fdf95e0f46
- API_CLI_REFERENCE.md, INSTALL_GUIDE.md, quickstart.md, architecture/integrations.md, dev/DEV_ENVIRONMENT_SETUP.md, integrations/LOCAL_SERVICES.md: reflect real-service wiring. - docs/modules/**: module dossier updates across the modules touched by SPRINT_20260415_001..007 + SPRINT_20260416_003..017 + SPRINT_20260417_018..024 + SPRINT_20260418_025 + SPRINT_20260419_026. - docs/features/checked/web/**: update feature notes where UI changed. - docs/qa/feature-checks/runs/web/evidence-presentation-ux/: QA evidence artifacts. - docs/setup/**, docs/technical/**: align with setup wizard contracts. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
40 lines
2.6 KiB
Markdown
40 lines
2.6 KiB
Markdown
# Findings Ledger Implementation Plan
|
|
|
|
## Purpose
|
|
Define the delivery plan for the Findings Ledger service, replay harness, observability, and air-gap provenance so audits can verify deterministic state reconstruction.
|
|
|
|
## Active work
|
|
- Runtime fake-removal work for Findings/RiskEngine was completed under `docs/implplan/SPRINT_20260415_006_DOCS_policy_findings_signer_real_backend_cutover.md`.
|
|
- Use `docs/modules/findings-ledger/gaps-FL1-FL10.md` for the remaining product-capability remediation backlog.
|
|
|
|
## Current host posture
|
|
- `RiskEngine.WebService` now runs against PostgreSQL outside `Testing`; in-memory result stores are test-only.
|
|
- `Findings.Ledger.WebService` non-testing hosts no longer fabricate scoring/webhook/runtime/VulnExplorer write state. Retired compatibility writes fail with truthful `501 problem+json`, while projection-backed reads remain served from persisted Findings state.
|
|
- The standalone `StellaOps.VulnExplorer.Api` host remains retired; no separate fake backend was reintroduced for legacy write flows.
|
|
|
|
## Near-term deliverables
|
|
- Observability baselines: metrics, logs, traces, dashboards, and alert rules per `docs/modules/findings-ledger/observability.md`.
|
|
- Determinism harness: replay CLI, fixtures, and signed reports per `docs/modules/findings-ledger/replay-harness.md`.
|
|
- Deployment collateral: Compose/Helm overlays, migrations, and backup/restore runbooks per `docs/modules/findings-ledger/deployment.md`.
|
|
- Provenance extensions: air-gap bundle metadata, staleness enforcement, and sealed-mode timeline entries per `docs/modules/findings-ledger/airgap-provenance.md`.
|
|
|
|
## Dependencies
|
|
- Observability schema approval for metrics and dashboards.
|
|
- Orchestrator export schema freeze for provenance linkage.
|
|
- QA lab capacity for >=5M findings/tenant replay harness.
|
|
- DevOps review of Compose/Helm overlays and offline kit packaging.
|
|
|
|
## Evidence of completion
|
|
- `src/Findings/StellaOps.Findings.Ledger` and `src/Findings/tools/LedgerReplayHarness` updated with deterministic behavior and tests.
|
|
- Replay harness reports (`harness-report.json` + DSSE) stored under approved offline kit locations.
|
|
- Dashboard JSON and alert rules committed under `offline/telemetry/dashboards/ledger` or `ops/devops/findings-ledger/**`.
|
|
- Deployment and backup guidance validated against `docs/modules/findings-ledger/deployment.md`.
|
|
|
|
## Reference docs
|
|
- `docs/modules/findings-ledger/schema.md`
|
|
- `docs/modules/findings-ledger/replay-harness.md`
|
|
- `docs/modules/findings-ledger/observability.md`
|
|
- `docs/modules/findings-ledger/deployment.md`
|
|
- `docs/modules/findings-ledger/airgap-provenance.md`
|
|
- `docs/modules/findings-ledger/workflow-inference.md`
|