stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 12 Releases Wiki Activity
Files
1c782897f762f04b9ed69aed534a03dbe2893039
git.stella-ops.org/docs/implplan/SPRINT_0143_0000_0001_signals.md
StellaOps Bot 1c782897f7
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
Details
Signals CI & Image / signals-ci (push) Has been cancelled
Details
up
2025-11-26 07:47:08 +02:00

11 KiB
Raw Blame History

Sprint 0143-0000-0001 · Signals

Topic & Scope

  • Runtime & Signals stream focused on reachability ingestion, runtime facts, and scoring.
  • Deliver CAS-backed callgraph ingestion for Java/Node.js/Python/Go plus runtime facts NDJSON/gzip ingestion with provenance enrichment.
  • Produce reachability scoring engine with Redis-backed caching and signals.fact.updated events, honoring CAS remediation/waiver rules.
  • Working directory: src/Signals/StellaOps.Signals

Dependencies & Concurrency

  • Upstream sprints: 120.A (AirGap), 130.A (Scanner).
  • Tasks sit in Signals; no cross-module coupling flagged beyond Authority (AUTH-SIG-26-001) for finished skeleton.
  • Completed/historic work archived in docs/implplan/archived/tasks.md (last updated 2025-11-08).

Documentation Prerequisites

  • docs/README.md; docs/07_HIGH_LEVEL_ARCHITECTURE.md; docs/modules/platform/architecture-overview.md.
  • src/Signals/StellaOps.Signals/AGENTS.md.
  • CAS waiver/remediation checklist dated 2025-11-17 for SIGNALS-24-002/004/005 scope.

Delivery Tracker

# Task ID Status Key dependency / next step Owners Task Definition
P1 PREP-SIGNALS-24-005-REDIS-CACHE-IMPLEMENTED-A DONE (2025-11-20) Doc published at docs/signals/events-24-005.md; bus/topic approved. Signals Guild, Platform Events Guild Redis cache implemented; awaiting real bus/topic + payload contract to replace placeholder signals.fact.updated logging.

Document artefact/deliverable for SIGNALS-24-005 and publish location so downstream tasks can proceed.
P2 PREP-SIGNALS-24-002-CAS-PROMO DONE (2025-11-19) Due 2025-11-22 · Accountable: Signals Guild · Platform Storage Guild Signals Guild · Platform Storage Guild CAS promotion checklist and manifest schema published at docs/signals/cas-promotion-24-002.md; awaiting storage approval to execute.
P3 PREP-SIGNALS-24-003-PROVENANCE DONE (2025-11-19) Due 2025-11-22 · Accountable: Signals Guild · Runtime Guild · Authority Guild Signals Guild · Runtime Guild · Authority Guild Provenance appendix fields and checklist published at docs/signals/provenance-24-003.md; awaiting schema/signing approval to execute.
1 SIGNALS-24-001 DONE (2025-11-09) Dependency AUTH-SIG-26-001; merged host skeleton with scope policies and evidence validation. Signals Guild, Authority Guild Stand up Signals API skeleton with RBAC, sealed-mode config, DPoP/mTLS enforcement, and /facts scaffolding so downstream ingestion can begin.
2 SIGNALS-24-002 BLOCKED (2025-11-19) Await Platform Storage approval; CAS promotion checklist ready (see PREP-SIGNALS-24-002-CAS-PROMO). Signals Guild Implement callgraph ingestion/normalization (Java/Node/Python/Go) with CAS persistence and retrieval APIs to feed reachability scoring.
3 SIGNALS-24-003 BLOCKED (2025-11-19) Blocked on SIGNALS-24-002 approval and provenance schema sign-off; checklist ready (PREP-SIGNALS-24-003-PROVENANCE). Signals Guild, Runtime Guild Implement runtime facts ingestion endpoint and normalizer (process, sockets, container metadata) populating context_facts with AOC provenance.
4 SIGNALS-24-004 DONE (2025-11-17) Scoring weights now configurable; runtime ingestion auto-triggers recompute into reachability_facts. Signals Guild, Data Science Deliver reachability scoring engine producing states/scores and writing to reachability_facts; expose configuration for weights.
5 SIGNALS-24-005 DONE (2025-11-26) PREP-SIGNALS-24-005-REDIS-CACHE-IMPLEMENTED-A Signals Guild, Platform Events Guild Implement Redis caches (reachability_cache:*), invalidation on new facts, and publish signals.fact.updated events.

