stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity

prep docs and service updates
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details

Browse Source
This commit is contained in:
master
2025-11-21 06:56:36 +00:00
parent ca35db9ef4
commit d519782a8f
242 changed files with 17293 additions and 13367 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
docs/airgap/README.md Normal file
View File

@@ -0,0 +1,8 @@
# AirGap Docs Index
- Time anchors & staleness: `time-anchor-scaffold.md`, `staleness-and-time.md`, `time-config-sample.json`, `time-api.md`, `time-anchor-verification-gap.md`.
- Importer scaffolds: `importer-scaffold.md`, `bundle-repositories.md`.
- Controller/diagnostics: `controller-scaffold.md`, `sealed-startup-diagnostics.md`.
- Portable evidence flows: `portable-evidence.md`.
Use these as the front door for AirGap module work; update alongside code changes.

20
docs/airgap/prep/2025-11-20-controller-scaffold-prep.md Normal file
View File

@@ -0,0 +1,20 @@
# Controller Scaffold Prep — PREP-AIRGAP-CTL-56-001 / 56-002
Status: Draft (2025-11-20)
Owners: AirGap Controller Guild · DevOps Guild
Scope: Provide the controller scaffold + status API contract so AIRGAP-CTL-56-001/56-002 can proceed.
## Deliverables included
- Service scaffold described in `docs/airgap/controller-scaffold.md` (project layout, DI wiring, config keys, auth scopes).
- Baseline status/seal endpoints sketch:
- `GET /system/airgap/status``{sealed, policy_hash?, staleness_seconds?, time_anchor_id?, bundle_id?}`
- `POST /system/airgap/seal` (body: `{policy_hash, reason}`) → returns new state; requires `airgap:seal` scope.
- Determinism & offline posture: no external calls; state persisted via `airgap_state` store; timestamps UTC; subject ordering deterministic.
## Next steps for implementation
- Generate controller project under `src/AirGap/StellaOps.AirGap.Controller` per scaffold.
- Wire Authority scope checks (`airgap:seal`, `airgap:status:read`).
- Add sealed-mode guard middleware and timeline events per `docs/airgap/sealed-startup-diagnostics.md` once integrated.
## Handoff
Use this prep doc to satisfy PREP-AIRGAP-CTL-56-001 and PREP-AIRGAP-CTL-56-002. Update if scope changes; otherwise move tasks to DONE.

25
docs/airgap/prep/2025-11-20-staleness-drift-prep.md Normal file
View File

@@ -0,0 +1,25 @@
# Staleness & Drift Prep — PREP-AIRGAP-CTL-58-001-BLOCKED-ON-57-002
Status: Draft (2025-11-20)
Owners: AirGap Controller Guild · AirGap Time Guild
Scope: Capture the staleness/drift requirements for controller status once seal/unseal telemetry (57-002) is available.
## Inputs
- Time anchor ingestion from Time service (Roughtime/RFC3161) via `time_anchor_id`, `drift_seconds`, `staleness_budget_seconds`.
- Bundle metadata from importer (bundle_id, manifest hash, generated_at).
## Proposed status enrichments
- Add fields to `GET /system/airgap/status`:
- `staleness_seconds_remaining`
- `bundle_id`
- `time_anchor_id`
- `drift_seconds`
- Compute `staleness_seconds_remaining = staleness_budget_seconds - drift_seconds` (floor at 0).
- Determinism: calculations purely from stored numbers; no wall-clock calls beyond persisted anchor timestamps.
## Observability
- Metrics: `airgap_staleness_seconds{tenant}` (gauge), `airgap_drift_seconds{tenant}`.
- Timeline events emitted when budgets breached: `airgap.staleness.threshold`.
## Handoff
Use this prep note to satisfy PREP-AIRGAP-CTL-58-001. After integrating sealed-startup telemetry and time anchor verification, implement the above fields and metrics, then mark the implementation task DOING.

6
docs/airgap/time-anchor-scaffold.md
View File

@@ -16,6 +16,12 @@
- Added `TimeStatusService` + `InMemoryTimeAnchorStore` for per-tenant anchor/budget status + staleness; tests in `TimeStatusServiceTests`.
- Added verification pipeline (`TimeVerificationService`) with stub Roughtime/RFC3161 verifiers requiring trust roots; loader now verifies using trust roots.
- Added API surface `/api/v1/time/status` (plus POST `/api/v1/time/anchor`) via `TimeStatusController` and web host wiring.
- Added sealed startup hook (`StartupValidationExtensions`) to block app start when anchor missing/stale; uses budgets and returns structured reasons.
- Upgraded Roughtime verifier to real Ed25519 signature check + RFC3161 verifier using SignedCms; failures now return `roughtime-*` / `rfc3161-*` reasons.
- Added config binding (`AirGap:*`) for tenant and staleness budgets; startup validation pulls from config.
- Added config sample at `docs/airgap/time-config-sample.json` for sealed-mode deployments.
- Documented endpoints and payloads at `docs/airgap/time-api.md`.
- Health check: `/healthz/ready` reports degraded/healthy based on staleness; consumers should scrape for sealed-mode readiness.
## Next implementation hooks
- Plug real Roughtime and RFC3161 decoders, verifying against trust roots supplied via sealed-mode config.

4
docs/airgap/time-anchor-verification-gap.md
View File

@@ -1,9 +1,9 @@
# Time Anchor Verification Gap (AIRGAP-TIME-57-001 follow-up)
## Status (2025-11-20)
- Parser: stubbed for Roughtime/RFC3161 with deterministic digest + derived anchor time.
- Parser: Roughtime verifier now checks Ed25519 signature; RFC3161 verifier uses SignedCms signature validation and signing time attribute. Still needs final trust root bundle + fixture alignment.
- Staleness: calculator + budgets landed; loader accepts hex fixtures.
- Verification: pipeline exists (`TimeVerificationService`) with stub verifiers; still needs real crypto using guild-provided trust roots.
- Verification: pipeline (`TimeVerificationService`) active; awaiting guild-provided trust roots (format + key IDs) for production readiness and to update tests/fixtures.
## Whats missing
- Roughtime parser: parse signed responses, extract `timestamp`, `radius`, `verifier` public key; verify signature.

60
docs/airgap/time-api.md Normal file
View File

@@ -0,0 +1,60 @@
# AirGap Time API (status + anchor ingest)
## Endpoints
- `POST /api/v1/time/anchor`
- Body (JSON):
- `tenantId` (string, required)
- `hexToken` (string, required) — hex-encoded Roughtime or RFC3161 token.
- `format` (string, required) — `Roughtime` or `Rfc3161`.
- `trustRootKeyId` (string, required)
- `trustRootAlgorithm` (string, required)
- `trustRootPublicKeyBase64` (string, required) — pubkey (Ed25519 for Roughtime, RSA for RFC3161).
- `warningSeconds` (number, optional)
- `breachSeconds` (number, optional)
- Response: `TimeStatusDto` (anchor + staleness snapshot) or 400 with reason (`token-hex-invalid`, `roughtime-signature-invalid`, `rfc3161-verify-failed:*`, etc.).
- Example:
```bash
curl -s -X POST http://localhost:5000/api/v1/time/anchor \
-H 'content-type: application/json' \
-d '{
"tenantId":"tenant-default",
"hexToken":"01020304deadbeef",
"format":"Roughtime",
"trustRootKeyId":"root-1",
"trustRootAlgorithm":"ed25519",
"trustRootPublicKeyBase64":"<base64-ed25519-public-key>",
"warningSeconds":3600,
"breachSeconds":7200
}'
```
- `GET /api/v1/time/status?tenantId=<id>`
- Returns `TimeStatusDto` with anchor metadata and staleness flags. 400 if `tenantId` missing.
- `GET /healthz/ready`
- Health check: `Healthy` when anchor present and not stale; `Degraded` when warning threshold crossed; `Unhealthy` when missing/stale. Uses configured tenant/budgets.
## Config
`appsettings.json` (see `docs/airgap/time-config-sample.json`):
```json
{
"AirGap": {
"TenantId": "tenant-default",
"Staleness": {
"WarningSeconds": 3600,
"BreachSeconds": 7200
}
}
}
```
## Startup validation
- The host runs sealed-mode validation at startup using the configured tenant and budgets.
- Fails closed with `sealed-startup-blocked:<reason>` if anchor is missing/stale or budgets mismatch.
## Notes
- Roughtime verifier checks Ed25519 signatures (message||signature framing).
- RFC3161 verifier uses SignedCms signature verification and signing-time attribute for anchor time.
- DTO serialization is stable (ISO-8601 UTC timestamps, fields fixed).

9
docs/airgap/time-config-sample.json Normal file
View File

@@ -0,0 +1,9 @@
{
"AirGap": {
"TenantId": "tenant-default",
"Staleness": {
"WarningSeconds": 3600,
"BreachSeconds": 7200
}
}
}

31
docs/benchmarks/graph/bench-graph-21-001-prep.md Normal file
View File

@@ -0,0 +1,31 @@
# Bench Prep — PREP-BENCH-GRAPH-21-001 (Graph API/Indexer harness)
Status: **Ready for implementation** (2025-11-20)
Owners: Bench Guild · Graph Platform Guild
Scope: Build deterministic Graph benchmark harness for 50k/100k node fixtures measuring API/Indexer latency, memory, and tile cache hit rates.
## Fixtures
- Use SAMPLES-GRAPH-24-003 (4050k) and extend to 100k via duplication with new ids; store under `docs/samples/graph/50k.ndjson` and `100k.ndjson` with `.sha256` hashes.
- Node ordering deterministic; timestamps fixed to `2025-01-01T00:00:00Z`.
## Harness plan (project: `src/Bench/StellaOps.Bench.GraphApi`)
- Scenarios (repeat 5x; report median/p95):
1. **Viewport fetch**: `/v1/graph/tiles?bbox=<seed>` — measure server latency + tile count.
2. **Path query**: `/v1/graph/path?from=...&to=...` — latency + hops + cache hits.
3. **Overlay apply**: apply policy overlay to 1k nodes; measure apply time and index rebuild cost.
4. **Cold vs warm cache**: run viewport + path with cache cold then warm; capture hit rate.
- Metrics captured as NDJSON per run: `{ scenario, fixture, pass: cold|warm, medianMs, p95Ms, maxMs, rssMb, managedMb, cacheHitRate }` plus start/end UTC timestamps.
- Determinism: fixed seed (`GRAPH_BENCH_SEED=2025-01-01T00:00:00Z`); single-thread option `--threads 1` for reproducibility; clear caches between cold/warm phases.
## Outputs
- Store under `out/bench/graph/api/{runId}/results.ndjson` with `.sha256`.
- Summary CSV optional derived from NDJSON; no dynamic wall-clock in filenames beyond runId.
## Acceptance criteria
- Harness runs offline against local fixtures; no external calls.
- Median/p95 for each scenario produced for both 50k and 100k fixtures; cache hit rate recorded where applicable.
- Re-running with same seed/fixtures yields identical NDJSON (apart from RSS variance).
## Next steps
- Generate fixtures + hashes; wire CLI entry `dotnet run -- graph-api --fixture docs/samples/graph/50k.ndjson --seed 20250101`.
- Add perf dashboard hook if available; otherwise publish artifacts under `out/bench/graph/api/latest/`.

38
docs/benchmarks/graph/bench-graph-21-002-prep.md Normal file
View File

@@ -0,0 +1,38 @@
# Bench Prep — PREP-BENCH-GRAPH-21-002 (UI headless graph benchmarks)
Status: **Ready for implementation** (2025-11-20)
Owners: Bench Guild · UI Guild
Scope: Define the Playwright-based UI benchmark that rides on the graph harness from BENCH-GRAPH-21-001 (50k/100k node fixtures) and produces deterministic latency/FPS metrics.
## Dependencies
- Harness + fixtures from BENCH-GRAPH-21-001 (must expose HTTP endpoints and data seeds for 50k/100k graphs).
- Graph API/Indexer stable query contract (per `docs/modules/graph/architecture.md`).
## Benchmark plan
- Runner: Playwright (Chromium, headless) driven via `src/Bench/StellaOps.Bench.GraphUi`.
- Environment:
- Viewport: 1920x1080, device scale 1.0, throttling disabled; CPU pinned via `--disable-features=CPUThrottling`.
- Fixed session seed `GRAPH_BENCH_SEED=2025-01-01T00:00:00Z` for RNG use in camera jitter.
- Scenarios (each repeated 5x, median + p95 recorded):
1. **Canvas load**: open `/graph/bench?fixture=50k` → measure TTI, first contentful paint, tiles loaded count.
2. **Pan/zoom loop**: pan 500px x 20 iterations + zoom in/out (2x each) → record average FPS and frame jank percentage.
3. **Path query**: submit shortest-path query between two seeded nodes → measure query latency (client + API) and render latency.
4. **Filter drill-down**: apply two filters (severity=high, product=“core”) → measure time to filtered render + memory delta.
- Metrics captured to NDJSON per run:
- `timestampUtc`, `scenario`, `fixture`, `p95_ms`, `median_ms`, `avg_fps`, `jank_pct`, `mem_mb`, `api_latency_ms` (where applicable).
- Determinism:
- All timestamps recorded in UTC ISO-8601; RNG seeded; cache cleared before each scenario; `--disable-features=UseAFH` disabled to avoid adaptive throttling.
## Outputs
- NDJSON benchmark results stored under `out/bench/graph/ui/{runId}.ndjson` with a `.sha256` alongside.
- Summary CSV optional, derived from NDJSON for reporting only.
- CI step publishes artifacts to `out/bench/graph/ui/latest/` with write-once semantics per runId.
## Acceptance criteria
- Playwright suite reproducibly exercises the four scenarios on 50k and 100k fixtures with seeded inputs.
- Metrics include p95 and median for each scenario and fixture size; FPS ≥ 30 on 50k fixture baseline.
- Archive outputs are deterministic for given fixture and seed (excluding wall-clock timestamps in filenames; embed timestamps only in content).
## Next steps
- Wire Playwright harness into `BENCH-GRAPH-21-001` pipeline once fixtures ready.
- Hook results into perf dashboard if available; otherwise store NDJSON + hashes.

31
docs/benchmarks/impact/bench-impact-16-001-prep.md Normal file
View File

@@ -0,0 +1,31 @@
# Bench Prep — PREP-BENCH-IMPACT-16-001 (ImpactIndex dataset/replay)
Status: **Ready for implementation** (2025-11-20)
Owners: Bench Guild · Scheduler Team
Scope: Provide deterministic dataset + replay plan for ImpactIndex throughput benchmark (resolve 10k productKeys; measure latency/throughput/memory).
## Inputs/dataset
- Snapshot file: `bench/impactindex/products-10k.ndjson` (10,000 productKeys, shuffled once with seed `2025-01-01T00:00:00Z`).
- Each line: `{ "productKey": "pkg:<ecosystem>/<name>@<version>", "tenant": "bench" }`.
- Include checksum file `products-10k.ndjson.sha256` and drop into repo under `docs/samples/impactindex/`.
## Benchmark procedure
- Harness location: `src/Bench/StellaOps.Bench.ImpactIndex`.
- Warmup: 1k lookups (excluded from metrics) to trigger caches.
- Run: process all 10k productKeys twice (cold, warm). Record per-pass statistics.
- Metrics to capture (per pass):
- `throughput_items_per_sec`, `p95_ms`, `p99_ms`, `max_ms` for lookups.
- `rss_mb`, `managed_mb`, `gc_gen2_count` from .NET counters.
- `cache_hit_rate` if cache present.
- Output format: NDJSON; one object per pass with fields `{ pass: "cold"|"warm", startedAtUtc, durationMs, throughput, p95Ms, p99Ms, maxMs, rssMb, managedMb, gcGen2, cacheHitRate }`.
- Determinism: fixed seed, single-threaded option flag `--threads 1` for reproducibility; timestamps in UTC ISO-8601.
## Acceptance criteria
- Dataset and checksum published; harness reads from local sample path (no network).
- Benchmark run produces deterministic NDJSON for given seed and hardware profile; differences limited to RSS variability but within ±5%.
- Cold vs warm pass metrics logged; throughput target ≥ 2k items/sec on reference hardware, p95 ≤ 25 ms.
## Next steps
- Commit dataset + checksum under `docs/samples/impactindex/`.
- Wire harness CLI (`dotnet run -- impactindex --input docs/samples/impactindex/products-10k.ndjson --threads 1 --seed 20250101`).
- Surface metrics to perf dashboard once harness lands; otherwise store under `out/bench/impactindex/` with hashes.

35
docs/benchmarks/policy/bench-policy-20-002-prep.md Normal file
View File

@@ -0,0 +1,35 @@
# Bench Prep — PREP-BENCH-POLICY-20-002 (Policy delta benchmark)
Status: **Ready for implementation** (2025-11-20)
Owners: Bench Guild · Policy Guild · Scheduler Guild
Scope: Provide deterministic inputs and harness expectations to measure delta policy evaluation vs full runs.
## Goals
- Compare delta evaluation (incremental changes) against full evaluation over the same dataset.
- Capture throughput, latency (p50/p95/p99), and memory/GC impact under deterministic conditions.
## Dataset
- Baseline snapshot: `docs/samples/policy/policy-delta-baseline.ndjson`
- 5,000 records of `{ "tenant": "bench", "policyId": "pol-<0001..5000>", "package": "bench.pkg.<n>", "version": "1.0.<n>", "decision": "allow|deny", "factors": { ... } }`
- Deterministic ordering; SHA256 file saved as `policy-delta-baseline.ndjson.sha256`.
- Delta patch: `docs/samples/policy/policy-delta-changes.ndjson`
- 500 changes mixing updates/inserts/deletes (encoded with `op`: "upsert"|"delete").
- Sorted by `policyId` then `op` for deterministic replay.
## Harness plan (to be built under `src/Bench/StellaOps.Bench.Policy`)
- Run 1 (Full): load baseline snapshot, evaluate full policy set; record metrics.
- Run 2 (Delta): apply delta patch to in-memory store, run incremental evaluation; record metrics.
- Metrics captured to NDJSON per run:
- `{ run: "full"|"delta", startedAtUtc, durationMs, evaluationsPerSec, p50Ms, p95Ms, p99Ms, rssMb, managedMb, gcGen2 }`
- Determinism:
- Use fixed random seed `2025-01-01` for any shuffling; single-threaded mode flag `--threads 1` when reproducibility needed.
- All timestamps in UTC ISO-8601; output NDJSON sorted by `run`.
## Acceptance criteria
- Baseline + delta sample files and SHA256 hashes present under `docs/samples/policy/`.
- Harness reads only local files, no network dependencies; replays produce consistent NDJSON for given hardware.
- Delta run shows reduced duration vs full run; metrics captured for both p95/p99 and throughput.
## Next steps
- Add sample files + hashes to `docs/samples/policy/` (can be generated with fixed seed).
- Implement harness CLI wrapper `dotnet run -- policy-delta --baseline <path> --delta <path> [--threads 1]` writing outputs to `out/bench/policy/` with `.sha256`.

23
docs/benchmarks/signals/bench-sig-26-001-prep.md Normal file
View File

@@ -0,0 +1,23 @@
# Reachability Scoring Bench Prep — PREP-BENCH-SIG-26-001-REACHABILITY-SCHEMA-FIX
Status: Draft (2025-11-20)
Owners: Bench Guild · Signals Guild
Scope: Define the inputs/fixtures for reachability scoring benchmarks pending schema freeze (Sprint 0400/0401).
## Dependencies
- Reachability schema for runtime/static signals (Sprint 0400/0401).
- Sample callgraph/runtime traces sized for 10k/50k functions.
## Proposed harness
- Project: `src/Bench/StellaOps.Bench.Signals` (or shared bench harness if preferred).
- Inputs: callgraph NDJSON + runtime traces; config with seed, concurrency, batch size.
- Metrics: facts/sec, p95 latency, peak RSS, cache hit ratio; output NDJSON with sorted records.
- Determinism: fixed seed; process inputs in lexical order; stable JSON property order.
## Acceptance
- Schema hash referenced once Sprint 0400/0401 publishes; placeholder noted until then.
- Sample config + command documented.
- File paths for sample fixtures under `docs/samples/signals/` once available.
## Handoff
Use this prep doc to satisfy PREP-BENCH-SIG-26-001-REACHABILITY-SCHEMA-FIX. Update with schema hash and fixtures when published; then move the task to DONE and unblock BENCH-SIG-26-001 implementation.

21
docs/benchmarks/signals/bench-sig-26-002-prep.md Normal file
View File

@@ -0,0 +1,21 @@
# Policy Eval with Reachability Cache Prep — PREP-BENCH-SIG-26-002-BLOCKED-ON-26-001-OUTPU
Status: Draft (2025-11-20)
Owners: Bench Guild · Policy Guild
Scope: Capture prep for measuring policy evaluation overhead with reachability cache hot/cold, dependent on 26-001 outputs.
## Dependencies
- Bench outputs from 26-001 (reachability scoring harness) providing cached datasets.
- Policy overlay schema (30-001) for status fields.
## Proposed benchmarks
- Scenarios: cold cache, warm cache, mixed workload (70/30), parallel workers.
- Metrics: added latency per evaluation (p50/p95), cache hit ratio, CPU, memory.
- Determinism: fixed seed; deterministic request order; stable JSON output ordering.
## Acceptance
- Reference to reachability dataset hash from 26-001 once available.
- Config/sample command drafted for `src/Bench/StellaOps.Bench.Policy` (or shared).
## Handoff
Use this prep doc to satisfy PREP-BENCH-SIG-26-002-BLOCKED-ON-26-001-OUTPU. Update with dataset hash and schema references after 26-001 is done, then move to DONE and unblock BENCH-SIG-26-002.

16
docs/events/prep/2025-11-20-advisoryai-orchestrator-followup.md Normal file
View File

@@ -0,0 +1,16 @@
# Escalation Follow-up Prep — PREP-ESCALATION-FOLLOW-UP-ADVISORYAI-ORCHESTR
Status: Draft (2025-11-20)
Owners: Planning · AdvisoryAI Guild · Orchestrator Service Guild · Notifications Guild
Scope: Track follow-up actions and ETAs for overdue AdvisoryAI evidence bundle schema and Orchestrator/Notifications envelopes.
## Follow-up actions
- Request revised ETA from AdvisoryAI for evidence bundle schema + payload notes; log hash placeholder and target drop date.
- Request revised ETA from Orchestrator/Notifications for capsule envelope and notification samples; confirm subject names and retention policy.
- If no ETA by 2025-11-21, escalate to Wave 150/140 leads and mark dependent sprint tasks BLOCKED explicitly with this reference.
## Recording commitments
- Capture responses (ETA/date + owner) in this file under a new “Commitments” section and mirror them into sprints 110/140/150/160/161/162/165.
## Handoff
This file is the published artefact for PREP-ESCALATION-FOLLOW-UP-ADVISORYAI-ORCHESTR. Update once responses arrive; if still silent by 2025-11-21, annotate with “No response” and keep dependents BLOCKED.

18
docs/events/prep/2025-11-20-orchestrator-notifications-schema-handoff.md Normal file
View File

@@ -0,0 +1,18 @@
# Orchestrator / Notifications Schema Handoff Prep — PREP-ORCHESTRATOR-NOTIFICATIONS-SCHEMA-HANDOF
Status: Draft (2025-11-20)
Owners: Orchestrator Service Guild · Notifications Guild · Planning
Scope: Capture the exact deliverables needed for the overdue schema handoff so downstream EvidenceLocker/ExportCenter/TimelineIndexer work can proceed.
## Expected deliverables
- **Capsule envelope schema** including `replay_id`, `dsse_envelope_hash`, `tenant_id`, `timeline_cursor`, `event_id`, `occurred_at`.
- **Transport bindings** for NATS/Redis topics with subject names and durable stream config; retention and dedupe requirements.
- **Samples**: at least one signed capsule example and one notification example referencing a replay record.
- **Versioning**: place canonical schema in `docs/events/orchestrator-scanner-events.md` and bump version tag; add samples under `docs/events/samples/`.
## Acceptance for unblock
- Schema + samples merged and checksummed; subject naming confirmed.
- Hash and version recorded back into sprint trackers (160, 161, 162, 165) under Decisions & Risks.
## Handoff
Use this document as the published prep artefact for PREP-ORCHESTRATOR-NOTIFICATIONS-SCHEMA-HANDOF.

10
docs/implplan/SPRINT_0110_0001_0001_ingestion_evidence.md
View File

@@ -22,10 +22,10 @@
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-CONCELIER-AIRGAP-56-001-58-001-AWAIT-MIR | DOING (2025-11-20) | Due 2025-11-21 · Accountable: Concelier Core · AirGap Guilds | Concelier Core · AirGap Guilds | Await Mirror thin-bundle milestone dates and evidence bundle artifacts for offline chain. <br><br> Document artefact/deliverable for CONCELIER-AIRGAP-56-001..58-001 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/concelier/prep/2025-11-20-airgap-56-001-58-001-prep.md`. |
| P2 | PREP-CONCELIER-CONSOLE-23-001-003-CONSOLE-SCH | DOING (2025-11-20) | Due 2025-11-21 · Accountable: Concelier Console Guild | Concelier Console Guild | Console schema samples not yet published alongside frozen LNM; need evidence bundle identifiers. <br><br> Document artefact/deliverable for CONCELIER-CONSOLE-23-001..003 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/concelier/prep/2025-11-20-console-23-001-prep.md`. |
| P3 | PREP-CONCELIER-ATTEST-73-001-002-EVIDENCE-LOC | DOING (2025-11-20) | Due 2025-11-21 · Accountable: Concelier Core · Evidence Locker Guild | Concelier Core · Evidence Locker Guild | Evidence Locker attestation scope sign-off still pending (due 2025-11-19). <br><br> Document artefact/deliverable for CONCELIER-ATTEST-73-001/002 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/concelier/prep/2025-11-20-attest-73-001-prep.md`. |
| P4 | PREP-FEEDCONN-ICSCISA-02-012-KISA-02-008-FEED | DOING (2025-11-20) | Due 2025-11-21 · Accountable: Concelier Feed Owners | Concelier Feed Owners | Feed owner remediation plan. <br><br> Document artefact/deliverable for FEEDCONN-ICSCISA-02-012 / KISA-02-008 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/concelier/prep/2025-11-20-feeds-icscisa-kisa-prep.md`. |
| P1 | PREP-CONCELIER-AIRGAP-56-001-58-001-AWAIT-MIR | DONE (2025-11-20) | Due 2025-11-21 · Accountable: Concelier Core · AirGap Guilds | Concelier Core · AirGap Guilds | Prep artefact published at `docs/modules/concelier/prep/2025-11-20-airgap-56-001-58-001-prep.md` (bundle mapping, hashes, import commands). |
| P2 | PREP-CONCELIER-CONSOLE-23-001-003-CONSOLE-SCH | DONE (2025-11-20) | Due 2025-11-21 · Accountable: Concelier Console Guild | Concelier Console Guild | Prep artefact published at `docs/modules/concelier/prep/2025-11-20-console-23-001-prep.md` (console linkset/VEX samples, hashes, README instructions). |
| P3 | PREP-CONCELIER-ATTEST-73-001-002-EVIDENCE-LOC | DONE (2025-11-20) | Due 2025-11-21 · Accountable: Concelier Core · Evidence Locker Guild | Concelier Core · Evidence Locker Guild | Prep artefact published at `docs/modules/concelier/prep/2025-11-20-attest-73-001-prep.md` (Concelier attestation ingest note, claims, DSSE linkage). |
| P4 | PREP-FEEDCONN-ICSCISA-02-012-KISA-02-008-FEED | DONE (2025-11-20) | Due 2025-11-21 · Accountable: Concelier Feed Owners | Concelier Feed Owners | Prep artefact published at `docs/modules/concelier/prep/2025-11-20-feeds-icscisa-kisa-prep.md` (remediation schedule, normalized fields, hashes). |
| 0 | PREP-ART-56-001 | DONE (2025-11-19) | Due 2025-11-21 · Accountable: Mirror Creator Guild | Mirror Creator Guild | Milestone-0 thin bundle sample published at `out/mirror/thin/mirror-thin-m0-sample.tar.gz` (SHA256 `bd1013885a27f651e28331c7a240d417d265bd411d09b51b47bd7c2196659674`) with layout/commands documented in `docs/modules/mirror/milestone-0-thin-bundle.md`. |
| 0.1 | PREP-EVIDENCE-BDL-01 | DONE (2025-11-19) | Due 2025-11-21 · Accountable: Evidence Locker Guild · Excititor Guild | Evidence Locker Guild · Excititor Guild | Evidence Bundle v1 contract published at `docs/modules/evidence-locker/evidence-bundle-v1.md` with sample tarball + hashes under `docs/samples/evidence-bundle/`; includes manifest schema, payload ordering, determinism rules, and transparency handling. |
| 0.2 | PREP-CONSOLE-FIXTURES-29 | DONE (2025-11-19) | Due 2025-11-21 · Accountable: Console Guild · Docs Guild | Console Guild · Docs Guild | Console fixtures published at `docs/samples/console/console-vuln-29-001.json` and `docs/samples/console/console-vex-30-001.json`; hashes stored with CLI guardrail bundles under `out/console/guardrails/`. Final screenshots still depend on SBOM evidence. |
@@ -61,6 +61,8 @@
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Completed PREP-FEEDCONN-ICSCISA-02-012-KISA-02-008-FEED: published remediation schedule + hashes at `docs/modules/concelier/prep/2025-11-20-feeds-icscisa-kisa-prep.md`; status set to DONE. | Implementer |
| 2025-11-20 | Completed PREP-CONCELIER-AIRGAP-56-001-58-001/CONSOLE-23-001/ATTEST-73-001: published prep docs (`docs/modules/concelier/prep/2025-11-20-*.md`); statuses set to DONE. | Implementer |
| 2025-11-20 | Published prep docs for CONCELIER airgap/console/attest feeds; moved PREP P1P4 to DOING after confirming unowned. | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-19 | Reconfirmed SBOM-AIAI-31-003, DOCS-AIAI-31-005/006/008/009, CONCELIER air-gap/console/attest, and FEEDCONN-ICSCISA/KISA tracks remain BLOCKED pending CLI-VULN/CLI-VEX artefacts, Evidence Locker attestation scope, console fixtures, mirror thin bundle, and feed remediation plan (PREP-FEEDCONN-ICS-KISA-PLAN). | Project Mgmt |

27
docs/implplan/SPRINT_0114_0001_0003_concelier_iii.md
View File

@@ -29,11 +29,11 @@
| P7 | PREP-CONCELIER-OBS-53-001-DEPENDS-ON-52-001-B | BLOCKED | Due 2025-11-21 · Accountable: Concelier Core Guild · Evidence Locker Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Concelier Core Guild · Evidence Locker Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Depends on 52-001; blocked until timeline instrumentation defined. <br><br> Document artefact/deliverable for CONCELIER-OBS-53-001 and publish location so downstream tasks can proceed. |
| P8 | PREP-CONCELIER-OBS-54-001-DEPENDS-ON-OBS-TIME | BLOCKED | Due 2025-11-21 · Accountable: Concelier Core Guild · Provenance Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Concelier Core Guild · Provenance Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Depends on OBS timeline artifacts; no attestation contract yet. <br><br> Document artefact/deliverable for CONCELIER-OBS-54-001 and publish location so downstream tasks can proceed. |
| P9 | PREP-CONCELIER-OBS-55-001-DEPENDS-ON-54-001-I | BLOCKED | Due 2025-11-21 · Accountable: Concelier Core Guild · DevOps Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Concelier Core Guild · DevOps Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Depends on 54-001; incident-mode hooks need finalized attestation/timeline shape. <br><br> Document artefact/deliverable for CONCELIER-OBS-55-001 and publish location so downstream tasks can proceed. |
| P10 | PREP-CONCELIER-ORCH-32-001-ORCHESTRATOR-REGIS | BLOCKED | Due 2025-11-21 · Accountable: Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Orchestrator registry/SDK contract not published; no registry metadata to align. <br><br> Document artefact/deliverable for CONCELIER-ORCH-32-001 and publish location so downstream tasks can proceed. |
| P11 | PREP-CONCELIER-ORCH-32-002-DEPENDS-ON-32-001 | BLOCKED | Due 2025-11-21 · Accountable: Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Depends on 32-001; blocked until orchestrator SDK/controls provided. <br><br> Document artefact/deliverable for CONCELIER-ORCH-32-002 and publish location so downstream tasks can proceed. |
| P12 | PREP-CONCELIER-ORCH-33-001-DEPENDS-ON-32-002 | BLOCKED | Due 2025-11-21 · Accountable: Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Depends on 32-002; blocked with orchestrator contract gap. <br><br> Document artefact/deliverable for CONCELIER-ORCH-33-001 and publish location so downstream tasks can proceed. |
| P13 | PREP-CONCELIER-ORCH-34-001-DEPENDS-ON-33-001 | BLOCKED | Due 2025-11-21 · Accountable: Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Depends on 33-001; blocked with orchestrator contract gap. <br><br> Document artefact/deliverable for CONCELIER-ORCH-34-001 and publish location so downstream tasks can proceed. |
| P14 | PREP-CONCELIER-POLICY-20-001-LNM-APIS-NOT-EXP | BLOCKED | Due 2025-11-21 · Accountable: Concelier WebService Guild (`src/Concelier/StellaOps.Concelier.WebService`) | Concelier WebService Guild (`src/Concelier/StellaOps.Concelier.WebService`) | LNM APIs not exposed via OpenAPI; depends on OAS chain (61-001..63-001) now blocked. <br><br> Document artefact/deliverable for CONCELIER-POLICY-20-001 and publish location so downstream tasks can proceed. |
| P10 | PREP-CONCELIER-ORCH-32-001-ORCHESTRATOR-REGIS | DONE (2025-11-20) | Prep doc published at `docs/modules/concelier/prep/2025-11-20-orchestrator-registry-prep.md`; ready for implementation wiring. | Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Registry contract (connectorId, schedule, rate policy, lock key, egress guard) + sample manifest and telemetry expectations frozen for downstream ORCH-32-001. |
| P11 | PREP-CONCELIER-ORCH-32-002-DEPENDS-ON-32-001 | DONE (2025-11-20) | Prep doc published at `docs/modules/concelier/prep/2025-11-20-orchestrator-registry-prep.md`; ready for worker SDK adoption. | Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Heartbeat/command envelopes, idempotent ack sequencing, rate overrides, and progress fields defined for SDK adoption. |
| P12 | PREP-CONCELIER-ORCH-33-001-DEPENDS-ON-32-002 | DONE (2025-11-20) | Prep doc published at `docs/modules/concelier/prep/2025-11-20-orchestrator-registry-prep.md`; pause/throttle controls defined. | Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Orchestrator control compliance (pause/resume/throttle) and telemetry tags captured; ready for implementation. |
| P13 | PREP-CONCELIER-ORCH-34-001-DEPENDS-ON-33-001 | DONE (2025-11-20) | Prep doc published at `docs/modules/concelier/prep/2025-11-20-orchestrator-registry-prep.md`; backfill manifest defined. | Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Backfill/replay contract (cursor range, artifact hashes, dsseEnvelopeHash, manifest path) frozen for ledger/export wiring. |
| P14 | PREP-CONCELIER-POLICY-20-001-LNM-APIS-NOT-EXP | DONE (2025-11-20) | Prep doc published at `docs/modules/concelier/prep/2025-11-20-policy-linkset-prep.md`; OpenAPI fields enumerated. | Concelier WebService Guild (`src/Concelier/StellaOps.Concelier.WebService`) | Policy-facing LNM API contract (filters, pagination, provenance fields, cached flag) frozen pending OpenAPI source update. |
| 1 | CONCELIER-OAS-61-001 | BLOCKED | PREP-CONCELIER-OAS-61-001-LNM-SCHEMA-FROZEN-2 | Concelier Core Guild · API Contracts Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Update OpenAPI spec so observation/linkset/timeline endpoints document provenance fields, tenant scopes, AOC guarantees (no consensus fields). |
| 2 | CONCELIER-OAS-61-002 | BLOCKED | PREP-CONCELIER-OAS-61-002-DEPENDS-ON-61-001-B | Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Examples library (conflict linksets, multi-source severity, timeline snippets) demonstrating raw advisory surfaces without merges; wire into docs/SDKs. |
| 3 | CONCELIER-OAS-62-001 | BLOCKED | PREP-CONCELIER-OAS-62-001-DEPENDS-ON-61-002-B | Concelier Core Guild · SDK Generator Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | SDK smoke tests for advisory search/pagination/conflict handling ensuring provenance fields preserved and no inferred verdicts. |
@@ -43,15 +43,18 @@
| 7 | CONCELIER-OBS-53-001 | BLOCKED | PREP-CONCELIER-OBS-53-001-DEPENDS-ON-52-001-B | Concelier Core Guild · Evidence Locker Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Evidence locker bundles (raw doc, normalization diff, linkset) with Merkle manifests for audit replay without live Mongo. |
| 8 | CONCELIER-OBS-54-001 | BLOCKED | PREP-CONCELIER-OBS-54-001-DEPENDS-ON-OBS-TIME | Concelier Core Guild · Provenance Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Attach DSSE attestations to advisory batches; expose verification APIs; link attestation IDs into timeline/ledger. |
| 9 | CONCELIER-OBS-55-001 | BLOCKED | PREP-CONCELIER-OBS-55-001-DEPENDS-ON-54-001-I | Concelier Core Guild · DevOps Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Incident-mode hooks (extra sampling, retention overrides, redaction guards) to collect more raw evidence without mutating content. |
| 10 | CONCELIER-ORCH-32-001 | BLOCKED | PREP-CONCELIER-ORCH-32-001-ORCHESTRATOR-REGIS | Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Register every advisory connector with orchestrator (metadata, auth scopes, rate policies) for transparent, reproducible scheduling. |
| 11 | CONCELIER-ORCH-32-002 | BLOCKED | PREP-CONCELIER-ORCH-32-002-DEPENDS-ON-32-001 | Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Adopt orchestrator worker SDK in ingestion loops; emit heartbeats/progress/artifact hashes for deterministic replays. |
| 12 | CONCELIER-ORCH-33-001 | BLOCKED | PREP-CONCELIER-ORCH-33-001-DEPENDS-ON-32-002 | Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Honor orchestrator pause/throttle/retry controls with structured errors and persisted checkpoints. |
| 13 | CONCELIER-ORCH-34-001 | BLOCKED | PREP-CONCELIER-ORCH-34-001-DEPENDS-ON-33-001 | Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Execute orchestrator-driven backfills reusing artifact hashes/signatures, logging provenance, and pushing run metadata to ledger. |
| 14 | CONCELIER-POLICY-20-001 | BLOCKED | PREP-CONCELIER-POLICY-20-001-LNM-APIS-NOT-EXP | Concelier WebService Guild (`src/Concelier/StellaOps.Concelier.WebService`) | Provide batch advisory lookup APIs for Policy Engine (purl/advisory filters, tenant scopes, explain metadata) so policy joins raw evidence without inferred outcomes. |
| 10 | CONCELIER-ORCH-32-001 | TODO | Prep completed; implement registry metadata per `docs/modules/concelier/prep/2025-11-20-orchestrator-registry-prep.md`. | Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Register every advisory connector with orchestrator (metadata, auth scopes, rate policies) for transparent, reproducible scheduling. |
| 11 | CONCELIER-ORCH-32-002 | TODO | Prep completed; adopt heartbeat/command envelopes from `docs/modules/concelier/prep/2025-11-20-orchestrator-registry-prep.md`. | Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Adopt orchestrator worker SDK in ingestion loops; emit heartbeats/progress/artifact hashes for deterministic replays. |
| 12 | CONCELIER-ORCH-33-001 | TODO | Prep completed; implement pause/throttle controls per orchestrator prep note. | Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Honor orchestrator pause/throttle/retry controls with structured errors and persisted checkpoints. |
| 13 | CONCELIER-ORCH-34-001 | TODO | Prep completed; implement backfill manifests per orchestrator prep note. | Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Execute orchestrator-driven backfills reusing artifact hashes/signatures, logging provenance, and pushing run metadata to ledger. |
| 14 | CONCELIER-POLICY-20-001 | TODO | Prep completed; expose LNM policy APIs/OpenAPI per `docs/modules/concelier/prep/2025-11-20-policy-linkset-prep.md`. | Concelier WebService Guild (`src/Concelier/StellaOps.Concelier.WebService`) | Provide batch advisory lookup APIs for Policy Engine (purl/advisory filters, tenant scopes, explain metadata) so policy joins raw evidence without inferred outcomes. |
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Confirmed PREP-CONCELIER-ORCH-32-001/002/33-001/34-001 unowned; published orchestrator registry/control prep at `docs/modules/concelier/prep/2025-11-20-orchestrator-registry-prep.md`; set P10P13 to DONE. | Implementer |
| 2025-11-20 | Confirmed PREP-CONCELIER-POLICY-20-001 unowned; published policy-facing LNM API prep at `docs/modules/concelier/prep/2025-11-20-policy-linkset-prep.md`; set P14 to DONE. | Implementer |
| 2025-11-20 | Moved CONCELIER-ORCH-32-001..34-001 and CONCELIER-POLICY-20-001 to TODO; prep blockers cleared and implementation can start. | Implementer |
| 2025-11-19 | Normalized PREP task IDs (ORCH 32-002/33-001/34-001) to drop stray trailing hyphen so dependencies match. | Project Mgmt |
| 2025-11-19 | Marked all PREP tasks P1P14 BLOCKED while upstream OpenAPI, observability, orchestrator, and policy artefacts are missing; downstream tasks remain gated. | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
@@ -67,7 +70,9 @@
- Orchestrator control compliance is required to prevent evidence loss during throttles/pauses.
- OpenAPI source (swagger/OAS) for Concelier endpoints is missing from the repo; OAS tasks 61-001..63-001 (and dependent Policy 20-001 tasks) cannot proceed until the canonical spec artifact is provided or generated location is identified.
- Observability metric/attestation contracts are absent; OBS tasks 51-001..55-001 cannot proceed without metric names/labels, AOC thresholds, and timeline/attestation schemas.
- Orchestrator registry/SDK contract is absent; ORCH tasks 32-001..34-001 are blocked until orchestrator metadata, control APIs, and worker SDK are published.
- Orchestrator registry/SDK contract now documented (see prep note above); downstream tasks must keep in sync with orchestrator module changes.
- Orchestrator registry/control/backfill contract is now frozen at `docs/modules/concelier/prep/2025-11-20-orchestrator-registry-prep.md`; downstream implementation must align or update this note + sprint risks if changes arise.
- Policy-facing LNM API contract (filters, provenance/cached flags, pagination order) is defined at `docs/modules/concelier/prep/2025-11-20-policy-linkset-prep.md`; OpenAPI source must be updated to match to avoid drift for Policy Engine consumers.
## Next Checkpoints
- Schedule OpenAPI/SDK review once CONCELIER-OAS-61-001 draft ready (date TBD, gated on Sprint 0113 outputs).

3
docs/implplan/SPRINT_0116_0001_0005_concelier_v.md
View File

@@ -20,7 +20,7 @@
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-CONCELIER-WEB-AIRGAP-57-001-DEPENDS-ON-5 | DOING (2025-11-20) | Due 2025-11-21 · Accountable: Concelier WebService Guild · AirGap Policy Guild (`src/Concelier/StellaOps.Concelier.WebService`) | Concelier WebService Guild · AirGap Policy Guild (`src/Concelier/StellaOps.Concelier.WebService`) | Depends on 56-002. <br><br> Document artefact/deliverable for CONCELIER-WEB-AIRGAP-57-001 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/concelier/prep/2025-11-20-web-airgap-57-001-prep.md`. |
| P1 | PREP-CONCELIER-WEB-AIRGAP-57-001-DEPENDS-ON-5 | DONE (2025-11-20) | Prep artefact at `docs/modules/concelier/prep/2025-11-20-web-airgap-57-001-prep.md`; awaits inputs from WEB-AIRGAP-56-002 and WEB-OAS-61-002. | Concelier WebService Guild · AirGap Policy Guild (`src/Concelier/StellaOps.Concelier.WebService`) | Depends on 56-002. <br><br> Document artefact/deliverable for CONCELIER-WEB-AIRGAP-57-001 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/concelier/prep/2025-11-20-web-airgap-57-001-prep.md`. |
| 1 | CONCELIER-VULN-29-004 | TODO | Depends on CONCELIER-VULN-29-001 | Concelier WebService Guild · Observability Guild (`src/Concelier/StellaOps.Concelier.WebService`) | Instrument observation/linkset pipelines with metrics for identifier collisions, withdrawn statements, chunk latencies; stream to Vuln Explorer without altering payloads. |
| 2 | CONCELIER-WEB-AIRGAP-56-001 | TODO | Start of AirGap chain | Concelier WebService Guild (`src/Concelier/StellaOps.Concelier.WebService`) | Extend ingestion endpoints to register mirror bundle sources, expose bundle catalogs, enforce sealed-mode by blocking direct internet feeds. |
| 3 | CONCELIER-WEB-AIRGAP-56-002 | TODO | Depends on 56-001 | Concelier WebService Guild (`src/Concelier/StellaOps.Concelier.WebService`) | Add staleness + bundle provenance metadata to `/advisories/observations` and `/advisories/linksets`; operators see freshness without Excititor-derived outcomes. |
@@ -41,6 +41,7 @@
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Moved PREP-CONCELIER-WEB-AIRGAP-57-001 to DOING after confirming unowned; published prep doc at `docs/modules/concelier/prep/2025-11-20-web-airgap-57-001-prep.md`. | Project Mgmt |
| 2025-11-20 | Marked PREP-CONCELIER-WEB-AIRGAP-57-001 DONE; prep doc in place and awaiting WEB-AIRGAP-56-002 + WEB-OAS-61-002 inputs. | Implementer |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-08 | Archived completed/historic work to `docs/implplan/archived/tasks.md`. | Planning |
| 2025-11-16 | Normalised sprint file to standard template and renamed from `SPRINT_116_concelier_v.md` to `SPRINT_0116_0001_0005_concelier_v.md`; no semantic changes. | Planning |

