts, and DB/RLS design inputs.
- Current state: findings export endpoint and paging contracts implemented; VEX/advisory/SBOM endpoints stubbed (auth + shape) but await underlying projection/query schemas. Risk schema/implementation (LEDGER-RISK-66-001/002) delivered. Remaining blockers: OAS/SDK surface (61/62/63), attestation HTTP host (OBS-54/55), and packs time-travel contract (PACKS-42-001).
## Next Checkpoints
- Schedule cross-guild kickoff for week of 2025-11-24 once dependency clears.

133
docs/implplan/SPRINT_0123_0001_0001_policy_reasoning.md
View File

@@ -1,74 +1,77 @@
# Sprint 0123-0001-0001 · Policy & Reasoning (Policy Engine)
## Topic & Scope
- Extend Policy Engine with export, air-gap, AOC linting, and attestation surfaces while keeping evidence aggregation-only.
- Ensure Console export and air-gap bundles depend on frozen bundle/DSSE schemas before implementation.
- Align policy attestation and linting with Authority/Attestor/Console contracts; avoid inferred verdicts.
- **Working directory:** `src/Policy/StellaOps.Policy.Engine` (and `src/Policy/__Libraries/StellaOps.Policy`).
## Dependencies & Concurrency
- Upstream: Export bundle schema + scheduler job spec; mirror bundle/air-gap schema and sealed-mode rules; Attestor verification policy schema; Authority `effective:write` contract; Console API filters/pagination spec.
- Concurrency: Execute tasks in table order (DOING → TODO → BLOCKED). All tasks currently blocked pending upstream contracts; no parallel execution until contracts land.
## Documentation Prerequisites
- `docs/README.md`
- `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
- `docs/modules/platform/architecture-overview.md`
- `docs/modules/policy/architecture.md`
- Any export/air-gap/attestation contract docs once published.
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-EXPORT-CONSOLE-23-001-MISSING-EXPORT-BUN | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild · Scheduler Guild · Observability Guild | Policy Guild · Scheduler Guild · Observability Guild | Missing export bundle contract/API surface and scheduler job spec for Console. <br><br> Document artefact/deliverable for EXPORT-CONSOLE-23-001 and publish location so downstream tasks can proceed. |
| P2 | PREP-POLICY-AIRGAP-56-001-MIRROR-BUNDLE-SCHEM | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild | Policy Guild | Mirror bundle schema not published; requires bundle_id/provenance fields + sealed-mode rules. <br><br> Document artefact/deliverable for POLICY-AIRGAP-56-001 and publish location so downstream tasks can proceed. |
| P3 | PREP-POLICY-AIRGAP-56-002-DEPENDS-ON-56-001-B | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild · Policy Studio Guild | Policy Guild · Policy Studio Guild | Depends on 56-001 bundle import schema + DSSE signing profile. <br><br> Document artefact/deliverable for POLICY-AIRGAP-56-002 and publish location so downstream tasks can proceed. |
| P4 | PREP-POLICY-AIRGAP-57-001-REQUIRES-SEALED-MOD | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild · AirGap Policy Guild | Policy Guild · AirGap Policy Guild | Requires sealed-mode contract after 56-002. <br><br> Document artefact/deliverable for POLICY-AIRGAP-57-001 and publish location so downstream tasks can proceed. |
| P5 | PREP-POLICY-AIRGAP-57-002-NEEDS-STALENESS-FAL | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild · AirGap Time Guild | Policy Guild · AirGap Time Guild | Needs staleness/fallback data contract from 57-001. <br><br> Document artefact/deliverable for POLICY-AIRGAP-57-002 and publish location so downstream tasks can proceed. |
| P6 | PREP-POLICY-AIRGAP-58-001-NOTIFICATION-SCHEMA | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild · Notifications Guild | Policy Guild · Notifications Guild | Notification schema and staleness signals pending from 57-002. <br><br> Document artefact/deliverable for POLICY-AIRGAP-58-001 and publish location so downstream tasks can proceed. |
| P7 | PREP-POLICY-AOC-19-001-LINTING-TARGETS-SPEC-A | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild | Policy Guild | Linting targets/spec absent; no analyzer contract. <br><br> Document artefact/deliverable for POLICY-AOC-19-001 and publish location so downstream tasks can proceed. |
| P8 | PREP-POLICY-AOC-19-002-DEPENDS-ON-19-001-LINT | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild · Platform Security | Policy Guild · Platform Security | Depends on 19-001 lint + Authority `effective:write` contract. <br><br> Document artefact/deliverable for POLICY-AOC-19-002 and publish location so downstream tasks can proceed. |
| P9 | PREP-POLICY-AOC-19-003-REQUIRES-POST-19-002-N | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild | Policy Guild | Requires post-19-002 normalized-field removal contract/fixtures. <br><br> Document artefact/deliverable for POLICY-AOC-19-003 and publish location so downstream tasks can proceed. |
| P10 | PREP-POLICY-AOC-19-004-DEPENDS-ON-19-003-SHAP | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild · QA Guild | Policy Guild · QA Guild | Depends on 19-003 shape + determinism fixtures. <br><br> Document artefact/deliverable for POLICY-AOC-19-004 and publish location so downstream tasks can proceed. |
| P11 | PREP-POLICY-ATTEST-73-001-VERIFICATIONPOLICY | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild · Attestor Service Guild | Policy Guild · Attestor Service Guild | VerificationPolicy schema/persistence contract missing; Attestor alignment needed. <br><br> Document artefact/deliverable for POLICY-ATTEST-73-001 and publish location so downstream tasks can proceed. |
| P12 | PREP-POLICY-ATTEST-73-002-DEPENDS-ON-73-001-E | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild | Policy Guild | Depends on 73-001 editor DTOs/validation schema. <br><br> Document artefact/deliverable for POLICY-ATTEST-73-002 and publish location so downstream tasks can proceed. |
| P13 | PREP-POLICY-ATTEST-74-001-REQUIRES-73-002-ATT | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild · Attestor Service Guild | Policy Guild · Attestor Service Guild | Requires 73-002 + Attestor pipeline contract. <br><br> Document artefact/deliverable for POLICY-ATTEST-74-001 and publish location so downstream tasks can proceed. |
| P14 | PREP-POLICY-ATTEST-74-002-NEEDS-74-001-SURFAC | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild · Console Guild | Policy Guild · Console Guild | Needs 74-001 surfaced in Console verification reports contract. <br><br> Document artefact/deliverable for POLICY-ATTEST-74-002 and publish location so downstream tasks can proceed. |
| P15 | PREP-POLICY-CONSOLE-23-001-CONSOLE-API-CONTRA | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild · BE-Base Platform Guild | Policy Guild · BE-Base Platform Guild | Console API contract (filters/pagination/aggregation) absent. <br><br> Document artefact/deliverable for POLICY-CONSOLE-23-001 and publish location so downstream tasks can proceed. |
| 1 | EXPORT-CONSOLE-23-001 | BLOCKED | PREP-EXPORT-CONSOLE-23-001-MISSING-EXPORT-BUN | Policy Guild · Scheduler Guild · Observability Guild | Implement Console export endpoints/jobs once schema + job wiring are defined. |
| 2 | POLICY-AIRGAP-56-001 | BLOCKED | PREP-POLICY-AIRGAP-56-001-MIRROR-BUNDLE-SCHEM | Policy Guild | Air-gap bundle import support for policy packs. |
| 3 | POLICY-AIRGAP-56-002 | BLOCKED | PREP-POLICY-AIRGAP-56-002-DEPENDS-ON-56-001-B | Policy Guild · Policy Studio Guild | Air-gap sealed-mode handling for policy packs. |
| 4 | POLICY-AIRGAP-57-001 | BLOCKED | PREP-POLICY-AIRGAP-57-001-REQUIRES-SEALED-MOD | Policy Guild · AirGap Policy Guild | Sealed-mode error handling for policy packs. |
| 5 | POLICY-AIRGAP-57-002 | BLOCKED | PREP-POLICY-AIRGAP-57-002-NEEDS-STALENESS-FAL | Policy Guild · AirGap Time Guild | Staleness/fallback signaling for policy packs. |
| 6 | POLICY-AIRGAP-58-001 | BLOCKED | PREP-POLICY-AIRGAP-58-001-NOTIFICATION-SCHEMA | Policy Guild · Notifications Guild | Notifications for air-gap policy pack changes. |
| 7 | POLICY-AOC-19-001 | BLOCKED | PREP-POLICY-AOC-19-001-LINTING-TARGETS-SPEC-A | Policy Guild | Implement linting for ingestion projects/helpers. |
| 8 | POLICY-AOC-19-002 | BLOCKED | PREP-POLICY-AOC-19-002-DEPENDS-ON-19-001-LINT | Policy Guild · Platform Security | Enforce `effective:write` gate. |
| 9 | POLICY-AOC-19-003 | BLOCKED | PREP-POLICY-AOC-19-003-REQUIRES-POST-19-002-N | Policy Guild | Remove normalized fields per contract. |
| 10 | POLICY-AOC-19-004 | BLOCKED | PREP-POLICY-AOC-19-004-DEPENDS-ON-19-003-SHAP | Policy Guild · QA Guild | Determinism/fixtures for normalized-field removal. |
| 11 | POLICY-ATTEST-73-001 | BLOCKED | PREP-POLICY-ATTEST-73-001-VERIFICATIONPOLICY | Policy Guild · Attestor Service Guild | Persist verification policy schema. |
| 12 | POLICY-ATTEST-73-002 | BLOCKED | PREP-POLICY-ATTEST-73-002-DEPENDS-ON-73-001-E | Policy Guild | Editor DTOs/validation for verification policy. |
| 13 | POLICY-ATTEST-74-001 | BLOCKED | PREP-POLICY-ATTEST-74-001-REQUIRES-73-002-ATT | Policy Guild · Attestor Service Guild | Surface attestation reports. |
| 14 | POLICY-ATTEST-74-002 | BLOCKED | PREP-POLICY-ATTEST-74-002-NEEDS-74-001-SURFAC | Policy Guild · Console Guild | Console report integration. |
| 15 | POLICY-CONSOLE-23-001 | BLOCKED | PREP-POLICY-CONSOLE-23-001-CONSOLE-API-CONTRA | Policy Guild · BE-Base Platform Guild | Expose policy data to Console once API spec lands. |
## Execution Log
# Sprint 0123-0001-0001 · Policy & Reasoning (Policy Engine)
## Topic & Scope
- Extend Policy Engine with export, air-gap, AOC linting, and attestation surfaces while keeping evidence aggregation-only.
- Ensure Console export and air-gap bundles depend on frozen bundle/DSSE schemas before implementation.
- Align policy attestation and linting with Authority/Attestor/Console contracts; avoid inferred verdicts.
- **Working directory:** `src/Policy/StellaOps.Policy.Engine` (and `src/Policy/__Libraries/StellaOps.Policy`).
## Dependencies & Concurrency
- Upstream: Export bundle schema + scheduler job spec; mirror bundle/air-gap schema and sealed-mode rules; Attestor verification policy schema; Authority `effective:write` contract; Console API filters/pagination spec.
- Concurrency: Execute tasks in table order (DOING → TODO → BLOCKED). All tasks currently blocked pending upstream contracts; no parallel execution until contracts land.
## Documentation Prerequisites
- `docs/README.md`
- `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
- `docs/modules/platform/architecture-overview.md`
- `docs/modules/policy/architecture.md`
- Any export/air-gap/attestation contract docs once published.
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-EXPORT-CONSOLE-23-001-MISSING-EXPORT-BUN | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild · Scheduler Guild · Observability Guild | Policy Guild · Scheduler Guild · Observability Guild | Missing export bundle contract/API surface and scheduler job spec for Console. <br><br> Prep artefact: `docs/modules/policy/design/export-console-bundle-contract.md`. |
| P2 | PREP-POLICY-AIRGAP-56-001-MIRROR-BUNDLE-SCHEM | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Policy Guild | Policy Guild | Mirror bundle schema not published; requires bundle_id/provenance fields + sealed-mode rules. <br><br> Prep artefact: `docs/modules/policy/prep/2025-11-20-policy-airgap-prep.md`. |
| P3 | PREP-POLICY-AIRGAP-56-002-DEPENDS-ON-56-001-B | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Policy Guild · Policy Studio Guild | Policy Guild · Policy Studio Guild | Depends on 56-001 bundle import schema + DSSE signing profile. <br><br> Prep artefact: `docs/modules/policy/prep/2025-11-20-policy-airgap-prep.md`. |
| P4 | PREP-POLICY-AIRGAP-57-001-REQUIRES-SEALED-MOD | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Policy Guild · AirGap Policy Guild | Policy Guild · AirGap Policy Guild | Requires sealed-mode contract after 56-002. <br><br> Prep artefact: `docs/modules/policy/prep/2025-11-20-policy-airgap-prep.md`. |
| P5 | PREP-POLICY-AIRGAP-57-002-NEEDS-STALENESS-FAL | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Policy Guild · AirGap Time Guild | Policy Guild · AirGap Time Guild | Needs staleness/fallback data contract from 57-001. <br><br> Prep artefact: `docs/modules/policy/prep/2025-11-20-policy-airgap-prep.md`. |
| P6 | PREP-POLICY-AIRGAP-58-001-NOTIFICATION-SCHEMA | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Policy Guild · Notifications Guild | Policy Guild · Notifications Guild | Notification schema and staleness signals pending from 57-002. <br><br> Prep artefact: `docs/modules/policy/prep/2025-11-20-policy-airgap-prep.md`. |
| P7 | PREP-POLICY-AOC-19-001-LINTING-TARGETS-SPEC-A | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Policy Guild | Policy Guild | Linting targets/spec absent; no analyzer contract. <br><br> Prep artefact: `docs/modules/policy/prep/2025-11-20-policy-aoc-prep.md`. |
| P8 | PREP-POLICY-AOC-19-002-DEPENDS-ON-19-001-LINT | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Policy Guild · Platform Security | Policy Guild · Platform Security | Depends on 19-001 lint + Authority `effective:write` contract. <br><br> Prep artefact: `docs/modules/policy/prep/2025-11-20-policy-aoc-prep.md`. |
| P9 | PREP-POLICY-AOC-19-003-REQUIRES-POST-19-002-N | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Policy Guild | Policy Guild | Requires post-19-002 normalized-field removal contract/fixtures. <br><br> Prep artefact: `docs/modules/policy/prep/2025-11-20-policy-aoc-prep.md`. |
| P10 | PREP-POLICY-AOC-19-004-DEPENDS-ON-19-003-SHAP | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Policy Guild · QA Guild | Policy Guild · QA Guild | Depends on 19-003 shape + determinism fixtures. <br><br> Prep artefact: `docs/modules/policy/prep/2025-11-20-policy-aoc-prep.md`. |
| P11 | PREP-POLICY-ATTEST-73-001-VERIFICATIONPOLICY | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Policy Guild · Attestor Service Guild | Policy Guild · Attestor Service Guild | VerificationPolicy schema/persistence contract missing; Attestor alignment needed. <br><br> Prep artefact: `docs/modules/policy/prep/2025-11-20-policy-attest-prep.md`. |
| P12 | PREP-POLICY-ATTEST-73-002-DEPENDS-ON-73-001-E | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Policy Guild | Policy Guild | Depends on 73-001 editor DTOs/validation schema. <br><br> Prep artefact: `docs/modules/policy/prep/2025-11-20-policy-attest-prep.md`. |
| P13 | PREP-POLICY-ATTEST-74-001-REQUIRES-73-002-ATT | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Policy Guild · Attestor Service Guild | Policy Guild · Attestor Service Guild | Requires 73-002 + Attestor pipeline contract. <br><br> Prep artefact: `docs/modules/policy/prep/2025-11-20-policy-attest-prep.md`. |
| P14 | PREP-POLICY-ATTEST-74-002-NEEDS-74-001-SURFAC | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Policy Guild · Console Guild | Policy Guild · Console Guild | Needs 74-001 surfaced in Console verification reports contract. <br><br> Prep artefact: `docs/modules/policy/prep/2025-11-20-policy-attest-prep.md`. |
| P15 | PREP-POLICY-CONSOLE-23-001-CONSOLE-API-CONTRA | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild · BE-Base Platform Guild | Policy Guild · BE-Base Platform Guild | Console API contract (filters/pagination/aggregation) absent. <br><br> Document artefact/deliverable for POLICY-CONSOLE-23-001 and publish location so downstream tasks can proceed. |
| 1 | EXPORT-CONSOLE-23-001 | BLOCKED | PREP-EXPORT-CONSOLE-23-001-MISSING-EXPORT-BUN | Policy Guild · Scheduler Guild · Observability Guild | Implement Console export endpoints/jobs once schema + job wiring are defined. |
| 2 | POLICY-AIRGAP-56-001 | BLOCKED | PREP-POLICY-AIRGAP-56-001-MIRROR-BUNDLE-SCHEM | Policy Guild | Air-gap bundle import support for policy packs. |
| 3 | POLICY-AIRGAP-56-002 | BLOCKED | PREP-POLICY-AIRGAP-56-002-DEPENDS-ON-56-001-B | Policy Guild · Policy Studio Guild | Air-gap sealed-mode handling for policy packs. |
| 4 | POLICY-AIRGAP-57-001 | BLOCKED | PREP-POLICY-AIRGAP-57-001-REQUIRES-SEALED-MOD | Policy Guild · AirGap Policy Guild | Sealed-mode error handling for policy packs. |
| 5 | POLICY-AIRGAP-57-002 | BLOCKED | PREP-POLICY-AIRGAP-57-002-NEEDS-STALENESS-FAL | Policy Guild · AirGap Time Guild | Staleness/fallback signaling for policy packs. |
| 6 | POLICY-AIRGAP-58-001 | BLOCKED | PREP-POLICY-AIRGAP-58-001-NOTIFICATION-SCHEMA | Policy Guild · Notifications Guild | Notifications for air-gap policy pack changes. |
| 7 | POLICY-AOC-19-001 | BLOCKED | PREP-POLICY-AOC-19-001-LINTING-TARGETS-SPEC-A | Policy Guild | Implement linting for ingestion projects/helpers. |
| 8 | POLICY-AOC-19-002 | BLOCKED | PREP-POLICY-AOC-19-002-DEPENDS-ON-19-001-LINT | Policy Guild · Platform Security | Enforce `effective:write` gate. |
| 9 | POLICY-AOC-19-003 | BLOCKED | PREP-POLICY-AOC-19-003-REQUIRES-POST-19-002-N | Policy Guild | Remove normalized fields per contract. |
| 10 | POLICY-AOC-19-004 | BLOCKED | PREP-POLICY-AOC-19-004-DEPENDS-ON-19-003-SHAP | Policy Guild · QA Guild | Determinism/fixtures for normalized-field removal. |
| 11 | POLICY-ATTEST-73-001 | BLOCKED | PREP-POLICY-ATTEST-73-001-VERIFICATIONPOLICY | Policy Guild · Attestor Service Guild | Persist verification policy schema. |
| 12 | POLICY-ATTEST-73-002 | BLOCKED | PREP-POLICY-ATTEST-73-002-DEPENDS-ON-73-001-E | Policy Guild | Editor DTOs/validation for verification policy. |
| 13 | POLICY-ATTEST-74-001 | BLOCKED | PREP-POLICY-ATTEST-74-001-REQUIRES-73-002-ATT | Policy Guild · Attestor Service Guild | Surface attestation reports. |
| 14 | POLICY-ATTEST-74-002 | BLOCKED | PREP-POLICY-ATTEST-74-002-NEEDS-74-001-SURFAC | Policy Guild · Console Guild | Console report integration. |
| 15 | POLICY-CONSOLE-23-001 | BLOCKED | PREP-POLICY-CONSOLE-23-001-CONSOLE-API-CONTRA | Policy Guild · BE-Base Platform Guild | Expose policy data to Console once API spec lands. |
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Started PREP air-gap chain (56-001..58-001), AOC chain (19-001..19-004), and attestation chain (73-001..74-002); published prep drafts under `docs/modules/policy/prep/2025-11-20-policy-*.md` after confirming no other owners were active. | Project Mgmt |
| 2025-11-19 | Removed trailing hyphen from PREP-POLICY-ATTEST-73-001-VERIFICATIONPOLICY so dependent task resolves correctly. | Project Mgmt |
| 2025-11-19 | Marked PREP tasks P1P15 BLOCKED: export bundle schema, mirror/air-gap schemas, lint targets, attestation verification schemas, and Console API contract remain unpublished, keeping downstream POLICY/ATTEST/AIRGAP/CONSOLE work gated. | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-08 | Sprint created; awaiting staffing. | Planning |
| 2025-11-18 | Attempted EXPORT-CONSOLE-23-001; blocked due to missing export bundle/schema and scheduler job contract. Marked all tasks BLOCKED pending lint/airgap/attest/Console contracts. | Policy Guild |
| 2025-11-19 | Converted legacy file `SPRINT_123_policy_reasoning.md` into redirect stub pointing here to avoid divergent updates. | Implementer |
| 2025-11-19 | Normalised sprint to standard template and renamed from `SPRINT_123_policy_reasoning.md` to `SPRINT_0123_0001_0001_policy_reasoning.md`; content preserved; all tasks remain BLOCKED. | Implementer |
## Decisions & Risks
| 2025-11-08 | Sprint created; awaiting staffing. | Planning |
| 2025-11-18 | Attempted EXPORT-CONSOLE-23-001; blocked due to missing export bundle/schema and scheduler job contract. Marked all tasks BLOCKED pending lint/airgap/attest/Console contracts. | Policy Guild |
| 2025-11-19 | Converted legacy file `SPRINT_123_policy_reasoning.md` into redirect stub pointing here to avoid divergent updates. | Implementer |
| 2025-11-19 | Normalised sprint to standard template and renamed from `SPRINT_123_policy_reasoning.md` to `SPRINT_0123_0001_0001_policy_reasoning.md`; content preserved; all tasks remain BLOCKED. | Implementer |
## Decisions & Risks
- Export/air-gap remain blocked without bundle schema, sealed-mode rules, and scheduler contracts; cannot proceed until provided.
- Linting (AOC-19-001..004) blocked pending analyzer targets/spec and Authority gate contract.
- Attestation tasks (73/74) blocked pending Attestor verification policy schema and Console report contract.
- Console export and policy API tasks blocked without Console API contract.
## Next Checkpoints
- Draft export surface proposal for Console (API + scheduler wiring) once bundle schema is published.
- Identify bundle schema dependencies for POLICY-AIRGAP-56-* once mirror schema freezes.
- Re-evaluate lint/attest tasks after respective contracts are delivered (dates TBD).
- Prep drafts published for air-gap (56-001..58-001) at `docs/modules/policy/prep/2025-11-20-policy-airgap-prep.md`, AOC (19-001..19-004) at `docs/modules/policy/prep/2025-11-20-policy-aoc-prep.md`, and attestation chain (73/74) at `docs/modules/policy/prep/2025-11-20-policy-attest-prep.md`; final schemas still needed before implementation.
- Prep drafts published for air-gap (56-001..58-001) at `docs/modules/policy/prep/2025-11-20-policy-airgap-prep.md`, AOC (19-001..19-004) at `docs/modules/policy/prep/2025-11-20-policy-aoc-prep.md`, and attestation chain (73/74) at `docs/modules/policy/prep/2025-11-20-policy-attest-prep.md`; final schemas still needed before implementation. |
## Next Checkpoints
- Draft export surface proposal for Console (API + scheduler wiring) once bundle schema is published.
- Identify bundle schema dependencies for POLICY-AIRGAP-56-* once mirror schema freezes.
- Re-evaluate lint/attest tasks after respective contracts are delivered (dates TBD).

94
docs/implplan/SPRINT_0124_0001_0001_policy_reasoning.md
View File

@@ -1,52 +1,52 @@
# Sprint 0124-0001-0001 · Policy & Reasoning (Policy Engine phase II)
## Topic & Scope
- Continue Policy Engine core (Policy.II): deterministic evaluator, materialization, simulation, tracing, and storage.
- Ensure aggregation-only behavior; no wall-clock/RNG/network use during evaluation.
- **Working directory:** `src/Policy/StellaOps.Policy.Engine` (and `src/Policy/__Libraries/StellaOps.Policy`).
## Dependencies & Concurrency
- Upstream: Sprint 120.C Policy.I must land before this track.
- Concurrency: execute tasks in listed order (DOING → TODO → BLOCKED).
## Documentation Prerequisites
- `docs/README.md`
- `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
- `docs/modules/platform/architecture-overview.md`
- `docs/modules/policy/architecture.md`
## Delivery Tracker
| # | Task ID & handle | State | Key dependency / next step | Owners |
| --- | --- | --- | --- | --- |
# Sprint 0124-0001-0001 · Policy & Reasoning (Policy Engine phase II)
## Topic & Scope
- Continue Policy Engine core (Policy.II): deterministic evaluator, materialization, simulation, tracing, and storage.
- Ensure aggregation-only behavior; no wall-clock/RNG/network use during evaluation.
- **Working directory:** `src/Policy/StellaOps.Policy.Engine` (and `src/Policy/__Libraries/StellaOps.Policy`).
## Dependencies & Concurrency
- Upstream: Sprint 120.C Policy.I must land before this track.
- Concurrency: execute tasks in listed order (DOING → TODO → BLOCKED).
## Documentation Prerequisites
- `docs/README.md`
- `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
- `docs/modules/platform/architecture-overview.md`
- `docs/modules/policy/architecture.md`
## Delivery Tracker
| # | Task ID & handle | State | Key dependency / next step | Owners |
| --- | --- | --- | --- | --- |
| P1 | PREP-POLICY-ENGINE-20-002-DETERMINISTIC-EVALU | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Deterministic evaluator spec missing. <br><br> Document artefact/deliverable for POLICY-ENGINE-20-002 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/policy/design/policy-deterministic-evaluator.md`. |
| 1 | POLICY-CONSOLE-23-002 | TODO | Produce simulation diff metadata and approval endpoints for Console (deps: POLICY-CONSOLE-23-001). | Policy Guild, Product Ops / `src/Policy/StellaOps.Policy.Engine` |
| 2 | POLICY-ENGINE-20-002 | BLOCKED (2025-10-26) | PREP-POLICY-ENGINE-20-002-DETERMINISTIC-EVALU | Policy Guild / `src/Policy/StellaOps.Policy.Engine` |
| 3 | POLICY-ENGINE-20-003 | TODO | Depends on 20-002. | Policy · Concelier · Excititor Guilds / `src/Policy/StellaOps.Policy.Engine` |
| 4 | POLICY-ENGINE-20-004 | TODO | Depends on 20-003. | Policy · Platform Storage Guild / `src/Policy/StellaOps.Policy.Engine` |
| 5 | POLICY-ENGINE-20-005 | TODO | Depends on 20-004. | Policy · Security Engineering / `src/Policy/StellaOps.Policy.Engine` |
| 6 | POLICY-ENGINE-20-006 | TODO | Depends on 20-005. | Policy · Scheduler Worker Guild / `src/Policy/StellaOps.Policy.Engine` |
| 7 | POLICY-ENGINE-20-007 | TODO | Depends on 20-006. | Policy · Observability Guild / `src/Policy/StellaOps.Policy.Engine` |
| 8 | POLICY-ENGINE-20-008 | TODO | Depends on 20-007. | Policy · QA Guild / `src/Policy/StellaOps.Policy.Engine` |
| 9 | POLICY-ENGINE-20-009 | TODO | Depends on 20-008. | Policy · Storage Guild / `src/Policy/StellaOps.Policy.Engine` |
| 10 | POLICY-ENGINE-27-001 | TODO | Depends on 20-009. | Policy Guild / `src/Policy/StellaOps.Policy.Engine` |
| 11 | POLICY-ENGINE-27-002 | TODO | Depends on 27-001. | Policy · Observability Guild / `src/Policy/StellaOps.Policy.Engine` |
| 12 | POLICY-ENGINE-29-001 | TODO | Depends on 27-004. | Policy Guild / `src/Policy/StellaOps.Policy.Engine` |
| 13 | POLICY-ENGINE-29-002 | TODO | Depends on 29-001. | Policy · Findings Ledger Guild / `src/Policy/StellaOps.Policy.Engine` |
## Execution Log
| 1 | POLICY-CONSOLE-23-002 | TODO | Produce simulation diff metadata and approval endpoints for Console (deps: POLICY-CONSOLE-23-001). | Policy Guild, Product Ops / `src/Policy/StellaOps.Policy.Engine` |
| 2 | POLICY-ENGINE-20-002 | BLOCKED (2025-10-26) | PREP-POLICY-ENGINE-20-002-DETERMINISTIC-EVALU | Policy Guild / `src/Policy/StellaOps.Policy.Engine` |
| 3 | POLICY-ENGINE-20-003 | TODO | Depends on 20-002. | Policy · Concelier · Excititor Guilds / `src/Policy/StellaOps.Policy.Engine` |
| 4 | POLICY-ENGINE-20-004 | TODO | Depends on 20-003. | Policy · Platform Storage Guild / `src/Policy/StellaOps.Policy.Engine` |
| 5 | POLICY-ENGINE-20-005 | TODO | Depends on 20-004. | Policy · Security Engineering / `src/Policy/StellaOps.Policy.Engine` |
| 6 | POLICY-ENGINE-20-006 | TODO | Depends on 20-005. | Policy · Scheduler Worker Guild / `src/Policy/StellaOps.Policy.Engine` |
| 7 | POLICY-ENGINE-20-007 | TODO | Depends on 20-006. | Policy · Observability Guild / `src/Policy/StellaOps.Policy.Engine` |
| 8 | POLICY-ENGINE-20-008 | TODO | Depends on 20-007. | Policy · QA Guild / `src/Policy/StellaOps.Policy.Engine` |
| 9 | POLICY-ENGINE-20-009 | TODO | Depends on 20-008. | Policy · Storage Guild / `src/Policy/StellaOps.Policy.Engine` |
| 10 | POLICY-ENGINE-27-001 | TODO | Depends on 20-009. | Policy Guild / `src/Policy/StellaOps.Policy.Engine` |
| 11 | POLICY-ENGINE-27-002 | TODO | Depends on 27-001. | Policy · Observability Guild / `src/Policy/StellaOps.Policy.Engine` |
| 12 | POLICY-ENGINE-29-001 | TODO | Depends on 27-004. | Policy Guild / `src/Policy/StellaOps.Policy.Engine` |
| 13 | POLICY-ENGINE-29-002 | TODO | Depends on 29-001. | Policy · Findings Ledger Guild / `src/Policy/StellaOps.Policy.Engine` |
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Published deterministic evaluator spec draft (docs/modules/policy/design/policy-deterministic-evaluator.md); moved PREP-POLICY-ENGINE-20-002 to DOING. | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-08 | Sprint stub; awaiting staffing. | Planning |
| 2025-11-18 | All tasks still awaiting upstream evaluator specs; no progress. | Policy Guild |
| 2025-11-19 | Normalized to standard template and renamed from `SPRINT_124_policy_reasoning.md` to `SPRINT_0124_0001_0001_policy_reasoning.md`; content preserved. | Implementer |
## Decisions & Risks
- Deterministic evaluator contract missing (blocks 20-002 and downstream chain).
- Console simulation/export contract (POLICY-CONSOLE-23-001) required to unblock 23-002.
- Storage/index schemas TBD; avoid implementation until specs freeze.
## Next Checkpoints
- Publish deterministic evaluator spec for 20-002 (date TBD).
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-08 | Sprint stub; awaiting staffing. | Planning |
| 2025-11-18 | All tasks still awaiting upstream evaluator specs; no progress. | Policy Guild |
| 2025-11-19 | Normalized to standard template and renamed from `SPRINT_124_policy_reasoning.md` to `SPRINT_0124_0001_0001_policy_reasoning.md`; content preserved. | Implementer |
## Decisions & Risks
- Deterministic evaluator contract missing (blocks 20-002 and downstream chain).
- Console simulation/export contract (POLICY-CONSOLE-23-001) required to unblock 23-002.
- Storage/index schemas TBD; avoid implementation until specs freeze.
## Next Checkpoints
- Publish deterministic evaluator spec for 20-002 (date TBD).
- Provide Console export/simulation contract for 23-001 to unblock 23-002.

129
docs/implplan/SPRINT_0125_0001_0001_mirror.md
View File

@@ -1,71 +1,70 @@
# Sprint 0125_0001_0001 · Mirror Bundles
## Topic & Scope
- Build the deterministic mirror bundle assembler covering advisories, VEX, policy packs, and optional OCI artefacts.
- Layer DSSE/TUF metadata, time anchors, and CLI automation so air-gapped sites receive verifiable bundles.
- Wire Export Center and scheduling hooks so mirror creation can be orchestrated automatically.
- **Working directory:** `src/Mirror/StellaOps.Mirror.Creator`.
## Dependencies & Concurrency
- Upstream: Sprint 110.D must deliver the assembler foundation (`MIRROR-CRT-56-001`). Attestor v2 contracts from Sprint 100.A remain required.
- Mirror sprints share the 120s decade with Policy & Reasoning work but remain independent; avoid adding dependencies on `SPRINT_125_policy_reasoning.md`.
- Evidence Locker, Export Center, CLI, and AirGap Time guild commitments must be available as soon as assembler code exists.
## Documentation Prerequisites
- `docs/modules/export-center/architecture.md`
- `docs/modules/airgap/architecture.md`
- `docs/modules/devops/architecture.md`
- `docs/modules/policy/architecture.md` (for provenance expectations)
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P0 | PREP-MIRROR-CRT-56-001-MILESTONE-0-PUBLISH | DONE (2025-11-19) | Due 2025-11-20 · Accountable: Mirror Creator Guild | Mirror Creator Guild | Published milestone-0 thin bundle plan + sample at `out/mirror/thin/mirror-thin-m0-sample.tar.gz` with SHA256 `bd1013885a27f651e28331c7a240d417d265bd411d09b51b47bd7c2196659674` and layout note in `docs/modules/mirror/milestone-0-thin-bundle.md`. |
# Sprint 0125_0001_0001 · Mirror Bundles
## Topic & Scope
- Build the deterministic mirror bundle assembler covering advisories, VEX, policy packs, and optional OCI artefacts.
- Layer DSSE/TUF metadata, time anchors, and CLI automation so air-gapped sites receive verifiable bundles.
- Wire Export Center and scheduling hooks so mirror creation can be orchestrated automatically.
- **Working directory:** `src/Mirror/StellaOps.Mirror.Creator`.
## Dependencies & Concurrency
- Upstream: Sprint 110.D must deliver the assembler foundation (`MIRROR-CRT-56-001`). Attestor v2 contracts from Sprint 100.A remain required.
- Mirror sprints share the 120s decade with Policy & Reasoning work but remain independent; avoid adding dependencies on `SPRINT_125_policy_reasoning.md`.
- Evidence Locker, Export Center, CLI, and AirGap Time guild commitments must be available as soon as assembler code exists.
## Documentation Prerequisites
- `docs/modules/export-center/architecture.md`
- `docs/modules/airgap/architecture.md`
- `docs/modules/devops/architecture.md`
- `docs/modules/policy/architecture.md` (for provenance expectations)
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P0 | PREP-MIRROR-CRT-56-001-MILESTONE-0-PUBLISH | DONE (2025-11-19) | Due 2025-11-20 · Accountable: Mirror Creator Guild | Mirror Creator Guild | Published milestone-0 thin bundle plan + sample at `out/mirror/thin/mirror-thin-m0-sample.tar.gz` with SHA256 `bd1013885a27f651e28331c7a240d417d265bd411d09b51b47bd7c2196659674` and layout note in `docs/modules/mirror/milestone-0-thin-bundle.md`. |
| P1 | PREP-MIRROR-CRT-56-001-UPSTREAM-SPRINT-110-D | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Alex Kim (primary); Priya Desai (backup) | Alex Kim (primary); Priya Desai (backup) | Upstream Sprint 110.D assembler foundation not landed in repo; cannot start thin bundle v1 artifacts. <br><br> Document artefact/deliverable for MIRROR-CRT-56-001 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/mirror/prep-56-001-thin-bundle.md`. |
| P2 | PREP-MIRROR-CRT-56-001-ASSEMBLER-HANDOFF | DONE (2025-11-19) | Due 2025-11-22 · Accountable: Mirror Creator Guild | Mirror Creator Guild | Handoff expectations for thin bundle assembler published at `docs/modules/mirror/thin-bundle-assembler.md` (tar layout, manifest fields, determinism rules, hashes). |
| 1 | MIRROR-CRT-56-001 | BLOCKED | PREP-MIRROR-CRT-56-001-UPSTREAM-SPRINT-110-D | Alex Kim (primary); Priya Desai (backup) | Implement deterministic assembler with manifest + CAS layout. |
| 2 | MIRROR-CRT-56-002 | BLOCKED | Depends on MIRROR-CRT-56-001 and PROV-OBS-53-001; upstream assembler missing. | Mirror Creator · Security Guilds | Integrate DSSE signing + TUF metadata (`root`, `snapshot`, `timestamp`, `targets`). |
| 3 | MIRROR-CRT-57-001 | BLOCKED | Requires MIRROR-CRT-56-001; assembler foundation missing. | Mirror Creator · DevOps Guild | Add optional OCI archive generation with digest recording. |
| 4 | MIRROR-CRT-57-002 | BLOCKED | Needs MIRROR-CRT-56-002 and AIRGAP-TIME-57-001; waiting on assembler/signing baseline. | Mirror Creator · AirGap Time Guild | Embed signed time-anchor metadata. |
| 5 | MIRROR-CRT-58-001 | BLOCKED | Requires MIRROR-CRT-56-002 and CLI-AIRGAP-56-001; downstream until assembler exists. | Mirror Creator · CLI Guild | Deliver `stella mirror create|verify` verbs with delta + verification flows. |
| 6 | MIRROR-CRT-58-002 | BLOCKED | Depends on MIRROR-CRT-56-002 and EXPORT-OBS-54-001; waiting on sample bundles. | Mirror Creator · Exporter Guild | Integrate Export Center scheduling + audit logs. |
| 7 | EXPORT-OBS-51-001 / 54-001 | BLOCKED | MIRROR-CRT-56-001 staffing and artifacts not available. | Exporter Guild | Align Export Center workers with assembler output. |
| 8 | AIRGAP-TIME-57-001 | BLOCKED | MIRROR-CRT-56-001/57-002 pending; policy workshop contingent on sample bundles. | AirGap Time Guild | Provide trusted time-anchor service & policy. |
| 9 | CLI-AIRGAP-56-001 | BLOCKED | MIRROR-CRT-56-002/58-001 pending; offline kit inputs unavailable. | CLI Guild | Extend CLI offline kit tooling to consume mirror bundles. |
| 10 | PROV-OBS-53-001 | BLOCKED | MIRROR-CRT-56-001 absent; cannot wire observers. | Security Guild | Define provenance observers + verification hooks. |
## Execution Log
| P2 | PREP-MIRROR-CRT-56-001-ASSEMBLER-HANDOFF | DONE (2025-11-19) | Due 2025-11-22 · Accountable: Mirror Creator Guild | Mirror Creator Guild | Handoff expectations for thin bundle assembler published at `docs/modules/mirror/thin-bundle-assembler.md` (tar layout, manifest fields, determinism rules, hashes). |
| 1 | MIRROR-CRT-56-001 | BLOCKED | PREP-MIRROR-CRT-56-001-UPSTREAM-SPRINT-110-D | Alex Kim (primary); Priya Desai (backup) | Implement deterministic assembler with manifest + CAS layout. |
| 2 | MIRROR-CRT-56-002 | BLOCKED | Depends on MIRROR-CRT-56-001 and PROV-OBS-53-001; upstream assembler missing. | Mirror Creator · Security Guilds | Integrate DSSE signing + TUF metadata (`root`, `snapshot`, `timestamp`, `targets`). |
| 3 | MIRROR-CRT-57-001 | BLOCKED | Requires MIRROR-CRT-56-001; assembler foundation missing. | Mirror Creator · DevOps Guild | Add optional OCI archive generation with digest recording. |
| 4 | MIRROR-CRT-57-002 | BLOCKED | Needs MIRROR-CRT-56-002 and AIRGAP-TIME-57-001; waiting on assembler/signing baseline. | Mirror Creator · AirGap Time Guild | Embed signed time-anchor metadata. |
| 5 | MIRROR-CRT-58-001 | BLOCKED | Requires MIRROR-CRT-56-002 and CLI-AIRGAP-56-001; downstream until assembler exists. | Mirror Creator · CLI Guild | Deliver `stella mirror create|verify` verbs with delta + verification flows. |
| 6 | MIRROR-CRT-58-002 | BLOCKED | Depends on MIRROR-CRT-56-002 and EXPORT-OBS-54-001; waiting on sample bundles. | Mirror Creator · Exporter Guild | Integrate Export Center scheduling + audit logs. |
| 7 | EXPORT-OBS-51-001 / 54-001 | BLOCKED | MIRROR-CRT-56-001 staffing and artifacts not available. | Exporter Guild | Align Export Center workers with assembler output. |
| 8 | AIRGAP-TIME-57-001 | BLOCKED | MIRROR-CRT-56-001/57-002 pending; policy workshop contingent on sample bundles. | AirGap Time Guild | Provide trusted time-anchor service & policy. |
| 9 | CLI-AIRGAP-56-001 | BLOCKED | MIRROR-CRT-56-002/58-001 pending; offline kit inputs unavailable. | CLI Guild | Extend CLI offline kit tooling to consume mirror bundles. |
| 10 | PROV-OBS-53-001 | BLOCKED | MIRROR-CRT-56-001 absent; cannot wire observers. | Security Guild | Define provenance observers + verification hooks. |
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Published thin-bundle prep doc (docs/modules/mirror/prep-56-001-thin-bundle.md); moved PREP-MIRROR-CRT-56-001 to DOING after confirming unowned. | Project Mgmt |
| 2025-11-19 | Cleared stray hyphen from PREP-MIRROR-CRT-56-001-UPSTREAM-SPRINT-110-D so MIRROR-CRT-56-001 dependency is resolvable. | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-19 | Completed PREP-MIRROR-CRT-56-001-MILESTONE-0-PUBLISH: published sample thin bundle + hashes and milestone note (`docs/modules/mirror/milestone-0-thin-bundle.md`). | Implementer |
| 2025-11-19 | Added PREP-MIRROR-CRT-56-001-MILESTONE-0-PUBLISH (DOING) to capture milestone-0 thin bundle plan and hashes to unblock downstream air-gap/console/attestation tracks. | Project Mgmt |
| 2025-11-17 | All sprint tasks marked BLOCKED: upstream Sprint 110.D assembler foundation absent from repo; no manifest/CAS layout or samples present to proceed. | Implementer |
| 2025-11-17 | Normalised sprint file to standard template; renamed from `SPRINT_125_mirror.md` to `SPRINT_0125_0001_0001_mirror.md`; no semantic task changes. | Project Management |
| 2025-11-17 | Coordinator decision: assign primary + backup for MIRROR-CRT-56-001; scope thin bundle v1; downstream tasks may proceed once schema + sample bundle land. | Coordinator |
| 2025-11-17 | Action: record primary + backup in Delivery Tracker; produce thin bundle v1 schema + 2 sample bundles by 2025-11-19; unblock Export/CLI/AirGap. | Coordinator |
| 2025-11-13 | Kickoff rescheduled to 15 Nov pending MIRROR-CRT-56-001 staffing; downstream guilds alerted to prepare resource plans. | Mirror Creator Guild |
## Decisions & Risks
- **Decisions**
- Assign primary engineer for MIRROR-CRT-56-001 (due 2025-11-17 EOD). Owners: Mirror Creator Guild · Exporter Guild; Security as backup. Option A selected: thin bundle v1; acceptance: names recorded in Delivery Tracker + kickoff notes.
- Confirm DSSE/TUF signing profile (due 2025-11-18). Owners: Security Guild · Attestor Guild. Needed before MIRROR-CRT-56-002 can merge.
- Lock time-anchor authority scope (due 2025-11-19). Owners: AirGap Time Guild · Mirror Creator Guild. Required for MIRROR-CRT-57-002 policy enforcement.
- **Risks**
- Upstream assembler foundation (Sprint 110.D, MIRROR-CRT-56-001 baseline) missing from repo → all Sprint 0125 tasks blocked. Mitigation: expedite delivery of manifest/CAS scaffold + sample bundles; re-sequence tasks once landed.
- Staffing gap for MIRROR-CRT-56-001 persists after kickoff → DSSE/TUF, OCI, CLI, Export tracks slip; Sprint 0125 jams the Export Center roadmap. Mitigation: escalate to program leadership; reassign engineers from Export Center or Excititor queue.
- DSSE/TUF contract debates with Security Guild → signing + transparency integration slips, blocking CLI/Export release. Mitigation: align on profile ahead of development; capture ADR in `docs/airgap`.
- Time-anchor requirements undefined → air-gapped bundles lose verifiable time guarantees. Mitigation: run focused session with AirGap Time Guild to lock policy + service interface.
## Next Checkpoints
| Date (UTC) | Session | Goal | Owner(s) |
| --- | --- | --- | --- |
| 2025-11-15 | Mirror evidence kickoff | Assign MIRROR-CRT-56-001 owner, outline scope, confirm downstream staffing. | Mirror Creator · Exporter · AirGap Time · Security guilds |
| 2025-11-18 | DSSE/TUF design review | Freeze signing profile + manifest shape. | Mirror Creator · Security Guild |
| 2025-11-19 | Thin bundle v1 sample paths | Publish locations + SHA256 for sample bundles; usable by Export/CLI/AirGap. | Mirror Creator Guild |
| 2025-11-19 | Time-anchor policy workshop | Approve requirements for AIRGAP-TIME-57-001. | AirGap Time Guild · Mirror Creator |
## Appendix
- Previous detailed notes retained at `docs/implplan/archived/SPRINT_125_mirror_2025-11-13.md`.
| 2025-11-17 | All sprint tasks marked BLOCKED: upstream Sprint 110.D assembler foundation absent from repo; no manifest/CAS layout or samples present to proceed. | Implementer |
| 2025-11-17 | Normalised sprint file to standard template; renamed from `SPRINT_125_mirror.md` to `SPRINT_0125_0001_0001_mirror.md`; no semantic task changes. | Project Management |
| 2025-11-17 | Coordinator decision: assign primary + backup for MIRROR-CRT-56-001; scope thin bundle v1; downstream tasks may proceed once schema + sample bundle land. | Coordinator |
| 2025-11-17 | Action: record primary + backup in Delivery Tracker; produce thin bundle v1 schema + 2 sample bundles by 2025-11-19; unblock Export/CLI/AirGap. | Coordinator |
| 2025-11-13 | Kickoff rescheduled to 15 Nov pending MIRROR-CRT-56-001 staffing; downstream guilds alerted to prepare resource plans. | Mirror Creator Guild |
## Decisions & Risks
- **Decisions**
- Assign primary engineer for MIRROR-CRT-56-001 (due 2025-11-17 EOD). Owners: Mirror Creator Guild · Exporter Guild; Security as backup. Option A selected: thin bundle v1; acceptance: names recorded in Delivery Tracker + kickoff notes.
- Confirm DSSE/TUF signing profile (due 2025-11-18). Owners: Security Guild · Attestor Guild. Needed before MIRROR-CRT-56-002 can merge.
- Lock time-anchor authority scope (due 2025-11-19). Owners: AirGap Time Guild · Mirror Creator Guild. Required for MIRROR-CRT-57-002 policy enforcement.
- **Risks**
- Upstream assembler foundation (Sprint 110.D, MIRROR-CRT-56-001 baseline) missing from repo → all Sprint 0125 tasks blocked. Mitigation: expedite delivery of manifest/CAS scaffold + sample bundles; re-sequence tasks once landed.
- Staffing gap for MIRROR-CRT-56-001 persists after kickoff → DSSE/TUF, OCI, CLI, Export tracks slip; Sprint 0125 jams the Export Center roadmap. Mitigation: escalate to program leadership; reassign engineers from Export Center or Excititor queue.
- DSSE/TUF contract debates with Security Guild → signing + transparency integration slips, blocking CLI/Export release. Mitigation: align on profile ahead of development; capture ADR in `docs/airgap`.
- Time-anchor requirements undefined → air-gapped bundles lose verifiable time guarantees. Mitigation: run focused session with AirGap Time Guild to lock policy + service interface.
## Next Checkpoints
| Date (UTC) | Session | Goal | Owner(s) |
| --- | --- | --- | --- |
| 2025-11-15 | Mirror evidence kickoff | Assign MIRROR-CRT-56-001 owner, outline scope, confirm downstream staffing. | Mirror Creator · Exporter · AirGap Time · Security guilds |
| 2025-11-18 | DSSE/TUF design review | Freeze signing profile + manifest shape. | Mirror Creator · Security Guild |
| 2025-11-19 | Thin bundle v1 sample paths | Publish locations + SHA256 for sample bundles; usable by Export/CLI/AirGap. | Mirror Creator Guild |
| 2025-11-19 | Time-anchor policy workshop | Approve requirements for AIRGAP-TIME-57-001. | AirGap Time Guild · Mirror Creator |
## Appendix
- Previous detailed notes retained at `docs/implplan/archived/SPRINT_125_mirror_2025-11-13.md`.

127
docs/implplan/SPRINT_0125_0001_0001_policy_reasoning.md
View File

@@ -1,68 +1,73 @@
# Sprint 0125-0001-0001 · Policy & Reasoning (Policy Engine phase III)
## Topic & Scope
- Policy Engine simulations/overlays chain (Policy.III): path/scope awareness, metrics, overlays, orchestration, ledger export, snapshot, violation events, severity fusion.
- **Working directory:** `src/Policy/StellaOps.Policy.Engine`.
## Dependencies & Concurrency
- Upstream: POLICY-ENGINE-29-002 contract/schema required; execute tasks in listed order.
- Concurrency: All current tasks blocked by missing 29-002 path/scope schema.
## Documentation Prerequisites
- `docs/README.md`
- `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
- `docs/modules/platform/architecture-overview.md`
- `docs/modules/policy/architecture.md`
## Delivery Tracker
| # | Task ID & handle | State | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P0 | PREP-POLICY-ENGINE-29-002-PATH-SCOPE-SCHEMA | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Publish POLICY-ENGINE-29-002 path/scope schema + sample payloads so downstream evaluation tasks can start. |
| P1 | PREP-POLICY-ENGINE-29-004-DEPENDS-ON-29-003 | BLOCKED | Due 2025-11-22 · Accountable: Policy · Observability Guild / `src/Policy/StellaOps.Policy.Engine` | Policy · Observability Guild / `src/Policy/StellaOps.Policy.Engine` | Depends on 29-003. <br><br> Document artefact/deliverable for POLICY-ENGINE-29-004 and publish location so downstream tasks can proceed. |
| P2 | PREP-POLICY-ENGINE-30-001-NEEDS-29-004-OUTPUT | BLOCKED | Due 2025-11-22 · Accountable: Policy · Cartographer Guild / `src/Policy/StellaOps.Policy.Engine` | Policy · Cartographer Guild / `src/Policy/StellaOps.Policy.Engine` | Needs 29-004 outputs. <br><br> Document artefact/deliverable for POLICY-ENGINE-30-001 and publish location so downstream tasks can proceed. |
| P3 | PREP-POLICY-ENGINE-30-002-DEPENDS-ON-30-001 | BLOCKED | Due 2025-11-22 · Accountable: Policy · Cartographer Guild / `src/Policy/StellaOps.Policy.Engine` | Policy · Cartographer Guild / `src/Policy/StellaOps.Policy.Engine` | Depends on 30-001. <br><br> Document artefact/deliverable for POLICY-ENGINE-30-002 and publish location so downstream tasks can proceed. |
| P4 | PREP-POLICY-ENGINE-30-003-DEPENDS-ON-30-002 | BLOCKED | Due 2025-11-22 · Accountable: Policy · Scheduler Guild / `src/Policy/StellaOps.Policy.Engine` | Policy · Scheduler Guild / `src/Policy/StellaOps.Policy.Engine` | Depends on 30-002. <br><br> Document artefact/deliverable for POLICY-ENGINE-30-003 and publish location so downstream tasks can proceed. |
| P5 | PREP-POLICY-ENGINE-30-101-DEPENDS-ON-30-003 | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Depends on 30-003. <br><br> Document artefact/deliverable for POLICY-ENGINE-30-101 and publish location so downstream tasks can proceed. |
| P6 | PREP-POLICY-ENGINE-31-001-DEPENDS-ON-30-101 | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Depends on 30-101. <br><br> Document artefact/deliverable for POLICY-ENGINE-31-001 and publish location so downstream tasks can proceed. |
| P7 | PREP-POLICY-ENGINE-31-002-DEPENDS-ON-31-001 | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Depends on 31-001. <br><br> Document artefact/deliverable for POLICY-ENGINE-31-002 and publish location so downstream tasks can proceed. |
| P8 | PREP-POLICY-ENGINE-32-101-DEPENDS-ON-31-002 | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Depends on 31-002. <br><br> Document artefact/deliverable for POLICY-ENGINE-32-101 and publish location so downstream tasks can proceed. |
| P9 | PREP-POLICY-ENGINE-33-101-DEPENDS-ON-32-101 | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Depends on 32-101. <br><br> Document artefact/deliverable for POLICY-ENGINE-33-101 and publish location so downstream tasks can proceed. |
| P10 | PREP-POLICY-ENGINE-34-101-DEPENDS-ON-33-101 | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Depends on 33-101. <br><br> Document artefact/deliverable for POLICY-ENGINE-34-101 and publish location so downstream tasks can proceed. |
| P11 | PREP-POLICY-ENGINE-35-201-DEPENDS-ON-34-101 | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Depends on 34-101. <br><br> Document artefact/deliverable for POLICY-ENGINE-35-201 and publish location so downstream tasks can proceed. |
| P12 | PREP-POLICY-ENGINE-38-201-DEPENDS-ON-35-201 | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Depends on 35-201. <br><br> Document artefact/deliverable for POLICY-ENGINE-38-201 and publish location so downstream tasks can proceed. |
| P13 | PREP-POLICY-ENGINE-40-001-DEPENDS-ON-38-201 | BLOCKED | Due 2025-11-22 · Accountable: Policy · Concelier Guild / `src/Policy/StellaOps.Policy.Engine` | Policy · Concelier Guild / `src/Policy/StellaOps.Policy.Engine` | Depends on 38-201. <br><br> Document artefact/deliverable for POLICY-ENGINE-40-001 and publish location so downstream tasks can proceed. |
| P14 | PREP-POLICY-ENGINE-40-002-DEPENDS-ON-40-001 | BLOCKED | Due 2025-11-22 · Accountable: Policy · Excititor Guild / `src/Policy/StellaOps.Policy.Engine` | Policy · Excititor Guild / `src/Policy/StellaOps.Policy.Engine` | Depends on 40-001. <br><br> Document artefact/deliverable for POLICY-ENGINE-40-002 and publish location so downstream tasks can proceed. |
| 1 | POLICY-ENGINE-29-003 | BLOCKED (2025-11-18) | PREP-POLICY-ENGINE-29-002-PATH-SCOPE-SCHEMA. | Policy · SBOM Service Guild / `src/Policy/StellaOps.Policy.Engine` | Path/scope aware evaluation. |
| 2 | POLICY-ENGINE-29-004 | BLOCKED (2025-11-18) | PREP-POLICY-ENGINE-29-004-DEPENDS-ON-29-003 | Policy · Observability Guild / `src/Policy/StellaOps.Policy.Engine` | Metrics/logging for path-aware eval. |
| 3 | POLICY-ENGINE-30-001 | BLOCKED (2025-11-18) | PREP-POLICY-ENGINE-30-001-NEEDS-29-004-OUTPUT | Policy · Cartographer Guild / `src/Policy/StellaOps.Policy.Engine` | Overlay projection contract. |
| 4 | POLICY-ENGINE-30-002 | BLOCKED (2025-11-18) | PREP-POLICY-ENGINE-30-002-DEPENDS-ON-30-001 | Policy · Cartographer Guild / `src/Policy/StellaOps.Policy.Engine` | Simulation bridge. |
| 5 | POLICY-ENGINE-30-003 | BLOCKED (2025-11-18) | PREP-POLICY-ENGINE-30-003-DEPENDS-ON-30-002 | Policy · Scheduler Guild / `src/Policy/StellaOps.Policy.Engine` | Change events. |
| 6 | POLICY-ENGINE-30-101 | BLOCKED (2025-11-18) | PREP-POLICY-ENGINE-30-101-DEPENDS-ON-30-003 | Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Trust weighting UI/API. |
| 7 | POLICY-ENGINE-31-001 | BLOCKED (2025-11-18) | PREP-POLICY-ENGINE-31-001-DEPENDS-ON-30-101 | Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Advisory AI knobs. |
| 8 | POLICY-ENGINE-31-002 | BLOCKED (2025-11-18) | PREP-POLICY-ENGINE-31-002-DEPENDS-ON-31-001 | Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Batch context endpoint. |
| 9 | POLICY-ENGINE-32-101 | BLOCKED (2025-11-18) | PREP-POLICY-ENGINE-32-101-DEPENDS-ON-31-002 | Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Orchestrator job schema. |
| 10 | POLICY-ENGINE-33-101 | BLOCKED (2025-11-18) | PREP-POLICY-ENGINE-33-101-DEPENDS-ON-32-101 | Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Worker implementation. |
| 11 | POLICY-ENGINE-34-101 | BLOCKED (2025-11-18) | PREP-POLICY-ENGINE-34-101-DEPENDS-ON-33-101 | Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Ledger export. |
| 12 | POLICY-ENGINE-35-201 | BLOCKED (2025-11-18) | PREP-POLICY-ENGINE-35-201-DEPENDS-ON-34-101 | Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Snapshot API. |
| 13 | POLICY-ENGINE-38-201 | BLOCKED (2025-11-18) | PREP-POLICY-ENGINE-38-201-DEPENDS-ON-35-201 | Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Violation events. |
| 14 | POLICY-ENGINE-40-001 | BLOCKED (2025-11-18) | PREP-POLICY-ENGINE-40-001-DEPENDS-ON-38-201 | Policy · Concelier Guild / `src/Policy/StellaOps.Policy.Engine` | Severity fusion. |
| 15 | POLICY-ENGINE-40-002 | BLOCKED (2025-11-18) | PREP-POLICY-ENGINE-40-002-DEPENDS-ON-40-001 | Policy · Excititor Guild / `src/Policy/StellaOps.Policy.Engine` | Conflict handling. |
# Sprint 0125-0001-0001 · Policy & Reasoning (Policy Engine phase III)
## Topic & Scope
- Policy Engine simulations/overlays chain (Policy.III): path/scope awareness, metrics, overlays, orchestration, ledger export, snapshot, violation events, severity fusion.
- **Working directory:** `src/Policy/StellaOps.Policy.Engine`.
## Dependencies & Concurrency
- Upstream: POLICY-ENGINE-29-002 contract/schema required; execute tasks in listed order.
- Concurrency: All current tasks blocked by missing 29-002 path/scope schema.
## Documentation Prerequisites
- `docs/README.md`
- `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
- `docs/modules/platform/architecture-overview.md`
- `docs/modules/policy/architecture.md`
## Delivery Tracker
| # | Task ID & handle | State | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P0 | PREP-POLICY-ENGINE-29-002-PATH-SCOPE-SCHEMA | DONE (2025-11-20) | Prep doc at `docs/modules/policy/prep/2025-11-20-policy-engine-29-002-prep.md`; path/scope schema frozen. | Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Publish POLICY-ENGINE-29-002 path/scope schema + sample payloads so downstream evaluation tasks can start. |
| P1 | PREP-POLICY-ENGINE-29-004-DEPENDS-ON-29-003 | DONE (2025-11-20) | Prep doc at `docs/modules/policy/prep/2025-11-20-policy-engine-29-004-prep.md`; metrics/logs/spans frozen. | Policy · Observability Guild / `src/Policy/StellaOps.Policy.Engine` | Depends on 29-003. <br><br> Document artefact/deliverable for POLICY-ENGINE-29-004 and publish location so downstream tasks can proceed. |
| P2 | PREP-POLICY-ENGINE-30-001-NEEDS-29-004-OUTPUT | DONE (2025-11-20) | Prep doc at `docs/modules/policy/prep/2025-11-20-policy-engine-30-001-prep.md`; overlay projection contract frozen. | Policy · Cartographer Guild / `src/Policy/StellaOps.Policy.Engine` | Needs 29-004 outputs. <br><br> Document artefact/deliverable for POLICY-ENGINE-30-001 and publish location so downstream tasks can proceed. |
| P3 | PREP-POLICY-ENGINE-30-002-DEPENDS-ON-30-001 | DONE (2025-11-20) | Prep doc at `docs/modules/policy/prep/2025-11-20-policy-engine-30-002-prep.md`; simulation bridge shape frozen. | Policy · Cartographer Guild / `src/Policy/StellaOps.Policy.Engine` | Depends on 30-001. <br><br> Document artefact/deliverable for POLICY-ENGINE-30-002 and publish location so downstream tasks can proceed. |
| P4 | PREP-POLICY-ENGINE-30-003-DEPENDS-ON-30-002 | DONE (2025-11-20) | Prep doc at `docs/modules/policy/prep/2025-11-20-policy-engine-30-003-prep.md`; change-event envelope frozen. | Policy · Scheduler Guild / `src/Policy/StellaOps.Policy.Engine` | Depends on 30-002. <br><br> Document artefact/deliverable for POLICY-ENGINE-30-003 and publish location so downstream tasks can proceed. |
| P5 | PREP-POLICY-ENGINE-30-101-DEPENDS-ON-30-003 | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Depends on 30-003. <br><br> Document artefact/deliverable for POLICY-ENGINE-30-101 and publish location so downstream tasks can proceed. |
| P6 | PREP-POLICY-ENGINE-31-001-DEPENDS-ON-30-101 | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Depends on 30-101. <br><br> Document artefact/deliverable for POLICY-ENGINE-31-001 and publish location so downstream tasks can proceed. |
| P7 | PREP-POLICY-ENGINE-31-002-DEPENDS-ON-31-001 | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Depends on 31-001. <br><br> Document artefact/deliverable for POLICY-ENGINE-31-002 and publish location so downstream tasks can proceed. |
| P8 | PREP-POLICY-ENGINE-32-101-DEPENDS-ON-31-002 | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Depends on 31-002. <br><br> Document artefact/deliverable for POLICY-ENGINE-32-101 and publish location so downstream tasks can proceed. |
| P9 | PREP-POLICY-ENGINE-33-101-DEPENDS-ON-32-101 | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Depends on 32-101. <br><br> Document artefact/deliverable for POLICY-ENGINE-33-101 and publish location so downstream tasks can proceed. |
| P10 | PREP-POLICY-ENGINE-34-101-DEPENDS-ON-33-101 | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Depends on 33-101. <br><br> Document artefact/deliverable for POLICY-ENGINE-34-101 and publish location so downstream tasks can proceed. |
| P11 | PREP-POLICY-ENGINE-35-201-DEPENDS-ON-34-101 | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Depends on 34-101. <br><br> Document artefact/deliverable for POLICY-ENGINE-35-201 and publish location so downstream tasks can proceed. |
| P12 | PREP-POLICY-ENGINE-38-201-DEPENDS-ON-35-201 | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Depends on 35-201. <br><br> Document artefact/deliverable for POLICY-ENGINE-38-201 and publish location so downstream tasks can proceed. |
| P13 | PREP-POLICY-ENGINE-40-001-DEPENDS-ON-38-201 | BLOCKED | Due 2025-11-22 · Accountable: Policy · Concelier Guild / `src/Policy/StellaOps.Policy.Engine` | Policy · Concelier Guild / `src/Policy/StellaOps.Policy.Engine` | Depends on 38-201. <br><br> Document artefact/deliverable for POLICY-ENGINE-40-001 and publish location so downstream tasks can proceed. |
| P14 | PREP-POLICY-ENGINE-40-002-DEPENDS-ON-40-001 | BLOCKED | Due 2025-11-22 · Accountable: Policy · Excititor Guild / `src/Policy/StellaOps.Policy.Engine` | Policy · Excititor Guild / `src/Policy/StellaOps.Policy.Engine` | Depends on 40-001. <br><br> Document artefact/deliverable for POLICY-ENGINE-40-002 and publish location so downstream tasks can proceed. |
| 1 | POLICY-ENGINE-29-003 | TODO | PREP-POLICY-ENGINE-29-002-PATH-SCOPE-SCHEMA. | Policy · SBOM Service Guild / `src/Policy/StellaOps.Policy.Engine` | Path/scope aware evaluation. |
| 2 | POLICY-ENGINE-29-004 | TODO | PREP-POLICY-ENGINE-29-004-DEPENDS-ON-29-003 | Policy · Observability Guild / `src/Policy/StellaOps.Policy.Engine` | Metrics/logging for path-aware eval. |
| 3 | POLICY-ENGINE-30-001 | TODO | PREP-POLICY-ENGINE-30-001-NEEDS-29-004-OUTPUT | Policy · Cartographer Guild / `src/Policy/StellaOps.Policy.Engine` | Overlay projection contract. |
| 4 | POLICY-ENGINE-30-002 | TODO | PREP-POLICY-ENGINE-30-002-DEPENDS-ON-30-001 | Policy · Cartographer Guild / `src/Policy/StellaOps.Policy.Engine` | Simulation bridge. |
| 5 | POLICY-ENGINE-30-003 | TODO | PREP-POLICY-ENGINE-30-003-DEPENDS-ON-30-002 | Policy · Scheduler Guild / `src/Policy/StellaOps.Policy.Engine` | Change events. |
| 6 | POLICY-ENGINE-30-101 | BLOCKED (2025-11-18) | PREP-POLICY-ENGINE-30-101-DEPENDS-ON-30-003 | Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Trust weighting UI/API. |
| 7 | POLICY-ENGINE-31-001 | BLOCKED (2025-11-18) | PREP-POLICY-ENGINE-31-001-DEPENDS-ON-30-101 | Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Advisory AI knobs. |
| 8 | POLICY-ENGINE-31-002 | BLOCKED (2025-11-18) | PREP-POLICY-ENGINE-31-002-DEPENDS-ON-31-001 | Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Batch context endpoint. |
| 9 | POLICY-ENGINE-32-101 | BLOCKED (2025-11-18) | PREP-POLICY-ENGINE-32-101-DEPENDS-ON-31-002 | Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Orchestrator job schema. |
| 10 | POLICY-ENGINE-33-101 | BLOCKED (2025-11-18) | PREP-POLICY-ENGINE-33-101-DEPENDS-ON-32-101 | Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Worker implementation. |
| 11 | POLICY-ENGINE-34-101 | BLOCKED (2025-11-18) | PREP-POLICY-ENGINE-34-101-DEPENDS-ON-33-101 | Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Ledger export. |
| 12 | POLICY-ENGINE-35-201 | BLOCKED (2025-11-18) | PREP-POLICY-ENGINE-35-201-DEPENDS-ON-34-101 | Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Snapshot API. |
| 13 | POLICY-ENGINE-38-201 | BLOCKED (2025-11-18) | PREP-POLICY-ENGINE-38-201-DEPENDS-ON-35-201 | Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Violation events. |
| 14 | POLICY-ENGINE-40-001 | BLOCKED (2025-11-18) | PREP-POLICY-ENGINE-40-001-DEPENDS-ON-38-201 | Policy · Concelier Guild / `src/Policy/StellaOps.Policy.Engine` | Severity fusion. |
| 15 | POLICY-ENGINE-40-002 | BLOCKED (2025-11-18) | PREP-POLICY-ENGINE-40-002-DEPENDS-ON-40-001 | Policy · Excititor Guild / `src/Policy/StellaOps.Policy.Engine` | Conflict handling. |
## Notes & Risks
- POLICY-ENGINE-29-002 contract/schema missing; cascades block entire chain (115). Need published schema + sample payloads to proceed.
- Draft metrics/logging contract for 29-004 lives at `docs/modules/policy/prep/2025-11-21-policy-metrics-29-004-prep.md`; dimensions remain tentative until 29-003 payload shape lands.
- Path/scope schema, observability, overlay projection, simulation bridge, and change-event envelopes are now documented; downstream implementation must stay aligned or update prep docs + risks.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-21 | Started path/scope schema draft for PREP-POLICY-ENGINE-29-002 at `docs/modules/policy/prep/2025-11-21-policy-path-scope-29-002-prep.md`; waiting on SBOM Service coordinate mapping rules. | Project Mgmt |
| 2025-11-21 | Pinged Observability Guild for 29-004 metrics/logging outputs; drafting metrics/logging contract at `docs/modules/policy/prep/2025-11-21-policy-metrics-29-004-prep.md` while awaiting path/scope payloads from 29-003. | Project Mgmt |
| 2025-11-20 | Confirmed no owners for PREP-POLICY-ENGINE-29-002/29-004/30-001/30-002/30-003; published prep notes under `docs/modules/policy/prep/2025-11-20-*`; set P0P4 DONE. | Implementer |
| 2025-11-20 | Unblocked POLICY-ENGINE-29-003..30-003; statuses moved to TODO now that prep contracts are frozen. | Implementer |
| 2025-11-19 | Added PREP-POLICY-ENGINE-29-002-PATH-SCOPE-SCHEMA and pointed POLICY-ENGINE-29-003 dependency at it. | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-19 | Marked PREP tasks P0P14 BLOCKED: base path/scope schema (29-002) and downstream evaluation/observability/overlay/export contracts are still missing, keeping the entire POLICY-ENGINE chain blocked. | Project Mgmt |
| 2025-11-08 | Sprint created; awaiting upstream contract. | Planning |
| 2025-11-18 | Re-confirmed all tasks blocked; upstream schema still absent. | Policy Guild |
| 2025-11-19 | Normalized to standard template and renamed from `SPRINT_125_policy_reasoning.md` to `SPRINT_0125_0001_0001_policy_reasoning.md`; content preserved. | Implementer |
## Decisions & Risks
- Blocked until POLICY-ENGINE-29-002 contract drops.
| 2025-11-19 | Marked PREP tasks P0P14 BLOCKED: base path/scope schema (29-002) and downstream evaluation/observability/overlay/export contracts were missing, keeping the entire POLICY-ENGINE chain blocked. | Project Mgmt |
| 2025-11-08 | Sprint created; awaiting upstream contract. | Planning |
| 2025-11-18 | Re-confirmed all tasks blocked; upstream schema still absent. | Policy Guild |
| 2025-11-19 | Normalized to standard template and renamed from `SPRINT_125_policy_reasoning.md` to `SPRINT_0125_0001_0001_policy_reasoning.md`; content preserved. | Implementer |
## Decisions & Risks
- Blocked until POLICY-ENGINE-29-002 contract drops.
## Next Checkpoints
- Publish POLICY-ENGINE-29-002 path/scope schema (date TBD).
- Kick off POLICY-ENGINE-29-003 implementation using frozen path/scope schema and metrics contracts (week of 2025-11-21).

