diff --git a/docs/implplan/SPRINT_0308_0001_0008_docs_tasks_md_viii.md b/docs/implplan/SPRINT_0308_0001_0008_docs_tasks_md_viii.md index 671cdc257..d5dac517c 100644 --- a/docs/implplan/SPRINT_0308_0001_0008_docs_tasks_md_viii.md +++ b/docs/implplan/SPRINT_0308_0001_0008_docs_tasks_md_viii.md @@ -1,81 +1,82 @@ -# Sprint 0308-0001-0008 · Documentation & Process · Docs Tasks Md.VIII - -## Topic & Scope -- Advance the Docs Tasks ladder (Md.VIII) for the policy stack: promotion, CLI, API, attestations, registry architecture, telemetry, incident/runbook, templates, and AOC guardrails. -- Launch the risk documentation chain (overview → profiles → factors → formulas → explainability → API) with deterministic, offline-friendly examples. -- Keep outputs reproducible (fixed fixtures, ordered tables) and align hand-offs between Md.VII inputs and Md.IX expectations. -- **Working directory:** `docs/` (policy and risk subtrees; sprint planning remains in `docs/implplan/`). - -## Dependencies & Concurrency -- Upstream: Sprint 200.A - Docs Tasks.Md.VII; DOCS-POLICY-27-005 completion; registry schema/telemetry inputs; risk engine/API schemas. -- Downstream: Sprint 0309 (Md.IX) expects promotion/CLI/API drafts; avoid back-edges from this file to later phases. -- Concurrency rules: Policy chain is strictly sequential (27-006 → 27-014). Risk chain is sequential (66-001 → 67-002). Work in order; do not parallelize without upstream evidence. - -## Documentation Prerequisites -- docs/README.md -- docs/07_HIGH_LEVEL_ARCHITECTURE.md -- docs/modules/platform/architecture-overview.md -- docs/modules/policy/architecture.md -- docs/implplan/BLOCKED_DEPENDENCY_TREE.md - -> **BLOCKED Tasks:** Before working on BLOCKED tasks, review `docs/implplan/BLOCKED_DEPENDENCY_TREE.md` for root blockers and dependencies. - -## Delivery Tracker -| # | Task ID | Status | Key dependency / next step | Owners | Task Definition | -| --- | --- | --- | --- | --- | --- | -| 1 | DOCS-POLICY-27-006 | BLOCKED (2025-10-27) | Waiting on DOCS-POLICY-27-005 outputs. | Docs Guild · Policy Guild | Author `/docs/policy/promotion.md` (environments, canary, rollback, monitoring). | -| 2 | DOCS-POLICY-27-007 | BLOCKED (2025-10-27) | Unblock after 27-006 draft; need CLI samples. | Docs Guild · DevEx/CLI Guild | Update `/docs/policy/cli.md` with commands, JSON schemas, CI usage, compliance checklist. | -| 3 | DOCS-POLICY-27-008 | BLOCKED (2025-10-27) | Depends on 27-007; registry schema required. | Docs Guild · Policy Registry Guild | Publish `/docs/policy/api.md` (registry endpoints, request/response schemas, errors, feature flags). | -| 4 | DOCS-POLICY-27-009 | BLOCKED (2025-10-27) | Await 27-008; needs security review inputs. | Docs Guild · Security Guild | Create `/docs/security/policy-attestations.md` (signing, verification, key rotation, compliance checklist). | -| 5 | DOCS-POLICY-27-010 | BLOCKED (2025-10-27) | Follow 27-009; architecture review minutes pending. | Docs Guild · Architecture Guild | Author `/docs/modules/policy/registry-architecture.md` (service design, schemas, queues, failure modes) with diagrams and checklist. | -| 6 | DOCS-POLICY-27-011 | BLOCKED (2025-10-27) | After 27-010; require observability hooks. | Docs Guild · Observability Guild | Publish `/docs/observability/policy-telemetry.md` with metrics/log tables, dashboards, alerts, and compliance checklist. | -| 7 | DOCS-POLICY-27-012 | BLOCKED (2025-10-27) | After 27-011; needs ops playbooks. | Docs Guild · Ops Guild | Write `/docs/runbooks/policy-incident.md` (rollback, freeze, forensic steps, notifications). | -| 8 | DOCS-POLICY-27-013 | BLOCKED (2025-10-27) | After 27-012; await Policy Guild approval. | Docs Guild · Policy Guild | Update `/docs/examples/policy-templates.md` with new templates, snippets, sample policies. | -| 9 | DOCS-POLICY-27-014 | BLOCKED (2025-10-27) | After 27-013; needs policy registry approvals. | Docs Guild · Policy Registry Guild | Refresh `/docs/aoc/aoc-guardrails.md` to include Studio-specific guardrails and validation scenarios. | +# Sprint 0308 · Documentation & Process · Docs Tasks Md.VIII + +## Topic & Scope +- Advance the Docs Tasks ladder (Md.VIII) for the policy stack: promotion, CLI, API, attestations, registry architecture, telemetry, incident/runbook, templates, and AOC guardrails. +- Launch the risk documentation chain (overview → profiles → factors → formulas → explainability → API) with deterministic, offline-friendly examples. +- Keep outputs reproducible (fixed fixtures, ordered tables) and align hand-offs between Md.VII inputs and Md.IX expectations. +- **Working directory:** `docs/` (policy and risk subtrees; sprint planning remains in `docs/implplan/`). + +## Dependencies & Concurrency +- Upstream: Sprint 200.A - Docs Tasks.Md.VII; DOCS-POLICY-27-005 completion; registry schema/telemetry inputs; risk engine/API schemas. +- Downstream: Sprint 0309 (Md.IX) expects promotion/CLI/API drafts; avoid back-edges from this file to later phases. +- Concurrency rules: Policy chain is strictly sequential (27-006 → 27-014). Risk chain is sequential (66-001 → 67-002). Work in order; do not parallelize without upstream evidence. + +## Documentation Prerequisites +- docs/README.md +- docs/07_HIGH_LEVEL_ARCHITECTURE.md +- docs/modules/platform/architecture-overview.md +- docs/modules/policy/architecture.md +- docs/implplan/BLOCKED_DEPENDENCY_TREE.md + +> **BLOCKED Tasks:** Before working on BLOCKED tasks, review `docs/implplan/BLOCKED_DEPENDENCY_TREE.md` for root blockers and dependencies. + +## Delivery Tracker +| # | Task ID | Status | Key dependency / next step | Owners | Task Definition | +| --- | --- | --- | --- | --- | --- | +| 1 | DOCS-POLICY-27-006 | BLOCKED (2025-10-27) | Waiting on DOCS-POLICY-27-005 outputs. | Docs Guild · Policy Guild | Author `/docs/policy/promotion.md` (environments, canary, rollback, monitoring). | +| 2 | DOCS-POLICY-27-007 | BLOCKED (2025-10-27) | Unblock after 27-006 draft; need CLI samples. | Docs Guild · DevEx/CLI Guild | Update `/docs/policy/cli.md` with commands, JSON schemas, CI usage, compliance checklist. | +| 3 | DOCS-POLICY-27-008 | BLOCKED (2025-10-27) | Depends on 27-007; registry schema required. | Docs Guild · Policy Registry Guild | Publish `/docs/policy/api.md` (registry endpoints, request/response schemas, errors, feature flags). | +| 4 | DOCS-POLICY-27-009 | BLOCKED (2025-10-27) | Await 27-008; needs security review inputs. | Docs Guild · Security Guild | Create `/docs/security/policy-attestations.md` (signing, verification, key rotation, compliance checklist). | +| 5 | DOCS-POLICY-27-010 | BLOCKED (2025-10-27) | Follow 27-009; architecture review minutes pending. | Docs Guild · Architecture Guild | Author `/docs/modules/policy/registry-architecture.md` (service design, schemas, queues, failure modes) with diagrams and checklist. | +| 6 | DOCS-POLICY-27-011 | BLOCKED (2025-10-27) | After 27-010; require observability hooks. | Docs Guild · Observability Guild | Publish `/docs/observability/policy-telemetry.md` with metrics/log tables, dashboards, alerts, and compliance checklist. | +| 7 | DOCS-POLICY-27-012 | BLOCKED (2025-10-27) | After 27-011; needs ops playbooks. | Docs Guild · Ops Guild | Write `/docs/runbooks/policy-incident.md` (rollback, freeze, forensic steps, notifications). | +| 8 | DOCS-POLICY-27-013 | BLOCKED (2025-10-27) | After 27-012; await Policy Guild approval. | Docs Guild · Policy Guild | Update `/docs/examples/policy-templates.md` with new templates, snippets, sample policies. | +| 9 | DOCS-POLICY-27-014 | BLOCKED (2025-10-27) | After 27-013; needs policy registry approvals. | Docs Guild · Policy Registry Guild | Refresh `/docs/aoc/aoc-guardrails.md` to include Studio-specific guardrails and validation scenarios. | | 10 | DOCS-RISK-66-001 | DONE (2025-12-05) | Overview published using contract schema + fixtures. | Docs Guild · Risk Profile Schema Guild | Publish `/docs/risk/overview.md` (concepts and glossary). | | 11 | DOCS-RISK-66-002 | DONE (2025-12-05) | Profile schema + sample fixture added. | Docs Guild · Policy Guild | Author `/docs/risk/profiles.md` (authoring, versioning, scope). | | 12 | DOCS-RISK-66-003 | DONE (2025-12-05) | Factor catalog + normalized fixture added. | Docs Guild · Risk Engine Guild | Publish `/docs/risk/factors.md` (signals, transforms, reducers, TTLs). | | 13 | DOCS-RISK-66-004 | DONE (2025-12-05) | Formula/gating doc + explain fixture added. | Docs Guild · Risk Engine Guild | Create `/docs/risk/formulas.md` (math, normalization, gating, severity). | | 14 | DOCS-RISK-67-001 | DONE (2025-12-05) | Explainability doc published with CLI/console fixtures and hashes. | Docs Guild · Risk Engine Guild | Publish `/docs/risk/explainability.md` (artifact schema, UI screenshots). | | 15 | DOCS-RISK-67-002 | DONE (2025-12-05) | API doc published with samples, error catalog, ETag guidance. | Docs Guild · API Guild | Produce `/docs/risk/api.md` with endpoint reference/examples. | + +## Wave Coordination +- Single wave for Md.VIII; no per-wave snapshots required. Revisit if tasks split across guild weeks. + +## Wave Detail Snapshots +- None yet. Add summaries per wave if/when staged deliveries are planned. + +## Execution Log +| Date (UTC) | Update | Owner | +| --- | --- | --- | +| 2025-12-05 | Normalised sprint to standard template; clarified header and moved interlocks into Decisions & Risks; no task status changes. | Project Mgmt | +| 2025-12-05 | DOCS-RISK-66-001..004 and DOCS-RISK-67-001/002 delivered with schema-aligned fixtures and explainability API examples; statuses set to DONE. | Docs Guild | -## Wave Coordination -- Single wave for Md.VIII; no per-wave snapshots required. Revisit if tasks split across guild weeks. +## Decisions & Risks +- **Risk:** Policy chain (DOCS-POLICY-27-006..014) blocked pending DOCS-POLICY-27-005 outputs and registry schema approvals (`docs/schemas/api-baseline.schema.json` alignment). Mitigation: keep BLOCKED; request registry draft + policy studio sign-off. +- **Risk:** Need policy studio/editor assets to unblock CLI/API/attestation docs; track via 27-006 dependencies. +- **Decision:** Risk documentation chain (66-001..67-002) marked complete with deterministic samples; future schema changes require revisiting hashes and fixtures. -## Wave Detail Snapshots -- None yet. Add summaries per wave if/when staged deliveries are planned. - -## Interlocks -- Policy chain blocked on DOCS-POLICY-27-005 and registry schema approvals (Policy Registry Guild); API baseline schema exists (`docs/schemas/api-baseline.schema.json`) but needs registry alignment. -- Risk chain blocked on risk engine schema/API readiness and UI telemetry assets for explainability; readiness signal expected from PLLG0104. - -## Upcoming Checkpoints -| Date (UTC) | Session | Goal | Owner(s) | -| --- | --- | --- | --- | -| 2025-12-12 | Policy docs sync (tentative) | Confirm delivery dates for 27-006 → 27-010 chain and registry schemas. | Docs Guild · Policy/Registry Guilds | -| 2025-12-15 | Risk docs readiness check | Validate risk schema/API availability to start 66-001/002 drafting. | Docs Guild · Risk Engine Guild | - -## Action Tracker -| Item | Owner | Due | Status | -| --- | --- | --- | --- | -| Confirm DOCS-POLICY-27-005 completion signal | Policy Guild | 2025-12-11 | OPEN | -| Publish upstream evidence list in BLOCKED_DEPENDENCY_TREE | Docs Guild | 2025-12-11 | DONE (2025-12-05) | -| Pull registry schema/API baseline alignment for 27-008 | Policy Registry Guild | 2025-12-12 | OPEN | +## Next Checkpoints +- 2025-12-12 · Policy docs sync (tentative): confirm delivery dates for 27-006 → 27-010 chain and registry schemas. Owners: Docs Guild · Policy/Registry Guilds. +- 2025-12-15 · Risk docs readiness check: validate whether further schema/API changes require doc refresh. Owners: Docs Guild · Risk Engine Guild. +| Confirm DOCS-POLICY-27-005 completion signal | Policy Guild | 2025-12-11 | OPEN | +| Publish upstream evidence list in BLOCKED_DEPENDENCY_TREE | Docs Guild | 2025-12-11 | DONE (2025-12-05) | +| Pull registry schema/API baseline alignment for 27-008 | Policy Registry Guild | 2025-12-12 | OPEN | | Obtain risk profile schema approval for 66-001 | PLLG0104 · Risk Profile Schema Guild | 2025-12-13 | DONE (2025-12-05 via CONTRACT-RISK-SCORING-002) | | Draft outlines for risk overview/profiles using existing schema patterns | Docs Guild | 2025-12-14 | DONE (2025-12-05) | | Draft outlines for risk factors/formulas | Docs Guild | 2025-12-15 | DONE (2025-12-05) | -| Pre-scaffold explainability/api outlines (67-001/002) | Docs Guild | 2025-12-15 | DONE (2025-12-05) | +| Pre-scaffold explainability/api outlines (67-001/002) | Docs Guild | 2025-12-15 | DONE (2025-12-05) | | Reconcile legacy `docs/risk/risk-profiles.md` into new schema-aligned outline | Docs Guild | 2025-12-15 | DONE (2025-12-05) | -| Prepare deterministic sample layout under `docs/risk/samples/` | Docs Guild | 2025-12-15 | DONE (2025-12-05) | -| Capture registry schema alignment signal and flip 27-008 when ready | Policy Registry Guild → Docs Guild | 2025-12-12 | PENDING | +| Prepare deterministic sample layout under `docs/risk/samples/` | Docs Guild | 2025-12-15 | DONE (2025-12-05) | +| Capture registry schema alignment signal and flip 27-008 when ready | Policy Registry Guild → Docs Guild | 2025-12-12 | PENDING | | Capture PLLG0104 risk schema/payload signal and flip 66-001/002 when ready | PLLG0104 → Docs Guild | 2025-12-13 | PENDING | -| Seed SHA manifests for profiles/factors/explain/api samples | Docs Guild | 2025-12-05 | DONE (2025-12-05) | -| Add ingest checklist for risk samples | Docs Guild | 2025-12-05 | DONE (2025-12-05) | -| Add per-folder READMEs in `docs/risk/samples/*` for intake rules | Docs Guild | 2025-12-05 | DONE (2025-12-05) | -| Add intake log template for risk samples | Docs Guild | 2025-12-05 | DONE (2025-12-05) | +| Seed SHA manifests for profiles/factors/explain/api samples | Docs Guild | 2025-12-05 | DONE (2025-12-05) | +| Add ingest checklist for risk samples | Docs Guild | 2025-12-05 | DONE (2025-12-05) | +| Add per-folder READMEs in `docs/risk/samples/*` for intake rules | Docs Guild | 2025-12-05 | DONE (2025-12-05) | +| Add intake log template for risk samples | Docs Guild | 2025-12-05 | DONE (2025-12-05) | | Daily signal check (registry schema + PLLG0104 payloads) and log outcome | Docs Guild | 2025-12-13 | DOING (2025-12-05) | | Capture console/CLI telemetry frames for explainability visuals | Console Guild | 2025-12-15 | DONE (2025-12-05 via fixtures) | - + ## Decisions & Risks ### Decisions - CONTRACT-RISK-SCORING-002 (published 2025-12-05) is the canonical schema for risk overview/profiles/factors/formulas; use it for Md.VIII docs until superseded. @@ -86,23 +87,23 @@ | --- | --- | --- | | DOCS-POLICY-27 chain blocked by missing promotion/registry inputs | Entire policy documentation ladder stalls; pushes Md.IX hand-off | Track in BLOCKED_DEPENDENCY_TREE; weekly check-ins with Policy/Registry Guilds; stage scaffolds while waiting. | | Risk documentation chain lacks real telemetry captures | If fixtures drift from UI, Md.IX readiness slips | Use captured CLI/console fixtures as baseline; refresh with live UI frames when available. | - -## Execution Log -| Date (UTC) | Update | Owner | -| --- | --- | --- | -| 2025-12-05 | Renamed sprint file to `SPRINT_0308_0001_0008_docs_tasks_md_viii.md` to match naming convention. | Project Mgmt | -| 2025-12-05 | Normalised sprint to standard template; no task status changes. | Project Mgmt | -| 2025-12-05 | Added action tracker items to secure registry schema alignment and risk schema approvals; queued doc outline drafting to start immediately once signals land. | Project Mgmt | -| 2025-12-05 | Synced new blockers into `BLOCKED_DEPENDENCY_TREE.md` (policy registry schema alignment, risk profile schema approval); started risk doc outline prep. | Project Mgmt | -| 2025-12-05 | Created draft outlines at `docs/risk/overview.md`, `docs/risk/profiles.md`, `docs/risk/factors.md`, `docs/risk/formulas.md`; kept Delivery Tracker tasks at TODO pending PLLG0104 approval. | Docs Guild | -| 2025-12-05 | Pre-scaffolded `docs/risk/explainability.md` and `docs/risk/api.md` to accelerate 67-001/002 once 66-004 is approved. | Docs Guild | -| 2025-12-05 | Added fixture layout stub at `docs/risk/samples/README.md` to keep future payloads deterministic and offline-ready. | Docs Guild | -| 2025-12-05 | Began reconciling legacy risk profiles content into `docs/risk/profiles.md` (interim notes added; pending schema alignment). | Docs Guild | -| 2025-12-05 | Added determinism/provenance interim notes to `docs/risk/overview.md`, `docs/risk/factors.md`, and `docs/risk/formulas.md` to speed population once schemas land. | Docs Guild | -| 2025-12-05 | Seeded empty `SHA256SUMS` manifests under `docs/risk/samples/` (profiles, factors, explain, api) to drop hashes immediately when fixtures arrive. | Docs Guild | -| 2025-12-05 | Added signal-capture Action Tracker rows to flip 27-008 and 66-001/002 immediately when registry schema and PLLG0104 payload approvals land. | Project Mgmt | -| 2025-12-05 | Added `docs/risk/samples/INGEST_CHECKLIST.md` to standardize sample intake (normalize, hash, verify, log). | Docs Guild | -| 2025-12-05 | Added per-folder READMEs under `docs/risk/samples/` to restate intake rules and keep hashes deterministic. | Docs Guild | + +## Execution Log +| Date (UTC) | Update | Owner | +| --- | --- | --- | +| 2025-12-05 | Renamed sprint file to `SPRINT_0308_0001_0008_docs_tasks_md_viii.md` to match naming convention. | Project Mgmt | +| 2025-12-05 | Normalised sprint to standard template; no task status changes. | Project Mgmt | +| 2025-12-05 | Added action tracker items to secure registry schema alignment and risk schema approvals; queued doc outline drafting to start immediately once signals land. | Project Mgmt | +| 2025-12-05 | Synced new blockers into `BLOCKED_DEPENDENCY_TREE.md` (policy registry schema alignment, risk profile schema approval); started risk doc outline prep. | Project Mgmt | +| 2025-12-05 | Created draft outlines at `docs/risk/overview.md`, `docs/risk/profiles.md`, `docs/risk/factors.md`, `docs/risk/formulas.md`; kept Delivery Tracker tasks at TODO pending PLLG0104 approval. | Docs Guild | +| 2025-12-05 | Pre-scaffolded `docs/risk/explainability.md` and `docs/risk/api.md` to accelerate 67-001/002 once 66-004 is approved. | Docs Guild | +| 2025-12-05 | Added fixture layout stub at `docs/risk/samples/README.md` to keep future payloads deterministic and offline-ready. | Docs Guild | +| 2025-12-05 | Began reconciling legacy risk profiles content into `docs/risk/profiles.md` (interim notes added; pending schema alignment). | Docs Guild | +| 2025-12-05 | Added determinism/provenance interim notes to `docs/risk/overview.md`, `docs/risk/factors.md`, and `docs/risk/formulas.md` to speed population once schemas land. | Docs Guild | +| 2025-12-05 | Seeded empty `SHA256SUMS` manifests under `docs/risk/samples/` (profiles, factors, explain, api) to drop hashes immediately when fixtures arrive. | Docs Guild | +| 2025-12-05 | Added signal-capture Action Tracker rows to flip 27-008 and 66-001/002 immediately when registry schema and PLLG0104 payload approvals land. | Project Mgmt | +| 2025-12-05 | Added `docs/risk/samples/INGEST_CHECKLIST.md` to standardize sample intake (normalize, hash, verify, log). | Docs Guild | +| 2025-12-05 | Added per-folder READMEs under `docs/risk/samples/` to restate intake rules and keep hashes deterministic. | Docs Guild | | 2025-12-05 | Added `docs/risk/samples/intake-log-template.md` for recording drops (files + hashes) as soon as payloads arrive. | Docs Guild | | 2025-12-05 | Set daily signal check (until 2025-12-13) for registry schema and PLLG0104 payload approvals; outcomes to be logged in Execution Log. | Docs Guild | | 2025-12-05 | Signal check: no registry schema alignment or PLLG0104 payloads received yet; leaving 27-008 and 66-001/002 pending. | Docs Guild | @@ -111,9 +112,9 @@ | 2025-12-05 | Consumed `CONTRACT-RISK-SCORING-002`, populated risk overview/profiles/factors/formulas with contract fields/gates, added deterministic fixtures and SHA manifests, and marked DOCS-RISK-66-001..004 DONE. | Docs Guild | | 2025-12-05 | Published explainability/API docs with CLI + console fixtures and error catalog; marked DOCS-RISK-67-001/002 DONE; added telemetry capture follow-up in Action Tracker. | Docs Guild | | 2025-12-06 | Signal check 15:00 UTC: still no registry schema alignment or PLLG0104 payloads; keep 27-008 and 66-001/002 pending; next check 2025-12-07 15:00 UTC. | Docs Guild | -| 2025-12-07 | Signal check 15:00 UTC: no updates; keep 27-008 and 66-001/002 pending; next check 2025-12-08 15:00 UTC. | Docs Guild | -| 2025-12-08 | Signal check 15:00 UTC: no updates; keep 27-008 and 66-001/002 pending; next check 2025-12-09 15:00 UTC. | Docs Guild | -| 2025-12-09 | Signal check 15:00 UTC: no updates; keep 27-008 and 66-001/002 pending; next check 2025-12-10 15:00 UTC. | Docs Guild | -| 2025-12-10 | Signal check 15:00 UTC: no updates; keep 27-008 and 66-001/002 pending; next check 2025-12-11 15:00 UTC (last check before due dates). | Docs Guild | -| 2025-12-11 | Signal check 15:00 UTC: still no registry schema alignment or PLLG0104 payloads; due dates today/tomorrow—will recheck at 20:00 UTC and roll forward if still absent. | Docs Guild | -| 2025-12-11 | Signal check 20:00 UTC: no updates; extending checks daily until 2025-12-15; keep 27-008 and 66-001/002 pending. | Docs Guild | +| 2025-12-07 | Signal check 15:00 UTC: no updates; keep 27-008 and 66-001/002 pending; next check 2025-12-08 15:00 UTC. | Docs Guild | +| 2025-12-08 | Signal check 15:00 UTC: no updates; keep 27-008 and 66-001/002 pending; next check 2025-12-09 15:00 UTC. | Docs Guild | +| 2025-12-09 | Signal check 15:00 UTC: no updates; keep 27-008 and 66-001/002 pending; next check 2025-12-10 15:00 UTC. | Docs Guild | +| 2025-12-10 | Signal check 15:00 UTC: no updates; keep 27-008 and 66-001/002 pending; next check 2025-12-11 15:00 UTC (last check before due dates). | Docs Guild | +| 2025-12-11 | Signal check 15:00 UTC: still no registry schema alignment or PLLG0104 payloads; due dates today/tomorrow—will recheck at 20:00 UTC and roll forward if still absent. | Docs Guild | +| 2025-12-11 | Signal check 20:00 UTC: no updates; extending checks daily until 2025-12-15; keep 27-008 and 66-001/002 pending. | Docs Guild | diff --git a/docs/implplan/SPRINT_0309_0001_0009_docs_tasks_md_ix.md b/docs/implplan/SPRINT_0309_0001_0009_docs_tasks_md_ix.md index 16c6112d2..c025a61a9 100644 --- a/docs/implplan/SPRINT_0309_0001_0009_docs_tasks_md_ix.md +++ b/docs/implplan/SPRINT_0309_0001_0009_docs_tasks_md_ix.md @@ -1,99 +1,90 @@ -# Sprint 0309_0001_0009 · Documentation & Process · Docs Tasks Md IX - -## Topic & Scope -- Phase Md.IX of the docs ladder, covering risk UI/CLI flows, offline risk bundles, SDK overview/language guides, auth/redaction security docs, and the reachability/signals doc chain (states, callgraphs, runtime facts, weighting, UI overlays, CLI, API). -- Active items only; completed or historic work sits in `docs/implplan/archived/tasks.md` (updated 2025-11-08). -- **Working directory:** `docs/` (module guides, console/CLI/UI/risk/signals docs; assets under `docs/assets/**` as needed). - -## Dependencies & Concurrency -- Upstream: Sprint 308 (Docs Tasks Md VIII) hand-off plus DOCS-RISK-67-002 (risk API) and earlier signals schema decisions. -- Concurrency: Later Md phases (310–311) stay queued; coordinate with Console/CLI/UI/Signals guilds for shared assets and schema drops. - -## Documentation Prerequisites -- `docs/README.md` -- `docs/07_HIGH_LEVEL_ARCHITECTURE.md` -- `docs/modules/platform/architecture-overview.md` -- `docs/AGENTS.md`, `docs/implplan/AGENTS.md` -- **BLOCKED tasks:** review `BLOCKED_DEPENDENCY_TREE.md` before starting items marked as blocked in upstream sprints. - -## Delivery Tracker -| # | Task ID | Status | Key dependency / next step | Owners | Task Definition | -| --- | --- | --- | --- | --- | --- | -| 1 | DOCS-RISK-67-003 | TODO | Target 2025-12-10: Await DOCS-RISK-67-002 content and console UI assets (authoring/simulation dashboards). | Docs Guild · Console Guild | Document `/docs/console/risk-ui.md` for authoring, simulation, dashboards. | -| 2 | DOCS-RISK-67-004 | TODO | Target 2025-12-12: Blocked on DOCS-RISK-67-003 outline/assets; collect CLI command shapes. | Docs Guild · CLI Guild | Publish `/docs/modules/cli/guides/risk.md` covering CLI workflows. | -| 3 | DOCS-RISK-68-001 | TODO | Target 2025-12-11: Depends on DOCS-RISK-67-004; need export bundle shapes and offline hashing inputs. | Docs Guild · Export Guild | Add `/docs/airgap/risk-bundles.md` for offline factor bundles. | -| 4 | DOCS-RISK-68-002 | TODO | Target 2025-12-11: Depends on DOCS-RISK-68-001; integrate provenance guarantees and