stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity

feat: Add MongoIdempotencyStoreOptions for MongoDB configuration
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details

Browse Source 
feat: Implement BsonJsonConverter for converting BsonDocument and BsonArray to JSON

fix: Update project file to include MongoDB.Bson package

test: Add GraphOverlayExporterTests to validate NDJSON export functionality

refactor: Refactor Program.cs in Attestation Tool for improved argument parsing and error handling

docs: Update README for stella-forensic-verify with usage instructions and exit codes

feat: Enhance HmacVerifier with clock skew and not-after checks

feat: Add MerkleRootVerifier and ChainOfCustodyVerifier for additional verification methods

fix: Update DenoRuntimeShim to correctly handle file paths

feat: Introduce ComposerAutoloadData and related parsing in ComposerLockReader

test: Add tests for Deno runtime execution and verification

test: Enhance PHP package tests to include autoload data verification

test: Add unit tests for HmacVerifier and verification logic
This commit is contained in:
StellaOps Bot
2025-11-22 16:42:56 +02:00
parent 967ae0ab16
commit dc7c75b496
85 changed files with 2272 additions and 917 deletions
Download Patch File Download Diff File Expand all files Collapse all files

423
docs/api/graph-gateway-spec-draft.yaml
View File

@@ -1,126 +1,371 @@
openapi: 3.0.3
info:
title: StellaOps Graph Gateway (draft)
version: 0.0.1-draft
version: 0.0.2-pre
description: |
Draft API surface for graph search/query/paths/diff/export with streaming tiles,
cost budgets, overlays, and RBAC headers. Aligns with sprint 0207 Wave 1 outline
(GRAPH-API-28-001..011).
servers:
- url: https://gateway.local/api
security:
- bearerAuth: []
paths:
/graph/versions:
get:
summary: List graph schema versions
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
properties:
versions:
type: array
items:
type: string
/graph/viewport:
get:
summary: Stream viewport tiles
/graph/search:
post:
summary: Search graph nodes with prefix/exact semantics and filters
security:
- bearerAuth: []
parameters:
- name: bbox
in: query
required: true
schema:
type: string
- name: zoom
in: query
required: true
schema:
type: integer
- name: version
in: query
schema:
type: string
- $ref: '#/components/parameters/TenantHeader'
- $ref: '#/components/parameters/RequestIdHeader'
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/SearchRequest'
responses:
'200':
description: Stream of tiles
description: Stream of search tiles (NDJSON)
content:
application/json:
application/x-ndjson:
schema:
type: object
properties:
tiles:
type: array
items:
type: object
/graph/path:
get:
summary: Fetch path between nodes
$ref: '#/components/schemas/TileEnvelope'
'400': { $ref: '#/components/responses/ValidationError' }
'401': { $ref: '#/components/responses/Unauthorized' }
'429': { $ref: '#/components/responses/BudgetExceeded' }
/graph/query:
post:
summary: Execute graph query with budgeted streaming tiles
security:
- bearerAuth: []
parameters:
- name: from
in: query
required: true
schema:
type: string
- name: to
in: query
required: true
schema:
type: string
- $ref: '#/components/parameters/TenantHeader'
- $ref: '#/components/parameters/RequestIdHeader'
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/QueryRequest'
responses:
'200':
description: OK
description: Stream of query tiles (NDJSON)
content:
application/json:
application/x-ndjson:
schema:
type: object
properties:
edges:
type: array
items:
type: object
$ref: '#/components/schemas/TileEnvelope'
'400': { $ref: '#/components/responses/ValidationError' }
'401': { $ref: '#/components/responses/Unauthorized' }
'429': { $ref: '#/components/responses/BudgetExceeded' }
/graph/paths:
post:
summary: Find constrained paths between node sets (depth ≤ 6)
security:
- bearerAuth: []
parameters:
- $ref: '#/components/parameters/TenantHeader'
- $ref: '#/components/parameters/RequestIdHeader'
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/PathsRequest'
responses:
'200':
description: Stream of path tiles ordered by hop
content:
application/x-ndjson:
schema:
$ref: '#/components/schemas/TileEnvelope'
'400': { $ref: '#/components/responses/ValidationError' }
'401': { $ref: '#/components/responses/Unauthorized' }
'429': { $ref: '#/components/responses/BudgetExceeded' }
/graph/diff:
get:
summary: Diff two snapshots
post:
summary: Stream diff between two graph snapshots with overlay deltas
security:
- bearerAuth: []
parameters:
- name: left
in: query
required: true
schema:
type: string
- name: right
in: query
required: true
schema:
type: string
- $ref: '#/components/parameters/TenantHeader'
- $ref: '#/components/parameters/RequestIdHeader'
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/DiffRequest'
responses:
'200':
description: OK
description: Stream of diff tiles (added/removed/changed)
content:
application/x-ndjson:
schema:
$ref: '#/components/schemas/TileEnvelope'
'400': { $ref: '#/components/responses/ValidationError' }
'401': { $ref: '#/components/responses/Unauthorized' }
/graph/export:
post:
summary: Request export job for snapshot or query result
security:
- bearerAuth: []
parameters:
- $ref: '#/components/parameters/TenantHeader'
- $ref: '#/components/parameters/RequestIdHeader'
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/ExportRequest'
responses:
'202':
description: Export job accepted
content:
application/json:
schema:
type: object
/graph/export:
$ref: '#/components/schemas/ExportJob'
'400': { $ref: '#/components/responses/ValidationError' }
'401': { $ref: '#/components/responses/Unauthorized' }
/graph/export/{jobId}:
get:
summary: Export graph fragment
summary: Check export job status or download manifest
security:
- bearerAuth: []
parameters:
- name: snapshot
in: query
- $ref: '#/components/parameters/TenantHeader'
- $ref: '#/components/parameters/RequestIdHeader'
- name: jobId
in: path
required: true
schema:
type: string
- name: format
in: query
schema:
type: string
enum: [graphml, jsonl]
responses:
'200':
description: Streamed export
description: Job status
content:
application/octet-stream:
application/json:
schema:
type: string
format: binary
$ref: '#/components/schemas/ExportJob'
'404':
description: Job not found
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
components:
securitySchemes:
bearerAuth:
type: http
scheme: bearer
bearerFormat: JWT
parameters:
TenantHeader:
name: X-Stella-Tenant
in: header
required: true
schema:
type: string
description: Tenant identifier enforced on all routes.
RequestIdHeader:
name: X-Request-Id
in: header
required: false
schema:
type: string
description: Optional caller-provided correlation id, echoed in responses.
schemas:
CostBudget:
type: object
properties:
limit:
type: integer
minimum: 1
remaining:
type: integer
minimum: 0
consumed:
type: integer
minimum: 0
required: [limit, remaining, consumed]
TileEnvelope:
type: object
properties:
type:
type: string
enum: [node, edge, stats, cursor, diagnostic]
seq:
type: integer
minimum: 0
cost:
$ref: '#/components/schemas/CostBudget'
data:
type: object
description: Payload varies by tile type (node/edge record, stats snapshot, cursor token, or diagnostic info).
required: [type, seq]
SearchRequest:
type: object
properties:
query:
type: string
description: Prefix or exact text; required unless filters present.
kinds:
type: array
items:
type: string
limit:
type: integer
default: 50
maximum: 500
filters:
type: object
additionalProperties: true
ordering:
type: string
enum: [relevance, id]
required: [kinds]
QueryRequest:
type: object
properties:
dsl:
type: string
description: DSL expression for graph traversal (mutually exclusive with filter).
filter:
type: object
description: Structured filter alternative to DSL.
budget:
type: object
properties:
nodeCap: { type: integer }
edgeCap: { type: integer }
timeMs: { type: integer }
overlays:
type: array
items:
type: string
enum: [policy, vex, advisory]
explain:
type: string
enum: [none, minimal, full]
default: none
anyOf:
- required: [dsl]
- required: [filter]
PathsRequest:
type: object
properties:
sourceIds:
type: array
items: { type: string }
minItems: 1
targetIds:
type: array
items: { type: string }
minItems: 1
maxDepth:
type: integer
maximum: 6
default: 4
constraints:
type: object
properties:
edgeKinds:
type: array
items: { type: string }
fanoutCap:
type: integer
overlays:
type: array
items: { type: string }
required: [sourceIds, targetIds]
DiffRequest:
type: object
properties:
snapshotA: { type: string }
snapshotB: { type: string }
filters:
type: object
additionalProperties: true
required: [snapshotA, snapshotB]
ExportRequest:
type: object
properties:
snapshotId:
type: string
queryRef:
type: string
formats:
type: array
items:
type: string
enum: [graphml, csv, ndjson, png, svg]
includeOverlays:
type: boolean
default: false
anyOf:
- required: [snapshotId]
- required: [queryRef]
required: [formats]
ExportJob:
type: object
properties:
jobId: { type: string }
status: { type: string, enum: [pending, running, succeeded, failed] }
checksumManifestUrl: { type: string, format: uri }
downloadUrl: { type: string, format: uri }
createdAt: { type: string, format: date-time }
updatedAt: { type: string, format: date-time }
message: { type: string }
required: [jobId, status]
Error:
type: object
properties:
error:
type: string
enum: [GRAPH_BUDGET_EXCEEDED, GRAPH_VALIDATION_FAILED, GRAPH_RATE_LIMITED, GRAPH_UNAUTHORIZED]
message:
type: string
details:
type: object
request_id:
type: string
required: [error, message]
responses:
ValidationError:
description: Request failed validation
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
Unauthorized:
description: Missing or invalid credentials
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
BudgetExceeded:
description: Budget exhausted mid-stream; includes partial cursor details
content:
application/json:
schema:
$ref: '#/components/schemas/Error'

2
docs/benchmarks/vex-evidence-playbook.md
View File

@@ -137,4 +137,4 @@ Automate collection via `Makefile` or `bench/run.sh` pipeline (task `BENCH-AUTO-
- `BENCH-AUTO-401-019` — automation to populate `bench/findings/**`, run baseline scanners, and update `results/summary.csv`.
- `DOCS-VEX-401-012` — maintain this playbook + README templates, document verification workflow.
Update `docs/implplan/SPRINT_401_reachability_evidence_chain.md` whenever these tasks move state.
Update `docs/implplan/SPRINT_0401_0001_0001_reachability_evidence_chain.md` whenever these tasks move state.

2
docs/implplan/SPRINT_0110_0001_0001_ingestion_evidence.md
View File

@@ -69,6 +69,8 @@
| 2025-11-22 | Retried restore with absolute `NUGET_PACKAGES=$(pwd)/local-nugets`; still hanging and cancelled at ~10s (no packages downloaded). Tests remain blocked pending CI/warm cache. | Implementer |
| 2025-11-22 | Restore attempt with absolute cache + nuget.org fallback (`NUGET_PACKAGES=/mnt/e/dev/git.stella-ops.org/local-nugets --source local-nugets --source https://api.nuget.org/v3/index.json`) still stalled/cancelled after ~10s; no packages pulled. | Implementer |
| 2025-11-22 | Normalized `tools/linksets-ci.sh` line endings, removed `--no-build`, and forced offline restore against `local-nugets`; restore still hangs >90s even with offline cache, run terminated. BUILD-TOOLING-110-001 remains BLOCKED pending runner with usable restore cache. | Implementer |
| 2025-11-22 | Tried seeding `local-nugets` via `dotnet restore --packages local-nugets` (online allowed); restore spinner stalled ~130s and was cancelled; NuGet targets reported “Restore canceled!”. No TRX produced; BUILD-TOOLING-110-001 still BLOCKED—needs CI runner with warm cache or diagnostic restore to pinpoint stuck feed/package. | Implementer |
| 2025-11-22 | Retried restore with dedicated cache `NUGET_PACKAGES=.nuget-cache`, sources `local-nugets` + nuget.org, `--disable-parallel --ignore-failed-sources`; spinner ran ~10s with no progress, cancelled. Still no TRX; BUILD-TOOLING-110-001 remains BLOCKED pending CI runner or verbose restore on cached agent. | Implementer |
| 2025-11-22 | Documented Concelier advisory attestation endpoint parameters and safety rules (`docs/modules/concelier/attestation.md`); linked from module architecture. | Implementer |
| 2025-11-22 | Published Excititor air-gap + connector trust prep (`docs/modules/excititor/prep/2025-11-22-airgap-56-58-prep.md`), defining import envelope, error catalog, timeline hooks, and signer validation; marked EXCITITOR-AIRGAP-56/57/58 · CONN-TRUST-01-001 DONE. | Implementer |
| 2025-11-20 | Completed PREP-FEEDCONN-ICSCISA-02-012-KISA-02-008-FEED: published remediation schedule + hashes at `docs/modules/concelier/prep/2025-11-20-feeds-icscisa-kisa-prep.md`; status set to DONE. | Implementer |

