master
53503cb407
- Created a new document for the Stella Ops Reference Architecture outlining the system's topology, trust boundaries, artifact association, and interfaces. - Developed a comprehensive Testing Strategy document detailing the importance of offline readiness, interoperability, determinism, and operational guardrails. - Introduced a README for the Testing Strategy, summarizing processing details and key concepts implemented. - Added guidance for AI agents and developers in the tests directory, including directory structure, test categories, key patterns, and rules for test development.
3.3 KiB
3.3 KiB
Sprint Series 3600 · Reference Architecture Gap Closure
Overview
This sprint series addresses gaps identified from the 20-Dec-2025 Reference Architecture Advisory analysis. These sprints complete the implementation of the Stella Ops reference architecture vision.
Sprint Index
| Sprint | Title | Priority | Status | Dependencies |
|---|---|---|---|---|
| 3600.0001.0001 | Gateway WebService | HIGH | TODO | Router infrastructure (complete) |
| 3600.0002.0001 | CycloneDX 1.7 Upgrade | HIGH | TODO | None |
| 3600.0003.0001 | SPDX 3.0.1 Generation | MEDIUM | TODO | 3600.0002.0001 |
Related Sprints (Other Series)
| Sprint | Title | Priority | Status | Series |
|---|---|---|---|---|
| 4200.0001.0001 | Proof Chain Verification UI | HIGH | TODO | 4200 (UI) |
| 5200.0001.0001 | Starter Policy Template | HIGH | TODO | 5200 (Docs) |
Gap Analysis Source
Advisory: docs/product-advisories/archived/2025-12-21-reference-architecture/20-Dec-2025 - Stella Ops Reference Architecture.md
Gaps Addressed
| Gap | Sprint | Description |
|---|---|---|
| Gateway WebService Missing | 3600.0001.0001 | HTTP ingress service not implemented |
| CycloneDX 1.6 → 1.7 | 3600.0002.0001 | Upgrade to latest CycloneDX spec |
| SPDX 3.0.1 Generation | 3600.0003.0001 | Native SPDX SBOM generation |
| Proof Chain UI | 4200.0001.0001 | Evidence transparency dashboard |
| Starter Policy | 5200.0001.0001 | Day-1 policy pack for onboarding |
Already Implemented (No Action Required)
| Component | Status | Notes |
|---|---|---|
| Scheduler | Complete | Full implementation with PostgreSQL, Redis |
| Policy Engine | Complete | Signed verdicts, deterministic IR, exceptions |
| Authority | Complete | DPoP/mTLS, OpToks, JWKS rotation |
| Attestor | Complete | DSSE/in-toto, Rekor v2, proof chains |
| Timeline/Notify | Complete | TimelineIndexer + Notify with 4 channels |
| Excititor | Complete | VEX ingestion, CycloneDX, OpenVEX |
| Concelier | Complete | 31+ connectors, Link-Not-Merge |
| Reachability/Signals | Complete | 5-factor scoring, lattice logic |
| OCI Referrers | Complete | ExportCenter + Excititor |
| Tenant Isolation | Complete | RLS, per-tenant keys, namespaces |
Execution Order
graph LR
A[3600.0002.0001<br/>CycloneDX 1.7] --> B[3600.0003.0001<br/>SPDX 3.0.1]
C[3600.0001.0001<br/>Gateway WebService] --> D[Production Ready]
B --> D
E[4200.0001.0001<br/>Proof Chain UI] --> D
F[5200.0001.0001<br/>Starter Policy] --> D
Success Criteria for Series
- Gateway WebService accepts HTTP and routes to microservices
- All SBOMs generated in CycloneDX 1.7 format
- SPDX 3.0.1 available as alternative SBOM format
- Auditors can view complete evidence chains in UI
- New customers can deploy starter policy in <5 minutes
Created
- Date: 2025-12-21
- Source: Reference Architecture Advisory Gap Analysis
- Author: Agent
Sprint Status Summary
| Sprint | Tasks | Completed | Status |
|---|---|---|---|
| 3600.0001.0001 | 10 | 0 | TODO |
| 3600.0002.0001 | 10 | 0 | TODO |
| 3600.0003.0001 | 10 | 0 | TODO |
| 4200.0001.0001 | 11 | 0 | TODO |
| 5200.0001.0001 | 10 | 0 | TODO |
| Total | 51 | 0 | TODO |