123
docs/implplan/SPRINT_0131_0001_0001_scanner_surface.md
View File

@@ -1,68 +1,69 @@
# Sprint 0131-0001-0001 · Scanner & Surface (Phase II)
## Topic & Scope
- Continue Scanner & Surface wave (phase II) after Sprint 0130, deepening analyzers for Deno and Java with runtime evidence and surface signals.
- Deliver Deno runtime hooks, policy signal emitters, and CLI/Worker packaging that stay offline-friendly and bundle-ready.
- Expand Java analyzer coverage for configs, JNI hints, manifest metadata, fixtures/benchmarks, and optional runtime ingestion to feed surface decisioning.
- **Working directory:** `src/Scanner`.
## Dependencies & Concurrency
- Sequential dependency: Sprint 0130 must finish before this sprint; maintain order across the 01300139 wave.
- Deno work depends on `SCANNER-ANALYZERS-DENO-26-008`; Java chain builds serially from 21-005 → 21-006 → 21-007 → 21-008 → 21-009 → 21-010 → 21-011.
- Stay within scanner scope to avoid new cross-module coupling unless explicitly approved.
## Documentation Prerequisites
- docs/README.md
- docs/07_HIGH_LEVEL_ARCHITECTURE.md
- docs/modules/platform/architecture-overview.md
- docs/modules/scanner/architecture.md
- src/Scanner/AGENTS.md
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
# Sprint 0131-0001-0001 · Scanner & Surface (Phase II)
## Topic & Scope
- Continue Scanner & Surface wave (phase II) after Sprint 0130, deepening analyzers for Deno and Java with runtime evidence and surface signals.
- Deliver Deno runtime hooks, policy signal emitters, and CLI/Worker packaging that stay offline-friendly and bundle-ready.
- Expand Java analyzer coverage for configs, JNI hints, manifest metadata, fixtures/benchmarks, and optional runtime ingestion to feed surface decisioning.
- **Working directory:** `src/Scanner`.
## Dependencies & Concurrency
- Sequential dependency: Sprint 0130 must finish before this sprint; maintain order across the 01300139 wave.
- Deno work depends on `SCANNER-ANALYZERS-DENO-26-008`; Java chain builds serially from 21-005 → 21-006 → 21-007 → 21-008 → 21-009 → 21-010 → 21-011.
- Stay within scanner scope to avoid new cross-module coupling unless explicitly approved.
## Documentation Prerequisites
- docs/README.md
- docs/07_HIGH_LEVEL_ARCHITECTURE.md
- docs/modules/platform/architecture-overview.md
- docs/modules/scanner/architecture.md
- src/Scanner/AGENTS.md
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-SCANNER-ANALYZERS-JAVA-21-005-TESTS-BLOC | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Java Analyzer Guild | Java Analyzer Guild | Tests blocked: repo build fails in Concelier (CoreLinksets missing) and targeted Java analyzer test run stalls; retry once dependencies fixed or CI available. <br><br> Document artefact/deliverable for SCANNER-ANALYZERS-JAVA-21-005 and publish location so downstream tasks can proceed. |
| P2 | PREP-SCANNER-ANALYZERS-JAVA-21-008-WAITING-ON | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Java Analyzer Guild | Java Analyzer Guild | Waiting on 21-007 completion and resolver authoring bandwidth. <br><br> Document artefact/deliverable for SCANNER-ANALYZERS-JAVA-21-008 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/scanner/prep/2025-11-20-java-21-008-prep.md`. |
| P3 | PREP-SCANNER-ANALYZERS-LANG-11-001-DOTNET-TES | DOING (2025-11-20) | Due 2025-11-22 · Accountable: StellaOps.Scanner EPDR Guild · Language Analyzer Guild | StellaOps.Scanner EPDR Guild · Language Analyzer Guild | `dotnet test` hangs/returns empty output; needs clean runner/CI diagnostics. <br><br> Document artefact/deliverable for SCANNER-ANALYZERS-LANG-11-001 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/scanner/prep/2025-11-20-lang-11-001-prep.md`. |
| 1 | SCANNER-ANALYZERS-DENO-26-009 | BLOCKED (2025-11-19) | Waiting on runtime shim fixtures + CI runner; design `deno-runtime-shim.md` drafted but tests cannot run. | Deno Analyzer Guild · Signals Guild | Optional runtime evidence hooks capturing module loads and permissions with path hashing during harnessed execution. |
| 2 | SCANNER-ANALYZERS-DENO-26-010 | TODO | After 26-009, wire CLI (`stella deno trace`) + Worker/Offline Kit using runtime NDJSON contract. | Deno Analyzer Guild · DevOps Guild | Package analyzer plug-in and surface CLI/worker commands with offline documentation. |
| 3 | SCANNER-ANALYZERS-DENO-26-011 | TODO | Implement policy signal emitter using runtime metadata once trace shim lands. | Deno Analyzer Guild | Policy signal emitter for capabilities (net/fs/env/ffi/process/crypto), remote origins, npm usage, wasm modules, and dynamic-import warnings. |
| 4 | SCANNER-ANALYZERS-JAVA-21-005 | BLOCKED (2025-11-17) | PREP-SCANNER-ANALYZERS-JAVA-21-005-TESTS-BLOC | Java Analyzer Guild | Framework config extraction: Spring Boot imports, spring.factories, application properties/yaml, Jakarta web.xml/fragments, JAX-RS/JPA/CDI/JAXB configs, logging files, Graal native-image configs. |
| 5 | SCANNER-ANALYZERS-JAVA-21-006 | TODO | Needs outputs from 21-005. | Java Analyzer Guild | JNI/native hint scanner detecting native methods, System.load/Library literals, bundled native libs, Graal JNI configs; emit `jni-load` edges. |
| 6 | SCANNER-ANALYZERS-JAVA-21-007 | TODO | After 21-006; align manifest parsing with resolver. | Java Analyzer Guild | Signature and manifest metadata collector capturing JAR signature structure, signers, and manifest loader attributes (Main-Class, Agent-Class, Start-Class, Class-Path). |
| 7 | SCANNER-ANALYZERS-JAVA-21-008 | BLOCKED (2025-10-27) | PREP-SCANNER-ANALYZERS-JAVA-21-008-WAITING-ON | Java Analyzer Guild | Implement resolver + AOC writer emitting entrypoints, components, and edges (jpms, cp, spi, reflect, jni) with reason codes and confidence. |
| 8 | SCANNER-ANALYZERS-JAVA-21-009 | TODO | Unblock when 21-008 lands; prepare fixtures in parallel where safe. | Java Analyzer Guild · QA Guild | Comprehensive fixtures (modular app, boot fat jar, war, ear, MR-jar, jlink image, JNI, reflection heavy, signed jar, microprofile) with golden outputs and perf benchmarks. |
| 9 | SCANNER-ANALYZERS-JAVA-21-010 | TODO | After 21-009; requires runtime capture design. | Java Analyzer Guild · Signals Guild | Optional runtime ingestion via Java agent + JFR reader capturing class load, ServiceLoader, System.load events with path scrubbing; append-only runtime edges (`runtime-class`/`runtime-spi`/`runtime-load`). |
| 10 | SCANNER-ANALYZERS-JAVA-21-011 | TODO | Depends on 21-010; finalize DI/manifest registration and docs. | Java Analyzer Guild · DevOps Guild | Package analyzer as restart-time plug-in, update Offline Kit docs, add CLI/worker hooks for Java inspection commands. |
| 11 | SCANNER-ANALYZERS-LANG-11-001 | BLOCKED (2025-11-17) | PREP-SCANNER-ANALYZERS-LANG-11-001-DOTNET-TES | StellaOps.Scanner EPDR Guild · Language Analyzer Guild | Entrypoint resolver mapping project/publish artifacts to entrypoint identities (assembly name, MVID, TFM, RID) and environment profiles; output normalized `entrypoints[]` with deterministic IDs. |
## Execution Log
| 1 | SCANNER-ANALYZERS-DENO-26-009 | BLOCKED (2025-11-19) | Waiting on runtime shim fixtures + CI runner; design `deno-runtime-shim.md` drafted but tests cannot run. | Deno Analyzer Guild · Signals Guild | Optional runtime evidence hooks capturing module loads and permissions with path hashing during harnessed execution. |
| 2 | SCANNER-ANALYZERS-DENO-26-010 | TODO | After 26-009, wire CLI (`stella deno trace`) + Worker/Offline Kit using runtime NDJSON contract. | Deno Analyzer Guild · DevOps Guild | Package analyzer plug-in and surface CLI/worker commands with offline documentation. |
| 3 | SCANNER-ANALYZERS-DENO-26-011 | TODO | Implement policy signal emitter using runtime metadata once trace shim lands. | Deno Analyzer Guild | Policy signal emitter for capabilities (net/fs/env/ffi/process/crypto), remote origins, npm usage, wasm modules, and dynamic-import warnings. |
| 4 | SCANNER-ANALYZERS-JAVA-21-005 | BLOCKED (2025-11-17) | PREP-SCANNER-ANALYZERS-JAVA-21-005-TESTS-BLOC | Java Analyzer Guild | Framework config extraction: Spring Boot imports, spring.factories, application properties/yaml, Jakarta web.xml/fragments, JAX-RS/JPA/CDI/JAXB configs, logging files, Graal native-image configs. |
| 5 | SCANNER-ANALYZERS-JAVA-21-006 | TODO | Needs outputs from 21-005. | Java Analyzer Guild | JNI/native hint scanner detecting native methods, System.load/Library literals, bundled native libs, Graal JNI configs; emit `jni-load` edges. |
| 6 | SCANNER-ANALYZERS-JAVA-21-007 | TODO | After 21-006; align manifest parsing with resolver. | Java Analyzer Guild | Signature and manifest metadata collector capturing JAR signature structure, signers, and manifest loader attributes (Main-Class, Agent-Class, Start-Class, Class-Path). |
| 7 | SCANNER-ANALYZERS-JAVA-21-008 | BLOCKED (2025-10-27) | PREP-SCANNER-ANALYZERS-JAVA-21-008-WAITING-ON | Java Analyzer Guild | Implement resolver + AOC writer emitting entrypoints, components, and edges (jpms, cp, spi, reflect, jni) with reason codes and confidence. |
| 8 | SCANNER-ANALYZERS-JAVA-21-009 | TODO | Unblock when 21-008 lands; prepare fixtures in parallel where safe. | Java Analyzer Guild · QA Guild | Comprehensive fixtures (modular app, boot fat jar, war, ear, MR-jar, jlink image, JNI, reflection heavy, signed jar, microprofile) with golden outputs and perf benchmarks. |
| 9 | SCANNER-ANALYZERS-JAVA-21-010 | TODO | After 21-009; requires runtime capture design. | Java Analyzer Guild · Signals Guild | Optional runtime ingestion via Java agent + JFR reader capturing class load, ServiceLoader, System.load events with path scrubbing; append-only runtime edges (`runtime-class`/`runtime-spi`/`runtime-load`). |
| 10 | SCANNER-ANALYZERS-JAVA-21-011 | TODO | Depends on 21-010; finalize DI/manifest registration and docs. | Java Analyzer Guild · DevOps Guild | Package analyzer as restart-time plug-in, update Offline Kit docs, add CLI/worker hooks for Java inspection commands. |
| 11 | SCANNER-ANALYZERS-LANG-11-001 | BLOCKED (2025-11-17) | PREP-SCANNER-ANALYZERS-LANG-11-001-DOTNET-TES | StellaOps.Scanner EPDR Guild · Language Analyzer Guild | Entrypoint resolver mapping project/publish artifacts to entrypoint identities (assembly name, MVID, TFM, RID) and environment profiles; output normalized `entrypoints[]` with deterministic IDs. |
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Published prep docs for P2/P3: `docs/modules/scanner/prep/2025-11-20-java-21-008-prep.md` and `docs/modules/scanner/prep/2025-11-20-lang-11-001-prep.md`; set PREP P2/P3 to DOING after confirming unowned. | Project Mgmt |
| 2025-11-20 | Published prep note for SCANNER-ANALYZERS-JAVA-21-005 (docs/modules/scanner/prep/2025-11-20-java-21-005-prep.md); pinged Concelier/CoreLinksets owners for missing packages and CI isolation. | Project Mgmt |
| 2025-11-20 | Confirmed PREP-SCANNER-ANALYZERS-JAVA-21-005-TESTS-BLOC still TODO; moved to DOING to capture blockers and prep artefact. | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-17 | Normalised sprint file to standard template and renamed from `SPRINT_131_scanner_surface.md` to `SPRINT_0131_scanner_surface.md`; no semantic changes. | Planning |
| 2025-11-17 | Attempted `./tools/dotnet-filter.sh test src/Scanner/StellaOps.Scanner.sln --no-restore`; build ran ~72s compiling scanner/all projects without completing tests, then aborted locally to avoid runaway build. Follow-up narrow build `dotnet build src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet/StellaOps.Scanner.Analyzers.Lang.DotNet.csproj` also stalled ~28s in target resolution before manual stop. Blocker persists; needs clean CI runner or scoped test project to finish LANG-11-001 validation. | Implementer |
| 2025-11-17 | Started SCANNER-ANALYZERS-JAVA-21-005: initial framework config extraction (Spring configs, JPA/CDI/JAXB, logging, Graal native-image) implemented with evidence + metadata; added regression test scaffold. | Implementer |
| 2025-11-17 | SCANNER-ANALYZERS-JAVA-21-005: Added Spring Boot `.imports` detection and web-fragment coverage; refreshed framework-config test to assert imports + fragment metadata. Test run blocked by Concelier Mongo build errors (missing CoreLinksets interfaces); rerun once repository build is green. | Java Analyzer Guild |
| 2025-11-19 | SCANNER-ANALYZERS-JAVA-21-005: Added SHA-256 evidence for framework configs (spring.factories, app/bootstrap config, web.xml, etc.) and updated regression test to assert hashed config evidence. Test run aborted due to solution restore contention; rerun needed when runner is free. | Java Analyzer Guild |
| 2025-11-17 | Targeted `dotnet test src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Java.Tests/StellaOps.Scanner.Analyzers.Lang.Java.Tests.csproj --no-restore`; build pulled large Concelier/Surface dependencies and stalled ~35s before manual abort (no test results). Need clean CI or lighter test target to validate 21-005. | Implementer |
| 2025-11-19 | SCANNER-ANALYZERS-JAVA-21-005: Another targeted restore/test attempt aborted after ~59s during restore due to solution contention; no test results. Await clean runner/CI. | Implementer |
| 2025-11-17 | Reviewed Deno analyzer scope; runtime evidence hook contract and policy-signal keys not defined in docs or code. Marked DENO-26-009/010/011 as BLOCKED pending approved trace/signal schema shared with Surface/Signals. | Implementer |
| 2025-11-17 | SCANNER-ANALYZERS-JAVA-21-005: Added JNI/native hint scanning (native libs, Graal jni-config, System.load/Library strings) with component metadata + evidence; targeted tests added. Test run aborted ~80s in due to concurrent repo-wide builds; rerun on clean runner. | Java Analyzer Guild |
| 2025-11-17 | Authored `docs/modules/scanner/design/deno-runtime-signals.md` defining NDJSON runtime trace + policy signal keys; unblocked DENO-26-009/010/011 back to TODO. | Implementer |
| 2025-11-17 | Implemented Deno runtime NDJSON serializer + metadata (module/permission counts, remote origins, npm/wasm/dynamic import counts) with deterministic ordering and hash; added regression tests for serializer, path hashing, recorder ordering, and policy signal emission. Loader/require shim still pending. | Implementer |
| 2025-11-17 | Deno runtime tests passing: `dotnet test src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Deno.Tests/StellaOps.Scanner.Analyzers.Lang.Deno.Tests.csproj --no-restore`. | Implementer |
| 2025-11-17 | DenoLanguageAnalyzer now ingests `deno-runtime.ndjson` if present, computes metadata/hash, stores runtime payload in AnalysisStore, and emits policy signals; added runtime probe parser + tests. Loader/require shim that generates the trace remains to be built. | Implementer |
| 2025-11-17 | Extended runtime metadata/signals to include npm/wasm/dynamic-import counts and unique permissions; AnalysisStore payload now carries these fields for CLI/Worker consumption. | Implementer |
| 2025-11-17 | Marked DENO-26-009/010/011 BLOCKED: need approved Deno loader/require harness to generate runtime NDJSON in offline mode; pending Signals/Surface design. | Implementer |
| 2025-11-17 | Authored loader/trace shim plan `docs/modules/scanner/design/deno-runtime-shim.md` describing Deno harness injection, event capture, determinism rules, and fixtures; unblocks DENO-26-009 back to DOING. | Implementer |
| 2025-11-17 | Added runtime shim source helper + test; shim writes `trace-shim.ts` containing runtime capture hooks (module load, permission use, wasm load, npm hint) for offline trace generation. | Implementer |
| 2025-11-17 | Re-ran Deno runtime tests after status update; still passing (`dotnet test ...Deno.Tests.csproj --no-restore`). | Implementer |
| 2025-11-17 | Normalised sprint file to standard template and renamed from `SPRINT_131_scanner_surface.md` to `SPRINT_0131_scanner_surface.md`; no semantic changes. | Planning |
| 2025-11-17 | Attempted `./tools/dotnet-filter.sh test src/Scanner/StellaOps.Scanner.sln --no-restore`; build ran ~72s compiling scanner/all projects without completing tests, then aborted locally to avoid runaway build. Follow-up narrow build `dotnet build src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet/StellaOps.Scanner.Analyzers.Lang.DotNet.csproj` also stalled ~28s in target resolution before manual stop. Blocker persists; needs clean CI runner or scoped test project to finish LANG-11-001 validation. | Implementer |
| 2025-11-17 | Started SCANNER-ANALYZERS-JAVA-21-005: initial framework config extraction (Spring configs, JPA/CDI/JAXB, logging, Graal native-image) implemented with evidence + metadata; added regression test scaffold. | Implementer |
| 2025-11-17 | SCANNER-ANALYZERS-JAVA-21-005: Added Spring Boot `.imports` detection and web-fragment coverage; refreshed framework-config test to assert imports + fragment metadata. Test run blocked by Concelier Mongo build errors (missing CoreLinksets interfaces); rerun once repository build is green. | Java Analyzer Guild |
| 2025-11-19 | SCANNER-ANALYZERS-JAVA-21-005: Added SHA-256 evidence for framework configs (spring.factories, app/bootstrap config, web.xml, etc.) and updated regression test to assert hashed config evidence. Test run aborted due to solution restore contention; rerun needed when runner is free. | Java Analyzer Guild |
| 2025-11-17 | Targeted `dotnet test src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Java.Tests/StellaOps.Scanner.Analyzers.Lang.Java.Tests.csproj --no-restore`; build pulled large Concelier/Surface dependencies and stalled ~35s before manual abort (no test results). Need clean CI or lighter test target to validate 21-005. | Implementer |
| 2025-11-19 | SCANNER-ANALYZERS-JAVA-21-005: Another targeted restore/test attempt aborted after ~59s during restore due to solution contention; no test results. Await clean runner/CI. | Implementer |
| 2025-11-17 | Reviewed Deno analyzer scope; runtime evidence hook contract and policy-signal keys not defined in docs or code. Marked DENO-26-009/010/011 as BLOCKED pending approved trace/signal schema shared with Surface/Signals. | Implementer |
| 2025-11-17 | SCANNER-ANALYZERS-JAVA-21-005: Added JNI/native hint scanning (native libs, Graal jni-config, System.load/Library strings) with component metadata + evidence; targeted tests added. Test run aborted ~80s in due to concurrent repo-wide builds; rerun on clean runner. | Java Analyzer Guild |
| 2025-11-17 | Authored `docs/modules/scanner/design/deno-runtime-signals.md` defining NDJSON runtime trace + policy signal keys; unblocked DENO-26-009/010/011 back to TODO. | Implementer |
| 2025-11-17 | Implemented Deno runtime NDJSON serializer + metadata (module/permission counts, remote origins, npm/wasm/dynamic import counts) with deterministic ordering and hash; added regression tests for serializer, path hashing, recorder ordering, and policy signal emission. Loader/require shim still pending. | Implementer |
| 2025-11-17 | Deno runtime tests passing: `dotnet test src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Deno.Tests/StellaOps.Scanner.Analyzers.Lang.Deno.Tests.csproj --no-restore`. | Implementer |
| 2025-11-17 | DenoLanguageAnalyzer now ingests `deno-runtime.ndjson` if present, computes metadata/hash, stores runtime payload in AnalysisStore, and emits policy signals; added runtime probe parser + tests. Loader/require shim that generates the trace remains to be built. | Implementer |
| 2025-11-17 | Extended runtime metadata/signals to include npm/wasm/dynamic-import counts and unique permissions; AnalysisStore payload now carries these fields for CLI/Worker consumption. | Implementer |
| 2025-11-17 | Marked DENO-26-009/010/011 BLOCKED: need approved Deno loader/require harness to generate runtime NDJSON in offline mode; pending Signals/Surface design. | Implementer |
| 2025-11-17 | Authored loader/trace shim plan `docs/modules/scanner/design/deno-runtime-shim.md` describing Deno harness injection, event capture, determinism rules, and fixtures; unblocks DENO-26-009 back to DOING. | Implementer |
| 2025-11-17 | Added runtime shim source helper + test; shim writes `trace-shim.ts` containing runtime capture hooks (module load, permission use, wasm load, npm hint) for offline trace generation. | Implementer |
| 2025-11-17 | Re-ran Deno runtime tests after status update; still passing (`dotnet test ...Deno.Tests.csproj --no-restore`). | Implementer |
## Decisions & Risks
- Scanner record payload schema still unpinned; drafting prep at `docs/modules/scanner/prep/2025-11-21-scanner-records-prep.md` while waiting for analyzer output confirmation from Scanner Guild.
- `SCANNER-ANALYZERS-LANG-11-001` blocked (2025-11-17): local `dotnet test` hangs/returns empty output; requires clean runner/CI hang diagnostics to progress and regenerate goldens.
- Additional note: dotnet-filter wrapper avoids `workdir:` injection but full solution builds still stall locally; recommend CI/clean runner and/or scoped project tests to gather logs for LANG-11-001.
- `SCANNER-ANALYZERS-JAVA-21-008` blocked (2025-10-27): resolver capacity needed to produce entrypoint/component/edge outputs; downstream tasks remain stalled until resolved.
@@ -71,9 +72,9 @@
- Loader/require shim implementation still pending for DENO-26-009; must stay offline-first and AnalysisStore-compatible before wiring DENO-26-010/011.
- PREP note for SCANNER-ANALYZERS-JAVA-21-005 published at `docs/modules/scanner/prep/2025-11-20-java-21-005-prep.md`; awaiting CoreLinksets package fix and isolated CI slot before tests can run.
- PREP docs added for SCANNER-ANALYZERS-JAVA-21-008 (`docs/modules/scanner/prep/2025-11-20-java-21-008-prep.md`) and LANG-11-001 (`docs/modules/scanner/prep/2025-11-20-lang-11-001-prep.md`); both depend on resolver outputs/CI isolation.
## Next Checkpoints
| Date (UTC) | Session | Goal | Impacted work | Owner |
| --- | --- | --- | --- | --- |
| 2025-11-18 | Scanner EPDR triage | Reproduce and debug `dotnet test` hang for LANG-11-001 on clean runner; capture logs for unblock. | SCANNER-ANALYZERS-LANG-11-001 | Signals Guild |
| 2025-11-19 | Java analyzer sequencing | Confirm resolver plan for 21-008 and schedule fixtures for 21-009 accordingly. | SCANNER-ANALYZERS-JAVA-21-008/009 | Java Analyzer Guild |
## Next Checkpoints
| Date (UTC) | Session | Goal | Impacted work | Owner |
| --- | --- | --- | --- | --- |
| 2025-11-18 | Scanner EPDR triage | Reproduce and debug `dotnet test` hang for LANG-11-001 on clean runner; capture logs for unblock. | SCANNER-ANALYZERS-LANG-11-001 | Signals Guild |
| 2025-11-19 | Java analyzer sequencing | Confirm resolver plan for 21-008 and schedule fixtures for 21-009 accordingly. | SCANNER-ANALYZERS-JAVA-21-008/009 | Java Analyzer Guild |

27
docs/implplan/SPRINT_0132_0001_0001_scanner_surface.md
View File

@@ -55,6 +55,16 @@
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-21 | Added cleanup helper `scripts/cleanup-runner-space.sh` to reclaim workspace space (TestResults/out/artifacts/tmp); still blocked from rerun until disk is cleared. | Implementer |
| 2025-11-21 | Added runner wrapper `scripts/run-node-isolated.sh` (enables cleanup + offline cache env) so once disk is cleared the isolated Node suite can be launched with a single command. | Implementer |
| 2025-11-21 | Tightened node runsettings filter to `FullyQualifiedName~Lang.Node.Tests`; cannot rerun because the runner reports No space left on device when opening PTYs. Need workspace clean-up before next test attempt. | Implementer |
| 2025-11-21 | Tightened node runsettings filter to `FullyQualifiedName~Lang.Node.Tests`; rerun blocked because runner cannot open PTYs (“No space left on device”). | Implementer |
| 2025-11-21 | Node isolated test rerun halted due to runner disk full (`No space left on device`) before reporting results; need workspace cleanup to proceed. | Implementer |
| 2025-11-20 | Resolved Concelier.Storage.Mongo build blockers (missing JetStream config types, AdvisoryLinksetDocument, IHostedService, and immutable helpers). `dotnet test src/Scanner/StellaOps.Scanner.Node.slnf --no-restore /m:1` now builds the isolated graph; test run stops inside `StellaOps.Scanner.Analyzers.Lang.Tests` due to Ruby and Rust snapshot drifts, so Node analyzer tests still not exercised. | Implementer |
| 2025-11-20 | Patched Concelier.Storage.Mongo (deduped AdvisoryObservationSourceDocument, added JetStream package/usings) and set `UseConcelierTestInfra=false` for Scanner lang/node tests to strip Concelier test harness. Direct `dotnet test` on Node tests still fails because Concelier connectors remain in the build graph even with `BuildProjectReferences=false` (missing Connector/Common & Storage.Mongo ref outputs). Further detangling of Concelier injection in src/Directory.Build.props needed. | Implementer |
| 2025-11-20 | Retried isolated test run with slimmer solution filter (removed Concelier.Testing) and hydrated authsignals in offline cache; restore/build now succeed but `dotnet test` still fails because Concelier.Storage.Mongo compiles as a transitive dependency and has duplicate `AdvisoryObservationSourceDocument` + missing `NatsJSContext`. Node analyzer tests not executed. | Implementer |
| 2025-11-20 | Isolated restore now succeeds using offline cache; `dotnet test src/Scanner/StellaOps.Scanner.Node.slnf --no-restore` fails building Concelier dependencies (duplicate `AdvisoryObservationSourceDocument` in Storage.Mongo and missing `NatsJSContext` type). Node analyzer tests remain blocked on upstream Concelier build break. | Implementer |
| 2025-11-20 | Updated isolated runner script to use correct runsettings path and build (`--no-restore`) after offline restore; offline gap snapshot refreshed (`offline/restore_missing_snapshot.txt`). | Implementer |
| 2025-11-20 | Attempted node isolated restore/test; restore failed fetching Microsoft.TestPlatform.TestHost (nuget.org) because offline package path was wrong. Script corrected to use `offline/packages`. Re-run still needed. | Implementer |
| 2025-11-20 | Second isolated restore attempt ran ~48s then cancelled; still needs seeding `Microsoft.TestPlatform.TestHost 17.14.1` into offline/packages to complete. | Implementer |
| 2025-11-20 | Isolated restore retried after seeding TestHost; still failing due to missing packages from offline cache (e.g., MongoDB.Driver.Core 2.12.0). Further seeding needed before tests can run. | Implementer |
@@ -88,14 +98,27 @@
| 2025-11-18 | SCANNER-ANALYZERS-LANG-11-002..005: Marked BLOCKED because upstream task 11-001 outputs/contracts are not available; dependencies in 11-003..005 cascade. No code changes made. | Implementer |
## Decisions & Risks
- Added cleanup script `scripts/cleanup-runner-space.sh` to clear workspace outputs (TestResults/out/artifacts/tmp) when disk-full blocks PTY; run before the next isolated Node test attempt.
- Scanner AGENTS.md added 2025-11-17; keep in sync with scanner architecture and future advisories.
- Sprint execution gated on completion of Sprint 131; monitor for slippage to avoid cascading delays in 130139 chain.
- Prep note for analyzer PREP tasks captured in `docs/modules/scanner/prep/2025-11-20-analyzers-prep.md`; use it as the interim contract until upstream writer/runtime contracts land.
- Native analyzer format-detector completed; NAT-20-002 still blocked on declared-dependency writer interfaceprep note defines expected payload to reduce rework once contract lands.
- Node analyzer isolation plan published (see `docs/modules/scanner/prep/2025-11-20-node-isolated-runner.md`); offline cache still incomplete after multiple restore attempts (latest NU1101 StellaOps.Policy.AuthSignals). Need full dependency seed before isolated run and tests can pass.
- Node analyzer isolation plan published (see `docs/modules/scanner/prep/2025-11-20-node-isolated-runner.md`); offline cache hydrated and Concelier/Esprima build blockers resolved. Isolated test run still pending because the runner is out of disk space (“No space left on device”) and cannot start PTYs.
- Disk space on the runner is exhausted; free workspace space (e.g., `TestResults/`, `out/`, `/tmp`, duplicate offline packages) before rerunning the isolated Node suite.
- Node analyzer isolation: Concelier and Esprima build blockers resolved. Latest test attempt blocked by disk-full on runner (“No space left on device”) before results were emitted; requires workspace cleanup to retry.
- Node analyzer isolation test execution blocked by runner disk exhaustion (“No space left on device”) before results could be captured; cannot proceed until workspace free space is recovered.
- .NET analyzer chain (11-002..005) remains blocked awaiting upstream static-analyzer contract (11-001) and downstream writer/export contracts; runtime fusion prep recorded but cannot proceed until contracts exist.
- Node isolated tests currently fail due to upstream Concelier build errors (duplicate `AdvisoryObservationSourceDocument` definition and missing `NatsJSContext` in Storage.Mongo); Node analyzer code not executed. Requires Concelier fix or exclusion before tests can validate.
## Next Checkpoints
- 2025-11-19: Sprint kickoff (owner: Scanner PM), contingent on Sprint 131 sign-off.
- 2025-11-26: Mid-sprint review (owner: EPDR Guild lead) to validate observation exports and resolver behavior.
| 2025-11-18 | SCANNER-ANALYZERS-NODE-22-001: Added Yarn PnP cache zip traversal, emitter sets yarnPnp metadata, new fixture/tests (`yarn-pnp`); test run aborted due to long-running solution buildrerun on clean runner. | Node Analyzer Guild |
| 2025-11-18 | SCANNER-ANALYZERS-NODE-22-001: Added Yarn PnP cache zip traversal, emitter sets yarnPnp metadata, new fixture/tests (`yarn-pnp`); test run aborted due to long-running solution buildrerun on clean runner. | Node Analyzer Guild |
## Cleanup Helper (added 2025-11-21)
- Script: `scripts/cleanup-runner-space.sh`
- Purpose: reclaim workspace space (removes `TestResults/`, `out/`, `artifacts/`, `tmp/`) when the runner reports No space left on device”.
- Safe to run before rerunning isolated Node tests; leaves sources and offline caches intact.
- Optionally set `CLEAN_BEFORE_NODE_TESTS=1` when invoking `node-tests-isolated.sh` to run the cleanup helper automatically before the test run.
- Wrapper script available: `scripts/run-node-isolated.sh` sets the offline cache env, enables pre-test cleanup, and invokes the isolated Node test script with minimal logging.
- If needed, set executable bits once disk is available: `chmod +x scripts/cleanup-runner-space.sh scripts/run-node-isolated.sh`.

146
docs/implplan/SPRINT_0138_0000_0001_scanner_ruby_parity.md
View File

@@ -1,73 +1,73 @@
# Sprint 0138 · Scanner & Surface — Ruby Analyzer Parity
## Topic & Scope
- Achieve Ruby analyzer parity: runtime require/autoload graphs, capability signals, observation payloads, package inventories, and CLI/WebService wiring for scan/digest lookup.
- Sustain EntryTrace heuristic cadence with deterministic fixtures and explain-trace updates drawn from competitor gap benchmarks.
- Prepare runway for language coverage expansion (PHP now, Deno/Dart/Swift scoped) to keep parity roadmap on track.
- **Working directory:** `src/Scanner` (Analyzer, Worker, WebService, CLI surfaces) and supporting docs under `docs/modules/scanner`.
## Dependencies & Concurrency
- Depends on Sprint 0137 · Scanner.VIII (gap designs locked) and Sprint 0135 · Scanner.VI (EntryTrace foundations).
- Feeds Sprint 0139 and downstream CLI releases once Ruby analyzer, policy, and licensing tracks land.
- Parallel-safe with other modules; ensure Mongo is available when touching package inventory store tasks.
## Documentation Prerequisites
- `docs/README.md`; `docs/07_HIGH_LEVEL_ARCHITECTURE.md`.
- `docs/modules/scanner/architecture.md`; `docs/modules/scanner/operations/dsse-rekor-operator-guide.md`.
- AGENTS for involved components: `src/Scanner/StellaOps.Scanner.Worker/AGENTS.md`, `src/Scanner/StellaOps.Scanner.WebService/AGENTS.md`, `src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby/AGENTS.md`, `src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php/AGENTS.md`, `src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno/AGENTS.md`, `src/Scanner/StellaOps.Scanner.Analyzers.Lang.Dart/AGENTS.md`, `src/Scanner/StellaOps.Scanner.Analyzers.Native/AGENTS.md`.
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-SCANNER-ENG-0010-AWAIT-COMPOSER-AUTOLOAD | BLOCKED | Due 2025-11-22 · Accountable: PHP Analyzer Guild (`src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php`) | PHP Analyzer Guild (`src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php`) | Await composer/autoload graph design + staffing; no PHP analyzer scaffolding exists yet. <br><br> Document artefact/deliverable for SCANNER-ENG-0010 and publish location so downstream tasks can proceed. |
| P2 | PREP-SCANNER-ENG-0011-NEEDS-DENO-RUNTIME-ANAL | BLOCKED | Due 2025-11-22 · Accountable: Language Analyzer Guild (`src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno`) | Language Analyzer Guild (`src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno`) | Needs Deno runtime analyzer scope + lockfile/import graph design; pending competitive review. <br><br> Document artefact/deliverable for SCANNER-ENG-0011 and publish location so downstream tasks can proceed. |
| P3 | PREP-SCANNER-ENG-0012-DEFINE-DART-ANALYZER-RE | BLOCKED | Due 2025-11-22 · Accountable: Language Analyzer Guild (`src/Scanner/StellaOps.Scanner.Analyzers.Lang.Dart`) | Language Analyzer Guild (`src/Scanner/StellaOps.Scanner.Analyzers.Lang.Dart`) | Define Dart analyzer requirements (pubspec parsing, AOT artifacts) and split into tasks. <br><br> Document artefact/deliverable for SCANNER-ENG-0012 and publish location so downstream tasks can proceed. |
| P4 | PREP-SCANNER-ENG-0013-DRAFT-SWIFTPM-COVERAGE | BLOCKED | Due 2025-11-22 · Accountable: Swift Analyzer Guild (`src/Scanner/StellaOps.Scanner.Analyzers.Native`) | Swift Analyzer Guild (`src/Scanner/StellaOps.Scanner.Analyzers.Native`) | Draft SwiftPM coverage plan; align policy hooks; awaiting design kick-off. <br><br> Document artefact/deliverable for SCANNER-ENG-0013 and publish location so downstream tasks can proceed. |
| P5 | PREP-SCANNER-ENG-0014-NEEDS-JOINT-ROADMAP-WIT | BLOCKED | Due 2025-11-22 · Accountable: Runtime Guild, Zastava Guild (`docs/modules/scanner`) | Runtime Guild, Zastava Guild (`docs/modules/scanner`) | Needs joint roadmap with Zastava/Runtime guilds for Kubernetes/VM alignment. <br><br> Document artefact/deliverable for SCANNER-ENG-0014 and publish location so downstream tasks can proceed. |
| 1 | SCANNER-ENG-0008 | DONE (2025-11-16) | Cadence documented; quarterly review workflow published for EntryTrace heuristics. | EntryTrace Guild, QA Guild (`src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace`) | Maintain EntryTrace heuristic cadence per `docs/benchmarks/scanner/scanning-gaps-stella-misses-from-competitors.md`, including explain-trace updates. |
| 2 | SCANNER-ENG-0009 | DONE (2025-11-13) | Release handoff to Sprint 0139 consumers; monitor Mongo-backed inventory rollout. | Ruby Analyzer Guild (`src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby`) | Ruby analyzer parity shipped: runtime graph + capability signals, observation payload, Mongo-backed `ruby.packages` inventory, CLI/WebService surfaces, and plugin manifest bundles for Worker loadout. |
| 3 | SCANNER-ENG-0010 | BLOCKED | PREP-SCANNER-ENG-0010-AWAIT-COMPOSER-AUTOLOAD | PHP Analyzer Guild (`src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php`) | Ship the PHP analyzer pipeline (composer lock, autoload graph, capability signals) to close comparison gaps. |
| 4 | SCANNER-ENG-0011 | BLOCKED | PREP-SCANNER-ENG-0011-NEEDS-DENO-RUNTIME-ANAL | Language Analyzer Guild (`src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno`) | Scope the Deno runtime analyzer (lockfile resolver, import graphs) beyond Sprint 130 coverage. |
| 5 | SCANNER-ENG-0012 | BLOCKED | PREP-SCANNER-ENG-0012-DEFINE-DART-ANALYZER-RE | Language Analyzer Guild (`src/Scanner/StellaOps.Scanner.Analyzers.Lang.Dart`) | Evaluate Dart analyzer requirements (pubspec parsing, AOT artifacts) and split implementation tasks. |
| 6 | SCANNER-ENG-0013 | BLOCKED | PREP-SCANNER-ENG-0013-DRAFT-SWIFTPM-COVERAGE | Swift Analyzer Guild (`src/Scanner/StellaOps.Scanner.Analyzers.Native`) | Plan Swift Package Manager coverage (Package.resolved, xcframeworks, runtime hints) with policy hooks. |
| 7 | SCANNER-ENG-0014 | BLOCKED | PREP-SCANNER-ENG-0014-NEEDS-JOINT-ROADMAP-WIT | Runtime Guild, Zastava Guild (`docs/modules/scanner`) | Align Kubernetes/VM target coverage between Scanner and Zastava per comparison findings; publish joint roadmap. |
| 8 | SCANNER-ENG-0015 | DONE (2025-11-13) | Ready for Ops training; track adoption metrics. | Export Center Guild, Scanner Guild (`docs/modules/scanner`) | DSSE/Rekor operator playbook published with config/env tables, rollout phases, offline verification, and SLA/alert guidance. |
| 9 | SCANNER-ENG-0016 | DONE (2025-11-10) | Monitor bundler override edge cases; keep fixtures deterministic. | Ruby Analyzer Guild (`src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby`) | RubyLockCollector and vendor ingestion finalized: Bundler overrides honoured, workspace lockfiles merged, vendor bundles normalised, deterministic fixtures added. |
| 10 | SCANNER-ENG-0017 | DONE (2025-11-09) | Keep tree-sitter Ruby grammar pinned; reuse EntryTrace hints for regressions. | Ruby Analyzer Guild (`src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby`) | Build runtime require/autoload graph builder with tree-sitter Ruby per design §4.4 and integrate EntryTrace hints. |
| 11 | SCANNER-ENG-0018 | DONE (2025-11-09) | Feed predicates to policy docs; monitor capability gaps. | Ruby Analyzer Guild (`src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby`) | Emit Ruby capability + framework surface signals per design §4.5 with policy predicate hooks. |
| 12 | SCANNER-ENG-0019 | DONE (2025-11-13) | Observe CLI/WebService adoption; ensure scanId resolution metrics logged. | Ruby Analyzer Guild, CLI Guild (`src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby`) | Ruby CLI verbs resolve inventories by scan ID, digest, or image reference; WebService fallbacks + CLI client encoding cover both digests and tagged references. |
| 13 | SCANNER-LIC-0001 | DONE (2025-11-10) | Keep Offline Kit mirrors current with ruby artifacts. | Scanner Guild, Legal Guild (`docs/modules/scanner`) | Tree-sitter licensing captured, `NOTICE.md` updated, and Offline Kit now mirrors `third-party-licenses/` with ruby artifacts. |
| 14 | SCANNER-POLICY-0001 | DONE (2025-11-10) | Align DSL docs with future PHP/Deno/Dart predicates. | Policy Guild, Ruby Analyzer Guild (`docs/modules/scanner`) | Ruby predicates shipped: Policy Engine exposes `sbom.any_component` + `ruby.*`, tests updated, DSL/offline-kit docs refreshed. |
| 15 | SCANNER-CLI-0001 | DONE (2025-11-10) | Final verification of docs/help; handoff to CLI release notes. | CLI Guild, Ruby Analyzer Guild (`src/Cli/StellaOps.Cli`) | Coordinate CLI UX/help text for new Ruby verbs and update CLI docs/golden outputs. |
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-19 | Removed trailing hyphen from PREP-SCANNER-ENG-0013-DRAFT-SWIFTPM-COVERAGE so SCANNER-ENG-0013 dependency resolves. | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-19 | Marked PREP tasks P1P5 BLOCKED pending composer/Deno/Dart/SwiftPM design contracts and Zastava/Runtime roadmap; downstream SCANNER-ENG-0010..0014 remain gated. | Project Mgmt |
| 2025-11-09 | `SCANNER-CLI-0001`: Spectre table wrapping fix for runtime/lockfile columns; expanded Ruby resolve JSON assertions; removed debug artifacts; docs/tests pending final merge. | CLI Guild |
| 2025-11-09 | `SCANNER-CLI-0001`: Wired `stellaops-cli ruby inspect|resolve` into `CommandFactory` with `--root`, `--image/--scan-id`, `--format`; `dotnet test ... --filter Ruby` passes. | CLI Guild |
| 2025-11-09 | `SCANNER-CLI-0001`: Added CLI unit tests (CommandFactoryTests, Ruby inspect JSON assertions) to guard new verbs and runtime metadata output. | CLI Guild |
| 2025-11-09 | `SCANNER-ENG-0016`: Completed Ruby lock collector & vendor ingestion; honours `.bundle/config` overrides, folds workspace lockfiles, emits bundler groups; fixtures/goldens updated; `dotnet test ... --filter Ruby` passes. | Ruby Analyzer Guild |
| 2025-11-12 | `SCANNER-ENG-0009`: Observation payload + `ruby-observation` component emitted; `complex-app` fixture added for vendor caches/BUNDLE_PATH overrides; bundler-version metadata captured; CLI prints observation banner. | Ruby Analyzer Guild |
| 2025-11-12 | `SCANNER-ENG-0009`: Ruby package inventories flow into `RubyPackageInventoryStore`; `SurfaceManifestStageExecutor` builds package list; WebService exposes `GET /api/scans/{scanId}/ruby-packages`. | Ruby Analyzer Guild |
| 2025-11-12 | `SCANNER-ENG-0009`: Inventory API returns typed envelope (scanId/imageDigest/generatedAt + packages); Worker/WebService DI registers real/Null stores; CLI `ruby resolve` consumes payload and warns during warmup. | Ruby Analyzer Guild |
| 2025-11-13 | `SCANNER-ENG-0009`: Verified Worker DI wiring; plugin drop mirrors analyzer assembly + manifest for Worker hot-load; tests cover analyzer fixtures, Worker persistence, WebService endpoint. | Ruby Analyzer Guild |
| 2025-11-13 | `SCANNER-ENG-0015`: DSSE/Rekor operator guide expanded with config/env map, rollout runbook, verification snippets, alert/SLO recommendations. | Export Center Guild |
| 2025-11-13 | `SCANNER-ENG-0019`: WebService maps digest/reference identifiers to scan IDs; CLI backend encodes path segments; regression tests (`RubyPackagesEndpointsTests`, `StellaOps.Cli.Tests --filter Ruby`) cover lookup path. | Ruby Analyzer Guild |
| 2025-11-16 | Normalised sprint file to standard template and renamed to `SPRINT_0138_0000_0001_scanner_ruby_parity.md`; no semantic task changes. | Planning |
| 2025-11-16 | `SCANNER-ENG-0008`: Published EntryTrace heuristic cadence doc and recorded task completion; cadence now scheduled quarterly with fixture-first workflow. | EntryTrace Guild |
| 2025-11-16 | `SCANNER-ENG-0010..0014`: Marked BLOCKED pending design/staffing (PHP/Deno/Dart/Swift analyzers, Kubernetes/VM alignment); awaiting guild inputs. | Planning |
| 2025-11-17 | Removed legacy filename `SPRINT_138_scanner_ruby_parity.md` and updated `docs/implplan/tasks-all.md` references to the canonical sprint name to avoid duplication. | Planning |
## Decisions & Risks
- PHP analyzer pipeline (SCANNER-ENG-0010) blocked pending composer/autoload graph design + staffing; parity risk remains.
- Deno, Dart, and Swift analyzers (SCANNER-ENG-0011..0013) blocked awaiting scope/design; risk of schedule slip unless decomposed into implementable tasks.
- Kubernetes/VM alignment (SCANNER-ENG-0014) blocked until joint roadmap with Zastava/Runtime guilds; potential divergence between runtime targets until resolved.
- Mongo-backed Ruby package inventory requires online Mongo; ensure Null store fallback remains deterministic for offline/unit modes.
- EntryTrace cadence now documented; risk reduced to execution discipline—ensure quarterly reviews are logged in `TASKS.md` and sprint logs.
## Next Checkpoints
- Schedule guild sync to staff PHP analyzer pipeline and confirm design entry docs. (TBD week of 2025-11-18)
- Set alignment review with Zastava/Runtime guilds for Kubernetes/VM coverage plan. (TBD)
# Sprint 0138 · Scanner & Surface — Ruby Analyzer Parity
## Topic & Scope
- Achieve Ruby analyzer parity: runtime require/autoload graphs, capability signals, observation payloads, package inventories, and CLI/WebService wiring for scan/digest lookup.
- Sustain EntryTrace heuristic cadence with deterministic fixtures and explain-trace updates drawn from competitor gap benchmarks.
- Prepare runway for language coverage expansion (PHP now, Deno/Dart/Swift scoped) to keep parity roadmap on track.
- **Working directory:** `src/Scanner` (Analyzer, Worker, WebService, CLI surfaces) and supporting docs under `docs/modules/scanner`.
## Dependencies & Concurrency
- Depends on Sprint 0137 · Scanner.VIII (gap designs locked) and Sprint 0135 · Scanner.VI (EntryTrace foundations).
- Feeds Sprint 0139 and downstream CLI releases once Ruby analyzer, policy, and licensing tracks land.
- Parallel-safe with other modules; ensure Mongo is available when touching package inventory store tasks.
## Documentation Prerequisites
- `docs/README.md`; `docs/07_HIGH_LEVEL_ARCHITECTURE.md`.
- `docs/modules/scanner/architecture.md`; `docs/modules/scanner/operations/dsse-rekor-operator-guide.md`.
- AGENTS for involved components: `src/Scanner/StellaOps.Scanner.Worker/AGENTS.md`, `src/Scanner/StellaOps.Scanner.WebService/AGENTS.md`, `src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby/AGENTS.md`, `src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php/AGENTS.md`, `src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno/AGENTS.md`, `src/Scanner/StellaOps.Scanner.Analyzers.Lang.Dart/AGENTS.md`, `src/Scanner/StellaOps.Scanner.Analyzers.Native/AGENTS.md`.
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-SCANNER-ENG-0010-AWAIT-COMPOSER-AUTOLOAD | BLOCKED | Due 2025-11-22 · Accountable: PHP Analyzer Guild (`src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php`) | PHP Analyzer Guild (`src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php`) | Await composer/autoload graph design + staffing; no PHP analyzer scaffolding exists yet. <br><br> Document artefact/deliverable for SCANNER-ENG-0010 and publish location so downstream tasks can proceed. |
| P2 | PREP-SCANNER-ENG-0011-NEEDS-DENO-RUNTIME-ANAL | BLOCKED | Due 2025-11-22 · Accountable: Language Analyzer Guild (`src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno`) | Language Analyzer Guild (`src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno`) | Needs Deno runtime analyzer scope + lockfile/import graph design; pending competitive review. <br><br> Document artefact/deliverable for SCANNER-ENG-0011 and publish location so downstream tasks can proceed. |
| P3 | PREP-SCANNER-ENG-0012-DEFINE-DART-ANALYZER-RE | BLOCKED | Due 2025-11-22 · Accountable: Language Analyzer Guild (`src/Scanner/StellaOps.Scanner.Analyzers.Lang.Dart`) | Language Analyzer Guild (`src/Scanner/StellaOps.Scanner.Analyzers.Lang.Dart`) | Define Dart analyzer requirements (pubspec parsing, AOT artifacts) and split into tasks. <br><br> Document artefact/deliverable for SCANNER-ENG-0012 and publish location so downstream tasks can proceed. |
| P4 | PREP-SCANNER-ENG-0013-DRAFT-SWIFTPM-COVERAGE | BLOCKED | Due 2025-11-22 · Accountable: Swift Analyzer Guild (`src/Scanner/StellaOps.Scanner.Analyzers.Native`) | Swift Analyzer Guild (`src/Scanner/StellaOps.Scanner.Analyzers.Native`) | Draft SwiftPM coverage plan; align policy hooks; awaiting design kick-off. <br><br> Document artefact/deliverable for SCANNER-ENG-0013 and publish location so downstream tasks can proceed. |
| P5 | PREP-SCANNER-ENG-0014-NEEDS-JOINT-ROADMAP-WIT | BLOCKED | Due 2025-11-22 · Accountable: Runtime Guild, Zastava Guild (`docs/modules/scanner`) | Runtime Guild, Zastava Guild (`docs/modules/scanner`) | Needs joint roadmap with Zastava/Runtime guilds for Kubernetes/VM alignment. <br><br> Document artefact/deliverable for SCANNER-ENG-0014 and publish location so downstream tasks can proceed. |
| 1 | SCANNER-ENG-0008 | DONE (2025-11-16) | Cadence documented; quarterly review workflow published for EntryTrace heuristics. | EntryTrace Guild, QA Guild (`src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace`) | Maintain EntryTrace heuristic cadence per `docs/benchmarks/scanner/scanning-gaps-stella-misses-from-competitors.md`, including explain-trace updates. |
| 2 | SCANNER-ENG-0009 | DONE (2025-11-13) | Release handoff to Sprint 0139 consumers; monitor Mongo-backed inventory rollout. | Ruby Analyzer Guild (`src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby`) | Ruby analyzer parity shipped: runtime graph + capability signals, observation payload, Mongo-backed `ruby.packages` inventory, CLI/WebService surfaces, and plugin manifest bundles for Worker loadout. |
| 3 | SCANNER-ENG-0010 | BLOCKED | PREP-SCANNER-ENG-0010-AWAIT-COMPOSER-AUTOLOAD | PHP Analyzer Guild (`src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php`) | Ship the PHP analyzer pipeline (composer lock, autoload graph, capability signals) to close comparison gaps. |
| 4 | SCANNER-ENG-0011 | BLOCKED | PREP-SCANNER-ENG-0011-NEEDS-DENO-RUNTIME-ANAL | Language Analyzer Guild (`src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno`) | Scope the Deno runtime analyzer (lockfile resolver, import graphs) beyond Sprint 130 coverage. |
| 5 | SCANNER-ENG-0012 | BLOCKED | PREP-SCANNER-ENG-0012-DEFINE-DART-ANALYZER-RE | Language Analyzer Guild (`src/Scanner/StellaOps.Scanner.Analyzers.Lang.Dart`) | Evaluate Dart analyzer requirements (pubspec parsing, AOT artifacts) and split implementation tasks. |
| 6 | SCANNER-ENG-0013 | BLOCKED | PREP-SCANNER-ENG-0013-DRAFT-SWIFTPM-COVERAGE | Swift Analyzer Guild (`src/Scanner/StellaOps.Scanner.Analyzers.Native`) | Plan Swift Package Manager coverage (Package.resolved, xcframeworks, runtime hints) with policy hooks. |
| 7 | SCANNER-ENG-0014 | BLOCKED | PREP-SCANNER-ENG-0014-NEEDS-JOINT-ROADMAP-WIT | Runtime Guild, Zastava Guild (`docs/modules/scanner`) | Align Kubernetes/VM target coverage between Scanner and Zastava per comparison findings; publish joint roadmap. |
| 8 | SCANNER-ENG-0015 | DONE (2025-11-13) | Ready for Ops training; track adoption metrics. | Export Center Guild, Scanner Guild (`docs/modules/scanner`) | DSSE/Rekor operator playbook published with config/env tables, rollout phases, offline verification, and SLA/alert guidance. |
| 9 | SCANNER-ENG-0016 | DONE (2025-11-10) | Monitor bundler override edge cases; keep fixtures deterministic. | Ruby Analyzer Guild (`src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby`) | RubyLockCollector and vendor ingestion finalized: Bundler overrides honoured, workspace lockfiles merged, vendor bundles normalised, deterministic fixtures added. |
| 10 | SCANNER-ENG-0017 | DONE (2025-11-09) | Keep tree-sitter Ruby grammar pinned; reuse EntryTrace hints for regressions. | Ruby Analyzer Guild (`src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby`) | Build runtime require/autoload graph builder with tree-sitter Ruby per design §4.4 and integrate EntryTrace hints. |
| 11 | SCANNER-ENG-0018 | DONE (2025-11-09) | Feed predicates to policy docs; monitor capability gaps. | Ruby Analyzer Guild (`src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby`) | Emit Ruby capability + framework surface signals per design §4.5 with policy predicate hooks. |
| 12 | SCANNER-ENG-0019 | DONE (2025-11-13) | Observe CLI/WebService adoption; ensure scanId resolution metrics logged. | Ruby Analyzer Guild, CLI Guild (`src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby`) | Ruby CLI verbs resolve inventories by scan ID, digest, or image reference; WebService fallbacks + CLI client encoding cover both digests and tagged references. |
| 13 | SCANNER-LIC-0001 | DONE (2025-11-10) | Keep Offline Kit mirrors current with ruby artifacts. | Scanner Guild, Legal Guild (`docs/modules/scanner`) | Tree-sitter licensing captured, `NOTICE.md` updated, and Offline Kit now mirrors `third-party-licenses/` with ruby artifacts. |
| 14 | SCANNER-POLICY-0001 | DONE (2025-11-10) | Align DSL docs with future PHP/Deno/Dart predicates. | Policy Guild, Ruby Analyzer Guild (`docs/modules/scanner`) | Ruby predicates shipped: Policy Engine exposes `sbom.any_component` + `ruby.*`, tests updated, DSL/offline-kit docs refreshed. |
| 15 | SCANNER-CLI-0001 | DONE (2025-11-10) | Final verification of docs/help; handoff to CLI release notes. | CLI Guild, Ruby Analyzer Guild (`src/Cli/StellaOps.Cli`) | Coordinate CLI UX/help text for new Ruby verbs and update CLI docs/golden outputs. |
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-19 | Removed trailing hyphen from PREP-SCANNER-ENG-0013-DRAFT-SWIFTPM-COVERAGE so SCANNER-ENG-0013 dependency resolves. | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-19 | Marked PREP tasks P1P5 BLOCKED pending composer/Deno/Dart/SwiftPM design contracts and Zastava/Runtime roadmap; downstream SCANNER-ENG-0010..0014 remain gated. | Project Mgmt |
| 2025-11-09 | `SCANNER-CLI-0001`: Spectre table wrapping fix for runtime/lockfile columns; expanded Ruby resolve JSON assertions; removed debug artifacts; docs/tests pending final merge. | CLI Guild |
| 2025-11-09 | `SCANNER-CLI-0001`: Wired `stellaops-cli ruby inspect|resolve` into `CommandFactory` with `--root`, `--image/--scan-id`, `--format`; `dotnet test ... --filter Ruby` passes. | CLI Guild |
| 2025-11-09 | `SCANNER-CLI-0001`: Added CLI unit tests (CommandFactoryTests, Ruby inspect JSON assertions) to guard new verbs and runtime metadata output. | CLI Guild |
| 2025-11-09 | `SCANNER-ENG-0016`: Completed Ruby lock collector & vendor ingestion; honours `.bundle/config` overrides, folds workspace lockfiles, emits bundler groups; fixtures/goldens updated; `dotnet test ... --filter Ruby` passes. | Ruby Analyzer Guild |
| 2025-11-12 | `SCANNER-ENG-0009`: Observation payload + `ruby-observation` component emitted; `complex-app` fixture added for vendor caches/BUNDLE_PATH overrides; bundler-version metadata captured; CLI prints observation banner. | Ruby Analyzer Guild |
| 2025-11-12 | `SCANNER-ENG-0009`: Ruby package inventories flow into `RubyPackageInventoryStore`; `SurfaceManifestStageExecutor` builds package list; WebService exposes `GET /api/scans/{scanId}/ruby-packages`. | Ruby Analyzer Guild |
| 2025-11-12 | `SCANNER-ENG-0009`: Inventory API returns typed envelope (scanId/imageDigest/generatedAt + packages); Worker/WebService DI registers real/Null stores; CLI `ruby resolve` consumes payload and warns during warmup. | Ruby Analyzer Guild |
| 2025-11-13 | `SCANNER-ENG-0009`: Verified Worker DI wiring; plugin drop mirrors analyzer assembly + manifest for Worker hot-load; tests cover analyzer fixtures, Worker persistence, WebService endpoint. | Ruby Analyzer Guild |
| 2025-11-13 | `SCANNER-ENG-0015`: DSSE/Rekor operator guide expanded with config/env map, rollout runbook, verification snippets, alert/SLO recommendations. | Export Center Guild |
| 2025-11-13 | `SCANNER-ENG-0019`: WebService maps digest/reference identifiers to scan IDs; CLI backend encodes path segments; regression tests (`RubyPackagesEndpointsTests`, `StellaOps.Cli.Tests --filter Ruby`) cover lookup path. | Ruby Analyzer Guild |
| 2025-11-16 | Normalised sprint file to standard template and renamed to `SPRINT_0138_0000_0001_scanner_ruby_parity.md`; no semantic task changes. | Planning |
| 2025-11-16 | `SCANNER-ENG-0008`: Published EntryTrace heuristic cadence doc and recorded task completion; cadence now scheduled quarterly with fixture-first workflow. | EntryTrace Guild |
| 2025-11-16 | `SCANNER-ENG-0010..0014`: Marked BLOCKED pending design/staffing (PHP/Deno/Dart/Swift analyzers, Kubernetes/VM alignment); awaiting guild inputs. | Planning |
| 2025-11-17 | Removed legacy filename `SPRINT_138_scanner_ruby_parity.md` and updated `docs/implplan/tasks-all.md` references to the canonical sprint name to avoid duplication. | Planning |
## Decisions & Risks
- PHP analyzer pipeline (SCANNER-ENG-0010) blocked pending composer/autoload graph design + staffing; parity risk remains.
- Deno, Dart, and Swift analyzers (SCANNER-ENG-0011..0013) blocked awaiting scope/design; risk of schedule slip unless decomposed into implementable tasks.
- Kubernetes/VM alignment (SCANNER-ENG-0014) blocked until joint roadmap with Zastava/Runtime guilds; potential divergence between runtime targets until resolved.
- Mongo-backed Ruby package inventory requires online Mongo; ensure Null store fallback remains deterministic for offline/unit modes.
- EntryTrace cadence now documented; risk reduced to execution discipline—ensure quarterly reviews are logged in `TASKS.md` and sprint logs.
## Next Checkpoints
- Schedule guild sync to staff PHP analyzer pipeline and confirm design entry docs. (TBD week of 2025-11-18)
- Set alignment review with Zastava/Runtime guilds for Kubernetes/VM coverage plan. (TBD)

7
docs/implplan/SPRINT_0140_0001_0001_runtime_signals.md
View File

@@ -24,8 +24,8 @@
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-140-D-ZASTAVA-WAVE-WAITING-ON-SURFACE-FS | TODO | Due 2025-11-22 · Accountable: Zastava Observer/Webhook Guilds · Surface Guild | Zastava Observer/Webhook Guilds · Surface Guild | Waiting on Surface.FS cache drop plan + Surface.Env helper ownership. <br><br> Document artefact/deliverable for 140.D Zastava wave and publish location so downstream tasks can proceed. |
| P2 | PREP-SBOM-SERVICE-GUILD-CARTOGRAPHER-GUILD-OB | TODO | Due 2025-11-22 · Accountable: Projection schema frozen but fixtures and AirGap review are overdue; SBOM-SERVICE-21-001..004 cannot start until fixtures drop. | Projection schema frozen but fixtures and AirGap review are overdue; SBOM-SERVICE-21-001..004 cannot start until fixtures drop. | BLOCKED. <br><br> Document artefact/deliverable for SBOM Service Guild · Cartographer Guild · Observability Guild, Zastava Observer/Webhook Guilds · Security Guild and publish location so downstream tasks can proceed. |
| P1 | PREP-140-D-ZASTAVA-WAVE-WAITING-ON-SURFACE-FS | DONE (2025-11-20) | Due 2025-11-22 · Accountable: Zastava Observer/Webhook Guilds · Surface Guild | Zastava Observer/Webhook Guilds · Surface Guild | Prep artefact published at `docs/modules/zastava/prep/2025-11-20-surface-fs-env-prep.md` (cache drop cadence, env helper ownership, DSSE requirements). |
| P2 | PREP-SBOM-SERVICE-GUILD-CARTOGRAPHER-GUILD-OB | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Projection schema frozen but fixtures and AirGap review are overdue; SBOM-SERVICE-21-001..004 cannot start until fixtures drop. | Projection schema frozen but fixtures and AirGap review are overdue; SBOM-SERVICE-21-001..004 cannot start until fixtures drop. | BLOCKED. <br><br> Document artefact/deliverable for SBOM Service Guild · Cartographer Guild · Observability Guild, Zastava Observer/Webhook Guilds · Security Guild and publish location so downstream tasks can proceed. |
| 1 | 140.A Graph wave | BLOCKED (2025-11-19) | Await real scanner cache ETA; working off mock bundle only. | Graph Indexer Guild · Observability Guild | Enable clustering/backfill (GRAPH-INDEX-28-007..010) against mock bundle; revalidate once real cache lands. |
| 2 | 140.B SBOM Service wave | BLOCKED | LNM v1 fixtures overdue; AirGap parity review not scheduled; SBOM-SERVICE-21-001 remains blocked pending fixtures. | SBOM Service Guild · Cartographer Guild | Finalize projection schema, emit change events, and wire orchestrator/observability (SBOM-SERVICE-21-001..004, SBOM-AIAI-31-001/002). |
| 3 | 140.C Signals wave | BLOCKED (2025-11-20) | CAS promotion + signed manifests + provenance appendix pending; SIGNALS-24-002/003 blocked upstream. TRACTORS: see `docs/signals/cas-promotion-24-002.md` and `docs/signals/provenance-24-003.md`. | Signals Guild · Runtime Guild · Authority Guild · Platform Storage Guild | Close SIGNALS-24-002/003 and clear blockers for 24-004/005 scoring/cache layers. |
@@ -34,8 +34,11 @@
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Completed PREP-140-D-ZASTAVA-WAVE-WAITING-ON-SURFACE-FS: published cache/env helper prep at `docs/modules/zastava/prep/2025-11-20-surface-fs-env-prep.md`; status set to DONE. | Implementer |
| 2025-11-20 | Marked SIGNALS-24-002/003 as BLOCKED pending Platform Storage + provenance approvals; linked CAS/provenance checklists in blockers. | Implementer |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-20 | Started PREP-SBOM-SERVICE-GUILD-CARTOGRAPHER-GUILD-OB (status → DOING) after confirming no prior DOING/DONE owners. | Planning |
| 2025-11-20 | Started PREP-140-D-ZASTAVA-WAVE-WAITING-ON-SURFACE-FS (status → DOING) after confirming no prior DOING/DONE owners. | Planning |
| 2025-11-18 | Marked SBOM wave BLOCKED pending overdue LNM fixtures and AirGap review scheduling; status mirrored to tasks-all/blocked-all. | Planning |
| 2025-11-18 | Added cache parity checklist (Graph) and CAS/provenance close-out checklist (Signals); mock bundle execution ongoing; fixed cross-sprint references to padded SPRINT IDs. | Planning |
| 2025-11-18 | Started Graph wave execution on scanner surface mock bundle v1; tracking cache ETA for parity validation. | Planning |

104
docs/implplan/SPRINT_0141_0001_0001_graph_indexer.md
View File

@@ -1,52 +1,52 @@
# Sprint 0141 · Graph Indexer (Runtime & Signals 140.A)
## Topic & Scope
- Stand up graph clustering and centrality background jobs plus incremental/backfill pipelines for runtime & signals ingestion.
- Deliver deterministic tests/fixtures and packaging for offline-first deployments with backlog and observability metrics.
- Use scanner surface mock bundle v1 until real caches arrive.
- **Working directory:** `src/Graph/StellaOps.Graph.Indexer`.
## Dependencies & Concurrency
- Upstream: Sprint 120.A · AirGap (offline feeds) and Sprint 130.A · Scanner (surface/mock bundle availability).
- Pre-req task GRAPH-INDEX-28-006 (baseline overlays) must land before 28-007 clustering; track as inbound dependency.
- Coordinate with Observability Guild for metrics pipeline; parallel execution otherwise safe once mock bundle is fixed.
## Documentation Prerequisites
- docs/modules/graph/README.md
- docs/modules/graph/architecture.md
- docs/modules/graph/implementation_plan.md
- docs/modules/platform/architecture-overview.md
- docs/07_HIGH_LEVEL_ARCHITECTURE.md
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P0 | PREP-GRAPH-INDEX-28-006-OVERLAYS | BLOCKED | Due 2025-11-22 · Accountable: Graph Indexer Guild · Observability Guild | Graph Indexer Guild · Observability Guild | Deliver baseline overlays + schedule config design for GRAPH-INDEX-28-006; publish mock bundle + config docs so 28-007 can start. |
| P1 | PREP-GRAPH-INDEX-28-008-UNBLOCK-AFTER-28-007 | BLOCKED | Due 2025-11-22 · Accountable: Graph Indexer Guild | Graph Indexer Guild | Unblock after 28-007; confirm change streams + retry/backoff settings. <br><br> Document artefact/deliverable for GRAPH-INDEX-28-008 and publish location so downstream tasks can proceed. |
| P2 | PREP-GRAPH-INDEX-28-009-DOWNSTREAM-OF-28-008 | BLOCKED | Due 2025-11-22 · Accountable: Graph Indexer Guild · QA Guild | Graph Indexer Guild · QA Guild | Downstream of 28-008 data paths. <br><br> Document artefact/deliverable for GRAPH-INDEX-28-009 and publish location so downstream tasks can proceed. |
| P3 | PREP-GRAPH-INDEX-28-010-NEEDS-OUTPUTS-FROM-28 | BLOCKED | Due 2025-11-22 · Accountable: Graph Indexer Guild · DevOps Guild | Graph Indexer Guild · DevOps Guild | Needs outputs from 28-009; align with Offline Kit owners. <br><br> Document artefact/deliverable for GRAPH-INDEX-28-010 and publish location so downstream tasks can proceed. |
| 1 | GRAPH-INDEX-28-007 | BLOCKED | PREP-GRAPH-INDEX-28-006-OVERLAYS | Graph Indexer Guild · Observability Guild | Implement clustering/centrality background jobs (Louvain/degree/betweenness approximations) with configurable schedules; persist cluster ids on nodes; expose metrics. |
| 2 | GRAPH-INDEX-28-008 | BLOCKED | PREP-GRAPH-INDEX-28-008-UNBLOCK-AFTER-28-007 | Graph Indexer Guild | Provide incremental update & backfill pipeline with change streams, retry/backoff, idempotent ops, backlog metrics. |
| 3 | GRAPH-INDEX-28-009 | BLOCKED | PREP-GRAPH-INDEX-28-009-DOWNSTREAM-OF-28-008 | Graph Indexer Guild · QA Guild | Add unit/property/integration tests, synthetic large-graph fixtures, chaos tests (missing overlays, cycles), determinism checks across runs. |
| 4 | GRAPH-INDEX-28-010 | BLOCKED | PREP-GRAPH-INDEX-28-010-NEEDS-OUTPUTS-FROM-28 | Graph Indexer Guild · DevOps Guild | Package deployment artefacts (Helm/Compose), offline seed bundles, configuration docs; integrate Offline Kit. |
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-19 | Added PREP-GRAPH-INDEX-28-006-OVERLAYS and normalized PREP IDs for 28-008/009 so dependency graph is concrete. | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-19 | Marked PREP tasks P0P3 BLOCKED; overlays/mock bundle and change-stream/backfill configs are still missing, so GRAPH-INDEX-28-007..010 stay gated. | Project Mgmt |
| 2025-11-17 | Marked tasks 28-007 through 28-010 as BLOCKED pending upstream 28-006 overlays and scanner cache availability. | Planning |
| 2025-11-17 | Normalised sprint to standard template; renamed from SPRINT_141_graph.md; scope unchanged. | Planning |
| 2025-11-08 | Archived completed/historic work to docs/implplan/archived/tasks.md. | Planning |
## Decisions & Risks
- Operating on scanner surface mock bundle v1 until real caches arrive; reassess when Sprint 130.A delivers caches.
- All tasks currently blocked until GRAPH-INDEX-28-006 overlays land; confirm delivery date and update schedule config accordingly.
- Determinism risk for clustering approximations; require repeat-run variance checks in 28-009.
- Ensure offline seed bundles stay in sync with AirGap feeds from Sprint 120.A.
## Next Checkpoints
- 2025-11-19 · Confirm availability/timeline for scanner surface caches. Owner: Graph Indexer Guild.
- 2025-11-21 · Dependency check on GRAPH-INDEX-28-006 readiness with Observability Guild.
- 2025-11-26 · Packaging/Offline Kit alignment checkpoint with DevOps Guild after 28-009 test results.
# Sprint 0141 · Graph Indexer (Runtime & Signals 140.A)
## Topic & Scope
- Stand up graph clustering and centrality background jobs plus incremental/backfill pipelines for runtime & signals ingestion.
- Deliver deterministic tests/fixtures and packaging for offline-first deployments with backlog and observability metrics.
- Use scanner surface mock bundle v1 until real caches arrive.
- **Working directory:** `src/Graph/StellaOps.Graph.Indexer`.
## Dependencies & Concurrency
- Upstream: Sprint 120.A · AirGap (offline feeds) and Sprint 130.A · Scanner (surface/mock bundle availability).
- Pre-req task GRAPH-INDEX-28-006 (baseline overlays) must land before 28-007 clustering; track as inbound dependency.
- Coordinate with Observability Guild for metrics pipeline; parallel execution otherwise safe once mock bundle is fixed.
## Documentation Prerequisites
- docs/modules/graph/README.md
- docs/modules/graph/architecture.md
- docs/modules/graph/implementation_plan.md
- docs/modules/platform/architecture-overview.md
- docs/07_HIGH_LEVEL_ARCHITECTURE.md
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P0 | PREP-GRAPH-INDEX-28-006-OVERLAYS | BLOCKED | Due 2025-11-22 · Accountable: Graph Indexer Guild · Observability Guild | Graph Indexer Guild · Observability Guild | Deliver baseline overlays + schedule config design for GRAPH-INDEX-28-006; publish mock bundle + config docs so 28-007 can start. |
| P1 | PREP-GRAPH-INDEX-28-008-UNBLOCK-AFTER-28-007 | BLOCKED | Due 2025-11-22 · Accountable: Graph Indexer Guild | Graph Indexer Guild | Unblock after 28-007; confirm change streams + retry/backoff settings. <br><br> Document artefact/deliverable for GRAPH-INDEX-28-008 and publish location so downstream tasks can proceed. |
| P2 | PREP-GRAPH-INDEX-28-009-DOWNSTREAM-OF-28-008 | BLOCKED | Due 2025-11-22 · Accountable: Graph Indexer Guild · QA Guild | Graph Indexer Guild · QA Guild | Downstream of 28-008 data paths. <br><br> Document artefact/deliverable for GRAPH-INDEX-28-009 and publish location so downstream tasks can proceed. |
| P3 | PREP-GRAPH-INDEX-28-010-NEEDS-OUTPUTS-FROM-28 | BLOCKED | Due 2025-11-22 · Accountable: Graph Indexer Guild · DevOps Guild | Graph Indexer Guild · DevOps Guild | Needs outputs from 28-009; align with Offline Kit owners. <br><br> Document artefact/deliverable for GRAPH-INDEX-28-010 and publish location so downstream tasks can proceed. |
| 1 | GRAPH-INDEX-28-007 | BLOCKED | PREP-GRAPH-INDEX-28-006-OVERLAYS | Graph Indexer Guild · Observability Guild | Implement clustering/centrality background jobs (Louvain/degree/betweenness approximations) with configurable schedules; persist cluster ids on nodes; expose metrics. |
| 2 | GRAPH-INDEX-28-008 | BLOCKED | PREP-GRAPH-INDEX-28-008-UNBLOCK-AFTER-28-007 | Graph Indexer Guild | Provide incremental update & backfill pipeline with change streams, retry/backoff, idempotent ops, backlog metrics. |
| 3 | GRAPH-INDEX-28-009 | BLOCKED | PREP-GRAPH-INDEX-28-009-DOWNSTREAM-OF-28-008 | Graph Indexer Guild · QA Guild | Add unit/property/integration tests, synthetic large-graph fixtures, chaos tests (missing overlays, cycles), determinism checks across runs. |
| 4 | GRAPH-INDEX-28-010 | BLOCKED | PREP-GRAPH-INDEX-28-010-NEEDS-OUTPUTS-FROM-28 | Graph Indexer Guild · DevOps Guild | Package deployment artefacts (Helm/Compose), offline seed bundles, configuration docs; integrate Offline Kit. |
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-19 | Added PREP-GRAPH-INDEX-28-006-OVERLAYS and normalized PREP IDs for 28-008/009 so dependency graph is concrete. | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-19 | Marked PREP tasks P0P3 BLOCKED; overlays/mock bundle and change-stream/backfill configs are still missing, so GRAPH-INDEX-28-007..010 stay gated. | Project Mgmt |
| 2025-11-17 | Marked tasks 28-007 through 28-010 as BLOCKED pending upstream 28-006 overlays and scanner cache availability. | Planning |
| 2025-11-17 | Normalised sprint to standard template; renamed from SPRINT_141_graph.md; scope unchanged. | Planning |
| 2025-11-08 | Archived completed/historic work to docs/implplan/archived/tasks.md. | Planning |
## Decisions & Risks
- Operating on scanner surface mock bundle v1 until real caches arrive; reassess when Sprint 130.A delivers caches.
- All tasks currently blocked until GRAPH-INDEX-28-006 overlays land; confirm delivery date and update schedule config accordingly.
- Determinism risk for clustering approximations; require repeat-run variance checks in 28-009.
- Ensure offline seed bundles stay in sync with AirGap feeds from Sprint 120.A.
## Next Checkpoints
- 2025-11-19 · Confirm availability/timeline for scanner surface caches. Owner: Graph Indexer Guild.
- 2025-11-21 · Dependency check on GRAPH-INDEX-28-006 readiness with Observability Guild.
- 2025-11-26 · Packaging/Offline Kit alignment checkpoint with DevOps Guild after 28-009 test results.

