2b6304c9c3
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
- Added `/concelier/advisories/{vulnerabilityKey}/replay` endpoint to return conflict summaries and explainers.
- Introduced `MergeConflictExplainerPayload` to structure conflict details including type, reason, and source rankings.
- Enhanced `MergeConflictSummary` to include structured explainer payloads and hashes for persisted conflicts.
- Updated `MirrorEndpointExtensions` to enforce rate limits and cache headers for mirror distribution endpoints.
- Refactored tests to cover new replay endpoint functionality and validate conflict explainers.
- Documented changes in TASKS.md, noting completion of mirror distribution endpoints and updated operational runbook.
5.1 KiB
5.1 KiB
TASKS
| Task | Owner(s) | Depends on | Notes |
|---|---|---|---|
| FEEDWEB-EVENTS-07-001 Advisory event replay API | Concelier WebService Guild | FEEDCORE-ENGINE-07-001 | DONE (2025-10-19) – Added /concelier/advisories/{vulnerabilityKey}/replay endpoint with optional asOf, hex hashes, and conflict payloads; integration covered via dotnet test src/StellaOps.Concelier.WebService.Tests/StellaOps.Concelier.WebService.Tests.csproj. |
| Bind & validate ConcelierOptions | BE-Base | WebService | DONE – options bound/validated with failure logging. |
| Mongo service wiring | BE-Base | Storage.Mongo | DONE – wiring delegated to AddMongoStorage. |
| Bootstrapper execution on start | BE-Base | Storage.Mongo | DONE – startup calls MongoBootstrapper.InitializeAsync. |
| Plugin host options finalization | BE-Base | Plugins | DONE – default plugin directories/search patterns configured. |
| Jobs API contract tests | QA | Core | DONE – WebServiceEndpointsTests now cover success payloads, filtering, and trigger outcome mapping. |
| Health/Ready probes | DevOps | Ops | DONE – /health and /ready endpoints implemented. |
| Serilog + OTEL integration hooks | BE-Base | Observability | DONE – TelemetryExtensions wires Serilog + OTEL with configurable exporters. |
| Register built-in jobs (sources/exporters) | BE-Base | Core | DONE – AddBuiltInConcelierJobs adds fallback scheduler definitions for core connectors and exporters via reflection. |
| HTTP problem details consistency | BE-Base | WebService | DONE – API errors now emit RFC7807 responses with trace identifiers and typed problem categories. |
| Request logging and metrics | BE-Base | Observability | DONE – Serilog request logging enabled with enriched context and web.jobs counters published via OpenTelemetry. |
| Endpoint smoke tests (health/ready/jobs error paths) | QA | WebService | DONE – WebServiceEndpointsTests assert success and problem responses for health, ready, and job trigger error paths. |
| Batch job definition last-run lookup | BE-Base | Core | DONE – definitions endpoint now precomputes kinds array and reuses batched last-run dictionary; manual smoke verified via local GET /jobs/definitions. |
| Add no-cache headers to health/readiness/jobs APIs | BE-Base | WebService | DONE – helper applies Cache-Control/Pragma/Expires on all health/ready/jobs endpoints; awaiting automated probe tests once connector fixtures stabilize. |
| Authority configuration parity (FSR1) | DevEx/Concelier | Authority options schema | DONE (2025-10-10) – Options post-config loads clientSecretFile fallback, validators normalize scopes/audiences, and sample config documents issuer/credential/bypass settings. |
| Document authority toggle & scope requirements | Docs/Concelier | Authority integration | DOING (2025-10-10) – Quickstart updated with staging flag, client credentials, env overrides; operator guide refresh pending Docs guild review. |
| Plumb Authority client resilience options | BE-Base | Auth libraries LIB5 | DONE (2025-10-12) – Program.cs wires authority.resilience.* + client scopes into AddStellaOpsAuthClient; new integration test asserts binding and retries. |
| Author ops guidance for resilience tuning | Docs/Concelier | Plumb Authority client resilience options | DONE (2025-10-12) – docs/21_INSTALL_GUIDE.md + docs/ops/concelier-authority-audit-runbook.md document resilience profiles for connected vs air-gapped installs and reference monitoring cues. |
| Document authority bypass logging patterns | Docs/Concelier | FSR3 logging | DONE (2025-10-12) – Updated operator guides clarify Concelier.Authorization.Audit fields (route/status/subject/clientId/scopes/bypass/remote) and SIEM triggers. |
| Update Concelier operator guide for enforcement cutoff | Docs/Concelier | FSR1 rollout | DONE (2025-10-12) – Installation guide emphasises disabling allowAnonymousFallback before 2025-12-31 UTC and connects audit signals to the rollout checklist. |
| Rename plugin drop directory to namespaced path | BE-Base | Plugins | DONE (2025-10-19) – Build outputs now target StellaOps.Concelier.PluginBinaries/StellaOps.Authority.PluginBinaries, plugin host defaults updated, config/docs refreshed, and dotnet test src/StellaOps.Concelier.WebService.Tests/StellaOps.Concelier.WebService.Tests.csproj --no-restore covers the change. |
| Authority resilience adoption | Concelier WebService, Docs | Plumb Authority client resilience options | BLOCKED (2025-10-10) – Roll out retry/offline knobs to deployment docs and confirm CLI parity once LIB5 lands; unblock after resilience options wired and tested. |
| CONCELIER-WEB-08-201 – Mirror distribution endpoints | Concelier WebService Guild | CONCELIER-EXPORT-08-201, DEVOPS-MIRROR-08-001 | DONE (2025-10-20) – Mirror endpoints now enforce per-domain rate limits, emit cache headers, honour Authority/WWW-Authenticate, and docs cover auth + smoke workflows. |
Remark (2025-10-20): Updated ops runbook with token/rate-limit checks and added API tests for Retry-After + unauthorized flows.| |Wave 0B readiness checkpoint|Team WebService & Authority|Wave 0A completion|BLOCKED (2025-10-19) – FEEDSTORAGE-MONGO-08-001 closed, but remaining Wave 0A items (AUTH-DPOP-11-001, AUTH-MTLS-11-002, PLUGIN-DI-08-001) still open; maintain current DOING workstreams only.|