master
66cb6c4b8a
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
- Introduced guild charters for Scanner Deno, PHP, Ruby, Native, WebService, Java, Surface.Env, Surface.FS, Surface.Secrets, Surface.Validation, UI, Zastava Observer, Zastava Webhook, Zastava Core, and Plugin Platform. - Each charter outlines the mission, scope, required reading, and working agreements for the respective guilds. - Created task boards for Surface.Env, Surface.FS, Surface.Secrets, Surface.Validation, and Zastava components to track progress and dependencies. - Ensured all documents emphasize determinism, offline readiness, security, and integration with shared Surface libraries.
48 KiB
48 KiB
Sprint 180 - Experience & SDKs
[Experience & SDKs] 180.A) Cli.I Depends on: Sprint 120.A - AirGap, Sprint 130.A - Scanner, Sprint 150.A - Orchestrator, Sprint 170.A - Notifier Summary: Experience & SDKs focus on Cli (phase I).
| Task ID | State | Task description | Owners (Source) |
|---|---|---|---|
| CLI-AIAI-31-001 | TODO | Implement stella advise summarize command with JSON/Markdown outputs and citation display. |
DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-AIAI-31-002 | TODO | Implement stella advise explain showing conflict narrative and structured rationale. |
DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-AIAI-31-003 | TODO | Implement stella advise remediate generating remediation plans with --strategy filters and file output. |
DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-AIAI-31-004 | TODO | Implement stella advise batch for summaries/conflicts/remediation with progress + multi-status responses. |
DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-AIRGAP-56-001 | TODO | Implement `stella mirror create | DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-AIRGAP-56-002 | TODO | Ensure telemetry propagation under sealed mode (no remote exporters) while preserving correlation IDs; add label AirGapped-Phase-1. |
DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-AIRGAP-57-001 | TODO | Add stella airgap import with diff preview, bundle scope selection (--tenant, --global), audit logging, and progress reporting. |
DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-AIRGAP-57-002 | TODO | Provide `stella airgap seal | DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-AIRGAP-58-001 | TODO | Implement stella airgap export evidence helper for portable evidence packages, including checksum manifest and verification. |
DevEx/CLI Guild, Evidence Locker Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-ATTEST-73-001 | TODO | Implement stella attest sign (payload selection, subject digest, key reference, output format) using official SDK transport. |
CLI Attestor Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-ATTEST-73-002 | TODO | Implement stella attest verify with policy selection, explainability output, and JSON/table formatting. |
CLI Attestor Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-ATTEST-74-001 | TODO | Implement stella attest list with filters (subject, type, issuer, scope) and pagination. |
CLI Attestor Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-ATTEST-74-002 | TODO | Implement stella attest fetch to download envelopes and payloads to disk. |
CLI Attestor Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-ATTEST-75-001 | TODO | Implement `stella attest key create | CLI Attestor Guild, KMS Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-ATTEST-75-002 | TODO | Add support for building/verifying attestation bundles in CLI. | CLI Attestor Guild, Export Guild (src/Cli/StellaOps.Cli/TASKS.md) |
[Experience & SDKs] 180.A) Cli.II Depends on: Sprint 180.A - Cli.I Summary: Experience & SDKs focus on Cli (phase II).
| Task ID | State | Task description | Owners (Source) |
|---|---|---|---|
| CLI-CORE-41-001 | TODO | Implement CLI core features: config precedence, profiles/contexts, auth flows, output renderer (json/yaml/table), error mapping, global flags, telemetry opt-in. | DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-EXC-25-001 | TODO | Implement `stella exceptions list | DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-EXC-25-002 | TODO | Extend stella policy simulate with --with-exception/--without-exception flags to preview exception impact. |
DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-EXPORT-35-001 | BLOCKED (2025-10-29) | Implement `stella export profiles | DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-EXPORT-36-001 | TODO | Add distribution commands (stella export distribute, run download --resume enhancements) and improved status polling with progress bars. |
DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-EXPORT-37-001 | TODO | Provide scheduling (stella export schedule), retention, and export verify commands performing signature/hash validation. |
DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-FORENSICS-53-001 | TODO | Implement stella forensic snapshot create --case and snapshot list/show commands invoking evidence locker APIs, surfacing manifest digests, and storing local cache metadata. |
DevEx/CLI Guild, Evidence Locker Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-FORENSICS-54-001 | TODO | Provide stella forensic verify <bundle> command validating checksums, DSSE signatures, and timeline chain-of-custody. Support JSON/pretty output and exit codes for CI. |
DevEx/CLI Guild, Provenance Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-FORENSICS-54-002 | TODO | Implement stella forensic attest show <artifact> listing attestation details (signer, timestamp, subjects) and verifying signatures. |
DevEx/CLI Guild, Provenance Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-LNM-22-001 | TODO | Implement stella advisory obs get/linkset show/export commands with JSON/OSV output, pagination, and conflict display; ensure ERR_AGG_* mapping. |
DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-LNM-22-002 | TODO | Implement stella vex obs get/linkset show commands with product filters, status filters, and JSON output for CI usage. |
DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-NOTIFY-38-001 | BLOCKED (2025-10-29) | Implement `stella notify rules | DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-NOTIFY-39-001 | BLOCKED (2025-10-29) | Add simulation (stella notify simulate) and digest commands with diff output and schedule triggering, including dry-run mode. |
DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-NOTIFY-40-001 | TODO | Provide ack token redemption workflow, escalation management, localization previews, and channel health checks. | DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-OBS-50-001 | TODO | Ensure CLI HTTP client propagates traceparent headers for all commands, prints correlation IDs on failure, and records trace IDs in verbose logs (scrubbed). |
DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
[Experience & SDKs] 180.A) Cli.III Depends on: Sprint 180.A - Cli.II Summary: Experience & SDKs focus on Cli (phase III).
