stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
536f6249a62721494f9735dafa8b9e53db7754ea
git.stella-ops.org/docs/implplan/SPRINT_201_reachability_explainability.md
master 536f6249a6
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Add SBOM, symbols, traces, and VEX files for CVE-2022-21661 SQLi case 
- Created CycloneDX and SPDX SBOM files for both reachable and unreachable images.
- Added symbols.json detailing function entry and sink points in the WordPress code.
- Included runtime traces for function calls in both reachable and unreachable scenarios.
- Developed OpenVEX files indicating vulnerability status and justification for both cases.
- Updated README for evaluator harness to guide integration with scanner output.
2025-11-08 20:53:45 +02:00

2.8 KiB
Raw Blame History

Sprint 201 - Reachability Explainability & Replay Evidence

[Reachability Delivery] 201.A) Runtime facts + static callgraph union
Depends on: Sprint 140 Runtime Signals, Sprint 185 Replay Core, Sprint 186 Scanner Record Mode, Sprint 187 Evidence & CLI Replay
Summary: Close the explainability gaps by wiring Zastava runtime sampling, Scanner language lifters, Signals scoring, Replay manifests, docs, and test harnesses around the reachbench fixture packs.

Task ID State Task description Owners (Source)
ZASTAVA-REACH-201-001 TODO Implement runtime symbol sampling in StellaOps.Zastava.Observer (EntryTrace-aware shell AST + build-id capture) and stream ND-JSON batches to Signals /runtime-facts, including CAS pointers for traces. Update runbook + config references. Zastava Observer Guild (src/Zastava/StellaOps.Zastava.Observer/TASKS.md)
SCAN-REACH-201-002 DOING (2025-11-08) Ship language-aware static lifters (JVM, .NET/Roslyn+IL, Go SSA, Node/Deno TS AST, Rust MIR, Swift SIL, shell/binary analyzers) in Scanner Worker; emit canonical SymbolIDs, CAS-stored graphs, and attach reachability tags to SBOM components. Scanner Worker Guild (src/Scanner/StellaOps.Scanner.Worker/TASKS.md)
SIGNALS-REACH-201-003 DOING (2025-11-08) Extend Signals ingestion to accept the new multi-language graphs + runtime facts, normalize into reachability_graphs CAS layout, and expose retrieval APIs for Policy/CLI. Signals Guild (src/Signals/StellaOps.Signals/TASKS.md)
SIGNALS-REACH-201-004 DOING (2025-11-08) Build the reachability scoring engine (state/score/confidence), wire Redis caches + signals.fact.updated events, and integrate reachability weights defined in docs/11_DATA_SCHEMAS.md. Signals Guild · Policy Guild (src/Signals/StellaOps.Signals/TASKS.md, src/Policy/StellaOps.Policy.Engine/TASKS.md)
REPLAY-REACH-201-005 DOING (2025-11-08) Update StellaOps.Replay.Core manifest schema + bundle writer so replay packs capture reachability graphs, runtime traces, analyzer versions, and evidence hashes; document new CAS namespace. BE-Base Platform Guild (src/__Libraries/StellaOps.Replay.Core/TASKS.md)
DOCS-REACH-201-006 TODO Author the reachability doc set (docs/signals/reachability.md, callgraph-formats.md, runtime-facts.md, CLI/UI appendices) plus update Zastava + Replay guides with the new evidence and operators workflow. Docs Guild (docs/TASKS.md)
QA-REACH-201-007 TODO Integrate reachbench-2025-expanded fixture pack under tests/reachability/, add evaluator harness tests that validate reachable vs unreachable cases, and wire CI guidance for deterministic runs. QA Guild (tests/README.md)

2025-11-07: reachbench starter + expanded packs staged under repo root; consuming guilds must relocate fixtures into tests/reachability/fixtures/ as part of QA-REACH-201-007 before enabling CI.