1.2 MiB
1.2 MiB
| Task ID | Status | Status Date | Sprint | Owners | Directory | Task Description | Dependencies | New Sprint Name |
|---|---|---|---|---|---|---|---|---|
| PROGRAM-STAFF-1001 | DONE (2025-11-24) | 2025-11-24 | SPRINT_0100_0001_0001_program_management | Program Mgmt Guild | MIRROR-COORD-55-001 | MIRROR-COORD-55-001 | PGMI0101 | |
| MIRROR-COORD-55-001 | DONE (2025-11-24) | 2025-11-24 | SPRINT_0100_0001_0001_program_management | Program Mgmt Guild · Mirror Creator Guild | — | — | PGMI0101 | |
| ELOCKER-CONTRACT-2001 | DONE (2025-11-24) | 2025-11-24 | SPRINT_0200_0001_0001_attestation_coord | Evidence Locker Guild | docs/modules/evidence-locker/prep/2025-11-24-evidence-locker-contract.md | — | — | ATEL0101 |
| ATTEST-PLAN-2001 | DONE (2025-11-24) | 2025-11-24 | SPRINT_0200_0001_0001_attestation_coord | Evidence Locker Guild · Excititor Guild | docs/modules/attestor/prep/2025-11-24-attest-plan-2001.md | ELOCKER-CONTRACT-2001 | ATEL0101 | |
| FEED-REMEDIATION-1001 | BLOCKED (2025-11-24) | 2025-11-24 | SPRINT_0503_0001_0001_ops_devops_i | Concelier Feed Owners | Scope missing; needs remediation runbook from feed owners | — | FEFC0101 | |
| MIRROR-DSSE-REV-1501 | DONE (2025-11-24) | 2025-11-24 | SPRINT_0150_0001_0001_mirror_dsse | Mirror Creator Guild · Security Guild · Evidence Locker Guild | docs/implplan/updates/2025-11-24-mirror-dsse-rev-1501.md | — | — | ATEL0101 |
| AIRGAP-TIME-CONTRACT-1501 | DONE (2025-11-24) | 2025-11-24 | SPRINT_0150_0001_0002_mirror_time | AirGap Time Guild | docs/implplan/updates/2025-11-24-airgap-time-contract-1501.md | — | — | ATMI0102 |
| EXPORT-MIRROR-ORCH-1501 | DONE (2025-11-24) | 2025-11-24 | SPRINT_0150_0001_0003_mirror_orch | Exporter Guild · CLI Guild | docs/implplan/updates/2025-11-24-export-mirror-orch-1501.md | — | — | ATMI0102 |
| AIAI-31-007 | DONE | 2025-11-06 | SPRINT_0111_0001_0001_advisoryai | Advisory AI Guild | src/AdvisoryAI/StellaOps.AdvisoryAI | — | — | ADAI0101 |
| AGENTS-AIAI-UPDATE | DONE | 2025-11-17 | SPRINT_0111_0001_0001_advisoryai | PM Guild · Advisory AI Guild | src/AdvisoryAI; docs/modules/advisory-ai | Create src/AdvisoryAI/AGENTS.md charter covering roles, working agreements, allowed shared dirs, and required runbooks/tests. |
docs/modules/advisory-ai/architecture.md; docs/modules/platform/architecture-overview.md | AGNT0101 |
| LEDGER-29-006 | DONE (2025-10-19) | 2025-10-19 | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild | src/Findings/StellaOps.Findings.Ledger | Integrate attachment encryption (KMS envelope), signed URL issuance, CSRF protections for workflow endpoints; see archived tasks note. | LEDGER-29-005 | PLLG0101 |
| CARTO-GRAPH-21-002 | DONE | 2025-11-17 | SPRINT_113_concelier_ii | Cartographer Guild | src/Cartographer/Contracts | ATLN0101 approvals | Task #1 schema freeze | CAGR0101 |
| SURFACE-FS-01 | DONE (2025-11-24) | 2025-11-24 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS) | docs/modules/scanner/design/surface-fs.md | — | — | SCSS0101 |
| SURFACE-FS-02 | DONE (2025-11-24) | 2025-11-24 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | FileSurfaceManifestStore/Reader/Writer, path builder, cache options per surface-fs.md. |
SURFACE-FS-01 | SCSS0101 |
| SCANNER-ANALYZERS-LANG-10-309 | DONE (2025-10-21) | 2025-10-21 | SPRINT_0131_0001_0001_scanner_surface | Language Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang | Packaged language analyzers as restart-time plug-ins (manifest + host registration); artefacts in Offline Kit bundle. | — | SCSA0101 |
| SCANNER-ANALYZERS-PHP-27-001 | BLOCKED (2025-11-24) | 2025-11-24 | SPRINT_0131_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Waiting on PHP analyzer bootstrap spec/fixtures (composer/VFS schema, offline kit target). | — | SCSA0101 |
| SCANNER-ENTRYTRACE-18-508 | BLOCKED (2025-11-25) | 2025-11-25 | SPRINT_0136_0001_0001_scanner_surface | EntryTrace Guild | Depends on 18-503/504/505/506 outputs; awaiting upstream EntryTrace baseline. | — | SCSS0101 | |
| SCANNER-SECRETS-02 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0136_0001_0001_scanner_surface | Secrets Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | Provider chain implemented (primary + fallback) with DI wiring; tests added (StellaOps.Scanner.Surface.Secrets.Tests). |
SURFACE-SECRETS-01 | SCSS0101 |
| SCANNER-SURFACE-01 | BLOCKED (2025-11-25) | 2025-11-25 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild | Task definition/contract missing; needs scope before implementation. | — | SCSS0101 | |
| SCANNER-ANALYZERS-PHP-27-001 | BLOCKED (2025-11-24) | 2025-11-24 | SPRINT_0131_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Waiting on PHP analyzer bootstrap spec/fixtures (composer/VFS schema, offline kit target). | — | SCSA0101 |
| SCANNER-ENTRYTRACE-18-508 | BLOCKED (2025-11-25) | 2025-11-25 | SPRINT_0136_0001_0001_scanner_surface | EntryTrace Guild | Depends on 18-503/504/505/506 outputs; awaiting upstream EntryTrace baseline. | — | SCSS0101 | |
| SCANNER-SECRETS-02 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0136_0001_0001_scanner_surface | Secrets Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | Provider chain implemented (primary + fallback) with DI wiring; tests added (StellaOps.Scanner.Surface.Secrets.Tests). |
SURFACE-SECRETS-01 | SCSS0101 |
| SCANNER-SURFACE-01 | BLOCKED (2025-11-25) | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild | — | — | SCSS0101 | ||
| CARTO-GRAPH-21-002 | DONE | 2025-11-17 | SPRINT_113_concelier_ii | Cartographer Guild | src/Cartographer/Contracts | ATLN0101 approvals | Task #1 schema freeze | CAGR0101 |
| POLICY-ENGINE-27-004 | DONE (2025-10-19) | 2025-10-19 | SPRINT_0120_0001_0001_policy_reasoning | Policy Guild (src/Policy/StellaOps.Policy.Engine) | src/Policy/StellaOps.Policy.Engine | Update golden/property tests to cover coverage metadata, symbol tables, explain traces, and complexity limits; fixtures for Registry/Console integration. Completed in Sprint 120 (archived tasks). | POLICY-ENGINE-27-003 | PLPE0102 |
| --JOB-ORCHESTRATOR-DOCS-0001 | DONE (2025-11-19) | 2025-11-19 | SPRINT_0323_0001_0001_docs_modules_orchestrator | Docs Guild (docs/modules/orchestrator) | docs/modules/orchestrator | ORGR0102 outline; mapped to ORCH-DOCS-0001 README/diagram refresh. | — | DOOR0101 |
| --JOB-ORCH-ENG-0001 | DONE | SPRINT_0323_0001_0001_docs_modules_orchestrator | Module Team (docs/modules/orchestrator) | docs/modules/orchestrator | ORGR0102 outline | DOOR0101 | ||
| --JOB-ORCH-OPS-0001 | DONE | SPRINT_0323_0001_0001_docs_modules_orchestrator | Ops Guild (docs/modules/orchestrator) | docs/modules/orchestrator | DOOR0101 doc structure | DOOR0101 | ||
| 24-001 | DONE | 2025-11-09 | SPRINT_0140_0001_0001_runtime_signals | Signals Guild | src/Signals/StellaOps.Signals | — | — | SGSI0101 |
| 24-002 | BLOCKED (2025-11-19) | 2025-11-07 | SPRINT_0140_0001_0001_runtime_signals | Signals Guild | src/Signals/StellaOps.Signals | Surface cache availability | CAS promotion (PREP-SIGNALS-24-002) pending | SGSI0101 |
| 24-003 | BLOCKED (2025-11-19) | 2025-11-09 | SPRINT_0140_0001_0001_runtime_signals | Signals Guild | src/Signals/StellaOps.Signals | Runtime facts ingestion + provenance enrichment | CAS promotion + provenance schema pending | SGSI0101 |
| 24-004 | BLOCKED | 2025-10-27 | SPRINT_0140_0001_0001_runtime_signals | Signals Guild | src/Signals/StellaOps.Signals | Authority scopes + 24-003 | Authority scopes + 24-003 | SGSI0101 |
| 24-005 | BLOCKED | 2025-10-27 | SPRINT_0140_0001_0001_runtime_signals | Signals Guild | src/Signals/StellaOps.Signals | 24-004 scoring outputs | 24-004 scoring outputs | SGSI0101 |
| 29-007 | DONE | 2025-11-17 | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild · Observability Guild | src/Findings/StellaOps.Findings.Ledger | LEDGER-29-007 | LEDGER-29-006 | PLLG0104 |
| 29-008 | DONE | 2025-11-22 | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild · QA Guild | src/Findings/StellaOps.Findings.Ledger | 29-007 | LEDGER-29-007 | PLLG0104 |
| 29-009 | BLOCKED | 2025-11-17 | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild · DevOps Guild | src/Findings/StellaOps.Findings.Ledger | 29-008 | LEDGER-29-008 | PLLG0104 |
| 30-001 | BLOCKED | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | — | Awaiting VEX normalization + issuer directory + API governance specs | PLVL0102 |
| 30-002 | BLOCKED | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-001 | VEXLENS-30-001 | PLVL0102 |
| 30-003 | BLOCKED | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · Issuer Directory Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-002 | VEXLENS-30-002 | PLVL0102 |
| 30-004 | BLOCKED | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · Policy Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-003 | VEXLENS-30-003 | PLVL0102 |
| 30-005 | BLOCKED | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-004 | VEXLENS-30-004 | PLVL0102 |
| 30-006 | BLOCKED | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · Findings Ledger Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-005 | VEXLENS-30-005 | PLVL0102 |
| 30-007 | BLOCKED | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-006 | VEXLENS-30-006 | PLVL0102 |
| 30-008 | BLOCKED | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · Policy Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-007 | VEXLENS-30-007 | PLVL0102 |
| 30-009 | BLOCKED | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · Observability Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-008 | VEXLENS-30-008 | PLVL0102 |
| 30-010 | BLOCKED | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · QA Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-009 | VEXLENS-30-009 | PLVL0102 |
| 30-011 | BLOCKED | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · DevOps Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-010 | VEXLENS-30-010 | PLVL0103 |
| 31-008 | DONE (2025-11-22) | 2025-11-22 | SPRINT_110_ingestion_evidence | Advisory AI Guild | src/AdvisoryAI/StellaOps.AdvisoryAI | Remote inference packaging delivered with on-prem container + manifests. | AIAI-31-006; AIAI-31-007 | ADAI0101 |
| 31-009 | DONE | 2025-11-12 | SPRINT_110_ingestion_evidence | Advisory AI Guild | src/AdvisoryAI/StellaOps.AdvisoryAI | — | — | ADAI0101 |
| 34-101 | DONE | 2025-11-22 | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild | src/Findings/StellaOps.Findings.Ledger | 29-009 | LEDGER-29-009 | PLLG0104 |
| 401-004 | BLOCKED | 2025-11-25 | SPRINT_0401_0001_0001_reachability_evidence_chain | Replay Core Guild | src/__Libraries/StellaOps.Replay.Core |
Signals facts stable (SGSI0101) | Blocked: awaiting SGSI0101 runtime facts + CAS policy from GAP-REP-004 | RPRC0101 |
| BENCH-DETERMINISM-401-057 | DONE (2025-11-27) | 2025-11-27 | SPRINT_0512_0001_0001_bench | Bench Guild · Signals Guild · Policy Guild | src/Bench/StellaOps.Bench/Determinism | Determinism harness + mock scanner; manifests/results generated; CI workflow bench-determinism enforces threshold; defaults to 10 runs; supports frozen feed manifests via DET_EXTRA_INPUTS; offline runner available. |
Feed-freeze hash + SBOM/VEX bundle list (SPRINT_0401) | |
| 41-001 | DONE (2025-11-30) | 2025-11-30 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild | src/TaskRunner/StellaOps.TaskRunner | — | Contract implemented per docs/modules/taskrunner/architecture.md; run API/storage/provenance ready. |
ORTR0101 |
| 44-001 | BLOCKED | 2025-11-25 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · DevEx Guild (ops/deployment) | ops/deployment | — | Waiting on consolidated service list/version pins from upstream module releases (mirrors Compose-44-001 block) | DVDO0103 |
| 44-002 | BLOCKED | 2025-11-25 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild (ops/deployment) | ops/deployment | 44-001 | Blocked until 44-001 unblocks | DVDO0103 |
| 44-003 | BLOCKED | 2025-11-25 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Docs Guild (ops/deployment) | ops/deployment | 44-002 | Blocked until 44-002 unblocks | DVDO0103 |
| 45-001 | BLOCKED | 2025-11-25 | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment Guild (ops/deployment) | ops/deployment | 44-003 | 44-003 | DVDO0103 |
| 45-002 | BLOCKED | 2025-11-25 | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment Guild · Security Guild (ops/deployment) | ops/deployment | 45-001 | 45-001 | DVDO0103 |
| 45-003 | BLOCKED | 2025-11-25 | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment Guild · Observability Guild (ops/deployment) | ops/deployment | 45-002 | 45-002 | DVDO0103 |
| 50-002 | DONE (2025-11-27) | SPRINT_0170_0001_0001_notifications_telemetry | Telemetry Core Guild | src/Telemetry/StellaOps.Telemetry.Core | SGSI0101 feed availability | SGSI0101 feed availability | TLTY0101 | |
| 51-002 | BLOCKED | 2025-11-25 | SPRINT_0170_0001_0001_notifications_telemetry | Telemetry Core Guild · Observability Guild · Security Guild | src/Telemetry/StellaOps.Telemetry.Core | OBS-50 baselines | Waiting on OBS-50 baselines and ORCH-OBS-50-001 schemas | TLTY0101 |
| 54-001 | BLOCKED | 2025-11-25 | SPRINT_0503_0001_0001_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | Await PGMI0101 staffing confirmation | Staffing not assigned (PROGRAM-STAFF-1001) | AGCO0101 | |
| 56-001 | BLOCKED | 2025-11-25 | SPRINT_0170_0001_0001_notifications_telemetry | Telemetry Core Guild · Observability Guild | src/Telemetry/StellaOps.Telemetry.Core | SGSI0101 provenance | Blocked: SGSI0101 provenance feed/contract pending | TLTY0101 |
| 58 series | BLOCKED | 2025-11-25 | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild · AirGap Guilds · Evidence Locker Guild | src/Findings/StellaOps.Findings.Ledger | Placeholder for LEDGER-AIRGAP-56/57/58 chain | Blocked on LEDGER-AIRGAP-56-002 staleness spec and AirGap time anchors | PLLG0102 |
| 61-001 | DONE | 2025-11-18 | SPRINT_0511_0001_0001_api | API Governance Guild | src/Api/StellaOps.Api.Governance | Spectral config + CI lint job | — | APIG0101 |
| 61-002 | DONE | 2025-11-18 | SPRINT_0511_0001_0001_api | API Governance Guild | src/Api/StellaOps.Api.Governance | Example coverage checker | 61-001 | APIG0101 |
| 62-001 | BLOCKED | 2025-11-25 | SPRINT_206_devportal | DevPortal Guild | src/DevPortal/StellaOps.DevPortal.Site | APIG0101 outputs | Waiting on APIG0101 outputs / API baseline | DEVL0101 |
| 62-002 | BLOCKED | 2025-11-25 | SPRINT_206_devportal | DevPortal Guild | src/DevPortal/StellaOps.DevPortal.Site | 62-001 | Blocked: 62-001 not delivered | DEVL0101 |
| 63-001 | BLOCKED | 2025-11-25 | SPRINT_206_devportal | DevPortal Guild · Platform Guild | src/DevPortal/StellaOps.DevPortal.Site | 62-002 | Blocked: 62-002 outstanding | DEVL0101 |
| 63-002 | BLOCKED | 2025-11-25 | SPRINT_206_devportal | DevPortal Guild · SDK Generator Guild | src/DevPortal/StellaOps.DevPortal.Site | 63-001 | Blocked: 63-001 outstanding | DEVL0101 |
| 63-003 | BLOCKED | 2025-11-25 | SPRINT_0208_0001_0001_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | APIG0101 outputs | Waiting on APIG0101 outputs | SDKG0101 |
| 63-004 | BLOCKED | 2025-11-25 | SPRINT_0208_0001_0001_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | 63-003 | Blocked: 63-003 outstanding | SDKG0101 |
| 64-001 | BLOCKED | 2025-11-25 | SPRINT_206_devportal | DevPortal Guild · Export Center Guild | src/DevPortal/StellaOps.DevPortal.Site | Export profile review | Waiting on export profile review doc | DEVL0101 |
| 64-002 | BLOCKED | 2025-11-25 | SPRINT_160_export_evidence | DevPortal Offline + AirGap Controller Guilds | docs/modules/export-center/devportal-offline.md | Wait for Mirror staffing confirmation (001_PGMI0101) | Wait for Mirror staffing confirmation (001_PGMI0101) | DEVL0102 |
| 73-001 | DONE | 2025-11-03 | SPRINT_100_identity_signing | KMS Guild | src/__Libraries/StellaOps.Cryptography.Kms | Staffing + DSSE contract (PGMI0101, ATEL0101) | Staffing + DSSE contract (PGMI0101, ATEL0101) | KMSI0101 |
| 73-002 | DONE | 2025-11-03 | SPRINT_100_identity_signing | KMS Guild | src/__Libraries/StellaOps.Cryptography.Kms | Depends on #1, FIDO2 profile | FIDO2 | KMSI0101 |
| ADVISORY-AI-DOCS-0001 | DONE | 2025-11-24 | SPRINT_0312_0001_0001_docs_modules_advisory_ai | Docs Guild (docs/modules/advisory-ai) | docs/modules/advisory-ai | Align with ./AGENTS.md | — | DOAI0101 |
| AI-DOCS-0001 | DONE | 2025-11-24 | SPRINT_0312_0001_0001_docs_modules_advisory_ai | Docs Guild (docs/modules/advisory-ai) | docs/modules/advisory-ai | Sync into ../.. | — | DOAI0101 |
| AI-OPS-0001 | DONE | 2025-11-24 | SPRINT_0312_0001_0001_docs_modules_advisory_ai | Ops Guild (docs/modules/advisory-ai) | docs/modules/advisory-ai | Document outputs in ./README.md | — | DOAI0101 |
| AIAI-31-001 | DONE | 2025-11-09 | SPRINT_110_ingestion_evidence | Excititor Web/Core Guilds | src/AdvisoryAI/StellaOps.AdvisoryAI | Validate Excititor hand-off replay | Validate Excititor hand-off replay | ADAI0102 |
| AIAI-31-002 | DONE | 2025-11-18 | SPRINT_110_ingestion_evidence | Concelier Core · Concelier WebService Guilds | src/AdvisoryAI/StellaOps.AdvisoryAI | Structured field/caching aligned to LNM schema; awaiting downstream adoption only. | CONCELIER-GRAPH-21-001; CARTO-GRAPH-21-002 | ADAI0102 |
| AIAI-31-003 | DONE | 2025-11-12 | SPRINT_110_ingestion_evidence | Concelier Observability Guild | src/AdvisoryAI/StellaOps.AdvisoryAI | Await observability evidence upload | Await observability evidence upload | ADAI0102 |
| AIAI-31-004 | DONE (2025-12-04) | 2025-12-04 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Console Guild | docs/advisory-ai | Guardrail console guide refreshed with deterministic captures plus consolidated hash manifest (docs/advisory-ai/console-fixtures.sha256) and verification steps. |
CONSOLE-VULN-29-001; CONSOLE-VEX-30-001; SBOM-AIAI-31-003 | DOAI0101 |
| AIAI-31-005 | DONE (2025-11-25) | 2025-11-25 | SPRINT_110_ingestion_evidence | Docs Guild | DOCS-AIAI-31-004; CLI-VULN-29-001; CLI-VEX-30-001; POLICY-ENGINE-31-001; DEVOPS-AIAI-31-001 | DOCS-AIAI-31-004; CLI-VULN-29-001; CLI-VEX-30-001; POLICY-ENGINE-31-001; DEVOPS-AIAI-31-001 | DOAI0101 | |
| AIAI-31-006 | DONE | 2025-11-13 | SPRINT_0111_0001_0001_advisoryai | Docs Guild, Policy Guild (docs) | — | — | DOAI0101 | |
| AIAI-31-008 | DONE (2025-11-22) | 2025-11-22 | SPRINT_110_ingestion_evidence | Advisory AI Guild | Remote inference packaging delivered with on-prem container + manifests. | AIAI-31-006; AIAI-31-007 | DOAI0101 | |
| AIAI-31-009 | DONE | 2025-11-12 | SPRINT_110_ingestion_evidence | Advisory AI Guild | Regression suite + AdvisoryAI:Guardrails config landed with perf budgets. |
— | DOAI0101 | |
| AIRGAP-46-001 | BLOCKED | 2025-11-25 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Offline Kit Guild | ops/deployment | Needs Mirror staffing + DSSE plan (001_PGMI0101, 002_ATEL0101) | Waiting on Mirror staffing + DSSE plan (001_PGMI0101, 002_ATEL0101) | AGDP0101 |
| AIRGAP-56 | DONE (2025-11-24) | 2025-11-24 | SPRINT_110_ingestion_evidence | Excititor Guild · AirGap Guilds | docs/modules/airgap/airgap-mode.md | Air-gap ingest parity delivered against frozen LNM schema. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | AGCO0101 |
| AIRGAP-56-001 | DONE (2025-11-24) | 2025-11-24 | SPRINT_110_ingestion_evidence | Exporter Guild · AirGap Time Guild · CLI Guild | docs/modules/airgap/airgap-mode.md | Mirror import helpers and bundle catalog wired for sealed mode. | PROGRAM-STAFF-1001 | AGCO0101 |
| AIRGAP-56-001..58-001 | DONE (2025-11-24) | 2025-11-24 | SPRINT_110_ingestion_evidence | Concelier Core · AirGap Guilds | docs/modules/airgap/airgap-mode.md | Deterministic bundle + manifest/entry-trace and sealed-mode deploy runbook shipped. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ELOCKER-CONTRACT-2001 | AGCO0101 |
| AIRGAP-56-002 | DONE | SPRINT_0170_0001_0001_notifications_telemetry | Notifications Service Guild · DevOps Guild | src/Notify/StellaOps.Notify | NOTY0101 | |||
| AIRGAP-56-003 | DONE | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Exporter Guild | docs/modules/airgap | DOCS-AIRGAP-56-002 | DOCS-AIRGAP-56-002 | AIDG0101 |
| AIRGAP-56-004 | DONE | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Deployment Guild | docs/modules/airgap | AIRGAP-56-003 | DOCS-AIRGAP-56-003 | AIDG0101 |
| AIRGAP-57 | DONE (2025-11-24) | 2025-11-24 | SPRINT_110_ingestion_evidence | Excititor Guild · AirGap Guilds | docs/modules/airgap/airgap-mode.md | Air-gap bundle timeline/hooks completed. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | AGCO0101 |
| AIRGAP-57-001 | DONE | 2025-11-08 | SPRINT_100_identity_signing | Authority Core & Security Guild, DevOps Guild (src/Authority/StellaOps.Authority) | src/Authority/StellaOps.Authority | AUTH-AIRGAP-56-001; DEVOPS-AIRGAP-57-002 | KMSI0101 | |
| AIRGAP-57-002 | DOING | 2025-11-08 | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Authority Guild (ops/devops) | ops/devops | DVDO0101 | ||
| AIRGAP-57-003 | BLOCKED | 2025-11-25 | SPRINT_302_docs_tasks_md_ii | Docs Guild · CLI Guild | docs/modules/airgap | CLI & ops inputs | Blocked: waiting on CLI airgap contract (CLI-AIRGAP-56/57) and ops inputs | AIDG0101 |
| AIRGAP-57-004 | BLOCKED | 2025-11-25 | SPRINT_302_docs_tasks_md_ii | Docs Guild · Ops Guild | docs/modules/airgap | AIRGAP-57-003 | Blocked: upstream AIRGAP-57-003 | AIDG0101 |
| AIRGAP-58 | DONE (2025-11-24) | 2025-11-24 | SPRINT_110_ingestion_evidence | Excititor Guild · AirGap Guilds | docs/modules/airgap/airgap-mode.md | Import/export automation delivered for frozen schema. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | AGCO0101 |
| AIRGAP-58-001 | BLOCKED | 2025-11-25 | SPRINT_112_concelier_i | Concelier Core Guild · Evidence Locker Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Package advisory observations/linksets + provenance notes into portable bundles with timeline events. | Blocked: waiting on staleness/time-anchor spec (LEDGER-AIRGAP-56-002) and Concelier bundle contract | AGCN0101 |
| AIRGAP-58-002 | BLOCKED | 2025-11-25 | SPRINT_302_docs_tasks_md_ii | Docs Guild, Security Guild (docs) | docs/modules/airgap | Blocked: waiting on staleness/time-anchor spec and DOCS-AIRGAP-58-001 | AIDG0101 | |
| AIRGAP-58-003 | BLOCKED | 2025-11-25 | SPRINT_302_docs_tasks_md_ii | Docs Guild, DevEx Guild (docs) | docs/modules/airgap | Blocked: waiting on staleness/time-anchor spec and DOCS-AIRGAP-58-001 | AIDG0101 | |
| AIRGAP-58-004 | BLOCKED | 2025-11-25 | SPRINT_302_docs_tasks_md_ii | Docs Guild, Evidence Locker Guild (docs) | docs/modules/airgap | Blocked: waiting on staleness/time-anchor spec and DOCS-AIRGAP-58-001 | AIDG0101 | |
| AIRGAP-CTL-56-001 | DONE (2025-11-26) | 2025-11-26 | SPRINT_510_airgap | AirGap Controller Guild | src/AirGap/StellaOps.AirGap.Controller | Implement airgap_state persistence, seal/unseal state machine, and Authority scope checks (airgap:seal, airgap:status:read). |
— | AGCT0101 |
| AIRGAP-CTL-56-002 | DONE (2025-11-26) | 2025-11-26 | SPRINT_510_airgap | AirGap Controller Guild · DevOps Guild | src/AirGap/StellaOps.AirGap.Controller | Expose GET /system/airgap/status, POST /system/airgap/seal, integrate policy hash validation, and return staleness/time anchor placeholders. Dependencies: AIRGAP-CTL-56-001. |
— | AGCT0101 |
| AIRGAP-CTL-57-001 | BLOCKED (2025-11-25 · disk full) | 2025-11-25 | SPRINT_510_airgap | AirGap Controller Guild | src/AirGap/StellaOps.AirGap.Controller | Add startup diagnostics that block application run when sealed flag set but egress policies missing; emit audit + telemetry. Dependencies: AIRGAP-CTL-56-002. | Disk full; waiting for workspace cleanup | AGCT0101 |
| AIRGAP-CTL-57-002 | BLOCKED (2025-11-25 · disk full) | 2025-11-25 | SPRINT_510_airgap | AirGap Controller Guild · Observability Guild | src/AirGap/StellaOps.AirGap.Controller | Instrument seal/unseal events with trace/log fields and timeline emission (airgap.sealed, airgap.unsealed). Dependencies: AIRGAP-CTL-57-001. |
Blocked on 57-001 and disk space | AGCT0101 |
| AIRGAP-CTL-58-001 | BLOCKED (2025-11-25 · disk full) | 2025-11-25 | SPRINT_510_airgap | AirGap Controller Guild · AirGap Time Guild | src/AirGap/StellaOps.AirGap.Controller | Persist time anchor metadata, compute drift seconds, and surface staleness budgets in status API. Dependencies: AIRGAP-CTL-57-002. | Blocked on 57-002 and disk space | AGCT0101 |
| AIRGAP-DEVPORT-64-001 | DONE (2025-11-23) | 2025-11-23 | SPRINT_302_docs_tasks_md_ii | Docs Guild · DevPortal Offline Guild | docs/modules/export-center/devportal-offline.md | Depends on 071_AGCO0101 manifest decisions | Depends on 071_AGCO0101 manifest decisions | DEVL0102 |
| AIRGAP-IMP-56-001 | DONE (2025-11-20) | 2025-11-20 | SPRINT_510_airgap | AirGap Importer Guild | src/AirGap/StellaOps.AirGap.Importer | Implement DSSE verification helpers, TUF metadata parser (root.json, snapshot.json, timestamp.json), and Merkle root calculator. |
— | AGIM0101 |
| AIRGAP-IMP-56-002 | DONE (2025-11-20) | 2025-11-20 | SPRINT_510_airgap | AirGap Importer Guild · Security Guild | src/AirGap/StellaOps.AirGap.Importer | Introduce root rotation policy validation (dual approval) and signer trust store management. Dependencies: AIRGAP-IMP-56-001. | — | AGIM0101 |
| AIRGAP-IMP-57-001 | DONE (2025-11-20) | 2025-11-20 | SPRINT_510_airgap | AirGap Importer Guild | src/AirGap/StellaOps.AirGap.Importer | Write bundle_catalog and bundle_items repositories with RLS + deterministic migrations. Dependencies: AIRGAP-IMP-56-002. |
— | AGIM0101 |
| AIRGAP-IMP-57-002 | BLOCKED (2025-11-25 · disk full) | 2025-11-25 | SPRINT_510_airgap | AirGap Importer Guild · DevOps Guild | src/AirGap/StellaOps.AirGap.Importer | Implement object-store loader storing artifacts under tenant/global mirror paths with Zstandard decompression and checksum validation. Dependencies: AIRGAP-IMP-57-001. | Blocked on disk space and controller telemetry | AGIM0101 |
| AIRGAP-IMP-58-001 | BLOCKED (2025-11-25) | 2025-11-25 | SPRINT_510_airgap | AirGap Importer Guild · CLI Guild | src/AirGap/StellaOps.AirGap.Importer | Implement API (POST /airgap/import, /airgap/verify) and CLI commands wiring verification + catalog updates, including diff preview. Dependencies: AIRGAP-IMP-57-002. |
Blocked on 57-002 | AGIM0101 |
| AIRGAP-IMP-58-002 | BLOCKED (2025-11-25) | 2025-11-25 | SPRINT_510_airgap | AirGap Importer Guild · Observability Guild | src/AirGap/StellaOps.AirGap.Importer | Emit timeline events (airgap.import.started. Dependencies: AIRGAP-IMP-58-001. |
Blocked on 58-001 | AGIM0101 |
| AIRGAP-TIME-57-001 | DONE (2025-11-20) | 2025-11-20 | SPRINT_0503_0001_0001_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | src/AirGap/StellaOps.AirGap.Time | PROGRAM-STAFF-1001; AIRGAP-TIME-CONTRACT-1501 | PROGRAM-STAFF-1001; AIRGAP-TIME-CONTRACT-1501 | ATMI0102 |
| AIRGAP-TIME-57-002 | BLOCKED (2025-11-25) | 2025-11-25 | SPRINT_510_airgap | AirGap Time Guild · Observability Guild | src/AirGap/StellaOps.AirGap.Time | Add telemetry counters for time anchors (airgap_time_anchor_age_seconds) and alerts for approaching thresholds. Dependencies: AIRGAP-TIME-57-001. |
Blocked pending controller telemetry and disk space | AGTM0101 |
| AIRGAP-TIME-58-001 | BLOCKED (2025-11-25) | 2025-11-25 | SPRINT_510_airgap | AirGap Time Guild | src/AirGap/StellaOps.AirGap.Time | Persist drift baseline, compute per-content staleness (advisories, VEX, policy) based on bundle metadata, and surface through controller status API. Dependencies: AIRGAP-TIME-57-002. | Blocked on 57-002 | AGTM0101 |
| AIRGAP-TIME-58-002 | BLOCKED (2025-11-25) | 2025-11-25 | SPRINT_510_airgap | AirGap Time Guild, Notifications Guild (src/AirGap/StellaOps.AirGap.Time) | src/AirGap/StellaOps.AirGap.Time | Emit notifications and timeline events when staleness budgets breached or approaching. Dependencies: AIRGAP-TIME-58-001. | Blocked on 58-001 | AGTM0101 |
| ANALYZERS-DENO-26-001 | DONE | SPRINT_130_scanner_surface | Deno Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Bootstrap analyzer helpers | Bootstrap analyzer helpers | SCSA0201 | |
| ANALYZERS-DENO-26-002 | DONE | SPRINT_130_scanner_surface | Deno Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Depends on #1 | SCANNER-ANALYZERS-DENO-26-001 | SCSA0201 | |
| ANALYZERS-DENO-26-003 | DONE | SPRINT_130_scanner_surface | Deno Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Depends on #2 | SCANNER-ANALYZERS-DENO-26-002 | SCSA0201 | |
| ANALYZERS-DENO-26-004 | DONE | SPRINT_130_scanner_surface | Deno Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Depends on #3 | SCANNER-ANALYZERS-DENO-26-003 | SCSA0201 | |
| ANALYZERS-DENO-26-005 | DONE | SPRINT_130_scanner_surface | Deno Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Depends on #4 | SCANNER-ANALYZERS-DENO-26-004 | SCSA0201 | |
| ANALYZERS-DENO-26-006 | DONE | SPRINT_130_scanner_surface | Deno Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Depends on #5 | SCANNER-ANALYZERS-DENO-26-005 | SCSA0201 | |
| ANALYZERS-DENO-26-007 | DONE | SPRINT_130_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | SCANNER-ANALYZERS-DENO-26-006 | SCANNER-ANALYZERS-DENO-26-006 | SCSA0102 | |
| ANALYZERS-DENO-26-008 | DONE | SPRINT_130_scanner_surface | Deno Analyzer Guild, QA Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | SCANNER-ANALYZERS-DENO-26-007 | SCANNER-ANALYZERS-DENO-26-007 | SCSA0102 | |
| ANALYZERS-DENO-26-009 | TODO | SPRINT_131_scanner_surface | Deno Analyzer Guild, Signals Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | SCANNER-ANALYZERS-DENO-26-008 | SCANNER-ANALYZERS-DENO-26-008 | SCSA0101 | |
| ANALYZERS-DENO-26-010 | TODO | SPRINT_131_scanner_surface | Deno Analyzer Guild, DevOps Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | SCANNER-ANALYZERS-DENO-26-009 | SCANNER-ANALYZERS-DENO-26-009 | SCSA0101 | |
| ANALYZERS-DENO-26-011 | TODO | SPRINT_131_scanner_surface | Deno Analyzer Guild · Signals Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Depends on ANALYZERS-DENO-26-010 + telemetry schema | SCANNER-ANALYZERS-DENO-26-010 | SCSA0202 | |
| ANALYZERS-JAVA-21-005 | TODO | SPRINT_131_scanner_surface | Java Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | SCANNER-ANALYZERS-JAVA-21-004 | SCANNER-ANALYZERS-JAVA-21-004 | SCSA0301 | |
| ANALYZERS-JAVA-21-006 | TODO | SPRINT_131_scanner_surface | Java Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Depends on #1 | SCANNER-ANALYZERS-JAVA-21-005 | SCSA0301 | |
| ANALYZERS-JAVA-21-007 | TODO | SPRINT_131_scanner_surface | Java Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Depends on #2 | SCANNER-ANALYZERS-JAVA-21-006 | SCSA0301 | |
| ANALYZERS-JAVA-21-008 | BLOCKED | 2025-10-27 | SPRINT_131_scanner_surface | Java Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | SCANNER-ANALYZERS-JAVA-21-007 | SCANNER-ANALYZERS-JAVA-21-007 | SCSA0102 |
| ANALYZERS-JAVA-21-009 | TODO | SPRINT_131_scanner_surface | Java Analyzer Guild, QA Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | SCANNER-ANALYZERS-JAVA-21-008 | SCANNER-ANALYZERS-JAVA-21-008 | SCSA0102 | |
| ANALYZERS-JAVA-21-010 | TODO | SPRINT_131_scanner_surface | Java Analyzer Guild, Signals Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | SCANNER-ANALYZERS-JAVA-21-009 | SCANNER-ANALYZERS-JAVA-21-009 | SCSA0101 | |
| ANALYZERS-JAVA-21-011 | TODO | SPRINT_131_scanner_surface | Java Analyzer Guild · DevOps Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Requires SCANNER-ANALYZERS-JAVA-21-010 + DevOps packaging | SCANNER-ANALYZERS-JAVA-21-010 | SCSA0301 | |
| ANALYZERS-LANG-11-001 | BLOCKED | 2025-11-17 | SPRINT_131_scanner_surface | StellaOps.Scanner EPDR Guild · Language Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Requires SCANNER-ANALYZERS-LANG-10-309 artifact; local dotnet tests hanging, needs clean runner/CI diagnostics | SCANNER-ANALYZERS-LANG-10-309 | SCSA0103 |
| AGENTS-SCANNER-00-001 | DONE | 2025-11-17 | SPRINT_0132_scanner_surface | Project Management Guild · Scanner Guild | src/Scanner | Create or update module-level AGENTS.md covering roles, required docs, allowed shared directories, determinism/testing rules | — | SCSS-GOV-0001 |
| ANALYZERS-LANG-11-002 | TODO | SPRINT_0132_0001_0001_scanner_surface | StellaOps.Scanner EPDR Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Depends on #1 for shared metadata | SCANNER-ANALYZERS-LANG-11-001 | SCSA0103 | |
| ANALYZERS-LANG-11-003 | TODO | SPRINT_0132_0001_0001_scanner_surface | StellaOps.Scanner EPDR Guild · Signals Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Needs #2 plus Signals schema for entry-trace | SCANNER-ANALYZERS-LANG-11-002 | SCSA0103 | |
| ANALYZERS-LANG-11-004 | TODO | SPRINT_0132_0001_0001_scanner_surface | StellaOps.Scanner EPDR Guild · SBOM Service Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Requires #3 and SBOM service hooks | SCANNER-ANALYZERS-LANG-11-003 | SCSA0103 | |
| ANALYZERS-LANG-11-005 | TODO | SPRINT_0132_0001_0001_scanner_surface | StellaOps.Scanner EPDR Guild · QA Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Depends on #4 for QA fixtures | SCANNER-ANALYZERS-LANG-11-004 | SCSA0103 | |
| ANALYZERS-NATIVE-20-001 | TODO | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Bootstrap native analyzer helpers | Bootstrap native analyzer helpers | SCSA0401 | |
| ANALYZERS-NATIVE-20-002 | TODO | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #1 | SCANNER-ANALYZERS-NATIVE-20-001 | SCSA0401 | |
| ANALYZERS-NATIVE-20-003 | TODO | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #2 | SCANNER-ANALYZERS-NATIVE-20-002 | SCSA0401 | |
| ANALYZERS-NATIVE-20-004 | TODO | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #3 | SCANNER-ANALYZERS-NATIVE-20-003 | SCSA0401 | |
| ANALYZERS-NATIVE-20-005 | TODO | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #4 | SCANNER-ANALYZERS-NATIVE-20-004 | SCSA0401 | |
| ANALYZERS-NATIVE-20-006 | TODO | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #5 | SCANNER-ANALYZERS-NATIVE-20-005 | SCSA0401 | |
| ANALYZERS-NATIVE-20-007 | TODO | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #6 | SCANNER-ANALYZERS-NATIVE-20-006 | SCSA0401 | |
| ANALYZERS-NATIVE-20-008 | TODO | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #7 | SCANNER-ANALYZERS-NATIVE-20-007 | SCSA0401 | |
| ANALYZERS-NATIVE-20-009 | TODO | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #8 | SCANNER-ANALYZERS-NATIVE-20-008 | SCSA0401 | |
| ANALYZERS-NATIVE-20-010 | TODO | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #9 | SCANNER-ANALYZERS-NATIVE-20-009 | SCSA0401 | |
| ANALYZERS-NODE-22-001 | TODO | SPRINT_0132_0001_0001_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Bootstrap Node analyzer helper | Bootstrap Node analyzer helper | SCSA0501 | |
| ANALYZERS-NODE-22-002 | TODO | SPRINT_0132_0001_0001_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #1 | SCANNER-ANALYZERS-NODE-22-001 | SCSA0501 | |
| ANALYZERS-NODE-22-003 | TODO | SPRINT_0132_0001_0001_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #2 | SCANNER-ANALYZERS-NODE-22-002 | SCSA0501 | |
| ANALYZERS-NODE-22-004 | TODO | SPRINT_0132_0001_0001_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #3 | SCANNER-ANALYZERS-NODE-22-003 | SCSA0501 | |
| ANALYZERS-NODE-22-005 | TODO | SPRINT_0132_0001_0001_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #4 | SCANNER-ANALYZERS-NODE-22-004 | SCSA0501 | |
| ANALYZERS-NODE-22-006 | TODO | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #5 | SCANNER-ANALYZERS-NODE-22-005 | SCSA0501 | |
| ANALYZERS-NODE-22-007 | TODO | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #6 | SCANNER-ANALYZERS-NODE-22-006 | SCSA0501 | |
| ANALYZERS-NODE-22-008 | TODO | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #7 | SCANNER-ANALYZERS-NODE-22-007 | SCSA0501 | |
| ANALYZERS-NODE-22-009 | TODO | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild · QA Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #8 | SCANNER-ANALYZERS-NODE-22-008 | SCSA0501 | |
| ANALYZERS-NODE-22-010 | TODO | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild · Signals Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #9 | SCANNER-ANALYZERS-NODE-22-009 | SCSA0501 | |
| ANALYZERS-NODE-22-011 | TODO | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild · DevOps Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on ANALYZERS-NODE-22-010 + DevOps packaging | SCANNER-ANALYZERS-NODE-22-010 | SCSA0502 | |
| ANALYZERS-NODE-22-012 | TODO | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Needs #1 regression fixtures | SCANNER-ANALYZERS-NODE-22-011 | SCSA0502 | |
| ANALYZERS-PHP-27-001 | TODO | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Analyzer helper bootstrap | Analyzer helper bootstrap | SCSA0601 | |
| ANALYZERS-PHP-27-002 | TODO | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | SCANNER-ANALYZERS-PHP-27-001 | SCANNER-ANALYZERS-PHP-27-001 | SCSA0101 | |
| ANALYZERS-PHP-27-003 | TODO | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | SCANNER-ANALYZERS-PHP-27-002 | SCANNER-ANALYZERS-PHP-27-002 | SCSA0101 | |
| ANALYZERS-PHP-27-004 | TODO | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Depends on SCANNER-ANALYZERS-PHP-27-003 | SCANNER-ANALYZERS-PHP-27-003 | SCSA0601 | |
| ANALYZERS-PHP-27-005 | TODO | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Depends on #2 | SCANNER-ANALYZERS-PHP-27-004 | SCSA0601 | |
| ANALYZERS-PHP-27-006 | TODO | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Depends on #3 | SCANNER-ANALYZERS-PHP-27-005 | SCSA0601 | |
| ANALYZERS-PHP-27-007 | TODO | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Depends on #4 | SCANNER-ANALYZERS-PHP-27-006 | SCSA0601 | |
| ANALYZERS-PHP-27-008 | TODO | SPRINT_0134_0001_0001_scanner_surface | PHP Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Depends on #1 + CLI feedback | SCANNER-ANALYZERS-PHP-27-002 | SCSA0601 | |
| ANALYZERS-PHP-27-009 | TODO | SPRINT_0134_0001_0001_scanner_surface | PHP Analyzer Guild · QA Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Depends on #5 | SCANNER-ANALYZERS-PHP-27-007 | SCSA0601 | |
| ANALYZERS-PHP-27-010 | TODO | SPRINT_0134_0001_0001_scanner_surface | PHP Analyzer Guild · Signals Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Depends on #7 | SCANNER-ANALYZERS-PHP-27-009 | SCSA0601 | |
| ANALYZERS-PHP-27-011 | TODO | SPRINT_0134_0001_0001_scanner_surface | PHP Analyzer Guild, DevOps Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | SCANNER-ANALYZERS-PHP-27-010 | SCSA0602 | ||
| ANALYZERS-PHP-27-012 | TODO | SPRINT_0134_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | SCANNER-ANALYZERS-PHP-27-011 | SCSA0602 | ||
| ANALYZERS-PYTHON-23-001 | TODO | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Analyzer helper bootstrap | Analyzer helper bootstrap | SCSA0701 | |
| ANALYZERS-PYTHON-23-002 | TODO | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Depends on #1 | SCANNER-ANALYZERS-PYTHON-23-001 | SCSA0701 | |
| ANALYZERS-PYTHON-23-003 | TODO | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Depends on #2 | SCANNER-ANALYZERS-PYTHON-23-002 | SCSA0701 | |
| ANALYZERS-PYTHON-23-004 | TODO | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Depends on #3 | SCANNER-ANALYZERS-PYTHON-23-003 | SCSA0701 | |
| ANALYZERS-PYTHON-23-005 | TODO | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Depends on #4 | SCANNER-ANALYZERS-PYTHON-23-004 | SCSA0701 | |
| ANALYZERS-PYTHON-23-006 | TODO | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Depends on #5 | SCANNER-ANALYZERS-PYTHON-23-005 | SCSA0701 | |
| ANALYZERS-PYTHON-23-007 | TODO | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | SCANNER-ANALYZERS-PYTHON-23-006 | SCANNER-ANALYZERS-PYTHON-23-006 | SCSA0101 | |
| ANALYZERS-PYTHON-23-008 | TODO | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | SCANNER-ANALYZERS-PYTHON-23-007 | SCANNER-ANALYZERS-PYTHON-23-007 | SCSA0101 | |
| ANALYZERS-PYTHON-23-009 | TODO | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild, QA Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | SCANNER-ANALYZERS-PYTHON-23-008 | SCANNER-ANALYZERS-PYTHON-23-008 | SCSA0101 | |
| ANALYZERS-PYTHON-23-010 | TODO | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild, Signals Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | SCANNER-ANALYZERS-PYTHON-23-009 | SCANNER-ANALYZERS-PYTHON-23-009 | SCSA0102 | |
| ANALYZERS-PYTHON-23-011 | TODO | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild, DevOps Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | SCANNER-ANALYZERS-PYTHON-23-010 | SCANNER-ANALYZERS-PYTHON-23-010 | SCSA0102 | |
| ANALYZERS-PYTHON-23-012 | TODO | SPRINT_0135_0001_0001_scanner_surface | Python Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Needs ANALYZERS-PYTHON-23-011 evidence | SCANNER-ANALYZERS-PYTHON-23-011 | SCSA0702 | |
| ANALYZERS-RUBY-28-001 | TODO | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Bootstrap helper | Bootstrap helper | SCSA0801 | |
| ANALYZERS-RUBY-28-002 | TODO | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #1 | SCANNER-ANALYZERS-RUBY-28-001 | SCSA0801 | |
| ANALYZERS-RUBY-28-003 | TODO | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #2 | SCANNER-ANALYZERS-RUBY-28-002 | SCSA0801 | |
| ANALYZERS-RUBY-28-004 | TODO | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #3 | SCANNER-ANALYZERS-RUBY-28-003 | SCSA0801 | |
| ANALYZERS-RUBY-28-005 | TODO | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #4 | SCANNER-ANALYZERS-RUBY-28-004 | SCSA0801 | |
| ANALYZERS-RUBY-28-006 | TODO | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #5 | SCANNER-ANALYZERS-RUBY-28-005 | SCSA0801 | |
| ANALYZERS-RUBY-28-007 | TODO | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #6 | SCANNER-ANALYZERS-RUBY-28-006 | SCSA0801 | |
| ANALYZERS-RUBY-28-008 | TODO | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #7 | SCANNER-ANALYZERS-RUBY-28-007 | SCSA0801 | |
| ANALYZERS-RUBY-28-009 | TODO | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild · QA Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #8 | SCANNER-ANALYZERS-RUBY-28-008 | SCSA0801 | |
| ANALYZERS-RUBY-28-010 | TODO | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild · Signals Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #9 | SCANNER-ANALYZERS-RUBY-28-009 | SCSA0801 | |
| ANALYZERS-RUBY-28-011 | TODO | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild · DevOps Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on ANALYZERS-RUBY-28-010 | SCANNER-ANALYZERS-RUBY-28-010 | SCSA0802 | |
| ANALYZERS-RUBY-28-012 | TODO | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Needs #1 fixtures | SCANNER-ANALYZERS-RUBY-28-011 | SCSA0802 | |
| AOC-19-001 | TODO | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild | src/Policy/__Libraries/StellaOps.Policy | Review Link-Not-Merge schema | Review Link-Not-Merge schema | PLAO0101 | |
| AOC-19-002 | TODO | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild | src/Policy/__Libraries/StellaOps.Policy | Depends on #1 | POLICY-AOC-19-001 | PLAO0101 | |
| AOC-19-003 | TODO | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild | src/Policy/__Libraries/StellaOps.Policy | Depends on #2 | POLICY-AOC-19-002 | PLAO0101 | |
| AOC-19-004 | TODO | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild | src/Policy/__Libraries/StellaOps.Policy | Depends on #3 | POLICY-AOC-19-003 | PLAO0101 | |
| AOC-19-101 | TODO | 2025-10-28 | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild | ops/devops | Needs helper definitions from PLAO0101 | Needs helper definitions from PLAO0101 | DVAO0101 |
| API-27-001 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Governance decision (APIG0101) | Governance decision (APIG0101) | PLAR0101 | |
| API-27-002 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #1 | REGISTRY-API-27-001 | PLAR0101 | |
| API-27-003 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #2 | REGISTRY-API-27-002 | PLAR0101 | |
| API-27-004 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #3 | REGISTRY-API-27-003 | PLAR0101 | |
| API-27-005 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #4 | REGISTRY-API-27-004 | PLAR0101 | |
| API-27-006 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #5 | REGISTRY-API-27-005 | PLAR0101 | |
| API-27-007 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #6 | REGISTRY-API-27-006 | PLAR0101 | |
| API-27-008 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #7 | REGISTRY-API-27-007 | PLAR0101 | |
| API-27-009 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #8 | REGISTRY-API-27-008 | PLAR0101 | |
| API-27-010 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #9 | REGISTRY-API-27-009 | PLAR0101 | |
| API-28-001 | TODO | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Cartographer schema sign-off | Cartographer schema sign-off | GRAP0101 | |
| API-28-002 | TODO | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #1 | Depends on #1 | GRAP0101 | |
| API-28-003 | TODO | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #2 | Depends on #2 | GRAP0101 | |
| API-28-004 | TODO | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #3 | Depends on #3 | GRAP0101 | |
| API-28-005 | TODO | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #4 | Depends on #4 | GRAP0101 | |
| API-28-006 | TODO | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on GRAP0101 base endpoints | Depends on GRAP0101 base endpoints | GRAP0102 | |
| API-28-007 | TODO | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #1 | Depends on #1 | GRAP0102 | |
| API-28-008 | TODO | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #2 | Depends on #2 | GRAP0102 | |
| API-28-009 | TODO | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #3 | Depends on #3 | GRAP0102 | |
| API-28-010 | TODO | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #4 | Depends on #4 | GRAP0102 | |
| API-28-011 | TODO | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #5 | Depends on #5 | GRAP0102 | |
| API-29-001 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Governance schema (APIG0101) | Governance schema (APIG0101) | VUAP0101 | |
| API-29-002 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #1 | VULN-API-29-001 | VUAP0101 |
| API-29-003 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #2 | VULN-API-29-002 | VUAP0101 |
| API-29-004 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #3 | VULN-API-29-003 | VUAP0101 | |
| API-29-005 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #4 | VULN-API-29-004 | VUAP0101 | |
| API-29-006 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #5 | VULN-API-29-005 | VUAP0101 | |
| API-29-007 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #6 | VULN-API-29-006 | VUAP0101 | |
| API-29-008 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #7 | VULN-API-29-007 | VUAP0101 | |
| API-29-009 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #8 | VULN-API-29-008 | VUAP0101 | |
| API-29-010 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #9 | VULN-API-29-009 | VUAP0101 | |
| API-29-011 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild · CLI Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Requires API-29-010 artifacts | VULN-API-29-010 | VUAP0102 | |
| APIGOV-61-001 | DONE | 2025-11-18 | SPRINT_0511_0001_0001_api | API Governance Guild | src/Api/StellaOps.Api.Governance | Configure spectral/linters with Stella rules; add CI job failing on violations. | 61-001 | APIG0101 |
| APIGOV-61-002 | TODO | SPRINT_0511_0001_0001_api | API Governance Guild | src/Api/StellaOps.Api.Governance | Implement example coverage checker ensuring every operation has at least one request/response example. Dependencies: APIGOV-61-001. | APIGOV-61-001 | APIG0101 | |
| APIGOV-62-001 | TODO | SPRINT_0511_0001_0001_api | API Governance Guild | src/Api/StellaOps.Api.Governance | Build compatibility diff tool producing additive/breaking reports comparing prior release. Dependencies: APIGOV-61-002. | APIGOV-61-002 | APIG0101 | |
| APIGOV-62-002 | TODO | SPRINT_0511_0001_0001_api | API Governance Guild · DevOps Guild | src/Api/StellaOps.Api.Governance | Automate changelog generation and publish signed artifacts to src/Sdk/StellaOps.Sdk.Release pipeline. Dependencies: APIGOV-62-001. |
APIGOV-62-001 | APIG0101 | |
| APIGOV-63-001 | TODO | SPRINT_0511_0001_0001_api | API Governance Guild · Notifications Guild | src/Api/StellaOps.Api.Governance | Integrate deprecation metadata into Notification Studio templates for API sunset events. Dependencies: APIGOV-62-002. | APIGOV-62-002 | APIG0101 | |
| ATTEST-01-003 | DONE (2025-11-23) | 2025-11-23 | SPRINT_110_ingestion_evidence | Excititor Guild · Evidence Locker Guild | src/Attestor/StellaOps.Attestor | Excititor attestation payloads shipped on frozen bundle v1. | EXCITITOR-AIAI-31-002; ELOCKER-CONTRACT-2001 | ATEL0102 |
| ATTEST-73-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_110_ingestion_evidence | Concelier Core · Evidence Locker Guild | src/Attestor/StellaOps.Attestor | Attestation claims builder verified; TRX archived. | CONCELIER-AIAI-31-002; ELOCKER-CONTRACT-2001 | ATEL0102 |
| ATTEST-73-002 | DONE (2025-11-25) | 2025-11-25 | SPRINT_110_ingestion_evidence | Concelier Core · Evidence Locker Guild | src/Attestor/StellaOps.Attestor | Internal verify endpoint validated; TRX archived. | CONCELIER-AIAI-31-002; ELOCKER-CONTRACT-2001 | ATEL0102 |
| ATTEST-73-003 | TODO | SPRINT_302_docs_tasks_md_ii | Docs Guild · Policy Guild | docs/modules/attestor | Wait for ATEL0102 evidence | Wait for ATEL0102 evidence | DOAT0102 | |
| ATTEST-73-004 | TODO | SPRINT_302_docs_tasks_md_ii | Docs Guild · Attestor Service Guild | docs/modules/attestor | Depends on #1 | Depends on #1 | DOAT0102 | |
