# Findings Ledger

Immutable, append-only event ledger for tracking vulnerability findings, policy decisions, and workflow state changes across the StellaOps platform.

## Purpose

- **Audit trail**: Every finding state change (open, triage, suppress, resolve) is recorded with cryptographic hashes and actor metadata.
- **Deterministic replay**: Events can be replayed to reconstruct finding states at any point in time.
- **Merkle anchoring**: Event chains are Merkle-linked for tamper-evident verification.
- **Tenant isolation**: All events are partitioned by tenant with cross-tenant access forbidden.

## Quick links
- FL1–FL10 remediation tracker: `gaps-FL1-FL10.md`
- Schema catalog (events/projections/exports): `schema-catalog.md`
- Merkle & external anchor policy: `merkle-anchor-policy.md`
- Tenant isolation & redaction manifest: `tenant-isolation-redaction.md`

## Implementation Status

### Delivery Phases
- **Phase 1 – Observability baselines:** Instrument writer/projector with metrics, structured logs, OTLP exporters, Grafana dashboards + alert rules
- **Phase 2 – Determinism harness:** Finalize NDJSON fixtures for ≥5M findings/tenant, implement replay harness CLI, add CI pipeline jobs
- **Phase 3 – Deployment & backup collateral:** Integrate ledger service into Compose/Helm, automate PostgreSQL migrations, document backup cadence
- **Phase 4 – Provenance & air-gap extensions:** Ingest orchestrator run export metadata, extend ledger events for bundle provenance, store attestation pointers

### Key Dependencies
- AdvisoryAI Sprint 110.A completion (raw findings parity)
- Observability schema approval to unblock Phase 1 instrumentation
- QA lab capacity for 5M replay checkpoint
- DevOps review of Compose/Helm overlays
- Orchestrator export schema freeze for provenance linkage

### Acceptance Criteria
- Metrics/logging/tracing implementation merged with dashboards exported
- Harness CLI + fixtures + signed reports committed
- Compose/Helm overlays + backup/restore runbooks validated
- Air-gap provenance fields documented + implemented
- Sprint tracker and release notes updated after each phase