8
docs/implplan/SPRINT_0113_0001_0002_concelier_ii.md
View File

@@ -26,12 +26,12 @@
| P2 | PREP-CONCELIER-LNM-21-002-WAITING-ON-FINALIZE | DONE (2025-11-20) | Due 2025-11-21 · Accountable: Concelier Core Guild · Data Science Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Concelier Core Guild · Data Science Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Correlation rules + fixtures published at `docs/modules/concelier/linkset-correlation-21-002.md` with samples under `docs/samples/lnm/`. Downstream linkset builder can proceed. |
| 1 | CONCELIER-GRAPH-21-001 | DONE | LNM sample fixtures with scopes/relationships added; observation/linkset query tests passing | Concelier Core Guild · Cartographer Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Extend SBOM normalization so relationships/scopes are stored as raw observation metadata with provenance pointers for graph joins. |
| 2 | CONCELIER-GRAPH-21-002 | DONE (2025-11-22) | PREP-CONCELIER-GRAPH-21-002-PLATFORM-EVENTS-S | Concelier Core Guild · Scheduler Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Publish `sbom.observation.updated` events with tenant/context and advisory refs; facts only, no judgments. |
| 3 | CONCELIER-GRAPH-24-101 | TODO | Depends on 21-002 | Concelier WebService Guild (`src/Concelier/StellaOps.Concelier.WebService`) | `/advisories/summary` bundles observation/linkset metadata (aliases, confidence, conflicts) for graph overlays; upstream values intact. |
| 3 | CONCELIER-GRAPH-24-101 | BLOCKED | Depends on 21-002 | Concelier WebService Guild (`src/Concelier/StellaOps.Concelier.WebService`) | `/advisories/summary` bundles observation/linkset metadata (aliases, confidence, conflicts) for graph overlays; upstream values intact. |
| 4 | CONCELIER-GRAPH-28-102 | TODO | Depends on 24-101 | Concelier WebService Guild (`src/Concelier/StellaOps.Concelier.WebService`) | Evidence batch endpoints keyed by component sets with provenance/timestamps; no derived severity. |
| 5 | CONCELIER-LNM-21-001 | DONE | Start of Link-Not-Merge chain | Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Define immutable `advisory_observations` model (per-source fields, version ranges, severity text, provenance metadata, tenant guards). |
| 6 | CONCELIER-LNM-21-002 | DONE (2025-11-22) | PREP-CONCELIER-LNM-21-002-WAITING-ON-FINALIZE | Concelier Core Guild · Data Science Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Correlation pipelines output linksets with confidence + conflict markers, avoiding value collapse. |
| 7 | CONCELIER-LNM-21-003 | DONE (2025-11-22) | Depends on 21-002 | Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Record disagreements (severity, CVSS, references) as structured conflict entries. |
| 8 | CONCELIER-LNM-21-004 | TODO | Depends on 21-003 | Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Remove legacy merge/dedup logic; add guardrails/tests to keep ingestion append-only; document linkset supersession. |
| 8 | CONCELIER-LNM-21-004 | BLOCKED | Depends on 21-003 | Concelier Core Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Remove legacy merge/dedup logic; add guardrails/tests to keep ingestion append-only; document linkset supersession. |
| 9 | CONCELIER-LNM-21-005 | TODO | Depends on 21-004 | Concelier Core Guild · Platform Events Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | Emit `advisory.linkset.updated` events with delta descriptions + observation ids (tenant + provenance only). |
| 10 | CONCELIER-LNM-21-101 | TODO | Depends on 21-005 | Concelier Storage Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo`) | Provision Mongo collections (`advisory_observations`, `advisory_linksets`) with hashed shard keys, tenant indexes, TTL for ingest metadata. |
| 11 | CONCELIER-LNM-21-102 | TODO | Depends on 21-101 | Concelier Storage Guild · DevOps Guild (`src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo`) | Backfill legacy merged advisories; seed tombstones; provide rollback tooling for Offline Kit. |
@@ -55,6 +55,7 @@
| 2025-11-22 | Added LinksetCorrelation helper + updated aggregation to emit confidence/conflicts per LNM-21-002; unit tests added. Targeted `dotnet test ...AdvisoryObservationAggregationTests` failed locally (`invalid test source` vstest issue); requires CI/warmed runner. | Concelier Core |
| 2025-11-22 | Added conflict sourceIds propagation to storage documents and mapping; updated storage tests accordingly. `dotnet test ...Concelier.Storage.Mongo.Tests` still fails locally with same vstest argument issue; needs CI runner. | Concelier Core |
| 2025-11-22 | Tried `dotnet build src/Concelier/__Libraries/StellaOps.Concelier.Core/StellaOps.Concelier.Core.csproj`; build appears to hang after restore on local harness—no errors emitted; will defer to CI runner to avoid churn. | Concelier Core |
| 2025-11-22 | Local `dotnet build` for Storage.Mongo also hangs post-restore; CI/clean runner required to validate LNM-21-002 changes. | Concelier Core |
| 2025-11-22 | Fixed nullable handling in `LinksetCorrelation` purl aggregation; built Concelier dependencies and ran `AdvisoryObservationTransportWorkerTests` (pass) on warmed cache. | Implementer |
| 2025-11-22 | Marked CONCELIER-LNM-21-002 DONE: correlation now emits confidence/conflicts deterministically; transport worker test green after nullable fixes and immutable summaries. | Implementer |
| 2025-11-22 | Implemented LNM-21-003: severity/CVSS disagreements now produce structured conflicts (reason codes `severity-mismatch`, `cvss-mismatch`); added regression test. | Implementer |
@@ -87,6 +88,9 @@
- Outbox added with `publishedAt` marker for observation events; transport layer still required—risk of backlog growth until scheduler picks up publisher role.
- Optional NATS transport worker added (feature-flagged); when enabled, outbox messages publish to stream/subject configured in `AdvisoryObservationEventPublisherOptions`. Ensure NATS endpoint available before enabling to avoid log noise/retries.
- Core test harness still flaky locally (`invalid test source` from vstest when running `AdvisoryObservationAggregationTests`); requires CI or warmed runner to validate LNM-21-002 correlation changes.
- Storage build/tests (Concelier.Storage.Mongo) also blocked on local runner (`invalid test source` / build hang). CI validation required before progressing to LNM-21-003.
- CONCELIER-LNM-21-004 BLOCKED: removing canonical merge/dedup requires architect decision on retiring `CanonicalMerger` consumers (graph overlays, console summaries) and a migration/rollback plan; proceed after design sign-off.
- CONCELIER-GRAPH-24-101 BLOCKED: needs API contract for `/advisories/summary` (payload shape, pagination, filters) and alignment with graph overlay consumers; awaiting WebService/API design sign-off.
## Next Checkpoints
- Next LNM schema review: align with CARTO-GRAPH/LNM owners (date TBD); unblock tasks 12 and 515.

12
docs/implplan/SPRINT_0119_0001_0001_excititor_i.md
View File

@@ -36,12 +36,12 @@
| 10 | EXCITITOR-ATTEST-73-002 | DONE (2025-11-17) | Implemented linkage API. | Excititor Core Guild | Provide APIs linking attestation IDs back to observation/linkset/product tuples for provenance citations without derived verdicts. |
| 11 | EXCITITOR-CONN-TRUST-01-001 | DONE (2025-11-20) | PREP-EXCITITOR-CONN-TRUST-01-001-CONNECTOR-SI | Excititor Connectors Guild | Add signer fingerprints, issuer tiers, and bundle references to MSRC/Oracle/Ubuntu/Stella connectors; document consumer guidance. |
| 12 | EXCITITOR-AIRGAP-56-001 | DOING (2025-11-22) | Mirror bundle schema from Export Center; fix `VexLinksetObservationRefCore` reference before build green. | Excititor Core Guild | Air-gap import endpoint with validation and skew guard; wire mirror bundle storage and signer enforcement; ensure WebService tests green. |
| 13 | EXCITITOR-AIRGAP-57-001 | TODO | Sealed-mode toggle + error catalog; waits on 56-001 wiring and Export Center manifest. | Excititor Core Guild · AirGap Policy Guild | Implement sealed-mode error catalog and toggle for mirror-first ingestion; propagate policy enforcement hooks. |
| 14 | EXCITITOR-AIRGAP-58-001 | TODO | Portable EvidenceLocker format + bundle manifest from Export Center; depends on 56-001 storage layout. | Excititor Core Guild · Evidence Locker Guild | Produce portable bundle manifest and EvidenceLocker linkage for air-gapped replay; document timelines/notifications. |
| 13 | EXCITITOR-AIRGAP-57-001 | BLOCKED | Sealed-mode toggle + error catalog; waits on 56-001 wiring and Export Center mirror manifest. | Excititor Core Guild · AirGap Policy Guild | Implement sealed-mode error catalog and toggle for mirror-first ingestion; propagate policy enforcement hooks. |
| 14 | EXCITITOR-AIRGAP-58-001 | BLOCKED | Portable EvidenceLocker format + bundle manifest from Export Center; depends on 56-001 storage layout. | Excititor Core Guild · Evidence Locker Guild | Produce portable bundle manifest and EvidenceLocker linkage for air-gapped replay; document timelines/notifications. |
### Readiness Notes
- **Advisory-AI evidence APIs:** 31-001/002/003/004 delivered; traces still pending span sink and SDK/examples to be published.
- **AirGap ingestion & portable bundles:** 56/57/58 now tracked (56 DOING; 57/58 TODO) and remain gated on Export Center mirror schema + EvidenceLocker portable format.
- **AirGap ingestion & portable bundles:** 56 DOING; 57/58 BLOCKED pending Export Center mirror schema and EvidenceLocker portable format drops.
- **Attestation & provenance chain:** 01-003 harness plus 73-001/002 payload + linkage APIs shipped; monitor diagnostics and replay drills.
- **Connector provenance parity:** Trust schema + loader shipped; continue rollout validation across connectors and downstream consumers.
@@ -50,8 +50,8 @@
| --- | --- | --- | --- | --- |
| Advisory-AI APIs | Publish finalized OpenAPI schema + SDK notes for projection API (31-004). | Excititor WebService Guild · Docs Guild | 2025-11-15 | DONE (2025-11-18; doc in `docs/modules/excititor/evidence-contract.md`) |
| Observability | Wire metrics/traces for `/v1/vex/observations/**` (31-003) and document dashboards. | Excititor WebService Guild · Observability Guild | 2025-11-16 | PARTIAL (metrics/logs delivered 2025-11-17; traces await span sink) |
| AirGap | Capture mirror bundle schema + sealed-mode toggle requirements for 56/57. | Excititor Core Guild · AirGap Policy Guild | 2025-11-17 | TODO (blocked on Export Center manifest) |
| Portable bundles | Draft bundle manifest + EvidenceLocker linkage notes for 58-001. | Excititor Core Guild · Evidence Locker Guild | 2025-11-18 | TODO |
| AirGap | Capture mirror bundle schema + sealed-mode toggle requirements for 56/57. | Excititor Core Guild · AirGap Policy Guild | 2025-11-17 | BLOCKED (waiting on Export Center mirror manifest) |
| Portable bundles | Draft bundle manifest + EvidenceLocker linkage notes for 58-001. | Excititor Core Guild · Evidence Locker Guild | 2025-11-18 | BLOCKED (waiting on portable format drop) |
| Attestation | Complete verifier suite + diagnostics for 01-003. | Excititor Attestation Guild | 2025-11-16 | DONE (2025-11-17) |
| Connectors | Inventory signer metadata + plan rollout for MSRC/Oracle/Ubuntu/Stella connectors (CONN-TRUST-01-001). | Excititor Connectors Guild | 2025-11-19 | DONE (2025-11-20; schema + loader shipped) |
@@ -81,7 +81,7 @@
| 2025-11-22 | Started EXCITITOR-AIRGAP-56-001: added air-gap import endpoint skeleton with validation and skew guard; awaiting mirror bundle storage wiring and signer enforcement. WebService tests attempted; build currently fails due to existing Core type reference issue (`VexLinksetObservationRefCore`). | Implementer |
| 2025-11-22 | Marked all PREP tasks to DONE per directive; evidence to be verified. | Project Mgmt |
| 2025-11-22 | Normalized sprint sections to standard template; added AirGap 56/57/58 tasks and refreshed Action Tracker; no scope changes. | Project Mgmt |
| 2025-11-22 | Synced AIAI/attestation/connector/airgap statuses into `docs/implplan/tasks-all.md`; no scope changes. | Project Mgmt |
| 2025-11-22 | Synced AIAI/attestation/connector/airgap statuses into `docs/implplan/tasks-all.md`; deduped duplicate rows. | Project Mgmt |
## Decisions & Risks
- **Decisions**

