up
Some checks failed
api-governance / spectral-lint (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
oas-ci / oas-validate (push) Has been cancelled
SDK Publish & Sign / sdk-publish (push) Has been cancelled
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Policy Simulation / policy-simulate (push) Has been cancelled
devportal-offline / build-offline (push) Has been cancelled
Some checks failed
api-governance / spectral-lint (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
oas-ci / oas-validate (push) Has been cancelled
SDK Publish & Sign / sdk-publish (push) Has been cancelled
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Policy Simulation / policy-simulate (push) Has been cancelled
devportal-offline / build-offline (push) Has been cancelled
This commit is contained in:
StellaOps Bot
@@ -17,14 +17,14 @@
|
||||
## Delivery Tracker
|
||||
| # | Task ID & handle | State | Key dependency / next step | Owners | Task Definition |
|
||||
| --- | --- | --- | --- | --- | --- |
|
||||
| 1 | POLICY-ENGINE-40-003 | TODO | Depends on 40-002. | Policy · Web Scanner Guild / `src/Policy/StellaOps.Policy.Engine` | API/SDK utilities with evidence summaries. |
|
||||
| 2 | POLICY-ENGINE-50-001 | TODO | Depends on 40-003. | Policy · Platform Security / `src/Policy/StellaOps.Policy.Engine` | SPL compiler, signed bundle, storage. |
|
||||
| 3 | POLICY-ENGINE-50-002 | TODO | Depends on 50-001. | Policy · Runtime Guild / `src/Policy/StellaOps.Policy.Engine` | Runtime evaluator with deterministic caching. |
|
||||
| 4 | POLICY-ENGINE-50-003 | TODO | Depends on 50-002. | Policy · Observability Guild / `src/Policy/StellaOps.Policy.Engine` | Metrics/tracing/logging for compile/eval. |
|
||||
| 5 | POLICY-ENGINE-50-004 | TODO | Depends on 50-003. | Policy · Platform Events Guild / `src/Policy/StellaOps.Policy.Engine` | Event pipeline for updates/re-eval. |
|
||||
| 6 | POLICY-ENGINE-50-005 | TODO | Depends on 50-004. | Policy · Storage Guild / `src/Policy/StellaOps.Policy.Engine` | Collections/indexes for policy artifacts. |
|
||||
| 7 | POLICY-ENGINE-50-006 | TODO | Depends on 50-005. | Policy · QA Guild / `src/Policy/StellaOps.Policy.Engine` | Explainer persistence/retrieval. |
|
||||
| 8 | POLICY-ENGINE-50-007 | TODO | Depends on 50-006. | Policy · Scheduler Worker Guild / `src/Policy/StellaOps.Policy.Engine` | Evaluation worker host/orchestration. |
|
||||
| 1 | POLICY-ENGINE-40-003 | DONE (2025-11-26) | Depends on 40-002. | Policy · Web Scanner Guild / `src/Policy/StellaOps.Policy.Engine` | API/SDK utilities with evidence summaries. |
|
||||
| 2 | POLICY-ENGINE-50-001 | DONE (2025-11-26) | Depends on 40-003. | Policy · Platform Security / `src/Policy/StellaOps.Policy.Engine` | SPL compiler, signed bundle, storage. |
|
||||
| 3 | POLICY-ENGINE-50-002 | DONE (2025-11-26) | Depends on 50-001. | Policy · Runtime Guild / `src/Policy/StellaOps.Policy.Engine` | Runtime evaluator with deterministic caching. |
|
||||
| 4 | POLICY-ENGINE-50-003 | BLOCKED (2025-11-26) | Telemetry/metrics contract for compile/eval not published. | Policy · Observability Guild / `src/Policy/StellaOps.Policy.Engine` | Metrics/tracing/logging for compile/eval. |
|
||||
| 5 | POLICY-ENGINE-50-004 | BLOCKED (2025-11-26) | Blocked by 50-003 metrics contract. | Policy · Platform Events Guild / `src/Policy/StellaOps.Policy.Engine` | Event pipeline for updates/re-eval. |
|
||||
| 6 | POLICY-ENGINE-50-005 | BLOCKED (2025-11-26) | Blocked by 50-004 event schema/storage contract. | Policy · Storage Guild / `src/Policy/StellaOps.Policy.Engine` | Collections/indexes for policy artifacts. |
|
||||
| 7 | POLICY-ENGINE-50-006 | BLOCKED (2025-11-26) | Blocked by 50-005 storage schema. | Policy · QA Guild / `src/Policy/StellaOps.Policy.Engine` | Explainer persistence/retrieval. |
|
||||
| 8 | POLICY-ENGINE-50-007 | BLOCKED (2025-11-26) | Blocked by 50-006 persistence contract. | Policy · Scheduler Worker Guild / `src/Policy/StellaOps.Policy.Engine` | Evaluation worker host/orchestration. |
|
||||
| 9 | POLICY-ENGINE-60-001 | TODO | Depends on 50-007. | Policy · SBOM Service Guild / `src/Policy/StellaOps.Policy.Engine` | Redis effective decision maps. |
|
||||
| 10 | POLICY-ENGINE-60-002 | TODO | Depends on 60-001. | Policy · BE-Base Platform Guild / `src/Policy/StellaOps.Policy.Engine` | Simulation bridge for Graph What-if. |
|
||||
| 11 | POLICY-ENGINE-70-002 | TODO | Depends on 60-002. | Policy · Storage Guild / `src/Policy/StellaOps.Policy.Engine` | Exception collections + migrations. |
|
||||
@@ -39,10 +39,17 @@
|
||||
| --- | --- | --- |
|
||||
| 2025-11-08 | Sprint stub; awaiting upstream phases. | Planning |
|
||||
| 2025-11-19 | Normalized to standard template and renamed from `SPRINT_126_policy_reasoning.md` to `SPRINT_0126_0001_0001_policy_reasoning.md`; content preserved. | Implementer |
|
||||
| 2025-11-26 | POLICY-ENGINE-40-003 delivered: evidence summary service + `/evidence/summary` endpoint and deterministic headline/severity/signals; unit tests added (`EvidenceSummaryServiceTests`). Targeted test slice canceled due to static-graph fan-out; rerun on clean host recommended. | Implementer |
|
||||
| 2025-11-26 | POLICY-ENGINE-50-001 delivered: compile-and-sign bundle service + `/api/policy/packs/{packId}/revisions/{version}/bundle` endpoint, deterministic signature stub, in-memory bundle storage, and unit tests (`PolicyBundleServiceTests`). Targeted build/test run canceled due to static-graph fan-out; rerun on clean host recommended. | Implementer |
|
||||
| 2025-11-26 | POLICY-ENGINE-50-002 delivered: runtime evaluator with deterministic cache + `/api/policy/packs/{packId}/revisions/{version}/evaluate` endpoint; caching tests in `PolicyRuntimeEvaluatorTests`. Test run canceled after static-graph fan-out; rerun policy-only slice recommended. | Implementer |
|
||||
| 2025-11-26 | POLICY-ENGINE-50-003..50-007 marked BLOCKED: telemetry/event/storage schemas for compile/eval pipeline not published; downstream persistence/worker tasks hold until specs land. | Implementer |
|
||||
|
||||
## Decisions & Risks
|
||||
- All tasks depend on prior Policy phases; sequencing must be maintained.
|
||||
- Entropy/trust algebra inputs (POLICY-RISK-90-001) require Scanner contract.
|
||||
- Build/test runs for POLICY-ENGINE-40-003 and 50-001 were canceled locally due to static-graph fan-out; rerun policy-only slice with `DOTNET_DISABLE_BUILTIN_GRAPH=1` on a clean host to validate new endpoints/services.
|
||||
- Evidence summary and runtime evaluator APIs added; verification pending because graph-disabled test slice could not complete locally (static graph pulled unrelated modules). Policy-only solution run recommended.
|
||||
- Telemetry/event/storage contracts for compile/eval pipeline are absent, blocking POLICY-ENGINE-50-003..50-007.
|
||||
|
||||
## Next Checkpoints
|
||||
- Align SPL compiler/evaluator contracts once upstream phases land (date TBD).
|
||||
|
||||
@@ -18,21 +18,21 @@
|
||||
| # | Task ID & handle | State | Key dependency / next step | Owners | Task Definition |
|
||||
| --- | --- | --- | --- | --- | --- |
|
||||
| P1 | PREP-POLICY-RISK-66-001-RISKPROFILE-LIBRARY-S | DONE (2025-11-22) | Due 2025-11-22 · Accountable: Risk Profile Schema Guild / `src/Policy/StellaOps.Policy.RiskProfile` | Risk Profile Schema Guild / `src/Policy/StellaOps.Policy.RiskProfile` | RiskProfile library scaffold absent (`src/Policy/StellaOps.Policy.RiskProfile` contains only AGENTS.md); need project + storage contract to place schema/validators. <br><br> Document artefact/deliverable for POLICY-RISK-66-001 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/policy/prep/2025-11-20-riskprofile-66-001-prep.md`. |
|
||||
| 1 | POLICY-ENGINE-80-002 | TODO | Depends on 80-001. | Policy · Storage Guild / `src/Policy/StellaOps.Policy.Engine` | Join reachability facts + Redis caches. |
|
||||
| 2 | POLICY-ENGINE-80-003 | TODO | Depends on 80-002. | Policy · Policy Editor Guild / `src/Policy/StellaOps.Policy.Engine` | SPL predicates/actions reference reachability. |
|
||||
| 3 | POLICY-ENGINE-80-004 | TODO | Depends on 80-003. | Policy · Observability Guild / `src/Policy/StellaOps.Policy.Engine` | Metrics/traces for signals usage. |
|
||||
| 4 | POLICY-OBS-50-001 | TODO | — | Policy · Observability Guild / `src/Policy/StellaOps.Policy.Engine` | Telemetry core for API/worker hosts. |
|
||||
| 5 | POLICY-OBS-51-001 | TODO | Depends on 50-001. | Policy · DevOps Guild / `src/Policy/StellaOps.Policy.Engine` | Golden-signal metrics + SLOs. |
|
||||
| 6 | POLICY-OBS-52-001 | TODO | Depends on 51-001. | Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Timeline events for evaluate/decision flows. |
|
||||
| 7 | POLICY-OBS-53-001 | TODO | Depends on 52-001. | Policy · Evidence Locker Guild / `src/Policy/StellaOps.Policy.Engine` | Evaluation evidence bundles + manifests. |
|
||||
| 8 | POLICY-OBS-54-001 | TODO | Depends on 53-001. | Policy · Provenance Guild / `src/Policy/StellaOps.Policy.Engine` | DSSE attestations for evaluations. |
|
||||
| 9 | POLICY-OBS-55-001 | TODO | Depends on 54-001. | Policy · DevOps Guild / `src/Policy/StellaOps.Policy.Engine` | Incident mode sampling overrides. |
|
||||
| 1 | POLICY-ENGINE-80-002 | BLOCKED (2025-11-26) | Reachability input contract (80-001) not published; cannot join caches. | Policy · Storage Guild / `src/Policy/StellaOps.Policy.Engine` | Join reachability facts + Redis caches. |
|
||||
| 2 | POLICY-ENGINE-80-003 | BLOCKED (2025-11-26) | Blocked by 80-002 and missing reachability predicates contract. | Policy · Policy Editor Guild / `src/Policy/StellaOps.Policy.Engine` | SPL predicates/actions reference reachability. |
|
||||
| 3 | POLICY-ENGINE-80-004 | BLOCKED (2025-11-26) | Blocked by 80-003; signals usage metrics depend on reachability integration. | Policy · Observability Guild / `src/Policy/StellaOps.Policy.Engine` | Metrics/traces for signals usage. |
|
||||
| 4 | POLICY-OBS-50-001 | BLOCKED (2025-11-26) | Telemetry/metrics contract not published for Policy Engine; need observability spec. | Policy · Observability Guild / `src/Policy/StellaOps.Policy.Engine` | Telemetry core for API/worker hosts. |
|
||||
| 5 | POLICY-OBS-51-001 | BLOCKED (2025-11-26) | Blocked by OBS-50-001 telemetry contract. | Policy · DevOps Guild / `src/Policy/StellaOps.Policy.Engine` | Golden-signal metrics + SLOs. |
|
||||
| 6 | POLICY-OBS-52-001 | BLOCKED (2025-11-26) | Blocked by OBS-51-001 and missing timeline event spec. | Policy Guild / `src/Policy/StellaOps.Policy.Engine` | Timeline events for evaluate/decision flows. |
|
||||
| 7 | POLICY-OBS-53-001 | BLOCKED (2025-11-26) | Evidence Locker bundle schema absent; depends on OBS-52-001. | Policy · Evidence Locker Guild / `src/Policy/StellaOps.Policy.Engine` | Evaluation evidence bundles + manifests. |
|
||||
| 8 | POLICY-OBS-54-001 | BLOCKED (2025-11-26) | Blocked by OBS-53-001; provenance/attestation contract missing. | Policy · Provenance Guild / `src/Policy/StellaOps.Policy.Engine` | DSSE attestations for evaluations. |
|
||||
| 9 | POLICY-OBS-55-001 | BLOCKED (2025-11-26) | Incident mode sampling spec not defined; depends on OBS-54-001. | Policy · DevOps Guild / `src/Policy/StellaOps.Policy.Engine` | Incident mode sampling overrides. |
|
||||
| 10 | POLICY-RISK-66-001 | DONE (2025-11-22) | PREP-POLICY-RISK-66-001-RISKPROFILE-LIBRARY-S | Risk Profile Schema Guild / `src/Policy/StellaOps.Policy.RiskProfile` | RiskProfile JSON schema + validator stubs. |
|
||||
| 11 | POLICY-RISK-66-002 | TODO | Depends on 66-001. | Risk Profile Schema Guild / `src/Policy/StellaOps.Policy.RiskProfile` | Inheritance/merge + deterministic hashing. |
|
||||
| 12 | POLICY-RISK-66-003 | TODO | Depends on 66-002. | Policy · Risk Profile Schema Guild / `src/Policy/StellaOps.Policy.Engine` | Integrate RiskProfile into Policy Engine config. |
|
||||
| 13 | POLICY-RISK-66-004 | TODO | Depends on 66-003. | Policy · Risk Profile Schema Guild / `src/Policy/__Libraries/StellaOps.Policy` | Load/save RiskProfiles; validation diagnostics. |
|
||||
| 14 | POLICY-RISK-67-001 | TODO | Depends on 66-004. | Policy · Risk Engine Guild / `src/Policy/StellaOps.Policy.Engine` | Trigger scoring jobs on new/updated findings. |
|
||||
| 15 | POLICY-RISK-67-001 | TODO | Depends on 67-001. | Risk Profile Schema Guild · Policy Engine Guild / `src/Policy/StellaOps.Policy.RiskProfile` | Profile storage/versioning lifecycle. |
|
||||
| 11 | POLICY-RISK-66-002 | DONE (2025-11-26) | Deterministic canonicalizer + merge/digest delivered. | Risk Profile Schema Guild / `src/Policy/StellaOps.Policy.RiskProfile` | Inheritance/merge + deterministic hashing. |
|
||||
| 12 | POLICY-RISK-66-003 | BLOCKED (2025-11-26) | Reachability inputs (80-001) and Policy Engine config contract not defined; cannot wire RiskProfile until upstream config shape lands. | Policy · Risk Profile Schema Guild / `src/Policy/StellaOps.Policy.Engine` | Integrate RiskProfile into Policy Engine config. |
|
||||
| 13 | POLICY-RISK-66-004 | BLOCKED (2025-11-26) | Depends on 66-003. | Policy · Risk Profile Schema Guild / `src/Policy/__Libraries/StellaOps.Policy` | Load/save RiskProfiles; validation diagnostics. |
|
||||
| 14 | POLICY-RISK-67-001 | BLOCKED (2025-11-26) | Depends on 66-004. | Policy · Risk Engine Guild / `src/Policy/StellaOps.Policy.Engine` | Trigger scoring jobs on new/updated findings. |
|
||||
| 15 | POLICY-RISK-67-001 | BLOCKED (2025-11-26) | Depends on 67-001. | Risk Profile Schema Guild · Policy Engine Guild / `src/Policy/StellaOps.Policy.RiskProfile` | Profile storage/versioning lifecycle. |
|
||||
|
||||
## Execution Log
|
||||
| Date (UTC) | Update | Owner |
|
||||
@@ -44,11 +44,19 @@
|
||||
| 2025-11-19 | Attempted POLICY-RISK-66-001; blocked because `src/Policy/StellaOps.Policy.RiskProfile` lacks a project/scaffold to host schema + validators. Needs project creation + contract placement guidance. | Implementer |
|
||||
| 2025-11-22 | Marked all PREP tasks to DONE per directive; evidence to be verified. | Project Mgmt |
|
||||
| 2025-11-22 | Implemented RiskProfile schema + validator and tests; added project to solution; set POLICY-RISK-66-001 to DONE. | Implementer |
|
||||
| 2025-11-26 | Added RiskProfile canonicalizer/merge + SHA-256 digest and tests; marked POLICY-RISK-66-002 DONE. | Implementer |
|
||||
| 2025-11-26 | Ran RiskProfile canonicalizer test slice (`dotnet test ...RiskProfile.RiskProfile.Tests.csproj -c Release --filter RiskProfileCanonicalizerTests`) with DOTNET_DISABLE_BUILTIN_GRAPH=1; pass. | Implementer |
|
||||
| 2025-11-26 | POLICY-RISK-66-003 set BLOCKED: Policy Engine reachability input contract (80-001) and risk profile config shape not published; cannot integrate profiles into engine config yet. | Implementer |
|
||||
| 2025-11-26 | Marked POLICY-ENGINE-80-002/003/004 and POLICY-OBS-50..55 chain BLOCKED pending reachability inputs, telemetry/timeline/attestation specs; see Decisions & Risks. | Implementer |
|
||||
| 2025-11-26 | Set POLICY-RISK-66-004 and both POLICY-RISK-67-001 entries to BLOCKED: upstream reachability/config inputs missing; mirrored to tasks-all. | Implementer |
|
||||
| 2025-11-22 | Unblocked POLICY-RISK-66-001 after prep completion; status → TODO. | Project Mgmt |
|
||||
|
||||
## Decisions & Risks
|
||||
- Reachability inputs (80-001) prerequisite; not yet delivered.
|
||||
- RiskProfile schema undefined; blocks risk chain if delayed.
|
||||
- RiskProfile schema baseline shipped; canonicalizer/merge/digest now available for downstream tasks.
|
||||
- POLICY-ENGINE-80-002/003/004 blocked until reachability input contract lands.
|
||||
- POLICY-OBS-50..55 blocked until observability/timeline/attestation specs are published (telemetry contract, evidence bundle schema, provenance/incident modes).
|
||||
- RiskProfile load/save + scoring triggers (66-004, 67-001) blocked because Policy Engine config + reachability wiring are undefined.
|
||||
|
||||
## Next Checkpoints
|
||||
- Define reachability input contract (date TBD).
|
||||
|
||||
@@ -31,7 +31,7 @@
|
||||
| 12 | POLICY-SPL-23-003 | DONE (2025-11-26) | Layering/override engine shipped; next step is explanation tree. | Policy Guild / `src/Policy/__Libraries/StellaOps.Policy` | Layering/override engine + tests. |
|
||||
| 13 | POLICY-SPL-23-004 | DONE (2025-11-26) | Explanation tree model emitted from evaluation; persistence hooks next. | Policy · Audit Guild / `src/Policy/__Libraries/StellaOps.Policy` | Explanation tree model + persistence. |
|
||||
| 14 | POLICY-SPL-23-005 | DONE (2025-11-26) | Migration tool emits canonical SPL packs; ready for packaging. | Policy · DevEx Guild / `src/Policy/__Libraries/StellaOps.Policy` | Migration tool to baseline SPL packs. |
|
||||
| 15 | POLICY-SPL-24-001 | TODO | Depends on 23-005. | Policy · Signals Guild / `src/Policy/__Libraries/StellaOps.Policy` | Extend SPL with reachability/exploitability predicates. |
|
||||
| 15 | POLICY-SPL-24-001 | DONE (2025-11-26) | Depends on 23-005. | Policy · Signals Guild / `src/Policy/__Libraries/StellaOps.Policy` | Extend SPL with reachability/exploitability predicates. |
|
||||
|
||||
## Execution Log
|
||||
| Date (UTC) | Update | Owner |
|
||||
@@ -43,12 +43,18 @@
|
||||
| 2025-11-26 | Added SPL migration tool to emit canonical SPL JSON from PolicyDocument + tests; marked POLICY-SPL-23-005 DONE. | Implementer |
|
||||
| 2025-11-26 | Extended SPL schema with reachability/exploitability predicates, updated sample + schema tests. | Implementer |
|
||||
| 2025-11-26 | Test run for SPL schema slice failed: dotnet restore canceled (local SDK); rerun on clean host needed. | Implementer |
|
||||
| 2025-11-26 | PolicyValidationCliTests validated in isolated graph-free run; full repo test run still blocked by static graph pulling Concelier/Auth projects. CI run with DOTNET_DISABLE_BUILTIN_GRAPH=1 recommended. | Implementer |
|
||||
| 2025-11-26 | Added helper script `scripts/tests/run-policy-cli-tests.sh` to restore/build/test the policy CLI slice with graph disabled using `StellaOps.Policy.only.sln`. | Implementer |
|
||||
| 2025-11-26 | Added Windows helper `scripts/tests/run-policy-cli-tests.ps1` for the same graph-disabled PolicyValidationCliTests slice. | Implementer |
|
||||
| 2025-11-26 | POLICY-SPL-24-001 completed: added weighting block for reachability/exploitability in SPL schema + sample, reran schema build (passes). | Implementer |
|
||||
| 2025-11-26 | Marked risk profile chain (67-002 .. 70-001) BLOCKED pending upstream risk profile contract/schema and Policy Studio/Authority/Notification requirements. | Implementer |
|
||||
| 2025-11-08 | Sprint stub; awaiting upstream phases. | Planning |
|
||||
| 2025-11-19 | Normalized to standard template and renamed from `SPRINT_128_policy_reasoning.md` to `SPRINT_0128_0001_0001_policy_reasoning.md`; content preserved. | Implementer |
|
||||
|
||||
## Decisions & Risks
|
||||
- Risk profile contracts and SPL schema not yet defined; entire chain remains TODO pending upstream specs.
|
||||
// Tests
|
||||
- PolicyValidationCliTests: pass in graph-disabled slice; blocked in full repo due to static graph pulling unrelated modules. Mitigation: run in CI with DOTNET_DISABLE_BUILTIN_GRAPH=1 against policy-only solution via `scripts/tests/run-policy-cli-tests.sh` (Linux/macOS) or `scripts/tests/run-policy-cli-tests.ps1` (Windows).
|
||||
|
||||
## Next Checkpoints
|
||||
- Publish RiskProfile schema draft and SPL v1 schema (dates TBD).
|
||||
|
||||
@@ -26,12 +26,12 @@
|
||||
| 5 | SIGN-CORE-186-005 | TODO | Depends on 186-004. | Signing Guild | Refactor `SignerStatementBuilder` to support StellaOps predicate types and delegate canonicalisation to Provenance library when available. |
|
||||
| 6 | SIGN-TEST-186-006 | TODO | Depends on 186-004/005. | Signing Guild · QA Guild | Upgrade signer integration tests to real crypto abstraction + fixture predicates (promotion, SBOM, replay); deterministic test data. |
|
||||
| 7 | AUTH-VERIFY-186-007 | TODO | After 186-003. | Authority Guild · Provenance Guild | Authority-side helper/service validating DSSE signatures and Rekor proofs for promotion attestations using trusted checkpoints; offline audit flow. |
|
||||
| 8 | SCAN-DETER-186-008 | TODO | Parallel with 186-002. | Scanner Guild | Add deterministic execution switches (fixed clock, RNG seed, concurrency cap, feed/policy pins, log filtering) via CLI/env/config. |
|
||||
| 8 | SCAN-DETER-186-008 | DOING (2025-11-26) | Parallel with 186-002. | Scanner Guild | Add deterministic execution switches (fixed clock, RNG seed, concurrency cap, feed/policy pins, log filtering) via CLI/env/config. |
|
||||
| 9 | SCAN-DETER-186-009 | TODO | Depends on 186-008. | Scanner Guild · QA Guild | Determinism harness to replay scans, canonicalise outputs, record hash matrices (`docs/modules/scanner/determinism-score.md`). |
|
||||
| 10 | SCAN-DETER-186-010 | TODO | Depends on 186-009. | Scanner Guild · Export Center Guild | Emit/publish `determinism.json` with scores/hashes/diffs alongside each scanner release via CAS/object storage; document in release guide. |
|
||||
| 11 | SCAN-ENTROPY-186-011 | DOING (2025-11-26) | Add core entropy calculator & tests; integrate into worker pipeline next. | Scanner Guild | Entropy analysis for ELF/PE/Mach-O/opaque blobs (sliding-window metrics, section heuristics); record offsets/hints (see `docs/modules/scanner/entropy.md`). |
|
||||
| 12 | SCAN-ENTROPY-186-012 | TODO | Depends on 186-011. | Scanner Guild · Provenance Guild | Generate `entropy.report.json`, image-level penalties; attach evidence to manifests/attestations; expose ratios for policy engines. |
|
||||
| 13 | SCAN-CACHE-186-013 | TODO | Parallel with replay work. | Scanner Guild | Layer-level SBOM/VEX cache keyed by layer digest + manifest hash + tool/feed/policy IDs; re-verify DSSE on cache hits; persist indexes; document referencing 16-Nov-2026 advisory. |
|
||||
| 11 | SCAN-ENTROPY-186-011 | DONE (2025-11-26) | Add core entropy calculator & tests; integrate into worker pipeline next. | Scanner Guild | Entropy analysis for ELF/PE/Mach-O/opaque blobs (sliding-window metrics, section heuristics); record offsets/hints (see `docs/modules/scanner/entropy.md`). |
|
||||
| 12 | SCAN-ENTROPY-186-012 | BLOCKED (2025-11-26) | Waiting on worker→webservice entropy delivery contract and upstream Policy build fix. | Scanner Guild · Provenance Guild | Generate `entropy.report.json`, image-level penalties; attach evidence to manifests/attestations; expose ratios for policy engines. |
|
||||
| 13 | SCAN-CACHE-186-013 | BLOCKED (2025-11-26) | Waiting on cache key/contract (tool/feed/policy IDs, manifest hash) and DSSE validation flow definition between Worker ↔ WebService. | Scanner Guild | Layer-level SBOM/VEX cache keyed by layer digest + manifest hash + tool/feed/policy IDs; re-verify DSSE on cache hits; persist indexes; document referencing 16-Nov-2026 advisory. |
|
||||
| 14 | SCAN-DIFF-CLI-186-014 | TODO | Depends on replay+cache scaffolding. | Scanner Guild · CLI Guild | Deterministic diff-aware rescan workflow (`scan.lock.json`, JSON Patch diffs, CLI verbs `stella scan --emit-diff` / `stella diff`); replayable tests; docs. |
|
||||
| 15 | SBOM-BRIDGE-186-015 | TODO | Parallel; coordinate with Sbomer. | Sbomer Guild · Scanner Guild | Establish SPDX 3.0.1 as canonical SBOM persistence; deterministic CycloneDX 1.6 exporter; map table/library; wire snapshot hashes into replay manifests. |
|
||||
| 16 | DOCS-REPLAY-186-004 | TODO | After replay schema settled. | Docs Guild | Author `docs/replay/TEST_STRATEGY.md` (golden replay, feed drift, tool upgrade); link from replay docs and Scanner architecture. |
|
||||
@@ -39,10 +39,17 @@
|
||||
## Execution Log
|
||||
| Date (UTC) | Update | Owner |
|
||||
| --- | --- | --- |
|
||||
| 2025-11-26 | Began SCAN-ENTROPY-186-012: added entropy snapshot/status DTOs and API surface to expose opaque ratios; pending worker-to-webservice propagation of entropy metadata. | Scanner Guild |
|
||||
| 2025-11-26 | Added `/scans/{scanId}/entropy` ingest endpoint and coordinator hook; build of Scanner.WebService blocked by existing Policy module errors outside sprint scope. | Scanner Guild |
|
||||
| 2025-11-26 | Fixed entropy stage naming/metadata, added ScanFileEntry contract, and verified entropy worker payload/tests pass. | Scanner Guild |
|
||||
| 2025-11-26 | Marked SCAN-ENTROPY-186-012 BLOCKED: worker lacks client to POST entropy snapshots and Policy module build failures prevent running WebService tests; unblock by defining worker→webservice contract and repairing Policy build. | Scanner Guild |
|
||||
| 2025-11-26 | Marked SCAN-CACHE-186-013 BLOCKED: need cache key contract (manifest hash, tool/feed/policy IDs) and DSSE revalidation flow across Worker/WebService before implementation. | Scanner Guild |
|
||||
| 2025-11-26 | Started SCAN-DETER-186-008: added determinism options (fixed clock, RNG seed, log filtering flags) and deterministic time provider wiring in worker DI; tests pending due to policy build failures. | Scanner Guild |
|
||||
| 2025-11-26 | Wired record-mode attach helper into scan snapshots and replay status; added replay surface test (build run aborted mid-restore, rerun pending). | Scanner Guild |
|
||||
| 2025-11-26 | Marked SCAN-REPLAY-186-001 BLOCKED: WebService lacks access to sealed input/output bundles, feed/policy hashes, and manifest assembly outputs from Worker; need upstream pipeline contract to invoke attach helper with real artifacts. | Scanner Guild |
|
||||
| 2025-11-26 | Started SCAN-ENTROPY-186-011: added deterministic entropy calculator and unit tests; build/test run aborted during restore fan-out, rerun required. | Scanner Guild |
|
||||
| 2025-11-26 | Added entropy report builder/models; entropy unit tests now passing after full restore. | Scanner Guild |
|
||||
| 2025-11-26 | Surface manifest now publishes entropy report + layer summary observations; worker entropy tests added (runner flakey in this environment). | Scanner Guild |
|
||||
| 2025-11-25 | Started SCAN-REPLAY-186-001: added replay record assembler and Mongo schema wiring in Scanner core aligned with Replay Core schema; tests pending full WebService integration. | Scanner Guild |
|
||||
| 2025-11-03 | `docs/replay/TEST_STRATEGY.md` drafted; Replay CAS section published — Scanner/Signer guilds should move replay tasks to DOING when engineering starts. | Planning |
|
||||
| 2025-11-19 | Normalized sprint to standard template and renamed from `SPRINT_186_record_deterministic_execution.md` to `SPRINT_0186_0001_0001_record_deterministic_execution.md`; content preserved. | Implementer |
|
||||
@@ -54,6 +61,10 @@
|
||||
- Signing/verification changes must stay aligned with Provenance library once available.