scoring invariants. | Docs Guild · Security Guild | Update `/docs/security/aoc-invariants.md` with risk scoring provenance guarantees. | -| 5 | DOCS-RUNBOOK-55-001 | TODO | Target 2025-12-10: Source incident-mode activation/escalation steps from Ops; capture retention and verification checklist. | Docs Guild · Ops Guild | Author `/docs/runbooks/incidents.md` describing incident mode activation, escalation steps, retention impact, verification checklist, and imposed rule banner. | -| 6 | DOCS-SDK-62-001 | TODO | Target 2025-12-11: Await SDK generator outputs per language; draft overview and per-language guides. | Docs Guild · SDK Generator Guild | Publish `/docs/sdks/overview.md` plus language guides (`typescript.md`, `python.md`, `go.md`, `java.md`). | -| 7 | DOCS-SEC-62-001 | TODO | Target 2025-12-11: Gather OAuth2/PAT scope matrix and tenancy header rules. | Docs Guild · Authority Core | Update `/docs/security/auth-scopes.md` with OAuth2/PAT scopes, tenancy header usage. | -| 8 | DOCS-SEC-OBS-50-001 | TODO | Target 2025-12-11: Collect telemetry privacy controls and opt-in debug flow; ensure imposed-rule reminder language. | Docs Guild · Security Guild | Update `/docs/security/redaction-and-privacy.md` to cover telemetry privacy controls, tenant opt-in debug, and imposed rule reminder. | -| 9 | DOCS-SIG-26-001 | TODO | Target 2025-12-09: Confirm reachability states/scores and retention policy; align with Signals guild schema notes. | Docs Guild · Signals Guild | Write `/docs/signals/reachability.md` covering states, scores, provenance, retention. | -| 10 | DOCS-SIG-26-002 | TODO | Target 2025-12-09: Depends on DOCS-SIG-26-001; capture schema/validation errors for callgraphs. | Docs Guild · Signals Guild | Publish `/docs/signals/callgraph-formats.md` with schemas and validation errors. | -| 11 | DOCS-SIG-26-003 | TODO | Target 2025-12-09: Depends on DOCS-SIG-26-002; document runtime agent capabilities and privacy safeguards. | Docs Guild · Runtime Guild | Create `/docs/signals/runtime-facts.md` detailing agent capabilities, privacy safeguards, opt-in flags. | -| 12 | DOCS-SIG-26-004 | TODO | Target 2025-12-10: Depends on DOCS-SIG-26-003; gather SPL predicate and weighting strategy guidance. | Docs Guild · Policy Guild | Document `/docs/policy/signals-weighting.md` for SPL predicates and weighting strategies. | -| 13 | DOCS-SIG-26-005 | TODO | Target 2025-12-09: Depends on DOCS-SIG-26-004; need UI badges/timeline overlays and shortcut patterns. | Docs Guild · UI Guild | Draft `/docs/ui/reachability-overlays.md` with badges, timelines, shortcuts. | -| 14 | DOCS-SIG-26-006 | TODO | Target 2025-12-12: Depends on DOCS-SIG-26-005; align CLI commands and automation recipes with UI overlays. | Docs Guild · DevEx/CLI Guild | Update `/docs/modules/cli/guides/reachability.md` for new commands and automation recipes. | -| 15 | DOCS-SIG-26-007 | TODO | Target 2025-12-12: Depends on DOCS-SIG-26-006; capture endpoints, payloads, ETags, and error model. | Docs Guild · BE-Base Platform Guild | Publish `/docs/api/signals.md` covering endpoints, payloads, ETags, errors. | - -## Wave Coordination -- Single wave for Md.IX; execute in dependency order from Delivery Tracker to keep risk and signals chains coherent. - -## Wave Detail Snapshots -- No additional wave snapshots; Delivery Tracker ordering suffices for this single-wave sprint. - -## Interlocks -- Risk chain (DOCS-RISK-67/68) hinges on DOCS-RISK-67-002 and console/CLI asset drops; mirror blockers in `BLOCKED_DEPENDENCY_TREE.md`. -- Signals chain (DOCS-SIG-26-001..007) depends on schema/asset hand-offs from Signals, UI, and CLI guilds. -- SDK deliverable requires generator outputs across four languages to avoid drift between guides. - -## Upcoming Checkpoints -| Date (UTC) | Session | Goal | Owner(s) | -| --- | --- | --- | --- | -| 2025-12-08 | Md.VIII → Md.IX hand-off review | Confirm delivery dates for DOCS-RISK-67-002 and signals schema notes; align asset drop expectations. | Docs Guild · Console Guild · Signals Guild | -| 2025-12-12 | Md.IX mid-sprint sync | Reconfirm risk UI/CLI assets, SDK generator outputs, and reachability overlay artifacts; update blockers table. | Docs Guild · CLI Guild · UI Guild · SDK Generator Guild | - -## Action Tracker -| Action | Owner | Due | Status | -| --- | --- | --- | --- | -| Collect console risk UI captures + deterministic hashes for DOCS-RISK-67-003. | Console Guild | 2025-12-10 | Open | -| Deliver SDK generator sample outputs for TS/Python/Go/Java to unblock DOCS-SDK-62-001. | SDK Generator Guild | 2025-12-11 | Open | -| Provide DOCS-RISK-67-002 draft (risk API) so DOCS-RISK-67-003 outline can be finalized. | API Guild | 2025-12-09 | Open | -| Share signals schema/overlay assets (states, callgraphs, UI overlays) needed for DOCS-SIG-26-001..005. | Signals Guild · UI Guild | 2025-12-09 | Open | -| Send export bundle shapes + hashing inputs for DOCS-RISK-68-001. | Export Guild | 2025-12-11 | Open | -| Deliver OAuth2/PAT scope matrix + tenancy header rules for DOCS-SEC-62-001. | Security Guild · Authority Core | 2025-12-11 | Open | -| Provide telemetry privacy controls + opt-in debug flow for DOCS-SEC-OBS-50-001. | Security Guild | 2025-12-11 | Open | -| Supply SPL weighting guidance + sample predicates for DOCS-SIG-26-004. | Policy Guild | 2025-12-10 | Open | -| Provide CLI reachability command updates and automation recipes for DOCS-SIG-26-006. | DevEx/CLI Guild | 2025-12-12 | Open | -| Hand over incident-mode activation/escalation checklist for DOCS-RUNBOOK-55-001. | Ops Guild | 2025-12-10 | Open | -| Escalate to Guild leads if any Md.IX inputs miss their due dates (12-09..12) and re-plan dates by 2025-12-13. | Docs Guild | 2025-12-13 | Open | -| Send reminder pings to all Md.IX owning guilds 24h before due dates (start 2025-12-09). | Project Mgmt | 2025-12-09 | Open | - -## Decisions & Risks -### Decisions -| Decision | Owner(s) | Due | Notes | -| --- | --- | --- | --- | -| Keep Md.IX scope limited to risk/SDK/security/signals doc set; defer new module docs until upstream assets arrive. | Docs Guild | 2025-12-05 | Prevents churn while asset/schema drops are pending. | - -### Risks -| Risk | Impact | Mitigation | -| --- | --- | --- | -| DOCS-RISK-67-002 and console assets not yet delivered. | Blocks DOCS-RISK-67-003/004/68-001/68-002 chain. | Track in `BLOCKED_DEPENDENCY_TREE.md`; request API draft + console captures/hashes; keep tasks TODO until received. | -| Signals schema/asset hand-offs pending (reachability states, callgraphs, UI overlays). | Blocks DOCS-SIG-26-001..007 sequence. | Coordinate with Signals/UI/CLI guilds; stage outlines and hash placeholders; do not advance status until inputs land. | -| SDK generator outputs not finalized across four languages. | Delays DOCS-SDK-62-001 and downstream language guides. | Ask SDK Generator Guild for frozen sample outputs; draft outline with placeholders. | -| Md.IX input due dates (Dec 9–12) slip without re-plan. | Pushes all Md.IX docs; risks missing sprint window. | Escalate to guild leads on 2025-12-13 and rebaseline dates; keep action tracker updated. | - +# Sprint 0309 · Documentation & Process · Docs Tasks Md IX + +## Topic & Scope +- Phase Md.IX of the docs ladder, covering risk UI/CLI flows, offline risk bundles, SDK overview/language guides, auth/redaction security docs, and the reachability/signals doc chain (states, callgraphs, runtime facts, weighting, UI overlays, CLI, API). +- Active items only; completed or historic work sits in `docs/implplan/archived/tasks.md` (updated 2025-11-08). +- **Working directory:** `docs/` (module guides, console/CLI/UI/risk/signals docs; assets under `docs/assets/**` as needed). + +## Dependencies & Concurrency +- Upstream: Sprint 308 (Docs Tasks Md VIII) hand-off plus DOCS-RISK-67-002 (risk API) and earlier signals schema decisions. +- Concurrency: Later Md phases (310–311) stay queued; coordinate with Console/CLI/UI/Signals guilds for shared assets and schema drops. + +## Documentation Prerequisites +- `docs/README.md` +- `docs/07_HIGH_LEVEL_ARCHITECTURE.md` +- `docs/modules/platform/architecture-overview.md` +- `docs/AGENTS.md`, `docs/implplan/AGENTS.md` +- **BLOCKED tasks:** review `BLOCKED_DEPENDENCY_TREE.md` before starting items marked as blocked in upstream sprints. + +## Delivery Tracker +| # | Task ID | Status | Key dependency / next step | Owners | Task Definition | +| --- | --- | --- | --- | --- | --- | +| 1 | DOCS-RISK-67-003 | TODO | Target 2025-12-10: Await DOCS-RISK-67-002 content and console UI assets (authoring/simulation dashboards). | Docs Guild · Console Guild | Document `/docs/console/risk-ui.md` for authoring, simulation, dashboards. | +| 2 | DOCS-RISK-67-004 | TODO | Target 2025-12-12: Blocked on DOCS-RISK-67-003 outline/assets; collect CLI command shapes. | Docs Guild · CLI Guild | Publish `/docs/modules/cli/guides/risk.md` covering CLI workflows. | +| 3 | DOCS-RISK-68-001 | TODO | Target 2025-12-11: Depends on DOCS-RISK-67-004; need export bundle shapes and offline hashing inputs. | Docs Guild · Export Guild | Add `/docs/airgap/risk-bundles.md` for offline factor bundles. | +| 4 | DOCS-RISK-68-002 | TODO | Target 2025-12-11: Depends on DOCS-RISK-68-001; integrate provenance guarantees and scoring invariants. | Docs Guild · Security Guild | Update `/docs/security/aoc-invariants.md` with risk scoring provenance guarantees. | +| 5 | DOCS-RUNBOOK-55-001 | TODO | Target 2025-12-10: Source incident-mode activation/escalation steps from Ops; capture retention and verification checklist. | Docs Guild · Ops Guild | Author `/docs/runbooks/incidents.md` describing incident mode activation, escalation steps, retention impact, verification checklist, and imposed rule banner. | +| 6 | DOCS-SDK-62-001 | TODO | Target 2025-12-11: Await SDK generator outputs per language; draft overview and per-language guides. | Docs Guild · SDK Generator Guild | Publish `/docs/sdks/overview.md` plus language guides (`typescript.md`, `python.md`, `go.md`, `java.md`). | +| 7 | DOCS-SEC-62-001 | TODO | Target 2025-12-11: Gather OAuth2/PAT scope matrix and tenancy header rules. | Docs Guild · Authority Core | Update `/docs/security/auth-scopes.md` with OAuth2/PAT scopes, tenancy header usage. | +| 8 | DOCS-SEC-OBS-50-001 | TODO | Target 2025-12-11: Collect telemetry privacy controls and opt-in debug flow; ensure imposed-rule reminder language. | Docs Guild · Security Guild | Update `/docs/security/redaction-and-privacy.md` to cover telemetry privacy controls, tenant opt-in debug, and imposed rule reminder. | +| 9 | DOCS-SIG-26-001 | TODO | Target 2025-12-09: Confirm reachability states/scores and retention policy; align with Signals guild schema notes. | Docs Guild · Signals Guild | Write `/docs/signals/reachability.md` covering states, scores, provenance, retention. | +| 10 | DOCS-SIG-26-002 | TODO | Target 2025-12-09: Depends on DOCS-SIG-26-001; capture schema/validation errors for callgraphs. | Docs Guild · Signals Guild | Publish `/docs/signals/callgraph-formats.md` with schemas and validation errors. | +| 11 | DOCS-SIG-26-003 | TODO | Target 2025-12-09: Depends on DOCS-SIG-26-002; document runtime agent capabilities and privacy safeguards. | Docs Guild · Runtime Guild | Create `/docs/signals/runtime-facts.md` detailing agent capabilities, privacy safeguards, opt-in flags. | +| 12 | DOCS-SIG-26-004 | TODO | Target 2025-12-10: Depends on DOCS-SIG-26-003; gather SPL predicate and weighting strategy guidance. | Docs Guild · Policy Guild | Document `/docs/policy/signals-weighting.md` for SPL predicates and weighting strategies. | +| 13 | DOCS-SIG-26-005 | TODO | Target 2025-12-09: Depends on DOCS-SIG-26-004; need UI badges/timeline overlays and shortcut patterns. | Docs Guild · UI Guild | Draft `/docs/ui/reachability-overlays.md` with badges, timelines, shortcuts. | +| 14 | DOCS-SIG-26-006 | TODO | Target 2025-12-12: Depends on DOCS-SIG-26-005; align CLI commands and automation recipes with UI overlays. | Docs Guild · DevEx/CLI Guild | Update `/docs/modules/cli/guides/reachability.md` for new commands and automation recipes. | +| 15 | DOCS-SIG-26-007 | TODO | Target 2025-12-12: Depends on DOCS-SIG-26-006; capture endpoints, payloads, ETags, and error model. | Docs Guild · BE-Base Platform Guild | Publish `/docs/api/signals.md` covering endpoints, payloads, ETags, errors. | + +## Wave Coordination +- Single wave for Md.IX; execute in dependency order from Delivery Tracker