stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
75c2bcafced8b7a9e4e442cd10af3972f5788d35
git.stella-ops.org/docs/implplan/SPRINT_116_concelier_v.md
master 75c2bcafce
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Add LDAP Distinguished Name Helper and Credential Audit Context 
- Implemented LdapDistinguishedNameHelper for escaping RDN and filter values.
- Created AuthorityCredentialAuditContext and IAuthorityCredentialAuditContextAccessor for managing credential audit context.
- Developed StandardCredentialAuditLogger with tests for success, failure, and lockout events.
- Introduced AuthorityAuditSink for persisting audit records with structured logging.
- Added CryptoPro related classes for certificate resolution and signing operations.
2025-11-09 12:21:38 +02:00

5.2 KiB
Raw Blame History

Sprint 116 - Ingestion & Evidence · 110.B) Concelier.V

Active items only. Completed/historic work now resides in docs/implplan/archived_sprints_tasks.md (updated 2025-11-08).

[Ingestion & Evidence] 110.B) Concelier.V Depends on: Sprint 110.B - Concelier.IV Summary: Ingestion & Evidence focus on Concelier (phase V).

Task ID State Task description Owners (Source)
CONCELIER-VULN-29-004 Observability enhancements TODO Instrument metrics/logs for observation + linkset pipelines (identifier collisions, withdrawn flags) and emit events consumed by Vuln Explorer resolver. Dependencies: CONCELIER-VULN-29-001. Concelier WebService Guild, Observability Guild (src/Concelier/StellaOps.Concelier.WebService)
CONCELIER-WEB-AIRGAP-56-001 Mirror import APIs TODO Extend ingestion endpoints to register mirror bundle sources, expose bundle catalog queries, and block external feed URLs in sealed mode. Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService)
CONCELIER-WEB-AIRGAP-56-002 Airgap status surfaces TODO Add staleness metadata and bundle provenance to advisory APIs (/advisories/observations, /advisories/linksets). Dependencies: CONCELIER-WEB-AIRGAP-56-001. Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService)
CONCELIER-WEB-AIRGAP-57-001 Error remediation TODO Map sealed-mode violations to AIRGAP_EGRESS_BLOCKED responses with user guidance. Dependencies: CONCELIER-WEB-AIRGAP-56-002. Concelier WebService Guild, AirGap Policy Guild (src/Concelier/StellaOps.Concelier.WebService)
CONCELIER-WEB-AIRGAP-58-001 Import timeline emission TODO Emit timeline events for bundle ingestion operations with bundle ID, scope, and actor metadata. Dependencies: CONCELIER-WEB-AIRGAP-57-001. Concelier WebService Guild, AirGap Importer Guild (src/Concelier/StellaOps.Concelier.WebService)
CONCELIER-WEB-AOC-19-003 Schema/guard unit tests TODO Add unit tests covering schema validation failures, forbidden field rejections (ERR_AOC_001/002/006/007), idempotent upserts, and supersedes chains using deterministic fixtures. Dependencies: CONCELIER-WEB-AOC-19-002. QA Guild (src/Concelier/StellaOps.Concelier.WebService)
CONCELIER-WEB-AOC-19-004 End-to-end ingest verification TODO Create integration tests ingesting large advisory batches (cold/warm) validating linkset enrichment, metrics emission, and reproducible outputs. Capture load-test scripts + doc notes for Offline Kit dry runs. Dependencies: CONCELIER-WEB-AOC-19-003. Concelier WebService Guild, QA Guild (src/Concelier/StellaOps.Concelier.WebService)
CONCELIER-WEB-AOC-19-005 Chunk evidence regression TODO (2025-11-08) Fix /advisories/{key}/chunks fixture seeding so AdvisoryChunksEndpoint tests stop returning 404/not-found when raw documents are pre-populated; ensure the Mongo migration no longer emits “Unable to locate advisory_raw documents” during WebService test boot. Dependencies: CONCELIER-WEB-AOC-19-002. Concelier WebService Guild, QA Guild (src/Concelier/StellaOps.Concelier.WebService)
CONCELIER-WEB-AOC-19-006 Allowlist ingest auth parity TODO (2025-11-08) Align WebService auth defaults with the test tokens so the allowlisted tenant can create an advisory before forbidden tenants are rejected in AdvisoryIngestEndpoint_RejectsTenantOutsideAllowlist. Dependencies: CONCELIER-WEB-AOC-19-002. Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService)
CONCELIER-WEB-AOC-19-007 AOC verify violation codes TODO (2025-11-08) Update AOC verify logic/fixtures so guard failures produce the expected ERR_AOC_001 payload (current regression returns ERR_AOC_004) while keeping mapper/guard parity exercised by the new tests. Dependencies: CONCELIER-WEB-AOC-19-002. Concelier WebService Guild, QA Guild (src/Concelier/StellaOps.Concelier.WebService)
CONCELIER-WEB-OAS-61-002 Error envelope migration TODO Ensure all API responses use standardized error envelope; update controllers/tests. Dependencies: CONCELIER-WEB-OAS-61-001. Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService)
CONCELIER-WEB-OAS-62-001 Examples expansion TODO Add curated examples for advisory observations/linksets/conflicts; integrate into dev portal. Dependencies: CONCELIER-WEB-OAS-61-002. Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService)
CONCELIER-WEB-OAS-63-001 Deprecation headers TODO Add Sunset/Deprecation headers for retiring endpoints and update documentation/notifications. Dependencies: CONCELIER-WEB-OAS-62-001. Concelier WebService Guild, API Governance Guild (src/Concelier/StellaOps.Concelier.WebService)
CONCELIER-WEB-OBS-51-001 Observability APIs TODO Surface ingest health metrics, queue depth, and SLO status via /obs/concelier/health endpoint for Console widgets, with caching and tenant partitioning. Dependencies: CONCELIER-WEB-OBS-50-001. Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService)
CONCELIER-WEB-OBS-52-001 Timeline streaming TODO Provide SSE stream /obs/concelier/timeline bridging to Timeline Indexer with paging tokens, guardrails, and audit logging. Dependencies: CONCELIER-WEB-OBS-51-001. Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService)