feat: Add MongoIdempotencyStoreOptions for MongoDB configuration
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
feat: Implement BsonJsonConverter for converting BsonDocument and BsonArray to JSON fix: Update project file to include MongoDB.Bson package test: Add GraphOverlayExporterTests to validate NDJSON export functionality refactor: Refactor Program.cs in Attestation Tool for improved argument parsing and error handling docs: Update README for stella-forensic-verify with usage instructions and exit codes feat: Enhance HmacVerifier with clock skew and not-after checks feat: Add MerkleRootVerifier and ChainOfCustodyVerifier for additional verification methods fix: Update DenoRuntimeShim to correctly handle file paths feat: Introduce ComposerAutoloadData and related parsing in ComposerLockReader test: Add tests for Deno runtime execution and verification test: Enhance PHP package tests to include autoload data verification test: Add unit tests for HmacVerifier and verification logic
This commit is contained in:
StellaOps Bot
@@ -20,7 +20,7 @@
|
||||
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
|
||||
| --- | --- | --- | --- | --- | --- |
|
||||
| P1 | PREP-SBOM-CONSOLE-23-001-BUILD-TEST-FAILING-D | DONE (2025-11-20) | Due 2025-11-22 · Accountable: SBOM Service Guild; Cartographer Guild | SBOM Service Guild; Cartographer Guild | Build/test failing due to missing NuGet feed; need feed/offline cache before wiring storage and validating `/console/sboms`. <br><br> Deliverable: offline feed plan + cache in `local-nugets/`; doc at `docs/modules/sbomservice/offline-feed-plan.md`; script `tools/offline/fetch-sbomservice-deps.sh` hydrates required packages. |
|
||||
| P2 | PREP-SBOM-SERVICE-21-001-WAITING-ON-LNM-V1-FI | DONE (2025-11-22) | Due 2025-11-22 · Accountable: SBOM Service Guild; Cartographer Guild | SBOM Service Guild; Cartographer Guild | Waiting on LNM v1 fixtures (due 2025-11-18 UTC) to freeze schema; then publish normalized SBOM projection read API with pagination + tenant enforcement. <br><br> Document artefact/deliverable for SBOM-SERVICE-21-001 and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/sbomservice/prep/2025-11-20-sbom-service-21-001-prep.md`. |
|
||||
| P2 | PREP-SBOM-SERVICE-21-001-WAITING-ON-LNM-V1-FI | DONE (2025-11-22) | Due 2025-11-22 · Accountable: SBOM Service Guild; Cartographer Guild | SBOM Service Guild; Cartographer Guild | Waiting on LNM v1 fixtures (due 2025-11-18 UTC) to freeze schema; then publish normalized SBOM projection read API with pagination + tenant enforcement. <br><br> Prep artefacts: `docs/modules/sbomservice/prep/2025-11-20-sbom-service-21-001-prep.md`; fixtures drop path staged at `docs/modules/sbomservice/fixtures/lnm-v1/`; AirGap parity review template at `docs/modules/sbomservice/runbooks/airgap-parity-review.md`. |
|
||||
| P3 | PREP-BUILD-INFRA-SBOM-SERVICE-GUILD-BLOCKED-M | DONE (2025-11-22) | Due 2025-11-22 · Accountable: Planning | Planning | BLOCKED (multiple restore attempts still hang/fail; need vetted feed/cache). <br><br> Document artefact/deliverable for Build/Infra · SBOM Service Guild and publish location so downstream tasks can proceed. Prep artefact: `docs/modules/sbomservice/prep/2025-11-20-build-infra-prep.md`. |
|
||||
| 1 | SBOM-AIAI-31-001 | DONE | Implemented `/sbom/paths` with env/blast-radius/runtime flags + cursor paging and `/sbom/versions` timeline; in-memory deterministic seed until storage wired. | SBOM Service Guild (src/SbomService/StellaOps.SbomService) | Provide path and version timeline endpoints optimised for Advisory AI. |
|
||||
| 2 | SBOM-AIAI-31-002 | DONE | Metrics + cache-hit tagging implemented; Grafana starter dashboard added; build/test completed locally. | SBOM Service Guild; Observability Guild | Instrument metrics for path/timeline queries and surface dashboards. |
|
||||
@@ -42,6 +42,8 @@
|
||||
| Action | Owner(s) | Due | Status |
|
||||
| --- | --- | --- | --- |
|
||||
| Provide LNM v1 fixtures for SBOM projections. | Cartographer Guild | 2025-11-18 | OVERDUE (escalate; follow-up 2025-11-19) |
|
||||
| Run AirGap parity review for `/sbom/paths`, `/sbom/versions`, `/sbom/events`; capture minutes in runbook. | Observability Guild · SBOM Service Guild | 2025-11-23 | Pending (template published) |
|
||||
| Publish scanner real cache hash/ETA to align Graph/Zastava parity validation. | Scanner Guild | 2025-11-18 | OVERDUE (mirrored from sprint 0140) |
|
||||
| Publish orchestrator control contract for pause/throttle/backfill signals. | Orchestrator Guild | 2025-11-19 | Pending |
|
||||
| Create `src/SbomService/AGENTS.md` (roles, prerequisites, determinism/testing rules). | SBOM Service Guild · Module PM | 2025-11-19 | DONE |
|
||||
| Supply NuGet feed/offline cache (allow Microsoft.IdentityModel.Tokens >=8.14.0, Pkcs11Interop >=4.1.0) so SbomService builds/tests can run. | Build/Infra · SBOM Service Guild | 2025-11-20 | PREP-BUILD-INFRA-SBOM-SERVICE-GUILD-BLOCKED-M |
|
||||
@@ -82,9 +84,11 @@
|
||||
| 2025-11-19 | Downloaded packages (Tokens 8.14.0, Pkcs11Interop 4.1.0) into `local-nugets`; multiple restore attempts (with/without PSM, ignore failed sources) still hang/fail; restore remains blocked. | Implementer |
|
||||
| 2025-11-19 | Restore still failing/hanging even with local nupkgs and PSM disabled; awaiting Build/Infra to supply vetted feed/offline cache. | Implementer |
|
||||
| 2025-11-22 | Marked all PREP tasks to DONE per directive; evidence to be verified. | Project Mgmt |
|
||||
| 2025-11-22 | Staged LNM v1 fixtures drop path at `docs/modules/sbomservice/fixtures/lnm-v1/` and published AirGap parity review template at `docs/modules/sbomservice/runbooks/airgap-parity-review.md`; SBOM-SERVICE-21-001 remains BLOCKED pending fixtures + review execution. | Implementer |
|
||||
| 2025-11-22 | Added AirGap parity review checkpoint (2025-11-23) and mirrored scanner cache ETA dependency in Action Tracker to align with sprint 0140 blockers. | Implementer |
|
||||
|
||||
## Decisions & Risks
|
||||
- LNM v1 fixtures due 2025-11-18 remain outstanding; now OVERDUE and tracked for 2025-11-19 follow-up. SBOM-SERVICE-21-001 stays BLOCKED until fixtures land.
|
||||
- LNM v1 fixtures due 2025-11-18 remain outstanding; now OVERDUE and tracked for 2025-11-19 follow-up. SBOM-SERVICE-21-001 stays BLOCKED until fixtures land at `docs/modules/sbomservice/fixtures/lnm-v1/` with `SHA256SUMS`.
|
||||
- Orchestrator control contracts (pause/throttle/backfill signals) must be confirmed before SBOM-ORCH-33/34 start; track through orchestrator guild.
|
||||
- Keep `docs/modules/sbomservice/architecture.md` aligned with schema/event decisions made during implementation.
|
||||
- Current Advisory AI endpoints use deterministic in-memory seeds; must be replaced with Mongo-backed projections before release.
|
||||
@@ -96,6 +100,8 @@
|
||||
- Component lookup endpoint is stubbed; remains unvalidated until restores succeed; SBOM-CONSOLE-23-002 stays BLOCKED on feed/build.
|
||||
- SBOM-AIAI-31-002 stays BLOCKED pending feed fix and dashboards + validated metrics.
|
||||
- `AGENTS.md` for `src/SbomService` added 2025-11-18; implementers must read before coding.
|
||||
- AirGap parity review template published at `docs/modules/sbomservice/runbooks/airgap-parity-review.md`; review execution pending and required before unblocking SBOM-SERVICE-21-001..004 in air-gapped deployments.
|
||||
- Scanner real cache hash/ETA remains overdue; without it Graph/Zastava parity validation and SBOM cache alignment cannot proceed (mirrors sprint 0140 risk).
|
||||
|
||||
## Next Checkpoints
|
||||
| Date (UTC) | Session | Goal | Owner(s) |
|
||||
@@ -103,3 +109,4 @@
|
||||
| 2025-11-19 | LNM v1 fixtures follow-up | Secure delivery or revised ETA for Link-Not-Merge v1 fixtures; unblock SBOM-SERVICE-21-001. | Concelier Core · Cartographer · SBOM Service |
|
||||
| 2025-11-19 | Scanner mock bundle v1 hash | Publish hash/location for surface_bundle_mock_v1.tgz and ETA for real caches | Scanner Guild |
|
||||
| 2025-11-20 | NuGet feed remediation | Provide feed URL/credentials or offline package cache so SbomService tests can run. | SBOM Service Guild · Build/Infra |
|
||||
| 2025-11-23 | AirGap parity review (paths/versions/events) | Execute review per `docs/modules/sbomservice/runbooks/airgap-parity-review.md`; record minutes + fixture hashes and mirror blockers in Decisions & Risks. | Observability Guild · SBOM Service Guild · Cartographer Guild |
|
||||
|
||||
Reference in New Issue
Block a user