Files

Docs CI / lint-and-preview (push) Has been cancelled

Details

Implement ledger metrics for observability and add tests for Ruby packages endpoints

- Added `LedgerMetrics` class to record write latency and total events for ledger operations.
- Created comprehensive tests for Ruby packages endpoints, covering scenarios for missing inventory, successful retrieval, and identifier handling.
- Introduced `TestSurfaceSecretsScope` for managing environment variables during tests.
- Developed `ProvenanceMongoExtensions` for attaching DSSE provenance and trust information to event documents.
- Implemented `EventProvenanceWriter` and `EventWriter` classes for managing event provenance in MongoDB.
- Established MongoDB indexes for efficient querying of events based on provenance and trust.
- Added models and JSON parsing logic for DSSE provenance and trust information.

2025-11-13 09:29:09 +02:00

5.5 KiB

Raw Blame History

Sprint 120 - Ingestion & Evidence · 110.C) Excititor.II

Active items only. Completed/historic work now resides in docs/implplan/archived/tasks.md (updated 2025-11-08).

[Ingestion & Evidence] 110.C) Excititor.II Depends on: Sprint 110.C - Excititor.I Summary: Ingestion & Evidence focus on Excititor (phase II).

Prep: Read docs/modules/excititor/architecture.md and the relevant Excititor AGENTS.md files within the component directories before touching the tasks below.

Task ID State Task description Owners (Source)

EXCITITOR-CONN-SUSE-01-003 – Trust metadata provenance Team Excititor Connectors – SUSE DONE (2025-11-09) – Emit provider trust configuration (signer fingerprints, trust tier notes) into the raw provenance envelope so downstream VEX Lens/Policy components can weigh issuers. Connector must not apply weighting or consensus inside ingestion. EXCITITOR-CONN-SUSE-01-002, EXCITITOR-POLICY-01-001 (src/Excititor/__Libraries/StellaOps.Excititor.Connectors.SUSE.RancherVEXHub)

EXCITITOR-CONN-UBUNTU-01-003 – Trust provenance enrichment Team Excititor Connectors – Ubuntu DONE (2025-11-09) – Emit Ubuntu signing metadata (GPG fingerprints, issuer trust tier) inside raw provenance artifacts so downstream Policy/VEX Lens consumers can weigh issuers. Connector must remain aggregation-only with no inline weighting. EXCITITOR-CONN-UBUNTU-01-002, EXCITITOR-POLICY-01-001 (src/Excititor/__Libraries/StellaOps.Excititor.Connectors.Ubuntu.CSAF)

EXCITITOR-CONSOLE-23-001 VEX aggregation views TODO Expose /console/vex endpoints returning grouped VEX statements per advisory/component with status chips, justification metadata, precedence trace pointers, and tenant-scoped filters for Console explorer. Dependencies: EXCITITOR-LNM-21-201, EXCITITOR-LNM-21-202. Excititor WebService Guild, BE-Base Platform Guild (src/Excititor/StellaOps.Excititor.WebService)

EXCITITOR-CONSOLE-23-002 Dashboard VEX deltas TODO Provide aggregated counts for VEX overrides (new, not_affected, revoked) powering Console dashboard + live status ticker; emit metrics for policy explain integration. Dependencies: EXCITITOR-CONSOLE-23-001, EXCITITOR-LNM-21-203. Excititor WebService Guild (src/Excititor/StellaOps.Excititor.WebService)

EXCITITOR-CONSOLE-23-003 VEX search helpers TODO Deliver rapid lookup endpoints of VEX by advisory/component for Console global search; ensure response includes provenance and precedence context; include caching and RBAC. Dependencies: EXCITITOR-CONSOLE-23-001. Excititor WebService Guild (src/Excititor/StellaOps.Excititor.WebService)

EXCITITOR-CORE-AOC-19-002 VEX linkset extraction TODO Implement deterministic extraction of advisory IDs, component PURLs, and references into linkset, capturing reconciled-from metadata for traceability. Excititor Core Guild (src/Excititor/__Libraries/StellaOps.Excititor.Core)

EXCITITOR-CORE-AOC-19-003 Idempotent VEX raw upsert TODO Enforce (vendor, upstreamId, contentHash, tenant) uniqueness, generate supersedes chains, and ensure append-only versioning of raw VEX documents. Dependencies: EXCITITOR-CORE-AOC-19-002. Excititor Core Guild (src/Excititor/__Libraries/StellaOps.Excititor.Core)