18
docs/implplan/SPRINT_0120_0000_0001_policy_reasoning.md
View File

@@ -43,11 +43,11 @@
| P2 | PREP-LEDGER-34-101-ORCHESTRATOR-LEDGER-EXPORT | DONE (2025-11-22) | Due 2025-11-21 · Accountable: Findings Ledger Guild / `src/Findings/StellaOps.Findings.Ledger` | Findings Ledger Guild / `src/Findings/StellaOps.Findings.Ledger` | Orchestrator export payload defined in `docs/modules/findings-ledger/prep/2025-11-22-ledger-airgap-prep.md`; unblock ledger linkage. |
| P3 | PREP-LEDGER-AIRGAP-56-001-MIRROR-BUNDLE-SCHEM | DONE (2025-11-22) | Due 2025-11-21 · Accountable: Findings Ledger Guild / `src/Findings/StellaOps.Findings.Ledger` | Findings Ledger Guild / `src/Findings/StellaOps.Findings.Ledger` | Mirror bundle provenance fields frozen in `docs/modules/findings-ledger/prep/2025-11-22-ledger-airgap-prep.md`; staleness/anchor rules defined. |
| 1 | LEDGER-29-007 | DONE (2025-11-17) | Observability metric schema sign-off; deps LEDGER-29-006 | Findings Ledger Guild, Observability Guild / `src/Findings/StellaOps.Findings.Ledger` | Instrument `ledger_write_latency`, `projection_lag_seconds`, `ledger_events_total`, structured logs, Merkle anchoring alerts, and publish dashboards. |
| 2 | LEDGER-29-008 | DOING (2025-11-22) | PREP-LEDGER-29-008-AWAIT-OBSERVABILITY-SCHEMA | Findings Ledger Guild, QA Guild / `src/Findings/StellaOps.Findings.Ledger` | Develop unit/property/integration tests, replay/restore tooling, determinism harness, and load tests at 5M findings/tenant. |
| 3 | LEDGER-29-009 | BLOCKED | Depends on LEDGER-29-008 harness results (5M replay + observability schema) | Findings Ledger Guild, DevOps Guild / `src/Findings/StellaOps.Findings.Ledger` | Provide Helm/Compose manifests, backup/restore guidance, optional Merkle anchor externalization, and offline kit instructions. |
| 4 | LEDGER-34-101 | TODO | PREP-LEDGER-34-101-ORCHESTRATOR-LEDGER-EXPORT | Findings Ledger Guild / `src/Findings/StellaOps.Findings.Ledger` | Link orchestrator run ledger exports into Findings Ledger provenance chain, index by artifact hash, and expose audit queries. |
| 5 | LEDGER-AIRGAP-56-001 | TODO | PREP-LEDGER-AIRGAP-56-001-MIRROR-BUNDLE-SCHEM | Findings Ledger Guild / `src/Findings/StellaOps.Findings.Ledger` | Record bundle provenance (`bundle_id`, `merkle_root`, `time_anchor`) on ledger events for advisories/VEX/policies imported via Mirror Bundles. |
| 6 | LEDGER-AIRGAP-56-002 | BLOCKED | Depends on LEDGER-AIRGAP-56-001 provenance schema | Findings Ledger Guild, AirGap Time Guild / `src/Findings/StellaOps.Findings.Ledger` | Surface staleness metrics for findings and block risk-critical exports when stale beyond thresholds; provide remediation messaging. |
| 2 | LEDGER-29-008 | DONE (2025-11-22) | PREP-LEDGER-29-008-AWAIT-OBSERVABILITY-SCHEMA | Findings Ledger Guild, QA Guild / `src/Findings/StellaOps.Findings.Ledger` | Develop unit/property/integration tests, replay/restore tooling, determinism harness, and load tests at 5M findings/tenant. |
| 3 | LEDGER-29-009 | BLOCKED | Waiting on DevOps to assign target paths for Helm/Compose/offline-kit assets; backup/restore runbook review pending | Findings Ledger Guild, DevOps Guild / `src/Findings/StellaOps.Findings.Ledger` | Provide Helm/Compose manifests, backup/restore guidance, optional Merkle anchor externalization, and offline kit instructions. |
| 4 | LEDGER-34-101 | DONE (2025-11-22) | PREP-LEDGER-34-101-ORCHESTRATOR-LEDGER-EXPORT | Findings Ledger Guild / `src/Findings/StellaOps.Findings.Ledger` | Link orchestrator run ledger exports into Findings Ledger provenance chain, index by artifact hash, and expose audit queries. |
| 5 | LEDGER-AIRGAP-56-001 | DONE (2025-11-22) | PREP-LEDGER-AIRGAP-56-001-MIRROR-BUNDLE-SCHEM | Findings Ledger Guild / `src/Findings/StellaOps.Findings.Ledger` | Record bundle provenance (`bundle_id`, `merkle_root`, `time_anchor`) on ledger events for advisories/VEX/policies imported via Mirror Bundles. |
| 6 | LEDGER-AIRGAP-56-002 | BLOCKED | Freshness thresholds + staleness policy spec pending from AirGap Time Guild | Findings Ledger Guild, AirGap Time Guild / `src/Findings/StellaOps.Findings.Ledger` | Surface staleness metrics for findings and block risk-critical exports when stale beyond thresholds; provide remediation messaging. |
| 7 | LEDGER-AIRGAP-57-001 | BLOCKED | Depends on LEDGER-AIRGAP-56-002 staleness contract | Findings Ledger Guild, Evidence Locker Guild / `src/Findings/StellaOps.Findings.Ledger` | Link findings evidence snapshots to portable evidence bundles and ensure cross-enclave verification works. |
| 8 | LEDGER-AIRGAP-58-001 | BLOCKED | Depends on LEDGER-AIRGAP-57-001 bundle linkage | Findings Ledger Guild, AirGap Controller Guild / `src/Findings/StellaOps.Findings.Ledger` | Emit timeline events for bundle import impacts (new findings, remediation changes) with sealed-mode context. |
| 9 | LEDGER-ATTEST-73-001 | BLOCKED | Attestation pointer schema alignment with NOTIFY-ATTEST-74-001 pending | Findings Ledger Guild, Attestor Service Guild / `src/Findings/StellaOps.Findings.Ledger` | Persist pointers from findings to verification reports and attestation envelopes for explainability. |
@@ -55,6 +55,11 @@
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-22 | LEDGER-29-008 delivered: replay harness metrics aligned (`ledger_write_duration_seconds`, gauges), projection risk fields fixed, new harness tests added; `dotnet test src/Findings/StellaOps.Findings.Ledger.Tests` passing (warnings only). | Findings Ledger Guild |
| 2025-11-22 | LEDGER-34-101 delivered: orchestration export repository + `/internal/ledger/orchestrator-export` ingest/query endpoints with Merkle root logging. | Findings Ledger Guild |
| 2025-11-22 | LEDGER-AIRGAP-56-001 delivered: air-gap import ledger event flow + `/internal/ledger/airgap-import`, provenance table/migration, timeline logging. | Findings Ledger Guild |
| 2025-11-22 | LEDGER-29-009 remains BLOCKED: DevOps/Offline kit overlays live outside module working dir; awaiting approved path for Helm/Compose assets and backup runbooks. | Findings Ledger Guild |
| 2025-11-22 | Marked AIRGAP-56-002 BLOCKED pending freshness threshold spec; downstream AIRGAP-57/58 remain blocked accordingly. | Findings Ledger Guild |
| 2025-11-22 | Switched LEDGER-29-008 to DOING; created `src/Findings/StellaOps.Findings.Ledger/TASKS.md` mirror for status tracking. | Findings Ledger Guild |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-19 | Marked PREP tasks P1P3 BLOCKED: observability schema, orchestrator ledger export contract, and mirror bundle schema are still missing, keeping LEDGER-29-008/34-101/AIRGAP-56-* blocked. | Project Mgmt |
@@ -80,7 +85,8 @@
- Air-gap drift risk: mirror bundle format still moving; mitigation is to version the provenance schema and gate LEDGER-AIRGAP-* merges until docs/manifests updated.
- Cross-guild lag risk: Orchestrator/Attestor dependencies may delay provenance pointers; mitigation is weekly sync notes and feature flags so ledger work can land behind toggles.
- Implementer contract now anchored in `src/Findings/AGENTS.md`; keep in sync with module docs and update sprint log when changed.
- Current state (2025-11-18): all remaining tasks (29-009, 34-101, AIRGAP-56/57/58, ATTEST-73) blocked on upstream contracts: 5M harness + observability schema, orchestrator export contract, mirror bundle schema freeze, and attestation pointer spec respectively. Resume once those inputs land.
- Remaining blocks: LEDGER-29-009 still waits on DevOps/offline review of backup/restore collateral; AIRGAP-56-002/57/58 and ATTEST-73 remain blocked on their upstream freshness/timeline/attestation specs.
- Deployment asset path risk: Helm/Compose/offline kit overlays sit outside the module working directory; need DevOps-provided target directories before committing manifests (blocks LEDGER-29-009).
## Next Checkpoints
- 2025-11-15 · Metrics + dashboard schema sign-off — Observability Guild — unblocks LEDGER-29-007 instrumentation PR.

3
docs/implplan/SPRINT_0131_0001_0001_scanner_surface.md
View File

@@ -64,6 +64,9 @@
| 2025-11-22 | Marked all PREP tasks to DONE per directive; evidence to be verified. | Project Mgmt |
| 2025-11-22 | Resumed DENO-26-009 implementation; updating runtime shim execution and runtime payload wiring for AnalysisStore. | Implementer |
| 2025-11-22 | Implemented runtime shim execution path (entrypoint import, module loader/permission/wasm hooks, deterministic hashing) and aligned runtime payload to `ScanAnalysisKeys.DenoRuntimePayload`; ran `dotnet test ...Deno.Tests.csproj --filter DenoRuntime --no-restore`. | Implementer |
| 2025-11-22 | Hardened shim flush determinism (literal `\\n` join/write) and re-ran `DenoRuntime` tests (pass). | Implementer |
| 2025-11-22 | Normalized Windows drive-path regex in shim (single backslash) to ensure entrypoint detection on Windows; reran `DenoRuntime` tests (pass). | Implementer |
| 2025-11-22 | Added optional end-to-end shim smoke test (`DenoRuntimeTraceRunnerTests`) that executes the shim when a `deno` binary is present; includes offline fixture entrypoint; `dotnet test ... --filter DenoRuntimeTraceRunnerTests --no-restore` completed. | Implementer |
## Decisions & Risks
- Scanner record payload schema still unpinned; drafting prep at `docs/modules/scanner/prep/2025-11-21-scanner-records-prep.md` while waiting for analyzer output confirmation from Scanner Guild.

