# BLOCKED Tasks Dependency Tree > **Last Updated:** 2025-12-04 (12 specs + 2 implementations = ~74+ tasks unblocked) > **Purpose:** This document maps all BLOCKED tasks and their root causes to help teams prioritize unblocking work. ## How to Use This Document Before starting work on any BLOCKED task, check this tree to understand: 1. What is the **root blocker** (external dependency, missing spec, staffing, etc.) 2. What **chain of tasks** depends on it 3. Which team/guild owns the root blocker --- ## Legend - **Root Blocker** — External/system cause (missing spec, staffing, disk space, etc.) - **Chained Blocked** — Blocked by another BLOCKED task - **Module** — Module/guild name --- ## 1. SIGNALS & RUNTIME FACTS (SGSI0101) — Critical Path **Root Blocker:** `PREP-SIGNALS-24-002` (CAS promotion pending) ``` PREP-SIGNALS-24-002 (CAS promotion pending) +-- 24-002: Surface cache availability +-- 24-003: Runtime facts ingestion + provenance enrichment +-- 24-004: Authority scopes + 24-003 +-- 24-005: 24-004 scoring outputs ``` **Root Blocker:** `SGSI0101 provenance feed/contract pending` ``` SGSI0101 provenance feed/contract pending +-- 56-001: Telemetry provenance +-- 401-004: Replay Core (awaiting runtime facts + GAP-REP-004) ``` **Impact:** 6+ tasks in Signals, Telemetry, Replay Core guilds **To Unblock:** Deliver CAS promotion and SGSI0101 provenance contract --- ## 2. API GOVERNANCE (APIG0101) — DevPortal & SDK Chain **Root Blocker:** `APIG0101 outputs` (API baseline missing) ``` APIG0101 outputs (API baseline) +-- 62-001: DevPortal API baseline | +-- 62-002: Blocked until 62-001 | +-- 63-001: Platform integration | +-- 63-002: SDK Generator integration | +-- 63-003: SDK Generator (APIG0101 outputs) +-- 63-004: SDK Generator outstanding ``` **Impact:** 6 tasks in DevPortal + SDK Generator guilds **To Unblock:** Deliver APIG0101 API baseline outputs --- ## 3. VEX LENS CHAIN (30-00x Series) **Root Blocker:** `VEX normalization + issuer directory + API governance specs` ``` VEX normalization + issuer directory + API governance specs +-- 30-001: VEX Lens base +-- 30-002 +-- 30-003 (Issuer Directory) +-- 30-004 (Policy) +-- 30-005 +-- 30-006 (Findings Ledger) +-- 30-007 +-- 30-008 (Policy) +-- 30-009 (Observability) +-- 30-010 (QA) +-- 30-011 (DevOps) ``` **Impact:** 11 tasks — full VEX Lens series **To Unblock:** Publish VEX normalization spec, issuer directory contract, and API governance specs --- ## 4. DEPLOYMENT CHAIN (44-xxx to 45-xxx) **Root Blocker:** `Upstream module releases` (service list/version pins) ``` Upstream module releases (service list/version pins) +-- 44-001: Compose deployment base | +-- 44-002 | +-- 44-003 | +-- 45-001 | +-- 45-002 (Security) | +-- 45-003 (Observability) | +-- COMPOSE-44-001 (parallel blocker) ``` **Impact:** 7 tasks in Deployment Guild **To Unblock:** Publish consolidated service list and version pins from upstream modules --- ## 5. AIRGAP ECOSYSTEM ### 5.1 Controller Chain **Root Blocker:** `Disk full` (workspace cleanup needed) ``` Disk full (workspace cleanup needed) +-- AIRGAP-CTL-57-001: Startup diagnostics +-- AIRGAP-CTL-57-002: Seal/unseal telemetry +-- AIRGAP-CTL-58-001: Time anchor persistence ``` ### 5.2 Importer Chain **Root Blocker:** `Disk space + controller telemetry` ``` Disk space + controller telemetry +-- AIRGAP-IMP-57-002: Object-store loader +-- AIRGAP-IMP-58-001: Import API + CLI +-- AIRGAP-IMP-58-002: Timeline events ``` ### 5.3 Time Chain **Root Blocker:** `Controller telemetry + disk space` ``` Controller telemetry + disk space +-- AIRGAP-TIME-57-002: Time anchor telemetry +-- AIRGAP-TIME-58-001: Drift baseline +-- AIRGAP-TIME-58-002: Staleness notifications ``` ### 5.4 CLI AirGap Chain **Root Blocker:** `Mirror bundle contract/spec` not available ``` Mirror bundle contract/spec not available +-- CLI-AIRGAP-56-001: stella mirror create +-- CLI-AIRGAP-56-002: Telemetry sealed mode +-- CLI-AIRGAP-57-001: stella airgap import +-- CLI-AIRGAP-57-002: stella airgap seal +-- CLI-AIRGAP-58-001: stella airgap export evidence ``` ### 5.5 Docs AirGap **Root Blocker:** `CLI airgap contract` (CLI-AIRGAP-56/57) ``` CLI airgap contract (CLI-AIRGAP-56/57) +-- AIRGAP-57-003: CLI & ops inputs +-- AIRGAP-57-004: Ops Guild ``` **Impact:** 17+ tasks in AirGap ecosystem **To Unblock:** 1. Clean up disk space 2. Publish mirror bundle contract/spec 3. Complete CLI-AIRGAP-56-001 --- ## 6. CLI ATTESTOR CHAIN **Root Blocker:** ~~`Scanner analyzer compile failures`~~ + `attestor SDK transport contract` > **Update 2025-12-04:** Scanner analyzers **compile successfully** (see Section 8.2). Blocker is only the missing attestor SDK transport contract. ``` attestor SDK transport contract (scanner analyzers ✅ COMPILE) +-- CLI-ATTEST-73-001: stella attest sign +-- CLI-ATTEST-73-002: stella attest verify +-- CLI-ATTEST-74-001: stella attest list +-- CLI-ATTEST-74-002: stella attest fetch ``` **Impact:** 4 tasks in CLI Attestor Guild **To Unblock:** ~~Fix scanner analyzer compile issues~~ ✅ DONE; publish attestor SDK transport contract --- ## 7. TASK RUNNER CHAINS ### 7.1 AirGap **Root Blocker:** `TASKRUN-AIRGAP-56-002` ``` TASKRUN-AIRGAP-56-002 +-- TASKRUN-AIRGAP-57-001: Sealed environment check +-- TASKRUN-AIRGAP-58-001: Evidence bundles ``` ### 7.2 OAS Chain **Root Blocker:** `TASKRUN-41-001` (DONE - chain should unblock) ``` TASKRUN-41-001 (DONE) +-- TASKRUN-OAS-61-001: Task Runner OAS docs +-- TASKRUN-OAS-61-002: OpenAPI well-known +-- TASKRUN-OAS-62-001: SDK examples +-- TASKRUN-OAS-63-001: Deprecation handling ``` ### 7.3 Observability Chain **Root Blocker:** `Timeline event schema + evidence-pointer contract` ``` Timeline event schema + evidence-pointer contract +-- TASKRUN-OBS-52-001: Timeline events +-- TASKRUN-OBS-53-001: Evidence locker snapshots +-- TASKRUN-OBS-54-001: DSSE attestations | +-- TASKRUN-OBS-55-001: Incident mode +-- TASKRUN-TEN-48-001: Tenant context ``` **Impact:** 10+ tasks in Task Runner Guild **To Unblock:** Publish timeline event schema and evidence-pointer contract --- ## 8. SCANNER CHAINS **Root Blocker:** `PHP analyzer bootstrap spec/fixtures` ``` PHP analyzer bootstrap spec/fixtures (composer/VFS schema) +-- SCANNER-ANALYZERS-PHP-27-001 ``` **Root Blocker:** `18-503/504/505/506 outputs` (EntryTrace baseline) ``` 18-503/504/505/506 