stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
5146204f1b7fe56b25cfa643685e2de55581ff71
git.stella-ops.org/docs/implplan/SPRINT_4300_MOAT_SUMMARY.md

6.2 KiB
Raw Blame History

SPRINT_4300 MOAT HARDENING: Verdict Attestation & Epistemic Mode

Topic & Scope

  • Coordinate Moat 5/4 initiatives for verdict attestations and epistemic/air-gap workflows.
  • Track delivery across the five moat-focused sprints in this series.
  • Provide a single reference for decisions, dependencies, and risks.
  • Working directory: docs/implplan.

Dependencies & Concurrency

  • Depends on ProofSpine + VerdictReceiptStatement readiness.
  • All child sprints can run in parallel; coordination required for shared CLI and attestor contracts.

Documentation Prerequisites

  • docs/README.md
  • docs/07_HIGH_LEVEL_ARCHITECTURE.md
  • docs/modules/platform/architecture-overview.md
  • 19-Dec-2025 advisory referenced in the Program Overview.

Program Overview

Field Value
Program ID 4300 (Moat Series)
Theme Moat Hardening: Signed Verdicts & Epistemic Operations
Priority P0-P1 (Critical to High)
Total Effort ~9 weeks
Advisory Source 19-Dec-2025 - Stella Ops candidate features mapped to moat strength

Strategic Context

This sprint program addresses the highest-moat features identified in the competitive analysis advisory. The goal is to harden StellaOps' structural advantages in:

  1. Signed, replayable risk verdicts (Moat 5) — The anchor differentiator
  2. Unknowns as first-class state (Moat 4) — Governance primitive
  3. Air-gapped epistemic mode (Moat 4) — Reproducibility moat

Sprint Breakdown

P0 Sprints (Critical)

Sprint ID Title Effort Moat
4300_0001_0001 OCI Verdict Attestation Referrer Push 2 weeks 5
4300_0001_0002 One-Command Audit Replay CLI 2 weeks 5

Outcome: Verdicts become portable "ship tokens" that can be pushed to registries and replayed offline.

P1 Sprints (High)

Sprint ID Title Effort Moat
4300_0002_0001 Unknowns Budget Policy Integration 2 weeks 4
4300_0002_0002 Unknowns Attestation Predicates 1 week 4
4300_0003_0001 Sealed Knowledge Snapshot Export/Import 2 weeks 4

Outcome: Uncertainty becomes actionable through policy gates and attestable for audits. Air-gap customers get sealed knowledge bundles.

Related Sprint Programs

Program Theme Moat Focus
4400 Delta Verdicts & Reachability Attestations Smart-Diff, Reachability
4500 VEX Hub & Trust Scoring VEX Distribution Network
4600 SBOM Lineage & BYOS SBOM Ledger

Dependency Graph

SPRINT_4300_0001_0001 (OCI Verdict Push)
         │
         ├──► SPRINT_4300_0001_0002 (Audit Replay CLI)
         │
         └──► SPRINT_4400_0001_0001 (Signed Delta Verdict)

SPRINT_4300_0002_0001 (Unknowns Budget)
         │
         └──► SPRINT_4300_0002_0002 (Unknowns Attestation)

SPRINT_4300_0003_0001 (Sealed Snapshot)
         │
         └──► [Standalone, enables air-gap scenarios]

Success Metrics

Metric Target Measurement
Verdict push success rate >99% OTEL metrics
Audit replay pass rate 100% on same inputs CI tests
Unknown budget violations detected >0 in test suite Integration tests
Air-gap import success rate >99% Manual testing

Risks & Dependencies

Risk Impact Mitigation
OCI registry incompatibility Cannot push verdicts Fallback to tag-based
Bundle size too large Transfer issues Streaming, compression
Key management complexity Security Document rotation procedures

Timeline Recommendation

Phase 1 (Weeks 1-4): P0 Sprints

  • OCI Verdict Push + Audit Replay

Phase 2 (Weeks 5-7): P1 Sprints

  • Unknowns Budget + Attestations

Phase 3 (Weeks 8-9): P1 Sprints

  • Sealed Knowledge Snapshots

Documentation Deliverables

  • docs/operations/verdict-attestation-guide.md
  • docs/operations/audit-replay-guide.md
  • docs/operations/unknown-budgets-guide.md
  • docs/operations/airgap-knowledge-sync.md
  • Update attestation type catalog
  • Update CLI reference

Delivery Tracker

# Task ID Status Key dependency / next step Owners Task Definition
1 MOAT-4300-0001 TODO SPRINT_4300_0001_0001 Planning Track OCI verdict attestation push sprint.
2 MOAT-4300-0002 TODO SPRINT_4300_0001_0002 Planning Track one-command audit replay CLI sprint.
3 MOAT-4300-0003 TODO SPRINT_4300_0002_0001 Planning Track unknowns budget policy sprint.
4 MOAT-4300-0004 TODO SPRINT_4300_0002_0002 Planning Track unknowns attestation predicates sprint.
5 MOAT-4300-0005 TODO SPRINT_4300_0003_0001 Planning Track sealed knowledge snapshot sprint.

Wave Coordination

  • Phase 1: Verdict push + audit replay.
  • Phase 2: Unknowns budget + attestations.
  • Phase 3: Sealed knowledge snapshots.

Wave Detail Snapshots

  • See "Timeline Recommendation" for phase detail.

Interlocks

  • CLI verification depends on verdict referrer availability.
  • Air-gap snapshot import depends on Concelier/Excititor policy data compatibility.

Upcoming Checkpoints

Date (UTC) Checkpoint Owner
2025-12-22 Moat summary normalized to sprint template. Agent

Action Tracker

Date (UTC) Action Owner Status
2025-12-22 Normalize summary file to standard template. Agent DONE

Execution Log

Date (UTC) Update Owner
2025-12-22 Moat summary created from 19-Dec-2025 advisory. Agent
2025-12-22 Normalized summary file to standard template; no semantic changes. Agent

Decisions & Risks

Item Type Owner Notes
Moat focus Decision Planning Emphasize signed verdicts and epistemic workflows.
Risk Impact Mitigation
Registry referrers compatibility Verdict push unavailable Tag-based fallback and documentation.

Sprint Series Status: TODO

Created: 2025-12-22 Origin: Gap analysis of 19-Dec-2025 moat strength advisory