| Task ID | Status | Status Date | Sprint | Owners | Directory | Task Description | Dependencies | New Sprint Name | | --- | --- | --- | --- | --- | --- | --- | --- | --- | | PROGRAM-STAFF-1001 | TODO | | SPRINT_100_program_management | Program Mgmt Guild | | MIRROR-COORD-55-001 | MIRROR-COORD-55-001 | PGMI0101 | | MIRROR-COORD-55-001 | TODO | | SPRINT_100_program_management | Program Mgmt Guild · Mirror Creator Guild | | — | — | PGMI0101 | | ELOCKER-CONTRACT-2001 | TODO | | SPRINT_200_attestation_coord | Evidence Locker Guild | | — | — | ATEL0101 | | ATTEST-PLAN-2001 | TODO | | SPRINT_200_attestation_coord | Evidence Locker Guild · Excititor Guild | | — | — | ATEL0101 | | FEED-REMEDIATION-1001 | TODO | | SPRINT_110_ingestion_evidence | Concelier Feed Owners | | — | — | FEFC0101 | | MIRROR-DSSE-REV-1501 | TODO | | SPRINT_150_mirror_dsse | Mirror Creator Guild · Security Guild · Evidence Locker Guild | | — | — | ATEL0101 | | AIRGAP-TIME-CONTRACT-1501 | TODO | | SPRINT_150_mirror_time | AirGap Time Guild | | — | — | ATMI0102 | | EXPORT-MIRROR-ORCH-1501 | TODO | | SPRINT_150_mirror_orch | Exporter Guild · CLI Guild | | — | — | ATMI0102 | | AIAI-31-007 | DONE | 2025-11-06 | SPRINT_111_advisoryai | Advisory AI Guild | src/AdvisoryAI/StellaOps.AdvisoryAI | — | — | ADAI0101 | | LEDGER-29-006 | TODO | | SPRINT_120_policy_reasoning | Findings Ledger Guild | | — | — | PLLG0101 | | CARTO-GRAPH-21-002 | TODO | | SPRINT_113_concelier_ii | Cartographer Guild | src/Cartographer/Contracts | ATLN0101 approvals | Task #1 schema freeze | CAGR0101 | | SURFACE-FS-01 | TODO | | SPRINT_136_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | — | — | SCSS0101 | | SURFACE-FS-02 | TODO | | SPRINT_136_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | — | — | SCSS0101 | | SCANNER-ANALYZERS-LANG-10-309 | TODO | | SPRINT_131_scanner_surface | Language Analyzer Guild | | — | — | SCSA0101 | | SCANNER-ANALYZERS-PHP-27-001 | TODO | | SPRINT_131_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | — | — | SCSA0101 | | SCANNER-ENTRYTRACE-18-508 | TODO | | SPRINT_136_scanner_surface | EntryTrace Guild | | — | — | SCSS0101 | | SCANNER-SECRETS-02 | TODO | | SPRINT_136_scanner_surface | Secrets Analyzer Guild | | — | — | SCSS0101 | | SCANNER-SURFACE-01 | TODO | | SPRINT_136_scanner_surface | Scanner Guild | | — | — | SCSS0101 | | SCANNER-ANALYZERS-PHP-27-001 | TODO | | SPRINT_131_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | — | — | SCSA0101 | | SCANNER-ENTRYTRACE-18-508 | TODO | | SPRINT_136_scanner_surface | EntryTrace Guild | | — | — | SCSS0101 | | SCANNER-SECRETS-02 | TODO | | SPRINT_136_scanner_surface | Secrets Analyzer Guild | | — | — | SCSS0101 | | SCANNER-SURFACE-01 | TODO | | SPRINT_136_scanner_surface | Scanner Guild | | — | — | SCSS0101 | | CARTO-GRAPH-21-002 | TODO | | SPRINT_113_concelier_ii | Cartographer Guild | src/Cartographer/Contracts | ATLN0101 approvals | Task #1 schema freeze | CAGR0101 | | POLICY-ENGINE-27-004 | TODO | | SPRINT_124_policy_reasoning | Policy Guild | | — | — | PLPE0102 | | --JOB-ORCHESTRATOR-DOCS-0001 | TODO | | SPRINT_323_docs_modules_orchestrator | Docs Guild (docs/modules/orchestrator) | docs/modules/orchestrator | ORGR0102 outline | | DOOR0101 | | --JOB-ORCHESTRATOR-ENG-0001 | TODO | | SPRINT_323_docs_modules_orchestrator | Module Team (docs/modules/orchestrator) | docs/modules/orchestrator | ORGR0102 outline | | DOOR0101 | | --JOB-ORCHESTRATOR-OPS-0001 | TODO | | SPRINT_323_docs_modules_orchestrator | Ops Guild (docs/modules/orchestrator) | docs/modules/orchestrator | DOOR0101 doc structure | | DOOR0101 | | 24-001 | DONE | 2025-11-09 | SPRINT_140_runtime_signals | Signals Guild | src/Signals/StellaOps.Signals | — | — | SGSI0101 | | 24-002 | DOING | 2025-11-07 | SPRINT_140_runtime_signals | Signals Guild | src/Signals/StellaOps.Signals | Surface cache availability | Surface cache availability | SGSI0101 | | 24-003 | DOING | 2025-11-09 | SPRINT_140_runtime_signals | Signals Guild | src/Signals/StellaOps.Signals | 24-002 + provenance enrichment | 24-002 + provenance enrichment | SGSI0101 | | 24-004 | BLOCKED | 2025-10-27 | SPRINT_140_runtime_signals | Signals Guild | src/Signals/StellaOps.Signals | Authority scopes + 24-003 | Authority scopes + 24-003 | SGSI0101 | | 24-005 | BLOCKED | 2025-10-27 | SPRINT_140_runtime_signals | Signals Guild | src/Signals/StellaOps.Signals | 24-004 scoring outputs | 24-004 scoring outputs | SGSI0101 | | 29-007 | TODO | | SPRINT_120_policy_reasoning | Findings Ledger Guild · Observability Guild | src/Findings/StellaOps.Findings.Ledger | LEDGER-29-006 | LEDGER-29-006 | PLLG0104 | | 29-008 | TODO | | SPRINT_120_policy_reasoning | Findings Ledger Guild · QA Guild | src/Findings/StellaOps.Findings.Ledger | 29-007 | LEDGER-29-007 | PLLG0104 | | 29-009 | TODO | | SPRINT_120_policy_reasoning | Findings Ledger Guild · DevOps Guild | src/Findings/StellaOps.Findings.Ledger | 29-008 | LEDGER-29-008 | PLLG0104 | | 30-001 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | — | — | PLVL0102 | | 30-002 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-001 | VEXLENS-30-001 | PLVL0102 | | 30-003 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild · Issuer Directory Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-002 | VEXLENS-30-002 | PLVL0102 | | 30-004 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild · Policy Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-003 | VEXLENS-30-003 | PLVL0102 | | 30-005 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-004 | VEXLENS-30-004 | PLVL0102 | | 30-006 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild · Findings Ledger Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-005 | VEXLENS-30-005 | PLVL0102 | | 30-007 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-006 | VEXLENS-30-006 | PLVL0102 | | 30-008 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild · Policy Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-007 | VEXLENS-30-007 | PLVL0102 | | 30-009 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild · Observability Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-008 | VEXLENS-30-008 | PLVL0102 | | 30-010 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild · QA Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-009 | VEXLENS-30-009 | PLVL0102 | | 30-011 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild · DevOps Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-010 | VEXLENS-30-010 | PLVL0103 | | 31-008 | TODO | | SPRINT_110_ingestion_evidence | Advisory AI Guild | src/AdvisoryAI/StellaOps.AdvisoryAI | AIAI-31-006; AIAI-31-007 | AIAI-31-006; AIAI-31-007 | ADAI0101 | | 31-009 | DONE | 2025-11-12 | SPRINT_110_ingestion_evidence | Advisory AI Guild | src/AdvisoryAI/StellaOps.AdvisoryAI | — | — | ADAI0101 | | 34-101 | TODO | | SPRINT_120_policy_reasoning | Findings Ledger Guild | src/Findings/StellaOps.Findings.Ledger | 29-009 | LEDGER-29-009 | PLLG0104 | | 401-004 | TODO | | SPRINT_401_reachability_evidence_chain | Replay Core Guild | `src/__Libraries/StellaOps.Replay.Core` | Signals facts stable (SGSI0101) | Signals facts stable (SGSI0101) | RPRC0101 | | 41-001 | TODO | | SPRINT_157_taskrunner_i | Task Runner Guild | src/TaskRunner/StellaOps.TaskRunner | — | — | ORTR0101 | | 44-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild · DevEx Guild (ops/deployment) | ops/deployment | — | — | DVDO0103 | | 44-002 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild (ops/deployment) | ops/deployment | 44-001 | 44-001 | DVDO0103 | | 44-003 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild · Docs Guild (ops/deployment) | ops/deployment | 44-002 | 44-002 | DVDO0103 | | 45-001 | TODO | | SPRINT_502_ops_deployment_ii | Deployment Guild (ops/deployment) | ops/deployment | 44-003 | 44-003 | DVDO0103 | | 45-002 | TODO | | SPRINT_502_ops_deployment_ii | Deployment Guild · Security Guild (ops/deployment) | ops/deployment | 45-001 | 45-001 | DVDO0103 | | 45-003 | TODO | | SPRINT_502_ops_deployment_ii | Deployment Guild · Observability Guild (ops/deployment) | ops/deployment | 45-002 | 45-002 | DVDO0103 | | 50-002 | DOING | | SPRINT_170_notifications_telemetry | Telemetry Core Guild | src/Telemetry/StellaOps.Telemetry.Core | SGSI0101 feed availability | SGSI0101 feed availability | TLTY0101 | | 51-002 | TODO | | SPRINT_170_notifications_telemetry | Telemetry Core Guild · Observability Guild · Security Guild | src/Telemetry/StellaOps.Telemetry.Core | OBS-50 baselines | OBS-50 baselines | TLTY0101 | | 54-001 | TODO | | SPRINT_110_ingestion_evidence | Exporter Guild · AirGap Time Guild · CLI Guild | | Await PGMI0101 staffing confirmation | PROGRAM-STAFF-1001 | AGCO0101 | | 56-001 | TODO | | SPRINT_170_notifications_telemetry | Telemetry Core Guild · Observability Guild | src/Telemetry/StellaOps.Telemetry.Core | SGSI0101 provenance | SGSI0101 provenance | TLTY0101 | | 58 series | TODO | | SPRINT_120_policy_reasoning | Findings Ledger Guild · AirGap Guilds · Evidence Locker Guild | src/Findings/StellaOps.Findings.Ledger | | | PLLG0102 | | 61-001 | TODO | | SPRINT_511_api | API Governance Guild | src/Api/StellaOps.Api.Governance | — | — | APIG0101 | | 61-002 | TODO | | SPRINT_511_api | API Governance Guild | src/Api/StellaOps.Api.Governance | 61-001 | 61-001 | APIG0101 | | 62-001 | TODO | | SPRINT_206_devportal | DevPortal Guild | src/DevPortal/StellaOps.DevPortal.Site | APIG0101 outputs | APIG0101 outputs | DEVL0101 | | 62-002 | TODO | | SPRINT_206_devportal | DevPortal Guild | src/DevPortal/StellaOps.DevPortal.Site | 62-001 | 62-001 | DEVL0101 | | 63-001 | TODO | | SPRINT_206_devportal | DevPortal Guild · Platform Guild | src/DevPortal/StellaOps.DevPortal.Site | 62-002 | 62-002 | DEVL0101 | | 63-002 | TODO | | SPRINT_206_devportal | DevPortal Guild · SDK Generator Guild | src/DevPortal/StellaOps.DevPortal.Site | 63-001 | 63-001 | DEVL0101 | | 63-003 | TODO | | SPRINT_208_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | APIG0101 outputs | APIG0101 outputs | SDKG0101 | | 63-004 | TODO | | SPRINT_208_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | 63-003 | 63-003 | SDKG0101 | | 64-001 | TODO | | SPRINT_206_devportal | DevPortal Guild · Export Center Guild | src/DevPortal/StellaOps.DevPortal.Site | Export profile review | Export profile review | DEVL0101 | | 64-002 | TODO | | SPRINT_160_export_evidence | DevPortal Offline + AirGap Controller Guilds | docs/modules/export-center/devportal-offline.md | Wait for Mirror staffing confirmation (001_PGMI0101) | Wait for Mirror staffing confirmation (001_PGMI0101) | DEVL0102 | | 73-001 | DONE | 2025-11-03 | SPRINT_100_identity_signing | KMS Guild | src/__Libraries/StellaOps.Cryptography.Kms | Staffing + DSSE contract (PGMI0101, ATEL0101) | Staffing + DSSE contract (PGMI0101, ATEL0101) | KMSI0101 | | 73-002 | DONE | 2025-11-03 | SPRINT_100_identity_signing | KMS Guild | src/__Libraries/StellaOps.Cryptography.Kms | Depends on #1, FIDO2 profile | FIDO2 | KMSI0101 | | ADVISORY-AI-DOCS-0001 | TODO | | SPRINT_312_docs_modules_advisory_ai | Docs Guild (docs/modules/advisory-ai) | docs/modules/advisory-ai | Align with ./AGENTS.md | — | DOAI0101 | | AI-DOCS-0001 | TODO | | SPRINT_312_docs_modules_advisory_ai | Docs Guild (docs/modules/advisory-ai) | docs/modules/advisory-ai | — | — | DOAI0101 | | AI-OPS-0001 | TODO | | SPRINT_312_docs_modules_advisory_ai | Ops Guild (docs/modules/advisory-ai) | docs/modules/advisory-ai | — | — | DOAI0101 | | AIAI-31-001 | DONE | 2025-11-09 | SPRINT_110_ingestion_evidence | Excititor Web/Core Guilds | src/AdvisoryAI/StellaOps.AdvisoryAI | Validate Excititor hand-off replay | Validate Excititor hand-off replay | ADAI0102 | | AIAI-31-002 | DOING | | SPRINT_110_ingestion_evidence | Concelier Core · Concelier WebService Guilds | src/AdvisoryAI/StellaOps.AdvisoryAI | Needs CONCELIER-GRAPH-21-001..002 unblock | CONCELIER-GRAPH-21-001; CARTO-GRAPH-21-002 | ADAI0102 | | AIAI-31-003 | DONE | 2025-11-12 | SPRINT_110_ingestion_evidence | Concelier Observability Guild | src/AdvisoryAI/StellaOps.AdvisoryAI | Await observability evidence upload | Await observability evidence upload | ADAI0102 | | AIAI-31-004 | DOING | | SPRINT_110_ingestion_evidence | Docs Guild · Console Guild | | CONSOLE-VULN-29-001; CONSOLE-VEX-30-001; SBOM-AIAI-31-001 | CONSOLE-VULN-29-001; CONSOLE-VEX-30-001; SBOM-AIAI-31-001 | DOAI0101 | | AIAI-31-005 | BLOCKED | | SPRINT_110_ingestion_evidence | Docs Guild | | DOCS-AIAI-31-004; CLI-VULN-29-001; CLI-VEX-30-001; POLICY-ENGINE-31-001; DEVOPS-AIAI-31-001 | DOCS-AIAI-31-004; CLI-VULN-29-001; CLI-VEX-30-001; POLICY-ENGINE-31-001; DEVOPS-AIAI-31-001 | DOAI0101 | | AIAI-31-006 | DONE | 2025-11-13 | SPRINT_111_advisoryai | Docs Guild, Policy Guild (docs) | | — | — | DOAI0101 | | AIAI-31-008 | TODO | | SPRINT_110_ingestion_evidence | Advisory AI Guild | | Remote inference packaging queued behind policy knob work. | AIAI-31-006; AIAI-31-007 | DOAI0101 | | AIAI-31-009 | DONE | 2025-11-12 | SPRINT_110_ingestion_evidence | Advisory AI Guild | | Regression suite + `AdvisoryAI:Guardrails` config landed with perf budgets. | — | DOAI0101 | | AIRGAP-46-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild · Offline Kit Guild | ops/deployment | Needs Mirror staffing + DSSE plan (001_PGMI0101, 002_ATEL0101) | Needs Mirror staffing + DSSE plan (001_PGMI0101, 002_ATEL0101) | AGDP0101 | | AIRGAP-56 | TODO | | SPRINT_110_ingestion_evidence | Excititor Guild · AirGap Guilds | docs/modules/airgap/airgap-mode.md | Needs Link-Not-Merge schema from 005_ATLN0101 | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | AGCO0101 | | AIRGAP-56-001 | TODO | | SPRINT_110_ingestion_evidence | Exporter Guild · AirGap Time Guild · CLI Guild | docs/modules/airgap/airgap-mode.md | Dependent on #2 + AirGap Time contract | PROGRAM-STAFF-1001 | AGCO0101 | | AIRGAP-56-001..58-001 | TODO | | SPRINT_110_ingestion_evidence | Concelier Core · AirGap Guilds | docs/modules/airgap/airgap-mode.md | Requires #3 plus Evidence Locker contract | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ELOCKER-CONTRACT-2001 | AGCO0101 | | AIRGAP-56-002 | DONE | | SPRINT_170_notifications_telemetry | Notifications Service Guild · DevOps Guild | src/Notify/StellaOps.Notify | | | NOTY0101 | | AIRGAP-56-003 | TODO | | SPRINT_301_docs_tasks_md_i | Docs Guild · Exporter Guild | docs/modules/airgap | DOCS-AIRGAP-56-002 | DOCS-AIRGAP-56-002 | AIDG0101 | | AIRGAP-56-004 | TODO | | SPRINT_301_docs_tasks_md_i | Docs Guild · Deployment Guild | docs/modules/airgap | AIRGAP-56-003 | DOCS-AIRGAP-56-003 | AIDG0101 | | AIRGAP-57 | TODO | | SPRINT_110_ingestion_evidence | Excititor Guild · AirGap Guilds | docs/modules/airgap/airgap-mode.md | Needs AirGap staffing (#1) and ATTEST-PLAN-2001 | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | AGCO0101 | | AIRGAP-57-001 | DONE | 2025-11-08 | SPRINT_100_identity_signing | Authority Core & Security Guild, DevOps Guild (src/Authority/StellaOps.Authority) | src/Authority/StellaOps.Authority | | AUTH-AIRGAP-56-001; DEVOPS-AIRGAP-57-002 | KMSI0101 | | AIRGAP-57-002 | DOING | 2025-11-08 | SPRINT_503_ops_devops_i | DevOps Guild, Authority Guild (ops/devops) | ops/devops | | | DVDO0101 | | AIRGAP-57-003 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild · CLI Guild | docs/modules/airgap | CLI & ops inputs | CLI & ops inputs | AIDG0101 | | AIRGAP-57-004 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild · Ops Guild | docs/modules/airgap | AIRGAP-57-003 | AIRGAP-57-003 | AIDG0101 | | AIRGAP-58 | TODO | | SPRINT_110_ingestion_evidence | Excititor Guild · AirGap Guilds | docs/modules/airgap/airgap-mode.md | Depends on Concelier graph schema (005_ATLN0101) | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | AGCO0101 | | AIRGAP-58-001 | TODO | | SPRINT_112_concelier_i | Concelier Core Guild · Evidence Locker Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | | | AGCN0101 | | AIRGAP-58-002 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild, Security Guild (docs) | docs/modules/airgap | | | AIDG0101 | | AIRGAP-58-003 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild, DevEx Guild (docs) | docs/modules/airgap | | | AIDG0101 | | AIRGAP-58-004 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild, Evidence Locker Guild (docs) | docs/modules/airgap | | | AIDG0101 | | AIRGAP-CTL-56-001 | TODO | | SPRINT_510_airgap | AirGap Controller Guild | src/AirGap/StellaOps.AirGap.Controller | Implement `airgap_state` persistence, seal/unseal state machine, and Authority scope checks (`airgap:seal`, `airgap:status:read`). | ATLN0101 review | AGCT0101 | | AIRGAP-CTL-56-002 | TODO | | SPRINT_510_airgap | AirGap Controller Guild · DevOps Guild | src/AirGap/StellaOps.AirGap.Controller | Expose `GET /system/airgap/status`, `POST /system/airgap/seal`, integrate policy hash validation, and return staleness/time anchor placeholders. Dependencies: AIRGAP-CTL-56-001. | AIRGAP-CTL-56-001 | AGCT0101 | | AIRGAP-CTL-57-001 | TODO | | SPRINT_510_airgap | AirGap Controller Guild | src/AirGap/StellaOps.AirGap.Controller | Add startup diagnostics that block application run when sealed flag set but egress policies missing; emit audit + telemetry. Dependencies: AIRGAP-CTL-56-002. | AIRGAP-CTL-56-002 | AGCT0101 | | AIRGAP-CTL-57-002 | TODO | | SPRINT_510_airgap | AirGap Controller Guild · Observability Guild | src/AirGap/StellaOps.AirGap.Controller | Instrument seal/unseal events with trace/log fields and timeline emission (`airgap.sealed`, `airgap.unsealed`). Dependencies: AIRGAP-CTL-57-001. | AIRGAP-CTL-57-001 | AGCT0101 | | AIRGAP-CTL-58-001 | TODO | | SPRINT_510_airgap | AirGap Controller Guild · AirGap Time Guild | src/AirGap/StellaOps.AirGap.Controller | Persist time anchor metadata, compute drift seconds, and surface staleness budgets in status API. Dependencies: AIRGAP-CTL-57-002. | AIRGAP-CTL-57-002 | AGCT0101 | | AIRGAP-DEVPORT-64-001 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild · DevPortal Offline Guild | docs/modules/export-center/devportal-offline.md | Depends on 071_AGCO0101 manifest decisions | Depends on 071_AGCO0101 manifest decisions | DEVL0102 | | AIRGAP-IMP-56-001 | TODO | | SPRINT_510_airgap | AirGap Importer Guild | src/AirGap/StellaOps.AirGap.Importer | Implement DSSE verification helpers, TUF metadata parser (`root.json`, `snapshot.json`, `timestamp.json`), and Merkle root calculator. | ATLN0101 approvals | AGIM0101 | | AIRGAP-IMP-56-002 | TODO | | SPRINT_510_airgap | AirGap Importer Guild · Security Guild | src/AirGap/StellaOps.AirGap.Importer | Introduce root rotation policy validation (dual approval) and signer trust store management. Dependencies: AIRGAP-IMP-56-001. | AIRGAP-IMP-56-001 | AGIM0101 | | AIRGAP-IMP-57-001 | TODO | | SPRINT_510_airgap | AirGap Importer Guild | src/AirGap/StellaOps.AirGap.Importer | Write `bundle_catalog` and `bundle_items` repositories with RLS + deterministic migrations. Dependencies: AIRGAP-IMP-56-002. | Importer infra | AGIM0101 | | AIRGAP-IMP-57-002 | TODO | | SPRINT_510_airgap | AirGap Importer Guild · DevOps Guild | src/AirGap/StellaOps.AirGap.Importer | Implement object-store loader storing artifacts under tenant/global mirror paths with Zstandard decompression and checksum validation. Dependencies: AIRGAP-IMP-57-001. | 57-001 | AGIM0101 | | AIRGAP-IMP-58-001 | TODO | | SPRINT_510_airgap | AirGap Importer Guild · CLI Guild | src/AirGap/StellaOps.AirGap.Importer | Implement API (`POST /airgap/import`, `/airgap/verify`) and CLI commands wiring verification + catalog updates, including diff preview. Dependencies: AIRGAP-IMP-57-002. | CLI contract alignment | AGIM0101 | | AIRGAP-IMP-58-002 | TODO | | SPRINT_510_airgap | AirGap Importer Guild · Observability Guild | src/AirGap/StellaOps.AirGap.Importer | Emit timeline events (`airgap.import.started. Dependencies: AIRGAP-IMP-58-001. | 58-001 observability | AGIM0101 | | AIRGAP-TIME-57-001 | TODO | | SPRINT_110_ingestion_evidence | Exporter Guild · AirGap Time Guild · CLI Guild | | PROGRAM-STAFF-1001; AIRGAP-TIME-CONTRACT-1501 | PROGRAM-STAFF-1001; AIRGAP-TIME-CONTRACT-1501 | ATMI0102 | | AIRGAP-TIME-57-002 | TODO | | SPRINT_510_airgap | AirGap Time Guild · Observability Guild | src/AirGap/StellaOps.AirGap.Time | Add telemetry counters for time anchors (`airgap_time_anchor_age_seconds`) and alerts for approaching thresholds. Dependencies: AIRGAP-TIME-57-001. | Controller schema | AGTM0101 | | AIRGAP-TIME-58-001 | TODO | | SPRINT_510_airgap | AirGap Time Guild | src/AirGap/StellaOps.AirGap.Time | Persist drift baseline, compute per-content staleness (advisories, VEX, policy) based on bundle metadata, and surface through controller status API. Dependencies: AIRGAP-TIME-57-002. | 57-002 | AGTM0101 | | AIRGAP-TIME-58-002 | TODO | | SPRINT_510_airgap | AirGap Time Guild, Notifications Guild (src/AirGap/StellaOps.AirGap.Time) | src/AirGap/StellaOps.AirGap.Time | Emit notifications and timeline events when staleness budgets breached or approaching. Dependencies: AIRGAP-TIME-58-001. | | AGTM0101 | | ANALYZERS-DENO-26-001 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Bootstrap analyzer helpers | Bootstrap analyzer helpers | SCSA0201 | | ANALYZERS-DENO-26-002 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Depends on #1 | SCANNER-ANALYZERS-DENO-26-001 | SCSA0201 | | ANALYZERS-DENO-26-003 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Depends on #2 | SCANNER-ANALYZERS-DENO-26-002 | SCSA0201 | | ANALYZERS-DENO-26-004 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Depends on #3 | SCANNER-ANALYZERS-DENO-26-003 | SCSA0201 | | ANALYZERS-DENO-26-005 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Depends on #4 | SCANNER-ANALYZERS-DENO-26-004 | SCSA0201 | | ANALYZERS-DENO-26-006 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Depends on #5 | SCANNER-ANALYZERS-DENO-26-005 | SCSA0201 | | ANALYZERS-DENO-26-007 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | SCANNER-ANALYZERS-DENO-26-006 | SCANNER-ANALYZERS-DENO-26-006 | SCSA0102 | | ANALYZERS-DENO-26-008 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild, QA Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | SCANNER-ANALYZERS-DENO-26-007 | SCANNER-ANALYZERS-DENO-26-007 | SCSA0102 | | ANALYZERS-DENO-26-009 | TODO | | SPRINT_131_scanner_surface | Deno Analyzer Guild, Signals Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | SCANNER-ANALYZERS-DENO-26-008 | SCANNER-ANALYZERS-DENO-26-008 | SCSA0101 | | ANALYZERS-DENO-26-010 | TODO | | SPRINT_131_scanner_surface | Deno Analyzer Guild, DevOps Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | SCANNER-ANALYZERS-DENO-26-009 | SCANNER-ANALYZERS-DENO-26-009 | SCSA0101 | | ANALYZERS-DENO-26-011 | TODO | | SPRINT_131_scanner_surface | Deno Analyzer Guild · Signals Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Depends on ANALYZERS-DENO-26-010 + telemetry schema | SCANNER-ANALYZERS-DENO-26-010 | SCSA0202 | | ANALYZERS-JAVA-21-005 | TODO | | SPRINT_131_scanner_surface | Java Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | SCANNER-ANALYZERS-JAVA-21-004 | SCANNER-ANALYZERS-JAVA-21-004 | SCSA0301 | | ANALYZERS-JAVA-21-006 | TODO | | SPRINT_131_scanner_surface | Java Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Depends on #1 | SCANNER-ANALYZERS-JAVA-21-005 | SCSA0301 | | ANALYZERS-JAVA-21-007 | TODO | | SPRINT_131_scanner_surface | Java Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Depends on #2 | SCANNER-ANALYZERS-JAVA-21-006 | SCSA0301 | | ANALYZERS-JAVA-21-008 | BLOCKED | 2025-10-27 | SPRINT_131_scanner_surface | Java Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | SCANNER-ANALYZERS-JAVA-21-007 | SCANNER-ANALYZERS-JAVA-21-007 | SCSA0102 | | ANALYZERS-JAVA-21-009 | TODO | | SPRINT_131_scanner_surface | Java Analyzer Guild, QA Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | SCANNER-ANALYZERS-JAVA-21-008 | SCANNER-ANALYZERS-JAVA-21-008 | SCSA0102 | | ANALYZERS-JAVA-21-010 | TODO | | SPRINT_131_scanner_surface | Java Analyzer Guild, Signals Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | SCANNER-ANALYZERS-JAVA-21-009 | SCANNER-ANALYZERS-JAVA-21-009 | SCSA0101 | | ANALYZERS-JAVA-21-011 | TODO | | SPRINT_131_scanner_surface | Java Analyzer Guild · DevOps Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Requires SCANNER-ANALYZERS-JAVA-21-010 + DevOps packaging | SCANNER-ANALYZERS-JAVA-21-010 | SCSA0301 | | ANALYZERS-LANG-11-001 | TODO | | SPRINT_131_scanner_surface | StellaOps.Scanner EPDR Guild · Language Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Requires SCANNER-ANALYZERS-LANG-10-309 artifact | SCANNER-ANALYZERS-LANG-10-309 | SCSA0103 | | ANALYZERS-LANG-11-002 | TODO | | SPRINT_132_scanner_surface | StellaOps.Scanner EPDR Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Depends on #1 for shared metadata | SCANNER-ANALYZERS-LANG-11-001 | SCSA0103 | | ANALYZERS-LANG-11-003 | TODO | | SPRINT_132_scanner_surface | StellaOps.Scanner EPDR Guild · Signals Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Needs #2 plus Signals schema for entry-trace | SCANNER-ANALYZERS-LANG-11-002 | SCSA0103 | | ANALYZERS-LANG-11-004 | TODO | | SPRINT_132_scanner_surface | StellaOps.Scanner EPDR Guild · SBOM Service Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Requires #3 and SBOM service hooks | SCANNER-ANALYZERS-LANG-11-003 | SCSA0103 | | ANALYZERS-LANG-11-005 | TODO | | SPRINT_132_scanner_surface | StellaOps.Scanner EPDR Guild · QA Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Depends on #4 for QA fixtures | SCANNER-ANALYZERS-LANG-11-004 | SCSA0103 | | ANALYZERS-NATIVE-20-001 | TODO | | SPRINT_132_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Bootstrap native analyzer helpers | Bootstrap native analyzer helpers | SCSA0401 | | ANALYZERS-NATIVE-20-002 | TODO | | SPRINT_132_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #1 | SCANNER-ANALYZERS-NATIVE-20-001 | SCSA0401 | | ANALYZERS-NATIVE-20-003 | TODO | | SPRINT_132_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #2 | SCANNER-ANALYZERS-NATIVE-20-002 | SCSA0401 | | ANALYZERS-NATIVE-20-004 | TODO | | SPRINT_132_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #3 | SCANNER-ANALYZERS-NATIVE-20-003 | SCSA0401 | | ANALYZERS-NATIVE-20-005 | TODO | | SPRINT_132_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #4 | SCANNER-ANALYZERS-NATIVE-20-004 | SCSA0401 | | ANALYZERS-NATIVE-20-006 | TODO | | SPRINT_132_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #5 | SCANNER-ANALYZERS-NATIVE-20-005 | SCSA0401 | | ANALYZERS-NATIVE-20-007 | TODO | | SPRINT_132_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #6 | SCANNER-ANALYZERS-NATIVE-20-006 | SCSA0401 | | ANALYZERS-NATIVE-20-008 | TODO | | SPRINT_132_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #7 | SCANNER-ANALYZERS-NATIVE-20-007 | SCSA0401 | | ANALYZERS-NATIVE-20-009 | TODO | | SPRINT_132_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #8 | SCANNER-ANALYZERS-NATIVE-20-008 | SCSA0401 | | ANALYZERS-NATIVE-20-010 | TODO | | SPRINT_132_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #9 | SCANNER-ANALYZERS-NATIVE-20-009 | SCSA0401 | | ANALYZERS-NODE-22-001 | TODO | | SPRINT_132_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Bootstrap Node analyzer helper | Bootstrap Node analyzer helper | SCSA0501 | | ANALYZERS-NODE-22-002 | TODO | | SPRINT_132_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #1 | SCANNER-ANALYZERS-NODE-22-001 | SCSA0501 | | ANALYZERS-NODE-22-003 | TODO | | SPRINT_132_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #2 | SCANNER-ANALYZERS-NODE-22-002 | SCSA0501 | | ANALYZERS-NODE-22-004 | TODO | | SPRINT_132_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #3 | SCANNER-ANALYZERS-NODE-22-003 | SCSA0501 | | ANALYZERS-NODE-22-005 | TODO | | SPRINT_132_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #4 | SCANNER-ANALYZERS-NODE-22-004 | SCSA0501 | | ANALYZERS-NODE-22-006 | TODO | | SPRINT_133_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #5 | SCANNER-ANALYZERS-NODE-22-005 | SCSA0501 | | ANALYZERS-NODE-22-007 | TODO | | SPRINT_133_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #6 | SCANNER-ANALYZERS-NODE-22-006 | SCSA0501 | | ANALYZERS-NODE-22-008 | TODO | | SPRINT_133_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #7 | SCANNER-ANALYZERS-NODE-22-007 | SCSA0501 | | ANALYZERS-NODE-22-009 | TODO | | SPRINT_133_scanner_surface | Node Analyzer Guild · QA Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #8 | SCANNER-ANALYZERS-NODE-22-008 | SCSA0501 | | ANALYZERS-NODE-22-010 | TODO | | SPRINT_133_scanner_surface | Node Analyzer Guild · Signals Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #9 | SCANNER-ANALYZERS-NODE-22-009 | SCSA0501 | | ANALYZERS-NODE-22-011 | TODO | | SPRINT_133_scanner_surface | Node Analyzer Guild · DevOps Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on ANALYZERS-NODE-22-010 + DevOps packaging | SCANNER-ANALYZERS-NODE-22-010 | SCSA0502 | | ANALYZERS-NODE-22-012 | TODO | | SPRINT_133_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Needs #1 regression fixtures | SCANNER-ANALYZERS-NODE-22-011 | SCSA0502 | | ANALYZERS-PHP-27-001 | TODO | | SPRINT_133_scanner_surface | PHP Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Analyzer helper bootstrap | Analyzer helper bootstrap | SCSA0601 | | ANALYZERS-PHP-27-002 | TODO | | SPRINT_133_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | SCANNER-ANALYZERS-PHP-27-001 | SCANNER-ANALYZERS-PHP-27-001 | SCSA0101 | | ANALYZERS-PHP-27-003 | TODO | | SPRINT_133_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | SCANNER-ANALYZERS-PHP-27-002 | SCANNER-ANALYZERS-PHP-27-002 | SCSA0101 | | ANALYZERS-PHP-27-004 | TODO | | SPRINT_133_scanner_surface | PHP Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Depends on SCANNER-ANALYZERS-PHP-27-003 | SCANNER-ANALYZERS-PHP-27-003 | SCSA0601 | | ANALYZERS-PHP-27-005 | TODO | | SPRINT_133_scanner_surface | PHP Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Depends on #2 | SCANNER-ANALYZERS-PHP-27-004 | SCSA0601 | | ANALYZERS-PHP-27-006 | TODO | | SPRINT_133_scanner_surface | PHP Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Depends on #3 | SCANNER-ANALYZERS-PHP-27-005 | SCSA0601 | | ANALYZERS-PHP-27-007 | TODO | | SPRINT_133_scanner_surface | PHP Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Depends on #4 | SCANNER-ANALYZERS-PHP-27-006 | SCSA0601 | | ANALYZERS-PHP-27-008 | TODO | | SPRINT_134_scanner_surface | PHP Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Depends on #1 + CLI feedback | SCANNER-ANALYZERS-PHP-27-002 | SCSA0601 | | ANALYZERS-PHP-27-009 | TODO | | SPRINT_134_scanner_surface | PHP Analyzer Guild · QA Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Depends on #5 | SCANNER-ANALYZERS-PHP-27-007 | SCSA0601 | | ANALYZERS-PHP-27-010 | TODO | | SPRINT_134_scanner_surface | PHP Analyzer Guild · Signals Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Depends on #7 | SCANNER-ANALYZERS-PHP-27-009 | SCSA0601 | | ANALYZERS-PHP-27-011 | TODO | | SPRINT_134_scanner_surface | PHP Analyzer Guild, DevOps Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | | SCANNER-ANALYZERS-PHP-27-010 | SCSA0602 | | ANALYZERS-PHP-27-012 | TODO | | SPRINT_134_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | | SCANNER-ANALYZERS-PHP-27-011 | SCSA0602 | | ANALYZERS-PYTHON-23-001 | TODO | | SPRINT_134_scanner_surface | Python Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Analyzer helper bootstrap | Analyzer helper bootstrap | SCSA0701 | | ANALYZERS-PYTHON-23-002 | TODO | | SPRINT_134_scanner_surface | Python Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Depends on #1 | SCANNER-ANALYZERS-PYTHON-23-001 | SCSA0701 | | ANALYZERS-PYTHON-23-003 | TODO | | SPRINT_134_scanner_surface | Python Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Depends on #2 | SCANNER-ANALYZERS-PYTHON-23-002 | SCSA0701 | | ANALYZERS-PYTHON-23-004 | TODO | | SPRINT_134_scanner_surface | Python Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Depends on #3 | SCANNER-ANALYZERS-PYTHON-23-003 | SCSA0701 | | ANALYZERS-PYTHON-23-005 | TODO | | SPRINT_134_scanner_surface | Python Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Depends on #4 | SCANNER-ANALYZERS-PYTHON-23-004 | SCSA0701 | | ANALYZERS-PYTHON-23-006 | TODO | | SPRINT_134_scanner_surface | Python Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Depends on #5 | SCANNER-ANALYZERS-PYTHON-23-005 | SCSA0701 | | ANALYZERS-PYTHON-23-007 | TODO | | SPRINT_134_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | SCANNER-ANALYZERS-PYTHON-23-006 | SCANNER-ANALYZERS-PYTHON-23-006 | SCSA0101 | | ANALYZERS-PYTHON-23-008 | TODO | | SPRINT_134_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | SCANNER-ANALYZERS-PYTHON-23-007 | SCANNER-ANALYZERS-PYTHON-23-007 | SCSA0101 | | ANALYZERS-PYTHON-23-009 | TODO | | SPRINT_134_scanner_surface | Python Analyzer Guild, QA Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | SCANNER-ANALYZERS-PYTHON-23-008 | SCANNER-ANALYZERS-PYTHON-23-008 | SCSA0101 | | ANALYZERS-PYTHON-23-010 | TODO | | SPRINT_134_scanner_surface | Python Analyzer Guild, Signals Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | SCANNER-ANALYZERS-PYTHON-23-009 | SCANNER-ANALYZERS-PYTHON-23-009 | SCSA0102 | | ANALYZERS-PYTHON-23-011 | TODO | | SPRINT_134_scanner_surface | Python Analyzer Guild, DevOps Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | SCANNER-ANALYZERS-PYTHON-23-010 | SCANNER-ANALYZERS-PYTHON-23-010 | SCSA0102 | | ANALYZERS-PYTHON-23-012 | TODO | | SPRINT_135_scanner_surface | Python Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Needs ANALYZERS-PYTHON-23-011 evidence | SCANNER-ANALYZERS-PYTHON-23-011 | SCSA0702 | | ANALYZERS-RUBY-28-001 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Bootstrap helper | Bootstrap helper | SCSA0801 | | ANALYZERS-RUBY-28-002 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #1 | SCANNER-ANALYZERS-RUBY-28-001 | SCSA0801 | | ANALYZERS-RUBY-28-003 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #2 | SCANNER-ANALYZERS-RUBY-28-002 | SCSA0801 | | ANALYZERS-RUBY-28-004 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #3 | SCANNER-ANALYZERS-RUBY-28-003 | SCSA0801 | | ANALYZERS-RUBY-28-005 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #4 | SCANNER-ANALYZERS-RUBY-28-004 | SCSA0801 | | ANALYZERS-RUBY-28-006 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #5 | SCANNER-ANALYZERS-RUBY-28-005 | SCSA0801 | | ANALYZERS-RUBY-28-007 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #6 | SCANNER-ANALYZERS-RUBY-28-006 | SCSA0801 | | ANALYZERS-RUBY-28-008 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #7 | SCANNER-ANALYZERS-RUBY-28-007 | SCSA0801 | | ANALYZERS-RUBY-28-009 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild · QA Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #8 | SCANNER-ANALYZERS-RUBY-28-008 | SCSA0801 | | ANALYZERS-RUBY-28-010 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild · Signals Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #9 | SCANNER-ANALYZERS-RUBY-28-009 | SCSA0801 | | ANALYZERS-RUBY-28-011 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild · DevOps Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on ANALYZERS-RUBY-28-010 | SCANNER-ANALYZERS-RUBY-28-010 | SCSA0802 | | ANALYZERS-RUBY-28-012 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Needs #1 fixtures | SCANNER-ANALYZERS-RUBY-28-011 | SCSA0802 | | AOC-19-001 | TODO | | SPRINT_123_policy_reasoning | Policy Guild | src/Policy/__Libraries/StellaOps.Policy | Review Link-Not-Merge schema | Review Link-Not-Merge schema | PLAO0101 | | AOC-19-002 | TODO | | SPRINT_123_policy_reasoning | Policy Guild | src/Policy/__Libraries/StellaOps.Policy | Depends on #1 | POLICY-AOC-19-001 | PLAO0101 | | AOC-19-003 | TODO | | SPRINT_123_policy_reasoning | Policy Guild | src/Policy/__Libraries/StellaOps.Policy | Depends on #2 | POLICY-AOC-19-002 | PLAO0101 | | AOC-19-004 | TODO | | SPRINT_123_policy_reasoning | Policy Guild | src/Policy/__Libraries/StellaOps.Policy | Depends on #3 | POLICY-AOC-19-003 | PLAO0101 | | AOC-19-101 | TODO | 2025-10-28 | SPRINT_503_ops_devops_i | DevOps Guild | ops/devops | Needs helper definitions from PLAO0101 | Needs helper definitions from PLAO0101 | DVAO0101 | | API-27-001 | TODO | | SPRINT_129_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Governance decision (APIG0101) | Governance decision (APIG0101) | PLAR0101 | | API-27-002 | TODO | | SPRINT_129_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #1 | REGISTRY-API-27-001 | PLAR0101 | | API-27-003 | TODO | | SPRINT_129_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #2 | REGISTRY-API-27-002 | PLAR0101 | | API-27-004 | TODO | | SPRINT_129_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #3 | REGISTRY-API-27-003 | PLAR0101 | | API-27-005 | TODO | | SPRINT_129_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #4 | REGISTRY-API-27-004 | PLAR0101 | | API-27-006 | TODO | | SPRINT_129_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #5 | REGISTRY-API-27-005 | PLAR0101 | | API-27-007 | TODO | | SPRINT_129_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #6 | REGISTRY-API-27-006 | PLAR0101 | | API-27-008 | TODO | | SPRINT_129_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #7 | REGISTRY-API-27-007 | PLAR0101 | | API-27-009 | TODO | | SPRINT_129_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #8 | REGISTRY-API-27-008 | PLAR0101 | | API-27-010 | TODO | | SPRINT_129_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #9 | REGISTRY-API-27-009 | PLAR0101 | | API-28-001 | TODO | | SPRINT_207_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Cartographer schema sign-off | Cartographer schema sign-off | GRAP0101 | | API-28-002 | TODO | | SPRINT_207_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #1 | Depends on #1 | GRAP0101 | | API-28-003 | TODO | | SPRINT_207_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #2 | Depends on #2 | GRAP0101 | | API-28-004 | TODO | | SPRINT_207_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #3 | Depends on #3 | GRAP0101 | | API-28-005 | TODO | | SPRINT_207_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #4 | Depends on #4 | GRAP0101 | | API-28-006 | TODO | | SPRINT_207_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on GRAP0101 base endpoints | Depends on GRAP0101 base endpoints | GRAP0102 | | API-28-007 | TODO | | SPRINT_207_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #1 | Depends on #1 | GRAP0102 | | API-28-008 | TODO | | SPRINT_207_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #2 | Depends on #2 | GRAP0102 | | API-28-009 | TODO | | SPRINT_207_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #3 | Depends on #3 | GRAP0102 | | API-28-010 | TODO | | SPRINT_207_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #4 | Depends on #4 | GRAP0102 | | API-28-011 | TODO | | SPRINT_207_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #5 | Depends on #5 | GRAP0102 | | API-29-001 | TODO | | SPRINT_129_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Governance schema (APIG0101) | Governance schema (APIG0101) | VUAP0101 | | API-29-002 | TODO | | SPRINT_129_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #1 | VULN-API-29-001 | VUAP0101 | | API-29-003 | TODO | | SPRINT_129_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #2 | VULN-API-29-002 | VUAP0101 | | API-29-004 | TODO | | SPRINT_129_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #3 | VULN-API-29-003 | VUAP0101 | | API-29-005 | TODO | | SPRINT_129_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #4 | VULN-API-29-004 | VUAP0101 | | API-29-006 | TODO | | SPRINT_129_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #5 | VULN-API-29-005 | VUAP0101 | | API-29-007 | TODO | | SPRINT_129_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #6 | VULN-API-29-006 | VUAP0101 | | API-29-008 | TODO | | SPRINT_129_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #7 | VULN-API-29-007 | VUAP0101 | | API-29-009 | TODO | | SPRINT_129_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #8 | VULN-API-29-008 | VUAP0101 | | API-29-010 | TODO | | SPRINT_129_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #9 | VULN-API-29-009 | VUAP0101 | | API-29-011 | TODO | | SPRINT_129_policy_reasoning | Vuln Explorer API Guild · CLI Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Requires API-29-010 artifacts | VULN-API-29-010 | VUAP0102 | | APIGOV-61-001 | TODO | | SPRINT_511_api | API Governance Guild | src/Api/StellaOps.Api.Governance | Configure spectral/linters with Stella rules; add CI job failing on violations. | 61-001 | APIG0101 | | APIGOV-61-002 | TODO | | SPRINT_511_api | API Governance Guild | src/Api/StellaOps.Api.Governance | Implement example coverage checker ensuring every operation has at least one request/response example. Dependencies: APIGOV-61-001. | APIGOV-61-001 | APIG0101 | | APIGOV-62-001 | TODO | | SPRINT_511_api | API Governance Guild | src/Api/StellaOps.Api.Governance | Build compatibility diff tool producing additive/breaking reports comparing prior release. Dependencies: APIGOV-61-002. | APIGOV-61-002 | APIG0101 | | APIGOV-62-002 | TODO | | SPRINT_511_api | API Governance Guild · DevOps Guild | src/Api/StellaOps.Api.Governance | Automate changelog generation and publish signed artifacts to `src/Sdk/StellaOps.Sdk.Release` pipeline. Dependencies: APIGOV-62-001. | APIGOV-62-001 | APIG0101 | | APIGOV-63-001 | TODO | | SPRINT_511_api | API Governance Guild · Notifications Guild | src/Api/StellaOps.Api.Governance | Integrate deprecation metadata into Notification Studio templates for API sunset events. Dependencies: APIGOV-62-002. | APIGOV-62-002 | APIG0101 | | ATTEST-01-003 | TODO | | SPRINT_110_ingestion_evidence | Excititor Guild · Evidence Locker Guild | src/Attestor/StellaOps.Attestor | Requires Excititor ingest evidence | EXCITITOR-AIAI-31-002; ELOCKER-CONTRACT-2001 | ATEL0102 | | ATTEST-73-001 | TODO | | SPRINT_110_ingestion_evidence | Concelier Core · Evidence Locker Guild | src/Attestor/StellaOps.Attestor | Depends on #1 + Concelier graph unblock | CONCELIER-AIAI-31-002; ELOCKER-CONTRACT-2001 | ATEL0102 | | ATTEST-73-002 | TODO | | SPRINT_110_ingestion_evidence | Concelier Core · Evidence Locker Guild | src/Attestor/StellaOps.Attestor | Depends on #1 + Concelier graph unblock | CONCELIER-AIAI-31-002; ELOCKER-CONTRACT-2001 | ATEL0102 | | ATTEST-73-003 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild · Policy Guild | docs/modules/attestor | Wait for ATEL0102 evidence | Wait for ATEL0102 evidence | DOAT0102 | | ATTEST-73-004 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild · Attestor Service Guild | docs/modules/attestor | Depends on #1 | Depends on #1 | DOAT0102 | | ATTEST-74-001 | DOING | | SPRINT_170_notifications_telemetry | Notifications Service Guild · Attestor Service Guild | src/Notify/StellaOps.Notify | Needs DSSE schema sign-off | Needs DSSE schema sign-off | NOTY0102 | | ATTEST-74-002 | DOING | | SPRINT_170_notifications_telemetry | Notifications Service Guild | src/Notify/StellaOps.Notify | Depends on #1 | Depends on #1 | NOTY0102 | | ATTEST-74-003 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild · Attestor Console Guild | docs/modules/attestor | Depends on NOTY0102 | Depends on NOTY0102 | DOAT0102 | | ATTEST-74-004 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild · CLI Attestor Guild | docs/modules/attestor | Depends on NOTY0102 | Depends on NOTY0102 | DOAT0102 | | ATTEST-75-001 | TODO | | SPRINT_160_export_evidence | Docs Guild · Export Attestation Guild | docs/modules/attestor | Needs Export bundle schema (ECOB0101) | Needs Export bundle schema (ECOB0101) | DOAT0102 | | ATTEST-75-002 | TODO | | SPRINT_160_export_evidence | Docs Guild · Security Guild | docs/modules/attestor | Depends on #5 | Depends on #5 | DOAT0102 | | ATTEST-REPLAY-187-003 | TODO | | SPRINT_187_evidence_locker_cli_integration | Attestor Guild (src/Attestor/StellaOps.Attestor) | `src/Attestor/StellaOps.Attestor`, `docs/modules/attestor/architecture.md` | Wire Attestor/Rekor anchoring for replay manifests and capture verification APIs; extend `docs/modules/attestor/architecture.md` with a replay ledger flow referencing `docs/replay/DETERMINISTIC_REPLAY.md` Section 9. | Align replay payload schema with RPRC0101 | ATRE0101 | | ATTESTOR-DOCS-0001 | DONE | 2025-11-05 | SPRINT_313_docs_modules_attestor | Docs Guild | docs/modules/attestor | Validate that `docs/modules/attestor/README.md` matches the latest release notes and attestation samples. | | DOAT0102 | | ATTESTOR-ENG-0001 | TODO | | SPRINT_313_docs_modules_attestor | Module Team | docs/modules/attestor | Cross-check implementation plan milestones against `/docs/implplan/SPRINT_*.md` and update module readiness checkpoints. | Depends on #1-6 | DOAT0102 | | ATTESTOR-OPS-0001 | TODO | | SPRINT_313_docs_modules_attestor | Ops Guild | docs/modules/attestor | Review runbooks/observability assets after the next sprint demo and capture findings inline with sprint notes. | Depends on #1-6 | DOAT0102 | | AUTH-AIRGAP-57-001 | DONE (2025-11-08) | 2025-11-08 | SPRINT_100_identity_signing | Authority Core & Security Guild, DevOps Guild (src/Authority/StellaOps.Authority) | src/Authority/StellaOps.Authority | Enforce sealed-mode CI gating by refusing token issuance when declared sealed install lacks sealing confirmation. | AUTH-AIRGAP-56-001; DEVOPS-AIRGAP-57-002 | AUIN0101 | | AUTH-CRYPTO-90-001 | DOING | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Authority Core & Security Guild | src/Authority/StellaOps.Authority | Migrate Authority signing/key-loading paths (provider registry + crypto hash) so regional bundles can select sovereign providers per docs/security/crypto-routing-audit-2025-11-07.md. | Finalize sovereign crypto keystore plan | AUIN0101 | | AUTH-DPOP-11-001 | DONE (2025-11-08) | 2025-11-08 | SPRINT_100_identity_signing | Authority Core & Security Guild (src/Authority/StellaOps.Authority) | src/Authority/StellaOps.Authority | DPoP validation now runs for every `/token` grant, interactive tokens inherit `cnf.jkt`/sender claims, and docs/tests document the expanded coverage. | AUTH-AOC-19-002 | AUIN0101 | | AUTH-MTLS-11-002 | DONE (2025-11-08) | 2025-11-08 | SPRINT_100_identity_signing | Authority Core & Security Guild (src/Authority/StellaOps.Authority) | src/Authority/StellaOps.Authority | Refresh grants now enforce the original client certificate, tokens persist `x5t#S256`/hex metadata via shared helper, and docs/JWKS guidance call out the mTLS binding expectations. | AUTH-DPOP-11-001 | AUIN0101 | | AUTH-PACKS-43-001 | DONE (2025-11-09) | 2025-11-09 | SPRINT_100_identity_signing | Authority Core & Security Guild (src/Authority/StellaOps.Authority) | src/Authority/StellaOps.Authority | Enforce pack signing policies, approval RBAC checks, CLI CI token scopes, and audit logging for approvals. | AUTH-PACKS-41-001; TASKRUN-42-001; ORCH-SVC-42-101 | AUIN0101 | | AUTH-REACH-401-005 | TODO | | SPRINT_401_reachability_evidence_chain | Authority & Signer Guilds | `src/Authority/StellaOps.Authority`, `src/Signer/StellaOps.Signer` | Introduce DSSE predicate types for SBOM/Graph/VEX/Replay, plumb signing through Authority + Signer, and mirror statements to Rekor (including PQ variants where required). | Coordinate with replay reachability owners | AUIN0101 | | AUTH-VERIFY-186-007 | TODO | | SPRINT_186_record_deterministic_execution | Authority Guild · Provenance Guild | `src/Authority/StellaOps.Authority`, `src/Provenance/StellaOps.Provenance.Attestation` | Expose an Authority-side verification helper/service that validates DSSE signatures and Rekor proofs for promotion attestations using trusted checkpoints, enabling offline audit flows. | Await PROB0101 provenance harness | AUIN0101 | | AUTHORITY-DOCS-0001 | TODO | | SPRINT_314_docs_modules_authority | Docs Guild (docs/modules/authority) | docs/modules/authority | See ./AGENTS.md | Wait for AUIN0101 sign-off | DOAU0101 | | AUTHORITY-ENG-0001 | TODO | | SPRINT_314_docs_modules_authority | Module Team (docs/modules/authority) | docs/modules/authority | Update status via ./AGENTS.md workflow | Depends on #1 | DOAU0101 | | AUTHORITY-OPS-0001 | TODO | | SPRINT_314_docs_modules_authority | Ops Guild (docs/modules/authority) | docs/modules/authority | Sync outcomes back to ../.. | Depends on #1 | DOAU0101 | | AUTO-401-019 | TODO | | SPRINT_401_reachability_evidence_chain | Benchmarks Guild | `docs/benchmarks/vex-evidence-playbook.md`, `scripts/bench/**` | Align with PROB0101 schema | Align with PROB0101 schema | RBBN0101 | | BACKFILL-401-029 | DOING | | SPRINT_401_reachability_evidence_chain | Platform Guild | `docs/provenance/inline-dsse.md`, `scripts/publish_attestation_with_provenance.sh` | Align output schema with PROB0101 | Align output schema with PROB0101 | RBRE0101 | | BENCH-AUTO-401-019 | TODO | | SPRINT_401_reachability_evidence_chain | Benchmarks Guild | `docs/benchmarks/vex-evidence-playbook.md`, `scripts/bench/**` | Create automation to populate `bench/findings/**`, run baseline scanners (Trivy/Syft/Grype/Snyk/Xray), compute FP/MTTD/repro metrics, and update `results/summary.csv`. | Depends on #1 | RBBN0101 | | BENCH-GRAPH-21-001 | BLOCKED | 2025-10-27 | SPRINT_512_bench | Bench Guild · Graph Platform Guild | src/Bench/StellaOps.Bench | Build graph viewport/path benchmark harness (50k/100k nodes) measuring Graph API/Indexer latency, memory, and tile cache hit rates. *(Executed within Sprint 28 Graph program).* | Wait for CAGR0101 outputs | RBBN0102 | | BENCH-GRAPH-21-002 | BLOCKED | 2025-10-27 | SPRINT_512_bench | Bench Guild · UI Guild | src/Bench/StellaOps.Bench | Add headless UI load benchmark (Playwright) for graph canvas interactions to track render times and FPS budgets. *(Executed within Sprint 28 Graph program).*. Dependencies: BENCH-GRAPH-21-001. | Depends on #1 | RBBN0102 | | BENCH-GRAPH-24-002 | TODO | | SPRINT_512_bench | Bench Guild · UI Guild | src/Bench/StellaOps.Bench | Implement UI interaction benchmarks (filter/zoom/table operations) citing p95 latency; integrate with perf dashboards. Dependencies: BENCH-GRAPH-21-002. | Align with ORTR0101 job metadata | RBBN0102 | | BENCH-IMPACT-16-001 | TODO | | SPRINT_512_bench | Bench Guild · Scheduler Team | src/Bench/StellaOps.Bench | ImpactIndex throughput bench (resolve 10k productKeys) + RAM profile. | Needs Scheduler signals from ORTR0102 | RBBN0102 | | BENCH-POLICY-20-002 | TODO | | SPRINT_512_bench | Bench Guild · Policy Guild | src/Bench/StellaOps.Bench | Add incremental run benchmark measuring delta evaluation vs full; capture SLA compliance. | Wait for PLLG0104 ledger events | RBBN0102 | | BENCH-SIG-26-001 | TODO | | SPRINT_512_bench | Bench Guild · Signals Guild | src/Bench/StellaOps.Bench | Develop benchmark for reachability scoring pipeline (facts/sec, latency, memory) using synthetic callgraphs/runtime batches. | Needs SGSI0101 runtime feed | RBBN0102 | | BENCH-SIG-26-002 | TODO | | SPRINT_512_bench | Bench Guild · Policy Guild | src/Bench/StellaOps.Bench | Measure policy evaluation overhead with reachability cache hot/cold; ensure ≤8 ms p95 added latency. Dependencies: BENCH-SIG-26-001. | Depends on #6 | RBBN0102 | | BUNDLE-401-014 | TODO | | SPRINT_401_reachability_evidence_chain | Symbols Guild | `src/Symbols/StellaOps.Symbols.Bundle` | Needs RBRE0101 provenance payload | Needs RBRE0101 provenance payload | RBSY0101 | | BUNDLE-69-001 | TODO | | SPRINT_164_exportcenter_iii | Risk Bundle Export Guild · Risk Engine Guild | src/ExportCenter/StellaOps.ExportCenter.RiskBundles | Align with ATEL0102 DSSE outputs | Align with ATEL0102 DSSE outputs | RBRB0101 | | BUNDLE-69-002 | TODO | | SPRINT_164_exportcenter_iii | Risk Bundle Export Guild · DevOps Guild | src/ExportCenter/StellaOps.ExportCenter.RiskBundles | Depends on #1 | Depends on #1 | RBRB0101 | | BUNDLE-70-001 | TODO | | SPRINT_164_exportcenter_iii | Risk Bundle Export Guild · CLI Guild | src/ExportCenter/StellaOps.ExportCenter.RiskBundles | Needs CLI export contract from CLCI0104 | Needs CLI export contract from CLCI0104 | RBRB0101 | | BUNDLE-70-002 | TODO | | SPRINT_164_exportcenter_iii | Risk Bundle Export Guild · Docs Guild | src/ExportCenter/StellaOps.ExportCenter.RiskBundles | Depends on #3 | Depends on #3 | RBRB0101 | | CAS-401-001 | TODO | | SPRINT_401_reachability_evidence_chain | Scanner Worker Guild | `src/Scanner/StellaOps.Scanner.Worker` | Wait for RBRE0101 DSSE hashes | Wait for RBRE0101 DSSE hashes | CASC0101 | | CCCS-02-009 | TODO | | SPRINT_117_concelier_vi | Concelier Connector Guild – CCCS | src/Concelier/__Libraries/StellaOps.Concelier.Connector.Cccs | Implement restart-safe watermark + schema tests. | Confirm CCCS ingest watermark | CCFD0101 | | CENTER-ENG-0001 | TODO | | SPRINT_320_docs_modules_export_center | Module Team · Export Center Guild | docs/modules/export-center | Wait for RBRB0101 bundle sample | Wait for RBRB0101 bundle sample | DOEC0101 | | CENTER-OPS-0001 | TODO | | SPRINT_320_docs_modules_export_center | Ops Guild · Export Center Guild | docs/modules/export-center | Depends on #1 | Depends on #1 | DOEC0101 | | CERTBUND-02-010 | TODO | | SPRINT_117_concelier_vi | Concelier Connector Guild – CertBund | src/Concelier/__Libraries/StellaOps.Concelier.Connector.CertBund | Update parser + CAS hashing. | Align with German CERT schema changes | CCFD0101 | | CISCO-02-009 | DOING | 2025-11-08 | SPRINT_117_concelier_vi | Concelier Connector Guild – Cisco | src/Concelier/__Libraries/StellaOps.Concelier.Connector.Vndr.Cisco | Harden retry + provenance logging. | Needs vendor API tokens rotated | CCFD0101 | | CLI-0001 | DONE | 2025-11-10 | SPRINT_138_scanner_ruby_parity | CLI Guild, Ruby Analyzer Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | SCANNER-ENG-0019 | SCANNER-ENG-0019 | CLCI0101 | | CLI-401-007 | TODO | | SPRINT_401_reachability_evidence_chain | UI & CLI Guilds (`src/Cli/StellaOps.Cli`, `src/UI/StellaOps.UI`) | `src/Cli/StellaOps.Cli`, `src/UI/StellaOps.UI` | — | — | CLCI0101 | | CLI-401-021 | TODO | | SPRINT_401_reachability_evidence_chain | CLI Guild · DevOps Guild (`src/Cli/StellaOps.Cli`, `scripts/ci/attest-*`, `docs/modules/attestor/architecture.md`) | `src/Cli/StellaOps.Cli`, `scripts/ci/attest-*`, `docs/modules/attestor/architecture.md` | — | — | CLCI0101 | | CLI-41-001 | TODO | | SPRINT_303_docs_tasks_md_iii | Docs Guild, DevEx/CLI Guild (docs) | | — | — | CLCI0101 | | CLI-42-001 | TODO | | SPRINT_303_docs_tasks_md_iii | Docs Guild (docs) | | — | — | CLCI0101 | | CLI-43-002 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild, Task Runner Guild (ops/devops) | ops/devops | — | — | CLCI0101 | | CLI-43-003 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild, DevEx/CLI Guild (ops/devops) | ops/devops | — | — | CLCI0101 | | CLI-AIAI-31-001 | TODO | | SPRINT_201_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella advise summarize` command with JSON/Markdown outputs and citation display. | — | CLCI0101 | | CLI-AIAI-31-002 | TODO | | SPRINT_201_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella advise explain` showing conflict narrative and structured rationale. Dependencies: CLI-AIAI-31-001. | — | CLCI0101 | | CLI-AIAI-31-003 | TODO | | SPRINT_201_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella advise remediate` generating remediation plans with `--strategy` filters and file output. Dependencies: CLI-AIAI-31-002. | — | CLCI0101 | | CLI-AIAI-31-004 | TODO | | SPRINT_201_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella advise batch` for summaries/conflicts/remediation with progress + multi-status responses. Dependencies: CLI-AIAI-31-003. | — | CLCI0102 | | CLI-AIRGAP-56-001 | TODO | | SPRINT_110_ingestion_evidence | Exporter Guild · AirGap Time Guild · CLI Guild | | PROGRAM-STAFF-1001 | PROGRAM-STAFF-1001 | ATMI0102 | | CLI-AIRGAP-56-002 | TODO | | SPRINT_201_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Ensure telemetry propagation under sealed mode (no remote exporters) while preserving correlation IDs; add label `AirGapped-Phase-1`. Dependencies: CLI-AIRGAP-56-001. | — | CLCI0102 | | CLI-AIRGAP-57-001 | TODO | | SPRINT_201_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Add `stella airgap import` with diff preview, bundle scope selection (`--tenant`, `--global`), audit logging, and progress reporting. Dependencies: CLI-AIRGAP-56-002. | — | CLCI0102 | | CLI-AIRGAP-57-002 | TODO | | SPRINT_201_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Provide `stella airgap seal. Dependencies: CLI-AIRGAP-57-001. | — | CLCI0102 | | CLI-AIRGAP-58-001 | TODO | | SPRINT_201_cli_i | DevEx/CLI Guild, Evidence Locker Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella airgap export evidence` helper for portable evidence packages, including checksum manifest and verification. Dependencies: CLI-AIRGAP-57-002. | — | CLCI0102 | | CLI-ATTEST-73-001 | TODO | | SPRINT_201_cli_i | CLI Attestor Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella attest sign` (payload selection, subject digest, key reference, output format) using official SDK transport. | — | CLCI0102 | | CLI-ATTEST-73-002 | TODO | | SPRINT_201_cli_i | CLI Attestor Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella attest verify` with policy selection, explainability output, and JSON/table formatting. Dependencies: CLI-ATTEST-73-001. | — | CLCI0102 | | CLI-ATTEST-74-001 | TODO | | SPRINT_201_cli_i | CLI Attestor Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella attest list` with filters (subject, type, issuer, scope) and pagination. Dependencies: CLI-ATTEST-73-002. | — | CLCI0102 | | CLI-ATTEST-74-002 | TODO | | SPRINT_201_cli_i | CLI Attestor Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella attest fetch` to download envelopes and payloads to disk. Dependencies: CLI-ATTEST-74-001. | — | CLCI0102 | | CLI-ATTEST-75-001 | TODO | | SPRINT_201_cli_i | CLI Attestor Guild, KMS Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella attest key create. Dependencies: CLI-ATTEST-74-002. | — | CLCI0102 | | CLI-ATTEST-75-002 | TODO | | SPRINT_201_cli_i | CLI Attestor Guild | src/Cli/StellaOps.Cli | Add support for building/verifying attestation bundles in CLI. Dependencies: CLI-ATTEST-75-001. | Wait for ATEL0102 outputs | CLCI0109 | | CLI-CORE-41-001 | TODO | | SPRINT_202_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement CLI core features: config precedence, profiles/contexts, auth flows, output renderer (json/yaml/table), error mapping, global flags, telemetry opt-in. | — | CLCI0103 | | CLI-DET-01 | TODO | | SPRINT_301_docs_tasks_md_i | Docs Guild · DevEx/CLI Guild | | CLI-SBOM-60-001; CLI-SBOM-60-002 | CLI-SBOM-60-001; CLI-SBOM-60-002 | CLCI0103 | | CLI-DETER-70-003 | TODO | | SPRINT_202_cli_ii | DevEx/CLI Guild, Scanner Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Provide `stella detscore run` that executes the determinism harness locally (fixed clock, seeded RNG, canonical hashes) and writes `determinism.json`, supporting CI/non-zero threshold exit codes (`docs/modules/scanner/determinism-score.md`). | — | CLCI0103 | | CLI-DETER-70-004 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Add `stella detscore report` to summarise published `determinism.json` files (overall score, per-image matrix) and integrate with release notes/air-gap kits (`docs/modules/scanner/determinism-score.md`). Dependencies: CLI-DETER-70-003. | — | CLCI0103 | | CLI-DOCS-0001 | TODO | | SPRINT_316_docs_modules_cli | Docs Guild (docs/modules/cli) | docs/modules/cli | See ./AGENTS.md | — | CLCI0103 | | CLI-EDITOR-401-004 | TODO | | SPRINT_401_reachability_evidence_chain | CLI Guild (`src/Cli/StellaOps.Cli`, `docs/policy/lifecycle.md`) | `src/Cli/StellaOps.Cli`, `docs/policy/lifecycle.md` | Enhance `stella policy` CLI verbs (edit/lint/simulate) to edit Git-backed `.dsl` files, run local coverage tests, and commit SemVer metadata. | — | CLCI0103 | | CLI-ENG-0001 | TODO | | SPRINT_316_docs_modules_cli | Module Team (docs/modules/cli) | docs/modules/cli | Update status via ./AGENTS.md workflow | — | CLCI0103 | | CLI-EXC-25-001 | TODO | | SPRINT_202_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella exceptions list | — | CLCI0103 | | CLI-EXC-25-002 | TODO | | SPRINT_202_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Extend `stella policy simulate` with `--with-exception`/`--without-exception` flags to preview exception impact. Dependencies: CLI-EXC-25-001. | — | CLCI0103 | | CLI-EXPORT-35-001 | BLOCKED | 2025-10-29 | SPRINT_202_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella export profiles | CLCI0103 | CLCI0104 | | CLI-EXPORT-36-001 | TODO | | SPRINT_202_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Add distribution commands (`stella export distribute`, `run download --resume` enhancements) and improved status polling with progress bars. Dependencies: CLI-EXPORT-35-001. | — | CLCI0104 | | CLI-EXPORT-37-001 | TODO | | SPRINT_202_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Provide scheduling (`stella export schedule`), retention, and `export verify` commands performing signature/hash validation. Dependencies: CLI-EXPORT-36-001. | — | CLCI0104 | | CLI-FORENSICS-53-001 | TODO | | SPRINT_202_cli_ii | DevEx/CLI Guild, Evidence Locker Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella forensic snapshot create --case` and `snapshot list/show` commands invoking evidence locker APIs, surfacing manifest digests, and storing local cache metadata. | — | CLCI0104 | | CLI-FORENSICS-54-001 | TODO | | SPRINT_202_cli_ii | DevEx/CLI Guild, Provenance Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Provide `stella forensic verify ` command validating checksums, DSSE signatures, and timeline chain-of-custody. Support JSON/pretty output and exit codes for CI. Dependencies: CLI-FORENSICS-53-001. | — | CLCI0104 | | CLI-FORENSICS-54-002 | TODO | | SPRINT_202_cli_ii | DevEx/CLI Guild, Provenance Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella forensic attest show ` listing attestation details (signer, timestamp, subjects) and verifying signatures. Dependencies: CLI-FORENSICS-54-001. | — | CLCI0104 | | CLI-LNM-22-001 | TODO | | SPRINT_202_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella advisory obs get/linkset show/export` commands with JSON/OSV output, pagination, and conflict display; ensure `ERR_AGG_*` mapping. | — | CLCI0103 | | CLI-LNM-22-002 | TODO | | SPRINT_202_cli_ii | CLI Guild · Concelier Guild | src/Cli/StellaOps.Cli | Implement `stella vex obs get/linkset show` commands with product filters, status filters, and JSON output for CI usage. Dependencies: CLI-LNM-22-001. | Needs CCLN0102 API contract | CLCI0109 | | CLI-NOTIFY-38-001 | BLOCKED | 2025-10-29 | SPRINT_202_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella notify rules | CLCI0103 | CLCI0104 | | CLI-NOTIFY-39-001 | BLOCKED | 2025-10-29 | SPRINT_202_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Add simulation (`stella notify simulate`) and digest commands with diff output and schedule triggering, including dry-run mode. Dependencies: CLI-NOTIFY-38-001. | CLCI0103 | CLCI0104 | | CLI-NOTIFY-40-001 | TODO | | SPRINT_202_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Provide ack token redemption workflow, escalation management, localization previews, and channel health checks. Dependencies: CLI-NOTIFY-39-001. | — | CLCI0104 | | CLI-OBS-50-001 | TODO | | SPRINT_202_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Ensure CLI HTTP client propagates `traceparent` headers for all commands, prints correlation IDs on failure, and records trace IDs in verbose logs (scrubbed). | — | CLCI0104 | | CLI-OBS-51-001 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella obs top` command streaming service health metrics, SLO status, and burn-rate alerts with TUI view and JSON output. Dependencies: CLI-OBS-50-001. | — | CLCI0105 | | CLI-OBS-52-001 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add `stella obs trace ` and `stella obs logs --from/--to` commands that correlate timeline events, logs, and evidence links with pagination + guardrails. Dependencies: CLI-OBS-51-001. | — | CLCI0105 | | CLI-OBS-55-001 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild · DevOps Guild | src/Cli/StellaOps.Cli | Add `stella obs incident-mode enable. Dependencies: CLI-OBS-52-001. | — | CLCI0105 | | CLI-OPS-0001 | TODO | | SPRINT_316_docs_modules_cli | Ops Guild (docs/modules/cli) | docs/modules/cli | Sync outcomes back to ../.. | — | CLCI0105 | | CLI-ORCH-32-001 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella orch sources | ORGR0101 hand-off | CLCI0105 | | CLI-ORCH-33-001 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add action verbs (`sources test. Dependencies: CLI-ORCH-32-001. | ORGR0101 hand-off | CLCI0105 | | CLI-ORCH-34-001 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Provide backfill wizard (`--from/--to --dry-run`), quota management (`quotas get. Dependencies: CLI-ORCH-33-001. | ORGR0102 API review | CLCI0105 | | CLI-PACKS-42-001 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement Task Pack commands (`pack plan/run/push/pull/verify`) with schema validation, expression sandbox, plan/simulate engine, remote execution. | — | CLCI0105 | | CLI-PACKS-43-001 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Deliver advanced pack features (approvals pause/resume, secret injection, localization, man pages, offline cache). Dependencies: CLI-PACKS-42-001. | Offline kit schema sign-off | CLCI0105 | | CLI-PACKS-43-002 | TODO | | SPRINT_508_ops_offline_kit | Offline Kit Guild · Packs Registry Guild | ops/offline-kit | Bundle Task Pack samples, registry mirror seeds, Task Runner configs, and CLI binaries with checksums into Offline Kit. | CLI-PACKS-43-001 | CLCI0105 | | CLI-PARITY-41-001 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Deliver parity command groups (`policy`, `sbom`, `vuln`, `vex`, `advisory`, `export`, `orchestrator`) with `--explain`, deterministic outputs, and parity matrix entries. | — | CLCI0106 | | CLI-PARITY-41-002 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `notify`, `aoc`, `auth` command groups, idempotency keys, shell completions, config docs, and parity matrix export tooling. Dependencies: CLI-PARITY-41-001. | — | CLCI0106 | | CLI-POLICY-20-001 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add `stella policy new | PLPE0101 completion | CLCI0106 | | CLI-POLICY-23-004 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add `stella policy lint` command validating SPL files with compiler diagnostics; support JSON output. Dependencies: CLI-POLICY-20-001. | PLPE0102 readiness | CLCI0106 | | CLI-POLICY-23-006 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Provide `stella policy history` and `stella policy explain` commands to pull run history and explanation trees. Dependencies: CLI-POLICY-23-005. | — | CLCI0106 | | CLI-POLICY-27-001 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement policy workspace commands (`stella policy init`, `edit`, `lint`, `compile`, `test`) with template selection, local cache, JSON output, and deterministic temp directories. Dependencies: CLI-POLICY-23-006. | Ledger API exposure | CLCI0106 | | CLI-POLICY-27-002 | TODO | | SPRINT_204_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add submission/review workflow commands (`stella policy version bump`, `submit`, `review comment`, `approve`, `reject`) supporting reviewer assignment, changelog capture, and exit codes. Dependencies: CLI-POLICY-27-001. | CLI-POLICY-27-001 | CLCI0106 | | CLI-POLICY-27-003 | TODO | | SPRINT_204_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella policy simulate` enhancements (quick vs batch, SBOM selectors, heatmap summary, manifest download) with `--json` and Markdown report output for CI. Dependencies: CLI-POLICY-27-002. | CLI-POLICY-27-002 | CLCI0106 | | CLI-POLICY-27-004 | TODO | | SPRINT_204_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add lifecycle commands for publish/promote/rollback/sign (`stella policy publish --sign`, `promote --env`, `rollback`) with attestation verification and canary arguments. Dependencies: CLI-POLICY-27-003. | CLI-POLICY-27-003 | CLCI0106 | | CLI-POLICY-27-005 | TODO | | SPRINT_204_cli_iv | DevEx/CLI Guild · Docs Guild | src/Cli/StellaOps.Cli | Update CLI reference and samples for Policy Studio including JSON schemas, exit codes, and CI snippets. Dependencies: CLI-POLICY-27-004. | CLI-POLICY-27-004 | CLCI0106 | | CLI-POLICY-27-006 | TODO | | SPRINT_204_cli_iv | CLI Guild · Policy Guild | src/Cli/StellaOps.Cli | Update CLI policy profiles/help text to request the new Policy Studio scope family, surface ProblemDetails guidance for `invalid_scope`, and adjust regression tests for scope failures. Dependencies: CLI-POLICY-27-005. | Depends on #2 | CLCI0109 | | CLI-PROMO-70-001 | TODO | | SPRINT_202_cli_ii | DevEx/CLI Guild · Provenance Guild | src/Cli/StellaOps.Cli | Add `stella promotion assemble` command that resolves image digests, hashes SBOM/VEX artifacts, fetches Rekor proofs from Attestor, and emits the `stella.ops/promotion@v1` JSON payload (see `docs/release/promotion-attestations.md`). | Mirror attestation inputs | CLCI0108 | | CLI-PROMO-70-002 | TODO | | SPRINT_203_cli_iii | CLI Guild · Marketing Guild | src/Cli/StellaOps.Cli | Implement `stella promotion attest` / `promotion verify` commands that sign the promotion payload via Signer, retrieve DSSE bundles from Attestor, and perform offline verification against trusted checkpoints (`docs/release/promotion-attestations.md`). Dependencies: CLI-PROMO-70-001. | Needs revised DSSE plan | CLCI0109 | | CLI-REPLAY-187-002 | TODO | | SPRINT_160_export_evidence | CLI Guild · Replay Guild | `src/Cli/StellaOps.Cli` | CLI Guild · `docs/modules/cli/architecture.md` | Requires RBRE0101 recorder schema | CLCI0109 | | CLI-RISK-66-001 | TODO | | SPRINT_204_cli_iv | DevEx/CLI Guild · Policy Guild | src/Cli/StellaOps.Cli | Implement `stella risk profile list | Ledger scores ready | CLCI0108 | | CLI-RISK-66-002 | TODO | | SPRINT_204_cli_iv | DevEx/CLI Guild · Risk Engine Guild | src/Cli/StellaOps.Cli | Ship `stella risk simulate` supporting SBOM/asset inputs, diff mode, and export to JSON/CSV. Dependencies: CLI-RISK-66-001. | CLI-RISK-66-001 | CLCI0108 | | CLI-RISK-67-001 | TODO | | SPRINT_204_cli_iv | DevEx/CLI Guild · Findings Ledger Guild | src/Cli/StellaOps.Cli | Provide `stella risk results` with filtering, severity thresholds, explainability fetch. Dependencies: CLI-RISK-66-002. | CLI-RISK-66-002 | CLCI0108 | | CLI-RISK-68-001 | TODO | | SPRINT_204_cli_iv | DevEx/CLI Guild · Export Guild | src/Cli/StellaOps.Cli | Add `stella risk bundle verify` and integrate with offline risk bundles. Dependencies: CLI-RISK-67-001. | CLI-RISK-67-001 | CLCI0108 | | CLI-SBOM-60-001 | TODO | | SPRINT_203_cli_iii | CLI Guild · Scanner Guild | src/Cli/StellaOps.Cli | Ship `stella sbomer layer`/`compose` verbs that capture per-layer fragments, run canonicalization, verify fragment DSSE, and emit `_composition.json` + Merkle diagnostics (ref `docs/modules/scanner/deterministic-sbom-compose.md`). Dependencies: CLI-PARITY-41-001, SCANNER-SURFACE-04. | Wait for CASC0101 manifest | CLSB0101 | | CLI-SBOM-60-002 | TODO | | SPRINT_203_cli_iii | CLI Guild | src/Cli/StellaOps.Cli | Add `stella sbomer drift --explain` + `verify` commands that rerun composition locally, highlight which arrays/keys broke determinism, and integrate with Offline Kit bundles. Dependencies: CLI-SBOM-60-001. | Depends on #1 | CLSB0101 | | CLI-SDK-62-001 | TODO | | SPRINT_204_cli_iv | CLI Guild · SDK Guild | src/Cli/StellaOps.Cli | Replace bespoke HTTP clients with official SDK (TS/Go) for all CLI commands; ensure modular transport for air-gapped mode. | Align with SDK generator sprint | CLSB0101 | | CLI-SDK-62-002 | TODO | | SPRINT_204_cli_iv | CLI Guild | src/Cli/StellaOps.Cli | Update CLI error handling to surface standardized API error envelope with `error.code` and `trace_id`. Dependencies: CLI-SDK-62-001. | Depends on #3 | CLSB0101 | | CLI-SDK-63-001 | TODO | | SPRINT_204_cli_iv | CLI Guild | src/Cli/StellaOps.Cli | Expose `stella api spec download` command retrieving aggregate OAS and verifying checksum/ETag. Dependencies: CLI-SDK-62-002. | Needs CAS graph (CASC0101) | CLSB0101 | | CLI-SDK-64-001 | TODO | | SPRINT_204_cli_iv | CLI Guild | src/Cli/StellaOps.Cli | Add CLI subcommand `stella sdk update` to fetch latest SDK manifests/changelogs; integrate with Notifications for deprecations. Dependencies: CLI-SDK-63-001. | Depends on #5 | CLSB0101 | | CLI-SIG-26-001 | TODO | | SPRINT_204_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella reachability upload-callgraph` and `stella reachability list/explain` commands with streaming upload, pagination, and exit codes. | ATEL0101 signing plan | CLCI0108 | | CLI-SIG-26-002 | TODO | | SPRINT_204_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Extend `stella policy simulate` with reachability override flags (`--reachability-state`, `--reachability-score`). Dependencies: CLI-SIG-26-001. | CLI-SIG-26-001 | CLCI0108 | | CLI-TEN-47-001 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella login`, `whoami`, `tenants list`, persistent profiles, secure token storage, and `--tenant` override with validation. | — | CLCI0108 | | CLI-TEN-49-001 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add service account token minting, delegation (`stella token delegate`), impersonation banner, and audit-friendly logging. Dependencies: CLI-TEN-47-001. | CLI-TEN-47-001 | CLCI0108 | | CLI-VEX-30-001 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella vex consensus list` with filters, paging, policy selection, `--json/--csv`. | PLVL0102 completion | CLCI0107 | | CLI-VEX-30-002 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella vex consensus show` displaying quorum, evidence, rationale, signature status. Dependencies: CLI-VEX-30-001. | CLI-VEX-30-001 | CLCI0107 | | CLI-VEX-30-003 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella vex simulate` for trust/threshold overrides with JSON diff output. Dependencies: CLI-VEX-30-002. | CLI-VEX-30-002 | CLCI0107 | | CLI-VEX-30-004 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella vex export` for consensus NDJSON bundles with signature verification helper. Dependencies: CLI-VEX-30-003. | CLI-VEX-30-003 | CLCI0107 | | CLI-VEX-401-011 | TODO | | SPRINT_401_reachability_evidence_chain | CLI Guild | `src/Cli/StellaOps.Cli`, `docs/modules/cli/architecture.md`, `docs/benchmarks/vex-evidence-playbook.md` | Add `stella decision export | Reachability API exposure | CLCI0107 | | CLI-VULN-29-001 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella vuln list` with grouping, paging, filters, `--json/--csv`, and policy selection. | — | CLCI0107 | | CLI-VULN-29-002 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella vuln show` displaying evidence, policy rationale, paths, ledger summary; support `--json` for automation. Dependencies: CLI-VULN-29-001. | CLI-VULN-29-001 | CLCI0107 | | CLI-VULN-29-003 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add workflow commands (`assign`, `comment`, `accept-risk`, `verify-fix`, `target-fix`, `reopen`) with filter selection (`--filter`) and idempotent retries. Dependencies: CLI-VULN-29-002. | CLI-VULN-29-002 | CLCI0107 | | CLI-VULN-29-004 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella vuln simulate` producing delta summaries and optional Markdown report for CI. Dependencies: CLI-VULN-29-003. | CLI-VULN-29-003 | CLCI0107 | | CLI-VULN-29-005 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add `stella vuln export` and `stella vuln bundle verify` commands to trigger/download evidence bundles and verify signatures. Dependencies: CLI-VULN-29-004. | CLI-VULN-29-004 | CLCI0107 | | CLI-VULN-29-006 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild · Docs Guild | src/Cli/StellaOps.Cli | Update CLI docs/examples for Vulnerability Explorer with compliance checklist and CI snippets. Dependencies: CLI-VULN-29-005. | CLI-VULN-29-005 | CLCI0108 | | CLIENT-401-012 | TODO | | SPRINT_401_reachability_evidence_chain | Symbols Guild | `src/Symbols/StellaOps.Symbols.Client`, `src/Scanner/StellaOps.Scanner.Symbolizer` | Align with symbolizer regression fixtures | Align with symbolizer regression fixtures | RBSY0101 | | COMPOSE-44-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild · DevEx Guild | ops/deployment | Author `docker-compose.yml`, `.env.example`, and `quickstart.sh` with all core services + dependencies (postgres, redis, object-store, queue, otel). | Align with DVDO0103 env profiles | DVCP0101 | | COMPOSE-44-002 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild | ops/deployment | Implement `backup.sh` and `reset.sh` scripts with safety prompts and documentation. Dependencies: COMPOSE-44-001. | Depends on #1 | DVCP0101 | | COMPOSE-44-003 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild | ops/deployment | Package seed data container and onboarding wizard toggle (`QUICKSTART_MODE`), ensuring default creds randomized on first run. Dependencies: COMPOSE-44-002. | Needs RBRE0101 provenance | DVCP0101 | | CONCELIER-AIAI-31-002 | DOING | | SPRINT_110_ingestion_evidence | Concelier Core · Concelier WebService Guilds | | Structured field/caching implementation gated on schema approval. | CONCELIER-GRAPH-21-001; CARTO-GRAPH-21-002 | DOAI0101 | | CONCELIER-AIAI-31-003 | DONE | 2025-11-12 | SPRINT_110_ingestion_evidence | Docs Guild · Concelier Observability Guild | docs/modules/concelier/observability.md | Telemetry counters/histograms live for Advisory AI dashboards. | Summarize telemetry evidence | DOCO0101 | | CONCELIER-AIRGAP-56-001 | TODO | | SPRINT_112_concelier_i | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Implement read paths for Offline Kit bundles, persist `bundleId`, `merkleRoot`, and maintain append-only ledger comparisons. | Wait for ATLN0102 decision log | AGCN0101 | | CONCELIER-AIRGAP-56-001..58-001 | TODO | | SPRINT_110_ingestion_evidence | Concelier Core Guild · Evidence Locker Guild | | Air-gap bundles waiting on stable schema + attestation payloads. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ELOCKER-CONTRACT-2001 | AGCN0101 | | CONCELIER-AIRGAP-56-002 | TODO | | SPRINT_112_concelier_i | Concelier Core Guild · AirGap Importer Guild | | Every observation/linkset stores `{bundleId, merkleRoot, observationPath}` so exported evidence can cite provenance exactly once; depends on 56-001. | Requires #2 for CAS alignment | AGCN0101 | | CONCELIER-AIRGAP-57-001 | TODO | | SPRINT_112_concelier_i | Concelier Core Guild · AirGap Policy Guild | | Feature flag + policy that rejects non-mirror connectors with actionable diagnostics; depends on 56-001. | — | ATLN0102 | | CONCELIER-AIRGAP-57-002 | TODO | | SPRINT_112_concelier_i | Concelier Core Guild · AirGap Time Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Compute `fetchedAt/publishedAt/clockSource` deltas per bundle and expose via observation APIs without mutating evidence; depends on 56-002. | Wait for AIRGAP-TIME-CONTRACT-1501 | CCAN0101 | | CONCELIER-AIRGAP-58-001 | TODO | | SPRINT_112_concelier_i | Concelier Core Guild · Evidence Locker Guild | | Package advisory observations/linksets + provenance notes (document id + observationPath) into timeline-bound portable bundles with verifier instructions; depends on 57-002. | — | ATLN0102 | | CONCELIER-ATTEST-73-001 | TODO | | SPRINT_110_ingestion_evidence | Concelier Core · Evidence Locker Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Attestation metadata wiring follows structured caching. | CONCELIER-AIAI-31-002; ELOCKER-CONTRACT-2001 | CCAN0101 | | CONCELIER-ATTEST-73-002 | TODO | | SPRINT_110_ingestion_evidence | Concelier Core · Evidence Locker Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Depends on #2 | CONCELIER-AIAI-31-002; ELOCKER-CONTRACT-2001 | CCAN0101 | | CONCELIER-CONSOLE-23-001 | TODO | | SPRINT_112_concelier_i | Concelier WebService Guild · BE-Base Platform Guild | | `/console/advisories` returns grouped linksets with per-source severity/status chips plus `{documentId, observationPath}` provenance references (matching GHSA + Red Hat CVE browser expectations); depends on CONCELIER-LNM-21-201/202. | — | ATLN0102 | | CONCELIER-CONSOLE-23-001..003 | TODO | | SPRINT_110_ingestion_evidence | Concelier Console Guild | src/Concelier/StellaOps.Concelier.WebService | Console overlays blocked until schema signed off. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002 | CCLN0102 | | CONCELIER-CONSOLE-23-002 | TODO | | SPRINT_112_concelier_i | Concelier WebService Guild | | Deterministic “new/modified/conflicting” sets referencing linkset IDs and field paths rather than computed verdicts; depends on 23-001. | — | ATLN0102 | | CONCELIER-CONSOLE-23-003 | TODO | | SPRINT_112_concelier_i | Concelier WebService Guild | | CVE/GHSA/PURL lookups return observation excerpts, provenance anchors, and cache hints so tenants can preview evidence safely; reuse structured field taxonomy from Workstream A. | — | ATLN0102 | | CONCELIER-CORE-AOC-19-013 | TODO | | SPRINT_112_concelier_i | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Expand smoke/e2e suites so Authority tokens + tenant headers are mandatory for ingest/read paths (including the new provenance endpoint). Must assert no merge-side effects and that provenance anchors always round-trip. | Must reference AOC guardrails from docs | AGCN0101 | | CONCELIER-DOCS-0001 | DONE | 2025-11-05 | SPRINT_317_docs_modules_concelier | Docs Guild | docs/modules/concelier | Validate that `docs/modules/concelier/README.md` reflects the latest release notes and aggregation toggles. | Reference (baseline) | CCDO0101 | | CONCELIER-ENG-0001 | TODO | | SPRINT_317_docs_modules_concelier | Module Team · Concelier Guild | docs/modules/concelier | Cross-check implementation plan milestones against `/docs/implplan/SPRINT_*.md` and update module readiness checkpoints. | Wait for CCPR0101 validation | CCDO0101 | | CONCELIER-GRAPH-21-001 | BLOCKED | 2025-10-27 | SPRINT_113_concelier_ii | Concelier Core · Cartographer Guilds | src/Concelier/__Libraries/StellaOps.Concelier.Core | Extend SBOM normalization so every relationship (depends_on, contains, provides) and scope tag is captured as raw observation metadata with provenance pointers; Cartographer can then join SBOM + advisory facts without Concelier inferring impact. | Waiting on Cartographer schema (052_CAGR0101) | AGCN0101 | | CONCELIER-GRAPH-21-002 | BLOCKED | 2025-10-27 | SPRINT_113_concelier_ii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Publish `sbom.observation.updated` events whenever new SBOM versions arrive, including tenant/context metadata and advisory references—never send judgments, only facts. Depends on CONCELIER-GRAPH-21-001. | Depends on #5 outputs | AGCN0101 | | CONCELIER-GRAPH-24-101 | TODO | | SPRINT_113_concelier_ii | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Provide `/advisories/summary` responses that bundle observation/linkset metadata (aliases, confidence, conflicts) for graph overlays while keeping upstream values intact. Depends on CONCELIER-GRAPH-21-002. | Wait for CAGR0101 + storage migrations | CCGH0101 | | CONCELIER-GRAPH-28-102 | TODO | | SPRINT_113_concelier_ii | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Add batch fetch endpoints keyed by component sets so graph tooltips can pull raw observations/linksets efficiently; include provenance + timestamps but no derived severity. Depends on CONCELIER-GRAPH-24-101. | Depends on #1 | CCGH0101 | | CONCELIER-LNM-21-001 | TODO | | SPRINT_113_concelier_ii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Define the immutable `advisory_observations` model (per-source fields, version ranges, severity text, provenance metadata, tenant guards) so every ingestion path records raw statements without merge artifacts. | Needs Link-Not-Merge approval (005_ATLN0101) | AGCN0101 | | CONCELIER-LNM-21-002 | TODO | | SPRINT_113_concelier_ii | Concelier Core Guild · Data Science Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Implement correlation pipelines (alias graph, purl overlap, CVSS vector compare) that output linksets with confidence scores + conflict markers, never collapsing conflicting facts into single values. Depends on CONCELIER-LNM-21-001. | Depends on #7 for precedence rules | AGCN0101 | | CONCELIER-LNM-21-003 | TODO | | SPRINT_113_concelier_ii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Record disagreements (severity, CVSS, references) on linksets as structured conflict entries so consumers can reason about divergence without Concelier resolving it. Depends on CONCELIER-LNM-21-002. | Requires #8 heuristics | AGCN0101 | | CONCELIER-LNM-21-004 | TODO | | SPRINT_113_concelier_ii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Delete legacy merge/dedup logic, add guardrails/tests to keep ingestion append-only, and document how linksets supersede the old merge outputs. Depends on CONCELIER-LNM-21-003. | Depends on #9 | AGCN0101 | | CONCELIER-LNM-21-005 | TODO | | SPRINT_113_concelier_ii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Emit `advisory.linkset.updated` events containing delta descriptions + observation ids so downstream evaluators can subscribe deterministically. Depends on CONCELIER-LNM-21-004. | Requires CCLN0101 store changes | CCCO0101 | | CONCELIER-LNM-21-101 | TODO | | SPRINT_113_concelier_ii | Concelier Storage Guild | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | Provision the Mongo collections (`advisory_observations`, `advisory_linksets`) with hashed shard keys, tenant indexes, and TTL for ingest metadata to support Link-Not-Merge at scale. Depends on CONCELIER-LNM-21-005. | Wait for schema freeze | CCLN0101 | | CONCELIER-LNM-21-102 | TODO | | SPRINT_113_concelier_ii | Concelier Storage Guild · DevOps Guild | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | Backfill legacy merged advisories into the new observation/linkset collections, seed tombstones for deprecated docs, and provide rollback tooling for Offline Kit operators. Depends on CONCELIER-LNM-21-101. | Depends on #1 | CCLN0101 | | CONCELIER-LNM-21-103 | TODO | | SPRINT_113_concelier_ii | Concelier Storage Guild (src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo) | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | Move large raw payloads to object storage with deterministic pointers, update bootstrapper/offline kit seeds, and guarantee provenance metadata remains intact. Depends on CONCELIER-LNM-21-102. | — | ATLN0101 | | CONCELIER-LNM-21-201 | TODO | | SPRINT_113_concelier_ii | Concelier WebService Guild · Platform Guild | src/Concelier/StellaOps.Concelier.WebService | Add `/advisories/observations` with filters for alias/purl/source plus strict tenant scopes; responses must only echo upstream values + provenance fields. Depends on CONCELIER-LNM-21-103. | Wait for storage sprint (CCLN0101) | CCLN0102 | | CONCELIER-LNM-21-202 | TODO | | SPRINT_113_concelier_ii | Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | Implement `/advisories/linksets`/`export`/`evidence` endpoints surfacing correlation + conflict payloads and `ERR_AGG_*` error mapping, never exposing synthesis/merge results. Depends on CONCELIER-LNM-21-201. | — | ATLN0101 | | CONCELIER-LNM-21-203 | TODO | | SPRINT_113_concelier_ii | Concelier WebService Guild, Platform Events Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | Publish idempotent NATS/Redis events for new observations/linksets with schemas documented for downstream consumers; include tenant + provenance references only. Depends on CONCELIER-LNM-21-202. | — | ATLN0101 | | CONCELIER-OAS-61-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core + API Contracts Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Update the OpenAPI spec so every observation/linkset/timeline endpoint documents provenance fields, tenant scopes, and AOC guarantees (no consensus fields), giving downstream SDKs unambiguous contracts. | Wait for CCPR0101 policy updates | CCOA0101 | | CONCELIER-OAS-61-002 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Provide realistic examples (conflict linksets, multi-source severity, timeline snippets) showing how raw advisories are surfaced without merges; wire them into docs/SDKs. Depends on CONCELIER-OAS-61-001. | Depends on #1 | CCOA0101 | | CONCELIER-OAS-62-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core + SDK Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Add SDK scenarios covering advisory search, pagination, and conflict handling to ensure each language client preserves provenance fields and does not infer verdicts. Depends on CONCELIER-OAS-61-002. | Needs SDK requirements from CLSB0101 | CCOA0101 | | CONCELIER-OBS-51-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild · DevOps Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Emit ingestion latency, queue depth, and AOC violation metrics with burn-rate alerts so we can prove the evidence pipeline remains healthy without resorting to heuristics. | Wait for 046_TLTY0101 metric schema drop | CNOB0101 | | CONCELIER-OBS-52-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Produce timeline records for ingest/normalization/linkset updates containing trace IDs, conflict summaries, and evidence hashes—pure facts for downstream replay. Depends on CONCELIER-OBS-51-001. | Needs #1 merged to reuse structured logging helpers | CNOB0101 | | CONCELIER-OBS-53-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild · Evidence Locker Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Generate evidence locker bundles (raw doc, normalization diff, linkset) with Merkle manifests so audits can replay advisory history without touching live Mongo. Depends on CONCELIER-OBS-52-001. | Requires Evidence Locker contract from 002_ATEL0101 | CNOB0101 | | CONCELIER-OBS-54-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild · Provenance Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Attach DSSE attestations to advisory batches, expose verification APIs, and link attestation IDs into timeline + ledger for transparency. Depends on CONCELIER-OBS-53-001. | Blocked by Link-Not-Merge schema finalization (005_ATLN0101) | CNOB0101 | | CONCELIER-OBS-55-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild · DevOps Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Implement incident-mode levers (extra sampling, retention overrides, redaction guards) that collect more raw evidence without mutating advisory content. Depends on CONCELIER-OBS-54-001. | Depends on #4 for consistent dimensions | CNOB0101 | | CONCELIER-OPS-0001 | TODO | | SPRINT_317_docs_modules_concelier | Ops Guild | docs/modules/concelier | Review runbooks/observability assets after the next sprint demo and capture findings inline with sprint notes. | Depends on #2 | CCDO0101 | | CONCELIER-ORCH-32-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Register every advisory connector with the orchestrator (metadata, auth scopes, rate policies) so ingest scheduling is transparent and reproducible. | Wait for CCAN0101 outputs | CCCO0101 | | CONCELIER-ORCH-32-002 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Adopt the orchestrator worker SDK in ingestion loops, emitting heartbeats/progress/artifact hashes to guarantee deterministic replays. Depends on CONCELIER-ORCH-32-001. | Depends on #1 | CCCO0101 | | CONCELIER-ORCH-33-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Honor orchestrator pause/throttle/retry controls with structured error outputs and persisted checkpoints so operators can intervene without losing evidence. Depends on CONCELIER-ORCH-32-002. | Needs ORTR0102 cues | CCCO0101 | | CONCELIER-ORCH-34-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Execute orchestrator-driven backfills that reuse artifact hashes/signatures, log provenance, and push run metadata to the ledger for audits. Depends on CONCELIER-ORCH-33-001. | Depends on #3 | CCCO0101 | | CONCELIER-POLICY-20-001 | TODO | | SPRINT_114_concelier_iii | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Provide batch advisory lookup APIs for Policy Engine (purl/advisory filters, tenant scopes, explain metadata) so policy can join raw evidence without Concelier suggesting outcomes. | Wait for storage sprint | CCPR0101 | | CONCELIER-POLICY-20-002 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild · Policy Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Expand linkset builders with vendor-specific equivalence tables, NEVRA/PURL normalization, and version-range parsing so policy joins become more accurate without Concelier prioritizing sources. Depends on CONCELIER-POLICY-20-001. | Depends on #1 | CCPR0101 | | CONCELIER-POLICY-20-003 | TODO | | SPRINT_115_concelier_iv | Concelier Storage Guild | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | Introduce advisory selection cursors + change-stream checkpoints that let Policy Engine process deltas deterministically; include offline migration scripts. Depends on CONCELIER-POLICY-20-002. | Depends on #2 | CCPR0101 | | CONCELIER-POLICY-23-001 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Add secondary indexes/materialized views (alias, provider severity, correlation confidence) so policy lookups stay fast without caching derived verdicts; document the supported query patterns. Depends on CONCELIER-POLICY-20-003. | Needs RISK series seeds | CCPR0101 | | CONCELIER-POLICY-23-002 | TODO | | SPRINT_115_concelier_iv | Concelier WebService Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Ensure `advisory.linkset.updated` events ship with idempotent IDs, confidence summaries, and tenant metadata so policy consumers can replay evidence feeds safely. Depends on CONCELIER-POLICY-23-001. | Depends on #4 | CCPR0101 | | CONCELIER-RISK-66-001 | TODO | | SPRINT_115_concelier_iv | Concelier Core · Risk Engine Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Surface vendor-provided CVSS/KEV/fix data exactly as published (with provenance anchors) through provider APIs so risk engines can reason about upstream intent. | Align risk feed with CCCS/CERTBUND | CCPR0101 | | CONCELIER-RISK-66-002 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Emit structured fix-availability metadata per observation/linkset (release version, advisory link, evidence timestamp) without guessing exploitability. Depends on CONCELIER-RISK-66-001. | Depends on #6 | CCPR0101 | | CONCELIER-RISK-67-001 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Publish per-source coverage/conflict metrics (counts, disagreements) so explainers can cite which upstream statements exist; no weighting is applied inside Concelier. Depends on CONCELIER-RISK-66-001. | Needs risk taxonomy agreement | CCPR0101 | | CONCELIER-RISK-68-001 | TODO | | SPRINT_115_concelier_iv | Concelier Core + Policy Studio Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Wire advisory signal pickers into Policy Studio so curators can select which raw advisory fields feed policy gating; validation must confirm fields are provenance-backed. Depends on POLICY-RISK-68-001. | Depends on #8 | CCPR0101 | | CONCELIER-RISK-69-001 | TODO | | SPRINT_115_concelier_iv | Concelier Core + Notifications Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Emit notifications when upstream advisory fields change (e.g., fix available) with observation IDs + provenance so Notifications service can alert without inferring severity. Depends on CONCELIER-RISK-66-002. | Needs Notifications contract | CCPR0101 | | CONCELIER-SIG-26-001 | TODO | | SPRINT_115_concelier_iv | Concelier Core + Signals Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Expose upstream-provided affected symbol/function lists via APIs to help reachability scoring; maintain provenance and do not infer exploitability. Depends on SIGNALS-24-002. | Needs SGSI0101 runtime feed | CCCO0101 | | CONCELIER-STORE-AOC-19-005 | TODO | 2025-11-04 | SPRINT_115_concelier_iv | Concelier Storage Guild · DevOps Guild | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | Execute the raw-linkset backfill/rollback plan (`docs/dev/raw-linkset-backfill-plan.md`) so Mongo + Offline Kit bundles reflect Link-Not-Merge data; rehearse rollback. Depends on CONCELIER-CORE-AOC-19-004. | Wait for CCLN0101 approval | CCSM0101 | | CONCELIER-TEN-48-001 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Enforce tenant scoping throughout normalization/linking, expose capability endpoint advertising `merge=false`, and ensure events include tenant IDs. Depends on AUTH-TEN-47-001. | Depends on #5/#6 | CCCO0101 | | CONCELIER-VEXLENS-30-001 | TODO | | SPRINT_115_concelier_iv | Concelier WebService Guild · VEX Lens Guild | src/Concelier/StellaOps.Concelier.WebService | Guarantee advisory key consistency and cross-links consumed by VEX Lens so consensus explanations can cite Concelier evidence without requesting merges. Depends on CONCELIER-VULN-29-001, VEXLENS-30-005. | — | PLVL0103 | | CONCELIER-VULN-29-004 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild · Observability Guild | src/Concelier/StellaOps.Concelier.WebService | Instrument observation/linkset pipelines with metrics for identifier collisions, withdrawn statements, and chunk latencies; stream them to Vuln Explorer without altering evidence payloads. Depends on CONCELIER-VULN-29-001. | Requires CCPR0101 risk feed | CCWO0101 | | CONCELIER-WEB-AIRGAP-56-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild · AirGap Policy Guild | src/Concelier/StellaOps.Concelier.WebService | Extend ingestion endpoints to register mirror bundle sources, expose bundle catalogs, and enforce sealed-mode by blocking direct internet feeds. | Wait for AGCN0101 proof | CCAW0101 | | CONCELIER-WEB-AIRGAP-56-002 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild · AirGap Importer Guild | src/Concelier/StellaOps.Concelier.WebService | Add staleness + bundle provenance metadata to `/advisories/observations` and `/advisories/linksets` so operators can see freshness without Excitior deriving outcomes. Depends on CONCELIER-WEB-AIRGAP-56-001. | Depends on #1 | CCAW0101 | | CONCELIER-WEB-AIRGAP-57-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Map sealed-mode violations to consistent `AIRGAP_EGRESS_BLOCKED` payloads that explain how to remediate, leaving advisory content untouched. Depends on CONCELIER-WEB-AIRGAP-56-002. | Needs CCAN0101 time beacons | CCAW0101 | | CONCELIER-WEB-AIRGAP-58-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild · Evidence Locker Guild | src/Concelier/StellaOps.Concelier.WebService | Emit timeline events for bundle imports (bundle ID, scope, actor) so audit trails capture every evidence change. Depends on CONCELIER-WEB-AIRGAP-57-001. | Depends on #3 | CCAW0101 | | CONCELIER-WEB-AOC-19-003 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Add unit tests for schema validators, forbidden-field guards (`ERR_AOC_001/2/6/7`), and supersedes chains to keep ingestion append-only. Depends on CONCELIER-WEB-AOC-19-002. | Wait for CCSM0101 migration | CCAO0101 | | CONCELIER-WEB-AOC-19-004 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Create integration tests that ingest large advisory batches (cold/warm), verify reproducible linksets, and record metrics/fixtures for Offline Kit rehearsals. Depends on CONCELIER-WEB-AOC-19-003. | Depends on #1 | CCAO0101 | | CONCELIER-WEB-AOC-19-005 | TODO | 2025-11-08 | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Fix `/advisories/{key}/chunks` test data so pre-seeded raw docs resolve correctly; ensure Mongo migrations stop logging “Unable to locate advisory_raw documents” during tests. Depends on CONCELIER-WEB-AOC-19-002. | Needs CCPR0101 verdict feed | CCAO0101 | | CONCELIER-WEB-AOC-19-006 | TODO | 2025-11-08 | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Align default auth/tenant configs with the test fixtures so allowlisted tenants can ingest before forbidden tenants are rejected, closing the gap in `AdvisoryIngestEndpoint_RejectsTenantOutsideAllowlist`. Depends on CONCELIER-WEB-AOC-19-002. | Depends on #3 | CCAO0101 | | CONCELIER-WEB-AOC-19-007 | TODO | 2025-11-08 | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Update AOC verify logic so guard failures emit `ERR_AOC_001` (not `_004`) and keep mapper/guard parity covered by regression tests. Depends on CONCELIER-WEB-AOC-19-002. | Depends on #4 | CCAO0101 | | CONCELIER-WEB-OAS-61-002 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Ensure every API returns the standardized error envelope and update controllers/tests accordingly (prereq for SDK/doc alignment). | Wait for CCOA0101 spec | CCWO0101 | | CONCELIER-WEB-OAS-62-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Publish curated examples for observations/linksets/conflicts and wire them into the developer portal. Depends on CONCELIER-WEB-OAS-61-002. | Depends on #1 | CCWO0101 | | CONCELIER-WEB-OAS-63-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild · API Governance Guild | src/Concelier/StellaOps.Concelier.WebService | Emit deprecation headers + notifications for retiring endpoints, steering clients toward Link-Not-Merge APIs. Depends on CONCELIER-WEB-OAS-62-001. | Needs governance approval | CCWO0101 | | CONCELIER-WEB-OBS-51-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Add `/obs/concelier/health` surfaces for ingest health, queue depth, and SLO status so Console widgets can display real-time evidence pipeline stats. Depends on CONCELIER-WEB-OBS-50-001. | Need telemetry schema baseline from 046_TLTY0101 | CNOB0102 | | CONCELIER-WEB-OBS-52-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Provide SSE stream `/obs/concelier/timeline` with paging tokens, guardrails, and audit logging so operators can monitor evidence changes live. Depends on CONCELIER-WEB-OBS-51-001. | Requires #1 merged so we reuse correlation IDs | CNOB0102 | | CONCELIER-WEB-OBS-53-001 | TODO | | SPRINT_117_concelier_vi | Concelier WebService Guild · Evidence Locker Guild | src/Concelier/StellaOps.Concelier.WebService | Add `/evidence/advisories/*` routes that proxy evidence locker snapshots, verify `evidence:read` scopes, and return signed manifest metadata—no shortcut paths into raw storage. Depends on CONCELIER-WEB-OBS-52-001. | Blocked on Evidence Locker DSSE feed (002_ATEL0101) | CNOB0102 | | CONCELIER-WEB-OBS-54-001 | TODO | | SPRINT_117_concelier_vi | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Provide `/attestations/advisories/*` endpoints surfacing DSSE status, verification summary, and provenance chain so CLI/Console can audit trust without hitting databases. Depends on CONCELIER-WEB-OBS-53-001. | Depends on Link-Not-Merge schema (005_ATLN0101) | CNOB0102 | | CONCELIER-WEB-OBS-55-001 | TODO | | SPRINT_117_concelier_vi | Concelier WebService Guild · DevOps Guild | src/Concelier/StellaOps.Concelier.WebService | Implement incident-mode APIs that coordinate ingest, locker, and orchestrator, capturing activation events + cooldown semantics but leaving evidence untouched. Depends on CONCELIER-WEB-OBS-54-001. | Needs #4 to finalize labels | CNOB0102 | | CONN-SUSE-01-003 | Team Excititor Connectors – SUSE | | SPRINT_120_excititor_ii | Connector Guild (SUSE) | src/Excititor/__Libraries/StellaOps.Excititor.Connectors.SUSE.RancherVEXHub | EXCITITOR-CONN-SUSE-01-002; EXCITITOR-POLICY-01-001 | EXCITITOR-CONN-SUSE-01-002; EXCITITOR-POLICY-01-001 | EXCN0102 | | CONN-TRUST-01-001 | TODO | | SPRINT_110_ingestion_evidence | Excititor + AirGap Guilds | | CONCELIER-GRAPH-21-001/002; ATTEST-PLAN-2001 | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | EXCN0102 | | CONN-UBUNTU-01-003 | Team Excititor Connectors – Ubuntu | | SPRINT_120_excititor_ii | Connector Guild (Ubuntu) | src/Excititor/__Libraries/StellaOps.Excititor.Connectors.Ubuntu.CSAF | EXCITITOR-CONN-UBUNTU-01-002; EXCITITOR-POLICY-01-001 | EXCITITOR-CONN-UBUNTU-01-002; EXCITITOR-POLICY-01-001 | EXCN0102 | | CONSENSUS-LENS-DOCS-0001 | TODO | | SPRINT_332_docs_modules_vex_lens | Docs Guild | docs/modules/vex-lens | Wait for CCSL0101 panel demo | Wait for CCSL0101 panel demo | CCDL0101 | | CONSENSUS-LENS-DOCS-0002 | TODO | 2025-11-05 | SPRINT_332_docs_modules_vex_lens | Docs Guild | docs/modules/vex-lens | Depends on #1 | Depends on #1 | CCDL0101 | | CONSENSUS-LENS-ENG-0001 | TODO | | SPRINT_332_docs_modules_vex_lens | Module Team | docs/modules/vex-lens | Needs CCWO0101 schema | Needs CCWO0101 schema | CCDL0101 | | CONSENSUS-LENS-OPS-0001 | TODO | | SPRINT_332_docs_modules_vex-lens | Ops Guild | docs/modules/vex-lens | Depends on #3 | Depends on #3 | CCDL0101 | | CONSOLE-23-001 | TODO | | SPRINT_112_concelier_i | Console Guild | src/Console/StellaOps.Console | Wait for CCWO0101 schema | Wait for CCWO0101 schema | CCSL0101 | | CONSOLE-23-001..003 | TODO | | SPRINT_110_ingestion_evidence | Console Guild | src/Console/StellaOps.Console | Depends on #1 | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002 | CCSL0101 | | CONSOLE-23-002 | TODO | | SPRINT_112_concelier_i | Console Guild | src/Console/StellaOps.Console | Needs LNM graph (CCGH0101) | Needs LNM graph (CCGH0101) | CCSL0101 | | CONSOLE-23-003 | TODO | | SPRINT_112_concelier_i | Console Guild | src/Console/StellaOps.Console | Depends on #3 | Depends on #3 | CCSL0101 | | CONSOLE-23-004 | TODO | | SPRINT_212_web_i | Console Guild | src/Web/StellaOps.Web | Requires CCPR0101 verdicts | Requires CCPR0101 verdicts | CCSL0101 | | CONSOLE-23-005 | TODO | | SPRINT_212_web_i | Console Guild | src/Web/StellaOps.Web | Depends on #5 | Depends on #5 | CCSL0101 | | CONSOLE-OBS-52-001 | TODO | | SPRINT_303_docs_tasks_md_iii | Console Ops Guild | docs/modules/ui | Needs TLTY0101 metrics | Needs TLTY0101 metrics | CCSL0101 | | CONSOLE-OBS-52-002 | TODO | | SPRINT_303_docs_tasks_md_iii | Console Ops Guild | docs/modules/ui | Depends on #7 | Depends on #7 | CCSL0101 | | CONSOLE-VEX-30-001 | TODO | 2025-11-08 | SPRINT_212_web_i | Console Guild · VEX Lens Guild | src/Web/StellaOps.Web | Provide `/console/vex/*` APIs streaming VEX statements, justification summaries, and advisory links with SSE refresh hooks. Dependencies: WEB-CONSOLE-23-001, EXCITITOR-CONSOLE-23-001. | Needs VEX Lens spec (PLVL0103) | CCSL0101 | | CONSOLE-VULN-29-001 | TODO | 2025-11-08 | SPRINT_212_web_i | Console Guild | src/Web/StellaOps.Web | Build `/console/vuln/*` APIs and filters surfacing tenant-scoped findings with policy/VEX badges so Docs/UI teams can document workflows. Dependencies: WEB-CONSOLE-23-001, CONCELIER-GRAPH-21-001. | Depends on CCWO0101 | CCSL0101 | | CONTAINERS-44-001 | TODO | | SPRINT_212_web_i | BE-Base Platform Guild | src/Web/StellaOps.Web | Wait for DVCP0101 compose template | Wait for DVCP0101 compose template | COWB0101 | | CONTAINERS-45-001 | TODO | | SPRINT_212_web_i | BE-Base Platform Guild | src/Web/StellaOps.Web | Depends on #1 | Depends on #1 | COWB0101 | | CONTAINERS-46-001 | TODO | | SPRINT_212_web_i | BE-Base Platform Guild | src/Web/StellaOps.Web | Needs RBRE0101 hashes | Needs RBRE0101 hashes | COWB0101 | | CONTRIB-62-001 | TODO | | SPRINT_303_docs_tasks_md_iii | Docs Guild · API Governance Guild | docs/api | Wait for CCWO0101 spec finalization | Wait for CCWO0101 spec finalization | APID0101 | | CORE-185-001 | TODO | | SPRINT_185_shared_replay_primitives | Platform Guild | `src/__Libraries/StellaOps.Replay.Core` | Wait for SGSI0101 feed | Wait for SGSI0101 feed | RLRC0101 | | CORE-185-002 | TODO | | SPRINT_185_shared_replay_primitives | Platform Guild | src/__Libraries/StellaOps.Replay.Core | Depends on #1 | Depends on #1 | RLRC0101 | | CORE-185-003 | TODO | | SPRINT_185_shared_replay_primitives | Platform Data Guild | src/__Libraries/StellaOps.Replay.Core | Depends on #2 | Depends on #2 | RLRC0101 | | CORE-186-004 | TODO | | SPRINT_186_record_deterministic_execution | Signing Guild | `src/Signer/StellaOps.Signer`, `src/__Libraries/StellaOps.Cryptography` | Wait for RLRC0101 schema | Wait for RLRC0101 schema | SIGR0101 | | CORE-186-005 | TODO | | SPRINT_186_record_deterministic_execution | Signing Guild | `src/Signer/StellaOps.Signer.Core` | Depends on #1 | Depends on #1 | SIGR0101 | | CORE-41-001 | TODO | | SPRINT_202_cli_ii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Wait for CASC0101 manifest | Wait for CASC0101 manifest | CLCI0110 | | CORE-AOC-19-002 | TODO | | SPRINT_120_excititor_ii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Wait for ATLN schema freeze | Wait for ATLN schema freeze | EXAC0101 | | CORE-AOC-19-003 | TODO | | SPRINT_120_excititor_ii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Depends on #1 | Depends on #1 | EXAC0101 | | CORE-AOC-19-004 | TODO | | SPRINT_120_excititor_ii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Depends on #2 | Depends on #2 | EXAC0101 | | CORE-AOC-19-013 | TODO | | SPRINT_112_concelier_i | Concelier Core Guild + Excititor | src/Concelier/__Libraries/StellaOps.Concelier.Core | Needs CCAN0101 DSSE output | Needs CCAN0101 DSSE output | EXAC0101 | | CRT-56-001 | TODO | | SPRINT_110_ingestion_evidence | Mirror Creator Guild | | Wait for PGMI0101 owner | Wait for PGMI0101 owner | MRCR0101 | | CRT-56-002 | TODO | | SPRINT_110_ingestion_evidence | Mirror Creator · Security Guilds | | Depends on #1 | MIRROR-CRT-56-001; PROV-OBS-53-001 | MRCR0101 | | CRT-57-001 | TODO | | SPRINT_110_ingestion_evidence | Mirror Creator · AirGap Time Guild | | Needs AIRGAP-TIME-57-001 | MIRROR-CRT-56-001; AIRGAP-TIME-57-001 | MRCR0101 | | CRT-57-002 | TODO | | SPRINT_110_ingestion_evidence | Mirror Creator Guild | | Depends on #3 | MIRROR-CRT-56-001; AIRGAP-TIME-57-001 | MRCR0101 | | CRT-58-001 | TODO | | SPRINT_110_ingestion_evidence | Mirror Creator + Evidence Locker | | Requires Evidence Locker contract | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | MRCR0101 | | CRT-58-002 | TODO | | SPRINT_110_ingestion_evidence | Mirror Creator + Security Guild | | Depends on #5 | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | MRCR0101 | | CRYPTO-90-001 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | | | CRSA0101 | | CRYPTO-90-002 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | | | CRSA0101 | | CRYPTO-90-003 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | | | CRSA0101 | | CRYPTO-90-004 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | | | CRSA0101 | | CRYPTO-90-005 | DONE | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | | | CRSA0101 | | CRYPTO-90-006 | DONE | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | | | CRSA0101 | | CRYPTO-90-007 | DONE | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | | | CRSA0101 | | CRYPTO-90-008 | DONE | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | | | CRSA0101 | | CRYPTO-90-009 | DONE | 2025-11-09 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro) | src/__Libraries.StellaOps.Cryptography.Plugin.CryptoPro | | | CRSA0101 | | CRYPTO-90-010 | DONE | 2025-11-09 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography + .DependencyInjection) | src/__Libraries.StellaOps.Cryptography + .DependencyInjection | | | CRSA0101 | | CRYPTO-90-011 | DONE | 2025-11-09 | SPRINT_514_sovereign_crypto_enablement | Security & Ops Guilds (src/Tools/StellaOps.CryptoRu.Cli) | src/Tools/StellaOps.CryptoRu.Cli | | | CRSA0101 | | CRYPTO-90-012 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/__Tests/StellaOps.Cryptography.Tests) | src/__Libraries/__Tests.StellaOps.Cryptography.Tests | | | CRSA0101 | | CRYPTO-90-013 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries.StellaOps.Cryptography | | | CRSA0101 | | CRYPTO-90-014 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security + Service Guilds | | Wait for AUIN0101 sign-off | Wait for AUIN0101 sign-off | CRYO0101 | | CRYPTO-90-015 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security + Docs Guild | docs/security/rootpack_ru_*.md | Depends on #1 | Depends on #1 | CRYO0101 | | CRYPTO-90-016 | DONE | 2025-11-09 | SPRINT_514_sovereign_crypto_enablement | Security Guild | src/__Libraries/StellaOps.Cryptography.DependencyInjection + .Plugin.CryptoPro | Reference (artifact) | Reference (artifact) | CRYO0101 | | CRYPTO-90-017 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security Guild | third_party/forks + src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro | Needs fork sync | Needs fork sync | CRYO0101 | | CRYPTO-90-018 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security + Docs Guild | docs/security/rootpack_ru_*.md, docs/dev/crypto.md | Depends on #4 | Depends on #4 | CRYO0101 | | CRYPTO-90-019 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security Guild | third_party/forks/AlexMAS.GostCryptography | Needs fork validation | Needs fork validation | CRYO0101 | | CRYPTO-90-020 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security Guild | src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro | Depends on #6 | Depends on #6 | CRYO0101 | | CRYPTO-90-021 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security + QA Guilds | scripts/crypto/**, docs/security/rootpack_ru_validation.md | Depends on #7 | Depends on #7 | CRYO0101 | | CTL-56-001 | TODO | | SPRINT_510_airgap | AirGap Controller Guild | src/AirGap/StellaOps.AirGap.Controller | Wait for AGTM0101 schema | Wait for AGTM0101 schema | AGCT0102 | | CTL-56-002 | TODO | | SPRINT_510_airgap | Controller + DevOps Guilds | src/AirGap/StellaOps.AirGap.Controller | Depends on #1 | Depends on #1 | AGCT0102 | | CTL-57-001 | TODO | | SPRINT_510_airgap | Controller + Time Guild | src/AirGap/StellaOps.AirGap.Controller | Needs AGTM time anchors | Needs AGTM time anchors | AGCT0102 | | CTL-57-002 | TODO | | SPRINT_510_airgap | Controller + Observability Guild | src/AirGap/StellaOps.AirGap.Controller | Depends on #3 | Depends on #3 | AGCT0102 | | CTL-58-001 | TODO | | SPRINT_510_airgap | Controller + Evidence Locker Guild | src/AirGap/StellaOps.AirGap.Controller | Depends on #4 | Depends on #4 | AGCT0102 | | DEPLOY-AIAI-31-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild · Advisory AI Guild | ops/deployment | Provide Helm/Compose manifests, GPU toggle, scaling/runbook, and offline kit instructions for Advisory AI service + inference container. | Wait for DVCP0101 compose template | DVPL0101 | | DEPLOY-AIRGAP-46-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild · Offline Kit Guild | ops/deployment | Provide instructions and scripts (`load.sh`) for importing air-gap bundle into private registry; update Offline Kit guide. | Requires #1 artifacts | AGDP0101 | | DEPLOY-CLI-41-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild · CLI Guild | ops/deployment | Package CLI release artifacts (tarballs per OS/arch, checksums, signatures, completions, container image) and publish distribution docs. | Wait for CLI observability schema (035_CLCI0105) | AGDP0101 | | DEPLOY-COMPOSE-44-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild | ops/deployment | Finalize Quickstart scripts (`quickstart.sh`, `backup.sh`, `reset.sh`), seed data container, and publish README with imposed rule reminder. | Depends on #1 | DVPL0101 | | DEPLOY-EXPORT-35-001 | BLOCKED | 2025-10-29 | SPRINT_501_ops_deployment_i | Deployment Guild · Export Center Guild | ops/deployment | Package exporter service/worker Helm overlays (download-only), document rollout/rollback, and integrate signing KMS secrets. | Need exporter DSSE API (002_ATEL0101) | AGDP0101 | | DEPLOY-EXPORT-36-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild · Export Center Guild | ops/deployment | Document OCI/object storage distribution workflows, registry credential automation, and monitoring hooks for exports. Dependencies: DEPLOY-EXPORT-35-001. | Depends on #4 deliverables | AGDP0101 | | DEPLOY-HELM-45-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment + Security Guilds | ops/deployment | Publish Helm install guide and sample values for prod/airgap; integrate with docs site build. | Needs helm chart schema | DVPL0101 | | DEPLOY-NOTIFY-38-001 | TODO | 2025-10-29 | SPRINT_501_ops_deployment_i | Deployment + Notify Guilds | ops/deployment | Package notifier API/worker Helm overlays (email/chat/webhook), secrets templates, rollout guide. | Depends on #3 | DVPL0101 | | DEPLOY-ORCH-34-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild · Orchestrator Guild | ops/deployment | Provide orchestrator Helm/Compose manifests, scaling defaults, secret templates, offline kit instructions, and GA rollout/rollback playbook. | Requires ORTR0101 readiness | AGDP0101 | | DEPLOY-PACKS-42-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild · Packs Registry Guild | ops/deployment | Provide deployment manifests for packs-registry and task-runner services, including Helm/Compose overlays, scaling defaults, and secret templates. | Wait for pack registry schema | AGDP0101 | | DEPLOY-PACKS-43-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild · Task Runner Guild | ops/deployment | Ship remote Task Runner worker profiles, object storage bootstrap, approval workflow integration, and Offline Kit packaging instructions. Dependencies: DEPLOY-PACKS-42-001. | Needs #7 artifacts | AGDP0101 | | DEPLOY-POLICY-27-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild · Policy Registry Guild | ops/deployment | Produce Helm/Compose overlays for Policy Registry + simulation workers (migrations, buckets, signing keys, tenancy defaults). | WEPO0101 | DVPL0105 | | DEPLOY-POLICY-27-002 | TODO | | SPRINT_502_ops_deployment_ii | Deployment Guild · Policy Guild | ops/deployment | Document rollout/rollback playbooks for policy publish/promote (canary strategy, emergency freeze, evidence retrieval). | DEPLOY-POLICY-27-001 | DVPL0105 | | DEPLOY-VEX-30-001 | TODO | | SPRINT_502_ops_deployment_ii | Deployment + VEX Lens Guild | ops/deployment | Provide Helm/Compose overlays, scaling defaults, and offline kit instructions for VEX Lens service. | Wait for CCWO0101 schema | DVPL0101 | | DEPLOY-VEX-30-002 | TODO | | SPRINT_502_ops_deployment_ii | Deployment Guild | ops/deployment | Package Issuer Directory deployment manifests, backups, and security hardening guidance. Dependencies: DEPLOY-VEX-30-001. | Depends on #5 | DVPL0101 | | DEPLOY-VULN-29-001 | TODO | | SPRINT_502_ops_deployment_ii | Deployment + Vuln Guild | ops/deployment | Produce Helm/Compose overlays for Findings Ledger + projector, including DB migrations, Merkle anchor jobs, and scaling guidance. | Needs CCWO0101 | DVPL0101 | | DEPLOY-VULN-29-002 | TODO | | SPRINT_502_ops_deployment_ii | Deployment Guild | ops/deployment | Package `stella-vuln-explorer-api` deployment manifests, health checks, autoscaling policies, and offline kit instructions with signed images. Dependencies: DEPLOY-VULN-29-001. | Depends on #7 | DVPL0101 | | DETER-186-008 | TODO | | SPRINT_186_record_deterministic_execution | Scanner Guild | `src/Scanner/StellaOps.Scanner.WebService`, `src/Scanner/StellaOps.Scanner.Worker` | Wait for RLRC0101 fixture | Wait for RLRC0101 fixture | SCDT0101 | | DETER-186-009 | TODO | | SPRINT_186_record_deterministic_execution | Scanner Guild · QA Guild | `src/Scanner/StellaOps.Scanner.Replay`, `src/Scanner/__Tests` | Depends on #1 | Depends on #1 | SCDT0101 | | DETER-186-010 | TODO | | SPRINT_186_record_deterministic_execution | Scanner Guild · Export Center Guild | `src/Scanner/StellaOps.Scanner.WebService`, `docs/modules/scanner/operations/release.md` | Depends on #2 | Depends on #2 | SCDT0101 | | DETER-70-002 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Scanner Guild | | Needs CASC0101 manifest | Needs CASC0101 manifest | SCDT0101 | | DETER-70-003 | TODO | | SPRINT_202_cli_ii | DevEx/CLI Guild · Scanner Guild | src/Cli/StellaOps.Cli | Depends on #4 | Depends on #4 | SCDT0101 | | DETER-70-004 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Depends on #5 | Depends on #5 | SCDT0101 | | DEVOPS-AIAI-31-001 | TODO | | SPRINT_503_ops_devops_i | DevOps Guild, Advisory AI Guild (ops/devops) | ops/devops | Stand up CI pipelines, inference monitoring, privacy logging review, and perf dashboards for Advisory AI (summaries/conflicts/remediation). | — | DVDO0101 | | DEVOPS-AIRGAP-56-001 | TODO | | SPRINT_503_ops_devops_i | DevOps Guild (ops/devops) | ops/devops | Ship deny-all egress policies for Kubernetes (NetworkPolicy/eBPF) and docker-compose firewall rules; provide verification script for sealed mode. | — | DVDO0101 | | DEVOPS-AIRGAP-56-002 | TODO | | SPRINT_503_ops_devops_i | DevOps Guild, AirGap Importer Guild (ops/devops) | ops/devops | Provide import tooling for bundle staging: checksum validation, offline object-store loader scripts, removable media guidance. Dependencies: DEVOPS-AIRGAP-56-001. | — | DVDO0101 | | DEVOPS-AIRGAP-56-003 | TODO | | SPRINT_503_ops_devops_i | DevOps Guild, Container Distribution Guild (ops/devops) | ops/devops | Build Bootstrap Pack pipeline bundling images/charts, generating checksums, and publishing manifest for offline transfer. Dependencies: DEVOPS-AIRGAP-56-002. | — | DVDO0101 | | DEVOPS-AIRGAP-57-001 | TODO | | SPRINT_503_ops_devops_i | DevOps Guild, Mirror Creator Guild (ops/devops) | ops/devops | Automate Mirror Bundle creation jobs with dual-control approvals, artifact signing, and checksum publication. Dependencies: DEVOPS-AIRGAP-56-003. | — | DVDO0101 | | DEVOPS-AIRGAP-57-002 | DOING | 2025-11-08 | SPRINT_503_ops_devops_i | DevOps Guild, Authority Guild (ops/devops) | ops/devops | Configure sealed-mode CI tests that run services with sealed flag and ensure no egress occurs (iptables + mock DNS). Dependencies: DEVOPS-AIRGAP-57-001. | — | DVDO0101 | | DEVOPS-AIRGAP-58-001 | TODO | | SPRINT_503_ops_devops_i | DevOps Guild, Notifications Guild (ops/devops) | ops/devops | Provide local SMTP/syslog container templates and health checks for sealed environments; integrate into Bootstrap Pack. Dependencies: DEVOPS-AIRGAP-57-002. | — | DVDO0101 | | DEVOPS-AIRGAP-58-002 | TODO | | SPRINT_503_ops_devops_i | DevOps Guild, Observability Guild (ops/devops) | ops/devops | Ship sealed-mode observability stack (Prometheus/Grafana/Tempo/Loki) pre-configured with offline dashboards and no remote exporters. Dependencies: DEVOPS-AIRGAP-58-001. | — | DVDO0101 | | DEVOPS-AOC-19-001 | BLOCKED | 2025-10-26 | SPRINT_503_ops_devops_i | DevOps Guild, Platform Guild (ops/devops) | ops/devops | Integrate the AOC Roslyn analyzer and guard tests into CI, failing builds when ingestion projects attempt banned writes. | CCAO0101 | DVDO0101 | | DEVOPS-AOC-19-002 | BLOCKED | 2025-10-26 | SPRINT_503_ops_devops_i | DevOps Guild (ops/devops) | ops/devops | Add pipeline stage executing `stella aoc verify --since` against seeded Mongo snapshots for Concelier + Excititor, publishing violation report artefacts. Dependencies: DEVOPS-AOC-19-001. | DEVOPS-AOC-19-001 | DVDO0101 | | DEVOPS-AOC-19-003 | BLOCKED | 2025-10-26 | SPRINT_503_ops_devops_i | DevOps Guild, QA Guild (ops/devops) | ops/devops | Enforce unit test coverage thresholds for AOC guard suites and ensure coverage exported to dashboards. Dependencies: DEVOPS-AOC-19-002. | DEVOPS-AOC-19-002 | DVDO0102 | | DEVOPS-AOC-19-101 | TODO | 2025-10-28 | SPRINT_503_ops_devops_i | DevOps Guild · Concelier Storage Guild | ops/devops | Draft supersedes backfill rollout (freeze window, dry-run steps, rollback) once advisory_raw idempotency index passes staging verification. Dependencies: DEVOPS-AOC-19-003. | Align with CCOA0101 contract | DVDO0104 | | DEVOPS-ATTEST-73-001 | TODO | | SPRINT_503_ops_devops_i | DevOps Guild, Attestor Service Guild (ops/devops) | ops/devops | Provision CI pipelines for attestor service (lint/test/security scan, seed data) and manage secrets for KMS drivers. | — | DVDO0102 | | DEVOPS-ATTEST-73-002 | TODO | | SPRINT_503_ops_devops_i | DevOps Guild, KMS Guild (ops/devops) | ops/devops | Establish secure storage for signing keys (vault integration, rotation schedule) and audit logging. Dependencies: DEVOPS-ATTEST-73-001. | — | DVDO0102 | | DEVOPS-ATTEST-74-001 | TODO | | SPRINT_503_ops_devops_i | DevOps Guild, Transparency Guild (ops/devops) | ops/devops | Deploy transparency log witness infrastructure and monitoring. Dependencies: DEVOPS-ATTEST-73-002. | — | DVDO0102 | | DEVOPS-ATTEST-74-002 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild, Export Attestation Guild (ops/devops) | ops/devops | Integrate attestation bundle builds into release/offline pipelines with checksum verification. Dependencies: DEVOPS-ATTEST-74-001. | — | DVDO0102 | | DEVOPS-ATTEST-75-001 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild, Observability Guild (ops/devops) | ops/devops | Add dashboards/alerts for signing latency, verification failures, key rotation events. Dependencies: DEVOPS-ATTEST-74-002. | — | DVDO0102 | | DEVOPS-CLI-41-001 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild, DevEx/CLI Guild (ops/devops) | ops/devops | Establish CLI build pipeline (multi-platform binaries, SBOM, checksums), parity matrix CI enforcement, and release artifact signing. | — | DVDO0102 | | DEVOPS-CLI-42-001 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild (ops/devops) | ops/devops | Add CLI golden output tests, parity diff automation, pack run CI harness, and artifact cache for remote mode. Dependencies: DEVOPS-CLI-41-001. | — | DVDO0102 | | DEVOPS-CLI-43-002 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild, Task Runner Guild (ops/devops) | ops/devops | Implement Task Pack chaos smoke in CI (random failure injection, resume, sealed-mode toggle) and publish evidence bundles for review. Dependencies: DEVOPS-CLI-43-001. | — | DVDO0102 | | DEVOPS-CLI-43-003 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild, DevEx/CLI Guild (ops/devops) | ops/devops | Integrate CLI golden output/parity diff automation into release gating; export parity report artifact consumed by Console Downloads workspace. Dependencies: DEVOPS-CLI-43-002. | — | DVDO0102 | | DEVOPS-CONSOLE-23-001 | TODO | 2025-10-26 | SPRINT_504_ops_devops_ii | DevOps Guild · Console Guild | ops/devops | Add console CI workflow (pnpm cache, lint, type-check, unit, Storybook a11y, Playwright, Lighthouse) with offline runners and artifact retention for screenshots/reports. | Needs CCWO0101 API schema | DVDO0104 | | DEVOPS-CONSOLE-23-002 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild | ops/devops | Produce `stella-console` container build + Helm chart overlays with deterministic digests, SBOM/provenance artefacts, and offline bundle packaging scripts. Dependencies: DEVOPS-CONSOLE-23-001. | Depends on #2 | DVDO0104 | | DEVOPS-CONTAINERS-44-001 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild | ops/devops | Automate multi-arch image builds with buildx, SBOM generation, cosign signing, and signature verification in CI. | Wait for COWB0101 base image | DVDO0104 | | DEVOPS-CONTAINERS-45-001 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild | ops/devops | Add Compose and Helm smoke tests (fresh VM + kind cluster) to CI; publish test artifacts and logs. Dependencies: DEVOPS-CONTAINERS-44-001. | Depends on #4 | DVDO0104 | | DEVOPS-CONTAINERS-46-001 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild | ops/devops | Build air-gap bundle generator (`src/Tools/make-airgap-bundle.sh`), produce signed bundle, and verify in CI using private registry. Dependencies: DEVOPS-CONTAINERS-45-001. | Depends on #5 | DVDO0104 | | DEVOPS-DEVPORT-63-001 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild · DevPortal Guild | ops/devops | Automate developer portal build pipeline with caching, link & accessibility checks, performance budgets. | Wait for API schema from CCWO0101 | DVDO0105 | | DEVOPS-DEVPORT-64-001 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild | ops/devops | Schedule `devportal --offline` nightly builds with checksum validation and artifact retention policies. Dependencies: DEVOPS-DEVPORT-63-001. | Depends on #1 | DVDO0105 | | DEVOPS-DOCS-0001 | TODO | | SPRINT_318_docs_modules_devops | DevOps Docs Guild | docs/modules/devops | See ./AGENTS.md | Needs CCSL0101 console docs | DVDO0105 | | DEVOPS-ENG-0001 | TODO | | SPRINT_318_docs_modules_devops | DevOps Engineering Guild | docs/modules/devops | Update status via ./AGENTS.md workflow | Depends on #3 | DVDO0105 | | DEVOPS-EXPORT-35-001 | TODO | 2025-10-29 | SPRINT_504_ops_devops_ii | DevOps · Export Guild | ops/devops | Establish exporter CI pipeline (lint/test/perf smoke), configure object storage fixtures, seed Grafana dashboards, and document bootstrap steps. | Wait for DVPL0101 export deploy | DVDO0105 | | DEVOPS-EXPORT-36-001 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild | ops/devops | Integrate Trivy compatibility validation, cosign signature checks, `trivy module db import` smoke tests, OCI distribution verification, and throughput/error dashboards. Dependencies: DEVOPS-EXPORT-35-001. | Depends on #5 | DVDO0105 | | DEVOPS-EXPORT-37-001 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild | ops/devops | Finalize exporter monitoring (failure alerts, verify metrics, retention jobs) and chaos/latency tests ahead of GA. Dependencies: DEVOPS-EXPORT-36-001. | Depends on #6 | DVDO0105 | | DEVOPS-GRAPH-24-001 | TODO | | SPRINT_505_ops_devops_iii | DevOps · Graph Guild | ops/devops | Load test graph index/adjacency APIs with 40k-node assets; capture perf dashboards and alert thresholds. | Wait for CCGH0101 endpoint | DVDO0106 | | DEVOPS-GRAPH-24-002 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild | ops/devops | Integrate synthetic UI perf runs (Playwright/WebGL metrics) for Graph/Vuln explorers; fail builds on regression. Dependencies: DEVOPS-GRAPH-24-001. | Depends on #1 | DVDO0106 | | DEVOPS-GRAPH-24-003 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild | ops/devops | Implement smoke job for simulation endpoints ensuring we stay within SLA (<3s upgrade) and log results. Dependencies: DEVOPS-GRAPH-24-002. | Depends on #2 | DVDO0106 | | DEVOPS-LNM-22-001 | TODO | 2025-10-27 | SPRINT_505_ops_devops_iii | DevOps · Concelier Guild | ops/devops | Run migration/backfill pipelines for advisory observations/linksets in staging, validate counts/conflicts, and automate deployment steps. Awaiting storage backfill tooling. | Needs CCLN0102 API | DVDO0106 | | DEVOPS-LNM-22-002 | TODO | 2025-10-27 | SPRINT_505_ops_devops_iii | DevOps Guild | ops/devops | Execute VEX observation/linkset backfill with monitoring; ensure NATS/Redis events integrated; document ops runbook. Blocked until Excititor storage migration lands. Dependencies: DEVOPS-LNM-22-001. | Depends on #4 | DVDO0106 | | DEVOPS-LNM-22-003 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild | ops/devops | Add CI/monitoring coverage for new metrics (`advisory_observations_total`, `linksets_total`, etc.) and alerts on ingest-to-API SLA breaches. Dependencies: DEVOPS-LNM-22-002. | Depends on #5 | DVDO0106 | | DEVOPS-OAS-61-001 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild | ops/devops | Add CI stages for OpenAPI linting, validation, and compatibility diff; enforce gating on PRs. | Wait for CCWO0101 spec | DVDO0106 | | DEVOPS-OAS-61-002 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild | ops/devops | Integrate mock server + contract test suite into PR and nightly workflows; publish artifacts. Dependencies: DEVOPS-OAS-61-001. | Depends on #7 | DVDO0106 | | DEVOPS-OBS-51-001 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild · Observability Guild | ops/devops | Implement SLO evaluator service (burn rate calculators, webhook emitters), Grafana dashboards, and alert routing to Notifier. Provide Terraform/Helm automation. Dependencies: DEVOPS-OBS-50-002. | Wait for 045_DVDO0103 alert catalog | DVOB0101 | | DEVOPS-OBS-52-001 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild · Timeline Indexer Guild | ops/devops | Configure streaming pipeline (NATS/Redis/Kafka) with retention, partitioning, and backpressure tuning for timeline events; add CI validation of schema + rate caps. Dependencies: DEVOPS-OBS-51-001. | Needs #1 merged for shared correlation IDs | DVOB0101 | | DEVOPS-OBS-53-001 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild · Evidence Locker Guild | ops/devops | Provision object storage with WORM/retention options (S3 Object Lock / MinIO immutability), legal hold automation, and backup/restore scripts for evidence locker. Dependencies: DEVOPS-OBS-52-001. | Depends on DSSE API from 002_ATEL0101 | DVOB0101 | | DEVOPS-OBS-54-001 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild · Security Guild | ops/devops | Manage provenance signing infrastructure (KMS keys, rotation schedule, timestamp authority integration) and integrate verification jobs into CI. Dependencies: DEVOPS-OBS-53-001. | Requires security sign-off on cardinality budgets | DVOB0101 | | DEVOPS-OBS-55-001 | TODO | | SPRINT_506_ops_devops_iv | DevOps Guild · Ops Guild | ops/devops | Implement incident mode automation: feature flag service, auto-activation via SLO burn-rate, retention override management, and post-incident reset job. Dependencies: DEVOPS-OBS-54-001. | Relies on #4 to finalize alert dimensions | DVOB0101 | | DEVOPS-OFFLINE-17-004 | TODO | 2025-10-26 | SPRINT_508_ops_offline_kit | DevOps Offline Guild | ops/offline-kit | Execute `mirror_debug_store.py` after the next release pipeline emits `out/release/debug`, verify manifest hashes, and archive `metadata/debug-store.json` with the kit. | Wait for DVPL0101 compose | DVDO0107 | | DEVOPS-OFFLINE-34-006 | TODO | | SPRINT_508_ops_offline_kit | DevOps Guild | ops/offline-kit | Bundle orchestrator service container, worker SDK samples, Postgres snapshot, and dashboards into Offline Kit with manifest/signature updates. Dependencies: DEVOPS-OFFLINE-17-004. | Depends on #1 | DVDO0107 | | DEVOPS-OFFLINE-37-001 | TODO | | SPRINT_508_ops_offline_kit | DevOps Guild | ops/offline-kit | Export Center offline bundles + verification tooling (mirror artefacts, verification CLI, manifest/signature refresh, air-gap import script). Dependencies: DEVOPS-OFFLINE-34-006. | Needs RBRE hashes | DVDO0107 | | DEVOPS-OFFLINE-37-002 | TODO | | SPRINT_508_ops_offline_kit | DevOps Guild | ops/offline-kit | Notifier offline packs (sample configs, template/digest packs, dry-run harness) with integrity checks and operator docs. Dependencies: DEVOPS-OFFLINE-37-001. | Depends on #3 | DVDO0107 | | DEVOPS-OPENSSL-11-001 | TODO | 2025-11-06 | SPRINT_505_ops_devops_iii | Security + DevOps Guilds | ops/devops | Package the OpenSSL 1.1 shim (`tests/native/openssl-1.1/linux-x64`) into test harness output so Mongo2Go suites discover it automatically. | Wait for CRYO0101 artifacts | DVDO0107 | | DEVOPS-OPENSSL-11-002 | TODO | 2025-11-06 | SPRINT_505_ops_devops_iii | DevOps Guild | ops/devops | Ensure CI runners and Docker images that execute Mongo2Go tests export `LD_LIBRARY_PATH` (or embed the shim) to unblock unattended pipelines. Dependencies: DEVOPS-OPENSSL-11-001. | Depends on #5 | DVDO0107 | | DEVOPS-OPS-0001 | TODO | | SPRINT_318_docs_modules_devops | DevOps Ops Guild | docs/modules/devops | Sync outcomes back to ../.. | Depends on #1-6 | DVDO0107 | | DEVOPS-ORCH-32-001 | TODO | | SPRINT_506_ops_devops_iv | DevOps · Orchestrator Guild | ops/devops | Provision orchestrator Postgres/message-bus infrastructure, add CI smoke deploy, seed Grafana dashboards (queue depth, inflight jobs), and document bootstrap. | Wait for ORTR0102 API | DVDO0108 | | DEVOPS-ORCH-33-001 | TODO | | SPRINT_506_ops_devops_iv | DevOps Guild | ops/devops | Publish Grafana dashboards/alerts for rate limiter, backpressure, error clustering, and DLQ depth; integrate with on-call rotations. Dependencies: DEVOPS-ORCH-32-001. | Depends on #1 | DVDO0108 | | DEVOPS-ORCH-34-001 | TODO | | SPRINT_506_ops_devops_iv | DevOps Guild | ops/devops | Harden production monitoring (synthetic probes, burn-rate alerts, replay smoke), document incident response, and prep GA readiness checklist. Dependencies: DEVOPS-ORCH-33-001. | Depends on #2 | DVDO0108 | | DEVOPS-POLICY-27-001 | TODO | | SPRINT_506_ops_devops_iv | DevOps Guild · CLI Guild | ops/devops | Add CI stages to run `stella policy lint/simulate`, enforce deterministic logs + caching. | CLPS0102 | DVPL0104 | | DEVOPS-POLICY-27-002 | TODO | | SPRINT_506_ops_devops_iv | DevOps Guild · Policy Registry Guild | ops/devops | Provide optional batch simulation CI job that triggers registry run, polls results, posts markdown summary. | DEVOPS-POLICY-27-001 | DVPL0104 | | DEVOPS-POLICY-27-003 | TODO | | SPRINT_506_ops_devops_iv | DevOps Guild · Security Guild | ops/devops | Manage signing key material for policy publish pipeline; rotate keys, add attestation verification stage. | DEVOPS-POLICY-27-002 | DVPL0104 | | DEVOPS-POLICY-27-004 | TODO | | SPRINT_506_ops_devops_iv | DevOps Guild · Observability Guild | ops/devops | Create dashboards/alerts for policy compile latency, simulation queue depth, promotion outcomes. | DEVOPS-POLICY-27-003 | DVPL0104 | | DEVOPS-REL-17-004 | TODO | 2025-10-26 | SPRINT_506_ops_devops_iv | DevOps Release Guild | ops/devops | Ensure release workflow publishes `out/release/debug` (build-id tree + manifest) and fails when symbols are missing. | Needs DVPL0101 release artifacts | DVDO0108 | | DEVOPS-RULES-33-001 | TODO | 2025-10-30 | SPRINT_506_ops_devops_iv | DevOps · Policy Guild | ops/devops | Contracts & Rules anchor:
• Gateway proxies only; Policy Engine composes overlays/simulations.
• AOC ingestion cannot merge; only lossless canonicalization.
• One graph platform: Graph Indexer + Graph API. Cartographer retired. | Wait for CCPR0101 policy logs | DVDO0109 | | DEVOPS-SCAN-90-004 | TODO | | SPRINT_505_ops_devops_iii | DevOps · Scanner Guild | ops/devops | Add a CI job that runs the scanner determinism harness against the release matrix (N runs per image), uploads `determinism.json`, and fails when score < threshold; publish artifact to release notes. Dependencies: SCAN-DETER-186-009/010. | Needs SCDT0101 fixtures | DVDO0109 | | DEVOPS-SDK-63-001 | TODO | | SPRINT_506_ops_devops_iv | DevOps · SDK Guild | ops/devops | Provision registry credentials, signing keys, and secure storage for SDK publishing pipelines. | Depends on #2 | DVDO0109 | | DEVOPS-SIG-26-001 | TODO | | SPRINT_506_ops_devops_iv | DevOps Guild · Signals Guild | ops/devops | Provision CI/CD pipelines, Helm/Compose manifests for Signals service, including artifact storage and Redis dependencies. | Wait for SGSI0101 metrics | DVDO0110 | | DEVOPS-SIG-26-002 | TODO | | SPRINT_506_ops_devops_iv | DevOps Guild | ops/devops | Create dashboards/alerts for reachability scoring latency, cache hit rates, sensor staleness. Dependencies: DEVOPS-SIG-26-001. | Depends on #1 | DVDO0110 | | DEVOPS-SYMS-90-005 | TODO | | SPRINT_505_ops_devops_iii | DevOps · Symbols Guild | ops/devops | Deploy Symbols.Server (Helm/Terraform), manage MinIO/Mongo storage, configure tenant RBAC/quotas, and wire ingestion CLI into release pipelines with monitoring and backups. Dependencies: SYMS-SERVER-401-011/013. | Needs RBSY0101 bundle | DVDO0110 | | DEVOPS-TEN-47-001 | TODO | | SPRINT_506_ops_devops_iv | DevOps · Policy Guild | ops/devops | Add JWKS cache monitoring, signature verification regression tests, and token expiration chaos tests to CI. | Wait for CCPR0101 policy | DVDO0110 | | DEVOPS-TEN-48-001 | TODO | | SPRINT_506_ops_devops_iv | DevOps Guild | ops/devops | Build integration tests to assert RLS enforcement, tenant-prefixed object storage, and audit event emission; set up lint to prevent raw SQL bypass. Dependencies: DEVOPS-TEN-47-001. | Depends on #4 | DVDO0110 | | DEVOPS-TEN-49-001 | TODO | | SPRINT_507_ops_devops_v | DevOps Guild | ops/devops | Deploy audit pipeline, scope usage metrics, JWKS outage chaos tests, and tenant load/perf benchmarks. Dependencies: DEVOPS-TEN-48-001. | Depends on #5 | DVDO0110 | | DEVOPS-VEX-30-001 | TODO | | SPRINT_507_ops_devops_v | DevOps Guild · VEX Lens Guild | ops/devops | Provision CI, load tests, dashboards, alerts for VEX Lens and Issuer Directory (compute latency, disputed totals, signature verification rates). | — | PLVL0103 | | DEVOPS-VULN-29-001 | TODO | | SPRINT_507_ops_devops_v | DevOps · Vuln Guild | ops/devops | Provision CI jobs for ledger projector (replay, determinism), set up backups, monitor Merkle anchoring, and automate verification. | Needs DVPL0101 deploy | DVDO0110 | | DEVOPS-VULN-29-002 | TODO | | SPRINT_507_ops_devops_v | DevOps Guild | ops/devops | Configure load/perf tests (5M findings/tenant), query budget enforcement, API SLO dashboards, and alerts for `vuln_list_latency` and `projection_lag`. Dependencies: DEVOPS-VULN-29-001. | Depends on #7 | DVDO0110 | | DEVOPS-VULN-29-003 | TODO | | SPRINT_507_ops_devops_v | DevOps Guild | ops/devops | Instrument analytics pipeline for Vuln Explorer (telemetry ingestion, query hashes), ensure compliance with privacy/PII guardrails, and update observability docs. Dependencies: DEVOPS-VULN-29-002. | Depends on #8 | DVDO0110 | | DEVPORT-62-001 | TODO | | SPRINT_206_devportal | DevPortal Guild | src/DevPortal/StellaOps.DevPortal.Site | Select static site generator, integrate aggregate spec, build navigation + search scaffolding. | 62-001 | DEVL0101 | | DEVPORT-62-002 | TODO | | SPRINT_206_devportal | DevPortal Guild | src/DevPortal/StellaOps.DevPortal.Site | Implement schema viewer, example rendering, copy-curl snippets, and version selector UI. Dependencies: DEVPORT-62-001. | DEVPORT-62-001 | DEVL0101 | | DEVPORT-63-001 | TODO | | SPRINT_206_devportal | DevPortal Guild | src/DevPortal/StellaOps.DevPortal.Site | Add Try-It console pointing at sandbox environment with token onboarding and scope info. Dependencies: DEVPORT-62-002. | 63-001 | DEVL0101 | | DEVPORT-63-002 | TODO | | SPRINT_206_devportal | DevPortal Guild | src/DevPortal/StellaOps.DevPortal.Site | Embed language-specific SDK snippets and quick starts generated from tested examples. Dependencies: DEVPORT-63-001. | DEVPORT-63-001 | DEVL0101 | | DEVPORT-64-001 | TODO | | SPRINT_206_devportal | DevPortal Guild | src/DevPortal/StellaOps.DevPortal.Site | Provide offline build target bundling HTML, specs, SDK archives; ensure no external assets. Dependencies: DEVPORT-63-002. | 64-001 | DEVL0101 | | DEVPORT-64-002 | TODO | | SPRINT_206_devportal | Developer Portal Guild (src/DevPortal/StellaOps.DevPortal.Site) | src/DevPortal/StellaOps.DevPortal.Site | Add automated accessibility tests, link checker, and performance budgets. Dependencies: DEVPORT-64-001. | | DEVL0102 | | DOC-008 | TODO | | SPRINT_401_reachability_evidence_chain | Docs Guild · Reachability Guild | `docs/reachability/function-level-evidence.md`, `docs/09_API_CLI_REFERENCE.md`, `docs/api/policy.md` | Wait for replay evidence from 100_RBBN0101 | Wait for replay evidence from 100_RBBN0101 | DORC0101 | | DOC-70-001 | DONE | | SPRINT_170_notifications_telemetry | Docs Guild · Notifications Guild | docs | Gather notification doc references | Validate existing notifications doc and migrate notes | DOCP0101 | | DOCKER-44-001 | TODO | | SPRINT_507_ops_devops_v | DevOps Guild · Service Owners | ops/devops | Author multi-stage Dockerfiles for all core services (API, Console, Orchestrator, Task Runner, Conseiller, Excitor, Policy, Notify, Export, AI) with non-root users, read-only file systems, and health scripts. | Wait for DVPL0101 compose merge | DVDO0111 | | DOCKER-44-002 | TODO | | SPRINT_507_ops_devops_v | DevOps Guild | ops/devops | Generate SBOMs and cosign attestations for each image and integrate verification into CI. Dependencies: DOCKER-44-001. | Depends on #1 | DVDO0111 | | DOCKER-44-003 | TODO | | SPRINT_507_ops_devops_v | DevOps Guild | ops/devops | Implement `/health/liveness`, `/health/readiness`, `/version`, `/metrics`, and ensure capability endpoint returns `merge=false` for Conseiller/Excitor. Dependencies: DOCKER-44-002. | Requires SBOM+scan workflow from 137_SCDT0101 | DVDO0111 | | DOCS-0001 | DONE | 2025-11-05 | SPRINT_313_docs_modules_attestor | Docs Guild | docs/modules/attestor | Confirm attestor module doc publication | Confirm attestor module doc scope | DOCP0101 | | DOCS-0002 | TODO | 2025-11-05 | SPRINT_321_docs_modules_graph | Docs Guild (docs/modules/graph) | docs/modules/graph | — | — | DOCL0102 | | DOCS-0003 | TODO | | SPRINT_327_docs_modules_scanner | Docs Guild, Product Guild (docs/modules/scanner) | docs/modules/scanner | — | — | DOCL0102 | | DOCS-401-008 | TODO | | SPRINT_401_reachability_evidence_chain | QA & Docs Guilds (`docs`, `tests/README.md`) | `docs`, `tests/README.md` | — | — | DOCL0102 | | DOCS-401-022 | TODO | | SPRINT_401_reachability_evidence_chain | Docs Guild · Attestor Guild (`docs/ci/dsse-build-flow.md`, `docs/modules/attestor/architecture.md`) | `docs/ci/dsse-build-flow.md`, `docs/modules/attestor/architecture.md` | — | — | DOCL0102 | | DOCS-AIAI-31-004 | DOING | | SPRINT_110_ingestion_evidence | Docs Guild · Console Guild | | Guardrail console doc drafted; screenshots + SBOM evidence pending. | CONSOLE-VULN-29-001; CONSOLE-VEX-30-001; SBOM-AIAI-31-001 | DOAI0102 | | DOCS-AIAI-31-005 | BLOCKED | | SPRINT_110_ingestion_evidence | Docs Guild | | CLI/policy/ops docs paused pending upstream artefacts. | DOCS-AIAI-31-004; CLI-VULN-29-001; CLI-VEX-30-001; POLICY-ENGINE-31-001; DEVOPS-AIAI-31-001 | DOAI0102 | | DOCS-AIAI-31-006 | TODO | 2025-11-13 | SPRINT_111_advisoryai | Docs Guild · Advisory AI Guild | docs/modules/advisory-ai | `/docs/policy/assistant-parameters.md` now documents inference modes, guardrail phrases, budgets, and cache/queue knobs (POLICY-ENGINE-31-001 inputs captured via `AdvisoryAiServiceOptions`). | Need latest telemetry outputs from ADAI0101 | DOAI0104 | | DOCS-AIAI-31-008 | BLOCKED | | SPRINT_110_ingestion_evidence | Docs Guild | | DOCS-AIAI-31-004; CLI-VULN-29-001; CLI-VEX-30-001; POLICY-ENGINE-31-001; DEVOPS-AIAI-31-001 | DOCS-AIAI-31-004; CLI-VULN-29-001; CLI-VEX-30-001; POLICY-ENGINE-31-001; DEVOPS-AIAI-31-001 | DOAI0102 | | DOCS-AIAI-31-009 | BLOCKED | | SPRINT_110_ingestion_evidence | Docs Guild | | DOCS-AIAI-31-004; CLI-VULN-29-001; CLI-VEX-30-001; POLICY-ENGINE-31-001; DEVOPS-AIAI-31-001 | DOCS-AIAI-31-004; CLI-VULN-29-001; CLI-VEX-30-001; POLICY-ENGINE-31-001; DEVOPS-AIAI-31-001 | DOAI0102 | | DOCS-AIRGAP-56-001 | TODO | | SPRINT_301_docs_tasks_md_i | Docs Guild · AirGap Controller Guild | | `/docs/airgap/overview.md` outlining modes, lifecycle, responsibilities, rule banner. | — | DOAI0102 | | DOCS-AIRGAP-56-002 | TODO | | SPRINT_301_docs_tasks_md_i | Docs Guild · DevOps Guild | | `/docs/airgap/sealing-and-egress.md` (network policies, EgressPolicy facade, verification). | DOCS-AIRGAP-56-001 | DOAI0102 | | DOCS-AIRGAP-56-003 | TODO | | SPRINT_301_docs_tasks_md_i | Docs Guild · Exporter Guild | bundle format, DSSE/TUF/Merkle validation, workflows | `/docs/airgap/mirror-bundles.md` (bundle format, DSSE/TUF/Merkle validation, workflows). | DOCS-AIRGAP-56-002 | DOAI0102 | | DOCS-AIRGAP-56-004 | TODO | | SPRINT_301_docs_tasks_md_i | Docs Guild · Deployment Guild | | `/docs/airgap/bootstrap.md` covering Bootstrap Pack creation + install. | DOCS-AIRGAP-56-003 | DOAI0102 | | DOCS-AIRGAP-57-001 | TODO | | SPRINT_301_docs_tasks_md_i | Docs Guild · AirGap Time Guild | docs/modules/airgap | `/docs/airgap/staleness-and-time.md` (time anchors, drift, UI indicators). | DOCS-AIRGAP-56-004 | DOAI0102 | | DOCS-AIRGAP-57-002 | TODO | | SPRINT_301_docs_tasks_md_i | Docs Guild · Console Guild | docs/modules/airgap | `/docs/console/airgap.md` (sealed badge, import wizard, staleness dashboards). | DOCS-AIRGAP-57-001 | DOAI0102 | | DOCS-AIRGAP-57-003 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild · CLI Guild | docs/modules/airgap | Publish `/docs/modules/cli/guides/airgap.md` documenting commands, examples, exit codes. Dependencies: DOCS-AIRGAP-57-002. | AIDG0101 tasks 3–4 | DOCL0102 | | DOCS-AIRGAP-57-004 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild · Ops Guild | docs/modules/airgap | Create `/docs/airgap/operations.md` with runbooks for imports, failure recovery, and auditing. Dependencies: DOCS-AIRGAP-57-003. | DOCS-AIRGAP-57-003 | DOCL0102 | | DOCS-AIRGAP-58-001 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild, Product Guild (docs) | | Provide `/docs/airgap/degradation-matrix.md` enumerating feature availability, fallbacks, remediation. Dependencies: DOCS-AIRGAP-57-004. | — | DOCL0102 | | DOCS-AIRGAP-58-002 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild, Security Guild (docs) | | Update `/docs/security/trust-and-signing.md` with DSSE/TUF roots, rotation, and signed time tokens. Dependencies: DOCS-AIRGAP-58-001. | — | DOCL0102 | | DOCS-AIRGAP-58-003 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild · DevEx Guild | docs/modules/airgap | Publish `/docs/dev/airgap-contracts.md` describing EgressPolicy usage, sealed-mode tests, linting. Dependencies: DOCS-AIRGAP-58-002. | Need DevEx CLI samples from CLCI0109 | DOAG0101 | | DOCS-AIRGAP-58-004 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild · Evidence Locker Guild | docs/modules/airgap | Document `/docs/airgap/portable-evidence.md` for exporting/importing portable evidence bundles across enclaves. Dependencies: DOCS-AIRGAP-58-003. | Requires Evidence Locker attestation notes from 002_ATEL0101 | DOAG0101 | | DOCS-AIRGAP-DEVPORT-64-001 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild · DevPortal Offline Guild | docs/modules/export-center/devportal-offline.md | Create `/docs/airgap/devportal-offline.md` describing offline bundle usage and verification. | Requires #3 draft | DEVL0102 | | DOCS-ATTEST-73-001 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild, Attestor Service Guild (docs) | | Publish `/docs/modules/attestor/overview.md` with imposed rule banner. | — | DOAT0101 | | DOCS-ATTEST-73-002 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild, Attestation Payloads Guild (docs) | | Write `/docs/modules/attestor/payloads.md` with schemas/examples. Dependencies: DOCS-ATTEST-73-001. | — | DOAT0101 | | DOCS-ATTEST-73-003 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild, Policy Guild (docs) | | Publish `/docs/modules/attestor/policies.md` covering verification policies. Dependencies: DOCS-ATTEST-73-002. | — | DOAT0101 | | DOCS-ATTEST-73-004 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild, Attestor Service Guild (docs) | | Add `/docs/modules/attestor/workflows.md` detailing ingest, verify, bulk operations. Dependencies: DOCS-ATTEST-73-003. | — | DOAT0101 | | DOCS-ATTEST-74-001 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild, KMS Guild (docs) | | Publish `/docs/modules/attestor/keys-and-issuers.md`. Dependencies: DOCS-ATTEST-73-004. | — | DOAT0101 | | DOCS-ATTEST-74-002 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild, Transparency Guild (docs) | | Document `/docs/modules/attestor/transparency.md` with witness usage/offline validation. Dependencies: DOCS-ATTEST-74-001. | — | DOAT0101 | | DOCS-ATTEST-74-003 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild, Attestor Console Guild (docs) | | Write `/docs/console/attestor-ui.md` with screenshots/workflows. Dependencies: DOCS-ATTEST-74-002. | — | DOAT0101 | | DOCS-ATTEST-74-004 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild, CLI Attestor Guild (docs) | | Publish `/docs/modules/cli/guides/attest.md` covering CLI usage. Dependencies: DOCS-ATTEST-74-003. | — | DOAT0101 | | DOCS-ATTEST-75-001 | TODO | | SPRINT_303_docs_tasks_md_iii | Docs Guild, Export Attestation Guild (docs) | | Add `/docs/modules/attestor/airgap.md` for attestation bundles. Dependencies: DOCS-ATTEST-74-004. | — | DOAT0101 | | DOCS-ATTEST-75-002 | TODO | | SPRINT_303_docs_tasks_md_iii | Docs Guild, Security Guild (docs) | | Update `/docs/security/aoc-invariants.md` with attestation invariants. Dependencies: DOCS-ATTEST-75-001. | — | DOAT0101 | | DOCS-CLI-41-001 | TODO | | SPRINT_303_docs_tasks_md_iii | Docs Guild, DevEx/CLI Guild (docs) | | Publish `/docs/modules/cli/guides/overview.md`, `/docs/modules/cli/guides/configuration.md`, `/docs/modules/cli/guides/output-and-exit-codes.md` with imposed rule statements. | — | DOCL0101 | | DOCS-CLI-42-001 | TODO | | SPRINT_303_docs_tasks_md_iii | Docs Guild (docs) | | Publish `/docs/modules/cli/guides/parity-matrix.md` and command guides under `/docs/modules/cli/guides/commands/*.md` (policy, sbom, vuln, vex, advisory, export, orchestrator, notify, aoc, auth). Dependencies: DOCS-CLI-41-001. | — | DOCL0101 | | DOCS-CLI-DET-01 | TODO | | SPRINT_301_docs_tasks_md_i | Docs Guild · DevEx/CLI Guild | | Document `stella sbomer` verbs (`layer`, `compose`, `drift`, `verify`) with examples & offline instructions. | CLI-SBOM-60-001; CLI-SBOM-60-002 | DOCL0101 | | DOCS-CLI-FORENSICS-53-001 | TODO | | SPRINT_303_docs_tasks_md_iii | Docs Guild, DevEx/CLI Guild (docs) | | Publish `/docs/modules/cli/guides/forensics.md` for snapshot/verify/attest commands with sample outputs, imposed rule banner, and offline workflows. | — | DOCL0101 | | DOCS-CLI-OBS-52-001 | TODO | | SPRINT_303_docs_tasks_md_iii | Docs Guild, DevEx/CLI Guild (docs) | | Create `/docs/modules/cli/guides/observability.md` detailing `stella obs` commands, examples, exit codes, imposed rule banner, and scripting tips. | — | DOCL0101 | | DOCS-CONSOLE-OBS-52-001 | TODO | | SPRINT_303_docs_tasks_md_iii | Docs Guild, Console Guild (docs) | | Document `/docs/console/observability.md` showcasing Observability Hub widgets, trace/log search, imposed rule banner, and accessibility tips. | — | DOCL0101 | | DOCS-CONSOLE-OBS-52-002 | TODO | | SPRINT_303_docs_tasks_md_iii | Docs Guild, Console Guild (docs) | | Publish `/docs/console/forensics.md` covering timeline explorer, evidence viewer, attestation verifier, imposed rule banner, and troubleshooting. Dependencies: DOCS-CONSOLE-OBS-52-001. | — | DOCL0101 | | DOCS-CONTRIB-62-001 | TODO | | SPRINT_303_docs_tasks_md_iii | Docs Guild, API Governance Guild (docs) | | Publish `/docs/contributing/api-contracts.md` detailing how to edit OAS, lint rules, compatibility checks. | — | DOCL0101 | | DOCS-DETER-70-002 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Scanner Guild | docs/modules/scanner/determinism.md | Document the scanner determinism score process (`determinism.json` schema, CI harness, replay instructions) under `/docs/modules/scanner/determinism-score.md` and add a release-notes template entry. Dependencies: SCAN-DETER-186-010, DEVOPS-SCAN-90-004. | Need deterministic suite notes from 137_SCDT0101 | DOSC0101 | | DOCS-DEVPORT-62-001 | TODO | | SPRINT_303_docs_tasks_md_iii | Docs Guild, Developer Portal Guild (docs) | | Document `/docs/devportal/publishing.md` for build pipeline, offline bundle steps. | — | DOCL0101 | | DOCS-DSL-401-005 | TODO | | SPRINT_401_reachability_evidence_chain | Docs Guild (`docs/policy/dsl.md`, `docs/policy/lifecycle.md`) | `docs/policy/dsl.md`, `docs/policy/lifecycle.md` | Refresh `docs/policy/dsl.md` + lifecycle docs with the new syntax, signal dictionary (`trust_score`, `reachability`, etc.), authoring workflow, and safety rails (shadow mode, coverage tests). | — | DOCL0101 | | DOCS-ENTROPY-70-004 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Scanner Guild | docs/modules/scanner/determinism.md | Publish entropy analysis documentation (scoring heuristics, JSON schemas, policy hooks, UI guidance) under `docs/modules/scanner/entropy.md` and update trust-lattice references. Dependencies: SCAN-ENTROPY-186-011/012, POLICY-RISK-90-001. | Requires entropy guardrails from 078_SCSA0301 | DOSC0101 | | DOCS-EXC-25-001 | TODO | | SPRINT_303_docs_tasks_md_iii | Docs Guild | docs/modules/excititor | Author `/docs/governance/exceptions.md` covering lifecycle, scope patterns, examples, compliance checklist. | CLEX0101 outputs | DOEX0102 | | DOCS-EXC-25-002 | TODO | | SPRINT_303_docs_tasks_md_iii | Docs Guild | docs/modules/excititor | Publish `/docs/governance/approvals-and-routing.md` detailing roles, routing matrix, MFA rules, audit trails. Dependencies: DOCS-EXC-25-001. | CLEX0101 | DOEX0102 | | DOCS-EXC-25-003 | TODO | | SPRINT_303_docs_tasks_md_iii | Docs Guild | docs/modules/excititor | Create `/docs/api/exceptions.md` with endpoints, payloads, errors, idempotency notes. Dependencies: DOCS-EXC-25-002. | UIEX0101 | DOEX0102 | | DOCS-EXC-25-005 | TODO | | SPRINT_303_docs_tasks_md_iii | Docs + Accessibility Guilds | docs/modules/excititor | Write `/docs/ui/exception-center.md` with UI walkthrough, badges, accessibility, shortcuts. Dependencies: DOCS-EXC-25-003. | UIEX0101 | DOEX0102 | | DOCS-EXC-25-006 | TODO | | SPRINT_303_docs_tasks_md_iii | Docs Guild | docs/modules/excititor | Update `/docs/modules/cli/guides/exceptions.md` covering command usage and exit codes. Dependencies: DOCS-EXC-25-005. | CLEX0101 | DOEX0102 | | DOCS-EXC-25-007 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · DevOps Guild | docs/modules/excititor | Publish `/docs/migration/exception-governance.md` describing cutover from legacy suppressions, notifications, rollback. Dependencies: DOCS-EXC-25-006. | UIEX0101 & Ops runbooks | DOEX0102 | | DOCS-EXPORT-37-004 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Export Center Guild | docs/modules/export-center | Publish `/docs/security/export-hardening.md` outlining RBAC, tenancy, encryption, redaction, restating imposed rule. | Wait for ATMI0102 orchestration notes | DOEC0102 | | DOCS-EXPORT-37-005 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Export Center Guild | docs/modules/export-center | Validate Export Center docs against live Trivy/mirror bundles once implementation lands; refresh examples and CLI snippets accordingly. Dependencies: DOCS-EXPORT-37-004. | Needs AGDP0101 manifest schema | DOEC0102 | | DOCS-EXPORT-37-101 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · DevOps Guild | docs/modules/export-center | Refresh CLI verification sections once `stella export verify` lands (flags, exit codes, samples). Dependencies: DOCS-EXPORT-37-005. | Depends on DVDO0105 deployment guide | DOEC0102 | | DOCS-EXPORT-37-102 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Evidence Locker Guild | docs/modules/export-center | Embed export dashboards/alerts references into provenance/runbook docs after Grafana work ships. Dependencies: DOCS-EXPORT-37-101. | Requires ATEL0102 attestation feed | DOEC0102 | | DOCS-FORENSICS-53-001 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Evidence Locker Guild | docs/modules/evidence-locker/forensics.md | Publish `/docs/forensics/evidence-locker.md` describing bundle formats, WORM options, retention, legal hold, and imposed rule banner. | Need DSSE digest notes from 002_ATEL0101 | DOEL0101 | | DOCS-FORENSICS-53-002 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Provenance Guild | docs/modules/evidence-locker/forensics.md | Release `/docs/forensics/provenance-attestation.md` covering DSSE schema, signing process, verification workflow, and imposed rule banner. Dependencies: DOCS-FORENSICS-53-001. | Waiting on provenance recorder sample (104_RBRE0101) | DOEL0101 | | DOCS-FORENSICS-53-003 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Timeline Indexer Guild | docs/modules/evidence-locker/forensics.md | Publish `/docs/forensics/timeline.md` with schema, event kinds, filters, query examples, and imposed rule banner. Dependencies: DOCS-FORENSICS-53-002. | Requires timeline indexer export from 055_AGIM0101 | DOEL0101 | | DOCS-GRAPH-24-001 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Graph Guild | docs/modules/graph | Author `/docs/ui/sbom-graph-explorer.md` detailing overlays, filters, saved views, accessibility, and AOC visibility. | Wait for GRAP0101 contract freeze | DOGR0101 | | DOCS-GRAPH-24-002 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · UI Guild | docs/modules/graph | Publish `/docs/ui/vulnerability-explorer.md` covering table usage, grouping, fix suggestions, Why drawer. Dependencies: DOCS-GRAPH-24-001. | Needs SBOM/VEX dataflow confirmation (PLLG0104) | DOGR0101 | | DOCS-GRAPH-24-003 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · SBOM Guild | docs/modules/graph | Create `/docs/modules/graph/architecture-index.md` describing data model, ingestion pipeline, caches, events. Dependencies: DOCS-GRAPH-24-002. | Blocked on SBOM join spec from CARTO-GRAPH-21-002 | DOGR0101 | | DOCS-GRAPH-24-004 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · BE-Base Guild | docs/modules/graph | Document `/docs/api/graph.md` and `/docs/api/vuln.md` avec endpoints, parameters, errors, RBAC. Dependencies: DOCS-GRAPH-24-003. | Require replay hooks from RBBN0101 | DOGR0101 | | DOCS-GRAPH-24-005 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · DevEx/CLI Guild | docs/modules/graph | Update `/docs/modules/cli/guides/graph-and-vuln.md` covering new CLI commands, exit codes, scripting. Dependencies: DOCS-GRAPH-24-004. | Wait for CLI samples from CLCI0109 | DOGR0101 | | DOCS-GRAPH-24-006 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Policy Guild | docs/modules/graph | Write `/docs/policy/ui-integration.md` explaining overlays, cache usage, simulator contracts. Dependencies: DOCS-GRAPH-24-005. | Needs policy outputs from PLVL0102 | DOGR0101 | | DOCS-GRAPH-24-007 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · DevOps Guild | docs/modules/graph | Produce `/docs/migration/graph-parity.md` with rollout plan, parity checks, fallback guidance. Dependencies: DOCS-GRAPH-24-006. | Depends on DVDO0108 deployment notes | DOGR0101 | | DOCS-INSTALL-44-001 | TODO | | SPRINT_305_docs_tasks_md_v | Docs Guild · Deployment Guild | docs/install | Publish `/docs/install/overview.md` and `/docs/install/compose-quickstart.md` with imposed rule line and copy-ready commands. | Need DVPL0101 compose schema | DOIS0101 | | DOCS-INSTALL-45-001 | TODO | | SPRINT_305_docs_tasks_md_v | Docs Guild · Deployment Guild | docs/install | Publish `/docs/install/helm-prod.md` and `/docs/install/configuration-reference.md` with values tables and imposed rule reminder. Dependencies: DOCS-INSTALL-44-001. | Wait for updated TLS guidance from 127_SIGR0101 | DOIS0101 | | DOCS-INSTALL-46-001 | TODO | | SPRINT_305_docs_tasks_md_v | Docs Guild · Deployment Guild | docs/install | Publish `/docs/install/airgap.md`, `/docs/security/supply-chain.md`, `/docs/operations/health-and-readiness.md`, `/docs/release/image-catalog.md`, `/docs/console/onboarding.md` (each with imposed rule). Dependencies: DOCS-INSTALL-45-001. | Depends on 126_RLRC0101 replay hooks | DOIS0101 | | DOCS-INSTALL-50-001 | TODO | | SPRINT_305_docs_tasks_md_v | Docs Guild · DevOps Guild | docs/install | Add `/docs/install/telemetry-stack.md` with collector deployment, exporter options, offline kit notes, and imposed rule banner. Dependencies: DOCS-INSTALL-46-001. | Requires DevOps offline validation (DVDO0107) | DOIS0101 | | DOCS-LNM-22-001 | BLOCKED | 2025-10-27 | SPRINT_305_docs_tasks_md_v | Docs Guild · Concelier Guild | docs/modules/concelier/link-not-merge.md | Author `/docs/advisories/aggregation.md` covering observation vs linkset, conflict handling, AOC requirements, and reviewer checklist. | Need final schema text from 005_ATLN0101 | DOLN0101 | | DOCS-LNM-22-002 | BLOCKED | 2025-10-27 | SPRINT_305_docs_tasks_md_v | Docs Guild · Excititor Guild | docs/modules/concelier/link-not-merge.md | Publish `/docs/vex/aggregation.md` describing VEX observation/linkset model, product matching, conflicts. Dependencies: DOCS-LNM-22-001. | Waiting on Excititor overlay notes | DOLN0101 | | DOCS-LNM-22-003 | BLOCKED | 2025-10-27 | SPRINT_305_docs_tasks_md_v | Docs Guild · BE-Base Guild | docs/modules/concelier/link-not-merge.md | Update `/docs/api/advisories.md` and `/docs/api/vex.md` for new endpoints, parameters, errors, exports. Dependencies: DOCS-LNM-22-002. | Replay hook contract from RBBN0101 | DOLN0101 | | DOCS-LNM-22-004 | TODO | | SPRINT_305_docs_tasks_md_v | Docs Guild · Policy Guild | docs/modules/concelier/link-not-merge.md | Create `/docs/policy/effective-severity.md` detailing severity selection strategies from multiple sources. Dependencies: DOCS-LNM-22-003. | Requires policy binding from PLVL0102 | DOLN0101 | | DOCS-LNM-22-005 | BLOCKED | 2025-10-27 | SPRINT_305_docs_tasks_md_v | Docs Guild · UI Guild | docs/modules/concelier/link-not-merge.md | Document `/docs/ui/evidence-panel.md` with screenshots, conflict badges, accessibility guidance. Dependencies: DOCS-LNM-22-004. | UI signals from 124_CCSL0101 | DOLN0101 | | DOCS-LNM-22-007 | TODO | | SPRINT_305_docs_tasks_md_v | Docs Guild · Observability Guild | docs/modules/concelier/link-not-merge.md | Publish `/docs/observability/aggregation.md` with metrics/traces/logs/SLOs. Dependencies: DOCS-LNM-22-005. | Observability wiring from 066_PLOB0101 | DOLN0101 | | DOCS-LNM-22-008 | DONE (2025-11-03) | 2025-11-03 | SPRINT_117_concelier_vi | Docs Guild · DevOps Guild | docs/modules/concelier/link-not-merge.md | Documented Link-Not-Merge migration plan in `docs/migration/no-merge.md`; keep synced with ongoing tasks. | Needs retrospective summary | DOLN0101 | | DOCS-NOTIFY-40-001 | TODO | | SPRINT_305_docs_tasks_md_v | Docs Guild · Security Guild | docs/modules/notify | Publish `/docs/notifications/channels.md`, `/docs/notifications/escalations.md`, `/docs/notifications/api.md`, `/docs/operations/notifier-runbook.md`, `/docs/security/notifications-hardening.md`; each ends with imposed rule line. | Need tenancy + throttling updates from DVDO0110 | DONO0101 | | DOCS-OAS-61-001 | TODO | | SPRINT_305_docs_tasks_md_v | Docs Guild · API Contracts Guild | docs/api/oas | Publish `/docs/api/overview.md` covering auth, tenancy, pagination, idempotency, rate limits with banner. | Need governance decisions from 049_APIG0101 | DOOA0101 | | DOCS-OAS-61-002 | TODO | | SPRINT_305_docs_tasks_md_v | Docs Guild · API Governance Guild | docs/api/oas | Author `/docs/api/conventions.md` capturing naming, errors, filters, sorting, examples. Dependencies: DOCS-OAS-61-001. | Requires review board inputs (APIG0101) | DOOA0101 | | DOCS-OAS-61-003 | TODO | | SPRINT_305_docs_tasks_md_v | Docs Guild · API Governance Guild | docs/api/oas | Publish `/docs/api/versioning.md` describing SemVer, deprecation headers, migration playbooks. Dependencies: DOCS-OAS-61-002. | Waiting on lint/tooling export from DVDO0108 | DOOA0101 | | DOCS-OAS-62-001 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild · DevPortal Guild | docs/api/oas | Stand up `/docs/api/reference/` auto-generated site; integrate with portal nav. Dependencies: DOCS-OAS-61-003. | Needs DevPortal publishing hooks (050_DEVL0101) | DOOA0101 | | DOCS-OBS-50-002 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild · Security Guild | docs/observability | Author `/docs/observability/telemetry-standards.md` detailing common fields, scrubbing policy, sampling defaults, and redaction override procedure. | Need console metric list from 059_CNOB0101 | DOOB0101 | | DOCS-OBS-50-003 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild · Observability Guild | docs/observability | Create `/docs/observability/logging.md` covering structured log schema, dos/don'ts, tenant isolation, and copyable examples. Dependencies: DOCS-OBS-50-002. | Waiting on observability ADR from 066_PLOB0101 | DOOB0101 | | DOCS-OBS-50-004 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild · Observability Guild | docs/observability | Draft `/docs/observability/tracing.md` explaining context propagation, async linking, CLI header usage, and sampling strategies. Dependencies: DOCS-OBS-50-003. | Requires CNOB dashboards export | DOOB0101 | | DOCS-OBS-51-001 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild · DevOps Guild | docs/observability | Publish `/docs/observability/metrics-and-slos.md` cataloging metrics, SLO targets, burn rate policies, and alert runbooks. Dependencies: DOCS-OBS-50-004. | Needs DVOB runbook updates | DOOB0101 | | DOCS-ORCH-32-001 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild · Orchestrator Guild | docs/modules/orchestrator | Author `/docs/orchestrator/overview.md` covering mission, roles, AOC alignment, governance, with imposed rule reminder. | Need taskrunner lease ADR from 043_ORTR0101 | DOOR0102 | | DOCS-ORCH-32-002 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild · Orchestrator Guild | docs/modules/orchestrator | Author `/docs/orchestrator/architecture.md` detailing scheduler, DAGs, rate limits, data model, message bus, storage layout, restating imposed rule. Dependencies: DOCS-ORCH-32-001. | Depends on ORTR0102 health hooks | DOOR0102 | | DOCS-ORCH-33-001 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild · Scheduler Guild | docs/modules/orchestrator | Publish `/docs/orchestrator/api.md` (REST/WebSocket endpoints, payloads, error codes) with imposed rule note. Dependencies: DOCS-ORCH-32-002. | Requires scheduler integration outline | DOOR0102 | | DOCS-ORCH-33-002 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild · DevEx/CLI Guild | docs/modules/orchestrator | Publish `/docs/orchestrator/console.md` covering screens, a11y, live updates, control actions, reiterating imposed rule. Dependencies: DOCS-ORCH-33-001. | Wait for CLI samples from 132_CLCI0110 | DOOR0102 | | DOCS-ORCH-33-003 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild · Export Center Guild | docs/modules/orchestrator | Publish `/docs/orchestrator/cli.md` documenting commands, options, exit codes, streaming output, offline usage, and imposed rule. Dependencies: DOCS-ORCH-33-002. | Needs Export Center hooks from 069_AGEX0101 | DOOR0102 | | DOCS-ORCH-34-001 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild (docs) | | Author `/docs/orchestrator/run-ledger.md` covering ledger schema, provenance chain, audit workflows, with imposed rule reminder. Dependencies: DOCS-ORCH-33-003. | — | DOCL0102 | | DOCS-ORCH-34-002 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild (docs) | | Update `/docs/security/secrets-handling.md` for orchestrator KMS refs, redaction badges, operator hygiene, reiterating imposed rule. Dependencies: DOCS-ORCH-34-001. | — | DOCL0102 | | DOCS-ORCH-34-003 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild · DevOps Guild | docs/modules/orchestrator | Publish `/docs/operations/orchestrator-runbook.md` (incident playbook, backfill guide, circuit breakers, throttling) with imposed rule statement. Dependencies: DOCS-ORCH-34-002. | Requires ops checklist from DVDO0108 | DOOR0102 | | DOCS-ORCH-34-004 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild · Observability Guild | docs/modules/orchestrator | Document `/docs/schemas/artifacts.md` describing artifact kinds, schema versions, hashing, storage layout, restating imposed rule. Dependencies: DOCS-ORCH-34-003. | Wait for observability dashboards (063_OROB0101) | DOOR0102 | | DOCS-ORCH-34-005 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild · BE-Base Guild | docs/modules/orchestrator | Author `/docs/slo/orchestrator-slo.md` defining SLOs, burn alerts, measurement, and reiterating imposed rule. Dependencies: DOCS-ORCH-34-004. | Needs replay linkage from 042_RPRC0101 | DOOR0102 | | DOCS-POLICY-23-003 | TODO | | SPRINT_307_docs_tasks_md_vii | Docs Guild | docs/policy/lifecycle.md | Produce `/docs/policy/runtime.md` covering compiler, evaluator, caching, events, SLOs. Dependencies: DOCS-POLICY-23-002. | DOCS-POLICY-23-002 | POKT0101 | | DOCS-POLICY-23-004 | TODO | | SPRINT_307_docs_tasks_md_vii | Docs Guild · UI Guild | docs/policy/lifecycle.md | Document `/docs/policy/editor.md` (UI walkthrough, validation, simulation, approvals). Dependencies: DOCS-POLICY-23-003. | DOCS-POLICY-23-003 | POKT0101 | | DOCS-POLICY-23-005 | TODO | | SPRINT_307_docs_tasks_md_vii | Docs Guild · DevOps Guild | docs/policy/lifecycle.md | Publish `/docs/policy/governance.md` (roles, scopes, approvals, signing, exceptions). Dependencies: DOCS-POLICY-23-004. | Depends on DevOps automation (141_DVDO0107) | DOPL0101 | | DOCS-POLICY-23-006 | TODO | | SPRINT_307_docs_tasks_md_vii | Docs Guild · DevEx/CLI Guild | docs/policy/lifecycle.md | Update `/docs/api/policy.md` with new endpoints, schemas, errors, pagination. Dependencies: DOCS-POLICY-23-005. | Wait for CLI commands (132_CLCI0110) | DOPL0101 | | DOCS-POLICY-23-007 | TODO | | SPRINT_307_docs_tasks_md_vii | Docs Guild · Observability Guild | docs/policy/lifecycle.md | Update `/docs/modules/cli/guides/policy.md` for lint/simulate/activate/history commands, exit codes. Dependencies: DOCS-POLICY-23-006. | Requires observability hooks (066_PLOB0101) | DOPL0101 | | DOCS-POLICY-23-008 | TODO | | SPRINT_307_docs_tasks_md_vii | Docs Guild · Policy Guild | docs/policy/lifecycle.md | Refresh `/docs/modules/policy/architecture.md` with data model, sequence diagrams, event flows. Dependencies: DOCS-POLICY-23-007. | Needs waiver examples from 005_ATLN0101 | DOPL0101 | | DOCS-POLICY-23-009 | TODO | | SPRINT_307_docs_tasks_md_vii | Docs Guild · DevOps Guild | docs/policy/lifecycle.md | Create `/docs/migration/policy-parity.md` covering dual-run parity plan and rollback. Dependencies: DOCS-POLICY-23-008. | Need DevOps rollout notes (DVDO0108) | DOPL0102 | | DOCS-POLICY-23-010 | TODO | | SPRINT_307_docs_tasks_md_vii | Docs Guild · UI Guild | docs/policy/lifecycle.md | Write `/docs/ui/explainers.md` showing explain trees, evidence overlays, interpretation guidance. Dependencies: DOCS-POLICY-23-009. | Requires UI overlay screenshots (119_CCAO0101) | DOPL0102 | | DOCS-POLICY-27-007 | BLOCKED | 2025-10-27 | SPRINT_308_docs_tasks_md_viii | Docs Guild · CLI Guild | docs/policy/runs.md | Update `/docs/policy/cli.md` with new commands, JSON schemas, CI usage, compliance checklist. Dependencies: DOCS-POLICY-27-006. | CLI samples from CLPS0102 | POKT0101 | | DOCS-POLICY-27-008 | BLOCKED | 2025-10-27 | SPRINT_308_docs_tasks_md_viii | Docs Guild · Policy Registry Guild | docs/policy/runs.md | Publish `/docs/policy/packs.md` covering pack imports/promotions/rollback. | Waiting on registry schema | POKT0101 | | DOCS-POLICY-27-003 | BLOCKED | 2025-10-27 | SPRINT_307_docs_tasks_md_vii | Docs Guild · Policy Registry Guild | docs/policy/lifecycle.md | Document `/docs/policy/versioning-and-publishing.md` (semver rules, attestations, rollback) with compliance checklist. Dependencies: DOCS-POLICY-27-002. | Requires registry schema from CCWO0101 | DOPL0102 | | DOCS-POLICY-27-004 | BLOCKED | 2025-10-27 | SPRINT_307_docs_tasks_md_vii | Docs Guild · Scheduler Guild | docs/policy/lifecycle.md | Write `/docs/policy/simulation.md` covering quick vs batch sim, thresholds, evidence bundles, CLI examples. Dependencies: DOCS-POLICY-27-003. | Depends on scheduler hooks from 050_DEVL0101 | DOPL0102 | | DOCS-POLICY-27-005 | BLOCKED | 2025-10-27 | SPRINT_307_docs_tasks_md_vii | Docs Guild · Product Ops | docs/policy/lifecycle.md | Publish `/docs/policy/review-and-approval.md` with approver requirements, comments, webhooks, audit trail guidance. Dependencies: DOCS-POLICY-27-004. | Await product ops approvals | DOPL0102 | | DOCS-POLICY-27-006 | BLOCKED | 2025-10-27 | SPRINT_308_docs_tasks_md_viii | Docs Guild · Policy Guild | docs/policy/runs.md | Author `/docs/policy/promotion.md` covering environments, canary, rollback, and monitoring steps. Dependencies: DOCS-POLICY-27-005. | Need RLS decision from PLLG0104 | DOPL0103 | | DOCS-POLICY-27-007 | BLOCKED | 2025-10-27 | SPRINT_308_docs_tasks_md_viii | Docs Guild · CLI Guild | docs/policy/runs.md | Update `/docs/policy/cli.md` with new commands, JSON schemas, CI usage, and compliance checklist. Dependencies: DOCS-POLICY-27-006. | Requires CLI samples from 132_CLCI0110 | DOPL0103 | | DOCS-POLICY-27-008 | BLOCKED | 2025-10-27 | SPRINT_308_docs_tasks_md_viii | Docs Guild · Policy Registry Guild | docs/policy/runs.md | Publish `/docs/policy/api.md` describing Registry endpoints, request/response schemas, errors, and feature flags. Dependencies: DOCS-POLICY-27-007. | Waiting on registry schema (CCWO0101) | DOPL0103 | | DOCS-POLICY-27-009 | BLOCKED | 2025-10-27 | SPRINT_308_docs_tasks_md_viii | Docs Guild · Security Guild | docs/policy/runs.md | Create `/docs/security/policy-attestations.md` covering signing, verification, key rotation, and compliance checklist. Dependencies: DOCS-POLICY-27-008. | Needs security review outputs | DOPL0103 | | DOCS-POLICY-27-010 | BLOCKED | 2025-10-27 | SPRINT_308_docs_tasks_md_viii | Docs Guild · Architecture Guild | docs/policy/runs.md | Author `/docs/modules/policy/registry-architecture.md` (service design, schemas, queues, failure modes) with diagrams and checklist. Dependencies: DOCS-POLICY-27-009. | Depends on architecture review minutes | DOPL0103 | | DOCS-POLICY-27-011 | BLOCKED | 2025-10-27 | SPRINT_308_docs_tasks_md_viii | Docs Guild · Observability Guild | docs/policy/runs.md | Publish `/docs/observability/policy-telemetry.md` with metrics/log tables, dashboards, alerts, and compliance checklist. Dependencies: DOCS-POLICY-27-010. | Requires observability hooks from 066_PLOB0101 | DOPL0103 | | DOCS-POLICY-27-012 | BLOCKED | 2025-10-27 | SPRINT_308_docs_tasks_md_viii | Docs Guild · Ops Guild | docs/policy/runs.md | Write `/docs/runbooks/policy-incident.md` detailing rollback, freeze, forensic steps, notifications. Dependencies: DOCS-POLICY-27-011. | Needs ops playbooks (DVDO0108) | DOPL0103 | | DOCS-POLICY-27-013 | BLOCKED | 2025-10-27 | SPRINT_308_docs_tasks_md_viii | Docs Guild · Policy Guild | docs/policy/runs.md | Update `/docs/examples/policy-templates.md` with new templates, snippets, and sample policies. Dependencies: DOCS-POLICY-27-012. | Await policy guild approval | DOPL0103 | | DOCS-POLICY-27-014 | BLOCKED | 2025-10-27 | SPRINT_308_docs_tasks_md_viii | Docs Guild · Policy Registry Guild | docs/policy/runs.md | Refresh `/docs/aoc/aoc-guardrails.md` to include Studio-specific guardrails and validation scenarios. Dependencies: DOCS-POLICY-27-013. | Needs policy registry approvals | DOPL0103 | | DOCS-POLICY-DET-01 | TODO | | SPRINT_301_docs_tasks_md_i | Docs Guild · Policy Guild | docs/policy/runs.md | Extend `docs/modules/policy/architecture.md` with determinism gate semantics and provenance references. | Depends on deterministic harness (137_SCDT0101) | DOPL0103 | | DOCS-PROMO-70-001 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Provenance Guild | docs/modules/provenance | Publish `/docs/release/promotion-attestations.md` describing the promotion workflow (CLI commands, Signer/Attestor integration, offline verification) and update `/docs/forensics/provenance-attestation.md` with the new predicate. Dependencies: PROV-OBS-53-003, CLI-PROMO-70-002. | Need provenance promo outline from Provenance Guild | DOPV0101 | | DOCS-REACH-201-006 | TODO | | SPRINT_400_runtime_facts_static_callgraph_union | Docs Guild · Runtime Evidence Guild | docs/reachability | Author the reachability doc set (`docs/signals/reachability.md`, `callgraph-formats.md`, `runtime-facts.md`, CLI/UI appendices) plus update Zastava + Replay guides with the new evidence and operators’ workflow. | Needs RBRE0101 provenance hook summary | DORC0101 | | DOCS-REPLAY-185-003 | TODO | | SPRINT_185_shared_replay_primitives | Docs Guild · Platform Data Guild | docs/replay | Author `docs/data/replay_schema.md` detailing `replay_runs`, `replay_bundles`, `replay_subjects` collections, index guidance, and offline sync strategy aligned with Replay CAS. | Need RPRC0101 API freeze | DORR0101 | | DOCS-REPLAY-185-004 | TODO | | SPRINT_185_shared_replay_primitives | Docs Guild | docs/replay | Expand `docs/replay/DEVS_GUIDE_REPLAY.md` with integration guidance for consuming services (Scanner, Evidence Locker, CLI) and add checklist derived from `docs/replay/DETERMINISTIC_REPLAY.md` Section 11. | Depends on #1 | DORR0101 | | DOCS-REPLAY-186-004 | TODO | | SPRINT_186_record_deterministic_execution | Docs Guild · Runtime Evidence Guild | docs/replay | Author `docs/replay/TEST_STRATEGY.md` (golden replay, feed drift, tool upgrade) and link it from both replay docs and Scanner architecture pages. | Requires deterministic evidence from RBRE0101 | DORR0101 | | DOCS-RISK-66-001 | TODO | | SPRINT_308_docs_tasks_md_viii | Docs Guild · Risk Profile Schema Guild | docs/risk | Publish `/docs/risk/overview.md` covering concepts and glossary. | Need schema approvals from PLLG0104 | DORS0101 | | DOCS-RISK-66-002 | TODO | | SPRINT_308_docs_tasks_md_viii | Docs Guild · Policy Guild | docs/risk | Author `/docs/risk/profiles.md` (authoring, versioning, scope). Dependencies: DOCS-RISK-66-001. | Depends on #1 | DORS0101 | | DOCS-RISK-66-003 | TODO | | SPRINT_308_docs_tasks_md_viii | Docs Guild · Risk Engine Guild | docs/risk | Publish `/docs/risk/factors.md` cataloging signals, transforms, reducers, TTLs. Dependencies: DOCS-RISK-66-002. | Requires engine contract from Risk Engine Guild | DORS0101 | | DOCS-RISK-66-004 | TODO | | SPRINT_308_docs_tasks_md_viii | Docs Guild · Risk Engine Guild | docs/risk | Create `/docs/risk/formulas.md` detailing math, normalization, gating, severity. Dependencies: DOCS-RISK-66-003. | Needs engine rollout notes | DORS0101 | | DOCS-RISK-67-001 | TODO | | SPRINT_308_docs_tasks_md_viii | Docs Guild · Risk Engine Guild | docs/risk | Publish `/docs/risk/explainability.md` showing artifact schema and UI screenshots. Dependencies: DOCS-RISK-66-004. | Wait for engine metrics from 066_PLOB0101 | DORS0101 | | DOCS-RISK-67-002 | TODO | | SPRINT_308_docs_tasks_md_viii | Docs Guild · API Guild | docs/risk | Produce `/docs/risk/api.md` with endpoint reference/examples. Dependencies: DOCS-RISK-67-001. | Requires API publishing workflow | DORS0101 | | DOCS-RISK-67-003 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild · Console Guild | docs/risk | Document `/docs/console/risk-ui.md` for authoring, simulation, dashboards. Dependencies: DOCS-RISK-67-002. | Needs console overlay decision | DORS0101 | | DOCS-RISK-67-004 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild · CLI Guild | docs/risk | Publish `/docs/modules/cli/guides/risk.md` covering CLI workflows. Dependencies: DOCS-RISK-67-003. | Requires CLI samples from 132_CLCI0110 | DORS0101 | | DOCS-RISK-68-001 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild · Export Guild | docs/risk | Add `/docs/airgap/risk-bundles.md` for offline factor bundles. Dependencies: DOCS-RISK-67-004. | Wait for export contract (069_AGEX0101) | DORS0101 | | DOCS-RISK-68-002 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild · Security Guild | docs/risk | Update `/docs/security/aoc-invariants.md` with risk scoring provenance guarantees. Dependencies: DOCS-RISK-68-001. | Requires security approvals | DORS0101 | | DOCS-RUNBOOK-401-017 | TODO | | SPRINT_401_reachability_evidence_chain | Docs Guild · Ops Guild | `docs/runbooks/reachability-runtime.md`, `docs/reachability/DELIVERY_GUIDE.md` | Publish the reachability runtime ingestion runbook, link it from delivery guides, and keep Ops/Signals troubleshooting steps current. | Need latest reachability metrics from RBBN0101 | DORU0101 | | DOCS-RUNBOOK-55-001 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild · Ops Guild | docs/runbooks | Author `/docs/runbooks/incidents.md` describing incident mode activation, escalation steps, retention impact, verification checklist, and imposed rule banner. | Requires deployment checklist from DVPL0101 | DORU0101 | | DOCS-SCANNER-BENCH-62-002 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · Product Guild | docs/modules/scanner/benchmarks | Capture customer demand for Windows/macOS analyzer coverage and document outcomes. | Need bench inputs from SCSA0301 | DOSB0101 | | DOCS-SCANNER-BENCH-62-003 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · Product Guild | docs/modules/scanner/benchmarks | Capture Python lockfile/editable install requirements and document policy guidance. | Depends on #1 | DOSB0101 | | DOCS-SCANNER-BENCH-62-004 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · Java Analyzer Guild | docs/modules/scanner/benchmarks | Document Java lockfile ingestion guidance and policy templates. | Requires Java analyzer notes | DOSB0101 | | DOCS-SCANNER-BENCH-62-005 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · Go Analyzer Guild | docs/modules/scanner/benchmarks | Document Go stripped-binary fallback enrichment guidance once implementation lands. | Needs Go analyzer results | DOSB0101 | | DOCS-SCANNER-BENCH-62-006 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · Product Guild | docs/modules/scanner/benchmarks | Document Rust fingerprint enrichment guidance and policy examples. | Requires updated benchmarks from SCSA0601 | DOSB0101 | | DOCS-SCANNER-BENCH-62-008 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · Platform Data Guild | docs/modules/scanner/benchmarks | Publish EntryTrace explain/heuristic maintenance guide. | Wait for replay hooks (RPRC0101) | DOSB0101 | | DOCS-SCANNER-BENCH-62-009 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · DevEx/CLI Guild | docs/modules/scanner/benchmarks | Produce SAST integration documentation (connector framework, policy templates). | Depends on CLI samples (132_CLCI0110) | DOSB0101 | | DOCS-SCANNER-DET-01 | TODO | 2025-11-09 | SPRINT_301_docs_tasks_md_i | Docs Guild · Scanner Guild | docs/modules/scanner/benchmarks | `/docs/modules/scanner/deterministic-sbom-compose.md` plus scan guide updates. | Needs determinism harness from 137_SCDT0101 | DOSB0101 | | DOCS-SDK-62-001 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild · SDK Generator Guild | docs/sdk | Publish `/docs/sdks/overview.md` plus language guides (`typescript.md`, `python.md`, `go.md`, `java.md`). | Need SDK toolchain notes from SDKG0101 | DOSK0101 | | DOCS-SEC-62-001 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild · Security Guild | docs/security | Update `/docs/security/auth-scopes.md` with OAuth2/PAT scopes, tenancy header usage. | Need security ADR from DVDO0110 | DOSE0101 | | DOCS-SEC-OBS-50-001 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild · Security Guild | docs/security | Update `/docs/security/redaction-and-privacy.md` to cover telemetry privacy controls, tenant opt-in debug, and imposed rule reminder. | Depends on PLOB0101 metrics | DOSE0101 | | DOCS-SIG-26-001 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild · Signals Guild | docs/modules/signals | Write `/docs/signals/reachability.md` covering states, scores, provenance, retention. | Need SGSI0101 metrics freeze | DOSG0101 | | DOCS-SIG-26-002 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild · Observability Guild | docs/modules/signals | Publish `/docs/signals/callgraph-formats.md` with schemas and validation errors. Dependencies: DOCS-SIG-26-001. | Depends on #1 | DOSG0101 | | DOCS-SIG-26-003 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild · Signals Guild | docs/modules/signals | Create `/docs/signals/runtime-facts.md` detailing agent capabilities, privacy safeguards, opt-in flags. Dependencies: DOCS-SIG-26-002. | Requires SSE contract from SGSI0101 | DOSG0101 | | DOCS-SIG-26-004 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild · CLI Guild | docs/modules/signals | Document `/docs/policy/signals-weighting.md` for SPL predicates and weighting strategies. Dependencies: DOCS-SIG-26-003. | Needs CLI samples (132_CLCI0110) | DOSG0101 | | DOCS-SIG-26-005 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild · DevOps Guild | docs/modules/signals | Draft `/docs/ui/reachability-overlays.md` with badges, timelines, shortcuts. Dependencies: DOCS-SIG-26-004. | Wait for DevOps rollout plan | DOSG0101 | | DOCS-SIG-26-006 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild · Security Guild | docs/modules/signals | Update `/docs/modules/cli/guides/reachability.md` for new commands and automation recipes. Dependencies: DOCS-SIG-26-005. | Requires security guidance (DVDO0110) | DOSG0101 | | DOCS-SIG-26-007 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild · Policy Guild | docs/modules/signals | Publish `/docs/api/signals.md` covering endpoints, payloads, ETags, errors. Dependencies: DOCS-SIG-26-006. | Needs policy overlay from PLVL0102 | DOSG0101 | | DOCS-SIG-26-008 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · Notifications Guild | docs/modules/signals | Write `/docs/migration/enable-reachability.md` guiding rollout, fallbacks, monitoring. Dependencies: DOCS-SIG-26-007. | Depends on notifications hooks (058_NOTY0101) | DOSG0101 | | DOCS-SURFACE-01 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · Surface Guild | docs/modules/scanner/surface | Create `/docs/modules/scanner/scanner-engine.md` covering Surface.FS/Env/Secrets workflow between Scanner, Zastava, Scheduler, and Ops. | Need latest surface emit notes (SCANNER-SURFACE-04) | DOSS0101 | | DOCS-SYMS-70-003 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Symbols Guild | docs/modules/symbols | Author symbol-server architecture/spec docs (`docs/specs/symbols/SYMBOL_MANIFEST_v1.md`, API reference, bundle guide) and update reachability guides with symbol lookup workflow and tenant controls. Dependencies: SYMS-SERVER-401-011, SYMS-INGEST-401-013. | Need RBSY0101 cache notes | DOSY0101 | | DOCS-TEN-47-001 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · Security Guild | docs/modules/tenancy | Publish `/docs/security/tenancy-overview.md` and `/docs/security/scopes-and-roles.md` outlining scope grammar, tenant model, imposed rule reminder. | Need tenancy ADR from DVDO0110 | DOTN0101 | | DOCS-TEN-48-001 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · Security Guild | docs/modules/tenancy | Publish `/docs/operations/multi-tenancy.md`, `/docs/operations/rls-and-data-isolation.md`, `/docs/console/admin-tenants.md`. Dependencies: DOCS-TEN-47-001. | Depends on #1 | DOTN0101 | | DOCS-TEN-49-001 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · DevOps Guild | docs/modules/tenancy | Publish `/docs/modules/cli/guides/authentication.md`, `/docs/api/authentication.md`, `/docs/policy/examples/abac-overlays.md`, update `/docs/install/configuration-reference.md` with new env vars, all ending with imposed rule line. Dependencies: DOCS-TEN-48-001. | Requires monitoring plan from DVDO0110 | DOTN0101 | | DOCS-TEST-62-001 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · SDK Generator Guild | docs/sdk | Author `/docs/testing/contract-testing.md` covering mock server, replay tests, golden fixtures. | Depends on #1 | DOSK0101 | | DOCS-VEX-30-001 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · VEX Lens Guild | docs/modules/vex-lens | Publish `/docs/vex/consensus-overview.md` describing purpose, scope, AOC guarantees. | Need PLVL0102 schema snapshot | DOVX0101 | | DOCS-VEX-30-002 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · VEX Lens Guild | docs/modules/vex-lens | Author `/docs/vex/consensus-algorithm.md` covering normalization, weighting, thresholds, examples. Dependencies: DOCS-VEX-30-001. | Depends on #1 | DOVX0101 | | DOCS-VEX-30-003 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · Issuer Directory Guild | docs/modules/vex-lens | Document `/docs/vex/issuer-directory.md` (issuer management, keys, trust overrides, audit). Dependencies: DOCS-VEX-30-002. | Requires Issuer Directory inputs | DOVX0101 | | DOCS-VEX-30-004 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · VEX Lens Guild | docs/modules/vex-lens | Publish `/docs/vex/consensus-api.md` with endpoint specs, query params, rate limits. Dependencies: DOCS-VEX-30-003. | Needs PLVL0102 policy join notes | DOVX0101 | | DOCS-VEX-30-005 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · Console Guild | docs/modules/vex-lens | Write `/docs/vex/consensus-console.md` covering UI workflows, filters, conflicts, accessibility. Dependencies: DOCS-VEX-30-004. | Requires console overlay assets | DOVX0101 | | DOCS-VEX-30-006 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · Policy Guild | docs/modules/vex-lens | Add `/docs/policy/vex-trust-model.md` detailing policy knobs, thresholds, simulation. Dependencies: DOCS-VEX-30-005. | Needs waiver/exception guidance | DOVX0101 | | DOCS-VEX-30-007 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · SBOM Service Guild | docs/modules/vex-lens | Publish `/docs/sbom/vex-mapping.md` (CPE→purl strategy, edge cases, overrides). Dependencies: DOCS-VEX-30-006. | Depends on SBOM/VEX dataflow spec | DOVX0101 | | DOCS-VEX-30-008 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · Security Guild | docs/modules/vex-lens | Deliver `/docs/security/vex-signatures.md` (verification flow, key rotation, audit). Dependencies: DOCS-VEX-30-007. | Requires security review (DVDO0110) | DOVX0101 | | DOCS-VEX-30-009 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · DevOps Guild | docs/modules/vex-lens | Create `/docs/runbooks/vex-ops.md` for recompute storms, mapping failures, signature errors. Dependencies: DOCS-VEX-30-008. | Needs DevOps rollout plan | DOVX0101 | | DOCS-VEX-401-012 | TODO | | SPRINT_401_reachability_evidence_chain | Docs Guild · VEX Lens Guild | `docs/benchmarks/vex-evidence-playbook.md`, `bench/README.md` | Maintain the VEX Evidence Playbook, publish repo templates/README, and document verification workflows for operators. | Need VEX evidence export from PLVL0102 | DOVB0101 | | DOCS-VULN-29-001 | TODO | | SPRINT_311_docs_tasks_md_xi | Docs Guild · Vuln Explorer Guild | docs/modules/vuln-explorer | Publish `/docs/vuln/explorer-overview.md` covering domain model, identities, AOC guarantees, workflow summary. | Need GRAP0101 contract | DOVL0101 | | DOCS-VULN-29-002 | TODO | | SPRINT_311_docs_tasks_md_xi | Docs Guild · Vuln Explorer Guild | docs/modules/vuln-explorer | Write `/docs/vuln/explorer-using-console.md` with workflows, screenshots, keyboard shortcuts, saved views, deep links. Dependencies: DOCS-VULN-29-001. | Depends on #1 | DOVL0101 | | DOCS-VULN-29-003 | TODO | | SPRINT_311_docs_tasks_md_xi | Docs Guild · UI Guild | docs/modules/vuln-explorer | Author `/docs/vuln/explorer-api.md` (endpoints, query schema, grouping, errors, rate limits). Dependencies: DOCS-VULN-29-002. | Requires UI assets | DOVL0101 | | DOCS-VULN-29-004 | TODO | | SPRINT_311_docs_tasks_md_xi | Docs Guild · Policy Guild | docs/modules/vuln-explorer | Publish `/docs/vuln/explorer-cli.md` with command reference, samples, exit codes, CI snippets. Dependencies: DOCS-VULN-29-003. | Needs policy overlay inputs | DOVL0101 | | DOCS-VULN-29-005 | TODO | | SPRINT_311_docs_tasks_md_xi | Docs Guild · Security Guild | docs/modules/vuln-explorer | Write `/docs/vuln/findings-ledger.md` detailing event schema, hashing, Merkle roots, replay tooling. Dependencies: DOCS-VULN-29-004. | Requires security review | DOVL0101 | | DOCS-VULN-29-006 | TODO | | SPRINT_311_docs_tasks_md_xi | Docs Guild · DevOps Guild | docs/modules/vuln-explorer | Update `/docs/policy/vuln-determinations.md` for new rationale, signals, simulation semantics. Dependencies: DOCS-VULN-29-005. | Depends on DevOps rollout plan | DOVL0101 | | DOCS-VULN-29-007 | TODO | | SPRINT_311_docs_tasks_md_xi | Docs Guild · DevEx/CLI Guild | docs/modules/vuln-explorer | Publish `/docs/vex/explorer-integration.md` covering CSAF mapping, suppression precedence, status semantics. Dependencies: DOCS-VULN-29-006. | Needs CLI examples (132_CLCI0110) | DOVL0101 | | DOCS-VULN-29-008 | TODO | | SPRINT_311_docs_tasks_md_xi | Docs Guild · Export Center Guild | docs/modules/vuln-explorer | Publish `/docs/advisories/explorer-integration.md` covering key normalization, withdrawn handling, provenance. Dependencies: DOCS-VULN-29-007. | Need export bundle spec | DOVL0102 | | DOCS-VULN-29-009 | TODO | | SPRINT_311_docs_tasks_md_xi | Docs Guild · Security Guild | docs/modules/vuln-explorer | Author `/docs/sbom/vuln-resolution.md` detailing version semantics, scope, paths, safe version hints. Dependencies: DOCS-VULN-29-008. | Depends on #1 | DOVL0102 | | DOCS-VULN-29-010 | TODO | | SPRINT_311_docs_tasks_md_xi | Docs Guild · DevOps Guild | docs/modules/vuln-explorer | Publish `/docs/observability/vuln-telemetry.md` (metrics, logs, tracing, dashboards, SLOs). Dependencies: DOCS-VULN-29-009. | Requires DevOps automation plan | DOVL0102 | | DOCS-VULN-29-011 | TODO | | SPRINT_311_docs_tasks_md_xi | Docs Guild · Notifications Guild | docs/modules/vuln-explorer | Create `/docs/security/vuln-rbac.md` for roles, ABAC policies, attachment encryption, CSRF. Dependencies: DOCS-VULN-29-010. | Needs notifications contract | DOVL0102 | | DOCS-VULN-29-012 | TODO | | SPRINT_311_docs_tasks_md_xi | Docs Guild · Policy Guild | docs/modules/vuln-explorer | Write `/docs/runbooks/vuln-ops.md` (projector lag, resolver storms, export failures, policy activation). Dependencies: DOCS-VULN-29-011. | Requires policy overlay outputs | DOVL0102 | | DOCS-VULN-29-013 | TODO | | SPRINT_311_docs_tasks_md_xi | Docs Guild · DevEx/CLI Guild | docs/modules/vuln-explorer | Update `/docs/install/containers.md` with Findings Ledger & Vuln Explorer API images, manifests, resource sizing, health checks. Dependencies: DOCS-VULN-29-012. | Needs CLI/export scripts from 132_CLCI0110 | DOVL0102 | | DOWNLOADS-CONSOLE-23-001 | TODO | | SPRINT_502_ops_deployment_ii | Docs Guild · Deployment Guild | docs/console | Maintain signed downloads manifest pipeline (images, Helm, offline bundles), publish JSON under `deploy/downloads/manifest.json`, and document sync cadence for Console + docs parity. | Need latest console build instructions | DOCN0101 | | DPOP-11-001 | TODO | 2025-11-08 | SPRINT_100_identity_signing | Docs Guild · Authority Core | src/Authority/StellaOps.Authority | Need DPoP ADR from PGMI0101 | AUTH-AOC-19-002 | DODP0101 | | DSL-401-005 | TODO | | SPRINT_401_reachability_evidence_chain | Docs Guild · Policy Guild | `docs/policy/dsl.md`, `docs/policy/lifecycle.md` | Depends on PLLG0101 DSL updates | Depends on PLLG0101 DSL updates | DODP0101 | | DSSE-CLI-401-021 | TODO | | SPRINT_401_reachability_evidence_chain | Docs Guild · CLI Guild | `src/Cli/StellaOps.Cli`, `scripts/ci/attest-*`, `docs/modules/attestor/architecture.md` | Ship a `stella attest` CLI (or sample `StellaOps.Attestor.Tool`) plus GitLab/GitHub workflow snippets that emit DSSE per build step (scan/package/push) using the new library and Authority keys. | Need CLI updates from latest DSSE release | DODS0101 | | DSSE-DOCS-401-022 | TODO | | SPRINT_401_reachability_evidence_chain | Docs Guild · Attestor Guild | `docs/ci/dsse-build-flow.md`, `docs/modules/attestor/architecture.md` | Document the build-time attestation walkthrough (`docs/ci/dsse-build-flow.md`): models, helper usage, Authority integration, storage conventions, and verification commands, aligning with the advisory. | Depends on #1 | DODS0101 | | DSSE-LIB-401-020 | TODO | | SPRINT_401_reachability_evidence_chain | Attestor Guild · Platform Guild | `src/Attestor/StellaOps.Attestation`, `src/Attestor/StellaOps.Attestor.Envelope` | Package `StellaOps.Attestor.Envelope` primitives into a reusable `StellaOps.Attestation` library with `InTotoStatement`, `IAuthoritySigner`, DSSE pre-auth helpers, and .NET-friendly APIs for build agents. | Need attestor library API freeze | DOAL0101 | | DVOFF-64-002 | TODO | | SPRINT_160_export_evidence | DevPortal Offline Guild | docs/modules/export-center/devportal-offline.md | DevPortal Offline + AirGap Controller Guilds | Needs exporter DSSE schema from 002_ATEL0101 | DEVL0102 | | EDITOR-401-004 | TODO | | SPRINT_401_reachability_evidence_chain | Docs Guild · CLI Guild | `src/Cli/StellaOps.Cli`, `docs/policy/lifecycle.md` | Gather CLI/editor alignment notes | Gather CLI/editor alignment notes | DOCL0103 | | EMIT-15-001 | TODO | | SPRINT_136_scanner_surface | Docs Guild · Scanner Emit Guild | src/Scanner/__Libraries/StellaOps.Scanner.Emit | Need EntryTrace emit notes from SCANNER-SURFACE-04 | SCANNER-SURFACE-04 | DOEM0101 | | ENG-0001 | DONE | 2025-11-07 | SPRINT_333_docs_modules_excititor | Docs Guild · Analyzer Guild | docs/modules/excitor | Summarize excititor integration | Summarize excititor integration | DOEN0101 | | ENG-0002 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Docs Guild · Analyzer Guild | docs/modules/scanner | Link to analyzer doc commits | Link to analyzer doc commits | DOEN0101 | | ENG-0003 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Docs Guild · Analyzer Guild | docs/modules/scanner | Link to Python analyzer doc | Link to Python analyzer doc | DOEN0101 | | ENG-0004 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Docs Guild · Analyzer Guild | docs/modules/scanner | Link to Java analyzer doc | Link to Java analyzer doc | DOEN0101 | | ENG-0005 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Docs Guild · Analyzer Guild | docs/modules/scanner | Link to Go analyzer doc | Link to Go analyzer doc | DOEN0101 | | ENG-0006 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Docs Guild · Analyzer Guild | docs/modules/scanner | Link to Rust analyzer doc | Link to Rust analyzer doc | DOEN0101 | | ENG-0007 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Docs Guild · Analyzer Guild | docs/modules/scanner | Multi-analyzer wrap-up | Multi-analyzer wrap-up | DOEN0101 | | ENG-0008 | TODO | | SPRINT_138_scanner_ruby_parity | Docs Guild · EntryTrace Guild | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | Needs EntryTrace doc from DOEM0101 | Needs EntryTrace doc from DOEM0101 | DOEN0101 | | ENG-0009 | TODO | 2025-11-13 | SPRINT_138_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Requires CLI integration notes | SCANNER-ANALYZERS-RUBY-28-001..012 | DOEN0101 | | ENG-0010 | TODO | | SPRINT_138_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Need PHP analyzer doc outline | SCANNER-ANALYZERS-PHP-27-001 | DOEN0102 | | ENG-0011 | TODO | | SPRINT_138_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Deno analyzer doc | Deno analyzer doc | DOEN0102 | | ENG-0012 | TODO | | SPRINT_138_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Dart | EntryTrace doc dependency (DOEM0101) | EntryTrace doc dependency (DOEM0101) | DOEN0102 | | ENG-0013 | TODO | | SPRINT_138_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Swift | Swift analyzer doc outline | Swift analyzer doc outline | DOEN0102 | | ENG-0014 | TODO | | SPRINT_138_scanner_ruby_parity | Docs Guild · Analyzer Guild | docs/modules/scanner | Runtime/Zastava notes | Runtime/Zastava notes | DOEN0102 | | ENG-0015 | DONE | 2025-11-13 | SPRINT_138_scanner_ruby_parity | Docs Guild · Analyzer Guild | docs/modules/scanner | Summarize export center tie-in | Summarize export center tie-in | DOEN0102 | | ENG-0016 | DONE | 2025-11-10 | SPRINT_138_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Analyzer doc evidence | SCANNER-ENG-0009 | DOEN0102 | | ENG-0017 | DONE | 2025-11-09 | SPRINT_138_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Analyzer doc evidence | SCANNER-ENG-0016 | DOEN0102 | | ENG-0018 | DONE | 2025-11-09 | SPRINT_138_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Analyzer doc evidence | SCANNER-ENG-0017 | DOEN0102 | | ENG-0019 | DONE | 2025-11-13 | SPRINT_138_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Analyzer doc evidence | SCANNER-ENG-0016..0018 | DOEN0102 | | ENG-0020 | TODO | | SPRINT_136_scanner_surface | Docs Guild · Scanner Guild | docs/modules/scanner | Need surface doc context | Need surface doc context | DOEN0103 | | ENG-0021 | TODO | | SPRINT_136_scanner_surface | Docs Guild · Scanner Guild | docs/modules/scanner | Same as #1 | Same as #1 | DOEN0103 | | ENG-0022 | TODO | | SPRINT_136_scanner_surface | Docs Guild · Scanner Guild | docs/modules/scanner | Policy integration reference | Policy integration reference | DOEN0103 | | ENG-0023 | TODO | | SPRINT_136_scanner_surface | Docs Guild · Scanner Guild | docs/modules/scanner | Offline kit/policy integration | Offline kit/policy integration | DOEN0103 | | ENG-0024 | TODO | | SPRINT_136_scanner_surface | Docs Guild · Scanner Guild | docs/modules/scanner | Surface doc refresh | Surface doc refresh | DOEN0103 | | ENG-0025 | TODO | | SPRINT_136_scanner_surface | Docs Guild · Scanner Guild | docs/modules/scanner | Surface doc refresh | Surface doc refresh | DOEN0103 | | ENG-0026 | TODO | | SPRINT_136_scanner_surface | Docs Guild · Scanner Guild | docs/modules/scanner | Surface doc refresh | Surface doc refresh | DOEN0103 | | ENG-0027 | TODO | | SPRINT_136_scanner_surface | Docs Guild · Scanner Guild | docs/modules/scanner | Policy/offline integration doc | Policy/offline integration doc | DOEN0103 | | ENGINE-20-002 | BLOCKED | 2025-10-26 | SPRINT_124_policy_reasoning | Docs Guild · Policy Guild | src/Policy/StellaOps.Policy.Engine | Need ADR references | Need ADR references | DOPE0101 | | ENGINE-20-003 | TODO | | SPRINT_124_policy_reasoning | Docs Guild · Policy Guild · Concelier & Excititor Guilds | src/Policy/StellaOps.Policy.Engine | Depends on #1 | POLICY-ENGINE-20-002 | DOPE0101 | | ENGINE-20-004 | TODO | | SPRINT_124_policy_reasoning | Docs Guild · Storage Guild | src/Policy/StellaOps.Policy.Engine | Needs storage notes | POLICY-ENGINE-20-003 | DOPE0101 | | ENGINE-20-005 | TODO | | SPRINT_124_policy_reasoning | Docs Guild · Policy Runtime Guild | src/Policy/StellaOps.Policy.Engine | Requires policy runtime notes | POLICY-ENGINE-20-004 | DOPE0101 | | ENGINE-20-006 | TODO | | SPRINT_124_policy_reasoning | Docs Guild · Policy Guild | src/Policy/StellaOps.Policy.Engine | Need runtime ADR | POLICY-ENGINE-20-005 | DOPE0102 | | ENGINE-20-007 | TODO | | SPRINT_124_policy_reasoning | Docs Guild · Storage Guild | src/Policy/StellaOps.Policy.Engine | Need storage ADR | POLICY-ENGINE-20-006 | DOPE0102 | | ENGINE-20-008 | TODO | | SPRINT_124_policy_reasoning | Docs Guild · Observability Guild | src/Policy/StellaOps.Policy.Engine | Need observability updates | POLICY-ENGINE-20-007 | DOPE0102 | | ENGINE-20-009 | TODO | | SPRINT_124_policy_reasoning | Docs Guild · DevOps Guild | src/Policy/StellaOps.Policy.Engine | Need DevOps deployment plan | POLICY-ENGINE-20-008 | DOPE0102 | | ENGINE-27-001 | TODO | | SPRINT_124_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-20-009 | POLICY-ENGINE-20-009 | DOPE0103 | | ENGINE-27-002 | TODO | | SPRINT_124_policy_reasoning | Policy + Observability Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-27-001 | POLICY-ENGINE-27-001 | DOPE0103 | | ENGINE-29-001 | TODO | | SPRINT_124_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-27-004 | POLICY-ENGINE-27-004 | DOPE0103 | | ENGINE-29-002 | TODO | | SPRINT_124_policy_reasoning | Policy + Findings Ledger Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-29-001 | POLICY-ENGINE-29-001 | DOPE0103 | | ENGINE-29-003 | TODO | | SPRINT_125_policy_reasoning | Policy + SBOM Service Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-29-002 | POLICY-ENGINE-29-002 | DOPE0103 | | ENGINE-29-004 | TODO | | SPRINT_125_policy_reasoning | Policy + Observability Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-29-003 | POLICY-ENGINE-29-003 | DOPE0103 | | ENGINE-30-001 | TODO | | SPRINT_125_policy_reasoning | Policy + Cartographer Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-29-004 | POLICY-ENGINE-29-004 | DOPE0103 | | ENGINE-30-002 | TODO | | SPRINT_125_policy_reasoning | Policy + Cartographer Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-30-001 | POLICY-ENGINE-30-001 | DOPE0103 | | ENGINE-30-003 | TODO | | SPRINT_125_policy_reasoning | Policy + Scheduler Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-30-002 | POLICY-ENGINE-30-002 | DOPE0103 | | ENGINE-30-101 | TODO | | SPRINT_125_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-30-003 | POLICY-ENGINE-30-003 | DOPE0103 | | ENGINE-31-001 | TODO | | SPRINT_125_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-30-101 | POLICY-ENGINE-30-101 | DOPE0104 | | ENGINE-31-002 | TODO | | SPRINT_125_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-31-001 | POLICY-ENGINE-31-001 | DOPE0104 | | ENGINE-32-101 | TODO | | SPRINT_125_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-31-002 | POLICY-ENGINE-31-002 | DOPE0104 | | ENGINE-33-101 | TODO | | SPRINT_125_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-32-101 | POLICY-ENGINE-32-101 | DOPE0104 | | ENGINE-34-101 | TODO | | SPRINT_125_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-33-101 | POLICY-ENGINE-33-101 | DOPE0104 | | ENGINE-35-201 | TODO | | SPRINT_125_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-34-101 | POLICY-ENGINE-34-101 | DOPE0104 | | ENGINE-38-201 | TODO | | SPRINT_125_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-35-201 | POLICY-ENGINE-35-201 | DOPE0104 | | ENGINE-40-001 | TODO | | SPRINT_125_policy_reasoning | Policy + Concelier Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-38-201 | POLICY-ENGINE-38-201 | DOPE0104 | | ENGINE-40-002 | TODO | | SPRINT_125_policy_reasoning | Policy + Excititor Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-40-001 | POLICY-ENGINE-40-001 | DOPE0104 | | ENGINE-40-003 | TODO | | SPRINT_126_policy_reasoning | Policy + Web Scanner Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-40-002 | POLICY-ENGINE-40-002 | DOPE0104 | | ENGINE-401-003 | TODO | | SPRINT_401_reachability_evidence_chain | Policy Guild (`src/Policy/StellaOps.Policy.Engine`, `docs/modules/policy/architecture.md`) | `src/Policy/StellaOps.Policy.Engine`, `docs/modules/policy/architecture.md` | Reachability/forensics appendix referencing DORC0101. | — | DOPE0105 | | ENGINE-50-001 | TODO | | SPRINT_126_policy_reasoning | Policy + Platform Security / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-40-003 | POLICY-ENGINE-40-003 | DOPE0105 | | ENGINE-50-002 | TODO | | SPRINT_126_policy_reasoning | Policy + Runtime Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-50-001 | POLICY-ENGINE-50-001 | DOPE0105 | | ENGINE-50-003 | TODO | | SPRINT_126_policy_reasoning | Policy + Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-50-002 | POLICY-ENGINE-50-002 | DOPE0105 | | ENGINE-50-004 | TODO | | SPRINT_126_policy_reasoning | Policy + Platform Events Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-50-003 | POLICY-ENGINE-50-003 | DOPE0105 | | ENGINE-50-005 | TODO | | SPRINT_126_policy_reasoning | Policy + Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-50-004 | POLICY-ENGINE-50-004 | DOPE0105 | | ENGINE-50-006 | TODO | | SPRINT_126_policy_reasoning | Policy + QA Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-50-005 | POLICY-ENGINE-50-005 | DOPE0105 | | ENGINE-50-007 | TODO | | SPRINT_126_policy_reasoning | Policy + Scheduler Worker Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-50-006 | POLICY-ENGINE-50-006 | DOPE0105 | | ENGINE-60-001 | TODO | | SPRINT_126_policy_reasoning | Policy + SBOM Service Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-50-007 | POLICY-ENGINE-50-007 | DOPE0105 | | ENGINE-60-002 | TODO | | SPRINT_126_policy_reasoning | Policy + BE-Base Platform Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-60-001 | POLICY-ENGINE-60-001 | DOPE0105 | | ENGINE-66-001 | TODO | | SPRINT_129_policy_reasoning | Risk Engine Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Baseline collections + indexes doc. | — | DORG0101 | | ENGINE-66-002 | TODO | | SPRINT_129_policy_reasoning | Risk Engine Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-66-001 | RISK-ENGINE-66-001 | DORG0101 | | ENGINE-67-001 | TODO | | SPRINT_129_policy_reasoning | Risk + Concelier Guilds / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-66-002 | RISK-ENGINE-66-002 | DORG0101 | | ENGINE-67-002 | TODO | | SPRINT_129_policy_reasoning | Risk + Excititor Guilds / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-67-001 | RISK-ENGINE-67-001 | DORG0101 | | ENGINE-67-003 | TODO | | SPRINT_129_policy_reasoning | Risk + Policy Engine Guilds / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-67-002 | RISK-ENGINE-67-002 | DORG0101 | | ENGINE-68-001 | TODO | | SPRINT_129_policy_reasoning | Risk + Findings Ledger Guilds / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-67-003 | RISK-ENGINE-67-003 | DORG0101 | | ENGINE-68-002 | TODO | | SPRINT_129_policy_reasoning | Risk + API Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-68-001 | RISK-ENGINE-68-001 | DORG0101 | | ENGINE-69-001 | TODO | | SPRINT_129_policy_reasoning | Risk + Policy Studio Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-68-002 | RISK-ENGINE-68-002 | DORG0101 | | ENGINE-69-002 | TODO | | SPRINT_129_policy_reasoning | Risk + Observability Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-69-001 | RISK-ENGINE-69-001 | DORG0101 | | ENGINE-70-001 | TODO | | SPRINT_129_policy_reasoning | Risk + Export Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-69-002 | RISK-ENGINE-69-002 | DORG0101 | | ENGINE-70-002 | TODO | | SPRINT_126_policy_reasoning | Policy + Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-60-002 | POLICY-ENGINE-60-002 | DOPE0106 | | ENGINE-70-003 | TODO | | SPRINT_126_policy_reasoning | Policy + Runtime Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-70-002 | POLICY-ENGINE-70-002 | DOPE0106 | | ENGINE-70-004 | TODO | | SPRINT_126_policy_reasoning | Policy + Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-70-003 | POLICY-ENGINE-70-003 | DOPE0106 | | ENGINE-70-005 | TODO | | SPRINT_126_policy_reasoning | Policy + Scheduler Worker Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-70-004 | POLICY-ENGINE-70-004 | DOPE0106 | | ENGINE-80-001 | TODO | | SPRINT_126_policy_reasoning | Policy + Signals Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-70-005 | POLICY-ENGINE-70-005 | DOPE0106 | | ENGINE-80-002 | TODO | | SPRINT_127_policy_reasoning | Policy + Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-80-001 | POLICY-ENGINE-80-001 | DOPE0106 | | ENGINE-80-003 | TODO | | SPRINT_127_policy_reasoning | Policy + Policy Editor Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-80-002 | POLICY-ENGINE-80-002 | DOPE0106 | | ENGINE-80-004 | TODO | | SPRINT_127_policy_reasoning | Policy + Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-80-003 | POLICY-ENGINE-80-003 | DOPE0106 | | ENGINE-DOCS-0001 | TODO | | SPRINT_325_docs_modules_policy | Docs Guild (docs/modules/policy) | docs/modules/policy | Refresh module overview + governance ladder. | — | DOPE0107 | | ENGINE-ENG-0001 | TODO | | SPRINT_325_docs_modules_policy | Module Team (docs/modules/policy) | docs/modules/policy | Capture engineering guidelines + acceptance tests. | — | DOPE0107 | | ENGINE-OPS-0001 | TODO | | SPRINT_325_docs_modules_policy | Ops Guild (docs/modules/policy) | docs/modules/policy | Operations runbook (deploy/rollback) pointer. | — | DOPE0107 | | ENTROPY-186-011 | TODO | | SPRINT_186_record_deterministic_execution | Scanner Guild · Provenance Guild | `src/Scanner/StellaOps.Scanner.Worker`, `src/Scanner/__Libraries` | SCANNER-ENTRYTRACE-18-508 | SCANNER-ENTRYTRACE-18-508 | SCDE0101 | | ENTROPY-186-012 | TODO | | SPRINT_186_record_deterministic_execution | Scanner Guild · Provenance Guild | `src/Scanner/StellaOps.Scanner.WebService`, `docs/replay/DETERMINISTIC_REPLAY.md` | ENTROPY-186-011 | ENTROPY-186-011 | SCDE0102 | | ENTROPY-40-001 | TODO | | SPRINT_209_ui_i | UI Guild | src/UI/StellaOps.UI | ENTROPY-186-011 | ENTROPY-186-011 | UIDO0101 | | ENTROPY-40-002 | TODO | | SPRINT_209_ui_i | UI Guild · Policy Guild | src/UI/StellaOps.UI | ENTROPY-40-001 & ENTROPY-186-012 | ENTROPY-40-001 | UIDO0101 | | ENTROPY-70-004 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Scanner Guild | docs/modules/scanner/determinism.md | ENTROPY-186-011/012 | ENTROPY-186-011/012 | DOSC0102 | | ENTRYTRACE-18-502 | TODO | | SPRINT_135_scanner_surface | EntryTrace Guild · Scanner Surface Guild | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | SCANNER-ENTRYTRACE-18-508 | SCANNER-ENTRYTRACE-18-508 | SCET0101 | | ENTRYTRACE-18-503 | TODO | | SPRINT_135_scanner_surface | EntryTrace Guild · Scanner Surface Guild | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | ENTRYTRACE-18-502 | ENTRYTRACE-18-502 | SCET0101 | | ENTRYTRACE-18-504 | TODO | | SPRINT_136_scanner_surface | EntryTrace Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace) | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | SCANNER-ENTRYTRACE-18-503 | SCANNER-ENTRYTRACE-18-503 | SCSS0102 | | ENTRYTRACE-18-505 | TODO | | SPRINT_136_scanner_surface | EntryTrace Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace) | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | SCANNER-ENTRYTRACE-18-504 | SCANNER-ENTRYTRACE-18-504 | SCSS0102 | | ENTRYTRACE-18-506 | TODO | | SPRINT_136_scanner_surface | EntryTrace Guild · Scanner WebService Guild | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | ENTRYTRACE-18-505 | ENTRYTRACE-18-505 | SCET0101 | | ENV-01 | DONE | 2025-11-13 | SPRINT_136_scanner_surface | Scanner Guild, Zastava Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | | | SCEN0101 | | ENV-02 | DOING (2025-11-02) | 2025-11-02 | SPRINT_136_scanner_surface | Scanner Guild · Zastava Guild | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | SURFACE-ENV-01 | SURFACE-ENV-01 | SCEN0101 | | ENV-03 | TODO | | SPRINT_136_scanner_surface | BuildX Plugin Guild | src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin | SCANNER-ENV-02 | SCANNER-ENV-02 | SCBX0101 | | ENV-04 | TODO | | SPRINT_136_scanner_surface | Zastava Guild · Scanner Env Guild | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | SURFACE-ENV-02 | SURFACE-ENV-02 | SCEN0101 | | ENV-05 | TODO | | SPRINT_136_scanner_surface | Ops Guild · Scanner Env Guild | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | SURFACE-ENV-03 & SURFACE-ENV-04 | SURFACE-ENV-03; SURFACE-ENV-04 | SCEN0101 | | EVENTS-16-301 | BLOCKED (2025-10-26) | 2025-10-26 | SPRINT_136_scanner_surface | Scanner WebService Guild (`src/Scanner/StellaOps.Scanner.WebService`) | src/Scanner/StellaOps.Scanner.WebService | SCDE0102 landing | SCDE0102 landing | SCEV0101 | | EVID-CRYPTO-90-001 | TODO | | SPRINT_160_export_evidence | Evidence Locker + Security Guilds (`src/EvidenceLocker/StellaOps.EvidenceLocker`) | src/EvidenceLocker/StellaOps.EvidenceLocker | Evidence Locker + Security Guilds · `ICryptoProviderRegistry` integration | ATEL0101 contracts | EVEC0101 | | EVID-OBS-54-002 | TODO | | SPRINT_161_evidencelocker | Evidence Locker Guild (`src/EvidenceLocker/StellaOps.EvidenceLocker`) | `src/EvidenceLocker/StellaOps.EvidenceLocker` | Finalize deterministic bundle packaging + DSSE layout per `docs/modules/evidence-locker/bundle-packaging.md`, ensuring parity with portable/incident modes. | EVID-CRYPTO-90-001 | EVEC0101 | | EVID-REPLAY-187-001 | TODO | | SPRINT_160_export_evidence | Evidence Locker Guild · docs/modules/evidence-locker/architecture.md | docs/modules/evidence-locker/architecture.md | Evidence Locker Guild · docs/modules/evidence-locker/architecture.md | EVID-CRYPTO-90-001 | EVEC0101 | | EXC-25-001 | TODO | | SPRINT_202_cli_ii | DevEx/CLI Guild (`src/Cli/StellaOps.Cli`) | src/Cli/StellaOps.Cli | DOOR0102 APIs | DOOR0102 APIs | CLEX0101 | | EXC-25-002 | TODO | | SPRINT_202_cli_ii | DevEx/CLI Guild (`src/Cli/StellaOps.Cli`) | src/Cli/StellaOps.Cli | EXC-25-001 | EXC-25-001 | CLEX0101 | | EXC-25-003 | TODO | | SPRINT_209_ui_i | UI Guild (`src/UI/StellaOps.UI`) | src/UI/StellaOps.UI | DOOR0102 APIs | DOOR0102 APIs | UIEX0101 | | EXC-25-004 | TODO | | SPRINT_209_ui_i | UI Guild (`src/UI/StellaOps.UI`) | src/UI/StellaOps.UI | EXC-25-003 | EXC-25-003 | UIEX0101 | | EXC-25-005 | TODO | | SPRINT_209_ui_i | UI + Accessibility Guilds (`src/UI/StellaOps.UI`) | src/UI/StellaOps.UI | EXC-25-003 | EXC-25-003 | UIEX0101 | | EXC-25-006 | TODO | | SPRINT_303_docs_tasks_md_iii | Docs Guild · DevEx Guild | docs/modules/excititor | CLEX0101 CLI updates | CLEX0101 CLI updates | DOEX0101 | | EXC-25-007 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · DevOps Guild | docs/modules/excititor | UIEX0101 console outputs | UIEX0101 console outputs | DOEX0101 | | EXCITITOR-AIAI-31-001 | DONE | 2025-11-09 | SPRINT_110_ingestion_evidence | Excititor Web/Core Guilds | | Normalised VEX justification projections shipped. | | EXWK0101 | | EXCITITOR-AIAI-31-002 | TODO | | SPRINT_110_ingestion_evidence | Excititor Web/Core Guilds | | Chunk API waiting on schema + ingest agreements. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ELOCKER-CONTRACT-2001 | EXAI0101 | | EXCITITOR-AIAI-31-003 | TODO | | SPRINT_110_ingestion_evidence | Excititor Observability Guild | | Telemetry/guardrail metrics follow chunk API. | EXCITITOR-AIAI-31-002 | EXAI0101 | | EXCITITOR-AIAI-31-004 | TODO | | SPRINT_110_ingestion_evidence | Docs Guild · Excititor Guild | | Docs/OpenAPI alignment queued behind chunk API finalisation. | EXCITITOR-AIAI-31-002 | EXAI0101 | | EXCITITOR-AIRGAP-56 | TODO | | SPRINT_110_ingestion_evidence | Excititor Guild · AirGap Guilds | | Air-gap + connector parity depend on schema + attestation readiness. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | EXAG0101 | | EXCITITOR-AIRGAP-56-001 | TODO | | SPRINT_119_excititor_i | Excititor Core Guild (`src/Excititor/__Libraries/StellaOps.Excititor.Core`) | src/Excititor/__Libraries/StellaOps.Excititor.Core | Wire mirror bundle ingestion paths that preserve upstream digests, bundle IDs, and provenance metadata exactly so offline Advisory-AI/Lens deployments can replay evidence with AOC parity. | EXCITITOR-AIRGAP-56 | EXAG0101 | | EXCITITOR-AIRGAP-57 | TODO | | SPRINT_110_ingestion_evidence | Excititor Guild · AirGap Guilds | | Same as -56 plus Evidence Locker | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | EXAG0101 | | EXCITITOR-AIRGAP-57-001 | TODO | | SPRINT_119_excititor_i | Excititor AirGap Policy Guild (`src/Excititor/__Libraries/StellaOps.Excititor.Core`) | src/Excititor/__Libraries/StellaOps.Excititor.Core | Enforce sealed-mode policies that disable external connectors, emit actionable remediation errors, and record staleness annotations that Advisory AI can surface as “evidence freshness” signals. Depends on EXCITITOR-AIRGAP-56-001. | EXCITITOR-AIRGAP-57 | EXAG0101 | | EXCITITOR-AIRGAP-58 | TODO | | SPRINT_110_ingestion_evidence | Excititor Guild · AirGap Guilds | | Same upstream | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | EXAG0101 | | EXCITITOR-AIRGAP-58-001 | TODO | | SPRINT_119_excititor_i | Excititor Core + Evidence Locker Guilds | src/Excititor/__Libraries/StellaOps.Excititor.Core | Package tenant-scoped VEX evidence (raw JSON, normalization diff, provenance) into portable bundles tied to timeline events so Advisory AI can hydrate contexts in sealed environments. Depends on EXCITITOR-AIRGAP-57-001. | EXCITITOR-AIRGAP-58 | EXAG0101 | | EXCITITOR-ATTEST-01-003 | TODO | | SPRINT_110_ingestion_evidence | Excititor Guild | | Attestation payload ordering awaiting sequencing session. | EXCITITOR-AIAI-31-002; ELOCKER-CONTRACT-2001 | EXAT0101 | | EXCITITOR-ATTEST-73-001 | TODO | | SPRINT_119_excititor_i | Excititor Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Emit attestation payloads that capture supplier identity, justification summary, and scope metadata so downstream Lens/Policy jobs can chain trust without Excititor interpreting the evidence. Depends on EXCITITOR-ATTEST-01-003. | EXCITITOR-ATTEST-01-003 | EXAT0101 | | EXCITITOR-ATTEST-73-002 | TODO | | SPRINT_119_excititor_i | Excititor Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Provide APIs that link attestation IDs back to observation/linkset/product tuples, enabling Advisory AI to cite provenance without any derived verdict. Depends on EXCITITOR-ATTEST-73-001. | EXCITITOR-ATTEST-73-001 | EXAT0101 | | EXCITITOR-CONN-SUSE-01-003 | TODO | | SPRINT_120_excititor_ii | Excititor Guild (SUSE connector) | src/Excititor/__Libraries/StellaOps.Excititor.Connectors.SUSE.RancherVEXHub | DONE (2025-11-09) – Emit provider trust configuration (signer fingerprints, trust tier notes) into the raw provenance envelope so downstream VEX Lens/Policy components can weigh issuers. Connector must not apply weighting or consensus inside ingestion. | EXCITITOR-CONN-SUSE-01-002; EXCITITOR-POLICY-01-001 | EXCN0101 | | EXCITITOR-CONN-TRUST-01-001 | TODO | | SPRINT_110_ingestion_evidence | Excititor Guild · AirGap Guilds | | ATTEST-PLAN-2001 | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | EXCN0101 | | EXCITITOR-CONN-UBUNTU-01-003 | TODO | | SPRINT_120_excititor_ii | Excititor Guild (Ubuntu connector) | src/Excititor/__Libraries/StellaOps.Excititor.Connectors.Ubuntu.CSAF | DONE (2025-11-09) – Emit Ubuntu signing metadata (GPG fingerprints, issuer trust tier) inside raw provenance artifacts so downstream Policy/VEX Lens consumers can weigh issuers. Connector must remain aggregation-only with no inline weighting. | EXCITITOR-CONN-UBUNTU-01-002 | EXCN0101 | | EXCITITOR-CONSOLE-23-001 | TODO | | SPRINT_120_excititor_ii | Excititor Guild · Docs Guild | src/Excititor/StellaOps.Excititor.WebService | Expose `/console/vex` endpoints returning grouped VEX statements per advisory/component with status chips, justification metadata, precedence trace pointers, and tenant-scoped filters for Console explorer. Dependencies: EXCITITOR-LNM-21-201, EXCITITOR-LNM-21-202. | DOCN0101 | EXCO0101 | | EXCITITOR-CONSOLE-23-002 | TODO | | SPRINT_120_excititor_ii | Excititor Guild | src/Excititor/StellaOps.Excititor.WebService | Provide aggregated counts for VEX overrides (new, not_affected, revoked) powering Console dashboard + live status ticker; emit metrics for policy explain integration. Dependencies: EXCITITOR-CONSOLE-23-001, EXCITITOR-LNM-21-203. | EXCITITOR-CONSOLE-23-001 | EXCO0101 | | EXCITITOR-CONSOLE-23-003 | TODO | | SPRINT_120_excititor_ii | Excititor Guild | src/Excititor/StellaOps.Excititor.WebService | Deliver rapid lookup endpoints of VEX by advisory/component for Console global search; ensure response includes provenance and precedence context; include caching and RBAC. Dependencies: EXCITITOR-CONSOLE-23-001. | EXCITITOR-CONSOLE-23-001 | EXCO0101 | | EXCITITOR-CORE-AOC-19-002 | TODO | | SPRINT_120_excititor_ii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Implement deterministic extraction of advisory IDs, component PURLs, and references into `linkset`, capturing reconciled-from metadata for traceability. | Link-Not-Merge schema | EXCA0101 | | EXCITITOR-CORE-AOC-19-003 | TODO | | SPRINT_120_excititor_ii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Enforce `(vendor, upstreamId, contentHash, tenant)` uniqueness, generate supersedes chains, and ensure append-only versioning of raw VEX documents. Dependencies: EXCITITOR-CORE-AOC-19-002. | EXCITITOR-CORE-AOC-19-002 | EXCA0101 | | EXCITITOR-CORE-AOC-19-004 | TODO | | SPRINT_120_excititor_ii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Excise consensus/merge/severity logic from Excititor ingestion paths, updating exports/tests to rely on Policy Engine materializations instead. Dependencies: EXCITITOR-CORE-AOC-19-003. | EXCITITOR-CORE-AOC-19-003 | EXCA0101 | | EXCITITOR-CORE-AOC-19-013 | TODO | | SPRINT_120_excititor_ii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Update Excititor smoke/e2e suites to seed tenant-aware Authority clients and ensure cross-tenant VEX ingestion is rejected. Dependencies: EXCITITOR-CORE-AOC-19-004. | EXCITITOR-CORE-AOC-19-004 | EXCA0101 | | EXCITITOR-CRYPTO-90-001 | TODO | | SPRINT_124_excititor_vi | WebService + Security Guilds | src/Excititor/StellaOps.Excititor.WebService | Replace ad-hoc hashing/signing in connectors/exporters/OpenAPI discovery with `ICryptoProviderRegistry` implementations approved by security so evidence verification stays deterministic across crypto profiles. | ATEL0101 | EXWS0101 | | EXCITITOR-DOCS-0001 | DOING (2025-10-29) | 2025-10-29 | SPRINT_333_docs_modules_excititor | Docs Guild | docs/modules/excititor | See ./AGENTS.md | — | DOEX0102 | | EXCITITOR-ENG-0001 | TODO | | SPRINT_333_docs_modules_excititor | Module Team · Docs Guild | docs/modules/excititor | Update status via ./AGENTS.md workflow | DOEX0101 evidence | DOEX0102 | | EXCITITOR-GRAPH-21-001 | TODO | 2025-10-27 | SPRINT_120_excititor_ii | Excititor Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Provide batched VEX/advisory reference fetches keyed by graph node PURLs so UI inspector can display raw documents and justification metadata. | Link-Not-Merge schema | EXGR0101 | | EXCITITOR-GRAPH-21-002 | TODO | 2025-10-27 | SPRINT_120_excititor_ii | Excititor Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Ensure overlay metadata includes VEX justification summaries and document versions for Cartographer overlays; update fixtures/tests. Dependencies: EXCITITOR-GRAPH-21-001. | EXCITITOR-GRAPH-21-001 | EXGR0101 | | EXCITITOR-GRAPH-21-005 | TODO | 2025-10-27 | SPRINT_120_excititor_ii | Excititor Guild | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo | Add indexes/materialized views for VEX lookups by PURL/policy to support Cartographer inspector performance; document migrations. Dependencies: EXCITITOR-GRAPH-21-002. | EXCITITOR-GRAPH-21-002 | EXGR0101 | | EXCITITOR-GRAPH-24-101 | TODO | | SPRINT_120_excititor_ii | Excititor Guild | src/Excititor/StellaOps.Excititor.WebService | Provide endpoints delivering VEX status summaries per component/asset for Vuln Explorer integration. Dependencies: EXCITITOR-GRAPH-21-005. | EXCITITOR-GRAPH-21-002 | EXGR0101 | | EXCITITOR-GRAPH-24-102 | TODO | | SPRINT_120_excititor_ii | Excititor Guild | src/Excititor/StellaOps.Excititor.WebService | Add batch VEX observation retrieval optimized for Graph overlays/tooltips. Dependencies: EXCITITOR-GRAPH-24-101. | EXCITITOR-GRAPH-24-101 | EXGR0101 | | EXCITITOR-LNM-21-001 | TODO | | SPRINT_121_excititor_iii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo | Stand up `vex_observations` and `vex_linksets` collections with shard keys, tenant guards, and migrations that retire any residual merge-era data without mutating raw content. | Link-Not-Merge schema | EXLN0101 | | EXCITITOR-LNM-21-002 | TODO | | SPRINT_121_excititor_iii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Capture disagreement metadata (status + justification deltas) directly inside linksets with confidence scores so downstream consumers can highlight conflicts without Excititor choosing winners. Depends on EXCITITOR-LNM-21-001. | EXCITITOR-LNM-21-001 | EXLN0101 | | EXCITITOR-LNM-21-003 | TODO | | SPRINT_121_excititor_iii | Excititor Core + Platform Events Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Emit `vex.linkset.updated` events and describe payload shape (observation ids, confidence, conflict summary) so Policy/Lens/UI can subscribe while Excititor stays aggregation-only. Depends on EXCITITOR-LNM-21-002. | EXCITITOR-LNM-21-002 | EXLN0101 | | EXCITITOR-LNM-21-201 | TODO | | SPRINT_121_excititor_iii | Excititor WebService Guild | src/Excititor/StellaOps.Excititor.WebService | Ship `/vex/observations` read endpoints with filters for advisory/product/issuer, strict RBAC, and deterministic pagination (no derived verdict fields). Depends on EXCITITOR-LNM-21-003. | EXCITITOR-LNM-21-001 | EXLN0101 | | EXCITITOR-LNM-21-202 | TODO | | SPRINT_121_excititor_iii | Excititor WebService Guild | src/Excititor/StellaOps.Excititor.WebService | Provide `/vex/linksets` + export endpoints that surface alias mappings, conflict markers, and provenance proofs exactly as stored; errors must map to `ERR_AGG_*`. Depends on EXCITITOR-LNM-21-201. | EXCITITOR-LNM-21-201 | EXLN0101 | | EXCITITOR-LNM-21-203 | TODO | | SPRINT_121_excititor_iii | Excititor WebService Guild | src/Excititor/StellaOps.Excititor.WebService | Update OpenAPI, SDK smoke tests, and documentation to cover the new observation/linkset endpoints with realistic examples Advisory AI/Lens teams can rely on. Depends on EXCITITOR-LNM-21-202. | EXCITITOR-LNM-21-202 | EXLN0101 | | EXCITITOR-OBS-51-001 | TODO | | SPRINT_121_excititor_iii | Excititor Core Guild · DevOps Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Publish ingest latency, scope resolution success, conflict rate, and signature verification metrics plus SLO burn alerts so we can prove Excititor meets the AOC “evidence freshness” mission. | Wait for 046_TLTY0101 span schema | EXOB0101 | | EXCITITOR-OBS-52-001 | TODO | | SPRINT_122_excititor_iv | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Emit `timeline_event` entries for every ingest/linkset change with trace IDs, justification summaries, and evidence hashes so downstream systems can replay the raw facts chronologically. Depends on EXCITITOR-OBS-51-001. | Needs #1 merged for correlation IDs | EXOB0101 | | EXCITITOR-OBS-53-001 | TODO | | SPRINT_122_excititor_iv | Excititor Core Guild · Evidence Locker Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Build locker payloads (raw doc, normalization diff, provenance) and Merkle manifests so sealed-mode sites can audit evidence without Excititor reinterpreting it. Depends on EXCITITOR-OBS-52-001. | Blocked on Evidence Locker DSSE hooks (002_ATEL0101) | EXOB0101 | | EXCITITOR-OBS-54-001 | TODO | | SPRINT_122_excititor_iv | Excititor Core Guild · Provenance Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Attach DSSE attestations to every evidence batch, verify chains via Provenance tooling, and surface attestation IDs on timeline events. Depends on EXCITITOR-OBS-53-001. | Requires provenance schema from 005_ATLN0101 | EXOB0101 | | EXCITITOR-OPS-0001 | TODO | | SPRINT_333_docs_modules_excititor | Ops Guild · Docs Guild | docs/modules/excititor | Sync outcomes back to ../.. | DOEX0101 runbooks | DOEX0102 | | EXCITITOR-ORCH-32-001 | TODO | | SPRINT_122_excititor_iv | Excititor Worker Guild (`src/Excititor/StellaOps.Excititor.Worker`) | src/Excititor/StellaOps.Excititor.Worker | Adopt the orchestrator worker SDK for Excititor jobs, emitting heartbeats/progress/artifact hashes so ingestion remains deterministic and restartable without reprocessing evidence. | DOOR0102 APIs | EXWS0101 | | EXCITITOR-ORCH-33-001 | TODO | | SPRINT_122_excititor_iv | Excititor Worker Guild (`src/Excititor/StellaOps.Excititor.Worker`) | src/Excititor/StellaOps.Excititor.Worker | Honor orchestrator pause/throttle/retry commands, persist checkpoints, and classify error outputs to keep ingestion safe under outages. Depends on EXCITITOR-ORCH-32-001. | EXCITITOR-ORCH-32-001 | EXWS0101 | | EXCITITOR-POLICY-20-001 | TODO | | SPRINT_122_excititor_iv | WebService Guild | src/Excititor/StellaOps.Excititor.WebService | Provide VEX lookup APIs (PURL/advisory batching, scope filters, tenant enforcement) that Policy Engine uses to join evidence without Excititor performing any verdict logic. Depends on EXCITITOR-AOC-20-004. | DOLN0101 | EXWS0101 | | EXCITITOR-POLICY-20-002 | TODO | | SPRINT_122_excititor_iv | Excititor Core Guild (src/Excititor/__Libraries/StellaOps.Excititor.Core) | src/Excititor/__Libraries/StellaOps.Excititor.Core | Enhance linksets with scope resolution + version range metadata so Policy/Reachability can reason about applicability while Excititor continues to report only raw context. Depends on EXCITITOR-POLICY-20-001. | | EXWK0101 | | EXCITITOR-RISK-66-001 | TODO | | SPRINT_122_excititor_iv | Excititor Core Guild · Risk Engine Guild (`src/Excititor/__Libraries/StellaOps.Excititor.Core`) | src/Excititor/__Libraries/StellaOps.Excititor.Core | Publish risk-engine ready feeds (status, justification, provenance) with zero derived severity so gating services can reference Excititor as a source of truth. Depends on EXCITITOR-POLICY-20-002. | CONCELIER-GRAPH-21-001/002 | EXRS0101 | | EXCITITOR-STORE-AOC-19-001 | TODO | | SPRINT_123_excititor_v | Storage Guild (`src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo`) | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo | Ship Mongo JSON Schema + validator tooling (including Offline Kit instructions) so operators can prove Excititor stores only immutable evidence. | Link-Not-Merge schema | EXSM0101 | | EXCITITOR-STORE-AOC-19-002 | TODO | | SPRINT_123_excititor_v | Storage + DevOps Guilds (`src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo`) | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo | Create unique indexes, run migrations/backfills, and document rollback steps for the new schema validator. Depends on EXCITITOR-STORE-AOC-19-001. | STORE-AOC-19-001 | EXSM0101 | | EXCITITOR-VEXLENS-30-001 | TODO | | SPRINT_123_excititor_v | Excititor WebService Guild · VEX Lens Guild | src/Excititor/StellaOps.Excititor.WebService | Ensure every observation exported to VEX Lens carries issuer hints, signature blobs, product tree snippets, and staleness metadata so the lens can compute consensus without calling back into Excititor. | — | PLVL0103 | | EXCITITOR-VULN-29-001 | TODO | | SPRINT_123_excititor_v | Excititor WebService Guild (`src/Excititor/StellaOps.Excititor.WebService`) | src/Excititor/StellaOps.Excititor.WebService | Canonicalize advisory/product keys (map to `advisory_key`, capture scope metadata) while preserving original identifiers in `links[]`; run backfill + regression tests. | EXWS0101 | EXVN0101 | | EXCITITOR-VULN-29-002 | TODO | | SPRINT_123_excititor_v | Excititor WebService Guild | src/Excititor/StellaOps.Excititor.WebService | Provide `/vuln/evidence/vex/{advisory_key}` returning tenant-scoped raw statements, provenance, and attestation references for Vuln Explorer evidence tabs. Depends on EXCITITOR-VULN-29-001. | EXCITITOR-VULN-29-001 | EXVN0101 | | EXCITITOR-VULN-29-004 | TODO | | SPRINT_123_excititor_v | Excititor WebService + Observability Guilds | src/Excititor/StellaOps.Excititor.WebService | Add metrics/logs for normalization errors, suppression scopes, withdrawn statements, and feed them to Vuln Explorer + Advisory AI dashboards. Depends on EXCITITOR-VULN-29-002. | EXCITITOR-VULN-29-001 | EXVN0101 | | EXCITITOR-WEB-AIRGAP-58-001 | TODO | | SPRINT_124_excititor_vi | WebService Guild · AirGap Guilds | src/Excititor/StellaOps.Excititor.WebService | Emit timeline events + audit logs for mirror bundle imports (bundle ID, scope, actor) and map sealed-mode violations to actionable remediation guidance. | EXAG0101 | EXWS0101 | | EXCITITOR-WEB-OAS-61-001 | TODO | | SPRINT_124_excititor_vi | WebService Guild | src/Excititor/StellaOps.Excititor.WebService | Implement `/.well-known/openapi` with spec version metadata plus standard error envelopes, then update controller/unit tests accordingly. | DOOR0102 | EXWS0101 | | EXCITITOR-WEB-OAS-62-001 | TODO | | SPRINT_124_excititor_vi | WebService Guild · API Governance | src/Excititor/StellaOps.Excititor.WebService | Publish curated examples for the new evidence/attestation/timeline endpoints, emit deprecation headers for legacy routes, and align SDK docs. Depends on EXCITITOR-WEB-OAS-61-001. | EXCITITOR-WEB-OAS-61-001 | EXWS0101 | | EXCITITOR-WEB-OBS-52-001 | TODO | | SPRINT_124_excititor_vi | Excititor WebService Guild | src/Excititor/StellaOps.Excititor.WebService | Provide SSE/WebSocket bridges for VEX timeline events with tenant filters, pagination anchors, and guardrails so downstream consoles can monitor raw evidence changes in real time. Depends on EXCITITOR-OBS-52-001. | Wait for 046_TLTY0101 span schema | EXOB0102 | | EXCITITOR-WEB-OBS-53-001 | TODO | | SPRINT_124_excititor_vi | Excititor WebService Guild · Evidence Locker Guild | src/Excititor/StellaOps.Excititor.WebService | Expose `/evidence/vex/*` endpoints that fetch locker bundles, enforce scopes, and surface verification metadata without synthesizing verdicts. Depends on EXCITITOR-WEB-OBS-52-001. | Requires Evidence Locker DSSE API (002_ATEL0101) | EXOB0102 | | EXCITITOR-WEB-OBS-54-001 | TODO | | SPRINT_124_excititor_vi | Excititor WebService Guild | src/Excititor/StellaOps.Excititor.WebService | Add `/attestations/vex/*` endpoints returning DSSE verification state, builder identity, and chain-of-custody links so consumers never need direct datastore access. Depends on EXCITITOR-WEB-OBS-53-001. | Dependent on provenance schema (005_ATLN0101) | EXOB0102 | | EXCITOR-DOCS-0001 | DONE | 2025-11-07 | SPRINT_333_docs_modules_excititor | Docs Guild (docs/modules/excitor) | docs/modules/excitor | Validate that `docs/modules/excitor/README.md` matches the latest release notes and consensus beta notes. | | DOXR0101 | | EXCITOR-ENG-0001 | DONE | 2025-11-07 | SPRINT_333_docs_modules_excititor | Module Team (docs/modules/excitor) | docs/modules/excitor | Ensure the implementation plan sprint alignment table stays current with `SPRINT_200` updates. | | DOXR0101 | | EXCITOR-OPS-0001 | DONE | 2025-11-07 | SPRINT_333_docs_modules_excititor | Ops Guild (docs/modules/excitor) | docs/modules/excitor | Review runbooks/observability assets, adding the checklist captured in `docs/modules/excitor/mirrors.md`. | | DOXR0101 | | EXPLORER-DOCS-0001 | TODO | | SPRINT_334_docs_modules_vuln_explorer | Docs Guild | docs/modules/vuln-explorer | DOVL0101 outputs | DOVL0101 outputs | DOXR0101 | | EXPLORER-ENG-0001 | TODO | | SPRINT_334_docs_modules_vuln_explorer | Explorer Module Team | docs/modules/vuln-explorer | DOVL0102 | DOVL0102 | DOXR0101 | | EXPLORER-OPS-0001 | TODO | | SPRINT_334_docs_modules_vuln_explorer | Ops Guild | docs/modules/vuln-explorer | Explorer Ops runbooks | Explorer Ops runbooks | DOXR0101 | | EXPORT-35-001 | TODO | | SPRINT_121_policy_reasoning | Findings Ledger Guild (`src/Findings/StellaOps.Findings.Ledger`) | src/Findings/StellaOps.Findings.Ledger | PLLG010x ADRs | PLLG010x ADRs | EVFL0101 | | EXPORT-36-001 | TODO | | SPRINT_202_cli_ii | DevEx/CLI Guild (`src/Cli/StellaOps.Cli`) | src/Cli/StellaOps.Cli | Export API spec | Export API spec | EVCL0101 | | EXPORT-37-001 | TODO | | SPRINT_202_cli_ii | DevEx/CLI Guild (`src/Cli/StellaOps.Cli`) | src/Cli/StellaOps.Cli | EXPORT-36-001 | EXPORT-36-001 | EVCL0101 | | EXPORT-37-004 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild | | DOCN0101 | DOCN0101 | EVDO0101 | | EXPORT-37-005 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs + Export Guilds | | EXPORT-37-004 | EXPORT-37-004 | EVDO0101 | | EXPORT-37-101 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild | | EVCL0101 | EVCL0101 | EVDO0101 | | EXPORT-37-102 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild | | EXPORT-37-101 | EXPORT-37-101 | EVDO0101 | | EXPORT-AIRGAP-56-001 | TODO | | SPRINT_160_export_evidence | Exporter Service Guild · Mirror Guild | | Exporter + Mirror Creator + DevOps Guilds | Wait for Deployment bundle shape (068_AGDP0101) | AGEX0101 | | EXPORT-AIRGAP-56-002 | TODO | | SPRINT_160_export_evidence | Exporter Service Guild · DevOps Guild | | Depends on #1 artifacts | Depends on #1 artifacts | AGEX0101 | | EXPORT-AIRGAP-57-001 | TODO | | SPRINT_160_export_evidence | ExportCenter Guild (`src/ExportCenter/StellaOps.ExportCenter`) | src/ExportCenter/StellaOps.ExportCenter | Exporter Service + Evidence Locker Guild | EXAG0101 outputs | EVAH0101 | | EXPORT-AIRGAP-58-001 | TODO | | SPRINT_162_exportcenter_i | ExportCenter Guild · Notifications Guild | src/ExportCenter/StellaOps.ExportCenter | Emit notifications and timeline events when Mirror Bundles or Bootstrap packs are ready for transfer. Dependencies: EXPORT-AIRGAP-57-001. | EXPORT-AIRGAP-57-001 | EVAH0101 | | EXPORT-ATTEST-74-001 | TODO | | SPRINT_160_export_evidence | ExportCenter + Attestation Guilds | | Attestation Bundle + Exporter Guilds | ATEL0101 | EVAH0101 | | EXPORT-ATTEST-74-002 | TODO | | SPRINT_160_export_evidence | ExportCenter + Attestation Guilds | | EXPORT-ATTEST-74-001 | EXPORT-ATTEST-74-001 | EVAH0101 | | EXPORT-ATTEST-75-001 | TODO | | SPRINT_160_export_evidence | ExportCenter + CLI Guilds | | Attestation Bundle + CLI + Exporter Guilds | EXPORT-ATTEST-74-001 | EVAH0101 | | EXPORT-ATTEST-75-002 | TODO | | SPRINT_160_export_evidence | ExportCenter + CLI Guilds | | EXPORT-ATTEST-75-001 | EXPORT-ATTEST-75-001 | EVAH0101 | | EXPORT-CONSOLE-23-001 | TODO | | SPRINT_123_policy_reasoning | Policy Guild, Scheduler Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Build evidence bundle/export generator producing signed manifests, CSV/JSON replay endpoints, and trace attachments; integrate with scheduler jobs and expose progress telemetry | | EVOA0101 | | EXPORT-CRYPTO-90-001 | TODO | | SPRINT_160_export_evidence | ExportCenter + Security Guilds (`src/ExportCenter/StellaOps.ExportCenter`) | src/ExportCenter/StellaOps.ExportCenter | Exporter Service + Security Guilds | Security review | EVOA0101 | | EXPORT-OAS-61 | TODO | | SPRINT_160_export_evidence | ExportCenter + API Governance | | Exporter Service + API Governance + SDK Guilds | OAS spec finalization | EVOA0101 | | EXPORT-OAS-61-001 | TODO | | SPRINT_162_exportcenter_i | ExportCenter + API Contracts Guild | src/ExportCenter/StellaOps.ExportCenter | Update Exporter OAS covering profiles, runs, downloads, devportal exports with standard error envelope and examples. | EXPORT-OAS-61 | EVOA0101 | | EXPORT-OAS-61-002 | TODO | | SPRINT_162_exportcenter_i | ExportCenter + API Guild | src/ExportCenter/StellaOps.ExportCenter | Provide `/.well-known/openapi` discovery endpoint with version metadata and ETag. Dependencies: EXPORT-OAS-61-001. | EXPORT-OAS-61 | EVOA0101 | | EXPORT-OAS-62 | TODO | | SPRINT_160_export_evidence | ExportCenter + API Governance | | EXPORT-OAS-61 | EXPORT-OAS-61 | EVOA0101 | | EXPORT-OAS-62-001 | TODO | | SPRINT_162_exportcenter_i | ExportCenter + API Guilds (`src/ExportCenter/StellaOps.ExportCenter`) | src/ExportCenter/StellaOps.ExportCenter | Ensure SDKs include export profile/run clients with streaming download helpers; add smoke tests. Dependencies: EXPORT-OAS-61-002. | EVOA0101 outputs | EVOA0102 | | EXPORT-OAS-63 | TODO | | SPRINT_160_export_evidence | Exporter Service Guild · API Governance Guild | | Needs API governance sign-off (049_APIG0101) | Needs API governance sign-off (049_APIG0101) | AGEX0101 | | EXPORT-OAS-63-001 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild · SDK Guild | src/ExportCenter/StellaOps.ExportCenter | Implement deprecation headers and notifications for legacy export endpoints. Dependencies: EXPORT-OAS-62-001. | Requires #3 schema | AGEX0101 | | EXPORT-OBS-50-001 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild · Observability Guild | src/ExportCenter/StellaOps.ExportCenter | Adopt telemetry core in exporter service + workers, ensuring spans/logs capture profile id, tenant, artifact counts, distribution type, and trace IDs. | Wait for telemetry schema drop from 046_TLTY0101 | ECOB0101 | | EXPORT-OBS-51-001 | TODO | | SPRINT_110_ingestion_evidence | Exporter Guild · AirGap Time Guild · CLI Guild | | Downstream automation awaiting assembler staffing outcome. | PROGRAM-STAFF-1001 | ECOB0101 | | EXPORT-OBS-52-001 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild | src/ExportCenter/StellaOps.ExportCenter | Publish timeline events for export lifecycle (`export.requested`, `export.built`, `export.distributed`, `export.failed`) embedding manifest hashes and evidence refs. Provide dedupe + retry logic. Dependencies: EXPORT-OBS-51-001. | Requires shared middleware from task #1 | ECOB0101 | | EXPORT-OBS-53-001 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild · Evidence Locker Guild | src/ExportCenter/StellaOps.ExportCenter | Push export manifests + distribution transcripts to evidence locker bundles, ensuring Merkle root alignment and DSSE pre-sign data available. Dependencies: EXPORT-OBS-52-001. | Blocked on Evidence Locker DSSE API (002_ATEL0101) | ECOB0101 | | EXPORT-OBS-54-001 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild · Provenance Guild | src/ExportCenter/StellaOps.ExportCenter | Produce DSSE attestations for each export artifact and distribution target, expose verification API `/exports/{id}/attestation`, and integrate with CLI verify path. Dependencies: EXPORT-OBS-53-001. | PROGRAM-STAFF-1001; EXPORT-MIRROR-ORCH-1501 | ECOB0101 | | EXPORT-OBS-54-002 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild · Provenance Guild | src/ExportCenter/StellaOps.ExportCenter | Add promotion attestation assembly to export runs (compute SBOM/VEX digests, embed Rekor proofs, bundle DSSE envelopes) and ensure Offline Kit packaging includes the resulting JSON + DSSE envelopes. Dependencies: EXPORT-OBS-54-001, PROV-OBS-53-003. | Needs #5 for consistent dimensions | ECOB0101 | | EXPORT-OBS-55-001 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild · DevOps Guild | src/ExportCenter/StellaOps.ExportCenter | Add incident mode enhancements (extra tracing for slow exports, additional debug logs, retention bump). Emit incident activation events to timeline + notifier. Dependencies: EXPORT-OBS-54-001. | Requires DevOps alert templates (045_DVDO0103) | ECOB0101 | | EXPORT-RISK-69-001 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild · Risk Bundle Guild | src/ExportCenter/StellaOps.ExportCenter | Add Export Center job handler `risk-bundle` with provider selection, manifest signing, and audit logging. | Wait for Risk engine inputs (042_RPRC0101) | AGEX0101 | | EXPORT-RISK-69-002 | TODO | | SPRINT_163_exportcenter_ii | ExportCenter + Risk Guilds | src/ExportCenter/StellaOps.ExportCenter | Enable simulation report exports pulling scored data + explainability snapshots. Dependencies: EXPORT-RISK-69-001. | EXRS0101 outputs | EVRK0101 | | EXPORT-RISK-70-001 | TODO | | SPRINT_163_exportcenter_ii | ExportCenter + DevOps Guild | src/ExportCenter/StellaOps.ExportCenter | Integrate risk bundle builds into offline kit packaging with checksum verification. Dependencies: EXPORT-RISK-69-002. | EXPORT-RISK-69-002 | EVRK0101 | | EXPORT-SVC-35-001 | BLOCKED (2025-10-29) | 2025-10-29 | SPRINT_163_exportcenter_ii | ExportCenter Guild (`src/ExportCenter/StellaOps.ExportCenter`) | src/ExportCenter/StellaOps.ExportCenter | Bootstrap exporter service project, configuration, and Postgres migrations for `export_profiles`, `export_runs`, `export_inputs`, `export_distributions` with tenant scoping + tests. | Await EVFL0101 evidence feed | ESVC0101 | | EXPORT-SVC-35-002 | TODO | | SPRINT_163_exportcenter_ii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Implement planner + scope resolver translating filters into ledger iterators and orchestrator job payloads; include deterministic sampling and validation. Dependencies: EXPORT-SVC-35-001. | EXPORT-SVC-35-001 | ESVC0101 | | EXPORT-SVC-35-003 | TODO | | SPRINT_163_exportcenter_ii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Deliver JSON adapters (`json:raw`, `json:policy`) with canonical normalization, redaction allowlists, compression, and manifest counts. Dependencies: EXPORT-SVC-35-002. | EXPORT-SVC-35-001 | ESVC0101 | | EXPORT-SVC-35-004 | TODO | | SPRINT_163_exportcenter_ii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Build mirror (full) adapter producing filesystem layout, indexes, manifests, and README with download-only distribution. Dependencies: EXPORT-SVC-35-003. | EXPORT-SVC-35-002 | ESVC0101 | | EXPORT-SVC-35-005 | TODO | | SPRINT_163_exportcenter_ii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Implement manifest/provenance writer and KMS signing/attestation (detached + embedded) for bundle outputs. Dependencies: EXPORT-SVC-35-004. | EXPORT-SVC-35-003 | ESVC0101 | | EXPORT-SVC-35-006 | TODO | | SPRINT_164_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Expose Export API (profiles, runs, download, SSE updates) with audit logging, concurrency controls, and viewer/operator RBAC integration. Dependencies: EXPORT-SVC-35-005. | EXPORT-SVC-35-004 | ESVC0101 | | EXPORT-SVC-36-001 | TODO | | SPRINT_164_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Implement Trivy DB adapter (core) with schema mappings, version flag gating, and validation harness. Dependencies: EXPORT-SVC-35-006. | ESVC0101 outputs | ESVC0102 | | EXPORT-SVC-36-002 | TODO | | SPRINT_164_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Add Trivy Java DB variant with shared manifest entries and adapter regression tests. Dependencies: EXPORT-SVC-36-001. | EXPORT-SVC-36-001 | ESVC0102 | | EXPORT-SVC-36-003 | TODO | | SPRINT_164_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Build OCI distribution engine (manifests, descriptors, annotations) with registry auth support and retries. Dependencies: EXPORT-SVC-36-002. | EXPORT-SVC-36-001 | ESVC0102 | | EXPORT-SVC-36-004 | TODO | | SPRINT_164_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Extend planner/run lifecycle for distribution targets (OCI/object storage) with idempotent metadata updates and retention timestamps. Dependencies: EXPORT-SVC-36-003. | EXPORT-SVC-36-002 | ESVC0102 | | EXPORT-SVC-37-001 | TODO | | SPRINT_164_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Implement mirror delta adapter with base manifest comparison, change set generation, and content-addressed reuse. Dependencies: EXPORT-SVC-36-004. | EXPORT-SVC-35-006 | ESVC0102 | | EXPORT-SVC-37-002 | TODO | | SPRINT_164_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Add bundle encryption (age/AES-GCM), key wrapping via KMS, and verification tooling for encrypted outputs. Dependencies: EXPORT-SVC-37-001. | EXPORT-SVC-37-001 | ESVC0102 | | EXPORT-SVC-37-003 | TODO | | SPRINT_164_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Implement export scheduling (cron/event), retention pruning, retry idempotency, and failure classification. Dependencies: EXPORT-SVC-37-002. | EXPORT-SVC-37-002 | ESVC0103 | | EXPORT-SVC-37-004 | TODO | | SPRINT_164_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Provide verification API to stream manifests/hashes, compute hash+signature checks, and return attest status for CLI/UI. Dependencies: EXPORT-SVC-37-003. | EXPORT-SVC-37-003 | ESVC0103 | | EXPORT-SVC-43-001 | TODO | | SPRINT_164_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Integrate pack run manifests/artifacts into export bundles and CLI verification flows; expose provenance links. Dependencies: EXPORT-SVC-37-004. | EXPORT-SVC-37-004 | ESVC0103 | | EXPORT-TEN-48-001 | TODO | | SPRINT_164_exportcenter_iii | ExportCenter + Tenancy Guild | src/ExportCenter/StellaOps.ExportCenter | Prefix artifacts/manifests with tenant/project, enforce scope checks, and prevent cross-tenant exports unless explicitly whitelisted; update provenance. | EXPORT-SVC-37-004 | ESVC0103 | | FEEDCONN-CCCS-02-009 | TODO | | SPRINT_117_concelier_vi | Concelier Connector Guild – CCCS (src/Concelier/__Libraries/StellaOps.Concelier.Connector.Cccs) | src/Concelier/__Libraries/StellaOps.Concelier.Connector.Cccs | Emit CCCS version ranges into `advisory_observations.affected.versions[]` with provenance anchors (`cccs:{serial}:{index}`) and normalized comparison keys per the Link-Not-Merge schema/doc recipes. Depends on CONCELIER-LNM-21-001. | — | FEFC0101 | | FEEDCONN-CERTBUND-02-010 | TODO | | SPRINT_117_concelier_vi | Concelier Connector Guild – CertBund (src/Concelier/__Libraries/StellaOps.Concelier.Connector.CertBund) | src/Concelier/__Libraries/StellaOps.Concelier.Connector.CertBund | Translate CERT-Bund `product.Versions` phrases into normalized ranges + provenance identifiers (`certbund:{advisoryId}:{vendor}`) while retaining localisation notes; update mapper/tests for Link-Not-Merge. Depends on CONCELIER-LNM-21-001. | — | FEFC0101 | | FEEDCONN-CISCO-02-009 | DOING | 2025-11-08 | SPRINT_117_concelier_vi | Concelier Connector Guild – Cisco (src/Concelier/__Libraries/StellaOps.Concelier.Connector.Vndr.Cisco) | src/Concelier/__Libraries/StellaOps.Concelier.Connector.Vndr.Cisco | Emit Cisco SemVer ranges into the new observation schema with provenance IDs (`cisco:{productId}`) and deterministic comparison keys; refresh fixtures to remove merge counters. Depends on CONCELIER-LNM-21-001. | — | FEFC0101 | | FEEDCONN-ICSCISA-02-012 | BLOCKED | | SPRINT_110_ingestion_evidence | Concelier Feed Owners | | Overdue provenance refreshes require schedule from feed owners. | FEED-REMEDIATION-1001 | FEFC0101 | | FEEDCONN-KISA-02-008 | BLOCKED | | SPRINT_110_ingestion_evidence | Concelier Feed Owners | | FEED-REMEDIATION-1001 | FEED-REMEDIATION-1001 | FEFC0101 | | FORENSICS-53-001 | TODO | | SPRINT_202_cli_ii | Forensics Guild | src/Cli/StellaOps.Cli | Replay data set | Replay data set | FONS0101 | | FORENSICS-53-002 | TODO | | SPRINT_304_docs_tasks_md_iv | Forensics Guild | | FORENSICS-53-001 | FORENSICS-53-001 | FONS0101 | | FORENSICS-53-003 | TODO | | SPRINT_304_docs_tasks_md_iv | Forensics Guild | | FORENSICS-53-001 | FORENSICS-53-001 | FONS0101 | | FORENSICS-54-001 | TODO | | SPRINT_202_cli_ii | Forensics Guild | src/Cli/StellaOps.Cli | FORENSICS-53 outputs | FORENSICS-53 outputs | FONS0101 | | FORENSICS-54-002 | TODO | | SPRINT_202_cli_ii | Forensics Guild | src/Cli/StellaOps.Cli | FORENSICS-54-001 | FORENSICS-54-001 | FONS0101 | | FS-03 | TODO | | SPRINT_136_scanner_surface | Scanner Guild | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | SURFACE-FS-02 | SURFACE-FS-02 | SFFS0101 | | FS-04 | TODO | | SPRINT_136_scanner_surface | Scanner Guild | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | FS-03 | SURFACE-FS-02 | SFFS0101 | | FS-05 | TODO | | SPRINT_136_scanner_surface | Scanner Guild · Scheduler Guild | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | SURFACE-FS-03 | SURFACE-FS-03 | SFFS0101 | | FS-06 | TODO | | SPRINT_136_scanner_surface | Docs Guild | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | SURFACE-FS-02 | SURFACE-FS-02 | SFFS0101 | | FS-07 | TODO | | SPRINT_136_scanner_surface | Scanner Guild | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | SCANNER-SURFACE-04 | SCANNER-SURFACE-04 | SFFS0101 | | GAP-DOC-008 | TODO | | SPRINT_401_reachability_evidence_chain | Docs Guild | `docs/reachability/function-level-evidence.md`, `docs/09_API_CLI_REFERENCE.md`, `docs/api/policy.md` | Publish the cross-module function-level evidence guide, update API/CLI references with the new `code_id` fields, and add OpenVEX/replay samples under `samples/reachability/**`. | DOAG0101 outputs | GAPG0101 | | GAP-POL-005 | TODO | | SPRINT_401_reachability_evidence_chain | Policy Guild · Docs Guild | `src/Policy/StellaOps.Policy.Engine`, `docs/modules/policy/architecture.md`, `docs/reachability/function-level-evidence.md` | Ingest reachability facts into Policy Engine, expose `reachability.state/confidence` in SPL/API, enforce auto-suppress (<0.30) rules, and generate OpenVEX evidence blocks referencing graph hashes + runtime facts with policy thresholds. | GAP-DOC-008 | GAPG0101 | | GAP-REP-004 | TODO | | SPRINT_401_reachability_evidence_chain | Docs Guild | `src/__Libraries/StellaOps.Replay.Core`, `docs/replay/DETERMINISTIC_REPLAY.md` | Enforce BLAKE3 hashing + CAS registration for graphs/traces before manifest writes, upgrade replay manifest v2 with analyzer versions/policy thresholds, and add deterministic tests. | GAP-DOC-008 | GAPG0101 | | GAP-SCAN-001 | TODO | | SPRINT_400_runtime_facts_static_callgraph_union | Scanner Guild · GAP Guild | `src/Scanner/StellaOps.Scanner.Worker`, `docs/modules/scanner/architecture.md`, `docs/reachability/function-level-evidence.md` | Implement binary/language symbolizers that emit `richgraph-v1` payloads with canonical `SymbolID = {file:hash, section, addr, name, linkage}` plus `code_id` anchors, persist graphs to CAS via `StellaOps.Scanner.Reachability`, and refresh analyzer docs/fixtures. | GAP-POL-005 | GAPG0101 | | GAP-SIG-003 | TODO | | SPRINT_401_reachability_evidence_chain | Security Guild · GAP Guild | `src/Signals/StellaOps.Signals`, `docs/reachability/function-level-evidence.md` | Finish `/signals/runtime-facts` ingestion, add CAS-backed runtime storage, extend scoring to lattice states (`Unknown/NotPresent/Unreachable/Conditional/Reachable/Observed`), and emit `signals.fact.updated` events. Document retention/RBAC. | GAP-POL-005 | GAPG0101 | | GAP-SYM-007 | TODO | | SPRINT_401_reachability_evidence_chain | Docs Guild | `src/Scanner/StellaOps.Scanner.Models`, `docs/modules/scanner/architecture.md`, `docs/reachability/function-level-evidence.md` | Extend reachability evidence schema/DTOs with demangled symbol hints, `symbol.source`, confidence, and optional `code_block_hash`; ensure Scanner SBOM/evidence writers and CLI serializers emit the new fields deterministically. | GAP-SIG-003 | GAPG0101 | | GAP-VEX-006 | TODO | | SPRINT_401_reachability_evidence_chain | VEX Guild | `docs/modules/excititor/architecture.md`, `src/Cli/StellaOps.Cli`, `src/UI/StellaOps.UI`, `docs/09_API_CLI_REFERENCE.md` | Wire Policy/Excititor/UI/CLI surfaces so VEX emission and explain drawers show call paths, graph hashes, and runtime hits; add CLI `--evidence=graph`/`--threshold` plus Notify template updates. | GAP-POL-005 | GAPG0101 | | GAP-ZAS-002 | TODO | | SPRINT_400_runtime_facts_static_callgraph_union | Zastava Guild | `src/Zastava/StellaOps.Zastava.Observer`, `docs/modules/zastava/architecture.md`, `docs/reachability/function-level-evidence.md` | Stream runtime NDJSON batches carrying `{symbol_id, code_id, hit_count, loader_base}` plus CAS URIs, capture build-ids/entrypoints, and draft the operator runbook (`docs/runbooks/reachability-runtime.md`). Integrate with `/signals/runtime-facts` once Sprint 401 lands ingestion. | GAP-SCAN-001 | GAPG0101 | | GO-32-001 | TODO | | SPRINT_153_orchestrator_iii | Worker SDK Guild (`src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go`) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | DOOR0102 APIs | DOOR0102 APIs | GOSD0101 | | GO-32-002 | TODO | | SPRINT_153_orchestrator_iii | Worker SDK Guild | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | GO-32-001 | GO-32-001 | GOSD0101 | | GO-33-001 | TODO | | SPRINT_153_orchestrator_iii | Worker SDK Guild | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | GO-32-002 | GO-32-002 | GOSD0101 | | GO-33-002 | TODO | | SPRINT_153_orchestrator_iii | Worker SDK Guild | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | GO-33-001 | GO-33-001 | GOSD0101 | | GO-34-001 | TODO | | SPRINT_153_orchestrator_iii | Worker SDK Guild | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | GO-33-002 | GO-33-002 | GOSD0101 | | GRAPH-21-001 | TODO | | SPRINT_136_scanner_surface | Scanner WebService Guild | src/Scanner/StellaOps.Scanner.WebService | Link-Not-Merge schema | Link-Not-Merge schema | GRSC0101 | | GRAPH-21-002 | BLOCKED (2025-10-27) | 2025-10-27 | SPRINT_113_concelier_ii | Concelier Core Guild · Scanner Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | GRAPH-21-001 | GRAPH-21-001 | GRSC0101 | | GRAPH-21-003 | TODO | 2025-10-27 | SPRINT_213_web_ii | Scanner WebService Guild | src/Web/StellaOps.Web | GRAPH-21-001 | GRAPH-21-001 | GRSC0101 | | GRAPH-21-004 | TODO | 2025-10-27 | SPRINT_213_web_ii | Scanner WebService Guild | src/Web/StellaOps.Web | GRAPH-21-002 | GRAPH-21-002 | GRSC0101 | | GRAPH-21-005 | BLOCKED (2025-10-27) | 2025-10-27 | SPRINT_120_excititor_ii | Excititor Storage Guild | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo | GRAPH-21-002 | GRAPH-21-002 | GRSC0101 | | GRAPH-24-001 | TODO | | SPRINT_209_ui_i | UI Guild (`src/UI/StellaOps.UI`) | src/UI/StellaOps.UI | GRSC0101 outputs | GRSC0101 outputs | GRUI0101 | | GRAPH-24-002 | TODO | | SPRINT_209_ui_i | UI Guild | src/UI/StellaOps.UI | GRAPH-24-001 | GRAPH-24-001 | GRUI0101 | | GRAPH-24-003 | TODO | | SPRINT_209_ui_i | UI Guild | src/UI/StellaOps.UI | GRAPH-24-001 | GRAPH-24-001 | GRUI0101 | | GRAPH-24-004 | TODO | | SPRINT_209_ui_i | UI Guild | src/UI/StellaOps.UI | GRAPH-24-002 | GRAPH-24-002 | GRUI0101 | | GRAPH-24-005 | TODO | | SPRINT_304_docs_tasks_md_iv | UI Guild | | GRAPH-24-003 | GRAPH-24-003 | GRUI0101 | | GRAPH-24-006 | TODO | | SPRINT_209_ui_i | UI Guild | src/UI/StellaOps.UI | GRAPH-24-004 | GRAPH-24-004 | GRUI0101 | | GRAPH-24-007 | TODO | | SPRINT_304_docs_tasks_md_iv | UI Guild | | GRAPH-24-005 | GRAPH-24-005 | GRUI0101 | | GRAPH-24-101 | TODO | | SPRINT_113_concelier_ii | UI Guild | src/Concelier/StellaOps.Concelier.WebService | GRAPH-24-001 | GRAPH-24-001 | GRUI0101 | | GRAPH-24-102 | TODO | | SPRINT_120_excititor_ii | UI Guild | src/Excititor/StellaOps.Excititor.WebService | GRAPH-24-101 | GRAPH-24-101 | GRUI0101 | | GRAPH-28-102 | TODO | | SPRINT_113_concelier_ii | Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | GRAPI0101 | | GRAPH-API-28-001 | TODO | | SPRINT_207_graph | Graph API Guild (src/Graph/StellaOps.Graph.Api) | src/Graph/StellaOps.Graph.Api | Define OpenAPI + JSON schema for graph search/query/paths/diff/export endpoints, including cost metadata and streaming tile schema. | — | ORGR0101 | | GRAPH-API-28-002 | TODO | | SPRINT_207_graph | Graph API Guild (src/Graph/StellaOps.Graph.Api) | src/Graph/StellaOps.Graph.Api | Implement `/graph/search` with multi-type index lookup, prefix/exact match, RBAC enforcement, and result ranking + caching. Dependencies: GRAPH-API-28-001. | — | ORGR0101 | | GRAPH-API-28-003 | TODO | | SPRINT_207_graph | Graph API Guild (src/Graph/StellaOps.Graph.Api) | src/Graph/StellaOps.Graph.Api | Build query planner + cost estimator for `/graph/query`, stream tiles (nodes/edges/stats) progressively, enforce budgets, provide cursor tokens. Dependencies: GRAPH-API-28-002. | — | ORGR0101 | | GRAPH-API-28-004 | TODO | | SPRINT_207_graph | Graph API Guild (src/Graph/StellaOps.Graph.Api) | src/Graph/StellaOps.Graph.Api | Implement `/graph/paths` with depth ≤6, constraint filters, heuristic shortest path search, and optional policy overlay rendering. Dependencies: GRAPH-API-28-003. | — | ORGR0101 | | GRAPH-API-28-005 | TODO | | SPRINT_207_graph | Graph API Guild (src/Graph/StellaOps.Graph.Api) | src/Graph/StellaOps.Graph.Api | Implement `/graph/diff` streaming added/removed/changed nodes/edges between SBOM snapshots; include overlay deltas and policy/VEX/advisory metadata. Dependencies: GRAPH-API-28-004. | — | ORGR0101 | | GRAPH-API-28-006 | TODO | | SPRINT_207_graph | Graph API Guild (src/Graph/StellaOps.Graph.Api) | src/Graph/StellaOps.Graph.Api | Consume Policy Engine overlay contract (`POLICY-ENGINE-30-001..003`) and surface advisory/VEX/policy overlays with caching, partial materialization, and explain trace sampling for focused nodes. Dependencies: GRAPH-API-28-005. | — | ORGR0101 | | GRAPH-API-28-007 | TODO | | SPRINT_207_graph | Graph API Guild (`src/Graph/StellaOps.Graph.Api`) | src/Graph/StellaOps.Graph.Api | Implement exports (`graphml`, `csv`, `ndjson`, `png`, `svg`) with async job management, checksum manifests, and streaming downloads. Dependencies: GRAPH-API-28-006. | ORGR0101 outputs | GRAPI0101 | | GRAPH-API-28-008 | TODO | | SPRINT_207_graph | Graph API + Authority Guilds | src/Graph/StellaOps.Graph.Api | Integrate RBAC scopes (`graph:read`, `graph:query`, `graph:export`), tenant headers, audit logging, and rate limiting. Dependencies: GRAPH-API-28-007. | GRAPH-API-28-007 | GRAPI0101 | | GRAPH-API-28-009 | TODO | | SPRINT_207_graph | Graph API + Observability Guilds | src/Graph/StellaOps.Graph.Api | Instrument metrics (`graph_tile_latency_seconds`, `graph_query_budget_denied_total`, `graph_overlay_cache_hit_ratio`), structured logs, and traces per query stage; publish dashboards. Dependencies: GRAPH-API-28-008. | GRAPH-API-28-007 | GRAPI0101 | | GRAPH-API-28-010 | TODO | | SPRINT_207_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Build unit/integration/load tests with synthetic datasets (500k nodes/2M edges), fuzz query validation, verify determinism across runs. Dependencies: GRAPH-API-28-009. | GRAPH-API-28-008 | GRAPI0101 | | GRAPH-API-28-011 | TODO | | SPRINT_207_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Provide deployment manifests, offline kit support, API gateway integration docs, and smoke tests. Dependencies: GRAPH-API-28-010. | GRAPH-API-28-009 | GRAPI0101 | | GRAPH-CAS-401-001 | TODO | | SPRINT_401_reachability_evidence_chain | Scanner Worker Guild | `src/Scanner/StellaOps.Scanner.Worker` | Finalize richgraph schema (`richgraph-v1`), emit canonical SymbolIDs, compute graph hash (BLAKE3), and store CAS manifests under `cas://reachability/graphs/{sha256}`. Update Scanner Worker adapters + fixtures. | Depends on #1 | CASC0101 | | GRAPH-DOCS-0001 | DONE (2025-11-05) | 2025-11-05 | SPRINT_321_docs_modules_graph | Docs Guild | docs/modules/graph | Validate that graph module README/diagrams reflect the latest overlay + snapshot updates. | GRAPI0101 evidence | GRDG0101 | | GRAPH-DOCS-0002 | TODO | 2025-11-05 | SPRINT_321_docs_modules_graph | Docs Guild | docs/modules/graph | Pending DOCS-GRAPH-24-003 to add API/query doc cross-links | GRAPI0101 outputs | GRDG0101 | | GRAPH-ENG-0001 | TODO | | SPRINT_321_docs_modules_graph | Module Team | docs/modules/graph | Keep module milestones in sync with `/docs/implplan/SPRINT_141_graph.md` and related files. | GRSC0101 | GRDG0101 | | GRAPH-INDEX-28-007 | TODO | | SPRINT_140_runtime_signals | — | | Clustering/centrality jobs queued behind Scanner surface analyzer artifacts; design work complete but implementation held. | — | ORGR0101 | | GRAPH-INDEX-28-008 | TODO | | SPRINT_140_runtime_signals | — | | Incremental update/backfill pipeline depends on 28-007 artifacts; retry/backoff plumbing sketched but blocked. | — | ORGR0101 | | GRAPH-INDEX-28-009 | TODO | | SPRINT_140_runtime_signals | — | | Test/fixture/chaos coverage waits on earlier jobs to exist so determinism checks have data. | — | ORGR0101 | | GRAPH-INDEX-28-010 | TODO | | SPRINT_140_runtime_signals | — | | Packaging/offline bundles paused until upstream graph jobs are available to embed. | — | ORGR0101 | | GRAPH-INDEX-28-011 | TODO | 2025-11-04 | SPRINT_207_graph | Graph Index Guild | src/Graph/StellaOps.Graph.Indexer | Wire SBOM ingest runtime to emit graph snapshot artifacts, add DI factory helpers, and document Mongo/snapshot environment guidance. Dependencies: GRAPH-INDEX-28-002..006. | GRSC0101 outputs | GRIX0101 | | GRAPH-OPS-0001 | TODO | | SPRINT_321_docs_modules_graph | Ops Guild | docs/modules/graph | Review graph observability dashboards/runbooks after the next sprint demo. | GRUI0101 | GRDG0101 | | HELM-45-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild (ops/deployment) | ops/deployment | | | GRIX0101 | | HELM-45-002 | TODO | | SPRINT_502_ops_deployment_ii | Deployment Guild, Security Guild (ops/deployment) | ops/deployment | Add TLS/Ingress, NetworkPolicy, PodSecurityContexts, Secrets integration (external secrets), and document security posture. Dependencies: HELM-45-001. | | GRIX0101 | | HELM-45-003 | TODO | | SPRINT_502_ops_deployment_ii | Deployment Guild, Observability Guild (ops/deployment) | ops/deployment | Implement HPA, PDB, readiness gates, Prometheus scraping annotations, OTel configuration hooks, and upgrade hooks. Dependencies: HELM-45-002. | | GRIX0101 | | ICSCISA-02-012 | BLOCKED | | SPRINT_110_ingestion_evidence | Concelier Feed Owners (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | src/Concelier/__Libraries/StellaOps.Concelier.Core | FEED-REMEDIATION-1001 | FEED-REMEDIATION-1001 | CCFD0101 | | IMP-56-001 | TODO | | SPRINT_510_airgap | AirGap Importer Guild | src/AirGap/StellaOps.AirGap.Importer | Harden base importer pipeline. | EXAG0101 | GRIX0101 | | IMP-56-002 | TODO | | SPRINT_510_airgap | AirGap Importer + Security Guilds | src/AirGap/StellaOps.AirGap.Importer | IMP-56-001 | IMP-56-001 | IMIM0101 | | IMP-57-001 | TODO | | SPRINT_510_airgap | AirGap Importer Guild | src/AirGap/StellaOps.AirGap.Importer | IMP-56-002 | IMP-56-002 | IMIM0101 | | IMP-57-002 | TODO | | SPRINT_510_airgap | AirGap Importer + DevOps Guilds | src/AirGap/StellaOps.AirGap.Importer | IMP-57-001 | IMP-57-001 | IMIM0101 | | IMP-58-001 | TODO | | SPRINT_510_airgap | AirGap Importer + CLI Guilds | src/AirGap/StellaOps.AirGap.Importer | IMP-57-002 | IMP-57-002 | IMIM0101 | | IMP-58-002 | TODO | | SPRINT_510_airgap | AirGap Importer + Observability Guilds | src/AirGap/StellaOps.AirGap.Importer | IMP-58-001 | IMP-58-001 | IMIM0101 | | IMPACT-16-001 | TODO | | SPRINT_512_bench | Bench Guild (`src/Bench/StellaOps.Bench`) | src/Bench/StellaOps.Bench | Harden impact scoring + fixtures. | GRSC0101 outputs | IMIM0101 | | IMPACT-16-303 | TODO | | SPRINT_155_scheduler_i | Scheduler ImpactIndex Guild (`src/Scheduler/__Libraries/StellaOps.Scheduler.ImpactIndex`) | src/Scheduler/__Libraries/StellaOps.Scheduler.ImpactIndex | IMPACT-16-001 | IMPACT-16-001 | IMPT0101 | | INDEX-28-007 | TODO | | SPRINT_140_runtime_signals | Graph Index Guild | src/Graph/StellaOps.Graph.Indexer | GRAPH-INDEX-28-011 | GRAPH-INDEX-28-011 | GRIX0101 | | INDEX-28-008 | TODO | | SPRINT_140_runtime_signals | Graph Index Guild | src/Graph/StellaOps.Graph.Indexer | INDEX-28-007 | INDEX-28-007 | GRIX0101 | | INDEX-28-009 | TODO | | SPRINT_140_runtime_signals | Graph Index Guild | src/Graph/StellaOps.Graph.Indexer | INDEX-28-008 | INDEX-28-008 | GRIX0101 | | INDEX-28-010 | TODO | | SPRINT_140_runtime_signals | Graph Indexer Guild (src/Graph/StellaOps.Graph.Indexer) | src/Graph/StellaOps.Graph.Indexer | | INDEX-28-009 | GRIX0101 | | INDEX-28-011 | DONE | 2025-11-04 | SPRINT_207_graph | Graph Indexer Guild (src/Graph/StellaOps.Graph.Indexer) | src/Graph/StellaOps.Graph.Indexer | | INDEX-28-010 | GRIX0101 | | INDEX-401-030 | TODO | | SPRINT_401_reachability_evidence_chain | Platform + Ops Guilds | `docs/provenance/inline-dsse.md`, `ops/mongo/indices/events_provenance_indices.js` | Needs Ops approval for new Mongo index | Needs Ops approval for new Mongo index | RBRE0101 | | INGEST-401-013 | TODO | | SPRINT_401_reachability_evidence_chain | Symbols Guild · DevOps Guild (`src/Symbols/StellaOps.Symbols.Ingestor.Cli`) | `src/Symbols/StellaOps.Symbols.Ingestor.Cli`, `docs/specs/SYMBOL_MANIFEST_v1.md` | Implement deterministic ingest + docs. | RBRE0101 inline DSSE | IMPT0101 | | INLINE-401-028 | DONE | | SPRINT_401_reachability_evidence_chain | Authority Guild · Feedser Guild (`docs/provenance/inline-dsse.md`, `src/__Libraries/StellaOps.Provenance.Mongo`) | `docs/provenance/inline-dsse.md`, `src/__Libraries/StellaOps.Provenance.Mongo` | | | INST0101 | | INSTALL-44-001 | TODO | | SPRINT_305_docs_tasks_md_v | Docs Guild · Ops Guild | | DOIS0101 outputs | DOIS0101 outputs | INST0101 | | INSTALL-45-001 | TODO | | SPRINT_305_docs_tasks_md_v | Docs Guild · Ops Guild | | INSTALL-44-001 | INSTALL-44-001 | INST0101 | | INSTALL-46-001 | TODO | | SPRINT_305_docs_tasks_md_v | Docs Guild · Security Guild | | INSTALL-45-001 | INSTALL-45-001 | INST0101 | | INSTALL-50-001 | TODO | | SPRINT_305_docs_tasks_md_v | Docs Guild · Support Guild | | INSTALL-44-001 | INSTALL-44-001 | INST0101 | | KEV providers` | TODO | | SPRINT_115_concelier_iv | Concelier Core + Risk Engine Guilds (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | src/Concelier/__Libraries/StellaOps.Concelier.Core | Surface vendor-provided CVSS/KEV/fix data exactly as published (with provenance anchors) through provider APIs so risk engines can reason about upstream intent. | ICSCISA-02-012 | CCFD0101 | | KISA-02-008 | BLOCKED | | SPRINT_110_ingestion_evidence | Concelier Feed Owners | | | FEED-REMEDIATION-1001 | LATC0101 | | KMS-73-001 | DONE (2025-11-03) | 2025-11-03 | SPRINT_100_identity_signing | KMS Guild (src/__Libraries/StellaOps.Cryptography.Kms) | src/__Libraries/StellaOps.Cryptography.Kms | AWS/GCP KMS drivers landed with digest-first signing, metadata caching, config samples, and docs/tests green. | AWS/GCP KMS drivers landed with digest-first signing, metadata caching, config samples, and docs/tests green. | KMSI0102 | | KMS-73-002 | DONE (2025-11-03) | 2025-11-03 | SPRINT_100_identity_signing | KMS Guild (src/__Libraries/StellaOps.Cryptography.Kms) | src/__Libraries/StellaOps.Cryptography.Kms | PKCS#11 + FIDO2 drivers shipped (deterministic digesting, authenticator factories, DI extensions) with docs + xUnit fakes covering sign/verify/export flows. | FIDO2 | KMSI0102 | | LATTICE-401-023 | TODO | | SPRINT_401_reachability_evidence_chain | Scanner Guild · Policy Guild | `docs/reachability/lattice.md`, `docs/modules/scanner/architecture.md`, `src/Scanner/StellaOps.Scanner.WebService` | Update reachability/lattice docs + examples. | GRSC0101 & RBRE0101 | LEDG0101 | | LEDGER-29-007 | TODO | | SPRINT_120_policy_reasoning | Findings Ledger Guild (`src/Findings/StellaOps.Findings.Ledger`) | src/Findings/StellaOps.Findings.Ledger | Instrument metrics | LEDGER-29-006 | PLLG0101 | | LEDGER-29-008 | TODO | | SPRINT_120_policy_reasoning | Findings Ledger + QA Guild | src/Findings/StellaOps.Findings.Ledger | Develop unit/property/integration tests, replay/restore tooling, determinism harness, and load tests at 5M findings/tenant | LEDGER-29-007 | PLLG0101 | | LEDGER-29-009 | TODO | | SPRINT_120_policy_reasoning | Findings Ledger + DevOps Guild | src/Findings/StellaOps.Findings.Ledger | Provide deployment manifests | LEDGER-29-008 | PLLG0101 | | LEDGER-34-101 | TODO | | SPRINT_120_policy_reasoning | Findings Ledger Guild | src/Findings/StellaOps.Findings.Ledger | Link orchestrator run ledger exports into Findings Ledger provenance chain, index by artifact hash, and expose audit queries | LEDGER-29-009 | PLLG0101 | | LEDGER-AIRGAP-56 | TODO | | SPRINT_120_policy_reasoning | Findings Ledger + AirGap Guilds | | AirGap ledger schema. | PLLG0102 | PLLG0102 | | LEDGER-AIRGAP-56-001 | TODO | | SPRINT_120_policy_reasoning | Findings Ledger Guild | src/Findings/StellaOps.Findings.Ledger | Record bundle provenance (`bundle_id`, `merkle_root`, `time_anchor`) on ledger events for advisories/VEX/policies imported via Mirror Bundles | LEDGER-AIRGAP-56 | PLLG0102 | | LEDGER-AIRGAP-56-002 | TODO | | SPRINT_120_policy_reasoning | Findings Ledger + AirGap Time Guild | src/Findings/StellaOps.Findings.Ledger | Surface staleness metrics for findings and block risk-critical exports when stale beyond thresholds; provide remediation messaging | LEDGER-AIRGAP-56-001 | PLLG0102 | | LEDGER-AIRGAP-57 | TODO | | SPRINT_120_policy_reasoning | Findings Ledger Guild · AirGap Guilds · Evidence Locker Guild | | — | — | PLLG0102 | | LEDGER-AIRGAP-57-001 | TODO | | SPRINT_120_policy_reasoning | Findings Ledger Guild, Evidence Locker Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Link findings evidence snapshots to portable evidence bundles and ensure cross-enclave verification works | LEDGER-AIRGAP-56-002 | PLLG0102 | | LEDGER-AIRGAP-58-001 | TODO | | SPRINT_120_policy_reasoning | Findings Ledger Guild, AirGap Controller Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Emit timeline events for bundle import impacts | LEDGER-AIRGAP-57-001 | PLLG0102 | | LEDGER-ATTEST-73-001 | TODO | | SPRINT_120_policy_reasoning | Findings Ledger Guild, Attestor Service Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Persist pointers from findings to verification reports and attestation envelopes for explainability | — | PLLG0102 | | LEDGER-ATTEST-73-002 | TODO | | SPRINT_121_policy_reasoning | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Enable search/filter in findings projections by verification result and attestation status | LEDGER-ATTEST-73-001 | PLLG0102 | | LEDGER-EXPORT-35-001 | TODO | | SPRINT_121_policy_reasoning | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Provide paginated streaming endpoints for advisories, VEX, SBOMs, and findings aligned with export filters, including deterministic ordering and provenance metadata | — | PLLG0101 | | LEDGER-OAS-61-001 | TODO | | SPRINT_121_policy_reasoning | Findings Ledger Guild, API Contracts Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Expand Findings Ledger OAS to include projections, evidence lookups, and filter parameters with examples | — | PLLG0101 | | LEDGER-OAS-61-002 | TODO | | SPRINT_121_policy_reasoning | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Implement `/.well-known/openapi` endpoint and ensure version metadata matches release | LEDGER-OAS-61-001 | PLLG0101 | | LEDGER-OAS-62-001 | TODO | | SPRINT_121_policy_reasoning | Findings Ledger Guild, SDK Generator Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Provide SDK test cases for findings pagination, filtering, evidence links; ensure typed models expose provenance | LEDGER-OAS-61-002 | PLLG0101 | | LEDGER-OAS-63-001 | TODO | | SPRINT_121_policy_reasoning | Findings Ledger Guild, API Governance Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Support deprecation headers and Notifications for retiring finding endpoints | LEDGER-OAS-62-001 | PLLG0101 | | LEDGER-OBS-50-001 | TODO | | SPRINT_121_policy_reasoning | Findings Ledger Guild, Observability Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Integrate telemetry core within ledger writer/projector services, emitting structured logs and trace spans for ledger append, projector replay, and query APIs with tenant context | — | PLLG0102 | | LEDGER-OBS-51-001 | TODO | | SPRINT_121_policy_reasoning | Findings Ledger Guild, DevOps Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Publish metrics for ledger latency, projector lag, event throughput, and policy evaluation linkage. Define SLOs | LEDGER-OBS-50-001 | PLLG0102 | | LEDGER-OBS-52-001 | TODO | | SPRINT_121_policy_reasoning | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Emit timeline events for ledger writes and projector commits | LEDGER-OBS-51-001 | PLLG0103 | | LEDGER-OBS-53-001 | TODO | | SPRINT_121_policy_reasoning | Findings Ledger Guild, Evidence Locker Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Persist evidence bundle references | LEDGER-OBS-52-001 | PLLG0103 | | LEDGER-OBS-54-001 | TODO | | SPRINT_121_policy_reasoning | Findings Ledger Guild, Provenance Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Verify attestation references for ledger-derived exports; expose `/ledger/attestations` endpoint returning DSSE verification state and chain-of-custody summary | LEDGER-OBS-53-001 | PLLG0103 | | LEDGER-OBS-55-001 | TODO | | SPRINT_121_policy_reasoning | Findings Ledger Guild, DevOps Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Enhance incident mode to record additional replay diagnostics | LEDGER-OBS-54-001 | PLLG0103 | | LEDGER-PACKS-42-001 | TODO | | SPRINT_121_policy_reasoning | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Provide snapshot/time-travel APIs and digestable exports for task pack simulation and CLI offline mode | — | PLLG0103 | | LEDGER-RISK-66-001 | TODO | | SPRINT_121_policy_reasoning | Findings Ledger Guild, Risk Engine Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Add schema migrations for `risk_score`, `risk_severity`, `profile_version`, `explanation_id`, and supporting indexes | — | PLLG0103 | | LEDGER-RISK-66-002 | TODO | | SPRINT_121_policy_reasoning | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Implement deterministic upsert of scoring results keyed by finding hash/profile version with history audit | LEDGER-RISK-66-001 | PLLG0103 | | LEDGER-RISK-67-001 | TODO | | SPRINT_122_policy_reasoning | Findings Ledger Guild, Risk Engine Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Expose query APIs for scored findings with score/severity filters, pagination, and explainability links | LEDGER-RISK-66-002 | PLLG0103 | | LEDGER-RISK-68-001 | TODO | | SPRINT_122_policy_reasoning | Findings Ledger Guild, Export Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Enable export of scored findings and simulation results via Export Center integration | LEDGER-RISK-67-001 | PLLG0103 | | LEDGER-RISK-69-001 | TODO | | SPRINT_122_policy_reasoning | Findings Ledger Guild, Observability Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Emit metrics/dashboards for scoring latency, result freshness, severity distribution, provider gaps | LEDGER-RISK-68-001 | PLLG0103 | | LEDGER-TEN-48-001 | TODO | | SPRINT_122_policy_reasoning | Findings Ledger Guild · Tenancy Guild | src/Findings/StellaOps.Findings.Ledger | Partition ledger tables by tenant/project, enable RLS, update queries/events, and stamp audit metadata | LEDGER-29-009 | LEDG0101 | | LENS-ENG-0001 | TODO | | SPRINT_332_docs_modules_vex_lens | Module Team · Docs Guild | docs/modules/vex-lens | Engineering checklist. | DOVL0101 outputs | LEDG0101 | | LENS-OPS-0001 | TODO | | SPRINT_332_docs_modules_vex_lens | Ops Guild · Docs Guild | docs/modules/vex-lens | Ops/runbook guidance. | LENS-ENG-0001 | LEDG0101 | | LIB-401-001 | TODO | | SPRINT_401_reachability_evidence_chain | Policy Guild | `src/Policy/StellaOps.PolicyDsl`, `docs/policy/dsl.md` | Update DSL library + docs. | DOAL0101 references | LEDG0101 | | LIB-401-002 | TODO | | SPRINT_401_reachability_evidence_chain | Policy Guild · CLI Guild | `tests/Policy/StellaOps.PolicyDsl.Tests`, `policy/default.dsl`, `docs/policy/lifecycle.md` | Expand tests/fixtures. | LIB-401-001 | LEDG0101 | | LIB-401-020 | TODO | | SPRINT_401_reachability_evidence_chain | Policy Guild | `src/Attestor/StellaOps.Attestation`, `src/Attestor/StellaOps.Attestor.Envelope` | Publish CAS fixtures + determinism tests. | LIB-401-002 | LEDG0101 | | LIC-0001 | TODO | 2025-11-10 | SPRINT_138_scanner_ruby_parity | Legal Guild · Docs Guild | docs/modules/scanner | Refresh license notes. | SCANNER-ENG-0016 | LEDG0101 | | LNM-21-001 | TODO | | SPRINT_113_concelier_ii | CLI Guild (`src/Cli/StellaOps.Cli`) | src/Concelier/__Libraries/StellaOps.Concelier.Core | Implement baseline LNM CLI verb. | DOLN0101 schema | LENS0101 | | LNM-21-002 | TODO | | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Hash verification support. | LNM-21-001 | LENS0101 | | LNM-21-003 | TODO | | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Filtering options. | LNM-21-002 | LIBC0101 | | LNM-21-004 | TODO | | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Multi-bundle diff. | LNM-21-003 | LIBC0101 | | LNM-21-005 | TODO | | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Export packaging. | LNM-21-004 | LIBC0101 | | LNM-21-101 | TODO | | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | Deterministic tests. | LNM-21-001 | LIBC0101 | | LNM-21-102 | TODO | | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | LNM-21-101 | LNM-21-101 | LNMC0101 | | LNM-21-103 | TODO | | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | LNM-21-102 | LNM-21-102 | LNMC0101 | | LNM-21-201 | TODO | | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/StellaOps.Concelier.WebService | Bundle validation enhancements. | LNMC0101 outputs | LNMC0101 | | LNM-21-202 | TODO | | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/StellaOps.Concelier.WebService | Policy linking improvements. | LNM-21-201 | LNMC0101 | | LNM-21-203 | TODO | | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/StellaOps.Concelier.WebService | Export reporting. | LNM-21-202 | LNMC0101 | | LNM-22-001 | TODO | | SPRINT_202_cli_ii | CLI Guild | src/Cli/StellaOps.Cli | CLI/UI shared components. | DOLN0101 | LNMC0101 | | LNM-22-002 | TODO | | SPRINT_202_cli_ii | CLI Guild | src/Cli/StellaOps.Cli | Additional filters. | LNM-22-001 | LNMC0101 | | LNM-22-003 | TODO | | SPRINT_210_ui_ii | UI Guild (`src/UI/StellaOps.UI`) | src/UI/StellaOps.UI | UI ingestion view. | LNM-22-001 | LNMC0101 | | LNM-22-004 | TODO | | SPRINT_210_ui_ii | UI Guild | src/UI/StellaOps.UI | UI remediation workflow. | LNM-22-003 | IMPT0101 | | LNM-22-005 | BLOCKED (2025-10-27) | 2025-10-27 | SPRINT_305_docs_tasks_md_v | Docs + UI Guild | | Docs update for UI flows. | DOCS-LNM-22-004 | IMPT0101 | | LNM-22-007 | TODO | | SPRINT_305_docs_tasks_md_v | Docs Guild · Observability Guild | docs/modules/concelier/link-not-merge.md | Publish `/docs/observability/aggregation.md` with metrics/traces/logs/SLOs. Dependencies: DOCS-LNM-22-005. | DOCS-LNM-22-005 | DOLN0102 | | LNM-22-008 | DONE | 2025-11-03 | SPRINT_117_concelier_vi | Docs Guild · DevOps Guild | docs/modules/concelier/link-not-merge.md | Document Link-Not-Merge migration playbook updates in `docs/migration/no-merge.md`, including rollback guidance. | LNM-22-007 | DOLN0102 | | MIRROR-CRT-56-001 | TODO | | SPRINT_110_ingestion_evidence | Mirror Creator Guild | | Deterministic assembler has no owner; kickoff rescheduled to 2025-11-15. | PROGRAM-STAFF-1001 | ATMI0101 | | MIRROR-CRT-56-002 | TODO | | SPRINT_110_ingestion_evidence | Mirror Creator · Security Guilds | | DSSE/TUF metadata follows assembler baseline. | MIRROR-CRT-56-001; MIRROR-DSSE-REV-1501; PROV-OBS-53-001 | ATMI0101 | | MIRROR-CRT-57-001 | TODO | | SPRINT_110_ingestion_evidence | Mirror Creator Guild · AirGap Time Guild | | OCI/time-anchor workstreams blocked pending assembler + time contract. | MIRROR-CRT-56-001; AIRGAP-TIME-CONTRACT-1501; AIRGAP-TIME-57-001 | ATMI0101 | | MIRROR-CRT-57-002 | TODO | | SPRINT_110_ingestion_evidence | Mirror Creator Guild · AirGap Time Guild | | MIRROR-CRT-56-001; AIRGAP-TIME-CONTRACT-1501; AIRGAP-TIME-57-001 | MIRROR-CRT-56-001; AIRGAP-TIME-CONTRACT-1501; AIRGAP-TIME-57-001 | ATMI0101 | | MIRROR-CRT-58-001 | TODO | | SPRINT_110_ingestion_evidence | Mirror Creator Guild · CLI Guild · Exporter Guild | | CLI + Export automation depends on assembler and DSSE/TUF track. | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | ATMI0101 | | MIRROR-CRT-58-002 | TODO | | SPRINT_110_ingestion_evidence | Mirror Creator Guild · CLI Guild · Exporter Guild | | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | ATMI0101 | | MTLS-11-002 | DONE | 2025-11-08 | SPRINT_100_identity_signing | Authority Core & Security Guild | src/Authority/StellaOps.Authority | Refresh grants enforce original client cert, tokens persist `x5t#S256` metadata, docs updated. | AUTH-DPOP-11-001 | AUIN0102 | | NATIVE-401-015 | TODO | | SPRINT_401_reachability_evidence_chain | Scanner Worker Guild | `src/Scanner/__Libraries/StellaOps.Scanner.Symbols.Native`, `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph.Native` | Bootstrap Symbols.Native + CallGraph.Native scaffolding and coverage fixtures. | Needs replay requirements from DORR0101 | SCNA0101 | | NOTIFY-38-001 | TODO | | SPRINT_214_web_iii | BE-Base Platform Guild | src/Web/StellaOps.Web | Route approval/rule APIs through Web gateway with tenant scopes. | Wait for NOTY0103 approval payload schema | NOWB0101 | | NOTIFY-39-001 | TODO | | SPRINT_214_web_iii | BE-Base Platform Guild | src/Web/StellaOps.Web | Surface digest/simulation/quiet-hour controls in Web tier. | Needs correlation outputs from NOTY0105 | NOWB0101 | | NOTIFY-40-001 | TODO | | SPRINT_202_cli_ii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement escalations + ack workflows, localization previews, and channel health checks. | NOTIFY-39-001 | NOWC0101 | | NOTIFY-AIRGAP-56-002 | DONE | | SPRINT_170_notifications_telemetry | Notifications Service Guild · DevOps Guild | src/Notify/StellaOps.Notify | Ship AirGap-ready notifier bundles (Helm overlays, secrets templates, rollout guide). | MIRROR-CRT-56-001 | NOIA0101 | | NOTIFY-ATTEST-74-001 | DOING | | SPRINT_170_notifications_telemetry | Notifications Service Guild · Attestor Service Guild | src/Notify/StellaOps.Notify | Create attestor-driven notification templates + schema docs; publish in `/docs/notifications/templates.md`. | ATEL0101 | NOIA0101 | | NOTIFY-ATTEST-74-002 | DOING | | SPRINT_170_notifications_telemetry | Notifications Service Guild | src/Notify/StellaOps.Notify | Wire attestor DSSE payload ingestion + Task Runner callbacks for attestation verdicts. | NOTIFY-ATTEST-74-001 | NOIA0101 | | NOTIFY-DOC-70-001 | DONE | | SPRINT_170_notifications_telemetry | Notifications Service Guild · DevOps Guild | docs/modules/notify | Keep as reference for documentation/offline-kit parity. | NOTIFY-AIRGAP-56-002 | DONO0102 | | NOTIFY-DOCS-0001 | DONE | 2025-11-05 | SPRINT_322_docs_modules_notify | Docs Guild | docs/modules/notify | Validate module README reflects Notifications Studio pivot and latest release notes. | NOTIFY-DOC-70-001 | DONO0102 | | NOTIFY-DOCS-0002 | TODO | 2025-11-05 | SPRINT_322_docs_modules_notify | Docs Guild | docs/modules/notify | Pending NOTIFY-SVC-39-001..004 to document correlation/digests/simulation/quiet hours. | NOTIFY-SVC-39-004 | DONO0102 | | NOTIFY-ENG-0001 | TODO | | SPRINT_322_docs_modules_notify | Module Team | docs/modules/notify | Keep implementation milestones aligned with `/docs/implplan/SPRINT_171_notifier_i.md` onward. | NOTY0103 | DONO0102 | | NOTIFY-OAS-61-001 | DOING | | SPRINT_170_notifications_telemetry | Notifications Service Guild · API Governance Guild | docs/api/notifications | Update OpenAPI doc set (rule/incident endpoints) with new schemas + changelog. | NOTY0103 | NOOA0101 | | NOTIFY-OAS-61-002 | TODO | | SPRINT_171_notifier_i | Notifications Service Guild · SDK Guild | docs/api/notifications | Provide SDK usage examples for rule CRUD, incident ack, and quiet hours; ensure SDK smoke tests. | NOTIFY-OAS-61-001 | NOOA0101 | | NOTIFY-OAS-62-001 | TODO | | SPRINT_170_notifications_telemetry | Notifications Service Guild · Developer Portal Guild | docs/api/notifications | Publish `/docs/api/reference/notifications` auto-generated site; integrate with portal nav. | NOTIFY-OAS-61-002 | NOOA0101 | | NOTIFY-OAS-63-001 | TODO | | SPRINT_170_notifications_telemetry | Notifications Service Guild · SDK Generator Guild | docs/api/notifications | Provide CLI/UI quickstarts plus recipes referencing new endpoints. | NOTIFY-OAS-61-002 | NOOA0101 | | NOTIFY-OBS-51-001 | TODO | | SPRINT_170_notifications_telemetry | Notifications Service Guild · Observability Guild | src/Notify/StellaOps.Notify | Implement telemetry SLO webhook schema + incident toggle contract. | NOTY0104 | NOOB0101 | | NOTIFY-OBS-55-001 | TODO | | SPRINT_171_notifier_i | Notifications Service Guild · Ops Guild | src/Notify/StellaOps.Notify | Add override snapshots, legal compliance logging, and override audit events. | NOTIFY-OBS-51-001 | NOOB0101 | | NOTIFY-OPS-0001 | TODO | | SPRINT_322_docs_modules_notify | Ops Guild · Docs Guild | docs/modules/notify | Review notifier runbooks/observability assets after the next sprint demo and record findings. | NOTIFY-OBS-55-001 | NOOR0101 | | NOTIFY-RISK-66-001 | TODO | | SPRINT_170_notifications_telemetry | Notifications Service Guild · Risk Engine Guild · Policy Guild | src/Notify/StellaOps.Notify | Policy/Risk metadata export required before implementation. | POLICY-RISK-40-002 | NORR0101 | | NOTIFY-RISK-67-001 | TODO | | SPRINT_171_notifier_i | Notifications Service Guild · Policy Guild | src/Notify/StellaOps.Notify | Notify stakeholders when risk profiles are published, deprecated, or thresholds change. | NOTIFY-RISK-66-001 | NORR0101 | | NOTIFY-RISK-68-001 | TODO | | SPRINT_170_notifications_telemetry | Notifications Service Guild · Risk Engine Guild · Policy Guild | src/Notify/StellaOps.Notify | Broadcast severity transitions with trace metadata and attach policy references. | NOTIFY-RISK-67-001 | NORR0101 | | NOTIFY-SVC-37-001 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Define pack approval & policy notification contract, including OpenAPI schema, event payloads, resume token mechanics, and security guidance. | Align payload schema with PGMI0101 + ATEL0101 decisions | NOTY0103 | | NOTIFY-SVC-37-002 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Implement secure ingestion endpoint, Mongo persistence (`pack_approvals`), idempotent writes, and audit trail for approval events. Dependencies: NOTIFY-SVC-37-001. | NOTIFY-SVC-37-001 | NOTY0103 | | NOTIFY-SVC-37-003 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Deliver approval/policy templates, routing predicates, and channel dispatch (email/chat/webhook) with deterministic ordering plus ack gating. | NOTIFY-SVC-37-002 | NOTY0103 | | NOTIFY-SVC-37-004 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Provide acknowledgement API, Task Runner callback client, metrics for outstanding approvals, and SLA escalations. | NOTIFY-SVC-37-003 | NOTY0103 | | NOTIFY-SVC-38-002 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Implement channel adapters (email, chat webhook, generic webhook) with retry policies, health checks, and audit logging. | NOTIFY-SVC-37-004 | NOTY0104 | | NOTIFY-SVC-38-003 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Deliver template service (versioned templates, localization scaffolding) and renderer with redaction allowlists, Markdown/HTML/JSON outputs, and provenance links. | NOTIFY-SVC-38-002 | NOTY0104 | | NOTIFY-SVC-38-004 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Expose REST + WS APIs (rules CRUD, templates preview, incidents list, ack) with audit logging, RBAC checks, and live feed stream. | NOTIFY-SVC-38-003 | NOTY0104 | | NOTIFY-SVC-39-001 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Implement correlation engine with pluggable key expressions/windows, throttler (token buckets), quiet hours/maintenance evaluator, and incident lifecycle. | NOTIFY-SVC-38-004 | NOTY0105 | | NOTIFY-SVC-39-002 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Build digest generator (queries, formatting) with schedule runner and distribution manifests. | NOTIFY-SVC-39-001 | NOTY0105 | | NOTIFY-SVC-39-003 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Provide simulation engine/API to dry-run rules against historical events, returning correlation explanations. | NOTIFY-SVC-39-002 | NOTY0105 | | NOTIFY-SVC-39-004 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Integrate quiet hour calendars and throttles with audit logging plus operator overrides. | NOTIFY-SVC-39-003 | NOTY0105 | | NOTIFY-SVC-40-001 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Implement escalations + on-call schedules, ack bridge, PagerDuty/OpsGenie adapters, and CLI/in-app inbox channels. Dependencies: NOTIFY-SVC-39-004. | NOTIFY-SVC-39-004 | NOTY0106 | | NOTIFY-SVC-40-002 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Add summary storm breaker notifications, localization bundles, and localization fallback handling. | NOTIFY-SVC-40-001 | NOTY0106 | | NOTIFY-SVC-40-003 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Harden security: signed ack links (KMS), webhook HMAC/IP allowlists, tenant isolation fuzz tests, HTML sanitization. | NOTIFY-SVC-40-002 | NOTY0106 | | NOTIFY-SVC-40-004 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Finalize observability (metrics/traces for escalations, latency), dead-letter handling, chaos tests for channel outages, and retention policies. | NOTIFY-SVC-40-003 | NOTY0106 | | NOTIFY-TEN-48-001 | TODO | | SPRINT_173_notifier_iii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Tenant-scope rules/templates/incidents, RLS on storage, tenant-prefixed channels, and inclusion of tenant context in notifications. | NOTIFY-SVC-40-004 | NOTY0107 | | OAS-61 | TODO | | SPRINT_160_export_evidence | Exporter Service + API Governance + SDK Guilds | docs/api/oas | Define platform-wide OpenAPI governance + release checklist. | PGMI0101 | DOOA0103 | | OAS-61-001 | DOING | | SPRINT_170_notifications_telemetry | API Governance Guild | docs/api/oas | Draft spec updates + changelog text. | OAS-61 | DOOA0103 | | OAS-61-002 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Align Link-Not-Merge endpoints with new pagination/idempotency rules. | OAS-61 | COAS0101 | | OAS-61-003 | TODO | | SPRINT_305_docs_tasks_md_v | Docs Guild · API Governance Guild | docs/api/oas | Publish `/docs/api/versioning.md` describing SemVer, deprecation headers, migration playbooks. | OAS-61 | DOOA0103 | | OAS-62 | TODO | | SPRINT_160_export_evidence | Exporter + API Gov + SDK Guilds | docs/api/oas | Document SDK/gen pipeline + offline bundle expectations. | OAS-61 | DOOA0103 | | OAS-62-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild · SDK Generator Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Generate `/docs/api/reference/` data + integrate with SDK scaffolding. | OAS-61-002 | COAS0101 | | OAS-62-002 | TODO | | SPRINT_511_api | API Contracts Guild | src/Api/StellaOps.Api.OpenApi | Add lint rules enforcing pagination, idempotency headers, naming conventions, and example coverage. | OAS-62-001 | AOAS0101 | | OAS-63 | TODO | | SPRINT_160_export_evidence | Exporter + API Gov + SDK Guilds | docs/api/oas | Define discovery endpoint strategy + lifecycle docs. | OAS-62 | DOOA0103 | | OAS-63-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild · API Governance Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Add `.well-known/openapi` metadata/discovery hints. | OAS-62-001 | COAS0101 | | OBS-50-001 | DOING | | SPRINT_170_notifications_telemetry | Telemetry Core Guild | src/Telemetry/StellaOps.Telemetry.Core | Implement structured logging, trace propagation, and scrub policies for core services. | TLTY0101 | TLTY0102 | | OBS-50-002 | DOING | | SPRINT_170_notifications_telemetry | Telemetry Core Guild | src/Telemetry/StellaOps.Telemetry.Core | Roll out Helm/collector bundles plus validation tests and DSSE artefacts for telemetry exporters. | OBS-50-001 | TLTY0102 | | OBS-50-003 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild · Observability Guild | docs/observability | Publish `/docs/observability/collector-deploy.md` with telemetry baseline + offline flows. | OBS-50-001 | DOOB0102 | | OBS-50-004 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild · Observability Guild | docs/observability | Document scrub policy/SOPs (`/docs/observability/scrub-policy.md`). | OBS-50-003 | DOOB0102 | | OBS-51-001 | TODO | | SPRINT_110_ingestion_evidence | Exporter Guild · AirGap Time Guild · CLI Guild | ops/devops/telemetry | Build shared SLO bus (queue depth, time-anchor drift) feeding exporter/CLI dashboards. | PROGRAM-STAFF-1001 | OBAG0101 | | OBS-51-002 | TODO | | SPRINT_170_notifications_telemetry | Telemetry Core Guild · Observability Guild | ops/devops/telemetry | Run shadow-mode evaluators + roll metrics into collectors + alert webhooks. | OBS-51-001 | OBAG0101 | | OBS-52-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Emit ingest latency, queue depth, and AOC violation metrics with burn-rate alerts. | ATLN0101 | CNOB0103 | | OBS-52-002 | TODO | | SPRINT_160_export_evidence | Timeline Indexer Guild | src/Timeline/StellaOps.TimelineIndexer | Configure streaming pipeline (retention/backpressure) for timeline events. | OBS-52-001 | TLIX0101 | | OBS-52-003 | TODO | | SPRINT_160_export_evidence | Timeline Indexer Guild | src/Timeline/StellaOps.TimelineIndexer | Add CI validation + schema enforcement for timeline events. | OBS-52-002 | TLIX0101 | | OBS-52-004 | TODO | | SPRINT_160_export_evidence | Timeline Indexer + Security Guilds | src/Timeline/StellaOps.TimelineIndexer | Harden streaming pipeline with auth/encryption + DSSE proofs. | OBS-52-003 | TLIX0101 | | OBS-53-001 | TODO | | SPRINT_110_ingestion_evidence | Exporter Guild · AirGap Time Guild · CLI Guild | ops/devops/telemetry | Establish provenance SLO signals + exporter hooks. | PROGRAM-STAFF-1001 | PROB0102 | | OBS-53-002 | TODO | | SPRINT_513_provenance | Provenance + Security Guild | src/Provenance/StellaOps.Provenance.Attestation | Add attestation metrics + scrubbed logs referencing DSSE bundles. | OBS-53-001 | PROB0102 | | OBS-53-003 | TODO | | SPRINT_513_provenance | Provenance Guild | src/Provenance/StellaOps.Provenance.Attestation | Ship dashboards/tests proving attestation observability. | OBS-53-002 | PROB0102 | | OBS-54-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild · Provenance Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Needs shared exporter from 1039_EXPORT-OBS-54-001 | Needs shared exporter from 1039_EXPORT-OBS-54-001 | CNOB0101 | | OBS-54-002 | TODO | | SPRINT_161_evidencelocker | Evidence Locker Guild | src/EvidenceLocker/StellaOps.EvidenceLocker | Instrument Evidence Locker ingest/publish flows with metrics/logs + alerts. | OBS-53-002 | ELOC0102 | | OBS-55-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core & DevOps Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Refresh ops automation/runbooks referencing new observability signals. | OBS-52-001 | CNOB0103 | | OBS-56-001 | TODO | | SPRINT_174_telemetry | Telemetry Core Guild | src/Telemetry/StellaOps.Telemetry.Core | Generate signed air-gap telemetry bundles + validation tests. | OBS-50-002 | TLTY0103 | | OFFLINE-17-004 | BLOCKED | 2025-10-26 | SPRINT_508_ops_offline_kit | Offline Kit Guild · DevOps Guild | ops/offline-kit | Repackage release-17 bundle with DSSE receipts + verification logs. | PROGRAM-STAFF-1001 | OFFK0101 | | OFFLINE-34-006 | TODO | | SPRINT_508_ops_offline_kit | Offline Kit + Orchestrator Guild | ops/offline-kit | Add orchestrator automation + docs to Offline Kit release 34. | ATMI0102 | OFFK0101 | | OFFLINE-37-001 | TODO | | SPRINT_508_ops_offline_kit | Offline Kit + Exporter Guild | ops/offline-kit | Ship export evidence bundle + checksum manifests for release 37. | EXPORT-MIRROR-ORCH-1501 | OFFK0101 | | OFFLINE-37-002 | TODO | | SPRINT_508_ops_offline_kit | Offline Kit + Notifications Guild | ops/offline-kit | Package notifier templates/channel configs for offline ops (release 37). | NOTY0103 | OFFK0101 | | OFFLINE-CONTAINERS-46-001 | TODO | | SPRINT_508_ops_offline_kit | Offline Kit + Deployment Guild | ops/offline-kit | Include container air-gap bundle, verification docs, and mirrored registry instructions. | OFFLINE-37-001 | OFFK0101 | | OPENSSL-11-001 | TODO | 2025-11-06 | SPRINT_505_ops_devops_iii | DevOps Guild · Build Infra Guild | ops/devops | Rebuild OpenSSL toolchain with sovereign crypto patches + publish reproducible logs. | KMSI0102 | OPEN0101 | | OPENSSL-11-002 | TODO | 2025-11-06 | SPRINT_505_ops_devops_iii | DevOps Guild · CI Guild | ops/devops | Update CI/container images with new OpenSSL packages + smoke tests. | OPENSSL-11-001 | OPEN0101 | | OPS-0001 | DONE | 2025-11-07 | SPRINT_333_docs_modules_excititor | Ops Guild (docs/modules/excitor) | docs/modules/excitor | | | | | OPS-ENV-01 | TODO | | SPRINT_507_ops_devops_v | DevOps Guild · Scanner Guild | ops/devops | Update Helm/Compose manifests + docs to include Surface.Env variables for Scanner/Zastava. | SCSS0101 | DOPS0101 | | OPS-SECRETS-01 | TODO | | SPRINT_507_ops_devops_v | DevOps + Security Guild | ops/devops | Define secret provisioning workflow (Kubernetes, Compose, Offline Kit) for Surface.Secrets references and update runbooks. | OPS-ENV-01 | DOPS0101 | | OPS-SECRETS-02 | TODO | | SPRINT_507_ops_devops_v | DevOps + Offline Kit Guild | ops/devops | Embed Surface.Secrets bundles (encrypted) into Offline Kit packaging scripts. | OPS-SECRETS-01 | DOPS0101 | | ORCH-32-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | — | — | ORGR0102 | | ORCH-32-002 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | — | — | ORGR0102 | | ORCH-33-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | — | — | ORGR0102 | | ORCH-33-002 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild (docs) | | — | — | ORGR0102 | | ORCH-33-003 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild (docs) | | — | — | ORGR0102 | | ORCH-34-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | — | — | ORGR0102 | | ORCH-34-002 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild (docs) | | — | — | ORGR0102 | | ORCH-34-003 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild (docs) | | — | — | ORGR0102 | | ORCH-34-004 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild (docs) | | — | — | ORGR0102 | | ORCH-34-005 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild (docs) | | — | — | ORGR0102 | | ORCH-AIRGAP-56-001 | TODO | | SPRINT_151_orchestrator_i | Orchestrator Service + AirGap Policy Guilds | src/Orchestrator/StellaOps.Orchestrator | Enforce job descriptors to declare network intents; reject external endpoints in sealed mode. | ATMI0102 | ORAG0101 | | ORCH-AIRGAP-56-002 | TODO | | SPRINT_151_orchestrator_i | Orchestrator Service + AirGap Controller Guild | src/Orchestrator/StellaOps.Orchestrator | Surface sealing status/time staleness in scheduler APIs. | ORCH-AIRGAP-56-001 | ORAG0101 | | ORCH-AIRGAP-57-001 | TODO | | SPRINT_151_orchestrator_i | Orchestrator + Export Center Guilds | src/Orchestrator/StellaOps.Orchestrator | Ship sealed-mode exec profiles with mirror/orchestrator hooks. | ORCH-AIRGAP-56-002 | ORAG0101 | | ORCH-AIRGAP-58-001 | TODO | | SPRINT_151_orchestrator_i | Orchestrator + Offline Kit Guilds | src/Orchestrator/StellaOps.Orchestrator | Export sealed job bundles + DSSE receipts for Offline Kit. | ORCH-AIRGAP-57-001 | ORAG0101 | | ORCH-OAS-61-001 | TODO | | SPRINT_151_orchestrator_i | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Update orchestrator OAS spec + changelog per governance rules. | OAS-61 | OROA0101 | | ORCH-OAS-61-002 | TODO | | SPRINT_151_orchestrator_i | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Apply pagination/idempotency rules + tests. | ORCH-OAS-61-001 | OROA0101 | | ORCH-OAS-62-001 | TODO | | SPRINT_151_orchestrator_i | Orchestrator Service + SDK Guild | src/Orchestrator/StellaOps.Orchestrator | Publish auto-generated SDK + portal refs. | ORCH-OAS-61-002 | OROA0101 | | ORCH-OAS-63-001 | TODO | | SPRINT_151_orchestrator_i | Orchestrator Service + API Governance Guild | src/Orchestrator/StellaOps.Orchestrator | Implement `.well-known/openapi` discovery + deprecation headers. | ORCH-OAS-62-001 | OROA0101 | | ORCH-OBS-50-001 | TODO | | SPRINT_151_orchestrator_i | Orchestrator Service Guild · Observability Guild | src/Orchestrator/StellaOps.Orchestrator | Wire `StellaOps.Telemetry.Core` into orchestrator host, instrument schedulers and control APIs with trace spans, structured logs, and exemplar metrics. Ensure tenant/job metadata recorded for every span/log. | Wait for 043_ORTR0101 taskrunner counters | OROB0101 | | ORCH-OBS-51-001 | TODO | | SPRINT_151_orchestrator_i | Orchestrator Service Guild · DevOps Guild | src/Orchestrator/StellaOps.Orchestrator | Publish golden-signal metrics (dispatch latency, queue depth, failure rate), define job/tenant SLOs, and emit burn-rate alerts to collector + Notifications. Provide Grafana dashboards + alert rules. Dependencies: ORCH-OBS-50-001. | Needs DevOps alert templates (045_DVDO0103) | OROB0101 | | ORCH-OBS-52-001 | TODO | | SPRINT_151_orchestrator_i | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Emit `timeline_event` objects for job lifecycle (`job.scheduled`, `job.started`, `job.completed`, `job.failed`) including trace IDs, run IDs, tenant/project, and causal metadata. Add contract tests and Kafka/NATS emitter with retries. Dependencies: ORCH-OBS-51-001. | Depends on instrumentation contract 046_TLTY0101 | OROB0101 | | ORCH-OBS-53-001 | TODO | | SPRINT_151_orchestrator_i | Orchestrator Service Guild · Evidence Locker Guild | src/Orchestrator/StellaOps.Orchestrator | Generate job capsule inputs for evidence locker (payload digests, worker image, config hash, log manifest) and invoke locker snapshot hooks on completion/failure. Ensure redaction guard enforced. Dependencies: ORCH-OBS-52-001. | Requires Evidence Locker contract (002_ATEL0101) | OROB0101 | | ORCH-OBS-54-001 | TODO | | SPRINT_151_orchestrator_i | Orchestrator Service Guild · Provenance Guild | src/Orchestrator/StellaOps.Orchestrator | Produce DSSE attestations for orchestrator-scheduled jobs (subject = job capsule) and store references in timeline + evidence locker. Provide verification endpoint `/jobs/{id}/attestation`. Dependencies: ORCH-OBS-53-001. | Blocked by provenance schema (005_ATLN0101) | OROB0101 | | ORCH-OBS-55-001 | TODO | | SPRINT_151_orchestrator_i | Orchestrator Service Guild · DevOps Guild | src/Orchestrator/StellaOps.Orchestrator | Implement incident mode hooks (sampling overrides, extended retention, additional debug spans) and automatic activation on SLO burn-rate breach. Emit activation/deactivation events to timeline + Notifier. Dependencies: ORCH-OBS-54-001. | Needs #5 resolved for label stability | OROB0101 | | ORCH-SVC-32-001 | TODO | | SPRINT_151_orchestrator_i | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Bootstrap service project, configuration, Postgres schema/migrations for sources/runs/jobs DAG. | PGMI0101 | ORSC0101 | | ORCH-SVC-32-002 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Implement scheduler DAG planner + job state machine. | ORCH-SVC-32-001 | ORSC0101 | | ORCH-SVC-32-003 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Expose REST APIs (sources/runs/jobs) w/ validation + tenant scope. | ORCH-SVC-32-002 | ORSC0101 | | ORCH-SVC-32-004 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Implement SSE/WS streams + metrics/health probes. | ORCH-SVC-32-003 | ORSC0101 | | ORCH-SVC-32-005 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Deliver worker claim/heartbeat/progress endpoints w/ idempotency. | ORCH-SVC-32-004 | ORSC0101 | | ORCH-SVC-33-001 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Enable `sources test` pipeline + scaffolding. | ORCH-SVC-32-005 | ORSC0102 | | ORCH-SVC-33-002 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Implement adaptive rate limiter/concurrency caps/backpressure. | ORCH-SVC-33-001 | ORSC0102 | | ORCH-SVC-33-003 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Add watermark/backfill manager + preview endpoint. | ORCH-SVC-33-002 | ORSC0102 | | ORCH-SVC-33-004 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Deliver dead-letter store + replay APIs + error classifications. | ORCH-SVC-33-003 | ORSC0102 | | ORCH-SVC-34-001 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Implement quota management APIs + SLO burn-rate tracking. | ORCH-SVC-33-004 | ORSC0102 | | ORCH-SVC-34-002 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Build audit log + immutable run ledger export with signed manifests. | ORCH-SVC-34-001 | ORSC0103 | | ORCH-SVC-34-003 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Execute perf/scale validation + autoscaling hooks. | ORCH-SVC-34-002 | ORSC0103 | | ORCH-SVC-34-004 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Package orchestrator container, Helm overlays, offline bundle seeds, attestations. | ORCH-SVC-34-003 | ORSC0103 | | ORCH-SVC-35-101 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Register `export` job type with quotas, telemetry, and worker contract hooks. | ORCH-SVC-34-004 | ORSC0103 | | ORCH-SVC-36-101 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Capture export job distribution metadata + retention timestamps for dashboards + SSE payloads. | ORCH-SVC-35-101 | ORSC0104 | | ORCH-SVC-37-101 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Enable scheduled export runs, retention pruning, failure alerting for export jobs. | ORCH-SVC-36-101 | ORSC0104 | | ORCH-SVC-38-101 | TODO | | SPRINT_153_orchestrator_iii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Standardize event envelope, publish failure events to notifier bus with provenance metadata. | ORCH-SVC-37-101 | ORSC0104 | | ORCH-SVC-41-101 | TODO | | SPRINT_153_orchestrator_iii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Register `pack-run` job type, persist metadata, wire Task Runner API. | ORCH-SVC-38-101 | ORSC0104 | | ORCH-SVC-42-101 | TODO | | SPRINT_153_orchestrator_iii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Stream pack run logs via SSE, enforce quotas, emit notifier events. | ORCH-SVC-41-101 | ORSC0104 | | ORCH-TEN-48-001 | TODO | | SPRINT_153_orchestrator_iii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Include tenant/project IDs in job specs + DB session context; enforce queries + reject missing metadata. | ORCH-SVC-42-101 | ORTN0101 | | ORCHESTRATOR-ENG-0001 | TODO | | SPRINT_323_docs_modules_orchestrator | Module Team | docs/modules/orchestrator | Keep sprint milestone alignment notes synced with latest ORSC/ORAG/OROA changes. | ORSC0104 | DOOR0103 | | ORCHESTRATOR-OPS-0001 | TODO | | SPRINT_323_docs_modules_orchestrator | Ops Guild | docs/modules/orchestrator | Review orchestrator runbooks/observability checklists after new demos. | ORSC0104 | DOOR0103 | | PACKS-42-001 | TODO | | SPRINT_121_policy_reasoning | Findings Ledger Guild | src/Findings/StellaOps.Findings.Ledger | Provide snapshot/time-travel APIs and digestable exports for Task Pack simulation + CLI offline mode. | PLLG0103 | PKLD0101 | | PACKS-43-001 | DONE | 2025-11-09 | SPRINT_100_identity_signing | Packs Guild · Authority Guild | src/Authority/StellaOps.Authority | Finalized Pack release 43 (signing, release notes, artefacts). | AUTH-PACKS-41-001; TASKRUN-42-001; ORCH-SVC-42-101 | PACK0101 | | PACKS-43-002 | TODO | | SPRINT_508_ops_offline_kit | Offline Kit Guild, Packs Registry Guild (ops/offline-kit) | ops/offline-kit | Bundle packs registry artifacts, runbooks, and verification docs into Offline Kit release 43. | OFFLINE-37-001 | OFFK0101 | | PACKS-REG-41-001 | TODO | | SPRINT_154_packsregistry | Packs Registry Guild | src/PacksRegistry/StellaOps.PacksRegistry | Implement registry API/storage, version lifecycle, provenance export. | ORCH-SVC-42-101 | PKRG0101 | | PACKS-REG-42-001 | TODO | | SPRINT_154_packsregistry | Packs Registry Guild | src/PacksRegistry/StellaOps.PacksRegistry | Add tenant allowlists, signature rotation, audit logs, Offline Kit seed support. | PACKS-REG-41-001 | PKRG0101 | | PACKS-REG-43-001 | TODO | | SPRINT_154_packsregistry | Packs Registry Guild | src/PacksRegistry/StellaOps.PacksRegistry | Implement mirroring, pack signing policies, compliance dashboards, Export Center integration. | PACKS-REG-42-001 | PKRG0101 | | PARITY-41-001 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Ensure CLI HTTP client propagates `traceparent` headers for all commands, prints correlation IDs on failure, and records trace IDs in verbose logs. | NOWB0101 | CLPR0101 | | PARITY-41-002 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add parity tests ensuring CLI outputs match notifier/web error formats and capture verification docs. | PARITY-41-001 | CLPR0101 | | PLATFORM-DOCS-0001 | TODO | | SPRINT_324_docs_modules_platform | Docs Guild | docs/modules/platform | Refresh architecture/gov doc per new sprint planning rules. | execution-waves.md | DOPF0101 | | PLATFORM-ENG-0001 | TODO | | SPRINT_324_docs_modules_platform | Module Team | docs/modules/platform | Update engineering status + AGENTS workflow references. | PLATFORM-DOCS-0001 | DOPF0101 | | PLATFORM-OPS-0001 | TODO | | SPRINT_324_docs_modules_platform | Ops Guild | docs/modules/platform | Sync ops runbooks/outcomes with new platform charter. | PLATFORM-DOCS-0001 | DOPF0101 | | PLG4-6 | DONE | 2025-11-08 | SPRINT_100_identity_signing | Authority Plugin Guild | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard | DSSE+docs coverage for standard plugin release. | DPO policy review | PLGN0101 | | PLG6 | DONE | 2025-11-03 | SPRINT_100_identity_signing | Authority Plugin Guild | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard | Offline kit parity + docs refresh. | OFFK0101 bundling | PLGN0101 | | PLG7 | DONE | 2025-11-03 | SPRINT_100_identity_signing | Authority Plugin Guild · Security Guild | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard | LDAP plugin capabilities aligned to provisioning spec. | LDAP provisioning spec | PLGN0101 | | PLG7.IMPL-003 | DONE (2025-11-09) | 2025-11-09 | SPRINT_100_identity_signing | BE-Auth Plugin (src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard) | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard | Claims enricher + Mongo cache tests. | Claims enricher ships with DN map + regex substitutions, Mongo claims cache (TTL + capacity enforcement) wired through DI, plus unit tests covering enrichment + cache eviction. | PLGN0101 | | PLG7.IMPL-004 | DONE (2025-11-09) | 2025-11-09 | SPRINT_100_identity_signing | BE-Auth Plugin, DevOps Guild (src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Ldap) | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Ldap | LDAP client provisioning store, capability gating, docs/tests. | LDAP plug-in now ships `clientProvisioning.*` options, a Mongo-audited `LdapClientProvisioningStore`, capability gating, and docs/tests covering LDAP writes + cache shims. | PLGN0101 | | PLG7.IMPL-005 | DONE (2025-11-09) | 2025-11-09 | SPRINT_100_identity_signing | BE-Auth Plugin, Docs Guild (src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard) | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard | LDAP docs refresh + sample manifest updates. | LDAP plug-in docs refreshed (mutual TLS, regex mappings, cache/audit mirror guidance), sample manifest updated, Offline Kit + release notes now reference the bundled plug-in assets. | PLGN0101 | | PLG7.IMPL-006 | DONE (2025-11-09) | 2025-11-09 | SPRINT_100_identity_signing | BE-Auth Plugin (src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Ldap) | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Ldap | LDAP bootstrap provisioning + health status + docs. | LDAP bootstrap provisioning added (write probe, Mongo audit mirror, capability downgrade + health status) with docs/tests + sample manifest updates. | PLGN0101 | | POL-005 | TODO | | SPRINT_401_reachability_evidence_chain | Policy Guild | `src/Policy/StellaOps.Policy.Engine`, `docs/modules/policy/architecture.md`, `docs/reachability/function-level-evidence.md` | Ingest reachability facts, expose `reachability.state/confidence`, auto-suppress low confidence, emit OpenVEX evidence. | GAPG0101 | PORE0101 | | POLICY-0001 | DONE | 2025-11-10 | SPRINT_138_scanner_ruby_parity | Policy Guild, Ruby Analyzer Guild (docs/modules/scanner) | docs/modules/scanner | | SCANNER-ENG-0018 | | | POLICY-13-007 | TODO | | SPRINT_210_ui_ii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | | | | | POLICY-20-001 | TODO | | SPRINT_114_concelier_iii | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Provide batch advisory lookup APIs for Policy Engine (purl/advisory filters, tenant scopes, explain metadata). | ATLN0101 | CCPR0102 | | POLICY-20-002 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Expand linkset builders with vendor equivalence tables, NEVRA/PURL normalization, version-range parsing. | POLICY-20-001 | CCPR0102 | | POLICY-20-003 | TODO | | SPRINT_115_concelier_iv | Concelier Storage Guild | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | Introduce advisory selection cursors + change-stream checkpoints with offline migration scripts. | POLICY-20-002 | CCPR0102 | | POLICY-20-004 | TODO | | SPRINT_210_ui_ii | UI Guild | src/UI/StellaOps.UI | Implement Policy Studio UI surfaces wiring to new APIs (editor, simulation, dashboards). | ORSC0101 | UIPD0101 | | POLICY-23-001 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | Add secondary indexes/materialized views (alias, severity, confidence) for fast policy lookups. | POLICY-20-003 | CCPR0102 | | POLICY-23-002 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild, Platform Events Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | Ensure `advisory.linkset.updated` events carry idempotent IDs/confidence summaries/tenant metadata for replay. | POLICY-23-001 | CCPR0102 | | POLICY-23-003 | TODO | | SPRINT_210_ui_ii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | | | | | POLICY-23-004 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | | | POLICY-23-005 | TODO | | SPRINT_210_ui_ii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | | | | | POLICY-23-006 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | | | POLICY-23-007 | TODO | | SPRINT_307_docs_tasks_md_vii | Docs Guild, DevEx/CLI Guild (docs) | | | | | | POLICY-23-008 | TODO | | SPRINT_307_docs_tasks_md_vii | Docs Guild, Architecture Guild (docs) | | | | | | POLICY-23-009 | TODO | | SPRINT_307_docs_tasks_md_vii | Docs Guild, DevOps Guild (docs) | | | | | | POLICY-23-010 | TODO | | SPRINT_307_docs_tasks_md_vii | Docs Guild, UI Guild (docs) | | | | | | POLICY-27-001 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement policy workspace commands (`stella policy init/edit/lint/compile/test`) with template selection, local cache, JSON output, deterministic temp dirs. | CLI-POLICY-23-006 | CLPS0101 | | POLICY-27-002 | TODO | | SPRINT_204_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add submission/review workflow commands (`version bump`, `submit`, `review comment`, `approve`, `reject`) with reviewer assignment + changelog capture. | POLICY-27-001 | CLPS0101 | | POLICY-27-003 | TODO | | SPRINT_204_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella policy simulate` enhancements (quick/batch, SBOM selectors, heatmap summaries, JSON/Markdown outputs). | POLICY-27-002 | CLPS0102 | | POLICY-27-004 | TODO | | SPRINT_204_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add publish/promote/rollback/sign commands with attestation checks and canary args. | POLICY-27-003 | CLPS0102 | | POLICY-27-005 | TODO | | SPRINT_204_cli_iv | DevEx/CLI Guild · Docs Guild | src/Cli/StellaOps.Cli | Update CLI docs/samples for Policy Studio (JSON schemas, exit codes, CI snippets). | POLICY-27-004 | CLPS0102 | | POLICY-27-006 | TODO | | SPRINT_204_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Update CLI policy scopes/help text to request new Policy Studio scopes and adjust regression tests. | POLICY-27-005 | CLPS0102 | | POLICY-27-007 | BLOCKED | 2025-10-27 | SPRINT_308_docs_tasks_md_viii | Docs Guild, DevEx/CLI Guild (docs) | | | | | | POLICY-27-008 | BLOCKED | 2025-10-27 | SPRINT_308_docs_tasks_md_viii | Docs Guild, Policy Registry Guild (docs) | | | | | | POLICY-27-009 | BLOCKED | 2025-10-27 | SPRINT_308_docs_tasks_md_viii | Docs Guild, Security Guild (docs) | | | | | | POLICY-27-010 | BLOCKED | 2025-10-27 | SPRINT_308_docs_tasks_md_viii | Docs Guild, Architecture Guild (docs) | | | | | | POLICY-27-011 | BLOCKED | 2025-10-27 | SPRINT_308_docs_tasks_md_viii | Docs Guild, Observability Guild (docs) | | | | | | POLICY-27-012 | BLOCKED | 2025-10-27 | SPRINT_308_docs_tasks_md_viii | Docs Guild, Ops Guild (docs) | | | | | | POLICY-27-013 | BLOCKED | 2025-10-27 | SPRINT_308_docs_tasks_md_viii | Docs Guild, Policy Guild (docs) | | | | | | POLICY-27-014 | BLOCKED | 2025-10-27 | SPRINT_308_docs_tasks_md_viii | Docs Guild, Policy Registry Guild (docs) | | | | | | POLICY-401-026 | TODO | | SPRINT_401_reachability_evidence_chain | Policy Guild · Concelier Guild (`docs/policy/dsl.md`, `docs/uncertainty/README.md`) | `docs/policy/dsl.md`, `docs/uncertainty/README.md` | | | | | POLICY-AIRGAP-56-001 | TODO | | SPRINT_123_policy_reasoning | Policy Guild | src/Policy/StellaOps.Policy.Engine | Support policy pack imports from mirror bundles, track `bundle_id` metadata, deterministic caching. | OFFK0101 | POAI0101 | | POLICY-AIRGAP-56-002 | TODO | | SPRINT_123_policy_reasoning | Policy Guild · Policy Studio Guild | src/Policy/StellaOps.Policy.Engine | Export policy sub-bundles with version metadata + checksums. | POLICY-AIRGAP-56-001 | POAI0101 | | POLICY-AIRGAP-57-001 | TODO | | SPRINT_123_policy_reasoning | Policy Guild · Export Center Guild | src/Policy.StellaOps.Policy.Engine | Mirror policy pack changes into Offline Kit, produce DSSE receipts. | POLICY-AIRGAP-56-002 | POAI0101 | | POLICY-AIRGAP-57-002 | TODO | | SPRINT_123_policy_reasoning | Policy Guild · Notifications Guild | src/Policy/StellaOps.Policy.Engine | Emit notifier events for mirror/export lifecycle. | POLICY-AIRGAP-57-001 | POAI0101 | | POLICY-AIRGAP-58-001 | TODO | | SPRINT_123_policy_reasoning | Policy Guild · Platform Ops | docs/policy/airgap.md | Document sealed-mode policy deploy checklist + automation. | POLICY-AIRGAP-57-002 | POAI0101 | | POLICY-AOC-19-001 | TODO | | SPRINT_123_policy_reasoning | Policy Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Add Roslyn/CI lint preventing ingestion projects from referencing Policy merge/severity helpers; block forbidden writes at compile time | | | | POLICY-AOC-19-002 | TODO | | SPRINT_123_policy_reasoning | Policy Guild, Platform Security / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Enforce `effective_finding_*` write gate ensuring only Policy Engine identity can create/update materializations | POLICY-AOC-19-001 | | | POLICY-AOC-19-003 | TODO | | SPRINT_123_policy_reasoning | Policy Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Update readers/processors to consume only `content.raw`, `identifiers`, and `linkset`. Remove dependencies on legacy normalized fields and refresh fixtures | POLICY-AOC-19-002 | | | POLICY-AOC-19-004 | TODO | | SPRINT_123_policy_reasoning | Policy Guild, QA Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Add regression tests ensuring policy derived outputs remain deterministic when ingesting revised raw docs | POLICY-AOC-19-003 | | | POLICY-ATTEST-73-001 | TODO | | SPRINT_123_policy_reasoning | Policy Guild, Attestor Service Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Introduce VerificationPolicy object: schema, persistence, versioning, and lifecycle | | | | POLICY-ATTEST-73-002 | TODO | | SPRINT_123_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Provide Policy Studio editor with validation, dry-run simulation, and version diff | POLICY-ATTEST-73-001 | | | POLICY-ATTEST-74-001 | TODO | | SPRINT_123_policy_reasoning | Policy Guild, Attestor Service Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Integrate verification policies into attestor verification pipeline with caching and waiver support | POLICY-ATTEST-73-002 | | | POLICY-ATTEST-74-002 | TODO | | SPRINT_123_policy_reasoning | Policy Guild, Console Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Surface policy evaluations in Console verification reports with rule explanations | POLICY-ATTEST-74-001 | | | POLICY-CONSOLE-23-001 | TODO | | SPRINT_123_policy_reasoning | Policy Guild, BE-Base Platform Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Optimize findings/explain APIs for Console: cursor-based pagination at scale, global filter parameters (severity bands, policy version, time window), rule trace summarization, and aggregation hints for dashboard cards. Ensure deterministic ordering and expose provenance refs | | | | POLICY-CONSOLE-23-002 | TODO | | SPRINT_124_policy_reasoning | Policy Guild, Product Ops / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Produce simulation diff metadata | POLICY-CONSOLE-23-001 | | | POLICY-DET-01 | TODO | | SPRINT_209_ui_i | UI Guild, Policy Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | | | | | POLICY-ENGINE-20-002 | BLOCKED | 2025-10-26 | SPRINT_124_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Build deterministic evaluator honoring lexical/priority order, first-match semantics, and safe value types (no wall-clock/network access) | PGMI0101 | PLPE0101 | | POLICY-ENGINE-20-003 | TODO | | SPRINT_124_policy_reasoning | Policy Guild, Concelier Core Guild, Excititor Core Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement selection joiners resolving SBOM↔advisory↔VEX tuples using linksets and PURL equivalence tables, with deterministic batching | POLICY-ENGINE-20-002 | PLPE0101 | | POLICY-ENGINE-20-004 | TODO | | SPRINT_124_policy_reasoning | Policy Guild, Platform Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Ship materialization writer that upserts into `effective_finding_{policyId}` with append-only history, tenant scoping, and trace references | POLICY-ENGINE-20-003 | PLPE0101 | | POLICY-ENGINE-20-005 | TODO | | SPRINT_124_policy_reasoning | Policy Guild, Security Engineering / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Enforce determinism guard banning wall-clock, RNG, and network usage during evaluation via static analysis + runtime sandbox | POLICY-ENGINE-20-004 | PLPE0101 | | POLICY-ENGINE-20-006 | TODO | | SPRINT_124_policy_reasoning | Policy Guild, Scheduler Worker Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement incremental orchestrator reacting to advisory/vex/SBOM change streams and scheduling partial policy re-evaluations | POLICY-ENGINE-20-005 | PLPE0101 | | POLICY-ENGINE-20-007 | TODO | | SPRINT_124_policy_reasoning | Policy Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Emit structured traces/logs of rule hits with sampling controls, metrics | POLICY-ENGINE-20-006 | PLPE0101 | | POLICY-ENGINE-20-008 | TODO | | SPRINT_124_policy_reasoning | Policy Guild, QA Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Add unit/property/golden/perf suites covering policy compilation, evaluation correctness, determinism, and SLA targets | POLICY-ENGINE-20-007 | PLPE0101 | | POLICY-ENGINE-20-009 | TODO | | SPRINT_124_policy_reasoning | Policy Guild, Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Define Mongo schemas/indexes for `policies`, `policy_runs`, and `effective_finding_*`; implement migrations and tenant enforcement | POLICY-ENGINE-20-008 | PLPE0101 | | POLICY-ENGINE-27-001 | TODO | | SPRINT_124_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Extend compile outputs to include rule coverage metadata, symbol table, inline documentation, and rule index for editor autocomplete; persist deterministic hashes | POLICY-ENGINE-20-009 | PLPE0101 | | POLICY-ENGINE-27-002 | TODO | | SPRINT_124_policy_reasoning | Policy Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Enhance simulate endpoints to emit rule firing counts, heatmap aggregates, sampled explain traces with deterministic ordering, and delta summaries for quick/batch sims | POLICY-ENGINE-27-001 | PLPE0101 | | POLICY-ENGINE-29-001 | TODO | | SPRINT_124_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement batch evaluation endpoint | POLICY-ENGINE-27-004 | PLPE0102 | | POLICY-ENGINE-29-002 | TODO | | SPRINT_124_policy_reasoning | Policy Guild, Findings Ledger Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Provide streaming simulation API comparing two policy versions, returning per-finding deltas without writes; align determinism with Vuln Explorer simulation | POLICY-ENGINE-29-001 | PLPE0102 | | POLICY-ENGINE-29-003 | TODO | | SPRINT_125_policy_reasoning | Policy Guild, SBOM Service Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Surface path/scope awareness in determinations | POLICY-ENGINE-29-002 | PLPE0102 | | POLICY-ENGINE-29-004 | TODO | | SPRINT_125_policy_reasoning | Policy Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Add metrics/logs for batch evaluation | POLICY-ENGINE-29-003 | PLPE0102 | | POLICY-ENGINE-30-001 | TODO | | SPRINT_125_policy_reasoning | Policy Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Define overlay contract for graph nodes/edges | POLICY-ENGINE-29-004 | PLPE0102 | | POLICY-ENGINE-30-002 | TODO | | SPRINT_125_policy_reasoning | Policy Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement simulation bridge returning on-the-fly overlays for Cartographer/Graph Explorer when invoking Policy Engine simulate; ensure no writes and deterministic outputs | POLICY-ENGINE-30-001 | PLPE0102 | | POLICY-ENGINE-30-003 | TODO | | SPRINT_125_policy_reasoning | Policy Guild, Scheduler Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Emit change events | POLICY-ENGINE-30-002 | PLPE0102 | | POLICY-ENGINE-30-101 | TODO | | SPRINT_125_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Surface trust weighting configuration | POLICY-ENGINE-30-003 | PLPE0102 | | POLICY-ENGINE-31-001 | TODO | | SPRINT_125_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Expose policy knobs for Advisory AI | POLICY-ENGINE-30-101 | PLPE0102 | | POLICY-ENGINE-31-002 | TODO | | SPRINT_125_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Provide batch endpoint delivering policy context | POLICY-ENGINE-31-001 | PLPE0103 | | POLICY-ENGINE-32-101 | TODO | | SPRINT_125_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Define orchestrator `policy_eval` job schema, idempotency keys, and enqueue hooks triggered by advisory/VEX/SBOM events | POLICY-ENGINE-31-002 | PLPE0103 | | POLICY-ENGINE-33-101 | TODO | | SPRINT_125_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement orchestrator-driven policy evaluation workers using SDK heartbeats, respecting throttles, and emitting SLO metrics | POLICY-ENGINE-32-101 | PLPE0103 | | POLICY-ENGINE-34-101 | TODO | | SPRINT_125_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Publish policy run ledger exports + SLO burn-rate metrics to orchestrator; ensure provenance chain links to Findings Ledger | POLICY-ENGINE-33-101 | PLPE0103 | | POLICY-ENGINE-35-201 | TODO | | SPRINT_125_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Expose deterministic policy snapshot API and evaluated findings stream keyed by policy version for exporter consumption | POLICY-ENGINE-34-101 | PLPE0103 | | POLICY-ENGINE-38-201 | TODO | | SPRINT_125_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Emit enriched policy violation events | POLICY-ENGINE-35-201 | PLPE0103 | | POLICY-ENGINE-40-001 | TODO | | SPRINT_125_policy_reasoning | Policy Guild, Concelier Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Update severity/status evaluation pipelines to consume multiple source severities per linkset, supporting selection strategies | POLICY-ENGINE-38-201 | PLPE0103 | | POLICY-ENGINE-40-002 | TODO | | SPRINT_125_policy_reasoning | Policy Guild, Excititor Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Accept VEX linkset conflicts and provide rationale references in effective findings; ensure explain traces cite observation IDs | POLICY-ENGINE-40-001 | PLPE0103 | | POLICY-ENGINE-40-003 | TODO | | SPRINT_126_policy_reasoning | Policy Guild, Web Scanner Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Provide API/SDK utilities for consumers | POLICY-ENGINE-40-002 | PLPE0103 | | POLICY-ENGINE-401-003 | TODO | | SPRINT_401_reachability_evidence_chain | Policy Guild (`src/Policy/StellaOps.Policy.Engine`, `docs/modules/policy/architecture.md`) | `src/Policy/StellaOps.Policy.Engine`, `docs/modules/policy/architecture.md` | Replace in-service DSL compilation with the shared library, support both legacy `stella-dsl@1` packs and the new inline syntax, and keep determinism hashes stable. | — | PLPE0103 | | POLICY-ENGINE-50-001 | TODO | | SPRINT_126_policy_reasoning | Policy Guild, Platform Security / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement SPL compiler: validate YAML, canonicalize, produce signed bundle, store artifact in object storage, write `policy_revisions` with AOC metadata | POLICY-ENGINE-40-003 | PLPE0104 | | POLICY-ENGINE-50-002 | TODO | | SPRINT_126_policy_reasoning | Policy Guild, Runtime Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Build runtime evaluator executing compiled plans over advisory/vex linksets + SBOM asset metadata with deterministic caching | POLICY-ENGINE-50-001 | PLPE0104 | | POLICY-ENGINE-50-003 | TODO | | SPRINT_126_policy_reasoning | Policy Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement evaluation/compilation metrics, tracing, and structured logs | POLICY-ENGINE-50-002 | PLPE0104 | | POLICY-ENGINE-50-004 | TODO | | SPRINT_126_policy_reasoning | Policy Guild, Platform Events Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Build event pipeline: subscribe to linkset/SBOM updates, schedule re-eval jobs, emit `policy.effective.updated` events with diff metadata | POLICY-ENGINE-50-003 | PLPE0104 | | POLICY-ENGINE-50-005 | TODO | | SPRINT_126_policy_reasoning | Policy Guild, Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Design and implement `policy_packs`, `policy_revisions`, `policy_runs`, `policy_artifacts` collections with indexes, TTL, and tenant scoping | POLICY-ENGINE-50-004 | PLPE0104 | | POLICY-ENGINE-50-006 | TODO | | SPRINT_126_policy_reasoning | Policy Guild, QA Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement explainer persistence + retrieval APIs linking decisions to explanation tree and AOC chain | POLICY-ENGINE-50-005 | PLPE0104 | | POLICY-ENGINE-50-007 | TODO | | SPRINT_126_policy_reasoning | Policy Guild, Scheduler Worker Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Provide evaluation worker host/DI wiring and job orchestration hooks for batch re-evaluations after policy activation | POLICY-ENGINE-50-006 | PLPE0104 | | POLICY-ENGINE-60-001 | TODO | | SPRINT_126_policy_reasoning | Policy Guild, SBOM Service Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Maintain Redis effective decision maps per asset/snapshot for Graph overlays; implement versioning and eviction strategy | POLICY-ENGINE-50-007 | PLPE0104 | | POLICY-ENGINE-60-002 | TODO | | SPRINT_126_policy_reasoning | Policy Guild, BE-Base Platform Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Expose simulation bridge for Graph What-if APIs, supporting hypothetical SBOM diffs and draft policies without persisting results | POLICY-ENGINE-60-001 | PLPE0104 | | POLICY-ENGINE-70-002 | TODO | | SPRINT_126_policy_reasoning | Policy Guild, Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Design and create Mongo collections | POLICY-ENGINE-60-002 | PLPE0104 | | POLICY-ENGINE-70-003 | TODO | | SPRINT_126_policy_reasoning | Policy Guild, Runtime Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Build Redis exception decision cache | POLICY-ENGINE-70-002 | | | POLICY-ENGINE-70-004 | TODO | | SPRINT_126_policy_reasoning | Policy Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Extend metrics/tracing/logging for exception application | POLICY-ENGINE-70-003 | | | POLICY-ENGINE-70-005 | TODO | | SPRINT_126_policy_reasoning | Policy Guild, Scheduler Worker Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Provide APIs/workers hook for exception activation/expiry | POLICY-ENGINE-70-004 | | | POLICY-ENGINE-80-001 | TODO | | SPRINT_126_policy_reasoning | Policy Guild, Signals Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Integrate reachability/exploitability inputs into evaluation pipeline | POLICY-ENGINE-70-005 | | | POLICY-ENGINE-80-002 | TODO | | SPRINT_127_policy_reasoning | Policy Guild, Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Create joining layer to read `reachability_facts` efficiently | POLICY-ENGINE-80-001 | | | POLICY-ENGINE-80-003 | TODO | | SPRINT_127_policy_reasoning | Policy Guild, Policy Editor Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Extend SPL predicates/actions to reference reachability state/score/confidence; update compiler validation | POLICY-ENGINE-80-002 | | | POLICY-ENGINE-80-004 | TODO | | SPRINT_127_policy_reasoning | Policy Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Emit metrics | POLICY-ENGINE-80-003 | | | POLICY-LIB-401-001 | TODO | | SPRINT_401_reachability_evidence_chain | Policy Guild (`src/Policy/StellaOps.PolicyDsl`, `docs/policy/dsl.md`) | `src/Policy/StellaOps.PolicyDsl`, `docs/policy/dsl.md` | Extract the policy DSL parser/compiler into `StellaOps.PolicyDsl`, add the lightweight syntax (default action + inline rules), and expose `PolicyEngineFactory`/`SignalContext` APIs for reuse. | | | | POLICY-LIB-401-002 | TODO | | SPRINT_401_reachability_evidence_chain | Policy Guild, CLI Guild (`tests/Policy/StellaOps.PolicyDsl.Tests`, `policy/default.dsl`, `docs/policy/lifecycle.md`) | `tests/Policy/StellaOps.PolicyDsl.Tests`, `policy/default.dsl`, `docs/policy/lifecycle.md` | Ship unit-test harness + sample `policy/default.dsl` (table-driven cases) and wire `stella policy lint/simulate` to the shared library. | | | | POLICY-OBS-50-001 | TODO | | SPRINT_127_policy_reasoning | Policy Guild · Observability Guild | src/Policy/StellaOps.Policy.Engine | Integrate telemetry core into policy API + worker hosts, ensuring spans/logs cover compile/evaluate flows with `tenant_id`, `policy_version`, `decision_effect`, and trace IDs | Wait for telemetry schema drop (046_TLTY0101) | PLOB0101 | | POLICY-OBS-51-001 | TODO | | SPRINT_127_policy_reasoning | Policy Guild · DevOps Guild | src/Policy/StellaOps.Policy.Engine | Emit golden-signal metrics | POLICY-OBS-50-001 | PLOB0101 | | POLICY-OBS-52-001 | TODO | | SPRINT_127_policy_reasoning | Policy Guild | src/Policy/StellaOps.Policy.Engine | Emit timeline events `policy.evaluate.started`, `policy.evaluate.completed`, `policy.decision.recorded` with trace IDs, input digests, and rule summary. Provide contract tests and retry semantics | POLICY-OBS-51-001 | PLOB0101 | | POLICY-OBS-53-001 | TODO | | SPRINT_127_policy_reasoning | Policy Guild · Evidence Locker Guild | src/Policy/StellaOps.Policy.Engine | Produce evaluation evidence bundles | POLICY-OBS-52-001 | PLOB0101 | | POLICY-OBS-54-001 | TODO | | SPRINT_127_policy_reasoning | Policy Guild · Provenance Guild | src/Policy/StellaOps.Policy.Engine | Generate DSSE attestations for evaluation outputs, expose `/evaluations/{id}/attestation`, and link attestation IDs in timeline + console. Provide verification harness | POLICY-OBS-53-001 | PLOB0101 | | POLICY-OBS-55-001 | TODO | | SPRINT_127_policy_reasoning | Policy Guild · DevOps Guild | src/Policy/StellaOps.Policy.Engine | Implement incident mode sampling overrides | POLICY-OBS-54-001 | PLOB0101 | | POLICY-READINESS-0001 | TODO | | SPRINT_325_docs_modules_policy | Policy Guild (docs/modules/policy) | docs/modules/policy | Capture policy module readiness checklist aligned with current sprint goals. | | | | POLICY-READINESS-0002 | TODO | | SPRINT_325_docs_modules_policy | Policy Guild (docs/modules/policy) | docs/modules/policy | Track outstanding prerequisites/risk items for policy releases and mirror into sprint updates. | | | | POLICY-RISK-66-001 | TODO | | SPRINT_127_policy_reasoning | Risk Profile Schema Guild / src/Policy/StellaOps.Policy.RiskProfile | src/Policy/StellaOps.Policy.RiskProfile | Develop initial JSON Schema for RiskProfile (signals, transforms, weights, severity, overrides) with validator stubs | | | | POLICY-RISK-66-002 | TODO | | SPRINT_127_policy_reasoning | Risk Profile Schema Guild / src/Policy/StellaOps.Policy.RiskProfile | src/Policy/StellaOps.Policy.RiskProfile | Implement inheritance/merge logic with conflict detection and deterministic content hashing | POLICY-RISK-66-001 | | | POLICY-RISK-66-003 | TODO | | SPRINT_127_policy_reasoning | Policy Guild, Risk Profile Schema Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Integrate RiskProfile schema into Policy Engine configuration, ensuring validation and default profile deployment | POLICY-RISK-66-002 | | | POLICY-RISK-66-004 | TODO | | SPRINT_127_policy_reasoning | Policy Guild, Risk Profile Schema Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Extend Policy libraries to load/save RiskProfile documents, compute content hashes, and surface validation diagnostics | POLICY-RISK-66-003 | | | POLICY-RISK-67-001 | TODO | | SPRINT_127_policy_reasoning | Policy Guild, Risk Engine Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Trigger scoring jobs on new/updated findings via Policy Engine orchestration hooks | POLICY-RISK-66-004 | | | POLICY-RISK-67-002 | TODO | | SPRINT_128_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement profile lifecycle APIs | POLICY-RISK-67-001 | | | POLICY-RISK-67-003 | TODO | | SPRINT_128_policy_reasoning | Policy Guild, Risk Engine Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Provide policy-layer APIs to trigger risk simulations and return distributions/contribution breakdowns | POLICY-RISK-67-002 | | | POLICY-RISK-68-001 | TODO | | SPRINT_128_policy_reasoning | Policy Guild, Policy Studio Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Provide simulation API bridging Policy Studio with risk engine; returns distributions and top movers | POLICY-RISK-67-003 | | | POLICY-RISK-68-002 | TODO | | SPRINT_128_policy_reasoning | Risk Profile Schema Guild / src/Policy/StellaOps.Policy.RiskProfile | src/Policy/StellaOps.Policy.RiskProfile | Add override/adjustment support with audit metadata and validation for conflicting rules | POLICY-RISK-68-001 | | | POLICY-RISK-69-001 | TODO | | SPRINT_128_policy_reasoning | Policy Guild, Notifications Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Emit events/notifications on profile publish, deprecate, and severity threshold changes | POLICY-RISK-68-002 | | | POLICY-RISK-70-001 | TODO | | SPRINT_128_policy_reasoning | Policy Guild, Export Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Support exporting/importing profiles with signatures for air-gapped bundles | POLICY-RISK-69-001 | | | POLICY-RISK-90-001 | TODO | | SPRINT_126_policy_reasoning | Policy Guild, Scanner Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Ingest entropy penalty inputs from Scanner (`entropy.report.json`, `layer_summary.json`), extend trust algebra with configurable weights/caps, and expose explanations/metrics for opaque ratio penalties (`docs/modules/scanner/entropy.md`). | | | | POLICY-SPL-23-001 | TODO | | SPRINT_128_policy_reasoning | Policy Guild, Language Infrastructure Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Define SPL v1 YAML + JSON Schema, including advisory rules, VEX precedence, severity mapping, exceptions, and layering metadata. Publish schema resources and validation fixtures | | | | POLICY-SPL-23-002 | TODO | | SPRINT_128_policy_reasoning | Policy Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Implement canonicalizer that normalizes policy packs | POLICY-SPL-23-001 | | | POLICY-SPL-23-003 | TODO | | SPRINT_128_policy_reasoning | Policy Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Build policy layering/override engine | POLICY-SPL-23-002 | | | POLICY-SPL-23-004 | TODO | | SPRINT_128_policy_reasoning | Policy Guild, Audit Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Design explanation tree model | POLICY-SPL-23-003 | | | POLICY-SPL-23-005 | TODO | | SPRINT_128_policy_reasoning | Policy Guild, DevEx Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Create migration tool to snapshot existing behavior into baseline SPL packs | POLICY-SPL-23-004 | | | POLICY-SPL-24-001 | TODO | | SPRINT_128_policy_reasoning | Policy Guild, Signals Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Extend SPL schema to expose reachability/exploitability predicates and weighting functions; update documentation and fixtures | POLICY-SPL-23-005 | | | POLICY-TEN-48-001 | TODO | | SPRINT_129_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Add `tenant_id`/`project_id` columns, enable RLS, update evaluators to require tenant context, and emit rationale IDs including tenant metadata | | | | POLICY-VEX-401-006 | TODO | | SPRINT_401_reachability_evidence_chain | Policy Guild (`src/Policy/StellaOps.Policy.Engine`, `src/Policy/__Libraries/StellaOps.Policy`) | `src/Policy/StellaOps.Policy.Engine`, `src/Policy/__Libraries/StellaOps.Policy` | Policy Engine consumes reachability facts, applies the deterministic score/label buckets (≥0.80 reachable, 0.30–0.79 conditional, <0.30 unreachable), emits OpenVEX with call-path proofs, and updates SPL schema with `reachability.state/confidence` predicates and suppression gates. | | | | POLICY-VEX-401-010 | TODO | | SPRINT_401_reachability_evidence_chain | Policy Guild (`src/Policy/StellaOps.Policy.Engine/Vex`, `docs/modules/policy/architecture.md`, `docs/benchmarks/vex-evidence-playbook.md`) | `src/Policy/StellaOps.Policy.Engine/Vex`, `docs/modules/policy/architecture.md`, `docs/benchmarks/vex-evidence-playbook.md` | Implement `VexDecisionEmitter` to serialize per-finding OpenVEX, attach evidence hashes, request DSSE signatures, capture Rekor metadata, and publish artifacts following the bench playbook. | | | | PROBE-401-010 | TODO | | SPRINT_401_reachability_evidence_chain | Runtime Signals Guild (`src/Signals/StellaOps.Signals.Runtime`, `ops/probes`) | `src/Signals/StellaOps.Signals.Runtime`, `ops/probes` | | | | | PROMO-70-001 | TODO | | SPRINT_202_cli_ii | DevEx/CLI Guild, Provenance Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | | | PROMO-70-002 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild, Provenance Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | | | PROV-BACKFILL-401-029 | DOING | | SPRINT_401_reachability_evidence_chain | Platform Guild | `docs/provenance/inline-dsse.md`, `scripts/publish_attestation_with_provenance.sh` | Backfill historical Mongo events with DSSE/Rekor metadata by resolving known attestations per subject digest (wiring ingestion helpers + endpoint tests in progress). | Depends on #1 | RBRE0101 | | PROV-INDEX-401-030 | TODO | | SPRINT_401_reachability_evidence_chain | Platform + Ops Guilds | `docs/provenance/inline-dsse.md`, `ops/mongo/indices/events_provenance_indices.js` | Deploy provenance indexes (`events_by_subject_kind_provenance`, etc.) and expose compliance/replay queries. | Depends on #3 | RBRE0101 | | PROV-INLINE-401-028 | DONE | | SPRINT_401_reachability_evidence_chain | Authority Guild · Feedser Guild (`docs/provenance/inline-dsse.md`, `src/__Libraries/StellaOps.Provenance.Mongo`) | `docs/provenance/inline-dsse.md`, `src/__Libraries/StellaOps.Provenance.Mongo` | Extend Authority/Feedser event writers to attach inline DSSE + Rekor references on every SBOM/VEX/scan event using `StellaOps.Provenance.Mongo`. | | | | PROV-OBS-53-001 | TODO | | SPRINT_110_ingestion_evidence | Exporter Guild · AirGap Time Guild · CLI Guild | | PROGRAM-STAFF-1001 | PROGRAM-STAFF-1001 | ATMI0102 | | PROV-OBS-53-002 | TODO | | SPRINT_513_provenance | Provenance Guild · Security Guild | src/Provenance/StellaOps.Provenance.Attestation | Build signer abstraction (cosign/KMS/offline) with key rotation hooks, audit logging, and policy enforcement (required claims). Provide unit tests using fake signer + real cosign fixture. Dependencies: PROV-OBS-53-001. | Wait for telemetry schema drop (046_TLTY0101) | PROB0101 | | PROV-OBS-53-003 | TODO | | SPRINT_513_provenance | Provenance Guild | src/Provenance/StellaOps.Provenance.Attestation | Deliver `PromotionAttestationBuilder` that materialises the `stella.ops/promotion@v1` predicate (image digest, SBOM/VEX materials, promotion metadata, Rekor proof) and feeds canonicalised payload bytes to Signer via StellaOps.Cryptography. | Needs #1 for shared correlation IDs | PROB0101 | | PROV-OBS-54-001 | TODO | | SPRINT_513_provenance | Provenance Guild · Evidence Locker Guild | src/Provenance/StellaOps.Provenance.Attestation | Deliver verification library that validates DSSE signatures, Merkle roots, and timeline chain-of-custody, exposing reusable CLI/service APIs. Include negative-case fixtures and offline timestamp verification. Dependencies: PROV-OBS-53-002. | Blocked on Evidence Locker DSSE hooks (002_ATEL0101) | PROB0101 | | PROV-OBS-54-002 | TODO | | SPRINT_513_provenance | Provenance Guild · DevEx/CLI Guild | src/Provenance/StellaOps.Provenance.Attestation | Generate .NET global tool for local verification + embed command helpers for CLI `stella forensic verify`. Provide deterministic packaging and offline kit instructions. Dependencies: PROV-OBS-54-001. | Requires CLI integration spec from 035_CLCI0105 | PROB0101 | | PY-32-001 | TODO | | SPRINT_153_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | | | | | PY-32-002 | TODO | | SPRINT_153_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | | | | | PY-33-001 | TODO | | SPRINT_153_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | | | | | PY-33-002 | TODO | | SPRINT_153_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | | | | | PY-34-001 | TODO | | SPRINT_153_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | | | | | QA-DOCS-401-008 | TODO | | SPRINT_401_reachability_evidence_chain | QA & Docs Guilds (`docs`, `tests/README.md`) | `docs`, `tests/README.md` | Wire `reachbench-2025-expanded` fixtures into CI, document CAS layouts + replay steps in `docs/reachability/DELIVERY_GUIDE.md`, and publish operator runbook for runtime ingestion. | | | | QA-REACH-201-007 | TODO | | SPRINT_400_runtime_facts_static_callgraph_union | QA Guild (`tests/README.md`) | `tests/README.md` | Integrate `reachbench-2025-expanded` fixture pack under `tests/reachability/`, add evaluator harness tests that validate reachable vs unreachable cases, and wire CI guidance for deterministic runs. | | | | REACH-201-001 | TODO | | SPRINT_400_runtime_facts_static_callgraph_union | Zastava Observer Guild (`src/Zastava/StellaOps.Zastava.Observer`) | `src/Zastava/StellaOps.Zastava.Observer` | | | | | REACH-201-002 | DOING | 2025-11-08 | SPRINT_400_runtime_facts_static_callgraph_union | Scanner Worker Guild (`src/Scanner/StellaOps.Scanner.Worker`) | `src/Scanner/StellaOps.Scanner.Worker` | | | | | REACH-201-003 | DOING | 2025-11-08 | SPRINT_400_runtime_facts_static_callgraph_union | Signals Guild (`src/Signals/StellaOps.Signals`) | `src/Signals/StellaOps.Signals` | | | | | REACH-201-004 | DOING | 2025-11-08 | SPRINT_400_runtime_facts_static_callgraph_union | Signals Guild · Policy Guild (`src/Signals/StellaOps.Signals`, `src/Policy/StellaOps.Policy.Engine`) | `src/Signals/StellaOps.Signals`, `src/Policy/StellaOps.Policy.Engine` | | | | | REACH-201-005 | DOING | 2025-11-08 | SPRINT_400_runtime_facts_static_callgraph_union | BE-Base Platform Guild (`src/__Libraries/StellaOps.Replay.Core`) | `src/__Libraries/StellaOps.Replay.Core` | | | | | REACH-201-006 | TODO | | SPRINT_400_runtime_facts_static_callgraph_union | Docs Guild (`docs`) | | | | | | REACH-201-007 | TODO | | SPRINT_400_runtime_facts_static_callgraph_union | QA Guild (`tests/README.md`) | `tests/README.md` | | | | | REACH-401-005 | TODO | | SPRINT_401_reachability_evidence_chain | Authority & Signer Guilds (`src/Authority/StellaOps.Authority`, `src/Signer/StellaOps.Signer`) | `src/Authority/StellaOps.Authority`, `src/Signer/StellaOps.Signer` | | | | | REACH-401-009 | TODO | | SPRINT_401_reachability_evidence_chain | Scanner Worker Guild (`src/Scanner/StellaOps.Scanner.Worker`, `src/Scanner/__Libraries`) | `src/Scanner/StellaOps.Scanner.Worker`, `src/Scanner/__Libraries` | | | | | REACH-LATTICE-401-023 | TODO | | SPRINT_401_reachability_evidence_chain | Scanner Guild · Policy Guild (`docs/reachability/lattice.md`, `docs/modules/scanner/architecture.md`, `src/Scanner/StellaOps.Scanner.WebService`) | `docs/reachability/lattice.md`, `docs/modules/scanner/architecture.md`, `src/Scanner/StellaOps.Scanner.WebService` | Define the reachability lattice model (`ReachState`, `EvidenceKind`, `MitigationKind`, scoring policy) in Scanner docs + code; ensure evidence joins write to the event graph schema. | | | | READINESS-0001 | TODO | | SPRINT_325_docs_modules_policy | Policy Guild (docs/modules/policy) | docs/modules/policy | | | | | READINESS-0002 | TODO | | SPRINT_325_docs_modules_policy | Policy Guild (docs/modules/policy) | docs/modules/policy | | | | | RECIPES-DOCS-0001 | TODO | | SPRINT_315_docs_modules_ci | Docs Guild (docs/modules/ci) | docs/modules/ci | | | | | RECIPES-ENG-0001 | TODO | | SPRINT_315_docs_modules_ci | Module Team (docs/modules/ci) | docs/modules/ci | | | | | RECIPES-OPS-0001 | TODO | | SPRINT_315_docs_modules_ci | Ops Guild (docs/modules/ci) | docs/modules/ci | | | | | REG-41-001 | TODO | | SPRINT_154_packsregistry | Packs Registry Guild (src/PacksRegistry/StellaOps.PacksRegistry) | src/PacksRegistry/StellaOps.PacksRegistry | | | | | REG-42-001 | TODO | | SPRINT_154_packsregistry | Packs Registry Guild (src/PacksRegistry/StellaOps.PacksRegistry) | src/PacksRegistry/StellaOps.PacksRegistry | | | | | REG-43-001 | TODO | | SPRINT_154_packsregistry | Packs Registry Guild (src/PacksRegistry/StellaOps.PacksRegistry) | src/PacksRegistry/StellaOps.PacksRegistry | | | | | REGISTRY-API-27-001 | TODO | | SPRINT_129_policy_reasoning | Policy Registry Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Define OpenAPI specification covering workspaces, versions, reviews, simulations, promotions, and attestations; publish typed clients for Console/CLI | | | | REGISTRY-API-27-002 | TODO | | SPRINT_129_policy_reasoning | Policy Registry Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Implement workspace storage | REGISTRY-API-27-001 | | | REGISTRY-API-27-003 | TODO | | SPRINT_129_policy_reasoning | Policy Registry Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Integrate compile endpoint: forward source bundle to Policy Engine, persist diagnostics, symbol table, rule index, and complexity metrics | REGISTRY-API-27-002 | | | REGISTRY-API-27-004 | TODO | | SPRINT_129_policy_reasoning | Policy Registry Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Implement quick simulation API with request limits | REGISTRY-API-27-003 | | | REGISTRY-API-27-005 | TODO | | SPRINT_129_policy_reasoning | Policy Registry Guild, Scheduler Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Build batch simulation orchestration: enqueue shards, collect partials, reduce deltas, produce evidence bundles + signed manifest | REGISTRY-API-27-004 | | | REGISTRY-API-27-006 | TODO | | SPRINT_129_policy_reasoning | Policy Registry Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Implement review workflow | REGISTRY-API-27-005 | | | REGISTRY-API-27-007 | TODO | | SPRINT_129_policy_reasoning | Policy Registry Guild, Security Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Implement publish pipeline: sign source/compiled digests, create attestations, mark version immutable, emit events | REGISTRY-API-27-006 | | | REGISTRY-API-27-008 | TODO | | SPRINT_129_policy_reasoning | Policy Registry Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Implement promotion bindings per tenant/environment with canary subsets, rollback path, and environment history | REGISTRY-API-27-007 | | | REGISTRY-API-27-009 | TODO | | SPRINT_129_policy_reasoning | Policy Registry Guild, Observability Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Instrument metrics/logs/traces | REGISTRY-API-27-008 | | | REGISTRY-API-27-010 | TODO | | SPRINT_129_policy_reasoning | Policy Registry Guild, QA Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Build unit/integration/load test suites for compile/sim/review/publish/promote flows; provide seeded fixtures for CI | REGISTRY-API-27-009 | | | REL-17-004 | BLOCKED | 2025-10-26 | SPRINT_506_ops_devops_iv | DevOps Guild (ops/devops) | ops/devops | | | | | REP-004 | TODO | | SPRINT_401_reachability_evidence_chain | BE-Base Platform Guild (`src/__Libraries/StellaOps.Replay.Core`, `docs/replay/DETERMINISTIC_REPLAY.md`) | `src/__Libraries/StellaOps.Replay.Core`, `docs/replay/DETERMINISTIC_REPLAY.md` | | | | | REPLAY-185-003 | TODO | | SPRINT_185_shared_replay_primitives | Docs Guild, Platform Data Guild (docs) | | | | | | REPLAY-185-004 | TODO | | SPRINT_185_shared_replay_primitives | Docs Guild (docs) | | | | | | REPLAY-186-001 | TODO | | SPRINT_186_record_deterministic_execution | Scanner Guild (`src/Scanner/StellaOps.Scanner.WebService`, `docs/modules/scanner/architecture.md`) | `src/Scanner/StellaOps.Scanner.WebService`, `docs/modules/scanner/architecture.md` | | | | | REPLAY-186-002 | TODO | | SPRINT_186_record_deterministic_execution | Scanner Guild (`src/Scanner/StellaOps.Scanner.Worker`, `docs/modules/scanner/deterministic-execution.md`) | `src/Scanner/StellaOps.Scanner.Worker`, `docs/modules/scanner/deterministic-execution.md` | | | | | REPLAY-186-003 | TODO | | SPRINT_186_record_deterministic_execution | Signing Guild (`src/Signer/StellaOps.Signer`, `src/Authority/StellaOps.Authority`) | `src/Signer/StellaOps.Signer`, `src/Authority/StellaOps.Authority` | | | | | REPLAY-186-004 | TODO | | SPRINT_186_record_deterministic_execution | Docs Guild (`docs`) | | | | | | REPLAY-187-001 | TODO | | SPRINT_160_export_evidence | Evidence Locker Guild · docs/modules/evidence-locker/architecture.md | docs/modules/evidence-locker/architecture.md | | | | | REPLAY-187-002 | TODO | | SPRINT_160_export_evidence | CLI Guild · `docs/modules/cli/architecture.md` | docs/modules/cli/architecture.md | | | | | REPLAY-187-003 | TODO | | SPRINT_187_evidence_locker_cli_integration | Attestor Guild (`src/Attestor/StellaOps.Attestor`, `docs/modules/attestor/architecture.md`) | `src/Attestor/StellaOps.Attestor`, `docs/modules/attestor/architecture.md` | | | | | REPLAY-187-004 | TODO | | SPRINT_160_export_evidence | Docs/Ops Guild · `/docs/runbooks/replay_ops.md` | docs/runbooks/replay_ops.md | | | | | REPLAY-401-004 | TODO | | SPRINT_401_reachability_evidence_chain | BE-Base Platform Guild (`src/__Libraries/StellaOps.Replay.Core`) | `src/__Libraries/StellaOps.Replay.Core` | Bump replay manifest to v2 (feeds, analyzers, policies), have `ReachabilityReplayWriter` enforce CAS registration + hash sorting, and add deterministic tests to `tests/reachability/StellaOps.Reachability.FixtureTests`. | | | | REPLAY-CORE-185-001 | TODO | | SPRINT_185_shared_replay_primitives | Platform Guild | `src/__Libraries/StellaOps.Replay.Core` | Scaffold `StellaOps.Replay.Core` with manifest schema types, canonical JSON rules, Merkle utilities, and DSSE payload builders; add `AGENTS.md`/`TASKS.md` for the new library; cross-reference `docs/replay/DETERMINISTIC_REPLAY.md` section 3 when updating the library charter. | Mirrors #1 | RLRC0101 | | REPLAY-CORE-185-002 | TODO | | SPRINT_185_shared_replay_primitives | Platform Guild | src/__Libraries/StellaOps.Replay.Core | Implement deterministic bundle writer (tar.zst, CAS naming) and hashing abstractions, updating `docs/modules/platform/architecture-overview.md` with a “Replay CAS” subsection that documents layout/retention expectations. | Mirrors #2 | RLRC0101 | | REPLAY-CORE-185-003 | TODO | | SPRINT_185_shared_replay_primitives | Platform Data Guild | src/__Libraries/StellaOps.Replay.Core | Define Mongo collections (`replay_runs`, `replay_bundles`, `replay_subjects`) and indices, then author `docs/data/replay_schema.md` detailing schema fields, constraints, and offline sync strategy. | Mirrors #3 | RLRC0101 | | REPLAY-REACH-201-005 | DOING | 2025-11-08 | SPRINT_400_runtime_facts_static_callgraph_union | BE-Base Platform Guild (`src/__Libraries/StellaOps.Replay.Core`) | `src/__Libraries/StellaOps.Replay.Core` | Update `StellaOps.Replay.Core` manifest schema + bundle writer so replay packs capture reachability graphs, runtime traces, analyzer versions, and evidence hashes; document new CAS namespace. | | | | RISK-66-001 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild, Risk Engine Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | | | | | RISK-66-002 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | | | | | RISK-66-003 | TODO | | SPRINT_127_policy_reasoning | Policy Guild, Risk Profile Schema Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | | POLICY-RISK-66-002 | | | RISK-66-004 | TODO | | SPRINT_127_policy_reasoning | Policy Guild, Risk Profile Schema Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | | POLICY-RISK-66-003 | | | RISK-67-001 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | | | | | RISK-67-002 | TODO | | SPRINT_128_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | | POLICY-RISK-67-001 | | | RISK-67-003 | TODO | | SPRINT_128_policy_reasoning | Policy Guild, Risk Engine Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | | POLICY-RISK-67-002 | | | RISK-67-004 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild, CLI Guild (docs) | | | | | | RISK-68-001 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild, Policy Studio Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | | | | | RISK-68-002 | TODO | | SPRINT_128_policy_reasoning | Risk Profile Schema Guild / src/Policy/StellaOps.Policy.RiskProfile | src/Policy/StellaOps.Policy.RiskProfile | | POLICY-RISK-68-001 | | | RISK-69-001 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild, Notifications Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | | | | | RISK-69-002 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild, Risk Engine Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | | | RISK-70-001 | TODO | | SPRINT_128_policy_reasoning | Policy Guild, Export Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | | POLICY-RISK-69-001 | | | RISK-90-001 | TODO | | SPRINT_126_policy_reasoning | Policy Guild, Scanner Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | | | | | RISK-BUNDLE-69-001 | TODO | | SPRINT_164_exportcenter_iii | Risk Bundle Export Guild, Risk Engine Guild (src/ExportCenter/StellaOps.ExportCenter.RiskBundles) | src/ExportCenter/StellaOps.ExportCenter.RiskBundles | Implement `stella export risk-bundle` job producing tarball with provider datasets, manifests, and DSSE signatures. | | | | RISK-BUNDLE-69-002 | TODO | | SPRINT_164_exportcenter_iii | Risk Bundle Export Guild, DevOps Guild (src/ExportCenter/StellaOps.ExportCenter.RiskBundles) | src/ExportCenter/StellaOps.ExportCenter.RiskBundles | Integrate bundle job into CI/offline kit pipelines with checksum publication. Dependencies: RISK-BUNDLE-69-001. | | | | RISK-BUNDLE-70-001 | TODO | | SPRINT_164_exportcenter_iii | Risk Bundle Export Guild, CLI Guild (src/ExportCenter/StellaOps.ExportCenter.RiskBundles) | src/ExportCenter/StellaOps.ExportCenter.RiskBundles | Provide CLI `stella risk bundle verify` command to validate bundles before import. Dependencies: RISK-BUNDLE-69-002. | | | | RISK-BUNDLE-70-002 | TODO | | SPRINT_164_exportcenter_iii | Risk Bundle Export Guild, Docs Guild (src/ExportCenter/StellaOps.ExportCenter.RiskBundles) | src/ExportCenter/StellaOps.ExportCenter.RiskBundles | Publish `/docs/airgap/risk-bundles.md` detailing build/import/verification workflows. Dependencies: RISK-BUNDLE-70-001. | | | | RISK-ENGINE-66-001 | TODO | | SPRINT_129_policy_reasoning | Risk Engine Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Scaffold scoring service (job queue, worker loop, provider registry) with deterministic execution harness | | | | RISK-ENGINE-66-002 | TODO | | SPRINT_129_policy_reasoning | Risk Engine Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Implement default transforms | RISK-ENGINE-66-001 | | | RISK-ENGINE-67-001 | TODO | | SPRINT_129_policy_reasoning | Risk Engine Guild, Concelier Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Integrate CVSS and KEV providers pulling data from Conseiller; implement reducers | RISK-ENGINE-66-002 | | | RISK-ENGINE-67-002 | TODO | | SPRINT_129_policy_reasoning | Risk Engine Guild, Excitor Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Integrate VEX gate provider and ensure gating short-circuits scoring as configured | RISK-ENGINE-67-001 | | | RISK-ENGINE-67-003 | TODO | | SPRINT_129_policy_reasoning | Risk Engine Guild, Policy Engine Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Add fix availability, asset criticality, and internet exposure providers with caching + TTL enforcement | RISK-ENGINE-67-002 | | | RISK-ENGINE-68-001 | TODO | | SPRINT_129_policy_reasoning | Risk Engine Guild, Findings Ledger Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Persist scoring results + explanation pointers to Findings Ledger; handle incremental updates via input hash | RISK-ENGINE-67-003 | | | RISK-ENGINE-68-002 | TODO | | SPRINT_129_policy_reasoning | Risk Engine Guild, API Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Expose APIs | RISK-ENGINE-68-001 | | | RISK-ENGINE-69-001 | TODO | | SPRINT_129_policy_reasoning | Risk Engine Guild, Policy Studio Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Implement simulation mode producing distributions and top movers without mutating ledger | RISK-ENGINE-68-002 | | | RISK-ENGINE-69-002 | TODO | | SPRINT_129_policy_reasoning | Risk Engine Guild, Observability Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Add telemetry | RISK-ENGINE-69-001 | | | RISK-ENGINE-70-001 | TODO | | SPRINT_129_policy_reasoning | Risk Engine Guild, Export Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Support offline provider bundles with manifest verification and missing-data reporting | RISK-ENGINE-69-002 | | | RISK-ENGINE-70-002 | TODO | | SPRINT_129_policy_reasoning | Risk Engine Guild, Observability Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Integrate runtime evidence provider and reachability provider outputs with caching + TTL | RISK-ENGINE-70-001 | | | RULES-33-001 | REVIEW (2025-10-30) | 2025-10-30 | SPRINT_506_ops_devops_iv | DevOps Guild, Platform Leads (ops/devops) | ops/devops | | | | | RUNBOOK-401-017 | TODO | | SPRINT_401_reachability_evidence_chain | Docs Guild · Ops Guild (`docs/runbooks/reachability-runtime.md`, `docs/reachability/DELIVERY_GUIDE.md`) | `docs/runbooks/reachability-runtime.md`, `docs/reachability/DELIVERY_GUIDE.md` | | | | | RUNBOOK-55-001 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild, Ops Guild (docs) | | | | | | RUNBOOK-REPLAY-187-004 | TODO | | SPRINT_160_export_evidence | Docs/Ops Guild · `/docs/runbooks/replay_ops.md` | docs/runbooks/replay_ops.md | Docs/Ops Guild · `/docs/runbooks/replay_ops.md` | | | | RUNTIME-401-002 | TODO | | SPRINT_401_reachability_evidence_chain | Signals Guild (`src/Signals/StellaOps.Signals`) | `src/Signals/StellaOps.Signals` | | | | | RUNTIME-PROBE-401-010 | TODO | | SPRINT_401_reachability_evidence_chain | Runtime Signals Guild (`src/Signals/StellaOps.Signals.Runtime`, `ops/probes`) | `src/Signals/StellaOps.Signals.Runtime`, `ops/probes` | Implement lightweight runtime probes (EventPipe/.NET, JFR/JVM) that capture method enter events for the target components, package them as CAS traces, and feed them into the Signals ingestion pipeline. | | | | SAMPLES-GRAPH-24-003 | TODO | | SPRINT_509_samples | Samples Guild, SBOM Service Guild (samples) | | Generate large-scale SBOM graph fixture (≈40k nodes) with policy overlay snapshot for performance/perf regression suites. | | | | SAMPLES-GRAPH-24-004 | TODO | | SPRINT_509_samples | Samples Guild, UI Guild (samples) | | Create vulnerability explorer JSON/CSV fixtures capturing conflicting evidence and policy outputs for UI/CLI automated tests. Dependencies: SAMPLES-GRAPH-24-003. | | | | SAMPLES-LNM-22-001 | BLOCKED | 2025-10-27 | SPRINT_509_samples | Samples Guild, Concelier Guild (samples) | | Create advisory observation/linkset fixtures (NVD, GHSA, OSV disagreements) for API/CLI/UI tests with documented conflicts. Waiting on finalized schema/linkset outputs. | | | | SAMPLES-LNM-22-002 | BLOCKED | 2025-10-27 | SPRINT_509_samples | Samples Guild, Excititor Guild (samples) | | Produce VEX observation/linkset fixtures demonstrating status conflicts and path relevance; include raw blobs. Pending Excititor observation/linkset implementation. Dependencies: SAMPLES-LNM-22-001. | | | | SBOM-60-001 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | | | SBOM-60-002 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | | | SBOM-AIAI-31-001 | TODO | | SPRINT_140_runtime_signals | — | | Advisory AI path/timeline endpoints specced; awaiting projection schema finalization. | — | DOAI0101 | | SBOM-AIAI-31-002 | TODO | | SPRINT_140_runtime_signals | | | Metrics/dashboards tied to 31-001; blocked on the same schema availability. | | | | SBOM-AIAI-31-003 | TODO | 2025-11-03 | SPRINT_111_advisoryai | SBOM Service Guild, Advisory AI Guild (src/SbomService/StellaOps.SbomService) | src/SbomService/StellaOps.SbomService | Publish the Advisory AI hand-off kit for `/v1/sbom/context`, share base URL/API key + tenant header contract, and run a joint end-to-end retrieval smoke test with Advisory AI. Dependencies: SBOM-AIAI-31-001. | | | | SBOM-CONSOLE-23-001 | TODO | | SPRINT_140_runtime_signals | | | Console catalog API draft complete; depends on Concelier/Cartographer payload definitions. | | | | SBOM-CONSOLE-23-002 | TODO | | SPRINT_140_runtime_signals | | | Global component lookup API needs 23-001 responses + cache hints before work can start. | | | | SBOM-DET-01 | TODO | | SPRINT_209_ui_i | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | | | | | SBOM-ORCH-32-001 | TODO | | SPRINT_140_runtime_signals | | | Orchestrator registration is sequenced after projection schema because payload shapes map into job metadata. | | | | SBOM-ORCH-33-001 | TODO | | SPRINT_140_runtime_signals | | | Backpressure/telemetry features depend on 32-001 workers. | | | | SBOM-ORCH-34-001 | TODO | | SPRINT_140_runtime_signals | | | Backfill + watermark logic requires the orchestrator integration from 33-001. | | | | SBOM-SERVICE-21-001 | BLOCKED | | SPRINT_140_runtime_signals | | | Normalized SBOM projection schema cannot ship until Concelier (`CONCELIER-GRAPH-21-001`) delivers Link-Not-Merge definitions. | | | | SBOM-SERVICE-21-002 | BLOCKED | | SPRINT_140_runtime_signals | | | Change events hinge on 21-001 response contract; no work underway. | | | | SBOM-SERVICE-21-003 | BLOCKED | | SPRINT_140_runtime_signals | | | Entry point/service node management blocked behind 21-002 event outputs. | | | | SBOM-SERVICE-21-004 | BLOCKED | | SPRINT_140_runtime_signals | | | Observability wiring follows projection + event pipelines; on hold. | | | | SBOM-SERVICE-23-001 | TODO | | SPRINT_140_runtime_signals | | | Asset metadata extensions queued once 21-004 observability baseline exists. | | | | SBOM-SERVICE-23-002 | TODO | | SPRINT_140_runtime_signals | | | Asset update events depend on 23-001 schema. | | | | SBOM-VULN-29-001 | TODO | | SPRINT_140_runtime_signals | | | Inventory evidence feed deferred until projection schema + runtime align. | | | | SBOM-VULN-29-002 | TODO | | SPRINT_140_runtime_signals | | | Resolver feed requires 29-001 event payloads. | | | | SCAN-001 | TODO | | SPRINT_400_runtime_facts_static_callgraph_union | Scanner Worker Guild (`src/Scanner/StellaOps.Scanner.Worker`, `docs/modules/scanner/architecture.md`, `docs/reachability/function-level-evidence.md`) | `src/Scanner/StellaOps.Scanner.Worker`, `docs/modules/scanner/architecture.md`, `docs/reachability/function-level-evidence.md` | | | | | SCAN-90-004 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild, Scanner Guild (ops/devops) | ops/devops | | | | | SCAN-DETER-186-008 | TODO | | SPRINT_186_record_deterministic_execution | Scanner Guild · Provenance Guild | `src/Scanner/StellaOps.Scanner.WebService`, `src/Scanner/StellaOps.Scanner.Worker` | Add deterministic execution switches to Scanner (fixed clock, RNG seed, concurrency cap, feed/policy snapshot pins, log filtering) available via CLI/env/config so repeated runs stay hermetic. | ENTROPY-186-012 & SCANNER-ENV-02 | SCDE0102 | | SCAN-DETER-186-009 | TODO | | SPRINT_186_record_deterministic_execution | Scanner Guild, QA Guild (`src/Scanner/StellaOps.Scanner.Replay`, `src/Scanner/__Tests`) | `src/Scanner/StellaOps.Scanner.Replay`, `src/Scanner/__Tests` | Build a determinism harness that replays N scans per image, canonicalises SBOM/VEX/findings/log outputs, and records per-run hash matrices (see `docs/modules/scanner/determinism-score.md`). | | | | SCAN-DETER-186-010 | TODO | | SPRINT_186_record_deterministic_execution | Scanner Guild, Export Center Guild (`src/Scanner/StellaOps.Scanner.WebService`, `docs/modules/scanner/operations/release.md`) | `src/Scanner/StellaOps.Scanner.WebService`, `docs/modules/scanner/operations/release.md` | Emit and publish `determinism.json` (scores, artifact hashes, non-identical diffs) alongside each scanner release via CAS/object storage APIs (documented in `docs/modules/scanner/determinism-score.md`). | | | | SCAN-ENTROPY-186-011 | TODO | | SPRINT_186_record_deterministic_execution | Scanner Guild (`src/Scanner/StellaOps.Scanner.Worker`, `src/Scanner/__Libraries`) | `src/Scanner/StellaOps.Scanner.Worker`, `src/Scanner/__Libraries` | Implement entropy analysis for ELF/PE/Mach-O executables and large opaque blobs (sliding-window metrics, section heuristics), flagging high-entropy regions and recording offsets/hints (see `docs/modules/scanner/entropy.md`). | | | | SCAN-ENTROPY-186-012 | TODO | | SPRINT_186_record_deterministic_execution | Scanner Guild, Provenance Guild (`src/Scanner/StellaOps.Scanner.WebService`, `docs/replay/DETERMINISTIC_REPLAY.md`) | `src/Scanner/StellaOps.Scanner.WebService`, `docs/replay/DETERMINISTIC_REPLAY.md` | Generate `entropy.report.json` and image-level penalties, attach evidence to scan manifests/attestations, and expose opaque ratios for downstream policy engines (`docs/modules/scanner/entropy.md`). | | | | SCAN-REACH-201-002 | DOING | 2025-11-08 | SPRINT_400_runtime_facts_static_callgraph_union | Scanner Worker Guild (`src/Scanner/StellaOps.Scanner.Worker`) | `src/Scanner/StellaOps.Scanner.Worker` | Ship language-aware static lifters (JVM, .NET/Roslyn+IL, Go SSA, Node/Deno TS AST, Rust MIR, Swift SIL, shell/binary analyzers) in Scanner Worker; emit canonical SymbolIDs, CAS-stored graphs, and attach reachability tags to SBOM components. | | | | SCAN-REACH-401-009 | TODO | | SPRINT_401_reachability_evidence_chain | Scanner Worker Guild (`src/Scanner/StellaOps.Scanner.Worker`, `src/Scanner/__Libraries`) | `src/Scanner/StellaOps.Scanner.Worker`, `src/Scanner/__Libraries` | Ship .NET/JVM symbolizers and call-graph generators (roots, edges, framework adapters), merge results into component-level reachability manifests, and back them with golden fixtures. | | | | SCAN-REPLAY-186-001 | TODO | | SPRINT_186_record_deterministic_execution | Scanner Guild (`src/Scanner/StellaOps.Scanner.WebService`, `docs/modules/scanner/architecture.md`) | `src/Scanner/StellaOps.Scanner.WebService`, `docs/modules/scanner/architecture.md` | Implement `record` mode in `StellaOps.Scanner.WebService` (manifest assembly, policy/feed/tool hash capture, CAS uploads) and document the workflow in `docs/modules/scanner/architecture.md` with references to `docs/replay/DETERMINISTIC_REPLAY.md` Section 6. | | | | SCAN-REPLAY-186-002 | TODO | | SPRINT_186_record_deterministic_execution | Scanner Guild (`src/Scanner/StellaOps.Scanner.Worker`, `docs/modules/scanner/deterministic-execution.md`) | `src/Scanner/StellaOps.Scanner.Worker`, `docs/modules/scanner/deterministic-execution.md` | Update `StellaOps.Scanner.Worker` analyzers to consume sealed input bundles, enforce deterministic ordering, and contribute Merkle metadata; extend `docs/modules/scanner/deterministic-execution.md` (new) summarising invariants drawn from `docs/replay/DETERMINISTIC_REPLAY.md` Section 4. | | | | SCANNER-ANALYZERS-DENO-26-001 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Build the deterministic input normalizer + VFS merger for `deno.json(c)`, import maps, lockfiles, vendor trees, `$DENO_DIR`, and OCI layers so analyzers have a canonical file view. | | | | SCANNER-ANALYZERS-DENO-26-002 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Implement the module graph resolver covering static/dynamic imports, npm bridge, cache lookups, built-ins, WASM/JSON assertions, and annotate edges with their resolution provenance. | SCANNER-ANALYZERS-DENO-26-001 | | | SCANNER-ANALYZERS-DENO-26-003 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Ship the npm/node compatibility adapter that maps `npm:` specifiers, evaluates `exports` conditionals, and logs builtin usage for policy overlays. | SCANNER-ANALYZERS-DENO-26-002 | | | SCANNER-ANALYZERS-DENO-26-004 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Add the permission/capability analyzer covering FS/net/env/process/crypto/FFI/workers plus dynamic-import + literal fetch heuristics with reason codes. | SCANNER-ANALYZERS-DENO-26-003 | | | SCANNER-ANALYZERS-DENO-26-005 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Build bundle/binary inspectors for eszip and `deno compile` executables to recover graphs, configs, embedded resources, and snapshots. | SCANNER-ANALYZERS-DENO-26-004 | | | SCANNER-ANALYZERS-DENO-26-006 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Implement the OCI/container adapter that stitches per-layer Deno caches, vendor trees, and compiled binaries back into provenance-aware analyzer inputs. | SCANNER-ANALYZERS-DENO-26-005 | | | SCANNER-ANALYZERS-DENO-26-007 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Produce AOC-compliant observation writers (entrypoints, modules, capability edges, workers, warnings, binaries) with deterministic reason codes. | SCANNER-ANALYZERS-DENO-26-006 | | | SCANNER-ANALYZERS-DENO-26-008 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild, QA Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Finalize fixture + benchmark suite (vendor/npm/FFI/worker/dynamic import/bundle/cache/container cases) validating analyzer determinism and performance. | SCANNER-ANALYZERS-DENO-26-007 | | | SCANNER-ANALYZERS-DENO-26-009 | TODO | | SPRINT_131_scanner_surface | Deno Analyzer Guild, Signals Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Optional runtime evidence hooks (loader/require shim) capturing module loads + permissions during harnessed execution with path hashing. | SCANNER-ANALYZERS-DENO-26-008 | | | SCANNER-ANALYZERS-DENO-26-010 | TODO | | SPRINT_131_scanner_surface | Deno Analyzer Guild, DevOps Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Package analyzer plug-in, add CLI (`stella deno inspect`, `stella deno resolve`, `stella deno trace`) commands, update Offline Kit docs, ensure Worker integration. | SCANNER-ANALYZERS-DENO-26-009 | | | SCANNER-ANALYZERS-DENO-26-011 | TODO | | SPRINT_131_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Policy signal emitter: net/fs/env/ffi/process/crypto capabilities, remote origin list, npm usage, wasm modules, dynamic-import warnings. | SCANNER-ANALYZERS-DENO-26-010 | | | SCANNER-ANALYZERS-JAVA-21-005 | TODO | | SPRINT_131_scanner_surface | Java Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Framework config extraction: Spring Boot imports, spring.factories, application properties/yaml, Jakarta web.xml & fragments, JAX-RS/JPA/CDI/JAXB configs, logging files, Graal native-image configs. | | | | SCANNER-ANALYZERS-JAVA-21-006 | TODO | | SPRINT_131_scanner_surface | Java Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | JNI/native hint scanner: detect native methods, System.load/Library literals, bundled native libs, Graal JNI configs; emit `jni-load` edges for native analyzer correlation. | SCANNER-ANALYZERS-JAVA-21-005 | | | SCANNER-ANALYZERS-JAVA-21-007 | TODO | | SPRINT_131_scanner_surface | Java Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Signature and manifest metadata collector: verify JAR signature structure, capture signers, manifest loader attributes (Main-Class, Agent-Class, Start-Class, Class-Path). | SCANNER-ANALYZERS-JAVA-21-006 | | | SCANNER-ANALYZERS-JAVA-21-008 | BLOCKED | 2025-10-27 | SPRINT_131_scanner_surface | Java Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Implement resolver + AOC writer: produce entrypoints (env profiles, warnings), components (jar_id + semantic ids), edges (jpms, cp, spi, reflect, jni) with reason codes/confidence. | SCANNER-ANALYZERS-JAVA-21-007 | | | SCANNER-ANALYZERS-JAVA-21-009 | TODO | | SPRINT_131_scanner_surface | Java Analyzer Guild, QA Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Author comprehensive fixtures (modular app, boot fat jar, war, ear, MR-jar, jlink image, JNI, reflection heavy, signed jar, microprofile) with golden outputs and perf benchmarks. | SCANNER-ANALYZERS-JAVA-21-008 | | | SCANNER-ANALYZERS-JAVA-21-010 | TODO | | SPRINT_131_scanner_surface | Java Analyzer Guild, Signals Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Optional runtime ingestion: Java agent + JFR reader capturing class load, ServiceLoader, and System.load events with path scrubbing. Emit append-only runtime edges `runtime-class`/`runtime-spi`/`runtime-load`. | SCANNER-ANALYZERS-JAVA-21-009 | | | SCANNER-ANALYZERS-JAVA-21-011 | TODO | | SPRINT_131_scanner_surface | Java Analyzer Guild, DevOps Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Package analyzer as restart-time plug-in (manifest/DI), update Offline Kit docs, add CLI/worker hooks for Java inspection commands. | SCANNER-ANALYZERS-JAVA-21-010 | | | SCANNER-ANALYZERS-LANG-11-001 | TODO | | SPRINT_131_scanner_surface | StellaOps.Scanner EPDR Guild, Language Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Build entrypoint resolver that maps project/publish artifacts to entrypoint identities (assembly name, MVID, TFM, RID) and environment profiles (publish mode, host kind, probing paths). Output normalized `entrypoints[]` records with deterministic IDs. | SCANNER-ANALYZERS-LANG-10-309 | | | SCANNER-ANALYZERS-LANG-11-002 | TODO | | SPRINT_132_scanner_surface | StellaOps.Scanner EPDR Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Implement static analyzer (IL + reflection heuristics) capturing AssemblyRef, ModuleRef/PInvoke, DynamicDependency, reflection literals, DI patterns, and custom AssemblyLoadContext probing hints. Emit dependency edges with reason codes and confidence. | SCANNER-ANALYZERS-LANG-11-001 | | | SCANNER-ANALYZERS-LANG-11-003 | TODO | | SPRINT_132_scanner_surface | StellaOps.Scanner EPDR Guild, Signals Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Ingest optional runtime evidence (AssemblyLoad, Resolving, P/Invoke) via event listener harness; merge runtime edges with static/declared ones and attach reason codes/confidence. | SCANNER-ANALYZERS-LANG-11-002 | | | SCANNER-ANALYZERS-LANG-11-004 | TODO | | SPRINT_132_scanner_surface | StellaOps.Scanner EPDR Guild, SBOM Service Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Produce normalized observation export to Scanner writer: entrypoints + dependency edges + environment profiles (AOC compliant). Wire to SBOM service entrypoint tagging. | SCANNER-ANALYZERS-LANG-11-003 | | | SCANNER-ANALYZERS-LANG-11-005 | TODO | | SPRINT_132_scanner_surface | StellaOps.Scanner EPDR Guild, QA Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Add comprehensive fixtures/benchmarks covering framework-dependent, self-contained, single-file, trimmed, NativeAOT, multi-RID scenarios; include explain traces and perf benchmarks vs previous analyzer. | SCANNER-ANALYZERS-LANG-11-004 | | | SCANNER-ANALYZERS-NATIVE-20-001 | TODO | | SPRINT_132_scanner_surface | Native Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Implement format detector and binary identity model supporting ELF, PE/COFF, and Mach-O (including fat slices). Capture arch, OS, build-id/UUID, interpreter metadata. | | | | SCANNER-ANALYZERS-NATIVE-20-002 | TODO | | SPRINT_132_scanner_surface | Native Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Parse ELF dynamic sections: `DT_NEEDED`, `DT_RPATH`, `DT_RUNPATH`, symbol versions, interpreter, and note build-id. Emit declared dependency records with reason `elf-dtneeded` and attach version needs. | SCANNER-ANALYZERS-NATIVE-20-001 | | | SCANNER-ANALYZERS-NATIVE-20-003 | TODO | | SPRINT_132_scanner_surface | Native Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Parse PE imports, delay-load tables, manifests/SxS metadata, and subsystem flags. Emit edges with reasons `pe-import` and `pe-delayimport`, plus SxS policy metadata. | SCANNER-ANALYZERS-NATIVE-20-002 | | | SCANNER-ANALYZERS-NATIVE-20-004 | TODO | | SPRINT_132_scanner_surface | Native Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Parse Mach-O load commands (`LC_LOAD_DYLIB`, `LC_REEXPORT_DYLIB`, `LC_RPATH`, `LC_UUID`, fat headers). Handle `@rpath/@loader_path` placeholders and slice separation. | SCANNER-ANALYZERS-NATIVE-20-003 | | | SCANNER-ANALYZERS-NATIVE-20-005 | TODO | | SPRINT_132_scanner_surface | Native Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Implement resolver engine modeling loader search order for ELF (rpath/runpath/cache/default), PE (SafeDll search + SxS), and Mach-O (`@rpath` expansion). Works against virtual image roots, producing explain traces. | SCANNER-ANALYZERS-NATIVE-20-004 | | | SCANNER-ANALYZERS-NATIVE-20-006 | TODO | | SPRINT_132_scanner_surface | Native Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Build heuristic scanner for `dlopen`/`LoadLibrary` strings, plugin ecosystem configs, and Go/Rust static hints. Emit edges with `reason_code` (`string-dlopen`, `config-plugin`, `ecosystem-heuristic`) and confidence levels. | SCANNER-ANALYZERS-NATIVE-20-005 | | | SCANNER-ANALYZERS-NATIVE-20-007 | TODO | | SPRINT_132_scanner_surface | Native Analyzer Guild, SBOM Service Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Serialize AOC-compliant observations: entrypoints + dependency edges + environment profiles (search paths, interpreter, loader metadata). Integrate with Scanner writer API. | SCANNER-ANALYZERS-NATIVE-20-006 | | | SCANNER-ANALYZERS-NATIVE-20-008 | TODO | | SPRINT_132_scanner_surface | Native Analyzer Guild, QA Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Author cross-platform fixtures (ELF dynamic/static, PE delay-load/SxS, Mach-O @rpath, plugin configs) and determinism benchmarks (<25 ms / binary, <250 MB). | SCANNER-ANALYZERS-NATIVE-20-007 | | | SCANNER-ANALYZERS-NATIVE-20-009 | TODO | | SPRINT_132_scanner_surface | Native Analyzer Guild, Signals Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Provide optional runtime capture adapters (Linux eBPF `dlopen`, Windows ETW ImageLoad, macOS dyld interpose) writing append-only runtime evidence. Include redaction/sandbox guidance. | SCANNER-ANALYZERS-NATIVE-20-008 | | | SCANNER-ANALYZERS-NATIVE-20-010 | TODO | | SPRINT_132_scanner_surface | Native Analyzer Guild, DevOps Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Package native analyzer as restart-time plug-in with manifest/DI registration; update Offline Kit bundle + documentation. | SCANNER-ANALYZERS-NATIVE-20-009 | | | SCANNER-ANALYZERS-NODE-22-001 | TODO | | SPRINT_132_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Build input normalizer + VFS for Node projects: dirs, tgz, container layers, pnpm store, Yarn PnP zips; detect Node version targets (`.nvmrc`, `.node-version`, Dockerfile) and workspace roots deterministically. | | | | SCANNER-ANALYZERS-NODE-22-002 | TODO | | SPRINT_132_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Implement entrypoint discovery (bin/main/module/exports/imports, workers, electron, shebang scripts) and condition set builder per entrypoint. | SCANNER-ANALYZERS-NODE-22-001 | | | SCANNER-ANALYZERS-NODE-22-003 | TODO | | SPRINT_132_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Parse JS/TS sources for static `import`, `require`, `import()` and string concat cases; flag dynamic patterns with confidence levels; support source map de-bundling. | SCANNER-ANALYZERS-NODE-22-002 | | | SCANNER-ANALYZERS-NODE-22-004 | TODO | | SPRINT_132_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Implement Node resolver engine for CJS + ESM (core modules, exports/imports maps, conditions, extension priorities, self-references) parameterised by node_version. | SCANNER-ANALYZERS-NODE-22-003 | | | SCANNER-ANALYZERS-NODE-22-005 | TODO | | SPRINT_132_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Add package manager adapters: Yarn PnP (.pnp.data/.pnp.cjs), pnpm virtual store, npm/Yarn classic hoists; operate entirely in virtual FS. | SCANNER-ANALYZERS-NODE-22-004 | | | SCANNER-ANALYZERS-NODE-22-006 | TODO | | SPRINT_133_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Detect bundles + source maps, reconstruct module specifiers, and correlate to original paths; support dual CJS/ESM graphs with conditions. | SCANNER-ANALYZERS-NODE-22-005 | | | SCANNER-ANALYZERS-NODE-22-007 | TODO | | SPRINT_133_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Scan for native addons (.node), WASM modules, and core capability signals (child_process, vm, worker_threads); emit hint edges and native metadata. | SCANNER-ANALYZERS-NODE-22-006 | | | SCANNER-ANALYZERS-NODE-22-008 | TODO | | SPRINT_133_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Produce AOC-compliant observations: entrypoints, components (pkg/native/wasm), edges (esm-import, cjs-require, exports, json, native-addon, wasm, worker) with reason codes/confidence and resolver traces. | SCANNER-ANALYZERS-NODE-22-007 | | | SCANNER-ANALYZERS-NODE-22-009 | TODO | | SPRINT_133_scanner_surface | Node Analyzer Guild, QA Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Author fixture suite + performance benchmarks (npm, pnpm, PnP, bundle, electron, worker) with golden outputs and latency budgets. | SCANNER-ANALYZERS-NODE-22-008 | | | SCANNER-ANALYZERS-NODE-22-010 | TODO | | SPRINT_133_scanner_surface | Node Analyzer Guild, Signals Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Implement optional runtime evidence hooks (ESM loader, CJS require hook) with path scrubbing and loader ID hashing; emit runtime-* edges. | SCANNER-ANALYZERS-NODE-22-009 | | | SCANNER-ANALYZERS-NODE-22-011 | TODO | | SPRINT_133_scanner_surface | Node Analyzer Guild, DevOps Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Package updated analyzer as restart-time plug-in, expose Scanner CLI (`stella node *`) commands, refresh Offline Kit documentation. | SCANNER-ANALYZERS-NODE-22-010 | | | SCANNER-ANALYZERS-NODE-22-012 | TODO | | SPRINT_133_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Integrate container filesystem adapter (OCI layers, Dockerfile hints) and record NODE_OPTIONS/env warnings. | SCANNER-ANALYZERS-NODE-22-011 | | | SCANNER-ANALYZERS-PHP-27-001 | TODO | | SPRINT_133_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Build input normalizer & VFS for PHP projects: merge source trees, composer manifests, vendor/, php.ini/conf.d, `.htaccess`, FPM configs, container layers. Detect framework/CMS fingerprints deterministically. | — | SCSA0101 | | SCANNER-ANALYZERS-PHP-27-002 | TODO | | SPRINT_133_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Composer/Autoload analyzer: parse composer.json/lock/installed.json, generate package nodes, autoload edges (psr-4/0/classmap/files), bin entrypoints, composer plugins. | SCANNER-ANALYZERS-PHP-27-001 | | | SCANNER-ANALYZERS-PHP-27-003 | TODO | | SPRINT_133_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Include/require graph builder: resolve static includes, capture dynamic include patterns, bootstrap chains, merge with autoload edges. | SCANNER-ANALYZERS-PHP-27-002 | | | SCANNER-ANALYZERS-PHP-27-004 | TODO | | SPRINT_133_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Runtime capability scanner: detect exec/fs/net/env/serialization/crypto/database usage, stream wrappers, uploads; record evidence snippets. | SCANNER-ANALYZERS-PHP-27-003 | | | SCANNER-ANALYZERS-PHP-27-005 | TODO | | SPRINT_133_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | PHAR/Archive inspector: parse phar manifests/stubs, hash files, detect embedded vendor trees and phar:// usage. | SCANNER-ANALYZERS-PHP-27-004 | | | SCANNER-ANALYZERS-PHP-27-006 | TODO | | SPRINT_133_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Framework/CMS surface mapper: extract routes, controllers, middleware, CLI/cron entrypoints for Laravel/Symfony/Slim/WordPress/Drupal/Magento. | SCANNER-ANALYZERS-PHP-27-005 | | | SCANNER-ANALYZERS-PHP-27-007 | TODO | | SPRINT_133_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Container & extension detector: parse php.ini/conf.d, map extensions to .so/.dll, collect web server/FPM settings, upload limits, disable_functions. | SCANNER-ANALYZERS-PHP-27-006 | | | SCANNER-ANALYZERS-PHP-27-008 | TODO | | SPRINT_134_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Produce AOC-compliant observations: entrypoints, packages, extensions, modules, edges (require/autoload), capabilities, routes, configs. | SCANNER-ANALYZERS-PHP-27-002 | | | SCANNER-ANALYZERS-PHP-27-009 | TODO | | SPRINT_134_scanner_surface | PHP Analyzer Guild, QA Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Fixture suite + performance benchmarks (Laravel, Symfony, WordPress, legacy, PHAR, container) with golden outputs. | SCANNER-ANALYZERS-PHP-27-007 | | | SCANNER-ANALYZERS-PHP-27-010 | TODO | | SPRINT_134_scanner_surface | PHP Analyzer Guild, Signals Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Optional runtime evidence hooks (if provided) to ingest audit logs or opcode cache stats with path hashing. | SCANNER-ANALYZERS-PHP-27-009 | | | SCANNER-ANALYZERS-PHP-27-011 | TODO | | SPRINT_134_scanner_surface | PHP Analyzer Guild, DevOps Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Package analyzer plug-in, add CLI (`stella php inspect`), refresh Offline Kit documentation. | SCANNER-ANALYZERS-PHP-27-010 | | | SCANNER-ANALYZERS-PHP-27-012 | TODO | | SPRINT_134_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Policy signal emitter: extension requirements/presence, dangerous constructs counters, stream wrapper usage, capability summaries. | SCANNER-ANALYZERS-PHP-27-011 | | | SCANNER-ANALYZERS-PYTHON-23-001 | TODO | | SPRINT_134_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Build input normalizer & virtual filesystem for wheels, sdists, editable installs, zipapps, site-packages trees, and container roots. Detect Python version targets (`pyproject.toml`, `runtime.txt`, Dockerfile) + virtualenv layout deterministically. | | | | SCANNER-ANALYZERS-PYTHON-23-002 | TODO | | SPRINT_134_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Entrypoint discovery: module `__main__`, console_scripts entry points, `scripts`, zipapp main, `manage.py`/gunicorn/celery patterns. Capture invocation context (module vs package, argv wrappers). | SCANNER-ANALYZERS-PYTHON-23-001 | | | SCANNER-ANALYZERS-PYTHON-23-003 | TODO | | SPRINT_134_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Static import graph builder using AST and bytecode fallback. Support `import`, `from ... import`, relative imports, `importlib.import_module`, `__import__` with literal args, `pkgutil.extend_path`. | SCANNER-ANALYZERS-PYTHON-23-002 | | | SCANNER-ANALYZERS-PYTHON-23-004 | TODO | | SPRINT_134_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Python resolver engine (importlib semantics) handling namespace packages (PEP 420), package discovery order, `.pth` files, `sys.path` composition, zipimport, and site-packages precedence across virtualenv/container roots. | SCANNER-ANALYZERS-PYTHON-23-003 | | | SCANNER-ANALYZERS-PYTHON-23-005 | TODO | | SPRINT_134_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Packaging adapters: pip editable (`.egg-link`), Poetry/Flit layout, Conda prefix, `.dist-info/RECORD` cross-check, container layer overlays. | SCANNER-ANALYZERS-PYTHON-23-004 | | | SCANNER-ANALYZERS-PYTHON-23-006 | TODO | | SPRINT_134_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Detect native extensions (`*.so`, `*.pyd`), CFFI modules, ctypes loaders, embedded WASM, and runtime capability signals (subprocess, multiprocessing, ctypes, eval). | SCANNER-ANALYZERS-PYTHON-23-005 | | | SCANNER-ANALYZERS-PYTHON-23-007 | TODO | | SPRINT_134_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Framework/config heuristics: Django, Flask, FastAPI, Celery, AWS Lambda handlers, Gunicorn, Click/Typer CLIs, logging configs, pyproject optional dependencies. Tagged as hints only. | SCANNER-ANALYZERS-PYTHON-23-006 | | | SCANNER-ANALYZERS-PYTHON-23-008 | TODO | | SPRINT_134_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Produce AOC-compliant observations: entrypoints, components (modules/packages/native), edges (import, namespace, dynamic-hint, native-extension) with reason codes/confidence and resolver traces. | SCANNER-ANALYZERS-PYTHON-23-007 | | | SCANNER-ANALYZERS-PYTHON-23-009 | TODO | | SPRINT_134_scanner_surface | Python Analyzer Guild, QA Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Fixture suite + perf benchmarks covering virtualenv, namespace packages, zipapp, editable installs, containers, lambda handler. | SCANNER-ANALYZERS-PYTHON-23-008 | | | SCANNER-ANALYZERS-PYTHON-23-010 | TODO | | SPRINT_134_scanner_surface | Python Analyzer Guild, Signals Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Optional runtime evidence: import hook capturing module load events with path scrubbing, optional bytecode instrumentation for `importlib` hooks, multiprocessing tracer. | SCANNER-ANALYZERS-PYTHON-23-009 | | | SCANNER-ANALYZERS-PYTHON-23-011 | TODO | | SPRINT_134_scanner_surface | Python Analyzer Guild, DevOps Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Package analyzer plug-in, add CLI commands (`stella python inspect`), refresh Offline Kit documentation. | SCANNER-ANALYZERS-PYTHON-23-010 | | | SCANNER-ANALYZERS-PYTHON-23-012 | TODO | | SPRINT_135_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Container/zipapp adapter enhancements: parse OCI layers for Python runtime, detect `PYTHONPATH`/`PYTHONHOME` env, record warnings for sitecustomize/startup hooks. | SCANNER-ANALYZERS-PYTHON-23-011 | | | SCANNER-ANALYZERS-RUBY-28-001 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Build input normalizer & VFS for Ruby projects: merge source trees, Gemfile/Gemfile.lock, vendor/bundle, .gem archives, `.bundle/config`, Rack configs, containers. Detect framework/job fingerprints deterministically. | | | | SCANNER-ANALYZERS-RUBY-28-002 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Gem & Bundler analyzer: parse Gemfile/Gemfile.lock, vendor specs, .gem archives, produce package nodes (PURLs), dependency edges, bin scripts, Bundler group metadata. | SCANNER-ANALYZERS-RUBY-28-001 | | | SCANNER-ANALYZERS-RUBY-28-003 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Require/autoload graph builder: resolve static/dynamic require, require_relative, load; infer Zeitwerk autoload paths and Rack boot chain. | SCANNER-ANALYZERS-RUBY-28-002 | | | SCANNER-ANALYZERS-RUBY-28-004 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Framework surface mapper: extract routes/controllers/middleware for Rails/Rack/Sinatra/Grape/Hanami; inventory jobs/schedulers (Sidekiq, Resque, ActiveJob, whenever, clockwork). | SCANNER-ANALYZERS-RUBY-28-003 | | | SCANNER-ANALYZERS-RUBY-28-005 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Capability analyzer: detect os-exec, filesystem, network, serialization, crypto, DB usage, TLS posture, dynamic eval; record evidence snippets with file/line. | SCANNER-ANALYZERS-RUBY-28-004 | | | SCANNER-ANALYZERS-RUBY-28-006 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Rake task & scheduler analyzer: parse Rakefiles/lib/tasks, capture task names/prereqs/shell commands; parse Sidekiq/whenever/clockwork configs into schedules. | SCANNER-ANALYZERS-RUBY-28-005 | | | SCANNER-ANALYZERS-RUBY-28-007 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Container/runtime scanner: detect Ruby version, installed gems, native extensions, web server configs in OCI layers. | SCANNER-ANALYZERS-RUBY-28-006 | | | SCANNER-ANALYZERS-RUBY-28-008 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Produce AOC-compliant observations: entrypoints, packages, modules, edges (require/autoload), routes, jobs, tasks, capabilities, configs, warnings. | SCANNER-ANALYZERS-RUBY-28-007 | | | SCANNER-ANALYZERS-RUBY-28-009 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild, QA Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Fixture suite + performance benchmarks (Rails, Rack, Sinatra, Sidekiq, legacy, .gem, container) with golden outputs. | SCANNER-ANALYZERS-RUBY-28-008 | | | SCANNER-ANALYZERS-RUBY-28-010 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild, Signals Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Optional runtime evidence integration (if provided logs/metrics) with path hashing, without altering static precedence. | SCANNER-ANALYZERS-RUBY-28-009 | | | SCANNER-ANALYZERS-RUBY-28-011 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild, DevOps Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Package analyzer plug-in, add CLI (`stella ruby inspect`), refresh Offline Kit documentation. | SCANNER-ANALYZERS-RUBY-28-010 | | | SCANNER-ANALYZERS-RUBY-28-012 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Policy signal emitter: rubygems drift, native extension flags, dangerous constructs counts, TLS verify posture, dynamic require eval warnings. | SCANNER-ANALYZERS-RUBY-28-011 | | | SCANNER-BENCH-62-002 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild, Product Guild (docs) | | | | | | SCANNER-BENCH-62-003 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild, Product Guild (docs) | | | | | | SCANNER-BENCH-62-004 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild, Java Analyzer Guild (docs) | | | | | | SCANNER-BENCH-62-005 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild, Go Analyzer Guild (docs) | | | | | | SCANNER-BENCH-62-006 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild, Rust Analyzer Guild (docs) | | | | | | SCANNER-BENCH-62-008 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild, EntryTrace Guild (docs) | | | | | | SCANNER-BENCH-62-009 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild, Policy Guild (docs) | | | | | | SCANNER-CLI-0001 | DONE | 2025-11-10 | SPRINT_138_scanner_ruby_parity | CLI Guild, Ruby Analyzer Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Coordinate CLI UX/help text for new Ruby verbs and update CLI docs/golden outputs. | SCANNER-ENG-0019 | | | SCANNER-DET-01 | DOING | 2025-11-09 | SPRINT_301_docs_tasks_md_i | Docs Guild · Scanner Guild | | | | | | SCANNER-DOCS-0003 | TODO | | SPRINT_327_docs_modules_scanner | Docs Guild, Product Guild (docs/modules/scanner) | docs/modules/scanner | Gather Windows/macOS analyzer demand signals and record findings in `docs/benchmarks/scanner/windows-macos-demand.md` for marketing + product readiness. | | | | SCANNER-EMIT-15-001 | TODO | | SPRINT_136_scanner_surface | Scanner Emit Guild (src/Scanner/__Libraries/StellaOps.Scanner.Emit) | src/Scanner/__Libraries/StellaOps.Scanner.Emit | Enforce canonical JSON (`stella.contentHash`, Merkle root metadata, zero timestamps) for fragments and composed CycloneDX inventory/usage BOMs. Documented in `docs/modules/scanner/deterministic-sbom-compose.md` §2.2. | SCANNER-SURFACE-04 | | | SCANNER-ENG-0001 | TODO | | SPRINT_327_docs_modules_scanner | Module Team (docs/modules/scanner) | docs/modules/scanner | Cross-check implementation plan milestones against `/docs/implplan/SPRINT_*.md` and update module readiness checkpoints. | | | | SCANNER-ENG-0002 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Scanner Guild, CLI Guild (docs/modules/scanner) | docs/modules/scanner | Design the Node.js lockfile collector + CLI validator per `docs/benchmarks/scanner/scanning-gaps-stella-misses-from-competitors.md`, capturing Surface + policy requirements before implementation. | | | | SCANNER-ENG-0003 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Python Analyzer Guild, CLI Guild (docs/modules/scanner) | docs/modules/scanner | Design Python lockfile + editable-install parity checks with policy predicates and CLI workflow coverage as outlined in the gap analysis. | | | | SCANNER-ENG-0004 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Java Analyzer Guild, CLI Guild (docs/modules/scanner) | docs/modules/scanner | Design Java lockfile ingestion/validation (Gradle/SBT collectors, CLI verb, policy hooks) to close comparison gaps. | | | | SCANNER-ENG-0005 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Go Analyzer Guild (docs/modules/scanner) | docs/modules/scanner | Enhance Go stripped-binary fallback inference design, including inferred module metadata + policy integration, per the gap analysis. | | | | SCANNER-ENG-0006 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Rust Analyzer Guild (docs/modules/scanner) | docs/modules/scanner | Expand Rust fingerprint coverage design (enriched fingerprint catalogue + policy controls) per the comparison matrix. | | | | SCANNER-ENG-0007 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Scanner Guild, Policy Guild (docs/modules/scanner) | docs/modules/scanner | Design the deterministic secret leak detection pipeline covering rule packaging, Policy Engine integration, and CLI workflow. | | | | SCANNER-ENG-0008 | TODO | | SPRINT_138_scanner_ruby_parity | EntryTrace Guild, QA Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace) | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | Maintain EntryTrace heuristic cadence per `docs/benchmarks/scanner/scanning-gaps-stella-misses-from-competitors.md`, including quarterly pattern reviews + explain-trace updates. | | | | SCANNER-ENG-0009 | DONE | 2025-11-13 | SPRINT_138_scanner_ruby_parity | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Ruby analyzer parity shipped: runtime graph + capability signals, observation payload, Mongo-backed `ruby.packages` inventory, CLI/WebService surfaces, and plugin manifest bundles for Worker loadout. | SCANNER-ANALYZERS-RUBY-28-001..012 | | | SCANNER-ENG-0010 | TODO | | SPRINT_138_scanner_ruby_parity | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Ship the PHP analyzer pipeline (composer lock, autoload graph, capability signals) to close comparison gaps. | SCANNER-ANALYZERS-PHP-27-001 | | | SCANNER-ENG-0011 | TODO | | SPRINT_138_scanner_ruby_parity | Language Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Scope the Deno runtime analyzer (lockfile resolver, import graphs) based on competitor techniques to extend beyond Sprint 130 coverage. | | | | SCANNER-ENG-0012 | TODO | | SPRINT_138_scanner_ruby_parity | Language Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Dart) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Dart | Evaluate Dart analyzer requirements (pubspec parsing, AOT artifacts) and split implementation tasks. | | | | SCANNER-ENG-0013 | TODO | | SPRINT_138_scanner_ruby_parity | Swift Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Swift) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Swift | Plan Swift Package Manager coverage (Package.resolved, xcframeworks, runtime hints) with policy hooks. | | | | SCANNER-ENG-0014 | TODO | | SPRINT_138_scanner_ruby_parity | Runtime Guild, Zastava Guild (docs/modules/scanner) | docs/modules/scanner | Align Kubernetes/VM target coverage between Scanner and Zastava per comparison findings; publish joint roadmap. | | | | SCANNER-ENG-0015 | DONE | 2025-11-13 | SPRINT_138_scanner_ruby_parity | Export Center Guild, Scanner Guild (docs/modules/scanner) | docs/modules/scanner | DSSE/Rekor operator playbook published (`docs/modules/scanner/operations/dsse-rekor-operator-guide.md`) with config/env tables, rollout phases, runbook snippets, offline verification steps, and SLA/alert guidance. | | | | SCANNER-ENG-0016 | DONE | 2025-11-10 | SPRINT_138_scanner_ruby_parity | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | RubyLockCollector and vendor ingestion finalized: Bundler config overrides honoured, workspace lockfiles merged, vendor bundles normalised, and deterministic fixtures added. | SCANNER-ENG-0009 | | | SCANNER-ENG-0017 | DONE | 2025-11-09 | SPRINT_138_scanner_ruby_parity | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Build the runtime require/autoload graph builder with tree-sitter Ruby per design §4.4 and integrate EntryTrace hints. | SCANNER-ENG-0016 | | | SCANNER-ENG-0018 | DONE | 2025-11-09 | SPRINT_138_scanner_ruby_parity | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Emit Ruby capability + framework surface signals as defined in design §4.5 with policy predicate hooks. | SCANNER-ENG-0017 | | | SCANNER-ENG-0019 | DONE | 2025-11-13 | SPRINT_138_scanner_ruby_parity | Ruby Analyzer Guild, CLI Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Ruby CLI verbs now resolve inventories by scan ID, digest, or image reference; Scanner.WebService fallbacks + CLI client encoding ensure `--image` works for both digests and tagged references, and tests cover the new lookup flow. | SCANNER-ENG-0016..0018 | | | SCANNER-ENG-0020 | TODO | | SPRINT_136_scanner_surface | Scanner Guild (docs/modules/scanner) | docs/modules/scanner | Implement Homebrew collector & fragment mapper per `design/macos-analyzer.md` §3.1. | | | | SCANNER-ENG-0021 | TODO | | SPRINT_136_scanner_surface | Scanner Guild (docs/modules/scanner) | docs/modules/scanner | Implement pkgutil receipt collector per `design/macos-analyzer.md` §3.2. | | | | SCANNER-ENG-0022 | TODO | | SPRINT_136_scanner_surface | Scanner Guild, Policy Guild (docs/modules/scanner) | docs/modules/scanner | Implement macOS bundle inspector & capability overlays per `design/macos-analyzer.md` §3.3. | | | | SCANNER-ENG-0023 | TODO | | SPRINT_136_scanner_surface | Scanner Guild, Offline Kit Guild, Policy Guild (docs/modules/scanner) | docs/modules/scanner | Deliver macOS policy/offline integration per `design/macos-analyzer.md` §5–6. | | | | SCANNER-ENG-0024 | TODO | | SPRINT_136_scanner_surface | Scanner Guild (docs/modules/scanner) | docs/modules/scanner | Implement Windows MSI collector per `design/windows-analyzer.md` §3.1. | | | | SCANNER-ENG-0025 | TODO | | SPRINT_136_scanner_surface | Scanner Guild (docs/modules/scanner) | docs/modules/scanner | Implement WinSxS manifest collector per `design/windows-analyzer.md` §3.2. | | | | SCANNER-ENG-0026 | TODO | | SPRINT_136_scanner_surface | Scanner Guild (docs/modules/scanner) | docs/modules/scanner | Implement Windows Chocolatey & registry collectors per `design/windows-analyzer.md` §3.3–3.4. | | | | SCANNER-ENG-0027 | TODO | | SPRINT_136_scanner_surface | Scanner Guild, Policy Guild, Offline Kit Guild (docs/modules/scanner) | docs/modules/scanner | Deliver Windows policy/offline integration per `design/windows-analyzer.md` §5–6. | | | | SCANNER-ENTRYTRACE-18-502 | TODO | | SPRINT_135_scanner_surface | EntryTrace Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace) | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | Expand chain walker with init shim/user-switch/supervisor recognition plus env/workdir accumulation and guarded edges. | SCANNER-ENTRYTRACE-18-508 | | | SCANNER-ENTRYTRACE-18-503 | TODO | | SPRINT_135_scanner_surface | EntryTrace Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace) | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | Introduce target classifier + EntryPlan handoff with confidence scoring for ELF/Java/.NET/Node/Python and user/workdir context. | SCANNER-ENTRYTRACE-18-502 | | | SCANNER-ENTRYTRACE-18-504 | TODO | | SPRINT_136_scanner_surface | EntryTrace Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace) | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | Emit EntryTrace AOC NDJSON (`entrytrace.entry/node/edge/target/warning/capability`) and wire CLI/service streaming outputs. | SCANNER-ENTRYTRACE-18-503 | | | SCANNER-ENTRYTRACE-18-505 | TODO | | SPRINT_136_scanner_surface | EntryTrace Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace) | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | Implement process-tree replay (ProcGraph) to reconcile `/proc` exec chains with static EntryTrace results, collapsing wrappers and emitting agreement/conflict diagnostics. | SCANNER-ENTRYTRACE-18-504 | | | SCANNER-ENTRYTRACE-18-506 | TODO | | SPRINT_136_scanner_surface | EntryTrace Guild, Scanner WebService Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace) | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | Surface EntryTrace graph + confidence via Scanner.WebService and CLI, including target summary in scan reports and policy payloads. | SCANNER-ENTRYTRACE-18-505 | SCSS0102 | | SCANNER-ENV-01 | TODO (2025-11-06) | 2025-11-06 | SPRINT_136_scanner_surface | Scanner Worker Guild | src/Scanner/StellaOps.Scanner.Worker | Replace ad-hoc environment reads with `StellaOps.Scanner.Surface.Env` helpers for cache roots and CAS endpoints. | — | SCDE0101 | | SCANNER-ENV-02 | TODO (2025-11-06) | 2025-11-06 | SPRINT_136_scanner_surface | Scanner WebService Guild · Ops Guild | src/Scanner/StellaOps.Scanner.WebService | Wire Surface.Env helpers into WebService hosting (cache roots, feature flags) and document configuration. | SCANNER-ENV-01 | SCDE0102 | | SCANNER-ENV-03 | TODO | | SPRINT_136_scanner_surface | BuildX Plugin Guild | src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin | Adopt Surface.Env helpers for plugin configuration (cache roots, CAS endpoints, feature toggles). | SCANNER-ENV-02 | SCBX0101 | | SCANNER-EVENTS-16-301 | BLOCKED (2025-10-26) | 2025-10-26 | SPRINT_136_scanner_surface | Scanner WebService Guild (`src/Scanner/StellaOps.Scanner.WebService`) | src/Scanner/StellaOps.Scanner.WebService | Emit orchestrator-compatible envelopes (`scanner.event.*`) and update integration tests to verify Notifier ingestion (no Redis queue coupling). | EVENTS-16-301 | SCEV0101 | | SCANNER-GRAPH-21-001 | TODO | | SPRINT_136_scanner_surface | Scanner WebService Guild, Cartographer Guild (src/Scanner/StellaOps.Scanner.WebService) | src/Scanner/StellaOps.Scanner.WebService | Provide webhook/REST endpoint for Cartographer to request policy overlays and runtime evidence for graph nodes, ensuring determinism and tenant scoping. | | | | SCANNER-LIC-0001 | DONE | 2025-11-10 | SPRINT_138_scanner_ruby_parity | Scanner Guild, Legal Guild (docs/modules/scanner) | docs/modules/scanner | Tree-sitter licensing captured, `NOTICE.md` updated, and Offline Kit now mirrors `third-party-licenses/` with ruby artifacts. | SCANNER-ENG-0016 | | | SCANNER-LNM-21-001 | TODO | | SPRINT_136_scanner_surface | Scanner WebService Guild, Policy Guild (src/Scanner/StellaOps.Scanner.WebService) | src/Scanner/StellaOps.Scanner.WebService | Update `/reports` and `/policy/runtime` payloads to consume advisory/vex linksets, exposing source severity arrays and conflict summaries alongside effective verdicts. | | | | SCANNER-LNM-21-002 | TODO | | SPRINT_136_scanner_surface | Scanner WebService Guild, UI Guild (src/Scanner/StellaOps.Scanner.WebService) | src/Scanner/StellaOps.Scanner.WebService | Add evidence endpoint for Console to fetch linkset summaries with policy overlay for a component/SBOM, including AOC references. | SCANNER-LNM-21-001 | | | SCANNER-NATIVE-401-015 | TODO | | SPRINT_401_reachability_evidence_chain | Scanner Worker Guild | `src/Scanner/__Libraries/StellaOps.Scanner.Symbols.Native`, `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph.Native` | Stand up `StellaOps.Scanner.Symbols.Native` + `StellaOps.Scanner.CallGraph.Native` (ELF/PE readers, demanglers, probabilistic carving) and publish `FuncNode`/`CallEdge` CAS bundles consumed by reachability graphs. | Requires CAS schema approval from GAPG0101 | SCNA0101 | | SCANNER-OPS-0001 | TODO | | SPRINT_327_docs_modules_scanner | Ops Guild (docs/modules/scanner) | docs/modules/scanner | Review scanner runbooks/observability assets after the next sprint demo and capture findings inline with sprint notes. | | | | SCANNER-POLICY-0001 | DONE | 2025-11-10 | SPRINT_138_scanner_ruby_parity | Policy Guild, Ruby Analyzer Guild (docs/modules/scanner) | docs/modules/scanner | Ruby predicates shipped: Policy Engine exposes `sbom.any_component` + `ruby.*`, tests updated, DSL/offline-kit docs refreshed. | SCANNER-ENG-0018 | | | SCANNER-SECRETS-03 | TODO | | SPRINT_136_scanner_surface | BuildX Plugin Guild, Security Guild (src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin) | src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin | Use Surface.Secrets to retrieve registry credentials when interacting with CAS/referrers. | SCANNER-SECRETS-02 | | | SCANNER-SORT-02 | TODO | | SPRINT_136_scanner_surface | Scanner Core Guild (src/Scanner/__Libraries/StellaOps.Scanner.Core) | src/Scanner/__Libraries/StellaOps.Scanner.Core | Sort layer fragments by digest and components by `identity.purl`/`identity.key` before composition; add determinism regression tests. | SCANNER-EMIT-15-001 | | | SCANNER-SURFACE-04 | TODO | | SPRINT_136_scanner_surface | Scanner Worker Guild (src/Scanner/StellaOps.Scanner.Worker) | src/Scanner/StellaOps.Scanner.Worker | DSSE-sign every `layer.fragments` payload, emit `_composition.json`, and persist DSSE envelopes so offline kits can replay deterministically (see `docs/modules/scanner/deterministic-sbom-compose.md` §2.1). | SCANNER-SURFACE-01; SURFACE-FS-03 | | | SCHED-IMPACT-16-303 | TODO | | SPRINT_155_scheduler_i | Scheduler ImpactIndex Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.ImpactIndex) | src/Scheduler/__Libraries/StellaOps.Scheduler.ImpactIndex | Snapshot/compaction + invalidation for removed images; persistence to RocksDB/Redis per architecture. | | | | SCHED-SURFACE-01 | TODO | | SPRINT_155_scheduler_i | Scheduler Worker Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Evaluate Surface.FS pointers when planning delta scans to avoid redundant work and prioritise drift-triggered assets. | | | | SCHED-SURFACE-02 | TODO | | SPRINT_136_scanner_surface | Scheduler Worker Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Integrate Scheduler worker prefetch using Surface manifest reader and persist manifest pointers with rerun plans. | SURFACE-FS-02; SCHED-SURFACE-01 | | | SCHED-VULN-29-001 | TODO | | SPRINT_155_scheduler_i | Scheduler WebService Guild, Findings Ledger Guild (src/Scheduler/StellaOps.Scheduler.WebService) | src/Scheduler/StellaOps.Scheduler.WebService | Expose resolver job APIs (`POST /vuln/resolver/jobs`, `GET /vuln/resolver/jobs/{id}`) to trigger candidate recomputation per artifact/policy change with RBAC and rate limits. | | | | SCHED-VULN-29-002 | TODO | | SPRINT_155_scheduler_i | Scheduler WebService Guild, Observability Guild (src/Scheduler/StellaOps.Scheduler.WebService) | src/Scheduler/StellaOps.Scheduler.WebService | Provide projector lag metrics endpoint and webhook notifications for backlog breaches consumed by DevOps dashboards. Dependencies: SCHED-VULN-29-001. | | | | SCHED-WEB-20-002 | BLOCKED | | SPRINT_155_scheduler_i | Scheduler WebService Guild (src/Scheduler/StellaOps.Scheduler.WebService) | src/Scheduler/StellaOps.Scheduler.WebService | Provide simulation trigger endpoint returning diff preview metadata and job state for UI/CLI consumption. | | | | SCHED-WORKER-21-203 | TODO | | SPRINT_155_scheduler_i | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Export metrics (`graph_build_seconds`, `graph_jobs_inflight`, `overlay_lag_seconds`) and structured logs with tenant/graph identifiers. | | | | SCHED-WORKER-23-101 | TODO | | SPRINT_155_scheduler_i | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Implement policy re-evaluation worker that shards assets, honours rate limits, and updates progress for Console after policy activation events. Dependencies: SCHED-WORKER-21-203. | | | | SCHED-WORKER-23-102 | TODO | | SPRINT_155_scheduler_i | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Add reconciliation job ensuring re-eval completion within SLA, emitting alerts on backlog and persisting status to `policy_runs`. Dependencies: SCHED-WORKER-23-101. | | | | SCHED-WORKER-25-101 | TODO | | SPRINT_155_scheduler_i | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Implement exception lifecycle worker handling auto-activation/expiry and publishing `exception.*` events with retries/backoff. Dependencies: SCHED-WORKER-23-102. | | | | SCHED-WORKER-25-102 | TODO | | SPRINT_155_scheduler_i | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Add expiring notification job generating digests, marking `expiring` state, updating metrics/alerts. Dependencies: SCHED-WORKER-25-101. | | | | SCHED-WORKER-26-201 | TODO | | SPRINT_155_scheduler_i | Scheduler Worker Guild, Signals Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Build reachability joiner worker that combines SBOM snapshots with signals, writes cached facts, and schedules updates on new events. Dependencies: SCHED-WORKER-25-102. | | | | SCHED-WORKER-26-202 | TODO | | SPRINT_156_scheduler_ii | Scheduler Worker Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Implement staleness monitor + notifier for outdated reachability facts, publishing warnings and updating dashboards. Dependencies: SCHED-WORKER-26-201. | | | | SCHED-WORKER-27-301 | TODO | | SPRINT_156_scheduler_ii | Scheduler Worker Guild, Policy Registry Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Implement policy batch simulation worker: shard SBOM inventories, invoke Policy Engine, emit partial results, handle retries/backoff, and publish progress events. Dependencies: SCHED-WORKER-26-202. | | | | SCHED-WORKER-27-302 | TODO | | SPRINT_156_scheduler_ii | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Build reducer job aggregating shard outputs into final manifests (counts, deltas, samples) and writing to object storage with checksums; emit completion events. Dependencies: SCHED-WORKER-27-301. | | | | SCHED-WORKER-27-303 | TODO | | SPRINT_156_scheduler_ii | Scheduler Worker Guild, Security Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Enforce tenant isolation, scope checks, and attestation integration for simulation jobs; secret scanning pipeline for uploaded policy sources. Dependencies: SCHED-WORKER-27-302. | | | | SCHED-WORKER-29-001 | TODO | | SPRINT_156_scheduler_ii | Scheduler Worker Guild, Findings Ledger Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Implement resolver worker generating candidate findings from inventory + advisory evidence, respecting ecosystem version semantics and path scope; emit jobs for policy evaluation. Dependencies: SCHED-WORKER-27-303. | | | | SCHED-WORKER-29-002 | TODO | | SPRINT_156_scheduler_ii | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Build evaluation orchestration worker invoking Policy Engine batch eval, writing results to Findings Ledger projector queue, and handling retries/backoff. Dependencies: SCHED-WORKER-29-001. | | | | SCHED-WORKER-29-003 | TODO | | SPRINT_156_scheduler_ii | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Add monitoring for resolver/evaluation backlog, SLA breaches, and export job queue; expose metrics/alerts feeding DevOps dashboards. Dependencies: SCHED-WORKER-29-002. | | | | SCHED-WORKER-CONSOLE-23-201 | TODO | | SPRINT_156_scheduler_ii | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Stream run progress events (stage status, tuples processed, SLA hints) to Redis/NATS for Console SSE, with heartbeat, dedupe, and retention policy. Publish metrics + structured logs for queue lag. | | | | SCHED-WORKER-CONSOLE-23-202 | TODO | | SPRINT_156_scheduler_ii | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Coordinate evidence bundle jobs (enqueue, track status, cleanup) and expose job manifests to Web gateway; ensure idempotent reruns and cancellation support. Dependencies: SCHED-WORKER-CONSOLE-23-201. | | | | SCHEDULER-DOCS-0001 | TODO | | SPRINT_328_docs_modules_scheduler | Docs Guild (docs/modules/scheduler) | docs/modules/scheduler | See ./AGENTS.md | | | | SCHEDULER-ENG-0001 | TODO | | SPRINT_328_docs_modules_scheduler | Module Team (docs/modules/scheduler) | docs/modules/scheduler | Update status via ./AGENTS.md workflow | | | | SCHEDULER-OPS-0001 | TODO | | SPRINT_328_docs_modules_scheduler | Ops Guild (docs/modules/scheduler) | docs/modules/scheduler | Sync outcomes back to ../.. | | | | SCHEMA-401-024 | TODO | | SPRINT_401_reachability_evidence_chain | Signals Guild (`src/Signals/StellaOps.Signals`, `docs/uncertainty/README.md`) | `src/Signals/StellaOps.Signals`, `docs/uncertainty/README.md` | | | | | SCORER-401-025 | TODO | | SPRINT_401_reachability_evidence_chain | Signals Guild (`src/Signals/StellaOps.Signals.Application`, `docs/uncertainty/README.md`) | `src/Signals/StellaOps.Signals.Application`, `docs/uncertainty/README.md` | | | | | SCORING-401-003 | TODO | | SPRINT_401_reachability_evidence_chain | Signals Guild (`src/Signals/StellaOps.Signals`) | `src/Signals/StellaOps.Signals` | | | | | SDK-62-001 | TODO | | SPRINT_204_cli_iv | DevEx/CLI Guild, SDK Generator Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | | | SDK-62-002 | TODO | | SPRINT_204_cli_iv | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | | | SDK-63-001 | TODO | | SPRINT_204_cli_iv | DevEx/CLI Guild, API Governance Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | | | SDK-64-001 | TODO | | SPRINT_204_cli_iv | DevEx/CLI Guild, SDK Release Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | | | SDKGEN-62-001 | TODO | | SPRINT_208_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | Choose/pin generator toolchain, set up language template pipeline, and enforce reproducible builds. | DEVL0101 portal contracts | SDKG0101 | | SDKGEN-62-002 | TODO | | SPRINT_208_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | Implement shared post-processing (auth helpers, retries, pagination utilities, telemetry hooks) applied to all languages. Dependencies: SDKGEN-62-001. | SDKGEN-62-001 | SDKG0101 | | SDKGEN-63-001 | TODO | | SPRINT_208_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | Ship TypeScript SDK alpha with ESM/CJS builds, typed errors, paginator, streaming helpers. Dependencies: SDKGEN-62-002. | 63-004 | SDKG0101 | | SDKGEN-63-002 | TODO | | SPRINT_208_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | Ship Python SDK alpha (sync/async clients, type hints, upload/download helpers). Dependencies: SDKGEN-63-001. | SDKGEN-63-001 | SDKG0101 | | SDKGEN-63-003 | TODO | | SPRINT_208_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | Ship Go SDK alpha with context-first API and streaming helpers. Dependencies: SDKGEN-63-002. | SDKGEN-63-002 | SDKG0101 | | SDKGEN-63-004 | TODO | | SPRINT_208_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | Ship Java SDK alpha (builder pattern, HTTP client abstraction). Dependencies: SDKGEN-63-003. | SDKGEN-63-003 | SDKG0101 | | SDKGEN-64-001 | TODO | | SPRINT_208_sdk | SDK Generator Guild · CLI Guild | src/Sdk/StellaOps.Sdk.Generator | Switch CLI to consume TS or Go SDK; ensure parity. Dependencies: SDKGEN-63-004. | SDKGEN-63-004 | SDKG0101 | | SDKGEN-64-002 | TODO | | SPRINT_208_sdk | SDK Generator Guild · Console Guild | src/Sdk/StellaOps.Sdk.Generator | Integrate SDKs into Console data providers where feasible. Dependencies: SDKGEN-64-001. | SDKGEN-64-001 | SDKG0101 | | SDKREL-63-001 | TODO | | SPRINT_208_sdk | SDK Release Guild (src/Sdk/StellaOps.Sdk.Release) | src/Sdk/StellaOps.Sdk.Release | Configure CI pipelines for npm, PyPI, Maven Central staging, and Go proxies with signing and provenance attestations. | | | | SDKREL-63-002 | TODO | | SPRINT_208_sdk | SDK Release Guild, API Governance Guild (src/Sdk/StellaOps.Sdk.Release) | src/Sdk/StellaOps.Sdk.Release | Integrate changelog automation pulling from OAS diffs and generator metadata. Dependencies: SDKREL-63-001. | | | | SDKREL-64-001 | TODO | | SPRINT_208_sdk | SDK Release Guild, Notifications Guild (src/Sdk/StellaOps.Sdk.Release) | src/Sdk/StellaOps.Sdk.Release | Hook SDK releases into Notifications Studio with scoped announcements and RSS/Atom feeds. Dependencies: SDKREL-63-002. | | | | SDKREL-64-002 | TODO | | SPRINT_208_sdk | SDK Release Guild, Export Center Guild (src/Sdk/StellaOps.Sdk.Release) | src/Sdk/StellaOps.Sdk.Release | Add `devportal --offline` bundle job packaging docs, specs, SDK artifacts for air-gapped users. Dependencies: SDKREL-64-001. | | | | SEC-62-001 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild, Authority Core (docs) | | | | | | SEC-CRYPTO-90-001 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Produce the RootPack_RU implementation plan, provider strategy (CryptoPro + PKCS#11), and backlog split for sovereign crypto work. | | | | SEC-CRYPTO-90-002 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Extend signature/catalog constants and configuration schema to recognize `GOST12-256/512`, regional crypto profiles, and provider preference ordering. | | | | SEC-CRYPTO-90-003 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Implement `StellaOps.Cryptography.Plugin.CryptoPro` provider (sign/verify/JWK export) using CryptoPro CSP with deterministic logging/tests. | | | | SEC-CRYPTO-90-004 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Implement `StellaOps.Cryptography.Plugin.Pkcs11Gost` provider (Rutoken/JaCarta) via Pkcs11Interop with configurable slot/pin/module handling. | | | | SEC-CRYPTO-90-005 | DONE | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Add configuration-driven provider selection (`crypto.regionalProfiles`), CLI diagnostics, and telemetry. | | | | SEC-CRYPTO-90-006 | DONE | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Build deterministic Streebog/signature harnesses and RootPack audit metadata/runbooks. | | | | SEC-CRYPTO-90-007 | DONE | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Package RootPack_RU artifacts (plugins, trust anchors, configs) with deployment documentation. | | | | SEC-CRYPTO-90-008 | DONE | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Audit repository for direct crypto usage bypassing the new abstractions and file remediation tasks. | | | | SEC-CRYPTO-90-009 | DONE | 2025-11-09 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro) | src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro | Replace the placeholder CryptoPro plug-in with a true CryptoPro CSP implementation (GostCryptography, certificate-store lookup, DER/raw normalization) so RootPack_RU exposes a qualified-signature path. | | | | SEC-CRYPTO-90-010 | DONE | 2025-11-09 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography + .DependencyInjection) | src/__Libraries/StellaOps.Cryptography + .DependencyInjection | Introduce `StellaOpsCryptoOptions` / configuration binding for registry profiles/keys and ship an `AddStellaOpsCryptoRu(IConfiguration, …)` helper so hosts can enable `ru-offline` via YAML without custom code. | | | | SEC-CRYPTO-90-011 | DONE | 2025-11-09 | SPRINT_514_sovereign_crypto_enablement | Security & Ops Guilds (src/Tools/StellaOps.CryptoRu.Cli) | src/Tools/StellaOps.CryptoRu.Cli | Build the sovereign crypto CLI (`StellaOps.CryptoRu.Cli`) to list keys, perform test-sign operations, and emit determinism/audit snapshots referenced in the RootPack docs. | | | | SEC-CRYPTO-90-012 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/__Tests/StellaOps.Cryptography.Tests) | src/__Libraries/__Tests/StellaOps.Cryptography.Tests | Add CryptoPro + PKCS#11 integration tests (env/pin gated) and wire them into `scripts/crypto/run-rootpack-ru-tests.sh`, covering Streebog vectors and DER/raw signatures. | | | | SEC-CRYPTO-90-013 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Extend the shared crypto stack with sovereign symmetric algorithms (Magma/Kuznyechik) so exports/data-at-rest can request Russian ciphers via the provider registry. | | | | SEC-CRYPTO-90-014 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security + Service Guilds | | Update runtime hosts (Authority, Scanner WebService/Worker, Concelier, etc.) to register the RU providers, bind `StellaOps:Crypto` profiles, and expose configuration toggles per the new options model. | Wait for AUIN0101 approvals | CRSA0101 | | SEC-CRYPTO-90-015 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security + Docs Guild | docs/security/rootpack_ru_*.md | Refresh RootPack/validation documentation once the CLI/config/tests exist (remove TODO callouts, document final workflows). | Depends on #1 | CRSA0101 | | SEC-CRYPTO-90-016 | DONE | 2025-11-09 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography.DependencyInjection + .Plugin.CryptoPro) | src/__Libraries/StellaOps.Cryptography.DependencyInjection + .Plugin.CryptoPro | Quarantine CryptoPro dependencies by default until IT.GostCryptography is patched; add MSBuild flag `StellaOpsEnableCryptoPro` and follow-up plan to re-enable the plug-in once a safe package exists. | | | | SEC-CRYPTO-90-017 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security Guild | third_party/forks + src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro | Vendor `third_party/forks/AlexMAS.GostCryptography` into the solution build (solution filters, Directory.Build props, CI) so the library compiles with the rest of the repo and publishes artifacts for downstream consumers. | Needs third_party fork sync | CRSA0101 | | SEC-CRYPTO-90-018 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security + Docs Guild | docs/security/rootpack_ru_*.md, docs/dev/crypto.md | Update developer/RootPack documentation to describe the new fork, sync steps, and licensing so operators know where the CryptoPro sources live and how to refresh them. | Depends on #3 | CRSA0101 | | SEC-CRYPTO-90-019 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security Guild | third_party/forks/AlexMAS.GostCryptography | Patch the fork to drop vulnerable `System.Security.Cryptography.{Pkcs,Xml}` 6.0.0 dependencies (target .NET 8+, adopt fixed BCL packages, re-run tests). | Needs fork validation | CRSA0101 | | SEC-CRYPTO-90-020 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security Guild | src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro | Re-point `StellaOps.Cryptography.Plugin.CryptoPro` to the forked sources (replace NuGet package references, adjust DI wiring) and prove the plugin works end-to-end. | Depends on #5 | CRSA0101 | | SEC-CRYPTO-90-021 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security + QA Guilds | scripts/crypto/**, docs/security/rootpack_ru_validation.md | Validate the forked library + plugin on both Windows (CryptoPro CSP) and Linux (OpenSSL GOST fallback) builds/tests; document any platform-specific prerequisites. | Depends on #6 | CRSA0101 | | SEC-OBS-50-001 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild, Security Guild (docs) | | | | | | SEC2 | DONE | 2025-11-09 | SPRINT_100_identity_signing | Security Guild, Storage Guild (src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard) | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard | | | | | SEC3 | DONE | 2025-11-09 | SPRINT_100_identity_signing | Security Guild, BE-Auth Plugin (src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard) | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard | | | | | SEC5 | DONE | 2025-11-09 | SPRINT_100_identity_signing | Security Guild (src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard) | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard | | | | | SECRETS-01 | DOING | 2025-11-02 | SPRINT_136_scanner_surface | Scanner Guild, Security Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | | | | | SECRETS-02 | DOING | 2025-11-02 | SPRINT_136_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | | SURFACE-SECRETS-01 | | | SECRETS-03 | TODO | | SPRINT_136_scanner_surface | BuildX Plugin Guild · Security Guild | src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin | SCANNER-SECRETS-02 | SCANNER-SECRETS-02 | SCBX0101 | | SECRETS-04 | TODO | | SPRINT_136_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | | SURFACE-SECRETS-02 | | | SECRETS-05 | TODO | | SPRINT_136_scanner_surface | Zastava Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | | SURFACE-SECRETS-02 | | | SECRETS-06 | TODO | | SPRINT_136_scanner_surface | Ops Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | | SURFACE-SECRETS-03 | | | SERVER-401-011 | TODO | | SPRINT_401_reachability_evidence_chain | Symbols Guild (`src/Symbols/StellaOps.Symbols.Server`) | `src/Symbols/StellaOps.Symbols.Server` | | | | | SERVICE-21-001 | BLOCKED | | SPRINT_140_runtime_signals | | | | | | | SERVICE-21-002 | BLOCKED | | SPRINT_140_runtime_signals | | | | | | | SERVICE-21-003 | BLOCKED | | SPRINT_140_runtime_signals | | | | | | | SERVICE-21-004 | BLOCKED | | SPRINT_140_runtime_signals | | | | | | | SERVICE-23-001 | TODO | | SPRINT_140_runtime_signals | | | | | | | SERVICE-23-002 | TODO | | SPRINT_140_runtime_signals | | | | | | | SERVICE-DOCS-0001 | TODO | | SPRINT_326_docs_modules_registry | Docs Guild (docs/modules/registry) | docs/modules/registry | | | | | SERVICE-ENG-0001 | TODO | | SPRINT_326_docs_modules_registry | Module Team (docs/modules/registry) | docs/modules/registry | | | | | SERVICE-OPS-0001 | TODO | | SPRINT_326_docs_modules_registry | Ops Guild (docs/modules/registry) | docs/modules/registry | | | | | SIG-003 | TODO | | SPRINT_401_reachability_evidence_chain | Signals Guild (`src/Signals/StellaOps.Signals`, `docs/reachability/function-level-evidence.md`) | `src/Signals/StellaOps.Signals`, `docs/reachability/function-level-evidence.md` | | | | | SIG-26-001 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild, Signals Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | | | | | SIG-26-002 | TODO | | SPRINT_204_cli_iv | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | | | SIG-26-003 | TODO | | SPRINT_211_ui_iii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | | | | | SIG-26-004 | TODO | | SPRINT_211_ui_iii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | | | | | SIG-26-005 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild, UI Guild (docs) | | | | | | SIG-26-006 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild, DevEx/CLI Guild (docs) | | | | | | SIG-26-007 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild, BE-Base Platform Guild (docs) | | | | | | SIG-26-008 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild, DevOps Guild (docs) | | | | | | SIG-STORE-401-016 | TODO | | SPRINT_401_reachability_evidence_chain | Signals Guild · BE-Base Platform Guild (`src/Signals/StellaOps.Signals`, `src/__Libraries/StellaOps.Replay.Core`) | `src/Signals/StellaOps.Signals`, `src/__Libraries/StellaOps.Replay.Core` | Introduce shared reachability store collections (`func_nodes`, `call_edges`, `cve_func_hits`), indexes, and repository APIs so Scanner/Signals/Policy can reuse canonical function data. | | | | SIGN-CORE-186-004 | TODO | | SPRINT_186_record_deterministic_execution | Signing Guild | `src/Signer/StellaOps.Signer`, `src/__Libraries/StellaOps.Cryptography` | Replace the HMAC demo implementation in `StellaOps.Signer` with StellaOps.Cryptography providers (keyless + KMS), including provider selection, key material loading, and cosign-compatible DSSE signature output. | Mirrors #1 | SIGR0101 | | SIGN-CORE-186-005 | TODO | | SPRINT_186_record_deterministic_execution | Signing Guild | `src/Signer/StellaOps.Signer.Core` | Refactor `SignerStatementBuilder` to support StellaOps predicate types (e.g., `stella.ops/promotion@v1`) and delegate payload canonicalisation to the Provenance library once available. | Mirrors #2 | SIGR0101 | | SIGN-REPLAY-186-003 | TODO | | SPRINT_186_record_deterministic_execution | Signing Guild (`src/Signer/StellaOps.Signer`, `src/Authority/StellaOps.Authority`) | `src/Signer/StellaOps.Signer`, `src/Authority/StellaOps.Authority` | Extend Signer/Authority DSSE flows to cover replay manifest/bundle payload types with multi-profile support; refresh `docs/modules/signer/architecture.md` and `docs/modules/authority/architecture.md` to capture the new signing/verification path referencing `docs/replay/DETERMINISTIC_REPLAY.md` Section 5. | | | | SIGN-TEST-186-006 | TODO | | SPRINT_186_record_deterministic_execution | Signing Guild, QA Guild (`src/Signer/StellaOps.Signer.Tests`) | `src/Signer/StellaOps.Signer.Tests` | Upgrade signer integration tests to run against the real crypto abstraction and fixture predicates (promotion, SBOM, replay), replacing stub tokens/digests with deterministic test data. | | | | SIGN-VEX-401-018 | TODO | | SPRINT_401_reachability_evidence_chain | Signing Guild (`src/Signer/StellaOps.Signer`, `docs/modules/signer/architecture.md`) | `src/Signer/StellaOps.Signer`, `docs/modules/signer/architecture.md` | Extend Signer predicate catalog with `stella.ops/vexDecision@v1`, enforce payload policy, and plumb DSSE/Rekor integration for policy decisions. | | | | SIGNALS-24-001 | DONE | 2025-11-09 | SPRINT_140_runtime_signals | | | Host skeleton, RBAC, sealed-mode readiness, `/signals/facts/{subject}` retrieval, and readiness probes merged; serves as base for downstream ingestion. | | | | SIGNALS-24-002 | DOING | 2025-11-07 | SPRINT_140_runtime_signals | | | Callgraph ingestion + retrieval APIs are live, but CAS promotion and signed manifest publication remain; cannot close until reachability jobs can trust stored graphs. | | | | SIGNALS-24-003 | DOING | 2025-11-09 | SPRINT_140_runtime_signals | | | Runtime facts ingestion accepts JSON/NDJSON and gzip streams; provenance/context enrichment and NDJSON-to-AOC wiring still outstanding. | | | | SIGNALS-24-004 | BLOCKED | 2025-10-27 | SPRINT_140_runtime_signals | | 24-002/003 | Reachability scoring waits on complete ingestion feeds (24-002/003) plus Authority scope validation. | | | | SIGNALS-24-005 | BLOCKED | 2025-10-27 | SPRINT_140_runtime_signals | | | Cache + `signals.fact.updated` events depend on scoring outputs; remains idle until 24-004 unblocks. | | | | SIGNALS-REACH-201-003 | DOING | 2025-11-08 | SPRINT_400_runtime_facts_static_callgraph_union | Signals Guild (`src/Signals/StellaOps.Signals`) | `src/Signals/StellaOps.Signals` | Extend Signals ingestion to accept the new multi-language graphs + runtime facts, normalize into `reachability_graphs` CAS layout, and expose retrieval APIs for Policy/CLI. | | | | SIGNALS-REACH-201-004 | DOING | 2025-11-08 | SPRINT_400_runtime_facts_static_callgraph_union | Signals Guild · Policy Guild (`src/Signals/StellaOps.Signals`, `src/Policy/StellaOps.Policy.Engine`) | `src/Signals/StellaOps.Signals`, `src/Policy/StellaOps.Policy.Engine` | Build the reachability scoring engine (state/score/confidence), wire Redis caches + `signals.fact.updated` events, and integrate reachability weights defined in `docs/11_DATA_SCHEMAS.md`. | | | | SIGNALS-RUNTIME-401-002 | TODO | | SPRINT_401_reachability_evidence_chain | Signals Guild (`src/Signals/StellaOps.Signals`) | `src/Signals/StellaOps.Signals` | Ship `/signals/runtime-facts` ingestion for NDJSON (and gzip) batches, dedupe hits, and link runtime evidence CAS URIs to callgraph nodes. Include retention + RBAC tests. | | | | SIGNALS-SCORING-401-003 | TODO | | SPRINT_401_reachability_evidence_chain | Signals Guild (`src/Signals/StellaOps.Signals`) | `src/Signals/StellaOps.Signals` | Extend `ReachabilityScoringService` with deterministic scoring (static path +0.50, runtime hits +0.30/+0.10 sink, guard penalties, reflection penalty, floor 0.05), persist reachability labels (`reachable/conditional/unreachable`) and expose `/graphs/{scanId}` CAS lookups. | | | | SIGNER-DOCS-0001 | DONE | 2025-11-05 | SPRINT_329_docs_modules_signer | Docs Guild (docs/modules/signer) | docs/modules/signer | Validate that `docs/modules/signer/README.md` captures the latest DSSE/fulcio updates. | | | | SIGNER-ENG-0001 | TODO | | SPRINT_329_docs_modules_signer | Module Team (docs/modules/signer) | docs/modules/signer | Keep module milestones aligned with signer sprints under `/docs/implplan`. | | | | SIGNER-OPS-0001 | TODO | | SPRINT_329_docs_modules_signer | Ops Guild (docs/modules/signer) | docs/modules/signer | Review signer runbooks/observability assets after next sprint demo. | | | | SORT-02 | TODO | | SPRINT_136_scanner_surface | Scanner Core Guild (src/Scanner/__Libraries/StellaOps.Scanner.Core) | src/Scanner/__Libraries/StellaOps.Scanner.Core | | SCANNER-EMIT-15-001 | | | SOURCE---JOB-ORCHESTRATOR-DOCS-0001 | TODO | | SPRINT_323_docs_modules_orchestrator | Docs Guild (docs/modules/orchestrator) | docs/modules/orchestrator | Refresh orchestrator README + diagrams to reflect job leasing changes and reference the task runner bridge. | | | | SOURCE---JOB-ORCHESTRATOR-ENG-0001 | TODO | | SPRINT_323_docs_modules_orchestrator | Module Team (docs/modules/orchestrator) | docs/modules/orchestrator | Sync into ../.. | | | | SOURCE---JOB-ORCHESTRATOR-OPS-0001 | TODO | | SPRINT_323_docs_modules_orchestrator | Ops Guild (docs/modules/orchestrator) | docs/modules/orchestrator | Document outputs in ./README.md | | | | SPL-23-001 | TODO | | SPRINT_128_policy_reasoning | Policy Guild, Language Infrastructure Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | | | | | SPL-23-002 | TODO | | SPRINT_128_policy_reasoning | Policy Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | | POLICY-SPL-23-001 | | | SPL-23-003 | TODO | | SPRINT_128_policy_reasoning | Policy Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | | POLICY-SPL-23-002 | | | SPL-23-004 | TODO | | SPRINT_128_policy_reasoning | Policy Guild, Audit Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | | POLICY-SPL-23-003 | | | SPL-23-005 | TODO | | SPRINT_128_policy_reasoning | Policy Guild, DevEx Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | | POLICY-SPL-23-004 | | | SPL-24-001 | TODO | | SPRINT_128_policy_reasoning | Policy Guild, Signals Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | | POLICY-SPL-23-005 | | | STORE-401-016 | TODO | | SPRINT_401_reachability_evidence_chain | Signals Guild · BE-Base Platform Guild (`src/Signals/StellaOps.Signals`, `src/__Libraries/StellaOps.Replay.Core`) | `src/Signals/StellaOps.Signals`, `src/__Libraries/StellaOps.Replay.Core` | | | | | STORE-AOC-19-001 | TODO | | SPRINT_123_excititor_v | Excititor Storage Guild (src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo) | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo | | | | | STORE-AOC-19-002 | TODO | | SPRINT_123_excititor_v | Excititor Storage Guild, DevOps Guild (src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo) | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo | | | | | STORE-AOC-19-005 | TODO | 2025-11-04 | SPRINT_115_concelier_iv | Concelier Storage Guild, DevOps Guild (src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo) | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | | | | | SURFACE-01 | TODO | | SPRINT_140_runtime_signals | | | | | | | SURFACE-02 | TODO | | SPRINT_136_scanner_surface | Scheduler Worker Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | SURFACE-FS-02; SCHED-SURFACE-01 | | | SURFACE-04 | TODO | | SPRINT_136_scanner_surface | Scanner Worker Guild (src/Scanner/StellaOps.Scanner.Worker) | src/Scanner/StellaOps.Scanner.Worker | | SCANNER-SURFACE-01; SURFACE-FS-03 | | | SURFACE-ENV-01 | DONE | 2025-11-13 | SPRINT_136_scanner_surface | Scanner Guild, Zastava Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | Draft `surface-env.md` enumerating environment variables, defaults, and air-gap behaviour for Surface consumers. | — | SCSS0101 | | SURFACE-ENV-02 | DOING | 2025-11-02 | SPRINT_136_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | Implement strongly-typed env accessors with validation and deterministic logging inside `StellaOps.Scanner.Surface.Env`. | SURFACE-ENV-01 | SCSS0101 | | SURFACE-ENV-03 | TODO | | SPRINT_136_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | Adopt the env helper across Scanner Worker/WebService/BuildX plug-ins. | SURFACE-ENV-02 | | | SURFACE-ENV-04 | TODO | | SPRINT_136_scanner_surface | Zastava Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | Wire env helper into Zastava Observer/Webhook containers. | SURFACE-ENV-02 | | | SURFACE-ENV-05 | TODO | | SPRINT_136_scanner_surface | Ops Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | Update Helm/Compose/offline kit templates with new env knobs and documentation. | SURFACE-ENV-03; SURFACE-ENV-04 | | | SURFACE-FS-03 | TODO | | SPRINT_136_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | Integrate Surface.FS writer into Scanner Worker analyzer pipeline to persist layer + entry-trace fragments. | SURFACE-FS-02 | | | SURFACE-FS-04 | TODO | | SPRINT_136_scanner_surface | Zastava Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | Integrate Surface.FS reader into Zastava Observer runtime drift loop. | SURFACE-FS-02 | | | SURFACE-FS-05 | TODO | | SPRINT_136_scanner_surface | Scanner Guild, Scheduler Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | Expose Surface.FS pointers via Scanner WebService reports and coordinate rescan planning with Scheduler. | SURFACE-FS-03 | | | SURFACE-FS-06 | TODO | | SPRINT_136_scanner_surface | Docs Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | Update scanner-engine guide and offline kit docs with Surface.FS workflow. | SURFACE-FS-02 | | | SURFACE-FS-07 | TODO | | SPRINT_136_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | Extend Surface.FS manifest schema with `composition.recipe`, fragment attestation metadata, and verification helpers per deterministic SBOM spec. | SCANNER-SURFACE-04 | | | SURFACE-SECRETS-01 | DOING | 2025-11-02 | SPRINT_136_scanner_surface | Scanner Guild, Security Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | Produce `surface-secrets.md` defining secret reference schema, storage backends, scopes, and rotation rules. | | | | SURFACE-SECRETS-02 | DOING | 2025-11-02 | SPRINT_136_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | Implement `StellaOps.Scanner.Surface.Secrets` core provider interfaces, secret models, and in-memory test backend. | SURFACE-SECRETS-01 | | | SURFACE-SECRETS-03 | TODO | | SPRINT_136_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | Add Kubernetes/File/Offline backends with deterministic caching and audit hooks. | SURFACE-SECRETS-02 | SCSS0101 | | SURFACE-SECRETS-04 | TODO | | SPRINT_136_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | Integrate Surface.Secrets into Scanner Worker/WebService/BuildX for registry + CAS creds. | SURFACE-SECRETS-02 | | | SURFACE-SECRETS-05 | TODO | | SPRINT_136_scanner_surface | Zastava Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | Invoke Surface.Secrets from Zastava Observer/Webhook for CAS & attestation secrets. | SURFACE-SECRETS-02 | | | SURFACE-SECRETS-06 | TODO | | SPRINT_136_scanner_surface | Ops Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | Update deployment manifests/offline kit bundles to provision secret references instead of raw values. | SURFACE-SECRETS-03 | | | SURFACE-VAL-01 | DOING | 2025-11-01 | SPRINT_136_scanner_surface | Scanner Guild, Security Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | Define the Surface validation framework (`surface-validation.md`) covering env/cache/secret checks and extension hooks. | SURFACE-FS-01; SURFACE-ENV-01 | SCSS0102 | | SURFACE-VAL-02 | TODO | | SPRINT_136_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | Implement base validation library with check registry and default validators for env/cached manifests/secret refs. | SURFACE-VAL-01; SURFACE-ENV-02; SURFACE-FS-02 | SCSS0102 | | SURFACE-VAL-03 | TODO | | SPRINT_136_scanner_surface | Scanner Guild, Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | Integrate validation pipeline into Scanner analyzers so checks run before processing. | SURFACE-VAL-02 | SCSS0102 | | SURFACE-VAL-04 | TODO | | SPRINT_136_scanner_surface | Scanner Guild, Zastava Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | Expose validation helpers to Zastava and other runtime consumers for preflight checks. | SURFACE-VAL-02 | SCSS0102 | | SURFACE-VAL-05 | TODO | | SPRINT_136_scanner_surface | Docs Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | Document validation extensibility, registration, and customization in scanner-engine guides. | SURFACE-VAL-02 | SCSS0102 | | SVC-32-001 | TODO | | SPRINT_151_orchestrator_i | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | | | SVC-32-002 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | | | SVC-32-003 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | | | SVC-32-004 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | | | SVC-32-005 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | | | SVC-33-001 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | | | SVC-33-002 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | | | SVC-33-003 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | | | SVC-33-004 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | | | SVC-34-001 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | | | SVC-34-002 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | | | SVC-34-003 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | | | SVC-34-004 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | | | SVC-35-001 | BLOCKED | 2025-10-29 | SPRINT_163_exportcenter_ii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | | | SVC-35-002 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | | | SVC-35-003 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | | | SVC-35-004 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | | | SVC-35-005 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | | | SVC-35-006 | TODO | | SPRINT_164_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | | | SVC-35-101 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | | | SVC-36-001 | TODO | | SPRINT_164_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | | | SVC-36-002 | TODO | | SPRINT_164_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | | | SVC-36-003 | TODO | | SPRINT_164_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | | | SVC-36-004 | TODO | | SPRINT_164_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | | | SVC-36-101 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | | | SVC-37-001 | TODO | | SPRINT_164_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | | | SVC-37-002 | TODO | | SPRINT_164_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | | | SVC-37-003 | TODO | | SPRINT_164_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | | | SVC-37-004 | TODO | | SPRINT_164_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | | | SVC-37-101 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | | | SVC-38-002 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | | | | | SVC-38-003 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | | | | | SVC-38-004 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | | | | | SVC-38-101 | TODO | | SPRINT_153_orchestrator_iii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | | | SVC-39-001 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | | | | | SVC-39-002 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | | | | | SVC-39-003 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | | | | | SVC-39-004 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | | | | | SVC-40-001 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | | | | | SVC-40-002 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | | | | | SVC-40-003 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | | | | | SVC-40-004 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | | | | | SVC-41-101 | TODO | | SPRINT_153_orchestrator_iii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | | | SVC-42-101 | TODO | | SPRINT_153_orchestrator_iii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | | | SVC-43-001 | TODO | | SPRINT_164_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | | | SYM-007 | TODO | | SPRINT_401_reachability_evidence_chain | Scanner Worker Guild & Docs Guild (`src/Scanner/StellaOps.Scanner.Models`, `docs/modules/scanner/architecture.md`, `docs/reachability/function-level-evidence.md`) | `src/Scanner/StellaOps.Scanner.Models`, `docs/modules/scanner/architecture.md`, `docs/reachability/function-level-evidence.md` | | | | | SYMS-70-003 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild, Symbols Guild (docs) | | | | | | SYMS-90-005 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild, Symbols Guild (ops/devops) | ops/devops | | | | | SYMS-BUNDLE-401-014 | TODO | | SPRINT_401_reachability_evidence_chain | Symbols Guild · Ops | `src/Symbols/StellaOps.Symbols.Bundle`, `ops` | Produce deterministic symbol bundles for air-gapped installs (`symbols bundle create | Depends on #1 | RBSY0101 | | SYMS-CLIENT-401-012 | TODO | | SPRINT_401_reachability_evidence_chain | Symbols Guild · Scanner Guild | `src/Symbols/StellaOps.Symbols.Client`, `src/Scanner/StellaOps.Scanner.Symbolizer` | Ship `StellaOps.Symbols.Client` SDK (resolve/upload APIs, platform key derivation for ELF/PDB/Mach-O/JVM/Node, disk LRU cache) and integrate with Scanner.Symbolizer/runtime probes (ref. `docs/specs/SYMBOL_MANIFEST_v1.md`). | Depends on #3 | RBSY0101 | | SYMS-INGEST-401-013 | TODO | | SPRINT_401_reachability_evidence_chain | Symbols Guild · DevOps Guild | `src/Symbols/StellaOps.Symbols.Ingestor.Cli`, `docs/specs/SYMBOL_MANIFEST_v1.md` | Build `symbols ingest` CLI to emit DSSE-signed `SymbolManifest v1`, upload blobs, and register Rekor entries; document GitLab/Gitea pipeline usage. | Needs manifest updates from #1 | RBSY0101 | | SYMS-SERVER-401-011 | TODO | | SPRINT_401_reachability_evidence_chain | Symbols Guild | `src/Symbols/StellaOps.Symbols.Server` | Deliver `StellaOps.Symbols.Server` (REST+gRPC) with DSSE-verified uploads, Mongo/MinIO storage, tenant isolation, and deterministic debugId indexing; publish health/manifest APIs (spec: `docs/specs/SYMBOL_MANIFEST_v1.md`). | Depends on #5 | RBSY0101 | | TASKRUN-41-001 | TODO | | SPRINT_157_taskrunner_i | Task Runner Guild | src/TaskRunner/StellaOps.TaskRunner | Bootstrap service, define migrations for `pack_runs`, `pack_run_logs`, `pack_artifacts`, implement run API (create/get/log stream), local executor, approvals pause, artifact capture, and provenance manifest generation. | 41-001 | ORTR0101 | | TASKRUN-AIRGAP-56-001 | TODO | | SPRINT_157_taskrunner_i | Task Runner Guild · AirGap Policy Guild | src/TaskRunner/StellaOps.TaskRunner | Enforce plan-time validation rejecting steps with non-allowlisted network calls in sealed mode and surface remediation errors. | TASKRUN-41-001 | ORTR0101 | | TASKRUN-AIRGAP-56-002 | TODO | | SPRINT_157_taskrunner_i | Task Runner Guild · AirGap Importer Guild | src/TaskRunner/StellaOps.TaskRunner | Add helper steps for bundle ingestion (checksum verification, staging to object store) with deterministic outputs. Dependencies: TASKRUN-AIRGAP-56-001. | TASKRUN-AIRGAP-56-001 | ORTR0101 | | TASKRUN-AIRGAP-57-001 | TODO | | SPRINT_157_taskrunner_i | Task Runner Guild · AirGap Controller Guild | src/TaskRunner/StellaOps.TaskRunner | Refuse to execute plans when environment sealed=false but declared sealed install; emit advisory timeline events. Dependencies: TASKRUN-AIRGAP-56-002. | TASKRUN-AIRGAP-56-002 | ORTR0101 | | TASKRUN-AIRGAP-58-001 | TODO | | SPRINT_157_taskrunner_i | Task Runner Guild · Evidence Locker Guild | src/TaskRunner/StellaOps.TaskRunner | Capture bundle import job transcripts, hashed inputs, and outputs into portable evidence bundles. Dependencies: TASKRUN-AIRGAP-57-001. | TASKRUN-AIRGAP-57-001 | ORTR0101 | | TASKRUN-OAS-61-001 | TODO | | SPRINT_157_taskrunner_i | Task Runner Guild · API Contracts Guild | src/TaskRunner/StellaOps.TaskRunner | Document Task Runner APIs (pack runs, logs, approvals) in service OAS, including streaming response schemas and examples. | TASKRUN-41-001 | ORTR0101 | | TASKRUN-OAS-61-002 | TODO | | SPRINT_157_taskrunner_i | Task Runner Guild | src/TaskRunner/StellaOps.TaskRunner | Expose `GET /.well-known/openapi` returning signed spec metadata, build version, and ETag. Dependencies: TASKRUN-OAS-61-001. | TASKRUN-OAS-61-001 | ORTR0101 | | TASKRUN-OAS-62-001 | TODO | | SPRINT_157_taskrunner_i | Task Runner Guild · SDK Generator Guild | src/TaskRunner/StellaOps.TaskRunner | Provide SDK examples for pack run lifecycle; ensure SDKs offer streaming log helpers and paginator wrappers. Dependencies: TASKRUN-OAS-61-002. | TASKRUN-OAS-61-002 | ORTR0102 | | TASKRUN-OAS-63-001 | TODO | | SPRINT_157_taskrunner_i | Task Runner Guild · API Governance Guild | src/TaskRunner/StellaOps.TaskRunner | Implement deprecation header support and Sunset handling for legacy pack APIs; emit notifications metadata. Dependencies: TASKRUN-OAS-62-001. | TASKRUN-OAS-62-001 | ORTR0102 | | TASKRUN-OBS-50-001 | TODO | | SPRINT_157_taskrunner_i | Task Runner Guild | src/TaskRunner/StellaOps.TaskRunner | Adopt telemetry core in Task Runner host + worker executors, ensuring step execution spans/logs include `trace_id`, `tenant_id`, `run_id`, and scrubbed command transcripts. | ORTR0101 telemetry hooks | ORTR0102 | | TASKRUN-OBS-51-001 | TODO | | SPRINT_157_taskrunner_i | Task Runner Guild · DevOps Guild | src/TaskRunner/StellaOps.TaskRunner | Emit metrics for step latency, retries, queue depth, sandbox resource usage; define SLOs for pack run completion and failure rate; surface burn-rate alerts to collector/Notifier. Dependencies: TASKRUN-OBS-50-001. | TASKRUN-OBS-50-001 | ORTR0102 | | TASKRUN-OBS-52-001 | TODO | | SPRINT_157_taskrunner_i | Task Runner Guild | src/TaskRunner/StellaOps.TaskRunner | Produce timeline events for pack runs (`pack.started`, `pack.step.completed`, `pack.failed`) containing evidence pointers and policy gate context. Provide dedupe + retry logic. Dependencies: TASKRUN-OBS-51-001. | TASKRUN-OBS-50-001 | ORTR0102 | | TASKRUN-OBS-53-001 | TODO | | SPRINT_157_taskrunner_i | Task Runner Guild · Evidence Locker Guild | src/TaskRunner/StellaOps.TaskRunner | Capture step transcripts, artifact manifests, environment digests, and policy approvals into evidence locker snapshots; ensure redaction + hash chain coverage. Dependencies: TASKRUN-OBS-52-001. | TASKRUN-OBS-52-001 | ORTR0102 | | TASKRUN-OBS-54-001 | TODO | | SPRINT_158_taskrunner_ii | Task Runner Guild · Provenance Guild | src/TaskRunner/StellaOps.TaskRunner | Generate DSSE attestations for pack runs (subjects = produced artifacts) and expose verification API/CLI integration. Store references in timeline events. Dependencies: TASKRUN-OBS-53-001. | TASKRUN-OBS-53-001 | ORTR0102 | | TASKRUN-OBS-55-001 | TODO | | SPRINT_158_taskrunner_ii | Task Runner Guild · DevOps Guild | src/TaskRunner/StellaOps.TaskRunner | Implement incident mode escalations (extra telemetry, debug artifact capture, retention bump) and align on automatic activation via SLO breach webhooks. Dependencies: TASKRUN-OBS-54-001. | TASKRUN-OBS-54-001 | ORTR0102 | | TASKRUN-TEN-48-001 | TODO | | SPRINT_158_taskrunner_ii | Task Runner Guild | src/TaskRunner/StellaOps.TaskRunner | Require tenant/project context for every pack run, set DB/object-store prefixes, block egress when tenant restricted, and propagate context to steps/logs. | TASKRUN-AIRGAP-58-001 | ORTR0101 | | TELEMETRY-DOCS-0001 | TODO | | SPRINT_330_docs_modules_telemetry | Docs Guild | docs/modules/telemetry | Validate that telemetry module docs reflect the new storage stack and isolation rules. | Ops checklist from DVDO0103 | DOTL0101 | | TELEMETRY-DOCS-0001 | TODO | | SPRINT_330_docs_modules_telemetry | Docs Guild | docs/modules/telemetry | Validate that telemetry module docs reflect the new storage stack and isolation rules. | Ops checklist from DVDO0103 | DOTL0101 | | TELEMETRY-ENG-0001 | TODO | | SPRINT_330_docs_modules_telemetry | Module Team | docs/modules/telemetry | Ensure milestones stay in sync with telemetry sprints in `docs/implplan`. | TLTY0101 API review | DOTL0101 | | TELEMETRY-OBS-50-001 | DOING | | SPRINT_170_notifications_telemetry | Telemetry Core Guild | src/Telemetry/StellaOps.Telemetry.Core | Core bootstrap coding active (50-001); propagation adapters (50-002) queued pending package publication. | 50-002 dashboards | TLTY0101 | | TELEMETRY-OBS-50-002 | DOING | | SPRINT_170_notifications_telemetry | Telemetry Core Guild | src/Telemetry/StellaOps.Telemetry.Core | OBS-50-001 rollout | OBS-50-001 rollout | TLTY0101 | | TELEMETRY-OBS-51-001 | TODO | | SPRINT_170_notifications_telemetry | Telemetry Core Guild | src/Telemetry/StellaOps.Telemetry.Core | Roslyn analyzer + scrub policy review pending Security Guild approval. | 51-002 scope review | TLTY0101 | | TELEMETRY-OBS-51-002 | TODO | | SPRINT_170_notifications_telemetry | Telemetry Core Guild | src/Telemetry/StellaOps.Telemetry.Core | OBS-51-001 shadow mode | OBS-51-001 shadow mode | TLTY0101 | | TELEMETRY-OBS-55-001 | TODO | | SPRINT_170_notifications_telemetry | Telemetry Core Guild · Observability Guild | src/Telemetry/StellaOps.Telemetry.Core | Requires CLI toggle contract (CLI-OBS-12-001) and Notify incident payload spec (NOTIFY-OBS-55-001). | 56-001 event schema | TLTY0101 | | TELEMETRY-OBS-56-001 | TODO | | SPRINT_174_telemetry | Telemetry Core Guild | src/Telemetry/StellaOps.Telemetry.Core | Add sealed-mode telemetry helpers (drift metrics, seal/unseal spans, offline exporters) and ensure hosts can disable external exporters when sealed. Dependencies: TELEMETRY-OBS-55-001. | OBS-55-001 output | TLTY0101 | | TELEMETRY-OPS-0001 | TODO | | SPRINT_330_docs_modules_telemetry | Ops Guild | docs/modules/telemetry | Review telemetry runbooks/observability dashboards post-demo. | DVDO0103 deployment notes | DOTL0101 | | TEN-47-001 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | | | TEN-48-001 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | | | | | TEN-49-001 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | | | TEST-186-006 | TODO | | SPRINT_186_record_deterministic_execution | Signing Guild, QA Guild (`src/Signer/StellaOps.Signer.Tests`) | `src/Signer/StellaOps.Signer.Tests` | | | | | TEST-62-001 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild, Contract Testing Guild (docs) | | | | | | TIME-57-001 | TODO | | SPRINT_110_ingestion_evidence | Exporter Guild · AirGap Time Guild · CLI Guild | | | PROGRAM-STAFF-1001 | | | TIME-57-002 | TODO | | SPRINT_510_airgap | Exporter Guild · AirGap Time Guild · CLI Guild | src/AirGap/StellaOps.AirGap.Time | PROGRAM-STAFF-1001 | PROGRAM-STAFF-1001 | AGTM0101 | | TIME-58-001 | TODO | | SPRINT_510_airgap | AirGap Time Guild | src/AirGap/StellaOps.AirGap.Time | AIRGAP-TIME-58-001 | AIRGAP-TIME-58-001 | AGTM0101 | | TIME-58-002 | TODO | | SPRINT_510_airgap | AirGap Time Guild · Notifications Guild | src/AirGap/StellaOps.AirGap.Time | TIME-58-001 | TIME-58-001 | AGTM0101 | | TIMELINE-OBS-52-001 | TODO | | SPRINT_160_export_evidence | Timeline Indexer Guild | | Timeline Indexer Guild | | | | TIMELINE-OBS-52-002 | TODO | | SPRINT_160_export_evidence | Timeline Indexer Guild | | Timeline Indexer Guild | | | | TIMELINE-OBS-52-003 | TODO | | SPRINT_160_export_evidence | Timeline Indexer Guild | | Timeline Indexer Guild | | | | TIMELINE-OBS-52-004 | TODO | | SPRINT_160_export_evidence | Timeline Indexer + Security Guilds | | Timeline Indexer + Security Guilds | | | | TIMELINE-OBS-53-001 | TODO | | SPRINT_160_export_evidence | Timeline Indexer + Evidence Locker Guilds | | Timeline Indexer + Evidence Locker Guilds | | | | UI-401-027 | TODO | | SPRINT_401_reachability_evidence_chain | UI Guild · CLI Guild (`src/UI/StellaOps.UI`, `src/Cli/StellaOps.Cli`, `docs/uncertainty/README.md`) | `src/UI/StellaOps.UI`, `src/Cli/StellaOps.Cli`, `docs/uncertainty/README.md` | | | | | UI-AOC-19-001 | TODO | | SPRINT_209_ui_i | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Add Sources dashboard tiles showing AOC pass/fail, recent violation codes, and ingest throughput per tenant. | | | | UI-AOC-19-002 | TODO | | SPRINT_209_ui_i | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Implement violation drill-down view highlighting offending document fields and provenance metadata. Dependencies: UI-AOC-19-001. | | | | UI-AOC-19-003 | TODO | | SPRINT_209_ui_i | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Add "Verify last 24h" action triggering AOC verifier endpoint and surfacing CLI parity guidance. Dependencies: UI-AOC-19-002. | | | | UI-CLI-401-007 | TODO | | SPRINT_401_reachability_evidence_chain | UI & CLI Guilds (`src/Cli/StellaOps.Cli`, `src/UI/StellaOps.UI`) | `src/Cli/StellaOps.Cli`, `src/UI/StellaOps.UI` | Implement CLI `stella graph explain` + UI explain drawer showing signed call-path, predicates, runtime hits, and DSSE pointers; include counterfactual controls. | | | | UI-DOCS-0001 | TODO | | SPRINT_331_docs_modules_ui | Docs Guild (docs/modules/ui) | docs/modules/ui | | | | | UI-ENG-0001 | TODO | | SPRINT_331_docs_modules_ui | Module Team (docs/modules/ui) | docs/modules/ui | | | | | UI-ENTROPY-40-001 | TODO | | SPRINT_209_ui_i | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Visualise entropy analysis per image (layer donut, file heatmaps, “Why risky?” chips) in Vulnerability Explorer and scan details, including opaque byte ratios and detector hints (see `docs/modules/scanner/entropy.md`). | | | | UI-ENTROPY-40-002 | TODO | | SPRINT_209_ui_i | UI Guild, Policy Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Add policy banners/tooltips explaining entropy penalties (block/warn thresholds, mitigation steps) and link to raw `entropy.report.json` evidence downloads (`docs/modules/scanner/entropy.md`). Dependencies: UI-ENTROPY-40-001. | | | | UI-EXC-25-001 | TODO | | SPRINT_209_ui_i | UI Guild, Governance Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Build Exception Center (list + kanban) with filters, sorting, workflow transitions, and audit views. | | | | UI-EXC-25-002 | TODO | | SPRINT_209_ui_i | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Implement exception creation wizard with scope preview, justification templates, timebox guardrails. Dependencies: UI-EXC-25-001. | | | | UI-EXC-25-003 | TODO | | SPRINT_209_ui_i | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Add inline exception drafting/proposing from Vulnerability Explorer and Graph detail panels with live simulation. Dependencies: UI-EXC-25-002. | | | | UI-EXC-25-004 | TODO | | SPRINT_209_ui_i | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Surface exception badges, countdown timers, and explain integration across Graph/Vuln Explorer and policy views. Dependencies: UI-EXC-25-003. | | | | UI-EXC-25-005 | TODO | | SPRINT_209_ui_i | UI Guild, Accessibility Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Add keyboard shortcuts (`x`,`a`,`r`) and ensure screen-reader messaging for approvals/revocations. Dependencies: UI-EXC-25-004. | | | | UI-GRAPH-21-001 | TODO | | SPRINT_209_ui_i | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Align Graph Explorer auth configuration with new `graph:*` scopes; consume scope identifiers from shared `StellaOpsScopes` exports (via generated SDK/config) instead of hard-coded strings. | | | | UI-GRAPH-24-001 | TODO | | SPRINT_209_ui_i | UI Guild, SBOM Service Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Build Graph Explorer canvas with layered/radial layouts, virtualization, zoom/pan, and scope toggles; initial render <1.5s for sample asset. Dependencies: UI-GRAPH-21-001. | | | | UI-GRAPH-24-002 | TODO | | SPRINT_209_ui_i | UI Guild, Policy Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Implement overlays (Policy, Evidence, License, Exposure), simulation toggle, path view, and SBOM diff/time-travel with accessible tooltips/AOC indicators. Dependencies: UI-GRAPH-24-001. | | | | UI-GRAPH-24-003 | TODO | | SPRINT_209_ui_i | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Deliver filters/search panel with facets, saved views, permalinks, and share modal. Dependencies: UI-GRAPH-24-002. | | | | UI-GRAPH-24-004 | TODO | | SPRINT_209_ui_i | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Add side panels (Details, What-if, History) with upgrade simulation integration and SBOM diff viewer. Dependencies: UI-GRAPH-24-003. | | | | UI-GRAPH-24-006 | TODO | | SPRINT_209_ui_i | UI Guild, Accessibility Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Ensure accessibility (keyboard nav, screen reader labels, contrast), add hotkeys (`f`,`e`,`.`), and analytics instrumentation. Dependencies: UI-GRAPH-24-004. | | | | UI-LNM-22-001 | TODO | | SPRINT_209_ui_i | UI Guild, Policy Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Build Evidence panel showing policy decision with advisory observations/linksets side-by-side, conflict badges, AOC chain, and raw doc download links. Docs `DOCS-LNM-22-005` waiting on delivered UI for screenshots + flows. | | | | UI-LNM-22-002 | TODO | | SPRINT_210_ui_ii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Implement filters (source, severity bucket, conflict-only, CVSS vector presence) and pagination/lazy loading for large linksets. Docs depend on finalized filtering UX. Dependencies: UI-LNM-22-001. | | | | UI-LNM-22-003 | TODO | | SPRINT_210_ui_ii | UI Guild, Excititor Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Add VEX tab with status/justification summaries, conflict indicators, and export actions. Required for `DOCS-LNM-22-005` coverage of VEX evidence tab. Dependencies: UI-LNM-22-002. | | | | UI-LNM-22-004 | TODO | | SPRINT_210_ui_ii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Provide permalink + copy-to-clipboard for selected component/linkset/policy combination; ensure high-contrast theme support. Dependencies: UI-LNM-22-003. | | | | UI-OPS-0001 | TODO | | SPRINT_331_docs_modules_ui | Ops Guild (docs/modules/ui) | docs/modules/ui | | | | | UI-ORCH-32-001 | TODO | | SPRINT_210_ui_ii | UI Guild, Console Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Update Console RBAC mappings to surface `Orch.Viewer`, request `orch:read` scope in token flows, and gate dashboard access/messaging accordingly. | | | | UI-POLICY-13-007 | TODO | | SPRINT_210_ui_ii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Surface policy confidence metadata (band, age, quiet provenance) on preview and report views. | | | | UI-POLICY-20-001 | TODO | | SPRINT_210_ui_ii | UI Guild | src/UI/StellaOps.UI | Ship Monaco-based policy editor with DSL syntax highlighting, diagnostics, and checklist sidebar. | POLICY-13-007 | UIPD0101 | | UI-POLICY-20-002 | TODO | | SPRINT_210_ui_ii | UI Guild | src/UI/StellaOps.UI | Build simulation panel showing before/after counts, severity deltas, deterministic diffs. | UI-POLICY-20-001 | UIPD0101 | | UI-POLICY-20-003 | TODO | | SPRINT_210_ui_ii | UI/ProdOps Guild | src/UI/StellaOps.UI | Implement submit/review/approve workflow with comments, approvals log, and RBAC checks aligned to new Policy Studio roles (`policy:author`/`policy:review`/`policy:approve`/`policy:operate`). Dependencies: UI-POLICY-20-002. | Requires 20-002 results | | | UI-POLICY-20-004 | TODO | | SPRINT_210_ui_ii | UI Guild · Observability Guild | src/UI/StellaOps.UI | Add run viewer dashboards (rule heatmap, VEX wins, suppressions) with filter/search and export. Dependencies: UI-POLICY-20-003. | Depends on 20-003 | | | UI-POLICY-23-001 | TODO | | SPRINT_210_ui_ii | UI Guild, Policy Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Deliver Policy Editor workspace with pack list, revision history, and scoped metadata cards. Dependencies: UI-POLICY-20-004. | | | | UI-POLICY-23-002 | TODO | | SPRINT_210_ui_ii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Implement YAML editor with schema validation, lint diagnostics, and live canonicalization preview. Dependencies: UI-POLICY-23-001. | | | | UI-POLICY-23-003 | TODO | | SPRINT_210_ui_ii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Build guided rule builder (source preferences, severity mapping, VEX precedence, exceptions) with preview JSON output. Dependencies: UI-POLICY-23-002. | | | | UI-POLICY-23-004 | TODO | | SPRINT_210_ui_ii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Add review/approval workflow UI: checklists, comments, two-person approval indicator, scope scheduling. Dependencies: UI-POLICY-23-003. | | | | UI-POLICY-23-005 | TODO | | SPRINT_210_ui_ii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Integrate simulator panel (SBOM/component/advisory selection), run diff vs active policy, show explain tree and overlays. Dependencies: UI-POLICY-23-004. | | | | UI-POLICY-23-006 | TODO | | SPRINT_210_ui_ii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Implement explain view linking to evidence overlays and exceptions; provide export to JSON/PDF. Dependencies: UI-POLICY-23-005. | | | | UI-POLICY-27-001 | TODO | | SPRINT_211_ui_iii | UI Guild, Product Ops (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Update Console policy workspace RBAC guards, scope requests, and user messaging to reflect the new Policy Studio roles/scopes (`policy:author/review/approve/operate/audit/simulate`), including Cypress auth stubs and help text. Dependencies: UI-POLICY-23-006. | | | | UI-POLICY-DET-01 | TODO | | SPRINT_209_ui_i | UI Guild, Policy Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Wire policy gate indicators + remediation hints into Release/Policy flows, blocking publishes when determinism checks fail; coordinate with Policy Engine schema updates. Dependencies: UI-SBOM-DET-01. | | | | UI-SBOM-DET-01 | TODO | | SPRINT_209_ui_i | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Add a “Determinism” badge plus drill-down that surfaces fragment hashes, `_composition.json`, and Merkle root consistency when viewing scan details (per `docs/modules/scanner/deterministic-sbom-compose.md`). | | | | UI-SIG-26-001 | TODO | | SPRINT_211_ui_iii | UI Guild, Signals Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Add reachability columns/badges to Vulnerability Explorer with filters and tooltips. | | | | UI-SIG-26-002 | TODO | | SPRINT_211_ui_iii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Enhance “Why” drawer with call path visualization, reachability timeline, and evidence list. Dependencies: UI-SIG-26-001. | | | | UI-SIG-26-003 | TODO | | SPRINT_211_ui_iii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Add reachability overlay halos/time slider to SBOM Graph along with state legend. Dependencies: UI-SIG-26-002. | | | | UI-SIG-26-004 | TODO | | SPRINT_211_ui_iii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Build Reachability Center view showing asset coverage, missing sensors, and stale facts. Dependencies: UI-SIG-26-003. | | | | UNCERTAINTY-POLICY-401-026 | TODO | | SPRINT_401_reachability_evidence_chain | Policy Guild · Concelier Guild (`docs/policy/dsl.md`, `docs/uncertainty/README.md`) | `docs/policy/dsl.md`, `docs/uncertainty/README.md` | Update policy guidance (Concelier/Excitors) with uncertainty gates (U1/U2/U3), sample YAML rules, and remediation actions. | | | | UNCERTAINTY-SCHEMA-401-024 | TODO | | SPRINT_401_reachability_evidence_chain | Signals Guild (`src/Signals/StellaOps.Signals`, `docs/uncertainty/README.md`) | `src/Signals/StellaOps.Signals`, `docs/uncertainty/README.md` | Extend Signals findings with `uncertainty.states[]`, entropy fields, and `riskScore`; emit `FindingUncertaintyUpdated` events and persist evidence per docs. | | | | UNCERTAINTY-SCORER-401-025 | TODO | | SPRINT_401_reachability_evidence_chain | Signals Guild (`src/Signals/StellaOps.Signals.Application`, `docs/uncertainty/README.md`) | `src/Signals/StellaOps.Signals.Application`, `docs/uncertainty/README.md` | Implement the entropy-aware risk scorer (`riskScore = base × reach × trust × (1 + entropyBoost)`) and wire it into finding writes. | | | | UNCERTAINTY-UI-401-027 | TODO | | SPRINT_401_reachability_evidence_chain | UI Guild · CLI Guild (`src/UI/StellaOps.UI`, `src/Cli/StellaOps.Cli`, `docs/uncertainty/README.md`) | `src/UI/StellaOps.UI`, `src/Cli/StellaOps.Cli`, `docs/uncertainty/README.md` | Surface uncertainty chips/tooltips in the Console (React UI) + CLI output (risk score + entropy states). | | | | VAL-01 | DOING | 2025-11-01 | SPRINT_136_scanner_surface | Scanner Guild, Security Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | | SURFACE-FS-01; SURFACE-ENV-01 | | | VAL-02 | TODO | | SPRINT_136_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | | SURFACE-VAL-01; SURFACE-ENV-02; SURFACE-FS-02 | | | VAL-03 | TODO | | SPRINT_136_scanner_surface | Scanner Guild, Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | | SURFACE-VAL-02 | | | VAL-04 | TODO | | SPRINT_136_scanner_surface | Scanner Guild, Zastava Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | | SURFACE-VAL-02 | | | VAL-05 | TODO | | SPRINT_136_scanner_surface | Docs Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | | SURFACE-VAL-02 | | | VERIFY-186-007 | TODO | | SPRINT_186_record_deterministic_execution | Authority Guild, Provenance Guild (`src/Authority/StellaOps.Authority`, `src/Provenance/StellaOps.Provenance.Attestation`) | `src/Authority/StellaOps.Authority`, `src/Provenance/StellaOps.Provenance.Attestation` | | | | | VEX-006 | TODO | | SPRINT_401_reachability_evidence_chain | Policy, Excititor, UI, CLI & Notify Guilds (`docs/modules/excititor/architecture.md`, `src/Cli/StellaOps.Cli`, `src/UI/StellaOps.UI`, `docs/09_API_CLI_REFERENCE.md`) | `docs/modules/excititor/architecture.md`, `src/Cli/StellaOps.Cli`, `src/UI/StellaOps.UI`, `docs/09_API_CLI_REFERENCE.md` | | | | | VEX-30-001 | DOING | 2025-11-08 | SPRINT_212_web_i | Console Guild, BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | | | | | VEX-30-002 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | | | VEX-30-003 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | | | VEX-30-004 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | | | VEX-30-005 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild, Console Guild (docs) | | | | | | VEX-30-006 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild, Policy Guild (docs) | | | | DOVX0101 | | VEX-30-007 | TODO | | SPRINT_216_web_v | BE-Base Platform Guild, VEX Lens Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | | | DOVX0101 | | VEX-30-008 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild, Security Guild (docs) | | | | DOVX0101 | | VEX-30-009 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild, DevOps Guild (docs) | | | | DOVX0101 | | VEX-401-006 | TODO | | SPRINT_401_reachability_evidence_chain | Policy Guild (`src/Policy/StellaOps.Policy.Engine`, `src/Policy/__Libraries/StellaOps.Policy`) | `src/Policy/StellaOps.Policy.Engine`, `src/Policy/__Libraries/StellaOps.Policy` | | | DOVX0101 | | VEX-401-010 | TODO | | SPRINT_401_reachability_evidence_chain | Policy Guild (`src/Policy/StellaOps.Policy.Engine/Vex`, `docs/modules/policy/architecture.md`, `docs/benchmarks/vex-evidence-playbook.md`) | `src/Policy/StellaOps.Policy.Engine/Vex`, `docs/modules/policy/architecture.md`, `docs/benchmarks/vex-evidence-playbook.md` | | | DOVX0101 | | VEX-401-011 | TODO | | SPRINT_401_reachability_evidence_chain | verify | | | | DOVX0101 | | VEX-401-012 | TODO | | SPRINT_401_reachability_evidence_chain | Docs Guild (`docs/benchmarks/vex-evidence-playbook.md`, `bench/README.md`) | `docs/benchmarks/vex-evidence-playbook.md`, `bench/README.md` | | | DOVX0101 | | VEX-401-018 | TODO | | SPRINT_401_reachability_evidence_chain | Signing Guild (`src/Signer/StellaOps.Signer`, `docs/modules/signer/architecture.md`) | `src/Signer/StellaOps.Signer`, `docs/modules/signer/architecture.md` | | | DOVX0101 | | VEX-CONSENSUS-LENS-DOCS-0001 | TODO | | SPRINT_332_docs_modules_vex_lens | Docs Guild (docs/modules/vex-lens) | docs/modules/vex-lens | Refresh VEX Lens module docs with consensus workflow guidance and recent release links. | | DOVX0101 | | VEX-CONSENSUS-LENS-DOCS-0002 | TODO | 2025-11-05 | SPRINT_332_docs_modules_vex_lens | Docs Guild (docs/modules/vex-lens) | docs/modules/vex-lens | Pending DOCS-VEX-30-001..004 to add consensus doc cross-links | | | | VEX-CONSENSUS-LENS-ENG-0001 | TODO | | SPRINT_332_docs_modules_vex_lens | Module Team (docs/modules/vex-lens) | docs/modules/vex-lens | Sync into ../.. | | | | VEX-CONSENSUS-LENS-OPS-0001 | TODO | | SPRINT_332_docs_modules_vex_lens | Ops Guild (docs/modules/vex-lens) | docs/modules/vex-lens | Document outputs in ./README.md | | | | VEX-LENS-ENG-0001 | TODO | | SPRINT_332_docs_modules_vex_lens | Module Team (docs/modules/vex-lens) | docs/modules/vex-lens | Keep module milestones synchronized with VEX Lens sprints listed under `/docs/implplan`. | | | | VEX-LENS-OPS-0001 | TODO | | SPRINT_332_docs_modules_vex_lens | Ops Guild (docs/modules/vex-lens) | docs/modules/vex-lens | Review VEX Lens runbooks/observability assets post-demo. | | | | VEXLENS-30-001 | TODO | | SPRINT_115_concelier_iv | Concelier WebService Guild · VEX Lens Guild | src/Concelier/StellaOps.Concelier.WebService | — | — | PLVL0101 | | VEXLENS-30-002 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | Build product mapping library | VEXLENS-30-001 | PLVL0101 | | VEXLENS-30-003 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild · Issuer Directory Guild | src/VexLens/StellaOps.VexLens | Integrate signature verification | VEXLENS-30-002 | PLVL0101 | | VEXLENS-30-004 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild · Policy Guild | src/VexLens/StellaOps.VexLens | Implement trust weighting engine | VEXLENS-30-003 | PLVL0101 | | VEXLENS-30-005 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | Implement consensus algorithm producing `consensus_state`, `confidence`, `weights`, `quorum`, `rationale`; support states: NOT_AFFECTED, AFFECTED, FIXED, UNDER_INVESTIGATION, DISPUTED, INCONCLUSIVE | VEXLENS-30-004 | PLVL0101 | | VEXLENS-30-006 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild · Findings Ledger Guild | src/VexLens/StellaOps.VexLens | Materialize consensus projection storage with idempotent workers triggered by VEX/Policy changes; expose change events for downstream consumers | VEXLENS-30-005 | PLVL0101 | | VEXLENS-30-007 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | Expose APIs | VEXLENS-30-006 | PLVL0101 | | VEXLENS-30-008 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild · Policy Guild | src/VexLens/StellaOps.VexLens | Integrate consensus signals with Policy Engine | VEXLENS-30-007 | PLVL0101 | | VEXLENS-30-009 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild · Observability Guild | src/VexLens/StellaOps.VexLens | Instrument metrics | VEXLENS-30-008 | PLVL0101 | | VEXLENS-30-010 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild · QA Guild | src/VexLens/StellaOps.VexLens | Develop unit/property/integration/load tests | VEXLENS-30-009 | PLVL0101 | | VEXLENS-30-011 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild · DevOps Guild | src/VexLens/StellaOps.VexLens | Provide deployment manifests, caching configuration, scaling guides, offline kit seeds, and runbooks | VEXLENS-30-010 | PLVL0103 | | VEXLENS-AIAI-31-001 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | Expose consensus rationale API enhancements (policy factors, issuer details, mapping issues) for Advisory AI conflict explanations | — | PLVL0103 | | VEXLENS-AIAI-31-002 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | Provide caching hooks for consensus lookups used by Advisory AI | VEXLENS-AIAI-31-001 | PLVL0103 | | VEXLENS-EXPORT-35-001 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | Provide consensus snapshot API delivering deterministic JSONL (state, confidence, provenance) for exporter mirror bundles | — | PLVL0103 | | VEXLENS-ORCH-33-001 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | Register `consensus_compute` job type with orchestrator, integrate worker SDK, and expose job planning hooks for consensus batches | — | PLVL0103 | | VEXLENS-ORCH-34-001 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | Emit consensus completion events into orchestrator run ledger and provenance chain, including confidence metadata | VEXLENS-ORCH-33-001 | PLVL0103 | | VULN-29-001 | DOING | 2025-11-08 | SPRINT_212_web_i | Console Guild, BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | | | | | VULN-29-002 | TODO | | SPRINT_123_excititor_v | Excititor WebService Guild (src/Excititor/StellaOps.Excititor.WebService) | src/Excititor/StellaOps.Excititor.WebService | | | | | VULN-29-003 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | | | VULN-29-004 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild, Observability Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | | | VULN-29-005 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | | | VULN-29-006 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild, Docs Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | | | VULN-29-007 | TODO | | SPRINT_311_docs_tasks_md_xi | Docs Guild, Excititor Guild (docs) | | | | | | VULN-29-008 | TODO | | SPRINT_311_docs_tasks_md_xi | Docs Guild, Concelier Guild (docs) | | | | | | VULN-29-009 | TODO | | SPRINT_311_docs_tasks_md_xi | Docs Guild, SBOM Service Guild (docs) | | | | | | VULN-29-010 | TODO | | SPRINT_311_docs_tasks_md_xi | Docs Guild, Observability Guild (docs) | | | | | | VULN-29-011 | TODO | | SPRINT_311_docs_tasks_md_xi | Docs Guild, Security Guild (docs) | | | | | | VULN-29-012 | TODO | | SPRINT_311_docs_tasks_md_xi | Docs Guild, Ops Guild (docs) | | | | | | VULN-29-013 | TODO | | SPRINT_311_docs_tasks_md_xi | Docs Guild, Deployment Guild (docs) | | | | | | VULN-API-29-001 | TODO | | SPRINT_129_policy_reasoning | Vuln Explorer API Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Define OpenAPI spec (list/detail/query/simulation/workflow/export), query JSON schema, pagination/grouping contracts, and error codes | | PLVA0101 | | VULN-API-29-002 | TODO | | SPRINT_129_policy_reasoning | Vuln Explorer API Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Implement list/query endpoints with policy parameter, grouping, server paging, caching, and cost budgets | VULN-API-29-001 | PLVA0101 | | VULN-API-29-003 | TODO | | SPRINT_129_policy_reasoning | Vuln Explorer API Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Implement detail endpoint aggregating evidence, policy rationale, paths | VULN-API-29-002 | PLVA0101 | | VULN-API-29-004 | TODO | | SPRINT_129_policy_reasoning | Vuln Explorer API Guild, Findings Ledger Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Expose workflow endpoints | VULN-API-29-003 | PLVA0101 | | VULN-API-29-005 | TODO | | SPRINT_129_policy_reasoning | Vuln Explorer API Guild, Policy Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Implement simulation endpoint comparing `policy_from` vs `policy_to`, returning diffs without side effects; hook into Policy Engine batch eval | VULN-API-29-004 | PLVA0101 | | VULN-API-29-006 | TODO | | SPRINT_129_policy_reasoning | Vuln Explorer API Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Integrate resolver results with Graph Explorer: include shortest path metadata, line up deep-link parameters, expose `paths` array in details | VULN-API-29-005 | PLVA0101 | | VULN-API-29-007 | TODO | | SPRINT_129_policy_reasoning | Vuln Explorer API Guild, Security Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Enforce RBAC/ABAC scopes; implement CSRF/anti-forgery checks for Console; secure attachment URLs; audit logging | VULN-API-29-006 | PLVA0102 | | VULN-API-29-008 | TODO | | SPRINT_129_policy_reasoning | Vuln Explorer API Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Build export orchestrator producing signed bundles | VULN-API-29-007 | PLVA0102 | | VULN-API-29-009 | TODO | | SPRINT_129_policy_reasoning | Vuln Explorer API Guild, Observability Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Instrument metrics | VULN-API-29-008 | PLVA0102 | | VULN-API-29-010 | TODO | | SPRINT_129_policy_reasoning | Vuln Explorer API Guild, QA Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Provide unit/integration/perf tests | VULN-API-29-009 | PLVA0102 | | VULN-API-29-011 | TODO | | SPRINT_129_policy_reasoning | Vuln Explorer API Guild, DevOps Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Package deployment | VULN-API-29-010 | PLVA0102 | | VULNERABILITY-EXPLORER-DOCS-0001 | TODO | | SPRINT_334_docs_modules_vuln_explorer | Docs Guild (docs/modules/vuln-explorer) | docs/modules/vuln-explorer | Validate Vuln Explorer module docs against latest roadmap/releases and add evidence links. | | DOVL0101 | | VULNERABILITY-EXPLORER-ENG-0001 | TODO | | SPRINT_334_docs_modules_vuln_explorer | Module Team (docs/modules/vuln-explorer) | docs/modules/vuln-explorer | Keep sprint alignment notes in sync with Vuln Explorer sprints. | | | | VULNERABILITY-EXPLORER-OPS-0001 | TODO | | SPRINT_334_docs_modules_vuln_explorer | Ops Guild (docs/modules/vuln-explorer) | docs/modules/vuln-explorer | Review runbooks/observability assets after next demo. | | | | WEB-20-002 | BLOCKED | | SPRINT_155_scheduler_i | Scheduler WebService Guild (src/Scheduler/StellaOps.Scheduler.WebService) | src/Scheduler/StellaOps.Scheduler.WebService | | | | | WEB-AIAI-31-001 | TODO | | SPRINT_212_web_i | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Route `/advisory/ai/*` endpoints through gateway with RBAC/ABAC, rate limits, and telemetry headers. | | | | WEB-AIAI-31-002 | TODO | | SPRINT_212_web_i | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Provide batching job handlers and streaming responses for CLI automation with retry/backoff. Dependencies: WEB-AIAI-31-001. | | | | WEB-AIAI-31-003 | TODO | | SPRINT_212_web_i | BE-Base Platform Guild, Observability Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Emit metrics/logs (latency, guardrail blocks, validation failures) and forward anonymized prompt hashes to analytics. Dependencies: WEB-AIAI-31-002. | | | | WEB-AIRGAP-56-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | | | WEB-AIRGAP-56-002 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | | | WEB-AIRGAP-57-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild, AirGap Policy Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | | | WEB-AIRGAP-58-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild, AirGap Importer Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | | | WEB-AOC-19-002 | TODO | | SPRINT_212_web_i | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Ship `ProvenanceBuilder`, checksum utilities, and signature verification helper integrated with guard logging. Cover DSSE/CMS formats with unit tests. Dependencies: WEB-AOC-19-001. | | | | WEB-AOC-19-003 | TODO | | SPRINT_116_concelier_v | QA Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | | | WEB-AOC-19-004 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild, QA Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | | | WEB-AOC-19-005 | TODO | 2025-11-08 | SPRINT_116_concelier_v | Concelier WebService Guild, QA Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | | | WEB-AOC-19-006 | TODO | 2025-11-08 | SPRINT_116_concelier_v | Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | | | WEB-AOC-19-007 | TODO | 2025-11-08 | SPRINT_116_concelier_v | Concelier WebService Guild, QA Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | | | WEB-CONSOLE-23-001 | TODO | | SPRINT_212_web_i | BE-Base Platform Guild, Product Analytics Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Provide consolidated `/console/dashboard` and `/console/filters` APIs returning tenant-scoped aggregates (findings by severity, VEX override counts, advisory deltas, run health, policy change log). Enforce AOC labelling, deterministic ordering, and cursor-based pagination for drill-down hints. | | | | WEB-CONSOLE-23-002 | TODO | | SPRINT_212_web_i | BE-Base Platform Guild, Scheduler Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose `/console/status` polling endpoint and `/console/runs/{id}/stream` SSE/WebSocket proxy with heartbeat/backoff, queue lag metrics, and auth scope enforcement. Surface request IDs + retry headers. Dependencies: WEB-CONSOLE-23-001. | | | | WEB-CONSOLE-23-003 | TODO | | SPRINT_212_web_i | BE-Base Platform Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add `/console/exports` POST/GET routes coordinating evidence bundle creation, streaming CSV/JSON exports, checksum manifest retrieval, and signed attestation references. Ensure requests honor tenant + policy scopes and expose job tracking metadata. Dependencies: WEB-CONSOLE-23-002. | | | | WEB-CONSOLE-23-004 | TODO | | SPRINT_212_web_i | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement `/console/search` endpoint accepting CVE/GHSA/PURL/SBOM identifiers, performing fan-out queries with caching, ranking, and deterministic tie-breaking. Return typed results for Console navigation; respect result caps and latency SLOs. Dependencies: WEB-CONSOLE-23-003. | | | | WEB-CONSOLE-23-005 | TODO | | SPRINT_212_web_i | BE-Base Platform Guild, DevOps Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Serve `/console/downloads` JSON manifest (images, charts, offline bundles) sourced from signed registry metadata; include integrity hashes, release notes links, and offline instructions. Provide caching headers and documentation. Dependencies: WEB-CONSOLE-23-004. | | | | WEB-CONTAINERS-44-001 | TODO | | SPRINT_212_web_i | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose `/welcome` state, config discovery endpoint (safe values), and `QUICKSTART_MODE` handling for Console banner; add `/health/liveness`, `/health/readiness`, `/version` if missing. | | | | WEB-CONTAINERS-45-001 | TODO | | SPRINT_212_web_i | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Ensure readiness endpoints reflect DB/queue readiness, add feature flag toggles via config map, and document NetworkPolicy ports. Dependencies: WEB-CONTAINERS-44-001. | | | | WEB-CONTAINERS-46-001 | TODO | | SPRINT_212_web_i | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Provide offline-friendly asset serving (no CDN), allow overriding object store endpoints via env, and document fallback behavior. Dependencies: WEB-CONTAINERS-45-001. | | | | WEB-EXC-25-001 | TODO | | SPRINT_212_web_i | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement `/exceptions` API (create, propose, approve, revoke, list, history) with validation, pagination, and audit logging. | | | | WEB-EXC-25-002 | TODO | | SPRINT_213_web_ii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Extend `/policy/effective` and `/policy/simulate` responses to include exception metadata and accept overrides for simulations. Dependencies: WEB-EXC-25-001. | | | | WEB-EXC-25-003 | TODO | | SPRINT_213_web_ii | BE-Base Platform Guild, Platform Events Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Publish `exception.*` events, integrate with notification hooks, enforce rate limits. Dependencies: WEB-EXC-25-002. | | | | WEB-EXPORT-35-001 | TODO | | SPRINT_213_web_ii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Surface Export Center APIs (profiles/runs/download) through gateway with tenant scoping, streaming support, and viewer/operator scope checks. | | | | WEB-EXPORT-36-001 | TODO | | SPRINT_213_web_ii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add distribution routes (OCI/object storage), manifest/provenance proxies, and signed URL generation. Dependencies: WEB-EXPORT-35-001. | | | | WEB-EXPORT-37-001 | TODO | | SPRINT_213_web_ii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose scheduling, retention, encryption parameters, and verification endpoints with admin scope enforcement and audit logs. Dependencies: WEB-EXPORT-36-001. | | | | WEB-GRAPH-21-001 | BLOCKED | 2025-10-27 | SPRINT_213_web_ii | BE-Base Platform Guild, Graph Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add gateway routes for graph versions/viewport/node/path/diff/export endpoints with tenant enforcement, scope checks, and streaming responses; proxy Policy Engine diff toggles without inline logic. Adopt `StellaOpsScopes` constants for RBAC enforcement. | | | | WEB-GRAPH-21-002 | BLOCKED | 2025-10-27 | SPRINT_213_web_ii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement bbox/zoom/path parameter validation, pagination tokens, and deterministic ordering; add contract tests for boundary conditions. Dependencies: WEB-GRAPH-21-001. | | | | WEB-GRAPH-21-003 | BLOCKED | 2025-10-27 | SPRINT_213_web_ii | BE-Base Platform Guild, QA Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Map graph service errors to `ERR_Graph_*`, support GraphML/JSONL export streaming, and document rate limits. Dependencies: WEB-GRAPH-21-002. | | | | WEB-GRAPH-21-004 | BLOCKED | 2025-10-27 | SPRINT_213_web_ii | BE-Base Platform Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Proxy Policy Engine overlay responses for graph endpoints while keeping gateway stateless; maintain streaming budgets and latency SLOs. Dependencies: WEB-GRAPH-21-003. | | | | WEB-GRAPH-24-001 | TODO | | SPRINT_213_web_ii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Gateway proxy for Graph API and Policy overlays with RBAC, caching, pagination, ETags, and streaming; zero business logic. Dependencies: WEB-GRAPH-21-004. | | | | WEB-GRAPH-24-004 | TODO | | SPRINT_213_web_ii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Embed AOC summaries sourced from overlay services; ensure gateway does not compute derived severity or hints. Dependencies: WEB-GRAPH-24-001. | | | | WEB-LNM-21-001 | TODO | | SPRINT_213_web_ii | BE-Base Platform Guild, Concelier WebService Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Surface new `/advisories/*` APIs through gateway with caching, pagination, and RBAC enforcement (`advisory:read`). | | | | WEB-LNM-21-002 | TODO | | SPRINT_213_web_ii | BE-Base Platform Guild, Excititor WebService Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose `/vex/*` read APIs with evidence routes and export handlers; map `ERR_AGG_*` codes. Dependencies: WEB-LNM-21-001. | | | | WEB-LNM-21-003 | TODO | | SPRINT_214_web_iii | BE-Base Platform Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Provide combined endpoint for Console to fetch policy result + source evidence (advisory + VEX linksets) for a component. Dependencies: WEB-LNM-21-002. | | | | WEB-NOTIFY-38-001 | TODO | | SPRINT_214_web_iii | BE-Base Platform Guild | src/Web/StellaOps.Web | Route notifier APIs (`/notifications/*`) and WS feed through gateway with tenant scoping, viewer/operator scope enforcement, and SSE/WebSocket bridging. | Depends on #1 for signed ack spec | NOWB0101 | | WEB-NOTIFY-39-001 | TODO | | SPRINT_214_web_iii | BE-Base Platform Guild | src/Web/StellaOps.Web | Surface digest scheduling, quiet-hour/throttle management, and simulation APIs; ensure rate limits and audit logging. Dependencies: WEB-NOTIFY-38-001. | WEB-NOTIFY-38-001 | NOWB0101 | | WEB-NOTIFY-40-001 | TODO | | SPRINT_214_web_iii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose escalation, localization, channel health, and ack verification endpoints with admin scope enforcement and signed token validation. Dependencies: WEB-NOTIFY-39-001. | | | | WEB-OAS-61-001 | TODO | | SPRINT_124_excititor_vi | Excititor WebService Guild (src/Excititor/StellaOps.Excititor.WebService) | src/Excititor/StellaOps.Excititor.WebService | | | | | WEB-OAS-61-002 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | | | WEB-OAS-62-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | | | WEB-OAS-63-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild, API Governance Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | | | WEB-OBS-50-001 | TODO | | SPRINT_214_web_iii | BE-Base Platform Guild, Observability Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Integrate `StellaOps.Telemetry.Core` into gateway host, replace ad-hoc logging, ensure all routes emit trace/span IDs, tenant context, and scrubbed payload previews. | | | | WEB-OBS-51-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Paired with #1 for shared middleware | Paired with #1 for shared middleware | CNOB0102 | | WEB-OBS-52-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Dependent on CLI/VEX readiness (035_CLCI0105) for payload format | Dependent on CLI/VEX readiness (035_CLCI0105) for payload format | CNOB0102 | | WEB-OBS-53-001 | TODO | | SPRINT_117_concelier_vi | Concelier WebService Guild · Evidence Locker Guild | src/Concelier/StellaOps.Concelier.WebService | Needs Evidence Locker API spec from 002_ATEL0101 | Needs Evidence Locker API spec from 002_ATEL0101 | CNOB0102 | | WEB-OBS-54-001 | TODO | | SPRINT_117_concelier_vi | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Relies on shared exporter (1039_EXPORT-OBS-54-001) | Relies on shared exporter (1039_EXPORT-OBS-54-001) | CNOB0102 | | WEB-OBS-55-001 | TODO | | SPRINT_117_concelier_vi | Concelier WebService Guild · DevOps Guild | src/Concelier/StellaOps.Concelier.WebService | Wait for DevOps alert profiles (045_DVDO0103) | Wait for DevOps alert profiles (045_DVDO0103) | CNOB0102 | | WEB-OBS-56-001 | TODO | | SPRINT_214_web_iii | BE-Base Platform Guild, AirGap Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Extend telemetry core integration to expose sealed/unsealed status APIs, drift metrics, and Console widgets without leaking sealed-mode secrets. Dependencies: WEB-OBS-55-001. | | | | WEB-ORCH-32-001 | TODO | | SPRINT_214_web_iii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose `/orchestrator/sources | | | | WEB-ORCH-33-001 | TODO | | SPRINT_215_web_iv | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add POST action routes (`pause. Dependencies: WEB-ORCH-32-001. | | | | WEB-ORCH-34-001 | TODO | | SPRINT_215_web_iv | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Surface quotas/backfill APIs, queue/backpressure metrics, and error clustering routes with admin scope enforcement and audit logging. Dependencies: WEB-ORCH-33-001. | | | | WEB-POLICY-20-001 | TODO | | SPRINT_215_web_iv | BE-Base Platform Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement Policy CRUD/compile/run/simulate/findings/explain endpoints with OpenAPI, tenant scoping, and service identity enforcement. | | | | WEB-POLICY-20-002 | TODO | | SPRINT_215_web_iv | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add pagination, filtering, sorting, and tenant guards to listings for policies, runs, and findings; include deterministic ordering and query diagnostics. Dependencies: WEB-POLICY-20-001. | | | | WEB-POLICY-20-003 | TODO | | SPRINT_215_web_iv | BE-Base Platform Guild, QA Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Map engine errors to `ERR_POL_*` responses with consistent payloads and contract tests; expose correlation IDs in headers. Dependencies: WEB-POLICY-20-002. | | | | WEB-POLICY-20-004 | TODO | | SPRINT_215_web_iv | Platform Reliability Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Introduce adaptive rate limiting + quotas for simulation endpoints, expose metrics, and document retry headers. Dependencies: WEB-POLICY-20-003. | | | | WEB-POLICY-23-001 | BLOCKED | 2025-10-29 | SPRINT_215_web_iv | BE-Base Platform Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement API endpoints for creating/listing/fetching policy packs and revisions (`/policy/packs`, `/policy/packs/{id}/revisions`) with pagination, RBAC, and AOC metadata exposure. (Tracked via Sprint 18.5 gateway tasks.). Dependencies: WEB-POLICY-20-004. | | | | WEB-POLICY-23-002 | BLOCKED | 2025-10-29 | SPRINT_215_web_iv | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add activation endpoint with scope windows, conflict checks, and optional 2-person approval integration; emit events on success. (Tracked via Sprint 18.5 gateway tasks.). Dependencies: WEB-POLICY-23-001. | | | | WEB-POLICY-23-003 | TODO | | SPRINT_215_web_iv | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Provide `/policy/simulate` and `/policy/evaluate` endpoints with streaming responses, rate limiting, and error mapping. Dependencies: WEB-POLICY-23-002. | | | | WEB-POLICY-23-004 | TODO | | SPRINT_215_web_iv | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose explain history endpoints (`/policy/runs`, `/policy/runs/{id}`) including decision tree, sources consulted, and AOC chain. Dependencies: WEB-POLICY-23-003. | | | | WEB-POLICY-27-001 | TODO | | SPRINT_215_web_iv | BE-Base Platform Guild | src/Web/StellaOps.Web | Surface Policy Registry APIs (`/policy/workspaces`, `/policy/versions`, `/policy/reviews`, `/policy/registry`) through gateway with tenant scoping, RBAC, and request validation; ensure streaming downloads for evidence bundles. Dependencies: WEB-POLICY-23-004. | Needs registry schema | | | WEB-POLICY-27-002 | TODO | | SPRINT_215_web_iv | BE-Base Platform Guild | src/Web/StellaOps.Web | Implement review lifecycle endpoints (open, comment, approve/reject) with audit headers, comment pagination, and webhook fan-out. Dependencies: WEB-POLICY-27-001. | Depends on 27-001 | | | WEB-POLICY-27-003 | TODO | | SPRINT_215_web_iv | Platform Reliability Guild | src/Web/StellaOps.Web | Expose quick/batch simulation endpoints with SSE progress (`/policy/simulations/{runId}/stream`), cursor-based result pagination, and manifest download routes. Dependencies: WEB-POLICY-27-002. | Needs 27-002 | | | WEB-POLICY-27-004 | TODO | | SPRINT_215_web_iv | BE/Security Guild | src/Web/StellaOps.Web | Add publish/sign/promote/rollback endpoints with idempotent request IDs, canary parameters, and environment bindings; enforce scope checks and emit structured events. Dependencies: WEB-POLICY-27-003. | Depends on 27-003 | | | WEB-POLICY-27-005 | TODO | | SPRINT_215_web_iv | BE/Observability Guild | src/Web/StellaOps.Web | Instrument metrics/logs for compile latency, simulation queue depth, approval latency, promotion actions; expose aggregated dashboards and correlation IDs for Console. Dependencies: WEB-POLICY-27-004. | Needs 27-004 metrics | | | WEB-RISK-66-001 | TODO | | SPRINT_216_web_v | BE-Base Platform Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose risk profile/results endpoints through gateway with tenant scoping, pagination, and rate limiting. | | | | WEB-RISK-66-002 | TODO | | SPRINT_216_web_v | BE-Base Platform Guild, Risk Engine Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add signed URL handling for explanation blobs and enforce scope checks. Dependencies: WEB-RISK-66-001. | | | | WEB-RISK-67-001 | TODO | | SPRINT_216_web_v | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Provide aggregated risk stats (`/risk/status`) for Console dashboards (counts per severity, last computation). Dependencies: WEB-RISK-66-002. | | | | WEB-RISK-68-001 | TODO | | SPRINT_216_web_v | BE-Base Platform Guild, Notifications Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Emit events on severity transitions via gateway to notifier bus with trace metadata. Dependencies: WEB-RISK-67-001. | | | | WEB-SIG-26-001 | TODO | | SPRINT_216_web_v | BE-Base Platform Guild, Signals Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Surface `/signals/callgraphs`, `/signals/facts` read/write endpoints with pagination, ETags, and RBAC. | | | | WEB-SIG-26-002 | TODO | | SPRINT_216_web_v | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Extend `/policy/effective` and `/vuln/explorer` responses to include reachability scores/states and allow filtering. Dependencies: WEB-SIG-26-001. | | | | WEB-SIG-26-003 | TODO | | SPRINT_216_web_v | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add reachability override parameters to `/policy/simulate` and related APIs for what-if analysis. Dependencies: WEB-SIG-26-002. | | | | WEB-TEN-47-001 | TODO | | SPRINT_216_web_v | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement JWT verification, tenant activation from headers, scope matching, and decision audit emission for all API endpoints. | | | | WEB-TEN-48-001 | TODO | | SPRINT_216_web_v | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Set DB session `stella.tenant_id`, enforce tenant/project checks on persistence, prefix object storage paths, and stamp audit metadata. Dependencies: WEB-TEN-47-001. | | | | WEB-TEN-49-001 | TODO | | SPRINT_216_web_v | BE-Base Platform Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Integrate optional ABAC overlay with Policy Engine, expose `/audit/decisions` API, and support service token minting endpoints. Dependencies: WEB-TEN-48-001. | | | | WEB-VEX-30-007 | TODO | | SPRINT_216_web_v | BE-Base Platform Guild, VEX Lens Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Route `/vex/consensus` APIs with tenant RBAC/ABAC, caching, and streaming; surface telemetry and trace IDs without gateway-side overlay logic. | | | | WEB-VULN-29-001 | TODO | | SPRINT_216_web_v | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose `/vuln/*` endpoints via gateway with tenant scoping, RBAC/ABAC enforcement, anti-forgery headers, and request logging. | | | | WEB-VULN-29-002 | TODO | | SPRINT_216_web_v | BE-Base Platform Guild, Findings Ledger Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Forward workflow actions to Findings Ledger with idempotency headers and correlation IDs; handle retries/backoff. Dependencies: WEB-VULN-29-001. | | | | WEB-VULN-29-003 | TODO | | SPRINT_216_web_v | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Provide simulation and export orchestration routes with SSE/progress headers, signed download links, and request budgeting. Dependencies: WEB-VULN-29-002. | | | | WEB-VULN-29-004 | TODO | | SPRINT_216_web_v | BE-Base Platform Guild, Observability Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Emit gateway metrics/logs (latency, error rates, export duration), propagate query hashes for analytics dashboards. Dependencies: WEB-VULN-29-003. | | | | WORKER-21-203 | TODO | | SPRINT_155_scheduler_i | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | | | WORKER-23-101 | TODO | | SPRINT_155_scheduler_i | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | | | WORKER-23-102 | TODO | | SPRINT_155_scheduler_i | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | | | WORKER-25-101 | TODO | | SPRINT_155_scheduler_i | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | | | WORKER-25-102 | TODO | | SPRINT_155_scheduler_i | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | | | WORKER-26-201 | TODO | | SPRINT_155_scheduler_i | Scheduler Worker Guild, Signals Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | | | WORKER-26-202 | TODO | | SPRINT_156_scheduler_ii | Scheduler Worker Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | | | WORKER-27-301 | TODO | | SPRINT_156_scheduler_ii | Scheduler Worker Guild, Policy Registry Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | | | WORKER-27-302 | TODO | | SPRINT_156_scheduler_ii | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | | | WORKER-27-303 | TODO | | SPRINT_156_scheduler_ii | Scheduler Worker Guild, Security Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | | | WORKER-29-001 | TODO | | SPRINT_156_scheduler_ii | Scheduler Worker Guild, Findings Ledger Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | | | WORKER-29-002 | TODO | | SPRINT_156_scheduler_ii | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | | | WORKER-29-003 | TODO | | SPRINT_156_scheduler_ii | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | | | WORKER-CONSOLE-23-201 | TODO | | SPRINT_156_scheduler_ii | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | | | WORKER-CONSOLE-23-202 | TODO | | SPRINT_156_scheduler_ii | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | | | WORKER-GO-32-001 | TODO | | SPRINT_153_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | Bootstrap Go SDK project with configuration binding, auth headers, job claim/acknowledge client, and smoke sample. | | | | WORKER-GO-32-002 | TODO | | SPRINT_153_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | Add heartbeat/progress helpers, structured logging hooks, Prometheus metrics, and jittered retry defaults. Dependencies: WORKER-GO-32-001. | | | | WORKER-GO-33-001 | TODO | | SPRINT_153_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | Implement artifact publish helpers (object storage client, checksum hashing, metadata payload) and idempotency guard. Dependencies: WORKER-GO-32-002. | | | | WORKER-GO-33-002 | TODO | | SPRINT_153_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | Provide error classification/retry helper, exponential backoff controls, and structured failure reporting to orchestrator. Dependencies: WORKER-GO-33-001. | | | | WORKER-GO-34-001 | TODO | | SPRINT_153_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | Add backfill range execution helpers, watermark handshake utilities, and artifact dedupe verification for backfills. Dependencies: WORKER-GO-33-002. | | | | WORKER-PY-32-001 | TODO | | SPRINT_153_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | Bootstrap asyncio-based Python SDK (config, auth headers, job claim/ack) plus sample worker script. | | | | WORKER-PY-32-002 | TODO | | SPRINT_153_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | Implement heartbeat/progress helpers with structured logging, metrics exporter, and cancellation-safe retries. Dependencies: WORKER-PY-32-001. | | | | WORKER-PY-33-001 | TODO | | SPRINT_153_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | Add artifact publish/idempotency helpers (object storage adapters, checksum hashing, metadata payload) for Python workers. Dependencies: WORKER-PY-32-002. | | | | WORKER-PY-33-002 | TODO | | SPRINT_153_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | Provide error classification/backoff helper mapping to orchestrator codes, including jittered retries and structured failure reports. Dependencies: WORKER-PY-33-001. | | | | WORKER-PY-34-001 | TODO | | SPRINT_153_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | Implement backfill range iteration, watermark handshake, and artifact dedupe verification utilities for Python workers. Dependencies: WORKER-PY-33-002. | | | | ZAS-002 | TODO | | SPRINT_400_runtime_facts_static_callgraph_union | Zastava Observer Guild (`src/Zastava/StellaOps.Zastava.Observer`, `docs/modules/zastava/architecture.md`, `docs/reachability/function-level-evidence.md`) | `src/Zastava/StellaOps.Zastava.Observer`, `docs/modules/zastava/architecture.md`, `docs/reachability/function-level-evidence.md` | | | | | ZASTAVA-DOCS-0001 | TODO | | SPRINT_335_docs_modules_zastava | Docs Guild (docs/modules/zastava) | docs/modules/zastava | See ./AGENTS.md | | | | ZASTAVA-ENG-0001 | TODO | | SPRINT_335_docs_modules_zastava | Module Team (docs/modules/zastava) | docs/modules/zastava | Update status via ./AGENTS.md workflow | | | | ZASTAVA-ENV-01 | TODO | | SPRINT_140_runtime_signals | | | Observer adoption of Surface.Env helpers paused while Surface.FS cache contract finalizes. | | | | ZASTAVA-ENV-02 | TODO | | SPRINT_140_runtime_signals | | | Webhook helper migration follows ENV-01 completion. | | | | ZASTAVA-OPS-0001 | TODO | | SPRINT_335_docs_modules_zastava | Ops Guild (docs/modules/zastava) | docs/modules/zastava | Sync outcomes back to ../.. | | | | ZASTAVA-REACH-201-001 | TODO | | SPRINT_400_runtime_facts_static_callgraph_union | Zastava Observer Guild (`src/Zastava/StellaOps.Zastava.Observer`) | `src/Zastava/StellaOps.Zastava.Observer` | Implement runtime symbol sampling in `StellaOps.Zastava.Observer` (EntryTrace-aware shell AST + build-id capture) and stream ND-JSON batches to Signals `/runtime-facts`, including CAS pointers for traces. Update runbook + config references. | | | | ZASTAVA-SECRETS-01 | TODO | | SPRINT_140_runtime_signals | | | Surface.Secrets wiring for Observer pending published cache endpoints. | | | | ZASTAVA-SECRETS-02 | TODO | | SPRINT_140_runtime_signals | | | Webhook secret retrieval cascades from SECRETS-01 work. | | | | ZASTAVA-SURFACE-01 | TODO | | SPRINT_140_runtime_signals | | | Surface.FS client integration blocked on Scanner layer metadata; tests ready once packages mirror offline dependencies. | | | | ZASTAVA-SURFACE-02 | TODO | | SPRINT_136_scanner_surface | Zastava Observer Guild (src/Zastava/StellaOps.Zastava.Observer) | src/Zastava/StellaOps.Zastava.Observer | Use Surface manifest reader helpers to resolve `cas://` pointers and enrich drift diagnostics with manifest provenance. | SURFACE-FS-02; ZASTAVA-SURFACE-01 | | | guard unit tests` | TODO | | SPRINT_116_concelier_v | QA Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | Add unit tests for schema validators, forbidden-field guards (`ERR_AOC_001/2/6/7`), and supersedes chains to keep ingestion append-only. Depends on CONCELIER-WEB-AOC-19-002. | | | | store wiring` | TODO | | SPRINT_113_concelier_ii | Concelier Storage Guild (src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo) | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | Move large raw payloads to object storage with deterministic pointers, update bootstrapper/offline kit seeds, and guarantee provenance metadata remains intact. Depends on CONCELIER-LNM-21-102. | | NOTY0105 | | Task ID | Status | Status Date | Sprint | Owners | Directory | Task Description | Dependencies | New Sprint Name | | --- | --- | --- | --- | --- | --- | --- | --- | --- | | PROGRAM-STAFF-1001 | TODO | | SPRINT_100_program_management | Program Mgmt Guild | | MIRROR-COORD-55-001 | MIRROR-COORD-55-001 | PGMI0101 | | MIRROR-COORD-55-001 | TODO | | SPRINT_100_program_management | Program Mgmt Guild · Mirror Creator Guild | | — | — | PGMI0101 | | ELOCKER-CONTRACT-2001 | TODO | | SPRINT_200_attestation_coord | Evidence Locker Guild | | — | — | ATEL0101 | | ATTEST-PLAN-2001 | TODO | | SPRINT_200_attestation_coord | Evidence Locker Guild · Excititor Guild | | — | — | ATEL0101 | | FEED-REMEDIATION-1001 | TODO | | SPRINT_110_ingestion_evidence | Concelier Feed Owners | | — | — | FEFC0101 | | MIRROR-DSSE-REV-1501 | TODO | | SPRINT_150_mirror_dsse | Mirror Creator Guild · Security Guild · Evidence Locker Guild | | — | — | ATEL0101 | | AIRGAP-TIME-CONTRACT-1501 | TODO | | SPRINT_150_mirror_time | AirGap Time Guild | | — | — | ATMI0102 | | EXPORT-MIRROR-ORCH-1501 | TODO | | SPRINT_150_mirror_orch | Exporter Guild · CLI Guild | | — | — | ATMI0102 | | AIAI-31-007 | DONE | 2025-11-06 | SPRINT_111_advisoryai | Advisory AI Guild | src/AdvisoryAI/StellaOps.AdvisoryAI | — | — | ADAI0101 | | LEDGER-29-006 | TODO | | SPRINT_120_policy_reasoning | Findings Ledger Guild | | — | — | PLLG0101 | | CARTO-GRAPH-21-002 | TODO | | SPRINT_113_concelier_ii | Cartographer Guild | src/Cartographer/Contracts | ATLN0101 approvals | Task #1 schema freeze | CAGR0101 | | SURFACE-FS-01 | TODO | | SPRINT_136_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | — | — | SCSS0101 | | SURFACE-FS-02 | TODO | | SPRINT_136_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | — | — | SCSS0101 | | SCANNER-ANALYZERS-LANG-10-309 | TODO | | SPRINT_131_scanner_surface | Language Analyzer Guild | | — | — | SCSA0101 | | SCANNER-ANALYZERS-PHP-27-001 | TODO | | SPRINT_131_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | — | — | SCSA0101 | | SCANNER-ENTRYTRACE-18-508 | TODO | | SPRINT_136_scanner_surface | EntryTrace Guild | | — | — | SCSS0101 | | SCANNER-SECRETS-02 | TODO | | SPRINT_136_scanner_surface | Secrets Analyzer Guild | | — | — | SCSS0101 | | SCANNER-SURFACE-01 | TODO | | SPRINT_136_scanner_surface | Scanner Guild | | — | — | SCSS0101 | | SCANNER-ANALYZERS-PHP-27-001 | TODO | | SPRINT_131_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | — | — | SCSA0101 | | SCANNER-ENTRYTRACE-18-508 | TODO | | SPRINT_136_scanner_surface | EntryTrace Guild | | — | — | SCSS0101 | | SCANNER-SECRETS-02 | TODO | | SPRINT_136_scanner_surface | Secrets Analyzer Guild | | — | — | SCSS0101 | | SCANNER-SURFACE-01 | TODO | | SPRINT_136_scanner_surface | Scanner Guild | | — | — | SCSS0101 | | CARTO-GRAPH-21-002 | TODO | | SPRINT_113_concelier_ii | Cartographer Guild | src/Cartographer/Contracts | ATLN0101 approvals | Task #1 schema freeze | CAGR0101 | | POLICY-ENGINE-27-004 | TODO | | SPRINT_124_policy_reasoning | Policy Guild | | — | — | PLPE0102 | | --JOB-ORCHESTRATOR-DOCS-0001 | TODO | | SPRINT_323_docs_modules_orchestrator | Docs Guild (docs/modules/orchestrator) | docs/modules/orchestrator | ORGR0102 outline | | DOOR0101 | | --JOB-ORCHESTRATOR-ENG-0001 | TODO | | SPRINT_323_docs_modules_orchestrator | Module Team (docs/modules/orchestrator) | docs/modules/orchestrator | ORGR0102 outline | | DOOR0101 | | --JOB-ORCHESTRATOR-OPS-0001 | TODO | | SPRINT_323_docs_modules_orchestrator | Ops Guild (docs/modules/orchestrator) | docs/modules/orchestrator | DOOR0101 doc structure | | DOOR0101 | | 24-001 | DONE | 2025-11-09 | SPRINT_140_runtime_signals | Signals Guild | src/Signals/StellaOps.Signals | — | — | SGSI0101 | | 24-002 | DOING | 2025-11-07 | SPRINT_140_runtime_signals | Signals Guild | src/Signals/StellaOps.Signals | Surface cache availability | Surface cache availability | SGSI0101 | | 24-003 | DOING | 2025-11-09 | SPRINT_140_runtime_signals | Signals Guild | src/Signals/StellaOps.Signals | 24-002 + provenance enrichment | 24-002 + provenance enrichment | SGSI0101 | | 24-004 | BLOCKED | 2025-10-27 | SPRINT_140_runtime_signals | Signals Guild | src/Signals/StellaOps.Signals | Authority scopes + 24-003 | Authority scopes + 24-003 | SGSI0101 | | 24-005 | BLOCKED | 2025-10-27 | SPRINT_140_runtime_signals | Signals Guild | src/Signals/StellaOps.Signals | 24-004 scoring outputs | 24-004 scoring outputs | SGSI0101 | | 29-007 | TODO | | SPRINT_120_policy_reasoning | Findings Ledger Guild · Observability Guild | src/Findings/StellaOps.Findings.Ledger | LEDGER-29-006 | LEDGER-29-006 | PLLG0104 | | 29-008 | TODO | | SPRINT_120_policy_reasoning | Findings Ledger Guild · QA Guild | src/Findings/StellaOps.Findings.Ledger | 29-007 | LEDGER-29-007 | PLLG0104 | | 29-009 | TODO | | SPRINT_120_policy_reasoning | Findings Ledger Guild · DevOps Guild | src/Findings/StellaOps.Findings.Ledger | 29-008 | LEDGER-29-008 | PLLG0104 | | 30-001 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | — | — | PLVL0102 | | 30-002 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-001 | VEXLENS-30-001 | PLVL0102 | | 30-003 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild · Issuer Directory Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-002 | VEXLENS-30-002 | PLVL0102 | | 30-004 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild · Policy Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-003 | VEXLENS-30-003 | PLVL0102 | | 30-005 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-004 | VEXLENS-30-004 | PLVL0102 | | 30-006 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild · Findings Ledger Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-005 | VEXLENS-30-005 | PLVL0102 | | 30-007 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-006 | VEXLENS-30-006 | PLVL0102 | | 30-008 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild · Policy Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-007 | VEXLENS-30-007 | PLVL0102 | | 30-009 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild · Observability Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-008 | VEXLENS-30-008 | PLVL0102 | | 30-010 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild · QA Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-009 | VEXLENS-30-009 | PLVL0102 | | 30-011 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild · DevOps Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-010 | VEXLENS-30-010 | PLVL0103 | | 31-008 | TODO | | SPRINT_110_ingestion_evidence | Advisory AI Guild | src/AdvisoryAI/StellaOps.AdvisoryAI | AIAI-31-006; AIAI-31-007 | AIAI-31-006; AIAI-31-007 | ADAI0101 | | 31-009 | DONE | 2025-11-12 | SPRINT_110_ingestion_evidence | Advisory AI Guild | src/AdvisoryAI/StellaOps.AdvisoryAI | — | — | ADAI0101 | | 34-101 | TODO | | SPRINT_120_policy_reasoning | Findings Ledger Guild | src/Findings/StellaOps.Findings.Ledger | 29-009 | LEDGER-29-009 | PLLG0104 | | 401-004 | TODO | | SPRINT_401_reachability_evidence_chain | Replay Core Guild | `src/__Libraries/StellaOps.Replay.Core` | Signals facts stable (SGSI0101) | Signals facts stable (SGSI0101) | RPRC0101 | | 41-001 | TODO | | SPRINT_157_taskrunner_i | Task Runner Guild | src/TaskRunner/StellaOps.TaskRunner | — | — | ORTR0101 | | 44-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild · DevEx Guild (ops/deployment) | ops/deployment | — | — | DVDO0103 | | 44-002 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild (ops/deployment) | ops/deployment | 44-001 | 44-001 | DVDO0103 | | 44-003 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild · Docs Guild (ops/deployment) | ops/deployment | 44-002 | 44-002 | DVDO0103 | | 45-001 | TODO | | SPRINT_502_ops_deployment_ii | Deployment Guild (ops/deployment) | ops/deployment | 44-003 | 44-003 | DVDO0103 | | 45-002 | TODO | | SPRINT_502_ops_deployment_ii | Deployment Guild · Security Guild (ops/deployment) | ops/deployment | 45-001 | 45-001 | DVDO0103 | | 45-003 | TODO | | SPRINT_502_ops_deployment_ii | Deployment Guild · Observability Guild (ops/deployment) | ops/deployment | 45-002 | 45-002 | DVDO0103 | | 50-002 | DOING | | SPRINT_170_notifications_telemetry | Telemetry Core Guild | src/Telemetry/StellaOps.Telemetry.Core | SGSI0101 feed availability | SGSI0101 feed availability | TLTY0101 | | 51-002 | TODO | | SPRINT_170_notifications_telemetry | Telemetry Core Guild · Observability Guild · Security Guild | src/Telemetry/StellaOps.Telemetry.Core | OBS-50 baselines | OBS-50 baselines | TLTY0101 | | 54-001 | TODO | | SPRINT_110_ingestion_evidence | Exporter Guild · AirGap Time Guild · CLI Guild | | Await PGMI0101 staffing confirmation | PROGRAM-STAFF-1001 | AGCO0101 | | 56-001 | TODO | | SPRINT_170_notifications_telemetry | Telemetry Core Guild · Observability Guild | src/Telemetry/StellaOps.Telemetry.Core | SGSI0101 provenance | SGSI0101 provenance | TLTY0101 | | 58 series | TODO | | SPRINT_120_policy_reasoning | Findings Ledger Guild · AirGap Guilds · Evidence Locker Guild | src/Findings/StellaOps.Findings.Ledger | | | PLLG0102 | | 61-001 | TODO | | SPRINT_511_api | API Governance Guild | src/Api/StellaOps.Api.Governance | — | — | APIG0101 | | 61-002 | TODO | | SPRINT_511_api | API Governance Guild | src/Api/StellaOps.Api.Governance | 61-001 | 61-001 | APIG0101 | | 62-001 | TODO | | SPRINT_206_devportal | DevPortal Guild | src/DevPortal/StellaOps.DevPortal.Site | APIG0101 outputs | APIG0101 outputs | DEVL0101 | | 62-002 | TODO | | SPRINT_206_devportal | DevPortal Guild | src/DevPortal/StellaOps.DevPortal.Site | 62-001 | 62-001 | DEVL0101 | | 63-001 | TODO | | SPRINT_206_devportal | DevPortal Guild · Platform Guild | src/DevPortal/StellaOps.DevPortal.Site | 62-002 | 62-002 | DEVL0101 | | 63-002 | TODO | | SPRINT_206_devportal | DevPortal Guild · SDK Generator Guild | src/DevPortal/StellaOps.DevPortal.Site | 63-001 | 63-001 | DEVL0101 | | 63-003 | TODO | | SPRINT_208_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | APIG0101 outputs | APIG0101 outputs | SDKG0101 | | 63-004 | TODO | | SPRINT_208_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | 63-003 | 63-003 | SDKG0101 | | 64-001 | TODO | | SPRINT_206_devportal | DevPortal Guild · Export Center Guild | src/DevPortal/StellaOps.DevPortal.Site | Export profile review | Export profile review | DEVL0101 | | 64-002 | TODO | | SPRINT_160_export_evidence | DevPortal Offline + AirGap Controller Guilds | docs/modules/export-center/devportal-offline.md | Wait for Mirror staffing confirmation (001_PGMI0101) | Wait for Mirror staffing confirmation (001_PGMI0101) | DEVL0102 | | 73-001 | DONE | 2025-11-03 | SPRINT_100_identity_signing | KMS Guild | src/__Libraries/StellaOps.Cryptography.Kms | Staffing + DSSE contract (PGMI0101, ATEL0101) | Staffing + DSSE contract (PGMI0101, ATEL0101) | KMSI0101 | | 73-002 | DONE | 2025-11-03 | SPRINT_100_identity_signing | KMS Guild | src/__Libraries/StellaOps.Cryptography.Kms | Depends on #1, FIDO2 profile | FIDO2 | KMSI0101 | | ADVISORY-AI-DOCS-0001 | TODO | | SPRINT_312_docs_modules_advisory_ai | Docs Guild (docs/modules/advisory-ai) | docs/modules/advisory-ai | Align with ./AGENTS.md | — | DOAI0101 | | AI-DOCS-0001 | TODO | | SPRINT_312_docs_modules_advisory_ai | Docs Guild (docs/modules/advisory-ai) | docs/modules/advisory-ai | — | — | DOAI0101 | | AI-OPS-0001 | TODO | | SPRINT_312_docs_modules_advisory_ai | Ops Guild (docs/modules/advisory-ai) | docs/modules/advisory-ai | — | — | DOAI0101 | | AIAI-31-001 | DONE | 2025-11-09 | SPRINT_110_ingestion_evidence | Excititor Web/Core Guilds | src/AdvisoryAI/StellaOps.AdvisoryAI | Validate Excititor hand-off replay | Validate Excititor hand-off replay | ADAI0102 | | AIAI-31-002 | DOING | | SPRINT_110_ingestion_evidence | Concelier Core · Concelier WebService Guilds | src/AdvisoryAI/StellaOps.AdvisoryAI | Needs CONCELIER-GRAPH-21-001..002 unblock | CONCELIER-GRAPH-21-001; CARTO-GRAPH-21-002 | ADAI0102 | | AIAI-31-003 | DONE | 2025-11-12 | SPRINT_110_ingestion_evidence | Concelier Observability Guild | src/AdvisoryAI/StellaOps.AdvisoryAI | Await observability evidence upload | Await observability evidence upload | ADAI0102 | | AIAI-31-004 | DOING | | SPRINT_110_ingestion_evidence | Docs Guild · Console Guild | | CONSOLE-VULN-29-001; CONSOLE-VEX-30-001; SBOM-AIAI-31-001 | CONSOLE-VULN-29-001; CONSOLE-VEX-30-001; SBOM-AIAI-31-001 | DOAI0101 | | AIAI-31-005 | BLOCKED | | SPRINT_110_ingestion_evidence | Docs Guild | | DOCS-AIAI-31-004; CLI-VULN-29-001; CLI-VEX-30-001; POLICY-ENGINE-31-001; DEVOPS-AIAI-31-001 | DOCS-AIAI-31-004; CLI-VULN-29-001; CLI-VEX-30-001; POLICY-ENGINE-31-001; DEVOPS-AIAI-31-001 | DOAI0101 | | AIAI-31-006 | DONE | 2025-11-13 | SPRINT_111_advisoryai | Docs Guild, Policy Guild (docs) | | — | — | DOAI0101 | | AIAI-31-008 | TODO | | SPRINT_110_ingestion_evidence | Advisory AI Guild | | Remote inference packaging queued behind policy knob work. | AIAI-31-006; AIAI-31-007 | DOAI0101 | | AIAI-31-009 | DONE | 2025-11-12 | SPRINT_110_ingestion_evidence | Advisory AI Guild | | Regression suite + `AdvisoryAI:Guardrails` config landed with perf budgets. | — | DOAI0101 | | AIRGAP-46-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild · Offline Kit Guild | ops/deployment | Needs Mirror staffing + DSSE plan (001_PGMI0101, 002_ATEL0101) | Needs Mirror staffing + DSSE plan (001_PGMI0101, 002_ATEL0101) | AGDP0101 | | AIRGAP-56 | TODO | | SPRINT_110_ingestion_evidence | Excititor Guild · AirGap Guilds | docs/modules/airgap/airgap-mode.md | Needs Link-Not-Merge schema from 005_ATLN0101 | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | AGCO0101 | | AIRGAP-56-001 | TODO | | SPRINT_110_ingestion_evidence | Exporter Guild · AirGap Time Guild · CLI Guild | docs/modules/airgap/airgap-mode.md | Dependent on #2 + AirGap Time contract | PROGRAM-STAFF-1001 | AGCO0101 | | AIRGAP-56-001..58-001 | TODO | | SPRINT_110_ingestion_evidence | Concelier Core · AirGap Guilds | docs/modules/airgap/airgap-mode.md | Requires #3 plus Evidence Locker contract | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ELOCKER-CONTRACT-2001 | AGCO0101 | | AIRGAP-56-002 | DONE | | SPRINT_170_notifications_telemetry | Notifications Service Guild · DevOps Guild | src/Notify/StellaOps.Notify | | | NOTY0101 | | AIRGAP-56-003 | TODO | | SPRINT_301_docs_tasks_md_i | Docs Guild · Exporter Guild | docs/modules/airgap | DOCS-AIRGAP-56-002 | DOCS-AIRGAP-56-002 | AIDG0101 | | AIRGAP-56-004 | TODO | | SPRINT_301_docs_tasks_md_i | Docs Guild · Deployment Guild | docs/modules/airgap | AIRGAP-56-003 | DOCS-AIRGAP-56-003 | AIDG0101 | | AIRGAP-57 | TODO | | SPRINT_110_ingestion_evidence | Excititor Guild · AirGap Guilds | docs/modules/airgap/airgap-mode.md | Needs AirGap staffing (#1) and ATTEST-PLAN-2001 | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | AGCO0101 | | AIRGAP-57-001 | DONE | 2025-11-08 | SPRINT_100_identity_signing | Authority Core & Security Guild, DevOps Guild (src/Authority/StellaOps.Authority) | src/Authority/StellaOps.Authority | | AUTH-AIRGAP-56-001; DEVOPS-AIRGAP-57-002 | KMSI0101 | | AIRGAP-57-002 | DOING | 2025-11-08 | SPRINT_503_ops_devops_i | DevOps Guild, Authority Guild (ops/devops) | ops/devops | | | DVDO0101 | | AIRGAP-57-003 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild · CLI Guild | docs/modules/airgap | CLI & ops inputs | CLI & ops inputs | AIDG0101 | | AIRGAP-57-004 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild · Ops Guild | docs/modules/airgap | AIRGAP-57-003 | AIRGAP-57-003 | AIDG0101 | | AIRGAP-58 | TODO | | SPRINT_110_ingestion_evidence | Excititor Guild · AirGap Guilds | docs/modules/airgap/airgap-mode.md | Depends on Concelier graph schema (005_ATLN0101) | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | AGCO0101 | | AIRGAP-58-001 | TODO | | SPRINT_112_concelier_i | Concelier Core Guild · Evidence Locker Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | | | AGCN0101 | | AIRGAP-58-002 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild, Security Guild (docs) | docs/modules/airgap | | | AIDG0101 | | AIRGAP-58-003 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild, DevEx Guild (docs) | docs/modules/airgap | | | AIDG0101 | | AIRGAP-58-004 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild, Evidence Locker Guild (docs) | docs/modules/airgap | | | AIDG0101 | | AIRGAP-CTL-56-001 | TODO | | SPRINT_510_airgap | AirGap Controller Guild | src/AirGap/StellaOps.AirGap.Controller | Implement `airgap_state` persistence, seal/unseal state machine, and Authority scope checks (`airgap:seal`, `airgap:status:read`). | ATLN0101 review | AGCT0101 | | AIRGAP-CTL-56-002 | TODO | | SPRINT_510_airgap | AirGap Controller Guild · DevOps Guild | src/AirGap/StellaOps.AirGap.Controller | Expose `GET /system/airgap/status`, `POST /system/airgap/seal`, integrate policy hash validation, and return staleness/time anchor placeholders. Dependencies: AIRGAP-CTL-56-001. | AIRGAP-CTL-56-001 | AGCT0101 | | AIRGAP-CTL-57-001 | TODO | | SPRINT_510_airgap | AirGap Controller Guild | src/AirGap/StellaOps.AirGap.Controller | Add startup diagnostics that block application run when sealed flag set but egress policies missing; emit audit + telemetry. Dependencies: AIRGAP-CTL-56-002. | AIRGAP-CTL-56-002 | AGCT0101 | | AIRGAP-CTL-57-002 | TODO | | SPRINT_510_airgap | AirGap Controller Guild · Observability Guild | src/AirGap/StellaOps.AirGap.Controller | Instrument seal/unseal events with trace/log fields and timeline emission (`airgap.sealed`, `airgap.unsealed`). Dependencies: AIRGAP-CTL-57-001. | AIRGAP-CTL-57-001 | AGCT0101 | | AIRGAP-CTL-58-001 | TODO | | SPRINT_510_airgap | AirGap Controller Guild · AirGap Time Guild | src/AirGap/StellaOps.AirGap.Controller | Persist time anchor metadata, compute drift seconds, and surface staleness budgets in status API. Dependencies: AIRGAP-CTL-57-002. | AIRGAP-CTL-57-002 | AGCT0101 | | AIRGAP-DEVPORT-64-001 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild · DevPortal Offline Guild | docs/modules/export-center/devportal-offline.md | Depends on 071_AGCO0101 manifest decisions | Depends on 071_AGCO0101 manifest decisions | DEVL0102 | | AIRGAP-IMP-56-001 | TODO | | SPRINT_510_airgap | AirGap Importer Guild | src/AirGap/StellaOps.AirGap.Importer | Implement DSSE verification helpers, TUF metadata parser (`root.json`, `snapshot.json`, `timestamp.json`), and Merkle root calculator. | ATLN0101 approvals | AGIM0101 | | AIRGAP-IMP-56-002 | TODO | | SPRINT_510_airgap | AirGap Importer Guild · Security Guild | src/AirGap/StellaOps.AirGap.Importer | Introduce root rotation policy validation (dual approval) and signer trust store management. Dependencies: AIRGAP-IMP-56-001. | AIRGAP-IMP-56-001 | AGIM0101 | | AIRGAP-IMP-57-001 | TODO | | SPRINT_510_airgap | AirGap Importer Guild | src/AirGap/StellaOps.AirGap.Importer | Write `bundle_catalog` and `bundle_items` repositories with RLS + deterministic migrations. Dependencies: AIRGAP-IMP-56-002. | Importer infra | AGIM0101 | | AIRGAP-IMP-57-002 | TODO | | SPRINT_510_airgap | AirGap Importer Guild · DevOps Guild | src/AirGap/StellaOps.AirGap.Importer | Implement object-store loader storing artifacts under tenant/global mirror paths with Zstandard decompression and checksum validation. Dependencies: AIRGAP-IMP-57-001. | 57-001 | AGIM0101 | | AIRGAP-IMP-58-001 | TODO | | SPRINT_510_airgap | AirGap Importer Guild · CLI Guild | src/AirGap/StellaOps.AirGap.Importer | Implement API (`POST /airgap/import`, `/airgap/verify`) and CLI commands wiring verification + catalog updates, including diff preview. Dependencies: AIRGAP-IMP-57-002. | CLI contract alignment | AGIM0101 | | AIRGAP-IMP-58-002 | TODO | | SPRINT_510_airgap | AirGap Importer Guild · Observability Guild | src/AirGap/StellaOps.AirGap.Importer | Emit timeline events (`airgap.import.started. Dependencies: AIRGAP-IMP-58-001. | 58-001 observability | AGIM0101 | | AIRGAP-TIME-57-001 | TODO | | SPRINT_110_ingestion_evidence | Exporter Guild · AirGap Time Guild · CLI Guild | | PROGRAM-STAFF-1001; AIRGAP-TIME-CONTRACT-1501 | PROGRAM-STAFF-1001; AIRGAP-TIME-CONTRACT-1501 | ATMI0102 | | AIRGAP-TIME-57-002 | TODO | | SPRINT_510_airgap | AirGap Time Guild · Observability Guild | src/AirGap/StellaOps.AirGap.Time | Add telemetry counters for time anchors (`airgap_time_anchor_age_seconds`) and alerts for approaching thresholds. Dependencies: AIRGAP-TIME-57-001. | Controller schema | AGTM0101 | | AIRGAP-TIME-58-001 | TODO | | SPRINT_510_airgap | AirGap Time Guild | src/AirGap/StellaOps.AirGap.Time | Persist drift baseline, compute per-content staleness (advisories, VEX, policy) based on bundle metadata, and surface through controller status API. Dependencies: AIRGAP-TIME-57-002. | 57-002 | AGTM0101 | | AIRGAP-TIME-58-002 | TODO | | SPRINT_510_airgap | AirGap Time Guild, Notifications Guild (src/AirGap/StellaOps.AirGap.Time) | src/AirGap/StellaOps.AirGap.Time | Emit notifications and timeline events when staleness budgets breached or approaching. Dependencies: AIRGAP-TIME-58-001. | | AGTM0101 | | ANALYZERS-DENO-26-001 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Bootstrap analyzer helpers | Bootstrap analyzer helpers | SCSA0201 | | ANALYZERS-DENO-26-002 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Depends on #1 | SCANNER-ANALYZERS-DENO-26-001 | SCSA0201 | | ANALYZERS-DENO-26-003 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Depends on #2 | SCANNER-ANALYZERS-DENO-26-002 | SCSA0201 | | ANALYZERS-DENO-26-004 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Depends on #3 | SCANNER-ANALYZERS-DENO-26-003 | SCSA0201 | | ANALYZERS-DENO-26-005 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Depends on #4 | SCANNER-ANALYZERS-DENO-26-004 | SCSA0201 | | ANALYZERS-DENO-26-006 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Depends on #5 | SCANNER-ANALYZERS-DENO-26-005 | SCSA0201 | | ANALYZERS-DENO-26-007 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | SCANNER-ANALYZERS-DENO-26-006 | SCANNER-ANALYZERS-DENO-26-006 | SCSA0102 | | ANALYZERS-DENO-26-008 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild, QA Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | SCANNER-ANALYZERS-DENO-26-007 | SCANNER-ANALYZERS-DENO-26-007 | SCSA0102 | | ANALYZERS-DENO-26-009 | TODO | | SPRINT_131_scanner_surface | Deno Analyzer Guild, Signals Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | SCANNER-ANALYZERS-DENO-26-008 | SCANNER-ANALYZERS-DENO-26-008 | SCSA0101 | | ANALYZERS-DENO-26-010 | TODO | | SPRINT_131_scanner_surface | Deno Analyzer Guild, DevOps Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | SCANNER-ANALYZERS-DENO-26-009 | SCANNER-ANALYZERS-DENO-26-009 | SCSA0101 | | ANALYZERS-DENO-26-011 | TODO | | SPRINT_131_scanner_surface | Deno Analyzer Guild · Signals Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Depends on ANALYZERS-DENO-26-010 + telemetry schema | SCANNER-ANALYZERS-DENO-26-010 | SCSA0202 | | ANALYZERS-JAVA-21-005 | TODO | | SPRINT_131_scanner_surface | Java Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | SCANNER-ANALYZERS-JAVA-21-004 | SCANNER-ANALYZERS-JAVA-21-004 | SCSA0301 | | ANALYZERS-JAVA-21-006 | TODO | | SPRINT_131_scanner_surface | Java Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Depends on #1 | SCANNER-ANALYZERS-JAVA-21-005 | SCSA0301 | | ANALYZERS-JAVA-21-007 | TODO | | SPRINT_131_scanner_surface | Java Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Depends on #2 | SCANNER-ANALYZERS-JAVA-21-006 | SCSA0301 | | ANALYZERS-JAVA-21-008 | BLOCKED | 2025-10-27 | SPRINT_131_scanner_surface | Java Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | SCANNER-ANALYZERS-JAVA-21-007 | SCANNER-ANALYZERS-JAVA-21-007 | SCSA0102 | | ANALYZERS-JAVA-21-009 | TODO | | SPRINT_131_scanner_surface | Java Analyzer Guild, QA Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | SCANNER-ANALYZERS-JAVA-21-008 | SCANNER-ANALYZERS-JAVA-21-008 | SCSA0102 | | ANALYZERS-JAVA-21-010 | TODO | | SPRINT_131_scanner_surface | Java Analyzer Guild, Signals Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | SCANNER-ANALYZERS-JAVA-21-009 | SCANNER-ANALYZERS-JAVA-21-009 | SCSA0101 | | ANALYZERS-JAVA-21-011 | TODO | | SPRINT_131_scanner_surface | Java Analyzer Guild · DevOps Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Requires SCANNER-ANALYZERS-JAVA-21-010 + DevOps packaging | SCANNER-ANALYZERS-JAVA-21-010 | SCSA0301 | | ANALYZERS-LANG-11-001 | TODO | | SPRINT_131_scanner_surface | StellaOps.Scanner EPDR Guild · Language Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Requires SCANNER-ANALYZERS-LANG-10-309 artifact | SCANNER-ANALYZERS-LANG-10-309 | SCSA0103 | | ANALYZERS-LANG-11-002 | TODO | | SPRINT_132_scanner_surface | StellaOps.Scanner EPDR Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Depends on #1 for shared metadata | SCANNER-ANALYZERS-LANG-11-001 | SCSA0103 | | ANALYZERS-LANG-11-003 | TODO | | SPRINT_132_scanner_surface | StellaOps.Scanner EPDR Guild · Signals Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Needs #2 plus Signals schema for entry-trace | SCANNER-ANALYZERS-LANG-11-002 | SCSA0103 | | ANALYZERS-LANG-11-004 | TODO | | SPRINT_132_scanner_surface | StellaOps.Scanner EPDR Guild · SBOM Service Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Requires #3 and SBOM service hooks | SCANNER-ANALYZERS-LANG-11-003 | SCSA0103 | | ANALYZERS-LANG-11-005 | TODO | | SPRINT_132_scanner_surface | StellaOps.Scanner EPDR Guild · QA Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Depends on #4 for QA fixtures | SCANNER-ANALYZERS-LANG-11-004 | SCSA0103 | | ANALYZERS-NATIVE-20-001 | TODO | | SPRINT_132_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Bootstrap native analyzer helpers | Bootstrap native analyzer helpers | SCSA0401 | | ANALYZERS-NATIVE-20-002 | TODO | | SPRINT_132_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #1 | SCANNER-ANALYZERS-NATIVE-20-001 | SCSA0401 | | ANALYZERS-NATIVE-20-003 | TODO | | SPRINT_132_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #2 | SCANNER-ANALYZERS-NATIVE-20-002 | SCSA0401 | | ANALYZERS-NATIVE-20-004 | TODO | | SPRINT_132_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #3 | SCANNER-ANALYZERS-NATIVE-20-003 | SCSA0401 | | ANALYZERS-NATIVE-20-005 | TODO | | SPRINT_132_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #4 | SCANNER-ANALYZERS-NATIVE-20-004 | SCSA0401 | | ANALYZERS-NATIVE-20-006 | TODO | | SPRINT_132_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #5 | SCANNER-ANALYZERS-NATIVE-20-005 | SCSA0401 | | ANALYZERS-NATIVE-20-007 | TODO | | SPRINT_132_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #6 | SCANNER-ANALYZERS-NATIVE-20-006 | SCSA0401 | | ANALYZERS-NATIVE-20-008 | TODO | | SPRINT_132_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #7 | SCANNER-ANALYZERS-NATIVE-20-007 | SCSA0401 | | ANALYZERS-NATIVE-20-009 | TODO | | SPRINT_132_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #8 | SCANNER-ANALYZERS-NATIVE-20-008 | SCSA0401 | | ANALYZERS-NATIVE-20-010 | TODO | | SPRINT_132_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #9 | SCANNER-ANALYZERS-NATIVE-20-009 | SCSA0401 | | ANALYZERS-NODE-22-001 | TODO | | SPRINT_132_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Bootstrap Node analyzer helper | Bootstrap Node analyzer helper | SCSA0501 | | ANALYZERS-NODE-22-002 | TODO | | SPRINT_132_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #1 | SCANNER-ANALYZERS-NODE-22-001 | SCSA0501 | | ANALYZERS-NODE-22-003 | TODO | | SPRINT_132_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #2 | SCANNER-ANALYZERS-NODE-22-002 | SCSA0501 | | ANALYZERS-NODE-22-004 | TODO | | SPRINT_132_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #3 | SCANNER-ANALYZERS-NODE-22-003 | SCSA0501 | | ANALYZERS-NODE-22-005 | TODO | | SPRINT_132_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #4 | SCANNER-ANALYZERS-NODE-22-004 | SCSA0501 | | ANALYZERS-NODE-22-006 | TODO | | SPRINT_133_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #5 | SCANNER-ANALYZERS-NODE-22-005 | SCSA0501 | | ANALYZERS-NODE-22-007 | TODO | | SPRINT_133_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #6 | SCANNER-ANALYZERS-NODE-22-006 | SCSA0501 | | ANALYZERS-NODE-22-008 | TODO | | SPRINT_133_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #7 | SCANNER-ANALYZERS-NODE-22-007 | SCSA0501 | | ANALYZERS-NODE-22-009 | TODO | | SPRINT_133_scanner_surface | Node Analyzer Guild · QA Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #8 | SCANNER-ANALYZERS-NODE-22-008 | SCSA0501 | | ANALYZERS-NODE-22-010 | TODO | | SPRINT_133_scanner_surface | Node Analyzer Guild · Signals Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #9 | SCANNER-ANALYZERS-NODE-22-009 | SCSA0501 | | ANALYZERS-NODE-22-011 | TODO | | SPRINT_133_scanner_surface | Node Analyzer Guild · DevOps Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on ANALYZERS-NODE-22-010 + DevOps packaging | SCANNER-ANALYZERS-NODE-22-010 | SCSA0502 | | ANALYZERS-NODE-22-012 | TODO | | SPRINT_133_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Needs #1 regression fixtures | SCANNER-ANALYZERS-NODE-22-011 | SCSA0502 | | ANALYZERS-PHP-27-001 | TODO | | SPRINT_133_scanner_surface | PHP Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Analyzer helper bootstrap | Analyzer helper bootstrap | SCSA0601 | | ANALYZERS-PHP-27-002 | TODO | | SPRINT_133_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | SCANNER-ANALYZERS-PHP-27-001 | SCANNER-ANALYZERS-PHP-27-001 | SCSA0101 | | ANALYZERS-PHP-27-003 | TODO | | SPRINT_133_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | SCANNER-ANALYZERS-PHP-27-002 | SCANNER-ANALYZERS-PHP-27-002 | SCSA0101 | | ANALYZERS-PHP-27-004 | TODO | | SPRINT_133_scanner_surface | PHP Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Depends on SCANNER-ANALYZERS-PHP-27-003 | SCANNER-ANALYZERS-PHP-27-003 | SCSA0601 | | ANALYZERS-PHP-27-005 | TODO | | SPRINT_133_scanner_surface | PHP Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Depends on #2 | SCANNER-ANALYZERS-PHP-27-004 | SCSA0601 | | ANALYZERS-PHP-27-006 | TODO | | SPRINT_133_scanner_surface | PHP Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Depends on #3 | SCANNER-ANALYZERS-PHP-27-005 | SCSA0601 | | ANALYZERS-PHP-27-007 | TODO | | SPRINT_133_scanner_surface | PHP Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Depends on #4 | SCANNER-ANALYZERS-PHP-27-006 | SCSA0601 | | ANALYZERS-PHP-27-008 | TODO | | SPRINT_134_scanner_surface | PHP Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Depends on #1 + CLI feedback | SCANNER-ANALYZERS-PHP-27-002 | SCSA0601 | | ANALYZERS-PHP-27-009 | TODO | | SPRINT_134_scanner_surface | PHP Analyzer Guild · QA Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Depends on #5 | SCANNER-ANALYZERS-PHP-27-007 | SCSA0601 | | ANALYZERS-PHP-27-010 | TODO | | SPRINT_134_scanner_surface | PHP Analyzer Guild · Signals Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Depends on #7 | SCANNER-ANALYZERS-PHP-27-009 | SCSA0601 | | ANALYZERS-PHP-27-011 | TODO | | SPRINT_134_scanner_surface | PHP Analyzer Guild, DevOps Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | | SCANNER-ANALYZERS-PHP-27-010 | SCSA0602 | | ANALYZERS-PHP-27-012 | TODO | | SPRINT_134_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | | SCANNER-ANALYZERS-PHP-27-011 | SCSA0602 | | ANALYZERS-PYTHON-23-001 | TODO | | SPRINT_134_scanner_surface | Python Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Analyzer helper bootstrap | Analyzer helper bootstrap | SCSA0701 | | ANALYZERS-PYTHON-23-002 | TODO | | SPRINT_134_scanner_surface | Python Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Depends on #1 | SCANNER-ANALYZERS-PYTHON-23-001 | SCSA0701 | | ANALYZERS-PYTHON-23-003 | TODO | | SPRINT_134_scanner_surface | Python Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Depends on #2 | SCANNER-ANALYZERS-PYTHON-23-002 | SCSA0701 | | ANALYZERS-PYTHON-23-004 | TODO | | SPRINT_134_scanner_surface | Python Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Depends on #3 | SCANNER-ANALYZERS-PYTHON-23-003 | SCSA0701 | | ANALYZERS-PYTHON-23-005 | TODO | | SPRINT_134_scanner_surface | Python Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Depends on #4 | SCANNER-ANALYZERS-PYTHON-23-004 | SCSA0701 | | ANALYZERS-PYTHON-23-006 | TODO | | SPRINT_134_scanner_surface | Python Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Depends on #5 | SCANNER-ANALYZERS-PYTHON-23-005 | SCSA0701 | | ANALYZERS-PYTHON-23-007 | TODO | | SPRINT_134_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | SCANNER-ANALYZERS-PYTHON-23-006 | SCANNER-ANALYZERS-PYTHON-23-006 | SCSA0101 | | ANALYZERS-PYTHON-23-008 | TODO | | SPRINT_134_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | SCANNER-ANALYZERS-PYTHON-23-007 | SCANNER-ANALYZERS-PYTHON-23-007 | SCSA0101 | | ANALYZERS-PYTHON-23-009 | TODO | | SPRINT_134_scanner_surface | Python Analyzer Guild, QA Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | SCANNER-ANALYZERS-PYTHON-23-008 | SCANNER-ANALYZERS-PYTHON-23-008 | SCSA0101 | | ANALYZERS-PYTHON-23-010 | TODO | | SPRINT_134_scanner_surface | Python Analyzer Guild, Signals Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | SCANNER-ANALYZERS-PYTHON-23-009 | SCANNER-ANALYZERS-PYTHON-23-009 | SCSA0102 | | ANALYZERS-PYTHON-23-011 | TODO | | SPRINT_134_scanner_surface | Python Analyzer Guild, DevOps Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | SCANNER-ANALYZERS-PYTHON-23-010 | SCANNER-ANALYZERS-PYTHON-23-010 | SCSA0102 | | ANALYZERS-PYTHON-23-012 | TODO | | SPRINT_135_scanner_surface | Python Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Needs ANALYZERS-PYTHON-23-011 evidence | SCANNER-ANALYZERS-PYTHON-23-011 | SCSA0702 | | ANALYZERS-RUBY-28-001 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Bootstrap helper | Bootstrap helper | SCSA0801 | | ANALYZERS-RUBY-28-002 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #1 | SCANNER-ANALYZERS-RUBY-28-001 | SCSA0801 | | ANALYZERS-RUBY-28-003 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #2 | SCANNER-ANALYZERS-RUBY-28-002 | SCSA0801 | | ANALYZERS-RUBY-28-004 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #3 | SCANNER-ANALYZERS-RUBY-28-003 | SCSA0801 | | ANALYZERS-RUBY-28-005 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #4 | SCANNER-ANALYZERS-RUBY-28-004 | SCSA0801 | | ANALYZERS-RUBY-28-006 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #5 | SCANNER-ANALYZERS-RUBY-28-005 | SCSA0801 | | ANALYZERS-RUBY-28-007 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #6 | SCANNER-ANALYZERS-RUBY-28-006 | SCSA0801 | | ANALYZERS-RUBY-28-008 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #7 | SCANNER-ANALYZERS-RUBY-28-007 | SCSA0801 | | ANALYZERS-RUBY-28-009 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild · QA Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #8 | SCANNER-ANALYZERS-RUBY-28-008 | SCSA0801 | | ANALYZERS-RUBY-28-010 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild · Signals Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #9 | SCANNER-ANALYZERS-RUBY-28-009 | SCSA0801 | | ANALYZERS-RUBY-28-011 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild · DevOps Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on ANALYZERS-RUBY-28-010 | SCANNER-ANALYZERS-RUBY-28-010 | SCSA0802 | | ANALYZERS-RUBY-28-012 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Needs #1 fixtures | SCANNER-ANALYZERS-RUBY-28-011 | SCSA0802 | | AOC-19-001 | TODO | | SPRINT_123_policy_reasoning | Policy Guild | src/Policy/__Libraries/StellaOps.Policy | Review Link-Not-Merge schema | Review Link-Not-Merge schema | PLAO0101 | | AOC-19-002 | TODO | | SPRINT_123_policy_reasoning | Policy Guild | src/Policy/__Libraries/StellaOps.Policy | Depends on #1 | POLICY-AOC-19-001 | PLAO0101 | | AOC-19-003 | TODO | | SPRINT_123_policy_reasoning | Policy Guild | src/Policy/__Libraries/StellaOps.Policy | Depends on #2 | POLICY-AOC-19-002 | PLAO0101 | | AOC-19-004 | TODO | | SPRINT_123_policy_reasoning | Policy Guild | src/Policy/__Libraries/StellaOps.Policy | Depends on #3 | POLICY-AOC-19-003 | PLAO0101 | | AOC-19-101 | TODO | 2025-10-28 | SPRINT_503_ops_devops_i | DevOps Guild | ops/devops | Needs helper definitions from PLAO0101 | Needs helper definitions from PLAO0101 | DVAO0101 | | API-27-001 | TODO | | SPRINT_129_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Governance decision (APIG0101) | Governance decision (APIG0101) | PLAR0101 | | API-27-002 | TODO | | SPRINT_129_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #1 | REGISTRY-API-27-001 | PLAR0101 | | API-27-003 | TODO | | SPRINT_129_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #2 | REGISTRY-API-27-002 | PLAR0101 | | API-27-004 | TODO | | SPRINT_129_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #3 | REGISTRY-API-27-003 | PLAR0101 | | API-27-005 | TODO | | SPRINT_129_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #4 | REGISTRY-API-27-004 | PLAR0101 | | API-27-006 | TODO | | SPRINT_129_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #5 | REGISTRY-API-27-005 | PLAR0101 | | API-27-007 | TODO | | SPRINT_129_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #6 | REGISTRY-API-27-006 | PLAR0101 | | API-27-008 | TODO | | SPRINT_129_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #7 | REGISTRY-API-27-007 | PLAR0101 | | API-27-009 | TODO | | SPRINT_129_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #8 | REGISTRY-API-27-008 | PLAR0101 | | API-27-010 | TODO | | SPRINT_129_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #9 | REGISTRY-API-27-009 | PLAR0101 | | API-28-001 | TODO | | SPRINT_207_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Cartographer schema sign-off | Cartographer schema sign-off | GRAP0101 | | API-28-002 | TODO | | SPRINT_207_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #1 | Depends on #1 | GRAP0101 | | API-28-003 | TODO | | SPRINT_207_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #2 | Depends on #2 | GRAP0101 | | API-28-004 | TODO | | SPRINT_207_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #3 | Depends on #3 | GRAP0101 | | API-28-005 | TODO | | SPRINT_207_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #4 | Depends on #4 | GRAP0101 | | API-28-006 | TODO | | SPRINT_207_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on GRAP0101 base endpoints | Depends on GRAP0101 base endpoints | GRAP0102 | | API-28-007 | TODO | | SPRINT_207_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #1 | Depends on #1 | GRAP0102 | | API-28-008 | TODO | | SPRINT_207_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #2 | Depends on #2 | GRAP0102 | | API-28-009 | TODO | | SPRINT_207_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #3 | Depends on #3 | GRAP0102 | | API-28-010 | TODO | | SPRINT_207_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #4 | Depends on #4 | GRAP0102 | | API-28-011 | TODO | | SPRINT_207_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #5 | Depends on #5 | GRAP0102 | | API-29-001 | TODO | | SPRINT_129_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Governance schema (APIG0101) | Governance schema (APIG0101) | VUAP0101 | | API-29-002 | TODO | | SPRINT_129_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #1 | VULN-API-29-001 | VUAP0101 | | API-29-003 | TODO | | SPRINT_129_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #2 | VULN-API-29-002 | VUAP0101 | | API-29-004 | TODO | | SPRINT_129_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #3 | VULN-API-29-003 | VUAP0101 | | API-29-005 | TODO | | SPRINT_129_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #4 | VULN-API-29-004 | VUAP0101 | | API-29-006 | TODO | | SPRINT_129_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #5 | VULN-API-29-005 | VUAP0101 | | API-29-007 | TODO | | SPRINT_129_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #6 | VULN-API-29-006 | VUAP0101 | | API-29-008 | TODO | | SPRINT_129_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #7 | VULN-API-29-007 | VUAP0101 | | API-29-009 | TODO | | SPRINT_129_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #8 | VULN-API-29-008 | VUAP0101 | | API-29-010 | TODO | | SPRINT_129_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #9 | VULN-API-29-009 | VUAP0101 | | API-29-011 | TODO | | SPRINT_129_policy_reasoning | Vuln Explorer API Guild · CLI Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Requires API-29-010 artifacts | VULN-API-29-010 | VUAP0102 | | APIGOV-61-001 | TODO | | SPRINT_511_api | API Governance Guild | src/Api/StellaOps.Api.Governance | Configure spectral/linters with Stella rules; add CI job failing on violations. | 61-001 | APIG0101 | | APIGOV-61-002 | TODO | | SPRINT_511_api | API Governance Guild | src/Api/StellaOps.Api.Governance | Implement example coverage checker ensuring every operation has at least one request/response example. Dependencies: APIGOV-61-001. | APIGOV-61-001 | APIG0101 | | APIGOV-62-001 | TODO | | SPRINT_511_api | API Governance Guild | src/Api/StellaOps.Api.Governance | Build compatibility diff tool producing additive/breaking reports comparing prior release. Dependencies: APIGOV-61-002. | APIGOV-61-002 | APIG0101 | | APIGOV-62-002 | TODO | | SPRINT_511_api | API Governance Guild · DevOps Guild | src/Api/StellaOps.Api.Governance | Automate changelog generation and publish signed artifacts to `src/Sdk/StellaOps.Sdk.Release` pipeline. Dependencies: APIGOV-62-001. | APIGOV-62-001 | APIG0101 | | APIGOV-63-001 | TODO | | SPRINT_511_api | API Governance Guild · Notifications Guild | src/Api/StellaOps.Api.Governance | Integrate deprecation metadata into Notification Studio templates for API sunset events. Dependencies: APIGOV-62-002. | APIGOV-62-002 | APIG0101 | | ATTEST-01-003 | TODO | | SPRINT_110_ingestion_evidence | Excititor Guild · Evidence Locker Guild | src/Attestor/StellaOps.Attestor | Requires Excititor ingest evidence | EXCITITOR-AIAI-31-002; ELOCKER-CONTRACT-2001 | ATEL0102 | | ATTEST-73-001 | TODO | | SPRINT_110_ingestion_evidence | Concelier Core · Evidence Locker Guild | src/Attestor/StellaOps.Attestor | Depends on #1 + Concelier graph unblock | CONCELIER-AIAI-31-002; ELOCKER-CONTRACT-2001 | ATEL0102 | | ATTEST-73-002 | TODO | | SPRINT_110_ingestion_evidence | Concelier Core · Evidence Locker Guild | src/Attestor/StellaOps.Attestor | Depends on #1 + Concelier graph unblock | CONCELIER-AIAI-31-002; ELOCKER-CONTRACT-2001 | ATEL0102 | | ATTEST-73-003 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild · Policy Guild | docs/modules/attestor | Wait for ATEL0102 evidence | Wait for ATEL0102 evidence | DOAT0102 | | ATTEST-73-004 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild · Attestor Service Guild | docs/modules/attestor | Depends on #1 | Depends on #1 | DOAT0102 | | ATTEST-74-001 | DOING | | SPRINT_170_notifications_telemetry | Notifications Service Guild · Attestor Service Guild | src/Notify/StellaOps.Notify | Needs DSSE schema sign-off | Needs DSSE schema sign-off | NOTY0102 | | ATTEST-74-002 | DOING | | SPRINT_170_notifications_telemetry | Notifications Service Guild | src/Notify/StellaOps.Notify | Depends on #1 | Depends on #1 | NOTY0102 | | ATTEST-74-003 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild · Attestor Console Guild | docs/modules/attestor | Depends on NOTY0102 | Depends on NOTY0102 | DOAT0102 | | ATTEST-74-004 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild · CLI Attestor Guild | docs/modules/attestor | Depends on NOTY0102 | Depends on NOTY0102 | DOAT0102 | | ATTEST-75-001 | TODO | | SPRINT_160_export_evidence | Docs Guild · Export Attestation Guild | docs/modules/attestor | Needs Export bundle schema (ECOB0101) | Needs Export bundle schema (ECOB0101) | DOAT0102 | | ATTEST-75-002 | TODO | | SPRINT_160_export_evidence | Docs Guild · Security Guild | docs/modules/attestor | Depends on #5 | Depends on #5 | DOAT0102 | | ATTEST-REPLAY-187-003 | TODO | | SPRINT_187_evidence_locker_cli_integration | Attestor Guild (src/Attestor/StellaOps.Attestor) | `src/Attestor/StellaOps.Attestor`, `docs/modules/attestor/architecture.md` | Wire Attestor/Rekor anchoring for replay manifests and capture verification APIs; extend `docs/modules/attestor/architecture.md` with a replay ledger flow referencing `docs/replay/DETERMINISTIC_REPLAY.md` Section 9. | Align replay payload schema with RPRC0101 | ATRE0101 | | ATTESTOR-DOCS-0001 | DONE | 2025-11-05 | SPRINT_313_docs_modules_attestor | Docs Guild | docs/modules/attestor | Validate that `docs/modules/attestor/README.md` matches the latest release notes and attestation samples. | | DOAT0102 | | ATTESTOR-ENG-0001 | TODO | | SPRINT_313_docs_modules_attestor | Module Team | docs/modules/attestor | Cross-check implementation plan milestones against `/docs/implplan/SPRINT_*.md` and update module readiness checkpoints. | Depends on #1-6 | DOAT0102 | | ATTESTOR-OPS-0001 | TODO | | SPRINT_313_docs_modules_attestor | Ops Guild | docs/modules/attestor | Review runbooks/observability assets after the next sprint demo and capture findings inline with sprint notes. | Depends on #1-6 | DOAT0102 | | AUTH-AIRGAP-57-001 | DONE (2025-11-08) | 2025-11-08 | SPRINT_100_identity_signing | Authority Core & Security Guild, DevOps Guild (src/Authority/StellaOps.Authority) | src/Authority/StellaOps.Authority | Enforce sealed-mode CI gating by refusing token issuance when declared sealed install lacks sealing confirmation. | AUTH-AIRGAP-56-001; DEVOPS-AIRGAP-57-002 | AUIN0101 | | AUTH-CRYPTO-90-001 | DOING | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Authority Core & Security Guild | src/Authority/StellaOps.Authority | Migrate Authority signing/key-loading paths (provider registry + crypto hash) so regional bundles can select sovereign providers per docs/security/crypto-routing-audit-2025-11-07.md. | Finalize sovereign crypto keystore plan | AUIN0101 | | AUTH-DPOP-11-001 | DONE (2025-11-08) | 2025-11-08 | SPRINT_100_identity_signing | Authority Core & Security Guild (src/Authority/StellaOps.Authority) | src/Authority/StellaOps.Authority | DPoP validation now runs for every `/token` grant, interactive tokens inherit `cnf.jkt`/sender claims, and docs/tests document the expanded coverage. | AUTH-AOC-19-002 | AUIN0101 | | AUTH-MTLS-11-002 | DONE (2025-11-08) | 2025-11-08 | SPRINT_100_identity_signing | Authority Core & Security Guild (src/Authority/StellaOps.Authority) | src/Authority/StellaOps.Authority | Refresh grants now enforce the original client certificate, tokens persist `x5t#S256`/hex metadata via shared helper, and docs/JWKS guidance call out the mTLS binding expectations. | AUTH-DPOP-11-001 | AUIN0101 | | AUTH-PACKS-43-001 | DONE (2025-11-09) | 2025-11-09 | SPRINT_100_identity_signing | Authority Core & Security Guild (src/Authority/StellaOps.Authority) | src/Authority/StellaOps.Authority | Enforce pack signing policies, approval RBAC checks, CLI CI token scopes, and audit logging for approvals. | AUTH-PACKS-41-001; TASKRUN-42-001; ORCH-SVC-42-101 | AUIN0101 | | AUTH-REACH-401-005 | TODO | | SPRINT_401_reachability_evidence_chain | Authority & Signer Guilds | `src/Authority/StellaOps.Authority`, `src/Signer/StellaOps.Signer` | Introduce DSSE predicate types for SBOM/Graph/VEX/Replay, plumb signing through Authority + Signer, and mirror statements to Rekor (including PQ variants where required). | Coordinate with replay reachability owners | AUIN0101 | | AUTH-VERIFY-186-007 | TODO | | SPRINT_186_record_deterministic_execution | Authority Guild · Provenance Guild | `src/Authority/StellaOps.Authority`, `src/Provenance/StellaOps.Provenance.Attestation` | Expose an Authority-side verification helper/service that validates DSSE signatures and Rekor proofs for promotion attestations using trusted checkpoints, enabling offline audit flows. | Await PROB0101 provenance harness | AUIN0101 | | AUTHORITY-DOCS-0001 | TODO | | SPRINT_314_docs_modules_authority | Docs Guild (docs/modules/authority) | docs/modules/authority | See ./AGENTS.md | Wait for AUIN0101 sign-off | DOAU0101 | | AUTHORITY-ENG-0001 | TODO | | SPRINT_314_docs_modules_authority | Module Team (docs/modules/authority) | docs/modules/authority | Update status via ./AGENTS.md workflow | Depends on #1 | DOAU0101 | | AUTHORITY-OPS-0001 | TODO | | SPRINT_314_docs_modules_authority | Ops Guild (docs/modules/authority) | docs/modules/authority | Sync outcomes back to ../.. | Depends on #1 | DOAU0101 | | AUTO-401-019 | TODO | | SPRINT_401_reachability_evidence_chain | Benchmarks Guild | `docs/benchmarks/vex-evidence-playbook.md`, `scripts/bench/**` | Align with PROB0101 schema | Align with PROB0101 schema | RBBN0101 | | BACKFILL-401-029 | DOING | | SPRINT_401_reachability_evidence_chain | Platform Guild | `docs/provenance/inline-dsse.md`, `scripts/publish_attestation_with_provenance.sh` | Align output schema with PROB0101 | Align output schema with PROB0101 | RBRE0101 | | BENCH-AUTO-401-019 | TODO | | SPRINT_401_reachability_evidence_chain | Benchmarks Guild | `docs/benchmarks/vex-evidence-playbook.md`, `scripts/bench/**` | Create automation to populate `bench/findings/**`, run baseline scanners (Trivy/Syft/Grype/Snyk/Xray), compute FP/MTTD/repro metrics, and update `results/summary.csv`. | Depends on #1 | RBBN0101 | | BENCH-GRAPH-21-001 | BLOCKED | 2025-10-27 | SPRINT_512_bench | Bench Guild · Graph Platform Guild | src/Bench/StellaOps.Bench | Build graph viewport/path benchmark harness (50k/100k nodes) measuring Graph API/Indexer latency, memory, and tile cache hit rates. *(Executed within Sprint 28 Graph program).* | Wait for CAGR0101 outputs | RBBN0102 | | BENCH-GRAPH-21-002 | BLOCKED | 2025-10-27 | SPRINT_512_bench | Bench Guild · UI Guild | src/Bench/StellaOps.Bench | Add headless UI load benchmark (Playwright) for graph canvas interactions to track render times and FPS budgets. *(Executed within Sprint 28 Graph program).*. Dependencies: BENCH-GRAPH-21-001. | Depends on #1 | RBBN0102 | | BENCH-GRAPH-24-002 | TODO | | SPRINT_512_bench | Bench Guild · UI Guild | src/Bench/StellaOps.Bench | Implement UI interaction benchmarks (filter/zoom/table operations) citing p95 latency; integrate with perf dashboards. Dependencies: BENCH-GRAPH-21-002. | Align with ORTR0101 job metadata | RBBN0102 | | BENCH-IMPACT-16-001 | TODO | | SPRINT_512_bench | Bench Guild · Scheduler Team | src/Bench/StellaOps.Bench | ImpactIndex throughput bench (resolve 10k productKeys) + RAM profile. | Needs Scheduler signals from ORTR0102 | RBBN0102 | | BENCH-POLICY-20-002 | TODO | | SPRINT_512_bench | Bench Guild · Policy Guild | src/Bench/StellaOps.Bench | Add incremental run benchmark measuring delta evaluation vs full; capture SLA compliance. | Wait for PLLG0104 ledger events | RBBN0102 | | BENCH-SIG-26-001 | TODO | | SPRINT_512_bench | Bench Guild · Signals Guild | src/Bench/StellaOps.Bench | Develop benchmark for reachability scoring pipeline (facts/sec, latency, memory) using synthetic callgraphs/runtime batches. | Needs SGSI0101 runtime feed | RBBN0102 | | BENCH-SIG-26-002 | TODO | | SPRINT_512_bench | Bench Guild · Policy Guild | src/Bench/StellaOps.Bench | Measure policy evaluation overhead with reachability cache hot/cold; ensure ≤8 ms p95 added latency. Dependencies: BENCH-SIG-26-001. | Depends on #6 | RBBN0102 | | BUNDLE-401-014 | TODO | | SPRINT_401_reachability_evidence_chain | Symbols Guild | `src/Symbols/StellaOps.Symbols.Bundle` | Needs RBRE0101 provenance payload | Needs RBRE0101 provenance payload | RBSY0101 | | BUNDLE-69-001 | TODO | | SPRINT_164_exportcenter_iii | Risk Bundle Export Guild · Risk Engine Guild | src/ExportCenter/StellaOps.ExportCenter.RiskBundles | Align with ATEL0102 DSSE outputs | Align with ATEL0102 DSSE outputs | RBRB0101 | | BUNDLE-69-002 | TODO | | SPRINT_164_exportcenter_iii | Risk Bundle Export Guild · DevOps Guild | src/ExportCenter/StellaOps.ExportCenter.RiskBundles | Depends on #1 | Depends on #1 | RBRB0101 | | BUNDLE-70-001 | TODO | | SPRINT_164_exportcenter_iii | Risk Bundle Export Guild · CLI Guild | src/ExportCenter/StellaOps.ExportCenter.RiskBundles | Needs CLI export contract from CLCI0104 | Needs CLI export contract from CLCI0104 | RBRB0101 | | BUNDLE-70-002 | TODO | | SPRINT_164_exportcenter_iii | Risk Bundle Export Guild · Docs Guild | src/ExportCenter/StellaOps.ExportCenter.RiskBundles | Depends on #3 | Depends on #3 | RBRB0101 | | CAS-401-001 | TODO | | SPRINT_401_reachability_evidence_chain | Scanner Worker Guild | `src/Scanner/StellaOps.Scanner.Worker` | Wait for RBRE0101 DSSE hashes | Wait for RBRE0101 DSSE hashes | CASC0101 | | CCCS-02-009 | TODO | | SPRINT_117_concelier_vi | Concelier Connector Guild – CCCS | src/Concelier/__Libraries/StellaOps.Concelier.Connector.Cccs | Implement restart-safe watermark + schema tests. | Confirm CCCS ingest watermark | CCFD0101 | | CENTER-ENG-0001 | TODO | | SPRINT_320_docs_modules_export_center | Module Team · Export Center Guild | docs/modules/export-center | Wait for RBRB0101 bundle sample | Wait for RBRB0101 bundle sample | DOEC0101 | | CENTER-OPS-0001 | TODO | | SPRINT_320_docs_modules_export_center | Ops Guild · Export Center Guild | docs/modules/export-center | Depends on #1 | Depends on #1 | DOEC0101 | | CERTBUND-02-010 | TODO | | SPRINT_117_concelier_vi | Concelier Connector Guild – CertBund | src/Concelier/__Libraries/StellaOps.Concelier.Connector.CertBund | Update parser + CAS hashing. | Align with German CERT schema changes | CCFD0101 | | CISCO-02-009 | DOING | 2025-11-08 | SPRINT_117_concelier_vi | Concelier Connector Guild – Cisco | src/Concelier/__Libraries/StellaOps.Concelier.Connector.Vndr.Cisco | Harden retry + provenance logging. | Needs vendor API tokens rotated | CCFD0101 | | CLI-0001 | DONE | 2025-11-10 | SPRINT_138_scanner_ruby_parity | CLI Guild, Ruby Analyzer Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | SCANNER-ENG-0019 | SCANNER-ENG-0019 | CLCI0101 | | CLI-401-007 | TODO | | SPRINT_401_reachability_evidence_chain | UI & CLI Guilds (`src/Cli/StellaOps.Cli`, `src/UI/StellaOps.UI`) | `src/Cli/StellaOps.Cli`, `src/UI/StellaOps.UI` | — | — | CLCI0101 | | CLI-401-021 | TODO | | SPRINT_401_reachability_evidence_chain | CLI Guild · DevOps Guild (`src/Cli/StellaOps.Cli`, `scripts/ci/attest-*`, `docs/modules/attestor/architecture.md`) | `src/Cli/StellaOps.Cli`, `scripts/ci/attest-*`, `docs/modules/attestor/architecture.md` | — | — | CLCI0101 | | CLI-41-001 | TODO | | SPRINT_303_docs_tasks_md_iii | Docs Guild, DevEx/CLI Guild (docs) | | — | — | CLCI0101 | | CLI-42-001 | TODO | | SPRINT_303_docs_tasks_md_iii | Docs Guild (docs) | | — | — | CLCI0101 | | CLI-43-002 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild, Task Runner Guild (ops/devops) | ops/devops | — | — | CLCI0101 | | CLI-43-003 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild, DevEx/CLI Guild (ops/devops) | ops/devops | — | — | CLCI0101 | | CLI-AIAI-31-001 | TODO | | SPRINT_201_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella advise summarize` command with JSON/Markdown outputs and citation display. | — | CLCI0101 | | CLI-AIAI-31-002 | TODO | | SPRINT_201_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella advise explain` showing conflict narrative and structured rationale. Dependencies: CLI-AIAI-31-001. | — | CLCI0101 | | CLI-AIAI-31-003 | TODO | | SPRINT_201_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella advise remediate` generating remediation plans with `--strategy` filters and file output. Dependencies: CLI-AIAI-31-002. | — | CLCI0101 | | CLI-AIAI-31-004 | TODO | | SPRINT_201_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella advise batch` for summaries/conflicts/remediation with progress + multi-status responses. Dependencies: CLI-AIAI-31-003. | — | CLCI0102 | | CLI-AIRGAP-56-001 | TODO | | SPRINT_110_ingestion_evidence | Exporter Guild · AirGap Time Guild · CLI Guild | | PROGRAM-STAFF-1001 | PROGRAM-STAFF-1001 | ATMI0102 | | CLI-AIRGAP-56-002 | TODO | | SPRINT_201_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Ensure telemetry propagation under sealed mode (no remote exporters) while preserving correlation IDs; add label `AirGapped-Phase-1`. Dependencies: CLI-AIRGAP-56-001. | — | CLCI0102 | | CLI-AIRGAP-57-001 | TODO | | SPRINT_201_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Add `stella airgap import` with diff preview, bundle scope selection (`--tenant`, `--global`), audit logging, and progress reporting. Dependencies: CLI-AIRGAP-56-002. | — | CLCI0102 | | CLI-AIRGAP-57-002 | TODO | | SPRINT_201_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Provide `stella airgap seal. Dependencies: CLI-AIRGAP-57-001. | — | CLCI0102 | | CLI-AIRGAP-58-001 | TODO | | SPRINT_201_cli_i | DevEx/CLI Guild, Evidence Locker Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella airgap export evidence` helper for portable evidence packages, including checksum manifest and verification. Dependencies: CLI-AIRGAP-57-002. | — | CLCI0102 | | CLI-ATTEST-73-001 | TODO | | SPRINT_201_cli_i | CLI Attestor Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella attest sign` (payload selection, subject digest, key reference, output format) using official SDK transport. | — | CLCI0102 | | CLI-ATTEST-73-002 | TODO | | SPRINT_201_cli_i | CLI Attestor Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella attest verify` with policy selection, explainability output, and JSON/table formatting. Dependencies: CLI-ATTEST-73-001. | — | CLCI0102 | | CLI-ATTEST-74-001 | TODO | | SPRINT_201_cli_i | CLI Attestor Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella attest list` with filters (subject, type, issuer, scope) and pagination. Dependencies: CLI-ATTEST-73-002. | — | CLCI0102 | | CLI-ATTEST-74-002 | TODO | | SPRINT_201_cli_i | CLI Attestor Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella attest fetch` to download envelopes and payloads to disk. Dependencies: CLI-ATTEST-74-001. | — | CLCI0102 | | CLI-ATTEST-75-001 | TODO | | SPRINT_201_cli_i | CLI Attestor Guild, KMS Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella attest key create. Dependencies: CLI-ATTEST-74-002. | — | CLCI0102 | | CLI-ATTEST-75-002 | TODO | | SPRINT_201_cli_i | CLI Attestor Guild | src/Cli/StellaOps.Cli | Add support for building/verifying attestation bundles in CLI. Dependencies: CLI-ATTEST-75-001. | Wait for ATEL0102 outputs | CLCI0109 | | CLI-CORE-41-001 | TODO | | SPRINT_202_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement CLI core features: config precedence, profiles/contexts, auth flows, output renderer (json/yaml/table), error mapping, global flags, telemetry opt-in. | — | CLCI0103 | | CLI-DET-01 | TODO | | SPRINT_301_docs_tasks_md_i | Docs Guild · DevEx/CLI Guild | | CLI-SBOM-60-001; CLI-SBOM-60-002 | CLI-SBOM-60-001; CLI-SBOM-60-002 | CLCI0103 | | CLI-DETER-70-003 | TODO | | SPRINT_202_cli_ii | DevEx/CLI Guild, Scanner Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Provide `stella detscore run` that executes the determinism harness locally (fixed clock, seeded RNG, canonical hashes) and writes `determinism.json`, supporting CI/non-zero threshold exit codes (`docs/modules/scanner/determinism-score.md`). | — | CLCI0103 | | CLI-DETER-70-004 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Add `stella detscore report` to summarise published `determinism.json` files (overall score, per-image matrix) and integrate with release notes/air-gap kits (`docs/modules/scanner/determinism-score.md`). Dependencies: CLI-DETER-70-003. | — | CLCI0103 | | CLI-DOCS-0001 | TODO | | SPRINT_316_docs_modules_cli | Docs Guild (docs/modules/cli) | docs/modules/cli | See ./AGENTS.md | — | CLCI0103 | | CLI-EDITOR-401-004 | TODO | | SPRINT_401_reachability_evidence_chain | CLI Guild (`src/Cli/StellaOps.Cli`, `docs/policy/lifecycle.md`) | `src/Cli/StellaOps.Cli`, `docs/policy/lifecycle.md` | Enhance `stella policy` CLI verbs (edit/lint/simulate) to edit Git-backed `.dsl` files, run local coverage tests, and commit SemVer metadata. | — | CLCI0103 | | CLI-ENG-0001 | TODO | | SPRINT_316_docs_modules_cli | Module Team (docs/modules/cli) | docs/modules/cli | Update status via ./AGENTS.md workflow | — | CLCI0103 | | CLI-EXC-25-001 | TODO | | SPRINT_202_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella exceptions list | — | CLCI0103 | | CLI-EXC-25-002 | TODO | | SPRINT_202_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Extend `stella policy simulate` with `--with-exception`/`--without-exception` flags to preview exception impact. Dependencies: CLI-EXC-25-001. | — | CLCI0103 | | CLI-EXPORT-35-001 | BLOCKED | 2025-10-29 | SPRINT_202_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella export profiles | CLCI0103 | CLCI0104 | | CLI-EXPORT-36-001 | TODO | | SPRINT_202_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Add distribution commands (`stella export distribute`, `run download --resume` enhancements) and improved status polling with progress bars. Dependencies: CLI-EXPORT-35-001. | — | CLCI0104 | | CLI-EXPORT-37-001 | TODO | | SPRINT_202_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Provide scheduling (`stella export schedule`), retention, and `export verify` commands performing signature/hash validation. Dependencies: CLI-EXPORT-36-001. | — | CLCI0104 | | CLI-FORENSICS-53-001 | TODO | | SPRINT_202_cli_ii | DevEx/CLI Guild, Evidence Locker Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella forensic snapshot create --case` and `snapshot list/show` commands invoking evidence locker APIs, surfacing manifest digests, and storing local cache metadata. | — | CLCI0104 | | CLI-FORENSICS-54-001 | TODO | | SPRINT_202_cli_ii | DevEx/CLI Guild, Provenance Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Provide `stella forensic verify ` command validating checksums, DSSE signatures, and timeline chain-of-custody. Support JSON/pretty output and exit codes for CI. Dependencies: CLI-FORENSICS-53-001. | — | CLCI0104 | | CLI-FORENSICS-54-002 | TODO | | SPRINT_202_cli_ii | DevEx/CLI Guild, Provenance Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella forensic attest show ` listing attestation details (signer, timestamp, subjects) and verifying signatures. Dependencies: CLI-FORENSICS-54-001. | — | CLCI0104 | | CLI-LNM-22-001 | TODO | | SPRINT_202_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella advisory obs get/linkset show/export` commands with JSON/OSV output, pagination, and conflict display; ensure `ERR_AGG_*` mapping. | — | CLCI0103 | | CLI-LNM-22-002 | TODO | | SPRINT_202_cli_ii | CLI Guild · Concelier Guild | src/Cli/StellaOps.Cli | Implement `stella vex obs get/linkset show` commands with product filters, status filters, and JSON output for CI usage. Dependencies: CLI-LNM-22-001. | Needs CCLN0102 API contract | CLCI0109 | | CLI-NOTIFY-38-001 | BLOCKED | 2025-10-29 | SPRINT_202_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella notify rules | CLCI0103 | CLCI0104 | | CLI-NOTIFY-39-001 | BLOCKED | 2025-10-29 | SPRINT_202_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Add simulation (`stella notify simulate`) and digest commands with diff output and schedule triggering, including dry-run mode. Dependencies: CLI-NOTIFY-38-001. | CLCI0103 | CLCI0104 | | CLI-NOTIFY-40-001 | TODO | | SPRINT_202_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Provide ack token redemption workflow, escalation management, localization previews, and channel health checks. Dependencies: CLI-NOTIFY-39-001. | — | CLCI0104 | | CLI-OBS-50-001 | TODO | | SPRINT_202_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Ensure CLI HTTP client propagates `traceparent` headers for all commands, prints correlation IDs on failure, and records trace IDs in verbose logs (scrubbed). | — | CLCI0104 | | CLI-OBS-51-001 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella obs top` command streaming service health metrics, SLO status, and burn-rate alerts with TUI view and JSON output. Dependencies: CLI-OBS-50-001. | — | CLCI0105 | | CLI-OBS-52-001 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add `stella obs trace ` and `stella obs logs --from/--to` commands that correlate timeline events, logs, and evidence links with pagination + guardrails. Dependencies: CLI-OBS-51-001. | — | CLCI0105 | | CLI-OBS-55-001 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild · DevOps Guild | src/Cli/StellaOps.Cli | Add `stella obs incident-mode enable. Dependencies: CLI-OBS-52-001. | — | CLCI0105 | | CLI-OPS-0001 | TODO | | SPRINT_316_docs_modules_cli | Ops Guild (docs/modules/cli) | docs/modules/cli | Sync outcomes back to ../.. | — | CLCI0105 | | CLI-ORCH-32-001 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella orch sources | ORGR0101 hand-off | CLCI0105 | | CLI-ORCH-33-001 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add action verbs (`sources test. Dependencies: CLI-ORCH-32-001. | ORGR0101 hand-off | CLCI0105 | | CLI-ORCH-34-001 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Provide backfill wizard (`--from/--to --dry-run`), quota management (`quotas get. Dependencies: CLI-ORCH-33-001. | ORGR0102 API review | CLCI0105 | | CLI-PACKS-42-001 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement Task Pack commands (`pack plan/run/push/pull/verify`) with schema validation, expression sandbox, plan/simulate engine, remote execution. | — | CLCI0105 | | CLI-PACKS-43-001 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Deliver advanced pack features (approvals pause/resume, secret injection, localization, man pages, offline cache). Dependencies: CLI-PACKS-42-001. | Offline kit schema sign-off | CLCI0105 | | CLI-PACKS-43-002 | TODO | | SPRINT_508_ops_offline_kit | Offline Kit Guild · Packs Registry Guild | ops/offline-kit | Bundle Task Pack samples, registry mirror seeds, Task Runner configs, and CLI binaries with checksums into Offline Kit. | CLI-PACKS-43-001 | CLCI0105 | | CLI-PARITY-41-001 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Deliver parity command groups (`policy`, `sbom`, `vuln`, `vex`, `advisory`, `export`, `orchestrator`) with `--explain`, deterministic outputs, and parity matrix entries. | — | CLCI0106 | | CLI-PARITY-41-002 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `notify`, `aoc`, `auth` command groups, idempotency keys, shell completions, config docs, and parity matrix export tooling. Dependencies: CLI-PARITY-41-001. | — | CLCI0106 | | CLI-POLICY-20-001 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add `stella policy new | PLPE0101 completion | CLCI0106 | | CLI-POLICY-23-004 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add `stella policy lint` command validating SPL files with compiler diagnostics; support JSON output. Dependencies: CLI-POLICY-20-001. | PLPE0102 readiness | CLCI0106 | | CLI-POLICY-23-006 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Provide `stella policy history` and `stella policy explain` commands to pull run history and explanation trees. Dependencies: CLI-POLICY-23-005. | — | CLCI0106 | | CLI-POLICY-27-001 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement policy workspace commands (`stella policy init`, `edit`, `lint`, `compile`, `test`) with template selection, local cache, JSON output, and deterministic temp directories. Dependencies: CLI-POLICY-23-006. | Ledger API exposure | CLCI0106 | | CLI-POLICY-27-002 | TODO | | SPRINT_204_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add submission/review workflow commands (`stella policy version bump`, `submit`, `review comment`, `approve`, `reject`) supporting reviewer assignment, changelog capture, and exit codes. Dependencies: CLI-POLICY-27-001. | CLI-POLICY-27-001 | CLCI0106 | | CLI-POLICY-27-003 | TODO | | SPRINT_204_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella policy simulate` enhancements (quick vs batch, SBOM selectors, heatmap summary, manifest download) with `--json` and Markdown report output for CI. Dependencies: CLI-POLICY-27-002. | CLI-POLICY-27-002 | CLCI0106 | | CLI-POLICY-27-004 | TODO | | SPRINT_204_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add lifecycle commands for publish/promote/rollback/sign (`stella policy publish --sign`, `promote --env`, `rollback`) with attestation verification and canary arguments. Dependencies: CLI-POLICY-27-003. | CLI-POLICY-27-003 | CLCI0106 | | CLI-POLICY-27-005 | TODO | | SPRINT_204_cli_iv | DevEx/CLI Guild · Docs Guild | src/Cli/StellaOps.Cli | Update CLI reference and samples for Policy Studio including JSON schemas, exit codes, and CI snippets. Dependencies: CLI-POLICY-27-004. | CLI-POLICY-27-004 | CLCI0106 | | CLI-POLICY-27-006 | TODO | | SPRINT_204_cli_iv | CLI Guild · Policy Guild | src/Cli/StellaOps.Cli | Update CLI policy profiles/help text to request the new Policy Studio scope family, surface ProblemDetails guidance for `invalid_scope`, and adjust regression tests for scope failures. Dependencies: CLI-POLICY-27-005. | Depends on #2 | CLCI0109 | | CLI-PROMO-70-001 | TODO | | SPRINT_202_cli_ii | DevEx/CLI Guild · Provenance Guild | src/Cli/StellaOps.Cli | Add `stella promotion assemble` command that resolves image digests, hashes SBOM/VEX artifacts, fetches Rekor proofs from Attestor, and emits the `stella.ops/promotion@v1` JSON payload (see `docs/release/promotion-attestations.md`). | Mirror attestation inputs | CLCI0108 | | CLI-PROMO-70-002 | TODO | | SPRINT_203_cli_iii | CLI Guild · Marketing Guild | src/Cli/StellaOps.Cli | Implement `stella promotion attest` / `promotion verify` commands that sign the promotion payload via Signer, retrieve DSSE bundles from Attestor, and perform offline verification against trusted checkpoints (`docs/release/promotion-attestations.md`). Dependencies: CLI-PROMO-70-001. | Needs revised DSSE plan | CLCI0109 | | CLI-REPLAY-187-002 | TODO | | SPRINT_160_export_evidence | CLI Guild · Replay Guild | `src/Cli/StellaOps.Cli` | CLI Guild · `docs/modules/cli/architecture.md` | Requires RBRE0101 recorder schema | CLCI0109 | | CLI-RISK-66-001 | TODO | | SPRINT_204_cli_iv | DevEx/CLI Guild · Policy Guild | src/Cli/StellaOps.Cli | Implement `stella risk profile list | Ledger scores ready | CLCI0108 | | CLI-RISK-66-002 | TODO | | SPRINT_204_cli_iv | DevEx/CLI Guild · Risk Engine Guild | src/Cli/StellaOps.Cli | Ship `stella risk simulate` supporting SBOM/asset inputs, diff mode, and export to JSON/CSV. Dependencies: CLI-RISK-66-001. | CLI-RISK-66-001 | CLCI0108 | | CLI-RISK-67-001 | TODO | | SPRINT_204_cli_iv | DevEx/CLI Guild · Findings Ledger Guild | src/Cli/StellaOps.Cli | Provide `stella risk results` with filtering, severity thresholds, explainability fetch. Dependencies: CLI-RISK-66-002. | CLI-RISK-66-002 | CLCI0108 | | CLI-RISK-68-001 | TODO | | SPRINT_204_cli_iv | DevEx/CLI Guild · Export Guild | src/Cli/StellaOps.Cli | Add `stella risk bundle verify` and integrate with offline risk bundles. Dependencies: CLI-RISK-67-001. | CLI-RISK-67-001 | CLCI0108 | | CLI-SBOM-60-001 | TODO | | SPRINT_203_cli_iii | CLI Guild · Scanner Guild | src/Cli/StellaOps.Cli | Ship `stella sbomer layer`/`compose` verbs that capture per-layer fragments, run canonicalization, verify fragment DSSE, and emit `_composition.json` + Merkle diagnostics (ref `docs/modules/scanner/deterministic-sbom-compose.md`). Dependencies: CLI-PARITY-41-001, SCANNER-SURFACE-04. | Wait for CASC0101 manifest | CLSB0101 | | CLI-SBOM-60-002 | TODO | | SPRINT_203_cli_iii | CLI Guild | src/Cli/StellaOps.Cli | Add `stella sbomer drift --explain` + `verify` commands that rerun composition locally, highlight which arrays/keys broke determinism, and integrate with Offline Kit bundles. Dependencies: CLI-SBOM-60-001. | Depends on #1 | CLSB0101 | | CLI-SDK-62-001 | TODO | | SPRINT_204_cli_iv | CLI Guild · SDK Guild | src/Cli/StellaOps.Cli | Replace bespoke HTTP clients with official SDK (TS/Go) for all CLI commands; ensure modular transport for air-gapped mode. | Align with SDK generator sprint | CLSB0101 | | CLI-SDK-62-002 | TODO | | SPRINT_204_cli_iv | CLI Guild | src/Cli/StellaOps.Cli | Update CLI error handling to surface standardized API error envelope with `error.code` and `trace_id`. Dependencies: CLI-SDK-62-001. | Depends on #3 | CLSB0101 | | CLI-SDK-63-001 | TODO | | SPRINT_204_cli_iv | CLI Guild | src/Cli/StellaOps.Cli | Expose `stella api spec download` command retrieving aggregate OAS and verifying checksum/ETag. Dependencies: CLI-SDK-62-002. | Needs CAS graph (CASC0101) | CLSB0101 | | CLI-SDK-64-001 | TODO | | SPRINT_204_cli_iv | CLI Guild | src/Cli/StellaOps.Cli | Add CLI subcommand `stella sdk update` to fetch latest SDK manifests/changelogs; integrate with Notifications for deprecations. Dependencies: CLI-SDK-63-001. | Depends on #5 | CLSB0101 | | CLI-SIG-26-001 | TODO | | SPRINT_204_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella reachability upload-callgraph` and `stella reachability list/explain` commands with streaming upload, pagination, and exit codes. | ATEL0101 signing plan | CLCI0108 | | CLI-SIG-26-002 | TODO | | SPRINT_204_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Extend `stella policy simulate` with reachability override flags (`--reachability-state`, `--reachability-score`). Dependencies: CLI-SIG-26-001. | CLI-SIG-26-001 | CLCI0108 | | CLI-TEN-47-001 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella login`, `whoami`, `tenants list`, persistent profiles, secure token storage, and `--tenant` override with validation. | — | CLCI0108 | | CLI-TEN-49-001 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add service account token minting, delegation (`stella token delegate`), impersonation banner, and audit-friendly logging. Dependencies: CLI-TEN-47-001. | CLI-TEN-47-001 | CLCI0108 | | CLI-VEX-30-001 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella vex consensus list` with filters, paging, policy selection, `--json/--csv`. | PLVL0102 completion | CLCI0107 | | CLI-VEX-30-002 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella vex consensus show` displaying quorum, evidence, rationale, signature status. Dependencies: CLI-VEX-30-001. | CLI-VEX-30-001 | CLCI0107 | | CLI-VEX-30-003 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella vex simulate` for trust/threshold overrides with JSON diff output. Dependencies: CLI-VEX-30-002. | CLI-VEX-30-002 | CLCI0107 | | CLI-VEX-30-004 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella vex export` for consensus NDJSON bundles with signature verification helper. Dependencies: CLI-VEX-30-003. | CLI-VEX-30-003 | CLCI0107 | | CLI-VEX-401-011 | TODO | | SPRINT_401_reachability_evidence_chain | CLI Guild | `src/Cli/StellaOps.Cli`, `docs/modules/cli/architecture.md`, `docs/benchmarks/vex-evidence-playbook.md` | Add `stella decision export | Reachability API exposure | CLCI0107 | | CLI-VULN-29-001 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella vuln list` with grouping, paging, filters, `--json/--csv`, and policy selection. | — | CLCI0107 | | CLI-VULN-29-002 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella vuln show` displaying evidence, policy rationale, paths, ledger summary; support `--json` for automation. Dependencies: CLI-VULN-29-001. | CLI-VULN-29-001 | CLCI0107 | | CLI-VULN-29-003 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add workflow commands (`assign`, `comment`, `accept-risk`, `verify-fix`, `target-fix`, `reopen`) with filter selection (`--filter`) and idempotent retries. Dependencies: CLI-VULN-29-002. | CLI-VULN-29-002 | CLCI0107 | | CLI-VULN-29-004 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella vuln simulate` producing delta summaries and optional Markdown report for CI. Dependencies: CLI-VULN-29-003. | CLI-VULN-29-003 | CLCI0107 | | CLI-VULN-29-005 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add `stella vuln export` and `stella vuln bundle verify` commands to trigger/download evidence bundles and verify signatures. Dependencies: CLI-VULN-29-004. | CLI-VULN-29-004 | CLCI0107 | | CLI-VULN-29-006 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild · Docs Guild | src/Cli/StellaOps.Cli | Update CLI docs/examples for Vulnerability Explorer with compliance checklist and CI snippets. Dependencies: CLI-VULN-29-005. | CLI-VULN-29-005 | CLCI0108 | | CLIENT-401-012 | TODO | | SPRINT_401_reachability_evidence_chain | Symbols Guild | `src/Symbols/StellaOps.Symbols.Client`, `src/Scanner/StellaOps.Scanner.Symbolizer` | Align with symbolizer regression fixtures | Align with symbolizer regression fixtures | RBSY0101 | | COMPOSE-44-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild · DevEx Guild | ops/deployment | Author `docker-compose.yml`, `.env.example`, and `quickstart.sh` with all core services + dependencies (postgres, redis, object-store, queue, otel). | Align with DVDO0103 env profiles | DVCP0101 | | COMPOSE-44-002 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild | ops/deployment | Implement `backup.sh` and `reset.sh` scripts with safety prompts and documentation. Dependencies: COMPOSE-44-001. | Depends on #1 | DVCP0101 | | COMPOSE-44-003 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild | ops/deployment | Package seed data container and onboarding wizard toggle (`QUICKSTART_MODE`), ensuring default creds randomized on first run. Dependencies: COMPOSE-44-002. | Needs RBRE0101 provenance | DVCP0101 | | CONCELIER-AIAI-31-002 | DOING | | SPRINT_110_ingestion_evidence | Concelier Core · Concelier WebService Guilds | | Structured field/caching implementation gated on schema approval. | CONCELIER-GRAPH-21-001; CARTO-GRAPH-21-002 | DOAI0101 | | CONCELIER-AIAI-31-003 | DONE | 2025-11-12 | SPRINT_110_ingestion_evidence | Docs Guild · Concelier Observability Guild | docs/modules/concelier/observability.md | Telemetry counters/histograms live for Advisory AI dashboards. | Summarize telemetry evidence | DOCO0101 | | CONCELIER-AIRGAP-56-001 | TODO | | SPRINT_112_concelier_i | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Implement read paths for Offline Kit bundles, persist `bundleId`, `merkleRoot`, and maintain append-only ledger comparisons. | Wait for ATLN0102 decision log | AGCN0101 | | CONCELIER-AIRGAP-56-001..58-001 | TODO | | SPRINT_110_ingestion_evidence | Concelier Core Guild · Evidence Locker Guild | | Air-gap bundles waiting on stable schema + attestation payloads. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ELOCKER-CONTRACT-2001 | AGCN0101 | | CONCELIER-AIRGAP-56-002 | TODO | | SPRINT_112_concelier_i | Concelier Core Guild · AirGap Importer Guild | | Every observation/linkset stores `{bundleId, merkleRoot, observationPath}` so exported evidence can cite provenance exactly once; depends on 56-001. | Requires #2 for CAS alignment | AGCN0101 | | CONCELIER-AIRGAP-57-001 | TODO | | SPRINT_112_concelier_i | Concelier Core Guild · AirGap Policy Guild | | Feature flag + policy that rejects non-mirror connectors with actionable diagnostics; depends on 56-001. | — | ATLN0102 | | CONCELIER-AIRGAP-57-002 | TODO | | SPRINT_112_concelier_i | Concelier Core Guild · AirGap Time Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Compute `fetchedAt/publishedAt/clockSource` deltas per bundle and expose via observation APIs without mutating evidence; depends on 56-002. | Wait for AIRGAP-TIME-CONTRACT-1501 | CCAN0101 | | CONCELIER-AIRGAP-58-001 | TODO | | SPRINT_112_concelier_i | Concelier Core Guild · Evidence Locker Guild | | Package advisory observations/linksets + provenance notes (document id + observationPath) into timeline-bound portable bundles with verifier instructions; depends on 57-002. | — | ATLN0102 | | CONCELIER-ATTEST-73-001 | TODO | | SPRINT_110_ingestion_evidence | Concelier Core · Evidence Locker Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Attestation metadata wiring follows structured caching. | CONCELIER-AIAI-31-002; ELOCKER-CONTRACT-2001 | CCAN0101 | | CONCELIER-ATTEST-73-002 | TODO | | SPRINT_110_ingestion_evidence | Concelier Core · Evidence Locker Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Depends on #2 | CONCELIER-AIAI-31-002; ELOCKER-CONTRACT-2001 | CCAN0101 | | CONCELIER-CONSOLE-23-001 | TODO | | SPRINT_112_concelier_i | Concelier WebService Guild · BE-Base Platform Guild | | `/console/advisories` returns grouped linksets with per-source severity/status chips plus `{documentId, observationPath}` provenance references (matching GHSA + Red Hat CVE browser expectations); depends on CONCELIER-LNM-21-201/202. | — | ATLN0102 | | CONCELIER-CONSOLE-23-001..003 | TODO | | SPRINT_110_ingestion_evidence | Concelier Console Guild | src/Concelier/StellaOps.Concelier.WebService | Console overlays blocked until schema signed off. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002 | CCLN0102 | | CONCELIER-CONSOLE-23-002 | TODO | | SPRINT_112_concelier_i | Concelier WebService Guild | | Deterministic “new/modified/conflicting” sets referencing linkset IDs and field paths rather than computed verdicts; depends on 23-001. | — | ATLN0102 | | CONCELIER-CONSOLE-23-003 | TODO | | SPRINT_112_concelier_i | Concelier WebService Guild | | CVE/GHSA/PURL lookups return observation excerpts, provenance anchors, and cache hints so tenants can preview evidence safely; reuse structured field taxonomy from Workstream A. | — | ATLN0102 | | CONCELIER-CORE-AOC-19-013 | TODO | | SPRINT_112_concelier_i | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Expand smoke/e2e suites so Authority tokens + tenant headers are mandatory for ingest/read paths (including the new provenance endpoint). Must assert no merge-side effects and that provenance anchors always round-trip. | Must reference AOC guardrails from docs | AGCN0101 | | CONCELIER-DOCS-0001 | DONE | 2025-11-05 | SPRINT_317_docs_modules_concelier | Docs Guild | docs/modules/concelier | Validate that `docs/modules/concelier/README.md` reflects the latest release notes and aggregation toggles. | Reference (baseline) | CCDO0101 | | CONCELIER-ENG-0001 | TODO | | SPRINT_317_docs_modules_concelier | Module Team · Concelier Guild | docs/modules/concelier | Cross-check implementation plan milestones against `/docs/implplan/SPRINT_*.md` and update module readiness checkpoints. | Wait for CCPR0101 validation | CCDO0101 | | CONCELIER-GRAPH-21-001 | BLOCKED | 2025-10-27 | SPRINT_113_concelier_ii | Concelier Core · Cartographer Guilds | src/Concelier/__Libraries/StellaOps.Concelier.Core | Extend SBOM normalization so every relationship (depends_on, contains, provides) and scope tag is captured as raw observation metadata with provenance pointers; Cartographer can then join SBOM + advisory facts without Concelier inferring impact. | Waiting on Cartographer schema (052_CAGR0101) | AGCN0101 | | CONCELIER-GRAPH-21-002 | BLOCKED | 2025-10-27 | SPRINT_113_concelier_ii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Publish `sbom.observation.updated` events whenever new SBOM versions arrive, including tenant/context metadata and advisory references—never send judgments, only facts. Depends on CONCELIER-GRAPH-21-001. | Depends on #5 outputs | AGCN0101 | | CONCELIER-GRAPH-24-101 | TODO | | SPRINT_113_concelier_ii | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Provide `/advisories/summary` responses that bundle observation/linkset metadata (aliases, confidence, conflicts) for graph overlays while keeping upstream values intact. Depends on CONCELIER-GRAPH-21-002. | Wait for CAGR0101 + storage migrations | CCGH0101 | | CONCELIER-GRAPH-28-102 | TODO | | SPRINT_113_concelier_ii | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Add batch fetch endpoints keyed by component sets so graph tooltips can pull raw observations/linksets efficiently; include provenance + timestamps but no derived severity. Depends on CONCELIER-GRAPH-24-101. | Depends on #1 | CCGH0101 | | CONCELIER-LNM-21-001 | TODO | | SPRINT_113_concelier_ii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Define the immutable `advisory_observations` model (per-source fields, version ranges, severity text, provenance metadata, tenant guards) so every ingestion path records raw statements without merge artifacts. | Needs Link-Not-Merge approval (005_ATLN0101) | AGCN0101 | | CONCELIER-LNM-21-002 | TODO | | SPRINT_113_concelier_ii | Concelier Core Guild · Data Science Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Implement correlation pipelines (alias graph, purl overlap, CVSS vector compare) that output linksets with confidence scores + conflict markers, never collapsing conflicting facts into single values. Depends on CONCELIER-LNM-21-001. | Depends on #7 for precedence rules | AGCN0101 | | CONCELIER-LNM-21-003 | TODO | | SPRINT_113_concelier_ii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Record disagreements (severity, CVSS, references) on linksets as structured conflict entries so consumers can reason about divergence without Concelier resolving it. Depends on CONCELIER-LNM-21-002. | Requires #8 heuristics | AGCN0101 | | CONCELIER-LNM-21-004 | TODO | | SPRINT_113_concelier_ii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Delete legacy merge/dedup logic, add guardrails/tests to keep ingestion append-only, and document how linksets supersede the old merge outputs. Depends on CONCELIER-LNM-21-003. | Depends on #9 | AGCN0101 | | CONCELIER-LNM-21-005 | TODO | | SPRINT_113_concelier_ii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Emit `advisory.linkset.updated` events containing delta descriptions + observation ids so downstream evaluators can subscribe deterministically. Depends on CONCELIER-LNM-21-004. | Requires CCLN0101 store changes | CCCO0101 | | CONCELIER-LNM-21-101 | TODO | | SPRINT_113_concelier_ii | Concelier Storage Guild | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | Provision the Mongo collections (`advisory_observations`, `advisory_linksets`) with hashed shard keys, tenant indexes, and TTL for ingest metadata to support Link-Not-Merge at scale. Depends on CONCELIER-LNM-21-005. | Wait for schema freeze | CCLN0101 | | CONCELIER-LNM-21-102 | TODO | | SPRINT_113_concelier_ii | Concelier Storage Guild · DevOps Guild | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | Backfill legacy merged advisories into the new observation/linkset collections, seed tombstones for deprecated docs, and provide rollback tooling for Offline Kit operators. Depends on CONCELIER-LNM-21-101. | Depends on #1 | CCLN0101 | | CONCELIER-LNM-21-103 | TODO | | SPRINT_113_concelier_ii | Concelier Storage Guild (src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo) | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | Move large raw payloads to object storage with deterministic pointers, update bootstrapper/offline kit seeds, and guarantee provenance metadata remains intact. Depends on CONCELIER-LNM-21-102. | — | ATLN0101 | | CONCELIER-LNM-21-201 | TODO | | SPRINT_113_concelier_ii | Concelier WebService Guild · Platform Guild | src/Concelier/StellaOps.Concelier.WebService | Add `/advisories/observations` with filters for alias/purl/source plus strict tenant scopes; responses must only echo upstream values + provenance fields. Depends on CONCELIER-LNM-21-103. | Wait for storage sprint (CCLN0101) | CCLN0102 | | CONCELIER-LNM-21-202 | TODO | | SPRINT_113_concelier_ii | Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | Implement `/advisories/linksets`/`export`/`evidence` endpoints surfacing correlation + conflict payloads and `ERR_AGG_*` error mapping, never exposing synthesis/merge results. Depends on CONCELIER-LNM-21-201. | — | ATLN0101 | | CONCELIER-LNM-21-203 | TODO | | SPRINT_113_concelier_ii | Concelier WebService Guild, Platform Events Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | Publish idempotent NATS/Redis events for new observations/linksets with schemas documented for downstream consumers; include tenant + provenance references only. Depends on CONCELIER-LNM-21-202. | — | ATLN0101 | | CONCELIER-OAS-61-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core + API Contracts Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Update the OpenAPI spec so every observation/linkset/timeline endpoint documents provenance fields, tenant scopes, and AOC guarantees (no consensus fields), giving downstream SDKs unambiguous contracts. | Wait for CCPR0101 policy updates | CCOA0101 | | CONCELIER-OAS-61-002 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Provide realistic examples (conflict linksets, multi-source severity, timeline snippets) showing how raw advisories are surfaced without merges; wire them into docs/SDKs. Depends on CONCELIER-OAS-61-001. | Depends on #1 | CCOA0101 | | CONCELIER-OAS-62-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core + SDK Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Add SDK scenarios covering advisory search, pagination, and conflict handling to ensure each language client preserves provenance fields and does not infer verdicts. Depends on CONCELIER-OAS-61-002. | Needs SDK requirements from CLSB0101 | CCOA0101 | | CONCELIER-OBS-51-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild · DevOps Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Emit ingestion latency, queue depth, and AOC violation metrics with burn-rate alerts so we can prove the evidence pipeline remains healthy without resorting to heuristics. | Wait for 046_TLTY0101 metric schema drop | CNOB0101 | | CONCELIER-OBS-52-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Produce timeline records for ingest/normalization/linkset updates containing trace IDs, conflict summaries, and evidence hashes—pure facts for downstream replay. Depends on CONCELIER-OBS-51-001. | Needs #1 merged to reuse structured logging helpers | CNOB0101 | | CONCELIER-OBS-53-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild · Evidence Locker Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Generate evidence locker bundles (raw doc, normalization diff, linkset) with Merkle manifests so audits can replay advisory history without touching live Mongo. Depends on CONCELIER-OBS-52-001. | Requires Evidence Locker contract from 002_ATEL0101 | CNOB0101 | | CONCELIER-OBS-54-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild · Provenance Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Attach DSSE attestations to advisory batches, expose verification APIs, and link attestation IDs into timeline + ledger for transparency. Depends on CONCELIER-OBS-53-001. | Blocked by Link-Not-Merge schema finalization (005_ATLN0101) | CNOB0101 | | CONCELIER-OBS-55-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild · DevOps Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Implement incident-mode levers (extra sampling, retention overrides, redaction guards) that collect more raw evidence without mutating advisory content. Depends on CONCELIER-OBS-54-001. | Depends on #4 for consistent dimensions | CNOB0101 | | CONCELIER-OPS-0001 | TODO | | SPRINT_317_docs_modules_concelier | Ops Guild | docs/modules/concelier | Review runbooks/observability assets after the next sprint demo and capture findings inline with sprint notes. | Depends on #2 | CCDO0101 | | CONCELIER-ORCH-32-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Register every advisory connector with the orchestrator (metadata, auth scopes, rate policies) so ingest scheduling is transparent and reproducible. | Wait for CCAN0101 outputs | CCCO0101 | | CONCELIER-ORCH-32-002 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Adopt the orchestrator worker SDK in ingestion loops, emitting heartbeats/progress/artifact hashes to guarantee deterministic replays. Depends on CONCELIER-ORCH-32-001. | Depends on #1 | CCCO0101 | | CONCELIER-ORCH-33-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Honor orchestrator pause/throttle/retry controls with structured error outputs and persisted checkpoints so operators can intervene without losing evidence. Depends on CONCELIER-ORCH-32-002. | Needs ORTR0102 cues | CCCO0101 | | CONCELIER-ORCH-34-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Execute orchestrator-driven backfills that reuse artifact hashes/signatures, log provenance, and push run metadata to the ledger for audits. Depends on CONCELIER-ORCH-33-001. | Depends on #3 | CCCO0101 | | CONCELIER-POLICY-20-001 | TODO | | SPRINT_114_concelier_iii | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Provide batch advisory lookup APIs for Policy Engine (purl/advisory filters, tenant scopes, explain metadata) so policy can join raw evidence without Concelier suggesting outcomes. | Wait for storage sprint | CCPR0101 | | CONCELIER-POLICY-20-002 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild · Policy Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Expand linkset builders with vendor-specific equivalence tables, NEVRA/PURL normalization, and version-range parsing so policy joins become more accurate without Concelier prioritizing sources. Depends on CONCELIER-POLICY-20-001. | Depends on #1 | CCPR0101 | | CONCELIER-POLICY-20-003 | TODO | | SPRINT_115_concelier_iv | Concelier Storage Guild | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | Introduce advisory selection cursors + change-stream checkpoints that let Policy Engine process deltas deterministically; include offline migration scripts. Depends on CONCELIER-POLICY-20-002. | Depends on #2 | CCPR0101 | | CONCELIER-POLICY-23-001 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Add secondary indexes/materialized views (alias, provider severity, correlation confidence) so policy lookups stay fast without caching derived verdicts; document the supported query patterns. Depends on CONCELIER-POLICY-20-003. | Needs RISK series seeds | CCPR0101 | | CONCELIER-POLICY-23-002 | TODO | | SPRINT_115_concelier_iv | Concelier WebService Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Ensure `advisory.linkset.updated` events ship with idempotent IDs, confidence summaries, and tenant metadata so policy consumers can replay evidence feeds safely. Depends on CONCELIER-POLICY-23-001. | Depends on #4 | CCPR0101 | | CONCELIER-RISK-66-001 | TODO | | SPRINT_115_concelier_iv | Concelier Core · Risk Engine Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Surface vendor-provided CVSS/KEV/fix data exactly as published (with provenance anchors) through provider APIs so risk engines can reason about upstream intent. | Align risk feed with CCCS/CERTBUND | CCPR0101 | | CONCELIER-RISK-66-002 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Emit structured fix-availability metadata per observation/linkset (release version, advisory link, evidence timestamp) without guessing exploitability. Depends on CONCELIER-RISK-66-001. | Depends on #6 | CCPR0101 | | CONCELIER-RISK-67-001 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Publish per-source coverage/conflict metrics (counts, disagreements) so explainers can cite which upstream statements exist; no weighting is applied inside Concelier. Depends on CONCELIER-RISK-66-001. | Needs risk taxonomy agreement | CCPR0101 | | CONCELIER-RISK-68-001 | TODO | | SPRINT_115_concelier_iv | Concelier Core + Policy Studio Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Wire advisory signal pickers into Policy Studio so curators can select which raw advisory fields feed policy gating; validation must confirm fields are provenance-backed. Depends on POLICY-RISK-68-001. | Depends on #8 | CCPR0101 | | CONCELIER-RISK-69-001 | TODO | | SPRINT_115_concelier_iv | Concelier Core + Notifications Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Emit notifications when upstream advisory fields change (e.g., fix available) with observation IDs + provenance so Notifications service can alert without inferring severity. Depends on CONCELIER-RISK-66-002. | Needs Notifications contract | CCPR0101 | | CONCELIER-SIG-26-001 | TODO | | SPRINT_115_concelier_iv | Concelier Core + Signals Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Expose upstream-provided affected symbol/function lists via APIs to help reachability scoring; maintain provenance and do not infer exploitability. Depends on SIGNALS-24-002. | Needs SGSI0101 runtime feed | CCCO0101 | | CONCELIER-STORE-AOC-19-005 | TODO | 2025-11-04 | SPRINT_115_concelier_iv | Concelier Storage Guild · DevOps Guild | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | Execute the raw-linkset backfill/rollback plan (`docs/dev/raw-linkset-backfill-plan.md`) so Mongo + Offline Kit bundles reflect Link-Not-Merge data; rehearse rollback. Depends on CONCELIER-CORE-AOC-19-004. | Wait for CCLN0101 approval | CCSM0101 | | CONCELIER-TEN-48-001 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Enforce tenant scoping throughout normalization/linking, expose capability endpoint advertising `merge=false`, and ensure events include tenant IDs. Depends on AUTH-TEN-47-001. | Depends on #5/#6 | CCCO0101 | | CONCELIER-VEXLENS-30-001 | TODO | | SPRINT_115_concelier_iv | Concelier WebService Guild · VEX Lens Guild | src/Concelier/StellaOps.Concelier.WebService | Guarantee advisory key consistency and cross-links consumed by VEX Lens so consensus explanations can cite Concelier evidence without requesting merges. Depends on CONCELIER-VULN-29-001, VEXLENS-30-005. | — | PLVL0103 | | CONCELIER-VULN-29-004 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild · Observability Guild | src/Concelier/StellaOps.Concelier.WebService | Instrument observation/linkset pipelines with metrics for identifier collisions, withdrawn statements, and chunk latencies; stream them to Vuln Explorer without altering evidence payloads. Depends on CONCELIER-VULN-29-001. | Requires CCPR0101 risk feed | CCWO0101 | | CONCELIER-WEB-AIRGAP-56-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild · AirGap Policy Guild | src/Concelier/StellaOps.Concelier.WebService | Extend ingestion endpoints to register mirror bundle sources, expose bundle catalogs, and enforce sealed-mode by blocking direct internet feeds. | Wait for AGCN0101 proof | CCAW0101 | | CONCELIER-WEB-AIRGAP-56-002 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild · AirGap Importer Guild | src/Concelier/StellaOps.Concelier.WebService | Add staleness + bundle provenance metadata to `/advisories/observations` and `/advisories/linksets` so operators can see freshness without Excitior deriving outcomes. Depends on CONCELIER-WEB-AIRGAP-56-001. | Depends on #1 | CCAW0101 | | CONCELIER-WEB-AIRGAP-57-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Map sealed-mode violations to consistent `AIRGAP_EGRESS_BLOCKED` payloads that explain how to remediate, leaving advisory content untouched. Depends on CONCELIER-WEB-AIRGAP-56-002. | Needs CCAN0101 time beacons | CCAW0101 | | CONCELIER-WEB-AIRGAP-58-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild · Evidence Locker Guild | src/Concelier/StellaOps.Concelier.WebService | Emit timeline events for bundle imports (bundle ID, scope, actor) so audit trails capture every evidence change. Depends on CONCELIER-WEB-AIRGAP-57-001. | Depends on #3 | CCAW0101 | | CONCELIER-WEB-AOC-19-003 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Add unit tests for schema validators, forbidden-field guards (`ERR_AOC_001/2/6/7`), and supersedes chains to keep ingestion append-only. Depends on CONCELIER-WEB-AOC-19-002. | Wait for CCSM0101 migration | CCAO0101 | | CONCELIER-WEB-AOC-19-004 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Create integration tests that ingest large advisory batches (cold/warm), verify reproducible linksets, and record metrics/fixtures for Offline Kit rehearsals. Depends on CONCELIER-WEB-AOC-19-003. | Depends on #1 | CCAO0101 | | CONCELIER-WEB-AOC-19-005 | TODO | 2025-11-08 | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Fix `/advisories/{key}/chunks` test data so pre-seeded raw docs resolve correctly; ensure Mongo migrations stop logging “Unable to locate advisory_raw documents” during tests. Depends on CONCELIER-WEB-AOC-19-002. | Needs CCPR0101 verdict feed | CCAO0101 | | CONCELIER-WEB-AOC-19-006 | TODO | 2025-11-08 | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Align default auth/tenant configs with the test fixtures so allowlisted tenants can ingest before forbidden tenants are rejected, closing the gap in `AdvisoryIngestEndpoint_RejectsTenantOutsideAllowlist`. Depends on CONCELIER-WEB-AOC-19-002. | Depends on #3 | CCAO0101 | | CONCELIER-WEB-AOC-19-007 | TODO | 2025-11-08 | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Update AOC verify logic so guard failures emit `ERR_AOC_001` (not `_004`) and keep mapper/guard parity covered by regression tests. Depends on CONCELIER-WEB-AOC-19-002. | Depends on #4 | CCAO0101 | | CONCELIER-WEB-OAS-61-002 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Ensure every API returns the standardized error envelope and update controllers/tests accordingly (prereq for SDK/doc alignment). | Wait for CCOA0101 spec | CCWO0101 | | CONCELIER-WEB-OAS-62-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Publish curated examples for observations/linksets/conflicts and wire them into the developer portal. Depends on CONCELIER-WEB-OAS-61-002. | Depends on #1 | CCWO0101 | | CONCELIER-WEB-OAS-63-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild · API Governance Guild | src/Concelier/StellaOps.Concelier.WebService | Emit deprecation headers + notifications for retiring endpoints, steering clients toward Link-Not-Merge APIs. Depends on CONCELIER-WEB-OAS-62-001. | Needs governance approval | CCWO0101 | | CONCELIER-WEB-OBS-51-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Add `/obs/concelier/health` surfaces for ingest health, queue depth, and SLO status so Console widgets can display real-time evidence pipeline stats. Depends on CONCELIER-WEB-OBS-50-001. | Need telemetry schema baseline from 046_TLTY0101 | CNOB0102 | | CONCELIER-WEB-OBS-52-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Provide SSE stream `/obs/concelier/timeline` with paging tokens, guardrails, and audit logging so operators can monitor evidence changes live. Depends on CONCELIER-WEB-OBS-51-001. | Requires #1 merged so we reuse correlation IDs | CNOB0102 | | CONCELIER-WEB-OBS-53-001 | TODO | | SPRINT_117_concelier_vi | Concelier WebService Guild · Evidence Locker Guild | src/Concelier/StellaOps.Concelier.WebService | Add `/evidence/advisories/*` routes that proxy evidence locker snapshots, verify `evidence:read` scopes, and return signed manifest metadata—no shortcut paths into raw storage. Depends on CONCELIER-WEB-OBS-52-001. | Blocked on Evidence Locker DSSE feed (002_ATEL0101) | CNOB0102 | | CONCELIER-WEB-OBS-54-001 | TODO | | SPRINT_117_concelier_vi | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Provide `/attestations/advisories/*` endpoints surfacing DSSE status, verification summary, and provenance chain so CLI/Console can audit trust without hitting databases. Depends on CONCELIER-WEB-OBS-53-001. | Depends on Link-Not-Merge schema (005_ATLN0101) | CNOB0102 | | CONCELIER-WEB-OBS-55-001 | TODO | | SPRINT_117_concelier_vi | Concelier WebService Guild · DevOps Guild | src/Concelier/StellaOps.Concelier.WebService | Implement incident-mode APIs that coordinate ingest, locker, and orchestrator, capturing activation events + cooldown semantics but leaving evidence untouched. Depends on CONCELIER-WEB-OBS-54-001. | Needs #4 to finalize labels | CNOB0102 | | CONN-SUSE-01-003 | Team Excititor Connectors – SUSE | | SPRINT_120_excititor_ii | Connector Guild (SUSE) | src/Excititor/__Libraries/StellaOps.Excititor.Connectors.SUSE.RancherVEXHub | EXCITITOR-CONN-SUSE-01-002; EXCITITOR-POLICY-01-001 | EXCITITOR-CONN-SUSE-01-002; EXCITITOR-POLICY-01-001 | EXCN0102 | | CONN-TRUST-01-001 | TODO | | SPRINT_110_ingestion_evidence | Excititor + AirGap Guilds | | CONCELIER-GRAPH-21-001/002; ATTEST-PLAN-2001 | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | EXCN0102 | | CONN-UBUNTU-01-003 | Team Excititor Connectors – Ubuntu | | SPRINT_120_excititor_ii | Connector Guild (Ubuntu) | src/Excititor/__Libraries/StellaOps.Excititor.Connectors.Ubuntu.CSAF | EXCITITOR-CONN-UBUNTU-01-002; EXCITITOR-POLICY-01-001 | EXCITITOR-CONN-UBUNTU-01-002; EXCITITOR-POLICY-01-001 | EXCN0102 | | CONSENSUS-LENS-DOCS-0001 | TODO | | SPRINT_332_docs_modules_vex_lens | Docs Guild | docs/modules/vex-lens | Wait for CCSL0101 panel demo | Wait for CCSL0101 panel demo | CCDL0101 | | CONSENSUS-LENS-DOCS-0002 | TODO | 2025-11-05 | SPRINT_332_docs_modules_vex_lens | Docs Guild | docs/modules/vex-lens | Depends on #1 | Depends on #1 | CCDL0101 | | CONSENSUS-LENS-ENG-0001 | TODO | | SPRINT_332_docs_modules_vex_lens | Module Team | docs/modules/vex-lens | Needs CCWO0101 schema | Needs CCWO0101 schema | CCDL0101 | | CONSENSUS-LENS-OPS-0001 | TODO | | SPRINT_332_docs_modules_vex-lens | Ops Guild | docs/modules/vex-lens | Depends on #3 | Depends on #3 | CCDL0101 | | CONSOLE-23-001 | TODO | | SPRINT_112_concelier_i | Console Guild | src/Console/StellaOps.Console | Wait for CCWO0101 schema | Wait for CCWO0101 schema | CCSL0101 | | CONSOLE-23-001..003 | TODO | | SPRINT_110_ingestion_evidence | Console Guild | src/Console/StellaOps.Console | Depends on #1 | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002 | CCSL0101 | | CONSOLE-23-002 | TODO | | SPRINT_112_concelier_i | Console Guild | src/Console/StellaOps.Console | Needs LNM graph (CCGH0101) | Needs LNM graph (CCGH0101) | CCSL0101 | | CONSOLE-23-003 | TODO | | SPRINT_112_concelier_i | Console Guild | src/Console/StellaOps.Console | Depends on #3 | Depends on #3 | CCSL0101 | | CONSOLE-23-004 | TODO | | SPRINT_212_web_i | Console Guild | src/Web/StellaOps.Web | Requires CCPR0101 verdicts | Requires CCPR0101 verdicts | CCSL0101 | | CONSOLE-23-005 | TODO | | SPRINT_212_web_i | Console Guild | src/Web/StellaOps.Web | Depends on #5 | Depends on #5 | CCSL0101 | | CONSOLE-OBS-52-001 | TODO | | SPRINT_303_docs_tasks_md_iii | Console Ops Guild | docs/modules/ui | Needs TLTY0101 metrics | Needs TLTY0101 metrics | CCSL0101 | | CONSOLE-OBS-52-002 | TODO | | SPRINT_303_docs_tasks_md_iii | Console Ops Guild | docs/modules/ui | Depends on #7 | Depends on #7 | CCSL0101 | | CONSOLE-VEX-30-001 | TODO | 2025-11-08 | SPRINT_212_web_i | Console Guild · VEX Lens Guild | src/Web/StellaOps.Web | Provide `/console/vex/*` APIs streaming VEX statements, justification summaries, and advisory links with SSE refresh hooks. Dependencies: WEB-CONSOLE-23-001, EXCITITOR-CONSOLE-23-001. | Needs VEX Lens spec (PLVL0103) | CCSL0101 | | CONSOLE-VULN-29-001 | TODO | 2025-11-08 | SPRINT_212_web_i | Console Guild | src/Web/StellaOps.Web | Build `/console/vuln/*` APIs and filters surfacing tenant-scoped findings with policy/VEX badges so Docs/UI teams can document workflows. Dependencies: WEB-CONSOLE-23-001, CONCELIER-GRAPH-21-001. | Depends on CCWO0101 | CCSL0101 | | CONTAINERS-44-001 | TODO | | SPRINT_212_web_i | BE-Base Platform Guild | src/Web/StellaOps.Web | Wait for DVCP0101 compose template | Wait for DVCP0101 compose template | COWB0101 | | CONTAINERS-45-001 | TODO | | SPRINT_212_web_i | BE-Base Platform Guild | src/Web/StellaOps.Web | Depends on #1 | Depends on #1 | COWB0101 | | CONTAINERS-46-001 | TODO | | SPRINT_212_web_i | BE-Base Platform Guild | src/Web/StellaOps.Web | Needs RBRE0101 hashes | Needs RBRE0101 hashes | COWB0101 | | CONTRIB-62-001 | TODO | | SPRINT_303_docs_tasks_md_iii | Docs Guild · API Governance Guild | docs/api | Wait for CCWO0101 spec finalization | Wait for CCWO0101 spec finalization | APID0101 | | CORE-185-001 | TODO | | SPRINT_185_shared_replay_primitives | Platform Guild | `src/__Libraries/StellaOps.Replay.Core` | Wait for SGSI0101 feed | Wait for SGSI0101 feed | RLRC0101 | | CORE-185-002 | TODO | | SPRINT_185_shared_replay_primitives | Platform Guild | src/__Libraries/StellaOps.Replay.Core | Depends on #1 | Depends on #1 | RLRC0101 | | CORE-185-003 | TODO | | SPRINT_185_shared_replay_primitives | Platform Data Guild | src/__Libraries/StellaOps.Replay.Core | Depends on #2 | Depends on #2 | RLRC0101 | | CORE-186-004 | TODO | | SPRINT_186_record_deterministic_execution | Signing Guild | `src/Signer/StellaOps.Signer`, `src/__Libraries/StellaOps.Cryptography` | Wait for RLRC0101 schema | Wait for RLRC0101 schema | SIGR0101 | | CORE-186-005 | TODO | | SPRINT_186_record_deterministic_execution | Signing Guild | `src/Signer/StellaOps.Signer.Core` | Depends on #1 | Depends on #1 | SIGR0101 | | CORE-41-001 | TODO | | SPRINT_202_cli_ii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Wait for CASC0101 manifest | Wait for CASC0101 manifest | CLCI0110 | | CORE-AOC-19-002 | TODO | | SPRINT_120_excititor_ii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Wait for ATLN schema freeze | Wait for ATLN schema freeze | EXAC0101 | | CORE-AOC-19-003 | TODO | | SPRINT_120_excititor_ii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Depends on #1 | Depends on #1 | EXAC0101 | | CORE-AOC-19-004 | TODO | | SPRINT_120_excititor_ii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Depends on #2 | Depends on #2 | EXAC0101 | | CORE-AOC-19-013 | TODO | | SPRINT_112_concelier_i | Concelier Core Guild + Excititor | src/Concelier/__Libraries/StellaOps.Concelier.Core | Needs CCAN0101 DSSE output | Needs CCAN0101 DSSE output | EXAC0101 | | CRT-56-001 | TODO | | SPRINT_110_ingestion_evidence | Mirror Creator Guild | | Wait for PGMI0101 owner | Wait for PGMI0101 owner | MRCR0101 | | CRT-56-002 | TODO | | SPRINT_110_ingestion_evidence | Mirror Creator · Security Guilds | | Depends on #1 | MIRROR-CRT-56-001; PROV-OBS-53-001 | MRCR0101 | | CRT-57-001 | TODO | | SPRINT_110_ingestion_evidence | Mirror Creator · AirGap Time Guild | | Needs AIRGAP-TIME-57-001 | MIRROR-CRT-56-001; AIRGAP-TIME-57-001 | MRCR0101 | | CRT-57-002 | TODO | | SPRINT_110_ingestion_evidence | Mirror Creator Guild | | Depends on #3 | MIRROR-CRT-56-001; AIRGAP-TIME-57-001 | MRCR0101 | | CRT-58-001 | TODO | | SPRINT_110_ingestion_evidence | Mirror Creator + Evidence Locker | | Requires Evidence Locker contract | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | MRCR0101 | | CRT-58-002 | TODO | | SPRINT_110_ingestion_evidence | Mirror Creator + Security Guild | | Depends on #5 | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | MRCR0101 | | CRYPTO-90-001 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | | | CRSA0101 | | CRYPTO-90-002 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | | | CRSA0101 | | CRYPTO-90-003 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | | | CRSA0101 | | CRYPTO-90-004 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | | | CRSA0101 | | CRYPTO-90-005 | DONE | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | | | CRSA0101 | | CRYPTO-90-006 | DONE | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | | | CRSA0101 | | CRYPTO-90-007 | DONE | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | | | CRSA0101 | | CRYPTO-90-008 | DONE | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | | | CRSA0101 | | CRYPTO-90-009 | DONE | 2025-11-09 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro) | src/__Libraries.StellaOps.Cryptography.Plugin.CryptoPro | | | CRSA0101 | | CRYPTO-90-010 | DONE | 2025-11-09 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography + .DependencyInjection) | src/__Libraries.StellaOps.Cryptography + .DependencyInjection | | | CRSA0101 | | CRYPTO-90-011 | DONE | 2025-11-09 | SPRINT_514_sovereign_crypto_enablement | Security & Ops Guilds (src/Tools/StellaOps.CryptoRu.Cli) | src/Tools/StellaOps.CryptoRu.Cli | | | CRSA0101 | | CRYPTO-90-012 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/__Tests/StellaOps.Cryptography.Tests) | src/__Libraries/__Tests.StellaOps.Cryptography.Tests | | | CRSA0101 | | CRYPTO-90-013 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries.StellaOps.Cryptography | | | CRSA0101 | | CRYPTO-90-014 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security + Service Guilds | | Wait for AUIN0101 sign-off | Wait for AUIN0101 sign-off | CRYO0101 | | CRYPTO-90-015 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security + Docs Guild | docs/security/rootpack_ru_*.md | Depends on #1 | Depends on #1 | CRYO0101 | | CRYPTO-90-016 | DONE | 2025-11-09 | SPRINT_514_sovereign_crypto_enablement | Security Guild | src/__Libraries/StellaOps.Cryptography.DependencyInjection + .Plugin.CryptoPro | Reference (artifact) | Reference (artifact) | CRYO0101 | | CRYPTO-90-017 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security Guild | third_party/forks + src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro | Needs fork sync | Needs fork sync | CRYO0101 | | CRYPTO-90-018 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security + Docs Guild | docs/security/rootpack_ru_*.md, docs/dev/crypto.md | Depends on #4 | Depends on #4 | CRYO0101 | | CRYPTO-90-019 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security Guild | third_party/forks/AlexMAS.GostCryptography | Needs fork validation | Needs fork validation | CRYO0101 | | CRYPTO-90-020 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security Guild | src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro | Depends on #6 | Depends on #6 | CRYO0101 | | CRYPTO-90-021 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security + QA Guilds | scripts/crypto/**, docs/security/rootpack_ru_validation.md | Depends on #7 | Depends on #7 | CRYO0101 | | CTL-56-001 | TODO | | SPRINT_510_airgap | AirGap Controller Guild | src/AirGap/StellaOps.AirGap.Controller | Wait for AGTM0101 schema | Wait for AGTM0101 schema | AGCT0102 | | CTL-56-002 | TODO | | SPRINT_510_airgap | Controller + DevOps Guilds | src/AirGap/StellaOps.AirGap.Controller | Depends on #1 | Depends on #1 | AGCT0102 | | CTL-57-001 | TODO | | SPRINT_510_airgap | Controller + Time Guild | src/AirGap/StellaOps.AirGap.Controller | Needs AGTM time anchors | Needs AGTM time anchors | AGCT0102 | | CTL-57-002 | TODO | | SPRINT_510_airgap | Controller + Observability Guild | src/AirGap/StellaOps.AirGap.Controller | Depends on #3 | Depends on #3 | AGCT0102 | | CTL-58-001 | TODO | | SPRINT_510_airgap | Controller + Evidence Locker Guild | src/AirGap/StellaOps.AirGap.Controller | Depends on #4 | Depends on #4 | AGCT0102 | | DEPLOY-AIAI-31-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild · Advisory AI Guild | ops/deployment | Provide Helm/Compose manifests, GPU toggle, scaling/runbook, and offline kit instructions for Advisory AI service + inference container. | Wait for DVCP0101 compose template | DVPL0101 | | DEPLOY-AIRGAP-46-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild · Offline Kit Guild | ops/deployment | Provide instructions and scripts (`load.sh`) for importing air-gap bundle into private registry; update Offline Kit guide. | Requires #1 artifacts | AGDP0101 | | DEPLOY-CLI-41-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild · CLI Guild | ops/deployment | Package CLI release artifacts (tarballs per OS/arch, checksums, signatures, completions, container image) and publish distribution docs. | Wait for CLI observability schema (035_CLCI0105) | AGDP0101 | | DEPLOY-COMPOSE-44-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild | ops/deployment | Finalize Quickstart scripts (`quickstart.sh`, `backup.sh`, `reset.sh`), seed data container, and publish README with imposed rule reminder. | Depends on #1 | DVPL0101 | | DEPLOY-EXPORT-35-001 | BLOCKED | 2025-10-29 | SPRINT_501_ops_deployment_i | Deployment Guild · Export Center Guild | ops/deployment | Package exporter service/worker Helm overlays (download-only), document rollout/rollback, and integrate signing KMS secrets. | Need exporter DSSE API (002_ATEL0101) | AGDP0101 | | DEPLOY-EXPORT-36-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild · Export Center Guild | ops/deployment | Document OCI/object storage distribution workflows, registry credential automation, and monitoring hooks for exports. Dependencies: DEPLOY-EXPORT-35-001. | Depends on #4 deliverables | AGDP0101 | | DEPLOY-HELM-45-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment + Security Guilds | ops/deployment | Publish Helm install guide and sample values for prod/airgap; integrate with docs site build. | Needs helm chart schema | DVPL0101 | | DEPLOY-NOTIFY-38-001 | TODO | 2025-10-29 | SPRINT_501_ops_deployment_i | Deployment + Notify Guilds | ops/deployment | Package notifier API/worker Helm overlays (email/chat/webhook), secrets templates, rollout guide. | Depends on #3 | DVPL0101 | | DEPLOY-ORCH-34-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild · Orchestrator Guild | ops/deployment | Provide orchestrator Helm/Compose manifests, scaling defaults, secret templates, offline kit instructions, and GA rollout/rollback playbook. | Requires ORTR0101 readiness | AGDP0101 | | DEPLOY-PACKS-42-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild · Packs Registry Guild | ops/deployment | Provide deployment manifests for packs-registry and task-runner services, including Helm/Compose overlays, scaling defaults, and secret templates. | Wait for pack registry schema | AGDP0101 | | DEPLOY-PACKS-43-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild · Task Runner Guild | ops/deployment | Ship remote Task Runner worker profiles, object storage bootstrap, approval workflow integration, and Offline Kit packaging instructions. Dependencies: DEPLOY-PACKS-42-001. | Needs #7 artifacts | AGDP0101 | | DEPLOY-POLICY-27-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild · Policy Registry Guild | ops/deployment | Produce Helm/Compose overlays for Policy Registry + simulation workers, including Mongo migrations, object storage buckets, signing key secrets, and tenancy defaults. | Needs registry schema + secrets | AGDP0101 | | DEPLOY-POLICY-27-002 | TODO | | SPRINT_502_ops_deployment_ii | Deployment Guild · Policy Guild | ops/deployment | Document rollout/rollback playbooks for policy publish/promote (canary strategy, emergency freeze toggle, evidence retrieval) under `/docs/runbooks/policy-incident.md`. Dependencies: DEPLOY-POLICY-27-001. | Depends on 27-001 | AGDP0101 | | DEPLOY-VEX-30-001 | TODO | | SPRINT_502_ops_deployment_ii | Deployment + VEX Lens Guild | ops/deployment | Provide Helm/Compose overlays, scaling defaults, and offline kit instructions for VEX Lens service. | Wait for CCWO0101 schema | DVPL0101 | | DEPLOY-VEX-30-002 | TODO | | SPRINT_502_ops_deployment_ii | Deployment Guild | ops/deployment | Package Issuer Directory deployment manifests, backups, and security hardening guidance. Dependencies: DEPLOY-VEX-30-001. | Depends on #5 | DVPL0101 | | DEPLOY-VULN-29-001 | TODO | | SPRINT_502_ops_deployment_ii | Deployment + Vuln Guild | ops/deployment | Produce Helm/Compose overlays for Findings Ledger + projector, including DB migrations, Merkle anchor jobs, and scaling guidance. | Needs CCWO0101 | DVPL0101 | | DEPLOY-VULN-29-002 | TODO | | SPRINT_502_ops_deployment_ii | Deployment Guild | ops/deployment | Package `stella-vuln-explorer-api` deployment manifests, health checks, autoscaling policies, and offline kit instructions with signed images. Dependencies: DEPLOY-VULN-29-001. | Depends on #7 | DVPL0101 | | DETER-186-008 | TODO | | SPRINT_186_record_deterministic_execution | Scanner Guild | `src/Scanner/StellaOps.Scanner.WebService`, `src/Scanner/StellaOps.Scanner.Worker` | Wait for RLRC0101 fixture | Wait for RLRC0101 fixture | SCDT0101 | | DETER-186-009 | TODO | | SPRINT_186_record_deterministic_execution | Scanner Guild · QA Guild | `src/Scanner/StellaOps.Scanner.Replay`, `src/Scanner/__Tests` | Depends on #1 | Depends on #1 | SCDT0101 | | DETER-186-010 | TODO | | SPRINT_186_record_deterministic_execution | Scanner Guild · Export Center Guild | `src/Scanner/StellaOps.Scanner.WebService`, `docs/modules/scanner/operations/release.md` | Depends on #2 | Depends on #2 | SCDT0101 | | DETER-70-002 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Scanner Guild | | Needs CASC0101 manifest | Needs CASC0101 manifest | SCDT0101 | | DETER-70-003 | TODO | | SPRINT_202_cli_ii | DevEx/CLI Guild · Scanner Guild | src/Cli/StellaOps.Cli | Depends on #4 | Depends on #4 | SCDT0101 | | DETER-70-004 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Depends on #5 | Depends on #5 | SCDT0101 | | DEVOPS-AIAI-31-001 | TODO | | SPRINT_503_ops_devops_i | DevOps Guild, Advisory AI Guild (ops/devops) | ops/devops | Stand up CI pipelines, inference monitoring, privacy logging review, and perf dashboards for Advisory AI (summaries/conflicts/remediation). | — | DVDO0101 | | DEVOPS-AIRGAP-56-001 | TODO | | SPRINT_503_ops_devops_i | DevOps Guild (ops/devops) | ops/devops | Ship deny-all egress policies for Kubernetes (NetworkPolicy/eBPF) and docker-compose firewall rules; provide verification script for sealed mode. | — | DVDO0101 | | DEVOPS-AIRGAP-56-002 | TODO | | SPRINT_503_ops_devops_i | DevOps Guild, AirGap Importer Guild (ops/devops) | ops/devops | Provide import tooling for bundle staging: checksum validation, offline object-store loader scripts, removable media guidance. Dependencies: DEVOPS-AIRGAP-56-001. | — | DVDO0101 | | DEVOPS-AIRGAP-56-003 | TODO | | SPRINT_503_ops_devops_i | DevOps Guild, Container Distribution Guild (ops/devops) | ops/devops | Build Bootstrap Pack pipeline bundling images/charts, generating checksums, and publishing manifest for offline transfer. Dependencies: DEVOPS-AIRGAP-56-002. | — | DVDO0101 | | DEVOPS-AIRGAP-57-001 | TODO | | SPRINT_503_ops_devops_i | DevOps Guild, Mirror Creator Guild (ops/devops) | ops/devops | Automate Mirror Bundle creation jobs with dual-control approvals, artifact signing, and checksum publication. Dependencies: DEVOPS-AIRGAP-56-003. | — | DVDO0101 | | DEVOPS-AIRGAP-57-002 | DOING | 2025-11-08 | SPRINT_503_ops_devops_i | DevOps Guild, Authority Guild (ops/devops) | ops/devops | Configure sealed-mode CI tests that run services with sealed flag and ensure no egress occurs (iptables + mock DNS). Dependencies: DEVOPS-AIRGAP-57-001. | — | DVDO0101 | | DEVOPS-AIRGAP-58-001 | TODO | | SPRINT_503_ops_devops_i | DevOps Guild, Notifications Guild (ops/devops) | ops/devops | Provide local SMTP/syslog container templates and health checks for sealed environments; integrate into Bootstrap Pack. Dependencies: DEVOPS-AIRGAP-57-002. | — | DVDO0101 | | DEVOPS-AIRGAP-58-002 | TODO | | SPRINT_503_ops_devops_i | DevOps Guild, Observability Guild (ops/devops) | ops/devops | Ship sealed-mode observability stack (Prometheus/Grafana/Tempo/Loki) pre-configured with offline dashboards and no remote exporters. Dependencies: DEVOPS-AIRGAP-58-001. | — | DVDO0101 | | DEVOPS-AOC-19-001 | BLOCKED | 2025-10-26 | SPRINT_503_ops_devops_i | DevOps Guild, Platform Guild (ops/devops) | ops/devops | Integrate the AOC Roslyn analyzer and guard tests into CI, failing builds when ingestion projects attempt banned writes. | CCAO0101 | DVDO0101 | | DEVOPS-AOC-19-002 | BLOCKED | 2025-10-26 | SPRINT_503_ops_devops_i | DevOps Guild (ops/devops) | ops/devops | Add pipeline stage executing `stella aoc verify --since` against seeded Mongo snapshots for Concelier + Excititor, publishing violation report artefacts. Dependencies: DEVOPS-AOC-19-001. | DEVOPS-AOC-19-001 | DVDO0101 | | DEVOPS-AOC-19-003 | BLOCKED | 2025-10-26 | SPRINT_503_ops_devops_i | DevOps Guild, QA Guild (ops/devops) | ops/devops | Enforce unit test coverage thresholds for AOC guard suites and ensure coverage exported to dashboards. Dependencies: DEVOPS-AOC-19-002. | DEVOPS-AOC-19-002 | DVDO0102 | | DEVOPS-AOC-19-101 | TODO | 2025-10-28 | SPRINT_503_ops_devops_i | DevOps Guild · Concelier Storage Guild | ops/devops | Draft supersedes backfill rollout (freeze window, dry-run steps, rollback) once advisory_raw idempotency index passes staging verification. Dependencies: DEVOPS-AOC-19-003. | Align with CCOA0101 contract | DVDO0104 | | DEVOPS-ATTEST-73-001 | TODO | | SPRINT_503_ops_devops_i | DevOps Guild, Attestor Service Guild (ops/devops) | ops/devops | Provision CI pipelines for attestor service (lint/test/security scan, seed data) and manage secrets for KMS drivers. | — | DVDO0102 | | DEVOPS-ATTEST-73-002 | TODO | | SPRINT_503_ops_devops_i | DevOps Guild, KMS Guild (ops/devops) | ops/devops | Establish secure storage for signing keys (vault integration, rotation schedule) and audit logging. Dependencies: DEVOPS-ATTEST-73-001. | — | DVDO0102 | | DEVOPS-ATTEST-74-001 | TODO | | SPRINT_503_ops_devops_i | DevOps Guild, Transparency Guild (ops/devops) | ops/devops | Deploy transparency log witness infrastructure and monitoring. Dependencies: DEVOPS-ATTEST-73-002. | — | DVDO0102 | | DEVOPS-ATTEST-74-002 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild, Export Attestation Guild (ops/devops) | ops/devops | Integrate attestation bundle builds into release/offline pipelines with checksum verification. Dependencies: DEVOPS-ATTEST-74-001. | — | DVDO0102 | | DEVOPS-ATTEST-75-001 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild, Observability Guild (ops/devops) | ops/devops | Add dashboards/alerts for signing latency, verification failures, key rotation events. Dependencies: DEVOPS-ATTEST-74-002. | — | DVDO0102 | | DEVOPS-CLI-41-001 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild, DevEx/CLI Guild (ops/devops) | ops/devops | Establish CLI build pipeline (multi-platform binaries, SBOM, checksums), parity matrix CI enforcement, and release artifact signing. | — | DVDO0102 | | DEVOPS-CLI-42-001 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild (ops/devops) | ops/devops | Add CLI golden output tests, parity diff automation, pack run CI harness, and artifact cache for remote mode. Dependencies: DEVOPS-CLI-41-001. | — | DVDO0102 | | DEVOPS-CLI-43-002 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild, Task Runner Guild (ops/devops) | ops/devops | Implement Task Pack chaos smoke in CI (random failure injection, resume, sealed-mode toggle) and publish evidence bundles for review. Dependencies: DEVOPS-CLI-43-001. | — | DVDO0102 | | DEVOPS-CLI-43-003 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild, DevEx/CLI Guild (ops/devops) | ops/devops | Integrate CLI golden output/parity diff automation into release gating; export parity report artifact consumed by Console Downloads workspace. Dependencies: DEVOPS-CLI-43-002. | — | DVDO0102 | | DEVOPS-CONSOLE-23-001 | TODO | 2025-10-26 | SPRINT_504_ops_devops_ii | DevOps Guild · Console Guild | ops/devops | Add console CI workflow (pnpm cache, lint, type-check, unit, Storybook a11y, Playwright, Lighthouse) with offline runners and artifact retention for screenshots/reports. | Needs CCWO0101 API schema | DVDO0104 | | DEVOPS-CONSOLE-23-002 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild | ops/devops | Produce `stella-console` container build + Helm chart overlays with deterministic digests, SBOM/provenance artefacts, and offline bundle packaging scripts. Dependencies: DEVOPS-CONSOLE-23-001. | Depends on #2 | DVDO0104 | | DEVOPS-CONTAINERS-44-001 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild | ops/devops | Automate multi-arch image builds with buildx, SBOM generation, cosign signing, and signature verification in CI. | Wait for COWB0101 base image | DVDO0104 | | DEVOPS-CONTAINERS-45-001 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild | ops/devops | Add Compose and Helm smoke tests (fresh VM + kind cluster) to CI; publish test artifacts and logs. Dependencies: DEVOPS-CONTAINERS-44-001. | Depends on #4 | DVDO0104 | | DEVOPS-CONTAINERS-46-001 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild | ops/devops | Build air-gap bundle generator (`src/Tools/make-airgap-bundle.sh`), produce signed bundle, and verify in CI using private registry. Dependencies: DEVOPS-CONTAINERS-45-001. | Depends on #5 | DVDO0104 | | DEVOPS-DEVPORT-63-001 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild · DevPortal Guild | ops/devops | Automate developer portal build pipeline with caching, link & accessibility checks, performance budgets. | Wait for API schema from CCWO0101 | DVDO0105 | | DEVOPS-DEVPORT-64-001 | TODO | | SPRINT_504_ops_devops_ii | DevOps Guild | ops/devops | Schedule `devportal --offline` nightly builds with checksum validation and artifact retention policies. Dependencies: DEVOPS-DEVPORT-63-001. | Depends on #1 | DVDO0105 | | DEVOPS-DOCS-0001 | TODO | | SPRINT_318_docs_modules_devops | DevOps Docs Guild | docs/modules/devops | See ./AGENTS.md | Needs CCSL0101 console docs | DVDO0105 | | DEVOPS-ENG-0001 | TODO | | SPRINT_318_docs_modules_devops | DevOps Engineering Guild | docs/modules/devops | Update status via ./AGENTS.md workflow | Depends on #3 | DVDO0105 | | DEVOPS-EXPORT-35-001 | TODO | 2025-10-29 | SPRINT_504_ops_devops_ii | DevOps · Export Guild | ops/devops | Establish exporter CI pipeline (lint/test/perf smoke), configure object storage fixtures, seed Grafana dashboards, and document bootstrap steps. | Wait for DVPL0101 export deploy | DVDO0105 | | DEVOPS-EXPORT-36-001 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild | ops/devops | Integrate Trivy compatibility validation, cosign signature checks, `trivy module db import` smoke tests, OCI distribution verification, and throughput/error dashboards. Dependencies: DEVOPS-EXPORT-35-001. | Depends on #5 | DVDO0105 | | DEVOPS-EXPORT-37-001 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild | ops/devops | Finalize exporter monitoring (failure alerts, verify metrics, retention jobs) and chaos/latency tests ahead of GA. Dependencies: DEVOPS-EXPORT-36-001. | Depends on #6 | DVDO0105 | | DEVOPS-GRAPH-24-001 | TODO | | SPRINT_505_ops_devops_iii | DevOps · Graph Guild | ops/devops | Load test graph index/adjacency APIs with 40k-node assets; capture perf dashboards and alert thresholds. | Wait for CCGH0101 endpoint | DVDO0106 | | DEVOPS-GRAPH-24-002 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild | ops/devops | Integrate synthetic UI perf runs (Playwright/WebGL metrics) for Graph/Vuln explorers; fail builds on regression. Dependencies: DEVOPS-GRAPH-24-001. | Depends on #1 | DVDO0106 | | DEVOPS-GRAPH-24-003 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild | ops/devops | Implement smoke job for simulation endpoints ensuring we stay within SLA (<3s upgrade) and log results. Dependencies: DEVOPS-GRAPH-24-002. | Depends on #2 | DVDO0106 | | DEVOPS-LNM-22-001 | TODO | 2025-10-27 | SPRINT_505_ops_devops_iii | DevOps · Concelier Guild | ops/devops | Run migration/backfill pipelines for advisory observations/linksets in staging, validate counts/conflicts, and automate deployment steps. Awaiting storage backfill tooling. | Needs CCLN0102 API | DVDO0106 | | DEVOPS-LNM-22-002 | TODO | 2025-10-27 | SPRINT_505_ops_devops_iii | DevOps Guild | ops/devops | Execute VEX observation/linkset backfill with monitoring; ensure NATS/Redis events integrated; document ops runbook. Blocked until Excititor storage migration lands. Dependencies: DEVOPS-LNM-22-001. | Depends on #4 | DVDO0106 | | DEVOPS-LNM-22-003 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild | ops/devops | Add CI/monitoring coverage for new metrics (`advisory_observations_total`, `linksets_total`, etc.) and alerts on ingest-to-API SLA breaches. Dependencies: DEVOPS-LNM-22-002. | Depends on #5 | DVDO0106 | | DEVOPS-OAS-61-001 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild | ops/devops | Add CI stages for OpenAPI linting, validation, and compatibility diff; enforce gating on PRs. | Wait for CCWO0101 spec | DVDO0106 | | DEVOPS-OAS-61-002 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild | ops/devops | Integrate mock server + contract test suite into PR and nightly workflows; publish artifacts. Dependencies: DEVOPS-OAS-61-001. | Depends on #7 | DVDO0106 | | DEVOPS-OBS-51-001 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild · Observability Guild | ops/devops | Implement SLO evaluator service (burn rate calculators, webhook emitters), Grafana dashboards, and alert routing to Notifier. Provide Terraform/Helm automation. Dependencies: DEVOPS-OBS-50-002. | Wait for 045_DVDO0103 alert catalog | DVOB0101 | | DEVOPS-OBS-52-001 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild · Timeline Indexer Guild | ops/devops | Configure streaming pipeline (NATS/Redis/Kafka) with retention, partitioning, and backpressure tuning for timeline events; add CI validation of schema + rate caps. Dependencies: DEVOPS-OBS-51-001. | Needs #1 merged for shared correlation IDs | DVOB0101 | | DEVOPS-OBS-53-001 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild · Evidence Locker Guild | ops/devops | Provision object storage with WORM/retention options (S3 Object Lock / MinIO immutability), legal hold automation, and backup/restore scripts for evidence locker. Dependencies: DEVOPS-OBS-52-001. | Depends on DSSE API from 002_ATEL0101 | DVOB0101 | | DEVOPS-OBS-54-001 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild · Security Guild | ops/devops | Manage provenance signing infrastructure (KMS keys, rotation schedule, timestamp authority integration) and integrate verification jobs into CI. Dependencies: DEVOPS-OBS-53-001. | Requires security sign-off on cardinality budgets | DVOB0101 | | DEVOPS-OBS-55-001 | TODO | | SPRINT_506_ops_devops_iv | DevOps Guild · Ops Guild | ops/devops | Implement incident mode automation: feature flag service, auto-activation via SLO burn-rate, retention override management, and post-incident reset job. Dependencies: DEVOPS-OBS-54-001. | Relies on #4 to finalize alert dimensions | DVOB0101 | | DEVOPS-OFFLINE-17-004 | TODO | 2025-10-26 | SPRINT_508_ops_offline_kit | DevOps Offline Guild | ops/offline-kit | Execute `mirror_debug_store.py` after the next release pipeline emits `out/release/debug`, verify manifest hashes, and archive `metadata/debug-store.json` with the kit. | Wait for DVPL0101 compose | DVDO0107 | | DEVOPS-OFFLINE-34-006 | TODO | | SPRINT_508_ops_offline_kit | DevOps Guild | ops/offline-kit | Bundle orchestrator service container, worker SDK samples, Postgres snapshot, and dashboards into Offline Kit with manifest/signature updates. Dependencies: DEVOPS-OFFLINE-17-004. | Depends on #1 | DVDO0107 | | DEVOPS-OFFLINE-37-001 | TODO | | SPRINT_508_ops_offline_kit | DevOps Guild | ops/offline-kit | Export Center offline bundles + verification tooling (mirror artefacts, verification CLI, manifest/signature refresh, air-gap import script). Dependencies: DEVOPS-OFFLINE-34-006. | Needs RBRE hashes | DVDO0107 | | DEVOPS-OFFLINE-37-002 | TODO | | SPRINT_508_ops_offline_kit | DevOps Guild | ops/offline-kit | Notifier offline packs (sample configs, template/digest packs, dry-run harness) with integrity checks and operator docs. Dependencies: DEVOPS-OFFLINE-37-001. | Depends on #3 | DVDO0107 | | DEVOPS-OPENSSL-11-001 | TODO | 2025-11-06 | SPRINT_505_ops_devops_iii | Security + DevOps Guilds | ops/devops | Package the OpenSSL 1.1 shim (`tests/native/openssl-1.1/linux-x64`) into test harness output so Mongo2Go suites discover it automatically. | Wait for CRYO0101 artifacts | DVDO0107 | | DEVOPS-OPENSSL-11-002 | TODO | 2025-11-06 | SPRINT_505_ops_devops_iii | DevOps Guild | ops/devops | Ensure CI runners and Docker images that execute Mongo2Go tests export `LD_LIBRARY_PATH` (or embed the shim) to unblock unattended pipelines. Dependencies: DEVOPS-OPENSSL-11-001. | Depends on #5 | DVDO0107 | | DEVOPS-OPS-0001 | TODO | | SPRINT_318_docs_modules_devops | DevOps Ops Guild | docs/modules/devops | Sync outcomes back to ../.. | Depends on #1-6 | DVDO0107 | | DEVOPS-ORCH-32-001 | TODO | | SPRINT_506_ops_devops_iv | DevOps · Orchestrator Guild | ops/devops | Provision orchestrator Postgres/message-bus infrastructure, add CI smoke deploy, seed Grafana dashboards (queue depth, inflight jobs), and document bootstrap. | Wait for ORTR0102 API | DVDO0108 | | DEVOPS-ORCH-33-001 | TODO | | SPRINT_506_ops_devops_iv | DevOps Guild | ops/devops | Publish Grafana dashboards/alerts for rate limiter, backpressure, error clustering, and DLQ depth; integrate with on-call rotations. Dependencies: DEVOPS-ORCH-32-001. | Depends on #1 | DVDO0108 | | DEVOPS-ORCH-34-001 | TODO | | SPRINT_506_ops_devops_iv | DevOps Guild | ops/devops | Harden production monitoring (synthetic probes, burn-rate alerts, replay smoke), document incident response, and prep GA readiness checklist. Dependencies: DEVOPS-ORCH-33-001. | Depends on #2 | DVDO0108 | | DEVOPS-POLICY-27-001 | TODO | | SPRINT_506_ops_devops_iv | DevOps Guild · CLI Guild | ops/devops | Add CI pipeline stages to run `stella policy lint | Needs CLI lint output | DVDO0108 | | DEVOPS-POLICY-27-002 | TODO | | SPRINT_506_ops_devops_iv | DevOps Guild · Policy Registry Guild | ops/devops | Provide optional batch simulation CI job (staging inventory) that triggers Registry run, polls results, and posts markdown summary to PR; enforce drift thresholds. Dependencies: DEVOPS-POLICY-27-001. | Depends on 27-001 | DVDO0108 | | DEVOPS-POLICY-27-003 | TODO | | SPRINT_506_ops_devops_iv | DevOps Guild · Security Guild | ops/devops | Manage signing key material for policy publish pipeline (OIDC workload identity + cosign), rotate keys, and document verification steps; integrate attestation verification stage. Dependencies: DEVOPS-POLICY-27-002. | Needs 27-002 pipeline | DVDO0108 | | DEVOPS-POLICY-27-004 | TODO | | SPRINT_506_ops_devops_iv | DevOps Guild · Observability Guild | ops/devops | Create dashboards/alerts for policy compile latency, simulation queue depth, approval latency, and promotion outcomes; integrate with on-call playbooks. Dependencies: DEVOPS-POLICY-27-003. | Depends on 27-003 | DVDO0108 | | DEVOPS-REL-17-004 | TODO | 2025-10-26 | SPRINT_506_ops_devops_iv | DevOps Release Guild | ops/devops | Ensure release workflow publishes `out/release/debug` (build-id tree + manifest) and fails when symbols are missing. | Needs DVPL0101 release artifacts | DVDO0108 | | DEVOPS-RULES-33-001 | TODO | 2025-10-30 | SPRINT_506_ops_devops_iv | DevOps · Policy Guild | ops/devops | Contracts & Rules anchor:
• Gateway proxies only; Policy Engine composes overlays/simulations.
• AOC ingestion cannot merge; only lossless canonicalization.
• One graph platform: Graph Indexer + Graph API. Cartographer retired. | Wait for CCPR0101 policy logs | DVDO0109 | | DEVOPS-SCAN-90-004 | TODO | | SPRINT_505_ops_devops_iii | DevOps · Scanner Guild | ops/devops | Add a CI job that runs the scanner determinism harness against the release matrix (N runs per image), uploads `determinism.json`, and fails when score < threshold; publish artifact to release notes. Dependencies: SCAN-DETER-186-009/010. | Needs SCDT0101 fixtures | DVDO0109 | | DEVOPS-SDK-63-001 | TODO | | SPRINT_506_ops_devops_iv | DevOps · SDK Guild | ops/devops | Provision registry credentials, signing keys, and secure storage for SDK publishing pipelines. | Depends on #2 | DVDO0109 | | DEVOPS-SIG-26-001 | TODO | | SPRINT_506_ops_devops_iv | DevOps Guild · Signals Guild | ops/devops | Provision CI/CD pipelines, Helm/Compose manifests for Signals service, including artifact storage and Redis dependencies. | Wait for SGSI0101 metrics | DVDO0110 | | DEVOPS-SIG-26-002 | TODO | | SPRINT_506_ops_devops_iv | DevOps Guild | ops/devops | Create dashboards/alerts for reachability scoring latency, cache hit rates, sensor staleness. Dependencies: DEVOPS-SIG-26-001. | Depends on #1 | DVDO0110 | | DEVOPS-SYMS-90-005 | TODO | | SPRINT_505_ops_devops_iii | DevOps · Symbols Guild | ops/devops | Deploy Symbols.Server (Helm/Terraform), manage MinIO/Mongo storage, configure tenant RBAC/quotas, and wire ingestion CLI into release pipelines with monitoring and backups. Dependencies: SYMS-SERVER-401-011/013. | Needs RBSY0101 bundle | DVDO0110 | | DEVOPS-TEN-47-001 | TODO | | SPRINT_506_ops_devops_iv | DevOps · Policy Guild | ops/devops | Add JWKS cache monitoring, signature verification regression tests, and token expiration chaos tests to CI. | Wait for CCPR0101 policy | DVDO0110 | | DEVOPS-TEN-48-001 | TODO | | SPRINT_506_ops_devops_iv | DevOps Guild | ops/devops | Build integration tests to assert RLS enforcement, tenant-prefixed object storage, and audit event emission; set up lint to prevent raw SQL bypass. Dependencies: DEVOPS-TEN-47-001. | Depends on #4 | DVDO0110 | | DEVOPS-TEN-49-001 | TODO | | SPRINT_507_ops_devops_v | DevOps Guild | ops/devops | Deploy audit pipeline, scope usage metrics, JWKS outage chaos tests, and tenant load/perf benchmarks. Dependencies: DEVOPS-TEN-48-001. | Depends on #5 | DVDO0110 | | DEVOPS-VEX-30-001 | TODO | | SPRINT_507_ops_devops_v | DevOps Guild · VEX Lens Guild | ops/devops | Provision CI, load tests, dashboards, alerts for VEX Lens and Issuer Directory (compute latency, disputed totals, signature verification rates). | — | PLVL0103 | | DEVOPS-VULN-29-001 | TODO | | SPRINT_507_ops_devops_v | DevOps · Vuln Guild | ops/devops | Provision CI jobs for ledger projector (replay, determinism), set up backups, monitor Merkle anchoring, and automate verification. | Needs DVPL0101 deploy | DVDO0110 | | DEVOPS-VULN-29-002 | TODO | | SPRINT_507_ops_devops_v | DevOps Guild | ops/devops | Configure load/perf tests (5M findings/tenant), query budget enforcement, API SLO dashboards, and alerts for `vuln_list_latency` and `projection_lag`. Dependencies: DEVOPS-VULN-29-001. | Depends on #7 | DVDO0110 | | DEVOPS-VULN-29-003 | TODO | | SPRINT_507_ops_devops_v | DevOps Guild | ops/devops | Instrument analytics pipeline for Vuln Explorer (telemetry ingestion, query hashes), ensure compliance with privacy/PII guardrails, and update observability docs. Dependencies: DEVOPS-VULN-29-002. | Depends on #8 | DVDO0110 | | DEVPORT-62-001 | TODO | | SPRINT_206_devportal | DevPortal Guild | src/DevPortal/StellaOps.DevPortal.Site | Select static site generator, integrate aggregate spec, build navigation + search scaffolding. | 62-001 | DEVL0101 | | DEVPORT-62-002 | TODO | | SPRINT_206_devportal | DevPortal Guild | src/DevPortal/StellaOps.DevPortal.Site | Implement schema viewer, example rendering, copy-curl snippets, and version selector UI. Dependencies: DEVPORT-62-001. | DEVPORT-62-001 | DEVL0101 | | DEVPORT-63-001 | TODO | | SPRINT_206_devportal | DevPortal Guild | src/DevPortal/StellaOps.DevPortal.Site | Add Try-It console pointing at sandbox environment with token onboarding and scope info. Dependencies: DEVPORT-62-002. | 63-001 | DEVL0101 | | DEVPORT-63-002 | TODO | | SPRINT_206_devportal | DevPortal Guild | src/DevPortal/StellaOps.DevPortal.Site | Embed language-specific SDK snippets and quick starts generated from tested examples. Dependencies: DEVPORT-63-001. | DEVPORT-63-001 | DEVL0101 | | DEVPORT-64-001 | TODO | | SPRINT_206_devportal | DevPortal Guild | src/DevPortal/StellaOps.DevPortal.Site | Provide offline build target bundling HTML, specs, SDK archives; ensure no external assets. Dependencies: DEVPORT-63-002. | 64-001 | DEVL0101 | | DEVPORT-64-002 | TODO | | SPRINT_206_devportal | Developer Portal Guild (src/DevPortal/StellaOps.DevPortal.Site) | src/DevPortal/StellaOps.DevPortal.Site | Add automated accessibility tests, link checker, and performance budgets. Dependencies: DEVPORT-64-001. | | DEVL0102 | | DOC-008 | TODO | | SPRINT_401_reachability_evidence_chain | Docs Guild · Reachability Guild | `docs/reachability/function-level-evidence.md`, `docs/09_API_CLI_REFERENCE.md`, `docs/api/policy.md` | Wait for replay evidence from 100_RBBN0101 | Wait for replay evidence from 100_RBBN0101 | DORC0101 | | DOC-70-001 | DONE | | SPRINT_170_notifications_telemetry | Docs Guild · Notifications Guild | docs | Gather notification doc references | Validate existing notifications doc and migrate notes | DOCP0101 | | DOCKER-44-001 | TODO | | SPRINT_507_ops_devops_v | DevOps Guild · Service Owners | ops/devops | Author multi-stage Dockerfiles for all core services (API, Console, Orchestrator, Task Runner, Conseiller, Excitor, Policy, Notify, Export, AI) with non-root users, read-only file systems, and health scripts. | Wait for DVPL0101 compose merge | DVDO0111 | | DOCKER-44-002 | TODO | | SPRINT_507_ops_devops_v | DevOps Guild | ops/devops | Generate SBOMs and cosign attestations for each image and integrate verification into CI. Dependencies: DOCKER-44-001. | Depends on #1 | DVDO0111 | | DOCKER-44-003 | TODO | | SPRINT_507_ops_devops_v | DevOps Guild | ops/devops | Implement `/health/liveness`, `/health/readiness`, `/version`, `/metrics`, and ensure capability endpoint returns `merge=false` for Conseiller/Excitor. Dependencies: DOCKER-44-002. | Requires SBOM+scan workflow from 137_SCDT0101 | DVDO0111 | | DOCS-0001 | DONE | 2025-11-05 | SPRINT_313_docs_modules_attestor | Docs Guild | docs/modules/attestor | Confirm attestor module doc publication | Confirm attestor module doc scope | DOCP0101 | | DOCS-0002 | TODO | 2025-11-05 | SPRINT_321_docs_modules_graph | Docs Guild (docs/modules/graph) | docs/modules/graph | — | — | DOCL0102 | | DOCS-0003 | TODO | | SPRINT_327_docs_modules_scanner | Docs Guild, Product Guild (docs/modules/scanner) | docs/modules/scanner | — | — | DOCL0102 | | DOCS-401-008 | TODO | | SPRINT_401_reachability_evidence_chain | QA & Docs Guilds (`docs`, `tests/README.md`) | `docs`, `tests/README.md` | — | — | DOCL0102 | | DOCS-401-022 | TODO | | SPRINT_401_reachability_evidence_chain | Docs Guild · Attestor Guild (`docs/ci/dsse-build-flow.md`, `docs/modules/attestor/architecture.md`) | `docs/ci/dsse-build-flow.md`, `docs/modules/attestor/architecture.md` | — | — | DOCL0102 | | DOCS-AIAI-31-004 | DOING | | SPRINT_110_ingestion_evidence | Docs Guild · Console Guild | | Guardrail console doc drafted; screenshots + SBOM evidence pending. | CONSOLE-VULN-29-001; CONSOLE-VEX-30-001; SBOM-AIAI-31-001 | DOAI0102 | | DOCS-AIAI-31-005 | BLOCKED | | SPRINT_110_ingestion_evidence | Docs Guild | | CLI/policy/ops docs paused pending upstream artefacts. | DOCS-AIAI-31-004; CLI-VULN-29-001; CLI-VEX-30-001; POLICY-ENGINE-31-001; DEVOPS-AIAI-31-001 | DOAI0102 | | DOCS-AIAI-31-006 | TODO | 2025-11-13 | SPRINT_111_advisoryai | Docs Guild · Advisory AI Guild | docs/modules/advisory-ai | `/docs/policy/assistant-parameters.md` now documents inference modes, guardrail phrases, budgets, and cache/queue knobs (POLICY-ENGINE-31-001 inputs captured via `AdvisoryAiServiceOptions`). | Need latest telemetry outputs from ADAI0101 | DOAI0104 | | DOCS-AIAI-31-008 | BLOCKED | | SPRINT_110_ingestion_evidence | Docs Guild | | DOCS-AIAI-31-004; CLI-VULN-29-001; CLI-VEX-30-001; POLICY-ENGINE-31-001; DEVOPS-AIAI-31-001 | DOCS-AIAI-31-004; CLI-VULN-29-001; CLI-VEX-30-001; POLICY-ENGINE-31-001; DEVOPS-AIAI-31-001 | DOAI0102 | | DOCS-AIAI-31-009 | BLOCKED | | SPRINT_110_ingestion_evidence | Docs Guild | | DOCS-AIAI-31-004; CLI-VULN-29-001; CLI-VEX-30-001; POLICY-ENGINE-31-001; DEVOPS-AIAI-31-001 | DOCS-AIAI-31-004; CLI-VULN-29-001; CLI-VEX-30-001; POLICY-ENGINE-31-001; DEVOPS-AIAI-31-001 | DOAI0102 | | DOCS-AIRGAP-56-001 | TODO | | SPRINT_301_docs_tasks_md_i | Docs Guild · AirGap Controller Guild | | `/docs/airgap/overview.md` outlining modes, lifecycle, responsibilities, rule banner. | — | DOAI0102 | | DOCS-AIRGAP-56-002 | TODO | | SPRINT_301_docs_tasks_md_i | Docs Guild · DevOps Guild | | `/docs/airgap/sealing-and-egress.md` (network policies, EgressPolicy facade, verification). | DOCS-AIRGAP-56-001 | DOAI0102 | | DOCS-AIRGAP-56-003 | TODO | | SPRINT_301_docs_tasks_md_i | Docs Guild · Exporter Guild | bundle format, DSSE/TUF/Merkle validation, workflows | `/docs/airgap/mirror-bundles.md` (bundle format, DSSE/TUF/Merkle validation, workflows). | DOCS-AIRGAP-56-002 | DOAI0102 | | DOCS-AIRGAP-56-004 | TODO | | SPRINT_301_docs_tasks_md_i | Docs Guild · Deployment Guild | | `/docs/airgap/bootstrap.md` covering Bootstrap Pack creation + install. | DOCS-AIRGAP-56-003 | DOAI0102 | | DOCS-AIRGAP-57-001 | TODO | | SPRINT_301_docs_tasks_md_i | Docs Guild · AirGap Time Guild | docs/modules/airgap | `/docs/airgap/staleness-and-time.md` (time anchors, drift, UI indicators). | DOCS-AIRGAP-56-004 | DOAI0102 | | DOCS-AIRGAP-57-002 | TODO | | SPRINT_301_docs_tasks_md_i | Docs Guild · Console Guild | docs/modules/airgap | `/docs/console/airgap.md` (sealed badge, import wizard, staleness dashboards). | DOCS-AIRGAP-57-001 | DOAI0102 | | DOCS-AIRGAP-57-003 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild · CLI Guild | docs/modules/airgap | Publish `/docs/modules/cli/guides/airgap.md` documenting commands, examples, exit codes. Dependencies: DOCS-AIRGAP-57-002. | AIDG0101 tasks 3–4 | DOCL0102 | | DOCS-AIRGAP-57-004 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild · Ops Guild | docs/modules/airgap | Create `/docs/airgap/operations.md` with runbooks for imports, failure recovery, and auditing. Dependencies: DOCS-AIRGAP-57-003. | DOCS-AIRGAP-57-003 | DOCL0102 | | DOCS-AIRGAP-58-001 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild, Product Guild (docs) | | Provide `/docs/airgap/degradation-matrix.md` enumerating feature availability, fallbacks, remediation. Dependencies: DOCS-AIRGAP-57-004. | — | DOCL0102 | | DOCS-AIRGAP-58-002 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild, Security Guild (docs) | | Update `/docs/security/trust-and-signing.md` with DSSE/TUF roots, rotation, and signed time tokens. Dependencies: DOCS-AIRGAP-58-001. | — | DOCL0102 | | DOCS-AIRGAP-58-003 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild · DevEx Guild | docs/modules/airgap | Publish `/docs/dev/airgap-contracts.md` describing EgressPolicy usage, sealed-mode tests, linting. Dependencies: DOCS-AIRGAP-58-002. | Need DevEx CLI samples from CLCI0109 | DOAG0101 | | DOCS-AIRGAP-58-004 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild · Evidence Locker Guild | docs/modules/airgap | Document `/docs/airgap/portable-evidence.md` for exporting/importing portable evidence bundles across enclaves. Dependencies: DOCS-AIRGAP-58-003. | Requires Evidence Locker attestation notes from 002_ATEL0101 | DOAG0101 | | DOCS-AIRGAP-DEVPORT-64-001 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild · DevPortal Offline Guild | docs/modules/export-center/devportal-offline.md | Create `/docs/airgap/devportal-offline.md` describing offline bundle usage and verification. | Requires #3 draft | DEVL0102 | | DOCS-ATTEST-73-001 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild, Attestor Service Guild (docs) | | Publish `/docs/modules/attestor/overview.md` with imposed rule banner. | — | DOAT0101 | | DOCS-ATTEST-73-002 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild, Attestation Payloads Guild (docs) | | Write `/docs/modules/attestor/payloads.md` with schemas/examples. Dependencies: DOCS-ATTEST-73-001. | — | DOAT0101 | | DOCS-ATTEST-73-003 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild, Policy Guild (docs) | | Publish `/docs/modules/attestor/policies.md` covering verification policies. Dependencies: DOCS-ATTEST-73-002. | — | DOAT0101 | | DOCS-ATTEST-73-004 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild, Attestor Service Guild (docs) | | Add `/docs/modules/attestor/workflows.md` detailing ingest, verify, bulk operations. Dependencies: DOCS-ATTEST-73-003. | — | DOAT0101 | | DOCS-ATTEST-74-001 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild, KMS Guild (docs) | | Publish `/docs/modules/attestor/keys-and-issuers.md`. Dependencies: DOCS-ATTEST-73-004. | — | DOAT0101 | | DOCS-ATTEST-74-002 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild, Transparency Guild (docs) | | Document `/docs/modules/attestor/transparency.md` with witness usage/offline validation. Dependencies: DOCS-ATTEST-74-001. | — | DOAT0101 | | DOCS-ATTEST-74-003 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild, Attestor Console Guild (docs) | | Write `/docs/console/attestor-ui.md` with screenshots/workflows. Dependencies: DOCS-ATTEST-74-002. | — | DOAT0101 | | DOCS-ATTEST-74-004 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild, CLI Attestor Guild (docs) | | Publish `/docs/modules/cli/guides/attest.md` covering CLI usage. Dependencies: DOCS-ATTEST-74-003. | — | DOAT0101 | | DOCS-ATTEST-75-001 | TODO | | SPRINT_303_docs_tasks_md_iii | Docs Guild, Export Attestation Guild (docs) | | Add `/docs/modules/attestor/airgap.md` for attestation bundles. Dependencies: DOCS-ATTEST-74-004. | — | DOAT0101 | | DOCS-ATTEST-75-002 | TODO | | SPRINT_303_docs_tasks_md_iii | Docs Guild, Security Guild (docs) | | Update `/docs/security/aoc-invariants.md` with attestation invariants. Dependencies: DOCS-ATTEST-75-001. | — | DOAT0101 | | DOCS-CLI-41-001 | TODO | | SPRINT_303_docs_tasks_md_iii | Docs Guild, DevEx/CLI Guild (docs) | | Publish `/docs/modules/cli/guides/overview.md`, `/docs/modules/cli/guides/configuration.md`, `/docs/modules/cli/guides/output-and-exit-codes.md` with imposed rule statements. | — | DOCL0101 | | DOCS-CLI-42-001 | TODO | | SPRINT_303_docs_tasks_md_iii | Docs Guild (docs) | | Publish `/docs/modules/cli/guides/parity-matrix.md` and command guides under `/docs/modules/cli/guides/commands/*.md` (policy, sbom, vuln, vex, advisory, export, orchestrator, notify, aoc, auth). Dependencies: DOCS-CLI-41-001. | — | DOCL0101 | | DOCS-CLI-DET-01 | TODO | | SPRINT_301_docs_tasks_md_i | Docs Guild · DevEx/CLI Guild | | Document `stella sbomer` verbs (`layer`, `compose`, `drift`, `verify`) with examples & offline instructions. | CLI-SBOM-60-001; CLI-SBOM-60-002 | DOCL0101 | | DOCS-CLI-FORENSICS-53-001 | TODO | | SPRINT_303_docs_tasks_md_iii | Docs Guild, DevEx/CLI Guild (docs) | | Publish `/docs/modules/cli/guides/forensics.md` for snapshot/verify/attest commands with sample outputs, imposed rule banner, and offline workflows. | — | DOCL0101 | | DOCS-CLI-OBS-52-001 | TODO | | SPRINT_303_docs_tasks_md_iii | Docs Guild, DevEx/CLI Guild (docs) | | Create `/docs/modules/cli/guides/observability.md` detailing `stella obs` commands, examples, exit codes, imposed rule banner, and scripting tips. | — | DOCL0101 | | DOCS-CONSOLE-OBS-52-001 | TODO | | SPRINT_303_docs_tasks_md_iii | Docs Guild, Console Guild (docs) | | Document `/docs/console/observability.md` showcasing Observability Hub widgets, trace/log search, imposed rule banner, and accessibility tips. | — | DOCL0101 | | DOCS-CONSOLE-OBS-52-002 | TODO | | SPRINT_303_docs_tasks_md_iii | Docs Guild, Console Guild (docs) | | Publish `/docs/console/forensics.md` covering timeline explorer, evidence viewer, attestation verifier, imposed rule banner, and troubleshooting. Dependencies: DOCS-CONSOLE-OBS-52-001. | — | DOCL0101 | | DOCS-CONTRIB-62-001 | TODO | | SPRINT_303_docs_tasks_md_iii | Docs Guild, API Governance Guild (docs) | | Publish `/docs/contributing/api-contracts.md` detailing how to edit OAS, lint rules, compatibility checks. | — | DOCL0101 | | DOCS-DETER-70-002 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Scanner Guild | docs/modules/scanner/determinism.md | Document the scanner determinism score process (`determinism.json` schema, CI harness, replay instructions) under `/docs/modules/scanner/determinism-score.md` and add a release-notes template entry. Dependencies: SCAN-DETER-186-010, DEVOPS-SCAN-90-004. | Need deterministic suite notes from 137_SCDT0101 | DOSC0101 | | DOCS-DEVPORT-62-001 | TODO | | SPRINT_303_docs_tasks_md_iii | Docs Guild, Developer Portal Guild (docs) | | Document `/docs/devportal/publishing.md` for build pipeline, offline bundle steps. | — | DOCL0101 | | DOCS-DSL-401-005 | TODO | | SPRINT_401_reachability_evidence_chain | Docs Guild (`docs/policy/dsl.md`, `docs/policy/lifecycle.md`) | `docs/policy/dsl.md`, `docs/policy/lifecycle.md` | Refresh `docs/policy/dsl.md` + lifecycle docs with the new syntax, signal dictionary (`trust_score`, `reachability`, etc.), authoring workflow, and safety rails (shadow mode, coverage tests). | — | DOCL0101 | | DOCS-ENTROPY-70-004 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Scanner Guild | docs/modules/scanner/determinism.md | Publish entropy analysis documentation (scoring heuristics, JSON schemas, policy hooks, UI guidance) under `docs/modules/scanner/entropy.md` and update trust-lattice references. Dependencies: SCAN-ENTROPY-186-011/012, POLICY-RISK-90-001. | Requires entropy guardrails from 078_SCSA0301 | DOSC0101 | | DOCS-EXC-25-001 | TODO | | SPRINT_303_docs_tasks_md_iii | Docs Guild | docs/modules/excititor | Author `/docs/governance/exceptions.md` covering lifecycle, scope patterns, examples, compliance checklist. | CLEX0101 outputs | DOEX0102 | | DOCS-EXC-25-002 | TODO | | SPRINT_303_docs_tasks_md_iii | Docs Guild | docs/modules/excititor | Publish `/docs/governance/approvals-and-routing.md` detailing roles, routing matrix, MFA rules, audit trails. Dependencies: DOCS-EXC-25-001. | CLEX0101 | DOEX0102 | | DOCS-EXC-25-003 | TODO | | SPRINT_303_docs_tasks_md_iii | Docs Guild | docs/modules/excititor | Create `/docs/api/exceptions.md` with endpoints, payloads, errors, idempotency notes. Dependencies: DOCS-EXC-25-002. | UIEX0101 | DOEX0102 | | DOCS-EXC-25-005 | TODO | | SPRINT_303_docs_tasks_md_iii | Docs + Accessibility Guilds | docs/modules/excititor | Write `/docs/ui/exception-center.md` with UI walkthrough, badges, accessibility, shortcuts. Dependencies: DOCS-EXC-25-003. | UIEX0101 | DOEX0102 | | DOCS-EXC-25-006 | TODO | | SPRINT_303_docs_tasks_md_iii | Docs Guild | docs/modules/excititor | Update `/docs/modules/cli/guides/exceptions.md` covering command usage and exit codes. Dependencies: DOCS-EXC-25-005. | CLEX0101 | DOEX0102 | | DOCS-EXC-25-007 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · DevOps Guild | docs/modules/excititor | Publish `/docs/migration/exception-governance.md` describing cutover from legacy suppressions, notifications, rollback. Dependencies: DOCS-EXC-25-006. | UIEX0101 & Ops runbooks | DOEX0102 | | DOCS-EXPORT-37-004 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Export Center Guild | docs/modules/export-center | Publish `/docs/security/export-hardening.md` outlining RBAC, tenancy, encryption, redaction, restating imposed rule. | Wait for ATMI0102 orchestration notes | DOEC0102 | | DOCS-EXPORT-37-005 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Export Center Guild | docs/modules/export-center | Validate Export Center docs against live Trivy/mirror bundles once implementation lands; refresh examples and CLI snippets accordingly. Dependencies: DOCS-EXPORT-37-004. | Needs AGDP0101 manifest schema | DOEC0102 | | DOCS-EXPORT-37-101 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · DevOps Guild | docs/modules/export-center | Refresh CLI verification sections once `stella export verify` lands (flags, exit codes, samples). Dependencies: DOCS-EXPORT-37-005. | Depends on DVDO0105 deployment guide | DOEC0102 | | DOCS-EXPORT-37-102 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Evidence Locker Guild | docs/modules/export-center | Embed export dashboards/alerts references into provenance/runbook docs after Grafana work ships. Dependencies: DOCS-EXPORT-37-101. | Requires ATEL0102 attestation feed | DOEC0102 | | DOCS-FORENSICS-53-001 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Evidence Locker Guild | docs/modules/evidence-locker/forensics.md | Publish `/docs/forensics/evidence-locker.md` describing bundle formats, WORM options, retention, legal hold, and imposed rule banner. | Need DSSE digest notes from 002_ATEL0101 | DOEL0101 | | DOCS-FORENSICS-53-002 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Provenance Guild | docs/modules/evidence-locker/forensics.md | Release `/docs/forensics/provenance-attestation.md` covering DSSE schema, signing process, verification workflow, and imposed rule banner. Dependencies: DOCS-FORENSICS-53-001. | Waiting on provenance recorder sample (104_RBRE0101) | DOEL0101 | | DOCS-FORENSICS-53-003 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Timeline Indexer Guild | docs/modules/evidence-locker/forensics.md | Publish `/docs/forensics/timeline.md` with schema, event kinds, filters, query examples, and imposed rule banner. Dependencies: DOCS-FORENSICS-53-002. | Requires timeline indexer export from 055_AGIM0101 | DOEL0101 | | DOCS-GRAPH-24-001 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Graph Guild | docs/modules/graph | Author `/docs/ui/sbom-graph-explorer.md` detailing overlays, filters, saved views, accessibility, and AOC visibility. | Wait for GRAP0101 contract freeze | DOGR0101 | | DOCS-GRAPH-24-002 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · UI Guild | docs/modules/graph | Publish `/docs/ui/vulnerability-explorer.md` covering table usage, grouping, fix suggestions, Why drawer. Dependencies: DOCS-GRAPH-24-001. | Needs SBOM/VEX dataflow confirmation (PLLG0104) | DOGR0101 | | DOCS-GRAPH-24-003 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · SBOM Guild | docs/modules/graph | Create `/docs/modules/graph/architecture-index.md` describing data model, ingestion pipeline, caches, events. Dependencies: DOCS-GRAPH-24-002. | Blocked on SBOM join spec from CARTO-GRAPH-21-002 | DOGR0101 | | DOCS-GRAPH-24-004 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · BE-Base Guild | docs/modules/graph | Document `/docs/api/graph.md` and `/docs/api/vuln.md` avec endpoints, parameters, errors, RBAC. Dependencies: DOCS-GRAPH-24-003. | Require replay hooks from RBBN0101 | DOGR0101 | | DOCS-GRAPH-24-005 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · DevEx/CLI Guild | docs/modules/graph | Update `/docs/modules/cli/guides/graph-and-vuln.md` covering new CLI commands, exit codes, scripting. Dependencies: DOCS-GRAPH-24-004. | Wait for CLI samples from CLCI0109 | DOGR0101 | | DOCS-GRAPH-24-006 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Policy Guild | docs/modules/graph | Write `/docs/policy/ui-integration.md` explaining overlays, cache usage, simulator contracts. Dependencies: DOCS-GRAPH-24-005. | Needs policy outputs from PLVL0102 | DOGR0101 | | DOCS-GRAPH-24-007 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · DevOps Guild | docs/modules/graph | Produce `/docs/migration/graph-parity.md` with rollout plan, parity checks, fallback guidance. Dependencies: DOCS-GRAPH-24-006. | Depends on DVDO0108 deployment notes | DOGR0101 | | DOCS-INSTALL-44-001 | TODO | | SPRINT_305_docs_tasks_md_v | Docs Guild · Deployment Guild | docs/install | Publish `/docs/install/overview.md` and `/docs/install/compose-quickstart.md` with imposed rule line and copy-ready commands. | Need DVPL0101 compose schema | DOIS0101 | | DOCS-INSTALL-45-001 | TODO | | SPRINT_305_docs_tasks_md_v | Docs Guild · Deployment Guild | docs/install | Publish `/docs/install/helm-prod.md` and `/docs/install/configuration-reference.md` with values tables and imposed rule reminder. Dependencies: DOCS-INSTALL-44-001. | Wait for updated TLS guidance from 127_SIGR0101 | DOIS0101 | | DOCS-INSTALL-46-001 | TODO | | SPRINT_305_docs_tasks_md_v | Docs Guild · Deployment Guild | docs/install | Publish `/docs/install/airgap.md`, `/docs/security/supply-chain.md`, `/docs/operations/health-and-readiness.md`, `/docs/release/image-catalog.md`, `/docs/console/onboarding.md` (each with imposed rule). Dependencies: DOCS-INSTALL-45-001. | Depends on 126_RLRC0101 replay hooks | DOIS0101 | | DOCS-INSTALL-50-001 | TODO | | SPRINT_305_docs_tasks_md_v | Docs Guild · DevOps Guild | docs/install | Add `/docs/install/telemetry-stack.md` with collector deployment, exporter options, offline kit notes, and imposed rule banner. Dependencies: DOCS-INSTALL-46-001. | Requires DevOps offline validation (DVDO0107) | DOIS0101 | | DOCS-LNM-22-001 | BLOCKED | 2025-10-27 | SPRINT_305_docs_tasks_md_v | Docs Guild · Concelier Guild | docs/modules/concelier/link-not-merge.md | Author `/docs/advisories/aggregation.md` covering observation vs linkset, conflict handling, AOC requirements, and reviewer checklist. | Need final schema text from 005_ATLN0101 | DOLN0101 | | DOCS-LNM-22-002 | BLOCKED | 2025-10-27 | SPRINT_305_docs_tasks_md_v | Docs Guild · Excititor Guild | docs/modules/concelier/link-not-merge.md | Publish `/docs/vex/aggregation.md` describing VEX observation/linkset model, product matching, conflicts. Dependencies: DOCS-LNM-22-001. | Waiting on Excititor overlay notes | DOLN0101 | | DOCS-LNM-22-003 | BLOCKED | 2025-10-27 | SPRINT_305_docs_tasks_md_v | Docs Guild · BE-Base Guild | docs/modules/concelier/link-not-merge.md | Update `/docs/api/advisories.md` and `/docs/api/vex.md` for new endpoints, parameters, errors, exports. Dependencies: DOCS-LNM-22-002. | Replay hook contract from RBBN0101 | DOLN0101 | | DOCS-LNM-22-004 | TODO | | SPRINT_305_docs_tasks_md_v | Docs Guild · Policy Guild | docs/modules/concelier/link-not-merge.md | Create `/docs/policy/effective-severity.md` detailing severity selection strategies from multiple sources. Dependencies: DOCS-LNM-22-003. | Requires policy binding from PLVL0102 | DOLN0101 | | DOCS-LNM-22-005 | BLOCKED | 2025-10-27 | SPRINT_305_docs_tasks_md_v | Docs Guild · UI Guild | docs/modules/concelier/link-not-merge.md | Document `/docs/ui/evidence-panel.md` with screenshots, conflict badges, accessibility guidance. Dependencies: DOCS-LNM-22-004. | UI signals from 124_CCSL0101 | DOLN0101 | | DOCS-LNM-22-007 | TODO | | SPRINT_305_docs_tasks_md_v | Docs Guild · Observability Guild | docs/modules/concelier/link-not-merge.md | Publish `/docs/observability/aggregation.md` with metrics/traces/logs/SLOs. Dependencies: DOCS-LNM-22-005. | Observability wiring from 066_PLOB0101 | DOLN0101 | | DOCS-LNM-22-008 | DONE (2025-11-03) | 2025-11-03 | SPRINT_117_concelier_vi | Docs Guild · DevOps Guild | docs/modules/concelier/link-not-merge.md | Documented Link-Not-Merge migration plan in `docs/migration/no-merge.md`; keep synced with ongoing tasks. | Needs retrospective summary | DOLN0101 | | DOCS-NOTIFY-40-001 | TODO | | SPRINT_305_docs_tasks_md_v | Docs Guild · Security Guild | docs/modules/notify | Publish `/docs/notifications/channels.md`, `/docs/notifications/escalations.md`, `/docs/notifications/api.md`, `/docs/operations/notifier-runbook.md`, `/docs/security/notifications-hardening.md`; each ends with imposed rule line. | Need tenancy + throttling updates from DVDO0110 | DONO0101 | | DOCS-OAS-61-001 | TODO | | SPRINT_305_docs_tasks_md_v | Docs Guild · API Contracts Guild | docs/api/oas | Publish `/docs/api/overview.md` covering auth, tenancy, pagination, idempotency, rate limits with banner. | Need governance decisions from 049_APIG0101 | DOOA0101 | | DOCS-OAS-61-002 | TODO | | SPRINT_305_docs_tasks_md_v | Docs Guild · API Governance Guild | docs/api/oas | Author `/docs/api/conventions.md` capturing naming, errors, filters, sorting, examples. Dependencies: DOCS-OAS-61-001. | Requires review board inputs (APIG0101) | DOOA0101 | | DOCS-OAS-61-003 | TODO | | SPRINT_305_docs_tasks_md_v | Docs Guild · API Governance Guild | docs/api/oas | Publish `/docs/api/versioning.md` describing SemVer, deprecation headers, migration playbooks. Dependencies: DOCS-OAS-61-002. | Waiting on lint/tooling export from DVDO0108 | DOOA0101 | | DOCS-OAS-62-001 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild · DevPortal Guild | docs/api/oas | Stand up `/docs/api/reference/` auto-generated site; integrate with portal nav. Dependencies: DOCS-OAS-61-003. | Needs DevPortal publishing hooks (050_DEVL0101) | DOOA0101 | | DOCS-OBS-50-002 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild · Security Guild | docs/observability | Author `/docs/observability/telemetry-standards.md` detailing common fields, scrubbing policy, sampling defaults, and redaction override procedure. | Need console metric list from 059_CNOB0101 | DOOB0101 | | DOCS-OBS-50-003 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild · Observability Guild | docs/observability | Create `/docs/observability/logging.md` covering structured log schema, dos/don'ts, tenant isolation, and copyable examples. Dependencies: DOCS-OBS-50-002. | Waiting on observability ADR from 066_PLOB0101 | DOOB0101 | | DOCS-OBS-50-004 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild · Observability Guild | docs/observability | Draft `/docs/observability/tracing.md` explaining context propagation, async linking, CLI header usage, and sampling strategies. Dependencies: DOCS-OBS-50-003. | Requires CNOB dashboards export | DOOB0101 | | DOCS-OBS-51-001 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild · DevOps Guild | docs/observability | Publish `/docs/observability/metrics-and-slos.md` cataloging metrics, SLO targets, burn rate policies, and alert runbooks. Dependencies: DOCS-OBS-50-004. | Needs DVOB runbook updates | DOOB0101 | | DOCS-ORCH-32-001 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild · Orchestrator Guild | docs/modules/orchestrator | Author `/docs/orchestrator/overview.md` covering mission, roles, AOC alignment, governance, with imposed rule reminder. | Need taskrunner lease ADR from 043_ORTR0101 | DOOR0102 | | DOCS-ORCH-32-002 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild · Orchestrator Guild | docs/modules/orchestrator | Author `/docs/orchestrator/architecture.md` detailing scheduler, DAGs, rate limits, data model, message bus, storage layout, restating imposed rule. Dependencies: DOCS-ORCH-32-001. | Depends on ORTR0102 health hooks | DOOR0102 | | DOCS-ORCH-33-001 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild · Scheduler Guild | docs/modules/orchestrator | Publish `/docs/orchestrator/api.md` (REST/WebSocket endpoints, payloads, error codes) with imposed rule note. Dependencies: DOCS-ORCH-32-002. | Requires scheduler integration outline | DOOR0102 | | DOCS-ORCH-33-002 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild · DevEx/CLI Guild | docs/modules/orchestrator | Publish `/docs/orchestrator/console.md` covering screens, a11y, live updates, control actions, reiterating imposed rule. Dependencies: DOCS-ORCH-33-001. | Wait for CLI samples from 132_CLCI0110 | DOOR0102 | | DOCS-ORCH-33-003 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild · Export Center Guild | docs/modules/orchestrator | Publish `/docs/orchestrator/cli.md` documenting commands, options, exit codes, streaming output, offline usage, and imposed rule. Dependencies: DOCS-ORCH-33-002. | Needs Export Center hooks from 069_AGEX0101 | DOOR0102 | | DOCS-ORCH-34-001 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild (docs) | | Author `/docs/orchestrator/run-ledger.md` covering ledger schema, provenance chain, audit workflows, with imposed rule reminder. Dependencies: DOCS-ORCH-33-003. | — | DOCL0102 | | DOCS-ORCH-34-002 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild (docs) | | Update `/docs/security/secrets-handling.md` for orchestrator KMS refs, redaction badges, operator hygiene, reiterating imposed rule. Dependencies: DOCS-ORCH-34-001. | — | DOCL0102 | | DOCS-ORCH-34-003 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild · DevOps Guild | docs/modules/orchestrator | Publish `/docs/operations/orchestrator-runbook.md` (incident playbook, backfill guide, circuit breakers, throttling) with imposed rule statement. Dependencies: DOCS-ORCH-34-002. | Requires ops checklist from DVDO0108 | DOOR0102 | | DOCS-ORCH-34-004 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild · Observability Guild | docs/modules/orchestrator | Document `/docs/schemas/artifacts.md` describing artifact kinds, schema versions, hashing, storage layout, restating imposed rule. Dependencies: DOCS-ORCH-34-003. | Wait for observability dashboards (063_OROB0101) | DOOR0102 | | DOCS-ORCH-34-005 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild · BE-Base Guild | docs/modules/orchestrator | Author `/docs/slo/orchestrator-slo.md` defining SLOs, burn alerts, measurement, and reiterating imposed rule. Dependencies: DOCS-ORCH-34-004. | Needs replay linkage from 042_RPRC0101 | DOOR0102 | | | DOPL0103 | | | | | | | | | DOCS-POLICY-23-002 | TODO | | SPRINT_307_docs_tasks_md_vii | Docs Guild | docs/policy/lifecycle.md | Write `/docs/policy/spl-v1.md` (language reference, JSON Schema, examples). Dependencies: DOCS-POLICY-23-001. | DOCS-POLICY-23-001 | DOPL0103 | | DOCS-POLICY-23-003 | TODO | | SPRINT_307_docs_tasks_md_vii | Docs Guild | docs/policy/lifecycle.md | Produce `/docs/policy/runtime.md` covering compiler, evaluator, caching, events, SLOs. Dependencies: DOCS-POLICY-23-002. | Waiting on SPL reference | DOPL0101 | | DOCS-POLICY-23-004 | TODO | | SPRINT_307_docs_tasks_md_vii | Docs Guild · UI Guild | docs/policy/lifecycle.md | Document `/docs/policy/editor.md` (UI walkthrough, validation, simulation, approvals). Dependencies: DOCS-POLICY-23-003. | Depends on 23-003 | DOPL0101 | | DOCS-POLICY-23-005 | TODO | | SPRINT_307_docs_tasks_md_vii | Docs Guild · DevOps Guild | docs/policy/lifecycle.md | Publish `/docs/policy/governance.md` (roles, scopes, approvals, signing, exceptions). Dependencies: DOCS-POLICY-23-004. | Depends on DevOps automation (141_DVDO0107) | DOPL0101 | | DOCS-POLICY-23-006 | TODO | | SPRINT_307_docs_tasks_md_vii | Docs Guild · DevEx/CLI Guild | docs/policy/lifecycle.md | Update `/docs/api/policy.md` with new endpoints, schemas, errors, pagination. Dependencies: DOCS-POLICY-23-005. | Wait for CLI commands (132_CLCI0110) | DOPL0101 | | DOCS-POLICY-23-007 | TODO | | SPRINT_307_docs_tasks_md_vii | Docs Guild · Observability Guild | docs/policy/lifecycle.md | Update `/docs/modules/cli/guides/policy.md` for lint/simulate/activate/history commands, exit codes. Dependencies: DOCS-POLICY-23-006. | Requires observability hooks (066_PLOB0101) | DOPL0101 | | DOCS-POLICY-23-008 | TODO | | SPRINT_307_docs_tasks_md_vii | Docs Guild · Policy Guild | docs/policy/lifecycle.md | Refresh `/docs/modules/policy/architecture.md` with data model, sequence diagrams, event flows. Dependencies: DOCS-POLICY-23-007. | Needs waiver examples from 005_ATLN0101 | DOPL0101 | | DOCS-POLICY-23-009 | TODO | | SPRINT_307_docs_tasks_md_vii | Docs Guild · DevOps Guild | docs/policy/lifecycle.md | Create `/docs/migration/policy-parity.md` covering dual-run parity plan and rollback. Dependencies: DOCS-POLICY-23-008. | Need DevOps rollout notes (DVDO0108) | DOPL0102 | | DOCS-POLICY-23-010 | TODO | | SPRINT_307_docs_tasks_md_vii | Docs Guild · UI Guild | docs/policy/lifecycle.md | Write `/docs/ui/explainers.md` showing explain trees, evidence overlays, interpretation guidance. Dependencies: DOCS-POLICY-23-009. | Requires UI overlay screenshots (119_CCAO0101) | DOPL0102 | | DOCS-POLICY-27-001 | BLOCKED | 2025-10-27 | SPRINT_307_docs_tasks_md_vii | Docs Guild · Policy Guild | docs/policy/lifecycle.md | Publish `/docs/policy/studio-overview.md` covering lifecycle, roles, glossary, and compliance checklist. Dependencies: DOCS-POLICY-23-010. | Waiting on policy version ADR | DOPL0102 | | DOCS-POLICY-27-002 | BLOCKED | 2025-10-27 | SPRINT_307_docs_tasks_md_vii | Docs Guild · Console Guild | docs/policy/lifecycle.md | Write `/docs/policy/authoring.md` detailing workspace templates, snippets, lint rules, IDE shortcuts, and best practices. Dependencies: DOCS-POLICY-27-001. | Needs console integration outline | DOPL0102 | | DOCS-POLICY-27-003 | BLOCKED | 2025-10-27 | SPRINT_307_docs_tasks_md_vii | Docs Guild · Policy Registry Guild | docs/policy/lifecycle.md | Document `/docs/policy/versioning-and-publishing.md` (semver rules, attestations, rollback) with compliance checklist. Dependencies: DOCS-POLICY-27-002. | Requires registry schema from CCWO0101 | DOPL0102 | | DOCS-POLICY-27-004 | BLOCKED | 2025-10-27 | SPRINT_307_docs_tasks_md_vii | Docs Guild · Scheduler Guild | docs/policy/lifecycle.md | Write `/docs/policy/simulation.md` covering quick vs batch sim, thresholds, evidence bundles, CLI examples. Dependencies: DOCS-POLICY-27-003. | Depends on scheduler hooks from 050_DEVL0101 | DOPL0102 | | DOCS-POLICY-27-005 | BLOCKED | 2025-10-27 | SPRINT_307_docs_tasks_md_vii | Docs Guild · Product Ops | docs/policy/lifecycle.md | Publish `/docs/policy/review-and-approval.md` with approver requirements, comments, webhooks, audit trail guidance. Dependencies: DOCS-POLICY-27-004. | Await product ops approvals | DOPL0102 | | DOCS-POLICY-27-006 | BLOCKED | 2025-10-27 | SPRINT_308_docs_tasks_md_viii | Docs Guild · Policy Guild | docs/policy/runs.md | Author `/docs/policy/promotion.md` covering environments, canary, rollback, and monitoring steps. Dependencies: DOCS-POLICY-27-005. | Need RLS decision from PLLG0104 | DOPL0103 | | DOCS-POLICY-27-007 | BLOCKED | 2025-10-27 | SPRINT_308_docs_tasks_md_viii | Docs Guild · CLI Guild | docs/policy/runs.md | Update `/docs/policy/cli.md` with new commands, JSON schemas, CI usage, and compliance checklist. Dependencies: DOCS-POLICY-27-006. | Requires CLI samples from 132_CLCI0110 | DOPL0103 | | DOCS-POLICY-27-008 | BLOCKED | 2025-10-27 | SPRINT_308_docs_tasks_md_viii | Docs Guild · Policy Registry Guild | docs/policy/runs.md | Publish `/docs/policy/api.md` describing Registry endpoints, request/response schemas, errors, and feature flags. Dependencies: DOCS-POLICY-27-007. | Waiting on registry schema (CCWO0101) | DOPL0103 | | DOCS-POLICY-27-009 | BLOCKED | 2025-10-27 | SPRINT_308_docs_tasks_md_viii | Docs Guild · Security Guild | docs/policy/runs.md | Create `/docs/security/policy-attestations.md` (signing, verification, rotation). | Needs security review | POKT0101 | | DOCS-POLICY-27-010 | BLOCKED | 2025-10-27 | SPRINT_308_docs_tasks_md_viii | Docs Guild · Architecture Guild | docs/policy/runs.md | Author `/docs/modules/policy/registry-architecture.md` (service design, schemas, failure modes). | Requires architecture review minutes | POKT0101 | | DOCS-POLICY-27-011 | BLOCKED | 2025-10-27 | SPRINT_308_docs_tasks_md_viii | Docs Guild · Observability Guild | docs/policy/runs.md | Publish `/docs/observability/policy-telemetry.md` with metrics/log tables, dashboards, alerts, and compliance checklist. Dependencies: DOCS-POLICY-27-010. | Requires observability hooks from 066_PLOB0101 | DOPL0103 | | DOCS-POLICY-27-012 | BLOCKED | 2025-10-27 | SPRINT_308_docs_tasks_md_viii | Docs Guild · Ops Guild | docs/policy/runs.md | Write `/docs/runbooks/policy-incident.md` detailing rollback, freeze, forensic steps, notifications. Dependencies: DOCS-POLICY-27-011. | Needs ops playbooks (DVDO0108) | DOPL0103 | | DOCS-POLICY-27-013 | BLOCKED | 2025-10-27 | SPRINT_308_docs_tasks_md_viii | Docs Guild · Policy Guild | docs/policy/runs.md | Update `/docs/examples/policy-templates.md` with new templates, snippets, and sample policies. Dependencies: DOCS-POLICY-27-012. | Await policy guild approval | DOPL0103 | | DOCS-POLICY-27-014 | BLOCKED | 2025-10-27 | SPRINT_308_docs_tasks_md_viii | Docs Guild · Policy Registry Guild | docs/policy/runs.md | Refresh `/docs/aoc/aoc-guardrails.md` to include Studio-specific guardrails and validation scenarios. Dependencies: DOCS-POLICY-27-013. | Needs policy registry approvals | DOPL0103 | | DOCS-POLICY-DET-01 | TODO | | SPRINT_301_docs_tasks_md_i | Docs Guild · Policy Guild | docs/policy/runs.md | Extend `docs/modules/policy/architecture.md` with determinism gate semantics and provenance references. | Depends on deterministic harness (137_SCDT0101) | DOPL0103 | | DOCS-PROMO-70-001 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Provenance Guild | docs/modules/provenance | Publish `/docs/release/promotion-attestations.md` describing the promotion workflow (CLI commands, Signer/Attestor integration, offline verification) and update `/docs/forensics/provenance-attestation.md` with the new predicate. Dependencies: PROV-OBS-53-003, CLI-PROMO-70-002. | Need provenance promo outline from Provenance Guild | DOPV0101 | | DOCS-REACH-201-006 | TODO | | SPRINT_400_runtime_facts_static_callgraph_union | Docs Guild · Runtime Evidence Guild | docs/reachability | Author the reachability doc set (`docs/signals/reachability.md`, `callgraph-formats.md`, `runtime-facts.md`, CLI/UI appendices) plus update Zastava + Replay guides with the new evidence and operators’ workflow. | Needs RBRE0101 provenance hook summary | DORC0101 | | DOCS-REPLAY-185-003 | TODO | | SPRINT_185_shared_replay_primitives | Docs Guild · Platform Data Guild | docs/replay | Author `docs/data/replay_schema.md` detailing `replay_runs`, `replay_bundles`, `replay_subjects` collections, index guidance, and offline sync strategy aligned with Replay CAS. | Need RPRC0101 API freeze | DORR0101 | | DOCS-REPLAY-185-004 | TODO | | SPRINT_185_shared_replay_primitives | Docs Guild | docs/replay | Expand `docs/replay/DEVS_GUIDE_REPLAY.md` with integration guidance for consuming services (Scanner, Evidence Locker, CLI) and add checklist derived from `docs/replay/DETERMINISTIC_REPLAY.md` Section 11. | Depends on #1 | DORR0101 | | DOCS-REPLAY-186-004 | TODO | | SPRINT_186_record_deterministic_execution | Docs Guild · Runtime Evidence Guild | docs/replay | Author `docs/replay/TEST_STRATEGY.md` (golden replay, feed drift, tool upgrade) and link it from both replay docs and Scanner architecture pages. | Requires deterministic evidence from RBRE0101 | DORR0101 | | DOCS-RISK-66-001 | TODO | | SPRINT_308_docs_tasks_md_viii | Docs Guild · Risk Profile Schema Guild | docs/risk | Publish `/docs/risk/overview.md` covering concepts and glossary. | Need schema approvals from PLLG0104 | DORS0101 | | DOCS-RISK-66-002 | TODO | | SPRINT_308_docs_tasks_md_viii | Docs Guild · Policy Guild | docs/risk | Author `/docs/risk/profiles.md` (authoring, versioning, scope). Dependencies: DOCS-RISK-66-001. | Depends on #1 | DORS0101 | | DOCS-RISK-66-003 | TODO | | SPRINT_308_docs_tasks_md_viii | Docs Guild · Risk Engine Guild | docs/risk | Publish `/docs/risk/factors.md` cataloging signals, transforms, reducers, TTLs. Dependencies: DOCS-RISK-66-002. | Requires engine contract from Risk Engine Guild | DORS0101 | | DOCS-RISK-66-004 | TODO | | SPRINT_308_docs_tasks_md_viii | Docs Guild · Risk Engine Guild | docs/risk | Create `/docs/risk/formulas.md` detailing math, normalization, gating, severity. Dependencies: DOCS-RISK-66-003. | Needs engine rollout notes | DORS0101 | | DOCS-RISK-67-001 | TODO | | SPRINT_308_docs_tasks_md_viii | Docs Guild · Risk Engine Guild | docs/risk | Publish `/docs/risk/explainability.md` showing artifact schema and UI screenshots. Dependencies: DOCS-RISK-66-004. | Wait for engine metrics from 066_PLOB0101 | DORS0101 | | DOCS-RISK-67-002 | TODO | | SPRINT_308_docs_tasks_md_viii | Docs Guild · API Guild | docs/risk | Produce `/docs/risk/api.md` with endpoint reference/examples. Dependencies: DOCS-RISK-67-001. | Requires API publishing workflow | DORS0101 | | DOCS-RISK-67-003 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild · Console Guild | docs/risk | Document `/docs/console/risk-ui.md` for authoring, simulation, dashboards. Dependencies: DOCS-RISK-67-002. | Needs console overlay decision | DORS0101 | | DOCS-RISK-67-004 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild · CLI Guild | docs/risk | Publish `/docs/modules/cli/guides/risk.md` covering CLI workflows. Dependencies: DOCS-RISK-67-003. | Requires CLI samples from 132_CLCI0110 | DORS0101 | | DOCS-RISK-68-001 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild · Export Guild | docs/risk | Add `/docs/airgap/risk-bundles.md` for offline factor bundles. Dependencies: DOCS-RISK-67-004. | Wait for export contract (069_AGEX0101) | DORS0101 | | DOCS-RISK-68-002 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild · Security Guild | docs/risk | Update `/docs/security/aoc-invariants.md` with risk scoring provenance guarantees. Dependencies: DOCS-RISK-68-001. | Requires security approvals | DORS0101 | | DOCS-RUNBOOK-401-017 | TODO | | SPRINT_401_reachability_evidence_chain | Docs Guild · Ops Guild | `docs/runbooks/reachability-runtime.md`, `docs/reachability/DELIVERY_GUIDE.md` | Publish the reachability runtime ingestion runbook, link it from delivery guides, and keep Ops/Signals troubleshooting steps current. | Need latest reachability metrics from RBBN0101 | DORU0101 | | DOCS-RUNBOOK-55-001 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild · Ops Guild | docs/runbooks | Author `/docs/runbooks/incidents.md` describing incident mode activation, escalation steps, retention impact, verification checklist, and imposed rule banner. | Requires deployment checklist from DVPL0101 | DORU0101 | | DOCS-SCANNER-BENCH-62-002 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · Product Guild | docs/modules/scanner/benchmarks | Capture customer demand for Windows/macOS analyzer coverage and document outcomes. | Need bench inputs from SCSA0301 | DOSB0101 | | DOCS-SCANNER-BENCH-62-003 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · Product Guild | docs/modules/scanner/benchmarks | Capture Python lockfile/editable install requirements and document policy guidance. | Depends on #1 | DOSB0101 | | DOCS-SCANNER-BENCH-62-004 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · Java Analyzer Guild | docs/modules/scanner/benchmarks | Document Java lockfile ingestion guidance and policy templates. | Requires Java analyzer notes | DOSB0101 | | DOCS-SCANNER-BENCH-62-005 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · Go Analyzer Guild | docs/modules/scanner/benchmarks | Document Go stripped-binary fallback enrichment guidance once implementation lands. | Needs Go analyzer results | DOSB0101 | | DOCS-SCANNER-BENCH-62-006 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · Product Guild | docs/modules/scanner/benchmarks | Document Rust fingerprint enrichment guidance and policy examples. | Requires updated benchmarks from SCSA0601 | DOSB0101 | | DOCS-SCANNER-BENCH-62-008 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · Platform Data Guild | docs/modules/scanner/benchmarks | Publish EntryTrace explain/heuristic maintenance guide. | Wait for replay hooks (RPRC0101) | DOSB0101 | | DOCS-SCANNER-BENCH-62-009 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · DevEx/CLI Guild | docs/modules/scanner/benchmarks | Produce SAST integration documentation (connector framework, policy templates). | Depends on CLI samples (132_CLCI0110) | DOSB0101 | | DOCS-SCANNER-DET-01 | TODO | 2025-11-09 | SPRINT_301_docs_tasks_md_i | Docs Guild · Scanner Guild | docs/modules/scanner/benchmarks | `/docs/modules/scanner/deterministic-sbom-compose.md` plus scan guide updates. | Needs determinism harness from 137_SCDT0101 | DOSB0101 | | DOCS-SDK-62-001 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild · SDK Generator Guild | docs/sdk | Publish `/docs/sdks/overview.md` plus language guides (`typescript.md`, `python.md`, `go.md`, `java.md`). | Need SDK toolchain notes from SDKG0101 | DOSK0101 | | DOCS-SEC-62-001 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild · Security Guild | docs/security | Update `/docs/security/auth-scopes.md` with OAuth2/PAT scopes, tenancy header usage. | Need security ADR from DVDO0110 | DOSE0101 | | DOCS-SEC-OBS-50-001 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild · Security Guild | docs/security | Update `/docs/security/redaction-and-privacy.md` to cover telemetry privacy controls, tenant opt-in debug, and imposed rule reminder. | Depends on PLOB0101 metrics | DOSE0101 | | DOCS-SIG-26-001 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild · Signals Guild | docs/modules/signals | Write `/docs/signals/reachability.md` covering states, scores, provenance, retention. | Need SGSI0101 metrics freeze | DOSG0101 | | DOCS-SIG-26-002 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild · Observability Guild | docs/modules/signals | Publish `/docs/signals/callgraph-formats.md` with schemas and validation errors. Dependencies: DOCS-SIG-26-001. | Depends on #1 | DOSG0101 | | DOCS-SIG-26-003 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild · Signals Guild | docs/modules/signals | Create `/docs/signals/runtime-facts.md` detailing agent capabilities, privacy safeguards, opt-in flags. Dependencies: DOCS-SIG-26-002. | Requires SSE contract from SGSI0101 | DOSG0101 | | DOCS-SIG-26-004 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild · CLI Guild | docs/modules/signals | Document `/docs/policy/signals-weighting.md` for SPL predicates and weighting strategies. Dependencies: DOCS-SIG-26-003. | Needs CLI samples (132_CLCI0110) | DOSG0101 | | DOCS-SIG-26-005 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild · DevOps Guild | docs/modules/signals | Draft `/docs/ui/reachability-overlays.md` with badges, timelines, shortcuts. Dependencies: DOCS-SIG-26-004. | Wait for DevOps rollout plan | DOSG0101 | | DOCS-SIG-26-006 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild · Security Guild | docs/modules/signals | Update `/docs/modules/cli/guides/reachability.md` for new commands and automation recipes. Dependencies: DOCS-SIG-26-005. | Requires security guidance (DVDO0110) | DOSG0101 | | DOCS-SIG-26-007 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild · Policy Guild | docs/modules/signals | Publish `/docs/api/signals.md` covering endpoints, payloads, ETags, errors. Dependencies: DOCS-SIG-26-006. | Needs policy overlay from PLVL0102 | DOSG0101 | | DOCS-SIG-26-008 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · Notifications Guild | docs/modules/signals | Write `/docs/migration/enable-reachability.md` guiding rollout, fallbacks, monitoring. Dependencies: DOCS-SIG-26-007. | Depends on notifications hooks (058_NOTY0101) | DOSG0101 | | DOCS-SURFACE-01 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · Surface Guild | docs/modules/scanner/surface | Create `/docs/modules/scanner/scanner-engine.md` covering Surface.FS/Env/Secrets workflow between Scanner, Zastava, Scheduler, and Ops. | Need latest surface emit notes (SCANNER-SURFACE-04) | DOSS0101 | | DOCS-SYMS-70-003 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Symbols Guild | docs/modules/symbols | Author symbol-server architecture/spec docs (`docs/specs/symbols/SYMBOL_MANIFEST_v1.md`, API reference, bundle guide) and update reachability guides with symbol lookup workflow and tenant controls. Dependencies: SYMS-SERVER-401-011, SYMS-INGEST-401-013. | Need RBSY0101 cache notes | DOSY0101 | | DOCS-TEN-47-001 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · Security Guild | docs/modules/tenancy | Publish `/docs/security/tenancy-overview.md` and `/docs/security/scopes-and-roles.md` outlining scope grammar, tenant model, imposed rule reminder. | Need tenancy ADR from DVDO0110 | DOTN0101 | | DOCS-TEN-48-001 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · Security Guild | docs/modules/tenancy | Publish `/docs/operations/multi-tenancy.md`, `/docs/operations/rls-and-data-isolation.md`, `/docs/console/admin-tenants.md`. Dependencies: DOCS-TEN-47-001. | Depends on #1 | DOTN0101 | | DOCS-TEN-49-001 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · DevOps Guild | docs/modules/tenancy | Publish `/docs/modules/cli/guides/authentication.md`, `/docs/api/authentication.md`, `/docs/policy/examples/abac-overlays.md`, update `/docs/install/configuration-reference.md` with new env vars, all ending with imposed rule line. Dependencies: DOCS-TEN-48-001. | Requires monitoring plan from DVDO0110 | DOTN0101 | | DOCS-TEST-62-001 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · SDK Generator Guild | docs/sdk | Author `/docs/testing/contract-testing.md` covering mock server, replay tests, golden fixtures. | Depends on #1 | DOSK0101 | | DOCS-VEX-30-001 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · VEX Lens Guild | docs/modules/vex-lens | Publish `/docs/vex/consensus-overview.md` describing purpose, scope, AOC guarantees. | Need PLVL0102 schema snapshot | DOVX0101 | | DOCS-VEX-30-002 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · VEX Lens Guild | docs/modules/vex-lens | Author `/docs/vex/consensus-algorithm.md` covering normalization, weighting, thresholds, examples. Dependencies: DOCS-VEX-30-001. | Depends on #1 | DOVX0101 | | DOCS-VEX-30-003 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · Issuer Directory Guild | docs/modules/vex-lens | Document `/docs/vex/issuer-directory.md` (issuer management, keys, trust overrides, audit). Dependencies: DOCS-VEX-30-002. | Requires Issuer Directory inputs | DOVX0101 | | DOCS-VEX-30-004 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · VEX Lens Guild | docs/modules/vex-lens | Publish `/docs/vex/consensus-api.md` with endpoint specs, query params, rate limits. Dependencies: DOCS-VEX-30-003. | Needs PLVL0102 policy join notes | DOVX0101 | | DOCS-VEX-30-005 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · Console Guild | docs/modules/vex-lens | Write `/docs/vex/consensus-console.md` covering UI workflows, filters, conflicts, accessibility. Dependencies: DOCS-VEX-30-004. | Requires console overlay assets | DOVX0101 | | DOCS-VEX-30-006 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · Policy Guild | docs/modules/vex-lens | Add `/docs/policy/vex-trust-model.md` detailing policy knobs, thresholds, simulation. Dependencies: DOCS-VEX-30-005. | Needs waiver/exception guidance | DOVX0101 | | DOCS-VEX-30-007 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · SBOM Service Guild | docs/modules/vex-lens | Publish `/docs/sbom/vex-mapping.md` (CPE→purl strategy, edge cases, overrides). Dependencies: DOCS-VEX-30-006. | Depends on SBOM/VEX dataflow spec | DOVX0101 | | DOCS-VEX-30-008 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · Security Guild | docs/modules/vex-lens | Deliver `/docs/security/vex-signatures.md` (verification flow, key rotation, audit). Dependencies: DOCS-VEX-30-007. | Requires security review (DVDO0110) | DOVX0101 | | DOCS-VEX-30-009 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild · DevOps Guild | docs/modules/vex-lens | Create `/docs/runbooks/vex-ops.md` for recompute storms, mapping failures, signature errors. Dependencies: DOCS-VEX-30-008. | Needs DevOps rollout plan | DOVX0101 | | DOCS-VEX-401-012 | TODO | | SPRINT_401_reachability_evidence_chain | Docs Guild · VEX Lens Guild | `docs/benchmarks/vex-evidence-playbook.md`, `bench/README.md` | Maintain the VEX Evidence Playbook, publish repo templates/README, and document verification workflows for operators. | Need VEX evidence export from PLVL0102 | DOVB0101 | | DOCS-VULN-29-001 | TODO | | SPRINT_311_docs_tasks_md_xi | Docs Guild · Vuln Explorer Guild | docs/modules/vuln-explorer | Publish `/docs/vuln/explorer-overview.md` covering domain model, identities, AOC guarantees, workflow summary. | Need GRAP0101 contract | DOVL0101 | | DOCS-VULN-29-002 | TODO | | SPRINT_311_docs_tasks_md_xi | Docs Guild · Vuln Explorer Guild | docs/modules/vuln-explorer | Write `/docs/vuln/explorer-using-console.md` with workflows, screenshots, keyboard shortcuts, saved views, deep links. Dependencies: DOCS-VULN-29-001. | Depends on #1 | DOVL0101 | | DOCS-VULN-29-003 | TODO | | SPRINT_311_docs_tasks_md_xi | Docs Guild · UI Guild | docs/modules/vuln-explorer | Author `/docs/vuln/explorer-api.md` (endpoints, query schema, grouping, errors, rate limits). Dependencies: DOCS-VULN-29-002. | Requires UI assets | DOVL0101 | | DOCS-VULN-29-004 | TODO | | SPRINT_311_docs_tasks_md_xi | Docs Guild · Policy Guild | docs/modules/vuln-explorer | Publish `/docs/vuln/explorer-cli.md` with command reference, samples, exit codes, CI snippets. Dependencies: DOCS-VULN-29-003. | Needs policy overlay inputs | DOVL0101 | | DOCS-VULN-29-005 | TODO | | SPRINT_311_docs_tasks_md_xi | Docs Guild · Security Guild | docs/modules/vuln-explorer | Write `/docs/vuln/findings-ledger.md` detailing event schema, hashing, Merkle roots, replay tooling. Dependencies: DOCS-VULN-29-004. | Requires security review | DOVL0101 | | DOCS-VULN-29-006 | TODO | | SPRINT_311_docs_tasks_md_xi | Docs Guild · DevOps Guild | docs/modules/vuln-explorer | Update `/docs/policy/vuln-determinations.md` for new rationale, signals, simulation semantics. Dependencies: DOCS-VULN-29-005. | Depends on DevOps rollout plan | DOVL0101 | | DOCS-VULN-29-007 | TODO | | SPRINT_311_docs_tasks_md_xi | Docs Guild · DevEx/CLI Guild | docs/modules/vuln-explorer | Publish `/docs/vex/explorer-integration.md` covering CSAF mapping, suppression precedence, status semantics. Dependencies: DOCS-VULN-29-006. | Needs CLI examples (132_CLCI0110) | DOVL0101 | | DOCS-VULN-29-008 | TODO | | SPRINT_311_docs_tasks_md_xi | Docs Guild · Export Center Guild | docs/modules/vuln-explorer | Publish `/docs/advisories/explorer-integration.md` covering key normalization, withdrawn handling, provenance. Dependencies: DOCS-VULN-29-007. | Need export bundle spec | DOVL0102 | | DOCS-VULN-29-009 | TODO | | SPRINT_311_docs_tasks_md_xi | Docs Guild · Security Guild | docs/modules/vuln-explorer | Author `/docs/sbom/vuln-resolution.md` detailing version semantics, scope, paths, safe version hints. Dependencies: DOCS-VULN-29-008. | Depends on #1 | DOVL0102 | | DOCS-VULN-29-010 | TODO | | SPRINT_311_docs_tasks_md_xi | Docs Guild · DevOps Guild | docs/modules/vuln-explorer | Publish `/docs/observability/vuln-telemetry.md` (metrics, logs, tracing, dashboards, SLOs). Dependencies: DOCS-VULN-29-009. | Requires DevOps automation plan | DOVL0102 | | DOCS-VULN-29-011 | TODO | | SPRINT_311_docs_tasks_md_xi | Docs Guild · Notifications Guild | docs/modules/vuln-explorer | Create `/docs/security/vuln-rbac.md` for roles, ABAC policies, attachment encryption, CSRF. Dependencies: DOCS-VULN-29-010. | Needs notifications contract | DOVL0102 | | DOCS-VULN-29-012 | TODO | | SPRINT_311_docs_tasks_md_xi | Docs Guild · Policy Guild | docs/modules/vuln-explorer | Write `/docs/runbooks/vuln-ops.md` (projector lag, resolver storms, export failures, policy activation). Dependencies: DOCS-VULN-29-011. | Requires policy overlay outputs | DOVL0102 | | DOCS-VULN-29-013 | TODO | | SPRINT_311_docs_tasks_md_xi | Docs Guild · DevEx/CLI Guild | docs/modules/vuln-explorer | Update `/docs/install/containers.md` with Findings Ledger & Vuln Explorer API images, manifests, resource sizing, health checks. Dependencies: DOCS-VULN-29-012. | Needs CLI/export scripts from 132_CLCI0110 | DOVL0102 | | DOWNLOADS-CONSOLE-23-001 | TODO | | SPRINT_502_ops_deployment_ii | Docs Guild · Deployment Guild | docs/console | Maintain signed downloads manifest pipeline (images, Helm, offline bundles), publish JSON under `deploy/downloads/manifest.json`, and document sync cadence for Console + docs parity. | Need latest console build instructions | DOCN0101 | | DPOP-11-001 | TODO | 2025-11-08 | SPRINT_100_identity_signing | Docs Guild · Authority Core | src/Authority/StellaOps.Authority | Need DPoP ADR from PGMI0101 | AUTH-AOC-19-002 | DODP0101 | | DSL-401-005 | TODO | | SPRINT_401_reachability_evidence_chain | Docs Guild · Policy Guild | `docs/policy/dsl.md`, `docs/policy/lifecycle.md` | Depends on PLLG0101 DSL updates | Depends on PLLG0101 DSL updates | DODP0101 | | DSSE-CLI-401-021 | TODO | | SPRINT_401_reachability_evidence_chain | Docs Guild · CLI Guild | `src/Cli/StellaOps.Cli`, `scripts/ci/attest-*`, `docs/modules/attestor/architecture.md` | Ship a `stella attest` CLI (or sample `StellaOps.Attestor.Tool`) plus GitLab/GitHub workflow snippets that emit DSSE per build step (scan/package/push) using the new library and Authority keys. | Need CLI updates from latest DSSE release | DODS0101 | | DSSE-DOCS-401-022 | TODO | | SPRINT_401_reachability_evidence_chain | Docs Guild · Attestor Guild | `docs/ci/dsse-build-flow.md`, `docs/modules/attestor/architecture.md` | Document the build-time attestation walkthrough (`docs/ci/dsse-build-flow.md`): models, helper usage, Authority integration, storage conventions, and verification commands, aligning with the advisory. | Depends on #1 | DODS0101 | | DSSE-LIB-401-020 | TODO | | SPRINT_401_reachability_evidence_chain | Attestor Guild · Platform Guild | `src/Attestor/StellaOps.Attestation`, `src/Attestor/StellaOps.Attestor.Envelope` | Package `StellaOps.Attestor.Envelope` primitives into a reusable `StellaOps.Attestation` library with `InTotoStatement`, `IAuthoritySigner`, DSSE pre-auth helpers, and .NET-friendly APIs for build agents. | Need attestor library API freeze | DOAL0101 | | DVOFF-64-002 | TODO | | SPRINT_160_export_evidence | DevPortal Offline Guild | docs/modules/export-center/devportal-offline.md | DevPortal Offline + AirGap Controller Guilds | Needs exporter DSSE schema from 002_ATEL0101 | DEVL0102 | | EDITOR-401-004 | TODO | | SPRINT_401_reachability_evidence_chain | Docs Guild · CLI Guild | `src/Cli/StellaOps.Cli`, `docs/policy/lifecycle.md` | Gather CLI/editor alignment notes | Gather CLI/editor alignment notes | DOCL0103 | | EMIT-15-001 | TODO | | SPRINT_136_scanner_surface | Docs Guild · Scanner Emit Guild | src/Scanner/__Libraries/StellaOps.Scanner.Emit | Need EntryTrace emit notes from SCANNER-SURFACE-04 | SCANNER-SURFACE-04 | DOEM0101 | | ENG-0001 | DONE | 2025-11-07 | SPRINT_333_docs_modules_excititor | Docs Guild · Analyzer Guild | docs/modules/excitor | Summarize excititor integration | Summarize excititor integration | DOEN0101 | | ENG-0002 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Docs Guild · Analyzer Guild | docs/modules/scanner | Link to analyzer doc commits | Link to analyzer doc commits | DOEN0101 | | ENG-0003 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Docs Guild · Analyzer Guild | docs/modules/scanner | Link to Python analyzer doc | Link to Python analyzer doc | DOEN0101 | | ENG-0004 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Docs Guild · Analyzer Guild | docs/modules/scanner | Link to Java analyzer doc | Link to Java analyzer doc | DOEN0101 | | ENG-0005 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Docs Guild · Analyzer Guild | docs/modules/scanner | Link to Go analyzer doc | Link to Go analyzer doc | DOEN0101 | | ENG-0006 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Docs Guild · Analyzer Guild | docs/modules/scanner | Link to Rust analyzer doc | Link to Rust analyzer doc | DOEN0101 | | ENG-0007 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Docs Guild · Analyzer Guild | docs/modules/scanner | Multi-analyzer wrap-up | Multi-analyzer wrap-up | DOEN0101 | | ENG-0008 | TODO | | SPRINT_138_scanner_ruby_parity | Docs Guild · EntryTrace Guild | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | Needs EntryTrace doc from DOEM0101 | Needs EntryTrace doc from DOEM0101 | DOEN0101 | | ENG-0009 | TODO | 2025-11-13 | SPRINT_138_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Requires CLI integration notes | SCANNER-ANALYZERS-RUBY-28-001..012 | DOEN0101 | | ENG-0010 | TODO | | SPRINT_138_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Need PHP analyzer doc outline | SCANNER-ANALYZERS-PHP-27-001 | DOEN0102 | | ENG-0011 | TODO | | SPRINT_138_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Deno analyzer doc | Deno analyzer doc | DOEN0102 | | ENG-0012 | TODO | | SPRINT_138_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Dart | EntryTrace doc dependency (DOEM0101) | EntryTrace doc dependency (DOEM0101) | DOEN0102 | | ENG-0013 | TODO | | SPRINT_138_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Swift | Swift analyzer doc outline | Swift analyzer doc outline | DOEN0102 | | ENG-0014 | TODO | | SPRINT_138_scanner_ruby_parity | Docs Guild · Analyzer Guild | docs/modules/scanner | Runtime/Zastava notes | Runtime/Zastava notes | DOEN0102 | | ENG-0015 | DONE | 2025-11-13 | SPRINT_138_scanner_ruby_parity | Docs Guild · Analyzer Guild | docs/modules/scanner | Summarize export center tie-in | Summarize export center tie-in | DOEN0102 | | ENG-0016 | DONE | 2025-11-10 | SPRINT_138_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Analyzer doc evidence | SCANNER-ENG-0009 | DOEN0102 | | ENG-0017 | DONE | 2025-11-09 | SPRINT_138_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Analyzer doc evidence | SCANNER-ENG-0016 | DOEN0102 | | ENG-0018 | DONE | 2025-11-09 | SPRINT_138_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Analyzer doc evidence | SCANNER-ENG-0017 | DOEN0102 | | ENG-0019 | DONE | 2025-11-13 | SPRINT_138_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Analyzer doc evidence | SCANNER-ENG-0016..0018 | DOEN0102 | | ENG-0020 | TODO | | SPRINT_136_scanner_surface | Docs Guild · Scanner Guild | docs/modules/scanner | Need surface doc context | Need surface doc context | DOEN0103 | | ENG-0021 | TODO | | SPRINT_136_scanner_surface | Docs Guild · Scanner Guild | docs/modules/scanner | Same as #1 | Same as #1 | DOEN0103 | | ENG-0022 | TODO | | SPRINT_136_scanner_surface | Docs Guild · Scanner Guild | docs/modules/scanner | Policy integration reference | Policy integration reference | DOEN0103 | | ENG-0023 | TODO | | SPRINT_136_scanner_surface | Docs Guild · Scanner Guild | docs/modules/scanner | Offline kit/policy integration | Offline kit/policy integration | DOEN0103 | | ENG-0024 | TODO | | SPRINT_136_scanner_surface | Docs Guild · Scanner Guild | docs/modules/scanner | Surface doc refresh | Surface doc refresh | DOEN0103 | | ENG-0025 | TODO | | SPRINT_136_scanner_surface | Docs Guild · Scanner Guild | docs/modules/scanner | Surface doc refresh | Surface doc refresh | DOEN0103 | | ENG-0026 | TODO | | SPRINT_136_scanner_surface | Docs Guild · Scanner Guild | docs/modules/scanner | Surface doc refresh | Surface doc refresh | DOEN0103 | | ENG-0027 | TODO | | SPRINT_136_scanner_surface | Docs Guild · Scanner Guild | docs/modules/scanner | Policy/offline integration doc | Policy/offline integration doc | DOEN0103 | | ENGINE-20-002 | BLOCKED | 2025-10-26 | SPRINT_124_policy_reasoning | Docs Guild · Policy Guild | src/Policy/StellaOps.Policy.Engine | Need ADR references | Need ADR references | DOPE0101 | | ENGINE-20-003 | TODO | | SPRINT_124_policy_reasoning | Docs Guild · Policy Guild · Concelier & Excititor Guilds | src/Policy/StellaOps.Policy.Engine | Depends on #1 | POLICY-ENGINE-20-002 | DOPE0101 | | ENGINE-20-004 | TODO | | SPRINT_124_policy_reasoning | Docs Guild · Storage Guild | src/Policy/StellaOps.Policy.Engine | Needs storage notes | POLICY-ENGINE-20-003 | DOPE0101 | | ENGINE-20-005 | TODO | | SPRINT_124_policy_reasoning | Docs Guild · Policy Runtime Guild | src/Policy/StellaOps.Policy.Engine | Requires policy runtime notes | POLICY-ENGINE-20-004 | DOPE0101 | | ENGINE-20-006 | TODO | | SPRINT_124_policy_reasoning | Docs Guild · Policy Guild | src/Policy/StellaOps.Policy.Engine | Need runtime ADR | POLICY-ENGINE-20-005 | DOPE0102 | | ENGINE-20-007 | TODO | | SPRINT_124_policy_reasoning | Docs Guild · Storage Guild | src/Policy/StellaOps.Policy.Engine | Need storage ADR | POLICY-ENGINE-20-006 | DOPE0102 | | ENGINE-20-008 | TODO | | SPRINT_124_policy_reasoning | Docs Guild · Observability Guild | src/Policy/StellaOps.Policy.Engine | Need observability updates | POLICY-ENGINE-20-007 | DOPE0102 | | ENGINE-20-009 | TODO | | SPRINT_124_policy_reasoning | Docs Guild · DevOps Guild | src/Policy/StellaOps.Policy.Engine | Need DevOps deployment plan | POLICY-ENGINE-20-008 | DOPE0102 | | ENGINE-27-001 | TODO | | SPRINT_124_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-20-009 | POLICY-ENGINE-20-009 | DOPE0103 | | ENGINE-27-002 | TODO | | SPRINT_124_policy_reasoning | Policy + Observability Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-27-001 | POLICY-ENGINE-27-001 | DOPE0103 | | ENGINE-29-001 | TODO | | SPRINT_124_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-27-004 | POLICY-ENGINE-27-004 | DOPE0103 | | ENGINE-29-002 | TODO | | SPRINT_124_policy_reasoning | Policy + Findings Ledger Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-29-001 | POLICY-ENGINE-29-001 | DOPE0103 | | ENGINE-29-003 | TODO | | SPRINT_125_policy_reasoning | Policy + SBOM Service Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-29-002 | POLICY-ENGINE-29-002 | DOPE0103 | | ENGINE-29-004 | TODO | | SPRINT_125_policy_reasoning | Policy + Observability Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-29-003 | POLICY-ENGINE-29-003 | DOPE0103 | | ENGINE-30-001 | TODO | | SPRINT_125_policy_reasoning | Policy + Cartographer Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-29-004 | POLICY-ENGINE-29-004 | DOPE0103 | | ENGINE-30-002 | TODO | | SPRINT_125_policy_reasoning | Policy + Cartographer Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-30-001 | POLICY-ENGINE-30-001 | DOPE0103 | | ENGINE-30-003 | TODO | | SPRINT_125_policy_reasoning | Policy + Scheduler Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-30-002 | POLICY-ENGINE-30-002 | DOPE0103 | | ENGINE-30-101 | TODO | | SPRINT_125_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-30-003 | POLICY-ENGINE-30-003 | DOPE0103 | | ENGINE-31-001 | TODO | | SPRINT_125_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-30-101 | POLICY-ENGINE-30-101 | DOPE0104 | | ENGINE-31-002 | TODO | | SPRINT_125_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-31-001 | POLICY-ENGINE-31-001 | DOPE0104 | | ENGINE-32-101 | TODO | | SPRINT_125_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-31-002 | POLICY-ENGINE-31-002 | DOPE0104 | | ENGINE-33-101 | TODO | | SPRINT_125_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-32-101 | POLICY-ENGINE-32-101 | DOPE0104 | | ENGINE-34-101 | TODO | | SPRINT_125_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-33-101 | POLICY-ENGINE-33-101 | DOPE0104 | | ENGINE-35-201 | TODO | | SPRINT_125_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-34-101 | POLICY-ENGINE-34-101 | DOPE0104 | | ENGINE-38-201 | TODO | | SPRINT_125_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-35-201 | POLICY-ENGINE-35-201 | DOPE0104 | | ENGINE-40-001 | TODO | | SPRINT_125_policy_reasoning | Policy + Concelier Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-38-201 | POLICY-ENGINE-38-201 | DOPE0104 | | ENGINE-40-002 | TODO | | SPRINT_125_policy_reasoning | Policy + Excititor Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-40-001 | POLICY-ENGINE-40-001 | DOPE0104 | | ENGINE-40-003 | TODO | | SPRINT_126_policy_reasoning | Policy + Web Scanner Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-40-002 | POLICY-ENGINE-40-002 | DOPE0104 | | ENGINE-401-003 | TODO | | SPRINT_401_reachability_evidence_chain | Policy Guild (`src/Policy/StellaOps.Policy.Engine`, `docs/modules/policy/architecture.md`) | `src/Policy/StellaOps.Policy.Engine`, `docs/modules/policy/architecture.md` | Reachability/forensics appendix referencing DORC0101. | — | DOPE0105 | | ENGINE-50-001 | TODO | | SPRINT_126_policy_reasoning | Policy + Platform Security / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-40-003 | POLICY-ENGINE-40-003 | DOPE0105 | | ENGINE-50-002 | TODO | | SPRINT_126_policy_reasoning | Policy + Runtime Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-50-001 | POLICY-ENGINE-50-001 | DOPE0105 | | ENGINE-50-003 | TODO | | SPRINT_126_policy_reasoning | Policy + Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-50-002 | POLICY-ENGINE-50-002 | DOPE0105 | | ENGINE-50-004 | TODO | | SPRINT_126_policy_reasoning | Policy + Platform Events Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-50-003 | POLICY-ENGINE-50-003 | DOPE0105 | | ENGINE-50-005 | TODO | | SPRINT_126_policy_reasoning | Policy + Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-50-004 | POLICY-ENGINE-50-004 | DOPE0105 | | ENGINE-50-006 | TODO | | SPRINT_126_policy_reasoning | Policy + QA Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-50-005 | POLICY-ENGINE-50-005 | DOPE0105 | | ENGINE-50-007 | TODO | | SPRINT_126_policy_reasoning | Policy + Scheduler Worker Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-50-006 | POLICY-ENGINE-50-006 | DOPE0105 | | ENGINE-60-001 | TODO | | SPRINT_126_policy_reasoning | Policy + SBOM Service Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-50-007 | POLICY-ENGINE-50-007 | DOPE0105 | | ENGINE-60-002 | TODO | | SPRINT_126_policy_reasoning | Policy + BE-Base Platform Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-60-001 | POLICY-ENGINE-60-001 | DOPE0105 | | ENGINE-66-001 | TODO | | SPRINT_129_policy_reasoning | Risk Engine Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Baseline collections + indexes doc. | — | DORG0101 | | ENGINE-66-002 | TODO | | SPRINT_129_policy_reasoning | Risk Engine Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-66-001 | RISK-ENGINE-66-001 | DORG0101 | | ENGINE-67-001 | TODO | | SPRINT_129_policy_reasoning | Risk + Concelier Guilds / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-66-002 | RISK-ENGINE-66-002 | DORG0101 | | ENGINE-67-002 | TODO | | SPRINT_129_policy_reasoning | Risk + Excititor Guilds / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-67-001 | RISK-ENGINE-67-001 | DORG0101 | | ENGINE-67-003 | TODO | | SPRINT_129_policy_reasoning | Risk + Policy Engine Guilds / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-67-002 | RISK-ENGINE-67-002 | DORG0101 | | ENGINE-68-001 | TODO | | SPRINT_129_policy_reasoning | Risk + Findings Ledger Guilds / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-67-003 | RISK-ENGINE-67-003 | DORG0101 | | ENGINE-68-002 | TODO | | SPRINT_129_policy_reasoning | Risk + API Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-68-001 | RISK-ENGINE-68-001 | DORG0101 | | ENGINE-69-001 | TODO | | SPRINT_129_policy_reasoning | Risk + Policy Studio Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-68-002 | RISK-ENGINE-68-002 | DORG0101 | | ENGINE-69-002 | TODO | | SPRINT_129_policy_reasoning | Risk + Observability Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-69-001 | RISK-ENGINE-69-001 | DORG0101 | | ENGINE-70-001 | TODO | | SPRINT_129_policy_reasoning | Risk + Export Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-69-002 | RISK-ENGINE-69-002 | DORG0101 | | ENGINE-70-002 | TODO | | SPRINT_126_policy_reasoning | Policy + Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-60-002 | POLICY-ENGINE-60-002 | DOPE0106 | | ENGINE-70-003 | TODO | | SPRINT_126_policy_reasoning | Policy + Runtime Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-70-002 | POLICY-ENGINE-70-002 | DOPE0106 | | ENGINE-70-004 | TODO | | SPRINT_126_policy_reasoning | Policy + Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-70-003 | POLICY-ENGINE-70-003 | DOPE0106 | | ENGINE-70-005 | TODO | | SPRINT_126_policy_reasoning | Policy + Scheduler Worker Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-70-004 | POLICY-ENGINE-70-004 | DOPE0106 | | ENGINE-80-001 | TODO | | SPRINT_126_policy_reasoning | Policy + Signals Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-70-005 | POLICY-ENGINE-70-005 | DOPE0106 | | ENGINE-80-002 | TODO | | SPRINT_127_policy_reasoning | Policy + Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-80-001 | POLICY-ENGINE-80-001 | DOPE0106 | | ENGINE-80-003 | TODO | | SPRINT_127_policy_reasoning | Policy + Policy Editor Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-80-002 | POLICY-ENGINE-80-002 | DOPE0106 | | ENGINE-80-004 | TODO | | SPRINT_127_policy_reasoning | Policy + Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-80-003 | POLICY-ENGINE-80-003 | DOPE0106 | | ENGINE-DOCS-0001 | TODO | | SPRINT_325_docs_modules_policy | Docs Guild (docs/modules/policy) | docs/modules/policy | Refresh module overview + governance ladder. | — | DOPE0107 | | ENGINE-ENG-0001 | TODO | | SPRINT_325_docs_modules_policy | Module Team (docs/modules/policy) | docs/modules/policy | Capture engineering guidelines + acceptance tests. | — | DOPE0107 | | ENGINE-OPS-0001 | TODO | | SPRINT_325_docs_modules_policy | Ops Guild (docs/modules/policy) | docs/modules/policy | Operations runbook (deploy/rollback) pointer. | — | DOPE0107 | | ENTROPY-186-011 | TODO | | SPRINT_186_record_deterministic_execution | Scanner Guild · Provenance Guild | `src/Scanner/StellaOps.Scanner.Worker`, `src/Scanner/__Libraries` | SCANNER-ENTRYTRACE-18-508 | SCANNER-ENTRYTRACE-18-508 | SCDE0101 | | ENTROPY-186-012 | TODO | | SPRINT_186_record_deterministic_execution | Scanner Guild · Provenance Guild | `src/Scanner/StellaOps.Scanner.WebService`, `docs/replay/DETERMINISTIC_REPLAY.md` | ENTROPY-186-011 | ENTROPY-186-011 | SCDE0102 | | ENTROPY-40-001 | TODO | | SPRINT_209_ui_i | UI Guild | src/UI/StellaOps.UI | ENTROPY-186-011 | ENTROPY-186-011 | UIDO0101 | | ENTROPY-40-002 | TODO | | SPRINT_209_ui_i | UI Guild · Policy Guild | src/UI/StellaOps.UI | ENTROPY-40-001 & ENTROPY-186-012 | ENTROPY-40-001 | UIDO0101 | | ENTROPY-70-004 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · Scanner Guild | docs/modules/scanner/determinism.md | ENTROPY-186-011/012 | ENTROPY-186-011/012 | DOSC0102 | | ENTRYTRACE-18-502 | TODO | | SPRINT_135_scanner_surface | EntryTrace Guild · Scanner Surface Guild | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | SCANNER-ENTRYTRACE-18-508 | SCANNER-ENTRYTRACE-18-508 | SCET0101 | | ENTRYTRACE-18-503 | TODO | | SPRINT_135_scanner_surface | EntryTrace Guild · Scanner Surface Guild | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | ENTRYTRACE-18-502 | ENTRYTRACE-18-502 | SCET0101 | | ENTRYTRACE-18-504 | TODO | | SPRINT_136_scanner_surface | EntryTrace Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace) | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | SCANNER-ENTRYTRACE-18-503 | SCANNER-ENTRYTRACE-18-503 | SCSS0102 | | ENTRYTRACE-18-505 | TODO | | SPRINT_136_scanner_surface | EntryTrace Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace) | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | SCANNER-ENTRYTRACE-18-504 | SCANNER-ENTRYTRACE-18-504 | SCSS0102 | | ENTRYTRACE-18-506 | TODO | | SPRINT_136_scanner_surface | EntryTrace Guild · Scanner WebService Guild | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | ENTRYTRACE-18-505 | ENTRYTRACE-18-505 | SCET0101 | | ENV-01 | DONE | 2025-11-13 | SPRINT_136_scanner_surface | Scanner Guild, Zastava Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | | | SCEN0101 | | ENV-02 | DOING (2025-11-02) | 2025-11-02 | SPRINT_136_scanner_surface | Scanner Guild · Zastava Guild | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | SURFACE-ENV-01 | SURFACE-ENV-01 | SCEN0101 | | ENV-03 | TODO | | SPRINT_136_scanner_surface | BuildX Plugin Guild | src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin | SCANNER-ENV-02 | SCANNER-ENV-02 | SCBX0101 | | ENV-04 | TODO | | SPRINT_136_scanner_surface | Zastava Guild · Scanner Env Guild | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | SURFACE-ENV-02 | SURFACE-ENV-02 | SCEN0101 | | ENV-05 | TODO | | SPRINT_136_scanner_surface | Ops Guild · Scanner Env Guild | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | SURFACE-ENV-03 & SURFACE-ENV-04 | SURFACE-ENV-03; SURFACE-ENV-04 | SCEN0101 | | EVENTS-16-301 | BLOCKED (2025-10-26) | 2025-10-26 | SPRINT_136_scanner_surface | Scanner WebService Guild (`src/Scanner/StellaOps.Scanner.WebService`) | src/Scanner/StellaOps.Scanner.WebService | SCDE0102 landing | SCDE0102 landing | SCEV0101 | | EVID-CRYPTO-90-001 | TODO | | SPRINT_160_export_evidence | Evidence Locker + Security Guilds (`src/EvidenceLocker/StellaOps.EvidenceLocker`) | src/EvidenceLocker/StellaOps.EvidenceLocker | Evidence Locker + Security Guilds · `ICryptoProviderRegistry` integration | ATEL0101 contracts | EVEC0101 | | EVID-OBS-54-002 | TODO | | SPRINT_161_evidencelocker | Evidence Locker Guild (`src/EvidenceLocker/StellaOps.EvidenceLocker`) | `src/EvidenceLocker/StellaOps.EvidenceLocker` | Finalize deterministic bundle packaging + DSSE layout per `docs/modules/evidence-locker/bundle-packaging.md`, ensuring parity with portable/incident modes. | EVID-CRYPTO-90-001 | EVEC0101 | | EVID-REPLAY-187-001 | TODO | | SPRINT_160_export_evidence | Evidence Locker Guild · docs/modules/evidence-locker/architecture.md | docs/modules/evidence-locker/architecture.md | Evidence Locker Guild · docs/modules/evidence-locker/architecture.md | EVID-CRYPTO-90-001 | EVEC0101 | | EXC-25-001 | TODO | | SPRINT_202_cli_ii | DevEx/CLI Guild (`src/Cli/StellaOps.Cli`) | src/Cli/StellaOps.Cli | DOOR0102 APIs | DOOR0102 APIs | CLEX0101 | | EXC-25-002 | TODO | | SPRINT_202_cli_ii | DevEx/CLI Guild (`src/Cli/StellaOps.Cli`) | src/Cli/StellaOps.Cli | EXC-25-001 | EXC-25-001 | CLEX0101 | | EXC-25-003 | TODO | | SPRINT_209_ui_i | UI Guild (`src/UI/StellaOps.UI`) | src/UI/StellaOps.UI | DOOR0102 APIs | DOOR0102 APIs | UIEX0101 | | EXC-25-004 | TODO | | SPRINT_209_ui_i | UI Guild (`src/UI/StellaOps.UI`) | src/UI/StellaOps.UI | EXC-25-003 | EXC-25-003 | UIEX0101 | | EXC-25-005 | TODO | | SPRINT_209_ui_i | UI + Accessibility Guilds (`src/UI/StellaOps.UI`) | src/UI/StellaOps.UI | EXC-25-003 | EXC-25-003 | UIEX0101 | | EXC-25-006 | TODO | | SPRINT_303_docs_tasks_md_iii | Docs Guild · DevEx Guild | docs/modules/excititor | CLEX0101 CLI updates | CLEX0101 CLI updates | DOEX0101 | | EXC-25-007 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild · DevOps Guild | docs/modules/excititor | UIEX0101 console outputs | UIEX0101 console outputs | DOEX0101 | | EXCITITOR-AIAI-31-001 | DONE | 2025-11-09 | SPRINT_110_ingestion_evidence | Excititor Web/Core Guilds | | Normalised VEX justification projections shipped. | | EXWK0101 | | EXCITITOR-AIAI-31-002 | TODO | | SPRINT_110_ingestion_evidence | Excititor Web/Core Guilds | | Chunk API waiting on schema + ingest agreements. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ELOCKER-CONTRACT-2001 | EXAI0101 | | EXCITITOR-AIAI-31-003 | TODO | | SPRINT_110_ingestion_evidence | Excititor Observability Guild | | Telemetry/guardrail metrics follow chunk API. | EXCITITOR-AIAI-31-002 | EXAI0101 | | EXCITITOR-AIAI-31-004 | TODO | | SPRINT_110_ingestion_evidence | Docs Guild · Excititor Guild | | Docs/OpenAPI alignment queued behind chunk API finalisation. | EXCITITOR-AIAI-31-002 | EXAI0101 | | EXCITITOR-AIRGAP-56 | TODO | | SPRINT_110_ingestion_evidence | Excititor Guild · AirGap Guilds | | Air-gap + connector parity depend on schema + attestation readiness. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | EXAG0101 | | EXCITITOR-AIRGAP-56-001 | TODO | | SPRINT_119_excititor_i | Excititor Core Guild (`src/Excititor/__Libraries/StellaOps.Excititor.Core`) | src/Excititor/__Libraries/StellaOps.Excititor.Core | Wire mirror bundle ingestion paths that preserve upstream digests, bundle IDs, and provenance metadata exactly so offline Advisory-AI/Lens deployments can replay evidence with AOC parity. | EXCITITOR-AIRGAP-56 | EXAG0101 | | EXCITITOR-AIRGAP-57 | TODO | | SPRINT_110_ingestion_evidence | Excititor Guild · AirGap Guilds | | Same as -56 plus Evidence Locker | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | EXAG0101 | | EXCITITOR-AIRGAP-57-001 | TODO | | SPRINT_119_excititor_i | Excititor AirGap Policy Guild (`src/Excititor/__Libraries/StellaOps.Excititor.Core`) | src/Excititor/__Libraries/StellaOps.Excititor.Core | Enforce sealed-mode policies that disable external connectors, emit actionable remediation errors, and record staleness annotations that Advisory AI can surface as “evidence freshness” signals. Depends on EXCITITOR-AIRGAP-56-001. | EXCITITOR-AIRGAP-57 | EXAG0101 | | EXCITITOR-AIRGAP-58 | TODO | | SPRINT_110_ingestion_evidence | Excititor Guild · AirGap Guilds | | Same upstream | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | EXAG0101 | | EXCITITOR-AIRGAP-58-001 | TODO | | SPRINT_119_excititor_i | Excititor Core + Evidence Locker Guilds | src/Excititor/__Libraries/StellaOps.Excititor.Core | Package tenant-scoped VEX evidence (raw JSON, normalization diff, provenance) into portable bundles tied to timeline events so Advisory AI can hydrate contexts in sealed environments. Depends on EXCITITOR-AIRGAP-57-001. | EXCITITOR-AIRGAP-58 | EXAG0101 | | EXCITITOR-ATTEST-01-003 | TODO | | SPRINT_110_ingestion_evidence | Excititor Guild | | Attestation payload ordering awaiting sequencing session. | EXCITITOR-AIAI-31-002; ELOCKER-CONTRACT-2001 | EXAT0101 | | EXCITITOR-ATTEST-73-001 | TODO | | SPRINT_119_excititor_i | Excititor Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Emit attestation payloads that capture supplier identity, justification summary, and scope metadata so downstream Lens/Policy jobs can chain trust without Excititor interpreting the evidence. Depends on EXCITITOR-ATTEST-01-003. | EXCITITOR-ATTEST-01-003 | EXAT0101 | | EXCITITOR-ATTEST-73-002 | TODO | | SPRINT_119_excititor_i | Excititor Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Provide APIs that link attestation IDs back to observation/linkset/product tuples, enabling Advisory AI to cite provenance without any derived verdict. Depends on EXCITITOR-ATTEST-73-001. | EXCITITOR-ATTEST-73-001 | EXAT0101 | | EXCITITOR-CONN-SUSE-01-003 | TODO | | SPRINT_120_excititor_ii | Excititor Guild (SUSE connector) | src/Excititor/__Libraries/StellaOps.Excititor.Connectors.SUSE.RancherVEXHub | DONE (2025-11-09) – Emit provider trust configuration (signer fingerprints, trust tier notes) into the raw provenance envelope so downstream VEX Lens/Policy components can weigh issuers. Connector must not apply weighting or consensus inside ingestion. | EXCITITOR-CONN-SUSE-01-002; EXCITITOR-POLICY-01-001 | EXCN0101 | | EXCITITOR-CONN-TRUST-01-001 | TODO | | SPRINT_110_ingestion_evidence | Excititor Guild · AirGap Guilds | | ATTEST-PLAN-2001 | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | EXCN0101 | | EXCITITOR-CONN-UBUNTU-01-003 | TODO | | SPRINT_120_excititor_ii | Excititor Guild (Ubuntu connector) | src/Excititor/__Libraries/StellaOps.Excititor.Connectors.Ubuntu.CSAF | DONE (2025-11-09) – Emit Ubuntu signing metadata (GPG fingerprints, issuer trust tier) inside raw provenance artifacts so downstream Policy/VEX Lens consumers can weigh issuers. Connector must remain aggregation-only with no inline weighting. | EXCITITOR-CONN-UBUNTU-01-002 | EXCN0101 | | EXCITITOR-CONSOLE-23-001 | TODO | | SPRINT_120_excititor_ii | Excititor Guild · Docs Guild | src/Excititor/StellaOps.Excititor.WebService | Expose `/console/vex` endpoints returning grouped VEX statements per advisory/component with status chips, justification metadata, precedence trace pointers, and tenant-scoped filters for Console explorer. Dependencies: EXCITITOR-LNM-21-201, EXCITITOR-LNM-21-202. | DOCN0101 | EXCO0101 | | EXCITITOR-CONSOLE-23-002 | TODO | | SPRINT_120_excititor_ii | Excititor Guild | src/Excititor/StellaOps.Excititor.WebService | Provide aggregated counts for VEX overrides (new, not_affected, revoked) powering Console dashboard + live status ticker; emit metrics for policy explain integration. Dependencies: EXCITITOR-CONSOLE-23-001, EXCITITOR-LNM-21-203. | EXCITITOR-CONSOLE-23-001 | EXCO0101 | | EXCITITOR-CONSOLE-23-003 | TODO | | SPRINT_120_excititor_ii | Excititor Guild | src/Excititor/StellaOps.Excititor.WebService | Deliver rapid lookup endpoints of VEX by advisory/component for Console global search; ensure response includes provenance and precedence context; include caching and RBAC. Dependencies: EXCITITOR-CONSOLE-23-001. | EXCITITOR-CONSOLE-23-001 | EXCO0101 | | EXCITITOR-CORE-AOC-19-002 | TODO | | SPRINT_120_excititor_ii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Implement deterministic extraction of advisory IDs, component PURLs, and references into `linkset`, capturing reconciled-from metadata for traceability. | Link-Not-Merge schema | EXCA0101 | | EXCITITOR-CORE-AOC-19-003 | TODO | | SPRINT_120_excititor_ii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Enforce `(vendor, upstreamId, contentHash, tenant)` uniqueness, generate supersedes chains, and ensure append-only versioning of raw VEX documents. Dependencies: EXCITITOR-CORE-AOC-19-002. | EXCITITOR-CORE-AOC-19-002 | EXCA0101 | | EXCITITOR-CORE-AOC-19-004 | TODO | | SPRINT_120_excititor_ii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Excise consensus/merge/severity logic from Excititor ingestion paths, updating exports/tests to rely on Policy Engine materializations instead. Dependencies: EXCITITOR-CORE-AOC-19-003. | EXCITITOR-CORE-AOC-19-003 | EXCA0101 | | EXCITITOR-CORE-AOC-19-013 | TODO | | SPRINT_120_excititor_ii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Update Excititor smoke/e2e suites to seed tenant-aware Authority clients and ensure cross-tenant VEX ingestion is rejected. Dependencies: EXCITITOR-CORE-AOC-19-004. | EXCITITOR-CORE-AOC-19-004 | EXCA0101 | | EXCITITOR-CRYPTO-90-001 | TODO | | SPRINT_124_excititor_vi | WebService + Security Guilds | src/Excititor/StellaOps.Excititor.WebService | Replace ad-hoc hashing/signing in connectors/exporters/OpenAPI discovery with `ICryptoProviderRegistry` implementations approved by security so evidence verification stays deterministic across crypto profiles. | ATEL0101 | EXWS0101 | | EXCITITOR-DOCS-0001 | DOING (2025-10-29) | 2025-10-29 | SPRINT_333_docs_modules_excititor | Docs Guild | docs/modules/excititor | See ./AGENTS.md | — | DOEX0102 | | EXCITITOR-ENG-0001 | TODO | | SPRINT_333_docs_modules_excititor | Module Team · Docs Guild | docs/modules/excititor | Update status via ./AGENTS.md workflow | DOEX0101 evidence | DOEX0102 | | EXCITITOR-GRAPH-21-001 | TODO | 2025-10-27 | SPRINT_120_excititor_ii | Excititor Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Provide batched VEX/advisory reference fetches keyed by graph node PURLs so UI inspector can display raw documents and justification metadata. | Link-Not-Merge schema | EXGR0101 | | EXCITITOR-GRAPH-21-002 | TODO | 2025-10-27 | SPRINT_120_excititor_ii | Excititor Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Ensure overlay metadata includes VEX justification summaries and document versions for Cartographer overlays; update fixtures/tests. Dependencies: EXCITITOR-GRAPH-21-001. | EXCITITOR-GRAPH-21-001 | EXGR0101 | | EXCITITOR-GRAPH-21-005 | TODO | 2025-10-27 | SPRINT_120_excititor_ii | Excititor Guild | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo | Add indexes/materialized views for VEX lookups by PURL/policy to support Cartographer inspector performance; document migrations. Dependencies: EXCITITOR-GRAPH-21-002. | EXCITITOR-GRAPH-21-002 | EXGR0101 | | EXCITITOR-GRAPH-24-101 | TODO | | SPRINT_120_excititor_ii | Excititor Guild | src/Excititor/StellaOps.Excititor.WebService | Provide endpoints delivering VEX status summaries per component/asset for Vuln Explorer integration. Dependencies: EXCITITOR-GRAPH-21-005. | EXCITITOR-GRAPH-21-002 | EXGR0101 | | EXCITITOR-GRAPH-24-102 | TODO | | SPRINT_120_excititor_ii | Excititor Guild | src/Excititor/StellaOps.Excititor.WebService | Add batch VEX observation retrieval optimized for Graph overlays/tooltips. Dependencies: EXCITITOR-GRAPH-24-101. | EXCITITOR-GRAPH-24-101 | EXGR0101 | | EXCITITOR-LNM-21-001 | TODO | | SPRINT_121_excititor_iii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo | Stand up `vex_observations` and `vex_linksets` collections with shard keys, tenant guards, and migrations that retire any residual merge-era data without mutating raw content. | Link-Not-Merge schema | EXLN0101 | | EXCITITOR-LNM-21-002 | TODO | | SPRINT_121_excititor_iii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Capture disagreement metadata (status + justification deltas) directly inside linksets with confidence scores so downstream consumers can highlight conflicts without Excititor choosing winners. Depends on EXCITITOR-LNM-21-001. | EXCITITOR-LNM-21-001 | EXLN0101 | | EXCITITOR-LNM-21-003 | TODO | | SPRINT_121_excititor_iii | Excititor Core + Platform Events Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Emit `vex.linkset.updated` events and describe payload shape (observation ids, confidence, conflict summary) so Policy/Lens/UI can subscribe while Excititor stays aggregation-only. Depends on EXCITITOR-LNM-21-002. | EXCITITOR-LNM-21-002 | EXLN0101 | | EXCITITOR-LNM-21-201 | TODO | | SPRINT_121_excititor_iii | Excititor WebService Guild | src/Excititor/StellaOps.Excititor.WebService | Ship `/vex/observations` read endpoints with filters for advisory/product/issuer, strict RBAC, and deterministic pagination (no derived verdict fields). Depends on EXCITITOR-LNM-21-003. | EXCITITOR-LNM-21-001 | EXLN0101 | | EXCITITOR-LNM-21-202 | TODO | | SPRINT_121_excititor_iii | Excititor WebService Guild | src/Excititor/StellaOps.Excititor.WebService | Provide `/vex/linksets` + export endpoints that surface alias mappings, conflict markers, and provenance proofs exactly as stored; errors must map to `ERR_AGG_*`. Depends on EXCITITOR-LNM-21-201. | EXCITITOR-LNM-21-201 | EXLN0101 | | EXCITITOR-LNM-21-203 | TODO | | SPRINT_121_excititor_iii | Excititor WebService Guild | src/Excititor/StellaOps.Excititor.WebService | Update OpenAPI, SDK smoke tests, and documentation to cover the new observation/linkset endpoints with realistic examples Advisory AI/Lens teams can rely on. Depends on EXCITITOR-LNM-21-202. | EXCITITOR-LNM-21-202 | EXLN0101 | | EXCITITOR-OBS-51-001 | TODO | | SPRINT_121_excititor_iii | Excititor Core Guild · DevOps Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Publish ingest latency, scope resolution success, conflict rate, and signature verification metrics plus SLO burn alerts so we can prove Excititor meets the AOC “evidence freshness” mission. | Wait for 046_TLTY0101 span schema | EXOB0101 | | EXCITITOR-OBS-52-001 | TODO | | SPRINT_122_excititor_iv | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Emit `timeline_event` entries for every ingest/linkset change with trace IDs, justification summaries, and evidence hashes so downstream systems can replay the raw facts chronologically. Depends on EXCITITOR-OBS-51-001. | Needs #1 merged for correlation IDs | EXOB0101 | | EXCITITOR-OBS-53-001 | TODO | | SPRINT_122_excititor_iv | Excititor Core Guild · Evidence Locker Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Build locker payloads (raw doc, normalization diff, provenance) and Merkle manifests so sealed-mode sites can audit evidence without Excititor reinterpreting it. Depends on EXCITITOR-OBS-52-001. | Blocked on Evidence Locker DSSE hooks (002_ATEL0101) | EXOB0101 | | EXCITITOR-OBS-54-001 | TODO | | SPRINT_122_excititor_iv | Excititor Core Guild · Provenance Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Attach DSSE attestations to every evidence batch, verify chains via Provenance tooling, and surface attestation IDs on timeline events. Depends on EXCITITOR-OBS-53-001. | Requires provenance schema from 005_ATLN0101 | EXOB0101 | | EXCITITOR-OPS-0001 | TODO | | SPRINT_333_docs_modules_excititor | Ops Guild · Docs Guild | docs/modules/excititor | Sync outcomes back to ../.. | DOEX0101 runbooks | DOEX0102 | | EXCITITOR-ORCH-32-001 | TODO | | SPRINT_122_excititor_iv | Excititor Worker Guild (`src/Excititor/StellaOps.Excititor.Worker`) | src/Excititor/StellaOps.Excititor.Worker | Adopt the orchestrator worker SDK for Excititor jobs, emitting heartbeats/progress/artifact hashes so ingestion remains deterministic and restartable without reprocessing evidence. | DOOR0102 APIs | EXWS0101 | | EXCITITOR-ORCH-33-001 | TODO | | SPRINT_122_excititor_iv | Excititor Worker Guild (`src/Excititor/StellaOps.Excititor.Worker`) | src/Excititor/StellaOps.Excititor.Worker | Honor orchestrator pause/throttle/retry commands, persist checkpoints, and classify error outputs to keep ingestion safe under outages. Depends on EXCITITOR-ORCH-32-001. | EXCITITOR-ORCH-32-001 | EXWS0101 | | EXCITITOR-POLICY-20-001 | TODO | | SPRINT_122_excititor_iv | WebService Guild | src/Excititor/StellaOps.Excititor.WebService | Provide VEX lookup APIs (PURL/advisory batching, scope filters, tenant enforcement) that Policy Engine uses to join evidence without Excititor performing any verdict logic. Depends on EXCITITOR-AOC-20-004. | DOLN0101 | EXWS0101 | | EXCITITOR-POLICY-20-002 | TODO | | SPRINT_122_excititor_iv | Excititor Core Guild (src/Excititor/__Libraries/StellaOps.Excititor.Core) | src/Excititor/__Libraries/StellaOps.Excititor.Core | Enhance linksets with scope resolution + version range metadata so Policy/Reachability can reason about applicability while Excititor continues to report only raw context. Depends on EXCITITOR-POLICY-20-001. | | EXWK0101 | | EXCITITOR-RISK-66-001 | TODO | | SPRINT_122_excititor_iv | Excititor Core Guild · Risk Engine Guild (`src/Excititor/__Libraries/StellaOps.Excititor.Core`) | src/Excititor/__Libraries/StellaOps.Excititor.Core | Publish risk-engine ready feeds (status, justification, provenance) with zero derived severity so gating services can reference Excititor as a source of truth. Depends on EXCITITOR-POLICY-20-002. | CONCELIER-GRAPH-21-001/002 | EXRS0101 | | EXCITITOR-STORE-AOC-19-001 | TODO | | SPRINT_123_excititor_v | Storage Guild (`src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo`) | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo | Ship Mongo JSON Schema + validator tooling (including Offline Kit instructions) so operators can prove Excititor stores only immutable evidence. | Link-Not-Merge schema | EXSM0101 | | EXCITITOR-STORE-AOC-19-002 | TODO | | SPRINT_123_excititor_v | Storage + DevOps Guilds (`src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo`) | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo | Create unique indexes, run migrations/backfills, and document rollback steps for the new schema validator. Depends on EXCITITOR-STORE-AOC-19-001. | STORE-AOC-19-001 | EXSM0101 | | EXCITITOR-VEXLENS-30-001 | TODO | | SPRINT_123_excititor_v | Excititor WebService Guild · VEX Lens Guild | src/Excititor/StellaOps.Excititor.WebService | Ensure every observation exported to VEX Lens carries issuer hints, signature blobs, product tree snippets, and staleness metadata so the lens can compute consensus without calling back into Excititor. | — | PLVL0103 | | EXCITITOR-VULN-29-001 | TODO | | SPRINT_123_excititor_v | Excititor WebService Guild (`src/Excititor/StellaOps.Excititor.WebService`) | src/Excititor/StellaOps.Excititor.WebService | Canonicalize advisory/product keys (map to `advisory_key`, capture scope metadata) while preserving original identifiers in `links[]`; run backfill + regression tests. | EXWS0101 | EXVN0101 | | EXCITITOR-VULN-29-002 | TODO | | SPRINT_123_excititor_v | Excititor WebService Guild | src/Excititor/StellaOps.Excititor.WebService | Provide `/vuln/evidence/vex/{advisory_key}` returning tenant-scoped raw statements, provenance, and attestation references for Vuln Explorer evidence tabs. Depends on EXCITITOR-VULN-29-001. | EXCITITOR-VULN-29-001 | EXVN0101 | | EXCITITOR-VULN-29-004 | TODO | | SPRINT_123_excititor_v | Excititor WebService + Observability Guilds | src/Excititor/StellaOps.Excititor.WebService | Add metrics/logs for normalization errors, suppression scopes, withdrawn statements, and feed them to Vuln Explorer + Advisory AI dashboards. Depends on EXCITITOR-VULN-29-002. | EXCITITOR-VULN-29-001 | EXVN0101 | | EXCITITOR-WEB-AIRGAP-58-001 | TODO | | SPRINT_124_excititor_vi | WebService Guild · AirGap Guilds | src/Excititor/StellaOps.Excititor.WebService | Emit timeline events + audit logs for mirror bundle imports (bundle ID, scope, actor) and map sealed-mode violations to actionable remediation guidance. | EXAG0101 | EXWS0101 | | EXCITITOR-WEB-OAS-61-001 | TODO | | SPRINT_124_excititor_vi | WebService Guild | src/Excititor/StellaOps.Excititor.WebService | Implement `/.well-known/openapi` with spec version metadata plus standard error envelopes, then update controller/unit tests accordingly. | DOOR0102 | EXWS0101 | | EXCITITOR-WEB-OAS-62-001 | TODO | | SPRINT_124_excititor_vi | WebService Guild · API Governance | src/Excititor/StellaOps.Excititor.WebService | Publish curated examples for the new evidence/attestation/timeline endpoints, emit deprecation headers for legacy routes, and align SDK docs. Depends on EXCITITOR-WEB-OAS-61-001. | EXCITITOR-WEB-OAS-61-001 | EXWS0101 | | EXCITITOR-WEB-OBS-52-001 | TODO | | SPRINT_124_excititor_vi | Excititor WebService Guild | src/Excititor/StellaOps.Excititor.WebService | Provide SSE/WebSocket bridges for VEX timeline events with tenant filters, pagination anchors, and guardrails so downstream consoles can monitor raw evidence changes in real time. Depends on EXCITITOR-OBS-52-001. | Wait for 046_TLTY0101 span schema | EXOB0102 | | EXCITITOR-WEB-OBS-53-001 | TODO | | SPRINT_124_excititor_vi | Excititor WebService Guild · Evidence Locker Guild | src/Excititor/StellaOps.Excititor.WebService | Expose `/evidence/vex/*` endpoints that fetch locker bundles, enforce scopes, and surface verification metadata without synthesizing verdicts. Depends on EXCITITOR-WEB-OBS-52-001. | Requires Evidence Locker DSSE API (002_ATEL0101) | EXOB0102 | | EXCITITOR-WEB-OBS-54-001 | TODO | | SPRINT_124_excititor_vi | Excititor WebService Guild | src/Excititor/StellaOps.Excititor.WebService | Add `/attestations/vex/*` endpoints returning DSSE verification state, builder identity, and chain-of-custody links so consumers never need direct datastore access. Depends on EXCITITOR-WEB-OBS-53-001. | Dependent on provenance schema (005_ATLN0101) | EXOB0102 | | EXCITOR-DOCS-0001 | DONE | 2025-11-07 | SPRINT_333_docs_modules_excititor | Docs Guild (docs/modules/excitor) | docs/modules/excitor | Validate that `docs/modules/excitor/README.md` matches the latest release notes and consensus beta notes. | | DOXR0101 | | EXCITOR-ENG-0001 | DONE | 2025-11-07 | SPRINT_333_docs_modules_excititor | Module Team (docs/modules/excitor) | docs/modules/excitor | Ensure the implementation plan sprint alignment table stays current with `SPRINT_200` updates. | | DOXR0101 | | EXCITOR-OPS-0001 | DONE | 2025-11-07 | SPRINT_333_docs_modules_excititor | Ops Guild (docs/modules/excitor) | docs/modules/excitor | Review runbooks/observability assets, adding the checklist captured in `docs/modules/excitor/mirrors.md`. | | DOXR0101 | | EXPLORER-DOCS-0001 | TODO | | SPRINT_334_docs_modules_vuln_explorer | Docs Guild | docs/modules/vuln-explorer | DOVL0101 outputs | DOVL0101 outputs | DOXR0101 | | EXPLORER-ENG-0001 | TODO | | SPRINT_334_docs_modules_vuln_explorer | Explorer Module Team | docs/modules/vuln-explorer | DOVL0102 | DOVL0102 | DOXR0101 | | EXPLORER-OPS-0001 | TODO | | SPRINT_334_docs_modules_vuln_explorer | Ops Guild | docs/modules/vuln-explorer | Explorer Ops runbooks | Explorer Ops runbooks | DOXR0101 | | EXPORT-35-001 | TODO | | SPRINT_121_policy_reasoning | Findings Ledger Guild (`src/Findings/StellaOps.Findings.Ledger`) | src/Findings/StellaOps.Findings.Ledger | PLLG010x ADRs | PLLG010x ADRs | EVFL0101 | | EXPORT-36-001 | TODO | | SPRINT_202_cli_ii | DevEx/CLI Guild (`src/Cli/StellaOps.Cli`) | src/Cli/StellaOps.Cli | Export API spec | Export API spec | EVCL0101 | | EXPORT-37-001 | TODO | | SPRINT_202_cli_ii | DevEx/CLI Guild (`src/Cli/StellaOps.Cli`) | src/Cli/StellaOps.Cli | EXPORT-36-001 | EXPORT-36-001 | EVCL0101 | | EXPORT-37-004 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild | | DOCN0101 | DOCN0101 | EVDO0101 | | EXPORT-37-005 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs + Export Guilds | | EXPORT-37-004 | EXPORT-37-004 | EVDO0101 | | EXPORT-37-101 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild | | EVCL0101 | EVCL0101 | EVDO0101 | | EXPORT-37-102 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild | | EXPORT-37-101 | EXPORT-37-101 | EVDO0101 | | EXPORT-AIRGAP-56-001 | TODO | | SPRINT_160_export_evidence | Exporter Service Guild · Mirror Guild | | Exporter + Mirror Creator + DevOps Guilds | Wait for Deployment bundle shape (068_AGDP0101) | AGEX0101 | | EXPORT-AIRGAP-56-002 | TODO | | SPRINT_160_export_evidence | Exporter Service Guild · DevOps Guild | | Depends on #1 artifacts | Depends on #1 artifacts | AGEX0101 | | EXPORT-AIRGAP-57-001 | TODO | | SPRINT_160_export_evidence | ExportCenter Guild (`src/ExportCenter/StellaOps.ExportCenter`) | src/ExportCenter/StellaOps.ExportCenter | Exporter Service + Evidence Locker Guild | EXAG0101 outputs | EVAH0101 | | EXPORT-AIRGAP-58-001 | TODO | | SPRINT_162_exportcenter_i | ExportCenter Guild · Notifications Guild | src/ExportCenter/StellaOps.ExportCenter | Emit notifications and timeline events when Mirror Bundles or Bootstrap packs are ready for transfer. Dependencies: EXPORT-AIRGAP-57-001. | EXPORT-AIRGAP-57-001 | EVAH0101 | | EXPORT-ATTEST-74-001 | TODO | | SPRINT_160_export_evidence | ExportCenter + Attestation Guilds | | Attestation Bundle + Exporter Guilds | ATEL0101 | EVAH0101 | | EXPORT-ATTEST-74-002 | TODO | | SPRINT_160_export_evidence | ExportCenter + Attestation Guilds | | EXPORT-ATTEST-74-001 | EXPORT-ATTEST-74-001 | EVAH0101 | | EXPORT-ATTEST-75-001 | TODO | | SPRINT_160_export_evidence | ExportCenter + CLI Guilds | | Attestation Bundle + CLI + Exporter Guilds | EXPORT-ATTEST-74-001 | EVAH0101 | | EXPORT-ATTEST-75-002 | TODO | | SPRINT_160_export_evidence | ExportCenter + CLI Guilds | | EXPORT-ATTEST-75-001 | EXPORT-ATTEST-75-001 | EVAH0101 | | EXPORT-CONSOLE-23-001 | TODO | | SPRINT_123_policy_reasoning | Policy Guild, Scheduler Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Build evidence bundle/export generator producing signed manifests, CSV/JSON replay endpoints, and trace attachments; integrate with scheduler jobs and expose progress telemetry | | EVOA0101 | | EXPORT-CRYPTO-90-001 | TODO | | SPRINT_160_export_evidence | ExportCenter + Security Guilds (`src/ExportCenter/StellaOps.ExportCenter`) | src/ExportCenter/StellaOps.ExportCenter | Exporter Service + Security Guilds | Security review | EVOA0101 | | EXPORT-OAS-61 | TODO | | SPRINT_160_export_evidence | ExportCenter + API Governance | | Exporter Service + API Governance + SDK Guilds | OAS spec finalization | EVOA0101 | | EXPORT-OAS-61-001 | TODO | | SPRINT_162_exportcenter_i | ExportCenter + API Contracts Guild | src/ExportCenter/StellaOps.ExportCenter | Update Exporter OAS covering profiles, runs, downloads, devportal exports with standard error envelope and examples. | EXPORT-OAS-61 | EVOA0101 | | EXPORT-OAS-61-002 | TODO | | SPRINT_162_exportcenter_i | ExportCenter + API Guild | src/ExportCenter/StellaOps.ExportCenter | Provide `/.well-known/openapi` discovery endpoint with version metadata and ETag. Dependencies: EXPORT-OAS-61-001. | EXPORT-OAS-61 | EVOA0101 | | EXPORT-OAS-62 | TODO | | SPRINT_160_export_evidence | ExportCenter + API Governance | | EXPORT-OAS-61 | EXPORT-OAS-61 | EVOA0101 | | EXPORT-OAS-62-001 | TODO | | SPRINT_162_exportcenter_i | ExportCenter + API Guilds (`src/ExportCenter/StellaOps.ExportCenter`) | src/ExportCenter/StellaOps.ExportCenter | Ensure SDKs include export profile/run clients with streaming download helpers; add smoke tests. Dependencies: EXPORT-OAS-61-002. | EVOA0101 outputs | EVOA0102 | | EXPORT-OAS-63 | TODO | | SPRINT_160_export_evidence | Exporter Service Guild · API Governance Guild | | Needs API governance sign-off (049_APIG0101) | Needs API governance sign-off (049_APIG0101) | AGEX0101 | | EXPORT-OAS-63-001 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild · SDK Guild | src/ExportCenter/StellaOps.ExportCenter | Implement deprecation headers and notifications for legacy export endpoints. Dependencies: EXPORT-OAS-62-001. | Requires #3 schema | AGEX0101 | | EXPORT-OBS-50-001 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild · Observability Guild | src/ExportCenter/StellaOps.ExportCenter | Adopt telemetry core in exporter service + workers, ensuring spans/logs capture profile id, tenant, artifact counts, distribution type, and trace IDs. | Wait for telemetry schema drop from 046_TLTY0101 | ECOB0101 | | EXPORT-OBS-51-001 | TODO | | SPRINT_110_ingestion_evidence | Exporter Guild · AirGap Time Guild · CLI Guild | | Downstream automation awaiting assembler staffing outcome. | PROGRAM-STAFF-1001 | ECOB0101 | | EXPORT-OBS-52-001 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild | src/ExportCenter/StellaOps.ExportCenter | Publish timeline events for export lifecycle (`export.requested`, `export.built`, `export.distributed`, `export.failed`) embedding manifest hashes and evidence refs. Provide dedupe + retry logic. Dependencies: EXPORT-OBS-51-001. | Requires shared middleware from task #1 | ECOB0101 | | EXPORT-OBS-53-001 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild · Evidence Locker Guild | src/ExportCenter/StellaOps.ExportCenter | Push export manifests + distribution transcripts to evidence locker bundles, ensuring Merkle root alignment and DSSE pre-sign data available. Dependencies: EXPORT-OBS-52-001. | Blocked on Evidence Locker DSSE API (002_ATEL0101) | ECOB0101 | | EXPORT-OBS-54-001 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild · Provenance Guild | src/ExportCenter/StellaOps.ExportCenter | Produce DSSE attestations for each export artifact and distribution target, expose verification API `/exports/{id}/attestation`, and integrate with CLI verify path. Dependencies: EXPORT-OBS-53-001. | PROGRAM-STAFF-1001; EXPORT-MIRROR-ORCH-1501 | ECOB0101 | | EXPORT-OBS-54-002 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild · Provenance Guild | src/ExportCenter/StellaOps.ExportCenter | Add promotion attestation assembly to export runs (compute SBOM/VEX digests, embed Rekor proofs, bundle DSSE envelopes) and ensure Offline Kit packaging includes the resulting JSON + DSSE envelopes. Dependencies: EXPORT-OBS-54-001, PROV-OBS-53-003. | Needs #5 for consistent dimensions | ECOB0101 | | EXPORT-OBS-55-001 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild · DevOps Guild | src/ExportCenter/StellaOps.ExportCenter | Add incident mode enhancements (extra tracing for slow exports, additional debug logs, retention bump). Emit incident activation events to timeline + notifier. Dependencies: EXPORT-OBS-54-001. | Requires DevOps alert templates (045_DVDO0103) | ECOB0101 | | EXPORT-RISK-69-001 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild · Risk Bundle Guild | src/ExportCenter/StellaOps.ExportCenter | Add Export Center job handler `risk-bundle` with provider selection, manifest signing, and audit logging. | Wait for Risk engine inputs (042_RPRC0101) | AGEX0101 | | EXPORT-RISK-69-002 | TODO | | SPRINT_163_exportcenter_ii | ExportCenter + Risk Guilds | src/ExportCenter/StellaOps.ExportCenter | Enable simulation report exports pulling scored data + explainability snapshots. Dependencies: EXPORT-RISK-69-001. | EXRS0101 outputs | EVRK0101 | | EXPORT-RISK-70-001 | TODO | | SPRINT_163_exportcenter_ii | ExportCenter + DevOps Guild | src/ExportCenter/StellaOps.ExportCenter | Integrate risk bundle builds into offline kit packaging with checksum verification. Dependencies: EXPORT-RISK-69-002. | EXPORT-RISK-69-002 | EVRK0101 | | EXPORT-SVC-35-001 | BLOCKED (2025-10-29) | 2025-10-29 | SPRINT_163_exportcenter_ii | ExportCenter Guild (`src/ExportCenter/StellaOps.ExportCenter`) | src/ExportCenter/StellaOps.ExportCenter | Bootstrap exporter service project, configuration, and Postgres migrations for `export_profiles`, `export_runs`, `export_inputs`, `export_distributions` with tenant scoping + tests. | Await EVFL0101 evidence feed | ESVC0101 | | EXPORT-SVC-35-002 | TODO | | SPRINT_163_exportcenter_ii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Implement planner + scope resolver translating filters into ledger iterators and orchestrator job payloads; include deterministic sampling and validation. Dependencies: EXPORT-SVC-35-001. | EXPORT-SVC-35-001 | ESVC0101 | | EXPORT-SVC-35-003 | TODO | | SPRINT_163_exportcenter_ii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Deliver JSON adapters (`json:raw`, `json:policy`) with canonical normalization, redaction allowlists, compression, and manifest counts. Dependencies: EXPORT-SVC-35-002. | EXPORT-SVC-35-001 | ESVC0101 | | EXPORT-SVC-35-004 | TODO | | SPRINT_163_exportcenter_ii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Build mirror (full) adapter producing filesystem layout, indexes, manifests, and README with download-only distribution. Dependencies: EXPORT-SVC-35-003. | EXPORT-SVC-35-002 | ESVC0101 | | EXPORT-SVC-35-005 | TODO | | SPRINT_163_exportcenter_ii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Implement manifest/provenance writer and KMS signing/attestation (detached + embedded) for bundle outputs. Dependencies: EXPORT-SVC-35-004. | EXPORT-SVC-35-003 | ESVC0101 | | EXPORT-SVC-35-006 | TODO | | SPRINT_164_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Expose Export API (profiles, runs, download, SSE updates) with audit logging, concurrency controls, and viewer/operator RBAC integration. Dependencies: EXPORT-SVC-35-005. | EXPORT-SVC-35-004 | ESVC0101 | | EXPORT-SVC-36-001 | TODO | | SPRINT_164_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Implement Trivy DB adapter (core) with schema mappings, version flag gating, and validation harness. Dependencies: EXPORT-SVC-35-006. | ESVC0101 outputs | ESVC0102 | | EXPORT-SVC-36-002 | TODO | | SPRINT_164_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Add Trivy Java DB variant with shared manifest entries and adapter regression tests. Dependencies: EXPORT-SVC-36-001. | EXPORT-SVC-36-001 | ESVC0102 | | EXPORT-SVC-36-003 | TODO | | SPRINT_164_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Build OCI distribution engine (manifests, descriptors, annotations) with registry auth support and retries. Dependencies: EXPORT-SVC-36-002. | EXPORT-SVC-36-001 | ESVC0102 | | EXPORT-SVC-36-004 | TODO | | SPRINT_164_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Extend planner/run lifecycle for distribution targets (OCI/object storage) with idempotent metadata updates and retention timestamps. Dependencies: EXPORT-SVC-36-003. | EXPORT-SVC-36-002 | ESVC0102 | | EXPORT-SVC-37-001 | TODO | | SPRINT_164_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Implement mirror delta adapter with base manifest comparison, change set generation, and content-addressed reuse. Dependencies: EXPORT-SVC-36-004. | EXPORT-SVC-35-006 | ESVC0102 | | EXPORT-SVC-37-002 | TODO | | SPRINT_164_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Add bundle encryption (age/AES-GCM), key wrapping via KMS, and verification tooling for encrypted outputs. Dependencies: EXPORT-SVC-37-001. | EXPORT-SVC-37-001 | ESVC0102 | | EXPORT-SVC-37-003 | TODO | | SPRINT_164_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Implement export scheduling (cron/event), retention pruning, retry idempotency, and failure classification. Dependencies: EXPORT-SVC-37-002. | EXPORT-SVC-37-002 | ESVC0103 | | EXPORT-SVC-37-004 | TODO | | SPRINT_164_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Provide verification API to stream manifests/hashes, compute hash+signature checks, and return attest status for CLI/UI. Dependencies: EXPORT-SVC-37-003. | EXPORT-SVC-37-003 | ESVC0103 | | EXPORT-SVC-43-001 | TODO | | SPRINT_164_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Integrate pack run manifests/artifacts into export bundles and CLI verification flows; expose provenance links. Dependencies: EXPORT-SVC-37-004. | EXPORT-SVC-37-004 | ESVC0103 | | EXPORT-TEN-48-001 | TODO | | SPRINT_164_exportcenter_iii | ExportCenter + Tenancy Guild | src/ExportCenter/StellaOps.ExportCenter | Prefix artifacts/manifests with tenant/project, enforce scope checks, and prevent cross-tenant exports unless explicitly whitelisted; update provenance. | EXPORT-SVC-37-004 | ESVC0103 | | FEEDCONN-CCCS-02-009 | TODO | | SPRINT_117_concelier_vi | Concelier Connector Guild – CCCS (src/Concelier/__Libraries/StellaOps.Concelier.Connector.Cccs) | src/Concelier/__Libraries/StellaOps.Concelier.Connector.Cccs | Emit CCCS version ranges into `advisory_observations.affected.versions[]` with provenance anchors (`cccs:{serial}:{index}`) and normalized comparison keys per the Link-Not-Merge schema/doc recipes. Depends on CONCELIER-LNM-21-001. | — | FEFC0101 | | FEEDCONN-CERTBUND-02-010 | TODO | | SPRINT_117_concelier_vi | Concelier Connector Guild – CertBund (src/Concelier/__Libraries/StellaOps.Concelier.Connector.CertBund) | src/Concelier/__Libraries/StellaOps.Concelier.Connector.CertBund | Translate CERT-Bund `product.Versions` phrases into normalized ranges + provenance identifiers (`certbund:{advisoryId}:{vendor}`) while retaining localisation notes; update mapper/tests for Link-Not-Merge. Depends on CONCELIER-LNM-21-001. | — | FEFC0101 | | FEEDCONN-CISCO-02-009 | DOING | 2025-11-08 | SPRINT_117_concelier_vi | Concelier Connector Guild – Cisco (src/Concelier/__Libraries/StellaOps.Concelier.Connector.Vndr.Cisco) | src/Concelier/__Libraries/StellaOps.Concelier.Connector.Vndr.Cisco | Emit Cisco SemVer ranges into the new observation schema with provenance IDs (`cisco:{productId}`) and deterministic comparison keys; refresh fixtures to remove merge counters. Depends on CONCELIER-LNM-21-001. | — | FEFC0101 | | FEEDCONN-ICSCISA-02-012 | BLOCKED | | SPRINT_110_ingestion_evidence | Concelier Feed Owners | | Overdue provenance refreshes require schedule from feed owners. | FEED-REMEDIATION-1001 | FEFC0101 | | FEEDCONN-KISA-02-008 | BLOCKED | | SPRINT_110_ingestion_evidence | Concelier Feed Owners | | FEED-REMEDIATION-1001 | FEED-REMEDIATION-1001 | FEFC0101 | | FORENSICS-53-001 | TODO | | SPRINT_202_cli_ii | Forensics Guild | src/Cli/StellaOps.Cli | Replay data set | Replay data set | FONS0101 | | FORENSICS-53-002 | TODO | | SPRINT_304_docs_tasks_md_iv | Forensics Guild | | FORENSICS-53-001 | FORENSICS-53-001 | FONS0101 | | FORENSICS-53-003 | TODO | | SPRINT_304_docs_tasks_md_iv | Forensics Guild | | FORENSICS-53-001 | FORENSICS-53-001 | FONS0101 | | FORENSICS-54-001 | TODO | | SPRINT_202_cli_ii | Forensics Guild | src/Cli/StellaOps.Cli | FORENSICS-53 outputs | FORENSICS-53 outputs | FONS0101 | | FORENSICS-54-002 | TODO | | SPRINT_202_cli_ii | Forensics Guild | src/Cli/StellaOps.Cli | FORENSICS-54-001 | FORENSICS-54-001 | FONS0101 | | FS-03 | TODO | | SPRINT_136_scanner_surface | Scanner Guild | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | SURFACE-FS-02 | SURFACE-FS-02 | SFFS0101 | | FS-04 | TODO | | SPRINT_136_scanner_surface | Scanner Guild | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | FS-03 | SURFACE-FS-02 | SFFS0101 | | FS-05 | TODO | | SPRINT_136_scanner_surface | Scanner Guild · Scheduler Guild | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | SURFACE-FS-03 | SURFACE-FS-03 | SFFS0101 | | FS-06 | TODO | | SPRINT_136_scanner_surface | Docs Guild | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | SURFACE-FS-02 | SURFACE-FS-02 | SFFS0101 | | FS-07 | TODO | | SPRINT_136_scanner_surface | Scanner Guild | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | SCANNER-SURFACE-04 | SCANNER-SURFACE-04 | SFFS0101 | | GAP-DOC-008 | TODO | | SPRINT_401_reachability_evidence_chain | Docs Guild | `docs/reachability/function-level-evidence.md`, `docs/09_API_CLI_REFERENCE.md`, `docs/api/policy.md` | Publish the cross-module function-level evidence guide, update API/CLI references with the new `code_id` fields, and add OpenVEX/replay samples under `samples/reachability/**`. | DOAG0101 outputs | GAPG0101 | | GAP-POL-005 | TODO | | SPRINT_401_reachability_evidence_chain | Policy Guild · Docs Guild | `src/Policy/StellaOps.Policy.Engine`, `docs/modules/policy/architecture.md`, `docs/reachability/function-level-evidence.md` | Ingest reachability facts into Policy Engine, expose `reachability.state/confidence` in SPL/API, enforce auto-suppress (<0.30) rules, and generate OpenVEX evidence blocks referencing graph hashes + runtime facts with policy thresholds. | GAP-DOC-008 | GAPG0101 | | GAP-REP-004 | TODO | | SPRINT_401_reachability_evidence_chain | Docs Guild | `src/__Libraries/StellaOps.Replay.Core`, `docs/replay/DETERMINISTIC_REPLAY.md` | Enforce BLAKE3 hashing + CAS registration for graphs/traces before manifest writes, upgrade replay manifest v2 with analyzer versions/policy thresholds, and add deterministic tests. | GAP-DOC-008 | GAPG0101 | | GAP-SCAN-001 | TODO | | SPRINT_400_runtime_facts_static_callgraph_union | Scanner Guild · GAP Guild | `src/Scanner/StellaOps.Scanner.Worker`, `docs/modules/scanner/architecture.md`, `docs/reachability/function-level-evidence.md` | Implement binary/language symbolizers that emit `richgraph-v1` payloads with canonical `SymbolID = {file:hash, section, addr, name, linkage}` plus `code_id` anchors, persist graphs to CAS via `StellaOps.Scanner.Reachability`, and refresh analyzer docs/fixtures. | GAP-POL-005 | GAPG0101 | | GAP-SIG-003 | TODO | | SPRINT_401_reachability_evidence_chain | Security Guild · GAP Guild | `src/Signals/StellaOps.Signals`, `docs/reachability/function-level-evidence.md` | Finish `/signals/runtime-facts` ingestion, add CAS-backed runtime storage, extend scoring to lattice states (`Unknown/NotPresent/Unreachable/Conditional/Reachable/Observed`), and emit `signals.fact.updated` events. Document retention/RBAC. | GAP-POL-005 | GAPG0101 | | GAP-SYM-007 | TODO | | SPRINT_401_reachability_evidence_chain | Docs Guild | `src/Scanner/StellaOps.Scanner.Models`, `docs/modules/scanner/architecture.md`, `docs/reachability/function-level-evidence.md` | Extend reachability evidence schema/DTOs with demangled symbol hints, `symbol.source`, confidence, and optional `code_block_hash`; ensure Scanner SBOM/evidence writers and CLI serializers emit the new fields deterministically. | GAP-SIG-003 | GAPG0101 | | GAP-VEX-006 | TODO | | SPRINT_401_reachability_evidence_chain | VEX Guild | `docs/modules/excititor/architecture.md`, `src/Cli/StellaOps.Cli`, `src/UI/StellaOps.UI`, `docs/09_API_CLI_REFERENCE.md` | Wire Policy/Excititor/UI/CLI surfaces so VEX emission and explain drawers show call paths, graph hashes, and runtime hits; add CLI `--evidence=graph`/`--threshold` plus Notify template updates. | GAP-POL-005 | GAPG0101 | | GAP-ZAS-002 | TODO | | SPRINT_400_runtime_facts_static_callgraph_union | Zastava Guild | `src/Zastava/StellaOps.Zastava.Observer`, `docs/modules/zastava/architecture.md`, `docs/reachability/function-level-evidence.md` | Stream runtime NDJSON batches carrying `{symbol_id, code_id, hit_count, loader_base}` plus CAS URIs, capture build-ids/entrypoints, and draft the operator runbook (`docs/runbooks/reachability-runtime.md`). Integrate with `/signals/runtime-facts` once Sprint 401 lands ingestion. | GAP-SCAN-001 | GAPG0101 | | GO-32-001 | TODO | | SPRINT_153_orchestrator_iii | Worker SDK Guild (`src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go`) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | DOOR0102 APIs | DOOR0102 APIs | GOSD0101 | | GO-32-002 | TODO | | SPRINT_153_orchestrator_iii | Worker SDK Guild | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | GO-32-001 | GO-32-001 | GOSD0101 | | GO-33-001 | TODO | | SPRINT_153_orchestrator_iii | Worker SDK Guild | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | GO-32-002 | GO-32-002 | GOSD0101 | | GO-33-002 | TODO | | SPRINT_153_orchestrator_iii | Worker SDK Guild | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | GO-33-001 | GO-33-001 | GOSD0101 | | GO-34-001 | TODO | | SPRINT_153_orchestrator_iii | Worker SDK Guild | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | GO-33-002 | GO-33-002 | GOSD0101 | | GRAPH-21-001 | TODO | | SPRINT_136_scanner_surface | Scanner WebService Guild | src/Scanner/StellaOps.Scanner.WebService | Link-Not-Merge schema | Link-Not-Merge schema | GRSC0101 | | GRAPH-21-002 | BLOCKED (2025-10-27) | 2025-10-27 | SPRINT_113_concelier_ii | Concelier Core Guild · Scanner Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | GRAPH-21-001 | GRAPH-21-001 | GRSC0101 | | GRAPH-21-003 | TODO | 2025-10-27 | SPRINT_213_web_ii | Scanner WebService Guild | src/Web/StellaOps.Web | GRAPH-21-001 | GRAPH-21-001 | GRSC0101 | | GRAPH-21-004 | TODO | 2025-10-27 | SPRINT_213_web_ii | Scanner WebService Guild | src/Web/StellaOps.Web | GRAPH-21-002 | GRAPH-21-002 | GRSC0101 | | GRAPH-21-005 | BLOCKED (2025-10-27) | 2025-10-27 | SPRINT_120_excititor_ii | Excititor Storage Guild | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo | GRAPH-21-002 | GRAPH-21-002 | GRSC0101 | | GRAPH-24-001 | TODO | | SPRINT_209_ui_i | UI Guild (`src/UI/StellaOps.UI`) | src/UI/StellaOps.UI | GRSC0101 outputs | GRSC0101 outputs | GRUI0101 | | GRAPH-24-002 | TODO | | SPRINT_209_ui_i | UI Guild | src/UI/StellaOps.UI | GRAPH-24-001 | GRAPH-24-001 | GRUI0101 | | GRAPH-24-003 | TODO | | SPRINT_209_ui_i | UI Guild | src/UI/StellaOps.UI | GRAPH-24-001 | GRAPH-24-001 | GRUI0101 | | GRAPH-24-004 | TODO | | SPRINT_209_ui_i | UI Guild | src/UI/StellaOps.UI | GRAPH-24-002 | GRAPH-24-002 | GRUI0101 | | GRAPH-24-005 | TODO | | SPRINT_304_docs_tasks_md_iv | UI Guild | | GRAPH-24-003 | GRAPH-24-003 | GRUI0101 | | GRAPH-24-006 | TODO | | SPRINT_209_ui_i | UI Guild | src/UI/StellaOps.UI | GRAPH-24-004 | GRAPH-24-004 | GRUI0101 | | GRAPH-24-007 | TODO | | SPRINT_304_docs_tasks_md_iv | UI Guild | | GRAPH-24-005 | GRAPH-24-005 | GRUI0101 | | GRAPH-24-101 | TODO | | SPRINT_113_concelier_ii | UI Guild | src/Concelier/StellaOps.Concelier.WebService | GRAPH-24-001 | GRAPH-24-001 | GRUI0101 | | GRAPH-24-102 | TODO | | SPRINT_120_excititor_ii | UI Guild | src/Excititor/StellaOps.Excititor.WebService | GRAPH-24-101 | GRAPH-24-101 | GRUI0101 | | GRAPH-28-102 | TODO | | SPRINT_113_concelier_ii | Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | GRAPI0101 | | GRAPH-API-28-001 | TODO | | SPRINT_207_graph | Graph API Guild (src/Graph/StellaOps.Graph.Api) | src/Graph/StellaOps.Graph.Api | Define OpenAPI + JSON schema for graph search/query/paths/diff/export endpoints, including cost metadata and streaming tile schema. | — | ORGR0101 | | GRAPH-API-28-002 | TODO | | SPRINT_207_graph | Graph API Guild (src/Graph/StellaOps.Graph.Api) | src/Graph/StellaOps.Graph.Api | Implement `/graph/search` with multi-type index lookup, prefix/exact match, RBAC enforcement, and result ranking + caching. Dependencies: GRAPH-API-28-001. | — | ORGR0101 | | GRAPH-API-28-003 | TODO | | SPRINT_207_graph | Graph API Guild (src/Graph/StellaOps.Graph.Api) | src/Graph/StellaOps.Graph.Api | Build query planner + cost estimator for `/graph/query`, stream tiles (nodes/edges/stats) progressively, enforce budgets, provide cursor tokens. Dependencies: GRAPH-API-28-002. | — | ORGR0101 | | GRAPH-API-28-004 | TODO | | SPRINT_207_graph | Graph API Guild (src/Graph/StellaOps.Graph.Api) | src/Graph/StellaOps.Graph.Api | Implement `/graph/paths` with depth ≤6, constraint filters, heuristic shortest path search, and optional policy overlay rendering. Dependencies: GRAPH-API-28-003. | — | ORGR0101 | | GRAPH-API-28-005 | TODO | | SPRINT_207_graph | Graph API Guild (src/Graph/StellaOps.Graph.Api) | src/Graph/StellaOps.Graph.Api | Implement `/graph/diff` streaming added/removed/changed nodes/edges between SBOM snapshots; include overlay deltas and policy/VEX/advisory metadata. Dependencies: GRAPH-API-28-004. | — | ORGR0101 | | GRAPH-API-28-006 | TODO | | SPRINT_207_graph | Graph API Guild (src/Graph/StellaOps.Graph.Api) | src/Graph/StellaOps.Graph.Api | Consume Policy Engine overlay contract (`POLICY-ENGINE-30-001..003`) and surface advisory/VEX/policy overlays with caching, partial materialization, and explain trace sampling for focused nodes. Dependencies: GRAPH-API-28-005. | — | ORGR0101 | | GRAPH-API-28-007 | TODO | | SPRINT_207_graph | Graph API Guild (`src/Graph/StellaOps.Graph.Api`) | src/Graph/StellaOps.Graph.Api | Implement exports (`graphml`, `csv`, `ndjson`, `png`, `svg`) with async job management, checksum manifests, and streaming downloads. Dependencies: GRAPH-API-28-006. | ORGR0101 outputs | GRAPI0101 | | GRAPH-API-28-008 | TODO | | SPRINT_207_graph | Graph API + Authority Guilds | src/Graph/StellaOps.Graph.Api | Integrate RBAC scopes (`graph:read`, `graph:query`, `graph:export`), tenant headers, audit logging, and rate limiting. Dependencies: GRAPH-API-28-007. | GRAPH-API-28-007 | GRAPI0101 | | GRAPH-API-28-009 | TODO | | SPRINT_207_graph | Graph API + Observability Guilds | src/Graph/StellaOps.Graph.Api | Instrument metrics (`graph_tile_latency_seconds`, `graph_query_budget_denied_total`, `graph_overlay_cache_hit_ratio`), structured logs, and traces per query stage; publish dashboards. Dependencies: GRAPH-API-28-008. | GRAPH-API-28-007 | GRAPI0101 | | GRAPH-API-28-010 | TODO | | SPRINT_207_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Build unit/integration/load tests with synthetic datasets (500k nodes/2M edges), fuzz query validation, verify determinism across runs. Dependencies: GRAPH-API-28-009. | GRAPH-API-28-008 | GRAPI0101 | | GRAPH-API-28-011 | TODO | | SPRINT_207_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Provide deployment manifests, offline kit support, API gateway integration docs, and smoke tests. Dependencies: GRAPH-API-28-010. | GRAPH-API-28-009 | GRAPI0101 | | GRAPH-CAS-401-001 | TODO | | SPRINT_401_reachability_evidence_chain | Scanner Worker Guild | `src/Scanner/StellaOps.Scanner.Worker` | Finalize richgraph schema (`richgraph-v1`), emit canonical SymbolIDs, compute graph hash (BLAKE3), and store CAS manifests under `cas://reachability/graphs/{sha256}`. Update Scanner Worker adapters + fixtures. | Depends on #1 | CASC0101 | | GRAPH-DOCS-0001 | DONE (2025-11-05) | 2025-11-05 | SPRINT_321_docs_modules_graph | Docs Guild | docs/modules/graph | Validate that graph module README/diagrams reflect the latest overlay + snapshot updates. | GRAPI0101 evidence | GRDG0101 | | GRAPH-DOCS-0002 | TODO | 2025-11-05 | SPRINT_321_docs_modules_graph | Docs Guild | docs/modules/graph | Pending DOCS-GRAPH-24-003 to add API/query doc cross-links | GRAPI0101 outputs | GRDG0101 | | GRAPH-ENG-0001 | TODO | | SPRINT_321_docs_modules_graph | Module Team | docs/modules/graph | Keep module milestones in sync with `/docs/implplan/SPRINT_141_graph.md` and related files. | GRSC0101 | GRDG0101 | | GRAPH-INDEX-28-007 | TODO | | SPRINT_140_runtime_signals | — | | Clustering/centrality jobs queued behind Scanner surface analyzer artifacts; design work complete but implementation held. | — | ORGR0101 | | GRAPH-INDEX-28-008 | TODO | | SPRINT_140_runtime_signals | — | | Incremental update/backfill pipeline depends on 28-007 artifacts; retry/backoff plumbing sketched but blocked. | — | ORGR0101 | | GRAPH-INDEX-28-009 | TODO | | SPRINT_140_runtime_signals | — | | Test/fixture/chaos coverage waits on earlier jobs to exist so determinism checks have data. | — | ORGR0101 | | GRAPH-INDEX-28-010 | TODO | | SPRINT_140_runtime_signals | — | | Packaging/offline bundles paused until upstream graph jobs are available to embed. | — | ORGR0101 | | GRAPH-INDEX-28-011 | TODO | 2025-11-04 | SPRINT_207_graph | Graph Index Guild | src/Graph/StellaOps.Graph.Indexer | Wire SBOM ingest runtime to emit graph snapshot artifacts, add DI factory helpers, and document Mongo/snapshot environment guidance. Dependencies: GRAPH-INDEX-28-002..006. | GRSC0101 outputs | GRIX0101 | | GRAPH-OPS-0001 | TODO | | SPRINT_321_docs_modules_graph | Ops Guild | docs/modules/graph | Review graph observability dashboards/runbooks after the next sprint demo. | GRUI0101 | GRDG0101 | | HELM-45-001 | TODO | | SPRINT_501_ops_deployment_i | Deployment Guild (ops/deployment) | ops/deployment | | | GRIX0101 | | HELM-45-002 | TODO | | SPRINT_502_ops_deployment_ii | Deployment Guild, Security Guild (ops/deployment) | ops/deployment | Add TLS/Ingress, NetworkPolicy, PodSecurityContexts, Secrets integration (external secrets), and document security posture. Dependencies: HELM-45-001. | | GRIX0101 | | HELM-45-003 | TODO | | SPRINT_502_ops_deployment_ii | Deployment Guild, Observability Guild (ops/deployment) | ops/deployment | Implement HPA, PDB, readiness gates, Prometheus scraping annotations, OTel configuration hooks, and upgrade hooks. Dependencies: HELM-45-002. | | GRIX0101 | | ICSCISA-02-012 | BLOCKED | | SPRINT_110_ingestion_evidence | Concelier Feed Owners (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | src/Concelier/__Libraries/StellaOps.Concelier.Core | FEED-REMEDIATION-1001 | FEED-REMEDIATION-1001 | CCFD0101 | | IMP-56-001 | TODO | | SPRINT_510_airgap | AirGap Importer Guild | src/AirGap/StellaOps.AirGap.Importer | Harden base importer pipeline. | EXAG0101 | GRIX0101 | | IMP-56-002 | TODO | | SPRINT_510_airgap | AirGap Importer + Security Guilds | src/AirGap/StellaOps.AirGap.Importer | IMP-56-001 | IMP-56-001 | IMIM0101 | | IMP-57-001 | TODO | | SPRINT_510_airgap | AirGap Importer Guild | src/AirGap/StellaOps.AirGap.Importer | IMP-56-002 | IMP-56-002 | IMIM0101 | | IMP-57-002 | TODO | | SPRINT_510_airgap | AirGap Importer + DevOps Guilds | src/AirGap/StellaOps.AirGap.Importer | IMP-57-001 | IMP-57-001 | IMIM0101 | | IMP-58-001 | TODO | | SPRINT_510_airgap | AirGap Importer + CLI Guilds | src/AirGap/StellaOps.AirGap.Importer | IMP-57-002 | IMP-57-002 | IMIM0101 | | IMP-58-002 | TODO | | SPRINT_510_airgap | AirGap Importer + Observability Guilds | src/AirGap/StellaOps.AirGap.Importer | IMP-58-001 | IMP-58-001 | IMIM0101 | | IMPACT-16-001 | TODO | | SPRINT_512_bench | Bench Guild (`src/Bench/StellaOps.Bench`) | src/Bench/StellaOps.Bench | Harden impact scoring + fixtures. | GRSC0101 outputs | IMIM0101 | | IMPACT-16-303 | TODO | | SPRINT_155_scheduler_i | Scheduler ImpactIndex Guild (`src/Scheduler/__Libraries/StellaOps.Scheduler.ImpactIndex`) | src/Scheduler/__Libraries/StellaOps.Scheduler.ImpactIndex | IMPACT-16-001 | IMPACT-16-001 | IMPT0101 | | INDEX-28-007 | TODO | | SPRINT_140_runtime_signals | Graph Index Guild | src/Graph/StellaOps.Graph.Indexer | GRAPH-INDEX-28-011 | GRAPH-INDEX-28-011 | GRIX0101 | | INDEX-28-008 | TODO | | SPRINT_140_runtime_signals | Graph Index Guild | src/Graph/StellaOps.Graph.Indexer | INDEX-28-007 | INDEX-28-007 | GRIX0101 | | INDEX-28-009 | TODO | | SPRINT_140_runtime_signals | Graph Index Guild | src/Graph/StellaOps.Graph.Indexer | INDEX-28-008 | INDEX-28-008 | GRIX0101 | | INDEX-28-010 | TODO | | SPRINT_140_runtime_signals | Graph Indexer Guild (src/Graph/StellaOps.Graph.Indexer) | src/Graph/StellaOps.Graph.Indexer | | INDEX-28-009 | GRIX0101 | | INDEX-28-011 | DONE | 2025-11-04 | SPRINT_207_graph | Graph Indexer Guild (src/Graph/StellaOps.Graph.Indexer) | src/Graph/StellaOps.Graph.Indexer | | INDEX-28-010 | GRIX0101 | | INDEX-401-030 | TODO | | SPRINT_401_reachability_evidence_chain | Platform + Ops Guilds | `docs/provenance/inline-dsse.md`, `ops/mongo/indices/events_provenance_indices.js` | Needs Ops approval for new Mongo index | Needs Ops approval for new Mongo index | RBRE0101 | | INGEST-401-013 | TODO | | SPRINT_401_reachability_evidence_chain | Symbols Guild · DevOps Guild (`src/Symbols/StellaOps.Symbols.Ingestor.Cli`) | `src/Symbols/StellaOps.Symbols.Ingestor.Cli`, `docs/specs/SYMBOL_MANIFEST_v1.md` | Implement deterministic ingest + docs. | RBRE0101 inline DSSE | IMPT0101 | | INLINE-401-028 | DONE | | SPRINT_401_reachability_evidence_chain | Authority Guild · Feedser Guild (`docs/provenance/inline-dsse.md`, `src/__Libraries/StellaOps.Provenance.Mongo`) | `docs/provenance/inline-dsse.md`, `src/__Libraries/StellaOps.Provenance.Mongo` | | | INST0101 | | INSTALL-44-001 | TODO | | SPRINT_305_docs_tasks_md_v | Docs Guild · Ops Guild | | DOIS0101 outputs | DOIS0101 outputs | INST0101 | | INSTALL-45-001 | TODO | | SPRINT_305_docs_tasks_md_v | Docs Guild · Ops Guild | | INSTALL-44-001 | INSTALL-44-001 | INST0101 | | INSTALL-46-001 | TODO | | SPRINT_305_docs_tasks_md_v | Docs Guild · Security Guild | | INSTALL-45-001 | INSTALL-45-001 | INST0101 | | INSTALL-50-001 | TODO | | SPRINT_305_docs_tasks_md_v | Docs Guild · Support Guild | | INSTALL-44-001 | INSTALL-44-001 | INST0101 | | KEV providers` | TODO | | SPRINT_115_concelier_iv | Concelier Core + Risk Engine Guilds (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | src/Concelier/__Libraries/StellaOps.Concelier.Core | Surface vendor-provided CVSS/KEV/fix data exactly as published (with provenance anchors) through provider APIs so risk engines can reason about upstream intent. | ICSCISA-02-012 | CCFD0101 | | KISA-02-008 | BLOCKED | | SPRINT_110_ingestion_evidence | Concelier Feed Owners | | | FEED-REMEDIATION-1001 | LATC0101 | | KMS-73-001 | DONE (2025-11-03) | 2025-11-03 | SPRINT_100_identity_signing | KMS Guild (src/__Libraries/StellaOps.Cryptography.Kms) | src/__Libraries/StellaOps.Cryptography.Kms | AWS/GCP KMS drivers landed with digest-first signing, metadata caching, config samples, and docs/tests green. | AWS/GCP KMS drivers landed with digest-first signing, metadata caching, config samples, and docs/tests green. | KMSI0102 | | KMS-73-002 | DONE (2025-11-03) | 2025-11-03 | SPRINT_100_identity_signing | KMS Guild (src/__Libraries/StellaOps.Cryptography.Kms) | src/__Libraries/StellaOps.Cryptography.Kms | PKCS#11 + FIDO2 drivers shipped (deterministic digesting, authenticator factories, DI extensions) with docs + xUnit fakes covering sign/verify/export flows. | FIDO2 | KMSI0102 | | LATTICE-401-023 | TODO | | SPRINT_401_reachability_evidence_chain | Scanner Guild · Policy Guild | `docs/reachability/lattice.md`, `docs/modules/scanner/architecture.md`, `src/Scanner/StellaOps.Scanner.WebService` | Update reachability/lattice docs + examples. | GRSC0101 & RBRE0101 | LEDG0101 | | LEDGER-29-007 | TODO | | SPRINT_120_policy_reasoning | Findings Ledger Guild (`src/Findings/StellaOps.Findings.Ledger`) | src/Findings/StellaOps.Findings.Ledger | Instrument metrics | LEDGER-29-006 | PLLG0101 | | LEDGER-29-008 | TODO | | SPRINT_120_policy_reasoning | Findings Ledger + QA Guild | src/Findings/StellaOps.Findings.Ledger | Develop unit/property/integration tests, replay/restore tooling, determinism harness, and load tests at 5M findings/tenant | LEDGER-29-007 | PLLG0101 | | LEDGER-29-009 | TODO | | SPRINT_120_policy_reasoning | Findings Ledger + DevOps Guild | src/Findings/StellaOps.Findings.Ledger | Provide deployment manifests | LEDGER-29-008 | PLLG0101 | | LEDGER-34-101 | TODO | | SPRINT_120_policy_reasoning | Findings Ledger Guild | src/Findings/StellaOps.Findings.Ledger | Link orchestrator run ledger exports into Findings Ledger provenance chain, index by artifact hash, and expose audit queries | LEDGER-29-009 | PLLG0101 | | LEDGER-AIRGAP-56 | TODO | | SPRINT_120_policy_reasoning | Findings Ledger + AirGap Guilds | | AirGap ledger schema. | PLLG0102 | PLLG0102 | | LEDGER-AIRGAP-56-001 | TODO | | SPRINT_120_policy_reasoning | Findings Ledger Guild | src/Findings/StellaOps.Findings.Ledger | Record bundle provenance (`bundle_id`, `merkle_root`, `time_anchor`) on ledger events for advisories/VEX/policies imported via Mirror Bundles | LEDGER-AIRGAP-56 | PLLG0102 | | LEDGER-AIRGAP-56-002 | TODO | | SPRINT_120_policy_reasoning | Findings Ledger + AirGap Time Guild | src/Findings/StellaOps.Findings.Ledger | Surface staleness metrics for findings and block risk-critical exports when stale beyond thresholds; provide remediation messaging | LEDGER-AIRGAP-56-001 | PLLG0102 | | LEDGER-AIRGAP-57 | TODO | | SPRINT_120_policy_reasoning | Findings Ledger Guild · AirGap Guilds · Evidence Locker Guild | | — | — | PLLG0102 | | LEDGER-AIRGAP-57-001 | TODO | | SPRINT_120_policy_reasoning | Findings Ledger Guild, Evidence Locker Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Link findings evidence snapshots to portable evidence bundles and ensure cross-enclave verification works | LEDGER-AIRGAP-56-002 | PLLG0102 | | LEDGER-AIRGAP-58-001 | TODO | | SPRINT_120_policy_reasoning | Findings Ledger Guild, AirGap Controller Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Emit timeline events for bundle import impacts | LEDGER-AIRGAP-57-001 | PLLG0102 | | LEDGER-ATTEST-73-001 | TODO | | SPRINT_120_policy_reasoning | Findings Ledger Guild, Attestor Service Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Persist pointers from findings to verification reports and attestation envelopes for explainability | — | PLLG0102 | | LEDGER-ATTEST-73-002 | TODO | | SPRINT_121_policy_reasoning | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Enable search/filter in findings projections by verification result and attestation status | LEDGER-ATTEST-73-001 | PLLG0102 | | LEDGER-EXPORT-35-001 | TODO | | SPRINT_121_policy_reasoning | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Provide paginated streaming endpoints for advisories, VEX, SBOMs, and findings aligned with export filters, including deterministic ordering and provenance metadata | — | PLLG0101 | | LEDGER-OAS-61-001 | TODO | | SPRINT_121_policy_reasoning | Findings Ledger Guild, API Contracts Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Expand Findings Ledger OAS to include projections, evidence lookups, and filter parameters with examples | — | PLLG0101 | | LEDGER-OAS-61-002 | TODO | | SPRINT_121_policy_reasoning | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Implement `/.well-known/openapi` endpoint and ensure version metadata matches release | LEDGER-OAS-61-001 | PLLG0101 | | LEDGER-OAS-62-001 | TODO | | SPRINT_121_policy_reasoning | Findings Ledger Guild, SDK Generator Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Provide SDK test cases for findings pagination, filtering, evidence links; ensure typed models expose provenance | LEDGER-OAS-61-002 | PLLG0101 | | LEDGER-OAS-63-001 | TODO | | SPRINT_121_policy_reasoning | Findings Ledger Guild, API Governance Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Support deprecation headers and Notifications for retiring finding endpoints | LEDGER-OAS-62-001 | PLLG0101 | | LEDGER-OBS-50-001 | TODO | | SPRINT_121_policy_reasoning | Findings Ledger Guild, Observability Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Integrate telemetry core within ledger writer/projector services, emitting structured logs and trace spans for ledger append, projector replay, and query APIs with tenant context | — | PLLG0102 | | LEDGER-OBS-51-001 | TODO | | SPRINT_121_policy_reasoning | Findings Ledger Guild, DevOps Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Publish metrics for ledger latency, projector lag, event throughput, and policy evaluation linkage. Define SLOs | LEDGER-OBS-50-001 | PLLG0102 | | LEDGER-OBS-52-001 | TODO | | SPRINT_121_policy_reasoning | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Emit timeline events for ledger writes and projector commits | LEDGER-OBS-51-001 | PLLG0103 | | LEDGER-OBS-53-001 | TODO | | SPRINT_121_policy_reasoning | Findings Ledger Guild, Evidence Locker Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Persist evidence bundle references | LEDGER-OBS-52-001 | PLLG0103 | | LEDGER-OBS-54-001 | TODO | | SPRINT_121_policy_reasoning | Findings Ledger Guild, Provenance Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Verify attestation references for ledger-derived exports; expose `/ledger/attestations` endpoint returning DSSE verification state and chain-of-custody summary | LEDGER-OBS-53-001 | PLLG0103 | | LEDGER-OBS-55-001 | TODO | | SPRINT_121_policy_reasoning | Findings Ledger Guild, DevOps Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Enhance incident mode to record additional replay diagnostics | LEDGER-OBS-54-001 | PLLG0103 | | LEDGER-PACKS-42-001 | TODO | | SPRINT_121_policy_reasoning | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Provide snapshot/time-travel APIs and digestable exports for task pack simulation and CLI offline mode | — | PLLG0103 | | LEDGER-RISK-66-001 | TODO | | SPRINT_121_policy_reasoning | Findings Ledger Guild, Risk Engine Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Add schema migrations for `risk_score`, `risk_severity`, `profile_version`, `explanation_id`, and supporting indexes | — | PLLG0103 | | LEDGER-RISK-66-002 | TODO | | SPRINT_121_policy_reasoning | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Implement deterministic upsert of scoring results keyed by finding hash/profile version with history audit | LEDGER-RISK-66-001 | PLLG0103 | | LEDGER-RISK-67-001 | TODO | | SPRINT_122_policy_reasoning | Findings Ledger Guild, Risk Engine Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Expose query APIs for scored findings with score/severity filters, pagination, and explainability links | LEDGER-RISK-66-002 | PLLG0103 | | LEDGER-RISK-68-001 | TODO | | SPRINT_122_policy_reasoning | Findings Ledger Guild, Export Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Enable export of scored findings and simulation results via Export Center integration | LEDGER-RISK-67-001 | PLLG0103 | | LEDGER-RISK-69-001 | TODO | | SPRINT_122_policy_reasoning | Findings Ledger Guild, Observability Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Emit metrics/dashboards for scoring latency, result freshness, severity distribution, provider gaps | LEDGER-RISK-68-001 | PLLG0103 | | LEDGER-TEN-48-001 | TODO | | SPRINT_122_policy_reasoning | Findings Ledger Guild · Tenancy Guild | src/Findings/StellaOps.Findings.Ledger | Partition ledger tables by tenant/project, enable RLS, update queries/events, and stamp audit metadata | LEDGER-29-009 | LEDG0101 | | LENS-ENG-0001 | TODO | | SPRINT_332_docs_modules_vex_lens | Module Team · Docs Guild | docs/modules/vex-lens | Engineering checklist. | DOVL0101 outputs | LEDG0101 | | LENS-OPS-0001 | TODO | | SPRINT_332_docs_modules_vex_lens | Ops Guild · Docs Guild | docs/modules/vex-lens | Ops/runbook guidance. | LENS-ENG-0001 | LEDG0101 | | LIB-401-001 | TODO | | SPRINT_401_reachability_evidence_chain | Policy Guild | `src/Policy/StellaOps.PolicyDsl`, `docs/policy/dsl.md` | Update DSL library + docs. | DOAL0101 references | LEDG0101 | | LIB-401-002 | TODO | | SPRINT_401_reachability_evidence_chain | Policy Guild · CLI Guild | `tests/Policy/StellaOps.PolicyDsl.Tests`, `policy/default.dsl`, `docs/policy/lifecycle.md` | Expand tests/fixtures. | LIB-401-001 | LEDG0101 | | LIB-401-020 | TODO | | SPRINT_401_reachability_evidence_chain | Policy Guild | `src/Attestor/StellaOps.Attestation`, `src/Attestor/StellaOps.Attestor.Envelope` | Publish CAS fixtures + determinism tests. | LIB-401-002 | LEDG0101 | | LIC-0001 | TODO | 2025-11-10 | SPRINT_138_scanner_ruby_parity | Legal Guild · Docs Guild | docs/modules/scanner | Refresh license notes. | SCANNER-ENG-0016 | LEDG0101 | | LNM-21-001 | TODO | | SPRINT_113_concelier_ii | CLI Guild (`src/Cli/StellaOps.Cli`) | src/Concelier/__Libraries/StellaOps.Concelier.Core | Implement baseline LNM CLI verb. | DOLN0101 schema | LENS0101 | | LNM-21-002 | TODO | | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Hash verification support. | LNM-21-001 | LENS0101 | | LNM-21-003 | TODO | | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Filtering options. | LNM-21-002 | LIBC0101 | | LNM-21-004 | TODO | | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Multi-bundle diff. | LNM-21-003 | LIBC0101 | | LNM-21-005 | TODO | | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Export packaging. | LNM-21-004 | LIBC0101 | | LNM-21-101 | TODO | | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | Deterministic tests. | LNM-21-001 | LIBC0101 | | LNM-21-102 | TODO | | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | LNM-21-101 | LNM-21-101 | LNMC0101 | | LNM-21-103 | TODO | | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | LNM-21-102 | LNM-21-102 | LNMC0101 | | LNM-21-201 | TODO | | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/StellaOps.Concelier.WebService | Bundle validation enhancements. | LNMC0101 outputs | LNMC0101 | | LNM-21-202 | TODO | | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/StellaOps.Concelier.WebService | Policy linking improvements. | LNM-21-201 | LNMC0101 | | LNM-21-203 | TODO | | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/StellaOps.Concelier.WebService | Export reporting. | LNM-21-202 | LNMC0101 | | LNM-22-001 | TODO | | SPRINT_202_cli_ii | CLI Guild | src/Cli/StellaOps.Cli | CLI/UI shared components. | DOLN0101 | LNMC0101 | | LNM-22-002 | TODO | | SPRINT_202_cli_ii | CLI Guild | src/Cli/StellaOps.Cli | Additional filters. | LNM-22-001 | LNMC0101 | | LNM-22-003 | TODO | | SPRINT_210_ui_ii | UI Guild (`src/UI/StellaOps.UI`) | src/UI/StellaOps.UI | UI ingestion view. | LNM-22-001 | LNMC0101 | | LNM-22-004 | TODO | | SPRINT_210_ui_ii | UI Guild | src/UI/StellaOps.UI | UI remediation workflow. | LNM-22-003 | IMPT0101 | | LNM-22-005 | BLOCKED (2025-10-27) | 2025-10-27 | SPRINT_305_docs_tasks_md_v | Docs + UI Guild | | Docs update for UI flows. | DOCS-LNM-22-004 | IMPT0101 | | LNM-22-007 | TODO | | SPRINT_305_docs_tasks_md_v | Docs Guild · Observability Guild | docs/modules/concelier/link-not-merge.md | Publish `/docs/observability/aggregation.md` with metrics/traces/logs/SLOs. Dependencies: DOCS-LNM-22-005. | DOCS-LNM-22-005 | DOLN0102 | | LNM-22-008 | DONE | 2025-11-03 | SPRINT_117_concelier_vi | Docs Guild · DevOps Guild | docs/modules/concelier/link-not-merge.md | Document Link-Not-Merge migration playbook updates in `docs/migration/no-merge.md`, including rollback guidance. | LNM-22-007 | DOLN0102 | | MIRROR-CRT-56-001 | TODO | | SPRINT_110_ingestion_evidence | Mirror Creator Guild | | Deterministic assembler has no owner; kickoff rescheduled to 2025-11-15. | PROGRAM-STAFF-1001 | ATMI0101 | | MIRROR-CRT-56-002 | TODO | | SPRINT_110_ingestion_evidence | Mirror Creator · Security Guilds | | DSSE/TUF metadata follows assembler baseline. | MIRROR-CRT-56-001; MIRROR-DSSE-REV-1501; PROV-OBS-53-001 | ATMI0101 | | MIRROR-CRT-57-001 | TODO | | SPRINT_110_ingestion_evidence | Mirror Creator Guild · AirGap Time Guild | | OCI/time-anchor workstreams blocked pending assembler + time contract. | MIRROR-CRT-56-001; AIRGAP-TIME-CONTRACT-1501; AIRGAP-TIME-57-001 | ATMI0101 | | MIRROR-CRT-57-002 | TODO | | SPRINT_110_ingestion_evidence | Mirror Creator Guild · AirGap Time Guild | | MIRROR-CRT-56-001; AIRGAP-TIME-CONTRACT-1501; AIRGAP-TIME-57-001 | MIRROR-CRT-56-001; AIRGAP-TIME-CONTRACT-1501; AIRGAP-TIME-57-001 | ATMI0101 | | MIRROR-CRT-58-001 | TODO | | SPRINT_110_ingestion_evidence | Mirror Creator Guild · CLI Guild · Exporter Guild | | CLI + Export automation depends on assembler and DSSE/TUF track. | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | ATMI0101 | | MIRROR-CRT-58-002 | TODO | | SPRINT_110_ingestion_evidence | Mirror Creator Guild · CLI Guild · Exporter Guild | | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | ATMI0101 | | MTLS-11-002 | DONE | 2025-11-08 | SPRINT_100_identity_signing | Authority Core & Security Guild | src/Authority/StellaOps.Authority | Refresh grants enforce original client cert, tokens persist `x5t#S256` metadata, docs updated. | AUTH-DPOP-11-001 | AUIN0102 | | NATIVE-401-015 | TODO | | SPRINT_401_reachability_evidence_chain | Scanner Worker Guild | `src/Scanner/__Libraries/StellaOps.Scanner.Symbols.Native`, `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph.Native` | Bootstrap Symbols.Native + CallGraph.Native scaffolding and coverage fixtures. | Needs replay requirements from DORR0101 | SCNA0101 | | NOTIFY-38-001 | TODO | | SPRINT_214_web_iii | BE-Base Platform Guild | src/Web/StellaOps.Web | Route approval/rule APIs through Web gateway with tenant scopes. | Wait for NOTY0103 approval payload schema | NOWB0101 | | NOTIFY-39-001 | TODO | | SPRINT_214_web_iii | BE-Base Platform Guild | src/Web/StellaOps.Web | Surface digest/simulation/quiet-hour controls in Web tier. | Needs correlation outputs from NOTY0105 | NOWB0101 | | NOTIFY-40-001 | TODO | | SPRINT_202_cli_ii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement escalations + ack workflows, localization previews, and channel health checks. | NOTIFY-39-001 | NOWC0101 | | NOTIFY-AIRGAP-56-002 | DONE | | SPRINT_170_notifications_telemetry | Notifications Service Guild · DevOps Guild | src/Notify/StellaOps.Notify | Ship AirGap-ready notifier bundles (Helm overlays, secrets templates, rollout guide). | MIRROR-CRT-56-001 | NOIA0101 | | NOTIFY-ATTEST-74-001 | DOING | | SPRINT_170_notifications_telemetry | Notifications Service Guild · Attestor Service Guild | src/Notify/StellaOps.Notify | Create attestor-driven notification templates + schema docs; publish in `/docs/notifications/templates.md`. | ATEL0101 | NOIA0101 | | NOTIFY-ATTEST-74-002 | DOING | | SPRINT_170_notifications_telemetry | Notifications Service Guild | src/Notify/StellaOps.Notify | Wire attestor DSSE payload ingestion + Task Runner callbacks for attestation verdicts. | NOTIFY-ATTEST-74-001 | NOIA0101 | | NOTIFY-DOC-70-001 | DONE | | SPRINT_170_notifications_telemetry | Notifications Service Guild · DevOps Guild | docs/modules/notify | Keep as reference for documentation/offline-kit parity. | NOTIFY-AIRGAP-56-002 | DONO0102 | | NOTIFY-DOCS-0001 | DONE | 2025-11-05 | SPRINT_322_docs_modules_notify | Docs Guild | docs/modules/notify | Validate module README reflects Notifications Studio pivot and latest release notes. | NOTIFY-DOC-70-001 | DONO0102 | | NOTIFY-DOCS-0002 | TODO | 2025-11-05 | SPRINT_322_docs_modules_notify | Docs Guild | docs/modules/notify | Pending NOTIFY-SVC-39-001..004 to document correlation/digests/simulation/quiet hours. | NOTIFY-SVC-39-004 | DONO0102 | | NOTIFY-ENG-0001 | TODO | | SPRINT_322_docs_modules_notify | Module Team | docs/modules/notify | Keep implementation milestones aligned with `/docs/implplan/SPRINT_171_notifier_i.md` onward. | NOTY0103 | DONO0102 | | NOTIFY-OAS-61-001 | DOING | | SPRINT_170_notifications_telemetry | Notifications Service Guild · API Governance Guild | docs/api/notifications | Update OpenAPI doc set (rule/incident endpoints) with new schemas + changelog. | NOTY0103 | NOOA0101 | | NOTIFY-OAS-61-002 | TODO | | SPRINT_171_notifier_i | Notifications Service Guild · SDK Guild | docs/api/notifications | Provide SDK usage examples for rule CRUD, incident ack, and quiet hours; ensure SDK smoke tests. | NOTIFY-OAS-61-001 | NOOA0101 | | NOTIFY-OAS-62-001 | TODO | | SPRINT_170_notifications_telemetry | Notifications Service Guild · Developer Portal Guild | docs/api/notifications | Publish `/docs/api/reference/notifications` auto-generated site; integrate with portal nav. | NOTIFY-OAS-61-002 | NOOA0101 | | NOTIFY-OAS-63-001 | TODO | | SPRINT_170_notifications_telemetry | Notifications Service Guild · SDK Generator Guild | docs/api/notifications | Provide CLI/UI quickstarts plus recipes referencing new endpoints. | NOTIFY-OAS-61-002 | NOOA0101 | | NOTIFY-OBS-51-001 | TODO | | SPRINT_170_notifications_telemetry | Notifications Service Guild · Observability Guild | src/Notify/StellaOps.Notify | Implement telemetry SLO webhook schema + incident toggle contract. | NOTY0104 | NOOB0101 | | NOTIFY-OBS-55-001 | TODO | | SPRINT_171_notifier_i | Notifications Service Guild · Ops Guild | src/Notify/StellaOps.Notify | Add override snapshots, legal compliance logging, and override audit events. | NOTIFY-OBS-51-001 | NOOB0101 | | NOTIFY-OPS-0001 | TODO | | SPRINT_322_docs_modules_notify | Ops Guild · Docs Guild | docs/modules/notify | Review notifier runbooks/observability assets after the next sprint demo and record findings. | NOTIFY-OBS-55-001 | NOOR0101 | | NOTIFY-RISK-66-001 | TODO | | SPRINT_170_notifications_telemetry | Notifications Service Guild · Risk Engine Guild · Policy Guild | src/Notify/StellaOps.Notify | Policy/Risk metadata export required before implementation. | POLICY-RISK-40-002 | NORR0101 | | NOTIFY-RISK-67-001 | TODO | | SPRINT_171_notifier_i | Notifications Service Guild · Policy Guild | src/Notify/StellaOps.Notify | Notify stakeholders when risk profiles are published, deprecated, or thresholds change. | NOTIFY-RISK-66-001 | NORR0101 | | NOTIFY-RISK-68-001 | TODO | | SPRINT_170_notifications_telemetry | Notifications Service Guild · Risk Engine Guild · Policy Guild | src/Notify/StellaOps.Notify | Broadcast severity transitions with trace metadata and attach policy references. | NOTIFY-RISK-67-001 | NORR0101 | | NOTIFY-SVC-37-001 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Define pack approval & policy notification contract, including OpenAPI schema, event payloads, resume token mechanics, and security guidance. | Align payload schema with PGMI0101 + ATEL0101 decisions | NOTY0103 | | NOTIFY-SVC-37-002 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Implement secure ingestion endpoint, Mongo persistence (`pack_approvals`), idempotent writes, and audit trail for approval events. Dependencies: NOTIFY-SVC-37-001. | NOTIFY-SVC-37-001 | NOTY0103 | | NOTIFY-SVC-37-003 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Deliver approval/policy templates, routing predicates, and channel dispatch (email/chat/webhook) with deterministic ordering plus ack gating. | NOTIFY-SVC-37-002 | NOTY0103 | | NOTIFY-SVC-37-004 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Provide acknowledgement API, Task Runner callback client, metrics for outstanding approvals, and SLA escalations. | NOTIFY-SVC-37-003 | NOTY0103 | | NOTIFY-SVC-38-002 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Implement channel adapters (email, chat webhook, generic webhook) with retry policies, health checks, and audit logging. | NOTIFY-SVC-37-004 | NOTY0104 | | NOTIFY-SVC-38-003 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Deliver template service (versioned templates, localization scaffolding) and renderer with redaction allowlists, Markdown/HTML/JSON outputs, and provenance links. | NOTIFY-SVC-38-002 | NOTY0104 | | NOTIFY-SVC-38-004 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Expose REST + WS APIs (rules CRUD, templates preview, incidents list, ack) with audit logging, RBAC checks, and live feed stream. | NOTIFY-SVC-38-003 | NOTY0104 | | NOTIFY-SVC-39-001 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Implement correlation engine with pluggable key expressions/windows, throttler (token buckets), quiet hours/maintenance evaluator, and incident lifecycle. | NOTIFY-SVC-38-004 | NOTY0105 | | NOTIFY-SVC-39-002 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Build digest generator (queries, formatting) with schedule runner and distribution manifests. | NOTIFY-SVC-39-001 | NOTY0105 | | NOTIFY-SVC-39-003 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Provide simulation engine/API to dry-run rules against historical events, returning correlation explanations. | NOTIFY-SVC-39-002 | NOTY0105 | | NOTIFY-SVC-39-004 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Integrate quiet hour calendars and throttles with audit logging plus operator overrides. | NOTIFY-SVC-39-003 | NOTY0105 | | NOTIFY-SVC-40-001 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Implement escalations + on-call schedules, ack bridge, PagerDuty/OpsGenie adapters, and CLI/in-app inbox channels. Dependencies: NOTIFY-SVC-39-004. | NOTIFY-SVC-39-004 | NOTY0106 | | NOTIFY-SVC-40-002 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Add summary storm breaker notifications, localization bundles, and localization fallback handling. | NOTIFY-SVC-40-001 | NOTY0106 | | NOTIFY-SVC-40-003 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Harden security: signed ack links (KMS), webhook HMAC/IP allowlists, tenant isolation fuzz tests, HTML sanitization. | NOTIFY-SVC-40-002 | NOTY0106 | | NOTIFY-SVC-40-004 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Finalize observability (metrics/traces for escalations, latency), dead-letter handling, chaos tests for channel outages, and retention policies. | NOTIFY-SVC-40-003 | NOTY0106 | | NOTIFY-TEN-48-001 | TODO | | SPRINT_173_notifier_iii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Tenant-scope rules/templates/incidents, RLS on storage, tenant-prefixed channels, and inclusion of tenant context in notifications. | NOTIFY-SVC-40-004 | NOTY0107 | | OAS-61 | TODO | | SPRINT_160_export_evidence | Exporter Service + API Governance + SDK Guilds | docs/api/oas | Define platform-wide OpenAPI governance + release checklist. | PGMI0101 | DOOA0103 | | OAS-61-001 | DOING | | SPRINT_170_notifications_telemetry | API Governance Guild | docs/api/oas | Draft spec updates + changelog text. | OAS-61 | DOOA0103 | | OAS-61-002 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Align Link-Not-Merge endpoints with new pagination/idempotency rules. | OAS-61 | COAS0101 | | OAS-61-003 | TODO | | SPRINT_305_docs_tasks_md_v | Docs Guild · API Governance Guild | docs/api/oas | Publish `/docs/api/versioning.md` describing SemVer, deprecation headers, migration playbooks. | OAS-61 | DOOA0103 | | OAS-62 | TODO | | SPRINT_160_export_evidence | Exporter + API Gov + SDK Guilds | docs/api/oas | Document SDK/gen pipeline + offline bundle expectations. | OAS-61 | DOOA0103 | | OAS-62-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild · SDK Generator Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Generate `/docs/api/reference/` data + integrate with SDK scaffolding. | OAS-61-002 | COAS0101 | | OAS-62-002 | TODO | | SPRINT_511_api | API Contracts Guild | src/Api/StellaOps.Api.OpenApi | Add lint rules enforcing pagination, idempotency headers, naming conventions, and example coverage. | OAS-62-001 | AOAS0101 | | OAS-63 | TODO | | SPRINT_160_export_evidence | Exporter + API Gov + SDK Guilds | docs/api/oas | Define discovery endpoint strategy + lifecycle docs. | OAS-62 | DOOA0103 | | OAS-63-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild · API Governance Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Implement `.well-known/openapi` metadata + discovery hints. | Requires 62-001 outputs | | | OBS-50-001 | DOING | | SPRINT_170_notifications_telemetry | Telemetry Core Guild | | Implement structured logging + trace propagation defaults across services. | Align scrub rules with Security guild | | | OBS-50-002 | DOING | | SPRINT_170_notifications_telemetry | Telemetry Core Guild | | Roll out collectors/helm overlays + regression tests for exporters. | Needs 50-001 baseline in main | | | OBS-50-003 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild · Observability Guild | | Update collector deployment + metrics catalog docs. | Needs scrubber decisions from TLTY0102 | | | OBS-50-004 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild · Observability Guild | | Add SOP for telemetry scrub policies + troubleshooting. | Requires 50-003 outline | | | OBS-51-001 | TODO | | SPRINT_110_ingestion_evidence | Exporter Guild · AirGap Time Guild · CLI Guild | | Build SLO bus + queue depth metrics feeding CLI/exporter dashboards. | PROGRAM-STAFF-1001 | | | OBS-51-002 | TODO | | SPRINT_170_notifications_telemetry | Telemetry Core Guild · Observability Guild | | Enable shadow-mode evaluators + roll into main collectors. | Depends on 51-001 shadow mode | | | OBS-52-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Emit ingest latency/queue/AOC metrics with burn-rate alerts. | Needs ATLN0101 schema | | | OBS-52-002 | TODO | | SPRINT_160_export_evidence | Timeline Indexer Guild | | Configure streaming pipeline (retention/partitioning/backpressure). | Needs Concelier metrics | | | OBS-52-003 | TODO | | SPRINT_160_export_evidence | Timeline Indexer Guild | | Add CI validation + schema enforcement for timeline events. | Depends on 52-002 | | | OBS-52-004 | TODO | | SPRINT_160_export_evidence | Timeline Indexer + Security Guilds | | Harden stream (auth, encryption) + produce DSSE proofs. | Requires 52-003 outputs | | | OBS-53-001 | TODO | | SPRINT_110_ingestion_evidence | Exporter Guild · AirGap Time Guild · CLI Guild | | Establish provenance SLO signals + exporter hooks. | PROGRAM-STAFF-1001 | | | OBS-53-002 | TODO | | SPRINT_513_provenance | Provenance + Security Guild | src/Provenance/StellaOps.Provenance.Attestation | Add attestation metrics/log scrubbers in Provenance.Attestation. | Depends on 53-001 | | | OBS-53-003 | TODO | | SPRINT_513_provenance | Provenance Guild | src/Provenance/StellaOps.Provenance.Attestation | Ship dashboards/tests proving attestation observability. | Requires 53-002 outputs | | | OBS-54-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild · Provenance Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Needs shared exporter from 1039_EXPORT-OBS-54-001 | Needs shared exporter from 1039_EXPORT-OBS-54-001 | CNOB0101 | | OBS-54-002 | TODO | | SPRINT_161_evidencelocker | Evidence Locker Guild | `src/EvidenceLocker/StellaOps.EvidenceLocker` | Add metrics/logs/alerts for Evidence Locker flows. | Needs provenance metrics | | | OBS-55-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core & DevOps Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Refresh ops automation/runbooks referencing new metrics. | Depends on 52-001 outputs | | | OBS-56-001 | TODO | | SPRINT_174_telemetry | Telemetry Core Guild | src/Telemetry/StellaOps.Telemetry.Core | Produce air-gap collector bundle + signed configs/tests. | Needs telemetry baseline from TLTY0102 | | | OFFLINE-17-004 | BLOCKED | 2025-10-26 | SPRINT_508_ops_offline_kit | Offline Kit Guild · DevOps Guild | ops/offline-kit | Repackage release-17 bundle with new DSSE receipts + verification logs. | Needs PROGRAM-STAFF-1001 approvals | | | OFFLINE-34-006 | TODO | | SPRINT_508_ops_offline_kit | Offline Kit + Orchestrator Guild | ops/offline-kit | Add orchestrator automation bundle + docs to kit. | Requires mirror time anchors | | | OFFLINE-37-001 | TODO | | SPRINT_508_ops_offline_kit | Offline Kit + Exporter Guild | ops/offline-kit | Ship export evidence bundle + checksum manifests. | Depends on Export Center artefacts | | | OFFLINE-37-002 | TODO | | SPRINT_508_ops_offline_kit | Offline Kit + Notifications Guild | ops/offline-kit | Bundle notifier templates + channel configs for offline ops. | Needs notifier templates from NOIA0101 | | | OFFLINE-CONTAINERS-46-001 | TODO | | SPRINT_508_ops_offline_kit | Offline Kit + Deployment Guild | ops/offline-kit | Include container air-gap bundle, verification docs, and mirrored registry instructions inside Offline Kit. | Requires container hardening guidance | | | OPENSSL-11-001 | TODO | 2025-11-06 | SPRINT_505_ops_devops_iii | DevOps Guild · Build Infra Guild | ops/devops | Rebuild OpenSSL libs + publish reproducible logs/tarballs. | Needs patched toolchain spec | | | OPENSSL-11-002 | TODO | 2025-11-06 | SPRINT_505_ops_devops_iii | DevOps Guild · CI Guild | ops/devops | Update CI images + pipelines with new OpenSSL packages and smoke tests. | Depends on 11-001 artefacts | | | OPS-0001 | DONE | 2025-11-07 | SPRINT_333_docs_modules_excititor | Ops Guild (docs/modules/excitor) | docs/modules/excitor | | | | | OPS-ENV-01 | TODO | | SPRINT_507_ops_devops_v | DevOps Guild · Scanner Guild | ops/devops | Update deployment manifests (Helm/Compose) and configuration docs to include Surface.Env variables for Scanner and Zastava services. | Needs finalized Surface.Env schema | | | OPS-SECRETS-01 | TODO | | SPRINT_507_ops_devops_v | DevOps + Security Guild | ops/devops | Define secret provisioning workflow (Kubernetes, Compose, Offline Kit) for Surface.Secrets references and update runbooks. | Depends on env updates | | | OPS-SECRETS-02 | TODO | | SPRINT_507_ops_devops_v | DevOps + Offline Kit Guild | ops/devops | Embed Surface.Secrets material (encrypted bundles, manifests) into offline kit packaging scripts. Dependencies: OPS-SECRETS-01. | Requires 01 workflow | | | ORCH-32-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | — | — | ORGR0102 | | ORCH-32-002 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | — | — | ORGR0102 | | ORCH-33-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | — | — | ORGR0102 | | ORCH-33-002 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild (docs) | | — | — | ORGR0102 | | ORCH-33-003 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild (docs) | | — | — | ORGR0102 | | ORCH-34-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | — | — | ORGR0102 | | ORCH-34-002 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild (docs) | | — | — | ORGR0102 | | ORCH-34-003 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild (docs) | | — | — | ORGR0102 | | ORCH-34-004 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild (docs) | | — | — | ORGR0102 | | ORCH-34-005 | TODO | | SPRINT_306_docs_tasks_md_vi | Docs Guild (docs) | | — | — | ORGR0102 | | ORCH-AIRGAP-56-001 | TODO | | SPRINT_151_orchestrator_i | Orchestrator Service + AirGap Policy Guilds | src/Orchestrator/StellaOps.Orchestrator | Enforce job descriptors to declare network intents; reject or flag any external endpoints in sealed mode before scheduling. | Needs ATMI0102 seal guidance | | | ORCH-AIRGAP-56-002 | TODO | | SPRINT_151_orchestrator_i | Orchestrator Service + AirGap Controller Guild | src/Orchestrator/StellaOps.Orchestrator | Surface sealing status and time staleness in job scheduling decisions; block runs when staleness budgets exceeded. Dependencies: ORCH-AIRGAP-56-001. | Depends on 56-001 policy | | | ORCH-AIRGAP-57-001 | TODO | | SPRINT_151_orchestrator_i | Orchestrator + Export Center Guilds | src/Orchestrator/StellaOps.Orchestrator | Add job type `mirror.bundle` to orchestrate bundle creation in connected environments with audit + provenance outputs. Dependencies: ORCH-AIRGAP-56-002. | Requires exported policy from OFFK0101 | | | ORCH-AIRGAP-58-001 | TODO | | SPRINT_151_orchestrator_i | Orchestrator + Offline Kit Guilds | src/Orchestrator/StellaOps.Orchestrator | Capture import/export operations as timeline/evidence entries, ensuring chain-of-custody for mirror + portable evidence jobs. Dependencies: ORCH-AIRGAP-57-001. | Needs 57-001 job profile | | | ORCH-OAS-61-001 | TODO | | SPRINT_151_orchestrator_i | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Document orchestrator endpoints in per-service OAS with standardized pagination, idempotency, and error envelope examples. | Needs DOOA0103 decisions | | | ORCH-OAS-61-002 | TODO | | SPRINT_151_orchestrator_i | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Implement `GET /.well-known/openapi` in service and ensure version metadata aligns with runtime build. Dependencies: ORCH-OAS-61-001. | Depends on 61-001 | | | ORCH-OAS-62-001 | TODO | | SPRINT_151_orchestrator_i | Orchestrator Service + SDK Guild | src/Orchestrator/StellaOps.Orchestrator | Ensure SDK paginators and operations support orchestrator job operations; add SDK smoke tests for schedule/retry APIs. Dependencies: ORCH-OAS-61-002. | Requires generator scaffolding | | | ORCH-OAS-63-001 | TODO | | SPRINT_151_orchestrator_i | Orchestrator Service + API Governance Guild | src/Orchestrator/StellaOps.Orchestrator | Emit deprecation headers and documentation for legacy orchestrator endpoints; update notifications metadata. Dependencies: ORCH-OAS-62-001. | Waits on 62-001 metadata | | | ORCH-OBS-50-001 | TODO | | SPRINT_151_orchestrator_i | Orchestrator Service Guild · Observability Guild | src/Orchestrator/StellaOps.Orchestrator | Wire `StellaOps.Telemetry.Core` into orchestrator host, instrument schedulers and control APIs with trace spans, structured logs, and exemplar metrics. Ensure tenant/job metadata recorded for every span/log. | Wait for 043_ORTR0101 taskrunner counters | OROB0101 | | ORCH-OBS-51-001 | TODO | | SPRINT_151_orchestrator_i | Orchestrator Service Guild · DevOps Guild | src/Orchestrator/StellaOps.Orchestrator | Publish golden-signal metrics (dispatch latency, queue depth, failure rate), define job/tenant SLOs, and emit burn-rate alerts to collector + Notifications. Provide Grafana dashboards + alert rules. Dependencies: ORCH-OBS-50-001. | Needs DevOps alert templates (045_DVDO0103) | OROB0101 | | ORCH-OBS-52-001 | TODO | | SPRINT_151_orchestrator_i | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Emit `timeline_event` objects for job lifecycle (`job.scheduled`, `job.started`, `job.completed`, `job.failed`) including trace IDs, run IDs, tenant/project, and causal metadata. Add contract tests and Kafka/NATS emitter with retries. Dependencies: ORCH-OBS-51-001. | Depends on instrumentation contract 046_TLTY0101 | OROB0101 | | ORCH-OBS-53-001 | TODO | | SPRINT_151_orchestrator_i | Orchestrator Service Guild · Evidence Locker Guild | src/Orchestrator/StellaOps.Orchestrator | Generate job capsule inputs for evidence locker (payload digests, worker image, config hash, log manifest) and invoke locker snapshot hooks on completion/failure. Ensure redaction guard enforced. Dependencies: ORCH-OBS-52-001. | Requires Evidence Locker contract (002_ATEL0101) | OROB0101 | | ORCH-OBS-54-001 | TODO | | SPRINT_151_orchestrator_i | Orchestrator Service Guild · Provenance Guild | src/Orchestrator/StellaOps.Orchestrator | Produce DSSE attestations for orchestrator-scheduled jobs (subject = job capsule) and store references in timeline + evidence locker. Provide verification endpoint `/jobs/{id}/attestation`. Dependencies: ORCH-OBS-53-001. | Blocked by provenance schema (005_ATLN0101) | OROB0101 | | ORCH-OBS-55-001 | TODO | | SPRINT_151_orchestrator_i | Orchestrator Service Guild · DevOps Guild | src/Orchestrator/StellaOps.Orchestrator | Implement incident mode hooks (sampling overrides, extended retention, additional debug spans) and automatic activation on SLO burn-rate breach. Emit activation/deactivation events to timeline + Notifier. Dependencies: ORCH-OBS-54-001. | Needs #5 resolved for label stability | OROB0101 | | ORCH-SVC-32-001 | TODO | | SPRINT_151_orchestrator_i | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Bootstrap service project, configuration, and Postgres schema/migrations for `sources`, `runs`, `jobs`, `dag_edges`, `artifacts`, `quotas`, `schedules`. | None | | | ORCH-SVC-32-002 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Implement scheduler DAG planner + dependency resolver, job state machine, and critical-path metadata without yet issuing control actions. Dependencies: ORCH-SVC-32-001. | Needs 32-001 DB | | | ORCH-SVC-32-003 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Expose read-only REST APIs (sources, runs, jobs, DAG) with OpenAPI, validation, pagination, and tenant scoping. Dependencies: ORCH-SVC-32-002. | Depends on 32-002 | | | ORCH-SVC-32-004 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Implement WebSocket/SSE stream for job/run updates, emit structured metrics counters/histograms, and add health probes. Dependencies: ORCH-SVC-32-003. | Needs 32-003 | | | ORCH-SVC-32-005 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Deliver worker claim/heartbeat/progress endpoints capturing artifact metadata/checksums and enforcing idempotency keys. Dependencies: ORCH-SVC-32-004. | Needs 32-004 | | | ORCH-SVC-33-001 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Enable `sources test. Dependencies: ORCH-SVC-32-005. | Needs ORSC0101 worker contract | | | ORCH-SVC-33-002 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Implement per-source/tenant adaptive token-bucket rate limiter, concurrency caps, and backpressure signals reacting to upstream 429/503. Dependencies: ORCH-SVC-33-001. | Depends on 33-001 | | | ORCH-SVC-33-003 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Add watermark/backfill manager with event-time windows, duplicate suppression, dry-run preview endpoint, and safety validations. Dependencies: ORCH-SVC-33-002. | Needs 33-002 | | | ORCH-SVC-33-004 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Deliver dead-letter store, replay endpoints, and error classification surfaces with remediation hints + notification hooks. Dependencies: ORCH-SVC-33-003. | Depends on 33-003 | | | ORCH-SVC-34-001 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Implement quota management APIs, per-tenant SLO burn-rate computation, and alert budget tracking surfaced via metrics. Dependencies: ORCH-SVC-33-004. | Requires 33-004 | | | ORCH-SVC-34-002 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Build audit log + immutable run ledger export with signed manifest support, including provenance chain to artifacts. Dependencies: ORCH-SVC-34-001. | Needs ORCH-SVC-34-001 | | | ORCH-SVC-34-003 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Execute perf/scale validation (≥10k pending jobs, dispatch P95 <150 ms) and add autoscaling hooks with health probes. Dependencies: ORCH-SVC-34-002. | Depends on 34-002 | | | ORCH-SVC-34-004 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Package orchestrator container, Helm overlays, offline bundle seeds, provenance attestations, and compliance checklist for GA. Dependencies: ORCH-SVC-34-003. | Needs 34-003 | | | ORCH-SVC-35-101 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Register `export` job type with quotas/rate policies, expose telemetry, and ensure exporter workers heartbeat via orchestrator contracts. Dependencies: ORCH-SVC-34-004. | Depends on 34-004 | | | ORCH-SVC-36-101 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Capture distribution metadata and retention timestamps for export jobs, updating dashboards and SSE payloads. Dependencies: ORCH-SVC-35-101. | Needs 35-101 job type registered | | | ORCH-SVC-37-101 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Enable scheduled export runs, retention pruning hooks, and failure alerting tied to export job class. Dependencies: ORCH-SVC-36-101. | Depends on 36-101 | | | ORCH-SVC-38-101 | TODO | | SPRINT_153_orchestrator_iii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Standardize event envelope (policy/export/job lifecycle) with idempotency keys, ensure export/job failure events published to notifier bus with provenance metadata. Dependencies: ORCH-SVC-37-101. | Needs 37-101 | | | ORCH-SVC-41-101 | TODO | | SPRINT_153_orchestrator_iii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Register `pack-run` job type, persist run metadata, integrate logs/artifacts collection, and expose API for Task Runner scheduling. Dependencies: ORCH-SVC-38-101. | Depends on 38-101 | | | ORCH-SVC-42-101 | TODO | | SPRINT_153_orchestrator_iii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Stream pack run logs via SSE/WS, add manifest endpoints, enforce quotas, and emit pack run events to Notifications Studio. Dependencies: ORCH-SVC-41-101. | Needs 41-101 | | | ORCH-TEN-48-001 | TODO | | SPRINT_153_orchestrator_iii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Include `tenant_id`/`project_id` in job specs, set DB session context before processing, enforce context on all queries, and reject jobs missing tenant metadata. | Needs ORSC0104 job metadata | | | ORCHESTRATOR-ENG-0001 | TODO | | SPRINT_323_docs_modules_orchestrator | Module Team | docs/modules/orchestrator | Keep sprint milestone alignment notes synced with `/docs/implplan/SPRINT_151_orchestrator_i.md` onward. | Needs ORSC0104 status updates | | | ORCHESTRATOR-OPS-0001 | TODO | | SPRINT_323_docs_modules_orchestrator | Ops Guild | docs/modules/orchestrator | Review orchestrator runbooks/observability checklists post-demo. | Requires obs/export docs | | | PACKS-42-001 | TODO | | SPRINT_121_policy_reasoning | Findings Ledger Guild | src/Findings/StellaOps.Findings.Ledger | Provide snapshot/time-travel APIs, digestable exports for pack simulation + CLI offline mode. | Needs ORSC0104 event IDs | | | PACKS-43-001 | DONE | 2025-11-09 | SPRINT_100_identity_signing | Packs Guild · Authority Guild | src/Authority/StellaOps.Authority | Canonical pack bundle + docs for release 43. | AUTH-PACKS-41-001; TASKRUN-42-001; ORCH-SVC-42-101 | | | PACKS-43-002 | TODO | | SPRINT_508_ops_offline_kit | Offline Kit Guild, Packs Registry Guild (ops/offline-kit) | ops/offline-kit | | | | | PACKS-REG-41-001 | TODO | | SPRINT_154_packsregistry | Packs Registry Guild | src/PacksRegistry/StellaOps.PacksRegistry | Implement registry service, migrations for `packs_index`, `parity_matrix`, provenance docs; support pack upload/list/get, signature verification, RBAC enforcement, and provenance manifest storage. | Needs ORSC0104 event feeds | | | PACKS-REG-42-001 | TODO | | SPRINT_154_packsregistry | Packs Registry Guild | src/PacksRegistry/StellaOps.PacksRegistry | Add version lifecycle (promote/deprecate), tenant allowlists, provenance export, signature rotation, audit logs, and Offline Kit seed support. Dependencies: PACKS-REG-41-001. | Depends on 41-001 | | | PACKS-REG-43-001 | TODO | | SPRINT_154_packsregistry | Packs Registry Guild | src/PacksRegistry/StellaOps.PacksRegistry | Implement registry mirroring, pack signing policies, attestation integration, and compliance dashboards; integrate with Export Center. Dependencies: PACKS-REG-42-001. | Needs 42-001 | | | PARITY-41-001 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Propagate `traceparent`/correlation IDs across CLI commands and verbose output. | Needs NOWB0101 gateway trace headers | | | PARITY-41-002 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add parity tests + docs ensuring CLI error output matches web/notify formats. | Depends on 41-001 | | | PLATFORM-DOCS-0001 | TODO | | SPRINT_324_docs_modules_platform | Docs Guild | docs/modules/platform | See ./AGENTS.md | Needs updated wave list | | | PLATFORM-ENG-0001 | TODO | | SPRINT_324_docs_modules_platform | Module Team | docs/modules/platform | Update status via ./AGENTS.md workflow | Depends on 0001 | | | PLATFORM-OPS-0001 | TODO | | SPRINT_324_docs_modules_platform | Ops Guild | docs/modules/platform | Sync outcomes back to ../.. | Requires ops checklist inputs | | | PLG4-6 | DONE | 2025-11-08 | SPRINT_100_identity_signing | Authority Plugin Guild | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard | DSSE coverage + docs for standard plugin release. | DPO policy review | | | PLG6 | DONE | 2025-11-03 | SPRINT_100_identity_signing | Authority Plugin Guild | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard | Offline kit parity + docs refresh. | OFFK0101 bundling | | | PLG7 | DONE | 2025-11-03 | SPRINT_100_identity_signing | Authority Plugin Guild · Security Guild | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard | LDAP plugin capability alignment. | LDAP provisioning spec | | | PLG7.IMPL-003 | DONE (2025-11-09) | 2025-11-09 | SPRINT_100_identity_signing | BE-Auth Plugin (src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard) | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard | Claims enricher ships with DN map + regex substitutions, Mongo claims cache (TTL + capacity enforcement) wired through DI, plus unit tests covering enrichment + cache eviction. | Claims enricher ships with DN map + regex substitutions, Mongo claims cache (TTL + capacity enforcement) wired through DI, plus unit tests covering enrichment + cache eviction. | | | PLG7.IMPL-004 | DONE (2025-11-09) | 2025-11-09 | SPRINT_100_identity_signing | BE-Auth Plugin, DevOps Guild (src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Ldap) | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Ldap | LDAP plug-in now ships `clientProvisioning.*` options, a Mongo-audited `LdapClientProvisioningStore`, capability gating, and docs/tests covering LDAP writes + cache shims. | LDAP plug-in now ships `clientProvisioning.*` options, a Mongo-audited `LdapClientProvisioningStore`, capability gating, and docs/tests covering LDAP writes + cache shims. | | | PLG7.IMPL-005 | DONE (2025-11-09) | 2025-11-09 | SPRINT_100_identity_signing | BE-Auth Plugin, Docs Guild (src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard) | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard | LDAP plug-in docs refreshed (mutual TLS, regex mappings, cache/audit mirror guidance), sample manifest updated, Offline Kit + release notes now reference the bundled plug-in assets. | LDAP plug-in docs refreshed (mutual TLS, regex mappings, cache/audit mirror guidance), sample manifest updated, Offline Kit + release notes now reference the bundled plug-in assets. | | | PLG7.IMPL-006 | DONE (2025-11-09) | 2025-11-09 | SPRINT_100_identity_signing | BE-Auth Plugin (src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Ldap) | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Ldap | LDAP bootstrap provisioning added (write probe, Mongo audit mirror, capability downgrade + health status) with docs/tests + sample manifest updates. | LDAP bootstrap provisioning added (write probe, Mongo audit mirror, capability downgrade + health status) with docs/tests + sample manifest updates. | | | POL-005 | TODO | | SPRINT_401_reachability_evidence_chain | Policy Guild | `src/Policy/StellaOps.Policy.Engine`, `docs/modules/policy/architecture.md`, `docs/reachability/function-level-evidence.md` | Ingest reachability facts, expose SPL signals, auto-suppress <0.30, emit OpenVEX evidence. | Needs reachability feed GAPG0101 | | | POLICY-0001 | DONE | 2025-11-10 | SPRINT_138_scanner_ruby_parity | Policy Guild, Ruby Analyzer Guild (docs/modules/scanner) | docs/modules/scanner | | SCANNER-ENG-0018 | | | POLICY-13-007 | TODO | | SPRINT_210_ui_ii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | | | | | POLICY-20-001 | TODO | | SPRINT_114_concelier_iii | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Provide batch advisory lookup APIs for Policy (purl/advisory filters, explain metadata). | Needs latest advisory schemas | | | POLICY-20-002 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Expand linkset builders with vendor equivalence tables, NEVRA/PURL normalization, version-range parsing. | Depends on 20-001 | | | POLICY-20-003 | TODO | | SPRINT_115_concelier_iv | Concelier Storage Guild | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | Introduce advisory selection cursors + change-stream checkpoints with offline migration scripts. | Needs 20-002 index/schema | | | POLICY-20-004 | TODO | | SPRINT_210_ui_ii | UI Guild | src/UI/StellaOps.UI | Wire UI to new policy evidence APIs, bridging editor + simulation flows. | Needs ORSC0101 APIs | | | POLICY-23-001 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | | | | | POLICY-23-002 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild, Platform Events Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | | | | | POLICY-23-003 | TODO | | SPRINT_210_ui_ii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | | | | | POLICY-23-004 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | | | POLICY-23-005 | TODO | | SPRINT_210_ui_ii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | | | | | POLICY-23-006 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | | | POLICY-23-007 | TODO | | SPRINT_307_docs_tasks_md_vii | Docs Guild, DevEx/CLI Guild (docs) | | | | | | POLICY-23-008 | TODO | | SPRINT_307_docs_tasks_md_vii | Docs Guild, Architecture Guild (docs) | | | | | | POLICY-23-009 | TODO | | SPRINT_307_docs_tasks_md_vii | Docs Guild, DevOps Guild (docs) | | | | | | POLICY-23-010 | TODO | | SPRINT_307_docs_tasks_md_vii | Docs Guild, UI Guild (docs) | | | | | | POLICY-27-001 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement workspace commands (`init`, `edit`, `lint`, `compile`, `test`) with deterministic caches + JSON output. | Needs CLI pack templates from CLCI0106 | | | POLICY-27-002 | TODO | | SPRINT_204_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add submission/review workflow commands (`version bump`, `submit`, `comment`, `approve/reject`). | Depends on Policy Registry endpoints | | | POLICY-27-003 | TODO | | SPRINT_204_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella policy simulate` enhancements (quick/batch, SBOM selectors, heatmap diff, JSON/Markdown outputs). | Waiting on CLPS0101 submission scaffolding | | | POLICY-27-004 | TODO | | SPRINT_204_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add lifecycle commands for publish/promote/rollback/sign with attestation checks. | Depends on 27-003 | | | POLICY-27-005 | TODO | | SPRINT_204_cli_iv | DevEx/CLI Guild · Docs Guild | src/Cli/StellaOps.Cli | Update CLI refs/samples (JSON schemas, exit codes, CI snippets). | Requires 27-004 output | | | POLICY-27-006 | TODO | | SPRINT_204_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Update policy scopes/help text to request new Policy Studio scope family and adjust regression tests. | Needs 27-005 docs | | | POLICY-27-007 | BLOCKED | 2025-10-27 | SPRINT_308_docs_tasks_md_viii | Docs Guild, DevEx/CLI Guild (docs) | | | | | | POLICY-27-008 | BLOCKED | 2025-10-27 | SPRINT_308_docs_tasks_md_viii | Docs Guild, Policy Registry Guild (docs) | | | | | | POLICY-27-009 | BLOCKED | 2025-10-27 | SPRINT_308_docs_tasks_md_viii | Docs Guild, Security Guild (docs) | | | | | | POLICY-27-010 | BLOCKED | 2025-10-27 | SPRINT_308_docs_tasks_md_viii | Docs Guild, Architecture Guild (docs) | | | | | | POLICY-27-011 | BLOCKED | 2025-10-27 | SPRINT_308_docs_tasks_md_viii | Docs Guild, Observability Guild (docs) | | | | | | POLICY-27-012 | BLOCKED | 2025-10-27 | SPRINT_308_docs_tasks_md_viii | Docs Guild, Ops Guild (docs) | | | | | | POLICY-27-013 | BLOCKED | 2025-10-27 | SPRINT_308_docs_tasks_md_viii | Docs Guild, Policy Guild (docs) | | | | | | POLICY-27-014 | BLOCKED | 2025-10-27 | SPRINT_308_docs_tasks_md_viii | Docs Guild, Policy Registry Guild (docs) | | | | | | POLICY-401-026 | TODO | | SPRINT_401_reachability_evidence_chain | Policy Guild · Concelier Guild (`docs/policy/dsl.md`, `docs/uncertainty/README.md`) | `docs/policy/dsl.md`, `docs/uncertainty/README.md` | | | | | POLICY-AIRGAP-56-001 | TODO | | SPRINT_123_policy_reasoning | Policy Guild | src/Policy/StellaOps.Policy.Engine | Support policy pack imports from Mirror Bundles, track `bundle_id` metadata, and ensure deterministic caching | Needs OFFK0101 bundle schema | | | POLICY-AIRGAP-56-002 | TODO | | SPRINT_123_policy_reasoning | Policy Guild · Policy Studio Guild | src/Policy/StellaOps.Policy.Engine | Export policy sub-bundles | POLICY-AIRGAP-56-001 | | | POLICY-AIRGAP-57-001 | TODO | | SPRINT_123_policy_reasoning | Policy Guild · Export Center Guild | src/Policy/StellaOps.Policy.Engine | Enforce sealed-mode guardrails in evaluation | POLICY-AIRGAP-56-002 | | | POLICY-AIRGAP-57-002 | TODO | | SPRINT_123_policy_reasoning | Policy Guild · Notifications Guild | src/Policy/StellaOps.Policy.Engine | Annotate rule explanations with staleness information and fallback data | POLICY-AIRGAP-57-001 | | | POLICY-AIRGAP-58-001 | TODO | | SPRINT_123_policy_reasoning | Policy Guild · Platform Ops | src/Policy/StellaOps.Policy.Engine | Emit notifications when policy packs near staleness thresholds or missing required bundles | POLICY-AIRGAP-57-002 | | | POLICY-AOC-19-001 | TODO | | SPRINT_123_policy_reasoning | Policy Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Add Roslyn/CI lint preventing ingestion projects from referencing Policy merge/severity helpers; block forbidden writes at compile time | | | | POLICY-AOC-19-002 | TODO | | SPRINT_123_policy_reasoning | Policy Guild, Platform Security / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Enforce `effective_finding_*` write gate ensuring only Policy Engine identity can create/update materializations | POLICY-AOC-19-001 | | | POLICY-AOC-19-003 | TODO | | SPRINT_123_policy_reasoning | Policy Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Update readers/processors to consume only `content.raw`, `identifiers`, and `linkset`. Remove dependencies on legacy normalized fields and refresh fixtures | POLICY-AOC-19-002 | | | POLICY-AOC-19-004 | TODO | | SPRINT_123_policy_reasoning | Policy Guild, QA Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Add regression tests ensuring policy derived outputs remain deterministic when ingesting revised raw docs | POLICY-AOC-19-003 | | | POLICY-ATTEST-73-001 | TODO | | SPRINT_123_policy_reasoning | Policy Guild, Attestor Service Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Introduce VerificationPolicy object: schema, persistence, versioning, and lifecycle | | | | POLICY-ATTEST-73-002 | TODO | | SPRINT_123_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Provide Policy Studio editor with validation, dry-run simulation, and version diff | POLICY-ATTEST-73-001 | | | POLICY-ATTEST-74-001 | TODO | | SPRINT_123_policy_reasoning | Policy Guild, Attestor Service Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Integrate verification policies into attestor verification pipeline with caching and waiver support | POLICY-ATTEST-73-002 | | | POLICY-ATTEST-74-002 | TODO | | SPRINT_123_policy_reasoning | Policy Guild, Console Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Surface policy evaluations in Console verification reports with rule explanations | POLICY-ATTEST-74-001 | | | POLICY-CONSOLE-23-001 | TODO | | SPRINT_123_policy_reasoning | Policy Guild, BE-Base Platform Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Optimize findings/explain APIs for Console: cursor-based pagination at scale, global filter parameters (severity bands, policy version, time window), rule trace summarization, and aggregation hints for dashboard cards. Ensure deterministic ordering and expose provenance refs | | | | POLICY-CONSOLE-23-002 | TODO | | SPRINT_124_policy_reasoning | Policy Guild, Product Ops / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Produce simulation diff metadata | POLICY-CONSOLE-23-001 | | | POLICY-DET-01 | TODO | | SPRINT_209_ui_i | UI Guild, Policy Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | | | | | POLICY-ENGINE-20-002 | BLOCKED | 2025-10-26 | SPRINT_124_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Build deterministic evaluator honoring lexical/priority order, first-match semantics, and safe value types (no wall-clock/network access) | PGMI0101 | PLPE0101 | | POLICY-ENGINE-20-003 | TODO | | SPRINT_124_policy_reasoning | Policy Guild, Concelier Core Guild, Excititor Core Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement selection joiners resolving SBOM↔advisory↔VEX tuples using linksets and PURL equivalence tables, with deterministic batching | POLICY-ENGINE-20-002 | PLPE0101 | | POLICY-ENGINE-20-004 | TODO | | SPRINT_124_policy_reasoning | Policy Guild, Platform Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Ship materialization writer that upserts into `effective_finding_{policyId}` with append-only history, tenant scoping, and trace references | POLICY-ENGINE-20-003 | PLPE0101 | | POLICY-ENGINE-20-005 | TODO | | SPRINT_124_policy_reasoning | Policy Guild, Security Engineering / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Enforce determinism guard banning wall-clock, RNG, and network usage during evaluation via static analysis + runtime sandbox | POLICY-ENGINE-20-004 | PLPE0101 | | POLICY-ENGINE-20-006 | TODO | | SPRINT_124_policy_reasoning | Policy Guild, Scheduler Worker Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement incremental orchestrator reacting to advisory/vex/SBOM change streams and scheduling partial policy re-evaluations | POLICY-ENGINE-20-005 | PLPE0101 | | POLICY-ENGINE-20-007 | TODO | | SPRINT_124_policy_reasoning | Policy Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Emit structured traces/logs of rule hits with sampling controls, metrics | POLICY-ENGINE-20-006 | PLPE0101 | | POLICY-ENGINE-20-008 | TODO | | SPRINT_124_policy_reasoning | Policy Guild, QA Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Add unit/property/golden/perf suites covering policy compilation, evaluation correctness, determinism, and SLA targets | POLICY-ENGINE-20-007 | PLPE0101 | | POLICY-ENGINE-20-009 | TODO | | SPRINT_124_policy_reasoning | Policy Guild, Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Define Mongo schemas/indexes for `policies`, `policy_runs`, and `effective_finding_*`; implement migrations and tenant enforcement | POLICY-ENGINE-20-008 | PLPE0101 | | POLICY-ENGINE-27-001 | TODO | | SPRINT_124_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Extend compile outputs to include rule coverage metadata, symbol table, inline documentation, and rule index for editor autocomplete; persist deterministic hashes | POLICY-ENGINE-20-009 | PLPE0101 | | POLICY-ENGINE-27-002 | TODO | | SPRINT_124_policy_reasoning | Policy Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Enhance simulate endpoints to emit rule firing counts, heatmap aggregates, sampled explain traces with deterministic ordering, and delta summaries for quick/batch sims | POLICY-ENGINE-27-001 | PLPE0101 | | POLICY-ENGINE-29-001 | TODO | | SPRINT_124_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement batch evaluation endpoint | POLICY-ENGINE-27-004 | PLPE0102 | | POLICY-ENGINE-29-002 | TODO | | SPRINT_124_policy_reasoning | Policy Guild, Findings Ledger Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Provide streaming simulation API comparing two policy versions, returning per-finding deltas without writes; align determinism with Vuln Explorer simulation | POLICY-ENGINE-29-001 | PLPE0102 | | POLICY-ENGINE-29-003 | TODO | | SPRINT_125_policy_reasoning | Policy Guild, SBOM Service Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Surface path/scope awareness in determinations | POLICY-ENGINE-29-002 | PLPE0102 | | POLICY-ENGINE-29-004 | TODO | | SPRINT_125_policy_reasoning | Policy Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Add metrics/logs for batch evaluation | POLICY-ENGINE-29-003 | PLPE0102 | | POLICY-ENGINE-30-001 | TODO | | SPRINT_125_policy_reasoning | Policy Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Define overlay contract for graph nodes/edges | POLICY-ENGINE-29-004 | PLPE0102 | | POLICY-ENGINE-30-002 | TODO | | SPRINT_125_policy_reasoning | Policy Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement simulation bridge returning on-the-fly overlays for Cartographer/Graph Explorer when invoking Policy Engine simulate; ensure no writes and deterministic outputs | POLICY-ENGINE-30-001 | PLPE0102 | | POLICY-ENGINE-30-003 | TODO | | SPRINT_125_policy_reasoning | Policy Guild, Scheduler Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Emit change events | POLICY-ENGINE-30-002 | PLPE0102 | | POLICY-ENGINE-30-101 | TODO | | SPRINT_125_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Surface trust weighting configuration | POLICY-ENGINE-30-003 | PLPE0102 | | POLICY-ENGINE-31-001 | TODO | | SPRINT_125_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Expose policy knobs for Advisory AI | POLICY-ENGINE-30-101 | PLPE0102 | | POLICY-ENGINE-31-002 | TODO | | SPRINT_125_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Provide batch endpoint delivering policy context | POLICY-ENGINE-31-001 | PLPE0103 | | POLICY-ENGINE-32-101 | TODO | | SPRINT_125_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Define orchestrator `policy_eval` job schema, idempotency keys, and enqueue hooks triggered by advisory/VEX/SBOM events | POLICY-ENGINE-31-002 | PLPE0103 | | POLICY-ENGINE-33-101 | TODO | | SPRINT_125_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement orchestrator-driven policy evaluation workers using SDK heartbeats, respecting throttles, and emitting SLO metrics | POLICY-ENGINE-32-101 | PLPE0103 | | POLICY-ENGINE-34-101 | TODO | | SPRINT_125_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Publish policy run ledger exports + SLO burn-rate metrics to orchestrator; ensure provenance chain links to Findings Ledger | POLICY-ENGINE-33-101 | PLPE0103 | | POLICY-ENGINE-35-201 | TODO | | SPRINT_125_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Expose deterministic policy snapshot API and evaluated findings stream keyed by policy version for exporter consumption | POLICY-ENGINE-34-101 | PLPE0103 | | POLICY-ENGINE-38-201 | TODO | | SPRINT_125_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Emit enriched policy violation events | POLICY-ENGINE-35-201 | PLPE0103 | | POLICY-ENGINE-40-001 | TODO | | SPRINT_125_policy_reasoning | Policy Guild, Concelier Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Update severity/status evaluation pipelines to consume multiple source severities per linkset, supporting selection strategies | POLICY-ENGINE-38-201 | PLPE0103 | | POLICY-ENGINE-40-002 | TODO | | SPRINT_125_policy_reasoning | Policy Guild, Excititor Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Accept VEX linkset conflicts and provide rationale references in effective findings; ensure explain traces cite observation IDs | POLICY-ENGINE-40-001 | PLPE0103 | | POLICY-ENGINE-40-003 | TODO | | SPRINT_126_policy_reasoning | Policy Guild, Web Scanner Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Provide API/SDK utilities for consumers | POLICY-ENGINE-40-002 | PLPE0103 | | POLICY-ENGINE-401-003 | TODO | | SPRINT_401_reachability_evidence_chain | Policy Guild (`src/Policy/StellaOps.Policy.Engine`, `docs/modules/policy/architecture.md`) | `src/Policy/StellaOps.Policy.Engine`, `docs/modules/policy/architecture.md` | Replace in-service DSL compilation with the shared library, support both legacy `stella-dsl@1` packs and the new inline syntax, and keep determinism hashes stable. | — | PLPE0103 | | POLICY-ENGINE-50-001 | TODO | | SPRINT_126_policy_reasoning | Policy Guild, Platform Security / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement SPL compiler: validate YAML, canonicalize, produce signed bundle, store artifact in object storage, write `policy_revisions` with AOC metadata | POLICY-ENGINE-40-003 | PLPE0104 | | POLICY-ENGINE-50-002 | TODO | | SPRINT_126_policy_reasoning | Policy Guild, Runtime Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Build runtime evaluator executing compiled plans over advisory/vex linksets + SBOM asset metadata with deterministic caching | POLICY-ENGINE-50-001 | PLPE0104 | | POLICY-ENGINE-50-003 | TODO | | SPRINT_126_policy_reasoning | Policy Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement evaluation/compilation metrics, tracing, and structured logs | POLICY-ENGINE-50-002 | PLPE0104 | | POLICY-ENGINE-50-004 | TODO | | SPRINT_126_policy_reasoning | Policy Guild, Platform Events Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Build event pipeline: subscribe to linkset/SBOM updates, schedule re-eval jobs, emit `policy.effective.updated` events with diff metadata | POLICY-ENGINE-50-003 | PLPE0104 | | POLICY-ENGINE-50-005 | TODO | | SPRINT_126_policy_reasoning | Policy Guild, Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Design and implement `policy_packs`, `policy_revisions`, `policy_runs`, `policy_artifacts` collections with indexes, TTL, and tenant scoping | POLICY-ENGINE-50-004 | PLPE0104 | | POLICY-ENGINE-50-006 | TODO | | SPRINT_126_policy_reasoning | Policy Guild, QA Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement explainer persistence + retrieval APIs linking decisions to explanation tree and AOC chain | POLICY-ENGINE-50-005 | PLPE0104 | | POLICY-ENGINE-50-007 | TODO | | SPRINT_126_policy_reasoning | Policy Guild, Scheduler Worker Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Provide evaluation worker host/DI wiring and job orchestration hooks for batch re-evaluations after policy activation | POLICY-ENGINE-50-006 | PLPE0104 | | POLICY-ENGINE-60-001 | TODO | | SPRINT_126_policy_reasoning | Policy Guild, SBOM Service Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Maintain Redis effective decision maps per asset/snapshot for Graph overlays; implement versioning and eviction strategy | POLICY-ENGINE-50-007 | PLPE0104 | | POLICY-ENGINE-60-002 | TODO | | SPRINT_126_policy_reasoning | Policy Guild, BE-Base Platform Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Expose simulation bridge for Graph What-if APIs, supporting hypothetical SBOM diffs and draft policies without persisting results | POLICY-ENGINE-60-001 | PLPE0104 | | POLICY-ENGINE-70-002 | TODO | | SPRINT_126_policy_reasoning | Policy Guild, Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Design and create Mongo collections | POLICY-ENGINE-60-002 | PLPE0104 | | POLICY-ENGINE-70-003 | TODO | | SPRINT_126_policy_reasoning | Policy Guild, Runtime Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Build Redis exception decision cache | POLICY-ENGINE-70-002 | | | POLICY-ENGINE-70-004 | TODO | | SPRINT_126_policy_reasoning | Policy Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Extend metrics/tracing/logging for exception application | POLICY-ENGINE-70-003 | | | POLICY-ENGINE-70-005 | TODO | | SPRINT_126_policy_reasoning | Policy Guild, Scheduler Worker Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Provide APIs/workers hook for exception activation/expiry | POLICY-ENGINE-70-004 | | | POLICY-ENGINE-80-001 | TODO | | SPRINT_126_policy_reasoning | Policy Guild, Signals Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Integrate reachability/exploitability inputs into evaluation pipeline | POLICY-ENGINE-70-005 | | | POLICY-ENGINE-80-002 | TODO | | SPRINT_127_policy_reasoning | Policy Guild, Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Create joining layer to read `reachability_facts` efficiently | POLICY-ENGINE-80-001 | | | POLICY-ENGINE-80-003 | TODO | | SPRINT_127_policy_reasoning | Policy Guild, Policy Editor Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Extend SPL predicates/actions to reference reachability state/score/confidence; update compiler validation | POLICY-ENGINE-80-002 | | | POLICY-ENGINE-80-004 | TODO | | SPRINT_127_policy_reasoning | Policy Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Emit metrics | POLICY-ENGINE-80-003 | | | POLICY-LIB-401-001 | TODO | | SPRINT_401_reachability_evidence_chain | Policy Guild (`src/Policy/StellaOps.PolicyDsl`, `docs/policy/dsl.md`) | `src/Policy/StellaOps.PolicyDsl`, `docs/policy/dsl.md` | Extract the policy DSL parser/compiler into `StellaOps.PolicyDsl`, add the lightweight syntax (default action + inline rules), and expose `PolicyEngineFactory`/`SignalContext` APIs for reuse. | | | | POLICY-LIB-401-002 | TODO | | SPRINT_401_reachability_evidence_chain | Policy Guild, CLI Guild (`tests/Policy/StellaOps.PolicyDsl.Tests`, `policy/default.dsl`, `docs/policy/lifecycle.md`) | `tests/Policy/StellaOps.PolicyDsl.Tests`, `policy/default.dsl`, `docs/policy/lifecycle.md` | Ship unit-test harness + sample `policy/default.dsl` (table-driven cases) and wire `stella policy lint/simulate` to the shared library. | | | | POLICY-OBS-50-001 | TODO | | SPRINT_127_policy_reasoning | Policy Guild · Observability Guild | src/Policy/StellaOps.Policy.Engine | Integrate telemetry core into policy API + worker hosts, ensuring spans/logs cover compile/evaluate flows with `tenant_id`, `policy_version`, `decision_effect`, and trace IDs | Wait for telemetry schema drop (046_TLTY0101) | PLOB0101 | | POLICY-OBS-51-001 | TODO | | SPRINT_127_policy_reasoning | Policy Guild · DevOps Guild | src/Policy/StellaOps.Policy.Engine | Emit golden-signal metrics | POLICY-OBS-50-001 | PLOB0101 | | POLICY-OBS-52-001 | TODO | | SPRINT_127_policy_reasoning | Policy Guild | src/Policy/StellaOps.Policy.Engine | Emit timeline events `policy.evaluate.started`, `policy.evaluate.completed`, `policy.decision.recorded` with trace IDs, input digests, and rule summary. Provide contract tests and retry semantics | POLICY-OBS-51-001 | PLOB0101 | | POLICY-OBS-53-001 | TODO | | SPRINT_127_policy_reasoning | Policy Guild · Evidence Locker Guild | src/Policy/StellaOps.Policy.Engine | Produce evaluation evidence bundles | POLICY-OBS-52-001 | PLOB0101 | | POLICY-OBS-54-001 | TODO | | SPRINT_127_policy_reasoning | Policy Guild · Provenance Guild | src/Policy/StellaOps.Policy.Engine | Generate DSSE attestations for evaluation outputs, expose `/evaluations/{id}/attestation`, and link attestation IDs in timeline + console. Provide verification harness | POLICY-OBS-53-001 | PLOB0101 | | POLICY-OBS-55-001 | TODO | | SPRINT_127_policy_reasoning | Policy Guild · DevOps Guild | src/Policy/StellaOps.Policy.Engine | Implement incident mode sampling overrides | POLICY-OBS-54-001 | PLOB0101 | | POLICY-READINESS-0001 | TODO | | SPRINT_325_docs_modules_policy | Policy Guild (docs/modules/policy) | docs/modules/policy | Capture policy module readiness checklist aligned with current sprint goals. | | | | POLICY-READINESS-0002 | TODO | | SPRINT_325_docs_modules_policy | Policy Guild (docs/modules/policy) | docs/modules/policy | Track outstanding prerequisites/risk items for policy releases and mirror into sprint updates. | | | | POLICY-RISK-66-001 | TODO | | SPRINT_127_policy_reasoning | Risk Profile Schema Guild / src/Policy/StellaOps.Policy.RiskProfile | src/Policy/StellaOps.Policy.RiskProfile | Develop initial JSON Schema for RiskProfile (signals, transforms, weights, severity, overrides) with validator stubs | | | | POLICY-RISK-66-002 | TODO | | SPRINT_127_policy_reasoning | Risk Profile Schema Guild / src/Policy/StellaOps.Policy.RiskProfile | src/Policy/StellaOps.Policy.RiskProfile | Implement inheritance/merge logic with conflict detection and deterministic content hashing | POLICY-RISK-66-001 | | | POLICY-RISK-66-003 | TODO | | SPRINT_127_policy_reasoning | Policy Guild, Risk Profile Schema Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Integrate RiskProfile schema into Policy Engine configuration, ensuring validation and default profile deployment | POLICY-RISK-66-002 | | | POLICY-RISK-66-004 | TODO | | SPRINT_127_policy_reasoning | Policy Guild, Risk Profile Schema Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Extend Policy libraries to load/save RiskProfile documents, compute content hashes, and surface validation diagnostics | POLICY-RISK-66-003 | | | POLICY-RISK-67-001 | TODO | | SPRINT_127_policy_reasoning | Policy Guild, Risk Engine Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Trigger scoring jobs on new/updated findings via Policy Engine orchestration hooks | POLICY-RISK-66-004 | | | POLICY-RISK-67-002 | TODO | | SPRINT_128_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement profile lifecycle APIs | POLICY-RISK-67-001 | | | POLICY-RISK-67-003 | TODO | | SPRINT_128_policy_reasoning | Policy Guild, Risk Engine Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Provide policy-layer APIs to trigger risk simulations and return distributions/contribution breakdowns | POLICY-RISK-67-002 | | | POLICY-RISK-68-001 | TODO | | SPRINT_128_policy_reasoning | Policy Guild, Policy Studio Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Provide simulation API bridging Policy Studio with risk engine; returns distributions and top movers | POLICY-RISK-67-003 | | | POLICY-RISK-68-002 | TODO | | SPRINT_128_policy_reasoning | Risk Profile Schema Guild / src/Policy/StellaOps.Policy.RiskProfile | src/Policy/StellaOps.Policy.RiskProfile | Add override/adjustment support with audit metadata and validation for conflicting rules | POLICY-RISK-68-001 | | | POLICY-RISK-69-001 | TODO | | SPRINT_128_policy_reasoning | Policy Guild, Notifications Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Emit events/notifications on profile publish, deprecate, and severity threshold changes | POLICY-RISK-68-002 | | | POLICY-RISK-70-001 | TODO | | SPRINT_128_policy_reasoning | Policy Guild, Export Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Support exporting/importing profiles with signatures for air-gapped bundles | POLICY-RISK-69-001 | | | POLICY-RISK-90-001 | TODO | | SPRINT_126_policy_reasoning | Policy Guild, Scanner Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Ingest entropy penalty inputs from Scanner (`entropy.report.json`, `layer_summary.json`), extend trust algebra with configurable weights/caps, and expose explanations/metrics for opaque ratio penalties (`docs/modules/scanner/entropy.md`). | | | | POLICY-SPL-23-001 | TODO | | SPRINT_128_policy_reasoning | Policy Guild, Language Infrastructure Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Define SPL v1 YAML + JSON Schema, including advisory rules, VEX precedence, severity mapping, exceptions, and layering metadata. Publish schema resources and validation fixtures | | | | POLICY-SPL-23-002 | TODO | | SPRINT_128_policy_reasoning | Policy Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Implement canonicalizer that normalizes policy packs | POLICY-SPL-23-001 | | | POLICY-SPL-23-003 | TODO | | SPRINT_128_policy_reasoning | Policy Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Build policy layering/override engine | POLICY-SPL-23-002 | | | POLICY-SPL-23-004 | TODO | | SPRINT_128_policy_reasoning | Policy Guild, Audit Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Design explanation tree model | POLICY-SPL-23-003 | | | POLICY-SPL-23-005 | TODO | | SPRINT_128_policy_reasoning | Policy Guild, DevEx Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Create migration tool to snapshot existing behavior into baseline SPL packs | POLICY-SPL-23-004 | | | POLICY-SPL-24-001 | TODO | | SPRINT_128_policy_reasoning | Policy Guild, Signals Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Extend SPL schema to expose reachability/exploitability predicates and weighting functions; update documentation and fixtures | POLICY-SPL-23-005 | | | POLICY-TEN-48-001 | TODO | | SPRINT_129_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Add `tenant_id`/`project_id` columns, enable RLS, update evaluators to require tenant context, and emit rationale IDs including tenant metadata | | | | POLICY-VEX-401-006 | TODO | | SPRINT_401_reachability_evidence_chain | Policy Guild (`src/Policy/StellaOps.Policy.Engine`, `src/Policy/__Libraries/StellaOps.Policy`) | `src/Policy/StellaOps.Policy.Engine`, `src/Policy/__Libraries/StellaOps.Policy` | Policy Engine consumes reachability facts, applies the deterministic score/label buckets (≥0.80 reachable, 0.30–0.79 conditional, <0.30 unreachable), emits OpenVEX with call-path proofs, and updates SPL schema with `reachability.state/confidence` predicates and suppression gates. | | | | POLICY-VEX-401-010 | TODO | | SPRINT_401_reachability_evidence_chain | Policy Guild (`src/Policy/StellaOps.Policy.Engine/Vex`, `docs/modules/policy/architecture.md`, `docs/benchmarks/vex-evidence-playbook.md`) | `src/Policy/StellaOps.Policy.Engine/Vex`, `docs/modules/policy/architecture.md`, `docs/benchmarks/vex-evidence-playbook.md` | Implement `VexDecisionEmitter` to serialize per-finding OpenVEX, attach evidence hashes, request DSSE signatures, capture Rekor metadata, and publish artifacts following the bench playbook. | | | | PROBE-401-010 | TODO | | SPRINT_401_reachability_evidence_chain | Runtime Signals Guild (`src/Signals/StellaOps.Signals.Runtime`, `ops/probes`) | `src/Signals/StellaOps.Signals.Runtime`, `ops/probes` | | | | | PROMO-70-001 | TODO | | SPRINT_202_cli_ii | DevEx/CLI Guild, Provenance Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | | | PROMO-70-002 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild, Provenance Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | | | PROV-BACKFILL-401-029 | DOING | | SPRINT_401_reachability_evidence_chain | Platform Guild | `docs/provenance/inline-dsse.md`, `scripts/publish_attestation_with_provenance.sh` | Backfill historical Mongo events with DSSE/Rekor metadata by resolving known attestations per subject digest (wiring ingestion helpers + endpoint tests in progress). | Depends on #1 | RBRE0101 | | PROV-INDEX-401-030 | TODO | | SPRINT_401_reachability_evidence_chain | Platform + Ops Guilds | `docs/provenance/inline-dsse.md`, `ops/mongo/indices/events_provenance_indices.js` | Deploy provenance indexes (`events_by_subject_kind_provenance`, etc.) and expose compliance/replay queries. | Depends on #3 | RBRE0101 | | PROV-INLINE-401-028 | DONE | | SPRINT_401_reachability_evidence_chain | Authority Guild · Feedser Guild (`docs/provenance/inline-dsse.md`, `src/__Libraries/StellaOps.Provenance.Mongo`) | `docs/provenance/inline-dsse.md`, `src/__Libraries/StellaOps.Provenance.Mongo` | Extend Authority/Feedser event writers to attach inline DSSE + Rekor references on every SBOM/VEX/scan event using `StellaOps.Provenance.Mongo`. | | | | PROV-OBS-53-001 | TODO | | SPRINT_110_ingestion_evidence | Exporter Guild · AirGap Time Guild · CLI Guild | | PROGRAM-STAFF-1001 | PROGRAM-STAFF-1001 | ATMI0102 | | PROV-OBS-53-002 | TODO | | SPRINT_513_provenance | Provenance Guild · Security Guild | src/Provenance/StellaOps.Provenance.Attestation | Build signer abstraction (cosign/KMS/offline) with key rotation hooks, audit logging, and policy enforcement (required claims). Provide unit tests using fake signer + real cosign fixture. Dependencies: PROV-OBS-53-001. | Wait for telemetry schema drop (046_TLTY0101) | PROB0101 | | PROV-OBS-53-003 | TODO | | SPRINT_513_provenance | Provenance Guild | src/Provenance/StellaOps.Provenance.Attestation | Deliver `PromotionAttestationBuilder` that materialises the `stella.ops/promotion@v1` predicate (image digest, SBOM/VEX materials, promotion metadata, Rekor proof) and feeds canonicalised payload bytes to Signer via StellaOps.Cryptography. | Needs #1 for shared correlation IDs | PROB0101 | | PROV-OBS-54-001 | TODO | | SPRINT_513_provenance | Provenance Guild · Evidence Locker Guild | src/Provenance/StellaOps.Provenance.Attestation | Deliver verification library that validates DSSE signatures, Merkle roots, and timeline chain-of-custody, exposing reusable CLI/service APIs. Include negative-case fixtures and offline timestamp verification. Dependencies: PROV-OBS-53-002. | Blocked on Evidence Locker DSSE hooks (002_ATEL0101) | PROB0101 | | PROV-OBS-54-002 | TODO | | SPRINT_513_provenance | Provenance Guild · DevEx/CLI Guild | src/Provenance/StellaOps.Provenance.Attestation | Generate .NET global tool for local verification + embed command helpers for CLI `stella forensic verify`. Provide deterministic packaging and offline kit instructions. Dependencies: PROV-OBS-54-001. | Requires CLI integration spec from 035_CLCI0105 | PROB0101 | | PY-32-001 | TODO | | SPRINT_153_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | | | | | PY-32-002 | TODO | | SPRINT_153_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | | | | | PY-33-001 | TODO | | SPRINT_153_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | | | | | PY-33-002 | TODO | | SPRINT_153_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | | | | | PY-34-001 | TODO | | SPRINT_153_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | | | | | QA-DOCS-401-008 | TODO | | SPRINT_401_reachability_evidence_chain | QA & Docs Guilds (`docs`, `tests/README.md`) | `docs`, `tests/README.md` | Wire `reachbench-2025-expanded` fixtures into CI, document CAS layouts + replay steps in `docs/reachability/DELIVERY_GUIDE.md`, and publish operator runbook for runtime ingestion. | | | | QA-REACH-201-007 | TODO | | SPRINT_400_runtime_facts_static_callgraph_union | QA Guild (`tests/README.md`) | `tests/README.md` | Integrate `reachbench-2025-expanded` fixture pack under `tests/reachability/`, add evaluator harness tests that validate reachable vs unreachable cases, and wire CI guidance for deterministic runs. | | | | REACH-201-001 | TODO | | SPRINT_400_runtime_facts_static_callgraph_union | Zastava Observer Guild (`src/Zastava/StellaOps.Zastava.Observer`) | `src/Zastava/StellaOps.Zastava.Observer` | | | | | REACH-201-002 | DOING | 2025-11-08 | SPRINT_400_runtime_facts_static_callgraph_union | Scanner Worker Guild (`src/Scanner/StellaOps.Scanner.Worker`) | `src/Scanner/StellaOps.Scanner.Worker` | | | | | REACH-201-003 | DOING | 2025-11-08 | SPRINT_400_runtime_facts_static_callgraph_union | Signals Guild (`src/Signals/StellaOps.Signals`) | `src/Signals/StellaOps.Signals` | | | | | REACH-201-004 | DOING | 2025-11-08 | SPRINT_400_runtime_facts_static_callgraph_union | Signals Guild · Policy Guild (`src/Signals/StellaOps.Signals`, `src/Policy/StellaOps.Policy.Engine`) | `src/Signals/StellaOps.Signals`, `src/Policy/StellaOps.Policy.Engine` | | | | | REACH-201-005 | DOING | 2025-11-08 | SPRINT_400_runtime_facts_static_callgraph_union | BE-Base Platform Guild (`src/__Libraries/StellaOps.Replay.Core`) | `src/__Libraries/StellaOps.Replay.Core` | | | | | REACH-201-006 | TODO | | SPRINT_400_runtime_facts_static_callgraph_union | Docs Guild (`docs`) | | | | | | REACH-201-007 | TODO | | SPRINT_400_runtime_facts_static_callgraph_union | QA Guild (`tests/README.md`) | `tests/README.md` | | | | | REACH-401-005 | TODO | | SPRINT_401_reachability_evidence_chain | Authority & Signer Guilds (`src/Authority/StellaOps.Authority`, `src/Signer/StellaOps.Signer`) | `src/Authority/StellaOps.Authority`, `src/Signer/StellaOps.Signer` | | | | | REACH-401-009 | TODO | | SPRINT_401_reachability_evidence_chain | Scanner Worker Guild (`src/Scanner/StellaOps.Scanner.Worker`, `src/Scanner/__Libraries`) | `src/Scanner/StellaOps.Scanner.Worker`, `src/Scanner/__Libraries` | | | | | REACH-LATTICE-401-023 | TODO | | SPRINT_401_reachability_evidence_chain | Scanner Guild · Policy Guild (`docs/reachability/lattice.md`, `docs/modules/scanner/architecture.md`, `src/Scanner/StellaOps.Scanner.WebService`) | `docs/reachability/lattice.md`, `docs/modules/scanner/architecture.md`, `src/Scanner/StellaOps.Scanner.WebService` | Define the reachability lattice model (`ReachState`, `EvidenceKind`, `MitigationKind`, scoring policy) in Scanner docs + code; ensure evidence joins write to the event graph schema. | | | | READINESS-0001 | TODO | | SPRINT_325_docs_modules_policy | Policy Guild (docs/modules/policy) | docs/modules/policy | | | | | READINESS-0002 | TODO | | SPRINT_325_docs_modules_policy | Policy Guild (docs/modules/policy) | docs/modules/policy | | | | | RECIPES-DOCS-0001 | TODO | | SPRINT_315_docs_modules_ci | Docs Guild (docs/modules/ci) | docs/modules/ci | | | | | RECIPES-ENG-0001 | TODO | | SPRINT_315_docs_modules_ci | Module Team (docs/modules/ci) | docs/modules/ci | | | | | RECIPES-OPS-0001 | TODO | | SPRINT_315_docs_modules_ci | Ops Guild (docs/modules/ci) | docs/modules/ci | | | | | REG-41-001 | TODO | | SPRINT_154_packsregistry | Packs Registry Guild (src/PacksRegistry/StellaOps.PacksRegistry) | src/PacksRegistry/StellaOps.PacksRegistry | | | | | REG-42-001 | TODO | | SPRINT_154_packsregistry | Packs Registry Guild (src/PacksRegistry/StellaOps.PacksRegistry) | src/PacksRegistry/StellaOps.PacksRegistry | | | | | REG-43-001 | TODO | | SPRINT_154_packsregistry | Packs Registry Guild (src/PacksRegistry/StellaOps.PacksRegistry) | src/PacksRegistry/StellaOps.PacksRegistry | | | | | REGISTRY-API-27-001 | TODO | | SPRINT_129_policy_reasoning | Policy Registry Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Define OpenAPI specification covering workspaces, versions, reviews, simulations, promotions, and attestations; publish typed clients for Console/CLI | | | | REGISTRY-API-27-002 | TODO | | SPRINT_129_policy_reasoning | Policy Registry Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Implement workspace storage | REGISTRY-API-27-001 | | | REGISTRY-API-27-003 | TODO | | SPRINT_129_policy_reasoning | Policy Registry Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Integrate compile endpoint: forward source bundle to Policy Engine, persist diagnostics, symbol table, rule index, and complexity metrics | REGISTRY-API-27-002 | | | REGISTRY-API-27-004 | TODO | | SPRINT_129_policy_reasoning | Policy Registry Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Implement quick simulation API with request limits | REGISTRY-API-27-003 | | | REGISTRY-API-27-005 | TODO | | SPRINT_129_policy_reasoning | Policy Registry Guild, Scheduler Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Build batch simulation orchestration: enqueue shards, collect partials, reduce deltas, produce evidence bundles + signed manifest | REGISTRY-API-27-004 | | | REGISTRY-API-27-006 | TODO | | SPRINT_129_policy_reasoning | Policy Registry Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Implement review workflow | REGISTRY-API-27-005 | | | REGISTRY-API-27-007 | TODO | | SPRINT_129_policy_reasoning | Policy Registry Guild, Security Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Implement publish pipeline: sign source/compiled digests, create attestations, mark version immutable, emit events | REGISTRY-API-27-006 | | | REGISTRY-API-27-008 | TODO | | SPRINT_129_policy_reasoning | Policy Registry Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Implement promotion bindings per tenant/environment with canary subsets, rollback path, and environment history | REGISTRY-API-27-007 | | | REGISTRY-API-27-009 | TODO | | SPRINT_129_policy_reasoning | Policy Registry Guild, Observability Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Instrument metrics/logs/traces | REGISTRY-API-27-008 | | | REGISTRY-API-27-010 | TODO | | SPRINT_129_policy_reasoning | Policy Registry Guild, QA Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Build unit/integration/load test suites for compile/sim/review/publish/promote flows; provide seeded fixtures for CI | REGISTRY-API-27-009 | | | REL-17-004 | BLOCKED | 2025-10-26 | SPRINT_506_ops_devops_iv | DevOps Guild (ops/devops) | ops/devops | | | | | REP-004 | TODO | | SPRINT_401_reachability_evidence_chain | BE-Base Platform Guild (`src/__Libraries/StellaOps.Replay.Core`, `docs/replay/DETERMINISTIC_REPLAY.md`) | `src/__Libraries/StellaOps.Replay.Core`, `docs/replay/DETERMINISTIC_REPLAY.md` | | | | | REPLAY-185-003 | TODO | | SPRINT_185_shared_replay_primitives | Docs Guild, Platform Data Guild (docs) | | | | | | REPLAY-185-004 | TODO | | SPRINT_185_shared_replay_primitives | Docs Guild (docs) | | | | | | REPLAY-186-001 | TODO | | SPRINT_186_record_deterministic_execution | Scanner Guild (`src/Scanner/StellaOps.Scanner.WebService`, `docs/modules/scanner/architecture.md`) | `src/Scanner/StellaOps.Scanner.WebService`, `docs/modules/scanner/architecture.md` | | | | | REPLAY-186-002 | TODO | | SPRINT_186_record_deterministic_execution | Scanner Guild (`src/Scanner/StellaOps.Scanner.Worker`, `docs/modules/scanner/deterministic-execution.md`) | `src/Scanner/StellaOps.Scanner.Worker`, `docs/modules/scanner/deterministic-execution.md` | | | | | REPLAY-186-003 | TODO | | SPRINT_186_record_deterministic_execution | Signing Guild (`src/Signer/StellaOps.Signer`, `src/Authority/StellaOps.Authority`) | `src/Signer/StellaOps.Signer`, `src/Authority/StellaOps.Authority` | | | | | REPLAY-186-004 | TODO | | SPRINT_186_record_deterministic_execution | Docs Guild (`docs`) | | | | | | REPLAY-187-001 | TODO | | SPRINT_160_export_evidence | Evidence Locker Guild · docs/modules/evidence-locker/architecture.md | docs/modules/evidence-locker/architecture.md | | | | | REPLAY-187-002 | TODO | | SPRINT_160_export_evidence | CLI Guild · `docs/modules/cli/architecture.md` | docs/modules/cli/architecture.md | | | | | REPLAY-187-003 | TODO | | SPRINT_187_evidence_locker_cli_integration | Attestor Guild (`src/Attestor/StellaOps.Attestor`, `docs/modules/attestor/architecture.md`) | `src/Attestor/StellaOps.Attestor`, `docs/modules/attestor/architecture.md` | | | | | REPLAY-187-004 | TODO | | SPRINT_160_export_evidence | Docs/Ops Guild · `/docs/runbooks/replay_ops.md` | docs/runbooks/replay_ops.md | | | | | REPLAY-401-004 | TODO | | SPRINT_401_reachability_evidence_chain | BE-Base Platform Guild (`src/__Libraries/StellaOps.Replay.Core`) | `src/__Libraries/StellaOps.Replay.Core` | Bump replay manifest to v2 (feeds, analyzers, policies), have `ReachabilityReplayWriter` enforce CAS registration + hash sorting, and add deterministic tests to `tests/reachability/StellaOps.Reachability.FixtureTests`. | | | | REPLAY-CORE-185-001 | TODO | | SPRINT_185_shared_replay_primitives | Platform Guild | `src/__Libraries/StellaOps.Replay.Core` | Scaffold `StellaOps.Replay.Core` with manifest schema types, canonical JSON rules, Merkle utilities, and DSSE payload builders; add `AGENTS.md`/`TASKS.md` for the new library; cross-reference `docs/replay/DETERMINISTIC_REPLAY.md` section 3 when updating the library charter. | Mirrors #1 | RLRC0101 | | REPLAY-CORE-185-002 | TODO | | SPRINT_185_shared_replay_primitives | Platform Guild | src/__Libraries/StellaOps.Replay.Core | Implement deterministic bundle writer (tar.zst, CAS naming) and hashing abstractions, updating `docs/modules/platform/architecture-overview.md` with a “Replay CAS” subsection that documents layout/retention expectations. | Mirrors #2 | RLRC0101 | | REPLAY-CORE-185-003 | TODO | | SPRINT_185_shared_replay_primitives | Platform Data Guild | src/__Libraries/StellaOps.Replay.Core | Define Mongo collections (`replay_runs`, `replay_bundles`, `replay_subjects`) and indices, then author `docs/data/replay_schema.md` detailing schema fields, constraints, and offline sync strategy. | Mirrors #3 | RLRC0101 | | REPLAY-REACH-201-005 | DOING | 2025-11-08 | SPRINT_400_runtime_facts_static_callgraph_union | BE-Base Platform Guild (`src/__Libraries/StellaOps.Replay.Core`) | `src/__Libraries/StellaOps.Replay.Core` | Update `StellaOps.Replay.Core` manifest schema + bundle writer so replay packs capture reachability graphs, runtime traces, analyzer versions, and evidence hashes; document new CAS namespace. | | | | RISK-66-001 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild, Risk Engine Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | | | | | RISK-66-002 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | | | | | RISK-66-003 | TODO | | SPRINT_127_policy_reasoning | Policy Guild, Risk Profile Schema Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | | POLICY-RISK-66-002 | | | RISK-66-004 | TODO | | SPRINT_127_policy_reasoning | Policy Guild, Risk Profile Schema Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | | POLICY-RISK-66-003 | | | RISK-67-001 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | | | | | RISK-67-002 | TODO | | SPRINT_128_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | | POLICY-RISK-67-001 | | | RISK-67-003 | TODO | | SPRINT_128_policy_reasoning | Policy Guild, Risk Engine Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | | POLICY-RISK-67-002 | | | RISK-67-004 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild, CLI Guild (docs) | | | | | | RISK-68-001 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild, Policy Studio Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | | | | | RISK-68-002 | TODO | | SPRINT_128_policy_reasoning | Risk Profile Schema Guild / src/Policy/StellaOps.Policy.RiskProfile | src/Policy/StellaOps.Policy.RiskProfile | | POLICY-RISK-68-001 | | | RISK-69-001 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild, Notifications Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | | | | | RISK-69-002 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild, Risk Engine Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | | | RISK-70-001 | TODO | | SPRINT_128_policy_reasoning | Policy Guild, Export Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | | POLICY-RISK-69-001 | | | RISK-90-001 | TODO | | SPRINT_126_policy_reasoning | Policy Guild, Scanner Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | | | | | RISK-BUNDLE-69-001 | TODO | | SPRINT_164_exportcenter_iii | Risk Bundle Export Guild, Risk Engine Guild (src/ExportCenter/StellaOps.ExportCenter.RiskBundles) | src/ExportCenter/StellaOps.ExportCenter.RiskBundles | Implement `stella export risk-bundle` job producing tarball with provider datasets, manifests, and DSSE signatures. | | | | RISK-BUNDLE-69-002 | TODO | | SPRINT_164_exportcenter_iii | Risk Bundle Export Guild, DevOps Guild (src/ExportCenter/StellaOps.ExportCenter.RiskBundles) | src/ExportCenter/StellaOps.ExportCenter.RiskBundles | Integrate bundle job into CI/offline kit pipelines with checksum publication. Dependencies: RISK-BUNDLE-69-001. | | | | RISK-BUNDLE-70-001 | TODO | | SPRINT_164_exportcenter_iii | Risk Bundle Export Guild, CLI Guild (src/ExportCenter/StellaOps.ExportCenter.RiskBundles) | src/ExportCenter/StellaOps.ExportCenter.RiskBundles | Provide CLI `stella risk bundle verify` command to validate bundles before import. Dependencies: RISK-BUNDLE-69-002. | | | | RISK-BUNDLE-70-002 | TODO | | SPRINT_164_exportcenter_iii | Risk Bundle Export Guild, Docs Guild (src/ExportCenter/StellaOps.ExportCenter.RiskBundles) | src/ExportCenter/StellaOps.ExportCenter.RiskBundles | Publish `/docs/airgap/risk-bundles.md` detailing build/import/verification workflows. Dependencies: RISK-BUNDLE-70-001. | | | | RISK-ENGINE-66-001 | TODO | | SPRINT_129_policy_reasoning | Risk Engine Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Scaffold scoring service (job queue, worker loop, provider registry) with deterministic execution harness | | | | RISK-ENGINE-66-002 | TODO | | SPRINT_129_policy_reasoning | Risk Engine Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Implement default transforms | RISK-ENGINE-66-001 | | | RISK-ENGINE-67-001 | TODO | | SPRINT_129_policy_reasoning | Risk Engine Guild, Concelier Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Integrate CVSS and KEV providers pulling data from Conseiller; implement reducers | RISK-ENGINE-66-002 | | | RISK-ENGINE-67-002 | TODO | | SPRINT_129_policy_reasoning | Risk Engine Guild, Excitor Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Integrate VEX gate provider and ensure gating short-circuits scoring as configured | RISK-ENGINE-67-001 | | | RISK-ENGINE-67-003 | TODO | | SPRINT_129_policy_reasoning | Risk Engine Guild, Policy Engine Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Add fix availability, asset criticality, and internet exposure providers with caching + TTL enforcement | RISK-ENGINE-67-002 | | | RISK-ENGINE-68-001 | TODO | | SPRINT_129_policy_reasoning | Risk Engine Guild, Findings Ledger Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Persist scoring results + explanation pointers to Findings Ledger; handle incremental updates via input hash | RISK-ENGINE-67-003 | | | RISK-ENGINE-68-002 | TODO | | SPRINT_129_policy_reasoning | Risk Engine Guild, API Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Expose APIs | RISK-ENGINE-68-001 | | | RISK-ENGINE-69-001 | TODO | | SPRINT_129_policy_reasoning | Risk Engine Guild, Policy Studio Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Implement simulation mode producing distributions and top movers without mutating ledger | RISK-ENGINE-68-002 | | | RISK-ENGINE-69-002 | TODO | | SPRINT_129_policy_reasoning | Risk Engine Guild, Observability Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Add telemetry | RISK-ENGINE-69-001 | | | RISK-ENGINE-70-001 | TODO | | SPRINT_129_policy_reasoning | Risk Engine Guild, Export Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Support offline provider bundles with manifest verification and missing-data reporting | RISK-ENGINE-69-002 | | | RISK-ENGINE-70-002 | TODO | | SPRINT_129_policy_reasoning | Risk Engine Guild, Observability Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Integrate runtime evidence provider and reachability provider outputs with caching + TTL | RISK-ENGINE-70-001 | | | RULES-33-001 | REVIEW (2025-10-30) | 2025-10-30 | SPRINT_506_ops_devops_iv | DevOps Guild, Platform Leads (ops/devops) | ops/devops | | | | | RUNBOOK-401-017 | TODO | | SPRINT_401_reachability_evidence_chain | Docs Guild · Ops Guild (`docs/runbooks/reachability-runtime.md`, `docs/reachability/DELIVERY_GUIDE.md`) | `docs/runbooks/reachability-runtime.md`, `docs/reachability/DELIVERY_GUIDE.md` | | | | | RUNBOOK-55-001 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild, Ops Guild (docs) | | | | | | RUNBOOK-REPLAY-187-004 | TODO | | SPRINT_160_export_evidence | Docs/Ops Guild · `/docs/runbooks/replay_ops.md` | docs/runbooks/replay_ops.md | Docs/Ops Guild · `/docs/runbooks/replay_ops.md` | | | | RUNTIME-401-002 | TODO | | SPRINT_401_reachability_evidence_chain | Signals Guild (`src/Signals/StellaOps.Signals`) | `src/Signals/StellaOps.Signals` | | | | | RUNTIME-PROBE-401-010 | TODO | | SPRINT_401_reachability_evidence_chain | Runtime Signals Guild (`src/Signals/StellaOps.Signals.Runtime`, `ops/probes`) | `src/Signals/StellaOps.Signals.Runtime`, `ops/probes` | Implement lightweight runtime probes (EventPipe/.NET, JFR/JVM) that capture method enter events for the target components, package them as CAS traces, and feed them into the Signals ingestion pipeline. | | | | SAMPLES-GRAPH-24-003 | TODO | | SPRINT_509_samples | Samples Guild, SBOM Service Guild (samples) | | Generate large-scale SBOM graph fixture (≈40k nodes) with policy overlay snapshot for performance/perf regression suites. | | | | SAMPLES-GRAPH-24-004 | TODO | | SPRINT_509_samples | Samples Guild, UI Guild (samples) | | Create vulnerability explorer JSON/CSV fixtures capturing conflicting evidence and policy outputs for UI/CLI automated tests. Dependencies: SAMPLES-GRAPH-24-003. | | | | SAMPLES-LNM-22-001 | BLOCKED | 2025-10-27 | SPRINT_509_samples | Samples Guild, Concelier Guild (samples) | | Create advisory observation/linkset fixtures (NVD, GHSA, OSV disagreements) for API/CLI/UI tests with documented conflicts. Waiting on finalized schema/linkset outputs. | | | | SAMPLES-LNM-22-002 | BLOCKED | 2025-10-27 | SPRINT_509_samples | Samples Guild, Excititor Guild (samples) | | Produce VEX observation/linkset fixtures demonstrating status conflicts and path relevance; include raw blobs. Pending Excititor observation/linkset implementation. Dependencies: SAMPLES-LNM-22-001. | | | | SBOM-60-001 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | | | SBOM-60-002 | TODO | | SPRINT_203_cli_iii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | | | SBOM-AIAI-31-001 | TODO | | SPRINT_140_runtime_signals | — | | Advisory AI path/timeline endpoints specced; awaiting projection schema finalization. | — | DOAI0101 | | SBOM-AIAI-31-002 | TODO | | SPRINT_140_runtime_signals | | | Metrics/dashboards tied to 31-001; blocked on the same schema availability. | | | | SBOM-AIAI-31-003 | TODO | 2025-11-03 | SPRINT_111_advisoryai | SBOM Service Guild, Advisory AI Guild (src/SbomService/StellaOps.SbomService) | src/SbomService/StellaOps.SbomService | Publish the Advisory AI hand-off kit for `/v1/sbom/context`, share base URL/API key + tenant header contract, and run a joint end-to-end retrieval smoke test with Advisory AI. Dependencies: SBOM-AIAI-31-001. | | | | SBOM-CONSOLE-23-001 | TODO | | SPRINT_140_runtime_signals | | | Console catalog API draft complete; depends on Concelier/Cartographer payload definitions. | | | | SBOM-CONSOLE-23-002 | TODO | | SPRINT_140_runtime_signals | | | Global component lookup API needs 23-001 responses + cache hints before work can start. | | | | SBOM-DET-01 | TODO | | SPRINT_209_ui_i | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | | | | | SBOM-ORCH-32-001 | TODO | | SPRINT_140_runtime_signals | | | Orchestrator registration is sequenced after projection schema because payload shapes map into job metadata. | | | | SBOM-ORCH-33-001 | TODO | | SPRINT_140_runtime_signals | | | Backpressure/telemetry features depend on 32-001 workers. | | | | SBOM-ORCH-34-001 | TODO | | SPRINT_140_runtime_signals | | | Backfill + watermark logic requires the orchestrator integration from 33-001. | | | | SBOM-SERVICE-21-001 | BLOCKED | | SPRINT_140_runtime_signals | | | Normalized SBOM projection schema cannot ship until Concelier (`CONCELIER-GRAPH-21-001`) delivers Link-Not-Merge definitions. | | | | SBOM-SERVICE-21-002 | BLOCKED | | SPRINT_140_runtime_signals | | | Change events hinge on 21-001 response contract; no work underway. | | | | SBOM-SERVICE-21-003 | BLOCKED | | SPRINT_140_runtime_signals | | | Entry point/service node management blocked behind 21-002 event outputs. | | | | SBOM-SERVICE-21-004 | BLOCKED | | SPRINT_140_runtime_signals | | | Observability wiring follows projection + event pipelines; on hold. | | | | SBOM-SERVICE-23-001 | TODO | | SPRINT_140_runtime_signals | | | Asset metadata extensions queued once 21-004 observability baseline exists. | | | | SBOM-SERVICE-23-002 | TODO | | SPRINT_140_runtime_signals | | | Asset update events depend on 23-001 schema. | | | | SBOM-VULN-29-001 | TODO | | SPRINT_140_runtime_signals | | | Inventory evidence feed deferred until projection schema + runtime align. | | | | SBOM-VULN-29-002 | TODO | | SPRINT_140_runtime_signals | | | Resolver feed requires 29-001 event payloads. | | | | SCAN-001 | TODO | | SPRINT_400_runtime_facts_static_callgraph_union | Scanner Worker Guild (`src/Scanner/StellaOps.Scanner.Worker`, `docs/modules/scanner/architecture.md`, `docs/reachability/function-level-evidence.md`) | `src/Scanner/StellaOps.Scanner.Worker`, `docs/modules/scanner/architecture.md`, `docs/reachability/function-level-evidence.md` | | | | | SCAN-90-004 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild, Scanner Guild (ops/devops) | ops/devops | | | | | SCAN-DETER-186-008 | TODO | | SPRINT_186_record_deterministic_execution | Scanner Guild · Provenance Guild | `src/Scanner/StellaOps.Scanner.WebService`, `src/Scanner/StellaOps.Scanner.Worker` | Add deterministic execution switches to Scanner (fixed clock, RNG seed, concurrency cap, feed/policy snapshot pins, log filtering) available via CLI/env/config so repeated runs stay hermetic. | ENTROPY-186-012 & SCANNER-ENV-02 | SCDE0102 | | SCAN-DETER-186-009 | TODO | | SPRINT_186_record_deterministic_execution | Scanner Guild, QA Guild (`src/Scanner/StellaOps.Scanner.Replay`, `src/Scanner/__Tests`) | `src/Scanner/StellaOps.Scanner.Replay`, `src/Scanner/__Tests` | Build a determinism harness that replays N scans per image, canonicalises SBOM/VEX/findings/log outputs, and records per-run hash matrices (see `docs/modules/scanner/determinism-score.md`). | | | | SCAN-DETER-186-010 | TODO | | SPRINT_186_record_deterministic_execution | Scanner Guild, Export Center Guild (`src/Scanner/StellaOps.Scanner.WebService`, `docs/modules/scanner/operations/release.md`) | `src/Scanner/StellaOps.Scanner.WebService`, `docs/modules/scanner/operations/release.md` | Emit and publish `determinism.json` (scores, artifact hashes, non-identical diffs) alongside each scanner release via CAS/object storage APIs (documented in `docs/modules/scanner/determinism-score.md`). | | | | SCAN-ENTROPY-186-011 | TODO | | SPRINT_186_record_deterministic_execution | Scanner Guild (`src/Scanner/StellaOps.Scanner.Worker`, `src/Scanner/__Libraries`) | `src/Scanner/StellaOps.Scanner.Worker`, `src/Scanner/__Libraries` | Implement entropy analysis for ELF/PE/Mach-O executables and large opaque blobs (sliding-window metrics, section heuristics), flagging high-entropy regions and recording offsets/hints (see `docs/modules/scanner/entropy.md`). | | | | SCAN-ENTROPY-186-012 | TODO | | SPRINT_186_record_deterministic_execution | Scanner Guild, Provenance Guild (`src/Scanner/StellaOps.Scanner.WebService`, `docs/replay/DETERMINISTIC_REPLAY.md`) | `src/Scanner/StellaOps.Scanner.WebService`, `docs/replay/DETERMINISTIC_REPLAY.md` | Generate `entropy.report.json` and image-level penalties, attach evidence to scan manifests/attestations, and expose opaque ratios for downstream policy engines (`docs/modules/scanner/entropy.md`). | | | | SCAN-REACH-201-002 | DOING | 2025-11-08 | SPRINT_400_runtime_facts_static_callgraph_union | Scanner Worker Guild (`src/Scanner/StellaOps.Scanner.Worker`) | `src/Scanner/StellaOps.Scanner.Worker` | Ship language-aware static lifters (JVM, .NET/Roslyn+IL, Go SSA, Node/Deno TS AST, Rust MIR, Swift SIL, shell/binary analyzers) in Scanner Worker; emit canonical SymbolIDs, CAS-stored graphs, and attach reachability tags to SBOM components. | | | | SCAN-REACH-401-009 | TODO | | SPRINT_401_reachability_evidence_chain | Scanner Worker Guild (`src/Scanner/StellaOps.Scanner.Worker`, `src/Scanner/__Libraries`) | `src/Scanner/StellaOps.Scanner.Worker`, `src/Scanner/__Libraries` | Ship .NET/JVM symbolizers and call-graph generators (roots, edges, framework adapters), merge results into component-level reachability manifests, and back them with golden fixtures. | | | | SCAN-REPLAY-186-001 | TODO | | SPRINT_186_record_deterministic_execution | Scanner Guild (`src/Scanner/StellaOps.Scanner.WebService`, `docs/modules/scanner/architecture.md`) | `src/Scanner/StellaOps.Scanner.WebService`, `docs/modules/scanner/architecture.md` | Implement `record` mode in `StellaOps.Scanner.WebService` (manifest assembly, policy/feed/tool hash capture, CAS uploads) and document the workflow in `docs/modules/scanner/architecture.md` with references to `docs/replay/DETERMINISTIC_REPLAY.md` Section 6. | | | | SCAN-REPLAY-186-002 | TODO | | SPRINT_186_record_deterministic_execution | Scanner Guild (`src/Scanner/StellaOps.Scanner.Worker`, `docs/modules/scanner/deterministic-execution.md`) | `src/Scanner/StellaOps.Scanner.Worker`, `docs/modules/scanner/deterministic-execution.md` | Update `StellaOps.Scanner.Worker` analyzers to consume sealed input bundles, enforce deterministic ordering, and contribute Merkle metadata; extend `docs/modules/scanner/deterministic-execution.md` (new) summarising invariants drawn from `docs/replay/DETERMINISTIC_REPLAY.md` Section 4. | | | | SCANNER-ANALYZERS-DENO-26-001 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Build the deterministic input normalizer + VFS merger for `deno.json(c)`, import maps, lockfiles, vendor trees, `$DENO_DIR`, and OCI layers so analyzers have a canonical file view. | | | | SCANNER-ANALYZERS-DENO-26-002 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Implement the module graph resolver covering static/dynamic imports, npm bridge, cache lookups, built-ins, WASM/JSON assertions, and annotate edges with their resolution provenance. | SCANNER-ANALYZERS-DENO-26-001 | | | SCANNER-ANALYZERS-DENO-26-003 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Ship the npm/node compatibility adapter that maps `npm:` specifiers, evaluates `exports` conditionals, and logs builtin usage for policy overlays. | SCANNER-ANALYZERS-DENO-26-002 | | | SCANNER-ANALYZERS-DENO-26-004 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Add the permission/capability analyzer covering FS/net/env/process/crypto/FFI/workers plus dynamic-import + literal fetch heuristics with reason codes. | SCANNER-ANALYZERS-DENO-26-003 | | | SCANNER-ANALYZERS-DENO-26-005 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Build bundle/binary inspectors for eszip and `deno compile` executables to recover graphs, configs, embedded resources, and snapshots. | SCANNER-ANALYZERS-DENO-26-004 | | | SCANNER-ANALYZERS-DENO-26-006 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Implement the OCI/container adapter that stitches per-layer Deno caches, vendor trees, and compiled binaries back into provenance-aware analyzer inputs. | SCANNER-ANALYZERS-DENO-26-005 | | | SCANNER-ANALYZERS-DENO-26-007 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Produce AOC-compliant observation writers (entrypoints, modules, capability edges, workers, warnings, binaries) with deterministic reason codes. | SCANNER-ANALYZERS-DENO-26-006 | | | SCANNER-ANALYZERS-DENO-26-008 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild, QA Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Finalize fixture + benchmark suite (vendor/npm/FFI/worker/dynamic import/bundle/cache/container cases) validating analyzer determinism and performance. | SCANNER-ANALYZERS-DENO-26-007 | | | SCANNER-ANALYZERS-DENO-26-009 | TODO | | SPRINT_131_scanner_surface | Deno Analyzer Guild, Signals Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Optional runtime evidence hooks (loader/require shim) capturing module loads + permissions during harnessed execution with path hashing. | SCANNER-ANALYZERS-DENO-26-008 | | | SCANNER-ANALYZERS-DENO-26-010 | TODO | | SPRINT_131_scanner_surface | Deno Analyzer Guild, DevOps Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Package analyzer plug-in, add CLI (`stella deno inspect`, `stella deno resolve`, `stella deno trace`) commands, update Offline Kit docs, ensure Worker integration. | SCANNER-ANALYZERS-DENO-26-009 | | | SCANNER-ANALYZERS-DENO-26-011 | TODO | | SPRINT_131_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Policy signal emitter: net/fs/env/ffi/process/crypto capabilities, remote origin list, npm usage, wasm modules, dynamic-import warnings. | SCANNER-ANALYZERS-DENO-26-010 | | | SCANNER-ANALYZERS-JAVA-21-005 | TODO | | SPRINT_131_scanner_surface | Java Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Framework config extraction: Spring Boot imports, spring.factories, application properties/yaml, Jakarta web.xml & fragments, JAX-RS/JPA/CDI/JAXB configs, logging files, Graal native-image configs. | | | | SCANNER-ANALYZERS-JAVA-21-006 | TODO | | SPRINT_131_scanner_surface | Java Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | JNI/native hint scanner: detect native methods, System.load/Library literals, bundled native libs, Graal JNI configs; emit `jni-load` edges for native analyzer correlation. | SCANNER-ANALYZERS-JAVA-21-005 | | | SCANNER-ANALYZERS-JAVA-21-007 | TODO | | SPRINT_131_scanner_surface | Java Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Signature and manifest metadata collector: verify JAR signature structure, capture signers, manifest loader attributes (Main-Class, Agent-Class, Start-Class, Class-Path). | SCANNER-ANALYZERS-JAVA-21-006 | | | SCANNER-ANALYZERS-JAVA-21-008 | BLOCKED | 2025-10-27 | SPRINT_131_scanner_surface | Java Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Implement resolver + AOC writer: produce entrypoints (env profiles, warnings), components (jar_id + semantic ids), edges (jpms, cp, spi, reflect, jni) with reason codes/confidence. | SCANNER-ANALYZERS-JAVA-21-007 | | | SCANNER-ANALYZERS-JAVA-21-009 | TODO | | SPRINT_131_scanner_surface | Java Analyzer Guild, QA Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Author comprehensive fixtures (modular app, boot fat jar, war, ear, MR-jar, jlink image, JNI, reflection heavy, signed jar, microprofile) with golden outputs and perf benchmarks. | SCANNER-ANALYZERS-JAVA-21-008 | | | SCANNER-ANALYZERS-JAVA-21-010 | TODO | | SPRINT_131_scanner_surface | Java Analyzer Guild, Signals Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Optional runtime ingestion: Java agent + JFR reader capturing class load, ServiceLoader, and System.load events with path scrubbing. Emit append-only runtime edges `runtime-class`/`runtime-spi`/`runtime-load`. | SCANNER-ANALYZERS-JAVA-21-009 | | | SCANNER-ANALYZERS-JAVA-21-011 | TODO | | SPRINT_131_scanner_surface | Java Analyzer Guild, DevOps Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Package analyzer as restart-time plug-in (manifest/DI), update Offline Kit docs, add CLI/worker hooks for Java inspection commands. | SCANNER-ANALYZERS-JAVA-21-010 | | | SCANNER-ANALYZERS-LANG-11-001 | TODO | | SPRINT_131_scanner_surface | StellaOps.Scanner EPDR Guild, Language Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Build entrypoint resolver that maps project/publish artifacts to entrypoint identities (assembly name, MVID, TFM, RID) and environment profiles (publish mode, host kind, probing paths). Output normalized `entrypoints[]` records with deterministic IDs. | SCANNER-ANALYZERS-LANG-10-309 | | | SCANNER-ANALYZERS-LANG-11-002 | TODO | | SPRINT_132_scanner_surface | StellaOps.Scanner EPDR Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Implement static analyzer (IL + reflection heuristics) capturing AssemblyRef, ModuleRef/PInvoke, DynamicDependency, reflection literals, DI patterns, and custom AssemblyLoadContext probing hints. Emit dependency edges with reason codes and confidence. | SCANNER-ANALYZERS-LANG-11-001 | | | SCANNER-ANALYZERS-LANG-11-003 | TODO | | SPRINT_132_scanner_surface | StellaOps.Scanner EPDR Guild, Signals Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Ingest optional runtime evidence (AssemblyLoad, Resolving, P/Invoke) via event listener harness; merge runtime edges with static/declared ones and attach reason codes/confidence. | SCANNER-ANALYZERS-LANG-11-002 | | | SCANNER-ANALYZERS-LANG-11-004 | TODO | | SPRINT_132_scanner_surface | StellaOps.Scanner EPDR Guild, SBOM Service Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Produce normalized observation export to Scanner writer: entrypoints + dependency edges + environment profiles (AOC compliant). Wire to SBOM service entrypoint tagging. | SCANNER-ANALYZERS-LANG-11-003 | | | SCANNER-ANALYZERS-LANG-11-005 | TODO | | SPRINT_132_scanner_surface | StellaOps.Scanner EPDR Guild, QA Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Add comprehensive fixtures/benchmarks covering framework-dependent, self-contained, single-file, trimmed, NativeAOT, multi-RID scenarios; include explain traces and perf benchmarks vs previous analyzer. | SCANNER-ANALYZERS-LANG-11-004 | | | SCANNER-ANALYZERS-NATIVE-20-001 | TODO | | SPRINT_132_scanner_surface | Native Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Implement format detector and binary identity model supporting ELF, PE/COFF, and Mach-O (including fat slices). Capture arch, OS, build-id/UUID, interpreter metadata. | | | | SCANNER-ANALYZERS-NATIVE-20-002 | TODO | | SPRINT_132_scanner_surface | Native Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Parse ELF dynamic sections: `DT_NEEDED`, `DT_RPATH`, `DT_RUNPATH`, symbol versions, interpreter, and note build-id. Emit declared dependency records with reason `elf-dtneeded` and attach version needs. | SCANNER-ANALYZERS-NATIVE-20-001 | | | SCANNER-ANALYZERS-NATIVE-20-003 | TODO | | SPRINT_132_scanner_surface | Native Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Parse PE imports, delay-load tables, manifests/SxS metadata, and subsystem flags. Emit edges with reasons `pe-import` and `pe-delayimport`, plus SxS policy metadata. | SCANNER-ANALYZERS-NATIVE-20-002 | | | SCANNER-ANALYZERS-NATIVE-20-004 | TODO | | SPRINT_132_scanner_surface | Native Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Parse Mach-O load commands (`LC_LOAD_DYLIB`, `LC_REEXPORT_DYLIB`, `LC_RPATH`, `LC_UUID`, fat headers). Handle `@rpath/@loader_path` placeholders and slice separation. | SCANNER-ANALYZERS-NATIVE-20-003 | | | SCANNER-ANALYZERS-NATIVE-20-005 | TODO | | SPRINT_132_scanner_surface | Native Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Implement resolver engine modeling loader search order for ELF (rpath/runpath/cache/default), PE (SafeDll search + SxS), and Mach-O (`@rpath` expansion). Works against virtual image roots, producing explain traces. | SCANNER-ANALYZERS-NATIVE-20-004 | | | SCANNER-ANALYZERS-NATIVE-20-006 | TODO | | SPRINT_132_scanner_surface | Native Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Build heuristic scanner for `dlopen`/`LoadLibrary` strings, plugin ecosystem configs, and Go/Rust static hints. Emit edges with `reason_code` (`string-dlopen`, `config-plugin`, `ecosystem-heuristic`) and confidence levels. | SCANNER-ANALYZERS-NATIVE-20-005 | | | SCANNER-ANALYZERS-NATIVE-20-007 | TODO | | SPRINT_132_scanner_surface | Native Analyzer Guild, SBOM Service Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Serialize AOC-compliant observations: entrypoints + dependency edges + environment profiles (search paths, interpreter, loader metadata). Integrate with Scanner writer API. | SCANNER-ANALYZERS-NATIVE-20-006 | | | SCANNER-ANALYZERS-NATIVE-20-008 | TODO | | SPRINT_132_scanner_surface | Native Analyzer Guild, QA Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Author cross-platform fixtures (ELF dynamic/static, PE delay-load/SxS, Mach-O @rpath, plugin configs) and determinism benchmarks (<25 ms / binary, <250 MB). | SCANNER-ANALYZERS-NATIVE-20-007 | | | SCANNER-ANALYZERS-NATIVE-20-009 | TODO | | SPRINT_132_scanner_surface | Native Analyzer Guild, Signals Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Provide optional runtime capture adapters (Linux eBPF `dlopen`, Windows ETW ImageLoad, macOS dyld interpose) writing append-only runtime evidence. Include redaction/sandbox guidance. | SCANNER-ANALYZERS-NATIVE-20-008 | | | SCANNER-ANALYZERS-NATIVE-20-010 | TODO | | SPRINT_132_scanner_surface | Native Analyzer Guild, DevOps Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Package native analyzer as restart-time plug-in with manifest/DI registration; update Offline Kit bundle + documentation. | SCANNER-ANALYZERS-NATIVE-20-009 | | | SCANNER-ANALYZERS-NODE-22-001 | TODO | | SPRINT_132_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Build input normalizer + VFS for Node projects: dirs, tgz, container layers, pnpm store, Yarn PnP zips; detect Node version targets (`.nvmrc`, `.node-version`, Dockerfile) and workspace roots deterministically. | | | | SCANNER-ANALYZERS-NODE-22-002 | TODO | | SPRINT_132_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Implement entrypoint discovery (bin/main/module/exports/imports, workers, electron, shebang scripts) and condition set builder per entrypoint. | SCANNER-ANALYZERS-NODE-22-001 | | | SCANNER-ANALYZERS-NODE-22-003 | TODO | | SPRINT_132_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Parse JS/TS sources for static `import`, `require`, `import()` and string concat cases; flag dynamic patterns with confidence levels; support source map de-bundling. | SCANNER-ANALYZERS-NODE-22-002 | | | SCANNER-ANALYZERS-NODE-22-004 | TODO | | SPRINT_132_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Implement Node resolver engine for CJS + ESM (core modules, exports/imports maps, conditions, extension priorities, self-references) parameterised by node_version. | SCANNER-ANALYZERS-NODE-22-003 | | | SCANNER-ANALYZERS-NODE-22-005 | TODO | | SPRINT_132_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Add package manager adapters: Yarn PnP (.pnp.data/.pnp.cjs), pnpm virtual store, npm/Yarn classic hoists; operate entirely in virtual FS. | SCANNER-ANALYZERS-NODE-22-004 | | | SCANNER-ANALYZERS-NODE-22-006 | TODO | | SPRINT_133_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Detect