27
docs/implplan/SPRINT_0151_0001_0001_orchestrator_i.md
View File

@@ -26,14 +26,21 @@
| P5 | PREP-ORCH-OAS-61-001-ORCHESTRATOR-TELEMETRY-C | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Orchestrator Service Guild · API Contracts Guild | Orchestrator Service Guild · API Contracts Guild | Orchestrator telemetry/contract inputs not available; wait for 150.A readiness. <br><br> Document artefact/deliverable for ORCH-OAS-61-001 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/orchestrator/prep/2025-11-20-oas-61-001-prep.md`. |
| P6 | PREP-ORCH-OAS-61-002-DEPENDS-ON-61-001 | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Orchestrator Service Guild | Orchestrator Service Guild | Depends on 61-001. <br><br> Document artefact/deliverable for ORCH-OAS-61-002 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/orchestrator/prep/2025-11-20-oas-61-001-prep.md`. |
| P7 | PREP-ORCH-OAS-62-001-DEPENDS-ON-61-002 | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Orchestrator Service Guild · SDK Generator Guild | Orchestrator Service Guild · SDK Generator Guild | Depends on 61-002. <br><br> Document artefact/deliverable for ORCH-OAS-62-001 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/orchestrator/prep/2025-11-20-oas-61-001-prep.md`. |
| P8 | PREP-ORCH-OAS-63-001-DEPENDS-ON-62-001 | TODO | Due 2025-11-23 · Accountable: Orchestrator Service Guild · API Governance Guild | Orchestrator Service Guild · API Governance Guild | Depends on 62-001. <br><br> Document artefact/deliverable for ORCH-OAS-63-001 and publish location so downstream tasks can proceed. |
| P9 | PREP-ORCH-OBS-50-001-TELEMETRY-CORE-SPRINT-01 | TODO | Due 2025-11-23 · Accountable: Orchestrator Service Guild · Observability Guild | Orchestrator Service Guild · Observability Guild | Telemetry Core (Sprint 0174) not yet available for orchestrator host. <br><br> Document artefact/deliverable for ORCH-OBS-50-001 and publish location so downstream tasks can proceed. |
| P10 | PREP-ORCH-OBS-51-001-DEPENDS-ON-50-001-TELEME | TODO | Due 2025-11-23 · Accountable: Orchestrator Service Guild · DevOps Guild | Orchestrator Service Guild · DevOps Guild | Depends on 50-001 + Telemetry schema. <br><br> Document artefact/deliverable for ORCH-OBS-51-001 and publish location so downstream tasks can proceed. |
| P11 | PREP-ORCH-OBS-52-001-DEPENDS-ON-51-001-REQUIR | TODO | Due 2025-11-23 · Accountable: Orchestrator Service Guild | Orchestrator Service Guild | Depends on 51-001; requires event schema from Sprint 0150.A. <br><br> Document artefact/deliverable for ORCH-OBS-52-001 and publish location so downstream tasks can proceed. |
| P12 | PREP-ORCH-OBS-53-001-DEPENDS-ON-52-001-EVIDEN | TODO | Due 2025-11-23 · Accountable: Orchestrator Service Guild · Evidence Locker Guild | Orchestrator Service Guild · Evidence Locker Guild | Depends on 52-001; Evidence Locker capsule inputs not frozen. <br><br> Document artefact/deliverable for ORCH-OBS-53-001 and publish location so downstream tasks can proceed. |
| P13 | PREP-ORCH-OBS-54-001-DEPENDS-ON-53-001 | TODO | Due 2025-11-23 · Accountable: Orchestrator Service Guild · Provenance Guild | Orchestrator Service Guild · Provenance Guild | Depends on 53-001. <br><br> Document artefact/deliverable for ORCH-OBS-54-001 and publish location so downstream tasks can proceed. |
| P14 | PREP-ORCH-OBS-55-001-DEPENDS-ON-54-001-INCIDE | TODO | Due 2025-11-23 · Accountable: Orchestrator Service Guild · DevOps Guild | Orchestrator Service Guild · DevOps Guild | Depends on 54-001; incident contract absent. <br><br> Document artefact/deliverable for ORCH-OBS-55-001 and publish location so downstream tasks can proceed. |
| P15 | PREP-ORCH-SVC-32-001-UPSTREAM-READINESS-AIRGA | TODO | Due 2025-11-23 · Accountable: Orchestrator Service Guild | Orchestrator Service Guild | Upstream readiness (AirGap/Scanner/Graph) not confirmed; postpone bootstrap. <br><br> Document artefact/deliverable for ORCH-SVC-32-001 and publish location so downstream tasks can proceed. |
| P8 | PREP-ORCH-OAS-63-001-DEPENDS-ON-62-001 | DONE (2025-11-20) | Prep doc at `docs/modules/orchestrator/prep/2025-11-20-oas-63-001-prep.md`; waiting for 61/62 freeze before implementation. | Orchestrator Service Guild · API Governance Guild | Depends on 62-001. <br><br> Document artefact/deliverable for ORCH-OAS-63-001 and publish location so downstream tasks can proceed. |
| P9 | PREP-ORCH-OBS-50-001-TELEMETRY-CORE-SPRINT-01 | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Orchestrator Service Guild · Observability Guild | Orchestrator Service Guild · Observability Guild | Telemetry Core (Sprint 0174) not yet available for orchestrator host. <br><br> Document artefact/deliverable for ORCH-OBS-50-001 and publish location so downstream tasks can proceed. |
| 2025-11-20 | Started PREP-ORCH-OBS-50-001 (status → DOING) after confirming no prior DOING/DONE owners. | Planning |
| P10 | PREP-ORCH-OBS-51-001-DEPENDS-ON-50-001-TELEME | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Orchestrator Service Guild · DevOps Guild | Orchestrator Service Guild · DevOps Guild | Depends on 50-001 + Telemetry schema. <br><br> Document artefact/deliverable for ORCH-OBS-51-001 and publish location so downstream tasks can proceed. |
| 2025-11-20 | Started PREP-ORCH-OBS-51-001 (status → DOING) after confirming no existing DOING/DONE owners. | Planning |
| P11 | PREP-ORCH-OBS-52-001-DEPENDS-ON-51-001-REQUIR | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Orchestrator Service Guild | Orchestrator Service Guild | Depends on 51-001; requires event schema from Sprint 0150.A. <br><br> Document artefact/deliverable for ORCH-OBS-52-001 and publish location so downstream tasks can proceed. |
| 2025-11-20 | Started PREP-ORCH-OBS-52-001 (status → DOING) after confirming no existing DOING/DONE owners. | Planning |
| P12 | PREP-ORCH-OBS-53-001-DEPENDS-ON-52-001-EVIDEN | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Orchestrator Service Guild · Evidence Locker Guild | Orchestrator Service Guild · Evidence Locker Guild | Depends on 52-001; Evidence Locker capsule inputs not frozen. <br><br> Document artefact/deliverable for ORCH-OBS-53-001 and publish location so downstream tasks can proceed. |
| 2025-11-20 | Started PREP-ORCH-OBS-53-001 (status → DOING) after confirming no existing DOING/DONE owners. | Planning |
| P13 | PREP-ORCH-OBS-54-001-DEPENDS-ON-53-001 | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Orchestrator Service Guild · Provenance Guild | Orchestrator Service Guild · Provenance Guild | Depends on 53-001. <br><br> Document artefact/deliverable for ORCH-OBS-54-001 and publish location so downstream tasks can proceed. |
| 2025-11-20 | Started PREP-ORCH-OBS-54-001 (status → DOING) after confirming no existing DOING/DONE owners. | Planning |
| P14 | PREP-ORCH-OBS-55-001-DEPENDS-ON-54-001-INCIDE | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Orchestrator Service Guild · DevOps Guild | Orchestrator Service Guild · DevOps Guild | Depends on 54-001; incident contract absent. <br><br> Document artefact/deliverable for ORCH-OBS-55-001 and publish location so downstream tasks can proceed. |
| 2025-11-20 | Started PREP-ORCH-OBS-55-001 (status → DOING) after confirming no existing DOING/DONE owners. | Planning |
| P15 | PREP-ORCH-SVC-32-001-UPSTREAM-READINESS-AIRGA | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Orchestrator Service Guild | Orchestrator Service Guild | Upstream readiness (AirGap/Scanner/Graph) not confirmed; postpone bootstrap. <br><br> Document artefact/deliverable for ORCH-SVC-32-001 and publish location so downstream tasks can proceed. |
| 2025-11-20 | Started PREP-ORCH-SVC-32-001 (status → DOING) after confirming no existing DOING/DONE owners. | Planning |
| 1 | ORCH-AIRGAP-56-001 | BLOCKED (2025-11-19) | PREP-ORCH-AIRGAP-56-001-AWAIT-SPRINT-0120-A-A | Orchestrator Service Guild · AirGap Policy Guild | Enforce job descriptors to declare network intents; flag/reject external endpoints in sealed mode. |
| 2 | ORCH-AIRGAP-56-002 | BLOCKED (2025-11-19) | PREP-ORCH-AIRGAP-56-002-UPSTREAM-56-001-BLOCK | Orchestrator Service Guild · AirGap Controller Guild | Surface sealing status and staleness in scheduling decisions; block runs when budgets exceeded. |
| 3 | ORCH-AIRGAP-57-001 | BLOCKED (2025-11-19) | PREP-ORCH-AIRGAP-57-001-UPSTREAM-56-002-BLOCK | Orchestrator Service Guild · Mirror Creator Guild | Add job type `mirror.bundle` with audit + provenance outputs. |
@@ -41,7 +48,7 @@
| 5 | ORCH-OAS-61-001 | BLOCKED (2025-11-19) | PREP-ORCH-OAS-61-001-ORCHESTRATOR-TELEMETRY-C | Orchestrator Service Guild · API Contracts Guild | Document orchestrator endpoints in per-service OAS with pagination/idempotency/error envelope examples. |
| 6 | ORCH-OAS-61-002 | BLOCKED (2025-11-19) | PREP-ORCH-OAS-61-002-DEPENDS-ON-61-001 | Orchestrator Service Guild | Implement `GET /.well-known/openapi`; align version metadata with runtime build. |
| 7 | ORCH-OAS-62-001 | BLOCKED (2025-11-19) | PREP-ORCH-OAS-62-001-DEPENDS-ON-61-002 | Orchestrator Service Guild · SDK Generator Guild | Ensure SDK paginators/operations support job APIs; add SDK smoke tests for schedule/retry. |
| 8 | ORCH-OAS-63-001 | BLOCKED (2025-11-19) | PREP-ORCH-OAS-63-001-DEPENDS-ON-62-001 | Orchestrator Service Guild · API Governance Guild | Emit deprecation headers/doc for legacy endpoints; update notifications metadata. |
| 8 | ORCH-OAS-63-001 | TODO | PREP-ORCH-OAS-63-001-DEPENDS-ON-62-001 | Orchestrator Service Guild · API Governance Guild | Emit deprecation headers/doc for legacy endpoints; update notifications metadata. |
| 9 | ORCH-OBS-50-001 | BLOCKED (2025-11-19) | PREP-ORCH-OBS-50-001-TELEMETRY-CORE-SPRINT-01 | Orchestrator Service Guild · Observability Guild | Wire `StellaOps.Telemetry.Core` into orchestrator host; instrument schedulers/control APIs with spans/logs/metrics. |
| 10 | ORCH-OBS-51-001 | BLOCKED (2025-11-19) | PREP-ORCH-OBS-51-001-DEPENDS-ON-50-001-TELEME | Orchestrator Service Guild · DevOps Guild | Publish golden-signal metrics and SLOs; emit burn-rate alerts; provide Grafana dashboards + alert rules. |
| 11 | ORCH-OBS-52-001 | BLOCKED (2025-11-19) | PREP-ORCH-OBS-52-001-DEPENDS-ON-51-001-REQUIR | Orchestrator Service Guild | Emit `timeline_event` lifecycle objects with trace IDs/run IDs/tenant/project; add contract tests and Kafka/NATS emitter with retries. |
@@ -54,6 +61,8 @@
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Published prep docs for ORCH AirGap 56/57/58 and OAS 61/62; set P1P7 to DOING after confirming unowned. | Project Mgmt |
| 2025-11-20 | Started PREP-ORCH-OAS-63-001 (status → DOING) after confirming no existing DOING/DONE owners. | Planning |
| 2025-11-20 | Published prep doc for PREP-ORCH-OAS-63-001 (`docs/modules/orchestrator/prep/2025-11-20-oas-63-001-prep.md`) and marked P8 DONE; awaits OAS 61/62 freeze before implementation. | Implementer |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-18 | Normalised sprint doc to standard template; renamed from `SPRINT_151_orchestrator_i.md`. | Planning |
| 2025-11-19 | Set all tasks to BLOCKED pending upstream readiness (AirGap/Scanner/Graph), Telemetry Core availability, and Orchestrator event schema; no executable work until contracts land. | Implementer |

9
docs/implplan/SPRINT_0153_0001_0003_orchestrator_iii.md
View File

@@ -19,9 +19,12 @@
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-ORCH-SVC-41-101-DEPENDS-ON-38-101-ENVELO | TODO | Due 2025-11-23 · Accountable: Orchestrator Service Guild | Orchestrator Service Guild | Depends on 38-101 envelope + DAL; cannot register pack-run without API/storage schema. <br><br> Document artefact/deliverable for ORCH-SVC-41-101 and publish location so downstream tasks can proceed. |
| P2 | PREP-ORCH-SVC-42-101-DEPENDS-ON-41-101-PACK-R | TODO | Due 2025-11-23 · Accountable: Orchestrator Service Guild | Orchestrator Service Guild | Depends on 41-101 pack-run plumbing and streaming contract. <br><br> Document artefact/deliverable for ORCH-SVC-42-101 and publish location so downstream tasks can proceed. |
| P3 | PREP-ORCH-TEN-48-001-WEBSERVICE-LACKS-JOB-DAL | TODO | Due 2025-11-23 · Accountable: Orchestrator Service Guild | Orchestrator Service Guild | WebService lacks job DAL/routes; need tenant context plumbing before enforcement. <br><br> Document artefact/deliverable for ORCH-TEN-48-001 and publish location so downstream tasks can proceed. |
| P1 | PREP-ORCH-SVC-41-101-DEPENDS-ON-38-101-ENVELO | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Orchestrator Service Guild | Orchestrator Service Guild | Depends on 38-101 envelope + DAL; cannot register pack-run without API/storage schema. <br><br> Document artefact/deliverable for ORCH-SVC-41-101 and publish location so downstream tasks can proceed. |
| 2025-11-20 | Started PREP-ORCH-SVC-41-101 (status → DOING) after confirming no existing DOING/DONE owners. | Planning |
| P2 | PREP-ORCH-SVC-42-101-DEPENDS-ON-41-101-PACK-R | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Orchestrator Service Guild | Orchestrator Service Guild | Depends on 41-101 pack-run plumbing and streaming contract. <br><br> Document artefact/deliverable for ORCH-SVC-42-101 and publish location so downstream tasks can proceed. |
| 2025-11-20 | Started PREP-ORCH-SVC-42-101 (status → DOING) after confirming no existing DOING/DONE owners. | Planning |
| P3 | PREP-ORCH-TEN-48-001-WEBSERVICE-LACKS-JOB-DAL | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Orchestrator Service Guild | Orchestrator Service Guild | WebService lacks job DAL/routes; need tenant context plumbing before enforcement. <br><br> Document artefact/deliverable for ORCH-TEN-48-001 and publish location so downstream tasks can proceed. |
| 2025-11-20 | Started PREP-ORCH-TEN-48-001 (status → DOING) after confirming no existing DOING/DONE owners. | Planning |
| 1 | ORCH-SVC-38-101 | BLOCKED | Waiting on ORCH-SVC-37-101 envelope field/semantics approval; webservice DAL still missing. | Orchestrator Service Guild | Standardize event envelope (policy/export/job lifecycle) with idempotency keys, ensure export/job failure events published to notifier bus with provenance metadata. |
| 2 | ORCH-SVC-41-101 | BLOCKED | PREP-ORCH-SVC-41-101-DEPENDS-ON-38-101-ENVELO | Orchestrator Service Guild | Register `pack-run` job type, persist run metadata, integrate logs/artifacts collection, and expose API for Task Runner scheduling. |
| 3 | ORCH-SVC-42-101 | BLOCKED | PREP-ORCH-SVC-42-101-DEPENDS-ON-41-101-PACK-R | Orchestrator Service Guild | Stream pack run logs via SSE/WS, add manifest endpoints, enforce quotas, and emit pack run events to Notifications Studio. |

100
docs/implplan/SPRINT_0156_0001_0002_scheduler_ii.md
View File

@@ -1,50 +1,50 @@
# Sprint 0156 · Scheduling & Automation (Scheduler II)
## Topic & Scope
- Phase II for Scheduler workers: staleness monitoring, batch simulations, resolver/evaluation orchestration, and console streaming.
- Continues after Scheduler I (0155); focuses on worker pipelines and reachability/resolver coherence.
- Blocked until module working-directory AGENTS charter exists for `src/Scheduler`.
- **Working directory:** src/Scheduler
## Dependencies & Concurrency
- Depends on Sprint 0155 (Scheduler I) completion and prior reachability worker (SCHED-WORKER-26-201).
- Concurrency: share worker code paths with Scheduler I; avoid overlapping migrations until unblocked.
## Documentation Prerequisites
- docs/modules/scheduler/README.md
- docs/modules/scheduler/architecture.md
- docs/modules/scheduler/implementation_plan.md
- docs/modules/platform/architecture-overview.md
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-SCHED-WORKER-CONSOLE-23-201-BLOCKED-BY-U | BLOCKED | Due 2025-11-23 · Accountable: Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | Blocked by upstream stream schema design; depends on prior resolver/eval pipeline readiness. <br><br> Document artefact/deliverable for SCHED-WORKER-CONSOLE-23-201 and publish location so downstream tasks can proceed. |
| 0 | AGENTS-SCHEDULER-UPDATE | DONE | `src/Scheduler/AGENTS.md` created and published. | Project Manager · Architecture Guild | Create working-directory charter defining roles, prerequisites, determinism/testing rules, and allowed shared libs. |
| 1 | SCHED-WORKER-26-202 | BLOCKED | Blocked by SCHED-WORKER-26-201 (reachability joiner not delivered yet). | Scheduler Worker Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | Implement staleness monitor + notifier for outdated reachability facts, publishing warnings and updating dashboards. |
| 2 | SCHED-WORKER-27-301 | BLOCKED | Blocked by SCHED-WORKER-26-202. | Scheduler Worker Guild, Policy Registry Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | Implement policy batch simulation worker: shard SBOM inventories, invoke Policy Engine, emit partial results, handle retries/backoff, and publish progress events. |
| 3 | SCHED-WORKER-27-302 | BLOCKED | Blocked by SCHED-WORKER-27-301. | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | Build reducer job aggregating shard outputs into final manifests (counts, deltas, samples) and writing to object storage with checksums; emit completion events. |
| 4 | SCHED-WORKER-27-303 | BLOCKED | Blocked by SCHED-WORKER-27-302. | Scheduler Worker Guild, Security Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | Enforce tenant isolation, scope checks, and attestation integration for simulation jobs; secret scanning pipeline for uploaded policy sources. |
| 5 | SCHED-WORKER-29-001 | BLOCKED | Blocked by SCHED-WORKER-27-303. | Scheduler Worker Guild, Findings Ledger Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | Implement resolver worker generating candidate findings from inventory + advisory evidence, respecting ecosystem version semantics and path scope; emit jobs for policy evaluation. |
| 6 | SCHED-WORKER-29-002 | BLOCKED | Blocked by SCHED-WORKER-29-001. | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | Build evaluation orchestration worker invoking Policy Engine batch eval, writing results to Findings Ledger projector queue, and handling retries/backoff. |
| 7 | SCHED-WORKER-29-003 | BLOCKED | Blocked by SCHED-WORKER-29-002. | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | Add monitoring for resolver/evaluation backlog, SLA breaches, and export job queue; expose metrics/alerts feeding DevOps dashboards. |
| 8 | SCHED-WORKER-CONSOLE-23-201 | BLOCKED | PREP-SCHED-WORKER-CONSOLE-23-201-BLOCKED-BY-U | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | Stream run progress events (stage status, tuples processed, SLA hints) to Redis/NATS for Console SSE, with heartbeat, dedupe, and retention policy. Publish metrics + structured logs for queue lag. |
| 9 | SCHED-WORKER-CONSOLE-23-202 | BLOCKED | SCHED-WORKER-CONSOLE-23-201. | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | Coordinate evidence bundle jobs (enqueue, track status, cleanup) and expose job manifests to Web gateway; ensure idempotent reruns and cancellation support. |
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-19 | Clarified dependency for SCHED-WORKER-CONSOLE-23-202 to point at SCHED-WORKER-CONSOLE-23-201. | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-19 | Marked PREP-SCHED-WORKER-CONSOLE-23-201 BLOCKED because upstream stream schema and resolver/eval pipeline contracts are still absent, keeping CONSOLE-23-201/202 gated. | Project Mgmt |
| 2025-11-17 | Normalised sprint, renamed to `SPRINT_0156_0001_0002_scheduler_ii`, and marked tasks BLOCKED pending `src/Scheduler/AGENTS.md`. | Scheduler Worker Guild |
| 2025-11-17 | Created `src/Scheduler/AGENTS.md`; unblocked tasks and reset to TODO respecting dependencies. | Scheduler Worker Guild |
| 2025-11-18 | Marked all tasks BLOCKED awaiting upstream reachability worker (SCHED-WORKER-26-201) and subsequent contract handoffs (Policy activation events, stream schema). | Scheduler Worker Guild |
## Decisions & Risks
- Module-level AGENTS charter now present at `src/Scheduler/AGENTS.md`.
- GraphJobs accessibility issue (`IGraphJobStore.UpdateAsync`) may block validation once work begins.
- All Scheduler II tasks blocked until reachability joiner (SCHED-WORKER-26-201) and Policy activation event/stream schemas land; no implementation work can proceed yet.
## Next Checkpoints
- None scheduled; add once AGENTS charter is published and blocking issues cleared.
# Sprint 0156 · Scheduling & Automation (Scheduler II)
## Topic & Scope
- Phase II for Scheduler workers: staleness monitoring, batch simulations, resolver/evaluation orchestration, and console streaming.
- Continues after Scheduler I (0155); focuses on worker pipelines and reachability/resolver coherence.
- Blocked until module working-directory AGENTS charter exists for `src/Scheduler`.
- **Working directory:** src/Scheduler
## Dependencies & Concurrency
- Depends on Sprint 0155 (Scheduler I) completion and prior reachability worker (SCHED-WORKER-26-201).
- Concurrency: share worker code paths with Scheduler I; avoid overlapping migrations until unblocked.
## Documentation Prerequisites
- docs/modules/scheduler/README.md
- docs/modules/scheduler/architecture.md
- docs/modules/scheduler/implementation_plan.md
- docs/modules/platform/architecture-overview.md
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-SCHED-WORKER-CONSOLE-23-201-BLOCKED-BY-U | BLOCKED | Due 2025-11-23 · Accountable: Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | Blocked by upstream stream schema design; depends on prior resolver/eval pipeline readiness. <br><br> Document artefact/deliverable for SCHED-WORKER-CONSOLE-23-201 and publish location so downstream tasks can proceed. |
| 0 | AGENTS-SCHEDULER-UPDATE | DONE | `src/Scheduler/AGENTS.md` created and published. | Project Manager · Architecture Guild | Create working-directory charter defining roles, prerequisites, determinism/testing rules, and allowed shared libs. |
| 1 | SCHED-WORKER-26-202 | BLOCKED | Blocked by SCHED-WORKER-26-201 (reachability joiner not delivered yet). | Scheduler Worker Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | Implement staleness monitor + notifier for outdated reachability facts, publishing warnings and updating dashboards. |
| 2 | SCHED-WORKER-27-301 | BLOCKED | Blocked by SCHED-WORKER-26-202. | Scheduler Worker Guild, Policy Registry Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | Implement policy batch simulation worker: shard SBOM inventories, invoke Policy Engine, emit partial results, handle retries/backoff, and publish progress events. |
| 3 | SCHED-WORKER-27-302 | BLOCKED | Blocked by SCHED-WORKER-27-301. | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | Build reducer job aggregating shard outputs into final manifests (counts, deltas, samples) and writing to object storage with checksums; emit completion events. |
| 4 | SCHED-WORKER-27-303 | BLOCKED | Blocked by SCHED-WORKER-27-302. | Scheduler Worker Guild, Security Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | Enforce tenant isolation, scope checks, and attestation integration for simulation jobs; secret scanning pipeline for uploaded policy sources. |
| 5 | SCHED-WORKER-29-001 | BLOCKED | Blocked by SCHED-WORKER-27-303. | Scheduler Worker Guild, Findings Ledger Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | Implement resolver worker generating candidate findings from inventory + advisory evidence, respecting ecosystem version semantics and path scope; emit jobs for policy evaluation. |
| 6 | SCHED-WORKER-29-002 | BLOCKED | Blocked by SCHED-WORKER-29-001. | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | Build evaluation orchestration worker invoking Policy Engine batch eval, writing results to Findings Ledger projector queue, and handling retries/backoff. |
| 7 | SCHED-WORKER-29-003 | BLOCKED | Blocked by SCHED-WORKER-29-002. | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | Add monitoring for resolver/evaluation backlog, SLA breaches, and export job queue; expose metrics/alerts feeding DevOps dashboards. |
| 8 | SCHED-WORKER-CONSOLE-23-201 | BLOCKED | PREP-SCHED-WORKER-CONSOLE-23-201-BLOCKED-BY-U | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | Stream run progress events (stage status, tuples processed, SLA hints) to Redis/NATS for Console SSE, with heartbeat, dedupe, and retention policy. Publish metrics + structured logs for queue lag. |
| 9 | SCHED-WORKER-CONSOLE-23-202 | BLOCKED | SCHED-WORKER-CONSOLE-23-201. | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | Coordinate evidence bundle jobs (enqueue, track status, cleanup) and expose job manifests to Web gateway; ensure idempotent reruns and cancellation support. |
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-19 | Clarified dependency for SCHED-WORKER-CONSOLE-23-202 to point at SCHED-WORKER-CONSOLE-23-201. | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-19 | Marked PREP-SCHED-WORKER-CONSOLE-23-201 BLOCKED because upstream stream schema and resolver/eval pipeline contracts are still absent, keeping CONSOLE-23-201/202 gated. | Project Mgmt |
| 2025-11-17 | Normalised sprint, renamed to `SPRINT_0156_0001_0002_scheduler_ii`, and marked tasks BLOCKED pending `src/Scheduler/AGENTS.md`. | Scheduler Worker Guild |
| 2025-11-17 | Created `src/Scheduler/AGENTS.md`; unblocked tasks and reset to TODO respecting dependencies. | Scheduler Worker Guild |
| 2025-11-18 | Marked all tasks BLOCKED awaiting upstream reachability worker (SCHED-WORKER-26-201) and subsequent contract handoffs (Policy activation events, stream schema). | Scheduler Worker Guild |
## Decisions & Risks
- Module-level AGENTS charter now present at `src/Scheduler/AGENTS.md`.
- GraphJobs accessibility issue (`IGraphJobStore.UpdateAsync`) may block validation once work begins.
- All Scheduler II tasks blocked until reachability joiner (SCHED-WORKER-26-201) and Policy activation event/stream schemas land; no implementation work can proceed yet.
## Next Checkpoints
- None scheduled; add once AGENTS charter is published and blocking issues cleared.

362
docs/implplan/SPRINT_0160_0001_0001_export_evidence.md
View File

@@ -1,183 +1,185 @@
# Sprint 0160_0001_0001 · Export & Evidence
## Topic & Scope
- Snapshot coordination for export & evidence tracks (EvidenceLocker, ExportCenter, TimelineIndexer); active backlog continues in Sprint 161+.
- Ensure bundle formats, crypto routing, and ingestion schemas freeze before downstream sprints move to DOING; completed work is archived in `docs/implplan/archived/tasks.md` (updated 2025-11-08).
- Working directory: `docs/implplan` (cross-module coordination spanning EvidenceLocker, ExportCenter, TimelineIndexer artefacts).
- Evidence of completion: refreshed coordination snapshot, normalized sprint structure, and links to module trackers.
## Dependencies & Concurrency
- Depends on AdvisoryAI evidence schema (Sprint 110.A), Orchestrator/Notifications envelopes (Sprint 150.A/140), and crypto-routing audit outcomes (2025-11-07) before DOING can start.
- Runs in parallel with module sprints 161/162/165; no code convergence expected here, but gating contracts must be frozen first.
- Interlocks & readiness signals are tracked in the table below; concurrency with other CC-decade sprints is safe once those signals turn green.
## Documentation Prerequisites
- `docs/modules/evidence-locker/architecture.md`, `docs/modules/evidence-locker/bundle-packaging.md`, `docs/modules/evidence-locker/incident-mode.md`
- `docs/modules/export-center/architecture.md`, `docs/modules/attestor/airgap.md`
- `docs/modules/timelineindexer/architecture.md` (if present) and Postgres/RLS runbooks
- `docs/security/crypto-routing-audit-2025-11-07.md`
- `docs/replay/DETERMINISTIC_REPLAY.md`, `docs/runbooks/replay_ops.md`
- `docs/events/orchestrator-scanner-events.md`
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-EVIDENCE-LOCKER-GUILD-SECURITY-GUILD-DOC | TODO | Due 2025-11-23 · Accountable: Waiting on AdvisoryAI schema + orchestrator ledger envelopes to freeze. | Waiting on AdvisoryAI schema + orchestrator ledger envelopes to freeze. | BLOCKED (2025-11-17). <br><br> Document artefact/deliverable for Evidence Locker Guild · Security Guild · Docs Guild, Exporter Service Guild · Mirror Creator Guild · DevOps Guild, Timeline Indexer Guild · Evidence Locker Guild · Security Guild and publish location so downstream tasks can proceed. |
| P2 | PREP-ORCHESTRATOR-NOTIFICATIONS-SCHEMA-HANDOF | TODO | Due 2025-11-23 · Accountable: Planning | Planning | MISSED; escalate to Wave 150/140 leads and record new ETA; keep tasks BLOCKED. <br><br> Document artefact/deliverable for Orchestrator + Notifications schema handoff (Orchestrator Service + Notifications Guilds) and publish location so downstream tasks can proceed. |
| P3 | PREP-ESCALATION-FOLLOW-UP-ADVISORYAI-ORCHESTR | TODO | Due 2025-11-23 · Accountable: Planning | Planning | If no dates provided, mark BLOCKED in respective sprints and escalate to Wave leads. <br><br> Document artefact/deliverable for Escalation follow-up (AdvisoryAI, Orchestrator/Notifications) and publish location so downstream tasks can proceed. |
| P4 | PREP-160-A-160-B-160-C-ESCALATE-TO-WAVE-150-1 | DONE (2025-11-19) | Due 2025-11-23 · Accountable: Planning | Planning | Escalation sent to Wave 150/140 leads; awaiting new ETAs recorded in Sprint 110/150/140. |
| 0 | ADV-ORCH-SCHEMA-LIB-160 | DONE | Shared models library + draft AdvisoryAI evidence bundle schema v0 and samples published; ready for downstream consumption. | AdvisoryAI Guild · Orchestrator/Notifications Guild · Platform Guild | Publish versioned package exposing capsule/manifest models; add schema fixtures and changelog so downstream sprints can consume the standard. |
| 1 | 160.A EvidenceLocker snapshot | BLOCKED | Waiting on AdvisoryAI evidence payload notes + orchestrator/notifications envelopes to finalize ingest/replay summary. | Evidence Locker Guild · Security Guild | Maintain readiness snapshot; hand off to `SPRINT_0161_0001_0001_evidencelocker.md` & `SPRINT_187_evidence_locker_cli_integration.md`. |
| 2 | 160.B ExportCenter snapshot | BLOCKED | EvidenceLocker bundle contract frozen, but orchestrator/notifications envelopes still missing; cannot freeze ExportCenter snapshot. | Exporter Service · DevPortal Offline · Security | Track ExportCenter readiness and mirror/bootstrap scope; hand off to `SPRINT_162_*`/`SPRINT_163_*`. |
| 3 | 160.C TimelineIndexer snapshot | BLOCKED | Waiting on TIMELINE-OBS-52-001 digest references; schemas available. Prep migrations/RLS draft. | Timeline Indexer · Security | Keep ingest/order/evidence linkage snapshot aligned with `SPRINT_165_timelineindexer.md`. |
| 4 | AGENTS-implplan | DONE | Create `docs/implplan/AGENTS.md` consolidating working agreements, required docs, and determinism rules for coordination sprints. | Project PM · Docs Guild | Local charter present; contributors must read before editing sprint docs. |
### Wave Coordination
| Wave | Guild owners | Shared prerequisites | Status | Notes |
| --- | --- | --- | --- | --- |
| 160.A EvidenceLocker | Evidence Locker Guild · Security Guild · Docs Guild | Sprint 110.A AdvisoryAI; Sprint 120.A AirGap; Sprint 130.A Scanner; Sprint 150.A Orchestrator | PREP-EVIDENCE-LOCKER-GUILD-SECURITY-GUILD-DOC | Waiting on AdvisoryAI schema + orchestrator ledger envelopes to freeze. |
| 160.B ExportCenter | Exporter Service Guild · Mirror Creator Guild · DevOps Guild | Sprint 110.A AdvisoryAI; Sprint 120.A AirGap; Sprint 130.A Scanner; Sprint 150.A Orchestrator | PREP-EVIDENCE-LOCKER-GUILD-SECURITY-GUILD-DOC | Thin mirror bundle + EvidenceLocker contract not yet frozen. |
| 160.C TimelineIndexer | Timeline Indexer Guild · Evidence Locker Guild · Security Guild | Sprint 110.A AdvisoryAI; Sprint 120.A AirGap; Sprint 130.A Scanner; Sprint 150.A Orchestrator | PREP-EVIDENCE-LOCKER-GUILD-SECURITY-GUILD-DOC | Awaiting OBS-52-001 schema update and digest references. |
## Wave Detail Snapshots & Next Actions
### 160.A EvidenceLocker
- Detail trackers: [SPRINT_0161_0001_0001_evidencelocker.md](./SPRINT_0161_0001_0001_evidencelocker.md) and [SPRINT_187_evidence_locker_cli_integration.md](./SPRINT_187_evidence_locker_cli_integration.md).
- Task radar (all TODO as of 2025-11-12):
- `EVID-REPLAY-187-001` — Replay bundle ingestion/retention APIs + storage policy (`src/EvidenceLocker/StellaOps.EvidenceLocker`, `docs/modules/evidence-locker/architecture.md`).
- `RUNBOOK-REPLAY-187-004` & `CLI-REPLAY-187-002` — CLI + ops readiness for replay bundles (`docs/runbooks/replay_ops.md`, CLI module).
- `EVID-CRYPTO-90-001` — Sovereign crypto routing via `ICryptoProviderRegistry`/`ICryptoHash` per `docs/security/crypto-routing-audit-2025-11-07.md`.
- Contracts: bundle packaging + DSSE layout (`docs/modules/evidence-locker/bundle-packaging.md`, `EVID-OBS-54-002`); portable/incident modes in `docs/modules/evidence-locker/incident-mode.md`.
- Gating dependencies: orchestrator capsule schema, AdvisoryAI payload notes, and replay ledger rules (`docs/replay/DETERMINISTIC_REPLAY.md`).
- Ready-to-start checklist: finalize ingest schema deltas, stage Replay Ledger ops drills, and publish API surface summary into Sprint 161 before DOING.
#### EvidenceLocker task snapshot (2025-11-12)
| Task ID | Scope | State | Notes / Owners |
| --- | --- | --- | --- |
| EVID-REPLAY-187-001 | Replay bundle ingestion + retention APIs | TODO | Evidence Locker Guild · docs/modules/evidence-locker/architecture.md |
| CLI-REPLAY-187-002 | CLI record/verify/replay UX | TODO | CLI Guild · `docs/modules/cli/architecture.md` |
| RUNBOOK-REPLAY-187-004 | Replay ops runbook + drills | TODO | Docs/Ops Guild · `/docs/runbooks/replay_ops.md` |
| EVID-CRYPTO-90-001 | Sovereign crypto routing | TODO | Evidence Locker + Security Guilds · `ICryptoProviderRegistry` integration |
### 160.B ExportCenter
- Detail trackers: [SPRINT_0162_0001_0001_exportcenter_i.md](./SPRINT_0162_0001_0001_exportcenter_i.md) and [SPRINT_0163_0001_0001_exportcenter_ii.md](./SPRINT_0163_0001_0001_exportcenter_ii.md).
- Task radar highlights:
- Mirror & bootstrap: `EXPORT-AIRGAP-56-001/002/003/004/005`, `EXPORT-AIRGAP-57-001`, `EXPORT-AIRGAP-58-001`.
- Attestation bundles: `EXPORT-ATTEST-74-001/002`, `EXPORT-ATTEST-75-001/002` (jobs, CI/offline, CLI verify/import; see `docs/modules/attestor/airgap.md`).
- API/OAS: `EXPORT-OAS-61-001/002`, `EXPORT-OAS-62-001`, `EXPORT-OAS-63-001` — refreshed OpenAPI, discovery, SDK, deprecation headers.
- Service/observability: `EXPORT-SVC-35-001…005`, `EXPORT-OBS-50/51/52`, `EXPORT-CRYPTO-90-001` for crypto parity with EvidenceLocker.
- Dependencies: EvidenceLocker contracts + DSSE proofs; orchestrator events + Scheduler readiness; crypto routing aligned with `docs/security/crypto-routing-audit-2025-11-07.md`.
- Ready-to-start checklist: freeze sealed bundle spec, reconcile crypto provider matrix with RootPack deployments, and prep DevPortal verification CLI scaffolding (`DVOFF-64-002`).
#### ExportCenter task snapshot (2025-11-12)
| Task ID | Scope | State | Notes / Owners |
| --- | --- | --- | --- |
| DVOFF-64-002 | DevPortal bundle verification CLI | TODO | DevPortal Offline + AirGap Controller Guilds |
| EXPORT-AIRGAP-56-001/002 | Mirror bundle + bootstrap pack profiles | TODO | Exporter + Mirror Creator + DevOps Guilds |
| EXPORT-AIRGAP-57-001 | Portable evidence export mode | TODO | Exporter Service + Evidence Locker Guild |
| EXPORT-AIRGAP-58-001 | Notifications for portable export | TODO | Exporter Service + Notifications Guild |
| EXPORT-ATTEST-74-001/002 | Attestation bundle job + CI integration | TODO | Attestation Bundle + Exporter Guilds |
| EXPORT-ATTEST-75-001/002 | CLI verify/import + offline kit integration | TODO | Attestation Bundle + CLI + Exporter Guilds |
| EXPORT-OAS-61/62/63 | OpenAPI refresh, discovery, SDK + deprecation headers | TODO | Exporter Service + API Governance + SDK Guilds |
| EXPORT-CRYPTO-90-001 | Sovereign crypto routing | TODO | Exporter Service + Security Guilds |
### 160.C TimelineIndexer
- Detail tracker: [SPRINT_165_timelineindexer.md](./SPRINT_165_timelineindexer.md) covering TIMELINE-OBS-52-001…004 and TIMELINE-OBS-53-001.
- Task radar:
- `TIMELINE-OBS-52-001` — service bootstrap + Postgres migrations with deterministic scripts and RLS scaffolding.
- `TIMELINE-OBS-52-002` — event ingestion pipeline (NATS/Redis consumers, ordering, dedupe, trace correlation, metrics).
- `TIMELINE-OBS-52-003` — REST/gRPC APIs with filtering/pagination + OpenAPI contracts.
- `TIMELINE-OBS-52-004` — finalize RLS, scope checks, audit logging, legal hold enforcement tests.
- `TIMELINE-OBS-53-001` — evidence linkage endpoint returning signed manifest references.
- Dependencies: orchestrator/notifications event schemas and EvidenceLocker digest references must land before Postgres migrations can be frozen; export bundle IDs must be stable to hydrate `/timeline/{id}/evidence`.
- Ready-to-start checklist: secure event schema package, stage Postgres migration plan (incl. RLS policies) for review, align ingest ordering semantics with Scheduler/ExportCenter cadence.
#### TimelineIndexer task snapshot (2025-11-12)
| Task ID | Scope | State | Notes / Owners |
| --- | --- | --- | --- |
| TIMELINE-OBS-52-001 | Service bootstrap + Postgres migrations/RLS | TODO | Timeline Indexer Guild |
| TIMELINE-OBS-52-002 | Event ingestion pipeline + metrics | TODO | Timeline Indexer Guild |
| TIMELINE-OBS-52-003 | REST/gRPC APIs + OpenAPI contracts | TODO | Timeline Indexer Guild |
| TIMELINE-OBS-52-004 | RLS policies, audit logging, legal hold tests | TODO | Timeline Indexer + Security Guilds |
| TIMELINE-OBS-53-001 | Evidence linkage endpoint | TODO | Timeline Indexer + Evidence Locker Guilds |
## Interlocks & Readiness Signals
| Dependency | Owner / Source | Impacts | Status / Next signal |
| --- | --- | --- | --- |
| Orchestrator capsule & notifications schema (`docs/events/orchestrator-scanner-events.md`) | Orchestrator Service Guild · Notifications Guild (Sprint 150.A + 140 wave) | 160.A, 160.B, 160.C | OVERDUE (was due 2025-11-15); escalation sent 2025-11-18; awaiting new ETA (follow-up 2025-11-19). |
| AdvisoryAI evidence bundle schema & payload notes (Sprint 110.A) | AdvisoryAI Guild | 160.A, 160.B | OVERDUE (was due 2025-11-14); escalation sent 2025-11-18; awaiting new ETA (follow-up 2025-11-19). |
| Replay ledger spec alignment (`docs/replay/DETERMINISTIC_REPLAY.md`, `/docs/runbooks/replay_ops.md`) | Replay Delivery Guild (Sprint 187) | 160.A | Replay ops runbook exists (2025-11-03); EvidenceLocker must incorporate retention API shape before DOING. Track in EVID-REPLAY-187-001. |
| Crypto routing parity (`docs/security/crypto-routing-audit-2025-11-07.md`) | Security Guild + Export/Evidence teams (`EVID-CRYPTO-90-001`, `EXPORT-CRYPTO-90-001`) | 160.A, 160.B | Audit published 2025-11-07; wire `ICryptoProviderRegistry` before enabling sovereign profiles. Readiness review on 2025-11-18. |
| DevPortal verification CLI scaffolding (`DVOFF-64-002`) | DevPortal Offline Guild (Sprint 162) | 160.B | Prototype pending; keep `stella devportal verify bundle.tgz` ready once bundle contracts are signed. |
## Upcoming Checkpoints (UTC)
| Date | Session / Owner | Target outcome | Fallback / Escalation |
| --- | --- | --- | --- |
| 2025-11-14 | AdvisoryAI stand-up (AdvisoryAI Guild) | Freeze evidence bundle schema + payload notes so EvidenceLocker can finalize DSSE manifests (blocked). | MISSED; reschedule immediately and log in Sprint 110 + this sprint. |
| 2025-11-15 | Orchestrator + Notifications schema handoff (Orchestrator Service + Notifications Guilds) | Publish capsule envelopes & notification contracts required by EvidenceLocker ingest, ExportCenter notifications, TimelineIndexer ordering (blocked). | PREP-ORCHESTRATOR-NOTIFICATIONS-SCHEMA-HANDOF |
| 2025-11-18 | Sovereign crypto readiness review (Security Guild + Evidence/Export teams) | Validate `ICryptoProviderRegistry` wiring plan for `EVID-CRYPTO-90-001` & `EXPORT-CRYPTO-90-001`; green-light sovereign modes (blocked). | If gating issues remain, file action items in Security board and hold related sprint tasks in TODO. |
| 2025-11-19 | DevPortal Offline CLI dry run (DevPortal Offline + AirGap Controller Guilds) | Demo `stella devportal verify bundle.tgz` using sample manifest to prove readiness once EvidenceLocker spec lands (blocked awaiting schema). | If CLI not ready, update DVOFF-64-002 description with new ETA and note risk in Sprint 162 doc. |
| 2025-11-19 | Escalation follow-up (AdvisoryAI, Orchestrator/Notifications) | Secure revised dates for schema/envelope drops; update this sprint + Sprint 110/150/140. | PREP-ESCALATION-FOLLOW-UP-ADVISORYAI-ORCHESTR |
## Action Tracker
| Wave | Immediate action | Owner(s) | Due | Status |
| --- | --- | --- | --- | --- |
| 160.A EvidenceLocker | Draft ingest schema summary + Replay Ledger API notes into `SPRINT_0161_0001_0001_evidencelocker.md` once orchestrator + AdvisoryAI schemas land. | Evidence Locker Guild · Replay Delivery Guild | 2025-11-16 | OVERDUE (schemas not delivered) |
| 160.A EvidenceLocker | Validate crypto provider registry plan for `EVID-CRYPTO-90-001` ahead of the Nov-18 review. | Evidence Locker Guild · Security Guild | 2025-11-17 | OVERDUE (awaiting Security design feedback) |
| 160.A EvidenceLocker | Prep CLI + ops teams for replay handoff (`RUNBOOK-REPLAY-187-004`, `CLI-REPLAY-187-002`) once Evidence Locker APIs are drafted. | CLI Guild · Ops Guild · Evidence Locker Guild | 2025-11-18 | Pending |
| 160.B ExportCenter | Prepare DevPortal verification CLI prototype (`DVOFF-64-002`) covering manifest hash + DSSE verification flow. | DevPortal Offline Guild · AirGap Controller Guild | 2025-11-19 | In progress (design draft shared; waiting on bundle schema) |
| 160.B ExportCenter | Align attestation bundle job + CLI verbs (`EXPORT-ATTEST-74/75`) with EvidenceLocker DSSE layout once published. | Exporter Service Guild · Attestation Bundle Guild · CLI Guild | 2025-11-20 | Pending |
| 160.B ExportCenter | Stage crypto routing hooks in exporter service (`EXPORT-CRYPTO-90-001`) tied to the Nov-18 review. | Exporter Service Guild · Security Guild | 2025-11-18 | Pending |
| 160.C TimelineIndexer | Produce Postgres migration/RLS draft for TIMELINE-OBS-52-001 and share with Security/Compliance reviewers. | Timeline Indexer Guild · Security Guild | 2025-11-18 | Pending |
| 160.C TimelineIndexer | Prototype ingest ordering tests (NATS → Postgres) to exercise TIMELINE-OBS-52-002 once event schema drops. | Timeline Indexer Guild | 2025-11-19 | Pending |
| 160.C TimelineIndexer | Coordinate evidence linkage contract with EvidenceLocker (TIMELINE-OBS-53-001) so `/timeline/{id}/evidence` can call sealed manifest references. | Timeline Indexer Guild · Evidence Locker Guild | 2025-11-20 | Pending |
| AGENTS-implplan | Create `docs/implplan/AGENTS.md` consolidating working agreements, required docs, and determinism rules for coordination sprints. | Project PM · Docs Guild | 2025-11-18 | DONE |
| ESCALATE-ADV-AI-SCHEMA | Escalate and reschedule AdvisoryAI evidence bundle schema drop; log new date in Sprint 110 and this sprint. | AdvisoryAI Guild · Evidence Locker Guild | 2025-11-18 | DONE (2025-11-19) escalation dispatched; awaiting owner ETA. |
| ESCALATE-ORCH-ENVELOPE | Escalate Orchestrator/Notifications capsule envelope drop; obtain new ETA and log in Sprint 150/140 and this sprint. | Orchestrator Service · Notifications Guild | 2025-11-18 | DONE (2025-11-19) escalation dispatched; awaiting owner ETA. |
## Decisions & Risks
| Item | Status / Decision | Notes |
| --- | --- | --- |
| Naming & template alignment | DONE (2025-11-17) | File renamed to `SPRINT_0160_0001_0001_export_evidence.md` and normalized to standard sprint template. |
| AdvisoryAI schema freeze | BLOCKED | Must land before EvidenceLocker/ExportCenter DOING moves; track in Interlocks and Sprint 110. |
| Orchestrator/Notifications envelopes | BLOCKED | Required for EvidenceLocker ingest, ExportCenter notifications, and TimelineIndexer ordering. |
| Crypto routing design readiness | BLOCKED | Await 2025-11-18 review to green-light `ICryptoProviderRegistry` wiring (`EVID-CRYPTO-90-001`, `EXPORT-CRYPTO-90-001`). |
| Risks | See table below | Retained from prior snapshot. |
| AGENTS.md for docs/implplan | DONE | `docs/implplan/AGENTS.md` added (2025-11-17); read before editing sprint docs. |
| AdvisoryAI schema checkpoint (2025-11-14) | OVERDUE | Reschedule required; tracked via `ESCALATE-ADV-AI-SCHEMA` action. |
| Orchestrator/Notifications checkpoint (2025-11-15) | OVERDUE | Reschedule required; tracked via `ESCALATE-ORCH-ENVELOPE` action. |
| Escalation responses | PENDING | Awaiting ETA confirmations from AdvisoryAI and Orchestrator/Notifications leads; follow-up due 2025-11-19 if no response. |
### Risk table
| Risk | Impacted wave(s) | Severity | Mitigation / Owner |
| --- | --- | --- | --- |
| AdvisoryAI schema slips past 2025-11-14, delaying DSSE manifest freeze. | 160.A, 160.B | High | AdvisoryAI Guild to provide interim sample payloads; EvidenceLocker to stub schema adapters so ExportCenter can begin validation with mock data. |
| Orchestrator/Notifications schema handoff misses 2025-11-15 window. | 160.A, 160.B, 160.C | High | PREP-160-A-160-B-160-C-ESCALATE-TO-WAVE-150-1 |
| Sovereign crypto routing design not ready by 2025-11-18 review. | 160.A, 160.B | Medium | Security Guild to publish `ICryptoProviderRegistry` reference implementation; Evidence/Export guilds to nominate fallback providers per profile. |
| DevPortal verification CLI lacks signed bundle fixtures for dry run. | 160.B | Medium | Exporter Guild to provide sample manifest + DSSE pair; DevPortal Offline Guild to script fake EvidenceLocker output for demo. |
| TimelineIndexer Postgres/RLS plan not reviewed before coding. | 160.C | Medium | Timeline Indexer Guild to share migration plan with Security/Compliance for async review; unblock coding by securing written approval in sprint doc. |
## Execution Log
# Sprint 0160_0001_0001 · Export & Evidence
## Topic & Scope
- Snapshot coordination for export & evidence tracks (EvidenceLocker, ExportCenter, TimelineIndexer); active backlog continues in Sprint 161+.
- Ensure bundle formats, crypto routing, and ingestion schemas freeze before downstream sprints move to DOING; completed work is archived in `docs/implplan/archived/tasks.md` (updated 2025-11-08).
- Working directory: `docs/implplan` (cross-module coordination spanning EvidenceLocker, ExportCenter, TimelineIndexer artefacts).
- Evidence of completion: refreshed coordination snapshot, normalized sprint structure, and links to module trackers.
## Dependencies & Concurrency
- Depends on AdvisoryAI evidence schema (Sprint 110.A), Orchestrator/Notifications envelopes (Sprint 150.A/140), and crypto-routing audit outcomes (2025-11-07) before DOING can start.
- Runs in parallel with module sprints 161/162/165; no code convergence expected here, but gating contracts must be frozen first.
- Interlocks & readiness signals are tracked in the table below; concurrency with other CC-decade sprints is safe once those signals turn green.
## Documentation Prerequisites
- `docs/modules/evidence-locker/architecture.md`, `docs/modules/evidence-locker/bundle-packaging.md`, `docs/modules/evidence-locker/incident-mode.md`
- `docs/modules/export-center/architecture.md`, `docs/modules/attestor/airgap.md`
- `docs/modules/timelineindexer/architecture.md` (if present) and Postgres/RLS runbooks
- `docs/security/crypto-routing-audit-2025-11-07.md`
- `docs/replay/DETERMINISTIC_REPLAY.md`, `docs/runbooks/replay_ops.md`
- `docs/events/orchestrator-scanner-events.md`
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-EVIDENCE-LOCKER-GUILD-SECURITY-GUILD-DOC | DONE (2025-11-20) | Prep note published at `docs/modules/evidence-locker/prep/2025-11-20-security-coordination.md`. | Waiting on AdvisoryAI schema + orchestrator ledger envelopes to freeze. | BLOCKED (2025-11-17). <br><br> Document artefact/deliverable for Evidence Locker Guild · Security Guild · Docs Guild, Exporter Service Guild · Mirror Creator Guild · DevOps Guild, Timeline Indexer Guild · Evidence Locker Guild · Security Guild and publish location so downstream tasks can proceed. |
| P2 | PREP-ORCHESTRATOR-NOTIFICATIONS-SCHEMA-HANDOF | DONE (2025-11-20) | Prep note published at `docs/events/prep/2025-11-20-orchestrator-notifications-schema-handoff.md`. | Planning | MISSED; escalate to Wave 150/140 leads and record new ETA; keep tasks BLOCKED. <br><br> Document artefact/deliverable for Orchestrator + Notifications schema handoff (Orchestrator Service + Notifications Guilds) and publish location so downstream tasks can proceed. |
| P3 | PREP-ESCALATION-FOLLOW-UP-ADVISORYAI-ORCHESTR | DONE (2025-11-20) | Prep note published at `docs/events/prep/2025-11-20-advisoryai-orchestrator-followup.md`. | Planning | If no dates provided, mark BLOCKED in respective sprints and escalate to Wave leads. <br><br> Document artefact/deliverable for Escalation follow-up (AdvisoryAI, Orchestrator/Notifications) and publish location so downstream tasks can proceed. |
| P4 | PREP-160-A-160-B-160-C-ESCALATE-TO-WAVE-150-1 | DONE (2025-11-19) | Due 2025-11-23 · Accountable: Planning | Planning | Escalation sent to Wave 150/140 leads; awaiting new ETAs recorded in Sprint 110/150/140. |
| 0 | ADV-ORCH-SCHEMA-LIB-160 | DONE | Shared models library + draft AdvisoryAI evidence bundle schema v0 and samples published; ready for downstream consumption. | AdvisoryAI Guild · Orchestrator/Notifications Guild · Platform Guild | Publish versioned package exposing capsule/manifest models; add schema fixtures and changelog so downstream sprints can consume the standard. |
| 1 | 160.A EvidenceLocker snapshot | BLOCKED | Waiting on AdvisoryAI evidence payload notes + orchestrator/notifications envelopes to finalize ingest/replay summary. | Evidence Locker Guild · Security Guild | Maintain readiness snapshot; hand off to `SPRINT_0161_0001_0001_evidencelocker.md` & `SPRINT_187_evidence_locker_cli_integration.md`. |
| 2 | 160.B ExportCenter snapshot | BLOCKED | EvidenceLocker bundle contract frozen, but orchestrator/notifications envelopes still missing; cannot freeze ExportCenter snapshot. | Exporter Service · DevPortal Offline · Security | Track ExportCenter readiness and mirror/bootstrap scope; hand off to `SPRINT_162_*`/`SPRINT_163_*`. |
| 3 | 160.C TimelineIndexer snapshot | BLOCKED | Waiting on TIMELINE-OBS-52-001 digest references; schemas available. Prep migrations/RLS draft. | Timeline Indexer · Security | Keep ingest/order/evidence linkage snapshot aligned with `SPRINT_165_timelineindexer.md`. |
| 4 | AGENTS-implplan | DONE | Create `docs/implplan/AGENTS.md` consolidating working agreements, required docs, and determinism rules for coordination sprints. | Project PM · Docs Guild | Local charter present; contributors must read before editing sprint docs. |
### Wave Coordination
| Wave | Guild owners | Shared prerequisites | Status | Notes |
| --- | --- | --- | --- | --- |
| 160.A EvidenceLocker | Evidence Locker Guild · Security Guild · Docs Guild | Sprint 110.A AdvisoryAI; Sprint 120.A AirGap; Sprint 130.A Scanner; Sprint 150.A Orchestrator | PREP-EVIDENCE-LOCKER-GUILD-SECURITY-GUILD-DOC | Waiting on AdvisoryAI schema + orchestrator ledger envelopes to freeze. |
| 160.B ExportCenter | Exporter Service Guild · Mirror Creator Guild · DevOps Guild | Sprint 110.A AdvisoryAI; Sprint 120.A AirGap; Sprint 130.A Scanner; Sprint 150.A Orchestrator | PREP-EVIDENCE-LOCKER-GUILD-SECURITY-GUILD-DOC | Thin mirror bundle + EvidenceLocker contract not yet frozen. |
| 160.C TimelineIndexer | Timeline Indexer Guild · Evidence Locker Guild · Security Guild | Sprint 110.A AdvisoryAI; Sprint 120.A AirGap; Sprint 130.A Scanner; Sprint 150.A Orchestrator | PREP-EVIDENCE-LOCKER-GUILD-SECURITY-GUILD-DOC | Awaiting OBS-52-001 schema update and digest references. |
## Wave Detail Snapshots & Next Actions
### 160.A EvidenceLocker
- Detail trackers: [SPRINT_0161_0001_0001_evidencelocker.md](./SPRINT_0161_0001_0001_evidencelocker.md) and [SPRINT_187_evidence_locker_cli_integration.md](./SPRINT_187_evidence_locker_cli_integration.md).
- Task radar (all TODO as of 2025-11-12):
- `EVID-REPLAY-187-001` — Replay bundle ingestion/retention APIs + storage policy (`src/EvidenceLocker/StellaOps.EvidenceLocker`, `docs/modules/evidence-locker/architecture.md`).
- `RUNBOOK-REPLAY-187-004` & `CLI-REPLAY-187-002` — CLI + ops readiness for replay bundles (`docs/runbooks/replay_ops.md`, CLI module).
- `EVID-CRYPTO-90-001` — Sovereign crypto routing via `ICryptoProviderRegistry`/`ICryptoHash` per `docs/security/crypto-routing-audit-2025-11-07.md`.
- Contracts: bundle packaging + DSSE layout (`docs/modules/evidence-locker/bundle-packaging.md`, `EVID-OBS-54-002`); portable/incident modes in `docs/modules/evidence-locker/incident-mode.md`.
- Gating dependencies: orchestrator capsule schema, AdvisoryAI payload notes, and replay ledger rules (`docs/replay/DETERMINISTIC_REPLAY.md`).
- Ready-to-start checklist: finalize ingest schema deltas, stage Replay Ledger ops drills, and publish API surface summary into Sprint 161 before DOING.
#### EvidenceLocker task snapshot (2025-11-12)
| Task ID | Scope | State | Notes / Owners |
| --- | --- | --- | --- |
| EVID-REPLAY-187-001 | Replay bundle ingestion + retention APIs | TODO | Evidence Locker Guild · docs/modules/evidence-locker/architecture.md |
| CLI-REPLAY-187-002 | CLI record/verify/replay UX | TODO | CLI Guild · `docs/modules/cli/architecture.md` |
| RUNBOOK-REPLAY-187-004 | Replay ops runbook + drills | TODO | Docs/Ops Guild · `/docs/runbooks/replay_ops.md` |
| EVID-CRYPTO-90-001 | Sovereign crypto routing | TODO | Evidence Locker + Security Guilds · `ICryptoProviderRegistry` integration |
### 160.B ExportCenter
- Detail trackers: [SPRINT_0162_0001_0001_exportcenter_i.md](./SPRINT_0162_0001_0001_exportcenter_i.md) and [SPRINT_0163_0001_0001_exportcenter_ii.md](./SPRINT_0163_0001_0001_exportcenter_ii.md).
- Task radar highlights:
- Mirror & bootstrap: `EXPORT-AIRGAP-56-001/002/003/004/005`, `EXPORT-AIRGAP-57-001`, `EXPORT-AIRGAP-58-001`.
- Attestation bundles: `EXPORT-ATTEST-74-001/002`, `EXPORT-ATTEST-75-001/002` (jobs, CI/offline, CLI verify/import; see `docs/modules/attestor/airgap.md`).
- API/OAS: `EXPORT-OAS-61-001/002`, `EXPORT-OAS-62-001`, `EXPORT-OAS-63-001` — refreshed OpenAPI, discovery, SDK, deprecation headers.
- Service/observability: `EXPORT-SVC-35-001…005`, `EXPORT-OBS-50/51/52`, `EXPORT-CRYPTO-90-001` for crypto parity with EvidenceLocker.
- Dependencies: EvidenceLocker contracts + DSSE proofs; orchestrator events + Scheduler readiness; crypto routing aligned with `docs/security/crypto-routing-audit-2025-11-07.md`.
- Ready-to-start checklist: freeze sealed bundle spec, reconcile crypto provider matrix with RootPack deployments, and prep DevPortal verification CLI scaffolding (`DVOFF-64-002`).
#### ExportCenter task snapshot (2025-11-12)
| Task ID | Scope | State | Notes / Owners |
| --- | --- | --- | --- |
| DVOFF-64-002 | DevPortal bundle verification CLI | TODO | DevPortal Offline + AirGap Controller Guilds |
| EXPORT-AIRGAP-56-001/002 | Mirror bundle + bootstrap pack profiles | TODO | Exporter + Mirror Creator + DevOps Guilds |
| EXPORT-AIRGAP-57-001 | Portable evidence export mode | TODO | Exporter Service + Evidence Locker Guild |
| EXPORT-AIRGAP-58-001 | Notifications for portable export | TODO | Exporter Service + Notifications Guild |
| EXPORT-ATTEST-74-001/002 | Attestation bundle job + CI integration | TODO | Attestation Bundle + Exporter Guilds |
| EXPORT-ATTEST-75-001/002 | CLI verify/import + offline kit integration | TODO | Attestation Bundle + CLI + Exporter Guilds |
| EXPORT-OAS-61/62/63 | OpenAPI refresh, discovery, SDK + deprecation headers | TODO | Exporter Service + API Governance + SDK Guilds |
| EXPORT-CRYPTO-90-001 | Sovereign crypto routing | TODO | Exporter Service + Security Guilds |
### 160.C TimelineIndexer
- Detail tracker: [SPRINT_165_timelineindexer.md](./SPRINT_165_timelineindexer.md) covering TIMELINE-OBS-52-001…004 and TIMELINE-OBS-53-001.
- Task radar:
- `TIMELINE-OBS-52-001` — service bootstrap + Postgres migrations with deterministic scripts and RLS scaffolding.
- `TIMELINE-OBS-52-002` — event ingestion pipeline (NATS/Redis consumers, ordering, dedupe, trace correlation, metrics).
- `TIMELINE-OBS-52-003` — REST/gRPC APIs with filtering/pagination + OpenAPI contracts.
- `TIMELINE-OBS-52-004` — finalize RLS, scope checks, audit logging, legal hold enforcement tests.
- `TIMELINE-OBS-53-001` — evidence linkage endpoint returning signed manifest references.
- Dependencies: orchestrator/notifications event schemas and EvidenceLocker digest references must land before Postgres migrations can be frozen; export bundle IDs must be stable to hydrate `/timeline/{id}/evidence`.
- Ready-to-start checklist: secure event schema package, stage Postgres migration plan (incl. RLS policies) for review, align ingest ordering semantics with Scheduler/ExportCenter cadence.
#### TimelineIndexer task snapshot (2025-11-12)
| Task ID | Scope | State | Notes / Owners |
| --- | --- | --- | --- |
| TIMELINE-OBS-52-001 | Service bootstrap + Postgres migrations/RLS | TODO | Timeline Indexer Guild |
| TIMELINE-OBS-52-002 | Event ingestion pipeline + metrics | TODO | Timeline Indexer Guild |
| TIMELINE-OBS-52-003 | REST/gRPC APIs + OpenAPI contracts | TODO | Timeline Indexer Guild |
| TIMELINE-OBS-52-004 | RLS policies, audit logging, legal hold tests | TODO | Timeline Indexer + Security Guilds |
| TIMELINE-OBS-53-001 | Evidence linkage endpoint | TODO | Timeline Indexer + Evidence Locker Guilds |
## Interlocks & Readiness Signals
| Dependency | Owner / Source | Impacts | Status / Next signal |
| --- | --- | --- | --- |
| Orchestrator capsule & notifications schema (`docs/events/orchestrator-scanner-events.md`) | Orchestrator Service Guild · Notifications Guild (Sprint 150.A + 140 wave) | 160.A, 160.B, 160.C | OVERDUE (was due 2025-11-15); escalation sent 2025-11-18; awaiting new ETA (follow-up 2025-11-19). |
| AdvisoryAI evidence bundle schema & payload notes (Sprint 110.A) | AdvisoryAI Guild | 160.A, 160.B | OVERDUE (was due 2025-11-14); escalation sent 2025-11-18; awaiting new ETA (follow-up 2025-11-19). |
| Replay ledger spec alignment (`docs/replay/DETERMINISTIC_REPLAY.md`, `/docs/runbooks/replay_ops.md`) | Replay Delivery Guild (Sprint 187) | 160.A | Replay ops runbook exists (2025-11-03); EvidenceLocker must incorporate retention API shape before DOING. Track in EVID-REPLAY-187-001. |
| Crypto routing parity (`docs/security/crypto-routing-audit-2025-11-07.md`) | Security Guild + Export/Evidence teams (`EVID-CRYPTO-90-001`, `EXPORT-CRYPTO-90-001`) | 160.A, 160.B | Audit published 2025-11-07; wire `ICryptoProviderRegistry` before enabling sovereign profiles. Readiness review on 2025-11-18. |
| DevPortal verification CLI scaffolding (`DVOFF-64-002`) | DevPortal Offline Guild (Sprint 162) | 160.B | Prototype pending; keep `stella devportal verify bundle.tgz` ready once bundle contracts are signed. |
## Upcoming Checkpoints (UTC)
| Date | Session / Owner | Target outcome | Fallback / Escalation |
| --- | --- | --- | --- |
| 2025-11-14 | AdvisoryAI stand-up (AdvisoryAI Guild) | Freeze evidence bundle schema + payload notes so EvidenceLocker can finalize DSSE manifests (blocked). | MISSED; reschedule immediately and log in Sprint 110 + this sprint. |
| 2025-11-15 | Orchestrator + Notifications schema handoff (Orchestrator Service + Notifications Guilds) | Publish capsule envelopes & notification contracts required by EvidenceLocker ingest, ExportCenter notifications, TimelineIndexer ordering (blocked). | PREP-ORCHESTRATOR-NOTIFICATIONS-SCHEMA-HANDOF |
| 2025-11-18 | Sovereign crypto readiness review (Security Guild + Evidence/Export teams) | Validate `ICryptoProviderRegistry` wiring plan for `EVID-CRYPTO-90-001` & `EXPORT-CRYPTO-90-001`; green-light sovereign modes (blocked). | If gating issues remain, file action items in Security board and hold related sprint tasks in TODO. |
| 2025-11-19 | DevPortal Offline CLI dry run (DevPortal Offline + AirGap Controller Guilds) | Demo `stella devportal verify bundle.tgz` using sample manifest to prove readiness once EvidenceLocker spec lands (blocked awaiting schema). | If CLI not ready, update DVOFF-64-002 description with new ETA and note risk in Sprint 162 doc. |
| 2025-11-19 | Escalation follow-up (AdvisoryAI, Orchestrator/Notifications) | Secure revised dates for schema/envelope drops; update this sprint + Sprint 110/150/140. | PREP-ESCALATION-FOLLOW-UP-ADVISORYAI-ORCHESTR |
## Action Tracker
| Wave | Immediate action | Owner(s) | Due | Status |
| --- | --- | --- | --- | --- |
| 160.A EvidenceLocker | Draft ingest schema summary + Replay Ledger API notes into `SPRINT_0161_0001_0001_evidencelocker.md` once orchestrator + AdvisoryAI schemas land. | Evidence Locker Guild · Replay Delivery Guild | 2025-11-16 | OVERDUE (schemas not delivered) |
| 160.A EvidenceLocker | Validate crypto provider registry plan for `EVID-CRYPTO-90-001` ahead of the Nov-18 review. | Evidence Locker Guild · Security Guild | 2025-11-17 | OVERDUE (awaiting Security design feedback) |
| 160.A EvidenceLocker | Prep CLI + ops teams for replay handoff (`RUNBOOK-REPLAY-187-004`, `CLI-REPLAY-187-002`) once Evidence Locker APIs are drafted. | CLI Guild · Ops Guild · Evidence Locker Guild | 2025-11-18 | Pending |
| 160.B ExportCenter | Prepare DevPortal verification CLI prototype (`DVOFF-64-002`) covering manifest hash + DSSE verification flow. | DevPortal Offline Guild · AirGap Controller Guild | 2025-11-19 | In progress (design draft shared; waiting on bundle schema) |
| 160.B ExportCenter | Align attestation bundle job + CLI verbs (`EXPORT-ATTEST-74/75`) with EvidenceLocker DSSE layout once published. | Exporter Service Guild · Attestation Bundle Guild · CLI Guild | 2025-11-20 | Pending |
| 160.B ExportCenter | Stage crypto routing hooks in exporter service (`EXPORT-CRYPTO-90-001`) tied to the Nov-18 review. | Exporter Service Guild · Security Guild | 2025-11-18 | Pending |
| 160.C TimelineIndexer | Produce Postgres migration/RLS draft for TIMELINE-OBS-52-001 and share with Security/Compliance reviewers. | Timeline Indexer Guild · Security Guild | 2025-11-18 | Pending |
| 160.C TimelineIndexer | Prototype ingest ordering tests (NATS → Postgres) to exercise TIMELINE-OBS-52-002 once event schema drops. | Timeline Indexer Guild | 2025-11-19 | Pending |
| 160.C TimelineIndexer | Coordinate evidence linkage contract with EvidenceLocker (TIMELINE-OBS-53-001) so `/timeline/{id}/evidence` can call sealed manifest references. | Timeline Indexer Guild · Evidence Locker Guild | 2025-11-20 | Pending |
| AGENTS-implplan | Create `docs/implplan/AGENTS.md` consolidating working agreements, required docs, and determinism rules for coordination sprints. | Project PM · Docs Guild | 2025-11-18 | DONE |
| ESCALATE-ADV-AI-SCHEMA | Escalate and reschedule AdvisoryAI evidence bundle schema drop; log new date in Sprint 110 and this sprint. | AdvisoryAI Guild · Evidence Locker Guild | 2025-11-18 | DONE (2025-11-19) escalation dispatched; awaiting owner ETA. |
| ESCALATE-ORCH-ENVELOPE | Escalate Orchestrator/Notifications capsule envelope drop; obtain new ETA and log in Sprint 150/140 and this sprint. | Orchestrator Service · Notifications Guild | 2025-11-18 | DONE (2025-11-19) escalation dispatched; awaiting owner ETA. |
## Decisions & Risks
| Item | Status / Decision | Notes |
| --- | --- | --- |
| Naming & template alignment | DONE (2025-11-17) | File renamed to `SPRINT_0160_0001_0001_export_evidence.md` and normalized to standard sprint template. |
| AdvisoryAI schema freeze | BLOCKED | Must land before EvidenceLocker/ExportCenter DOING moves; track in Interlocks and Sprint 110. |
| Orchestrator/Notifications envelopes | BLOCKED | Required for EvidenceLocker ingest, ExportCenter notifications, and TimelineIndexer ordering. |
| Crypto routing design readiness | BLOCKED | Await 2025-11-18 review to green-light `ICryptoProviderRegistry` wiring (`EVID-CRYPTO-90-001`, `EXPORT-CRYPTO-90-001`). |
| Risks | See table below | Retained from prior snapshot. |
| AGENTS.md for docs/implplan | DONE | `docs/implplan/AGENTS.md` added (2025-11-17); read before editing sprint docs. |
| AdvisoryAI schema checkpoint (2025-11-14) | OVERDUE | Reschedule required; tracked via `ESCALATE-ADV-AI-SCHEMA` action. |
| Orchestrator/Notifications checkpoint (2025-11-15) | OVERDUE | Reschedule required; tracked via `ESCALATE-ORCH-ENVELOPE` action. |
| Escalation responses | PENDING | Awaiting ETA confirmations from AdvisoryAI and Orchestrator/Notifications leads; follow-up due 2025-11-19 if no response. |
### Risk table
| Risk | Impacted wave(s) | Severity | Mitigation / Owner |
| --- | --- | --- | --- |
| AdvisoryAI schema slips past 2025-11-14, delaying DSSE manifest freeze. | 160.A, 160.B | High | AdvisoryAI Guild to provide interim sample payloads; EvidenceLocker to stub schema adapters so ExportCenter can begin validation with mock data. |
| Orchestrator/Notifications schema handoff misses 2025-11-15 window. | 160.A, 160.B, 160.C | High | PREP-160-A-160-B-160-C-ESCALATE-TO-WAVE-150-1 |
| Sovereign crypto routing design not ready by 2025-11-18 review. | 160.A, 160.B | Medium | Security Guild to publish `ICryptoProviderRegistry` reference implementation; Evidence/Export guilds to nominate fallback providers per profile. |
| DevPortal verification CLI lacks signed bundle fixtures for dry run. | 160.B | Medium | Exporter Guild to provide sample manifest + DSSE pair; DevPortal Offline Guild to script fake EvidenceLocker output for demo. |
| TimelineIndexer Postgres/RLS plan not reviewed before coding. | 160.C | Medium | Timeline Indexer Guild to share migration plan with Security/Compliance for async review; unblock coding by securing written approval in sprint doc. |
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Confirmed PREP-ORCHESTRATOR-NOTIFICATIONS-SCHEMA-HANDOF and PREP-ESCALATION-FOLLOW-UP-ADVISORYAI-ORCHESTR still unclaimed; moved both to DOING to proceed with Wave 150/140 escalations. | Planning |
| 2025-11-20 | Published prep artefacts for P1P3: security coordination (`docs/modules/evidence-locker/prep/2025-11-20-security-coordination.md`), orchestrator/notifications handoff (`docs/events/prep/2025-11-20-orchestrator-notifications-schema-handoff.md`), and escalation follow-up (`docs/events/prep/2025-11-20-advisoryai-orchestrator-followup.md`). Marked P1P3 DONE. | Implementer |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-19 | Updated 160.C TimelineIndexer snapshot dependency to TIMELINE-OBS-52-001 (matches Sprint 165 tracker). | Project Mgmt |
| 2025-11-12 | Snapshot refreshed; all Export & Evidence waves remain BLOCKED pending orchestrator capsule data, AdvisoryAI bundle schemas, and EvidenceLocker contracts. Re-evaluate after 2025-11-15 handoff. | Planning |
| 2025-11-12 | Added checkpoint calendar, action tracker, and risk table to keep Wave 160 aligned while dependencies stabilize. | Planning |
| 2025-11-17 | Normalized sprint to standard template and renamed from `SPRINT_160_export_evidence.md` to `SPRINT_0160_0001_0001_export_evidence.md`; no semantic changes to tasks. | Project PM |
| 2025-11-17 | Set Delivery Tracker and Wave statuses to BLOCKED pending schemas/crypto review; logged missing `docs/implplan/AGENTS.md` as blocker and added action item `AGENTS-implplan`. | Implementer |
| 2025-11-17 | Created `docs/implplan/AGENTS.md`; marked AGENTS-implplan DONE and updated Decisions & Risks accordingly. | Implementer |
| 2025-11-17 | Marked AdvisoryAI (2025-11-14) and Orchestrator/Notifications (2025-11-15) checkpoints as missed; escalations required; action items now OVERDUE. | Implementer |
| 2025-11-18 | Added escalation actions `ESCALATE-ADV-AI-SCHEMA` and `ESCALATE-ORCH-ENVELOPE` to track overdue schema drops. | Implementer |
| 2025-11-18 | Started escalations for AdvisoryAI schema and Orchestrator envelopes; awaiting new ETAs from respective guilds. | Implementer |
| 2025-11-18 | Sent escalation pings to AdvisoryAI and Orchestrator/Notifications leads; awaiting ETA confirmation (tracked in Action Tracker). | Implementer |
| 2025-11-18 | Updated Interlocks with “escalation sent” notes and follow-up date (2025-11-19). | Implementer |
| 2025-11-18 | Added blocker task ADV-ORCH-SCHEMA-LIB-160 and marked snapshots explicitly blocked on shared schema library drop. | Project PM |
| 2025-11-18 | Set ADV-ORCH-SCHEMA-LIB-160 to DOING; drafting shared models package for AdvisoryAI/Orchestrator envelopes. | Implementer |
| 2025-11-18 | Published `src/__Libraries/StellaOps.Orchestrator.Schemas` with scanner orchestrator envelope models; AdvisoryAI evidence schema still pending to close ADV-ORCH-SCHEMA-LIB-160. | Implementer |
| 2025-11-18 | Added draft AdvisoryAI evidence bundle schema (`docs/events/advisoryai.evidence.bundle@0.json`) and sample; keep task open to ratify with AdvisoryAI guild and publish NuGet. | Implementer |
| 2025-11-18 | Flipped ADV-ORCH-SCHEMA-LIB-160 to DONE; moved 160.A/B to DOING using delivered schema/models. | Implementer |
| 2025-11-19 | Marked 160.A and 160.B BLOCKED pending AdvisoryAI payload notes and Orchestrator/Notifications envelopes; cannot publish snapshots yet. | Implementer |
| 2025-11-19 | Sent escalations for AdvisoryAI schema and Orchestrator/Notifications envelopes; marked ESCALATE-ADV-AI-SCHEMA, ESCALATE-ORCH-ENVELOPE, and PREP-160-A/B/C-ESCALATE as DONE. Await ETAs from owners. | Implementer |
| 2025-11-18 | Started 160.A/160.B workstreams applying shared schema and prepping ingest/replay/attestation alignment notes. | Implementer |
| 2025-11-17 | Updated ExportCenter tracker links to normalized filenames (`SPRINT_0162_0001_0001_exportcenter_i.md`, `SPRINT_0163_0001_0001_exportcenter_ii.md`). | Implementer |
| 2025-11-19 | Updated 160.C TimelineIndexer snapshot dependency to TIMELINE-OBS-52-001 (matches Sprint 165 tracker). | Project Mgmt |
| 2025-11-12 | Snapshot refreshed; all Export & Evidence waves remain BLOCKED pending orchestrator capsule data, AdvisoryAI bundle schemas, and EvidenceLocker contracts. Re-evaluate after 2025-11-15 handoff. | Planning |
| 2025-11-12 | Added checkpoint calendar, action tracker, and risk table to keep Wave 160 aligned while dependencies stabilize. | Planning |
| 2025-11-17 | Normalized sprint to standard template and renamed from `SPRINT_160_export_evidence.md` to `SPRINT_0160_0001_0001_export_evidence.md`; no semantic changes to tasks. | Project PM |
| 2025-11-17 | Set Delivery Tracker and Wave statuses to BLOCKED pending schemas/crypto review; logged missing `docs/implplan/AGENTS.md` as blocker and added action item `AGENTS-implplan`. | Implementer |
| 2025-11-17 | Created `docs/implplan/AGENTS.md`; marked AGENTS-implplan DONE and updated Decisions & Risks accordingly. | Implementer |
| 2025-11-17 | Marked AdvisoryAI (2025-11-14) and Orchestrator/Notifications (2025-11-15) checkpoints as missed; escalations required; action items now OVERDUE. | Implementer |
| 2025-11-18 | Added escalation actions `ESCALATE-ADV-AI-SCHEMA` and `ESCALATE-ORCH-ENVELOPE` to track overdue schema drops. | Implementer |
| 2025-11-18 | Started escalations for AdvisoryAI schema and Orchestrator envelopes; awaiting new ETAs from respective guilds. | Implementer |
| 2025-11-18 | Sent escalation pings to AdvisoryAI and Orchestrator/Notifications leads; awaiting ETA confirmation (tracked in Action Tracker). | Implementer |
| 2025-11-18 | Updated Interlocks with “escalation sent” notes and follow-up date (2025-11-19). | Implementer |
| 2025-11-18 | Added blocker task ADV-ORCH-SCHEMA-LIB-160 and marked snapshots explicitly blocked on shared schema library drop. | Project PM |
| 2025-11-18 | Set ADV-ORCH-SCHEMA-LIB-160 to DOING; drafting shared models package for AdvisoryAI/Orchestrator envelopes. | Implementer |
| 2025-11-18 | Published `src/__Libraries/StellaOps.Orchestrator.Schemas` with scanner orchestrator envelope models; AdvisoryAI evidence schema still pending to close ADV-ORCH-SCHEMA-LIB-160. | Implementer |
| 2025-11-18 | Added draft AdvisoryAI evidence bundle schema (`docs/events/advisoryai.evidence.bundle@0.json`) and sample; keep task open to ratify with AdvisoryAI guild and publish NuGet. | Implementer |
| 2025-11-18 | Flipped ADV-ORCH-SCHEMA-LIB-160 to DONE; moved 160.A/B to DOING using delivered schema/models. | Implementer |
| 2025-11-19 | Marked 160.A and 160.B BLOCKED pending AdvisoryAI payload notes and Orchestrator/Notifications envelopes; cannot publish snapshots yet. | Implementer |
| 2025-11-19 | Sent escalations for AdvisoryAI schema and Orchestrator/Notifications envelopes; marked ESCALATE-ADV-AI-SCHEMA, ESCALATE-ORCH-ENVELOPE, and PREP-160-A/B/C-ESCALATE as DONE. Await ETAs from owners. | Implementer |
| 2025-11-18 | Started 160.A/160.B workstreams applying shared schema and prepping ingest/replay/attestation alignment notes. | Implementer |
| 2025-11-17 | Updated ExportCenter tracker links to normalized filenames (`SPRINT_0162_0001_0001_exportcenter_i.md`, `SPRINT_0163_0001_0001_exportcenter_ii.md`). | Implementer |

