2eaf0f699b
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
devportal-offline / build-offline (push) Has been cancelled
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
- Added AirgapTimelineImpact, AirgapTimelineImpactInput, and AirgapTimelineImpactResult records for managing air-gap bundle import impacts. - Introduced EvidenceSnapshotRecord, EvidenceSnapshotLinkInput, and EvidenceSnapshotLinkResult records for linking findings to evidence snapshots. - Created IEvidenceSnapshotRepository interface for managing evidence snapshot records. - Developed StalenessValidationService to validate staleness and enforce freshness thresholds. - Implemented AirgapTimelineService for emitting timeline events related to bundle imports. - Added EvidenceSnapshotService for linking findings to evidence snapshots and verifying their validity. - Introduced AirGapOptions for configuring air-gap staleness enforcement and thresholds. - Added minimal jsPDF stub for offline/testing builds in the web application. - Created TypeScript definitions for jsPDF to enhance type safety in the web application.
2.6 KiB
2.6 KiB
EntryTrace Heuristic Review Cadence
EntryTrace heuristics must stay aligned with competitor techniques and new runtime behaviours. This cadence makes updates predictable and deterministic.
Objectives
- Refresh shell/launcher heuristics quarterly using the latest gap analysis in
docs/benchmarks/scanner/scanning-gaps-stella-misses-from-competitors.md. - Re-run explain-trace fixtures to confirm deterministic outputs and document any newly unsupported constructs.
- Ensure operator-facing explainability stays in sync with emitted diagnostics and metrics.
Cadence
- Frequency: Quarterly (Jan, Apr, Jul, Oct) or sooner when critical regressions are discovered.
- Owners: EntryTrace Guild with QA Guild pairing.
- Inputs: Gap benchmark doc, new runtime samples from support channels, and anonymised customer repros (when permitted).
- Outputs:
- Updated heuristics/diagnostics in
StellaOps.Scanner.EntryTracewith deterministic fixtures. - Changelog entry in
src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/TASKS.md. - Sprint log updates under the active
SPRINT_0138_0001_0001_scanner_ruby_parity.mdwhen cadence items land.
- Updated heuristics/diagnostics in
Workflow
- Collect & triage signals
- Parse new gaps from the benchmark doc; map each to an EntryTrace detector area (shell parser, interpreter tracer, PATH resolver).
- Classify as coverage gap, precision issue, or observability gap.
- Fixture-first update
- Add/extend fixtures in
StellaOps.Scanner.EntryTrace.Tests/Fixturesbefore modifying code. - Use deterministic serializers to keep fixture outputs byte-stable.
- Add/extend fixtures in
- Implement & validate
- Update analyzers/diagnostics; run
dotnet test src/Scanner/__Tests/StellaOps.Scanner.EntryTrace.Tests/StellaOps.Scanner.EntryTrace.Tests.csproj --nologo --verbosity minimal. - Confirm metrics counters (
entrytrace_*) and explain-trace text stay consistent.
- Update analyzers/diagnostics; run
- Record explainability
- Update explain-trace catalog (diagnostic enum descriptions) when new reasons are introduced.
- Add operator notes to sprint log if remediation guidance changes.
- Publish
- Attach a brief summary to the sprint Execution Log and to
TASKS.mdwith date + scope.
- Attach a brief summary to the sprint Execution Log and to
Fail-safe & rollback
- Keep previous fixture baselines; if a heuristic widens too far, revert to prior fixture sets to restore determinism.
- Prefer additive diagnostics over behavioural regressions; when behaviour must change, document it in the sprint log and
TASKS.md.
Ownership transitions
- If the cadence cannot run on schedule, mark the relevant sprint task
BLOCKEDwith the reason and hand off to the Project Manager to re-staff before the next window.