EXCITITOR-CORE-AOC-19-004 Remove ingestion consensus TODO Excise consensus/merge/severity logic from Excititor ingestion paths, updating exports/tests to rely on Policy Engine materializations instead. Dependencies: EXCITITOR-CORE-AOC-19-003. Excititor Core Guild (src/Excititor/__Libraries/StellaOps.Excititor.Core)

EXCITITOR-CORE-AOC-19-013 Authority tenant scope smoke coverage TODO Update Excititor smoke/e2e suites to seed tenant-aware Authority clients and ensure cross-tenant VEX ingestion is rejected. Dependencies: EXCITITOR-CORE-AOC-19-004. Excititor Core Guild (src/Excititor/__Libraries/StellaOps.Excititor.Core)

EXCITITOR-GRAPH-21-001 Inspector linkouts BLOCKED (2025-10-27) Provide batched VEX/advisory reference fetches keyed by graph node PURLs so UI inspector can display raw documents and justification metadata. Excititor Core Guild, Cartographer Guild (src/Excititor/__Libraries/StellaOps.Excititor.Core)

EXCITITOR-GRAPH-21-002 Overlay enrichment BLOCKED (2025-10-27) Ensure overlay metadata includes VEX justification summaries and document versions for Cartographer overlays; update fixtures/tests. Dependencies: EXCITITOR-GRAPH-21-001. Excititor Core Guild (src/Excititor/__Libraries/StellaOps.Excititor.Core)

EXCITITOR-GRAPH-21-005 Inspector indexes BLOCKED (2025-10-27) Add indexes/materialized views for VEX lookups by PURL/policy to support Cartographer inspector performance; document migrations. Dependencies: EXCITITOR-GRAPH-21-002. Excititor Storage Guild (src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo)

EXCITITOR-GRAPH-24-101 VEX summary API TODO Provide endpoints delivering VEX status summaries per component/asset for Vuln Explorer integration. Dependencies: EXCITITOR-GRAPH-21-005. Excititor WebService Guild (src/Excititor/StellaOps.Excititor.WebService)

EXCITITOR-GRAPH-24-102 Evidence batch API TODO Add batch VEX observation retrieval optimized for Graph overlays/tooltips. Dependencies: EXCITITOR-GRAPH-24-101. Excititor WebService Guild (src/Excititor/StellaOps.Excititor.WebService)

EXCITITOR-LNM-21-001 VEX observation model IN REVIEW (2025-11-14) Schema defined in docs/modules/excititor/vex_observations.md, covering fields, indexes, determinism rules, and AOC metadata. DOCS-LNM-22-002 can now consume this contract. Excititor Core Guild (docs/modules/excititor/vex_observations.md)

