1d962ee6fc
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
This commit introduces the OpenSslLegacyShim class, which sets the LD_LIBRARY_PATH environment variable to include the directory containing OpenSSL 1.1 native libraries. This is necessary for Mongo2Go to function correctly on Linux platforms that do not ship these libraries by default. The shim checks if the current operating system is Linux and whether the required directory exists before modifying the environment variable.
36 KiB
36 KiB
Sprint 130 - Scanner & Surface
[Scanner & Surface] 130.A) Scanner.I Depends on: Sprint 110.A - AdvisoryAI Summary: Scanner & Surface focus on Scanner (phase I).
| Task ID | State | Task description | Owners (Source) |
|---|---|---|---|
| 5 | SCANNER-ANALYZERS-LANG-10-308R | Determinism fixtures + performance benchmarks; compare against competitor heuristic coverage. | DONE (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Rust/TASKS.md) |
| 6 | SCANNER-ANALYZERS-LANG-10-309R | Package plug-in manifest + Offline Kit documentation; ensure Worker integration. Dependencies: SCANNER-ANALYZERS-LANG-10-308R. | DONE (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Rust/TASKS.md) |
| ENTRYTRACE-SURFACE-01 | DONE (2025-11-02) | Run Surface.Validation prereq checks and resolve cached entry fragments via Surface.FS to avoid duplicate parsing. | EntryTrace Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/TASKS.md) |
| ENTRYTRACE-SURFACE-02 | DONE (2025-11-02) | Replace direct env/secret access with Surface.Secrets provider when tracing runtime configs. Dependencies: ENTRYTRACE-SURFACE-01. | EntryTrace Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/TASKS.md) |
| SCANNER-ENTRYTRACE-18-509 | DONE (2025-11-02) | Add regression coverage for EntryTrace surfaces (result store, WebService endpoint, CLI renderer) and NDJSON hashing. | EntryTrace Guild, QA Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/TASKS.md) |
| SCANNER-ENTRYTRACE-18-507 | DONE (2025-11-02) | Expand candidate discovery beyond ENTRYPOINT/CMD by scanning Docker history metadata and default service directories (/etc/services/**, /s6/**, /etc/supervisor/*.conf, /usr/local/bin/*-entrypoint) when explicit commands are absent. Dependencies: SCANNER-ENTRYTRACE-18-509. |
EntryTrace Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/TASKS.md) |
| SCANNER-ENTRYTRACE-18-508 | DONE (2025-11-02) | Extend wrapper catalogue to collapse language/package launchers (bundle, bundle exec, docker-php-entrypoint, npm, yarn node, pipenv, poetry run) and vendor init scripts before terminal classification. Dependencies: SCANNER-ENTRYTRACE-18-507. |
EntryTrace Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/TASKS.md) |
| LANG-SURFACE-01 | TODO | Invoke Surface.Validation checks (env/cache/secrets) before analyzer execution to ensure consistent prerequisites. | Language Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang/TASKS.md) |
| LANG-SURFACE-02 | TODO | Consume Surface.FS APIs for layer/source caching (instead of bespoke caches) to improve determinism. Dependencies: LANG-SURFACE-01. | Language Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang/TASKS.md) |
| LANG-SURFACE-03 | TODO | Replace direct secret/env reads with Surface.Secrets references when fetching package feeds or registry creds. Dependencies: LANG-SURFACE-02. | Language Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang/TASKS.md) |
| SCANNER-ANALYZERS-DENO-26-001 | TODO | Build input normalizer & VFS for Deno projects: merge deno.json(c), import maps, lockfiles, vendor dirs, $DENO_DIR caches, and container layers. Detect runtime/toolchain hints deterministically. |
Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno/TASKS.md) |
| SCANNER-ANALYZERS-DENO-26-002 | TODO | Module graph builder: resolve static/dynamic imports using import map, deno.lock, vendor/, cache, npm bridge, node: builtins, WASM/JSON assertions. Annotate edges with resolution source and form. Dependencies: SCANNER-ANALYZERS-DENO-26-001. |
Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno/TASKS.md) |
| SCANNER-ANALYZERS-DENO-26-003 | TODO | NPM/Node compat adapter: map npm: specifiers to cached packages or compat node_modules, evaluate package exports/conditions, record node: builtin usage. Dependencies: SCANNER-ANALYZERS-DENO-26-002. |
Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno/TASKS.md) |
| SCANNER-ANALYZERS-DENO-26-004 | TODO | Static analyzer for permission/capability signals (FS, net, env, process, crypto, FFI, workers). Detect dynamic-import patterns, literal fetch URLs, tasks vs declared permissions. Dependencies: SCANNER-ANALYZERS-DENO-26-003. | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno/TASKS.md) |
| SCANNER-ANALYZERS-DENO-26-005 | TODO | Bundle/binary inspector: parse eszip bundles and deno compile executables (embedded eszip + snapshot) to recover module graph, config, embedded resources. Dependencies: SCANNER-ANALYZERS-DENO-26-004. |
Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno/TASKS.md) |
| SCANNER-ANALYZERS-DENO-26-006 | TODO | Container adapter: traverse OCI layers for deno, caches, vendor directories, compiled binaries; merge module provenance with layer info. Dependencies: SCANNER-ANALYZERS-DENO-26-005. |
Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno/TASKS.md) |
| SCANNER-ANALYZERS-DENO-26-007 | TODO | Produce AOC-compliant observations: entrypoints, modules, edges, permissions, workers, warnings, binaries with reason codes and contexts. Dependencies: SCANNER-ANALYZERS-DENO-26-006. | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno/TASKS.md) |
| SCANNER-ANALYZERS-DENO-26-008 | TODO | Fixture suite + performance benchmarks (vendor, npm, FFI, workers, dynamic import, bundle/binary, cache-only, container). Dependencies: SCANNER-ANALYZERS-DENO-26-007. | Deno Analyzer Guild, QA Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno/TASKS.md) |
[Scanner & Surface] 130.A) Scanner.II Depends on: Sprint 130.A - Scanner.I Summary: Scanner & Surface focus on Scanner (phase II).