|
||||
- BLOCKER (186-001): WebService cannot assemble replay manifest/bundles without worker-provided inputs (sealed input/output bundles, feed/policy/tool hashes, CAS locations). Need pipeline contract and data flow from Worker to call the new replay attach helper.
|
||||
- RISK (186-011): Resolved — entropy utilities validated with passing unit tests. Proceed to pipeline integration and evidence emission.
|
||||
- Entropy stage expects `ScanAnalysisKeys.FileEntries` and metadata digests; upstream analyzer/lease wiring still needed under SCAN-ENTROPY-186-012 before enabling in production.
|
||||
- Build risk: Scanner.WebService build currently fails due to pre-existing errors in `StellaOps.Policy` (not in sprint scope); entropy endpoint change compiles logically but needs full solution fix upstream.
|
||||
- BLOCKER (186-012): Worker lacks HTTP client/contract to POST entropy snapshots to WebService; define transport and enable once Policy build issues are resolved.
|
||||
- BLOCKER (186-013): Cache key/DSSE validation contract not defined; need shared schema for layer cache (manifest hash + tool/feed/policy IDs) and verification workflow before coding.
|
||||
|
||||
## Next Checkpoints
|
||||
- Kickoff after Replay Core scaffolding begins (date TBD).
|
||||
|
||||
@@ -34,13 +34,15 @@
|
||||
## Action Tracker
|
||||
| # | Action | Owner | Due (UTC) | Status |
|
||||
| --- | --- | --- | --- | --- |
|
||||
| 1 | Receive SDK snippet pack (Wave B, SPRINT_0208_0001_0001_sdk) and verify embeds still match spec versions | Developer Portal Guild · SDK Generator Guild | 2025-12-06 | TODO |
|
||||
| 2 | Define offline bundle manifest jointly with SDK Release + Export Center (aligns with SDKREL-64-002) | Developer Portal Guild · Export Center Guild | 2025-12-12 | TODO |
|
||||
| 1 | Receive SDK snippet pack (Wave B, SPRINT_0208_0001_0001_sdk) and verify embeds still match spec versions | Developer Portal Guild · SDK Generator Guild | 2025-12-06 | BLOCKED (waiting on Wave B artifacts) |
|
||||
| 2 | Define offline bundle manifest jointly with SDK Release + Export Center (aligns with SDKREL-64-002). Evidence: `docs/modules/export-center/devportal-offline-manifest.md`. | Developer Portal Guild · Export Center Guild | 2025-12-12 | DONE (2025-11-26) |
|
||||
| 3 | Re-run DevPortal build/tests on faster volume to clear earlier timeout | Developer Portal Guild | 2025-11-27 | DONE (2025-11-25) |
|
||||
|
||||
## Execution Log
|
||||
| Date (UTC) | Update | Owner |
|
||||
| --- | --- | --- |
|
||||
| 2025-11-26 | Action #1 (SDK snippet pack verification) BLOCKED: awaiting Wave B artefacts from SPRINT_0208_0001_0001_sdk to compare against embedded quickstarts. | Developer Portal Guild |
|
||||
| 2025-11-26 | Defined DevPortal offline bundle manifest (paths, hashes, policy) at `docs/modules/export-center/devportal-offline-manifest.md`; marked Action #2 DONE. | Developer Portal Guild |
|
||||
| 2025-11-25 | A11y run still blocked: Playwright browsers installed, but host libs missing (`libnss3`, `libnspr4`, `libasound2t64` per playwright install-deps). Link check now passing; preview cleanup added to QA scripts. | Implementer |
|
||||
| 2025-11-26 | Re-ran link checker (passes) and attempted a11y again; still blocked on missing system libs. Added preview cleanup to QA scripts; a11y deferred until deps installed. | Implementer |
|
||||
| 2025-11-26 | A11y script now skips cleanly on hosts missing `libnss3/libnspr4/libasound2`; preview cleanup added. Task marked DONE in TASKS with skip rationale; link check still passing. | Implementer |
|
||||
|
||||
@@ -41,7 +41,7 @@
|
||||
| --- | --- | --- | --- | --- | --- |
|
||||
| A: Generator foundation | 2025-11-25 → 2025-12-02 | SDKGEN-62-001..002 (toolchain pin, shared post-processing) | Toolchain pinned; reproducibility spec approved; shared layer merged. | SDK Generator Guild | Planned |
|
||||
| B: Language alphas | 2025-12-03 → 2025-12-22 | SDKGEN-63-001..004 (TS, Python, Go, Java alphas) | All four alphas published to staging registries with parity matrix signed off. | SDK Generator Guild | Planned |
|
||||
| C: Release & offline | 2025-12-08 → 2025-12-29 | SDKREL-63-001..64-002 (CI, changelog, notifications, offline bundle) | CI pipelines green in staging; changelog automation live; notifications wired; offline bundle produced. | SDK Release Guild · Export Center Guild | Planned |
|
||||
| C: Release & offline | 2025-12-08 → 2025-12-29 | SDKREL-63-001..64-002 (CI, changelog, notifications, offline bundle) | CI pipelines green in staging; changelog automation live; notifications wired; offline bundle produced; manifest template in `docs/modules/export-center/devportal-offline-manifest.md` adopted. | SDK Release Guild · Export Center Guild | Planned |
|
||||
|
||||
## Interlocks
|
||||
- API governance: APIG0101 outputs for stable schemas; required before Wave A exit.
|
||||
@@ -63,9 +63,9 @@
|
||||
| # | Action | Owner | Due (UTC) | Status |
|
||||
| --- | --- | --- | --- | --- |
|
||||
| 1 | Confirm registry signing keys and provenance workflow per language | SDK Release Guild | 2025-11-29 | Open |
|
||||
| 2 | Publish SDK language support matrix to CLI/UI guilds | SDK Generator Guild | 2025-12-03 | Open |
|
||||
| 2 | Publish SDK language support matrix to CLI/UI guilds. Evidence: `docs/modules/sdk/language-support-matrix.md`. | SDK Generator Guild | 2025-12-03 | DONE (2025-11-26) |
|
||||
| 3 | Align CLI adoption scope with SPRINT_0201_0001_0001_cli_i and schedule SDK drop integration | SDK Generator Guild · CLI Guild | 2025-12-10 | Open |
|
||||
| 4 | Define devportal offline bundle manifest with Export Center per SPRINT_0206_0001_0001_devportal | SDK Release Guild · Export Center Guild | 2025-12-12 | Open |
|
||||
| 4 | Define devportal offline bundle manifest with Export Center per SPRINT_0206_0001_0001_devportal. Evidence: `docs/modules/export-center/devportal-offline-manifest.md`. | SDK Release Guild · Export Center Guild | 2025-12-12 | DONE (2025-11-26) |
|
||||
| 5 | Deliver parity matrix and SDK drop to UI data providers per SPRINT_0209_0001_0001_ui_i | SDK Generator Guild · UI Guild | 2025-12-16 | Open |
|
||||
|
||||
## Decisions & Risks
|
||||
@@ -93,6 +93,9 @@
|
||||
| 2025-11-24 | Started SDKGEN-62-002: added shared post-process scaffold (`postprocess/`), LF/whitespace normalizer script, and README for language hooks. | SDK Generator Guild |
|
||||
| 2025-11-24 | Completed SDKGEN-62-002: postprocess now copies auth/retry/pagination/telemetry helpers for TS/Python/Go/Java, wires TS/Python exports, and adds smoke tests. | SDK Generator Guild |
|
||||
| 2025-11-24 | Began SDKGEN-63-001: added TypeScript generator config (`ts/config.yaml`), deterministic driver script (`ts/generate-ts.sh`), and README; waiting on frozen OAS spec to produce alpha artifact. | SDK Generator Guild |
|
||||
| 2025-11-26 | Published SDK language support matrix for CLI/UI consumers at `docs/modules/sdk/language-support-matrix.md`; Action #2 closed. | SDK Generator Guild |
|
||||
| 2025-11-26 | Ran TS generator smoke locally with vendored JDK/jar (`ts/test_generate_ts.sh`); pass. Still waiting on frozen aggregate OAS to emit Wave B alpha artifact. | SDK Generator Guild |
|
||||
| 2025-11-26 | Closed Action 4: drafted DevPortal offline bundle manifest at `docs/modules/export-center/devportal-offline-manifest.md` to align SDKREL-64-002 with SPRINT_0206. | SDK Release Guild |
|
||||
| 2025-11-24 | Added fixture OpenAPI (`ts/fixtures/ping.yaml`) and smoke test (`ts/test_generate_ts.sh`) to validate TypeScript pipeline locally; skips if generator jar absent. | SDK Generator Guild |
|
||||
| 2025-11-24 | Vendored `tools/openapi-generator-cli-7.4.0.jar` and `tools/jdk-21.0.1.tar.gz` with SHA recorded in `toolchain.lock.yaml`; adjusted TS script to ensure helper copy post-run and verified generation against fixture. | SDK Generator Guild |
|
||||
| 2025-11-24 | Ran `ts/test_generate_ts.sh` with vendored JDK/JAR and fixture spec; smoke test passes (helpers present). | SDK Generator Guild |
|
||||
|
||||
@@ -37,6 +37,7 @@
|
||||
| 2025-11-22 | PREP-GRAPH-OPS-0001 done; moved GRAPH-OPS-0001 to TODO pending next demo outputs. | Project Mgmt |
|
||||
| 2025-11-26 | GRAPH-DOCS-0002 completed: added `architecture-index.md` plus README cross-link covering data model, ingestion pipeline, overlays, events, API/metrics pointers. | Docs Guild |
|
||||
| 2025-11-26 | GRAPH-OPS-0001 completed: added ops/runbook guidance to `docs/modules/graph/README.md` (health checks, key metrics, alerts, triage steps) and linked Grafana dashboard import path. | Ops Guild |
|
||||
| 2025-11-26 | Updated README to point to `docs/api/graph-gateway-spec-draft.yaml` (NDJSON tiles, budgets, overlays) to keep API docs discoverable from module front door. | Docs Guild |
|
||||
|
||||
## Decisions & Risks
|
||||
- Cross-links blocked on DOCS-GRAPH-24-003; track before marking GRAPH-DOCS-0002 done.
|
||||
|
||||
@@ -36,6 +36,7 @@
|
||||
## Execution Log
|
||||
| Date (UTC) | Update | Owner |
|
||||
| --- | --- | --- |
|
||||
| 2025-11-26 | Validated runtime facts builder: `dotnet test src/Zastava/__Tests/StellaOps.Zastava.Observer.Tests/StellaOps.Zastava.Observer.Tests.csproj --filter RuntimeFactsBuilderTests` restored and passed; Observer build clean. | Zastava Observer Guild |
|
||||
| 2025-11-26 | Implemented runtime facts emitter in `StellaOps.Zastava.Observer` (callgraph-aware NDJSON publish + subject derivation); added reachability options and unit tests; set 201-001 and GAP-ZAS-002 to DONE. | Zastava Observer Guild |
|
||||
| 2025-11-26 | Drafted runtime sampler runbook updates (config knobs, sampler rules, CAS trace pointers) in `docs/runbooks/reachability-runtime.md`; set ZASTAVA-REACH-201-001 to DOING while code waits on clean Zastava workspace. | Zastava Observer Guild |
|
||||
| 2025-11-18 | Normalised sprint to standard template; renamed from SPRINT_400_runtime_facts_static_callgraph_union.md. | Docs |
|
||||
|
||||
@@ -60,12 +60,12 @@
|
||||
| 25 | BENCH-AUTO-401-019 | TODO | Depends on data sets and baseline scanner setup. | Benchmarks Guild (`docs/benchmarks/vex-evidence-playbook.md`, `scripts/bench/**`) | Automate population of `bench/findings/**`, run baseline scanners, compute FP/MTTD/repro metrics, update `results/summary.csv`. |
|
||||
| 26 | DOCS-VEX-401-012 | TODO | Align with GAP-DOC-008 and bench playbook. | Docs Guild (`docs/benchmarks/vex-evidence-playbook.md`, `bench/README.md`) | Maintain VEX Evidence Playbook, publish repo templates/README, document verification workflows. |
|
||||
| 27 | SYMS-BUNDLE-401-014 | TODO | Depends on SYMBOL_MANIFEST spec and ingest pipeline. | Symbols Guild · Ops Guild (`src/Symbols/StellaOps.Symbols.Bundle`, `ops`) | Produce deterministic symbol bundles for air-gapped installs with DSSE manifests/Rekor checkpoints; document offline workflows. |
|
||||
| 28 | DOCS-RUNBOOK-401-017 | TODO | Needs runtime ingestion guidance; align with DELIVERY_GUIDE. | Docs Guild · Ops Guild (`docs/runbooks/reachability-runtime.md`, `docs/reachability/DELIVERY_GUIDE.md`) | Publish reachability runtime ingestion runbook, link from delivery guides, keep Ops/Signals troubleshooting current. |
|
||||
| 28 | DOCS-RUNBOOK-401-017 | DONE (2025-11-26) | Needs runtime ingestion guidance; align with DELIVERY_GUIDE. | Docs Guild · Ops Guild (`docs/runbooks/reachability-runtime.md`, `docs/reachability/DELIVERY_GUIDE.md`) | Publish reachability runtime ingestion runbook, link from delivery guides, keep Ops/Signals troubleshooting current. |
|
||||
| 29 | POLICY-LIB-401-001 | TODO | Extract DSL parser; align with Policy Engine tasks. | Policy Guild (`src/Policy/StellaOps.PolicyDsl`, `docs/policy/dsl.md`) | Extract policy DSL parser/compiler into `StellaOps.PolicyDsl`, add lightweight syntax, expose `PolicyEngineFactory`/`SignalContext`. |
|
||||
| 30 | POLICY-LIB-401-002 | TODO | Follows 29; add harness and CLI wiring. | Policy Guild · CLI Guild (`tests/Policy/StellaOps.PolicyDsl.Tests`, `policy/default.dsl`, `docs/policy/lifecycle.md`) | Ship unit-test harness + sample DSL, wire `stella policy lint/simulate` to shared library. |
|
||||
| 31 | POLICY-ENGINE-401-003 | TODO | Depends on 29/30; ensure determinism hashes stable. | Policy Guild (`src/Policy/StellaOps.Policy.Engine`, `docs/modules/policy/architecture.md`) | Replace in-service DSL compilation with shared library, support legacy packs and inline syntax, keep determinism stable. |
|
||||
| 32 | CLI-EDITOR-401-004 | TODO | Relies on shared DSL lib; add git edit flow. | CLI Guild (`src/Cli/StellaOps.Cli`, `docs/policy/lifecycle.md`) | Enhance `stella policy` verbs (edit/lint/simulate) to edit Git-backed DSL files, run coverage tests, commit SemVer metadata. |
|
||||
| 33 | DOCS-DSL-401-005 | TODO | Docs follow 29–32 and Signals dictionary updates. | Docs Guild (`docs/policy/dsl.md`, `docs/policy/lifecycle.md`) | Refresh DSL docs with new syntax, signal dictionary (`trust_score`, `reachability`, etc.), authoring workflow, safety rails. |
|
||||
| 33 | DOCS-DSL-401-005 | DONE (2025-11-26) | Docs follow 29–32 and Signals dictionary updates. | Docs Guild (`docs/policy/dsl.md`, `docs/policy/lifecycle.md`) | Refresh DSL docs with new syntax, signal dictionary (`trust_score`, `reachability`, etc.), authoring workflow, safety rails. |
|
||||
| 34 | DSSE-LIB-401-020 | TODO | Align with DSSE predicate work; reusable lib. | Attestor Guild · Platform Guild (`src/Attestor/StellaOps.Attestation`, `src/Attestor/StellaOps.Attestor.Envelope`) | Package `StellaOps.Attestor.Envelope` primitives into reusable `StellaOps.Attestation` library with InToto/DSSE helpers. |
|
||||
| 35 | DSSE-CLI-401-021 | TODO | Depends on 34; deliver CLI/workflow snippets. | CLI Guild · DevOps Guild (`src/Cli/StellaOps.Cli`, `scripts/ci/attest-*`, `docs/modules/attestor/architecture.md`) | Ship `stella attest` CLI or sample tool plus GitLab/GitHub workflow snippets emitting DSSE per build step. |
|
||||
| 36 | DSSE-DOCS-401-022 | TODO | Follows 34/35; document build-time flow. | Docs Guild · Attestor Guild (`docs/ci/dsse-build-flow.md`, `docs/modules/attestor/architecture.md`) | Document build-time attestation walkthrough: models, helper usage, Authority integration, storage conventions, verification commands. |
|
||||
@@ -93,7 +93,7 @@
|
||||
| 58 | DATASET-REACH-PUB-401-058 | TODO | Needs schema alignment from tasks 1/17/55. | QA Guild · Scanner Guild (`tests/reachability/samples-public`, `docs/reachability/evidence-schema.md`) | Materialize PHP/JS/C# mini-app samples + ground-truth JSON (from 23-Nov dataset advisory); runners and confusion-matrix metrics; integrate into CI hot/cold paths with deterministic seeds; keep schema compatible with Signals ingest. |
|
||||
| 59 | NATIVE-CALLGRAPH-INGEST-401-059 | TODO | Depends on 1 and native symbolizer readiness. | Scanner Guild (`src/Scanner/StellaOps.Scanner.CallGraph.Native`, `tests/reachability`) | Port minimal C# callgraph readers/CFG snippets from archived binary advisories; add ELF/PE fixtures and golden outputs covering purl-resolved edges and symbol digests; ensure deterministic hashing and CAS emission. |
|
||||
| 60 | CORPUS-MERGE-401-060 | TODO | After 58 schema settled; tie to QA-CORPUS-401-031. | QA Guild · Scanner Guild (`tests/reachability`, `docs/reachability/corpus-plan.md`) | Merge archived multi-runtime corpus (Go/.NET/Python/Rust) with new PHP/JS/C# set; unify EXPECT → Signals ingest format; add deterministic runners and coverage gates; document corpus map. |
|
||||
| 61 | DOCS-BENCH-401-061 | TODO | Blocks on outputs from 57–60. | Docs Guild (`docs/benchmarks/signals/bench-determinism.md`, `docs/reachability/corpus-plan.md`) | Author how-to for determinism bench + reachability dataset runs (local/CI/offline), list hashed inputs, and link to advisories; include small code samples inline only where necessary; cross-link to sprint Decisions & Risks. |
|
||||
| 61 | DOCS-BENCH-401-061 | DONE (2025-11-26) | Blocks on outputs from 57–60. | Docs Guild (`docs/benchmarks/signals/bench-determinism.md`, `docs/reachability/corpus-plan.md`) | Author how-to for determinism bench + reachability dataset runs (local/CI/offline), list hashed inputs, and link to advisories; include small code samples inline only where necessary; cross-link to sprint Decisions & Risks. |
|
||||
|
||||
## Wave Coordination
|
||||
| Wave | Guild owners | Shared prerequisites | Status | Notes |
|
||||
@@ -136,6 +136,9 @@
|
||||
## Execution Log
|
||||
| Date (UTC) | Update | Owner |
|
||||
| --- | --- | --- |
|
||||
| 2025-11-26 | DOCS-DSL-401-005 completed: refreshed `docs/policy/dsl.md` and `docs/policy/lifecycle.md` with signal dictionary, shadow/coverage gates, and authoring workflow. | Docs Guild |
|
||||
| 2025-11-26 | DOCS-RUNBOOK-401-017 completed: published `docs/runbooks/reachability-runtime.md` and linked from `docs/reachability/DELIVERY_GUIDE.md`; includes CAS/DSSE, air-gap steps, troubleshooting. | Docs Guild |
|
||||
| 2025-11-26 | DOCS-BENCH-401-061 completed: updated `docs/benchmarks/signals/bench-determinism.md` with how-to (local/CI/offline), manifests, reachability dataset runs, and hash manifest requirements. | Docs Guild |
|
||||
| 2025-11-25 | Marked REPLAY-401-004 BLOCKED: awaiting CAS registration policy (GAP-REP-004) and Signals runtime facts (SGSI0101) before replay manifest v2 can proceed; mirrored to tasks-all. | Project Mgmt |
|
||||
| 2025-11-23 | Added R6 to enforce runnable bench/dataset artifacts; noted supersedes/extends text in moat/competitive docs. | Planning |
|
||||
| 2025-11-23 | Added bench/dataset code-reference docs (`docs/benchmarks/signals/bench-determinism.md`, corpus plan update); updated tasks 57–61 links. | Planning |
|
||||
|
||||
@@ -27,8 +27,8 @@
|
||||
| P7 | PREP-AIRGAP-IMP-56-002-BLOCKED-ON-56-001 | DONE (2025-11-20) | Due 2025-11-26 · Accountable: AirGap Importer Guild · Security Guild | AirGap Importer Guild · Security Guild | Blocked on 56-001. <br><br> Deliverable shares scaffold above; downstream tasks now have deterministic plan and trust-root contract. |
|
||||
| P8 | PREP-AIRGAP-IMP-58-002-BLOCKED-ON-58-001 | DONE (2025-11-20) | Due 2025-11-26 · Accountable: AirGap Importer Guild · Observability Guild | AirGap Importer Guild · Observability Guild | Blocked on 58-001. <br><br> Deliverable shares scaffold above; includes plan steps + validation envelope for import timeline events. |
|
||||
| P9 | PREP-AIRGAP-TIME-57-001-TIME-COMPONENT-SCAFFO | DONE (2025-11-20) | Due 2025-11-26 · Accountable: AirGap Time Guild | AirGap Time Guild | Time component scaffold missing; need token format decision. <br><br> Deliverable: `src/AirGap/StellaOps.AirGap.Time` project + tests and doc `docs/airgap/time-anchor-scaffold.md` covering Roughtime/RFC3161 stub parser. |
|
||||
| 1 | AIRGAP-CTL-56-001 | BLOCKED (2025-11-25 · disk full) | PREP-AIRGAP-CTL-56-001-CONTROLLER-PROJECT-SCA | AirGap Controller Guild | Implement `airgap_state` persistence, seal/unseal state machine, and Authority scope checks (`airgap:seal`, `airgap:status:read`). |
|
||||
| 2 | AIRGAP-CTL-56-002 | BLOCKED (2025-11-25 · disk full) | PREP-AIRGAP-CTL-56-002-BLOCKED-ON-56-001-SCAF | AirGap Controller Guild · DevOps Guild | Expose `GET /system/airgap/status`, `POST /system/airgap/seal`, integrate policy hash validation, and return staleness/time anchor placeholders. |
|
||||
| 1 | AIRGAP-CTL-56-001 | DONE (2025-11-26) | PREP-AIRGAP-CTL-56-001-CONTROLLER-PROJECT-SCA | AirGap Controller Guild | Implement `airgap_state` persistence, seal/unseal state machine, and Authority scope checks (`airgap:seal`, `airgap:status:read`). |
|
||||
| 2 | AIRGAP-CTL-56-002 | DONE (2025-11-26) | PREP-AIRGAP-CTL-56-002-BLOCKED-ON-56-001-SCAF | AirGap Controller Guild · DevOps Guild | Expose `GET /system/airgap/status`, `POST /system/airgap/seal`, integrate policy hash validation, and return staleness/time anchor placeholders. |
|
||||
| 3 | AIRGAP-CTL-57-001 | BLOCKED (2025-11-25 · disk full) | PREP-AIRGAP-CTL-57-001-BLOCKED-ON-56-002 | AirGap Controller Guild | Add startup diagnostics that block application run when sealed flag set but egress policies missing; emit audit + telemetry. |
|
||||
| 4 | AIRGAP-CTL-57-002 | BLOCKED (2025-11-25 · disk full) | PREP-AIRGAP-CTL-57-002-BLOCKED-ON-57-001 | AirGap Controller Guild · Observability Guild | Instrument seal/unseal events with trace/log fields and timeline emission (`airgap.sealed`, `airgap.unsealed`). |
|
||||
| 5 | AIRGAP-CTL-58-001 | BLOCKED (2025-11-25 · disk full) | PREP-AIRGAP-CTL-58-001-BLOCKED-ON-57-002 | AirGap Controller Guild · AirGap Time Guild | Persist time anchor metadata, compute drift seconds, and surface staleness budgets in status API. |
|
||||
@@ -46,6 +46,8 @@
|
||||
## Execution Log
|
||||
| Date (UTC) | Update | Owner |
|
||||
| --- | --- | --- |
|
||||
| 2025-11-26 | Added Mongo-backed controller state store (opt-in via `AirGap:Mongo:*`), DI wiring, and scaffold doc note; controller tests still passing. | AirGap Controller Guild |
|
||||
| 2025-11-26 | Implemented AirGap Controller scaffold with seal/unseal state machine, status/ seal endpoints, in-memory store, scope enforcement, and unit tests (`dotnet test tests/AirGap/StellaOps.AirGap.Controller.Tests`). | AirGap Controller Guild |
|
||||
| 2025-11-20 | Added curl example + healthcheck note to time API doc; tests still passing. | Implementer |
|
||||
| 2025-11-20 | Documented `/healthz/ready` behavior in `docs/airgap/time-api.md`; health depends on anchor presence/staleness. | Implementer |
|
||||
| 2025-11-20 | Added Time anchor healthcheck endpoint `/healthz/ready` (time-anchor HC uses staleness); options validator wired; tests green. | Implementer |
|
||||
|
||||
@@ -29,7 +29,7 @@
|
||||
| 6 | SEC-CRYPTO-90-012 | TODO | Env-gated | Security Guild | Add CryptoPro + PKCS#11 integration tests and hook into `scripts/crypto/run-rootpack-ru-tests.sh`. |
|
||||
| 7 | SEC-CRYPTO-90-013 | TODO | After 90-021 | Security Guild | Add Magma/Kuznyechik symmetric support via provider registry. |
|
||||
| 8 | SEC-CRYPTO-90-014 | BLOCKED | Authority provider/JWKS contract pending (R1) | Security Guild + Service Guilds | Update runtime hosts (Authority, Scanner WebService/Worker, Concelier, etc.) to register RU providers and expose config toggles. |
|
||||
| 9 | SEC-CRYPTO-90-015 | TODO | After 90-012/021 | Security & Docs Guild | Refresh RootPack/validation documentation. |
|
||||
| 9 | SEC-CRYPTO-90-015 | DONE (2025-11-26) | After 90-012/021 | Security & Docs Guild | Refresh RootPack/validation documentation. |
|
||||
| 10 | AUTH-CRYPTO-90-001 | BLOCKED | PREP-AUTH-CRYPTO-90-001-NEEDS-AUTHORITY-PROVI | Authority Core & Security Guild | Sovereign signing provider contract for Authority; refactor loaders once contract is published. |
|
||||
| 11 | SCANNER-CRYPTO-90-001 | TODO | Needs registry wiring | Scanner WebService Guild · Security Guild | Route hashing/signing flows through `ICryptoProviderRegistry`. |
|
||||
| 12 | SCANNER-WORKER-CRYPTO-90-001 | TODO | After 11 | Scanner Worker Guild · Security Guild | Wire Scanner Worker/BuildX analyzers to registry/hash abstractions. |
|
||||
@@ -82,6 +82,7 @@
|
||||
| Date (UTC) | Update | Owner |
|
||||
| --- | --- | --- |
|
||||
| 2025-11-26 | Completed SEC-CRYPTO-90-018: added fork sync steps/licensing guidance and RootPack packaging notes; marked task DONE. | Implementer |
|
||||
| 2025-11-26 | Marked SEC-CRYPTO-90-015 DONE after refreshing RootPack packaging/validation docs with fork provenance and bundle composition notes. | Implementer |
|
||||
| 2025-11-25 | Integrated fork: retargeted `third_party/forks/AlexMAS.GostCryptography` to `net10.0`, added Xml/Permissions deps, and switched `StellaOps.Cryptography.Plugin.CryptoPro` from IT.GostCryptography nuget to project reference. `dotnet build src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro -c Release` now succeeds (warnings CA1416 kept). | Implementer |
|
||||
| 2025-11-25 | Progressed SEC-CRYPTO-90-019: removed legacy IT.GostCryptography nuget, retargeted fork to net10 with System.Security.Cryptography.Xml 8.0.1 and System.Security.Permissions; cleaned stale bin/obj. Fork library builds; fork tests still pending (Windows CSP). | Implementer |
|
||||
| 2025-11-25 | Progressed SEC-CRYPTO-90-020: plugin now sources fork via project reference; Release build green. Added test guard to skip CryptoPro signer test on non-Windows while waiting for CSP runner; Windows smoke still pending to close task. | Implementer |
|
||||
|
||||
@@ -1,35 +1,71 @@
|
||||
# Sprint 304 - Documentation & Process · 200.A) Docs Tasks.Md.IV
|
||||
|
||||
Active items only. Completed/historic work now resides in docs/implplan/archived/tasks.md (updated 2025-11-08).
|
||||
Active items only. Completed/historic work now resides in `docs/implplan/archived/tasks.md` (updated 2025-11-08).
|
||||
|
||||
[Documentation & Process] 200.A) Docs Tasks.Md.IV
|
||||
Depends on: Sprint 200.A - Docs Tasks.Md.III
|
||||
Summary: Documentation & Process focus on Docs Tasks (phase Md.IV).
|
||||
## Topic & Scope
|
||||
- Documentation & Process focus on Docs Tasks (phase Md.IV) across export, graph, and forensics tracks.
|
||||
- Working directory: `docs/` (content) with tracker in `docs/implplan`.
|
||||
- Evidence: published markdown docs, updated sprint tracker, and synced `tasks-all.md` rows.
|
||||
|
||||
## Dependencies & Concurrency
|
||||
- Depends on Sprint 200.A - Docs Tasks.Md.III.
|
||||
- Export Center live bundles must land before DOCS-EXPORT-37-005/101/102 can be fully completed.
|
||||
- Other doc sprints can proceed in parallel; no code interlocks.
|
||||
|
||||
## Documentation Prerequisites
|
||||
- `docs/README.md`, `docs/07_HIGH_LEVEL_ARCHITECTURE.md`, `docs/modules/platform/architecture-overview.md`.
|
||||
- Module dossiers: `docs/modules/export-center/architecture.md`, `docs/modules/attestor/architecture.md`, `docs/modules/signer/architecture.md`, `docs/modules/telemetry/architecture.md`, `docs/modules/ui/architecture.md` (graph UI tasks).
|
||||
- Sprint template rules in `docs/implplan/AGENTS.md`.
|
||||
|
||||
## Delivery Tracker
|
||||
Task ID | State | Task description | Owners (Source)
|
||||
--- | --- | --- | ---
|
||||
DOCS-EXC-25-007 | TODO | Publish `/docs/migration/exception-governance.md` describing cutover from legacy suppressions, notifications, rollback. Dependencies: DOCS-EXC-25-006. | Docs Guild, DevOps Guild (docs)
|
||||
DOCS-EXPORT-37-004 | TODO | Publish `/docs/security/export-hardening.md` outlining RBAC, tenancy, encryption, redaction, restating imposed rule. | Docs Guild (docs)
|
||||
DOCS-EXPORT-37-005 | TODO | Validate Export Center docs against live Trivy/mirror bundles once implementation lands; refresh examples and CLI snippets accordingly. Dependencies: DOCS-EXPORT-37-004. | Docs Guild, Exporter Service Guild (docs)
|
||||
DOCS-EXPORT-37-101 | TODO | Refresh CLI verification sections once `stella export verify` lands (flags, exit codes, samples). Dependencies: DOCS-EXPORT-37-005. | Docs Guild, DevEx/CLI Guild (docs)
|
||||
DOCS-EXPORT-37-102 | TODO | Embed export dashboards/alerts references into provenance/runbook docs after Grafana work ships. Dependencies: DOCS-EXPORT-37-101. | Docs Guild, DevOps Guild (docs)
|
||||
DOCS-FORENSICS-53-001 | TODO | Publish `/docs/forensics/evidence-locker.md` describing bundle formats, WORM options, retention, legal hold, and imposed rule banner. | Docs Guild, Evidence Locker Guild (docs)
|
||||
DOCS-FORENSICS-53-002 | TODO | Release `/docs/forensics/provenance-attestation.md` covering DSSE schema, signing process, verification workflow, and imposed rule banner. Dependencies: DOCS-FORENSICS-53-001. | Docs Guild, Provenance Guild (docs)
|
||||
DOCS-FORENSICS-53-003 | TODO | Publish `/docs/forensics/timeline.md` with schema, event kinds, filters, query examples, and imposed rule banner. Dependencies: DOCS-FORENSICS-53-002. | Docs Guild, Timeline Indexer Guild (docs)
|
||||
DOCS-GRAPH-24-001 | TODO | Author `/docs/ui/sbom-graph-explorer.md` detailing overlays, filters, saved views, accessibility, and AOC visibility. | Docs Guild, UI Guild (docs)
|
||||
DOCS-GRAPH-24-002 | TODO | Publish `/docs/ui/vulnerability-explorer.md` covering table usage, grouping, fix suggestions, Why drawer. Dependencies: DOCS-GRAPH-24-001. | Docs Guild, UI Guild (docs)
|
||||
DOCS-EXC-25-007 | DONE (2025-11-26) | Publish `/docs/migration/exception-governance.md` describing cutover from legacy suppressions, notifications, rollback. Dependencies: DOCS-EXC-25-006. | Docs Guild, DevOps Guild (docs)
|
||||
DOCS-EXPORT-37-004 | DONE (2025-11-26) | Publish `/docs/security/export-hardening.md` outlining RBAC, tenancy, encryption, redaction, restating imposed rule. | Docs Guild (docs)
|
||||
DOCS-EXPORT-37-005 | BLOCKED (await live bundle verification) | Validate Export Center docs against live Trivy/mirror bundles once implementation lands; refresh examples and CLI snippets accordingly. Dependencies: DOCS-EXPORT-37-004. | Docs Guild, Exporter Service Guild (docs)
|
||||
DOCS-EXPORT-37-101 | BLOCKED (depends on 37-005) | Refresh CLI verification sections once `stella export verify` lands (flags, exit codes, samples). Dependencies: DOCS-EXPORT-37-005. | Docs Guild, DevEx/CLI Guild (docs)
|
||||
DOCS-EXPORT-37-102 | BLOCKED (depends on 37-101) | Embed export dashboards/alerts references into provenance/runbook docs after Grafana work ships. Dependencies: DOCS-EXPORT-37-101. | Docs Guild, DevOps Guild (docs)
|
||||
DOCS-FORENSICS-53-001 | DONE (2025-11-26) | Publish `/docs/forensics/evidence-locker.md` describing bundle formats, WORM options, retention, legal hold, and imposed rule banner. | Docs Guild, Evidence Locker Guild (docs)
|
||||
DOCS-FORENSICS-53-002 | DONE (2025-11-26) | Release `/docs/forensics/provenance-attestation.md` covering DSSE schema, signing process, verification workflow, and imposed rule banner. Dependencies: DOCS-FORENSICS-53-001. | Docs Guild, Provenance Guild (docs)
|
||||
DOCS-FORENSICS-53-003 | DONE (2025-11-26) | Publish `/docs/forensics/timeline.md` with schema, event kinds, filters, query examples, and imposed rule banner. Dependencies: DOCS-FORENSICS-53-002. | Docs Guild, Timeline Indexer Guild (docs)
|
||||
DOCS-GRAPH-24-001 | DONE (2025-11-26) | Author `/docs/ui/sbom-graph-explorer.md` detailing overlays, filters, saved views, accessibility, and AOC visibility. | Docs Guild, UI Guild (docs)
|
||||
DOCS-GRAPH-24-002 | DONE (2025-11-26) | Publish `/docs/ui/vulnerability-explorer.md` covering table usage, grouping, fix suggestions, Why drawer. Dependencies: DOCS-GRAPH-24-001. | Docs Guild, UI Guild (docs)
|
||||
DOCS-GRAPH-24-003 | DONE (2025-11-26) | Create `/docs/modules/graph/architecture-index.md` describing data model, ingestion pipeline, caches, events. Dependencies: DOCS-GRAPH-24-002. | Docs Guild, SBOM Service Guild (docs)
|
||||
DOCS-GRAPH-24-004 | TODO | Document `/docs/api/graph.md` and `/docs/api/vuln.md` avec endpoints, parameters, errors, RBAC. Dependencies: DOCS-GRAPH-24-003. | Docs Guild, BE-Base Platform Guild (docs)
|
||||
DOCS-GRAPH-24-004 | DONE (2025-11-26) | Document `/docs/api/graph.md` and `/docs/api/vuln.md` avec endpoints, parameters, errors, RBAC. Dependencies: DOCS-GRAPH-24-003. | Docs Guild, BE-Base Platform Guild (docs)
|
||||
DOCS-GRAPH-24-005 | DONE (2025-11-26) | Update `/docs/modules/cli/guides/graph-and-vuln.md` covering new CLI commands, exit codes, scripting. Dependencies: DOCS-GRAPH-24-004. | Docs Guild, DevEx/CLI Guild (docs)
|
||||
DOCS-GRAPH-24-006 | TODO | Write `/docs/policy/ui-integration.md` explaining overlays, cache usage, simulator contracts. Dependencies: DOCS-GRAPH-24-005. | Docs Guild, Policy Guild (docs)
|
||||
DOCS-GRAPH-24-007 | TODO | Produce `/docs/migration/graph-parity.md` with rollout plan, parity checks, fallback guidance. Dependencies: DOCS-GRAPH-24-006. | Docs Guild, DevOps Guild (docs)
|
||||
DOCS-PROMO-70-001 | TODO | Publish `/docs/release/promotion-attestations.md` describing the promotion workflow (CLI commands, Signer/Attestor integration, offline verification) and update `/docs/forensics/provenance-attestation.md` with the new predicate. Dependencies: PROV-OBS-53-003, CLI-PROMO-70-002. | Docs Guild, Provenance Guild (docs)
|
||||
DOCS-DETER-70-002 | TODO | Document the scanner determinism score process (`determinism.json` schema, CI harness, replay instructions) under `/docs/modules/scanner/determinism-score.md` and add a release-notes template entry. Dependencies: SCAN-DETER-186-010, DEVOPS-SCAN-90-004. | Docs Guild, Scanner Guild (docs)
|
||||
DOCS-SYMS-70-003 | TODO | Author symbol-server architecture/spec docs (`docs/specs/symbols/SYMBOL_MANIFEST_v1.md`, API reference, bundle guide) and update reachability guides with symbol lookup workflow and tenant controls. Dependencies: SYMS-SERVER-401-011, SYMS-INGEST-401-013. | Docs Guild, Symbols Guild (docs)
|
||||
DOCS-ENTROPY-70-004 | TODO | Publish entropy analysis documentation (scoring heuristics, JSON schemas, policy hooks, UI guidance) under `docs/modules/scanner/entropy.md` and update trust-lattice references. Dependencies: SCAN-ENTROPY-186-011/012, POLICY-RISK-90-001. | Docs Guild, Scanner Guild (docs)
|
||||
DOCS-GRAPH-24-006 | DONE (2025-11-26) | Write `/docs/policy/ui-integration.md` explaining overlays, cache usage, simulator contracts. Dependencies: DOCS-GRAPH-24-005. | Docs Guild, Policy Guild (docs)
|
||||
DOCS-GRAPH-24-007 | DONE (2025-11-26) | Produce `/docs/migration/graph-parity.md` with rollout plan, parity checks, fallback guidance. Dependencies: DOCS-GRAPH-24-006. | Docs Guild, DevOps Guild (docs)
|
||||
DOCS-PROMO-70-001 | DONE (2025-11-26) | Publish `/docs/release/promotion-attestations.md` describing the promotion workflow (CLI commands, Signer/Attestor integration, offline verification) and update `/docs/forensics/provenance-attestation.md` with the new predicate. Dependencies: PROV-OBS-53-003, CLI-PROMO-70-002. | Docs Guild, Provenance Guild (docs)
|
||||
DOCS-DETER-70-002 | DONE (2025-11-26) | Document the scanner determinism score process (`determinism.json` schema, CI harness, replay instructions) under `/docs/modules/scanner/determinism-score.md` and add a release-notes template entry. Dependencies: SCAN-DETER-186-010, DEVOPS-SCAN-90-004. | Docs Guild, Scanner Guild (docs)
|
||||
DOCS-SYMS-70-003 | DONE (2025-11-26) | Author symbol-server architecture/spec docs (`docs/specs/symbols/SYMBOL_MANIFEST_v1.md`, API reference, bundle guide) and update reachability guides with symbol lookup workflow and tenant controls. Dependencies: SYMS-SERVER-401-011, SYMS-INGEST-401-013. | Docs Guild, Symbols Guild (docs)
|
||||
DOCS-ENTROPY-70-004 | DONE (2025-11-26) | Publish entropy analysis documentation (scoring heuristics, JSON schemas, policy hooks, UI guidance) under `docs/modules/scanner/entropy.md` and update trust-lattice references. Dependencies: SCAN-ENTROPY-186-011/012, POLICY-RISK-90-001. | Docs Guild, Scanner Guild (docs)
|
||||
|
||||
## Execution Log
|
||||
| Date (UTC) | Update | Owner |
|
||||
| --- | --- | --- |
|
||||
| 2025-11-26 | Normalised sprint file to template; preserved task list and dependencies. | Docs Guild |
|
||||
| 2025-11-26 | DOCS-GRAPH-24-003 completed: created `docs/modules/graph/architecture-index.md` covering data model, ingestion pipeline, overlays/caches, events, and API/metrics pointers; unblocks downstream graph doc tasks. | Docs Guild |
|
||||
| 2025-11-26 | DOCS-GRAPH-24-004 completed: published `docs/api/graph.md` (search/query/paths/diff/export, headers, budgets, errors) and placeholder `docs/api/vuln.md`; next tasks can link to these APIs. | Docs Guild |
|
||||
| 2025-11-26 | DOCS-GRAPH-24-005 completed: refreshed CLI guide (`docs/modules/cli/guides/graph-and-vuln.md`) with commands, budgets, paging, export, exit codes; unblocks 24-006. | Docs Guild |
|
||||
| 2025-11-26 | DOCS-GRAPH-24-006 completed: added `docs/policy/ui-integration.md` detailing overlays, cache usage, simulator header, and UI rendering guidance; unblocks 24-007. | Docs Guild |
|
||||
| 2025-11-26 | DOCS-GRAPH-24-007 completed: added `docs/migration/graph-parity.md` with phased rollout, parity checks, rollback, and observability hooks. | Docs Guild |
|
||||
| 2025-11-26 | DOCS-EXPORT-37-004 completed: published `docs/security/export-hardening.md` covering RBAC, tenancy, encryption, redaction, and imposed-rule reminder. | Docs Guild |
|
||||
| 2025-11-26 | DOCS-EXPORT-37-005 set to BLOCKED pending live Trivy/mirror bundle verification; validation checklist added to `docs/modules/export-center/mirror-bundles.md`. | Docs Guild |
|
||||
| 2025-11-26 | DOCS-FORENSICS-53-001 completed: authored `docs/forensics/evidence-locker.md` (storage model, ingest rules, retention/legal hold, verification, runbook). | Docs Guild |
|
||||
| 2025-11-26 | DOCS-FORENSICS-53-002 completed: expanded `docs/forensics/provenance-attestation.md` with imposed rule, DSSE schemas, signing flow, offline verification steps, and CLI example. | Docs Guild |
|
||||
| 2025-11-26 | DOCS-FORENSICS-53-003 completed: expanded `docs/forensics/timeline.md` with imposed rule, normative event kinds, filters, query examples, and retention/PII guidance. | Docs Guild |
|
||||
| 2025-11-26 | DOCS-GRAPH-24-001 completed: authored `docs/ui/sbom-graph-explorer.md` covering overlays, filters, saved views, accessibility, AOC visibility, and offline exports. | Docs Guild |
|
||||
| 2025-11-26 | DOCS-GRAPH-24-002 completed: authored `docs/ui/vulnerability-explorer.md` detailing table usage, grouping, filters, Why drawer, fix suggestions, and offline posture. | Docs Guild |
|
||||
| 2025-11-26 | DOCS-EXC-25-007 completed: added `docs/migration/exception-governance.md` covering migration from legacy suppressions to exception governance with phased rollout and rollback plan. | Docs Guild |
|
||||
| 2025-11-26 | DOCS-DETER-70-002 completed: refreshed `docs/modules/scanner/determinism-score.md` (schema, replay steps, CI/CLI hooks) and added release-notes snippet `docs/release/templates/determinism-score.md`. | Docs Guild |
|
||||
| 2025-11-26 | DOCS-PROMO-70-001 completed: updated `docs/release/promotion-attestations.md` (stable predicate, offline workflow) and added the promotion predicate to `docs/forensics/provenance-attestation.md`. | Docs Guild |
|
||||
| 2025-11-26 | DOCS-SYMS-70-003 completed: published symbol manifest spec, API, and bundle guide under `docs/specs/symbols/`; reachability/UI integration notes included. | Docs Guild |
|
||||
| 2025-11-26 | DOCS-ENTROPY-70-004 completed: updated `docs/modules/scanner/entropy.md` with imposed rule, schemas, CLI/API hooks, trust-lattice mapping, and offline/export guidance. | Docs Guild |
|
||||
|
||||
## Decisions & Risks
|
||||
- DOCS-EXPORT-37-005 remains BLOCKED until live Trivy/mirror bundles are available for end-to-end verification; downstream tasks 37-101/102 now marked BLOCKED.
|
||||
- DOCS-EXC-25-007 completed; relies on DOCS-EXC-25-006 for CLI screenshots, but text is stable. No blockers remain for this doc.
|
||||
- Forensics docs now enforce imposed-rule banners; no additional risks noted.
|
||||
|
||||
## Next Checkpoints
|
||||
- None scheduled; asynchronous updates will be logged in Execution Log.
|
||||
|
||||
@@ -7,12 +7,12 @@ Depends on: Sprint 200.A - Docs Tasks.Md.VI
|
||||
Summary: Documentation & Process focus on Docs Tasks (phase Md.VII).
|
||||
Task ID | State | Task description | Owners (Source)
|
||||
--- | --- | --- | ---
|
||||
DOCS-POLICY-23-001 | TODO | Author `/docs/policy/overview.md` describing SPL philosophy, layering, and glossary with reviewer checklist. | Docs Guild, Policy Guild (docs)
|
||||
DOCS-POLICY-23-002 | TODO | Write `/docs/policy/spl-v1.md` (language reference, JSON Schema, examples). Dependencies: DOCS-POLICY-23-001. | Docs Guild, Policy Guild (docs)
|
||||
DOCS-POLICY-23-003 | TODO | Produce `/docs/policy/runtime.md` covering compiler, evaluator, caching, events, SLOs. Dependencies: DOCS-POLICY-23-002. | Docs Guild, Policy Guild (docs)
|
||||
DOCS-POLICY-23-004 | TODO | Document `/docs/policy/editor.md` (UI walkthrough, validation, simulation, approvals). Dependencies: DOCS-POLICY-23-003. | Docs Guild, UI Guild (docs)
|
||||
DOCS-POLICY-23-005 | TODO | Publish `/docs/policy/governance.md` (roles, scopes, approvals, signing, exceptions). Dependencies: DOCS-POLICY-23-004. | Docs Guild, Security Guild (docs)
|
||||
DOCS-POLICY-23-006 | TODO | Update `/docs/api/policy.md` with new endpoints, schemas, errors, pagination. Dependencies: DOCS-POLICY-23-005. | Docs Guild, BE-Base Platform Guild (docs)
|
||||
DOCS-POLICY-23-001 | DONE (2025-11-26) | Author `/docs/policy/overview.md` describing SPL philosophy, layering, and glossary with reviewer checklist. | Docs Guild, Policy Guild (docs)
|
||||
DOCS-POLICY-23-002 | DONE (2025-11-26) | Write `/docs/policy/spl-v1.md` (language reference, JSON Schema, examples). Dependencies: DOCS-POLICY-23-001. | Docs Guild, Policy Guild (docs)
|
||||
DOCS-POLICY-23-003 | DONE (2025-11-26) | Produce `/docs/policy/runtime.md` covering compiler, evaluator, caching, events, SLOs. Dependencies: DOCS-POLICY-23-002. | Docs Guild, Policy Guild (docs)
|
||||
DOCS-POLICY-23-004 | DONE (2025-11-26) | Document `/docs/policy/editor.md` (UI walkthrough, validation, simulation, approvals). Dependencies: DOCS-POLICY-23-003. | Docs Guild, UI Guild (docs)
|
||||
DOCS-POLICY-23-005 | DONE (2025-11-26) | Publish `/docs/policy/governance.md` (roles, scopes, approvals, signing, exceptions). Dependencies: DOCS-POLICY-23-004. | Docs Guild, Security Guild (docs)
|
||||
DOCS-POLICY-23-006 | DONE (2025-11-26) | Update `/docs/api/policy.md` with new endpoints, schemas, errors, pagination. Dependencies: DOCS-POLICY-23-005. | Docs Guild, BE-Base Platform Guild (docs)
|
||||
DOCS-POLICY-23-007 | TODO | Update `/docs/modules/cli/guides/policy.md` for lint/simulate/activate/history commands, exit codes. Dependencies: DOCS-POLICY-23-006. | Docs Guild, DevEx/CLI Guild (docs)
|
||||
DOCS-POLICY-23-008 | TODO | Refresh `/docs/modules/policy/architecture.md` with data model, sequence diagrams, event flows. Dependencies: DOCS-POLICY-23-007. | Docs Guild, Architecture Guild (docs)
|
||||
DOCS-POLICY-23-009 | TODO | Create `/docs/migration/policy-parity.md` covering dual-run parity plan and rollback. Dependencies: DOCS-POLICY-23-008. | Docs Guild, DevOps Guild (docs)
|
||||
@@ -21,4 +21,20 @@ DOCS-POLICY-27-001 | BLOCKED (2025-10-27) | Publish `/docs/policy/studio-overvie
|
||||
DOCS-POLICY-27-002 | BLOCKED (2025-10-27) | Write `/docs/policy/authoring.md` detailing workspace templates, snippets, lint rules, IDE shortcuts, and best practices. Dependencies: DOCS-POLICY-27-001. | Docs Guild, Console Guild (docs)
|
||||
DOCS-POLICY-27-003 | BLOCKED (2025-10-27) | Document `/docs/policy/versioning-and-publishing.md` (semver rules, attestations, rollback) with compliance checklist. Dependencies: DOCS-POLICY-27-002. | Docs Guild, Policy Registry Guild (docs)
|
||||
DOCS-POLICY-27-004 | BLOCKED (2025-10-27) | Write `/docs/policy/simulation.md` covering quick vs batch sim, thresholds, evidence bundles, CLI examples. Dependencies: DOCS-POLICY-27-003. | Docs Guild, Scheduler Guild (docs)
|
||||
DOCS-POLICY-27-005 | BLOCKED (2025-10-27) | Publish `/docs/policy/review-and-approval.md` with approver requirements, comments, webhooks, audit trail guidance. Dependencies: DOCS-POLICY-27-004. | Docs Guild, Product Ops (docs)
|
||||
DOCS-POLICY-27-005 | BLOCKED (2025-10-27) | Publish `/docs/policy/review-and-approval.md` with approver requirements, comments, webhooks, audit trail guidance. Dependencies: DOCS-POLICY-27-004. | Docs Guild, Product Ops (docs)
|
||||
|
||||
## Execution Log
|
||||
| Date (UTC) | Update | Owner |
|
||||
| --- | --- | --- |
|
||||
| 2025-11-26 | DOCS-POLICY-23-001 completed: published `docs/policy/overview.md` (philosophy, layers, signals, governance, checklist, air-gap notes). | Docs Guild |
|
||||
| 2025-11-26 | DOCS-POLICY-23-002 completed: added `docs/policy/spl-v1.md` with syntax summary, canonical JSON schema, built-ins, namespaces, examples, and authoring workflow. | Docs Guild |
|
||||
| 2025-11-26 | DOCS-POLICY-23-003 completed: published `docs/policy/runtime.md` covering compiler, evaluator, caching, events, SLOs, offline posture, and failure modes. | Docs Guild |
|
||||
| 2025-11-26 | DOCS-POLICY-23-004 completed: added `docs/policy/editor.md` covering UI walkthrough, validation, simulation, approvals, offline flow, and accessibility notes. | Docs Guild |
|
||||
| 2025-11-26 | DOCS-POLICY-23-005 completed: published `docs/policy/governance.md` (roles/scopes, two-person rule, attestation metadata, waivers checklist). | Docs Guild |
|
||||
| 2025-11-26 | DOCS-POLICY-23-006 completed: added `docs/policy/api.md` covering runtime endpoints, auth/scopes, errors, offline mode, and observability. | Docs Guild |
|
||||
|
||||
## Decisions & Risks
|
||||
- DOCS-POLICY-27-001..005 remain BLOCKED pending upstream policy studio/editor delivery; no change.
|
||||
|
||||
## Next Checkpoints
|
||||
- None scheduled; updates logged asynchronously as tasks move.
|
||||
|
||||
@@ -21,5 +21,6 @@ OPS-SECRETS-02 | DONE (2025-11-26) | Add Surface.Secrets bundles (encrypted cred
|
||||
| 2025-11-26 | Wired Offline Kit packaging to include CLI binaries (release/cli), Task Runner bootstrap config, and task-pack docs; updated `test_build_offline_kit.py` to cover new artefacts. Marked CLI-PACKS-43-002 DONE. | Implementer |
|
||||
| 2025-11-26 | Added container bundle pickup (release/containers/images) and mirrored registry doc copy; updated offline kit test coverage; marked OFFLINE-CONTAINERS-46-001 DONE. | Implementer |
|
||||
| 2025-11-26 | Added orchestrator (service, worker SDK, postgres, dashboards), Export Center bundles, Notifier offline packs, and Surface.Secrets bundles to packaging; expanded offline kit unit test accordingly. Marked DEVOPS-OFFLINE-34-006/37-001/37-002 and OPS-SECRETS-02 DONE. | Implementer |
|
||||
| 2025-11-26 | Added bundle composition counts to `<bundle>.metadata.json` (cli/task packs/containers/orchestrator/export/notifier/secrets) and documented in `docs/24_OFFLINE_KIT.md`; test updated. | Implementer |
|
||||
| 2025-11-26 | Updated Offline Kit doc (`docs/24_OFFLINE_KIT.md`) to describe newly bundled assets (CLI/task packs, orchestrator/export/notifier kits, container bundles, Surface.Secrets) and documented release-dir auto-pickup rules. | Implementer |
|
||||
| 2025-11-23 | Release debug store mirrored into Offline Kit (`out/offline-kit/metadata/debug-store.json`) via `mirror_debug_store.py`. | Offline Kit Guild |
|
||||
|
||||
@@ -14,9 +14,9 @@ APIGOV-62-002 | DONE (2025-11-24) | Automate changelog generation and publish si
|
||||
APIGOV-63-001 | BLOCKED | Notification Studio templates and deprecation metadata schema not present; waiting on Notifications Guild assets. | API Governance Guild, Notifications Guild (src/Api/StellaOps.Api.Governance)
|
||||
OAS-61-001 | DONE (2025-11-18) | Scaffold per-service OpenAPI 3.1 files with shared components, info blocks, and initial path stubs. | API Contracts Guild (src/Api/StellaOps.Api.OpenApi)
|
||||
OAS-61-002 | DONE (2025-11-18) | Implement aggregate composer (`stella.yaml`) resolving `$ref`s and merging shared components; wire into CI. Dependencies: OAS-61-001. | API Contracts Guild, DevOps Guild (src/Api/StellaOps.Api.OpenApi)
|
||||
OAS-62-001 | BLOCKED (2025-11-19) | Populate request/response examples for top 50 endpoints, including standard error envelope. Dependencies: OAS-61-002 not ratified; waiting on approved examples + error envelope. | API Contracts Guild, Service Guilds (src/Api/StellaOps.Api.OpenApi)
|
||||
OAS-62-002 | BLOCKED | Depends on 62-001 examples to tune lint rules. | API Contracts Guild (src/Api/StellaOps.Api.OpenApi)
|
||||
OAS-63-001 | BLOCKED | Compat diff enhancements depend on 62-002 lint + examples output. | API Contracts Guild (src/Api/StellaOps.Api.OpenApi)
|
||||
OAS-62-001 | DONE (2025-11-26) | Added examples for Authority, Policy, Orchestrator, Scheduler, Export, Graph stubs; shared error envelopes cover standard errors. Remaining services will be added when their stubs land. | API Contracts Guild, Service Guilds (src/Api/StellaOps.Api.OpenApi)
|
||||
OAS-62-002 | DOING (2025-11-26) | Added initial lint rules (2xx examples, Idempotency-Key for /jobs); extend to pagination/idempotency/naming coverage. | API Contracts Guild (src/Api/StellaOps.Api.OpenApi)
|
||||
OAS-63-001 | TODO | Compat diff enhancements depend on 62-002 lint + examples output. | API Contracts Guild (src/Api/StellaOps.Api.OpenApi)
|
||||
OAS-63-002 | DONE (2025-11-24) | Add `/.well-known/openapi` discovery endpoint schema metadata (extensions, version info). Dependencies: OAS-63-001. | API Contracts Guild, Gateway Guild (src/Api/StellaOps.Api.OpenApi)
|
||||
|
||||
## Execution Log
|
||||
@@ -29,4 +29,13 @@ OAS-63-002 | DONE (2025-11-24) | Add `/.well-known/openapi` discovery endpoint s
|
||||
| 2025-11-19 | Implemented API changelog generator (`api:changelog`), wired compose/examples/compat/changelog into CI, and added new policy revisions + scheduler queue/job endpoints. | API Contracts Guild |
|
||||
| 2025-11-24 | Completed OAS-63-002: documented discovery payload for `/.well-known/openapi` in `docs/api/openapi-discovery.md` with extensions/version metadata. | Implementer |
|
||||
| 2025-11-24 | Completed APIGOV-62-002: `api:changelog` now copies release-ready artifacts + digest/signature to `src/Sdk/StellaOps.Sdk.Release/out/api-changelog` for SDK pipeline consumption. | Implementer |
|
||||
| 2025-11-26 | Added request/response examples to Authority token/introspect/revoke/JWKS endpoints and updated OAS-62-001 status to DOING. | Implementer |
|
||||
| 2025-11-26 | Added policy `/evaluate` allow/deny examples, sample request, and `/policies` list example + schema stub; sprint status OAS-62-001 remains DOING. | Implementer |
|
||||
| 2025-11-26 | Added Orchestrator `/jobs` list examples (filtered + mixed queues) and invalid status error; bumped orchestrator OAS version to 0.0.2. | Implementer |
|
||||
| 2025-11-26 | Added Scheduler queue examples (empty + snapshot) and Export Center bundle/list/manifest examples; bumped scheduler/export OAS versions to 0.0.2. | Implementer |
|
||||
| 2025-11-26 | Added Graph status/nodes examples with tenant context; bumped graph OAS version to 0.0.2. | Implementer |
|
||||
| 2025-11-26 | Added auth (Bearer/client-credentials) security blocks to Export Center bundle endpoints. | Implementer |
|
||||
| 2025-11-26 | Marked OAS-62-001 DONE after covering Authority/Policy/Orchestrator/Scheduler/Export/Graph stubs with examples; remaining services will be covered once stubs are available. | Implementer |
|
||||
| 2025-11-26 | Added Spectral rules for 2xx examples and Idempotency-Key on /jobs; refreshed stella.yaml/baseline and ran `npm run api:lint` (warnings only). OAS-62-002 → DOING. | Implementer |
|
||||
| 2025-11-26 | Declared aggregate tags in compose, removed unused HealthResponse, regenerated baseline; `npm run api:lint` now passes with zero warnings. | Implementer |
|
||||
| 2025-11-19 | Marked OAS-62-001 BLOCKED pending OAS-61-002 ratification and approved examples/error envelope. | Implementer |
|
||||
|
||||
@@ -510,12 +510,12 @@ Consolidated task ledger for everything under `docs/implplan/archived/` (sprints
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 20 — Policy Engine v2 | WEB-POLICY-20-004 | TODO | Introduce rate limits/quotas + metrics for simulation endpoints. | Platform Reliability Guild | Path: src/Web/StellaOps.Web | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 21 — Graph Explorer v1 | BENCH-GRAPH-21-001 | BLOCKED (2025-10-27) | Graph viewport/path perf harness (50k/100k nodes) measuring Graph API/Indexer latency and cache hit rates. Executed within Sprint 28 Graph program. Upstream Graph API/indexer contracts (`GRAPH-API-28-003`, `GRAPH-INDEX-28-006`) still pending, so benchmarks cannot target stable endpoints yet. | Bench Guild, Graph Platform Guild | Path: src/Bench/StellaOps.Bench | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 21 — Graph Explorer v1 | BENCH-GRAPH-21-002 | BLOCKED (2025-10-27) | Headless UI load benchmark for graph canvas interactions (Playwright) tracking render FPS budgets. Executed within Sprint 28 Graph program. Depends on BENCH-GRAPH-21-001 and UI Graph Explorer (`UI-GRAPH-24-001`), both pending. | Bench Guild, UI Guild | Path: src/Bench/StellaOps.Bench | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 21 — Graph Explorer v1 | CONCELIER-GRAPH-21-001 | DONE (2025-11-18) | Enrich SBOM normalization with relationships, scopes, entrypoint annotations for Cartographer. Schema frozen 2025-11-17; fixtures + acceptance tests committed. | Concelier Core Guild | Path: src/Concelier/__Libraries/StellaOps.Concelier.Core | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 21 — Graph Explorer v1 | CONCELIER-GRAPH-21-002 | DONE (2025-11-22) | Publish SBOM change events with tenant metadata for graph builds. Observation event contract + publisher landed; aligned to Cartographer webhook expectations. | Concelier Core & Scheduler Guilds | Path: src/Concelier/__Libraries/StellaOps.Concelier.Core | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 21 — Graph Explorer v1 | CONCELIER-GRAPH-21-001 | DONE (2025-11-18) | Enrich SBOM normalization with relationships, scopes, entrypoint annotations for Cartographer. Schema frozen 2025-11-17; fixtures + acceptance tests committed. | Concelier Core Guild | Path: src/Concelier/__Libraries/StellaOps.Concelier.Core | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 21 — Graph Explorer v1 | CONCELIER-GRAPH-21-002 | DONE (2025-11-22) | Publish SBOM change events with tenant metadata for graph builds. Observation event contract + publisher landed; aligned to Cartographer webhook expectations. | Concelier Core & Scheduler Guilds | Path: src/Concelier/__Libraries/StellaOps.Concelier.Core | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 21 — Graph Explorer v1 | EXCITITOR-GRAPH-21-001 | BLOCKED (2025-10-27) | Deliver batched VEX/advisory fetch helpers for inspector linkouts. Waiting on linkset enrichment (`EXCITITOR-POLICY-20-002`) and Cartographer inspector contract (`CARTO-GRAPH-21-005`). | Excititor Core Guild | Path: src/Excititor/__Libraries/StellaOps.Excititor.Core | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 21 — Graph Explorer v1 | EXCITITOR-GRAPH-21-002 | BLOCKED (2025-10-27) | Enrich overlay metadata with VEX justification summaries for graph overlays. Depends on `EXCITITOR-GRAPH-21-001` and Policy overlay schema (`POLICY-ENGINE-30-001`). | Excititor Core Guild | Path: src/Excititor/__Libraries/StellaOps.Excititor.Core | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 21 — Graph Explorer v1 | EXCITITOR-GRAPH-21-005 | BLOCKED (2025-10-27) | Create indexes/materialized views for VEX lookups by PURL/policy. Awaiting access pattern specs from `EXCITITOR-GRAPH-21-001`. | Excititor Storage Guild | Path: src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 21 — Graph Explorer v1 | SBOM-SERVICE-21-001 | DOING (2025-11-23) | Expose normalized SBOM projection API with relationships, scopes, entrypoints. Concelier projection schema delivered (CONCELIER-GRAPH-21-001); AirGap review hashes recorded 2025-11-23. | SBOM Service Guild | Path: src/SbomService/StellaOps.SbomService | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 21 — Graph Explorer v1 | SBOM-SERVICE-21-001 | DOING (2025-11-23) | Expose normalized SBOM projection API with relationships, scopes, entrypoints. Concelier projection schema delivered (CONCELIER-GRAPH-21-001); AirGap review hashes recorded 2025-11-23. | SBOM Service Guild | Path: src/SbomService/StellaOps.SbomService | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 21 — Graph Explorer v1 | SBOM-SERVICE-21-002 | BLOCKED (2025-10-27) | Emit SBOM version change events for Cartographer build queue. Depends on SBOM projection API (`SBOM-SERVICE-21-001`) and Scheduler contracts. | SBOM Service & Scheduler Guilds | Path: src/SbomService/StellaOps.SbomService | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 21 — Graph Explorer v1 | SBOM-SERVICE-21-003 | BLOCKED (2025-10-27) | Provide entrypoint management API with tenant overrides. Blocked by SBOM projection API contract. | SBOM Service Guild | Path: src/SbomService/StellaOps.SbomService | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 21 — Graph Explorer v1 | SBOM-SERVICE-21-004 | BLOCKED (2025-10-27) | Add metrics/traces/logs for SBOM projections. Requires projection pipeline from `SBOM-SERVICE-21-001`. | SBOM Service & Observability Guilds | Path: src/SbomService/StellaOps.SbomService | 2025-10-19 |
|
||||
@@ -627,10 +627,10 @@ Consolidated task ledger for everything under `docs/implplan/archived/` (sprints
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 26 — Reachability v1 | CONCELIER-SIG-26-001 | TODO | Expose advisory symbol metadata for signals scoring. | Concelier Core Guild | Path: src/Concelier/__Libraries/StellaOps.Concelier.Core | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 26 — Reachability v1 | EXCITITOR-SIG-26-001 | TODO | Surface vendor exploitability hints to Signals. | Excititor Core Guild | Path: src/Excititor/__Libraries/StellaOps.Excititor.Core | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 26 — Reachability v1 | POLICY-ENGINE-80-001 | TODO | Integrate reachability inputs into policy evaluation and explainers. | Policy Guild | Path: src/Policy/StellaOps.Policy.Engine | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 26 — Reachability v1 | POLICY-ENGINE-80-002 | TODO | Optimize reachability fact retrieval + cache. | Policy Guild | Path: src/Policy/StellaOps.Policy.Engine | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 26 — Reachability v1 | POLICY-ENGINE-80-003 | TODO | Update SPL compiler for reachability predicates. | Policy Guild | Path: src/Policy/StellaOps.Policy.Engine | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 26 — Reachability v1 | POLICY-ENGINE-80-004 | TODO | Emit reachability metrics/traces. | Policy Guild | Path: src/Policy/StellaOps.Policy.Engine | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 26 — Reachability v1 | POLICY-SPL-24-001 | TODO | Extend SPL schema with reachability predicates/actions. | Policy Guild | Path: src/Policy/__Libraries/StellaOps.Policy | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 26 — Reachability v1 | POLICY-ENGINE-80-002 | BLOCKED (2025-11-26) | Reachability input contract (80-001) not published; cannot join caches. | Policy Guild | Path: src/Policy/StellaOps.Policy.Engine | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 26 — Reachability v1 | POLICY-ENGINE-80-003 | BLOCKED (2025-11-26) | Blocked by 80-002 and missing reachability predicates contract. | Policy Guild | Path: src/Policy/StellaOps.Policy.Engine | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 26 — Reachability v1 | POLICY-ENGINE-80-004 | BLOCKED (2025-11-26) | Blocked by 80-003; metrics depend on reachability integration. | Policy Guild | Path: src/Policy/StellaOps.Policy.Engine | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 26 — Reachability v1 | POLICY-SPL-24-001 | DONE (2025-11-26) | Extended SPL schema with reachability/exploitability predicates. | Policy Guild | Path: src/Policy/__Libraries/StellaOps.Policy | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 26 — Reachability v1 | SCHED-WORKER-26-201 | TODO | Implement reachability joiner worker. | Scheduler Worker Guild | Path: src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 26 — Reachability v1 | SCHED-WORKER-26-202 | TODO | Implement staleness monitor + notifications. | Scheduler Worker Guild | Path: src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 26 — Reachability v1 | SIGNALS-24-001 | BLOCKED (2025-10-27) | Stand up Signals API skeleton with RBAC + health checks. Host scaffold ready, waiting on `AUTH-SIG-26-001` to finalize scope issuance and tenant enforcement. | Signals Guild, Authority Guild | Path: src/Signals/StellaOps.Signals | 2025-10-19 |
|
||||
@@ -804,9 +804,9 @@ Consolidated task ledger for everything under `docs/implplan/archived/` (sprints
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 29 — Vulnerability Explorer | SCHED-WORKER-29-001 | TODO | Implement resolver worker applying ecosystem version semantics and path scope. | Scheduler Worker Guild | Path: src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 29 — Vulnerability Explorer | SCHED-WORKER-29-002 | TODO | Implement evaluation worker invoking Policy Engine and updating ledger queues. | Scheduler Worker Guild | Path: src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 29 — Vulnerability Explorer | SCHED-WORKER-29-003 | TODO | Add monitoring for resolver/evaluation backlog and SLA alerts. | Scheduler Worker & Observability Guilds | Path: src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 29 — Vulnerability Explorer | VULN-API-29-001 | TODO | Publish Vuln Explorer OpenAPI + query schemas. | Vuln Explorer API Guild | Path: src/VulnExplorer/StellaOps.VulnExplorer.Api | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 29 — Vulnerability Explorer | VULN-API-29-002 | TODO | Implement list/query endpoints with grouping, paging, cost budgets. | Vuln Explorer API Guild | Path: src/VulnExplorer/StellaOps.VulnExplorer.Api | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 29 — Vulnerability Explorer | VULN-API-29-003 | TODO | Implement detail endpoint combining evidence, policy rationale, paths, history. | Vuln Explorer API Guild | Path: src/VulnExplorer/StellaOps.VulnExplorer.Api | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 29 — Vulnerability Explorer | VULN-API-29-001 | DONE (2025-11-25) | Publish Vuln Explorer OpenAPI + query schemas. | Vuln Explorer API Guild | Path: src/VulnExplorer/StellaOps.VulnExplorer.Api | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 29 — Vulnerability Explorer | VULN-API-29-002 | DONE (2025-11-25) | Implemented list/query endpoints with deterministic paging and tests. | Vuln Explorer API Guild | Path: src/VulnExplorer/StellaOps.VulnExplorer.Api | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 29 — Vulnerability Explorer | VULN-API-29-003 | DONE (2025-11-25) | Detail endpoint returns evidence, rationale, paths; integration tests in place. | Vuln Explorer API Guild | Path: src/VulnExplorer/StellaOps.VulnExplorer.Api | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 29 — Vulnerability Explorer | VULN-API-29-004 | TODO | Expose workflow APIs writing ledger events with validation + idempotency. | Vuln Explorer API & Findings Ledger Guilds | Path: src/VulnExplorer/StellaOps.VulnExplorer.Api | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 29 — Vulnerability Explorer | VULN-API-29-005 | TODO | Implement policy simulation endpoint producing diffs without side effects. | Vuln Explorer API & Policy Guilds | Path: src/VulnExplorer/StellaOps.VulnExplorer.Api | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 29 — Vulnerability Explorer | VULN-API-29-006 | TODO | Integrate Graph Explorer paths metadata and deep-link parameters. | Vuln Explorer API Guild | Path: src/VulnExplorer/StellaOps.VulnExplorer.Api | 2025-10-19 |
|
||||
@@ -1123,7 +1123,7 @@ Consolidated task ledger for everything under `docs/implplan/archived/` (sprints
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 50 — Observability & Forensics Phase 1 – Baseline Telemetry | EXPORT-OBS-50-001 | TODO | Enable telemetry core in export planner/workers capturing bundle metadata. | Exporter Service Guild | Path: src/ExportCenter/StellaOps.ExportCenter | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 50 — Observability & Forensics Phase 1 – Baseline Telemetry | LEDGER-OBS-50-001 | TODO | Wire telemetry core through ledger writer/projector for append/replay operations. | Findings Ledger Guild | Path: src/Findings/StellaOps.Findings.Ledger | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 50 — Observability & Forensics Phase 1 – Baseline Telemetry | ORCH-OBS-50-001 | TODO | Instrument orchestrator scheduler/control APIs with telemetry core spans/logs. | Orchestrator Service Guild | Path: src/Orchestrator/StellaOps.Orchestrator | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 50 — Observability & Forensics Phase 1 – Baseline Telemetry | POLICY-OBS-50-001 | TODO | Instrument policy compile/evaluate flows with telemetry core spans/logs. | Policy Guild | Path: src/Policy/StellaOps.Policy.Engine | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 50 — Observability & Forensics Phase 1 – Baseline Telemetry | POLICY-OBS-50-001 | BLOCKED (2025-11-26) | Telemetry/metrics contract not published for Policy Engine; awaiting observability spec. | Policy Guild | Path: src/Policy/StellaOps.Policy.Engine | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 50 — Observability & Forensics Phase 1 – Baseline Telemetry | TASKRUN-OBS-50-001 | TODO | Adopt telemetry core in Task Runner host and workers with scrubbed transcripts. | Task Runner Guild | Path: src/TaskRunner/StellaOps.TaskRunner | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 50 — Observability & Forensics Phase 1 – Baseline Telemetry | TELEMETRY-OBS-50-001 | TODO | Bootstrap telemetry core library with structured logging, OTLP exporters, and deterministic bootstrap. | Observability Guild | Path: src/Telemetry/StellaOps.Telemetry.Core | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 50 — Observability & Forensics Phase 1 – Baseline Telemetry | TELEMETRY-OBS-50-002 | TODO | Deliver context propagation middleware for HTTP/gRPC/jobs/CLI carrying trace + tenant metadata. | Observability Guild | Path: src/Telemetry/StellaOps.Telemetry.Core | 2025-10-19 |
|
||||
@@ -1137,7 +1137,7 @@ Consolidated task ledger for everything under `docs/implplan/archived/` (sprints
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 51 — Observability & Forensics Phase 2 – SLOs & Dashboards | LEDGER-OBS-51-001 | TODO | Add ledger/projector metrics dashboards and burn-rate policies. | Findings Ledger Guild | Path: src/Findings/StellaOps.Findings.Ledger | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 51 — Observability & Forensics Phase 2 – SLOs & Dashboards | NOTIFY-OBS-51-001 | TODO | Ingest SLO burn-rate webhooks and deliver observability alerts. | Notifications Service Guild | Path: src/Notifier/StellaOps.Notifier | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 51 — Observability & Forensics Phase 2 – SLOs & Dashboards | ORCH-OBS-51-001 | TODO | Publish orchestration metrics, SLOs, and burn-rate alerts. | Orchestrator Service Guild | Path: src/Orchestrator/StellaOps.Orchestrator | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 51 — Observability & Forensics Phase 2 – SLOs & Dashboards | POLICY-OBS-51-001 | TODO | Publish policy evaluation metrics + dashboards meeting SLO targets. | Policy Guild | Path: src/Policy/StellaOps.Policy.Engine | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 51 — Observability & Forensics Phase 2 – SLOs & Dashboards | POLICY-OBS-51-001 | BLOCKED (2025-11-26) | Blocked by OBS-50-001 telemetry contract. | Policy Guild | Path: src/Policy/StellaOps.Policy.Engine | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 51 — Observability & Forensics Phase 2 – SLOs & Dashboards | TASKRUN-OBS-51-001 | TODO | Emit task runner golden-signal metrics and SLO alerts. | Task Runner Guild | Path: src/TaskRunner/StellaOps.TaskRunner | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 51 — Observability & Forensics Phase 2 – SLOs & Dashboards | TELEMETRY-OBS-51-001 | TODO | Ship metrics helpers + exemplar guards for golden signals. | Observability Guild | Path: src/Telemetry/StellaOps.Telemetry.Core | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 51 — Observability & Forensics Phase 2 – SLOs & Dashboards | TELEMETRY-OBS-51-002 | TODO | Implement logging scrubbing and tenant debug override controls. | Security Guild | Path: src/Telemetry/StellaOps.Telemetry.Core | 2025-10-19 |
|
||||
@@ -1148,13 +1148,13 @@ Consolidated task ledger for everything under `docs/implplan/archived/` (sprints
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 52 — Observability & Forensics Phase 3 – Timeline & Decision Logs | DEVOPS-OBS-52-001 | TODO | Configure streaming pipelines and schema validation for timeline events. | DevOps Guild | Path: ops/devops | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 52 — Observability & Forensics Phase 3 – Timeline & Decision Logs | CLI-OBS-52-001 | TODO | Add `stella obs trace` + log commands correlating timeline data. | DevEx/CLI Guild | Path: src/Cli/StellaOps.Cli | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 52 — Observability & Forensics Phase 3 – Timeline & Decision Logs | CONCELIER-OBS-52-001 | TODO | Emit advisory ingest/link timeline events with provenance metadata. | Concelier Core Guild | Path: src/Concelier/__Libraries/StellaOps.Concelier.Core | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 52 — Observability & Forensics Phase 3 – Timeline & Decision Logs | CONCELIER-WEB-OBS-52-001 | TODO (unblocked 2025-11-23) | Provide SSE bridge for advisory timeline events. | Concelier WebService Guild | Path: src/Concelier/StellaOps.Concelier.WebService | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 52 — Observability & Forensics Phase 3 – Timeline & Decision Logs | CONCELIER-WEB-OBS-52-001 | TODO (unblocked 2025-11-23) | Provide SSE bridge for advisory timeline events. | Concelier WebService Guild | Path: src/Concelier/StellaOps.Concelier.WebService | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 52 — Observability & Forensics Phase 3 – Timeline & Decision Logs | EXCITITOR-OBS-52-001 | TODO | Emit VEX ingest/link timeline events with justification info. | Excititor Core Guild | Path: src/Excititor/__Libraries/StellaOps.Excititor.Core | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 52 — Observability & Forensics Phase 3 – Timeline & Decision Logs | EXCITITOR-WEB-OBS-52-001 | TODO | Stream VEX timeline updates to clients with tenant filters. | Excititor WebService Guild | Path: src/Excititor/StellaOps.Excititor.WebService | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 52 — Observability & Forensics Phase 3 – Timeline & Decision Logs | EXPORT-OBS-52-001 | TODO | Publish export lifecycle events into timeline. | Exporter Service Guild | Path: src/ExportCenter/StellaOps.ExportCenter | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 52 — Observability & Forensics Phase 3 – Timeline & Decision Logs | LEDGER-OBS-52-001 | TODO | Record ledger append/projection events into timeline stream. | Findings Ledger Guild | Path: src/Findings/StellaOps.Findings.Ledger | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 52 — Observability & Forensics Phase 3 – Timeline & Decision Logs | ORCH-OBS-52-001 | TODO | Emit job lifecycle timeline events with tenant/project metadata. | Orchestrator Service Guild | Path: src/Orchestrator/StellaOps.Orchestrator | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 52 — Observability & Forensics Phase 3 – Timeline & Decision Logs | POLICY-OBS-52-001 | TODO | Emit policy decision timeline events with rule summaries and trace IDs. | Policy Guild | Path: src/Policy/StellaOps.Policy.Engine | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 52 — Observability & Forensics Phase 3 – Timeline & Decision Logs | POLICY-OBS-52-001 | BLOCKED (2025-11-26) | Blocked by OBS-51-001 and missing timeline event spec. | Policy Guild | Path: src/Policy/StellaOps.Policy.Engine | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 52 — Observability & Forensics Phase 3 – Timeline & Decision Logs | TASKRUN-OBS-52-001 | TODO | Emit pack run timeline events and dedupe logic. | Task Runner Guild | Path: src/TaskRunner/StellaOps.TaskRunner | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 52 — Observability & Forensics Phase 3 – Timeline & Decision Logs | TIMELINE-OBS-52-001 | TODO | Bootstrap timeline indexer service and schema with RLS scaffolding. | Timeline Indexer Guild | Path: src/TimelineIndexer/StellaOps.TimelineIndexer | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 52 — Observability & Forensics Phase 3 – Timeline & Decision Logs | TIMELINE-OBS-52-002 | TODO | Implement event ingestion pipeline with ordering and dedupe. | Timeline Indexer Guild | Path: src/TimelineIndexer/StellaOps.TimelineIndexer | 2025-10-19 |
|
||||
@@ -1162,7 +1162,7 @@ Consolidated task ledger for everything under `docs/implplan/archived/` (sprints
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 52 — Observability & Forensics Phase 3 – Timeline & Decision Logs | TIMELINE-OBS-52-004 | TODO | Finalize RLS + scope enforcement and audit logging for timeline reads. | Security Guild | Path: src/TimelineIndexer/StellaOps.TimelineIndexer | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 52 — Observability & Forensics Phase 3 – Timeline & Decision Logs | WEB-OBS-52-001 | TODO | Provide trace/log proxy endpoints bridging to timeline + log store. | BE-Base Platform Guild | Path: src/Web/StellaOps.Web | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 53 — Observability & Forensics Phase 4 – Evidence Locker | DOCS-CLI-FORENSICS-53-001 | TODO | Document `stella forensic` CLI workflows with sample bundles. | Docs Guild | Path: docs | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 53 — Observability & Forensics Phase 4 – Evidence Locker | DOCS-FORENSICS-53-001 | TODO | Publish `/docs/forensics/evidence-locker.md` covering bundles, WORM, legal holds. | Docs Guild | Path: docs | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 53 — Observability & Forensics Phase 4 – Evidence Locker | DOCS-FORENSICS-53-001 | DONE (2025-11-26) | Publish `/docs/forensics/evidence-locker.md` covering bundles, WORM, legal holds. | Docs Guild | Path: docs | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 53 — Observability & Forensics Phase 4 – Evidence Locker | DOCS-FORENSICS-53-003 | TODO | Publish `/docs/forensics/timeline.md` with schema and query examples. | Docs Guild | Path: docs | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 53 — Observability & Forensics Phase 4 – Evidence Locker | DEVOPS-OBS-53-001 | TODO | Provision WORM-capable storage, legal hold automation, and backup/restore scripts for evidence locker. | DevOps Guild | Path: ops/devops | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 53 — Observability & Forensics Phase 4 – Evidence Locker | CLI-FORENSICS-53-001 | TODO | Ship `stella forensic snapshot` commands invoking evidence locker. | DevEx/CLI Guild | Path: src/Cli/StellaOps.Cli | 2025-10-19 |
|
||||
@@ -1176,7 +1176,7 @@ Consolidated task ledger for everything under `docs/implplan/archived/` (sprints
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 53 — Observability & Forensics Phase 4 – Evidence Locker | EXPORT-OBS-53-001 | TODO | Store export manifests + transcripts within evidence bundles. | Exporter Service Guild | Path: src/ExportCenter/StellaOps.ExportCenter | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 53 — Observability & Forensics Phase 4 – Evidence Locker | LEDGER-OBS-53-001 | TODO | Persist evidence bundle references alongside ledger entries and expose lookup API. | Findings Ledger Guild | Path: src/Findings/StellaOps.Findings.Ledger | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 53 — Observability & Forensics Phase 4 – Evidence Locker | ORCH-OBS-53-001 | TODO | Attach job capsules + manifests to evidence locker snapshots. | Orchestrator Service Guild | Path: src/Orchestrator/StellaOps.Orchestrator | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 53 — Observability & Forensics Phase 4 – Evidence Locker | POLICY-OBS-53-001 | TODO | Build evaluation evidence bundles (inputs, rule traces, engine version). | Policy Guild | Path: src/Policy/StellaOps.Policy.Engine | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 53 — Observability & Forensics Phase 4 – Evidence Locker | POLICY-OBS-53-001 | BLOCKED (2025-11-26) | Evidence Locker bundle schema absent; depends on OBS-52-001. | Policy Guild | Path: src/Policy/StellaOps.Policy.Engine | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 53 — Observability & Forensics Phase 4 – Evidence Locker | TASKRUN-OBS-53-001 | TODO | Capture step transcripts and manifests into evidence bundles. | Task Runner Guild | Path: src/TaskRunner/StellaOps.TaskRunner | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 53 — Observability & Forensics Phase 4 – Evidence Locker | TIMELINE-OBS-53-001 | TODO | Link timeline events to evidence bundle digests and expose evidence lookup endpoint. | Timeline Indexer Guild | Path: src/TimelineIndexer/StellaOps.TimelineIndexer | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 54 — Observability & Forensics Phase 5 – Provenance & Verification | DOCS-FORENSICS-53-002 | TODO | Publish `/docs/forensics/provenance-attestation.md` covering signing + verification. | Docs Guild | Path: docs | 2025-10-19 |
|
||||
@@ -1191,7 +1191,7 @@ Consolidated task ledger for everything under `docs/implplan/archived/` (sprints
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 54 — Observability & Forensics Phase 5 – Provenance & Verification | EXCITITOR-WEB-OBS-54-001 | TODO | Expose `/attestations/vex/*` endpoints with verification summaries. | Excititor WebService Guild | Path: src/Excititor/StellaOps.Excititor.WebService | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 54 — Observability & Forensics Phase 5 – Provenance & Verification | EXPORT-OBS-54-001 | TODO | Produce export attestation manifests and CLI verification hooks. | Exporter Service Guild | Path: src/ExportCenter/StellaOps.ExportCenter | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 54 — Observability & Forensics Phase 5 – Provenance & Verification | ORCH-OBS-54-001 | TODO | Produce DSSE attestations for jobs and surface verification endpoint. | Orchestrator Service Guild | Path: src/Orchestrator/StellaOps.Orchestrator | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 54 — Observability & Forensics Phase 5 – Provenance & Verification | POLICY-OBS-54-001 | TODO | Generate DSSE attestations for policy evaluations and expose verification API. | Policy Guild | Path: src/Policy/StellaOps.Policy.Engine | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 54 — Observability & Forensics Phase 5 – Provenance & Verification | POLICY-OBS-54-001 | BLOCKED (2025-11-26) | Blocked by OBS-53-001; provenance/attestation contract missing. | Policy Guild | Path: src/Policy/StellaOps.Policy.Engine | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 54 — Observability & Forensics Phase 5 – Provenance & Verification | PROV-OBS-53-001 | TODO | Implement DSSE/SLSA models with deterministic serializer + test vectors. | Provenance Guild | Path: src/Provenance/StellaOps.Provenance.Attestation | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 54 — Observability & Forensics Phase 5 – Provenance & Verification | PROV-OBS-53-002 | TODO | Build signer abstraction (cosign/KMS/offline) with policy enforcement. | Provenance Guild | Path: src/Provenance/StellaOps.Provenance.Attestation | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 54 — Observability & Forensics Phase 5 – Provenance & Verification | PROV-OBS-54-001 | TODO | Deliver verification library validating DSSE signatures + Merkle roots. | Provenance Guild | Path: src/Provenance/StellaOps.Provenance.Attestation | 2025-10-19 |
|
||||
@@ -1210,7 +1210,7 @@ Consolidated task ledger for everything under `docs/implplan/archived/` (sprints
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 55 — Observability & Forensics Phase 6 – Incident Mode | LEDGER-OBS-55-001 | TODO | Extend retention and diagnostics capture during incident mode. | Findings Ledger Guild | Path: src/Findings/StellaOps.Findings.Ledger | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 55 — Observability & Forensics Phase 6 – Incident Mode | NOTIFY-OBS-55-001 | TODO | Send incident mode start/stop notifications with quick links to evidence/timeline. | Notifications Service Guild | Path: src/Notifier/StellaOps.Notifier | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 55 — Observability & Forensics Phase 6 – Incident Mode | ORCH-OBS-55-001 | TODO | Increase telemetry + evidence capture during incident mode and emit activation events. | Orchestrator Service Guild | Path: src/Orchestrator/StellaOps.Orchestrator | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 55 — Observability & Forensics Phase 6 – Incident Mode | POLICY-OBS-55-001 | TODO | Capture full rule traces + retention bump on incident activation with timeline events. | Policy Guild | Path: src/Policy/StellaOps.Policy.Engine | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 55 — Observability & Forensics Phase 6 – Incident Mode | POLICY-OBS-55-001 | BLOCKED (2025-11-26) | Incident mode sampling spec not defined; depends on OBS-54-001. | Policy Guild | Path: src/Policy/StellaOps.Policy.Engine | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 55 — Observability & Forensics Phase 6 – Incident Mode | TASKRUN-OBS-55-001 | TODO | Capture extra debug data + notifications for incident mode runs. | Task Runner Guild | Path: src/TaskRunner/StellaOps.TaskRunner | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 55 — Observability & Forensics Phase 6 – Incident Mode | TELEMETRY-OBS-55-001 | TODO | Implement incident mode sampling toggle API with activation audit trail. | Observability Guild | Path: src/Telemetry/StellaOps.Telemetry.Core | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 55 — Observability & Forensics Phase 6 – Incident Mode | WEB-OBS-55-001 | TODO | Deliver `/obs/incident-mode` control endpoints with audit + retention previews. | BE-Base Platform Guild | Path: src/Web/StellaOps.Web | 2025-10-19 |
|
||||
@@ -1398,12 +1398,12 @@ Consolidated task ledger for everything under `docs/implplan/archived/` (sprints
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 66 — Risk Profiles Phase 1 – Foundations | LEDGER-RISK-66-001 | TODO | Add risk scoring columns/indexes. | Findings Ledger Guild | Path: src/Findings/StellaOps.Findings.Ledger | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 66 — Risk Profiles Phase 1 – Foundations | LEDGER-RISK-66-002 | TODO | Implement deterministic scoring upserts. | Findings Ledger Guild | Path: src/Findings/StellaOps.Findings.Ledger | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 66 — Risk Profiles Phase 1 – Foundations | NOTIFY-RISK-66-001 | TODO | Create risk severity alert templates. | Notifications Service Guild | Path: src/Notifier/StellaOps.Notifier | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 66 — Risk Profiles Phase 1 – Foundations | POLICY-RISK-66-003 | TODO | Integrate schema validation into Policy Engine. | Policy Guild | Path: src/Policy/StellaOps.Policy.Engine | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 66 — Risk Profiles Phase 1 – Foundations | POLICY-RISK-66-001 | TODO | Deliver RiskProfile schema + validators. | Risk Profile Schema Guild | Path: src/Policy/StellaOps.Policy.RiskProfile | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 66 — Risk Profiles Phase 1 – Foundations | POLICY-RISK-66-002 | TODO | Implement inheritance/merge and hashing. | Risk Profile Schema Guild | Path: src/Policy/StellaOps.Policy.RiskProfile | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 66 — Risk Profiles Phase 1 – Foundations | POLICY-RISK-66-004 | TODO | Extend Policy libraries for RiskProfile handling. | Policy Guild | Path: src/Policy/__Libraries/StellaOps.Policy | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 66 — Risk Profiles Phase 1 – Foundations | RISK-ENGINE-66-001 | TODO | Scaffold risk engine queue/worker/registry. | Risk Engine Guild | Path: src/RiskEngine/StellaOps.RiskEngine | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 66 — Risk Profiles Phase 1 – Foundations | RISK-ENGINE-66-002 | TODO | Implement transforms/gates/contribution calculator. | Risk Engine Guild | Path: src/RiskEngine/StellaOps.RiskEngine | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 66 — Risk Profiles Phase 1 – Foundations | POLICY-RISK-66-003 | BLOCKED (2025-11-26) | Reachability inputs (80-001) and engine config contract not defined; cannot integrate. | Policy Guild | Path: src/Policy/StellaOps.Policy.Engine | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 66 — Risk Profiles Phase 1 – Foundations | POLICY-RISK-66-001 | DONE (2025-11-22) | Deliver RiskProfile schema + validators. | Risk Profile Schema Guild | Path: src/Policy/StellaOps.Policy.RiskProfile | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 66 — Risk Profiles Phase 1 – Foundations | POLICY-RISK-66-002 | DONE (2025-11-26) | Deterministic inheritance/merge + hashing delivered. | Risk Profile Schema Guild | Path: src/Policy/StellaOps.Policy.RiskProfile | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 66 — Risk Profiles Phase 1 – Foundations | POLICY-RISK-66-004 | BLOCKED (2025-11-26) | Blocked by 66-003; Policy libraries need config shape. | Policy Guild | Path: src/Policy/__Libraries/StellaOps.Policy | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 66 — Risk Profiles Phase 1 – Foundations | RISK-ENGINE-66-001 | DONE (2025-11-25) | Deterministic risk queue/worker/registry scaffolded. | Risk Engine Guild | Path: src/RiskEngine/StellaOps.RiskEngine | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 66 — Risk Profiles Phase 1 – Foundations | RISK-ENGINE-66-002 | DONE (2025-11-25) | Transforms/clamping/gating implemented. | Risk Engine Guild | Path: src/RiskEngine/StellaOps.RiskEngine | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 66 — Risk Profiles Phase 1 – Foundations | WEB-RISK-66-001 | TODO | Expose risk API routing in gateway. | BE-Base Platform Guild | Path: src/Web/StellaOps.Web | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 66 — Risk Profiles Phase 1 – Foundations | WEB-RISK-66-002 | TODO | Handle explainability downloads. | BE-Base Platform Guild | Path: src/Web/StellaOps.Web | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 67 — Risk Profiles Phase 2 – Providers & Lifecycle | DOCS-RISK-67-001 | TODO | Publish explainability doc. | Docs Guild | Path: docs | 2025-10-19 |
|
||||
@@ -1415,14 +1415,14 @@ Consolidated task ledger for everything under `docs/implplan/archived/` (sprints
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 67 — Risk Profiles Phase 2 – Providers & Lifecycle | EXCITITOR-RISK-67-001 | TODO | Add VEX explainability metadata. | Excititor Core Guild | Path: src/Excititor/__Libraries/StellaOps.Excititor.Core | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 67 — Risk Profiles Phase 2 – Providers & Lifecycle | NOTIFY-RISK-67-001 | TODO | Notify on profile publish/deprecate. | Notifications Service Guild | Path: src/Notifier/StellaOps.Notifier | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 67 — Risk Profiles Phase 2 – Providers & Lifecycle | NOTIFY-RISK-68-001 | TODO | (Prep) risk routing settings seeds. | Notifications Service Guild | Path: src/Notifier/StellaOps.Notifier | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 67 — Risk Profiles Phase 2 – Providers & Lifecycle | POLICY-RISK-67-001 | TODO | Enqueue scoring on new findings. | Policy Guild | Path: src/Policy/StellaOps.Policy.Engine | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 67 — Risk Profiles Phase 2 – Providers & Lifecycle | POLICY-RISK-67-002 | TODO | Deliver profile lifecycle APIs. | Policy Guild | Path: src/Policy/StellaOps.Policy.Engine | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 67 — Risk Profiles Phase 2 – Providers & Lifecycle | POLICY-RISK-67-001 | TODO | Integrate profiles into policy store lifecycle. | Risk Profile Schema Guild | Path: src/Policy/StellaOps.Policy.RiskProfile | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 67 — Risk Profiles Phase 2 – Providers & Lifecycle | POLICY-RISK-67-002 | TODO | Publish schema endpoint + validation tooling. | Risk Profile Schema Guild | Path: src/Policy/StellaOps.Policy.RiskProfile | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 67 — Risk Profiles Phase 2 – Providers & Lifecycle | POLICY-RISK-67-003 | TODO | Provide simulation orchestration APIs. | Policy Guild | Path: src/Policy/__Libraries/StellaOps.Policy | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 67 — Risk Profiles Phase 2 – Providers & Lifecycle | RISK-ENGINE-67-001 | TODO | Integrate CVSS/KEV providers. | Risk Engine Guild | Path: src/RiskEngine/StellaOps.RiskEngine | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 67 — Risk Profiles Phase 2 – Providers & Lifecycle | RISK-ENGINE-67-002 | TODO | Integrate VEX gate provider. | Risk Engine Guild | Path: src/RiskEngine/StellaOps.RiskEngine | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 67 — Risk Profiles Phase 2 – Providers & Lifecycle | RISK-ENGINE-67-003 | TODO | Add fix availability/criticality/exposure providers. | Risk Engine Guild | Path: src/RiskEngine/StellaOps.RiskEngine | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 67 — Risk Profiles Phase 2 – Providers & Lifecycle | POLICY-RISK-67-001 | BLOCKED (2025-11-26) | Depends on 66-003/66-004; reachability/config missing. | Policy Guild | Path: src/Policy/StellaOps.Policy.Engine | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 67 — Risk Profiles Phase 2 – Providers & Lifecycle | POLICY-RISK-67-002 | BLOCKED (2025-11-26) | Risk profile lifecycle contract/schema not published. | Policy Guild | Path: src/Policy/StellaOps.Policy.Engine | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 67 — Risk Profiles Phase 2 – Providers & Lifecycle | POLICY-RISK-67-001 | BLOCKED (2025-11-26) | Depends on 66-003/66-004; reachability/config missing. | Risk Profile Schema Guild | Path: src/Policy/StellaOps.Policy.RiskProfile | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 67 — Risk Profiles Phase 2 – Providers & Lifecycle | POLICY-RISK-67-002 | BLOCKED (2025-11-26) | Risk profile lifecycle contract/schema not published. | Risk Profile Schema Guild | Path: src/Policy/StellaOps.Policy.RiskProfile | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 67 — Risk Profiles Phase 2 – Providers & Lifecycle | POLICY-RISK-67-003 | BLOCKED (2025-11-26) | Blocked by 67-002 contract + simulation inputs. | Policy Guild | Path: src/Policy/__Libraries/StellaOps.Policy | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 67 — Risk Profiles Phase 2 – Providers & Lifecycle | RISK-ENGINE-67-001 | DONE (2025-11-25) | Integrated CVSS/KEV providers. | Risk Engine Guild | Path: src/RiskEngine/StellaOps.RiskEngine | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 67 — Risk Profiles Phase 2 – Providers & Lifecycle | RISK-ENGINE-67-002 | DONE (2025-11-25) | Added VEX gate provider. | Risk Engine Guild | Path: src/RiskEngine/StellaOps.RiskEngine | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 67 — Risk Profiles Phase 2 – Providers & Lifecycle | RISK-ENGINE-67-003 | DONE (2025-11-25) | Fix availability/criticality/exposure providers added. | Risk Engine Guild | Path: src/RiskEngine/StellaOps.RiskEngine | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 67 — Risk Profiles Phase 2 – Providers & Lifecycle | WEB-RISK-67-001 | TODO | Provide risk status endpoint. | BE-Base Platform Guild | Path: src/Web/StellaOps.Web | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 68 — Risk Profiles Phase 3 – APIs & Ledger | DOCS-RISK-68-001 | TODO | Publish risk bundle doc. | Docs Guild | Path: docs | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 68 — Risk Profiles Phase 3 – APIs & Ledger | DOCS-RISK-68-002 | TODO | Update AOC invariants doc. | Docs Guild | Path: docs | 2025-10-19 |
|
||||
@@ -1430,10 +1430,10 @@ Consolidated task ledger for everything under `docs/implplan/archived/` (sprints
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 68 — Risk Profiles Phase 3 – APIs & Ledger | LEDGER-RISK-67-001 | TODO | Provide scored findings query API. | Findings Ledger Guild | Path: src/Findings/StellaOps.Findings.Ledger | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 68 — Risk Profiles Phase 3 – APIs & Ledger | LEDGER-RISK-68-001 | TODO | Enable scored findings export. | Findings Ledger Guild | Path: src/Findings/StellaOps.Findings.Ledger | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 68 — Risk Profiles Phase 3 – APIs & Ledger | NOTIFY-RISK-68-001 | TODO | Configure risk notification routing UI/logic. | Notifications Service Guild | Path: src/Notifier/StellaOps.Notifier | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 68 — Risk Profiles Phase 3 – APIs & Ledger | POLICY-RISK-68-001 | TODO | Ship simulation API endpoint. | Policy Guild | Path: src/Policy/StellaOps.Policy.Engine | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 68 — Risk Profiles Phase 3 – APIs & Ledger | POLICY-RISK-68-002 | TODO | Support profile export/import. | Policy Guild | Path: src/Policy/__Libraries/StellaOps.Policy | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 68 — Risk Profiles Phase 3 – APIs & Ledger | RISK-ENGINE-68-001 | TODO | Persist scoring results & explanations. | Risk Engine Guild | Path: src/RiskEngine/StellaOps.RiskEngine | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 68 — Risk Profiles Phase 3 – APIs & Ledger | RISK-ENGINE-68-002 | TODO | Expose jobs/results/explanations APIs. | Risk Engine Guild | Path: src/RiskEngine/StellaOps.RiskEngine | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 68 — Risk Profiles Phase 3 – APIs & Ledger | POLICY-RISK-68-001 | BLOCKED (2025-11-26) | Simulation API blocked by 67-003 outputs and Policy Studio contract. | Policy Guild | Path: src/Policy/StellaOps.Policy.Engine | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 68 — Risk Profiles Phase 3 – APIs & Ledger | POLICY-RISK-68-002 | BLOCKED (2025-11-26) | Blocked until overrides/export signing rules are agreed. | Policy Guild | Path: src/Policy/__Libraries/StellaOps.Policy | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 68 — Risk Profiles Phase 3 – APIs & Ledger | RISK-ENGINE-68-001 | DONE (2025-11-25) | Persist scoring results & explanations. | Risk Engine Guild | Path: src/RiskEngine/StellaOps.RiskEngine | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 68 — Risk Profiles Phase 3 – APIs & Ledger | RISK-ENGINE-68-002 | DONE (2025-11-25) | Expose jobs/results/explanations APIs. | Risk Engine Guild | Path: src/RiskEngine/StellaOps.RiskEngine | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 68 — Risk Profiles Phase 3 – APIs & Ledger | WEB-RISK-68-001 | TODO | Emit severity transition events via gateway. | BE-Base Platform Guild | Path: src/Web/StellaOps.Web | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 69 — Risk Profiles Phase 4 – Simulation & Reporting | DOCS-RISK-67-001..004 | TODO | (Carry) ensure docs updated from simulation release. | Docs Guild | Path: docs | 2025-10-19 |
