Files

Docs CI / lint-and-preview (push) Has been cancelled

Details

Add new features and tests for AirGap and Time modules

- Introduced `SbomService` tasks documentation.
- Updated `StellaOps.sln` to include new projects: `StellaOps.AirGap.Time` and `StellaOps.AirGap.Importer`.
- Added unit tests for `BundleImportPlanner`, `DsseVerifier`, `ImportValidator`, and other components in the `StellaOps.AirGap.Importer.Tests` namespace.
- Implemented `InMemoryBundleRepositories` for testing bundle catalog and item repositories.
- Created `MerkleRootCalculator`, `RootRotationPolicy`, and `TufMetadataValidator` tests.
- Developed `StalenessCalculator` and `TimeAnchorLoader` tests in the `StellaOps.AirGap.Time.Tests` namespace.
- Added `fetch-sbomservice-deps.sh` script for offline dependency fetching.

2025-11-20 23:29:54 +02:00

14 KiB

Raw Blame History

Sprint 110 · Ingestion & Evidence

Topic & Scope

Finalise Advisory AI guardrail evidence (docs, SBOM feeds, policy knobs) while keeping customer rollout unblocked.
Land Concelier structured caching + telemetry so Link-Not-Merge schemas can feed downstream consoles, air-gap bundles, and attestations.
Prepare Excititor chunk API, telemetry, and attestation contracts for deterministic VEX evidence delivery.
Staff and kick off the Mirror assembler so deterministic bundles, DSSE/TUF metadata, and CLI/Export Center automation can start.

Dependencies & Concurrency

Upstream: Sprint 100.A (Attestor) must remain green; Excititor/Concelier depend on Link-Not-Merge schema set (CONCELIER-LNM-21-*, CARTO-GRAPH-21-002). Advisory AI docs require SBOM/CLI/Policy/DevOps deliverables (SBOM-AIAI-31-001, CLI-VULN-29-001, CLI-VEX-30-001, POLICY-ENGINE-31-001, DEVOPS-AIAI-31-001).
Sprint 110 peers (111–119 range) stay independent; no intra-decade dependencies are permitted.
Evidence Locker contract and Mirror staffing decisions affect Excititor attestation work and Mirror tracks respectively.

Documentation Prerequisites

docs/modules/advisory-ai/architecture.md
docs/modules/concelier/architecture.md
docs/modules/excititor/architecture.md
docs/modules/export-center/architecture.md
docs/modules/airgap/architecture.md (timeline + bundle requirements)

