stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

blocker move 1

Browse Source
This commit is contained in:
StellaOps Bot
2025-11-23 14:53:13 +02:00
parent 8d78dd219b
commit f47d2d1377
25 changed files with 4788 additions and 4007 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
docs/implplan/SPRINT_0142_0001_0001_sbomservice.md
View File

@@ -29,7 +29,7 @@
| 5 | SBOM-ORCH-32-001 | TODO | Register SBOM ingest/index sources; embed worker SDK; emit artifact hashes and job metadata. | SBOM Service Guild | Register SBOM ingest/index sources with orchestrator. |
| 6 | SBOM-ORCH-33-001 | TODO | Depends on SBOM-ORCH-32-001; report backpressure metrics, honor pause/throttle signals, classify sbom job errors. | SBOM Service Guild | Report backpressure metrics and handle orchestrator control signals. |
| 7 | SBOM-ORCH-34-001 | TODO | Depends on SBOM-ORCH-33-001; implement orchestrator backfill and watermark reconciliation for idempotent artifact reuse. | SBOM Service Guild | Implement orchestrator backfill + watermark reconciliation. |
| 8 | SBOM-SERVICE-21-001 | BLOCKED | PREP-SBOM-SERVICE-21-001-WAITING-ON-LNM-V1-FI | SBOM Service Guild; Cartographer Guild | Link-Not-Merge v1 frozen schema and deterministic read API. |
| 8 | SBOM-SERVICE-21-001 | DOING (2025-11-23) | PREP-SBOM-SERVICE-21-001-WAITING-ON-LNM-V1-FI | SBOM Service Guild; Cartographer Guild | AirGap review hashes captured; begin deterministic projection read API implementation (paths/versions/events) per LNM v1. |
| 9 | SBOM-SERVICE-21-002 | TODO | Depends on SBOM-SERVICE-21-001; emit `sbom.version.created` change events and add replay/backfill tooling. | SBOM Service Guild; Scheduler Guild | Emit change events carrying digest/version metadata for Graph Indexer builds. |
| 10 | SBOM-SERVICE-21-003 | TODO | Depends on SBOM-SERVICE-21-002; entrypoint/service node management API feeding Cartographer path relevance with deterministic defaults. | SBOM Service Guild | Provide entrypoint/service node management API. |
| 11 | SBOM-SERVICE-21-004 | TODO | Depends on SBOM-SERVICE-21-003; wire metrics (`sbom_projection_seconds`, `sbom_projection_size`), traces, tenant-annotated logs; set backlog alerts. | SBOM Service Guild; Observability Guild | Wire observability for SBOM projections. |
@@ -41,8 +41,8 @@
## Action Tracker
| Action | Owner(s) | Due | Status |
| --- | --- | --- | --- |
| Provide LNM v1 fixtures for SBOM projections. | Cartographer Guild | 2025-11-18 | OVERDUE (escalate; follow-up 2025-11-19) |
| Run AirGap parity review for `/sbom/paths`, `/sbom/versions`, `/sbom/events`; capture minutes in runbook. | Observability Guild · SBOM Service Guild | 2025-11-23 | Pending (template published) |
| Provide LNM v1 fixtures for SBOM projections. | Cartographer Guild | 2025-11-18 | STAGED (2025-11-22); review/validate hashes 2025-11-23 |
| Run AirGap parity review for `/sbom/paths`, `/sbom/versions`, `/sbom/events`; capture minutes in runbook. | Observability Guild · SBOM Service Guild | 2025-11-23 | DONE (minutes + hashes captured) |
| Publish scanner real cache hash/ETA to align Graph/Zastava parity validation. | Scanner Guild | 2025-11-18 | OVERDUE (mirrored from sprint 0140) |
| Publish orchestrator control contract for pause/throttle/backfill signals. | Orchestrator Guild | 2025-11-19 | Pending |
| Create `src/SbomService/AGENTS.md` (roles, prerequisites, determinism/testing rules). | SBOM Service Guild · Module PM | 2025-11-19 | DONE |
@@ -51,6 +51,7 @@
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-23 | AirGap parity review executed; fixture hash recorded in `docs/modules/sbomservice/fixtures/lnm-v1/SHA256SUMS`; SBOM-SERVICE-21-001 → DOING. | Project Mgmt |
| 2025-11-20 | Published SBOM service prep docs (sbom-service-21-001, build/infra) and set P2/P3 to DOING after confirming unowned. | Project Mgmt |
| 2025-11-20 | Completed PREP-SBOM-CONSOLE-23-001: offline feed cache populated (`local-nugets/`), script added (`tools/offline/fetch-sbomservice-deps.sh`), doc published at `docs/modules/sbomservice/offline-feed-plan.md`. | Project Mgmt |
| 2025-11-20 | Marked PREP-SBOM-CONSOLE-23-001 DOING after confirming it was still unclaimed. | Project Mgmt |
@@ -89,7 +90,7 @@
| 2025-11-22 | Added placeholder `SHA256SUMS` under `docs/modules/sbomservice/fixtures/lnm-v1/` to mark hash drop site; replace with real fixture hashes once published. | Implementer |
## Decisions & Risks
- LNM v1 fixtures due 2025-11-18 remain outstanding; now OVERDUE and tracked for 2025-11-19 follow-up. SBOM-SERVICE-21-001 stays BLOCKED until fixtures land at `docs/modules/sbomservice/fixtures/lnm-v1/` with `SHA256SUMS`.
- LNM v1 fixtures staged (2025-11-22) and provisionally approved in 2025-11-23 AirGap review; hash recorded in `docs/modules/sbomservice/fixtures/lnm-v1/SHA256SUMS`. SBOM-SERVICE-21-001 is DOING; 21-002..004 remain TODO pending implementation sequence.
- Orchestrator control contracts (pause/throttle/backfill signals) must be confirmed before SBOM-ORCH-33/34 start; track through orchestrator guild.
- Keep `docs/modules/sbomservice/architecture.md` aligned with schema/event decisions made during implementation.
- Current Advisory AI endpoints use deterministic in-memory seeds; must be replaced with Mongo-backed projections before release.