bundles + source maps, reconstruct module specifiers, and correlate to original paths; support dual CJS/ESM graphs with conditions. | SCANNER-ANALYZERS-NODE-22-005 | | | SCANNER-ANALYZERS-NODE-22-007 | TODO | | SPRINT_133_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Scan for native addons (.node), WASM modules, and core capability signals (child_process, vm, worker_threads); emit hint edges and native metadata. | SCANNER-ANALYZERS-NODE-22-006 | | | SCANNER-ANALYZERS-NODE-22-008 | TODO | | SPRINT_133_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Produce AOC-compliant observations: entrypoints, components (pkg/native/wasm), edges (esm-import, cjs-require, exports, json, native-addon, wasm, worker) with reason codes/confidence and resolver traces. | SCANNER-ANALYZERS-NODE-22-007 | | | SCANNER-ANALYZERS-NODE-22-009 | TODO | | SPRINT_133_scanner_surface | Node Analyzer Guild, QA Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Author fixture suite + performance benchmarks (npm, pnpm, PnP, bundle, electron, worker) with golden outputs and latency budgets. | SCANNER-ANALYZERS-NODE-22-008 | | | SCANNER-ANALYZERS-NODE-22-010 | TODO | | SPRINT_133_scanner_surface | Node Analyzer Guild, Signals Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Implement optional runtime evidence hooks (ESM loader, CJS require hook) with path scrubbing and loader ID hashing; emit runtime-* edges. | SCANNER-ANALYZERS-NODE-22-009 | | | SCANNER-ANALYZERS-NODE-22-011 | TODO | | SPRINT_133_scanner_surface | Node Analyzer Guild, DevOps Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Package updated analyzer as restart-time plug-in, expose Scanner CLI (`stella node *`) commands, refresh Offline Kit documentation. | SCANNER-ANALYZERS-NODE-22-010 | | | SCANNER-ANALYZERS-NODE-22-012 | TODO | | SPRINT_133_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Integrate container filesystem adapter (OCI layers, Dockerfile hints) and record NODE_OPTIONS/env warnings. | SCANNER-ANALYZERS-NODE-22-011 | | | SCANNER-ANALYZERS-PHP-27-001 | TODO | | SPRINT_133_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Build input normalizer & VFS for PHP projects: merge source trees, composer manifests, vendor/, php.ini/conf.d, `.htaccess`, FPM configs, container layers. Detect framework/CMS fingerprints deterministically. | — | SCSA0101 | | SCANNER-ANALYZERS-PHP-27-002 | TODO | | SPRINT_133_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Composer/Autoload analyzer: parse composer.json/lock/installed.json, generate package nodes, autoload edges (psr-4/0/classmap/files), bin entrypoints, composer plugins. | SCANNER-ANALYZERS-PHP-27-001 | | | SCANNER-ANALYZERS-PHP-27-003 | TODO | | SPRINT_133_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Include/require graph builder: resolve static includes, capture dynamic include patterns, bootstrap chains, merge with autoload edges. | SCANNER-ANALYZERS-PHP-27-002 | | | SCANNER-ANALYZERS-PHP-27-004 | TODO | | SPRINT_133_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Runtime capability scanner: detect exec/fs/net/env/serialization/crypto/database usage, stream wrappers, uploads; record evidence snippets. | SCANNER-ANALYZERS-PHP-27-003 | | | SCANNER-ANALYZERS-PHP-27-005 | TODO | | SPRINT_133_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | PHAR/Archive inspector: parse phar manifests/stubs, hash files, detect embedded vendor trees and phar:// usage. | SCANNER-ANALYZERS-PHP-27-004 | | | SCANNER-ANALYZERS-PHP-27-006 | TODO | | SPRINT_133_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Framework/CMS surface mapper: extract routes, controllers, middleware, CLI/cron entrypoints for Laravel/Symfony/Slim/WordPress/Drupal/Magento. | SCANNER-ANALYZERS-PHP-27-005 | | | SCANNER-ANALYZERS-PHP-27-007 | TODO | | SPRINT_133_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Container & extension detector: parse php.ini/conf.d, map extensions to .so/.dll, collect web server/FPM settings, upload limits, disable_functions. | SCANNER-ANALYZERS-PHP-27-006 | | | SCANNER-ANALYZERS-PHP-27-008 | TODO | | SPRINT_134_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Produce AOC-compliant observations: entrypoints, packages, extensions, modules, edges (require/autoload), capabilities, routes, configs. | SCANNER-ANALYZERS-PHP-27-002 | | | SCANNER-ANALYZERS-PHP-27-009 | TODO | | SPRINT_134_scanner_surface | PHP Analyzer Guild, QA Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Fixture suite + performance benchmarks (Laravel, Symfony, WordPress, legacy, PHAR, container) with golden outputs. | SCANNER-ANALYZERS-PHP-27-007 | | | SCANNER-ANALYZERS-PHP-27-010 | TODO | | SPRINT_134_scanner_surface | PHP Analyzer Guild, Signals Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Optional runtime evidence hooks (if provided) to ingest audit logs or opcode cache stats with path hashing. | SCANNER-ANALYZERS-PHP-27-009 | | | SCANNER-ANALYZERS-PHP-27-011 | TODO | | SPRINT_134_scanner_surface | PHP Analyzer Guild, DevOps Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Package analyzer plug-in, add CLI (`stella php inspect`), refresh Offline Kit documentation. | SCANNER-ANALYZERS-PHP-27-010 | | | SCANNER-ANALYZERS-PHP-27-012 | TODO | | SPRINT_134_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Policy signal emitter: extension requirements/presence, dangerous constructs counters, stream wrapper usage, capability summaries. | SCANNER-ANALYZERS-PHP-27-011 | | | SCANNER-ANALYZERS-PYTHON-23-001 | TODO | | SPRINT_134_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Build input normalizer & virtual filesystem for wheels, sdists, editable installs, zipapps, site-packages trees, and container roots. Detect Python version targets (`pyproject.toml`, `runtime.txt`, Dockerfile) + virtualenv layout deterministically. | | | | SCANNER-ANALYZERS-PYTHON-23-002 | TODO | | SPRINT_134_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Entrypoint discovery: module `__main__`, console_scripts entry points, `scripts`, zipapp main, `manage.py`/gunicorn/celery patterns. Capture invocation context (module vs package, argv wrappers). | SCANNER-ANALYZERS-PYTHON-23-001 | | | SCANNER-ANALYZERS-PYTHON-23-003 | TODO | | SPRINT_134_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Static import graph builder using AST and bytecode fallback. Support `import`, `from ... import`, relative imports, `importlib.import_module`, `__import__` with literal args, `pkgutil.extend_path`. | SCANNER-ANALYZERS-PYTHON-23-002 | | | SCANNER-ANALYZERS-PYTHON-23-004 | TODO | | SPRINT_134_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Python resolver engine (importlib semantics) handling namespace packages (PEP 420), package discovery order, `.pth` files, `sys.path` composition, zipimport, and site-packages precedence across virtualenv/container roots. | SCANNER-ANALYZERS-PYTHON-23-003 | | | SCANNER-ANALYZERS-PYTHON-23-005 | TODO | | SPRINT_134_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Packaging adapters: pip editable (`.egg-link`), Poetry/Flit layout, Conda prefix, `.dist-info/RECORD` cross-check, container layer overlays. | SCANNER-ANALYZERS-PYTHON-23-004 | | | SCANNER-ANALYZERS-PYTHON-23-006 | TODO | | SPRINT_134_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Detect native extensions (`*.so`, `*.pyd`), CFFI modules, ctypes loaders, embedded WASM, and runtime capability signals (subprocess, multiprocessing, ctypes, eval). | SCANNER-ANALYZERS-PYTHON-23-005 | | | SCANNER-ANALYZERS-PYTHON-23-007 | TODO | | SPRINT_134_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Framework/config heuristics: Django, Flask, FastAPI, Celery, AWS Lambda handlers, Gunicorn, Click/Typer CLIs, logging configs, pyproject optional dependencies. Tagged as hints only. | SCANNER-ANALYZERS-PYTHON-23-006 | | | SCANNER-ANALYZERS-PYTHON-23-008 | TODO | | SPRINT_134_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Produce AOC-compliant observations: entrypoints, components (modules/packages/native), edges (import, namespace, dynamic-hint, native-extension) with reason codes/confidence and resolver traces. | SCANNER-ANALYZERS-PYTHON-23-007 | | | SCANNER-ANALYZERS-PYTHON-23-009 | TODO | | SPRINT_134_scanner_surface | Python Analyzer Guild, QA Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Fixture suite + perf benchmarks covering virtualenv, namespace packages, zipapp, editable installs, containers, lambda handler. | SCANNER-ANALYZERS-PYTHON-23-008 | | | SCANNER-ANALYZERS-PYTHON-23-010 | TODO | | SPRINT_134_scanner_surface | Python Analyzer Guild, Signals Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Optional runtime evidence: import hook capturing module load events with path scrubbing, optional bytecode instrumentation for `importlib` hooks, multiprocessing tracer. | SCANNER-ANALYZERS-PYTHON-23-009 | | | SCANNER-ANALYZERS-PYTHON-23-011 | TODO | | SPRINT_134_scanner_surface | Python Analyzer Guild, DevOps Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Package analyzer plug-in, add CLI commands (`stella python inspect`), refresh Offline Kit documentation. | SCANNER-ANALYZERS-PYTHON-23-010 | | | SCANNER-ANALYZERS-PYTHON-23-012 | TODO | | SPRINT_135_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Container/zipapp adapter enhancements: parse OCI layers for Python runtime, detect `PYTHONPATH`/`PYTHONHOME` env, record warnings for sitecustomize/startup hooks. | SCANNER-ANALYZERS-PYTHON-23-011 | | | SCANNER-ANALYZERS-RUBY-28-001 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Build input normalizer & VFS for Ruby projects: merge source trees, Gemfile/Gemfile.lock, vendor/bundle, .gem archives, `.bundle/config`, Rack configs, containers. Detect framework/job fingerprints deterministically. | | | | SCANNER-ANALYZERS-RUBY-28-002 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Gem & Bundler analyzer: parse Gemfile/Gemfile.lock, vendor specs, .gem archives, produce package nodes (PURLs), dependency edges, bin scripts, Bundler group metadata. | SCANNER-ANALYZERS-RUBY-28-001 | | | SCANNER-ANALYZERS-RUBY-28-003 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Require/autoload graph builder: resolve static/dynamic require, require_relative, load; infer Zeitwerk autoload paths and Rack boot chain. | SCANNER-ANALYZERS-RUBY-28-002 | | | SCANNER-ANALYZERS-RUBY-28-004 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Framework surface mapper: extract routes/controllers/middleware for Rails/Rack/Sinatra/Grape/Hanami; inventory jobs/schedulers (Sidekiq, Resque, ActiveJob, whenever, clockwork). | SCANNER-ANALYZERS-RUBY-28-003 | | | SCANNER-ANALYZERS-RUBY-28-005 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Capability analyzer: detect os-exec, filesystem, network, serialization, crypto, DB usage, TLS posture, dynamic eval; record evidence snippets with file/line. | SCANNER-ANALYZERS-RUBY-28-004 | | | SCANNER-ANALYZERS-RUBY-28-006 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Rake task & scheduler analyzer: parse Rakefiles/lib/tasks, capture task names/prereqs/shell commands; parse Sidekiq/whenever/clockwork configs into schedules. | SCANNER-ANALYZERS-RUBY-28-005 | | | SCANNER-ANALYZERS-RUBY-28-007 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Container/runtime scanner: detect Ruby version, installed gems, native extensions, web server configs in OCI layers. | SCANNER-ANALYZERS-RUBY-28-006 | | | SCANNER-ANALYZERS-RUBY-28-008 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Produce AOC-compliant observations: entrypoints, packages, modules, edges (require/autoload), routes, jobs, tasks, capabilities, configs, warnings. | SCANNER-ANALYZERS-RUBY-28-007 | | | SCANNER-ANALYZERS-RUBY-28-009 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild, QA Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Fixture suite + performance benchmarks (Rails, Rack, Sinatra, Sidekiq, legacy, .gem, container) with golden outputs. | SCANNER-ANALYZERS-RUBY-28-008 | | | SCANNER-ANALYZERS-RUBY-28-010 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild, Signals Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Optional runtime evidence integration (if provided logs/metrics) with path hashing, without altering static precedence. | SCANNER-ANALYZERS-RUBY-28-009 | | | SCANNER-ANALYZERS-RUBY-28-011 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild, DevOps Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Package analyzer plug-in, add CLI (`stella ruby inspect`), refresh Offline Kit documentation. | SCANNER-ANALYZERS-RUBY-28-010 | | | SCANNER-ANALYZERS-RUBY-28-012 | TODO | | SPRINT_135_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Policy signal emitter: rubygems drift, native extension flags, dangerous constructs counts, TLS verify posture, dynamic require eval warnings. | SCANNER-ANALYZERS-RUBY-28-011 | | | SCANNER-BENCH-62-002 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild, Product Guild (docs) | | | | | | SCANNER-BENCH-62-003 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild, Product Guild (docs) | | | | | | SCANNER-BENCH-62-004 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild, Java Analyzer Guild (docs) | | | | | | SCANNER-BENCH-62-005 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild, Go Analyzer Guild (docs) | | | | | | SCANNER-BENCH-62-006 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild, Rust Analyzer Guild (docs) | | | | | | SCANNER-BENCH-62-008 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild, EntryTrace Guild (docs) | | | | | | SCANNER-BENCH-62-009 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild, Policy Guild (docs) | | | | | | SCANNER-CLI-0001 | DONE | 2025-11-10 | SPRINT_138_scanner_ruby_parity | CLI Guild, Ruby Analyzer Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Coordinate CLI UX/help text for new Ruby verbs and update CLI docs/golden outputs. | SCANNER-ENG-0019 | | | SCANNER-DET-01 | DOING | 2025-11-09 | SPRINT_301_docs_tasks_md_i | Docs Guild · Scanner Guild | | | | | | SCANNER-DOCS-0003 | TODO | | SPRINT_327_docs_modules_scanner | Docs Guild, Product Guild (docs/modules/scanner) | docs/modules/scanner | Gather Windows/macOS analyzer demand signals and record findings in `docs/benchmarks/scanner/windows-macos-demand.md` for marketing + product readiness. | | | | SCANNER-EMIT-15-001 | TODO | | SPRINT_136_scanner_surface | Scanner Emit Guild (src/Scanner/__Libraries/StellaOps.Scanner.Emit) | src/Scanner/__Libraries/StellaOps.Scanner.Emit | Enforce canonical JSON (`stella.contentHash`, Merkle root metadata, zero timestamps) for fragments and composed CycloneDX inventory/usage BOMs. Documented in `docs/modules/scanner/deterministic-sbom-compose.md` §2.2. | SCANNER-SURFACE-04 | | | SCANNER-ENG-0001 | TODO | | SPRINT_327_docs_modules_scanner | Module Team (docs/modules/scanner) | docs/modules/scanner | Cross-check implementation plan milestones against `/docs/implplan/SPRINT_*.md` and update module readiness checkpoints. | | | | SCANNER-ENG-0002 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Scanner Guild, CLI Guild (docs/modules/scanner) | docs/modules/scanner | Design the Node.js lockfile collector + CLI validator per `docs/benchmarks/scanner/scanning-gaps-stella-misses-from-competitors.md`, capturing Surface + policy requirements before implementation. | | | | SCANNER-ENG-0003 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Python Analyzer Guild, CLI Guild (docs/modules/scanner) | docs/modules/scanner | Design Python lockfile + editable-install parity checks with policy predicates and CLI workflow coverage as outlined in the gap analysis. | | | | SCANNER-ENG-0004 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Java Analyzer Guild, CLI Guild (docs/modules/scanner) | docs/modules/scanner | Design Java lockfile ingestion/validation (Gradle/SBT collectors, CLI verb, policy hooks) to close comparison gaps. | | | | SCANNER-ENG-0005 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Go Analyzer Guild (docs/modules/scanner) | docs/modules/scanner | Enhance Go stripped-binary fallback inference design, including inferred module metadata + policy integration, per the gap analysis. | | | | SCANNER-ENG-0006 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Rust Analyzer Guild (docs/modules/scanner) | docs/modules/scanner | Expand Rust fingerprint coverage design (enriched fingerprint catalogue + policy controls) per the comparison matrix. | | | | SCANNER-ENG-0007 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Scanner Guild, Policy Guild (docs/modules/scanner) | docs/modules/scanner | Design the deterministic secret leak detection pipeline covering rule packaging, Policy Engine integration, and CLI workflow. | | | | SCANNER-ENG-0008 | TODO | | SPRINT_138_scanner_ruby_parity | EntryTrace Guild, QA Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace) | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | Maintain EntryTrace heuristic cadence per `docs/benchmarks/scanner/scanning-gaps-stella-misses-from-competitors.md`, including quarterly pattern reviews + explain-trace updates. | | | | SCANNER-ENG-0009 | DONE | 2025-11-13 | SPRINT_138_scanner_ruby_parity | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Ruby analyzer parity shipped: runtime graph + capability signals, observation payload, Mongo-backed `ruby.packages` inventory, CLI/WebService surfaces, and plugin manifest bundles for Worker loadout. | SCANNER-ANALYZERS-RUBY-28-001..012 | | | SCANNER-ENG-0010 | TODO | | SPRINT_138_scanner_ruby_parity | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Ship the PHP analyzer pipeline (composer lock, autoload graph, capability signals) to close comparison gaps. | SCANNER-ANALYZERS-PHP-27-001 | | | SCANNER-ENG-0011 | TODO | | SPRINT_138_scanner_ruby_parity | Language Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Scope the Deno runtime analyzer (lockfile resolver, import graphs) based on competitor techniques to extend beyond Sprint 130 coverage. | | | | SCANNER-ENG-0012 | TODO | | SPRINT_138_scanner_ruby_parity | Language Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Dart) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Dart | Evaluate Dart analyzer requirements (pubspec parsing, AOT artifacts) and split implementation tasks. | | | | SCANNER-ENG-0013 | TODO | | SPRINT_138_scanner_ruby_parity | Swift Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Swift) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Swift | Plan Swift Package Manager coverage (Package.resolved, xcframeworks, runtime hints) with policy hooks. | | | | SCANNER-ENG-0014 | TODO | | SPRINT_138_scanner_ruby_parity | Runtime Guild, Zastava Guild (docs/modules/scanner) | docs/modules/scanner | Align Kubernetes/VM target coverage between Scanner and Zastava per comparison findings; publish joint roadmap. | | | | SCANNER-ENG-0015 | DONE | 2025-11-13 | SPRINT_138_scanner_ruby_parity | Export Center Guild, Scanner Guild (docs/modules/scanner) | docs/modules/scanner | DSSE/Rekor operator playbook published (`docs/modules/scanner/operations/dsse-rekor-operator-guide.md`) with config/env tables, rollout phases, runbook snippets, offline verification steps, and SLA/alert guidance. | | | | SCANNER-ENG-0016 | DONE | 2025-11-10 | SPRINT_138_scanner_ruby_parity | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | RubyLockCollector and vendor ingestion finalized: Bundler config overrides honoured, workspace lockfiles merged, vendor bundles normalised, and deterministic fixtures added. | SCANNER-ENG-0009 | | | SCANNER-ENG-0017 | DONE | 2025-11-09 | SPRINT_138_scanner_ruby_parity | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Build the runtime require/autoload graph builder with tree-sitter Ruby per design §4.4 and integrate EntryTrace hints. | SCANNER-ENG-0016 | | | SCANNER-ENG-0018 | DONE | 2025-11-09 | SPRINT_138_scanner_ruby_parity | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Emit Ruby capability + framework surface signals as defined in design §4.5 with policy predicate hooks. | SCANNER-ENG-0017 | | | SCANNER-ENG-0019 | DONE | 2025-11-13 | SPRINT_138_scanner_ruby_parity | Ruby Analyzer Guild, CLI Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Ruby CLI verbs now resolve inventories by scan ID, digest, or image reference; Scanner.WebService fallbacks + CLI client encoding ensure `--image` works for both digests and tagged references, and tests cover the new lookup flow. | SCANNER-ENG-0016..0018 | | | SCANNER-ENG-0020 | TODO | | SPRINT_136_scanner_surface | Scanner Guild (docs/modules/scanner) | docs/modules/scanner | Implement Homebrew collector & fragment mapper per `design/macos-analyzer.md` §3.1. | | | | SCANNER-ENG-0021 | TODO | | SPRINT_136_scanner_surface | Scanner Guild (docs/modules/scanner) | docs/modules/scanner | Implement pkgutil receipt collector per `design/macos-analyzer.md` §3.2. | | | | SCANNER-ENG-0022 | TODO | | SPRINT_136_scanner_surface | Scanner Guild, Policy Guild (docs/modules/scanner) | docs/modules/scanner | Implement macOS bundle inspector & capability overlays per `design/macos-analyzer.md` §3.3. | | | | SCANNER-ENG-0023 | TODO | | SPRINT_136_scanner_surface | Scanner Guild, Offline Kit Guild, Policy Guild (docs/modules/scanner) | docs/modules/scanner | Deliver macOS policy/offline integration per `design/macos-analyzer.md` §5–6. | | | | SCANNER-ENG-0024 | TODO | | SPRINT_136_scanner_surface | Scanner Guild (docs/modules/scanner) | docs/modules/scanner | Implement Windows MSI collector per `design/windows-analyzer.md` §3.1. | | | | SCANNER-ENG-0025 | TODO | | SPRINT_136_scanner_surface | Scanner Guild (docs/modules/scanner) | docs/modules/scanner | Implement WinSxS manifest collector per `design/windows-analyzer.md` §3.2. | | | | SCANNER-ENG-0026 | TODO | | SPRINT_136_scanner_surface | Scanner Guild (docs/modules/scanner) | docs/modules/scanner | Implement Windows Chocolatey & registry collectors per `design/windows-analyzer.md` §3.3–3.4. | | | | SCANNER-ENG-0027 | TODO | | SPRINT_136_scanner_surface | Scanner Guild, Policy Guild, Offline Kit Guild (docs/modules/scanner) | docs/modules/scanner | Deliver Windows policy/offline integration per `design/windows-analyzer.md` §5–6. | | | | SCANNER-ENTRYTRACE-18-502 | TODO | | SPRINT_135_scanner_surface | EntryTrace Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace) | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | Expand chain walker with init shim/user-switch/supervisor recognition plus env/workdir accumulation and guarded edges. | SCANNER-ENTRYTRACE-18-508 | | | SCANNER-ENTRYTRACE-18-503 | TODO | | SPRINT_135_scanner_surface | EntryTrace Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace) | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | Introduce target classifier + EntryPlan handoff with confidence scoring for ELF/Java/.NET/Node/Python and user/workdir context. | SCANNER-ENTRYTRACE-18-502 | | | SCANNER-ENTRYTRACE-18-504 | TODO | | SPRINT_136_scanner_surface | EntryTrace Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace) | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | Emit EntryTrace AOC NDJSON (`entrytrace.entry/node/edge/target/warning/capability`) and wire CLI/service streaming outputs. | SCANNER-ENTRYTRACE-18-503 | | | SCANNER-ENTRYTRACE-18-505 | TODO | | SPRINT_136_scanner_surface | EntryTrace Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace) | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | Implement process-tree replay (ProcGraph) to reconcile `/proc` exec chains with static EntryTrace results, collapsing wrappers and emitting agreement/conflict diagnostics. | SCANNER-ENTRYTRACE-18-504 | | | SCANNER-ENTRYTRACE-18-506 | TODO | | SPRINT_136_scanner_surface | EntryTrace Guild, Scanner WebService Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace) | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | Surface EntryTrace graph + confidence via Scanner.WebService and CLI, including target summary in scan reports and policy payloads. | SCANNER-ENTRYTRACE-18-505 | SCSS0102 | | SCANNER-ENV-01 | TODO (2025-11-06) | 2025-11-06 | SPRINT_136_scanner_surface | Scanner Worker Guild | src/Scanner/StellaOps.Scanner.Worker | Replace ad-hoc environment reads with `StellaOps.Scanner.Surface.Env` helpers for cache roots and CAS endpoints. | — | SCDE0101 | | SCANNER-ENV-02 | TODO (2025-11-06) | 2025-11-06 | SPRINT_136_scanner_surface | Scanner WebService Guild · Ops Guild | src/Scanner/StellaOps.Scanner.WebService | Wire Surface.Env helpers into WebService hosting (cache roots, feature flags) and document configuration. | SCANNER-ENV-01 | SCDE0102 | | SCANNER-ENV-03 | TODO | | SPRINT_136_scanner_surface | BuildX Plugin Guild | src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin | Adopt Surface.Env helpers for plugin configuration (cache roots, CAS endpoints, feature toggles). | SCANNER-ENV-02 | SCBX0101 | | SCANNER-EVENTS-16-301 | BLOCKED (2025-10-26) | 2025-10-26 | SPRINT_136_scanner_surface | Scanner WebService Guild (`src/Scanner/StellaOps.Scanner.WebService`) | src/Scanner/StellaOps.Scanner.WebService | Emit orchestrator-compatible envelopes (`scanner.event.*`) and update integration tests to verify Notifier ingestion (no Redis queue coupling). | EVENTS-16-301 | SCEV0101 | | SCANNER-GRAPH-21-001 | TODO | | SPRINT_136_scanner_surface | Scanner WebService Guild, Cartographer Guild (src/Scanner/StellaOps.Scanner.WebService) | src/Scanner/StellaOps.Scanner.WebService | Provide webhook/REST endpoint for Cartographer to request policy overlays and runtime evidence for graph nodes, ensuring determinism and tenant scoping. | | | | SCANNER-LIC-0001 | DONE | 2025-11-10 | SPRINT_138_scanner_ruby_parity | Scanner Guild, Legal Guild (docs/modules/scanner) | docs/modules/scanner | Tree-sitter licensing captured, `NOTICE.md` updated, and Offline Kit now mirrors `third-party-licenses/` with ruby artifacts. | SCANNER-ENG-0016 | | | SCANNER-LNM-21-001 | TODO | | SPRINT_136_scanner_surface | Scanner WebService Guild, Policy Guild (src/Scanner/StellaOps.Scanner.WebService) | src/Scanner/StellaOps.Scanner.WebService | Update `/reports` and `/policy/runtime` payloads to consume advisory/vex linksets, exposing source severity arrays and conflict summaries alongside effective verdicts. | | | | SCANNER-LNM-21-002 | TODO | | SPRINT_136_scanner_surface | Scanner WebService Guild, UI Guild (src/Scanner/StellaOps.Scanner.WebService) | src/Scanner/StellaOps.Scanner.WebService | Add evidence endpoint for Console to fetch linkset summaries with policy overlay for a component/SBOM, including AOC references. | SCANNER-LNM-21-001 | | | SCANNER-NATIVE-401-015 | TODO | | SPRINT_401_reachability_evidence_chain | Scanner Worker Guild | `src/Scanner/__Libraries/StellaOps.Scanner.Symbols.Native`, `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph.Native` | Stand up `StellaOps.Scanner.Symbols.Native` + `StellaOps.Scanner.CallGraph.Native` (ELF/PE readers, demanglers, probabilistic carving) and publish `FuncNode`/`CallEdge` CAS bundles consumed by reachability graphs. | Requires CAS schema approval from GAPG0101 | SCNA0101 | | SCANNER-OPS-0001 | TODO | | SPRINT_327_docs_modules_scanner | Ops Guild (docs/modules/scanner) | docs/modules/scanner | Review scanner runbooks/observability assets after the next sprint demo and capture findings inline with sprint notes. | | | | SCANNER-POLICY-0001 | DONE | 2025-11-10 | SPRINT_138_scanner_ruby_parity | Policy Guild, Ruby Analyzer Guild (docs/modules/scanner) | docs/modules/scanner | Ruby predicates shipped: Policy Engine exposes `sbom.any_component` + `ruby.*`, tests updated, DSL/offline-kit docs refreshed. | SCANNER-ENG-0018 | | | SCANNER-SECRETS-03 | TODO | | SPRINT_136_scanner_surface | BuildX Plugin Guild, Security Guild (src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin) | src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin | Use Surface.Secrets to retrieve registry credentials when interacting with CAS/referrers. | SCANNER-SECRETS-02 | | | SCANNER-SORT-02 | TODO | | SPRINT_136_scanner_surface | Scanner Core Guild (src/Scanner/__Libraries/StellaOps.Scanner.Core) | src/Scanner/__Libraries/StellaOps.Scanner.Core | Sort layer fragments by digest and components by `identity.purl`/`identity.key` before composition; add determinism regression tests. | SCANNER-EMIT-15-001 | | | SCANNER-SURFACE-04 | TODO | | SPRINT_136_scanner_surface | Scanner Worker Guild (src/Scanner/StellaOps.Scanner.Worker) | src/Scanner/StellaOps.Scanner.Worker | DSSE-sign every `layer.fragments` payload, emit `_composition.json`, and persist DSSE envelopes so offline kits can replay deterministically (see `docs/modules/scanner/deterministic-sbom-compose.md` §2.1). | SCANNER-SURFACE-01; SURFACE-FS-03 | | | SCHED-IMPACT-16-303 | TODO | | SPRINT_155_scheduler_i | Scheduler ImpactIndex Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.ImpactIndex) | src/Scheduler/__Libraries/StellaOps.Scheduler.ImpactIndex | Snapshot/compaction + invalidation for removed images; persistence to RocksDB/Redis per architecture. | | | | SCHED-SURFACE-01 | TODO | | SPRINT_155_scheduler_i | Scheduler Worker Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Evaluate Surface.FS pointers when planning delta scans to avoid redundant work and prioritise drift-triggered assets. | | | | SCHED-SURFACE-02 | TODO | | SPRINT_136_scanner_surface | Scheduler Worker Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Integrate Scheduler worker prefetch using Surface manifest reader and persist manifest pointers with rerun plans. | SURFACE-FS-02; SCHED-SURFACE-01 | | | SCHED-VULN-29-001 | TODO | | SPRINT_155_scheduler_i | Scheduler WebService Guild, Findings Ledger Guild (src/Scheduler/StellaOps.Scheduler.WebService) | src/Scheduler/StellaOps.Scheduler.WebService | Expose resolver job APIs (`POST /vuln/resolver/jobs`, `GET /vuln/resolver/jobs/{id}`) to trigger candidate recomputation per artifact/policy change with RBAC and rate limits. | | | | SCHED-VULN-29-002 | TODO | | SPRINT_155_scheduler_i | Scheduler WebService Guild, Observability Guild (src/Scheduler/StellaOps.Scheduler.WebService) | src/Scheduler/StellaOps.Scheduler.WebService | Provide projector lag metrics endpoint and webhook notifications for backlog breaches consumed by DevOps dashboards. Dependencies: SCHED-VULN-29-001. | | | | SCHED-WEB-20-002 | BLOCKED | | SPRINT_155_scheduler_i | Scheduler WebService Guild (src/Scheduler/StellaOps.Scheduler.WebService) | src/Scheduler/StellaOps.Scheduler.WebService | Provide simulation trigger endpoint returning diff preview metadata and job state for UI/CLI consumption. | | | | SCHED-WORKER-21-203 | TODO | | SPRINT_155_scheduler_i | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Export metrics (`graph_build_seconds`, `graph_jobs_inflight`, `overlay_lag_seconds`) and structured logs with tenant/graph identifiers. | | | | SCHED-WORKER-23-101 | TODO | | SPRINT_155_scheduler_i | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Implement policy re-evaluation worker that shards assets, honours rate limits, and updates progress for Console after policy activation events. Dependencies: SCHED-WORKER-21-203. | | | | SCHED-WORKER-23-102 | TODO | | SPRINT_155_scheduler_i | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Add reconciliation job ensuring re-eval completion within SLA, emitting alerts on backlog and persisting status to `policy_runs`. Dependencies: SCHED-WORKER-23-101. | | | | SCHED-WORKER-25-101 | TODO | | SPRINT_155_scheduler_i | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Implement exception lifecycle worker handling auto-activation/expiry and publishing `exception.*` events with retries/backoff. Dependencies: SCHED-WORKER-23-102. | | | | SCHED-WORKER-25-102 | TODO | | SPRINT_155_scheduler_i | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Add expiring notification job generating digests, marking `expiring` state, updating metrics/alerts. Dependencies: SCHED-WORKER-25-101. | | | | SCHED-WORKER-26-201 | TODO | | SPRINT_155_scheduler_i | Scheduler Worker Guild, Signals Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Build reachability joiner worker that combines SBOM snapshots with signals, writes cached facts, and schedules updates on new events. Dependencies: SCHED-WORKER-25-102. | | | | SCHED-WORKER-26-202 | TODO | | SPRINT_156_scheduler_ii | Scheduler Worker Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Implement staleness monitor + notifier for outdated reachability facts, publishing warnings and updating dashboards. Dependencies: SCHED-WORKER-26-201. | | | | SCHED-WORKER-27-301 | TODO | | SPRINT_156_scheduler_ii | Scheduler Worker Guild, Policy Registry Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Implement policy batch simulation worker: shard SBOM inventories, invoke Policy Engine, emit partial results, handle retries/backoff, and publish progress events. Dependencies: SCHED-WORKER-26-202. | | | | SCHED-WORKER-27-302 | TODO | | SPRINT_156_scheduler_ii | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Build reducer job aggregating shard outputs into final manifests (counts, deltas, samples) and writing to object storage with checksums; emit completion events. Dependencies: SCHED-WORKER-27-301. | | | | SCHED-WORKER-27-303 | TODO | | SPRINT_156_scheduler_ii | Scheduler Worker Guild, Security Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Enforce tenant isolation, scope checks, and attestation integration for simulation jobs; secret scanning pipeline for uploaded policy sources. Dependencies: SCHED-WORKER-27-302. | | | | SCHED-WORKER-29-001 | TODO | | SPRINT_156_scheduler_ii | Scheduler Worker Guild, Findings Ledger Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Implement resolver worker generating candidate findings from inventory + advisory evidence, respecting ecosystem version semantics and path scope; emit jobs for policy evaluation. Dependencies: SCHED-WORKER-27-303. | | | | SCHED-WORKER-29-002 | TODO | | SPRINT_156_scheduler_ii | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Build evaluation orchestration worker invoking Policy Engine batch eval, writing results to Findings Ledger projector queue, and handling retries/backoff. Dependencies: SCHED-WORKER-29-001. | | | | SCHED-WORKER-29-003 | TODO | | SPRINT_156_scheduler_ii | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Add monitoring for resolver/evaluation backlog, SLA breaches, and export job queue; expose metrics/alerts feeding DevOps dashboards. Dependencies: SCHED-WORKER-29-002. | | | | SCHED-WORKER-CONSOLE-23-201 | TODO | | SPRINT_156_scheduler_ii | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Stream run progress events (stage status, tuples processed, SLA hints) to Redis/NATS for Console SSE, with heartbeat, dedupe, and retention policy. Publish metrics + structured logs for queue lag. | | | | SCHED-WORKER-CONSOLE-23-202 | TODO | | SPRINT_156_scheduler_ii | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Coordinate evidence bundle jobs (enqueue, track status, cleanup) and expose job manifests to Web gateway; ensure idempotent reruns and cancellation support. Dependencies: SCHED-WORKER-CONSOLE-23-201. | | | | SCHEDULER-DOCS-0001 | TODO | | SPRINT_328_docs_modules_scheduler | Docs Guild (docs/modules/scheduler) | docs/modules/scheduler | See ./AGENTS.md | | | | SCHEDULER-ENG-0001 | TODO | | SPRINT_328_docs_modules_scheduler | Module Team (docs/modules/scheduler) | docs/modules/scheduler | Update status via ./AGENTS.md workflow | | | | SCHEDULER-OPS-0001 | TODO | | SPRINT_328_docs_modules_scheduler | Ops Guild (docs/modules/scheduler) | docs/modules/scheduler | Sync outcomes back to ../.. | | | | SCHEMA-401-024 | TODO | | SPRINT_401_reachability_evidence_chain | Signals Guild (`src/Signals/StellaOps.Signals`, `docs/uncertainty/README.md`) | `src/Signals/StellaOps.Signals`, `docs/uncertainty/README.md` | | | | | SCORER-401-025 | TODO | | SPRINT_401_reachability_evidence_chain | Signals Guild (`src/Signals/StellaOps.Signals.Application`, `docs/uncertainty/README.md`) | `src/Signals/StellaOps.Signals.Application`, `docs/uncertainty/README.md` | | | | | SCORING-401-003 | TODO | | SPRINT_401_reachability_evidence_chain | Signals Guild (`src/Signals/StellaOps.Signals`) | `src/Signals/StellaOps.Signals` | | | | | SDK-62-001 | TODO | | SPRINT_204_cli_iv | DevEx/CLI Guild, SDK Generator Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | | | SDK-62-002 | TODO | | SPRINT_204_cli_iv | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | | | SDK-63-001 | TODO | | SPRINT_204_cli_iv | DevEx/CLI Guild, API Governance Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | | | SDK-64-001 | TODO | | SPRINT_204_cli_iv | DevEx/CLI Guild, SDK Release Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | | | SDKGEN-62-001 | TODO | | SPRINT_208_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | Choose/pin generator toolchain, set up language template pipeline, and enforce reproducible builds. | DEVL0101 portal contracts | SDKG0101 | | SDKGEN-62-002 | TODO | | SPRINT_208_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | Implement shared post-processing (auth helpers, retries, pagination utilities, telemetry hooks) applied to all languages. Dependencies: SDKGEN-62-001. | SDKGEN-62-001 | SDKG0101 | | SDKGEN-63-001 | TODO | | SPRINT_208_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | Ship TypeScript SDK alpha with ESM/CJS builds, typed errors, paginator, streaming helpers. Dependencies: SDKGEN-62-002. | 63-004 | SDKG0101 | | SDKGEN-63-002 | TODO | | SPRINT_208_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | Ship Python SDK alpha (sync/async clients, type hints, upload/download helpers). Dependencies: SDKGEN-63-001. | SDKGEN-63-001 | SDKG0101 | | SDKGEN-63-003 | TODO | | SPRINT_208_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | Ship Go SDK alpha with context-first API and streaming helpers. Dependencies: SDKGEN-63-002. | SDKGEN-63-002 | SDKG0101 | | SDKGEN-63-004 | TODO | | SPRINT_208_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | Ship Java SDK alpha (builder pattern, HTTP client abstraction). Dependencies: SDKGEN-63-003. | SDKGEN-63-003 | SDKG0101 | | SDKGEN-64-001 | TODO | | SPRINT_208_sdk | SDK Generator Guild · CLI Guild | src/Sdk/StellaOps.Sdk.Generator | Switch CLI to consume TS or Go SDK; ensure parity. Dependencies: SDKGEN-63-004. | SDKGEN-63-004 | SDKG0101 | | SDKGEN-64-002 | TODO | | SPRINT_208_sdk | SDK Generator Guild · Console Guild | src/Sdk/StellaOps.Sdk.Generator | Integrate SDKs into Console data providers where feasible. Dependencies: SDKGEN-64-001. | SDKGEN-64-001 | SDKG0101 | | SDKREL-63-001 | TODO | | SPRINT_208_sdk | SDK Release Guild (src/Sdk/StellaOps.Sdk.Release) | src/Sdk/StellaOps.Sdk.Release | Configure CI pipelines for npm, PyPI, Maven Central staging, and Go proxies with signing and provenance attestations. | | | | SDKREL-63-002 | TODO | | SPRINT_208_sdk | SDK Release Guild, API Governance Guild (src/Sdk/StellaOps.Sdk.Release) | src/Sdk/StellaOps.Sdk.Release | Integrate changelog automation pulling from OAS diffs and generator metadata. Dependencies: SDKREL-63-001. | | | | SDKREL-64-001 | TODO | | SPRINT_208_sdk | SDK Release Guild, Notifications Guild (src/Sdk/StellaOps.Sdk.Release) | src/Sdk/StellaOps.Sdk.Release | Hook SDK releases into Notifications Studio with scoped announcements and RSS/Atom feeds. Dependencies: SDKREL-63-002. | | | | SDKREL-64-002 | TODO | | SPRINT_208_sdk | SDK Release Guild, Export Center Guild (src/Sdk/StellaOps.Sdk.Release) | src/Sdk/StellaOps.Sdk.Release | Add `devportal --offline` bundle job packaging docs, specs, SDK artifacts for air-gapped users. Dependencies: SDKREL-64-001. | | | | SEC-62-001 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild, Authority Core (docs) | | | | | | SEC-CRYPTO-90-001 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Produce the RootPack_RU implementation plan, provider strategy (CryptoPro + PKCS#11), and backlog split for sovereign crypto work. | | | | SEC-CRYPTO-90-002 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Extend signature/catalog constants and configuration schema to recognize `GOST12-256/512`, regional crypto profiles, and provider preference ordering. | | | | SEC-CRYPTO-90-003 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Implement `StellaOps.Cryptography.Plugin.CryptoPro` provider (sign/verify/JWK export) using CryptoPro CSP with deterministic logging/tests. | | | | SEC-CRYPTO-90-004 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Implement `StellaOps.Cryptography.Plugin.Pkcs11Gost` provider (Rutoken/JaCarta) via Pkcs11Interop with configurable slot/pin/module handling. | | | | SEC-CRYPTO-90-005 | DONE | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Add configuration-driven provider selection (`crypto.regionalProfiles`), CLI diagnostics, and telemetry. | | | | SEC-CRYPTO-90-006 | DONE | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Build deterministic Streebog/signature harnesses and RootPack audit metadata/runbooks. | | | | SEC-CRYPTO-90-007 | DONE | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Package RootPack_RU artifacts (plugins, trust anchors, configs) with deployment documentation. | | | | SEC-CRYPTO-90-008 | DONE | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Audit repository for direct crypto usage bypassing the new abstractions and file remediation tasks. | | | | SEC-CRYPTO-90-009 | DONE | 2025-11-09 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro) | src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro | Replace the placeholder CryptoPro plug-in with a true CryptoPro CSP implementation (GostCryptography, certificate-store lookup, DER/raw normalization) so RootPack_RU exposes a qualified-signature path. | | | | SEC-CRYPTO-90-010 | DONE | 2025-11-09 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography + .DependencyInjection) | src/__Libraries/StellaOps.Cryptography + .DependencyInjection | Introduce `StellaOpsCryptoOptions` / configuration binding for registry profiles/keys and ship an `AddStellaOpsCryptoRu(IConfiguration, …)` helper so hosts can enable `ru-offline` via YAML without custom code. | | | | SEC-CRYPTO-90-011 | DONE | 2025-11-09 | SPRINT_514_sovereign_crypto_enablement | Security & Ops Guilds (src/Tools/StellaOps.CryptoRu.Cli) | src/Tools/StellaOps.CryptoRu.Cli | Build the sovereign crypto CLI (`StellaOps.CryptoRu.Cli`) to list keys, perform test-sign operations, and emit determinism/audit snapshots referenced in the RootPack docs. | | | | SEC-CRYPTO-90-012 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/__Tests/StellaOps.Cryptography.Tests) | src/__Libraries/__Tests/StellaOps.Cryptography.Tests | Add CryptoPro + PKCS#11 integration tests (env/pin gated) and wire them into `scripts/crypto/run-rootpack-ru-tests.sh`, covering Streebog vectors and DER/raw signatures. | | | | SEC-CRYPTO-90-013 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Extend the shared crypto stack with sovereign symmetric algorithms (Magma/Kuznyechik) so exports/data-at-rest can request Russian ciphers via the provider registry. | | | | SEC-CRYPTO-90-014 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security + Service Guilds | | Update runtime hosts (Authority, Scanner WebService/Worker, Concelier, etc.) to register the RU providers, bind `StellaOps:Crypto` profiles, and expose configuration toggles per the new options model. | Wait for AUIN0101 approvals | CRSA0101 | | SEC-CRYPTO-90-015 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security + Docs Guild | docs/security/rootpack_ru_*.md | Refresh RootPack/validation documentation once the CLI/config/tests exist (remove TODO callouts, document final workflows). | Depends on #1 | CRSA0101 | | SEC-CRYPTO-90-016 | DONE | 2025-11-09 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography.DependencyInjection + .Plugin.CryptoPro) | src/__Libraries/StellaOps.Cryptography.DependencyInjection + .Plugin.CryptoPro | Quarantine CryptoPro dependencies by default until IT.GostCryptography is patched; add MSBuild flag `StellaOpsEnableCryptoPro` and follow-up plan to re-enable the plug-in once a safe package exists. | | | | SEC-CRYPTO-90-017 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security Guild | third_party/forks + src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro | Vendor `third_party/forks/AlexMAS.GostCryptography` into the solution build (solution filters, Directory.Build props, CI) so the library compiles with the rest of the repo and publishes artifacts for downstream consumers. | Needs third_party fork sync | CRSA0101 | | SEC-CRYPTO-90-018 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security + Docs Guild | docs/security/rootpack_ru_*.md, docs/dev/crypto.md | Update developer/RootPack documentation to describe the new fork, sync steps, and licensing so operators know where the CryptoPro sources live and how to refresh them. | Depends on #3 | CRSA0101 | | SEC-CRYPTO-90-019 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security Guild | third_party/forks/AlexMAS.GostCryptography | Patch the fork to drop vulnerable `System.Security.Cryptography.{Pkcs,Xml}` 6.0.0 dependencies (target .NET 8+, adopt fixed BCL packages, re-run tests). | Needs fork validation | CRSA0101 | | SEC-CRYPTO-90-020 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security Guild | src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro | Re-point `StellaOps.Cryptography.Plugin.CryptoPro` to the forked sources (replace NuGet package references, adjust DI wiring) and prove the plugin works end-to-end. | Depends on #5 | CRSA0101 | | SEC-CRYPTO-90-021 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security + QA Guilds | scripts/crypto/**, docs/security/rootpack_ru_validation.md | Validate the forked library + plugin on both Windows (CryptoPro CSP) and Linux (OpenSSL GOST fallback) builds/tests; document any platform-specific prerequisites. | Depends on #6 | CRSA0101 | | SEC-OBS-50-001 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild, Security Guild (docs) | | | | | | SEC2 | DONE | 2025-11-09 | SPRINT_100_identity_signing | Security Guild, Storage Guild (src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard) | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard | | | | | SEC3 | DONE | 2025-11-09 | SPRINT_100_identity_signing | Security Guild, BE-Auth Plugin (src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard) | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard | | | | | SEC5 | DONE | 2025-11-09 | SPRINT_100_identity_signing | Security Guild (src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard) | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard | | | | | SECRETS-01 | DOING | 2025-11-02 | SPRINT_136_scanner_surface | Scanner Guild, Security Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | | | | | SECRETS-02 | DOING | 2025-11-02 | SPRINT_136_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | | SURFACE-SECRETS-01 | | | SECRETS-03 | TODO | | SPRINT_136_scanner_surface | BuildX Plugin Guild · Security Guild | src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin | SCANNER-SECRETS-02 | SCANNER-SECRETS-02 | SCBX0101 | | SECRETS-04 | TODO | | SPRINT_136_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | | SURFACE-SECRETS-02 | | | SECRETS-05 | TODO | | SPRINT_136_scanner_surface | Zastava Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | | SURFACE-SECRETS-02 | | | SECRETS-06 | TODO | | SPRINT_136_scanner_surface | Ops Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | | SURFACE-SECRETS-03 | | | SERVER-401-011 | TODO | | SPRINT_401_reachability_evidence_chain | Symbols Guild (`src/Symbols/StellaOps.Symbols.Server`) | `src/Symbols/StellaOps.Symbols.Server` | | | | | SERVICE-21-001 | BLOCKED | | SPRINT_140_runtime_signals | | | | | | | SERVICE-21-002 | BLOCKED | | SPRINT_140_runtime_signals | | | | | | | SERVICE-21-003 | BLOCKED | | SPRINT_140_runtime_signals | | | | | | | SERVICE-21-004 | BLOCKED | | SPRINT_140_runtime_signals | | | | | | | SERVICE-23-001 | TODO | | SPRINT_140_runtime_signals | | | | | | | SERVICE-23-002 | TODO | | SPRINT_140_runtime_signals | | | | | | | SERVICE-DOCS-0001 | TODO | | SPRINT_326_docs_modules_registry | Docs Guild (docs/modules/registry) | docs/modules/registry | | | | | SERVICE-ENG-0001 | TODO | | SPRINT_326_docs_modules_registry | Module Team (docs/modules/registry) | docs/modules/registry | | | | | SERVICE-OPS-0001 | TODO | | SPRINT_326_docs_modules_registry | Ops Guild (docs/modules/registry) | docs/modules/registry | | | | | SIG-003 | TODO | | SPRINT_401_reachability_evidence_chain | Signals Guild (`src/Signals/StellaOps.Signals`, `docs/reachability/function-level-evidence.md`) | `src/Signals/StellaOps.Signals`, `docs/reachability/function-level-evidence.md` | | | | | SIG-26-001 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild, Signals Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | | | | | SIG-26-002 | TODO | | SPRINT_204_cli_iv | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | | | SIG-26-003 | TODO | | SPRINT_211_ui_iii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | | | | | SIG-26-004 | TODO | | SPRINT_211_ui_iii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | | | | | SIG-26-005 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild, UI Guild (docs) | | | | | | SIG-26-006 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild, DevEx/CLI Guild (docs) | | | | | | SIG-26-007 | TODO | | SPRINT_309_docs_tasks_md_ix | Docs Guild, BE-Base Platform Guild (docs) | | | | | | SIG-26-008 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild, DevOps Guild (docs) | | | | | | SIG-STORE-401-016 | TODO | | SPRINT_401_reachability_evidence_chain | Signals Guild · BE-Base Platform Guild (`src/Signals/StellaOps.Signals`, `src/__Libraries/StellaOps.Replay.Core`) | `src/Signals/StellaOps.Signals`, `src/__Libraries/StellaOps.Replay.Core` | Introduce shared reachability store collections (`func_nodes`, `call_edges`, `cve_func_hits`), indexes, and repository APIs so Scanner/Signals/Policy can reuse canonical function data. | | | | SIGN-CORE-186-004 | TODO | | SPRINT_186_record_deterministic_execution | Signing Guild | `src/Signer/StellaOps.Signer`, `src/__Libraries/StellaOps.Cryptography` | Replace the HMAC demo implementation in `StellaOps.Signer` with StellaOps.Cryptography providers (keyless + KMS), including provider selection, key material loading, and cosign-compatible DSSE signature output. | Mirrors #1 | SIGR0101 | | SIGN-CORE-186-005 | TODO | | SPRINT_186_record_deterministic_execution | Signing Guild | `src/Signer/StellaOps.Signer.Core` | Refactor `SignerStatementBuilder` to support StellaOps predicate types (e.g., `stella.ops/promotion@v1`) and delegate payload canonicalisation to the Provenance library once available. | Mirrors #2 | SIGR0101 | | SIGN-REPLAY-186-003 | TODO | | SPRINT_186_record_deterministic_execution | Signing Guild (`src/Signer/StellaOps.Signer`, `src/Authority/StellaOps.Authority`) | `src/Signer/StellaOps.Signer`, `src/Authority/StellaOps.Authority` | Extend Signer/Authority DSSE flows to cover replay manifest/bundle payload types with multi-profile support; refresh `docs/modules/signer/architecture.md` and `docs/modules/authority/architecture.md` to capture the new signing/verification path referencing `docs/replay/DETERMINISTIC_REPLAY.md` Section 5. | | | | SIGN-TEST-186-006 | TODO | | SPRINT_186_record_deterministic_execution | Signing Guild, QA Guild (`src/Signer/StellaOps.Signer.Tests`) | `src/Signer/StellaOps.Signer.Tests` | Upgrade signer integration tests to run against the real crypto abstraction and fixture predicates (promotion, SBOM, replay), replacing stub tokens/digests with deterministic test data. | | | | SIGN-VEX-401-018 | TODO | | SPRINT_401_reachability_evidence_chain | Signing Guild (`src/Signer/StellaOps.Signer`, `docs/modules/signer/architecture.md`) | `src/Signer/StellaOps.Signer`, `docs/modules/signer/architecture.md` | Extend Signer predicate catalog with `stella.ops/vexDecision@v1`, enforce payload policy, and plumb DSSE/Rekor integration for policy decisions. | | | | SIGNALS-24-001 | DONE | 2025-11-09 | SPRINT_140_runtime_signals | | | Host skeleton, RBAC, sealed-mode readiness, `/signals/facts/{subject}` retrieval, and readiness probes merged; serves as base for downstream ingestion. | | | | SIGNALS-24-002 | DOING | 2025-11-07 | SPRINT_140_runtime_signals | | | Callgraph ingestion + retrieval APIs are live, but CAS promotion and signed manifest publication remain; cannot close until reachability jobs can trust stored graphs. | | | | SIGNALS-24-003 | DOING | 2025-11-09 | SPRINT_140_runtime_signals | | | Runtime facts ingestion accepts JSON/NDJSON and gzip streams; provenance/context enrichment and NDJSON-to-AOC wiring still outstanding. | | | | SIGNALS-24-004 | BLOCKED | 2025-10-27 | SPRINT_140_runtime_signals | | 24-002/003 | Reachability scoring waits on complete ingestion feeds (24-002/003) plus Authority scope validation. | | | | SIGNALS-24-005 | BLOCKED | 2025-10-27 | SPRINT_140_runtime_signals | | | Cache + `signals.fact.updated` events depend on scoring outputs; remains idle until 24-004 unblocks. | | | | SIGNALS-REACH-201-003 | DOING | 2025-11-08 | SPRINT_400_runtime_facts_static_callgraph_union | Signals Guild (`src/Signals/StellaOps.Signals`) | `src/Signals/StellaOps.Signals` | Extend Signals ingestion to accept the new multi-language graphs + runtime facts, normalize into `reachability_graphs` CAS layout, and expose retrieval APIs for Policy/CLI. | | | | SIGNALS-REACH-201-004 | DOING | 2025-11-08 | SPRINT_400_runtime_facts_static_callgraph_union | Signals Guild · Policy Guild (`src/Signals/StellaOps.Signals`, `src/Policy/StellaOps.Policy.Engine`) | `src/Signals/StellaOps.Signals`, `src/Policy/StellaOps.Policy.Engine` | Build the reachability scoring engine (state/score/confidence), wire Redis caches + `signals.fact.updated` events, and integrate reachability weights defined in `docs/11_DATA_SCHEMAS.md`. | | | | SIGNALS-RUNTIME-401-002 | TODO | | SPRINT_401_reachability_evidence_chain | Signals Guild (`src/Signals/StellaOps.Signals`) | `src/Signals/StellaOps.Signals` | Ship `/signals/runtime-facts` ingestion for NDJSON (and gzip) batches, dedupe hits, and link runtime evidence CAS URIs to callgraph nodes. Include retention + RBAC tests. | | | | SIGNALS-SCORING-401-003 | TODO | | SPRINT_401_reachability_evidence_chain | Signals Guild (`src/Signals/StellaOps.Signals`) | `src/Signals/StellaOps.Signals` | Extend `ReachabilityScoringService` with deterministic scoring (static path +0.50, runtime hits +0.30/+0.10 sink, guard penalties, reflection penalty, floor 0.05), persist reachability labels (`reachable/conditional/unreachable`) and expose `/graphs/{scanId}` CAS lookups. | | | | SIGNER-DOCS-0001 | DONE | 2025-11-05 | SPRINT_329_docs_modules_signer | Docs Guild (docs/modules/signer) | docs/modules/signer | Validate that `docs/modules/signer/README.md` captures the latest DSSE/fulcio updates. | | | | SIGNER-ENG-0001 | TODO | | SPRINT_329_docs_modules_signer | Module Team (docs/modules/signer) | docs/modules/signer | Keep module milestones aligned with signer sprints under `/docs/implplan`. | | | | SIGNER-OPS-0001 | TODO | | SPRINT_329_docs_modules_signer | Ops Guild (docs/modules/signer) | docs/modules/signer | Review signer runbooks/observability assets after next sprint demo. | | | | SORT-02 | TODO | | SPRINT_136_scanner_surface | Scanner Core Guild (src/Scanner/__Libraries/StellaOps.Scanner.Core) | src/Scanner/__Libraries/StellaOps.Scanner.Core | | SCANNER-EMIT-15-001 | | | SOURCE---JOB-ORCHESTRATOR-DOCS-0001 | TODO | | SPRINT_323_docs_modules_orchestrator | Docs Guild (docs/modules/orchestrator) | docs/modules/orchestrator | Refresh orchestrator README + diagrams to reflect job leasing changes and reference the task runner bridge. | | | | SOURCE---JOB-ORCHESTRATOR-ENG-0001 | TODO | | SPRINT_323_docs_modules_orchestrator | Module Team (docs/modules/orchestrator) | docs/modules/orchestrator | Sync into ../.. | | | | SOURCE---JOB-ORCHESTRATOR-OPS-0001 | TODO | | SPRINT_323_docs_modules_orchestrator | Ops Guild (docs/modules/orchestrator) | docs/modules/orchestrator | Document outputs in ./README.md | | | | SPL-23-001 | TODO | | SPRINT_128_policy_reasoning | Policy Guild, Language Infrastructure Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | | | | | SPL-23-002 | TODO | | SPRINT_128_policy_reasoning | Policy Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | | POLICY-SPL-23-001 | | | SPL-23-003 | TODO | | SPRINT_128_policy_reasoning | Policy Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | | POLICY-SPL-23-002 | | | SPL-23-004 | TODO | | SPRINT_128_policy_reasoning | Policy Guild, Audit Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | | POLICY-SPL-23-003 | | | SPL-23-005 | TODO | | SPRINT_128_policy_reasoning | Policy Guild, DevEx Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | | POLICY-SPL-23-004 | | | SPL-24-001 | TODO | | SPRINT_128_policy_reasoning | Policy Guild, Signals Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | | POLICY-SPL-23-005 | | | STORE-401-016 | TODO | | SPRINT_401_reachability_evidence_chain | Signals Guild · BE-Base Platform Guild (`src/Signals/StellaOps.Signals`, `src/__Libraries/StellaOps.Replay.Core`) | `src/Signals/StellaOps.Signals`, `src/__Libraries/StellaOps.Replay.Core` | | | | | STORE-AOC-19-001 | TODO | | SPRINT_123_excititor_v | Excititor Storage Guild (src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo) | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo | | | | | STORE-AOC-19-002 | TODO | | SPRINT_123_excititor_v | Excititor Storage Guild, DevOps Guild (src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo) | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo | | | | | STORE-AOC-19-005 | TODO | 2025-11-04 | SPRINT_115_concelier_iv | Concelier Storage Guild, DevOps Guild (src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo) | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | | | | | SURFACE-01 | TODO | | SPRINT_140_runtime_signals | | | | | | | SURFACE-02 | TODO | | SPRINT_136_scanner_surface | Scheduler Worker Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | SURFACE-FS-02; SCHED-SURFACE-01 | | | SURFACE-04 | TODO | | SPRINT_136_scanner_surface | Scanner Worker Guild (src/Scanner/StellaOps.Scanner.Worker) | src/Scanner/StellaOps.Scanner.Worker | | SCANNER-SURFACE-01; SURFACE-FS-03 | | | SURFACE-ENV-01 | DONE | 2025-11-13 | SPRINT_136_scanner_surface | Scanner Guild, Zastava Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | Draft `surface-env.md` enumerating environment variables, defaults, and air-gap behaviour for Surface consumers. | — | SCSS0101 | | SURFACE-ENV-02 | DOING | 2025-11-02 | SPRINT_136_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | Implement strongly-typed env accessors with validation and deterministic logging inside `StellaOps.Scanner.Surface.Env`. | SURFACE-ENV-01 | SCSS0101 | | SURFACE-ENV-03 | TODO | | SPRINT_136_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | Adopt the env helper across Scanner Worker/WebService/BuildX plug-ins. | SURFACE-ENV-02 | | | SURFACE-ENV-04 | TODO | | SPRINT_136_scanner_surface | Zastava Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | Wire env helper into Zastava Observer/Webhook containers. | SURFACE-ENV-02 | | | SURFACE-ENV-05 | TODO | | SPRINT_136_scanner_surface | Ops Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | Update Helm/Compose/offline kit templates with new env knobs and documentation. | SURFACE-ENV-03; SURFACE-ENV-04 | | | SURFACE-FS-03 | TODO | | SPRINT_136_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | Integrate Surface.FS writer into Scanner Worker analyzer pipeline to persist layer + entry-trace fragments. | SURFACE-FS-02 | | | SURFACE-FS-04 | TODO | | SPRINT_136_scanner_surface | Zastava Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | Integrate Surface.FS reader into Zastava Observer runtime drift loop. | SURFACE-FS-02 | | | SURFACE-FS-05 | TODO | | SPRINT_136_scanner_surface | Scanner Guild, Scheduler Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | Expose Surface.FS pointers via Scanner WebService reports and coordinate rescan planning with Scheduler. | SURFACE-FS-03 | | | SURFACE-FS-06 | TODO | | SPRINT_136_scanner_surface | Docs Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | Update scanner-engine guide and offline kit docs with Surface.FS workflow. | SURFACE-FS-02 | | | SURFACE-FS-07 | TODO | | SPRINT_136_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | Extend Surface.FS manifest schema with `composition.recipe`, fragment attestation metadata, and verification helpers per deterministic SBOM spec. | SCANNER-SURFACE-04 | | | SURFACE-SECRETS-01 | DOING | 2025-11-02 | SPRINT_136_scanner_surface | Scanner Guild, Security Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | Produce `surface-secrets.md` defining secret reference schema, storage backends, scopes, and rotation rules. | | | | SURFACE-SECRETS-02 | DOING | 2025-11-02 | SPRINT_136_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | Implement `StellaOps.Scanner.Surface.Secrets` core provider interfaces, secret models, and in-memory test backend. | SURFACE-SECRETS-01 | | | SURFACE-SECRETS-03 | TODO | | SPRINT_136_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | Add Kubernetes/File/Offline backends with deterministic caching and audit hooks. | SURFACE-SECRETS-02 | SCSS0101 | | SURFACE-SECRETS-04 | TODO | | SPRINT_136_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | Integrate Surface.Secrets into Scanner Worker/WebService/BuildX for registry + CAS creds. | SURFACE-SECRETS-02 | | | SURFACE-SECRETS-05 | TODO | | SPRINT_136_scanner_surface | Zastava Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | Invoke Surface.Secrets from Zastava Observer/Webhook for CAS & attestation secrets. | SURFACE-SECRETS-02 | | | SURFACE-SECRETS-06 | TODO | | SPRINT_136_scanner_surface | Ops Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | Update deployment manifests/offline kit bundles to provision secret references instead of raw values. | SURFACE-SECRETS-03 | | | SURFACE-VAL-01 | DOING | 2025-11-01 | SPRINT_136_scanner_surface | Scanner Guild, Security Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | Define the Surface validation framework (`surface-validation.md`) covering env/cache/secret checks and extension hooks. | SURFACE-FS-01; SURFACE-ENV-01 | SCSS0102 | | SURFACE-VAL-02 | TODO | | SPRINT_136_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | Implement base validation library with check registry and default validators for env/cached manifests/secret refs. | SURFACE-VAL-01; SURFACE-ENV-02; SURFACE-FS-02 | SCSS0102 | | SURFACE-VAL-03 | TODO | | SPRINT_136_scanner_surface | Scanner Guild, Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | Integrate validation pipeline into Scanner analyzers so checks run before processing. | SURFACE-VAL-02 | SCSS0102 | | SURFACE-VAL-04 | TODO | | SPRINT_136_scanner_surface | Scanner Guild, Zastava Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | Expose validation helpers to Zastava and other runtime consumers for preflight checks. | SURFACE-VAL-02 | SCSS0102 | | SURFACE-VAL-05 | TODO | | SPRINT_136_scanner_surface | Docs Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | Document validation extensibility, registration, and customization in scanner-engine guides. | SURFACE-VAL-02 | SCSS0102 | | SVC-32-001 | TODO | | SPRINT_151_orchestrator_i | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | | | SVC-32-002 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | | | SVC-32-003 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | | | SVC-32-004 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | | | SVC-32-005 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | | | SVC-33-001 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | | | SVC-33-002 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | | | SVC-33-003 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | | | SVC-33-004 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | | | SVC-34-001 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | | | SVC-34-002 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | | | SVC-34-003 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | | | SVC-34-004 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | | | SVC-35-001 | BLOCKED | 2025-10-29 | SPRINT_163_exportcenter_ii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | | | SVC-35-002 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | | | SVC-35-003 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | | | SVC-35-004 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | | | SVC-35-005 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | | | SVC-35-006 | TODO | | SPRINT_164_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | | | SVC-35-101 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | | | SVC-36-001 | TODO | | SPRINT_164_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | | | SVC-36-002 | TODO | | SPRINT_164_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | | | SVC-36-003 | TODO | | SPRINT_164_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | | | SVC-36-004 | TODO | | SPRINT_164_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | | | SVC-36-101 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | | | SVC-37-001 | TODO | | SPRINT_164_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | | | SVC-37-002 | TODO | | SPRINT_164_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | | | SVC-37-003 | TODO | | SPRINT_164_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | | | SVC-37-004 | TODO | | SPRINT_164_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | | | SVC-37-101 | TODO | | SPRINT_152_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | | | SVC-38-002 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | | | | | SVC-38-003 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | | | | | SVC-38-004 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | | | | | SVC-38-101 | TODO | | SPRINT_153_orchestrator_iii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | | | SVC-39-001 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | | | | | SVC-39-002 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | | | | | SVC-39-003 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | | | | | SVC-39-004 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | | | | | SVC-40-001 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | | | | | SVC-40-002 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | | | | | SVC-40-003 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | | | | | SVC-40-004 | TODO | | SPRINT_172_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | | | | | SVC-41-101 | TODO | | SPRINT_153_orchestrator_iii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | | | SVC-42-101 | TODO | | SPRINT_153_orchestrator_iii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | | | SVC-43-001 | TODO | | SPRINT_164_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | | | SYM-007 | TODO | | SPRINT_401_reachability_evidence_chain | Scanner Worker Guild & Docs Guild (`src/Scanner/StellaOps.Scanner.Models`, `docs/modules/scanner/architecture.md`, `docs/reachability/function-level-evidence.md`) | `src/Scanner/StellaOps.Scanner.Models`, `docs/modules/scanner/architecture.md`, `docs/reachability/function-level-evidence.md` | | | | | SYMS-70-003 | TODO | | SPRINT_304_docs_tasks_md_iv | Docs Guild, Symbols Guild (docs) | | | | | | SYMS-90-005 | TODO | | SPRINT_505_ops_devops_iii | DevOps Guild, Symbols Guild (ops/devops) | ops/devops | | | | | SYMS-BUNDLE-401-014 | TODO | | SPRINT_401_reachability_evidence_chain | Symbols Guild · Ops | `src/Symbols/StellaOps.Symbols.Bundle`, `ops` | Produce deterministic symbol bundles for air-gapped installs (`symbols bundle create | Depends on #1 | RBSY0101 | | SYMS-CLIENT-401-012 | TODO | | SPRINT_401_reachability_evidence_chain | Symbols Guild · Scanner Guild | `src/Symbols/StellaOps.Symbols.Client`, `src/Scanner/StellaOps.Scanner.Symbolizer` | Ship `StellaOps.Symbols.Client` SDK (resolve/upload APIs, platform key derivation for ELF/PDB/Mach-O/JVM/Node, disk LRU cache) and integrate with Scanner.Symbolizer/runtime probes (ref. `docs/specs/SYMBOL_MANIFEST_v1.md`). | Depends on #3 | RBSY0101 | | SYMS-INGEST-401-013 | TODO | | SPRINT_401_reachability_evidence_chain | Symbols Guild · DevOps Guild | `src/Symbols/StellaOps.Symbols.Ingestor.Cli`, `docs/specs/SYMBOL_MANIFEST_v1.md` | Build `symbols ingest` CLI to emit DSSE-signed `SymbolManifest v1`, upload blobs, and register Rekor entries; document GitLab/Gitea pipeline usage. | Needs manifest updates from #1 | RBSY0101 | | SYMS-SERVER-401-011 | TODO | | SPRINT_401_reachability_evidence_chain | Symbols Guild | `src/Symbols/StellaOps.Symbols.Server` | Deliver `StellaOps.Symbols.Server` (REST+gRPC) with DSSE-verified uploads, Mongo/MinIO storage, tenant isolation, and deterministic debugId indexing; publish health/manifest APIs (spec: `docs/specs/SYMBOL_MANIFEST_v1.md`). | Depends on #5 | RBSY0101 | | TASKRUN-41-001 | TODO | | SPRINT_157_taskrunner_i | Task Runner Guild | src/TaskRunner/StellaOps.TaskRunner | Bootstrap service, define migrations for `pack_runs`, `pack_run_logs`, `pack_artifacts`, implement run API (create/get/log stream), local executor, approvals pause, artifact capture, and provenance manifest generation. | 41-001 | ORTR0101 | | TASKRUN-AIRGAP-56-001 | TODO | | SPRINT_157_taskrunner_i | Task Runner Guild · AirGap Policy Guild | src/TaskRunner/StellaOps.TaskRunner | Enforce plan-time validation rejecting steps with non-allowlisted network calls in sealed mode and surface remediation errors. | TASKRUN-41-001 | ORTR0101 | | TASKRUN-AIRGAP-56-002 | TODO | | SPRINT_157_taskrunner_i | Task Runner Guild · AirGap Importer Guild | src/TaskRunner/StellaOps.TaskRunner | Add helper steps for bundle ingestion (checksum verification, staging to object store) with deterministic outputs. Dependencies: TASKRUN-AIRGAP-56-001. | TASKRUN-AIRGAP-56-001 | ORTR0101 | | TASKRUN-AIRGAP-57-001 | TODO | | SPRINT_157_taskrunner_i | Task Runner Guild · AirGap Controller Guild | src/TaskRunner/StellaOps.TaskRunner | Refuse to execute plans when environment sealed=false but declared sealed install; emit advisory timeline events. Dependencies: TASKRUN-AIRGAP-56-002. | TASKRUN-AIRGAP-56-002 | ORTR0101 | | TASKRUN-AIRGAP-58-001 | TODO | | SPRINT_157_taskrunner_i | Task Runner Guild · Evidence Locker Guild | src/TaskRunner/StellaOps.TaskRunner | Capture bundle import job transcripts, hashed inputs, and outputs into portable evidence bundles. Dependencies: TASKRUN-AIRGAP-57-001. | TASKRUN-AIRGAP-57-001 | ORTR0101 | | TASKRUN-OAS-61-001 | TODO | | SPRINT_157_taskrunner_i | Task Runner Guild · API Contracts Guild | src/TaskRunner/StellaOps.TaskRunner | Document Task Runner APIs (pack runs, logs, approvals) in service OAS, including streaming response schemas and examples. | TASKRUN-41-001 | ORTR0101 | | TASKRUN-OAS-61-002 | TODO | | SPRINT_157_taskrunner_i | Task Runner Guild | src/TaskRunner/StellaOps.TaskRunner | Expose `GET /.well-known/openapi` returning signed spec metadata, build version, and ETag. Dependencies: TASKRUN-OAS-61-001. | TASKRUN-OAS-61-001 | ORTR0101 | | TASKRUN-OAS-62-001 | TODO | | SPRINT_157_taskrunner_i | Task Runner Guild · SDK Generator Guild | src/TaskRunner/StellaOps.TaskRunner | Provide SDK examples for pack run lifecycle; ensure SDKs offer streaming log helpers and paginator wrappers. Dependencies: TASKRUN-OAS-61-002. | TASKRUN-OAS-61-002 | ORTR0102 | | TASKRUN-OAS-63-001 | TODO | | SPRINT_157_taskrunner_i | Task Runner Guild · API Governance Guild | src/TaskRunner/StellaOps.TaskRunner | Implement deprecation header support and Sunset handling for legacy pack APIs; emit notifications metadata. Dependencies: TASKRUN-OAS-62-001. | TASKRUN-OAS-62-001 | ORTR0102 | | TASKRUN-OBS-50-001 | TODO | | SPRINT_157_taskrunner_i | Task Runner Guild | src/TaskRunner/StellaOps.TaskRunner | Adopt telemetry core in Task Runner host + worker executors, ensuring step execution spans/logs include `trace_id`, `tenant_id`, `run_id`, and scrubbed command transcripts. | ORTR0101 telemetry hooks | ORTR0102 | | TASKRUN-OBS-51-001 | TODO | | SPRINT_157_taskrunner_i | Task Runner Guild · DevOps Guild | src/TaskRunner/StellaOps.TaskRunner | Emit metrics for step latency, retries, queue depth, sandbox resource usage; define SLOs for pack run completion and failure rate; surface burn-rate alerts to collector/Notifier. Dependencies: TASKRUN-OBS-50-001. | TASKRUN-OBS-50-001 | ORTR0102 | | TASKRUN-OBS-52-001 | TODO | | SPRINT_157_taskrunner_i | Task Runner Guild | src/TaskRunner/StellaOps.TaskRunner | Produce timeline events for pack runs (`pack.started`, `pack.step.completed`, `pack.failed`) containing evidence pointers and policy gate context. Provide dedupe + retry logic. Dependencies: TASKRUN-OBS-51-001. | TASKRUN-OBS-50-001 | ORTR0102 | | TASKRUN-OBS-53-001 | TODO | | SPRINT_157_taskrunner_i | Task Runner Guild · Evidence Locker Guild | src/TaskRunner/StellaOps.TaskRunner | Capture step transcripts, artifact manifests, environment digests, and policy approvals into evidence locker snapshots; ensure redaction + hash chain coverage. Dependencies: TASKRUN-OBS-52-001. | TASKRUN-OBS-52-001 | ORTR0102 | | TASKRUN-OBS-54-001 | TODO | | SPRINT_158_taskrunner_ii | Task Runner Guild · Provenance Guild | src/TaskRunner/StellaOps.TaskRunner | Generate DSSE attestations for pack runs (subjects = produced artifacts) and expose verification API/CLI integration. Store references in timeline events. Dependencies: TASKRUN-OBS-53-001. | TASKRUN-OBS-53-001 | ORTR0102 | | TASKRUN-OBS-55-001 | TODO | | SPRINT_158_taskrunner_ii | Task Runner Guild · DevOps Guild | src/TaskRunner/StellaOps.TaskRunner | Implement incident mode escalations (extra telemetry, debug artifact capture, retention bump) and align on automatic activation via SLO breach webhooks. Dependencies: TASKRUN-OBS-54-001. | TASKRUN-OBS-54-001 | ORTR0102 | | TASKRUN-TEN-48-001 | TODO | | SPRINT_158_taskrunner_ii | Task Runner Guild | src/TaskRunner/StellaOps.TaskRunner | Require tenant/project context for every pack run, set DB/object-store prefixes, block egress when tenant restricted, and propagate context to steps/logs. | TASKRUN-AIRGAP-58-001 | ORTR0101 | | TELEMETRY-DOCS-0001 | TODO | | SPRINT_330_docs_modules_telemetry | Docs Guild | docs/modules/telemetry | Validate that telemetry module docs reflect the new storage stack and isolation rules. | Ops checklist from DVDO0103 | DOTL0101 | | TELEMETRY-DOCS-0001 | TODO | | SPRINT_330_docs_modules_telemetry | Docs Guild | docs/modules/telemetry | Validate that telemetry module docs reflect the new storage stack and isolation rules. | Ops checklist from DVDO0103 | DOTL0101 | | TELEMETRY-ENG-0001 | TODO | | SPRINT_330_docs_modules_telemetry | Module Team | docs/modules/telemetry | Ensure milestones stay in sync with telemetry sprints in `docs/implplan`. | TLTY0101 API review | DOTL0101 | | TELEMETRY-OBS-50-001 | DOING | | SPRINT_170_notifications_telemetry | Telemetry Core Guild | src/Telemetry/StellaOps.Telemetry.Core | Core bootstrap coding active (50-001); propagation adapters (50-002) queued pending package publication. | 50-002 dashboards | TLTY0101 | | TELEMETRY-OBS-50-002 | DOING | | SPRINT_170_notifications_telemetry | Telemetry Core Guild | src/Telemetry/StellaOps.Telemetry.Core | OBS-50-001 rollout | OBS-50-001 rollout | TLTY0101 | | TELEMETRY-OBS-51-001 | TODO | | SPRINT_170_notifications_telemetry | Telemetry Core Guild | src/Telemetry/StellaOps.Telemetry.Core | Roslyn analyzer + scrub policy review pending Security Guild approval. | 51-002 scope review | TLTY0101 | | TELEMETRY-OBS-51-002 | TODO | | SPRINT_170_notifications_telemetry | Telemetry Core Guild | src/Telemetry/StellaOps.Telemetry.Core | OBS-51-001 shadow mode | OBS-51-001 shadow mode | TLTY0101 | | TELEMETRY-OBS-55-001 | TODO | | SPRINT_170_notifications_telemetry | Telemetry Core Guild · Observability Guild | src/Telemetry/StellaOps.Telemetry.Core | Requires CLI toggle contract (CLI-OBS-12-001) and Notify incident payload spec (NOTIFY-OBS-55-001). | 56-001 event schema | TLTY0101 | | TELEMETRY-OBS-56-001 | TODO | | SPRINT_174_telemetry | Telemetry Core Guild | src/Telemetry/StellaOps.Telemetry.Core | Add sealed-mode telemetry helpers (drift metrics, seal/unseal spans, offline exporters) and ensure hosts can disable external exporters when sealed. Dependencies: TELEMETRY-OBS-55-001. | OBS-55-001 output | TLTY0101 | | TELEMETRY-OPS-0001 | TODO | | SPRINT_330_docs_modules_telemetry | Ops Guild | docs/modules/telemetry | Review telemetry runbooks/observability dashboards post-demo. | DVDO0103 deployment notes | DOTL0101 | | TEN-47-001 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | | | TEN-48-001 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | | | | | TEN-49-001 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | | | TEST-186-006 | TODO | | SPRINT_186_record_deterministic_execution | Signing Guild, QA Guild (`src/Signer/StellaOps.Signer.Tests`) | `src/Signer/StellaOps.Signer.Tests` | | | | | TEST-62-001 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild, Contract Testing Guild (docs) | | | | | | TIME-57-001 | TODO | | SPRINT_110_ingestion_evidence | Exporter Guild · AirGap Time Guild · CLI Guild | | | PROGRAM-STAFF-1001 | | | TIME-57-002 | TODO | | SPRINT_510_airgap | Exporter Guild · AirGap Time Guild · CLI Guild | src/AirGap/StellaOps.AirGap.Time | PROGRAM-STAFF-1001 | PROGRAM-STAFF-1001 | AGTM0101 | | TIME-58-001 | TODO | | SPRINT_510_airgap | AirGap Time Guild | src/AirGap/StellaOps.AirGap.Time | AIRGAP-TIME-58-001 | AIRGAP-TIME-58-001 | AGTM0101 | | TIME-58-002 | TODO | | SPRINT_510_airgap | AirGap Time Guild · Notifications Guild | src/AirGap/StellaOps.AirGap.Time | TIME-58-001 | TIME-58-001 | AGTM0101 | | TIMELINE-OBS-52-001 | TODO | | SPRINT_160_export_evidence | Timeline Indexer Guild | | Timeline Indexer Guild | | | | TIMELINE-OBS-52-002 | TODO | | SPRINT_160_export_evidence | Timeline Indexer Guild | | Timeline Indexer Guild | | | | TIMELINE-OBS-52-003 | TODO | | SPRINT_160_export_evidence | Timeline Indexer Guild | | Timeline Indexer Guild | | | | TIMELINE-OBS-52-004 | TODO | | SPRINT_160_export_evidence | Timeline Indexer + Security Guilds | | Timeline Indexer + Security Guilds | | | | TIMELINE-OBS-53-001 | TODO | | SPRINT_160_export_evidence | Timeline Indexer + Evidence Locker Guilds | | Timeline Indexer + Evidence Locker Guilds | | | | UI-401-027 | TODO | | SPRINT_401_reachability_evidence_chain | UI Guild · CLI Guild (`src/UI/StellaOps.UI`, `src/Cli/StellaOps.Cli`, `docs/uncertainty/README.md`) | `src/UI/StellaOps.UI`, `src/Cli/StellaOps.Cli`, `docs/uncertainty/README.md` | | | | | UI-AOC-19-001 | TODO | | SPRINT_209_ui_i | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Add Sources dashboard tiles showing AOC pass/fail, recent violation codes, and ingest throughput per tenant. | | | | UI-AOC-19-002 | TODO | | SPRINT_209_ui_i | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Implement violation drill-down view highlighting offending document fields and provenance metadata. Dependencies: UI-AOC-19-001. | | | | UI-AOC-19-003 | TODO | | SPRINT_209_ui_i | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Add "Verify last 24h" action triggering AOC verifier endpoint and surfacing CLI parity guidance. Dependencies: UI-AOC-19-002. | | | | UI-CLI-401-007 | TODO | | SPRINT_401_reachability_evidence_chain | UI & CLI Guilds (`src/Cli/StellaOps.Cli`, `src/UI/StellaOps.UI`) | `src/Cli/StellaOps.Cli`, `src/UI/StellaOps.UI` | Implement CLI `stella graph explain` + UI explain drawer showing signed call-path, predicates, runtime hits, and DSSE pointers; include counterfactual controls. | | | | UI-DOCS-0001 | TODO | | SPRINT_331_docs_modules_ui | Docs Guild (docs/modules/ui) | docs/modules/ui | | | | | UI-ENG-0001 | TODO | | SPRINT_331_docs_modules_ui | Module Team (docs/modules/ui) | docs/modules/ui | | | | | UI-ENTROPY-40-001 | TODO | | SPRINT_209_ui_i | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Visualise entropy analysis per image (layer donut, file heatmaps, “Why risky?” chips) in Vulnerability Explorer and scan details, including opaque byte ratios and detector hints (see `docs/modules/scanner/entropy.md`). | | | | UI-ENTROPY-40-002 | TODO | | SPRINT_209_ui_i | UI Guild, Policy Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Add policy banners/tooltips explaining entropy penalties (block/warn thresholds, mitigation steps) and link to raw `entropy.report.json` evidence downloads (`docs/modules/scanner/entropy.md`). Dependencies: UI-ENTROPY-40-001. | | | | UI-EXC-25-001 | TODO | | SPRINT_209_ui_i | UI Guild, Governance Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Build Exception Center (list + kanban) with filters, sorting, workflow transitions, and audit views. | | | | UI-EXC-25-002 | TODO | | SPRINT_209_ui_i | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Implement exception creation wizard with scope preview, justification templates, timebox guardrails. Dependencies: UI-EXC-25-001. | | | | UI-EXC-25-003 | TODO | | SPRINT_209_ui_i | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Add inline exception drafting/proposing from Vulnerability Explorer and Graph detail panels with live simulation. Dependencies: UI-EXC-25-002. | | | | UI-EXC-25-004 | TODO | | SPRINT_209_ui_i | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Surface exception badges, countdown timers, and explain integration across Graph/Vuln Explorer and policy views. Dependencies: UI-EXC-25-003. | | | | UI-EXC-25-005 | TODO | | SPRINT_209_ui_i | UI Guild, Accessibility Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Add keyboard shortcuts (`x`,`a`,`r`) and ensure screen-reader messaging for approvals/revocations. Dependencies: UI-EXC-25-004. | | | | UI-GRAPH-21-001 | TODO | | SPRINT_209_ui_i | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Align Graph Explorer auth configuration with new `graph:*` scopes; consume scope identifiers from shared `StellaOpsScopes` exports (via generated SDK/config) instead of hard-coded strings. | | | | UI-GRAPH-24-001 | TODO | | SPRINT_209_ui_i | UI Guild, SBOM Service Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Build Graph Explorer canvas with layered/radial layouts, virtualization, zoom/pan, and scope toggles; initial render <1.5s for sample asset. Dependencies: UI-GRAPH-21-001. | | | | UI-GRAPH-24-002 | TODO | | SPRINT_209_ui_i | UI Guild, Policy Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Implement overlays (Policy, Evidence, License, Exposure), simulation toggle, path view, and SBOM diff/time-travel with accessible tooltips/AOC indicators. Dependencies: UI-GRAPH-24-001. | | | | UI-GRAPH-24-003 | TODO | | SPRINT_209_ui_i | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Deliver filters/search panel with facets, saved views, permalinks, and share modal. Dependencies: UI-GRAPH-24-002. | | | | UI-GRAPH-24-004 | TODO | | SPRINT_209_ui_i | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Add side panels (Details, What-if, History) with upgrade simulation integration and SBOM diff viewer. Dependencies: UI-GRAPH-24-003. | | | | UI-GRAPH-24-006 | TODO | | SPRINT_209_ui_i | UI Guild, Accessibility Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Ensure accessibility (keyboard nav, screen reader labels, contrast), add hotkeys (`f`,`e`,`.`), and analytics instrumentation. Dependencies: UI-GRAPH-24-004. | | | | UI-LNM-22-001 | TODO | | SPRINT_209_ui_i | UI Guild, Policy Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Build Evidence panel showing policy decision with advisory observations/linksets side-by-side, conflict badges, AOC chain, and raw doc download links. Docs `DOCS-LNM-22-005` waiting on delivered UI for screenshots + flows. | | | | UI-LNM-22-002 | TODO | | SPRINT_210_ui_ii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Implement filters (source, severity bucket, conflict-only, CVSS vector presence) and pagination/lazy loading for large linksets. Docs depend on finalized filtering UX. Dependencies: UI-LNM-22-001. | | | | UI-LNM-22-003 | TODO | | SPRINT_210_ui_ii | UI Guild, Excititor Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Add VEX tab with status/justification summaries, conflict indicators, and export actions. Required for `DOCS-LNM-22-005` coverage of VEX evidence tab. Dependencies: UI-LNM-22-002. | | | | UI-LNM-22-004 | TODO | | SPRINT_210_ui_ii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Provide permalink + copy-to-clipboard for selected component/linkset/policy combination; ensure high-contrast theme support. Dependencies: UI-LNM-22-003. | | | | UI-OPS-0001 | TODO | | SPRINT_331_docs_modules_ui | Ops Guild (docs/modules/ui) | docs/modules/ui | | | | | UI-ORCH-32-001 | TODO | | SPRINT_210_ui_ii | UI Guild, Console Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Update Console RBAC mappings to surface `Orch.Viewer`, request `orch:read` scope in token flows, and gate dashboard access/messaging accordingly. | | | | UI-POLICY-13-007 | TODO | | SPRINT_210_ui_ii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Surface policy confidence metadata (band, age, quiet provenance) on preview and report views. | | | | UI-POLICY-20-001 | TODO | | SPRINT_210_ui_ii | UI Guild | src/UI/StellaOps.UI | Ship Monaco-based policy editor with DSL syntax highlighting, inline diagnostics, and compliance checklist sidebar. Dependencies: UI-POLICY-13-007. | Depends on Policy DSL schema | | | UI-POLICY-20-002 | TODO | | SPRINT_210_ui_ii | UI Guild | src/UI/StellaOps.UI | Build simulation panel showing before/after counts, severity deltas, and rule hit summaries with deterministic diff rendering. Dependencies: UI-POLICY-20-001. | Needs 20-001 editor events | | | UI-POLICY-20-003 | TODO | | SPRINT_210_ui_ii | UI/ProdOps Guild | src/UI/StellaOps.UI | Implement submit/review/approve workflow with comments, approvals log, RBAC. | UI-POLICY-20-002 | UIPD0101 | | UI-POLICY-20-004 | TODO | | SPRINT_210_ui_ii | UI Guild · Observability Guild | src/UI/StellaOps.UI | Add run viewer dashboards (rule heatmap, VEX wins, suppressions) with filters/export. | UI-POLICY-20-003 | UIPD0101 | | UI-POLICY-23-001 | TODO | | SPRINT_210_ui_ii | UI Guild, Policy Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Deliver Policy Editor workspace with pack list, revision history, and scoped metadata cards. Dependencies: UI-POLICY-20-004. | | | | UI-POLICY-23-002 | TODO | | SPRINT_210_ui_ii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Implement YAML editor with schema validation, lint diagnostics, and live canonicalization preview. Dependencies: UI-POLICY-23-001. | | | | UI-POLICY-23-003 | TODO | | SPRINT_210_ui_ii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Build guided rule builder (source preferences, severity mapping, VEX precedence, exceptions) with preview JSON output. Dependencies: UI-POLICY-23-002. | | | | UI-POLICY-23-004 | TODO | | SPRINT_210_ui_ii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Add review/approval workflow UI: checklists, comments, two-person approval indicator, scope scheduling. Dependencies: UI-POLICY-23-003. | | | | UI-POLICY-23-005 | TODO | | SPRINT_210_ui_ii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Integrate simulator panel (SBOM/component/advisory selection), run diff vs active policy, show explain tree and overlays. Dependencies: UI-POLICY-23-004. | | | | UI-POLICY-23-006 | TODO | | SPRINT_210_ui_ii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Implement explain view linking to evidence overlays and exceptions; provide export to JSON/PDF. Dependencies: UI-POLICY-23-005. | | | | UI-POLICY-27-001 | TODO | | SPRINT_211_ui_iii | UI Guild, Product Ops (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Update Console policy workspace RBAC guards, scope requests, and user messaging to reflect the new Policy Studio roles/scopes (`policy:author/review/approve/operate/audit/simulate`), including Cypress auth stubs and help text. Dependencies: UI-POLICY-23-006. | | | | UI-POLICY-DET-01 | TODO | | SPRINT_209_ui_i | UI Guild, Policy Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Wire policy gate indicators + remediation hints into Release/Policy flows, blocking publishes when determinism checks fail; coordinate with Policy Engine schema updates. Dependencies: UI-SBOM-DET-01. | | | | UI-SBOM-DET-01 | TODO | | SPRINT_209_ui_i | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Add a “Determinism” badge plus drill-down that surfaces fragment hashes, `_composition.json`, and Merkle root consistency when viewing scan details (per `docs/modules/scanner/deterministic-sbom-compose.md`). | | | | UI-SIG-26-001 | TODO | | SPRINT_211_ui_iii | UI Guild, Signals Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Add reachability columns/badges to Vulnerability Explorer with filters and tooltips. | | | | UI-SIG-26-002 | TODO | | SPRINT_211_ui_iii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Enhance “Why” drawer with call path visualization, reachability timeline, and evidence list. Dependencies: UI-SIG-26-001. | | | | UI-SIG-26-003 | TODO | | SPRINT_211_ui_iii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Add reachability overlay halos/time slider to SBOM Graph along with state legend. Dependencies: UI-SIG-26-002. | | | | UI-SIG-26-004 | TODO | | SPRINT_211_ui_iii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Build Reachability Center view showing asset coverage, missing sensors, and stale facts. Dependencies: UI-SIG-26-003. | | | | UNCERTAINTY-POLICY-401-026 | TODO | | SPRINT_401_reachability_evidence_chain | Policy Guild · Concelier Guild (`docs/policy/dsl.md`, `docs/uncertainty/README.md`) | `docs/policy/dsl.md`, `docs/uncertainty/README.md` | Update policy guidance (Concelier/Excitors) with uncertainty gates (U1/U2/U3), sample YAML rules, and remediation actions. | | | | UNCERTAINTY-SCHEMA-401-024 | TODO | | SPRINT_401_reachability_evidence_chain | Signals Guild (`src/Signals/StellaOps.Signals`, `docs/uncertainty/README.md`) | `src/Signals/StellaOps.Signals`, `docs/uncertainty/README.md` | Extend Signals findings with `uncertainty.states[]`, entropy fields, and `riskScore`; emit `FindingUncertaintyUpdated` events and persist evidence per docs. | | | | UNCERTAINTY-SCORER-401-025 | TODO | | SPRINT_401_reachability_evidence_chain | Signals Guild (`src/Signals/StellaOps.Signals.Application`, `docs/uncertainty/README.md`) | `src/Signals/StellaOps.Signals.Application`, `docs/uncertainty/README.md` | Implement the entropy-aware risk scorer (`riskScore = base × reach × trust × (1 + entropyBoost)`) and wire it into finding writes. | | | | UNCERTAINTY-UI-401-027 | TODO | | SPRINT_401_reachability_evidence_chain | UI Guild · CLI Guild (`src/UI/StellaOps.UI`, `src/Cli/StellaOps.Cli`, `docs/uncertainty/README.md`) | `src/UI/StellaOps.UI`, `src/Cli/StellaOps.Cli`, `docs/uncertainty/README.md` | Surface uncertainty chips/tooltips in the Console (React UI) + CLI output (risk score + entropy states). | | | | VAL-01 | DOING | 2025-11-01 | SPRINT_136_scanner_surface | Scanner Guild, Security Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | | SURFACE-FS-01; SURFACE-ENV-01 | | | VAL-02 | TODO | | SPRINT_136_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | | SURFACE-VAL-01; SURFACE-ENV-02; SURFACE-FS-02 | | | VAL-03 | TODO | | SPRINT_136_scanner_surface | Scanner Guild, Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | | SURFACE-VAL-02 | | | VAL-04 | TODO | | SPRINT_136_scanner_surface | Scanner Guild, Zastava Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | | SURFACE-VAL-02 | | | VAL-05 | TODO | | SPRINT_136_scanner_surface | Docs Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | | SURFACE-VAL-02 | | | VERIFY-186-007 | TODO | | SPRINT_186_record_deterministic_execution | Authority Guild, Provenance Guild (`src/Authority/StellaOps.Authority`, `src/Provenance/StellaOps.Provenance.Attestation`) | `src/Authority/StellaOps.Authority`, `src/Provenance/StellaOps.Provenance.Attestation` | | | | | VEX-006 | TODO | | SPRINT_401_reachability_evidence_chain | Policy, Excititor, UI, CLI & Notify Guilds (`docs/modules/excititor/architecture.md`, `src/Cli/StellaOps.Cli`, `src/UI/StellaOps.UI`, `docs/09_API_CLI_REFERENCE.md`) | `docs/modules/excititor/architecture.md`, `src/Cli/StellaOps.Cli`, `src/UI/StellaOps.UI`, `docs/09_API_CLI_REFERENCE.md` | | | | | VEX-30-001 | DOING | 2025-11-08 | SPRINT_212_web_i | Console Guild, BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | | | | | VEX-30-002 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | | | VEX-30-003 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | | | VEX-30-004 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | | | VEX-30-005 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild, Console Guild (docs) | | | | | | VEX-30-006 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild, Policy Guild (docs) | | | | DOVX0101 | | VEX-30-007 | TODO | | SPRINT_216_web_v | BE-Base Platform Guild, VEX Lens Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | | | DOVX0101 | | VEX-30-008 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild, Security Guild (docs) | | | | DOVX0101 | | VEX-30-009 | TODO | | SPRINT_310_docs_tasks_md_x | Docs Guild, DevOps Guild (docs) | | | | DOVX0101 | | VEX-401-006 | TODO | | SPRINT_401_reachability_evidence_chain | Policy Guild (`src/Policy/StellaOps.Policy.Engine`, `src/Policy/__Libraries/StellaOps.Policy`) | `src/Policy/StellaOps.Policy.Engine`, `src/Policy/__Libraries/StellaOps.Policy` | | | DOVX0101 | | VEX-401-010 | TODO | | SPRINT_401_reachability_evidence_chain | Policy Guild (`src/Policy/StellaOps.Policy.Engine/Vex`, `docs/modules/policy/architecture.md`, `docs/benchmarks/vex-evidence-playbook.md`) | `src/Policy/StellaOps.Policy.Engine/Vex`, `docs/modules/policy/architecture.md`, `docs/benchmarks/vex-evidence-playbook.md` | | | DOVX0101 | | VEX-401-011 | TODO | | SPRINT_401_reachability_evidence_chain | verify | | | | DOVX0101 | | VEX-401-012 | TODO | | SPRINT_401_reachability_evidence_chain | Docs Guild (`docs/benchmarks/vex-evidence-playbook.md`, `bench/README.md`) | `docs/benchmarks/vex-evidence-playbook.md`, `bench/README.md` | | | DOVX0101 | | VEX-401-018 | TODO | | SPRINT_401_reachability_evidence_chain | Signing Guild (`src/Signer/StellaOps.Signer`, `docs/modules/signer/architecture.md`) | `src/Signer/StellaOps.Signer`, `docs/modules/signer/architecture.md` | | | DOVX0101 | | VEX-CONSENSUS-LENS-DOCS-0001 | TODO | | SPRINT_332_docs_modules_vex_lens | Docs Guild (docs/modules/vex-lens) | docs/modules/vex-lens | Refresh VEX Lens module docs with consensus workflow guidance and recent release links. | | DOVX0101 | | VEX-CONSENSUS-LENS-DOCS-0002 | TODO | 2025-11-05 | SPRINT_332_docs_modules_vex_lens | Docs Guild (docs/modules/vex-lens) | docs/modules/vex-lens | Pending DOCS-VEX-30-001..004 to add consensus doc cross-links | | | | VEX-CONSENSUS-LENS-ENG-0001 | TODO | | SPRINT_332_docs_modules_vex_lens | Module Team (docs/modules/vex-lens) | docs/modules/vex-lens | Sync into ../.. | | | | VEX-CONSENSUS-LENS-OPS-0001 | TODO | | SPRINT_332_docs_modules_vex_lens | Ops Guild (docs/modules/vex-lens) | docs/modules/vex-lens | Document outputs in ./README.md | | | | VEX-LENS-ENG-0001 | TODO | | SPRINT_332_docs_modules_vex_lens | Module Team (docs/modules/vex-lens) | docs/modules/vex-lens | Keep module milestones synchronized with VEX Lens sprints listed under `/docs/implplan`. | | | | VEX-LENS-OPS-0001 | TODO | | SPRINT_332_docs_modules_vex_lens | Ops Guild (docs/modules/vex-lens) | docs/modules/vex-lens | Review VEX Lens runbooks/observability assets post-demo. | | | | VEXLENS-30-001 | TODO | | SPRINT_115_concelier_iv | Concelier WebService Guild · VEX Lens Guild | src/Concelier/StellaOps.Concelier.WebService | — | — | PLVL0101 | | VEXLENS-30-002 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | Build product mapping library | VEXLENS-30-001 | PLVL0101 | | VEXLENS-30-003 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild · Issuer Directory Guild | src/VexLens/StellaOps.VexLens | Integrate signature verification | VEXLENS-30-002 | PLVL0101 | | VEXLENS-30-004 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild · Policy Guild | src/VexLens/StellaOps.VexLens | Implement trust weighting engine | VEXLENS-30-003 | PLVL0101 | | VEXLENS-30-005 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | Implement consensus algorithm producing `consensus_state`, `confidence`, `weights`, `quorum`, `rationale`; support states: NOT_AFFECTED, AFFECTED, FIXED, UNDER_INVESTIGATION, DISPUTED, INCONCLUSIVE | VEXLENS-30-004 | PLVL0101 | | VEXLENS-30-006 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild · Findings Ledger Guild | src/VexLens/StellaOps.VexLens | Materialize consensus projection storage with idempotent workers triggered by VEX/Policy changes; expose change events for downstream consumers | VEXLENS-30-005 | PLVL0101 | | VEXLENS-30-007 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | Expose APIs | VEXLENS-30-006 | PLVL0101 | | VEXLENS-30-008 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild · Policy Guild | src/VexLens/StellaOps.VexLens | Integrate consensus signals with Policy Engine | VEXLENS-30-007 | PLVL0101 | | VEXLENS-30-009 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild · Observability Guild | src/VexLens/StellaOps.VexLens | Instrument metrics | VEXLENS-30-008 | PLVL0101 | | VEXLENS-30-010 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild · QA Guild | src/VexLens/StellaOps.VexLens | Develop unit/property/integration/load tests | VEXLENS-30-009 | PLVL0101 | | VEXLENS-30-011 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild · DevOps Guild | src/VexLens/StellaOps.VexLens | Provide deployment manifests, caching configuration, scaling guides, offline kit seeds, and runbooks | VEXLENS-30-010 | PLVL0103 | | VEXLENS-AIAI-31-001 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | Expose consensus rationale API enhancements (policy factors, issuer details, mapping issues) for Advisory AI conflict explanations | — | PLVL0103 | | VEXLENS-AIAI-31-002 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | Provide caching hooks for consensus lookups used by Advisory AI | VEXLENS-AIAI-31-001 | PLVL0103 | | VEXLENS-EXPORT-35-001 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | Provide consensus snapshot API delivering deterministic JSONL (state, confidence, provenance) for exporter mirror bundles | — | PLVL0103 | | VEXLENS-ORCH-33-001 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | Register `consensus_compute` job type with orchestrator, integrate worker SDK, and expose job planning hooks for consensus batches | — | PLVL0103 | | VEXLENS-ORCH-34-001 | TODO | | SPRINT_129_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | Emit consensus completion events into orchestrator run ledger and provenance chain, including confidence metadata | VEXLENS-ORCH-33-001 | PLVL0103 | | VULN-29-001 | DOING | 2025-11-08 | SPRINT_212_web_i | Console Guild, BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | | | | | VULN-29-002 | TODO | | SPRINT_123_excititor_v | Excititor WebService Guild (src/Excititor/StellaOps.Excititor.WebService) | src/Excititor/StellaOps.Excititor.WebService | | | | | VULN-29-003 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | | | VULN-29-004 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild, Observability Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | | | VULN-29-005 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | | | VULN-29-006 | TODO | | SPRINT_205_cli_v | DevEx/CLI Guild, Docs Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | | | VULN-29-007 | TODO | | SPRINT_311_docs_tasks_md_xi | Docs Guild, Excititor Guild (docs) | | | | | | VULN-29-008 | TODO | | SPRINT_311_docs_tasks_md_xi | Docs Guild, Concelier Guild (docs) | | | | | | VULN-29-009 | TODO | | SPRINT_311_docs_tasks_md_xi | Docs Guild, SBOM Service Guild (docs) | | | | | | VULN-29-010 | TODO | | SPRINT_311_docs_tasks_md_xi | Docs Guild, Observability Guild (docs) | | | | | | VULN-29-011 | TODO | | SPRINT_311_docs_tasks_md_xi | Docs Guild, Security Guild (docs) | | | | | | VULN-29-012 | TODO | | SPRINT_311_docs_tasks_md_xi | Docs Guild, Ops Guild (docs) | | | | | | VULN-29-013 | TODO | | SPRINT_311_docs_tasks_md_xi | Docs Guild, Deployment Guild (docs) | | | | | | VULN-API-29-001 | TODO | | SPRINT_129_policy_reasoning | Vuln Explorer API Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Define OpenAPI spec (list/detail/query/simulation/workflow/export), query JSON schema, pagination/grouping contracts, and error codes | | PLVA0101 | | VULN-API-29-002 | TODO | | SPRINT_129_policy_reasoning | Vuln Explorer API Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Implement list/query endpoints with policy parameter, grouping, server paging, caching, and cost budgets | VULN-API-29-001 | PLVA0101 | | VULN-API-29-003 | TODO | | SPRINT_129_policy_reasoning | Vuln Explorer API Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Implement detail endpoint aggregating evidence, policy rationale, paths | VULN-API-29-002 | PLVA0101 | | VULN-API-29-004 | TODO | | SPRINT_129_policy_reasoning | Vuln Explorer API Guild, Findings Ledger Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Expose workflow endpoints | VULN-API-29-003 | PLVA0101 | | VULN-API-29-005 | TODO | | SPRINT_129_policy_reasoning | Vuln Explorer API Guild, Policy Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Implement simulation endpoint comparing `policy_from` vs `policy_to`, returning diffs without side effects; hook into Policy Engine batch eval | VULN-API-29-004 | PLVA0101 | | VULN-API-29-006 | TODO | | SPRINT_129_policy_reasoning | Vuln Explorer API Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Integrate resolver results with Graph Explorer: include shortest path metadata, line up deep-link parameters, expose `paths` array in details | VULN-API-29-005 | PLVA0101 | | VULN-API-29-007 | TODO | | SPRINT_129_policy_reasoning | Vuln Explorer API Guild, Security Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Enforce RBAC/ABAC scopes; implement CSRF/anti-forgery checks for Console; secure attachment URLs; audit logging | VULN-API-29-006 | PLVA0102 | | VULN-API-29-008 | TODO | | SPRINT_129_policy_reasoning | Vuln Explorer API Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Build export orchestrator producing signed bundles | VULN-API-29-007 | PLVA0102 | | VULN-API-29-009 | TODO | | SPRINT_129_policy_reasoning | Vuln Explorer API Guild, Observability Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Instrument metrics | VULN-API-29-008 | PLVA0102 | | VULN-API-29-010 | TODO | | SPRINT_129_policy_reasoning | Vuln Explorer API Guild, QA Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Provide unit/integration/perf tests | VULN-API-29-009 | PLVA0102 | | VULN-API-29-011 | TODO | | SPRINT_129_policy_reasoning | Vuln Explorer API Guild, DevOps Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Package deployment | VULN-API-29-010 | PLVA0102 | | VULNERABILITY-EXPLORER-DOCS-0001 | TODO | | SPRINT_334_docs_modules_vuln_explorer | Docs Guild (docs/modules/vuln-explorer) | docs/modules/vuln-explorer | Validate Vuln Explorer module docs against latest roadmap/releases and add evidence links. | | DOVL0101 | | VULNERABILITY-EXPLORER-ENG-0001 | TODO | | SPRINT_334_docs_modules_vuln_explorer | Module Team (docs/modules/vuln-explorer) | docs/modules/vuln-explorer | Keep sprint alignment notes in sync with Vuln Explorer sprints. | | | | VULNERABILITY-EXPLORER-OPS-0001 | TODO | | SPRINT_334_docs_modules_vuln_explorer | Ops Guild (docs/modules/vuln-explorer) | docs/modules/vuln-explorer | Review runbooks/observability assets after next demo. | | | | WEB-20-002 | BLOCKED | | SPRINT_155_scheduler_i | Scheduler WebService Guild (src/Scheduler/StellaOps.Scheduler.WebService) | src/Scheduler/StellaOps.Scheduler.WebService | | | | | WEB-AIAI-31-001 | TODO | | SPRINT_212_web_i | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Route `/advisory/ai/*` endpoints through gateway with RBAC/ABAC, rate limits, and telemetry headers. | | | | WEB-AIAI-31-002 | TODO | | SPRINT_212_web_i | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Provide batching job handlers and streaming responses for CLI automation with retry/backoff. Dependencies: WEB-AIAI-31-001. | | | | WEB-AIAI-31-003 | TODO | | SPRINT_212_web_i | BE-Base Platform Guild, Observability Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Emit metrics/logs (latency, guardrail blocks, validation failures) and forward anonymized prompt hashes to analytics. Dependencies: WEB-AIAI-31-002. | | | | WEB-AIRGAP-56-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | | | WEB-AIRGAP-56-002 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | | | WEB-AIRGAP-57-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild, AirGap Policy Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | | | WEB-AIRGAP-58-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild, AirGap Importer Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | | | WEB-AOC-19-002 | TODO | | SPRINT_212_web_i | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Ship `ProvenanceBuilder`, checksum utilities, and signature verification helper integrated with guard logging. Cover DSSE/CMS formats with unit tests. Dependencies: WEB-AOC-19-001. | | | | WEB-AOC-19-003 | TODO | | SPRINT_116_concelier_v | QA Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | | | WEB-AOC-19-004 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild, QA Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | | | WEB-AOC-19-005 | TODO | 2025-11-08 | SPRINT_116_concelier_v | Concelier WebService Guild, QA Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | | | WEB-AOC-19-006 | TODO | 2025-11-08 | SPRINT_116_concelier_v | Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | | | WEB-AOC-19-007 | TODO | 2025-11-08 | SPRINT_116_concelier_v | Concelier WebService Guild, QA Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | | | WEB-CONSOLE-23-001 | TODO | | SPRINT_212_web_i | BE-Base Platform Guild, Product Analytics Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Provide consolidated `/console/dashboard` and `/console/filters` APIs returning tenant-scoped aggregates (findings by severity, VEX override counts, advisory deltas, run health, policy change log). Enforce AOC labelling, deterministic ordering, and cursor-based pagination for drill-down hints. | | | | WEB-CONSOLE-23-002 | TODO | | SPRINT_212_web_i | BE-Base Platform Guild, Scheduler Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose `/console/status` polling endpoint and `/console/runs/{id}/stream` SSE/WebSocket proxy with heartbeat/backoff, queue lag metrics, and auth scope enforcement. Surface request IDs + retry headers. Dependencies: WEB-CONSOLE-23-001. | | | | WEB-CONSOLE-23-003 | TODO | | SPRINT_212_web_i | BE-Base Platform Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add `/console/exports` POST/GET routes coordinating evidence bundle creation, streaming CSV/JSON exports, checksum manifest retrieval, and signed attestation references. Ensure requests honor tenant + policy scopes and expose job tracking metadata. Dependencies: WEB-CONSOLE-23-002. | | | | WEB-CONSOLE-23-004 | TODO | | SPRINT_212_web_i | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement `/console/search` endpoint accepting CVE/GHSA/PURL/SBOM identifiers, performing fan-out queries with caching, ranking, and deterministic tie-breaking. Return typed results for Console navigation; respect result caps and latency SLOs. Dependencies: WEB-CONSOLE-23-003. | | | | WEB-CONSOLE-23-005 | TODO | | SPRINT_212_web_i | BE-Base Platform Guild, DevOps Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Serve `/console/downloads` JSON manifest (images, charts, offline bundles) sourced from signed registry metadata; include integrity hashes, release notes links, and offline instructions. Provide caching headers and documentation. Dependencies: WEB-CONSOLE-23-004. | | | | WEB-CONTAINERS-44-001 | TODO | | SPRINT_212_web_i | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose `/welcome` state, config discovery endpoint (safe values), and `QUICKSTART_MODE` handling for Console banner; add `/health/liveness`, `/health/readiness`, `/version` if missing. | | | | WEB-CONTAINERS-45-001 | TODO | | SPRINT_212_web_i | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Ensure readiness endpoints reflect DB/queue readiness, add feature flag toggles via config map, and document NetworkPolicy ports. Dependencies: WEB-CONTAINERS-44-001. | | | | WEB-CONTAINERS-46-001 | TODO | | SPRINT_212_web_i | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Provide offline-friendly asset serving (no CDN), allow overriding object store endpoints via env, and document fallback behavior. Dependencies: WEB-CONTAINERS-45-001. | | | | WEB-EXC-25-001 | TODO | | SPRINT_212_web_i | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement `/exceptions` API (create, propose, approve, revoke, list, history) with validation, pagination, and audit logging. | | | | WEB-EXC-25-002 | TODO | | SPRINT_213_web_ii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Extend `/policy/effective` and `/policy/simulate` responses to include exception metadata and accept overrides for simulations. Dependencies: WEB-EXC-25-001. | | | | WEB-EXC-25-003 | TODO | | SPRINT_213_web_ii | BE-Base Platform Guild, Platform Events Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Publish `exception.*` events, integrate with notification hooks, enforce rate limits. Dependencies: WEB-EXC-25-002. | | | | WEB-EXPORT-35-001 | TODO | | SPRINT_213_web_ii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Surface Export Center APIs (profiles/runs/download) through gateway with tenant scoping, streaming support, and viewer/operator scope checks. | | | | WEB-EXPORT-36-001 | TODO | | SPRINT_213_web_ii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add distribution routes (OCI/object storage), manifest/provenance proxies, and signed URL generation. Dependencies: WEB-EXPORT-35-001. | | | | WEB-EXPORT-37-001 | TODO | | SPRINT_213_web_ii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose scheduling, retention, encryption parameters, and verification endpoints with admin scope enforcement and audit logs. Dependencies: WEB-EXPORT-36-001. | | | | WEB-GRAPH-21-001 | BLOCKED | 2025-10-27 | SPRINT_213_web_ii | BE-Base Platform Guild, Graph Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add gateway routes for graph versions/viewport/node/path/diff/export endpoints with tenant enforcement, scope checks, and streaming responses; proxy Policy Engine diff toggles without inline logic. Adopt `StellaOpsScopes` constants for RBAC enforcement. | | | | WEB-GRAPH-21-002 | BLOCKED | 2025-10-27 | SPRINT_213_web_ii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement bbox/zoom/path parameter validation, pagination tokens, and deterministic ordering; add contract tests for boundary conditions. Dependencies: WEB-GRAPH-21-001. | | | | WEB-GRAPH-21-003 | BLOCKED | 2025-10-27 | SPRINT_213_web_ii | BE-Base Platform Guild, QA Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Map graph service errors to `ERR_Graph_*`, support GraphML/JSONL export streaming, and document rate limits. Dependencies: WEB-GRAPH-21-002. | | | | WEB-GRAPH-21-004 | BLOCKED | 2025-10-27 | SPRINT_213_web_ii | BE-Base Platform Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Proxy Policy Engine overlay responses for graph endpoints while keeping gateway stateless; maintain streaming budgets and latency SLOs. Dependencies: WEB-GRAPH-21-003. | | | | WEB-GRAPH-24-001 | TODO | | SPRINT_213_web_ii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Gateway proxy for Graph API and Policy overlays with RBAC, caching, pagination, ETags, and streaming; zero business logic. Dependencies: WEB-GRAPH-21-004. | | | | WEB-GRAPH-24-004 | TODO | | SPRINT_213_web_ii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Embed AOC summaries sourced from overlay services; ensure gateway does not compute derived severity or hints. Dependencies: WEB-GRAPH-24-001. | | | | WEB-LNM-21-001 | TODO | | SPRINT_213_web_ii | BE-Base Platform Guild, Concelier WebService Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Surface new `/advisories/*` APIs through gateway with caching, pagination, and RBAC enforcement (`advisory:read`). | | | | WEB-LNM-21-002 | TODO | | SPRINT_213_web_ii | BE-Base Platform Guild, Excititor WebService Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose `/vex/*` read APIs with evidence routes and export handlers; map `ERR_AGG_*` codes. Dependencies: WEB-LNM-21-001. | | | | WEB-LNM-21-003 | TODO | | SPRINT_214_web_iii | BE-Base Platform Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Provide combined endpoint for Console to fetch policy result + source evidence (advisory + VEX linksets) for a component. Dependencies: WEB-LNM-21-002. | | | | WEB-NOTIFY-38-001 | TODO | | SPRINT_214_web_iii | BE-Base Platform Guild | src/Web/StellaOps.Web | Route notifier APIs (`/notifications/*`) and WS feed through gateway with tenant scoping, viewer/operator scope enforcement, and SSE/WebSocket bridging. | Depends on #1 for signed ack spec | NOWB0101 | | WEB-NOTIFY-39-001 | TODO | | SPRINT_214_web_iii | BE-Base Platform Guild | src/Web/StellaOps.Web | Surface digest scheduling, quiet-hour/throttle management, and simulation APIs; ensure rate limits and audit logging. Dependencies: WEB-NOTIFY-38-001. | WEB-NOTIFY-38-001 | NOWB0101 | | WEB-NOTIFY-40-001 | TODO | | SPRINT_214_web_iii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose escalation, localization, channel health, and ack verification endpoints with admin scope enforcement and signed token validation. Dependencies: WEB-NOTIFY-39-001. | | | | WEB-OAS-61-001 | TODO | | SPRINT_124_excititor_vi | Excititor WebService Guild (src/Excititor/StellaOps.Excititor.WebService) | src/Excititor/StellaOps.Excititor.WebService | | | | | WEB-OAS-61-002 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | | | WEB-OAS-62-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | | | WEB-OAS-63-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild, API Governance Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | | | WEB-OBS-50-001 | TODO | | SPRINT_214_web_iii | BE-Base Platform Guild, Observability Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Integrate `StellaOps.Telemetry.Core` into gateway host, replace ad-hoc logging, ensure all routes emit trace/span IDs, tenant context, and scrubbed payload previews. | | | | WEB-OBS-51-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Paired with #1 for shared middleware | Paired with #1 for shared middleware | CNOB0102 | | WEB-OBS-52-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Dependent on CLI/VEX readiness (035_CLCI0105) for payload format | Dependent on CLI/VEX readiness (035_CLCI0105) for payload format | CNOB0102 | | WEB-OBS-53-001 | TODO | | SPRINT_117_concelier_vi | Concelier WebService Guild · Evidence Locker Guild | src/Concelier/StellaOps.Concelier.WebService | Needs Evidence Locker API spec from 002_ATEL0101 | Needs Evidence Locker API spec from 002_ATEL0101 | CNOB0102 | | WEB-OBS-54-001 | TODO | | SPRINT_117_concelier_vi | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Relies on shared exporter (1039_EXPORT-OBS-54-001) | Relies on shared exporter (1039_EXPORT-OBS-54-001) | CNOB0102 | | WEB-OBS-55-001 | TODO | | SPRINT_117_concelier_vi | Concelier WebService Guild · DevOps Guild | src/Concelier/StellaOps.Concelier.WebService | Wait for DevOps alert profiles (045_DVDO0103) | Wait for DevOps alert profiles (045_DVDO0103) | CNOB0102 | | WEB-OBS-56-001 | TODO | | SPRINT_214_web_iii | BE-Base Platform Guild, AirGap Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Extend telemetry core integration to expose sealed/unsealed status APIs, drift metrics, and Console widgets without leaking sealed-mode secrets. Dependencies: WEB-OBS-55-001. | | | | WEB-ORCH-32-001 | TODO | | SPRINT_214_web_iii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose `/orchestrator/sources | | | | WEB-ORCH-33-001 | TODO | | SPRINT_215_web_iv | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add POST action routes (`pause. Dependencies: WEB-ORCH-32-001. | | | | WEB-ORCH-34-001 | TODO | | SPRINT_215_web_iv | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Surface quotas/backfill APIs, queue/backpressure metrics, and error clustering routes with admin scope enforcement and audit logging. Dependencies: WEB-ORCH-33-001. | | | | WEB-POLICY-20-001 | TODO | | SPRINT_215_web_iv | BE-Base Platform Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement Policy CRUD/compile/run/simulate/findings/explain endpoints with OpenAPI, tenant scoping, and service identity enforcement. | | | | WEB-POLICY-20-002 | TODO | | SPRINT_215_web_iv | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add pagination, filtering, sorting, and tenant guards to listings for policies, runs, and findings; include deterministic ordering and query diagnostics. Dependencies: WEB-POLICY-20-001. | | | | WEB-POLICY-20-003 | TODO | | SPRINT_215_web_iv | BE-Base Platform Guild, QA Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Map engine errors to `ERR_POL_*` responses with consistent payloads and contract tests; expose correlation IDs in headers. Dependencies: WEB-POLICY-20-002. | | | | WEB-POLICY-20-004 | TODO | | SPRINT_215_web_iv | Platform Reliability Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Introduce adaptive rate limiting + quotas for simulation endpoints, expose metrics, and document retry headers. Dependencies: WEB-POLICY-20-003. | | | | WEB-POLICY-23-001 | BLOCKED | 2025-10-29 | SPRINT_215_web_iv | BE-Base Platform Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement API endpoints for creating/listing/fetching policy packs and revisions (`/policy/packs`, `/policy/packs/{id}/revisions`) with pagination, RBAC, and AOC metadata exposure. (Tracked via Sprint 18.5 gateway tasks.). Dependencies: WEB-POLICY-20-004. | | | | WEB-POLICY-23-002 | BLOCKED | 2025-10-29 | SPRINT_215_web_iv | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add activation endpoint with scope windows, conflict checks, and optional 2-person approval integration; emit events on success. (Tracked via Sprint 18.5 gateway tasks.). Dependencies: WEB-POLICY-23-001. | | | | WEB-POLICY-23-003 | TODO | | SPRINT_215_web_iv | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Provide `/policy/simulate` and `/policy/evaluate` endpoints with streaming responses, rate limiting, and error mapping. Dependencies: WEB-POLICY-23-002. | | | | WEB-POLICY-23-004 | TODO | | SPRINT_215_web_iv | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose explain history endpoints (`/policy/runs`, `/policy/runs/{id}`) including decision tree, sources consulted, and AOC chain. Dependencies: WEB-POLICY-23-003. | | | | WEB-POLICY-27-001 | TODO | | SPRINT_215_web_iv | BE-Base Platform Guild | src/Web/StellaOps.Web | Surface Policy Registry APIs (`/policy/workspaces`, `/policy/versions`, `/policy/reviews`, `/policy/registry`) with tenant scoping, RBAC, validation. | WEB-POLICY-23-004 | WEPO0101 | | WEB-POLICY-27-002 | TODO | | SPRINT_215_web_iv | BE-Base Platform Guild | src/Web/StellaOps.Web | Implement review lifecycle endpoints (open/comment/approve/reject) with audit headers + webhooks. | WEB-POLICY-27-001 | WEPO0101 | | WEB-POLICY-27-003 | TODO | | SPRINT_215_web_iv | Platform Reliability Guild | src/Web/StellaOps.Web | Provide quick/batch simulation endpoints with SSE progress + result pagination. | WEB-POLICY-27-002 | WEPO0101 | | WEB-POLICY-27-004 | TODO | | SPRINT_215_web_iv | BE/Security Guild | src/Web/StellaOps.Web | Add publish/sign/promote/rollback endpoints w/ idempotent request IDs, canary params, scope enforcement, events. | WEB-POLICY-27-003 | WEPO0101 | | WEB-POLICY-27-005 | TODO | | SPRINT_215_web_iv | BE/Observability Guild | src/Web/StellaOps.Web | Instrument metrics/logs for compile latency, simulation queue, approval latency, promotion actions. | WEB-POLICY-27-004 | WEPO0101 | | WEB-RISK-66-001 | TODO | | SPRINT_216_web_v | BE-Base Platform Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose risk profile/results endpoints through gateway with tenant scoping, pagination, and rate limiting. | | | | WEB-RISK-66-002 | TODO | | SPRINT_216_web_v | BE-Base Platform Guild, Risk Engine Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add signed URL handling for explanation blobs and enforce scope checks. Dependencies: WEB-RISK-66-001. | | | | WEB-RISK-67-001 | TODO | | SPRINT_216_web_v | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Provide aggregated risk stats (`/risk/status`) for Console dashboards (counts per severity, last computation). Dependencies: WEB-RISK-66-002. | | | | WEB-RISK-68-001 | TODO | | SPRINT_216_web_v | BE-Base Platform Guild, Notifications Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Emit events on severity transitions via gateway to notifier bus with trace metadata. Dependencies: WEB-RISK-67-001. | | | | WEB-SIG-26-001 | TODO | | SPRINT_216_web_v | BE-Base Platform Guild, Signals Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Surface `/signals/callgraphs`, `/signals/facts` read/write endpoints with pagination, ETags, and RBAC. | | | | WEB-SIG-26-002 | TODO | | SPRINT_216_web_v | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Extend `/policy/effective` and `/vuln/explorer` responses to include reachability scores/states and allow filtering. Dependencies: WEB-SIG-26-001. | | | | WEB-SIG-26-003 | TODO | | SPRINT_216_web_v | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add reachability override parameters to `/policy/simulate` and related APIs for what-if analysis. Dependencies: WEB-SIG-26-002. | | | | WEB-TEN-47-001 | TODO | | SPRINT_216_web_v | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement JWT verification, tenant activation from headers, scope matching, and decision audit emission for all API endpoints. | | | | WEB-TEN-48-001 | TODO | | SPRINT_216_web_v | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Set DB session `stella.tenant_id`, enforce tenant/project checks on persistence, prefix object storage paths, and stamp audit metadata. Dependencies: WEB-TEN-47-001. | | | | WEB-TEN-49-001 | TODO | | SPRINT_216_web_v | BE-Base Platform Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Integrate optional ABAC overlay with Policy Engine, expose `/audit/decisions` API, and support service token minting endpoints. Dependencies: WEB-TEN-48-001. | | | | WEB-VEX-30-007 | TODO | | SPRINT_216_web_v | BE-Base Platform Guild, VEX Lens Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Route `/vex/consensus` APIs with tenant RBAC/ABAC, caching, and streaming; surface telemetry and trace IDs without gateway-side overlay logic. | | | | WEB-VULN-29-001 | TODO | | SPRINT_216_web_v | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose `/vuln/*` endpoints via gateway with tenant scoping, RBAC/ABAC enforcement, anti-forgery headers, and request logging. | | | | WEB-VULN-29-002 | TODO | | SPRINT_216_web_v | BE-Base Platform Guild, Findings Ledger Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Forward workflow actions to Findings Ledger with idempotency headers and correlation IDs; handle retries/backoff. Dependencies: WEB-VULN-29-001. | | | | WEB-VULN-29-003 | TODO | | SPRINT_216_web_v | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Provide simulation and export orchestration routes with SSE/progress headers, signed download links, and request budgeting. Dependencies: WEB-VULN-29-002. | | | | WEB-VULN-29-004 | TODO | | SPRINT_216_web_v | BE-Base Platform Guild, Observability Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Emit gateway metrics/logs (latency, error rates, export duration), propagate query hashes for analytics dashboards. Dependencies: WEB-VULN-29-003. | | | | WORKER-21-203 | TODO | | SPRINT_155_scheduler_i | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | | | WORKER-23-101 | TODO | | SPRINT_155_scheduler_i | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | | | WORKER-23-102 | TODO | | SPRINT_155_scheduler_i | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | | | WORKER-25-101 | TODO | | SPRINT_155_scheduler_i | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | | | WORKER-25-102 | TODO | | SPRINT_155_scheduler_i | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | | | WORKER-26-201 | TODO | | SPRINT_155_scheduler_i | Scheduler Worker Guild, Signals Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | | | WORKER-26-202 | TODO | | SPRINT_156_scheduler_ii | Scheduler Worker Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | | | WORKER-27-301 | TODO | | SPRINT_156_scheduler_ii | Scheduler Worker Guild, Policy Registry Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | | | WORKER-27-302 | TODO | | SPRINT_156_scheduler_ii | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | | | WORKER-27-303 | TODO | | SPRINT_156_scheduler_ii | Scheduler Worker Guild, Security Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | | | WORKER-29-001 | TODO | | SPRINT_156_scheduler_ii | Scheduler Worker Guild, Findings Ledger Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | | | WORKER-29-002 | TODO | | SPRINT_156_scheduler_ii | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | | | WORKER-29-003 | TODO | | SPRINT_156_scheduler_ii | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | | | WORKER-CONSOLE-23-201 | TODO | | SPRINT_156_scheduler_ii | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | | | WORKER-CONSOLE-23-202 | TODO | | SPRINT_156_scheduler_ii | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | | | WORKER-GO-32-001 | TODO | | SPRINT_153_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | Bootstrap Go SDK project with configuration binding, auth headers, job claim/acknowledge client, and smoke sample. | | | | WORKER-GO-32-002 | TODO | | SPRINT_153_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | Add heartbeat/progress helpers, structured logging hooks, Prometheus metrics, and jittered retry defaults. Dependencies: WORKER-GO-32-001. | | | | WORKER-GO-33-001 | TODO | | SPRINT_153_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | Implement artifact publish helpers (object storage client, checksum hashing, metadata payload) and idempotency guard. Dependencies: WORKER-GO-32-002. | | | | WORKER-GO-33-002 | TODO | | SPRINT_153_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | Provide error classification/retry helper, exponential backoff controls, and structured failure reporting to orchestrator. Dependencies: WORKER-GO-33-001. | | | | WORKER-GO-34-001 | TODO | | SPRINT_153_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | Add backfill range execution helpers, watermark handshake utilities, and artifact dedupe verification for backfills. Dependencies: WORKER-GO-33-002. | | | | WORKER-PY-32-001 | TODO | | SPRINT_153_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | Bootstrap asyncio-based Python SDK (config, auth headers, job claim/ack) plus sample worker script. | | | | WORKER-PY-32-002 | TODO | | SPRINT_153_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | Implement heartbeat/progress helpers with structured logging, metrics exporter, and cancellation-safe retries. Dependencies: WORKER-PY-32-001. | | | | WORKER-PY-33-001 | TODO | | SPRINT_153_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | Add artifact publish/idempotency helpers (object storage adapters, checksum hashing, metadata payload) for Python workers. Dependencies: WORKER-PY-32-002. | | | | WORKER-PY-33-002 | TODO | | SPRINT_153_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | Provide error classification/backoff helper mapping to orchestrator codes, including jittered retries and structured failure reports. Dependencies: WORKER-PY-33-001. | | | | WORKER-PY-34-001 | TODO | | SPRINT_153_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | Implement backfill range iteration, watermark handshake, and artifact dedupe verification utilities for Python workers. Dependencies: WORKER-PY-33-002. | | | | ZAS-002 | TODO | | SPRINT_400_runtime_facts_static_callgraph_union | Zastava Observer Guild (`src/Zastava/StellaOps.Zastava.Observer`, `docs/modules/zastava/architecture.md`, `docs/reachability/function-level-evidence.md`) | `src/Zastava/StellaOps.Zastava.Observer`, `docs/modules/zastava/architecture.md`, `docs/reachability/function-level-evidence.md` | | | | | ZASTAVA-DOCS-0001 | TODO | | SPRINT_335_docs_modules_zastava | Docs Guild (docs/modules/zastava) | docs/modules/zastava | See ./AGENTS.md | | | | ZASTAVA-ENG-0001 | TODO | | SPRINT_335_docs_modules_zastava | Module Team (docs/modules/zastava) | docs/modules/zastava | Update status via ./AGENTS.md workflow | | | | ZASTAVA-ENV-01 | TODO | | SPRINT_140_runtime_signals | | | Observer adoption of Surface.Env helpers paused while Surface.FS cache contract finalizes. | | | | ZASTAVA-ENV-02 | TODO | | SPRINT_140_runtime_signals | | | Webhook helper migration follows ENV-01 completion. | | | | ZASTAVA-OPS-0001 | TODO | | SPRINT_335_docs_modules_zastava | Ops Guild (docs/modules/zastava) | docs/modules/zastava | Sync outcomes back to ../.. | | | | ZASTAVA-REACH-201-001 | TODO | | SPRINT_400_runtime_facts_static_callgraph_union | Zastava Observer Guild (`src/Zastava/StellaOps.Zastava.Observer`) | `src/Zastava/StellaOps.Zastava.Observer` | Implement runtime symbol sampling in `StellaOps.Zastava.Observer` (EntryTrace-aware shell AST + build-id capture) and stream ND-JSON batches to Signals `/runtime-facts`, including CAS pointers for traces. Update runbook + config references. | | | | ZASTAVA-SECRETS-01 | TODO | | SPRINT_140_runtime_signals | | | Surface.Secrets wiring for Observer pending published cache endpoints. | | | | ZASTAVA-SECRETS-02 | TODO | | SPRINT_140_runtime_signals | | | Webhook secret retrieval cascades from SECRETS-01 work. | | | | ZASTAVA-SURFACE-01 | TODO | | SPRINT_140_runtime_signals | | | Surface.FS client integration blocked on Scanner layer metadata; tests ready once packages mirror offline dependencies. | | | | ZASTAVA-SURFACE-02 | TODO | | SPRINT_136_scanner_surface | Zastava Observer Guild (src/Zastava/StellaOps.Zastava.Observer) | src/Zastava/StellaOps.Zastava.Observer | Use Surface manifest reader helpers to resolve `cas://` pointers and enrich drift diagnostics with manifest provenance. | SURFACE-FS-02; ZASTAVA-SURFACE-01 | | | guard unit tests` | TODO | | SPRINT_116_concelier_v | QA Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | Add unit tests for schema validators, forbidden-field guards (`ERR_AOC_001/2/6/7`), and supersedes chains to keep ingestion append-only. Depends on CONCELIER-WEB-AOC-19-002. | | | | store wiring` | TODO | | SPRINT_113_concelier_ii | Concelier Storage Guild (src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo) | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | Move large raw payloads to object storage with deterministic pointers, update bootstrapper/offline kit seeds, and guarantee provenance metadata remains intact. Depends on CONCELIER-LNM-21-102. | | NOTY0105 |