| ATTEST-74-001 | DOING | SPRINT_0170_0001_0001_notifications_telemetry | Notifications Service Guild · Attestor Service Guild | src/Notify/StellaOps.Notify | Needs DSSE schema sign-off | Needs DSSE schema sign-off | NOTY0102 | |
| ATTEST-74-002 | DOING | SPRINT_0170_0001_0001_notifications_telemetry | Notifications Service Guild | src/Notify/StellaOps.Notify | Depends on #1 | Depends on #1 | NOTY0102 | |
| ATTEST-74-003 | TODO | SPRINT_302_docs_tasks_md_ii | Docs Guild · Attestor Console Guild | docs/modules/attestor | Depends on NOTY0102 | Depends on NOTY0102 | DOAT0102 | |
| ATTEST-74-004 | TODO | SPRINT_302_docs_tasks_md_ii | Docs Guild · CLI Attestor Guild | docs/modules/attestor | Depends on NOTY0102 | Depends on NOTY0102 | DOAT0102 | |
| ATTEST-75-001 | TODO | SPRINT_160_export_evidence | Docs Guild · Export Attestation Guild | docs/modules/attestor | Needs Export bundle schema (ECOB0101) | Needs Export bundle schema (ECOB0101) | DOAT0102 | |
| ATTEST-75-002 | TODO | SPRINT_160_export_evidence | Docs Guild · Security Guild | docs/modules/attestor | Depends on #5 | Depends on #5 | DOAT0102 | |
| ATTEST-REPLAY-187-003 | TODO | SPRINT_0187_0001_0001_evidence_locker_cli_integration | Attestor Guild (src/Attestor/StellaOps.Attestor) | src/Attestor/StellaOps.Attestor, docs/modules/attestor/architecture.md |
Wire Attestor/Rekor anchoring for replay manifests and capture verification APIs; extend docs/modules/attestor/architecture.md with a replay ledger flow referencing docs/replay/DETERMINISTIC_REPLAY.md Section 9. |
Align replay payload schema with RPRC0101 | ATRE0101 | |
| ATTESTOR-DOCS-0001 | DONE | 2025-11-05 | SPRINT_313_docs_modules_attestor | Docs Guild | docs/modules/attestor | Validate that docs/modules/attestor/README.md matches the latest release notes and attestation samples. |
DOAT0102 | |
| ATTESTOR-ENG-0001 | TODO | SPRINT_313_docs_modules_attestor | Module Team | docs/modules/attestor | Cross-check implementation plan milestones against /docs/implplan/SPRINT_*.md and update module readiness checkpoints. |
Depends on #1-6 | DOAT0102 | |
| ATTESTOR-OPS-0001 | TODO | SPRINT_313_docs_modules_attestor | Ops Guild | docs/modules/attestor | Review runbooks/observability assets after the next sprint demo and capture findings inline with sprint notes. | Depends on #1-6 | DOAT0102 | |
| AUTH-AIRGAP-57-001 | DONE (2025-11-08) | 2025-11-08 | SPRINT_100_identity_signing | Authority Core & Security Guild, DevOps Guild (src/Authority/StellaOps.Authority) | src/Authority/StellaOps.Authority | Enforce sealed-mode CI gating by refusing token issuance when declared sealed install lacks sealing confirmation. | AUTH-AIRGAP-56-001; DEVOPS-AIRGAP-57-002 | AUIN0101 |
| AUTH-CRYPTO-90-001 | DOING | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Authority Core & Security Guild | src/Authority/StellaOps.Authority | Migrate Authority signing/key-loading paths (provider registry + crypto hash) so regional bundles can select sovereign providers per docs/security/crypto-routing-audit-2025-11-07.md. | Finalize sovereign crypto keystore plan | AUIN0101 |
| AUTH-DPOP-11-001 | DONE (2025-11-08) | 2025-11-08 | SPRINT_100_identity_signing | Authority Core & Security Guild (src/Authority/StellaOps.Authority) | src/Authority/StellaOps.Authority | DPoP validation now runs for every /token grant, interactive tokens inherit cnf.jkt/sender claims, and docs/tests document the expanded coverage. |
AUTH-AOC-19-002 | AUIN0101 |
| AUTH-MTLS-11-002 | DONE (2025-11-08) | 2025-11-08 | SPRINT_100_identity_signing | Authority Core & Security Guild (src/Authority/StellaOps.Authority) | src/Authority/StellaOps.Authority | Refresh grants now enforce the original client certificate, tokens persist x5t#S256/hex metadata via shared helper, and docs/JWKS guidance call out the mTLS binding expectations. |
AUTH-DPOP-11-001 | AUIN0101 |
| AUTH-PACKS-43-001 | DONE (2025-11-09) | 2025-11-09 | SPRINT_100_identity_signing | Authority Core & Security Guild (src/Authority/StellaOps.Authority) | src/Authority/StellaOps.Authority | Enforce pack signing policies, approval RBAC checks, CLI CI token scopes, and audit logging for approvals. | AUTH-PACKS-41-001; TASKRUN-42-001; ORCH-SVC-42-101 | AUIN0101 |
| AUTH-REACH-401-005 | DONE (2025-11-27) | 2025-11-27 | SPRINT_0401_0001_0001_reachability_evidence_chain | Authority & Signer Guilds | src/Authority/StellaOps.Authority, src/Signer/StellaOps.Signer |
Predicate types exist (stella.ops/vexDecision@v1 etc.); IAuthorityDsseStatementSigner created with ICryptoProviderRegistry; Rekor via existing IRekorClient. | Coordinate with replay reachability owners | AUIN0101 |
| AUTH-VERIFY-186-007 | TODO | SPRINT_0186_0001_0001_record_deterministic_execution | Authority Guild · Provenance Guild | src/Authority/StellaOps.Authority, src/Provenance/StellaOps.Provenance.Attestation |
Expose an Authority-side verification helper/service that validates DSSE signatures and Rekor proofs for promotion attestations using trusted checkpoints, enabling offline audit flows. | Await PROB0101 provenance harness | AUIN0101 | |
| AUTHORITY-DOCS-0001 | TODO | SPRINT_314_docs_modules_authority | Docs Guild (docs/modules/authority) | docs/modules/authority | See ./AGENTS.md | Wait for AUIN0101 sign-off | DOAU0101 | |
| AUTHORITY-ENG-0001 | TODO | SPRINT_314_docs_modules_authority | Module Team (docs/modules/authority) | docs/modules/authority | Update status via ./AGENTS.md workflow | Depends on #1 | DOAU0101 | |
| AUTHORITY-OPS-0001 | TODO | SPRINT_314_docs_modules_authority | Ops Guild (docs/modules/authority) | docs/modules/authority | Sync outcomes back to ../.. | Depends on #1 | DOAU0101 | |
| AUTO-401-019 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Benchmarks Guild | docs/benchmarks/vex-evidence-playbook.md, scripts/bench/** |
Align with PROB0101 schema | Align with PROB0101 schema | RBBN0101 | |
| BACKFILL-401-029 | DOING | SPRINT_0401_0001_0001_reachability_evidence_chain | Platform Guild | docs/provenance/inline-dsse.md, scripts/publish_attestation_with_provenance.sh |
Align output schema with PROB0101 | Align output schema with PROB0101 | RBRE0101 | |
| BENCH-AUTO-401-019 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Benchmarks Guild | docs/benchmarks/vex-evidence-playbook.md, scripts/bench/** |
Create automation to populate bench/findings/**, run baseline scanners (Trivy/Syft/Grype/Snyk/Xray), compute FP/MTTD/repro metrics, and update results/summary.csv. |
Depends on #1 | RBBN0101 | |
| BENCH-GRAPH-21-001 | BLOCKED | 2025-10-27 | SPRINT_512_bench | Bench Guild · Graph Platform Guild | src/Bench/StellaOps.Bench | Build graph viewport/path benchmark harness (50k/100k nodes) measuring Graph API/Indexer latency, memory, and tile cache hit rates. (Executed within Sprint 28 Graph program). | Wait for CAGR0101 outputs | RBBN0102 |
| BENCH-GRAPH-21-002 | BLOCKED | 2025-10-27 | SPRINT_512_bench | Bench Guild · UI Guild | src/Bench/StellaOps.Bench | Add headless UI load benchmark (Playwright) for graph canvas interactions to track render times and FPS budgets. (Executed within Sprint 28 Graph program).. Dependencies: BENCH-GRAPH-21-001. | Depends on #1 | RBBN0102 |
| BENCH-GRAPH-24-002 | TODO | SPRINT_512_bench | Bench Guild · UI Guild | src/Bench/StellaOps.Bench | Implement UI interaction benchmarks (filter/zoom/table operations) citing p95 latency; integrate with perf dashboards. Dependencies: BENCH-GRAPH-21-002. | Align with ORTR0101 job metadata | RBBN0102 | |
| BENCH-IMPACT-16-001 | TODO | SPRINT_512_bench | Bench Guild · Scheduler Team | src/Bench/StellaOps.Bench | ImpactIndex throughput bench (resolve 10k productKeys) + RAM profile. | Needs Scheduler signals from ORTR0102 | RBBN0102 | |
| BENCH-POLICY-20-002 | TODO | SPRINT_512_bench | Bench Guild · Policy Guild | src/Bench/StellaOps.Bench | Add incremental run benchmark measuring delta evaluation vs full; capture SLA compliance. | Wait for PLLG0104 ledger events | RBBN0102 | |
| BENCH-SIG-26-001 | TODO | SPRINT_512_bench | Bench Guild · Signals Guild | src/Bench/StellaOps.Bench | Develop benchmark for reachability scoring pipeline (facts/sec, latency, memory) using synthetic callgraphs/runtime batches. | Needs SGSI0101 runtime feed | RBBN0102 | |
| BENCH-SIG-26-002 | TODO | SPRINT_512_bench | Bench Guild · Policy Guild | src/Bench/StellaOps.Bench | Measure policy evaluation overhead with reachability cache hot/cold; ensure ≤8 ms p95 added latency. Dependencies: BENCH-SIG-26-001. | Depends on #6 | RBBN0102 | |
| BUNDLE-401-014 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Symbols Guild | src/Symbols/StellaOps.Symbols.Bundle |
Needs RBRE0101 provenance payload | Needs RBRE0101 provenance payload | RBSY0101 | |
| BUNDLE-69-001 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | Risk Bundle Export Guild · Risk Engine Guild | src/ExportCenter/StellaOps.ExportCenter.RiskBundles | Align with ATEL0102 DSSE outputs | Align with ATEL0102 DSSE outputs | RBRB0101 | |
| BUNDLE-69-002 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | Risk Bundle Export Guild · DevOps Guild | src/ExportCenter/StellaOps.ExportCenter.RiskBundles | Depends on #1 | Depends on #1 | RBRB0101 | |
| BUNDLE-70-001 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | Risk Bundle Export Guild · CLI Guild | src/ExportCenter/StellaOps.ExportCenter.RiskBundles | Needs CLI export contract from CLCI0104 | Needs CLI export contract from CLCI0104 | RBRB0101 | |
| BUNDLE-70-002 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | Risk Bundle Export Guild · Docs Guild | src/ExportCenter/StellaOps.ExportCenter.RiskBundles | Depends on #3 | Depends on #3 | RBRB0101 | |
| CAS-401-001 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Scanner Worker Guild | src/Scanner/StellaOps.Scanner.Worker |
Wait for RBRE0101 DSSE hashes | Wait for RBRE0101 DSSE hashes | CASC0101 | |
| CCCS-02-009 | TODO | SPRINT_117_concelier_vi | Concelier Connector Guild – CCCS | src/Concelier/__Libraries/StellaOps.Concelier.Connector.Cccs | Implement restart-safe watermark + schema tests. | Confirm CCCS ingest watermark | CCFD0101 | |
| CENTER-ENG-0001 | TODO | SPRINT_320_docs_modules_export_center | Module Team · Export Center Guild | docs/modules/export-center | Wait for RBRB0101 bundle sample | Wait for RBRB0101 bundle sample | DOEC0101 | |
| CENTER-OPS-0001 | TODO | SPRINT_320_docs_modules_export_center | Ops Guild · Export Center Guild | docs/modules/export-center | Depends on #1 | Depends on #1 | DOEC0101 | |
| CERTBUND-02-010 | TODO | SPRINT_117_concelier_vi | Concelier Connector Guild – CertBund | src/Concelier/__Libraries/StellaOps.Concelier.Connector.CertBund | Update parser + CAS hashing. | Align with German CERT schema changes | CCFD0101 | |
| CISCO-02-009 | DOING | 2025-11-08 | SPRINT_117_concelier_vi | Concelier Connector Guild – Cisco | src/Concelier/__Libraries/StellaOps.Concelier.Connector.Vndr.Cisco | Harden retry + provenance logging. | Needs vendor API tokens rotated | CCFD0101 |
| CLI-0001 | DONE | 2025-11-10 | SPRINT_0138_0001_0001_scanner_ruby_parity | CLI Guild, Ruby Analyzer Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | SCANNER-ENG-0019 | SCANNER-ENG-0019 | CLCI0101 |
| CLI-401-007 | BLOCKED | 2025-11-25 | SPRINT_0401_0001_0001_reachability_evidence_chain | UI & CLI Guilds (src/Cli/StellaOps.Cli, src/UI/StellaOps.UI) |
src/Cli/StellaOps.Cli, src/UI/StellaOps.UI |
Awaiting reachability evidence chain contract (policies/schemas) and UI spec | — | CLCI0101 |
| CLI-401-021 | BLOCKED | 2025-11-25 | SPRINT_0401_0001_0001_reachability_evidence_chain | CLI Guild · DevOps Guild (src/Cli/StellaOps.Cli, scripts/ci/attest-*, docs/modules/attestor/architecture.md) |
src/Cli/StellaOps.Cli, scripts/ci/attest-*, docs/modules/attestor/architecture.md |
Awaiting reachability chain CI/attestor contract and fixtures | — | CLCI0101 |
| CLI-41-001 | BLOCKED | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, DevEx/CLI Guild (docs) | Superseded by DOCS-CLI-41-001 scope; no separate definition provided. | Pending clarified scope | CLCI0101 | |
| CLI-42-001 | BLOCKED | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild (docs) | Superseded by DOCS-CLI-42-001; scope not defined separately. | Pending clarified scope | CLCI0101 | |
| CLI-43-002 | TODO | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild, Task Runner Guild (ops/devops) | ops/devops | — | — | CLCI0101 | |
| CLI-43-003 | TODO | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild, DevEx/CLI Guild (ops/devops) | ops/devops | — | — | CLCI0101 | |
| CLI-AIAI-31-001 | DONE | 2025-11-24 | SPRINT_0201_0001_0001_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement stella advise summarize command with JSON/Markdown outputs and citation display. |
— | CLCI0101 |
| CLI-AIAI-31-002 | DONE | 2025-11-24 | SPRINT_0201_0001_0001_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement stella advise explain showing conflict narrative and structured rationale. Dependencies: CLI-AIAI-31-001. |
— | CLCI0101 |
| CLI-AIRGAP-56-001 | BLOCKED | 2025-11-22 | SPRINT_0201_0001_0001_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement stella mirror create for air-gap bootstrap. Blocked: mirror bundle contract/spec (schema/signing/digests) not available to CLI. |
— | CLCI0102 |
| CLI-AIAI-31-003 | DONE | 2025-11-24 | SPRINT_0201_0001_0001_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement stella advise remediate generating remediation plans with --strategy filters and file output. Dependencies: CLI-AIAI-31-002. |
— | CLCI0101 |
| CLI-AIAI-31-004 | DONE | 2025-11-24 | SPRINT_0201_0001_0001_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement stella advise batch for summaries/conflicts/remediation with progress + multi-status responses. Dependencies: CLI-AIAI-31-003. |
— | CLCI0102 |
| CLI-AIRGAP-56-001 | TODO | SPRINT_0503_0001_0001_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | PROGRAM-STAFF-1001 | PROGRAM-STAFF-1001 | ATMI0102 | ||
| CLI-AIRGAP-56-002 | BLOCKED | 2025-11-25 | SPRINT_0201_0001_0001_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Ensure telemetry propagation under sealed mode (no remote exporters) while preserving correlation IDs; add label AirGapped-Phase-1. Dependencies: CLI-AIRGAP-56-001. |
Blocked: CLI-AIRGAP-56-001 waiting for mirror bundle contract/spec | CLCI0102 |
| CLI-AIRGAP-57-001 | BLOCKED | 2025-11-25 | SPRINT_0201_0001_0001_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Add stella airgap import with diff preview, bundle scope selection (--tenant, --global), audit logging, and progress reporting. Dependencies: CLI-AIRGAP-56-002. |
Blocked: upstream CLI-AIRGAP-56-002 | CLCI0102 |
| CLI-AIRGAP-57-002 | BLOCKED | 2025-11-25 | SPRINT_0201_0001_0001_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Provide stella airgap seal helper. Dependencies: CLI-AIRGAP-57-001. |
Blocked: upstream CLI-AIRGAP-57-001 | CLCI0102 |
| CLI-AIRGAP-58-001 | BLOCKED | 2025-11-25 | SPRINT_0201_0001_0001_cli_i | DevEx/CLI Guild, Evidence Locker Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement stella airgap export evidence helper for portable evidence packages, including checksum manifest and verification. Dependencies: CLI-AIRGAP-57-002. |
Blocked: upstream CLI-AIRGAP-57-002 | CLCI0102 |
| CLI-ATTEST-73-001 | BLOCKED | 2025-11-22 | SPRINT_0201_0001_0001_cli_i | CLI Attestor Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement stella attest sign (payload selection, subject digest, key reference, output format) using official SDK transport. Blocked: Scanner analyzer compile failures break CLI build; attestor SDK transport contract not provided. |
— | CLCI0102 |
| CLI-ATTEST-73-002 | BLOCKED | 2025-11-25 | SPRINT_0201_0001_0001_cli_i | CLI Attestor Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement stella attest verify with policy selection, explainability output, and JSON/table formatting. Dependencies: CLI-ATTEST-73-001. |
Blocked: upstream CLI-ATTEST-73-001 | CLCI0102 |
| CLI-ATTEST-74-001 | BLOCKED | 2025-11-25 | SPRINT_0201_0001_0001_cli_i | CLI Attestor Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement stella attest list with filters (subject, type, issuer, scope) and pagination. Dependencies: CLI-ATTEST-73-002. |
Blocked: upstream CLI-ATTEST-73-002 | CLCI0102 |
| CLI-ATTEST-74-002 | BLOCKED | 2025-11-25 | SPRINT_0201_0001_0001_cli_i | CLI Attestor Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement stella attest fetch to download envelopes and payloads to disk. Dependencies: CLI-ATTEST-74-001. |
Blocked: upstream CLI-ATTEST-74-001 | CLCI0102 |
| CLI-ATTEST-75-001 | TODO | SPRINT_0201_0001_0001_cli_i | CLI Attestor Guild, KMS Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella attest key create. Dependencies: CLI-ATTEST-74-002. | — | CLCI0102 | |
| CLI-ATTEST-75-002 | TODO | SPRINT_0201_0001_0001_cli_i | CLI Attestor Guild | src/Cli/StellaOps.Cli | Add support for building/verifying attestation bundles in CLI. Dependencies: CLI-ATTEST-75-001. | Wait for ATEL0102 outputs | CLCI0109 | |
| CLI-CORE-41-001 | TODO | SPRINT_0202_0001_0002_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement CLI core features: config precedence, profiles/contexts, auth flows, output renderer (json/yaml/table), error mapping, global flags, telemetry opt-in. | — | CLCI0103 | |
| CLI-DET-01 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · DevEx/CLI Guild | CLI-SBOM-60-001; CLI-SBOM-60-002 | CLI-SBOM-60-001; CLI-SBOM-60-002 | CLCI0103 | |
| CLI-DETER-70-003 | DONE | 2025-11-28 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild, Scanner Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Provide stella detscore run that executes the determinism harness locally (fixed clock, seeded RNG, canonical hashes) and writes determinism.json, supporting CI/non-zero threshold exit codes (docs/modules/scanner/determinism-score.md). |
— | CLCI0103 |
| CLI-DETER-70-004 | TODO | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Add stella detscore report to summarise published determinism.json files (overall score, per-image matrix) and integrate with release notes/air-gap kits (docs/modules/scanner/determinism-score.md). Dependencies: CLI-DETER-70-003. |
— | CLCI0103 | |
| CLI-DOCS-0001 | TODO | SPRINT_316_docs_modules_cli | Docs Guild (docs/modules/cli) | docs/modules/cli | See ./AGENTS.md | — | CLCI0103 | |
| CLI-EDITOR-401-004 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | CLI Guild (src/Cli/StellaOps.Cli, docs/policy/lifecycle.md) |
src/Cli/StellaOps.Cli, docs/policy/lifecycle.md |
Enhance stella policy CLI verbs (edit/lint/simulate) to edit Git-backed .dsl files, run local coverage tests, and commit SemVer metadata. |
— | CLCI0103 | |
| CLI-ENG-0001 | TODO | SPRINT_316_docs_modules_cli | Module Team (docs/modules/cli) | docs/modules/cli | Update status via ./AGENTS.md workflow | — | CLCI0103 | |
| CLI-EXC-25-001 | DONE | 2025-11-28 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella exceptions list | — | CLCI0103 |
| CLI-EXC-25-002 | DONE | 2025-11-28 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Extend stella policy simulate with --with-exception/--without-exception flags to preview exception impact. Dependencies: CLI-EXC-25-001. |
— | CLCI0103 |
| CLI-EXPORT-35-001 | BLOCKED | 2025-10-29 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella export profiles | CLCI0103 | CLCI0104 |
| CLI-EXPORT-36-001 | BLOCKED | 2025-11-30 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Add distribution commands (stella export distribute, run download --resume enhancements) and improved status polling with progress bars. Dependencies: CLI-EXPORT-35-001. |
— | CLCI0104 |
| CLI-EXPORT-37-001 | BLOCKED | 2025-11-30 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Provide scheduling (stella export schedule), retention, and export verify commands performing signature/hash validation. Dependencies: CLI-EXPORT-36-001. |
— | CLCI0104 |
| CLI-FORENSICS-53-001 | DONE | 2025-11-28 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild, Evidence Locker Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement stella forensic snapshot create --case and snapshot list/show commands invoking evidence locker APIs, surfacing manifest digests, and storing local cache metadata. |
— | CLCI0104 |
| CLI-FORENSICS-54-001 | DONE | 2025-11-28 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild, Provenance Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Provide stella forensic verify <bundle> command validating checksums, DSSE signatures, and timeline chain-of-custody. Support JSON/pretty output and exit codes for CI. Dependencies: CLI-FORENSICS-53-001. |
— | CLCI0104 |
| CLI-FORENSICS-54-002 | DONE | 2025-11-28 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild, Provenance Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement stella forensic attest show <artifact> listing attestation details (signer, timestamp, subjects) and verifying signatures. Dependencies: CLI-FORENSICS-54-001. |
— | CLCI0104 |
| CLI-LNM-22-001 | DONE | 2025-11-28 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement stella advisory obs get/linkset show/export commands with JSON/OSV output, pagination, and conflict display; ensure ERR_AGG_* mapping. |
— | CLCI0103 |
| CLI-LNM-22-002 | DONE | 2025-11-28 | SPRINT_0202_0001_0001_cli_ii | CLI Guild · Concelier Guild | src/Cli/StellaOps.Cli | Implement stella vex obs get/linkset show commands with product filters, status filters, and JSON output for CI usage. Dependencies: CLI-LNM-22-001. |
Needs CCLN0102 API contract | CLCI0109 |
| CLI-NOTIFY-38-001 | BLOCKED | 2025-10-29 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella notify rules | CLCI0103 | CLCI0104 |
| CLI-NOTIFY-39-001 | BLOCKED | 2025-10-29 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Add simulation (stella notify simulate) and digest commands with diff output and schedule triggering, including dry-run mode. Dependencies: CLI-NOTIFY-38-001. |
CLCI0103 | CLCI0104 |
| CLI-NOTIFY-40-001 | BLOCKED | 2025-11-30 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Provide ack token redemption workflow, escalation management, localization previews, and channel health checks. Dependencies: CLI-NOTIFY-39-001. | — | CLCI0104 |
| CLI-OBS-50-001 | DONE | 2025-11-28 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Ensure CLI HTTP client propagates traceparent headers for all commands, prints correlation IDs on failure, and records trace IDs in verbose logs (scrubbed). |
— | CLCI0104 |
| CLI-OBS-51-001 | TODO | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement stella obs top command streaming service health metrics, SLO status, and burn-rate alerts with TUI view and JSON output. Dependencies: CLI-OBS-50-001. |
— | CLCI0105 | |
| CLI-OBS-52-001 | TODO | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add stella obs trace <trace_id> and stella obs logs --from/--to commands that correlate timeline events, logs, and evidence links with pagination + guardrails. Dependencies: CLI-OBS-51-001. |
— | CLCI0105 | |
| CLI-OBS-55-001 | TODO | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild · DevOps Guild | src/Cli/StellaOps.Cli | Add `stella obs incident-mode enable. Dependencies: CLI-OBS-52-001. | — | CLCI0105 | |
| CLI-OPS-0001 | TODO | SPRINT_316_docs_modules_cli | Ops Guild (docs/modules/cli) | docs/modules/cli | Sync outcomes back to ../.. | — | CLCI0105 | |
| CLI-ORCH-32-001 | TODO | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella orch sources | ORGR0101 hand-off | CLCI0105 | |
| CLI-ORCH-33-001 | TODO | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add action verbs (`sources test. Dependencies: CLI-ORCH-32-001. | ORGR0101 hand-off | CLCI0105 | |
| CLI-ORCH-34-001 | TODO | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Provide backfill wizard (--from/--to --dry-run), quota management (`quotas get. Dependencies: CLI-ORCH-33-001. |
ORGR0102 API review | CLCI0105 | |
| CLI-PACKS-42-001 | TODO | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement Task Pack commands (pack plan/run/push/pull/verify) with schema validation, expression sandbox, plan/simulate engine, remote execution. |
— | CLCI0105 | |
| CLI-PACKS-43-001 | TODO | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Deliver advanced pack features (approvals pause/resume, secret injection, localization, man pages, offline cache). Dependencies: CLI-PACKS-42-001. | Offline kit schema sign-off | CLCI0105 | |
| CLI-PACKS-43-002 | TODO | SPRINT_0508_0001_0001_ops_offline_kit | Offline Kit Guild · Packs Registry Guild | ops/offline-kit | Bundle Task Pack samples, registry mirror seeds, Task Runner configs, and CLI binaries with checksums into Offline Kit. | CLI-PACKS-43-001 | CLCI0105 | |
| CLI-PARITY-41-001 | TODO | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Deliver parity command groups (policy, sbom, vuln, vex, advisory, export, orchestrator) with --explain, deterministic outputs, and parity matrix entries. |
— | CLCI0106 | |
| CLI-PARITY-41-002 | TODO | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement notify, aoc, auth command groups, idempotency keys, shell completions, config docs, and parity matrix export tooling. Dependencies: CLI-PARITY-41-001. |
— | CLCI0106 | |
| CLI-POLICY-20-001 | TODO | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add `stella policy new | PLPE0101 completion | CLCI0106 | |
| CLI-POLICY-23-004 | TODO | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add stella policy lint command validating SPL files with compiler diagnostics; support JSON output. Dependencies: CLI-POLICY-20-001. |
PLPE0102 readiness | CLCI0106 | |
| CLI-POLICY-23-006 | TODO | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Provide stella policy history and stella policy explain commands to pull run history and explanation trees. Dependencies: CLI-POLICY-23-005. |
— | CLCI0106 | |
| CLI-POLICY-27-001 | TODO | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement policy workspace commands (stella policy init, edit, lint, compile, test) with template selection, local cache, JSON output, and deterministic temp directories. Dependencies: CLI-POLICY-23-006. |
Ledger API exposure | CLCI0106 | |
| CLI-POLICY-27-002 | TODO | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add submission/review workflow commands (stella policy version bump, submit, review comment, approve, reject) supporting reviewer assignment, changelog capture, and exit codes. Dependencies: CLI-POLICY-27-001. |
CLI-POLICY-27-001 | CLCI0106 | |
| CLI-POLICY-27-003 | TODO | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement stella policy simulate enhancements (quick vs batch, SBOM selectors, heatmap summary, manifest download) with --json and Markdown report output for CI. Dependencies: CLI-POLICY-27-002. |
CLI-POLICY-27-002 | CLCI0106 | |
| CLI-POLICY-27-004 | TODO | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add lifecycle commands for publish/promote/rollback/sign (stella policy publish --sign, promote --env, rollback) with attestation verification and canary arguments. Dependencies: CLI-POLICY-27-003. |
CLI-POLICY-27-003 | CLCI0106 | |
| CLI-POLICY-27-005 | TODO | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild · Docs Guild | src/Cli/StellaOps.Cli | Update CLI reference and samples for Policy Studio including JSON schemas, exit codes, and CI snippets. Dependencies: CLI-POLICY-27-004. | CLI-POLICY-27-004 | CLCI0106 | |
| CLI-POLICY-27-006 | TODO | SPRINT_0204_0001_0004_cli_iv | CLI Guild · Policy Guild | src/Cli/StellaOps.Cli | Update CLI policy profiles/help text to request the new Policy Studio scope family, surface ProblemDetails guidance for invalid_scope, and adjust regression tests for scope failures. Dependencies: CLI-POLICY-27-005. |
Depends on #2 | CLCI0109 | |
| CLI-PROMO-70-001 | TODO | SPRINT_0202_0001_0002_cli_ii | DevEx/CLI Guild · Provenance Guild | src/Cli/StellaOps.Cli | Add stella promotion assemble command that resolves image digests, hashes SBOM/VEX artifacts, fetches Rekor proofs from Attestor, and emits the stella.ops/promotion@v1 JSON payload (see docs/release/promotion-attestations.md). |
Mirror attestation inputs | CLCI0108 | |
| CLI-PROMO-70-002 | TODO | SPRINT_0203_0001_0003_cli_iii | CLI Guild · Marketing Guild | src/Cli/StellaOps.Cli | Implement stella promotion attest / promotion verify commands that sign the promotion payload via Signer, retrieve DSSE bundles from Attestor, and perform offline verification against trusted checkpoints (docs/release/promotion-attestations.md). Dependencies: CLI-PROMO-70-001. |
Needs revised DSSE plan | CLCI0109 | |
| CLI-REPLAY-187-002 | TODO | SPRINT_160_export_evidence | CLI Guild · Replay Guild | src/Cli/StellaOps.Cli |
CLI Guild · docs/modules/cli/architecture.md |
Requires RBRE0101 recorder schema | CLCI0109 | |
| CLI-RISK-66-001 | TODO | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild · Policy Guild | src/Cli/StellaOps.Cli | Implement `stella risk profile list | Ledger scores ready | CLCI0108 | |
| CLI-RISK-66-002 | TODO | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild · Risk Engine Guild | src/Cli/StellaOps.Cli | Ship stella risk simulate supporting SBOM/asset inputs, diff mode, and export to JSON/CSV. Dependencies: CLI-RISK-66-001. |
CLI-RISK-66-001 | CLCI0108 | |
| CLI-RISK-67-001 | TODO | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild · Findings Ledger Guild | src/Cli/StellaOps.Cli | Provide stella risk results with filtering, severity thresholds, explainability fetch. Dependencies: CLI-RISK-66-002. |
CLI-RISK-66-002 | CLCI0108 | |
| CLI-RISK-68-001 | TODO | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild · Export Guild | src/Cli/StellaOps.Cli | Add stella risk bundle verify and integrate with offline risk bundles. Dependencies: CLI-RISK-67-001. |
CLI-RISK-67-001 | CLCI0108 | |
| CLI-SBOM-60-001 | TODO | SPRINT_0203_0001_0003_cli_iii | CLI Guild · Scanner Guild | src/Cli/StellaOps.Cli | Ship stella sbomer layer/compose verbs that capture per-layer fragments, run canonicalization, verify fragment DSSE, and emit _composition.json + Merkle diagnostics (ref docs/modules/scanner/deterministic-sbom-compose.md). Dependencies: CLI-PARITY-41-001, SCANNER-SURFACE-04. |
Wait for CASC0101 manifest | CLSB0101 | |
| CLI-SBOM-60-002 | TODO | SPRINT_0203_0001_0003_cli_iii | CLI Guild | src/Cli/StellaOps.Cli | Add stella sbomer drift --explain + verify commands that rerun composition locally, highlight which arrays/keys broke determinism, and integrate with Offline Kit bundles. Dependencies: CLI-SBOM-60-001. |
Depends on #1 | CLSB0101 | |
| CLI-SDK-62-001 | TODO | SPRINT_0204_0001_0004_cli_iv | CLI Guild · SDK Guild | src/Cli/StellaOps.Cli | Replace bespoke HTTP clients with official SDK (TS/Go) for all CLI commands; ensure modular transport for air-gapped mode. | Align with SDK generator sprint | CLSB0101 | |
| CLI-SDK-62-002 | TODO | SPRINT_0204_0001_0004_cli_iv | CLI Guild | src/Cli/StellaOps.Cli | Update CLI error handling to surface standardized API error envelope with error.code and trace_id. Dependencies: CLI-SDK-62-001. |
Depends on #3 | CLSB0101 | |
| CLI-SDK-63-001 | TODO | SPRINT_0204_0001_0004_cli_iv | CLI Guild | src/Cli/StellaOps.Cli | Expose stella api spec download command retrieving aggregate OAS and verifying checksum/ETag. Dependencies: CLI-SDK-62-002. |
Needs CAS graph (CASC0101) | CLSB0101 | |
| CLI-SDK-64-001 | TODO | SPRINT_0204_0001_0004_cli_iv | CLI Guild | src/Cli/StellaOps.Cli | Add CLI subcommand stella sdk update to fetch latest SDK manifests/changelogs; integrate with Notifications for deprecations. Dependencies: CLI-SDK-63-001. |
Depends on #5 | CLSB0101 | |
| CLI-SIG-26-001 | TODO | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement stella reachability upload-callgraph and stella reachability list/explain commands with streaming upload, pagination, and exit codes. |
ATEL0101 signing plan | CLCI0108 | |
| CLI-SIG-26-002 | TODO | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Extend stella policy simulate with reachability override flags (--reachability-state, --reachability-score). Dependencies: CLI-SIG-26-001. |
CLI-SIG-26-001 | CLCI0108 | |
| CLI-TEN-47-001 | TODO | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement stella login, whoami, tenants list, persistent profiles, secure token storage, and --tenant override with validation. |
— | CLCI0108 | |
| CLI-TEN-49-001 | TODO | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add service account token minting, delegation (stella token delegate), impersonation banner, and audit-friendly logging. Dependencies: CLI-TEN-47-001. |
CLI-TEN-47-001 | CLCI0108 | |
| CLI-VEX-30-001 | TODO | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement stella vex consensus list with filters, paging, policy selection, --json/--csv. |
PLVL0102 completion | CLCI0107 | |
| CLI-VEX-30-002 | TODO | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement stella vex consensus show displaying quorum, evidence, rationale, signature status. Dependencies: CLI-VEX-30-001. |
CLI-VEX-30-001 | CLCI0107 | |
| CLI-VEX-30-003 | TODO | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement stella vex simulate for trust/threshold overrides with JSON diff output. Dependencies: CLI-VEX-30-002. |
CLI-VEX-30-002 | CLCI0107 | |
| CLI-VEX-30-004 | TODO | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement stella vex export for consensus NDJSON bundles with signature verification helper. Dependencies: CLI-VEX-30-003. |
CLI-VEX-30-003 | CLCI0107 | |
| CLI-VEX-401-011 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | CLI Guild | src/Cli/StellaOps.Cli, docs/modules/cli/architecture.md, docs/benchmarks/vex-evidence-playbook.md |
Add `stella decision export | Reachability API exposure | CLCI0107 | |
| CLI-VULN-29-001 | TODO | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement stella vuln list with grouping, paging, filters, --json/--csv, and policy selection. |
— | CLCI0107 | |
| CLI-VULN-29-002 | TODO | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement stella vuln show displaying evidence, policy rationale, paths, ledger summary; support --json for automation. Dependencies: CLI-VULN-29-001. |
CLI-VULN-29-001 | CLCI0107 | |
| CLI-VULN-29-003 | TODO | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add workflow commands (assign, comment, accept-risk, verify-fix, target-fix, reopen) with filter selection (--filter) and idempotent retries. Dependencies: CLI-VULN-29-002. |
CLI-VULN-29-002 | CLCI0107 | |
| CLI-VULN-29-004 | TODO | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement stella vuln simulate producing delta summaries and optional Markdown report for CI. Dependencies: CLI-VULN-29-003. |
CLI-VULN-29-003 | CLCI0107 | |
| CLI-VULN-29-005 | TODO | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add stella vuln export and stella vuln bundle verify commands to trigger/download evidence bundles and verify signatures. Dependencies: CLI-VULN-29-004. |
CLI-VULN-29-004 | CLCI0107 | |
| CLI-VULN-29-006 | TODO | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild · Docs Guild | src/Cli/StellaOps.Cli | Update CLI docs/examples for Vulnerability Explorer with compliance checklist and CI snippets. Dependencies: CLI-VULN-29-005. | CLI-VULN-29-005 | CLCI0108 | |
| CLIENT-401-012 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Symbols Guild | src/Symbols/StellaOps.Symbols.Client, src/Scanner/StellaOps.Scanner.Symbolizer |
Align with symbolizer regression fixtures | Align with symbolizer regression fixtures | RBSY0101 | |
| COMPOSE-44-001 | DOING (dev-mock 2025-12-06) | 2025-12-06 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · DevEx Guild | ops/deployment | Author docker-compose.yml, .env.example, and quickstart.sh with all core services + dependencies (postgres, redis, object-store, queue, otel). |
Waiting on consolidated service list/version pins from upstream module releases | DVCP0101 |
| COMPOSE-44-002 | TODO | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild | ops/deployment | Implement backup.sh and reset.sh scripts with safety prompts and documentation. Dependencies: COMPOSE-44-001. |
Depends on #1 | DVCP0101 | |
| COMPOSE-44-003 | DOING (dev-mock 2025-12-06) | 2025-12-06 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild | ops/deployment | Package seed data container and onboarding wizard toggle (QUICKSTART_MODE), ensuring default creds randomized on first run. Dependencies: COMPOSE-44-002. |
Needs RBRE0101 provenance | DVCP0101 |
| CONCELIER-AIAI-31-002 | DONE | 2025-11-18 | SPRINT_110_ingestion_evidence | Concelier Core · Concelier WebService Guilds | Structured field/caching implementation gated on schema approval. | CONCELIER-GRAPH-21-001; CARTO-GRAPH-21-002 | DOAI0101 | |
| CONCELIER-AIAI-31-003 | DONE | 2025-11-12 | SPRINT_110_ingestion_evidence | Docs Guild · Concelier Observability Guild | docs/modules/concelier/observability.md | Telemetry counters/histograms live for Advisory AI dashboards. | Summarize telemetry evidence | DOCO0101 |
| CONCELIER-AIRGAP-56-001 | DONE (2025-11-24) | SPRINT_112_concelier_i | Concelier Core Guild | src/Concelier/StellaOps.Concelier.WebService/AirGap | Deterministic air-gap bundle builder with manifest + entry-trace hashes. | docs/runbooks/concelier-airgap-bundle-deploy.md | AGCN0101 | |
| CONCELIER-AIRGAP-56-001..58-001 | DONE (2025-11-24) | SPRINT_110_ingestion_evidence | Concelier Core Guild · Evidence Locker Guild | Deterministic NDJSON bundle writer + manifest/entry-trace, validator, sealed-mode deploy runbook delivered. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ELOCKER-CONTRACT-2001 | AGCN0101 | ||
| CONCELIER-AIRGAP-56-002 | DONE (2025-11-24) | SPRINT_112_concelier_i | Concelier Core Guild · AirGap Importer Guild | src/Concelier/StellaOps.Concelier.WebService/AirGap | Bundle validator (hash/order/entry-trace) and tests. | Delivered alongside 56-001 | AGCN0101 | |
| CONCELIER-AIRGAP-57-001 | TODO | SPRINT_112_concelier_i | Concelier Core Guild · AirGap Policy Guild | Feature flag + policy that rejects non-mirror connectors with actionable diagnostics; depends on 56-001. | — | ATLN0102 | ||
| CONCELIER-AIRGAP-57-002 | TODO | SPRINT_112_concelier_i | Concelier Core Guild · AirGap Time Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Compute fetchedAt/publishedAt/clockSource deltas per bundle and expose via observation APIs without mutating evidence; depends on 56-002. |
Wait for AIRGAP-TIME-CONTRACT-1501 | CCAN0101 | |
| CONCELIER-AIRGAP-58-001 | TODO | SPRINT_112_concelier_i | Concelier Core Guild · Evidence Locker Guild | Package advisory observations/linksets + provenance notes (document id + observationPath) into timeline-bound portable bundles with verifier instructions; depends on 57-002. | — | ATLN0102 | ||
| CONCELIER-ATTEST-73-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_110_ingestion_evidence | Concelier Core · Evidence Locker Guild | src/Concelier/StellaOps.Concelier.WebService | Attestation claims builder verified; Core/WebService attestation suites green (TestResults/concelier-attestation/core.trx, web.trx). |
CONCELIER-AIAI-31-002; ELOCKER-CONTRACT-2001 | CCAN0101 |
| CONCELIER-ATTEST-73-002 | DONE (2025-11-25) | 2025-11-25 | SPRINT_110_ingestion_evidence | Concelier Core · Evidence Locker Guild | src/Concelier/StellaOps.Concelier.WebService | Internal /internal/attestations/verify endpoint validated end-to-end; TRX archived under TestResults/concelier-attestation/web.trx. |
CONCELIER-AIAI-31-002; ELOCKER-CONTRACT-2001 | CCAN0101 |
| CONCELIER-CONSOLE-23-001 | TODO | SPRINT_112_concelier_i | Concelier WebService Guild · BE-Base Platform Guild | /console/advisories returns grouped linksets with per-source severity/status chips plus {documentId, observationPath} provenance references (matching GHSA + Red Hat CVE browser expectations); depends on CONCELIER-LNM-21-201/202. |
— | ATLN0102 | ||
| CONCELIER-CONSOLE-23-001..003 | DONE (2025-11-25) | 2025-11-25 | SPRINT_110_ingestion_evidence | Concelier Console Guild | src/Concelier/StellaOps.Concelier.WebService | Console overlays wired to LNM schema; consumption contract published. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002 | CCLN0102 |
| CONCELIER-CONSOLE-23-002 | TODO | SPRINT_112_concelier_i | Concelier WebService Guild | Deterministic “new/modified/conflicting” sets referencing linkset IDs and field paths rather than computed verdicts; depends on 23-001. | — | ATLN0102 | ||
| CONCELIER-CONSOLE-23-003 | TODO | SPRINT_112_concelier_i | Concelier WebService Guild | CVE/GHSA/PURL lookups return observation excerpts, provenance anchors, and cache hints so tenants can preview evidence safely; reuse structured field taxonomy from Workstream A. | — | ATLN0102 | ||
| CONCELIER-CORE-AOC-19-013 | TODO | SPRINT_112_concelier_i | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Expand smoke/e2e suites so Authority tokens + tenant headers are mandatory for ingest/read paths (including the new provenance endpoint). Must assert no merge-side effects and that provenance anchors always round-trip. | Must reference AOC guardrails from docs | AGCN0101 | |
| CONCELIER-DOCS-0001 | DONE | 2025-11-05 | SPRINT_0317_0001_0001_docs_modules_concelier | Docs Guild | docs/modules/concelier | Validate that docs/modules/concelier/README.md reflects the latest release notes and aggregation toggles. |
Reference (baseline) | CCDO0101 |
| CONCELIER-ENG-0001 | DONE | 2025-11-25 | SPRINT_0317_0001_0001_docs_modules_concelier | Module Team · Concelier Guild | docs/modules/concelier | Cross-check implementation plan milestones against /docs/implplan/SPRINT_*.md and update module readiness checkpoints. |
Wait for CCPR0101 validation | CCDO0101 |
| CONCELIER-GRAPH-21-001 | DONE | 2025-11-18 | SPRINT_113_concelier_ii | Concelier Core · Cartographer Guilds | src/Concelier/__Libraries/StellaOps.Concelier.Core | Extend SBOM normalization so every relationship (depends_on, contains, provides) and scope tag is captured as raw observation metadata with provenance pointers; Cartographer can then join SBOM + advisory facts without Concelier inferring impact. | Waiting on Cartographer schema (052_CAGR0101) | AGCN0101 |
| CONCELIER-GRAPH-21-002 | DONE | 2025-11-22 | SPRINT_113_concelier_ii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Publish sbom.observation.updated events whenever new SBOM versions arrive, including tenant/context metadata and advisory references—never send judgments, only facts. Depends on CONCELIER-GRAPH-21-001; blocked pending Platform Events/Scheduler contract + event publisher. |
Depends on #5 outputs | AGCN0101 |
| CONCELIER-GRAPH-24-101 | TODO | SPRINT_113_concelier_ii | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Provide /advisories/summary responses that bundle observation/linkset metadata (aliases, confidence, conflicts) for graph overlays while keeping upstream values intact. Depends on CONCELIER-GRAPH-21-002. |
Wait for CAGR0101 + storage migrations | CCGH0101 | |
| CONCELIER-GRAPH-28-102 | TODO | SPRINT_113_concelier_ii | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Add batch fetch endpoints keyed by component sets so graph tooltips can pull raw observations/linksets efficiently; include provenance + timestamps but no derived severity. Depends on CONCELIER-GRAPH-24-101. | Depends on #1 | CCGH0101 | |
| CONCELIER-LNM-21-001 | DONE | 2025-11-17 | SPRINT_113_concelier_ii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Define the immutable advisory_observations model (per-source fields, version ranges, severity text, provenance metadata, tenant guards) so every ingestion path records raw statements without merge artifacts. |
Needs Link-Not-Merge approval (005_ATLN0101) | AGCN0101 |
| CONCELIER-LNM-21-002 | DONE | 2025-11-22 | SPRINT_113_concelier_ii | Concelier Core Guild · Data Science Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Implement correlation pipelines (alias graph, purl overlap, CVSS vector compare) that output linksets with confidence scores + conflict markers, never collapsing conflicting facts into single values. Depends on CONCELIER-LNM-21-001. | Depends on #7 for precedence rules | AGCN0101 |
| CONCELIER-LNM-21-003 | DONE | 2025-11-22 | SPRINT_113_concelier_ii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Record disagreements (severity, CVSS, references) on linksets as structured conflict entries so consumers can reason about divergence without Concelier resolving it. Depends on CONCELIER-LNM-21-002. | Requires #8 heuristics | AGCN0101 |
| CONCELIER-LNM-21-004 | TODO | SPRINT_113_concelier_ii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Delete legacy merge/dedup logic, add guardrails/tests to keep ingestion append-only, and document how linksets supersede the old merge outputs. Depends on CONCELIER-LNM-21-003. | Depends on #9 | AGCN0101 | |
| CONCELIER-LNM-21-005 | TODO | SPRINT_113_concelier_ii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Emit advisory.linkset.updated events containing delta descriptions + observation ids so downstream evaluators can subscribe deterministically. Depends on CONCELIER-LNM-21-004. |
Requires CCLN0101 store changes | CCCO0101 | |
| CONCELIER-LNM-21-101 | TODO | SPRINT_113_concelier_ii | Concelier Storage Guild | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | Provision the Mongo collections (advisory_observations, advisory_linksets) with hashed shard keys, tenant indexes, and TTL for ingest metadata to support Link-Not-Merge at scale. Depends on CONCELIER-LNM-21-005. |
Wait for schema freeze | CCLN0101 | |
| CONCELIER-LNM-21-102 | TODO | SPRINT_113_concelier_ii | Concelier Storage Guild · DevOps Guild | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | Backfill legacy merged advisories into the new observation/linkset collections, seed tombstones for deprecated docs, and provide rollback tooling for Offline Kit operators. Depends on CONCELIER-LNM-21-101. | Depends on #1 | CCLN0101 | |
| CONCELIER-LNM-21-103 | TODO | SPRINT_113_concelier_ii | Concelier Storage Guild (src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo) | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | Move large raw payloads to object storage with deterministic pointers, update bootstrapper/offline kit seeds, and guarantee provenance metadata remains intact. Depends on CONCELIER-LNM-21-102. | — | ATLN0101 | |
| CONCELIER-LNM-21-201 | TODO | SPRINT_113_concelier_ii | Concelier WebService Guild · Platform Guild | src/Concelier/StellaOps.Concelier.WebService | Add /advisories/observations with filters for alias/purl/source plus strict tenant scopes; responses must only echo upstream values + provenance fields. Depends on CONCELIER-LNM-21-103. |
Wait for storage sprint (CCLN0101) | CCLN0102 | |
| CONCELIER-LNM-21-202 | TODO | SPRINT_113_concelier_ii | Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | Implement /advisories/linksets/export/evidence endpoints surfacing correlation + conflict payloads and ERR_AGG_* error mapping, never exposing synthesis/merge results. Depends on CONCELIER-LNM-21-201. |
— | ATLN0101 | |
| CONCELIER-LNM-21-203 | TODO | SPRINT_113_concelier_ii | Concelier WebService Guild, Platform Events Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | Publish idempotent NATS/Redis events for new observations/linksets with schemas documented for downstream consumers; include tenant + provenance references only. Depends on CONCELIER-LNM-21-202. | — | ATLN0101 | |
| CONCELIER-OAS-61-001 | TODO | SPRINT_114_concelier_iii | Concelier Core + API Contracts Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Update the OpenAPI spec so every observation/linkset/timeline endpoint documents provenance fields, tenant scopes, and AOC guarantees (no consensus fields), giving downstream SDKs unambiguous contracts. | Wait for CCPR0101 policy updates | CCOA0101 | |
| CONCELIER-OAS-61-002 | TODO | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Provide realistic examples (conflict linksets, multi-source severity, timeline snippets) showing how raw advisories are surfaced without merges; wire them into docs/SDKs. Depends on CONCELIER-OAS-61-001. | Depends on #1 | CCOA0101 | |
| CONCELIER-OAS-62-001 | TODO | SPRINT_114_concelier_iii | Concelier Core + SDK Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Add SDK scenarios covering advisory search, pagination, and conflict handling to ensure each language client preserves provenance fields and does not infer verdicts. Depends on CONCELIER-OAS-61-002. | Needs SDK requirements from CLSB0101 | CCOA0101 | |
| CONCELIER-OBS-51-001 | DOING | 2025-11-23 | SPRINT_114_concelier_iii | Concelier Core Guild · DevOps Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Emit ingestion latency, queue depth, and AOC violation metrics with burn-rate alerts so we can prove the evidence pipeline remains healthy without resorting to heuristics. | Telemetry schema 046_TLTY0101 published (2025-11-23) | CNOB0101 |
| CONCELIER-OBS-52-001 | TODO | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Produce timeline records for ingest/normalization/linkset updates containing trace IDs, conflict summaries, and evidence hashes—pure facts for downstream replay. Depends on CONCELIER-OBS-51-001. | Needs #1 merged to reuse structured logging helpers | CNOB0101 | |
