stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity

Restructure solution layout by module

Browse Source
This commit is contained in:
master
2025-10-28 15:10:40 +02:00
parent 95daa159c4
commit d870da18ce
4103 changed files with 192899 additions and 187024 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/ExportCenter/StellaOps.ExportCenter.AttestationBundles/AGENTS.md Normal file
View File

@@ -0,0 +1,14 @@
# Attestation Bundle Export Guild Charter
## Mission
Enable offline transfer and verification of attestations by building signed bundles containing envelopes, issuer metadata, and optional transparency log segments.
## Scope
- Bundle construction via Export Center, including manifest, checksums, DSSE signatures.
- CLI tooling for bundle verification and import.
- Coordination with risk/attestor services for air-gap workflows.
## Definition of Done
- Bundles build reproducibly with manifest + signatures and pass verification tooling.
- Importer applies bundles to air-gapped Attestor Store safely.
- Documentation covers offline workflows with imposed rule banner.

13
src/ExportCenter/StellaOps.ExportCenter.AttestationBundles/TASKS.md Normal file
View File

@@ -0,0 +1,13 @@
# Attestation Bundle Export Task Board — Epic 19: Attestor Console
## Sprint 74 Builder
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| EXPORT-ATTEST-74-001 | TODO | Attestation Bundle Guild, Attestor Service Guild | ATTESTOR-73-003 | Implement export job producing attestation bundles with manifest, checksums, DSSE signature, and optional transparency log segments. | Bundle built in staging; manifest recorded; signature verification tests pass. |
| EXPORT-ATTEST-74-002 | TODO | Attestation Bundle Guild, DevOps Guild | EXPORT-ATTEST-74-001 | Integrate bundle job into CI/offline kit packaging with checksum publication. | Pipeline publishes bundle artifact + checksums; documentation updated. |
## Sprint 75 Verification & Import
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| EXPORT-ATTEST-75-001 | TODO | Attestation Bundle Guild, CLI Attestor Guild | EXPORT-ATTEST-74-001 | Provide CLI command `stella attest bundle verify/import` for air-gap usage. | CLI verifies/signatures; import seeds attestor store; tests cover corrupted bundle. |
| EXPORT-ATTEST-75-002 | TODO | Attestation Bundle Guild, Docs Guild | EXPORT-ATTEST-75-001 | Document `/docs/attestor/airgap.md` with bundle workflows and verification steps. | Doc merged with banner; examples verified. |

14
src/ExportCenter/StellaOps.ExportCenter.DevPortalOffline/AGENTS.md Normal file
View File

@@ -0,0 +1,14 @@
# DevPortal Offline Export Guild Charter
## Mission
Package developer portal assets, OpenAPI specs, and SDK binaries into reproducible bundles for air-gapped environments.
## Scope
- Integrate with Export Center to produce `devportal --offline` bundles.
- Manage checksum manifests, DSSE signatures, and provenance.
- Provide validation tooling for operators importing bundles.
## Definition of Done
- Offline bundle builds reproducibly with signed manifests and verification scripts.
- Export job documented and available via CLI/Console.
- Operators can validate bundle integrity without external services.

7
src/ExportCenter/StellaOps.ExportCenter.DevPortalOffline/TASKS.md Normal file
View File

@@ -0,0 +1,7 @@
# DevPortal Offline Export Task Board — Epic 17: SDKs & OpenAPI Docs
## Sprint 64 Bundle Implementation
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| DVOFF-64-001 | TODO | DevPortal Offline Guild, Exporter Guild | DEVPORT-64-001, SDKREL-64-002 | Implement Export Center job `devportal --offline` bundling portal HTML, specs, SDK artifacts, changelogs, and verification manifest. | Job executes in staging; manifest contains checksums + DSSE signatures; docs updated. |
| DVOFF-64-002 | TODO | DevPortal Offline Guild, AirGap Controller Guild | DVOFF-64-001 | Provide verification CLI (`stella devportal verify bundle.tgz`) ensuring integrity before import. | CLI command validates signatures; integration test covers corrupted bundle; runbook updated. |

14
src/ExportCenter/StellaOps.ExportCenter.RiskBundles/AGENTS.md Normal file
View File

@@ -0,0 +1,14 @@
# Risk Bundle Export Guild Charter
## Mission
Produce offline-ready bundles of risk scoring factor datasets and provider metadata for air-gapped environments.
## Scope
- Export Center job `risk-bundle` that packages KEV/EPSS feeds, reachability indexes, runtime evidence snapshots, and metadata.
- DSSE signing, checksum manifests, and verification tooling.
- Coordination with Risk Engine providers to declare required assets and TTLs.
## Definition of Done
- Bundles build reproducibly with manifests and signatures; verification CLI available.
- Provider metadata enumerates datasets, TTLs, and schema versions.
- Air-gapped installations can load bundles and detect missing assets loudly.

13
src/ExportCenter/StellaOps.ExportCenter.RiskBundles/TASKS.md Normal file
View File

@@ -0,0 +1,13 @@
# Risk Bundle Export Task Board — Epic 18: Risk Scoring Profiles
## Sprint 69 Bundle Builder
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| RISK-BUNDLE-69-001 | TODO | Risk Bundle Export Guild, Risk Engine Guild | RISK-ENGINE-67-003 | Implement `stella export risk-bundle` job producing tarball with provider datasets, manifests, and DSSE signatures. | Bundle builds in staging; manifest lists datasets + TTL; signatures verified. |
| RISK-BUNDLE-69-002 | TODO | Risk Bundle Export Guild, DevOps Guild | RISK-BUNDLE-69-001 | Integrate bundle job into CI/offline kit pipelines with checksum publication. | CI produces bundle artifact; checksums in release metadata; docs updated. |
## Sprint 70 Verification & Docs
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| RISK-BUNDLE-70-001 | TODO | Risk Bundle Export Guild, CLI Guild | RISK-BUNDLE-69-001 | Provide CLI `stella risk bundle verify` command to validate bundles before import. | CLI verifies DSSE + checksums; integration tests cover tampered bundle. |
| RISK-BUNDLE-70-002 | TODO | Risk Bundle Export Guild, Docs Guild | RISK-BUNDLE-69-002 | Publish `/docs/airgap/risk-bundles.md` detailing build/import/verification workflows. | Doc merged with banner; examples validated. |

