stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity
Files
48f3071e2a0d63a1548f6b0e64b9e2290d5a8bf3
git.stella-ops.org/src/StellaOps.Policy/TASKS.md
master 48f3071e2a Add tests and implement StubBearer authentication for Signer endpoints 
- Created SignerEndpointsTests to validate the SignDsse and VerifyReferrers endpoints.
- Implemented StubBearerAuthenticationDefaults and StubBearerAuthenticationHandler for token-based authentication.
- Developed ConcelierExporterClient for managing Trivy DB settings and export operations.
- Added TrivyDbSettingsPageComponent for UI interactions with Trivy DB settings, including form handling and export triggering.
- Implemented styles and HTML structure for Trivy DB settings page.
- Created NotifySmokeCheck tool for validating Redis event streams and Notify deliveries.
2025-10-21 09:37:07 +03:00

3.0 KiB
Raw Blame History

Policy Engine Task Board (Sprint 9)

ID Status Owner(s) Depends on Description Exit Criteria
POLICY-CORE-09-001 DONE Policy Guild SCANNER-WEB-09-101 Define YAML schema/binder, diagnostics, CLI validation for policy files. Schema doc published; binder loads sample policy; validation errors actionable.
POLICY-CORE-09-002 DONE Policy Guild POLICY-CORE-09-001 Implement policy snapshot store + revision digests + audit logging. Snapshots persisted with digest; tests compare revisions; audit entries created.
POLICY-CORE-09-003 DONE Policy Guild POLICY-CORE-09-002 /policy/preview API (image digest → projected verdict delta). Preview returns diff JSON; integration tests with mocked report; docs updated.
POLICY-CORE-09-004 DONE (2025-10-19) Policy Guild POLICY-CORE-09-001 Versioned scoring config (weights, trust table, reachability buckets) with schema validation, binder, and golden fixtures. Config serialized with semantic version, binder loads defaults, fixtures assert deterministic hash.
POLICY-CORE-09-005 DONE (2025-10-19) Policy Guild POLICY-CORE-09-004, POLICY-CORE-09-002 Implement scoring/quiet engine: compute score from config, enforce VEX-only quiet rules, emit inputs + quietedBy metadata in policy verdicts. /reports policy result includes score, inputs, configVersion, quiet provenance; unit/integration tests prove reproducibility.
POLICY-CORE-09-006 DONE (2025-10-19) Policy Guild POLICY-CORE-09-005, FEEDCORE-ENGINE-07-003 Track unknown states with deterministic confidence bands that decay over time; expose state in policy outputs and docs. Unknown flags + confidence band persisted, decay job deterministic, preview/report APIs show state with tests covering decay math.
POLICY-RUNTIME-17-201 TODO Policy Guild, Scanner WebService Guild ZASTAVA-OBS-17-005 Define runtime reachability feed contract and alignment plan for SCANNER-RUNTIME-17-401 once Zastava endpoints land; document policy expectations for reachability tags. Contract note published, sample payload agreed with Scanner team, dependencies captured in scanner/runtime task boards.

Notes

  • 2025-10-18: POLICY-CORE-09-001 completed. Binder + diagnostics + CLI scaffolding landed with tests; schema embedded at src/StellaOps.Policy/Schemas/policy-schema@1.json and referenced by docs/11_DATA_SCHEMAS.md.
  • 2025-10-18: POLICY-CORE-09-002 completed. Snapshot store + audit trail implemented with deterministic digest hashing and tests covering revision increments and dedupe.
  • 2025-10-18: POLICY-CORE-09-003 delivered. Preview service evaluates policy projections vs. baseline, returns verdict diffs, and ships with unit coverage.
  • 2025-10-19: POLICY-CORE-09-004/005/006 wrapped. Default scoring config + trust/quiet/unknown outputs shipped, deterministic hashes captured in fixtures, and dotnet test src/StellaOps.Policy.Tests/StellaOps.Policy.Tests.csproj keeps coverage green (quiet provenance + confidence decay cases).