stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
75c2bcafced8b7a9e4e442cd10af3972f5788d35
git.stella-ops.org/docs/implplan/SPRINT_115_concelier_iv.md
master 75c2bcafce
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Add LDAP Distinguished Name Helper and Credential Audit Context 
- Implemented LdapDistinguishedNameHelper for escaping RDN and filter values.
- Created AuthorityCredentialAuditContext and IAuthorityCredentialAuditContextAccessor for managing credential audit context.
- Developed StandardCredentialAuditLogger with tests for success, failure, and lockout events.
- Introduced AuthorityAuditSink for persisting audit records with structured logging.
- Added CryptoPro related classes for certificate resolution and signing operations.
2025-11-09 12:21:38 +02:00

4.5 KiB
Raw Blame History

Sprint 115 - Ingestion & Evidence · 110.B) Concelier.IV

Active items only. Completed/historic work now resides in docs/implplan/archived_sprints_tasks.md (updated 2025-11-08).

[Ingestion & Evidence] 110.B) Concelier.IV Depends on: Sprint 110.B - Concelier.III Summary: Ingestion & Evidence focus on Concelier (phase IV).

Task ID State Task description Owners (Source)
CONCELIER-POLICY-20-002 Linkset enrichment for policy TODO Strengthen linkset builders with vendor-specific equivalence tables, NEVRA/PURL normalization, and version range parsing to maximize policy join recall; update fixtures + docs. Dependencies: CONCELIER-POLICY-20-001. Concelier Core Guild, Policy Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core)
CONCELIER-POLICY-20-003 Selection cursors TODO Add advisory/vex selection cursors (per policy run) with change stream checkpoints, indexes, and offline migration scripts to support incremental evaluations. Dependencies: CONCELIER-POLICY-20-002. Concelier Storage Guild (src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo)
CONCELIER-POLICY-23-001 Evidence indexes TODO Add secondary indexes/materialized views to accelerate policy lookups (alias, provider severity per observation, correlation confidence). Document query contracts for runtime. Dependencies: CONCELIER-POLICY-20-003. Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core)
CONCELIER-POLICY-23-002 Event guarantees TODO Ensure advisory.linkset.updated emits at-least-once with idempotent keys and include policy-relevant metadata (confidence, conflict summary). Dependencies: CONCELIER-POLICY-23-001. Concelier Core Guild, Platform Events Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core)
CONCELIER-RISK-66-001 CVSS/KEV providers TODO Expose CVSS, KEV, fix availability data via provider APIs with source metadata preserved. Dependencies: RISK-ENGINE-67-001. Concelier Core Guild, Risk Engine Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core)
CONCELIER-RISK-66-002 Fix availability signals TODO Provide structured fix availability and release metadata consumable by risk engine; document provenance. Dependencies: CONCELIER-RISK-66-001. Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core)
CONCELIER-RISK-67-001 Source coverage metrics TODO Add per-source coverage metrics for linked advisories (observation counts, conflicting statuses) without computing consensus scores; ensure explainability includes source digests. Dependencies: CONCELIER-RISK-66-001. Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core)
CONCELIER-RISK-68-001 Policy Studio integration TODO Surface advisory fields in Policy Studio profile editor (signal pickers, reducers). Dependencies: POLICY-RISK-68-001. Concelier Core Guild, Policy Studio Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core)
CONCELIER-RISK-69-001 Notification hooks TODO Emit events when advisory signals change impacting risk scores (e.g., fix available). Dependencies: CONCELIER-RISK-66-002. Concelier Core Guild, Notifications Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core)
CONCELIER-SIG-26-001 Vulnerable symbol exposure TODO Expose advisory metadata (affected symbols/functions) via API to enrich reachability scoring; update fixtures. Dependencies: SIGNALS-24-002. Concelier Core Guild, Signals Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core)
CONCELIER-STORE-AOC-19-005 Raw linkset backfill TODO (2025-11-04) Plan and execute advisory_observations rawLinkset backfill (online + Offline Kit bundles), supply migration scripts + rehearse rollback. Follow the coordination plan in docs/dev/raw-linkset-backfill-plan.md. Dependencies: CONCELIER-CORE-AOC-19-004. Concelier Storage Guild, DevOps Guild (src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo)
CONCELIER-TEN-48-001 Tenant-aware linking TODO Ensure advisory normalization/linking runs per tenant with RLS enforcing isolation; emit capability endpoint reporting merge=false; update events with tenant context. Dependencies: AUTH-TEN-47-001. Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core)
CONCELIER-VEXLENS-30-001 Advisory rationale bridges TODO Guarantee advisory key consistency and cross-links for consensus rationale; Label: VEX-Lens. Dependencies: CONCELIER-VULN-29-001, VEXLENS-30-005. Concelier WebService Guild, VEX Lens Guild (src/Concelier/StellaOps.Concelier.WebService)