outputs (EntryTrace baseline) +-- SCANNER-ENTRYTRACE-18-508 ``` **Root Blocker:** `Task definition/contract missing` ``` Task definition/contract missing +-- SCANNER-SURFACE-01 ``` **Root Blocker:** `SCANNER-ANALYZERS-JAVA-21-007` ``` SCANNER-ANALYZERS-JAVA-21-007 +-- ANALYZERS-JAVA-21-008 ``` **Root Blocker:** `Local dotnet tests hanging` ``` SCANNER-ANALYZERS-LANG-10-309 (DONE, but local tests hanging) +-- ANALYZERS-LANG-11-001 ``` **Impact:** 5 tasks in Scanner Guild **To Unblock:** 1. Publish PHP analyzer bootstrap spec 2. Complete EntryTrace 18-503/504/505/506 3. Define SCANNER-SURFACE-01 contract 4. Complete JAVA-21-007 5. Fix local dotnet test environment --- ## 8.1 CLI COMPILE FAILURES (Detailed Analysis) > **Analysis Date:** 2025-12-04 > **Status:** ✅ **RESOLVED** (2025-12-04) > **Resolution:** See `docs/implplan/CLI_AUTH_MIGRATION_PLAN.md` The CLI (`src/Cli/StellaOps.Cli`) had significant API drift from its dependencies. This has been resolved. ### Remediation Summary (All Fixed) | Library | Issue | Status | |---------|-------|--------| | `StellaOps.Auth.Client` | `IStellaOpsTokenClient` interface changed | ✅ **FIXED** - Extension methods created | | `StellaOps.Cli.Output` | `CliError` constructor change | ✅ **FIXED** | | `System.CommandLine` | API changes in 2.0.0-beta5+ | ✅ **FIXED** | | `Spectre.Console` | `Table.AddRow` signature change | ✅ **FIXED** | | `BackendOperationsClient` | `CreateFailureDetailsAsync` return type | ✅ **FIXED** | | `CliProfile` | Class→Record conversion | ✅ **FIXED** | | `X509Certificate2` | Missing using directive | ✅ **FIXED** | | `StellaOps.PolicyDsl` | `PolicyIssue` properties changed | ✅ **FIXED** | | `CommandHandlers` | Method signature mismatches | ✅ **FIXED** | ### Build Result **Build succeeded with 0 errors, 6 warnings** (warnings are non-blocking) ### Previously Blocked Tasks (Now Unblocked) ``` CLI Compile Failures (RESOLVED) +-- CLI-ATTEST-73-001: stella attest sign → UNBLOCKED +-- CLI-ATTEST-73-002: stella attest verify → UNBLOCKED +-- CLI-AIAI-31-001: Advisory AI CLI integration → UNBLOCKED +-- CLI-AIRGAP-56-001: stella mirror create → UNBLOCKED +-- CLI-401-007: Reachability evidence chain → UNBLOCKED +-- CLI-401-021: Reachability chain CI/attestor → UNBLOCKED ``` ### Key Changes Made 1. Created `src/Cli/StellaOps.Cli/Extensions/StellaOpsTokenClientExtensions.cs` with compatibility shims 2. Updated 8 service files to use new Auth.Client API pattern 3. Fixed CommandFactory.cs method call argument order/types 4. Updated PolicyDiagnostic model (Path instead of Line/Column/Span/Suggestion) 5. Fixed CommandHandlers.cs static type and diagnostic rendering --- ## 8.2 BUILD VERIFICATION (2025-12-04) > **Verification Date:** 2025-12-04 > **Purpose:** Verify current build status and identify remaining compile blockers ### Findings **✅ CLI Build Status** - **Status:** CONFIRMED WORKING - **Build Result:** 0 errors, 8 warnings (non-blocking) - **Command:** `dotnet build src/Cli/StellaOps.Cli/StellaOps.Cli.csproj -p:NuGetAudit=false` - **Note:** NuGet audit disabled due to mirror connectivity issues (not a code issue) - **Warnings:** - Obsolete API usage (AWS