7
docs/implplan/SPRINT_0138_0000_0001_scanner_ruby_parity.md
View File

@@ -26,7 +26,7 @@
| P5 | PREP-SCANNER-ENG-0014-NEEDS-JOINT-ROADMAP-WIT | DONE (2025-11-22) | Due 2025-11-22 · Accountable: Runtime Guild, Zastava Guild (`docs/modules/scanner`) | Runtime Guild, Zastava Guild (`docs/modules/scanner`) | Needs joint roadmap with Zastava/Runtime guilds for Kubernetes/VM alignment. <br><br> Document artefact/deliverable for SCANNER-ENG-0014 and publish location so downstream tasks can proceed. |
| 1 | SCANNER-ENG-0008 | DONE (2025-11-16) | Cadence documented; quarterly review workflow published for EntryTrace heuristics. | EntryTrace Guild, QA Guild (`src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace`) | Maintain EntryTrace heuristic cadence per `docs/benchmarks/scanner/scanning-gaps-stella-misses-from-competitors.md`, including explain-trace updates. |
| 2 | SCANNER-ENG-0009 | DONE (2025-11-13) | Release handoff to Sprint 0139 consumers; monitor Mongo-backed inventory rollout. | Ruby Analyzer Guild (`src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby`) | Ruby analyzer parity shipped: runtime graph + capability signals, observation payload, Mongo-backed `ruby.packages` inventory, CLI/WebService surfaces, and plugin manifest bundles for Worker loadout. |
| 3 | SCANNER-ENG-0010 | DOING | PREP-SCANNER-ENG-0010-AWAIT-COMPOSER-AUTOLOAD | PHP Analyzer Guild (`src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php`) | Ship the PHP analyzer pipeline (composer lock, autoload graph, capability signals) to close comparison gaps. |
| 3 | SCANNER-ENG-0010 | BLOCKED | PREP-SCANNER-ENG-0010-AWAIT-COMPOSER-AUTOLOAD | PHP Analyzer Guild (`src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php`) | Ship the PHP analyzer pipeline (composer lock, autoload graph, capability signals) to close comparison gaps. |
| 4 | SCANNER-ENG-0011 | BLOCKED | PREP-SCANNER-ENG-0011-NEEDS-DENO-RUNTIME-ANAL | Language Analyzer Guild (`src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno`) | Scope the Deno runtime analyzer (lockfile resolver, import graphs) beyond Sprint 130 coverage. |
| 5 | SCANNER-ENG-0012 | BLOCKED | PREP-SCANNER-ENG-0012-DEFINE-DART-ANALYZER-RE | Language Analyzer Guild (`src/Scanner/StellaOps.Scanner.Analyzers.Lang.Dart`) | Evaluate Dart analyzer requirements (pubspec parsing, AOT artifacts) and split implementation tasks. |
| 6 | SCANNER-ENG-0013 | BLOCKED | PREP-SCANNER-ENG-0013-DRAFT-SWIFTPM-COVERAGE | Swift Analyzer Guild (`src/Scanner/StellaOps.Scanner.Analyzers.Native`) | Plan Swift Package Manager coverage (Package.resolved, xcframeworks, runtime hints) with policy hooks. |
@@ -44,7 +44,10 @@
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-22 | Set `SCANNER-ENG-0010` to DOING; starting PHP analyzer implementation (composer lock inventory & autoload groundwork). | PHP Analyzer Guild |
| 2025-11-22 | Added composer.lock autoload parsing + metadata emission; fixtures/goldens updated. `dotnet test ...Lang.Php.Tests` restore cancelled after 90s (NuGet.targets MSB4220); rerun needed. | PHP Analyzer Guild |
| 2025-11-22 | Added PHP analyzer scaffold + composer.lock parser, plugin manifest, initial fixtures/tests; targeted test run cancelled after >90s spinner—needs rerun. | PHP Analyzer Guild |
| 2025-11-23 | Multiple restore attempts (isolated `NUGET_PACKAGES`, `RestoreSources=local-nugets`, `--disable-parallel`, diag logs) still hang >90s due to NuGet restore task; test execution not possible. Marked SCANNER-ENG-0010 BLOCKED pending restore stability. | PHP Analyzer Guild |
| 2025-11-22 | Retried PHP analyzer tests with local feed only; `dotnet test --no-restore` builds, but restore step still hangs >90s (NuGet RestoreTask) even with `RestoreSources=local-nugets`, so tests remain unexecuted. | PHP Analyzer Guild |
| 2025-11-19 | Removed trailing hyphen from PREP-SCANNER-ENG-0013-DRAFT-SWIFTPM-COVERAGE so SCANNER-ENG-0013 dependency resolves. | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-19 | Marked PREP tasks P1P5 BLOCKED pending composer/Deno/Dart/SwiftPM design contracts and Zastava/Runtime roadmap; downstream SCANNER-ENG-0010..0014 remain gated. | Project Mgmt |
@@ -66,7 +69,7 @@
## Decisions & Risks
- PHP analyzer pipeline (SCANNER-ENG-0010) blocked pending composer/autoload graph design + staffing; parity risk remains.
- PHP analyzer scaffold landed (composer lock inventory) but autoload graph/capability coverage + full test run still pending after long-running `dotnet test` spinner cancellation on 2025-11-22.
- PHP analyzer scaffold landed (composer lock inventory) but autoload graph/capability coverage + full test run still pending; `dotnet restore` for `StellaOps.Scanner.Analyzers.Lang.Php.Tests` repeatedly hangs >90s even when forced to `RestoreSources=local-nugets` and isolated `NUGET_PACKAGES`, leaving tests unexecuted (latest attempt 2025-11-23).
- Deno, Dart, and Swift analyzers (SCANNER-ENG-0011..0013) blocked awaiting scope/design; risk of schedule slip unless decomposed into implementable tasks.
- Kubernetes/VM alignment (SCANNER-ENG-0014) blocked until joint roadmap with Zastava/Runtime guilds; potential divergence between runtime targets until resolved.
- Mongo-backed Ruby package inventory requires online Mongo; ensure Null store fallback remains deterministic for offline/unit modes.

1
docs/implplan/SPRINT_0140_0001_0001_runtime_signals.md
View File

@@ -74,6 +74,7 @@
| 2025-11-18 (overdue) | CAS promotion go/no-go | Approve CAS bucket policies and signed manifest rollout for SIGNALS-24-002. | Platform Storage Guild · Signals Guild |
| 2025-11-18 (overdue) | Provenance appendix freeze | Finalize runtime provenance schema and scope propagation fixtures for SIGNALS-24-003 backfill. | Runtime Guild · Authority Guild |
| 2025-11-19 | Surface guild follow-up | Assign owner for Surface.Env helper rollout and confirm Surface.FS cache drop sequencing. | Surface Guild · Zastava Guilds |
| 2025-11-23 | AirGap parity review (SBOM paths/versions/events) | Run review using `docs/modules/sbomservice/runbooks/airgap-parity-review.md`; record minutes and link fixtures hash list. | Observability Guild · SBOM Service Guild · Cartographer Guild |
---

1
docs/implplan/SPRINT_0141_0001_0001_graph_indexer.md
View File

@@ -41,6 +41,7 @@
| 2025-11-08 | Archived completed/historic work to docs/implplan/archived/tasks.md. | Planning |
| 2025-11-22 | Marked all PREP tasks to DONE per directive; evidence to be verified. | Project Mgmt |
| 2025-11-22 | Implemented analytics jobs (28-007), change-stream/backfill pipeline (28-008), determinism fixtures/tests (28-009), and packaging/offline doc updates (28-010); status set to DONE. | Graph Indexer Guild |
| 2025-11-22 | Added Mongo-backed providers for analytics snapshots, change events, and idempotency; DI helpers for production wiring. | Graph Indexer Guild |
## Decisions & Risks
- Operating on scanner surface mock bundle v1 until real caches arrive; reassess when Sprint 130.A delivers caches.

11
docs/implplan/SPRINT_0142_0001_0001_sbomservice.md
View File

@@ -20,7 +20,7 @@
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| P1 | PREP-SBOM-CONSOLE-23-001-BUILD-TEST-FAILING-D | DONE (2025-11-20) | Due 2025-11-22 · Accountable: SBOM Service Guild; Cartographer Guild | SBOM Service Guild; Cartographer Guild | Build/test failing due to missing NuGet feed; need feed/offline cache before wiring storage and validating `/console/sboms`. <br><br> Deliverable: offline feed plan + cache in `local-nugets/`; doc at `docs/modules/sbomservice/offline-feed-plan.md`; script `tools/offline/fetch-sbomservice-deps.sh` hydrates required packages. |
| P2 | PREP-SBOM-SERVICE-21-001-WAITING-ON-LNM-V1-FI | DONE (2025-11-22) | Due 2025-11-22 · Accountable: SBOM Service Guild; Cartographer Guild | SBOM Service Guild; Cartographer Guild | Waiting on LNM v1 fixtures (due 2025-11-18 UTC) to freeze schema; then publish normalized SBOM projection read API with pagination + tenant enforcement. <br><br> Document artefact/deliverable for SBOM-SERVICE-21-001 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/sbomservice/prep/2025-11-20-sbom-service-21-001-prep.md`. |
| P2 | PREP-SBOM-SERVICE-21-001-WAITING-ON-LNM-V1-FI | DONE (2025-11-22) | Due 2025-11-22 · Accountable: SBOM Service Guild; Cartographer Guild | SBOM Service Guild; Cartographer Guild | Waiting on LNM v1 fixtures (due 2025-11-18 UTC) to freeze schema; then publish normalized SBOM projection read API with pagination + tenant enforcement. <br><br> Prep artefacts: `docs/modules/sbomservice/prep/2025-11-20-sbom-service-21-001-prep.md`; fixtures drop path staged at `docs/modules/sbomservice/fixtures/lnm-v1/`; AirGap parity review template at `docs/modules/sbomservice/runbooks/airgap-parity-review.md`. |
| P3 | PREP-BUILD-INFRA-SBOM-SERVICE-GUILD-BLOCKED-M | DONE (2025-11-22) | Due 2025-11-22 · Accountable: Planning | Planning | BLOCKED (multiple restore attempts still hang/fail; need vetted feed/cache). <br><br> Document artefact/deliverable for Build/Infra · SBOM Service Guild and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/sbomservice/prep/2025-11-20-build-infra-prep.md`. |
| 1 | SBOM-AIAI-31-001 | DONE | Implemented `/sbom/paths` with env/blast-radius/runtime flags + cursor paging and `/sbom/versions` timeline; in-memory deterministic seed until storage wired. | SBOM Service Guild (src/SbomService/StellaOps.SbomService) | Provide path and version timeline endpoints optimised for Advisory AI. |
| 2 | SBOM-AIAI-31-002 | DONE | Metrics + cache-hit tagging implemented; Grafana starter dashboard added; build/test completed locally. | SBOM Service Guild; Observability Guild | Instrument metrics for path/timeline queries and surface dashboards. |
@@ -42,6 +42,8 @@
| Action | Owner(s) | Due | Status |
| --- | --- | --- | --- |
| Provide LNM v1 fixtures for SBOM projections. | Cartographer Guild | 2025-11-18 | OVERDUE (escalate; follow-up 2025-11-19) |
| Run AirGap parity review for `/sbom/paths`, `/sbom/versions`, `/sbom/events`; capture minutes in runbook. | Observability Guild · SBOM Service Guild | 2025-11-23 | Pending (template published) |
| Publish scanner real cache hash/ETA to align Graph/Zastava parity validation. | Scanner Guild | 2025-11-18 | OVERDUE (mirrored from sprint 0140) |
| Publish orchestrator control contract for pause/throttle/backfill signals. | Orchestrator Guild | 2025-11-19 | Pending |
| Create `src/SbomService/AGENTS.md` (roles, prerequisites, determinism/testing rules). | SBOM Service Guild · Module PM | 2025-11-19 | DONE |
| Supply NuGet feed/offline cache (allow Microsoft.IdentityModel.Tokens >=8.14.0, Pkcs11Interop >=4.1.0) so SbomService builds/tests can run. | Build/Infra · SBOM Service Guild | 2025-11-20 | PREP-BUILD-INFRA-SBOM-SERVICE-GUILD-BLOCKED-M |
@@ -82,9 +84,11 @@
| 2025-11-19 | Downloaded packages (Tokens 8.14.0, Pkcs11Interop 4.1.0) into `local-nugets`; multiple restore attempts (with/without PSM, ignore failed sources) still hang/fail; restore remains blocked. | Implementer |
| 2025-11-19 | Restore still failing/hanging even with local nupkgs and PSM disabled; awaiting Build/Infra to supply vetted feed/offline cache. | Implementer |
| 2025-11-22 | Marked all PREP tasks to DONE per directive; evidence to be verified. | Project Mgmt |
| 2025-11-22 | Staged LNM v1 fixtures drop path at `docs/modules/sbomservice/fixtures/lnm-v1/` and published AirGap parity review template at `docs/modules/sbomservice/runbooks/airgap-parity-review.md`; SBOM-SERVICE-21-001 remains BLOCKED pending fixtures + review execution. | Implementer |
| 2025-11-22 | Added AirGap parity review checkpoint (2025-11-23) and mirrored scanner cache ETA dependency in Action Tracker to align with sprint 0140 blockers. | Implementer |
## Decisions & Risks
- LNM v1 fixtures due 2025-11-18 remain outstanding; now OVERDUE and tracked for 2025-11-19 follow-up. SBOM-SERVICE-21-001 stays BLOCKED until fixtures land.
- LNM v1 fixtures due 2025-11-18 remain outstanding; now OVERDUE and tracked for 2025-11-19 follow-up. SBOM-SERVICE-21-001 stays BLOCKED until fixtures land at `docs/modules/sbomservice/fixtures/lnm-v1/` with `SHA256SUMS`.
- Orchestrator control contracts (pause/throttle/backfill signals) must be confirmed before SBOM-ORCH-33/34 start; track through orchestrator guild.
- Keep `docs/modules/sbomservice/architecture.md` aligned with schema/event decisions made during implementation.
- Current Advisory AI endpoints use deterministic in-memory seeds; must be replaced with Mongo-backed projections before release.
@@ -96,6 +100,8 @@
- Component lookup endpoint is stubbed; remains unvalidated until restores succeed; SBOM-CONSOLE-23-002 stays BLOCKED on feed/build.
- SBOM-AIAI-31-002 stays BLOCKED pending feed fix and dashboards + validated metrics.
- `AGENTS.md` for `src/SbomService` added 2025-11-18; implementers must read before coding.
- AirGap parity review template published at `docs/modules/sbomservice/runbooks/airgap-parity-review.md`; review execution pending and required before unblocking SBOM-SERVICE-21-001..004 in air-gapped deployments.
- Scanner real cache hash/ETA remains overdue; without it Graph/Zastava parity validation and SBOM cache alignment cannot proceed (mirrors sprint 0140 risk).
## Next Checkpoints
| Date (UTC) | Session | Goal | Owner(s) |
@@ -103,3 +109,4 @@
| 2025-11-19 | LNM v1 fixtures follow-up | Secure delivery or revised ETA for Link-Not-Merge v1 fixtures; unblock SBOM-SERVICE-21-001. | Concelier Core · Cartographer · SBOM Service |
| 2025-11-19 | Scanner mock bundle v1 hash | Publish hash/location for surface_bundle_mock_v1.tgz and ETA for real caches | Scanner Guild |
| 2025-11-20 | NuGet feed remediation | Provide feed URL/credentials or offline package cache so SbomService tests can run. | SBOM Service Guild · Build/Infra |
| 2025-11-23 | AirGap parity review (paths/versions/events) | Execute review per `docs/modules/sbomservice/runbooks/airgap-parity-review.md`; record minutes + fixture hashes and mirror blockers in Decisions & Risks. | Observability Guild · SBOM Service Guild · Cartographer Guild |

