61f963fd52
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
- Added `LedgerMetrics` class to record write latency and total events for ledger operations. - Created comprehensive tests for Ruby packages endpoints, covering scenarios for missing inventory, successful retrieval, and identifier handling. - Introduced `TestSurfaceSecretsScope` for managing environment variables during tests. - Developed `ProvenanceMongoExtensions` for attaching DSSE provenance and trust information to event documents. - Implemented `EventProvenanceWriter` and `EventWriter` classes for managing event provenance in MongoDB. - Established MongoDB indexes for efficient querying of events based on provenance and trust. - Added models and JSON parsing logic for DSSE provenance and trust information.
5.3 KiB
5.3 KiB
Sprint 162 - Export & Evidence · 160.B) ExportCenter.I
Active items only. Completed/historic work now resides in docs/implplan/archived/tasks.md (updated 2025-11-08).
[Export & Evidence] 160.B) ExportCenter.I Depends on: Sprint 110.A - AdvisoryAI, Sprint 120.A - AirGap, Sprint 130.A - Scanner, Sprint 150.A - Orchestrator Summary: Export & Evidence focus on ExportCenter (phase I).
| Task ID | State | Task description | Owners (Source) |
|---|---|---|---|
| DVOFF-64-002 | TODO | Provide verification CLI (stella devportal verify bundle.tgz) ensuring integrity before import. Dependencies: DVOFF-64-001. |
DevPortal Offline Guild, AirGap Controller Guild (src/ExportCenter/StellaOps.ExportCenter.DevPortalOffline) |
| EXPORT-AIRGAP-56-001 | TODO | Extend Export Center to build Mirror Bundles as export profiles, including advisories/VEX/policy packs manifesting DSSE/TUF metadata. | Exporter Service Guild, Mirror Creator Guild (src/ExportCenter/StellaOps.ExportCenter) |
| EXPORT-AIRGAP-56-002 | TODO | Package Bootstrap Pack (images + charts) into OCI archives with signed manifests for air-gapped deployment. Dependencies: EXPORT-AIRGAP-56-001. | Exporter Service Guild, DevOps Guild (src/ExportCenter/StellaOps.ExportCenter) |
| EXPORT-AIRGAP-57-001 | TODO | Integrate portable evidence export mode producing sealed evidence bundles with DSSE signatures and chain-of-custody metadata. Dependencies: EXPORT-AIRGAP-56-002. | Exporter Service Guild, Evidence Locker Guild (src/ExportCenter/StellaOps.ExportCenter) |
| EXPORT-AIRGAP-58-001 | TODO | Emit notifications and timeline events when Mirror Bundles or Bootstrap packs are ready for transfer. Dependencies: EXPORT-AIRGAP-57-001. | Exporter Service Guild, Notifications Guild (src/ExportCenter/StellaOps.ExportCenter) |
| EXPORT-ATTEST-74-001 | TODO | Implement export job producing attestation bundles with manifest, checksums, DSSE signature, and optional transparency log segments. | Attestation Bundle Guild, Attestor Service Guild (src/ExportCenter/StellaOps.ExportCenter.AttestationBundles) |
| EXPORT-ATTEST-74-001 | TODO | Implement attestation bundle export job via Export Center. Dependencies: EXPORT-ATTEST-74-001. | Exporter Service Guild, Attestation Bundle Guild (src/ExportCenter/StellaOps.ExportCenter) |
| EXPORT-ATTEST-74-002 | TODO | Integrate bundle job into CI/offline kit packaging with checksum publication. Dependencies: EXPORT-ATTEST-74-001. | Attestation Bundle Guild, DevOps Guild (src/ExportCenter/StellaOps.ExportCenter.AttestationBundles) |
| EXPORT-ATTEST-75-001 | TODO | Provide CLI command stella attest bundle verify/import for air-gap usage. Dependencies: EXPORT-ATTEST-74-002. |
Attestation Bundle Guild, CLI Attestor Guild (src/ExportCenter/StellaOps.ExportCenter.AttestationBundles) |
| EXPORT-ATTEST-75-001 | TODO | Integrate attestation bundles into offline kit flows and CLI commands. Dependencies: EXPORT-ATTEST-75-001. | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) |
| EXPORT-ATTEST-75-002 | TODO | Document /docs/modules/attestor/airgap.md with bundle workflows and verification steps. Dependencies: EXPORT-ATTEST-75-001. |
Attestation Bundle Guild, Docs Guild (src/ExportCenter/StellaOps.ExportCenter.AttestationBundles) |
| EXPORT-OAS-61-001 | TODO | Update Exporter OAS covering profiles, runs, downloads, devportal exports with standard error envelope and examples. | Exporter Service Guild, API Contracts Guild (src/ExportCenter/StellaOps.ExportCenter) |
| EXPORT-OAS-61-002 | TODO | Provide /.well-known/openapi discovery endpoint with version metadata and ETag. Dependencies: EXPORT-OAS-61-001. |
Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) |
| EXPORT-OAS-62-001 | TODO | Ensure SDKs include export profile/run clients with streaming download helpers; add smoke tests. Dependencies: EXPORT-OAS-61-002. | Exporter Service Guild, SDK Generator Guild (src/ExportCenter/StellaOps.ExportCenter) |
Task snapshot (2025-11-12)
- Mirror/bootstrap profiles:
EXPORT-AIRGAP-56-001/002,EXPORT-AIRGAP-57-001,EXPORT-AIRGAP-58-001(bundle builds, bootstrap packs, notification fan-out). - Attestation bundles:
EXPORT-ATTEST-74-001/002,EXPORT-ATTEST-75-001/002plus docs entry to wire CLI + offline kit workflows. - DevPortal verification:
DVOFF-64-002(hash/signature verification CLI) aligns with EvidenceLocker sealed bundle contracts. - API/OAS + SDK:
EXPORT-OAS-61/62ensures clients and discovery endpoints reflect export surfaces.
Dependencies & blockers
- Waiting on EvidenceLocker bundle contracts (Sprint 161) to freeze DSSE layouts for mirror/attestation/CLI tasks.
- Orchestrator + Notifications schema (Sprint 150.A / 140) must be published to emit ready events (
EXPORT-AIRGAP-58-001). - Sovereign crypto requirements tracked via
EXPORT-CRYPTO-90-001(Sprint 163) and Security Guild audit (2025-11-07). - DevPortal CLI prototype requires sample manifests from Exporter + EvidenceLocker coordination to rehearse Nov-19 dry run.
Ready-to-start checklist
- Import EvidenceLocker sample manifests once AdvisoryAI + orchestrator schemas freeze; attach to this doc.
- Align export profile configs with AirGap/DevOps to ensure OCI bootstrap pack dependencies are available offline.
- Prep
stella devportal verify bundle.tgzdemo script + fixtures ahead of Nov-19 dry run. - Stage telemetry hooks for notification events to integrate with TimelineIndexer once events begin emitting.