75c2bcafce
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
- Implemented LdapDistinguishedNameHelper for escaping RDN and filter values. - Created AuthorityCredentialAuditContext and IAuthorityCredentialAuditContextAccessor for managing credential audit context. - Developed StandardCredentialAuditLogger with tests for success, failure, and lockout events. - Introduced AuthorityAuditSink for persisting audit records with structured logging. - Added CryptoPro related classes for certificate resolution and signing operations.
4.0 KiB
4.0 KiB
Sprint 128 - Policy & Reasoning
Last updated: November 8, 2025. Implementation order is DOING → TODO → BLOCKED.
Focus areas below were split out of the previous combined sprint; execute sections in order unless noted.
Policy.VI
Dependency: Sprint 120.C - Policy.V (must land before this track). Focus: Policy & Reasoning focus on Policy (phase VI).
| # | Task ID & handle | State | Key dependency / next step | Owners |
|---|---|---|---|---|
| 1 | POLICY-RISK-67-002 | TODO | Implement profile lifecycle APIs (/risk/profiles create/publish/deprecate) and scope attachment logic (Deps: POLICY-RISK-67-001) |
Policy Guild / src/Policy/StellaOps.Policy.Engine |
| 2 | POLICY-RISK-67-002 | TODO | Publish .well-known/risk-profile-schema endpoint and CLI validation tooling (Deps: POLICY-RISK-67-002) |
Risk Profile Schema Guild / src/Policy/StellaOps.Policy.RiskProfile |
| 3 | POLICY-RISK-67-003 | TODO | Provide policy-layer APIs to trigger risk simulations and return distributions/contribution breakdowns (Deps: POLICY-RISK-67-002) | Policy Guild, Risk Engine Guild / src/Policy/__Libraries/StellaOps.Policy |
| 4 | POLICY-RISK-68-001 | TODO | Provide simulation API bridging Policy Studio with risk engine; returns distributions and top movers (Deps: POLICY-RISK-67-003) | Policy Guild, Policy Studio Guild / src/Policy/StellaOps.Policy.Engine |
| 5 | POLICY-RISK-68-001 | TODO | Implement scope selectors, precedence rules, and Authority attachment APIs (Deps: POLICY-RISK-68-001) | Risk Profile Schema Guild, Authority Guild / src/Policy/StellaOps.Policy.RiskProfile |
| 6 | POLICY-RISK-68-002 | TODO | Add override/adjustment support with audit metadata and validation for conflicting rules (Deps: POLICY-RISK-68-001) | Risk Profile Schema Guild / src/Policy/StellaOps.Policy.RiskProfile |
| 7 | POLICY-RISK-68-002 | TODO | Enable exporting/importing RiskProfiles with signatures via policy tooling (CLI + API) (Deps: POLICY-RISK-68-002) | Policy Guild, Export Guild / src/Policy/__Libraries/StellaOps.Policy |
| 8 | POLICY-RISK-69-001 | TODO | Emit events/notifications on profile publish, deprecate, and severity threshold changes (Deps: POLICY-RISK-68-002) | Policy Guild, Notifications Guild / src/Policy/StellaOps.Policy.Engine |
| 9 | POLICY-RISK-70-001 | TODO | Support exporting/importing profiles with signatures for air-gapped bundles (Deps: POLICY-RISK-69-001) | Policy Guild, Export Guild / src/Policy/StellaOps.Policy.Engine |
| 10 | POLICY-SPL-23-001 | TODO | Define SPL v1 YAML + JSON Schema, including advisory rules, VEX precedence, severity mapping, exceptions, and layering metadata. Publish schema resources and validation fixtures | Policy Guild, Language Infrastructure Guild / src/Policy/__Libraries/StellaOps.Policy |
| 11 | POLICY-SPL-23-002 | TODO | Implement canonicalizer that normalizes policy packs (ordering, defaults), computes content hash, and prepares bundle metadata for AOC/signing (Deps: POLICY-SPL-23-001) | Policy Guild / src/Policy/__Libraries/StellaOps.Policy |
| 12 | POLICY-SPL-23-003 | TODO | Build policy layering/override engine (global/org/project/env/exception) with field-level precedence matrices; add unit/property tests (Deps: POLICY-SPL-23-002) | Policy Guild / src/Policy/__Libraries/StellaOps.Policy |
| 13 | POLICY-SPL-23-004 | TODO | Design explanation tree model (rule hits, inputs, decisions) and persistence structures reused by runtime, UI, and CLI (Deps: POLICY-SPL-23-003) | Policy Guild, Audit Guild / src/Policy/__Libraries/StellaOps.Policy |
| 14 | POLICY-SPL-23-005 | TODO | Create migration tool to snapshot existing behavior into baseline SPL packs (org.core.baseline), including policy docs and sample bundles (Deps: POLICY-SPL-23-004) |
Policy Guild, DevEx Guild / src/Policy/__Libraries/StellaOps.Policy |
| 15 | POLICY-SPL-24-001 | TODO | Extend SPL schema to expose reachability/exploitability predicates and weighting functions; update documentation and fixtures (Deps: POLICY-SPL-23-005) | Policy Guild, Signals Guild / src/Policy/__Libraries/StellaOps.Policy |