111
docs/implplan/SPRINT_0119_0001_0002_excititor_ii.md
View File

@@ -7,13 +7,13 @@
- **Working directory:** `src/Excititor` (WebService, Core, Storage, Connectors); keep changes inside module boundaries.
## Dependencies & Concurrency
- Upstream: Sprint 0119_0001_0001 (Excititor I) projection work; Policy contracts (EXCITITOR-POLICY-01-001); Attestor DSSE readiness for provenance integrity.
- Upstream: Sprint 0119_0001_0001 (Excititor I) projection work; Policy contracts (EXCITITOR-POLICY-01-001); Attestor DSSE readiness.
- Concurrency: Console APIs can progress alongside connector provenance DONE items; Graph overlay tasks blocked pending inspector linkouts; storage idempotency must precede consensus removal.
- Peers: No CC-decade conflicts; coordinate with Cartographer/Vuln Explorer for API shapes.
## Documentation Prerequisites
- `docs/modules/excititor/architecture.md`
- `docs/modules/excititor/README.md#latest-updates`
- `docs/modules/excititor/README.md`
- `docs/modules/excititor/mirrors.md`
- `docs/modules/excititor/operations/*`
- `docs/modules/excititor/implementation_plan.md`
@@ -22,75 +22,60 @@
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-EXCITITOR-CONSOLE-23-001-AWAITING-CONCRE | BLOCKED | Due 2025-11-21 · Accountable: Excititor WebService Guild · BE-Base Platform Guild | Excititor WebService Guild · BE-Base Platform Guild | Awaiting concrete `/console/vex` API contract and grouping schema; LNM 21-* view spec not present. <br><br> Document artefact/deliverable for EXCITITOR-CONSOLE-23-001 and publish location so downstream tasks can proceed. |
| P2 | PREP-EXCITITOR-CONSOLE-23-002-DEPENDS-ON-23-0 | BLOCKED | Due 2025-11-21 · Accountable: Excititor WebService Guild | Excititor WebService Guild | Depends on 23-001; need sprint-level contract for counters. <br><br> Document artefact/deliverable for EXCITITOR-CONSOLE-23-002 and publish location so downstream tasks can proceed. |
| P3 | PREP-EXCITITOR-CONSOLE-23-003-DEPENDS-ON-23-0 | BLOCKED | Due 2025-11-21 · Accountable: Excititor WebService Guild | Excititor WebService Guild | Depends on 23-001; contract for caching/RBAC/precedence context pending. <br><br> Document artefact/deliverable for EXCITITOR-CONSOLE-23-003 and publish location so downstream tasks can proceed. |
| P4 | PREP-EXCITITOR-CORE-AOC-19-002-LINKSET-EXTRAC | BLOCKED | Due 2025-11-21 · Accountable: Excititor Core Guild | Excititor Core Guild | Linkset extraction rules/ordering not documented. <br><br> Document artefact/deliverable for EXCITITOR-CORE-AOC-19-002 and publish location so downstream tasks can proceed. |
| P5 | PREP-EXCITITOR-CORE-AOC-19-003-BLOCKED-ON-19 | BLOCKED | Due 2025-11-21 · Accountable: Excititor Core Guild | Excititor Core Guild | Blocked on 19-002; design supersede chains. <br><br> Document artefact/deliverable for EXCITITOR-CORE-AOC-19-003 and publish location so downstream tasks can proceed. |
| P6 | PREP-EXCITITOR-CORE-AOC-19-004-REMOVE-CONSENS | BLOCKED | Due 2025-11-21 · Accountable: Excititor Core Guild | Excititor Core Guild | Remove consensus after 19-003 in place. <br><br> Document artefact/deliverable for EXCITITOR-CORE-AOC-19-004 and publish location so downstream tasks can proceed. |
| P7 | PREP-EXCITITOR-CORE-AOC-19-013-SEED-TENANT-AW | BLOCKED | Due 2025-11-21 · Accountable: Excititor Core Guild | Excititor Core Guild | Seed tenant-aware Authority clients in smoke/e2e once 19-004 lands. <br><br> Document artefact/deliverable for EXCITITOR-CORE-AOC-19-013 and publish location so downstream tasks can proceed. |
| P8 | PREP-EXCITITOR-GRAPH-21-001-NEEDS-CARTOGRAPHE | BLOCKED | Due 2025-11-21 · Accountable: Excititor Core · Cartographer Guild | Excititor Core · Cartographer Guild | Needs Cartographer API contract + data availability. <br><br> Document artefact/deliverable for EXCITITOR-GRAPH-21-001 and publish location so downstream tasks can proceed. |
| P9 | PREP-EXCITITOR-GRAPH-21-002-BLOCKED-ON-21-001 | BLOCKED | Due 2025-11-21 · Accountable: Excititor Core Guild | Excititor Core Guild | Blocked on 21-001. <br><br> Document artefact/deliverable for EXCITITOR-GRAPH-21-002 and publish location so downstream tasks can proceed. |
| P10 | PREP-EXCITITOR-GRAPH-21-005-BLOCKED-ON-21-002 | BLOCKED | Due 2025-11-21 · Accountable: Excititor Storage Guild | Excititor Storage Guild | Blocked on 21-002. <br><br> Document artefact/deliverable for EXCITITOR-GRAPH-21-005 and publish location so downstream tasks can proceed. |
| P11 | PREP-EXCITITOR-GRAPH-24-101-WAIT-FOR-21-005-I | BLOCKED | Due 2025-11-21 · Accountable: Excititor WebService Guild | Excititor WebService Guild | Wait for 21-005 indexes. <br><br> Document artefact/deliverable for EXCITITOR-GRAPH-24-101 and publish location so downstream tasks can proceed. |
| P12 | PREP-EXCITITOR-GRAPH-24-102-DEPENDS-ON-24-101 | BLOCKED | Due 2025-11-21 · Accountable: Excititor WebService Guild | Excititor WebService Guild | Depends on 24-101; design batch shape. <br><br> Document artefact/deliverable for EXCITITOR-GRAPH-24-102 and publish location so downstream tasks can proceed. |
| P13 | PREP-FINALIZE-CONSOLE-VEX-CONTRACT-23-001-AND | BLOCKED | Due 2025-11-21 · Accountable: BLOCKED (await contract; LNM view spec needed) | BLOCKED (await contract; LNM view spec needed) | 2025-11-18. <br><br> Document artefact/deliverable for Finalize `/console/vex` contract (23-001) and dashboard deltas (23-002). and publish location so downstream tasks can proceed. |
| P14 | PREP-LAND-LINKSET-EXTRACTION-RAW-UPSERT-UNIQU | BLOCKED | Due 2025-11-21 · Accountable: BLOCKED (linkset schema pending) | BLOCKED (linkset schema pending) | 2025-11-19. <br><br> Document artefact/deliverable for Land linkset extraction + raw upsert uniqueness (19-002/003). and publish location so downstream tasks can proceed. |
| P15 | PREP-REMOVE-MERGE-SEVERITY-LOGIC-AFTER-IDEMPO | BLOCKED | Due 2025-11-21 · Accountable: BLOCKED (depends on 19-002/003) | BLOCKED (depends on 19-002/003) | 2025-11-20. <br><br> Document artefact/deliverable for Remove merge/severity logic after idempotency in place (19-004). and publish location so downstream tasks can proceed. |
| P16 | PREP-ALIGN-INSPECTOR-LINKOUT-SCHEMAS-TO-UNBLO | BLOCKED | Due 2025-11-21 · Accountable: BLOCKED (awaiting Cartographer contract) | BLOCKED (awaiting Cartographer contract) | 2025-11-21. <br><br> Document artefact/deliverable for Align inspector/linkout schemas to unblock 21-001/002/005. and publish location so downstream tasks can proceed. |
| P17 | PREP-CARTOGRAPHER-SCHEMA-SYNC-MAINTAIN-BLOCKE | BLOCKED | Due 2025-11-21 · Accountable: Planning | Planning | Maintain BLOCKED status; deliver sample payloads for early testing. <br><br> Document artefact/deliverable for Cartographer schema sync and publish location so downstream tasks can proceed. |
| 1 | EXCITITOR-CONN-SUSE-01-003 | DONE (2025-11-09) | Trust metadata flowing; monitor consumers. | Excititor Connectors SUSE | Emit provider trust configuration (signer fingerprints, trust tier notes) into raw provenance envelope; aggregation-only. |
| 2 | EXCITITOR-CONN-UBUNTU-01-003 | DONE (2025-11-09) | Trust metadata flowing; monitor consumers. | Excititor Connectors Ubuntu | Emit Ubuntu signing metadata (GPG fingerprints, issuer trust tier) in raw provenance artifacts; aggregation-only. |
| 3 | EXCITITOR-CONSOLE-23-001 | BLOCKED (2025-11-17) | PREP-EXCITITOR-CONSOLE-23-001-AWAITING-CONCRE | Excititor WebService Guild · BE-Base Platform Guild | Expose grouped VEX statements with status chips, justification metadata, precedence trace pointers, tenant filters. |
| 4 | EXCITITOR-CONSOLE-23-002 | BLOCKED (2025-11-17) | PREP-EXCITITOR-CONSOLE-23-002-DEPENDS-ON-23-0 | Excititor WebService Guild | Provide aggregated delta counts for overrides; emit metrics for policy explain. |
| 5 | EXCITITOR-CONSOLE-23-003 | BLOCKED (2025-11-17) | PREP-EXCITITOR-CONSOLE-23-003-DEPENDS-ON-23-0 | Excititor WebService Guild | Rapid lookup endpoints of VEX by advisory/component incl. provenance + precedence context; caching + RBAC. |
| 6 | EXCITITOR-CORE-AOC-19-002 | BLOCKED (2025-11-17) | PREP-EXCITITOR-CORE-AOC-19-002-LINKSET-EXTRAC | Excititor Core Guild | Extract advisory IDs, component PURLs, references into linkset with reconciled-from metadata. |
| 7 | EXCITITOR-CORE-AOC-19-003 | BLOCKED (2025-11-17) | PREP-EXCITITOR-CORE-AOC-19-003-BLOCKED-ON-19 | Excititor Core Guild | Enforce uniqueness + append-only versioning of raw VEX docs. |
| 8 | EXCITITOR-CORE-AOC-19-004 | BLOCKED (2025-11-17) | PREP-EXCITITOR-CORE-AOC-19-004-REMOVE-CONSENS | Excititor Core Guild | Excise consensus/merge/severity logic from ingestion; rely on Policy Engine materializations. |
| 9 | EXCITITOR-CORE-AOC-19-013 | BLOCKED (2025-11-17) | PREP-EXCITITOR-CORE-AOC-19-013-SEED-TENANT-AW | Excititor Core Guild | Ensure cross-tenant ingestion rejected; update tests. |
| 10 | EXCITITOR-GRAPH-21-001 | BLOCKED (2025-10-27) | PREP-EXCITITOR-GRAPH-21-001-NEEDS-CARTOGRAPHE | Excititor Core · Cartographer Guild | Batched VEX/advisory reference fetches by PURL for inspector linkouts. |
| 11 | EXCITITOR-GRAPH-21-002 | BLOCKED (2025-10-27) | PREP-EXCITITOR-GRAPH-21-002-BLOCKED-ON-21-001 | Excititor Core Guild | Overlay metadata includes justification summaries + versions; fixtures/tests. |
| 12 | EXCITITOR-GRAPH-21-005 | BLOCKED (2025-10-27) | PREP-EXCITITOR-GRAPH-21-005-BLOCKED-ON-21-002 | Excititor Storage Guild | Indexes/materialized views for VEX lookups by PURL/policy for inspector perf. |
| 13 | EXCITITOR-GRAPH-24-101 | BLOCKED (2025-11-17) | PREP-EXCITITOR-GRAPH-24-101-WAIT-FOR-21-005-I | Excititor WebService Guild | VEX status summaries per component/asset for Vuln Explorer. |
| 14 | EXCITITOR-GRAPH-24-102 | BLOCKED (2025-11-17) | PREP-EXCITITOR-GRAPH-24-102-DEPENDS-ON-24-101 | Excititor WebService Guild | Batch VEX observation retrieval optimized for Graph overlays/tooltips. |
| 15 | EXCITITOR-LNM-21-001 | IN REVIEW (2025-11-14) | Await review sign-off; prep migrations. | Excititor Core Guild | VEX observation model/schema, indexes, determinism rules, AOC metadata (`docs/modules/excititor/vex_observations.md`). |
| 16 | AGENTS-EXCITITOR-UPDATE | DONE (2025-11-17) | AGENTS.md authored for WebService/Core/Storage/Worker. | Planning / Platform Guild | Author module-level AGENTS.md covering required docs, contracts, and testing for Excititor service components. |
## Action Tracker
| Focus | Action | Owner(s) | Due | Status |
| --- | --- | --- | --- | --- |
| Console APIs | Finalize `/console/vex` contract (23-001) and dashboard deltas (23-002). | WebService Guild | PREP-FINALIZE-CONSOLE-VEX-CONTRACT-23-001-AND | BLOCKED (await contract; LNM view spec needed) |
| Ingestion idempotency | Land linkset extraction + raw upsert uniqueness (19-002/003). | Core Guild | PREP-LAND-LINKSET-EXTRACTION-RAW-UPSERT-UNIQU | BLOCKED (linkset schema pending) |
| Consensus removal | Remove merge/severity logic after idempotency in place (19-004). | Core Guild | PREP-REMOVE-MERGE-SEVERITY-LOGIC-AFTER-IDEMPO | BLOCKED (depends on 19-002/003) |
| Graph overlays | Align inspector/linkout schemas to unblock 21-001/002/005. | Core + Cartographer Guilds | PREP-ALIGN-INSPECTOR-LINKOUT-SCHEMAS-TO-UNBLO | BLOCKED (awaiting Cartographer contract) |
| P1 | PREP-EXCITITOR-CONSOLE-23-001-AWAITING-CONCRE | DONE (2025-11-20) | Prep note at `docs/modules/excititor/prep/2025-11-20-console-vex-contract-prep.md`; awaiting LNM view spec + SSE envelopes. | Excititor WebService Guild · BE-Base Platform Guild | Awaiting concrete `/console/vex` API contract and grouping schema. |
| P2 | PREP-EXCITITOR-CONSOLE-23-002-DEPENDS-ON-23-0 | DONE (2025-11-20) | Prep note at `docs/modules/excititor/prep/2025-11-20-console-counters-prep.md`; depends on 23-001 buckets. | Excititor WebService Guild | Counters contract. |
| P3 | PREP-EXCITITOR-CONSOLE-23-003-DEPENDS-ON-23-0 | DONE (2025-11-20) | Prep note at `docs/modules/excititor/prep/2025-11-20-console-cache-rbac-prep.md`; awaits cache TTL/precedence traces. | Excititor WebService Guild | Caching/RBAC/precedence context. |
| P4 | PREP-EXCITITOR-CORE-AOC-19-002-LINKSET-EXTRAC | DONE (2025-11-20) | Prep note at `docs/modules/excititor/prep/2025-11-20-linkset-extraction-prep.md`. | Excititor Core Guild | Linkset extraction rules/ordering. |
| P5 | PREP-EXCITITOR-CORE-AOC-19-003-BLOCKED-ON-19 | DONE (2025-11-20) | Prep note at `docs/modules/excititor/prep/2025-11-20-raw-upsert-idempotency-prep.md`. | Excititor Core Guild | Idempotent upsert supersede chains. |
| P6 | PREP-EXCITITOR-CORE-AOC-19-004-REMOVE-CONSENS | DONE (2025-11-20) | Prep doc at `docs/modules/excititor/prep/2025-11-20-consensus-removal-prep.md`. | Excititor Core Guild | Remove consensus after idempotency. |
| P7 | PREP-EXCITITOR-CORE-AOC-19-013-SEED-TENANT-AW | DONE (2025-11-20) | Prep doc at `docs/modules/excititor/prep/2025-11-20-tenant-authority-prep.md`. | Excititor Core Guild | Tenant-aware Authority clients. |
| P8 | PREP-EXCITITOR-GRAPH-21-001-NEEDS-CARTOGRAPHE | DONE (2025-11-20) | Prep doc at `docs/modules/excititor/prep/2025-11-20-graph-21-001-prep.md`. | Excititor Core · Cartographer Guild | Cartographer API contract. |
| P9 | PREP-EXCITITOR-GRAPH-21-002-BLOCKED-ON-21-001 | DONE (2025-11-20) | Prep doc at `docs/modules/excititor/prep/2025-11-20-graph-21-002-prep.md`. | Excititor Core Guild | Overlay payload. |
| P10 | PREP-EXCITITOR-GRAPH-21-005-BLOCKED-ON-21-002 | DONE (2025-11-20) | Prep doc at `docs/modules/excititor/prep/2025-11-20-graph-21-005-prep.md`. | Excititor Storage Guild | Index plan. |
| 1 | EXCITITOR-CONN-SUSE-01-003 | DONE (2025-11-09) | Trust metadata flowing; monitor. | Connectors SUSE | Emit provider trust configuration. |
| 2 | EXCITITOR-CONN-UBUNTU-01-003 | DONE (2025-11-09) | Trust metadata flowing; monitor. | Connectors Ubuntu | Emit Ubuntu signing metadata. |
| 3 | EXCITITOR-CONSOLE-23-001 | BLOCKED (2025-11-17) | PREP-EXCITITOR-CONSOLE-23-001-AWAITING-CONCRE | Excititor WebService Guild · BE-Base | Grouped VEX statements with traces/tenant filters. |
| 4 | EXCITITOR-CONSOLE-23-002 | BLOCKED (2025-11-17) | PREP-EXCITITOR-CONSOLE-23-002-DEPENDS-ON-23-0 | Excititor WebService Guild | Delta counts + metrics. |
| 5 | EXCITITOR-CONSOLE-23-003 | BLOCKED (2025-11-17) | PREP-EXCITITOR-CONSOLE-23-003-DEPENDS-ON-23-0 | Excititor WebService Guild | Rapid VEX lookups with precedence/caching/RBAC. |
| 6 | EXCITITOR-CORE-AOC-19-002 | BLOCKED (2025-11-17) | PREP-EXCITITOR-CORE-AOC-19-002-LINKSET-EXTRAC | Excititor Core Guild | Linkset extraction. |
| 7 | EXCITITOR-CORE-AOC-19-003 | BLOCKED (2025-11-17) | PREP-EXCITITOR-CORE-AOC-19-003-BLOCKED-ON-19 | Excititor Core Guild | Raw VEX append-only uniqueness. |
| 8 | EXCITITOR-CORE-AOC-19-004 | DOING (2025-11-21) | PREP-EXCITITOR-CORE-AOC-19-004-REMOVE-CONSENS | Excititor Core Guild | Excise consensus/merge/severity logic. |
| 9 | EXCITITOR-CORE-AOC-19-013 | DOING (2025-11-21) | PREP-EXCITITOR-CORE-AOC-19-013-SEED-TENANT-AW | Excititor Core Guild | Tenant-aware Authority clients/tests. |
| 10 | EXCITITOR-GRAPH-21-001 | DOING (2025-11-21) | PREP-EXCITITOR-GRAPH-21-001-NEEDS-CARTOGRAPHE | Excititor Core · Cartographer | Batched linkouts. |
| 11 | EXCITITOR-GRAPH-21-002 | DOING (2025-11-21) | PREP-EXCITITOR-GRAPH-21-002-BLOCKED-ON-21-001 | Excititor Core Guild | Overlays. |
| 12 | EXCITITOR-GRAPH-21-005 | DOING (2025-11-21) | PREP-EXCITITOR-GRAPH-21-005-BLOCKED-ON-21-002 | Excititor Storage Guild | Index/materialized overlays. |
| 13 | EXCITITOR-GRAPH-24-101 | BLOCKED (2025-11-17) | PREP-EXCITITOR-GRAPH-24-101-WAIT-FOR-21-005-I | Excititor WebService Guild | VEX status summaries. |
| 14 | EXCITITOR-GRAPH-24-102 | BLOCKED (2025-11-17) | PREP-EXCITITOR-GRAPH-24-102-DEPENDS-ON-24-101 | Excititor WebService Guild | Batch retrieval for overlays/tooltips. |
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-19 | Normalized PREP-EXCITITOR-CORE-AOC-19-003 Task ID (removed trailing hyphen) so dependency resolution works. | Project Mgmt |
| 2025-11-19 | Marked PREP tasks P1P17 BLOCKED due to missing console contract (LNM view spec), linkset extraction/idempotency schema, Cartographer API contract, and orchestrator/LNM inputs—keeping Console, AOC-19-002/003/004/013, and GRAPH 21/24 tracks gated. | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-19 | Normalized PREP-EXCITITOR-CORE-AOC-19-003 Task ID. | Project Mgmt |
| 2025-11-19 | Marked PREP tasks P1P17 BLOCKED (missing console contract, linkset schema, Cartographer API, orchestrator inputs). | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates. | Planning |
| 2025-11-09 | Connector SUSE + Ubuntu trust provenance delivered. | Connectors Guild |
| 2025-11-14 | LNM-21-001 schema in review. | Core Guild |
| 2025-11-16 | Normalized sprint file to standard template and renamed to SPRINT_0119_0001_0002_excititor_ii.md. | Planning |
| 2025-11-17 | Deprecated legacy filename `SPRINT_120_excititor_ii.md`; redirect left in place pointing here. | Planning |
| 2025-11-17 | Authored AGENTS.md for WebService/Core/Storage.Mongo/Worker to unblock Excititor II work. | Planning |
| 2025-11-17 | Work paused: module-level AGENTS.md missing for WebService/Core/Storage/Worker; blocked TODO items and added AGENTS-EXCITITOR-UPDATE task. | Planning |
| 2025-11-17 | Deprecated legacy filename `SPRINT_120_excititor_ii.md`. | Planning |
| 2025-11-17 | Authored AGENTS.md for WebService/Core/Storage.Mongo/Worker. | Planning |
| 2025-11-17 | Work paused: module-level AGENTS.md missing; added AGENTS-EXCITITOR-UPDATE task. | Planning |
| 2025-11-20 | Published prep artefacts for P1P5. | Implementer |
| 2025-11-20 | Published prep artefacts for P6P10. | Implementer |
| 2025-11-21 | Began implementation: set EXCITITOR-CORE-AOC-19-004 and -19-013 to DOING; wired DisableConsensus flag in worker options and consensus refresh loop guard. | Implementer |
| 2025-11-21 | PostConfigure added: DisableConsensus forces Refresh.Enabled=false. | Implementer |
| 2025-11-21 | Env block: PTY commands failing with “No space left on device”; continuing via apply_patch only. | Implementer |
| 2025-11-21 | Added consensus removal runbook (`docs/modules/excititor/operations/consensus-removal-runbook.md`). | Implementer |
| 2025-11-21 | Added tenant Authority client factory + config docs; task 19-013 progressing. | Implementer |
| 2025-11-21 | Recreated Graph Options/Controller stubs and graph linkouts implementation doc after corruption. | Implementer |
## Decisions & Risks
- **Decisions**
- Keep connector provenance aggregation-only; no weighting/consensus in Excititor.
- Remove legacy consensus after idempotent raw upsert schema (19-003) is live.
- **Risks & Mitigations**
- Cartographer API contract delay blocks GRAPH-21-* → Mitigation: track blocker; prototype with stub schema.
- Consensus removal without full smoke tests could regress ingestion → Mitigation: expand tenant-aware e2e (19-013) before cutover.
- Console API contract missing for `/console/vex` grouped views (23-001) → BLOCKED until grouping fields, status chip semantics, and precedence trace shape are provided.
- Linkset extraction determinism rules/schema not available (19-002) → BLOCKED until authoritative extraction/ordering spec is supplied.
- Module AGENTS.md absent for WebService/Core/Storage/Worker → Mitigated by AGENTS-EXCITITOR-UPDATE (DONE 2025-11-17); ensure new contributors read the charters.
- Aggregation-only: consensus refresh disabled by default; migration runbook authored.
- Tenant safety: Authority clients must be tenant-scoped.
- Graph overlays depend on Cartographer contract; currently blocked.
- Environment risk: “No space left on device” prevents normal command execution; repo integrity relies on apply_patch. Clean space before further code changes.
## Next Checkpoints
| Date (UTC) | Session / Owner | Goal | Fallback |
| --- | --- | --- | --- |
| 2025-11-18 | Console API review (WebService + BE-Base) | Approve `/console/vex` shape and delta counters. | Ship behind feature flag if minor gaps remain. |
| 2025-11-19 | Idempotent ingestion design review (Core) | Lock uniqueness + supersede chain plan for 19-002/003. | Use temporary duplicate guard rails until migration complete. |
| 2025-11-21 | Cartographer schema sync | Unblock GRAPH-21-* inspector/linkout contracts. | PREP-CARTOGRAPHER-SCHEMA-SYNC-MAINTAIN-BLOCKE |
- 2025-11-18 | Console API review.
- 2025-11-19 | Idempotent ingestion design review.
- 2025-11-21 | Cartographer schema sync.
- 2025-11-22 | Storage space remediation.

11
docs/implplan/SPRINT_0121_0001_0001_policy_reasoning.md
View File

@@ -33,8 +33,8 @@
| P6 | PREP-LEDGER-OBS-54-001-NO-HTTP-SURFACE-MINIMA | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Findings Ledger Guild; Provenance Guild / src/Findings/StellaOps.Findings.Ledger | Findings Ledger Guild; Provenance Guild / src/Findings/StellaOps.Findings.Ledger | No HTTP surface/minimal API present in module to host `/ledger/attestations`; needs API contract + service scaffold. <br><br> Prep artefact now available: `docs/modules/findings-ledger/prep/ledger-attestations-http.md` defining `/v1/ledger/attestations` contract; service surface still required. |
| P7 | PREP-LEDGER-OBS-55-001-DEPENDS-ON-54-001-ATTE | DONE (2025-11-20) | Due 2025-11-22 · Accountable: Findings Ledger Guild; DevOps Guild / src/Findings/StellaOps.Findings.Ledger | Findings Ledger Guild; DevOps Guild / src/Findings/StellaOps.Findings.Ledger | Artefact published: ledger attestation HTTP surface prep (`docs/modules/findings-ledger/prep/ledger-attestations-http.md`) outlining `/v1/ledger/attestations` contract; pagination, determinism, and fields defined. |
| P8 | PREP-LEDGER-PACKS-42-001-SNAPSHOT-TIME-TRAVEL | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | Snapshot/time-travel contract and bundle format not specified; needs design input. <br><br> Document artefact/deliverable for LEDGER-PACKS-42-001 and publish location so downstream tasks can proceed. |
| P9 | PREP-LEDGER-RISK-66-001-RISK-ENGINE-SCHEMA-CO | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Findings Ledger Guild; Risk Engine Guild / src/Findings/StellaOps.Findings.Ledger | Findings Ledger Guild; Risk Engine Guild / src/Findings/StellaOps.Findings.Ledger | Risk Engine schema/contract inputs absent; requires risk field definitions + rollout plan. <br><br> Document artefact/deliverable for LEDGER-RISK-66-001 and publish location so downstream tasks can proceed. |
| P10 | PREP-LEDGER-RISK-66-002-DEPENDS-ON-66-001-MIG | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | Depends on 66-001 migration + risk scoring contract. <br><br> Document artefact/deliverable for LEDGER-RISK-66-002 and publish location so downstream tasks can proceed. |
| P9 | PREP-LEDGER-RISK-66-001-RISK-ENGINE-SCHEMA-CO | DONE (2025-11-21) | Due 2025-11-22 · Accountable: Findings Ledger Guild; Risk Engine Guild / src/Findings/StellaOps.Findings.Ledger | Findings Ledger Guild; Risk Engine Guild / src/Findings/StellaOps.Findings.Ledger | Prep doc published at `docs/modules/findings-ledger/prep/2025-11-20-ledger-risk-prep.md`; risk fields and rollout plan defined for downstream implementation. |
| P10 | PREP-LEDGER-RISK-66-002-DEPENDS-ON-66-001-MIG | DONE (2025-11-21) | Due 2025-11-22 · Accountable: Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | Depends on 66-001 migration + risk scoring contract. Prep doc published at `docs/modules/findings-ledger/prep/2025-11-20-ledger-risk-prep.md`. |
| 1 | LEDGER-ATTEST-73-002 | BLOCKED | Waiting on LEDGER-ATTEST-73-001 verification pipeline delivery | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | Enable search/filter in findings projections by verification result and attestation status |
| 2 | LEDGER-EXPORT-35-001 | DOING (2025-11-20) | Findings export endpoint implemented; VEX/advisory/SBOM endpoints stubbed pending schemas | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | Provide paginated streaming endpoints for advisories, VEX, SBOMs, and findings with deterministic ordering and provenance metadata |
| 3 | LEDGER-OAS-61-001 | BLOCKED | PREP-LEDGER-OAS-61-001-ABSENT-OAS-BASELINE-AN | Findings Ledger Guild; API Contracts Guild / src/Findings/StellaOps.Findings.Ledger | Expand Findings Ledger OAS to include projections, evidence lookups, and filter parameters with examples |
@@ -48,13 +48,14 @@
| 11 | LEDGER-OBS-54-001 | BLOCKED | PREP-LEDGER-OBS-54-001-NO-HTTP-SURFACE-MINIMA | Findings Ledger Guild; Provenance Guild / src/Findings/StellaOps.Findings.Ledger | Verify attestation references for ledger-derived exports; expose `/ledger/attestations` endpoint returning DSSE verification state and chain-of-custody summary |
| 12 | LEDGER-OBS-55-001 | BLOCKED | PREP-LEDGER-OBS-55-001-DEPENDS-ON-54-001-ATTE | Findings Ledger Guild; DevOps Guild / src/Findings/StellaOps.Findings.Ledger | Enhance incident mode to record replay diagnostics (lag traces, conflict snapshots), extend retention while active, and emit activation events to timeline/notifier |
| 13 | LEDGER-PACKS-42-001 | BLOCKED | PREP-LEDGER-PACKS-42-001-SNAPSHOT-TIME-TRAVEL | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | Provide snapshot/time-travel APIs and digestible exports for task pack simulation and CLI offline mode |
| 14 | LEDGER-RISK-66-001 | BLOCKED | PREP-LEDGER-RISK-66-001-RISK-ENGINE-SCHEMA-CO | Findings Ledger Guild; Risk Engine Guild / src/Findings/StellaOps.Findings.Ledger | Add schema migrations for `risk_score`, `risk_severity`, `profile_version`, `explanation_id`, and supporting indexes |
| 15 | LEDGER-RISK-66-002 | BLOCKED | PREP-LEDGER-RISK-66-002-DEPENDS-ON-66-001-MIG | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | Implement deterministic upsert of scoring results keyed by finding hash/profile version with history audit |
| 14 | LEDGER-RISK-66-001 | DONE (2025-11-21) | PREP-LEDGER-RISK-66-001-RISK-ENGINE-SCHEMA-CO | Findings Ledger Guild; Risk Engine Guild / src/Findings/StellaOps.Findings.Ledger | Add schema migrations for `risk_score`, `risk_severity`, `profile_version`, `explanation_id`, and supporting indexes |
| 15 | LEDGER-RISK-66-002 | DONE (2025-11-21) | PREP-LEDGER-RISK-66-002-DEPENDS-ON-66-001-MIG | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | Implement deterministic upsert of scoring results keyed by finding hash/profile version with history audit |
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Published ledger OBS/pack/risk prep docs (docs/modules/findings-ledger/prep/2025-11-20-ledger-obs-54-001-prep.md, ...ledger-packs-42-001-prep.md, ...ledger-risk-66-prep.md); set PREP-LEDGER-OBS-54-001, PACKS-42-001, RISK-66-001/002 to DOING. | Project Mgmt |
| 2025-11-21 | Implemented LEDGER-RISK-66-001/002: added risk fields + index migration, policy evaluation payload plumbing, projection hashing, and repository storage; updated docs/schema and marked tasks DONE. | Findings Ledger |
| 2025-11-20 | Added authenticated export endpoints for findings/vex/advisories/sboms (stub responses) and paging contracts; awaiting schema/tables to back VEX/advisory/SBOM queries. Export paging unit tests passing via isolated test project. | Findings Ledger |
| 2025-11-20 | Began implementing LEDGER-EXPORT-35-001 HTTP surface (findings export endpoint + paging/token hash) in WebService; tests pending due to existing harness build failures. | Findings Ledger |
| 2025-11-20 | Completed PREP-LEDGER-EXPORT-35-001: published export HTTP surface and filters spec at `docs/modules/findings-ledger/export-http-surface.md`; unblocked LEDGER-EXPORT-35-001 (status TODO). | Planning |
@@ -79,7 +80,7 @@
- Export/SDK contract changes must remain deterministic to support offline bundles.
- Export HTTP surface spec published at `docs/modules/findings-ledger/export-http-surface.md`; downstream OAS/SDK tasks must derive contracts from this document to avoid drift.
- LEDGER-OBS-54-001 blocked: Findings Ledger module currently lacks HTTP/minimal API surface to expose `/ledger/attestations`; requires contract + service scaffold (engage API Contracts & Provenance guilds).
- Current state: findings export endpoint and paging contracts implemented; VEX/advisory/SBOM endpoints stubbed (auth + shape) but await underlying projection/query schemas. Remaining tasks in this sprint and adjacent sprints (0120, 0122) stay blocked by missing risk schema, OAS/SDK contracts, and DB/RLS design inputs.
- Current state: findings export endpoint and paging contracts implemented; VEX/advisory/SBOM endpoints stubbed (auth + shape) but await underlying projection/query schemas. Risk schema/implementation (LEDGER-RISK-66-001/002) delivered. Remaining blockers: OAS/SDK surface (61/62/63), attestation HTTP host (OBS-54/55), and packs time-travel contract (PACKS-42-001).
## Next Checkpoints
- Schedule cross-guild kickoff for week of 2025-11-24 once dependency clears.

31
docs/implplan/SPRINT_0123_0001_0001_policy_reasoning.md
View File

@@ -20,20 +20,20 @@
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-EXPORT-CONSOLE-23-001-MISSING-EXPORT-BUN | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild · Scheduler Guild · Observability Guild | Policy Guild · Scheduler Guild · Observability Guild | Missing export bundle contract/API surface and scheduler job spec for Console. <br><br> Document artefact/deliverable for EXPORT-CONSOLE-23-001 and publish location so downstream tasks can proceed. |
| P2 | PREP-POLICY-AIRGAP-56-001-MIRROR-BUNDLE-SCHEM | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild | Policy Guild | Mirror bundle schema not published; requires bundle_id/provenance fields + sealed-mode rules. <br><br> Document artefact/deliverable for POLICY-AIRGAP-56-001 and publish location so downstream tasks can proceed. |
| P3 | PREP-POLICY-AIRGAP-56-002-DEPENDS-ON-56-001-B | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild · Policy Studio Guild | Policy Guild · Policy Studio Guild | Depends on 56-001 bundle import schema + DSSE signing profile. <br><br> Document artefact/deliverable for POLICY-AIRGAP-56-002 and publish location so downstream tasks can proceed. |
| P4 | PREP-POLICY-AIRGAP-57-001-REQUIRES-SEALED-MOD | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild · AirGap Policy Guild | Policy Guild · AirGap Policy Guild | Requires sealed-mode contract after 56-002. <br><br> Document artefact/deliverable for POLICY-AIRGAP-57-001 and publish location so downstream tasks can proceed. |
| P5 | PREP-POLICY-AIRGAP-57-002-NEEDS-STALENESS-FAL | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild · AirGap Time Guild | Policy Guild · AirGap Time Guild | Needs staleness/fallback data contract from 57-001. <br><br> Document artefact/deliverable for POLICY-AIRGAP-57-002 and publish location so downstream tasks can proceed. |
| P6 | PREP-POLICY-AIRGAP-58-001-NOTIFICATION-SCHEMA | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild · Notifications Guild | Policy Guild · Notifications Guild | Notification schema and staleness signals pending from 57-002. <br><br> Document artefact/deliverable for POLICY-AIRGAP-58-001 and publish location so downstream tasks can proceed. |
| P7 | PREP-POLICY-AOC-19-001-LINTING-TARGETS-SPEC-A | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild | Policy Guild | Linting targets/spec absent; no analyzer contract. <br><br> Document artefact/deliverable for POLICY-AOC-19-001 and publish location so downstream tasks can proceed. |
| P8 | PREP-POLICY-AOC-19-002-DEPENDS-ON-19-001-LINT | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild · Platform Security | Policy Guild · Platform Security | Depends on 19-001 lint + Authority `effective:write` contract. <br><br> Document artefact/deliverable for POLICY-AOC-19-002 and publish location so downstream tasks can proceed. |
| P9 | PREP-POLICY-AOC-19-003-REQUIRES-POST-19-002-N | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild | Policy Guild | Requires post-19-002 normalized-field removal contract/fixtures. <br><br> Document artefact/deliverable for POLICY-AOC-19-003 and publish location so downstream tasks can proceed. |
| P10 | PREP-POLICY-AOC-19-004-DEPENDS-ON-19-003-SHAP | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild · QA Guild | Policy Guild · QA Guild | Depends on 19-003 shape + determinism fixtures. <br><br> Document artefact/deliverable for POLICY-AOC-19-004 and publish location so downstream tasks can proceed. |
| P11 | PREP-POLICY-ATTEST-73-001-VERIFICATIONPOLICY | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild · Attestor Service Guild | Policy Guild · Attestor Service Guild | VerificationPolicy schema/persistence contract missing; Attestor alignment needed. <br><br> Document artefact/deliverable for POLICY-ATTEST-73-001 and publish location so downstream tasks can proceed. |
| P12 | PREP-POLICY-ATTEST-73-002-DEPENDS-ON-73-001-E | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild | Policy Guild | Depends on 73-001 editor DTOs/validation schema. <br><br> Document artefact/deliverable for POLICY-ATTEST-73-002 and publish location so downstream tasks can proceed. |
| P13 | PREP-POLICY-ATTEST-74-001-REQUIRES-73-002-ATT | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild · Attestor Service Guild | Policy Guild · Attestor Service Guild | Requires 73-002 + Attestor pipeline contract. <br><br> Document artefact/deliverable for POLICY-ATTEST-74-001 and publish location so downstream tasks can proceed. |
| P14 | PREP-POLICY-ATTEST-74-002-NEEDS-74-001-SURFAC | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild · Console Guild | Policy Guild · Console Guild | Needs 74-001 surfaced in Console verification reports contract. <br><br> Document artefact/deliverable for POLICY-ATTEST-74-002 and publish location so downstream tasks can proceed. |
| P1 | PREP-EXPORT-CONSOLE-23-001-MISSING-EXPORT-BUN | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild · Scheduler Guild · Observability Guild | Policy Guild · Scheduler Guild · Observability Guild | Missing export bundle contract/API surface and scheduler job spec for Console. <br><br> Prep artefact: `docs/modules/policy/design/export-console-bundle-contract.md`. |
| P2 | PREP-POLICY-AIRGAP-56-001-MIRROR-BUNDLE-SCHEM | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Policy Guild | Policy Guild | Mirror bundle schema not published; requires bundle_id/provenance fields + sealed-mode rules. <br><br> Prep artefact: `docs/modules/policy/prep/2025-11-20-policy-airgap-prep.md`. |
| P3 | PREP-POLICY-AIRGAP-56-002-DEPENDS-ON-56-001-B | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Policy Guild · Policy Studio Guild | Policy Guild · Policy Studio Guild | Depends on 56-001 bundle import schema + DSSE signing profile. <br><br> Prep artefact: `docs/modules/policy/prep/2025-11-20-policy-airgap-prep.md`. |
| P4 | PREP-POLICY-AIRGAP-57-001-REQUIRES-SEALED-MOD | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Policy Guild · AirGap Policy Guild | Policy Guild · AirGap Policy Guild | Requires sealed-mode contract after 56-002. <br><br> Prep artefact: `docs/modules/policy/prep/2025-11-20-policy-airgap-prep.md`. |
| P5 | PREP-POLICY-AIRGAP-57-002-NEEDS-STALENESS-FAL | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Policy Guild · AirGap Time Guild | Policy Guild · AirGap Time Guild | Needs staleness/fallback data contract from 57-001. <br><br> Prep artefact: `docs/modules/policy/prep/2025-11-20-policy-airgap-prep.md`. |
| P6 | PREP-POLICY-AIRGAP-58-001-NOTIFICATION-SCHEMA | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Policy Guild · Notifications Guild | Policy Guild · Notifications Guild | Notification schema and staleness signals pending from 57-002. <br><br> Prep artefact: `docs/modules/policy/prep/2025-11-20-policy-airgap-prep.md`. |
| P7 | PREP-POLICY-AOC-19-001-LINTING-TARGETS-SPEC-A | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Policy Guild | Policy Guild | Linting targets/spec absent; no analyzer contract. <br><br> Prep artefact: `docs/modules/policy/prep/2025-11-20-policy-aoc-prep.md`. |
| P8 | PREP-POLICY-AOC-19-002-DEPENDS-ON-19-001-LINT | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Policy Guild · Platform Security | Policy Guild · Platform Security | Depends on 19-001 lint + Authority `effective:write` contract. <br><br> Prep artefact: `docs/modules/policy/prep/2025-11-20-policy-aoc-prep.md`. |
| P9 | PREP-POLICY-AOC-19-003-REQUIRES-POST-19-002-N | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Policy Guild | Policy Guild | Requires post-19-002 normalized-field removal contract/fixtures. <br><br> Prep artefact: `docs/modules/policy/prep/2025-11-20-policy-aoc-prep.md`. |
| P10 | PREP-POLICY-AOC-19-004-DEPENDS-ON-19-003-SHAP | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Policy Guild · QA Guild | Policy Guild · QA Guild | Depends on 19-003 shape + determinism fixtures. <br><br> Prep artefact: `docs/modules/policy/prep/2025-11-20-policy-aoc-prep.md`. |
| P11 | PREP-POLICY-ATTEST-73-001-VERIFICATIONPOLICY | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Policy Guild · Attestor Service Guild | Policy Guild · Attestor Service Guild | VerificationPolicy schema/persistence contract missing; Attestor alignment needed. <br><br> Prep artefact: `docs/modules/policy/prep/2025-11-20-policy-attest-prep.md`. |
| P12 | PREP-POLICY-ATTEST-73-002-DEPENDS-ON-73-001-E | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Policy Guild | Policy Guild | Depends on 73-001 editor DTOs/validation schema. <br><br> Prep artefact: `docs/modules/policy/prep/2025-11-20-policy-attest-prep.md`. |
| P13 | PREP-POLICY-ATTEST-74-001-REQUIRES-73-002-ATT | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Policy Guild · Attestor Service Guild | Policy Guild · Attestor Service Guild | Requires 73-002 + Attestor pipeline contract. <br><br> Prep artefact: `docs/modules/policy/prep/2025-11-20-policy-attest-prep.md`. |
| P14 | PREP-POLICY-ATTEST-74-002-NEEDS-74-001-SURFAC | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Policy Guild · Console Guild | Policy Guild · Console Guild | Needs 74-001 surfaced in Console verification reports contract. <br><br> Prep artefact: `docs/modules/policy/prep/2025-11-20-policy-attest-prep.md`. |
| P15 | PREP-POLICY-CONSOLE-23-001-CONSOLE-API-CONTRA | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild · BE-Base Platform Guild | Policy Guild · BE-Base Platform Guild | Console API contract (filters/pagination/aggregation) absent. <br><br> Document artefact/deliverable for POLICY-CONSOLE-23-001 and publish location so downstream tasks can proceed. |
| 1 | EXPORT-CONSOLE-23-001 | BLOCKED | PREP-EXPORT-CONSOLE-23-001-MISSING-EXPORT-BUN | Policy Guild · Scheduler Guild · Observability Guild | Implement Console export endpoints/jobs once schema + job wiring are defined. |
| 2 | POLICY-AIRGAP-56-001 | BLOCKED | PREP-POLICY-AIRGAP-56-001-MIRROR-BUNDLE-SCHEM | Policy Guild | Air-gap bundle import support for policy packs. |
@@ -54,6 +54,7 @@
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Started PREP air-gap chain (56-001..58-001), AOC chain (19-001..19-004), and attestation chain (73-001..74-002); published prep drafts under `docs/modules/policy/prep/2025-11-20-policy-*.md` after confirming no other owners were active. | Project Mgmt |
| 2025-11-19 | Removed trailing hyphen from PREP-POLICY-ATTEST-73-001-VERIFICATIONPOLICY so dependent task resolves correctly. | Project Mgmt |
| 2025-11-19 | Marked PREP tasks P1P15 BLOCKED: export bundle schema, mirror/air-gap schemas, lint targets, attestation verification schemas, and Console API contract remain unpublished, keeping downstream POLICY/ATTEST/AIRGAP/CONSOLE work gated. | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
@@ -67,6 +68,8 @@
- Linting (AOC-19-001..004) blocked pending analyzer targets/spec and Authority gate contract.
- Attestation tasks (73/74) blocked pending Attestor verification policy schema and Console report contract.
- Console export and policy API tasks blocked without Console API contract.
- Prep drafts published for air-gap (56-001..58-001) at `docs/modules/policy/prep/2025-11-20-policy-airgap-prep.md`, AOC (19-001..19-004) at `docs/modules/policy/prep/2025-11-20-policy-aoc-prep.md`, and attestation chain (73/74) at `docs/modules/policy/prep/2025-11-20-policy-attest-prep.md`; final schemas still needed before implementation.
- Prep drafts published for air-gap (56-001..58-001) at `docs/modules/policy/prep/2025-11-20-policy-airgap-prep.md`, AOC (19-001..19-004) at `docs/modules/policy/prep/2025-11-20-policy-aoc-prep.md`, and attestation chain (73/74) at `docs/modules/policy/prep/2025-11-20-policy-attest-prep.md`; final schemas still needed before implementation. |
## Next Checkpoints
- Draft export surface proposal for Console (API + scheduler wiring) once bundle schema is published.

1
docs/implplan/SPRINT_0125_0001_0001_mirror.md
View File

@@ -41,7 +41,6 @@
| 2025-11-19 | Cleared stray hyphen from PREP-MIRROR-CRT-56-001-UPSTREAM-SPRINT-110-D so MIRROR-CRT-56-001 dependency is resolvable. | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-19 | Completed PREP-MIRROR-CRT-56-001-MILESTONE-0-PUBLISH: published sample thin bundle + hashes and milestone note (`docs/modules/mirror/milestone-0-thin-bundle.md`). | Implementer |
| 2025-11-19 | Added PREP-MIRROR-CRT-56-001-MILESTONE-0-PUBLISH (DOING) to capture milestone-0 thin bundle plan and hashes to unblock downstream air-gap/console/attestation tracks. | Project Mgmt |
| 2025-11-17 | All sprint tasks marked BLOCKED: upstream Sprint 110.D assembler foundation absent from repo; no manifest/CAS layout or samples present to proceed. | Implementer |
| 2025-11-17 | Normalised sprint file to standard template; renamed from `SPRINT_125_mirror.md` to `SPRINT_0125_0001_0001_mirror.md`; no semantic task changes. | Project Management |
| 2025-11-17 | Coordinator decision: assign primary + backup for MIRROR-CRT-56-001; scope thin bundle v1; downstream tasks may proceed once schema + sample bundle land. | Coordinator |

31
docs/implplan/SPRINT_0125_0001_0001_policy_reasoning.md
View File

@@ -17,11 +17,11 @@
## Delivery Tracker
| # | Task ID & handle | State | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P0 | PREP-POLICY-ENGINE-29-002-PATH-SCOPE-SCHEMA | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Publish POLICY-ENGINE-29-002 path/scope schema + sample payloads so downstream evaluation tasks can start. |
| P1 | PREP-POLICY-ENGINE-29-004-DEPENDS-ON-29-003 | BLOCKED | Due 2025-11-22 · Accountable: Policy · Observability Guild / `src/Policy/StellaOps.Policy.Engine` | Policy · Observability Guild / `src/Policy/StellaOps.Policy.Engine` | Depends on 29-003. <br><br> Document artefact/deliverable for POLICY-ENGINE-29-004 and publish location so downstream tasks can proceed. |
| P2 | PREP-POLICY-ENGINE-30-001-NEEDS-29-004-OUTPUT | BLOCKED | Due 2025-11-22 · Accountable: Policy · Cartographer Guild / `src/Policy/StellaOps.Policy.Engine` | Policy · Cartographer Guild / `src/Policy/StellaOps.Policy.Engine` | Needs 29-004 outputs. <br><br> Document artefact/deliverable for POLICY-ENGINE-30-001 and publish location so downstream tasks can proceed. |
| P3 | PREP-POLICY-ENGINE-30-002-DEPENDS-ON-30-001 | BLOCKED | Due 2025-11-22 · Accountable: Policy · Cartographer Guild / `src/Policy/StellaOps.Policy.Engine` | Policy · Cartographer Guild / `src/Policy/StellaOps.Policy.Engine` | Depends on 30-001. <br><br> Document artefact/deliverable for POLICY-ENGINE-30-002 and publish location so downstream tasks can proceed. |
| P4 | PREP-POLICY-ENGINE-30-003-DEPENDS-ON-30-002 | BLOCKED | Due 2025-11-22 · Accountable: Policy · Scheduler Guild / `src/Policy/StellaOps.Policy.Engine` | Policy · Scheduler Guild / `src/Policy/StellaOps.Policy.Engine` | Depends on 30-002. <br><br> Document artefact/deliverable for POLICY-ENGINE-30-003 and publish location so downstream tasks can proceed. |
| P0 | PREP-POLICY-ENGINE-29-002-PATH-SCOPE-SCHEMA | DONE (2025-11-20) | Prep doc at `docs/modules/policy/prep/2025-11-20-policy-engine-29-002-prep.md`; path/scope schema frozen. | Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Publish POLICY-ENGINE-29-002 path/scope schema + sample payloads so downstream evaluation tasks can start. |
| P1 | PREP-POLICY-ENGINE-29-004-DEPENDS-ON-29-003 | DONE (2025-11-20) | Prep doc at `docs/modules/policy/prep/2025-11-20-policy-engine-29-004-prep.md`; metrics/logs/spans frozen. | Policy · Observability Guild / `src/Policy/StellaOps.Policy.Engine` | Depends on 29-003. <br><br> Document artefact/deliverable for POLICY-ENGINE-29-004 and publish location so downstream tasks can proceed. |
| P2 | PREP-POLICY-ENGINE-30-001-NEEDS-29-004-OUTPUT | DONE (2025-11-20) | Prep doc at `docs/modules/policy/prep/2025-11-20-policy-engine-30-001-prep.md`; overlay projection contract frozen. | Policy · Cartographer Guild / `src/Policy/StellaOps.Policy.Engine` | Needs 29-004 outputs. <br><br> Document artefact/deliverable for POLICY-ENGINE-30-001 and publish location so downstream tasks can proceed. |
| P3 | PREP-POLICY-ENGINE-30-002-DEPENDS-ON-30-001 | DONE (2025-11-20) | Prep doc at `docs/modules/policy/prep/2025-11-20-policy-engine-30-002-prep.md`; simulation bridge shape frozen. | Policy · Cartographer Guild / `src/Policy/StellaOps.Policy.Engine` | Depends on 30-001. <br><br> Document artefact/deliverable for POLICY-ENGINE-30-002 and publish location so downstream tasks can proceed. |
| P4 | PREP-POLICY-ENGINE-30-003-DEPENDS-ON-30-002 | DONE (2025-11-20) | Prep doc at `docs/modules/policy/prep/2025-11-20-policy-engine-30-003-prep.md`; change-event envelope frozen. | Policy · Scheduler Guild / `src/Policy/StellaOps.Policy.Engine` | Depends on 30-002. <br><br> Document artefact/deliverable for POLICY-ENGINE-30-003 and publish location so downstream tasks can proceed. |
| P5 | PREP-POLICY-ENGINE-30-101-DEPENDS-ON-30-003 | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Depends on 30-003. <br><br> Document artefact/deliverable for POLICY-ENGINE-30-101 and publish location so downstream tasks can proceed. |
| P6 | PREP-POLICY-ENGINE-31-001-DEPENDS-ON-30-101 | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Depends on 30-101. <br><br> Document artefact/deliverable for POLICY-ENGINE-31-001 and publish location so downstream tasks can proceed. |
| P7 | PREP-POLICY-ENGINE-31-002-DEPENDS-ON-31-001 | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Depends on 31-001. <br><br> Document artefact/deliverable for POLICY-ENGINE-31-002 and publish location so downstream tasks can proceed. |
@@ -32,11 +32,11 @@
| P12 | PREP-POLICY-ENGINE-38-201-DEPENDS-ON-35-201 | BLOCKED | Due 2025-11-22 · Accountable: Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Depends on 35-201. <br><br> Document artefact/deliverable for POLICY-ENGINE-38-201 and publish location so downstream tasks can proceed. |
| P13 | PREP-POLICY-ENGINE-40-001-DEPENDS-ON-38-201 | BLOCKED | Due 2025-11-22 · Accountable: Policy · Concelier Guild / `src/Policy/StellaOps.Policy.Engine` | Policy · Concelier Guild / `src/Policy/StellaOps.Policy.Engine` | Depends on 38-201. <br><br> Document artefact/deliverable for POLICY-ENGINE-40-001 and publish location so downstream tasks can proceed. |
| P14 | PREP-POLICY-ENGINE-40-002-DEPENDS-ON-40-001 | BLOCKED | Due 2025-11-22 · Accountable: Policy · Excititor Guild / `src/Policy/StellaOps.Policy.Engine` | Policy · Excititor Guild / `src/Policy/StellaOps.Policy.Engine` | Depends on 40-001. <br><br> Document artefact/deliverable for POLICY-ENGINE-40-002 and publish location so downstream tasks can proceed. |
| 1 | POLICY-ENGINE-29-003 | BLOCKED (2025-11-18) | PREP-POLICY-ENGINE-29-002-PATH-SCOPE-SCHEMA. | Policy · SBOM Service Guild / `src/Policy/StellaOps.Policy.Engine` | Path/scope aware evaluation. |
| 2 | POLICY-ENGINE-29-004 | BLOCKED (2025-11-18) | PREP-POLICY-ENGINE-29-004-DEPENDS-ON-29-003 | Policy · Observability Guild / `src/Policy/StellaOps.Policy.Engine` | Metrics/logging for path-aware eval. |
| 3 | POLICY-ENGINE-30-001 | BLOCKED (2025-11-18) | PREP-POLICY-ENGINE-30-001-NEEDS-29-004-OUTPUT | Policy · Cartographer Guild / `src/Policy/StellaOps.Policy.Engine` | Overlay projection contract. |
| 4 | POLICY-ENGINE-30-002 | BLOCKED (2025-11-18) | PREP-POLICY-ENGINE-30-002-DEPENDS-ON-30-001 | Policy · Cartographer Guild / `src/Policy/StellaOps.Policy.Engine` | Simulation bridge. |
| 5 | POLICY-ENGINE-30-003 | BLOCKED (2025-11-18) | PREP-POLICY-ENGINE-30-003-DEPENDS-ON-30-002 | Policy · Scheduler Guild / `src/Policy/StellaOps.Policy.Engine` | Change events. |
| 1 | POLICY-ENGINE-29-003 | TODO | PREP-POLICY-ENGINE-29-002-PATH-SCOPE-SCHEMA. | Policy · SBOM Service Guild / `src/Policy/StellaOps.Policy.Engine` | Path/scope aware evaluation. |
| 2 | POLICY-ENGINE-29-004 | TODO | PREP-POLICY-ENGINE-29-004-DEPENDS-ON-29-003 | Policy · Observability Guild / `src/Policy/StellaOps.Policy.Engine` | Metrics/logging for path-aware eval. |
| 3 | POLICY-ENGINE-30-001 | TODO | PREP-POLICY-ENGINE-30-001-NEEDS-29-004-OUTPUT | Policy · Cartographer Guild / `src/Policy/StellaOps.Policy.Engine` | Overlay projection contract. |
| 4 | POLICY-ENGINE-30-002 | TODO | PREP-POLICY-ENGINE-30-002-DEPENDS-ON-30-001 | Policy · Cartographer Guild / `src/Policy/StellaOps.Policy.Engine` | Simulation bridge. |
| 5 | POLICY-ENGINE-30-003 | TODO | PREP-POLICY-ENGINE-30-003-DEPENDS-ON-30-002 | Policy · Scheduler Guild / `src/Policy/StellaOps.Policy.Engine` | Change events. |
| 6 | POLICY-ENGINE-30-101 | BLOCKED (2025-11-18) | PREP-POLICY-ENGINE-30-101-DEPENDS-ON-30-003 | Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Trust weighting UI/API. |
| 7 | POLICY-ENGINE-31-001 | BLOCKED (2025-11-18) | PREP-POLICY-ENGINE-31-001-DEPENDS-ON-30-101 | Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Advisory AI knobs. |
| 8 | POLICY-ENGINE-31-002 | BLOCKED (2025-11-18) | PREP-POLICY-ENGINE-31-002-DEPENDS-ON-31-001 | Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Batch context endpoint. |
@@ -49,14 +49,19 @@
| 15 | POLICY-ENGINE-40-002 | BLOCKED (2025-11-18) | PREP-POLICY-ENGINE-40-002-DEPENDS-ON-40-001 | Policy · Excititor Guild / `src/Policy/StellaOps.Policy.Engine` | Conflict handling. |
## Notes & Risks
- POLICY-ENGINE-29-002 contract/schema missing; cascades block entire chain (115). Need published schema + sample payloads to proceed.
- Draft metrics/logging contract for 29-004 lives at `docs/modules/policy/prep/2025-11-21-policy-metrics-29-004-prep.md`; dimensions remain tentative until 29-003 payload shape lands.
- Path/scope schema, observability, overlay projection, simulation bridge, and change-event envelopes are now documented; downstream implementation must stay aligned or update prep docs + risks.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-21 | Started path/scope schema draft for PREP-POLICY-ENGINE-29-002 at `docs/modules/policy/prep/2025-11-21-policy-path-scope-29-002-prep.md`; waiting on SBOM Service coordinate mapping rules. | Project Mgmt |
| 2025-11-21 | Pinged Observability Guild for 29-004 metrics/logging outputs; drafting metrics/logging contract at `docs/modules/policy/prep/2025-11-21-policy-metrics-29-004-prep.md` while awaiting path/scope payloads from 29-003. | Project Mgmt |
| 2025-11-20 | Confirmed no owners for PREP-POLICY-ENGINE-29-002/29-004/30-001/30-002/30-003; published prep notes under `docs/modules/policy/prep/2025-11-20-*`; set P0P4 DONE. | Implementer |
| 2025-11-20 | Unblocked POLICY-ENGINE-29-003..30-003; statuses moved to TODO now that prep contracts are frozen. | Implementer |
| 2025-11-19 | Added PREP-POLICY-ENGINE-29-002-PATH-SCOPE-SCHEMA and pointed POLICY-ENGINE-29-003 dependency at it. | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-19 | Marked PREP tasks P0P14 BLOCKED: base path/scope schema (29-002) and downstream evaluation/observability/overlay/export contracts are still missing, keeping the entire POLICY-ENGINE chain blocked. | Project Mgmt |
| 2025-11-19 | Marked PREP tasks P0P14 BLOCKED: base path/scope schema (29-002) and downstream evaluation/observability/overlay/export contracts were missing, keeping the entire POLICY-ENGINE chain blocked. | Project Mgmt |
| 2025-11-08 | Sprint created; awaiting upstream contract. | Planning |
| 2025-11-18 | Re-confirmed all tasks blocked; upstream schema still absent. | Policy Guild |
| 2025-11-19 | Normalized to standard template and renamed from `SPRINT_125_policy_reasoning.md` to `SPRINT_0125_0001_0001_policy_reasoning.md`; content preserved. | Implementer |
@@ -65,4 +70,4 @@
- Blocked until POLICY-ENGINE-29-002 contract drops.
## Next Checkpoints
- Publish POLICY-ENGINE-29-002 path/scope schema (date TBD).
- Kick off POLICY-ENGINE-29-003 implementation using frozen path/scope schema and metrics contracts (week of 2025-11-21).