| CONCELIER-OBS-53-001 | TODO | SPRINT_114_concelier_iii | Concelier Core Guild · Evidence Locker Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Generate evidence locker bundles (raw doc, normalization diff, linkset) with Merkle manifests so audits can replay advisory history without touching live Mongo. Depends on CONCELIER-OBS-52-001. | Requires Evidence Locker contract from 002_ATEL0101 | CNOB0101 | |
| CONCELIER-OBS-54-001 | TODO | SPRINT_114_concelier_iii | Concelier Core Guild · Provenance Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Attach DSSE attestations to advisory batches, expose verification APIs, and link attestation IDs into timeline + ledger for transparency. Depends on CONCELIER-OBS-53-001. | Blocked by Link-Not-Merge schema finalization (005_ATLN0101) | CNOB0101 | |
| CONCELIER-OBS-55-001 | TODO | SPRINT_114_concelier_iii | Concelier Core Guild · DevOps Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Implement incident-mode levers (extra sampling, retention overrides, redaction guards) that collect more raw evidence without mutating advisory content. Depends on CONCELIER-OBS-54-001. | Depends on #4 for consistent dimensions | CNOB0101 | |
| CONCELIER-OPS-0001 | DONE | 2025-11-25 | SPRINT_0317_0001_0001_docs_modules_concelier | Ops Guild | docs/modules/concelier | Review runbooks/observability assets after the next sprint demo and capture findings inline with sprint notes. | Depends on #2 | CCDO0101 |
| CONCELIER-ORCH-32-001 | TODO | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Register every advisory connector with the orchestrator (metadata, auth scopes, rate policies) so ingest scheduling is transparent and reproducible. | Wait for CCAN0101 outputs | CCCO0101 | |
| CONCELIER-ORCH-32-002 | TODO | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Adopt the orchestrator worker SDK in ingestion loops, emitting heartbeats/progress/artifact hashes to guarantee deterministic replays. Depends on CONCELIER-ORCH-32-001. | Depends on #1 | CCCO0101 | |
| CONCELIER-ORCH-33-001 | TODO | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Honor orchestrator pause/throttle/retry controls with structured error outputs and persisted checkpoints so operators can intervene without losing evidence. Depends on CONCELIER-ORCH-32-002. | Needs ORTR0102 cues | CCCO0101 | |
| CONCELIER-ORCH-34-001 | TODO | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Execute orchestrator-driven backfills that reuse artifact hashes/signatures, log provenance, and push run metadata to the ledger for audits. Depends on CONCELIER-ORCH-33-001. | Depends on #3 | CCCO0101 | |
| CONCELIER-POLICY-20-001 | TODO | SPRINT_114_concelier_iii | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Provide batch advisory lookup APIs for Policy Engine (purl/advisory filters, tenant scopes, explain metadata) so policy can join raw evidence without Concelier suggesting outcomes. | Wait for storage sprint | CCPR0101 | |
| CONCELIER-POLICY-20-002 | TODO | SPRINT_115_concelier_iv | Concelier Core Guild · Policy Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Expand linkset builders with vendor-specific equivalence tables, NEVRA/PURL normalization, and version-range parsing so policy joins become more accurate without Concelier prioritizing sources. Depends on CONCELIER-POLICY-20-001. | Depends on #1 | CCPR0101 | |
| CONCELIER-POLICY-20-003 | TODO | SPRINT_115_concelier_iv | Concelier Storage Guild | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | Introduce advisory selection cursors + change-stream checkpoints that let Policy Engine process deltas deterministically; include offline migration scripts. Depends on CONCELIER-POLICY-20-002. | Depends on #2 | CCPR0101 | |
| CONCELIER-POLICY-23-001 | TODO | SPRINT_115_concelier_iv | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Add secondary indexes/materialized views (alias, provider severity, correlation confidence) so policy lookups stay fast without caching derived verdicts; document the supported query patterns. Depends on CONCELIER-POLICY-20-003. | Needs RISK series seeds | CCPR0101 | |
| CONCELIER-POLICY-23-002 | TODO | SPRINT_115_concelier_iv | Concelier WebService Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Ensure advisory.linkset.updated events ship with idempotent IDs, confidence summaries, and tenant metadata so policy consumers can replay evidence feeds safely. Depends on CONCELIER-POLICY-23-001. |
Depends on #4 | CCPR0101 | |
| CONCELIER-RISK-66-001 | BLOCKED | 2025-11-23 | SPRINT_115_concelier_iv | Concelier Core · Risk Engine Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Surface vendor-provided CVSS/KEV/fix data exactly as published (with provenance anchors) through provider APIs so risk engines can reason about upstream intent. | POLICY-20-001 outputs; AUTH-TEN-47-001; shared signals library adoption | CCPR0101 |
| CONCELIER-RISK-66-002 | BLOCKED | 2025-11-23 | SPRINT_115_concelier_iv | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Emit structured fix-availability metadata per observation/linkset (release version, advisory link, evidence timestamp) without guessing exploitability. Depends on CONCELIER-RISK-66-001. | CONCELIER-RISK-66-001 | CCPR0101 |
| CONCELIER-RISK-67-001 | BLOCKED | 2025-11-23 | SPRINT_115_concelier_iv | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Publish per-source coverage/conflict metrics (counts, disagreements) so explainers can cite which upstream statements exist; no weighting is applied inside Concelier. Depends on CONCELIER-RISK-66-001. | CONCELIER-RISK-66-001 | CCPR0101 |
| CONCELIER-RISK-68-001 | BLOCKED | 2025-11-23 | SPRINT_115_concelier_iv | Concelier Core + Policy Studio Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Wire advisory signal pickers into Policy Studio so curators can select which raw advisory fields feed policy gating; validation must confirm fields are provenance-backed. Depends on POLICY-RISK-68-001. | POLICY-RISK-68-001; CONCELIER-RISK-66-001 | CCPR0101 |
| CONCELIER-RISK-69-001 | BLOCKED | 2025-11-23 | SPRINT_115_concelier_iv | Concelier Core + Notifications Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Emit notifications when upstream advisory fields change (e.g., fix available) with observation IDs + provenance so Notifications service can alert without inferring severity. Depends on CONCELIER-RISK-66-002. | CONCELIER-RISK-66-002; Notifications contract | CCPR0101 |
| CONCELIER-SIG-26-001 | BLOCKED | 2025-11-23 | SPRINT_115_concelier_iv | Concelier Core + Signals Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Expose upstream-provided affected symbol/function lists via APIs to help reachability scoring; maintain provenance and do not infer exploitability. Depends on SIGNALS-24-002. | SIGNALS-24-002 | CCCO0101 |
| CONCELIER-STORE-AOC-19-005 | TODO | 2025-11-04 | SPRINT_115_concelier_iv | Concelier Storage Guild · DevOps Guild | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | Execute the raw-linkset backfill/rollback plan (docs/dev/raw-linkset-backfill-plan.md) so Mongo + Offline Kit bundles reflect Link-Not-Merge data; rehearse rollback. Depends on CONCELIER-CORE-AOC-19-004. |
Wait for CCLN0101 approval | CCSM0101 |
| CONCELIER-TEN-48-001 | BLOCKED | 2025-11-23 | SPRINT_115_concelier_iv | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Enforce tenant scoping throughout normalization/linking, expose capability endpoint advertising merge=false, and ensure events include tenant IDs. Depends on AUTH-TEN-47-001. |
AUTH-TEN-47-001; POLICY chain | CCCO0101 |
| CONCELIER-VEXLENS-30-001 | BLOCKED | 2025-11-23 | SPRINT_115_concelier_iv | Concelier WebService Guild · VEX Lens Guild | src/Concelier/StellaOps.Concelier.WebService | Guarantee advisory key consistency and cross-links consumed by VEX Lens so consensus explanations can cite Concelier evidence without requesting merges. Depends on CONCELIER-VULN-29-001, VEXLENS-30-005. | VEXLENS-30-005 | PLVL0103 |
| CONCELIER-VULN-29-004 | TODO | SPRINT_116_concelier_v | Concelier WebService Guild · Observability Guild | src/Concelier/StellaOps.Concelier.WebService | Instrument observation/linkset pipelines with metrics for identifier collisions, withdrawn statements, and chunk latencies; stream them to Vuln Explorer without altering evidence payloads. Depends on CONCELIER-VULN-29-001. | Requires CCPR0101 risk feed | CCWO0101 | |
| CONCELIER-WEB-AIRGAP-56-001 | TODO | SPRINT_116_concelier_v | Concelier WebService Guild · AirGap Policy Guild | src/Concelier/StellaOps.Concelier.WebService | Extend ingestion endpoints to register mirror bundle sources, expose bundle catalogs, and enforce sealed-mode by blocking direct internet feeds. | Wait for AGCN0101 proof | CCAW0101 | |
| CONCELIER-WEB-AIRGAP-56-002 | TODO | SPRINT_116_concelier_v | Concelier WebService Guild · AirGap Importer Guild | src/Concelier/StellaOps.Concelier.WebService | Add staleness + bundle provenance metadata to /advisories/observations and /advisories/linksets so operators can see freshness without Excitior deriving outcomes. Depends on CONCELIER-WEB-AIRGAP-56-001. |
Depends on #1 | CCAW0101 | |
| CONCELIER-WEB-AIRGAP-57-001 | TODO | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Map sealed-mode violations to consistent AIRGAP_EGRESS_BLOCKED payloads that explain how to remediate, leaving advisory content untouched. Depends on CONCELIER-WEB-AIRGAP-56-002. |
Needs CCAN0101 time beacons | CCAW0101 | |
| CONCELIER-WEB-AIRGAP-58-001 | TODO | SPRINT_116_concelier_v | Concelier WebService Guild · Evidence Locker Guild | src/Concelier/StellaOps.Concelier.WebService | Emit timeline events for bundle imports (bundle ID, scope, actor) so audit trails capture every evidence change. Depends on CONCELIER-WEB-AIRGAP-57-001. | Depends on #3 | CCAW0101 | |
| CONCELIER-WEB-AOC-19-003 | TODO | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Add unit tests for schema validators, forbidden-field guards (ERR_AOC_001/2/6/7), and supersedes chains to keep ingestion append-only. Depends on CONCELIER-WEB-AOC-19-002. |
Wait for CCSM0101 migration | CCAO0101 | |
| CONCELIER-WEB-AOC-19-004 | TODO | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Create integration tests that ingest large advisory batches (cold/warm), verify reproducible linksets, and record metrics/fixtures for Offline Kit rehearsals. Depends on CONCELIER-WEB-AOC-19-003. | Depends on #1 | CCAO0101 | |
| CONCELIER-WEB-AOC-19-005 | TODO | 2025-11-08 | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Fix /advisories/{key}/chunks test data so pre-seeded raw docs resolve correctly; ensure Mongo migrations stop logging “Unable to locate advisory_raw documents” during tests. Depends on CONCELIER-WEB-AOC-19-002. |
Needs CCPR0101 verdict feed | CCAO0101 |
| CONCELIER-WEB-AOC-19-006 | TODO | 2025-11-08 | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Align default auth/tenant configs with the test fixtures so allowlisted tenants can ingest before forbidden tenants are rejected, closing the gap in AdvisoryIngestEndpoint_RejectsTenantOutsideAllowlist. Depends on CONCELIER-WEB-AOC-19-002. |
Depends on #3 | CCAO0101 |
| CONCELIER-WEB-AOC-19-007 | TODO | 2025-11-08 | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Update AOC verify logic so guard failures emit ERR_AOC_001 (not _004) and keep mapper/guard parity covered by regression tests. Depends on CONCELIER-WEB-AOC-19-002. |
Depends on #4 | CCAO0101 |
| CONCELIER-WEB-OAS-61-002 | TODO | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Ensure every API returns the standardized error envelope and update controllers/tests accordingly (prereq for SDK/doc alignment). | Wait for CCOA0101 spec | CCWO0101 | |
| CONCELIER-WEB-OAS-62-001 | TODO | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Publish curated examples for observations/linksets/conflicts and wire them into the developer portal. Depends on CONCELIER-WEB-OAS-61-002. | Depends on #1 | CCWO0101 | |
| CONCELIER-WEB-OAS-63-001 | TODO | SPRINT_116_concelier_v | Concelier WebService Guild · API Governance Guild | src/Concelier/StellaOps.Concelier.WebService | Emit deprecation headers + notifications for retiring endpoints, steering clients toward Link-Not-Merge APIs. Depends on CONCELIER-WEB-OAS-62-001. | Needs governance approval | CCWO0101 | |
| CONCELIER-WEB-OBS-51-001 | DONE | 2025-11-23 | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Add /obs/concelier/health surfaces for ingest health, queue depth, and SLO status so Console widgets can display real-time evidence pipeline stats. |
Telemetry schema 046_TLTY0101 published (2025-11-23) | CNOB0102 |
| CONCELIER-WEB-OBS-52-001 | TODO | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Provide SSE stream /obs/concelier/timeline with paging tokens, guardrails, and audit logging so operators can monitor evidence changes live. Depends on CONCELIER-WEB-OBS-51-001. |
Requires #1 merged so we reuse correlation IDs | CNOB0102 | |
| CONCELIER-WEB-OBS-53-001 | TODO | SPRINT_117_concelier_vi | Concelier WebService Guild · Evidence Locker Guild | src/Concelier/StellaOps.Concelier.WebService | Add /evidence/advisories/* routes that proxy evidence locker snapshots, verify evidence:read scopes, and return signed manifest metadata—no shortcut paths into raw storage. Depends on CONCELIER-WEB-OBS-52-001. |
Blocked on Evidence Locker DSSE feed (002_ATEL0101) | CNOB0102 | |
| CONCELIER-WEB-OBS-54-001 | TODO | SPRINT_117_concelier_vi | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Provide /attestations/advisories/* endpoints surfacing DSSE status, verification summary, and provenance chain so CLI/Console can audit trust without hitting databases. Depends on CONCELIER-WEB-OBS-53-001. |
Depends on Link-Not-Merge schema (005_ATLN0101) | CNOB0102 | |
| CONCELIER-WEB-OBS-55-001 | TODO | SPRINT_117_concelier_vi | Concelier WebService Guild · DevOps Guild | src/Concelier/StellaOps.Concelier.WebService | Implement incident-mode APIs that coordinate ingest, locker, and orchestrator, capturing activation events + cooldown semantics but leaving evidence untouched. Depends on CONCELIER-WEB-OBS-54-001. | Needs #4 to finalize labels | CNOB0102 | |
| CONN-SUSE-01-003 | Team Excititor Connectors – SUSE | SPRINT_0120_0001_0002_excititor_ii | Connector Guild (SUSE) | src/Excititor/__Libraries/StellaOps.Excititor.Connectors.SUSE.RancherVEXHub | EXCITITOR-CONN-SUSE-01-002; EXCITITOR-POLICY-01-001 | EXCITITOR-CONN-SUSE-01-002; EXCITITOR-POLICY-01-001 | EXCN0102 | |
| CONN-TRUST-01-001 | DONE (2025-11-22) | 2025-11-22 | SPRINT_110_ingestion_evidence | Excititor + AirGap Guilds | Connnector trust + air-gap ingest delivered against frozen schema. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | EXCN0102 | |
| CONN-UBUNTU-01-003 | Team Excititor Connectors – Ubuntu | SPRINT_0120_0001_0002_excititor_ii | Connector Guild (Ubuntu) | src/Excititor/__Libraries/StellaOps.Excititor.Connectors.Ubuntu.CSAF | EXCITITOR-CONN-UBUNTU-01-002; EXCITITOR-POLICY-01-001 | EXCITITOR-CONN-UBUNTU-01-002; EXCITITOR-POLICY-01-001 | EXCN0102 | |
| CONSENSUS-LENS-DOCS-0001 | TODO | SPRINT_332_docs_modules_vex_lens | Docs Guild | docs/modules/vex-lens | Wait for CCSL0101 panel demo | Wait for CCSL0101 panel demo | CCDL0101 | |
| CONSENSUS-LENS-DOCS-0002 | TODO | 2025-11-05 | SPRINT_332_docs_modules_vex_lens | Docs Guild | docs/modules/vex-lens | Depends on #1 | Depends on #1 | CCDL0101 |
| CONSENSUS-LENS-ENG-0001 | TODO | SPRINT_332_docs_modules_vex_lens | Module Team | docs/modules/vex-lens | Needs CCWO0101 schema | Needs CCWO0101 schema | CCDL0101 | |
| CONSENSUS-LENS-OPS-0001 | TODO | SPRINT_332_docs_modules_vex-lens | Ops Guild | docs/modules/vex-lens | Depends on #3 | Depends on #3 | CCDL0101 | |
| CONSOLE-23-001 | TODO | SPRINT_112_concelier_i | Console Guild | src/Console/StellaOps.Console | Wait for CCWO0101 schema | Wait for CCWO0101 schema | CCSL0101 | |
| CONSOLE-23-001..003 | DONE (2025-11-25) | 2025-11-25 | SPRINT_110_ingestion_evidence | Console Guild | src/Console/StellaOps.Console | Console overlays wired to LNM schema; fixtures published. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002 | CCSL0101 |
| CONSOLE-23-002 | TODO | SPRINT_112_concelier_i | Console Guild | src/Console/StellaOps.Console | Needs LNM graph (CCGH0101) | Needs LNM graph (CCGH0101) | CCSL0101 | |
| CONSOLE-23-003 | TODO | SPRINT_112_concelier_i | Console Guild | src/Console/StellaOps.Console | Depends on #3 | Depends on #3 | CCSL0101 | |
| CONSOLE-23-004 | TODO | SPRINT_0212_0001_0001_web_i | Console Guild | src/Web/StellaOps.Web | Requires CCPR0101 verdicts | Requires CCPR0101 verdicts | CCSL0101 | |
| CONSOLE-23-005 | TODO | SPRINT_0212_0001_0001_web_i | Console Guild | src/Web/StellaOps.Web | Depends on #5 | Depends on #5 | CCSL0101 | |
| CONSOLE-OBS-52-001 | TODO | SPRINT_303_docs_tasks_md_iii | Console Ops Guild | docs/modules/ui | Needs TLTY0101 metrics | Needs TLTY0101 metrics | CCSL0101 | |
| CONSOLE-OBS-52-002 | TODO | SPRINT_303_docs_tasks_md_iii | Console Ops Guild | docs/modules/ui | Depends on #7 | Depends on #7 | CCSL0101 | |
| CONSOLE-VEX-30-001 | BLOCKED (2025-12-04) | 2025-12-04 | SPRINT_0212_0001_0001_web_i | Console Guild · VEX Lens Guild | src/Web/StellaOps.Web | Provide /console/vex/* APIs streaming VEX statements, justification summaries, and advisory links with SSE refresh hooks. Dependencies: WEB-CONSOLE-23-001 (done 2025-11-28), EXCITITOR-CONSOLE-23-001 (done 2025-11-23); awaiting VEX Lens spec PLVL0103 and SSE envelope validation from Scheduler/Signals alignment. |
Needs VEX Lens spec (PLVL0103) | CCSL0101 |
| CONSOLE-VULN-29-001 | BLOCKED (2025-12-04) | 2025-12-04 | SPRINT_0212_0001_0001_web_i | Console Guild | src/Web/StellaOps.Web | Build /console/vuln/* APIs and filters surfacing tenant-scoped findings with policy/VEX badges so Docs/UI teams can document workflows. Dependencies: WEB-CONSOLE-23-001 (done 2025-11-28); waiting on Concelier graph schema snapshot from 2025-12-03 freeze review. |
Depends on CCWO0101 | CCSL0101 |
| CONTAINERS-44-001 | DONE | 2025-11-18 | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild | src/Web/StellaOps.Web | Wait for DVCP0101 compose template | Wait for DVCP0101 compose template | COWB0101 |
| CONTAINERS-45-001 | DONE | 2025-11-19 | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild | src/Web/StellaOps.Web | Depends on #1 | Depends on #1 | COWB0101 |
| CONTAINERS-46-001 | DONE | 2025-11-19 | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild | src/Web/StellaOps.Web | Needs RBRE0101 hashes | Needs RBRE0101 hashes | COWB0101 |
| CONTRIB-62-001 | TODO | SPRINT_303_docs_tasks_md_iii | Docs Guild · API Governance Guild | docs/api | Wait for CCWO0101 spec finalization | Wait for CCWO0101 spec finalization | APID0101 | |
| CORE-185-001 | TODO | SPRINT_0185_0001_0001_shared_replay_primitives | Platform Guild | src/__Libraries/StellaOps.Replay.Core |
Wait for SGSI0101 feed | Wait for SGSI0101 feed | RLRC0101 | |
| CORE-185-002 | TODO | SPRINT_0185_0001_0001_shared_replay_primitives | Platform Guild | src/__Libraries/StellaOps.Replay.Core | Depends on #1 | Depends on #1 | RLRC0101 | |
| CORE-185-003 | TODO | SPRINT_0185_0001_0001_shared_replay_primitives | Platform Data Guild | src/__Libraries/StellaOps.Replay.Core | Depends on #2 | Depends on #2 | RLRC0101 | |
| CORE-186-004 | TODO | SPRINT_0186_0001_0001_record_deterministic_execution | Signing Guild | src/Signer/StellaOps.Signer, src/__Libraries/StellaOps.Cryptography |
Wait for RLRC0101 schema | Wait for RLRC0101 schema | SIGR0101 | |
| CORE-186-005 | TODO | SPRINT_0186_0001_0001_record_deterministic_execution | Signing Guild | src/Signer/StellaOps.Signer.Core |
Depends on #1 | Depends on #1 | SIGR0101 | |
| CORE-41-001 | TODO | SPRINT_0202_0001_0002_cli_ii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Wait for CASC0101 manifest | Wait for CASC0101 manifest | CLCI0110 | |
| CORE-AOC-19-002 | TODO | SPRINT_0120_0001_0002_excititor_ii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Wait for ATLN schema freeze | Wait for ATLN schema freeze | EXAC0101 | |
| CORE-AOC-19-003 | TODO | SPRINT_0120_0001_0002_excititor_ii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Depends on #1 | Depends on #1 | EXAC0101 | |
| CORE-AOC-19-004 | TODO | SPRINT_0120_0001_0002_excititor_ii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Depends on #2 | Depends on #2 | EXAC0101 | |
| CORE-AOC-19-013 | TODO | SPRINT_112_concelier_i | Concelier Core Guild + Excititor | src/Concelier/__Libraries/StellaOps.Concelier.Core | Needs CCAN0101 DSSE output | Needs CCAN0101 DSSE output | EXAC0101 | |
| CRT-56-001 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator Guild | Wait for PGMI0101 owner | Wait for PGMI0101 owner | MRCR0101 | ||
| CRT-56-002 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator · Security Guilds | Depends on #1 | MIRROR-CRT-56-001; PROV-OBS-53-001 | MRCR0101 | ||
| CRT-57-001 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator · AirGap Time Guild | Needs AIRGAP-TIME-57-001 | MIRROR-CRT-56-001; AIRGAP-TIME-57-001 | MRCR0101 | ||
| CRT-57-002 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator Guild | Depends on #3 | MIRROR-CRT-56-001; AIRGAP-TIME-57-001 | MRCR0101 | ||
| CRT-58-001 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator + Evidence Locker | Requires Evidence Locker contract | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | MRCR0101 | ||
| CRT-58-002 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator + Security Guild | Depends on #5 | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | MRCR0101 | ||
| CRYPTO-90-001 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | CRSA0101 | ||
| CRYPTO-90-002 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | CRSA0101 | ||
| CRYPTO-90-003 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | CRSA0101 | ||
| CRYPTO-90-004 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | CRSA0101 | ||
| CRYPTO-90-005 | DONE | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | CRSA0101 | ||
| CRYPTO-90-006 | DONE | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | CRSA0101 | ||
| CRYPTO-90-007 | DONE | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | CRSA0101 | ||
| CRYPTO-90-008 | DONE | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | CRSA0101 | ||
| CRYPTO-90-009 | DONE | 2025-11-09 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro) | src/__Libraries.StellaOps.Cryptography.Plugin.CryptoPro | CRSA0101 | ||
| CRYPTO-90-010 | DONE | 2025-11-09 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography + .DependencyInjection) | src/__Libraries.StellaOps.Cryptography + .DependencyInjection | CRSA0101 | ||
| CRYPTO-90-011 | DONE | 2025-11-09 | SPRINT_514_sovereign_crypto_enablement | Security & Ops Guilds (src/Tools/StellaOps.CryptoRu.Cli) | src/Tools/StellaOps.CryptoRu.Cli | CRSA0101 | ||
| CRYPTO-90-012 | TODO | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/__Tests/StellaOps.Cryptography.Tests) | src/__Libraries/__Tests.StellaOps.Cryptography.Tests | CRSA0101 | |||
| CRYPTO-90-013 | TODO | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries.StellaOps.Cryptography | CRSA0101 | |||
| CRYPTO-90-014 | TODO | SPRINT_514_sovereign_crypto_enablement | Security + Service Guilds | Wait for AUIN0101 sign-off | Wait for AUIN0101 sign-off | CRYO0101 | ||
| CRYPTO-90-015 | TODO | SPRINT_514_sovereign_crypto_enablement | Security + Docs Guild | docs/security/rootpack_ru_*.md | Depends on #1 | Depends on #1 | CRYO0101 | |
| CRYPTO-90-016 | DONE | 2025-11-09 | SPRINT_514_sovereign_crypto_enablement | Security Guild | src/__Libraries/StellaOps.Cryptography.DependencyInjection + .Plugin.CryptoPro | Reference (artifact) | Reference (artifact) | CRYO0101 |
| CRYPTO-90-017 | TODO | SPRINT_514_sovereign_crypto_enablement | Security Guild | third_party/forks + src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro | Needs fork sync | Needs fork sync | CRYO0101 | |
| CRYPTO-90-018 | TODO | SPRINT_514_sovereign_crypto_enablement | Security + Docs Guild | docs/security/rootpack_ru_*.md, docs/dev/crypto.md | Depends on #4 | Depends on #4 | CRYO0101 | |
| CRYPTO-90-019 | TODO | SPRINT_514_sovereign_crypto_enablement | Security Guild | third_party/forks/AlexMAS.GostCryptography | Needs fork validation | Needs fork validation | CRYO0101 | |
| CRYPTO-90-020 | TODO | SPRINT_514_sovereign_crypto_enablement | Security Guild | src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro | Depends on #6 | Depends on #6 | CRYO0101 | |
| CRYPTO-90-021 | TODO | SPRINT_514_sovereign_crypto_enablement | Security + QA Guilds | scripts/crypto/**, docs/security/rootpack_ru_validation.md | Depends on #7 | Depends on #7 | CRYO0101 | |
| CTL-56-001 | TODO | SPRINT_510_airgap | AirGap Controller Guild | src/AirGap/StellaOps.AirGap.Controller | Wait for AGTM0101 schema | Wait for AGTM0101 schema | AGCT0102 | |
| CTL-56-002 | TODO | SPRINT_510_airgap | Controller + DevOps Guilds | src/AirGap/StellaOps.AirGap.Controller | Depends on #1 | Depends on #1 | AGCT0102 | |
| CTL-57-001 | TODO | SPRINT_510_airgap | Controller + Time Guild | src/AirGap/StellaOps.AirGap.Controller | Needs AGTM time anchors | Needs AGTM time anchors | AGCT0102 | |
| CTL-57-002 | TODO | SPRINT_510_airgap | Controller + Observability Guild | src/AirGap/StellaOps.AirGap.Controller | Depends on #3 | Depends on #3 | AGCT0102 | |
| CTL-58-001 | TODO | SPRINT_510_airgap | Controller + Evidence Locker Guild | src/AirGap/StellaOps.AirGap.Controller | Depends on #4 | Depends on #4 | AGCT0102 | |
| DEPLOY-AIAI-31-001 | TODO | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Advisory AI Guild | ops/deployment | Provide Helm/Compose manifests, GPU toggle, scaling/runbook, and offline kit instructions for Advisory AI service + inference container. | Wait for DVCP0101 compose template | DVPL0101 | |
| DEPLOY-AIRGAP-46-001 | TODO | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Offline Kit Guild | ops/deployment | Provide instructions and scripts (load.sh) for importing air-gap bundle into private registry; update Offline Kit guide. |
Requires #1 artifacts | AGDP0101 | |
| DEPLOY-CLI-41-001 | TODO | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · CLI Guild | ops/deployment | Package CLI release artifacts (tarballs per OS/arch, checksums, signatures, completions, container image) and publish distribution docs. | Wait for CLI observability schema (035_CLCI0105) | AGDP0101 | |
| DEPLOY-COMPOSE-44-001 | DOING (dev-mock 2025-12-06) | 2025-12-06 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild | ops/deployment | Finalize Quickstart scripts (quickstart.sh, backup.sh, reset.sh), seed data container, and publish README with imposed rule reminder. |
Depends on #1 | DVPL0101 |
| DEPLOY-EXPORT-35-001 | DONE | 2025-10-29 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Export Center Guild | ops/deployment | Helm overlay + docs + example secrets added (deploy/helm/stellaops/values-export.yaml, ops/deployment/export/helm-overlays.md, ops/deployment/export/secrets-example.yaml). |
Need exporter DSSE API (002_ATEL0101) | AGDP0101 |
| DEPLOY-EXPORT-36-001 | TODO | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Export Center Guild | ops/deployment | Document OCI/object storage distribution workflows, registry credential automation, and monitoring hooks for exports. Dependencies: DEPLOY-EXPORT-35-001. | Depends on #4 deliverables | AGDP0101 | |
| DEPLOY-HELM-45-001 | TODO | SPRINT_0501_0001_0001_ops_deployment_i | Deployment + Security Guilds | ops/deployment | Publish Helm install guide and sample values for prod/airgap; integrate with docs site build. | Needs helm chart schema | DVPL0101 | |
| DEPLOY-NOTIFY-38-001 | DONE | 2025-10-29 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment + Notify Guilds | ops/deployment | Notifier Helm overlay + secrets/rollout doc + example secrets added (deploy/helm/stellaops/values-notify.yaml, ops/deployment/notify/helm-overlays.md, ops/deployment/notify/secrets-example.yaml). |
Depends on #3 | DVPL0101 |
| DEPLOY-ORCH-34-001 | DOING (dev-mock 2025-12-06) | 2025-12-05 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Orchestrator Guild | ops/deployment | Provide orchestrator Helm/Compose manifests, scaling defaults, secret templates, offline kit instructions, and GA rollout/rollback playbook. | Requires ORTR0101 readiness | AGDP0101 |
| DEPLOY-PACKS-42-001 | DOING (dev-mock 2025-12-06) | 2025-12-06 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Packs Registry Guild | ops/deployment | Provide deployment manifests for packs-registry and task-runner services, including Helm/Compose overlays, scaling defaults, and secret templates. | Wait for pack registry schema | AGDP0101 |
| DEPLOY-PACKS-43-001 | DOING (dev-mock 2025-12-06) | 2025-12-06 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Task Runner Guild | ops/deployment | Ship remote Task Runner worker profiles, object storage bootstrap, approval workflow integration, and Offline Kit packaging instructions. Dependencies: DEPLOY-PACKS-42-001. | Needs #7 artifacts | AGDP0101 |
| DEPLOY-POLICY-27-001 | DOING (dev-mock 2025-12-06) | 2025-12-05 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Policy Registry Guild | ops/deployment | Produce Helm/Compose overlays for Policy Registry + simulation workers (migrations, buckets, signing keys, tenancy defaults). | WEPO0101 | DVPL0105 |
| DEPLOY-POLICY-27-002 | DOING (draft 2025-12-06) | 2025-12-06 | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment Guild · Policy Guild | ops/deployment | Drafted docs/runbooks/policy-incident.md (publish/promote, freeze, evidence); awaiting policy overlay schema/digests from DEPLOY-POLICY-27-001. |
DEPLOY-POLICY-27-001 | DVPL0105 |
| DEPLOY-VEX-30-001 | DOING (dev-mock 2025-12-06) | 2025-12-06 | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment + VEX Lens Guild | ops/deployment | Mock-ready runbook added (docs/runbooks/vex-ops.md); awaiting schema/digests for final Helm/Compose overlays. |
Wait for CCWO0101 schema | DVPL0101 |
| DEPLOY-VEX-30-002 | DOING (dev-mock 2025-12-06) | 2025-12-06 | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment Guild | ops/deployment | Issuer Directory guidance covered in docs/runbooks/vex-ops.md; finalize once DEPLOY-VEX-30-001 pins production values. |
Depends on #5 | DVPL0101 |
| DEPLOY-VULN-29-001 | DOING (dev-mock 2025-12-06) | 2025-12-06 | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment + Vuln Guild | ops/deployment | Mock-ready runbook added (docs/runbooks/vuln-ops.md); production overlays pending schema/digests. |
Needs CCWO0101 | DVPL0101 |
| DEPLOY-VULN-29-002 | DOING (dev-mock 2025-12-06) | 2025-12-06 | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment Guild | ops/deployment | Vuln Explorer API steps captured in docs/runbooks/vuln-ops.md; finalize with real pins after DEPLOY-VULN-29-001. |
Depends on #7 | DVPL0101 |
| DETER-186-008 | TODO | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild | src/Scanner/StellaOps.Scanner.WebService, src/Scanner/StellaOps.Scanner.Worker |
Wait for RLRC0101 fixture | Wait for RLRC0101 fixture | SCDT0101 | |
| DETER-186-009 | TODO | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild · QA Guild | src/Scanner/StellaOps.Scanner.Replay, src/Scanner/__Tests |
Depends on #1 | Depends on #1 | SCDT0101 | |
| DETER-186-010 | TODO | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild · Export Center Guild | src/Scanner/StellaOps.Scanner.WebService, docs/modules/scanner/operations/release.md |
Depends on #2 | Depends on #2 | SCDT0101 | |
| DETER-70-002 | TODO | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Scanner Guild | Needs CASC0101 manifest | Needs CASC0101 manifest | SCDT0101 | ||
| DETER-70-003 | TODO | SPRINT_0202_0001_0002_cli_ii | DevEx/CLI Guild · Scanner Guild | src/Cli/StellaOps.Cli | Depends on #4 | Depends on #4 | SCDT0101 | |
| DETER-70-004 | TODO | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Depends on #5 | Depends on #5 | SCDT0101 | |
| DEVOPS-AIAI-31-001 | TODO | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Advisory AI Guild (ops/devops) | ops/devops | Stand up CI pipelines, inference monitoring, privacy logging review, and perf dashboards for Advisory AI (summaries/conflicts/remediation). | — | DVDO0101 | |
| DEVOPS-SPANSINK-31-003 | TODO | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild · Observability Guild (ops/devops) | ops/devops | Deploy span sink/Signals pipeline for Excititor evidence APIs (31-003) and publish dashboards; unblock traces for /v1/vex/observations/**. |
— | DVDO0101 | |
| DEVOPS-AIRGAP-56-001 | TODO | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild (ops/devops) | ops/devops | Ship deny-all egress policies for Kubernetes (NetworkPolicy/eBPF) and docker-compose firewall rules; provide verification script for sealed mode. | — | DVDO0101 | |
| DEVOPS-AIRGAP-56-002 | TODO | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, AirGap Importer Guild (ops/devops) | ops/devops | Provide import tooling for bundle staging: checksum validation, offline object-store loader scripts, removable media guidance. Dependencies: DEVOPS-AIRGAP-56-001. | — | DVDO0101 | |
| DEVOPS-AIRGAP-56-003 | TODO | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Container Distribution Guild (ops/devops) | ops/devops | Build Bootstrap Pack pipeline bundling images/charts, generating checksums, and publishing manifest for offline transfer. Dependencies: DEVOPS-AIRGAP-56-002. | — | DVDO0101 | |
| DEVOPS-AIRGAP-57-001 | TODO | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Mirror Creator Guild (ops/devops) | ops/devops | Automate Mirror Bundle creation jobs with dual-control approvals, artifact signing, and checksum publication. Dependencies: DEVOPS-AIRGAP-56-003. | — | DVDO0101 | |
| DEVOPS-AIRGAP-57-002 | DONE | 2025-11-08 | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Authority Guild (ops/devops) | ops/devops | Sealed-mode smoke wired into CI (.gitea/workflows/airgap-sealed-ci.yml) running ops/devops/airgap/sealed-ci-smoke.sh. |
— | DVDO0101 |
| DEVOPS-AIRGAP-58-001 | TODO | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Notifications Guild (ops/devops) | ops/devops | Provide local SMTP/syslog container templates and health checks for sealed environments; integrate into Bootstrap Pack. Dependencies: DEVOPS-AIRGAP-57-002. | — | DVDO0101 | |
| DEVOPS-AIRGAP-58-002 | TODO | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Observability Guild (ops/devops) | ops/devops | Ship sealed-mode observability stack (Prometheus/Grafana/Tempo/Loki) pre-configured with offline dashboards and no remote exporters. Dependencies: DEVOPS-AIRGAP-58-001. | — | DVDO0101 | |
| DEVOPS-AOC-19-001 | DONE | 2025-10-26 | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Platform Guild (ops/devops) | ops/devops | AOC guard CI added (.gitea/workflows/aoc-guard.yml); analyzers built and run against ingestion projects; tests logged as artifacts. |
CCAO0101 | DVDO0101 |
| DEVOPS-AOC-19-002 | DONE | 2025-10-26 | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild (ops/devops) | ops/devops | AOC verify stage added to CI (aoc-verify job in .gitea/workflows/aoc-guard.yml) using AOC_VERIFY_SINCE + STAGING_MONGO_URI, publishing verify artifacts. |
DEVOPS-AOC-19-001 | DVDO0101 |
| DEVOPS-AOC-19-003 | BLOCKED | 2025-10-26 | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, QA Guild (ops/devops) | ops/devops | Enforce unit test coverage thresholds for AOC guard suites and ensure coverage exported to dashboards. Dependencies: DEVOPS-AOC-19-002. | DEVOPS-AOC-19-002 | DVDO0102 |
| DEVOPS-AOC-19-101 | TODO | 2025-10-28 | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild · Concelier Storage Guild | ops/devops | Draft supersedes backfill rollout (freeze window, dry-run steps, rollback) once advisory_raw idempotency index passes staging verification. Dependencies: DEVOPS-AOC-19-003. | Align with CCOA0101 contract | DVDO0104 |
| DEVOPS-ATTEST-73-001 | TODO | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Attestor Service Guild (ops/devops) | ops/devops | Provision CI pipelines for attestor service (lint/test/security scan, seed data) and manage secrets for KMS drivers. | — | DVDO0102 | |
| DEVOPS-ATTEST-73-002 | TODO | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, KMS Guild (ops/devops) | ops/devops | Establish secure storage for signing keys (vault integration, rotation schedule) and audit logging. Dependencies: DEVOPS-ATTEST-73-001. | — | DVDO0102 | |
| DEVOPS-ATTEST-74-001 | TODO | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Transparency Guild (ops/devops) | ops/devops | Deploy transparency log witness infrastructure and monitoring. Dependencies: DEVOPS-ATTEST-73-002. | — | DVDO0102 | |
| DEVOPS-ATTEST-74-002 | TODO | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild, Export Attestation Guild (ops/devops) | ops/devops | Integrate attestation bundle builds into release/offline pipelines with checksum verification. Dependencies: DEVOPS-ATTEST-74-001. | — | DVDO0102 | |
| DEVOPS-ATTEST-75-001 | TODO | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild, Observability Guild (ops/devops) | ops/devops | Add dashboards/alerts for signing latency, verification failures, key rotation events. Dependencies: DEVOPS-ATTEST-74-002. | — | DVDO0102 | |
| DEVOPS-CLI-41-001 | TODO | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild, DevEx/CLI Guild (ops/devops) | ops/devops | Establish CLI build pipeline (multi-platform binaries, SBOM, checksums), parity matrix CI enforcement, and release artifact signing. | — | DVDO0102 | |
| DEVOPS-CLI-42-001 | TODO | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild (ops/devops) | ops/devops | Add CLI golden output tests, parity diff automation, pack run CI harness, and artifact cache for remote mode. Dependencies: DEVOPS-CLI-41-001. | — | DVDO0102 | |
| DEVOPS-CLI-43-002 | TODO | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild, Task Runner Guild (ops/devops) | ops/devops | Implement Task Pack chaos smoke in CI (random failure injection, resume, sealed-mode toggle) and publish evidence bundles for review. Dependencies: DEVOPS-CLI-43-001. | — | DVDO0102 | |
| DEVOPS-CLI-43-003 | TODO | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild, DevEx/CLI Guild (ops/devops) | ops/devops | Integrate CLI golden output/parity diff automation into release gating; export parity report artifact consumed by Console Downloads workspace. Dependencies: DEVOPS-CLI-43-002. | — | DVDO0102 | |
| DEVOPS-CONSOLE-23-001 | DOING (runner+PR 2025-12-07) | 2025-12-07 | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild · Console Guild | ops/devops | Offline runner spec + Playwright seeding helper; console CI now PR-triggered (.gitea/workflows/console-ci.yml) assuming runner image has baked cache. |
Needs runner cache bake | DVDO0104 |
| DEVOPS-CONSOLE-23-002 | TODO | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild | ops/devops | Produce stella-console container build + Helm chart overlays with deterministic digests, SBOM/provenance artefacts, and offline bundle packaging scripts. Dependencies: DEVOPS-CONSOLE-23-001. |
Depends on #2 | DVDO0104 | |
| DEVOPS-CONTAINERS-44-001 | TODO | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild | ops/devops | Automate multi-arch image builds with buildx, SBOM generation, cosign signing, and signature verification in CI. | Wait for COWB0101 base image | DVDO0104 | |
| DEVOPS-CONTAINERS-45-001 | TODO | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild | ops/devops | Add Compose and Helm smoke tests (fresh VM + kind cluster) to CI; publish test artifacts and logs. Dependencies: DEVOPS-CONTAINERS-44-001. | Depends on #4 | DVDO0104 | |
| DEVOPS-CONTAINERS-46-001 | TODO | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild | ops/devops | Build air-gap bundle generator (src/Tools/make-airgap-bundle.sh), produce signed bundle, and verify in CI using private registry. Dependencies: DEVOPS-CONTAINERS-45-001. |
Depends on #5 | DVDO0104 | |
| DEVOPS-DEVPORT-63-001 | TODO | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild · DevPortal Guild | ops/devops | Automate developer portal build pipeline with caching, link & accessibility checks, performance budgets. | Wait for API schema from CCWO0101 | DVDO0105 | |
| DEVOPS-DEVPORT-64-001 | TODO | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild | ops/devops | Schedule devportal --offline nightly builds with checksum validation and artifact retention policies. Dependencies: DEVOPS-DEVPORT-63-001. |
Depends on #1 | DVDO0105 | |
| DEVOPS-DOCS-0001 | TODO | SPRINT_0318_0001_0001_docs_modules_devops | DevOps Docs Guild | docs/modules/devops | See ./AGENTS.md | Needs CCSL0101 console docs | DVDO0105 | |
| DEVOPS-ENG-0001 | TODO | SPRINT_0318_0001_0001_docs_modules_devops | DevOps Engineering Guild | docs/modules/devops | Update status via ./AGENTS.md workflow | Depends on #3 | DVDO0105 | |
| DEVOPS-EXPORT-35-001 | DONE | 2025-10-29 | SPRINT_0504_0001_0001_ops_devops_ii | DevOps · Export Guild | ops/devops | CI contract drafted and fixtures added (ops/devops/export/minio-compose.yml, seed-minio.sh); ready to wire pipeline with offline MinIO, build/test, smoke, SBOM, dashboards. |
Wait for DVPL0101 export deploy | DVDO0105 |
| DEVOPS-EXPORT-36-001 | DONE | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Export CI workflow added (.gitea/workflows/export-ci.yml) running build/test, MinIO fixture, Trivy/OCI smoke, SBOM artifacts. |
Depends on #5 | DVDO0105 | |
| DEVOPS-EXPORT-37-001 | TODO | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Finalize exporter monitoring (failure alerts, verify metrics, retention jobs) and chaos/latency tests ahead of GA. Dependencies: DEVOPS-EXPORT-36-001. | Depends on #6 | DVDO0105 | |
| DEVOPS-GRAPH-24-001 | TODO | SPRINT_0505_0001_0001_ops_devops_iii | DevOps · Graph Guild | ops/devops | Load test graph index/adjacency APIs with 40k-node assets; capture perf dashboards and alert thresholds. | Wait for CCGH0101 endpoint | DVDO0106 | |
| DEVOPS-GRAPH-24-002 | TODO | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Integrate synthetic UI perf runs (Playwright/WebGL metrics) for Graph/Vuln explorers; fail builds on regression. Dependencies: DEVOPS-GRAPH-24-001. | Depends on #1 | DVDO0106 | |
| DEVOPS-GRAPH-24-003 | TODO | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Implement smoke job for simulation endpoints ensuring we stay within SLA (<3s upgrade) and log results. Dependencies: DEVOPS-GRAPH-24-002. | Depends on #2 | DVDO0106 | |
| DEVOPS-LNM-22-001 | DONE | 2025-10-27 | SPRINT_0505_0001_0001_ops_devops_iii | DevOps · Concelier Guild | ops/devops | Backfill plan + validation scripts + dispatchable CI (.gitea/workflows/lnm-backfill.yml) added; ready to run on staging snapshot. |
Needs CCLN0102 API | DVDO0106 |
| DEVOPS-LNM-22-002 | DONE | 2025-10-27 | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | VEX backfill dispatcher added (.gitea/workflows/lnm-vex-backfill.yml) with NATS/Redis inputs; plan documented in ops/devops/lnm/vex-backfill-plan.md. |
Depends on #4 | DVDO0106 |
| DEVOPS-LNM-22-003 | DONE | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Metrics/alert scaffold plus CI check (ops/devops/lnm/metrics-ci-check.sh) added; ready for Grafana import. |
Depends on #5 | DVDO0106 | |
| DEVOPS-OAS-61-001 | TODO | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Add CI stages for OpenAPI linting, validation, and compatibility diff; enforce gating on PRs. | Wait for CCWO0101 spec | DVDO0106 | |
| DEVOPS-OAS-61-002 | TODO | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Integrate mock server + contract test suite into PR and nightly workflows; publish artifacts. Dependencies: DEVOPS-OAS-61-001. | Depends on #7 | DVDO0106 | |
| DEVOPS-OBS-51-001 | TODO | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild · Observability Guild | ops/devops | Implement SLO evaluator service (burn rate calculators, webhook emitters), Grafana dashboards, and alert routing to Notifier. Provide Terraform/Helm automation. Dependencies: DEVOPS-OBS-50-002. | Wait for 045_DVDO0103 alert catalog | DVOB0101 | |
| DEVOPS-OBS-52-001 | TODO | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild · Timeline Indexer Guild | ops/devops | Configure streaming pipeline (NATS/Redis/Kafka) with retention, partitioning, and backpressure tuning for timeline events; add CI validation of schema + rate caps. Dependencies: DEVOPS-OBS-51-001. | Needs #1 merged for shared correlation IDs | DVOB0101 | |
| DEVOPS-OBS-53-001 | TODO | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild · Evidence Locker Guild | ops/devops | Provision object storage with WORM/retention options (S3 Object Lock / MinIO immutability), legal hold automation, and backup/restore scripts for evidence locker. Dependencies: DEVOPS-OBS-52-001. | Depends on DSSE API from 002_ATEL0101 | DVOB0101 | |
| DEVOPS-OBS-54-001 | TODO | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild · Security Guild | ops/devops | Manage provenance signing infrastructure (KMS keys, rotation schedule, timestamp authority integration) and integrate verification jobs into CI. Dependencies: DEVOPS-OBS-53-001. | Requires security sign-off on cardinality budgets | DVOB0101 | |
| DEVOPS-OBS-55-001 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild · Ops Guild | ops/devops | Implement incident mode automation: feature flag service, auto-activation via SLO burn-rate, retention override management, and post-incident reset job. Dependencies: DEVOPS-OBS-54-001. | Relies on #4 to finalize alert dimensions | DVOB0101 | |
| DEVOPS-OFFLINE-17-004 | DONE | 2025-11-23 | SPRINT_0508_0001_0001_ops_offline_kit | DevOps Offline Guild | ops/offline-kit | Mirrored release debug store via mirror_debug_store.py; summary at out/offline-kit/metadata/debug-store.json. |
Wait for DVPL0101 compose | DVDO0107 |
| DEVOPS-OFFLINE-34-006 | TODO | SPRINT_0508_0001_0001_ops_offline_kit | DevOps Guild | ops/offline-kit | Bundle orchestrator service container, worker SDK samples, Postgres snapshot, and dashboards into Offline Kit with manifest/signature updates. Dependencies: DEVOPS-OFFLINE-17-004. | Depends on #1 | DVDO0107 | |
| DEVOPS-OFFLINE-37-001 | TODO | SPRINT_0508_0001_0001_ops_offline_kit | DevOps Guild | ops/offline-kit | Export Center offline bundles + verification tooling (mirror artefacts, verification CLI, manifest/signature refresh, air-gap import script). Dependencies: DEVOPS-OFFLINE-34-006. | Needs RBRE hashes | DVDO0107 | |
| DEVOPS-OFFLINE-37-002 | TODO | SPRINT_0508_0001_0001_ops_offline_kit | DevOps Guild | ops/offline-kit | Notifier offline packs (sample configs, template/digest packs, dry-run harness) with integrity checks and operator docs. Dependencies: DEVOPS-OFFLINE-37-001. | Depends on #3 | DVDO0107 | |
| DEVOPS-OPENSSL-11-001 | TODO | 2025-11-06 | SPRINT_0505_0001_0001_ops_devops_iii | Security + DevOps Guilds | ops/devops | Package the OpenSSL 1.1 shim (tests/native/openssl-1.1/linux-x64) into test harness output so Mongo2Go suites discover it automatically. |
Wait for CRYO0101 artifacts | DVDO0107 |
| DEVOPS-OPENSSL-11-002 | TODO | 2025-11-06 | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Ensure CI runners and Docker images that execute Mongo2Go tests export LD_LIBRARY_PATH (or embed the shim) to unblock unattended pipelines. Dependencies: DEVOPS-OPENSSL-11-001. |
Depends on #5 | DVDO0107 |
| DEVOPS-OPS-0001 | TODO | SPRINT_0318_0001_0001_docs_modules_devops | DevOps Ops Guild | docs/modules/devops | Sync outcomes back to ../.. | Depends on #1-6 | DVDO0107 | |
| DEVOPS-ORCH-32-001 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | DevOps · Orchestrator Guild | ops/devops | Provision orchestrator Postgres/message-bus infrastructure, add CI smoke deploy, seed Grafana dashboards (queue depth, inflight jobs), and document bootstrap. | Wait for ORTR0102 API | DVDO0108 | |
| DEVOPS-ORCH-33-001 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild | ops/devops | Publish Grafana dashboards/alerts for rate limiter, backpressure, error clustering, and DLQ depth; integrate with on-call rotations. Dependencies: DEVOPS-ORCH-32-001. | Depends on #1 | DVDO0108 | |
| DEVOPS-ORCH-34-001 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild | ops/devops | Harden production monitoring (synthetic probes, burn-rate alerts, replay smoke), document incident response, and prep GA readiness checklist. Dependencies: DEVOPS-ORCH-33-001. | Depends on #2 | DVDO0108 | |
| DEVOPS-POLICY-27-001 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild · CLI Guild | ops/devops | Add CI stages to run stella policy lint/simulate, enforce deterministic logs + caching. |
CLPS0102 | DVPL0104 | |
| DEVOPS-POLICY-27-002 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild · Policy Registry Guild | ops/devops | Provide optional batch simulation CI job that triggers registry run, polls results, posts markdown summary. | DEVOPS-POLICY-27-001 | DVPL0104 | |
| DEVOPS-POLICY-27-003 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild · Security Guild | ops/devops | Manage signing key material for policy publish pipeline; rotate keys, add attestation verification stage. | DEVOPS-POLICY-27-002 | DVPL0104 | |
| DEVOPS-POLICY-27-004 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild · Observability Guild | ops/devops | Create dashboards/alerts for policy compile latency, simulation queue depth, promotion outcomes. | DEVOPS-POLICY-27-003 | DVPL0104 | |