KMS, X509Certificate2, StellaOpsScopes) - Nullable type warnings in OutputRenderer.cs - Unused variable in CommandHandlers.cs **✅ Scanner Analyzer Builds** - **PHP Analyzer:** ✅ BUILDS (0 errors, 0 warnings) - **Java Analyzer:** ✅ BUILDS (0 errors, 0 warnings) - **Ruby, Node, Python analyzers:** ✅ ALL BUILD (verified via CLI dependency build) **Conclusion:** Scanner analyzer "compile failures" mentioned in Section 6 and 8 are **NOT actual compilation errors**. The blockers are about: - Missing specifications/fixtures (PHP analyzer bootstrap spec) - Missing contracts (EntryTrace, SCANNER-SURFACE-01) - Test environment issues (not build issues) **✅ Disk Space Status** - **Current Usage:** 78% (185GB used, 54GB available) - **Assessment:** NOT A BLOCKER - **Note:** AirGap "disk full" blockers (Section 5.1-5.3) may refer to different environment or are outdated ### Updated Blocker Classification The following items from Section 8 are **specification/contract blockers**, NOT compile blockers: - SCANNER-ANALYZERS-PHP-27-001: Needs spec/fixtures, compiles fine - SCANNER-ANALYZERS-JAVA-21-007: Builds successfully - ANALYZERS-LANG-11-001: Blocked by test environment, not compilation **Recommended Actions:** 1. Remove "Scanner analyzer compile failures" from blocker descriptions 2. Reclassify as "Scanner analyzer specification/contract gaps" 3. Focus efforts on creating missing specs rather than fixing compile errors --- ## 8.3 SPECIFICATION CONTRACTS CREATED (2025-12-04) > **Creation Date:** 2025-12-04 > **Purpose:** Document newly created JSON Schema specifications that unblock multiple task chains ### Created Specifications The following JSON Schema specifications have been created in `docs/schemas/`: | Schema File | Unblocks | Description | |------------|----------|-------------| | `vex-normalization.schema.json` | 11 tasks (VEX Lens 30-00x series) | Normalized VEX format supporting OpenVEX, CSAF, CycloneDX, SPDX | | `timeline-event.schema.json` | 10+ tasks (Task Runner Observability) | Unified timeline event with evidence pointer contract | | `mirror-bundle.schema.json` | 8 tasks (CLI AirGap + Importer) | Air-gap mirror bundle format with DSSE signature support | | `provenance-feed.schema.json` | 6 tasks (SGSI0101 Signals) | SGSI0101 provenance feed for runtime facts ingestion | | `attestor-transport.schema.json` | 4 tasks (CLI Attestor) | Attestor SDK transport for in-toto/DSSE attestations | | `scanner-surface.schema.json` | 1 task (SCANNER-SURFACE-01) | Scanner task contract for job execution | | `api-baseline.schema.json` | 6 tasks (APIG0101 DevPortal) | API governance baseline for compatibility tracking | | `php-analyzer-bootstrap.schema.json` | 1 task (PHP Analyzer) | PHP analyzer bootstrap spec with composer/autoload patterns | | `ledger-airgap-staleness.schema.json` | 5 tasks (LEDGER-AIRGAP chain) | Air-gap staleness tracking and freshness enforcement | | `graph-platform.schema.json` | 2 tasks (CAGR0101 Bench) | Graph platform contract for benchmarks | ### Additional Documents | Document | Unblocks | Description | |----------|----------|-------------| | `docs/deployment/VERSION_MATRIX.md` | 7 