1
docs/implplan/SPRINT_0131_0001_0001_scanner_surface.md
View File

@@ -63,6 +63,7 @@
| 2025-11-17 | Re-ran Deno runtime tests after status update; still passing (`dotnet test ...Deno.Tests.csproj --no-restore`). | Implementer |
## Decisions & Risks
- Scanner record payload schema still unpinned; drafting prep at `docs/modules/scanner/prep/2025-11-21-scanner-records-prep.md` while waiting for analyzer output confirmation from Scanner Guild.
- `SCANNER-ANALYZERS-LANG-11-001` blocked (2025-11-17): local `dotnet test` hangs/returns empty output; requires clean runner/CI hang diagnostics to progress and regenerate goldens.
- Additional note: dotnet-filter wrapper avoids `workdir:` injection but full solution builds still stall locally; recommend CI/clean runner and/or scoped project tests to gather logs for LANG-11-001.
- `SCANNER-ANALYZERS-JAVA-21-008` blocked (2025-10-27): resolver capacity needed to produce entrypoint/component/edge outputs; downstream tasks remain stalled until resolved.

25
docs/implplan/SPRINT_0132_0001_0001_scanner_surface.md
View File

@@ -55,6 +55,16 @@
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-21 | Added cleanup helper `scripts/cleanup-runner-space.sh` to reclaim workspace space (TestResults/out/artifacts/tmp); still blocked from rerun until disk is cleared. | Implementer |
| 2025-11-21 | Added runner wrapper `scripts/run-node-isolated.sh` (enables cleanup + offline cache env) so once disk is cleared the isolated Node suite can be launched with a single command. | Implementer |
| 2025-11-21 | Tightened node runsettings filter to `FullyQualifiedName~Lang.Node.Tests`; cannot rerun because the runner reports No space left on device when opening PTYs. Need workspace clean-up before next test attempt. | Implementer |
| 2025-11-21 | Tightened node runsettings filter to `FullyQualifiedName~Lang.Node.Tests`; rerun blocked because runner cannot open PTYs (“No space left on device”). | Implementer |
| 2025-11-21 | Node isolated test rerun halted due to runner disk full (`No space left on device`) before reporting results; need workspace cleanup to proceed. | Implementer |
| 2025-11-20 | Resolved Concelier.Storage.Mongo build blockers (missing JetStream config types, AdvisoryLinksetDocument, IHostedService, and immutable helpers). `dotnet test src/Scanner/StellaOps.Scanner.Node.slnf --no-restore /m:1` now builds the isolated graph; test run stops inside `StellaOps.Scanner.Analyzers.Lang.Tests` due to Ruby and Rust snapshot drifts, so Node analyzer tests still not exercised. | Implementer |
| 2025-11-20 | Patched Concelier.Storage.Mongo (deduped AdvisoryObservationSourceDocument, added JetStream package/usings) and set `UseConcelierTestInfra=false` for Scanner lang/node tests to strip Concelier test harness. Direct `dotnet test` on Node tests still fails because Concelier connectors remain in the build graph even with `BuildProjectReferences=false` (missing Connector/Common & Storage.Mongo ref outputs). Further detangling of Concelier injection in src/Directory.Build.props needed. | Implementer |
| 2025-11-20 | Retried isolated test run with slimmer solution filter (removed Concelier.Testing) and hydrated authsignals in offline cache; restore/build now succeed but `dotnet test` still fails because Concelier.Storage.Mongo compiles as a transitive dependency and has duplicate `AdvisoryObservationSourceDocument` + missing `NatsJSContext`. Node analyzer tests not executed. | Implementer |
| 2025-11-20 | Isolated restore now succeeds using offline cache; `dotnet test src/Scanner/StellaOps.Scanner.Node.slnf --no-restore` fails building Concelier dependencies (duplicate `AdvisoryObservationSourceDocument` in Storage.Mongo and missing `NatsJSContext` type). Node analyzer tests remain blocked on upstream Concelier build break. | Implementer |
| 2025-11-20 | Updated isolated runner script to use correct runsettings path and build (`--no-restore`) after offline restore; offline gap snapshot refreshed (`offline/restore_missing_snapshot.txt`). | Implementer |
| 2025-11-20 | Attempted node isolated restore/test; restore failed fetching Microsoft.TestPlatform.TestHost (nuget.org) because offline package path was wrong. Script corrected to use `offline/packages`. Re-run still needed. | Implementer |
| 2025-11-20 | Second isolated restore attempt ran ~48s then cancelled; still needs seeding `Microsoft.TestPlatform.TestHost 17.14.1` into offline/packages to complete. | Implementer |
| 2025-11-20 | Isolated restore retried after seeding TestHost; still failing due to missing packages from offline cache (e.g., MongoDB.Driver.Core 2.12.0). Further seeding needed before tests can run. | Implementer |
@@ -88,14 +98,27 @@
| 2025-11-18 | SCANNER-ANALYZERS-LANG-11-002..005: Marked BLOCKED because upstream task 11-001 outputs/contracts are not available; dependencies in 11-003..005 cascade. No code changes made. | Implementer |
## Decisions & Risks
- Added cleanup script `scripts/cleanup-runner-space.sh` to clear workspace outputs (TestResults/out/artifacts/tmp) when disk-full blocks PTY; run before the next isolated Node test attempt.
- Scanner AGENTS.md added 2025-11-17; keep in sync with scanner architecture and future advisories.
- Sprint execution gated on completion of Sprint 131; monitor for slippage to avoid cascading delays in 130139 chain.
- Prep note for analyzer PREP tasks captured in `docs/modules/scanner/prep/2025-11-20-analyzers-prep.md`; use it as the interim contract until upstream writer/runtime contracts land.
- Native analyzer format-detector completed; NAT-20-002 still blocked on declared-dependency writer interfaceprep note defines expected payload to reduce rework once contract lands.
- Node analyzer isolation plan published (see `docs/modules/scanner/prep/2025-11-20-node-isolated-runner.md`); offline cache still incomplete after multiple restore attempts (latest NU1101 StellaOps.Policy.AuthSignals). Need full dependency seed before isolated run and tests can pass.
- Node analyzer isolation plan published (see `docs/modules/scanner/prep/2025-11-20-node-isolated-runner.md`); offline cache hydrated and Concelier/Esprima build blockers resolved. Isolated test run still pending because the runner is out of disk space (“No space left on device”) and cannot start PTYs.
- Disk space on the runner is exhausted; free workspace space (e.g., `TestResults/`, `out/`, `/tmp`, duplicate offline packages) before rerunning the isolated Node suite.
- Node analyzer isolation: Concelier and Esprima build blockers resolved. Latest test attempt blocked by disk-full on runner (“No space left on device”) before results were emitted; requires workspace cleanup to retry.
- Node analyzer isolation test execution blocked by runner disk exhaustion (“No space left on device”) before results could be captured; cannot proceed until workspace free space is recovered.
- .NET analyzer chain (11-002..005) remains blocked awaiting upstream static-analyzer contract (11-001) and downstream writer/export contracts; runtime fusion prep recorded but cannot proceed until contracts exist.
- Node isolated tests currently fail due to upstream Concelier build errors (duplicate `AdvisoryObservationSourceDocument` definition and missing `NatsJSContext` in Storage.Mongo); Node analyzer code not executed. Requires Concelier fix or exclusion before tests can validate.
## Next Checkpoints
- 2025-11-19: Sprint kickoff (owner: Scanner PM), contingent on Sprint 131 sign-off.
- 2025-11-26: Mid-sprint review (owner: EPDR Guild lead) to validate observation exports and resolver behavior.
| 2025-11-18 | SCANNER-ANALYZERS-NODE-22-001: Added Yarn PnP cache zip traversal, emitter sets yarnPnp metadata, new fixture/tests (`yarn-pnp`); test run aborted due to long-running solution buildrerun on clean runner. | Node Analyzer Guild |
## Cleanup Helper (added 2025-11-21)
- Script: `scripts/cleanup-runner-space.sh`
- Purpose: reclaim workspace space (removes `TestResults/`, `out/`, `artifacts/`, `tmp/`) when the runner reports No space left on device”.
- Safe to run before rerunning isolated Node tests; leaves sources and offline caches intact.
- Optionally set `CLEAN_BEFORE_NODE_TESTS=1` when invoking `node-tests-isolated.sh` to run the cleanup helper automatically before the test run.
- Wrapper script available: `scripts/run-node-isolated.sh` sets the offline cache env, enables pre-test cleanup, and invokes the isolated Node test script with minimal logging.
- If needed, set executable bits once disk is available: `chmod +x scripts/cleanup-runner-space.sh scripts/run-node-isolated.sh`.

7
docs/implplan/SPRINT_0140_0001_0001_runtime_signals.md
View File

@@ -24,8 +24,8 @@
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-140-D-ZASTAVA-WAVE-WAITING-ON-SURFACE-FS | TODO | Due 2025-11-22 · Accountable: Zastava Observer/Webhook Guilds · Surface Guild | Zastava Observer/Webhook Guilds · Surface Guild | Waiting on Surface.FS cache drop plan + Surface.Env helper ownership. <br><br> Document artefact/deliverable for 140.D Zastava wave and publish location so downstream tasks can proceed. |
| P2 | PREP-SBOM-SERVICE-GUILD-CARTOGRAPHER-GUILD-OB | TODO | Due 2025-11-22 · Accountable: Projection schema frozen but fixtures and AirGap review are overdue; SBOM-SERVICE-21-001..004 cannot start until fixtures drop. | Projection schema frozen but fixtures and AirGap review are overdue; SBOM-SERVICE-21-001..004 cannot start until fixtures drop. | BLOCKED. <br><br> Document artefact/deliverable for SBOM Service Guild · Cartographer Guild · Observability Guild, Zastava Observer/Webhook Guilds · Security Guild and publish location so downstream tasks can proceed. |
| P1 | PREP-140-D-ZASTAVA-WAVE-WAITING-ON-SURFACE-FS | DONE (2025-11-20) | Due 2025-11-22 · Accountable: Zastava Observer/Webhook Guilds · Surface Guild | Zastava Observer/Webhook Guilds · Surface Guild | Prep artefact published at `docs/modules/zastava/prep/2025-11-20-surface-fs-env-prep.md` (cache drop cadence, env helper ownership, DSSE requirements). |
| P2 | PREP-SBOM-SERVICE-GUILD-CARTOGRAPHER-GUILD-OB | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Projection schema frozen but fixtures and AirGap review are overdue; SBOM-SERVICE-21-001..004 cannot start until fixtures drop. | Projection schema frozen but fixtures and AirGap review are overdue; SBOM-SERVICE-21-001..004 cannot start until fixtures drop. | BLOCKED. <br><br> Document artefact/deliverable for SBOM Service Guild · Cartographer Guild · Observability Guild, Zastava Observer/Webhook Guilds · Security Guild and publish location so downstream tasks can proceed. |
| 1 | 140.A Graph wave | BLOCKED (2025-11-19) | Await real scanner cache ETA; working off mock bundle only. | Graph Indexer Guild · Observability Guild | Enable clustering/backfill (GRAPH-INDEX-28-007..010) against mock bundle; revalidate once real cache lands. |
| 2 | 140.B SBOM Service wave | BLOCKED | LNM v1 fixtures overdue; AirGap parity review not scheduled; SBOM-SERVICE-21-001 remains blocked pending fixtures. | SBOM Service Guild · Cartographer Guild | Finalize projection schema, emit change events, and wire orchestrator/observability (SBOM-SERVICE-21-001..004, SBOM-AIAI-31-001/002). |
| 3 | 140.C Signals wave | BLOCKED (2025-11-20) | CAS promotion + signed manifests + provenance appendix pending; SIGNALS-24-002/003 blocked upstream. TRACTORS: see `docs/signals/cas-promotion-24-002.md` and `docs/signals/provenance-24-003.md`. | Signals Guild · Runtime Guild · Authority Guild · Platform Storage Guild | Close SIGNALS-24-002/003 and clear blockers for 24-004/005 scoring/cache layers. |
@@ -34,8 +34,11 @@
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Completed PREP-140-D-ZASTAVA-WAVE-WAITING-ON-SURFACE-FS: published cache/env helper prep at `docs/modules/zastava/prep/2025-11-20-surface-fs-env-prep.md`; status set to DONE. | Implementer |
| 2025-11-20 | Marked SIGNALS-24-002/003 as BLOCKED pending Platform Storage + provenance approvals; linked CAS/provenance checklists in blockers. | Implementer |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-20 | Started PREP-SBOM-SERVICE-GUILD-CARTOGRAPHER-GUILD-OB (status → DOING) after confirming no prior DOING/DONE owners. | Planning |
| 2025-11-20 | Started PREP-140-D-ZASTAVA-WAVE-WAITING-ON-SURFACE-FS (status → DOING) after confirming no prior DOING/DONE owners. | Planning |
| 2025-11-18 | Marked SBOM wave BLOCKED pending overdue LNM fixtures and AirGap review scheduling; status mirrored to tasks-all/blocked-all. | Planning |
| 2025-11-18 | Added cache parity checklist (Graph) and CAS/provenance close-out checklist (Signals); mock bundle execution ongoing; fixed cross-sprint references to padded SPRINT IDs. | Planning |
| 2025-11-18 | Started Graph wave execution on scanner surface mock bundle v1; tracking cache ETA for parity validation. | Planning |

27
docs/implplan/SPRINT_0151_0001_0001_orchestrator_i.md
View File

@@ -26,14 +26,21 @@
| P5 | PREP-ORCH-OAS-61-001-ORCHESTRATOR-TELEMETRY-C | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Orchestrator Service Guild · API Contracts Guild | Orchestrator Service Guild · API Contracts Guild | Orchestrator telemetry/contract inputs not available; wait for 150.A readiness. <br><br> Document artefact/deliverable for ORCH-OAS-61-001 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/orchestrator/prep/2025-11-20-oas-61-001-prep.md`. |
| P6 | PREP-ORCH-OAS-61-002-DEPENDS-ON-61-001 | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Orchestrator Service Guild | Orchestrator Service Guild | Depends on 61-001. <br><br> Document artefact/deliverable for ORCH-OAS-61-002 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/orchestrator/prep/2025-11-20-oas-61-001-prep.md`. |
| P7 | PREP-ORCH-OAS-62-001-DEPENDS-ON-61-002 | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Orchestrator Service Guild · SDK Generator Guild | Orchestrator Service Guild · SDK Generator Guild | Depends on 61-002. <br><br> Document artefact/deliverable for ORCH-OAS-62-001 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/orchestrator/prep/2025-11-20-oas-61-001-prep.md`. |
| P8 | PREP-ORCH-OAS-63-001-DEPENDS-ON-62-001 | TODO | Due 2025-11-23 · Accountable: Orchestrator Service Guild · API Governance Guild | Orchestrator Service Guild · API Governance Guild | Depends on 62-001. <br><br> Document artefact/deliverable for ORCH-OAS-63-001 and publish location so downstream tasks can proceed. |
| P9 | PREP-ORCH-OBS-50-001-TELEMETRY-CORE-SPRINT-01 | TODO | Due 2025-11-23 · Accountable: Orchestrator Service Guild · Observability Guild | Orchestrator Service Guild · Observability Guild | Telemetry Core (Sprint 0174) not yet available for orchestrator host. <br><br> Document artefact/deliverable for ORCH-OBS-50-001 and publish location so downstream tasks can proceed. |
| P10 | PREP-ORCH-OBS-51-001-DEPENDS-ON-50-001-TELEME | TODO | Due 2025-11-23 · Accountable: Orchestrator Service Guild · DevOps Guild | Orchestrator Service Guild · DevOps Guild | Depends on 50-001 + Telemetry schema. <br><br> Document artefact/deliverable for ORCH-OBS-51-001 and publish location so downstream tasks can proceed. |
| P11 | PREP-ORCH-OBS-52-001-DEPENDS-ON-51-001-REQUIR | TODO | Due 2025-11-23 · Accountable: Orchestrator Service Guild | Orchestrator Service Guild | Depends on 51-001; requires event schema from Sprint 0150.A. <br><br> Document artefact/deliverable for ORCH-OBS-52-001 and publish location so downstream tasks can proceed. |
| P12 | PREP-ORCH-OBS-53-001-DEPENDS-ON-52-001-EVIDEN | TODO | Due 2025-11-23 · Accountable: Orchestrator Service Guild · Evidence Locker Guild | Orchestrator Service Guild · Evidence Locker Guild | Depends on 52-001; Evidence Locker capsule inputs not frozen. <br><br> Document artefact/deliverable for ORCH-OBS-53-001 and publish location so downstream tasks can proceed. |
| P13 | PREP-ORCH-OBS-54-001-DEPENDS-ON-53-001 | TODO | Due 2025-11-23 · Accountable: Orchestrator Service Guild · Provenance Guild | Orchestrator Service Guild · Provenance Guild | Depends on 53-001. <br><br> Document artefact/deliverable for ORCH-OBS-54-001 and publish location so downstream tasks can proceed. |
| P14 | PREP-ORCH-OBS-55-001-DEPENDS-ON-54-001-INCIDE | TODO | Due 2025-11-23 · Accountable: Orchestrator Service Guild · DevOps Guild | Orchestrator Service Guild · DevOps Guild | Depends on 54-001; incident contract absent. <br><br> Document artefact/deliverable for ORCH-OBS-55-001 and publish location so downstream tasks can proceed. |
| P15 | PREP-ORCH-SVC-32-001-UPSTREAM-READINESS-AIRGA | TODO | Due 2025-11-23 · Accountable: Orchestrator Service Guild | Orchestrator Service Guild | Upstream readiness (AirGap/Scanner/Graph) not confirmed; postpone bootstrap. <br><br> Document artefact/deliverable for ORCH-SVC-32-001 and publish location so downstream tasks can proceed. |
| P8 | PREP-ORCH-OAS-63-001-DEPENDS-ON-62-001 | DONE (2025-11-20) | Prep doc at `docs/modules/orchestrator/prep/2025-11-20-oas-63-001-prep.md`; waiting for 61/62 freeze before implementation. | Orchestrator Service Guild · API Governance Guild | Depends on 62-001. <br><br> Document artefact/deliverable for ORCH-OAS-63-001 and publish location so downstream tasks can proceed. |
| P9 | PREP-ORCH-OBS-50-001-TELEMETRY-CORE-SPRINT-01 | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Orchestrator Service Guild · Observability Guild | Orchestrator Service Guild · Observability Guild | Telemetry Core (Sprint 0174) not yet available for orchestrator host. <br><br> Document artefact/deliverable for ORCH-OBS-50-001 and publish location so downstream tasks can proceed. |
| 2025-11-20 | Started PREP-ORCH-OBS-50-001 (status → DOING) after confirming no prior DOING/DONE owners. | Planning |
| P10 | PREP-ORCH-OBS-51-001-DEPENDS-ON-50-001-TELEME | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Orchestrator Service Guild · DevOps Guild | Orchestrator Service Guild · DevOps Guild | Depends on 50-001 + Telemetry schema. <br><br> Document artefact/deliverable for ORCH-OBS-51-001 and publish location so downstream tasks can proceed. |
| 2025-11-20 | Started PREP-ORCH-OBS-51-001 (status → DOING) after confirming no existing DOING/DONE owners. | Planning |
| P11 | PREP-ORCH-OBS-52-001-DEPENDS-ON-51-001-REQUIR | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Orchestrator Service Guild | Orchestrator Service Guild | Depends on 51-001; requires event schema from Sprint 0150.A. <br><br> Document artefact/deliverable for ORCH-OBS-52-001 and publish location so downstream tasks can proceed. |
| 2025-11-20 | Started PREP-ORCH-OBS-52-001 (status → DOING) after confirming no existing DOING/DONE owners. | Planning |
| P12 | PREP-ORCH-OBS-53-001-DEPENDS-ON-52-001-EVIDEN | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Orchestrator Service Guild · Evidence Locker Guild | Orchestrator Service Guild · Evidence Locker Guild | Depends on 52-001; Evidence Locker capsule inputs not frozen. <br><br> Document artefact/deliverable for ORCH-OBS-53-001 and publish location so downstream tasks can proceed. |
| 2025-11-20 | Started PREP-ORCH-OBS-53-001 (status → DOING) after confirming no existing DOING/DONE owners. | Planning |
| P13 | PREP-ORCH-OBS-54-001-DEPENDS-ON-53-001 | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Orchestrator Service Guild · Provenance Guild | Orchestrator Service Guild · Provenance Guild | Depends on 53-001. <br><br> Document artefact/deliverable for ORCH-OBS-54-001 and publish location so downstream tasks can proceed. |
| 2025-11-20 | Started PREP-ORCH-OBS-54-001 (status → DOING) after confirming no existing DOING/DONE owners. | Planning |
| P14 | PREP-ORCH-OBS-55-001-DEPENDS-ON-54-001-INCIDE | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Orchestrator Service Guild · DevOps Guild | Orchestrator Service Guild · DevOps Guild | Depends on 54-001; incident contract absent. <br><br> Document artefact/deliverable for ORCH-OBS-55-001 and publish location so downstream tasks can proceed. |
| 2025-11-20 | Started PREP-ORCH-OBS-55-001 (status → DOING) after confirming no existing DOING/DONE owners. | Planning |
| P15 | PREP-ORCH-SVC-32-001-UPSTREAM-READINESS-AIRGA | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Orchestrator Service Guild | Orchestrator Service Guild | Upstream readiness (AirGap/Scanner/Graph) not confirmed; postpone bootstrap. <br><br> Document artefact/deliverable for ORCH-SVC-32-001 and publish location so downstream tasks can proceed. |
| 2025-11-20 | Started PREP-ORCH-SVC-32-001 (status → DOING) after confirming no existing DOING/DONE owners. | Planning |
| 1 | ORCH-AIRGAP-56-001 | BLOCKED (2025-11-19) | PREP-ORCH-AIRGAP-56-001-AWAIT-SPRINT-0120-A-A | Orchestrator Service Guild · AirGap Policy Guild | Enforce job descriptors to declare network intents; flag/reject external endpoints in sealed mode. |
| 2 | ORCH-AIRGAP-56-002 | BLOCKED (2025-11-19) | PREP-ORCH-AIRGAP-56-002-UPSTREAM-56-001-BLOCK | Orchestrator Service Guild · AirGap Controller Guild | Surface sealing status and staleness in scheduling decisions; block runs when budgets exceeded. |
| 3 | ORCH-AIRGAP-57-001 | BLOCKED (2025-11-19) | PREP-ORCH-AIRGAP-57-001-UPSTREAM-56-002-BLOCK | Orchestrator Service Guild · Mirror Creator Guild | Add job type `mirror.bundle` with audit + provenance outputs. |
@@ -41,7 +48,7 @@
| 5 | ORCH-OAS-61-001 | BLOCKED (2025-11-19) | PREP-ORCH-OAS-61-001-ORCHESTRATOR-TELEMETRY-C | Orchestrator Service Guild · API Contracts Guild | Document orchestrator endpoints in per-service OAS with pagination/idempotency/error envelope examples. |
| 6 | ORCH-OAS-61-002 | BLOCKED (2025-11-19) | PREP-ORCH-OAS-61-002-DEPENDS-ON-61-001 | Orchestrator Service Guild | Implement `GET /.well-known/openapi`; align version metadata with runtime build. |
| 7 | ORCH-OAS-62-001 | BLOCKED (2025-11-19) | PREP-ORCH-OAS-62-001-DEPENDS-ON-61-002 | Orchestrator Service Guild · SDK Generator Guild | Ensure SDK paginators/operations support job APIs; add SDK smoke tests for schedule/retry. |
| 8 | ORCH-OAS-63-001 | BLOCKED (2025-11-19) | PREP-ORCH-OAS-63-001-DEPENDS-ON-62-001 | Orchestrator Service Guild · API Governance Guild | Emit deprecation headers/doc for legacy endpoints; update notifications metadata. |
| 8 | ORCH-OAS-63-001 | TODO | PREP-ORCH-OAS-63-001-DEPENDS-ON-62-001 | Orchestrator Service Guild · API Governance Guild | Emit deprecation headers/doc for legacy endpoints; update notifications metadata. |
| 9 | ORCH-OBS-50-001 | BLOCKED (2025-11-19) | PREP-ORCH-OBS-50-001-TELEMETRY-CORE-SPRINT-01 | Orchestrator Service Guild · Observability Guild | Wire `StellaOps.Telemetry.Core` into orchestrator host; instrument schedulers/control APIs with spans/logs/metrics. |
| 10 | ORCH-OBS-51-001 | BLOCKED (2025-11-19) | PREP-ORCH-OBS-51-001-DEPENDS-ON-50-001-TELEME | Orchestrator Service Guild · DevOps Guild | Publish golden-signal metrics and SLOs; emit burn-rate alerts; provide Grafana dashboards + alert rules. |
| 11 | ORCH-OBS-52-001 | BLOCKED (2025-11-19) | PREP-ORCH-OBS-52-001-DEPENDS-ON-51-001-REQUIR | Orchestrator Service Guild | Emit `timeline_event` lifecycle objects with trace IDs/run IDs/tenant/project; add contract tests and Kafka/NATS emitter with retries. |
@@ -54,6 +61,8 @@
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Published prep docs for ORCH AirGap 56/57/58 and OAS 61/62; set P1P7 to DOING after confirming unowned. | Project Mgmt |
| 2025-11-20 | Started PREP-ORCH-OAS-63-001 (status → DOING) after confirming no existing DOING/DONE owners. | Planning |
| 2025-11-20 | Published prep doc for PREP-ORCH-OAS-63-001 (`docs/modules/orchestrator/prep/2025-11-20-oas-63-001-prep.md`) and marked P8 DONE; awaits OAS 61/62 freeze before implementation. | Implementer |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-18 | Normalised sprint doc to standard template; renamed from `SPRINT_151_orchestrator_i.md`. | Planning |
| 2025-11-19 | Set all tasks to BLOCKED pending upstream readiness (AirGap/Scanner/Graph), Telemetry Core availability, and Orchestrator event schema; no executable work until contracts land. | Implementer |

9
docs/implplan/SPRINT_0153_0001_0003_orchestrator_iii.md
View File

@@ -19,9 +19,12 @@
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-ORCH-SVC-41-101-DEPENDS-ON-38-101-ENVELO | TODO | Due 2025-11-23 · Accountable: Orchestrator Service Guild | Orchestrator Service Guild | Depends on 38-101 envelope + DAL; cannot register pack-run without API/storage schema. <br><br> Document artefact/deliverable for ORCH-SVC-41-101 and publish location so downstream tasks can proceed. |
| P2 | PREP-ORCH-SVC-42-101-DEPENDS-ON-41-101-PACK-R | TODO | Due 2025-11-23 · Accountable: Orchestrator Service Guild | Orchestrator Service Guild | Depends on 41-101 pack-run plumbing and streaming contract. <br><br> Document artefact/deliverable for ORCH-SVC-42-101 and publish location so downstream tasks can proceed. |
| P3 | PREP-ORCH-TEN-48-001-WEBSERVICE-LACKS-JOB-DAL | TODO | Due 2025-11-23 · Accountable: Orchestrator Service Guild | Orchestrator Service Guild | WebService lacks job DAL/routes; need tenant context plumbing before enforcement. <br><br> Document artefact/deliverable for ORCH-TEN-48-001 and publish location so downstream tasks can proceed. |
| P1 | PREP-ORCH-SVC-41-101-DEPENDS-ON-38-101-ENVELO | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Orchestrator Service Guild | Orchestrator Service Guild | Depends on 38-101 envelope + DAL; cannot register pack-run without API/storage schema. <br><br> Document artefact/deliverable for ORCH-SVC-41-101 and publish location so downstream tasks can proceed. |
| 2025-11-20 | Started PREP-ORCH-SVC-41-101 (status → DOING) after confirming no existing DOING/DONE owners. | Planning |
| P2 | PREP-ORCH-SVC-42-101-DEPENDS-ON-41-101-PACK-R | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Orchestrator Service Guild | Orchestrator Service Guild | Depends on 41-101 pack-run plumbing and streaming contract. <br><br> Document artefact/deliverable for ORCH-SVC-42-101 and publish location so downstream tasks can proceed. |
| 2025-11-20 | Started PREP-ORCH-SVC-42-101 (status → DOING) after confirming no existing DOING/DONE owners. | Planning |
| P3 | PREP-ORCH-TEN-48-001-WEBSERVICE-LACKS-JOB-DAL | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Orchestrator Service Guild | Orchestrator Service Guild | WebService lacks job DAL/routes; need tenant context plumbing before enforcement. <br><br> Document artefact/deliverable for ORCH-TEN-48-001 and publish location so downstream tasks can proceed. |
| 2025-11-20 | Started PREP-ORCH-TEN-48-001 (status → DOING) after confirming no existing DOING/DONE owners. | Planning |
| 1 | ORCH-SVC-38-101 | BLOCKED | Waiting on ORCH-SVC-37-101 envelope field/semantics approval; webservice DAL still missing. | Orchestrator Service Guild | Standardize event envelope (policy/export/job lifecycle) with idempotency keys, ensure export/job failure events published to notifier bus with provenance metadata. |
| 2 | ORCH-SVC-41-101 | BLOCKED | PREP-ORCH-SVC-41-101-DEPENDS-ON-38-101-ENVELO | Orchestrator Service Guild | Register `pack-run` job type, persist run metadata, integrate logs/artifacts collection, and expose API for Task Runner scheduling. |
| 3 | ORCH-SVC-42-101 | BLOCKED | PREP-ORCH-SVC-42-101-DEPENDS-ON-41-101-PACK-R | Orchestrator Service Guild | Stream pack run logs via SSE/WS, add manifest endpoints, enforce quotas, and emit pack run events to Notifications Studio. |

8
docs/implplan/SPRINT_0160_0001_0001_export_evidence.md
View File

@@ -22,9 +22,9 @@
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-EVIDENCE-LOCKER-GUILD-SECURITY-GUILD-DOC | TODO | Due 2025-11-23 · Accountable: Waiting on AdvisoryAI schema + orchestrator ledger envelopes to freeze. | Waiting on AdvisoryAI schema + orchestrator ledger envelopes to freeze. | BLOCKED (2025-11-17). <br><br> Document artefact/deliverable for Evidence Locker Guild · Security Guild · Docs Guild, Exporter Service Guild · Mirror Creator Guild · DevOps Guild, Timeline Indexer Guild · Evidence Locker Guild · Security Guild and publish location so downstream tasks can proceed. |
| P2 | PREP-ORCHESTRATOR-NOTIFICATIONS-SCHEMA-HANDOF | TODO | Due 2025-11-23 · Accountable: Planning | Planning | MISSED; escalate to Wave 150/140 leads and record new ETA; keep tasks BLOCKED. <br><br> Document artefact/deliverable for Orchestrator + Notifications schema handoff (Orchestrator Service + Notifications Guilds) and publish location so downstream tasks can proceed. |
| P3 | PREP-ESCALATION-FOLLOW-UP-ADVISORYAI-ORCHESTR | TODO | Due 2025-11-23 · Accountable: Planning | Planning | If no dates provided, mark BLOCKED in respective sprints and escalate to Wave leads. <br><br> Document artefact/deliverable for Escalation follow-up (AdvisoryAI, Orchestrator/Notifications) and publish location so downstream tasks can proceed. |
| P1 | PREP-EVIDENCE-LOCKER-GUILD-SECURITY-GUILD-DOC | DONE (2025-11-20) | Prep note published at `docs/modules/evidence-locker/prep/2025-11-20-security-coordination.md`. | Waiting on AdvisoryAI schema + orchestrator ledger envelopes to freeze. | BLOCKED (2025-11-17). <br><br> Document artefact/deliverable for Evidence Locker Guild · Security Guild · Docs Guild, Exporter Service Guild · Mirror Creator Guild · DevOps Guild, Timeline Indexer Guild · Evidence Locker Guild · Security Guild and publish location so downstream tasks can proceed. |
| P2 | PREP-ORCHESTRATOR-NOTIFICATIONS-SCHEMA-HANDOF | DONE (2025-11-20) | Prep note published at `docs/events/prep/2025-11-20-orchestrator-notifications-schema-handoff.md`. | Planning | MISSED; escalate to Wave 150/140 leads and record new ETA; keep tasks BLOCKED. <br><br> Document artefact/deliverable for Orchestrator + Notifications schema handoff (Orchestrator Service + Notifications Guilds) and publish location so downstream tasks can proceed. |
| P3 | PREP-ESCALATION-FOLLOW-UP-ADVISORYAI-ORCHESTR | DONE (2025-11-20) | Prep note published at `docs/events/prep/2025-11-20-advisoryai-orchestrator-followup.md`. | Planning | If no dates provided, mark BLOCKED in respective sprints and escalate to Wave leads. <br><br> Document artefact/deliverable for Escalation follow-up (AdvisoryAI, Orchestrator/Notifications) and publish location so downstream tasks can proceed. |
| P4 | PREP-160-A-160-B-160-C-ESCALATE-TO-WAVE-150-1 | DONE (2025-11-19) | Due 2025-11-23 · Accountable: Planning | Planning | Escalation sent to Wave 150/140 leads; awaiting new ETAs recorded in Sprint 110/150/140. |
| 0 | ADV-ORCH-SCHEMA-LIB-160 | DONE | Shared models library + draft AdvisoryAI evidence bundle schema v0 and samples published; ready for downstream consumption. | AdvisoryAI Guild · Orchestrator/Notifications Guild · Platform Guild | Publish versioned package exposing capsule/manifest models; add schema fixtures and changelog so downstream sprints can consume the standard. |
| 1 | 160.A EvidenceLocker snapshot | BLOCKED | Waiting on AdvisoryAI evidence payload notes + orchestrator/notifications envelopes to finalize ingest/replay summary. | Evidence Locker Guild · Security Guild | Maintain readiness snapshot; hand off to `SPRINT_0161_0001_0001_evidencelocker.md` & `SPRINT_187_evidence_locker_cli_integration.md`. |
@@ -160,6 +160,8 @@
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Confirmed PREP-ORCHESTRATOR-NOTIFICATIONS-SCHEMA-HANDOF and PREP-ESCALATION-FOLLOW-UP-ADVISORYAI-ORCHESTR still unclaimed; moved both to DOING to proceed with Wave 150/140 escalations. | Planning |
| 2025-11-20 | Published prep artefacts for P1P3: security coordination (`docs/modules/evidence-locker/prep/2025-11-20-security-coordination.md`), orchestrator/notifications handoff (`docs/events/prep/2025-11-20-orchestrator-notifications-schema-handoff.md`), and escalation follow-up (`docs/events/prep/2025-11-20-advisoryai-orchestrator-followup.md`). Marked P1P3 DONE. | Implementer |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-19 | Updated 160.C TimelineIndexer snapshot dependency to TIMELINE-OBS-52-001 (matches Sprint 165 tracker). | Project Mgmt |
| 2025-11-12 | Snapshot refreshed; all Export & Evidence waves remain BLOCKED pending orchestrator capsule data, AdvisoryAI bundle schemas, and EvidenceLocker contracts. Re-evaluate after 2025-11-15 handoff. | Planning |

16
docs/implplan/SPRINT_0161_0001_0001_evidencelocker.md
View File

@@ -24,11 +24,11 @@
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P0 | PREP-EVID-ATTEST-73-SCOPE-NOTE | DONE (2025-11-19) | Due 2025-11-20 · Accountable: Evidence Locker Guild · Concelier Guild · Excititor Guild | Evidence Locker Guild · Concelier Guild · Excititor Guild | Published attestation scope/sign-off note at `docs/modules/evidence-locker/attestation-scope-note.md` with required claims and sample builder payload; to be linked in Evidence Bundle v1 change log. |
| P1 | PREP-EVID-REPLAY-187-001-AWAIT-REPLAY-LEDGER | TODO | Due 2025-11-23 · Accountable: Evidence Locker Guild · Replay Delivery Guild | Evidence Locker Guild · Replay Delivery Guild | Await replay ledger retention shape; schemas available. <br><br> Document artefact/deliverable for EVID-REPLAY-187-001 and publish location so downstream tasks can proceed. |
| P2 | PREP-CLI-REPLAY-187-002-WAITING-ON-EVIDENCELO | TODO | Due 2025-11-23 · Accountable: CLI Guild | CLI Guild | Waiting on EvidenceLocker APIs after bundle packaging finalization. <br><br> Document artefact/deliverable for CLI-REPLAY-187-002 and publish location so downstream tasks can proceed. |
| P3 | PREP-RUNBOOK-REPLAY-187-004-DEPENDS-ON-RETENT | TODO | Due 2025-11-23 · Accountable: Docs Guild · Ops Guild | Docs Guild · Ops Guild | Depends on retention APIs + CLI behavior. <br><br> Document artefact/deliverable for RUNBOOK-REPLAY-187-004 and publish location so downstream tasks can proceed. |
| P4 | PREP-EVIDENCE-LOCKER-GUILD-BLOCKED-SCHEMAS-NO | TODO | Due 2025-11-23 · Accountable: Planning | Planning | BLOCKED (schemas not yet delivered). <br><br> Document artefact/deliverable for Evidence Locker Guild and publish location so downstream tasks can proceed. |
| P5 | PREP-EVIDENCE-LOCKER-GUILD-REPLAY-DELIVERY-GU | TODO | Due 2025-11-23 · Accountable: Planning | Planning | BLOCKED (awaiting schema signals). <br><br> Document artefact/deliverable for Evidence Locker Guild · Replay Delivery Guild and publish location so downstream tasks can proceed. |
| P1 | PREP-EVID-REPLAY-187-001-AWAIT-REPLAY-LEDGER | DONE (2025-11-20) | Prep doc at `docs/modules/evidence-locker/replay-payload-contract.md`; awaiting ledger retention freeze for implementation. | Evidence Locker Guild · Replay Delivery Guild | Await replay ledger retention shape; schemas available. <br><br> Document artefact/deliverable for EVID-REPLAY-187-001 and publish location so downstream tasks can proceed. |
| P2 | PREP-CLI-REPLAY-187-002-WAITING-ON-EVIDENCELO | DONE (2025-11-20) | Prep doc at `docs/modules/cli/guides/replay-cli-prep.md`; tracks CLI surface pending schema freeze. | CLI Guild | Waiting on EvidenceLocker APIs after bundle packaging finalization. <br><br> Document artefact/deliverable for CLI-REPLAY-187-002 and publish location so downstream tasks can proceed. |
| P3 | PREP-RUNBOOK-REPLAY-187-004-DEPENDS-ON-RETENT | DONE (2025-11-20) | Prep doc at `docs/runbooks/replay_ops_prep_187_004.md`; merge into runbook once APIs freeze. | Docs Guild · Ops Guild | Depends on retention APIs + CLI behavior. <br><br> Document artefact/deliverable for RUNBOOK-REPLAY-187-004 and publish location so downstream tasks can proceed. |
| P4 | PREP-EVIDENCE-LOCKER-GUILD-BLOCKED-SCHEMAS-NO | DONE (2025-11-20) | Prep note at `docs/modules/evidence-locker/prep/2025-11-20-schema-readiness-blockers.md`; awaiting AdvisoryAI/Orch envelopes. | Planning | BLOCKED (schemas not yet delivered). <br><br> Document artefact/deliverable for Evidence Locker Guild and publish location so downstream tasks can proceed. |
| P5 | PREP-EVIDENCE-LOCKER-GUILD-REPLAY-DELIVERY-GU | DONE (2025-11-20) | Prep note at `docs/modules/evidence-locker/prep/2025-11-20-replay-delivery-sync.md`; waiting on ledger retention defaults. | Planning | BLOCKED (awaiting schema signals). <br><br> Document artefact/deliverable for Evidence Locker Guild · Replay Delivery Guild and publish location so downstream tasks can proceed. |
| 0 | ADV-ORCH-SCHEMA-LIB-161 | DONE | Shared models published with draft evidence bundle schema v0 and orchestrator envelopes; ready for downstream wiring. | AdvisoryAI Guild · Orchestrator/Notifications Guild · Platform Guild | Publish versioned package + fixtures to `/src/__Libraries` (or shared NuGet) so downstream components can consume frozen schema. |
| 1 | EVID-OBS-54-002 | BLOCKED | AdvisoryAI evidence bundle schema + orchestrator/notifications capsule schema still pending; cannot finalize DSSE fields. | Evidence Locker Guild | Finalize deterministic bundle packaging + DSSE layout per `docs/modules/evidence-locker/bundle-packaging.md`, including portable/incident modes. |
| 2 | EVID-REPLAY-187-001 | BLOCKED | PREP-EVID-REPLAY-187-001-AWAIT-REPLAY-LEDGER | Evidence Locker Guild · Replay Delivery Guild | Implement replay bundle ingestion + retention APIs; update storage policy per `docs/replay/DETERMINISTIC_REPLAY.md`. |
@@ -40,8 +40,8 @@
## Action Tracker
| Action | Owner(s) | Due | Status |
| --- | --- | --- | --- |
| Capture AdvisoryAI + orchestrator schema deltas into this sprint and attach sample payloads. | Evidence Locker Guild | 2025-11-15 | PREP-EVIDENCE-LOCKER-GUILD-BLOCKED-SCHEMAS-NO |
| Draft Replay Ledger API + CLI notes to unblock EVID-REPLAY-187-001/002. | Evidence Locker Guild · Replay Delivery Guild | 2025-11-16 | PREP-EVIDENCE-LOCKER-GUILD-REPLAY-DELIVERY-GU |
| Capture AdvisoryAI + orchestrator schema deltas into this sprint and attach sample payloads. | Evidence Locker Guild | 2025-11-15 | DONE (2025-11-20) — see `docs/modules/evidence-locker/prep/2025-11-20-schema-readiness-blockers.md` |
| Draft Replay Ledger API + CLI notes to unblock EVID-REPLAY-187-001/002. | Evidence Locker Guild · Replay Delivery Guild | 2025-11-16 | DONE (2025-11-20) — see `docs/modules/evidence-locker/prep/2025-11-20-replay-delivery-sync.md` |
| Validate `ICryptoProviderRegistry` plan at readiness review. | Evidence Locker Guild · Security Guild | 2025-11-18 | Pending |
## Interlocks & Readiness Signals
@@ -82,3 +82,5 @@
| 2025-11-18 | Recorded crypto registry decision in `docs/security/crypto-registry-decision-2025-11-18.md`; moved CRYPTO-REGISTRY-DECISION-161 to DONE and unblocked EVID-CRYPTO-90-001. | Implementer |
| 2025-11-18 | Started EVID-OBS-54-002 DOING using shared schema draft. | Implementer |
| 2025-11-18 | Started EVID-OBS-54-002 with shared schema; replay/CLI remain pending ledger shape. | Implementer |
| 2025-11-20 | Completed PREP-EVID-REPLAY-187-001, PREP-CLI-REPLAY-187-002, and PREP-RUNBOOK-REPLAY-187-004; published prep docs at `docs/modules/evidence-locker/replay-payload-contract.md`, `docs/modules/cli/guides/replay-cli-prep.md`, and `docs/runbooks/replay_ops_prep_187_004.md`. | Implementer |
| 2025-11-20 | Added schema readiness and replay delivery prep notes for Evidence Locker Guild; see `docs/modules/evidence-locker/prep/2025-11-20-schema-readiness-blockers.md` and `.../2025-11-20-replay-delivery-sync.md`. Marked PREP-EVIDENCE-LOCKER-GUILD-BLOCKED-SCHEMAS-NO and PREP-EVIDENCE-LOCKER-GUILD-REPLAY-DELIVERY-GU DONE. | Implementer |

