# Sprint 505 · Ops & Offline — 190.B) Ops DevOps III

## Topic & Scope
- Phase III of Ops & Offline stream (IMPL 190.B), following Ops DevOps II.
- Focus on CI/observability/offline hardening across export, graph, OAS, symbols, SLO tooling, and ledger packs.
- **Working directory:** docs/implplan (coordination); artefacts live under `.gitea/workflows/`, `deploy/`, and relevant module repos per task ownership.

## Dependencies & Concurrency
- Upstream dependency: Sprint 190.B (Ops DevOps II) must be DONE.
- Task-level dependencies captured in the tracker; observe serial order for OAS and HELM-style chains.

## Documentation Prerequisites
- docs/README.md
- docs/07_HIGH_LEVEL_ARCHITECTURE.md
- docs/modules/platform/architecture-overview.md
- Existing CI/OAS runbooks referenced by tasks.

## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| 1 | DEVOPS-EXPORT-36-001 | DONE (2025-11-24) | Depends on DEVOPS-EXPORT-35-001 | DevOps Guild, Exporter Service Guild | Integrate Trivy compat validation, cosign signature checks, `trivy module db import` smoke tests, OCI distribution verification, throughput/error dashboards |
| 2 | DEVOPS-EXPORT-37-001 | DONE (2025-11-24) | Depends on DEVOPS-EXPORT-36-001 | DevOps Guild, Exporter Service Guild | Finalize exporter monitoring (failure alerts, metrics verification, retention jobs) and chaos/latency tests pre-GA |
| 3 | DEVOPS-GRAPH-24-001 | DONE (2025-11-24) | None | DevOps Guild, SBOM Service Guild | Load test graph index/adjacency APIs with 40k-node assets; capture perf dashboards & alert thresholds |
| 4 | DEVOPS-GRAPH-24-002 | DONE (2025-11-24) | Depends on DEVOPS-GRAPH-24-001 | DevOps Guild, UI Guild | Synthetic UI perf runs (Playwright/WebGL) for Graph/Vuln explorers; fail builds on regression |
| 5 | DEVOPS-GRAPH-24-003 | DONE (2025-11-24) | Depends on DEVOPS-GRAPH-24-002 | DevOps Guild | Smoke job for simulation endpoints enforcing SLA (<3s upgrade) with logged results |
| 6 | DEVOPS-LNM-TOOLING-22-000 | BLOCKED | Await upstream storage backfill tool specs & Excititor migration outputs | DevOps, Concelier, Excititor Guilds | Package/tooling for linkset/advisory migrations |
| 7 | DEVOPS-LNM-22-001 | BLOCKED (2025-10-27) | Blocked on DEVOPS-LNM-TOOLING-22-000 | DevOps Guild, Concelier Guild | Run migration/backfill pipelines for advisory observations/linksets in staging, validate counts/conflicts, automate deployment |
| 8 | DEVOPS-LNM-22-002 | BLOCKED (2025-10-27) | Blocked on DEVOPS-LNM-22-001 and Excititor storage migration | DevOps Guild, Excititor Guild | Execute VEX observation/linkset backfill with monitoring; ensure NATS/Redis events; document ops runbook |
| 9 | DEVOPS-LNM-22-003 | TODO | Depends on DEVOPS-LNM-22-002 | DevOps Guild, Observability Guild | Add CI/monitoring for new metrics (`advisory_observations_total`, `linksets_total`, ingest→API SLA alerts) |
| 10 | DEVOPS-OAS-61-001 | DONE (2025-11-24) | None | DevOps Guild, API Contracts Guild | Add CI stages for OpenAPI lint, validation, compat diff; enforce PR gating |
| 11 | DEVOPS-OAS-61-002 | DONE (2025-11-24) | Depends on DEVOPS-OAS-61-001 | DevOps Guild, Contract Testing Guild | Mock server + contract test suite in PR/nightly; publish artifacts |
| 12 | DEVOPS-OPENSSL-11-001 | DONE (2025-11-24) | None | DevOps Guild, Build Infra Guild | Package OpenSSL 1.1 shim into test harness outputs for Mongo2Go suites |