| Task ID | State | Task description | Owners (Source) |
|---|---|---|---|
| CLI-OBS-51-001 | TODO | Implement stella obs top command streaming service health metrics, SLO status, and burn-rate alerts with TUI view and JSON output. |
DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-OBS-52-001 | TODO | Add stella obs trace <trace_id> and stella obs logs --from/--to commands that correlate timeline events, logs, and evidence links with pagination + guardrails. |
DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-OBS-55-001 | TODO | Add `stella obs incident-mode enable | DevEx/CLI Guild, DevOps Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-ORCH-32-001 | TODO | Implement `stella orch sources | DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-ORCH-33-001 | TODO | Add action verbs (`sources test | DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-ORCH-34-001 | TODO | Provide backfill wizard (--from/--to --dry-run), quota management (`quotas get |
DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-PACKS-42-001 | TODO | Implement Task Pack commands (pack plan/run/push/pull/verify) with schema validation, expression sandbox, plan/simulate engine, remote execution. |
DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-PACKS-43-001 | TODO | Deliver advanced pack features (approvals pause/resume, secret injection, localization, man pages, offline cache). | DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-PARITY-41-001 | TODO | Deliver parity command groups (policy, sbom, vuln, vex, advisory, export, orchestrator) with --explain, deterministic outputs, and parity matrix entries. |
DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-PARITY-41-002 | TODO | Implement notify, aoc, auth command groups, idempotency keys, shell completions, config docs, and parity matrix export tooling. |
DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-POLICY-20-001 | TODO | Add `stella policy new | DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-POLICY-23-004 | TODO | Add stella policy lint command validating SPL files with compiler diagnostics; support JSON output. |
DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-POLICY-23-005 | DOING (2025-10-28) | Implement stella policy activate with scheduling window, approval enforcement, and summary output. |
DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-POLICY-23-006 | TODO | Provide stella policy history and stella policy explain commands to pull run history and explanation trees. |
DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-POLICY-27-001 | TODO | Implement policy workspace commands (stella policy init, edit, lint, compile, test) with template selection, local cache, JSON output, and deterministic temp directories. |
DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
[Experience & SDKs] 180.A) Cli.IV Depends on: Sprint 180.A - Cli.III Summary: Experience & SDKs focus on Cli (phase IV).
| Task ID | State | Task description | Owners (Source) |
|---|---|---|---|
| CLI-POLICY-27-002 | TODO | Add submission/review workflow commands (stella policy version bump, submit, review comment, approve, reject) supporting reviewer assignment, changelog capture, and exit codes. |
DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-POLICY-27-003 | TODO | Implement stella policy simulate enhancements (quick vs batch, SBOM selectors, heatmap summary, manifest download) with --json and Markdown report output for CI. |
DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-POLICY-27-004 | TODO | Add lifecycle commands for publish/promote/rollback/sign (stella policy publish --sign, promote --env, rollback) with attestation verification and canary arguments. |
DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-POLICY-27-005 | TODO | Update CLI reference and samples for Policy Studio including JSON schemas, exit codes, and CI snippets. | DevEx/CLI Guild, Docs Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-POLICY-27-006 | TODO | Update CLI policy profiles/help text to request the new Policy Studio scope family, surface ProblemDetails guidance for invalid_scope, and adjust regression tests for scope failures. |
DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-RISK-66-001 | TODO | Implement `stella risk profile list | DevEx/CLI Guild, Policy Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-RISK-66-002 | TODO | Ship stella risk simulate supporting SBOM/asset inputs, diff mode, and export to JSON/CSV. |
DevEx/CLI Guild, Risk Engine Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-RISK-67-001 | TODO | Provide stella risk results with filtering, severity thresholds, explainability fetch. |
DevEx/CLI Guild, Findings Ledger Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-RISK-68-001 | TODO | Add stella risk bundle verify and integrate with offline risk bundles. |
DevEx/CLI Guild, Export Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-SDK-62-001 | TODO | Replace bespoke HTTP clients with official SDK (TS/Go) for all CLI commands; ensure modular transport for air-gapped mode. | DevEx/CLI Guild, SDK Generator Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-SDK-62-002 | TODO | Update CLI error handling to surface standardized API error envelope with error.code and trace_id. |
DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-SDK-63-001 | TODO | Expose stella api spec download command retrieving aggregate OAS and verifying checksum/ETag. |
DevEx/CLI Guild, API Governance Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-SDK-64-001 | TODO | Add CLI subcommand stella sdk update to fetch latest SDK manifests/changelogs; integrate with Notifications for deprecations. |
DevEx/CLI Guild, SDK Release Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-SIG-26-001 | TODO | Implement stella reachability upload-callgraph and stella reachability list/explain commands with streaming upload, pagination, and exit codes. |
DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-SIG-26-002 | TODO | Extend stella policy simulate with reachability override flags (--reachability-state, --reachability-score). |
DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
[Experience & SDKs] 180.A) Cli.V Depends on: Sprint 180.A - Cli.IV Summary: Experience & SDKs focus on Cli (phase V).
| Task ID | State | Task description | Owners (Source) |
|---|---|---|---|
| CLI-TEN-47-001 | TODO | Implement stella login, whoami, tenants list, persistent profiles, secure token storage, and --tenant override with validation. |
DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-TEN-49-001 | TODO | Add service account token minting, delegation (stella token delegate), impersonation banner, and audit-friendly logging. |
DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-VEX-30-001 | TODO | Implement stella vex consensus list with filters, paging, policy selection, --json/--csv. |
DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-VEX-30-002 | TODO | Implement stella vex consensus show displaying quorum, evidence, rationale, signature status. |
DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-VEX-30-003 | TODO | Implement stella vex simulate for trust/threshold overrides with JSON diff output. |
DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-VEX-30-004 | TODO | Implement stella vex export for consensus NDJSON bundles with signature verification helper. |
DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-VULN-29-001 | TODO | Implement stella vuln list with grouping, paging, filters, --json/--csv, and policy selection. |
DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-VULN-29-002 | TODO | Implement stella vuln show displaying evidence, policy rationale, paths, ledger summary; support --json for automation. |
DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-VULN-29-003 | TODO | Add workflow commands (assign, comment, accept-risk, verify-fix, target-fix, reopen) with filter selection (--filter) and idempotent retries. |
DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-VULN-29-004 | TODO | Implement stella vuln simulate producing delta summaries and optional Markdown report for CI. |
DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-VULN-29-005 | TODO | Add stella vuln export and stella vuln bundle verify commands to trigger/download evidence bundles and verify signatures. |
DevEx/CLI Guild (src/Cli/StellaOps.Cli/TASKS.md) |
| CLI-VULN-29-006 | TODO | Update CLI docs/examples for Vulnerability Explorer with compliance checklist and CI snippets. | DevEx/CLI Guild, Docs Guild (src/Cli/StellaOps.Cli/TASKS.md) |
[Experience & SDKs] 180.B) DevPortal Depends on: Sprint 120.A - AirGap, Sprint 130.A - Scanner, Sprint 150.A - Orchestrator, Sprint 170.A - Notifier Summary: Experience & SDKs focus on DevPortal).