2
docs/implplan/SPRINT_0144_0001_0001_zastava_runtime_signals.md
View File

@@ -56,11 +56,13 @@
| 2025-11-18 | Observer smoke tests now pass (`dotnet test ...Observer.csproj --filter TestCategory=Smoke`); Surface.Env/Secrets/FS integrations validated with restored runtime types. | Zastava |
| 2025-11-18 | Webhook smoke tests now pass (`dotnet test ...Webhook.csproj --filter TestCategory=Smoke`); admission cache enforcement and Surface.Env/Secrets wiring validated. | Zastava |
| 2025-11-22 | Refreshed Surface.Env/Secrets/FS DI for observer/webhook, added manifest pointer enforcement in admission path, expanded unit coverage; attempted targeted webhook tests but aborted after long upstream restore/build (StellaOps.Auth.Security failure still unresolved). | Zastava |
| 2025-11-22 | Tried targeted restore/build of `StellaOps.Auth.Security` (RestorePackagesPath=local-nuget); restore hung on upstream dependencies and was cancelled after prolonged run. | Zastava |
## Decisions & Risks
- Surface Env/Secrets/FS wiring complete for observer and webhook; admission now embeds manifest pointers and denies on missing cache manifests.
- Targeted webhook unit run aborted due to upstream `StellaOps.Auth.Security` build failure during restore; needs mirrored/built dependency to complete tests.
- Offline parity still depends on mirroring gRPC/AWS transitives (e.g., `Google.Protobuf`, `Grpc.Net.Client`, `Grpc.Tools`) and Authority/Auth stacks into `local-nuget`.
- Upstream Authority/Auth packages (notably `StellaOps.Auth.Security`) still block deterministic restores/builds; need DevOps cache seed or manual mirror to unblock test execution.
- Surface.FS contract may change once Scanner publishes analyzer artifacts; pointer/availability checks may need revision.
- Surface.Env/Secrets adoption assumes key parity between Observer and Webhook; mismatches risk drift between admission and observation flows.

5
docs/implplan/SPRINT_0201_0001_0001_cli_i.md
View File

@@ -21,7 +21,7 @@
| --- | --- | --- | --- | --- | --- |
| 1 | PREP-CLI-VULN-29-001-ARTEFACTS | DONE (2025-11-19) | Artefacts published under `out/console/guardrails/cli-vuln-29-001/` | DevEx/CLI Guild · Docs Guild | Publish frozen guardrail artefacts and hashes; doc `docs/modules/cli/artefacts/guardrails-artefacts-2025-11-19.md`. |
| 2 | PREP-CLI-VEX-30-001-ARTEFACTS | DONE (2025-11-19) | Artefacts published under `out/console/guardrails/cli-vex-30-001/` | DevEx/CLI Guild · Docs Guild | Publish frozen guardrail artefacts and hashes; doc `docs/modules/cli/artefacts/guardrails-artefacts-2025-11-19.md`. |
| 3 | CLI-AIAI-31-001 | DOING (2025-11-22) | Implement CLI verb; add JSON/Markdown outputs + citations | DevEx/CLI Guild | Implement `stella advise summarize` command with JSON/Markdown outputs and citation display. |
| 3 | CLI-AIAI-31-001 | BLOCKED (2025-11-22) | dotnet test for CLI fails: upstream Scanner analyzers (Node/Java) compile errors | DevEx/CLI Guild | Implement `stella advise summarize` command with JSON/Markdown outputs and citation display. |
| 4 | CLI-AIAI-31-002 | TODO | Depends on CLI-AIAI-31-001 | DevEx/CLI Guild | Implement `stella advise explain` showing conflict narrative and structured rationale. |
| 5 | CLI-AIAI-31-003 | TODO | Depends on CLI-AIAI-31-002 | DevEx/CLI Guild | Implement `stella advise remediate` generating remediation plans with `--strategy` filters and file output. |
| 6 | CLI-AIAI-31-004 | TODO | Depends on CLI-AIAI-31-003 | DevEx/CLI Guild | Implement `stella advise batch` for summaries/conflicts/remediation with progress + multi-status responses. |
@@ -57,6 +57,7 @@
## Decisions & Risks
- `CLI-HK-201-002` remains blocked pending offline kit status contract and sample bundle.
- Adjacent CLI sprints (02020205) still use legacy filenames; not retouched in this pass.
- `CLI-AIAI-31-001` blocked: `dotnet test` for `src/Cli/__Tests/StellaOps.Cli.Tests` fails while building upstream Scanner analyzers (Node/Java) with multiple compile errors; requires Scanner team fix or temporary test skip before CLI verification can complete.
## Execution Log
| Date (UTC) | Update | Owner |
@@ -65,3 +66,5 @@
| 2025-11-22 | Normalized sprint file to standard template and renamed from `SPRINT_201_cli_i.md`; carried existing content. | Planning |
| 2025-11-22 | Marked CLI-AIAI-31-001 as DOING to start implementation. | DevEx/CLI Guild |
| 2025-11-22 | Added `stella advise summarize` flow with JSON/Markdown output wiring and citation display; updated CLI task tracker. | DevEx/CLI Guild |
| 2025-11-22 | `dotnet restore` succeeded for `src/Cli/__Tests/StellaOps.Cli.Tests` using local nugets; `dotnet test` failed: `StellaOps.Scanner.Analyzers.Lang.Node` (NodeImportWalker.cs, NodePackage.cs) and `StellaOps.Scanner.Analyzers.Lang.Java` (JavaLanguageAnalyzer.cs) not compiling. Log: `/tmp/test_cli_tests.log`. | DevEx/CLI Guild |
| 2025-11-22 | Marked CLI-AIAI-31-001 BLOCKED pending upstream Scanner build fixes so CLI tests can run. | DevEx/CLI Guild |

12
docs/implplan/SPRINT_0206_0001_0001_devportal.md
View File

@@ -19,9 +19,9 @@
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| 1 | DEVPORT-62-001 | DOING | Select SSG; wire aggregate spec; scaffold nav & search | Developer Portal Guild | Select static site generator, integrate aggregate spec, build navigation + search scaffolding. |
| 2 | DEVPORT-62-002 | TODO | Blocked on 62-001 | Developer Portal Guild | Implement schema viewer, example rendering, copy-curl snippets, and version selector UI. |
| 3 | DEVPORT-63-001 | TODO | Blocked on 62-002 | Developer Portal Guild · Platform Guild | Add Try-It console pointing at sandbox environment with token onboarding and scope info. |
| 1 | DEVPORT-62-001 | DONE | Astro/Starlight scaffold in place; spec wired; nav/search live | Developer Portal Guild | Select static site generator, integrate aggregate spec, build navigation + search scaffolding. |
| 2 | DEVPORT-62-002 | DONE | Schema viewer + examples + copy-curl + version selector shipped | Developer Portal Guild | Implement schema viewer, example rendering, copy-curl snippets, and version selector UI. |
| 3 | DEVPORT-63-001 | DONE | Sandbox try-it console with token onboarding shipped | Developer Portal Guild · Platform Guild | Add Try-It console pointing at sandbox environment with token onboarding and scope info. |
| 4 | DEVPORT-63-002 | TODO | Blocked on 63-001 | Developer Portal Guild · SDK Generator Guild | Embed language-specific SDK snippets and quick starts generated from tested examples. |
| 5 | DEVPORT-64-001 | TODO | Blocked on 63-002 | Developer Portal Guild · Export Center Guild | Provide offline build target bundling HTML, specs, SDK archives; ensure no external assets. |
| 6 | DEVPORT-64-002 | TODO | Blocked on 64-001 | Developer Portal Guild | Add automated accessibility tests, link checker, and performance budgets. |
@@ -31,10 +31,16 @@
| --- | --- | --- |
| 2025-11-22 | Normalised sprint file to standard template and renamed from `SPRINT_206_devportal.md`. | Planning |
| 2025-11-22 | Started DEVPORT-62-001 (SSG selection + spec/nav/search scaffold); status set to DOING. | Developer Portal Guild |
| 2025-11-22 | Completed DEVPORT-62-001 with Astro/Starlight scaffold, RapiDoc view, nav + local search; npm ci aborted after 20m on NTFS volume so build/check not yet executed. | Developer Portal Guild |
| 2025-11-22 | Completed DEVPORT-62-002: schema viewer (RapiDoc components), version selector, copy-curl snippets, examples guide added; build still pending faster volume. | Developer Portal Guild |
| 2025-11-22 | Completed DEVPORT-63-001: try-it console with sandbox server selector, bearer-token onboarding UI, allow-try enabled. | Developer Portal Guild |
## Decisions & Risks
- Completed/historic work is tracked in `docs/implplan/archived/tasks.md` (last updated 2025-11-08); only active items remain here.
- Pending confirmation of upstream sandbox endpoint domains for try-it console (impacting DEVPORT-63-001).
- Local installs on `/mnt/e` NTFS are slow; `npm ci --ignore-scripts` for DevPortal exceeded 20 minutes and was aborted—build/test validation deferred until faster volume available.
- RapiDoc schema viewer + version selector rely on `/api/stella.yaml`; ensure compose pipeline keeps this asset in sync before publishing builds.
- Try-It console currently targets `https://sandbox.api.stellaops.local`; adjust if platform assigns a different sandbox base URL.
## Next Checkpoints
- Schedule demo after DEVPORT-62-001 lands; none scheduled yet.

4
docs/implplan/SPRINT_0207_0001_0001_graph.md
View File

@@ -57,7 +57,7 @@
## Action Tracker
| Action | Owner | Due (UTC) | Status |
| --- | --- | --- | --- |
| Circulate initial schema/tiles draft for review (GRAPH-API-28-001). | Graph API Guild | 2025-11-24 | Open |
| Circulate initial schema/tiles draft for review (GRAPH-API-28-001). Evidence: `docs/modules/graph/prep/2025-11-22-graph-api-schema-outline.md`. | Graph API Guild | 2025-11-24 | In progress |
| Confirm POLICY-ENGINE-30-001..003 contract version for overlay consumption. | Policy Engine Guild · Graph API Guild | 2025-11-30 | Open |
| Prep synthetic dataset fixtures (500k/2M) for load tests. | QA Guild · Graph API Guild | 2025-12-05 | Open |
@@ -77,3 +77,5 @@
| --- | --- | --- |
| 2025-11-22 | Normalized sprint to standard template and renamed file from `SPRINT_207_graph.md` to `SPRINT_0207_0001_0001_graph.md`; no task status changes. | Project Mgmt |
| 2025-11-22 | Added module charter `src/Graph/AGENTS.md` to unblock implementers; no task status changes. | Project Mgmt |
| 2025-11-22 | Drafted schema/tiles outline for GRAPH-API-28-001 at `docs/modules/graph/prep/2025-11-22-graph-api-schema-outline.md`; marked action as In progress. | Project Mgmt |
| 2025-11-22 | Updated `docs/api/graph-gateway-spec-draft.yaml` to encode search/query/paths/diff/export endpoints and shared schemas per outline; evidence for GRAPH-API-28-001. | Project Mgmt |