| Task ID | State | Task description | Owners (Source) |
|---|---|---|---|
| SCANNER-ANALYZERS-DENO-26-009 | TODO | Optional runtime evidence hooks (loader/require shim) capturing module loads + permissions during harnessed execution with path hashing. Dependencies: SCANNER-ANALYZERS-DENO-26-008. | Deno Analyzer Guild, Signals Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno/TASKS.md) |
| SCANNER-ANALYZERS-DENO-26-010 | TODO | Package analyzer plug-in, add CLI (stella deno inspect, stella deno resolve, stella deno trace) commands, update Offline Kit docs, ensure Worker integration. Dependencies: SCANNER-ANALYZERS-DENO-26-009. |
Deno Analyzer Guild, DevOps Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno/TASKS.md) |
| SCANNER-ANALYZERS-DENO-26-011 | TODO | Policy signal emitter: net/fs/env/ffi/process/crypto capabilities, remote origin list, npm usage, wasm modules, dynamic-import warnings. Dependencies: SCANNER-ANALYZERS-DENO-26-010. | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno/TASKS.md) |
| SCANNER-ANALYZERS-JAVA-21-005 | TODO | Framework config extraction: Spring Boot imports, spring.factories, application properties/yaml, Jakarta web.xml & fragments, JAX-RS/JPA/CDI/JAXB configs, logging files, Graal native-image configs. | Java Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/TASKS.md) |
| SCANNER-ANALYZERS-JAVA-21-006 | TODO | JNI/native hint scanner: detect native methods, System.load/Library literals, bundled native libs, Graal JNI configs; emit jni-load edges for native analyzer correlation. Dependencies: SCANNER-ANALYZERS-JAVA-21-005. |
Java Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/TASKS.md) |
| SCANNER-ANALYZERS-JAVA-21-007 | TODO | Signature and manifest metadata collector: verify JAR signature structure, capture signers, manifest loader attributes (Main-Class, Agent-Class, Start-Class, Class-Path). Dependencies: SCANNER-ANALYZERS-JAVA-21-006. | Java Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/TASKS.md) |
| SCANNER-ANALYZERS-JAVA-21-008 | BLOCKED (2025-10-27) | Implement resolver + AOC writer: produce entrypoints (env profiles, warnings), components (jar_id + semantic ids), edges (jpms, cp, spi, reflect, jni) with reason codes/confidence. Dependencies: SCANNER-ANALYZERS-JAVA-21-007. | Java Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/TASKS.md) |
| SCANNER-ANALYZERS-JAVA-21-009 | TODO | Author comprehensive fixtures (modular app, boot fat jar, war, ear, MR-jar, jlink image, JNI, reflection heavy, signed jar, microprofile) with golden outputs and perf benchmarks. Dependencies: SCANNER-ANALYZERS-JAVA-21-008. | Java Analyzer Guild, QA Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/TASKS.md) |
| SCANNER-ANALYZERS-JAVA-21-010 | TODO | Optional runtime ingestion: Java agent + JFR reader capturing class load, ServiceLoader, and System.load events with path scrubbing. Emit append-only runtime edges runtime-class/runtime-spi/runtime-load. Dependencies: SCANNER-ANALYZERS-JAVA-21-009. |
Java Analyzer Guild, Signals Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/TASKS.md) |
| SCANNER-ANALYZERS-JAVA-21-011 | TODO | Package analyzer as restart-time plug-in (manifest/DI), update Offline Kit docs, add CLI/worker hooks for Java inspection commands. Dependencies: SCANNER-ANALYZERS-JAVA-21-010. | Java Analyzer Guild, DevOps Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/TASKS.md) |
| SCANNER-ANALYZERS-LANG-11-001 | TODO | Build entrypoint resolver that maps project/publish artifacts to entrypoint identities (assembly name, MVID, TFM, RID) and environment profiles (publish mode, host kind, probing paths). Output normalized entrypoints[] records with deterministic IDs. Dependencies: SCANNER-ANALYZERS-LANG-10-309R. |
StellaOps.Scanner EPDR Guild, Language Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet/TASKS.md) |
[Scanner & Surface] 130.A) Scanner.III Depends on: Sprint 130.A - Scanner.II Summary: Scanner & Surface focus on Scanner (phase III).
