75c2bcafce
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
- Implemented LdapDistinguishedNameHelper for escaping RDN and filter values. - Created AuthorityCredentialAuditContext and IAuthorityCredentialAuditContextAccessor for managing credential audit context. - Developed StandardCredentialAuditLogger with tests for success, failure, and lockout events. - Introduced AuthorityAuditSink for persisting audit records with structured logging. - Added CryptoPro related classes for certificate resolution and signing operations.
2.8 KiB
2.8 KiB
Sprint 130 - Scanner & Surface
Phase focus: Scanner.I — Deno analyzer bring-up.
- Depends on: Sprint 110.A · AdvisoryAI (schema + advisory feeds)
- Feeds: Sprint 131 (Scanner.II) once artifacts below land.
Execute the tasks below strictly in order; each artifact unblocks the next analyzer stage.
| Order | Task ID | State | Summary | Owner / Source | Depends On |
|---|---|---|---|---|---|
| 1 | SCANNER-ANALYZERS-DENO-26-001 |
TODO | Build the deterministic input normalizer + VFS merger for deno.json(c), import maps, lockfiles, vendor trees, $DENO_DIR, and OCI layers so analyzers have a canonical file view. |
Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | — |
| 2 | SCANNER-ANALYZERS-DENO-26-002 |
TODO | Implement the module graph resolver covering static/dynamic imports, npm bridge, cache lookups, built-ins, WASM/JSON assertions, and annotate edges with their resolution provenance. | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | SCANNER-ANALYZERS-DENO-26-001 |
| 3 | SCANNER-ANALYZERS-DENO-26-003 |
TODO | Ship the npm/node compatibility adapter that maps npm: specifiers, evaluates exports conditionals, and logs builtin usage for policy overlays. |
Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | SCANNER-ANALYZERS-DENO-26-002 |
| 4 | SCANNER-ANALYZERS-DENO-26-004 |
TODO | Add the permission/capability analyzer covering FS/net/env/process/crypto/FFI/workers plus dynamic-import + literal fetch heuristics with reason codes. | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | SCANNER-ANALYZERS-DENO-26-003 |
| 5 | SCANNER-ANALYZERS-DENO-26-005 |
TODO | Build bundle/binary inspectors for eszip and deno compile executables to recover graphs, configs, embedded resources, and snapshots. |
Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | SCANNER-ANALYZERS-DENO-26-004 |
| 6 | SCANNER-ANALYZERS-DENO-26-006 |
TODO | Implement the OCI/container adapter that stitches per-layer Deno caches, vendor trees, and compiled binaries back into provenance-aware analyzer inputs. | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | SCANNER-ANALYZERS-DENO-26-005 |
| 7 | SCANNER-ANALYZERS-DENO-26-007 |
TODO | Produce AOC-compliant observation writers (entrypoints, modules, capability edges, workers, warnings, binaries) with deterministic reason codes. | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | SCANNER-ANALYZERS-DENO-26-006 |
| 8 | SCANNER-ANALYZERS-DENO-26-008 |
TODO | Finalize fixture + benchmark suite (vendor/npm/FFI/worker/dynamic import/bundle/cache/container cases) validating analyzer determinism and performance. | Deno Analyzer Guild, QA Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | SCANNER-ANALYZERS-DENO-26-007 |