Files

Docs CI / lint-and-preview (push) Has been cancelled

Details

Add LDAP Distinguished Name Helper and Credential Audit Context

- Implemented LdapDistinguishedNameHelper for escaping RDN and filter values.
- Created AuthorityCredentialAuditContext and IAuthorityCredentialAuditContextAccessor for managing credential audit context.
- Developed StandardCredentialAuditLogger with tests for success, failure, and lockout events.
- Introduced AuthorityAuditSink for persisting audit records with structured logging.
- Added CryptoPro related classes for certificate resolution and signing operations.

2025-11-09 12:21:38 +02:00

4.8 KiB

Raw Blame History

Sprint 123 - Ingestion & Evidence · 110.C) Excititor.V

Active items only. Completed/historic work now resides in docs/implplan/archived_sprints_tasks.md (updated 2025-11-08).

[Ingestion & Evidence] 110.C) Excititor.V Depends on: Sprint 110.C - Excititor.IV Summary: Ingestion & Evidence focus on Excititor (phase V).

Prep: Read docs/modules/excititor/architecture.md and the Excititor component AGENTS.md files before touching this sprint’s tasks.

Task ID State Task description Owners (Source)

EXCITITOR-RISK-67-001 Explainability metadata TODO Include VEX justification, status reasoning, and source digests in explainability artifacts. Dependencies: EXCITITOR-RISK-66-002. Excititor Core Guild (src/Excititor/__Libraries/StellaOps.Excititor.Core)

EXCITITOR-RISK-68-001 Policy Studio integration TODO Surface VEX-specific gates/weights within profile editor UI and validation messages. Dependencies: EXCITITOR-RISK-67-001. Excititor Core Guild, Policy Studio Guild (src/Excititor/__Libraries/StellaOps.Excititor.Core)

EXCITITOR-SIG-26-001 Vendor exploitability hints TODO Surface vendor-provided exploitability indicators and affected symbol lists to Signals service via projection endpoints. Excititor Core Guild, Signals Guild (src/Excititor/__Libraries/StellaOps.Excititor.Core)

EXCITITOR-STORE-AOC-19-001 vex_raw schema validator TODO Define Mongo JSON schema for vex_raw enforcing required fields and forbidding derived/consensus/severity fields. Ship unit tests with Mongo2Go to validate rejects. Excititor Storage Guild (src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo)

EXCITITOR-STORE-AOC-19-002 idempotency unique index TODO Create (source.vendor, upstream.upstream_id, upstream.content_hash, tenant) unique index with backfill checker, updating migrations + bootstrapper for offline installs. Dependencies: EXCITITOR-STORE-AOC-19-001. Excititor Storage Guild (src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo)

EXCITITOR-STORE-AOC-19-003 append-only migration plan TODO Migrate legacy consensus collections to _backup_*, seed supersedes chain for raw docs, and document rollback path + dry-run verification. Dependencies: EXCITITOR-STORE-AOC-19-002. Excititor Storage Guild (src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo)

EXCITITOR-STORE-AOC-19-004 validator deployment docset TODO Update migration runbooks and Offline Kit packaging to bundle schema validator scripts, with smoke instructions for air-gapped clusters. Dependencies: EXCITITOR-STORE-AOC-19-003. Excititor Storage Guild, DevOps Guild (src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo)

EXCITITOR-TEN-48-001 Tenant-aware VEX linking TODO Apply tenant context to VEX linkers, enable RLS, and expose capability endpoint confirming aggregation-only behavior. Excititor Core Guild (src/Excititor/__Libraries/StellaOps.Excititor.Core)

EXCITITOR-VEXLENS-30-001 VEX evidence enrichers TODO Include issuer hints, signatures, and product trees in evidence payloads for VEX Lens; Label: VEX-Lens. Excititor WebService Guild, VEX Lens Guild (src/Excititor/StellaOps.Excititor.WebService)

EXCITITOR-VULN-29-001 VEX key canonicalization TODO Canonicalize (lossless) VEX advisory/product keys (map to advisory_key, capture product scopes); expose original sources in links[]; AOC-compliant: no merge, no derived fields, no suppression; backfill existing records. Excititor WebService Guild (src/Excititor/StellaOps.Excititor.WebService)

EXCITITOR-VULN-29-002 Evidence retrieval TODO Provide /vuln/evidence/vex/{advisory_key} returning raw VEX statements filtered by tenant/product scope for Explorer evidence tabs. Dependencies: EXCITITOR-VULN-29-001. Excititor WebService Guild (src/Excititor/StellaOps.Excititor.WebService)

EXCITITOR-VULN-29-004 Observability TODO Add metrics/logs for VEX normalization, suppression scopes, withdrawn statements; emit events consumed by Vuln Explorer resolver. Dependencies: EXCITITOR-VULN-29-002. Excititor WebService Guild, Observability Guild (src/Excititor/StellaOps.Excititor.WebService)

EXCITITOR-WEB-AIRGAP-56-001 TODO Support mirror bundle registration via APIs, expose bundle provenance in VEX responses, and block external connectors in sealed mode. Excititor WebService Guild (src/Excititor/StellaOps.Excititor.WebService)

EXCITITOR-WEB-AIRGAP-56-002 TODO Return VEX staleness metrics and time anchor info in API responses for Console/CLI use. Dependencies: EXCITITOR-WEB-AIRGAP-56-001. Excititor WebService Guild, AirGap Time Guild (src/Excititor/StellaOps.Excititor.WebService)