| Task ID | State | Task description | Owners (Source) |
|---|---|---|---|
| SCANNER-ANALYZERS-LANG-11-002 | TODO | Implement static analyzer (IL + reflection heuristics) capturing AssemblyRef, ModuleRef/PInvoke, DynamicDependency, reflection literals, DI patterns, and custom AssemblyLoadContext probing hints. Emit dependency edges with reason codes and confidence. Dependencies: SCANNER-ANALYZERS-LANG-11-001. | StellaOps.Scanner EPDR Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet/TASKS.md) |
| SCANNER-ANALYZERS-LANG-11-003 | TODO | Ingest optional runtime evidence (AssemblyLoad, Resolving, P/Invoke) via event listener harness; merge runtime edges with static/declared ones and attach reason codes/confidence. Dependencies: SCANNER-ANALYZERS-LANG-11-002. | StellaOps.Scanner EPDR Guild, Signals Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet/TASKS.md) |
| SCANNER-ANALYZERS-LANG-11-004 | TODO | Produce normalized observation export to Scanner writer: entrypoints + dependency edges + environment profiles (AOC compliant). Wire to SBOM service entrypoint tagging. Dependencies: SCANNER-ANALYZERS-LANG-11-003. | StellaOps.Scanner EPDR Guild, SBOM Service Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet/TASKS.md) |
| SCANNER-ANALYZERS-LANG-11-005 | TODO | Add comprehensive fixtures/benchmarks covering framework-dependent, self-contained, single-file, trimmed, NativeAOT, multi-RID scenarios; include explain traces and perf benchmarks vs previous analyzer. Dependencies: SCANNER-ANALYZERS-LANG-11-004. | StellaOps.Scanner EPDR Guild, QA Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet/TASKS.md) |
| SCANNER-ANALYZERS-NATIVE-20-001 | TODO | Implement format detector and binary identity model supporting ELF, PE/COFF, and Mach-O (including fat slices). Capture arch, OS, build-id/UUID, interpreter metadata. | Native Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native/TASKS.md) |
| SCANNER-ANALYZERS-NATIVE-20-002 | TODO | Parse ELF dynamic sections: DT_NEEDED, DT_RPATH, DT_RUNPATH, symbol versions, interpreter, and note build-id. Emit declared dependency records with reason elf-dtneeded and attach version needs. Dependencies: SCANNER-ANALYZERS-NATIVE-20-001. |
Native Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native/TASKS.md) |
| SCANNER-ANALYZERS-NATIVE-20-003 | TODO | Parse PE imports, delay-load tables, manifests/SxS metadata, and subsystem flags. Emit edges with reasons pe-import and pe-delayimport, plus SxS policy metadata. Dependencies: SCANNER-ANALYZERS-NATIVE-20-002. |
Native Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native/TASKS.md) |
| SCANNER-ANALYZERS-NATIVE-20-004 | TODO | Parse Mach-O load commands (LC_LOAD_DYLIB, LC_REEXPORT_DYLIB, LC_RPATH, LC_UUID, fat headers). Handle @rpath/@loader_path placeholders and slice separation. Dependencies: SCANNER-ANALYZERS-NATIVE-20-003. |
Native Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native/TASKS.md) |
| SCANNER-ANALYZERS-NATIVE-20-005 | TODO | Implement resolver engine modeling loader search order for ELF (rpath/runpath/cache/default), PE (SafeDll search + SxS), and Mach-O (@rpath expansion). Works against virtual image roots, producing explain traces. Dependencies: SCANNER-ANALYZERS-NATIVE-20-004. |
Native Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native/TASKS.md) |