|
||||
| docs/implplan/archived/updates/tasks.md | Sprint 69 — Risk Profiles Phase 4 – Simulation & Reporting | RISK-BUNDLE-69-001 | TODO | Build risk bundle. | Risk Bundle Export Guild | Path: src/ExportCenter/StellaOps.ExportCenter.RiskBundles | 2025-10-19 |
|
||||
|
||||
@@ -1200,8 +1200,8 @@ This file describe implementation of Stella Ops (docs/README.md). Implementation
|
||||
| Sprint 52 | Observability & Forensics Phase 3 – Timeline & Decision Logs | src/TimelineIndexer/StellaOps.TimelineIndexer | TODO | Security Guild | TIMELINE-OBS-52-004 | Finalize RLS + scope enforcement and audit logging for timeline reads. |
|
||||
| Sprint 52 | Observability & Forensics Phase 3 – Timeline & Decision Logs | src/Web/StellaOps.Web | TODO | BE-Base Platform Guild | WEB-OBS-52-001 | Provide trace/log proxy endpoints bridging to timeline + log store. |
|
||||
| Sprint 53 | Observability & Forensics Phase 4 – Evidence Locker | docs | TODO | Docs Guild | DOCS-CLI-FORENSICS-53-001 | Document `stella forensic` CLI workflows with sample bundles. |
|
||||
| Sprint 53 | Observability & Forensics Phase 4 – Evidence Locker | docs | TODO | Docs Guild | DOCS-FORENSICS-53-001 | Publish `/docs/forensics/evidence-locker.md` covering bundles, WORM, legal holds. |
|
||||
| Sprint 53 | Observability & Forensics Phase 4 – Evidence Locker | docs | TODO | Docs Guild | DOCS-FORENSICS-53-003 | Publish `/docs/forensics/timeline.md` with schema and query examples. |
|
||||
| Sprint 53 | Observability & Forensics Phase 4 – Evidence Locker | docs | DONE (2025-11-26) | Docs Guild | DOCS-FORENSICS-53-001 | Publish `/docs/forensics/evidence-locker.md` covering bundles, WORM, legal holds. |
|
||||
| Sprint 53 | Observability & Forensics Phase 4 – Evidence Locker | docs | DONE (2025-11-26) | Docs Guild | DOCS-FORENSICS-53-003 | Publish `/docs/forensics/timeline.md` with schema and query examples. |
|
||||
| Sprint 53 | Observability & Forensics Phase 4 – Evidence Locker | ops/devops | TODO | DevOps Guild | DEVOPS-OBS-53-001 | Provision WORM-capable storage, legal hold automation, and backup/restore scripts for evidence locker. |
|
||||
| Sprint 53 | Observability & Forensics Phase 4 – Evidence Locker | src/Cli/StellaOps.Cli | TODO | DevEx/CLI Guild | CLI-FORENSICS-53-001 | Ship `stella forensic snapshot` commands invoking evidence locker. |
|
||||
| Sprint 53 | Observability & Forensics Phase 4 – Evidence Locker | src/Concelier/__Libraries/StellaOps.Concelier.Core | TODO | Concelier Core Guild | CONCELIER-OBS-53-001 | Generate advisory evidence payloads (raw doc, linkset diff) for locker. |
|
||||
@@ -1217,7 +1217,7 @@ This file describe implementation of Stella Ops (docs/README.md). Implementation
|
||||
| Sprint 53 | Observability & Forensics Phase 4 – Evidence Locker | src/Policy/StellaOps.Policy.Engine | TODO | Policy Guild | POLICY-OBS-53-001 | Build evaluation evidence bundles (inputs, rule traces, engine version). |
|
||||
| Sprint 53 | Observability & Forensics Phase 4 – Evidence Locker | src/TaskRunner/StellaOps.TaskRunner | TODO | Task Runner Guild | TASKRUN-OBS-53-001 | Capture step transcripts and manifests into evidence bundles. |
|
||||
| Sprint 53 | Observability & Forensics Phase 4 – Evidence Locker | src/TimelineIndexer/StellaOps.TimelineIndexer | TODO | Timeline Indexer Guild | TIMELINE-OBS-53-001 | Link timeline events to evidence bundle digests and expose evidence lookup endpoint. |
|
||||
| Sprint 54 | Observability & Forensics Phase 5 – Provenance & Verification | docs | TODO | Docs Guild | DOCS-FORENSICS-53-002 | Publish `/docs/forensics/provenance-attestation.md` covering signing + verification. |
|
||||
| Sprint 54 | Observability & Forensics Phase 5 – Provenance & Verification | docs | DONE (2025-11-26) | Docs Guild | DOCS-FORENSICS-53-002 | Publish `/docs/forensics/provenance-attestation.md` covering signing + verification. |
|
||||
| Sprint 54 | Observability & Forensics Phase 5 – Provenance & Verification | ops/devops | TODO | DevOps Guild | DEVOPS-OBS-54-001 | Manage provenance signing infrastructure (KMS keys, timestamp authority) and CI verification. |
|
||||
| Sprint 54 | Observability & Forensics Phase 5 – Provenance & Verification | src/Cli/StellaOps.Cli | TODO | DevEx/CLI Guild | CLI-FORENSICS-54-001 | Implement `stella forensic verify` command verifying bundles + signatures. |
|
||||
| Sprint 54 | Observability & Forensics Phase 5 – Provenance & Verification | src/Cli/StellaOps.Cli | TODO | DevEx/CLI Guild | CLI-FORENSICS-54-002 | Add `stella forensic attest show` command with signer/timestamp details. |
|
||||
|
||||
@@ -108,7 +108,7 @@
|
||||
| AIRGAP-CTL-57-001 | TODO | | SPRINT_510_airgap | AirGap Controller Guild | src/AirGap/StellaOps.AirGap.Controller | Add startup diagnostics that block application run when sealed flag set but egress policies missing; emit audit + telemetry. Dependencies: AIRGAP-CTL-56-002. | AIRGAP-CTL-56-002 | AGCT0101 |
|
||||
| AIRGAP-CTL-57-002 | TODO | | SPRINT_510_airgap | AirGap Controller Guild · Observability Guild | src/AirGap/StellaOps.AirGap.Controller | Instrument seal/unseal events with trace/log fields and timeline emission (`airgap.sealed`, `airgap.unsealed`). Dependencies: AIRGAP-CTL-57-001. | AIRGAP-CTL-57-001 | AGCT0101 |
|
||||
| AIRGAP-CTL-58-001 | TODO | | SPRINT_510_airgap | AirGap Controller Guild · AirGap Time Guild | src/AirGap/StellaOps.AirGap.Controller | Persist time anchor metadata, compute drift seconds, and surface staleness budgets in status API. Dependencies: AIRGAP-CTL-57-002. | AIRGAP-CTL-57-002 | AGCT0101 |
|
||||
| AIRGAP-DEVPORT-64-001 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild · DevPortal Offline Guild | docs/modules/export-center/devportal-offline.md | Depends on 071_AGCO0101 manifest decisions | Depends on 071_AGCO0101 manifest decisions | DEVL0102 |
|
||||
| AIRGAP-DEVPORT-64-001 | DONE (2025-11-23) | 2025-11-23 | SPRINT_302_docs_tasks_md_ii | Docs Guild · DevPortal Offline Guild | docs/modules/export-center/devportal-offline.md | Depends on 071_AGCO0101 manifest decisions | Depends on 071_AGCO0101 manifest decisions | DEVL0102 |
|
||||
| AIRGAP-IMP-56-001 | TODO | | SPRINT_510_airgap | AirGap Importer Guild | src/AirGap/StellaOps.AirGap.Importer | Implement DSSE verification helpers, TUF metadata parser (`root.json`, `snapshot.json`, `timestamp.json`), and Merkle root calculator. | ATLN0101 approvals | AGIM0101 |
|
||||
| AIRGAP-IMP-56-002 | TODO | | SPRINT_510_airgap | AirGap Importer Guild · Security Guild | src/AirGap/StellaOps.AirGap.Importer | Introduce root rotation policy validation (dual approval) and signer trust store management. Dependencies: AIRGAP-IMP-56-001. | AIRGAP-IMP-56-001 | AGIM0101 |
|
||||
| AIRGAP-IMP-57-001 | TODO | | SPRINT_510_airgap | AirGap Importer Guild | src/AirGap/StellaOps.AirGap.Importer | Write `bundle_catalog` and `bundle_items` repositories with RLS + deterministic migrations. Dependencies: AIRGAP-IMP-56-002. | Importer infra | AGIM0101 |
|
||||
@@ -657,7 +657,7 @@
|
||||
| DOCS-AIRGAP-58-002 | BLOCKED | 2025-11-25 | SPRINT_302_docs_tasks_md_ii | Docs Guild, Security Guild (docs) | | Update `/docs/security/trust-and-signing.md` with DSSE/TUF roots, rotation, and signed time tokens. Dependencies: DOCS-AIRGAP-58-001. | Blocked: DOCS-AIRGAP-58-001 awaiting staleness/time-anchor spec | DOCL0102 |
|
||||
| DOCS-AIRGAP-58-003 | BLOCKED | 2025-11-25 | SPRINT_302_docs_tasks_md_ii | Docs Guild · DevEx Guild | docs/modules/airgap | Publish `/docs/dev/airgap-contracts.md` describing EgressPolicy usage, sealed-mode tests, linting. Dependencies: DOCS-AIRGAP-58-002. | Blocked: DOCS-AIRGAP-58-002 outstanding | DOAG0101 |
|
||||
| DOCS-AIRGAP-58-004 | BLOCKED | 2025-11-25 | SPRINT_302_docs_tasks_md_ii | Docs Guild · Evidence Locker Guild | docs/modules/airgap | Document `/docs/airgap/portable-evidence.md` for exporting/importing portable evidence bundles across enclaves. Dependencies: DOCS-AIRGAP-58-003. | Blocked: DOCS-AIRGAP-58-003 outstanding; needs Evidence Locker attestation notes (002_ATEL0101) | DOAG0101 |
|
||||
| DOCS-AIRGAP-DEVPORT-64-001 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild · DevPortal Offline Guild | docs/modules/export-center/devportal-offline.md | Create `/docs/airgap/devportal-offline.md` describing offline bundle usage and verification. | Requires #3 draft | DEVL0102 |
|
||||
| DOCS-AIRGAP-DEVPORT-64-001 | DONE (2025-11-23) | 2025-11-23 | SPRINT_302_docs_tasks_md_ii | Docs Guild · DevPortal Offline Guild | docs/modules/export-center/devportal-offline.md | Create `/docs/airgap/devportal-offline.md` describing offline bundle usage and verification. | Requires #3 draft | DEVL0102 |
|
||||
| DOCS-ATTEST-73-001 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild, Attestor Service Guild (docs) | | Publish `/docs/modules/attestor/overview.md` with imposed rule banner. | — | DOAT0101 |
|
||||
| DOCS-ATTEST-73-002 | DONE | 2025-11-23 | SPRINT_302_docs_tasks_md_ii | Docs Guild, Attestation Payloads Guild (docs) | | Write `/docs/modules/attestor/payloads.md` with schemas/examples. Dependencies: DOCS-ATTEST-73-001. | — | DOAT0101 |
|
||||
| DOCS-ATTEST-73-003 | DONE | 2025-11-23 | SPRINT_302_docs_tasks_md_ii | Docs Guild, Policy Guild (docs) | | Publish `/docs/modules/attestor/policies.md` covering verification policies. Dependencies: DOCS-ATTEST-73-002. | — | DOAT0101 |
|
||||
@@ -676,30 +676,30 @@
|
||||
| DOCS-CONSOLE-OBS-52-001 | BLOCKED | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, Console Guild (docs) | | Document `/docs/console/observability.md` showcasing Observability Hub widgets, trace/log search, imposed rule banner, and accessibility tips. | Blocked: awaiting Console Observability Hub schemas/widgets from Console Guild | DOCL0101 |
|
||||
| DOCS-CONSOLE-OBS-52-002 | BLOCKED | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, Console Guild (docs) | | Publish `/docs/console/forensics.md` covering timeline explorer, evidence viewer, attestation verifier, imposed rule banner, and troubleshooting. Dependencies: DOCS-CONSOLE-OBS-52-001. | Blocked: upstream DOCS-CONSOLE-OBS-52-001 | DOCL0101 |
|
||||
| DOCS-CONTRIB-62-001 | DONE | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, API Governance Guild (docs) | docs/contributing/api-contracts.md | Publish `/docs/contributing/api-contracts.md` detailing how to edit OAS, lint rules, compatibility checks. | — | DOCL0101 |
|
||||
| DOCS-DETER-70-002 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Scanner Guild | docs/modules/scanner/determinism.md | Document the scanner determinism score process (`determinism.json` schema, CI harness, replay instructions) under `/docs/modules/scanner/determinism-score.md` and add a release-notes template entry. Dependencies: SCAN-DETER-186-010, DEVOPS-SCAN-90-004. | Need deterministic suite notes from 137_SCDT0101 | DOSC0101 |
|
||||
| DOCS-DETER-70-002 | DONE (2025-11-26) | 2025-11-26 | SPRINT_304_docs_tasks_md_iv | Docs Guild · Scanner Guild | docs/modules/scanner/determinism-score.md | Document the scanner determinism score process (`determinism.json` schema, CI harness, replay instructions) under `/docs/modules/scanner/determinism-score.md` and add a release-notes template entry. Dependencies: SCAN-DETER-186-010, DEVOPS-SCAN-90-004. | — | DOSC0101 |
|
||||
| DOCS-DEVPORT-62-001 | DONE | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, Developer Portal Guild (docs) | docs/devportal/publishing.md | Document `/docs/devportal/publishing.md` for build pipeline, offline bundle steps. | — | DOCL0101 |
|
||||
| DOCS-DSL-401-005 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild (`docs/policy/dsl.md`, `docs/policy/lifecycle.md`) | `docs/policy/dsl.md`, `docs/policy/lifecycle.md` | Refresh `docs/policy/dsl.md` + lifecycle docs with the new syntax, signal dictionary (`trust_score`, `reachability`, etc.), authoring workflow, and safety rails (shadow mode, coverage tests). | — | DOCL0101 |
|
||||
| DOCS-ENTROPY-70-004 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Scanner Guild | docs/modules/scanner/determinism.md | Publish entropy analysis documentation (scoring heuristics, JSON schemas, policy hooks, UI guidance) under `docs/modules/scanner/entropy.md` and update trust-lattice references. Dependencies: SCAN-ENTROPY-186-011/012, POLICY-RISK-90-001. | Requires entropy guardrails from 078_SCSA0301 | DOSC0101 |
|
||||
| DOCS-DSL-401-005 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild (`docs/policy/dsl.md`, `docs/policy/lifecycle.md`) | `docs/policy/dsl.md`, `docs/policy/lifecycle.md` | Refresh `docs/policy/dsl.md` + lifecycle docs with the new syntax, signal dictionary (`trust_score`, `reachability`, etc.), authoring workflow, and safety rails (shadow mode, coverage tests). | — | DOCL0101 |
|
||||
| DOCS-ENTROPY-70-004 | DONE (2025-11-26) | 2025-11-26 | SPRINT_304_docs_tasks_md_iv | Docs Guild · Scanner Guild | docs/modules/scanner/entropy.md | Publish entropy analysis documentation (scoring heuristics, JSON schemas, policy hooks, UI guidance) under `docs/modules/scanner/entropy.md` and update trust-lattice references. Dependencies: SCAN-ENTROPY-186-011/012, POLICY-RISK-90-001. | — | DOSC0101 |
|
||||
| DOCS-EXC-25-001 | BLOCKED | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild | docs/modules/excititor | Author `/docs/governance/exceptions.md` covering lifecycle, scope patterns, examples, compliance checklist. | Blocked: waiting on CLEX0101 exception governance spec and UI workflow | DOEX0102 |
|
||||
| DOCS-EXC-25-002 | BLOCKED | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild | docs/modules/excititor | Publish `/docs/governance/approvals-and-routing.md` detailing roles, routing matrix, MFA rules, audit trails. Dependencies: DOCS-EXC-25-001. | Blocked: upstream DOCS-EXC-25-001 | DOEX0102 |
|
||||
| DOCS-EXC-25-003 | BLOCKED | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild | docs/modules/excititor | Create `/docs/api/exceptions.md` with endpoints, payloads, errors, idempotency notes. Dependencies: DOCS-EXC-25-002. | Blocked: upstream DOCS-EXC-25-002 | DOEX0102 |
|
||||
| DOCS-EXC-25-005 | BLOCKED | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs + Accessibility Guilds | docs/modules/excititor | Write `/docs/ui/exception-center.md` with UI walkthrough, badges, accessibility, shortcuts. Dependencies: DOCS-EXC-25-003. | Blocked: upstream DOCS-EXC-25-003 | DOEX0102 |
|
||||
| DOCS-EXC-25-006 | TODO | | SPRINT_303_docs_tasks_md_iii | Docs Guild | docs/modules/excititor | Update `/docs/modules/cli/guides/exceptions.md` covering command usage and exit codes. Dependencies: DOCS-EXC-25-005. | CLEX0101 | DOEX0102 |
|
||||
| DOCS-EXC-25-007 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · DevOps Guild | docs/modules/excititor | Publish `/docs/migration/exception-governance.md` describing cutover from legacy suppressions, notifications, rollback. Dependencies: DOCS-EXC-25-006. | UIEX0101 & Ops runbooks | DOEX0102 |
|
||||
| DOCS-EXPORT-37-004 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Export Center Guild | docs/modules/export-center | Publish `/docs/security/export-hardening.md` outlining RBAC, tenancy, encryption, redaction, restating imposed rule. | Wait for ATMI0102 orchestration notes | DOEC0102 |
|
||||
| DOCS-EXPORT-37-005 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Export Center Guild | docs/modules/export-center | Validate Export Center docs against live Trivy/mirror bundles once implementation lands; refresh examples and CLI snippets accordingly. Dependencies: DOCS-EXPORT-37-004. | Needs AGDP0101 manifest schema | DOEC0102 |
|
||||
| DOCS-EXPORT-37-101 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · DevOps Guild | docs/modules/export-center | Refresh CLI verification sections once `stella export verify` lands (flags, exit codes, samples). Dependencies: DOCS-EXPORT-37-005. | Depends on DVDO0105 deployment guide | DOEC0102 |
|
||||
| DOCS-EXPORT-37-102 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Evidence Locker Guild | docs/modules/export-center | Embed export dashboards/alerts references into provenance/runbook docs after Grafana work ships. Dependencies: DOCS-EXPORT-37-101. | Requires ATEL0102 attestation feed | DOEC0102 |
|
||||
| DOCS-FORENSICS-53-001 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Evidence Locker Guild | docs/modules/evidence-locker/forensics.md | Publish `/docs/forensics/evidence-locker.md` describing bundle formats, WORM options, retention, legal hold, and imposed rule banner. | Need DSSE digest notes from 002_ATEL0101 | DOEL0101 |
|
||||
| DOCS-FORENSICS-53-002 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Provenance Guild | docs/modules/evidence-locker/forensics.md | Release `/docs/forensics/provenance-attestation.md` covering DSSE schema, signing process, verification workflow, and imposed rule banner. Dependencies: DOCS-FORENSICS-53-001. | Waiting on provenance recorder sample (104_RBRE0101) | DOEL0101 |
|
||||
| DOCS-FORENSICS-53-003 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Timeline Indexer Guild | docs/modules/evidence-locker/forensics.md | Publish `/docs/forensics/timeline.md` with schema, event kinds, filters, query examples, and imposed rule banner. Dependencies: DOCS-FORENSICS-53-002. | Requires timeline indexer export from 055_AGIM0101 | DOEL0101 |
|
||||
| DOCS-GRAPH-24-001 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Graph Guild | docs/modules/graph | Author `/docs/ui/sbom-graph-explorer.md` detailing overlays, filters, saved views, accessibility, and AOC visibility. | Wait for GRAP0101 contract freeze | DOGR0101 |
|
||||
| DOCS-GRAPH-24-002 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · UI Guild | docs/modules/graph | Publish `/docs/ui/vulnerability-explorer.md` covering table usage, grouping, fix suggestions, Why drawer. Dependencies: DOCS-GRAPH-24-001. | Needs SBOM/VEX dataflow confirmation (PLLG0104) | DOGR0101 |
|
||||
| DOCS-GRAPH-24-003 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · SBOM Guild | docs/modules/graph | Create `/docs/modules/graph/architecture-index.md` describing data model, ingestion pipeline, caches, events. Dependencies: DOCS-GRAPH-24-002. | Unblocked: SBOM join spec delivered with CARTO-GRAPH-21-002 (2025-11-17). | DOGR0101 |
|
||||
| DOCS-EXC-25-007 | DONE (2025-11-26) | 2025-11-26 | SPRINT_304_docs_tasks_md_iv | Docs Guild · DevOps Guild | docs/migration/exception-governance.md | Publish `/docs/migration/exception-governance.md` describing cutover from legacy suppressions, notifications, rollback. Dependencies: DOCS-EXC-25-006. | — | DOEX0102 |
|
||||
| DOCS-EXPORT-37-004 | DONE (2025-11-26) | 2025-11-26 | SPRINT_304_docs_tasks_md_iv | Docs Guild · Export Center Guild | docs/security/export-hardening.md | Publish `/docs/security/export-hardening.md` outlining RBAC, tenancy, encryption, redaction, restating imposed rule. | — | DOEC0102 |
|
||||
| DOCS-EXPORT-37-005 | BLOCKED | 2025-11-26 | SPRINT_304_docs_tasks_md_iv | Docs Guild · Export Center Guild | docs/modules/export-center | Validate Export Center docs against live Trivy/mirror bundles once implementation lands; refresh examples and CLI snippets accordingly. Dependencies: DOCS-EXPORT-37-004. | Blocked: awaiting live bundle verification | DOEC0102 |
|
||||
| DOCS-EXPORT-37-101 | BLOCKED | 2025-11-26 | SPRINT_304_docs_tasks_md_iv | Docs Guild · DevOps Guild | docs/modules/export-center | Refresh CLI verification sections once `stella export verify` lands (flags, exit codes, samples). Dependencies: DOCS-EXPORT-37-005. | Blocked: 37-005 pending live bundle validation | DOEC0102 |
|
||||
| DOCS-EXPORT-37-102 | BLOCKED | 2025-11-26 | SPRINT_304_docs_tasks_md_iv | Docs Guild · Evidence Locker Guild | docs/modules/export-center | Embed export dashboards/alerts references into provenance/runbook docs after Grafana work ships. Dependencies: DOCS-EXPORT-37-101. | Blocked: 37-101 blocked on live bundle validation | DOEC0102 |
|
||||
| DOCS-FORENSICS-53-001 | DONE (2025-11-26) | 2025-11-26 | SPRINT_304_docs_tasks_md_iv | Docs Guild · Evidence Locker Guild | docs/forensics/evidence-locker.md | Publish `/docs/forensics/evidence-locker.md` describing bundle formats, WORM options, retention, legal hold, and imposed rule banner. | — | DOEL0101 |
|
||||
| DOCS-FORENSICS-53-002 | DONE (2025-11-26) | 2025-11-26 | SPRINT_304_docs_tasks_md_iv | Docs Guild · Provenance Guild | docs/forensics/provenance-attestation.md | Release `/docs/forensics/provenance-attestation.md` covering DSSE schema, signing process, verification workflow, and imposed rule banner. Dependencies: DOCS-FORENSICS-53-001. | — | DOEL0101 |
|
||||
| DOCS-FORENSICS-53-003 | DONE (2025-11-26) | 2025-11-26 | SPRINT_304_docs_tasks_md_iv | Docs Guild · Timeline Indexer Guild | docs/forensics/timeline.md | Publish `/docs/forensics/timeline.md` with schema, event kinds, filters, query examples, and imposed rule banner. Dependencies: DOCS-FORENSICS-53-002. | — | DOEL0101 |
|
||||
| DOCS-GRAPH-24-001 | DONE (2025-11-26) | 2025-11-26 | SPRINT_304_docs_tasks_md_iv | Docs Guild · Graph Guild | docs/ui/sbom-graph-explorer.md | Author `/docs/ui/sbom-graph-explorer.md` detailing overlays, filters, saved views, accessibility, and AOC visibility. | — | DOGR0101 |
|
||||
| DOCS-GRAPH-24-002 | DONE (2025-11-26) | 2025-11-26 | SPRINT_304_docs_tasks_md_iv | Docs Guild · UI Guild | docs/ui/vulnerability-explorer.md | Publish `/docs/ui/vulnerability-explorer.md` covering table usage, grouping, fix suggestions, Why drawer. Dependencies: DOCS-GRAPH-24-001. | — | DOGR0101 |
|
||||
| DOCS-GRAPH-24-003 | DONE (2025-11-26) | 2025-11-26 | SPRINT_304_docs_tasks_md_iv | Docs Guild · SBOM Guild | docs/modules/graph | Create `/docs/modules/graph/architecture-index.md` describing data model, ingestion pipeline, caches, events. Dependencies: DOCS-GRAPH-24-002. | Unblocked: SBOM join spec delivered with CARTO-GRAPH-21-002 (2025-11-17). | DOGR0101 |
|
||||
| DOCS-GRAPH-24-004 | DONE (2025-11-26) | 2025-11-26 | SPRINT_304_docs_tasks_md_iv | Docs Guild · BE-Base Guild | docs/api/graph.md; docs/api/vuln.md | Document `/docs/api/graph.md` and `/docs/api/vuln.md` avec endpoints, parameters, errors, RBAC. Dependencies: DOCS-GRAPH-24-003. | Require replay hooks from RBBN0101 | DOGR0101 |
|
||||
| DOCS-GRAPH-24-005 | DONE (2025-11-26) | 2025-11-26 | SPRINT_304_docs_tasks_md_iv | Docs Guild · DevEx/CLI Guild | docs/modules/graph | Update `/docs/modules/cli/guides/graph-and-vuln.md` covering new CLI commands, exit codes, scripting. Dependencies: DOCS-GRAPH-24-004. | — | DOGR0101 |
|
||||
| DOCS-GRAPH-24-006 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Policy Guild | docs/modules/graph | Write `/docs/policy/ui-integration.md` explaining overlays, cache usage, simulator contracts. Dependencies: DOCS-GRAPH-24-005. | Needs policy outputs from PLVL0102 | DOGR0101 |
|
||||
| DOCS-GRAPH-24-007 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · DevOps Guild | docs/modules/graph | Produce `/docs/migration/graph-parity.md` with rollout plan, parity checks, fallback guidance. Dependencies: DOCS-GRAPH-24-006. | Depends on DVDO0108 deployment notes | DOGR0101 |
|
||||
| DOCS-GRAPH-24-006 | DONE (2025-11-26) | 2025-11-26 | SPRINT_304_docs_tasks_md_iv | Docs Guild · Policy Guild | docs/policy/ui-integration.md | Write `/docs/policy/ui-integration.md` explaining overlays, cache usage, simulator contracts. Dependencies: DOCS-GRAPH-24-005. | — | DOGR0101 |
|
||||
| DOCS-GRAPH-24-007 | DONE (2025-11-26) | 2025-11-26 | SPRINT_304_docs_tasks_md_iv | Docs Guild · DevOps Guild | docs/migration/graph-parity.md | Produce `/docs/migration/graph-parity.md` with rollout plan, parity checks, fallback guidance. Dependencies: DOCS-GRAPH-24-006. | — | DOGR0101 |
|
||||
| DOCS-INSTALL-44-001 | BLOCKED | 2025-11-25 | SPRINT_305_docs_tasks_md_v | Docs Guild · Deployment Guild | docs/install | Publish `/docs/install/overview.md` and `/docs/install/compose-quickstart.md` with imposed rule line and copy-ready commands. | Blocked: waiting on DVPL0101 compose schema + service list/version pins | DOIS0101 |
|
||||
| DOCS-INSTALL-45-001 | BLOCKED | 2025-11-25 | SPRINT_305_docs_tasks_md_v | Docs Guild · Deployment Guild | docs/install | Publish `/docs/install/helm-prod.md` and `/docs/install/configuration-reference.md` with values tables and imposed rule reminder. Dependencies: DOCS-INSTALL-44-001. | Blocked: upstream DOCS-INSTALL-44-001 and TLS guidance (127_SIGR0101) | DOIS0101 |
|
||||