| Task ID | State | Task description | Owners (Source) |
|---|---|---|---|
| DEVPORT-62-001 | TODO | Select static site generator, integrate aggregate spec, build navigation + search scaffolding. | Developer Portal Guild (src/DevPortal/StellaOps.DevPortal.Site/TASKS.md) |
| DEVPORT-62-002 | TODO | Implement schema viewer, example rendering, copy-curl snippets, and version selector UI. | Developer Portal Guild (src/DevPortal/StellaOps.DevPortal.Site/TASKS.md) |
| DEVPORT-63-001 | TODO | Add Try-It console pointing at sandbox environment with token onboarding and scope info. | Developer Portal Guild, Platform Guild (src/DevPortal/StellaOps.DevPortal.Site/TASKS.md) |
| DEVPORT-63-002 | TODO | Embed language-specific SDK snippets and quick starts generated from tested examples. | Developer Portal Guild, SDK Generator Guild (src/DevPortal/StellaOps.DevPortal.Site/TASKS.md) |
| DEVPORT-64-001 | TODO | Provide offline build target bundling HTML, specs, SDK archives; ensure no external assets. | Developer Portal Guild, Export Center Guild (src/DevPortal/StellaOps.DevPortal.Site/TASKS.md) |
| DEVPORT-64-002 | TODO | Add automated accessibility tests, link checker, and performance budgets. | Developer Portal Guild (src/DevPortal/StellaOps.DevPortal.Site/TASKS.md) |
[Experience & SDKs] 180.C) Graph Depends on: Sprint 120.A - AirGap, Sprint 130.A - Scanner, Sprint 150.A - Orchestrator, Sprint 170.A - Notifier Summary: Experience & SDKs focus on Graph).
| Task ID | State | Task description | Owners (Source) |
|---|---|---|---|
| GRAPH-API-28-001 | TODO | Define OpenAPI + JSON schema for graph search/query/paths/diff/export endpoints, including cost metadata and streaming tile schema. | Graph API Guild (src/Graph/StellaOps.Graph.Api/TASKS.md) |
| GRAPH-API-28-002 | TODO | Implement /graph/search with multi-type index lookup, prefix/exact match, RBAC enforcement, and result ranking + caching. |
Graph API Guild (src/Graph/StellaOps.Graph.Api/TASKS.md) |
| GRAPH-API-28-003 | TODO | Build query planner + cost estimator for /graph/query, stream tiles (nodes/edges/stats) progressively, enforce budgets, provide cursor tokens. |
Graph API Guild (src/Graph/StellaOps.Graph.Api/TASKS.md) |
| GRAPH-API-28-004 | TODO | Implement /graph/paths with depth ≤6, constraint filters, heuristic shortest path search, and optional policy overlay rendering. |
Graph API Guild (src/Graph/StellaOps.Graph.Api/TASKS.md) |
| GRAPH-API-28-005 | TODO | Implement /graph/diff streaming added/removed/changed nodes/edges between SBOM snapshots; include overlay deltas and policy/VEX/advisory metadata. |
Graph API Guild (src/Graph/StellaOps.Graph.Api/TASKS.md) |
| GRAPH-API-28-006 | TODO | Consume Policy Engine overlay contract (POLICY-ENGINE-30-001..003) and surface advisory/VEX/policy overlays with caching, partial materialization, and explain trace sampling for focused nodes. |
Graph API Guild (src/Graph/StellaOps.Graph.Api/TASKS.md) |
| GRAPH-API-28-007 | TODO | Implement exports (graphml, csv, ndjson, png, svg) with async job management, checksum manifests, and streaming downloads. |
Graph API Guild (src/Graph/StellaOps.Graph.Api/TASKS.md) |
| GRAPH-API-28-008 | TODO | Integrate RBAC scopes (graph:read, graph:query, graph:export), tenant headers, audit logging, and rate limiting. |
Graph API Guild, Authority Guild (src/Graph/StellaOps.Graph.Api/TASKS.md) |
| GRAPH-API-28-009 | TODO | Instrument metrics (graph_tile_latency_seconds, graph_query_budget_denied_total, graph_overlay_cache_hit_ratio), structured logs, and traces per query stage; publish dashboards. |
Graph API Guild, Observability Guild (src/Graph/StellaOps.Graph.Api/TASKS.md) |
| GRAPH-API-28-010 | TODO | Build unit/integration/load tests with synthetic datasets (500k nodes/2M edges), fuzz query validation, verify determinism across runs. | Graph API Guild, QA Guild (src/Graph/StellaOps.Graph.Api/TASKS.md) |
| GRAPH-API-28-011 | TODO | Provide deployment manifests, offline kit support, API gateway integration docs, and smoke tests. | Graph API Guild, DevOps Guild (src/Graph/StellaOps.Graph.Api/TASKS.md) |
[Experience & SDKs] 180.D) Sdk Depends on: Sprint 120.A - AirGap, Sprint 130.A - Scanner, Sprint 150.A - Orchestrator, Sprint 170.A - Notifier Summary: Experience & SDKs focus on Sdk).
