stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
79b8e53441e92dbc63684f42072434d40b80275f
git.stella-ops.org/docs/modules/concelier/prep/2025-11-20-platform-events-and-lnm-21-002.md
master 79b8e53441
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Add new features and tests for AirGap and Time modules 
- Introduced `SbomService` tasks documentation.
- Updated `StellaOps.sln` to include new projects: `StellaOps.AirGap.Time` and `StellaOps.AirGap.Importer`.
- Added unit tests for `BundleImportPlanner`, `DsseVerifier`, `ImportValidator`, and other components in the `StellaOps.AirGap.Importer.Tests` namespace.
- Implemented `InMemoryBundleRepositories` for testing bundle catalog and item repositories.
- Created `MerkleRootCalculator`, `RootRotationPolicy`, and `TufMetadataValidator` tests.
- Developed `StalenessCalculator` and `TimeAnchorLoader` tests in the `StellaOps.AirGap.Time.Tests` namespace.
- Added `fetch-sbomservice-deps.sh` script for offline dependency fetching.
2025-11-20 23:29:54 +02:00

3.4 KiB
Raw Blame History

Concelier PREP Notes — 2025-11-20

Owner: Concelier Core Guild · Scheduler Guild · Data Science Guild Scope: Provide traceable prep outputs for PREP-CONCELIER-GRAPH-21-002-PLATFORM-EVENTS-S and PREP-CONCELIER-LNM-21-002-WAITING-ON-FINALIZE so downstream tasks can proceed without blocking on missing contracts.

1) sbom.observation.updated platform event (Graph-21-002)

  • Goal: publish deterministic, facts-only observation updates for graph overlays; no derived judgments.
  • Proposed envelope (draft for Scheduler/Platform Events review):
    • event_type: sbom.observation.updated
    • tenant_id (string, required)
    • advisory_ids (array of strings; upstream IDs as-ingested)
    • observation_ids (array of stable per-observation IDs emitted by LNM storage)
    • source (string; advisory source slug)
    • version_range (string; original upstream semantics)
    • occurred_at (ISO-8601 UTC, produced by Concelier at write time; deterministic)
    • trace (object; optional provenance pointers, DSSE envelope digest with alg/id fields)
  • Delivery and wiring expectations:
    • Publisher lives in StellaOps.Concelier.Core after linkset/observation persistence.
    • Scheduler binding: NATS/Redis topic concelier.sbom.observation.updated; ack + idempotent replay friendly; max delivery once semantics via message ID = <tenant>:<observation_id>::<digest>.
    • Telemetry: counter concelier_events_observation_updated_total{tenant,source,result}; log template includes tenant, advisory_id, observation_id, event_id.
    • Offline posture: allow emitting into local bus, enqueue to file-backed spool when offline; retry with deterministic ordering by (tenant, observation_id).
  • Open questions to resolve in impl task:
    • Final topic naming and DSSE requirement (optional vs required per deployment).
    • Whether to include component alias list in the event payload or expect consumers to join via API.

2) LNM fixtures + precedence markers (LNM-21-002)

  • Goal: unblock correlation pipelines and downstream linkset tasks by defining required fixture shape and precedence rules.
  • Fixture requirements (additive to frozen LNM v1 schema):
    • Provide at least three sources with conflicting severity/CVSS to exercise conflict markers.
    • Include overlapping version ranges to validate precedence tie-breakers.
    • Each fixture must include provenance (source, fetch_time, collector) and confidence hints.
  • Precedence rule proposal for review:
    1. Prefer explicit source ranking table (to be agreed) over recency.
    2. If ranking ties, prefer narrower version ranges, then higher confidence, then stable lexical order of (source, advisory_id).
    3. Never collapse conflicting fields; emit conflicts[] entries with reason codes severity-disagree, cvss-disagree, reference-disagree.
  • Delivery path for fixtures once agreed: src/Concelier/seed-data/lnm/v1/fixtures/*.json with deterministic ordering; wire into StellaOps.Concelier.Core.Tests harness.
  • Next actions captured for implementation task:
    • Confirm ranking table and conflict reason code list with Cartographer/Data Science.
    • Drop initial fixtures into the above path and reference them from the implementation tasks tests.

Handoff

  • This document is the published prep artefact requested by PREP-CONCELIER-GRAPH-21-002-PLATFORM-EVENTS-S and PREP-CONCELIER-LNM-21-002-WAITING-ON-FINALIZE. Downstream tasks should cite this file until the final schemas/fixtures are merged.