75c2bcafce
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
- Implemented LdapDistinguishedNameHelper for escaping RDN and filter values. - Created AuthorityCredentialAuditContext and IAuthorityCredentialAuditContextAccessor for managing credential audit context. - Developed StandardCredentialAuditLogger with tests for success, failure, and lockout events. - Introduced AuthorityAuditSink for persisting audit records with structured logging. - Added CryptoPro related classes for certificate resolution and signing operations.
4.4 KiB
4.4 KiB
Sprint 125 - Policy & Reasoning
Last updated: November 8, 2025. Implementation order is DOING → TODO → BLOCKED.
Focus areas below were split out of the previous combined sprint; execute sections in order unless noted.
Policy.III
Dependency: Sprint 120.C - Policy.II (must land before this track). Focus: Policy & Reasoning focus on Policy (phase III).
| # | Task ID & handle | State | Key dependency / next step | Owners |
|---|---|---|---|---|
| 1 | POLICY-ENGINE-29-003 | TODO | Surface path/scope awareness in determinations (signal optional/dev/test downgrade, runtime boost) for Vuln Explorer display (Deps: POLICY-ENGINE-29-002) | Policy Guild, SBOM Service Guild / src/Policy/StellaOps.Policy.Engine |
| 2 | POLICY-ENGINE-29-004 | TODO | Add metrics/logs for batch evaluation (latency, queue depth) and simulation diff counts; update dashboards (Deps: POLICY-ENGINE-29-003) | Policy Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine |
| 3 | POLICY-ENGINE-30-001 | TODO | Define overlay contract for graph nodes/edges (status, severity, rationale refs, path relevance), expose projection API for Cartographer, and document schema versioning (Deps: POLICY-ENGINE-29-004) | Policy Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine |
| 4 | POLICY-ENGINE-30-002 | TODO | Implement simulation bridge returning on-the-fly overlays for Cartographer/Graph Explorer when invoking Policy Engine simulate; ensure no writes and deterministic outputs (Deps: POLICY-ENGINE-30-001) | Policy Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine |
| 5 | POLICY-ENGINE-30-003 | TODO | Emit change events (policy.effective.updated) with graph-friendly payloads so Cartographer overlay worker refreshes nodes/edges within 2 minutes (Deps: POLICY-ENGINE-30-002) |
Policy Guild, Scheduler Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine |
| 6 | POLICY-ENGINE-30-101 | TODO | Surface trust weighting configuration (issuer base weights, signature modifiers, recency decay, scope adjustments) for VEX Lens via Policy Studio + API; ensure deterministic evaluation (Deps: POLICY-ENGINE-30-003) | Policy Guild / src/Policy/StellaOps.Policy.Engine |
| 7 | POLICY-ENGINE-31-001 | TODO | Expose policy knobs for Advisory AI (trust presets, temperature, token limits, plan ranking weights, TTLs) via Policy Studio and config APIs (Deps: POLICY-ENGINE-30-101) | Policy Guild / src/Policy/StellaOps.Policy.Engine |
| 8 | POLICY-ENGINE-31-002 | TODO | Provide batch endpoint delivering policy context (thresholds, obligations) consumed by Advisory AI remediation planner (Deps: POLICY-ENGINE-31-001) | Policy Guild / src/Policy/StellaOps.Policy.Engine |
| 9 | POLICY-ENGINE-32-101 | TODO | Define orchestrator policy_eval job schema, idempotency keys, and enqueue hooks triggered by advisory/VEX/SBOM events (Deps: POLICY-ENGINE-31-002) |
Policy Guild / src/Policy/StellaOps.Policy.Engine |
| 10 | POLICY-ENGINE-33-101 | TODO | Implement orchestrator-driven policy evaluation workers using SDK heartbeats, respecting throttles, and emitting SLO metrics (Deps: POLICY-ENGINE-32-101) | Policy Guild / src/Policy/StellaOps.Policy.Engine |
| 11 | POLICY-ENGINE-34-101 | TODO | Publish policy run ledger exports + SLO burn-rate metrics to orchestrator; ensure provenance chain links to Findings Ledger (Deps: POLICY-ENGINE-33-101) | Policy Guild / src/Policy/StellaOps.Policy.Engine |
| 12 | POLICY-ENGINE-35-201 | TODO | Expose deterministic policy snapshot API and evaluated findings stream keyed by policy version for exporter consumption (Deps: POLICY-ENGINE-34-101) | Policy Guild / src/Policy/StellaOps.Policy.Engine |
| 13 | POLICY-ENGINE-38-201 | TODO | Emit enriched policy violation events (decision rationale ids, risk bands) via orchestrator event bus for Notifications Studio (Deps: POLICY-ENGINE-35-201) | Policy Guild / src/Policy/StellaOps.Policy.Engine |
| 14 | POLICY-ENGINE-40-001 | TODO | Update severity/status evaluation pipelines to consume multiple source severities per linkset, supporting selection strategies (max, preferred source, policy-defined) (Deps: POLICY-ENGINE-38-201) | Policy Guild, Concelier Guild / src/Policy/StellaOps.Policy.Engine |
| 15 | POLICY-ENGINE-40-002 | TODO | Accept VEX linkset conflicts and provide rationale references in effective findings; ensure explain traces cite observation IDs (Deps: POLICY-ENGINE-40-001) | Policy Guild, Excititor Guild / src/Policy/StellaOps.Policy.Engine |