16
docs/implplan/SPRINT_0161_0001_0001_evidencelocker.md
View File

@@ -24,11 +24,11 @@
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P0 | PREP-EVID-ATTEST-73-SCOPE-NOTE | DONE (2025-11-19) | Due 2025-11-20 · Accountable: Evidence Locker Guild · Concelier Guild · Excititor Guild | Evidence Locker Guild · Concelier Guild · Excititor Guild | Published attestation scope/sign-off note at `docs/modules/evidence-locker/attestation-scope-note.md` with required claims and sample builder payload; to be linked in Evidence Bundle v1 change log. |
| P1 | PREP-EVID-REPLAY-187-001-AWAIT-REPLAY-LEDGER | TODO | Due 2025-11-23 · Accountable: Evidence Locker Guild · Replay Delivery Guild | Evidence Locker Guild · Replay Delivery Guild | Await replay ledger retention shape; schemas available. <br><br> Document artefact/deliverable for EVID-REPLAY-187-001 and publish location so downstream tasks can proceed. |
| P2 | PREP-CLI-REPLAY-187-002-WAITING-ON-EVIDENCELO | TODO | Due 2025-11-23 · Accountable: CLI Guild | CLI Guild | Waiting on EvidenceLocker APIs after bundle packaging finalization. <br><br> Document artefact/deliverable for CLI-REPLAY-187-002 and publish location so downstream tasks can proceed. |
| P3 | PREP-RUNBOOK-REPLAY-187-004-DEPENDS-ON-RETENT | TODO | Due 2025-11-23 · Accountable: Docs Guild · Ops Guild | Docs Guild · Ops Guild | Depends on retention APIs + CLI behavior. <br><br> Document artefact/deliverable for RUNBOOK-REPLAY-187-004 and publish location so downstream tasks can proceed. |
| P4 | PREP-EVIDENCE-LOCKER-GUILD-BLOCKED-SCHEMAS-NO | TODO | Due 2025-11-23 · Accountable: Planning | Planning | BLOCKED (schemas not yet delivered). <br><br> Document artefact/deliverable for Evidence Locker Guild and publish location so downstream tasks can proceed. |
| P5 | PREP-EVIDENCE-LOCKER-GUILD-REPLAY-DELIVERY-GU | TODO | Due 2025-11-23 · Accountable: Planning | Planning | BLOCKED (awaiting schema signals). <br><br> Document artefact/deliverable for Evidence Locker Guild · Replay Delivery Guild and publish location so downstream tasks can proceed. |
| P1 | PREP-EVID-REPLAY-187-001-AWAIT-REPLAY-LEDGER | DONE (2025-11-20) | Prep doc at `docs/modules/evidence-locker/replay-payload-contract.md`; awaiting ledger retention freeze for implementation. | Evidence Locker Guild · Replay Delivery Guild | Await replay ledger retention shape; schemas available. <br><br> Document artefact/deliverable for EVID-REPLAY-187-001 and publish location so downstream tasks can proceed. |
| P2 | PREP-CLI-REPLAY-187-002-WAITING-ON-EVIDENCELO | DONE (2025-11-20) | Prep doc at `docs/modules/cli/guides/replay-cli-prep.md`; tracks CLI surface pending schema freeze. | CLI Guild | Waiting on EvidenceLocker APIs after bundle packaging finalization. <br><br> Document artefact/deliverable for CLI-REPLAY-187-002 and publish location so downstream tasks can proceed. |
| P3 | PREP-RUNBOOK-REPLAY-187-004-DEPENDS-ON-RETENT | DONE (2025-11-20) | Prep doc at `docs/runbooks/replay_ops_prep_187_004.md`; merge into runbook once APIs freeze. | Docs Guild · Ops Guild | Depends on retention APIs + CLI behavior. <br><br> Document artefact/deliverable for RUNBOOK-REPLAY-187-004 and publish location so downstream tasks can proceed. |
| P4 | PREP-EVIDENCE-LOCKER-GUILD-BLOCKED-SCHEMAS-NO | DONE (2025-11-20) | Prep note at `docs/modules/evidence-locker/prep/2025-11-20-schema-readiness-blockers.md`; awaiting AdvisoryAI/Orch envelopes. | Planning | BLOCKED (schemas not yet delivered). <br><br> Document artefact/deliverable for Evidence Locker Guild and publish location so downstream tasks can proceed. |
| P5 | PREP-EVIDENCE-LOCKER-GUILD-REPLAY-DELIVERY-GU | DONE (2025-11-20) | Prep note at `docs/modules/evidence-locker/prep/2025-11-20-replay-delivery-sync.md`; waiting on ledger retention defaults. | Planning | BLOCKED (awaiting schema signals). <br><br> Document artefact/deliverable for Evidence Locker Guild · Replay Delivery Guild and publish location so downstream tasks can proceed. |
| 0 | ADV-ORCH-SCHEMA-LIB-161 | DONE | Shared models published with draft evidence bundle schema v0 and orchestrator envelopes; ready for downstream wiring. | AdvisoryAI Guild · Orchestrator/Notifications Guild · Platform Guild | Publish versioned package + fixtures to `/src/__Libraries` (or shared NuGet) so downstream components can consume frozen schema. |
| 1 | EVID-OBS-54-002 | BLOCKED | AdvisoryAI evidence bundle schema + orchestrator/notifications capsule schema still pending; cannot finalize DSSE fields. | Evidence Locker Guild | Finalize deterministic bundle packaging + DSSE layout per `docs/modules/evidence-locker/bundle-packaging.md`, including portable/incident modes. |
| 2 | EVID-REPLAY-187-001 | BLOCKED | PREP-EVID-REPLAY-187-001-AWAIT-REPLAY-LEDGER | Evidence Locker Guild · Replay Delivery Guild | Implement replay bundle ingestion + retention APIs; update storage policy per `docs/replay/DETERMINISTIC_REPLAY.md`. |
@@ -40,8 +40,8 @@
## Action Tracker
| Action | Owner(s) | Due | Status |
| --- | --- | --- | --- |
| Capture AdvisoryAI + orchestrator schema deltas into this sprint and attach sample payloads. | Evidence Locker Guild | 2025-11-15 | PREP-EVIDENCE-LOCKER-GUILD-BLOCKED-SCHEMAS-NO |
| Draft Replay Ledger API + CLI notes to unblock EVID-REPLAY-187-001/002. | Evidence Locker Guild · Replay Delivery Guild | 2025-11-16 | PREP-EVIDENCE-LOCKER-GUILD-REPLAY-DELIVERY-GU |
| Capture AdvisoryAI + orchestrator schema deltas into this sprint and attach sample payloads. | Evidence Locker Guild | 2025-11-15 | DONE (2025-11-20) — see `docs/modules/evidence-locker/prep/2025-11-20-schema-readiness-blockers.md` |
| Draft Replay Ledger API + CLI notes to unblock EVID-REPLAY-187-001/002. | Evidence Locker Guild · Replay Delivery Guild | 2025-11-16 | DONE (2025-11-20) — see `docs/modules/evidence-locker/prep/2025-11-20-replay-delivery-sync.md` |
| Validate `ICryptoProviderRegistry` plan at readiness review. | Evidence Locker Guild · Security Guild | 2025-11-18 | Pending |
## Interlocks & Readiness Signals
@@ -82,3 +82,5 @@
| 2025-11-18 | Recorded crypto registry decision in `docs/security/crypto-registry-decision-2025-11-18.md`; moved CRYPTO-REGISTRY-DECISION-161 to DONE and unblocked EVID-CRYPTO-90-001. | Implementer |
| 2025-11-18 | Started EVID-OBS-54-002 DOING using shared schema draft. | Implementer |
| 2025-11-18 | Started EVID-OBS-54-002 with shared schema; replay/CLI remain pending ledger shape. | Implementer |
| 2025-11-20 | Completed PREP-EVID-REPLAY-187-001, PREP-CLI-REPLAY-187-002, and PREP-RUNBOOK-REPLAY-187-004; published prep docs at `docs/modules/evidence-locker/replay-payload-contract.md`, `docs/modules/cli/guides/replay-cli-prep.md`, and `docs/runbooks/replay_ops_prep_187_004.md`. | Implementer |
| 2025-11-20 | Added schema readiness and replay delivery prep notes for Evidence Locker Guild; see `docs/modules/evidence-locker/prep/2025-11-20-schema-readiness-blockers.md` and `.../2025-11-20-replay-delivery-sync.md`. Marked PREP-EVIDENCE-LOCKER-GUILD-BLOCKED-SCHEMAS-NO and PREP-EVIDENCE-LOCKER-GUILD-REPLAY-DELIVERY-GU DONE. | Implementer |

47
docs/implplan/SPRINT_0162_0001_0001_exportcenter_i.md
View File

@@ -21,20 +21,24 @@
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-DVOFF-64-002-NEEDS-SEALED-BUNDLE-SPEC-SA | TODO | Due 2025-11-23 · Accountable: DevPortal Offline Guild · AirGap Controller Guild | DevPortal Offline Guild · AirGap Controller Guild | Needs sealed bundle spec + sample manifest for CLI verify flow; due for Nov-19 dry run. <br><br> Document artefact/deliverable for DVOFF-64-002 and publish location so downstream tasks can proceed. |
| P2 | PREP-EXPORT-AIRGAP-56-001-EVIDENCELOCKER-CONT | TODO | Due 2025-11-23 · Accountable: Exporter Service Guild · Mirror Creator Guild | Exporter Service Guild · Mirror Creator Guild | EvidenceLocker contract + advisory schema to finalize DSSE contents. <br><br> Document artefact/deliverable for EXPORT-AIRGAP-56-001 and publish location so downstream tasks can proceed. |
| P3 | PREP-EXPORT-AIRGAP-56-002-DEPENDS-ON-56-001-S | TODO | Due 2025-11-23 · Accountable: Exporter Service Guild · DevOps Guild | Exporter Service Guild · DevOps Guild | Depends on 56-001; same schema prerequisites. <br><br> Document artefact/deliverable for EXPORT-AIRGAP-56-002 and publish location so downstream tasks can proceed. |
| P4 | PREP-EXPORT-AIRGAP-57-001-DEPENDS-ON-56-002-N | TODO | Due 2025-11-23 · Accountable: Exporter Service Guild · Evidence Locker Guild | Exporter Service Guild · Evidence Locker Guild | Depends on 56-002; needs sealed evidence bundle format. <br><br> Document artefact/deliverable for EXPORT-AIRGAP-57-001 and publish location so downstream tasks can proceed. |
| P5 | PREP-EXPORT-AIRGAP-58-001-DEPENDS-ON-57-001-N | TODO | Due 2025-11-23 · Accountable: Exporter Service Guild · Notifications Guild | Exporter Service Guild · Notifications Guild | Depends on 57-001; needs notifications envelope schema. <br><br> Document artefact/deliverable for EXPORT-AIRGAP-58-001 and publish location so downstream tasks can proceed. |
| P6 | PREP-EXPORT-ATTEST-74-001-NEEDS-EVIDENCELOCKE | TODO | Due 2025-11-23 · Accountable: Attestation Bundle Guild · Exporter Service Guild | Attestation Bundle Guild · Exporter Service Guild | Needs EvidenceLocker bundle layout + orchestration events. <br><br> Document artefact/deliverable for EXPORT-ATTEST-74-001 and publish location so downstream tasks can proceed. |
| P7 | PREP-EXPORT-ATTEST-74-002-DEPENDS-ON-74-001 | TODO | Due 2025-11-23 · Accountable: Attestation Bundle Guild · DevOps Guild | Attestation Bundle Guild · DevOps Guild | Depends on 74-001. <br><br> Document artefact/deliverable for EXPORT-ATTEST-74-002 and publish location so downstream tasks can proceed. |
| P8 | PREP-EXPORT-ATTEST-75-001-DEPENDS-ON-74-002-N | TODO | Due 2025-11-23 · Accountable: Attestation Bundle Guild · CLI Attestor Guild | Attestation Bundle Guild · CLI Attestor Guild | Depends on 74-002; needs CLI contract. <br><br> Document artefact/deliverable for EXPORT-ATTEST-75-001 and publish location so downstream tasks can proceed. |
| P9 | PREP-EXPORT-ATTEST-75-002-DEPENDS-ON-75-001 | TODO | Due 2025-11-23 · Accountable: Exporter Service Guild | Exporter Service Guild | Depends on 75-001. <br><br> Document artefact/deliverable for EXPORT-ATTEST-75-002 and publish location so downstream tasks can proceed. |
| P10 | PREP-EXPORT-OAS-61-001-NEEDS-STABLE-EXPORT-SU | TODO | Due 2025-11-23 · Accountable: Exporter Service Guild · API Contracts Guild | Exporter Service Guild · API Contracts Guild | Needs stable export surfaces; await EvidenceLocker contract. <br><br> Document artefact/deliverable for EXPORT-OAS-61-001 and publish location so downstream tasks can proceed. |
| P11 | PREP-EXPORT-OAS-61-002-DEPENDS-ON-61-001 | TODO | Due 2025-11-23 · Accountable: Exporter Service Guild | Exporter Service Guild | Depends on 61-001. <br><br> Document artefact/deliverable for EXPORT-OAS-61-002 and publish location so downstream tasks can proceed. |
| P12 | PREP-EXPORT-OAS-62-001-DEPENDS-ON-61-002 | TODO | Due 2025-11-23 · Accountable: Exporter Service Guild · SDK Generator Guild | Exporter Service Guild · SDK Generator Guild | Depends on 61-002. <br><br> Document artefact/deliverable for EXPORT-OAS-62-001 and publish location so downstream tasks can proceed. |
| P13 | PREP-EXPORTER-SERVICE-EVIDENCELOCKER-GUILD-BL | TODO | Due 2025-11-23 · Accountable: Planning | Planning | BLOCKED (awaits EvidenceLocker contract). <br><br> Document artefact/deliverable for Exporter Service · EvidenceLocker Guild and publish location so downstream tasks can proceed. |
| P14 | PREP-ORCHESTRATOR-NOTIFICATIONS-SCHEMA-HANDOF | TODO | Due 2025-11-23 · Accountable: Planning | Planning | If not ready, keep tasks BLOCKED and escalate to Wave 150/140 leads. <br><br> Document artefact/deliverable for Orchestrator + Notifications schema handoff and publish location so downstream tasks can proceed. |
| P1 | PREP-DVOFF-64-002-NEEDS-SEALED-BUNDLE-SPEC-SA | DONE (2025-11-20) | Due 2025-11-23 · Accountable: DevPortal Offline Guild · AirGap Controller Guild | DevPortal Offline Guild · AirGap Controller Guild | Prep artefact published at `docs/modules/export-center/prep/2025-11-20-dvoff-64-002-prep.md` (sample sealed bundle + CLI verify contract/output/exit-codes). |
| P2 | PREP-EXPORT-AIRGAP-56-001-EVIDENCELOCKER-CONT | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Exporter Service Guild · Mirror Creator Guild | Exporter Service Guild · Mirror Creator Guild | EvidenceLocker contract + advisory schema to finalize DSSE contents. <br><br> Document artefact/deliverable for EXPORT-AIRGAP-56-001 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/export-center/prep/2025-11-20-export-airgap-56-001-prep.md`. |
| P3 | PREP-EXPORT-AIRGAP-56-002-DEPENDS-ON-56-001-S | DONE (2025-11-20) | Prep artefact at `docs/modules/export-center/prep/2025-11-20-export-airgap-56-002-prep.md`; waiting on 56-001 schema to unblock impl. | Exporter Service Guild · DevOps Guild | Depends on 56-001; same schema prerequisites. <br><br> Document artefact/deliverable for EXPORT-AIRGAP-56-002 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/export-center/prep/2025-11-20-export-airgap-56-002-prep.md`. |
| P4 | PREP-EXPORT-AIRGAP-57-001-DEPENDS-ON-56-002-N | DONE (2025-11-20) | Due 2025-11-23 · Accountable: Exporter Service Guild · Evidence Locker Guild | Exporter Service Guild · Evidence Locker Guild | Depends on 56-002; needs sealed evidence bundle format. <br><br> Prep artefact published at `docs/modules/export-center/prep/2025-11-20-export-airgap-57-001-prep.md` (export portable bundle contract, deterministic packaging, API surface, acceptance criteria). |
| P5 | PREP-EXPORT-AIRGAP-58-001-DEPENDS-ON-57-001-N | DONE (2025-11-20) | Due 2025-11-23 · Accountable: Exporter Service Guild · Notifications Guild | Exporter Service Guild · Notifications Guild | Depends on 57-001; prep artefact published at `docs/modules/export-center/prep/2025-11-20-export-airgap-58-001-prep.md` detailing notification payload, retries, deterministic headers, and linkage to export download. |
| P6 | PREP-EXPORT-ATTEST-74-001-NEEDS-EVIDENCELOCKE | DONE (2025-11-20) | Due 2025-11-23 · Accountable: Attestation Bundle Guild · Exporter Service Guild | Attestation Bundle Guild · Exporter Service Guild | Prep artefact published at `docs/modules/export-center/prep/2025-11-20-export-attest-74-001-prep.md` (deterministic attestation export bundle contract, API surface, acceptance criteria). |
| P3 | PREP-EXPORT-AIRGAP-56-002-DEPENDS-ON-56-001-S | DONE (2025-11-20) | Due 2025-11-23 · Accountable: Exporter Service Guild · DevOps Guild | Exporter Service Guild · DevOps Guild | Depends on 56-001; prep artefact published at `docs/modules/export-center/prep/2025-11-20-export-airgap-56-002-prep.md` (bootstrap pack deterministic OCI tar + endpoints). |
| P4 | PREP-EXPORT-AIRGAP-57-001-DEPENDS-ON-56-002-N | DONE (2025-11-20) | Due 2025-11-23 · Accountable: Exporter Service Guild · Evidence Locker Guild | Exporter Service Guild · Evidence Locker Guild | Depends on 56-002; needs sealed evidence bundle format. <br><br> Prep artefact published at `docs/modules/export-center/prep/2025-11-20-export-airgap-57-001-prep.md` (export portable bundle contract, deterministic packaging, API surface, acceptance criteria). |
| P5 | PREP-EXPORT-AIRGAP-58-001-DEPENDS-ON-57-001-N | DONE (2025-11-20) | Due 2025-11-23 · Accountable: Exporter Service Guild · Notifications Guild | Exporter Service Guild · Notifications Guild | Depends on 57-001; prep artefact published at `docs/modules/export-center/prep/2025-11-20-export-airgap-58-001-prep.md` detailing notification payload, retries, deterministic headers, and linkage to export download. |
| P6 | PREP-EXPORT-ATTEST-74-001-NEEDS-EVIDENCELOCKE | DONE (2025-11-20) | Due 2025-11-23 · Accountable: Attestation Bundle Guild · Exporter Service Guild | Attestation Bundle Guild · Exporter Service Guild | Prep artefact published at `docs/modules/export-center/prep/2025-11-20-export-attest-74-001-prep.md` (deterministic attestation export bundle contract, API surface, acceptance criteria). |
| P7 | PREP-EXPORT-ATTEST-74-002-DEPENDS-ON-74-001 | DONE (2025-11-20) | Due 2025-11-23 · Accountable: Attestation Bundle Guild · DevOps Guild | Attestation Bundle Guild · DevOps Guild | Depends on 74-001. <br><br> Prep artefact published at `docs/modules/export-center/prep/2025-11-20-export-attest-74-002-prep.md` covering CI/offline-kit integration, checksums, and manifest entries. |
| P8 | PREP-EXPORT-ATTEST-75-001-DEPENDS-ON-74-002-N | DONE (2025-11-20) | Due 2025-11-23 · Accountable: Attestation Bundle Guild · CLI Attestor Guild | Attestation Bundle Guild · CLI Attestor Guild | Prep artefact published at `docs/modules/export-center/prep/2025-11-20-export-attest-75-001-prep.md` defining CLI verify/import contract, exit codes, and offline behavior. |
| P9 | PREP-EXPORT-ATTEST-75-002-DEPENDS-ON-75-001 | DONE (2025-11-20) | Due 2025-11-23 · Accountable: Exporter Service Guild | Exporter Service Guild | Depends on 75-001. <br><br> Prep artefact published at `docs/modules/export-center/prep/2025-11-20-export-attest-75-002-prep.md` covering offline kit distribution and mirror publication. |
| P10 | PREP-EXPORT-OAS-61-001-NEEDS-STABLE-EXPORT-SU | DONE (2025-11-20) | Due 2025-11-23 · Accountable: Exporter Service Guild · API Contracts Guild | Exporter Service Guild · API Contracts Guild | Prep artefact published at `docs/modules/export-center/prep/2025-11-20-export-oas-61-001-prep.md` (export OAS v1 paths, schemas, headers, determinism); ready for OAS YAML generation. |
| P11 | PREP-EXPORT-OAS-61-002-DEPENDS-ON-61-001 | DONE (2025-11-20) | Prep artefact at `docs/modules/export-center/prep/2025-11-20-export-oas-61-002-prep.md`; waits on 61-001 freeze. | Exporter Service Guild | Depends on 61-001. <br><br> Document artefact/deliverable for EXPORT-OAS-61-002 and publish location so downstream tasks can proceed. |
| P12 | PREP-EXPORT-OAS-62-001-DEPENDS-ON-61-002 | DONE (2025-11-20) | Prep artefact at `docs/modules/export-center/prep/2025-11-20-export-oas-62-001-prep.md`; depends on discovery endpoint. | Exporter Service Guild · SDK Generator Guild | Depends on 61-002. <br><br> Document artefact/deliverable for EXPORT-OAS-62-001 and publish location so downstream tasks can proceed. |
| P13 | PREP-EXPORTER-SERVICE-EVIDENCELOCKER-GUILD-BL | DONE (2025-11-20) | Prep note at `docs/modules/export-center/prep/2025-11-20-exporter-evidencelocker-blocker.md`; awaiting sealed bundle schema/hash. | Planning | BLOCKED (awaits EvidenceLocker contract). <br><br> Document artefact/deliverable for Exporter Service · EvidenceLocker Guild and publish location so downstream tasks can proceed. |
| P14 | PREP-ORCHESTRATOR-NOTIFICATIONS-SCHEMA-HANDOF | DONE (2025-11-20) | Prep note at `docs/events/prep/2025-11-20-orchestrator-notifications-schema-handoff.md`. | Planning | If not ready, keep tasks BLOCKED and escalate to Wave 150/140 leads. <br><br> Document artefact/deliverable for Orchestrator + Notifications schema handoff and publish location so downstream tasks can proceed. |
| 1 | DVOFF-64-002 | BLOCKED | PREP-DVOFF-64-002-NEEDS-SEALED-BUNDLE-SPEC-SA | DevPortal Offline Guild · AirGap Controller Guild | Provide verification CLI (`stella devportal verify bundle.tgz`) ensuring integrity before import. |
| 2 | EXPORT-AIRGAP-56-001 | BLOCKED | PREP-EXPORT-AIRGAP-56-001-EVIDENCELOCKER-CONT | Exporter Service Guild · Mirror Creator Guild | Build Mirror Bundles as export profiles with DSSE/TUF metadata. |
| 3 | EXPORT-AIRGAP-56-002 | BLOCKED | PREP-EXPORT-AIRGAP-56-002-DEPENDS-ON-56-001-S | Exporter Service Guild · DevOps Guild | Package Bootstrap Pack (images + charts) into OCI archives with signed manifests for air-gap deploy. |
@@ -89,6 +93,19 @@
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Completed PREP-EXPORT-AIRGAP-58-001: published notification/timeline contract for air-gap export readiness (`docs/modules/export-center/prep/2025-11-20-export-airgap-58-001-prep.md`); status set to DONE. | Implementer |
| 2025-11-20 | Completed PREP-EXPORT-AIRGAP-56-002: published bootstrap pack OCI tar + API contract (`docs/modules/export-center/prep/2025-11-20-export-airgap-56-002-prep.md`); status set to DONE. | Implementer |
| 2025-11-20 | Completed PREP-DVOFF-64-002: published DevPortal sealed bundle + CLI verify contract (`docs/modules/export-center/prep/2025-11-20-dvoff-64-002-prep.md`); status set to DONE. | Implementer |
| 2025-11-20 | Completed PREP-EXPORT-ATTEST-75-001: published CLI verify/import contract (`docs/modules/export-center/prep/2025-11-20-export-attest-75-001-prep.md`); status set to DONE. | Implementer |
| 2025-11-20 | Completed PREP-EXPORT-ATTEST-75-002: published offline kit/mirror distribution contract (`docs/modules/export-center/prep/2025-11-20-export-attest-75-002-prep.md`); status set to DONE. | Implementer |
| 2025-11-20 | Completed PREP-EXPORT-ATTEST-74-001: published attestation export bundle contract (`docs/modules/export-center/prep/2025-11-20-export-attest-74-001-prep.md`); status set to DONE. | Implementer |
| 2025-11-20 | Completed PREP-EXPORT-ATTEST-74-002: published CI/offline-kit integration contract for attestation exports (`docs/modules/export-center/prep/2025-11-20-export-attest-74-002-prep.md`); status set to DONE. | Implementer |
| 2025-11-20 | Drafted OAS baseline prep for export surfaces (`docs/modules/export-center/prep/2025-11-20-export-oas-61-001-prep.md`); set PREP-EXPORT-OAS-61-001 to DOING. | Implementer |
| 2025-11-20 | Published prep artefacts for PREP-EXPORT-AIRGAP-56-002, PREP-EXPORT-OAS-61-002, PREP-EXPORT-OAS-62-001, PREP-EXPORTER-SERVICE-EVIDENCELOCKER-GUILD-BL, and PREP-ORCHESTRATOR-NOTIFICATIONS-SCHEMA-HANDOF; marked P3 and P11P14 DONE. | Implementer |
| 2025-11-20 | Completed PREP-EXPORT-AIRGAP-57-001: published export portable bundle contract at `docs/modules/export-center/prep/2025-11-20-export-airgap-57-001-prep.md`; status set to DONE. | Implementer |
| 2025-11-20 | Confirmed PREP-EXPORT-AIRGAP-57-001 unowned; set to DOING to begin airgap evidence export prep. | Planning |
| 2025-11-20 | Published prep docs for EXPORT airgap chain and attest (56-001/002/57-001/58-001/74-001) plus DVOFF-64-002; set P1P6 to DOING after confirming unowned. | Project Mgmt |
| 2025-11-20 | Published prep docs for DVOFF-64-002 and EXPORT-AIRGAP-56-001; set P1/P2 to DOING after confirming unowned. | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-12 | Snapshot captured (pre-template) with tasks TODO. | Planning |
| 2025-11-17 | Renamed to template-compliant filename, normalized structure, and set tasks BLOCKED pending upstream contracts. | Implementer |
| 2025-11-17 | Renamed to template-compliant filename, normalized structure, and set tasks BLOCKED pending upstream contracts. | Implementer |

5
docs/implplan/SPRINT_0173_0001_0003_notifier_iii.md
View File

@@ -18,12 +18,13 @@
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-NOTIFY-TEN-48-001-NOTIFIER-II-SPRINT-017 | TODO | Due 2025-11-23 · Accountable: Notifications Service Guild (`src/Notifier/StellaOps.Notifier`) | Notifications Service Guild (`src/Notifier/StellaOps.Notifier`) | Notifier II (Sprint 0172) not started; tenancy model not finalized. <br><br> Document artefact/deliverable for NOTIFY-TEN-48-001 and publish location so downstream tasks can proceed. |
| P1 | PREP-NOTIFY-TEN-48-001-NOTIFIER-II-SPRINT-017 | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Notifications Service Guild (`src/Notifier/StellaOps.Notifier`) | Notifications Service Guild (`src/Notifier/StellaOps.Notifier`) | Notifier II (Sprint 0172) not started; tenancy model not finalized. <br><br> Document artefact/deliverable for NOTIFY-TEN-48-001 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/notifier/prep/2025-11-20-ten-48-001-prep.md`. |
| 1 | NOTIFY-TEN-48-001 | BLOCKED (2025-11-20) | PREP-NOTIFY-TEN-48-001-NOTIFIER-II-SPRINT-017 | Notifications Service Guild (`src/Notifier/StellaOps.Notifier`) | Tenant-scope rules/templates/incidents, RLS on storage, tenant-prefixed channels, include tenant context in notifications. |
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Published notifier tenancy prep (docs/modules/notifier/prep/2025-11-20-ten-48-001-prep.md); set PREP-NOTIFY-TEN-48-001 to DOING. | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-19 | Normalized sprint to standard template and renamed from `SPRINT_173_notifier_iii.md` to `SPRINT_0173_0001_0003_notifier_iii.md`; content preserved. | Implementer |
| 2025-11-19 | Added legacy-file redirect stub to avoid divergent updates. | Implementer |
@@ -34,4 +35,4 @@
- Ensure tenant scoping aligns with platform RLS and channel routing; avoid breaking existing templates.
## Next Checkpoints
- Schedule kickoff post Notifier II completion (date TBD).
- Schedule kickoff post Notifier II completion (date TBD).

5
docs/implplan/SPRINT_0174_0001_0001_telemetry.md
View File

@@ -25,8 +25,8 @@
| P4 | PREP-TELEMETRY-OBS-56-001-DEPENDS-ON-55-001 | DONE (2025-11-20) | Doc published at `docs/observability/telemetry-sealed-56-001.md`. | Telemetry Core Guild | Depends on 55-001. <br><br> Document artefact/deliverable for TELEMETRY-OBS-56-001 and publish location so downstream tasks can proceed. |
| P5 | PREP-CLI-OBS-12-001-INCIDENT-TOGGLE-CONTRACT | DONE (2025-11-20) | Doc published at `docs/observability/cli-incident-toggle-12-001.md`. | CLI Guild · Notifications Service Guild · Telemetry Core Guild | CLI incident toggle contract (CLI-OBS-12-001) not published; required for TELEMETRY-OBS-55-001/56-001. Provide schema + CLI flag behavior. |
| 1 | TELEMETRY-OBS-50-001 | DONE (2025-11-19) | Finalize bootstrap + sample host integration. | Telemetry Core Guild (`src/Telemetry/StellaOps.Telemetry.Core`) | Telemetry Core helper in place; sample host wiring + config published in `docs/observability/telemetry-bootstrap.md`. |
| 2 | TELEMETRY-OBS-50-002 | TODO | PREP-TELEMETRY-OBS-50-002-AWAIT-PUBLISHED-50 (DONE) | Telemetry Core Guild | Context propagation middleware/adapters for HTTP, gRPC, background jobs, CLI; carry `trace_id`, `tenant_id`, `actor`, imposed-rule metadata; async resume harness. |
| 3 | TELEMETRY-OBS-51-001 | TODO | PREP-TELEMETRY-OBS-51-001-TELEMETRY-PROPAGATI | Telemetry Core Guild · Observability Guild | Metrics helpers for golden signals with exemplar support and cardinality guards; Roslyn analyzer preventing unsanitised labels. |
| 2 | TELEMETRY-OBS-50-002 | DOING (2025-11-20) | PREP-TELEMETRY-OBS-50-002-AWAIT-PUBLISHED-50 (DONE) | Telemetry Core Guild | Context propagation middleware/adapters for HTTP, gRPC, background jobs, CLI; carry `trace_id`, `tenant_id`, `actor`, imposed-rule metadata; async resume harness. Prep artefact: `docs/modules/telemetry/prep/2025-11-20-obs-50-002-prep.md`. |
| 3 | TELEMETRY-OBS-51-001 | DOING (2025-11-20) | PREP-TELEMETRY-OBS-51-001-TELEMETRY-PROPAGATI | Telemetry Core Guild · Observability Guild | Metrics helpers for golden signals with exemplar support and cardinality guards; Roslyn analyzer preventing unsanitised labels. Prep artefact: `docs/modules/telemetry/prep/2025-11-20-obs-51-001-prep.md`. |
| 4 | TELEMETRY-OBS-51-002 | BLOCKED (2025-11-20) | PREP-TELEMETRY-OBS-51-002-DEPENDS-ON-51-001 | Telemetry Core Guild · Security Guild | Redaction/scrubbing filters for secrets/PII at logger sink; per-tenant config with TTL; audit overrides; determinism tests. |
| 5 | TELEMETRY-OBS-55-001 | BLOCKED (2025-11-20) | Depends on TELEMETRY-OBS-51-002 and PREP-CLI-OBS-12-001-INCIDENT-TOGGLE-CONTRACT. | Telemetry Core Guild | Incident mode toggle API adjusting sampling, retention tags; activation trail; honored by hosting templates + feature flags. |
| 6 | TELEMETRY-OBS-56-001 | BLOCKED (2025-11-20) | PREP-TELEMETRY-OBS-56-001-DEPENDS-ON-55-001 | Telemetry Core Guild | Sealed-mode telemetry helpers (drift metrics, seal/unseal spans, offline exporters); disable external exporters when sealed. |
@@ -34,6 +34,7 @@
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Published telemetry prep docs (context propagation + metrics helpers); set TELEMETRY-OBS-50-002/51-001 to DOING. | Project Mgmt |
| 2025-11-20 | Added sealed-mode helper prep doc (`telemetry-sealed-56-001.md`); marked PREP-TELEMETRY-OBS-56-001 DONE. | Implementer |
| 2025-11-20 | Published propagation and scrubbing prep docs (`telemetry-propagation-51-001.md`, `telemetry-scrub-51-002.md`) and CLI incident toggle contract; marked corresponding PREP tasks DONE and moved TELEMETRY-OBS-51-001 to TODO. | Implementer |
| 2025-11-20 | Added PREP-CLI-OBS-12-001-INCIDENT-TOGGLE-CONTRACT and cleaned PREP-TELEMETRY-OBS-50-002 Task ID; updated TELEMETRY-OBS-55-001 dependency accordingly. | Project Mgmt |

72
docs/implplan/SPRINT_0187_0001_0001_evidence_locker_cli_integration.md
View File

@@ -1,40 +1,42 @@
# Sprint 0187-0001-0001 · Evidence Locker & CLI Integration (Replay Delivery 187.A)
## Topic & Scope
- Persist replay bundles in Evidence Locker, expose ledger-backed verification, and ship offline-ready CLI workflows with sovereign crypto support.
- **Working directory:** `src/EvidenceLocker/StellaOps.EvidenceLocker`, `src/Cli/StellaOps.Cli`, `src/Attestor/StellaOps.Attestor`, relevant docs under `docs/replay`, `docs/modules/evidence-locker`, `docs/modules/cli`, `docs/runbooks`.
## Dependencies & Concurrency
- Upstream: Sprint 0186 (Scanner record mode), Sprint 0160 Export & Evidence, Sprint 0185 replay core, Sprint 0180 Experience & SDKs.
- Concurrency: execute tasks in listed order; CLI/Attestor depend on EvidenceLocker API schema; crypto routing depends on provider registry readiness.
## Documentation Prerequisites
- docs/README.md
- docs/07_HIGH_LEVEL_ARCHITECTURE.md
- docs/replay/DETERMINISTIC_REPLAY.md
- docs/replay/DEVS_GUIDE_REPLAY.md
- docs/runbooks/replay_ops.md
- docs/security/crypto-routing-audit-2025-11-07.md
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-EVID-REPLAY-187-001-SCANNER-RECORD-PAYLO | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Evidence Locker Guild (`src/EvidenceLocker/StellaOps.EvidenceLocker`, docs) | Evidence Locker Guild (`src/EvidenceLocker/StellaOps.EvidenceLocker`, docs) | Scanner record payloads (Sprint 0186) not available; EvidenceLocker API schema cannot be drafted. <br><br> Document artefact/deliverable for EVID-REPLAY-187-001 and publish location so downstream tasks can proceed. |
# Sprint 0187-0001-0001 · Evidence Locker & CLI Integration (Replay Delivery 187.A)
## Topic & Scope
- Persist replay bundles in Evidence Locker, expose ledger-backed verification, and ship offline-ready CLI workflows with sovereign crypto support.
- **Working directory:** `src/EvidenceLocker/StellaOps.EvidenceLocker`, `src/Cli/StellaOps.Cli`, `src/Attestor/StellaOps.Attestor`, relevant docs under `docs/replay`, `docs/modules/evidence-locker`, `docs/modules/cli`, `docs/runbooks`.
## Dependencies & Concurrency
- Upstream: Sprint 0186 (Scanner record mode), Sprint 0160 Export & Evidence, Sprint 0185 replay core, Sprint 0180 Experience & SDKs.
- Concurrency: execute tasks in listed order; CLI/Attestor depend on EvidenceLocker API schema; crypto routing depends on provider registry readiness.
## Documentation Prerequisites
- docs/README.md
- docs/07_HIGH_LEVEL_ARCHITECTURE.md
- docs/replay/DETERMINISTIC_REPLAY.md
- docs/replay/DEVS_GUIDE_REPLAY.md
- docs/runbooks/replay_ops.md
- docs/security/crypto-routing-audit-2025-11-07.md
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-EVID-REPLAY-187-001-SCANNER-RECORD-PAYLO | DONE (2025-11-20) | Due 2025-11-23 · Accountable: Evidence Locker Guild (`src/EvidenceLocker/StellaOps.EvidenceLocker`, docs) | Evidence Locker Guild (`src/EvidenceLocker/StellaOps.EvidenceLocker`, docs) | Prep artefact published at `docs/modules/evidence-locker/replay-payload-contract.md` (scanner record payload shape, determinism, sample expectations). |
| P2 | PREP-CLI-REPLAY-187-002-DEPENDS-ON-187-001-SC | DOING (2025-11-20) | Due 2025-11-23 · Accountable: DevEx/CLI Guild (`src/Cli/StellaOps.Cli`, docs) | DevEx/CLI Guild (`src/Cli/StellaOps.Cli`, docs) | Depends on 187-001 schema freeze. <br><br> Document artefact/deliverable for CLI-REPLAY-187-002 and publish location so downstream tasks can proceed. |
| P3 | PREP-ATTEST-REPLAY-187-003-DEPENDS-ON-187-001 | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Attestor Guild (`src/Attestor/StellaOps.Attestor`, docs) | Attestor Guild (`src/Attestor/StellaOps.Attestor`, docs) | Depends on 187-001 payloads. <br><br> Document artefact/deliverable for ATTEST-REPLAY-187-003 and publish location so downstream tasks can proceed. |
| P4 | PREP-RUNBOOK-REPLAY-187-004-NEEDS-APIS-DEFINE | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Docs Guild · Ops Guild (docs/runbooks) | Docs Guild · Ops Guild (docs/runbooks) | Needs APIs defined from 187-001. <br><br> Document artefact/deliverable for RUNBOOK-REPLAY-187-004 and publish location so downstream tasks can proceed. |
| P5 | PREP-VALIDATE-BUNDLE-187-005-DEPENDS-ON-187-0 | DOING (2025-11-20) | Due 2025-11-23 · Accountable: QA Guild · CLI Guild · Docs Guild | QA Guild · CLI Guild · Docs Guild | Depends on 187-001/002/003; no payloads yet. <br><br> Document artefact/deliverable for VALIDATE-BUNDLE-187-005 and publish location so downstream tasks can proceed. |
| P6 | PREP-EVID-CRYPTO-90-001-ICRYPTOPROVIDERREGIST | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Evidence Locker Guild · Security Guild (`src/EvidenceLocker/StellaOps.EvidenceLocker`) | Evidence Locker Guild · Security Guild (`src/EvidenceLocker/StellaOps.EvidenceLocker`) | ICryptoProviderRegistry readiness not confirmed; sovereign crypto profiles pending. <br><br> Document artefact/deliverable for EVID-CRYPTO-90-001 and publish location so downstream tasks can proceed. |
| 1 | EVID-REPLAY-187-001 | BLOCKED (2025-11-20) | PREP-EVID-REPLAY-187-001-SCANNER-RECORD-PAYLO | Evidence Locker Guild (`src/EvidenceLocker/StellaOps.EvidenceLocker`, docs) | Implement replay bundle ingestion/retention APIs; document storage/retention rules referencing replay doc §§2 & 8. |
| 2 | CLI-REPLAY-187-002 | BLOCKED (2025-11-20) | PREP-CLI-REPLAY-187-002-DEPENDS-ON-187-001-SC | DevEx/CLI Guild (`src/Cli/StellaOps.Cli`, docs) | Add `scan --record`, `verify`, `replay`, `diff` commands with offline bundle resolution; update CLI architecture and replay appendix. |
| 3 | ATTEST-REPLAY-187-003 | BLOCKED (2025-11-20) | PREP-ATTEST-REPLAY-187-003-DEPENDS-ON-187-001 | Attestor Guild (`src/Attestor/StellaOps.Attestor`, docs) | Wire Attestor/Rekor anchoring for replay manifests; extend attestor architecture with replay ledger flow. |
| 4 | RUNBOOK-REPLAY-187-004 | BLOCKED (2025-11-20) | PREP-RUNBOOK-REPLAY-187-004-NEEDS-APIS-DEFINE | Docs Guild · Ops Guild (docs/runbooks) | Publish `/docs/runbooks/replay_ops.md` covering retention enforcement, RootPack rotation, offline kits, verification drills. |
| 5 | VALIDATE-BUNDLE-187-005 | BLOCKED (2025-11-20) | PREP-VALIDATE-BUNDLE-187-005-DEPENDS-ON-187-0 | QA Guild · CLI Guild · Docs Guild | Deliver `VALIDATION_PLAN.md`, harness scripts (quiet vs baseline, provenance bundle export), `stella bundle verify` subcommand checking DSSE/Rekor/SBOM/policy/replay claims end-to-end. |
| 6 | EVID-CRYPTO-90-001 | BLOCKED (2025-11-20) | PREP-EVID-CRYPTO-90-001-ICRYPTOPROVIDERREGIST | Evidence Locker Guild · Security Guild (`src/EvidenceLocker/StellaOps.EvidenceLocker`) | Route Evidence Locker hashing/signing (manifest digests, DSSE assembly, bundle encryption) through crypto provider registry for sovereign profiles. |
## Execution Log
| P6 | PREP-EVID-CRYPTO-90-001-ICRYPTOPROVIDERREGIST | DONE (2025-11-20) | Due 2025-11-23 · Accountable: Evidence Locker Guild · Security Guild (`src/EvidenceLocker/StellaOps.EvidenceLocker`) | Evidence Locker Guild · Security Guild (`src/EvidenceLocker/StellaOps.EvidenceLocker`) | Prep artefact published at `docs/modules/evidence-locker/crypto-provider-registry-prep.md` (provider registry expectations, config, JWKS caching). |
| 1 | EVID-REPLAY-187-001 | BLOCKED (2025-11-20) | PREP-EVID-REPLAY-187-001-SCANNER-RECORD-PAYLO | Evidence Locker Guild (`src/EvidenceLocker/StellaOps.EvidenceLocker`, docs) | Implement replay bundle ingestion/retention APIs; document storage/retention rules referencing replay doc §§2 & 8. |
| 2 | CLI-REPLAY-187-002 | BLOCKED (2025-11-20) | PREP-CLI-REPLAY-187-002-DEPENDS-ON-187-001-SC | DevEx/CLI Guild (`src/Cli/StellaOps.Cli`, docs) | Add `scan --record`, `verify`, `replay`, `diff` commands with offline bundle resolution; update CLI architecture and replay appendix. |
| 3 | ATTEST-REPLAY-187-003 | BLOCKED (2025-11-20) | PREP-ATTEST-REPLAY-187-003-DEPENDS-ON-187-001 | Attestor Guild (`src/Attestor/StellaOps.Attestor`, docs) | Wire Attestor/Rekor anchoring for replay manifests; extend attestor architecture with replay ledger flow. |
| 4 | RUNBOOK-REPLAY-187-004 | BLOCKED (2025-11-20) | PREP-RUNBOOK-REPLAY-187-004-NEEDS-APIS-DEFINE | Docs Guild · Ops Guild (docs/runbooks) | Publish `/docs/runbooks/replay_ops.md` covering retention enforcement, RootPack rotation, offline kits, verification drills. |
| 5 | VALIDATE-BUNDLE-187-005 | BLOCKED (2025-11-20) | PREP-VALIDATE-BUNDLE-187-005-DEPENDS-ON-187-0 | QA Guild · CLI Guild · Docs Guild | Deliver `VALIDATION_PLAN.md`, harness scripts (quiet vs baseline, provenance bundle export), `stella bundle verify` subcommand checking DSSE/Rekor/SBOM/policy/replay claims end-to-end. |
| 6 | EVID-CRYPTO-90-001 | BLOCKED (2025-11-20) | PREP-EVID-CRYPTO-90-001-ICRYPTOPROVIDERREGIST | Evidence Locker Guild · Security Guild (`src/EvidenceLocker/StellaOps.EvidenceLocker`) | Route Evidence Locker hashing/signing (manifest digests, DSSE assembly, bundle encryption) through crypto provider registry for sovereign profiles. |
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Completed PREP-EVID-REPLAY-187-001: published replay payload contract at `docs/modules/evidence-locker/replay-payload-contract.md`; status set to DONE. | Implementer |
| 2025-11-20 | Completed PREP-EVID-CRYPTO-90-001: published crypto provider registry prep at `docs/modules/evidence-locker/crypto-provider-registry-prep.md`; status set to DONE. | Implementer |
| 2025-11-20 | Published prep docs: CLI replay (`docs/modules/cli/guides/replay-cli-prep.md`), Attestor replay (`docs/modules/attestor/replay-prep.md`), runbook prep (`docs/runbooks/replay_ops_prep_187_004.md`), bundle validation (`docs/modules/evidence-locker/validate-bundle-prep.md`), crypto registry (`docs/modules/evidence-locker/crypto-provider-registry-prep.md`); set P2P6 to DOING after confirming unowned. | Project Mgmt |
| 2025-11-20 | Drafted replay payload contract doc (docs/modules/evidence-locker/replay-payload-contract.md); pinged Scanner Guild for sample payloads from Sprint 0186. | Project Mgmt |
| 2025-11-20 | Confirmed PREP-EVID-REPLAY-187-001 still TODO; moved to DOING to gather needed payload contracts despite upstream block. | Project Mgmt |
@@ -43,13 +45,13 @@
| 2025-11-19 | Normalized sprint to standard template and renamed from `SPRINT_187_evidence_locker_cli_integration.md` to `SPRINT_0187_0001_0001_evidence_locker_cli_integration.md`; content preserved. | Implementer |
| 2025-11-19 | Added legacy-file redirect stub to avoid divergent updates. | Implementer |
| 2025-11-20 | Marked all tasks BLOCKED: waiting on Scanner record payloads (Sprint 0186) and ICryptoProviderRegistry readiness; no executable work in this sprint until upstream artefacts land. | Implementer |
## Decisions & Risks
## Decisions & Risks
- EvidenceLocker API schema must align with replay bundles and sovereign crypto routing; approval review on 2025-11-18.
- CLI/Attestor work blocked until Scanner record payloads and EvidenceLocker schema freeze.
- Provider registry must support sovereign profiles (`ru-offline`, etc.) before wiring EVID-CRYPTO-90-001.
- Draft replay payload contract published at `docs/modules/evidence-locker/replay-payload-contract.md`; awaiting Sprint 0186 sample payloads and DSSE profile.
- Prep docs published for CLI replay, Attestor replay, runbook, bundle validation, and crypto provider registry (see Execution Log for paths); still blocked on upstream payloads and profile lists.
## Next Checkpoints
## Next Checkpoints
- Schedule joint review of replay_ops runbook and EvidenceLocker API (date TBD).