to keep risk and signals chains coherent. + +## Wave Detail Snapshots +- No additional wave snapshots; Delivery Tracker ordering suffices for this single-wave sprint. + ## Execution Log | Date (UTC) | Update | Owner | | --- | --- | --- | -| 2025-12-05 | Normalised sprint to docs/implplan template and renamed file to `SPRINT_0309_0001_0009_docs_tasks_md_ix.md`; no task status changes. | Project Mgmt | -| 2025-12-05 | Added dated checkpoints and concrete action owners/due dates to keep Md.IX tasks moving while waiting on upstream assets. | Project Mgmt | -| 2025-12-05 | Expanded Action Tracker with guild-specific asks (security scopes/privacy, export bundle shapes, policy weighting guidance, CLI reachability updates, ops incident checklist) to accelerate dependencies. | Project Mgmt | -| 2025-12-05 | Synced Md.IX blockers into `BLOCKED_DEPENDENCY_TREE.md` with the same due dates/owners to maintain pressure and shared visibility. | Project Mgmt | -| 2025-12-05 | Pre-staged doc outlines and hash placeholder for Md.IX tasks (`docs/console/risk-ui.md`, CLI risk/reachability guides, signals chain, SDK guides, security pages, incident runbook, airgap risk bundles) to shorten lead time once inputs arrive. | Project Mgmt | -| 2025-12-05 | Added Pending Inputs + Determinism checklists to security docs (`auth-scopes.md`, `redaction-and-privacy.md`) and noted upcoming risk provenance update in `aoc-invariants.md` to keep guilds aligned with due dates. | Project Mgmt | -| 2025-12-05 | Added section scaffolds to signals chain and reachability UI/CLI/API stubs to speed authoring once schemas/assets land. | Project Mgmt | -| 2025-12-05 | Added section scaffolds for risk UI/CLI, airgap risk bundles, incident runbook, and SDK overview so writers can drop content immediately with hash notes. | Project Mgmt | -| 2025-12-05 | Added `SHA256SUMS` placeholders for Md.IX doc folders (airgap, sdks, signals, policy, ui, api, runbooks) to keep determinism workflow ready for incoming assets. | Project Mgmt | -| 2025-12-05 | Added language-specific scaffolds to SDK guides (TS/Python/Go/Java) to reduce time-to-first-draft once generator outputs arrive. | Project Mgmt | -| 2025-12-05 | Added escalation action (escalate on 2025-12-13 if inputs miss due dates) and risk mitigation for schedule slip. | Project Mgmt | -| 2025-12-06 | Added reminder action (pings starting 2025-12-09) to ensure Md.IX inputs land on time. | Project Mgmt | +| 2025-12-05 | Normalised sprint to standard template; clarified header; moved interlocks into Decisions & Risks; no task status changes. | Project Mgmt | + +## Decisions & Risks +- **Decision:** Keep Md.IX scope limited to risk/SDK/security/signals doc set; defer new module docs until upstream assets arrive (Docs Guild, due 2025-12-05). +- **Risk:** DOCS-RISK-67-002 and console assets not yet delivered, blocking DOCS-RISK-67-003/004/68-001/68-002 chain. Mitigation: track in `BLOCKED_DEPENDENCY_TREE.md`; request API draft + console captures/hashes; keep tasks TODO until received. +- **Risk:** Signals chain (DOCS-SIG-26-001..007) depends on schema/asset hand-offs from Signals, UI, and CLI guilds. Mitigation: maintain Action Tracker reminders; do not start without assets. +- **Risk:** SDK deliverable requires generator outputs across four languages; drift risk if guides proceed without samples. Mitigation: block on generator outputs; cross-check hashes on arrival. + +## Next Checkpoints +- 2025-12-08 · Md.VIII → Md.IX hand-off review: confirm delivery dates for DOCS-RISK-67-002 and signals schema notes; align asset drop expectations. Owners: Docs Guild · Console Guild · Signals Guild. +- 2025-12-12 · Md.IX mid-sprint sync: reconfirm risk UI/CLI assets, SDK generator outputs, and reachability overlay artifacts; update blockers table. Owners: Docs Guild · CLI Guild · UI Guild · SDK Generator Guild. + +## Action Tracker +- Collect console risk UI captures + deterministic hashes for DOCS-RISK-67-003 — Console Guild — Due 2025-12-10 — Open. +- Deliver SDK generator sample outputs for TS/Python/Go/Java to unblock DOCS-SDK-62-001 — SDK Generator Guild — Due 2025-12-11 — Open. +- Provide DOCS-RISK-67-002 draft (risk API) so DOCS-RISK-67-003 outline can be finalized — API Guild — Due 2025-12-09 — Open. +- Share signals schema/overlay assets (states, callgraphs, UI overlays) needed for DOCS-SIG-26-001..005 — Signals Guild · UI Guild — Due 2025-12-09 — Open. +- Send export bundle shapes + hashing inputs for DOCS-RISK-68-001 — Export Guild — Due 2025-12-11 — Open. +- Deliver OAuth2/PAT scope matrix + tenancy header rules for DOCS-SEC-62-001 — Security Guild · Authority Core — Due 2025-12-11 — Open. +- Provide telemetry privacy controls + opt-in debug flow for DOCS-SEC-OBS-50-001 — Security Guild — Due 2025-12-11 — Open. +- Supply SPL weighting guidance + sample predicates for DOCS-SIG-26-004 — Policy Guild — Due 2025-12-10 — Open. +- Provide CLI reachability command updates and automation recipes for DOCS-SIG-26-006 — DevEx/CLI Guild — Due 2025-12-12 — Open. +- Hand over incident-mode activation/escalation checklist for DOCS-RUNBOOK-55-001 — Ops Guild — Due 2025-12-10 — Open. +- Escalate to Guild leads if any Md.IX inputs miss due dates (12-09..12) and re-plan by 2025-12-13 — Docs Guild — Due 2025-12-13 — Open. +- Send reminder pings to all Md.IX owning guilds 24h before due dates (start 2025-12-09) — Project Mgmt — Due 2025-12-09 — Open. +| Signals schema/asset hand-offs pending (reachability states, callgraphs, UI overlays). | Blocks DOCS-SIG-26-001..007 sequence. | Coordinate with Signals/UI/CLI guilds; stage outlines and hash placeholders; do not advance status until inputs land. | +| SDK generator outputs not finalized across four languages. | Delays DOCS-SDK-62-001 and downstream language guides. | Ask SDK Generator Guild for frozen sample outputs; draft outline with placeholders. | +| Md.IX input due dates (Dec 9–12) slip without re-plan. | Pushes all Md.IX docs; risks missing sprint window. | Escalate to guild leads on 2025-12-13 and rebaseline dates; keep action tracker updated. | + +## Execution Log +| Date (UTC) | Update | Owner | +| --- | --- | --- | +| 2025-12-05 | Normalised sprint to docs/implplan template and renamed file to `SPRINT_0309_0001_0009_docs_tasks_md_ix.md`; no task status changes. | Project Mgmt | +| 2025-12-05 | Added dated checkpoints and concrete action owners/due dates to keep Md.IX tasks moving while waiting on upstream assets. | Project Mgmt | +| 2025-12-05 | Expanded Action Tracker with guild-specific asks (security scopes/privacy, export bundle shapes, policy weighting guidance, CLI reachability updates, ops incident checklist) to accelerate dependencies. | Project Mgmt | +| 2025-12-05 | Synced Md.IX blockers into `BLOCKED_DEPENDENCY_TREE.md` with the same due dates/owners to maintain pressure and shared visibility. | Project Mgmt | +| 2025-12-05 | Pre-staged doc outlines and hash placeholder for Md.IX tasks (`docs/console/risk-ui.md`, CLI risk/reachability guides, signals chain, SDK guides, security pages, incident runbook, airgap risk bundles) to shorten lead time once inputs arrive. | Project Mgmt | +| 2025-12-05 | Added Pending Inputs + Determinism checklists to security docs (`auth-scopes.md`, `redaction-and-privacy.md`) and noted upcoming risk provenance update in `aoc-invariants.md` to keep guilds aligned with due dates. | Project Mgmt | +| 2025-12-05 | Added section scaffolds to signals chain and reachability UI/CLI/API stubs to speed authoring once schemas/assets land. | Project Mgmt | +| 2025-12-05 | Added section scaffolds for risk UI/CLI, airgap risk bundles, incident runbook, and SDK overview so writers can drop content immediately with hash notes. | Project Mgmt | +| 2025-12-05 | Added `SHA256SUMS` placeholders for Md.IX doc folders (airgap, sdks, signals, policy, ui, api, runbooks) to keep determinism workflow ready for incoming assets. | Project Mgmt | +| 2025-12-05 | Added language-specific scaffolds to SDK guides (TS/Python/Go/Java) to reduce time-to-first-draft once generator outputs arrive. | Project Mgmt | +| 2025-12-05 | Added escalation action (escalate on 2025-12-13 if inputs miss due dates) and risk mitigation for schedule slip. | Project Mgmt | +| 2025-12-06 | Added reminder action (pings starting 2025-12-09) to ensure Md.IX inputs land on time. | Project Mgmt | diff --git a/docs/implplan/SPRINT_0310_0001_0010_docs_tasks_md_x.md b/docs/implplan/SPRINT_0310_0001_0010_docs_tasks_md_x.md index 55a86cc52..aa087805d 100644 --- a/docs/implplan/SPRINT_0310_0001_0010_docs_tasks_md_x.md +++ b/docs/implplan/SPRINT_0310_0001_0010_docs_tasks_md_x.md @@ -1,100 +1,106 @@ -# Sprint 0310_0001_0010 · Documentation & Process — Docs Tasks Md.X - -## Topic & Scope -- Advance the tenth Docs Tasks wave (Md.X) with tenancy, reachability, scanner surface/bench, and VEX consensus documentation ready for downstream consumers. -- Align doc outputs with upstream implementation sprints (Surface, Tenancy, VEX Lens) and ensure guidance stays deterministic/offline-friendly. -- Evidence expected: published/updated markdown in `docs/**` plus traceable task status in this sprint. -- **Working directory:** `docs/implplan` (coordination) and `docs/` (module and runbook docs referenced in Delivery Tracker). - -## Dependencies & Concurrency -- Upstream dependency: Sprint 200.A - Docs Tasks.Md.IX and any blockers listed in `BLOCKED_DEPENDENCY_TREE.md`. Review before moving tasks to DOING. -- Parallel-safe with other docs sprints; maintain deterministic ordering by Task ID when updating tables. - -## Documentation Prerequisites -- docs/README.md; docs/07_HIGH_LEVEL_ARCHITECTURE.md; docs/modules/platform/architecture-overview.md. -- Module dossiers relevant to tasks: docs/modules/scanner/architecture.md; docs/modules/vex-lens/architecture.md; docs/modules/authority/architecture.md; docs/modules/cli/architecture.md. -- Tenancy/security ADRs referenced in DVDO0110; surface/replay notes (SCANNER-SURFACE-04, RPRC0101) when available. - -## Delivery Tracker -| # | Task ID | Status | Key dependency / next step | Owners | Task Definition | -| --- | --- | --- | --- | --- | --- | -| 1 | DOCS-SIG-26-008 | DOING | Skeleton drafted; still needs DOCS-SIG-26-007 + notifications hooks (058_NOTY0101) | Docs Guild; DevOps Guild | Write `/docs/migration/enable-reachability.md` covering rollout, fallbacks, monitoring. | -| 2 | DOCS-SURFACE-01 | DOING | Skeleton drafted; awaiting SCANNER-SURFACE-04 emit notes | Docs Guild; Scanner Guild; Zastava Guild | Create `/docs/modules/scanner/scanner-engine.md` for Surface.FS/Env/Secrets workflow across Scanner/Zastava/Scheduler/Ops. | -| 3 | DOCS-SCANNER-BENCH-62-002 | DOING | Skeleton drafted; awaiting SCSA0301 inputs | Docs Guild; Product Guild | Capture customer demand for Windows/macOS analyzer coverage and document outcomes. | -| 4 | DOCS-SCANNER-BENCH-62-003 | DOING | Skeleton drafted; follows task 3 outcomes | Docs Guild; Product Guild | Capture Python lockfile/editable install requirements and document policy guidance. | -| 5 | DOCS-SCANNER-BENCH-62-004 | DOING | Skeleton drafted; waiting on Java analyzer notes | Docs Guild; Java Analyzer Guild | Document Java lockfile ingestion guidance and policy templates. | -| 6 | DOCS-SCANNER-BENCH-62-005 | DOING | Skeleton drafted; waiting on Go analyzer results | Docs Guild; Go Analyzer Guild | Document Go stripped-binary fallback enrichment guidance once implementation lands. | -| 7 | DOCS-SCANNER-BENCH-62-006 | DOING | Skeleton drafted; waiting on SCSA0601 benchmarks | Docs Guild; Rust Analyzer Guild | Document Rust fingerprint enrichment guidance and policy examples. | -| 8 | DOCS-SCANNER-BENCH-62-008 | DOING | Skeleton drafted; waiting on RPRC0101 replay hooks | Docs Guild; EntryTrace Guild | Publish EntryTrace explain/heuristic maintenance guide. | -| 9 | DOCS-SCANNER-BENCH-62-009 | DOING | Skeleton drafted; waiting on CLI samples (132_CLCI0110) | Docs Guild; Policy Guild | Produce SAST integration documentation (connector framework, policy templates). | -| 10 | DOCS-TEN-47-001 | DOING | Skeletons drafted; waiting on DVDO0110 tenancy ADR | Docs Guild; Authority Core | Publish `/docs/security/tenancy-overview.md` and `/docs/security/scopes-and-roles.md` outlining scope grammar, tenant model, imposed rule reminder. | -| 11 | DOCS-TEN-48-001 | DOING | Skeletons drafted; depends on DOCS-TEN-47-001 | Docs Guild; Platform Ops | Publish `/docs/operations/multi-tenancy.md`, `/docs/operations/rls-and-data-isolation.md`, `/docs/console/admin-tenants.md`. | -| 12 | DOCS-TEN-49-001 | DOING | Skeletons drafted; env vars pending DVDO0110 monitoring plan | Docs Guild; DevEx Guilds | Publish `/docs/modules/cli/guides/authentication.md`, `/docs/api/authentication.md`, `/docs/policy/examples/abac-overlays.md`, update `/docs/install/configuration-reference.md` with new env vars (include imposed rule line). | -| 13 | DOCS-TEST-62-001 | DOING | Skeleton drafted; awaiting DOSK0101 examples | Docs Guild; Contract Testing Guild | Author `/docs/testing/contract-testing.md` covering mock server, replay tests, golden fixtures. | -| 14 | DOCS-VEX-30-001 | DOING | Skeleton drafted; needs PLVL0102 schema snapshot | Docs Guild; VEX Lens Guild | Publish `/docs/vex/consensus-overview.md` describing purpose, scope, AOC guarantees. | -| 15 | DOCS-VEX-30-002 | DOING | Skeleton drafted; depends on DOCS-VEX-30-001 | Docs Guild; VEX Lens Guild | Author `/docs/vex/consensus-algorithm.md` covering normalization, weighting, thresholds, examples. | -| 16 | DOCS-VEX-30-003 | DOING | Skeleton drafted; awaiting issuer directory inputs | Docs Guild; Issuer Directory Guild | Document `/docs/vex/issuer-directory.md` (issuer management, keys, trust overrides, audit). | -| 17 | DOCS-VEX-30-004 | DOING | Skeleton drafted; awaiting PLVL0102 policy join notes | Docs Guild; VEX Lens Guild | Publish `/docs/vex/consensus-api.md` with endpoint specs, query params, rate limits. | -| 18 | DOCS-VEX-30-005 | DOING | Skeleton drafted; awaiting console overlay assets | Docs Guild; Console Guild | Write `/docs/vex/consensus-console.md` covering UI workflows, filters, conflicts, accessibility. | -| 19 | DOCS-VEX-30-006 | DOING | Skeleton drafted; needs waiver/exception guidance | Docs Guild; Policy Guild | Add `/docs/policy/vex-trust-model.md` detailing policy knobs, thresholds, simulation. | -| 20 | DOCS-VEX-30-007 | DOING | Skeleton drafted; needs SBOM/VEX dataflow spec | Docs Guild; SBOM Service Guild | Publish `/docs/sbom/vex-mapping.md` (CPE→purl strategy, edge cases, overrides). | -| 21 | DOCS-VEX-30-008 | DOING | Skeleton drafted; pending security review (DVDO0110) | Docs Guild; Security Guild | Deliver `/docs/security/vex-signatures.md` (verification flow, key rotation, audit). | -| 22 | DOCS-VEX-30-009 | DOING | Skeleton drafted; pending DevOps rollout plan | Docs Guild; DevOps Guild | Create `/docs/runbooks/vex-ops.md` for recompute storms, mapping failures, signature errors. | - -## Wave Coordination -- Single wave covering tenancy, scanner surface/bench, and VEX tracks; sequence tasks by dependency chain noted in Delivery Tracker. - -## Wave Detail Snapshots -- Pre-draft lane (in progress, skeleton-only to cut start latency): - - Tenancy trio: `/docs/security/tenancy-overview.md`, `/docs/security/scopes-and-roles.md`, `/docs/operations/multi-tenancy.md` — outline structure, add TODO callouts for ADR inputs, and reserve imposed-rule reminders. - - Reachability migration: `/docs/migration/enable-reachability.md` — rollout phases, fallback playbook, monitoring hooks placeholders. - - VEX consensus set: `/docs/vex/consensus-overview.md`, `/docs/vex/consensus-algorithm.md`, `/docs/vex/issuer-directory.md`, `/docs/vex/consensus-api.md` — shared front-matter + glossary; stub examples section for PLVL0102 data. - - Scanner surface/bench: `/docs/modules/scanner/scanner-engine.md` and `/docs/modules/scanner/benchmarks/*.md` — frame sections for Surface.FS/Env/Secrets flow, OS coverage, language lockfiles, stripped/entrytrace/SAST enrichers. - - Contract testing: `/docs/testing/contract-testing.md` — outline for mock server, replay fixtures, golden files, determinism guardrails. - -## Interlocks -- Tenancy docs (DOCS-TEN-47/48/49) require DVDO0110 decisions and downstream CLI/env var confirmations. -- Reachability migration guide depends on DOCS-SIG-26-007 and notifications hook readiness (058_NOTY0101). -- Scanner surface/bench docs depend on analyzer outputs (SCSA0301, SCSA0601), replay hooks (RPRC0101), and CLI samples (132_CLCI0110). -- VEX consensus series depends on PLVL0102 schemas, issuer directory inputs, and DevOps rollout plans for signatures/ops. - -## Upcoming Checkpoints -- 2025-12-07 15:00 UTC — 20-min skeleton-sync to align outlines and branch contents across guild writers. -- 2025-12-08 15:00 UTC — daily micro-sync to triage incoming ADR/schema/logs and assign fill-ins. -- 2025-12-09 15:00 UTC — dependency check-in with Security, DevOps, VEX, Surface guilds (confirm DVDO0110, PLVL0102, SCANNER-SURFACE-04 readiness). - -## Action Tracker -| Action | Owner | Due (UTC) | Status | Notes | -| --- | --- | --- | --- | --- | -| Collect DVDO0110 tenancy ADR and monitoring plan | Docs PM | 2025-12-08 | DOING | Outreach started; schedule follow-up if no packet by EOD 12-06. | -| Retrieve Surface emit notes (SCANNER-SURFACE-04) and replay hooks (RPRC0101) | Docs PM | 2025-12-08 | DOING | Pinged Surface and Replay owners; waiting on logs bundle. | -| Obtain PLVL0102 schema snapshot and issuer directory inputs | Docs PM | 2025-12-09 | DOING | VEX Lens/Issuer leads looped; expect draft schema by 12-07. | -| Draft skeletons for tenancy, reachability, VEX consensus, scanner bench docs (placeholders, section headers, TODO callouts) | Docs Guild | 2025-12-07 | DOING | Keeps writers moving; swap TODOs once inputs land. | -| Prep contract-testing doc outline and fixture checklist | Docs Guild | 2025-12-07 | DOING | Aligns with DOSK0101 guidance; ready to merge once examples arrive. | -| Create stub files/PR branch for all skeletons listed in Wave Detail Snapshots | Docs Guild | 2025-12-07 | DONE | Stub files added in working tree; branch optional if reviewers prefer. | -| Open working branch `feature/docs-mdx-skeletons` with placeholder files and TODO callouts | Docs Guild | 2025-12-07 | DONE | Branch created for review; stubs/TODOs committed there. | -| Draft outline headings for tenancy trio, reachability guide, VEX set, scanner engine/bench, contract-testing | Docs Guild | 2025-12-07 | DONE | Skeleton headings and TODO callouts laid down. | -| Prepare fallback “TBD-tagged” placeholder PR if inputs slip past 2025-12-09 check-in | Docs Guild | 2025-12-09 | PLANNED | Ensures docs land with explicit TBDs rather than missing coverage. | -| Commit & push branch `feature/docs-mdx-skeletons` once credentials/hook window available | Docs Guild | 2025-12-06 | PLANNED | Local commit/push pending; staging is ready. | - -## Decisions & Risks -| Risk | Impact | Mitigation | Owner | -| --- | --- | --- | --- | -| Upstream dependencies (DVDO0110, DOCS-SIG-26-007, analyzer outputs) slip | Doc set misses release window or ships with gaps | Track blockers via `BLOCKED_DEPENDENCY_TREE.md`, gate DOING until inputs land, use interim placeholders only with explicit notes | Docs Guild | -| Cross-module docs drift in style/terminology | Increased review churn and inconsistent guidance | Align with module dossiers and shared glossary; peer review across guilds before marking tasks DONE | Docs Guild | -| Filename change from legacy sprint reference | References could break in aggregators | Replace references in aggregators; note rename in Execution Log | Project management | - +# Sprint 0310 · Documentation & Process — Docs Tasks Md.X + +## Topic & Scope +- Advance the tenth Docs Tasks wave (Md.X) with tenancy, reachability, scanner surface/bench, and VEX consensus documentation ready for downstream consumers. +- Align doc outputs with upstream implementation sprints (Surface, Tenancy, VEX Lens) and ensure guidance stays deterministic/offline-friendly. +- Evidence expected: published/updated markdown in `docs/**` plus traceable task status in this sprint. +- **Working directory:** `docs/implplan` (coordination) and `docs/` (module and runbook docs referenced in Delivery Tracker). + +## Dependencies & Concurrency +- Upstream dependency: Sprint 200.A - Docs Tasks.Md.IX and any blockers listed in `BLOCKED_DEPENDENCY_TREE.md`. Review before moving tasks to DOING. +- Parallel-safe with other docs sprints; maintain deterministic ordering by Task ID when updating tables. + +## Documentation Prerequisites +- docs/README.md; docs/07_HIGH_LEVEL_ARCHITECTURE.md; docs/modules/platform/architecture-overview.md. +- Module dossiers relevant to tasks: docs/modules/scanner/architecture.md; docs/modules/vex-lens/architecture.md; docs/modules/authority/architecture.md; docs/modules/cli/architecture.md. +- Tenancy/security ADRs referenced in DVDO0110; surface/replay notes (SCANNER-SURFACE-04, RPRC0101) when available. + +## Delivery Tracker +| # | Task ID | Status | Key dependency / next step | Owners | Task Definition | +| --- | --- | --- | --- | --- | --- | +| 1 | DOCS-SIG-26-008 | DOING | Skeleton drafted; still needs DOCS-SIG-26-007 + notifications hooks (058_NOTY0101) | Docs Guild; DevOps Guild | Write `/docs/migration/enable-reachability.md` covering rollout, fallbacks, monitoring. | +| 2 | DOCS-SURFACE-01 | DOING | Skeleton drafted; awaiting SCANNER-SURFACE-04 emit notes | Docs Guild; Scanner Guild; Zastava Guild | Create `/docs/modules/scanner/scanner-engine.md` for Surface.FS/Env/Secrets workflow across Scanner/Zastava/Scheduler/Ops. | +| 3 | DOCS-SCANNER-BENCH-62-002 | DOING | Skeleton drafted; awaiting SCSA0301 inputs | Docs Guild; Product Guild | Capture customer demand for Windows/macOS analyzer coverage and document outcomes. | +| 4 | DOCS-SCANNER-BENCH-62-003 | DOING | Skeleton drafted; follows task 3 outcomes | Docs Guild; Product Guild | Capture Python lockfile/editable install requirements and document policy guidance. | +| 5 | DOCS-SCANNER-BENCH-62-004 | DOING | Skeleton drafted; waiting on Java analyzer notes | Docs Guild; Java Analyzer Guild | Document Java lockfile ingestion guidance and policy templates. | +| 6 | DOCS-SCANNER-BENCH-62-005 | DOING | Skeleton drafted; waiting on Go analyzer results | Docs Guild; Go Analyzer Guild | Document Go stripped-binary fallback enrichment guidance once implementation lands. | +| 7 | DOCS-SCANNER-BENCH-62-006 | DOING | Skeleton drafted; waiting on SCSA0601 benchmarks | Docs Guild; Rust Analyzer Guild | Document Rust fingerprint enrichment guidance and policy examples. | +| 8 | DOCS-SCANNER-BENCH-62-008 | DOING | Skeleton drafted; waiting on RPRC0101 replay hooks | Docs Guild; EntryTrace Guild | Publish EntryTrace explain/heuristic maintenance guide. | +| 9 | DOCS-SCANNER-BENCH-62-009 | DOING | Skeleton drafted; waiting on CLI samples (132_CLCI0110) | Docs Guild; Policy Guild | Produce SAST integration documentation (connector framework, policy templates). | +| 10 | DOCS-TEN-47-001 | DOING | Skeletons drafted; waiting on DVDO0110 tenancy ADR | Docs Guild; Authority Core | Publish `/docs/security/tenancy-overview.md` and `/docs/security/scopes-and-roles.md` outlining scope grammar, tenant model, imposed rule reminder. | +| 11 | DOCS-TEN-48-001 | DOING | Skeletons drafted; depends on DOCS-TEN-47-001 | Docs Guild; Platform Ops | Publish `/docs/operations/multi-tenancy.md`, `/docs/operations/rls-and-data-isolation.md`, `/docs/console/admin-tenants.md`. | +| 12 | DOCS-TEN-49-001 | DOING | Skeletons drafted; env vars pending DVDO0110 monitoring plan | Docs Guild; DevEx Guilds | Publish `/docs/modules/cli/guides/authentication.md`, `/docs/api/authentication.md`, `/docs/policy/examples/abac-overlays.md`, update `/docs/install/configuration-reference.md` with new env vars (include imposed rule line). | +| 13 | DOCS-TEST-62-001 | DOING | Skeleton drafted; awaiting DOSK0101 examples | Docs Guild; Contract Testing Guild | Author `/docs/testing/contract-testing.md` covering mock server, replay tests, golden fixtures. | +| 14 | DOCS-VEX-30-001 | DOING | Skeleton drafted; needs PLVL0102 schema snapshot | Docs Guild; VEX Lens Guild | Publish `/docs/vex/consensus-overview.md` describing purpose, scope, AOC guarantees. | +| 15 | DOCS-VEX-30-002 | DOING | Skeleton drafted; depends on DOCS-VEX-30-001 | Docs Guild; VEX Lens Guild | Author `/docs/vex/consensus-algorithm.md` covering normalization, weighting, thresholds, examples. | +| 16 | DOCS-VEX-30-003 | DOING | Skeleton drafted; awaiting issuer directory inputs | Docs Guild; Issuer Directory Guild | Document `/docs/vex/issuer-directory.md` (issuer management, keys, trust overrides, audit). | +| 17 | DOCS-VEX-30-004 | DOING | Skeleton drafted; awaiting PLVL0102 policy join notes | Docs Guild; VEX Lens Guild | Publish `/docs/vex/consensus-api.md` with endpoint specs, query params, rate limits. | +| 18 | DOCS-VEX-30-005 | DOING | Skeleton drafted; awaiting console overlay assets | Docs Guild; Console Guild | Write `/docs/vex/consensus-console.md` covering UI workflows, filters, conflicts, accessibility. | +| 19 | DOCS-VEX-30-006 | DOING | Skeleton drafted; needs waiver/exception guidance | Docs Guild; Policy Guild | Add `/docs/policy/vex-trust-model.md` detailing policy knobs, thresholds, simulation. | +| 20 | DOCS-VEX-30-007 | DOING | Skeleton drafted; needs SBOM/VEX dataflow spec | Docs Guild; SBOM Service Guild | Publish `/docs/sbom/vex-mapping.md` (CPE→purl strategy, edge cases, overrides). | +| 21 | DOCS-VEX-30-008 | DOING | Skeleton drafted; pending security review (DVDO0110) | Docs Guild; Security Guild | Deliver `/docs/security/vex-signatures.md` (verification flow, key rotation, audit). | +| 22 | DOCS-VEX-30-009 | DOING | Skeleton drafted; pending DevOps rollout plan | Docs Guild; DevOps Guild | Create `/docs/runbooks/vex-ops.md` for recompute storms, mapping failures, signature errors. | + +## Wave Coordination +- Single wave covering tenancy, scanner surface/bench, and VEX tracks; sequence tasks by dependency chain noted in Delivery Tracker. + +## Wave Detail Snapshots +- Pre-draft lane (in progress, skeleton-only to cut start latency): + - Tenancy trio: `/docs/security/tenancy-overview.md`, `/docs/security/scopes-and-roles.md`, `/docs/operations/multi-tenancy.md` — outline structure, add TODO callouts for ADR inputs, and reserve imposed-rule reminders. + - Reachability migration: `/docs/migration/enable-reachability.md` — rollout phases, fallback playbook, monitoring hooks placeholders. + - VEX consensus set: `/docs/vex/consensus-overview.md`, `/docs/vex/consensus-algorithm.md`, `/docs/vex/issuer-directory.md`, `/docs/vex/consensus-api.md` — shared front-matter + glossary; stub examples section for PLVL0102 data. + - Scanner surface/bench: `/docs/modules/scanner/scanner-engine.md` and `/docs/modules/scanner/benchmarks/*.md` — frame sections for Surface.FS/Env/Secrets flow, OS coverage, language lockfiles, stripped/entrytrace/SAST enrichers. + - Contract testing: `/docs/testing/contract-testing.md` — outline for mock server, replay fixtures, golden files, determinism guardrails. + ## Execution Log | Date (UTC) | Update | Owner | | --- | --- | --- | -| 2025-12-05 | Normalized sprint to template; renamed from `SPRINT_310_docs_tasks_md_x.md` to `SPRINT_0310_0001_0010_docs_tasks_md_x.md`; no task status changes. | Project management | -| 2025-12-05 | Marked all tasks BLOCKED pending upstream inputs; added checkpoint and action tracker to keep momentum once dependencies land. | Project management | -| 2025-12-05 | Started dependency collection and prepped doc skeleton workstreams to reduce start latency when inputs arrive. | Project management | -| 2025-12-05 | Added pre-draft lane and stub-file plan; owners moving on outlines while dependencies arrive. | Project management | -| 2025-12-05 | Moved stub-branch actions to DOING and queued outline drafting to keep writers busy until inputs unblock. | Project management | -| 2025-12-05 | Scheduled upcoming micro-syncs and added fallback TBD-PR plan to avoid idle time if dependencies slip. | Project management | -| 2025-12-05 | Drafted skeleton docs for reachability, surface, tenancy set, CLI/API auth, ABAC overlays, contract testing, VEX series, and scanner bench tracks; advanced related tasks to DOING while inputs remain pending. | Project management | -| 2025-12-05 | Recorded progress in Action Tracker: stub files landed; outlines complete; branch creation deferred unless reviewers request. | Project management | -| 2025-12-05 | Created branch `feature/docs-mdx-skeletons` to stage skeleton work for review. | Project management | -| 2025-12-05 | Commit/push still pending (credentials/hook window); all files staged on `feature/docs-mdx-skeletons`. | Project management | -| 2025-12-06 | Scheduled 2025-12-07 skeleton-sync and defined working branch name for placeholders. | Project management | +| 2025-12-05 | Normalised sprint to standard template; clarified header; moved interlocks into Decisions & Risks; no status changes. | Project Mgmt | + +## Decisions & Risks +- **Risk:** Tenancy docs (DOCS-TEN-47/48/49) require DVDO0110 decisions and CLI/env var confirmations; keep DOING with placeholders until ADR lands. +- **Risk:** Reachability migration guide depends on DOCS-SIG-26-007 and notifications hook readiness (058_NOTY0101); keep coordination with Signals/Notify guilds. +- **Risk:** Scanner surface/bench docs depend on analyzer outputs (SCSA0301, SCSA0601), replay hooks (RPRC0101), and CLI samples (132_CLCI0110); leave DOING skeletons until evidence delivered. +- **Risk:** VEX consensus series depends on PLVL0102 schemas, issuer directory inputs, and DevOps rollout plans for signatures/ops; block finalization on schema snapshots and rollout plan. +- **Decision:** Maintain single-wave execution; task ordering follows Delivery Tracker to preserve dependency chain determinism. + +## Upcoming Checkpoints +- 2025-12-07 15:00 UTC — 20-min skeleton-sync to align outlines and branch contents across guild writers. +- 2025-12-08 15:00 UTC — daily micro-sync to triage incoming ADR/schema/logs and assign fill-ins. +- 2025-12-09 15:00 UTC — dependency check-in with Security, DevOps, VEX, Surface guilds (confirm DVDO0110, PLVL0102, SCANNER-SURFACE-04 readiness). + +## Action Tracker +| Action | Owner | Due (UTC) | Status | Notes | +| --- | --- | --- | --- | --- | +| Collect DVDO0110 tenancy ADR and monitoring plan | Docs PM | 2025-12-08 | DOING | Outreach started; schedule follow-up if no packet by EOD 12-06. | +| Retrieve Surface emit notes (SCANNER-SURFACE-04) and replay hooks (RPRC0101) | Docs PM | 2025-12-08 | DOING | Pinged Surface and Replay owners; waiting on logs bundle. | +| Obtain PLVL0102 schema snapshot and issuer directory inputs | Docs PM | 2025-12-09 | DOING | VEX Lens/Issuer leads looped; expect draft schema by 12-07. | +| Draft skeletons for tenancy, reachability, VEX consensus, scanner bench docs (placeholders, section headers, TODO callouts) | Docs Guild | 2025-12-07 | DOING | Keeps writers moving; swap TODOs once inputs land. | +| Prep contract-testing doc outline and fixture checklist | Docs Guild | 2025-12-07 | DOING | Aligns with DOSK0101 guidance; ready to merge once examples arrive. | +| Create stub files/PR branch for all skeletons listed in Wave Detail Snapshots | Docs Guild | 2025-12-07 | DONE | Stub files added in working tree; branch optional if reviewers prefer. | +| Open working branch `feature/docs-mdx-skeletons` with placeholder files and TODO callouts | Docs Guild | 2025-12-07 | DONE | Branch created for review; stubs/TODOs committed there. | +| Draft outline headings for tenancy trio, reachability guide, VEX set, scanner engine/bench, contract-testing | Docs Guild | 2025-12-07 | DONE | Skeleton headings and TODO callouts laid down. | +| Prepare fallback “TBD-tagged” placeholder PR if inputs slip past 2025-12-09 check-in | Docs Guild | 2025-12-09 | PLANNED | Ensures docs land with explicit TBDs rather than missing coverage. | +| Commit & push branch `feature/docs-mdx-skeletons` once credentials/hook window available | Docs Guild | 2025-12-06 | PLANNED | Local commit/push pending; staging is ready. | + +## Decisions & Risks +| Risk | Impact | Mitigation | Owner | +| --- | --- | --- | --- | +| Upstream dependencies (DVDO0110, DOCS-SIG-26-007, analyzer outputs) slip | Doc set misses release window or ships with gaps | Track blockers via `BLOCKED_DEPENDENCY_TREE.md`, gate DOING until inputs land, use interim placeholders only with explicit notes | Docs Guild | +| Cross-module docs drift in style/terminology | Increased review churn and inconsistent guidance | Align with module dossiers and shared glossary; peer review across guilds before marking tasks DONE | Docs Guild | +| Filename change from legacy sprint reference | References could break in aggregators | Replace references in aggregators; note rename in Execution Log | Project management | + +## Execution Log +| Date (UTC) | Update | Owner | +| --- | --- | --- | +| 2025-12-05 | Normalized sprint to template; renamed from `SPRINT_310_docs_tasks_md_x.md` to `SPRINT_0310_0001_0010_docs_tasks_md_x.md`; no task status changes. | Project management | +| 2025-12-05 | Marked all tasks BLOCKED pending upstream inputs; added checkpoint and action tracker to keep momentum once dependencies land. | Project management | +| 2025-12-05 | Started dependency collection and prepped doc skeleton workstreams to reduce start latency when inputs arrive. | Project management | +| 2025-12-05 | Added pre-draft lane and stub-file plan; owners moving on outlines while dependencies arrive. | Project management | +| 2025-12-05 | Moved stub-branch actions to DOING and queued outline drafting to keep writers busy until inputs unblock. | Project management | +| 2025-12-05 | Scheduled upcoming micro-syncs and added fallback TBD-PR plan to avoid idle time if dependencies slip. | Project management | +| 2025-12-05 | Drafted skeleton docs for reachability, surface, tenancy set, CLI/API auth, ABAC overlays, contract testing, VEX series, and scanner bench tracks; advanced related tasks to DOING while inputs remain pending. | Project management | +| 2025-12-05 | Recorded progress in Action Tracker: stub files landed; outlines complete; branch creation deferred unless reviewers request. | Project management | +| 2025-12-05 | Created branch `feature/docs-mdx-skeletons` to stage skeleton work for review. | Project management | +| 2025-12-05 | Commit/push still pending (credentials/hook window); all files staged on `feature/docs-mdx-skeletons`. | Project management | +| 2025-12-06 | Scheduled 2025-12-07 skeleton-sync and defined working branch name for placeholders. | Project management | diff --git a/docs/implplan/SPRINT_0311_0001_0001_docs_tasks_md_xi.md b/docs/implplan/SPRINT_0311_0001_0001_docs_tasks_md_xi.md index e9b07e086..6396ea92e 100644 --- a/docs/implplan/SPRINT_0311_0001_0001_docs_tasks_md_xi.md +++ b/docs/implplan/SPRINT_0311_0001_0001_docs_tasks_md_xi.md @@ -1,110 +1,115 @@ -# Sprint 0311_0001_0001 · Documentation & Process · Docs Tasks Md.XI - -## Topic & Scope -- Phase Md.XI of the docs ladder covering Vuln Explorer + Findings Ledger: overview, console, API, CLI, ledger, policy, VEX, advisories, SBOM, observability, security, ops, and install guides. -- Deliver offline/deterministic artifacts (hash manifests for captures and payloads) aligned with Vuln Explorer and Findings Ledger schemas. -- **Working directory:** `docs/` (Vuln Explorer + Findings Ledger docs; fixtures/assets under `docs/assets/vuln-explorer/**`). Active items only; completed work lives in `docs/implplan/archived/tasks.md` (updated 2025-11-08). - -## Dependencies & Concurrency -- Upstream: Md.X hand-off (SPRINT_0310_0001_0010_docs_tasks_md_x) plus Vuln Explorer GRAP0101 contract and Findings Ledger replay/Merkle notes. -- Concurrency: coordinate UI/CLI/Policy/DevOps asset drops; avoid back edges to Md.VIII/IX risk ladders and reachability doc sprints. -- BLOCKED tasks must mirror `BLOCKED_DEPENDENCY_TREE.md` before movement. - -## Documentation Prerequisites -- `docs/README.md` -- `docs/07_HIGH_LEVEL_ARCHITECTURE.md` -- `docs/modules/platform/architecture-overview.md` -- `docs/modules/vuln-explorer/architecture.md` -- `docs/modules/findings-ledger/README.md` -- `docs/implplan/AGENTS.md` - -> **BLOCKED Tasks:** Before working on BLOCKED tasks, review [BLOCKED_DEPENDENCY_TREE.md](./BLOCKED_DEPENDENCY_TREE.md) for root blockers and dependencies. - -## Delivery Tracker -| # | Task ID | Status | Key dependency / next step | Owners | Task Definition | -| --- | --- | --- | --- | --- | --- | -| 1 | DOCS-VULN-29-001 | DOING | Outline stub drafted at `docs/vuln/explorer-overview.md`; awaiting GRAP0101 domain model freeze. Integration checklist at `docs/vuln/GRAP0101-integration-checklist.md`. | Docs Guild · Vuln Explorer Guild | Publish `/docs/vuln/explorer-overview.md` covering domain model, identities, AOC guarantees, workflow summary. | -| 2 | DOCS-VULN-29-002 | TODO | Blocked on #1 content; draft stub at `docs/vuln/explorer-using-console.md` pending assets. | Docs Guild · Console Guild | Write `/docs/vuln/explorer-using-console.md` with workflows, screenshots, keyboard shortcuts, saved views, deep links. | -| 3 | DOCS-VULN-29-003 | TODO | Draft stub at `docs/vuln/explorer-api.md`; needs GRAP0101 schema + asset samples after #2. | Docs Guild · Vuln Explorer API Guild | Author `/docs/vuln/explorer-api.md` (endpoints, query schema, grouping, errors, rate limits). | -| 4 | DOCS-VULN-29-004 | TODO | Stub at `docs/vuln/explorer-cli.md`; awaiting API schema + CLI samples from #3. | Docs Guild · DevEx/CLI Guild | Publish `/docs/vuln/explorer-cli.md` with command reference, samples, exit codes, CI snippets. | -| 5 | DOCS-VULN-29-005 | TODO | Stub at `docs/vuln/findings-ledger.md`; awaits GRAP0101 + security review + CLI flow (#4). | Docs Guild · Findings Ledger Guild | Write `/docs/vuln/findings-ledger.md` detailing event schema, hashing, Merkle roots, replay tooling. | -| 6 | DOCS-VULN-29-006 | TODO | Stub at `docs/policy/vuln-determinations.md`; awaiting signals/sim semantics from #5 + DevOps plan. | Docs Guild · Policy Guild | Update `/docs/policy/vuln-determinations.md` for new rationale, signals, simulation semantics. | -| 7 | DOCS-VULN-29-007 | TODO | Stub at `docs/vex/explorer-integration.md`; waiting on CSAF mapping + suppression precedence after #6. | Docs Guild · Excititor Guild | Publish `/docs/vex/explorer-integration.md` covering CSAF mapping, suppression precedence, status semantics. | -| 8 | DOCS-VULN-29-008 | TODO | Stub at `docs/advisories/explorer-integration.md`; requires export bundle spec + VEX integration from #7. | Docs Guild · Concelier Guild | Publish `/docs/advisories/explorer-integration.md` covering key normalization, withdrawn handling, provenance. | -| 9 | DOCS-VULN-29-009 | TODO | Stub at `docs/sbom/vuln-resolution.md`; needs SBOM/vuln scope guidance following #8. | Docs Guild · SBOM Service Guild | Author `/docs/sbom/vuln-resolution.md` detailing version semantics, scope, paths, safe version hints. | -| 10 | DOCS-VULN-29-010 | TODO | Stub at `docs/observability/vuln-telemetry.md`; awaiting DevOps telemetry plan after #9. | Docs Guild · Observability Guild | Publish `/docs/observability/vuln-telemetry.md` (metrics, logs, tracing, dashboards, SLOs). | -| 11 | DOCS-VULN-29-011 | TODO | Stub at `docs/security/vuln-rbac.md`; requires security review + role matrix after #10. | Docs Guild · Security Guild | Create `/docs/security/vuln-rbac.md` for roles, ABAC policies, attachment encryption, CSRF. | -| 12 | DOCS-VULN-29-012 | TODO | Stub at `docs/runbooks/vuln-ops.md`; depends on policy overlay outputs after #11. | Docs Guild · Ops Guild | Write `/docs/runbooks/vuln-ops.md` (projector lag, resolver storms, export failures, policy activation). | -| 13 | DOCS-VULN-29-013 | TODO | Pending images/manifests after #12; will update existing `/docs/install/containers.md` when available (no stub created to avoid conflicts). | Docs Guild · Deployment Guild | Update `/docs/install/containers.md` with Findings Ledger & Vuln Explorer API images, manifests, resource sizing, health checks. | - -## Wave Coordination -- Single wave (Md.XI) covering Vuln Explorer + Findings Ledger docs; sequencing follows Delivery Tracker dependencies. - -## Wave Detail Snapshots -- Wave 1: Tasks 1–13 targeting offline-ready guides, API/CLI references, and ops runbooks for Vuln Explorer/Findings Ledger. - -## Interlocks -- UI/CLI asset drops required for console + CLI guides. -- Policy and DevOps rollout notes needed before publishing determinations and telemetry content. -- Export bundle and advisories provenance spec needed for integration doc (#8) and downstream SBOM/install updates. - -## Upcoming Checkpoints -| Date (UTC) | Session | Goal | Owner(s) | -| --- | --- | --- | --- | -| 2025-12-09 | Vuln Explorer asset drop | Deliver console screenshots, API examples, and CLI snippets for tasks #2–#4. | Vuln Explorer Guild · Docs Guild | -| 2025-12-16 | Policy/DevOps sync | Confirm signals/simulation semantics and telemetry SLOs for tasks #6 and #10. | Policy Guild · DevOps Guild · Docs Guild | -| 2025-12-20 | Publication gate | Final content review and hash manifest check before shipping Md.XI set. | Docs Guild | - -## Action Tracker -| Action | Owner | Due | Status | -| --- | --- | --- | --- | -| Collect GRAP0101 contract snapshot for Vuln Explorer overview. | Docs Guild | 2025-12-08 | In Progress | -| Request export bundle spec + provenance notes for advisories integration. | Concelier Guild | 2025-12-12 | In Progress | -| Prepare hash manifest template for screenshots/payloads under `docs/assets/vuln-explorer/`. | Docs Guild | 2025-12-10 | DONE | -| Request console/UI/CLI asset drop (screens, payloads, samples) for DOCS-VULN-29-002..004. | Vuln Explorer Guild · Console Guild · DevEx/CLI Guild | 2025-12-09 | In Progress | -| Secure DevOps telemetry plan for Vuln Explorer metrics/logs/traces (task #10). | DevOps Guild | 2025-12-16 | Open | -| Security review for RBAC/attachment token wording (task #11) and hashing posture. | Security Guild | 2025-12-18 | Open | -| Prepare asset directories under `docs/assets/vuln-explorer/**` for console/API/CLI/ledger/telemetry/RBAC/runbook/advisory/SBOM/VEX samples; hash in SHA256SUMS on arrival. | Docs Guild | 2025-12-10 | DONE | -| Pre-fill SHA256SUMS with placeholder lines for expected assets to speed hash capture on drop. | Docs Guild | 2025-12-10 | DONE | -| Escalate to platform PM if GRAP0101 contract not delivered by 2025-12-09 (blocks entire Md.XI chain). | Docs Guild | 2025-12-09 | Open | - -## Decisions & Risks -### Decisions -| Decision | Owner(s) | Due | Notes | -| --- | --- | --- | --- | -| Md.XI scope fixed to Vuln Explorer + Findings Ledger doc chain; no new module docs added this wave. | Docs Guild | 2025-12-05 | Keeps ladder narrow and preserves dependency ordering. | - -### Risks -| Risk | Impact | Mitigation | -| --- | --- | --- | -| Console/API/CLI assets arrive late. | Delays tasks #2–#4 and downstream chain (#5–#13). | Request early text stubs and payload samples; keep tasks TODO until hashes captured. | -| Export bundle and advisories provenance spec not delivered. | Blocks task #8 and downstream SBOM/observability/install docs. | Track in Action Tracker; mirror blocker in `BLOCKED_DEPENDENCY_TREE.md` if slip past 2025-12-12. | -| Policy/DevOps semantics churn. | Rework across tasks #6 and #10–#12. | Hold publish until 2025-12-16 sync; capture versioned assumptions in doc footers. | - +# Sprint 0311 · Documentation & Process · Docs Tasks Md.XI + +## Topic & Scope +- Phase Md.XI of the docs ladder covering Vuln Explorer + Findings Ledger: overview, console, API, CLI, ledger, policy, VEX, advisories, SBOM, observability, security, ops, and install guides. +- Deliver offline/deterministic artifacts (hash manifests for captures and payloads) aligned with Vuln Explorer and Findings Ledger schemas. +- **Working directory:** `docs/` (Vuln Explorer + Findings Ledger docs; fixtures/assets under `docs/assets/vuln-explorer/**`). Active items only; completed work lives in `docs/implplan/archived/tasks.md` (updated 2025-11-08). + +## Dependencies & Concurrency +- Upstream: Md.X hand-off (SPRINT_0310_0001_0010_docs_tasks_md_x) plus Vuln Explorer GRAP0101 contract and Findings Ledger replay/Merkle notes. +- Concurrency: coordinate UI/CLI/Policy/DevOps asset drops; avoid back edges to Md.VIII/IX risk ladders and reachability doc sprints. +- BLOCKED tasks must mirror `BLOCKED_DEPENDENCY_TREE.md` before movement. + +## Documentation Prerequisites +- `docs/README.md` +- `docs/07_HIGH_LEVEL_ARCHITECTURE.md` +- `docs/modules/platform/architecture-overview.md` +- `docs/modules/vuln-explorer/architecture.md` +- `docs/modules/findings-ledger/README.md` +- `docs/implplan/AGENTS.md` + +> **BLOCKED Tasks:** Before working on BLOCKED tasks, review [BLOCKED_DEPENDENCY_TREE.md](./BLOCKED_DEPENDENCY_TREE.md) for root blockers and dependencies. + +## Delivery Tracker +| # | Task ID | Status | Key dependency / next step | Owners | Task Definition | +| --- | --- | --- | --- | --- | --- | +| 1 | DOCS-VULN-29-001 | DOING | Outline stub drafted at `docs/vuln/explorer-overview.md`; awaiting GRAP0101 domain model freeze. Integration checklist at `docs/vuln/GRAP0101-integration-checklist.md`. | Docs Guild · Vuln Explorer Guild | Publish `/docs/vuln/explorer-overview.md` covering domain model, identities, AOC guarantees, workflow summary. | +| 2 | DOCS-VULN-29-002 | TODO | Blocked on #1 content; draft stub at `docs/vuln/explorer-using-console.md` pending assets. | Docs Guild · Console Guild | Write `/docs/vuln/explorer-using-console.md` with workflows, screenshots, keyboard shortcuts, saved views, deep links. | +| 3 | DOCS-VULN-29-003 | TODO | Draft stub at `docs/vuln/explorer-api.md`; needs GRAP0101 schema + asset samples after #2. | Docs Guild · Vuln Explorer API Guild | Author `/docs/vuln/explorer-api.md` (endpoints, query schema, grouping, errors, rate limits). | +| 4 | DOCS-VULN-29-004 | TODO | Stub at `docs/vuln/explorer-cli.md`; awaiting API schema + CLI samples from #3. | Docs Guild · DevEx/CLI Guild | Publish `/docs/vuln/explorer-cli.md` with command reference, samples, exit codes, CI snippets. | +| 5 | DOCS-VULN-29-005 | TODO | Stub at `docs/vuln/findings-ledger.md`; awaits GRAP0101 + security review + CLI flow (#4). | Docs Guild · Findings Ledger Guild | Write `/docs/vuln/findings-ledger.md` detailing event schema, hashing, Merkle roots, replay tooling. | +| 6 | DOCS-VULN-29-006 | TODO | Stub at `docs/policy/vuln-determinations.md`; awaiting signals/sim semantics from #5 + DevOps plan. | Docs Guild · Policy Guild | Update `/docs/policy/vuln-determinations.md` for new rationale, signals, simulation semantics. | +| 7 | DOCS-VULN-29-007 | TODO | Stub at `docs/vex/explorer-integration.md`; waiting on CSAF mapping + suppression precedence after #6. | Docs Guild · Excititor Guild | Publish `/docs/vex/explorer-integration.md` covering CSAF mapping, suppression precedence, status semantics. | +| 8 | DOCS-VULN-29-008 | TODO | Stub at `docs/advisories/explorer-integration.md`; requires export bundle spec + VEX integration from #7. | Docs Guild · Concelier Guild | Publish `/docs/advisories/explorer-integration.md` covering key normalization, withdrawn handling, provenance. | +| 9 | DOCS-VULN-29-009 | TODO | Stub at `docs/sbom/vuln-resolution.md`; needs SBOM/vuln scope guidance following #8. | Docs Guild · SBOM Service Guild | Author `/docs/sbom/vuln-resolution.md` detailing version semantics, scope, paths, safe version hints. | +| 10 | DOCS-VULN-29-010 | TODO | Stub at `docs/observability/vuln-telemetry.md`; awaiting DevOps telemetry plan after #9. | Docs Guild · Observability Guild | Publish `/docs/observability/vuln-telemetry.md` (metrics, logs, tracing, dashboards, SLOs). | +| 11 | DOCS-VULN-29-011 | TODO | Stub at `docs/security/vuln-rbac.md`; requires security review + role matrix after #10. | Docs Guild · Security Guild | Create `/docs/security/vuln-rbac.md` for roles, ABAC policies, attachment encryption, CSRF. | +| 12 | DOCS-VULN-29-012 | TODO | Stub at `docs/runbooks/vuln-ops.md`; depends on policy overlay outputs after #11. | Docs Guild · Ops Guild | Write `/docs/runbooks/vuln-ops.md` (projector lag, resolver storms, export failures, policy activation). | +| 13 | DOCS-VULN-29-013 | TODO | Pending images/manifests after #12; will update existing `/docs/install/containers.md` when available (no stub created to avoid conflicts). | Docs Guild · Deployment Guild | Update `/docs/install/containers.md` with Findings Ledger & Vuln Explorer API images, manifests, resource sizing, health checks. | + +## Wave Coordination +- Single wave (Md.XI) covering Vuln Explorer + Findings Ledger docs; sequencing follows Delivery Tracker dependencies. + +## Wave Detail Snapshots +- Wave 1: Tasks 1–13 targeting offline-ready guides, API/CLI references, and ops runbooks for Vuln Explorer/Findings Ledger. + ## Execution Log | Date (UTC) | Update | Owner | | --- | --- | --- | -| 2025-12-05 | Normalised sprint to docs/implplan template; renamed file to `SPRINT_0311_0001_0001_docs_tasks_md_xi.md`; no task status changes. | Project Mgmt | -| 2025-12-05 | Kicked off Md.XI: moved DOCS-VULN-29-001 to DOING; drafting outline using existing Vuln Explorer architecture notes while waiting on GRAP0101 contract. | Project Mgmt | -| 2025-12-05 | Marked GRAP0101 contract collection as In Progress; prepped outline structure to receive contract inputs and planned hash manifest template location under `docs/assets/vuln-explorer/`. | Project Mgmt | -| 