stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity
Files
main
git.stella-ops.org/docs/modules/policy/TASKS.md
master b1e78fe412
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
feat: Implement vulnerability token signing and verification utilities 
- Added VulnTokenSigner for signing JWT tokens with specified algorithms and keys.
- Introduced VulnTokenUtilities for resolving tenant and subject claims, and sanitizing context dictionaries.
- Created VulnTokenVerificationUtilities for parsing tokens, verifying signatures, and deserializing payloads.
- Developed VulnWorkflowAntiForgeryTokenIssuer for issuing anti-forgery tokens with configurable options.
- Implemented VulnWorkflowAntiForgeryTokenVerifier for verifying anti-forgery tokens and validating payloads.
- Added AuthorityVulnerabilityExplorerOptions to manage configuration for vulnerability explorer features.
- Included tests for FilesystemPackRunDispatcher to ensure proper job handling under egress policy restrictions.
2025-11-03 10:04:10 +02:00

1.3 KiB
Raw Permalink Blame History

Task board — Policy Engine

Local tasks should link back to ./AGENTS.md and mirror status updates into ../../TASKS.md when applicable.

ID Status Owner(s) Description Notes
POLICY ENGINE-DOCS-0001 TODO Docs Guild Validate that ./README.md aligns with the latest release notes. See ./AGENTS.md
POLICY ENGINE-OPS-0001 TODO Ops Guild Review runbooks/observability assets after next sprint demo. Sync outcomes back to ../../TASKS.md
POLICY ENGINE-ENG-0001 TODO Module Team Cross-check implementation plan milestones against ../../implplan/SPRINTS.md. Update status via ./AGENTS.md workflow
POLICY-READINESS-0001 DOING (2025-11-03) Policy Guild, Security Guild Resolve open questions in ../policy/secret-leak-detection-readiness.md ahead of SCANNER-ENG-0007. Decision workshop 2025-11-10 (Northwind demo); cover masking depth, telemetry retention, bundle defaults, tenant overrides.
POLICY-READINESS-0002 DOING (2025-11-03) Policy Guild, Security Guild, Offline Kit Guild Review ../policy/windows-package-readiness.md, set signature verification locus, feed mirroring scopes, and legacy installer posture. FinSecure PCI blocker; deliver Authenticode/feed decision by 2025-11-07 before analyzer spike kickoff.