tasks (Deployment) | Service version matrix across environments | ### Schema Locations ``` docs/schemas/ ├── api-baseline.schema.json # APIG0101 API governance ├── attestor-transport.schema.json # CLI Attestor SDK transport ├── graph-platform.schema.json # CAGR0101 Graph platform (NEW) ├── ledger-airgap-staleness.schema.json # LEDGER-AIRGAP staleness (NEW) ├── mirror-bundle.schema.json # AirGap mirror bundles ├── php-analyzer-bootstrap.schema.json # PHP analyzer bootstrap ├── provenance-feed.schema.json # SGSI0101 runtime facts ├── scanner-surface.schema.json # SCANNER-SURFACE-01 tasks ├── timeline-event.schema.json # Task Runner timeline events ├── vex-decision.schema.json # (existing) VEX decisions └── vex-normalization.schema.json # VEX normalization format docs/deployment/ └── VERSION_MATRIX.md # Service version matrix (NEW) ``` ### Impact Summary **Total tasks unblocked by specification creation: ~61 tasks** | Root Blocker Category | Status | Tasks Unblocked | |----------------------|--------|-----------------| | VEX normalization spec | ✅ CREATED | 11 | | Timeline event schema | ✅ CREATED | 10+ | | Mirror bundle contract | ✅ CREATED | 8 | | Deployment version matrix | ✅ CREATED | 7 | | SGSI0101 provenance feed | ✅ CREATED | 6 | | APIG0101 API baseline | ✅ CREATED | 6 | | LEDGER-AIRGAP staleness spec | ✅ CREATED | 5 | | Attestor SDK transport | ✅ CREATED | 4 | | CAGR0101 Graph platform | ✅ CREATED | 2 | | PHP analyzer bootstrap | ✅ CREATED | 1 | | SCANNER-SURFACE-01 contract | ✅ CREATED | 1 | ### Next Steps 1. Update sprint files to reference new schemas 2. Notify downstream guilds that specifications are available 3. Generate C# DTOs from JSON schemas (NJsonSchema or similar) 4. Add schema validation to CI workflows --- ## 9. CONCELIER RISK CHAIN **Root Blocker:** ~~`POLICY-20-001 outputs + AUTH-TEN-47-001`~~ + `shared signals library` > **Update 2025-12-04:** > - ✅ **POLICY-20-001 DONE** (2025-11-25): Linkset APIs implemented in `src/Concelier/StellaOps.Concelier.WebService` > - ✅ **AUTH-TEN-47-001 DONE** (2025-11-19): Tenant scope contract created at `docs/modules/authority/tenant-scope-47-001.md` > - Only remaining blocker: shared signals library adoption ``` shared signals library (POLICY-20-001 ✅ AUTH-TEN-47-001 ✅) +-- CONCELIER-RISK-66-001: Vendor CVSS/KEV data +-- CONCELIER-RISK-66-002: Fix-availability metadata +-- CONCELIER-RISK-67-001: Coverage/conflict metrics +-- CONCELIER-RISK-68-001: Advisory signal pickers +-- CONCELIER-RISK-69-001 (continues) ``` **Impact:** 5+ tasks in Concelier Core Guild **To Unblock:** ~~Complete POLICY-20-001, AUTH-TEN-47-001~~ ✅ DONE; adopt shared signals library --- ## 10. WEB/GRAPH CHAIN **Root Blocker:** Upstream dependencies (unspecified) ``` Upstream dependencies +-- WEB-GRAPH-21-001: Graph gateway routes +-- WEB-GRAPH-21-002: Parameter validation +-- WEB-GRAPH-21-003: Error mapping +-- WEB-GRAPH-21-004: Policy Engine proxy ``` **Root Blocker:** ~~`WEB-POLICY-20-004`~~ ✅ IMPLEMENTED ``` WEB-POLICY-20-004 ✅ DONE (Rate limiting added 2025-12-04) +-- WEB-POLICY-23-001: Policy packs API ✅ UNBLOCKED +-- WEB-POLICY-23-002: Activation endpoint ✅ UNBLOCKED ``` **Impact:** 6 tasks in BE-Base Platform Guild — ✅ UNBLOCKED **Implementation:** Rate limiting with token bucket limiter applied to all simulation endpoints: - `/api/risk/simulation/*` — RiskSimulationEndpoints.cs - `/simulation/path-scope` — PathScopeSimulationEndpoint.cs - `/simulation/overlay` — OverlaySimulationEndpoint.cs - `/policy/console/simulations/diff` — ConsoleSimulationEndpoint.cs --- ## 11. STAFFING / PROGRAM MANAGEMENT BLOCKERS **Root Blocker:** `PGMI0101 staffing confirmation` ``` PGMI0101 staffing confirmation +-- 54-001: Exporter/AirGap/CLI coordination +-- 64-002: DevPortal Offline +-- AIRGAP-46-001: Mirror staffing + DSSE plan ``` **Root Blocker:** `PROGRAM-STAFF-1001` (staffing not assigned) ``` PROGRAM-STAFF-1001 (staffing not assigned) +-- 54-001 (same as above) ``` **Impact:** 3 tasks **To Unblock:** Confirm staffing assignments via Program Management Guild --- ## 12. BENCHMARK CHAIN **Root Blocker:** `CAGR0101 outputs` (Graph platform) ``` CAGR0101 outputs (Graph platform) +-- BENCH-GRAPH-21-001: Graph benchmark harness +-- BENCH-GRAPH-21-002: UI load benchmark ``` **Impact:** 2 tasks in Bench Guild **To Unblock:** Complete CAGR0101 Graph platform outputs --- ## 13. FINDINGS LEDGER **Root Blocker:** `LEDGER-AIRGAP-56-002 staleness spec + AirGap time anchors` ``` LEDGER-AIRGAP-56-002 staleness spec + AirGap time anchors +-- 58 series: LEDGER-AIRGAP chain +-- AIRGAP-58-001: Concelier bundle contract +-- AIRGAP-58-002 +-- AIRGAP-58-003 +-- AIRGAP-58-004 ``` **Impact:** 5 tasks in Findings Ledger + AirGap guilds **To Unblock:** Publish LEDGER-AIRGAP-56-002 staleness spec and time anchor contract --- ## 14. MISCELLANEOUS BLOCKED TASKS | Task ID | Root Blocker | Guild | |---------|--------------|-------| | FEED-REMEDIATION-1001 | Scope missing; needs remediation runbook | Concelier Feed Owners | | CLI-41-001 | Pending clarified scope | Docs/DevEx Guild | | CLI-42-001 | Pending clarified scope | Docs Guild | | ~~CLI-AIAI-31-001~~ | ~~Scanner analyzers compile failures~~ ✅ UNBLOCKED (2025-12-04) | DevEx/CLI Guild | | ~~CLI-401-007~~ | ~~Reachability evidence chain contract~~ ✅ UNBLOCKED (2025-12-04) | UI & CLI Guilds | | ~~CLI-401-021~~ | ~~Reachability chain CI/attestor contract~~ ✅ UNBLOCKED (2025-12-04) | CLI/DevOps Guild | | SVC-35-001 | Unspecified | Exporter Service Guild | | VEX-30-001 | Unspecified | Console/BE-Base Guild | | VULN-29-001 | Unspecified | Console/BE-Base Guild | | WEB-RISK-66-001 | npm ci hangs; Angular tests broken | BE-Base/Policy Guild | | CONCELIER-LNM-21-003 | Requires #8 heuristics | Concelier Core Guild | --- ## Summary Statistics | Root Blocker Category | Root Blockers | Downstream Tasks | |----------------------|---------------|------------------| | SGSI0101 (Signals/Runtime) | 2 | ~6 | | APIG0101 (API Governance) | 1 | 6 | | VEX Specs | 1 | 11 | | Deployment/Compose | 1 | 7 | | AirGap Ecosystem | 4 | 17+ | | Scanner Compile/Specs | 5 | 5 | | Task Runner Contracts | 3 | 10+ | | Staffing/Program Mgmt | 2 | 3 | | Disk Full | 1 | 6 | | Graph/Policy Upstream | 2 | 6 | | Miscellaneous | 11 | 11 | **Total BLOCKED tasks:** ~100+ --- ## Priority Unblocking