| SCANNER-ANALYZERS-NATIVE-20-006 | TODO | Build heuristic scanner for dlopen/LoadLibrary strings, plugin ecosystem configs, and Go/Rust static hints. Emit edges with reason_code (string-dlopen, config-plugin, ecosystem-heuristic) and confidence levels. Dependencies: SCANNER-ANALYZERS-NATIVE-20-005. |
Native Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native/TASKS.md) |
| SCANNER-ANALYZERS-NATIVE-20-007 | TODO | Serialize AOC-compliant observations: entrypoints + dependency edges + environment profiles (search paths, interpreter, loader metadata). Integrate with Scanner writer API. Dependencies: SCANNER-ANALYZERS-NATIVE-20-006. | Native Analyzer Guild, SBOM Service Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native/TASKS.md) |
| SCANNER-ANALYZERS-NATIVE-20-008 | TODO | Author cross-platform fixtures (ELF dynamic/static, PE delay-load/SxS, Mach-O @rpath, plugin configs) and determinism benchmarks (<25 ms / binary, <250 MB). Dependencies: SCANNER-ANALYZERS-NATIVE-20-007. | Native Analyzer Guild, QA Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native/TASKS.md) |
| SCANNER-ANALYZERS-NATIVE-20-009 | TODO | Provide optional runtime capture adapters (Linux eBPF dlopen, Windows ETW ImageLoad, macOS dyld interpose) writing append-only runtime evidence. Include redaction/sandbox guidance. Dependencies: SCANNER-ANALYZERS-NATIVE-20-008. |
Native Analyzer Guild, Signals Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native/TASKS.md) |
| SCANNER-ANALYZERS-NATIVE-20-010 | TODO | Package native analyzer as restart-time plug-in with manifest/DI registration; update Offline Kit bundle + documentation. Dependencies: SCANNER-ANALYZERS-NATIVE-20-009. | Native Analyzer Guild, DevOps Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native/TASKS.md) |
| SCANNER-ANALYZERS-NODE-22-001 | TODO | Build input normalizer + VFS for Node projects: dirs, tgz, container layers, pnpm store, Yarn PnP zips; detect Node version targets (.nvmrc, .node-version, Dockerfile) and workspace roots deterministically. |
Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node/TASKS.md) |
| SCANNER-ANALYZERS-NODE-22-002 | TODO | Implement entrypoint discovery (bin/main/module/exports/imports, workers, electron, shebang scripts) and condition set builder per entrypoint. Dependencies: SCANNER-ANALYZERS-NODE-22-001. | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node/TASKS.md) |
| SCANNER-ANALYZERS-NODE-22-003 | TODO | Parse JS/TS sources for static import, require, import() and string concat cases; flag dynamic patterns with confidence levels; support source map de-bundling. Dependencies: SCANNER-ANALYZERS-NODE-22-002. |
Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node/TASKS.md) |
| SCANNER-ANALYZERS-NODE-22-004 | TODO | Implement Node resolver engine for CJS + ESM (core modules, exports/imports maps, conditions, extension priorities, self-references) parameterised by node_version. Dependencies: SCANNER-ANALYZERS-NODE-22-003. | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node/TASKS.md) |
| SCANNER-ANALYZERS-NODE-22-005 | TODO | Add package manager adapters: Yarn PnP (.pnp.data/.pnp.cjs), pnpm virtual store, npm/Yarn classic hoists; operate entirely in virtual FS. Dependencies: SCANNER-ANALYZERS-NODE-22-004. | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node/TASKS.md) |
[Scanner & Surface] 130.A) Scanner.IV Depends on: Sprint 130.A - Scanner.III Summary: Scanner & Surface focus on Scanner (phase IV).
