stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
1,383 Commits 2 Branches 0 Tags
2e78085115fe197d51ecf0123f7ddb6f564ccfc2
Commit Graph

43 Commits

Author SHA1 Message Date
master
2e78085115 feat(audit): drop deprecated per-service audit tables + reconciliation (DEPRECATE-003) 
Closes DEPRECATE-003 in SPRINT_20260408_005. Pre-release status means
the 30/90-day compat windows in the original Decision #5 are moot — no
external consumers. Decision #5 amended twice during session.

Drop migrations (embedded resources, auto-applied on startup per §2.7):
- authority.audit / authority.airgap_audit / authority.offline_kit_audit
  (002_drop_deprecated_audit_tables.sql)
- policy.audit (013; policy.gate_bypass_audit PRESERVED as domain evidence)
- notify.audit (008)
- scheduler.audit + partitions via CASCADE (009)
- proofchain.audit_log (004)

Kept by design:
- release_orchestrator.audit_entries + audit_sequences (hash chain, Decision #2)
- policy.gate_bypass_audit (domain evidence, unique query patterns)
- authority.login_attempts (auth protocol state, not audit)

Repository neutering — local DB write removed, Timeline emission preserved:
- PolicyAuditRepository.CreateAsync → Timeline-only; readers [Obsolete]
- NotifyAuditRepository.CreateAsync → Timeline-only; readers [Obsolete]
- PostgresSchedulerAuditService → removed INSERT, Timeline-only
- PostgresAttestorAuditSink.WriteAsync → no-op (endpoint-level .Audited()
  filter carries the audit signal)

Attestor cleanup:
- Deleted AuditLogEntity.cs
- Removed DbSet<AuditLogEntity> from ProofChainDbContext
- Removed LogAuditAsync / GetAuditLogAsync from IProofChainRepository
- Removed "audit_log" from SchemaIsolationService

Reconciliation tool substitutes for the 30-day wall-clock window:
- scripts/audit-reconciliation.ps1 joins each per-service audit table to
  timeline.unified_audit_events via the dual-write discriminator
  (details_jsonb.localAuditId / localEntryId) for deterministic pairs,
  tuple-matches Authority. Test-Table/to_regclass guards handle post-drop
  vacuous-pass. Overall PASS across pre/post/final runs.
- 4 reports under docs/qa/.

Sprint archivals:
- SPRINT_20260408_004 (Timeline unified audit sink) — all 7 tasks DONE
- SPRINT_20260408_005 (audit endpoint filter deprecation) — all 12 tasks DONE

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-22 16:03:02 +03:00
master
3d14332609 wip(tools): xunit runner helper + QA guidance iteration 
Follow-up to SPRINT_20260419_028 TEST-RUNNER-001.

- scripts/test-targeted-xunit.ps1: refinements to the helper.
- docs/code-of-conduct/TESTING_PRACTICES.md: default targeted xUnit v3
  verification to the new helper.
- docs/qa/feature-checks/FLOW.md: call out Microsoft Testing Platform
  filter-ignore behaviour and point to the helper.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-19 14:48:48 +03:00
master
fdf95e0f46 docs: module dossier + install/quickstart sync for truthful cutover sprints 
- API_CLI_REFERENCE.md, INSTALL_GUIDE.md, quickstart.md, architecture/integrations.md, dev/DEV_ENVIRONMENT_SETUP.md, integrations/LOCAL_SERVICES.md: reflect real-service wiring.
- docs/modules/**: module dossier updates across the modules touched by SPRINT_20260415_001..007 + SPRINT_20260416_003..017 + SPRINT_20260417_018..024 + SPRINT_20260418_025 + SPRINT_20260419_026.
- docs/features/checked/web/**: update feature notes where UI changed.
- docs/qa/feature-checks/runs/web/evidence-presentation-ux/: QA evidence artifacts.
- docs/setup/**, docs/technical/**: align with setup wizard contracts.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-19 14:45:09 +03:00
master
bc6b1c5959 Finalize UI truthfulness and bootstrap hardening 2026-04-16 16:23:54 +03:00
master
0e25344bd7 refactor(jobengine): delete TaskRunner service 
- Remove TaskRunner source, tests, libraries (3 directories)
- Remove from compose, services-matrix, nginx, hosts, smoke tests
- Remove CLI commands, UI references, Authority scopes
- Remove docs, OpenAPI spec, QA state files
- Leave task_runner_id DB columns as nullable legacy
- PacksRegistry preserved (independent service)
- Eliminates 2 containers (taskrunner-web + taskrunner-worker)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-08 14:11:20 +03:00
master
8e6cbeab97 Polish UI across all route groups + redesign welcome page 
- Welcome: split-panel layout with Sign In always above fold, feature cards, trust badges
- Release Control: dashboard, releases, promotions, approvals — design token alignment
- Security: posture, findings, scan submit, unknowns, reports — compact tables, severity badges
- Operations: ops hub, jobengine, scheduler, doctor, notifications, feeds — consistent styling
- Audit & Evidence: evidence overview, audit log, export center, replay — shimmer loading
- Setup & Admin: topology, integrations, identity, trust, system — hover lift, focus rings
- Shared: buttons, tabs, forms, colors — unified design tokens (btn-primary, tab-active, focus-ring)
- Archive 3 completed sprints (SPRINT_20260317_001/002/003)
- Add QA journey reports and route map

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-18 00:04:38 +02:00
master
2b1ea0b1da Full product deep dive: 28 surfaces evaluated, 10 UX issues, 3 strategic recommendations 
Walked through every product surface as a DevOps/Security engineer:

TIER 1 (Ship-ready, 10 surfaces):
  Triage workspace (10/10), Integrations Hub (9/10), Advisory catalog (9/10),
  Doctor diagnostics (9/10), Data Integrity (8/10), Disposition/VEX (8/10),
  Policy Studio (8/10), Evidence Overview (8/10), Replay & Verify (8/10),
  Export Center (8/10)

TIER 2 (Good, needs polish, 13 surfaces):
  Security Posture (6/10), SBOM Lake (7/10), Reachability (7/10),
  Supply Chain (7/10), Deployments (7/10), Hotfixes (7/10), Ops Hub (7/10),
  Feeds & Airgap (7/10), Promotions (7/10), IAM (7/10), Trust (7/10),
  Branding (7/10), Usage (7/10)

TIER 3 (Needs work, 5 surfaces):
  Dashboard (5/10), Security Reports (5/10), Release Health (5/10),
  Unknowns (4/10), JobEngine (5/10)

Cross-cutting findings:
  F-NAV: Navigation terminology doesn't match user mental model
  F-DATA: Seed data mixed with real empty state inconsistently
  F-FLOW: No clear happy path connecting scan→gate→release→evidence
  F-SEARCH: Command palette doesn't index security terms

Strategic recommendations:
  1. Make "Scan Image" the first visible action
  2. Connect the chain: Registry→Scan→Findings→Gate→Release→Evidence
  3. Eliminate all demo data — every number real or honestly "0"

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-16 12:25:53 +02:00
master
a650020311 Deep security engineer journey: UX findings and product assessment 
Walked through the full vulnerability triage workflow as a security
engineer. Found the artifact workspace — the product's killer feature
(evidence-grade findings with reachability, attestations, policy gating,
delta comparison, deterministic replay, VEX decisions). Recorded a VEX
decision for CVE-2023-38545.

Critical UX findings:
- UX-D1: No "Scan" entry point anywhere in the UI — scanner exists
  (2 containers) but has no discoverable trigger from the console
- UX-D2: Triage workspace (best feature) hidden under "Triage" label —
  security engineers look for "Vulnerabilities" or "Findings"
- UX-D3: Record Decision dialog unreachable on smaller viewports —
  needs proper modal overlay instead of in-page drawer
- UX-D4: Security Posture shows 0 findings while Triage has 1 active
  HIGH finding — different data sources

Assessment: The triage artifact workspace is 10/10 UX. The discoverability
is 2/10. Three changes would transform the security engineer experience.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-16 10:59:55 +02:00
master
9586006404 Update journey notes: 21 fixed, 2 remaining, 2 product gaps identified 
All medium fixes verified on live stack:
- Registry search: returns empty (no mock data) — confirmed
- Post-seal guidance: "What's next?" panel shows on release creation
- User ID display: truncated to "User 209d1257..."
- Mirror generate: shows failure status with retry guidance
- Wizard error handling: already implemented (was incorrectly logged)

Audit log remains at 0 events — this is a product gap, not a UI issue.
Services need to emit audit events (write path missing across modules).
MapAuditEndpoints() only exposes the query interface.

Topology wizard step 5 (Agent) is an expected fresh-install blocker.

Final score: 21 fixed, 2 low-priority UI issues, 2 product gaps.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-16 10:49:12 +02:00
master
c13e47dbcb Update journey notes: topology steps 1-4 working, plan for next phases 
- Topology wizard steps 1-4 all succeed on fresh install
- Step 5 (Agent) is a natural blocker — no agents on fresh compose setup
- Updated fix count: 16 fixed, 5 remaining
- Added detailed journey resumption plan covering 4 phases:
  Phase 1 (immediate): skip agent, verify audit, honest registry search
  Phase 2: real deployment with Zot registry + scanner
  Phase 3: policy & evidence testing
  Phase 4: operational testing

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-16 09:51:29 +02:00
master
4e07f7bd72 Complete first-time user journey notes — full fresh install walkthrough 
Documented the complete journey from fresh install through:
- Login, dashboard, integrations (Harbor + GitHub App)
- Advisory sources (42 curated, 54 healthy)
- Mirror domain creation (14 sources, signing)
- Topology wizard (blocked at auth passthrough)
- Release creation (sealed end-to-end with mock component)
- Approvals queue, security posture, policy studio
- Evidence/audit, doctor diagnostics

22 findings total (12 fixed, 10 tracked):
- Critical: ReverseProxy auth passthrough (#13), audit log empty (#20)
- High: Mock registry search in releases (#22)
- Medium: No post-seal guidance (#21), silent failures, user ID hashes

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-16 08:19:10 +02:00
master
da76d6e93e Add topology auth policies + journey findings notes 
Concelier:
- Register Topology.Read, Topology.Manage, Topology.Admin authorization
  policies mapped to OrchRead/OrchOperate/PlatformContextRead/IntegrationWrite
  scopes. Previously these policies were referenced by endpoints but never
  registered, causing System.InvalidOperationException on every topology
  API call.

Gateway routes:
- Simplified targets/environments routes (removed specific sub-path routes,
  use catch-all patterns instead)
- Changed environments base route to JobEngine (where CRUD lives)
- Changed to ReverseProxy type for all topology routes

KNOWN ISSUE (not yet fixed):
- ReverseProxy routes don't forward the gateway's identity envelope to
  Concelier. The regions/targets/bindings endpoints return 401 because
  hasPrincipal=False — the gateway authenticates the user but doesn't
  pass the identity to the backend via ReverseProxy. Microservice routes
  use Valkey transport which includes envelope headers. Topology endpoints
  need either: (a) Valkey transport registration in Concelier, or
  (b) Concelier configured to accept raw bearer tokens on ReverseProxy paths.
  This is an architecture-level fix.

Journey findings collected so far:
- Integration wizard (Harbor + GitHub App): works end-to-end
- Advisory Check All: fixed (parallel individual checks)
- Mirror domain creation: works, generate-immediately fails silently
- Topology wizard Step 1 (Region): blocked by auth passthrough issue
- Topology wizard Step 2 (Environment): POST to JobEngine needs verify
- User ID resolution: raw hashes shown everywhere

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-16 08:12:39 +02:00
master
534aabfa2a First-time user experience fixes and platform contract repairs 
FTUX fixes (Sprint 316-001):
- Remove all hardcoded fake data from dashboard — fresh installs show
  honest setup guide instead of fake crisis data (5 fake criticals gone)
- Curate advisory source defaults: 32 sources disabled by default
  (ecosystem, geo-restricted, exploit, hardware, mirror). ~43 core
  sources remain enabled. StellaOps Mirror no longer enabled at priority 1.
- Filter Mirror-category sources from Create Domain wizard to prevent
  circular mirror-from-mirror chains
- Add 404 catch-all route — unknown URLs show "Page Not Found" instead
  of silently rendering the dashboard
- Fix arrow characters in release target path dropdown (? → →)
- Add login credentials to quickstart documentation
- Update Feature Matrix: 14 release orchestration features marked as
  shipped (was marked planned)

