up

docs/modules/attestor/implementation_plan.md

@@ -72,3 +72,91 @@
 - CLI/Console parity verified; Offline Kit procedures validated in sealed environment.
 - Cross-module dependencies acknowledged in ./TASKS.md and ../../TASKS.md.
 - Documentation set refreshed (overview, architecture, key management, transparency, CLI/UI) with imposed rule statement.
+
+---
+
+## Sprint readiness tracker
+
+> Last updated: 2025-11-27 (ATTESTOR-ENG-0001)
+
+This section maps delivery phases to implementation sprints and tracks readiness checkpoints.
+
+### Phase 1 — Foundations
+| Task ID | Status | Sprint | Notes |
+|---------|--------|--------|-------|
+| ATTEST-73-001 | ✅ DONE (2025-11-25) | SPRINT_110_ingestion_evidence | Attestation claims builder verified; TRX archived. |
+| ATTEST-73-002 | ✅ DONE (2025-11-25) | SPRINT_110_ingestion_evidence | Internal verify endpoint validated; TRX archived. |
+| ATTEST-PLAN-2001 | ✅ DONE (2025-11-24) | SPRINT_0200_0001_0001_attestation_coord | Coordination plan published at `docs/modules/attestor/prep/2025-11-24-attest-plan-2001.md`. |
+| ELOCKER-CONTRACT-2001 | ✅ DONE (2025-11-24) | SPRINT_0200_0001_0001_attestation_coord | Evidence Locker contract published. |
+| KMSI-73-001/002 | ✅ DONE (2025-11-03) | SPRINT_100_identity_signing | KMS key management and FIDO2 profile. |
+
+**Checkpoint:** Foundations complete — service skeleton, DSSE ingestion, Rekor client, and cache layer operational.
+
+### Phase 2 — Policies & UI
+| Task ID | Status | Sprint | Notes |
+|---------|--------|--------|-------|
+| POLICY-ATTEST-73-001 | ⏳ BLOCKED | SPRINT_0123_0001_0001_policy_reasoning | VerificationPolicy schema/persistence; awaiting prep artefact finalization. |
+| POLICY-ATTEST-73-002 | ⏳ BLOCKED | SPRINT_0123_0001_0001_policy_reasoning | Editor DTOs/validation; depends on 73-001. |
+| POLICY-ATTEST-74-001 | ⏳ BLOCKED | SPRINT_0123_0001_0001_policy_reasoning | Surface attestation reports; depends on 73-002. |
+| POLICY-ATTEST-74-002 | ⏳ BLOCKED | SPRINT_0123_0001_0001_policy_reasoning | Console report integration; depends on 74-001. |
+| CLI-ATTEST-73-001 | ⏳ BLOCKED | SPRINT_0201_0001_0001_cli_i | `stella attest sign` command; blocked by scanner analyzer issues. |
+| CLI-ATTEST-73-002 | ⏳ BLOCKED | SPRINT_0201_0001_0001_cli_i | `stella attest verify` command; depends on 73-001. |
+| CLI-ATTEST-74-001 | ⏳ BLOCKED | SPRINT_0201_0001_0001_cli_i | `stella attest list` command; depends on 73-002. |
+| CLI-ATTEST-74-002 | ⏳ BLOCKED | SPRINT_0201_0001_0001_cli_i | `stella attest fetch` command; depends on 74-001. |
+
+**Checkpoint:** Policy Studio integration and Console verification views blocked on upstream schema/API deliverables.
+
+### Phase 3 — Scan & VEX support
+| Task ID | Status | Sprint | Notes |
+|---------|--------|--------|-------|
+| ATTEST-01-003 | ✅ DONE (2025-11-23) | SPRINT_110_ingestion_evidence | Excititor attestation payloads shipped on frozen bundle v1. |
+| CONCELIER-ATTEST-73-001 | ✅ DONE (2025-11-25) | SPRINT_110_ingestion_evidence | Core/WebService attestation suites executed. |
+| CONCELIER-ATTEST-73-002 | ✅ DONE (2025-11-25) | SPRINT_110_ingestion_evidence | Attestation verify endpoint validated. |
+
+**Checkpoint:** Scan/VEX attestation payloads integrated; ingestion flows verified.
+
+### Phase 4 — Transparency & keys
+| Task ID | Status | Sprint | Notes |
+|---------|--------|--------|-------|
+| NOTIFY-ATTEST-74-001 | ✅ DONE (2025-11-16) | SPRINT_0171_0001_0001_notifier_i | Notification templates for verification/key events created. |
+| NOTIFY-ATTEST-74-002 | 📝 TODO | SPRINT_0171_0001_0001_notifier_i | Wire notifications to key rotation/revocation; blocked on payload localization freeze. |
+| ATTEST-REPLAY-187-003 | 📝 TODO | SPRINT_187_evidence_locker_cli_integration | Wire Attestor/Rekor anchoring for replay manifests. |
+
+**Checkpoint:** Key event notifications partially complete; witness endorsements and rotation workflows pending.
+
+### Phase 5 — Bulk & air gap
+| Task ID | Status | Sprint | Notes |
+|---------|--------|--------|-------|
+| EXPORT-ATTEST-74-001 | ⏳ BLOCKED | SPRINT_0162_0001_0001_exportcenter_i | Export job producing attestation bundles; needs EvidenceLocker DSSE layout. |
+| EXPORT-ATTEST-74-002 | ⏳ BLOCKED | SPRINT_0162_0001_0001_exportcenter_i | CI/offline kit integration; depends on 74-001. |
+| EXPORT-ATTEST-75-001 | ⏳ BLOCKED | SPRINT_0162_0001_0001_exportcenter_i | CLI `stella attest bundle verify/import`; depends on 74-002. |
+| EXPORT-ATTEST-75-002 | ⏳ BLOCKED | SPRINT_0162_0001_0001_exportcenter_i | Offline kit integration; depends on 75-001. |
+
+**Checkpoint:** Bulk/air-gap workflows blocked awaiting Export Center contracts.
+
+### Phase 6 — Performance & hardening
+| Task ID | Status | Sprint | Notes |
+|---------|--------|--------|-------|
+| ATTEST-73-003 | 📝 TODO | SPRINT_302_docs_tasks_md_ii | Evidence documentation; waiting on ATEL0102 evidence. |
+| ATTEST-73-004 | 📝 TODO | SPRINT_302_docs_tasks_md_ii | Extended documentation; depends on 73-003. |
+
+**Checkpoint:** Performance benchmarks and incident playbooks pending; observability coverage to be validated.
+
+---
+
+### Overall readiness summary
+
+| Phase | Status | Blocking items |
+|-------|--------|----------------|
+| **1 – Foundations** | ✅ Complete | — |
+| **2 – Policies & UI** | ⏳ Blocked | POLICY-ATTEST-73-001 prep; CLI build issues |
+| **3 – Scan & VEX** | ✅ Complete | — |
+| **4 – Transparency & keys** | 🔄 In progress | NOTIFY-ATTEST-74-002 payload freeze |
+| **5 – Bulk & air gap** | ⏳ Blocked | EXPORT-ATTEST-74-001 contract |
+| **6 – Performance** | 📝 Not started | Upstream phase completion |
+
+### Next actions
+1. Track POLICY-ATTEST-73-001 prep artefact publication (Sprint 0123).
+2. Resolve CLI build blockers to unblock CLI-ATTEST-73-001 (Sprint 0201).
+3. Complete NOTIFY-ATTEST-74-002 wiring once payload localization freezes (Sprint 0171).
+4. Monitor Export Center contract finalization for Phase 5 tasks (Sprint 0162).