# Sprint 0154-0001-0001 · Packs Registry (Scheduling & Automation 150.B) ## Topic & Scope - Stand up Packs Registry service: indexing, provenance storage, signature verification, and lifecycle management. - Add version lifecycle (promote/deprecate), provenance exports, mirroring, attestation integration, and compliance dashboards. - Keep registry offline-friendly with RBAC, audit logs, and Offline Kit seed support. - **Working directory:** `src/PacksRegistry/StellaOps.PacksRegistry`. ## Dependencies & Concurrency - Upstream: Sprint 120.A (AirGap), 130.A (Scanner), 140.A (Graph) provide pack metadata and graph inputs. - Concurrency: execution followed table order; all tasks now DONE. ## Documentation Prerequisites - docs/README.md - docs/07_HIGH_LEVEL_ARCHITECTURE.md - docs/modules/platform/architecture-overview.md - docs/modules/graph/architecture.md - docs/modules/devops/architecture.md - Any PacksRegistry AGENTS.md (if present under src/PacksRegistry). > **BLOCKED Tasks:** Before working on BLOCKED tasks, review [BLOCKED_DEPENDENCY_TREE.md](./BLOCKED_DEPENDENCY_TREE.md) for root blockers and dependencies. ## Delivery Tracker | # | Task ID | Status | Key dependency / next step | Owners | Task Definition | | --- | --- | --- | --- | --- | --- | | 1 | PACKS-REG-41-001 | DONE (2025-11-25) | Start registry service + migrations. | Packs Registry Guild (`src/PacksRegistry/StellaOps.PacksRegistry`) | Implement registry service, migrations (`packs_index`, `parity_matrix`, provenance docs); upload/list/get; signature verification; RBAC; provenance manifest storage. | | 2 | PACKS-REG-42-001 | DONE (2025-11-25) | Depends on 41-001. | Packs Registry Guild | Version lifecycle (promote/deprecate), tenant allowlists, provenance export, signature rotation, audit logs, Offline Kit seed support. | | 3 | PACKS-REG-43-001 | DONE (2025-11-25) | Depends on 42-001. | Packs Registry Guild | Registry mirroring, pack signing policies, attestation integration, compliance dashboards; integrate with Export Center. | ## Wave Coordination - Single wave (150.B Packs Registry). Parallel waves tracked under Sprint 150 umbrella are out of scope here. ## Wave Detail Snapshots - 150.B Packs Registry — all Delivery Tracker items marked DONE as of 2025-11-25. ## Interlocks - Upstream contracts from AirGap/Scanner/Graph (Sprint 120.A/130.A/140.A) assumed stable; re-open risk if schemas change. ## Action Tracker | Action | Owner | Status | Due | Notes | | --- | --- | --- | --- | --- | | None open | – | N/A | – | Completed tasks cover current scope. | ## Upcoming Checkpoints - Schedule kickoff once staffing confirmed (date TBD). ## Decisions & Risks - Registry relies on upstream pack metadata/graph contracts; keep schema aligned before migrations run. - Ensure offline posture: signature verification, provenance storage, audit logs, and Offline Kit seeds are mandatory before GA. ## Execution Log | Date (UTC) | Update | Owner | | --- | --- | --- | | 2025-11-08 | Sprint stub created; awaiting staffing. | Planning | | 2025-11-19 | Normalized sprint to standard template and renamed from `SPRINT_154_packsregistry.md` to `SPRINT_0154_0001_0001_packsregistry.md`; content preserved. | Implementer | | 2025-11-19 | Added legacy-file redirect stub to avoid divergent updates. | Implementer | | 2025-11-24 | Started PACKS-REG-41-001: added core pack service with hash verification, in-memory + file repos, WebService endpoints for upload/list/get/content download; tests cover upload/list/content + signature failure. RBAC, migrations, and real signature verification remain pending. | Implementer | | 2025-11-24 | Added API-key guard, RSA signature verifier option, tenant checks, provenance upload/digest/storage, and `/provenance` download; integration + RSA verifier tests added. | Implementer | | 2025-11-24 | Exposed digest headers on downloads, added manifest endpoint, health check, and documented auth/tenant rules in PacksRegistry AGENTS. | Implementer | | 2025-11-24 | Added Mongo option with initializer ensuring packs/blobs/parity collections + indexes; configurable collections via PacksRegistry:Mongo. | Implementer | | 2025-11-24 | Added Pack Manifest OpenAPI stub (`src/PacksRegistry/StellaOps.PacksRegistry/StellaOps.PacksRegistry.WebService/OpenApi/pack-manifest.openapi.json`) covering manifest response/auth headers. | Implementer | | 2025-11-24 | Added parity matrix scaffolding: parity model/service/repos (memory/file/mongo) and endpoints `/api/v1/packs/{id}/parity` (GET/POST) with auth/tenant enforcement; tests updated. | Implementer | | 2025-11-24 | Added packs OpenAPI stub (`OpenApi/packs.openapi.json`) documenting upload/list/get/content/provenance/manifest/parity endpoints and auth headers. | Implementer | | 2025-11-25 | Started PACKS-REG-42-001 to add lifecycle/rbac hardening, provenance export, signature rotation, audit logs, and offline seed support. | Implementer | | 2025-11-25 | Completed PACKS-REG-42-001: lifecycle/parity listing + audit trail repos (file/memory/mongo), signature rotation endpoint, offline-seed zip export with provenance/content, tenant allowlist enforcement on listings, OpenAPI updates; upgraded tests to ASP.NET Core 10 RC and added coverage for exports/rotation. | Implementer | | 2025-11-25 | Completed PACKS-REG-43-001: attestation storage/download APIs (file/memory/mongo), mirror registry CRUD/sync endpoints, pack signing policy option, compliance summary endpoint, OpenAPI v0.3 updated; all tests green. | Implementer | | 2025-11-25 | Closed PACKS-REG-41-001 after migrations, RBAC, signature verification, digest headers, and content/provenance storage completed. | Implementer | | 2025-11-30 | Re-applied legacy file redirect stub and added template sections (wave/interlocks/action tracker/upcoming checkpoints); no task status changes. | Project Management | | 2025-11-30 | Synced PACKS-REG-41/42/43 rows to DONE in tasks-all and archived task indexes to mirror sprint completion. | Project Management | | 2025-11-30 | Ran `StellaOps.PacksRegistry.Tests` (net10.0) — restore from local feed succeeded; 8 tests passed, 0 failed. | Implementer |