45
docs/implplan/SPRINT_0162_0001_0001_exportcenter_i.md
View File

@@ -21,20 +21,24 @@
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-DVOFF-64-002-NEEDS-SEALED-BUNDLE-SPEC-SA | TODO | Due 2025-11-23 · Accountable: DevPortal Offline Guild · AirGap Controller Guild | DevPortal Offline Guild · AirGap Controller Guild | Needs sealed bundle spec + sample manifest for CLI verify flow; due for Nov-19 dry run. <br><br> Document artefact/deliverable for DVOFF-64-002 and publish location so downstream tasks can proceed. |
| P2 | PREP-EXPORT-AIRGAP-56-001-EVIDENCELOCKER-CONT | TODO | Due 2025-11-23 · Accountable: Exporter Service Guild · Mirror Creator Guild | Exporter Service Guild · Mirror Creator Guild | EvidenceLocker contract + advisory schema to finalize DSSE contents. <br><br> Document artefact/deliverable for EXPORT-AIRGAP-56-001 and publish location so downstream tasks can proceed. |
| P3 | PREP-EXPORT-AIRGAP-56-002-DEPENDS-ON-56-001-S | TODO | Due 2025-11-23 · Accountable: Exporter Service Guild · DevOps Guild | Exporter Service Guild · DevOps Guild | Depends on 56-001; same schema prerequisites. <br><br> Document artefact/deliverable for EXPORT-AIRGAP-56-002 and publish location so downstream tasks can proceed. |
| P4 | PREP-EXPORT-AIRGAP-57-001-DEPENDS-ON-56-002-N | TODO | Due 2025-11-23 · Accountable: Exporter Service Guild · Evidence Locker Guild | Exporter Service Guild · Evidence Locker Guild | Depends on 56-002; needs sealed evidence bundle format. <br><br> Document artefact/deliverable for EXPORT-AIRGAP-57-001 and publish location so downstream tasks can proceed. |
| P5 | PREP-EXPORT-AIRGAP-58-001-DEPENDS-ON-57-001-N | TODO | Due 2025-11-23 · Accountable: Exporter Service Guild · Notifications Guild | Exporter Service Guild · Notifications Guild | Depends on 57-001; needs notifications envelope schema. <br><br> Document artefact/deliverable for EXPORT-AIRGAP-58-001 and publish location so downstream tasks can proceed. |
| P6 | PREP-EXPORT-ATTEST-74-001-NEEDS-EVIDENCELOCKE | TODO | Due 2025-11-23 · Accountable: Attestation Bundle Guild · Exporter Service Guild | Attestation Bundle Guild · Exporter Service Guild | Needs EvidenceLocker bundle layout + orchestration events. <br><br> Document artefact/deliverable for EXPORT-ATTEST-74-001 and publish location so downstream tasks can proceed. |
| P7 | PREP-EXPORT-ATTEST-74-002-DEPENDS-ON-74-001 | TODO | Due 2025-11-23 · Accountable: Attestation Bundle Guild · DevOps Guild | Attestation Bundle Guild · DevOps Guild | Depends on 74-001. <br><br> Document artefact/deliverable for EXPORT-ATTEST-74-002 and publish location so downstream tasks can proceed. |
| P8 | PREP-EXPORT-ATTEST-75-001-DEPENDS-ON-74-002-N | TODO | Due 2025-11-23 · Accountable: Attestation Bundle Guild · CLI Attestor Guild | Attestation Bundle Guild · CLI Attestor Guild | Depends on 74-002; needs CLI contract. <br><br> Document artefact/deliverable for EXPORT-ATTEST-75-001 and publish location so downstream tasks can proceed. |
| P9 | PREP-EXPORT-ATTEST-75-002-DEPENDS-ON-75-001 | TODO | Due 2025-11-23 · Accountable: Exporter Service Guild | Exporter Service Guild | Depends on 75-001. <br><br> Document artefact/deliverable for EXPORT-ATTEST-75-002 and publish location so downstream tasks can proceed. |
| P10 | PREP-EXPORT-OAS-61-001-NEEDS-STABLE-EXPORT-SU | TODO | Due 2025-11-23 · Accountable: Exporter Service Guild · API Contracts Guild | Exporter Service Guild · API Contracts Guild | Needs stable export surfaces; await EvidenceLocker contract. <br><br> Document artefact/deliverable for EXPORT-OAS-61-001 and publish location so downstream tasks can proceed. |
| P11 | PREP-EXPORT-OAS-61-002-DEPENDS-ON-61-001 | TODO | Due 2025-11-23 · Accountable: Exporter Service Guild | Exporter Service Guild | Depends on 61-001. <br><br> Document artefact/deliverable for EXPORT-OAS-61-002 and publish location so downstream tasks can proceed. |
| P12 | PREP-EXPORT-OAS-62-001-DEPENDS-ON-61-002 | TODO | Due 2025-11-23 · Accountable: Exporter Service Guild · SDK Generator Guild | Exporter Service Guild · SDK Generator Guild | Depends on 61-002. <br><br> Document artefact/deliverable for EXPORT-OAS-62-001 and publish location so downstream tasks can proceed. |
| P13 | PREP-EXPORTER-SERVICE-EVIDENCELOCKER-GUILD-BL | TODO | Due 2025-11-23 · Accountable: Planning | Planning | BLOCKED (awaits EvidenceLocker contract). <br><br> Document artefact/deliverable for Exporter Service · EvidenceLocker Guild and publish location so downstream tasks can proceed. |
| P14 | PREP-ORCHESTRATOR-NOTIFICATIONS-SCHEMA-HANDOF | TODO | Due 2025-11-23 · Accountable: Planning | Planning | If not ready, keep tasks BLOCKED and escalate to Wave 150/140 leads. <br><br> Document artefact/deliverable for Orchestrator + Notifications schema handoff and publish location so downstream tasks can proceed. |
| P1 | PREP-DVOFF-64-002-NEEDS-SEALED-BUNDLE-SPEC-SA | DONE (2025-11-20) | Due 2025-11-23 · Accountable: DevPortal Offline Guild · AirGap Controller Guild | DevPortal Offline Guild · AirGap Controller Guild | Prep artefact published at `docs/modules/export-center/prep/2025-11-20-dvoff-64-002-prep.md` (sample sealed bundle + CLI verify contract/output/exit-codes). |
| P2 | PREP-EXPORT-AIRGAP-56-001-EVIDENCELOCKER-CONT | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Exporter Service Guild · Mirror Creator Guild | Exporter Service Guild · Mirror Creator Guild | EvidenceLocker contract + advisory schema to finalize DSSE contents. <br><br> Document artefact/deliverable for EXPORT-AIRGAP-56-001 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/export-center/prep/2025-11-20-export-airgap-56-001-prep.md`. |
| P3 | PREP-EXPORT-AIRGAP-56-002-DEPENDS-ON-56-001-S | DONE (2025-11-20) | Prep artefact at `docs/modules/export-center/prep/2025-11-20-export-airgap-56-002-prep.md`; waiting on 56-001 schema to unblock impl. | Exporter Service Guild · DevOps Guild | Depends on 56-001; same schema prerequisites. <br><br> Document artefact/deliverable for EXPORT-AIRGAP-56-002 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/export-center/prep/2025-11-20-export-airgap-56-002-prep.md`. |
| P4 | PREP-EXPORT-AIRGAP-57-001-DEPENDS-ON-56-002-N | DONE (2025-11-20) | Due 2025-11-23 · Accountable: Exporter Service Guild · Evidence Locker Guild | Exporter Service Guild · Evidence Locker Guild | Depends on 56-002; needs sealed evidence bundle format. <br><br> Prep artefact published at `docs/modules/export-center/prep/2025-11-20-export-airgap-57-001-prep.md` (export portable bundle contract, deterministic packaging, API surface, acceptance criteria). |
| P5 | PREP-EXPORT-AIRGAP-58-001-DEPENDS-ON-57-001-N | DONE (2025-11-20) | Due 2025-11-23 · Accountable: Exporter Service Guild · Notifications Guild | Exporter Service Guild · Notifications Guild | Depends on 57-001; prep artefact published at `docs/modules/export-center/prep/2025-11-20-export-airgap-58-001-prep.md` detailing notification payload, retries, deterministic headers, and linkage to export download. |
| P6 | PREP-EXPORT-ATTEST-74-001-NEEDS-EVIDENCELOCKE | DONE (2025-11-20) | Due 2025-11-23 · Accountable: Attestation Bundle Guild · Exporter Service Guild | Attestation Bundle Guild · Exporter Service Guild | Prep artefact published at `docs/modules/export-center/prep/2025-11-20-export-attest-74-001-prep.md` (deterministic attestation export bundle contract, API surface, acceptance criteria). |
| P3 | PREP-EXPORT-AIRGAP-56-002-DEPENDS-ON-56-001-S | DONE (2025-11-20) | Due 2025-11-23 · Accountable: Exporter Service Guild · DevOps Guild | Exporter Service Guild · DevOps Guild | Depends on 56-001; prep artefact published at `docs/modules/export-center/prep/2025-11-20-export-airgap-56-002-prep.md` (bootstrap pack deterministic OCI tar + endpoints). |
| P4 | PREP-EXPORT-AIRGAP-57-001-DEPENDS-ON-56-002-N | DONE (2025-11-20) | Due 2025-11-23 · Accountable: Exporter Service Guild · Evidence Locker Guild | Exporter Service Guild · Evidence Locker Guild | Depends on 56-002; needs sealed evidence bundle format. <br><br> Prep artefact published at `docs/modules/export-center/prep/2025-11-20-export-airgap-57-001-prep.md` (export portable bundle contract, deterministic packaging, API surface, acceptance criteria). |
| P5 | PREP-EXPORT-AIRGAP-58-001-DEPENDS-ON-57-001-N | DONE (2025-11-20) | Due 2025-11-23 · Accountable: Exporter Service Guild · Notifications Guild | Exporter Service Guild · Notifications Guild | Depends on 57-001; prep artefact published at `docs/modules/export-center/prep/2025-11-20-export-airgap-58-001-prep.md` detailing notification payload, retries, deterministic headers, and linkage to export download. |
| P6 | PREP-EXPORT-ATTEST-74-001-NEEDS-EVIDENCELOCKE | DONE (2025-11-20) | Due 2025-11-23 · Accountable: Attestation Bundle Guild · Exporter Service Guild | Attestation Bundle Guild · Exporter Service Guild | Prep artefact published at `docs/modules/export-center/prep/2025-11-20-export-attest-74-001-prep.md` (deterministic attestation export bundle contract, API surface, acceptance criteria). |
| P7 | PREP-EXPORT-ATTEST-74-002-DEPENDS-ON-74-001 | DONE (2025-11-20) | Due 2025-11-23 · Accountable: Attestation Bundle Guild · DevOps Guild | Attestation Bundle Guild · DevOps Guild | Depends on 74-001. <br><br> Prep artefact published at `docs/modules/export-center/prep/2025-11-20-export-attest-74-002-prep.md` covering CI/offline-kit integration, checksums, and manifest entries. |
| P8 | PREP-EXPORT-ATTEST-75-001-DEPENDS-ON-74-002-N | DONE (2025-11-20) | Due 2025-11-23 · Accountable: Attestation Bundle Guild · CLI Attestor Guild | Attestation Bundle Guild · CLI Attestor Guild | Prep artefact published at `docs/modules/export-center/prep/2025-11-20-export-attest-75-001-prep.md` defining CLI verify/import contract, exit codes, and offline behavior. |
| P9 | PREP-EXPORT-ATTEST-75-002-DEPENDS-ON-75-001 | DONE (2025-11-20) | Due 2025-11-23 · Accountable: Exporter Service Guild | Exporter Service Guild | Depends on 75-001. <br><br> Prep artefact published at `docs/modules/export-center/prep/2025-11-20-export-attest-75-002-prep.md` covering offline kit distribution and mirror publication. |
| P10 | PREP-EXPORT-OAS-61-001-NEEDS-STABLE-EXPORT-SU | DONE (2025-11-20) | Due 2025-11-23 · Accountable: Exporter Service Guild · API Contracts Guild | Exporter Service Guild · API Contracts Guild | Prep artefact published at `docs/modules/export-center/prep/2025-11-20-export-oas-61-001-prep.md` (export OAS v1 paths, schemas, headers, determinism); ready for OAS YAML generation. |
| P11 | PREP-EXPORT-OAS-61-002-DEPENDS-ON-61-001 | DONE (2025-11-20) | Prep artefact at `docs/modules/export-center/prep/2025-11-20-export-oas-61-002-prep.md`; waits on 61-001 freeze. | Exporter Service Guild | Depends on 61-001. <br><br> Document artefact/deliverable for EXPORT-OAS-61-002 and publish location so downstream tasks can proceed. |
| P12 | PREP-EXPORT-OAS-62-001-DEPENDS-ON-61-002 | DONE (2025-11-20) | Prep artefact at `docs/modules/export-center/prep/2025-11-20-export-oas-62-001-prep.md`; depends on discovery endpoint. | Exporter Service Guild · SDK Generator Guild | Depends on 61-002. <br><br> Document artefact/deliverable for EXPORT-OAS-62-001 and publish location so downstream tasks can proceed. |
| P13 | PREP-EXPORTER-SERVICE-EVIDENCELOCKER-GUILD-BL | DONE (2025-11-20) | Prep note at `docs/modules/export-center/prep/2025-11-20-exporter-evidencelocker-blocker.md`; awaiting sealed bundle schema/hash. | Planning | BLOCKED (awaits EvidenceLocker contract). <br><br> Document artefact/deliverable for Exporter Service · EvidenceLocker Guild and publish location so downstream tasks can proceed. |
| P14 | PREP-ORCHESTRATOR-NOTIFICATIONS-SCHEMA-HANDOF | DONE (2025-11-20) | Prep note at `docs/events/prep/2025-11-20-orchestrator-notifications-schema-handoff.md`. | Planning | If not ready, keep tasks BLOCKED and escalate to Wave 150/140 leads. <br><br> Document artefact/deliverable for Orchestrator + Notifications schema handoff and publish location so downstream tasks can proceed. |
| 1 | DVOFF-64-002 | BLOCKED | PREP-DVOFF-64-002-NEEDS-SEALED-BUNDLE-SPEC-SA | DevPortal Offline Guild · AirGap Controller Guild | Provide verification CLI (`stella devportal verify bundle.tgz`) ensuring integrity before import. |
| 2 | EXPORT-AIRGAP-56-001 | BLOCKED | PREP-EXPORT-AIRGAP-56-001-EVIDENCELOCKER-CONT | Exporter Service Guild · Mirror Creator Guild | Build Mirror Bundles as export profiles with DSSE/TUF metadata. |
| 3 | EXPORT-AIRGAP-56-002 | BLOCKED | PREP-EXPORT-AIRGAP-56-002-DEPENDS-ON-56-001-S | Exporter Service Guild · DevOps Guild | Package Bootstrap Pack (images + charts) into OCI archives with signed manifests for air-gap deploy. |
@@ -89,6 +93,19 @@
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Completed PREP-EXPORT-AIRGAP-58-001: published notification/timeline contract for air-gap export readiness (`docs/modules/export-center/prep/2025-11-20-export-airgap-58-001-prep.md`); status set to DONE. | Implementer |
| 2025-11-20 | Completed PREP-EXPORT-AIRGAP-56-002: published bootstrap pack OCI tar + API contract (`docs/modules/export-center/prep/2025-11-20-export-airgap-56-002-prep.md`); status set to DONE. | Implementer |
| 2025-11-20 | Completed PREP-DVOFF-64-002: published DevPortal sealed bundle + CLI verify contract (`docs/modules/export-center/prep/2025-11-20-dvoff-64-002-prep.md`); status set to DONE. | Implementer |
| 2025-11-20 | Completed PREP-EXPORT-ATTEST-75-001: published CLI verify/import contract (`docs/modules/export-center/prep/2025-11-20-export-attest-75-001-prep.md`); status set to DONE. | Implementer |
| 2025-11-20 | Completed PREP-EXPORT-ATTEST-75-002: published offline kit/mirror distribution contract (`docs/modules/export-center/prep/2025-11-20-export-attest-75-002-prep.md`); status set to DONE. | Implementer |
| 2025-11-20 | Completed PREP-EXPORT-ATTEST-74-001: published attestation export bundle contract (`docs/modules/export-center/prep/2025-11-20-export-attest-74-001-prep.md`); status set to DONE. | Implementer |
| 2025-11-20 | Completed PREP-EXPORT-ATTEST-74-002: published CI/offline-kit integration contract for attestation exports (`docs/modules/export-center/prep/2025-11-20-export-attest-74-002-prep.md`); status set to DONE. | Implementer |
| 2025-11-20 | Drafted OAS baseline prep for export surfaces (`docs/modules/export-center/prep/2025-11-20-export-oas-61-001-prep.md`); set PREP-EXPORT-OAS-61-001 to DOING. | Implementer |
| 2025-11-20 | Published prep artefacts for PREP-EXPORT-AIRGAP-56-002, PREP-EXPORT-OAS-61-002, PREP-EXPORT-OAS-62-001, PREP-EXPORTER-SERVICE-EVIDENCELOCKER-GUILD-BL, and PREP-ORCHESTRATOR-NOTIFICATIONS-SCHEMA-HANDOF; marked P3 and P11P14 DONE. | Implementer |
| 2025-11-20 | Completed PREP-EXPORT-AIRGAP-57-001: published export portable bundle contract at `docs/modules/export-center/prep/2025-11-20-export-airgap-57-001-prep.md`; status set to DONE. | Implementer |
| 2025-11-20 | Confirmed PREP-EXPORT-AIRGAP-57-001 unowned; set to DOING to begin airgap evidence export prep. | Planning |
| 2025-11-20 | Published prep docs for EXPORT airgap chain and attest (56-001/002/57-001/58-001/74-001) plus DVOFF-64-002; set P1P6 to DOING after confirming unowned. | Project Mgmt |
| 2025-11-20 | Published prep docs for DVOFF-64-002 and EXPORT-AIRGAP-56-001; set P1/P2 to DOING after confirming unowned. | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-12 | Snapshot captured (pre-template) with tasks TODO. | Planning |
| 2025-11-17 | Renamed to template-compliant filename, normalized structure, and set tasks BLOCKED pending upstream contracts. | Implementer |

3
docs/implplan/SPRINT_0173_0001_0003_notifier_iii.md
View File

@@ -18,12 +18,13 @@
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-NOTIFY-TEN-48-001-NOTIFIER-II-SPRINT-017 | TODO | Due 2025-11-23 · Accountable: Notifications Service Guild (`src/Notifier/StellaOps.Notifier`) | Notifications Service Guild (`src/Notifier/StellaOps.Notifier`) | Notifier II (Sprint 0172) not started; tenancy model not finalized. <br><br> Document artefact/deliverable for NOTIFY-TEN-48-001 and publish location so downstream tasks can proceed. |
| P1 | PREP-NOTIFY-TEN-48-001-NOTIFIER-II-SPRINT-017 | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Notifications Service Guild (`src/Notifier/StellaOps.Notifier`) | Notifications Service Guild (`src/Notifier/StellaOps.Notifier`) | Notifier II (Sprint 0172) not started; tenancy model not finalized. <br><br> Document artefact/deliverable for NOTIFY-TEN-48-001 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/notifier/prep/2025-11-20-ten-48-001-prep.md`. |
| 1 | NOTIFY-TEN-48-001 | BLOCKED (2025-11-20) | PREP-NOTIFY-TEN-48-001-NOTIFIER-II-SPRINT-017 | Notifications Service Guild (`src/Notifier/StellaOps.Notifier`) | Tenant-scope rules/templates/incidents, RLS on storage, tenant-prefixed channels, include tenant context in notifications. |
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Published notifier tenancy prep (docs/modules/notifier/prep/2025-11-20-ten-48-001-prep.md); set PREP-NOTIFY-TEN-48-001 to DOING. | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-19 | Normalized sprint to standard template and renamed from `SPRINT_173_notifier_iii.md` to `SPRINT_0173_0001_0003_notifier_iii.md`; content preserved. | Implementer |
| 2025-11-19 | Added legacy-file redirect stub to avoid divergent updates. | Implementer |

5
docs/implplan/SPRINT_0174_0001_0001_telemetry.md
View File

@@ -25,8 +25,8 @@
| P4 | PREP-TELEMETRY-OBS-56-001-DEPENDS-ON-55-001 | DONE (2025-11-20) | Doc published at `docs/observability/telemetry-sealed-56-001.md`. | Telemetry Core Guild | Depends on 55-001. <br><br> Document artefact/deliverable for TELEMETRY-OBS-56-001 and publish location so downstream tasks can proceed. |
| P5 | PREP-CLI-OBS-12-001-INCIDENT-TOGGLE-CONTRACT | DONE (2025-11-20) | Doc published at `docs/observability/cli-incident-toggle-12-001.md`. | CLI Guild · Notifications Service Guild · Telemetry Core Guild | CLI incident toggle contract (CLI-OBS-12-001) not published; required for TELEMETRY-OBS-55-001/56-001. Provide schema + CLI flag behavior. |
| 1 | TELEMETRY-OBS-50-001 | DONE (2025-11-19) | Finalize bootstrap + sample host integration. | Telemetry Core Guild (`src/Telemetry/StellaOps.Telemetry.Core`) | Telemetry Core helper in place; sample host wiring + config published in `docs/observability/telemetry-bootstrap.md`. |
| 2 | TELEMETRY-OBS-50-002 | TODO | PREP-TELEMETRY-OBS-50-002-AWAIT-PUBLISHED-50 (DONE) | Telemetry Core Guild | Context propagation middleware/adapters for HTTP, gRPC, background jobs, CLI; carry `trace_id`, `tenant_id`, `actor`, imposed-rule metadata; async resume harness. |
| 3 | TELEMETRY-OBS-51-001 | TODO | PREP-TELEMETRY-OBS-51-001-TELEMETRY-PROPAGATI | Telemetry Core Guild · Observability Guild | Metrics helpers for golden signals with exemplar support and cardinality guards; Roslyn analyzer preventing unsanitised labels. |
| 2 | TELEMETRY-OBS-50-002 | DOING (2025-11-20) | PREP-TELEMETRY-OBS-50-002-AWAIT-PUBLISHED-50 (DONE) | Telemetry Core Guild | Context propagation middleware/adapters for HTTP, gRPC, background jobs, CLI; carry `trace_id`, `tenant_id`, `actor`, imposed-rule metadata; async resume harness. Prep artefact: `docs/modules/telemetry/prep/2025-11-20-obs-50-002-prep.md`. |
| 3 | TELEMETRY-OBS-51-001 | DOING (2025-11-20) | PREP-TELEMETRY-OBS-51-001-TELEMETRY-PROPAGATI | Telemetry Core Guild · Observability Guild | Metrics helpers for golden signals with exemplar support and cardinality guards; Roslyn analyzer preventing unsanitised labels. Prep artefact: `docs/modules/telemetry/prep/2025-11-20-obs-51-001-prep.md`. |
| 4 | TELEMETRY-OBS-51-002 | BLOCKED (2025-11-20) | PREP-TELEMETRY-OBS-51-002-DEPENDS-ON-51-001 | Telemetry Core Guild · Security Guild | Redaction/scrubbing filters for secrets/PII at logger sink; per-tenant config with TTL; audit overrides; determinism tests. |
| 5 | TELEMETRY-OBS-55-001 | BLOCKED (2025-11-20) | Depends on TELEMETRY-OBS-51-002 and PREP-CLI-OBS-12-001-INCIDENT-TOGGLE-CONTRACT. | Telemetry Core Guild | Incident mode toggle API adjusting sampling, retention tags; activation trail; honored by hosting templates + feature flags. |
| 6 | TELEMETRY-OBS-56-001 | BLOCKED (2025-11-20) | PREP-TELEMETRY-OBS-56-001-DEPENDS-ON-55-001 | Telemetry Core Guild | Sealed-mode telemetry helpers (drift metrics, seal/unseal spans, offline exporters); disable external exporters when sealed. |
@@ -34,6 +34,7 @@
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Published telemetry prep docs (context propagation + metrics helpers); set TELEMETRY-OBS-50-002/51-001 to DOING. | Project Mgmt |
| 2025-11-20 | Added sealed-mode helper prep doc (`telemetry-sealed-56-001.md`); marked PREP-TELEMETRY-OBS-56-001 DONE. | Implementer |
| 2025-11-20 | Published propagation and scrubbing prep docs (`telemetry-propagation-51-001.md`, `telemetry-scrub-51-002.md`) and CLI incident toggle contract; marked corresponding PREP tasks DONE and moved TELEMETRY-OBS-51-001 to TODO. | Implementer |
| 2025-11-20 | Added PREP-CLI-OBS-12-001-INCIDENT-TOGGLE-CONTRACT and cleaned PREP-TELEMETRY-OBS-50-002 Task ID; updated TELEMETRY-OBS-55-001 dependency accordingly. | Project Mgmt |

6
docs/implplan/SPRINT_0187_0001_0001_evidence_locker_cli_integration.md
View File

@@ -19,12 +19,12 @@
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-EVID-REPLAY-187-001-SCANNER-RECORD-PAYLO | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Evidence Locker Guild (`src/EvidenceLocker/StellaOps.EvidenceLocker`, docs) | Evidence Locker Guild (`src/EvidenceLocker/StellaOps.EvidenceLocker`, docs) | Scanner record payloads (Sprint 0186) not available; EvidenceLocker API schema cannot be drafted. <br><br> Document artefact/deliverable for EVID-REPLAY-187-001 and publish location so downstream tasks can proceed. |
| P1 | PREP-EVID-REPLAY-187-001-SCANNER-RECORD-PAYLO | DONE (2025-11-20) | Due 2025-11-23 · Accountable: Evidence Locker Guild (`src/EvidenceLocker/StellaOps.EvidenceLocker`, docs) | Evidence Locker Guild (`src/EvidenceLocker/StellaOps.EvidenceLocker`, docs) | Prep artefact published at `docs/modules/evidence-locker/replay-payload-contract.md` (scanner record payload shape, determinism, sample expectations). |
| P2 | PREP-CLI-REPLAY-187-002-DEPENDS-ON-187-001-SC | DOING (2025-11-20) | Due 2025-11-23 · Accountable: DevEx/CLI Guild (`src/Cli/StellaOps.Cli`, docs) | DevEx/CLI Guild (`src/Cli/StellaOps.Cli`, docs) | Depends on 187-001 schema freeze. <br><br> Document artefact/deliverable for CLI-REPLAY-187-002 and publish location so downstream tasks can proceed. |
| P3 | PREP-ATTEST-REPLAY-187-003-DEPENDS-ON-187-001 | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Attestor Guild (`src/Attestor/StellaOps.Attestor`, docs) | Attestor Guild (`src/Attestor/StellaOps.Attestor`, docs) | Depends on 187-001 payloads. <br><br> Document artefact/deliverable for ATTEST-REPLAY-187-003 and publish location so downstream tasks can proceed. |
| P4 | PREP-RUNBOOK-REPLAY-187-004-NEEDS-APIS-DEFINE | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Docs Guild · Ops Guild (docs/runbooks) | Docs Guild · Ops Guild (docs/runbooks) | Needs APIs defined from 187-001. <br><br> Document artefact/deliverable for RUNBOOK-REPLAY-187-004 and publish location so downstream tasks can proceed. |
| P5 | PREP-VALIDATE-BUNDLE-187-005-DEPENDS-ON-187-0 | DOING (2025-11-20) | Due 2025-11-23 · Accountable: QA Guild · CLI Guild · Docs Guild | QA Guild · CLI Guild · Docs Guild | Depends on 187-001/002/003; no payloads yet. <br><br> Document artefact/deliverable for VALIDATE-BUNDLE-187-005 and publish location so downstream tasks can proceed. |
| P6 | PREP-EVID-CRYPTO-90-001-ICRYPTOPROVIDERREGIST | DOING (2025-11-20) | Due 2025-11-23 · Accountable: Evidence Locker Guild · Security Guild (`src/EvidenceLocker/StellaOps.EvidenceLocker`) | Evidence Locker Guild · Security Guild (`src/EvidenceLocker/StellaOps.EvidenceLocker`) | ICryptoProviderRegistry readiness not confirmed; sovereign crypto profiles pending. <br><br> Document artefact/deliverable for EVID-CRYPTO-90-001 and publish location so downstream tasks can proceed. |
| P6 | PREP-EVID-CRYPTO-90-001-ICRYPTOPROVIDERREGIST | DONE (2025-11-20) | Due 2025-11-23 · Accountable: Evidence Locker Guild · Security Guild (`src/EvidenceLocker/StellaOps.EvidenceLocker`) | Evidence Locker Guild · Security Guild (`src/EvidenceLocker/StellaOps.EvidenceLocker`) | Prep artefact published at `docs/modules/evidence-locker/crypto-provider-registry-prep.md` (provider registry expectations, config, JWKS caching). |
| 1 | EVID-REPLAY-187-001 | BLOCKED (2025-11-20) | PREP-EVID-REPLAY-187-001-SCANNER-RECORD-PAYLO | Evidence Locker Guild (`src/EvidenceLocker/StellaOps.EvidenceLocker`, docs) | Implement replay bundle ingestion/retention APIs; document storage/retention rules referencing replay doc §§2 & 8. |
| 2 | CLI-REPLAY-187-002 | BLOCKED (2025-11-20) | PREP-CLI-REPLAY-187-002-DEPENDS-ON-187-001-SC | DevEx/CLI Guild (`src/Cli/StellaOps.Cli`, docs) | Add `scan --record`, `verify`, `replay`, `diff` commands with offline bundle resolution; update CLI architecture and replay appendix. |
| 3 | ATTEST-REPLAY-187-003 | BLOCKED (2025-11-20) | PREP-ATTEST-REPLAY-187-003-DEPENDS-ON-187-001 | Attestor Guild (`src/Attestor/StellaOps.Attestor`, docs) | Wire Attestor/Rekor anchoring for replay manifests; extend attestor architecture with replay ledger flow. |
@@ -35,6 +35,8 @@
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Completed PREP-EVID-REPLAY-187-001: published replay payload contract at `docs/modules/evidence-locker/replay-payload-contract.md`; status set to DONE. | Implementer |
| 2025-11-20 | Completed PREP-EVID-CRYPTO-90-001: published crypto provider registry prep at `docs/modules/evidence-locker/crypto-provider-registry-prep.md`; status set to DONE. | Implementer |
| 2025-11-20 | Published prep docs: CLI replay (`docs/modules/cli/guides/replay-cli-prep.md`), Attestor replay (`docs/modules/attestor/replay-prep.md`), runbook prep (`docs/runbooks/replay_ops_prep_187_004.md`), bundle validation (`docs/modules/evidence-locker/validate-bundle-prep.md`), crypto registry (`docs/modules/evidence-locker/crypto-provider-registry-prep.md`); set P2P6 to DOING after confirming unowned. | Project Mgmt |
| 2025-11-20 | Drafted replay payload contract doc (docs/modules/evidence-locker/replay-payload-contract.md); pinged Scanner Guild for sample payloads from Sprint 0186. | Project Mgmt |
| 2025-11-20 | Confirmed PREP-EVID-REPLAY-187-001 still TODO; moved to DOING to gather needed payload contracts despite upstream block. | Project Mgmt |

4
docs/implplan/SPRINT_0316_0001_0001_docs_modules_cli.md
View File

@@ -21,7 +21,7 @@
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-CLI-OPS-0001-WAITING-FOR-NEXT-DEMO-OUTPU | TODO | Due 2025-11-25 · Accountable: Ops Guild | Ops Guild | Waiting for next demo outputs. <br><br> Document artefact/deliverable for CLI-OPS-0001 and publish location so downstream tasks can proceed. |
| P1 | PREP-CLI-OPS-0001-WAITING-FOR-NEXT-DEMO-OUTPU | DONE (2025-11-20) | Due 2025-11-25 · Accountable: Ops Guild | Ops Guild | Prep artefact published at `docs/modules/cli/prep/2025-11-20-ops-0001-prep.md`; contains required demo outputs, hashes, and runbook update checklist to unblock CLI-OPS-0001. |
| 1 | CLI-DOCS-0001 | DONE | Synced sprint references on 2025-11-17 | Docs Guild | Update docs/AGENTS to reflect current CLI scope and sprint naming; align with template rules. |
| 2 | CLI-ENG-0001 | DONE | Sprint normalized; statuses mirrored | Module Team | Update status via ./AGENTS.md workflow and ensure module docs reference current sprint. |
| 3 | CLI-OPS-0001 | BLOCKED | PREP-CLI-OPS-0001-WAITING-FOR-NEXT-DEMO-OUTPU | Ops Guild | Sync outcomes back to ../.. ; refresh ops/runbook notes after demo. |
@@ -29,6 +29,8 @@
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Completed PREP-CLI-OPS-0001: published ops demo prep at `docs/modules/cli/prep/2025-11-20-ops-0001-prep.md`; status set to DONE. | Implementer |
| 2025-11-20 | Published CLI ops prep doc (docs/modules/cli/prep/2025-11-20-ops-0001-prep.md); set PREP-CLI-OPS-0001 to DOING. | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-17 | Normalised sprint to standard template; renamed from SPRINT_316_docs_modules_cli.md. | Docs |
| 2025-11-17 | Completed CLI-DOCS-0001 and CLI-ENG-0001 by updating CLI docs to reference normalized sprint. | Module Team |

3
docs/implplan/SPRINT_0321_0001_0001_docs_modules_graph.md
View File

@@ -20,7 +20,7 @@
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-GRAPH-OPS-0001-WAITING-FOR-NEXT-DEMO-OUT | TODO | Due 2025-11-25 · Accountable: Ops Guild | Ops Guild | Waiting for next demo outputs to review dashboards/runbooks. <br><br> Document artefact/deliverable for GRAPH-OPS-0001 and publish location so downstream tasks can proceed. |
| P1 | PREP-GRAPH-OPS-0001-WAITING-FOR-NEXT-DEMO-OUT | DOING (2025-11-20) | Due 2025-11-25 · Accountable: Ops Guild | Ops Guild | Waiting for next demo outputs to review dashboards/runbooks. <br><br> Document artefact/deliverable for GRAPH-OPS-0001 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/graph/prep/2025-11-20-ops-0001-prep.md`. |
| 1 | GRAPH-ENG-0001 | DONE | Synced docs to Sprint 0141 rename on 2025-11-17 | Module Team | Keep module milestones in sync with `/docs/implplan/SPRINT_0141_0001_0001_graph_indexer.md` and related files; update references and note deltas. |
| 2 | GRAPH-DOCS-0002 | BLOCKED | Await DOCS-GRAPH-24-003 cross-links | Docs Guild | Add API/query doc cross-links once DOCS-GRAPH-24-003 lands. |
| 3 | GRAPH-OPS-0001 | BLOCKED | PREP-GRAPH-OPS-0001-WAITING-FOR-NEXT-DEMO-OUT | Ops Guild | Review graph observability dashboards/runbooks after the next sprint demo; capture updates in runbooks. |
@@ -28,6 +28,7 @@
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Published graph ops prep doc (docs/modules/graph/prep/2025-11-20-ops-0001-prep.md); set PREP-GRAPH-OPS-0001 to DOING. | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-17 | Marked GRAPH-DOCS-0002 and GRAPH-OPS-0001 as BLOCKED pending DOCS-GRAPH-24-003 + next demo outputs. | Module Team |
| 2025-11-17 | Completed GRAPH-ENG-0001; README and implementation_plan now reference SPRINT_0141_0001_0001_graph_indexer.md. | Module Team |

5
docs/implplan/SPRINT_0400_0001_0001_reachability_runtime_static_union.md
View File

@@ -29,17 +29,22 @@
| 7 | QA-REACH-201-007 | TODO | Move fixtures + create evaluator harness | QA Guild | Integrate `reachbench-2025-expanded` fixture pack under `tests/reachability/fixtures/`, add evaluator harness tests that validate reachable vs unreachable cases, and wire CI guidance for deterministic runs. |
| 8 | GAP-SCAN-001 | TODO | Align with task 2; binary symbolizers | Scanner Worker Guild | Implement binary/language symbolizers that emit `richgraph-v1` payloads with canonical SymbolIDs and `code_id` anchors, persist graphs to CAS via `StellaOps.Scanner.Reachability`, and refresh analyzer docs/fixtures. |
| 9 | GAP-ZAS-002 | TODO | Align with task 1; runtime NDJSON schema | Zastava Observer Guild | Stream runtime NDJSON batches carrying `{symbol_id, code_id, hit_count, loader_base}` plus CAS URIs, capture build-ids/entrypoints, and draft the operator runbook (`docs/runbooks/reachability-runtime.md`). Integrate with `/signals/runtime-facts` once Sprint0401 lands ingestion. |
| 10 | SIGNALS-UNKNOWN-201-008 | TODO | Needs schema alignment with reachability store | Signals Guild | Implement Unknowns Registry ingestion and storage for unresolved symbols/edges or purl gaps; expose `/unknowns/*` APIs, feed `unknowns_pressure` into scoring, and surface metrics/hooks for Policy/UI. |
| 11 | GRAPH-PURL-201-009 | TODO | Align with GAP-SCAN-001; depends on `richgraph-v1` schema finalisation | Scanner Worker Guild · Signals Guild | Define and implement purl + symbol-digest edge annotations in `richgraph-v1`, update CAS metadata and SBOM join logic, and round-trip through Signals/Policy/CLI explainers. |
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-18 | Normalised sprint to standard template; renamed from SPRINT_400_runtime_facts_static_callgraph_union.md. | Docs |
| 2025-11-19 | Marked tasks 201-002..201-005 BLOCKED pending runtime/static union schema (SymbolID+CAS layout); no implementation until schema is published. | Implementer |
| 2025-11-20 | Added tasks 201-008 (Unknowns Registry) and 201-009 (purl + symbol-digest edge merge); awaiting schema freeze. | Planning |
## Decisions & Risks
- Runtime/static schema alignment pending (SymbolID, CAS layout, overlay tags); blocks ingestion and scoring finalization.
- reachbench fixtures not yet relocated into tests tree; QA task 201-007 must complete before CI enablement.
- Offline posture: ensure reachability pipelines avoid external downloads; rely on sealed/mock bundles.
- Unknowns Registry schema and API must align with Signals scoring before 201-008 can start; derive `unknowns_pressure` math from policy team.
- purl + symbol-digest edge schema (201-009) depends on `richgraph-v1` finalization; may require updates to SBOM resolver and CLI explain flows.
## Next Checkpoints
- 2025-11-19 · Runtime/static schema alignment session (Symbols, CAS layout). Owner: Signals Guild.

6
docs/implplan/SPRINT_0509_0001_0001_samples.md
View File

@@ -19,8 +19,8 @@
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-SAMPLES-LNM-22-001-WAITING-ON-FINALIZED | TODO | Due 2025-11-26 · Accountable: Samples Guild · Concelier Guild | Samples Guild · Concelier Guild | Waiting on finalized advisory linkset schema (Concelier). <br><br> Document artefact/deliverable for SAMPLES-LNM-22-001 and publish location so downstream tasks can proceed. |
| P2 | PREP-SAMPLES-LNM-22-002-DEPENDS-ON-22-001-OUT | TODO | Due 2025-11-26 · Accountable: Samples Guild · Excititor Guild | Samples Guild · Excititor Guild | Depends on 22-001 outputs + Excititor observation/linkset implementation. <br><br> Document artefact/deliverable for SAMPLES-LNM-22-002 and publish location so downstream tasks can proceed. |
| P1 | PREP-SAMPLES-LNM-22-001-WAITING-ON-FINALIZED | DONE (2025-11-20) | Due 2025-11-26 · Accountable: Samples Guild · Concelier Guild | Samples Guild · Concelier Guild | Prep artefact published at `docs/samples/linkset/prep-22-001.md` (fixtures plan aligned to frozen LNM schema; deterministic seeds/checksums). |
| P2 | PREP-SAMPLES-LNM-22-002-DEPENDS-ON-22-001-OUT | DOING (2025-11-20) | Due 2025-11-26 · Accountable: Samples Guild · Excititor Guild | Samples Guild · Excititor Guild | Depends on 22-001 outputs; will build Excititor observation/VEX linkset fixtures once P1 samples land. Prep doc will extend `docs/samples/linkset/prep-22-001.md` with Excititor-specific payloads. |
| 1 | SAMPLES-GRAPH-24-003 | BLOCKED | Await Graph overlay format decision + mock SBOM cache availability | Samples Guild · SBOM Service Guild | Generate large-scale SBOM graph fixture (~40k nodes) with policy overlay snapshot for perf/regression suites. |
| 2 | SAMPLES-GRAPH-24-004 | TODO | Blocked on 24-003 fixture availability | Samples Guild · UI Guild | Create vulnerability explorer JSON/CSV fixtures capturing conflicting evidence and policy outputs for UI/CLI automated tests. |
| 3 | SAMPLES-LNM-22-001 | BLOCKED | PREP-SAMPLES-LNM-22-001-WAITING-ON-FINALIZED | Samples Guild · Concelier Guild | Create advisory observation/linkset fixtures (NVD, GHSA, OSV disagreements) for API/CLI/UI tests with documented conflicts. |
@@ -29,6 +29,8 @@
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Completed PREP-SAMPLES-LNM-22-001: published linkset fixtures prep at `docs/samples/linkset/prep-22-001.md`; status set to DONE. | Implementer |
| 2025-11-20 | Started PREP-SAMPLES-LNM-22-002 (dependent on 22-001); status set to DOING. | Planning |
| 2025-11-19 | Normalized PREP-SAMPLES-LNM-22-001 Task ID (removed trailing hyphen) for dependency tracking. | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-18 | Drafted fixture plan (`samples/graph/fixtures-plan.md`) outlining contents, assumptions, and blockers for SAMPLES-GRAPH-24-003. | Samples |

24
docs/implplan/SPRINT_0510_0001_0001_airgap.md
View File

@@ -18,11 +18,11 @@
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-AIRGAP-CTL-56-001-CONTROLLER-PROJECT-SCA | DOING (2025-11-20) | Due 2025-11-26 · Accountable: AirGap Controller Guild | AirGap Controller Guild | Controller project scaffold missing; need baseline service skeleton. <br><br> Document artefact/deliverable for AIRGAP-CTL-56-001 and publish location so downstream tasks can proceed. |
| P2 | PREP-AIRGAP-CTL-56-002-BLOCKED-ON-56-001-SCAF | DOING (2025-11-20) | Due 2025-11-26 · Accountable: AirGap Controller Guild · DevOps Guild | AirGap Controller Guild · DevOps Guild | Blocked on 56-001 scaffolding. <br><br> Document artefact/deliverable for AIRGAP-CTL-56-002 and publish location so downstream tasks can proceed. |
| P1 | PREP-AIRGAP-CTL-56-001-CONTROLLER-PROJECT-SCA | DONE (2025-11-20) | Prep note at `docs/airgap/prep/2025-11-20-controller-scaffold-prep.md`; scaffold details in `docs/airgap/controller-scaffold.md`. | AirGap Controller Guild | Controller project scaffold missing; need baseline service skeleton. <br><br> Document artefact/deliverable for AIRGAP-CTL-56-001 and publish location so downstream tasks can proceed. |
| P2 | PREP-AIRGAP-CTL-56-002-BLOCKED-ON-56-001-SCAF | DONE (2025-11-20) | Prep note at `docs/airgap/prep/2025-11-20-controller-scaffold-prep.md`; status endpoint sketch included. | AirGap Controller Guild · DevOps Guild | Blocked on 56-001 scaffolding. <br><br> Document artefact/deliverable for AIRGAP-CTL-56-002 and publish location so downstream tasks can proceed. |
| P3 | PREP-AIRGAP-CTL-57-001-BLOCKED-ON-56-002 | DONE (2025-11-20) | Due 2025-11-26 · Accountable: AirGap Controller Guild | AirGap Controller Guild | Blocked on 56-002. <br><br> Deliverable: sealed-mode startup diagnostics spec at `docs/airgap/sealed-startup-diagnostics.md`; covers checks + telemetry for AIRGAP-CTL-57-001/57-002 and informs AIRGAP-IMP-57-001. |
| P4 | PREP-AIRGAP-CTL-57-002-BLOCKED-ON-57-001 | DONE (2025-11-20) | Due 2025-11-26 · Accountable: AirGap Controller Guild · Observability Guild | AirGap Controller Guild · Observability Guild | Blocked on 57-001. <br><br> Deliverable: sealed-mode startup diagnostics + telemetry/timeline hooks defined in `docs/airgap/sealed-startup-diagnostics.md`; includes events `airgap.sealed`/`airgap.unsealed` and counters for anchor staleness. |
| P5 | PREP-AIRGAP-CTL-58-001-BLOCKED-ON-57-002 | DOING (2025-11-20) | Due 2025-11-26 · Accountable: AirGap Controller Guild · AirGap Time Guild | AirGap Controller Guild · AirGap Time Guild | Blocked on 57-002. <br><br> Document artefact/deliverable for AIRGAP-CTL-58-001, AIRGAP-IMP-58-001, AIRGAP-TIME-58-001 and publish location so downstream tasks can proceed. |
| P5 | PREP-AIRGAP-CTL-58-001-BLOCKED-ON-57-002 | DONE (2025-11-20) | Prep note at `docs/airgap/prep/2025-11-20-staleness-drift-prep.md`; ties to time anchor data. | AirGap Controller Guild · AirGap Time Guild | Blocked on 57-002. <br><br> Document artefact/deliverable for AIRGAP-CTL-58-001, AIRGAP-IMP-58-001, AIRGAP-TIME-58-001 and publish location so downstream tasks can proceed. |
| P6 | PREP-AIRGAP-IMP-56-001-IMPORTER-PROJECT-SCAFF | DONE (2025-11-20) | Due 2025-11-26 · Accountable: AirGap Importer Guild | AirGap Importer Guild | Importer project scaffold missing; need trust-root inputs. <br><br> Deliverable: scaffold + doc at `docs/airgap/importer-scaffold.md`; project + tests under `src/AirGap/StellaOps.AirGap.Importer` and `tests/AirGap/StellaOps.AirGap.Importer.Tests`. |
| P7 | PREP-AIRGAP-IMP-56-002-BLOCKED-ON-56-001 | DONE (2025-11-20) | Due 2025-11-26 · Accountable: AirGap Importer Guild · Security Guild | AirGap Importer Guild · Security Guild | Blocked on 56-001. <br><br> Deliverable shares scaffold above; downstream tasks now have deterministic plan and trust-root contract. |
| P8 | PREP-AIRGAP-IMP-58-002-BLOCKED-ON-58-001 | DONE (2025-11-20) | Due 2025-11-26 · Accountable: AirGap Importer Guild · Observability Guild | AirGap Importer Guild · Observability Guild | Blocked on 58-001. <br><br> Deliverable shares scaffold above; includes plan steps + validation envelope for import timeline events. |
@@ -38,7 +38,7 @@
| 9 | AIRGAP-IMP-57-002 | BLOCKED | PREP-AIRGAP-CTL-57-002-BLOCKED-ON-57-001 | AirGap Importer Guild · DevOps Guild | Implement object-store loader storing artifacts under tenant/global mirror paths with Zstandard decompression and checksum validation. |
| 10 | AIRGAP-IMP-58-001 | BLOCKED | PREP-AIRGAP-CTL-58-001-BLOCKED-ON-57-002 | AirGap Importer Guild · CLI Guild | Implement API (`POST /airgap/import`, `/airgap/verify`) and CLI commands wiring verification + catalog updates, including diff preview. |
| 11 | AIRGAP-IMP-58-002 | BLOCKED | PREP-AIRGAP-IMP-58-002-BLOCKED-ON-58-001 | AirGap Importer Guild · Observability Guild | Emit timeline events (`airgap.import.started`, `airgap.import.completed`) with staleness metrics. |
| 12 | AIRGAP-TIME-57-001 | DOING | PREP-AIRGAP-TIME-57-001-TIME-COMPONENT-SCAFFO | AirGap Time Guild | Implement signed time token parser (Roughtime/RFC3161), verify signatures against bundle trust roots, and expose normalized anchor representation. Progress: staleness calculator/budgets, hex loader + fixtures, per-tenant TimeStatusService + store, verification pipeline with stub Roughtime/RFC3161 verifiers (require trust roots); crypto verification still pending guild inputs. |
| 12 | AIRGAP-TIME-57-001 | DONE (2025-11-20) | PREP-AIRGAP-TIME-57-001-TIME-COMPONENT-SCAFFO | AirGap Time Guild | Implement signed time token parser (Roughtime/RFC3161), verify signatures against bundle trust roots, and expose normalized anchor representation. Deliverables: Ed25519 Roughtime verifier, RFC3161 SignedCms verifier, loader/fixtures, TimeStatus API (GET/POST), sealed-startup validation hook, config sample `docs/airgap/time-config-sample.json`, tests passing. |
| 13 | AIRGAP-TIME-57-002 | BLOCKED | PREP-AIRGAP-CTL-57-002-BLOCKED-ON-57-001 | AirGap Time Guild · Observability Guild | Add telemetry counters for time anchors (`airgap_time_anchor_age_seconds`) and alerts for approaching thresholds. |
| 14 | AIRGAP-TIME-58-001 | BLOCKED | PREP-AIRGAP-CTL-58-001-BLOCKED-ON-57-002 | AirGap Time Guild | Persist drift baseline, compute per-content staleness (advisories, VEX, policy) based on bundle metadata, and surface through controller status API. |
| 15 | AIRGAP-TIME-58-002 | BLOCKED | PREP-AIRGAP-IMP-58-002-BLOCKED-ON-58-001 | AirGap Time Guild · Notifications Guild | Emit notifications and timeline events when staleness budgets breached or approaching. |
@@ -46,6 +46,20 @@
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Added curl example + healthcheck note to time API doc; tests still passing. | Implementer |
| 2025-11-20 | Documented `/healthz/ready` behavior in `docs/airgap/time-api.md`; health depends on anchor presence/staleness. | Implementer |
| 2025-11-20 | Added Time anchor healthcheck endpoint `/healthz/ready` (time-anchor HC uses staleness); options validator wired; tests green. | Implementer |
| 2025-11-20 | Loader now rejects missing/incompatible trust roots; controller logs failures/success for POST /api/v1/time/anchor; tests remain passing. | Implementer |
| 2025-11-20 | Added AirGap options validator tests (tenant/budget guardrails); test suite remains passing. | Implementer |
| 2025-11-20 | Added AirGap options validator (tenant + staleness budgets) and kept Time tests passing. | Implementer |
| 2025-11-20 | Hardened TimeAnchorLoader trust-root checks (format compatibility) and added verifier tests; Time tests still green. | Implementer |
| 2025-11-20 | Added time API doc (`docs/airgap/time-api.md`) and AirGap docs index; tests still passing after doc updates. | Implementer |
| 2025-11-20 | Added budget-mismatch guard test for sealed startup validator; Time tests remain passing. | Implementer |
| 2025-11-20 | Added crypto-backed tests for Roughtime (Ed25519) and RFC3161 (SignedCms) verifiers; Time test suite still green. | Implementer |
| 2025-11-20 | Wired config-driven tenant/staleness budgets into Time host; verifiers now real (Roughtime Ed25519, RFC3161 SignedCms); config sample added (`docs/airgap/time-config-sample.json`); tests remain green. | Implementer |
| 2025-11-20 | Upgraded time verifiers: Roughtime Ed25519 signature check and RFC3161 SignedCms verification; docs updated. | Implementer |
| 2025-11-20 | Added sealed startup validator hook; API POST `/api/v1/time/anchor`/GET `/api/v1/time/status` now exercised by tests; Time project builds standalone. | Implementer |
| 2025-11-20 | Added sealed-startup validator for time anchors; POST `/api/v1/time/anchor` persists anchor + budgets, GET `/api/v1/time/status` returns staleness; tests passing. | Implementer |
| 2025-11-20 | Added TimeStatusController + web host; exposed `/api/v1/time/status` and POST `/api/v1/time/anchor` using trust-root verified loader; tests still passing. | Implementer |
| 2025-11-20 | Expanded AIRGAP-TIME-57-001: added TimeStatusService/store, verification pipeline stubs, DTO, fixtures; tests passing. Added API surface `/api/v1/time/status`. | Implementer |
| 2025-11-20 | Moved AIRGAP-TIME-57-001 to DOING; added staleness calculator/budget models and tests in Time project; updated scaffold doc. | Implementer |
@@ -55,6 +69,7 @@
| 2025-11-20 | Started AIRGAP-IMP-56-001/56-002 implementation (DSSE verifier, TUF validator, Merkle calculator; tests added). | Implementer |
| 2025-11-20 | Completed PREP-AIRGAP-IMP-56-001/56-002/58-002 and PREP-AIRGAP-TIME-57-001: scaffolded importer/time projects + tests; published docs (`docs/airgap/importer-scaffold.md`, `docs/airgap/time-anchor-scaffold.md`). | Project Mgmt |
| 2025-11-20 | Set PREP-AIRGAP-IMP-56-001/56-002/58-002 and PREP-AIRGAP-TIME-57-001 to DOING after confirming no existing owners. | Project Mgmt |
| 2025-11-20 | Published prep notes for controller scaffold and staleness enrichment (`docs/airgap/prep/2025-11-20-controller-scaffold-prep.md`, `docs/airgap/prep/2025-11-20-staleness-drift-prep.md`); marked PREP-AIRGAP-CTL-56-001/56-002/58-001 DONE. | Implementer |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-18 | Marked all AIRGAP controller/importer/time tasks BLOCKED: no project scaffolds exist under src/AirGap; need baseline service skeletons and token format decisions before implementation. | Ops/Docs |
| 2025-11-18 | Normalised sprint to standard template; renamed from SPRINT_510_airgap.md. | Ops/Docs |
@@ -64,6 +79,7 @@
- Time anchor parsing depends on chosen token format (Roughtime vs RFC3161); must be confirmed with AirGap Time Guild.
- Offline posture: ensure all verification runs without egress; CMK/KMS access must have offline-friendly configs.
- Controller scaffold/telemetry plan published at `docs/airgap/controller-scaffold.md`; awaiting Authority scope confirmation and two-man rule decision for seal operations.
- Repo integrity risk: current git index appears corrupted (phantom deletions across repo). Requires repair before commit/merge to avoid data loss.
## Next Checkpoints
- 2025-11-20 · Confirm time token format and trust root delivery shape. Owner: AirGap Time Guild.