EXCITITOR-WEB-AIRGAP-57-001 TODO Map sealed-mode violations to standardized error payload with remediation guidance. Dependencies: EXCITITOR-WEB-AIRGAP-56-002. Excititor WebService Guild, AirGap Policy Guild (src/Excititor/StellaOps.Excititor.WebService)

Task ID	State	Task description	Owners (Source)
EXCITITOR-RISK-67-001 `Explainability metadata`	TODO	Include VEX justification, status reasoning, and source digests in explainability artifacts. Dependencies: EXCITITOR-RISK-66-002.	Excititor Core Guild (src/Excititor/__Libraries/StellaOps.Excititor.Core)
EXCITITOR-RISK-68-001 `Policy Studio integration`	TODO	Surface VEX-specific gates/weights within profile editor UI and validation messages. Dependencies: EXCITITOR-RISK-67-001.	Excititor Core Guild, Policy Studio Guild (src/Excititor/__Libraries/StellaOps.Excititor.Core)
EXCITITOR-SIG-26-001 `Vendor exploitability hints`	TODO	Surface vendor-provided exploitability indicators and affected symbol lists to Signals service via projection endpoints.	Excititor Core Guild, Signals Guild (src/Excititor/__Libraries/StellaOps.Excititor.Core)
EXCITITOR-STORE-AOC-19-001 `vex_raw schema validator`	TODO	Define Mongo JSON schema for `vex_raw` enforcing required fields and forbidding derived/consensus/severity fields. Ship unit tests with Mongo2Go to validate rejects.	Excititor Storage Guild (src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo)
EXCITITOR-STORE-AOC-19-002 `idempotency unique index`	TODO	Create `(source.vendor, upstream.upstream_id, upstream.content_hash, tenant)` unique index with backfill checker, updating migrations + bootstrapper for offline installs. Dependencies: EXCITITOR-STORE-AOC-19-001.	Excititor Storage Guild (src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo)
EXCITITOR-STORE-AOC-19-003 `append-only migration plan`	TODO	Migrate legacy consensus collections to `_backup_*`, seed supersedes chain for raw docs, and document rollback path + dry-run verification. Dependencies: EXCITITOR-STORE-AOC-19-002.	Excititor Storage Guild (src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo)
EXCITITOR-STORE-AOC-19-004 `validator deployment docset`	TODO	Update migration runbooks and Offline Kit packaging to bundle schema validator scripts, with smoke instructions for air-gapped clusters. Dependencies: EXCITITOR-STORE-AOC-19-003.	Excititor Storage Guild, DevOps Guild (src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo)
EXCITITOR-TEN-48-001 `Tenant-aware VEX linking`	TODO	Apply tenant context to VEX linkers, enable RLS, and expose capability endpoint confirming aggregation-only behavior.	Excititor Core Guild (src/Excititor/__Libraries/StellaOps.Excititor.Core)
EXCITITOR-VEXLENS-30-001 `VEX evidence enrichers`	TODO	Include issuer hints, signatures, and product trees in evidence payloads for VEX Lens; Label: VEX-Lens.	Excititor WebService Guild, VEX Lens Guild (src/Excititor/StellaOps.Excititor.WebService)
EXCITITOR-VULN-29-001 `VEX key canonicalization`	TODO	Canonicalize (lossless) VEX advisory/product keys (map to `advisory_key`, capture product scopes); expose original sources in `links[]`; AOC-compliant: no merge, no derived fields, no suppression; backfill existing records.	Excititor WebService Guild (src/Excititor/StellaOps.Excititor.WebService)
EXCITITOR-VULN-29-002 `Evidence retrieval`	TODO	Provide `/vuln/evidence/vex/{advisory_key}` returning raw VEX statements filtered by tenant/product scope for Explorer evidence tabs. Dependencies: EXCITITOR-VULN-29-001.	Excititor WebService Guild (src/Excititor/StellaOps.Excititor.WebService)
EXCITITOR-VULN-29-004 `Observability`	TODO	Add metrics/logs for VEX normalization, suppression scopes, withdrawn statements; emit events consumed by Vuln Explorer resolver. Dependencies: EXCITITOR-VULN-29-002.	Excititor WebService Guild, Observability Guild (src/Excititor/StellaOps.Excititor.WebService)
EXCITITOR-WEB-AIRGAP-56-001	TODO	Support mirror bundle registration via APIs, expose bundle provenance in VEX responses, and block external connectors in sealed mode.	Excititor WebService Guild (src/Excititor/StellaOps.Excititor.WebService)
EXCITITOR-WEB-AIRGAP-56-002	TODO	Return VEX staleness metrics and time anchor info in API responses for Console/CLI use. Dependencies: EXCITITOR-WEB-AIRGAP-56-001.	Excititor WebService Guild, AirGap Time Guild (src/Excititor/StellaOps.Excititor.WebService)
EXCITITOR-WEB-AIRGAP-57-001	TODO	Map sealed-mode violations to standardized error payload with remediation guidance. Dependencies: EXCITITOR-WEB-AIRGAP-56-002.	Excititor WebService Guild, AirGap Policy Guild (src/Excititor/StellaOps.Excititor.WebService)

4.8 KiB Raw Blame History Unescape Escape

Sprint 123 - Ingestion & Evidence · 110.C) Excititor.V

4.8 KiB

Raw Blame History