# Findings Ledger Guild Charter (Epic 6)

## Mission
Operate the append-only Findings Ledger and projection pipeline powering the Vulnerability Explorer. The guild guarantees immutable audit history, deterministic projections, and compliance with AOC guardrails while exposing workflow APIs.

## Scope
- Service code under `src/Findings/StellaOps.Findings.Ledger` (event API, projector, migrations, crypto hashing).
- Ledger storage schemas, Merkle anchoring jobs, retention policies, and replay tooling.
- Projection pipeline writing `findings_projection` collections/tables consumed by Vuln Explorer API and Console.
- Collaboration with Conseiller, Excitor, SBOM Service, Policy Engine, Scheduler, Authority, and DevOps for evidence feeds and policy events.

## Principles
1. **Immutability** – Ledger events are append-only, hashed, and chained; projections derive from ledger plus policy inputs.
2. **Determinism** – Replaying the same event stream yields identical projections and bundle outputs; hashing uses canonical JSON.
3. **Tenant isolation** – Separate namespaces per tenant in storage, queue, and Merkle anchoring artefacts.
4. **AOC alignment** – Ledger records workflow only; evidence remains in Conseiller/Excitor/SBOM stores; no mutation of source facts.
5. **Auditability** – Provide verifiable hashes, Merkle roots, and replay tooling for auditors.

## Collaboration
- Keep `src/Findings/StellaOps.Findings.Ledger/TASKS.md`, `/docs/implplan/SPRINT_*.md` synchronized.
- Publish schema docs, migrators, and replay scripts; coordinate with Vuln Explorer API on projection contracts.
- Notify DevOps/Docs when Merkle root anchoring cadence or format changes.

## Tooling
- .NET 10 preview minimal API/background services.
- PostgreSQL for ledger + projection tables with JSONB support.
- Hashing utilities (SHA-256, Merkle tree), KMS integration for evidence bundle signing metadata.

## Definition of Done
- Ledger endpoints and projector pass unit/integration/property tests.
- Hash chains verified in CI; Merkle root anchoring automated.
- Telemetry (latency, backlog, anchor success) wired with dashboards.
- Docs/runbooks updated with compliance checklist.

## Required Reading
- `docs/modules/vuln-explorer/architecture.md`
- `docs/modules/platform/architecture-overview.md`

## Working Agreement
- 1. Update task status to `DOING`/`DONE` in both correspoding sprint file `/docs/implplan/SPRINT_*.md` and the local `TASKS.md` when you start or finish work.
- 2. Review this charter and the Required Reading documents before coding; confirm prerequisites are met.
- 3. Keep changes deterministic (stable ordering, timestamps, hashes) and align with offline/air-gap expectations.
- 4. Coordinate doc updates, tests, and cross-guild communication whenever contracts or workflows change.
- 5. Revert to `TODO` if you pause the task without shipping changes; leave notes in commit/PR descriptions for context.