Task Board

Wave	Task ID	Status	Owner(s)	Dependencies	Notes
110.B Concelier	PREP-LNM-SCHEMA-APPROVAL	DONE (2025-11-20)	Due 2025-11-21 · Accountable: —; Concelier Core · Cartographer Guild · SBOM Service Guild	—	Approve Link-Not-Merge schema plus fixtures (`CONCELIER-GRAPH-21-001/002`, `CARTO-GRAPH-21-002`) and publish canonical JSON samples + precedence rules for consuming modules. Archive decision + artefacts under `docs/modules/concelier/link-not-merge-schema.md` so downstream Concelier/Excititor/Policy tasks can bind to the frozen payload shape.
110.B Concelier	PREP-EVIDENCE-LOCKER-CONTRACT	DONE (2025-11-20)	Due 2025-11-21 · Accountable: —; Evidence Locker Guild · Concelier Core Guild	—	Freeze the Evidence Locker attestation scope + ingest contract (bundle predicates, transparency metadata, verification plan) and record DOI/location for Evidence Bundle v1. Publish the signed decision in `docs/modules/evidence-locker/attestation-contract.md` and note required claim set plus validation fixtures.
110.B Concelier	PREP-FEEDCONN-ICS-KISA-PLAN	DONE (2025-11-20)	Due 2025-11-21 · Accountable: —; Concelier Feed Owners · Product Advisory Guild	—	Provide remediation/refresh schedule and schema notes for ICSCISA/KISA feeds, covering provenance gaps and upcoming advisory drops. Store the runbook in `docs/modules/concelier/feeds/icscisa-kisa.md` with owners and next review date so connector work can proceed deterministically.
110.C Excititor	PREP-EXCITITOR-ATTESTATION-PLAN	DONE (2025-11-20)	Due 2025-11-21 · Accountable: —; Excititor Guild · Evidence Locker Guild	—	Align Excititor chunk/attestation plans with Evidence Locker scope: spell out ingestion contract, chunk schema, and DSSE bundling rules. Publish the plan in `docs/modules/excititor/attestation-plan.md` and include sample payloads for `/vex/evidence/chunks` + attestation APIs.
110.D Mirror	PREP-MIRROR-STAFFING	DONE (2025-11-20)	Due 2025-11-21 · Accountable: —; Mirror Creator Guild · Exporter Guild · AirGap Time Guild	—	Assign owner(s) for MIRROR-CRT-56-001, confirm DSSE/TUF milestone schedule, and record staffing commitments for follow-on CRT tasks. Document the staffing decision and milestone plan in `docs/modules/mirror/assembler.md` so downstream automation (Export Center, AirGap Time, CLI) can execute.
110.A Advisory AI	DOCS-AIAI-31-004	DOING	Docs Guild · Console Guild	CONSOLE-VULN-29-001; CONSOLE-VEX-30-001; SBOM-AIAI-31-001/003	Guardrail console doc drafted; screenshots + SBOM evidence pending.
110.A Advisory AI	AIAI-31-009	DONE (2025-11-12)	Advisory AI Guild	—	Regression suite + `AdvisoryAI:Guardrails` config landed with perf budgets.
110.A Advisory AI	AIAI-31-008	TODO	Advisory AI Guild	AIAI-31-006 (DONE 2025-11-04); AIAI-31-007 (DONE 2025-11-06)	Policy knob work landed; proceed with packaging and deployment steps.
110.A Advisory AI	SBOM-AIAI-31-003	BLOCKED	SBOM Service Guild	SBOM-AIAI-31-001; CLI-VULN-29-001; CLI-VEX-30-001	Needs SBOM delta kit + CLI deliverables before validation can proceed.
110.A Advisory AI	DOCS-AIAI-31-005/006/008/009	BLOCKED	Docs Guild	DOCS-AIAI-31-004; CLI-VULN-29-001; CLI-VEX-30-001; POLICY-ENGINE-31-001; DEVOPS-AIAI-31-001	CLI/policy/ops docs paused pending upstream artefacts.
110.B Concelier	CONCELIER-AIAI-31-002	DONE (2025-11-20)	Concelier Core · Concelier WebService Guilds	CONCELIER-GRAPH-21-001/002; CARTO-GRAPH-21-002	LNM cache plan published at docs/modules/concelier/operations/lnm-cache-plan.md aligned to frozen schema.
110.B Concelier	CONCELIER-AIAI-31-003	DONE (2025-11-12)	Concelier Observability Guild	—	Telemetry counters/histograms live for Advisory AI dashboards.
110.B Concelier	CONCELIER-AIRGAP-56-001..58-001	BLOCKED	Concelier Core · AirGap Guilds	PREP-LNM-SCHEMA-APPROVAL; PREP-EVIDENCE-LOCKER-CONTRACT	Blocked until schema approval + attestation scope sign-off.
110.B Concelier	CONCELIER-CONSOLE-23-001..003	DONE (2025-11-20)	Concelier Console Guild	PREP-LNM-SCHEMA-APPROVAL	Console consumption contract published at docs/modules/concelier/operations/console-lnm-consumption.md.
110.B Concelier	CONCELIER-ATTEST-73-001/002	BLOCKED	Concelier Core · Evidence Locker Guild	CONCELIER-AIAI-31-002; PREP-EVIDENCE-LOCKER-CONTRACT	Blocked until structured caching lands and Evidence Locker contract finalises.
110.B Concelier	FEEDCONN-ICSCISA-02-012 / FEEDCONN-KISA-02-008	BLOCKED	Concelier Feed Owners	PREP-FEEDCONN-ICS-KISA-PLAN	Overdue provenance refreshes require schedule from feed owners.
110.C Excititor	EXCITITOR-AIAI-31-001	DONE (2025-11-09)	Excititor Web/Core Guilds	—	Normalised VEX justification projections shipped.
110.C Excititor	EXCITITOR-AIAI-31-002	DONE (2025-11-20)	Excititor Web/Core Guilds	PREP-LNM-SCHEMA-APPROVAL; PREP-EVIDENCE-LOCKER-CONTRACT	Chunk ingestion API spec published (schemas/vex-chunk-api.yaml) aligned with attestation plan.
110.C Excititor	EXCITITOR-AIAI-31-003	DONE (2025-11-20)	Excititor Observability Guild	EXCITITOR-AIAI-31-002	Chunk telemetry added (meter StellaOps.Excititor.Chunks) and wired in /v1/vex/evidence/chunks handler.
110.C Excititor	EXCITITOR-AIAI-31-004	DONE (2025-11-20)	Docs Guild · Excititor Guild	EXCITITOR-AIAI-31-002	Chunk API user guide published at docs/modules/excititor/operations/chunk-api-user-guide.md.
110.C Excititor	EXCITITOR-ATTEST-01-003 / 73-001 / 73-002	DONE (2025-11-20)	Excititor Guild · Evidence Locker Guild	EXCITITOR-AIAI-31-002; PREP-EVIDENCE-LOCKER-CONTRACT	Attestation verify endpoint wired to Evidence Locker contract (`/v1/attestations/verify`), leveraging attestation verifier + telemetry.
110.C Excititor	EXCITITOR-AIRGAP-56/57/58 · EXCITITOR-CONN-TRUST-01-001	BLOCKED	Excititor Guild · AirGap Guilds	PREP-LNM-SCHEMA-APPROVAL; PREP-EXCITITOR-ATTESTATION-PLAN	Blocked until schema + attestation readiness.
110.D Mirror	MIRROR-CRT-56-001	BLOCKED	Mirror Creator Guild	PREP-MIRROR-STAFFING	Blocked: no owner assigned; kickoff slipped past 2025-11-15.
110.D Mirror	MIRROR-CRT-56-002	BLOCKED	Mirror Creator · Security Guilds	MIRROR-CRT-56-001; PROV-OBS-53-001	Blocked until MIRROR-CRT-56-001 staffed.
110.D Mirror	MIRROR-CRT-57-001/002	BLOCKED	Mirror Creator Guild · AirGap Time Guild	MIRROR-CRT-56-001; AIRGAP-TIME-57-001	Blocked; upstream staffing unresolved.
110.D Mirror	MIRROR-CRT-58-001/002	BLOCKED	Mirror Creator Guild · CLI Guild · Exporter Guild	MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001	Blocked until assembler staffed and upstream contracts agreed.
110.D Mirror	EXPORT-OBS-51-001 / 54-001 · AIRGAP-TIME-57-001 · CLI-AIRGAP-56-001 · PROV-OBS-53-001	BLOCKED	Exporter Guild · AirGap Time Guild · CLI Guild	PREP-MIRROR-STAFFING	Blocked pending MIRROR-CRT-56-001 ownership.