104
docs/implplan/SPRINT_0215_0001_0001_web_iv.md
View File

@@ -1,52 +1,52 @@
# Sprint 0215-0001-0001 · Web IV (Experience & SDKs 180.F)
## Topic & Scope
- Phase IV web gateway work: orchestrator controls and Policy Studio CRUD/simulation endpoints aligned with Policy Engine.
- Complete policy pack lifecycle (CRUD → activation → publish/promote) with deterministic pagination, RBAC, and telemetry.
- Wire console/CLI consumers by keeping API docs and rate limits in sync with Sprint 180.F deliverables.
- **Working directory:** `src/Web/StellaOps.Web`.
## Dependencies & Concurrency
- Upstream Sprint 180.F (Web III) must land shared components before these endpoints go live.
- Policy endpoints (20-001 → 20-004) must complete in order; Policy pack tracks (23-001/002) stay BLOCKED until 20-004 ships.
- Policy registry/Studio extensions (27-001…27-005) are sequential; avoid parallel development without shared schema updates.
## Documentation Prerequisites
- `docs/README.md`
- `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
- `docs/modules/platform/architecture-overview.md`
- `docs/modules/policy/architecture.md`
- `src/Web/StellaOps.Web/AGENTS.md`
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| 1 | WEB-ORCH-33-001 | TODO | WEB-ORCH-32-001 | BE-Base Platform Guild (`src/Web/StellaOps.Web`) | Add POST action routes (pause/resume/backfill) for orchestrator-run control, honoring RBAC and audit logging. |
| 2 | WEB-ORCH-34-001 | TODO | WEB-ORCH-33-001 | BE-Base Platform Guild (`src/Web/StellaOps.Web`) | Expose quotas/backfill APIs plus queue/backpressure metrics with admin scopes and error clustering. |
| 3 | WEB-POLICY-20-001 | TODO | — | BE-Base Platform Guild · Policy Guild (`src/Web/StellaOps.Web`) | Implement Policy CRUD/compile/run/simulate/findings/explain endpoints with OpenAPI + tenant scoping. |
| 4 | WEB-POLICY-20-002 | TODO | WEB-POLICY-20-001 | BE-Base Platform Guild (`src/Web/StellaOps.Web`) | Add pagination/filtering/sorting + tenant guards to policy listings with deterministic ordering diagnostics. |
| 5 | WEB-POLICY-20-003 | TODO | WEB-POLICY-20-002 | BE-Base Platform Guild · QA Guild (`src/Web/StellaOps.Web`) | Map engine errors to `ERR_POL_*` payloads with contract tests and correlation IDs. |
| 6 | WEB-POLICY-20-004 | TODO | WEB-POLICY-20-003 | Platform Reliability Guild (`src/Web/StellaOps.Web`) | Introduce adaptive rate limits/quotas for simulations, expose metrics, and document retry headers. |
| 7 | WEB-POLICY-23-001 | BLOCKED (2025-10-29) | WEB-POLICY-20-004 | BE-Base Platform Guild · Policy Guild (`src/Web/StellaOps.Web`) | Create/list/fetch policy packs and revisions with pagination, RBAC, and AOC metadata exposure. |
| 8 | WEB-POLICY-23-002 | BLOCKED (2025-10-29) | WEB-POLICY-23-001 | BE-Base Platform Guild (`src/Web/StellaOps.Web`) | Add activation endpoints with scope windows, conflict checks, optional two-person approvals, and events. |
| 9 | WEB-POLICY-23-003 | TODO | WEB-POLICY-23-002 | BE-Base Platform Guild (`src/Web/StellaOps.Web`) | Provide `/policy/simulate` + `/policy/evaluate` streaming APIs with rate limiting and error mapping. |
| 10 | WEB-POLICY-23-004 | TODO | WEB-POLICY-23-003 | BE-Base Platform Guild (`src/Web/StellaOps.Web`) | Expose explain history endpoints showing decision trees, consulted sources, and AOC chain. |
| 11 | WEB-POLICY-27-001 | TODO | WEB-POLICY-23-004 | BE-Base Platform Guild · Policy Registry Guild (`src/Web/StellaOps.Web`) | Proxy Policy Registry APIs (workspaces/versions/reviews) with tenant scoping, RBAC, and streaming downloads. |
| 12 | WEB-POLICY-27-002 | TODO | WEB-POLICY-27-001 | BE-Base Platform Guild (`src/Web/StellaOps.Web`) | Implement review lifecycle endpoints (open/comment/approve/reject) with audit headers and pagination. |
| 13 | WEB-POLICY-27-003 | TODO | WEB-POLICY-27-002 | BE-Base Platform Guild · Scheduler Guild (`src/Web/StellaOps.Web`) | Expose quick/batch simulation endpoints with SSE progress streams, cursor pagination, and manifest downloads. |
| 14 | WEB-POLICY-27-004 | TODO | WEB-POLICY-27-003 | BE-Base Platform Guild · Security Guild (`src/Web/StellaOps.Web`) | Add publish/sign/promote/rollback endpoints with idempotent IDs, canary params, environment bindings, and events. |
| 15 | WEB-POLICY-27-005 | TODO | WEB-POLICY-27-004 | BE-Base Platform Guild · Observability Guild (`src/Web/StellaOps.Web`) | Instrument Policy Studio metrics/logs (compile latency, simulation queue depth, approvals, promotions) and dashboards. |
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-19 | Normalized sprint to standard template and migrated content from `SPRINT_215_web_iv.md`. | Project Mgmt |
## Decisions & Risks
- Policy pack CRUD/activation (WEB-POLICY-23-001/002) remain BLOCKED until WEB-POLICY-20-004 rate-limit work lands.
- Registry/Studio chain (WEB-POLICY-27-001..005) must stay in order to keep schemas stable; avoid parallel merges without shared reviews.
- Ensure RBAC + tenant-scoping docs stay aligned with Policy Engine contracts to prevent drift during promotions.
## Next Checkpoints
- 2025-11-22 · Verify WEB-POLICY-20-004 rate-limit design review completed (Platform Reliability Guild).
- 2025-11-25 · Policy pack CRUD kickoff pending unblock from WEB-POLICY-20-004 (Policy Guild + BE-Base Platform Guild).
# Sprint 0215-0001-0001 · Web IV (Experience & SDKs 180.F)
## Topic & Scope
- Phase IV web gateway work: orchestrator controls and Policy Studio CRUD/simulation endpoints aligned with Policy Engine.
- Complete policy pack lifecycle (CRUD → activation → publish/promote) with deterministic pagination, RBAC, and telemetry.
- Wire console/CLI consumers by keeping API docs and rate limits in sync with Sprint 180.F deliverables.
- **Working directory:** `src/Web/StellaOps.Web`.
## Dependencies & Concurrency
- Upstream Sprint 180.F (Web III) must land shared components before these endpoints go live.
- Policy endpoints (20-001 → 20-004) must complete in order; Policy pack tracks (23-001/002) stay BLOCKED until 20-004 ships.
- Policy registry/Studio extensions (27-001…27-005) are sequential; avoid parallel development without shared schema updates.
## Documentation Prerequisites
- `docs/README.md`
- `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
- `docs/modules/platform/architecture-overview.md`
- `docs/modules/policy/architecture.md`
- `src/Web/StellaOps.Web/AGENTS.md`
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| 1 | WEB-ORCH-33-001 | TODO | WEB-ORCH-32-001 | BE-Base Platform Guild (`src/Web/StellaOps.Web`) | Add POST action routes (pause/resume/backfill) for orchestrator-run control, honoring RBAC and audit logging. |
| 2 | WEB-ORCH-34-001 | TODO | WEB-ORCH-33-001 | BE-Base Platform Guild (`src/Web/StellaOps.Web`) | Expose quotas/backfill APIs plus queue/backpressure metrics with admin scopes and error clustering. |
| 3 | WEB-POLICY-20-001 | TODO | — | BE-Base Platform Guild · Policy Guild (`src/Web/StellaOps.Web`) | Implement Policy CRUD/compile/run/simulate/findings/explain endpoints with OpenAPI + tenant scoping. |
| 4 | WEB-POLICY-20-002 | TODO | WEB-POLICY-20-001 | BE-Base Platform Guild (`src/Web/StellaOps.Web`) | Add pagination/filtering/sorting + tenant guards to policy listings with deterministic ordering diagnostics. |
| 5 | WEB-POLICY-20-003 | TODO | WEB-POLICY-20-002 | BE-Base Platform Guild · QA Guild (`src/Web/StellaOps.Web`) | Map engine errors to `ERR_POL_*` payloads with contract tests and correlation IDs. |
| 6 | WEB-POLICY-20-004 | TODO | WEB-POLICY-20-003 | Platform Reliability Guild (`src/Web/StellaOps.Web`) | Introduce adaptive rate limits/quotas for simulations, expose metrics, and document retry headers. |
| 7 | WEB-POLICY-23-001 | BLOCKED (2025-10-29) | WEB-POLICY-20-004 | BE-Base Platform Guild · Policy Guild (`src/Web/StellaOps.Web`) | Create/list/fetch policy packs and revisions with pagination, RBAC, and AOC metadata exposure. |
| 8 | WEB-POLICY-23-002 | BLOCKED (2025-10-29) | WEB-POLICY-23-001 | BE-Base Platform Guild (`src/Web/StellaOps.Web`) | Add activation endpoints with scope windows, conflict checks, optional two-person approvals, and events. |
| 9 | WEB-POLICY-23-003 | TODO | WEB-POLICY-23-002 | BE-Base Platform Guild (`src/Web/StellaOps.Web`) | Provide `/policy/simulate` + `/policy/evaluate` streaming APIs with rate limiting and error mapping. |
| 10 | WEB-POLICY-23-004 | TODO | WEB-POLICY-23-003 | BE-Base Platform Guild (`src/Web/StellaOps.Web`) | Expose explain history endpoints showing decision trees, consulted sources, and AOC chain. |
| 11 | WEB-POLICY-27-001 | TODO | WEB-POLICY-23-004 | BE-Base Platform Guild · Policy Registry Guild (`src/Web/StellaOps.Web`) | Proxy Policy Registry APIs (workspaces/versions/reviews) with tenant scoping, RBAC, and streaming downloads. |
| 12 | WEB-POLICY-27-002 | TODO | WEB-POLICY-27-001 | BE-Base Platform Guild (`src/Web/StellaOps.Web`) | Implement review lifecycle endpoints (open/comment/approve/reject) with audit headers and pagination. |
| 13 | WEB-POLICY-27-003 | TODO | WEB-POLICY-27-002 | BE-Base Platform Guild · Scheduler Guild (`src/Web/StellaOps.Web`) | Expose quick/batch simulation endpoints with SSE progress streams, cursor pagination, and manifest downloads. |
| 14 | WEB-POLICY-27-004 | TODO | WEB-POLICY-27-003 | BE-Base Platform Guild · Security Guild (`src/Web/StellaOps.Web`) | Add publish/sign/promote/rollback endpoints with idempotent IDs, canary params, environment bindings, and events. |
| 15 | WEB-POLICY-27-005 | TODO | WEB-POLICY-27-004 | BE-Base Platform Guild · Observability Guild (`src/Web/StellaOps.Web`) | Instrument Policy Studio metrics/logs (compile latency, simulation queue depth, approvals, promotions) and dashboards. |
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-19 | Normalized sprint to standard template and migrated content from `SPRINT_215_web_iv.md`. | Project Mgmt |
## Decisions & Risks
- Policy pack CRUD/activation (WEB-POLICY-23-001/002) remain BLOCKED until WEB-POLICY-20-004 rate-limit work lands.
- Registry/Studio chain (WEB-POLICY-27-001..005) must stay in order to keep schemas stable; avoid parallel merges without shared reviews.
- Ensure RBAC + tenant-scoping docs stay aligned with Policy Engine contracts to prevent drift during promotions.
## Next Checkpoints
- 2025-11-22 · Verify WEB-POLICY-20-004 rate-limit design review completed (Platform Reliability Guild).
- 2025-11-25 · Policy pack CRUD kickoff pending unblock from WEB-POLICY-20-004 (Policy Guild + BE-Base Platform Guild).

6
docs/implplan/SPRINT_0316_0001_0001_docs_modules_cli.md
View File

@@ -21,7 +21,7 @@
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-CLI-OPS-0001-WAITING-FOR-NEXT-DEMO-OUTPU | TODO | Due 2025-11-25 · Accountable: Ops Guild | Ops Guild | Waiting for next demo outputs. <br><br> Document artefact/deliverable for CLI-OPS-0001 and publish location so downstream tasks can proceed. |
| P1 | PREP-CLI-OPS-0001-WAITING-FOR-NEXT-DEMO-OUTPU | DONE (2025-11-20) | Due 2025-11-25 · Accountable: Ops Guild | Ops Guild | Prep artefact published at `docs/modules/cli/prep/2025-11-20-ops-0001-prep.md`; contains required demo outputs, hashes, and runbook update checklist to unblock CLI-OPS-0001. |
| 1 | CLI-DOCS-0001 | DONE | Synced sprint references on 2025-11-17 | Docs Guild | Update docs/AGENTS to reflect current CLI scope and sprint naming; align with template rules. |
| 2 | CLI-ENG-0001 | DONE | Sprint normalized; statuses mirrored | Module Team | Update status via ./AGENTS.md workflow and ensure module docs reference current sprint. |
| 3 | CLI-OPS-0001 | BLOCKED | PREP-CLI-OPS-0001-WAITING-FOR-NEXT-DEMO-OUTPU | Ops Guild | Sync outcomes back to ../.. ; refresh ops/runbook notes after demo. |
@@ -29,6 +29,8 @@
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Completed PREP-CLI-OPS-0001: published ops demo prep at `docs/modules/cli/prep/2025-11-20-ops-0001-prep.md`; status set to DONE. | Implementer |
| 2025-11-20 | Published CLI ops prep doc (docs/modules/cli/prep/2025-11-20-ops-0001-prep.md); set PREP-CLI-OPS-0001 to DOING. | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-17 | Normalised sprint to standard template; renamed from SPRINT_316_docs_modules_cli.md. | Docs |
| 2025-11-17 | Completed CLI-DOCS-0001 and CLI-ENG-0001 by updating CLI docs to reference normalized sprint. | Module Team |
@@ -38,4 +40,4 @@
- Keep sprint naming aligned with template to avoid broken references in CLI docs.
## Next Checkpoints
- 2025-11-22 · Check for demo outputs to unblock CLI-OPS-0001. Owner: Ops Guild.
- 2025-11-22 · Check for demo outputs to unblock CLI-OPS-0001. Owner: Ops Guild.

5
docs/implplan/SPRINT_0321_0001_0001_docs_modules_graph.md
View File

@@ -20,7 +20,7 @@
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-GRAPH-OPS-0001-WAITING-FOR-NEXT-DEMO-OUT | TODO | Due 2025-11-25 · Accountable: Ops Guild | Ops Guild | Waiting for next demo outputs to review dashboards/runbooks. <br><br> Document artefact/deliverable for GRAPH-OPS-0001 and publish location so downstream tasks can proceed. |
| P1 | PREP-GRAPH-OPS-0001-WAITING-FOR-NEXT-DEMO-OUT | DOING (2025-11-20) | Due 2025-11-25 · Accountable: Ops Guild | Ops Guild | Waiting for next demo outputs to review dashboards/runbooks. <br><br> Document artefact/deliverable for GRAPH-OPS-0001 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/graph/prep/2025-11-20-ops-0001-prep.md`. |
| 1 | GRAPH-ENG-0001 | DONE | Synced docs to Sprint 0141 rename on 2025-11-17 | Module Team | Keep module milestones in sync with `/docs/implplan/SPRINT_0141_0001_0001_graph_indexer.md` and related files; update references and note deltas. |
| 2 | GRAPH-DOCS-0002 | BLOCKED | Await DOCS-GRAPH-24-003 cross-links | Docs Guild | Add API/query doc cross-links once DOCS-GRAPH-24-003 lands. |
| 3 | GRAPH-OPS-0001 | BLOCKED | PREP-GRAPH-OPS-0001-WAITING-FOR-NEXT-DEMO-OUT | Ops Guild | Review graph observability dashboards/runbooks after the next sprint demo; capture updates in runbooks. |
@@ -28,6 +28,7 @@
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Published graph ops prep doc (docs/modules/graph/prep/2025-11-20-ops-0001-prep.md); set PREP-GRAPH-OPS-0001 to DOING. | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-17 | Marked GRAPH-DOCS-0002 and GRAPH-OPS-0001 as BLOCKED pending DOCS-GRAPH-24-003 + next demo outputs. | Module Team |
| 2025-11-17 | Completed GRAPH-ENG-0001; README and implementation_plan now reference SPRINT_0141_0001_0001_graph_indexer.md. | Module Team |
@@ -41,4 +42,4 @@
## Next Checkpoints
- 2025-11-17 · Milestone sync completed (GRAPH-ENG-0001). Owner: Module Team.
- 2025-11-22 · Confirm DOCS-GRAPH-24-003 status; proceed with cross-links if available. Owner: Docs Guild.
- 2025-11-25 · Runbook/observability review post-demo. Owner: Ops Guild.
- 2025-11-25 · Runbook/observability review post-demo. Owner: Ops Guild.

5
docs/implplan/SPRINT_0400_0001_0001_reachability_runtime_static_union.md
View File

@@ -29,17 +29,22 @@
| 7 | QA-REACH-201-007 | TODO | Move fixtures + create evaluator harness | QA Guild | Integrate `reachbench-2025-expanded` fixture pack under `tests/reachability/fixtures/`, add evaluator harness tests that validate reachable vs unreachable cases, and wire CI guidance for deterministic runs. |
| 8 | GAP-SCAN-001 | TODO | Align with task 2; binary symbolizers | Scanner Worker Guild | Implement binary/language symbolizers that emit `richgraph-v1` payloads with canonical SymbolIDs and `code_id` anchors, persist graphs to CAS via `StellaOps.Scanner.Reachability`, and refresh analyzer docs/fixtures. |
| 9 | GAP-ZAS-002 | TODO | Align with task 1; runtime NDJSON schema | Zastava Observer Guild | Stream runtime NDJSON batches carrying `{symbol_id, code_id, hit_count, loader_base}` plus CAS URIs, capture build-ids/entrypoints, and draft the operator runbook (`docs/runbooks/reachability-runtime.md`). Integrate with `/signals/runtime-facts` once Sprint0401 lands ingestion. |
| 10 | SIGNALS-UNKNOWN-201-008 | TODO | Needs schema alignment with reachability store | Signals Guild | Implement Unknowns Registry ingestion and storage for unresolved symbols/edges or purl gaps; expose `/unknowns/*` APIs, feed `unknowns_pressure` into scoring, and surface metrics/hooks for Policy/UI. |
| 11 | GRAPH-PURL-201-009 | TODO | Align with GAP-SCAN-001; depends on `richgraph-v1` schema finalisation | Scanner Worker Guild · Signals Guild | Define and implement purl + symbol-digest edge annotations in `richgraph-v1`, update CAS metadata and SBOM join logic, and round-trip through Signals/Policy/CLI explainers. |
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-18 | Normalised sprint to standard template; renamed from SPRINT_400_runtime_facts_static_callgraph_union.md. | Docs |
| 2025-11-19 | Marked tasks 201-002..201-005 BLOCKED pending runtime/static union schema (SymbolID+CAS layout); no implementation until schema is published. | Implementer |
| 2025-11-20 | Added tasks 201-008 (Unknowns Registry) and 201-009 (purl + symbol-digest edge merge); awaiting schema freeze. | Planning |
## Decisions & Risks
- Runtime/static schema alignment pending (SymbolID, CAS layout, overlay tags); blocks ingestion and scoring finalization.
- reachbench fixtures not yet relocated into tests tree; QA task 201-007 must complete before CI enablement.
- Offline posture: ensure reachability pipelines avoid external downloads; rely on sealed/mock bundles.
- Unknowns Registry schema and API must align with Signals scoring before 201-008 can start; derive `unknowns_pressure` math from policy team.
- purl + symbol-digest edge schema (201-009) depends on `richgraph-v1` finalization; may require updates to SBOM resolver and CLI explain flows.
## Next Checkpoints
- 2025-11-19 · Runtime/static schema alignment session (Symbols, CAS layout). Owner: Signals Guild.

6
docs/implplan/SPRINT_0509_0001_0001_samples.md
View File

@@ -19,8 +19,8 @@
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-SAMPLES-LNM-22-001-WAITING-ON-FINALIZED | TODO | Due 2025-11-26 · Accountable: Samples Guild · Concelier Guild | Samples Guild · Concelier Guild | Waiting on finalized advisory linkset schema (Concelier). <br><br> Document artefact/deliverable for SAMPLES-LNM-22-001 and publish location so downstream tasks can proceed. |
| P2 | PREP-SAMPLES-LNM-22-002-DEPENDS-ON-22-001-OUT | TODO | Due 2025-11-26 · Accountable: Samples Guild · Excititor Guild | Samples Guild · Excititor Guild | Depends on 22-001 outputs + Excititor observation/linkset implementation. <br><br> Document artefact/deliverable for SAMPLES-LNM-22-002 and publish location so downstream tasks can proceed. |
| P1 | PREP-SAMPLES-LNM-22-001-WAITING-ON-FINALIZED | DONE (2025-11-20) | Due 2025-11-26 · Accountable: Samples Guild · Concelier Guild | Samples Guild · Concelier Guild | Prep artefact published at `docs/samples/linkset/prep-22-001.md` (fixtures plan aligned to frozen LNM schema; deterministic seeds/checksums). |
| P2 | PREP-SAMPLES-LNM-22-002-DEPENDS-ON-22-001-OUT | DOING (2025-11-20) | Due 2025-11-26 · Accountable: Samples Guild · Excititor Guild | Samples Guild · Excititor Guild | Depends on 22-001 outputs; will build Excititor observation/VEX linkset fixtures once P1 samples land. Prep doc will extend `docs/samples/linkset/prep-22-001.md` with Excititor-specific payloads. |
| 1 | SAMPLES-GRAPH-24-003 | BLOCKED | Await Graph overlay format decision + mock SBOM cache availability | Samples Guild · SBOM Service Guild | Generate large-scale SBOM graph fixture (~40k nodes) with policy overlay snapshot for perf/regression suites. |
| 2 | SAMPLES-GRAPH-24-004 | TODO | Blocked on 24-003 fixture availability | Samples Guild · UI Guild | Create vulnerability explorer JSON/CSV fixtures capturing conflicting evidence and policy outputs for UI/CLI automated tests. |
| 3 | SAMPLES-LNM-22-001 | BLOCKED | PREP-SAMPLES-LNM-22-001-WAITING-ON-FINALIZED | Samples Guild · Concelier Guild | Create advisory observation/linkset fixtures (NVD, GHSA, OSV disagreements) for API/CLI/UI tests with documented conflicts. |
@@ -29,6 +29,8 @@
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Completed PREP-SAMPLES-LNM-22-001: published linkset fixtures prep at `docs/samples/linkset/prep-22-001.md`; status set to DONE. | Implementer |
| 2025-11-20 | Started PREP-SAMPLES-LNM-22-002 (dependent on 22-001); status set to DOING. | Planning |
| 2025-11-19 | Normalized PREP-SAMPLES-LNM-22-001 Task ID (removed trailing hyphen) for dependency tracking. | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-18 | Drafted fixture plan (`samples/graph/fixtures-plan.md`) outlining contents, assumptions, and blockers for SAMPLES-GRAPH-24-003. | Samples |

102
docs/implplan/SPRINT_0510_0001_0001_airgap.md
View File

@@ -1,51 +1,65 @@
# Sprint 0510 · Ops & Offline · AirGap (190.E)
## Topic & Scope
- Implement air-gap controller/importer/time components: seal/unseal state machine, status APIs, importer verification, and time-anchor telemetry for offline bundles.
- Align with platform sealed-mode posture and ensure deterministic verification paths for offline kits.
- **Working directory:** `src/AirGap`.
## Dependencies & Concurrency
- Upstream: Attestor/Authority scopes for `airgap:*`, Offline Kit bundle formats, DevOps sealed-mode pipeline outputs.
- AirGap Importer depends on Bundle trust roots and TUF metadata from release pipelines.
## Documentation Prerequisites
- docs/07_HIGH_LEVEL_ARCHITECTURE.md
- docs/modules/platform/architecture-overview.md
- docs/modules/devops/architecture.md
- docs/modules/airgap/airgap-mode.md (if present)
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-AIRGAP-CTL-56-001-CONTROLLER-PROJECT-SCA | DOING (2025-11-20) | Due 2025-11-26 · Accountable: AirGap Controller Guild | AirGap Controller Guild | Controller project scaffold missing; need baseline service skeleton. <br><br> Document artefact/deliverable for AIRGAP-CTL-56-001 and publish location so downstream tasks can proceed. |
| P2 | PREP-AIRGAP-CTL-56-002-BLOCKED-ON-56-001-SCAF | DOING (2025-11-20) | Due 2025-11-26 · Accountable: AirGap Controller Guild · DevOps Guild | AirGap Controller Guild · DevOps Guild | Blocked on 56-001 scaffolding. <br><br> Document artefact/deliverable for AIRGAP-CTL-56-002 and publish location so downstream tasks can proceed. |
# Sprint 0510 · Ops & Offline · AirGap (190.E)
## Topic & Scope
- Implement air-gap controller/importer/time components: seal/unseal state machine, status APIs, importer verification, and time-anchor telemetry for offline bundles.
- Align with platform sealed-mode posture and ensure deterministic verification paths for offline kits.
- **Working directory:** `src/AirGap`.
## Dependencies & Concurrency
- Upstream: Attestor/Authority scopes for `airgap:*`, Offline Kit bundle formats, DevOps sealed-mode pipeline outputs.
- AirGap Importer depends on Bundle trust roots and TUF metadata from release pipelines.
## Documentation Prerequisites
- docs/07_HIGH_LEVEL_ARCHITECTURE.md
- docs/modules/platform/architecture-overview.md
- docs/modules/devops/architecture.md
- docs/modules/airgap/airgap-mode.md (if present)
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-AIRGAP-CTL-56-001-CONTROLLER-PROJECT-SCA | DONE (2025-11-20) | Prep note at `docs/airgap/prep/2025-11-20-controller-scaffold-prep.md`; scaffold details in `docs/airgap/controller-scaffold.md`. | AirGap Controller Guild | Controller project scaffold missing; need baseline service skeleton. <br><br> Document artefact/deliverable for AIRGAP-CTL-56-001 and publish location so downstream tasks can proceed. |
| P2 | PREP-AIRGAP-CTL-56-002-BLOCKED-ON-56-001-SCAF | DONE (2025-11-20) | Prep note at `docs/airgap/prep/2025-11-20-controller-scaffold-prep.md`; status endpoint sketch included. | AirGap Controller Guild · DevOps Guild | Blocked on 56-001 scaffolding. <br><br> Document artefact/deliverable for AIRGAP-CTL-56-002 and publish location so downstream tasks can proceed. |
| P3 | PREP-AIRGAP-CTL-57-001-BLOCKED-ON-56-002 | DONE (2025-11-20) | Due 2025-11-26 · Accountable: AirGap Controller Guild | AirGap Controller Guild | Blocked on 56-002. <br><br> Deliverable: sealed-mode startup diagnostics spec at `docs/airgap/sealed-startup-diagnostics.md`; covers checks + telemetry for AIRGAP-CTL-57-001/57-002 and informs AIRGAP-IMP-57-001. |
| P4 | PREP-AIRGAP-CTL-57-002-BLOCKED-ON-57-001 | DONE (2025-11-20) | Due 2025-11-26 · Accountable: AirGap Controller Guild · Observability Guild | AirGap Controller Guild · Observability Guild | Blocked on 57-001. <br><br> Deliverable: sealed-mode startup diagnostics + telemetry/timeline hooks defined in `docs/airgap/sealed-startup-diagnostics.md`; includes events `airgap.sealed`/`airgap.unsealed` and counters for anchor staleness. |
| P5 | PREP-AIRGAP-CTL-58-001-BLOCKED-ON-57-002 | DOING (2025-11-20) | Due 2025-11-26 · Accountable: AirGap Controller Guild · AirGap Time Guild | AirGap Controller Guild · AirGap Time Guild | Blocked on 57-002. <br><br> Document artefact/deliverable for AIRGAP-CTL-58-001, AIRGAP-IMP-58-001, AIRGAP-TIME-58-001 and publish location so downstream tasks can proceed. |
| P5 | PREP-AIRGAP-CTL-58-001-BLOCKED-ON-57-002 | DONE (2025-11-20) | Prep note at `docs/airgap/prep/2025-11-20-staleness-drift-prep.md`; ties to time anchor data. | AirGap Controller Guild · AirGap Time Guild | Blocked on 57-002. <br><br> Document artefact/deliverable for AIRGAP-CTL-58-001, AIRGAP-IMP-58-001, AIRGAP-TIME-58-001 and publish location so downstream tasks can proceed. |
| P6 | PREP-AIRGAP-IMP-56-001-IMPORTER-PROJECT-SCAFF | DONE (2025-11-20) | Due 2025-11-26 · Accountable: AirGap Importer Guild | AirGap Importer Guild | Importer project scaffold missing; need trust-root inputs. <br><br> Deliverable: scaffold + doc at `docs/airgap/importer-scaffold.md`; project + tests under `src/AirGap/StellaOps.AirGap.Importer` and `tests/AirGap/StellaOps.AirGap.Importer.Tests`. |
| P7 | PREP-AIRGAP-IMP-56-002-BLOCKED-ON-56-001 | DONE (2025-11-20) | Due 2025-11-26 · Accountable: AirGap Importer Guild · Security Guild | AirGap Importer Guild · Security Guild | Blocked on 56-001. <br><br> Deliverable shares scaffold above; downstream tasks now have deterministic plan and trust-root contract. |
| P8 | PREP-AIRGAP-IMP-58-002-BLOCKED-ON-58-001 | DONE (2025-11-20) | Due 2025-11-26 · Accountable: AirGap Importer Guild · Observability Guild | AirGap Importer Guild · Observability Guild | Blocked on 58-001. <br><br> Deliverable shares scaffold above; includes plan steps + validation envelope for import timeline events. |
| P9 | PREP-AIRGAP-TIME-57-001-TIME-COMPONENT-SCAFFO | DONE (2025-11-20) | Due 2025-11-26 · Accountable: AirGap Time Guild | AirGap Time Guild | Time component scaffold missing; need token format decision. <br><br> Deliverable: `src/AirGap/StellaOps.AirGap.Time` project + tests and doc `docs/airgap/time-anchor-scaffold.md` covering Roughtime/RFC3161 stub parser. |
| 1 | AIRGAP-CTL-56-001 | BLOCKED | PREP-AIRGAP-CTL-56-001-CONTROLLER-PROJECT-SCA | AirGap Controller Guild | Implement `airgap_state` persistence, seal/unseal state machine, and Authority scope checks (`airgap:seal`, `airgap:status:read`). |
| 2 | AIRGAP-CTL-56-002 | BLOCKED | PREP-AIRGAP-CTL-56-002-BLOCKED-ON-56-001-SCAF | AirGap Controller Guild · DevOps Guild | Expose `GET /system/airgap/status`, `POST /system/airgap/seal`, integrate policy hash validation, and return staleness/time anchor placeholders. |
| 3 | AIRGAP-CTL-57-001 | BLOCKED | PREP-AIRGAP-CTL-57-001-BLOCKED-ON-56-002 | AirGap Controller Guild | Add startup diagnostics that block application run when sealed flag set but egress policies missing; emit audit + telemetry. |
| 4 | AIRGAP-CTL-57-002 | BLOCKED | PREP-AIRGAP-CTL-57-002-BLOCKED-ON-57-001 | AirGap Controller Guild · Observability Guild | Instrument seal/unseal events with trace/log fields and timeline emission (`airgap.sealed`, `airgap.unsealed`). |
| 5 | AIRGAP-CTL-58-001 | BLOCKED | PREP-AIRGAP-CTL-58-001-BLOCKED-ON-57-002 | AirGap Controller Guild · AirGap Time Guild | Persist time anchor metadata, compute drift seconds, and surface staleness budgets in status API. |
| 1 | AIRGAP-CTL-56-001 | BLOCKED | PREP-AIRGAP-CTL-56-001-CONTROLLER-PROJECT-SCA | AirGap Controller Guild | Implement `airgap_state` persistence, seal/unseal state machine, and Authority scope checks (`airgap:seal`, `airgap:status:read`). |
| 2 | AIRGAP-CTL-56-002 | BLOCKED | PREP-AIRGAP-CTL-56-002-BLOCKED-ON-56-001-SCAF | AirGap Controller Guild · DevOps Guild | Expose `GET /system/airgap/status`, `POST /system/airgap/seal`, integrate policy hash validation, and return staleness/time anchor placeholders. |
| 3 | AIRGAP-CTL-57-001 | BLOCKED | PREP-AIRGAP-CTL-57-001-BLOCKED-ON-56-002 | AirGap Controller Guild | Add startup diagnostics that block application run when sealed flag set but egress policies missing; emit audit + telemetry. |
| 4 | AIRGAP-CTL-57-002 | BLOCKED | PREP-AIRGAP-CTL-57-002-BLOCKED-ON-57-001 | AirGap Controller Guild · Observability Guild | Instrument seal/unseal events with trace/log fields and timeline emission (`airgap.sealed`, `airgap.unsealed`). |
| 5 | AIRGAP-CTL-58-001 | BLOCKED | PREP-AIRGAP-CTL-58-001-BLOCKED-ON-57-002 | AirGap Controller Guild · AirGap Time Guild | Persist time anchor metadata, compute drift seconds, and surface staleness budgets in status API. |
| 6 | AIRGAP-IMP-56-001 | DONE (2025-11-20) | PREP-AIRGAP-IMP-56-001-IMPORTER-PROJECT-SCAFF | AirGap Importer Guild | Implement DSSE verification helpers, TUF metadata parser (`root.json`, `snapshot.json`, `timestamp.json`), and Merkle root calculator. |
| 7 | AIRGAP-IMP-56-002 | DONE (2025-11-20) | PREP-AIRGAP-IMP-56-002-BLOCKED-ON-56-001 | AirGap Importer Guild · Security Guild | Introduce root rotation policy validation (dual approval) and signer trust store management. |
| 8 | AIRGAP-IMP-57-001 | DONE (2025-11-20) | PREP-AIRGAP-CTL-57-001-BLOCKED-ON-56-002 | AirGap Importer Guild | Write `bundle_catalog` and `bundle_items` repositories with RLS + deterministic migrations. Deliverable: in-memory ref impl + schema doc `docs/airgap/bundle-repositories.md`; tests cover RLS and deterministic ordering. |
| 9 | AIRGAP-IMP-57-002 | BLOCKED | PREP-AIRGAP-CTL-57-002-BLOCKED-ON-57-001 | AirGap Importer Guild · DevOps Guild | Implement object-store loader storing artifacts under tenant/global mirror paths with Zstandard decompression and checksum validation. |
| 10 | AIRGAP-IMP-58-001 | BLOCKED | PREP-AIRGAP-CTL-58-001-BLOCKED-ON-57-002 | AirGap Importer Guild · CLI Guild | Implement API (`POST /airgap/import`, `/airgap/verify`) and CLI commands wiring verification + catalog updates, including diff preview. |
| 11 | AIRGAP-IMP-58-002 | BLOCKED | PREP-AIRGAP-IMP-58-002-BLOCKED-ON-58-001 | AirGap Importer Guild · Observability Guild | Emit timeline events (`airgap.import.started`, `airgap.import.completed`) with staleness metrics. |
| 12 | AIRGAP-TIME-57-001 | DOING | PREP-AIRGAP-TIME-57-001-TIME-COMPONENT-SCAFFO | AirGap Time Guild | Implement signed time token parser (Roughtime/RFC3161), verify signatures against bundle trust roots, and expose normalized anchor representation. Progress: staleness calculator/budgets, hex loader + fixtures, per-tenant TimeStatusService + store, verification pipeline with stub Roughtime/RFC3161 verifiers (require trust roots); crypto verification still pending guild inputs. |
| 13 | AIRGAP-TIME-57-002 | BLOCKED | PREP-AIRGAP-CTL-57-002-BLOCKED-ON-57-001 | AirGap Time Guild · Observability Guild | Add telemetry counters for time anchors (`airgap_time_anchor_age_seconds`) and alerts for approaching thresholds. |
| 14 | AIRGAP-TIME-58-001 | BLOCKED | PREP-AIRGAP-CTL-58-001-BLOCKED-ON-57-002 | AirGap Time Guild | Persist drift baseline, compute per-content staleness (advisories, VEX, policy) based on bundle metadata, and surface through controller status API. |
| 15 | AIRGAP-TIME-58-002 | BLOCKED | PREP-AIRGAP-IMP-58-002-BLOCKED-ON-58-001 | AirGap Time Guild · Notifications Guild | Emit notifications and timeline events when staleness budgets breached or approaching. |
## Execution Log
| 9 | AIRGAP-IMP-57-002 | BLOCKED | PREP-AIRGAP-CTL-57-002-BLOCKED-ON-57-001 | AirGap Importer Guild · DevOps Guild | Implement object-store loader storing artifacts under tenant/global mirror paths with Zstandard decompression and checksum validation. |
| 10 | AIRGAP-IMP-58-001 | BLOCKED | PREP-AIRGAP-CTL-58-001-BLOCKED-ON-57-002 | AirGap Importer Guild · CLI Guild | Implement API (`POST /airgap/import`, `/airgap/verify`) and CLI commands wiring verification + catalog updates, including diff preview. |
| 11 | AIRGAP-IMP-58-002 | BLOCKED | PREP-AIRGAP-IMP-58-002-BLOCKED-ON-58-001 | AirGap Importer Guild · Observability Guild | Emit timeline events (`airgap.import.started`, `airgap.import.completed`) with staleness metrics. |
| 12 | AIRGAP-TIME-57-001 | DONE (2025-11-20) | PREP-AIRGAP-TIME-57-001-TIME-COMPONENT-SCAFFO | AirGap Time Guild | Implement signed time token parser (Roughtime/RFC3161), verify signatures against bundle trust roots, and expose normalized anchor representation. Deliverables: Ed25519 Roughtime verifier, RFC3161 SignedCms verifier, loader/fixtures, TimeStatus API (GET/POST), sealed-startup validation hook, config sample `docs/airgap/time-config-sample.json`, tests passing. |
| 13 | AIRGAP-TIME-57-002 | BLOCKED | PREP-AIRGAP-CTL-57-002-BLOCKED-ON-57-001 | AirGap Time Guild · Observability Guild | Add telemetry counters for time anchors (`airgap_time_anchor_age_seconds`) and alerts for approaching thresholds. |
| 14 | AIRGAP-TIME-58-001 | BLOCKED | PREP-AIRGAP-CTL-58-001-BLOCKED-ON-57-002 | AirGap Time Guild | Persist drift baseline, compute per-content staleness (advisories, VEX, policy) based on bundle metadata, and surface through controller status API. |
| 15 | AIRGAP-TIME-58-002 | BLOCKED | PREP-AIRGAP-IMP-58-002-BLOCKED-ON-58-001 | AirGap Time Guild · Notifications Guild | Emit notifications and timeline events when staleness budgets breached or approaching. |
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Added curl example + healthcheck note to time API doc; tests still passing. | Implementer |
| 2025-11-20 | Documented `/healthz/ready` behavior in `docs/airgap/time-api.md`; health depends on anchor presence/staleness. | Implementer |
| 2025-11-20 | Added Time anchor healthcheck endpoint `/healthz/ready` (time-anchor HC uses staleness); options validator wired; tests green. | Implementer |
| 2025-11-20 | Loader now rejects missing/incompatible trust roots; controller logs failures/success for POST /api/v1/time/anchor; tests remain passing. | Implementer |
| 2025-11-20 | Added AirGap options validator tests (tenant/budget guardrails); test suite remains passing. | Implementer |
| 2025-11-20 | Added AirGap options validator (tenant + staleness budgets) and kept Time tests passing. | Implementer |
| 2025-11-20 | Hardened TimeAnchorLoader trust-root checks (format compatibility) and added verifier tests; Time tests still green. | Implementer |
| 2025-11-20 | Added time API doc (`docs/airgap/time-api.md`) and AirGap docs index; tests still passing after doc updates. | Implementer |
| 2025-11-20 | Added budget-mismatch guard test for sealed startup validator; Time tests remain passing. | Implementer |
| 2025-11-20 | Added crypto-backed tests for Roughtime (Ed25519) and RFC3161 (SignedCms) verifiers; Time test suite still green. | Implementer |
| 2025-11-20 | Wired config-driven tenant/staleness budgets into Time host; verifiers now real (Roughtime Ed25519, RFC3161 SignedCms); config sample added (`docs/airgap/time-config-sample.json`); tests remain green. | Implementer |
| 2025-11-20 | Upgraded time verifiers: Roughtime Ed25519 signature check and RFC3161 SignedCms verification; docs updated. | Implementer |
| 2025-11-20 | Added sealed startup validator hook; API POST `/api/v1/time/anchor`/GET `/api/v1/time/status` now exercised by tests; Time project builds standalone. | Implementer |
| 2025-11-20 | Added sealed-startup validator for time anchors; POST `/api/v1/time/anchor` persists anchor + budgets, GET `/api/v1/time/status` returns staleness; tests passing. | Implementer |
| 2025-11-20 | Added TimeStatusController + web host; exposed `/api/v1/time/status` and POST `/api/v1/time/anchor` using trust-root verified loader; tests still passing. | Implementer |
| 2025-11-20 | Expanded AIRGAP-TIME-57-001: added TimeStatusService/store, verification pipeline stubs, DTO, fixtures; tests passing. Added API surface `/api/v1/time/status`. | Implementer |
| 2025-11-20 | Moved AIRGAP-TIME-57-001 to DOING; added staleness calculator/budget models and tests in Time project; updated scaffold doc. | Implementer |
@@ -55,17 +69,19 @@
| 2025-11-20 | Started AIRGAP-IMP-56-001/56-002 implementation (DSSE verifier, TUF validator, Merkle calculator; tests added). | Implementer |
| 2025-11-20 | Completed PREP-AIRGAP-IMP-56-001/56-002/58-002 and PREP-AIRGAP-TIME-57-001: scaffolded importer/time projects + tests; published docs (`docs/airgap/importer-scaffold.md`, `docs/airgap/time-anchor-scaffold.md`). | Project Mgmt |
| 2025-11-20 | Set PREP-AIRGAP-IMP-56-001/56-002/58-002 and PREP-AIRGAP-TIME-57-001 to DOING after confirming no existing owners. | Project Mgmt |
| 2025-11-20 | Published prep notes for controller scaffold and staleness enrichment (`docs/airgap/prep/2025-11-20-controller-scaffold-prep.md`, `docs/airgap/prep/2025-11-20-staleness-drift-prep.md`); marked PREP-AIRGAP-CTL-56-001/56-002/58-001 DONE. | Implementer |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-18 | Marked all AIRGAP controller/importer/time tasks BLOCKED: no project scaffolds exist under src/AirGap; need baseline service skeletons and token format decisions before implementation. | Ops/Docs |
| 2025-11-18 | Normalised sprint to standard template; renamed from SPRINT_510_airgap.md. | Ops/Docs |
## Decisions & Risks
- Seal/unseal + importer rely on release pipeline outputs (trust roots, manifests); delays there delay this sprint.
- Time anchor parsing depends on chosen token format (Roughtime vs RFC3161); must be confirmed with AirGap Time Guild.
- Offline posture: ensure all verification runs without egress; CMK/KMS access must have offline-friendly configs.
- Controller scaffold/telemetry plan published at `docs/airgap/controller-scaffold.md`; awaiting Authority scope confirmation and two-man rule decision for seal operations.
## Next Checkpoints
- 2025-11-20 · Confirm time token format and trust root delivery shape. Owner: AirGap Time Guild.
- 2025-11-22 · Align on seal/unseal Authority scopes and baseline policy hash inputs. Owner: AirGap Controller Guild.
- Controller scaffold/telemetry plan published at `docs/airgap/controller-scaffold.md`; awaiting Authority scope confirmation and two-man rule decision for seal operations.
- Repo integrity risk: current git index appears corrupted (phantom deletions across repo). Requires repair before commit/merge to avoid data loss.
## Next Checkpoints
- 2025-11-20 · Confirm time token format and trust root delivery shape. Owner: AirGap Time Guild.
- 2025-11-22 · Align on seal/unseal Authority scopes and baseline policy hash inputs. Owner: AirGap Controller Guild.
- 2025-11-25 · Verify release pipeline exposes TUF metadata paths for importer (AIRGAP-IMP-56-001). Owner: AirGap Importer Guild.

98
docs/implplan/SPRINT_0512_0001_0001_bench.md
View File

@@ -1,52 +1,56 @@
# Sprint 0512 · Ops & Offline · Bench (190.G)
## Topic & Scope
- Build and capture performance benchmarks for graph, UI interactions, impact index, policy deltas, and reachability scoring to support offline/ops readiness.
- Target harnesses under `src/Bench/StellaOps.Bench` with reproducible datasets.
- **Working directory:** `src/Bench/StellaOps.Bench`.
## Dependencies & Concurrency
- Upstream data: graph fixtures (SAMPLES-GRAPH-24-003), reachability schema (Sprint 0400/0401), policy delta inputs.
- UI bench depends on BENCH-GRAPH-21-001/002 harness foundation.
## Documentation Prerequisites
- docs/07_HIGH_LEVEL_ARCHITECTURE.md
- docs/modules/platform/architecture-overview.md
- docs/modules/graph/architecture.md (for graph bench scenarios)
- docs/modules/signals/architecture.md (for reachability benches)
- docs/modules/policy/architecture.md
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-BENCH-GRAPH-21-001-NEED-GRAPH-BENCH-HARN | TODO | Due 2025-11-26 · Accountable: Bench Guild · Graph Platform Guild | Bench Guild · Graph Platform Guild | Need graph bench harness scaffolding (50k/100k nodes). <br><br> Document artefact/deliverable for BENCH-GRAPH-21-001 and publish location so downstream tasks can proceed. |
| P2 | PREP-BENCH-GRAPH-21-002-BLOCKED-ON-21-001-HAR | TODO | Due 2025-11-26 · Accountable: Bench Guild · UI Guild | Bench Guild · UI Guild | Blocked on 21-001 harness. <br><br> Document artefact/deliverable for BENCH-GRAPH-21-002 and publish location so downstream tasks can proceed. |
| P3 | PREP-BENCH-IMPACT-16-001-IMPACT-INDEX-DATASET | TODO | Due 2025-11-26 · Accountable: Bench Guild · Scheduler Team | Bench Guild · Scheduler Team | Impact index dataset/replay inputs not provided. <br><br> Document artefact/deliverable for BENCH-IMPACT-16-001 and publish location so downstream tasks can proceed. |
| P4 | PREP-BENCH-POLICY-20-002-POLICY-DELTA-SAMPLE | TODO | Due 2025-11-26 · Accountable: Bench Guild · Policy Guild · Scheduler Guild | Bench Guild · Policy Guild · Scheduler Guild | Policy delta sample inputs missing. <br><br> Document artefact/deliverable for BENCH-POLICY-20-002 and publish location so downstream tasks can proceed. |
| P5 | PREP-BENCH-SIG-26-001-REACHABILITY-SCHEMA-FIX | TODO | Due 2025-11-26 · Accountable: Bench Guild · Signals Guild | Bench Guild · Signals Guild | Reachability schema/fixtures pending Sprint 0400/0401. <br><br> Document artefact/deliverable for BENCH-SIG-26-001 and publish location so downstream tasks can proceed. |
| P6 | PREP-BENCH-SIG-26-002-BLOCKED-ON-26-001-OUTPU | TODO | Due 2025-11-26 · Accountable: Bench Guild · Policy Guild | Bench Guild · Policy Guild | Blocked on 26-001 outputs. <br><br> Document artefact/deliverable for BENCH-SIG-26-002 and publish location so downstream tasks can proceed. |
| 1 | BENCH-GRAPH-21-001 | BLOCKED | PREP-BENCH-GRAPH-21-001-NEED-GRAPH-BENCH-HARN | Bench Guild · Graph Platform Guild | Build graph viewport/path benchmark harness (50k/100k nodes) measuring Graph API/Indexer latency, memory, and tile cache hit rates. |
| 2 | BENCH-GRAPH-21-002 | BLOCKED | PREP-BENCH-GRAPH-21-002-BLOCKED-ON-21-001-HAR | Bench Guild · UI Guild | Add headless UI load benchmark (Playwright) for graph canvas interactions to track render times and FPS budgets. |
| 3 | BENCH-GRAPH-24-002 | BLOCKED | Waiting for 50k/100k graph fixture (SAMPLES-GRAPH-24-003) | Bench Guild · UI Guild | Implement UI interaction benchmarks (filter/zoom/table operations) citing p95 latency; integrate with perf dashboards. |
| 4 | BENCH-IMPACT-16-001 | BLOCKED | PREP-BENCH-IMPACT-16-001-IMPACT-INDEX-DATASET | Bench Guild · Scheduler Team | ImpactIndex throughput bench (resolve 10k productKeys) + RAM profile. |
| 5 | BENCH-POLICY-20-002 | BLOCKED | PREP-BENCH-POLICY-20-002-POLICY-DELTA-SAMPLE | Bench Guild · Policy Guild · Scheduler Guild | Add incremental run benchmark measuring delta evaluation vs full; capture SLA compliance. |
| 6 | BENCH-SIG-26-001 | BLOCKED | PREP-BENCH-SIG-26-001-REACHABILITY-SCHEMA-FIX | Bench Guild · Signals Guild | Develop benchmark for reachability scoring pipeline (facts/sec, latency, memory) using synthetic callgraphs/runtime batches. |
| 7 | BENCH-SIG-26-002 | BLOCKED | PREP-BENCH-SIG-26-002-BLOCKED-ON-26-001-OUTPU | Bench Guild · Policy Guild | Measure policy evaluation overhead with reachability cache hot/cold; ensure ≤8 ms p95 added latency. |
## Execution Log
# Sprint 0512 · Ops & Offline · Bench (190.G)
## Topic & Scope
- Build and capture performance benchmarks for graph, UI interactions, impact index, policy deltas, and reachability scoring to support offline/ops readiness.
- Target harnesses under `src/Bench/StellaOps.Bench` with reproducible datasets.
- **Working directory:** `src/Bench/StellaOps.Bench`.
## Dependencies & Concurrency
- Upstream data: graph fixtures (SAMPLES-GRAPH-24-003), reachability schema (Sprint 0400/0401), policy delta inputs.
- UI bench depends on BENCH-GRAPH-21-001/002 harness foundation.
## Documentation Prerequisites
- docs/07_HIGH_LEVEL_ARCHITECTURE.md
- docs/modules/platform/architecture-overview.md
- docs/modules/graph/architecture.md (for graph bench scenarios)
- docs/modules/signals/architecture.md (for reachability benches)
- docs/modules/policy/architecture.md
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-BENCH-GRAPH-21-001-NEED-GRAPH-BENCH-HARN | DONE (2025-11-20) | Prep doc at `docs/benchmarks/graph/bench-graph-21-001-prep.md`; awaits fixtures (SAMPLES-GRAPH-24-003). | Bench Guild · Graph Platform Guild | Need graph bench harness scaffolding (50k/100k nodes). <br><br> Document artefact/deliverable for BENCH-GRAPH-21-001 and publish location so downstream tasks can proceed. |
| P2 | PREP-BENCH-GRAPH-21-002-BLOCKED-ON-21-001-HAR | DONE (2025-11-20) | Due 2025-11-26 · Accountable: Bench Guild · UI Guild | Bench Guild · UI Guild | Prep artefact published at `docs/benchmarks/graph/bench-graph-21-002-prep.md` (Playwright UI bench plan leveraging 50k/100k fixtures; scenarios, metrics, determinism). |
| P3 | PREP-BENCH-IMPACT-16-001-IMPACT-INDEX-DATASET | DONE (2025-11-20) | Due 2025-11-26 · Accountable: Bench Guild · Scheduler Team | Bench Guild · Scheduler Team | Prep artefact published at `docs/benchmarks/impact/bench-impact-16-001-prep.md` (dataset shape, replay plan, deterministic metrics). |
| P4 | PREP-BENCH-POLICY-20-002-POLICY-DELTA-SAMPLE | DONE (2025-11-20) | Due 2025-11-26 · Accountable: Bench Guild · Policy Guild · Scheduler Guild | Bench Guild · Policy Guild · Scheduler Guild | Prep artefact published at `docs/benchmarks/policy/bench-policy-20-002-prep.md` (baseline + delta datasets, deterministic harness plan, metrics). |
| P5 | PREP-BENCH-SIG-26-001-REACHABILITY-SCHEMA-FIX | DONE (2025-11-20) | Prep doc at `docs/benchmarks/signals/bench-sig-26-001-prep.md`; awaits reachability schema hash. | Bench Guild · Signals Guild | Reachability schema/fixtures pending Sprint 0400/0401. <br><br> Document artefact/deliverable for BENCH-SIG-26-001 and publish location so downstream tasks can proceed. |
| P6 | PREP-BENCH-SIG-26-002-BLOCKED-ON-26-001-OUTPU | DONE (2025-11-20) | Prep doc at `docs/benchmarks/signals/bench-sig-26-002-prep.md`; depends on 26-001 datasets. | Bench Guild · Policy Guild | Blocked on 26-001 outputs. <br><br> Document artefact/deliverable for BENCH-SIG-26-002 and publish location so downstream tasks can proceed. |
| 1 | BENCH-GRAPH-21-001 | BLOCKED | PREP-BENCH-GRAPH-21-001-NEED-GRAPH-BENCH-HARN | Bench Guild · Graph Platform Guild | Build graph viewport/path benchmark harness (50k/100k nodes) measuring Graph API/Indexer latency, memory, and tile cache hit rates. |
| 2 | BENCH-GRAPH-21-002 | BLOCKED | PREP-BENCH-GRAPH-21-002-BLOCKED-ON-21-001-HAR | Bench Guild · UI Guild | Add headless UI load benchmark (Playwright) for graph canvas interactions to track render times and FPS budgets. |
| 3 | BENCH-GRAPH-24-002 | BLOCKED | Waiting for 50k/100k graph fixture (SAMPLES-GRAPH-24-003) | Bench Guild · UI Guild | Implement UI interaction benchmarks (filter/zoom/table operations) citing p95 latency; integrate with perf dashboards. |
| 4 | BENCH-IMPACT-16-001 | BLOCKED | PREP-BENCH-IMPACT-16-001-IMPACT-INDEX-DATASET | Bench Guild · Scheduler Team | ImpactIndex throughput bench (resolve 10k productKeys) + RAM profile. |
| 5 | BENCH-POLICY-20-002 | BLOCKED | PREP-BENCH-POLICY-20-002-POLICY-DELTA-SAMPLE | Bench Guild · Policy Guild · Scheduler Guild | Add incremental run benchmark measuring delta evaluation vs full; capture SLA compliance. |
| 6 | BENCH-SIG-26-001 | BLOCKED | PREP-BENCH-SIG-26-001-REACHABILITY-SCHEMA-FIX | Bench Guild · Signals Guild | Develop benchmark for reachability scoring pipeline (facts/sec, latency, memory) using synthetic callgraphs/runtime batches. |
| 7 | BENCH-SIG-26-002 | BLOCKED | PREP-BENCH-SIG-26-002-BLOCKED-ON-26-001-OUTPU | Bench Guild · Policy Guild | Measure policy evaluation overhead with reachability cache hot/cold; ensure ≤8 ms p95 added latency. |
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Completed PREP-BENCH-GRAPH-21-002: published UI bench prep doc at `docs/benchmarks/graph/bench-graph-21-002-prep.md`; status set to DONE. | Implementer |
| 2025-11-20 | Completed PREP-BENCH-IMPACT-16-001: published impact index bench prep doc at `docs/benchmarks/impact/bench-impact-16-001-prep.md`; status set to DONE. | Implementer |
| 2025-11-20 | Completed PREP-BENCH-POLICY-20-002: published policy delta bench prep doc at `docs/benchmarks/policy/bench-policy-20-002-prep.md`; status set to DONE. | Implementer |
| 2025-11-20 | Published prep artefacts for PREP-BENCH-GRAPH-21-001, PREP-BENCH-SIG-26-001, and PREP-BENCH-SIG-26-002 under `docs/benchmarks/`; marked P1, P5, P6 DONE. | Implementer |
| 2025-11-19 | Trimmed trailing hyphen from PREP-BENCH-POLICY-20-002 Task ID to keep BENCH-POLICY-20-002 blocker resolvable. | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-18 | Marked BENCH-GRAPH-24-002, BENCH-IMPACT-16-001, BENCH-POLICY-20-002, BENCH-SIG-26-001/002 as BLOCKED pending fixtures/datasets and reachability schema. | Bench |
| 2025-11-18 | Normalised sprint to standard template; renamed from SPRINT_512_bench.md. | Ops/Docs |
## Decisions & Risks
- Graph/UI benches depend on large fixtures (SAMPLES-GRAPH-24-003) and graph overlay schema; risk until fixtures land.
- Reachability benches depend on runtime/static schema alignment (Sprint 0400/0401) and fixture relocation.
- Policy/Impact benches require deterministic datasets; ensure no online dependencies.
## Next Checkpoints
- 2025-11-22 · Confirm availability of graph fixtures for BENCH-GRAPH-21-001/002/24-002. Owner: Bench Guild.
- 2025-11-24 · Reachability schema alignment outcome to unblock BENCH-SIG-26-001. Owner: Signals Guild.
- 2025-11-26 · Decide impact index dataset for BENCH-IMPACT-16-001. Owner: Scheduler Team.
| 2025-11-18 | Normalised sprint to standard template; renamed from SPRINT_512_bench.md. | Ops/Docs |
## Decisions & Risks
- Graph/UI benches depend on large fixtures (SAMPLES-GRAPH-24-003) and graph overlay schema; risk until fixtures land.
- Reachability benches depend on runtime/static schema alignment (Sprint 0400/0401) and fixture relocation.
- Policy/Impact benches require deterministic datasets; ensure no online dependencies.
## Next Checkpoints
- 2025-11-22 · Confirm availability of graph fixtures for BENCH-GRAPH-21-001/002/24-002. Owner: Bench Guild.
- 2025-11-24 · Reachability schema alignment outcome to unblock BENCH-SIG-26-001. Owner: Signals Guild.
- 2025-11-26 · Decide impact index dataset for BENCH-IMPACT-16-001. Owner: Scheduler Team.

99
docs/implplan/SPRINT_0514_0001_0001_sovereign_crypto_enablement.md
View File

@@ -1,53 +1,54 @@
# Sprint 0514 · Ops & Offline · Sovereign Crypto Enablement (190.K)
## Topic & Scope
- Deliver RootPack_RU-ready sovereign crypto providers (CryptoPro + PKCS#11), configuration knobs, deterministic tests, and repo-wide crypto routing audit.
- Maintain quarantined fork for GostCryptography/CryptoPro plugin and ensure Authority/Scanner/Attestor route through registry-based providers.
- **Working directory:** `src/__Libraries/StellaOps.Cryptography*`, `src/Authority`, `src/Scanner`, `src/Attestor`, `third_party/forks/AlexMAS.GostCryptography`.
## Dependencies & Concurrency
- Authority signing provider contract and JWKS export requirements (blocking AUTH-CRYPTO-90-001).
- CI runners must support platform-specific CryptoPro/PKCS#11 tests (env/pin gated); may need opt-in pipelines.
## Documentation Prerequisites
- docs/security/rootpack_ru_*.md
- docs/dev/crypto.md
- docs/modules/platform/architecture-overview.md
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-AUTH-CRYPTO-90-001-NEEDS-AUTHORITY-PROVI | TODO | Due 2025-11-26 · Accountable: Authority Core & Security Guild | Authority Core & Security Guild | Needs Authority provider/key format spec & JWKS export requirements. <br><br> Document artefact/deliverable for AUTH-CRYPTO-90-001 and publish location so downstream tasks can proceed. |
| 1 | SEC-CRYPTO-90-017 | TODO | Fork present; integrate into solution | Security Guild | Vendor `third_party/forks/AlexMAS.GostCryptography` into the solution build (solution filters, Directory.Build props, CI) so the library compiles with the repo and publishes artifacts. |
| 2 | SEC-CRYPTO-90-018 | TODO | After 90-017 | Security & Docs Guilds | Update developer/RootPack documentation to describe the fork, sync steps, and licensing. |
| 3 | SEC-CRYPTO-90-019 | TODO | After 90-017 | Security Guild | Patch the fork to drop vulnerable `System.Security.Cryptography.{Pkcs,Xml}` 6.0.0 deps; retarget .NET 8+, rerun tests. |
| 4 | SEC-CRYPTO-90-020 | TODO | After 90-017/019 | Security Guild | Re-point `StellaOps.Cryptography.Plugin.CryptoPro` to the forked sources and prove end-to-end plugin wiring. |
| 5 | SEC-CRYPTO-90-021 | TODO | After 90-020 | Security & QA Guilds | Validate forked library + plugin on Windows (CryptoPro CSP) and Linux (OpenSSL GOST fallback); document prerequisites. |
| 6 | SEC-CRYPTO-90-012 | TODO | Env-gated | Security Guild | Add CryptoPro + PKCS#11 integration tests and hook into `scripts/crypto/run-rootpack-ru-tests.sh`. |
| 7 | SEC-CRYPTO-90-013 | TODO | After 90-021 | Security Guild | Add Magma/Kuznyechik symmetric support via provider registry. |
| 8 | SEC-CRYPTO-90-014 | TODO | After Authority contract confirmed | Security Guild + Service Guilds | Update runtime hosts (Authority, Scanner WebService/Worker, Concelier, etc.) to register RU providers and expose config toggles. |
| 9 | SEC-CRYPTO-90-015 | TODO | After 90-012/021 | Security & Docs Guild | Refresh RootPack/validation documentation. |
| 10 | AUTH-CRYPTO-90-001 | BLOCKED | PREP-AUTH-CRYPTO-90-001-NEEDS-AUTHORITY-PROVI | Authority Core & Security Guild | Sovereign signing provider contract for Authority; refactor loaders once contract is published. |
| 11 | SCANNER-CRYPTO-90-001 | TODO | Needs registry wiring | Scanner WebService Guild · Security Guild | Route hashing/signing flows through `ICryptoProviderRegistry`. |
| 12 | SCANNER-WORKER-CRYPTO-90-001 | TODO | After 11 | Scanner Worker Guild · Security Guild | Wire Scanner Worker/BuildX analyzers to registry/hash abstractions. |
| 13 | SCANNER-CRYPTO-90-002 | TODO | PQ profile | Scanner WebService Guild · Security Guild | Enable PQ-friendly DSSE (Dilithium/Falcon) via provider options. |
| 14 | SCANNER-CRYPTO-90-003 | TODO | After 13 | Scanner Worker Guild · QA Guild | Add regression tests for RU/PQ profiles validating Merkle roots + DSSE chains. |
| 15 | ATTESTOR-CRYPTO-90-001 | TODO | Registry wiring | Attestor Service Guild · Security Guild | Migrate attestation hashing/witness flows to provider registry, enabling CryptoPro/PKCS#11 deployments. |
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
# Sprint 0514 · Ops & Offline · Sovereign Crypto Enablement (190.K)
## Topic & Scope
- Deliver RootPack_RU-ready sovereign crypto providers (CryptoPro + PKCS#11), configuration knobs, deterministic tests, and repo-wide crypto routing audit.
- Maintain quarantined fork for GostCryptography/CryptoPro plugin and ensure Authority/Scanner/Attestor route through registry-based providers.
- **Working directory:** `src/__Libraries/StellaOps.Cryptography*`, `src/Authority`, `src/Scanner`, `src/Attestor`, `third_party/forks/AlexMAS.GostCryptography`.
## Dependencies & Concurrency
- Authority signing provider contract and JWKS export requirements (blocking AUTH-CRYPTO-90-001).
- CI runners must support platform-specific CryptoPro/PKCS#11 tests (env/pin gated); may need opt-in pipelines.
## Documentation Prerequisites
- docs/security/rootpack_ru_*.md
- docs/dev/crypto.md
- docs/modules/platform/architecture-overview.md
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-AUTH-CRYPTO-90-001-NEEDS-AUTHORITY-PROVI | DONE (2025-11-20) | Prep note at `docs/modules/authority/prep/2025-11-20-auth-crypto-provider-prep.md`; awaiting contract publication. | Authority Core & Security Guild | Needs Authority provider/key format spec & JWKS export requirements. <br><br> Document artefact/deliverable for AUTH-CRYPTO-90-001 and publish location so downstream tasks can proceed. |
| 1 | SEC-CRYPTO-90-017 | TODO | Fork present; integrate into solution | Security Guild | Vendor `third_party/forks/AlexMAS.GostCryptography` into the solution build (solution filters, Directory.Build props, CI) so the library compiles with the repo and publishes artifacts. |
| 2 | SEC-CRYPTO-90-018 | TODO | After 90-017 | Security & Docs Guilds | Update developer/RootPack documentation to describe the fork, sync steps, and licensing. |
| 3 | SEC-CRYPTO-90-019 | TODO | After 90-017 | Security Guild | Patch the fork to drop vulnerable `System.Security.Cryptography.{Pkcs,Xml}` 6.0.0 deps; retarget .NET 8+, rerun tests. |
| 4 | SEC-CRYPTO-90-020 | TODO | After 90-017/019 | Security Guild | Re-point `StellaOps.Cryptography.Plugin.CryptoPro` to the forked sources and prove end-to-end plugin wiring. |
| 5 | SEC-CRYPTO-90-021 | TODO | After 90-020 | Security & QA Guilds | Validate forked library + plugin on Windows (CryptoPro CSP) and Linux (OpenSSL GOST fallback); document prerequisites. |
| 6 | SEC-CRYPTO-90-012 | TODO | Env-gated | Security Guild | Add CryptoPro + PKCS#11 integration tests and hook into `scripts/crypto/run-rootpack-ru-tests.sh`. |
| 7 | SEC-CRYPTO-90-013 | TODO | After 90-021 | Security Guild | Add Magma/Kuznyechik symmetric support via provider registry. |
| 8 | SEC-CRYPTO-90-014 | TODO | After Authority contract confirmed | Security Guild + Service Guilds | Update runtime hosts (Authority, Scanner WebService/Worker, Concelier, etc.) to register RU providers and expose config toggles. |
| 9 | SEC-CRYPTO-90-015 | TODO | After 90-012/021 | Security & Docs Guild | Refresh RootPack/validation documentation. |
| 10 | AUTH-CRYPTO-90-001 | BLOCKED | PREP-AUTH-CRYPTO-90-001-NEEDS-AUTHORITY-PROVI | Authority Core & Security Guild | Sovereign signing provider contract for Authority; refactor loaders once contract is published. |
| 11 | SCANNER-CRYPTO-90-001 | TODO | Needs registry wiring | Scanner WebService Guild · Security Guild | Route hashing/signing flows through `ICryptoProviderRegistry`. |
| 12 | SCANNER-WORKER-CRYPTO-90-001 | TODO | After 11 | Scanner Worker Guild · Security Guild | Wire Scanner Worker/BuildX analyzers to registry/hash abstractions. |
| 13 | SCANNER-CRYPTO-90-002 | TODO | PQ profile | Scanner WebService Guild · Security Guild | Enable PQ-friendly DSSE (Dilithium/Falcon) via provider options. |
| 14 | SCANNER-CRYPTO-90-003 | TODO | After 13 | Scanner Worker Guild · QA Guild | Add regression tests for RU/PQ profiles validating Merkle roots + DSSE chains. |
| 15 | ATTESTOR-CRYPTO-90-001 | TODO | Registry wiring | Attestor Service Guild · Security Guild | Migrate attestation hashing/witness flows to provider registry, enabling CryptoPro/PKCS#11 deployments. |
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-18 | Normalised sprint to standard template; renamed from SPRINT_514_sovereign_crypto_enablement.md. | Security Docs |
| 2025-11-18 | Downloaded MongoDB 4.4.4 binaries into `local-nuget/mongo2go/4.1.0/tools/mongodb-linux-4.4.4-database-tools-100.3.1/community-server/mongodb-linux-x86_64-ubuntu2004-4.4.4/bin/mongod`; reran `dotnet vstest …AdvisoryChunksEndpoint_ReturnsParagraphAnchors` but Mongo2Go still cannot connect (timeout/connection refused to 127.0.0.1). Concelier AOC tasks remain BLOCKED pending stable Mongo2Go startup. | Concelier WebService |
| 2025-11-18 | Targeted `dotnet vstest ...StellaOps.Concelier.WebService.Tests.dll --TestCaseFilter:AdvisoryChunksEndpoint_ReturnsParagraphAnchors` failed: Mongo2Go cannot start (mongod binaries not found; connection refused 127.0.0.1:35961). Concelier AOC tasks remain BLOCKED pending usable Mongo2Go binary path. | Concelier WebService |
## Decisions & Risks
- AUTH-CRYPTO-90-001 blocking: Authority provider/key contract not yet published; SME needed to define mapping to registry + JWKS export.
- CI coverage for CryptoPro/PKCS#11 may require optional pipelines; guard with env/pin gating to keep default CI green.
- PQ support requires provider options design; keep deterministic hashing across providers.
## Next Checkpoints
- 2025-11-19 · Draft Authority provider/JWKS contract to unblock AUTH-CRYPTO-90-001. Owner: Authority Core.
- 2025-11-21 · Decide CI gating approach for CryptoPro/PKCS#11 tests. Owner: Security Guild.
- 2025-11-24 · Fork patch status (SEC-CRYPTO-90-019) and plugin rewire plan (SEC-CRYPTO-90-020). Owner: Security Guild.
| 2025-11-20 | Published Authority crypto provider/JWKS prep note (`docs/modules/authority/prep/2025-11-20-auth-crypto-provider-prep.md`); marked PREP-AUTH-CRYPTO-90-001 DONE. | Implementer |
## Decisions & Risks
- AUTH-CRYPTO-90-001 blocking: Authority provider/key contract not yet published; SME needed to define mapping to registry + JWKS export.
- CI coverage for CryptoPro/PKCS#11 may require optional pipelines; guard with env/pin gating to keep default CI green.
- PQ support requires provider options design; keep deterministic hashing across providers.
## Next Checkpoints
- 2025-11-19 · Draft Authority provider/JWKS contract to unblock AUTH-CRYPTO-90-001. Owner: Authority Core.
- 2025-11-21 · Decide CI gating approach for CryptoPro/PKCS#11 tests. Owner: Security Guild.
- 2025-11-24 · Fork patch status (SEC-CRYPTO-90-019) and plugin rewire plan (SEC-CRYPTO-90-020). Owner: Security Guild.