| 13 | DEVOPS-OPENSSL-11-002 | DONE (2025-11-24) | Depends on DEVOPS-OPENSSL-11-001 | DevOps Guild, CI Guild | Ensure CI runners/docker export `LD_LIBRARY_PATH` (or embed shim) for unattended pipelines |
| 14 | DEVOPS-OBS-51-001 | DONE (2025-11-24) | Depends on DEVOPS-OBS-50-002 | DevOps Guild, Observability Guild | SLO evaluator service, dashboards, alerts, Terraform/Helm automation |
| 15 | DEVOPS-OBS-52-001 | DONE (2025-11-24) | Depends on DEVOPS-OBS-51-001 | DevOps Guild, Timeline Indexer Guild | Streaming pipeline (NATS/Redis/Kafka) with retention/partitioning/backpressure; CI schema + rate-cap validation |
| 16 | DEVOPS-OBS-53-001 | DONE (2025-11-24) | Depends on DEVOPS-OBS-52-001 | DevOps Guild, Evidence Locker Guild | Object storage WORM/immutability, legal hold automation, backup/restore scripts |
| 17 | DEVOPS-OBS-54-001 | DONE (2025-11-24) | Depends on DEVOPS-OBS-53-001 | DevOps Guild, Security Guild | Provenance signing infra (KMS keys, rotation, TSA) + CI verification jobs |
| 18 | DEVOPS-SCAN-90-004 | DONE (2025-11-24) | Depends on SCAN-DETER-186-009/010 | DevOps Guild, Scanner Guild | CI job for scanner determinism harness; uploads `determinism.json`; gates release |
| 19 | DEVOPS-SYMS-90-005 | DONE (2025-11-24) | Depends on SYMS-SERVER-401-011/013 | DevOps Guild, Symbols Guild | Deploy Symbols.Server; smoke via compose/MinIO/Mongo; alerts; reusable smoke workflow |
| 20 | DEVOPS-LEDGER-OAS-61-001-REL | BLOCKED (2025-11-24) | Waiting on Findings Ledger OpenAPI sources/examples | DevOps Guild, Findings Ledger Guild | Add lint/diff/publish gates once spec exists |
| 21 | DEVOPS-LEDGER-OAS-61-002-REL | BLOCKED (2025-11-24) | `.well-known/openapi` payload pending | DevOps Guild, Findings Ledger Guild | Release validation for host metadata |
| 22 | DEVOPS-LEDGER-OAS-62-001-REL | BLOCKED (2025-11-24) | Await finalized Ledger OAS/versioning | DevOps Guild, Findings Ledger Guild | SDK generation/signing for Ledger |
| 23 | DEVOPS-LEDGER-OAS-63-001-REL | BLOCKED (2025-11-24) | Await OAS change log/lifecycle policy | DevOps Guild, Findings Ledger Guild | Deprecation governance artefacts |
| 24 | DEVOPS-LEDGER-PACKS-42-001-REL | BLOCKED (2025-11-24) | Await schema + storage contract | DevOps Guild, Findings Ledger Guild | Snapshot/time-travel export packaging |
| 25 | DEVOPS-LEDGER-PACKS-42-002-REL | TODO | Depends on DEVOPS-LEDGER-PACKS-42-001-REL | DevOps Guild, Findings Ledger Guild | Add pack signing + integrity verification job to release bundles |

## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2025-11-24 | Completed DEVOPS-OAS-61-001/002: added OAS CI workflow `.gitea/workflows/oas-ci.yml` (compose, lint, examples, compat diff, contract tests, aggregate spec upload). | Implementer |
| 2025-11-24 | Completed DEVOPS-OPENSSL-11-001: copied OpenSSL 1.1 shim into all test outputs via shared Directory.Build.props; Authority Mongo2Go tests pass. | Implementer |
| 2025-12-02 | Normalized sprint file to standard template; preserved task statuses and dependencies. | StellaOps Agent |

## Decisions & Risks
- Many tasks blocked by upstream artefacts (DEVOPS-LNM-TOOLING, Ledger OAS, storage migrations). Resolution requires upstream teams delivering specs/data.
- Offline posture: ensure all deployment/CI assets use pinned digests and avoid live internet pulls for air-gapped kits.

## Next Checkpoints
- None scheduled; add dates when guild checkpoints are set.