| Task ID | State | Task description | Owners (Source) |
|---|---|---|---|
| SCANNER-ANALYZERS-NODE-22-006 | TODO | Detect bundles + source maps, reconstruct module specifiers, and correlate to original paths; support dual CJS/ESM graphs with conditions. Dependencies: SCANNER-ANALYZERS-NODE-22-005. | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node/TASKS.md) |
| SCANNER-ANALYZERS-NODE-22-007 | TODO | Scan for native addons (.node), WASM modules, and core capability signals (child_process, vm, worker_threads); emit hint edges and native metadata. Dependencies: SCANNER-ANALYZERS-NODE-22-006. | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node/TASKS.md) |
| SCANNER-ANALYZERS-NODE-22-008 | TODO | Produce AOC-compliant observations: entrypoints, components (pkg/native/wasm), edges (esm-import, cjs-require, exports, json, native-addon, wasm, worker) with reason codes/confidence and resolver traces. Dependencies: SCANNER-ANALYZERS-NODE-22-007. | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node/TASKS.md) |
| SCANNER-ANALYZERS-NODE-22-009 | TODO | Author fixture suite + performance benchmarks (npm, pnpm, PnP, bundle, electron, worker) with golden outputs and latency budgets. Dependencies: SCANNER-ANALYZERS-NODE-22-008. | Node Analyzer Guild, QA Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node/TASKS.md) |
| SCANNER-ANALYZERS-NODE-22-010 | TODO | Implement optional runtime evidence hooks (ESM loader, CJS require hook) with path scrubbing and loader ID hashing; emit runtime-* edges. Dependencies: SCANNER-ANALYZERS-NODE-22-009. | Node Analyzer Guild, Signals Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node/TASKS.md) |
| SCANNER-ANALYZERS-NODE-22-011 | TODO | Package updated analyzer as restart-time plug-in, expose Scanner CLI (stella node *) commands, refresh Offline Kit documentation. Dependencies: SCANNER-ANALYZERS-NODE-22-010. |
Node Analyzer Guild, DevOps Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node/TASKS.md) |
| SCANNER-ANALYZERS-NODE-22-012 | TODO | Integrate container filesystem adapter (OCI layers, Dockerfile hints) and record NODE_OPTIONS/env warnings. Dependencies: SCANNER-ANALYZERS-NODE-22-011. | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node/TASKS.md) |
| SCANNER-ANALYZERS-PHP-27-001 | TODO | Build input normalizer & VFS for PHP projects: merge source trees, composer manifests, vendor/, php.ini/conf.d, .htaccess, FPM configs, container layers. Detect framework/CMS fingerprints deterministically. |
PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php/TASKS.md) |
| SCANNER-ANALYZERS-PHP-27-002 | TODO | Composer/Autoload analyzer: parse composer.json/lock/installed.json, generate package nodes, autoload edges (psr-4/0/classmap/files), bin entrypoints, composer plugins. Dependencies: SCANNER-ANALYZERS-PHP-27-001. | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php/TASKS.md) |
| SCANNER-ANALYZERS-PHP-27-003 | TODO | Include/require graph builder: resolve static includes, capture dynamic include patterns, bootstrap chains, merge with autoload edges. Dependencies: SCANNER-ANALYZERS-PHP-27-002. | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php/TASKS.md) |
| SCANNER-ANALYZERS-PHP-27-004 | TODO | Runtime capability scanner: detect exec/fs/net/env/serialization/crypto/database usage, stream wrappers, uploads; record evidence snippets. Dependencies: SCANNER-ANALYZERS-PHP-27-003. | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php/TASKS.md) |
| SCANNER-ANALYZERS-PHP-27-005 | TODO | PHAR/Archive inspector: parse phar manifests/stubs, hash files, detect embedded vendor trees and phar:// usage. Dependencies: SCANNER-ANALYZERS-PHP-27-004. | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php/TASKS.md) |
| SCANNER-ANALYZERS-PHP-27-006 | TODO | Framework/CMS surface mapper: extract routes, controllers, middleware, CLI/cron entrypoints for Laravel/Symfony/Slim/WordPress/Drupal/Magento. Dependencies: SCANNER-ANALYZERS-PHP-27-005. | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php/TASKS.md) |
| SCANNER-ANALYZERS-PHP-27-007 | TODO | Container & extension detector: parse php.ini/conf.d, map extensions to .so/.dll, collect web server/FPM settings, upload limits, disable_functions. Dependencies: SCANNER-ANALYZERS-PHP-27-006. | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php/TASKS.md) |
[Scanner & Surface] 130.A) Scanner.V Depends on: Sprint 130.A - Scanner.IV Summary: Scanner & Surface focus on Scanner (phase V).
| Task ID | State | Task description | Owners (Source) |
|---|---|---|---|
| SCANNER-ANALYZERS-PHP-27-009 | TODO | Fixture suite + performance benchmarks (Laravel, Symfony, WordPress, legacy, PHAR, container) with golden outputs. Dependencies: SCANNER-ANALYZERS-PHP-27-007. | PHP Analyzer Guild, QA Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php/TASKS.md) |