205
docs/implplan/SPRINT_110_ingestion_evidence.md
View File

@@ -1,102 +1,103 @@
# Sprint 110 · Ingestion & Evidence
## Topic & Scope
- Finalise Advisory AI guardrail evidence (docs, SBOM feeds, policy knobs) while keeping customer rollout unblocked.
- Land Concelier structured caching + telemetry so Link-Not-Merge schemas can feed downstream consoles, air-gap bundles, and attestations.
- Prepare Excititor chunk API, telemetry, and attestation contracts for deterministic VEX evidence delivery.
- Staff and kick off the Mirror assembler so deterministic bundles, DSSE/TUF metadata, and CLI/Export Center automation can start.
## Dependencies & Concurrency
- Upstream: Sprint 100.A (Attestor) must remain green; Excititor/Concelier depend on Link-Not-Merge schema set (`CONCELIER-LNM-21-*`, `CARTO-GRAPH-21-002`). Advisory AI docs require SBOM/CLI/Policy/DevOps deliverables (`SBOM-AIAI-31-001`, `CLI-VULN-29-001`, `CLI-VEX-30-001`, `POLICY-ENGINE-31-001`, `DEVOPS-AIAI-31-001`).
- Sprint 110 peers (111119 range) stay independent; no intra-decade dependencies are permitted.
- Evidence Locker contract and Mirror staffing decisions affect Excititor attestation work and Mirror tracks respectively.
## Documentation Prerequisites
- `docs/modules/advisory-ai/architecture.md`
- `docs/modules/concelier/architecture.md`
- `docs/modules/excititor/architecture.md`
- `docs/modules/export-center/architecture.md`
- `docs/modules/airgap/architecture.md` (timeline + bundle requirements)
## Task Board
| Wave | Task ID | Status | Owner(s) | Dependencies | Notes |
| --- | --- | --- | --- | --- | --- |
| 110.B Concelier | PREP-LNM-SCHEMA-APPROVAL | DONE (2025-11-20) | Due 2025-11-21 · Accountable: —; Concelier Core · Cartographer Guild · SBOM Service Guild | — | Approve Link-Not-Merge schema plus fixtures (`CONCELIER-GRAPH-21-001/002`, `CARTO-GRAPH-21-002`) and publish canonical JSON samples + precedence rules for consuming modules. <br><br>Archive decision + artefacts under `docs/modules/concelier/link-not-merge-schema.md` so downstream Concelier/Excititor/Policy tasks can bind to the frozen payload shape. |
| 110.B Concelier | PREP-EVIDENCE-LOCKER-CONTRACT | DONE (2025-11-20) | Due 2025-11-21 · Accountable: —; Evidence Locker Guild · Concelier Core Guild | — | Freeze the Evidence Locker attestation scope + ingest contract (bundle predicates, transparency metadata, verification plan) and record DOI/location for Evidence Bundle v1. <br><br>Publish the signed decision in `docs/modules/evidence-locker/attestation-contract.md` and note required claim set plus validation fixtures. |
| 110.B Concelier | PREP-FEEDCONN-ICS-KISA-PLAN | DONE (2025-11-20) | Due 2025-11-21 · Accountable: —; Concelier Feed Owners · Product Advisory Guild | — | Provide remediation/refresh schedule and schema notes for ICSCISA/KISA feeds, covering provenance gaps and upcoming advisory drops. <br><br>Store the runbook in `docs/modules/concelier/feeds/icscisa-kisa.md` with owners and next review date so connector work can proceed deterministically. |
| 110.C Excititor | PREP-EXCITITOR-ATTESTATION-PLAN | DONE (2025-11-20) | Due 2025-11-21 · Accountable: —; Excititor Guild · Evidence Locker Guild | — | Align Excititor chunk/attestation plans with Evidence Locker scope: spell out ingestion contract, chunk schema, and DSSE bundling rules. <br><br>Publish the plan in `docs/modules/excititor/attestation-plan.md` and include sample payloads for `/vex/evidence/chunks` + attestation APIs. |
| 110.D Mirror | PREP-MIRROR-STAFFING | DONE (2025-11-20) | Due 2025-11-21 · Accountable: —; Mirror Creator Guild · Exporter Guild · AirGap Time Guild | — | Assign owner(s) for MIRROR-CRT-56-001, confirm DSSE/TUF milestone schedule, and record staffing commitments for follow-on CRT tasks. <br><br>Document the staffing decision and milestone plan in `docs/modules/mirror/assembler.md` so downstream automation (Export Center, AirGap Time, CLI) can execute. |
| 110.A Advisory AI | DOCS-AIAI-31-004 | DOING | Docs Guild · Console Guild | CONSOLE-VULN-29-001; CONSOLE-VEX-30-001; SBOM-AIAI-31-001/003 | Guardrail console doc drafted; screenshots + SBOM evidence pending. |
| 110.A Advisory AI | AIAI-31-009 | DONE (2025-11-12) | Advisory AI Guild | — | Regression suite + `AdvisoryAI:Guardrails` config landed with perf budgets. |
| 110.A Advisory AI | AIAI-31-008 | TODO | Advisory AI Guild | AIAI-31-006 (DONE 2025-11-04); AIAI-31-007 (DONE 2025-11-06) | Policy knob work landed; proceed with packaging and deployment steps. |
| 110.A Advisory AI | SBOM-AIAI-31-003 | BLOCKED | SBOM Service Guild | SBOM-AIAI-31-001; CLI-VULN-29-001; CLI-VEX-30-001 | Needs SBOM delta kit + CLI deliverables before validation can proceed. |
| 110.A Advisory AI | DOCS-AIAI-31-005/006/008/009 | BLOCKED | Docs Guild | DOCS-AIAI-31-004; CLI-VULN-29-001; CLI-VEX-30-001; POLICY-ENGINE-31-001; DEVOPS-AIAI-31-001 | CLI/policy/ops docs paused pending upstream artefacts. |
| 110.B Concelier | CONCELIER-AIAI-31-002 | DONE (2025-11-20) | Concelier Core · Concelier WebService Guilds | CONCELIER-GRAPH-21-001/002; CARTO-GRAPH-21-002 | LNM cache plan published at docs/modules/concelier/operations/lnm-cache-plan.md aligned to frozen schema. |
| 110.B Concelier | CONCELIER-AIAI-31-003 | DONE (2025-11-12) | Concelier Observability Guild | — | Telemetry counters/histograms live for Advisory AI dashboards. |
| 110.B Concelier | CONCELIER-AIRGAP-56-001..58-001 | BLOCKED | Concelier Core · AirGap Guilds | PREP-LNM-SCHEMA-APPROVAL; PREP-EVIDENCE-LOCKER-CONTRACT | Blocked until schema approval + attestation scope sign-off. |
| 110.B Concelier | CONCELIER-CONSOLE-23-001..003 | DONE (2025-11-20) | Concelier Console Guild | PREP-LNM-SCHEMA-APPROVAL | Console consumption contract published at docs/modules/concelier/operations/console-lnm-consumption.md. |
| 110.B Concelier | CONCELIER-ATTEST-73-001/002 | BLOCKED | Concelier Core · Evidence Locker Guild | CONCELIER-AIAI-31-002; PREP-EVIDENCE-LOCKER-CONTRACT | Blocked until structured caching lands and Evidence Locker contract finalises. |
| 110.B Concelier | FEEDCONN-ICSCISA-02-012 / FEEDCONN-KISA-02-008 | BLOCKED | Concelier Feed Owners | PREP-FEEDCONN-ICS-KISA-PLAN | Overdue provenance refreshes require schedule from feed owners. |
| 110.C Excititor | EXCITITOR-AIAI-31-001 | DONE (2025-11-09) | Excititor Web/Core Guilds | — | Normalised VEX justification projections shipped. |
| 110.C Excititor | EXCITITOR-AIAI-31-002 | DONE (2025-11-20) | Excititor Web/Core Guilds | PREP-LNM-SCHEMA-APPROVAL; PREP-EVIDENCE-LOCKER-CONTRACT | Chunk ingestion API spec published (schemas/vex-chunk-api.yaml) aligned with attestation plan. |
| 110.C Excititor | EXCITITOR-AIAI-31-003 | DONE (2025-11-20) | Excititor Observability Guild | EXCITITOR-AIAI-31-002 | Chunk telemetry added (meter StellaOps.Excititor.Chunks) and wired in /v1/vex/evidence/chunks handler. |
| 110.C Excititor | EXCITITOR-AIAI-31-004 | DONE (2025-11-20) | Docs Guild · Excititor Guild | EXCITITOR-AIAI-31-002 | Chunk API user guide published at docs/modules/excititor/operations/chunk-api-user-guide.md. |
| 110.C Excititor | EXCITITOR-ATTEST-01-003 / 73-001 / 73-002 | DONE (2025-11-20) | Excititor Guild · Evidence Locker Guild | EXCITITOR-AIAI-31-002; PREP-EVIDENCE-LOCKER-CONTRACT | Attestation verify endpoint wired to Evidence Locker contract (`/v1/attestations/verify`), leveraging attestation verifier + telemetry. |
| 110.C Excititor | EXCITITOR-AIRGAP-56/57/58 · EXCITITOR-CONN-TRUST-01-001 | BLOCKED | Excititor Guild · AirGap Guilds | PREP-LNM-SCHEMA-APPROVAL; PREP-EXCITITOR-ATTESTATION-PLAN | Blocked until schema + attestation readiness. |
| 110.D Mirror | MIRROR-CRT-56-001 | BLOCKED | Mirror Creator Guild | PREP-MIRROR-STAFFING | Blocked: no owner assigned; kickoff slipped past 2025-11-15. |
| 110.D Mirror | MIRROR-CRT-56-002 | BLOCKED | Mirror Creator · Security Guilds | MIRROR-CRT-56-001; PROV-OBS-53-001 | Blocked until MIRROR-CRT-56-001 staffed. |
| 110.D Mirror | MIRROR-CRT-57-001/002 | BLOCKED | Mirror Creator Guild · AirGap Time Guild | MIRROR-CRT-56-001; AIRGAP-TIME-57-001 | Blocked; upstream staffing unresolved. |
| 110.D Mirror | MIRROR-CRT-58-001/002 | BLOCKED | Mirror Creator Guild · CLI Guild · Exporter Guild | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | Blocked until assembler staffed and upstream contracts agreed. |
| 110.D Mirror | EXPORT-OBS-51-001 / 54-001 · AIRGAP-TIME-57-001 · CLI-AIRGAP-56-001 · PROV-OBS-53-001 | BLOCKED | Exporter Guild · AirGap Time Guild · CLI Guild | PREP-MIRROR-STAFFING | Blocked pending MIRROR-CRT-56-001 ownership. |
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | CONCELIER-CONSOLE-23-001..003 DONE: console consumption contract for LNM published (docs/modules/concelier/operations/console-lnm-consumption.md). | Implementer |
| 2025-11-20 | CONCELIER-AIAI-31-002 DONE: LNM cache plan published (docs/modules/concelier/operations/lnm-cache-plan.md) using frozen schema + Evidence Locker contract. | Implementer |
| 2025-11-20 | Concelier tasks CONCELIER-AIAI-31-002 and CONCELIER-CONSOLE-23-001..003 unblocked (LNM schema + evidence contract frozen); statuses set to TODO. | Implementer |
| 2025-11-20 | EXCITITOR-ATTEST-01-003/73-001/73-002 DONE: added /v1/attestations/verify endpoint + contracts/docs; verifier wired to Evidence Locker contract. | Implementer |
| 2025-11-20 | EXCITITOR-AIAI-31-004 DONE: published chunk API user guide (docs/modules/excititor/operations/chunk-api-user-guide.md). | Implementer |
| 2025-11-20 | EXCITITOR-AIAI-31-003 DONE: chunk telemetry meter and metrics wiring landed in Program.cs; ops note at docs/modules/excititor/operations/chunk-telemetry.md. | Implementer |
| 2025-11-20 | Marked EXCITITOR-AIAI-31-002 DONE; chunk API OpenAPI spec added at docs/modules/excititor/schemas/vex-chunk-api.yaml. | Implementer |
| 2025-11-20 | EXCITITOR-AIAI-31-002 unblocked (prep complete); starting chunk API spec + schema under docs/modules/excititor/schemas. | Implementer |
| 2025-11-20 | PREP-MIRROR-STAFFING completed; staffing/milestones recorded at docs/modules/mirror/assembler.md. | Implementer |
| 2025-11-20 | PREP-EXCITITOR-ATTESTATION-PLAN completed; plan at docs/modules/excititor/attestation-plan.md. | Implementer |
| 2025-11-20 | PREP-FEEDCONN-ICS-KISA-PLAN completed; remediation plan lives at docs/modules/concelier/feeds/icscisa-kisa.md (v0.1). | Implementer |
| 2025-11-20 | PREP-EVIDENCE-LOCKER-CONTRACT completed; contract published at docs/modules/evidence-locker/attestation-contract.md. | Implementer |
| 2025-11-20 | PREP-LNM-SCHEMA-APPROVAL completed; schema frozen in docs/modules/concelier/link-not-merge-schema.md; samples in docs/samples/lnm/*.json. | Implementer |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-13 | Refreshed wave tracker, decisions, and contingency plan ahead of 1415 Nov checkpoints; outstanding asks: SBOM/CLI/Policy/DevOps ETAs, Link-Not-Merge approval, Mirror staffing. | Sprint 110 leads |
| 2025-11-09 | Captured initial wave scope, interlocks, and risks covering SBOM/CLI/Policy/DevOps artefacts, Link-Not-Merge schemas, Excititor justification backlog, and Mirror assembler commitments. | Sprint 110 leads |
| 2025-11-16 | Updated task board: marked Advisory AI packaging, Concelier air-gap/console/attestation tracks, Excititor chunk/attestation/air-gap tracks, and all Mirror tracks as BLOCKED pending schema approvals, Evidence Locker contract, and Mirror staffing decisions. | Implementer |
| 2025-11-16 | Marked CONCELIER-AIAI-31-002 BLOCKED (waiting on Link-Not-Merge schema approval); progressed DOCS-AIAI-31-004 doc draft. | Implementer |
## Decisions & Risks
### Decisions in flight
| Decision | Blocking work | Accountable owner(s) | Due date |
| --- | --- | --- | --- |
| Confirm SBOM/CLI/Policy/DevOps delivery dates | DOCS-AIAI backlog, SBOM-AIAI-31-003, AIAI-31-008 | SBOM Service · CLI · Policy · DevOps guild leads | 2025-11-14 |
| Approve Link-Not-Merge schema (CONCELIER-GRAPH-21-001/002, CARTO-GRAPH-21-002) | CONCELIER-AIAI-31-002, EXCITITOR-AIAI-31-002/003/004, air-gap + attestation tasks | Concelier Core · Cartographer Guild · SBOM Service Guild | 2025-11-14 |
| Assign MIRROR-CRT-56-001 owner | Entire Mirror wave + Export Center + AirGap Time automation | Mirror Creator Guild · Exporter Guild · AirGap Time Guild | 2025-11-15 |
| Evidence Locker attestation scope sign-off | EXCITITOR-ATTEST-01-003/73-001/73-002; CONCELIER-ATTEST-73-001/002 | Evidence Locker Guild · Excititor Guild · Concelier Guild | 2025-11-15 |
| Approve DOCS-AIAI-31-004 screenshot plan | Publication of console guardrail doc | Docs Guild · Console Guild | 2025-11-15 |
### Risk outlook (2025-11-13)
| Risk | Impact | Mitigation / owner |
| --- | --- | --- |
| SBOM/CLI/Policy/DevOps artefacts slip past 14 Nov | Advisory AI docs + SBOM feeds stay blocked, delaying customer rollout & dependent sprints. | Lock ETAs during 14 Nov interlock; escalate to Advisory AI leadership if commitments slip. |
| Link-Not-Merge schema approval delayed | Concelier/Excititor APIs, console overlays, and air-gap bundles remain gated. | Close 14 Nov review with migration notes; unblock tasks immediately after approval. |
| Excititor attestation backlog stalls | VEX evidence + air-gap parity cannot progress; Mirror support drifts. | Use 15 Nov sequencing session to lock order, reserve engineering capacity. |
| MIRROR-CRT-56-001 remains unstaffed | DSSE/TUF, OCI/time-anchor, CLI, Export Center automation cannot start (Sprint 125 slips). | Assign owner at kickoff; reallocate Export/AirGap engineers if needed. |
| Connector refreshes (ICSCISA/KISA) remain overdue | Advisory AI may serve stale advisories; telemetry accuracy suffers. | Feed owners to publish remediation plan + interim mitigations by 15 Nov stand-up. |
## Next Checkpoints
| Date (UTC) | Session | Goal | Impacted wave(s) | Prep owner(s) |
| --- | --- | --- | --- | --- |
| 2025-11-14 | Advisory AI customer surfaces follow-up | Capture SBOM/CLI/Policy/DevOps ETAs to restart DOCS/SBOM work. | 110.A | Advisory AI · SBOM · CLI · Policy · DevOps guild leads |
| 2025-11-14 | Link-Not-Merge schema review | Approve schema payloads + migration notes. | 110.B · 110.C | Concelier Core · Cartographer Guild · SBOM Service Guild |
| 2025-11-15 | Excititor attestation sequencing | Lock Evidence Locker contract + backlog order. | 110.C | Excititor Web/Core · Evidence Locker Guild |
| 2025-11-15 | Mirror evidence kickoff | Assign MIRROR-CRT-56-001 owner, confirm staffing, outline DSSE/TUF + OCI milestones. | 110.D | Mirror Creator · Exporter · AirGap Time · Security guilds |
## Appendix
- Detailed coordination artefacts, contingency playbook, and historical notes previously held in this sprint now live at `docs/implplan/archived/SPRINT_110_ingestion_evidence_2025-11-13.md`.
# Sprint 110 · Ingestion & Evidence
## Topic & Scope
- Finalise Advisory AI guardrail evidence (docs, SBOM feeds, policy knobs) while keeping customer rollout unblocked.
- Land Concelier structured caching + telemetry so Link-Not-Merge schemas can feed downstream consoles, air-gap bundles, and attestations.
- Prepare Excititor chunk API, telemetry, and attestation contracts for deterministic VEX evidence delivery.
- Staff and kick off the Mirror assembler so deterministic bundles, DSSE/TUF metadata, and CLI/Export Center automation can start.
## Dependencies & Concurrency
- Upstream: Sprint 100.A (Attestor) must remain green; Excititor/Concelier depend on Link-Not-Merge schema set (`CONCELIER-LNM-21-*`, `CARTO-GRAPH-21-002`). Advisory AI docs require SBOM/CLI/Policy/DevOps deliverables (`SBOM-AIAI-31-001`, `CLI-VULN-29-001`, `CLI-VEX-30-001`, `POLICY-ENGINE-31-001`, `DEVOPS-AIAI-31-001`).
- Sprint 110 peers (111119 range) stay independent; no intra-decade dependencies are permitted.
- Evidence Locker contract and Mirror staffing decisions affect Excititor attestation work and Mirror tracks respectively.
## Documentation Prerequisites
- `docs/modules/advisory-ai/architecture.md`
- `docs/modules/concelier/architecture.md`
- `docs/modules/excititor/architecture.md`
- `docs/modules/export-center/architecture.md`
- `docs/modules/airgap/architecture.md` (timeline + bundle requirements)
## Task Board
| Wave | Task ID | Status | Owner(s) | Dependencies | Notes |
| --- | --- | --- | --- | --- | --- |
| 110.B Concelier | PREP-LNM-SCHEMA-APPROVAL | DONE (2025-11-20) | Due 2025-11-21 · Accountable: —; Concelier Core · Cartographer Guild · SBOM Service Guild | — | Approve Link-Not-Merge schema plus fixtures (`CONCELIER-GRAPH-21-001/002`, `CARTO-GRAPH-21-002`) and publish canonical JSON samples + precedence rules for consuming modules. <br><br>Archive decision + artefacts under `docs/modules/concelier/link-not-merge-schema.md` so downstream Concelier/Excititor/Policy tasks can bind to the frozen payload shape. |
| 110.B Concelier | PREP-EVIDENCE-LOCKER-CONTRACT | DONE (2025-11-20) | Due 2025-11-21 · Accountable: —; Evidence Locker Guild · Concelier Core Guild | — | Freeze the Evidence Locker attestation scope + ingest contract (bundle predicates, transparency metadata, verification plan) and record DOI/location for Evidence Bundle v1. <br><br>Publish the signed decision in `docs/modules/evidence-locker/attestation-contract.md` and note required claim set plus validation fixtures. |
| 110.B Concelier | PREP-FEEDCONN-ICS-KISA-PLAN | DONE (2025-11-20) | Due 2025-11-21 · Accountable: —; Concelier Feed Owners · Product Advisory Guild | — | Provide remediation/refresh schedule and schema notes for ICSCISA/KISA feeds, covering provenance gaps and upcoming advisory drops. <br><br>Store the runbook in `docs/modules/concelier/feeds/icscisa-kisa.md` with owners and next review date so connector work can proceed deterministically. |
| 110.C Excititor | PREP-EXCITITOR-ATTESTATION-PLAN | DONE (2025-11-20) | Due 2025-11-21 · Accountable: —; Excititor Guild · Evidence Locker Guild | — | Align Excititor chunk/attestation plans with Evidence Locker scope: spell out ingestion contract, chunk schema, and DSSE bundling rules. <br><br>Publish the plan in `docs/modules/excititor/attestation-plan.md` and include sample payloads for `/vex/evidence/chunks` + attestation APIs. |
| 110.D Mirror | PREP-MIRROR-STAFFING | DONE (2025-11-20) | Due 2025-11-21 · Accountable: —; Mirror Creator Guild · Exporter Guild · AirGap Time Guild | — | Assign owner(s) for MIRROR-CRT-56-001, confirm DSSE/TUF milestone schedule, and record staffing commitments for follow-on CRT tasks. <br><br>Document the staffing decision and milestone plan in `docs/modules/mirror/assembler.md` so downstream automation (Export Center, AirGap Time, CLI) can execute. |
| 110.A Advisory AI | DOCS-AIAI-31-004 | DOING | Docs Guild · Console Guild | CONSOLE-VULN-29-001; CONSOLE-VEX-30-001; SBOM-AIAI-31-001/003 | Guardrail console doc drafted; screenshots + SBOM evidence pending. |
| 110.A Advisory AI | AIAI-31-009 | DONE (2025-11-12) | Advisory AI Guild | — | Regression suite + `AdvisoryAI:Guardrails` config landed with perf budgets. |
| 110.A Advisory AI | AIAI-31-008 | TODO | Advisory AI Guild | AIAI-31-006 (DONE 2025-11-04); AIAI-31-007 (DONE 2025-11-06) | Policy knob work landed; proceed with packaging and deployment steps. |
| 110.A Advisory AI | SBOM-AIAI-31-003 | BLOCKED | SBOM Service Guild | SBOM-AIAI-31-001; CLI-VULN-29-001; CLI-VEX-30-001 | Needs SBOM delta kit + CLI deliverables before validation can proceed. |
| 110.A Advisory AI | DOCS-AIAI-31-005/006/008/009 | BLOCKED | Docs Guild | DOCS-AIAI-31-004; CLI-VULN-29-001; CLI-VEX-30-001; POLICY-ENGINE-31-001; DEVOPS-AIAI-31-001 | CLI/policy/ops docs paused pending upstream artefacts. |
| 110.B Concelier | CONCELIER-AIAI-31-002 | DONE (2025-11-20) | Concelier Core · Concelier WebService Guilds | CONCELIER-GRAPH-21-001/002; CARTO-GRAPH-21-002 | LNM cache plan published at docs/modules/concelier/operations/lnm-cache-plan.md aligned to frozen schema. |
| 110.B Concelier | CONCELIER-AIAI-31-003 | DONE (2025-11-12) | Concelier Observability Guild | — | Telemetry counters/histograms live for Advisory AI dashboards. |
| 110.B Concelier | CONCELIER-AIRGAP-56-001..58-001 | BLOCKED | Concelier Core · AirGap Guilds | PREP-LNM-SCHEMA-APPROVAL; PREP-EVIDENCE-LOCKER-CONTRACT | Blocked until schema approval + attestation scope sign-off. |
| 110.B Concelier | CONCELIER-CONSOLE-23-001..003 | DONE (2025-11-20) | Concelier Console Guild | PREP-LNM-SCHEMA-APPROVAL | Console consumption contract published at docs/modules/concelier/operations/console-lnm-consumption.md. |
| 110.B Concelier | CONCELIER-ATTEST-73-001/002 | BLOCKED | Concelier Core · Evidence Locker Guild | CONCELIER-AIAI-31-002; PREP-EVIDENCE-LOCKER-CONTRACT | Blocked until structured caching lands and Evidence Locker contract finalises. |
| 110.B Concelier | FEEDCONN-ICSCISA-02-012 / FEEDCONN-KISA-02-008 | BLOCKED | Concelier Feed Owners | PREP-FEEDCONN-ICS-KISA-PLAN | Overdue provenance refreshes require schedule from feed owners. |
| 110.C Excititor | EXCITITOR-AIAI-31-001 | DONE (2025-11-09) | Excititor Web/Core Guilds | — | Normalised VEX justification projections shipped. |
| 110.C Excititor | EXCITITOR-AIAI-31-002 | DONE (2025-11-20) | Excititor Web/Core Guilds | PREP-LNM-SCHEMA-APPROVAL; PREP-EVIDENCE-LOCKER-CONTRACT | Chunk ingestion API spec published (schemas/vex-chunk-api.yaml) aligned with attestation plan. |
| 110.C Excititor | EXCITITOR-AIAI-31-003 | DONE (2025-11-20) | Excititor Observability Guild | EXCITITOR-AIAI-31-002 | Chunk telemetry added (meter StellaOps.Excititor.Chunks) and wired in /v1/vex/evidence/chunks handler. |
| 110.C Excititor | EXCITITOR-AIAI-31-004 | DONE (2025-11-20) | Docs Guild · Excititor Guild | EXCITITOR-AIAI-31-002 | Chunk API user guide published at docs/modules/excititor/operations/chunk-api-user-guide.md. |
| 110.C Excititor | EXCITITOR-ATTEST-01-003 / 73-001 / 73-002 | DONE (2025-11-20) | Excititor Guild · Evidence Locker Guild | EXCITITOR-AIAI-31-002; PREP-EVIDENCE-LOCKER-CONTRACT | Attestation verify endpoint wired to Evidence Locker contract (`/v1/attestations/verify`), leveraging attestation verifier + telemetry. |
| 110.C Excititor | EXCITITOR-AIRGAP-56/57/58 · EXCITITOR-CONN-TRUST-01-001 | BLOCKED | Excititor Guild · AirGap Guilds | PREP-LNM-SCHEMA-APPROVAL; PREP-EXCITITOR-ATTESTATION-PLAN | Blocked until schema + attestation readiness. |
| 110.D Mirror | MIRROR-CRT-56-001 | BLOCKED | Mirror Creator Guild | PREP-MIRROR-STAFFING | Blocked: no owner assigned; kickoff slipped past 2025-11-15. |
| 110.D Mirror | MIRROR-CRT-56-002 | BLOCKED | Mirror Creator · Security Guilds | MIRROR-CRT-56-001; PROV-OBS-53-001 | Blocked until MIRROR-CRT-56-001 staffed. |
| 110.D Mirror | MIRROR-CRT-57-001/002 | BLOCKED | Mirror Creator Guild · AirGap Time Guild | MIRROR-CRT-56-001; AIRGAP-TIME-57-001 | Blocked; upstream staffing unresolved. |
| 110.D Mirror | MIRROR-CRT-58-001/002 | BLOCKED | Mirror Creator Guild · CLI Guild · Exporter Guild | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | Blocked until assembler staffed and upstream contracts agreed. |
| 110.D Mirror | EXPORT-OBS-51-001 / 54-001 · AIRGAP-TIME-57-001 · CLI-AIRGAP-56-001 · PROV-OBS-53-001 | BLOCKED | Exporter Guild · AirGap Time Guild · CLI Guild | PREP-MIRROR-STAFFING | Blocked pending MIRROR-CRT-56-001 ownership. |
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Concelier WebService tests could not run locally (Mongo2Go requires libcrypto.so.1.1). Endpoint compiled; rerun tests once OpenSSL 1.1 shim available. | Implementer |
| 2025-11-20 | CONCELIER-CONSOLE-23-001..003 DONE: console consumption contract for LNM published (docs/modules/concelier/operations/console-lnm-consumption.md). | Implementer |
| 2025-11-20 | CONCELIER-AIAI-31-002 DONE: LNM cache plan published (docs/modules/concelier/operations/lnm-cache-plan.md) using frozen schema + Evidence Locker contract. | Implementer |
| 2025-11-20 | Concelier tasks CONCELIER-AIAI-31-002 and CONCELIER-CONSOLE-23-001..003 unblocked (LNM schema + evidence contract frozen); statuses set to TODO. | Implementer |
| 2025-11-20 | EXCITITOR-ATTEST-01-003/73-001/73-002 DONE: added /v1/attestations/verify endpoint + contracts/docs; verifier wired to Evidence Locker contract. | Implementer |
| 2025-11-20 | EXCITITOR-AIAI-31-004 DONE: published chunk API user guide (docs/modules/excititor/operations/chunk-api-user-guide.md). | Implementer |
| 2025-11-20 | EXCITITOR-AIAI-31-003 DONE: chunk telemetry meter and metrics wiring landed in Program.cs; ops note at docs/modules/excititor/operations/chunk-telemetry.md. | Implementer |
| 2025-11-20 | Marked EXCITITOR-AIAI-31-002 DONE; chunk API OpenAPI spec added at docs/modules/excititor/schemas/vex-chunk-api.yaml. | Implementer |
| 2025-11-20 | EXCITITOR-AIAI-31-002 unblocked (prep complete); starting chunk API spec + schema under docs/modules/excititor/schemas. | Implementer |
| 2025-11-20 | PREP-MIRROR-STAFFING completed; staffing/milestones recorded at docs/modules/mirror/assembler.md. | Implementer |
| 2025-11-20 | PREP-EXCITITOR-ATTESTATION-PLAN completed; plan at docs/modules/excititor/attestation-plan.md. | Implementer |
| 2025-11-20 | PREP-FEEDCONN-ICS-KISA-PLAN completed; remediation plan lives at docs/modules/concelier/feeds/icscisa-kisa.md (v0.1). | Implementer |
| 2025-11-20 | PREP-EVIDENCE-LOCKER-CONTRACT completed; contract published at docs/modules/evidence-locker/attestation-contract.md. | Implementer |
| 2025-11-20 | PREP-LNM-SCHEMA-APPROVAL completed; schema frozen in docs/modules/concelier/link-not-merge-schema.md; samples in docs/samples/lnm/*.json. | Implementer |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-13 | Refreshed wave tracker, decisions, and contingency plan ahead of 1415 Nov checkpoints; outstanding asks: SBOM/CLI/Policy/DevOps ETAs, Link-Not-Merge approval, Mirror staffing. | Sprint 110 leads |
| 2025-11-09 | Captured initial wave scope, interlocks, and risks covering SBOM/CLI/Policy/DevOps artefacts, Link-Not-Merge schemas, Excititor justification backlog, and Mirror assembler commitments. | Sprint 110 leads |
| 2025-11-16 | Updated task board: marked Advisory AI packaging, Concelier air-gap/console/attestation tracks, Excititor chunk/attestation/air-gap tracks, and all Mirror tracks as BLOCKED pending schema approvals, Evidence Locker contract, and Mirror staffing decisions. | Implementer |
| 2025-11-16 | Marked CONCELIER-AIAI-31-002 BLOCKED (waiting on Link-Not-Merge schema approval); progressed DOCS-AIAI-31-004 doc draft. | Implementer |
## Decisions & Risks
### Decisions in flight
| Decision | Blocking work | Accountable owner(s) | Due date |
| --- | --- | --- | --- |
| Confirm SBOM/CLI/Policy/DevOps delivery dates | DOCS-AIAI backlog, SBOM-AIAI-31-003, AIAI-31-008 | SBOM Service · CLI · Policy · DevOps guild leads | 2025-11-14 |
| Approve Link-Not-Merge schema (CONCELIER-GRAPH-21-001/002, CARTO-GRAPH-21-002) | CONCELIER-AIAI-31-002, EXCITITOR-AIAI-31-002/003/004, air-gap + attestation tasks | Concelier Core · Cartographer Guild · SBOM Service Guild | 2025-11-14 |
| Assign MIRROR-CRT-56-001 owner | Entire Mirror wave + Export Center + AirGap Time automation | Mirror Creator Guild · Exporter Guild · AirGap Time Guild | 2025-11-15 |
| Evidence Locker attestation scope sign-off | EXCITITOR-ATTEST-01-003/73-001/73-002; CONCELIER-ATTEST-73-001/002 | Evidence Locker Guild · Excititor Guild · Concelier Guild | 2025-11-15 |
| Approve DOCS-AIAI-31-004 screenshot plan | Publication of console guardrail doc | Docs Guild · Console Guild | 2025-11-15 |
### Risk outlook (2025-11-13)
| Risk | Impact | Mitigation / owner |
| --- | --- | --- |
| SBOM/CLI/Policy/DevOps artefacts slip past 14 Nov | Advisory AI docs + SBOM feeds stay blocked, delaying customer rollout & dependent sprints. | Lock ETAs during 14 Nov interlock; escalate to Advisory AI leadership if commitments slip. |
| Link-Not-Merge schema approval delayed | Concelier/Excititor APIs, console overlays, and air-gap bundles remain gated. | Close 14 Nov review with migration notes; unblock tasks immediately after approval. |
| Excititor attestation backlog stalls | VEX evidence + air-gap parity cannot progress; Mirror support drifts. | Use 15 Nov sequencing session to lock order, reserve engineering capacity. |
| MIRROR-CRT-56-001 remains unstaffed | DSSE/TUF, OCI/time-anchor, CLI, Export Center automation cannot start (Sprint 125 slips). | Assign owner at kickoff; reallocate Export/AirGap engineers if needed. |
| Connector refreshes (ICSCISA/KISA) remain overdue | Advisory AI may serve stale advisories; telemetry accuracy suffers. | Feed owners to publish remediation plan + interim mitigations by 15 Nov stand-up. |
## Next Checkpoints
| Date (UTC) | Session | Goal | Impacted wave(s) | Prep owner(s) |
| --- | --- | --- | --- | --- |
| 2025-11-14 | Advisory AI customer surfaces follow-up | Capture SBOM/CLI/Policy/DevOps ETAs to restart DOCS/SBOM work. | 110.A | Advisory AI · SBOM · CLI · Policy · DevOps guild leads |
| 2025-11-14 | Link-Not-Merge schema review | Approve schema payloads + migration notes. | 110.B · 110.C | Concelier Core · Cartographer Guild · SBOM Service Guild |
| 2025-11-15 | Excititor attestation sequencing | Lock Evidence Locker contract + backlog order. | 110.C | Excititor Web/Core · Evidence Locker Guild |
| 2025-11-15 | Mirror evidence kickoff | Assign MIRROR-CRT-56-001 owner, confirm staffing, outline DSSE/TUF + OCI milestones. | 110.D | Mirror Creator · Exporter · AirGap Time · Security guilds |
## Appendix
- Detailed coordination artefacts, contingency playbook, and historical notes previously held in this sprint now live at `docs/implplan/archived/SPRINT_110_ingestion_evidence_2025-11-13.md`.

25
docs/implplan/SPRINT_123_policy_reasoning.md
View File

@@ -12,18 +12,18 @@ Focus: Policy & Reasoning focus on Policy (phase I).
| --- | --- | --- | --- | --- |
| P1 | PREP-EXPORT-CONSOLE-23-001-MISSING-EXPORT-BUN | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Policy Guild, Scheduler Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild, Scheduler Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | Missing export bundle contract/API surface and scheduler job spec for Console; requires agreed schema and job wiring. <br><br> Document artefact/deliverable for EXPORT-CONSOLE-23-001 and publish location so downstream tasks can proceed. |
| P2 | PREP-POLICY-AIRGAP-56-001-MIRROR-BUNDLE-SCHEM | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Policy Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild / src/Policy/StellaOps.Policy.Engine | Mirror bundle schema for policy packs not published; need bundle_id/provenance fields and sealed-mode rules. <br><br> Document artefact/deliverable for POLICY-AIRGAP-56-001 and publish location so downstream tasks can proceed. |
| P3 | PREP-POLICY-AIRGAP-56-002-DEPENDS-ON-56-001-B | TODO | Due 2025-11-22 · Accountable: Policy Guild, Policy Studio Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild, Policy Studio Guild / src/Policy/StellaOps.Policy.Engine | Depends on 56-001 bundle import schema and DSSE signing profile. <br><br> Document artefact/deliverable for POLICY-AIRGAP-56-002 and publish location so downstream tasks can proceed. |
| P4 | PREP-POLICY-AIRGAP-57-001-REQUIRES-SEALED-MOD | TODO | Due 2025-11-22 · Accountable: Policy Guild, AirGap Policy Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild, AirGap Policy Guild / src/Policy/StellaOps.Policy.Engine | Requires sealed-mode contract (egress rules, error codes) after 56-002. <br><br> Document artefact/deliverable for POLICY-AIRGAP-57-001 and publish location so downstream tasks can proceed. |
| P5 | PREP-POLICY-AIRGAP-57-002-NEEDS-STALENESS-FAL | TODO | Due 2025-11-22 · Accountable: Policy Guild, AirGap Time Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild, AirGap Time Guild / src/Policy/StellaOps.Policy.Engine | Needs staleness/fallback data contract from 57-001. <br><br> Document artefact/deliverable for POLICY-AIRGAP-57-002 and publish location so downstream tasks can proceed. |
| P6 | PREP-POLICY-AIRGAP-58-001-NOTIFICATION-SCHEMA | TODO | Due 2025-11-22 · Accountable: Policy Guild, Notifications Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild, Notifications Guild / src/Policy/StellaOps.Policy.Engine | Notification schema and staleness signals pending from 57-002. <br><br> Document artefact/deliverable for POLICY-AIRGAP-58-001 and publish location so downstream tasks can proceed. |
| P7 | PREP-POLICY-AOC-19-001-NEEDS-AGREED-LINTING-T | TODO | Due 2025-11-22 · Accountable: Policy Guild / src/Policy/__Libraries/StellaOps.Policy | Policy Guild / src/Policy/__Libraries/StellaOps.Policy | Needs agreed linting targets (which ingestion projects, which helpers) and CI wiring; no analyzer/lint spec available. <br><br> Document artefact/deliverable for POLICY-AOC-19-001 and publish location so downstream tasks can proceed. |
| P8 | PREP-POLICY-AOC-19-002-DEPENDS-ON-19-001-LINT | TODO | Due 2025-11-22 · Accountable: Policy Guild, Platform Security / src/Policy/__Libraries/StellaOps.Policy | Policy Guild, Platform Security / src/Policy/__Libraries/StellaOps.Policy | Depends on 19-001 lint implementation and authority contract for `effective:write` gate. <br><br> Document artefact/deliverable for POLICY-AOC-19-002 and publish location so downstream tasks can proceed. |
| P9 | PREP-POLICY-AOC-19-003-REQUIRES-DECISIONED-NO | TODO | Due 2025-11-22 · Accountable: Policy Guild / src/Policy/__Libraries/StellaOps.Policy | Policy Guild / src/Policy/__Libraries/StellaOps.Policy | Requires decisioned normalized-field removal contract after 19-002; fixtures not provided. <br><br> Document artefact/deliverable for POLICY-AOC-19-003 and publish location so downstream tasks can proceed. |
| P10 | PREP-POLICY-AOC-19-004-DEPENDENT-ON-19-003-DA | TODO | Due 2025-11-22 · Accountable: Policy Guild, QA Guild / src/Policy/__Libraries/StellaOps.Policy | Policy Guild, QA Guild / src/Policy/__Libraries/StellaOps.Policy | Dependent on 19-003 data shape and determinism fixtures. <br><br> Document artefact/deliverable for POLICY-AOC-19-004 and publish location so downstream tasks can proceed. |
| P11 | PREP-POLICY-ATTEST-73-001-VERIFICATIONPOLICY- | TODO | Due 2025-11-22 · Accountable: Policy Guild, Attestor Service Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild, Attestor Service Guild / src/Policy/StellaOps.Policy.Engine | VerificationPolicy schema/persistence contract missing; needs Attestor alignment. <br><br> Document artefact/deliverable for POLICY-ATTEST-73-001 and publish location so downstream tasks can proceed. |
| P12 | PREP-POLICY-ATTEST-73-002-DEPENDS-ON-73-001-E | TODO | Due 2025-11-22 · Accountable: Policy Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild / src/Policy/StellaOps.Policy.Engine | Depends on 73-001 editor DTOs and validation schema. <br><br> Document artefact/deliverable for POLICY-ATTEST-73-002 and publish location so downstream tasks can proceed. |
| P13 | PREP-POLICY-ATTEST-74-001-REQUIRES-73-002-AND | TODO | Due 2025-11-22 · Accountable: Policy Guild, Attestor Service Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild, Attestor Service Guild / src/Policy/StellaOps.Policy.Engine | Requires 73-002 and Attestor pipeline contract. <br><br> Document artefact/deliverable for POLICY-ATTEST-74-001 and publish location so downstream tasks can proceed. |
| P14 | PREP-POLICY-ATTEST-74-002-NEEDS-74-001-SURFAC | TODO | Due 2025-11-22 · Accountable: Policy Guild, Console Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild, Console Guild / src/Policy/StellaOps.Policy.Engine | Needs 74-001 surface in Console verification reports contract. <br><br> Document artefact/deliverable for POLICY-ATTEST-74-002 and publish location so downstream tasks can proceed. |
| P3 | PREP-POLICY-AIRGAP-56-002-DEPENDS-ON-56-001-B | DONE (2025-11-20) | Prep doc at `docs/modules/policy/prep/2025-11-20-policy-airgap-56-002-prep.md`; awaits schema hash from 56-001. | Policy Guild, Policy Studio Guild / src/Policy/StellaOps.Policy.Engine | Depends on 56-001 bundle import schema and DSSE signing profile. <br><br> Document artefact/deliverable for POLICY-AIRGAP-56-002 and publish location so downstream tasks can proceed. |
| P4 | PREP-POLICY-AIRGAP-57-001-REQUIRES-SEALED-MOD | DONE (2025-11-20) | Prep doc at `docs/modules/policy/prep/2025-11-20-policy-airgap-57-001-prep.md`; depends on 56-002 + WEB-OAS-61-002 envelope. | Policy Guild, AirGap Policy Guild / src/Policy/StellaOps.Policy.Engine | Requires sealed-mode contract (egress rules, error codes) after 56-002. <br><br> Document artefact/deliverable for POLICY-AIRGAP-57-001 and publish location so downstream tasks can proceed. |
| P5 | PREP-POLICY-AIRGAP-57-002-NEEDS-STALENESS-FAL | DONE (2025-11-20) | Prep doc at `docs/modules/policy/prep/2025-11-20-policy-airgap-57-002-prep.md`; awaits staleness metadata inputs. | Policy Guild, AirGap Time Guild / src/Policy/StellaOps.Policy.Engine | Needs staleness/fallback data contract from 57-001. <br><br> Document artefact/deliverable for POLICY-AIRGAP-57-002 and publish location so downstream tasks can proceed. |
| P6 | PREP-POLICY-AIRGAP-58-001-NOTIFICATION-SCHEMA | DONE (2025-11-20) | Prep doc at `docs/modules/policy/prep/2025-11-20-policy-airgap-58-001-prep.md`; aligned to notifications schema once available. | Policy Guild, Notifications Guild / src/Policy/StellaOps.Policy.Engine | Notification schema and staleness signals pending from 57-002. <br><br> Document artefact/deliverable for POLICY-AIRGAP-58-001 and publish location so downstream tasks can proceed. |
| P7 | PREP-POLICY-AOC-19-001-NEEDS-AGREED-LINTING-T | DONE (2025-11-20) | Prep doc at `docs/modules/policy/prep/2025-11-20-policy-aoc-19-001-prep.md`; awaiting rule set agreement. | Policy Guild / src/Policy/__Libraries/StellaOps.Policy | Needs agreed linting targets (which ingestion projects, which helpers) and CI wiring; no analyzer/lint spec available. <br><br> Document artefact/deliverable for POLICY-AOC-19-001 and publish location so downstream tasks can proceed. |
| P8 | PREP-POLICY-AOC-19-002-DEPENDS-ON-19-001-LINT | DONE (2025-11-20) | Prep doc at `docs/modules/policy/prep/2025-11-20-policy-aoc-19-002-prep.md`; depends on lint rules + auth scopes. | Policy Guild, Platform Security / src/Policy/__Libraries/StellaOps.Policy | Depends on 19-001 lint implementation and authority contract for `effective:write` gate. <br><br> Document artefact/deliverable for POLICY-AOC-19-002 and publish location so downstream tasks can proceed. |
| P9 | PREP-POLICY-AOC-19-003-REQUIRES-DECISIONED-NO | DONE (2025-11-20) | Prep doc at `docs/modules/policy/prep/2025-11-20-policy-aoc-19-003-prep.md`; awaiting field removal decision. | Policy Guild / src/Policy/__Libraries/StellaOps.Policy | Requires decisioned normalized-field removal contract after 19-002; fixtures not provided. <br><br> Document artefact/deliverable for POLICY-AOC-19-003 and publish location so downstream tasks can proceed. |
| P10 | PREP-POLICY-AOC-19-004-DEPENDENT-ON-19-003-DA | DONE (2025-11-20) | Prep doc at `docs/modules/policy/prep/2025-11-20-policy-aoc-19-004-prep.md`; depends on field removal list. | Policy Guild, QA Guild / src/Policy/__Libraries/StellaOps.Policy | Dependent on 19-003 data shape and determinism fixtures. <br><br> Document artefact/deliverable for POLICY-AOC-19-004 and publish location so downstream tasks can proceed. |
| P11 | PREP-POLICY-ATTEST-73-001-VERIFICATIONPOLICY- | DONE (2025-11-20) | Due 2025-11-22 · Accountable: Policy Guild, Attestor Service Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild, Attestor Service Guild / src/Policy/StellaOps.Policy.Engine | Prep artefact published at `docs/modules/policy/prep/2025-11-20-policy-attest-73-001-prep.md` (VerificationPolicy schema/persistence rules). |
| P12 | PREP-POLICY-ATTEST-73-002-DEPENDS-ON-73-001-E | DONE (2025-11-20) | Due 2025-11-22 · Accountable: Policy Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild / src/Policy/StellaOps.Policy.Engine | Prep artefact published at `docs/modules/policy/prep/2025-11-20-policy-attest-73-002-prep.md` (editor DTOs + validation). |
| P13 | PREP-POLICY-ATTEST-74-001-REQUIRES-73-002-AND | DONE (2025-11-20) | Due 2025-11-22 · Accountable: Policy Guild, Attestor Service Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild, Attestor Service Guild / src/Policy/StellaOps.Policy.Engine | Prep artefact published at `docs/modules/policy/prep/2025-11-20-policy-attest-74-001-prep.md` (policy attestation result schema + endpoint). |
| P14 | PREP-POLICY-ATTEST-74-002-NEEDS-74-001-SURFAC | DONE (2025-11-20) | Due 2025-11-22 · Accountable: Policy Guild, Console Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild, Console Guild / src/Policy/StellaOps.Policy.Engine | Prep artefact published at `docs/modules/policy/prep/2025-11-20-policy-attest-74-002-prep.md` (Console report extension for attestation results). |
| 1 | EXPORT-CONSOLE-23-001 | BLOCKED | PREP-EXPORT-CONSOLE-23-001-MISSING-EXPORT-BUN | Policy Guild, Scheduler Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine |
| 2 | POLICY-AIRGAP-56-001 | BLOCKED | PREP-POLICY-AIRGAP-56-001-MIRROR-BUNDLE-SCHEM | Policy Guild / src/Policy/StellaOps.Policy.Engine |
| 3 | POLICY-AIRGAP-56-002 | BLOCKED | PREP-POLICY-AIRGAP-56-002-DEPENDS-ON-56-001-B | Policy Guild, Policy Studio Guild / src/Policy/StellaOps.Policy.Engine |
@@ -45,6 +45,7 @@ Focus: Policy & Reasoning focus on Policy (phase I).
| --- | --- | --- |
| 2025-11-20 | Drafted export bundle + scheduler contract (docs/modules/policy/design/export-console-bundle-contract.md); pinged Console/Scheduler owners for signer/storage decisions. | Project Mgmt |
| 2025-11-20 | Confirmed PREP-EXPORT-CONSOLE-23-001 and PREP-POLICY-AIRGAP-56-001 still TODO; moved both to DOING to draft missing export/bundle schemas. | Project Mgmt |
| 2025-11-20 | Published prep artefacts for AIRGAP chain (56-002/57-001/57-002/58-001) and AOC lint/normalization (19-001/002/003/004); marked P3P10 DONE. | Implementer |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-08 | Sprint created; awaiting staffing. | Planning |
| 2025-11-18 | Attempted EXPORT-CONSOLE-23-001 but blocked: no export bundle/schema or scheduler job contract for Console; requires API + signed manifest format before implementation. Marked remaining tasks BLOCKED pending lint/airgap/attest/Console contracts. | Policy Guild |

5
docs/implplan/SPRINT_124_policy_reasoning.md
View File

@@ -10,7 +10,7 @@ Focus: Policy & Reasoning focus on Policy (phase II).
| # | Task ID & handle | State | Key dependency / next step | Owners |
| --- | --- | --- | --- | --- |
| P1 | PREP-POLICY-ENGINE-20-002-BUILD-DETERMINISTIC | TODO | Due 2025-11-22 · Accountable: Policy Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild / src/Policy/StellaOps.Policy.Engine | Build deterministic evaluator honoring lexical/priority order, first-match semantics, and safe value types (no wall-clock/network access). <br><br> Document artefact/deliverable for POLICY-ENGINE-20-002 and publish location so downstream tasks can proceed. |
| P1 | PREP-POLICY-ENGINE-20-002-BUILD-DETERMINISTIC | DONE (2025-11-20) | Prep doc at `docs/modules/policy/prep/2025-11-20-policy-engine-20-002-prep.md`; captures evaluator constraints. | Policy Guild / src/Policy/StellaOps.Policy.Engine | Build deterministic evaluator honoring lexical/priority order, first-match semantics, and safe value types (no wall-clock/network access). <br><br> Document artefact/deliverable for POLICY-ENGINE-20-002 and publish location so downstream tasks can proceed. |
| 1 | POLICY-CONSOLE-23-002 | TODO | Produce simulation diff metadata (before/after counts, severity deltas, rule impact summaries) and approval state endpoints consumed by Console policy workspace; expose RBAC-aware status transitions (Deps: POLICY-CONSOLE-23-001) | Policy Guild, Product Ops / src/Policy/StellaOps.Policy.Engine |
| 2 | POLICY-ENGINE-20-002 | BLOCKED (2025-10-26) | PREP-POLICY-ENGINE-20-002-BUILD-DETERMINISTIC | Policy Guild / src/Policy/StellaOps.Policy.Engine |
| 3 | POLICY-ENGINE-20-003 | TODO | Implement selection joiners resolving SBOM↔advisory↔VEX tuples using linksets and PURL equivalence tables, with deterministic batching (Deps: POLICY-ENGINE-20-002) | Policy Guild, Concelier Core Guild, Excititor Core Guild / src/Policy/StellaOps.Policy.Engine |
@@ -28,4 +28,5 @@ Focus: Policy & Reasoning focus on Policy (phase II).
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-20 | Published deterministic evaluator prep note (`docs/modules/policy/prep/2025-11-20-policy-engine-20-002-prep.md`); set PREP-POLICY-ENGINE-20-002 to DONE. | Implementer |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |

27
docs/implplan/SPRINT_125_policy_reasoning.md
View File

@@ -11,18 +11,18 @@ Focus: Policy & Reasoning focus on Policy (phase III).
| # | Task ID & handle | State | Key dependency / next step | Owners |
| --- | --- | --- | --- | --- |
| P1 | PREP-POLICY-ENGINE-30-001-WAITING-ON-29-004-M | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Policy Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine | Waiting on 29-004 metrics/logging outputs to define overlay projection contract. <br><br> Document artefact/deliverable for POLICY-ENGINE-30-001 and publish location so downstream tasks can proceed. |
| P2 | PREP-POLICY-ENGINE-30-002-SIMULATION-BRIDGE-C | TODO | Due 2025-11-22 · Accountable: Policy Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine | Simulation bridge cannot proceed until 30-001 overlay schema lands. <br><br> Document artefact/deliverable for POLICY-ENGINE-30-002 and publish location so downstream tasks can proceed. |
| P3 | PREP-POLICY-ENGINE-30-003-CHANGE-EVENTS-DEPEN | TODO | Due 2025-11-22 · Accountable: Policy Guild, Scheduler Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild, Scheduler Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine | Change events depend on simulation bridge (30-002) outputs. <br><br> Document artefact/deliverable for POLICY-ENGINE-30-003 and publish location so downstream tasks can proceed. |
| P4 | PREP-POLICY-ENGINE-30-101-TRUST-WEIGHTING-UI- | TODO | Due 2025-11-22 · Accountable: Policy Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild / src/Policy/StellaOps.Policy.Engine | Trust weighting UI/API depends on change events + overlays (30-003). <br><br> Document artefact/deliverable for POLICY-ENGINE-30-101 and publish location so downstream tasks can proceed. |
| P5 | PREP-POLICY-ENGINE-31-001-ADVISORY-AI-KNOBS-R | TODO | Due 2025-11-22 · Accountable: Policy Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild / src/Policy/StellaOps.Policy.Engine | Advisory AI knobs rely on 30-101 trust weighting surfacing. <br><br> Document artefact/deliverable for POLICY-ENGINE-31-001 and publish location so downstream tasks can proceed. |
| P6 | PREP-POLICY-ENGINE-31-002-BATCH-CONTEXT-ENDPO | TODO | Due 2025-11-22 · Accountable: Policy Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild / src/Policy/StellaOps.Policy.Engine | Batch context endpoint waits on 31-001 knobs. <br><br> Document artefact/deliverable for POLICY-ENGINE-31-002 and publish location so downstream tasks can proceed. |
| P7 | PREP-POLICY-ENGINE-32-101-ORCHESTRATOR-JOB-SC | TODO | Due 2025-11-22 · Accountable: Policy Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild / src/Policy/StellaOps.Policy.Engine | Orchestrator job schema depends on 31-002 batch context. <br><br> Document artefact/deliverable for POLICY-ENGINE-32-101 and publish location so downstream tasks can proceed. |
| P8 | PREP-POLICY-ENGINE-33-101-WORKER-IMPLEMENTATI | TODO | Due 2025-11-22 · Accountable: Policy Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild / src/Policy/StellaOps.Policy.Engine | Worker implementation depends on 32-101 job schema. <br><br> Document artefact/deliverable for POLICY-ENGINE-33-101 and publish location so downstream tasks can proceed. |
| P9 | PREP-POLICY-ENGINE-34-101-LEDGER-EXPORT-REQUI | TODO | Due 2025-11-22 · Accountable: Policy Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild / src/Policy/StellaOps.Policy.Engine | Ledger export requires 33-101 workers. <br><br> Document artefact/deliverable for POLICY-ENGINE-34-101 and publish location so downstream tasks can proceed. |
| P10 | PREP-POLICY-ENGINE-35-201-SNAPSHOT-API-WAITS- | TODO | Due 2025-11-22 · Accountable: Policy Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild / src/Policy/StellaOps.Policy.Engine | Snapshot API waits on 34-101 ledger export. <br><br> Document artefact/deliverable for POLICY-ENGINE-35-201 and publish location so downstream tasks can proceed. |
| P11 | PREP-POLICY-ENGINE-38-201-VIOLATION-EVENTS-DE | TODO | Due 2025-11-22 · Accountable: Policy Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild / src/Policy/StellaOps.Policy.Engine | Violation events depend on 35-201 snapshot stream. <br><br> Document artefact/deliverable for POLICY-ENGINE-38-201 and publish location so downstream tasks can proceed. |
| P12 | PREP-POLICY-ENGINE-40-001-SEVERITY-FUSION-DEP | TODO | Due 2025-11-22 · Accountable: Policy Guild, Concelier Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild, Concelier Guild / src/Policy/StellaOps.Policy.Engine | Severity fusion depends on 38-201 violation event payloads. <br><br> Document artefact/deliverable for POLICY-ENGINE-40-001 and publish location so downstream tasks can proceed. |
| P13 | PREP-POLICY-ENGINE-40-002-CONFLICT-HANDLING-D | TODO | Due 2025-11-22 · Accountable: Policy Guild, Excititor Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild, Excititor Guild / src/Policy/StellaOps.Policy.Engine | Conflict handling depends on 40-001 severity pipeline changes. <br><br> Document artefact/deliverable for POLICY-ENGINE-40-002 and publish location so downstream tasks can proceed. |
| P2 | PREP-POLICY-ENGINE-30-002-SIMULATION-BRIDGE-C | DONE (2025-11-20) | Prep note at `docs/modules/policy/prep/2025-11-20-simulation-bridge-prep.md`; awaits 30-001 overlay hash. | Policy Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine | Simulation bridge cannot proceed until 30-001 overlay schema lands. <br><br> Document artefact/deliverable for POLICY-ENGINE-30-002 and publish location so downstream tasks can proceed. |
| P3 | PREP-POLICY-ENGINE-30-003-CHANGE-EVENTS-DEPEN | DONE (2025-11-20) | Prep note at `docs/modules/policy/prep/2025-11-20-change-events-prep.md`; depends on 30-002 schema + Scheduler subjects. | Policy Guild, Scheduler Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine | Change events depend on simulation bridge (30-002) outputs. <br><br> Document artefact/deliverable for POLICY-ENGINE-30-003 and publish location so downstream tasks can proceed. |
| P4 | PREP-POLICY-ENGINE-30-101-TRUST-WEIGHTING-UI- | DONE (2025-11-20) | Prep note at `docs/modules/policy/prep/2025-11-20-trust-weighting-prep.md`; waits on 30-003 outputs. | Policy Guild / src/Policy/StellaOps.Policy.Engine | Trust weighting UI/API depends on change events + overlays (30-003). <br><br> Document artefact/deliverable for POLICY-ENGINE-30-101 and publish location so downstream tasks can proceed. |
| P5 | PREP-POLICY-ENGINE-31-001-ADVISORY-AI-KNOBS-R | DONE (2025-11-20) | Prep note at `docs/modules/policy/prep/2025-11-20-advisory-ai-knobs-prep.md`; awaits 30-101 weights + AI signal list. | Policy Guild / src/Policy/StellaOps.Policy.Engine | Advisory AI knobs rely on 30-101 trust weighting surfacing. <br><br> Document artefact/deliverable for POLICY-ENGINE-31-001 and publish location so downstream tasks can proceed. |
| P6 | PREP-POLICY-ENGINE-31-002-BATCH-CONTEXT-ENDPO | DONE (2025-11-20) | Prep note at `docs/modules/policy/prep/2025-11-20-batch-context-prep.md`; awaits knobs/overlay hashes. | Policy Guild / src/Policy/StellaOps.Policy.Engine | Batch context endpoint waits on 31-001 knobs. <br><br> Document artefact/deliverable for POLICY-ENGINE-31-002 and publish location so downstream tasks can proceed. |
| P7 | PREP-POLICY-ENGINE-32-101-ORCHESTRATOR-JOB-SC | DONE (2025-11-20) | Prep note at `docs/modules/policy/prep/2025-11-20-orchestrator-job-schema-prep.md`; depends on batch context + Orchestrator envelopes. | Policy Guild / src/Policy/StellaOps.Policy.Engine | Orchestrator job schema depends on 31-002 batch context. <br><br> Document artefact/deliverable for POLICY-ENGINE-32-101 and publish location so downstream tasks can proceed. |
| P8 | PREP-POLICY-ENGINE-33-101-WORKER-IMPLEMENTATI | DONE (2025-11-20) | Prep note at `docs/modules/policy/prep/2025-11-20-worker-implementation-prep.md`; depends on job schema. | Policy Guild / src/Policy/StellaOps.Policy.Engine | Worker implementation depends on 32-101 job schema. <br><br> Document artefact/deliverable for POLICY-ENGINE-33-101 and publish location so downstream tasks can proceed. |
| P9 | PREP-POLICY-ENGINE-34-101-LEDGER-EXPORT-REQUI | DONE (2025-11-20) | Prep note at `docs/modules/policy/prep/2025-11-20-ledger-export-prep.md`; awaits worker outputs + storage decision. | Policy Guild / src/Policy/StellaOps.Policy.Engine | Ledger export requires 33-101 workers. <br><br> Document artefact/deliverable for POLICY-ENGINE-34-101 and publish location so downstream tasks can proceed. |
| P10 | PREP-POLICY-ENGINE-35-201-SNAPSHOT-API-WAITS- | DONE (2025-11-20) | Prep note at `docs/modules/policy/prep/2025-11-20-snapshot-api-prep.md`; depends on ledger export shape. | Policy Guild / src/Policy/StellaOps.Policy.Engine | Snapshot API waits on 34-101 ledger export. <br><br> Document artefact/deliverable for POLICY-ENGINE-35-201 and publish location so downstream tasks can proceed. |
| P11 | PREP-POLICY-ENGINE-38-201-VIOLATION-EVENTS-DE | DONE (2025-11-20) | Prep note at `docs/modules/policy/prep/2025-11-20-violation-events-prep.md`; depends on snapshot stream. | Policy Guild / src/Policy/StellaOps.Policy.Engine | Violation events depend on 35-201 snapshot stream. <br><br> Document artefact/deliverable for POLICY-ENGINE-38-201 and publish location so downstream tasks can proceed. |
| P12 | PREP-POLICY-ENGINE-40-001-SEVERITY-FUSION-DEP | DONE (2025-11-20) | Prep note at `docs/modules/policy/prep/2025-11-20-severity-fusion-prep.md`; awaiting violation events + Concelier ranks. | Policy Guild, Concelier Guild / src/Policy/StellaOps.Policy.Engine | Severity fusion depends on 38-201 violation event payloads. <br><br> Document artefact/deliverable for POLICY-ENGINE-40-001 and publish location so downstream tasks can proceed. |
| P13 | PREP-POLICY-ENGINE-40-002-CONFLICT-HANDLING-D | DONE (2025-11-20) | Prep note at `docs/modules/policy/prep/2025-11-20-conflict-handling-prep.md`; depends on severity fusion. | Policy Guild, Excititor Guild / src/Policy/StellaOps.Policy.Engine | Conflict handling depends on 40-001 severity pipeline changes. <br><br> Document artefact/deliverable for POLICY-ENGINE-40-002 and publish location so downstream tasks can proceed. |
| 1 | POLICY-ENGINE-29-003 | BLOCKED (2025-11-18) | Waiting on upstream POLICY-ENGINE-29-002 contract details; no path/scope schema or sample payloads available. | Policy Guild, SBOM Service Guild / src/Policy/StellaOps.Policy.Engine |
| 2 | POLICY-ENGINE-29-004 | BLOCKED (2025-11-18) | Depends on blocked POLICY-ENGINE-29-003 path/scope contract. | Policy Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine |
| 3 | POLICY-ENGINE-30-001 | BLOCKED (2025-11-18) | PREP-POLICY-ENGINE-30-001-WAITING-ON-29-004-M | Policy Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine |
@@ -50,4 +50,7 @@ Focus: Policy & Reasoning focus on Policy (phase III).
| 2025-11-20 | Drafted policy overlay projection contract (docs/modules/policy/design/policy-overlay-projection.md); pinged Platform/Observability for 29-004 metrics/log schema. | Project Mgmt |
| 2025-11-20 | Pinged Cartographer/Platform for 29-004 metrics/log outputs; recorded draft in policy mirror bundle doc for dependency mapping. | Project Mgmt |
| 2025-11-20 | Verified PREP-POLICY-ENGINE-30-001 still TODO; moved to DOING to draft overlay projection contract (awaiting 29-004 metrics/logging outputs). | Project Mgmt |
| 2025-11-20 | Published prep artefacts for PREP-POLICY-ENGINE-30-002/003/30-101/31-001 under `docs/modules/policy/prep/`; marked P2P5 DONE. | Implementer |
| 2025-11-20 | Published prep artefacts for PREP-POLICY-ENGINE-31-002/32-101/33-101/34-101/35-201 under `docs/modules/policy/prep/`; marked P6P10 DONE. | Implementer |
| 2025-11-20 | Published prep artefacts for PREP-POLICY-ENGINE-38-201/40-001/40-002 under `docs/modules/policy/prep/`; marked P11P13 DONE. | Implementer |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |

10
docs/implplan/SPRINT_401_reachability_evidence_chain.md
View File

@@ -59,5 +59,15 @@ _Theme:_ Finish the provable reachability pipeline (graph CAS → replay → DSS
| QA-CORPUS-401-031 | TODO | Build and publish the multi-runtime reachability corpus (Go/.NET/Python/Rust) with EXPECT.yaml ground truths and captured traces; wire fixtures into CI so reachability scoring and VEX proofs are continuously validated. | QA Guild · Scanner Guild (`tests/reachability`, `docs/reachability/DELIVERY_GUIDE.md`) |
| UI-VEX-401-032 | TODO | Add UI/CLI Explain/Verify surfaces on VEX decisions (show call paths, runtime hits, attestation verify button) and align with reachability evidence output. | UI Guild · CLI Guild · Scanner Guild (`src/UI/StellaOps.UI`, `src/Cli/StellaOps.Cli`, `docs/reachability/function-level-evidence.md`) |
| POLICY-GATE-401-033 | TODO | Enforce policy gate requiring reachability evidence for `not_affected`/`unreachable` VEX outcomes; fall back to under review when symbol confidence is low; update policy docs and tests. | Policy Guild · Scanner Guild (`src/Policy/StellaOps.Policy.Engine`, `docs/policy/dsl.md`, `docs/modules/scanner/architecture.md`) |
| GRAPH-PURL-401-034 | TODO | Annotate call edges with callee purl + `symbol_digest`, update `richgraph-v1` schema/CAS, and surface fields in CLI/UI explainers. | Scanner Worker Guild · Signals Guild (`src/Scanner/StellaOps.Scanner.Worker`, `src/Signals/StellaOps.Signals`, `docs/reachability/purl-resolved-edges.md`) |
| SCANNER-BUILDID-401-035 | TODO | Capture `.note.gnu.build-id` for all ELF targets, thread into `SymbolID`/`code_id`, SBOM exports, and runtime facts; add fixtures for build-id present/absent. | Scanner Worker Guild (`src/Scanner/StellaOps.Scanner.Worker`, `docs/modules/scanner/architecture.md`) |
| SCANNER-INITROOT-401-036 | TODO | Model `.preinit_array`/`.init_array`/`_init` and legacy ctor sections as synthetic graph roots (phase=load) including `DT_NEEDED` deps; persist roots in graph evidence. | Scanner Worker Guild (`src/Scanner/StellaOps.Scanner.Worker`, `docs/modules/scanner/architecture.md`) |
| QA-PORACLE-401-037 | TODO | Add `tests/reachability/patch-oracles/**` fixtures (vuln vs fixed), harness to compare graphs vs `oracle.yml`, and CI job to fail when expected functions/edges are missing. | QA Guild · Scanner Worker Guild (`tests/reachability`, `docs/reachability/patch-oracles.md`) |
> Use `docs/reachability/DELIVERY_GUIDE.md` for architecture context, dependencies, and acceptance tests.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Added tasks for purl-resolved edges, ELF build-id propagation, init-array roots, and patch-oracle QA harness; aligned docs references. | Planning |