16
docs/implplan/SPRINT_0512_0001_0001_bench.md
View File

@@ -19,12 +19,12 @@
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-BENCH-GRAPH-21-001-NEED-GRAPH-BENCH-HARN | TODO | Due 2025-11-26 · Accountable: Bench Guild · Graph Platform Guild | Bench Guild · Graph Platform Guild | Need graph bench harness scaffolding (50k/100k nodes). <br><br> Document artefact/deliverable for BENCH-GRAPH-21-001 and publish location so downstream tasks can proceed. |
| P2 | PREP-BENCH-GRAPH-21-002-BLOCKED-ON-21-001-HAR | TODO | Due 2025-11-26 · Accountable: Bench Guild · UI Guild | Bench Guild · UI Guild | Blocked on 21-001 harness. <br><br> Document artefact/deliverable for BENCH-GRAPH-21-002 and publish location so downstream tasks can proceed. |
| P3 | PREP-BENCH-IMPACT-16-001-IMPACT-INDEX-DATASET | TODO | Due 2025-11-26 · Accountable: Bench Guild · Scheduler Team | Bench Guild · Scheduler Team | Impact index dataset/replay inputs not provided. <br><br> Document artefact/deliverable for BENCH-IMPACT-16-001 and publish location so downstream tasks can proceed. |
| P4 | PREP-BENCH-POLICY-20-002-POLICY-DELTA-SAMPLE | TODO | Due 2025-11-26 · Accountable: Bench Guild · Policy Guild · Scheduler Guild | Bench Guild · Policy Guild · Scheduler Guild | Policy delta sample inputs missing. <br><br> Document artefact/deliverable for BENCH-POLICY-20-002 and publish location so downstream tasks can proceed. |
| P5 | PREP-BENCH-SIG-26-001-REACHABILITY-SCHEMA-FIX | TODO | Due 2025-11-26 · Accountable: Bench Guild · Signals Guild | Bench Guild · Signals Guild | Reachability schema/fixtures pending Sprint 0400/0401. <br><br> Document artefact/deliverable for BENCH-SIG-26-001 and publish location so downstream tasks can proceed. |
| P6 | PREP-BENCH-SIG-26-002-BLOCKED-ON-26-001-OUTPU | TODO | Due 2025-11-26 · Accountable: Bench Guild · Policy Guild | Bench Guild · Policy Guild | Blocked on 26-001 outputs. <br><br> Document artefact/deliverable for BENCH-SIG-26-002 and publish location so downstream tasks can proceed. |
| P1 | PREP-BENCH-GRAPH-21-001-NEED-GRAPH-BENCH-HARN | DONE (2025-11-20) | Prep doc at `docs/benchmarks/graph/bench-graph-21-001-prep.md`; awaits fixtures (SAMPLES-GRAPH-24-003). | Bench Guild · Graph Platform Guild | Need graph bench harness scaffolding (50k/100k nodes). <br><br> Document artefact/deliverable for BENCH-GRAPH-21-001 and publish location so downstream tasks can proceed. |
| P2 | PREP-BENCH-GRAPH-21-002-BLOCKED-ON-21-001-HAR | DONE (2025-11-20) | Due 2025-11-26 · Accountable: Bench Guild · UI Guild | Bench Guild · UI Guild | Prep artefact published at `docs/benchmarks/graph/bench-graph-21-002-prep.md` (Playwright UI bench plan leveraging 50k/100k fixtures; scenarios, metrics, determinism). |
| P3 | PREP-BENCH-IMPACT-16-001-IMPACT-INDEX-DATASET | DONE (2025-11-20) | Due 2025-11-26 · Accountable: Bench Guild · Scheduler Team | Bench Guild · Scheduler Team | Prep artefact published at `docs/benchmarks/impact/bench-impact-16-001-prep.md` (dataset shape, replay plan, deterministic metrics). |
| P4 | PREP-BENCH-POLICY-20-002-POLICY-DELTA-SAMPLE | DONE (2025-11-20) | Due 2025-11-26 · Accountable: Bench Guild · Policy Guild · Scheduler Guild | Bench Guild · Policy Guild · Scheduler Guild | Prep artefact published at `docs/benchmarks/policy/bench-policy-20-002-prep.md` (baseline + delta datasets, deterministic harness plan, metrics). |
| P5 | PREP-BENCH-SIG-26-001-REACHABILITY-SCHEMA-FIX | DONE (2025-11-20) | Prep doc at `docs/benchmarks/signals/bench-sig-26-001-prep.md`; awaits reachability schema hash. | Bench Guild · Signals Guild | Reachability schema/fixtures pending Sprint 0400/0401. <br><br> Document artefact/deliverable for BENCH-SIG-26-001 and publish location so downstream tasks can proceed. |
| P6 | PREP-BENCH-SIG-26-002-BLOCKED-ON-26-001-OUTPU | DONE (2025-11-20) | Prep doc at `docs/benchmarks/signals/bench-sig-26-002-prep.md`; depends on 26-001 datasets. | Bench Guild · Policy Guild | Blocked on 26-001 outputs. <br><br> Document artefact/deliverable for BENCH-SIG-26-002 and publish location so downstream tasks can proceed. |
| 1 | BENCH-GRAPH-21-001 | BLOCKED | PREP-BENCH-GRAPH-21-001-NEED-GRAPH-BENCH-HARN | Bench Guild · Graph Platform Guild | Build graph viewport/path benchmark harness (50k/100k nodes) measuring Graph API/Indexer latency, memory, and tile cache hit rates. |
| 2 | BENCH-GRAPH-21-002 | BLOCKED | PREP-BENCH-GRAPH-21-002-BLOCKED-ON-21-001-HAR | Bench Guild · UI Guild | Add headless UI load benchmark (Playwright) for graph canvas interactions to track render times and FPS budgets. |
| 3 | BENCH-GRAPH-24-002 | BLOCKED | Waiting for 50k/100k graph fixture (SAMPLES-GRAPH-24-003) | Bench Guild · UI Guild | Implement UI interaction benchmarks (filter/zoom/table operations) citing p95 latency; integrate with perf dashboards. |
@@ -36,6 +36,10 @@
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Completed PREP-BENCH-GRAPH-21-002: published UI bench prep doc at `docs/benchmarks/graph/bench-graph-21-002-prep.md`; status set to DONE. | Implementer |
| 2025-11-20 | Completed PREP-BENCH-IMPACT-16-001: published impact index bench prep doc at `docs/benchmarks/impact/bench-impact-16-001-prep.md`; status set to DONE. | Implementer |
| 2025-11-20 | Completed PREP-BENCH-POLICY-20-002: published policy delta bench prep doc at `docs/benchmarks/policy/bench-policy-20-002-prep.md`; status set to DONE. | Implementer |
| 2025-11-20 | Published prep artefacts for PREP-BENCH-GRAPH-21-001, PREP-BENCH-SIG-26-001, and PREP-BENCH-SIG-26-002 under `docs/benchmarks/`; marked P1, P5, P6 DONE. | Implementer |
| 2025-11-19 | Trimmed trailing hyphen from PREP-BENCH-POLICY-20-002 Task ID to keep BENCH-POLICY-20-002 blocker resolvable. | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-18 | Marked BENCH-GRAPH-24-002, BENCH-IMPACT-16-001, BENCH-POLICY-20-002, BENCH-SIG-26-001/002 as BLOCKED pending fixtures/datasets and reachability schema. | Bench |

3
docs/implplan/SPRINT_0514_0001_0001_sovereign_crypto_enablement.md
View File

@@ -17,7 +17,7 @@
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-AUTH-CRYPTO-90-001-NEEDS-AUTHORITY-PROVI | TODO | Due 2025-11-26 · Accountable: Authority Core & Security Guild | Authority Core & Security Guild | Needs Authority provider/key format spec & JWKS export requirements. <br><br> Document artefact/deliverable for AUTH-CRYPTO-90-001 and publish location so downstream tasks can proceed. |
| P1 | PREP-AUTH-CRYPTO-90-001-NEEDS-AUTHORITY-PROVI | DONE (2025-11-20) | Prep note at `docs/modules/authority/prep/2025-11-20-auth-crypto-provider-prep.md`; awaiting contract publication. | Authority Core & Security Guild | Needs Authority provider/key format spec & JWKS export requirements. <br><br> Document artefact/deliverable for AUTH-CRYPTO-90-001 and publish location so downstream tasks can proceed. |
| 1 | SEC-CRYPTO-90-017 | TODO | Fork present; integrate into solution | Security Guild | Vendor `third_party/forks/AlexMAS.GostCryptography` into the solution build (solution filters, Directory.Build props, CI) so the library compiles with the repo and publishes artifacts. |
| 2 | SEC-CRYPTO-90-018 | TODO | After 90-017 | Security & Docs Guilds | Update developer/RootPack documentation to describe the fork, sync steps, and licensing. |
| 3 | SEC-CRYPTO-90-019 | TODO | After 90-017 | Security Guild | Patch the fork to drop vulnerable `System.Security.Cryptography.{Pkcs,Xml}` 6.0.0 deps; retarget .NET 8+, rerun tests. |
@@ -41,6 +41,7 @@
| 2025-11-18 | Normalised sprint to standard template; renamed from SPRINT_514_sovereign_crypto_enablement.md. | Security Docs |
| 2025-11-18 | Downloaded MongoDB 4.4.4 binaries into `local-nuget/mongo2go/4.1.0/tools/mongodb-linux-4.4.4-database-tools-100.3.1/community-server/mongodb-linux-x86_64-ubuntu2004-4.4.4/bin/mongod`; reran `dotnet vstest …AdvisoryChunksEndpoint_ReturnsParagraphAnchors` but Mongo2Go still cannot connect (timeout/connection refused to 127.0.0.1). Concelier AOC tasks remain BLOCKED pending stable Mongo2Go startup. | Concelier WebService |
| 2025-11-18 | Targeted `dotnet vstest ...StellaOps.Concelier.WebService.Tests.dll --TestCaseFilter:AdvisoryChunksEndpoint_ReturnsParagraphAnchors` failed: Mongo2Go cannot start (mongod binaries not found; connection refused 127.0.0.1:35961). Concelier AOC tasks remain BLOCKED pending usable Mongo2Go binary path. | Concelier WebService |
| 2025-11-20 | Published Authority crypto provider/JWKS prep note (`docs/modules/authority/prep/2025-11-20-auth-crypto-provider-prep.md`); marked PREP-AUTH-CRYPTO-90-001 DONE. | Implementer |
## Decisions & Risks
- AUTH-CRYPTO-90-001 blocking: Authority provider/key contract not yet published; SME needed to define mapping to registry + JWKS export.

1
docs/implplan/SPRINT_110_ingestion_evidence.md
View File

@@ -52,6 +52,7 @@
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Concelier WebService tests could not run locally (Mongo2Go requires libcrypto.so.1.1). Endpoint compiled; rerun tests once OpenSSL 1.1 shim available. | Implementer |
| 2025-11-20 | CONCELIER-CONSOLE-23-001..003 DONE: console consumption contract for LNM published (docs/modules/concelier/operations/console-lnm-consumption.md). | Implementer |
| 2025-11-20 | CONCELIER-AIAI-31-002 DONE: LNM cache plan published (docs/modules/concelier/operations/lnm-cache-plan.md) using frozen schema + Evidence Locker contract. | Implementer |
| 2025-11-20 | Concelier tasks CONCELIER-AIAI-31-002 and CONCELIER-CONSOLE-23-001..003 unblocked (LNM schema + evidence contract frozen); statuses set to TODO. | Implementer |

25
docs/implplan/SPRINT_123_policy_reasoning.md
View File

@@ -12,18 +12,18 @@ Focus: Policy & Reasoning focus on Policy (phase I).
| --- | --- | --- | --- | --- |
| P1 | PREP-EXPORT-CONSOLE-23-001-MISSING-EXPORT-BUN | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Policy Guild, Scheduler Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild, Scheduler Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | Missing export bundle contract/API surface and scheduler job spec for Console; requires agreed schema and job wiring. <br><br> Document artefact/deliverable for EXPORT-CONSOLE-23-001 and publish location so downstream tasks can proceed. |
| P2 | PREP-POLICY-AIRGAP-56-001-MIRROR-BUNDLE-SCHEM | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Policy Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild / src/Policy/StellaOps.Policy.Engine | Mirror bundle schema for policy packs not published; need bundle_id/provenance fields and sealed-mode rules. <br><br> Document artefact/deliverable for POLICY-AIRGAP-56-001 and publish location so downstream tasks can proceed. |
| P3 | PREP-POLICY-AIRGAP-56-002-DEPENDS-ON-56-001-B | TODO | Due 2025-11-22 · Accountable: Policy Guild, Policy Studio Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild, Policy Studio Guild / src/Policy/StellaOps.Policy.Engine | Depends on 56-001 bundle import schema and DSSE signing profile. <br><br> Document artefact/deliverable for POLICY-AIRGAP-56-002 and publish location so downstream tasks can proceed. |
| P4 | PREP-POLICY-AIRGAP-57-001-REQUIRES-SEALED-MOD | TODO | Due 2025-11-22 · Accountable: Policy Guild, AirGap Policy Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild, AirGap Policy Guild / src/Policy/StellaOps.Policy.Engine | Requires sealed-mode contract (egress rules, error codes) after 56-002. <br><br> Document artefact/deliverable for POLICY-AIRGAP-57-001 and publish location so downstream tasks can proceed. |
| P5 | PREP-POLICY-AIRGAP-57-002-NEEDS-STALENESS-FAL | TODO | Due 2025-11-22 · Accountable: Policy Guild, AirGap Time Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild, AirGap Time Guild / src/Policy/StellaOps.Policy.Engine | Needs staleness/fallback data contract from 57-001. <br><br> Document artefact/deliverable for POLICY-AIRGAP-57-002 and publish location so downstream tasks can proceed. |
| P6 | PREP-POLICY-AIRGAP-58-001-NOTIFICATION-SCHEMA | TODO | Due 2025-11-22 · Accountable: Policy Guild, Notifications Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild, Notifications Guild / src/Policy/StellaOps.Policy.Engine | Notification schema and staleness signals pending from 57-002. <br><br> Document artefact/deliverable for POLICY-AIRGAP-58-001 and publish location so downstream tasks can proceed. |
| P7 | PREP-POLICY-AOC-19-001-NEEDS-AGREED-LINTING-T | TODO | Due 2025-11-22 · Accountable: Policy Guild / src/Policy/__Libraries/StellaOps.Policy | Policy Guild / src/Policy/__Libraries/StellaOps.Policy | Needs agreed linting targets (which ingestion projects, which helpers) and CI wiring; no analyzer/lint spec available. <br><br> Document artefact/deliverable for POLICY-AOC-19-001 and publish location so downstream tasks can proceed. |
| P8 | PREP-POLICY-AOC-19-002-DEPENDS-ON-19-001-LINT | TODO | Due 2025-11-22 · Accountable: Policy Guild, Platform Security / src/Policy/__Libraries/StellaOps.Policy | Policy Guild, Platform Security / src/Policy/__Libraries/StellaOps.Policy | Depends on 19-001 lint implementation and authority contract for `effective:write` gate. <br><br> Document artefact/deliverable for POLICY-AOC-19-002 and publish location so downstream tasks can proceed. |
| P9 | PREP-POLICY-AOC-19-003-REQUIRES-DECISIONED-NO | TODO | Due 2025-11-22 · Accountable: Policy Guild / src/Policy/__Libraries/StellaOps.Policy | Policy Guild / src/Policy/__Libraries/StellaOps.Policy | Requires decisioned normalized-field removal contract after 19-002; fixtures not provided. <br><br> Document artefact/deliverable for POLICY-AOC-19-003 and publish location so downstream tasks can proceed. |
| P10 | PREP-POLICY-AOC-19-004-DEPENDENT-ON-19-003-DA | TODO | Due 2025-11-22 · Accountable: Policy Guild, QA Guild / src/Policy/__Libraries/StellaOps.Policy | Policy Guild, QA Guild / src/Policy/__Libraries/StellaOps.Policy | Dependent on 19-003 data shape and determinism fixtures. <br><br> Document artefact/deliverable for POLICY-AOC-19-004 and publish location so downstream tasks can proceed. |
| P11 | PREP-POLICY-ATTEST-73-001-VERIFICATIONPOLICY- | TODO | Due 2025-11-22 · Accountable: Policy Guild, Attestor Service Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild, Attestor Service Guild / src/Policy/StellaOps.Policy.Engine | VerificationPolicy schema/persistence contract missing; needs Attestor alignment. <br><br> Document artefact/deliverable for POLICY-ATTEST-73-001 and publish location so downstream tasks can proceed. |
| P12 | PREP-POLICY-ATTEST-73-002-DEPENDS-ON-73-001-E | TODO | Due 2025-11-22 · Accountable: Policy Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild / src/Policy/StellaOps.Policy.Engine | Depends on 73-001 editor DTOs and validation schema. <br><br> Document artefact/deliverable for POLICY-ATTEST-73-002 and publish location so downstream tasks can proceed. |
| P13 | PREP-POLICY-ATTEST-74-001-REQUIRES-73-002-AND | TODO | Due 2025-11-22 · Accountable: Policy Guild, Attestor Service Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild, Attestor Service Guild / src/Policy/StellaOps.Policy.Engine | Requires 73-002 and Attestor pipeline contract. <br><br> Document artefact/deliverable for POLICY-ATTEST-74-001 and publish location so downstream tasks can proceed. |
| P14 | PREP-POLICY-ATTEST-74-002-NEEDS-74-001-SURFAC | TODO | Due 2025-11-22 · Accountable: Policy Guild, Console Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild, Console Guild / src/Policy/StellaOps.Policy.Engine | Needs 74-001 surface in Console verification reports contract. <br><br> Document artefact/deliverable for POLICY-ATTEST-74-002 and publish location so downstream tasks can proceed. |
| P3 | PREP-POLICY-AIRGAP-56-002-DEPENDS-ON-56-001-B | DONE (2025-11-20) | Prep doc at `docs/modules/policy/prep/2025-11-20-policy-airgap-56-002-prep.md`; awaits schema hash from 56-001. | Policy Guild, Policy Studio Guild / src/Policy/StellaOps.Policy.Engine | Depends on 56-001 bundle import schema and DSSE signing profile. <br><br> Document artefact/deliverable for POLICY-AIRGAP-56-002 and publish location so downstream tasks can proceed. |
| P4 | PREP-POLICY-AIRGAP-57-001-REQUIRES-SEALED-MOD | DONE (2025-11-20) | Prep doc at `docs/modules/policy/prep/2025-11-20-policy-airgap-57-001-prep.md`; depends on 56-002 + WEB-OAS-61-002 envelope. | Policy Guild, AirGap Policy Guild / src/Policy/StellaOps.Policy.Engine | Requires sealed-mode contract (egress rules, error codes) after 56-002. <br><br> Document artefact/deliverable for POLICY-AIRGAP-57-001 and publish location so downstream tasks can proceed. |
| P5 | PREP-POLICY-AIRGAP-57-002-NEEDS-STALENESS-FAL | DONE (2025-11-20) | Prep doc at `docs/modules/policy/prep/2025-11-20-policy-airgap-57-002-prep.md`; awaits staleness metadata inputs. | Policy Guild, AirGap Time Guild / src/Policy/StellaOps.Policy.Engine | Needs staleness/fallback data contract from 57-001. <br><br> Document artefact/deliverable for POLICY-AIRGAP-57-002 and publish location so downstream tasks can proceed. |
| P6 | PREP-POLICY-AIRGAP-58-001-NOTIFICATION-SCHEMA | DONE (2025-11-20) | Prep doc at `docs/modules/policy/prep/2025-11-20-policy-airgap-58-001-prep.md`; aligned to notifications schema once available. | Policy Guild, Notifications Guild / src/Policy/StellaOps.Policy.Engine | Notification schema and staleness signals pending from 57-002. <br><br> Document artefact/deliverable for POLICY-AIRGAP-58-001 and publish location so downstream tasks can proceed. |
| P7 | PREP-POLICY-AOC-19-001-NEEDS-AGREED-LINTING-T | DONE (2025-11-20) | Prep doc at `docs/modules/policy/prep/2025-11-20-policy-aoc-19-001-prep.md`; awaiting rule set agreement. | Policy Guild / src/Policy/__Libraries/StellaOps.Policy | Needs agreed linting targets (which ingestion projects, which helpers) and CI wiring; no analyzer/lint spec available. <br><br> Document artefact/deliverable for POLICY-AOC-19-001 and publish location so downstream tasks can proceed. |
| P8 | PREP-POLICY-AOC-19-002-DEPENDS-ON-19-001-LINT | DONE (2025-11-20) | Prep doc at `docs/modules/policy/prep/2025-11-20-policy-aoc-19-002-prep.md`; depends on lint rules + auth scopes. | Policy Guild, Platform Security / src/Policy/__Libraries/StellaOps.Policy | Depends on 19-001 lint implementation and authority contract for `effective:write` gate. <br><br> Document artefact/deliverable for POLICY-AOC-19-002 and publish location so downstream tasks can proceed. |
| P9 | PREP-POLICY-AOC-19-003-REQUIRES-DECISIONED-NO | DONE (2025-11-20) | Prep doc at `docs/modules/policy/prep/2025-11-20-policy-aoc-19-003-prep.md`; awaiting field removal decision. | Policy Guild / src/Policy/__Libraries/StellaOps.Policy | Requires decisioned normalized-field removal contract after 19-002; fixtures not provided. <br><br> Document artefact/deliverable for POLICY-AOC-19-003 and publish location so downstream tasks can proceed. |
| P10 | PREP-POLICY-AOC-19-004-DEPENDENT-ON-19-003-DA | DONE (2025-11-20) | Prep doc at `docs/modules/policy/prep/2025-11-20-policy-aoc-19-004-prep.md`; depends on field removal list. | Policy Guild, QA Guild / src/Policy/__Libraries/StellaOps.Policy | Dependent on 19-003 data shape and determinism fixtures. <br><br> Document artefact/deliverable for POLICY-AOC-19-004 and publish location so downstream tasks can proceed. |
| P11 | PREP-POLICY-ATTEST-73-001-VERIFICATIONPOLICY- | DONE (2025-11-20) | Due 2025-11-22 · Accountable: Policy Guild, Attestor Service Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild, Attestor Service Guild / src/Policy/StellaOps.Policy.Engine | Prep artefact published at `docs/modules/policy/prep/2025-11-20-policy-attest-73-001-prep.md` (VerificationPolicy schema/persistence rules). |
| P12 | PREP-POLICY-ATTEST-73-002-DEPENDS-ON-73-001-E | DONE (2025-11-20) | Due 2025-11-22 · Accountable: Policy Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild / src/Policy/StellaOps.Policy.Engine | Prep artefact published at `docs/modules/policy/prep/2025-11-20-policy-attest-73-002-prep.md` (editor DTOs + validation). |
| P13 | PREP-POLICY-ATTEST-74-001-REQUIRES-73-002-AND | DONE (2025-11-20) | Due 2025-11-22 · Accountable: Policy Guild, Attestor Service Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild, Attestor Service Guild / src/Policy/StellaOps.Policy.Engine | Prep artefact published at `docs/modules/policy/prep/2025-11-20-policy-attest-74-001-prep.md` (policy attestation result schema + endpoint). |
| P14 | PREP-POLICY-ATTEST-74-002-NEEDS-74-001-SURFAC | DONE (2025-11-20) | Due 2025-11-22 · Accountable: Policy Guild, Console Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild, Console Guild / src/Policy/StellaOps.Policy.Engine | Prep artefact published at `docs/modules/policy/prep/2025-11-20-policy-attest-74-002-prep.md` (Console report extension for attestation results). |
| 1 | EXPORT-CONSOLE-23-001 | BLOCKED | PREP-EXPORT-CONSOLE-23-001-MISSING-EXPORT-BUN | Policy Guild, Scheduler Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine |
| 2 | POLICY-AIRGAP-56-001 | BLOCKED | PREP-POLICY-AIRGAP-56-001-MIRROR-BUNDLE-SCHEM | Policy Guild / src/Policy/StellaOps.Policy.Engine |
| 3 | POLICY-AIRGAP-56-002 | BLOCKED | PREP-POLICY-AIRGAP-56-002-DEPENDS-ON-56-001-B | Policy Guild, Policy Studio Guild / src/Policy/StellaOps.Policy.Engine |
@@ -45,6 +45,7 @@ Focus: Policy & Reasoning focus on Policy (phase I).
| --- | --- | --- |
| 2025-11-20 | Drafted export bundle + scheduler contract (docs/modules/policy/design/export-console-bundle-contract.md); pinged Console/Scheduler owners for signer/storage decisions. | Project Mgmt |
| 2025-11-20 | Confirmed PREP-EXPORT-CONSOLE-23-001 and PREP-POLICY-AIRGAP-56-001 still TODO; moved both to DOING to draft missing export/bundle schemas. | Project Mgmt |
| 2025-11-20 | Published prep artefacts for AIRGAP chain (56-002/57-001/57-002/58-001) and AOC lint/normalization (19-001/002/003/004); marked P3P10 DONE. | Implementer |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-08 | Sprint created; awaiting staffing. | Planning |
| 2025-11-18 | Attempted EXPORT-CONSOLE-23-001 but blocked: no export bundle/schema or scheduler job contract for Console; requires API + signed manifest format before implementation. Marked remaining tasks BLOCKED pending lint/airgap/attest/Console contracts. | Policy Guild |

3
docs/implplan/SPRINT_124_policy_reasoning.md
View File

@@ -10,7 +10,7 @@ Focus: Policy & Reasoning focus on Policy (phase II).
| # | Task ID & handle | State | Key dependency / next step | Owners |
| --- | --- | --- | --- | --- |
| P1 | PREP-POLICY-ENGINE-20-002-BUILD-DETERMINISTIC | TODO | Due 2025-11-22 · Accountable: Policy Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild / src/Policy/StellaOps.Policy.Engine | Build deterministic evaluator honoring lexical/priority order, first-match semantics, and safe value types (no wall-clock/network access). <br><br> Document artefact/deliverable for POLICY-ENGINE-20-002 and publish location so downstream tasks can proceed. |
| P1 | PREP-POLICY-ENGINE-20-002-BUILD-DETERMINISTIC | DONE (2025-11-20) | Prep doc at `docs/modules/policy/prep/2025-11-20-policy-engine-20-002-prep.md`; captures evaluator constraints. | Policy Guild / src/Policy/StellaOps.Policy.Engine | Build deterministic evaluator honoring lexical/priority order, first-match semantics, and safe value types (no wall-clock/network access). <br><br> Document artefact/deliverable for POLICY-ENGINE-20-002 and publish location so downstream tasks can proceed. |
| 1 | POLICY-CONSOLE-23-002 | TODO | Produce simulation diff metadata (before/after counts, severity deltas, rule impact summaries) and approval state endpoints consumed by Console policy workspace; expose RBAC-aware status transitions (Deps: POLICY-CONSOLE-23-001) | Policy Guild, Product Ops / src/Policy/StellaOps.Policy.Engine |
| 2 | POLICY-ENGINE-20-002 | BLOCKED (2025-10-26) | PREP-POLICY-ENGINE-20-002-BUILD-DETERMINISTIC | Policy Guild / src/Policy/StellaOps.Policy.Engine |
| 3 | POLICY-ENGINE-20-003 | TODO | Implement selection joiners resolving SBOM↔advisory↔VEX tuples using linksets and PURL equivalence tables, with deterministic batching (Deps: POLICY-ENGINE-20-002) | Policy Guild, Concelier Core Guild, Excititor Core Guild / src/Policy/StellaOps.Policy.Engine |
@@ -28,4 +28,5 @@ Focus: Policy & Reasoning focus on Policy (phase II).
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Published deterministic evaluator prep note (`docs/modules/policy/prep/2025-11-20-policy-engine-20-002-prep.md`); set PREP-POLICY-ENGINE-20-002 to DONE. | Implementer |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |

27
docs/implplan/SPRINT_125_policy_reasoning.md
View File

@@ -11,18 +11,18 @@ Focus: Policy & Reasoning focus on Policy (phase III).
| # | Task ID & handle | State | Key dependency / next step | Owners |
| --- | --- | --- | --- | --- |
| P1 | PREP-POLICY-ENGINE-30-001-WAITING-ON-29-004-M | DOING (2025-11-20) | Due 2025-11-22 · Accountable: Policy Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine | Waiting on 29-004 metrics/logging outputs to define overlay projection contract. <br><br> Document artefact/deliverable for POLICY-ENGINE-30-001 and publish location so downstream tasks can proceed. |
| P2 | PREP-POLICY-ENGINE-30-002-SIMULATION-BRIDGE-C | TODO | Due 2025-11-22 · Accountable: Policy Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine | Simulation bridge cannot proceed until 30-001 overlay schema lands. <br><br> Document artefact/deliverable for POLICY-ENGINE-30-002 and publish location so downstream tasks can proceed. |
| P3 | PREP-POLICY-ENGINE-30-003-CHANGE-EVENTS-DEPEN | TODO | Due 2025-11-22 · Accountable: Policy Guild, Scheduler Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild, Scheduler Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine | Change events depend on simulation bridge (30-002) outputs. <br><br> Document artefact/deliverable for POLICY-ENGINE-30-003 and publish location so downstream tasks can proceed. |
| P4 | PREP-POLICY-ENGINE-30-101-TRUST-WEIGHTING-UI- | TODO | Due 2025-11-22 · Accountable: Policy Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild / src/Policy/StellaOps.Policy.Engine | Trust weighting UI/API depends on change events + overlays (30-003). <br><br> Document artefact/deliverable for POLICY-ENGINE-30-101 and publish location so downstream tasks can proceed. |
| P5 | PREP-POLICY-ENGINE-31-001-ADVISORY-AI-KNOBS-R | TODO | Due 2025-11-22 · Accountable: Policy Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild / src/Policy/StellaOps.Policy.Engine | Advisory AI knobs rely on 30-101 trust weighting surfacing. <br><br> Document artefact/deliverable for POLICY-ENGINE-31-001 and publish location so downstream tasks can proceed. |
| P6 | PREP-POLICY-ENGINE-31-002-BATCH-CONTEXT-ENDPO | TODO | Due 2025-11-22 · Accountable: Policy Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild / src/Policy/StellaOps.Policy.Engine | Batch context endpoint waits on 31-001 knobs. <br><br> Document artefact/deliverable for POLICY-ENGINE-31-002 and publish location so downstream tasks can proceed. |
| P7 | PREP-POLICY-ENGINE-32-101-ORCHESTRATOR-JOB-SC | TODO | Due 2025-11-22 · Accountable: Policy Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild / src/Policy/StellaOps.Policy.Engine | Orchestrator job schema depends on 31-002 batch context. <br><br> Document artefact/deliverable for POLICY-ENGINE-32-101 and publish location so downstream tasks can proceed. |
| P8 | PREP-POLICY-ENGINE-33-101-WORKER-IMPLEMENTATI | TODO | Due 2025-11-22 · Accountable: Policy Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild / src/Policy/StellaOps.Policy.Engine | Worker implementation depends on 32-101 job schema. <br><br> Document artefact/deliverable for POLICY-ENGINE-33-101 and publish location so downstream tasks can proceed. |
| P9 | PREP-POLICY-ENGINE-34-101-LEDGER-EXPORT-REQUI | TODO | Due 2025-11-22 · Accountable: Policy Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild / src/Policy/StellaOps.Policy.Engine | Ledger export requires 33-101 workers. <br><br> Document artefact/deliverable for POLICY-ENGINE-34-101 and publish location so downstream tasks can proceed. |
| P10 | PREP-POLICY-ENGINE-35-201-SNAPSHOT-API-WAITS- | TODO | Due 2025-11-22 · Accountable: Policy Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild / src/Policy/StellaOps.Policy.Engine | Snapshot API waits on 34-101 ledger export. <br><br> Document artefact/deliverable for POLICY-ENGINE-35-201 and publish location so downstream tasks can proceed. |
| P11 | PREP-POLICY-ENGINE-38-201-VIOLATION-EVENTS-DE | TODO | Due 2025-11-22 · Accountable: Policy Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild / src/Policy/StellaOps.Policy.Engine | Violation events depend on 35-201 snapshot stream. <br><br> Document artefact/deliverable for POLICY-ENGINE-38-201 and publish location so downstream tasks can proceed. |
| P12 | PREP-POLICY-ENGINE-40-001-SEVERITY-FUSION-DEP | TODO | Due 2025-11-22 · Accountable: Policy Guild, Concelier Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild, Concelier Guild / src/Policy/StellaOps.Policy.Engine | Severity fusion depends on 38-201 violation event payloads. <br><br> Document artefact/deliverable for POLICY-ENGINE-40-001 and publish location so downstream tasks can proceed. |
| P13 | PREP-POLICY-ENGINE-40-002-CONFLICT-HANDLING-D | TODO | Due 2025-11-22 · Accountable: Policy Guild, Excititor Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild, Excititor Guild / src/Policy/StellaOps.Policy.Engine | Conflict handling depends on 40-001 severity pipeline changes. <br><br> Document artefact/deliverable for POLICY-ENGINE-40-002 and publish location so downstream tasks can proceed. |
| P2 | PREP-POLICY-ENGINE-30-002-SIMULATION-BRIDGE-C | DONE (2025-11-20) | Prep note at `docs/modules/policy/prep/2025-11-20-simulation-bridge-prep.md`; awaits 30-001 overlay hash. | Policy Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine | Simulation bridge cannot proceed until 30-001 overlay schema lands. <br><br> Document artefact/deliverable for POLICY-ENGINE-30-002 and publish location so downstream tasks can proceed. |
| P3 | PREP-POLICY-ENGINE-30-003-CHANGE-EVENTS-DEPEN | DONE (2025-11-20) | Prep note at `docs/modules/policy/prep/2025-11-20-change-events-prep.md`; depends on 30-002 schema + Scheduler subjects. | Policy Guild, Scheduler Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine | Change events depend on simulation bridge (30-002) outputs. <br><br> Document artefact/deliverable for POLICY-ENGINE-30-003 and publish location so downstream tasks can proceed. |
| P4 | PREP-POLICY-ENGINE-30-101-TRUST-WEIGHTING-UI- | DONE (2025-11-20) | Prep note at `docs/modules/policy/prep/2025-11-20-trust-weighting-prep.md`; waits on 30-003 outputs. | Policy Guild / src/Policy/StellaOps.Policy.Engine | Trust weighting UI/API depends on change events + overlays (30-003). <br><br> Document artefact/deliverable for POLICY-ENGINE-30-101 and publish location so downstream tasks can proceed. |
| P5 | PREP-POLICY-ENGINE-31-001-ADVISORY-AI-KNOBS-R | DONE (2025-11-20) | Prep note at `docs/modules/policy/prep/2025-11-20-advisory-ai-knobs-prep.md`; awaits 30-101 weights + AI signal list. | Policy Guild / src/Policy/StellaOps.Policy.Engine | Advisory AI knobs rely on 30-101 trust weighting surfacing. <br><br> Document artefact/deliverable for POLICY-ENGINE-31-001 and publish location so downstream tasks can proceed. |
| P6 | PREP-POLICY-ENGINE-31-002-BATCH-CONTEXT-ENDPO | DONE (2025-11-20) | Prep note at `docs/modules/policy/prep/2025-11-20-batch-context-prep.md`; awaits knobs/overlay hashes. | Policy Guild / src/Policy/StellaOps.Policy.Engine | Batch context endpoint waits on 31-001 knobs. <br><br> Document artefact/deliverable for POLICY-ENGINE-31-002 and publish location so downstream tasks can proceed. |
| P7 | PREP-POLICY-ENGINE-32-101-ORCHESTRATOR-JOB-SC | DONE (2025-11-20) | Prep note at `docs/modules/policy/prep/2025-11-20-orchestrator-job-schema-prep.md`; depends on batch context + Orchestrator envelopes. | Policy Guild / src/Policy/StellaOps.Policy.Engine | Orchestrator job schema depends on 31-002 batch context. <br><br> Document artefact/deliverable for POLICY-ENGINE-32-101 and publish location so downstream tasks can proceed. |
| P8 | PREP-POLICY-ENGINE-33-101-WORKER-IMPLEMENTATI | DONE (2025-11-20) | Prep note at `docs/modules/policy/prep/2025-11-20-worker-implementation-prep.md`; depends on job schema. | Policy Guild / src/Policy/StellaOps.Policy.Engine | Worker implementation depends on 32-101 job schema. <br><br> Document artefact/deliverable for POLICY-ENGINE-33-101 and publish location so downstream tasks can proceed. |
| P9 | PREP-POLICY-ENGINE-34-101-LEDGER-EXPORT-REQUI | DONE (2025-11-20) | Prep note at `docs/modules/policy/prep/2025-11-20-ledger-export-prep.md`; awaits worker outputs + storage decision. | Policy Guild / src/Policy/StellaOps.Policy.Engine | Ledger export requires 33-101 workers. <br><br> Document artefact/deliverable for POLICY-ENGINE-34-101 and publish location so downstream tasks can proceed. |
| P10 | PREP-POLICY-ENGINE-35-201-SNAPSHOT-API-WAITS- | DONE (2025-11-20) | Prep note at `docs/modules/policy/prep/2025-11-20-snapshot-api-prep.md`; depends on ledger export shape. | Policy Guild / src/Policy/StellaOps.Policy.Engine | Snapshot API waits on 34-101 ledger export. <br><br> Document artefact/deliverable for POLICY-ENGINE-35-201 and publish location so downstream tasks can proceed. |
| P11 | PREP-POLICY-ENGINE-38-201-VIOLATION-EVENTS-DE | DONE (2025-11-20) | Prep note at `docs/modules/policy/prep/2025-11-20-violation-events-prep.md`; depends on snapshot stream. | Policy Guild / src/Policy/StellaOps.Policy.Engine | Violation events depend on 35-201 snapshot stream. <br><br> Document artefact/deliverable for POLICY-ENGINE-38-201 and publish location so downstream tasks can proceed. |
| P12 | PREP-POLICY-ENGINE-40-001-SEVERITY-FUSION-DEP | DONE (2025-11-20) | Prep note at `docs/modules/policy/prep/2025-11-20-severity-fusion-prep.md`; awaiting violation events + Concelier ranks. | Policy Guild, Concelier Guild / src/Policy/StellaOps.Policy.Engine | Severity fusion depends on 38-201 violation event payloads. <br><br> Document artefact/deliverable for POLICY-ENGINE-40-001 and publish location so downstream tasks can proceed. |
| P13 | PREP-POLICY-ENGINE-40-002-CONFLICT-HANDLING-D | DONE (2025-11-20) | Prep note at `docs/modules/policy/prep/2025-11-20-conflict-handling-prep.md`; depends on severity fusion. | Policy Guild, Excititor Guild / src/Policy/StellaOps.Policy.Engine | Conflict handling depends on 40-001 severity pipeline changes. <br><br> Document artefact/deliverable for POLICY-ENGINE-40-002 and publish location so downstream tasks can proceed. |
| 1 | POLICY-ENGINE-29-003 | BLOCKED (2025-11-18) | Waiting on upstream POLICY-ENGINE-29-002 contract details; no path/scope schema or sample payloads available. | Policy Guild, SBOM Service Guild / src/Policy/StellaOps.Policy.Engine |
| 2 | POLICY-ENGINE-29-004 | BLOCKED (2025-11-18) | Depends on blocked POLICY-ENGINE-29-003 path/scope contract. | Policy Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine |
| 3 | POLICY-ENGINE-30-001 | BLOCKED (2025-11-18) | PREP-POLICY-ENGINE-30-001-WAITING-ON-29-004-M | Policy Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine |
@@ -50,4 +50,7 @@ Focus: Policy & Reasoning focus on Policy (phase III).
| 2025-11-20 | Drafted policy overlay projection contract (docs/modules/policy/design/policy-overlay-projection.md); pinged Platform/Observability for 29-004 metrics/log schema. | Project Mgmt |
| 2025-11-20 | Pinged Cartographer/Platform for 29-004 metrics/log outputs; recorded draft in policy mirror bundle doc for dependency mapping. | Project Mgmt |
| 2025-11-20 | Verified PREP-POLICY-ENGINE-30-001 still TODO; moved to DOING to draft overlay projection contract (awaiting 29-004 metrics/logging outputs). | Project Mgmt |
| 2025-11-20 | Published prep artefacts for PREP-POLICY-ENGINE-30-002/003/30-101/31-001 under `docs/modules/policy/prep/`; marked P2P5 DONE. | Implementer |
| 2025-11-20 | Published prep artefacts for PREP-POLICY-ENGINE-31-002/32-101/33-101/34-101/35-201 under `docs/modules/policy/prep/`; marked P6P10 DONE. | Implementer |
| 2025-11-20 | Published prep artefacts for PREP-POLICY-ENGINE-38-201/40-001/40-002 under `docs/modules/policy/prep/`; marked P11P13 DONE. | Implementer |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |

10
docs/implplan/SPRINT_401_reachability_evidence_chain.md
View File

@@ -59,5 +59,15 @@ _Theme:_ Finish the provable reachability pipeline (graph CAS → replay → DSS
| QA-CORPUS-401-031 | TODO | Build and publish the multi-runtime reachability corpus (Go/.NET/Python/Rust) with EXPECT.yaml ground truths and captured traces; wire fixtures into CI so reachability scoring and VEX proofs are continuously validated. | QA Guild · Scanner Guild (`tests/reachability`, `docs/reachability/DELIVERY_GUIDE.md`) |
| UI-VEX-401-032 | TODO | Add UI/CLI Explain/Verify surfaces on VEX decisions (show call paths, runtime hits, attestation verify button) and align with reachability evidence output. | UI Guild · CLI Guild · Scanner Guild (`src/UI/StellaOps.UI`, `src/Cli/StellaOps.Cli`, `docs/reachability/function-level-evidence.md`) |
| POLICY-GATE-401-033 | TODO | Enforce policy gate requiring reachability evidence for `not_affected`/`unreachable` VEX outcomes; fall back to under review when symbol confidence is low; update policy docs and tests. | Policy Guild · Scanner Guild (`src/Policy/StellaOps.Policy.Engine`, `docs/policy/dsl.md`, `docs/modules/scanner/architecture.md`) |
| GRAPH-PURL-401-034 | TODO | Annotate call edges with callee purl + `symbol_digest`, update `richgraph-v1` schema/CAS, and surface fields in CLI/UI explainers. | Scanner Worker Guild · Signals Guild (`src/Scanner/StellaOps.Scanner.Worker`, `src/Signals/StellaOps.Signals`, `docs/reachability/purl-resolved-edges.md`) |
| SCANNER-BUILDID-401-035 | TODO | Capture `.note.gnu.build-id` for all ELF targets, thread into `SymbolID`/`code_id`, SBOM exports, and runtime facts; add fixtures for build-id present/absent. | Scanner Worker Guild (`src/Scanner/StellaOps.Scanner.Worker`, `docs/modules/scanner/architecture.md`) |
| SCANNER-INITROOT-401-036 | TODO | Model `.preinit_array`/`.init_array`/`_init` and legacy ctor sections as synthetic graph roots (phase=load) including `DT_NEEDED` deps; persist roots in graph evidence. | Scanner Worker Guild (`src/Scanner/StellaOps.Scanner.Worker`, `docs/modules/scanner/architecture.md`) |
| QA-PORACLE-401-037 | TODO | Add `tests/reachability/patch-oracles/**` fixtures (vuln vs fixed), harness to compare graphs vs `oracle.yml`, and CI job to fail when expected functions/edges are missing. | QA Guild · Scanner Worker Guild (`tests/reachability`, `docs/reachability/patch-oracles.md`) |
> Use `docs/reachability/DELIVERY_GUIDE.md` for architecture context, dependencies, and acceptance tests.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-20 | Added tasks for purl-resolved edges, ELF build-id propagation, init-array roots, and patch-oracle QA harness; aligned docs references. | Planning |