| Task ID | State | Task description | Owners (Source) |
|---|---|---|---|
| SDKGEN-62-001 | TODO | Choose/pin generator toolchain, set up language template pipeline, and enforce reproducible builds. | SDK Generator Guild (src/Sdk/StellaOps.Sdk.Generator/TASKS.md) |
| SDKGEN-62-002 | TODO | Implement shared post-processing (auth helpers, retries, pagination utilities, telemetry hooks) applied to all languages. | SDK Generator Guild (src/Sdk/StellaOps.Sdk.Generator/TASKS.md) |
| SDKGEN-63-001 | TODO | Ship TypeScript SDK alpha with ESM/CJS builds, typed errors, paginator, streaming helpers. | SDK Generator Guild (src/Sdk/StellaOps.Sdk.Generator/TASKS.md) |
| SDKGEN-63-002 | TODO | Ship Python SDK alpha (sync/async clients, type hints, upload/download helpers). | SDK Generator Guild (src/Sdk/StellaOps.Sdk.Generator/TASKS.md) |
| SDKGEN-63-003 | TODO | Ship Go SDK alpha with context-first API and streaming helpers. | SDK Generator Guild (src/Sdk/StellaOps.Sdk.Generator/TASKS.md) |
| SDKGEN-63-004 | TODO | Ship Java SDK alpha (builder pattern, HTTP client abstraction). | SDK Generator Guild (src/Sdk/StellaOps.Sdk.Generator/TASKS.md) |
| SDKGEN-64-001 | TODO | Switch CLI to consume TS or Go SDK; ensure parity. | SDK Generator Guild, CLI Guild (src/Sdk/StellaOps.Sdk.Generator/TASKS.md) |
| SDKGEN-64-002 | TODO | Integrate SDKs into Console data providers where feasible. | SDK Generator Guild, Console Guild (src/Sdk/StellaOps.Sdk.Generator/TASKS.md) |
| SDKREL-63-001 | TODO | Configure CI pipelines for npm, PyPI, Maven Central staging, and Go proxies with signing and provenance attestations. | SDK Release Guild (src/Sdk/StellaOps.Sdk.Release/TASKS.md) |
| SDKREL-63-002 | TODO | Integrate changelog automation pulling from OAS diffs and generator metadata. | SDK Release Guild, API Governance Guild (src/Sdk/StellaOps.Sdk.Release/TASKS.md) |
| SDKREL-64-001 | TODO | Hook SDK releases into Notifications Studio with scoped announcements and RSS/Atom feeds. | SDK Release Guild, Notifications Guild (src/Sdk/StellaOps.Sdk.Release/TASKS.md) |
| SDKREL-64-002 | TODO | Add devportal --offline bundle job packaging docs, specs, SDK artifacts for air-gapped users. |
SDK Release Guild, Export Center Guild (src/Sdk/StellaOps.Sdk.Release/TASKS.md) |
[Experience & SDKs] 180.E) UI.I Depends on: Sprint 120.A - AirGap, Sprint 130.A - Scanner, Sprint 150.A - Orchestrator, Sprint 170.A - Notifier Summary: Experience & SDKs focus on UI (phase I).
| Task ID | State | Task description | Owners (Source) |
|---|---|---|---|
| UI-AOC-19-001 | TODO | Add Sources dashboard tiles showing AOC pass/fail, recent violation codes, and ingest throughput per tenant. | UI Guild (src/UI/StellaOps.UI/TASKS.md) |
| UI-AOC-19-002 | TODO | Implement violation drill-down view highlighting offending document fields and provenance metadata. | UI Guild (src/UI/StellaOps.UI/TASKS.md) |
| UI-AOC-19-003 | TODO | Add "Verify last 24h" action triggering AOC verifier endpoint and surfacing CLI parity guidance. | UI Guild (src/UI/StellaOps.UI/TASKS.md) |
| UI-EXC-25-001 | TODO | Build Exception Center (list + kanban) with filters, sorting, workflow transitions, and audit views. | UI Guild, Governance Guild (src/UI/StellaOps.UI/TASKS.md) |
| UI-EXC-25-002 | TODO | Implement exception creation wizard with scope preview, justification templates, timebox guardrails. | UI Guild (src/UI/StellaOps.UI/TASKS.md) |
| UI-EXC-25-003 | TODO | Add inline exception drafting/proposing from Vulnerability Explorer and Graph detail panels with live simulation. | UI Guild (src/UI/StellaOps.UI/TASKS.md) |
| UI-EXC-25-004 | TODO | Surface exception badges, countdown timers, and explain integration across Graph/Vuln Explorer and policy views. | UI Guild (src/UI/StellaOps.UI/TASKS.md) |
| UI-EXC-25-005 | TODO | Add keyboard shortcuts (x,a,r) and ensure screen-reader messaging for approvals/revocations. |
UI Guild, Accessibility Guild (src/UI/StellaOps.UI/TASKS.md) |
| UI-GRAPH-21-001 | TODO | Align Graph Explorer auth configuration with new graph:* scopes; consume scope identifiers from shared StellaOpsScopes exports (via generated SDK/config) instead of hard-coded strings. |
UI Guild (src/UI/StellaOps.UI/TASKS.md) |
| UI-GRAPH-24-001 | TODO | Build Graph Explorer canvas with layered/radial layouts, virtualization, zoom/pan, and scope toggles; initial render <1.5s for sample asset. | UI Guild, SBOM Service Guild (src/UI/StellaOps.UI/TASKS.md) |
| UI-GRAPH-24-002 | TODO | Implement overlays (Policy, Evidence, License, Exposure), simulation toggle, path view, and SBOM diff/time-travel with accessible tooltips/AOC indicators. | UI Guild, Policy Guild (src/UI/StellaOps.UI/TASKS.md) |
| UI-GRAPH-24-003 | TODO | Deliver filters/search panel with facets, saved views, permalinks, and share modal. | UI Guild (src/UI/StellaOps.UI/TASKS.md) |
| UI-GRAPH-24-004 | TODO | Add side panels (Details, What-if, History) with upgrade simulation integration and SBOM diff viewer. | UI Guild (src/UI/StellaOps.UI/TASKS.md) |
| UI-GRAPH-24-006 | TODO | Ensure accessibility (keyboard nav, screen reader labels, contrast), add hotkeys (f,e,.), and analytics instrumentation. |
UI Guild, Accessibility Guild (src/UI/StellaOps.UI/TASKS.md) |
| UI-LNM-22-001 | TODO | Build Evidence panel showing policy decision with advisory observations/linksets side-by-side, conflict badges, AOC chain, and raw doc download links. Docs DOCS-LNM-22-005 waiting on delivered UI for screenshots + flows. |
UI Guild, Policy Guild (src/UI/StellaOps.UI/TASKS.md) |
[Experience & SDKs] 180.E) UI.II Depends on: Sprint 180.E - UI.I Summary: Experience & SDKs focus on UI (phase II).