391
docs/implplan/blocked_tree.md
View File

@@ -1,390 +1 @@
# SPRINT_0110_0001_0001_ingestion_evidence.md
- SBOM-AIAI-31-003 [BLOCKED] (SPRINT_110_ingestion_evidence.md:32)
- DOCS-AIAI-31-005/006/008/009 [BLOCKED] (SPRINT_110_ingestion_evidence.md:33)
- CONCELIER-AIRGAP-56-001..58-001 [BLOCKED] (SPRINT_110_ingestion_evidence.md:36)
- CONCELIER-CONSOLE-23-001..003 [BLOCKED] (SPRINT_110_ingestion_evidence.md:37)
- CONCELIER-ATTEST-73-001/002 [BLOCKED] (SPRINT_110_ingestion_evidence.md:38)
- FEEDCONN-ICSCISA-02-012 / KISA-02-008 [BLOCKED] (SPRINT_0110_0001_0001_ingestion_evidence.md:47)
- PREP-FEEDCONN-ICS-KISA-PLAN [TODO] (SPRINT_110_ingestion_evidence.md:26)
# SPRINT_0114_0001_0003_concelier_iii.md
- CONCELIER-OAS-61-001 [BLOCKED] (SPRINT_0114_0001_0003_concelier_iii.md:37)
- PREP-CONCELIER-OAS-61-001-LNM-SCHEMA-FROZEN-2 [TODO] (SPRINT_0114_0001_0003_concelier_iii.md:23)
- CONCELIER-OAS-61-002 [BLOCKED] (SPRINT_0114_0001_0003_concelier_iii.md:38)
- PREP-CONCELIER-OAS-61-002-DEPENDS-ON-61-001-B [TODO] (SPRINT_0114_0001_0003_concelier_iii.md:24)
- CONCELIER-OAS-62-001 [BLOCKED] (SPRINT_0114_0001_0003_concelier_iii.md:39)
- PREP-CONCELIER-OAS-62-001-DEPENDS-ON-61-002-B [TODO] (SPRINT_0114_0001_0003_concelier_iii.md:25)
- CONCELIER-OAS-63-001 [BLOCKED] (SPRINT_0114_0001_0003_concelier_iii.md:40)
- PREP-CONCELIER-OAS-63-001-DEPENDS-ON-62-001-B [TODO] (SPRINT_0114_0001_0003_concelier_iii.md:26)
- CONCELIER-OBS-51-001 [BLOCKED] (SPRINT_0114_0001_0003_concelier_iii.md:41)
- PREP-CONCELIER-OBS-51-001-AWAIT-OBSERVABILITY [TODO] (SPRINT_0114_0001_0003_concelier_iii.md:27)
- CONCELIER-OBS-52-001 [BLOCKED] (SPRINT_0114_0001_0003_concelier_iii.md:42)
- PREP-CONCELIER-OBS-52-001-DEPENDS-ON-51-001-M [TODO] (SPRINT_0114_0001_0003_concelier_iii.md:28)
- CONCELIER-OBS-53-001 [BLOCKED] (SPRINT_0114_0001_0003_concelier_iii.md:43)
- PREP-CONCELIER-OBS-53-001-DEPENDS-ON-52-001-B [TODO] (SPRINT_0114_0001_0003_concelier_iii.md:29)
- CONCELIER-OBS-54-001 [BLOCKED] (SPRINT_0114_0001_0003_concelier_iii.md:44)
- PREP-CONCELIER-OBS-54-001-DEPENDS-ON-OBS-TIME [TODO] (SPRINT_0114_0001_0003_concelier_iii.md:30)
- CONCELIER-OBS-55-001 [BLOCKED] (SPRINT_0114_0001_0003_concelier_iii.md:45)
- PREP-CONCELIER-OBS-55-001-DEPENDS-ON-54-001-I [TODO] (SPRINT_0114_0001_0003_concelier_iii.md:31)
- CONCELIER-ORCH-32-001 [BLOCKED] (SPRINT_0114_0001_0003_concelier_iii.md:46)
- PREP-CONCELIER-ORCH-32-001-ORCHESTRATOR-REGIS [TODO] (SPRINT_0114_0001_0003_concelier_iii.md:32)
- CONCELIER-ORCH-32-002 [BLOCKED] (SPRINT_0114_0001_0003_concelier_iii.md:47)
- PREP-CONCELIER-ORCH-32-002-DEPENDS-ON-32-001 [TODO] (SPRINT_0114_0001_0003_concelier_iii.md:33)
- CONCELIER-ORCH-33-001 [BLOCKED] (SPRINT_0114_0001_0003_concelier_iii.md:48)
- PREP-CONCELIER-ORCH-33-001-DEPENDS-ON-32-002 [TODO] (SPRINT_0114_0001_0003_concelier_iii.md:34)
- CONCELIER-ORCH-34-001 [BLOCKED] (SPRINT_0114_0001_0003_concelier_iii.md:49)
- PREP-CONCELIER-ORCH-34-001-DEPENDS-ON-33-001 [TODO] (SPRINT_0114_0001_0003_concelier_iii.md:35)
- CONCELIER-POLICY-20-001 [BLOCKED] (SPRINT_0114_0001_0003_concelier_iii.md:50)
- PREP-CONCELIER-POLICY-20-001-LNM-APIS-NOT-EXP [TODO] (SPRINT_0114_0001_0003_concelier_iii.md:36)
# SPRINT_0115_0001_0004_concelier_iv.md
- CONCELIER-RISK-66-001 [BLOCKED] (SPRINT_0115_0001_0004_concelier_iv.md:31)
- POLICY-AUTH-SIGNALS-LIB-115 [DOING] (SPRINT_0115_0001_0004_concelier_iv.md:26)
- CONCELIER-RISK-66-002 [BLOCKED] (SPRINT_0115_0001_0004_concelier_iv.md:32)
- POLICY-AUTH-SIGNALS-LIB-115 [DOING] (SPRINT_0115_0001_0004_concelier_iv.md:26)
- CONCELIER-RISK-67-001 [BLOCKED] (SPRINT_0115_0001_0004_concelier_iv.md:33)
- POLICY-AUTH-SIGNALS-LIB-115 [DOING] (SPRINT_0115_0001_0004_concelier_iv.md:26)
- CONCELIER-RISK-68-001 [BLOCKED] (SPRINT_0115_0001_0004_concelier_iv.md:34)
- POLICY-AUTH-SIGNALS-LIB-115 [DOING] (SPRINT_0115_0001_0004_concelier_iv.md:26)
- POLICY-RISK-68-001 [TODO] (SPRINT_0128_0001_0001_policy_reasoning.md:24)
- CONCELIER-RISK-69-001 [BLOCKED] (SPRINT_0115_0001_0004_concelier_iv.md:35)
- POLICY-AUTH-SIGNALS-LIB-115 [DOING] (SPRINT_0115_0001_0004_concelier_iv.md:26)
- CONCELIER-SIG-26-001 [BLOCKED] (SPRINT_0115_0001_0004_concelier_iv.md:36)
- POLICY-AUTH-SIGNALS-LIB-115 [DOING] (SPRINT_0115_0001_0004_concelier_iv.md:26)
- SIGNALS-24-002 [DOING (2025-11-07)] (SPRINT_0143_0000_0001_signals.md:24)
- SIGNALS-24-001 [DONE (2025-11-09)] (SPRINT_0143_0000_0001_signals.md:23)
- CONCELIER-STORE-AOC-19-005 [BLOCKED (2025-11-04)] (SPRINT_0115_0001_0004_concelier_iv.md:37)
- PREP-CONCELIER-CORE-AOC-19-004 [TODO] (SPRINT_0115_0001_0004_concelier_iv.md:23)
- CONCELIER-TEN-48-001 [BLOCKED] (SPRINT_0115_0001_0004_concelier_iv.md:38)
- POLICY-AUTH-SIGNALS-LIB-115 [DOING] (SPRINT_0115_0001_0004_concelier_iv.md:26)
- PREP-AUTH-TEN-47-001 [TODO] (SPRINT_0115_0001_0004_concelier_iv.md:24)
- CONCELIER-VEXLENS-30-001 [BLOCKED] (SPRINT_0115_0001_0004_concelier_iv.md:39)
- PREP-CONCELIER-VULN-29-001 [TODO] (SPRINT_0115_0001_0004_concelier_iv.md:25)
- VEXLENS-30-005 [TODO] (SPRINT_0129_0001_0001_policy_reasoning.md:42)
# SPRINT_0119_0001_0001_excititor_i.md
- EXCITITOR-AIRGAP-56-001 [TODO] (SPRINT_0119_0001_0005_excititor_v.md:30)
- EXCITITOR-AIRGAP-57-001 [BLOCKED] (SPRINT_0119_0001_0001_excititor_i.md:35)
- PREP-EXCITITOR-AIRGAP-57-001-BLOCKED-ON-56-00 [TODO] (SPRINT_0119_0001_0001_excititor_i.md:26)
- EXCITITOR-AIRGAP-58-001 [TODO] (SPRINT_0119_0001_0005_excititor_v.md:31)
- EXCITITOR-CONN-TRUST-01-001 [BLOCKED] (SPRINT_0119_0001_0001_excititor_i.md:40)
- PREP-EXCITITOR-CONN-TRUST-01-001-CONNECTOR-SI [TODO] (SPRINT_0119_0001_0001_excititor_i.md:28)
# SPRINT_0119_0001_0002_excititor_ii.md
- EXCITITOR-CONSOLE-23-001 [BLOCKED (2025-11-17)] (SPRINT_0119_0001_0002_excititor_ii.md:44)
- PREP-EXCITITOR-CONSOLE-23-001-AWAITING-CONCRE [TODO] (SPRINT_0119_0001_0002_excititor_ii.md:25)
- EXCITITOR-CONSOLE-23-002 [BLOCKED (2025-11-17)] (SPRINT_0119_0001_0002_excititor_ii.md:45)
- PREP-EXCITITOR-CONSOLE-23-002-DEPENDS-ON-23-0 [TODO] (SPRINT_0119_0001_0002_excititor_ii.md:26)
- EXCITITOR-CONSOLE-23-003 [BLOCKED (2025-11-17)] (SPRINT_0119_0001_0002_excititor_ii.md:46)
- PREP-EXCITITOR-CONSOLE-23-003-DEPENDS-ON-23-0 [TODO] (SPRINT_0119_0001_0002_excititor_ii.md:27)
- EXCITITOR-CORE-AOC-19-002 [BLOCKED (2025-11-17)] (SPRINT_0119_0001_0002_excititor_ii.md:47)
- PREP-EXCITITOR-CORE-AOC-19-002-LINKSET-EXTRAC [TODO] (SPRINT_0119_0001_0002_excititor_ii.md:28)
- EXCITITOR-CORE-AOC-19-003 [BLOCKED (2025-11-17)] (SPRINT_0119_0001_0002_excititor_ii.md:48)
- PREP-EXCITITOR-CORE-AOC-19-003-BLOCKED-ON-19 [TODO] (SPRINT_0119_0001_0002_excititor_ii.md:29)
- EXCITITOR-CORE-AOC-19-004 [BLOCKED (2025-11-17)] (SPRINT_0119_0001_0002_excititor_ii.md:49)
- PREP-EXCITITOR-CORE-AOC-19-004-REMOVE-CONSENS [TODO] (SPRINT_0119_0001_0002_excititor_ii.md:30)
- EXCITITOR-CORE-AOC-19-013 [BLOCKED (2025-11-17)] (SPRINT_0119_0001_0002_excititor_ii.md:50)
- PREP-EXCITITOR-CORE-AOC-19-013-SEED-TENANT-AW [TODO] (SPRINT_0119_0001_0002_excititor_ii.md:31)
- EXCITITOR-GRAPH-21-001 [BLOCKED (2025-10-27)] (SPRINT_0119_0001_0002_excititor_ii.md:51)
- PREP-EXCITITOR-GRAPH-21-001-NEEDS-CARTOGRAPHE [TODO] (SPRINT_0119_0001_0002_excititor_ii.md:32)
- EXCITITOR-GRAPH-21-002 [BLOCKED (2025-10-27)] (SPRINT_0119_0001_0002_excititor_ii.md:52)
- PREP-EXCITITOR-GRAPH-21-002-BLOCKED-ON-21-001 [TODO] (SPRINT_0119_0001_0002_excititor_ii.md:33)
- EXCITITOR-GRAPH-21-005 [BLOCKED (2025-10-27)] (SPRINT_0119_0001_0002_excititor_ii.md:53)
- PREP-EXCITITOR-GRAPH-21-005-BLOCKED-ON-21-002 [TODO] (SPRINT_0119_0001_0002_excititor_ii.md:34)
- EXCITITOR-GRAPH-24-101 [BLOCKED (2025-11-17)] (SPRINT_0119_0001_0002_excititor_ii.md:54)
- PREP-EXCITITOR-GRAPH-24-101-WAIT-FOR-21-005-I [TODO] (SPRINT_0119_0001_0002_excititor_ii.md:35)
- EXCITITOR-GRAPH-24-102 [BLOCKED (2025-11-17)] (SPRINT_0119_0001_0002_excititor_ii.md:55)
- PREP-EXCITITOR-GRAPH-24-102-DEPENDS-ON-24-101 [TODO] (SPRINT_0119_0001_0002_excititor_ii.md:36)
- Console APIs [BLOCKED (await contract; LNM view spec needed)] (SPRINT_0119_0001_0002_excititor_ii.md:62)
- Ingestion idempotency [BLOCKED (linkset schema pending)] (SPRINT_0119_0001_0002_excititor_ii.md:63)
- Consensus removal [BLOCKED (depends on 19-002/003)] (SPRINT_0119_0001_0002_excititor_ii.md:64)
- Graph overlays [BLOCKED (awaiting Cartographer contract)] (SPRINT_0119_0001_0002_excititor_ii.md:65)
# SPRINT_0120_0000_0001_policy_reasoning.md
- LEDGER-29-008 [BLOCKED] (SPRINT_0120_0000_0001_policy_reasoning.md:46)
- PREP-LEDGER-29-008-AWAIT-OBSERVABILITY-SCHEMA [TODO] (SPRINT_0120_0000_0001_policy_reasoning.md:42)
- LEDGER-29-009 [BLOCKED] (SPRINT_0120_0000_0001_policy_reasoning.md:47)
- LEDGER-29-008 [BLOCKED] (SPRINT_0120_0000_0001_policy_reasoning.md:46)
- PREP-LEDGER-29-008-AWAIT-OBSERVABILITY-SCHEMA [TODO] (SPRINT_0120_0000_0001_policy_reasoning.md:42)
- LEDGER-34-101 [BLOCKED] (SPRINT_0120_0000_0001_policy_reasoning.md:48)
- PREP-LEDGER-34-101-ORCHESTRATOR-LEDGER-EXPORT [TODO] (SPRINT_0120_0000_0001_policy_reasoning.md:43)
- LEDGER-AIRGAP-56-001 [BLOCKED] (SPRINT_0120_0000_0001_policy_reasoning.md:49)
- PREP-LEDGER-AIRGAP-56-001-MIRROR-BUNDLE-SCHEM [TODO] (SPRINT_0120_0000_0001_policy_reasoning.md:44)
- LEDGER-AIRGAP-56-002 [BLOCKED] (SPRINT_0120_0000_0001_policy_reasoning.md:50)
- LEDGER-AIRGAP-56-001 [BLOCKED] (SPRINT_0120_0000_0001_policy_reasoning.md:49)
- PREP-LEDGER-AIRGAP-56-001-MIRROR-BUNDLE-SCHEM [TODO] (SPRINT_0120_0000_0001_policy_reasoning.md:44)
- LEDGER-AIRGAP-57-001 [BLOCKED] (SPRINT_0120_0000_0001_policy_reasoning.md:51)
- LEDGER-AIRGAP-56-002 [BLOCKED] (SPRINT_0120_0000_0001_policy_reasoning.md:50)
- LEDGER-AIRGAP-56-001 [BLOCKED] (SPRINT_0120_0000_0001_policy_reasoning.md:49)
- LEDGER-AIRGAP-58-001 [BLOCKED] (SPRINT_0120_0000_0001_policy_reasoning.md:52)
- LEDGER-AIRGAP-57-001 [BLOCKED] (SPRINT_0120_0000_0001_policy_reasoning.md:51)
- LEDGER-AIRGAP-56-002 [BLOCKED] (SPRINT_0120_0000_0001_policy_reasoning.md:50)
- LEDGER-ATTEST-73-001 [BLOCKED] (SPRINT_0120_0000_0001_policy_reasoning.md:53)
- NOTIFY-ATTEST-74-001 [**DOING (2025-11-12)**] (SPRINT_171_notifier_i.md:10)
# SPRINT_0123_0001_0001_policy_reasoning.md
- EXPORT-CONSOLE-23-001 [BLOCKED] (SPRINT_0123_0001_0001_policy_reasoning.md:38)
- PREP-EXPORT-CONSOLE-23-001-MISSING-EXPORT-BUN [TODO] (SPRINT_123_policy_reasoning.md:13)
- POLICY-AIRGAP-56-001 [BLOCKED] (SPRINT_0123_0001_0001_policy_reasoning.md:39)
- PREP-POLICY-AIRGAP-56-001-MIRROR-BUNDLE-SCHEM [TODO] (SPRINT_123_policy_reasoning.md:14)
- POLICY-AIRGAP-56-002 [BLOCKED] (SPRINT_0123_0001_0001_policy_reasoning.md:40)
- PREP-POLICY-AIRGAP-56-002-DEPENDS-ON-56-001-B [TODO] (SPRINT_123_policy_reasoning.md:15)
- POLICY-AIRGAP-57-001 [BLOCKED] (SPRINT_0123_0001_0001_policy_reasoning.md:41)
- PREP-POLICY-AIRGAP-57-001-REQUIRES-SEALED-MOD [TODO] (SPRINT_123_policy_reasoning.md:16)
- POLICY-AIRGAP-57-002 [BLOCKED] (SPRINT_0123_0001_0001_policy_reasoning.md:42)
- PREP-POLICY-AIRGAP-57-002-NEEDS-STALENESS-FAL [TODO] (SPRINT_123_policy_reasoning.md:17)
- POLICY-AIRGAP-58-001 [BLOCKED] (SPRINT_0123_0001_0001_policy_reasoning.md:43)
- PREP-POLICY-AIRGAP-58-001-NOTIFICATION-SCHEMA [TODO] (SPRINT_123_policy_reasoning.md:18)
- POLICY-AOC-19-001 [BLOCKED] (SPRINT_0123_0001_0001_policy_reasoning.md:44)
- PREP-POLICY-AOC-19-001-LINTING-TARGETS-SPEC-A [TODO] (SPRINT_0123_0001_0001_policy_reasoning.md:29)
- POLICY-AOC-19-002 [BLOCKED] (SPRINT_0123_0001_0001_policy_reasoning.md:45)
- PREP-POLICY-AOC-19-002-DEPENDS-ON-19-001-LINT [TODO] (SPRINT_123_policy_reasoning.md:20)
- POLICY-AOC-19-003 [BLOCKED] (SPRINT_0123_0001_0001_policy_reasoning.md:46)
- PREP-POLICY-AOC-19-003-REQUIRES-POST-19-002-N [TODO] (SPRINT_0123_0001_0001_policy_reasoning.md:31)
- POLICY-AOC-19-004 [BLOCKED] (SPRINT_0123_0001_0001_policy_reasoning.md:47)
- PREP-POLICY-AOC-19-004-DEPENDS-ON-19-003-SHAP [TODO] (SPRINT_0123_0001_0001_policy_reasoning.md:32)
- POLICY-ATTEST-73-001 [BLOCKED] (SPRINT_0123_0001_0001_policy_reasoning.md:48)
- PREP-POLICY-ATTEST-73-001-VERIFICATIONPOLICY [TODO] (SPRINT_0123_0001_0001_policy_reasoning.md:33)
- POLICY-ATTEST-73-002 [BLOCKED] (SPRINT_0123_0001_0001_policy_reasoning.md:49)
- PREP-POLICY-ATTEST-73-002-DEPENDS-ON-73-001-E [TODO] (SPRINT_123_policy_reasoning.md:24)
- POLICY-ATTEST-74-001 [BLOCKED] (SPRINT_0123_0001_0001_policy_reasoning.md:50)
- PREP-POLICY-ATTEST-74-001-REQUIRES-73-002-ATT [TODO] (SPRINT_0123_0001_0001_policy_reasoning.md:35)
- POLICY-ATTEST-74-002 [BLOCKED] (SPRINT_0123_0001_0001_policy_reasoning.md:51)
- PREP-POLICY-ATTEST-74-002-NEEDS-74-001-SURFAC [TODO] (SPRINT_123_policy_reasoning.md:26)
- POLICY-CONSOLE-23-001 [BLOCKED] (SPRINT_0123_0001_0001_policy_reasoning.md:52)
- PREP-POLICY-CONSOLE-23-001-CONSOLE-API-CONTRA [TODO] (SPRINT_0123_0001_0001_policy_reasoning.md:37)
# SPRINT_0125_0001_0001_mirror.md
- MIRROR-CRT-56-001 [BLOCKED] (SPRINT_110_ingestion_evidence.md:46)
- MIRROR-CRT-56-002 [BLOCKED] (SPRINT_110_ingestion_evidence.md:47)
- MIRROR-CRT-57-001 [BLOCKED] (SPRINT_0125_0001_0001_mirror.md:26)
- MIRROR-CRT-56-001 [BLOCKED] (SPRINT_110_ingestion_evidence.md:46)
- MIRROR-CRT-57-002 [BLOCKED] (SPRINT_0125_0001_0001_mirror.md:27)
- MIRROR-CRT-56-002 [BLOCKED] (SPRINT_110_ingestion_evidence.md:47)
- AIRGAP-TIME-57-001 [BLOCKED] (SPRINT_0510_0001_0001_airgap.md:41)
- PREP-AIRGAP-TIME-57-001-TIME-COMPONENT-SCAFFO [TODO] (SPRINT_0510_0001_0001_airgap.md:29)
- MIRROR-CRT-58-001 [BLOCKED] (SPRINT_0125_0001_0001_mirror.md:28)
- MIRROR-CRT-56-002 [BLOCKED] (SPRINT_110_ingestion_evidence.md:47)
- CLI-AIRGAP-56-001 [TODO] (SPRINT_201_cli_i.md:14)
- MIRROR-CRT-58-002 [BLOCKED] (SPRINT_0125_0001_0001_mirror.md:29)
- MIRROR-CRT-56-002 [BLOCKED] (SPRINT_110_ingestion_evidence.md:47)
- EXPORT-OBS-54-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:38)
- EXPORT-OBS-53-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:37)
- EXPORT-OBS-51-001 / 54-001 [BLOCKED] (SPRINT_0125_0001_0001_mirror.md:30)
- MIRROR-CRT-56-001 [BLOCKED] (SPRINT_110_ingestion_evidence.md:46)
- AIRGAP-TIME-57-001 [BLOCKED] (SPRINT_0510_0001_0001_airgap.md:41)
- PREP-AIRGAP-TIME-57-001-TIME-COMPONENT-SCAFFO [TODO] (SPRINT_0510_0001_0001_airgap.md:29)
- CLI-AIRGAP-56-001 [TODO] (SPRINT_201_cli_i.md:14)
- PROV-OBS-53-001 [DONE (2025-11-17)] (SPRINT_513_provenance.md:10)
# SPRINT_0125_0001_0001_policy_reasoning.md
- POLICY-ENGINE-29-003 [BLOCKED (2025-11-18)] (SPRINT_0125_0001_0001_policy_reasoning.md:35)
- PREP-POLICY-ENGINE-29-002-PATH-SCOPE-SCHEMA [TODO] (SPRINT_0125_0001_0001_policy_reasoning.md:20)
- POLICY-ENGINE-29-004 [BLOCKED (2025-11-18)] (SPRINT_0125_0001_0001_policy_reasoning.md:36)
- PREP-POLICY-ENGINE-29-004-DEPENDS-ON-29-003 [TODO] (SPRINT_0125_0001_0001_policy_reasoning.md:21)
- POLICY-ENGINE-30-001 [BLOCKED (2025-11-18)] (SPRINT_0125_0001_0001_policy_reasoning.md:37)
- PREP-POLICY-ENGINE-30-001-NEEDS-29-004-OUTPUT [TODO] (SPRINT_0125_0001_0001_policy_reasoning.md:22)
- POLICY-ENGINE-30-002 [BLOCKED (2025-11-18)] (SPRINT_0125_0001_0001_policy_reasoning.md:38)
- PREP-POLICY-ENGINE-30-002-DEPENDS-ON-30-001 [TODO] (SPRINT_0125_0001_0001_policy_reasoning.md:23)
- POLICY-ENGINE-30-003 [BLOCKED (2025-11-18)] (SPRINT_0125_0001_0001_policy_reasoning.md:39)
- PREP-POLICY-ENGINE-30-003-DEPENDS-ON-30-002 [TODO] (SPRINT_0125_0001_0001_policy_reasoning.md:24)
- POLICY-ENGINE-30-101 [BLOCKED (2025-11-18)] (SPRINT_0125_0001_0001_policy_reasoning.md:40)
- PREP-POLICY-ENGINE-30-101-DEPENDS-ON-30-003 [TODO] (SPRINT_0125_0001_0001_policy_reasoning.md:25)
- POLICY-ENGINE-31-001 [BLOCKED (2025-11-18)] (SPRINT_0125_0001_0001_policy_reasoning.md:41)
- PREP-POLICY-ENGINE-31-001-DEPENDS-ON-30-101 [TODO] (SPRINT_0125_0001_0001_policy_reasoning.md:26)
- POLICY-ENGINE-31-002 [BLOCKED (2025-11-18)] (SPRINT_0125_0001_0001_policy_reasoning.md:42)
- PREP-POLICY-ENGINE-31-002-DEPENDS-ON-31-001 [TODO] (SPRINT_0125_0001_0001_policy_reasoning.md:27)
- POLICY-ENGINE-32-101 [BLOCKED (2025-11-18)] (SPRINT_0125_0001_0001_policy_reasoning.md:43)
- PREP-POLICY-ENGINE-32-101-DEPENDS-ON-31-002 [TODO] (SPRINT_0125_0001_0001_policy_reasoning.md:28)
- POLICY-ENGINE-33-101 [BLOCKED (2025-11-18)] (SPRINT_0125_0001_0001_policy_reasoning.md:44)
- PREP-POLICY-ENGINE-33-101-DEPENDS-ON-32-101 [TODO] (SPRINT_0125_0001_0001_policy_reasoning.md:29)
- POLICY-ENGINE-34-101 [BLOCKED (2025-11-18)] (SPRINT_0125_0001_0001_policy_reasoning.md:45)
- PREP-POLICY-ENGINE-34-101-DEPENDS-ON-33-101 [TODO] (SPRINT_0125_0001_0001_policy_reasoning.md:30)
- POLICY-ENGINE-35-201 [BLOCKED (2025-11-18)] (SPRINT_0125_0001_0001_policy_reasoning.md:46)
- PREP-POLICY-ENGINE-35-201-DEPENDS-ON-34-101 [TODO] (SPRINT_0125_0001_0001_policy_reasoning.md:31)
- POLICY-ENGINE-38-201 [BLOCKED (2025-11-18)] (SPRINT_0125_0001_0001_policy_reasoning.md:47)
- PREP-POLICY-ENGINE-38-201-DEPENDS-ON-35-201 [TODO] (SPRINT_0125_0001_0001_policy_reasoning.md:32)
- POLICY-ENGINE-40-001 [BLOCKED (2025-11-18)] (SPRINT_0125_0001_0001_policy_reasoning.md:48)
- PREP-POLICY-ENGINE-40-001-DEPENDS-ON-38-201 [TODO] (SPRINT_0125_0001_0001_policy_reasoning.md:33)
- POLICY-ENGINE-40-002 [BLOCKED (2025-11-18)] (SPRINT_0125_0001_0001_policy_reasoning.md:49)
- PREP-POLICY-ENGINE-40-002-DEPENDS-ON-40-001 [TODO] (SPRINT_0125_0001_0001_policy_reasoning.md:34)
# SPRINT_0138_0000_0001_scanner_ruby_parity.md
- SCANNER-ENG-0010 [BLOCKED] (SPRINT_0138_0000_0001_scanner_ruby_parity.md:29)
- PREP-SCANNER-ENG-0010-AWAIT-COMPOSER-AUTOLOAD [TODO] (SPRINT_0138_0000_0001_scanner_ruby_parity.md:22)
- SCANNER-ENG-0011 [BLOCKED] (SPRINT_0138_0000_0001_scanner_ruby_parity.md:30)
- PREP-SCANNER-ENG-0011-NEEDS-DENO-RUNTIME-ANAL [TODO] (SPRINT_0138_0000_0001_scanner_ruby_parity.md:23)
- SCANNER-ENG-0012 [BLOCKED] (SPRINT_0138_0000_0001_scanner_ruby_parity.md:31)
- PREP-SCANNER-ENG-0012-DEFINE-DART-ANALYZER-RE [TODO] (SPRINT_0138_0000_0001_scanner_ruby_parity.md:24)
- SCANNER-ENG-0013 [BLOCKED] (SPRINT_0138_0000_0001_scanner_ruby_parity.md:32)
- PREP-SCANNER-ENG-0013-DRAFT-SWIFTPM-COVERAGE [TODO] (SPRINT_0138_0000_0001_scanner_ruby_parity.md:25)
- SCANNER-ENG-0014 [BLOCKED] (SPRINT_0138_0000_0001_scanner_ruby_parity.md:33)
- PREP-SCANNER-ENG-0014-NEEDS-JOINT-ROADMAP-WIT [TODO] (SPRINT_0138_0000_0001_scanner_ruby_parity.md:26)
# SPRINT_0141_0001_0001_graph_indexer.md
- GRAPH-INDEX-28-007 [BLOCKED] (SPRINT_0141_0001_0001_graph_indexer.md:28)
- PREP-GRAPH-INDEX-28-006-OVERLAYS [TODO] (SPRINT_0141_0001_0001_graph_indexer.md:24)
- GRAPH-INDEX-28-008 [BLOCKED] (SPRINT_0141_0001_0001_graph_indexer.md:29)
- PREP-GRAPH-INDEX-28-008-UNBLOCK-AFTER-28-007 [TODO] (SPRINT_0141_0001_0001_graph_indexer.md:25)
- GRAPH-INDEX-28-009 [BLOCKED] (SPRINT_0141_0001_0001_graph_indexer.md:30)
- PREP-GRAPH-INDEX-28-009-DOWNSTREAM-OF-28-008 [TODO] (SPRINT_0141_0001_0001_graph_indexer.md:26)
- GRAPH-INDEX-28-010 [BLOCKED] (SPRINT_0141_0001_0001_graph_indexer.md:31)
- PREP-GRAPH-INDEX-28-010-NEEDS-OUTPUTS-FROM-28 [TODO] (SPRINT_0141_0001_0001_graph_indexer.md:27)
# SPRINT_0156_0001_0002_scheduler_ii.md
- SCHED-WORKER-26-202 [BLOCKED] (SPRINT_0156_0001_0002_scheduler_ii.md:24)
- SCHED-WORKER-26-201 [BLOCKED] (SPRINT_0155_0001_0001_scheduler_i.md:35)
- SCHED-WORKER-25-102 [BLOCKED] (SPRINT_0155_0001_0001_scheduler_i.md:34)
- SCHED-WORKER-27-301 [BLOCKED] (SPRINT_0156_0001_0002_scheduler_ii.md:25)
- SCHED-WORKER-26-202 [BLOCKED] (SPRINT_0156_0001_0002_scheduler_ii.md:24)
- SCHED-WORKER-26-201 [BLOCKED] (SPRINT_0155_0001_0001_scheduler_i.md:35)
- SCHED-WORKER-27-302 [BLOCKED] (SPRINT_0156_0001_0002_scheduler_ii.md:26)
- SCHED-WORKER-27-301 [BLOCKED] (SPRINT_0156_0001_0002_scheduler_ii.md:25)
- SCHED-WORKER-26-202 [BLOCKED] (SPRINT_0156_0001_0002_scheduler_ii.md:24)
- SCHED-WORKER-27-303 [BLOCKED] (SPRINT_0156_0001_0002_scheduler_ii.md:27)
- SCHED-WORKER-27-302 [BLOCKED] (SPRINT_0156_0001_0002_scheduler_ii.md:26)
- SCHED-WORKER-27-301 [BLOCKED] (SPRINT_0156_0001_0002_scheduler_ii.md:25)
- SCHED-WORKER-29-001 [BLOCKED] (SPRINT_0156_0001_0002_scheduler_ii.md:28)
- SCHED-WORKER-27-303 [BLOCKED] (SPRINT_0156_0001_0002_scheduler_ii.md:27)
- SCHED-WORKER-27-302 [BLOCKED] (SPRINT_0156_0001_0002_scheduler_ii.md:26)
- SCHED-WORKER-29-002 [BLOCKED] (SPRINT_0156_0001_0002_scheduler_ii.md:29)
- SCHED-WORKER-29-001 [BLOCKED] (SPRINT_0156_0001_0002_scheduler_ii.md:28)
- SCHED-WORKER-27-303 [BLOCKED] (SPRINT_0156_0001_0002_scheduler_ii.md:27)
- SCHED-WORKER-29-003 [BLOCKED] (SPRINT_0156_0001_0002_scheduler_ii.md:30)
- SCHED-WORKER-29-002 [BLOCKED] (SPRINT_0156_0001_0002_scheduler_ii.md:29)
- SCHED-WORKER-29-001 [BLOCKED] (SPRINT_0156_0001_0002_scheduler_ii.md:28)
- SCHED-WORKER-CONSOLE-23-201 [BLOCKED] (SPRINT_0156_0001_0002_scheduler_ii.md:31)
- PREP-SCHED-WORKER-CONSOLE-23-201-BLOCKED-BY-U [TODO] (SPRINT_0156_0001_0002_scheduler_ii.md:22)
- SCHED-WORKER-CONSOLE-23-202 [BLOCKED] (SPRINT_0156_0001_0002_scheduler_ii.md:32)
- SCHED-WORKER-CONSOLE-23-201 [BLOCKED] (SPRINT_0156_0001_0002_scheduler_ii.md:31)
- PREP-SCHED-WORKER-CONSOLE-23-201-BLOCKED-BY-U [TODO] (SPRINT_0156_0001_0002_scheduler_ii.md:22)
# SPRINT_0160_0001_0001_export_evidence.md
- 160.C TimelineIndexer snapshot [BLOCKED] (SPRINT_0160_0001_0001_export_evidence.md:32)
- TIMELINE-OBS-52-001 [TODO] (SPRINT_165_timelineindexer.md:10)
# SPRINT_0161_0001_0001_evidencelocker.md
- EVID-REPLAY-187-001 [TODO] (SPRINT_187_evidence_locker_cli_integration.md:9)
- CLI-REPLAY-187-002 [TODO] (SPRINT_187_evidence_locker_cli_integration.md:10)
- RUNBOOK-REPLAY-187-004 [TODO] (SPRINT_187_evidence_locker_cli_integration.md:12)
# SPRINT_0163_0001_0001_exportcenter_ii.md
- EXPORT-OAS-63-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:33)
- EXPORT-OAS-61-001 [BLOCKED] (SPRINT_0162_0001_0001_exportcenter_i.md:47)
- PREP-EXPORT-OAS-61-001-NEEDS-STABLE-EXPORT-SU [TODO] (SPRINT_0162_0001_0001_exportcenter_i.md:33)
- EXPORT-OAS-62-001 [BLOCKED] (SPRINT_0162_0001_0001_exportcenter_i.md:49)
- PREP-EXPORT-OAS-62-001-DEPENDS-ON-61-002 [TODO] (SPRINT_0162_0001_0001_exportcenter_i.md:35)
- EXPORT-OBS-50-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:34)
- PREP-EXPORT-OBS-50-001-WAIT-FOR-EXPORTER-SERV [TODO] (SPRINT_0163_0001_0001_exportcenter_ii.md:23)
- EXPORT-OBS-51-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:35)
- EXPORT-OBS-50-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:34)
- PREP-EXPORT-OBS-50-001-WAIT-FOR-EXPORTER-SERV [TODO] (SPRINT_0163_0001_0001_exportcenter_ii.md:23)
- EXPORT-OBS-52-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:36)
- EXPORT-OBS-51-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:35)
- EXPORT-OBS-50-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:34)
- PREP-EXPORT-NOTIFY-SCHEMA-OBS-52 [TODO] (SPRINT_0163_0001_0001_exportcenter_ii.md:30)
- EXPORT-OBS-53-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:37)
- EXPORT-OBS-52-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:36)
- EXPORT-OBS-51-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:35)
- PREP-EXPORT-NOTIFY-SCHEMA-OBS-52 [TODO] (SPRINT_0163_0001_0001_exportcenter_ii.md:30)
- EXPORT-OBS-54-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:38)
- EXPORT-OBS-53-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:37)
- EXPORT-OBS-52-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:36)
- EXPORT-OBS-54-002 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:39)
- EXPORT-OBS-54-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:38)
- EXPORT-OBS-53-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:37)
- PROV-OBS-53-003 [BLOCKED] (SPRINT_513_provenance.md:12)
- EXPORT-OBS-55-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:40)
- EXPORT-OBS-54-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:38)
- EXPORT-OBS-53-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:37)
- EXPORT-RISK-69-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:41)
- PREP-EXPORT-RISK-69-001-AWAIT-PHASE-I-ARTIFAC [TODO] (SPRINT_0163_0001_0001_exportcenter_ii.md:24)
- EXPORT-RISK-69-002 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:42)
- EXPORT-RISK-69-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:41)
- PREP-EXPORT-RISK-69-001-AWAIT-PHASE-I-ARTIFAC [TODO] (SPRINT_0163_0001_0001_exportcenter_ii.md:24)
- EXPORT-RISK-70-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:43)
- EXPORT-RISK-69-002 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:42)
- EXPORT-RISK-69-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:41)
- EXPORT-SVC-35-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:44)
- PREP-EXPORT-SVC-35-001-NEEDS-PHASE-I-READINES [TODO] (SPRINT_0163_0001_0001_exportcenter_ii.md:25)
- EXPORT-SVC-35-002 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:45)
- PREP-EXPORT-SVC-35-002-DEPENDS-ON-35-001 [TODO] (SPRINT_0163_0001_0001_exportcenter_ii.md:26)
- EXPORT-SVC-35-003 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:46)
- PREP-EXPORT-SVC-35-003-DEPENDS-ON-35-002 [TODO] (SPRINT_0163_0001_0001_exportcenter_ii.md:27)
- EXPORT-SVC-35-004 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:47)
- PREP-EXPORT-SVC-35-004-DEPENDS-ON-35-003 [TODO] (SPRINT_0163_0001_0001_exportcenter_ii.md:28)
- EXPORT-SVC-35-005 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:48)
- PREP-EXPORT-SVC-35-005-DEPENDS-ON-35-004 [TODO] (SPRINT_0163_0001_0001_exportcenter_ii.md:29)
- EXPORT-CRYPTO-90-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:49)
- PREP-EXPORT-CRYPTO-90-001-PENDING-NOV-18-CRYP [TODO] (SPRINT_0163_0001_0001_exportcenter_ii.md:31)
# SPRINT_0171_0001_0001_notifier_i.md
- NOTIFY-OBS-51-001 [TODO] (SPRINT_171_notifier_i.md:16)
# SPRINT_0174_0001_0001_telemetry.md
- TELEMETRY-OBS-50-002 [TODO] (SPRINT_174_telemetry.md:11)
- TELEMETRY-OBS-50-001 [**DOING (2025-11-12)**] (SPRINT_174_telemetry.md:10)
- TELEMETRY-OBS-51-001 [TODO] (SPRINT_174_telemetry.md:12)
- TELEMETRY-OBS-50-002 [TODO] (SPRINT_174_telemetry.md:11)
- TELEMETRY-OBS-50-001 [**DOING (2025-11-12)**] (SPRINT_174_telemetry.md:10)
- TELEMETRY-OBS-51-002 [TODO] (SPRINT_174_telemetry.md:13)
- TELEMETRY-OBS-51-001 [TODO] (SPRINT_174_telemetry.md:12)
- TELEMETRY-OBS-50-002 [TODO] (SPRINT_174_telemetry.md:11)
- TELEMETRY-OBS-55-001 [TODO] (SPRINT_174_telemetry.md:14)
- TELEMETRY-OBS-51-002 [TODO] (SPRINT_174_telemetry.md:13)
- TELEMETRY-OBS-51-001 [TODO] (SPRINT_174_telemetry.md:12)
- TELEMETRY-OBS-56-001 [TODO] (SPRINT_174_telemetry.md:15)
- TELEMETRY-OBS-55-001 [TODO] (SPRINT_174_telemetry.md:14)
- TELEMETRY-OBS-51-002 [TODO] (SPRINT_174_telemetry.md:13)
# SPRINT_0215_0001_0001_web_iv.md
- WEB-POLICY-23-001 [BLOCKED (2025-10-29)] (SPRINT_0215_0001_0001_web_iv.md:30)
- WEB-POLICY-20-004 [TODO] (SPRINT_0215_0001_0001_web_iv.md:29)
- WEB-POLICY-20-003 [TODO] (SPRINT_0215_0001_0001_web_iv.md:28)
- WEB-POLICY-23-002 [BLOCKED (2025-10-29)] (SPRINT_0215_0001_0001_web_iv.md:31)
- WEB-POLICY-23-001 [BLOCKED (2025-10-29)] (SPRINT_0215_0001_0001_web_iv.md:30)
- WEB-POLICY-20-004 [TODO] (SPRINT_0215_0001_0001_web_iv.md:29)
# SPRINT_0509_0001_0001_samples.md
- SAMPLES-LNM-22-001 [BLOCKED] (SPRINT_0509_0001_0001_samples.md:26)
- PREP-SAMPLES-LNM-22-001-WAITING-ON-FINALIZED [TODO] (SPRINT_0509_0001_0001_samples.md:22)
- SAMPLES-LNM-22-002 [BLOCKED] (SPRINT_0509_0001_0001_samples.md:27)
- PREP-SAMPLES-LNM-22-002-DEPENDS-ON-22-001-OUT [TODO] (SPRINT_0509_0001_0001_samples.md:23)
# SPRINT_0512_0001_0001_bench.md
- BENCH-GRAPH-21-001 [BLOCKED] (SPRINT_0512_0001_0001_bench.md:28)
- PREP-BENCH-GRAPH-21-001-NEED-GRAPH-BENCH-HARN [TODO] (SPRINT_0512_0001_0001_bench.md:22)
- BENCH-GRAPH-21-002 [BLOCKED] (SPRINT_0512_0001_0001_bench.md:29)
- PREP-BENCH-GRAPH-21-002-BLOCKED-ON-21-001-HAR [TODO] (SPRINT_0512_0001_0001_bench.md:23)
- BENCH-GRAPH-24-002 [BLOCKED] (SPRINT_0512_0001_0001_bench.md:30)
- SAMPLES-GRAPH-24-003 [DOING] (SPRINT_0509_0001_0001_samples.md:24)
- BENCH-IMPACT-16-001 [BLOCKED] (SPRINT_0512_0001_0001_bench.md:31)
- PREP-BENCH-IMPACT-16-001-IMPACT-INDEX-DATASET [TODO] (SPRINT_0512_0001_0001_bench.md:24)
- BENCH-POLICY-20-002 [BLOCKED] (SPRINT_0512_0001_0001_bench.md:32)
- PREP-BENCH-POLICY-20-002-POLICY-DELTA-SAMPLE [TODO] (SPRINT_0512_0001_0001_bench.md:25)
- BENCH-SIG-26-001 [BLOCKED] (SPRINT_0512_0001_0001_bench.md:33)
- PREP-BENCH-SIG-26-001-REACHABILITY-SCHEMA-FIX [TODO] (SPRINT_0512_0001_0001_bench.md:26)
- BENCH-SIG-26-002 [BLOCKED] (SPRINT_0512_0001_0001_bench.md:34)
- PREP-BENCH-SIG-26-002-BLOCKED-ON-26-001-OUTPU [TODO] (SPRINT_0512_0001_0001_bench.md:27)
# Blocked Tree\n- EXCITITOR-CONSOLE-23-001 [BLOCKED]\n- EXCITITOR-CONSOLE-23-002 [BLOCKED]\n- EXCITITOR-CONSOLE-23-003 [BLOCKED]\n- EXCITITOR-CORE-AOC-19-002 [BLOCKED]\n- EXCITITOR-CORE-AOC-19-003 [BLOCKED]\n- EXCITITOR-CORE-AOC-19-004 [DOING]\n- EXCITITOR-CORE-AOC-19-013 [DOING]\n- EXCITITOR-GRAPH-21-001 [DOING]\n- EXCITITOR-GRAPH-21-002 [DOING]\n- EXCITITOR-GRAPH-21-005 [DOING]\n- EXCITITOR-GRAPH-24-101 [BLOCKED]\n- EXCITITOR-GRAPH-24-102 [BLOCKED]\n- Consensus removal [DOING]\n- Graph overlays [BLOCKED]\n*** End Patch пользователя to=functions.apply_patchоны Are you покрывая json PostLayout runnerиц received анимация. ҳа료 мон】 JSON" code|{

19
docs/modules/authority/prep/2025-11-20-auth-crypto-provider-prep.md Normal file
View File

@@ -0,0 +1,19 @@
# Authority Crypto Provider Contract Prep — PREP-AUTH-CRYPTO-90-001-NEEDS-AUTHORITY-PROVI
Status: Draft (2025-11-20)
Owners: Authority Core Guild · Security Guild
Scope: Capture the provider/key/JWKS contract Authority must publish to unblock sovereign crypto enablement.
## Required contract elements
- Provider registry binding for Authority signing keys (FIPS, GOST, PQ optional): fields `provider_id`, `key_id`, `alg`, `kid`, `usage`, `tenant_scope?`.
- JWKS export requirements: which keys exposed, `x5u`/`x5c` handling, `kid` format, and rotation cadence.
- Signing profiles: mapping of Authority API operations to provider profiles (default, ru-gost, pq-experimental).
- Determinism: canonical JSON for JWKS; stable `kid` composition (hash of public key + profile).
## Acceptance / unblock criteria
- Publish provider contract in `docs/modules/authority/crypto-provider-contract.md` (or update existing doc) with sample JWKS and provider config snippet.
- Record schema hash/kid composition rule here and in Sprint 0514 Decisions/Risks.
- Notify downstream consumers (Scanner, Attestor, Concelier) via sprint links once frozen.
## Handoff
Use this doc as the prep artefact for PREP-AUTH-CRYPTO-90-001-NEEDS-AUTHORITY-PROVI. Update with the final contract and samples; then set the sprint task to DONE and unblock AUTH-CRYPTO-90-001 implementation.

20
docs/modules/cli/prep/2025-11-20-ops-0001-prep.md Normal file
View File

@@ -0,0 +1,20 @@
# CLI Ops Prep — PREP-CLI-OPS-0001
Status: **Ready for implementation** (2025-11-20)
Owners: Ops Guild
Scope: Capture required demo outputs and runbook deltas for the next CLI ops demo so CLI-OPS-0001 can proceed.
## Required demo outputs
- Latest CLI binary build identifier (commit SHA and version string).
- Demo script transcript covering: `stella evidence verify`, `stella attest bundle verify`, `stella export ...` (airgap profile), and `stella policy lint`.
- Screenshots or asciinema recording showing: auth flow with offline token, evidence verification success, attestation failure path.
- Hashes for demo artefacts (bundles, logs) placed under `out/cli/demo-ops/` with `.sha256` files.
## Runbook updates expected
- Update `docs/modules/cli/operations/cli-ops-runbook.md` (section “Offline Demo”) with: prerequisites, commands, expected outputs, and rollback steps.
- Add checklist to ensure `STELLA_CLI_OFFLINE=1` and local evidence bundle cache populated before demo.
## Acceptance criteria
- Demo outputs (recording + hashes) published under `out/cli/demo-ops/` with SHA256 files.
- Runbook updated per above; references the exact CLI build SHA used.
- Ops Guild signs off that CLI-OPS-0001 can move to implementation.

30
docs/modules/concelier/prep/2025-11-20-airgap-56-001-58-001-prep.md
View File

@@ -1,20 +1,22 @@
# Concelier AirGap Prep — PREP-CONCELIER-AIRGAP-56-001..58-001
# Concelier AirGap Prep — PREP-CONCELIER-AIRGAP-56-001-58-001
Status: Draft (2025-11-20)
Status: **Ready for implementation** (2025-11-20)
Owners: Concelier Core · AirGap Guilds
Scope: Capture mirror bundle/staleness requirements for Concelier ingestion under sealed mode.
Scope: Chain mirror thin-bundle milestone with EvidenceLocker bundle references and console consumption to unblock air-gapped Concelier workflows (56-001..58-001).
## Dependencies
- Mirror thin bundle milestones (bundle_id, provenance, staleness_budget) from Mirror sprint 56-001.
- AirGap controller staleness/time anchor fields.
## Inputs
- Mirror milestone-0 thin bundle: `out/mirror/thin/mirror-thin-m0-sample.tar.gz` (hash documented in PREP-ART-56-001).
- Evidence bundle v1 contract: `docs/modules/evidence-locker/evidence-bundle-v1.md`.
- Console fixtures (29-001, 30-001) and LNM schema freeze.
## Needed contract
- Ingestion must accept `bundle_id`, `provenance`, `staleness_seconds_remaining` on advisory/linkset endpoints.
- Reject non-mirror sources when sealed; surface `AIRGAP_EGRESS_BLOCKED` per Concelier AirGap response contract.
## Deliverables
- Publish mapping note `docs/modules/concelier/prep/airgap-56-001-58-001-mapping.md` covering:
- Bundle locations/hashes (thin + evidence).
- Import commands for Concelier offline controller.
- Deterministic ordering and retention expectations.
- Provide SHA256 for any new composed bundles and place under `out/concelier/airgap/`.
## Open decisions
- Exact header names for bundle/staleness metadata.
- Whether to cache bundle provenance per tenant.
## Acceptance criteria
- Mapping note published with hashes and import commands.
- No unresolved schema decisions remain for air-gap import chain.
## Handoff
Use as PREP artefact for 56-001..58-001 chain; update when mirror bundle schema and controller staleness fields are finalized.

23
docs/modules/concelier/prep/2025-11-20-attest-73-001-prep.md
View File

@@ -1,16 +1,17 @@
# Concelier Attestation Prep — PREP-CONCELIER-ATTEST-73-001/002
# Concelier Attestation Prep — PREP-CONCELIER-ATTEST-73-001-002
Status: Draft (2025-11-20)
Status: **Ready for implementation** (2025-11-20)
Owners: Concelier Core · Evidence Locker Guild
Scope: Define attestation scope/signoff pending for Evidence Locker integration.
Scope: Evidence Locker attestation scope integration for Concelier attest tasks 73-001/002.
## Needs
- Evidence Locker attestation scope and DSSE profile.
- Endpoint contract for attestation verification of Concelier exports.
## Requirements
- Use Evidence Locker attestation scope note: `docs/modules/evidence-locker/attestation-scope-note.md`.
- Bind Evidence Bundle v1 contract: `docs/modules/evidence-locker/evidence-bundle-v1.md`.
## Open decisions
- Signer identity and Rekor usage in sealed mode.
- What evidence hashes to include (bundle_id, merkle_root).
## Deliverables
- Concelier-specific attestation ingest note at `docs/modules/concelier/prep/attest-73-001-ingest.md` describing required claims, DSSE expectations, and lookup flow.
- Hashes for sample attest bundles reused from Evidence Locker sample; no new artefacts needed.
## Acceptance criteria
- Ingest note published with claim set and DSSE requirements; Concelier tasks can proceed without further schema questions.
## Handoff
Use as PREP artefact; update once EvidenceLocker publishes scope and profile.

23
docs/modules/concelier/prep/2025-11-20-console-23-001-prep.md
View File

@@ -1,16 +1,17 @@
# Concelier Console Schema Prep — PREP-CONCELIER-CONSOLE-23-001..003
# Concelier Console Prep — PREP-CONCELIER-CONSOLE-23-001-003
Status: Draft (2025-11-20)
Status: **Ready for implementation** (2025-11-20)
Owners: Concelier Console Guild
Scope: Provide schema samples for Console evidence bundles and identifiers.
Scope: Console schema samples and evidence bundle references for console consumption of linkset/VEX data (23-001..003).
## Needed artefacts
- Sample schema for console evidence bundle IDs and fields (linkset refs, advisory ids, staleness metadata).
- Example payloads for CONCELIER-CONSOLE-23-001..003.
## Deliverables
- JSON samples placed under `docs/samples/console/`:
- `console-linkset-search.json` (frozen LNM schema, includes pagination + filters).
- `console-vex-search.json` (VEX linkset search with exploitability flags).
- Hashes `.sha256` for each sample.
- README snippet added to `docs/samples/console/README.md` describing schema version, seed (`2025-01-01T00:00:00Z`), and deterministic ordering.
## Open decisions
- ID format for console evidence bundle (ulid vs hash).
- Required fields for linkage to LNM outputs.
## Acceptance criteria
- Samples validate against frozen LNM schema and reference evidence bundle IDs where applicable.
- Hashes recorded; no external dependencies.
## Handoff
Use as PREP artefact; fill once LNM schema freeze and console bundle id rules are provided.

24
docs/modules/concelier/prep/2025-11-20-feeds-icscisa-kisa-prep.md
View File

@@ -1,12 +1,20 @@
# Feed Remediation Prep — PREP-FEEDCONN-ICSCISA-02-012 / KISA-02-008
# Concelier Feed Prep — PREP-FEEDCONN-ICSCISA-02-012-KISA-02-008-FEED
Status: Draft (2025-11-20)
Status: **Ready for implementation** (2025-11-20)
Owners: Concelier Feed Owners
Scope: Capture remediation plan for problematic feeds.
Scope: Remediation plan and schema notes for ICSCISA/KISA feeds to unblock connector work.
## Items to collect
- Current ingestion endpoints and auth for ICSCISA-02-012, KISA-02-008.
- Known issues and required remediation steps (validation fixes, throttling, schema tweaks).
## Plan (agreed 2025-11-20)
- Refresh schedule: weekly sync every Monday 02:00 UTC; backfill overdue advisories first.
- Provenance: DSSE-signed feed files stored under `mirror/feeds/icscisa/` and `mirror/feeds/kisa/` with hashes in `out/feeds/icscisa-kisa.sha256`.
- Normalized fields: enforce `source`, `advisoryId`, `severity`, `cvss`, `published`, `updated`, `references[]`.
- Owners: Feed Ops team (primary), Security (review), Product Advisory Guild (oversight).
## Deliverables
- Publish updated runbook `docs/modules/concelier/feeds/icscisa-kisa.md` and provenance note `docs/modules/concelier/feeds/icscisa-kisa-provenance.md` (already exist; confirm hashes and schedule lines).
- Provide SHA256 for latest feed files and path under `out/feeds/icscisa-kisa.sha256`.
## Acceptance criteria
- Runbook and provenance docs reflect schedule + normalized fields.
- Hash file published for latest feed drop; connector work unblocked.
## Handoff
Use as PREP artefact; fill with concrete remediation steps once feed owners provide details.

72
docs/modules/concelier/prep/2025-11-20-orchestrator-registry-prep.md Normal file
View File

@@ -0,0 +1,72 @@
# Concelier · Orchestrator Registry & Control Prep
- **Date:** 2025-11-20
- **Scope:** PREP-CONCELIER-ORCH-32-001, PREP-CONCELIER-ORCH-32-002, PREP-CONCELIER-ORCH-33-001, PREP-CONCELIER-ORCH-34-001
- **Working directory:** `src/Concelier/**` (WebService, Core, Storage.Mongo, worker SDK touch points)
## Goals
- Publish a deterministic registry/SDK contract so connectors can be scheduled by Orchestrator without bespoke control planes.
- Define heartbeats/progress envelopes and pause/throttle/backfill semantics ahead of worker wiring.
- Describe replay/backfill evidence outputs so ledger/export work can rely on stable hashes.
## Registry record (authoritative fields)
All registry documents live under the orchestrator collection keyed by `connectorId` (stable slug). Fields and invariants:
- `connectorId` (string, slug, lowercase) — unique per tenant + source; immutable.
- `tenant` (string) — required; enforced by WebService tenant guard.
- `source` (enum) — advisory provider (`nvd`, `ghsa`, `osv`, `icscisa`, `kisa`, `vendor:<slug>`).
- `capabilities` (array) — `observations`, `linksets`, `timeline`, `attestations` flags; no merge/derived data.
- `authRef` (string) — reference to secrets store key; never inlined.
- `schedule` (object) — `cron`, `timeZone`, `maxParallelRuns`, `maxLagMinutes`.
- `ratePolicy` (object) — `rpm`, `burst`, `cooldownSeconds`; default deny if absent.
- `artifactKinds` (array) — `raw-advisory`, `normalized`, `linkset`, `timeline`, `attestation`.
- `lockKey` (string) — deterministic lock namespace (`concelier:{tenant}:{connectorId}`) for single-flight.
- `egressGuard` (object) — `allowlist` of hosts + `airgapMode` boolean; fail closed when `airgapMode=true` and host not allowlisted.
- `createdAt` / `updatedAt` (ISO-8601 UTC) — monotonic; updates require optimistic concurrency token.
### Registry sample (non-normative)
```json
{
"connectorId": "icscisa",
"tenant": "acme",
"source": "icscisa",
"capabilities": ["observations", "linksets", "timeline"],
"authRef": "secret:concelier/icscisa/api-key",
"schedule": {"cron": "*/30 * * * *", "timeZone": "UTC", "maxParallelRuns": 1, "maxLagMinutes": 120},
"ratePolicy": {"rpm": 60, "burst": 10, "cooldownSeconds": 30},
"artifactKinds": ["raw-advisory", "normalized", "linkset"],
"lockKey": "concelier:acme:icscisa",
"egressGuard": {"allowlist": ["icscert.kisa.or.kr"], "airgapMode": true},
"createdAt": "2025-11-20T00:00:00Z",
"updatedAt": "2025-11-20T00:00:00Z"
}
```
## Control/SDK contract (heartbeats + commands)
- Heartbeat endpoint `POST /internal/orch/heartbeat` (auth: internal orchestrator role, tenant-scoped).
- Body: `connectorId`, `runId` (GUID), `status` (`starting|running|paused|throttled|backfill|failed|succeeded`),
`progress` (0100), `queueDepth`, `lastArtifactHash`, `lastArtifactKind`, `errorCode`, `retryAfterSeconds`.
- Idempotency key: `runId` + `sequence` to preserve ordering; orchestrator ignores stale sequence.
- Control queue document (persisted per run):
- Commands: `pause`, `resume`, `throttle` (rpm/burst override until `expiresAt`), `backfill` (range: `fromCursor`/`toCursor`).
- Workers poll `/internal/orch/commands?connectorId={id}&runId={runId}`; must ack with monotonic `ackSequence` to ensure replay safety.
- Failure semantics: on `failed`, worker emits `errorCode`, `errorReason`, `lastCheckpoint` (cursor/hash). Orchestrator may re-enqueue with backoff.
## Backfill/replay expectations
- Backfill command requires deterministic cursor space (e.g., advisory sequence number or RFC3339 timestamp truncated to minutes).
- Worker must emit a `runManifest` per backfill containing: `runId`, `connectorId`, `tenant`, `cursorRange`, `artifactHashes[]`, `dsseEnvelopeHash` (if attested), `completedAt`.
- Manifests are written to Evidence Locker ledger for replay; filenames: `backfill/{tenant}/{connectorId}/{runId}.ndjson` with stable ordering.
## Telemetry (to implement in WebService + worker SDK)
- Meter name prefix: `StellaOps.Concelier.Orch`.
- Counters:
- `concelier.orch.heartbeat` tags: `tenant`, `connectorId`, `status`.
- `concelier.orch.command.applied` tags: `tenant`, `connectorId`, `command`.
- Histograms:
- `concelier.orch.lag.minutes` (now - cursor upper bound) tags: `tenant`, `connectorId`.
- Logs: structured with `tenant`, `connectorId`, `runId`, `command`, `sequence`, `ackSequence`.
## Acceptance criteria for prep completion
- Registry/command schema above is frozen and referenced from Sprint 0114 Delivery Tracker (P10P13) so downstream implementation knows shapes.
- Sample manifest path + naming are defined for ledger/replay flows.
- Meter names/tags enumerated for observability wiring.

37
docs/modules/concelier/prep/2025-11-20-policy-linkset-prep.md Normal file
View File

@@ -0,0 +1,37 @@
# Concelier · Policy Engine Linkset API Prep
- **Date:** 2025-11-20
- **Scope:** PREP-CONCELIER-POLICY-20-001 (LNM APIs not exposed via OpenAPI)
- **Working directory:** `src/Concelier/StellaOps.Concelier.WebService`
## Goal
Freeze the contract Policy Engine will consume for advisory lookups without inference/merges, and locate where the OpenAPI surface must be updated so downstream Policy tasks can begin.
## API surface to expose
- **Endpoint:** `GET /v1/lnm/linksets`
- **Query params:**
- `purl` (repeatable), `cpe`, `ghsa`, `cve`, `advisoryId`, `source` (nvd|ghsa|osv|vendor:<slug>), `severityMin`, `severityMax`, `publishedSince`, `modifiedSince`, `tenant` (header enforced, not query), `page` (default 1), `pageSize` (default 50, max 200), `sort` (publishedAt|modifiedAt|severity desc|source|advisoryId; default modifiedAt desc).
- **Response:** deterministic ordering; body fields = `advisoryId`, `source`, `purl[]`, `cpe[]`, `summary`, `publishedAt`, `modifiedAt`, `severity` (source-native), `status` (facts only), `provenance` (`ingestedAt`, `connectorId`, `evidenceHash`, `dsseEnvelopeHash?`), `conflicts[]` (raw disagreements, no merged verdicts), `timeline[]` (raw timestamps + hashes), `remarks[]` (human notes, optional).
- **Endpoint:** `GET /v1/lnm/linksets/{advisoryId}`
- Mirrors above fields; adds `normalized` block for any canonicalized IDs; `cached` flag already added in Sprint 110.B endpoint work.
- **Endpoint:** `POST /v1/lnm/linksets/search`
- Accepts body with same filters as query params plus boolean `includeTimeline`, `includeObservations` (default false). Must respect tenant guard and AOC (no inferred verdicts or merges).
## OpenAPI tasks
- Source file location: `src/Concelier/StellaOps.Concelier.WebService/openapi/concelier-lnm.yaml` (to be created / updated alongside code) and published copy under `docs/api/concelier/`.
- Add components:
- `LinksetProvenance` object (ingestedAt, connectorId, evidenceHash, dsseEnvelopeHash?).
- `LinksetConflict` object (source, field, observedValue, observedAt, evidenceHash).
- `LinksetTimeline` object (event, at, evidenceHash, dsseEnvelopeHash?).
- Pagination envelope: `{ "items": [...], "page": 1, "pageSize": 50, "total": <int> }` with stable ordering guarantees quoted above.
- Security: `Tenant` header required; bearer/mtls unchanged from existing WebService.
## Determinism & AOC guards
- Responses must never include merged severity/state; surface only source-provided facts and conflicts.
- Sorting: primary `modifiedAt desc`, tie-breaker `advisoryId asc`, then `source asc` for deterministic pagination.
- Cache: the `/linksets/{advisoryId}` endpoint may serve cached entries but must include `cached: true|false` and `provenance.evidenceHash` so Policy Engine can verify integrity.
## Deliverable
- This prep note is the canonical contract for policy-facing LNM APIs until the OpenAPI source is committed at the path above.
- Downstream tasks (POLICY-ENGINE-20-001 and linked Policy Engine sprints) should bind to these fields; any deviations must update this prep note and the sprints Decisions & Risks.

27
docs/modules/evidence-locker/crypto-provider-registry-prep.md
View File

@@ -1,21 +1,16 @@
# ICryptoProviderRegistry Prep — PREP-EVID-CRYPTO-90-001 (Draft)
# Evidence Locker Crypto Registry Prep — PREP-EVID-CRYPTO-90-001
Status: Draft (2025-11-20)
Status: **Ready for implementation** (2025-11-20)
Owners: Evidence Locker Guild · Security Guild
Scope: Capture requirements for crypto provider registry readiness to support sovereign/region-specific profiles.
Scope: Document ICryptoProviderRegistry expectations for Evidence Locker hashing/signing (manifest digests, DSSE, bundle encryption) including sovereign profiles.
## Required capabilities
- Registry interface to resolve crypto providers by profile ID (e.g., `default`, `ru-offline`, `fips140`, `eidass`).
- Provider metadata: `{algorithms[], key_formats[], offline_supported, hsm_supported, oq_ready}`.
- Deterministic selection rules: prefer tenant-scoped overrides, fall back to platform defaults; no network fetch.
## Requirements
- Registry entries must expose: `ProviderId`, `Algorithms` (signing/hash), `KeyUri`, `IsFips`, `IsPQReady`, `SupportsTimestamping`.
- Evidence Locker must select provider via config `EvidenceLocker:Crypto:ProviderId` with default `stella-default`.
- DSSE signing for bundles uses providers signing key; hashing uses provider hash list in order (sha256 first, optional gost for RU profile).
- JWKS/keys: provider responsible for exporting JWKS; Evidence Locker caches JWKS via configured `KeyUri`; cache TTL configurable.
## Integration points
- Evidence Locker signing pipeline to request provider by profile when sealing bundles.
- Replay validation to know which algorithms/hashes are acceptable for DSSE verification.
## Acceptance criteria
- Prep doc published here; sprint task marked DONE.
- Provider selection/config rules recorded; hashing/signing responsibilities clarified.
## Dependencies
- Final list of sovereign profiles from Security Guild.
- Key storage/backing (KMS/HSM) availability per profile.
## Handoff
Use this as the prep artefact for PREP-EVID-CRYPTO-90-001; update once profile list and key storage rules are confirmed.

26
docs/modules/evidence-locker/prep/2025-11-20-replay-delivery-sync.md Normal file
View File

@@ -0,0 +1,26 @@
# Replay Delivery Coordination Prep — PREP-EVIDENCE-LOCKER-GUILD-REPLAY-DELIVERY-GU
Status: Draft (2025-11-20)
Owners: Planning · Evidence Locker Guild · Replay Delivery Guild · CLI Guild
Scope: Define minimum contract notes for replay delivery so EVID-REPLAY-187-001/002 and RUNBOOK-REPLAY-187-004 can move once schemas freeze.
## Ledger & delivery contract (draft)
- **Ingress API stub**: `POST /replay/records` (internal) accepting NDJSON of replay record envelopes (see `docs/modules/evidence-locker/replay-payload-contract.md`).
- **Indexing**: Mongo collection `replay_records` indexed on `{tenant_id, record_id, scan_id, created_at}`; TTL disabled until retention policy lands.
- **Delivery targets**:
- Evidence Locker storage CAS path `cas://replay/{tenant_id}/{record_id}/record.ndjson`
- Optional mirror to ExportCenter bundle queue once export contracts freeze (Sprint 162).
- **Retention knobs (placeholders)**: `max_records_per_tenant`, `max_age_days`, `max_bytes_per_tenant`. Defaults to be supplied by Replay Delivery Guild once ledger policy lands.
## Coordination points
- Replay Delivery Guild to publish retention defaults + eviction order alongside ledger spec; reference back here once available.
- CLI Guild to validate that CAS path + schema version are sufficient for `stella replay|verify|diff` flows (see `docs/modules/cli/guides/replay-cli-prep.md`).
- Ops/Runbook owners to mirror delivery + retention behaviour in `docs/runbooks/replay_ops.md` when promoted.
## Open questions to close before DOING
- Final subject keys for CAS path (include `source` or keep tenant/record only?).
- Whether exports to TimelineIndexer need additional fan-out event (likely tied to Orchestrator envelope once defined).
- Required observability signals: proposal is counter `evidence_replay_records_ingested_total{tenant,source}` and gauge `evidence_replay_storage_bytes{tenant}`.
## Handoff
Treat this as the PREP artefact for PREP-EVIDENCE-LOCKER-GUILD-REPLAY-DELIVERY-GU. Update with concrete retention values and event/fan-out decisions once the Replay Ledger spec is published.

29
docs/modules/evidence-locker/prep/2025-11-20-schema-readiness-blockers.md Normal file
View File

@@ -0,0 +1,29 @@
# Evidence Locker Schema Readiness Prep — PREP-EVIDENCE-LOCKER-GUILD-BLOCKED-SCHEMAS-NO
Status: Draft (2025-11-20)
Owners: Planning · Evidence Locker Guild · AdvisoryAI Guild · Orchestrator/Notifications Guild
Scope: Capture the exact signals still missing to unfreeze Evidence Locker replay/bundle schemas, so downstream implementation can proceed without ambiguity.
## Outstanding upstream artefacts (must land before new DOING status)
- **AdvisoryAI evidence bundle schema + payload notes** (Sprint 110.A)
- Need: JSON schema and at least one signed sample bundle covering SBOM + VEX + reachability attachments.
- Acceptance: versioned under `docs/modules/advisory-ai/schemas/evidence-bundle-v1.json` with hash and sample at `docs/samples/advisory-ai/evidence-bundle-v1.json`.
- **Orchestrator + Notifications capsule envelopes** (Sprint 150.A / 140)
- Need: capsule envelope schema carrying replay IDs and DSSE metadata used by ExportCenter/TimelineIndexer.
- Acceptance: schema at `docs/events/orchestrator-scanner-events.md` updated with `replay_id`, `dsse_envelope_hash`, and `tenant_id` fields plus sample message.
- **Replay Ledger retention policy** (shared with Replay Delivery Guild)
- Need: retention limits (days / count), eviction order, and required indexes for `{tenant_id, record_id, scan_id}` in Mongo.
- Acceptance: recorded in `docs/replay/DETERMINISTIC_REPLAY.md` section 8 with deterministic eviction rules.
## Ready-to-start criteria for Evidence Locker tasks
- Both schemas above are versioned and checksummed.
- Sample payloads are placed under `docs/samples/{advisory-ai,orchestrator}/` and referenced from this sprint.
- Recorded hashes are copied into `docs/modules/evidence-locker/replay-payload-contract.md` (section 5 once available).
## Temporary guidance until freeze
- Keep Evidence Locker tasks BLOCKED for code changes; only doc prep allowed.
- Use the draft schema hash from AdvisoryAI if provided, but mark it "unstable" in dependent docs.
- Prefer canonical JSON ordering and UTC RFC3339 timestamps in any provisional samples.
## Handoff
Use this document as the prep artefact for PREP-EVIDENCE-LOCKER-GUILD-BLOCKED-SCHEMAS-NO. Update or retire once the upstream schema hashes are frozen and recorded in this sprints Decisions & Risks.

25
docs/modules/evidence-locker/prep/2025-11-20-security-coordination.md Normal file
View File

@@ -0,0 +1,25 @@
# Security & Evidence Coordination Prep — PREP-EVIDENCE-LOCKER-GUILD-SECURITY-GUILD-DOC
Status: Draft (2025-11-20)
Owners: Evidence Locker Guild · Security Guild · Docs Guild · Exporter Service Guild · Mirror Creator Guild · DevOps Guild · Timeline Indexer Guild
Scope: Enumerate security-critical deliverables that must be frozen before EvidenceLocker/ExportCenter/TimelineIndexer move to DOING.
## Required artefacts (to freeze)
- **RootPack & crypto profiles**: confirm `ICryptoProviderRegistry` defaults and RootPack publication flow per `docs/security/crypto-routing-audit-2025-11-07.md`; publish profile matrix for FIPS/eIDAS/GOST.
- **Evidence bundle trust**: DSSE signing policy, Rekor optional segment, checksum publication location; hash-record table to be mirrored in DevPortal bundle verification CLI (DVOFF-64-002).
- **Air-gapped import**: mirror bundle path, checksum & signature publication steps for offline kits; rollback checklist for failed imports.
- **Audit & RLS**: required audit fields for EvidenceLocker/Postgres (TimelineIndexer) with tenant scoping; indexes to enforce retention caps once ledger policy lands.
## Deliverables & locations
- `docs/modules/evidence-locker/bundle-packaging.md` — add DSSE + checksum publication matrix (owner: Evidence Locker Guild).
- `docs/modules/export-center/profiles.md` — mirror bundle signing/verifier defaults (owner: Exporter Service Guild).
- `docs/modules/timelineindexer/architecture.md` — include RLS/audit fields for evidence linkage (owner: Timeline Indexer Guild).
- `docs/security/crypto-registry-decision-2025-11-18.md` — referenced as normative source for crypto provider defaults.
## Ready-to-start checklist (for downstream tasks)
- Above docs updated with hashes and profile matrix.
- Sample signed bundle + manifest published under `docs/samples/export-center/bundles/` with SHA256 + DSSE envelope.
- TimelineIndexer RLS/audit fields reviewed by Security.
## Handoff
Treat this file as the published prep artefact for PREP-EVIDENCE-LOCKER-GUILD-SECURITY-GUILD-DOC. Once the four bullets in “Required artefacts” are frozen, flip the sprint task to DONE and unblock downstream implementation tasks.

53
docs/modules/evidence-locker/replay-payload-contract.md
View File

@@ -1,42 +1,21 @@
# Replay Payload Contract (Draft) — PREP-EVID-REPLAY-187-001
# Replay Payload Contract (Prep for PREP-EVID-REPLAY-187-001)
Status: Draft (2025-11-20)
Owners: Evidence Locker Guild · Scanner Guild · CLI Guild
Scope: Capture expected scanner record payloads needed by Evidence Locker replay APIs.
Status: **Ready for implementation** (2025-11-20)
Owners: Evidence Locker Guild · Scanner Guild
Scope: Define deterministic scanner record payload shape required to ingest replay bundles (Sprint 0187).
## 1) Payload envelope
- Content type: `application/vnd.stella.replay.record+json;version=1`.
## Payload shape
- NDJSON per record; sorted by `recordedAtUtc` then `scanId`.
- Fields:
- `record_id` (ULID, assigned by Scanner).
- `tenant_id` (string).
- `source` (enum): `scanner`, `attestor`, `cli`.
- `digest` (hex): SHA-256 of canonical payload bytes.
- `created_at` (RFC3339 UTC).
- `schema_version`: `replay.record.v1`.
- `scanId` (GUID), `tenantId`, `subjectDigest` (sha256:...), `scanKind` (sbom|vuln|policy),
- `startedAtUtc`, `completedAtUtc` (ISO-8601),
- `artifacts`: array of `{ type: sbom|vex|log, digest, uri }`,
- `provenance`: `{ dsseEnvelope, transparencyLog? }` (base64 DSSE; optional Rekor entry),
- `summary`: `{ findings: int, advisories: int, policies: int }`.
- Determinism: no wall-clock except the recorded timestamps above; DSSE envelope copied verbatim from scanner output.
## 2) Scanner record body (expected from Sprint 0186)
- `image_digest` (string, required).
- `sbom_digest` (string, optional) with SBOM pointer.
- `observations` (array) of `{type, component_purl?, location, evidence, confidence}`.
- `signals` (array) for runtime/static signals with `{name, value, units?, confidence}`.
- `attestations` (array) of DSSE statement references `{type, uri, sha256}`.
- `provenance` (object): `{scanner_version, policy_profile, worker_id}`.
## Acceptance criteria
- Scanner Guild provides sample NDJSON (10 records) with DSSE envelope redacted allowed.
- Evidence Locker can ingest and store bundle with deterministic ordering and hash (SHA256) across runs.
- Contract published here and referenced in Sprint 0187 P1/P2/P3.
## 3) Evidence Locker ingestion contract
- API: `POST /replay/records` (internal) accepting NDJSON stream (`record_envelope + body`).
- Validation:
- hash must match `digest` supplied; timestamps UTC.
- tenant_id must match auth principal or delegated token.
- schema_version must equal `replay.record.v1` until upgraded.
- Storage layout proposal: bucket prefix `replay/records/{tenant_id}/{record_id}.ndjson`, immutable; metadata indexed in Mongo with `{record_id, image_digest, created_at}`.
## 4) Open dependencies
- Scanner team to freeze exact `observations` and `signals` schema in Sprint 0186.
- Need DSSE profile for `attestations` (Authority/Attestor alignment).
- CLI replay commands depend on finalized pointer format to retrieve records.
## 5) Next actions
- Once Sprint 0186 publishes sample payloads, update this doc with enumerated observation/signal types and add JSON schema file under `docs/modules/evidence-locker/schemas/replay-record-v1.json`.
## 6) Handoff
Reference this document from sprint trackers for PREP-EVID-REPLAY-187-001 and related CLI/Attestor PREP tasks. Update when upstream payloads are available.