Platform contract repairs (from prior session):
- Add /api/v1/jobengine/quotas/summary endpoint on Platform
- Fix gateway route prefix matching for /policy/shadow/* and
  /policy/simulations/* (regex routes instead of exact match)
- Fix VexHub PostgresVexSourceRepository missing interface method
- Fix advisory-vex-sources sweep text expectation
- Fix mirror operator journey auth (session storage token extraction)

Verified: 110/111 canonical routes passing (1 unrelated stale approval ref)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-16 02:05:38 +02:00
master
08390f0ca4 Repair first-time identity and trust operator journeys 2026-03-15 12:33:56 +02:00
master
c9a30331ce Close scratch iteration 008 and enforce full surface audits 2026-03-13 11:00:12 +02:00
master
6afd8f951e Harden canonical route sweep rechecks 2026-03-11 18:44:38 +02:00
master
8e1cb9448d consolidation of some of the modules, localization fixes, product advisories work, qa work 2026-03-05 03:54:22 +02:00
master
4db038123b documentation cleanse, sprints work and planning. remaining non EF DAL migration to EF 2026-02-25 01:24:07 +02:00
master
b07d27772e search and ai stabilization work, localization stablized. 2026-02-24 23:29:36 +02:00
master
e05d803490 cleanup 2026-02-23 21:30:15 +02:00
master
e746577380 wip: doctor/cli/docs/api to vector db consolidation; api hardening for descriptions, tenant, and scopes; migrations and conversions of all DALs to EF v10 2026-02-23 15:30:50 +02:00
master
04cacdca8a Gaps fill up, fixes, ui restructuring 2026-02-19 22:10:54 +02:00
master
49cdebe2f1 compose and authority fixes. finish sprints. 2026-02-18 12:00:10 +02:00
master
70fdbfcf25 Stabilize U 2026-02-16 07:33:20 +02:00
master
ab794e167c frontend styling fixes 2026-02-15 12:00:34 +02:00
master
e9aeadc040 save checkpoint 2026-02-14 09:11:48 +02:00
master
9ca2de05df more features checks. setup improvements 2026-02-13 02:04:55 +02:00
master
9911b7d73c save checkpoint 2026-02-12 21:02:43 +02:00
master
5bca406787 save checkpoint: save features 2026-02-12 10:27:23 +02:00
master
6571c83bd4 qa(exportcenter): close remaining oci distribution and referrer features 2026-02-11 17:00:17 +02:00
master
9b58589ba0 qa(exportcenter): verify oci digest identity and advance queue 2026-02-11 16:49:55 +02:00
master
7b7cf07060 qa(exportcenter): close local evidence cache feature and start oci digest checks 2026-02-11 16:40:21 +02:00
master
159a909d88 qa: start exportcenter feature 004 checking run scaffold 2026-02-11 16:29:03 +02:00
master
7f865d7bc7 qa: verify exportcenter telemetry-worker feature and advance queue 2026-02-11 16:27:24 +02:00
master
110cb43e4d qa: close exportcenter features 001-002 and unblock policy build 2026-02-11 16:21:54 +02:00
master
33360e8d9d qa(advisoryai): verify deterministic replay feature 2026-02-11 14:28:58 +02:00
master
4424848283 qa(attestor): verify ai explanation attestation types feature 2026-02-11 14:10:23 +02:00
master
d2aca4c9d3 qa(advisoryai): verify codex companion and sync FLOW/task state 2026-02-11 14:05:06 +02:00
master
4e5300660d qa(advisoryai): verify orchestrator, guardrails, and action-policy features 2026-02-11 13:48:23 +02:00
master
e716bc6adc and one more 2026-02-11 01:32:58 +02:00
master
fa4823f46c one more save checkpoint 2026-02-11 01:32:51 +02:00
master
cf5b72974f save checkpoint 2026-02-11 01:32:14 +02:00
master
5593212b41 save checkpoint. addition features and their state. check some ofthem 2026-02-10 07:54:44 +02:00