99
src/ExportCenter/StellaOps.ExportCenter.sln Normal file
View File

@@ -0,0 +1,99 @@

Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio Version 17
VisualStudioVersion = 17.0.31903.59
MinimumVisualStudioVersion = 10.0.40219.1
Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "StellaOps.ExportCenter", "StellaOps.ExportCenter", "{453E5BB8-E54E-3EF9-8B1B-5E84C5251BBC}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "StellaOps.ExportCenter.Core", "StellaOps.ExportCenter\StellaOps.ExportCenter.Core\StellaOps.ExportCenter.Core.csproj", "{E13C1C3A-BCD1-4B32-B267-3008987833D9}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "StellaOps.ExportCenter.Infrastructure", "StellaOps.ExportCenter\StellaOps.ExportCenter.Infrastructure\StellaOps.ExportCenter.Infrastructure.csproj", "{7203247A-2B03-4E9A-A8F9-E8434377A398}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "StellaOps.ExportCenter.Tests", "StellaOps.ExportCenter\StellaOps.ExportCenter.Tests\StellaOps.ExportCenter.Tests.csproj", "{0FF21346-59FF-4E46-953D-15C1E80B36E8}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "StellaOps.ExportCenter.WebService", "StellaOps.ExportCenter\StellaOps.ExportCenter.WebService\StellaOps.ExportCenter.WebService.csproj", "{84BACF3D-19B9-4E65-A751-8EBBA39EAE5A}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "StellaOps.ExportCenter.Worker", "StellaOps.ExportCenter\StellaOps.ExportCenter.Worker\StellaOps.ExportCenter.Worker.csproj", "{77B919B8-6A4B-47BD-82BB-14287E2E069C}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Debug|x64 = Debug|x64
Debug|x86 = Debug|x86
Release|Any CPU = Release|Any CPU
Release|x64 = Release|x64
Release|x86 = Release|x86
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{E13C1C3A-BCD1-4B32-B267-3008987833D9}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{E13C1C3A-BCD1-4B32-B267-3008987833D9}.Debug|Any CPU.Build.0 = Debug|Any CPU
{E13C1C3A-BCD1-4B32-B267-3008987833D9}.Debug|x64.ActiveCfg = Debug|Any CPU
{E13C1C3A-BCD1-4B32-B267-3008987833D9}.Debug|x64.Build.0 = Debug|Any CPU
{E13C1C3A-BCD1-4B32-B267-3008987833D9}.Debug|x86.ActiveCfg = Debug|Any CPU
{E13C1C3A-BCD1-4B32-B267-3008987833D9}.Debug|x86.Build.0 = Debug|Any CPU
{E13C1C3A-BCD1-4B32-B267-3008987833D9}.Release|Any CPU.ActiveCfg = Release|Any CPU
{E13C1C3A-BCD1-4B32-B267-3008987833D9}.Release|Any CPU.Build.0 = Release|Any CPU
{E13C1C3A-BCD1-4B32-B267-3008987833D9}.Release|x64.ActiveCfg = Release|Any CPU
{E13C1C3A-BCD1-4B32-B267-3008987833D9}.Release|x64.Build.0 = Release|Any CPU
{E13C1C3A-BCD1-4B32-B267-3008987833D9}.Release|x86.ActiveCfg = Release|Any CPU
{E13C1C3A-BCD1-4B32-B267-3008987833D9}.Release|x86.Build.0 = Release|Any CPU
{7203247A-2B03-4E9A-A8F9-E8434377A398}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{7203247A-2B03-4E9A-A8F9-E8434377A398}.Debug|Any CPU.Build.0 = Debug|Any CPU
{7203247A-2B03-4E9A-A8F9-E8434377A398}.Debug|x64.ActiveCfg = Debug|Any CPU
{7203247A-2B03-4E9A-A8F9-E8434377A398}.Debug|x64.Build.0 = Debug|Any CPU
{7203247A-2B03-4E9A-A8F9-E8434377A398}.Debug|x86.ActiveCfg = Debug|Any CPU
{7203247A-2B03-4E9A-A8F9-E8434377A398}.Debug|x86.Build.0 = Debug|Any CPU
{7203247A-2B03-4E9A-A8F9-E8434377A398}.Release|Any CPU.ActiveCfg = Release|Any CPU
{7203247A-2B03-4E9A-A8F9-E8434377A398}.Release|Any CPU.Build.0 = Release|Any CPU
{7203247A-2B03-4E9A-A8F9-E8434377A398}.Release|x64.ActiveCfg = Release|Any CPU
{7203247A-2B03-4E9A-A8F9-E8434377A398}.Release|x64.Build.0 = Release|Any CPU
{7203247A-2B03-4E9A-A8F9-E8434377A398}.Release|x86.ActiveCfg = Release|Any CPU
{7203247A-2B03-4E9A-A8F9-E8434377A398}.Release|x86.Build.0 = Release|Any CPU
{0FF21346-59FF-4E46-953D-15C1E80B36E8}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{0FF21346-59FF-4E46-953D-15C1E80B36E8}.Debug|Any CPU.Build.0 = Debug|Any CPU
{0FF21346-59FF-4E46-953D-15C1E80B36E8}.Debug|x64.ActiveCfg = Debug|Any CPU
{0FF21346-59FF-4E46-953D-15C1E80B36E8}.Debug|x64.Build.0 = Debug|Any CPU
{0FF21346-59FF-4E46-953D-15C1E80B36E8}.Debug|x86.ActiveCfg = Debug|Any CPU
{0FF21346-59FF-4E46-953D-15C1E80B36E8}.Debug|x86.Build.0 = Debug|Any CPU
{0FF21346-59FF-4E46-953D-15C1E80B36E8}.Release|Any CPU.ActiveCfg = Release|Any CPU
{0FF21346-59FF-4E46-953D-15C1E80B36E8}.Release|Any CPU.Build.0 = Release|Any CPU
{0FF21346-59FF-4E46-953D-15C1E80B36E8}.Release|x64.ActiveCfg = Release|Any CPU
{0FF21346-59FF-4E46-953D-15C1E80B36E8}.Release|x64.Build.0 = Release|Any CPU
{0FF21346-59FF-4E46-953D-15C1E80B36E8}.Release|x86.ActiveCfg = Release|Any CPU
{0FF21346-59FF-4E46-953D-15C1E80B36E8}.Release|x86.Build.0 = Release|Any CPU
{84BACF3D-19B9-4E65-A751-8EBBA39EAE5A}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{84BACF3D-19B9-4E65-A751-8EBBA39EAE5A}.Debug|Any CPU.Build.0 = Debug|Any CPU
{84BACF3D-19B9-4E65-A751-8EBBA39EAE5A}.Debug|x64.ActiveCfg = Debug|Any CPU
{84BACF3D-19B9-4E65-A751-8EBBA39EAE5A}.Debug|x64.Build.0 = Debug|Any CPU
{84BACF3D-19B9-4E65-A751-8EBBA39EAE5A}.Debug|x86.ActiveCfg = Debug|Any CPU
{84BACF3D-19B9-4E65-A751-8EBBA39EAE5A}.Debug|x86.Build.0 = Debug|Any CPU
{84BACF3D-19B9-4E65-A751-8EBBA39EAE5A}.Release|Any CPU.ActiveCfg = Release|Any CPU
{84BACF3D-19B9-4E65-A751-8EBBA39EAE5A}.Release|Any CPU.Build.0 = Release|Any CPU
{84BACF3D-19B9-4E65-A751-8EBBA39EAE5A}.Release|x64.ActiveCfg = Release|Any CPU
{84BACF3D-19B9-4E65-A751-8EBBA39EAE5A}.Release|x64.Build.0 = Release|Any CPU
{84BACF3D-19B9-4E65-A751-8EBBA39EAE5A}.Release|x86.ActiveCfg = Release|Any CPU
{84BACF3D-19B9-4E65-A751-8EBBA39EAE5A}.Release|x86.Build.0 = Release|Any CPU
{77B919B8-6A4B-47BD-82BB-14287E2E069C}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{77B919B8-6A4B-47BD-82BB-14287E2E069C}.Debug|Any CPU.Build.0 = Debug|Any CPU
{77B919B8-6A4B-47BD-82BB-14287E2E069C}.Debug|x64.ActiveCfg = Debug|Any CPU
{77B919B8-6A4B-47BD-82BB-14287E2E069C}.Debug|x64.Build.0 = Debug|Any CPU
{77B919B8-6A4B-47BD-82BB-14287E2E069C}.Debug|x86.ActiveCfg = Debug|Any CPU
{77B919B8-6A4B-47BD-82BB-14287E2E069C}.Debug|x86.Build.0 = Debug|Any CPU
{77B919B8-6A4B-47BD-82BB-14287E2E069C}.Release|Any CPU.ActiveCfg = Release|Any CPU
{77B919B8-6A4B-47BD-82BB-14287E2E069C}.Release|Any CPU.Build.0 = Release|Any CPU
{77B919B8-6A4B-47BD-82BB-14287E2E069C}.Release|x64.ActiveCfg = Release|Any CPU
{77B919B8-6A4B-47BD-82BB-14287E2E069C}.Release|x64.Build.0 = Release|Any CPU
{77B919B8-6A4B-47BD-82BB-14287E2E069C}.Release|x86.ActiveCfg = Release|Any CPU
{77B919B8-6A4B-47BD-82BB-14287E2E069C}.Release|x86.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
GlobalSection(NestedProjects) = preSolution
{E13C1C3A-BCD1-4B32-B267-3008987833D9} = {453E5BB8-E54E-3EF9-8B1B-5E84C5251BBC}
{7203247A-2B03-4E9A-A8F9-E8434377A398} = {453E5BB8-E54E-3EF9-8B1B-5E84C5251BBC}
{0FF21346-59FF-4E46-953D-15C1E80B36E8} = {453E5BB8-E54E-3EF9-8B1B-5E84C5251BBC}
{84BACF3D-19B9-4E65-A751-8EBBA39EAE5A} = {453E5BB8-E54E-3EF9-8B1B-5E84C5251BBC}
{77B919B8-6A4B-47BD-82BB-14287E2E069C} = {453E5BB8-E54E-3EF9-8B1B-5E84C5251BBC}
EndGlobalSection
EndGlobal

18
src/ExportCenter/StellaOps.ExportCenter/AGENTS.md Normal file
View File

@@ -0,0 +1,18 @@
# StellaOps Exporter Service — Agent Charter
## Mission
Deliver the Export Center service described in Epic10. Provide reproducible, signed bundles (JSON, Trivy DB, mirror) that respect AOC boundaries, tenant isolation, and imposed rule propagation across all consuming components.
## Key Responsibilities
- Maintain planner, adapters, signing, and distribution layers for export profiles.
- Coordinate with Orchestrator for job scheduling, Findings Ledger for data streaming, Policy Engine/VEX Lens for snapshots, and Authority for RBAC scopes.
- Guarantee deterministic outputs, provenance, and cryptographic signatures for every export profile.
- Support Console/CLI experiences, DevOps automation, and Offline Kit packaging without violating sovereignty or redaction requirements.
## Module Layout
- `StellaOps.ExportCenter.Core/` — export profile domain logic, planners, and validation.
- `StellaOps.ExportCenter.Infrastructure/` — storage providers, signing adapters, integration clients.
- `StellaOps.ExportCenter.WebService/` — REST API surface (profiles, runs, downloads, SSE).
- `StellaOps.ExportCenter.Worker/` — export execution pipelines and background schedulers.
- `StellaOps.ExportCenter.Tests/` — unit tests and future fixture harnesses.
- `StellaOps.ExportCenter.sln` — module solution wiring projects together.