Execution Log

Date (UTC) Update Owner
2025-11-26 Enriched signals.fact.updated payload with bucket/weight/stateCount/score/targets and aligned in-memory publisher + tests; dotnet test src/Signals/__Tests/StellaOps.Signals.Tests/StellaOps.Signals.Tests.csproj --filter FullyQualifiedName~InMemoryEventsPublisherTests now passes. Implementer
2025-11-20 Published docs/signals/events-24-005.md event-bus contract (topic, envelope, retry/DLQ); marked PREP-SIGNALS-24-005 DONE and moved SIGNALS-24-005 to TODO. Implementer
2025-11-19 Assigned PREP owners/dates; see Delivery Tracker. Planning
2025-11-19 Marked SIGNALS-24-002 and SIGNALS-24-003 BLOCKED pending CAS promotion, signed manifests, and provenance schema. Implementer
2025-10-29 Skeleton live with scope policies, stub endpoints, integration tests; sample configuration committed under etc/signals.yaml.sample. Signals Guild
2025-10-29 JSON parsers for Java/Node.js/Python/Go implemented; artifacts stored with SHA-256 and callgraphs upserted into Mongo. Signals Guild
2025-11-09 Signals host registers sealed-mode evidence validation, exposes /readyz//status, enforces scope policies, and adds /signals/facts/{subjectKey} retrieval plus runtime-facts ingestion backing services. Signals Guild / Authority Guild
2025-11-09 Added /signals/callgraphs/{id} retrieval, sealed-mode gating, and CAS-backed artifact metadata responses; remaining work is CAS bucket promotion + signed graph manifests. Signals Guild
2025-11-09 Added runtime facts ingestion service + endpoint, aggregated runtime hit storage, and unit tests; next steps are NDJSON/gzip ingestion and provenance metadata wiring. Signals Guild / Runtime Guild
2025-11-09 Added /signals/runtime-facts/ndjson streaming endpoint (JSON/NDJSON + gzip) with sealed-mode gating; provenance/context enrichment + scoring linkage remain. Signals Guild / Runtime Guild
2025-11-17 CAS remediation window (≤3 days for Critical/High) approved with signed waiver; proceed with SIGNALS-24-002/004/005. Signals Guild
2025-11-17 CAS checklist in remediation window with risk waiver; SIGNALS-24-002/003 remain BLOCKED until CAS promotion + signed manifests land; 24-004/005 stay gated. Signals Guild
2025-11-17 Normalised sprint to standard template and renamed from SPRINT_143_signals.md to SPRINT_0143_0000_0001_signals.md. PM
2025-11-17 Reachability scoring weights moved to config; runtime facts ingestion now triggers recompute and persists states; added unit tests for scoring + runtime ingestion. Signals Guild
2025-11-17 dotnet test src/Signals/StellaOps.Signals.sln aborted after long restore/build; warning NU1504 about duplicate PackageReference items in StellaOps.Signals.Tests persists—needs cleanup before rerun. Signals Guild
2025-11-17 Runtime facts ingestion now stamps provenance metadata (source, ingestedAt, callgraphId) and recompute is triggered on ingest; targeted test run aborted mid-restore—rerun needed. Signals Guild
2025-11-18 dotnet restore for StellaOps.Signals.Tests now succeeds (16.8s); dotnet test -v:diag --blame-hang-timeout 120s still running long—awaiting stable completion. Signals Guild
2025-11-18 Redis reachability cache added (StackExchange.Redis) with configurable TTL; repository now wrapped with cache decorator; cache config added to signals.yaml.sample. Signals Guild
2025-11-18 Signals unit tests (ReachabilityScoringServiceTests, RuntimeFactsIngestionServiceTests) discovered successfully; targeted test run completed (tests passed). Signals Guild
2025-11-18 dotnet test --no-build --list-tests and subsequent run now succeed for Signals tests (6.2s). Signals Guild
2025-11-18 Structured signals.fact.updated@v1 payload + logging added with unit coverage (InMemoryEventsPublisherTests); bus/channel contract still pending; full solution test run cancelled for time (needs rerun). Signals Guild