391
docs/implplan/blocked_tree.md
View File

@@ -1,390 +1 @@
# SPRINT_0110_0001_0001_ingestion_evidence.md
- SBOM-AIAI-31-003 [BLOCKED] (SPRINT_110_ingestion_evidence.md:32)
- DOCS-AIAI-31-005/006/008/009 [BLOCKED] (SPRINT_110_ingestion_evidence.md:33)
- CONCELIER-AIRGAP-56-001..58-001 [BLOCKED] (SPRINT_110_ingestion_evidence.md:36)
- CONCELIER-CONSOLE-23-001..003 [BLOCKED] (SPRINT_110_ingestion_evidence.md:37)
- CONCELIER-ATTEST-73-001/002 [BLOCKED] (SPRINT_110_ingestion_evidence.md:38)
- FEEDCONN-ICSCISA-02-012 / KISA-02-008 [BLOCKED] (SPRINT_0110_0001_0001_ingestion_evidence.md:47)
- PREP-FEEDCONN-ICS-KISA-PLAN [TODO] (SPRINT_110_ingestion_evidence.md:26)
# SPRINT_0114_0001_0003_concelier_iii.md
- CONCELIER-OAS-61-001 [BLOCKED] (SPRINT_0114_0001_0003_concelier_iii.md:37)
- PREP-CONCELIER-OAS-61-001-LNM-SCHEMA-FROZEN-2 [TODO] (SPRINT_0114_0001_0003_concelier_iii.md:23)
- CONCELIER-OAS-61-002 [BLOCKED] (SPRINT_0114_0001_0003_concelier_iii.md:38)
- PREP-CONCELIER-OAS-61-002-DEPENDS-ON-61-001-B [TODO] (SPRINT_0114_0001_0003_concelier_iii.md:24)
- CONCELIER-OAS-62-001 [BLOCKED] (SPRINT_0114_0001_0003_concelier_iii.md:39)
- PREP-CONCELIER-OAS-62-001-DEPENDS-ON-61-002-B [TODO] (SPRINT_0114_0001_0003_concelier_iii.md:25)
- CONCELIER-OAS-63-001 [BLOCKED] (SPRINT_0114_0001_0003_concelier_iii.md:40)
- PREP-CONCELIER-OAS-63-001-DEPENDS-ON-62-001-B [TODO] (SPRINT_0114_0001_0003_concelier_iii.md:26)
- CONCELIER-OBS-51-001 [BLOCKED] (SPRINT_0114_0001_0003_concelier_iii.md:41)
- PREP-CONCELIER-OBS-51-001-AWAIT-OBSERVABILITY [TODO] (SPRINT_0114_0001_0003_concelier_iii.md:27)
- CONCELIER-OBS-52-001 [BLOCKED] (SPRINT_0114_0001_0003_concelier_iii.md:42)
- PREP-CONCELIER-OBS-52-001-DEPENDS-ON-51-001-M [TODO] (SPRINT_0114_0001_0003_concelier_iii.md:28)
- CONCELIER-OBS-53-001 [BLOCKED] (SPRINT_0114_0001_0003_concelier_iii.md:43)
- PREP-CONCELIER-OBS-53-001-DEPENDS-ON-52-001-B [TODO] (SPRINT_0114_0001_0003_concelier_iii.md:29)
- CONCELIER-OBS-54-001 [BLOCKED] (SPRINT_0114_0001_0003_concelier_iii.md:44)
- PREP-CONCELIER-OBS-54-001-DEPENDS-ON-OBS-TIME [TODO] (SPRINT_0114_0001_0003_concelier_iii.md:30)
- CONCELIER-OBS-55-001 [BLOCKED] (SPRINT_0114_0001_0003_concelier_iii.md:45)
- PREP-CONCELIER-OBS-55-001-DEPENDS-ON-54-001-I [TODO] (SPRINT_0114_0001_0003_concelier_iii.md:31)
- CONCELIER-ORCH-32-001 [BLOCKED] (SPRINT_0114_0001_0003_concelier_iii.md:46)
- PREP-CONCELIER-ORCH-32-001-ORCHESTRATOR-REGIS [TODO] (SPRINT_0114_0001_0003_concelier_iii.md:32)
- CONCELIER-ORCH-32-002 [BLOCKED] (SPRINT_0114_0001_0003_concelier_iii.md:47)
- PREP-CONCELIER-ORCH-32-002-DEPENDS-ON-32-001 [TODO] (SPRINT_0114_0001_0003_concelier_iii.md:33)
- CONCELIER-ORCH-33-001 [BLOCKED] (SPRINT_0114_0001_0003_concelier_iii.md:48)
- PREP-CONCELIER-ORCH-33-001-DEPENDS-ON-32-002 [TODO] (SPRINT_0114_0001_0003_concelier_iii.md:34)
- CONCELIER-ORCH-34-001 [BLOCKED] (SPRINT_0114_0001_0003_concelier_iii.md:49)
- PREP-CONCELIER-ORCH-34-001-DEPENDS-ON-33-001 [TODO] (SPRINT_0114_0001_0003_concelier_iii.md:35)
- CONCELIER-POLICY-20-001 [BLOCKED] (SPRINT_0114_0001_0003_concelier_iii.md:50)
- PREP-CONCELIER-POLICY-20-001-LNM-APIS-NOT-EXP [TODO] (SPRINT_0114_0001_0003_concelier_iii.md:36)
# SPRINT_0115_0001_0004_concelier_iv.md
- CONCELIER-RISK-66-001 [BLOCKED] (SPRINT_0115_0001_0004_concelier_iv.md:31)
- POLICY-AUTH-SIGNALS-LIB-115 [DOING] (SPRINT_0115_0001_0004_concelier_iv.md:26)
- CONCELIER-RISK-66-002 [BLOCKED] (SPRINT_0115_0001_0004_concelier_iv.md:32)
- POLICY-AUTH-SIGNALS-LIB-115 [DOING] (SPRINT_0115_0001_0004_concelier_iv.md:26)
- CONCELIER-RISK-67-001 [BLOCKED] (SPRINT_0115_0001_0004_concelier_iv.md:33)
- POLICY-AUTH-SIGNALS-LIB-115 [DOING] (SPRINT_0115_0001_0004_concelier_iv.md:26)
- CONCELIER-RISK-68-001 [BLOCKED] (SPRINT_0115_0001_0004_concelier_iv.md:34)
- POLICY-AUTH-SIGNALS-LIB-115 [DOING] (SPRINT_0115_0001_0004_concelier_iv.md:26)
- POLICY-RISK-68-001 [TODO] (SPRINT_0128_0001_0001_policy_reasoning.md:24)
- CONCELIER-RISK-69-001 [BLOCKED] (SPRINT_0115_0001_0004_concelier_iv.md:35)
- POLICY-AUTH-SIGNALS-LIB-115 [DOING] (SPRINT_0115_0001_0004_concelier_iv.md:26)
- CONCELIER-SIG-26-001 [BLOCKED] (SPRINT_0115_0001_0004_concelier_iv.md:36)
- POLICY-AUTH-SIGNALS-LIB-115 [DOING] (SPRINT_0115_0001_0004_concelier_iv.md:26)
- SIGNALS-24-002 [DOING (2025-11-07)] (SPRINT_0143_0000_0001_signals.md:24)
- SIGNALS-24-001 [DONE (2025-11-09)] (SPRINT_0143_0000_0001_signals.md:23)
- CONCELIER-STORE-AOC-19-005 [BLOCKED (2025-11-04)] (SPRINT_0115_0001_0004_concelier_iv.md:37)
- PREP-CONCELIER-CORE-AOC-19-004 [TODO] (SPRINT_0115_0001_0004_concelier_iv.md:23)
- CONCELIER-TEN-48-001 [BLOCKED] (SPRINT_0115_0001_0004_concelier_iv.md:38)
- POLICY-AUTH-SIGNALS-LIB-115 [DOING] (SPRINT_0115_0001_0004_concelier_iv.md:26)
- PREP-AUTH-TEN-47-001 [TODO] (SPRINT_0115_0001_0004_concelier_iv.md:24)
- CONCELIER-VEXLENS-30-001 [BLOCKED] (SPRINT_0115_0001_0004_concelier_iv.md:39)
- PREP-CONCELIER-VULN-29-001 [TODO] (SPRINT_0115_0001_0004_concelier_iv.md:25)
- VEXLENS-30-005 [TODO] (SPRINT_0129_0001_0001_policy_reasoning.md:42)
# SPRINT_0119_0001_0001_excititor_i.md
- EXCITITOR-AIRGAP-56-001 [TODO] (SPRINT_0119_0001_0005_excititor_v.md:30)
- EXCITITOR-AIRGAP-57-001 [BLOCKED] (SPRINT_0119_0001_0001_excititor_i.md:35)
- PREP-EXCITITOR-AIRGAP-57-001-BLOCKED-ON-56-00 [TODO] (SPRINT_0119_0001_0001_excititor_i.md:26)
- EXCITITOR-AIRGAP-58-001 [TODO] (SPRINT_0119_0001_0005_excititor_v.md:31)
- EXCITITOR-CONN-TRUST-01-001 [BLOCKED] (SPRINT_0119_0001_0001_excititor_i.md:40)
- PREP-EXCITITOR-CONN-TRUST-01-001-CONNECTOR-SI [TODO] (SPRINT_0119_0001_0001_excititor_i.md:28)
# SPRINT_0119_0001_0002_excititor_ii.md
- EXCITITOR-CONSOLE-23-001 [BLOCKED (2025-11-17)] (SPRINT_0119_0001_0002_excititor_ii.md:44)
- PREP-EXCITITOR-CONSOLE-23-001-AWAITING-CONCRE [TODO] (SPRINT_0119_0001_0002_excititor_ii.md:25)
- EXCITITOR-CONSOLE-23-002 [BLOCKED (2025-11-17)] (SPRINT_0119_0001_0002_excititor_ii.md:45)
- PREP-EXCITITOR-CONSOLE-23-002-DEPENDS-ON-23-0 [TODO] (SPRINT_0119_0001_0002_excititor_ii.md:26)
- EXCITITOR-CONSOLE-23-003 [BLOCKED (2025-11-17)] (SPRINT_0119_0001_0002_excititor_ii.md:46)
- PREP-EXCITITOR-CONSOLE-23-003-DEPENDS-ON-23-0 [TODO] (SPRINT_0119_0001_0002_excititor_ii.md:27)
- EXCITITOR-CORE-AOC-19-002 [BLOCKED (2025-11-17)] (SPRINT_0119_0001_0002_excititor_ii.md:47)
- PREP-EXCITITOR-CORE-AOC-19-002-LINKSET-EXTRAC [TODO] (SPRINT_0119_0001_0002_excititor_ii.md:28)
- EXCITITOR-CORE-AOC-19-003 [BLOCKED (2025-11-17)] (SPRINT_0119_0001_0002_excititor_ii.md:48)
- PREP-EXCITITOR-CORE-AOC-19-003-BLOCKED-ON-19 [TODO] (SPRINT_0119_0001_0002_excititor_ii.md:29)
- EXCITITOR-CORE-AOC-19-004 [BLOCKED (2025-11-17)] (SPRINT_0119_0001_0002_excititor_ii.md:49)
- PREP-EXCITITOR-CORE-AOC-19-004-REMOVE-CONSENS [TODO] (SPRINT_0119_0001_0002_excititor_ii.md:30)
- EXCITITOR-CORE-AOC-19-013 [BLOCKED (2025-11-17)] (SPRINT_0119_0001_0002_excititor_ii.md:50)
- PREP-EXCITITOR-CORE-AOC-19-013-SEED-TENANT-AW [TODO] (SPRINT_0119_0001_0002_excititor_ii.md:31)
- EXCITITOR-GRAPH-21-001 [BLOCKED (2025-10-27)] (SPRINT_0119_0001_0002_excititor_ii.md:51)
- PREP-EXCITITOR-GRAPH-21-001-NEEDS-CARTOGRAPHE [TODO] (SPRINT_0119_0001_0002_excititor_ii.md:32)
- EXCITITOR-GRAPH-21-002 [BLOCKED (2025-10-27)] (SPRINT_0119_0001_0002_excititor_ii.md:52)
- PREP-EXCITITOR-GRAPH-21-002-BLOCKED-ON-21-001 [TODO] (SPRINT_0119_0001_0002_excititor_ii.md:33)
- EXCITITOR-GRAPH-21-005 [BLOCKED (2025-10-27)] (SPRINT_0119_0001_0002_excititor_ii.md:53)
- PREP-EXCITITOR-GRAPH-21-005-BLOCKED-ON-21-002 [TODO] (SPRINT_0119_0001_0002_excititor_ii.md:34)
- EXCITITOR-GRAPH-24-101 [BLOCKED (2025-11-17)] (SPRINT_0119_0001_0002_excititor_ii.md:54)
- PREP-EXCITITOR-GRAPH-24-101-WAIT-FOR-21-005-I [TODO] (SPRINT_0119_0001_0002_excititor_ii.md:35)
- EXCITITOR-GRAPH-24-102 [BLOCKED (2025-11-17)] (SPRINT_0119_0001_0002_excititor_ii.md:55)
- PREP-EXCITITOR-GRAPH-24-102-DEPENDS-ON-24-101 [TODO] (SPRINT_0119_0001_0002_excititor_ii.md:36)
- Console APIs [BLOCKED (await contract; LNM view spec needed)] (SPRINT_0119_0001_0002_excititor_ii.md:62)
- Ingestion idempotency [BLOCKED (linkset schema pending)] (SPRINT_0119_0001_0002_excititor_ii.md:63)
- Consensus removal [BLOCKED (depends on 19-002/003)] (SPRINT_0119_0001_0002_excititor_ii.md:64)
- Graph overlays [BLOCKED (awaiting Cartographer contract)] (SPRINT_0119_0001_0002_excititor_ii.md:65)
# SPRINT_0120_0000_0001_policy_reasoning.md
- LEDGER-29-008 [BLOCKED] (SPRINT_0120_0000_0001_policy_reasoning.md:46)
- PREP-LEDGER-29-008-AWAIT-OBSERVABILITY-SCHEMA [TODO] (SPRINT_0120_0000_0001_policy_reasoning.md:42)
- LEDGER-29-009 [BLOCKED] (SPRINT_0120_0000_0001_policy_reasoning.md:47)
- LEDGER-29-008 [BLOCKED] (SPRINT_0120_0000_0001_policy_reasoning.md:46)
- PREP-LEDGER-29-008-AWAIT-OBSERVABILITY-SCHEMA [TODO] (SPRINT_0120_0000_0001_policy_reasoning.md:42)
- LEDGER-34-101 [BLOCKED] (SPRINT_0120_0000_0001_policy_reasoning.md:48)
- PREP-LEDGER-34-101-ORCHESTRATOR-LEDGER-EXPORT [TODO] (SPRINT_0120_0000_0001_policy_reasoning.md:43)
- LEDGER-AIRGAP-56-001 [BLOCKED] (SPRINT_0120_0000_0001_policy_reasoning.md:49)
- PREP-LEDGER-AIRGAP-56-001-MIRROR-BUNDLE-SCHEM [TODO] (SPRINT_0120_0000_0001_policy_reasoning.md:44)
- LEDGER-AIRGAP-56-002 [BLOCKED] (SPRINT_0120_0000_0001_policy_reasoning.md:50)
- LEDGER-AIRGAP-56-001 [BLOCKED] (SPRINT_0120_0000_0001_policy_reasoning.md:49)
- PREP-LEDGER-AIRGAP-56-001-MIRROR-BUNDLE-SCHEM [TODO] (SPRINT_0120_0000_0001_policy_reasoning.md:44)
- LEDGER-AIRGAP-57-001 [BLOCKED] (SPRINT_0120_0000_0001_policy_reasoning.md:51)
- LEDGER-AIRGAP-56-002 [BLOCKED] (SPRINT_0120_0000_0001_policy_reasoning.md:50)
- LEDGER-AIRGAP-56-001 [BLOCKED] (SPRINT_0120_0000_0001_policy_reasoning.md:49)
- LEDGER-AIRGAP-58-001 [BLOCKED] (SPRINT_0120_0000_0001_policy_reasoning.md:52)
- LEDGER-AIRGAP-57-001 [BLOCKED] (SPRINT_0120_0000_0001_policy_reasoning.md:51)
- LEDGER-AIRGAP-56-002 [BLOCKED] (SPRINT_0120_0000_0001_policy_reasoning.md:50)
- LEDGER-ATTEST-73-001 [BLOCKED] (SPRINT_0120_0000_0001_policy_reasoning.md:53)
- NOTIFY-ATTEST-74-001 [**DOING (2025-11-12)**] (SPRINT_171_notifier_i.md:10)
# SPRINT_0123_0001_0001_policy_reasoning.md
- EXPORT-CONSOLE-23-001 [BLOCKED] (SPRINT_0123_0001_0001_policy_reasoning.md:38)
- PREP-EXPORT-CONSOLE-23-001-MISSING-EXPORT-BUN [TODO] (SPRINT_123_policy_reasoning.md:13)
- POLICY-AIRGAP-56-001 [BLOCKED] (SPRINT_0123_0001_0001_policy_reasoning.md:39)
- PREP-POLICY-AIRGAP-56-001-MIRROR-BUNDLE-SCHEM [TODO] (SPRINT_123_policy_reasoning.md:14)
- POLICY-AIRGAP-56-002 [BLOCKED] (SPRINT_0123_0001_0001_policy_reasoning.md:40)
- PREP-POLICY-AIRGAP-56-002-DEPENDS-ON-56-001-B [TODO] (SPRINT_123_policy_reasoning.md:15)
- POLICY-AIRGAP-57-001 [BLOCKED] (SPRINT_0123_0001_0001_policy_reasoning.md:41)
- PREP-POLICY-AIRGAP-57-001-REQUIRES-SEALED-MOD [TODO] (SPRINT_123_policy_reasoning.md:16)
- POLICY-AIRGAP-57-002 [BLOCKED] (SPRINT_0123_0001_0001_policy_reasoning.md:42)
- PREP-POLICY-AIRGAP-57-002-NEEDS-STALENESS-FAL [TODO] (SPRINT_123_policy_reasoning.md:17)
- POLICY-AIRGAP-58-001 [BLOCKED] (SPRINT_0123_0001_0001_policy_reasoning.md:43)
- PREP-POLICY-AIRGAP-58-001-NOTIFICATION-SCHEMA [TODO] (SPRINT_123_policy_reasoning.md:18)
- POLICY-AOC-19-001 [BLOCKED] (SPRINT_0123_0001_0001_policy_reasoning.md:44)
- PREP-POLICY-AOC-19-001-LINTING-TARGETS-SPEC-A [TODO] (SPRINT_0123_0001_0001_policy_reasoning.md:29)
- POLICY-AOC-19-002 [BLOCKED] (SPRINT_0123_0001_0001_policy_reasoning.md:45)
- PREP-POLICY-AOC-19-002-DEPENDS-ON-19-001-LINT [TODO] (SPRINT_123_policy_reasoning.md:20)
- POLICY-AOC-19-003 [BLOCKED] (SPRINT_0123_0001_0001_policy_reasoning.md:46)
- PREP-POLICY-AOC-19-003-REQUIRES-POST-19-002-N [TODO] (SPRINT_0123_0001_0001_policy_reasoning.md:31)
- POLICY-AOC-19-004 [BLOCKED] (SPRINT_0123_0001_0001_policy_reasoning.md:47)
- PREP-POLICY-AOC-19-004-DEPENDS-ON-19-003-SHAP [TODO] (SPRINT_0123_0001_0001_policy_reasoning.md:32)
- POLICY-ATTEST-73-001 [BLOCKED] (SPRINT_0123_0001_0001_policy_reasoning.md:48)
- PREP-POLICY-ATTEST-73-001-VERIFICATIONPOLICY [TODO] (SPRINT_0123_0001_0001_policy_reasoning.md:33)
- POLICY-ATTEST-73-002 [BLOCKED] (SPRINT_0123_0001_0001_policy_reasoning.md:49)
- PREP-POLICY-ATTEST-73-002-DEPENDS-ON-73-001-E [TODO] (SPRINT_123_policy_reasoning.md:24)
- POLICY-ATTEST-74-001 [BLOCKED] (SPRINT_0123_0001_0001_policy_reasoning.md:50)
- PREP-POLICY-ATTEST-74-001-REQUIRES-73-002-ATT [TODO] (SPRINT_0123_0001_0001_policy_reasoning.md:35)
- POLICY-ATTEST-74-002 [BLOCKED] (SPRINT_0123_0001_0001_policy_reasoning.md:51)
- PREP-POLICY-ATTEST-74-002-NEEDS-74-001-SURFAC [TODO] (SPRINT_123_policy_reasoning.md:26)
- POLICY-CONSOLE-23-001 [BLOCKED] (SPRINT_0123_0001_0001_policy_reasoning.md:52)
- PREP-POLICY-CONSOLE-23-001-CONSOLE-API-CONTRA [TODO] (SPRINT_0123_0001_0001_policy_reasoning.md:37)
# SPRINT_0125_0001_0001_mirror.md
- MIRROR-CRT-56-001 [BLOCKED] (SPRINT_110_ingestion_evidence.md:46)
- MIRROR-CRT-56-002 [BLOCKED] (SPRINT_110_ingestion_evidence.md:47)
- MIRROR-CRT-57-001 [BLOCKED] (SPRINT_0125_0001_0001_mirror.md:26)
- MIRROR-CRT-56-001 [BLOCKED] (SPRINT_110_ingestion_evidence.md:46)
- MIRROR-CRT-57-002 [BLOCKED] (SPRINT_0125_0001_0001_mirror.md:27)
- MIRROR-CRT-56-002 [BLOCKED] (SPRINT_110_ingestion_evidence.md:47)
- AIRGAP-TIME-57-001 [BLOCKED] (SPRINT_0510_0001_0001_airgap.md:41)
- PREP-AIRGAP-TIME-57-001-TIME-COMPONENT-SCAFFO [TODO] (SPRINT_0510_0001_0001_airgap.md:29)
- MIRROR-CRT-58-001 [BLOCKED] (SPRINT_0125_0001_0001_mirror.md:28)
- MIRROR-CRT-56-002 [BLOCKED] (SPRINT_110_ingestion_evidence.md:47)
- CLI-AIRGAP-56-001 [TODO] (SPRINT_201_cli_i.md:14)
- MIRROR-CRT-58-002 [BLOCKED] (SPRINT_0125_0001_0001_mirror.md:29)
- MIRROR-CRT-56-002 [BLOCKED] (SPRINT_110_ingestion_evidence.md:47)
- EXPORT-OBS-54-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:38)
- EXPORT-OBS-53-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:37)
- EXPORT-OBS-51-001 / 54-001 [BLOCKED] (SPRINT_0125_0001_0001_mirror.md:30)
- MIRROR-CRT-56-001 [BLOCKED] (SPRINT_110_ingestion_evidence.md:46)
- AIRGAP-TIME-57-001 [BLOCKED] (SPRINT_0510_0001_0001_airgap.md:41)
- PREP-AIRGAP-TIME-57-001-TIME-COMPONENT-SCAFFO [TODO] (SPRINT_0510_0001_0001_airgap.md:29)
- CLI-AIRGAP-56-001 [TODO] (SPRINT_201_cli_i.md:14)
- PROV-OBS-53-001 [DONE (2025-11-17)] (SPRINT_513_provenance.md:10)
# SPRINT_0125_0001_0001_policy_reasoning.md
- POLICY-ENGINE-29-003 [BLOCKED (2025-11-18)] (SPRINT_0125_0001_0001_policy_reasoning.md:35)
- PREP-POLICY-ENGINE-29-002-PATH-SCOPE-SCHEMA [TODO] (SPRINT_0125_0001_0001_policy_reasoning.md:20)
- POLICY-ENGINE-29-004 [BLOCKED (2025-11-18)] (SPRINT_0125_0001_0001_policy_reasoning.md:36)
- PREP-POLICY-ENGINE-29-004-DEPENDS-ON-29-003 [TODO] (SPRINT_0125_0001_0001_policy_reasoning.md:21)
- POLICY-ENGINE-30-001 [BLOCKED (2025-11-18)] (SPRINT_0125_0001_0001_policy_reasoning.md:37)
- PREP-POLICY-ENGINE-30-001-NEEDS-29-004-OUTPUT [TODO] (SPRINT_0125_0001_0001_policy_reasoning.md:22)
- POLICY-ENGINE-30-002 [BLOCKED (2025-11-18)] (SPRINT_0125_0001_0001_policy_reasoning.md:38)
- PREP-POLICY-ENGINE-30-002-DEPENDS-ON-30-001 [TODO] (SPRINT_0125_0001_0001_policy_reasoning.md:23)
- POLICY-ENGINE-30-003 [BLOCKED (2025-11-18)] (SPRINT_0125_0001_0001_policy_reasoning.md:39)
- PREP-POLICY-ENGINE-30-003-DEPENDS-ON-30-002 [TODO] (SPRINT_0125_0001_0001_policy_reasoning.md:24)
- POLICY-ENGINE-30-101 [BLOCKED (2025-11-18)] (SPRINT_0125_0001_0001_policy_reasoning.md:40)
- PREP-POLICY-ENGINE-30-101-DEPENDS-ON-30-003 [TODO] (SPRINT_0125_0001_0001_policy_reasoning.md:25)
- POLICY-ENGINE-31-001 [BLOCKED (2025-11-18)] (SPRINT_0125_0001_0001_policy_reasoning.md:41)
- PREP-POLICY-ENGINE-31-001-DEPENDS-ON-30-101 [TODO] (SPRINT_0125_0001_0001_policy_reasoning.md:26)
- POLICY-ENGINE-31-002 [BLOCKED (2025-11-18)] (SPRINT_0125_0001_0001_policy_reasoning.md:42)
- PREP-POLICY-ENGINE-31-002-DEPENDS-ON-31-001 [TODO] (SPRINT_0125_0001_0001_policy_reasoning.md:27)
- POLICY-ENGINE-32-101 [BLOCKED (2025-11-18)] (SPRINT_0125_0001_0001_policy_reasoning.md:43)
- PREP-POLICY-ENGINE-32-101-DEPENDS-ON-31-002 [TODO] (SPRINT_0125_0001_0001_policy_reasoning.md:28)
- POLICY-ENGINE-33-101 [BLOCKED (2025-11-18)] (SPRINT_0125_0001_0001_policy_reasoning.md:44)
- PREP-POLICY-ENGINE-33-101-DEPENDS-ON-32-101 [TODO] (SPRINT_0125_0001_0001_policy_reasoning.md:29)
- POLICY-ENGINE-34-101 [BLOCKED (2025-11-18)] (SPRINT_0125_0001_0001_policy_reasoning.md:45)
- PREP-POLICY-ENGINE-34-101-DEPENDS-ON-33-101 [TODO] (SPRINT_0125_0001_0001_policy_reasoning.md:30)
- POLICY-ENGINE-35-201 [BLOCKED (2025-11-18)] (SPRINT_0125_0001_0001_policy_reasoning.md:46)
- PREP-POLICY-ENGINE-35-201-DEPENDS-ON-34-101 [TODO] (SPRINT_0125_0001_0001_policy_reasoning.md:31)
- POLICY-ENGINE-38-201 [BLOCKED (2025-11-18)] (SPRINT_0125_0001_0001_policy_reasoning.md:47)
- PREP-POLICY-ENGINE-38-201-DEPENDS-ON-35-201 [TODO] (SPRINT_0125_0001_0001_policy_reasoning.md:32)
- POLICY-ENGINE-40-001 [BLOCKED (2025-11-18)] (SPRINT_0125_0001_0001_policy_reasoning.md:48)
- PREP-POLICY-ENGINE-40-001-DEPENDS-ON-38-201 [TODO] (SPRINT_0125_0001_0001_policy_reasoning.md:33)
- POLICY-ENGINE-40-002 [BLOCKED (2025-11-18)] (SPRINT_0125_0001_0001_policy_reasoning.md:49)
- PREP-POLICY-ENGINE-40-002-DEPENDS-ON-40-001 [TODO] (SPRINT_0125_0001_0001_policy_reasoning.md:34)
# SPRINT_0138_0000_0001_scanner_ruby_parity.md
- SCANNER-ENG-0010 [BLOCKED] (SPRINT_0138_0000_0001_scanner_ruby_parity.md:29)
- PREP-SCANNER-ENG-0010-AWAIT-COMPOSER-AUTOLOAD [TODO] (SPRINT_0138_0000_0001_scanner_ruby_parity.md:22)
- SCANNER-ENG-0011 [BLOCKED] (SPRINT_0138_0000_0001_scanner_ruby_parity.md:30)
- PREP-SCANNER-ENG-0011-NEEDS-DENO-RUNTIME-ANAL [TODO] (SPRINT_0138_0000_0001_scanner_ruby_parity.md:23)
- SCANNER-ENG-0012 [BLOCKED] (SPRINT_0138_0000_0001_scanner_ruby_parity.md:31)
- PREP-SCANNER-ENG-0012-DEFINE-DART-ANALYZER-RE [TODO] (SPRINT_0138_0000_0001_scanner_ruby_parity.md:24)
- SCANNER-ENG-0013 [BLOCKED] (SPRINT_0138_0000_0001_scanner_ruby_parity.md:32)
- PREP-SCANNER-ENG-0013-DRAFT-SWIFTPM-COVERAGE [TODO] (SPRINT_0138_0000_0001_scanner_ruby_parity.md:25)
- SCANNER-ENG-0014 [BLOCKED] (SPRINT_0138_0000_0001_scanner_ruby_parity.md:33)
- PREP-SCANNER-ENG-0014-NEEDS-JOINT-ROADMAP-WIT [TODO] (SPRINT_0138_0000_0001_scanner_ruby_parity.md:26)
# SPRINT_0141_0001_0001_graph_indexer.md
- GRAPH-INDEX-28-007 [BLOCKED] (SPRINT_0141_0001_0001_graph_indexer.md:28)
- PREP-GRAPH-INDEX-28-006-OVERLAYS [TODO] (SPRINT_0141_0001_0001_graph_indexer.md:24)
- GRAPH-INDEX-28-008 [BLOCKED] (SPRINT_0141_0001_0001_graph_indexer.md:29)
- PREP-GRAPH-INDEX-28-008-UNBLOCK-AFTER-28-007 [TODO] (SPRINT_0141_0001_0001_graph_indexer.md:25)
- GRAPH-INDEX-28-009 [BLOCKED] (SPRINT_0141_0001_0001_graph_indexer.md:30)
- PREP-GRAPH-INDEX-28-009-DOWNSTREAM-OF-28-008 [TODO] (SPRINT_0141_0001_0001_graph_indexer.md:26)
- GRAPH-INDEX-28-010 [BLOCKED] (SPRINT_0141_0001_0001_graph_indexer.md:31)
- PREP-GRAPH-INDEX-28-010-NEEDS-OUTPUTS-FROM-28 [TODO] (SPRINT_0141_0001_0001_graph_indexer.md:27)
# SPRINT_0156_0001_0002_scheduler_ii.md
- SCHED-WORKER-26-202 [BLOCKED] (SPRINT_0156_0001_0002_scheduler_ii.md:24)
- SCHED-WORKER-26-201 [BLOCKED] (SPRINT_0155_0001_0001_scheduler_i.md:35)
- SCHED-WORKER-25-102 [BLOCKED] (SPRINT_0155_0001_0001_scheduler_i.md:34)
- SCHED-WORKER-27-301 [BLOCKED] (SPRINT_0156_0001_0002_scheduler_ii.md:25)
- SCHED-WORKER-26-202 [BLOCKED] (SPRINT_0156_0001_0002_scheduler_ii.md:24)
- SCHED-WORKER-26-201 [BLOCKED] (SPRINT_0155_0001_0001_scheduler_i.md:35)
- SCHED-WORKER-27-302 [BLOCKED] (SPRINT_0156_0001_0002_scheduler_ii.md:26)
- SCHED-WORKER-27-301 [BLOCKED] (SPRINT_0156_0001_0002_scheduler_ii.md:25)
- SCHED-WORKER-26-202 [BLOCKED] (SPRINT_0156_0001_0002_scheduler_ii.md:24)
- SCHED-WORKER-27-303 [BLOCKED] (SPRINT_0156_0001_0002_scheduler_ii.md:27)
- SCHED-WORKER-27-302 [BLOCKED] (SPRINT_0156_0001_0002_scheduler_ii.md:26)
- SCHED-WORKER-27-301 [BLOCKED] (SPRINT_0156_0001_0002_scheduler_ii.md:25)
- SCHED-WORKER-29-001 [BLOCKED] (SPRINT_0156_0001_0002_scheduler_ii.md:28)
- SCHED-WORKER-27-303 [BLOCKED] (SPRINT_0156_0001_0002_scheduler_ii.md:27)
- SCHED-WORKER-27-302 [BLOCKED] (SPRINT_0156_0001_0002_scheduler_ii.md:26)
- SCHED-WORKER-29-002 [BLOCKED] (SPRINT_0156_0001_0002_scheduler_ii.md:29)
- SCHED-WORKER-29-001 [BLOCKED] (SPRINT_0156_0001_0002_scheduler_ii.md:28)
- SCHED-WORKER-27-303 [BLOCKED] (SPRINT_0156_0001_0002_scheduler_ii.md:27)
- SCHED-WORKER-29-003 [BLOCKED] (SPRINT_0156_0001_0002_scheduler_ii.md:30)
- SCHED-WORKER-29-002 [BLOCKED] (SPRINT_0156_0001_0002_scheduler_ii.md:29)
- SCHED-WORKER-29-001 [BLOCKED] (SPRINT_0156_0001_0002_scheduler_ii.md:28)
- SCHED-WORKER-CONSOLE-23-201 [BLOCKED] (SPRINT_0156_0001_0002_scheduler_ii.md:31)
- PREP-SCHED-WORKER-CONSOLE-23-201-BLOCKED-BY-U [TODO] (SPRINT_0156_0001_0002_scheduler_ii.md:22)
- SCHED-WORKER-CONSOLE-23-202 [BLOCKED] (SPRINT_0156_0001_0002_scheduler_ii.md:32)
- SCHED-WORKER-CONSOLE-23-201 [BLOCKED] (SPRINT_0156_0001_0002_scheduler_ii.md:31)
- PREP-SCHED-WORKER-CONSOLE-23-201-BLOCKED-BY-U [TODO] (SPRINT_0156_0001_0002_scheduler_ii.md:22)
# SPRINT_0160_0001_0001_export_evidence.md
- 160.C TimelineIndexer snapshot [BLOCKED] (SPRINT_0160_0001_0001_export_evidence.md:32)
- TIMELINE-OBS-52-001 [TODO] (SPRINT_165_timelineindexer.md:10)
# SPRINT_0161_0001_0001_evidencelocker.md
- EVID-REPLAY-187-001 [TODO] (SPRINT_187_evidence_locker_cli_integration.md:9)
- CLI-REPLAY-187-002 [TODO] (SPRINT_187_evidence_locker_cli_integration.md:10)
- RUNBOOK-REPLAY-187-004 [TODO] (SPRINT_187_evidence_locker_cli_integration.md:12)
# SPRINT_0163_0001_0001_exportcenter_ii.md
- EXPORT-OAS-63-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:33)
- EXPORT-OAS-61-001 [BLOCKED] (SPRINT_0162_0001_0001_exportcenter_i.md:47)
- PREP-EXPORT-OAS-61-001-NEEDS-STABLE-EXPORT-SU [TODO] (SPRINT_0162_0001_0001_exportcenter_i.md:33)
- EXPORT-OAS-62-001 [BLOCKED] (SPRINT_0162_0001_0001_exportcenter_i.md:49)
- PREP-EXPORT-OAS-62-001-DEPENDS-ON-61-002 [TODO] (SPRINT_0162_0001_0001_exportcenter_i.md:35)
- EXPORT-OBS-50-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:34)
- PREP-EXPORT-OBS-50-001-WAIT-FOR-EXPORTER-SERV [TODO] (SPRINT_0163_0001_0001_exportcenter_ii.md:23)
- EXPORT-OBS-51-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:35)
- EXPORT-OBS-50-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:34)
- PREP-EXPORT-OBS-50-001-WAIT-FOR-EXPORTER-SERV [TODO] (SPRINT_0163_0001_0001_exportcenter_ii.md:23)
- EXPORT-OBS-52-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:36)
- EXPORT-OBS-51-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:35)
- EXPORT-OBS-50-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:34)
- PREP-EXPORT-NOTIFY-SCHEMA-OBS-52 [TODO] (SPRINT_0163_0001_0001_exportcenter_ii.md:30)
- EXPORT-OBS-53-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:37)
- EXPORT-OBS-52-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:36)
- EXPORT-OBS-51-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:35)
- PREP-EXPORT-NOTIFY-SCHEMA-OBS-52 [TODO] (SPRINT_0163_0001_0001_exportcenter_ii.md:30)
- EXPORT-OBS-54-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:38)
- EXPORT-OBS-53-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:37)
- EXPORT-OBS-52-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:36)
- EXPORT-OBS-54-002 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:39)
- EXPORT-OBS-54-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:38)
- EXPORT-OBS-53-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:37)
- PROV-OBS-53-003 [BLOCKED] (SPRINT_513_provenance.md:12)
- EXPORT-OBS-55-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:40)
- EXPORT-OBS-54-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:38)
- EXPORT-OBS-53-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:37)
- EXPORT-RISK-69-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:41)
- PREP-EXPORT-RISK-69-001-AWAIT-PHASE-I-ARTIFAC [TODO] (SPRINT_0163_0001_0001_exportcenter_ii.md:24)
- EXPORT-RISK-69-002 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:42)
- EXPORT-RISK-69-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:41)
- PREP-EXPORT-RISK-69-001-AWAIT-PHASE-I-ARTIFAC [TODO] (SPRINT_0163_0001_0001_exportcenter_ii.md:24)
- EXPORT-RISK-70-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:43)
- EXPORT-RISK-69-002 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:42)
- EXPORT-RISK-69-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:41)
- EXPORT-SVC-35-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:44)
- PREP-EXPORT-SVC-35-001-NEEDS-PHASE-I-READINES [TODO] (SPRINT_0163_0001_0001_exportcenter_ii.md:25)
- EXPORT-SVC-35-002 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:45)
- PREP-EXPORT-SVC-35-002-DEPENDS-ON-35-001 [TODO] (SPRINT_0163_0001_0001_exportcenter_ii.md:26)
- EXPORT-SVC-35-003 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:46)
- PREP-EXPORT-SVC-35-003-DEPENDS-ON-35-002 [TODO] (SPRINT_0163_0001_0001_exportcenter_ii.md:27)
- EXPORT-SVC-35-004 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:47)
- PREP-EXPORT-SVC-35-004-DEPENDS-ON-35-003 [TODO] (SPRINT_0163_0001_0001_exportcenter_ii.md:28)
- EXPORT-SVC-35-005 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:48)
- PREP-EXPORT-SVC-35-005-DEPENDS-ON-35-004 [TODO] (SPRINT_0163_0001_0001_exportcenter_ii.md:29)
- EXPORT-CRYPTO-90-001 [BLOCKED] (SPRINT_0163_0001_0001_exportcenter_ii.md:49)
- PREP-EXPORT-CRYPTO-90-001-PENDING-NOV-18-CRYP [TODO] (SPRINT_0163_0001_0001_exportcenter_ii.md:31)
# SPRINT_0171_0001_0001_notifier_i.md
- NOTIFY-OBS-51-001 [TODO] (SPRINT_171_notifier_i.md:16)
# SPRINT_0174_0001_0001_telemetry.md
- TELEMETRY-OBS-50-002 [TODO] (SPRINT_174_telemetry.md:11)
- TELEMETRY-OBS-50-001 [**DOING (2025-11-12)**] (SPRINT_174_telemetry.md:10)
- TELEMETRY-OBS-51-001 [TODO] (SPRINT_174_telemetry.md:12)
- TELEMETRY-OBS-50-002 [TODO] (SPRINT_174_telemetry.md:11)
- TELEMETRY-OBS-50-001 [**DOING (2025-11-12)**] (SPRINT_174_telemetry.md:10)
- TELEMETRY-OBS-51-002 [TODO] (SPRINT_174_telemetry.md:13)
- TELEMETRY-OBS-51-001 [TODO] (SPRINT_174_telemetry.md:12)
- TELEMETRY-OBS-50-002 [TODO] (SPRINT_174_telemetry.md:11)
- TELEMETRY-OBS-55-001 [TODO] (SPRINT_174_telemetry.md:14)
- TELEMETRY-OBS-51-002 [TODO] (SPRINT_174_telemetry.md:13)
- TELEMETRY-OBS-51-001 [TODO] (SPRINT_174_telemetry.md:12)
- TELEMETRY-OBS-56-001 [TODO] (SPRINT_174_telemetry.md:15)
- TELEMETRY-OBS-55-001 [TODO] (SPRINT_174_telemetry.md:14)
- TELEMETRY-OBS-51-002 [TODO] (SPRINT_174_telemetry.md:13)
# SPRINT_0215_0001_0001_web_iv.md
- WEB-POLICY-23-001 [BLOCKED (2025-10-29)] (SPRINT_0215_0001_0001_web_iv.md:30)
- WEB-POLICY-20-004 [TODO] (SPRINT_0215_0001_0001_web_iv.md:29)
- WEB-POLICY-20-003 [TODO] (SPRINT_0215_0001_0001_web_iv.md:28)
- WEB-POLICY-23-002 [BLOCKED (2025-10-29)] (SPRINT_0215_0001_0001_web_iv.md:31)
- WEB-POLICY-23-001 [BLOCKED (2025-10-29)] (SPRINT_0215_0001_0001_web_iv.md:30)
- WEB-POLICY-20-004 [TODO] (SPRINT_0215_0001_0001_web_iv.md:29)
# SPRINT_0509_0001_0001_samples.md
- SAMPLES-LNM-22-001 [BLOCKED] (SPRINT_0509_0001_0001_samples.md:26)
- PREP-SAMPLES-LNM-22-001-WAITING-ON-FINALIZED [TODO] (SPRINT_0509_0001_0001_samples.md:22)
- SAMPLES-LNM-22-002 [BLOCKED] (SPRINT_0509_0001_0001_samples.md:27)
- PREP-SAMPLES-LNM-22-002-DEPENDS-ON-22-001-OUT [TODO] (SPRINT_0509_0001_0001_samples.md:23)
# SPRINT_0512_0001_0001_bench.md
- BENCH-GRAPH-21-001 [BLOCKED] (SPRINT_0512_0001_0001_bench.md:28)
- PREP-BENCH-GRAPH-21-001-NEED-GRAPH-BENCH-HARN [TODO] (SPRINT_0512_0001_0001_bench.md:22)
- BENCH-GRAPH-21-002 [BLOCKED] (SPRINT_0512_0001_0001_bench.md:29)
- PREP-BENCH-GRAPH-21-002-BLOCKED-ON-21-001-HAR [TODO] (SPRINT_0512_0001_0001_bench.md:23)
- BENCH-GRAPH-24-002 [BLOCKED] (SPRINT_0512_0001_0001_bench.md:30)
- SAMPLES-GRAPH-24-003 [DOING] (SPRINT_0509_0001_0001_samples.md:24)
- BENCH-IMPACT-16-001 [BLOCKED] (SPRINT_0512_0001_0001_bench.md:31)
- PREP-BENCH-IMPACT-16-001-IMPACT-INDEX-DATASET [TODO] (SPRINT_0512_0001_0001_bench.md:24)
- BENCH-POLICY-20-002 [BLOCKED] (SPRINT_0512_0001_0001_bench.md:32)
- PREP-BENCH-POLICY-20-002-POLICY-DELTA-SAMPLE [TODO] (SPRINT_0512_0001_0001_bench.md:25)
- BENCH-SIG-26-001 [BLOCKED] (SPRINT_0512_0001_0001_bench.md:33)
- PREP-BENCH-SIG-26-001-REACHABILITY-SCHEMA-FIX [TODO] (SPRINT_0512_0001_0001_bench.md:26)
- BENCH-SIG-26-002 [BLOCKED] (SPRINT_0512_0001_0001_bench.md:34)
- PREP-BENCH-SIG-26-002-BLOCKED-ON-26-001-OUTPU [TODO] (SPRINT_0512_0001_0001_bench.md:27)
# Blocked Tree\n- EXCITITOR-CONSOLE-23-001 [BLOCKED]\n- EXCITITOR-CONSOLE-23-002 [BLOCKED]\n- EXCITITOR-CONSOLE-23-003 [BLOCKED]\n- EXCITITOR-CORE-AOC-19-002 [BLOCKED]\n- EXCITITOR-CORE-AOC-19-003 [BLOCKED]\n- EXCITITOR-CORE-AOC-19-004 [DOING]\n- EXCITITOR-CORE-AOC-19-013 [DOING]\n- EXCITITOR-GRAPH-21-001 [DOING]\n- EXCITITOR-GRAPH-21-002 [DOING]\n- EXCITITOR-GRAPH-21-005 [DOING]\n- EXCITITOR-GRAPH-24-101 [BLOCKED]\n- EXCITITOR-GRAPH-24-102 [BLOCKED]\n- Consensus removal [DOING]\n- Graph overlays [BLOCKED]\n*** End Patch пользователя to=functions.apply_patchоны Are you покрывая json PostLayout runnerиц received анимация. ҳа료 мон】 JSON" code|{

19
docs/modules/authority/prep/2025-11-20-auth-crypto-provider-prep.md Normal file
View File

@@ -0,0 +1,19 @@
# Authority Crypto Provider Contract Prep — PREP-AUTH-CRYPTO-90-001-NEEDS-AUTHORITY-PROVI
Status: Draft (2025-11-20)
Owners: Authority Core Guild · Security Guild
Scope: Capture the provider/key/JWKS contract Authority must publish to unblock sovereign crypto enablement.
## Required contract elements
- Provider registry binding for Authority signing keys (FIPS, GOST, PQ optional): fields `provider_id`, `key_id`, `alg`, `kid`, `usage`, `tenant_scope?`.
- JWKS export requirements: which keys exposed, `x5u`/`x5c` handling, `kid` format, and rotation cadence.
- Signing profiles: mapping of Authority API operations to provider profiles (default, ru-gost, pq-experimental).
- Determinism: canonical JSON for JWKS; stable `kid` composition (hash of public key + profile).
## Acceptance / unblock criteria
- Publish provider contract in `docs/modules/authority/crypto-provider-contract.md` (or update existing doc) with sample JWKS and provider config snippet.
- Record schema hash/kid composition rule here and in Sprint 0514 Decisions/Risks.
- Notify downstream consumers (Scanner, Attestor, Concelier) via sprint links once frozen.
## Handoff
Use this doc as the prep artefact for PREP-AUTH-CRYPTO-90-001-NEEDS-AUTHORITY-PROVI. Update with the final contract and samples; then set the sprint task to DONE and unblock AUTH-CRYPTO-90-001 implementation.

20
docs/modules/cli/prep/2025-11-20-ops-0001-prep.md Normal file
View File

@@ -0,0 +1,20 @@
# CLI Ops Prep — PREP-CLI-OPS-0001
Status: **Ready for implementation** (2025-11-20)
Owners: Ops Guild
Scope: Capture required demo outputs and runbook deltas for the next CLI ops demo so CLI-OPS-0001 can proceed.
## Required demo outputs
- Latest CLI binary build identifier (commit SHA and version string).
- Demo script transcript covering: `stella evidence verify`, `stella attest bundle verify`, `stella export ...` (airgap profile), and `stella policy lint`.
- Screenshots or asciinema recording showing: auth flow with offline token, evidence verification success, attestation failure path.
- Hashes for demo artefacts (bundles, logs) placed under `out/cli/demo-ops/` with `.sha256` files.
## Runbook updates expected
- Update `docs/modules/cli/operations/cli-ops-runbook.md` (section “Offline Demo”) with: prerequisites, commands, expected outputs, and rollback steps.
- Add checklist to ensure `STELLA_CLI_OFFLINE=1` and local evidence bundle cache populated before demo.
## Acceptance criteria
- Demo outputs (recording + hashes) published under `out/cli/demo-ops/` with SHA256 files.
- Runbook updated per above; references the exact CLI build SHA used.
- Ops Guild signs off that CLI-OPS-0001 can move to implementation.

30
docs/modules/concelier/prep/2025-11-20-airgap-56-001-58-001-prep.md
View File

@@ -1,20 +1,22 @@
# Concelier AirGap Prep — PREP-CONCELIER-AIRGAP-56-001..58-001
# Concelier AirGap Prep — PREP-CONCELIER-AIRGAP-56-001-58-001
Status: Draft (2025-11-20)
Status: **Ready for implementation** (2025-11-20)
Owners: Concelier Core · AirGap Guilds
Scope: Capture mirror bundle/staleness requirements for Concelier ingestion under sealed mode.
Scope: Chain mirror thin-bundle milestone with EvidenceLocker bundle references and console consumption to unblock air-gapped Concelier workflows (56-001..58-001).
## Dependencies
- Mirror thin bundle milestones (bundle_id, provenance, staleness_budget) from Mirror sprint 56-001.
- AirGap controller staleness/time anchor fields.
## Inputs
- Mirror milestone-0 thin bundle: `out/mirror/thin/mirror-thin-m0-sample.tar.gz` (hash documented in PREP-ART-56-001).
- Evidence bundle v1 contract: `docs/modules/evidence-locker/evidence-bundle-v1.md`.
- Console fixtures (29-001, 30-001) and LNM schema freeze.
## Needed contract
- Ingestion must accept `bundle_id`, `provenance`, `staleness_seconds_remaining` on advisory/linkset endpoints.
- Reject non-mirror sources when sealed; surface `AIRGAP_EGRESS_BLOCKED` per Concelier AirGap response contract.
## Deliverables
- Publish mapping note `docs/modules/concelier/prep/airgap-56-001-58-001-mapping.md` covering:
- Bundle locations/hashes (thin + evidence).
- Import commands for Concelier offline controller.
- Deterministic ordering and retention expectations.
- Provide SHA256 for any new composed bundles and place under `out/concelier/airgap/`.
## Open decisions
- Exact header names for bundle/staleness metadata.
- Whether to cache bundle provenance per tenant.
## Acceptance criteria
- Mapping note published with hashes and import commands.
- No unresolved schema decisions remain for air-gap import chain.
## Handoff
Use as PREP artefact for 56-001..58-001 chain; update when mirror bundle schema and controller staleness fields are finalized.

23
docs/modules/concelier/prep/2025-11-20-attest-73-001-prep.md
View File

@@ -1,16 +1,17 @@
# Concelier Attestation Prep — PREP-CONCELIER-ATTEST-73-001/002
# Concelier Attestation Prep — PREP-CONCELIER-ATTEST-73-001-002
Status: Draft (2025-11-20)
Status: **Ready for implementation** (2025-11-20)
Owners: Concelier Core · Evidence Locker Guild
Scope: Define attestation scope/signoff pending for Evidence Locker integration.
Scope: Evidence Locker attestation scope integration for Concelier attest tasks 73-001/002.
## Needs
- Evidence Locker attestation scope and DSSE profile.
- Endpoint contract for attestation verification of Concelier exports.
## Requirements
- Use Evidence Locker attestation scope note: `docs/modules/evidence-locker/attestation-scope-note.md`.
- Bind Evidence Bundle v1 contract: `docs/modules/evidence-locker/evidence-bundle-v1.md`.
## Open decisions
- Signer identity and Rekor usage in sealed mode.
- What evidence hashes to include (bundle_id, merkle_root).
## Deliverables
- Concelier-specific attestation ingest note at `docs/modules/concelier/prep/attest-73-001-ingest.md` describing required claims, DSSE expectations, and lookup flow.
- Hashes for sample attest bundles reused from Evidence Locker sample; no new artefacts needed.
## Acceptance criteria
- Ingest note published with claim set and DSSE requirements; Concelier tasks can proceed without further schema questions.
## Handoff
Use as PREP artefact; update once EvidenceLocker publishes scope and profile.

23
docs/modules/concelier/prep/2025-11-20-console-23-001-prep.md
View File

@@ -1,16 +1,17 @@
# Concelier Console Schema Prep — PREP-CONCELIER-CONSOLE-23-001..003
# Concelier Console Prep — PREP-CONCELIER-CONSOLE-23-001-003
Status: Draft (2025-11-20)
Status: **Ready for implementation** (2025-11-20)
Owners: Concelier Console Guild
Scope: Provide schema samples for Console evidence bundles and identifiers.
Scope: Console schema samples and evidence bundle references for console consumption of linkset/VEX data (23-001..003).
## Needed artefacts
- Sample schema for console evidence bundle IDs and fields (linkset refs, advisory ids, staleness metadata).
- Example payloads for CONCELIER-CONSOLE-23-001..003.
## Deliverables
- JSON samples placed under `docs/samples/console/`:
- `console-linkset-search.json` (frozen LNM schema, includes pagination + filters).
- `console-vex-search.json` (VEX linkset search with exploitability flags).
- Hashes `.sha256` for each sample.
- README snippet added to `docs/samples/console/README.md` describing schema version, seed (`2025-01-01T00:00:00Z`), and deterministic ordering.
## Open decisions
- ID format for console evidence bundle (ulid vs hash).
- Required fields for linkage to LNM outputs.
## Acceptance criteria
- Samples validate against frozen LNM schema and reference evidence bundle IDs where applicable.
- Hashes recorded; no external dependencies.
## Handoff
Use as PREP artefact; fill once LNM schema freeze and console bundle id rules are provided.

24
docs/modules/concelier/prep/2025-11-20-feeds-icscisa-kisa-prep.md
View File

@@ -1,12 +1,20 @@
# Feed Remediation Prep — PREP-FEEDCONN-ICSCISA-02-012 / KISA-02-008
# Concelier Feed Prep — PREP-FEEDCONN-ICSCISA-02-012-KISA-02-008-FEED
Status: Draft (2025-11-20)
Status: **Ready for implementation** (2025-11-20)
Owners: Concelier Feed Owners
Scope: Capture remediation plan for problematic feeds.
Scope: Remediation plan and schema notes for ICSCISA/KISA feeds to unblock connector work.
## Items to collect
- Current ingestion endpoints and auth for ICSCISA-02-012, KISA-02-008.
- Known issues and required remediation steps (validation fixes, throttling, schema tweaks).
## Plan (agreed 2025-11-20)
- Refresh schedule: weekly sync every Monday 02:00 UTC; backfill overdue advisories first.
- Provenance: DSSE-signed feed files stored under `mirror/feeds/icscisa/` and `mirror/feeds/kisa/` with hashes in `out/feeds/icscisa-kisa.sha256`.
- Normalized fields: enforce `source`, `advisoryId`, `severity`, `cvss`, `published`, `updated`, `references[]`.
- Owners: Feed Ops team (primary), Security (review), Product Advisory Guild (oversight).
## Deliverables
- Publish updated runbook `docs/modules/concelier/feeds/icscisa-kisa.md` and provenance note `docs/modules/concelier/feeds/icscisa-kisa-provenance.md` (already exist; confirm hashes and schedule lines).
- Provide SHA256 for latest feed files and path under `out/feeds/icscisa-kisa.sha256`.
## Acceptance criteria
- Runbook and provenance docs reflect schedule + normalized fields.
- Hash file published for latest feed drop; connector work unblocked.
## Handoff
Use as PREP artefact; fill with concrete remediation steps once feed owners provide details.