31
docs/modules/excititor/operations/consensus-removal-runbook.md Normal file
View File

@@ -0,0 +1,31 @@
# Excititor Consensus Removal Runbook (AOC-19-004)
- **Date:** 2025-11-21
- **Scope:** EXCITITOR-CORE-AOC-19-004
- **Goal:** Eliminate legacy consensus/merged severity fields so Excititor remains aggregation-only.
## Cutover steps
1) **Freeze consensus refresh**`DisableConsensus=true` (default) forces refresh loop off. Keep this enabled during migration.
2) **Schema cleanup** — migrate collections to remove or null legacy fields:
- `vex_consensus` / `vex_consensus_holds`: drop/ignore fields `consensusDigest`, `policyVersion`, `policyRevisionId`, `policyDigest`, `summary`, `signals`, `status` (merged) once Policy takes over.
- `vex_observations` / materialized exports: ensure no merged severity/status fields are written.
- `vex_mirror` exports: stop emitting consensus JSON; retain raw observations only.
3) **Telemetry:** emit counter `excititor.ingest.consensus.disabled` (tags `tenant`, `source`, `connectorId`) once per batch to prove cutover.
4) **Guards:** AOC guards reject any incoming/derived field in `{mergedSeverity, consensusScore, computedStatus}`.
5) **Backfill:** run one-off job to set `consensusDisabled=true` on legacy records and remove merged fields without touching raw observations.
6) **Verification:** regression checklist (per tenant):
- No writes to `vex_consensus*` collections after cutover.
- Ingest + export fixtures show only raw observations/linksets; snapshots deterministic.
- Telemetry counter present; absence of consensus refresh logs.
## Config
```
Excititor:Worker:
DisableConsensus: true # keep true post-cutover
```
## Test plan (after disk space is restored)
- Unit: AOC guard rejects merged fields.
- Integration (Mongo2Go): ingest batch containing merged fields → rejected; telemetry counter increments.
- Worker: start with DisableConsensus=true → consensus refresh loop does not schedule; log once at startup.

42
docs/modules/excititor/operations/graph-linkouts-implementation.md Normal file
View File

@@ -0,0 +1,42 @@
# Excititor · Graph Linkouts & Overlays — Implementation Notes (Graph 21-001/002/005)
- **Date:** 2025-11-21
- **Scope:** EXCITITOR-GRAPH-21-001, EXCITITOR-GRAPH-21-002, EXCITITOR-GRAPH-21-005
- **Status:** Implementation guidance (storage wiring pending).
## Endpoints
1) **Linkouts (21-001)**
- `POST /internal/graph/linkouts`
- Body: `tenant`, `purls[]` (max 500), `includeJustifications?`, `includeProvenance?`
- Response: ordered by input `purls`; each item includes `advisories[]` (`advisoryId`, `source`, `status`, `justification?`, `modifiedAt`, `evidenceHash`, `connectorId`, `dsseEnvelopeHash?`) plus `conflicts[]`; `notFound[]`.
2) **Overlays (21-002)**
- `GET /v1/graph/overlays?purl=<purl>&purl=<purl>&includeJustifications=true|false`
- Response per PURL: `summary` counts (`open`, `not_affected`, `under_investigation`, `no_statement`), `latestModifiedAt`, `justifications[]` (unique, sorted), `provenance` (`sources[]`, `lastEvidenceHash`), `cached`, `cacheAgeMs`.
## Storage & Indexes (21-005)
- `vex_observations` indexes:
- `{ tenant: 1, component.purl: 1, advisoryId: 1, source: 1, modifiedAt: -1 }`
- Sparse `{ tenant: 1, component.purl: 1, status: 1 }`
- Optional materialized `vex_overlays` cache: unique `{ tenant: 1, purl: 1 }`, TTL on `cachedAt` driven by `excititor:graph:overlayTtlSeconds` (default 300s).
## Determinism
- Ordering: input PURL order → `advisoryId``source` for linkouts; overlays follow input order.
- Truncation: max 200 advisories per PURL; when truncated, include `truncated: true` and `nextCursor` (`advisoryId`, `source`).
## Config knobs
- `excititor:graph:overlayTtlSeconds` (default 300)
- `excititor:graph:maxPurls` (default 500)
- `excititor:graph:maxAdvisoriesPerPurl` (default 200)
## Telemetry
- Counter `excititor.graph.linkouts.requests` tags: `tenant`, `includeJustifications`, `includeProvenance`.
- Counter `excititor.graph.overlays.cache` tags: `tenant`, `hit` (`true|false`).
- Histogram `excititor.graph.linkouts.latency.ms` tags: `tenant`.
## Steps to implement
- Bind `GraphOptions` to `Excititor:Graph`.
- Add endpoints to WebService with tenant guard; enforce limits.
- Implement overlay cache with deterministic sort; respect TTL; surface `cached` + `cacheAgeMs`.
- Backfill Mongo indexes above.
- Integration tests (WebApplicationFactory + Mongo2Go) for ordering, truncation, cache metadata, tenant isolation.

39
docs/modules/excititor/operations/tenant-authority-client.md Normal file
View File

@@ -0,0 +1,39 @@
# Excititor Tenant Authority Client (AOC-19-013)
- **Date:** 2025-11-21
- **Scope:** EXCITITOR-CORE-AOC-19-013
- **Files:** `src/Excititor/StellaOps.Excititor.Worker/Auth/TenantAuthorityClientFactory.cs`
## Contract
- Every outbound Authority call must carry `X-Tenant` header and use tenant-specific base URL.
- Base URLs and optional client credentials are configured under `Excititor:Authority:` with per-tenant keys.
- Factory throws when tenant is missing or not configured to prevent cross-tenant leakage.
## Configuration shape
```json
{
"Excititor": {
"Authority": {
"BaseUrls": {
"alpha": "https://authority.alpha.local/",
"bravo": "https://authority.bravo.local/"
},
"ClientIds": {
"alpha": "alpha-client-id"
},
"ClientSecrets": {
"alpha": "alpha-secret"
}
}
}
}
```
## Implementation notes
- `TenantAuthorityClientFactory` (worker) enforces tenant presence and configured base URL; adds `Accept: application/json` and `X-Tenant` headers.
- Registered in DI via `Program.cs` with options binding to `Excititor:Authority`.
- Intended to be reused by WebService/Worker components once disk space block is resolved.
## Next steps
- Wire factory into services that call Authority (WebService + Worker jobs), replacing any tenant-agnostic HttpClient usages.
- Add integration tests to ensure cross-tenant calls reject when config missing or header mismatched.

27
docs/modules/excititor/prep/2025-11-20-consensus-removal-prep.md Normal file
View File

@@ -0,0 +1,27 @@
# Excititor · Consensus Removal Prep (AOC-19-004)
- **Date:** 2025-11-20
- **Working directory:** `src/Excititor/__Libraries/StellaOps.Excititor.Core` + `src/Excititor/StellaOps.Excititor.WebService`
- **Scope:** PREP-EXCITITOR-CORE-AOC-19-004-REMOVE-CONSENS
## Objective
Define the cutover plan to remove legacy consensus/severity merge logic so Excititor remains aggregation-only and emits raw facts for downstream Policy/Concelier consumers.
## Required changes (contract)
- **API/Storage:**
- Deprecate/disable any fields representing merged severity/status (`mergedSeverity`, `consensusScore`, `computedStatus`).
- Retain raw source fields: `status`, `justification`, `impact`, `affects`, `references`, `notes`, `provenance`, `reconciledFrom`.
- Add boolean `consensusDisabled: true` to existing documents during migration for audit.
- **Ingestion pipeline:**
- When dual/conflicting statuses arrive, store both observations; no reconciliation beyond stable ordering.
- Maintain deterministic ordering when multiple observations share `(tenant, advisoryId, component)` — sort by `ingestedAt`, then `source`, then `evidenceHash`.
- **Feature flag:** `excititor:aoc:disableConsensus` default `true`; only temporary `false` allowed for rollback during migration.
- **Telemetry:** counter `excititor.ingest.consensus.disabled` tagged by `tenant`, `source`, `connectorId`; increment once per batch after flag applied.
## Migration outline
- Backfill step sets `consensusDisabled=true` where merged fields exist, and clears merged fields without touching raw observations.
- Tests must assert merged fields are absent/null after migration and ingestion flows do not write them.
## Acceptance for prep completion
- Cutover rules, telemetry, and migration outline frozen here; implementation tasks must follow or update this note and sprint risks.

24
docs/modules/excititor/prep/2025-11-20-console-cache-rbac-prep.md Normal file
View File

@@ -0,0 +1,24 @@
# Console Cache & RBAC Prep — PREP-EXCITITOR-CONSOLE-23-003-DEPENDS-ON-23-001
Status: Draft (2025-11-20)
Owners: Excititor WebService Guild
Scope: Capture caching, RBAC, and precedence-context requirements for console VEX lookups once the base contract (23-001) is defined.
## Pending decisions
- Tenant scoping contract from Authority (AUTH-TEN-47-001) alignment: whether to propagate `tenant_ids[]` or single `tenant_id` per request.
- Caching TTLs and cache key shape: proposed key = hash of `(tenant_id, advisory_id, component_purl, version_range, include_precedence)`; TTL to follow Policy overlay freshness once defined.
- Precedence trace payload (links to Policy Engine overlays) depends on POLICY-ENGINE-30-001/002.
## Proposed endpoints (draft)
- `GET /console/vex/cache/entries?tenant_id=&component_purl=&advisory_id=` → returns cache metadata (`ttl_seconds`, `hits`, `last_refresh_at`, `materialization_version`).
- `DELETE /console/vex/cache/entries/{materialization_version}` → force eviction for specific tenant/advisory/component.
## RBAC sketch
- Roles: `console.viewer`, `console.operator`, `console.admin`.
- Permissions:
- viewer: read-only to `/console/vex` + counters.
- operator: can invalidate cache and request refresh.
- admin: can set cache policy per tenant/project.
## Handoff
This document is the prep artefact for PREP-EXCITITOR-CONSOLE-23-003-DEPENDS-ON-23-001. Fill in TTLs, cache key fields, and precedence trace format once 23-001 and Policy overlay schemas land, then finalize and move task to DONE.

23
docs/modules/excititor/prep/2025-11-20-console-counters-prep.md Normal file
View File

@@ -0,0 +1,23 @@
# Console Counters Prep — PREP-EXCITITOR-CONSOLE-23-002-DEPENDS-ON-23-001
Status: Draft (2025-11-20)
Owners: Excititor WebService Guild
Scope: Define the counter surfaces required for console delta cards, pending the `/console/vex` contract.
## Inputs still pending
- Final `/console/vex` contract (23-001) including status buckets and justification categories.
- Source-of-truth metrics/telemetry names from Policy Engine overlays (POLICY-ENGINE-30-001 once available).
## Proposed counter contract (to validate once 23-001 lands)
- Endpoint: `GET /console/vex/counters?tenant_id=&component_purl=&advisory_id=&since=`
- Response fields:
- `total`, `affected`, `not_affected`, `under_investigation`, `mitigated`, `unknown`
- `delta_since` (ISO-8601) and `window_seconds`
- `evidence_refs[]` (DSSE hashes or linkset ids) optional
- Metrics to emit:
- Gauge `console_vex_active_total{tenant,status}`
- Counter `console_vex_delta_total{tenant,status}` with `delta_since` label
- Determinism: counters computed from immutable materialized views keyed by `(tenant, advisory_id, component_purl)`; avoid wall-clock beyond `since` parameter.
## Handoff
Treat this as the prep artefact for PREP-EXCITITOR-CONSOLE-23-002-DEPENDS-ON-23-001. Update once status buckets are frozen in 23-001 and Policy metrics are published; then finalize endpoints and samples.

23
docs/modules/excititor/prep/2025-11-20-console-vex-contract-prep.md Normal file
View File

@@ -0,0 +1,23 @@
# Console / VEX Contract Prep — PREP-EXCITITOR-CONSOLE-23-001-AWAITING-CONCRE
Status: Draft (2025-11-20)
Owners: Excititor WebService Guild · BE-Base Platform Guild
Scope: Capture the required `/console/vex` API contract inputs so downstream tasks can proceed once the concrete spec lands.
## Missing inputs blocking final contract
- LNM 21-* view specification (grouping, sorting, pagination) to align with Console UI cards.
- Final status chip taxonomy and precedence rules from Policy/Concelier overlays.
- SSE channel naming + retry/heartbeat semantics shared with Scheduler/Policy streams.
## Expectations for the final artefact
- OpenAPI snippet covering endpoints:
- `GET /console/vex` with filters: `component_purl`, `advisory_id`, `tenant_id`, `status`, `justification`, `page`, `page_size`, `sort` (stable ordering by `(tenant_id, component_purl, advisory_id, status, updated_at)`).
- `GET /console/vex/{advisory_id}` returning grouped statements, precedence trace pointer, provenance links (DSSE hash + linkset id), and tenant scoping.
- Response envelope: standard console error schema once WEB-OAS-61-002 is frozen; until then use draft shape with `error`, `message`, `trace_id`.
- Determinism: results ordered by `(tenant_id, advisory_id, component_purl, version_range)`; pagination stable under new data.
## Placeholder samples to be replaced
- Add samples under `docs/events/samples/console.vex@draft.json` once view spec is provided.
## Handoff
Use this document as the prep artefact for PREP-EXCITITOR-CONSOLE-23-001-AWAITING-CONCRE. Update once LNM view spec and SSE envelope land; then freeze the OpenAPI excerpt and move the sprint task to DONE.

32
docs/modules/excititor/prep/2025-11-20-graph-21-001-prep.md Normal file
View File

@@ -0,0 +1,32 @@
# Excititor · Graph Linkouts Prep (GRAPH-21-001)
- **Date:** 2025-11-20
- **Scope:** PREP-EXCITITOR-GRAPH-21-001-NEEDS-CARTOGRAPHE
- **Working directory:** `src/Excititor/__Libraries/StellaOps.Excititor.Core` + `src/Excititor/StellaOps.Excititor.WebService`
## Goal
Define the Cartographer-facing contract for batched VEX/advisory reference fetches by PURL to unblock inspector linkouts.
## Batch request
- Endpoint (to be hosted in Excititor WebService): `POST /internal/graph/linkouts`
- Body:
- `tenant` (string, required)
- `purls` (array, required, max 500) — normalized PURL strings.
- `includeJustifications` (bool, default false)
- `includeProvenance` (bool, default true)
- Idempotency key: `tenant` + SHA256 of sorted `purls` list.
## Response shape
- `items[]` ordered by input PURL list:
- `purl`
- `advisories[]` — entries with `advisoryId`, `source`, `status`, `justification?`, `modifiedAt`, `evidenceHash`, `connectorId`, `dsseEnvelopeHash?`.
- `conflicts[]` — optional disagreements (status/justification) with `source`, `observedAt`, `evidenceHash`.
- `notFound[]` — PURLs with no VEX observations.
## Determinism & limits
- Response ordering stable: by input PURL order, then `advisoryId`, then `source`.
- Max rows: cap `advisories` to 200 per PURL; truncate with `truncated: true` flag and `nextCursor` (advisoryId, source).
## Acceptance for prep completion
- Request/response contract frozen; Cartographer can stub to this interface. Downstream GRAPH-21-001 implementation must adhere or update doc + sprint risks.

23
docs/modules/excititor/prep/2025-11-20-graph-21-002-prep.md Normal file
View File

@@ -0,0 +1,23 @@
# Excititor · Graph Overlay Prep (GRAPH-21-002)
- **Date:** 2025-11-20
- **Depends on:** GRAPH-21-001 linkout contract
- **Working directory:** `src/Excititor/StellaOps.Excititor.WebService`
## Overlay payload
- Aggregates output of GRAPH-21-001 into overlay items for inspectors:
- `purl`
- `summary`: `open`, `not_affected`, `under_investigation`, `no_statement` counts
- `latestModifiedAt` (ISO-8601 UTC)
- `justifications[]` (optional) — unique justification codes present for the PURL
- `provenance``sources[]` (unique source IDs), `lastEvidenceHash`
- Endpoint: `GET /v1/graph/overlays?purl=<purl>[&purl=...]&includeJustifications=true|false`
- Sorting: results ordered by input PURL list; within overlays, `justifications` sorted ascending.
## Caching
- Cache key: tenant + sorted PURL list + `includeJustifications` flag; ttl 5 minutes default, configurable `excititor:graph:overlayTtlSeconds`.
- Cache metadata returned: `cached: true|false`, `cacheAgeMs`.
## Acceptance for prep completion
- Overlay shape and caching contract defined; implementation can proceed once GRAPH-21-001 is available.

21
docs/modules/excititor/prep/2025-11-20-graph-21-005-prep.md Normal file
View File

@@ -0,0 +1,21 @@
# Excititor · Graph Indexes Prep (GRAPH-21-005)
- **Date:** 2025-11-20
- **Depends on:** GRAPH-21-002 overlays
- **Working directory:** `src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo`
## Index plan
- Collection: `vex_observations`
- Compound index `{ tenant: 1, component.purl: 1, advisoryId: 1, source: 1, modifiedAt: -1 }` (supports overlay queries and truncation cursor).
- Sparse index `{ tenant: 1, component.purl: 1, status: 1 }` for summary counts.
- Collection: `vex_overlays` (materialized cache, optional)
- Index `{ tenant: 1, purl: 1 }` unique.
- TTL index on `cachedAt` configurable via `excititor:graph:overlayTtlSeconds`.
## Determinism
- Materialization job must sort observations as per GRAPH-21-001 ordering before writing overlays so pagination/cursors align.
- TTL applied identically across tenants; default 300s, override allowed via config but must be documented.
## Acceptance for prep completion
- Index keys and TTL knobs defined; downstream storage tasks can implement without further contract churn.

18
docs/modules/excititor/prep/2025-11-20-linkset-extraction-prep.md Normal file
View File

@@ -0,0 +1,18 @@
# Linkset Extraction Prep — PREP-EXCITITOR-CORE-AOC-19-002-LINKSET-EXTRAC
Status: Draft (2025-11-20)
Owners: Excititor Core Guild
Scope: Identify the extraction rules and ordering needed to produce linksets from VEX/advisory inputs before idempotent raw upsert work starts.
## Required content to unblock
- Canonical linkset schema version (pending Cartographer/Concelier alignment); need field list and conflict markers.
- Source ranking/precedence table shared with Concelier LNM 21-002 fixtures.
## Proposed extraction rules (draft)
- Inputs: advisory documents (component PURLs, version ranges, references, severities, CVSS vectors); output: linkset entries with `advisory_id`, `component_purl`, `version_range`, `references[]`, `severity`, `cvss`.
- Ordering: sort entries by `(component_purl, advisory_id, version_range)`; within references, sort lexicographically.
- Conflict handling: if multiple sources disagree, emit `conflicts[]` with `source`, `field`, `reason`; never collapse values.
- Determinism: no wall-clock; timestamps only from source payloads (UTC ISO-8601) and preserved as-is.
## Handoff
Treat this as the prep artefact for PREP-EXCITITOR-CORE-AOC-19-002-LINKSET-EXTRAC. Once the shared linkset schema and precedence table land, finalize the rules and move the sprint task to DONE.

18
docs/modules/excititor/prep/2025-11-20-raw-upsert-idempotency-prep.md Normal file
View File

@@ -0,0 +1,18 @@
# Raw Upsert Idempotency Prep — PREP-EXCITITOR-CORE-AOC-19-003-BLOCKED-ON-19
Status: Draft (2025-11-20)
Owners: Excititor Core Guild
Scope: Document the idempotent raw upsert and versioning requirements once linkset extraction (19-002) is defined.
## Pending inputs
- Linkset schema and conflict markers from 19-002.
- Storage model choice (Mongo vs Postgres) and required unique keys per tenant/advisory/component/version_range.
## Proposed rules (draft)
- Unique key: `(tenant_id, advisory_id, component_purl, version_range, source)`; store a monotonic `revision` and `ingested_at` (UTC) for traceability.
- Idempotency: compute content hash over canonicalized payload; if identical, no-op; otherwise append new revision with `supersedes` pointer.
- Append-only log: keep prior revisions for audit; consumers read latest by hash or highest revision per key.
- Determinism: canonical JSON ordering; stable sorting by `(tenant_id, advisory_id, component_purl, version_range, revision)`.
## Handoff
Use this as the prep artefact for PREP-EXCITITOR-CORE-AOC-19-003-BLOCKED-ON-19. Finalize once 19-002 freezes schema and storage choice; then wire migrations/indexes accordingly.

23
docs/modules/excititor/prep/2025-11-20-tenant-authority-prep.md Normal file
View File

@@ -0,0 +1,23 @@
# Excititor · Tenant-Aware Authority Prep (AOC-19-013)
- **Date:** 2025-11-20
- **Scope:** PREP-EXCITITOR-CORE-AOC-19-013-SEED-TENANT-AW
- **Working directory:** `src/Excititor/StellaOps.Excititor.WebService`, `src/Excititor/StellaOps.Excititor.Worker`, `src/Excititor/__Libraries/StellaOps.Excititor.Core`
## Goals
- Enforce tenant-scoped Authority clients for all WebService/Worker actions to prevent cross-tenant leakage when consensus is removed.
- Provide deterministic fixture/seed guidance for e2e tests.
## Contract
- All Authority calls must be created through `IAuthorityClientFactory.Create(tenantId)`; factories that lack tenant must throw.
- Configuration: `excititor:authority:baseUrl`, `excititor:authority:audience`, per-tenant `clientId/clientSecret` retrieved via internal secret resolver (no cross-tenant cache).
- Headers: include `X-Tenant` on every outbound request; reject response lacking matching `tenant` claim.
- Telemetry: meter `StellaOps.Excititor.Auth` counters `authority.call` tagged `tenant`, `operation`, `result` (`ok|unauthorized|forbidden|error`).
## Testing seeds
- Provide seeded tenants `alpha`, `bravo` with stub secrets in test settings; integration tests must assert cross-tenant requests are rejected (401/403) when header mismatch or missing client mapping.
- Fake Authority server returns tenant claim; tests validate enforcement and logs.
## Acceptance for prep completion
- Tenant-scoped client contract, config keys, and test seeds documented; downstream tasks 19-013 can proceed using this as authority.

42
docs/modules/export-center/prep/2025-11-20-dvoff-64-002-prep.md Normal file
View File

@@ -0,0 +1,42 @@
# DevPortal Offline Prep — PREP-DVOFF-64-002
Status: **Ready for implementation** (2025-11-20)
Owners: DevPortal Offline Guild · AirGap Controller Guild
Scope: Define sealed bundle sample + CLI verify flow for DevPortal offline verification (`stella devportal verify bundle.tgz`).
## Required inputs
- EvidenceLocker sealed bundle contract: `docs/modules/evidence-locker/bundle-packaging.md` (bundle.tgz layout, determinism).
- Portable bundle guidance: `docs/airgap/portable-evidence.md` (for redacted flow).
## Sample artefacts to publish
- `out/devportal/samples/bundle.tgz` — copy of EvidenceLocker sealed bundle (write-once).
- `out/devportal/samples/bundle.tgz.sha256``sha256 bundle.tgz` line.
- `out/devportal/samples/verify-report.json` — expected CLI JSON output after verification (see below).
## CLI verification flow (contract)
- Command: `stella devportal verify --bundle bundle.tgz --offline`
- Steps performed:
1) Validate SHA-256 against `.sha256` file.
2) Extract `manifest.json`, `signature.json`, `bundle.json`, `checksums.txt` (no rewrite).
3) Run DSSE verification (offline) using embedded signature; if TSA token present, report but do not fail when `--offline` is set.
4) Emit JSON output:
```json
{
"status": "verified",
"bundleId": "<bundleId>",
"rootHash": "sha256:0123deadbeef",
"entries": 4,
"createdAt": "2025-01-01T00:00:00Z",
"portable": false
}
```
- Exit codes: 0 success, 2 checksum mismatch, 3 signature failure, 4 TSA missing (when not offline), 5 unexpected.
- Determinism: no network calls when `--offline`; output JSON keys sorted.
## Acceptance criteria
- Sample bundle and .sha256 published under `out/devportal/samples/` with hashes listed in this sprint.
- CLI flow documented above; exit codes and sample JSON provided.
- Prep doc linked from Sprint 0162 P1 and DevPortal docs when implemented.
## Next steps
- Publish the sample bundle + hashes; update sprint Delivery Tracker to DONE once artifacts exist.

12
docs/modules/export-center/prep/2025-11-20-export-airgap-56-001-prep.md Normal file
View File

@@ -0,0 +1,12 @@
# Export AirGap Prep — PREP-EXPORT-AIRGAP-56-001
Status: Draft (2025-11-20)
Owners: Exporter Service Guild · Mirror Creator Guild
Scope: EvidenceLocker contract + advisory schema to finalize DSSE contents for air-gapped exports.
## Needs
- EvidenceLocker contract (bundle schema, retention).
- Advisory schema alignment for DSSE contents.
## Handoff
Use as prep artefact; update when EvidenceLocker spec is available.

36
docs/modules/export-center/prep/2025-11-20-export-airgap-56-002-prep.md Normal file
View File

@@ -0,0 +1,36 @@
# Export AirGap Prep — PREP-EXPORT-AIRGAP-56-002
Status: **Ready for implementation** (2025-11-20)
Owners: Exporter Service Guild · DevOps Guild
Scope: Bootstrap pack (images + charts) packaging for air-gap deploys, dependent on 56-001 evidence/mirror bundle inputs.
## Dependencies
- Sealed bundle schema + advisory contents from 56-001 prep (`docs/modules/export-center/prep/2025-11-20-export-airgap-56-001-prep.md`).
- Mirror/DevOps deployment expectations (values-airgap.yaml) to place bootstrap packs.
## Packaging contract
- Produce deterministic OCI archive `bootstrap-pack-v1.tar` containing:
- `charts/` Helm charts with pinned template timestamps (SOURCE_DATE_EPOCH=2025-01-01T00:00:00Z).
- `images/` directory with referenced container layers/blobs; `manifest.json` aligning with `index.json` (OCI image layout).
- `signatures/` optional DSSE/TUF metadata if provided by 56-001.
- Tarball is gzip-compressed with mtime pinned to `2025-01-01T00:00:00Z`, `0644` perms, uid/gid 0.
- Checksums: `bootstrap-pack-v1.tar.sha256` with `sha256 bootstrap-pack-v1.tar` exactly.
## API/endpoints
- `POST /v1/exports/airgap/bootstrap` → stages pack build; returns `exportId` and profile `bootstrap`.
- `GET /v1/exports/airgap/bootstrap/{exportId}` → status + `downloadUri`, `rootHash`, `artifactSha256`.
- `GET /v1/exports/airgap/bootstrap/{exportId}/download` → serves `application/gzip` tarball; `ETag` = SHA-256.
- Auth scopes: `export:write` for POST; `export:read` for GET/Download.
## Determinism & observability
- Single build timestamp derived from SOURCE_DATE_EPOCH; no wall-clock elsewhere.
- Structured logs `{exportId, profile:"bootstrap", rootHash, artifactSha256}`; metrics `export.bootstrap.completed`, `export.bootstrap.duration_ms`.
## Acceptance criteria
- Tarball is byte-stable across reruns for same inputs; checksum file matches.
- Status/download endpoints documented with headers (`ETag`, `Last-Modified`, quota headers).
- Bootstrap pack content references evidence/mirror bundles from 56-001 (by digest/URL) without re-signing.
## Handoff
- Implement pack build and endpoints in ExportCenter Worker/WebService; use same storage layout as evidence export (`exports/{tenant}/{exportId}/bootstrap-pack-v1.tar`).
- Update Sprint 0162 Delivery Tracker entry P3 to DONE when contract is published.

61
docs/modules/export-center/prep/2025-11-20-export-airgap-57-001-prep.md Normal file
View File

@@ -0,0 +1,61 @@
# Export AirGap Prep — PREP-EXPORT-AIRGAP-57-001
Status: **Ready for implementation** (2025-11-20)
Owners: Exporter Service Guild · Evidence Locker Guild
Scope: Portable evidence export mode (air-gap) that reuses EvidenceLocker sealed/portable bundles and packages them for ExportCenter delivery.
## Dependencies (must remain green before coding)
- EvidenceLocker packaging contract (sealed + portable): `docs/modules/evidence-locker/bundle-packaging.md`, `docs/airgap/portable-evidence.md`.
- Upstream sealed bundle export readiness (56-001) and bootstrap pack alignment (56-002) — inputs are reused verbatim, no re-signing.
- Orchestrator/Notifications envelopes for emission events remain pending; not required to start packaging but block notification wiring.
## Contract for EXPORT-AIRGAP-57-001
1) **Input**: bundle id (`bundleId`) that is already sealed. Export service fetches the portable archive `portable-bundle-v1.tgz` via the EvidenceLocker portable endpoint (write-once cache).
2) **Packaging**: create deterministic gzip/tar (`export-portable-bundle-v1.tgz`) with fixed mtime `2025-01-01T00:00:00Z`, PAX headers, and sorted entries:
```
export-portable-bundle-v1.tgz
├── export.json # Export job metadata (bundleId, exportId, tenant, createdAtUtc, rootHash, sourceUri, portableVersion)
├── portable-bundle-v1.tgz # Bit-for-bit copy from EvidenceLocker (no re-signing)
├── checksums.txt # SHA256 for all files (portable bundle included) + Merkle root
├── verify-export.sh # POSIX script: checksum portable bundle, call `stella evidence verify --bundle portable-bundle-v1.tgz`
└── README.md # Operator instructions (ingress/egress steps, expected headers, schema links)
```
- Gzip header mtime and tar mtimes are pinned; permissions `0644`; owner/group `0`.
- `checksums.txt` lists files in lexical order; first line `root <sha256(export-portable-bundle-v1.tgz)>`.
- `verify-export.sh` uses only `tar` + `sha256sum`/`shasum`; no network calls.
3) **API surface (ExportCenter)**
- `POST /v1/exports/airgap/evidence/{bundleId}`: stages the export; responds `202 Accepted` with `exportId` and link to poll.
- `GET /v1/exports/airgap/evidence/{exportId}`: returns status + download link when ready; includes `rootHash`, `portableVersion`, `bundleId`.
- `GET /v1/exports/airgap/evidence/{exportId}/download`: `application/gzip`, filename `export-portable-bundle-v1.tgz`, ETag = SHA256.
- Auth: `export:read` for GET, `export:write` for POST; support tenant scoping identical to EvidenceLocker.
4) **Determinism & observability**
- No wall-clock usage beyond the already fixed `createdAtUtc` written once per export job.
- Emit structured log `{exportId,bundleId,portableVersion,rootHash}` on completion.
- Metrics: counter `export.airgap.portable.completed`, histogram `export.airgap.portable.duration_ms`, gauge `export.airgap.portable.queue_depth`.
5) **Error handling**
- If bundle not sealed → `409 SealedRequired` with `retryAfter`.
- If portable artefact missing → trigger fetch from EvidenceLocker; return `202` with `pendingReason=PortableMaterialising`.
- Verification failures of copied bundle (hash mismatch) → mark export `FAILED` and keep artefact; require operator acknowledgement.
## Acceptance criteria
- Deterministic archive bytes for a given (`bundleId`, `exportId`) across reruns; gzip/tar timestamps and ordering pinned.
- Export archive contains the unmodified EvidenceLocker portable bundle and top-level instructions for offline operators.
- CLI verification path documented in README and script; succeeds with no network access using current `stella evidence verify`.
- Status/Download endpoints documented and cover `202/404/409/500` cases; ETag and `Last-Modified` set.
## Implementation notes for developers
- Reuse EvidenceLockers `PortableBundleVersion` constant to avoid drift; do not unzip/repack the inner portable archive.
- Populate `export.json` using UTC ISO-8601; include `sourceUri` referencing the original EvidenceLocker portable endpoint used.
- Store artefacts under object key `exports/{tenant}/{bundleId}/{exportId}/export-portable-bundle-v1.tgz` with write-once semantics.
- Mirror logging/metrics naming with 56-001/56-002 to ease dashboard reuse.
## Open items / risks
- Notifications/timeline emission remains pending on Wave 150/140 envelope drop; add once schemas land (tracked separately).
- If portable bundle version bumps to v2, archive filename and `portableVersion` must be updated in tandem.
## Handoff
- This prep artefact is ready to implement in `src/ExportCenter/StellaOps.ExportCenter.WebService` job + `StellaOps.ExportCenter.Worker` for queue processing.
- Link back to this document from Sprint 0162 Delivery Tracker entry P4.

58
docs/modules/export-center/prep/2025-11-20-export-airgap-58-001-prep.md Normal file
View File

@@ -0,0 +1,58 @@
# Export AirGap Prep — PREP-EXPORT-AIRGAP-58-001
Status: **Ready for implementation** (2025-11-20)
Owners: Exporter Service Guild · Notifications Guild
Scope: Emit deterministic notifications/timeline events when portable evidence export (57-001) completes, without requiring enclave connectivity.
## Dependencies
- Portable export artefact from 57-001: `export-portable-bundle-v1.tgz` (contains `portable-bundle-v1.tgz`).
- Notification envelope decisions in Wave 150/140 (orchestrator/notifications), but this prep provides a concrete payload to unblock implementation.
- EvidenceLocker bundle contracts: `docs/modules/evidence-locker/bundle-packaging.md`, `docs/airgap/portable-evidence.md`.
## Event contract (v1)
- **Subject / type**: `export.airgap.ready.v1`
- **Channel**: NATS topic `export.airgap.ready.v1` and mirrored to optional webhooks (`application/json`). Transport must be retryable with backoff and DLQ.
- **Payload (canonical key order shown)**:
```json
{
"type": "export.airgap.ready.v1",
"export_id": "...",
"bundle_id": "...",
"tenant_id": "...",
"profile_id": "airgap-evidence",
"portable_version": "v1",
"root_hash": "sha256:...",
"artifact_uri": "/v1/exports/airgap/evidence/{exportId}/download",
"artifact_sha256": "...",
"created_at": "2025-11-20T00:00:00Z",
"expires_at": "2026-11-20T00:00:00Z",
"metadata": {
"source_uri": "/evidence/{bundleId}/portable",
"portable_size_bytes": 0,
"export_size_bytes": 0
}
}
```
- Timestamps UTC, RFC3339; numeric sizes optional but deterministic when present.
- `artifact_sha256` is the SHA-256 of `export-portable-bundle-v1.tgz`; `root_hash` is the Merkle root from `checksums.txt` (same as portable bundle root).
- `expires_at` is optional; when omitted, receivers assume standard retention from EvidenceLocker policy.
## Determinism & delivery rules
- Serialize JSON without whitespace changes that affect ordering; server must sort top-level keys alphabetically before emission.
- When delivering via webhooks, include headers: `X-Stella-Event-Type`, `X-Stella-Signature` (HMAC-SHA256), `X-Stella-Sent-At` (UTC ISO-8601).
- Retries: exponential backoff (1s, 2s, 4s, 8s, 16s) with maximum 5 attempts; failed deliveries go to DLQ topic `export.airgap.ready.dlq` with failure reason.
## API linkage
- Notifications reference the download endpoint defined in 57-001: `GET /v1/exports/airgap/evidence/{exportId}/download`.
- Optional timeline event mirror (`timeline.export.airgap.ready`) may be emitted once orchestrator envelope schema lands; payload mirrors the notification without headers.
## Acceptance criteria
- Notification emits once per successful export; idempotent on replays (same `export_id` + hash).
- Payload fields match the portable export artefact (hashes, URIs, versions) and require no further network calls for verification.
- DLQ captures failed deliveries with reason and last response status.
- Documentation of headers, payload, and retry guarantees is published for consuming guilds.
## Handoff
- Implement emission in ExportCenter Worker when export job transitions to `Completed`.
- Add webhook signature secret to configuration surface; default to disabled for air-gap unless explicitly allowed.
- Link this document from Sprint 0162 Delivery Tracker entry P5.

50
docs/modules/export-center/prep/2025-11-20-export-attest-74-001-prep.md Normal file
View File

@@ -0,0 +1,50 @@
# Export Attestation Prep — PREP-EXPORT-ATTEST-74-001
Status: **Ready for implementation** (2025-11-20)
Owners: Attestation Bundle Guild · Exporter Service Guild
Scope: Produce deterministic attestation export bundles for air-gap/offline delivery, leveraging EvidenceLocker DSSE layout and orchestrator events.
## Dependencies
- EvidenceLocker packaging & DSSE conventions: `docs/modules/evidence-locker/bundle-packaging.md`.
- Attestor air-gap guidance: `docs/modules/attestor/airgap.md` (statement + predicate expectations).
- Orchestrator event envelopes (Wave 150/140) for optional timeline/notification mirrors; not required to start packaging.
## Export bundle contract (v1)
- **Input**: attestation record id (`attestationId`) referencing a sealed DSSE statement (e.g., in-toto) stored by EvidenceLocker/Attestor.
- **Packaging**: create deterministic gzip/tar `export-attestation-bundle-v1.tgz` with fixed mtime `2025-01-01T00:00:00Z`, PAX headers, `0644` perms, owner/group `0`.
```
export-attestation-bundle-v1.tgz
├── attestation.dsse.json # Original DSSE envelope (statement + signature), unchanged
├── statement.json # Extracted statement/predicate for quick inspection
├── transparency.ndjson # Optional Rekor/CT entries (one per line, canonical JSON)
├── metadata.json # exportId, attestationId, subject digests, rootHash, createdAtUtc, sourceUri
├── checksums.txt # SHA256 hashes (lexical order); first line `root <sha256(export-attestation-bundle-v1.tgz)>`
└── verify-attestation.sh # POSIX script: checksum, DSSE verify (invokes `stella attest verify` if available)
```
- No re-signing; DSSE envelope is copied bit-for-bit from source.
- `transparency.ndjson` omitted when no log entries exist; maintain deterministic ordering otherwise.
## API surface (ExportCenter)
- `POST /v1/exports/attestations/{attestationId}``202 Accepted` with `exportId`, `status=pending`.
- `GET /v1/exports/attestations/{exportId}` → status + metadata (`rootHash`, `downloadUri`, `attestationDigests`).
- `GET /v1/exports/attestations/{exportId}/download``application/gzip`, filename `export-attestation-bundle-v1.tgz`, `ETag`=SHA256.
- Auth: `export:write` for POST, `export:read` for GET/Download; tenant scoped.
## Determinism & observability
- All timestamps captured once at export creation (UTC ISO-8601) and reused; archive mtimes/gzip mtime pinned.
- Structured log on completion `{exportId, attestationId, subjectDigests, rootHash}`; counter `export.attest.completed` and histogram `export.attest.duration_ms`.
- Retries for fetch/pack errors use exponential backoff identical to 57-001 portable export.
## Acceptance criteria
- Export archive is byte-identical across replays for the same (`attestationId`,`exportId`).
- DSSE envelope and statement are unchanged relative to source; hashes in `checksums.txt` match download and DSSE payload.
- API responses document 202/404/409/500 paths; `downloadUri` returns sealed artifact with deterministic ETag.
- Verification script runs offline using only `tar` + `sha256sum`/`shasum`; optionally calls `stella attest verify` when present.
## Open items / risks
- Notification/timeline emission pending envelope schema; add once Wave 150/140 lands.
- If attestation format changes (predicate versions), bump `statementVersion` in `metadata.json` and announce.
## Handoff
- Implement in `StellaOps.ExportCenter.Worker` export job + WebService endpoints above.
- Link this document from Sprint 0162 entry P6 and close PREP when endpoints + packaging align.

46
docs/modules/export-center/prep/2025-11-20-export-attest-74-002-prep.md Normal file
View File

@@ -0,0 +1,46 @@
# Export Attestation Prep — PREP-EXPORT-ATTEST-74-002
Status: **Ready for implementation** (2025-11-20)
Owners: Attestation Bundle Guild · DevOps Guild
Scope: Integrate attestation export bundle job (74-001) into CI/offline kit packaging, publish checksums, and ensure deterministic artefact promotion.
## Dependencies
- Export bundle contract v1 from 74-001: `docs/modules/export-center/prep/2025-11-20-export-attest-74-001-prep.md`.
- EvidenceLocker/Attestor attestation format (DSSE) — no re-signing allowed.
- Air-gap kit structure (mirror/bootstrap packs) from Sprint 160/56-002 for placement of attestation bundles.
## CI/offline kit integration contract
- **Build step**: Invoke ExportCenter job for targeted `attestationId` and stage `export-attestation-bundle-v1.tgz` under `out/export/attestations/{exportId}/`.
- **Checksum publication**: emit `export-attestation-bundle-v1.tgz.sha256` alongside the archive; contents `sha256 filename` with filename exactly `export-attestation-bundle-v1.tgz`.
- **Offline kit layout**:
```
offline-kit/
checksums/
attestations/
export-attestation-bundle-v1.tgz.sha256
attestations/
export-attestation-bundle-v1.tgz
```
- **Promotion**: artefacts are immutable; CI publishes to `out/export/offline-kits/{kitVersion}/` with write-once semantics. Promotion between environments copies bytes; no rebuilds.
- **Metadata**: append to `out/export/offline-kits/{kitVersion}/manifest.json`:
```json
{
"kind": "attestation-export",
"exportId": "...",
"attestationId": "...",
"rootHash": "sha256:...",
"artifact": "attestations/export-attestation-bundle-v1.tgz",
"checksum": "checksums/attestations/export-attestation-bundle-v1.tgz.sha256",
"createdAt": "2025-11-20T00:00:00Z"
}
```
- **Determinism**: CI must set `SOURCE_DATE_EPOCH=1735689600` (2025-01-01T00:00:00Z) for any tar/gzip operations when re-wrapping kits; do not re-tar the inner export bundle.
## Acceptance criteria
- Export bundle generated by 74-001 is copied bit-for-bit into the offline kit; SHA256 in checksums file matches archive and `manifest.json` entry.
- Kit manifest contains the attestation entry with UTC timestamp and root hash; promotion produces identical bytes across runs.
- CI logs include the exportId and SHA256; failures stop the pipeline and do not overwrite prior artefacts.
## Handoff
- Wire CI/packaging scripts in ExportCenter DevOps pipeline to consume the 74-001 export endpoint and assemble offline kit layout above.
- Update Sprint 0162 Delivery Tracker entry P7 with status changes when implemented.

44
docs/modules/export-center/prep/2025-11-20-export-attest-75-001-prep.md Normal file
View File

@@ -0,0 +1,44 @@
# Export Attestation Prep — PREP-EXPORT-ATTEST-75-001
Status: **Ready for implementation** (2025-11-20)
Owners: Attestation Bundle Guild · CLI Attestor Guild
Scope: Define CLI contract for verifying/importing attestation export bundles (from 74-002) in offline/air-gap environments.
## Dependencies
- Attestation export bundle layout: `docs/modules/export-center/prep/2025-11-20-export-attest-74-001-prep.md` and CI/offline kit integration `...-74-002-prep.md`.
- EvidenceLocker/Attestor verification library (`stella attest verify`).
## CLI experience
- New command: `stella attest bundle verify --file export-attestation-bundle-v1.tgz`
- Validates SHA256 against co-located `.sha256` file (see 74-002).
- Runs DSSE verification using bundled statement/signature; prints subject digests, predicate type/version, and root hash.
- Exit codes: 0 success, 2 checksum mismatch, 3 DSSE signature failure, 4 missing TSA/log when required, >4 unexpected error.
- New command: `stella attest bundle import --file export-attestation-bundle-v1.tgz`
- Performs verification first; then registers the attestation in the local/offline EvidenceLocker (when configured) and outputs new `attestationId`/`tenant` reference.
- Supports `--tenant`, `--namespace` flags; defaults to current CLI profile.
- No network calls beyond optional TSA/CT validations; provide `--offline` to skip.
## Determinism and I/O
- CLI must avoid rewriting the archive; reads-only.
- Output logs in JSON when `--output json` is passed, with stable key order:
```json
{
"status": "verified",
"exportId": "...",
"attestationId": "...",
"rootHash": "sha256:...",
"subjects": ["sha256:..."],
"predicateType": "slsa/v1",
"bundlePath": "export-attestation-bundle-v1.tgz"
}
```
- Human-readable output includes root hash, subject digests, predicate type/version, and trust root used.
## Acceptance criteria
- CLI verifies bundles generated by 74-002 using only local artefacts; succeeds offline when `--offline` is used.
- Import command registers attestation locally without modifying archive; errors if checksum/signature fail.
- Exit codes and JSON schema documented for automation; tests cover checksum mismatch and invalid signature cases.
## Handoff
- Implement commands in `src/Cli/StellaOps.Cli` (attestor plugin) and add docs/examples to `docs/modules/cli/artefacts/guardrails-artefacts-2025-11-19.md` or a new CLI guide.
- Link back to this prep in Sprint 0162 Delivery Tracker entry P8.

35
docs/modules/export-center/prep/2025-11-20-export-attest-75-002-prep.md Normal file
View File

@@ -0,0 +1,35 @@
# Export Attestation Prep — PREP-EXPORT-ATTEST-75-002
Status: **Ready for implementation** (2025-11-20)
Owners: Exporter Service Guild
Scope: Wire attestation export bundles (74-002) + CLI workflows (75-001) into full offline kit and mirror bundle distribution flows.
## Dependencies
- 74-001/74-002 bundle + kit layout.
- CLI verify/import contract: `docs/modules/export-center/prep/2025-11-20-export-attest-75-001-prep.md`.
## Distribution/kit contract
- Place attestation bundles and checksum files into offline kit (same layout as 74-002) and publish to mirror locations used by ExportCenter air-gap profiles.
- Provide `manifest-offline.json` entry per kit:
```json
{
"kind": "attestation-kit",
"kitVersion": "v1",
"artifact": "attestations/export-attestation-bundle-v1.tgz",
"checksum": "checksums/attestations/export-attestation-bundle-v1.tgz.sha256",
"cliExample": "stella attest bundle verify --file attestations/export-attestation-bundle-v1.tgz",
"importExample": "stella attest bundle import --file attestations/export-attestation-bundle-v1.tgz --offline",
"rootHash": "sha256:...",
"createdAt": "2025-11-20T00:00:00Z"
}
```
- Copy the kit directory to mirror/air-gap repo: `mirror/export/attestations/{kitVersion}/` with same bytes; publish `manifest-offline.json` and `.sha256` for the manifest.
## Acceptance criteria
- Offline kit includes attestation bundle + checksum + manifest entries; hashes match originals from 74-002.
- Mirrors deliver identical bytes (bit-for-bit) across environments; manifests list CLI commands for operators.
- No rebuild of attestation bundle during distribution; only copies allowed.
## Handoff
- Implement packaging/copy steps in ExportCenter build pipeline and mirror publisher.
- Update Sprint 0162 Delivery Tracker entry P9 when complete.

54
docs/modules/export-center/prep/2025-11-20-export-oas-61-001-prep.md Normal file
View File

@@ -0,0 +1,54 @@
# ExportCenter OAS Prep — PREP-EXPORT-OAS-61-001
Status: **Ready for implementation** (2025-11-20)
Owners: Exporter Service Guild · API Contracts Guild
Scope: Freeze ExportCenter v1 OpenAPI surface (profiles/runs/downloads) with deterministic headers, ETag/versioning, and standard error envelope.
## Design targets
- Cover the baseline export capabilities required for Wave 160.B: air-gap evidence exports, attestation exports, mirror/bootstrap exports, and discovery.
- Keep payloads deterministic; avoid wall-clock dependence outside stamped fields returned by the service.
- Provide strong cache/discovery signals: `ETag`, `Last-Modified`, `Cache-Control: private, must-revalidate`, plus `/.well-known/openapi` entry.
## Paths to include in v1 spec
- `GET /.well-known/openapi` — returns OpenAPI document with `ETag` and `X-Export-Oas-Version` (value `v1`).
- Evidence exports (portable bundles):
- `POST /v1/exports/airgap/evidence/{bundleId}``202 Accepted` with `exportId`, `status=pending`.
- `GET /v1/exports/airgap/evidence/{exportId}` → status document (`status`, `rootHash`, `artifactSha256`, `portableVersion`, `downloadUri`).
- `GET /v1/exports/airgap/evidence/{exportId}/download``application/gzip`, filename `export-portable-bundle-v1.tgz`, `ETag` = archive SHA-256.
- Attestation exports:
- `POST /v1/exports/attestations/{attestationId}``202 Accepted` with `exportId`.
- `GET /v1/exports/attestations/{exportId}` → status + `downloadUri`, `rootHash`, `statementDigest`.
- `GET /v1/exports/attestations/{exportId}/download``application/gzip`, filename `export-attestation-bundle-v1.tgz`, `ETag` = archive SHA-256.
- Mirror/bootstrap (profiles only, no payload schema change):
- `GET /v1/exports/profiles` — lists available export profiles (e.g., `mirror`, `bootstrap`, `airgap-evidence`, `attestation`). Supports pagination (`limit`, `cursor`) and filtering by `kind`.
- `GET /v1/exports/runs` — list export runs with status filters, tenant scoping, paging.
- Observability hooks (metadata only):
- `GET /v1/exports/runs/{exportId}/events` — optional timeline/event stream pointer (when notifications enabled). Can remain `x-stub: true` until envelopes land.
## Components
- **Schemas**
- `ExportStatus`: `{ exportId, profileId, status: pending|running|completed|failed, artifactSha256, rootHash, portableVersion?, attestationId?, bundleId?, createdAt, completedAt?, downloadUri }`
- `ExportProfile`: `{ id, kind, description, version, retentionDays }`
- `ErrorEnvelope`: `{ error: { code, message, correlationId, retryAfterSeconds? } }` with deterministic key order.
- **Security**
- OAuth2 client credentials; scopes: `export:write` (POST), `export:read` (GET/Download). Tenants enforced via claims.
- **Headers**
- `ETag` on all download/status responses; `Last-Modified` on status/download reflecting deterministic creation time.
- Quota headers `X-Stella-Quota-*` retained for consistency with EvidenceLocker/ExportCenter.
## Versioning & determinism
- OAS document served with `version: 1.0.0` and `x-stella-oas-revision` (UTC date string). No inline examples with non-deterministic timestamps; examples use `2025-01-01T00:00:00Z`.
- All example hashes use fixed placeholder `sha256:0123...deadbeef` to keep docs repeatable.
## Deliverables
- Publish OpenAPI YAML at `docs/modules/export-center/openapi/export-center.v1.yaml` matching the paths/schemas above.
- Link the `.yaml` from Sprint 0162 Delivery Tracker P10 and set status to DONE once published.
## Acceptance criteria
- All listed endpoints present in the YAML with request/response schemas and security scopes.
- Deterministic examples (fixed timestamps/hashes) and `ETag`/`Last-Modified` response headers documented.
- `/.well-known/openapi` discovery endpoint described with `ETag` and version headers.
## Next steps
- Generate the YAML (can seed from EvidenceLocker/Orchestrator style) and check into `docs/modules/export-center/openapi/export-center.v1.yaml`.
- Update SDK generator task (62-001) to depend on this OAS once merged.

18
docs/modules/export-center/prep/2025-11-20-export-oas-61-002-prep.md Normal file
View File

@@ -0,0 +1,18 @@
# Export OAS Discovery Prep — PREP-EXPORT-OAS-61-002-DEPENDS-ON-61-001
Status: Draft (2025-11-20)
Owners: Exporter Service Guild
Scope: Define the OpenAPI discovery endpoint once base OAS (61-001) is frozen.
## Requirements
- Endpoint: `GET /.well-known/openapi` (and `.json` alias) returning latest Exporter OAS.
- Headers: `ETag`, `Last-Modified`, `Cache-Control: public, max-age=300`; support `If-None-Match` for 304.
- Body: JSON with fields `{version, oas_url, checksum_sha256, generated_at, profiles_supported}` plus embedded OAS or link.
- Determinism: stable ordering of fields; checksum over canonical OAS JSON.
## Acceptance
- Once 61-001 OAS is fixed, publish generated OAS path and checksum into this doc and `docs/modules/export-center/api.md`.
- Add sample discovery response at `docs/events/samples/export-center.openapi.discovery@draft.json`.
## Handoff
Use this as the prep artefact for PREP-EXPORT-OAS-61-002-DEPENDS-ON-61-001. Update checksums/links when 61-001 finalizes, then mark implementation DOING.

18
docs/modules/export-center/prep/2025-11-20-export-oas-62-001-prep.md Normal file
View File

@@ -0,0 +1,18 @@
# Export SDK Prep — PREP-EXPORT-OAS-62-001-DEPENDS-ON-61-002
Status: Draft (2025-11-20)
Owners: Exporter Service Guild · SDK Generator Guild
Scope: Capture SDK generation requirements once discovery endpoint (61-002) is live.
## Requirements
- Inputs: stable OAS from 61-001, discovery metadata from 61-002.
- SDKs: Go, Python, C#, TypeScript. Must include streaming helpers for export downloads and polling helpers for long-running export jobs.
- Versioning: embed `x-sdk-version` matching OAS `version`; regenerate only on checksum change.
- Tests: smoke tests per SDK calling stubbed endpoints; deterministic snapshots for generated code hashes.
## Acceptance
- Record generated SDK artifact paths and checksums in this doc and `docs/modules/export-center/api.md`.
- Provide sample snippet paths under `docs/modules/export-center/samples/sdk/` per language.
## Handoff
Use this as the prep artefact for PREP-EXPORT-OAS-62-001-DEPENDS-ON-61-002. Update with actual checksums/paths after 61-002 and SDK generation are completed; then move implementation to DOING.

18
docs/modules/export-center/prep/2025-11-20-exporter-evidencelocker-blocker.md Normal file
View File

@@ -0,0 +1,18 @@
# EvidenceLocker Contract Blocker Prep — PREP-EXPORTER-SERVICE-EVIDENCELOCKER-GUILD-BL
Status: Draft (2025-11-20)
Owners: Planning · Exporter Service Guild · EvidenceLocker Guild
Scope: Document the blocker awaiting EvidenceLocker sealed bundle contract before ExportCenter implementation can proceed.
## Blocking items
- Sealed bundle schema/hash and DSSE layout from EvidenceLocker (Sprint 161).
- Sample sealed bundle + manifest checksum for DevPortal CLI dry run.
- Trust-root publication path and rotation policy aligned with `docs/security/crypto-registry-decision-2025-11-18.md`.
## Ready-to-start criteria
- Hash/version of sealed bundle schema recorded here and in Sprint 161 Decisions.
- Sample bundle placed under `docs/samples/export-center/bundles/` with SHA256 + DSSE envelope.
- Exporter service ingestion contract updated in `docs/modules/export-center/profiles.md`.
## Handoff
Use this document as the prep artefact for PREP-EXPORTER-SERVICE-EVIDENCELOCKER-GUILD-BL. Update once EvidenceLocker provides schema hash and sample bundle; then unblock export tasks. If not available by the next checkpoint, keep dependent tasks BLOCKED and escalate via Sprint 160/161.

22
docs/modules/findings-ledger/prep/2025-11-20-ledger-obs-54-001-prep.md
View File

@@ -1,12 +1,22 @@
# Ledger Observability Prep — PREP-LEDGER-OBS-54-001
Status: Draft (2025-11-20)
Status: Prep complete (2025-11-20)
Owners: Findings Ledger Guild · Provenance Guild
Scope: Minimal API surface for `/ledger/attestations` and observability hooks.
Scope: Minimal HTTP surface plus determinism/telemetry hooks for `/v1/ledger/attestations`.
## Needs
- HTTP surface spec (routes, auth scopes) to host `/ledger/attestations`.
- Telemetry fields to include provenance IDs.
## Agreed contract (PREP-LEDGER-OBS-54-001)
- HTTP surface published in `docs/modules/findings-ledger/prep/ledger-attestations-http.md`.
- Endpoint: `GET /v1/ledger/attestations` with tenant header `X-Stella-Tenant` and bearer scope `ledger.attest.read` (or mTLS).
- Filters: `artifactId`, `findingId`, `attestationId`, `status`, `sinceRecordedAt`, `untilRecordedAt`, `limit`.
- Ordering/pagination: deterministic by `recordedAt ASC, attestationId ASC`; pagination token encodes `{recordedAt, attestationId, filtersHash}`.
- Response shape (JSON or NDJSON): ids, verification status/time, DSSE digest, optional Rekor entry id, evidence bundle ref, source ledger event id, Merkle leaf + root hashes.
- Offline posture: no live Rekor calls; all hashes lowercase SHA-256; times UTC; deterministic sort only.
## Telemetry hooks
- Log events: `ledger.attestations.query` (tenant, filtersHash, limit, duration_ms, result_count).
- Metrics: `ledger_attestations_queries_total{tenant,status}`; `ledger_attestations_failures_total{reason}`.
- Tracing: span `ledger.attestations.query` with attributes `filtersHash`, `next_page_token_present`.
## Handoff
Use as PREP artefact; update once API contract is drafted.
- Use `docs/modules/findings-ledger/prep/ledger-attestations-http.md` as the binding prep artefact for LEDGER-OBS-54-001 / 55-001 implementation.
- Service scaffolding and OAS wiring land in LEDGER-OBS-54-001 once the web-service handler is added.

51
docs/modules/findings-ledger/prep/2025-11-20-ledger-packs-42-001-prep.md
View File

@@ -1,9 +1,52 @@
# Ledger Packs Snapshot Prep — PREP-LEDGER-PACKS-42-001
Status: Draft (2025-11-20)
Status: Prep complete (2025-11-20)
Owners: Findings Ledger Guild · Mirror Creator Guild
Scope: Snapshot/time-travel contract for packs simulation.
Scope: Snapshot/time-travel contract for packs simulation and offline CLI execution (PREP-LEDGER-PACKS-42-001).
## Needs
- Snapshot format and bundle layout for pack simulation/time-travel.
## Goals
- Provide deterministic, tenant-scoped snapshots that let pack runners/CLI replay ledger state offline.
- Allow “time-travel” queries (choose exact ledger sequence/cycle) to debug policy outcomes.
- Reuse existing export shapes where possible and avoid redundant DB projections.
## Surfaces
- `GET /v1/ledger/packs/snapshots`
- Headers: `X-Stella-Tenant` (required), bearer scope `ledger.packs.read`.
- Query: `atSequence` (long, optional), `atCycleHash` (string, optional), `sinceSequence` / `untilSequence` (long, optional), `page_size` (default 100, max 1000), `page_token`.
- Returns: list of available snapshot descriptors (JSON or NDJSON) sorted by `sequence ASC`.
- `GET /v1/ledger/packs/snapshots/{snapshotId}/download`
- Streams a gzip tarball containing the snapshot bundle (see layout).
- Supports `Accept: application/vnd.stella.pack-snapshot+tar` (default) or `application/x-ndjson` for manifest-only dry-run (no payload files) when `Prefer: return=representation` is absent.
## Snapshot descriptor fields
- `snapshot_id` (uuid, stable)
- `tenant`
- `base_sequence` (long) — earliest ledger event included
- `upper_sequence` (long) — last ledger event included (inclusive)
- `cycle_hash` (string) — Merkle cycle hash at `upper_sequence`
- `policy_version`, `projector_version`, `generator_version`
- `created_at` (ISO-8601 UTC)
- `approx_uncompressed_size_bytes`
- `content` summary: counts for `findings`, `vex`, `advisories`, `sboms`
## Bundle layout (tar.gz)
- `manifest.json`: descriptor above plus SHA-256 digests and lengths for each payload file.
- `findings.ndjson`: canonical finding shape matching `/ledger/export/findings`.
- `vex.ndjson`, `advisories.ndjson`, `sboms.ndjson`: same shapes/filters as export endpoints.
- `indexes/`: optional bloom/filter helpers for fast CLI lookup (`component_purl`, `advisory_id`, `risk_profile_version`).
- `provenance.json`: DSSE envelope with bundle hash, generator inputs (seed, source commit, policy version).
## Determinism and filters
- Snapshot is deterministic for a given `(tenant, base_sequence, upper_sequence, cycle_hash, policy_version)`.
- Page tokens: base64url JSON `{ "last": { "upper_sequence": long, "snapshot_id": uuid }, "filters_hash": sha256 }`.
- When `atCycleHash` is provided, server resolves the closest <=matching cycle and emits one descriptor; otherwise uses `untilSequence` or latest committed.
- No wall-clock dependence; `created_at` reflects generator runtime but is stored once and signed in provenance.
## Validation rules
- Reject overwrite if snapshot with identical `(tenant, upper_sequence, cycle_hash)` already published (idempotent response with existing `snapshot_id`).
- Reject if requested window crosses projector gap (missing sequences) with error `409` and `X-Stella-Gap-From/To`.
- Enforce `page_size` consistency across tokens; 400 on mismatch.
## Artefact location
- This prep: `docs/modules/findings-ledger/prep/2025-11-20-ledger-packs-42-001-prep.md`.
- Bundle schema is derived from export shapes in `docs/modules/findings-ledger/export-http-surface.md`; SDK/OAS plumbing to be added in LEDGER-PACKS-42-001 implementation.

49
docs/modules/findings-ledger/prep/2025-11-20-ledger-risk-66-prep.md
View File

@@ -1,11 +1,50 @@
# Ledger Risk Schema Prep — PREP-LEDGER-RISK-66-001/002
Status: Draft (2025-11-20)
Status: Prep complete (2025-11-20)
Owners: Findings Ledger Guild · Risk Engine Guild
Scope: Contract + data model for PREP-LEDGER-RISK-66-001/002 (risk scoring fields and deterministic upsert).
## Needs
- Risk engine schema/contract inputs: `risk_score`, `risk_severity`, `profile_version`, `explanation_id`, indexes.
- Migration plan to add fields.
## Field definitions (canonical finding projection)
- `risk_score` (numeric, 0100, 2dp) — monotonic per `(finding_id, profile_version)`; computed by Risk Engine.
- `risk_severity` (enum) — derived mapping: `critical >= 90`, `high >= 70`, `medium >= 40`, `low >= 10`, `informational < 10`.
- `risk_profile_version` (string) — semantic version of the scoring policy/profile; required.
- `risk_explanation_id` (uuid/string) — pointer to Risk Engine explanation payload stored in Risk service (not duplicated in ledger).
- `risk_event_sequence` (long) — ledger sequence of the last applied risk event; enforces monotonic updates.
- `risk_updated_at` (ISO-8601 UTC) — when the score was last written.
## Storage and indexes (MongoDB)
- Collection: `findings` (existing). Add fields above to the projection document.
- Unique compound index: `{ tenant: 1, finding_id: 1, risk_profile_version: 1 }`.
- Query helper index for exports/UI: `{ tenant: 1, risk_severity: 1, risk_score: -1, observed_at: -1 }`.
- TTL: none; scores are historical but superseded by deterministic upsert described below.
## Deterministic upsert flow (LEDGER-RISK-66-002)
1. Risk Engine emits `RiskScoreApplied` event with `{tenant, finding_id, profile_version, score, explanation_id, event_sequence}`.
2. Handler loads current projection by `(tenant, finding_id)`; compares `(profile_version, event_sequence)`:
- If incoming `event_sequence` < stored `risk_event_sequence` ignore (idempotent).
- If equal idempotent update allowed only when score/severity unchanged.
- If greater write new values and set `risk_event_sequence = event_sequence`.
3. All writes recorded in ledger append with same event_sequence for audit; projection updates deterministic by sequence ordering.
4. Exports (`/ledger/export/findings`) surface these fields; snapshot bundles reuse the same shape.
## API/SDK contract hooks
- OAS baseline will mark all four fields in the finding shapes (canonical + compact) as optional today, required once migrations finish.
- `/ledger/export/findings` filters: `risk_profile_version` (already reserved), add `risk_severity` and `risk_score_min/max` in the next OAS bump.
- UI/SDK must treat missing `risk_profile_version` as not yet scored”.
## Migration/rollout plan (LEDGER-RISK-66-001)
- Step 1: Add fields and indexes behind feature flag `RiskScoringEnabled` (default off).
- Step 2: Backfill for latest profile per tenant using Risk Engine batch export; write via deterministic upsert to enforce ordering.
- Step 3: Enable streaming ingestion of `RiskScoreApplied` events; monitor lag via metric `ledger_risk_score_apply_lag_seconds`.
- Step 4: Flip default for `RiskScoringEnabled` to on after backfill success criteria:
- 99.9% of existing findings have `risk_profile_version` populated.
- No rejected events due to sequence regressions in the last 24h.
- Step 5: Update OAS/SDK to mark fields required; notify UI/Export consumers.
## Observability
- Log: `ledger.risk.apply` with tenant, finding_id, profile_version, score, event_sequence, applied (bool).
- Metrics: `ledger_risk_apply_total{result}`; `ledger_risk_score_latest{severity}` gauges per tenant.
- Tracing: span `ledger.risk.apply` tagging `profile_version`, `event_sequence`, `idempotent`.
## Handoff
Use as PREP artefact; update when risk field definitions and rollout plan are available.
- This document is the prep artefact for PREP-LEDGER-RISK-66-001/002. Implementation tasks wire schema + deterministic upsert and extend exports/OAS accordingly.

37
docs/modules/findings-ledger/prep/ledger-attestation-verification-event.md Normal file
View File

@@ -0,0 +1,37 @@
# Verification Event Contract (attestations → ledger_attestations)
Status: Draft (2025-11-21)
Owners: Provenance Guild · Findings Ledger Guild
Purpose: unblock LEDGER-OBS-54-001 by defining the ingestion event emitted by the verifier so we can populate `ledger_attestations`.
```
event_type: verification.attestation.completed
payload:
tenant_id: string (required)
attestation_id: uuid (required)
artifact_id: string (required; OCI digest or SBOM id)
finding_id: string (optional)
verification_status: string enum [verified, failed, unknown] (required)
verification_time: string (ISO-8601 UTC, required)
dsse_digest: string (sha256, lowercase, required)
rekor_entry_id: string (optional)
evidence_bundle_ref: string (optional)
merkle_leaf_hash: string (sha256, required)
root_hash: string (sha256, required)
cycle_hash: string (required)
projection_version: string (required)
```
Ordering/monotonicity:
- Events are emitted with a ledger `sequence_no`. Ingestion must ignore any verification event with `sequence_no` less than the stored `risk_event_sequence` for the same `(tenant_id, attestation_id)`.
Determinism for ingestion:
- Sort by `(sequence_no ASC, attestation_id ASC)` before upsert.
- Upsert target: `ledger_attestations` (see `004_ledger_attestations.sql`).
Open question:
- Should `verification_status` include `expired`/`revoked`? Need decision before marking schema final.
Next step:
- Once the verifier confirms this payload, wire ingestion job to project into `ledger_attestations` and flip LEDGER-OBS-54-001 to DOING.

1
docs/modules/findings-ledger/prep/ledger-attestations-http.md
View File

@@ -35,4 +35,5 @@
## Artefact location
- This prep doc: `docs/modules/findings-ledger/prep/ledger-attestations-http.md`.
- Storage/view contract: `docs/modules/findings-ledger/prep/ledger-attestations-storage.md`.
- Add path to OAS in a follow-on increment (LEDGER-OAS-61-002/63-001) once approved.

54
docs/modules/findings-ledger/prep/ledger-attestations-storage.md Normal file
View File

@@ -0,0 +1,54 @@
# Ledger Attestations Storage & Query Contract (LEDGER-OBS-54-001)
Status: PrepComplete (2025-11-20)
Owners: Findings Ledger Guild · Provenance Guild
## Goal
Provide a deterministic storage/view contract so the `/v1/ledger/attestations` endpoint can be implemented without further design work.
## Table (proposed)
- Name: `ledger_attestations`
- Partitioning: tenant-scoped (same strategy as `ledger_events`).
- Columns:
- `tenant_id` (text, not null)
- `attestation_id` (uuid, not null)
- `artifact_id` (text, not null) — OCI digest or SBOM id
- `finding_id` (text, null)
- `verification_status` (text, not null; `verified|failed|unknown`)
- `verification_time` (timestamptz, not null)
- `dsse_digest` (text, not null; lowercase sha256)
- `rekor_entry_id` (text, null)
- `evidence_bundle_ref` (text, null)
- `ledger_event_id` (uuid, not null) — source ledger event linking the attestation
- `recorded_at` (timestamptz, not null)
- `merkle_leaf_hash` (text, not null)
- `root_hash` (text, not null)
- `cycle_hash` (text, not null)
- `projection_version` (text, not null)
## Indexes / ordering
- PK: `(tenant_id, attestation_id)`
- Paging index: `(tenant_id, recorded_at, attestation_id)` to back deterministic sort `recorded_at ASC, attestation_id ASC`.
- Lookup indexes:
- `(tenant_id, artifact_id, recorded_at DESC)`
- `(tenant_id, finding_id, recorded_at DESC)`
- `(tenant_id, verification_status, recorded_at DESC)`
## Query contract for `/v1/ledger/attestations`
- Filters map to indexed columns: `artifactId`, `findingId`, `attestationId`, `status`, `sinceRecordedAt`, `untilRecordedAt`.
- Pagination token encodes `{ recordedAt, attestationId, filtersHash }`; server must reject mismatched hash.
- Response fields align 1:1 with columns above; no joins required.
- Determinism: sort strictly by `(recorded_at ASC, attestation_id ASC)`; no server clocks in payload.
## Migration notes
- Add table and indexes in the same migration (see `src/Findings/StellaOps.Findings.Ledger/migrations/004_ledger_attestations.sql`).
- Backfill from existing provenance/verification store (if present) into this table with recorded_at = original verification timestamp.
- Ensure writes/coalescing happen via ledger projections to keep `ledger_event_id`/`cycle_hash` consistent.
## Observability
- Logs: `ledger.attestations.query` (tenant, filtersHash, limit, duration_ms, result_count).
- Metrics: `ledger_attestations_queries_total{tenant,status}`, `ledger_attestations_failures_total{reason}`; reuse endpoint spans already defined in prep doc.
## Artefact location
- Storage contract: `docs/modules/findings-ledger/prep/ledger-attestations-storage.md`
- HTTP contract: `docs/modules/findings-ledger/prep/ledger-attestations-http.md`

Some files were not shown because too many files have changed in this diff Show More