| SCANNER-ANALYZERS-PHP-27-010 | TODO | Optional runtime evidence hooks (if provided) to ingest audit logs or opcode cache stats with path hashing. Dependencies: SCANNER-ANALYZERS-PHP-27-009. | PHP Analyzer Guild, Signals Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php/TASKS.md) |
| SCANNER-ANALYZERS-PHP-27-011 | TODO | Package analyzer plug-in, add CLI (stella php inspect), refresh Offline Kit documentation. Dependencies: SCANNER-ANALYZERS-PHP-27-010. |
PHP Analyzer Guild, DevOps Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php/TASKS.md) |
| SCANNER-ANALYZERS-PHP-27-012 | TODO | Policy signal emitter: extension requirements/presence, dangerous constructs counters, stream wrapper usage, capability summaries. Dependencies: SCANNER-ANALYZERS-PHP-27-011. | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php/TASKS.md) |
| SCANNER-ANALYZERS-PYTHON-23-001 | TODO | Build input normalizer & virtual filesystem for wheels, sdists, editable installs, zipapps, site-packages trees, and container roots. Detect Python version targets (pyproject.toml, runtime.txt, Dockerfile) + virtualenv layout deterministically. |
Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python/TASKS.md) |
| SCANNER-ANALYZERS-PYTHON-23-002 | TODO | Entrypoint discovery: module __main__, console_scripts entry points, scripts, zipapp main, manage.py/gunicorn/celery patterns. Capture invocation context (module vs package, argv wrappers). Dependencies: SCANNER-ANALYZERS-PYTHON-23-001. |
Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python/TASKS.md) |
| SCANNER-ANALYZERS-PYTHON-23-003 | TODO | Static import graph builder using AST and bytecode fallback. Support import, from ... import, relative imports, importlib.import_module, __import__ with literal args, pkgutil.extend_path. Dependencies: SCANNER-ANALYZERS-PYTHON-23-002. |
Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python/TASKS.md) |
| SCANNER-ANALYZERS-PYTHON-23-004 | TODO | Python resolver engine (importlib semantics) handling namespace packages (PEP 420), package discovery order, .pth files, sys.path composition, zipimport, and site-packages precedence across virtualenv/container roots. Dependencies: SCANNER-ANALYZERS-PYTHON-23-003. |
Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python/TASKS.md) |
| SCANNER-ANALYZERS-PYTHON-23-005 | TODO | Packaging adapters: pip editable (.egg-link), Poetry/Flit layout, Conda prefix, .dist-info/RECORD cross-check, container layer overlays. Dependencies: SCANNER-ANALYZERS-PYTHON-23-004. |
Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python/TASKS.md) |
| SCANNER-ANALYZERS-PYTHON-23-006 | TODO | Detect native extensions (*.so, *.pyd), CFFI modules, ctypes loaders, embedded WASM, and runtime capability signals (subprocess, multiprocessing, ctypes, eval). Dependencies: SCANNER-ANALYZERS-PYTHON-23-005. |
Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python/TASKS.md) |
| SCANNER-ANALYZERS-PYTHON-23-007 | TODO | Framework/config heuristics: Django, Flask, FastAPI, Celery, AWS Lambda handlers, Gunicorn, Click/Typer CLIs, logging configs, pyproject optional dependencies. Tagged as hints only. Dependencies: SCANNER-ANALYZERS-PYTHON-23-006. | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python/TASKS.md) |
| SCANNER-ANALYZERS-PYTHON-23-008 | TODO | Produce AOC-compliant observations: entrypoints, components (modules/packages/native), edges (import, namespace, dynamic-hint, native-extension) with reason codes/confidence and resolver traces. Dependencies: SCANNER-ANALYZERS-PYTHON-23-007. | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python/TASKS.md) |
| SCANNER-ANALYZERS-PYTHON-23-009 | TODO | Fixture suite + perf benchmarks covering virtualenv, namespace packages, zipapp, editable installs, containers, lambda handler. Dependencies: SCANNER-ANALYZERS-PYTHON-23-008. | Python Analyzer Guild, QA Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python/TASKS.md) |
| SCANNER-ANALYZERS-PYTHON-23-010 | TODO | Optional runtime evidence: import hook capturing module load events with path scrubbing, optional bytecode instrumentation for importlib hooks, multiprocessing tracer. Dependencies: SCANNER-ANALYZERS-PYTHON-23-009. |
Python Analyzer Guild, Signals Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python/TASKS.md) |
| SCANNER-ANALYZERS-PYTHON-23-011 | TODO | Package analyzer plug-in, add CLI commands (stella python inspect), refresh Offline Kit documentation. Dependencies: SCANNER-ANALYZERS-PYTHON-23-010. |
Python Analyzer Guild, DevOps Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python/TASKS.md) |
[Scanner & Surface] 130.A) Scanner.VI Depends on: Sprint 130.A - Scanner.V Summary: Scanner & Surface focus on Scanner (phase VI).
| Task ID | State | Task description | Owners (Source) |
|---|---|---|---|
| SCANNER-ANALYZERS-PYTHON-23-012 | TODO | Container/zipapp adapter enhancements: parse OCI layers for Python runtime, detect PYTHONPATH/PYTHONHOME env, record warnings for sitecustomize/startup hooks. Dependencies: SCANNER-ANALYZERS-PYTHON-23-011. |
Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python/TASKS.md) |
| SCANNER-ANALYZERS-RUBY-28-001 | TODO | Build input normalizer & VFS for Ruby projects: merge source trees, Gemfile/Gemfile.lock, vendor/bundle, .gem archives, .bundle/config, Rack configs, containers. Detect framework/job fingerprints deterministically. |
Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby/TASKS.md) |
| SCANNER-ANALYZERS-RUBY-28-002 | TODO | Gem & Bundler analyzer: parse Gemfile/Gemfile.lock, vendor specs, .gem archives, produce package nodes (PURLs), dependency edges, bin scripts, Bundler group metadata. Dependencies: SCANNER-ANALYZERS-RUBY-28-001. | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby/TASKS.md) |
| SCANNER-ANALYZERS-RUBY-28-003 | TODO | Require/autoload graph builder: resolve static/dynamic require, require_relative, load; infer Zeitwerk autoload paths and Rack boot chain. Dependencies: SCANNER-ANALYZERS-RUBY-28-002. | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby/TASKS.md) |
| SCANNER-ANALYZERS-RUBY-28-004 | TODO | Framework surface mapper: extract routes/controllers/middleware for Rails/Rack/Sinatra/Grape/Hanami; inventory jobs/schedulers (Sidekiq, Resque, ActiveJob, whenever, clockwork). Dependencies: SCANNER-ANALYZERS-RUBY-28-003. | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby/TASKS.md) |
| SCANNER-ANALYZERS-RUBY-28-005 | TODO | Capability analyzer: detect os-exec, filesystem, network, serialization, crypto, DB usage, TLS posture, dynamic eval; record evidence snippets with file/line. Dependencies: SCANNER-ANALYZERS-RUBY-28-004. | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby/TASKS.md) |
| SCANNER-ANALYZERS-RUBY-28-006 | TODO | Rake task & scheduler analyzer: parse Rakefiles/lib/tasks, capture task names/prereqs/shell commands; parse Sidekiq/whenever/clockwork configs into schedules. Dependencies: SCANNER-ANALYZERS-RUBY-28-005. | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby/TASKS.md) |
| SCANNER-ANALYZERS-RUBY-28-007 | TODO | Container/runtime scanner: detect Ruby version, installed gems, native extensions, web server configs in OCI layers. Dependencies: SCANNER-ANALYZERS-RUBY-28-006. | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby/TASKS.md) |
| SCANNER-ANALYZERS-RUBY-28-008 | TODO | Produce AOC-compliant observations: entrypoints, packages, modules, edges (require/autoload), routes, jobs, tasks, capabilities, configs, warnings. Dependencies: SCANNER-ANALYZERS-RUBY-28-007. | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby/TASKS.md) |
| SCANNER-ANALYZERS-RUBY-28-009 | TODO | Fixture suite + performance benchmarks (Rails, Rack, Sinatra, Sidekiq, legacy, .gem, container) with golden outputs. Dependencies: SCANNER-ANALYZERS-RUBY-28-008. | Ruby Analyzer Guild, QA Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby/TASKS.md) |
| SCANNER-ANALYZERS-RUBY-28-010 | TODO | Optional runtime evidence integration (if provided logs/metrics) with path hashing, without altering static precedence. Dependencies: SCANNER-ANALYZERS-RUBY-28-009. | Ruby Analyzer Guild, Signals Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby/TASKS.md) |
| SCANNER-ANALYZERS-RUBY-28-011 | TODO | Package analyzer plug-in, add CLI (stella ruby inspect), refresh Offline Kit documentation. Dependencies: SCANNER-ANALYZERS-RUBY-28-010. |
Ruby Analyzer Guild, DevOps Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby/TASKS.md) |
| SCANNER-ANALYZERS-RUBY-28-012 | TODO | Policy signal emitter: rubygems drift, native extension flags, dangerous constructs counts, TLS verify posture, dynamic require eval warnings. Dependencies: SCANNER-ANALYZERS-RUBY-28-011. | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby/TASKS.md) |
| SCANNER-ENTRYTRACE-18-502 | TODO | Expand chain walker with init shim/user-switch/supervisor recognition plus env/workdir accumulation and guarded edges. Dependencies: SCANNER-ENTRYTRACE-18-508. | EntryTrace Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/TASKS.md) |
| SCANNER-ENTRYTRACE-18-503 | TODO | Introduce target classifier + EntryPlan handoff with confidence scoring for ELF/Java/.NET/Node/Python and user/workdir context. Dependencies: SCANNER-ENTRYTRACE-18-502. | EntryTrace Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/TASKS.md) |
[Scanner & Surface] 130.A) Scanner.VII Depends on: Sprint 130.A - Scanner.VI Summary: Scanner & Surface focus on Scanner (phase VII).