2025-11-18 Another targeted test run (/m:1 --no-restore --filter InMemoryEventsPublisherTests) still times out >40s due to upstream Authority/Cryptography build fan-out; leave as follow-up once caches are warm. Signals Guild
2025-11-18 Signals test project detangled from Concelier shared infra (set UseConcelierTestInfra=false, explicit test packages), added InternalsVisibleTo for Signals tests, and refreshed cache/events test fakes; Signals solution build now clean and dotnet test --no-build --filter InMemoryEventsPublisherTests passes. Event bus contract still outstanding. Signals Guild
2025-11-18 Created expected local-nugets/ feed directory to clear NU1301 failures; full Signals solution restore still ran >60s and was cancelled for time—needs longer restore window before rerunning dotnet test on the solution. Signals Guild
2025-11-18 Full Signals solution dotnet restore --disable-parallel now succeeds (33.7s). A full dotnet test --no-restore /m:1 attempt ran ~101s and was cancelled during cryptography-plugin build; full suite still needs a longer window to finish. Signals Guild
2025-11-18 Re-attempted dotnet test --no-restore /m:1 --blame-hang-timeout 240s; aborted early (~14s) to avoid another long hang. Full solution test still pending a longer uninterrupted window. Signals Guild
2025-11-18 Tried dotnet build src/Signals/StellaOps.Signals.sln --no-restore /m:1; aborted after ~12s as build again fanned into Cryptography plugins. Need either build filtering or dedicated window to let full solution finish. Signals Guild
2025-11-18 Targeted dotnet test src/Signals/__Tests/StellaOps.Signals.Tests/StellaOps.Signals.Tests.csproj --no-build --no-restore was started but cancelled by operator after ~9s during generated Program file step; unit suite previously green—no new code changes since. Signals Guild
2025-11-18 Attempted dotnet build src/Signals/StellaOps.Signals/StellaOps.Signals.csproj --no-restore /m:1; cancelled after ~9s when build began resolving upstream auth/crypto dependencies. Signals Guild
2025-11-18 Added AirGap.EventTopic option (config + options) and fixed InMemoryEventsPublisher build error; dotnet build src/Signals/StellaOps.Signals/StellaOps.Signals.csproj --no-restore /m:1 now succeeds. Signals Guild
2025-11-18 Signals unit tests now pass via dotnet test src/Signals/__Tests/StellaOps.Signals.Tests/StellaOps.Signals.Tests.csproj --no-build --no-restore (3 tests, 0 failures, ~4s). Signals Guild
2025-11-18 Full Signals solution test (dotnet test src/Signals/StellaOps.Signals.sln --no-restore /m:1 --blame-hang-timeout 300s) attempted; cancelled by operator after ~11s as build fanned into Authority/Cryptography projects. Requires longer window or filtered solution. Signals Guild

Decisions & Risks

  • CAS remediation window (≤3 days for Critical/High) running under signed waiver; track SIGNALS-24-002/004/005 for compliance.
  • Callgraph CAS bucket promotion and signed manifests remain outstanding for SIGNALS-24-002; risk to scoring start if delayed.
  • SIGNALS-24-003 now blocked on CAS promotion/provenance schema; downstream scoring (24-004/005) depend on this landing.
  • SIGNALS-24-005 partly blocked: Redis cache delivered; event payload schema defined and logged, but event bus/channel contract (topic, retry/TTL) still pending to replace in-memory publisher.
  • Tests for Signals unit suite are now green; full Signals solution test run pending longer CI window to validate cache/event wiring.

Next Checkpoints

  • Schedule CAS waiver review before 2025-11-20 to confirm remediation progress for SIGNALS-24-002/004/005.
  • Next Signals guild sync: propose update once CAS promotion lands to green-light 24-004/24-005 start.