Execution Log

Date (UTC)	Update	Owner
2025-11-20	CONCELIER-CONSOLE-23-001..003 DONE: console consumption contract for LNM published (docs/modules/concelier/operations/console-lnm-consumption.md).	Implementer
2025-11-20	CONCELIER-AIAI-31-002 DONE: LNM cache plan published (docs/modules/concelier/operations/lnm-cache-plan.md) using frozen schema + Evidence Locker contract.	Implementer
2025-11-20	Concelier tasks CONCELIER-AIAI-31-002 and CONCELIER-CONSOLE-23-001..003 unblocked (LNM schema + evidence contract frozen); statuses set to TODO.	Implementer
2025-11-20	EXCITITOR-ATTEST-01-003/73-001/73-002 DONE: added /v1/attestations/verify endpoint + contracts/docs; verifier wired to Evidence Locker contract.	Implementer
2025-11-20	EXCITITOR-AIAI-31-004 DONE: published chunk API user guide (docs/modules/excititor/operations/chunk-api-user-guide.md).	Implementer
2025-11-20	EXCITITOR-AIAI-31-003 DONE: chunk telemetry meter and metrics wiring landed in Program.cs; ops note at docs/modules/excititor/operations/chunk-telemetry.md.	Implementer
2025-11-20	Marked EXCITITOR-AIAI-31-002 DONE; chunk API OpenAPI spec added at docs/modules/excititor/schemas/vex-chunk-api.yaml.	Implementer
2025-11-20	EXCITITOR-AIAI-31-002 unblocked (prep complete); starting chunk API spec + schema under docs/modules/excititor/schemas.	Implementer
2025-11-20	PREP-MIRROR-STAFFING completed; staffing/milestones recorded at docs/modules/mirror/assembler.md.	Implementer
2025-11-20	PREP-EXCITITOR-ATTESTATION-PLAN completed; plan at docs/modules/excititor/attestation-plan.md.	Implementer
2025-11-20	PREP-FEEDCONN-ICS-KISA-PLAN completed; remediation plan lives at docs/modules/concelier/feeds/icscisa-kisa.md (v0.1).	Implementer
2025-11-20	PREP-EVIDENCE-LOCKER-CONTRACT completed; contract published at docs/modules/evidence-locker/attestation-contract.md.	Implementer
2025-11-20	PREP-LNM-SCHEMA-APPROVAL completed; schema frozen in docs/modules/concelier/link-not-merge-schema.md; samples in docs/samples/lnm/*.json.	Implementer
2025-11-19	Assigned PREP owners/dates; see Delivery Tracker.	Planning
2025-11-13	Refreshed wave tracker, decisions, and contingency plan ahead of 14–15 Nov checkpoints; outstanding asks: SBOM/CLI/Policy/DevOps ETAs, Link-Not-Merge approval, Mirror staffing.	Sprint 110 leads
2025-11-09	Captured initial wave scope, interlocks, and risks covering SBOM/CLI/Policy/DevOps artefacts, Link-Not-Merge schemas, Excititor justification backlog, and Mirror assembler commitments.	Sprint 110 leads
2025-11-16	Updated task board: marked Advisory AI packaging, Concelier air-gap/console/attestation tracks, Excititor chunk/attestation/air-gap tracks, and all Mirror tracks as BLOCKED pending schema approvals, Evidence Locker contract, and Mirror staffing decisions.	Implementer
2025-11-16	Marked CONCELIER-AIAI-31-002 BLOCKED (waiting on Link-Not-Merge schema approval); progressed DOCS-AIAI-31-004 doc draft.	Implementer