| DEVOPS-REL-17-004 | DONE | 2025-11-23 | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Release Guild | ops/devops | Release workflow now uploads out/release/debug as a dedicated artifact and already fails if symbols are missing; build-id manifest enforced. |
Needs DVPL0101 release artifacts | DVDO0108 |
| DEVOPS-RULES-33-001 | TODO | 2025-10-30 | SPRINT_0506_0001_0001_ops_devops_iv | DevOps · Policy Guild | ops/devops | Contracts & Rules anchor: • Gateway proxies only; Policy Engine composes overlays/simulations. • AOC ingestion cannot merge; only lossless canonicalization. • One graph platform: Graph Indexer + Graph API. Cartographer retired. |
Wait for CCPR0101 policy logs | DVDO0109 |
| DEVOPS-SCAN-90-004 | TODO | SPRINT_0505_0001_0001_ops_devops_iii | DevOps · Scanner Guild | ops/devops | Add a CI job that runs the scanner determinism harness against the release matrix (N runs per image), uploads determinism.json, and fails when score < threshold; publish artifact to release notes. Dependencies: SCAN-DETER-186-009/010. |
Needs SCDT0101 fixtures | DVDO0109 | |
| DEVOPS-SDK-63-001 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | DevOps · SDK Guild | ops/devops | Provision registry credentials, signing keys, and secure storage for SDK publishing pipelines. | Depends on #2 | DVDO0109 | |
| DEVOPS-SIG-26-001 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild · Signals Guild | ops/devops | Provision CI/CD pipelines, Helm/Compose manifests for Signals service, including artifact storage and Redis dependencies. | Wait for SGSI0101 metrics | DVDO0110 | |
| DEVOPS-SIG-26-002 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild | ops/devops | Create dashboards/alerts for reachability scoring latency, cache hit rates, sensor staleness. Dependencies: DEVOPS-SIG-26-001. | Depends on #1 | DVDO0110 | |
| DEVOPS-SYMS-90-005 | TODO | SPRINT_0505_0001_0001_ops_devops_iii | DevOps · Symbols Guild | ops/devops | Deploy Symbols.Server (Helm/Terraform), manage MinIO/Mongo storage, configure tenant RBAC/quotas, and wire ingestion CLI into release pipelines with monitoring and backups. Dependencies: SYMS-SERVER-401-011/013. | Needs RBSY0101 bundle | DVDO0110 | |
| DEVOPS-TEN-47-001 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | DevOps · Policy Guild | ops/devops | Add JWKS cache monitoring, signature verification regression tests, and token expiration chaos tests to CI. | Wait for CCPR0101 policy | DVDO0110 | |
| DEVOPS-TEN-48-001 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild | ops/devops | Build integration tests to assert RLS enforcement, tenant-prefixed object storage, and audit event emission; set up lint to prevent raw SQL bypass. Dependencies: DEVOPS-TEN-47-001. | Depends on #4 | DVDO0110 | |
| DEVOPS-TEN-49-001 | DONE (2025-12-03) | 2025-12-03 | SPRINT_0507_0001_0001_ops_devops_v | DevOps Guild | ops/devops | Deploy audit pipeline, scope usage metrics, JWKS outage chaos tests, and tenant load/perf benchmarks. Dependencies: DEVOPS-TEN-48-001. | Depends on #5 | DVDO0110 |
| DEVOPS-VEX-30-001 | DONE (2025-12-02) | 2025-12-02 | SPRINT_0507_0001_0001_ops_devops_v | DevOps Guild · VEX Lens Guild | ops/devops | Provision CI, load tests, dashboards, alerts for VEX Lens and Issuer Directory (compute latency, disputed totals, signature verification rates). | — | PLVL0103 |
| DEVOPS-VULN-29-001 | DONE (2025-12-02) | 2025-12-02 | SPRINT_0507_0001_0001_ops_devops_v | DevOps · Vuln Guild | ops/devops | Provision CI jobs for ledger projector (replay, determinism), set up backups, monitor Merkle anchoring, and automate verification. | Needs DVPL0101 deploy | DVDO0110 |
| DEVOPS-VULN-29-002 | DONE (2025-12-02) | 2025-12-02 | SPRINT_0507_0001_0001_ops_devops_v | DevOps Guild | ops/devops | Configure load/perf tests (5M findings/tenant), query budget enforcement, API SLO dashboards, and alerts for vuln_list_latency and projection_lag. Dependencies: DEVOPS-VULN-29-001. |
Depends on #7 | DVDO0110 |
| DEVOPS-VULN-29-003 | DONE (2025-12-02) | 2025-12-02 | SPRINT_0507_0001_0001_ops_devops_v | DevOps Guild | ops/devops | Instrument analytics pipeline for Vuln Explorer (telemetry ingestion, query hashes), ensure compliance with privacy/PII guardrails, and update observability docs. Dependencies: DEVOPS-VULN-29-002. | Depends on #8 | DVDO0110 |
| DEVPORT-62-001 | TODO | SPRINT_206_devportal | DevPortal Guild | src/DevPortal/StellaOps.DevPortal.Site | Select static site generator, integrate aggregate spec, build navigation + search scaffolding. | 62-001 | DEVL0101 | |
| DEVPORT-62-002 | TODO | SPRINT_206_devportal | DevPortal Guild | src/DevPortal/StellaOps.DevPortal.Site | Implement schema viewer, example rendering, copy-curl snippets, and version selector UI. Dependencies: DEVPORT-62-001. | DEVPORT-62-001 | DEVL0101 | |
| DEVPORT-63-001 | TODO | SPRINT_206_devportal | DevPortal Guild | src/DevPortal/StellaOps.DevPortal.Site | Add Try-It console pointing at sandbox environment with token onboarding and scope info. Dependencies: DEVPORT-62-002. | 63-001 | DEVL0101 | |
| DEVPORT-63-002 | TODO | SPRINT_206_devportal | DevPortal Guild | src/DevPortal/StellaOps.DevPortal.Site | Embed language-specific SDK snippets and quick starts generated from tested examples. Dependencies: DEVPORT-63-001. | DEVPORT-63-001 | DEVL0101 | |
| DEVPORT-64-001 | TODO | SPRINT_206_devportal | DevPortal Guild | src/DevPortal/StellaOps.DevPortal.Site | Provide offline build target bundling HTML, specs, SDK archives; ensure no external assets. Dependencies: DEVPORT-63-002. | 64-001 | DEVL0101 | |
| DEVPORT-64-002 | TODO | SPRINT_206_devportal | Developer Portal Guild (src/DevPortal/StellaOps.DevPortal.Site) | src/DevPortal/StellaOps.DevPortal.Site | Add automated accessibility tests, link checker, and performance budgets. Dependencies: DEVPORT-64-001. | DEVL0102 | ||
| DOC-008 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · Reachability Guild | docs/reachability/function-level-evidence.md, docs/09_API_CLI_REFERENCE.md, docs/api/policy.md |
Wait for replay evidence from 100_RBBN0101 | Wait for replay evidence from 100_RBBN0101 | DORC0101 | |
| DOC-70-001 | DONE | SPRINT_0170_0001_0001_notifications_telemetry | Docs Guild · Notifications Guild | docs | Gather notification doc references | Validate existing notifications doc and migrate notes | DOCP0101 | |
| DOCKER-44-001 | TODO | SPRINT_0507_0001_0001_ops_devops_v | DevOps Guild · Service Owners | ops/devops | Author multi-stage Dockerfiles for all core services (API, Console, Orchestrator, Task Runner, Conseiller, Excitor, Policy, Notify, Export, AI) with non-root users, read-only file systems, and health scripts. | Wait for DVPL0101 compose merge | DVDO0111 | |
| DOCKER-44-002 | TODO | SPRINT_0507_0001_0001_ops_devops_v | DevOps Guild | ops/devops | Generate SBOMs and cosign attestations for each image and integrate verification into CI. Dependencies: DOCKER-44-001. | Depends on #1 | DVDO0111 | |
| DOCKER-44-003 | TODO | SPRINT_0507_0001_0001_ops_devops_v | DevOps Guild | ops/devops | Implement /health/liveness, /health/readiness, /version, /metrics, and ensure capability endpoint returns merge=false for Conseiller/Excitor. Dependencies: DOCKER-44-002. |
Requires SBOM+scan workflow from 137_SCDT0101 | DVDO0111 | |
| DOCS-0001 | DONE | 2025-11-05 | SPRINT_313_docs_modules_attestor | Docs Guild | docs/modules/attestor | Confirm attestor module doc publication | Confirm attestor module doc scope | DOCP0101 |
| DOCS-0002 | TODO | 2025-11-05 | SPRINT_321_docs_modules_graph | Docs Guild (docs/modules/graph) | docs/modules/graph | — | — | DOCL0102 |
| DOCS-0003 | TODO | SPRINT_327_docs_modules_scanner | Docs Guild, Product Guild (docs/modules/scanner) | docs/modules/scanner | — | — | DOCL0102 | |
| DOCS-401-008 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | QA & Docs Guilds (docs, tests/README.md) |
docs, tests/README.md |
— | — | DOCL0102 | |
| DOCS-401-022 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · Attestor Guild (docs/ci/dsse-build-flow.md, docs/modules/attestor/architecture.md) |
docs/ci/dsse-build-flow.md, docs/modules/attestor/architecture.md |
— | — | DOCL0102 | |
| DOCS-AIAI-31-004 | DONE (2025-12-04) | 2025-12-04 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Console Guild | docs/advisory-ai | Guardrail console guide refreshed with deterministic captures plus consolidated hash manifest (docs/advisory-ai/console-fixtures.sha256) and verification steps. |
CONSOLE-VULN-29-001; CONSOLE-VEX-30-001; SBOM-AIAI-31-003 | DOAI0102 |
| DOCS-AIAI-31-005 | DONE (2025-11-25) | 2025-11-25 | SPRINT_110_ingestion_evidence | Docs Guild | CLI/policy/ops docs refreshed with offline hashes and exit codes. | DOCS-AIAI-31-004; CLI-VULN-29-001; CLI-VEX-30-001; POLICY-ENGINE-31-001; DEVOPS-AIAI-31-001 | DOAI0102 | |
| DOCS-AIAI-31-006 | TODO | 2025-11-13 | SPRINT_0111_0001_0001_advisoryai | Docs Guild · Advisory AI Guild | docs/modules/advisory-ai | /docs/policy/assistant-parameters.md now documents inference modes, guardrail phrases, budgets, and cache/queue knobs (POLICY-ENGINE-31-001 inputs captured via AdvisoryAiServiceOptions). |
Need latest telemetry outputs from ADAI0101 | DOAI0104 |
| DOCS-AIAI-31-008 | BLOCKED | 2025-11-18 | SPRINT_0111_0001_0001_advisoryai | Docs Guild · SBOM Service Guild (docs) | docs | Publish /docs/sbom/remediation-heuristics.md (feasibility scoring, blast radius). |
SBOM-AIAI-31-001 projection kit/fixtures | DOAI0104 |
| DOCS-AIAI-31-009 | DONE (2025-11-25) | 2025-11-25 | SPRINT_110_ingestion_evidence | Docs Guild | Docs updated with guardrail/ops addenda and offline hashes. | DOCS-AIAI-31-004; CLI-VULN-29-001; CLI-VEX-30-001; POLICY-ENGINE-31-001; DEVOPS-AIAI-31-001 | DOAI0102 | |
| DOCS-AIRGAP-56-001 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · AirGap Controller Guild | /docs/airgap/overview.md outlining modes, lifecycle, responsibilities, rule banner. |
— | DOAI0102 | |
| DOCS-AIRGAP-56-002 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · DevOps Guild | /docs/airgap/sealing-and-egress.md (network policies, EgressPolicy facade, verification). |
DOCS-AIRGAP-56-001 | DOAI0102 | |
| DOCS-AIRGAP-56-003 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Exporter Guild | bundle format, DSSE/TUF/Merkle validation, workflows | /docs/airgap/mirror-bundles.md (bundle format, DSSE/TUF/Merkle validation, workflows). |
DOCS-AIRGAP-56-002 | DOAI0102 |
| DOCS-AIRGAP-56-004 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Deployment Guild | /docs/airgap/bootstrap.md covering Bootstrap Pack creation + install. |
DOCS-AIRGAP-56-003 | DOAI0102 | |
| DOCS-AIRGAP-57-001 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · AirGap Time Guild | docs/modules/airgap | /docs/airgap/staleness-and-time.md (time anchors, drift, UI indicators). |
DOCS-AIRGAP-56-004 | DOAI0102 |
| DOCS-AIRGAP-57-002 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Console Guild | docs/modules/airgap | /docs/console/airgap.md (sealed badge, import wizard, staleness dashboards). |
DOCS-AIRGAP-57-001 | DOAI0102 |
| DOCS-AIRGAP-57-003 | TODO | SPRINT_302_docs_tasks_md_ii | Docs Guild · CLI Guild | docs/modules/airgap | Publish /docs/modules/cli/guides/airgap.md documenting commands, examples, exit codes. Dependencies: DOCS-AIRGAP-57-002. |
AIDG0101 tasks 3–4 | DOCL0102 | |
| DOCS-AIRGAP-57-004 | TODO | SPRINT_302_docs_tasks_md_ii | Docs Guild · Ops Guild | docs/modules/airgap | Create /docs/airgap/operations.md with runbooks for imports, failure recovery, and auditing. Dependencies: DOCS-AIRGAP-57-003. |
DOCS-AIRGAP-57-003 | DOCL0102 | |
| DOCS-AIRGAP-58-001 | BLOCKED | 2025-11-25 | SPRINT_302_docs_tasks_md_ii | Docs Guild, Product Guild (docs) | Provide /docs/airgap/degradation-matrix.md enumerating feature availability, fallbacks, remediation. Dependencies: DOCS-AIRGAP-57-004. |
Blocked: waiting on staleness/time-anchor spec and AirGap controller/importer timelines | DOCL0102 | |
| DOCS-AIRGAP-58-002 | BLOCKED | 2025-11-25 | SPRINT_302_docs_tasks_md_ii | Docs Guild, Security Guild (docs) | Update /docs/security/trust-and-signing.md with DSSE/TUF roots, rotation, and signed time tokens. Dependencies: DOCS-AIRGAP-58-001. |
Blocked: DOCS-AIRGAP-58-001 awaiting staleness/time-anchor spec | DOCL0102 | |
| DOCS-AIRGAP-58-003 | BLOCKED | 2025-11-25 | SPRINT_302_docs_tasks_md_ii | Docs Guild · DevEx Guild | docs/modules/airgap | Publish /docs/dev/airgap-contracts.md describing EgressPolicy usage, sealed-mode tests, linting. Dependencies: DOCS-AIRGAP-58-002. |
Blocked: DOCS-AIRGAP-58-002 outstanding | DOAG0101 |
| DOCS-AIRGAP-58-004 | BLOCKED | 2025-11-25 | SPRINT_302_docs_tasks_md_ii | Docs Guild · Evidence Locker Guild | docs/modules/airgap | Document /docs/airgap/portable-evidence.md for exporting/importing portable evidence bundles across enclaves. Dependencies: DOCS-AIRGAP-58-003. |
Blocked: DOCS-AIRGAP-58-003 outstanding; needs Evidence Locker attestation notes (002_ATEL0101) | DOAG0101 |
| DOCS-AIRGAP-DEVPORT-64-001 | DONE (2025-11-23) | 2025-11-23 | SPRINT_302_docs_tasks_md_ii | Docs Guild · DevPortal Offline Guild | docs/modules/export-center/devportal-offline.md | Create /docs/airgap/devportal-offline.md describing offline bundle usage and verification. |
Requires #3 draft | DEVL0102 |
| DOCS-ATTEST-73-001 | TODO | SPRINT_302_docs_tasks_md_ii | Docs Guild, Attestor Service Guild (docs) | Publish /docs/modules/attestor/overview.md with imposed rule banner. |
— | DOAT0101 | ||
| DOCS-ATTEST-73-002 | DONE | 2025-11-23 | SPRINT_302_docs_tasks_md_ii | Docs Guild, Attestation Payloads Guild (docs) | Write /docs/modules/attestor/payloads.md with schemas/examples. Dependencies: DOCS-ATTEST-73-001. |
— | DOAT0101 | |
| DOCS-ATTEST-73-003 | DONE | 2025-11-23 | SPRINT_302_docs_tasks_md_ii | Docs Guild, Policy Guild (docs) | Publish /docs/modules/attestor/policies.md covering verification policies. Dependencies: DOCS-ATTEST-73-002. |
— | DOAT0101 | |
| DOCS-ATTEST-73-004 | DONE | 2025-11-23 | SPRINT_302_docs_tasks_md_ii | Docs Guild, Attestor Service Guild (docs) | Add /docs/modules/attestor/workflows.md detailing ingest, verify, bulk operations. Dependencies: DOCS-ATTEST-73-003. |
— | DOAT0101 | |
| DOCS-ATTEST-74-001 | DONE | 2025-11-23 | SPRINT_302_docs_tasks_md_ii | Docs Guild, KMS Guild (docs) | Publish /docs/modules/attestor/keys-and-issuers.md. Dependencies: DOCS-ATTEST-73-004. |
— | DOAT0101 | |
| DOCS-ATTEST-74-002 | DONE | 2025-11-23 | SPRINT_302_docs_tasks_md_ii | Docs Guild, Transparency Guild (docs) | Document /docs/modules/attestor/transparency.md with witness usage/offline validation. Dependencies: DOCS-ATTEST-74-001. |
— | DOAT0101 | |
| DOCS-ATTEST-74-003 | DONE | 2025-11-23 | SPRINT_302_docs_tasks_md_ii | Docs Guild, Attestor Console Guild (docs) | Write /docs/console/attestor-ui.md with screenshots/workflows. Dependencies: DOCS-ATTEST-74-002. |
— | DOAT0101 | |
| DOCS-ATTEST-74-004 | DONE | 2025-11-23 | SPRINT_302_docs_tasks_md_ii | Docs Guild, CLI Attestor Guild (docs) | Publish /docs/modules/cli/guides/attest.md covering CLI usage. Dependencies: DOCS-ATTEST-74-003. |
— | DOAT0101 | |
| DOCS-ATTEST-75-001 | DONE | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, Export Attestation Guild (docs) | Add /docs/modules/attestor/airgap.md for attestation bundles. Dependencies: DOCS-ATTEST-74-004. |
— | DOAT0101 | |
| DOCS-ATTEST-75-002 | DONE | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, Security Guild (docs) | Update /docs/security/aoc-invariants.md with attestation invariants. Dependencies: DOCS-ATTEST-75-001. |
— | DOAT0101 | |
| DOCS-CLI-41-001 | DONE | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, DevEx/CLI Guild (docs) | docs/modules/cli/guides | Publish /docs/modules/cli/guides/overview.md, /docs/modules/cli/guides/configuration.md, /docs/modules/cli/guides/output-and-exit-codes.md with imposed rule statements. |
— | DOCL0101 |
| DOCS-CLI-42-001 | DONE | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild (docs) | docs/modules/cli/guides | Publish /docs/modules/cli/guides/parity-matrix.md and command guides under /docs/modules/cli/guides/commands/*.md (policy, sbom, vuln, vex, advisory, export, orchestrator, notify, aoc, auth). Dependencies: DOCS-CLI-41-001. |
— | DOCL0101 |
| DOCS-CLI-DET-01 | DONE | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · DevEx/CLI Guild | Document stella sbomer verbs (layer, compose, drift, verify) with examples & offline instructions. |
CLI-SBOM-60-001; CLI-SBOM-60-002 | DOCL0101 | |
| DOCS-CLI-FORENSICS-53-001 | DONE | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, DevEx/CLI Guild (docs) | docs/modules/cli/guides | Publish /docs/modules/cli/guides/forensics.md for snapshot/verify/attest commands with sample outputs, imposed rule banner, and offline workflows. |
— | DOCL0101 |
| DOCS-CLI-OBS-52-001 | DONE | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, DevEx/CLI Guild (docs) | docs/modules/cli/guides | Create /docs/modules/cli/guides/observability.md detailing stella obs commands, examples, exit codes, imposed rule banner, and scripting tips. |
— | DOCL0101 |
| DOCS-CONSOLE-OBS-52-001 | BLOCKED | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, Console Guild (docs) | Document /docs/console/observability.md showcasing Observability Hub widgets, trace/log search, imposed rule banner, and accessibility tips. |
Blocked: awaiting Console Observability Hub schemas/widgets from Console Guild | DOCL0101 | |
| DOCS-CONSOLE-OBS-52-002 | BLOCKED | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, Console Guild (docs) | Publish /docs/console/forensics.md covering timeline explorer, evidence viewer, attestation verifier, imposed rule banner, and troubleshooting. Dependencies: DOCS-CONSOLE-OBS-52-001. |
Blocked: upstream DOCS-CONSOLE-OBS-52-001 | DOCL0101 | |
| DOCS-CONTRIB-62-001 | DONE | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, API Governance Guild (docs) | docs/contributing/api-contracts.md | Publish /docs/contributing/api-contracts.md detailing how to edit OAS, lint rules, compatibility checks. |
— | DOCL0101 |
| DOCS-DETER-70-002 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Scanner Guild | docs/modules/scanner/determinism-score.md | Document the scanner determinism score process (determinism.json schema, CI harness, replay instructions) under /docs/modules/scanner/determinism-score.md and add a release-notes template entry. Dependencies: SCAN-DETER-186-010, DEVOPS-SCAN-90-004. |
— | DOSC0101 |
| DOCS-DEVPORT-62-001 | DONE | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, Developer Portal Guild (docs) | docs/devportal/publishing.md | Document /docs/devportal/publishing.md for build pipeline, offline bundle steps. |
— | DOCL0101 |
| DOCS-DSL-401-005 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild (docs/policy/dsl.md, docs/policy/lifecycle.md) |
docs/policy/dsl.md, docs/policy/lifecycle.md |
Refresh docs/policy/dsl.md + lifecycle docs with the new syntax, signal dictionary (trust_score, reachability, etc.), authoring workflow, and safety rails (shadow mode, coverage tests). |
— | DOCL0101 |
| DOCS-ENTROPY-70-004 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Scanner Guild | docs/modules/scanner/entropy.md | Publish entropy analysis documentation (scoring heuristics, JSON schemas, policy hooks, UI guidance) under docs/modules/scanner/entropy.md and update trust-lattice references. Dependencies: SCAN-ENTROPY-186-011/012, POLICY-RISK-90-001. |
— | DOSC0101 |
| DOCS-EXC-25-001 | BLOCKED | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild | docs/modules/excititor | Author /docs/governance/exceptions.md covering lifecycle, scope patterns, examples, compliance checklist. |
Blocked: waiting on CLEX0101 exception governance spec and UI workflow | DOEX0102 |
| DOCS-EXC-25-002 | BLOCKED | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild | docs/modules/excititor | Publish /docs/governance/approvals-and-routing.md detailing roles, routing matrix, MFA rules, audit trails. Dependencies: DOCS-EXC-25-001. |
Blocked: upstream DOCS-EXC-25-001 | DOEX0102 |
| DOCS-EXC-25-003 | BLOCKED | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild | docs/modules/excititor | Create /docs/api/exceptions.md with endpoints, payloads, errors, idempotency notes. Dependencies: DOCS-EXC-25-002. |
Blocked: upstream DOCS-EXC-25-002 | DOEX0102 |
| DOCS-EXC-25-005 | BLOCKED | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs + Accessibility Guilds | docs/modules/excititor | Write /docs/ui/exception-center.md with UI walkthrough, badges, accessibility, shortcuts. Dependencies: DOCS-EXC-25-003. |
Blocked: upstream DOCS-EXC-25-003 | DOEX0102 |
| DOCS-EXC-25-006 | TODO | SPRINT_303_docs_tasks_md_iii | Docs Guild | docs/modules/excititor | Update /docs/modules/cli/guides/exceptions.md covering command usage and exit codes. Dependencies: DOCS-EXC-25-005. |
CLEX0101 | DOEX0102 | |
| DOCS-EXC-25-007 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · DevOps Guild | docs/migration/exception-governance.md | Publish /docs/migration/exception-governance.md describing cutover from legacy suppressions, notifications, rollback. Dependencies: DOCS-EXC-25-006. |
— | DOEX0102 |
| DOCS-EXPORT-37-004 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Export Center Guild | docs/security/export-hardening.md | Publish /docs/security/export-hardening.md outlining RBAC, tenancy, encryption, redaction, restating imposed rule. |
— | DOEC0102 |
| DOCS-EXPORT-37-005 | BLOCKED | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Export Center Guild | docs/modules/export-center | Validate Export Center docs against live Trivy/mirror bundles once implementation lands; refresh examples and CLI snippets accordingly. Dependencies: DOCS-EXPORT-37-004. | Blocked: awaiting live bundle verification | DOEC0102 |
| DOCS-EXPORT-37-101 | BLOCKED | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · DevOps Guild | docs/modules/export-center | Refresh CLI verification sections once stella export verify lands (flags, exit codes, samples). Dependencies: DOCS-EXPORT-37-005. |
Blocked: 37-005 pending live bundle validation | DOEC0102 |
| DOCS-EXPORT-37-102 | BLOCKED | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Evidence Locker Guild | docs/modules/export-center | Embed export dashboards/alerts references into provenance/runbook docs after Grafana work ships. Dependencies: DOCS-EXPORT-37-101. | Blocked: 37-101 blocked on live bundle validation | DOEC0102 |
| DOCS-FORENSICS-53-001 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Evidence Locker Guild | docs/forensics/evidence-locker.md | Publish /docs/forensics/evidence-locker.md describing bundle formats, WORM options, retention, legal hold, and imposed rule banner. |
— | DOEL0101 |
| DOCS-FORENSICS-53-002 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Provenance Guild | docs/forensics/provenance-attestation.md | Release /docs/forensics/provenance-attestation.md covering DSSE schema, signing process, verification workflow, and imposed rule banner. Dependencies: DOCS-FORENSICS-53-001. |
— | DOEL0101 |
| DOCS-FORENSICS-53-003 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Timeline Indexer Guild | docs/forensics/timeline.md | Publish /docs/forensics/timeline.md with schema, event kinds, filters, query examples, and imposed rule banner. Dependencies: DOCS-FORENSICS-53-002. |
— | DOEL0101 |
| DOCS-GRAPH-24-001 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Graph Guild | docs/ui/sbom-graph-explorer.md | Author /docs/ui/sbom-graph-explorer.md detailing overlays, filters, saved views, accessibility, and AOC visibility. |
— | DOGR0101 |
| DOCS-GRAPH-24-002 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · UI Guild | docs/ui/vulnerability-explorer.md | Publish /docs/ui/vulnerability-explorer.md covering table usage, grouping, fix suggestions, Why drawer. Dependencies: DOCS-GRAPH-24-001. |
— | DOGR0101 |
| DOCS-GRAPH-24-003 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · SBOM Guild | docs/modules/graph | Create /docs/modules/graph/architecture-index.md describing data model, ingestion pipeline, caches, events. Dependencies: DOCS-GRAPH-24-002. |
Unblocked: SBOM join spec delivered with CARTO-GRAPH-21-002 (2025-11-17). | DOGR0101 |
| DOCS-GRAPH-24-004 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · BE-Base Guild | docs/api/graph.md; docs/api/vuln.md | Document /docs/api/graph.md and /docs/api/vuln.md avec endpoints, parameters, errors, RBAC. Dependencies: DOCS-GRAPH-24-003. |
Require replay hooks from RBBN0101 | DOGR0101 |
| DOCS-GRAPH-24-005 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · DevEx/CLI Guild | docs/modules/graph | Update /docs/modules/cli/guides/graph-and-vuln.md covering new CLI commands, exit codes, scripting. Dependencies: DOCS-GRAPH-24-004. |
— | DOGR0101 |
| DOCS-GRAPH-24-006 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Policy Guild | docs/policy/ui-integration.md | Write /docs/policy/ui-integration.md explaining overlays, cache usage, simulator contracts. Dependencies: DOCS-GRAPH-24-005. |
— | DOGR0101 |
| DOCS-GRAPH-24-007 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · DevOps Guild | docs/migration/graph-parity.md | Produce /docs/migration/graph-parity.md with rollout plan, parity checks, fallback guidance. Dependencies: DOCS-GRAPH-24-006. |
— | DOGR0101 |
| DOCS-INSTALL-44-001 | BLOCKED | 2025-11-25 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Deployment Guild | docs/install | Publish /docs/install/overview.md and /docs/install/compose-quickstart.md with imposed rule line and copy-ready commands. |
Blocked: waiting on DVPL0101 compose schema + service list/version pins | DOIS0101 |
| DOCS-INSTALL-45-001 | BLOCKED | 2025-11-25 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Deployment Guild | docs/install | Publish /docs/install/helm-prod.md and /docs/install/configuration-reference.md with values tables and imposed rule reminder. Dependencies: DOCS-INSTALL-44-001. |
Blocked: upstream DOCS-INSTALL-44-001 and TLS guidance (127_SIGR0101) | DOIS0101 |
| DOCS-INSTALL-46-001 | BLOCKED | 2025-11-25 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Deployment Guild | docs/install | Publish /docs/install/airgap.md, /docs/security/supply-chain.md, /docs/operations/health-and-readiness.md, /docs/release/image-catalog.md, /docs/console/onboarding.md (each with imposed rule). Dependencies: DOCS-INSTALL-45-001. |
Blocked: upstream DOCS-INSTALL-45-001 and 126_RLRC0101 replay hooks | DOIS0101 |
| DOCS-INSTALL-50-001 | BLOCKED | 2025-11-25 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · DevOps Guild | docs/install | Add /docs/install/telemetry-stack.md with collector deployment, exporter options, offline kit notes, and imposed rule banner. Dependencies: DOCS-INSTALL-46-001. |
Blocked: upstream DOCS-INSTALL-46-001; awaiting DevOps offline validation (DVDO0107) | DOIS0101 |
| DOCS-LNM-22-001 | BLOCKED | 2025-10-27 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Concelier Guild | docs/modules/concelier/link-not-merge.md | Author /docs/advisories/aggregation.md covering observation vs linkset, conflict handling, AOC requirements, and reviewer checklist. |
Need final schema text from 005_ATLN0101 | DOLN0101 |
| DOCS-LNM-22-002 | BLOCKED | 2025-10-27 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Excititor Guild | docs/modules/concelier/link-not-merge.md | Publish /docs/vex/aggregation.md describing VEX observation/linkset model, product matching, conflicts. Dependencies: DOCS-LNM-22-001. |
Waiting on Excititor overlay notes | DOLN0101 |
| DOCS-LNM-22-003 | BLOCKED | 2025-10-27 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · BE-Base Guild | docs/modules/concelier/link-not-merge.md | Update /docs/api/advisories.md and /docs/api/vex.md for new endpoints, parameters, errors, exports. Dependencies: DOCS-LNM-22-002. |
Replay hook contract from RBBN0101 | DOLN0101 |
| DOCS-LNM-22-004 | DONE | 2025-11-25 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Policy Guild | docs/modules/concelier/link-not-merge.md | Create /docs/policy/effective-severity.md detailing severity selection strategies from multiple sources. Dependencies: DOCS-LNM-22-003. |
Requires policy binding from PLVL0102 | DOLN0101 |
| DOCS-LNM-22-005 | BLOCKED | 2025-10-27 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · UI Guild | docs/modules/concelier/link-not-merge.md | Document /docs/ui/evidence-panel.md with screenshots, conflict badges, accessibility guidance. Dependencies: DOCS-LNM-22-004. |
UI signals from 124_CCSL0101 | DOLN0101 |
| DOCS-LNM-22-007 | DONE | 2025-11-25 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Observability Guild | docs/modules/concelier/link-not-merge.md | Publish /docs/observability/aggregation.md with metrics/traces/logs/SLOs. Dependencies: DOCS-LNM-22-005. |
Observability wiring from 066_PLOB0101 | DOLN0101 |
| DOCS-LNM-22-008 | DONE (2025-11-03) | 2025-11-03 | SPRINT_117_concelier_vi | Docs Guild · DevOps Guild | docs/modules/concelier/link-not-merge.md | Documented Link-Not-Merge migration plan in docs/migration/no-merge.md; keep synced with ongoing tasks. |
Needs retrospective summary | DOLN0101 |
| DOCS-NOTIFY-40-001 | DONE | 2025-11-25 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Security Guild | docs/modules/notify | Publish /docs/notifications/channels.md, /docs/notifications/escalations.md, /docs/notifications/api.md, /docs/operations/notifier-runbook.md, /docs/security/notifications-hardening.md; each ends with imposed rule line. |
Need tenancy + throttling updates from DVDO0110 | DONO0101 |
| DOCS-OAS-61-001 | DONE | 2025-11-25 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · API Contracts Guild | docs/api/overview.md | Publish /docs/api/overview.md covering auth, tenancy, pagination, idempotency, rate limits with banner. |
Need governance decisions from 049_APIG0101 | DOOA0101 |
| DOCS-OAS-61-002 | BLOCKED | 2025-11-25 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · API Governance Guild | docs/api/oas | Author /docs/api/conventions.md capturing naming, errors, filters, sorting, examples. Dependencies: DOCS-OAS-61-001. |
Blocked: awaiting governance inputs (APIG0101) and example approvals | DOOA0101 |
| DOCS-OAS-61-003 | DONE | 2025-11-25 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · API Governance Guild | docs/api/oas | Publish /docs/api/versioning.md describing SemVer, deprecation headers, migration playbooks. Dependencies: DOCS-OAS-61-002. |
Waiting on lint/tooling export from DVDO0108 | DOOA0101 |
| DOCS-OAS-62-001 | TODO | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · DevPortal Guild | docs/api/oas | Stand up /docs/api/reference/ auto-generated site; integrate with portal nav. Dependencies: DOCS-OAS-61-003. |
Needs DevPortal publishing hooks (050_DEVL0101) | DOOA0101 | |
| DOCS-OBS-50-002 | TODO | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · Security Guild | docs/observability | Author /docs/observability/telemetry-standards.md detailing common fields, scrubbing policy, sampling defaults, and redaction override procedure. |
Need console metric list from 059_CNOB0101 | DOOB0101 | |
| DOCS-OBS-50-003 | TODO | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · Observability Guild | docs/observability | Create /docs/observability/logging.md covering structured log schema, dos/don'ts, tenant isolation, and copyable examples. Dependencies: DOCS-OBS-50-002. |
Waiting on observability ADR from 066_PLOB0101 | DOOB0101 | |
| DOCS-OBS-50-004 | TODO | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · Observability Guild | docs/observability | Draft /docs/observability/tracing.md explaining context propagation, async linking, CLI header usage, and sampling strategies. Dependencies: DOCS-OBS-50-003. |
Requires CNOB dashboards export | DOOB0101 | |
| DOCS-OBS-51-001 | TODO | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · DevOps Guild | docs/observability | Publish /docs/observability/metrics-and-slos.md cataloging metrics, SLO targets, burn rate policies, and alert runbooks. Dependencies: DOCS-OBS-50-004. |
Needs DVOB runbook updates | DOOB0101 | |
| DOCS-ORCH-32-001 | TODO | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · Orchestrator Guild | docs/modules/orchestrator | Author /docs/orchestrator/overview.md covering mission, roles, AOC alignment, governance, with imposed rule reminder. |
Need taskrunner lease ADR from 043_ORTR0101 | DOOR0102 | |
| DOCS-ORCH-32-002 | TODO | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · Orchestrator Guild | docs/modules/orchestrator | Author /docs/orchestrator/architecture.md detailing scheduler, DAGs, rate limits, data model, message bus, storage layout, restating imposed rule. Dependencies: DOCS-ORCH-32-001. |
Depends on ORTR0102 health hooks | DOOR0102 | |
| DOCS-ORCH-33-001 | TODO | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · Scheduler Guild | docs/modules/orchestrator | Publish /docs/orchestrator/api.md (REST/WebSocket endpoints, payloads, error codes) with imposed rule note. Dependencies: DOCS-ORCH-32-002. |
Requires scheduler integration outline | DOOR0102 | |
| DOCS-ORCH-33-002 | TODO | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · DevEx/CLI Guild | docs/modules/orchestrator | Publish /docs/orchestrator/console.md covering screens, a11y, live updates, control actions, reiterating imposed rule. Dependencies: DOCS-ORCH-33-001. |
Wait for CLI samples from 132_CLCI0110 | DOOR0102 | |
| DOCS-ORCH-33-003 | TODO | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · Export Center Guild | docs/modules/orchestrator | Publish /docs/orchestrator/cli.md documenting commands, options, exit codes, streaming output, offline usage, and imposed rule. Dependencies: DOCS-ORCH-33-002. |
Needs Export Center hooks from 069_AGEX0101 | DOOR0102 | |
| DOCS-ORCH-34-001 | TODO | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | Author /docs/orchestrator/run-ledger.md covering ledger schema, provenance chain, audit workflows, with imposed rule reminder. Dependencies: DOCS-ORCH-33-003. |
— | DOCL0102 | ||
| DOCS-ORCH-34-002 | TODO | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | Update /docs/security/secrets-handling.md for orchestrator KMS refs, redaction badges, operator hygiene, reiterating imposed rule. Dependencies: DOCS-ORCH-34-001. |
— | DOCL0102 | ||
| DOCS-ORCH-34-003 | TODO | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · DevOps Guild | docs/modules/orchestrator | Publish /docs/operations/orchestrator-runbook.md (incident playbook, backfill guide, circuit breakers, throttling) with imposed rule statement. Dependencies: DOCS-ORCH-34-002. |
Requires ops checklist from DVDO0108 | DOOR0102 | |
| DOCS-ORCH-34-004 | TODO | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · Observability Guild | docs/modules/orchestrator | Document /docs/schemas/artifacts.md describing artifact kinds, schema versions, hashing, storage layout, restating imposed rule. Dependencies: DOCS-ORCH-34-003. |
Wait for observability dashboards (063_OROB0101) | DOOR0102 | |
| DOCS-ORCH-34-005 | TODO | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · BE-Base Guild | docs/modules/orchestrator | Author /docs/slo/orchestrator-slo.md defining SLOs, burn alerts, measurement, and reiterating imposed rule. Dependencies: DOCS-ORCH-34-004. |
Needs replay linkage from 042_RPRC0101 | DOOR0102 | |
| DOCS-POLICY-23-003 | TODO | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild | docs/policy/lifecycle.md | Produce /docs/policy/runtime.md covering compiler, evaluator, caching, events, SLOs. Dependencies: DOCS-POLICY-23-002. |
DOCS-POLICY-23-002 | POKT0101 | |
| DOCS-POLICY-23-004 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild · UI Guild | docs/policy/editor.md | Document /docs/policy/editor.md (UI walkthrough, validation, simulation, approvals). Dependencies: DOCS-POLICY-23-003. |
DOCS-POLICY-23-003 | POKT0101 |
| DOCS-POLICY-23-005 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild · DevOps Guild | docs/policy/governance.md | Publish /docs/policy/governance.md (roles, scopes, approvals, signing, exceptions). Dependencies: DOCS-POLICY-23-004. |
— | DOPL0101 |
| DOCS-POLICY-23-006 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild · DevEx/CLI Guild | docs/policy/api.md | Update /docs/api/policy.md with new endpoints, schemas, errors, pagination. Dependencies: DOCS-POLICY-23-005. |
— | DOPL0101 |
| DOCS-POLICY-23-007 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild · Observability Guild | docs/modules/cli/guides/policy.md | Update /docs/modules/cli/guides/policy.md for lint/simulate/activate/history commands, exit codes. Dependencies: DOCS-POLICY-23-006. |
— | DOPL0101 |
| DOCS-POLICY-23-008 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild · Policy Guild | docs/modules/policy/architecture.md | Refresh /docs/modules/policy/architecture.md with data model, sequence diagrams, event flows. Dependencies: DOCS-POLICY-23-007. |
— | DOPL0101 |
| DOCS-POLICY-23-009 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild · DevOps Guild | docs/migration/policy-parity.md | Create /docs/migration/policy-parity.md covering dual-run parity plan and rollback. Dependencies: DOCS-POLICY-23-008. |
— | DOPL0102 |
| DOCS-POLICY-23-010 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild · UI Guild | docs/ui/explainers.md | Write /docs/ui/explainers.md showing explain trees, evidence overlays, interpretation guidance. Dependencies: DOCS-POLICY-23-009. |
— | DOPL0102 |
| DOCS-POLICY-27-007 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · CLI Guild | docs/policy/runs.md | Update /docs/policy/cli.md with new commands, JSON schemas, CI usage, compliance checklist. Dependencies: DOCS-POLICY-27-006. |
CLI samples from CLPS0102 | POKT0101 |
| DOCS-POLICY-27-008 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Policy Registry Guild | docs/policy/runs.md | Publish /docs/policy/packs.md covering pack imports/promotions/rollback. |
Waiting on registry schema | POKT0101 |
| DOCS-POLICY-27-003 | BLOCKED | 2025-10-27 | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild · Policy Registry Guild | docs/policy/lifecycle.md | Document /docs/policy/versioning-and-publishing.md (semver rules, attestations, rollback) with compliance checklist. Dependencies: DOCS-POLICY-27-002. |
Requires registry schema from CCWO0101 | DOPL0102 |
| DOCS-POLICY-27-004 | BLOCKED | 2025-10-27 | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild · Scheduler Guild | docs/policy/lifecycle.md | Write /docs/policy/simulation.md covering quick vs batch sim, thresholds, evidence bundles, CLI examples. Dependencies: DOCS-POLICY-27-003. |
Depends on scheduler hooks from 050_DEVL0101 | DOPL0102 |
| DOCS-POLICY-27-005 | BLOCKED | 2025-10-27 | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild · Product Ops | docs/policy/lifecycle.md | Publish /docs/policy/review-and-approval.md with approver requirements, comments, webhooks, audit trail guidance. Dependencies: DOCS-POLICY-27-004. |
Await product ops approvals | DOPL0102 |
| DOCS-POLICY-27-006 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Policy Guild | docs/policy/runs.md | Author /docs/policy/promotion.md covering environments, canary, rollback, and monitoring steps. Dependencies: DOCS-POLICY-27-005. |
Need RLS decision from PLLG0104 | DOPL0103 |
| DOCS-POLICY-27-007 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · CLI Guild | docs/policy/runs.md | Update /docs/policy/cli.md with new commands, JSON schemas, CI usage, and compliance checklist. Dependencies: DOCS-POLICY-27-006. |
Requires CLI samples from 132_CLCI0110 | DOPL0103 |
| DOCS-POLICY-27-008 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Policy Registry Guild | docs/policy/runs.md | Publish /docs/policy/api.md describing Registry endpoints, request/response schemas, errors, and feature flags. Dependencies: DOCS-POLICY-27-007. |
Waiting on registry schema (CCWO0101) | DOPL0103 |
| DOCS-POLICY-27-009 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Security Guild | docs/policy/runs.md | Create /docs/security/policy-attestations.md covering signing, verification, key rotation, and compliance checklist. Dependencies: DOCS-POLICY-27-008. |
Needs security review outputs | DOPL0103 |
| DOCS-POLICY-27-010 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Architecture Guild | docs/policy/runs.md | Author /docs/modules/policy/registry-architecture.md (service design, schemas, queues, failure modes) with diagrams and checklist. Dependencies: DOCS-POLICY-27-009. |
Depends on architecture review minutes | DOPL0103 |
| DOCS-POLICY-27-011 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Observability Guild | docs/policy/runs.md | Publish /docs/observability/policy-telemetry.md with metrics/log tables, dashboards, alerts, and compliance checklist. Dependencies: DOCS-POLICY-27-010. |
Requires observability hooks from 066_PLOB0101 | DOPL0103 |
| DOCS-POLICY-27-012 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Ops Guild | docs/policy/runs.md | Write /docs/runbooks/policy-incident.md detailing rollback, freeze, forensic steps, notifications. Dependencies: DOCS-POLICY-27-011. |
Needs ops playbooks (DVDO0108) | DOPL0103 |
| DOCS-POLICY-27-013 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Policy Guild | docs/policy/runs.md | Update /docs/examples/policy-templates.md with new templates, snippets, and sample policies. Dependencies: DOCS-POLICY-27-012. |
Await policy guild approval | DOPL0103 |
| DOCS-POLICY-27-014 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Policy Registry Guild | docs/policy/runs.md | Refresh /docs/aoc/aoc-guardrails.md to include Studio-specific guardrails and validation scenarios. Dependencies: DOCS-POLICY-27-013. |
Needs policy registry approvals | DOPL0103 |
| DOCS-POLICY-DET-01 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Policy Guild | docs/policy/runs.md | Extend docs/modules/policy/architecture.md with determinism gate semantics and provenance references. |
Depends on deterministic harness (137_SCDT0101) | DOPL0103 |
| DOCS-PROMO-70-001 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Provenance Guild | docs/release/promotion-attestations.md | Publish /docs/release/promotion-attestations.md describing the promotion workflow (CLI commands, Signer/Attestor integration, offline verification) and update /docs/forensics/provenance-attestation.md with the new predicate. Dependencies: PROV-OBS-53-003, CLI-PROMO-70-002. |
— | DOPV0101 |
| DOCS-REACH-201-006 | TODO | SPRINT_400_runtime_facts_static_callgraph_union | Docs Guild · Runtime Evidence Guild | docs/reachability | Author the reachability doc set (docs/signals/reachability.md, callgraph-formats.md, runtime-facts.md, CLI/UI appendices) plus update Zastava + Replay guides with the new evidence and operators’ workflow. |
Needs RBRE0101 provenance hook summary | DORC0101 | |
| DOCS-REPLAY-185-003 | TODO | SPRINT_0185_0001_0001_shared_replay_primitives | Docs Guild · Platform Data Guild | docs/replay | Author docs/data/replay_schema.md detailing replay_runs, replay_bundles, replay_subjects collections, index guidance, and offline sync strategy aligned with Replay CAS. |
Need RPRC0101 API freeze | DORR0101 | |
| DOCS-REPLAY-185-004 | TODO | SPRINT_0185_0001_0001_shared_replay_primitives | Docs Guild | docs/replay | Expand docs/replay/DEVS_GUIDE_REPLAY.md with integration guidance for consuming services (Scanner, Evidence Locker, CLI) and add checklist derived from docs/replay/DETERMINISTIC_REPLAY.md Section 11. |
Depends on #1 | DORR0101 | |
| DOCS-REPLAY-186-004 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0186_0001_0001_record_deterministic_execution | Docs Guild · Runtime Evidence Guild | docs/replay/TEST_STRATEGY.md | Author docs/replay/TEST_STRATEGY.md (golden replay, feed drift, tool upgrade) and link it from both replay docs and Scanner architecture pages. |
— | DORR0101 |
| DOCS-RISK-66-001 | TODO | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Risk Profile Schema Guild | docs/risk | Publish /docs/risk/overview.md covering concepts and glossary. |
Need schema approvals from PLLG0104 | DORS0101 | |
| DOCS-RISK-66-002 | TODO | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Policy Guild | docs/risk | Author /docs/risk/profiles.md (authoring, versioning, scope). Dependencies: DOCS-RISK-66-001. |
Depends on #1 | DORS0101 | |
| DOCS-RISK-66-003 | TODO | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Risk Engine Guild | docs/risk | Publish /docs/risk/factors.md cataloging signals, transforms, reducers, TTLs. Dependencies: DOCS-RISK-66-002. |
Requires engine contract from Risk Engine Guild | DORS0101 | |
| DOCS-RISK-66-004 | TODO | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Risk Engine Guild | docs/risk | Create /docs/risk/formulas.md detailing math, normalization, gating, severity. Dependencies: DOCS-RISK-66-003. |
Needs engine rollout notes | DORS0101 | |
| DOCS-RISK-67-001 | TODO | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Risk Engine Guild | docs/risk | Publish /docs/risk/explainability.md showing artifact schema and UI screenshots. Dependencies: DOCS-RISK-66-004. |
Wait for engine metrics from 066_PLOB0101 | DORS0101 | |
| DOCS-RISK-67-002 | TODO | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · API Guild | docs/risk | Produce /docs/risk/api.md with endpoint reference/examples. Dependencies: DOCS-RISK-67-001. |
Requires API publishing workflow | DORS0101 | |
| DOCS-RISK-67-003 | TODO | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Console Guild | docs/risk | Document /docs/console/risk-ui.md for authoring, simulation, dashboards. Dependencies: DOCS-RISK-67-002. |
Needs console overlay decision | DORS0101 Inputs due 2025-12-09..12 (Md.IX action tracker). | |
| DOCS-RISK-67-004 | TODO | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · CLI Guild | docs/risk | Publish /docs/modules/cli/guides/risk.md covering CLI workflows. Dependencies: DOCS-RISK-67-003. |
Requires CLI samples from 132_CLCI0110 | DORS0101 Inputs due 2025-12-09..12 (Md.IX action tracker). | |
| DOCS-RISK-68-001 | TODO | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Export Guild | docs/risk | Add /docs/airgap/risk-bundles.md for offline factor bundles. Dependencies: DOCS-RISK-67-004. |
Wait for export contract (069_AGEX0101) | DORS0101 Inputs due 2025-12-09..12 (Md.IX action tracker). | |
| DOCS-RISK-68-002 | TODO | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Security Guild | docs/risk | Update /docs/security/aoc-invariants.md with risk scoring provenance guarantees. Dependencies: DOCS-RISK-68-001. |
Requires security approvals | DORS0101 Inputs due 2025-12-09..12 (Md.IX action tracker). | |
| DOCS-RUNBOOK-401-017 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · Ops Guild | docs/runbooks/reachability-runtime.md, docs/reachability/DELIVERY_GUIDE.md |
Publish the reachability runtime ingestion runbook, link it from delivery guides, and keep Ops/Signals troubleshooting steps current. | — | DORU0101 |
| DOCS-RUNBOOK-55-001 | TODO | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Ops Guild | docs/runbooks | Author /docs/runbooks/incidents.md describing incident mode activation, escalation steps, retention impact, verification checklist, and imposed rule banner. |
Requires deployment checklist from DVPL0101 | DORU0101 Inputs due 2025-12-09..12 (Md.IX action tracker). | |
| DOCS-SCANNER-BENCH-62-002 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Product Guild | docs/modules/scanner/benchmarks | Capture customer demand for Windows/macOS analyzer coverage and document outcomes. | Need bench inputs from SCSA0301 | DOSB0101 | |
| DOCS-SCANNER-BENCH-62-003 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Product Guild | docs/modules/scanner/benchmarks | Capture Python lockfile/editable install requirements and document policy guidance. | Depends on #1 | DOSB0101 | |
| DOCS-SCANNER-BENCH-62-004 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Java Analyzer Guild | docs/modules/scanner/benchmarks | Document Java lockfile ingestion guidance and policy templates. | Requires Java analyzer notes | DOSB0101 | |
| DOCS-SCANNER-BENCH-62-005 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Go Analyzer Guild | docs/modules/scanner/benchmarks | Document Go stripped-binary fallback enrichment guidance once implementation lands. | Needs Go analyzer results | DOSB0101 | |
| DOCS-SCANNER-BENCH-62-006 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Product Guild | docs/modules/scanner/benchmarks | Document Rust fingerprint enrichment guidance and policy examples. | Requires updated benchmarks from SCSA0601 | DOSB0101 | |
| DOCS-SCANNER-BENCH-62-008 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Platform Data Guild | docs/modules/scanner/benchmarks | Publish EntryTrace explain/heuristic maintenance guide. | Wait for replay hooks (RPRC0101) | DOSB0101 | |
| DOCS-SCANNER-BENCH-62-009 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · DevEx/CLI Guild | docs/modules/scanner/benchmarks | Produce SAST integration documentation (connector framework, policy templates). | Depends on CLI samples (132_CLCI0110) | DOSB0101 | |