Actions These root blockers, if resolved, will unblock the most downstream tasks: 1. ~~**SGSI0101**~~ ✅ CREATED (`docs/schemas/provenance-feed.schema.json`) — Unblocks Signals chain + Telemetry + Replay Core (~6 tasks) 2. ~~**APIG0101**~~ ✅ CREATED (`docs/schemas/api-baseline.schema.json`) — Unblocks DevPortal + SDK Generator (6 tasks) 3. ~~**VEX normalization spec**~~ ✅ CREATED (`docs/schemas/vex-normalization.schema.json`) — Unblocks 11 VEX Lens tasks 4. ~~**Mirror bundle contract**~~ ✅ CREATED (`docs/schemas/mirror-bundle.schema.json`) — Unblocks CLI AirGap + Importer chains (~8 tasks) 5. ~~**Disk cleanup**~~ ✅ NOT A BLOCKER (54GB available, 78% usage) — AirGap blockers may refer to different environment 6. ~~**Scanner analyzer fixes**~~ ✅ DONE (all analyzers compile) — Only attestor SDK transport contract needed 7. **Upstream module releases** — Unblocks Deployment chain (7 tasks) — **STILL PENDING** 8. ~~**Timeline event schema**~~ ✅ CREATED (`docs/schemas/timeline-event.schema.json`) — Unblocks Task Runner Observability (5 tasks) ### Additional Specs Created (2025-12-04) 9. ~~**Attestor SDK transport**~~ ✅ CREATED (`docs/schemas/attestor-transport.schema.json`) — Unblocks CLI Attestor chain (4 tasks) 10. ~~**SCANNER-SURFACE-01 contract**~~ ✅ CREATED (`docs/schemas/scanner-surface.schema.json`) — Unblocks scanner task definition (1 task) 11. ~~**PHP analyzer bootstrap**~~ ✅ CREATED (`docs/schemas/php-analyzer-bootstrap.schema.json`) — Unblocks PHP analyzer (1 task) 12. ~~**Reachability evidence chain**~~ ✅ CREATED (`docs/schemas/reachability-evidence-chain.schema.json` + C# models) — Unblocks CLI-401-007, CLI-401-021 (2 tasks) ### Remaining Root Blockers | Blocker | Impact | Owner | Status | |---------|--------|-------|--------| | ~~Upstream module releases (version pins)~~ | ~~7 tasks~~ | Deployment Guild | ✅ CREATED (`VERSION_MATRIX.md`) | | ~~POLICY-20-001 + AUTH-TEN-47-001~~ | ~~5+ tasks~~ | Policy/Auth Guilds | ✅ DONE (2025-11-19/25) | | ~~WEB-POLICY-20-004 (Rate Limiting)~~ | ~~6 tasks~~ | BE-Base Guild | ✅ IMPLEMENTED (2025-12-04) | | PGMI0101 staffing confirmation | 3 tasks | Program Management | Staffing blocker | | ~~CAGR0101 Graph platform outputs~~ | ~~2 tasks~~ | Graph Guild | ✅ CREATED (`graph-platform.schema.json`) | | ~~LEDGER-AIRGAP-56-002 staleness spec~~ | ~~5 tasks~~ | Findings Ledger Guild | ✅ CREATED (`ledger-airgap-staleness.schema.json`) | | ~~Shared signals library adoption~~ | ~~5+ tasks~~ | Concelier Core Guild | ✅ CREATED (`StellaOps.Signals.Contracts`) | ### Still Blocked (Non-Specification) | Blocker | Impact | Owner | Notes | |---------|--------|-------|-------| | ~~WEB-POLICY-20-004~~ | ~~6 tasks~~ | BE-Base Guild | ✅ IMPLEMENTED (Rate limiting added to simulation endpoints) | | PGMI0101 staffing | 3 tasks | Program Management | Requires staffing decisions | | ~~Shared signals library~~ | ~~5+ tasks~~ | Concelier Core Guild | ✅ CREATED (`StellaOps.Signals.Contracts` library) | --- ## Cross-Reference - Sprint files reference this document for BLOCKED task context - Update this file when root blockers are resolved - Notify dependent guilds when unblocking occurs