| Task ID | State | Task description | Owners (Source) |
|---|---|---|---|
| UI-LNM-22-002 | TODO | Implement filters (source, severity bucket, conflict-only, CVSS vector presence) and pagination/lazy loading for large linksets. Docs depend on finalized filtering UX. | UI Guild (src/UI/StellaOps.UI/TASKS.md) |
| UI-LNM-22-003 | TODO | Add VEX tab with status/justification summaries, conflict indicators, and export actions. Required for DOCS-LNM-22-005 coverage of VEX evidence tab. |
UI Guild, Excititor Guild (src/UI/StellaOps.UI/TASKS.md) |
| UI-LNM-22-004 | TODO | Provide permalink + copy-to-clipboard for selected component/linkset/policy combination; ensure high-contrast theme support. | UI Guild (src/UI/StellaOps.UI/TASKS.md) |
| UI-ORCH-32-001 | TODO | Update Console RBAC mappings to surface Orch.Viewer, request orch:read scope in token flows, and gate dashboard access/messaging accordingly. |
UI Guild, Console Guild (src/UI/StellaOps.UI/TASKS.md) |
| UI-POLICY-13-007 | TODO | Surface policy confidence metadata (band, age, quiet provenance) on preview and report views. | UI Guild (src/UI/StellaOps.UI/TASKS.md) |
| UI-POLICY-20-001 | TODO | Ship Monaco-based policy editor with DSL syntax highlighting, inline diagnostics, and compliance checklist sidebar. | UI Guild (src/UI/StellaOps.UI/TASKS.md) |
| UI-POLICY-20-002 | TODO | Build simulation panel showing before/after counts, severity deltas, and rule hit summaries with deterministic diff rendering. | UI Guild (src/UI/StellaOps.UI/TASKS.md) |
| UI-POLICY-20-003 | TODO | Implement submit/review/approve workflow with comments, approvals log, and RBAC checks aligned to new Policy Studio roles (policy:author/policy:review/policy:approve/policy:operate). |
UI Guild, Product Ops (src/UI/StellaOps.UI/TASKS.md) |
| UI-POLICY-20-004 | TODO | Add run viewer dashboards (rule heatmap, VEX wins, suppressions) with filter/search and export. | UI Guild, Observability Guild (src/UI/StellaOps.UI/TASKS.md) |
| UI-POLICY-23-001 | TODO | Deliver Policy Editor workspace with pack list, revision history, and scoped metadata cards. | UI Guild, Policy Guild (src/UI/StellaOps.UI/TASKS.md) |
| UI-POLICY-23-002 | TODO | Implement YAML editor with schema validation, lint diagnostics, and live canonicalization preview. | UI Guild (src/UI/StellaOps.UI/TASKS.md) |
| UI-POLICY-23-003 | TODO | Build guided rule builder (source preferences, severity mapping, VEX precedence, exceptions) with preview JSON output. | UI Guild (src/UI/StellaOps.UI/TASKS.md) |
| UI-POLICY-23-004 | TODO | Add review/approval workflow UI: checklists, comments, two-person approval indicator, scope scheduling. | UI Guild (src/UI/StellaOps.UI/TASKS.md) |
| UI-POLICY-23-005 | TODO | Integrate simulator panel (SBOM/component/advisory selection), run diff vs active policy, show explain tree and overlays. | UI Guild (src/UI/StellaOps.UI/TASKS.md) |
| UI-POLICY-23-006 | TODO | Implement explain view linking to evidence overlays and exceptions; provide export to JSON/PDF. | UI Guild (src/UI/StellaOps.UI/TASKS.md) |
[Experience & SDKs] 180.E) UI.III Depends on: Sprint 180.E - UI.II Summary: Experience & SDKs focus on UI (phase III).
| Task ID | State | Task description | Owners (Source) |
|---|---|---|---|
| UI-POLICY-27-001 | TODO | Update Console policy workspace RBAC guards, scope requests, and user messaging to reflect the new Policy Studio roles/scopes (policy:author/review/approve/operate/audit/simulate), including Cypress auth stubs and help text. |
UI Guild, Product Ops (src/UI/StellaOps.UI/TASKS.md) |
| UI-SIG-26-001 | TODO | Add reachability columns/badges to Vulnerability Explorer with filters and tooltips. | UI Guild, Signals Guild (src/UI/StellaOps.UI/TASKS.md) |
| UI-SIG-26-002 | TODO | Enhance “Why” drawer with call path visualization, reachability timeline, and evidence list. | UI Guild (src/UI/StellaOps.UI/TASKS.md) |
| UI-SIG-26-003 | TODO | Add reachability overlay halos/time slider to SBOM Graph along with state legend. | UI Guild (src/UI/StellaOps.UI/TASKS.md) |
| UI-SIG-26-004 | TODO | Build Reachability Center view showing asset coverage, missing sensors, and stale facts. | UI Guild (src/UI/StellaOps.UI/TASKS.md) |
[Experience & SDKs] 180.F) Web.I Depends on: Sprint 120.A - AirGap, Sprint 130.A - Scanner, Sprint 150.A - Orchestrator, Sprint 170.A - Notifier Summary: Experience & SDKs focus on Web (phase I).