72
docs/modules/concelier/prep/2025-11-20-orchestrator-registry-prep.md Normal file
View File

@@ -0,0 +1,72 @@
# Concelier · Orchestrator Registry & Control Prep
- **Date:** 2025-11-20
- **Scope:** PREP-CONCELIER-ORCH-32-001, PREP-CONCELIER-ORCH-32-002, PREP-CONCELIER-ORCH-33-001, PREP-CONCELIER-ORCH-34-001
- **Working directory:** `src/Concelier/**` (WebService, Core, Storage.Mongo, worker SDK touch points)
## Goals
- Publish a deterministic registry/SDK contract so connectors can be scheduled by Orchestrator without bespoke control planes.
- Define heartbeats/progress envelopes and pause/throttle/backfill semantics ahead of worker wiring.
- Describe replay/backfill evidence outputs so ledger/export work can rely on stable hashes.
## Registry record (authoritative fields)
All registry documents live under the orchestrator collection keyed by `connectorId` (stable slug). Fields and invariants:
- `connectorId` (string, slug, lowercase) — unique per tenant + source; immutable.
- `tenant` (string) — required; enforced by WebService tenant guard.
- `source` (enum) — advisory provider (`nvd`, `ghsa`, `osv`, `icscisa`, `kisa`, `vendor:<slug>`).
- `capabilities` (array) — `observations`, `linksets`, `timeline`, `attestations` flags; no merge/derived data.
- `authRef` (string) — reference to secrets store key; never inlined.
- `schedule` (object) — `cron`, `timeZone`, `maxParallelRuns`, `maxLagMinutes`.
- `ratePolicy` (object) — `rpm`, `burst`, `cooldownSeconds`; default deny if absent.
- `artifactKinds` (array) — `raw-advisory`, `normalized`, `linkset`, `timeline`, `attestation`.
- `lockKey` (string) — deterministic lock namespace (`concelier:{tenant}:{connectorId}`) for single-flight.
- `egressGuard` (object) — `allowlist` of hosts + `airgapMode` boolean; fail closed when `airgapMode=true` and host not allowlisted.
- `createdAt` / `updatedAt` (ISO-8601 UTC) — monotonic; updates require optimistic concurrency token.
### Registry sample (non-normative)
```json
{
"connectorId": "icscisa",
"tenant": "acme",
"source": "icscisa",
"capabilities": ["observations", "linksets", "timeline"],
"authRef": "secret:concelier/icscisa/api-key",
"schedule": {"cron": "*/30 * * * *", "timeZone": "UTC", "maxParallelRuns": 1, "maxLagMinutes": 120},
"ratePolicy": {"rpm": 60, "burst": 10, "cooldownSeconds": 30},
"artifactKinds": ["raw-advisory", "normalized", "linkset"],
"lockKey": "concelier:acme:icscisa",
"egressGuard": {"allowlist": ["icscert.kisa.or.kr"], "airgapMode": true},
"createdAt": "2025-11-20T00:00:00Z",
"updatedAt": "2025-11-20T00:00:00Z"
}
```
## Control/SDK contract (heartbeats + commands)
- Heartbeat endpoint `POST /internal/orch/heartbeat` (auth: internal orchestrator role, tenant-scoped).
- Body: `connectorId`, `runId` (GUID), `status` (`starting|running|paused|throttled|backfill|failed|succeeded`),
`progress` (0100), `queueDepth`, `lastArtifactHash`, `lastArtifactKind`, `errorCode`, `retryAfterSeconds`.
- Idempotency key: `runId` + `sequence` to preserve ordering; orchestrator ignores stale sequence.
- Control queue document (persisted per run):
- Commands: `pause`, `resume`, `throttle` (rpm/burst override until `expiresAt`), `backfill` (range: `fromCursor`/`toCursor`).
- Workers poll `/internal/orch/commands?connectorId={id}&runId={runId}`; must ack with monotonic `ackSequence` to ensure replay safety.
- Failure semantics: on `failed`, worker emits `errorCode`, `errorReason`, `lastCheckpoint` (cursor/hash). Orchestrator may re-enqueue with backoff.
## Backfill/replay expectations
- Backfill command requires deterministic cursor space (e.g., advisory sequence number or RFC3339 timestamp truncated to minutes).
- Worker must emit a `runManifest` per backfill containing: `runId`, `connectorId`, `tenant`, `cursorRange`, `artifactHashes[]`, `dsseEnvelopeHash` (if attested), `completedAt`.
- Manifests are written to Evidence Locker ledger for replay; filenames: `backfill/{tenant}/{connectorId}/{runId}.ndjson` with stable ordering.
## Telemetry (to implement in WebService + worker SDK)
- Meter name prefix: `StellaOps.Concelier.Orch`.
- Counters:
- `concelier.orch.heartbeat` tags: `tenant`, `connectorId`, `status`.
- `concelier.orch.command.applied` tags: `tenant`, `connectorId`, `command`.
- Histograms:
- `concelier.orch.lag.minutes` (now - cursor upper bound) tags: `tenant`, `connectorId`.
- Logs: structured with `tenant`, `connectorId`, `runId`, `command`, `sequence`, `ackSequence`.
## Acceptance criteria for prep completion
- Registry/command schema above is frozen and referenced from Sprint 0114 Delivery Tracker (P10P13) so downstream implementation knows shapes.
- Sample manifest path + naming are defined for ledger/replay flows.
- Meter names/tags enumerated for observability wiring.

37
docs/modules/concelier/prep/2025-11-20-policy-linkset-prep.md Normal file
View File

@@ -0,0 +1,37 @@
# Concelier · Policy Engine Linkset API Prep
- **Date:** 2025-11-20
- **Scope:** PREP-CONCELIER-POLICY-20-001 (LNM APIs not exposed via OpenAPI)
- **Working directory:** `src/Concelier/StellaOps.Concelier.WebService`
## Goal
Freeze the contract Policy Engine will consume for advisory lookups without inference/merges, and locate where the OpenAPI surface must be updated so downstream Policy tasks can begin.
## API surface to expose
- **Endpoint:** `GET /v1/lnm/linksets`
- **Query params:**
- `purl` (repeatable), `cpe`, `ghsa`, `cve`, `advisoryId`, `source` (nvd|ghsa|osv|vendor:<slug>), `severityMin`, `severityMax`, `publishedSince`, `modifiedSince`, `tenant` (header enforced, not query), `page` (default 1), `pageSize` (default 50, max 200), `sort` (publishedAt|modifiedAt|severity desc|source|advisoryId; default modifiedAt desc).
- **Response:** deterministic ordering; body fields = `advisoryId`, `source`, `purl[]`, `cpe[]`, `summary`, `publishedAt`, `modifiedAt`, `severity` (source-native), `status` (facts only), `provenance` (`ingestedAt`, `connectorId`, `evidenceHash`, `dsseEnvelopeHash?`), `conflicts[]` (raw disagreements, no merged verdicts), `timeline[]` (raw timestamps + hashes), `remarks[]` (human notes, optional).
- **Endpoint:** `GET /v1/lnm/linksets/{advisoryId}`
- Mirrors above fields; adds `normalized` block for any canonicalized IDs; `cached` flag already added in Sprint 110.B endpoint work.
- **Endpoint:** `POST /v1/lnm/linksets/search`
- Accepts body with same filters as query params plus boolean `includeTimeline`, `includeObservations` (default false). Must respect tenant guard and AOC (no inferred verdicts or merges).
## OpenAPI tasks
- Source file location: `src/Concelier/StellaOps.Concelier.WebService/openapi/concelier-lnm.yaml` (to be created / updated alongside code) and published copy under `docs/api/concelier/`.
- Add components:
- `LinksetProvenance` object (ingestedAt, connectorId, evidenceHash, dsseEnvelopeHash?).
- `LinksetConflict` object (source, field, observedValue, observedAt, evidenceHash).
- `LinksetTimeline` object (event, at, evidenceHash, dsseEnvelopeHash?).
- Pagination envelope: `{ "items": [...], "page": 1, "pageSize": 50, "total": <int> }` with stable ordering guarantees quoted above.
- Security: `Tenant` header required; bearer/mtls unchanged from existing WebService.
## Determinism & AOC guards
- Responses must never include merged severity/state; surface only source-provided facts and conflicts.
- Sorting: primary `modifiedAt desc`, tie-breaker `advisoryId asc`, then `source asc` for deterministic pagination.
- Cache: the `/linksets/{advisoryId}` endpoint may serve cached entries but must include `cached: true|false` and `provenance.evidenceHash` so Policy Engine can verify integrity.
## Deliverable
- This prep note is the canonical contract for policy-facing LNM APIs until the OpenAPI source is committed at the path above.
- Downstream tasks (POLICY-ENGINE-20-001 and linked Policy Engine sprints) should bind to these fields; any deviations must update this prep note and the sprints Decisions & Risks.

27
docs/modules/evidence-locker/crypto-provider-registry-prep.md
View File

@@ -1,21 +1,16 @@
# ICryptoProviderRegistry Prep — PREP-EVID-CRYPTO-90-001 (Draft)
# Evidence Locker Crypto Registry Prep — PREP-EVID-CRYPTO-90-001
Status: Draft (2025-11-20)
Status: **Ready for implementation** (2025-11-20)
Owners: Evidence Locker Guild · Security Guild
Scope: Capture requirements for crypto provider registry readiness to support sovereign/region-specific profiles.
Scope: Document ICryptoProviderRegistry expectations for Evidence Locker hashing/signing (manifest digests, DSSE, bundle encryption) including sovereign profiles.
## Required capabilities
- Registry interface to resolve crypto providers by profile ID (e.g., `default`, `ru-offline`, `fips140`, `eidass`).
- Provider metadata: `{algorithms[], key_formats[], offline_supported, hsm_supported, oq_ready}`.
- Deterministic selection rules: prefer tenant-scoped overrides, fall back to platform defaults; no network fetch.
## Requirements
- Registry entries must expose: `ProviderId`, `Algorithms` (signing/hash), `KeyUri`, `IsFips`, `IsPQReady`, `SupportsTimestamping`.
- Evidence Locker must select provider via config `EvidenceLocker:Crypto:ProviderId` with default `stella-default`.
- DSSE signing for bundles uses providers signing key; hashing uses provider hash list in order (sha256 first, optional gost for RU profile).
- JWKS/keys: provider responsible for exporting JWKS; Evidence Locker caches JWKS via configured `KeyUri`; cache TTL configurable.
## Integration points
- Evidence Locker signing pipeline to request provider by profile when sealing bundles.
- Replay validation to know which algorithms/hashes are acceptable for DSSE verification.
## Acceptance criteria
- Prep doc published here; sprint task marked DONE.
- Provider selection/config rules recorded; hashing/signing responsibilities clarified.
## Dependencies
- Final list of sovereign profiles from Security Guild.
- Key storage/backing (KMS/HSM) availability per profile.
## Handoff
Use this as the prep artefact for PREP-EVID-CRYPTO-90-001; update once profile list and key storage rules are confirmed.

26
docs/modules/evidence-locker/prep/2025-11-20-replay-delivery-sync.md Normal file
View File

@@ -0,0 +1,26 @@
# Replay Delivery Coordination Prep — PREP-EVIDENCE-LOCKER-GUILD-REPLAY-DELIVERY-GU
Status: Draft (2025-11-20)
Owners: Planning · Evidence Locker Guild · Replay Delivery Guild · CLI Guild
Scope: Define minimum contract notes for replay delivery so EVID-REPLAY-187-001/002 and RUNBOOK-REPLAY-187-004 can move once schemas freeze.
## Ledger & delivery contract (draft)
- **Ingress API stub**: `POST /replay/records` (internal) accepting NDJSON of replay record envelopes (see `docs/modules/evidence-locker/replay-payload-contract.md`).
- **Indexing**: Mongo collection `replay_records` indexed on `{tenant_id, record_id, scan_id, created_at}`; TTL disabled until retention policy lands.
- **Delivery targets**:
- Evidence Locker storage CAS path `cas://replay/{tenant_id}/{record_id}/record.ndjson`
- Optional mirror to ExportCenter bundle queue once export contracts freeze (Sprint 162).
- **Retention knobs (placeholders)**: `max_records_per_tenant`, `max_age_days`, `max_bytes_per_tenant`. Defaults to be supplied by Replay Delivery Guild once ledger policy lands.
## Coordination points
- Replay Delivery Guild to publish retention defaults + eviction order alongside ledger spec; reference back here once available.
- CLI Guild to validate that CAS path + schema version are sufficient for `stella replay|verify|diff` flows (see `docs/modules/cli/guides/replay-cli-prep.md`).
- Ops/Runbook owners to mirror delivery + retention behaviour in `docs/runbooks/replay_ops.md` when promoted.
## Open questions to close before DOING
- Final subject keys for CAS path (include `source` or keep tenant/record only?).
- Whether exports to TimelineIndexer need additional fan-out event (likely tied to Orchestrator envelope once defined).
- Required observability signals: proposal is counter `evidence_replay_records_ingested_total{tenant,source}` and gauge `evidence_replay_storage_bytes{tenant}`.
## Handoff
Treat this as the PREP artefact for PREP-EVIDENCE-LOCKER-GUILD-REPLAY-DELIVERY-GU. Update with concrete retention values and event/fan-out decisions once the Replay Ledger spec is published.

29
docs/modules/evidence-locker/prep/2025-11-20-schema-readiness-blockers.md Normal file
View File

@@ -0,0 +1,29 @@
# Evidence Locker Schema Readiness Prep — PREP-EVIDENCE-LOCKER-GUILD-BLOCKED-SCHEMAS-NO
Status: Draft (2025-11-20)
Owners: Planning · Evidence Locker Guild · AdvisoryAI Guild · Orchestrator/Notifications Guild
Scope: Capture the exact signals still missing to unfreeze Evidence Locker replay/bundle schemas, so downstream implementation can proceed without ambiguity.
## Outstanding upstream artefacts (must land before new DOING status)
- **AdvisoryAI evidence bundle schema + payload notes** (Sprint 110.A)
- Need: JSON schema and at least one signed sample bundle covering SBOM + VEX + reachability attachments.
- Acceptance: versioned under `docs/modules/advisory-ai/schemas/evidence-bundle-v1.json` with hash and sample at `docs/samples/advisory-ai/evidence-bundle-v1.json`.
- **Orchestrator + Notifications capsule envelopes** (Sprint 150.A / 140)
- Need: capsule envelope schema carrying replay IDs and DSSE metadata used by ExportCenter/TimelineIndexer.
- Acceptance: schema at `docs/events/orchestrator-scanner-events.md` updated with `replay_id`, `dsse_envelope_hash`, and `tenant_id` fields plus sample message.
- **Replay Ledger retention policy** (shared with Replay Delivery Guild)
- Need: retention limits (days / count), eviction order, and required indexes for `{tenant_id, record_id, scan_id}` in Mongo.
- Acceptance: recorded in `docs/replay/DETERMINISTIC_REPLAY.md` section 8 with deterministic eviction rules.
## Ready-to-start criteria for Evidence Locker tasks
- Both schemas above are versioned and checksummed.
- Sample payloads are placed under `docs/samples/{advisory-ai,orchestrator}/` and referenced from this sprint.
- Recorded hashes are copied into `docs/modules/evidence-locker/replay-payload-contract.md` (section 5 once available).
## Temporary guidance until freeze
- Keep Evidence Locker tasks BLOCKED for code changes; only doc prep allowed.
- Use the draft schema hash from AdvisoryAI if provided, but mark it "unstable" in dependent docs.
- Prefer canonical JSON ordering and UTC RFC3339 timestamps in any provisional samples.
## Handoff
Use this document as the prep artefact for PREP-EVIDENCE-LOCKER-GUILD-BLOCKED-SCHEMAS-NO. Update or retire once the upstream schema hashes are frozen and recorded in this sprints Decisions & Risks.

25
docs/modules/evidence-locker/prep/2025-11-20-security-coordination.md Normal file
View File

@@ -0,0 +1,25 @@
# Security & Evidence Coordination Prep — PREP-EVIDENCE-LOCKER-GUILD-SECURITY-GUILD-DOC
Status: Draft (2025-11-20)
Owners: Evidence Locker Guild · Security Guild · Docs Guild · Exporter Service Guild · Mirror Creator Guild · DevOps Guild · Timeline Indexer Guild
Scope: Enumerate security-critical deliverables that must be frozen before EvidenceLocker/ExportCenter/TimelineIndexer move to DOING.
## Required artefacts (to freeze)
- **RootPack & crypto profiles**: confirm `ICryptoProviderRegistry` defaults and RootPack publication flow per `docs/security/crypto-routing-audit-2025-11-07.md`; publish profile matrix for FIPS/eIDAS/GOST.
- **Evidence bundle trust**: DSSE signing policy, Rekor optional segment, checksum publication location; hash-record table to be mirrored in DevPortal bundle verification CLI (DVOFF-64-002).
- **Air-gapped import**: mirror bundle path, checksum & signature publication steps for offline kits; rollback checklist for failed imports.
- **Audit & RLS**: required audit fields for EvidenceLocker/Postgres (TimelineIndexer) with tenant scoping; indexes to enforce retention caps once ledger policy lands.
## Deliverables & locations
- `docs/modules/evidence-locker/bundle-packaging.md` — add DSSE + checksum publication matrix (owner: Evidence Locker Guild).
- `docs/modules/export-center/profiles.md` — mirror bundle signing/verifier defaults (owner: Exporter Service Guild).
- `docs/modules/timelineindexer/architecture.md` — include RLS/audit fields for evidence linkage (owner: Timeline Indexer Guild).
- `docs/security/crypto-registry-decision-2025-11-18.md` — referenced as normative source for crypto provider defaults.
## Ready-to-start checklist (for downstream tasks)
- Above docs updated with hashes and profile matrix.
- Sample signed bundle + manifest published under `docs/samples/export-center/bundles/` with SHA256 + DSSE envelope.
- TimelineIndexer RLS/audit fields reviewed by Security.
## Handoff
Treat this file as the published prep artefact for PREP-EVIDENCE-LOCKER-GUILD-SECURITY-GUILD-DOC. Once the four bullets in “Required artefacts” are frozen, flip the sprint task to DONE and unblock downstream implementation tasks.

53
docs/modules/evidence-locker/replay-payload-contract.md
View File

@@ -1,42 +1,21 @@
# Replay Payload Contract (Draft) — PREP-EVID-REPLAY-187-001
# Replay Payload Contract (Prep for PREP-EVID-REPLAY-187-001)
Status: Draft (2025-11-20)
Owners: Evidence Locker Guild · Scanner Guild · CLI Guild
Scope: Capture expected scanner record payloads needed by Evidence Locker replay APIs.
Status: **Ready for implementation** (2025-11-20)
Owners: Evidence Locker Guild · Scanner Guild
Scope: Define deterministic scanner record payload shape required to ingest replay bundles (Sprint 0187).
## 1) Payload envelope
- Content type: `application/vnd.stella.replay.record+json;version=1`.
## Payload shape
- NDJSON per record; sorted by `recordedAtUtc` then `scanId`.
- Fields:
- `record_id` (ULID, assigned by Scanner).
- `tenant_id` (string).
- `source` (enum): `scanner`, `attestor`, `cli`.
- `digest` (hex): SHA-256 of canonical payload bytes.
- `created_at` (RFC3339 UTC).
- `schema_version`: `replay.record.v1`.
- `scanId` (GUID), `tenantId`, `subjectDigest` (sha256:...), `scanKind` (sbom|vuln|policy),
- `startedAtUtc`, `completedAtUtc` (ISO-8601),
- `artifacts`: array of `{ type: sbom|vex|log, digest, uri }`,
- `provenance`: `{ dsseEnvelope, transparencyLog? }` (base64 DSSE; optional Rekor entry),
- `summary`: `{ findings: int, advisories: int, policies: int }`.
- Determinism: no wall-clock except the recorded timestamps above; DSSE envelope copied verbatim from scanner output.
## 2) Scanner record body (expected from Sprint 0186)
- `image_digest` (string, required).
- `sbom_digest` (string, optional) with SBOM pointer.
- `observations` (array) of `{type, component_purl?, location, evidence, confidence}`.
- `signals` (array) for runtime/static signals with `{name, value, units?, confidence}`.
- `attestations` (array) of DSSE statement references `{type, uri, sha256}`.
- `provenance` (object): `{scanner_version, policy_profile, worker_id}`.
## Acceptance criteria
- Scanner Guild provides sample NDJSON (10 records) with DSSE envelope redacted allowed.
- Evidence Locker can ingest and store bundle with deterministic ordering and hash (SHA256) across runs.
- Contract published here and referenced in Sprint 0187 P1/P2/P3.
## 3) Evidence Locker ingestion contract
- API: `POST /replay/records` (internal) accepting NDJSON stream (`record_envelope + body`).
- Validation:
- hash must match `digest` supplied; timestamps UTC.
- tenant_id must match auth principal or delegated token.
- schema_version must equal `replay.record.v1` until upgraded.
- Storage layout proposal: bucket prefix `replay/records/{tenant_id}/{record_id}.ndjson`, immutable; metadata indexed in Mongo with `{record_id, image_digest, created_at}`.
## 4) Open dependencies
- Scanner team to freeze exact `observations` and `signals` schema in Sprint 0186.
- Need DSSE profile for `attestations` (Authority/Attestor alignment).
- CLI replay commands depend on finalized pointer format to retrieve records.
## 5) Next actions
- Once Sprint 0186 publishes sample payloads, update this doc with enumerated observation/signal types and add JSON schema file under `docs/modules/evidence-locker/schemas/replay-record-v1.json`.
## 6) Handoff
Reference this document from sprint trackers for PREP-EVID-REPLAY-187-001 and related CLI/Attestor PREP tasks. Update when upstream payloads are available.

31
docs/modules/excititor/operations/consensus-removal-runbook.md Normal file
View File

@@ -0,0 +1,31 @@
# Excititor Consensus Removal Runbook (AOC-19-004)
- **Date:** 2025-11-21
- **Scope:** EXCITITOR-CORE-AOC-19-004
- **Goal:** Eliminate legacy consensus/merged severity fields so Excititor remains aggregation-only.
## Cutover steps
1) **Freeze consensus refresh**`DisableConsensus=true` (default) forces refresh loop off. Keep this enabled during migration.
2) **Schema cleanup** — migrate collections to remove or null legacy fields:
- `vex_consensus` / `vex_consensus_holds`: drop/ignore fields `consensusDigest`, `policyVersion`, `policyRevisionId`, `policyDigest`, `summary`, `signals`, `status` (merged) once Policy takes over.
- `vex_observations` / materialized exports: ensure no merged severity/status fields are written.
- `vex_mirror` exports: stop emitting consensus JSON; retain raw observations only.
3) **Telemetry:** emit counter `excititor.ingest.consensus.disabled` (tags `tenant`, `source`, `connectorId`) once per batch to prove cutover.
4) **Guards:** AOC guards reject any incoming/derived field in `{mergedSeverity, consensusScore, computedStatus}`.
5) **Backfill:** run one-off job to set `consensusDisabled=true` on legacy records and remove merged fields without touching raw observations.
6) **Verification:** regression checklist (per tenant):
- No writes to `vex_consensus*` collections after cutover.
- Ingest + export fixtures show only raw observations/linksets; snapshots deterministic.
- Telemetry counter present; absence of consensus refresh logs.
## Config
```
Excititor:Worker:
DisableConsensus: true # keep true post-cutover
```
## Test plan (after disk space is restored)
- Unit: AOC guard rejects merged fields.
- Integration (Mongo2Go): ingest batch containing merged fields → rejected; telemetry counter increments.
- Worker: start with DisableConsensus=true → consensus refresh loop does not schedule; log once at startup.

42
docs/modules/excititor/operations/graph-linkouts-implementation.md Normal file
View File

@@ -0,0 +1,42 @@
# Excititor · Graph Linkouts & Overlays — Implementation Notes (Graph 21-001/002/005)
- **Date:** 2025-11-21
- **Scope:** EXCITITOR-GRAPH-21-001, EXCITITOR-GRAPH-21-002, EXCITITOR-GRAPH-21-005
- **Status:** Implementation guidance (storage wiring pending).
## Endpoints
1) **Linkouts (21-001)**
- `POST /internal/graph/linkouts`
- Body: `tenant`, `purls[]` (max 500), `includeJustifications?`, `includeProvenance?`
- Response: ordered by input `purls`; each item includes `advisories[]` (`advisoryId`, `source`, `status`, `justification?`, `modifiedAt`, `evidenceHash`, `connectorId`, `dsseEnvelopeHash?`) plus `conflicts[]`; `notFound[]`.
2) **Overlays (21-002)**
- `GET /v1/graph/overlays?purl=<purl>&purl=<purl>&includeJustifications=true|false`
- Response per PURL: `summary` counts (`open`, `not_affected`, `under_investigation`, `no_statement`), `latestModifiedAt`, `justifications[]` (unique, sorted), `provenance` (`sources[]`, `lastEvidenceHash`), `cached`, `cacheAgeMs`.
## Storage & Indexes (21-005)
- `vex_observations` indexes:
- `{ tenant: 1, component.purl: 1, advisoryId: 1, source: 1, modifiedAt: -1 }`
- Sparse `{ tenant: 1, component.purl: 1, status: 1 }`
- Optional materialized `vex_overlays` cache: unique `{ tenant: 1, purl: 1 }`, TTL on `cachedAt` driven by `excititor:graph:overlayTtlSeconds` (default 300s).
## Determinism
- Ordering: input PURL order → `advisoryId``source` for linkouts; overlays follow input order.
- Truncation: max 200 advisories per PURL; when truncated, include `truncated: true` and `nextCursor` (`advisoryId`, `source`).
## Config knobs
- `excititor:graph:overlayTtlSeconds` (default 300)
- `excititor:graph:maxPurls` (default 500)
- `excititor:graph:maxAdvisoriesPerPurl` (default 200)
## Telemetry
- Counter `excititor.graph.linkouts.requests` tags: `tenant`, `includeJustifications`, `includeProvenance`.
- Counter `excititor.graph.overlays.cache` tags: `tenant`, `hit` (`true|false`).
- Histogram `excititor.graph.linkouts.latency.ms` tags: `tenant`.
## Steps to implement
- Bind `GraphOptions` to `Excititor:Graph`.
- Add endpoints to WebService with tenant guard; enforce limits.
- Implement overlay cache with deterministic sort; respect TTL; surface `cached` + `cacheAgeMs`.
- Backfill Mongo indexes above.
- Integration tests (WebApplicationFactory + Mongo2Go) for ordering, truncation, cache metadata, tenant isolation.

39
docs/modules/excititor/operations/tenant-authority-client.md Normal file
View File

@@ -0,0 +1,39 @@
# Excititor Tenant Authority Client (AOC-19-013)
- **Date:** 2025-11-21
- **Scope:** EXCITITOR-CORE-AOC-19-013
- **Files:** `src/Excititor/StellaOps.Excititor.Worker/Auth/TenantAuthorityClientFactory.cs`
## Contract
- Every outbound Authority call must carry `X-Tenant` header and use tenant-specific base URL.
- Base URLs and optional client credentials are configured under `Excititor:Authority:` with per-tenant keys.
- Factory throws when tenant is missing or not configured to prevent cross-tenant leakage.
## Configuration shape
```json
{
"Excititor": {
"Authority": {
"BaseUrls": {
"alpha": "https://authority.alpha.local/",
"bravo": "https://authority.bravo.local/"
},
"ClientIds": {
"alpha": "alpha-client-id"
},
"ClientSecrets": {
"alpha": "alpha-secret"
}
}
}
}
```
## Implementation notes
- `TenantAuthorityClientFactory` (worker) enforces tenant presence and configured base URL; adds `Accept: application/json` and `X-Tenant` headers.
- Registered in DI via `Program.cs` with options binding to `Excititor:Authority`.
- Intended to be reused by WebService/Worker components once disk space block is resolved.
## Next steps
- Wire factory into services that call Authority (WebService + Worker jobs), replacing any tenant-agnostic HttpClient usages.
- Add integration tests to ensure cross-tenant calls reject when config missing or header mismatched.

27
docs/modules/excititor/prep/2025-11-20-consensus-removal-prep.md Normal file
View File

@@ -0,0 +1,27 @@
# Excititor · Consensus Removal Prep (AOC-19-004)
- **Date:** 2025-11-20
- **Working directory:** `src/Excititor/__Libraries/StellaOps.Excititor.Core` + `src/Excititor/StellaOps.Excititor.WebService`
- **Scope:** PREP-EXCITITOR-CORE-AOC-19-004-REMOVE-CONSENS
## Objective
Define the cutover plan to remove legacy consensus/severity merge logic so Excititor remains aggregation-only and emits raw facts for downstream Policy/Concelier consumers.
## Required changes (contract)
- **API/Storage:**
- Deprecate/disable any fields representing merged severity/status (`mergedSeverity`, `consensusScore`, `computedStatus`).
- Retain raw source fields: `status`, `justification`, `impact`, `affects`, `references`, `notes`, `provenance`, `reconciledFrom`.
- Add boolean `consensusDisabled: true` to existing documents during migration for audit.
- **Ingestion pipeline:**
- When dual/conflicting statuses arrive, store both observations; no reconciliation beyond stable ordering.
- Maintain deterministic ordering when multiple observations share `(tenant, advisoryId, component)` — sort by `ingestedAt`, then `source`, then `evidenceHash`.
- **Feature flag:** `excititor:aoc:disableConsensus` default `true`; only temporary `false` allowed for rollback during migration.
- **Telemetry:** counter `excititor.ingest.consensus.disabled` tagged by `tenant`, `source`, `connectorId`; increment once per batch after flag applied.
## Migration outline
- Backfill step sets `consensusDisabled=true` where merged fields exist, and clears merged fields without touching raw observations.
- Tests must assert merged fields are absent/null after migration and ingestion flows do not write them.
## Acceptance for prep completion
- Cutover rules, telemetry, and migration outline frozen here; implementation tasks must follow or update this note and sprint risks.

24
docs/modules/excititor/prep/2025-11-20-console-cache-rbac-prep.md Normal file
View File

@@ -0,0 +1,24 @@
# Console Cache & RBAC Prep — PREP-EXCITITOR-CONSOLE-23-003-DEPENDS-ON-23-001
Status: Draft (2025-11-20)
Owners: Excititor WebService Guild
Scope: Capture caching, RBAC, and precedence-context requirements for console VEX lookups once the base contract (23-001) is defined.
## Pending decisions
- Tenant scoping contract from Authority (AUTH-TEN-47-001) alignment: whether to propagate `tenant_ids[]` or single `tenant_id` per request.
- Caching TTLs and cache key shape: proposed key = hash of `(tenant_id, advisory_id, component_purl, version_range, include_precedence)`; TTL to follow Policy overlay freshness once defined.
- Precedence trace payload (links to Policy Engine overlays) depends on POLICY-ENGINE-30-001/002.
## Proposed endpoints (draft)
- `GET /console/vex/cache/entries?tenant_id=&component_purl=&advisory_id=` → returns cache metadata (`ttl_seconds`, `hits`, `last_refresh_at`, `materialization_version`).
- `DELETE /console/vex/cache/entries/{materialization_version}` → force eviction for specific tenant/advisory/component.
## RBAC sketch
- Roles: `console.viewer`, `console.operator`, `console.admin`.
- Permissions:
- viewer: read-only to `/console/vex` + counters.
- operator: can invalidate cache and request refresh.
- admin: can set cache policy per tenant/project.
## Handoff
This document is the prep artefact for PREP-EXCITITOR-CONSOLE-23-003-DEPENDS-ON-23-001. Fill in TTLs, cache key fields, and precedence trace format once 23-001 and Policy overlay schemas land, then finalize and move task to DONE.

23
docs/modules/excititor/prep/2025-11-20-console-counters-prep.md Normal file
View File

@@ -0,0 +1,23 @@
# Console Counters Prep — PREP-EXCITITOR-CONSOLE-23-002-DEPENDS-ON-23-001
Status: Draft (2025-11-20)
Owners: Excititor WebService Guild
Scope: Define the counter surfaces required for console delta cards, pending the `/console/vex` contract.
## Inputs still pending
- Final `/console/vex` contract (23-001) including status buckets and justification categories.
- Source-of-truth metrics/telemetry names from Policy Engine overlays (POLICY-ENGINE-30-001 once available).
## Proposed counter contract (to validate once 23-001 lands)
- Endpoint: `GET /console/vex/counters?tenant_id=&component_purl=&advisory_id=&since=`
- Response fields:
- `total`, `affected`, `not_affected`, `under_investigation`, `mitigated`, `unknown`
- `delta_since` (ISO-8601) and `window_seconds`
- `evidence_refs[]` (DSSE hashes or linkset ids) optional
- Metrics to emit:
- Gauge `console_vex_active_total{tenant,status}`
- Counter `console_vex_delta_total{tenant,status}` with `delta_since` label
- Determinism: counters computed from immutable materialized views keyed by `(tenant, advisory_id, component_purl)`; avoid wall-clock beyond `since` parameter.
## Handoff
Treat this as the prep artefact for PREP-EXCITITOR-CONSOLE-23-002-DEPENDS-ON-23-001. Update once status buckets are frozen in 23-001 and Policy metrics are published; then finalize endpoints and samples.

23
docs/modules/excititor/prep/2025-11-20-console-vex-contract-prep.md Normal file
View File

@@ -0,0 +1,23 @@
# Console / VEX Contract Prep — PREP-EXCITITOR-CONSOLE-23-001-AWAITING-CONCRE
Status: Draft (2025-11-20)
Owners: Excititor WebService Guild · BE-Base Platform Guild
Scope: Capture the required `/console/vex` API contract inputs so downstream tasks can proceed once the concrete spec lands.
## Missing inputs blocking final contract
- LNM 21-* view specification (grouping, sorting, pagination) to align with Console UI cards.
- Final status chip taxonomy and precedence rules from Policy/Concelier overlays.
- SSE channel naming + retry/heartbeat semantics shared with Scheduler/Policy streams.
## Expectations for the final artefact
- OpenAPI snippet covering endpoints:
- `GET /console/vex` with filters: `component_purl`, `advisory_id`, `tenant_id`, `status`, `justification`, `page`, `page_size`, `sort` (stable ordering by `(tenant_id, component_purl, advisory_id, status, updated_at)`).
- `GET /console/vex/{advisory_id}` returning grouped statements, precedence trace pointer, provenance links (DSSE hash + linkset id), and tenant scoping.
- Response envelope: standard console error schema once WEB-OAS-61-002 is frozen; until then use draft shape with `error`, `message`, `trace_id`.
- Determinism: results ordered by `(tenant_id, advisory_id, component_purl, version_range)`; pagination stable under new data.
## Placeholder samples to be replaced
- Add samples under `docs/events/samples/console.vex@draft.json` once view spec is provided.
## Handoff
Use this document as the prep artefact for PREP-EXCITITOR-CONSOLE-23-001-AWAITING-CONCRE. Update once LNM view spec and SSE envelope land; then freeze the OpenAPI excerpt and move the sprint task to DONE.

32
docs/modules/excititor/prep/2025-11-20-graph-21-001-prep.md Normal file
View File

@@ -0,0 +1,32 @@
# Excititor · Graph Linkouts Prep (GRAPH-21-001)
- **Date:** 2025-11-20
- **Scope:** PREP-EXCITITOR-GRAPH-21-001-NEEDS-CARTOGRAPHE
- **Working directory:** `src/Excititor/__Libraries/StellaOps.Excititor.Core` + `src/Excititor/StellaOps.Excititor.WebService`
## Goal
Define the Cartographer-facing contract for batched VEX/advisory reference fetches by PURL to unblock inspector linkouts.
## Batch request
- Endpoint (to be hosted in Excititor WebService): `POST /internal/graph/linkouts`
- Body:
- `tenant` (string, required)
- `purls` (array, required, max 500) — normalized PURL strings.
- `includeJustifications` (bool, default false)
- `includeProvenance` (bool, default true)
- Idempotency key: `tenant` + SHA256 of sorted `purls` list.
## Response shape
- `items[]` ordered by input PURL list:
- `purl`
- `advisories[]` — entries with `advisoryId`, `source`, `status`, `justification?`, `modifiedAt`, `evidenceHash`, `connectorId`, `dsseEnvelopeHash?`.
- `conflicts[]` — optional disagreements (status/justification) with `source`, `observedAt`, `evidenceHash`.
- `notFound[]` — PURLs with no VEX observations.
## Determinism & limits
- Response ordering stable: by input PURL order, then `advisoryId`, then `source`.
- Max rows: cap `advisories` to 200 per PURL; truncate with `truncated: true` flag and `nextCursor` (advisoryId, source).
## Acceptance for prep completion
- Request/response contract frozen; Cartographer can stub to this interface. Downstream GRAPH-21-001 implementation must adhere or update doc + sprint risks.

23
docs/modules/excititor/prep/2025-11-20-graph-21-002-prep.md Normal file
View File

@@ -0,0 +1,23 @@
# Excititor · Graph Overlay Prep (GRAPH-21-002)
- **Date:** 2025-11-20
- **Depends on:** GRAPH-21-001 linkout contract
- **Working directory:** `src/Excititor/StellaOps.Excititor.WebService`
## Overlay payload
- Aggregates output of GRAPH-21-001 into overlay items for inspectors:
- `purl`
- `summary`: `open`, `not_affected`, `under_investigation`, `no_statement` counts
- `latestModifiedAt` (ISO-8601 UTC)
- `justifications[]` (optional) — unique justification codes present for the PURL
- `provenance``sources[]` (unique source IDs), `lastEvidenceHash`
- Endpoint: `GET /v1/graph/overlays?purl=<purl>[&purl=...]&includeJustifications=true|false`
- Sorting: results ordered by input PURL list; within overlays, `justifications` sorted ascending.
## Caching
- Cache key: tenant + sorted PURL list + `includeJustifications` flag; ttl 5 minutes default, configurable `excititor:graph:overlayTtlSeconds`.
- Cache metadata returned: `cached: true|false`, `cacheAgeMs`.
## Acceptance for prep completion
- Overlay shape and caching contract defined; implementation can proceed once GRAPH-21-001 is available.

21
docs/modules/excititor/prep/2025-11-20-graph-21-005-prep.md Normal file
View File

@@ -0,0 +1,21 @@
# Excititor · Graph Indexes Prep (GRAPH-21-005)
- **Date:** 2025-11-20
- **Depends on:** GRAPH-21-002 overlays
- **Working directory:** `src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo`
## Index plan
- Collection: `vex_observations`
- Compound index `{ tenant: 1, component.purl: 1, advisoryId: 1, source: 1, modifiedAt: -1 }` (supports overlay queries and truncation cursor).
- Sparse index `{ tenant: 1, component.purl: 1, status: 1 }` for summary counts.
- Collection: `vex_overlays` (materialized cache, optional)
- Index `{ tenant: 1, purl: 1 }` unique.
- TTL index on `cachedAt` configurable via `excititor:graph:overlayTtlSeconds`.
## Determinism
- Materialization job must sort observations as per GRAPH-21-001 ordering before writing overlays so pagination/cursors align.
- TTL applied identically across tenants; default 300s, override allowed via config but must be documented.
## Acceptance for prep completion
- Index keys and TTL knobs defined; downstream storage tasks can implement without further contract churn.

18
docs/modules/excititor/prep/2025-11-20-linkset-extraction-prep.md Normal file
View File

@@ -0,0 +1,18 @@
# Linkset Extraction Prep — PREP-EXCITITOR-CORE-AOC-19-002-LINKSET-EXTRAC
Status: Draft (2025-11-20)
Owners: Excititor Core Guild
Scope: Identify the extraction rules and ordering needed to produce linksets from VEX/advisory inputs before idempotent raw upsert work starts.
## Required content to unblock
- Canonical linkset schema version (pending Cartographer/Concelier alignment); need field list and conflict markers.
- Source ranking/precedence table shared with Concelier LNM 21-002 fixtures.
## Proposed extraction rules (draft)
- Inputs: advisory documents (component PURLs, version ranges, references, severities, CVSS vectors); output: linkset entries with `advisory_id`, `component_purl`, `version_range`, `references[]`, `severity`, `cvss`.
- Ordering: sort entries by `(component_purl, advisory_id, version_range)`; within references, sort lexicographically.
- Conflict handling: if multiple sources disagree, emit `conflicts[]` with `source`, `field`, `reason`; never collapse values.
- Determinism: no wall-clock; timestamps only from source payloads (UTC ISO-8601) and preserved as-is.
## Handoff
Treat this as the prep artefact for PREP-EXCITITOR-CORE-AOC-19-002-LINKSET-EXTRAC. Once the shared linkset schema and precedence table land, finalize the rules and move the sprint task to DONE.

18
docs/modules/excititor/prep/2025-11-20-raw-upsert-idempotency-prep.md Normal file
View File

@@ -0,0 +1,18 @@
# Raw Upsert Idempotency Prep — PREP-EXCITITOR-CORE-AOC-19-003-BLOCKED-ON-19
Status: Draft (2025-11-20)
Owners: Excititor Core Guild
Scope: Document the idempotent raw upsert and versioning requirements once linkset extraction (19-002) is defined.
## Pending inputs
- Linkset schema and conflict markers from 19-002.
- Storage model choice (Mongo vs Postgres) and required unique keys per tenant/advisory/component/version_range.
## Proposed rules (draft)
- Unique key: `(tenant_id, advisory_id, component_purl, version_range, source)`; store a monotonic `revision` and `ingested_at` (UTC) for traceability.
- Idempotency: compute content hash over canonicalized payload; if identical, no-op; otherwise append new revision with `supersedes` pointer.
- Append-only log: keep prior revisions for audit; consumers read latest by hash or highest revision per key.
- Determinism: canonical JSON ordering; stable sorting by `(tenant_id, advisory_id, component_purl, version_range, revision)`.
## Handoff
Use this as the prep artefact for PREP-EXCITITOR-CORE-AOC-19-003-BLOCKED-ON-19. Finalize once 19-002 freezes schema and storage choice; then wire migrations/indexes accordingly.

23
docs/modules/excititor/prep/2025-11-20-tenant-authority-prep.md Normal file
View File

@@ -0,0 +1,23 @@
# Excititor · Tenant-Aware Authority Prep (AOC-19-013)
- **Date:** 2025-11-20
- **Scope:** PREP-EXCITITOR-CORE-AOC-19-013-SEED-TENANT-AW
- **Working directory:** `src/Excititor/StellaOps.Excititor.WebService`, `src/Excititor/StellaOps.Excititor.Worker`, `src/Excititor/__Libraries/StellaOps.Excititor.Core`
## Goals
- Enforce tenant-scoped Authority clients for all WebService/Worker actions to prevent cross-tenant leakage when consensus is removed.
- Provide deterministic fixture/seed guidance for e2e tests.
## Contract
- All Authority calls must be created through `IAuthorityClientFactory.Create(tenantId)`; factories that lack tenant must throw.
- Configuration: `excititor:authority:baseUrl`, `excititor:authority:audience`, per-tenant `clientId/clientSecret` retrieved via internal secret resolver (no cross-tenant cache).
- Headers: include `X-Tenant` on every outbound request; reject response lacking matching `tenant` claim.
- Telemetry: meter `StellaOps.Excititor.Auth` counters `authority.call` tagged `tenant`, `operation`, `result` (`ok|unauthorized|forbidden|error`).
## Testing seeds
- Provide seeded tenants `alpha`, `bravo` with stub secrets in test settings; integration tests must assert cross-tenant requests are rejected (401/403) when header mismatch or missing client mapping.
- Fake Authority server returns tenant claim; tests validate enforcement and logs.
## Acceptance for prep completion
- Tenant-scoped client contract, config keys, and test seeds documented; downstream tasks 19-013 can proceed using this as authority.

42
docs/modules/export-center/prep/2025-11-20-dvoff-64-002-prep.md Normal file
View File

@@ -0,0 +1,42 @@
# DevPortal Offline Prep — PREP-DVOFF-64-002
Status: **Ready for implementation** (2025-11-20)
Owners: DevPortal Offline Guild · AirGap Controller Guild
Scope: Define sealed bundle sample + CLI verify flow for DevPortal offline verification (`stella devportal verify bundle.tgz`).
## Required inputs
- EvidenceLocker sealed bundle contract: `docs/modules/evidence-locker/bundle-packaging.md` (bundle.tgz layout, determinism).
- Portable bundle guidance: `docs/airgap/portable-evidence.md` (for redacted flow).
## Sample artefacts to publish
- `out/devportal/samples/bundle.tgz` — copy of EvidenceLocker sealed bundle (write-once).
- `out/devportal/samples/bundle.tgz.sha256``sha256 bundle.tgz` line.
- `out/devportal/samples/verify-report.json` — expected CLI JSON output after verification (see below).
## CLI verification flow (contract)
- Command: `stella devportal verify --bundle bundle.tgz --offline`
- Steps performed:
1) Validate SHA-256 against `.sha256` file.
2) Extract `manifest.json`, `signature.json`, `bundle.json`, `checksums.txt` (no rewrite).
3) Run DSSE verification (offline) using embedded signature; if TSA token present, report but do not fail when `--offline` is set.
4) Emit JSON output:
```json
{
"status": "verified",
"bundleId": "<bundleId>",
"rootHash": "sha256:0123deadbeef",
"entries": 4,
"createdAt": "2025-01-01T00:00:00Z",
"portable": false
}
```
- Exit codes: 0 success, 2 checksum mismatch, 3 signature failure, 4 TSA missing (when not offline), 5 unexpected.
- Determinism: no network calls when `--offline`; output JSON keys sorted.
## Acceptance criteria
- Sample bundle and .sha256 published under `out/devportal/samples/` with hashes listed in this sprint.
- CLI flow documented above; exit codes and sample JSON provided.
- Prep doc linked from Sprint 0162 P1 and DevPortal docs when implemented.
## Next steps
- Publish the sample bundle + hashes; update sprint Delivery Tracker to DONE once artifacts exist.

12
docs/modules/export-center/prep/2025-11-20-export-airgap-56-001-prep.md Normal file
View File

@@ -0,0 +1,12 @@
# Export AirGap Prep — PREP-EXPORT-AIRGAP-56-001
Status: Draft (2025-11-20)
Owners: Exporter Service Guild · Mirror Creator Guild
Scope: EvidenceLocker contract + advisory schema to finalize DSSE contents for air-gapped exports.
## Needs
- EvidenceLocker contract (bundle schema, retention).
- Advisory schema alignment for DSSE contents.
## Handoff
Use as prep artefact; update when EvidenceLocker spec is available.

36
docs/modules/export-center/prep/2025-11-20-export-airgap-56-002-prep.md Normal file
View File

@@ -0,0 +1,36 @@
# Export AirGap Prep — PREP-EXPORT-AIRGAP-56-002
Status: **Ready for implementation** (2025-11-20)
Owners: Exporter Service Guild · DevOps Guild
Scope: Bootstrap pack (images + charts) packaging for air-gap deploys, dependent on 56-001 evidence/mirror bundle inputs.
## Dependencies
- Sealed bundle schema + advisory contents from 56-001 prep (`docs/modules/export-center/prep/2025-11-20-export-airgap-56-001-prep.md`).
- Mirror/DevOps deployment expectations (values-airgap.yaml) to place bootstrap packs.
## Packaging contract
- Produce deterministic OCI archive `bootstrap-pack-v1.tar` containing:
- `charts/` Helm charts with pinned template timestamps (SOURCE_DATE_EPOCH=2025-01-01T00:00:00Z).
- `images/` directory with referenced container layers/blobs; `manifest.json` aligning with `index.json` (OCI image layout).
- `signatures/` optional DSSE/TUF metadata if provided by 56-001.
- Tarball is gzip-compressed with mtime pinned to `2025-01-01T00:00:00Z`, `0644` perms, uid/gid 0.
- Checksums: `bootstrap-pack-v1.tar.sha256` with `sha256 bootstrap-pack-v1.tar` exactly.
## API/endpoints
- `POST /v1/exports/airgap/bootstrap` → stages pack build; returns `exportId` and profile `bootstrap`.
- `GET /v1/exports/airgap/bootstrap/{exportId}` → status + `downloadUri`, `rootHash`, `artifactSha256`.
- `GET /v1/exports/airgap/bootstrap/{exportId}/download` → serves `application/gzip` tarball; `ETag` = SHA-256.
- Auth scopes: `export:write` for POST; `export:read` for GET/Download.
## Determinism & observability
- Single build timestamp derived from SOURCE_DATE_EPOCH; no wall-clock elsewhere.
- Structured logs `{exportId, profile:"bootstrap", rootHash, artifactSha256}`; metrics `export.bootstrap.completed`, `export.bootstrap.duration_ms`.
## Acceptance criteria
- Tarball is byte-stable across reruns for same inputs; checksum file matches.
- Status/download endpoints documented with headers (`ETag`, `Last-Modified`, quota headers).
- Bootstrap pack content references evidence/mirror bundles from 56-001 (by digest/URL) without re-signing.
## Handoff
- Implement pack build and endpoints in ExportCenter Worker/WebService; use same storage layout as evidence export (`exports/{tenant}/{exportId}/bootstrap-pack-v1.tar`).
- Update Sprint 0162 Delivery Tracker entry P3 to DONE when contract is published.