| DOCS-SCANNER-DET-01 | DONE (2025-12-03) | 2025-12-03 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Scanner Guild | docs/modules/scanner/benchmarks | /docs/modules/scanner/deterministic-sbom-compose.md plus scan guide updates + fixture bundle (docs/modules/scanner/fixtures/deterministic-compose/). |
Fixtures published via Sprint 0136; harness verified. | DOSB0101 |
| DOCS-SDK-62-001 | TODO | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · SDK Generator Guild | docs/sdk | Publish /docs/sdks/overview.md plus language guides (typescript.md, python.md, go.md, java.md). |
Need SDK toolchain notes from SDKG0101 | DOSK0101 Inputs due 2025-12-09..12 (Md.IX action tracker). | |
| DOCS-SEC-62-001 | TODO | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Security Guild | docs/security | Update /docs/security/auth-scopes.md with OAuth2/PAT scopes, tenancy header usage. |
Need security ADR from DVDO0110 | DOSE0101 Inputs due 2025-12-09..12 (Md.IX action tracker). | |
| DOCS-SEC-OBS-50-001 | TODO | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Security Guild | docs/security | Update /docs/security/redaction-and-privacy.md to cover telemetry privacy controls, tenant opt-in debug, and imposed rule reminder. |
Depends on PLOB0101 metrics | DOSE0101 Inputs due 2025-12-09..12 (Md.IX action tracker). | |
| DOCS-SIG-26-001 | TODO | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Signals Guild | docs/modules/signals | Write /docs/signals/reachability.md covering states, scores, provenance, retention. |
Need SGSI0101 metrics freeze | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). | |
| DOCS-SIG-26-002 | TODO | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Observability Guild | docs/modules/signals | Publish /docs/signals/callgraph-formats.md with schemas and validation errors. Dependencies: DOCS-SIG-26-001. |
Depends on #1 | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). | |
| DOCS-SIG-26-003 | TODO | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Signals Guild | docs/modules/signals | Create /docs/signals/runtime-facts.md detailing agent capabilities, privacy safeguards, opt-in flags. Dependencies: DOCS-SIG-26-002. |
Requires SSE contract from SGSI0101 | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). | |
| DOCS-SIG-26-004 | TODO | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · CLI Guild | docs/modules/signals | Document /docs/policy/signals-weighting.md for SPL predicates and weighting strategies. Dependencies: DOCS-SIG-26-003. |
Needs CLI samples (132_CLCI0110) | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). | |
| DOCS-SIG-26-005 | TODO | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · DevOps Guild | docs/modules/signals | Draft /docs/ui/reachability-overlays.md with badges, timelines, shortcuts. Dependencies: DOCS-SIG-26-004. |
Wait for DevOps rollout plan | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). | |
| DOCS-SIG-26-006 | TODO | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Security Guild | docs/modules/signals | Update /docs/modules/cli/guides/reachability.md for new commands and automation recipes. Dependencies: DOCS-SIG-26-005. |
Requires security guidance (DVDO0110) | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). | |
| DOCS-SIG-26-007 | TODO | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Policy Guild | docs/modules/signals | Publish /docs/api/signals.md covering endpoints, payloads, ETags, errors. Dependencies: DOCS-SIG-26-006. |
Needs policy overlay from PLVL0102 | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). | |
| DOCS-SIG-26-008 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Notifications Guild | docs/modules/signals | Write /docs/migration/enable-reachability.md guiding rollout, fallbacks, monitoring. Dependencies: DOCS-SIG-26-007. |
Depends on notifications hooks (058_NOTY0101) | DOSG0101 | |
| DOCS-SURFACE-01 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Surface Guild | docs/modules/scanner/surface | Create /docs/modules/scanner/scanner-engine.md covering Surface.FS/Env/Secrets workflow between Scanner, Zastava, Scheduler, and Ops. |
Need latest surface emit notes (SCANNER-SURFACE-04) | DOSS0101 | |
| DOCS-SYMS-70-003 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Symbols Guild | docs/specs/symbols/SYMBOL_MANIFEST_v1.md | Author symbol-server architecture/spec docs (docs/specs/symbols/SYMBOL_MANIFEST_v1.md, API reference, bundle guide) and update reachability guides with symbol lookup workflow and tenant controls. Dependencies: SYMS-SERVER-401-011, SYMS-INGEST-401-013. |
— | DOSY0101 |
| DOCS-TEN-47-001 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Security Guild | docs/modules/tenancy | Publish /docs/security/tenancy-overview.md and /docs/security/scopes-and-roles.md outlining scope grammar, tenant model, imposed rule reminder. |
Need tenancy ADR from DVDO0110 | DOTN0101 | |
| DOCS-TEN-48-001 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Security Guild | docs/modules/tenancy | Publish /docs/operations/multi-tenancy.md, /docs/operations/rls-and-data-isolation.md, /docs/console/admin-tenants.md. Dependencies: DOCS-TEN-47-001. |
Depends on #1 | DOTN0101 | |
| DOCS-TEN-49-001 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · DevOps Guild | docs/modules/tenancy | Publish /docs/modules/cli/guides/authentication.md, /docs/api/authentication.md, /docs/policy/examples/abac-overlays.md, update /docs/install/configuration-reference.md with new env vars, all ending with imposed rule line. Dependencies: DOCS-TEN-48-001. |
Requires monitoring plan from DVDO0110 | DOTN0101 | |
| DOCS-TEST-62-001 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · SDK Generator Guild | docs/sdk | Author /docs/testing/contract-testing.md covering mock server, replay tests, golden fixtures. |
Depends on #1 | DOSK0101 | |
| DOCS-VEX-30-001 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · VEX Lens Guild | docs/modules/vex-lens | Publish /docs/vex/consensus-overview.md describing purpose, scope, AOC guarantees. |
Need PLVL0102 schema snapshot | DOVX0101 | |
| DOCS-VEX-30-002 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · VEX Lens Guild | docs/modules/vex-lens | Author /docs/vex/consensus-algorithm.md covering normalization, weighting, thresholds, examples. Dependencies: DOCS-VEX-30-001. |
Depends on #1 | DOVX0101 | |
| DOCS-VEX-30-003 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Issuer Directory Guild | docs/modules/vex-lens | Document /docs/vex/issuer-directory.md (issuer management, keys, trust overrides, audit). Dependencies: DOCS-VEX-30-002. |
Requires Issuer Directory inputs | DOVX0101 | |
| DOCS-VEX-30-004 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · VEX Lens Guild | docs/modules/vex-lens | Publish /docs/vex/consensus-api.md with endpoint specs, query params, rate limits. Dependencies: DOCS-VEX-30-003. |
Needs PLVL0102 policy join notes | DOVX0101 | |
| DOCS-VEX-30-005 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Console Guild | docs/modules/vex-lens | Write /docs/vex/consensus-console.md covering UI workflows, filters, conflicts, accessibility. Dependencies: DOCS-VEX-30-004. |
Requires console overlay assets | DOVX0101 | |
| DOCS-VEX-30-006 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Policy Guild | docs/modules/vex-lens | Add /docs/policy/vex-trust-model.md detailing policy knobs, thresholds, simulation. Dependencies: DOCS-VEX-30-005. |
Needs waiver/exception guidance | DOVX0101 | |
| DOCS-VEX-30-007 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · SBOM Service Guild | docs/modules/vex-lens | Publish /docs/sbom/vex-mapping.md (CPE→purl strategy, edge cases, overrides). Dependencies: DOCS-VEX-30-006. |
Depends on SBOM/VEX dataflow spec | DOVX0101 | |
| DOCS-VEX-30-008 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Security Guild | docs/modules/vex-lens | Deliver /docs/security/vex-signatures.md (verification flow, key rotation, audit). Dependencies: DOCS-VEX-30-007. |
Requires security review (DVDO0110) | DOVX0101 | |
| DOCS-VEX-30-009 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · DevOps Guild | docs/modules/vex-lens | Create /docs/runbooks/vex-ops.md for recompute storms, mapping failures, signature errors. Dependencies: DOCS-VEX-30-008. |
Needs DevOps rollout plan | DOVX0101 | |
| DOCS-VEX-401-012 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · VEX Lens Guild | docs/benchmarks/vex-evidence-playbook.md, bench/README.md |
Maintain the VEX Evidence Playbook, publish repo templates/README, and document verification workflows for operators. | Need VEX evidence export from PLVL0102 | DOVB0101 | |
| DOCS-VULN-29-001 | DOING | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Vuln Explorer Guild | docs/modules/vuln-explorer | Publish /docs/vuln/explorer-overview.md covering domain model, identities, AOC guarantees, workflow summary. |
Need GRAP0101 contract | DOVL0101 | |
| DOCS-VULN-29-002 | TODO | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Vuln Explorer Guild | docs/modules/vuln-explorer | Write /docs/vuln/explorer-using-console.md with workflows, screenshots, keyboard shortcuts, saved views, deep links. Dependencies: DOCS-VULN-29-001. |
Depends on #1 | DOVL0101 | |
| DOCS-VULN-29-003 | TODO | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · UI Guild | docs/modules/vuln-explorer | Author /docs/vuln/explorer-api.md (endpoints, query schema, grouping, errors, rate limits). Dependencies: DOCS-VULN-29-002. |
Requires UI assets | DOVL0101 | |
| DOCS-VULN-29-004 | TODO | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Policy Guild | docs/modules/vuln-explorer | Publish /docs/vuln/explorer-cli.md with command reference, samples, exit codes, CI snippets. Dependencies: DOCS-VULN-29-003. |
Needs policy overlay inputs | DOVL0101 | |
| DOCS-VULN-29-005 | TODO | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Security Guild | docs/modules/vuln-explorer | Write /docs/vuln/findings-ledger.md detailing event schema, hashing, Merkle roots, replay tooling. Dependencies: DOCS-VULN-29-004. |
Requires security review | DOVL0101 | |
| DOCS-VULN-29-006 | TODO | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · DevOps Guild | docs/modules/vuln-explorer | Update /docs/policy/vuln-determinations.md for new rationale, signals, simulation semantics. Dependencies: DOCS-VULN-29-005. |
Depends on DevOps rollout plan | DOVL0101 | |
| DOCS-VULN-29-007 | TODO | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · DevEx/CLI Guild | docs/modules/vuln-explorer | Publish /docs/vex/explorer-integration.md covering CSAF mapping, suppression precedence, status semantics. Dependencies: DOCS-VULN-29-006. |
Needs CLI examples (132_CLCI0110) | DOVL0101 | |
| DOCS-VULN-29-008 | TODO | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Export Center Guild | docs/modules/vuln-explorer | Publish /docs/advisories/explorer-integration.md covering key normalization, withdrawn handling, provenance. Dependencies: DOCS-VULN-29-007. |
Need export bundle spec | DOVL0102 | |
| DOCS-VULN-29-009 | TODO | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Security Guild | docs/modules/vuln-explorer | Author /docs/sbom/vuln-resolution.md detailing version semantics, scope, paths, safe version hints. Dependencies: DOCS-VULN-29-008. |
Depends on #1 | DOVL0102 | |
| DOCS-VULN-29-010 | TODO | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · DevOps Guild | docs/modules/vuln-explorer | Publish /docs/observability/vuln-telemetry.md (metrics, logs, tracing, dashboards, SLOs). Dependencies: DOCS-VULN-29-009. |
Requires DevOps automation plan | DOVL0102 | |
| DOCS-VULN-29-011 | TODO | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Notifications Guild | docs/modules/vuln-explorer | Create /docs/security/vuln-rbac.md for roles, ABAC policies, attachment encryption, CSRF. Dependencies: DOCS-VULN-29-010. |
Needs notifications contract | DOVL0102 | |
| DOCS-VULN-29-012 | TODO | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Policy Guild | docs/modules/vuln-explorer | Write /docs/runbooks/vuln-ops.md (projector lag, resolver storms, export failures, policy activation). Dependencies: DOCS-VULN-29-011. |
Requires policy overlay outputs | DOVL0102 | |
| DOCS-VULN-29-013 | TODO | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · DevEx/CLI Guild | docs/modules/vuln-explorer | Update /docs/install/containers.md with Findings Ledger & Vuln Explorer API images, manifests, resource sizing, health checks. Dependencies: DOCS-VULN-29-012. |
Needs CLI/export scripts from 132_CLCI0110 | DOVL0102 | |
| DOWNLOADS-CONSOLE-23-001 | DOING (dev-mock 2025-12-06) | 2025-12-06 | SPRINT_0502_0001_0001_ops_deployment_ii | Docs Guild · Deployment Guild | docs/console | Maintain signed downloads manifest pipeline (images, Helm, offline bundles), publish JSON under deploy/downloads/manifest.json, and document sync cadence for Console + docs parity. |
Need latest console build instructions | DOCN0101 |
| DPOP-11-001 | TODO | 2025-11-08 | SPRINT_100_identity_signing | Docs Guild · Authority Core | src/Authority/StellaOps.Authority | Need DPoP ADR from PGMI0101 | AUTH-AOC-19-002 | DODP0101 |
| DSL-401-005 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · Policy Guild | docs/policy/dsl.md, docs/policy/lifecycle.md |
Depends on PLLG0101 DSL updates | Depends on PLLG0101 DSL updates | DODP0101 | |
| DSSE-CLI-401-021 | DONE | 2025-11-27 | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · CLI Guild | src/Cli/StellaOps.Cli, scripts/ci/attest-*, docs/modules/attestor/architecture.md |
Ship a stella attest CLI (or sample StellaOps.Attestor.Tool) plus GitLab/GitHub workflow snippets that emit DSSE per build step (scan/package/push) using the new library and Authority keys. |
Need CLI updates from latest DSSE release | DODS0101 |
| DSSE-DOCS-401-022 | DONE | 2025-11-27 | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · Attestor Guild | docs/ci/dsse-build-flow.md, docs/modules/attestor/architecture.md |
Document the build-time attestation walkthrough (docs/ci/dsse-build-flow.md): models, helper usage, Authority integration, storage conventions, and verification commands, aligning with the advisory. |
Depends on #1 | DODS0101 |
| DSSE-LIB-401-020 | DONE (2025-11-27) | 2025-11-27 | SPRINT_0401_0001_0001_reachability_evidence_chain | Attestor Guild · Platform Guild | src/Attestor/StellaOps.Attestation, src/Attestor/StellaOps.Attestor.Envelope |
DsseEnvelopeExtensions added with conversion utilities; Envelope types exposed as transitive dependencies; consumers reference only StellaOps.Attestation. | Need attestor library API freeze | DOAL0101 |
| DVOFF-64-002 | TODO | SPRINT_160_export_evidence | DevPortal Offline Guild | docs/modules/export-center/devportal-offline.md | DevPortal Offline + AirGap Controller Guilds | Needs exporter DSSE schema from 002_ATEL0101 | DEVL0102 | |
| EDITOR-401-004 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · CLI Guild | src/Cli/StellaOps.Cli, docs/policy/lifecycle.md |
Gather CLI/editor alignment notes | Gather CLI/editor alignment notes | DOCL0103 | |
| EMIT-15-001 | TODO | SPRINT_0136_0001_0001_scanner_surface | Docs Guild · Scanner Emit Guild | src/Scanner/__Libraries/StellaOps.Scanner.Emit | Need EntryTrace emit notes from SCANNER-SURFACE-04 | SCANNER-SURFACE-04 | DOEM0101 | |
| ENG-0001 | DONE | 2025-11-07 | SPRINT_333_docs_modules_excititor | Docs Guild · Analyzer Guild | docs/modules/excitor | Summarize excititor integration | Summarize excititor integration | DOEN0101 |
| ENG-0002 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Docs Guild · Analyzer Guild | docs/modules/scanner | Link to analyzer doc commits | Link to analyzer doc commits | DOEN0101 |
| ENG-0003 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Docs Guild · Analyzer Guild | docs/modules/scanner | Link to Python analyzer doc | Link to Python analyzer doc | DOEN0101 |
| ENG-0004 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Docs Guild · Analyzer Guild | docs/modules/scanner | Link to Java analyzer doc | Link to Java analyzer doc | DOEN0101 |
| ENG-0005 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Docs Guild · Analyzer Guild | docs/modules/scanner | Link to Go analyzer doc | Link to Go analyzer doc | DOEN0101 |
| ENG-0006 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Docs Guild · Analyzer Guild | docs/modules/scanner | Link to Rust analyzer doc | Link to Rust analyzer doc | DOEN0101 |
| ENG-0007 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Docs Guild · Analyzer Guild | docs/modules/scanner | Multi-analyzer wrap-up | Multi-analyzer wrap-up | DOEN0101 |
| ENG-0008 | TODO | SPRINT_0138_0001_0001_scanner_ruby_parity | Docs Guild · EntryTrace Guild | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | Needs EntryTrace doc from DOEM0101 | Needs EntryTrace doc from DOEM0101 | DOEN0101 | |
| ENG-0009 | TODO | 2025-11-13 | SPRINT_0138_0001_0001_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Requires CLI integration notes | SCANNER-ANALYZERS-RUBY-28-001..012 | DOEN0101 |
| ENG-0010 | TODO | SPRINT_0138_0001_0001_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Need PHP analyzer doc outline | SCANNER-ANALYZERS-PHP-27-001 | DOEN0102 | |
| ENG-0011 | TODO | SPRINT_0138_0001_0001_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Deno analyzer doc | Deno analyzer doc | DOEN0102 | |
| ENG-0012 | TODO | SPRINT_0138_0001_0001_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Dart | EntryTrace doc dependency (DOEM0101) | EntryTrace doc dependency (DOEM0101) | DOEN0102 | |
| ENG-0013 | TODO | SPRINT_0138_0001_0001_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Swift | Swift analyzer doc outline | Swift analyzer doc outline | DOEN0102 | |
| ENG-0014 | TODO | SPRINT_0138_0001_0001_scanner_ruby_parity | Docs Guild · Analyzer Guild | docs/modules/scanner | Runtime/Zastava notes | Runtime/Zastava notes | DOEN0102 | |
| ENG-0015 | DONE | 2025-11-13 | SPRINT_0138_0001_0001_scanner_ruby_parity | Docs Guild · Analyzer Guild | docs/modules/scanner | Summarize export center tie-in | Summarize export center tie-in | DOEN0102 |
| ENG-0016 | DONE | 2025-11-10 | SPRINT_0138_0001_0001_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Analyzer doc evidence | SCANNER-ENG-0009 | DOEN0102 |
| ENG-0017 | DONE | 2025-11-09 | SPRINT_0138_0001_0001_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Analyzer doc evidence | SCANNER-ENG-0016 | DOEN0102 |
| ENG-0018 | DONE | 2025-11-09 | SPRINT_0138_0001_0001_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Analyzer doc evidence | SCANNER-ENG-0017 | DOEN0102 |
| ENG-0019 | DONE | 2025-11-13 | SPRINT_0138_0001_0001_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Analyzer doc evidence | SCANNER-ENG-0016..0018 | DOEN0102 |
| ENG-0020 | TODO | SPRINT_0136_0001_0001_scanner_surface | Docs Guild · Scanner Guild | docs/modules/scanner | Need surface doc context | Need surface doc context | DOEN0103 | |
| ENG-0021 | TODO | SPRINT_0136_0001_0001_scanner_surface | Docs Guild · Scanner Guild | docs/modules/scanner | Same as #1 | Same as #1 | DOEN0103 | |
| ENG-0022 | TODO | SPRINT_0136_0001_0001_scanner_surface | Docs Guild · Scanner Guild | docs/modules/scanner | Policy integration reference | Policy integration reference | DOEN0103 | |
| ENG-0023 | TODO | SPRINT_0136_0001_0001_scanner_surface | Docs Guild · Scanner Guild | docs/modules/scanner | Offline kit/policy integration | Offline kit/policy integration | DOEN0103 | |
| ENG-0024 | TODO | SPRINT_0136_0001_0001_scanner_surface | Docs Guild · Scanner Guild | docs/modules/scanner | Surface doc refresh | Surface doc refresh | DOEN0103 | |
| ENG-0025 | TODO | SPRINT_0136_0001_0001_scanner_surface | Docs Guild · Scanner Guild | docs/modules/scanner | Surface doc refresh | Surface doc refresh | DOEN0103 | |
| ENG-0026 | TODO | SPRINT_0136_0001_0001_scanner_surface | Docs Guild · Scanner Guild | docs/modules/scanner | Surface doc refresh | Surface doc refresh | DOEN0103 | |
| ENG-0027 | TODO | SPRINT_0136_0001_0001_scanner_surface | Docs Guild · Scanner Guild | docs/modules/scanner | Policy/offline integration doc | Policy/offline integration doc | DOEN0103 | |
| ENGINE-20-002 | BLOCKED | 2025-10-26 | SPRINT_124_policy_reasoning | Docs Guild · Policy Guild | src/Policy/StellaOps.Policy.Engine | Need ADR references | Need ADR references | DOPE0101 |
| ENGINE-20-003 | TODO | SPRINT_124_policy_reasoning | Docs Guild · Policy Guild · Concelier & Excititor Guilds | src/Policy/StellaOps.Policy.Engine | Depends on #1 | POLICY-ENGINE-20-002 | DOPE0101 | |
| ENGINE-20-004 | TODO | SPRINT_124_policy_reasoning | Docs Guild · Storage Guild | src/Policy/StellaOps.Policy.Engine | Needs storage notes | POLICY-ENGINE-20-003 | DOPE0101 | |
| ENGINE-20-005 | TODO | SPRINT_124_policy_reasoning | Docs Guild · Policy Runtime Guild | src/Policy/StellaOps.Policy.Engine | Requires policy runtime notes | POLICY-ENGINE-20-004 | DOPE0101 | |
| ENGINE-20-006 | TODO | SPRINT_124_policy_reasoning | Docs Guild · Policy Guild | src/Policy/StellaOps.Policy.Engine | Need runtime ADR | POLICY-ENGINE-20-005 | DOPE0102 | |
| ENGINE-20-007 | TODO | SPRINT_124_policy_reasoning | Docs Guild · Storage Guild | src/Policy/StellaOps.Policy.Engine | Need storage ADR | POLICY-ENGINE-20-006 | DOPE0102 | |
| ENGINE-20-008 | TODO | SPRINT_124_policy_reasoning | Docs Guild · Observability Guild | src/Policy/StellaOps.Policy.Engine | Need observability updates | POLICY-ENGINE-20-007 | DOPE0102 | |
| ENGINE-20-009 | TODO | SPRINT_124_policy_reasoning | Docs Guild · DevOps Guild | src/Policy/StellaOps.Policy.Engine | Need DevOps deployment plan | POLICY-ENGINE-20-008 | DOPE0102 | |
| ENGINE-27-001 | TODO | SPRINT_124_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-20-009 | POLICY-ENGINE-20-009 | DOPE0103 | |
| ENGINE-27-002 | TODO | SPRINT_124_policy_reasoning | Policy + Observability Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-27-001 | POLICY-ENGINE-27-001 | DOPE0103 | |
| ENGINE-29-001 | TODO | SPRINT_124_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-27-004 | POLICY-ENGINE-27-004 | DOPE0103 | |
| ENGINE-29-002 | TODO | SPRINT_124_policy_reasoning | Policy + Findings Ledger Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-29-001 | POLICY-ENGINE-29-001 | DOPE0103 | |
| ENGINE-29-003 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy + SBOM Service Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-29-002 | POLICY-ENGINE-29-002 | DOPE0103 | |
| ENGINE-29-004 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy + Observability Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-29-003 | POLICY-ENGINE-29-003 | DOPE0103 | |
| ENGINE-30-001 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy + Cartographer Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-29-004 | POLICY-ENGINE-29-004 | DOPE0103 | |
| ENGINE-30-002 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy + Cartographer Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-30-001 | POLICY-ENGINE-30-001 | DOPE0103 | |
| ENGINE-30-003 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy + Scheduler Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-30-002 | POLICY-ENGINE-30-002 | DOPE0103 | |
| ENGINE-30-101 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-30-003 | POLICY-ENGINE-30-003 | DOPE0103 | |
| ENGINE-31-001 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-30-101 | POLICY-ENGINE-30-101 | DOPE0104 | |
| ENGINE-31-002 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-31-001 | POLICY-ENGINE-31-001 | DOPE0104 | |
| ENGINE-32-101 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-31-002 | POLICY-ENGINE-31-002 | DOPE0104 | |
| ENGINE-33-101 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-32-101 | POLICY-ENGINE-32-101 | DOPE0104 | |
| ENGINE-34-101 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-33-101 | POLICY-ENGINE-33-101 | DOPE0104 | |
| ENGINE-35-201 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-34-101 | POLICY-ENGINE-34-101 | DOPE0104 | |
| ENGINE-38-201 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-35-201 | POLICY-ENGINE-35-201 | DOPE0104 | |
| ENGINE-40-001 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy + Concelier Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-38-201 | POLICY-ENGINE-38-201 | DOPE0104 | |
| ENGINE-40-002 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy + Excititor Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-40-001 | POLICY-ENGINE-40-001 | DOPE0104 | |
| ENGINE-40-003 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy + Web Scanner Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-40-002 | POLICY-ENGINE-40-002 | DOPE0104 | |
| ENGINE-401-003 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild (src/Policy/StellaOps.Policy.Engine, docs/modules/policy/architecture.md) |
src/Policy/StellaOps.Policy.Engine, docs/modules/policy/architecture.md |
Reachability/forensics appendix referencing DORC0101. | — | DOPE0105 | |
| ENGINE-50-001 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy + Platform Security / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-40-003 | POLICY-ENGINE-40-003 | DOPE0105 | |
| ENGINE-50-002 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy + Runtime Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-50-001 | POLICY-ENGINE-50-001 | DOPE0105 | |
| ENGINE-50-003 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy + Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-50-002 | POLICY-ENGINE-50-002 | DOPE0105 | |
| ENGINE-50-004 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy + Platform Events Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-50-003 | POLICY-ENGINE-50-003 | DOPE0105 | |
| ENGINE-50-005 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy + Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-50-004 | POLICY-ENGINE-50-004 | DOPE0105 | |
| ENGINE-50-006 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy + QA Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-50-005 | POLICY-ENGINE-50-005 | DOPE0105 | |
| ENGINE-50-007 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy + Scheduler Worker Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-50-006 | POLICY-ENGINE-50-006 | DOPE0105 | |
| ENGINE-60-001 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy + SBOM Service Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-50-007 | POLICY-ENGINE-50-007 | DOPE0105 | |
| ENGINE-60-002 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy + BE-Base Platform Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-60-001 | POLICY-ENGINE-60-001 | DOPE0105 | |
| ENGINE-66-001 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Baseline collections + indexes doc. | — | DORG0101 |
| ENGINE-66-002 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-66-001 | RISK-ENGINE-66-001 | DORG0101 |
| ENGINE-67-001 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk + Concelier Guilds / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-66-002 | RISK-ENGINE-66-002 | DORG0101 |
| ENGINE-67-002 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk + Excititor Guilds / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-67-001 | RISK-ENGINE-67-001 | DORG0101 |
| ENGINE-67-003 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk + Policy Engine Guilds / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-67-002 | RISK-ENGINE-67-002 | DORG0101 |
| ENGINE-68-001 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk + Findings Ledger Guilds / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-67-003 | RISK-ENGINE-67-003 | DORG0101 |
| ENGINE-68-002 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk + API Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-68-001 | RISK-ENGINE-68-001 | DORG0101 |
| ENGINE-69-001 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Risk + Policy Studio Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-68-002 | RISK-ENGINE-68-002 | DORG0101 | |
| ENGINE-69-002 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Risk + Observability Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-69-001 | RISK-ENGINE-69-001 | DORG0101 | |
| ENGINE-70-001 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Risk + Export Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-69-002 | RISK-ENGINE-69-002 | DORG0101 | |
| ENGINE-70-002 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy + Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-60-002 | POLICY-ENGINE-60-002 | DOPE0106 | |
| ENGINE-70-003 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy + Runtime Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-70-002 | POLICY-ENGINE-70-002 | DOPE0106 | |
| ENGINE-70-004 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy + Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-70-003 | POLICY-ENGINE-70-003 | DOPE0106 | |
| ENGINE-70-005 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy + Scheduler Worker Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-70-004 | POLICY-ENGINE-70-004 | DOPE0106 | |
| ENGINE-80-001 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy + Signals Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-70-005 | POLICY-ENGINE-70-005 | DOPE0106 | |
| ENGINE-80-002 | TODO | SPRINT_0127_0001_0001_policy_reasoning | Policy + Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-80-001 | POLICY-ENGINE-80-001 | DOPE0106 | |
| ENGINE-80-003 | BLOCKED (2025-11-26) | SPRINT_0127_0001_0001_policy_reasoning | Policy + Policy Editor Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-80-002 | POLICY-ENGINE-80-002 | DOPE0106 | |
| ENGINE-80-004 | TODO | SPRINT_0127_0001_0001_policy_reasoning | Policy + Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-80-003 | POLICY-ENGINE-80-003 | DOPE0106 | |
| ENGINE-DOCS-0001 | TODO | SPRINT_0325_0001_0001_docs_modules_policy | Docs Guild (docs/modules/policy) | docs/modules/policy | Refresh module overview + governance ladder. | — | DOPE0107 | |
| ENGINE-ENG-0001 | TODO | SPRINT_0325_0001_0001_docs_modules_policy | Module Team (docs/modules/policy) | docs/modules/policy | Capture engineering guidelines + acceptance tests. | — | DOPE0107 | |
| ENGINE-OPS-0001 | TODO | SPRINT_0325_0001_0001_docs_modules_policy | Ops Guild (docs/modules/policy) | docs/modules/policy | Operations runbook (deploy/rollback) pointer. | — | DOPE0107 | |
| ENTROPY-186-011 | TODO | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild · Provenance Guild | src/Scanner/StellaOps.Scanner.Worker, src/Scanner/__Libraries |
SCANNER-ENTRYTRACE-18-508 | SCANNER-ENTRYTRACE-18-508 | SCDE0101 | |
| ENTROPY-186-012 | TODO | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild · Provenance Guild | src/Scanner/StellaOps.Scanner.WebService, docs/replay/DETERMINISTIC_REPLAY.md |
ENTROPY-186-011 | ENTROPY-186-011 | SCDE0102 | |
| ENTROPY-40-001 | TODO | SPRINT_0209_0001_0001_ui_i | UI Guild | src/UI/StellaOps.UI | ENTROPY-186-011 | ENTROPY-186-011 | UIDO0101 | |
| ENTROPY-40-002 | TODO | SPRINT_0209_0001_0001_ui_i | UI Guild Policy Guild | src/UI/StellaOps.UI | ENTROPY-40-001 & ENTROPY-186-012 | ENTROPY-40-001 | UIDO0101 | |
| ENTROPY-70-004 | TODO | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Scanner Guild | docs/modules/scanner/determinism.md | ENTROPY-186-011/012 | ENTROPY-186-011/012 | DOSC0102 | |
| ENTRYTRACE-18-502 | TODO | SPRINT_0135_0001_0001_scanner_surface | EntryTrace Guild · Scanner Surface Guild | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | SCANNER-ENTRYTRACE-18-508 | SCANNER-ENTRYTRACE-18-508 | SCET0101 | |
| ENTRYTRACE-18-503 | TODO | SPRINT_0135_0001_0001_scanner_surface | EntryTrace Guild · Scanner Surface Guild | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | ENTRYTRACE-18-502 | ENTRYTRACE-18-502 | SCET0101 | |
| ENTRYTRACE-18-504 | TODO | SPRINT_0136_0001_0001_scanner_surface | EntryTrace Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace) | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | SCANNER-ENTRYTRACE-18-503 | SCANNER-ENTRYTRACE-18-503 | SCSS0102 | |
| ENTRYTRACE-18-505 | TODO | SPRINT_0136_0001_0001_scanner_surface | EntryTrace Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace) | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | SCANNER-ENTRYTRACE-18-504 | SCANNER-ENTRYTRACE-18-504 | SCSS0102 | |
| ENTRYTRACE-18-506 | TODO | SPRINT_0136_0001_0001_scanner_surface | EntryTrace Guild · Scanner WebService Guild | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | ENTRYTRACE-18-505 | ENTRYTRACE-18-505 | SCET0101 | |
| ENV-01 | DONE | 2025-11-13 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Zastava Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | SCEN0101 | ||
| ENV-02 | DOING (2025-11-02) | 2025-11-02 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild · Zastava Guild | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | SURFACE-ENV-01 | SURFACE-ENV-01 | SCEN0101 |
| ENV-03 | TODO | SPRINT_0136_0001_0001_scanner_surface | BuildX Plugin Guild | src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin | SCANNER-ENV-02 | SCANNER-ENV-02 | SCBX0101 | |
| ENV-04 | TODO | SPRINT_0136_0001_0001_scanner_surface | Zastava Guild · Scanner Env Guild | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | SURFACE-ENV-02 | SURFACE-ENV-02 | SCEN0101 | |
| ENV-05 | TODO | SPRINT_0136_0001_0001_scanner_surface | Ops Guild · Scanner Env Guild | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | SURFACE-ENV-03 & SURFACE-ENV-04 | SURFACE-ENV-03; SURFACE-ENV-04 | SCEN0101 | |
| EVENTS-16-301 | BLOCKED (2025-10-26) | 2025-10-26 | SPRINT_0136_0001_0001_scanner_surface | Scanner WebService Guild (src/Scanner/StellaOps.Scanner.WebService) |
src/Scanner/StellaOps.Scanner.WebService | SCDE0102 landing | SCDE0102 landing | SCEV0101 |
| EVID-CRYPTO-90-001 | TODO | SPRINT_160_export_evidence | Evidence Locker + Security Guilds (src/EvidenceLocker/StellaOps.EvidenceLocker) |
src/EvidenceLocker/StellaOps.EvidenceLocker | Evidence Locker + Security Guilds · ICryptoProviderRegistry integration |
ATEL0101 contracts | EVEC0101 | |
| EVID-OBS-54-002 | TODO | SPRINT_161_evidencelocker | Evidence Locker Guild (src/EvidenceLocker/StellaOps.EvidenceLocker) |
src/EvidenceLocker/StellaOps.EvidenceLocker |
Finalize deterministic bundle packaging + DSSE layout per docs/modules/evidence-locker/bundle-packaging.md, ensuring parity with portable/incident modes. |
EVID-CRYPTO-90-001 | EVEC0101 | |
| EVID-REPLAY-187-001 | TODO | SPRINT_160_export_evidence | Evidence Locker Guild · docs/modules/evidence-locker/architecture.md | docs/modules/evidence-locker/architecture.md | Evidence Locker Guild · docs/modules/evidence-locker/architecture.md | EVID-CRYPTO-90-001 | EVEC0101 | |
| EXC-25-001 | TODO | SPRINT_0202_0001_0002_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) |
src/Cli/StellaOps.Cli | DOOR0102 APIs | DOOR0102 APIs | CLEX0101 | |
| EXC-25-002 | TODO | SPRINT_0202_0001_0002_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) |
src/Cli/StellaOps.Cli | EXC-25-001 | EXC-25-001 | CLEX0101 | |
| EXC-25-003 | TODO | SPRINT_0209_0001_0001_ui_i | UI Guild (src/UI/StellaOps.UI) |
src/UI/StellaOps.UI | DOOR0102 APIs | DOOR0102 APIs | UIEX0101 | |
| EXC-25-004 | TODO | SPRINT_0209_0001_0001_ui_i | UI Guild (src/UI/StellaOps.UI) |
src/UI/StellaOps.UI | EXC-25-003 | EXC-25-003 | UIEX0101 | |
| EXC-25-005 | TODO | SPRINT_0209_0001_0001_ui_i | UI + Accessibility Guilds (src/UI/StellaOps.UI) |
src/UI/StellaOps.UI | EXC-25-003 | EXC-25-003 | UIEX0101 | |
| EXC-25-006 | TODO | SPRINT_303_docs_tasks_md_iii | Docs Guild · DevEx Guild | docs/modules/excititor | CLEX0101 CLI updates | CLEX0101 CLI updates | DOEX0101 | |
| EXC-25-007 | TODO | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · DevOps Guild | docs/modules/excititor | UIEX0101 console outputs | UIEX0101 console outputs | DOEX0101 | |
| EXCITITOR-ATTEST-73-001 | DONE | 2025-11-17 | SPRINT_0119_0001_0001_excititor_i | Excititor Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Attestation payloads emitted with supplier identity, justification summary, and scope metadata for trust chaining. | EXCITITOR-ATTEST-01-003 | EXAT0101 |
| EXCITITOR-ATTEST-73-002 | DONE | 2025-11-17 | SPRINT_0119_0001_0001_excititor_i | Excititor Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | APIs link attestation IDs back to observation/linkset/product tuples for provenance citations without derived verdicts. | EXCITITOR-ATTEST-73-001 | EXAT0101 |
| EXCITITOR-CONN-SUSE-01-003 | TODO | SPRINT_0120_0001_0002_excititor_ii | Excititor Guild (SUSE connector) | src/Excititor/__Libraries/StellaOps.Excititor.Connectors.SUSE.RancherVEXHub | DONE (2025-11-09) – Emit provider trust configuration (signer fingerprints, trust tier notes) into the raw provenance envelope so downstream VEX Lens/Policy components can weigh issuers. Connector must not apply weighting or consensus inside ingestion. | EXCITITOR-CONN-SUSE-01-002; EXCITITOR-POLICY-01-001 | EXCN0101 | |
| EXCITITOR-CONN-TRUST-01-001 | DONE | 2025-11-20 | SPRINT_0119_0001_0001_excititor_i | Excititor Guild · AirGap Guilds | src/Excititor/__Libraries/StellaOps.Excititor.Connectors* | Signer metadata loader/enricher wired for MSRC/Oracle/Ubuntu/OpenVEX connectors; env STELLAOPS_CONNECTOR_SIGNER_METADATA_PATH; docs + sample hash shipped. |
CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | EXCN0101 |
| EXCITITOR-CONN-UBUNTU-01-003 | TODO | SPRINT_0120_0001_0002_excititor_ii | Excititor Guild (Ubuntu connector) | src/Excititor/__Libraries/StellaOps.Excititor.Connectors.Ubuntu.CSAF | DONE (2025-11-09) – Emit Ubuntu signing metadata (GPG fingerprints, issuer trust tier) inside raw provenance artifacts so downstream Policy/VEX Lens consumers can weigh issuers. Connector must remain aggregation-only with no inline weighting. | EXCITITOR-CONN-UBUNTU-01-002 | EXCN0101 | |
| EXCITITOR-CONSOLE-23-001 | DONE (2025-11-23) | SPRINT_0120_0001_0002_excititor_ii | Excititor Guild · Docs Guild | src/Excititor/StellaOps.Excititor.WebService | Expose /console/vex endpoints returning grouped VEX statements per advisory/component with status chips, justification metadata, precedence trace pointers, and tenant-scoped filters for Console explorer. Dependencies: EXCITITOR-LNM-21-201, EXCITITOR-LNM-21-202. |
DOCN0101 | EXCO0101 | |
| EXCITITOR-CONSOLE-23-002 | DONE (2025-11-23) | SPRINT_0120_0001_0002_excititor_ii | Excititor Guild | src/Excititor/StellaOps.Excititor.WebService | Provide aggregated counts for VEX overrides (new, not_affected, revoked) powering Console dashboard + live status ticker; emit metrics for policy explain integration. Dependencies: EXCITITOR-CONSOLE-23-001, EXCITITOR-LNM-21-203. | EXCITITOR-CONSOLE-23-001 | EXCO0101 | |
| EXCITITOR-CONSOLE-23-003 | DONE (2025-11-23) | SPRINT_0120_0001_0002_excititor_ii | Excititor Guild | src/Excititor/StellaOps.Excititor.WebService | Deliver rapid lookup endpoints of VEX by advisory/component for Console global search; ensure response includes provenance and precedence context; include caching and RBAC. Dependencies: EXCITITOR-CONSOLE-23-001. | EXCITITOR-CONSOLE-23-001 | EXCO0101 | |
| EXCITITOR-CORE-AOC-19-002 | TODO | SPRINT_0120_0001_0002_excititor_ii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Implement deterministic extraction of advisory IDs, component PURLs, and references into linkset, capturing reconciled-from metadata for traceability. |
Link-Not-Merge schema | EXCA0101 | |
| EXCITITOR-CORE-AOC-19-003 | TODO | SPRINT_0120_0001_0002_excititor_ii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Enforce (vendor, upstreamId, contentHash, tenant) uniqueness, generate supersedes chains, and ensure append-only versioning of raw VEX documents. Dependencies: EXCITITOR-CORE-AOC-19-002. |
EXCITITOR-CORE-AOC-19-002 | EXCA0101 | |
| EXCITITOR-CORE-AOC-19-004 | TODO | SPRINT_0120_0001_0002_excititor_ii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Excise consensus/merge/severity logic from Excititor ingestion paths, updating exports/tests to rely on Policy Engine materializations instead. Dependencies: EXCITITOR-CORE-AOC-19-003. | EXCITITOR-CORE-AOC-19-003 | EXCA0101 | |
| EXCITITOR-CORE-AOC-19-013 | TODO | SPRINT_0120_0001_0002_excititor_ii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Update Excititor smoke/e2e suites to seed tenant-aware Authority clients and ensure cross-tenant VEX ingestion is rejected. Dependencies: EXCITITOR-CORE-AOC-19-004. | EXCITITOR-CORE-AOC-19-004 | EXCA0101 | |
| EXCITITOR-CRYPTO-90-001 | TODO | SPRINT_0124_0001_0006_excititor_vi | WebService + Security Guilds | src/Excititor/StellaOps.Excititor.WebService | Replace ad-hoc hashing/signing in connectors/exporters/OpenAPI discovery with ICryptoProviderRegistry implementations approved by security so evidence verification stays deterministic across crypto profiles. |
ATEL0101 | EXWS0101 | |
| EXCITITOR-DOCS-0001 | DOING (2025-10-29) | 2025-10-29 | SPRINT_333_docs_modules_excititor | Docs Guild | docs/modules/excititor | See ./AGENTS.md | — | DOEX0102 |
| EXCITITOR-ENG-0001 | TODO | SPRINT_333_docs_modules_excititor | Module Team · Docs Guild | docs/modules/excititor | Update status via ./AGENTS.md workflow | DOEX0101 evidence | DOEX0102 | |
| EXCITITOR-GRAPH-21-001 | TODO | 2025-10-27 | SPRINT_0120_0001_0002_excititor_ii | Excititor Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Provide batched VEX/advisory reference fetches keyed by graph node PURLs so UI inspector can display raw documents and justification metadata. | Link-Not-Merge schema | EXGR0101 |
| EXCITITOR-GRAPH-21-002 | TODO | 2025-10-27 | SPRINT_0120_0001_0002_excititor_ii | Excititor Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Ensure overlay metadata includes VEX justification summaries and document versions for Cartographer overlays; update fixtures/tests. Dependencies: EXCITITOR-GRAPH-21-001. | EXCITITOR-GRAPH-21-001 | EXGR0101 |
| EXCITITOR-GRAPH-21-005 | TODO | 2025-10-27 | SPRINT_0120_0001_0002_excititor_ii | Excititor Guild | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo | Add indexes/materialized views for VEX lookups by PURL/policy to support Cartographer inspector performance; document migrations. Dependencies: EXCITITOR-GRAPH-21-002. | EXCITITOR-GRAPH-21-002 | EXGR0101 |
| EXCITITOR-GRAPH-24-101 | DONE (2025-11-25) | SPRINT_0120_0001_0002_excititor_ii | Excititor Guild | src/Excititor/StellaOps.Excititor.WebService | Provide endpoints delivering VEX status summaries per component/asset for Vuln Explorer integration. Dependencies: EXCITITOR-GRAPH-21-005. | EXCITITOR-GRAPH-21-002 | EXGR0101 | |
| EXCITITOR-GRAPH-24-102 | DONE (2025-11-25) | SPRINT_0120_0001_0002_excititor_ii | Excititor Guild | src/Excititor/StellaOps.Excititor.WebService | Add batch VEX observation retrieval optimized for Graph overlays/tooltips. Dependencies: EXCITITOR-GRAPH-24-101. | EXCITITOR-GRAPH-24-101 | EXGR0101 | |
| EXCITITOR-LNM-21-001 | TODO | SPRINT_0121_0001_0003_excititor_iii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo | Stand up vex_observations and vex_linksets collections with shard keys, tenant guards, and migrations that retire any residual merge-era data without mutating raw content. |
Link-Not-Merge schema | EXLN0101 | |
| EXCITITOR-LNM-21-002 | TODO | SPRINT_0121_0001_0003_excititor_iii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Capture disagreement metadata (status + justification deltas) directly inside linksets with confidence scores so downstream consumers can highlight conflicts without Excititor choosing winners. Depends on EXCITITOR-LNM-21-001. | EXCITITOR-LNM-21-001 | EXLN0101 | |
| EXCITITOR-LNM-21-003 | TODO | SPRINT_0121_0001_0003_excititor_iii | Excititor Core + Platform Events Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Emit vex.linkset.updated events and describe payload shape (observation ids, confidence, conflict summary) so Policy/Lens/UI can subscribe while Excititor stays aggregation-only. Depends on EXCITITOR-LNM-21-002. |
EXCITITOR-LNM-21-002 | EXLN0101 | |
| EXCITITOR-LNM-21-201 | DONE (2025-11-25) | SPRINT_0121_0001_0003_excititor_iii | Excititor WebService Guild | src/Excititor/StellaOps.Excititor.WebService | Ship /vex/observations read endpoints with filters for advisory/product/issuer, strict RBAC, and deterministic pagination (no derived verdict fields). Depends on EXCITITOR-LNM-21-003. |
EXCITITOR-LNM-21-001 | EXLN0101 | |
| EXCITITOR-LNM-21-202 | DONE (2025-11-25) | SPRINT_0121_0001_0003_excititor_iii | Excititor WebService Guild | src/Excititor/StellaOps.Excititor.WebService | Provide /vex/linksets + export endpoints that surface alias mappings, conflict markers, and provenance proofs exactly as stored; errors must map to ERR_AGG_*. Depends on EXCITITOR-LNM-21-201. |
EXCITITOR-LNM-21-201 | EXLN0101 | |
| EXCITITOR-LNM-21-203 | DONE (2025-11-23) | SPRINT_0121_0001_0003_excititor_iii | Excititor WebService Guild | src/Excititor/StellaOps.Excititor.WebService | Update OpenAPI, SDK smoke tests, and documentation to cover the new observation/linkset endpoints with realistic examples Advisory AI/Lens teams can rely on. Depends on EXCITITOR-LNM-21-202. | EXCITITOR-LNM-21-202 | EXLN0101 | |
| EXCITITOR-OBS-51-001 | DONE (2025-11-23) | SPRINT_0121_0001_0003_excititor_iii | Excititor Core Guild · DevOps Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Publish ingest latency, scope resolution success, conflict rate, and signature verification metrics plus SLO burn alerts so we can prove Excititor meets the AOC “evidence freshness” mission. | Wait for 046_TLTY0101 span schema | EXOB0101 | |
| EXCITITOR-OBS-52-001 | DONE (2025-11-24) | SPRINT_0119_0001_0006_excititor_vi | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Emit timeline_event entries for every ingest/linkset change with trace IDs, justification summaries, and evidence hashes so downstream systems can replay the raw facts chronologically. Depends on EXCITITOR-OBS-51-001. |
Needs #1 merged for correlation IDs | EXOB0101 | |
| EXCITITOR-OBS-53-001 | TODO | SPRINT_0122_0001_0004_excititor_iv | Excititor Core Guild · Evidence Locker Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Build locker payloads (raw doc, normalization diff, provenance) and Merkle manifests so sealed-mode sites can audit evidence without Excititor reinterpreting it. Depends on EXCITITOR-OBS-52-001. | Blocked on Evidence Locker DSSE hooks (002_ATEL0101) | EXOB0101 | |
| EXCITITOR-OBS-54-001 | TODO | SPRINT_0122_0001_0004_excititor_iv | Excititor Core Guild · Provenance Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Attach DSSE attestations to every evidence batch, verify chains via Provenance tooling, and surface attestation IDs on timeline events. Depends on EXCITITOR-OBS-53-001. | Requires provenance schema from 005_ATLN0101 | EXOB0101 | |
| EXCITITOR-OPS-0001 | TODO | SPRINT_333_docs_modules_excititor | Ops Guild · Docs Guild | docs/modules/excititor | Sync outcomes back to ../.. | DOEX0101 runbooks | DOEX0102 | |
| EXCITITOR-ORCH-32-001 | TODO | SPRINT_0122_0001_0004_excititor_iv | Excititor Worker Guild (src/Excititor/StellaOps.Excititor.Worker) |
src/Excititor/StellaOps.Excititor.Worker | Adopt the orchestrator worker SDK for Excititor jobs, emitting heartbeats/progress/artifact hashes so ingestion remains deterministic and restartable without reprocessing evidence. | DOOR0102 APIs | EXWS0101 | |
| EXCITITOR-ORCH-33-001 | TODO | SPRINT_0122_0001_0004_excititor_iv | Excititor Worker Guild (src/Excititor/StellaOps.Excititor.Worker) |
src/Excititor/StellaOps.Excititor.Worker | Honor orchestrator pause/throttle/retry commands, persist checkpoints, and classify error outputs to keep ingestion safe under outages. Depends on EXCITITOR-ORCH-32-001. | EXCITITOR-ORCH-32-001 | EXWS0101 | |
| EXCITITOR-POLICY-20-001 | TODO | SPRINT_0122_0001_0004_excititor_iv | WebService Guild | src/Excititor/StellaOps.Excititor.WebService | Provide VEX lookup APIs (PURL/advisory batching, scope filters, tenant enforcement) that Policy Engine uses to join evidence without Excititor performing any verdict logic. Depends on EXCITITOR-AOC-20-004. | DOLN0101 | EXWS0101 | |
| EXCITITOR-POLICY-20-002 | TODO | SPRINT_0122_0001_0004_excititor_iv | Excititor Core Guild (src/Excititor/__Libraries/StellaOps.Excititor.Core) | src/Excititor/__Libraries/StellaOps.Excititor.Core | Enhance linksets with scope resolution + version range metadata so Policy/Reachability can reason about applicability while Excititor continues to report only raw context. Depends on EXCITITOR-POLICY-20-001. | EXWK0101 | ||
| EXCITITOR-RISK-66-001 | TODO | SPRINT_0122_0001_0004_excititor_iv | Excititor Core Guild · Risk Engine Guild (src/Excititor/__Libraries/StellaOps.Excititor.Core) |
src/Excititor/__Libraries/StellaOps.Excititor.Core | Publish risk-engine ready feeds (status, justification, provenance) with zero derived severity so gating services can reference Excititor as a source of truth. Depends on EXCITITOR-POLICY-20-002. | CONCELIER-GRAPH-21-001/002 | EXRS0101 | |
| EXCITITOR-STORE-AOC-19-001 | DONE (2025-11-25) | SPRINT_0119_0001_0005_excititor_v | Storage Guild (src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo) |
src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo | Ship Mongo JSON Schema + validator tooling (including Offline Kit instructions) so operators can prove Excititor stores only immutable evidence. | Link-Not-Merge schema | EXSM0101 | |
| EXCITITOR-STORE-AOC-19-002 | DONE (2025-11-25) | SPRINT_0119_0001_0005_excititor_v | Storage + DevOps Guilds (src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo) |