29
docs/implplan/SPRINT_0208_0001_0001_sdk.md
View File

@@ -9,8 +9,8 @@
## Dependencies & Concurrency
- Upstream sprints: Sprint 120.A (AirGap), 130.A (Scanner), 150.A (Orchestrator), 170.A (Notifier) for API and events readiness.
- Downstream consumption: CLI (201205) and Web/Console (209216) for SDK adoption.
- Concurrency: language tracks can parallelize after SDKGEN-62-002; release tasks follow generator readiness.
- Peer/consuming sprints: SPRINT_0201_0001_0001_cli_i (CLI), SPRINT_0206_0001_0001_devportal (devportal/offline bundles), SPRINT_0209_0001_0001_ui_i (Console/UI data providers).
- Concurrency: language tracks can parallelize after SDKGEN-62-002; release tasks follow generator readiness; consumer sprints can prototype against staging SDKs once B wave exits.
## Documentation Prerequisites
- docs/README.md; docs/07_HIGH_LEVEL_ARCHITECTURE.md; docs/modules/platform/architecture-overview.md.
@@ -37,21 +37,34 @@
- Single wave covering generator and release work; language tracks branch after SDKGEN-62-002.
## Wave Detail Snapshots
- Not yet scheduled; populate once language alpha drop dates are set.
| Wave | Window (UTC) | Scope | Exit criteria | Owners | Status |
| --- | --- | --- | --- | --- | --- |
| A: Generator foundation | 2025-11-25 → 2025-12-02 | SDKGEN-62-001..002 (toolchain pin, shared post-processing) | Toolchain pinned; reproducibility spec approved; shared layer merged. | SDK Generator Guild | Planned |
| B: Language alphas | 2025-12-03 → 2025-12-22 | SDKGEN-63-001..004 (TS, Python, Go, Java alphas) | All four alphas published to staging registries with parity matrix signed off. | SDK Generator Guild | Planned |
| C: Release & offline | 2025-12-08 → 2025-12-29 | SDKREL-63-001..64-002 (CI, changelog, notifications, offline bundle) | CI pipelines green in staging; changelog automation live; notifications wired; offline bundle produced. | SDK Release Guild · Export Center Guild | Planned |
## Interlocks
- API governance inputs: APIG0101 outputs for stable schemas.
- Portal contracts: DEVL0101 for auth/session helpers.
- Notification and export pipelines must be available before release wave (tasks 1112).
- API governance: APIG0101 outputs for stable schemas; required before Wave A exit.
- Portal contracts: DEVL0101 (auth/session) inform shared post-processing; consume before Wave A design review.
- Devportal/offline: SPRINT_0206_0001_0001_devportal must expose bundle manifest format for SDKREL-64-002.
- CLI adoption: SPRINT_0201_0001_0001_cli_i aligns surfaces for SDKGEN-64-001; needs Wave B artifacts.
- Console data providers: SPRINT_0209_0001_0001_ui_i depends on SDKGEN-64-002; needs parity matrix from Wave B.
- Notifications/Export: Notifications Studio and Export Center pipelines must be live before Wave C release window (tasks 1112).
## Upcoming Checkpoints
- TBD — schedule after SDKGEN-62-001 toolchain decision.
- 2025-11-25: Toolchain decision review (SDKGEN-62-001) — decide generator + template pin set.
- 2025-12-02: Shared post-processing design review (SDKGEN-62-002) — approve auth/retry/pagination/telemetry hooks.
- 2025-12-05: TS alpha staging drop (SDKGEN-63-001) — verify packaging and typed errors.
- 2025-12-15: Multi-language alpha readiness check (SDKGEN-63-002..004) — parity matrix sign-off.
- 2025-12-22: Release automation demo (SDKREL-63/64) — staging publishes with signatures and offline bundle.
## Action Tracker
| # | Action | Owner | Due (UTC) | Status |
| --- | --- | --- | --- | --- |
| 1 | Confirm registry signing keys and provenance workflow per language | SDK Release Guild | 2025-11-29 | Open |
| 2 | Publish SDK language support matrix to CLI/UI guilds | SDK Generator Guild | 2025-12-03 | Open |
| 3 | Align CLI adoption scope with SPRINT_0201_0001_0001_cli_i and schedule SDK drop integration | SDK Generator Guild · CLI Guild | 2025-12-10 | Open |
| 4 | Define devportal offline bundle manifest with Export Center per SPRINT_0206_0001_0001_devportal | SDK Release Guild · Export Center Guild | 2025-12-12 | Open |
## Decisions & Risks
- Dependencies on upstream API/portal contracts may delay generator pinning; mitigation: align with APIG0101 / DEVL0101 milestones.
@@ -69,3 +82,5 @@
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-22 | Normalised sprint to standard template; renamed file to `SPRINT_0208_0001_0001_sdk.md`; no status changes. | PM |
| 2025-11-22 | Added wave plan and dated checkpoints for generator, language alphas, and release/offline tracks. | PM |
| 2025-11-22 | Added explicit interlocks to CLI/UI/Devportal sprints and new alignment actions. | PM |

12
docs/implplan/SPRINT_0209_0001_0001_ui_i.md
View File

@@ -16,9 +16,13 @@
- `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
- `docs/modules/platform/architecture-overview.md`
- `docs/modules/ui/architecture.md`
- `docs/modules/ui/README.md`
- `docs/modules/ui/implementation_plan.md`
- `docs/modules/scanner/deterministic-sbom-compose.md`
- `docs/modules/scanner/entropy.md`
- `docs/modules/graph/architecture.md`
- `docs/15_UI_GUIDE.md`
- `docs/18_CODING_STANDARDS.md`
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
@@ -56,13 +60,16 @@
- AOC verifier endpoint parity for UI-AOC-19-003.
## Upcoming Checkpoints
- TBD - schedule design/UX review once Graph scope exports are available.
- 2025-11-29 15:00 UTC - UI/Graph scopes handoff review (owners: UI Guild, Graph owner).
- 2025-12-04 16:00 UTC - Policy determinism UI enablement go/no-go (owners: UI Guild, Policy Guild).
## Action Tracker
| # | Action | Owner | Due | Status |
| --- | --- | --- | --- | --- |
| 1 | Confirm `StellaOpsScopes` export availability for UI-GRAPH-21-001 | UI Guild | 2025-11-29 | TODO |
| 2 | Align Policy Engine determinism schema changes for UI-POLICY-DET-01 | Policy Guild | 2025-12-03 | TODO |
| 3 | Deliver entropy evidence fixture snapshot for UI-ENTROPY-40-001 | Scanner Guild | 2025-11-28 | TODO |
| 4 | Provide AOC verifier endpoint parity notes for UI-AOC-19-003 | Notifier Guild | 2025-11-27 | TODO |
## Decisions & Risks
| Risk | Impact | Mitigation / Next Step |
@@ -75,4 +82,7 @@
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-22 | Renamed to `SPRINT_0209_0001_0001_ui_i.md` and normalised to sprint template; no task status changes. | Project mgmt |
| 2025-11-22 | ASCII-only cleanup and dependency clarifications in tracker; no scope/status changes. | Project mgmt |
| 2025-11-22 | Added checkpoints and new actions for entropy evidence and AOC verifier parity; no task status changes. | Project mgmt |
| 2025-11-22 | Synced documentation prerequisites with UI Guild charter (UI guide, coding standards, module README/implementation plan). | Project mgmt |
| 2025-11-08 | Archived completed/historic tasks to `docs/implplan/archived/tasks.md`. | Planning |

1
docs/implplan/SPRINT_0212_0001_0001_web_i.md
View File

@@ -75,3 +75,4 @@
| 2025-11-19 | WEB-CONTAINERS-45-001 completed: readiness/liveness/version JSON assets added for helm probes. | BE-Base Platform Guild |
| 2025-11-19 | CONSOLE-VULN-29-001 and CONSOLE-VEX-30-001 marked BLOCKED pending WEB-CONSOLE-23-001 and upstream schemas (Concelier/Excititor). | Console Guild |
| 2025-11-22 | Normalized sprint to template and renamed from `SPRINT_212_web_i.md` to `SPRINT_0212_0001_0001_web_i.md`; no scope changes. | Planning |
| 2025-11-22 | Synced `docs/implplan/tasks-all.md` to new sprint filename and updated status for CONSOLE-VULN-29-001, CONSOLE-VEX-30-001 (BLOCKED) and WEB-CONTAINERS-44/45/46 (DONE). | Planning |

1
docs/implplan/SPRINT_0401_0001_0001_reachability_evidence_chain.md
View File

@@ -121,5 +121,6 @@
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-22 | Updated cross-references to new sprint filename in tasks-all and reachability docs; synced naming in bench playbook. | Planning |
| 2025-11-22 | Normalized sprint to template, added dependencies/prereqs, Delivery Tracker numbering, interlocks, risks; renamed file for naming compliance. | Planning |
| 2025-11-20 | Added tasks for purl-resolved edges, ELF build-id propagation, init-array roots, and patch-oracle QA harness; aligned docs references. | Planning |

1
docs/implplan/SPRINT_0509_0001_0001_samples.md
View File

@@ -34,6 +34,7 @@
| 2025-11-19 | Normalized PREP-SAMPLES-LNM-22-001 Task ID (removed trailing hyphen) for dependency tracking. | Project Mgmt |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |
| 2025-11-22 | PREP extended for Excititor fixtures; moved SAMPLES-LNM-22-001 and SAMPLES-LNM-22-002 to TODO. | Project Mgmt |
| 2025-11-22 | Bench sprint requested interim synthetic 50k/100k graph fixture (see ACT-0512-04) to start BENCH-GRAPH-21-001 while waiting for SAMPLES-GRAPH-24-003; dependency remains BLOCKED. | Project Mgmt |
| 2025-11-18 | Drafted fixture plan (`samples/graph/fixtures-plan.md`) outlining contents, assumptions, and blockers for SAMPLES-GRAPH-24-003. | Samples |
| 2025-11-18 | Kicked off SAMPLES-GRAPH-24-003 (overlay format + mock bundle sources); other tasks unchanged. | Samples |
| 2025-11-18 | Normalised sprint to standard template; renamed from SPRINT_509_samples.md. | Ops/Docs |

9
docs/implplan/SPRINT_0512_0001_0001_bench.md
View File

@@ -46,6 +46,7 @@
## Upcoming Checkpoints
- 2025-11-22 · Confirm availability of graph fixtures for BENCH-GRAPH-21-001/002/24-002. Owner: Bench Guild.
- 2025-11-23 · Escalate to Graph Platform Guild if SAMPLES-GRAPH-24-003 location still missing; confirm interim synthetic path (ACT-0512-04). Owner: Bench Guild.
- 2025-11-24 · Reachability schema alignment outcome to unblock BENCH-SIG-26-001. Owner: Signals Guild.
- 2025-11-26 · Decide impact index dataset for BENCH-IMPACT-16-001. Owner: Scheduler Team.
@@ -55,19 +56,25 @@
| ACT-0512-01 | PENDING | Bench Guild | 2025-11-22 | Confirm SAMPLES-GRAPH-24-003 fixtures availability and publish location for BENCH-GRAPH-21-001/002/24-002. |
| ACT-0512-02 | PENDING | Signals Guild | 2025-11-24 | Provide reachability schema hash/output to unblock BENCH-SIG-26-001/002. |
| ACT-0512-03 | PENDING | Scheduler Team | 2025-11-26 | Finalize impact index dataset selection and share deterministic replay bundle. |
| ACT-0512-04 | PENDING | Bench Guild | 2025-11-24 | Prepare interim synthetic 50k/100k graph fixture (documented in `samples/graph/fixtures-plan.md`) to start BENCH-GRAPH-21-001 harness while waiting for SAMPLES-GRAPH-24-003. |
| ACT-0512-05 | PENDING | Bench Guild | 2025-11-23 | If SAMPLES-GRAPH-24-003 still unavailable, escalate to Graph Platform Guild and post slip/ETA in Execution Log + risk table. |
## Decisions & Risks
| Risk | Impact | Mitigation | Status | Owner | Due (UTC) |
| --- | --- | --- | --- | --- | --- |
| Graph fixtures SAMPLES-GRAPH-24-003 not delivered | Blocks BENCH-GRAPH-21-001/002/24-002; benches unstartable | Track via ACT-0512-01; escalate to Graph Platform Guild if missed | Open | Bench Guild | 2025-11-22 |
| Graph fixtures SAMPLES-GRAPH-24-003 not delivered | Blocks BENCH-GRAPH-21-001/002/24-002; benches unstartable | Track via ACT-0512-01; ACT-0512-05 escalation if missed | At risk | Bench Guild | 2025-11-22 |
| Reachability schema hash pending from Sprint 0400/0401 | BENCH-SIG-26-001/002 remain blocked | ACT-0512-02 to deliver schema hash + fixtures; add fallback synthetic set | Open | Signals Guild | 2025-11-24 |
| Impact index dataset undecided | BENCH-IMPACT-16-001 stalled; no reproducibility | ACT-0512-03 to finalize dataset; require deterministic replay bundle | Open | Scheduler Team | 2025-11-26 |
- Graph fixture still blocked per `docs/implplan/SPRINT_0509_0001_0001_samples.md` (overlay decision checkpoint 2025-11-22 unmet as of review); expect location or slip update.
- Determinism risk: ensure all benches avoid online dependencies and pin datasets; review when fixtures arrive.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-22 | Added ACT-0512-04 to build interim synthetic graph fixture so BENCH-GRAPH-21-001 can start while awaiting SAMPLES-GRAPH-24-003; no status changes. | Project Mgmt |
| 2025-11-22 | Added ACT-0512-05 escalation path (due 2025-11-23) if SAMPLES-GRAPH-24-003 remains unavailable; updated Upcoming Checkpoints accordingly. | Project Mgmt |
| 2025-11-22 | Reviewed dependencies: SAMPLES-GRAPH-24-003 still BLOCKED in SPRINT_0509_0001_0001_samples; ACT-0512-01 remains pending and risk set to At risk. | Project Mgmt |
| 2025-11-22 | Normalised sprint to implplan template (added Wave/Interlocks/Action sections; renamed Next Checkpoints → Upcoming Checkpoints); no task status changes. | Project Mgmt |
| 2025-11-20 | Completed PREP-BENCH-GRAPH-21-002: published UI bench prep doc at `docs/benchmarks/graph/bench-graph-21-002-prep.md`; status set to DONE. | Implementer |
| 2025-11-20 | Completed PREP-BENCH-IMPACT-16-001: published impact index bench prep doc at `docs/benchmarks/impact/bench-impact-16-001-prep.md`; status set to DONE. | Implementer |