2025-12-05 | Created hash manifest placeholder `docs/assets/vuln-explorer/SHA256SUMS` to keep deterministic captures ready; marked action as DONE. | Project Mgmt | -| 2025-12-05 | Initiated outreach for export bundle spec/provenance notes (Concelier Guild) to unblock DOCS-VULN-29-008 and downstream SBOM/observability/install docs; action now In Progress. | Project Mgmt | -| 2025-12-05 | Requested console/UI/CLI asset drop (screens, payloads, samples) to unblock DOCS-VULN-29-002..004; tracking in Action Tracker with 2025-12-09 due. | Project Mgmt | -| 2025-12-05 | Drafted outline stub for DOCS-VULN-29-001 at `docs/vuln/explorer-overview.md`; placeholders marked pending GRAP0101 and asset drops; kept task at DOING. | Docs Guild | -| 2025-12-05 | Enriched overview stub with current architecture details (entities, ABAC scopes, workflow, AOC chain) while retaining GRAP0101 placeholders; no status change to DOCS-VULN-29-001. | Docs Guild | -| 2025-12-05 | Added console guide stub `docs/vuln/explorer-using-console.md`; retains TODO status until GRAP0101 + UI assets arrive; noted hash requirements. | Docs Guild | -| 2025-12-05 | Added API guide stub `docs/vuln/explorer-api.md`; waiting on GRAP0101 field names and asset payloads; DOCS-VULN-29-003 remains TODO. | Docs Guild | -| 2025-12-05 | Added CLI guide stub `docs/vuln/explorer-cli.md`; pending API schema + CLI samples; DOCS-VULN-29-004 stays TODO. | Docs Guild | -| 2025-12-05 | Added findings ledger doc stub `docs/vuln/findings-ledger.md`; pending GRAP0101 alignment and security review; DOCS-VULN-29-005 remains TODO. | Docs Guild | -| 2025-12-05 | Added policy determinations stub `docs/policy/vuln-determinations.md`; awaiting signals/simulation semantics and DevOps rollout; DOCS-VULN-29-006 remains TODO. | Docs Guild | -| 2025-12-05 | Added stubs for VEX integration, advisories integration, SBOM resolution, telemetry, RBAC, and ops runbook (`docs/vex/explorer-integration.md`, `docs/advisories/explorer-integration.md`, `docs/sbom/vuln-resolution.md`, `docs/observability/vuln-telemetry.md`, `docs/security/vuln-rbac.md`, `docs/runbooks/vuln-ops.md`); tasks #7–#12 remain TODO pending upstream inputs. | Docs Guild | -| 2025-12-05 | Added Action Tracker items for telemetry plan (DevOps) and security review (RBAC/attachments hashing) to unblock tasks #10–#11; statuses Open. | Project Mgmt | -| 2025-12-05 | Filled additional architecture-aligned details into overview and VEX integration stubs (VEX-first ordering, workflow refinement); tasks remain DOING/TODO awaiting GRAP0101 and assets. | Docs Guild | -| 2025-12-05 | Added hash capture checklists to console/API/CLI/ledger stubs to accelerate deterministic publishing once assets land; task statuses unchanged. | Docs Guild | -| 2025-12-05 | Added hash capture checklists to remaining stubs (VEX, advisories, SBOM, telemetry, RBAC, ops runbook) to streamline asset hashing on arrival; tasks remain TODO. | Docs Guild | -| 2025-12-05 | Synced Vulnerability Explorer module charter alignment: confirmed `docs/modules/vuln-explorer/AGENTS.md` reviewed; stubs respect determinism/offline guardrails. | Docs Guild | -| 2025-12-05 | Created asset staging directories under `docs/assets/vuln-explorer/` with READMEs; Action Tracker item marked DONE to enable quick hash capture on asset drop. | Docs Guild | -| 2025-12-05 | Expanded overview stub with triage state machine and offline bundle expectations from module architecture; DOCS-VULN-29-001 remains DOING pending GRAP0101. | Docs Guild | -| 2025-12-05 | Added escalation action for GRAP0101 delay (due 2025-12-09) to avoid idle time; no status changes. | Docs Guild | -| 2025-12-05 | Added GRAP0101 integration checklist `docs/vuln/GRAP0101-integration-checklist.md` to speed field propagation across Md.XI stubs once contract arrives. | Docs Guild | -| 2025-12-05 | Prefilled `docs/assets/vuln-explorer/SHA256SUMS` with placeholders for expected assets to reduce turnaround when hashes land. | Docs Guild | +| 2025-12-05 | Normalised sprint to standard template; clarified header; moved interlocks into Decisions & Risks; no status changes. | Project Mgmt | + +## Decisions & Risks +- **Risk:** UI/CLI asset drops required for console and CLI guides (#2–#4); keep TODO until assets with hashes arrive. +- **Risk:** Policy and DevOps rollout notes needed before publishing determinations and telemetry content (#6, #10); block until signals/simulation semantics and SLOs are provided. +- **Risk:** Export bundle and advisories provenance spec needed for integration doc (#8) and downstream SBOM/install updates; wait for specs before progressing. +- **Decision:** Single-wave execution; tasks follow Delivery Tracker dependency order to keep Vuln Explorer/Findings Ledger chain coherent. + +## Next Checkpoints +- 2025-12-09 · Vuln Explorer asset drop: deliver console screenshots, API examples, and CLI snippets for tasks #2–#4. Owners: Vuln Explorer Guild · Docs Guild. +- 2025-12-16 · Policy/DevOps sync: confirm signals/simulation semantics and telemetry SLOs for tasks #6 and #10. Owners: Policy Guild · DevOps Guild · Docs Guild. +- 2025-12-20 · Publication gate: final content review and hash manifest check before shipping Md.XI set. Owner: Docs Guild. + +## Action Tracker +- Collect console screenshots + CLI snippets with hashes for DOCS-VULN-29-002/003/004 — Vuln Explorer Guild — Due 2025-12-09 — Open. +- Provide signals/simulation semantics + telemetry SLOs for DOCS-VULN-29-006/010 — Policy Guild · DevOps Guild — Due 2025-12-16 — Open. +- Deliver export bundle/advisory provenance spec for DOCS-VULN-29-008 — Concelier Guild — Due 2025-12-18 — Open. +| Collect GRAP0101 contract snapshot for Vuln Explorer overview. | Docs Guild | 2025-12-08 | In Progress | +| Request export bundle spec + provenance notes for advisories integration. | Concelier Guild | 2025-12-12 | In Progress | +| Prepare hash manifest template for screenshots/payloads under `docs/assets/vuln-explorer/`. | Docs Guild | 2025-12-10 | DONE | +| Request console/UI/CLI asset drop (screens, payloads, samples) for DOCS-VULN-29-002..004. | Vuln Explorer Guild · Console Guild · DevEx/CLI Guild | 2025-12-09 | In Progress | +| Secure DevOps telemetry plan for Vuln Explorer metrics/logs/traces (task #10). | DevOps Guild | 2025-12-16 | Open | +| Security review for RBAC/attachment token wording (task #11) and hashing posture. | Security Guild | 2025-12-18 | Open | +| Prepare asset directories under `docs/assets/vuln-explorer/**` for console/API/CLI/ledger/telemetry/RBAC/runbook/advisory/SBOM/VEX samples; hash in SHA256SUMS on arrival. | Docs Guild | 2025-12-10 | DONE | +| Pre-fill SHA256SUMS with placeholder lines for expected assets to speed hash capture on drop. | Docs Guild | 2025-12-10 | DONE | +| Escalate to platform PM if GRAP0101 contract not delivered by 2025-12-09 (blocks entire Md.XI chain). | Docs Guild | 2025-12-09 | Open | + +## Decisions & Risks +### Decisions +| Decision | Owner(s) | Due | Notes | +| --- | --- | --- | --- | +| Md.XI scope fixed to Vuln Explorer + Findings Ledger doc chain; no new module docs added this wave. | Docs Guild | 2025-12-05 | Keeps ladder narrow and preserves dependency ordering. | + +### Risks +| Risk | Impact | Mitigation | +| --- | --- | --- | +| Console/API/CLI assets arrive late. | Delays tasks #2–#4 and downstream chain (#5–#13). | Request early text stubs and payload samples; keep tasks TODO until hashes captured. | +| Export bundle and advisories provenance spec not delivered. | Blocks task #8 and downstream SBOM/observability/install docs. | Track in Action Tracker; mirror blocker in `BLOCKED_DEPENDENCY_TREE.md` if slip past 2025-12-12. | +| Policy/DevOps semantics churn. | Rework across tasks #6 and #10–#12. | Hold publish until 2025-12-16 sync; capture versioned assumptions in doc footers. | + +## Execution Log +| Date (UTC) | Update | Owner | +| --- | --- | --- | +| 2025-12-05 | Normalised sprint to docs/implplan template; renamed file to `SPRINT_0311_0001_0001_docs_tasks_md_xi.md`; no task status changes. | Project Mgmt | +| 2025-12-05 | Kicked off Md.XI: moved DOCS-VULN-29-001 to DOING; drafting outline using existing Vuln Explorer architecture notes while waiting on GRAP0101 contract. | Project Mgmt | +| 2025-12-05 | Marked GRAP0101 contract collection as In Progress; prepped outline structure to receive contract inputs and planned hash manifest template location under `docs/assets/vuln-explorer/`. | Project Mgmt | +| 2025-12-05 | Created hash manifest placeholder `docs/assets/vuln-explorer/SHA256SUMS` to keep deterministic captures ready; marked action as DONE. | Project Mgmt | +| 2025-12-05 | Initiated outreach for export bundle spec/provenance notes (Concelier Guild) to unblock DOCS-VULN-29-008 and downstream SBOM/observability/install docs; action now In Progress. | Project Mgmt | +| 2025-12-05 | Requested console/UI/CLI asset drop (screens, payloads, samples) to unblock DOCS-VULN-29-002..004; tracking in Action Tracker with 2025-12-09 due. | Project Mgmt | +| 2025-12-05 | Drafted outline stub for DOCS-VULN-29-001 at `docs/vuln/explorer-overview.md`; placeholders marked pending GRAP0101 and asset drops; kept task at DOING. | Docs Guild | +| 2025-12-05 | Enriched overview stub with current architecture details (entities, ABAC scopes, workflow, AOC chain) while retaining GRAP0101 placeholders; no status change to DOCS-VULN-29-001. | Docs Guild | +| 2025-12-05 | Added console guide stub `docs/vuln/explorer-using-console.md`; retains TODO status until GRAP0101 + UI assets arrive; noted hash requirements. | Docs Guild | +| 2025-12-05 | Added API guide stub `docs/vuln/explorer-api.md`; waiting on GRAP0101 field names and asset payloads; DOCS-VULN-29-003 remains TODO. | Docs Guild | +| 2025-12-05 | Added CLI guide stub `docs/vuln/explorer-cli.md`; pending API schema + CLI samples; DOCS-VULN-29-004 stays TODO. | Docs Guild | +| 2025-12-05 | Added findings ledger doc stub `docs/vuln/findings-ledger.md`; pending GRAP0101 alignment and security review; DOCS-VULN-29-005 remains TODO. | Docs Guild | +| 2025-12-05 | Added policy determinations stub `docs/policy/vuln-determinations.md`; awaiting signals/simulation semantics and DevOps rollout; DOCS-VULN-29-006 remains TODO. | Docs Guild | +| 2025-12-05 | Added stubs for VEX integration, advisories integration, SBOM resolution, telemetry, RBAC, and ops runbook (`docs/vex/explorer-integration.md`, `docs/advisories/explorer-integration.md`, `docs/sbom/vuln-resolution.md`, `docs/observability/vuln-telemetry.md`, `docs/security/vuln-rbac.md`, `docs/runbooks/vuln-ops.md`); tasks #7–#12 remain TODO pending upstream inputs. | Docs Guild | +| 2025-12-05 | Added Action Tracker items for telemetry plan (DevOps) and security review (RBAC/attachments hashing) to unblock tasks #10–#11; statuses Open. | Project Mgmt | +| 2025-12-05 | Filled additional architecture-aligned details into overview and VEX integration stubs (VEX-first ordering, workflow refinement); tasks remain DOING/TODO awaiting GRAP0101 and assets. | Docs Guild | +| 2025-12-05 | Added hash capture checklists to console/API/CLI/ledger stubs to accelerate deterministic publishing once assets land; task statuses unchanged. | Docs Guild | +| 2025-12-05 | Added hash capture checklists to remaining stubs (VEX, advisories, SBOM, telemetry, RBAC, ops runbook) to streamline asset hashing on arrival; tasks remain TODO. | Docs Guild | +| 2025-12-05 | Synced Vulnerability Explorer module charter alignment: confirmed `docs/modules/vuln-explorer/AGENTS.md` reviewed; stubs respect determinism/offline guardrails. | Docs Guild | +| 2025-12-05 | Created asset staging directories under `docs/assets/vuln-explorer/` with READMEs; Action Tracker item marked DONE to enable quick hash capture on asset drop. | Docs Guild | +| 2025-12-05 | Expanded overview stub with triage state machine and offline bundle expectations from module architecture; DOCS-VULN-29-001 remains DOING pending GRAP0101. | Docs Guild | +| 2025-12-05 | Added escalation action for GRAP0101 delay (due 2025-12-09) to avoid idle time; no status changes. | Docs Guild | +| 2025-12-05 | Added GRAP0101 integration checklist `docs/vuln/GRAP0101-integration-checklist.md` to speed field propagation across Md.XI stubs once contract arrives. | Docs Guild | +| 2025-12-05 | Prefilled `docs/assets/vuln-explorer/SHA256SUMS` with placeholders for expected assets to reduce turnaround when hashes land. | Docs Guild |