src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo | Create unique indexes, run migrations/backfills, and document rollback steps for the new schema validator. Depends on EXCITITOR-STORE-AOC-19-001. | EXCITITOR-STORE-AOC-19-001 | EXSM0101 | |
| EXCITITOR-VEXLENS-30-001 | BLOCKED (2025-11-25) | Await VEX Lens field list / examples | SPRINT_0119_0001_0005_excititor_v | Excititor WebService Guild · VEX Lens Guild | src/Excititor/StellaOps.Excititor.WebService | Ensure every observation exported to VEX Lens carries issuer hints, signature blobs, product tree snippets, and staleness metadata so the lens can compute consensus without calling back into Excititor. | — | PLVL0103 |
| EXCITITOR-VULN-29-001 | BLOCKED (2025-11-23) | Waiting on advisory_key canonicalization spec | SPRINT_0119_0001_0005_excititor_v | Excititor WebService Guild (src/Excititor/StellaOps.Excititor.WebService) |
src/Excititor/StellaOps.Excititor.WebService | Canonicalize advisory/product keys (map to advisory_key, capture scope metadata) while preserving original identifiers in links[]; run backfill + regression tests. |
EXWS0101 | EXVN0101 |
| EXCITITOR-VULN-29-002 | BLOCKED (2025-11-23) | Blocked on EXCITITOR-VULN-29-001 | SPRINT_0119_0001_0005_excititor_v | Excititor WebService Guild | src/Excititor/StellaOps.Excititor.WebService | Provide /vuln/evidence/vex/{advisory_key} returning tenant-scoped raw statements, provenance, and attestation references for Vuln Explorer evidence tabs. Depends on EXCITITOR-VULN-29-001. |
EXCITITOR-VULN-29-001 | EXVN0101 |
| EXCITITOR-VULN-29-004 | BLOCKED (2025-11-23) | Blocked on EXCITITOR-VULN-29-002 | SPRINT_0119_0001_0005_excititor_v | Excititor WebService + Observability Guilds | src/Excititor/StellaOps.Excititor.WebService | Add metrics/logs for normalization errors, suppression scopes, withdrawn statements, and feed them to Vuln Explorer + Advisory AI dashboards. Depends on EXCITITOR-VULN-29-002. | EXCITITOR-VULN-29-001 | EXVN0101 |
| EXCITITOR-WEB-AIRGAP-58-001 | TODO | SPRINT_0124_0001_0006_excititor_vi | WebService Guild · AirGap Guilds | src/Excititor/StellaOps.Excititor.WebService | Emit timeline events + audit logs for mirror bundle imports (bundle ID, scope, actor) and map sealed-mode violations to actionable remediation guidance. | EXAG0101 | EXWS0101 | |
| EXCITITOR-WEB-OAS-61-001 | TODO | SPRINT_0124_0001_0006_excititor_vi | WebService Guild | src/Excititor/StellaOps.Excititor.WebService | Implement /.well-known/openapi with spec version metadata plus standard error envelopes, then update controller/unit tests accordingly. |
DOOR0102 | EXWS0101 | |
| EXCITITOR-WEB-OAS-62-001 | TODO | SPRINT_0124_0001_0006_excititor_vi | WebService Guild · API Governance | src/Excititor/StellaOps.Excititor.WebService | Publish curated examples for the new evidence/attestation/timeline endpoints, emit deprecation headers for legacy routes, and align SDK docs. Depends on EXCITITOR-WEB-OAS-61-001. | EXCITITOR-WEB-OAS-61-001 | EXWS0101 | |
| EXCITITOR-WEB-OBS-52-001 | TODO | SPRINT_0124_0001_0006_excititor_vi | Excititor WebService Guild | src/Excititor/StellaOps.Excititor.WebService | Provide SSE/WebSocket bridges for VEX timeline events with tenant filters, pagination anchors, and guardrails so downstream consoles can monitor raw evidence changes in real time. Depends on EXCITITOR-OBS-52-001. | Wait for 046_TLTY0101 span schema | EXOB0102 | |
| EXCITITOR-WEB-OBS-53-001 | TODO | SPRINT_0124_0001_0006_excititor_vi | Excititor WebService Guild · Evidence Locker Guild | src/Excititor/StellaOps.Excititor.WebService | Expose /evidence/vex/* endpoints that fetch locker bundles, enforce scopes, and surface verification metadata without synthesizing verdicts. Depends on EXCITITOR-WEB-OBS-52-001. |
Requires Evidence Locker DSSE API (002_ATEL0101) | EXOB0102 | |
| EXCITITOR-WEB-OBS-54-001 | TODO | SPRINT_0124_0001_0006_excititor_vi | Excititor WebService Guild | src/Excititor/StellaOps.Excititor.WebService | Add /attestations/vex/* endpoints returning DSSE verification state, builder identity, and chain-of-custody links so consumers never need direct datastore access. Depends on EXCITITOR-WEB-OBS-53-001. |
Dependent on provenance schema (005_ATLN0101) | EXOB0102 | |
| EXCITOR-DOCS-0001 | DONE | 2025-11-07 | SPRINT_333_docs_modules_excititor | Docs Guild (docs/modules/excitor) | docs/modules/excitor | Validate that docs/modules/excitor/README.md matches the latest release notes and consensus beta notes. |
DOXR0101 | |
| EXCITOR-ENG-0001 | DONE | 2025-11-07 | SPRINT_333_docs_modules_excititor | Module Team (docs/modules/excitor) | docs/modules/excitor | Ensure the implementation plan sprint alignment table stays current with SPRINT_200 updates. |
DOXR0101 | |
| EXCITOR-OPS-0001 | DONE | 2025-11-07 | SPRINT_333_docs_modules_excititor | Ops Guild (docs/modules/excitor) | docs/modules/excitor | Review runbooks/observability assets, adding the checklist captured in docs/modules/excitor/mirrors.md. |
DOXR0101 | |
| EXPLORER-DOCS-0001 | TODO | SPRINT_334_docs_modules_vuln_explorer | Docs Guild | docs/modules/vuln-explorer | DOVL0101 outputs | DOVL0101 outputs | DOXR0101 | |
| EXPLORER-ENG-0001 | TODO | SPRINT_334_docs_modules_vuln_explorer | Explorer Module Team | docs/modules/vuln-explorer | DOVL0102 | DOVL0102 | DOXR0101 | |
| EXPLORER-OPS-0001 | TODO | SPRINT_334_docs_modules_vuln_explorer | Ops Guild | docs/modules/vuln-explorer | Explorer Ops runbooks | Explorer Ops runbooks | DOXR0101 | |
| EXPORT-35-001 | TODO | SPRINT_0121_0001_0001_policy_reasoning | Findings Ledger Guild (src/Findings/StellaOps.Findings.Ledger) |
src/Findings/StellaOps.Findings.Ledger | PLLG010x ADRs | PLLG010x ADRs | EVFL0101 | |
| EXPORT-36-001 | TODO | SPRINT_0202_0001_0002_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) |
src/Cli/StellaOps.Cli | Export API spec | Export API spec | EVCL0101 | |
| EXPORT-37-001 | TODO | SPRINT_0202_0001_0002_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) |
src/Cli/StellaOps.Cli | EXPORT-36-001 | EXPORT-36-001 | EVCL0101 | |
| EXPORT-37-004 | TODO | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild | DOCN0101 | DOCN0101 | EVDO0101 | ||
| EXPORT-37-005 | TODO | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs + Export Guilds | EXPORT-37-004 | EXPORT-37-004 | EVDO0101 | ||
| EXPORT-37-101 | TODO | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild | EVCL0101 | EVCL0101 | EVDO0101 | ||
| EXPORT-37-102 | TODO | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild | EXPORT-37-101 | EXPORT-37-101 | EVDO0101 | ||
| EXPORT-AIRGAP-56-001 | TODO | SPRINT_160_export_evidence | Exporter Service Guild · Mirror Guild | Exporter + Mirror Creator + DevOps Guilds | Wait for Deployment bundle shape (068_AGDP0101) | AGEX0101 | ||
| EXPORT-AIRGAP-56-002 | TODO | SPRINT_160_export_evidence | Exporter Service Guild · DevOps Guild | Depends on #1 artifacts | Depends on #1 artifacts | AGEX0101 | ||
| EXPORT-AIRGAP-57-001 | TODO | SPRINT_160_export_evidence | ExportCenter Guild (src/ExportCenter/StellaOps.ExportCenter) |
src/ExportCenter/StellaOps.ExportCenter | Exporter Service + Evidence Locker Guild | EXAG0101 outputs | EVAH0101 | |
| EXPORT-AIRGAP-58-001 | TODO | SPRINT_162_exportcenter_i | ExportCenter Guild · Notifications Guild | src/ExportCenter/StellaOps.ExportCenter | Emit notifications and timeline events when Mirror Bundles or Bootstrap packs are ready for transfer. Dependencies: EXPORT-AIRGAP-57-001. | EXPORT-AIRGAP-57-001 | EVAH0101 | |
| EXPORT-ATTEST-74-001 | TODO | SPRINT_160_export_evidence | ExportCenter + Attestation Guilds | Attestation Bundle + Exporter Guilds | ATEL0101 | EVAH0101 | ||
| EXPORT-ATTEST-74-002 | TODO | SPRINT_160_export_evidence | ExportCenter + Attestation Guilds | EXPORT-ATTEST-74-001 | EXPORT-ATTEST-74-001 | EVAH0101 | ||
| EXPORT-ATTEST-75-001 | TODO | SPRINT_160_export_evidence | ExportCenter + CLI Guilds | Attestation Bundle + CLI + Exporter Guilds | EXPORT-ATTEST-74-001 | EVAH0101 | ||
| EXPORT-ATTEST-75-002 | TODO | SPRINT_160_export_evidence | ExportCenter + CLI Guilds | EXPORT-ATTEST-75-001 | EXPORT-ATTEST-75-001 | EVAH0101 | ||
| EXPORT-CONSOLE-23-001 | TODO | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild, Scheduler Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Build evidence bundle/export generator producing signed manifests, CSV/JSON replay endpoints, and trace attachments; integrate with scheduler jobs and expose progress telemetry | EVOA0101 | ||
| EXPORT-CRYPTO-90-001 | TODO | SPRINT_160_export_evidence | ExportCenter + Security Guilds (src/ExportCenter/StellaOps.ExportCenter) |
src/ExportCenter/StellaOps.ExportCenter | Exporter Service + Security Guilds | Security review | EVOA0101 | |
| EXPORT-OAS-61 | TODO | SPRINT_160_export_evidence | ExportCenter + API Governance | Exporter Service + API Governance + SDK Guilds | OAS spec finalization | EVOA0101 | ||
| EXPORT-OAS-61-001 | TODO | SPRINT_162_exportcenter_i | ExportCenter + API Contracts Guild | src/ExportCenter/StellaOps.ExportCenter | Update Exporter OAS covering profiles, runs, downloads, devportal exports with standard error envelope and examples. | EXPORT-OAS-61 | EVOA0101 | |
| EXPORT-OAS-61-002 | TODO | SPRINT_162_exportcenter_i | ExportCenter + API Guild | src/ExportCenter/StellaOps.ExportCenter | Provide /.well-known/openapi discovery endpoint with version metadata and ETag. Dependencies: EXPORT-OAS-61-001. |
EXPORT-OAS-61 | EVOA0101 | |
| EXPORT-OAS-62 | TODO | SPRINT_160_export_evidence | ExportCenter + API Governance | EXPORT-OAS-61 | EXPORT-OAS-61 | EVOA0101 | ||
| EXPORT-OAS-62-001 | TODO | SPRINT_162_exportcenter_i | ExportCenter + API Guilds (src/ExportCenter/StellaOps.ExportCenter) |
src/ExportCenter/StellaOps.ExportCenter | Ensure SDKs include export profile/run clients with streaming download helpers; add smoke tests. Dependencies: EXPORT-OAS-61-002. | EVOA0101 outputs | EVOA0102 | |
| EXPORT-OAS-63 | TODO | SPRINT_160_export_evidence | Exporter Service Guild · API Governance Guild | Needs API governance sign-off (049_APIG0101) | Needs API governance sign-off (049_APIG0101) | AGEX0101 | ||
| EXPORT-OAS-63-001 | TODO | SPRINT_163_exportcenter_ii | Exporter Service Guild · SDK Guild | src/ExportCenter/StellaOps.ExportCenter | Implement deprecation headers and notifications for legacy export endpoints. Dependencies: EXPORT-OAS-62-001. | Requires #3 schema | AGEX0101 | |
| EXPORT-OBS-50-001 | TODO | SPRINT_163_exportcenter_ii | Exporter Service Guild · Observability Guild | src/ExportCenter/StellaOps.ExportCenter | Adopt telemetry core in exporter service + workers, ensuring spans/logs capture profile id, tenant, artifact counts, distribution type, and trace IDs. | Wait for telemetry schema drop from 046_TLTY0101 | ECOB0101 | |
| EXPORT-OBS-51-001 | TODO | SPRINT_0503_0001_0001_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | Downstream automation awaiting assembler staffing outcome. | PROGRAM-STAFF-1001 | ECOB0101 | ||
| EXPORT-OBS-52-001 | TODO | SPRINT_163_exportcenter_ii | Exporter Service Guild | src/ExportCenter/StellaOps.ExportCenter | Publish timeline events for export lifecycle (export.requested, export.built, export.distributed, export.failed) embedding manifest hashes and evidence refs. Provide dedupe + retry logic. Dependencies: EXPORT-OBS-51-001. |
Requires shared middleware from task #1 | ECOB0101 | |
| EXPORT-OBS-53-001 | TODO | SPRINT_163_exportcenter_ii | Exporter Service Guild · Evidence Locker Guild | src/ExportCenter/StellaOps.ExportCenter | Push export manifests + distribution transcripts to evidence locker bundles, ensuring Merkle root alignment and DSSE pre-sign data available. Dependencies: EXPORT-OBS-52-001. | Blocked on Evidence Locker DSSE API (002_ATEL0101) | ECOB0101 | |
| EXPORT-OBS-54-001 | TODO | SPRINT_163_exportcenter_ii | Exporter Service Guild · Provenance Guild | src/ExportCenter/StellaOps.ExportCenter | Produce DSSE attestations for each export artifact and distribution target, expose verification API /exports/{id}/attestation, and integrate with CLI verify path. Dependencies: EXPORT-OBS-53-001. |
PROGRAM-STAFF-1001; EXPORT-MIRROR-ORCH-1501 | ECOB0101 | |
| EXPORT-OBS-54-002 | TODO | SPRINT_163_exportcenter_ii | Exporter Service Guild · Provenance Guild | src/ExportCenter/StellaOps.ExportCenter | Add promotion attestation assembly to export runs (compute SBOM/VEX digests, embed Rekor proofs, bundle DSSE envelopes) and ensure Offline Kit packaging includes the resulting JSON + DSSE envelopes. Dependencies: EXPORT-OBS-54-001, PROV-OBS-53-003. | Needs #5 for consistent dimensions | ECOB0101 | |
| EXPORT-OBS-55-001 | TODO | SPRINT_163_exportcenter_ii | Exporter Service Guild · DevOps Guild | src/ExportCenter/StellaOps.ExportCenter | Add incident mode enhancements (extra tracing for slow exports, additional debug logs, retention bump). Emit incident activation events to timeline + notifier. Dependencies: EXPORT-OBS-54-001. | Requires DevOps alert templates (045_DVDO0103) | ECOB0101 | |
| EXPORT-RISK-69-001 | TODO | SPRINT_163_exportcenter_ii | Exporter Service Guild · Risk Bundle Guild | src/ExportCenter/StellaOps.ExportCenter | Add Export Center job handler risk-bundle with provider selection, manifest signing, and audit logging. |
Wait for Risk engine inputs (042_RPRC0101) | AGEX0101 | |
| EXPORT-RISK-69-002 | TODO | SPRINT_163_exportcenter_ii | ExportCenter + Risk Guilds | src/ExportCenter/StellaOps.ExportCenter | Enable simulation report exports pulling scored data + explainability snapshots. Dependencies: EXPORT-RISK-69-001. | EXRS0101 outputs | EVRK0101 | |
| EXPORT-RISK-70-001 | TODO | SPRINT_163_exportcenter_ii | ExportCenter + DevOps Guild | src/ExportCenter/StellaOps.ExportCenter | Integrate risk bundle builds into offline kit packaging with checksum verification. Dependencies: EXPORT-RISK-69-002. | EXPORT-RISK-69-002 | EVRK0101 | |
| EXPORT-SVC-35-001 | BLOCKED (2025-10-29) | 2025-10-29 | SPRINT_163_exportcenter_ii | ExportCenter Guild (src/ExportCenter/StellaOps.ExportCenter) |
src/ExportCenter/StellaOps.ExportCenter | Bootstrap exporter service project, configuration, and Postgres migrations for export_profiles, export_runs, export_inputs, export_distributions with tenant scoping + tests. |
Await EVFL0101 evidence feed | ESVC0101 |
| EXPORT-SVC-35-002 | TODO | SPRINT_163_exportcenter_ii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Implement planner + scope resolver translating filters into ledger iterators and orchestrator job payloads; include deterministic sampling and validation. Dependencies: EXPORT-SVC-35-001. | EXPORT-SVC-35-001 | ESVC0101 | |
| EXPORT-SVC-35-003 | TODO | SPRINT_163_exportcenter_ii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Deliver JSON adapters (json:raw, json:policy) with canonical normalization, redaction allowlists, compression, and manifest counts. Dependencies: EXPORT-SVC-35-002. |
EXPORT-SVC-35-001 | ESVC0101 | |
| EXPORT-SVC-35-004 | TODO | SPRINT_163_exportcenter_ii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Build mirror (full) adapter producing filesystem layout, indexes, manifests, and README with download-only distribution. Dependencies: EXPORT-SVC-35-003. | EXPORT-SVC-35-002 | ESVC0101 | |
| EXPORT-SVC-35-005 | TODO | SPRINT_163_exportcenter_ii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Implement manifest/provenance writer and KMS signing/attestation (detached + embedded) for bundle outputs. Dependencies: EXPORT-SVC-35-004. | EXPORT-SVC-35-003 | ESVC0101 | |
| EXPORT-SVC-35-006 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Expose Export API (profiles, runs, download, SSE updates) with audit logging, concurrency controls, and viewer/operator RBAC integration. Dependencies: EXPORT-SVC-35-005. | EXPORT-SVC-35-004 | ESVC0101 | |
| EXPORT-SVC-36-001 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Implement Trivy DB adapter (core) with schema mappings, version flag gating, and validation harness. Dependencies: EXPORT-SVC-35-006. | ESVC0101 outputs | ESVC0102 | |
| EXPORT-SVC-36-002 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Add Trivy Java DB variant with shared manifest entries and adapter regression tests. Dependencies: EXPORT-SVC-36-001. | EXPORT-SVC-36-001 | ESVC0102 | |
| EXPORT-SVC-36-003 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Build OCI distribution engine (manifests, descriptors, annotations) with registry auth support and retries. Dependencies: EXPORT-SVC-36-002. | EXPORT-SVC-36-001 | ESVC0102 | |
| EXPORT-SVC-36-004 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Extend planner/run lifecycle for distribution targets (OCI/object storage) with idempotent metadata updates and retention timestamps. Dependencies: EXPORT-SVC-36-003. | EXPORT-SVC-36-002 | ESVC0102 | |
| EXPORT-SVC-37-001 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Implement mirror delta adapter with base manifest comparison, change set generation, and content-addressed reuse. Dependencies: EXPORT-SVC-36-004. | EXPORT-SVC-35-006 | ESVC0102 | |
| EXPORT-SVC-37-002 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Add bundle encryption (age/AES-GCM), key wrapping via KMS, and verification tooling for encrypted outputs. Dependencies: EXPORT-SVC-37-001. | EXPORT-SVC-37-001 | ESVC0102 | |
| EXPORT-SVC-37-003 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Implement export scheduling (cron/event), retention pruning, retry idempotency, and failure classification. Dependencies: EXPORT-SVC-37-002. | EXPORT-SVC-37-002 | ESVC0103 | |
| EXPORT-SVC-37-004 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Provide verification API to stream manifests/hashes, compute hash+signature checks, and return attest status for CLI/UI. Dependencies: EXPORT-SVC-37-003. | EXPORT-SVC-37-003 | ESVC0103 | |
| EXPORT-SVC-43-001 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Integrate pack run manifests/artifacts into export bundles and CLI verification flows; expose provenance links. Dependencies: EXPORT-SVC-37-004. | EXPORT-SVC-37-004 | ESVC0103 | |
| EXPORT-TEN-48-001 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | ExportCenter + Tenancy Guild | src/ExportCenter/StellaOps.ExportCenter | Prefix artifacts/manifests with tenant/project, enforce scope checks, and prevent cross-tenant exports unless explicitly whitelisted; update provenance. | EXPORT-SVC-37-004 | ESVC0103 | |
| FEEDCONN-CCCS-02-009 | TODO | SPRINT_117_concelier_vi | Concelier Connector Guild – CCCS (src/Concelier/__Libraries/StellaOps.Concelier.Connector.Cccs) | src/Concelier/__Libraries/StellaOps.Concelier.Connector.Cccs | Emit CCCS version ranges into advisory_observations.affected.versions[] with provenance anchors (cccs:{serial}:{index}) and normalized comparison keys per the Link-Not-Merge schema/doc recipes. Depends on CONCELIER-LNM-21-001. |
— | FEFC0101 | |
| FEEDCONN-CERTBUND-02-010 | TODO | SPRINT_117_concelier_vi | Concelier Connector Guild – CertBund (src/Concelier/__Libraries/StellaOps.Concelier.Connector.CertBund) | src/Concelier/__Libraries/StellaOps.Concelier.Connector.CertBund | Translate CERT-Bund product.Versions phrases into normalized ranges + provenance identifiers (certbund:{advisoryId}:{vendor}) while retaining localisation notes; update mapper/tests for Link-Not-Merge. Depends on CONCELIER-LNM-21-001. |
— | FEFC0101 | |
| FEEDCONN-CISCO-02-009 | DOING | 2025-11-08 | SPRINT_117_concelier_vi | Concelier Connector Guild – Cisco (src/Concelier/__Libraries/StellaOps.Concelier.Connector.Vndr.Cisco) | src/Concelier/__Libraries/StellaOps.Concelier.Connector.Vndr.Cisco | Emit Cisco SemVer ranges into the new observation schema with provenance IDs (cisco:{productId}) and deterministic comparison keys; refresh fixtures to remove merge counters. Depends on CONCELIER-LNM-21-001. |
— | FEFC0101 |
| FEEDCONN-ICSCISA-02-012 | BLOCKED | SPRINT_0503_0001_0001_ops_devops_i | Concelier Feed Owners | Overdue provenance refreshes require schedule from feed owners. | FEED-REMEDIATION-1001 | FEFC0101 | ||
| FEEDCONN-KISA-02-008 | BLOCKED | SPRINT_0503_0001_0001_ops_devops_i | Concelier Feed Owners | FEED-REMEDIATION-1001 | FEED-REMEDIATION-1001 | FEFC0101 | ||
| FORENSICS-53-001 | TODO | SPRINT_0202_0001_0002_cli_ii | Forensics Guild | src/Cli/StellaOps.Cli | Replay data set | Replay data set | FONS0101 | |
| FORENSICS-53-002 | TODO | SPRINT_0304_0001_0004_docs_tasks_md_iv | Forensics Guild | FORENSICS-53-001 | FORENSICS-53-001 | FONS0101 | ||
| FORENSICS-53-003 | TODO | SPRINT_0304_0001_0004_docs_tasks_md_iv | Forensics Guild | FORENSICS-53-001 | FORENSICS-53-001 | FONS0101 | ||
| FORENSICS-54-001 | TODO | SPRINT_0202_0001_0002_cli_ii | Forensics Guild | src/Cli/StellaOps.Cli | FORENSICS-53 outputs | FORENSICS-53 outputs | FONS0101 | |
| FORENSICS-54-002 | TODO | SPRINT_0202_0001_0002_cli_ii | Forensics Guild | src/Cli/StellaOps.Cli | FORENSICS-54-001 | FORENSICS-54-001 | FONS0101 | |
| FS-03 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | SURFACE-FS-02 | SURFACE-FS-02 | SFFS0101 | |
| FS-04 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | FS-03 | SURFACE-FS-02 | SFFS0101 | |
| FS-05 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild · Scheduler Guild | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | SURFACE-FS-03 | SURFACE-FS-03 | SFFS0101 | |
| FS-06 | TODO | SPRINT_0136_0001_0001_scanner_surface | Docs Guild | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | SURFACE-FS-02 | SURFACE-FS-02 | SFFS0101 | |
| FS-07 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | SCANNER-SURFACE-04 | SCANNER-SURFACE-04 | SFFS0101 | |
| GAP-DOC-008 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild | docs/reachability/function-level-evidence.md, docs/09_API_CLI_REFERENCE.md, docs/api/policy.md |
Publish the cross-module function-level evidence guide, update API/CLI references with the new code_id fields, and add OpenVEX/replay samples under samples/reachability/**. |
DOAG0101 outputs | GAPG0101 | |
| GAP-POL-005 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild · Docs Guild | src/Policy/StellaOps.Policy.Engine, docs/modules/policy/architecture.md, docs/reachability/function-level-evidence.md |
Ingest reachability facts into Policy Engine, expose reachability.state/confidence in SPL/API, enforce auto-suppress (<0.30) rules, and generate OpenVEX evidence blocks referencing graph hashes + runtime facts with policy thresholds. |
GAP-DOC-008 | GAPG0101 | |
| GAP-REP-004 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild | src/__Libraries/StellaOps.Replay.Core, docs/replay/DETERMINISTIC_REPLAY.md |
Enforce BLAKE3 hashing + CAS registration for graphs/traces before manifest writes, upgrade replay manifest v2 with analyzer versions/policy thresholds, and add deterministic tests. | GAP-DOC-008 | GAPG0101 | |
| GAP-SCAN-001 | DONE (2025-12-03) | SPRINT_400_runtime_facts_static_callgraph_union | Scanner Guild · GAP Guild | src/Scanner/StellaOps.Scanner.Worker, docs/modules/scanner/architecture.md, docs/reachability/function-level-evidence.md |
Implement binary/language symbolizers that emit richgraph-v1 payloads with canonical SymbolID = {file:hash, section, addr, name, linkage} plus code_id anchors, persist graphs to CAS via StellaOps.Scanner.Reachability, and refresh analyzer docs/fixtures. |
GAP-POL-005 | GAPG0101 | |
| GAP-SIG-003 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Security Guild · GAP Guild | src/Signals/StellaOps.Signals, docs/reachability/function-level-evidence.md |
Finish /signals/runtime-facts ingestion, add CAS-backed runtime storage, extend scoring to lattice states (Unknown/NotPresent/Unreachable/Conditional/Reachable/Observed), and emit signals.fact.updated events. Document retention/RBAC. |
GAP-POL-005 | GAPG0101 | |
| GAP-SYM-007 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild | src/Scanner/StellaOps.Scanner.Models, docs/modules/scanner/architecture.md, docs/reachability/function-level-evidence.md |
Extend reachability evidence schema/DTOs with demangled symbol hints, symbol.source, confidence, and optional code_block_hash; ensure Scanner SBOM/evidence writers and CLI serializers emit the new fields deterministically. |
GAP-SIG-003 | GAPG0101 | |
| GAP-VEX-006 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | VEX Guild | docs/modules/excititor/architecture.md, src/Cli/StellaOps.Cli, src/UI/StellaOps.UI, docs/09_API_CLI_REFERENCE.md |
Wire Policy/Excititor/UI/CLI surfaces so VEX emission and explain drawers show call paths, graph hashes, and runtime hits; add CLI --evidence=graph/--threshold plus Notify template updates. |
GAP-POL-005 | GAPG0101 | |
| GAP-ZAS-002 | TODO | SPRINT_400_runtime_facts_static_callgraph_union | Zastava Guild | src/Zastava/StellaOps.Zastava.Observer, docs/modules/zastava/architecture.md, docs/reachability/function-level-evidence.md |
Stream runtime NDJSON batches carrying {symbol_id, code_id, hit_count, loader_base} plus CAS URIs, capture build-ids/entrypoints, and draft the operator runbook (docs/runbooks/reachability-runtime.md). Integrate with /signals/runtime-facts once Sprint 401 lands ingestion. |
GAP-SCAN-001 | GAPG0101 | |
| GO-32-001 | DONE | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go) |
src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | DOOR0102 APIs | DOOR0102 APIs | GOSD0101 | |
| GO-32-002 | DONE | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | GO-32-001 | GO-32-001 | GOSD0101 | |
| GO-33-001 | DONE | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | GO-32-002 | GO-32-002 | GOSD0101 | |
| GO-33-002 | DONE | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | GO-33-001 | GO-33-001 | GOSD0101 | |
| GO-34-001 | DONE | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | GO-33-002 | GO-33-002 | GOSD0101 | |
| GRAPH-21-001 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner WebService Guild | src/Scanner/StellaOps.Scanner.WebService | Link-Not-Merge schema | Link-Not-Merge schema | GRSC0101 | |
| GRAPH-21-002 | BLOCKED (2025-10-27) | 2025-10-27 | SPRINT_113_concelier_ii | Concelier Core Guild · Scanner Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | GRAPH-21-001 | GRAPH-21-001 | GRSC0101 |
| GRAPH-21-003 | TODO | 2025-10-27 | SPRINT_0213_0001_0002_web_ii | Scanner WebService Guild | src/Web/StellaOps.Web | GRAPH-21-001 | GRAPH-21-001 | GRSC0101 |
| GRAPH-21-004 | TODO | 2025-10-27 | SPRINT_0213_0001_0002_web_ii | Scanner WebService Guild | src/Web/StellaOps.Web | GRAPH-21-002 | GRAPH-21-002 | GRSC0101 |
| GRAPH-21-005 | BLOCKED (2025-10-27) | 2025-10-27 | SPRINT_0120_0001_0002_excititor_ii | Excititor Storage Guild | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo | GRAPH-21-002 | GRAPH-21-002 | GRSC0101 |
| GRAPH-24-001 | TODO | SPRINT_0209_0001_0001_ui_i | UI Guild (src/UI/StellaOps.UI) |
src/UI/StellaOps.UI | GRSC0101 outputs | GRSC0101 outputs | GRUI0101 | |
| GRAPH-24-002 | TODO | SPRINT_0209_0001_0001_ui_i | UI Guild | src/UI/StellaOps.UI | GRAPH-24-001 | GRAPH-24-001 | GRUI0101 | |
| GRAPH-24-003 | TODO | SPRINT_0209_0001_0001_ui_i | UI Guild | src/UI/StellaOps.UI | GRAPH-24-001 | GRAPH-24-001 | GRUI0101 | |
| GRAPH-24-004 | TODO | SPRINT_0209_0001_0001_ui_i | UI Guild | src/UI/StellaOps.UI | GRAPH-24-002 | GRAPH-24-002 | GRUI0101 | |
| GRAPH-24-005 | TODO | SPRINT_0304_0001_0004_docs_tasks_md_iv | UI Guild | GRAPH-24-003 | GRAPH-24-003 | GRUI0101 | ||
| GRAPH-24-006 | TODO | SPRINT_0209_0001_0001_ui_i | UI Guild | src/UI/StellaOps.UI | GRAPH-24-004 | GRAPH-24-004 | GRUI0101 | |
| GRAPH-24-007 | TODO | SPRINT_0304_0001_0004_docs_tasks_md_iv | UI Guild | GRAPH-24-005 | GRAPH-24-005 | GRUI0101 | ||
| GRAPH-24-101 | TODO | SPRINT_113_concelier_ii | UI Guild | src/Concelier/StellaOps.Concelier.WebService | GRAPH-24-001 | GRAPH-24-001 | GRUI0101 | |
| GRAPH-24-102 | TODO | SPRINT_0120_0001_0002_excititor_ii | UI Guild | src/Excititor/StellaOps.Excititor.WebService | GRAPH-24-101 | GRAPH-24-101 | GRUI0101 | |
| GRAPH-28-102 | TODO | SPRINT_113_concelier_ii | Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | GRAPI0101 | |||
| GRAPH-API-28-001 | DONE (2025-11-24) | 2025-11-24 | SPRINT_0207_0001_0001_graph | Graph API Guild (src/Graph/StellaOps.Graph.Api) | src/Graph/StellaOps.Graph.Api | Define OpenAPI + JSON schema for graph search/query/paths/diff/export endpoints, including cost metadata and streaming tile schema. | — | ORGR0101 |
| GRAPH-API-28-002 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0207_0001_0001_graph | Graph API Guild (src/Graph/StellaOps.Graph.Api) | src/Graph/StellaOps.Graph.Api | Implement /graph/search with multi-type index lookup, prefix/exact match, RBAC enforcement, and result ranking + caching. Dependencies: GRAPH-API-28-001. |
— | ORGR0101 |
| GRAPH-API-28-003 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0207_0001_0001_graph | Graph API Guild (src/Graph/StellaOps.Graph.Api) | src/Graph/StellaOps.Graph.Api | Build query planner + cost estimator for /graph/query, stream tiles (nodes/edges/stats) progressively, enforce budgets, provide cursor tokens. Dependencies: GRAPH-API-28-002. |
— | ORGR0101 |
| GRAPH-API-28-004 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0207_0001_0001_graph | Graph API Guild (src/Graph/StellaOps.Graph.Api) | src/Graph/StellaOps.Graph.Api | Implement /graph/paths with depth ≤6, constraint filters, heuristic shortest path search, and optional policy overlay rendering. Dependencies: GRAPH-API-28-003. |
— | ORGR0101 |
| GRAPH-API-28-005 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0207_0001_0001_graph | Graph API Guild (src/Graph/StellaOps.Graph.Api) | src/Graph/StellaOps.Graph.Api | Implement /graph/diff streaming added/removed/changed nodes/edges between SBOM snapshots; include overlay deltas and policy/VEX/advisory metadata. Dependencies: GRAPH-API-28-004. |
— | ORGR0101 |
| GRAPH-API-28-006 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0207_0001_0001_graph | Graph API Guild (src/Graph/StellaOps.Graph.Api) | src/Graph/StellaOps.Graph.Api | Consume Policy Engine overlay contract (POLICY-ENGINE-30-001..003) and surface advisory/VEX/policy overlays with caching, partial materialization, and explain trace sampling for focused nodes. Dependencies: GRAPH-API-28-005. |
— | ORGR0101 |
| GRAPH-API-28-007 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0207_0001_0001_graph | Graph API Guild (src/Graph/StellaOps.Graph.Api) |
src/Graph/StellaOps.Graph.Api | Implement exports (graphml, csv, ndjson, png, svg) with async job management, checksum manifests, and streaming downloads. Dependencies: GRAPH-API-28-006. |
ORGR0101 outputs | GRAPI0101 |
| GRAPH-API-28-008 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0207_0001_0001_graph | Graph API + Authority Guilds | src/Graph/StellaOps.Graph.Api | Integrate RBAC scopes (graph:read, graph:query, graph:export), tenant headers, audit logging, and rate limiting. Dependencies: GRAPH-API-28-007. |
GRAPH-API-28-007 | GRAPI0101 |
| GRAPH-API-28-009 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0207_0001_0001_graph | Graph API + Observability Guilds | src/Graph/StellaOps.Graph.Api | Instrument metrics (graph_tile_latency_seconds, graph_query_budget_denied_total, graph_overlay_cache_hit_ratio), structured logs, and traces per query stage; publish dashboards. Dependencies: GRAPH-API-28-008. |
GRAPH-API-28-007 | GRAPI0101 |
| GRAPH-API-28-010 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Build unit/integration/load tests with synthetic datasets (500k nodes/2M edges), fuzz query validation, verify determinism across runs. Dependencies: GRAPH-API-28-009. | GRAPH-API-28-008 | GRAPI0101 |
| GRAPH-API-28-011 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Provide deployment manifests, offline kit support, API gateway integration docs, and smoke tests. Dependencies: GRAPH-API-28-010. | GRAPH-API-28-009 | GRAPI0101 |
| GRAPH-CAS-401-001 | BLOCKED (2025-11-27) | Await richgraph-v1 schema + CAS layout | SPRINT_0401_0001_0001_reachability_evidence_chain | Scanner Worker Guild | src/Scanner/StellaOps.Scanner.Worker |
Finalize richgraph schema (richgraph-v1), emit canonical SymbolIDs, compute graph hash (BLAKE3), and store CAS manifests under cas://reachability/graphs/{sha256}. Update Scanner Worker adapters + fixtures. |
Depends on #1 | CASC0101 |
| GRAPH-DOCS-0001 | DONE (2025-11-05) | 2025-11-05 | SPRINT_321_docs_modules_graph | Docs Guild | docs/modules/graph | Validate that graph module README/diagrams reflect the latest overlay + snapshot updates. | GRAPI0101 evidence | GRDG0101 |
| GRAPH-DOCS-0002 | DONE (2025-11-26) | 2025-11-26 | SPRINT_321_docs_modules_graph | Docs Guild | docs/modules/graph | Pending DOCS-GRAPH-24-003 to add API/query doc cross-links | GRAPI0101 outputs | GRDG0101 |
| GRAPH-ENG-0001 | TODO | SPRINT_321_docs_modules_graph | Module Team | docs/modules/graph | Keep module milestones in sync with /docs/implplan/SPRINT_141_graph.md and related files. |
GRSC0101 | GRDG0101 | |
| GRAPH-INDEX-28-007 | DOING | SPRINT_0140_0001_0001_runtime_signals | — | Running on scanner surface mock bundle v1; will validate again once real caches drop. | — | ORGR0101 | ||
| GRAPH-INDEX-28-008 | TODO | SPRINT_0140_0001_0001_runtime_signals | — | Incremental update/backfill pipeline depends on 28-007 artifacts; retry/backoff plumbing sketched but blocked. | — | ORGR0101 | ||
| GRAPH-INDEX-28-009 | TODO | SPRINT_0140_0001_0001_runtime_signals | — | Test/fixture/chaos coverage waits on earlier jobs to exist so determinism checks have data. | — | ORGR0101 | ||
| GRAPH-INDEX-28-010 | TODO | SPRINT_0140_0001_0001_runtime_signals | — | Packaging/offline bundles paused until upstream graph jobs are available to embed. | — | ORGR0101 | ||
| GRAPH-INDEX-28-011 | TODO | 2025-11-04 | SPRINT_0207_0001_0001_graph | Graph Index Guild | src/Graph/StellaOps.Graph.Indexer | Wire SBOM ingest runtime to emit graph snapshot artifacts, add DI factory helpers, and document Mongo/snapshot environment guidance. Dependencies: GRAPH-INDEX-28-002..006. | GRSC0101 outputs | GRIX0101 |
| GRAPH-OPS-0001 | DONE (2025-11-26) | 2025-11-26 | SPRINT_321_docs_modules_graph | Ops Guild | docs/modules/graph | Review graph observability dashboards/runbooks after the next sprint demo. | GRUI0101 | GRDG0101 |
| HELM-45-001 | TODO | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild (ops/deployment) | ops/deployment | GRIX0101 | |||
| HELM-45-002 | TODO | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment Guild, Security Guild (ops/deployment) | ops/deployment | Add TLS/Ingress, NetworkPolicy, PodSecurityContexts, Secrets integration (external secrets), and document security posture. Dependencies: HELM-45-001. | GRIX0101 | ||
| HELM-45-003 | TODO | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment Guild, Observability Guild (ops/deployment) | ops/deployment | Implement HPA, PDB, readiness gates, Prometheus scraping annotations, OTel configuration hooks, and upgrade hooks. Dependencies: HELM-45-002. | GRIX0101 | ||
| ICSCISA-02-012 | BLOCKED | SPRINT_0503_0001_0001_ops_devops_i | Concelier Feed Owners (src/Concelier/__Libraries/StellaOps.Concelier.Core) |
src/Concelier/__Libraries/StellaOps.Concelier.Core | FEED-REMEDIATION-1001 | FEED-REMEDIATION-1001 | CCFD0101 | |
| IMP-56-001 | TODO | SPRINT_510_airgap | AirGap Importer Guild | src/AirGap/StellaOps.AirGap.Importer | Harden base importer pipeline. | EXAG0101 | GRIX0101 | |
| IMP-56-002 | TODO | SPRINT_510_airgap | AirGap Importer + Security Guilds | src/AirGap/StellaOps.AirGap.Importer | IMP-56-001 | IMP-56-001 | IMIM0101 | |
| IMP-57-001 | TODO | SPRINT_510_airgap | AirGap Importer Guild | src/AirGap/StellaOps.AirGap.Importer | IMP-56-002 | IMP-56-002 | IMIM0101 | |
| IMP-57-002 | TODO | SPRINT_510_airgap | AirGap Importer + DevOps Guilds | src/AirGap/StellaOps.AirGap.Importer | IMP-57-001 | IMP-57-001 | IMIM0101 | |
| IMP-58-001 | TODO | SPRINT_510_airgap | AirGap Importer + CLI Guilds | src/AirGap/StellaOps.AirGap.Importer | IMP-57-002 | IMP-57-002 | IMIM0101 | |
| IMP-58-002 | TODO | SPRINT_510_airgap | AirGap Importer + Observability Guilds | src/AirGap/StellaOps.AirGap.Importer | IMP-58-001 | IMP-58-001 | IMIM0101 | |
| IMPACT-16-001 | TODO | SPRINT_512_bench | Bench Guild (src/Bench/StellaOps.Bench) |
src/Bench/StellaOps.Bench | Harden impact scoring + fixtures. | GRSC0101 outputs | IMIM0101 | |
| IMPACT-16-303 | DONE | SPRINT_0155_0001_0001_scheduler_i | Scheduler ImpactIndex Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.ImpactIndex) |
src/Scheduler/__Libraries/StellaOps.Scheduler.ImpactIndex | IMPACT-16-001 | IMPACT-16-001 | IMPT0101 | |
| INDEX-28-007 | TODO | SPRINT_0140_0001_0001_runtime_signals | Graph Index Guild | src/Graph/StellaOps.Graph.Indexer | GRAPH-INDEX-28-011 | GRAPH-INDEX-28-011 | GRIX0101 | |
| INDEX-28-008 | TODO | SPRINT_0140_0001_0001_runtime_signals | Graph Index Guild | src/Graph/StellaOps.Graph.Indexer | INDEX-28-007 | INDEX-28-007 | GRIX0101 | |
| INDEX-28-009 | TODO | SPRINT_0140_0001_0001_runtime_signals | Graph Index Guild | src/Graph/StellaOps.Graph.Indexer | INDEX-28-008 | INDEX-28-008 | GRIX0101 | |
| INDEX-28-010 | TODO | SPRINT_0140_0001_0001_runtime_signals | Graph Indexer Guild (src/Graph/StellaOps.Graph.Indexer) | src/Graph/StellaOps.Graph.Indexer | INDEX-28-009 | GRIX0101 | ||
| INDEX-28-011 | DONE | 2025-11-04 | SPRINT_0207_0001_0001_graph | Graph Indexer Guild (src/Graph/StellaOps.Graph.Indexer) | src/Graph/StellaOps.Graph.Indexer | INDEX-28-010 | GRIX0101 | |
| INDEX-401-030 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Platform + Ops Guilds | docs/provenance/inline-dsse.md, ops/mongo/indices/events_provenance_indices.js |
Needs Ops approval for new Mongo index | Needs Ops approval for new Mongo index | RBRE0101 | |
| INGEST-401-013 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Symbols Guild · DevOps Guild (src/Symbols/StellaOps.Symbols.Ingestor.Cli) |
src/Symbols/StellaOps.Symbols.Ingestor.Cli, docs/specs/SYMBOL_MANIFEST_v1.md |
Implement deterministic ingest + docs. | RBRE0101 inline DSSE | IMPT0101 | |
| INLINE-401-028 | DONE | SPRINT_0401_0001_0001_reachability_evidence_chain | Authority Guild · Feedser Guild (docs/provenance/inline-dsse.md, src/__Libraries/StellaOps.Provenance.Mongo) |
docs/provenance/inline-dsse.md, src/__Libraries/StellaOps.Provenance.Mongo |
INST0101 | |||
| INSTALL-44-001 | TODO | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Ops Guild | DOIS0101 outputs | DOIS0101 outputs | INST0101 | ||
| INSTALL-45-001 | TODO | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Ops Guild | INSTALL-44-001 | INSTALL-44-001 | INST0101 | ||
| INSTALL-46-001 | TODO | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Security Guild | INSTALL-45-001 | INSTALL-45-001 | INST0101 | ||
| INSTALL-50-001 | TODO | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Support Guild | INSTALL-44-001 | INSTALL-44-001 | INST0101 | ||
| KEV providers` | TODO | SPRINT_115_concelier_iv | Concelier Core + Risk Engine Guilds (src/Concelier/__Libraries/StellaOps.Concelier.Core) |
src/Concelier/__Libraries/StellaOps.Concelier.Core | Surface vendor-provided CVSS/KEV/fix data exactly as published (with provenance anchors) through provider APIs so risk engines can reason about upstream intent. | ICSCISA-02-012 | CCFD0101 | |
| KISA-02-008 | BLOCKED | SPRINT_0503_0001_0001_ops_devops_i | Concelier Feed Owners | FEED-REMEDIATION-1001 | LATC0101 | |||
| KMS-73-001 | DONE (2025-11-03) | 2025-11-03 | SPRINT_100_identity_signing | KMS Guild (src/__Libraries/StellaOps.Cryptography.Kms) | src/__Libraries/StellaOps.Cryptography.Kms | AWS/GCP KMS drivers landed with digest-first signing, metadata caching, config samples, and docs/tests green. | AWS/GCP KMS drivers landed with digest-first signing, metadata caching, config samples, and docs/tests green. | KMSI0102 |
| KMS-73-002 | DONE (2025-11-03) | 2025-11-03 | SPRINT_100_identity_signing | KMS Guild (src/__Libraries/StellaOps.Cryptography.Kms) | src/__Libraries/StellaOps.Cryptography.Kms | PKCS#11 + FIDO2 drivers shipped (deterministic digesting, authenticator factories, DI extensions) with docs + xUnit fakes covering sign/verify/export flows. | FIDO2 | KMSI0102 |
| LATTICE-401-023 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Scanner Guild · Policy Guild | docs/reachability/lattice.md, docs/modules/scanner/architecture.md, src/Scanner/StellaOps.Scanner.WebService |
Update reachability/lattice docs + examples. | GRSC0101 & RBRE0101 | LEDG0101 | |
| LEDGER-29-007 | DONE | 2025-11-17 | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild (src/Findings/StellaOps.Findings.Ledger) |
src/Findings/StellaOps.Findings.Ledger | Instrument metrics | LEDGER-29-006 | PLLG0101 |
| LEDGER-29-008 | DONE | 2025-11-22 | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger + QA Guild | src/Findings/StellaOps.Findings.Ledger | Develop unit/property/integration tests, replay/restore tooling, determinism harness, and load tests at 5M findings/tenant | LEDGER-29-007 | PLLG0101 |
| LEDGER-29-009 | BLOCKED | 2025-11-17 | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger + DevOps Guild | src/Findings/StellaOps.Findings.Ledger | Provide deployment manifests | LEDGER-29-008 | PLLG0101 |
| LEDGER-34-101 | TODO | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild | src/Findings/StellaOps.Findings.Ledger | Link orchestrator run ledger exports into Findings Ledger provenance chain, index by artifact hash, and expose audit queries | LEDGER-29-009 | PLLG0101 | |
| LEDGER-AIRGAP-56 | TODO | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger + AirGap Guilds | AirGap ledger schema. | PLLG0102 | PLLG0102 | ||
| LEDGER-AIRGAP-56-001 | TODO | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild | src/Findings/StellaOps.Findings.Ledger | Record bundle provenance (bundle_id, merkle_root, time_anchor) on ledger events for advisories/VEX/policies imported via Mirror Bundles |
LEDGER-AIRGAP-56 | PLLG0102 | |
| LEDGER-AIRGAP-56-002 | TODO | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger + AirGap Time Guild | src/Findings/StellaOps.Findings.Ledger | Surface staleness metrics for findings and block risk-critical exports when stale beyond thresholds; provide remediation messaging | LEDGER-AIRGAP-56-001 | PLLG0102 | |
| LEDGER-AIRGAP-57 | TODO | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild · AirGap Guilds · Evidence Locker Guild | — | — | PLLG0102 | ||
| LEDGER-AIRGAP-57-001 | TODO | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild, Evidence Locker Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Link findings evidence snapshots to portable evidence bundles and ensure cross-enclave verification works | LEDGER-AIRGAP-56-002 | PLLG0102 | |
| LEDGER-AIRGAP-58-001 | TODO | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild, AirGap Controller Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Emit timeline events for bundle import impacts | LEDGER-AIRGAP-57-001 | PLLG0102 | |
| LEDGER-ATTEST-73-001 | TODO | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild, Attestor Service Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Persist pointers from findings to verification reports and attestation envelopes for explainability | — | PLLG0102 | |
| LEDGER-ATTEST-73-002 | BLOCKED | SPRINT_0121_0001_0002_policy_reasoning_blockers | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Enable search/filter in findings projections by verification result and attestation status | LEDGER-ATTEST-73-001 | PLLG0102 | |
| LEDGER-EXPORT-35-001 | TODO | SPRINT_0121_0001_0001_policy_reasoning | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Provide paginated streaming endpoints for advisories, VEX, SBOMs, and findings aligned with export filters, including deterministic ordering and provenance metadata | — | PLLG0101 | |
| LEDGER-OAS-61-001 | BLOCKED | SPRINT_0121_0001_0002_policy_reasoning_blockers | Findings Ledger Guild, API Contracts Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Expand Findings Ledger OAS to include projections, evidence lookups, and filter parameters with examples | — | PLLG0101 | |
| LEDGER-OAS-61-002 | BLOCKED | SPRINT_0121_0001_0002_policy_reasoning_blockers | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Implement /.well-known/openapi endpoint and ensure version metadata matches release |
LEDGER-OAS-61-001 | PLLG0101 | |
| LEDGER-OAS-62-001 | BLOCKED | SPRINT_0121_0001_0002_policy_reasoning_blockers | Findings Ledger Guild, SDK Generator Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Provide SDK test cases for findings pagination, filtering, evidence links; ensure typed models expose provenance | LEDGER-OAS-61-002 | PLLG0101 | |
| LEDGER-OAS-63-001 | BLOCKED | SPRINT_0121_0001_0002_policy_reasoning_blockers | Findings Ledger Guild, API Governance Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Support deprecation headers and Notifications for retiring finding endpoints | LEDGER-OAS-62-001 | PLLG0101 | |
| LEDGER-OBS-50-001 | TODO | SPRINT_0121_0001_0001_policy_reasoning | Findings Ledger Guild, Observability Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Integrate telemetry core within ledger writer/projector services, emitting structured logs and trace spans for ledger append, projector replay, and query APIs with tenant context | — | PLLG0102 | |
| LEDGER-OBS-51-001 | TODO | SPRINT_0121_0001_0001_policy_reasoning | Findings Ledger Guild, DevOps Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Publish metrics for ledger latency, projector lag, event throughput, and policy evaluation linkage. Define SLOs | LEDGER-OBS-50-001 | PLLG0102 | |
| LEDGER-OBS-52-001 | TODO | SPRINT_0121_0001_0001_policy_reasoning | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Emit timeline events for ledger writes and projector commits | LEDGER-OBS-51-001 | PLLG0103 | |
| LEDGER-OBS-53-001 | TODO | SPRINT_0121_0001_0001_policy_reasoning | Findings Ledger Guild, Evidence Locker Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Persist evidence bundle references | LEDGER-OBS-52-001 | PLLG0103 | |
| LEDGER-OBS-54-001 | TODO | SPRINT_0121_0001_0001_policy_reasoning | Findings Ledger Guild, Provenance Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Verify attestation references for ledger-derived exports; expose /ledger/attestations endpoint returning DSSE verification state and chain-of-custody summary |
LEDGER-OBS-53-001 | PLLG0103 | |
| LEDGER-OBS-55-001 | BLOCKED | SPRINT_0121_0001_0002_policy_reasoning_blockers | Findings Ledger Guild, DevOps Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Enhance incident mode to record additional replay diagnostics | LEDGER-OBS-54-001 | PLLG0103 | |
| LEDGER-PACKS-42-001 | BLOCKED | SPRINT_0121_0001_0002_policy_reasoning_blockers | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Provide snapshot/time-travel APIs and digestable exports for task pack simulation and CLI offline mode | — | PLLG0103 | |
| LEDGER-RISK-66-001 | TODO | SPRINT_0121_0001_0001_policy_reasoning | Findings Ledger Guild, Risk Engine Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Add schema migrations for risk_score, risk_severity, profile_version, explanation_id, and supporting indexes |
— | PLLG0103 | |
| LEDGER-RISK-66-002 | TODO | SPRINT_0121_0001_0001_policy_reasoning | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Implement deterministic upsert of scoring results keyed by finding hash/profile version with history audit | LEDGER-RISK-66-001 | PLLG0103 | |
| LEDGER-RISK-67-001 | TODO | SPRINT_122_policy_reasoning | Findings Ledger Guild, Risk Engine Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Expose query APIs for scored findings with score/severity filters, pagination, and explainability links | LEDGER-RISK-66-002 | PLLG0103 | |
| LEDGER-RISK-68-001 | TODO | SPRINT_122_policy_reasoning | Findings Ledger Guild, Export Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Enable export of scored findings and simulation results via Export Center integration | LEDGER-RISK-67-001 | PLLG0103 | |
| LEDGER-RISK-69-001 | TODO | SPRINT_122_policy_reasoning | Findings Ledger Guild, Observability Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Emit metrics/dashboards for scoring latency, result freshness, severity distribution, provider gaps | LEDGER-RISK-68-001 | PLLG0103 | |
| LEDGER-TEN-48-001 | TODO | SPRINT_122_policy_reasoning | Findings Ledger Guild · Tenancy Guild | src/Findings/StellaOps.Findings.Ledger | Partition ledger tables by tenant/project, enable RLS, update queries/events, and stamp audit metadata | LEDGER-29-009 | LEDG0101 | |
| LENS-ENG-0001 | TODO | SPRINT_332_docs_modules_vex_lens | Module Team · Docs Guild | docs/modules/vex-lens | Engineering checklist. | DOVL0101 outputs | LEDG0101 | |
| LENS-OPS-0001 | TODO | SPRINT_332_docs_modules_vex_lens | Ops Guild · Docs Guild | docs/modules/vex-lens | Ops/runbook guidance. | LENS-ENG-0001 | LEDG0101 | |
| LIB-401-001 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild | src/Policy/StellaOps.PolicyDsl, docs/policy/dsl.md |
Update DSL library + docs. | DOAL0101 references | LEDG0101 | |
| LIB-401-002 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild · CLI Guild | tests/Policy/StellaOps.PolicyDsl.Tests, policy/default.dsl, docs/policy/lifecycle.md |
Expand tests/fixtures. | LIB-401-001 | LEDG0101 | |
| LIB-401-020 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild | src/Attestor/StellaOps.Attestation, src/Attestor/StellaOps.Attestor.Envelope |