| Task ID | State | Task description | Owners (Source) |
|---|---|---|---|
| SCANNER-ENTRYTRACE-18-504 | TODO | Emit EntryTrace AOC NDJSON (entrytrace.entry/node/edge/target/warning/capability) and wire CLI/service streaming outputs. Dependencies: SCANNER-ENTRYTRACE-18-503. |
EntryTrace Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/TASKS.md) |
| SCANNER-ENV-01 | TODO | Replace ad-hoc environment reads with StellaOps.Scanner.Surface.Env helpers for cache roots and CAS endpoints. |
Scanner Worker Guild (src/Scanner/StellaOps.Scanner.Worker/TASKS.md) |
| SCANNER-ENV-02 | TODO | Wire Surface.Env helpers into WebService hosting (cache roots, feature flags) and document configuration. Dependencies: SCANNER-ENV-01. | Scanner WebService Guild, Ops Guild (src/Scanner/StellaOps.Scanner.WebService/TASKS.md) |
| SCANNER-ENV-03 | TODO | Adopt Surface.Env helpers for plugin configuration (cache roots, CAS endpoints, feature toggles). Dependencies: SCANNER-ENV-02. | BuildX Plugin Guild (src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin/TASKS.md) |
| SCANNER-EVENTS-16-301 | BLOCKED (2025-10-26) | Emit orchestrator-compatible envelopes (scanner.event.*) and update integration tests to verify Notifier ingestion (no Redis queue coupling). |
Scanner WebService Guild (src/Scanner/StellaOps.Scanner.WebService/TASKS.md) |
| SCANNER-EVENTS-16-302 | DOING (2025-10-26) | Extend orchestrator event links (report/policy/attestation) once endpoints are finalised across gateway + console. Dependencies: SCANNER-EVENTS-16-301. | Scanner WebService Guild (src/Scanner/StellaOps.Scanner.WebService/TASKS.md) |
| SCANNER-GRAPH-21-001 | TODO | Provide webhook/REST endpoint for Cartographer to request policy overlays and runtime evidence for graph nodes, ensuring determinism and tenant scoping. | Scanner WebService Guild, Cartographer Guild (src/Scanner/StellaOps.Scanner.WebService/TASKS.md) |
| SCANNER-LNM-21-001 | TODO | Update /reports and /policy/runtime payloads to consume advisory/vex linksets, exposing source severity arrays and conflict summaries alongside effective verdicts. |
Scanner WebService Guild, Policy Guild (src/Scanner/StellaOps.Scanner.WebService/TASKS.md) |
| SCANNER-LNM-21-002 | TODO | Add evidence endpoint for Console to fetch linkset summaries with policy overlay for a component/SBOM, including AOC references. Dependencies: SCANNER-LNM-21-001. | Scanner WebService Guild, UI Guild (src/Scanner/StellaOps.Scanner.WebService/TASKS.md) |
| SCANNER-SECRETS-01 | TODO | Adopt StellaOps.Scanner.Surface.Secrets for registry/CAS credentials during scan execution. |
Scanner Worker Guild, Security Guild (src/Scanner/StellaOps.Scanner.Worker/TASKS.md) |
| SCANNER-SECRETS-02 | TODO | Replace ad-hoc secret wiring with Surface.Secrets for report/export operations (registry and CAS tokens). Dependencies: SCANNER-SECRETS-01. | Scanner WebService Guild, Security Guild (src/Scanner/StellaOps.Scanner.WebService/TASKS.md) |
| SCANNER-SECRETS-03 | TODO | Use Surface.Secrets to retrieve registry credentials when interacting with CAS/referrers. Dependencies: SCANNER-SECRETS-02. | BuildX Plugin Guild, Security Guild (src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin/TASKS.md) |
| SCANNER-SURFACE-01 | TODO | Persist Surface.FS manifests after analyzer stages, including layer CAS metadata and EntryTrace fragments. | Scanner Worker Guild (src/Scanner/StellaOps.Scanner.Worker/TASKS.md) |
| SCANNER-SURFACE-02 | TODO | Publish Surface.FS pointers (CAS URIs, manifests) via scan/report APIs and update attestation metadata. Dependencies: SCANNER-SURFACE-01. | Scanner WebService Guild (src/Scanner/StellaOps.Scanner.WebService/TASKS.md) |
| SCANNER-SURFACE-03 | TODO | Push layer manifests and entry fragments into Surface.FS during build-time SBOM generation. Dependencies: SCANNER-SURFACE-02. | BuildX Plugin Guild (src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin/TASKS.md) |
[Scanner & Surface] 130.A) Scanner.VIII Depends on: Sprint 130.A - Scanner.VII Summary: Scanner & Surface focus on Scanner (phase VIII).
| Task ID | State | Task description | Owners (Source) |
|---|---|---|---|
| Seq | ID | Description | Status (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet/TASKS.md) |
| Seq | ID | Description | Status (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Go/TASKS.md) |
| Seq | ID | Description | Status (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node/TASKS.md) |
| Seq | ID | Description | Status (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python/TASKS.md) |
| Seq | ID | Description | Status (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Rust/TASKS.md) |
If all tasks are done - read next sprint section - SPRINT_140_runtime_signals.md