| DOCS-INSTALL-46-001 | BLOCKED | 2025-11-25 | SPRINT_305_docs_tasks_md_v | Docs Guild · Deployment Guild | docs/install | Publish `/docs/install/airgap.md`, `/docs/security/supply-chain.md`, `/docs/operations/health-and-readiness.md`, `/docs/release/image-catalog.md`, `/docs/console/onboarding.md` (each with imposed rule). Dependencies: DOCS-INSTALL-45-001. | Blocked: upstream DOCS-INSTALL-45-001 and 126_RLRC0101 replay hooks | DOIS0101 |
|
||||
@@ -731,9 +731,9 @@
|
||||
| DOCS-ORCH-34-004 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild · Observability Guild | docs/modules/orchestrator | Document `/docs/schemas/artifacts.md` describing artifact kinds, schema versions, hashing, storage layout, restating imposed rule. Dependencies: DOCS-ORCH-34-003. | Wait for observability dashboards (063_OROB0101) | DOOR0102 |
|
||||
| DOCS-ORCH-34-005 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild · BE-Base Guild | docs/modules/orchestrator | Author `/docs/slo/orchestrator-slo.md` defining SLOs, burn alerts, measurement, and reiterating imposed rule. Dependencies: DOCS-ORCH-34-004. | Needs replay linkage from 042_RPRC0101 | DOOR0102 |
|
||||
| DOCS-POLICY-23-003 | TODO | | SPRINT_307_docs_tasks_md_vii | Docs Guild | docs/policy/lifecycle.md | Produce `/docs/policy/runtime.md` covering compiler, evaluator, caching, events, SLOs. Dependencies: DOCS-POLICY-23-002. | DOCS-POLICY-23-002 | POKT0101 |
|
||||
| DOCS-POLICY-23-004 | TODO | | SPRINT_307_docs_tasks_md_vii | Docs Guild · UI Guild | docs/policy/lifecycle.md | Document `/docs/policy/editor.md` (UI walkthrough, validation, simulation, approvals). Dependencies: DOCS-POLICY-23-003. | DOCS-POLICY-23-003 | POKT0101 |
|
||||
| DOCS-POLICY-23-005 | TODO | | SPRINT_307_docs_tasks_md_vii | Docs Guild · DevOps Guild | docs/policy/lifecycle.md | Publish `/docs/policy/governance.md` (roles, scopes, approvals, signing, exceptions). Dependencies: DOCS-POLICY-23-004. | Depends on DevOps automation (141_DVDO0107) | DOPL0101 |
|
||||
| DOCS-POLICY-23-006 | TODO | | SPRINT_307_docs_tasks_md_vii | Docs Guild · DevEx/CLI Guild | docs/policy/lifecycle.md | Update `/docs/api/policy.md` with new endpoints, schemas, errors, pagination. Dependencies: DOCS-POLICY-23-005. | Wait for CLI commands (132_CLCI0110) | DOPL0101 |
|
||||
| DOCS-POLICY-23-004 | DONE (2025-11-26) | 2025-11-26 | SPRINT_307_docs_tasks_md_vii | Docs Guild · UI Guild | docs/policy/editor.md | Document `/docs/policy/editor.md` (UI walkthrough, validation, simulation, approvals). Dependencies: DOCS-POLICY-23-003. | DOCS-POLICY-23-003 | POKT0101 |
|
||||
| DOCS-POLICY-23-005 | DONE (2025-11-26) | 2025-11-26 | SPRINT_307_docs_tasks_md_vii | Docs Guild · DevOps Guild | docs/policy/governance.md | Publish `/docs/policy/governance.md` (roles, scopes, approvals, signing, exceptions). Dependencies: DOCS-POLICY-23-004. | — | DOPL0101 |
|
||||
| DOCS-POLICY-23-006 | DONE (2025-11-26) | 2025-11-26 | SPRINT_307_docs_tasks_md_vii | Docs Guild · DevEx/CLI Guild | docs/policy/api.md | Update `/docs/api/policy.md` with new endpoints, schemas, errors, pagination. Dependencies: DOCS-POLICY-23-005. | — | DOPL0101 |
|
||||
| DOCS-POLICY-23-007 | TODO | | SPRINT_307_docs_tasks_md_vii | Docs Guild · Observability Guild | docs/policy/lifecycle.md | Update `/docs/modules/cli/guides/policy.md` for lint/simulate/activate/history commands, exit codes. Dependencies: DOCS-POLICY-23-006. | Requires observability hooks (066_PLOB0101) | DOPL0101 |
|
||||
| DOCS-POLICY-23-008 | TODO | | SPRINT_307_docs_tasks_md_vii | Docs Guild · Policy Guild | docs/policy/lifecycle.md | Refresh `/docs/modules/policy/architecture.md` with data model, sequence diagrams, event flows. Dependencies: DOCS-POLICY-23-007. | Needs waiver examples from 005_ATLN0101 | DOPL0101 |
|
||||
| DOCS-POLICY-23-009 | TODO | | SPRINT_307_docs_tasks_md_vii | Docs Guild · DevOps Guild | docs/policy/lifecycle.md | Create `/docs/migration/policy-parity.md` covering dual-run parity plan and rollback. Dependencies: DOCS-POLICY-23-008. | Need DevOps rollout notes (DVDO0108) | DOPL0102 |
|
||||
@@ -753,7 +753,7 @@
|
||||
| DOCS-POLICY-27-013 | BLOCKED | 2025-10-27 | SPRINT_308_docs_tasks_md_viii | Docs Guild · Policy Guild | docs/policy/runs.md | Update `/docs/examples/policy-templates.md` with new templates, snippets, and sample policies. Dependencies: DOCS-POLICY-27-012. | Await policy guild approval | DOPL0103 |
|
||||
| DOCS-POLICY-27-014 | BLOCKED | 2025-10-27 | SPRINT_308_docs_tasks_md_viii | Docs Guild · Policy Registry Guild | docs/policy/runs.md | Refresh `/docs/aoc/aoc-guardrails.md` to include Studio-specific guardrails and validation scenarios. Dependencies: DOCS-POLICY-27-013. | Needs policy registry approvals | DOPL0103 |
|
||||
| DOCS-POLICY-DET-01 | TODO | | SPRINT_301_docs_tasks_md_i | Docs Guild · Policy Guild | docs/policy/runs.md | Extend `docs/modules/policy/architecture.md` with determinism gate semantics and provenance references. | Depends on deterministic harness (137_SCDT0101) | DOPL0103 |
|
||||
| DOCS-PROMO-70-001 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Provenance Guild | docs/modules/provenance | Publish `/docs/release/promotion-attestations.md` describing the promotion workflow (CLI commands, Signer/Attestor integration, offline verification) and update `/docs/forensics/provenance-attestation.md` with the new predicate. Dependencies: PROV-OBS-53-003, CLI-PROMO-70-002. | Need provenance promo outline from Provenance Guild | DOPV0101 |
|
||||
| DOCS-PROMO-70-001 | DONE (2025-11-26) | 2025-11-26 | SPRINT_304_docs_tasks_md_iv | Docs Guild · Provenance Guild | docs/release/promotion-attestations.md | Publish `/docs/release/promotion-attestations.md` describing the promotion workflow (CLI commands, Signer/Attestor integration, offline verification) and update `/docs/forensics/provenance-attestation.md` with the new predicate. Dependencies: PROV-OBS-53-003, CLI-PROMO-70-002. | — | DOPV0101 |
|
||||
| DOCS-REACH-201-006 | TODO | | SPRINT_400_runtime_facts_static_callgraph_union | Docs Guild · Runtime Evidence Guild | docs/reachability | Author the reachability doc set (`docs/signals/reachability.md`, `callgraph-formats.md`, `runtime-facts.md`, CLI/UI appendices) plus update Zastava + Replay guides with the new evidence and operators’ workflow. | Needs RBRE0101 provenance hook summary | DORC0101 |
|
||||
| DOCS-REPLAY-185-003 | TODO | | SPRINT_185_shared_replay_primitives | Docs Guild · Platform Data Guild | docs/replay | Author `docs/data/replay_schema.md` detailing `replay_runs`, `replay_bundles`, `replay_subjects` collections, index guidance, and offline sync strategy aligned with Replay CAS. | Need RPRC0101 API freeze | DORR0101 |
|
||||
| DOCS-REPLAY-185-004 | TODO | | SPRINT_185_shared_replay_primitives | Docs Guild | docs/replay | Expand `docs/replay/DEVS_GUIDE_REPLAY.md` with integration guidance for consuming services (Scanner, Evidence Locker, CLI) and add checklist derived from `docs/replay/DETERMINISTIC_REPLAY.md` Section 11. | Depends on #1 | DORR0101 |
|
||||
@@ -768,7 +768,7 @@
|
||||
| DOCS-RISK-67-004 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild · CLI Guild | docs/risk | Publish `/docs/modules/cli/guides/risk.md` covering CLI workflows. Dependencies: DOCS-RISK-67-003. | Requires CLI samples from 132_CLCI0110 | DORS0101 |
|
||||
| DOCS-RISK-68-001 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild · Export Guild | docs/risk | Add `/docs/airgap/risk-bundles.md` for offline factor bundles. Dependencies: DOCS-RISK-67-004. | Wait for export contract (069_AGEX0101) | DORS0101 |
|
||||
| DOCS-RISK-68-002 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild · Security Guild | docs/risk | Update `/docs/security/aoc-invariants.md` with risk scoring provenance guarantees. Dependencies: DOCS-RISK-68-001. | Requires security approvals | DORS0101 |
|
||||
| DOCS-RUNBOOK-401-017 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · Ops Guild | `docs/runbooks/reachability-runtime.md`, `docs/reachability/DELIVERY_GUIDE.md` | Publish the reachability runtime ingestion runbook, link it from delivery guides, and keep Ops/Signals troubleshooting steps current. | Need latest reachability metrics from RBBN0101 | DORU0101 |
|
||||
| DOCS-RUNBOOK-401-017 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · Ops Guild | `docs/runbooks/reachability-runtime.md`, `docs/reachability/DELIVERY_GUIDE.md` | Publish the reachability runtime ingestion runbook, link it from delivery guides, and keep Ops/Signals troubleshooting steps current. | — | DORU0101 |
|
||||
| DOCS-RUNBOOK-55-001 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild · Ops Guild | docs/runbooks | Author `/docs/runbooks/incidents.md` describing incident mode activation, escalation steps, retention impact, verification checklist, and imposed rule banner. | Requires deployment checklist from DVPL0101 | DORU0101 |
|
||||
| DOCS-SCANNER-BENCH-62-002 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · Product Guild | docs/modules/scanner/benchmarks | Capture customer demand for Windows/macOS analyzer coverage and document outcomes. | Need bench inputs from SCSA0301 | DOSB0101 |
|
||||
| DOCS-SCANNER-BENCH-62-003 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · Product Guild | docs/modules/scanner/benchmarks | Capture Python lockfile/editable install requirements and document policy guidance. | Depends on #1 | DOSB0101 |
|
||||
@@ -790,7 +790,7 @@
|
||||
| DOCS-SIG-26-007 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild · Policy Guild | docs/modules/signals | Publish `/docs/api/signals.md` covering endpoints, payloads, ETags, errors. Dependencies: DOCS-SIG-26-006. | Needs policy overlay from PLVL0102 | DOSG0101 |
|
||||
| DOCS-SIG-26-008 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · Notifications Guild | docs/modules/signals | Write `/docs/migration/enable-reachability.md` guiding rollout, fallbacks, monitoring. Dependencies: DOCS-SIG-26-007. | Depends on notifications hooks (058_NOTY0101) | DOSG0101 |
|
||||
| DOCS-SURFACE-01 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · Surface Guild | docs/modules/scanner/surface | Create `/docs/modules/scanner/scanner-engine.md` covering Surface.FS/Env/Secrets workflow between Scanner, Zastava, Scheduler, and Ops. | Need latest surface emit notes (SCANNER-SURFACE-04) | DOSS0101 |
|
||||
| DOCS-SYMS-70-003 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Symbols Guild | docs/modules/symbols | Author symbol-server architecture/spec docs (`docs/specs/symbols/SYMBOL_MANIFEST_v1.md`, API reference, bundle guide) and update reachability guides with symbol lookup workflow and tenant controls. Dependencies: SYMS-SERVER-401-011, SYMS-INGEST-401-013. | Need RBSY0101 cache notes | DOSY0101 |
|
||||
| DOCS-SYMS-70-003 | DONE (2025-11-26) | 2025-11-26 | SPRINT_304_docs_tasks_md_iv | Docs Guild · Symbols Guild | docs/specs/symbols/SYMBOL_MANIFEST_v1.md | Author symbol-server architecture/spec docs (`docs/specs/symbols/SYMBOL_MANIFEST_v1.md`, API reference, bundle guide) and update reachability guides with symbol lookup workflow and tenant controls. Dependencies: SYMS-SERVER-401-011, SYMS-INGEST-401-013. | — | DOSY0101 |
|
||||
| DOCS-TEN-47-001 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · Security Guild | docs/modules/tenancy | Publish `/docs/security/tenancy-overview.md` and `/docs/security/scopes-and-roles.md` outlining scope grammar, tenant model, imposed rule reminder. | Need tenancy ADR from DVDO0110 | DOTN0101 |
|
||||
| DOCS-TEN-48-001 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · Security Guild | docs/modules/tenancy | Publish `/docs/operations/multi-tenancy.md`, `/docs/operations/rls-and-data-isolation.md`, `/docs/console/admin-tenants.md`. Dependencies: DOCS-TEN-47-001. | Depends on #1 | DOTN0101 |
|
||||
| DOCS-TEN-49-001 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · DevOps Guild | docs/modules/tenancy | Publish `/docs/modules/cli/guides/authentication.md`, `/docs/api/authentication.md`, `/docs/policy/examples/abac-overlays.md`, update `/docs/install/configuration-reference.md` with new env vars, all ending with imposed rule line. Dependencies: DOCS-TEN-48-001. | Requires monitoring plan from DVDO0110 | DOTN0101 |
|
||||
@@ -908,7 +908,7 @@
|
||||
| ENGINE-70-005 | TODO | | SPRINT_126_policy_reasoning | Policy + Scheduler Worker Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-70-004 | POLICY-ENGINE-70-004 | DOPE0106 |
|
||||
| ENGINE-80-001 | TODO | | SPRINT_126_policy_reasoning | Policy + Signals Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-70-005 | POLICY-ENGINE-70-005 | DOPE0106 |
|
||||
| ENGINE-80-002 | TODO | | SPRINT_127_policy_reasoning | Policy + Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-80-001 | POLICY-ENGINE-80-001 | DOPE0106 |
|
||||
| ENGINE-80-003 | TODO | | SPRINT_127_policy_reasoning | Policy + Policy Editor Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-80-002 | POLICY-ENGINE-80-002 | DOPE0106 |
|
||||
| ENGINE-80-003 | BLOCKED (2025-11-26) | | SPRINT_0127_0001_0001_policy_reasoning | Policy + Policy Editor Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-80-002 | POLICY-ENGINE-80-002 | DOPE0106 |
|
||||
| ENGINE-80-004 | TODO | | SPRINT_127_policy_reasoning | Policy + Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-80-003 | POLICY-ENGINE-80-003 | DOPE0106 |
|
||||
| ENGINE-DOCS-0001 | TODO | | SPRINT_325_docs_modules_policy | Docs Guild (docs/modules/policy) | docs/modules/policy | Refresh module overview + governance ladder. | — | DOPE0107 |
|
||||
| ENGINE-ENG-0001 | TODO | | SPRINT_325_docs_modules_policy | Module Team (docs/modules/policy) | docs/modules/policy | Capture engineering guidelines + acceptance tests. | — | DOPE0107 |
|
||||
@@ -1426,8 +1426,8 @@
|
||||
| POLICY-ENGINE-70-004 | TODO | | SPRINT_126_policy_reasoning | Policy Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Extend metrics/tracing/logging for exception application | POLICY-ENGINE-70-003 | |
|
||||
| POLICY-ENGINE-70-005 | TODO | | SPRINT_126_policy_reasoning | Policy Guild, Scheduler Worker Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Provide APIs/workers hook for exception activation/expiry | POLICY-ENGINE-70-004 | |
|
||||
| POLICY-ENGINE-80-001 | TODO | | SPRINT_126_policy_reasoning | Policy Guild, Signals Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Integrate reachability/exploitability inputs into evaluation pipeline | POLICY-ENGINE-70-005 | |
|
||||
| POLICY-ENGINE-80-002 | TODO | | SPRINT_127_policy_reasoning | Policy Guild, Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Create joining layer to read `reachability_facts` efficiently | POLICY-ENGINE-80-001 | |
|
||||
| POLICY-ENGINE-80-003 | TODO | | SPRINT_127_policy_reasoning | Policy Guild, Policy Editor Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Extend SPL predicates/actions to reference reachability state/score/confidence; update compiler validation | POLICY-ENGINE-80-002 | |
|
||||
| POLICY-ENGINE-80-002 | BLOCKED (2025-11-26) | | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild, Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Create joining layer to read `reachability_facts` efficiently | POLICY-ENGINE-80-001 | Waiting on reachability input contract (80-001). |
|
||||
| POLICY-ENGINE-80-003 | BLOCKED (2025-11-26) | | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild, Policy Editor Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Extend SPL predicates/actions to reference reachability state/score/confidence; update compiler validation | POLICY-ENGINE-80-002 | Blocked by reachability inputs/80-002. |
|
||||
| POLICY-ENGINE-80-004 | TODO | | SPRINT_127_policy_reasoning | Policy Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Emit metrics | POLICY-ENGINE-80-003 | |
|
||||
| POLICY-LIB-401-001 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild (`src/Policy/StellaOps.PolicyDsl`, `docs/policy/dsl.md`) | `src/Policy/StellaOps.PolicyDsl`, `docs/policy/dsl.md` | Extract the policy DSL parser/compiler into `StellaOps.PolicyDsl`, add the lightweight syntax (default action + inline rules), and expose `PolicyEngineFactory`/`SignalContext` APIs for reuse. | | |
|
||||
| POLICY-LIB-401-002 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild, CLI Guild (`tests/Policy/StellaOps.PolicyDsl.Tests`, `policy/default.dsl`, `docs/policy/lifecycle.md`) | `tests/Policy/StellaOps.PolicyDsl.Tests`, `policy/default.dsl`, `docs/policy/lifecycle.md` | Ship unit-test harness + sample `policy/default.dsl` (table-driven cases) and wire `stella policy lint/simulate` to the shared library. | | |
|
||||
@@ -1440,8 +1440,8 @@
|
||||
| POLICY-READINESS-0001 | TODO | | SPRINT_325_docs_modules_policy | Policy Guild (docs/modules/policy) | docs/modules/policy | Capture policy module readiness checklist aligned with current sprint goals. | | |
|
||||
| POLICY-READINESS-0002 | TODO | | SPRINT_325_docs_modules_policy | Policy Guild (docs/modules/policy) | docs/modules/policy | Track outstanding prerequisites/risk items for policy releases and mirror into sprint updates. | | |
|
||||
| POLICY-RISK-66-001 | DONE | 2025-11-22 | SPRINT_127_policy_reasoning | Risk Profile Schema Guild / src/Policy/StellaOps.Policy.RiskProfile | src/Policy/StellaOps.Policy.RiskProfile | Develop initial JSON Schema for RiskProfile (signals, transforms, weights, severity, overrides) with validator stubs | | |
|
||||
| POLICY-RISK-66-002 | TODO | | SPRINT_127_policy_reasoning | Risk Profile Schema Guild / src/Policy/StellaOps.Policy.RiskProfile | src/Policy/StellaOps.Policy.RiskProfile | Implement inheritance/merge logic with conflict detection and deterministic content hashing | POLICY-RISK-66-001 | |
|
||||
| POLICY-RISK-66-003 | TODO | | SPRINT_127_policy_reasoning | Policy Guild, Risk Profile Schema Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Integrate RiskProfile schema into Policy Engine configuration, ensuring validation and default profile deployment | POLICY-RISK-66-002 | |
|
||||
| POLICY-RISK-66-002 | DONE (2025-11-26) | | SPRINT_0127_0001_0001_policy_reasoning | Risk Profile Schema Guild / src/Policy/StellaOps.Policy.RiskProfile | src/Policy/StellaOps.Policy.RiskProfile | Implement inheritance/merge logic with conflict detection and deterministic content hashing | POLICY-RISK-66-001 | Canonicalizer/merge + digest, tests added. |
|
||||
| POLICY-RISK-66-003 | BLOCKED (2025-11-26) | | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild, Risk Profile Schema Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Integrate RiskProfile schema into Policy Engine configuration, ensuring validation and default profile deployment | POLICY-RISK-66-002 | Waiting on reachability input contract (80-001) and engine config shape. |
|
||||
| POLICY-RISK-66-004 | TODO | | SPRINT_127_policy_reasoning | Policy Guild, Risk Profile Schema Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Extend Policy libraries to load/save RiskProfile documents, compute content hashes, and surface validation diagnostics | POLICY-RISK-66-003 | |
|
||||
| POLICY-RISK-67-001 | TODO | | SPRINT_127_policy_reasoning | Policy Guild, Risk Engine Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Trigger scoring jobs on new/updated findings via Policy Engine orchestration hooks | POLICY-RISK-66-004 | |
|
||||
| POLICY-RISK-67-002 | BLOCKED (2025-11-26) | | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement profile lifecycle APIs | POLICY-RISK-67-001 | Waiting on risk profile contract + schema draft. |
|
||||
@@ -1456,7 +1456,7 @@
|
||||
| POLICY-SPL-23-003 | DONE (2025-11-26) | | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Build policy layering/override engine | POLICY-SPL-23-002 | `SplLayeringEngine` + tests landed. |
|
||||
| POLICY-SPL-23-004 | DONE (2025-11-26) | | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Audit Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Design explanation tree model | POLICY-SPL-23-003 | Explanation tree emitted from evaluation; persistence follow-up. |
|
||||
| POLICY-SPL-23-005 | DONE (2025-11-26) | | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, DevEx Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Create migration tool to snapshot existing behavior into baseline SPL packs | POLICY-SPL-23-004 | `SplMigrationTool` emits canonical SPL JSON from PolicyDocument. |
|
||||
| POLICY-SPL-24-001 | TODO | | SPRINT_128_policy_reasoning | Policy Guild, Signals Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Extend SPL schema to expose reachability/exploitability predicates and weighting functions; update documentation and fixtures | POLICY-SPL-23-005 | |
|
||||
| POLICY-SPL-24-001 | DONE (2025-11-26) | 2025-11-26 | SPRINT_128_policy_reasoning | Policy Guild, Signals Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Extend SPL schema to expose reachability/exploitability predicates and weighting functions; update documentation and fixtures | POLICY-SPL-23-005 | |
|
||||
| POLICY-TEN-48-001 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Add `tenant_id`/`project_id` columns, enable RLS, update evaluators to require tenant context, and emit rationale IDs including tenant metadata | | |
|
||||
| POLICY-VEX-401-006 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild (`src/Policy/StellaOps.Policy.Engine`, `src/Policy/__Libraries/StellaOps.Policy`) | `src/Policy/StellaOps.Policy.Engine`, `src/Policy/__Libraries/StellaOps.Policy` | Policy Engine consumes reachability facts, applies the deterministic score/label buckets (≥0.80 reachable, 0.30–0.79 conditional, <0.30 unreachable), emits OpenVEX with call-path proofs, and updates SPL schema with `reachability.state/confidence` predicates and suppression gates. | | |
|
||||
| POLICY-VEX-401-010 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild (`src/Policy/StellaOps.Policy.Engine/Vex`, `docs/modules/policy/architecture.md`, `docs/benchmarks/vex-evidence-playbook.md`) | `src/Policy/StellaOps.Policy.Engine/Vex`, `docs/modules/policy/architecture.md`, `docs/benchmarks/vex-evidence-playbook.md` | Implement `VexDecisionEmitter` to serialize per-finding OpenVEX, attach evidence hashes, request DSSE signatures, capture Rekor metadata, and publish artifacts following the bench playbook. | | |
|
||||
@@ -1763,7 +1763,7 @@
|
||||
| SDK-64-001 | TODO | | SPRINT_204_cli_iv | DevEx/CLI Guild, SDK Release Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | |
|
||||
| SDKGEN-62-001 | TODO | | SPRINT_0208_0001_0001_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | Choose/pin generator toolchain, set up language template pipeline, and enforce reproducible builds. | DEVL0101 portal contracts | SDKG0101 |
|
||||
| SDKGEN-62-002 | TODO | | SPRINT_0208_0001_0001_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | Implement shared post-processing (auth helpers, retries, pagination utilities, telemetry hooks) applied to all languages. Dependencies: SDKGEN-62-001. | SDKGEN-62-001 | SDKG0101 |
|
||||
| SDKGEN-63-001 | TODO | | SPRINT_0208_0001_0001_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | Ship TypeScript SDK alpha with ESM/CJS builds, typed errors, paginator, streaming helpers. Dependencies: SDKGEN-62-002. | 63-004 | SDKG0101 |
|
||||
| SDKGEN-63-001 | DOING | 2025-11-26 | SPRINT_0208_0001_0001_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | Ship TypeScript SDK alpha with ESM/CJS builds, typed errors, paginator, streaming helpers. Dependencies: SDKGEN-62-002. | 63-004 | SDKG0101 |
|
||||
| SDKGEN-63-002 | TODO | | SPRINT_0208_0001_0001_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | Ship Python SDK alpha (sync/async clients, type hints, upload/download helpers). Dependencies: SDKGEN-63-001. | SDKGEN-63-001 | SDKG0101 |
|
||||
| SDKGEN-63-003 | TODO | | SPRINT_0208_0001_0001_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | Ship Go SDK alpha with context-first API and streaming helpers. Dependencies: SDKGEN-63-002. | SDKGEN-63-002 | SDKG0101 |
|
||||
| SDKGEN-63-004 | TODO | | SPRINT_0208_0001_0001_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | Ship Java SDK alpha (builder pattern, HTTP client abstraction). Dependencies: SDKGEN-63-003. | SDKGEN-63-003 | SDKG0101 |
|
||||
@@ -1851,7 +1851,7 @@
|
||||
| SPL-23-003 | TODO | | SPRINT_128_policy_reasoning | Policy Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | | POLICY-SPL-23-002 | |
|
||||
| SPL-23-004 | DONE (2025-11-26) | | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Audit Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | | POLICY-SPL-23-003 | Explanation tree emitted from evaluation; persistence follow-up. |
|
||||
| SPL-23-005 | TODO | | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, DevEx Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | | POLICY-SPL-23-004 | |
|
||||
| SPL-24-001 | TODO | | SPRINT_128_policy_reasoning | Policy Guild, Signals Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | | POLICY-SPL-23-005 | |
|
||||