| Task ID | State | Task description | Owners (Source) |
|---|---|---|---|
WEB-AIAI-31-001 API routing |
TODO | Route /advisory/ai/* endpoints through gateway with RBAC/ABAC, rate limits, and telemetry headers. |
BE-Base Platform Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-AIAI-31-002 Batch orchestration |
TODO | Provide batching job handlers and streaming responses for CLI automation with retry/backoff. | BE-Base Platform Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-AIAI-31-003 Telemetry & audit |
TODO | Emit metrics/logs (latency, guardrail blocks, validation failures) and forward anonymized prompt hashes to analytics. | BE-Base Platform Guild, Observability Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-AOC-19-001 Shared AOC guard primitives |
DOING (2025-10-26) | Provide AOCForbiddenKeys, guard middleware/interceptor hooks, and error types (AOCError, AOCViolationCode) for ingestion services. Publish sample usage + analyzer to ensure guard registered. |
BE-Base Platform Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-AOC-19-002 Provenance & signature helpers |
TODO | Ship ProvenanceBuilder, checksum utilities, and signature verification helper integrated with guard logging. Cover DSSE/CMS formats with unit tests. |
BE-Base Platform Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-AOC-19-003 Analyzer + test fixtures |
TODO | Author Roslyn analyzer preventing ingestion modules from writing forbidden keys without guard, and provide shared test fixtures for guard validation used by Concelier/Excititor service tests. | QA Guild, BE-Base Platform Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-CONSOLE-23-001 Global posture endpoints |
TODO | Provide consolidated /console/dashboard and /console/filters APIs returning tenant-scoped aggregates (findings by severity, VEX override counts, advisory deltas, run health, policy change log). Enforce AOC labelling, deterministic ordering, and cursor-based pagination for drill-down hints. |
BE-Base Platform Guild, Product Analytics Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-CONSOLE-23-002 Live status & SSE proxy |
TODO | Expose /console/status polling endpoint and /console/runs/{id}/stream SSE/WebSocket proxy with heartbeat/backoff, queue lag metrics, and auth scope enforcement. Surface request IDs + retry headers. |
BE-Base Platform Guild, Scheduler Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-CONSOLE-23-003 Evidence export orchestrator |
TODO | Add /console/exports POST/GET routes coordinating evidence bundle creation, streaming CSV/JSON exports, checksum manifest retrieval, and signed attestation references. Ensure requests honor tenant + policy scopes and expose job tracking metadata. |
BE-Base Platform Guild, Policy Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-CONSOLE-23-004 Global search router |
TODO | Implement /console/search endpoint accepting CVE/GHSA/PURL/SBOM identifiers, performing fan-out queries with caching, ranking, and deterministic tie-breaking. Return typed results for Console navigation; respect result caps and latency SLOs. |
BE-Base Platform Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-CONSOLE-23-005 Downloads manifest API |
TODO | Serve /console/downloads JSON manifest (images, charts, offline bundles) sourced from signed registry metadata; include integrity hashes, release notes links, and offline instructions. Provide caching headers and documentation. |
BE-Base Platform Guild, DevOps Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-CONTAINERS-44-001 Config discovery & quickstart flag |
TODO | Expose /welcome state, config discovery endpoint (safe values), and QUICKSTART_MODE handling for Console banner; add /health/liveness, /health/readiness, /version if missing. |
BE-Base Platform Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-CONTAINERS-45-001 Helm readiness support |
TODO | Ensure readiness endpoints reflect DB/queue readiness, add feature flag toggles via config map, and document NetworkPolicy ports. | BE-Base Platform Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-CONTAINERS-46-001 Air-gap hardening |
TODO | Provide offline-friendly asset serving (no CDN), allow overriding object store endpoints via env, and document fallback behavior. | BE-Base Platform Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-EXC-25-001 Exceptions CRUD & workflow |
TODO | Implement /exceptions API (create, propose, approve, revoke, list, history) with validation, pagination, and audit logging. |
BE-Base Platform Guild (src/Web/StellaOps.Web/TASKS.md) |
[Experience & SDKs] 180.F) Web.II Depends on: Sprint 180.F - Web.I Summary: Experience & SDKs focus on Web (phase II).
| Task ID | State | Task description | Owners (Source) |
|---|---|---|---|
WEB-EXC-25-002 Policy integration surfaces |
TODO | Extend /policy/effective and /policy/simulate responses to include exception metadata and accept overrides for simulations. |
BE-Base Platform Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-EXC-25-003 Notifications & events |
TODO | Publish exception.* events, integrate with notification hooks, enforce rate limits. |
BE-Base Platform Guild, Platform Events Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-EXPORT-35-001 Export routing |
TODO | Surface Export Center APIs (profiles/runs/download) through gateway with tenant scoping, streaming support, and viewer/operator scope checks. | BE-Base Platform Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-EXPORT-36-001 Distribution endpoints |
TODO | Add distribution routes (OCI/object storage), manifest/provenance proxies, and signed URL generation. | BE-Base Platform Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-EXPORT-37-001 Scheduling & verification |
TODO | Expose scheduling, retention, encryption parameters, and verification endpoints with admin scope enforcement and audit logs. | BE-Base Platform Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-GRAPH-21-001 Graph endpoints |
BLOCKED (2025-10-27) | Add gateway routes for graph versions/viewport/node/path/diff/export endpoints with tenant enforcement, scope checks, and streaming responses; proxy Policy Engine diff toggles without inline logic. Adopt StellaOpsScopes constants for RBAC enforcement. |
BE-Base Platform Guild, Graph Platform Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-GRAPH-21-002 Request validation |
BLOCKED (2025-10-27) | Implement bbox/zoom/path parameter validation, pagination tokens, and deterministic ordering; add contract tests for boundary conditions. | BE-Base Platform Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-GRAPH-21-003 Error mapping & exports |
BLOCKED (2025-10-27) | Map graph service errors to ERR_Graph_*, support GraphML/JSONL export streaming, and document rate limits. |
BE-Base Platform Guild, QA Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-GRAPH-21-004 Overlay pass-through |
BLOCKED (2025-10-27) | Proxy Policy Engine overlay responses for graph endpoints while keeping gateway stateless; maintain streaming budgets and latency SLOs. | BE-Base Platform Guild, Policy Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-GRAPH-24-001 Gateway proxy refresh |
TODO | Gateway proxy for Graph API and Policy overlays with RBAC, caching, pagination, ETags, and streaming; zero business logic. | BE-Base Platform Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-GRAPH-24-001 Graph endpoints |
TODO | Implement /graph/assets/* endpoints (snapshots, adjacency, search) with pagination, ETags, and tenant scoping while acting as a pure proxy. |
BE-Base Platform Guild, SBOM Service Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-GRAPH-24-004 AOC enrichers |
TODO | Embed AOC summaries sourced from overlay services; ensure gateway does not compute derived severity or hints. | BE-Base Platform Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-GRAPH-24-004 Telemetry aggregation |
TODO | Collect gateway metrics/logs (tile latency, proxy errors, overlay cache stats) and forward to dashboards; document sampling strategy. | BE-Base Platform Guild, Observability Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-LNM-21-001 Advisory observation endpoints |
TODO | Surface new /advisories/* APIs through gateway with caching, pagination, and RBAC enforcement (advisory:read). |
BE-Base Platform Guild, Concelier WebService Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-LNM-21-002 VEX observation endpoints |
TODO | Expose /vex/* read APIs with evidence routes and export handlers; map ERR_AGG_* codes. |
BE-Base Platform Guild, Excititor WebService Guild (src/Web/StellaOps.Web/TASKS.md) |
[Experience & SDKs] 180.F) Web.III Depends on: Sprint 180.F - Web.II Summary: Experience & SDKs focus on Web (phase III).