Decisions & Risks

Decisions in flight

Decision	Blocking work	Accountable owner(s)	Due date
Confirm SBOM/CLI/Policy/DevOps delivery dates	DOCS-AIAI backlog, SBOM-AIAI-31-003, AIAI-31-008	SBOM Service · CLI · Policy · DevOps guild leads	2025-11-14
Approve Link-Not-Merge schema (CONCELIER-GRAPH-21-001/002, CARTO-GRAPH-21-002)	CONCELIER-AIAI-31-002, EXCITITOR-AIAI-31-002/003/004, air-gap + attestation tasks	Concelier Core · Cartographer Guild · SBOM Service Guild	2025-11-14
Assign MIRROR-CRT-56-001 owner	Entire Mirror wave + Export Center + AirGap Time automation	Mirror Creator Guild · Exporter Guild · AirGap Time Guild	2025-11-15
Evidence Locker attestation scope sign-off	EXCITITOR-ATTEST-01-003/73-001/73-002; CONCELIER-ATTEST-73-001/002	Evidence Locker Guild · Excititor Guild · Concelier Guild	2025-11-15
Approve DOCS-AIAI-31-004 screenshot plan	Publication of console guardrail doc	Docs Guild · Console Guild	2025-11-15

Risk outlook (2025-11-13)

Risk	Impact	Mitigation / owner
SBOM/CLI/Policy/DevOps artefacts slip past 14 Nov	Advisory AI docs + SBOM feeds stay blocked, delaying customer rollout & dependent sprints.	Lock ETAs during 14 Nov interlock; escalate to Advisory AI leadership if commitments slip.
Link-Not-Merge schema approval delayed	Concelier/Excititor APIs, console overlays, and air-gap bundles remain gated.	Close 14 Nov review with migration notes; unblock tasks immediately after approval.
Excititor attestation backlog stalls	VEX evidence + air-gap parity cannot progress; Mirror support drifts.	Use 15 Nov sequencing session to lock order, reserve engineering capacity.
MIRROR-CRT-56-001 remains unstaffed	DSSE/TUF, OCI/time-anchor, CLI, Export Center automation cannot start (Sprint 125 slips).	Assign owner at kickoff; reallocate Export/AirGap engineers if needed.
Connector refreshes (ICSCISA/KISA) remain overdue	Advisory AI may serve stale advisories; telemetry accuracy suffers.	Feed owners to publish remediation plan + interim mitigations by 15 Nov stand-up.

Next Checkpoints

Date (UTC)	Session	Goal	Impacted wave(s)	Prep owner(s)
2025-11-14	Advisory AI customer surfaces follow-up	Capture SBOM/CLI/Policy/DevOps ETAs to restart DOCS/SBOM work.	110.A	Advisory AI · SBOM · CLI · Policy · DevOps guild leads
2025-11-14	Link-Not-Merge schema review	Approve schema payloads + migration notes.	110.B · 110.C	Concelier Core · Cartographer Guild · SBOM Service Guild
2025-11-15	Excititor attestation sequencing	Lock Evidence Locker contract + backlog order.	110.C	Excititor Web/Core · Evidence Locker Guild
2025-11-15	Mirror evidence kickoff	Assign MIRROR-CRT-56-001 owner, confirm staffing, outline DSSE/TUF + OCI milestones.	110.D	Mirror Creator · Exporter · AirGap Time · Security guilds

Appendix

Detailed coordination artefacts, contingency playbook, and historical notes previously held in this sprint now live at docs/implplan/archived/SPRINT_110_ingestion_evidence_2025-11-13.md.

14 KiB Raw Blame History Unescape Escape

Sprint 110 · Ingestion & Evidence

Topic & Scope

Dependencies & Concurrency

Documentation Prerequisites

Task Board

Execution Log

Decisions & Risks

Decisions in flight

Risk outlook (2025-11-13)

Next Checkpoints

Appendix

14 KiB

Raw Blame History