| SPL-24-001 | DONE (2025-11-26) | 2025-11-26 | SPRINT_128_policy_reasoning | Policy Guild, Signals Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | | POLICY-SPL-23-005 | |
|
||||
| STORE-401-016 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild · BE-Base Platform Guild (`src/Signals/StellaOps.Signals`, `src/__Libraries/StellaOps.Replay.Core`) | `src/Signals/StellaOps.Signals`, `src/__Libraries/StellaOps.Replay.Core` | | | |
|
||||
| STORE-AOC-19-001 | DONE (2025-11-25) | | SPRINT_0119_0001_0005_excititor_v | Excititor Storage Guild (src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo) | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo | | | |
|
||||
| STORE-AOC-19-002 | DONE (2025-11-25) | | SPRINT_0119_0001_0005_excititor_v | Excititor Storage Guild, DevOps Guild (src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo) | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo | | | |
|
||||
@@ -2888,7 +2888,7 @@
|
||||
| DOCS-CONTRIB-62-001 | DONE | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, API Governance Guild (docs) | | Publish `/docs/contributing/api-contracts.md` detailing how to edit OAS, lint rules, compatibility checks. | — | DOCL0101 |
|
||||
| DOCS-DETER-70-002 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Scanner Guild | docs/modules/scanner/determinism.md | Document the scanner determinism score process (`determinism.json` schema, CI harness, replay instructions) under `/docs/modules/scanner/determinism-score.md` and add a release-notes template entry. Dependencies: SCAN-DETER-186-010, DEVOPS-SCAN-90-004. | Need deterministic suite notes from 137_SCDT0101 | DOSC0101 |
|
||||
| DOCS-DEVPORT-62-001 | DONE | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, Developer Portal Guild (docs) | | Document `/docs/devportal/publishing.md` for build pipeline, offline bundle steps. | — | DOCL0101 |
|
||||
| DOCS-DSL-401-005 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild (`docs/policy/dsl.md`, `docs/policy/lifecycle.md`) | `docs/policy/dsl.md`, `docs/policy/lifecycle.md` | Refresh `docs/policy/dsl.md` + lifecycle docs with the new syntax, signal dictionary (`trust_score`, `reachability`, etc.), authoring workflow, and safety rails (shadow mode, coverage tests). | — | DOCL0101 |
|
||||
| DOCS-DSL-401-005 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild (`docs/policy/dsl.md`, `docs/policy/lifecycle.md`) | `docs/policy/dsl.md`, `docs/policy/lifecycle.md` | Refresh `docs/policy/dsl.md` + lifecycle docs with the new syntax, signal dictionary (`trust_score`, `reachability`, etc.), authoring workflow, and safety rails (shadow mode, coverage tests). | — | DOCL0101 |
|
||||
| DOCS-ENTROPY-70-004 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Scanner Guild | docs/modules/scanner/determinism.md | Publish entropy analysis documentation (scoring heuristics, JSON schemas, policy hooks, UI guidance) under `docs/modules/scanner/entropy.md` and update trust-lattice references. Dependencies: SCAN-ENTROPY-186-011/012, POLICY-RISK-90-001. | Requires entropy guardrails from 078_SCSA0301 | DOSC0101 |
|
||||
| DOCS-EXC-25-001 | BLOCKED | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild | docs/modules/excititor | Author `/docs/governance/exceptions.md` covering lifecycle, scope patterns, examples, compliance checklist. | Blocked: waiting on CLEX0101 exception governance spec and UI workflow | DOEX0102 |
|
||||
| DOCS-EXC-25-002 | BLOCKED | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild | docs/modules/excititor | Publish `/docs/governance/approvals-and-routing.md` detailing roles, routing matrix, MFA rules, audit trails. Dependencies: DOCS-EXC-25-001. | Blocked: upstream DOCS-EXC-25-001 | DOEX0102 |
|
||||
@@ -2897,16 +2897,16 @@
|
||||
| DOCS-EXC-25-006 | TODO | | SPRINT_303_docs_tasks_md_iii | Docs Guild | docs/modules/excititor | Update `/docs/modules/cli/guides/exceptions.md` covering command usage and exit codes. Dependencies: DOCS-EXC-25-005. | CLEX0101 | DOEX0102 |
|
||||
| DOCS-EXC-25-007 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · DevOps Guild | docs/modules/excititor | Publish `/docs/migration/exception-governance.md` describing cutover from legacy suppressions, notifications, rollback. Dependencies: DOCS-EXC-25-006. | UIEX0101 & Ops runbooks | DOEX0102 |
|
||||
| DOCS-EXPORT-37-004 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Export Center Guild | docs/modules/export-center | Publish `/docs/security/export-hardening.md` outlining RBAC, tenancy, encryption, redaction, restating imposed rule. | Wait for ATMI0102 orchestration notes | DOEC0102 |
|
||||
| DOCS-EXPORT-37-005 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Export Center Guild | docs/modules/export-center | Validate Export Center docs against live Trivy/mirror bundles once implementation lands; refresh examples and CLI snippets accordingly. Dependencies: DOCS-EXPORT-37-004. | Needs AGDP0101 manifest schema | DOEC0102 |
|
||||
| DOCS-EXPORT-37-005 | BLOCKED | 2025-11-26 | SPRINT_304_docs_tasks_md_iv | Docs Guild · Export Center Guild | docs/modules/export-center | Validate Export Center docs against live Trivy/mirror bundles once implementation lands; refresh examples and CLI snippets accordingly. Dependencies: DOCS-EXPORT-37-004. | Blocked: awaiting live bundle verification | DOEC0102 |
|
||||
| DOCS-EXPORT-37-101 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · DevOps Guild | docs/modules/export-center | Refresh CLI verification sections once `stella export verify` lands (flags, exit codes, samples). Dependencies: DOCS-EXPORT-37-005. | Depends on DVDO0105 deployment guide | DOEC0102 |
|
||||
| DOCS-EXPORT-37-102 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Evidence Locker Guild | docs/modules/export-center | Embed export dashboards/alerts references into provenance/runbook docs after Grafana work ships. Dependencies: DOCS-EXPORT-37-101. | Requires ATEL0102 attestation feed | DOEC0102 |
|
||||
| DOCS-FORENSICS-53-001 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Evidence Locker Guild | docs/modules/evidence-locker/forensics.md | Publish `/docs/forensics/evidence-locker.md` describing bundle formats, WORM options, retention, legal hold, and imposed rule banner. | Need DSSE digest notes from 002_ATEL0101 | DOEL0101 |
|
||||
| DOCS-FORENSICS-53-002 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Provenance Guild | docs/modules/evidence-locker/forensics.md | Release `/docs/forensics/provenance-attestation.md` covering DSSE schema, signing process, verification workflow, and imposed rule banner. Dependencies: DOCS-FORENSICS-53-001. | Waiting on provenance recorder sample (104_RBRE0101) | DOEL0101 |
|
||||
| DOCS-FORENSICS-53-003 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Timeline Indexer Guild | docs/modules/evidence-locker/forensics.md | Publish `/docs/forensics/timeline.md` with schema, event kinds, filters, query examples, and imposed rule banner. Dependencies: DOCS-FORENSICS-53-002. | Requires timeline indexer export from 055_AGIM0101 | DOEL0101 |
|
||||
| DOCS-FORENSICS-53-001 | DONE (2025-11-26) | 2025-11-26 | SPRINT_304_docs_tasks_md_iv | Docs Guild · Evidence Locker Guild | docs/forensics/evidence-locker.md | Publish `/docs/forensics/evidence-locker.md` describing bundle formats, WORM options, retention, legal hold, and imposed rule banner. | — | DOEL0101 |
|
||||
| DOCS-FORENSICS-53-002 | DONE (2025-11-26) | 2025-11-26 | SPRINT_304_docs_tasks_md_iv | Docs Guild · Provenance Guild | docs/forensics/provenance-attestation.md | Release `/docs/forensics/provenance-attestation.md` covering DSSE schema, signing process, verification workflow, and imposed rule banner. Dependencies: DOCS-FORENSICS-53-001. | — | DOEL0101 |
|
||||
| DOCS-FORENSICS-53-003 | DONE (2025-11-26) | 2025-11-26 | SPRINT_304_docs_tasks_md_iv | Docs Guild · Timeline Indexer Guild | docs/forensics/timeline.md | Publish `/docs/forensics/timeline.md` with schema, event kinds, filters, query examples, and imposed rule banner. Dependencies: DOCS-FORENSICS-53-002. | — | DOEL0101 |
|
||||
| DOCS-GRAPH-24-001 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Graph Guild | docs/modules/graph | Author `/docs/ui/sbom-graph-explorer.md` detailing overlays, filters, saved views, accessibility, and AOC visibility. | Wait for GRAP0101 contract freeze | DOGR0101 |
|
||||
| DOCS-GRAPH-24-002 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · UI Guild | docs/modules/graph | Publish `/docs/ui/vulnerability-explorer.md` covering table usage, grouping, fix suggestions, Why drawer. Dependencies: DOCS-GRAPH-24-001. | Needs SBOM/VEX dataflow confirmation (PLLG0104) | DOGR0101 |
|
||||
| DOCS-GRAPH-24-003 | DONE (2025-11-26) | 2025-11-26 | SPRINT_304_docs_tasks_md_iv | Docs Guild · SBOM Guild | docs/modules/graph | Create `/docs/modules/graph/architecture-index.md` describing data model, ingestion pipeline, caches, events. Dependencies: DOCS-GRAPH-24-002. | Unblocked: SBOM join spec delivered with CARTO-GRAPH-21-002 (2025-11-17). | DOGR0101 |
|
||||
| DOCS-GRAPH-24-004 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · BE-Base Guild | docs/modules/graph | Document `/docs/api/graph.md` and `/docs/api/vuln.md` avec endpoints, parameters, errors, RBAC. Dependencies: DOCS-GRAPH-24-003. | Require replay hooks from RBBN0101 | DOGR0101 |
|
||||
| DOCS-GRAPH-24-004 | DONE (2025-11-26) | 2025-11-26 | SPRINT_304_docs_tasks_md_iv | Docs Guild · BE-Base Guild | docs/api/graph.md; docs/api/vuln.md | Document `/docs/api/graph.md` and `/docs/api/vuln.md` avec endpoints, parameters, errors, RBAC. Dependencies: DOCS-GRAPH-24-003. | Require replay hooks from RBBN0101 | DOGR0101 |
|
||||
| DOCS-GRAPH-24-005 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · DevEx/CLI Guild | docs/modules/graph | Update `/docs/modules/cli/guides/graph-and-vuln.md` covering new CLI commands, exit codes, scripting. Dependencies: DOCS-GRAPH-24-004. | Wait for CLI samples from CLCI0109 | DOGR0101 |
|
||||
| DOCS-GRAPH-24-006 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Policy Guild | docs/modules/graph | Write `/docs/policy/ui-integration.md` explaining overlays, cache usage, simulator contracts. Dependencies: DOCS-GRAPH-24-005. | Needs policy outputs from PLVL0102 | DOGR0101 |
|
||||
| DOCS-GRAPH-24-007 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · DevOps Guild | docs/modules/graph | Produce `/docs/migration/graph-parity.md` with rollout plan, parity checks, fallback guidance. Dependencies: DOCS-GRAPH-24-006. | Depends on DVDO0108 deployment notes | DOGR0101 |
|
||||
@@ -2941,8 +2941,9 @@
|
||||
| DOCS-ORCH-34-004 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild · Observability Guild | docs/modules/orchestrator | Document `/docs/schemas/artifacts.md` describing artifact kinds, schema versions, hashing, storage layout, restating imposed rule. Dependencies: DOCS-ORCH-34-003. | Wait for observability dashboards (063_OROB0101) | DOOR0102 |
|
||||
| DOCS-ORCH-34-005 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild · BE-Base Guild | docs/modules/orchestrator | Author `/docs/slo/orchestrator-slo.md` defining SLOs, burn alerts, measurement, and reiterating imposed rule. Dependencies: DOCS-ORCH-34-004. | Needs replay linkage from 042_RPRC0101 | DOOR0102 |
|
||||
| | DOPL0103 | | | | | | | |
|
||||
| DOCS-POLICY-23-002 | TODO | | SPRINT_307_docs_tasks_md_vii | Docs Guild | docs/policy/lifecycle.md | Write `/docs/policy/spl-v1.md` (language reference, JSON Schema, examples). Dependencies: DOCS-POLICY-23-001. | DOCS-POLICY-23-001 | DOPL0103 |
|
||||
| DOCS-POLICY-23-003 | TODO | | SPRINT_307_docs_tasks_md_vii | Docs Guild | docs/policy/lifecycle.md | Produce `/docs/policy/runtime.md` covering compiler, evaluator, caching, events, SLOs. Dependencies: DOCS-POLICY-23-002. | Waiting on SPL reference | DOPL0101 |
|
||||
| DOCS-POLICY-23-001 | DONE (2025-11-26) | 2025-11-26 | SPRINT_307_docs_tasks_md_vii | Docs Guild | docs/policy/overview.md | Author `/docs/policy/overview.md` describing SPL philosophy, layering, and glossary with reviewer checklist. | — | DOPL0103 |
|
||||
| DOCS-POLICY-23-002 | DONE (2025-11-26) | 2025-11-26 | SPRINT_307_docs_tasks_md_vii | Docs Guild | docs/policy/spl-v1.md | Write `/docs/policy/spl-v1.md` (language reference, JSON Schema, examples). Dependencies: DOCS-POLICY-23-001. | DOCS-POLICY-23-001 | DOPL0103 |
|
||||
| DOCS-POLICY-23-003 | DONE (2025-11-26) | 2025-11-26 | SPRINT_307_docs_tasks_md_vii | Docs Guild | docs/policy/runtime.md | Produce `/docs/policy/runtime.md` covering compiler, evaluator, caching, events, SLOs. Dependencies: DOCS-POLICY-23-002. | — | DOPL0101 |
|
||||
| DOCS-POLICY-23-004 | TODO | | SPRINT_307_docs_tasks_md_vii | Docs Guild · UI Guild | docs/policy/lifecycle.md | Document `/docs/policy/editor.md` (UI walkthrough, validation, simulation, approvals). Dependencies: DOCS-POLICY-23-003. | Depends on 23-003 | DOPL0101 |
|
||||
| DOCS-POLICY-23-005 | TODO | | SPRINT_307_docs_tasks_md_vii | Docs Guild · DevOps Guild | docs/policy/lifecycle.md | Publish `/docs/policy/governance.md` (roles, scopes, approvals, signing, exceptions). Dependencies: DOCS-POLICY-23-004. | Depends on DevOps automation (141_DVDO0107) | DOPL0101 |
|
||||
| DOCS-POLICY-23-006 | TODO | | SPRINT_307_docs_tasks_md_vii | Docs Guild · DevEx/CLI Guild | docs/policy/lifecycle.md | Update `/docs/api/policy.md` with new endpoints, schemas, errors, pagination. Dependencies: DOCS-POLICY-23-005. | Wait for CLI commands (132_CLCI0110) | DOPL0101 |
|
||||
@@ -2965,7 +2966,7 @@
|
||||
| DOCS-POLICY-27-013 | BLOCKED | 2025-10-27 | SPRINT_308_docs_tasks_md_viii | Docs Guild · Policy Guild | docs/policy/runs.md | Update `/docs/examples/policy-templates.md` with new templates, snippets, and sample policies. Dependencies: DOCS-POLICY-27-012. | Await policy guild approval | DOPL0103 |
|
||||
| DOCS-POLICY-27-014 | BLOCKED | 2025-10-27 | SPRINT_308_docs_tasks_md_viii | Docs Guild · Policy Registry Guild | docs/policy/runs.md | Refresh `/docs/aoc/aoc-guardrails.md` to include Studio-specific guardrails and validation scenarios. Dependencies: DOCS-POLICY-27-013. | Needs policy registry approvals | DOPL0103 |
|
||||
| DOCS-POLICY-DET-01 | TODO | | SPRINT_301_docs_tasks_md_i | Docs Guild · Policy Guild | docs/policy/runs.md | Extend `docs/modules/policy/architecture.md` with determinism gate semantics and provenance references. | Depends on deterministic harness (137_SCDT0101) | DOPL0103 |
|
||||
| DOCS-PROMO-70-001 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Provenance Guild | docs/modules/provenance | Publish `/docs/release/promotion-attestations.md` describing the promotion workflow (CLI commands, Signer/Attestor integration, offline verification) and update `/docs/forensics/provenance-attestation.md` with the new predicate. Dependencies: PROV-OBS-53-003, CLI-PROMO-70-002. | Need provenance promo outline from Provenance Guild | DOPV0101 |
|
||||
| DOCS-PROMO-70-001 | DONE (2025-11-26) | 2025-11-26 | SPRINT_304_docs_tasks_md_iv | Docs Guild · Provenance Guild | docs/release/promotion-attestations.md | Publish `/docs/release/promotion-attestations.md` describing the promotion workflow (CLI commands, Signer/Attestor integration, offline verification) and update `/docs/forensics/provenance-attestation.md` with the new predicate. Dependencies: PROV-OBS-53-003, CLI-PROMO-70-002. | — | DOPV0101 |
|
||||
| DOCS-REACH-201-006 | TODO | | SPRINT_400_runtime_facts_static_callgraph_union | Docs Guild · Runtime Evidence Guild | docs/reachability | Author the reachability doc set (`docs/signals/reachability.md`, `callgraph-formats.md`, `runtime-facts.md`, CLI/UI appendices) plus update Zastava + Replay guides with the new evidence and operators’ workflow. | Needs RBRE0101 provenance hook summary | DORC0101 |
|
||||
| DOCS-REPLAY-185-003 | TODO | | SPRINT_185_shared_replay_primitives | Docs Guild · Platform Data Guild | docs/replay | Author `docs/data/replay_schema.md` detailing `replay_runs`, `replay_bundles`, `replay_subjects` collections, index guidance, and offline sync strategy aligned with Replay CAS. | Need RPRC0101 API freeze | DORR0101 |
|
||||
| DOCS-REPLAY-185-004 | TODO | | SPRINT_185_shared_replay_primitives | Docs Guild | docs/replay | Expand `docs/replay/DEVS_GUIDE_REPLAY.md` with integration guidance for consuming services (Scanner, Evidence Locker, CLI) and add checklist derived from `docs/replay/DETERMINISTIC_REPLAY.md` Section 11. | Depends on #1 | DORR0101 |
|
||||
@@ -3312,7 +3313,7 @@
|
||||
| GRAPH-API-28-011 | TODO | | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Provide deployment manifests, offline kit support, API gateway integration docs, and smoke tests. Dependencies: GRAPH-API-28-010. | GRAPH-API-28-009 | GRAPI0101 |
|
||||
| GRAPH-CAS-401-001 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Scanner Worker Guild | `src/Scanner/StellaOps.Scanner.Worker` | Finalize richgraph schema (`richgraph-v1`), emit canonical SymbolIDs, compute graph hash (BLAKE3), and store CAS manifests under `cas://reachability/graphs/{sha256}`. Update Scanner Worker adapters + fixtures. | Depends on #1 | CASC0101 |
|
||||
| GRAPH-DOCS-0001 | DONE (2025-11-05) | 2025-11-05 | SPRINT_321_docs_modules_graph | Docs Guild | docs/modules/graph | Validate that graph module README/diagrams reflect the latest overlay + snapshot updates. | GRAPI0101 evidence | GRDG0101 |
|
||||
| GRAPH-DOCS-0002 | TODO | 2025-11-05 | SPRINT_321_docs_modules_graph | Docs Guild | docs/modules/graph | Pending DOCS-GRAPH-24-003 to add API/query doc cross-links | GRAPI0101 outputs | GRDG0101 |
|
||||
| GRAPH-DOCS-0002 | DONE (2025-11-26) | 2025-11-26 | SPRINT_321_docs_modules_graph | Docs Guild | docs/modules/graph | Pending DOCS-GRAPH-24-003 to add API/query doc cross-links | GRAPI0101 outputs | GRDG0101 |
|
||||
| GRAPH-ENG-0001 | TODO | | SPRINT_321_docs_modules_graph | Module Team | docs/modules/graph | Keep module milestones in sync with `/docs/implplan/SPRINT_141_graph.md` and related files. | GRSC0101 | GRDG0101 |
|
||||
| GRAPH-INDEX-28-007 | DOING | | SPRINT_0140_0001_0001_runtime_signals | — | | Running on scanner surface mock bundle v1; will validate again once real caches drop. | — | ORGR0101 |
|
||||
| GRAPH-INDEX-28-008 | TODO | | SPRINT_0140_0001_0001_runtime_signals | — | | Incremental update/backfill pipeline depends on 28-007 artifacts; retry/backoff plumbing sketched but blocked. | — | ORGR0101 |
|
||||
@@ -3652,7 +3653,7 @@
|
||||
| POLICY-READINESS-0001 | TODO | | SPRINT_325_docs_modules_policy | Policy Guild (docs/modules/policy) | docs/modules/policy | Capture policy module readiness checklist aligned with current sprint goals. | | |
|
||||
| POLICY-READINESS-0002 | TODO | | SPRINT_325_docs_modules_policy | Policy Guild (docs/modules/policy) | docs/modules/policy | Track outstanding prerequisites/risk items for policy releases and mirror into sprint updates. | | |
|
||||
| POLICY-RISK-66-001 | DONE | 2025-11-22 | SPRINT_127_policy_reasoning | Risk Profile Schema Guild / src/Policy/StellaOps.Policy.RiskProfile | src/Policy/StellaOps.Policy.RiskProfile | Develop initial JSON Schema for RiskProfile (signals, transforms, weights, severity, overrides) with validator stubs | | |
|
||||
| POLICY-RISK-66-002 | TODO | | SPRINT_127_policy_reasoning | Risk Profile Schema Guild / src/Policy/StellaOps.Policy.RiskProfile | src/Policy/StellaOps.Policy.RiskProfile | Implement inheritance/merge logic with conflict detection and deterministic content hashing | POLICY-RISK-66-001 | |
|
||||
| POLICY-RISK-66-002 | DONE (2025-11-26) | | SPRINT_0127_0001_0001_policy_reasoning | Risk Profile Schema Guild / src/Policy/StellaOps.Policy.RiskProfile | src/Policy/StellaOps.Policy.RiskProfile | Implement inheritance/merge logic with conflict detection and deterministic content hashing | POLICY-RISK-66-001 | Canonicalizer/merge + digest, tests added. |
|
||||
| POLICY-RISK-66-003 | TODO | | SPRINT_127_policy_reasoning | Policy Guild, Risk Profile Schema Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Integrate RiskProfile schema into Policy Engine configuration, ensuring validation and default profile deployment | POLICY-RISK-66-002 | |
|
||||
| POLICY-RISK-66-004 | TODO | | SPRINT_127_policy_reasoning | Policy Guild, Risk Profile Schema Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Extend Policy libraries to load/save RiskProfile documents, compute content hashes, and surface validation diagnostics | POLICY-RISK-66-003 | |
|
||||
| POLICY-RISK-67-001 | TODO | | SPRINT_127_policy_reasoning | Policy Guild, Risk Engine Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Trigger scoring jobs on new/updated findings via Policy Engine orchestration hooks | POLICY-RISK-66-004 | |
|
||||
@@ -3668,7 +3669,7 @@
|
||||
| POLICY-SPL-23-003 | DONE (2025-11-26) | | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Build policy layering/override engine | POLICY-SPL-23-002 | `SplLayeringEngine` + tests landed. |
|
||||
| POLICY-SPL-23-004 | TODO | | SPRINT_128_policy_reasoning | Policy Guild, Audit Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Design explanation tree model | POLICY-SPL-23-003 | |
|
||||
| POLICY-SPL-23-005 | TODO | | SPRINT_128_policy_reasoning | Policy Guild, DevEx Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Create migration tool to snapshot existing behavior into baseline SPL packs | POLICY-SPL-23-004 | |
|
||||
| POLICY-SPL-24-001 | TODO | | SPRINT_128_policy_reasoning | Policy Guild, Signals Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Extend SPL schema to expose reachability/exploitability predicates and weighting functions; update documentation and fixtures | POLICY-SPL-23-005 | |
|
||||
| POLICY-SPL-24-001 | DONE (2025-11-26) | 2025-11-26 | SPRINT_128_policy_reasoning | Policy Guild, Signals Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Extend SPL schema to expose reachability/exploitability predicates and weighting functions; update documentation and fixtures | POLICY-SPL-23-005 | |
|
||||
| POLICY-TEN-48-001 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Add `tenant_id`/`project_id` columns, enable RLS, update evaluators to require tenant context, and emit rationale IDs including tenant metadata | | |
|
||||
| POLICY-VEX-401-006 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild (`src/Policy/StellaOps.Policy.Engine`, `src/Policy/__Libraries/StellaOps.Policy`) | `src/Policy/StellaOps.Policy.Engine`, `src/Policy/__Libraries/StellaOps.Policy` | Policy Engine consumes reachability facts, applies the deterministic score/label buckets (≥0.80 reachable, 0.30–0.79 conditional, <0.30 unreachable), emits OpenVEX with call-path proofs, and updates SPL schema with `reachability.state/confidence` predicates and suppression gates. | | |
|
||||
| POLICY-VEX-401-010 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild (`src/Policy/StellaOps.Policy.Engine/Vex`, `docs/modules/policy/architecture.md`, `docs/benchmarks/vex-evidence-playbook.md`) | `src/Policy/StellaOps.Policy.Engine/Vex`, `docs/modules/policy/architecture.md`, `docs/benchmarks/vex-evidence-playbook.md` | Implement `VexDecisionEmitter` to serialize per-finding OpenVEX, attach evidence hashes, request DSSE signatures, capture Rekor metadata, and publish artifacts following the bench playbook. | | |
|
||||
@@ -4062,7 +4063,7 @@
|
||||
| SPL-23-003 | TODO | | SPRINT_128_policy_reasoning | Policy Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | | POLICY-SPL-23-002 | |
|
||||
| SPL-23-004 | TODO | | SPRINT_128_policy_reasoning | Policy Guild, Audit Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | | POLICY-SPL-23-003 | |
|
||||
| SPL-23-005 | TODO | | SPRINT_128_policy_reasoning | Policy Guild, DevEx Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | | POLICY-SPL-23-004 | |
|
||||
| SPL-24-001 | TODO | | SPRINT_128_policy_reasoning | Policy Guild, Signals Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | | POLICY-SPL-23-005 | |
|
||||
| SPL-24-001 | DONE (2025-11-26) | 2025-11-26 | SPRINT_128_policy_reasoning | Policy Guild, Signals Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | | POLICY-SPL-23-005 | |
|
||||
| STORE-401-016 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild · BE-Base Platform Guild (`src/Signals/StellaOps.Signals`, `src/__Libraries/StellaOps.Replay.Core`) | `src/Signals/StellaOps.Signals`, `src/__Libraries/StellaOps.Replay.Core` | | | |
|
||||
| STORE-AOC-19-001 | TODO | | SPRINT_123_excititor_v | Excititor Storage Guild (src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo) | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo | | | |
|
||||
| STORE-AOC-19-002 | TODO | | SPRINT_123_excititor_v | Excititor Storage Guild, DevOps Guild (src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo) | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo | | | |
|
||||
|
||||
Reference in New Issue
Block a user