| Task ID | State | Task description | Owners (Source) |
|---|---|---|---|
WEB-LNM-21-003 Policy evidence aggregation |
TODO | Provide combined endpoint for Console to fetch policy result + source evidence (advisory + VEX linksets) for a component. | BE-Base Platform Guild, Policy Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-NOTIFY-38-001 Gateway routing |
TODO | Route notifier APIs (/notifications/*) and WS feed through gateway with tenant scoping, viewer/operator scope enforcement, and SSE/WebSocket bridging. |
BE-Base Platform Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-NOTIFY-39-001 Digest & simulation endpoints |
TODO | Surface digest scheduling, quiet-hour/throttle management, and simulation APIs; ensure rate limits and audit logging. | BE-Base Platform Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-NOTIFY-40-001 Escalations & localization |
TODO | Expose escalation, localization, channel health, and ack verification endpoints with admin scope enforcement and signed token validation. | BE-Base Platform Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-OAS-61-001 Discovery endpoint |
TODO | Implement GET /.well-known/openapi returning gateway spec with version metadata, cache headers, and signed ETag. |
BE-Base Platform Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-OAS-61-002 Standard error envelope |
TODO | Migrate gateway errors to standard envelope and update examples; ensure telemetry logs include error.code. |
BE-Base Platform Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-OAS-62-001 Pagination & idempotency alignment |
TODO | Normalize all endpoints to cursor pagination, expose Idempotency-Key support, and document rate-limit headers. |
BE-Base Platform Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-OAS-63-001 Deprecation support |
TODO | Add deprecation header middleware, Sunset link emission, and observability metrics for deprecated routes. | BE-Base Platform Guild, API Governance Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-OBS-50-001 Telemetry core adoption |
TODO | Integrate StellaOps.Telemetry.Core into gateway host, replace ad-hoc logging, ensure all routes emit trace/span IDs, tenant context, and scrubbed payload previews. |
BE-Base Platform Guild, Observability Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-OBS-51-001 Observability health endpoints |
TODO | Implement /obs/health and /obs/slo aggregations, pulling metrics from Prometheus/collector APIs, including burn-rate signals and exemplar links for Console widgets. |
BE-Base Platform Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-OBS-52-001 Trace & log proxies |
TODO | Deliver /obs/trace/:id and /obs/logs proxy endpoints with guardrails (time window limits, tenant scoping) forwarding to timeline indexer + log store with signed URLs. |
BE-Base Platform Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-OBS-54-001 Evidence & attestation bridges |
TODO | Provide /evidence/* and /attestations/* pass-through endpoints, enforce timeline:read, evidence:read, attest:read scopes, append provenance headers, and surface verification summaries. |
BE-Base Platform Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-OBS-55-001 Incident mode controls |
TODO | Add /obs/incident-mode API (enable/disable/status) with audit trail, sampling override, retention bump preview, and CLI/Console hooks. |
BE-Base Platform Guild, Ops Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-OBS-56-001 Sealed status surfaces |
TODO | Extend telemetry core integration to expose sealed/unsealed status APIs, drift metrics, and Console widgets without leaking sealed-mode secrets. | BE-Base Platform Guild, AirGap Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-ORCH-32-001 Read-only routing |
TODO | Expose `/orchestrator/sources | BE-Base Platform Guild (src/Web/StellaOps.Web/TASKS.md) |
[Experience & SDKs] 180.F) Web.IV Depends on: Sprint 180.F - Web.III Summary: Experience & SDKs focus on Web (phase IV).
| Task ID | State | Task description | Owners (Source) |
|---|---|---|---|
WEB-ORCH-33-001 Control + backfill actions |
TODO | Add POST action routes (`pause | BE-Base Platform Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-ORCH-34-001 Quotas & telemetry |
TODO | Surface quotas/backfill APIs, queue/backpressure metrics, and error clustering routes with admin scope enforcement and audit logging. | BE-Base Platform Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-POLICY-20-001 Policy endpoints |
TODO | Implement Policy CRUD/compile/run/simulate/findings/explain endpoints with OpenAPI, tenant scoping, and service identity enforcement. | BE-Base Platform Guild, Policy Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-POLICY-20-002 Pagination & filters |
TODO | Add pagination, filtering, sorting, and tenant guards to listings for policies, runs, and findings; include deterministic ordering and query diagnostics. | BE-Base Platform Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-POLICY-20-003 Error mapping |
TODO | Map engine errors to ERR_POL_* responses with consistent payloads and contract tests; expose correlation IDs in headers. |
BE-Base Platform Guild, QA Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-POLICY-20-004 Simulate rate limits |
TODO | Introduce adaptive rate limiting + quotas for simulation endpoints, expose metrics, and document retry headers. | Platform Reliability Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-POLICY-23-001 Policy pack CRUD |
BLOCKED (2025-10-29) | Implement API endpoints for creating/listing/fetching policy packs and revisions (/policy/packs, /policy/packs/{id}/revisions) with pagination, RBAC, and AOC metadata exposure. (Tracked via Sprint 18.5 gateway tasks.) |
BE-Base Platform Guild, Policy Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-POLICY-23-002 Activation & scope |
BLOCKED (2025-10-29) | Add activation endpoint with scope windows, conflict checks, and optional 2-person approval integration; emit events on success. (Tracked via Sprint 18.5 gateway tasks.) | BE-Base Platform Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-POLICY-23-003 Simulation & evaluation |
TODO | Provide /policy/simulate and /policy/evaluate endpoints with streaming responses, rate limiting, and error mapping. |
BE-Base Platform Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-POLICY-23-004 Explain retrieval |
TODO | Expose explain history endpoints (/policy/runs, /policy/runs/{id}) including decision tree, sources consulted, and AOC chain. |
BE-Base Platform Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-POLICY-27-001 Policy registry proxy |
TODO | Surface Policy Registry APIs (/policy/workspaces, /policy/versions, /policy/reviews, /policy/registry) through gateway with tenant scoping, RBAC, and request validation; ensure streaming downloads for evidence bundles. |
BE-Base Platform Guild, Policy Registry Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-POLICY-27-002 Review & approval routes |
TODO | Implement review lifecycle endpoints (open, comment, approve/reject) with audit headers, comment pagination, and webhook fan-out. | BE-Base Platform Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-POLICY-27-003 Simulation orchestration endpoints |
TODO | Expose quick/batch simulation endpoints with SSE progress (/policy/simulations/{runId}/stream), cursor-based result pagination, and manifest download routes. |
BE-Base Platform Guild, Scheduler Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-POLICY-27-004 Publish & promote controls |
TODO | Add publish/sign/promote/rollback endpoints with idempotent request IDs, canary parameters, and environment bindings; enforce scope checks and emit structured events. | BE-Base Platform Guild, Security Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-POLICY-27-005 Policy Studio telemetry |
TODO | Instrument metrics/logs for compile latency, simulation queue depth, approval latency, promotion actions; expose aggregated dashboards and correlation IDs for Console. | BE-Base Platform Guild, Observability Guild (src/Web/StellaOps.Web/TASKS.md) |
[Experience & SDKs] 180.F) Web.V Depends on: Sprint 180.F - Web.IV Summary: Experience & SDKs focus on Web (phase V).
| Task ID | State | Task description | Owners (Source) |
|---|---|---|---|
WEB-RISK-66-001 Risk API routing |
TODO | Expose risk profile/results endpoints through gateway with tenant scoping, pagination, and rate limiting. | BE-Base Platform Guild, Policy Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-RISK-66-002 Explainability downloads |
TODO | Add signed URL handling for explanation blobs and enforce scope checks. | BE-Base Platform Guild, Risk Engine Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-RISK-67-001 Risk status endpoint |
TODO | Provide aggregated risk stats (/risk/status) for Console dashboards (counts per severity, last computation). |
BE-Base Platform Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-RISK-68-001 Notification hooks |
TODO | Emit events on severity transitions via gateway to notifier bus with trace metadata. | BE-Base Platform Guild, Notifications Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-SIG-26-001 Signals proxy endpoints |
TODO | Surface /signals/callgraphs, /signals/facts read/write endpoints with pagination, ETags, and RBAC. |
BE-Base Platform Guild, Signals Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-SIG-26-002 Reachability joins |
TODO | Extend /policy/effective and /vuln/explorer responses to include reachability scores/states and allow filtering. |
BE-Base Platform Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-SIG-26-003 Simulation hooks |
TODO | Add reachability override parameters to /policy/simulate and related APIs for what-if analysis. |
BE-Base Platform Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-TEN-47-001 Auth middleware |
TODO | Implement JWT verification, tenant activation from headers, scope matching, and decision audit emission for all API endpoints. | BE-Base Platform Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-TEN-48-001 Tenant context propagation |
TODO | Set DB session stella.tenant_id, enforce tenant/project checks on persistence, prefix object storage paths, and stamp audit metadata. |
BE-Base Platform Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-TEN-49-001 ABAC & audit API |
TODO | Integrate optional ABAC overlay with Policy Engine, expose /audit/decisions API, and support service token minting endpoints. |
BE-Base Platform Guild, Policy Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-VEX-30-007 VEX consensus routing |
TODO | Route /vex/consensus APIs with tenant RBAC/ABAC, caching, and streaming; surface telemetry and trace IDs without gateway-side overlay logic. |
BE-Base Platform Guild, VEX Lens Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-VULN-29-001 Vuln API routing |
TODO | Expose /vuln/* endpoints via gateway with tenant scoping, RBAC/ABAC enforcement, anti-forgery headers, and request logging. |
BE-Base Platform Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-VULN-29-002 Ledger proxy headers |
TODO | Forward workflow actions to Findings Ledger with idempotency headers and correlation IDs; handle retries/backoff. | BE-Base Platform Guild, Findings Ledger Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-VULN-29-003 Simulation + export routing |
TODO | Provide simulation and export orchestration routes with SSE/progress headers, signed download links, and request budgeting. | BE-Base Platform Guild (src/Web/StellaOps.Web/TASKS.md) |
WEB-VULN-29-004 Telemetry aggregation |
TODO | Emit gateway metrics/logs (latency, error rates, export duration), propagate query hashes for analytics dashboards. | BE-Base Platform Guild, Observability Guild (src/Web/StellaOps.Web/TASKS.md) |
If all tasks are done - read next sprint section - SPRINT_190_ops_offline.md