6
src/ExportCenter/StellaOps.ExportCenter/StellaOps.ExportCenter.Core/Class1.cs Normal file
View File

@@ -0,0 +1,6 @@
namespace StellaOps.ExportCenter.Core;
public class Class1
{
}

18
src/ExportCenter/StellaOps.ExportCenter/StellaOps.ExportCenter.Core/StellaOps.ExportCenter.Core.csproj Normal file
View File

@@ -0,0 +1,18 @@
<?xml version="1.0" ?>
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<TargetFramework>net10.0</TargetFramework>
<ImplicitUsings>enable</ImplicitUsings>
<Nullable>enable</Nullable>
<LangVersion>preview</LangVersion>
<TreatWarningsAsErrors>true</TreatWarningsAsErrors>
</PropertyGroup>
</Project>

6
src/ExportCenter/StellaOps.ExportCenter/StellaOps.ExportCenter.Infrastructure/Class1.cs Normal file
View File

@@ -0,0 +1,6 @@
namespace StellaOps.ExportCenter.Infrastructure;
public class Class1
{
}

28
src/ExportCenter/StellaOps.ExportCenter/StellaOps.ExportCenter.Infrastructure/StellaOps.ExportCenter.Infrastructure.csproj Normal file
View File

@@ -0,0 +1,28 @@
<?xml version="1.0" ?>
<Project Sdk="Microsoft.NET.Sdk">
<ItemGroup>
<ProjectReference Include="..\StellaOps.ExportCenter.Core\StellaOps.ExportCenter.Core.csproj"/>
</ItemGroup>
<PropertyGroup>
<TargetFramework>net10.0</TargetFramework>
<ImplicitUsings>enable</ImplicitUsings>
<Nullable>enable</Nullable>
<LangVersion>preview</LangVersion>
<TreatWarningsAsErrors>true</TreatWarningsAsErrors>
</PropertyGroup>
</Project>

135
src/ExportCenter/StellaOps.ExportCenter/StellaOps.ExportCenter.Tests/StellaOps.ExportCenter.Tests.csproj Normal file
View File

@@ -0,0 +1,135 @@
<?xml version="1.0" ?>
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<OutputType>Exe</OutputType>
<IsPackable>false</IsPackable>
<TargetFramework>net10.0</TargetFramework>
<ImplicitUsings>enable</ImplicitUsings>
<Nullable>enable</Nullable>
<UseConcelierTestInfra>false</UseConcelierTestInfra>
<LangVersion>preview</LangVersion>
<TreatWarningsAsErrors>true</TreatWarningsAsErrors>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.14.1"/>
<PackageReference Include="xunit.v3" Version="3.0.0"/>
<PackageReference Include="xunit.runner.visualstudio" Version="3.1.3"/>
</ItemGroup>
<ItemGroup>
<Content Include="xunit.runner.json" CopyToOutputDirectory="PreserveNewest"/>
</ItemGroup>
<ItemGroup>
<Using Include="Xunit"/>
</ItemGroup>
<ItemGroup>
<ProjectReference Include="..\StellaOps.ExportCenter.Core\StellaOps.ExportCenter.Core.csproj"/>
<ProjectReference Include="..\StellaOps.ExportCenter.Infrastructure\StellaOps.ExportCenter.Infrastructure.csproj"/>
</ItemGroup>
</Project>

10
src/ExportCenter/StellaOps.ExportCenter/StellaOps.ExportCenter.Tests/UnitTest1.cs Normal file
View File

@@ -0,0 +1,10 @@
namespace StellaOps.ExportCenter.Tests;
public class UnitTest1
{
[Fact]
public void Test1()
{
}
}

3
src/ExportCenter/StellaOps.ExportCenter/StellaOps.ExportCenter.Tests/xunit.runner.json Normal file
View File

@@ -0,0 +1,3 @@
{
"$schema": "https://xunit.net/schema/current/xunit.runner.schema.json"
}

41
src/ExportCenter/StellaOps.ExportCenter/StellaOps.ExportCenter.WebService/Program.cs Normal file
View File

@@ -0,0 +1,41 @@
var builder = WebApplication.CreateBuilder(args);
// Add services to the container.
// Learn more about configuring OpenAPI at https://aka.ms/aspnet/openapi
builder.Services.AddOpenApi();
var app = builder.Build();
// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment())
{
app.MapOpenApi();
}
app.UseHttpsRedirection();
var summaries = new[]
{
"Freezing", "Bracing", "Chilly", "Cool", "Mild", "Warm", "Balmy", "Hot", "Sweltering", "Scorching"
};
app.MapGet("/weatherforecast", () =>
{
var forecast = Enumerable.Range(1, 5).Select(index =>
new WeatherForecast
(
DateOnly.FromDateTime(DateTime.Now.AddDays(index)),
Random.Shared.Next(-20, 55),
summaries[Random.Shared.Next(summaries.Length)]
))
.ToArray();
return forecast;
})
.WithName("GetWeatherForecast");
app.Run();
record WeatherForecast(DateOnly Date, int TemperatureC, string? Summary)
{
public int TemperatureF => 32 + (int)(TemperatureC / 0.5556);
}

23
src/ExportCenter/StellaOps.ExportCenter/StellaOps.ExportCenter.WebService/Properties/launchSettings.json Normal file
View File

@@ -0,0 +1,23 @@
{
"$schema": "https://json.schemastore.org/launchsettings.json",
"profiles": {
"http": {
"commandName": "Project",
"dotnetRunMessages": true,
"launchBrowser": false,
"applicationUrl": "http://localhost:5269",
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
}
},
"https": {
"commandName": "Project",
"dotnetRunMessages": true,
"launchBrowser": false,
"applicationUrl": "https://localhost:7218;http://localhost:5269",
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
}
}
}
}

41
src/ExportCenter/StellaOps.ExportCenter/StellaOps.ExportCenter.WebService/StellaOps.ExportCenter.WebService.csproj Normal file
View File

@@ -0,0 +1,41 @@
<?xml version="1.0" ?>
<Project Sdk="Microsoft.NET.Sdk.Web">
<PropertyGroup>
<TargetFramework>net10.0</TargetFramework>
<ImplicitUsings>enable</ImplicitUsings>
<Nullable>enable</Nullable>
<LangVersion>preview</LangVersion>
<TreatWarningsAsErrors>true</TreatWarningsAsErrors>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="10.0.0-rc.2.25502.107"/>
</ItemGroup>
<ItemGroup>
<ProjectReference Include="..\StellaOps.ExportCenter.Core\StellaOps.ExportCenter.Core.csproj"/>
<ProjectReference Include="..\StellaOps.ExportCenter.Infrastructure\StellaOps.ExportCenter.Infrastructure.csproj"/>
</ItemGroup>
</Project>

6
src/ExportCenter/StellaOps.ExportCenter/StellaOps.ExportCenter.WebService/StellaOps.ExportCenter.WebService.http Normal file
View File

@@ -0,0 +1,6 @@
@StellaOps.ExportCenter.WebService_HostAddress = http://localhost:5269
GET {{StellaOps.ExportCenter.WebService_HostAddress}}/weatherforecast/
Accept: application/json
###

8
src/ExportCenter/StellaOps.ExportCenter/StellaOps.ExportCenter.WebService/appsettings.Development.json Normal file
View File

@@ -0,0 +1,8 @@
{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.AspNetCore": "Warning"
}
}
}

9
src/ExportCenter/StellaOps.ExportCenter/StellaOps.ExportCenter.WebService/appsettings.json Normal file
View File

@@ -0,0 +1,9 @@
{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.AspNetCore": "Warning"
}
},
"AllowedHosts": "*"
}

7
src/ExportCenter/StellaOps.ExportCenter/StellaOps.ExportCenter.Worker/Program.cs Normal file
View File

@@ -0,0 +1,7 @@
using StellaOps.ExportCenter.Worker;
var builder = Host.CreateApplicationBuilder(args);
builder.Services.AddHostedService<Worker>();
var host = builder.Build();
host.Run();

12
src/ExportCenter/StellaOps.ExportCenter/StellaOps.ExportCenter.Worker/Properties/launchSettings.json Normal file
View File

@@ -0,0 +1,12 @@
{
"$schema": "https://json.schemastore.org/launchsettings.json",
"profiles": {
"StellaOps.ExportCenter.Worker": {
"commandName": "Project",
"dotnetRunMessages": true,
"environmentVariables": {
"DOTNET_ENVIRONMENT": "Development"
}
}
}
}

43
src/ExportCenter/StellaOps.ExportCenter/StellaOps.ExportCenter.Worker/StellaOps.ExportCenter.Worker.csproj Normal file
View File

@@ -0,0 +1,43 @@
<?xml version="1.0" ?>
<Project Sdk="Microsoft.NET.Sdk.Worker">
<PropertyGroup>
<UserSecretsId>dotnet-StellaOps.ExportCenter.Worker-d4cfd239-79d1-4d17-91d6-bb7a78770695</UserSecretsId>
<TargetFramework>net10.0</TargetFramework>
<ImplicitUsings>enable</ImplicitUsings>
<Nullable>enable</Nullable>
<LangVersion>preview</LangVersion>
<TreatWarningsAsErrors>true</TreatWarningsAsErrors>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="Microsoft.Extensions.Hosting" Version="10.0.0-rc.2.25502.107"/>
</ItemGroup>
<ItemGroup>
<ProjectReference Include="..\StellaOps.ExportCenter.Core\StellaOps.ExportCenter.Core.csproj"/>
<ProjectReference Include="..\StellaOps.ExportCenter.Infrastructure\StellaOps.ExportCenter.Infrastructure.csproj"/>
</ItemGroup>
</Project>

16
src/ExportCenter/StellaOps.ExportCenter/StellaOps.ExportCenter.Worker/Worker.cs Normal file
View File

@@ -0,0 +1,16 @@
namespace StellaOps.ExportCenter.Worker;
public class Worker(ILogger<Worker> logger) : BackgroundService
{
protected override async Task ExecuteAsync(CancellationToken stoppingToken)
{
while (!stoppingToken.IsCancellationRequested)
{
if (logger.IsEnabled(LogLevel.Information))
{
logger.LogInformation("Worker running at: {time}", DateTimeOffset.Now);
}
await Task.Delay(1000, stoppingToken);
}
}
}

8
src/ExportCenter/StellaOps.ExportCenter/StellaOps.ExportCenter.Worker/appsettings.Development.json Normal file
View File

@@ -0,0 +1,8 @@
{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.Hosting.Lifetime": "Information"
}
}
}

8
src/ExportCenter/StellaOps.ExportCenter/StellaOps.ExportCenter.Worker/appsettings.json Normal file
View File

@@ -0,0 +1,8 @@
{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.Hosting.Lifetime": "Information"
}
}
}

90
src/ExportCenter/StellaOps.ExportCenter/StellaOps.ExportCenter.sln Normal file
View File

@@ -0,0 +1,90 @@

Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio Version 17
VisualStudioVersion = 17.0.31903.59
MinimumVisualStudioVersion = 10.0.40219.1
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "StellaOps.ExportCenter.Core", "StellaOps.ExportCenter.Core\StellaOps.ExportCenter.Core.csproj", "{A8B060F0-BD04-4CFB-BC99-C31AE6C9C8F5}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "StellaOps.ExportCenter.Infrastructure", "StellaOps.ExportCenter.Infrastructure\StellaOps.ExportCenter.Infrastructure.csproj", "{2DB372A2-C0AD-48D6-875C-CDEB01CC7AFB}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "StellaOps.ExportCenter.WebService", "StellaOps.ExportCenter.WebService\StellaOps.ExportCenter.WebService.csproj", "{A1460E98-EDED-42BE-ACF8-896ED94053F1}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "StellaOps.ExportCenter.Worker", "StellaOps.ExportCenter.Worker\StellaOps.ExportCenter.Worker.csproj", "{73531B46-E364-4C0F-B84C-8BDCF3E16051}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "StellaOps.ExportCenter.Tests", "StellaOps.ExportCenter.Tests\StellaOps.ExportCenter.Tests.csproj", "{1201F1ED-F35A-4F12-B662-BB616122A2F2}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Debug|x64 = Debug|x64
Debug|x86 = Debug|x86
Release|Any CPU = Release|Any CPU
Release|x64 = Release|x64
Release|x86 = Release|x86
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{A8B060F0-BD04-4CFB-BC99-C31AE6C9C8F5}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{A8B060F0-BD04-4CFB-BC99-C31AE6C9C8F5}.Debug|Any CPU.Build.0 = Debug|Any CPU
{A8B060F0-BD04-4CFB-BC99-C31AE6C9C8F5}.Debug|x64.ActiveCfg = Debug|Any CPU
{A8B060F0-BD04-4CFB-BC99-C31AE6C9C8F5}.Debug|x64.Build.0 = Debug|Any CPU
{A8B060F0-BD04-4CFB-BC99-C31AE6C9C8F5}.Debug|x86.ActiveCfg = Debug|Any CPU
{A8B060F0-BD04-4CFB-BC99-C31AE6C9C8F5}.Debug|x86.Build.0 = Debug|Any CPU
{A8B060F0-BD04-4CFB-BC99-C31AE6C9C8F5}.Release|Any CPU.ActiveCfg = Release|Any CPU
{A8B060F0-BD04-4CFB-BC99-C31AE6C9C8F5}.Release|Any CPU.Build.0 = Release|Any CPU
{A8B060F0-BD04-4CFB-BC99-C31AE6C9C8F5}.Release|x64.ActiveCfg = Release|Any CPU
{A8B060F0-BD04-4CFB-BC99-C31AE6C9C8F5}.Release|x64.Build.0 = Release|Any CPU
{A8B060F0-BD04-4CFB-BC99-C31AE6C9C8F5}.Release|x86.ActiveCfg = Release|Any CPU
{A8B060F0-BD04-4CFB-BC99-C31AE6C9C8F5}.Release|x86.Build.0 = Release|Any CPU
{2DB372A2-C0AD-48D6-875C-CDEB01CC7AFB}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{2DB372A2-C0AD-48D6-875C-CDEB01CC7AFB}.Debug|Any CPU.Build.0 = Debug|Any CPU
{2DB372A2-C0AD-48D6-875C-CDEB01CC7AFB}.Debug|x64.ActiveCfg = Debug|Any CPU
{2DB372A2-C0AD-48D6-875C-CDEB01CC7AFB}.Debug|x64.Build.0 = Debug|Any CPU
{2DB372A2-C0AD-48D6-875C-CDEB01CC7AFB}.Debug|x86.ActiveCfg = Debug|Any CPU
{2DB372A2-C0AD-48D6-875C-CDEB01CC7AFB}.Debug|x86.Build.0 = Debug|Any CPU
{2DB372A2-C0AD-48D6-875C-CDEB01CC7AFB}.Release|Any CPU.ActiveCfg = Release|Any CPU
{2DB372A2-C0AD-48D6-875C-CDEB01CC7AFB}.Release|Any CPU.Build.0 = Release|Any CPU
{2DB372A2-C0AD-48D6-875C-CDEB01CC7AFB}.Release|x64.ActiveCfg = Release|Any CPU
{2DB372A2-C0AD-48D6-875C-CDEB01CC7AFB}.Release|x64.Build.0 = Release|Any CPU
{2DB372A2-C0AD-48D6-875C-CDEB01CC7AFB}.Release|x86.ActiveCfg = Release|Any CPU
{2DB372A2-C0AD-48D6-875C-CDEB01CC7AFB}.Release|x86.Build.0 = Release|Any CPU
{A1460E98-EDED-42BE-ACF8-896ED94053F1}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{A1460E98-EDED-42BE-ACF8-896ED94053F1}.Debug|Any CPU.Build.0 = Debug|Any CPU
{A1460E98-EDED-42BE-ACF8-896ED94053F1}.Debug|x64.ActiveCfg = Debug|Any CPU
{A1460E98-EDED-42BE-ACF8-896ED94053F1}.Debug|x64.Build.0 = Debug|Any CPU
{A1460E98-EDED-42BE-ACF8-896ED94053F1}.Debug|x86.ActiveCfg = Debug|Any CPU
{A1460E98-EDED-42BE-ACF8-896ED94053F1}.Debug|x86.Build.0 = Debug|Any CPU
{A1460E98-EDED-42BE-ACF8-896ED94053F1}.Release|Any CPU.ActiveCfg = Release|Any CPU
{A1460E98-EDED-42BE-ACF8-896ED94053F1}.Release|Any CPU.Build.0 = Release|Any CPU
{A1460E98-EDED-42BE-ACF8-896ED94053F1}.Release|x64.ActiveCfg = Release|Any CPU
{A1460E98-EDED-42BE-ACF8-896ED94053F1}.Release|x64.Build.0 = Release|Any CPU
{A1460E98-EDED-42BE-ACF8-896ED94053F1}.Release|x86.ActiveCfg = Release|Any CPU
{A1460E98-EDED-42BE-ACF8-896ED94053F1}.Release|x86.Build.0 = Release|Any CPU
{73531B46-E364-4C0F-B84C-8BDCF3E16051}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{73531B46-E364-4C0F-B84C-8BDCF3E16051}.Debug|Any CPU.Build.0 = Debug|Any CPU
{73531B46-E364-4C0F-B84C-8BDCF3E16051}.Debug|x64.ActiveCfg = Debug|Any CPU
{73531B46-E364-4C0F-B84C-8BDCF3E16051}.Debug|x64.Build.0 = Debug|Any CPU
{73531B46-E364-4C0F-B84C-8BDCF3E16051}.Debug|x86.ActiveCfg = Debug|Any CPU
{73531B46-E364-4C0F-B84C-8BDCF3E16051}.Debug|x86.Build.0 = Debug|Any CPU
{73531B46-E364-4C0F-B84C-8BDCF3E16051}.Release|Any CPU.ActiveCfg = Release|Any CPU
{73531B46-E364-4C0F-B84C-8BDCF3E16051}.Release|Any CPU.Build.0 = Release|Any CPU
{73531B46-E364-4C0F-B84C-8BDCF3E16051}.Release|x64.ActiveCfg = Release|Any CPU
{73531B46-E364-4C0F-B84C-8BDCF3E16051}.Release|x64.Build.0 = Release|Any CPU
{73531B46-E364-4C0F-B84C-8BDCF3E16051}.Release|x86.ActiveCfg = Release|Any CPU
{73531B46-E364-4C0F-B84C-8BDCF3E16051}.Release|x86.Build.0 = Release|Any CPU
{1201F1ED-F35A-4F12-B662-BB616122A2F2}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{1201F1ED-F35A-4F12-B662-BB616122A2F2}.Debug|Any CPU.Build.0 = Debug|Any CPU
{1201F1ED-F35A-4F12-B662-BB616122A2F2}.Debug|x64.ActiveCfg = Debug|Any CPU
{1201F1ED-F35A-4F12-B662-BB616122A2F2}.Debug|x64.Build.0 = Debug|Any CPU
{1201F1ED-F35A-4F12-B662-BB616122A2F2}.Debug|x86.ActiveCfg = Debug|Any CPU
{1201F1ED-F35A-4F12-B662-BB616122A2F2}.Debug|x86.Build.0 = Debug|Any CPU
{1201F1ED-F35A-4F12-B662-BB616122A2F2}.Release|Any CPU.ActiveCfg = Release|Any CPU
{1201F1ED-F35A-4F12-B662-BB616122A2F2}.Release|Any CPU.Build.0 = Release|Any CPU
{1201F1ED-F35A-4F12-B662-BB616122A2F2}.Release|x64.ActiveCfg = Release|Any CPU
{1201F1ED-F35A-4F12-B662-BB616122A2F2}.Release|x64.Build.0 = Release|Any CPU
{1201F1ED-F35A-4F12-B662-BB616122A2F2}.Release|x86.ActiveCfg = Release|Any CPU
{1201F1ED-F35A-4F12-B662-BB616122A2F2}.Release|x86.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal

77
src/ExportCenter/StellaOps.ExportCenter/TASKS.md Normal file
View File

@@ -0,0 +1,77 @@
# Exporter Service Task Board — Epic 10: Export Center
## Sprint 35 Foundations (JSON + Mirror Full, Download Only)
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| EXPORT-SVC-35-001 | BLOCKED (2025-10-29) | Exporter Service Guild | ORCH-SVC-35-101, LEDGER-EXPORT-35-001 | Bootstrap exporter service project, configuration, and Postgres migrations for `export_profiles`, `export_runs`, `export_inputs`, `export_distributions` with tenant scoping + tests. | Service builds/tests; migrations generated with scripts; baseline integration test seeds schema; compliance checklist recorded. |
> Blocked: waiting on Orchestrator export job contract (ORCH-SVC-35-101) and Findings Ledger export endpoints (LEDGER-EXPORT-35-001) before bootstrapping service schema.
| EXPORT-SVC-35-002 | TODO | Exporter Service Guild | EXPORT-SVC-35-001 | Implement planner + scope resolver translating filters into ledger iterators and orchestrator job payloads; include deterministic sampling and validation. | Planner passes unit/property tests; orchestrator contract documented; filter validation errors mapped. |
| EXPORT-SVC-35-003 | TODO | Exporter Service Guild | EXPORT-SVC-35-002 | Deliver JSON adapters (`json:raw`, `json:policy`) with canonical normalization, redaction allowlists, compression, and manifest counts. | JSONL outputs deterministic; redaction enforced; unit/integration tests cover advisories/VEX/SBOM/findings. |
| EXPORT-SVC-35-004 | TODO | Exporter Service Guild | EXPORT-SVC-35-002 | Build mirror (full) adapter producing filesystem layout, indexes, manifests, and README with download-only distribution. | Mirror bundle passes integration tests; indexes generated; manifest validated; docs cross-referenced. |
| EXPORT-SVC-35-005 | TODO | Exporter Service Guild | EXPORT-SVC-35-003 | Implement manifest/provenance writer and KMS signing/attestation (detached + embedded) for bundle outputs. | `export.json`/`provenance.json` generated with hashes; signatures produced via KMS; verification test passes. |
| EXPORT-SVC-35-006 | TODO | Exporter Service Guild | EXPORT-SVC-35-001..005 | Expose Export API (profiles, runs, download, SSE updates) with audit logging, concurrency controls, and viewer/operator RBAC integration. | OpenAPI published; SSE stream validated; audit logs captured; rate limits enforced in tests. |
## Sprint 36 Trivy + Distribution
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| EXPORT-SVC-36-001 | TODO | Exporter Service Guild | EXPORT-SVC-35-002 | Implement Trivy DB adapter (core) with schema mappings, version flag gating, and validation harness. | Trivy bundle builds for fixtures; compatibility tests against reference Trivy; errors surfaced for unknown schema. |
| EXPORT-SVC-36-002 | TODO | Exporter Service Guild | EXPORT-SVC-36-001 | Add Trivy Java DB variant with shared manifest entries and adapter regression tests. | Java DB bundle produced when enabled; manifest annotated; integration tests cover optional config. |
| EXPORT-SVC-36-003 | TODO | Exporter Service Guild | EXPORT-SVC-35-006 | Build OCI distribution engine (manifests, descriptors, annotations) with registry auth support and retries. | OCI push works in integration tests; annotations present; retry/backoff validated. |
| EXPORT-SVC-36-004 | TODO | Exporter Service Guild | EXPORT-SVC-36-003 | Extend planner/run lifecycle for distribution targets (OCI/object storage) with idempotent metadata updates and retention timestamps. | Export runs track distribution state; object storage writer tested; retention metadata stored. |
## Sprint 37 Delta, Encryption, Scheduling, GA
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| EXPORT-SVC-37-001 | TODO | Exporter Service Guild | EXPORT-SVC-35-004 | Implement mirror delta adapter with base manifest comparison, change set generation, and content-addressed reuse. | Delta bundles generated with accurate adds/removes; manifest references base export; tests cover large datasets. |
| EXPORT-SVC-37-002 | TODO | Exporter Service Guild | EXPORT-SVC-35-005, AUTH-EXPORT-37-001 | Add bundle encryption (age/AES-GCM), key wrapping via KMS, and verification tooling for encrypted outputs. | Encrypted bundles produced; decrypt tool validated; key rotation tests pass. |
| EXPORT-SVC-37-003 | TODO | Exporter Service Guild | ORCH-SVC-37-101 | Implement export scheduling (cron/event), retention pruning, retry idempotency, and failure classification. | Schedules persisted; retention jobs prune data; retries clean; metrics/logs emitted. |
| EXPORT-SVC-37-004 | TODO | Exporter Service Guild | EXPORT-SVC-35-005 | Provide verification API to stream manifests/hashes, compute hash+signature checks, and return attest status for CLI/UI. | Verification endpoint live; integration tests cover success/failure; metrics track verify attempts. |
## CLI Parity & Task Packs Integration
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| EXPORT-SVC-43-001 | TODO | Exporter Service Guild | PACKS-REG-41-001, TASKRUN-41-001 | Integrate pack run manifests/artifacts into export bundles and CLI verification flows; expose provenance links. | Pack run exports available; manifests signed; CLI verify uses exports; tests cover workflow. |
## Authority-Backed Scopes & Tenancy (Epic 14)
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| EXPORT-TEN-48-001 | TODO | Exporter Service Guild | WEB-TEN-48-001 | Prefix artifacts/manifests with tenant/project, enforce scope checks, and prevent cross-tenant exports unless explicitly whitelisted; update provenance. | Exports contain tenant id; cross-tenant attempt denied; tests cover scope enforcement. |