Publish CAS fixtures + determinism tests. | LIB-401-002 | LEDG0101 | |
| LIC-0001 | TODO | 2025-11-10 | SPRINT_0138_0001_0001_scanner_ruby_parity | Legal Guild · Docs Guild | docs/modules/scanner | Refresh license notes. | SCANNER-ENG-0016 | LEDG0101 |
| LNM-21-001 | TODO | SPRINT_113_concelier_ii | CLI Guild (src/Cli/StellaOps.Cli) |
src/Concelier/__Libraries/StellaOps.Concelier.Core | Implement baseline LNM CLI verb. | DOLN0101 schema | LENS0101 | |
| LNM-21-002 | TODO | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Hash verification support. | LNM-21-001 | LENS0101 | |
| LNM-21-003 | TODO | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Filtering options. | LNM-21-002 | LIBC0101 | |
| LNM-21-004 | TODO | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Multi-bundle diff. | LNM-21-003 | LIBC0101 | |
| LNM-21-005 | TODO | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Export packaging. | LNM-21-004 | LIBC0101 | |
| LNM-21-101 | TODO | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | Deterministic tests. | LNM-21-001 | LIBC0101 | |
| LNM-21-102 | TODO | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | LNM-21-101 | LNM-21-101 | LNMC0101 | |
| LNM-21-103 | TODO | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | LNM-21-102 | LNM-21-102 | LNMC0101 | |
| LNM-21-201 | TODO | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/StellaOps.Concelier.WebService | Bundle validation enhancements. | LNMC0101 outputs | LNMC0101 | |
| LNM-21-202 | TODO | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/StellaOps.Concelier.WebService | Policy linking improvements. | LNM-21-201 | LNMC0101 | |
| LNM-21-203 | TODO | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/StellaOps.Concelier.WebService | Export reporting. | LNM-21-202 | LNMC0101 | |
| LNM-22-001 | TODO | SPRINT_0202_0001_0002_cli_ii | CLI Guild | src/Cli/StellaOps.Cli | CLI/UI shared components. | DOLN0101 | LNMC0101 | |
| LNM-22-002 | TODO | SPRINT_0202_0001_0002_cli_ii | CLI Guild | src/Cli/StellaOps.Cli | Additional filters. | LNM-22-001 | LNMC0101 | |
| LNM-22-003 | TODO | SPRINT_0210_0001_0002_ui_ii | UI Guild (src/UI/StellaOps.UI) |
src/UI/StellaOps.UI | UI ingestion view. | LNM-22-001 | LNMC0101 | |
| LNM-22-004 | TODO | SPRINT_0210_0001_0002_ui_ii | UI Guild | src/UI/StellaOps.UI | UI remediation workflow. | LNM-22-003 | IMPT0101 | |
| LNM-22-005 | BLOCKED (2025-10-27) | 2025-10-27 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs + UI Guild | Docs update for UI flows. | DOCS-LNM-22-004 | IMPT0101 | |
| LNM-22-007 | TODO | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Observability Guild | docs/modules/concelier/link-not-merge.md | Publish /docs/observability/aggregation.md with metrics/traces/logs/SLOs. Dependencies: DOCS-LNM-22-005. |
DOCS-LNM-22-005 | DOLN0102 | |
| LNM-22-008 | DONE | 2025-11-03 | SPRINT_117_concelier_vi | Docs Guild · DevOps Guild | docs/modules/concelier/link-not-merge.md | Document Link-Not-Merge migration playbook updates in docs/migration/no-merge.md, including rollback guidance. |
LNM-22-007 | DOLN0102 |
| MIRROR-CRT-56-001 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator Guild | Deterministic assembler has no owner; kickoff rescheduled to 2025-11-15. | PROGRAM-STAFF-1001 | ATMI0101 | ||
| MIRROR-CRT-56-002 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator · Security Guilds | DSSE/TUF metadata follows assembler baseline. | MIRROR-CRT-56-001; MIRROR-DSSE-REV-1501; PROV-OBS-53-001 | ATMI0101 | ||
| MIRROR-CRT-57-001 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator Guild · AirGap Time Guild | OCI/time-anchor workstreams blocked pending assembler + time contract. | MIRROR-CRT-56-001; AIRGAP-TIME-CONTRACT-1501; AIRGAP-TIME-57-001 | ATMI0101 | ||
| MIRROR-CRT-57-002 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator Guild · AirGap Time Guild | MIRROR-CRT-56-001; AIRGAP-TIME-CONTRACT-1501; AIRGAP-TIME-57-001 | MIRROR-CRT-56-001; AIRGAP-TIME-CONTRACT-1501; AIRGAP-TIME-57-001 | ATMI0101 | ||
| MIRROR-CRT-58-001 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator Guild · CLI Guild · Exporter Guild | CLI + Export automation depends on assembler and DSSE/TUF track. | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | ATMI0101 | ||
| MIRROR-CRT-58-002 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator Guild · CLI Guild · Exporter Guild | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | ATMI0101 | ||
| MTLS-11-002 | DONE | 2025-11-08 | SPRINT_100_identity_signing | Authority Core & Security Guild | src/Authority/StellaOps.Authority | Refresh grants enforce original client cert, tokens persist x5t#S256 metadata, docs updated. |
AUTH-DPOP-11-001 | AUIN0102 |
| NATIVE-401-015 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Scanner Worker Guild | src/Scanner/__Libraries/StellaOps.Scanner.Symbols.Native, src/Scanner/__Libraries/StellaOps.Scanner.CallGraph.Native |
Bootstrap Symbols.Native + CallGraph.Native scaffolding and coverage fixtures. | Needs replay requirements from DORR0101 | SCNA0101 | |
| NOTIFY-38-001 | TODO | SPRINT_0214_0001_0001_web_iii | BE-Base Platform Guild | src/Web/StellaOps.Web | Route approval/rule APIs through Web gateway with tenant scopes. | Wait for NOTY0103 approval payload schema | NOWB0101 | |
| NOTIFY-39-001 | TODO | SPRINT_0214_0001_0001_web_iii | BE-Base Platform Guild | src/Web/StellaOps.Web | Surface digest/simulation/quiet-hour controls in Web tier. | Needs correlation outputs from NOTY0105 | NOWB0101 | |
| NOTIFY-40-001 | TODO | SPRINT_0202_0001_0002_cli_ii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement escalations + ack workflows, localization previews, and channel health checks. | NOTIFY-39-001 | NOWC0101 | |
| NOTIFY-AIRGAP-56-002 | DONE | SPRINT_0170_0001_0001_notifications_telemetry | Notifications Service Guild · DevOps Guild | src/Notify/StellaOps.Notify | Ship AirGap-ready notifier bundles (Helm overlays, secrets templates, rollout guide). | MIRROR-CRT-56-001 | NOIA0101 | |
| NOTIFY-ATTEST-74-001 | DOING | SPRINT_0170_0001_0001_notifications_telemetry | Notifications Service Guild · Attestor Service Guild | src/Notify/StellaOps.Notify | Create attestor-driven notification templates + schema docs; publish in /docs/notifications/templates.md. |
ATEL0101 | NOIA0101 | |
| NOTIFY-ATTEST-74-002 | DOING | SPRINT_0170_0001_0001_notifications_telemetry | Notifications Service Guild | src/Notify/StellaOps.Notify | Wire attestor DSSE payload ingestion + Task Runner callbacks for attestation verdicts. | NOTIFY-ATTEST-74-001 | NOIA0101 | |
| NOTIFY-DOC-70-001 | DONE | SPRINT_0170_0001_0001_notifications_telemetry | Notifications Service Guild · DevOps Guild | docs/modules/notify | Keep as reference for documentation/offline-kit parity. | NOTIFY-AIRGAP-56-002 | DONO0102 | |
| NOTIFY-DOCS-0001 | DONE | 2025-11-05 | SPRINT_0322_0001_0001_docs_modules_notify | Docs Guild | docs/modules/notify | Validate module README reflects Notifications Studio pivot and latest release notes. | NOTIFY-DOC-70-001 | DONO0102 |
| NOTIFY-DOCS-0002 | TODO | 2025-11-05 | SPRINT_0322_0001_0001_docs_modules_notify | Docs Guild | docs/modules/notify | Pending NOTIFY-SVC-39-001..004 to document correlation/digests/simulation/quiet hours. | NOTIFY-SVC-39-004 | DONO0102 |
| NOTIFY-ENG-0001 | TODO | SPRINT_0322_0001_0001_docs_modules_notify | Module Team | docs/modules/notify | Keep implementation milestones aligned with /docs/implplan/SPRINT_0171_0001_0001_notifier_i.md onward. |
NOTY0103 | DONO0102 | |
| NOTIFY-OAS-61-001 | DONE (2025-11-17) | SPRINT_0171_0001_0001_notifier_i | Notifications Service Guild · API Governance Guild | docs/api/notifications | Update OpenAPI doc set (rule/incident endpoints) with new schemas + changelog. | NOTY0103 | NOOA0101 | |
| NOTIFY-OAS-61-002 | DONE (2025-11-17) | SPRINT_0171_0001_0001_notifier_i | Notifications Service Guild · SDK Guild | docs/api/notifications | Provide SDK usage examples for rule CRUD, incident ack, and quiet hours; ensure SDK smoke tests. | NOTIFY-OAS-61-001 | NOOA0101 | |
| NOTIFY-OAS-62-001 | DONE (2025-11-17) | SPRINT_0171_0001_0001_notifier_i | Notifications Service Guild · Developer Portal Guild | docs/api/notifications | Publish /docs/api/reference/notifications auto-generated site; integrate with portal nav. |
NOTIFY-OAS-61-002 | NOOA0101 | |
| NOTIFY-OAS-63-001 | DONE (2025-11-17) | SPRINT_0171_0001_0001_notifier_i | Notifications Service Guild · SDK Generator Guild | docs/api/notifications | Provide CLI/UI quickstarts plus recipes referencing new endpoints. | NOTIFY-OAS-61-002 | NOOA0101 | |
| NOTIFY-OBS-51-001 | DONE (2025-11-22) | SPRINT_0171_0001_0001_notifier_i | Notifications Service Guild · Observability Guild | src/Notifier/StellaOps.Notifier | Integrate SLO evaluator webhooks into Notifier rules; templates/routing/suppression; sample policies. | NOTY0104 | NOOB0101 | |
| NOTIFY-OBS-55-001 | DONE (2025-11-22) | SPRINT_0171_0001_0001_notifier_i | Notifications Service Guild · Ops Guild | src/Notifier/StellaOps.Notifier | Incident mode start/stop notifications with evidence links, retention notes, quiet-hour overrides, legal logging. | NOTIFY-OBS-51-001 | NOOB0101 | |
| NOTIFY-OPS-0001 | TODO | SPRINT_0322_0001_0001_docs_modules_notify | Ops Guild · Docs Guild | docs/modules/notify | Review notifier runbooks/observability assets after the next sprint demo and record findings. | NOTIFY-OBS-55-001 | NOOR0101 | |
| NOTIFY-RISK-66-001 | BLOCKED (2025-11-22) | SPRINT_0171_0001_0001_notifier_i | Notifications Service Guild · Risk Engine Guild · Policy Guild | src/Notifier/StellaOps.Notifier | Policy/Risk metadata export (POLICY-RISK-40-002) not yet delivered. | POLICY-RISK-40-002 | NORR0101 | |
| NOTIFY-RISK-67-001 | BLOCKED (2025-11-22) | SPRINT_0171_0001_0001_notifier_i | Notifications Service Guild · Policy Guild | src/Notifier/StellaOps.Notifier | Depends on NOTIFY-RISK-66-001. | NOTIFY-RISK-66-001 | NORR0101 | |
| NOTIFY-RISK-68-001 | BLOCKED (2025-11-22) | SPRINT_0171_0001_0001_notifier_i | Notifications Service Guild · Risk Engine Guild · Policy Guild | src/Notifier/StellaOps.Notifier | Depends on NOTIFY-RISK-67-001. | NOTIFY-RISK-67-001 | NORR0101 | |
| NOTIFY-SVC-37-001 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Define pack approval & policy notification contract, including OpenAPI schema, event payloads, resume token mechanics, and security guidance. | Align payload schema with PGMI0101 + ATEL0101 decisions | NOTY0103 | |
| NOTIFY-SVC-37-002 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Implement secure ingestion endpoint, Mongo persistence (pack_approvals), idempotent writes, and audit trail for approval events. Dependencies: NOTIFY-SVC-37-001. |
NOTIFY-SVC-37-001 | NOTY0103 | |
| NOTIFY-SVC-37-003 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Deliver approval/policy templates, routing predicates, and channel dispatch (email/chat/webhook) with deterministic ordering plus ack gating. | NOTIFY-SVC-37-002 | NOTY0103 | |
| NOTIFY-SVC-37-004 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Provide acknowledgement API, Task Runner callback client, metrics for outstanding approvals, and SLA escalations. | NOTIFY-SVC-37-003 | NOTY0103 | |
| NOTIFY-SVC-38-002 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Implement channel adapters (email, chat webhook, generic webhook) with retry policies, health checks, and audit logging. | NOTIFY-SVC-37-004 | NOTY0104 | |
| NOTIFY-SVC-38-003 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Deliver template service (versioned templates, localization scaffolding) and renderer with redaction allowlists, Markdown/HTML/JSON outputs, and provenance links. | NOTIFY-SVC-38-002 | NOTY0104 | |
| NOTIFY-SVC-38-004 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Expose REST + WS APIs (rules CRUD, templates preview, incidents list, ack) with audit logging, RBAC checks, and live feed stream. | NOTIFY-SVC-38-003 | NOTY0104 | |
| NOTIFY-SVC-39-001 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Implement correlation engine with pluggable key expressions/windows, throttler (token buckets), quiet hours/maintenance evaluator, and incident lifecycle. | NOTIFY-SVC-38-004 | NOTY0105 | |
| NOTIFY-SVC-39-002 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Build digest generator (queries, formatting) with schedule runner and distribution manifests. | NOTIFY-SVC-39-001 | NOTY0105 | |
| NOTIFY-SVC-39-003 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Provide simulation engine/API to dry-run rules against historical events, returning correlation explanations. | NOTIFY-SVC-39-002 | NOTY0105 | |
| NOTIFY-SVC-39-004 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Integrate quiet hour calendars and throttles with audit logging plus operator overrides. | NOTIFY-SVC-39-003 | NOTY0105 | |
| NOTIFY-SVC-40-001 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Implement escalations + on-call schedules, ack bridge, PagerDuty/OpsGenie adapters, and CLI/in-app inbox channels. Dependencies: NOTIFY-SVC-39-004. | NOTIFY-SVC-39-004 | NOTY0106 | |
| NOTIFY-SVC-40-002 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Add summary storm breaker notifications, localization bundles, and localization fallback handling. | NOTIFY-SVC-40-001 | NOTY0106 | |
| NOTIFY-SVC-40-003 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Harden security: signed ack links (KMS), webhook HMAC/IP allowlists, tenant isolation fuzz tests, HTML sanitization. | NOTIFY-SVC-40-002 | NOTY0106 | |
| NOTIFY-SVC-40-004 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Finalize observability (metrics/traces for escalations, latency), dead-letter handling, chaos tests for channel outages, and retention policies. | NOTIFY-SVC-40-003 | NOTY0106 | |
| NOTIFY-TEN-48-001 | TODO | SPRINT_0173_0001_0003_notifier_iii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Tenant-scope rules/templates/incidents, RLS on storage, tenant-prefixed channels, and inclusion of tenant context in notifications. | NOTIFY-SVC-40-004 | NOTY0107 | |
| OAS-61 | TODO | SPRINT_160_export_evidence | Exporter Service + API Governance + SDK Guilds | docs/api/oas | Define platform-wide OpenAPI governance + release checklist. | PGMI0101 | DOOA0103 | |
| OAS-61-001 | DOING | SPRINT_0170_0001_0001_notifications_telemetry | API Governance Guild | docs/api/oas | Draft spec updates + changelog text. | OAS-61 | DOOA0103 | |
| OAS-61-002 | TODO | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Align Link-Not-Merge endpoints with new pagination/idempotency rules. | OAS-61 | COAS0101 | |
| OAS-61-003 | TODO | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · API Governance Guild | docs/api/oas | Publish /docs/api/versioning.md describing SemVer, deprecation headers, migration playbooks. |
OAS-61 | DOOA0103 | |
| OAS-62 | TODO | SPRINT_160_export_evidence | Exporter + API Gov + SDK Guilds | docs/api/oas | Document SDK/gen pipeline + offline bundle expectations. | OAS-61 | DOOA0103 | |
| OAS-62-001 | TODO | SPRINT_114_concelier_iii | Concelier Core Guild · SDK Generator Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Generate /docs/api/reference/ data + integrate with SDK scaffolding. |
OAS-61-002 | COAS0101 | |
| OAS-62-002 | TODO | SPRINT_0511_0001_0001_api | API Contracts Guild | src/Api/StellaOps.Api.OpenApi | Add lint rules enforcing pagination, idempotency headers, naming conventions, and example coverage. | OAS-62-001 | AOAS0101 | |
| OAS-63 | TODO | SPRINT_160_export_evidence | Exporter + API Gov + SDK Guilds | docs/api/oas | Define discovery endpoint strategy + lifecycle docs. | OAS-62 | DOOA0103 | |
| OAS-63-001 | TODO | SPRINT_114_concelier_iii | Concelier Core Guild · API Governance Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Add .well-known/openapi metadata/discovery hints. |
OAS-62-001 | COAS0101 | |
| OBS-50-001 | DOING | SPRINT_0170_0001_0001_notifications_telemetry | Telemetry Core Guild | src/Telemetry/StellaOps.Telemetry.Core | Implement structured logging, trace propagation, and scrub policies for core services. | TLTY0101 | TLTY0102 | |
| OBS-50-002 | DOING | SPRINT_0170_0001_0001_notifications_telemetry | Telemetry Core Guild | src/Telemetry/StellaOps.Telemetry.Core | Roll out Helm/collector bundles plus validation tests and DSSE artefacts for telemetry exporters. | OBS-50-001 | TLTY0102 | |
| OBS-50-003 | TODO | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · Observability Guild | docs/observability | Publish /docs/observability/collector-deploy.md with telemetry baseline + offline flows. |
OBS-50-001 | DOOB0102 | |
| OBS-50-004 | TODO | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · Observability Guild | docs/observability | Document scrub policy/SOPs (/docs/observability/scrub-policy.md). |
OBS-50-003 | DOOB0102 | |
| OBS-51-001 | TODO | SPRINT_0503_0001_0001_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | ops/devops/telemetry | Build shared SLO bus (queue depth, time-anchor drift) feeding exporter/CLI dashboards. | PROGRAM-STAFF-1001 | OBAG0101 | |
| OBS-51-002 | TODO | SPRINT_0170_0001_0001_notifications_telemetry | Telemetry Core Guild · Observability Guild | ops/devops/telemetry | Run shadow-mode evaluators + roll metrics into collectors + alert webhooks. | OBS-51-001 | OBAG0101 | |
| OBS-52-001 | TODO | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Emit ingest latency, queue depth, and AOC violation metrics with burn-rate alerts. | ATLN0101 | CNOB0103 | |
| OBS-52-002 | TODO | SPRINT_160_export_evidence | Timeline Indexer Guild | src/Timeline/StellaOps.TimelineIndexer | Configure streaming pipeline (retention/backpressure) for timeline events. | OBS-52-001 | TLIX0101 | |
| OBS-52-003 | TODO | SPRINT_160_export_evidence | Timeline Indexer Guild | src/Timeline/StellaOps.TimelineIndexer | Add CI validation + schema enforcement for timeline events. | OBS-52-002 | TLIX0101 | |
| OBS-52-004 | TODO | SPRINT_160_export_evidence | Timeline Indexer + Security Guilds | src/Timeline/StellaOps.TimelineIndexer | Harden streaming pipeline with auth/encryption + DSSE proofs. | OBS-52-003 | TLIX0101 | |
| OBS-53-001 | TODO | SPRINT_0503_0001_0001_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | ops/devops/telemetry | Establish provenance SLO signals + exporter hooks. | PROGRAM-STAFF-1001 | PROB0102 | |
| OBS-53-002 | TODO | SPRINT_0513_0001_0001_provenance | Provenance + Security Guild | src/Provenance/StellaOps.Provenance.Attestation | Add attestation metrics + scrubbed logs referencing DSSE bundles. | OBS-53-001 | PROB0102 | |
| OBS-53-003 | TODO | SPRINT_0513_0001_0001_provenance | Provenance Guild | src/Provenance/StellaOps.Provenance.Attestation | Ship dashboards/tests proving attestation observability. | OBS-53-002 | PROB0102 | |
| OBS-54-001 | TODO | SPRINT_114_concelier_iii | Concelier Core Guild · Provenance Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Needs shared exporter from 1039_EXPORT-OBS-54-001 | Needs shared exporter from 1039_EXPORT-OBS-54-001 | CNOB0101 | |
| OBS-54-002 | TODO | SPRINT_161_evidencelocker | Evidence Locker Guild | src/EvidenceLocker/StellaOps.EvidenceLocker | Instrument Evidence Locker ingest/publish flows with metrics/logs + alerts. | OBS-53-002 | ELOC0102 | |
| OBS-55-001 | TODO | SPRINT_114_concelier_iii | Concelier Core & DevOps Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Refresh ops automation/runbooks referencing new observability signals. | OBS-52-001 | CNOB0103 | |
| OBS-56-001 | DONE (2025-11-27) | SPRINT_0174_0001_0001_telemetry | Telemetry Core Guild | src/Telemetry/StellaOps.Telemetry.Core | Generate signed air-gap telemetry bundles + validation tests. | OBS-50-002 | TLTY0103 | |
| OFFLINE-17-004 | BLOCKED | 2025-10-26 | SPRINT_0508_0001_0001_ops_offline_kit | Offline Kit Guild · DevOps Guild | ops/offline-kit | Repackage release-17 bundle with DSSE receipts + verification logs. | PROGRAM-STAFF-1001 | OFFK0101 |
| OFFLINE-34-006 | TODO | SPRINT_0508_0001_0001_ops_offline_kit | Offline Kit + Orchestrator Guild | ops/offline-kit | Add orchestrator automation + docs to Offline Kit release 34. | ATMI0102 | OFFK0101 | |
| OFFLINE-37-001 | TODO | SPRINT_0508_0001_0001_ops_offline_kit | Offline Kit + Exporter Guild | ops/offline-kit | Ship export evidence bundle + checksum manifests for release 37. | EXPORT-MIRROR-ORCH-1501 | OFFK0101 | |
| OFFLINE-37-002 | TODO | SPRINT_0508_0001_0001_ops_offline_kit | Offline Kit + Notifications Guild | ops/offline-kit | Package notifier templates/channel configs for offline ops (release 37). | NOTY0103 | OFFK0101 | |
| OFFLINE-CONTAINERS-46-001 | TODO | SPRINT_0508_0001_0001_ops_offline_kit | Offline Kit + Deployment Guild | ops/offline-kit | Include container air-gap bundle, verification docs, and mirrored registry instructions. | OFFLINE-37-001 | OFFK0101 | |
| OPENSSL-11-001 | TODO | 2025-11-06 | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild · Build Infra Guild | ops/devops | Rebuild OpenSSL toolchain with sovereign crypto patches + publish reproducible logs. | KMSI0102 | OPEN0101 |
| OPENSSL-11-002 | TODO | 2025-11-06 | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild · CI Guild | ops/devops | Update CI/container images with new OpenSSL packages + smoke tests. | OPENSSL-11-001 | OPEN0101 |
| OPS-0001 | DONE | 2025-11-07 | SPRINT_333_docs_modules_excititor | Ops Guild (docs/modules/excitor) | docs/modules/excitor | |||
| OPS-ENV-01 | TODO | SPRINT_0507_0001_0001_ops_devops_v | DevOps Guild · Scanner Guild | ops/devops | Update Helm/Compose manifests + docs to include Surface.Env variables for Scanner/Zastava. | SCSS0101 | DOPS0101 | |
| OPS-SECRETS-01 | TODO | SPRINT_0507_0001_0001_ops_devops_v | DevOps + Security Guild | ops/devops | Define secret provisioning workflow (Kubernetes, Compose, Offline Kit) for Surface.Secrets references and update runbooks. | OPS-ENV-01 | DOPS0101 | |
| OPS-SECRETS-02 | TODO | SPRINT_0507_0001_0001_ops_devops_v | DevOps + Offline Kit Guild | ops/devops | Embed Surface.Secrets bundles (encrypted) into Offline Kit packaging scripts. | OPS-SECRETS-01 | DOPS0101 | |
| ORCH-32-001 | TODO | SPRINT_114_concelier_iii | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | — | — | ORGR0102 | |
| ORCH-32-002 | TODO | SPRINT_114_concelier_iii | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | — | — | ORGR0102 | |
| ORCH-33-001 | TODO | SPRINT_114_concelier_iii | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | — | — | ORGR0102 | |
| ORCH-33-002 | TODO | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | — | — | ORGR0102 | ||
| ORCH-33-003 | TODO | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | — | — | ORGR0102 | ||
| ORCH-34-001 | TODO | SPRINT_114_concelier_iii | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | — | — | ORGR0102 | |
| ORCH-34-002 | TODO | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | — | — | ORGR0102 | ||
| ORCH-34-003 | TODO | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | — | — | ORGR0102 | ||
| ORCH-34-004 | TODO | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | — | — | ORGR0102 | ||
| ORCH-34-005 | TODO | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | — | — | ORGR0102 | ||
| ORCH-AIRGAP-56-001 | BLOCKED (2025-11-19) | 2025-11-19 | SPRINT_0151_0001_0001_orchestrator_i | Orchestrator Service Guild · AirGap Policy Guild | src/Orchestrator/StellaOps.Orchestrator | Enforce job descriptors to declare network intents; flag/reject external endpoints in sealed mode before scheduling. | PREP-ORCH-AIRGAP-56-001-AWAIT-SPRINT-0120-A-A | ORAG0101 |
| ORCH-AIRGAP-56-002 | BLOCKED (2025-11-19) | 2025-11-19 | SPRINT_0151_0001_0001_orchestrator_i | Orchestrator Service Guild · AirGap Controller Guild | src/Orchestrator/StellaOps.Orchestrator | Surface sealing status and staleness in scheduling decisions; block runs when budgets are exceeded. | PREP-ORCH-AIRGAP-56-002-UPSTREAM-56-001-BLOCK | ORAG0101 |
| ORCH-AIRGAP-57-001 | BLOCKED (2025-11-19) | 2025-11-19 | SPRINT_0151_0001_0001_orchestrator_i | Orchestrator Service Guild · Mirror Creator Guild | src/Orchestrator/StellaOps.Orchestrator | Add job type mirror.bundle to orchestrate bundle creation in connected environments with audit + provenance outputs. |
PREP-ORCH-AIRGAP-57-001-UPSTREAM-56-002-BLOCK | ORAG0101 |
| ORCH-AIRGAP-58-001 | BLOCKED (2025-11-19) | 2025-11-19 | SPRINT_0151_0001_0001_orchestrator_i | Orchestrator Service Guild · Evidence Locker Guild | src/Orchestrator/StellaOps.Orchestrator | Capture import/export operations as timeline/evidence entries, ensuring chain-of-custody for mirror + portable evidence jobs. | PREP-ORCH-AIRGAP-58-001-UPSTREAM-57-001-BLOCK | ORAG0101 |
| ORCH-OAS-61-001 | DONE (2025-11-30) | 2025-11-30 | SPRINT_0151_0001_0001_orchestrator_i | Orchestrator Service Guild · API Contracts Guild | src/Orchestrator/StellaOps.Orchestrator | Document orchestrator endpoints in per-service OAS with standardized pagination, idempotency, and error envelope examples. | PREP-ORCH-OAS-61-001-ORCHESTRATOR-TELEMETRY-C | OROA0101 |
| ORCH-OAS-61-002 | DONE (2025-11-30) | 2025-11-30 | SPRINT_0151_0001_0001_orchestrator_i | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Implement GET /.well-known/openapi and align version metadata with runtime build. |
PREP-ORCH-OAS-61-002-DEPENDS-ON-61-001 | OROA0101 |
| ORCH-OAS-62-001 | DONE (2025-11-30) | 2025-11-30 | SPRINT_0151_0001_0001_orchestrator_i | Orchestrator Service Guild · SDK Generator Guild | src/Orchestrator/StellaOps.Orchestrator | Ensure SDK paginators/operations support orchestrator job APIs; add SDK smoke tests for schedule/retry (pack-run). | PREP-ORCH-OAS-62-001-DEPENDS-ON-61-002 | OROA0101 |
| ORCH-OAS-63-001 | DONE (2025-11-30) | 2025-11-30 | SPRINT_0151_0001_0001_orchestrator_i | Orchestrator Service Guild · API Governance Guild | src/Orchestrator/StellaOps.Orchestrator | Emit deprecation headers and documentation for legacy orchestrator endpoints; update notifications metadata. | PREP-ORCH-OAS-63-001-DEPENDS-ON-62-001 | OROA0101 |
| ORCH-OBS-50-001 | BLOCKED (2025-11-19) | 2025-11-19 | SPRINT_0151_0001_0001_orchestrator_i | Orchestrator Service Guild · Observability Guild | src/Orchestrator/StellaOps.Orchestrator | Wire StellaOps.Telemetry.Core into orchestrator host, instrument schedulers and control APIs with trace spans, structured logs, and exemplar metrics; ensure tenant/job metadata is recorded for every span/log. |
PREP-ORCH-OBS-50-001-TELEMETRY-CORE-SPRINT-01 | OROB0101 |
| ORCH-OBS-51-001 | BLOCKED (2025-11-19) | 2025-11-19 | SPRINT_0151_0001_0001_orchestrator_i | Orchestrator Service Guild · DevOps Guild | src/Orchestrator/StellaOps.Orchestrator | Publish golden-signal metrics (dispatch latency, queue depth, failure rate), define job/tenant SLOs, and emit burn-rate alerts to collector + Notifications; provide Grafana dashboards + alert rules. | PREP-ORCH-OBS-51-001-DEPENDS-ON-50-001-TELEME | OROB0101 |
| ORCH-OBS-52-001 | BLOCKED (2025-11-19) | 2025-11-19 | SPRINT_0151_0001_0001_orchestrator_i | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Emit timeline_event objects for job lifecycle (job.scheduled, job.started, job.completed, job.failed) including trace IDs, run IDs, tenant/project, and causal metadata; add contract tests and Kafka/NATS emitter with retries. |
PREP-ORCH-OBS-52-001-DEPENDS-ON-51-001-REQUIR | OROB0101 |
| ORCH-OBS-53-001 | BLOCKED (2025-11-19) | 2025-11-19 | SPRINT_0151_0001_0001_orchestrator_i | Orchestrator Service Guild · Evidence Locker Guild | src/Orchestrator/StellaOps.Orchestrator | Generate job capsule inputs for evidence locker (payload digests, worker image, config hash, log manifest) and invoke locker snapshot hooks on completion/failure; enforce redaction guard. | PREP-ORCH-OBS-53-001-DEPENDS-ON-52-001-EVIDEN | OROB0101 |
| ORCH-OBS-54-001 | BLOCKED (2025-11-19) | 2025-11-19 | SPRINT_0151_0001_0001_orchestrator_i | Orchestrator Service Guild · Provenance Guild | src/Orchestrator/StellaOps.Orchestrator | Produce DSSE attestations for orchestrator-scheduled jobs (subject = job capsule) and store references in timeline + evidence locker; provide verification endpoint /jobs/{id}/attestation. |
PREP-ORCH-OBS-54-001-DEPENDS-ON-53-001 | OROB0101 |
| ORCH-OBS-55-001 | BLOCKED (2025-11-19) | 2025-11-19 | SPRINT_0151_0001_0001_orchestrator_i | Orchestrator Service Guild · DevOps Guild | src/Orchestrator/StellaOps.Orchestrator | Implement incident mode hooks (sampling overrides, extended retention, additional debug spans) and automatic activation on SLO burn-rate breach; emit activation/deactivation events to timeline + Notifier. | PREP-ORCH-OBS-55-001-DEPENDS-ON-54-001-INCIDE | OROB0101 |
| ORCH-SVC-32-001 | DONE (2025-11-28) | 2025-11-28 | SPRINT_0151_0001_0001_orchestrator_i | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Bootstrap service project/config and Postgres schema/migrations for sources, runs, jobs, dag_edges, artifacts, quotas, schedules. |
— | ORSC0101 |
| ORCH-GAPS-151-016 | DOING (2025-12-01) | 2025-12-01 | SPRINT_0151_0001_0001_orchestrator_i | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Close OR1–OR10 gaps from 31-Nov-2025 FINDINGS.md: signed schemas + hashes, replay inputs.lock, heartbeat/lease governance, DAG validation, quotas/breakers, security bindings, ordered/backpressured fan-out, audit-bundle schema/verify script, SLO alerts, TaskRunner integrity (artifact/log hashing + DSSE linkage). |
Schema/catalog refresh | |
| ORCH-SVC-32-002 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Implement scheduler DAG planner + job state machine. | ORCH-SVC-32-001 | ORSC0101 | |
| ORCH-SVC-32-003 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Expose REST APIs (sources/runs/jobs) w/ validation + tenant scope. | ORCH-SVC-32-002 | ORSC0101 | |
| ORCH-SVC-32-004 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Implement SSE/WS streams + metrics/health probes. | ORCH-SVC-32-003 | ORSC0101 | |
| ORCH-SVC-32-005 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Deliver worker claim/heartbeat/progress endpoints w/ idempotency. | ORCH-SVC-32-004 | ORSC0101 | |
| ORCH-SVC-33-001 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Enable sources test pipeline + scaffolding. |
ORCH-SVC-32-005 | ORSC0102 | |
| ORCH-SVC-33-002 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Implement adaptive rate limiter/concurrency caps/backpressure. | ORCH-SVC-33-001 | ORSC0102 | |
| ORCH-SVC-33-003 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Add watermark/backfill manager + preview endpoint. | ORCH-SVC-33-002 | ORSC0102 | |
| ORCH-SVC-33-004 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Deliver dead-letter store + replay APIs + error classifications. | ORCH-SVC-33-003 | ORSC0102 | |
| ORCH-SVC-34-001 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Implement quota management APIs + SLO burn-rate tracking. | ORCH-SVC-33-004 | ORSC0102 | |
| ORCH-SVC-34-002 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Build audit log + immutable run ledger export with signed manifests. | ORCH-SVC-34-001 | ORSC0103 | |
| ORCH-SVC-34-003 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Execute perf/scale validation + autoscaling hooks. | ORCH-SVC-34-002 | ORSC0103 | |
| ORCH-SVC-34-004 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Package orchestrator container, Helm overlays, offline bundle seeds, attestations. | ORCH-SVC-34-003 | ORSC0103 | |
| ORCH-SVC-35-101 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Register export job type with quotas, telemetry, and worker contract hooks. |
ORCH-SVC-34-004 | ORSC0103 | |
| ORCH-SVC-36-101 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Capture export job distribution metadata + retention timestamps for dashboards + SSE payloads. | ORCH-SVC-35-101 | ORSC0104 | |
| ORCH-SVC-37-101 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Enable scheduled export runs, retention pruning, failure alerting for export jobs. | ORCH-SVC-36-101 | ORSC0104 | |
| ORCH-SVC-38-101 | DOING | SPRINT_0153_0001_0003_orchestrator_iii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Standardize event envelope, publish failure events to notifier bus with provenance metadata. | ORCH-SVC-37-101 | ORSC0104 | |
| ORCH-SVC-41-101 | TODO | SPRINT_0153_0001_0003_orchestrator_iii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Register pack-run job type, persist metadata, wire Task Runner API. |
ORCH-SVC-38-101 | ORSC0104 | |
| ORCH-SVC-42-101 | TODO | SPRINT_0153_0001_0003_orchestrator_iii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Stream pack run logs via SSE, enforce quotas, emit notifier events. | ORCH-SVC-41-101 | ORSC0104 | |
| ORCH-TEN-48-001 | TODO | SPRINT_0153_0001_0003_orchestrator_iii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Include tenant/project IDs in job specs + DB session context; enforce queries + reject missing metadata. | ORCH-SVC-42-101 | ORTN0101 | |
| ORCH-ENG-0001 | DONE | SPRINT_0323_0001_0001_docs_modules_orchestrator | Module Team | docs/modules/orchestrator | Keep sprint milestone alignment notes synced with latest ORSC/ORAG/OROA changes. | ORSC0104 | DOOR0103 | |
| ORCH-OPS-0001 | DONE | SPRINT_0323_0001_0001_docs_modules_orchestrator | Ops Guild | docs/modules/orchestrator | Review orchestrator runbooks/observability checklists after new demos. | ORSC0104 | DOOR0103 | |
| PACKS-42-001 | TODO | SPRINT_0121_0001_0001_policy_reasoning | Findings Ledger Guild | src/Findings/StellaOps.Findings.Ledger | Provide snapshot/time-travel APIs and digestable exports for Task Pack simulation + CLI offline mode. | PLLG0103 | PKLD0101 | |
| PACKS-43-001 | DONE | 2025-11-09 | SPRINT_100_identity_signing | Packs Guild · Authority Guild | src/Authority/StellaOps.Authority | Finalized Pack release 43 (signing, release notes, artefacts). | AUTH-PACKS-41-001; TASKRUN-42-001; ORCH-SVC-42-101 | PACK0101 |
| PACKS-43-002 | TODO | SPRINT_0508_0001_0001_ops_offline_kit | Offline Kit Guild, Packs Registry Guild (ops/offline-kit) | ops/offline-kit | Bundle packs registry artifacts, runbooks, and verification docs into Offline Kit release 43. | OFFLINE-37-001 | OFFK0101 | |
| PACKS-REG-41-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0154_0001_0001_packsregistry | Packs Registry Guild | src/PacksRegistry/StellaOps.PacksRegistry | Implement registry API/storage, version lifecycle, provenance export. | ORCH-SVC-42-101 | PKRG0101 |
| PACKS-REG-42-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0154_0001_0001_packsregistry | Packs Registry Guild | src/PacksRegistry/StellaOps.PacksRegistry | Add tenant allowlists, signature rotation, audit logs, Offline Kit seed support. | PACKS-REG-41-001 | PKRG0101 |
| PACKS-REG-43-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0154_0001_0001_packsregistry | Packs Registry Guild | src/PacksRegistry/StellaOps.PacksRegistry | Implement mirroring, pack signing policies, compliance dashboards, Export Center integration. | PACKS-REG-42-001 | PKRG0101 |
| PARITY-41-001 | TODO | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Ensure CLI HTTP client propagates traceparent headers for all commands, prints correlation IDs on failure, and records trace IDs in verbose logs. |
NOWB0101 | CLPR0101 | |
| PARITY-41-002 | TODO | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add parity tests ensuring CLI outputs match notifier/web error formats and capture verification docs. | PARITY-41-001 | CLPR0101 | |
| PLATFORM-DOCS-0001 | TODO | SPRINT_324_docs_modules_platform | Docs Guild | docs/modules/platform | Refresh architecture/gov doc per new sprint planning rules. | execution-waves.md | DOPF0101 | |
| PLATFORM-ENG-0001 | TODO | SPRINT_324_docs_modules_platform | Module Team | docs/modules/platform | Update engineering status + AGENTS workflow references. | PLATFORM-DOCS-0001 | DOPF0101 | |
| PLATFORM-OPS-0001 | TODO | SPRINT_324_docs_modules_platform | Ops Guild | docs/modules/platform | Sync ops runbooks/outcomes with new platform charter. | PLATFORM-DOCS-0001 | DOPF0101 | |
| PLG4-6 | DONE | 2025-11-08 | SPRINT_100_identity_signing | Authority Plugin Guild | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard | DSSE+docs coverage for standard plugin release. | DPO policy review | PLGN0101 |
| PLG6 | DONE | 2025-11-03 | SPRINT_100_identity_signing | Authority Plugin Guild | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard | Offline kit parity + docs refresh. | OFFK0101 bundling | PLGN0101 |
| PLG7 | DONE | 2025-11-03 | SPRINT_100_identity_signing | Authority Plugin Guild · Security Guild | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard | LDAP plugin capabilities aligned to provisioning spec. | LDAP provisioning spec | PLGN0101 |
| PLG7.IMPL-003 | DONE (2025-11-09) | 2025-11-09 | SPRINT_100_identity_signing | BE-Auth Plugin (src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard) | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard | Claims enricher + Mongo cache tests. | Claims enricher ships with DN map + regex substitutions, Mongo claims cache (TTL + capacity enforcement) wired through DI, plus unit tests covering enrichment + cache eviction. | PLGN0101 |
| PLG7.IMPL-004 | DONE (2025-11-09) | 2025-11-09 | SPRINT_100_identity_signing | BE-Auth Plugin, DevOps Guild (src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Ldap) | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Ldap | LDAP client provisioning store, capability gating, docs/tests. | LDAP plug-in now ships clientProvisioning.* options, a Mongo-audited LdapClientProvisioningStore, capability gating, and docs/tests covering LDAP writes + cache shims. |
PLGN0101 |
| PLG7.IMPL-005 | DONE (2025-11-09) | 2025-11-09 | SPRINT_100_identity_signing | BE-Auth Plugin, Docs Guild (src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard) | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard | LDAP docs refresh + sample manifest updates. | LDAP plug-in docs refreshed (mutual TLS, regex mappings, cache/audit mirror guidance), sample manifest updated, Offline Kit + release notes now reference the bundled plug-in assets. | PLGN0101 |
| PLG7.IMPL-006 | DONE (2025-11-09) | 2025-11-09 | SPRINT_100_identity_signing | BE-Auth Plugin (src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Ldap) | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Ldap | LDAP bootstrap provisioning + health status + docs. | LDAP bootstrap provisioning added (write probe, Mongo audit mirror, capability downgrade + health status) with docs/tests + sample manifest updates. | PLGN0101 |
| POL-005 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild | src/Policy/StellaOps.Policy.Engine, docs/modules/policy/architecture.md, docs/reachability/function-level-evidence.md |
Ingest reachability facts, expose reachability.state/confidence, auto-suppress low confidence, emit OpenVEX evidence. |
GAPG0101 | PORE0101 | |
| POLICY-0001 | DONE | 2025-11-10 | SPRINT_0138_0001_0001_scanner_ruby_parity | Policy Guild, Ruby Analyzer Guild (docs/modules/scanner) | docs/modules/scanner | SCANNER-ENG-0018 | ||
| POLICY-13-007 | TODO | SPRINT_0210_0001_0002_ui_ii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | ||||
| POLICY-20-001 | TODO | SPRINT_114_concelier_iii | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Provide batch advisory lookup APIs for Policy Engine (purl/advisory filters, tenant scopes, explain metadata). | ATLN0101 | CCPR0102 | |
| POLICY-20-002 | TODO | SPRINT_115_concelier_iv | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Expand linkset builders with vendor equivalence tables, NEVRA/PURL normalization, version-range parsing. | POLICY-20-001 | CCPR0102 | |
| POLICY-20-003 | TODO | SPRINT_115_concelier_iv | Concelier Storage Guild | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | Introduce advisory selection cursors + change-stream checkpoints with offline migration scripts. | POLICY-20-002 | CCPR0102 | |
| POLICY-20-004 | TODO | SPRINT_0210_0001_0002_ui_ii | UI Guild | src/UI/StellaOps.UI | Implement Policy Studio UI surfaces wiring to new APIs (editor, simulation, dashboards). | ORSC0101 | UIPD0101 | |
| POLICY-23-001 | TODO | SPRINT_115_concelier_iv | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | Add secondary indexes/materialized views (alias, severity, confidence) for fast policy lookups. | POLICY-20-003 | CCPR0102 | |
| POLICY-23-002 | TODO | SPRINT_115_concelier_iv | Concelier Core Guild, Platform Events Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | Ensure advisory.linkset.updated events carry idempotent IDs/confidence summaries/tenant metadata for replay. |
POLICY-23-001 | CCPR0102 | |
| POLICY-23-003 | TODO | SPRINT_0210_0001_0002_ui_ii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | ||||
| POLICY-23-004 | TODO | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | ||||
| POLICY-23-005 | TODO | SPRINT_0210_0001_0002_ui_ii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | ||||
| POLICY-23-006 | TODO | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | ||||
| POLICY-23-007 | TODO | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild, DevEx/CLI Guild (docs) | |||||
| POLICY-23-008 | TODO | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild, Architecture Guild (docs) | |||||
| POLICY-23-009 | TODO | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild, DevOps Guild (docs) | |||||
| POLICY-23-010 | TODO | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild, UI Guild (docs) | |||||
| POLICY-27-001 | TODO | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement policy workspace commands (stella policy init/edit/lint/compile/test) with template selection, local cache, JSON output, deterministic temp dirs. |
CLI-POLICY-23-006 | CLPS0101 | |
| POLICY-27-002 | TODO | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add submission/review workflow commands (version bump, submit, review comment, approve, reject) with reviewer assignment + changelog capture. |
POLICY-27-001 | CLPS0101 | |
| POLICY-27-003 | TODO | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement stella policy simulate enhancements (quick/batch, SBOM selectors, heatmap summaries, JSON/Markdown outputs). |
POLICY-27-002 | CLPS0102 | |
| POLICY-27-004 | TODO | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add publish/promote/rollback/sign commands with attestation checks and canary args. | POLICY-27-003 | CLPS0102 | |
| POLICY-27-005 | TODO | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild · Docs Guild | src/Cli/StellaOps.Cli | Update CLI docs/samples for Policy Studio (JSON schemas, exit codes, CI snippets). | POLICY-27-004 | CLPS0102 | |
| POLICY-27-006 | TODO | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Update CLI policy scopes/help text to request new Policy Studio scopes and adjust regression tests. | POLICY-27-005 | CLPS0102 | |
| POLICY-27-007 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild, DevEx/CLI Guild (docs) | ||||
| POLICY-27-008 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild, Policy Registry Guild (docs) | ||||
| POLICY-27-009 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild, Security Guild (docs) | ||||
| POLICY-27-010 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild, Architecture Guild (docs) | ||||
| POLICY-27-011 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild, Observability Guild (docs) | ||||
| POLICY-27-012 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild, Ops Guild (docs) | ||||
| POLICY-27-013 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild, Policy Guild (docs) | ||||
| POLICY-27-014 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild, Policy Registry Guild (docs) | ||||
| POLICY-401-026 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild · Concelier Guild (docs/policy/dsl.md, docs/uncertainty/README.md) |
docs/policy/dsl.md, docs/uncertainty/README.md |
||||
| POLICY-AIRGAP-56-001 | TODO | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild | src/Policy/StellaOps.Policy.Engine | Support policy pack imports from mirror bundles, track bundle_id metadata, deterministic caching. |
OFFK0101 | POAI0101 | |
| POLICY-AIRGAP-56-002 | TODO | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild · Policy Studio Guild | src/Policy/StellaOps.Policy.Engine | Export policy sub-bundles with version metadata + checksums. | POLICY-AIRGAP-56-001 | POAI0101 | |
| POLICY-AIRGAP-57-001 | TODO | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild · Export Center Guild | src/Policy.StellaOps.Policy.Engine | Mirror policy pack changes into Offline Kit, produce DSSE receipts. | POLICY-AIRGAP-56-002 | POAI0101 | |
| POLICY-AIRGAP-57-002 | TODO | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild · Notifications Guild | src/Policy/StellaOps.Policy.Engine | Emit notifier events for mirror/export lifecycle. | POLICY-AIRGAP-57-001 | POAI0101 | |
| POLICY-AIRGAP-58-001 | TODO | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild · Platform Ops | docs/policy/airgap.md | Document sealed-mode policy deploy checklist + automation. | POLICY-AIRGAP-57-002 | POAI0101 | |
| POLICY-AOC-19-001 | TODO | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Add Roslyn/CI lint preventing ingestion projects from referencing Policy merge/severity helpers; block forbidden writes at compile time | |||
| POLICY-AOC-19-002 | TODO | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild, Platform Security / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Enforce effective_finding_* write gate ensuring only Policy Engine identity can create/update materializations |
POLICY-AOC-19-001 | ||
| POLICY-AOC-19-003 | TODO | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Update readers/processors to consume only content.raw, identifiers, and linkset. Remove dependencies on legacy normalized fields and refresh fixtures |
POLICY-AOC-19-002 | ||
| POLICY-AOC-19-004 | TODO | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild, QA Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Add regression tests ensuring policy derived outputs remain deterministic when ingesting revised raw docs | POLICY-AOC-19-003 | ||
| POLICY-ATTEST-73-001 | TODO | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild, Attestor Service Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Introduce VerificationPolicy object: schema, persistence, versioning, and lifecycle | |||
| POLICY-ATTEST-73-002 | TODO | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Provide Policy Studio editor with validation, dry-run simulation, and version diff | POLICY-ATTEST-73-001 | ||
| POLICY-ATTEST-74-001 | TODO | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild, Attestor Service Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Integrate verification policies into attestor verification pipeline with caching and waiver support | POLICY-ATTEST-73-002 | ||
| POLICY-ATTEST-74-002 | TODO | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild, Console Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Surface policy evaluations in Console verification reports with rule explanations | POLICY-ATTEST-74-001 | ||
| POLICY-CONSOLE-23-001 | TODO | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild, BE-Base Platform Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Optimize findings/explain APIs for Console: cursor-based pagination at scale, global filter parameters (severity bands, policy version, time window), rule trace summarization, and aggregation hints for dashboard cards. Ensure deterministic ordering and expose provenance refs | |||
| POLICY-CONSOLE-23-002 | TODO | SPRINT_124_policy_reasoning | Policy Guild, Product Ops / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Produce simulation diff metadata | POLICY-CONSOLE-23-001 | ||
| POLICY-DET-01 | TODO | SPRINT_0209_0001_0001_ui_i | UI Guild, Policy Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | ||||
| POLICY-ENGINE-20-002 | BLOCKED | 2025-10-26 | SPRINT_124_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Build deterministic evaluator honoring lexical/priority order, first-match semantics, and safe value types (no wall-clock/network access) | PGMI0101 | PLPE0101 |
| POLICY-ENGINE-20-003 | TODO | SPRINT_124_policy_reasoning | Policy Guild, Concelier Core Guild, Excititor Core Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement selection joiners resolving SBOM↔advisory↔VEX tuples using linksets and PURL equivalence tables, with deterministic batching | POLICY-ENGINE-20-002 | PLPE0101 | |
| POLICY-ENGINE-20-004 | TODO | SPRINT_124_policy_reasoning | Policy Guild, Platform Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Ship materialization writer that upserts into effective_finding_{policyId} with append-only history, tenant scoping, and trace references |
POLICY-ENGINE-20-003 | PLPE0101 | |
| POLICY-ENGINE-20-005 | TODO | SPRINT_124_policy_reasoning | Policy Guild, Security Engineering / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Enforce determinism guard banning wall-clock, RNG, and network usage during evaluation via static analysis + runtime sandbox | POLICY-ENGINE-20-004 | PLPE0101 | |
| POLICY-ENGINE-20-006 | TODO | SPRINT_124_policy_reasoning | Policy Guild, Scheduler Worker Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement incremental orchestrator reacting to advisory/vex/SBOM change streams and scheduling partial policy re-evaluations | POLICY-ENGINE-20-005 | PLPE0101 | |