Task ID	State	Task description	Owners (Source)
EXCITITOR-CONN-SUSE-01-003 – Trust metadata provenance	Team Excititor Connectors – SUSE	DONE (2025-11-09) – Emit provider trust configuration (signer fingerprints, trust tier notes) into the raw provenance envelope so downstream VEX Lens/Policy components can weigh issuers. Connector must not apply weighting or consensus inside ingestion.	EXCITITOR-CONN-SUSE-01-002, EXCITITOR-POLICY-01-001 (src/Excititor/__Libraries/StellaOps.Excititor.Connectors.SUSE.RancherVEXHub)
EXCITITOR-CONN-UBUNTU-01-003 – Trust provenance enrichment	Team Excititor Connectors – Ubuntu	DONE (2025-11-09) – Emit Ubuntu signing metadata (GPG fingerprints, issuer trust tier) inside raw provenance artifacts so downstream Policy/VEX Lens consumers can weigh issuers. Connector must remain aggregation-only with no inline weighting.	EXCITITOR-CONN-UBUNTU-01-002, EXCITITOR-POLICY-01-001 (src/Excititor/__Libraries/StellaOps.Excititor.Connectors.Ubuntu.CSAF)
EXCITITOR-CONSOLE-23-001 `VEX aggregation views`	TODO	Expose `/console/vex` endpoints returning grouped VEX statements per advisory/component with status chips, justification metadata, precedence trace pointers, and tenant-scoped filters for Console explorer. Dependencies: EXCITITOR-LNM-21-201, EXCITITOR-LNM-21-202.	Excititor WebService Guild, BE-Base Platform Guild (src/Excititor/StellaOps.Excititor.WebService)
EXCITITOR-CONSOLE-23-002 `Dashboard VEX deltas`	TODO	Provide aggregated counts for VEX overrides (new, not_affected, revoked) powering Console dashboard + live status ticker; emit metrics for policy explain integration. Dependencies: EXCITITOR-CONSOLE-23-001, EXCITITOR-LNM-21-203.	Excititor WebService Guild (src/Excititor/StellaOps.Excititor.WebService)
EXCITITOR-CONSOLE-23-003 `VEX search helpers`	TODO	Deliver rapid lookup endpoints of VEX by advisory/component for Console global search; ensure response includes provenance and precedence context; include caching and RBAC. Dependencies: EXCITITOR-CONSOLE-23-001.	Excititor WebService Guild (src/Excititor/StellaOps.Excititor.WebService)
EXCITITOR-CORE-AOC-19-002 `VEX linkset extraction`	TODO	Implement deterministic extraction of advisory IDs, component PURLs, and references into `linkset`, capturing reconciled-from metadata for traceability.	Excititor Core Guild (src/Excititor/__Libraries/StellaOps.Excititor.Core)
EXCITITOR-CORE-AOC-19-003 `Idempotent VEX raw upsert`	TODO	Enforce `(vendor, upstreamId, contentHash, tenant)` uniqueness, generate supersedes chains, and ensure append-only versioning of raw VEX documents. Dependencies: EXCITITOR-CORE-AOC-19-002.	Excititor Core Guild (src/Excititor/__Libraries/StellaOps.Excititor.Core)
EXCITITOR-CORE-AOC-19-004 `Remove ingestion consensus`	TODO	Excise consensus/merge/severity logic from Excititor ingestion paths, updating exports/tests to rely on Policy Engine materializations instead. Dependencies: EXCITITOR-CORE-AOC-19-003.	Excititor Core Guild (src/Excititor/__Libraries/StellaOps.Excititor.Core)
EXCITITOR-CORE-AOC-19-013 `Authority tenant scope smoke coverage`	TODO	Update Excititor smoke/e2e suites to seed tenant-aware Authority clients and ensure cross-tenant VEX ingestion is rejected. Dependencies: EXCITITOR-CORE-AOC-19-004.	Excititor Core Guild (src/Excititor/__Libraries/StellaOps.Excititor.Core)
EXCITITOR-GRAPH-21-001 `Inspector linkouts`	BLOCKED (2025-10-27)	Provide batched VEX/advisory reference fetches keyed by graph node PURLs so UI inspector can display raw documents and justification metadata.	Excititor Core Guild, Cartographer Guild (src/Excititor/__Libraries/StellaOps.Excititor.Core)
EXCITITOR-GRAPH-21-002 `Overlay enrichment`	BLOCKED (2025-10-27)	Ensure overlay metadata includes VEX justification summaries and document versions for Cartographer overlays; update fixtures/tests. Dependencies: EXCITITOR-GRAPH-21-001.	Excititor Core Guild (src/Excititor/__Libraries/StellaOps.Excititor.Core)
EXCITITOR-GRAPH-21-005 `Inspector indexes`	BLOCKED (2025-10-27)	Add indexes/materialized views for VEX lookups by PURL/policy to support Cartographer inspector performance; document migrations. Dependencies: EXCITITOR-GRAPH-21-002.	Excititor Storage Guild (src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo)
EXCITITOR-GRAPH-24-101 `VEX summary API`	TODO	Provide endpoints delivering VEX status summaries per component/asset for Vuln Explorer integration. Dependencies: EXCITITOR-GRAPH-21-005.	Excititor WebService Guild (src/Excititor/StellaOps.Excititor.WebService)
EXCITITOR-GRAPH-24-102 `Evidence batch API`	TODO	Add batch VEX observation retrieval optimized for Graph overlays/tooltips. Dependencies: EXCITITOR-GRAPH-24-101.	Excititor WebService Guild (src/Excititor/StellaOps.Excititor.WebService)
EXCITITOR-LNM-21-001 `VEX observation model`	IN REVIEW (2025-11-14)	Schema defined in `docs/modules/excititor/vex_observations.md`, covering fields, indexes, determinism rules, and AOC metadata. `DOCS-LNM-22-002` can now consume this contract.	Excititor Core Guild (docs/modules/excititor/vex_observations.md)

5.5 KiB Raw Blame History Unescape Escape

Sprint 120 - Ingestion & Evidence · 110.C) Excititor.II

5.5 KiB

Raw Blame History