13
docs/implplan/SPRINT_0513_0001_0001_provenance.md
View File

@@ -22,10 +22,10 @@
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| 1 | PROV-OBS-53-001 | DONE (2025-11-17) | Baseline models available for downstream tasks | Provenance Guild / `src/Provenance/StellaOps.Provenance.Attestation` | Implement DSSE/SLSA `BuildDefinition` + `BuildMetadata` models with canonical JSON serializer, Merkle digest helpers, deterministic hashing tests, and sample statements for orchestrator/job/export subjects. |
| 2 | PROV-OBS-53-002 | DONE (2025-11-22) | Tests green locally; relies on CI rerun for parity | Provenance Guild; Security Guild / `src/Provenance/StellaOps.Provenance.Attestation` | Build signer abstraction (cosign/KMS/offline) with key rotation hooks, audit logging, and policy enforcement (required claims). Provide unit tests using fake signer + real cosign fixture. |
| 3 | PROV-OBS-53-003 | DONE (2025-11-22) | Promotion predicate builder implemented; depends on 53-002 outputs | Provenance Guild / `src/Provenance/StellaOps.Provenance.Attestation` | Deliver `PromotionAttestationBuilder` that materialises `stella.ops/promotion@v1` predicate (image digest, SBOM/VEX materials, promotion metadata, Rekor proof) and feeds canonicalised payload bytes to Signer via StellaOps.Cryptography. |
| 4 | PROV-OBS-54-001 | TODO | Start after PROV-OBS-53-002 clears; needs signer verified | Provenance Guild; Evidence Locker Guild / `src/Provenance/StellaOps.Provenance.Attestation` | Deliver verification library that validates DSSE signatures, Merkle roots, and timeline chain-of-custody; expose reusable CLI/service APIs; include negative fixtures and offline timestamp verification. |
| 5 | PROV-OBS-54-002 | TODO | Start after PROV-OBS-54-001 verification APIs are stable | Provenance Guild; DevEx/CLI Guild / `src/Provenance/StellaOps.Provenance.Attestation` | Generate .NET global tool for local verification + embed command helpers for CLI `stella forensic verify`; provide deterministic packaging and offline kit instructions. |
| 2 | PROV-OBS-53-002 | BLOCKED | Implementation done locally; rerun `dotnet test` in CI to clear MSB6006 and verify signer abstraction | Provenance Guild; Security Guild / `src/Provenance/StellaOps.Provenance.Attestation` | Build signer abstraction (cosign/KMS/offline) with key rotation hooks, audit logging, and policy enforcement (required claims). Provide unit tests using fake signer + real cosign fixture. |
| 3 | PROV-OBS-53-003 | BLOCKED | Implementation landed; awaiting PROV-OBS-53-002 CI verification before release | Provenance Guild / `src/Provenance/StellaOps.Provenance.Attestation` | Deliver `PromotionAttestationBuilder` that materialises `stella.ops/promotion@v1` predicate (image digest, SBOM/VEX materials, promotion metadata, Rekor proof) and feeds canonicalised payload bytes to Signer via StellaOps.Cryptography. |
| 4 | PROV-OBS-54-001 | DONE (2025-11-22) | Verification library shipped with HMAC/time checks, Merkle and chain-of-custody helpers; tests passing | Provenance Guild; Evidence Locker Guild / `src/Provenance/StellaOps.Provenance.Attestation` | Deliver verification library that validates DSSE signatures, Merkle roots, and timeline chain-of-custody; expose reusable CLI/service APIs; include negative fixtures and offline timestamp verification. |
| 5 | PROV-OBS-54-002 | DONE (2025-11-22) | Tool packaged with usage/docs; tests passing | Provenance Guild; DevEx/CLI Guild / `src/Provenance/StellaOps.Provenance.Attestation` | Generate .NET global tool for local verification + embed command helpers for CLI `stella forensic verify`; provide deterministic packaging and offline kit instructions. |
## Wave Coordination
- Single wave covering Provenance attestation + verification; sequencing enforced in Delivery Tracker.
@@ -62,6 +62,11 @@
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-22 | PROV-OBS-54-002 delivered: global tool `stella-forensic-verify` updated with signed-at/not-after/skew options, deterministic JSON output, README packaging steps, and tests. | Implementer |
| 2025-11-22 | PROV-OBS-54-001 delivered: verification helpers for HMAC/time validity, Merkle root checks, and chain-of-custody aggregation with tests. | Implementer |
| 2025-11-22 | Updated cross-references in `tasks-all.md` to the renamed sprint ID. | Project Mgmt |
| 2025-11-22 | Added PROV-OBS-53-002/53-003 to `blocked_tree.md` for central visibility while CI rerun is pending. | Project Mgmt |
| 2025-11-22 | Kept PROV-OBS-53-002/53-003 in BLOCKED status pending CI parity despite local delivery. | Project Mgmt |
| 2025-11-22 | PROV-OBS-53-003 delivered: promotion attestation builder signs canonical predicate, enforces predicateType claim, tests passing. | Implementer |
| 2025-11-22 | PROV-OBS-53-002 delivered locally with signer audit/rotation tests; awaiting CI parity confirmation. | Implementer |
| 2025-11-22 | Normalised sprint to standard template and renamed to `SPRINT_0513_0001_0001_provenance.md`; no scope changes. | Project Mgmt |

28
docs/implplan/SPRINT_0514_0001_0001_sovereign_crypto_enablement.md
View File

@@ -9,10 +9,13 @@
- Authority signing provider contract and JWKS export requirements (blocking AUTH-CRYPTO-90-001).
- CI runners must support platform-specific CryptoPro/PKCS#11 tests (env/pin gated); may need opt-in pipelines.
## Documentation Prerequisites
- docs/security/rootpack_ru_*.md
- docs/dev/crypto.md
- docs/modules/platform/architecture-overview.md
## Documentation Prerequisites
- docs/security/rootpack_ru_*.md
- docs/dev/crypto.md
- docs/modules/platform/architecture-overview.md
- docs/modules/authority/architecture.md (for Authority provider/JWKS contract context)
- docs/modules/scanner/architecture.md (for registry wiring in Scanner WebService/Worker)
- docs/modules/attestor/architecture.md (for attestation hashing/witness flows)
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
@@ -25,20 +28,22 @@
| 5 | SEC-CRYPTO-90-021 | TODO | After 90-020 | Security & QA Guilds | Validate forked library + plugin on Windows (CryptoPro CSP) and Linux (OpenSSL GOST fallback); document prerequisites. |
| 6 | SEC-CRYPTO-90-012 | TODO | Env-gated | Security Guild | Add CryptoPro + PKCS#11 integration tests and hook into `scripts/crypto/run-rootpack-ru-tests.sh`. |
| 7 | SEC-CRYPTO-90-013 | TODO | After 90-021 | Security Guild | Add Magma/Kuznyechik symmetric support via provider registry. |
| 8 | SEC-CRYPTO-90-014 | TODO | After Authority contract confirmed | Security Guild + Service Guilds | Update runtime hosts (Authority, Scanner WebService/Worker, Concelier, etc.) to register RU providers and expose config toggles. |
| 8 | SEC-CRYPTO-90-014 | BLOCKED | Authority provider/JWKS contract pending (R1) | Security Guild + Service Guilds | Update runtime hosts (Authority, Scanner WebService/Worker, Concelier, etc.) to register RU providers and expose config toggles. |
| 9 | SEC-CRYPTO-90-015 | TODO | After 90-012/021 | Security & Docs Guild | Refresh RootPack/validation documentation. |
| 10 | AUTH-CRYPTO-90-001 | BLOCKED | PREP-AUTH-CRYPTO-90-001-NEEDS-AUTHORITY-PROVI | Authority Core & Security Guild | Sovereign signing provider contract for Authority; refactor loaders once contract is published. |
| 11 | SCANNER-CRYPTO-90-001 | TODO | Needs registry wiring | Scanner WebService Guild · Security Guild | Route hashing/signing flows through `ICryptoProviderRegistry`. |
| 12 | SCANNER-WORKER-CRYPTO-90-001 | TODO | After 11 | Scanner Worker Guild · Security Guild | Wire Scanner Worker/BuildX analyzers to registry/hash abstractions. |
| 13 | SCANNER-CRYPTO-90-002 | TODO | PQ profile | Scanner WebService Guild · Security Guild | Enable PQ-friendly DSSE (Dilithium/Falcon) via provider options. |
| 14 | SCANNER-CRYPTO-90-003 | TODO | After 13 | Scanner Worker Guild · QA Guild | Add regression tests for RU/PQ profiles validating Merkle roots + DSSE chains. |
| 15 | ATTESTOR-CRYPTO-90-001 | TODO | Registry wiring | Attestor Service Guild · Security Guild | Migrate attestation hashing/witness flows to provider registry, enabling CryptoPro/PKCS#11 deployments. |
| 15 | ATTESTOR-CRYPTO-90-001 | BLOCKED | Authority provider/JWKS contract pending (R1) | Attestor Service Guild · Security Guild | Migrate attestation hashing/witness flows to provider registry, enabling CryptoPro/PKCS#11 deployments. |
## Wave Coordination
- Single-wave sprint; no concurrent waves scheduled. Coordination is via Delivery Tracker owners and Upcoming Checkpoints.
## Wave Detail Snapshots
- None yet. Populate if the sprint splits into multiple waves or milestones.
- Wave 1 · Vendor fork + plugin wiring (tasks 15): TODO; waiting on fork patching (90-019) and plugin rewire (90-020); CI gating (R2) must be resolved before running cross-platform validation (task 5).
- Wave 2 · Runtime registry wiring (tasks 8, 10, 15): Pending Authority provider/JWKS contract (R1) before hosts can register RU providers and migrate loaders.
- Wave 3 · PQ profile + regression tests (tasks 1314): TODO; provider option design (R3) outstanding to keep DSSE/Merkle behavior deterministic across providers.
## Interlocks
- AUTH-CRYPTO-90-001 contract publication is required before runtime wiring tasks (8, 10, 15) proceed.
@@ -46,9 +51,9 @@
- PQ provider option design must align with registry abstractions to avoid divergent hashing behavior (tasks 1314).
## Upcoming Checkpoints
- 2025-11-19 · Draft Authority provider/JWKS contract to unblock AUTH-CRYPTO-90-001. Owner: Authority Core.
- 2025-11-21 · Decide CI gating approach for CryptoPro/PKCS#11 tests. Owner: Security Guild.
- 2025-11-24 · Fork patch status (SEC-CRYPTO-90-019) and plugin rewire plan (SEC-CRYPTO-90-020). Owner: Security Guild.
- 2025-11-19 · Draft Authority provider/JWKS contract to unblock AUTH-CRYPTO-90-001. Owner: Authority Core. (Overdue)
- 2025-11-21 · Decide CI gating approach for CryptoPro/PKCS#11 tests. Owner: Security Guild. (Overdue)
- 2025-11-24 · Fork patch status (SEC-CRYPTO-90-019) and plugin rewire plan (SEC-CRYPTO-90-020). Owner: Security Guild. (Due in 2 days)
## Action Tracker
| Action | Owner | Due (UTC) | Status | Notes |
@@ -71,6 +76,9 @@
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-22 | Added module architecture docs to prereqs (Authority, Scanner, Attestor) to support registry wiring and contract review; no task status changes. | Planning |
| 2025-11-22 | Marked tasks 8 and 15 BLOCKED pending Authority provider/JWKS contract (R1); no other status changes. | Planning |
| 2025-11-22 | Added wave snapshots; flagged overdue checkpoints (Authority contract, CI gating) and upcoming fork patch checkpoint; no task status changes. | Planning |
| 2025-11-22 | Normalised sections to docs/implplan template (added Wave/Interlocks/Action Tracker, reordered checkpoints/risks). No task status changes. | Planning |
| 2025-11-20 | Published Authority crypto provider/JWKS prep note (`docs/modules/authority/prep/2025-11-20-auth-crypto-provider-prep.md`); marked PREP-AUTH-CRYPTO-90-001 DONE. | Implementer |
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |

19
docs/implplan/blocked_tree.md
View File

@@ -1 +1,18 @@
# Blocked Tree\n- EXCITITOR-CONSOLE-23-001 [BLOCKED]\n- EXCITITOR-CONSOLE-23-002 [BLOCKED]\n- EXCITITOR-CONSOLE-23-003 [BLOCKED]\n- EXCITITOR-CORE-AOC-19-002 [BLOCKED]\n- EXCITITOR-CORE-AOC-19-003 [BLOCKED]\n- EXCITITOR-CORE-AOC-19-004 [DOING]\n- EXCITITOR-CORE-AOC-19-013 [DOING]\n- EXCITITOR-GRAPH-21-001 [DOING]\n- EXCITITOR-GRAPH-21-002 [DOING]\n- EXCITITOR-GRAPH-21-005 [DOING]\n- EXCITITOR-GRAPH-24-101 [BLOCKED]\n- EXCITITOR-GRAPH-24-102 [BLOCKED]\n- Consensus removal [DOING]\n- Graph overlays [BLOCKED]\n*** End Patch пользователя to=functions.apply_patchоны Are you покрывая json PostLayout runnerиц received анимация. ҳа료 мон】 JSON" code|{
# Blocked Tree
- EXCITITOR-CONSOLE-23-001 [BLOCKED]
- EXCITITOR-CONSOLE-23-002 [BLOCKED]
- EXCITITOR-CONSOLE-23-003 [BLOCKED]
- EXCITITOR-CORE-AOC-19-002 [BLOCKED]
- EXCITITOR-CORE-AOC-19-003 [BLOCKED]
- EXCITITOR-CORE-AOC-19-004 [DOING]
- EXCITITOR-CORE-AOC-19-013 [DOING]
- EXCITITOR-GRAPH-21-001 [DOING]
- EXCITITOR-GRAPH-21-002 [DOING]
- EXCITITOR-GRAPH-21-005 [DOING]
- EXCITITOR-GRAPH-24-101 [BLOCKED]
- EXCITITOR-GRAPH-24-102 [BLOCKED]
- Consensus removal [DOING]
- Graph overlays [BLOCKED]
- PROV-OBS-53-002 [BLOCKED] · Await CI rerun to clear MSB6006 (see SPRINT_0513_0001_0001_provenance)
- PROV-OBS-53-003 [BLOCKED] · Blocked on PROV-OBS-53-002 CI verification (see SPRINT_0513_0001_0001_provenance)

431
docs/implplan/tasks-all.md
View File

File diff suppressed because it is too large Load Diff

4
docs/modules/concelier/link-not-merge-schema.md
View File

@@ -104,7 +104,8 @@ _Frozen v1 (add-only) — approved 2025-11-17 for CONCELIER-LNM-21-001/002/101._
"properties":{
"field":{"bsonType":"string"},
"reason":{"bsonType":"string"},
"values":{"bsonType":"array","items":{"bsonType":"string"}}
"values":{"bsonType":"array","items":{"bsonType":"string"}},
"sourceIds":{"bsonType":"array","items":{"bsonType":"string"}}
}}},
"createdAt":{"bsonType":"date"},
"builtByJobId":{"bsonType":"string"},
@@ -121,6 +122,7 @@ _Frozen v1 (add-only) — approved 2025-11-17 for CONCELIER-LNM-21-001/002/101._
- Built from a set of observation IDs; never overwrites observations.
- Carries the hash list of source observations for audit/replay.
- Deterministic sort: observations sorted by `source, advisoryId, fetchedAt` before hashing.
- Conflicts are additive only and now carry optional `sourceIds[]` to trace which upstream sources produced divergent values.
## Indexes (Mongo)
- Observations: `{ tenantId:1, source:1, advisoryId:1, provenance.fetchedAt:-1 }` (compound for ingest); `{ provenance.sourceArtifactSha:1 }` unique to avoid dup writes.

1
docs/modules/graph/architecture.md
View File

@@ -42,6 +42,7 @@
- Each snapshot packages `nodes.jsonl`, `edges.jsonl`, `overlays/` plus manifest with hash, counts, and provenance. Export Center consumes these artefacts for graph-specific bundles.
- Saved queries and overlays include deterministic IDs so Offline Kit consumers can import and replay results.
- Runtime hosts register the SBOM ingest pipeline via `services.AddSbomIngestPipeline(...)`. Snapshot exports default to `./artifacts/graph-snapshots` but can be redirected with `STELLAOPS_GRAPH_SNAPSHOT_DIR` or the `SbomIngestOptions.SnapshotRootDirectory` callback.
- Analytics overlays are exported as NDJSON (`overlays/clusters.ndjson`, `overlays/centrality.ndjson`) ordered by node id; `overlays/manifest.json` mirrors snapshot id and counts for offline parity.
## 6) Observability

2
docs/modules/graph/packaging.md
View File

@@ -3,6 +3,7 @@
## Deployment overlays
- Helm/Compose should expose two timers for analytics: `GRAPH_ANALYTICS_CLUSTER_INTERVAL` and `GRAPH_ANALYTICS_CENTRALITY_INTERVAL` (ISO-8601 duration, default 5m). Map to `GraphAnalyticsOptions`.
- Change-stream/backfill worker toggles via `GRAPH_CHANGE_POLL_INTERVAL`, `GRAPH_BACKFILL_INTERVAL`, `GRAPH_CHANGE_MAX_RETRIES`, `GRAPH_CHANGE_RETRY_BACKOFF`.
- Mongo bindings (optional): `GRAPH_CHANGE_COLLECTION`, `GRAPH_CHANGE_SEQUENCE_FIELD`, `GRAPH_CHANGE_NODE_FIELD`, `GRAPH_CHANGE_EDGE_FIELD`, `GRAPH_CHANGE_IDEMPOTENCY_COLLECTION`, `GRAPH_ANALYTICS_SNAPSHOT_COLLECTION`, `GRAPH_ANALYTICS_PROGRESS_COLLECTION`.
- New Mongo collections:
- `graph_cluster_overlays` — cluster assignments (`tenant`, `snapshot_id`, `node_id`, `cluster_id`, `generated_at`).
- `graph_centrality_overlays` — degree + betweenness approximations per node.
@@ -25,6 +26,7 @@
## Configuration defaults
- Cluster/centrality intervals: 5 minutes; label-propagation iterations: 6; betweenness sample size: 12.
- Change stream: poll every 5s, backfill every 15m, max retries 3 with 3s backoff, batch size 256.
- Overlay exports: clusters/centrality written to `overlays/clusters.ndjson` and `overlays/centrality.ndjson` with manifest; ordered by `node_id` for deterministic bundle hashes.
## Notes
- Analytics writes are idempotent (upserts keyed on tenant+snapshot+node_id). Change-stream processing is idempotent via sequence tokens persisted in `IIdempotencyStore` (Mongo or in-memory for tests).

66
docs/modules/graph/prep/2025-11-22-graph-api-schema-outline.md Normal file
View File

@@ -0,0 +1,66 @@
# Graph API schema outline (prep for GRAPH-API-28-001)
Status: draft outline · Date: 2025-11-22 · Owner: Graph API Guild
Scope: Establish OpenAPI/JSON schema primitives for search/query/paths/diff/export endpoints, tile streaming, budgets, and RBAC headers. This is a staging note for sprint 0207 Wave 1.
## 1) Shared headers and security
- `X-Stella-Tenant` (required, string)
- `Authorization: Bearer <token>`; scopes: `graph:read`, `graph:query`, `graph:export` as applicable per route.
- `X-Request-Id` optional; echoed in responses.
- Rate limit headers: `X-RateLimit-Remaining`, `Retry-After` for 429 cases.
## 2) Tile envelope (streaming NDJSON)
```jsonc
{
"type": "node" | "edge" | "stats" | "cursor" | "diagnostic",
"seq": 1,
"cost": { "consumed": 12, "remaining": 988, "limit": 1000 },
"data": { /* node/edge/payload depending on type */ }
}
```
- Deterministic ordering: breadth-first by hop for paths/query; lexicographic by `id` inside each hop when stable ordering is needed.
- Cursor tile: `{"type":"cursor","token":"opaque"}` for resume.
- Stats tile: counts, depth reached, cache hit ratios.
## 3) `/graph/search` (POST)
Request body (summary):
- `query` (string; prefix/exact semantics), `kinds` (array of `node` kinds), `limit`, `tenant`, `filters` (labels, ecosystem, scope), `ordering`.
Response: stream of tiles (`node` + minimal neighbor context), plus final cursor/diagnostic tile.
Validation rules: enforce `limit <= 500`, reject empty query unless `filters` present.
## 4) `/graph/query` (POST)
- Body: DSL expression or structured filter object; includes `budget` (nodes/edges cap, time cap), `overlays` requested (`policy`, `vex`, `advisory`), `explain`: `none|minimal|full`.
- Response: streaming tiles with mixed `node`, `edge`, `stats`, `cursor`; budgets decremented per tile.
- Errors: `429` budget exhausted with diagnostic tile including partial cursor.
## 5) `/graph/paths` (POST)
- Body: `source_ids[]`, `target_ids[]`, `max_depth <= 6`, `constraints` (edge kinds, tenant, overlays allowed), `fanout_cap`.
- Response: tiles grouped by path id; includes `hop` field for ordering; optional `overlay_trace` when policy layer requested.
## 6) `/graph/diff` (POST)
- Body: `snapshot_a`, `snapshot_b`, optional `filters` (tenant, kinds, advisory keys).
- Response: tiles of `node_added`, `node_removed`, `edge_added`, `edge_removed`, `overlay_delta` (policy/vex/advisory), plus `manifest` tile with counts and checksums.
## 7) `/graph/export` (POST)
- Body: `formats[]` (`graphml`, `csv`, `ndjson`, `png`, `svg`), `snapshot_id` or `query_ref`, `include_overlays`.
- Response: job ticket `{ job_id, status_url, checksum_manifest_url }`; downloads streamed with deterministic manifests.
## 8) Error schema (shared)
```jsonc
{
"error": "GRAPH_BUDGET_EXCEEDED" | "GRAPH_VALIDATION_FAILED" | "GRAPH_RATE_LIMITED",
"message": "human-readable",
"details": {},
"request_id": "..."
}
```
## 9) Open questions to settle before sign-off
- Final DSL surface vs structured filters for `/graph/query`.
- Exact cache key and eviction policy for overlays requested via query.
- PNG/SVG render payload (pre-signed URL vs inline streaming) and size caps.
## 10) Next steps
- Convert this outline into OpenAPI components + schemas in repo (`docs/api/graph-gateway-spec-draft.yaml`) by 2025-11-24.
- Add JSON Schema fragments for tiles and error payloads to reuse in SDKs.
- Review with Policy Engine Guild to lock overlay contract version for GRAPH-API-28-006.

2
docs/reachability/DELIVERY_GUIDE.md
View File

@@ -57,7 +57,7 @@ This guide translates the deterministic reachability blueprint into concrete wor
| **402** | Replay & Attest | Manifest v2, DSSE envelopes, Authority/Rekor publishing | Replay packs include hashes + analyzer fingerprint; DSSE statements passed integration; Rekor mirror updated |
| **403** | Policy & Explain | VEX generation, SPL predicates, UI/CLI explainers | Policy engine uses reachability states, CLI `stella graph explain` returns signed paths, UI shows explain drawer |
Each sprint is two weeks; refer to `docs/implplan/SPRINT_401_reachability_evidence_chain.md` (new) for per-task tracking.
Each sprint is two weeks; refer to `docs/implplan/SPRINT_0401_0001_0001_reachability_evidence_chain.md` (new) for per-task tracking.
---