## Observability & Forensics (Epic 15)
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| EXPORT-OBS-50-001 | TODO | Exporter Service Guild, Observability Guild | TELEMETRY-OBS-50-001, TELEMETRY-OBS-50-002 | Adopt telemetry core in exporter service + workers, ensuring spans/logs capture profile id, tenant, artifact counts, distribution type, and trace IDs. | Telemetry confirmed via integration tests; logging contract validated; CLI trace linking works. |
| EXPORT-OBS-51-001 | TODO | Exporter Service Guild, DevOps Guild | EXPORT-OBS-50-001, TELEMETRY-OBS-51-001 | Emit metrics for export planner latency, bundle build time, distribution success rate, bundle size, and define SLOs (bundle availability P95 <90s). Add Grafana dashboards + burn-rate alerts. | Metrics visible; alerts tested; documentation updated. |
| EXPORT-OBS-52-001 | TODO | Exporter Service Guild | EXPORT-OBS-50-001, TIMELINE-OBS-52-002 | Publish timeline events for export lifecycle (`export.requested`, `export.built`, `export.distributed`, `export.failed`) embedding manifest hashes and evidence refs. Provide dedupe + retry logic. | Timeline events verified; duplicates suppressed; docs record schema. |
| EXPORT-OBS-53-001 | TODO | Exporter Service Guild, Evidence Locker Guild | EXPORT-OBS-52-001, EVID-OBS-53-002 | Push export manifests + distribution transcripts to evidence locker bundles, ensuring Merkle root alignment and DSSE pre-sign data available. | Evidence bundles include export data; manifests deterministic; integration tests pass. |
| EXPORT-OBS-54-001 | TODO | Exporter Service Guild, Provenance Guild | EXPORT-OBS-53-001, PROV-OBS-53-002 | Produce DSSE attestations for each export artifact and distribution target, expose verification API `/exports/{id}/attestation`, and integrate with CLI verify path. | Attestations generated/verified; API live; CLI integration tests updated. |
| EXPORT-OBS-55-001 | TODO | Exporter Service Guild, DevOps Guild | EXPORT-OBS-51-001, DEVOPS-OBS-55-001 | Add incident mode enhancements (extra tracing for slow exports, additional debug logs, retention bump). Emit incident activation events to timeline + notifier. | Incident mode validated; extra telemetry captured; events observed. |
## Air-Gapped Mode (Epic 16)
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| EXPORT-AIRGAP-56-001 | TODO | Exporter Service Guild, Mirror Creator Guild | MIRROR-CRT-56-001, AIRGAP-IMP-56-001 | Extend Export Center to build Mirror Bundles as export profiles, including advisories/VEX/policy packs manifesting DSSE/TUF metadata. | Export profile produces bundle matching mirror spec; verification succeeds; audit entry stored. |
| EXPORT-AIRGAP-56-002 | TODO | Exporter Service Guild, DevOps Guild | EXPORT-AIRGAP-56-001, DEVOPS-OBS-50-003 | Package Bootstrap Pack (images + charts) into OCI archives with signed manifests for air-gapped deployment. | Bootstrap pack generated; digests recorded; documentation stubbed. |
| EXPORT-AIRGAP-57-001 | TODO | Exporter Service Guild, Evidence Locker Guild | EXPORT-AIRGAP-56-001, EVID-OBS-54-002 | Integrate portable evidence export mode producing sealed evidence bundles with DSSE signatures and chain-of-custody metadata. | Portable bundles generated and verified; CLI/Console flows consume exports; tests cover tampering. |
| EXPORT-AIRGAP-58-001 | TODO | Exporter Service Guild, Notifications Guild | EXPORT-AIRGAP-56-001, NOTIFY-OBS-51-001 | Emit notifications and timeline events when Mirror Bundles or Bootstrap packs are ready for transfer. | Notifications delivered with links; timeline events recorded; metrics updated. |
## SDKs & OpenAPI (Epic 17)
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| EXPORT-OAS-61-001 | TODO | Exporter Service Guild, API Contracts Guild | OAS-61-001 | Update Exporter OAS covering profiles, runs, downloads, devportal exports with standard error envelope and examples. | Spec complete; lint passes; examples validated. |
| EXPORT-OAS-61-002 | TODO | Exporter Service Guild | EXPORT-OAS-61-001 | Provide `/.well-known/openapi` discovery endpoint with version metadata and ETag. | Endpoint deployed; contract tests cover discovery. |
| EXPORT-OAS-62-001 | TODO | Exporter Service Guild, SDK Generator Guild | EXPORT-OAS-61-001, SDKGEN-63-001 | Ensure SDKs include export profile/run clients with streaming download helpers; add smoke tests. | SDK tests download/export artifact; documentation includes snippets. |
| EXPORT-OAS-63-001 | TODO | Exporter Service Guild, API Governance Guild | APIGOV-63-001 | Implement deprecation headers and notifications for legacy export endpoints. | Headers emitted; notifications pipeline validated. |
## Risk Profiles (Epic 18)
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| EXPORT-RISK-69-001 | TODO | Exporter Service Guild, Risk Bundle Export Guild | RISK-BUNDLE-69-001 | Add Export Center job handler `risk-bundle` with provider selection, manifest signing, and audit logging. | Job deploys; manifest stored; audit logs include actor and scope. |
| EXPORT-RISK-69-002 | TODO | Exporter Service Guild, Risk Engine Guild | EXPORT-RISK-69-001 | Enable simulation report exports pulling scored data + explainability snapshots. | Simulation exports available via API/CLI; tests ensure deterministic output. |
| EXPORT-RISK-70-001 | TODO | Exporter Service Guild, DevOps Guild | EXPORT-RISK-69-001 | Integrate risk bundle builds into offline kit packaging with checksum verification. | Offline kit includes risk bundle; verification pipeline passes; docs updated. |
## Attestor Console (Epic 19)
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| EXPORT-ATTEST-74-001 | TODO | Exporter Service Guild, Attestation Bundle Guild | ATTESTOR-74-002 | Implement attestation bundle export job via Export Center. | Job builds bundle; manifest signed; tests pass. |
| EXPORT-ATTEST-75-001 | TODO | Exporter Service Guild | EXPORT-ATTEST-74-001 | Integrate attestation bundles into offline kit flows and CLI commands. | Offline kit updated; CLI `export attestation-bundle` operational; docs refreshed. |