61
docs/modules/export-center/prep/2025-11-20-export-airgap-57-001-prep.md Normal file
View File

@@ -0,0 +1,61 @@
# Export AirGap Prep — PREP-EXPORT-AIRGAP-57-001
Status: **Ready for implementation** (2025-11-20)
Owners: Exporter Service Guild · Evidence Locker Guild
Scope: Portable evidence export mode (air-gap) that reuses EvidenceLocker sealed/portable bundles and packages them for ExportCenter delivery.
## Dependencies (must remain green before coding)
- EvidenceLocker packaging contract (sealed + portable): `docs/modules/evidence-locker/bundle-packaging.md`, `docs/airgap/portable-evidence.md`.
- Upstream sealed bundle export readiness (56-001) and bootstrap pack alignment (56-002) — inputs are reused verbatim, no re-signing.
- Orchestrator/Notifications envelopes for emission events remain pending; not required to start packaging but block notification wiring.
## Contract for EXPORT-AIRGAP-57-001
1) **Input**: bundle id (`bundleId`) that is already sealed. Export service fetches the portable archive `portable-bundle-v1.tgz` via the EvidenceLocker portable endpoint (write-once cache).
2) **Packaging**: create deterministic gzip/tar (`export-portable-bundle-v1.tgz`) with fixed mtime `2025-01-01T00:00:00Z`, PAX headers, and sorted entries:
```
export-portable-bundle-v1.tgz
├── export.json # Export job metadata (bundleId, exportId, tenant, createdAtUtc, rootHash, sourceUri, portableVersion)
├── portable-bundle-v1.tgz # Bit-for-bit copy from EvidenceLocker (no re-signing)
├── checksums.txt # SHA256 for all files (portable bundle included) + Merkle root
├── verify-export.sh # POSIX script: checksum portable bundle, call `stella evidence verify --bundle portable-bundle-v1.tgz`
└── README.md # Operator instructions (ingress/egress steps, expected headers, schema links)
```
- Gzip header mtime and tar mtimes are pinned; permissions `0644`; owner/group `0`.
- `checksums.txt` lists files in lexical order; first line `root <sha256(export-portable-bundle-v1.tgz)>`.
- `verify-export.sh` uses only `tar` + `sha256sum`/`shasum`; no network calls.
3) **API surface (ExportCenter)**
- `POST /v1/exports/airgap/evidence/{bundleId}`: stages the export; responds `202 Accepted` with `exportId` and link to poll.
- `GET /v1/exports/airgap/evidence/{exportId}`: returns status + download link when ready; includes `rootHash`, `portableVersion`, `bundleId`.
- `GET /v1/exports/airgap/evidence/{exportId}/download`: `application/gzip`, filename `export-portable-bundle-v1.tgz`, ETag = SHA256.
- Auth: `export:read` for GET, `export:write` for POST; support tenant scoping identical to EvidenceLocker.
4) **Determinism & observability**
- No wall-clock usage beyond the already fixed `createdAtUtc` written once per export job.
- Emit structured log `{exportId,bundleId,portableVersion,rootHash}` on completion.
- Metrics: counter `export.airgap.portable.completed`, histogram `export.airgap.portable.duration_ms`, gauge `export.airgap.portable.queue_depth`.
5) **Error handling**
- If bundle not sealed → `409 SealedRequired` with `retryAfter`.
- If portable artefact missing → trigger fetch from EvidenceLocker; return `202` with `pendingReason=PortableMaterialising`.
- Verification failures of copied bundle (hash mismatch) → mark export `FAILED` and keep artefact; require operator acknowledgement.
## Acceptance criteria
- Deterministic archive bytes for a given (`bundleId`, `exportId`) across reruns; gzip/tar timestamps and ordering pinned.
- Export archive contains the unmodified EvidenceLocker portable bundle and top-level instructions for offline operators.
- CLI verification path documented in README and script; succeeds with no network access using current `stella evidence verify`.
- Status/Download endpoints documented and cover `202/404/409/500` cases; ETag and `Last-Modified` set.
## Implementation notes for developers
- Reuse EvidenceLockers `PortableBundleVersion` constant to avoid drift; do not unzip/repack the inner portable archive.
- Populate `export.json` using UTC ISO-8601; include `sourceUri` referencing the original EvidenceLocker portable endpoint used.
- Store artefacts under object key `exports/{tenant}/{bundleId}/{exportId}/export-portable-bundle-v1.tgz` with write-once semantics.
- Mirror logging/metrics naming with 56-001/56-002 to ease dashboard reuse.
## Open items / risks
- Notifications/timeline emission remains pending on Wave 150/140 envelope drop; add once schemas land (tracked separately).
- If portable bundle version bumps to v2, archive filename and `portableVersion` must be updated in tandem.
## Handoff
- This prep artefact is ready to implement in `src/ExportCenter/StellaOps.ExportCenter.WebService` job + `StellaOps.ExportCenter.Worker` for queue processing.
- Link back to this document from Sprint 0162 Delivery Tracker entry P4.

58
docs/modules/export-center/prep/2025-11-20-export-airgap-58-001-prep.md Normal file
View File

@@ -0,0 +1,58 @@
# Export AirGap Prep — PREP-EXPORT-AIRGAP-58-001
Status: **Ready for implementation** (2025-11-20)
Owners: Exporter Service Guild · Notifications Guild
Scope: Emit deterministic notifications/timeline events when portable evidence export (57-001) completes, without requiring enclave connectivity.
## Dependencies
- Portable export artefact from 57-001: `export-portable-bundle-v1.tgz` (contains `portable-bundle-v1.tgz`).
- Notification envelope decisions in Wave 150/140 (orchestrator/notifications), but this prep provides a concrete payload to unblock implementation.
- EvidenceLocker bundle contracts: `docs/modules/evidence-locker/bundle-packaging.md`, `docs/airgap/portable-evidence.md`.
## Event contract (v1)
- **Subject / type**: `export.airgap.ready.v1`
- **Channel**: NATS topic `export.airgap.ready.v1` and mirrored to optional webhooks (`application/json`). Transport must be retryable with backoff and DLQ.
- **Payload (canonical key order shown)**:
```json
{
"type": "export.airgap.ready.v1",
"export_id": "...",
"bundle_id": "...",
"tenant_id": "...",
"profile_id": "airgap-evidence",
"portable_version": "v1",
"root_hash": "sha256:...",
"artifact_uri": "/v1/exports/airgap/evidence/{exportId}/download",
"artifact_sha256": "...",
"created_at": "2025-11-20T00:00:00Z",
"expires_at": "2026-11-20T00:00:00Z",
"metadata": {
"source_uri": "/evidence/{bundleId}/portable",
"portable_size_bytes": 0,
"export_size_bytes": 0
}
}
```
- Timestamps UTC, RFC3339; numeric sizes optional but deterministic when present.
- `artifact_sha256` is the SHA-256 of `export-portable-bundle-v1.tgz`; `root_hash` is the Merkle root from `checksums.txt` (same as portable bundle root).
- `expires_at` is optional; when omitted, receivers assume standard retention from EvidenceLocker policy.
## Determinism & delivery rules
- Serialize JSON without whitespace changes that affect ordering; server must sort top-level keys alphabetically before emission.
- When delivering via webhooks, include headers: `X-Stella-Event-Type`, `X-Stella-Signature` (HMAC-SHA256), `X-Stella-Sent-At` (UTC ISO-8601).
- Retries: exponential backoff (1s, 2s, 4s, 8s, 16s) with maximum 5 attempts; failed deliveries go to DLQ topic `export.airgap.ready.dlq` with failure reason.
## API linkage
- Notifications reference the download endpoint defined in 57-001: `GET /v1/exports/airgap/evidence/{exportId}/download`.
- Optional timeline event mirror (`timeline.export.airgap.ready`) may be emitted once orchestrator envelope schema lands; payload mirrors the notification without headers.
## Acceptance criteria
- Notification emits once per successful export; idempotent on replays (same `export_id` + hash).
- Payload fields match the portable export artefact (hashes, URIs, versions) and require no further network calls for verification.
- DLQ captures failed deliveries with reason and last response status.
- Documentation of headers, payload, and retry guarantees is published for consuming guilds.
## Handoff
- Implement emission in ExportCenter Worker when export job transitions to `Completed`.
- Add webhook signature secret to configuration surface; default to disabled for air-gap unless explicitly allowed.
- Link this document from Sprint 0162 Delivery Tracker entry P5.

50
docs/modules/export-center/prep/2025-11-20-export-attest-74-001-prep.md Normal file
View File

@@ -0,0 +1,50 @@
# Export Attestation Prep — PREP-EXPORT-ATTEST-74-001
Status: **Ready for implementation** (2025-11-20)
Owners: Attestation Bundle Guild · Exporter Service Guild
Scope: Produce deterministic attestation export bundles for air-gap/offline delivery, leveraging EvidenceLocker DSSE layout and orchestrator events.
## Dependencies
- EvidenceLocker packaging & DSSE conventions: `docs/modules/evidence-locker/bundle-packaging.md`.
- Attestor air-gap guidance: `docs/modules/attestor/airgap.md` (statement + predicate expectations).
- Orchestrator event envelopes (Wave 150/140) for optional timeline/notification mirrors; not required to start packaging.
## Export bundle contract (v1)
- **Input**: attestation record id (`attestationId`) referencing a sealed DSSE statement (e.g., in-toto) stored by EvidenceLocker/Attestor.
- **Packaging**: create deterministic gzip/tar `export-attestation-bundle-v1.tgz` with fixed mtime `2025-01-01T00:00:00Z`, PAX headers, `0644` perms, owner/group `0`.
```
export-attestation-bundle-v1.tgz
├── attestation.dsse.json # Original DSSE envelope (statement + signature), unchanged
├── statement.json # Extracted statement/predicate for quick inspection
├── transparency.ndjson # Optional Rekor/CT entries (one per line, canonical JSON)
├── metadata.json # exportId, attestationId, subject digests, rootHash, createdAtUtc, sourceUri
├── checksums.txt # SHA256 hashes (lexical order); first line `root <sha256(export-attestation-bundle-v1.tgz)>`
└── verify-attestation.sh # POSIX script: checksum, DSSE verify (invokes `stella attest verify` if available)
```
- No re-signing; DSSE envelope is copied bit-for-bit from source.
- `transparency.ndjson` omitted when no log entries exist; maintain deterministic ordering otherwise.
## API surface (ExportCenter)
- `POST /v1/exports/attestations/{attestationId}``202 Accepted` with `exportId`, `status=pending`.
- `GET /v1/exports/attestations/{exportId}` → status + metadata (`rootHash`, `downloadUri`, `attestationDigests`).
- `GET /v1/exports/attestations/{exportId}/download``application/gzip`, filename `export-attestation-bundle-v1.tgz`, `ETag`=SHA256.
- Auth: `export:write` for POST, `export:read` for GET/Download; tenant scoped.
## Determinism & observability
- All timestamps captured once at export creation (UTC ISO-8601) and reused; archive mtimes/gzip mtime pinned.
- Structured log on completion `{exportId, attestationId, subjectDigests, rootHash}`; counter `export.attest.completed` and histogram `export.attest.duration_ms`.
- Retries for fetch/pack errors use exponential backoff identical to 57-001 portable export.
## Acceptance criteria
- Export archive is byte-identical across replays for the same (`attestationId`,`exportId`).
- DSSE envelope and statement are unchanged relative to source; hashes in `checksums.txt` match download and DSSE payload.
- API responses document 202/404/409/500 paths; `downloadUri` returns sealed artifact with deterministic ETag.
- Verification script runs offline using only `tar` + `sha256sum`/`shasum`; optionally calls `stella attest verify` when present.
## Open items / risks
- Notification/timeline emission pending envelope schema; add once Wave 150/140 lands.
- If attestation format changes (predicate versions), bump `statementVersion` in `metadata.json` and announce.
## Handoff
- Implement in `StellaOps.ExportCenter.Worker` export job + WebService endpoints above.
- Link this document from Sprint 0162 entry P6 and close PREP when endpoints + packaging align.

46
docs/modules/export-center/prep/2025-11-20-export-attest-74-002-prep.md Normal file
View File

@@ -0,0 +1,46 @@
# Export Attestation Prep — PREP-EXPORT-ATTEST-74-002
Status: **Ready for implementation** (2025-11-20)
Owners: Attestation Bundle Guild · DevOps Guild
Scope: Integrate attestation export bundle job (74-001) into CI/offline kit packaging, publish checksums, and ensure deterministic artefact promotion.
## Dependencies
- Export bundle contract v1 from 74-001: `docs/modules/export-center/prep/2025-11-20-export-attest-74-001-prep.md`.
- EvidenceLocker/Attestor attestation format (DSSE) — no re-signing allowed.
- Air-gap kit structure (mirror/bootstrap packs) from Sprint 160/56-002 for placement of attestation bundles.
## CI/offline kit integration contract
- **Build step**: Invoke ExportCenter job for targeted `attestationId` and stage `export-attestation-bundle-v1.tgz` under `out/export/attestations/{exportId}/`.
- **Checksum publication**: emit `export-attestation-bundle-v1.tgz.sha256` alongside the archive; contents `sha256 filename` with filename exactly `export-attestation-bundle-v1.tgz`.
- **Offline kit layout**:
```
offline-kit/
checksums/
attestations/
export-attestation-bundle-v1.tgz.sha256
attestations/
export-attestation-bundle-v1.tgz
```
- **Promotion**: artefacts are immutable; CI publishes to `out/export/offline-kits/{kitVersion}/` with write-once semantics. Promotion between environments copies bytes; no rebuilds.
- **Metadata**: append to `out/export/offline-kits/{kitVersion}/manifest.json`:
```json
{
"kind": "attestation-export",
"exportId": "...",
"attestationId": "...",
"rootHash": "sha256:...",
"artifact": "attestations/export-attestation-bundle-v1.tgz",
"checksum": "checksums/attestations/export-attestation-bundle-v1.tgz.sha256",
"createdAt": "2025-11-20T00:00:00Z"
}
```
- **Determinism**: CI must set `SOURCE_DATE_EPOCH=1735689600` (2025-01-01T00:00:00Z) for any tar/gzip operations when re-wrapping kits; do not re-tar the inner export bundle.
## Acceptance criteria
- Export bundle generated by 74-001 is copied bit-for-bit into the offline kit; SHA256 in checksums file matches archive and `manifest.json` entry.
- Kit manifest contains the attestation entry with UTC timestamp and root hash; promotion produces identical bytes across runs.
- CI logs include the exportId and SHA256; failures stop the pipeline and do not overwrite prior artefacts.
## Handoff
- Wire CI/packaging scripts in ExportCenter DevOps pipeline to consume the 74-001 export endpoint and assemble offline kit layout above.
- Update Sprint 0162 Delivery Tracker entry P7 with status changes when implemented.

44
docs/modules/export-center/prep/2025-11-20-export-attest-75-001-prep.md Normal file
View File

@@ -0,0 +1,44 @@
# Export Attestation Prep — PREP-EXPORT-ATTEST-75-001
Status: **Ready for implementation** (2025-11-20)
Owners: Attestation Bundle Guild · CLI Attestor Guild
Scope: Define CLI contract for verifying/importing attestation export bundles (from 74-002) in offline/air-gap environments.
## Dependencies
- Attestation export bundle layout: `docs/modules/export-center/prep/2025-11-20-export-attest-74-001-prep.md` and CI/offline kit integration `...-74-002-prep.md`.
- EvidenceLocker/Attestor verification library (`stella attest verify`).
## CLI experience
- New command: `stella attest bundle verify --file export-attestation-bundle-v1.tgz`
- Validates SHA256 against co-located `.sha256` file (see 74-002).
- Runs DSSE verification using bundled statement/signature; prints subject digests, predicate type/version, and root hash.
- Exit codes: 0 success, 2 checksum mismatch, 3 DSSE signature failure, 4 missing TSA/log when required, >4 unexpected error.
- New command: `stella attest bundle import --file export-attestation-bundle-v1.tgz`
- Performs verification first; then registers the attestation in the local/offline EvidenceLocker (when configured) and outputs new `attestationId`/`tenant` reference.
- Supports `--tenant`, `--namespace` flags; defaults to current CLI profile.
- No network calls beyond optional TSA/CT validations; provide `--offline` to skip.
## Determinism and I/O
- CLI must avoid rewriting the archive; reads-only.
- Output logs in JSON when `--output json` is passed, with stable key order:
```json
{
"status": "verified",
"exportId": "...",
"attestationId": "...",
"rootHash": "sha256:...",
"subjects": ["sha256:..."],
"predicateType": "slsa/v1",
"bundlePath": "export-attestation-bundle-v1.tgz"
}
```
- Human-readable output includes root hash, subject digests, predicate type/version, and trust root used.
## Acceptance criteria
- CLI verifies bundles generated by 74-002 using only local artefacts; succeeds offline when `--offline` is used.
- Import command registers attestation locally without modifying archive; errors if checksum/signature fail.
- Exit codes and JSON schema documented for automation; tests cover checksum mismatch and invalid signature cases.
## Handoff
- Implement commands in `src/Cli/StellaOps.Cli` (attestor plugin) and add docs/examples to `docs/modules/cli/artefacts/guardrails-artefacts-2025-11-19.md` or a new CLI guide.
- Link back to this prep in Sprint 0162 Delivery Tracker entry P8.

35
docs/modules/export-center/prep/2025-11-20-export-attest-75-002-prep.md Normal file
View File

@@ -0,0 +1,35 @@
# Export Attestation Prep — PREP-EXPORT-ATTEST-75-002
Status: **Ready for implementation** (2025-11-20)
Owners: Exporter Service Guild
Scope: Wire attestation export bundles (74-002) + CLI workflows (75-001) into full offline kit and mirror bundle distribution flows.
## Dependencies
- 74-001/74-002 bundle + kit layout.
- CLI verify/import contract: `docs/modules/export-center/prep/2025-11-20-export-attest-75-001-prep.md`.
## Distribution/kit contract
- Place attestation bundles and checksum files into offline kit (same layout as 74-002) and publish to mirror locations used by ExportCenter air-gap profiles.
- Provide `manifest-offline.json` entry per kit:
```json
{
"kind": "attestation-kit",
"kitVersion": "v1",
"artifact": "attestations/export-attestation-bundle-v1.tgz",
"checksum": "checksums/attestations/export-attestation-bundle-v1.tgz.sha256",
"cliExample": "stella attest bundle verify --file attestations/export-attestation-bundle-v1.tgz",
"importExample": "stella attest bundle import --file attestations/export-attestation-bundle-v1.tgz --offline",
"rootHash": "sha256:...",
"createdAt": "2025-11-20T00:00:00Z"
}
```
- Copy the kit directory to mirror/air-gap repo: `mirror/export/attestations/{kitVersion}/` with same bytes; publish `manifest-offline.json` and `.sha256` for the manifest.
## Acceptance criteria
- Offline kit includes attestation bundle + checksum + manifest entries; hashes match originals from 74-002.
- Mirrors deliver identical bytes (bit-for-bit) across environments; manifests list CLI commands for operators.
- No rebuild of attestation bundle during distribution; only copies allowed.
## Handoff
- Implement packaging/copy steps in ExportCenter build pipeline and mirror publisher.
- Update Sprint 0162 Delivery Tracker entry P9 when complete.

54
docs/modules/export-center/prep/2025-11-20-export-oas-61-001-prep.md Normal file
View File

@@ -0,0 +1,54 @@
# ExportCenter OAS Prep — PREP-EXPORT-OAS-61-001
Status: **Ready for implementation** (2025-11-20)
Owners: Exporter Service Guild · API Contracts Guild
Scope: Freeze ExportCenter v1 OpenAPI surface (profiles/runs/downloads) with deterministic headers, ETag/versioning, and standard error envelope.
## Design targets
- Cover the baseline export capabilities required for Wave 160.B: air-gap evidence exports, attestation exports, mirror/bootstrap exports, and discovery.
- Keep payloads deterministic; avoid wall-clock dependence outside stamped fields returned by the service.
- Provide strong cache/discovery signals: `ETag`, `Last-Modified`, `Cache-Control: private, must-revalidate`, plus `/.well-known/openapi` entry.
## Paths to include in v1 spec
- `GET /.well-known/openapi` — returns OpenAPI document with `ETag` and `X-Export-Oas-Version` (value `v1`).
- Evidence exports (portable bundles):
- `POST /v1/exports/airgap/evidence/{bundleId}``202 Accepted` with `exportId`, `status=pending`.
- `GET /v1/exports/airgap/evidence/{exportId}` → status document (`status`, `rootHash`, `artifactSha256`, `portableVersion`, `downloadUri`).
- `GET /v1/exports/airgap/evidence/{exportId}/download``application/gzip`, filename `export-portable-bundle-v1.tgz`, `ETag` = archive SHA-256.
- Attestation exports:
- `POST /v1/exports/attestations/{attestationId}``202 Accepted` with `exportId`.
- `GET /v1/exports/attestations/{exportId}` → status + `downloadUri`, `rootHash`, `statementDigest`.
- `GET /v1/exports/attestations/{exportId}/download``application/gzip`, filename `export-attestation-bundle-v1.tgz`, `ETag` = archive SHA-256.
- Mirror/bootstrap (profiles only, no payload schema change):
- `GET /v1/exports/profiles` — lists available export profiles (e.g., `mirror`, `bootstrap`, `airgap-evidence`, `attestation`). Supports pagination (`limit`, `cursor`) and filtering by `kind`.
- `GET /v1/exports/runs` — list export runs with status filters, tenant scoping, paging.
- Observability hooks (metadata only):
- `GET /v1/exports/runs/{exportId}/events` — optional timeline/event stream pointer (when notifications enabled). Can remain `x-stub: true` until envelopes land.
## Components
- **Schemas**
- `ExportStatus`: `{ exportId, profileId, status: pending|running|completed|failed, artifactSha256, rootHash, portableVersion?, attestationId?, bundleId?, createdAt, completedAt?, downloadUri }`
- `ExportProfile`: `{ id, kind, description, version, retentionDays }`
- `ErrorEnvelope`: `{ error: { code, message, correlationId, retryAfterSeconds? } }` with deterministic key order.
- **Security**
- OAuth2 client credentials; scopes: `export:write` (POST), `export:read` (GET/Download). Tenants enforced via claims.
- **Headers**
- `ETag` on all download/status responses; `Last-Modified` on status/download reflecting deterministic creation time.
- Quota headers `X-Stella-Quota-*` retained for consistency with EvidenceLocker/ExportCenter.
## Versioning & determinism
- OAS document served with `version: 1.0.0` and `x-stella-oas-revision` (UTC date string). No inline examples with non-deterministic timestamps; examples use `2025-01-01T00:00:00Z`.
- All example hashes use fixed placeholder `sha256:0123...deadbeef` to keep docs repeatable.
## Deliverables
- Publish OpenAPI YAML at `docs/modules/export-center/openapi/export-center.v1.yaml` matching the paths/schemas above.
- Link the `.yaml` from Sprint 0162 Delivery Tracker P10 and set status to DONE once published.
## Acceptance criteria
- All listed endpoints present in the YAML with request/response schemas and security scopes.
- Deterministic examples (fixed timestamps/hashes) and `ETag`/`Last-Modified` response headers documented.
- `/.well-known/openapi` discovery endpoint described with `ETag` and version headers.
## Next steps
- Generate the YAML (can seed from EvidenceLocker/Orchestrator style) and check into `docs/modules/export-center/openapi/export-center.v1.yaml`.
- Update SDK generator task (62-001) to depend on this OAS once merged.

18
docs/modules/export-center/prep/2025-11-20-export-oas-61-002-prep.md Normal file
View File

@@ -0,0 +1,18 @@
# Export OAS Discovery Prep — PREP-EXPORT-OAS-61-002-DEPENDS-ON-61-001
Status: Draft (2025-11-20)
Owners: Exporter Service Guild
Scope: Define the OpenAPI discovery endpoint once base OAS (61-001) is frozen.
## Requirements
- Endpoint: `GET /.well-known/openapi` (and `.json` alias) returning latest Exporter OAS.
- Headers: `ETag`, `Last-Modified`, `Cache-Control: public, max-age=300`; support `If-None-Match` for 304.
- Body: JSON with fields `{version, oas_url, checksum_sha256, generated_at, profiles_supported}` plus embedded OAS or link.
- Determinism: stable ordering of fields; checksum over canonical OAS JSON.
## Acceptance
- Once 61-001 OAS is fixed, publish generated OAS path and checksum into this doc and `docs/modules/export-center/api.md`.
- Add sample discovery response at `docs/events/samples/export-center.openapi.discovery@draft.json`.
## Handoff
Use this as the prep artefact for PREP-EXPORT-OAS-61-002-DEPENDS-ON-61-001. Update checksums/links when 61-001 finalizes, then mark implementation DOING.

18
docs/modules/export-center/prep/2025-11-20-export-oas-62-001-prep.md Normal file
View File

@@ -0,0 +1,18 @@
# Export SDK Prep — PREP-EXPORT-OAS-62-001-DEPENDS-ON-61-002
Status: Draft (2025-11-20)
Owners: Exporter Service Guild · SDK Generator Guild
Scope: Capture SDK generation requirements once discovery endpoint (61-002) is live.
## Requirements
- Inputs: stable OAS from 61-001, discovery metadata from 61-002.
- SDKs: Go, Python, C#, TypeScript. Must include streaming helpers for export downloads and polling helpers for long-running export jobs.
- Versioning: embed `x-sdk-version` matching OAS `version`; regenerate only on checksum change.
- Tests: smoke tests per SDK calling stubbed endpoints; deterministic snapshots for generated code hashes.
## Acceptance
- Record generated SDK artifact paths and checksums in this doc and `docs/modules/export-center/api.md`.
- Provide sample snippet paths under `docs/modules/export-center/samples/sdk/` per language.
## Handoff
Use this as the prep artefact for PREP-EXPORT-OAS-62-001-DEPENDS-ON-61-002. Update with actual checksums/paths after 61-002 and SDK generation are completed; then move implementation to DOING.

18
docs/modules/export-center/prep/2025-11-20-exporter-evidencelocker-blocker.md Normal file
View File

@@ -0,0 +1,18 @@
# EvidenceLocker Contract Blocker Prep — PREP-EXPORTER-SERVICE-EVIDENCELOCKER-GUILD-BL
Status: Draft (2025-11-20)
Owners: Planning · Exporter Service Guild · EvidenceLocker Guild
Scope: Document the blocker awaiting EvidenceLocker sealed bundle contract before ExportCenter implementation can proceed.
## Blocking items
- Sealed bundle schema/hash and DSSE layout from EvidenceLocker (Sprint 161).
- Sample sealed bundle + manifest checksum for DevPortal CLI dry run.
- Trust-root publication path and rotation policy aligned with `docs/security/crypto-registry-decision-2025-11-18.md`.
## Ready-to-start criteria
- Hash/version of sealed bundle schema recorded here and in Sprint 161 Decisions.
- Sample bundle placed under `docs/samples/export-center/bundles/` with SHA256 + DSSE envelope.
- Exporter service ingestion contract updated in `docs/modules/export-center/profiles.md`.
## Handoff
Use this document as the prep artefact for PREP-EXPORTER-SERVICE-EVIDENCELOCKER-GUILD-BL. Update once EvidenceLocker provides schema hash and sample bundle; then unblock export tasks. If not available by the next checkpoint, keep dependent tasks BLOCKED and escalate via Sprint 160/161.

22
docs/modules/findings-ledger/prep/2025-11-20-ledger-obs-54-001-prep.md
View File

@@ -1,12 +1,22 @@
# Ledger Observability Prep — PREP-LEDGER-OBS-54-001
Status: Draft (2025-11-20)
Status: Prep complete (2025-11-20)
Owners: Findings Ledger Guild · Provenance Guild
Scope: Minimal API surface for `/ledger/attestations` and observability hooks.
Scope: Minimal HTTP surface plus determinism/telemetry hooks for `/v1/ledger/attestations`.
## Needs
- HTTP surface spec (routes, auth scopes) to host `/ledger/attestations`.
- Telemetry fields to include provenance IDs.
## Agreed contract (PREP-LEDGER-OBS-54-001)
- HTTP surface published in `docs/modules/findings-ledger/prep/ledger-attestations-http.md`.
- Endpoint: `GET /v1/ledger/attestations` with tenant header `X-Stella-Tenant` and bearer scope `ledger.attest.read` (or mTLS).
- Filters: `artifactId`, `findingId`, `attestationId`, `status`, `sinceRecordedAt`, `untilRecordedAt`, `limit`.
- Ordering/pagination: deterministic by `recordedAt ASC, attestationId ASC`; pagination token encodes `{recordedAt, attestationId, filtersHash}`.
- Response shape (JSON or NDJSON): ids, verification status/time, DSSE digest, optional Rekor entry id, evidence bundle ref, source ledger event id, Merkle leaf + root hashes.
- Offline posture: no live Rekor calls; all hashes lowercase SHA-256; times UTC; deterministic sort only.
## Telemetry hooks
- Log events: `ledger.attestations.query` (tenant, filtersHash, limit, duration_ms, result_count).
- Metrics: `ledger_attestations_queries_total{tenant,status}`; `ledger_attestations_failures_total{reason}`.
- Tracing: span `ledger.attestations.query` with attributes `filtersHash`, `next_page_token_present`.
## Handoff
Use as PREP artefact; update once API contract is drafted.
- Use `docs/modules/findings-ledger/prep/ledger-attestations-http.md` as the binding prep artefact for LEDGER-OBS-54-001 / 55-001 implementation.
- Service scaffolding and OAS wiring land in LEDGER-OBS-54-001 once the web-service handler is added.

51
docs/modules/findings-ledger/prep/2025-11-20-ledger-packs-42-001-prep.md
View File

@@ -1,9 +1,52 @@
# Ledger Packs Snapshot Prep — PREP-LEDGER-PACKS-42-001
Status: Draft (2025-11-20)
Status: Prep complete (2025-11-20)
Owners: Findings Ledger Guild · Mirror Creator Guild
Scope: Snapshot/time-travel contract for packs simulation.
Scope: Snapshot/time-travel contract for packs simulation and offline CLI execution (PREP-LEDGER-PACKS-42-001).
## Needs
- Snapshot format and bundle layout for pack simulation/time-travel.
## Goals
- Provide deterministic, tenant-scoped snapshots that let pack runners/CLI replay ledger state offline.
- Allow “time-travel” queries (choose exact ledger sequence/cycle) to debug policy outcomes.
- Reuse existing export shapes where possible and avoid redundant DB projections.
## Surfaces
- `GET /v1/ledger/packs/snapshots`
- Headers: `X-Stella-Tenant` (required), bearer scope `ledger.packs.read`.
- Query: `atSequence` (long, optional), `atCycleHash` (string, optional), `sinceSequence` / `untilSequence` (long, optional), `page_size` (default 100, max 1000), `page_token`.
- Returns: list of available snapshot descriptors (JSON or NDJSON) sorted by `sequence ASC`.
- `GET /v1/ledger/packs/snapshots/{snapshotId}/download`
- Streams a gzip tarball containing the snapshot bundle (see layout).
- Supports `Accept: application/vnd.stella.pack-snapshot+tar` (default) or `application/x-ndjson` for manifest-only dry-run (no payload files) when `Prefer: return=representation` is absent.
## Snapshot descriptor fields
- `snapshot_id` (uuid, stable)
- `tenant`
- `base_sequence` (long) — earliest ledger event included
- `upper_sequence` (long) — last ledger event included (inclusive)
- `cycle_hash` (string) — Merkle cycle hash at `upper_sequence`
- `policy_version`, `projector_version`, `generator_version`
- `created_at` (ISO-8601 UTC)
- `approx_uncompressed_size_bytes`
- `content` summary: counts for `findings`, `vex`, `advisories`, `sboms`
## Bundle layout (tar.gz)
- `manifest.json`: descriptor above plus SHA-256 digests and lengths for each payload file.
- `findings.ndjson`: canonical finding shape matching `/ledger/export/findings`.
- `vex.ndjson`, `advisories.ndjson`, `sboms.ndjson`: same shapes/filters as export endpoints.
- `indexes/`: optional bloom/filter helpers for fast CLI lookup (`component_purl`, `advisory_id`, `risk_profile_version`).
- `provenance.json`: DSSE envelope with bundle hash, generator inputs (seed, source commit, policy version).
## Determinism and filters
- Snapshot is deterministic for a given `(tenant, base_sequence, upper_sequence, cycle_hash, policy_version)`.
- Page tokens: base64url JSON `{ "last": { "upper_sequence": long, "snapshot_id": uuid }, "filters_hash": sha256 }`.
- When `atCycleHash` is provided, server resolves the closest <=matching cycle and emits one descriptor; otherwise uses `untilSequence` or latest committed.
- No wall-clock dependence; `created_at` reflects generator runtime but is stored once and signed in provenance.
## Validation rules
- Reject overwrite if snapshot with identical `(tenant, upper_sequence, cycle_hash)` already published (idempotent response with existing `snapshot_id`).
- Reject if requested window crosses projector gap (missing sequences) with error `409` and `X-Stella-Gap-From/To`.
- Enforce `page_size` consistency across tokens; 400 on mismatch.
## Artefact location
- This prep: `docs/modules/findings-ledger/prep/2025-11-20-ledger-packs-42-001-prep.md`.
- Bundle schema is derived from export shapes in `docs/modules/findings-ledger/export-http-surface.md`; SDK/OAS plumbing to be added in LEDGER-PACKS-42-001 implementation.

49
docs/modules/findings-ledger/prep/2025-11-20-ledger-risk-66-prep.md
View File

@@ -1,11 +1,50 @@
# Ledger Risk Schema Prep — PREP-LEDGER-RISK-66-001/002
Status: Draft (2025-11-20)
Status: Prep complete (2025-11-20)
Owners: Findings Ledger Guild · Risk Engine Guild
Scope: Contract + data model for PREP-LEDGER-RISK-66-001/002 (risk scoring fields and deterministic upsert).
## Needs
- Risk engine schema/contract inputs: `risk_score`, `risk_severity`, `profile_version`, `explanation_id`, indexes.
- Migration plan to add fields.
## Field definitions (canonical finding projection)
- `risk_score` (numeric, 0100, 2dp) — monotonic per `(finding_id, profile_version)`; computed by Risk Engine.
- `risk_severity` (enum) — derived mapping: `critical >= 90`, `high >= 70`, `medium >= 40`, `low >= 10`, `informational < 10`.
- `risk_profile_version` (string) — semantic version of the scoring policy/profile; required.
- `risk_explanation_id` (uuid/string) — pointer to Risk Engine explanation payload stored in Risk service (not duplicated in ledger).
- `risk_event_sequence` (long) — ledger sequence of the last applied risk event; enforces monotonic updates.
- `risk_updated_at` (ISO-8601 UTC) — when the score was last written.
## Storage and indexes (MongoDB)
- Collection: `findings` (existing). Add fields above to the projection document.
- Unique compound index: `{ tenant: 1, finding_id: 1, risk_profile_version: 1 }`.
- Query helper index for exports/UI: `{ tenant: 1, risk_severity: 1, risk_score: -1, observed_at: -1 }`.
- TTL: none; scores are historical but superseded by deterministic upsert described below.
## Deterministic upsert flow (LEDGER-RISK-66-002)
1. Risk Engine emits `RiskScoreApplied` event with `{tenant, finding_id, profile_version, score, explanation_id, event_sequence}`.
2. Handler loads current projection by `(tenant, finding_id)`; compares `(profile_version, event_sequence)`:
- If incoming `event_sequence` < stored `risk_event_sequence` ignore (idempotent).
- If equal idempotent update allowed only when score/severity unchanged.
- If greater write new values and set `risk_event_sequence = event_sequence`.
3. All writes recorded in ledger append with same event_sequence for audit; projection updates deterministic by sequence ordering.
4. Exports (`/ledger/export/findings`) surface these fields; snapshot bundles reuse the same shape.
## API/SDK contract hooks
- OAS baseline will mark all four fields in the finding shapes (canonical + compact) as optional today, required once migrations finish.
- `/ledger/export/findings` filters: `risk_profile_version` (already reserved), add `risk_severity` and `risk_score_min/max` in the next OAS bump.
- UI/SDK must treat missing `risk_profile_version` as not yet scored”.
## Migration/rollout plan (LEDGER-RISK-66-001)
- Step 1: Add fields and indexes behind feature flag `RiskScoringEnabled` (default off).
- Step 2: Backfill for latest profile per tenant using Risk Engine batch export; write via deterministic upsert to enforce ordering.
- Step 3: Enable streaming ingestion of `RiskScoreApplied` events; monitor lag via metric `ledger_risk_score_apply_lag_seconds`.
- Step 4: Flip default for `RiskScoringEnabled` to on after backfill success criteria:
- 99.9% of existing findings have `risk_profile_version` populated.
- No rejected events due to sequence regressions in the last 24h.
- Step 5: Update OAS/SDK to mark fields required; notify UI/Export consumers.
## Observability
- Log: `ledger.risk.apply` with tenant, finding_id, profile_version, score, event_sequence, applied (bool).
- Metrics: `ledger_risk_apply_total{result}`; `ledger_risk_score_latest{severity}` gauges per tenant.
- Tracing: span `ledger.risk.apply` tagging `profile_version`, `event_sequence`, `idempotent`.
## Handoff
Use as PREP artefact; update when risk field definitions and rollout plan are available.
- This document is the prep artefact for PREP-LEDGER-RISK-66-001/002. Implementation tasks wire schema + deterministic upsert and extend exports/OAS accordingly.

37
docs/modules/findings-ledger/prep/ledger-attestation-verification-event.md Normal file
View File

@@ -0,0 +1,37 @@
# Verification Event Contract (attestations → ledger_attestations)
Status: Draft (2025-11-21)
Owners: Provenance Guild · Findings Ledger Guild
Purpose: unblock LEDGER-OBS-54-001 by defining the ingestion event emitted by the verifier so we can populate `ledger_attestations`.
```
event_type: verification.attestation.completed
payload:
tenant_id: string (required)
attestation_id: uuid (required)
artifact_id: string (required; OCI digest or SBOM id)
finding_id: string (optional)
verification_status: string enum [verified, failed, unknown] (required)
verification_time: string (ISO-8601 UTC, required)
dsse_digest: string (sha256, lowercase, required)
rekor_entry_id: string (optional)
evidence_bundle_ref: string (optional)
merkle_leaf_hash: string (sha256, required)
root_hash: string (sha256, required)
cycle_hash: string (required)
projection_version: string (required)
```
Ordering/monotonicity:
- Events are emitted with a ledger `sequence_no`. Ingestion must ignore any verification event with `sequence_no` less than the stored `risk_event_sequence` for the same `(tenant_id, attestation_id)`.
Determinism for ingestion:
- Sort by `(sequence_no ASC, attestation_id ASC)` before upsert.
- Upsert target: `ledger_attestations` (see `004_ledger_attestations.sql`).
Open question:
- Should `verification_status` include `expired`/`revoked`? Need decision before marking schema final.
Next step:
- Once the verifier confirms this payload, wire ingestion job to project into `ledger_attestations` and flip LEDGER-OBS-54-001 to DOING.

1
docs/modules/findings-ledger/prep/ledger-attestations-http.md
View File

@@ -35,4 +35,5 @@
## Artefact location
- This prep doc: `docs/modules/findings-ledger/prep/ledger-attestations-http.md`.
- Storage/view contract: `docs/modules/findings-ledger/prep/ledger-attestations-storage.md`.
- Add path to OAS in a follow-on increment (LEDGER-OAS-61-002/63-001) once approved.

54
docs/modules/findings-ledger/prep/ledger-attestations-storage.md Normal file
View File

@@ -0,0 +1,54 @@
# Ledger Attestations Storage & Query Contract (LEDGER-OBS-54-001)
Status: PrepComplete (2025-11-20)
Owners: Findings Ledger Guild · Provenance Guild
## Goal
Provide a deterministic storage/view contract so the `/v1/ledger/attestations` endpoint can be implemented without further design work.
## Table (proposed)
- Name: `ledger_attestations`
- Partitioning: tenant-scoped (same strategy as `ledger_events`).
- Columns:
- `tenant_id` (text, not null)
- `attestation_id` (uuid, not null)
- `artifact_id` (text, not null) — OCI digest or SBOM id
- `finding_id` (text, null)
- `verification_status` (text, not null; `verified|failed|unknown`)
- `verification_time` (timestamptz, not null)
- `dsse_digest` (text, not null; lowercase sha256)
- `rekor_entry_id` (text, null)
- `evidence_bundle_ref` (text, null)
- `ledger_event_id` (uuid, not null) — source ledger event linking the attestation
- `recorded_at` (timestamptz, not null)
- `merkle_leaf_hash` (text, not null)
- `root_hash` (text, not null)
- `cycle_hash` (text, not null)
- `projection_version` (text, not null)
## Indexes / ordering
- PK: `(tenant_id, attestation_id)`
- Paging index: `(tenant_id, recorded_at, attestation_id)` to back deterministic sort `recorded_at ASC, attestation_id ASC`.
- Lookup indexes:
- `(tenant_id, artifact_id, recorded_at DESC)`
- `(tenant_id, finding_id, recorded_at DESC)`
- `(tenant_id, verification_status, recorded_at DESC)`
## Query contract for `/v1/ledger/attestations`
- Filters map to indexed columns: `artifactId`, `findingId`, `attestationId`, `status`, `sinceRecordedAt`, `untilRecordedAt`.
- Pagination token encodes `{ recordedAt, attestationId, filtersHash }`; server must reject mismatched hash.
- Response fields align 1:1 with columns above; no joins required.
- Determinism: sort strictly by `(recorded_at ASC, attestation_id ASC)`; no server clocks in payload.
## Migration notes
- Add table and indexes in the same migration (see `src/Findings/StellaOps.Findings.Ledger/migrations/004_ledger_attestations.sql`).
- Backfill from existing provenance/verification store (if present) into this table with recorded_at = original verification timestamp.
- Ensure writes/coalescing happen via ledger projections to keep `ledger_event_id`/`cycle_hash` consistent.
## Observability
- Logs: `ledger.attestations.query` (tenant, filtersHash, limit, duration_ms, result_count).
- Metrics: `ledger_attestations_queries_total{tenant,status}`, `ledger_attestations_failures_total{reason}`; reuse endpoint spans already defined in prep doc.
## Artefact location
- Storage contract: `docs/modules/findings-ledger/prep/ledger-attestations-storage.md`
- HTTP contract: `docs/modules/findings-ledger/prep/ledger-attestations-http.md`

5
docs/modules/findings-ledger/schema.md
View File

@@ -161,6 +161,10 @@ Stores the latest verdict/state per finding.
| `policy_version` | `text` | Active policy digest. |
| `status` | `text` | e.g., `affected`, `triaged`, `accepted_risk`, `resolved`. |
| `severity` | `numeric(6,3)` | Normalised severity score (0-10). |
| `risk_score` | `numeric(6,3)` | Risk scoring result (0-10) from Risk Engine/Policy. |
| `risk_severity` | `text` | Risk category (e.g., `low`, `medium`, `high`, `critical`). |
| `risk_profile_version` | `text` | Risk profile hash/version used for scoring. |
| `risk_explanation_id` | `uuid` | Reference to risk explanation document. |
| `labels` | `jsonb` | Key-value metadata (tags, KEV flag, runtime signals). |
| `current_event_id` | `uuid` | Ledger event that produced this state. |
| `explain_ref` | `text` | Reference to explain bundle or object storage key. |
@@ -173,6 +177,7 @@ Primary key: `(tenant_id, finding_id, policy_version)`.
Indexes:
- `ix_projection_status` on `(tenant_id, status, severity DESC)`.
- `ix_projection_risk` on `(tenant_id, risk_severity, risk_score DESC)`.
- `ix_projection_labels_gin` using `labels` GIN for KEV/runtime filters.
### 4.2 `finding_history`

12
docs/modules/graph/prep/2025-11-20-ops-0001-prep.md Normal file
View File

@@ -0,0 +1,12 @@
# Graph Ops Prep — PREP-GRAPH-OPS-0001
Status: Draft (2025-11-20)
Owners: Ops Guild
Scope: Capture dashboard/runbook updates pending next demo outputs.
## Needs
- Latest demo metrics/dashboards to review.
- Runbook sections to update once demo outputs land.
## Handoff
Use as prep artefact; update after next demo provides dashboards/runbooks.

12
docs/modules/notifier/prep/2025-11-20-ten-48-001-prep.md Normal file
View File

@@ -0,0 +1,12 @@
# Notifier Tenancy Prep — PREP-NOTIFY-TEN-48-001
Status: Draft (2025-11-20)
Owners: Notifications Service Guild
Scope: Tenancy model and DAL/routes for Notifier (depends on Notifier II sprint).
## Needs
- Tenancy model decision; DAL/routes for tenant context in Notifier WebService.
- Alignment with Notifier II scope (Sprint 0172).
## Handoff
Use as prep artefact; update when tenancy model is published.

21
docs/modules/orchestrator/prep/2025-11-20-oas-63-001-prep.md Normal file
View File

@@ -0,0 +1,21 @@
# Orchestrator OAS Deprecations Prep — PREP-ORCH-OAS-63-001-DEPENDS-ON-62-001
Status: Draft (2025-11-20)
Owners: Orchestrator Service Guild · API Governance Guild
Scope: Define deprecation headers/docs for legacy orchestrator endpoints once OAS 61/62 are finalized.
## Dependencies
- Final OAS base (61-001) and discovery (62-001).
- List of endpoints to deprecate and replacement mapping.
## Proposed contract
- Add `Deprecation` header and `Link` rel="alternate" to new endpoints.
- Update OAS with `deprecated: true` and description of replacement.
- Include changelog section and example responses showing headers.
## Acceptance
- Replacement map documented in this file and in `docs/modules/orchestrator/api.md` once OAS is regenerated.
- Sample response with deprecation headers under `docs/modules/orchestrator/samples/orch-deprecation@draft.json`.
## Handoff
Use this prep doc to satisfy PREP-ORCH-OAS-63-001-DEPENDS-ON-62-001. Update after 61/62 freeze; then mark task DONE and proceed with implementation.

11
docs/modules/orchestrator/prep/2025-11-20-ten-48-001-prep.md Normal file
View File

@@ -0,0 +1,11 @@
# Orchestrator Tenancy Prep — PREP-ORCH-TEN-48-001
Status: Draft (2025-11-20)
Owners: Orchestrator Service Guild
Scope: WebService job DAL/routes tenancy context prior to enforcement.
## Needs
- Tenant context plumbing and RLS rules for job DAL/routes.
## Handoff
Use as prep artefact; update once tenancy model decisions are finalized.

25
docs/modules/policy/prep/2025-11-20-advisory-ai-knobs-prep.md Normal file
View File

@@ -0,0 +1,25 @@
# Advisory AI Knobs Prep — PREP-POLICY-ENGINE-31-001-ADVISORY-AI-KNOBS-R
Status: Draft (2025-11-20)
Owners: Policy Guild
Scope: Outline the configuration knobs for Advisory AI scoring once trust weighting (30-101) is defined.
## Dependencies
- Trust weighting API/contracts (30-101).
- Advisory AI signal list and confidence model (not yet finalized).
## Draft configuration fields
- `weights` (from 30-101) applied to AI-produced signals.
- `knobs[]` array of `{name, default_value, min, max, step, description}` for:
- `ai_signal_weight`
- `reachability_boost`
- `time_decay_half_life_days`
- `evidence_freshness_threshold_hours`
- Output preview: recomputed severity/exploitability per advisory/component.
## Acceptance to close PREP
- Map knobs to actual AI signals once published; confirm allowed ranges.
- Document schema at `docs/modules/policy/schemas/advisory-ai-knobs@draft.json` and sample request at `docs/modules/policy/samples/advisory-ai-knobs@draft.json`.
## Handoff
Use this document as the prep artefact for PREP-POLICY-ENGINE-31-001-ADVISORY-AI-KNOBS-R. Update with final signal list and ranges once trust weighting is frozen.

21
docs/modules/policy/prep/2025-11-20-batch-context-prep.md Normal file
View File

@@ -0,0 +1,21 @@
# Batch Context Endpoint Prep — PREP-POLICY-ENGINE-31-002-BATCH-CONTEXT-ENDPO
Status: Draft (2025-11-20)
Owners: Policy Guild
Scope: Define the batch context endpoint contract that builds on Advisory AI knobs (31-001) and trust weighting outputs.
## Dependencies
- Final knobs list from 31-001.
- Policy profile schema (hash + version) from 30-001 overlays.
## Draft API surface
- `POST /policy/batch/context` with payload: `{tenant_id, policy_profile_hash, knobs_version, overlay_hash, items:[{component_purl, advisory_id}], options:{include_reachability:boolean}}`.
- Response: `{context_id, expires_at, knobs_version, overlay_hash, items:[{component_purl, advisory_id, status, trace_ref}]}`.
- Determinism: items sorted by `(component_purl, advisory_id)`; `context_id` derived as hash of request payload.
## Acceptance to close PREP
- Align fields with 31-001 knobs and 30-001 overlay schema; record hashes/versions.
- Save draft schema at `docs/modules/policy/schemas/policy-batch-context@draft.json` and sample at `docs/modules/policy/samples/policy-batch-context@draft.json`.
## Handoff
Use this document as the prep artefact for PREP-POLICY-ENGINE-31-002-BATCH-CONTEXT-ENDPO. Update when knobs and overlays freeze; then move implementation to DOING.

23
docs/modules/policy/prep/2025-11-20-change-events-prep.md Normal file
View File

@@ -0,0 +1,23 @@
# Change Events Prep — PREP-POLICY-ENGINE-30-003-CHANGE-EVENTS-DEPEN
Status: Draft (2025-11-20)
Owners: Policy Guild · Scheduler Guild · Cartographer Guild
Scope: Define the change-event payload and scheduling expectations following simulation bridge (30-002).
## Dependencies
- Simulation bridge output schema (30-002).
- Scheduler delivery channel (NATS/Redis) subject names and dedupe policy.
## Draft event envelope
- `event_type`: `policy.overlay.change`
- Fields: `tenant_id`, `overlay_hash`, `policy_profile_hash`, `simulation_id?`, `changes[]` (array of `{component_purl, advisory_id, prev_status, new_status, severity_delta?, trace_ref}`), `occurred_at` (UTC), `event_id` (deterministic ID = hash of overlay_hash + timestamp).
- Transport: propose NATS subject `policy.overlay.change` with durable stream; idempotency key = `event_id`.
- Observability: counter `policy_overlay_change_total{tenant,result}`; log template includes overlay_hash, event_id, change_count.
## Acceptance to close PREP
- Subject/stream names confirmed with Scheduler.
- JSON schema stub saved at `docs/modules/policy/schemas/policy-overlay-change@draft.json`.
- Sample event at `docs/modules/policy/samples/policy-overlay-change@draft.json`.
## Handoff
This document serves as the prep artefact for PREP-POLICY-ENGINE-30-003-CHANGE-EVENTS-DEPEN. Update once 30-002 finalizes schema/subject; then unblock the implementation task.

Some files were not shown because too many files have changed in this diff Show More