git.stella-ops.org/docs/implplan/SPRINT_0143_0000_0001_signals.md

Sprint 0143-0000-0001 · Signals

Topic & Scope

• Runtime & Signals stream focused on reachability ingestion, runtime facts, and scoring.
• Deliver CAS-backed callgraph ingestion for Java/Node.js/Python/Go plus runtime facts NDJSON/gzip ingestion with provenance enrichment.
• Produce reachability scoring engine with Redis-backed caching and signals.fact.updated events, honoring CAS remediation/waiver rules.
• Working directory: src/Signals/StellaOps.Signals

Dependencies & Concurrency

• Upstream sprints: 120.A (AirGap), 130.A (Scanner).
• Tasks sit in Signals; no cross-module coupling flagged beyond Authority (AUTH-SIG-26-001) for finished skeleton.
• Completed/historic work archived in docs/implplan/archived/tasks.md (last updated 2025-11-08).

Documentation Prerequisites

• docs/README.md; docs/07_HIGH_LEVEL_ARCHITECTURE.md; docs/modules/platform/architecture-overview.md.
• src/Signals/StellaOps.Signals/AGENTS.md.
• CAS waiver/remediation checklist dated 2025-11-17 for SIGNALS-24-002/004/005 scope.

Delivery Tracker

#	Task ID	Status	Key dependency / next step	Owners	Task Definition
1	SIGNALS-24-001	DONE (2025-11-09)	Dependency AUTH-SIG-26-001; merged host skeleton with scope policies and evidence validation.	Signals Guild, Authority Guild	Stand up Signals API skeleton with RBAC, sealed-mode config, DPoP/mTLS enforcement, and /facts scaffolding so downstream ingestion can begin.
2	SIGNALS-24-002	DOING (2025-11-07)	Remaining: CAS bucket promotion and signed graph manifests; depends on SIGNALS-24-001.	Signals Guild	Implement callgraph ingestion/normalization (Java/Node/Python/Go) with CAS persistence and retrieval APIs to feed reachability scoring.
3	SIGNALS-24-003	DONE (2025-11-17)	Runtime ingestion now enriches provenance metadata and triggers reachability recompute on ingest.	Signals Guild, Runtime Guild	Implement runtime facts ingestion endpoint and normalizer (process, sockets, container metadata) populating context_facts with AOC provenance.
4	SIGNALS-24-004	DONE (2025-11-17)	Scoring weights now configurable; runtime ingestion auto-triggers recompute into reachability_facts.	Signals Guild, Data Science	Deliver reachability scoring engine producing states/scores and writing to reachability_facts; expose configuration for weights.
5	SIGNALS-24-005	BLOCKED (2025-11-17)	Await Redis/event bus contract (keys, payload schema) before implementing caches + publish.	Signals Guild, Platform Events Guild	Implement Redis caches (reachability_cache:*), invalidation on new facts, and publish signals.fact.updated events.

Execution Log

Date (UTC)	Update	Owner
2025-10-29	Skeleton live with scope policies, stub endpoints, integration tests; sample configuration committed under etc/signals.yaml.sample.	Signals Guild
2025-10-29	JSON parsers for Java/Node.js/Python/Go implemented; artifacts stored with SHA-256 and callgraphs upserted into Mongo.	Signals Guild
2025-11-09	Signals host registers sealed-mode evidence validation, exposes /readyz//status, enforces scope policies, and adds /signals/facts/{subjectKey} retrieval plus runtime-facts ingestion backing services.	Signals Guild / Authority Guild
2025-11-09	Added /signals/callgraphs/{id} retrieval, sealed-mode gating, and CAS-backed artifact metadata responses; remaining work is CAS bucket promotion + signed graph manifests.	Signals Guild
2025-11-09	Added runtime facts ingestion service + endpoint, aggregated runtime hit storage, and unit tests; next steps are NDJSON/gzip ingestion and provenance metadata wiring.	Signals Guild / Runtime Guild
2025-11-09	Added /signals/runtime-facts/ndjson streaming endpoint (JSON/NDJSON + gzip) with sealed-mode gating; provenance/context enrichment + scoring linkage remain.	Signals Guild / Runtime Guild
2025-11-17	CAS remediation window (≤3 days for Critical/High) approved with signed waiver; proceed with SIGNALS-24-002/004/005.	Signals Guild
2025-11-17	CAS checklist in remediation window with risk waiver; continue DOING on SIGNALS-24-002 and unlock 24-004/005.	Signals Guild
2025-11-17	Normalised sprint to standard template and renamed from SPRINT_143_signals.md to SPRINT_0143_0000_0001_signals.md.	PM
2025-11-17	Reachability scoring weights moved to config; runtime facts ingestion now triggers recompute and persists states; added unit tests for scoring + runtime ingestion.	Signals Guild
2025-11-17	dotnet test src/Signals/StellaOps.Signals.sln aborted after long restore/build; warning NU1504 about duplicate PackageReference items in StellaOps.Signals.Tests persists—needs cleanup before rerun.	Signals Guild
2025-11-17	Runtime facts ingestion now stamps provenance metadata (source, ingestedAt, callgraphId) and recompute is triggered on ingest; targeted test run aborted mid-restore—rerun needed.	Signals Guild
2025-11-18	dotnet restore for StellaOps.Signals.Tests now succeeds (16.8s); dotnet test -v:diag --blame-hang-timeout 120s still running long—awaiting stable completion.	Signals Guild

Decisions & Risks

• CAS remediation window (≤3 days for Critical/High) running under signed waiver; track SIGNALS-24-002/004/005 for compliance.
• Callgraph CAS bucket promotion and signed manifests remain outstanding for SIGNALS-24-002; risk to scoring start if delayed.
• Runtime facts provenance/context enrichment and scoring linkage pending (SIGNALS-24-003); downstream scoring (24-004/005) can start only after completion.
• SIGNALS-24-005 blocked pending Redis cache + event payload contract (keys, expiry, signals.fact.updated schema) to avoid divergent implementations.
• Test run (dotnet test src/Signals/StellaOps.Signals.sln) interrupted; NU1504 duplicate PackageReference warning in StellaOps.Signals.Tests.csproj must be resolved and tests rerun for coverage.

Next Checkpoints

• Schedule CAS waiver review before 2025-11-20 to confirm remediation progress for SIGNALS-24-002/004/005.
• Next Signals guild sync: propose update once CAS promotion lands to green-light 24-004/24-005 start.