4.6 KiB
4.6 KiB
Sprint 124 - Policy & Reasoning
Last updated: November 8, 2025. Implementation order is DOING → TODO → BLOCKED.
Focus areas below were split out of the previous combined sprint; execute sections in order unless noted.
Policy.II
Dependency: Sprint 120.C - Policy.I (must land before this track). Focus: Policy & Reasoning focus on Policy (phase II).
| # | Task ID & handle | State | Key dependency / next step | Owners |
|---|---|---|---|---|
| P1 | PREP-POLICY-ENGINE-20-002-BUILD-DETERMINISTIC | TODO | Due 2025-11-22 · Accountable: Policy Guild / src/Policy/StellaOps.Policy.Engine | Policy Guild / src/Policy/StellaOps.Policy.Engine |
| 1 | POLICY-CONSOLE-23-002 | TODO | Produce simulation diff metadata (before/after counts, severity deltas, rule impact summaries) and approval state endpoints consumed by Console policy workspace; expose RBAC-aware status transitions (Deps: POLICY-CONSOLE-23-001) | Policy Guild, Product Ops / src/Policy/StellaOps.Policy.Engine |
| 2 | POLICY-ENGINE-20-002 | BLOCKED (2025-10-26) | PREP-POLICY-ENGINE-20-002-BUILD-DETERMINISTIC | Policy Guild / src/Policy/StellaOps.Policy.Engine |
| 3 | POLICY-ENGINE-20-003 | TODO | Implement selection joiners resolving SBOM↔advisory↔VEX tuples using linksets and PURL equivalence tables, with deterministic batching (Deps: POLICY-ENGINE-20-002) | Policy Guild, Concelier Core Guild, Excititor Core Guild / src/Policy/StellaOps.Policy.Engine |
| 4 | POLICY-ENGINE-20-004 | TODO | Ship materialization writer that upserts into effective_finding_{policyId} with append-only history, tenant scoping, and trace references (Deps: POLICY-ENGINE-20-003) |
Policy Guild, Platform Storage Guild / src/Policy/StellaOps.Policy.Engine |
| 5 | POLICY-ENGINE-20-005 | TODO | Enforce determinism guard banning wall-clock, RNG, and network usage during evaluation via static analysis + runtime sandbox (Deps: POLICY-ENGINE-20-004) | Policy Guild, Security Engineering / src/Policy/StellaOps.Policy.Engine |
| 6 | POLICY-ENGINE-20-006 | TODO | Implement incremental orchestrator reacting to advisory/vex/SBOM change streams and scheduling partial policy re-evaluations (Deps: POLICY-ENGINE-20-005) | Policy Guild, Scheduler Worker Guild / src/Policy/StellaOps.Policy.Engine |
| 7 | POLICY-ENGINE-20-007 | TODO | Emit structured traces/logs of rule hits with sampling controls, metrics (rules_fired_total, vex_overrides_total), and expose explain trace exports (Deps: POLICY-ENGINE-20-006) |
Policy Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine |
| 8 | POLICY-ENGINE-20-008 | TODO | Add unit/property/golden/perf suites covering policy compilation, evaluation correctness, determinism, and SLA targets (Deps: POLICY-ENGINE-20-007) | Policy Guild, QA Guild / src/Policy/StellaOps.Policy.Engine |
| 9 | POLICY-ENGINE-20-009 | TODO | Define Mongo schemas/indexes for policies, policy_runs, and effective_finding_*; implement migrations and tenant enforcement (Deps: POLICY-ENGINE-20-008) |
Policy Guild, Storage Guild / src/Policy/StellaOps.Policy.Engine |
| 10 | POLICY-ENGINE-27-001 | TODO | Extend compile outputs to include rule coverage metadata, symbol table, inline documentation, and rule index for editor autocomplete; persist deterministic hashes (Deps: POLICY-ENGINE-20-009) | Policy Guild / src/Policy/StellaOps.Policy.Engine |
| 11 | POLICY-ENGINE-27-002 | TODO | Enhance simulate endpoints to emit rule firing counts, heatmap aggregates, sampled explain traces with deterministic ordering, and delta summaries for quick/batch sims (Deps: POLICY-ENGINE-27-001) | Policy Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine |
| 12 | POLICY-ENGINE-29-001 | TODO | Implement batch evaluation endpoint (POST /policy/eval/batch) returning determinations + rationale chain for sets of (artifact,purl,version,advisory) tuples; support pagination and cost budgets (Deps: POLICY-ENGINE-27-004) |
Policy Guild / src/Policy/StellaOps.Policy.Engine |
| 13 | POLICY-ENGINE-29-002 | TODO | Provide streaming simulation API comparing two policy versions, returning per-finding deltas without writes; align determinism with Vuln Explorer simulation (Deps: POLICY-ENGINE-29-001) | Policy Guild, Findings Ledger Guild / src/Policy/StellaOps.Policy.Engine |
Execution Log
| Date (UTC) | Update | Owner |
|---|---|---|
| 2025-11-19 | Assigned PREP owners/dates; see Delivery Tracker. | Planning |