| POLICY-ENGINE-20-007 | TODO | SPRINT_124_policy_reasoning | Policy Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Emit structured traces/logs of rule hits with sampling controls, metrics | POLICY-ENGINE-20-006 | PLPE0101 | |
| POLICY-ENGINE-20-008 | TODO | SPRINT_124_policy_reasoning | Policy Guild, QA Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Add unit/property/golden/perf suites covering policy compilation, evaluation correctness, determinism, and SLA targets | POLICY-ENGINE-20-007 | PLPE0101 | |
| POLICY-ENGINE-20-009 | TODO | SPRINT_124_policy_reasoning | Policy Guild, Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Define Mongo schemas/indexes for policies, policy_runs, and effective_finding_*; implement migrations and tenant enforcement |
POLICY-ENGINE-20-008 | PLPE0101 | |
| POLICY-ENGINE-27-001 | TODO | SPRINT_124_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Extend compile outputs to include rule coverage metadata, symbol table, inline documentation, and rule index for editor autocomplete; persist deterministic hashes | POLICY-ENGINE-20-009 | PLPE0101 | |
| POLICY-ENGINE-27-002 | TODO | SPRINT_124_policy_reasoning | Policy Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Enhance simulate endpoints to emit rule firing counts, heatmap aggregates, sampled explain traces with deterministic ordering, and delta summaries for quick/batch sims | POLICY-ENGINE-27-001 | PLPE0101 | |
| POLICY-ENGINE-29-001 | TODO | SPRINT_124_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement batch evaluation endpoint | POLICY-ENGINE-27-004 | PLPE0102 | |
| POLICY-ENGINE-29-002 | TODO | SPRINT_124_policy_reasoning | Policy Guild, Findings Ledger Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Provide streaming simulation API comparing two policy versions, returning per-finding deltas without writes; align determinism with Vuln Explorer simulation | POLICY-ENGINE-29-001 | PLPE0102 | |
| POLICY-ENGINE-29-003 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild, SBOM Service Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Surface path/scope awareness in determinations | POLICY-ENGINE-29-002 | PLPE0102 | |
| POLICY-ENGINE-29-004 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Add metrics/logs for batch evaluation | POLICY-ENGINE-29-003 | PLPE0102 | |
| POLICY-ENGINE-30-001 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Define overlay contract for graph nodes/edges | POLICY-ENGINE-29-004 | PLPE0102 | |
| POLICY-ENGINE-30-002 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement simulation bridge returning on-the-fly overlays for Cartographer/Graph Explorer when invoking Policy Engine simulate; ensure no writes and deterministic outputs | POLICY-ENGINE-30-001 | PLPE0102 | |
| POLICY-ENGINE-30-003 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild, Scheduler Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Emit change events | POLICY-ENGINE-30-002 | PLPE0102 | |
| POLICY-ENGINE-30-101 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Surface trust weighting configuration | POLICY-ENGINE-30-003 | PLPE0102 | |
| POLICY-ENGINE-31-001 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Expose policy knobs for Advisory AI | POLICY-ENGINE-30-101 | PLPE0102 | |
| POLICY-ENGINE-31-002 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Provide batch endpoint delivering policy context | POLICY-ENGINE-31-001 | PLPE0103 | |
| POLICY-ENGINE-32-101 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Define orchestrator policy_eval job schema, idempotency keys, and enqueue hooks triggered by advisory/VEX/SBOM events |
POLICY-ENGINE-31-002 | PLPE0103 | |
| POLICY-ENGINE-33-101 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement orchestrator-driven policy evaluation workers using SDK heartbeats, respecting throttles, and emitting SLO metrics | POLICY-ENGINE-32-101 | PLPE0103 | |
| POLICY-ENGINE-34-101 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Publish policy run ledger exports + SLO burn-rate metrics to orchestrator; ensure provenance chain links to Findings Ledger | POLICY-ENGINE-33-101 | PLPE0103 | |
| POLICY-ENGINE-35-201 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Expose deterministic policy snapshot API and evaluated findings stream keyed by policy version for exporter consumption | POLICY-ENGINE-34-101 | PLPE0103 | |
| POLICY-ENGINE-38-201 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Emit enriched policy violation events | POLICY-ENGINE-35-201 | PLPE0103 | |
| POLICY-ENGINE-40-001 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild, Concelier Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Update severity/status evaluation pipelines to consume multiple source severities per linkset, supporting selection strategies | POLICY-ENGINE-38-201 | PLPE0103 | |
| POLICY-ENGINE-40-002 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild, Excititor Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Accept VEX linkset conflicts and provide rationale references in effective findings; ensure explain traces cite observation IDs | POLICY-ENGINE-40-001 | PLPE0103 | |
| POLICY-ENGINE-40-003 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Web Scanner Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Provide API/SDK utilities for consumers | POLICY-ENGINE-40-002 | PLPE0103 | |
| POLICY-ENGINE-401-003 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild (src/Policy/StellaOps.Policy.Engine, docs/modules/policy/architecture.md) |
src/Policy/StellaOps.Policy.Engine, docs/modules/policy/architecture.md |
Replace in-service DSL compilation with the shared library, support both legacy stella-dsl@1 packs and the new inline syntax, and keep determinism hashes stable. |
— | PLPE0103 | |
| POLICY-ENGINE-50-001 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Platform Security / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement SPL compiler: validate YAML, canonicalize, produce signed bundle, store artifact in object storage, write policy_revisions with AOC metadata |
POLICY-ENGINE-40-003 | PLPE0104 | |
| POLICY-ENGINE-50-002 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Runtime Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Build runtime evaluator executing compiled plans over advisory/vex linksets + SBOM asset metadata with deterministic caching | POLICY-ENGINE-50-001 | PLPE0104 | |
| POLICY-ENGINE-50-003 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement evaluation/compilation metrics, tracing, and structured logs | POLICY-ENGINE-50-002 | PLPE0104 | |
| POLICY-ENGINE-50-004 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Platform Events Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Build event pipeline: subscribe to linkset/SBOM updates, schedule re-eval jobs, emit policy.effective.updated events with diff metadata |
POLICY-ENGINE-50-003 | PLPE0104 | |
| POLICY-ENGINE-50-005 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Design and implement policy_packs, policy_revisions, policy_runs, policy_artifacts collections with indexes, TTL, and tenant scoping |
POLICY-ENGINE-50-004 | PLPE0104 | |
| POLICY-ENGINE-50-006 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, QA Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement explainer persistence + retrieval APIs linking decisions to explanation tree and AOC chain | POLICY-ENGINE-50-005 | PLPE0104 | |
| POLICY-ENGINE-50-007 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Scheduler Worker Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Provide evaluation worker host/DI wiring and job orchestration hooks for batch re-evaluations after policy activation | POLICY-ENGINE-50-006 | PLPE0104 | |
| POLICY-ENGINE-60-001 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, SBOM Service Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Maintain Redis effective decision maps per asset/snapshot for Graph overlays; implement versioning and eviction strategy | POLICY-ENGINE-50-007 | PLPE0104 | |
| POLICY-ENGINE-60-002 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, BE-Base Platform Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Expose simulation bridge for Graph What-if APIs, supporting hypothetical SBOM diffs and draft policies without persisting results | POLICY-ENGINE-60-001 | PLPE0104 | |
| POLICY-ENGINE-70-002 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Design and create Mongo collections | POLICY-ENGINE-60-002 | PLPE0104 | |
| POLICY-ENGINE-70-003 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Runtime Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Build Redis exception decision cache | POLICY-ENGINE-70-002 | ||
| POLICY-ENGINE-70-004 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Extend metrics/tracing/logging for exception application | POLICY-ENGINE-70-003 | ||
| POLICY-ENGINE-70-005 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Scheduler Worker Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Provide APIs/workers hook for exception activation/expiry | POLICY-ENGINE-70-004 | ||
| POLICY-ENGINE-80-001 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Signals Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Integrate reachability/exploitability inputs into evaluation pipeline | POLICY-ENGINE-70-005 | ||
| POLICY-ENGINE-80-002 | BLOCKED (2025-11-26) | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild, Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Create joining layer to read reachability_facts efficiently |
POLICY-ENGINE-80-001 | Waiting on reachability input contract (80-001). | |
| POLICY-ENGINE-80-003 | BLOCKED (2025-11-26) | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild, Policy Editor Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Extend SPL predicates/actions to reference reachability state/score/confidence; update compiler validation | POLICY-ENGINE-80-002 | Blocked by reachability inputs/80-002. | |
| POLICY-ENGINE-80-004 | TODO | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Emit metrics | POLICY-ENGINE-80-003 | ||
| POLICY-LIB-401-001 | DONE (2025-11-27) | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild (src/Policy/StellaOps.PolicyDsl, docs/policy/dsl.md) |
src/Policy/StellaOps.PolicyDsl, docs/policy/dsl.md |
Extract the policy DSL parser/compiler into StellaOps.PolicyDsl, add the lightweight syntax (default action + inline rules), and expose PolicyEngineFactory/SignalContext APIs for reuse. |
Created StellaOps.PolicyDsl library with PolicyEngineFactory, SignalContext, tokenizer, parser, compiler, and IR serialization. | ||
| POLICY-LIB-401-002 | DONE (2025-11-27) | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild, CLI Guild (tests/Policy/StellaOps.PolicyDsl.Tests, policy/default.dsl, docs/policy/lifecycle.md) |
tests/Policy/StellaOps.PolicyDsl.Tests, policy/default.dsl, docs/policy/lifecycle.md |
Ship unit-test harness + sample policy/default.dsl (table-driven cases) and wire stella policy lint/simulate to the shared library. |
Created test harness with 25 unit tests, sample DSL files (minimal.dsl, default.dsl), and wired stella policy lint command to PolicyDsl library. | ||
| POLICY-OBS-50-001 | TODO | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild · Observability Guild | src/Policy/StellaOps.Policy.Engine | Integrate telemetry core into policy API + worker hosts, ensuring spans/logs cover compile/evaluate flows with tenant_id, policy_version, decision_effect, and trace IDs |
Wait for telemetry schema drop (046_TLTY0101) | PLOB0101 | |
| POLICY-OBS-51-001 | TODO | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild · DevOps Guild | src/Policy/StellaOps.Policy.Engine | Emit golden-signal metrics | POLICY-OBS-50-001 | PLOB0101 | |
| POLICY-OBS-52-001 | TODO | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild | src/Policy/StellaOps.Policy.Engine | Emit timeline events policy.evaluate.started, policy.evaluate.completed, policy.decision.recorded with trace IDs, input digests, and rule summary. Provide contract tests and retry semantics |
POLICY-OBS-51-001 | PLOB0101 | |
| POLICY-OBS-53-001 | TODO | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild · Evidence Locker Guild | src/Policy/StellaOps.Policy.Engine | Produce evaluation evidence bundles | POLICY-OBS-52-001 | PLOB0101 | |
| POLICY-OBS-54-001 | TODO | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild · Provenance Guild | src/Policy/StellaOps.Policy.Engine | Generate DSSE attestations for evaluation outputs, expose /evaluations/{id}/attestation, and link attestation IDs in timeline + console. Provide verification harness |
POLICY-OBS-53-001 | PLOB0101 | |
| POLICY-OBS-55-001 | TODO | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild · DevOps Guild | src/Policy/StellaOps.Policy.Engine | Implement incident mode sampling overrides | POLICY-OBS-54-001 | PLOB0101 | |
| POLICY-READINESS-0001 | TODO | SPRINT_0325_0001_0001_docs_modules_policy | Policy Guild (docs/modules/policy) | docs/modules/policy | Capture policy module readiness checklist aligned with current sprint goals. | |||
| POLICY-READINESS-0002 | TODO | SPRINT_0325_0001_0001_docs_modules_policy | Policy Guild (docs/modules/policy) | docs/modules/policy | Track outstanding prerequisites/risk items for policy releases and mirror into sprint updates. | |||
| POLICY-RISK-66-001 | DONE | 2025-11-22 | SPRINT_0127_0001_0001_policy_reasoning | Risk Profile Schema Guild / src/Policy/StellaOps.Policy.RiskProfile | src/Policy/StellaOps.Policy.RiskProfile | Develop initial JSON Schema for RiskProfile (signals, transforms, weights, severity, overrides) with validator stubs | ||
| POLICY-RISK-66-002 | DONE (2025-11-26) | SPRINT_0127_0001_0001_policy_reasoning | Risk Profile Schema Guild / src/Policy/StellaOps.Policy.RiskProfile | src/Policy/StellaOps.Policy.RiskProfile | Implement inheritance/merge logic with conflict detection and deterministic content hashing | POLICY-RISK-66-001 | Canonicalizer/merge + digest, tests added. | |
| POLICY-RISK-66-003 | BLOCKED (2025-11-26) | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild, Risk Profile Schema Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Integrate RiskProfile schema into Policy Engine configuration, ensuring validation and default profile deployment | POLICY-RISK-66-002 | Waiting on reachability input contract (80-001) and engine config shape. | |
| POLICY-RISK-66-004 | TODO | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild, Risk Profile Schema Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Extend Policy libraries to load/save RiskProfile documents, compute content hashes, and surface validation diagnostics | POLICY-RISK-66-003 | ||
| POLICY-RISK-67-001 | TODO | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild, Risk Engine Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Trigger scoring jobs on new/updated findings via Policy Engine orchestration hooks | POLICY-RISK-66-004 | ||
| POLICY-RISK-67-002 | BLOCKED (2025-11-26) | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement profile lifecycle APIs | POLICY-RISK-67-001 | Waiting on risk profile contract + schema draft. | |
| POLICY-RISK-67-003 | BLOCKED (2025-11-26) | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Risk Engine Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Provide policy-layer APIs to trigger risk simulations and return distributions/contribution breakdowns | POLICY-RISK-67-002 | Blocked by missing risk profile schema + lifecycle API contract. | |
| POLICY-RISK-68-001 | TODO | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Policy Studio Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Provide simulation API bridging Policy Studio with risk engine; returns distributions and top movers | POLICY-RISK-67-003 | ||
| POLICY-RISK-68-002 | TODO | SPRINT_0128_0001_0001_policy_reasoning | Risk Profile Schema Guild / src/Policy/StellaOps.Policy.RiskProfile | src/Policy/StellaOps.Policy.RiskProfile | Add override/adjustment support with audit metadata and validation for conflicting rules | POLICY-RISK-68-001 | ||
| POLICY-RISK-69-001 | TODO | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Notifications Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Emit events/notifications on profile publish, deprecate, and severity threshold changes | POLICY-RISK-68-002 | ||
| POLICY-RISK-70-001 | TODO | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Export Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Support exporting/importing profiles with signatures for air-gapped bundles | POLICY-RISK-69-001 | ||
| POLICY-RISK-90-001 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Scanner Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Ingest entropy penalty inputs from Scanner (entropy.report.json, layer_summary.json), extend trust algebra with configurable weights/caps, and expose explanations/metrics for opaque ratio penalties (docs/modules/scanner/entropy.md). |
|||
| POLICY-SPL-23-001 | TODO | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Language Infrastructure Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Define SPL v1 YAML + JSON Schema, including advisory rules, VEX precedence, severity mapping, exceptions, and layering metadata. Publish schema resources and validation fixtures | |||
| POLICY-SPL-23-002 | TODO | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Implement canonicalizer that normalizes policy packs | POLICY-SPL-23-001 | ||
| POLICY-SPL-23-003 | DONE (2025-11-26) | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Build policy layering/override engine | POLICY-SPL-23-002 | SplLayeringEngine + tests landed. |
|
| POLICY-SPL-23-004 | DONE (2025-11-26) | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Audit Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Design explanation tree model | POLICY-SPL-23-003 | Explanation tree emitted from evaluation; persistence follow-up. | |
| POLICY-SPL-23-005 | DONE (2025-11-26) | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, DevEx Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Create migration tool to snapshot existing behavior into baseline SPL packs | POLICY-SPL-23-004 | SplMigrationTool emits canonical SPL JSON from PolicyDocument. |
|
| POLICY-SPL-24-001 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Signals Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Extend SPL schema to expose reachability/exploitability predicates and weighting functions; update documentation and fixtures | POLICY-SPL-23-005 | |
| POLICY-TEN-48-001 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Add tenant_id/project_id columns, enable RLS, update evaluators to require tenant context, and emit rationale IDs including tenant metadata |
|||
| POLICY-VEX-401-006 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild (src/Policy/StellaOps.Policy.Engine, src/Policy/__Libraries/StellaOps.Policy) |
src/Policy/StellaOps.Policy.Engine, src/Policy/__Libraries/StellaOps.Policy |
Policy Engine consumes reachability facts, applies the deterministic score/label buckets (≥0.80 reachable, 0.30–0.79 conditional, <0.30 unreachable), emits OpenVEX with call-path proofs, and updates SPL schema with reachability.state/confidence predicates and suppression gates. |
|||
| POLICY-VEX-401-010 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild (src/Policy/StellaOps.Policy.Engine/Vex, docs/modules/policy/architecture.md, docs/benchmarks/vex-evidence-playbook.md) |
src/Policy/StellaOps.Policy.Engine/Vex, docs/modules/policy/architecture.md, docs/benchmarks/vex-evidence-playbook.md |
Implement VexDecisionEmitter to serialize per-finding OpenVEX, attach evidence hashes, request DSSE signatures, capture Rekor metadata, and publish artifacts following the bench playbook. |
|||
| PROBE-401-010 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Runtime Signals Guild (src/Signals/StellaOps.Signals.Runtime, ops/probes) |
src/Signals/StellaOps.Signals.Runtime, ops/probes |
||||
| PROMO-70-001 | TODO | SPRINT_0202_0001_0002_cli_ii | DevEx/CLI Guild, Provenance Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | ||||
| PROMO-70-002 | TODO | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild, Provenance Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | ||||
| PROV-BACKFILL-401-029 | DONE | 2025-11-27 | SPRINT_0401_0001_0001_reachability_evidence_chain | Platform Guild | docs/provenance/inline-dsse.md, scripts/publish_attestation_with_provenance.sh |
Backfill historical Mongo events with DSSE/Rekor metadata by resolving known attestations per subject digest (wiring ingestion helpers + endpoint tests in progress). | Depends on #1 | RBRE0101 |
| PROV-INDEX-401-030 | DONE | 2025-11-27 | SPRINT_0401_0001_0001_reachability_evidence_chain | Platform + Ops Guilds | docs/provenance/inline-dsse.md, ops/mongo/indices/events_provenance_indices.js |
Deploy provenance indexes (events_by_subject_kind_provenance, etc.) and expose compliance/replay queries. |
Depends on #3 | RBRE0101 |
| PROV-INLINE-401-028 | DONE | SPRINT_0401_0001_0001_reachability_evidence_chain | Authority Guild · Feedser Guild (docs/provenance/inline-dsse.md, src/__Libraries/StellaOps.Provenance.Mongo) |
docs/provenance/inline-dsse.md, src/__Libraries/StellaOps.Provenance.Mongo |
Extend Authority/Feedser event writers to attach inline DSSE + Rekor references on every SBOM/VEX/scan event using StellaOps.Provenance.Mongo. |
|||
| PROV-OBS-53-001 | DONE | 2025-11-17 | SPRINT_0513_0001_0001_provenance | Provenance Guild / src/Provenance/StellaOps.Provenance.Attestation |
src/Provenance/StellaOps.Provenance.Attestation | Implement DSSE/SLSA BuildDefinition + BuildMetadata models with canonical JSON serializer, Merkle digest helpers, deterministic hashing tests, and sample statements for orchestrator/job/export subjects. |
— | PROB0101 |
| PROV-OBS-53-002 | BLOCKED | SPRINT_0513_0001_0001_provenance | Provenance Guild · Security Guild | src/Provenance/StellaOps.Provenance.Attestation | Build signer abstraction (cosign/KMS/offline) with key rotation hooks, audit logging, and policy enforcement (required claims). Provide unit tests using fake signer + real cosign fixture. Dependencies: PROV-OBS-53-001. | Await CI rerun to clear MSB6006 and verify signer abstraction | PROB0101 | |
| PROV-OBS-53-003 | BLOCKED | SPRINT_0513_0001_0001_provenance | Provenance Guild | src/Provenance/StellaOps.Provenance.Attestation | Deliver PromotionAttestationBuilder that materialises the stella.ops/promotion@v1 predicate (image digest, SBOM/VEX materials, promotion metadata, Rekor proof) and feeds canonicalised payload bytes to Signer via StellaOps.Cryptography. |
Blocked on PROV-OBS-53-002 CI verification | PROB0101 | |
| PROV-OBS-54-001 | TODO | SPRINT_0513_0001_0001_provenance | Provenance Guild · Evidence Locker Guild | src/Provenance/StellaOps.Provenance.Attestation | Deliver verification library that validates DSSE signatures, Merkle roots, and timeline chain-of-custody, exposing reusable CLI/service APIs. Include negative-case fixtures and offline timestamp verification. Dependencies: PROV-OBS-53-002. | Starts after PROV-OBS-53-002 clears in CI | PROB0101 | |
| PROV-OBS-54-002 | TODO | SPRINT_0513_0001_0001_provenance | Provenance Guild · DevEx/CLI Guild | src/Provenance/StellaOps.Provenance.Attestation | Generate .NET global tool for local verification + embed command helpers for CLI stella forensic verify. Provide deterministic packaging and offline kit instructions. Dependencies: PROV-OBS-54-001. |
Starts after PROV-OBS-54-001 verification APIs stable | PROB0101 | |
| PY-32-001 | DONE | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | ||||
| PY-32-002 | DONE | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | ||||
| PY-33-001 | DONE | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | ||||
| PY-33-002 | DONE | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | ||||
| PY-34-001 | DONE | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | ||||
| QA-DOCS-401-008 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | QA & Docs Guilds (docs, tests/README.md) |
docs, tests/README.md |
Wire reachbench-2025-expanded fixtures into CI, document CAS layouts + replay steps in docs/reachability/DELIVERY_GUIDE.md, and publish operator runbook for runtime ingestion. |
|||
| QA-REACH-201-007 | TODO | SPRINT_400_runtime_facts_static_callgraph_union | QA Guild (tests/README.md) |
tests/README.md |
Integrate reachbench-2025-expanded fixture pack under tests/reachability/, add evaluator harness tests that validate reachable vs unreachable cases, and wire CI guidance for deterministic runs. |
|||
| REACH-201-001 | TODO | SPRINT_400_runtime_facts_static_callgraph_union | Zastava Observer Guild (src/Zastava/StellaOps.Zastava.Observer) |
src/Zastava/StellaOps.Zastava.Observer |
||||
| REACH-201-002 | DOING | 2025-11-08 | SPRINT_400_runtime_facts_static_callgraph_union | Scanner Worker Guild (src/Scanner/StellaOps.Scanner.Worker) |
src/Scanner/StellaOps.Scanner.Worker |
|||
| REACH-201-003 | DOING | 2025-11-08 | SPRINT_400_runtime_facts_static_callgraph_union | Signals Guild (src/Signals/StellaOps.Signals) |
src/Signals/StellaOps.Signals |
|||
| REACH-201-004 | DOING | 2025-11-08 | SPRINT_400_runtime_facts_static_callgraph_union | Signals Guild · Policy Guild (src/Signals/StellaOps.Signals, src/Policy/StellaOps.Policy.Engine) |
src/Signals/StellaOps.Signals, src/Policy/StellaOps.Policy.Engine |
|||
| REACH-201-005 | DOING | 2025-11-08 | SPRINT_400_runtime_facts_static_callgraph_union | BE-Base Platform Guild (src/__Libraries/StellaOps.Replay.Core) |
src/__Libraries/StellaOps.Replay.Core |
|||
| REACH-201-006 | TODO | SPRINT_400_runtime_facts_static_callgraph_union | Docs Guild (docs) |
|||||
| REACH-201-007 | TODO | SPRINT_400_runtime_facts_static_callgraph_union | QA Guild (tests/README.md) |
tests/README.md |
||||
| REACH-401-005 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Authority & Signer Guilds (src/Authority/StellaOps.Authority, src/Signer/StellaOps.Signer) |
src/Authority/StellaOps.Authority, src/Signer/StellaOps.Signer |
||||
| REACH-401-009 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Scanner Worker Guild (src/Scanner/StellaOps.Scanner.Worker, src/Scanner/__Libraries) |
src/Scanner/StellaOps.Scanner.Worker, src/Scanner/__Libraries |
||||
| REACH-LATTICE-401-023 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Scanner Guild · Policy Guild (docs/reachability/lattice.md, docs/modules/scanner/architecture.md, src/Scanner/StellaOps.Scanner.WebService) |
docs/reachability/lattice.md, docs/modules/scanner/architecture.md, src/Scanner/StellaOps.Scanner.WebService |
Define the reachability lattice model (ReachState, EvidenceKind, MitigationKind, scoring policy) in Scanner docs + code; ensure evidence joins write to the event graph schema. |
|||
| READINESS-0001 | TODO | SPRINT_0325_0001_0001_docs_modules_policy | Policy Guild (docs/modules/policy) | docs/modules/policy | ||||
| READINESS-0002 | TODO | SPRINT_0325_0001_0001_docs_modules_policy | Policy Guild (docs/modules/policy) | docs/modules/policy | ||||
| RECIPES-DOCS-0001 | TODO | SPRINT_315_docs_modules_ci | Docs Guild (docs/modules/ci) | docs/modules/ci | ||||
| RECIPES-ENG-0001 | TODO | SPRINT_315_docs_modules_ci | Module Team (docs/modules/ci) | docs/modules/ci | ||||
| RECIPES-OPS-0001 | TODO | SPRINT_315_docs_modules_ci | Ops Guild (docs/modules/ci) | docs/modules/ci | ||||
| REG-41-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0154_0001_0001_packsregistry | Packs Registry Guild (src/PacksRegistry/StellaOps.PacksRegistry) | src/PacksRegistry/StellaOps.PacksRegistry | |||
| REG-42-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0154_0001_0001_packsregistry | Packs Registry Guild (src/PacksRegistry/StellaOps.PacksRegistry) | src/PacksRegistry/StellaOps.PacksRegistry | |||
| REG-43-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0154_0001_0001_packsregistry | Packs Registry Guild (src/PacksRegistry/StellaOps.PacksRegistry) | src/PacksRegistry/StellaOps.PacksRegistry | |||
| REGISTRY-API-27-001 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Define OpenAPI specification covering workspaces, versions, reviews, simulations, promotions, and attestations; publish typed clients for Console/CLI | |||
| REGISTRY-API-27-002 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Implement workspace storage | REGISTRY-API-27-001 | ||
| REGISTRY-API-27-003 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Integrate compile endpoint: forward source bundle to Policy Engine, persist diagnostics, symbol table, rule index, and complexity metrics | REGISTRY-API-27-002 | ||
| REGISTRY-API-27-004 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Implement quick simulation API with request limits | REGISTRY-API-27-003 | ||
| REGISTRY-API-27-005 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild, Scheduler Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Build batch simulation orchestration: enqueue shards, collect partials, reduce deltas, produce evidence bundles + signed manifest | REGISTRY-API-27-004 | ||
| REGISTRY-API-27-006 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Implement review workflow | REGISTRY-API-27-005 | ||
| REGISTRY-API-27-007 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild, Security Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Implement publish pipeline: sign source/compiled digests, create attestations, mark version immutable, emit events | REGISTRY-API-27-006 | ||
| REGISTRY-API-27-008 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Implement promotion bindings per tenant/environment with canary subsets, rollback path, and environment history | REGISTRY-API-27-007 | ||
| REGISTRY-API-27-009 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild, Observability Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Instrument metrics/logs/traces | REGISTRY-API-27-008 | ||
| REGISTRY-API-27-010 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild, QA Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Build unit/integration/load test suites for compile/sim/review/publish/promote flows; provide seeded fixtures for CI | REGISTRY-API-27-009 | ||
| REL-17-004 | BLOCKED | 2025-10-26 | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild (ops/devops) | ops/devops | |||
| REP-004 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | BE-Base Platform Guild (src/__Libraries/StellaOps.Replay.Core, docs/replay/DETERMINISTIC_REPLAY.md) |
src/__Libraries/StellaOps.Replay.Core, docs/replay/DETERMINISTIC_REPLAY.md |
||||
| REPLAY-185-003 | TODO | SPRINT_0185_0001_0001_shared_replay_primitives | Docs Guild, Platform Data Guild (docs) | |||||
| REPLAY-185-004 | TODO | SPRINT_0185_0001_0001_shared_replay_primitives | Docs Guild (docs) | |||||
| REPLAY-186-001 | TODO | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild (src/Scanner/StellaOps.Scanner.WebService, docs/modules/scanner/architecture.md) |
src/Scanner/StellaOps.Scanner.WebService, docs/modules/scanner/architecture.md |
||||
| REPLAY-186-002 | TODO | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild (src/Scanner/StellaOps.Scanner.Worker, docs/modules/scanner/deterministic-execution.md) |
src/Scanner/StellaOps.Scanner.Worker, docs/modules/scanner/deterministic-execution.md |
||||
| REPLAY-186-003 | TODO | SPRINT_0186_0001_0001_record_deterministic_execution | Signing Guild (src/Signer/StellaOps.Signer, src/Authority/StellaOps.Authority) |
src/Signer/StellaOps.Signer, src/Authority/StellaOps.Authority |
||||
| REPLAY-186-004 | TODO | SPRINT_0186_0001_0001_record_deterministic_execution | Docs Guild (docs) |
|||||
| REPLAY-187-001 | TODO | SPRINT_160_export_evidence | Evidence Locker Guild · docs/modules/evidence-locker/architecture.md | docs/modules/evidence-locker/architecture.md | ||||
| REPLAY-187-002 | TODO | SPRINT_160_export_evidence | CLI Guild · docs/modules/cli/architecture.md |
docs/modules/cli/architecture.md | ||||
| REPLAY-187-003 | TODO | SPRINT_0187_0001_0001_evidence_locker_cli_integration | Attestor Guild (src/Attestor/StellaOps.Attestor, docs/modules/attestor/architecture.md) |
src/Attestor/StellaOps.Attestor, docs/modules/attestor/architecture.md |
||||
| REPLAY-187-004 | TODO | SPRINT_160_export_evidence | Docs/Ops Guild · /docs/runbooks/replay_ops.md |
docs/runbooks/replay_ops.md | ||||
| REPLAY-401-004 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | BE-Base Platform Guild (src/__Libraries/StellaOps.Replay.Core) |
src/__Libraries/StellaOps.Replay.Core |
Bump replay manifest to v2 (feeds, analyzers, policies), have ReachabilityReplayWriter enforce CAS registration + hash sorting, and add deterministic tests to tests/reachability/StellaOps.Reachability.FixtureTests. |
|||
| REPLAY-CORE-185-001 | TODO | SPRINT_0185_0001_0001_shared_replay_primitives | Platform Guild | src/__Libraries/StellaOps.Replay.Core |
Scaffold StellaOps.Replay.Core with manifest schema types, canonical JSON rules, Merkle utilities, and DSSE payload builders; add AGENTS.md/TASKS.md for the new library; cross-reference docs/replay/DETERMINISTIC_REPLAY.md section 3 when updating the library charter. |
Mirrors #1 | RLRC0101 | |
| REPLAY-CORE-185-002 | TODO | SPRINT_0185_0001_0001_shared_replay_primitives | Platform Guild | src/__Libraries/StellaOps.Replay.Core | Implement deterministic bundle writer (tar.zst, CAS naming) and hashing abstractions, updating docs/modules/platform/architecture-overview.md with a “Replay CAS” subsection that documents layout/retention expectations. |
Mirrors #2 | RLRC0101 | |
| REPLAY-CORE-185-003 | TODO | SPRINT_0185_0001_0001_shared_replay_primitives | Platform Data Guild | src/__Libraries/StellaOps.Replay.Core | Define Mongo collections (replay_runs, replay_bundles, replay_subjects) and indices, then author docs/data/replay_schema.md detailing schema fields, constraints, and offline sync strategy. |
Mirrors #3 | RLRC0101 | |
| REPLAY-REACH-201-005 | DOING | 2025-11-08 | SPRINT_400_runtime_facts_static_callgraph_union | BE-Base Platform Guild (src/__Libraries/StellaOps.Replay.Core) |
src/__Libraries/StellaOps.Replay.Core |
Update StellaOps.Replay.Core manifest schema + bundle writer so replay packs capture reachability graphs, runtime traces, analyzer versions, and evidence hashes; document new CAS namespace. |
||
| RISK-66-001 | TODO | SPRINT_115_concelier_iv | Concelier Core Guild, Risk Engine Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | ||||
| RISK-66-002 | TODO | SPRINT_115_concelier_iv | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | ||||
| RISK-66-003 | TODO | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild, Risk Profile Schema Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-RISK-66-002 | |||
| RISK-66-004 | TODO | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild, Risk Profile Schema Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | POLICY-RISK-66-003 | |||
| RISK-67-001 | TODO | SPRINT_115_concelier_iv | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | ||||
| RISK-67-002 | TODO | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-RISK-67-001 | |||
| RISK-67-003 | BLOCKED (2025-11-26) | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Risk Engine Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | POLICY-RISK-67-002 | Blocked by missing risk profile schema + lifecycle API contract. | ||
| RISK-67-004 | TODO | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild, CLI Guild (docs) | |||||
| RISK-68-001 | TODO | SPRINT_115_concelier_iv | Concelier Core Guild, Policy Studio Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | ||||
| RISK-68-002 | TODO | SPRINT_0128_0001_0001_policy_reasoning | Risk Profile Schema Guild / src/Policy/StellaOps.Policy.RiskProfile | src/Policy/StellaOps.Policy.RiskProfile | POLICY-RISK-68-001 | |||
| RISK-69-001 | TODO | SPRINT_115_concelier_iv | Concelier Core Guild, Notifications Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | ||||
| RISK-69-002 | TODO | SPRINT_163_exportcenter_ii | Exporter Service Guild, Risk Engine Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | ||||
| RISK-70-001 | TODO | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Export Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-RISK-69-001 | |||
| RISK-90-001 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Scanner Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | ||||
| RISK-BUNDLE-69-001 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | Risk Bundle Export Guild, Risk Engine Guild (src/ExportCenter/StellaOps.ExportCenter.RiskBundles) | src/ExportCenter/StellaOps.ExportCenter.RiskBundles | Implement stella export risk-bundle job producing tarball with provider datasets, manifests, and DSSE signatures. |
|||
| RISK-BUNDLE-69-002 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | Risk Bundle Export Guild, DevOps Guild (src/ExportCenter/StellaOps.ExportCenter.RiskBundles) | src/ExportCenter/StellaOps.ExportCenter.RiskBundles | Integrate bundle job into CI/offline kit pipelines with checksum publication. Dependencies: RISK-BUNDLE-69-001. | |||
| RISK-BUNDLE-70-001 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | Risk Bundle Export Guild, CLI Guild (src/ExportCenter/StellaOps.ExportCenter.RiskBundles) | src/ExportCenter/StellaOps.ExportCenter.RiskBundles | Provide CLI stella risk bundle verify command to validate bundles before import. Dependencies: RISK-BUNDLE-69-002. |
|||
| RISK-BUNDLE-70-002 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | Risk Bundle Export Guild, Docs Guild (src/ExportCenter/StellaOps.ExportCenter.RiskBundles) | src/ExportCenter/StellaOps.ExportCenter.RiskBundles | Publish /docs/airgap/risk-bundles.md detailing build/import/verification workflows. Dependencies: RISK-BUNDLE-70-001. |
|||
| RISK-ENGINE-66-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Scaffold scoring service (job queue, worker loop, provider registry) with deterministic execution harness | ||
| RISK-ENGINE-66-002 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Implement default transforms | RISK-ENGINE-66-001 | |
| RISK-ENGINE-67-001 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild, Concelier Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Integrate CVSS and KEV providers pulling data from Conseiller; implement reducers | RISK-ENGINE-66-002 | |
| RISK-ENGINE-67-002 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild, Excitor Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Integrate VEX gate provider and ensure gating short-circuits scoring as configured | RISK-ENGINE-67-001 | |
| RISK-ENGINE-67-003 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild, Policy Engine Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Add fix availability, asset criticality, and internet exposure providers with caching + TTL enforcement | RISK-ENGINE-67-002 | |
| RISK-ENGINE-68-001 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild, Findings Ledger Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Persist scoring results + explanation pointers to Findings Ledger; handle incremental updates via input hash | RISK-ENGINE-67-003 | |
| RISK-ENGINE-68-002 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild, API Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Expose APIs | RISK-ENGINE-68-001 | |
| RISK-ENGINE-69-001 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild, Policy Studio Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Implement simulation mode producing distributions and top movers without mutating ledger | RISK-ENGINE-68-002 | ||
| RISK-ENGINE-69-002 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild, Observability Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Add telemetry | RISK-ENGINE-69-001 | ||
| RISK-ENGINE-70-001 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild, Export Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Support offline provider bundles with manifest verification and missing-data reporting | RISK-ENGINE-69-002 | ||
| RISK-ENGINE-70-002 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild, Observability Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Integrate runtime evidence provider and reachability provider outputs with caching + TTL | RISK-ENGINE-70-001 | ||
| RULES-33-001 | REVIEW (2025-10-30) | 2025-10-30 | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild, Platform Leads (ops/devops) | ops/devops | |||
| RUNBOOK-401-017 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · Ops Guild (docs/runbooks/reachability-runtime.md, docs/reachability/DELIVERY_GUIDE.md) |
docs/runbooks/reachability-runtime.md, docs/reachability/DELIVERY_GUIDE.md |
||||
| RUNBOOK-55-001 | TODO | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild, Ops Guild (docs) | |||||
| RUNBOOK-REPLAY-187-004 | TODO | SPRINT_160_export_evidence | Docs/Ops Guild · /docs/runbooks/replay_ops.md |
docs/runbooks/replay_ops.md | Docs/Ops Guild · /docs/runbooks/replay_ops.md |
|||
| RUNTIME-401-002 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild (src/Signals/StellaOps.Signals) |
src/Signals/StellaOps.Signals |
||||
| RUNTIME-PROBE-401-010 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Runtime Signals Guild (src/Signals/StellaOps.Signals.Runtime, ops/probes) |
src/Signals/StellaOps.Signals.Runtime, ops/probes |
Implement lightweight runtime probes (EventPipe/.NET, JFR/JVM) that capture method enter events for the target components, package them as CAS traces, and feed them into the Signals ingestion pipeline. | |||
| SAMPLES-GRAPH-24-003 | DONE (2025-12-02) | SPRINT_509_samples | Samples Guild, SBOM Service Guild (samples) | Generate large-scale SBOM graph fixture (≈40k nodes) with policy overlay snapshot for performance/perf regression suites. | ||||
| SAMPLES-GRAPH-24-004 | DONE (2025-12-02) | SPRINT_509_samples | Samples Guild, UI Guild (samples) | Create vulnerability explorer JSON/CSV fixtures capturing conflicting evidence and policy outputs for UI/CLI automated tests. Dependencies: SAMPLES-GRAPH-24-003 (delivered at samples/graph/graph-40k). | ||||
| SAMPLES-LNM-22-001 | BLOCKED | 2025-10-27 | SPRINT_509_samples | Samples Guild, Concelier Guild (samples) | Create advisory observation/linkset fixtures (NVD, GHSA, OSV disagreements) for API/CLI/UI tests with documented conflicts. Waiting on finalized schema/linkset outputs. | |||
| SAMPLES-LNM-22-002 | BLOCKED | 2025-10-27 | SPRINT_509_samples | Samples Guild, Excititor Guild (samples) | Produce VEX observation/linkset fixtures demonstrating status conflicts and path relevance; include raw blobs. Pending Excititor observation/linkset implementation. Dependencies: SAMPLES-LNM-22-001. | |||
| SBOM-60-001 | TODO | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | ||||
| SBOM-60-002 | TODO | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | ||||
| SBOM-AIAI-31-001 | TODO | SPRINT_0140_0001_0001_runtime_signals | — | Advisory AI path/timeline endpoints specced; awaiting projection schema finalization. | — | DOAI0101 | ||
| SBOM-AIAI-31-002 | TODO | SPRINT_0140_0001_0001_runtime_signals | Metrics/dashboards tied to 31-001; blocked on the same schema availability. | |||||
| SBOM-AIAI-31-003 | BLOCKED | 2025-11-18 | SPRINT_0111_0001_0001_advisoryai | SBOM Service Guild · Advisory AI Guild (src/SbomService/StellaOps.SbomService) | src/SbomService/StellaOps.SbomService | Publish the Advisory AI hand-off kit for /v1/sbom/context, share base URL/API key + tenant header contract, and run a joint end-to-end retrieval smoke test with Advisory AI. |
SBOM-AIAI-31-001 projection kit/fixtures | ADAI0101 |
| SBOM-CONSOLE-23-001 | TODO | SPRINT_0140_0001_0001_runtime_signals | Console catalog API draft complete; depends on Concelier/Cartographer payload definitions. | |||||
| SBOM-CONSOLE-23-002 | TODO | SPRINT_0140_0001_0001_runtime_signals | Global component lookup API needs 23-001 responses + cache hints before work can start. | |||||
| SBOM-DET-01 | TODO | SPRINT_0209_0001_0001_ui_i | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | ||||
| SBOM-ORCH-32-001 | TODO | SPRINT_0140_0001_0001_runtime_signals | Orchestrator registration is sequenced after projection schema because payload shapes map into job metadata. | |||||
| SBOM-ORCH-33-001 | TODO | SPRINT_0140_0001_0001_runtime_signals | Backpressure/telemetry features depend on 32-001 workers. | |||||
| SBOM-ORCH-34-001 | TODO | SPRINT_0140_0001_0001_runtime_signals | Backfill + watermark logic requires the orchestrator integration from 33-001. | |||||
| SBOM-SERVICE-21-001 | DONE | 2025-11-23 | SPRINT_0140_0001_0001_runtime_signals | SBOM Service Guild | src/SbomService/StellaOps.SbomService | Projection read API wired with in-memory fallback + WAF config; dotnet test --filter ProjectionEndpointTests now passes (400/200 paths) and duplicate test package warnings cleared. |
CONCELIER-GRAPH-21-001; CARTO-GRAPH-21-002 | |
| SBOM-SERVICE-21-002 | TODO | SPRINT_0142_0001_0001_sbomservice | Depends on 21-001; events/replay tooling to follow once fixtures land. | |||||
| SBOM-SERVICE-21-003 | TODO | SPRINT_0142_0001_0001_sbomservice | Entrypoint/service node management, pending 21-002 events. | |||||
| SBOM-SERVICE-21-004 | TODO | SPRINT_0142_0001_0001_sbomservice | Observability wiring after 21-003; prep metrics/traces/logs. | |||||
| SBOM-SERVICE-23-001 | TODO | SPRINT_0140_0001_0001_runtime_signals | Asset metadata extensions queued once 21-004 observability baseline exists. | |||||
| SBOM-SERVICE-23-002 | TODO | SPRINT_0140_0001_0001_runtime_signals | Asset update events depend on 23-001 schema. | |||||
| SBOM-VULN-29-001 | TODO | SPRINT_0140_0001_0001_runtime_signals | Inventory evidence feed deferred until projection schema + runtime align. | |||||
| SBOM-VULN-29-002 | TODO | SPRINT_0140_0001_0001_runtime_signals | Resolver feed requires 29-001 event payloads. | |||||
| SCAN-001 | TODO | SPRINT_400_runtime_facts_static_callgraph_union | Scanner Worker Guild (src/Scanner/StellaOps.Scanner.Worker, docs/modules/scanner/architecture.md, docs/reachability/function-level-evidence.md) |
src/Scanner/StellaOps.Scanner.Worker, docs/modules/scanner/architecture.md, docs/reachability/function-level-evidence.md |
||||
| SCAN-90-004 | TODO | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild, Scanner Guild (ops/devops) | ops/devops | ||||
| SCAN-DETER-186-008 | DONE (2025-11-26) | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild · Provenance Guild | src/Scanner/StellaOps.Scanner.WebService, src/Scanner/StellaOps.Scanner.Worker |
Add deterministic execution switches to Scanner (fixed clock, RNG seed, concurrency cap, feed/policy snapshot pins, log filtering) available via CLI/env/config so repeated runs stay hermetic. | ENTROPY-186-012 & SCANNER-ENV-02 | SCDE0102 | |
| SCAN-DETER-186-009 | DONE (2025-11-27) | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild, QA Guild (src/Scanner/StellaOps.Scanner.Replay, src/Scanner/__Tests) |
src/Scanner/StellaOps.Scanner.Replay, src/Scanner/__Tests |
Build a determinism harness that replays N scans per image, canonicalises SBOM/VEX/findings/log outputs, and records per-run hash matrices (see docs/modules/scanner/determinism-score.md). |
|||
| SCAN-DETER-186-010 | DONE (2025-11-27) | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild, Export Center Guild (src/Scanner/StellaOps.Scanner.WebService, docs/modules/scanner/operations/release.md) |
src/Scanner/StellaOps.Scanner.WebService, docs/modules/scanner/operations/release.md |
Emit and publish determinism.json (scores, artifact hashes, non-identical diffs) alongside each scanner release via CAS/object storage APIs (documented in docs/modules/scanner/determinism-score.md). |
|||
| SCAN-ENTROPY-186-011 | DONE (2025-11-26) | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild (src/Scanner/StellaOps.Scanner.Worker, src/Scanner/__Libraries) |
src/Scanner/StellaOps.Scanner.Worker, src/Scanner/__Libraries |
Implement entropy analysis for ELF/PE/Mach-O executables and large opaque blobs (sliding-window metrics, section heuristics), flagging high-entropy regions and recording offsets/hints (see docs/modules/scanner/entropy.md). |
|||
| SCAN-ENTROPY-186-012 | DONE (2025-11-26) | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild, Provenance Guild (src/Scanner/StellaOps.Scanner.WebService, docs/replay/DETERMINISTIC_REPLAY.md) |
src/Scanner/StellaOps.Scanner.WebService, docs/replay/DETERMINISTIC_REPLAY.md |
Generate entropy.report.json and image-level penalties, attach evidence to scan manifests/attestations, and expose opaque ratios for downstream policy engines (docs/modules/scanner/entropy.md). |
|||
| SCAN-REACH-201-002 | DOING | 2025-11-08 | SPRINT_400_runtime_facts_static_callgraph_union | Scanner Worker Guild (src/Scanner/StellaOps.Scanner.Worker) |
src/Scanner/StellaOps.Scanner.Worker |
Ship language-aware static lifters (JVM, .NET/Roslyn+IL, Go SSA, Node/Deno TS AST, Rust MIR, Swift SIL, shell/binary analyzers) in Scanner Worker; emit canonical SymbolIDs, CAS-stored graphs, and attach reachability tags to SBOM components. | ||
| SCAN-REACH-401-009 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Scanner Worker Guild (src/Scanner/StellaOps.Scanner.Worker, src/Scanner/__Libraries) |
src/Scanner/StellaOps.Scanner.Worker, src/Scanner/__Libraries |
Ship .NET/JVM symbolizers and call-graph generators (roots, edges, framework adapters), merge results into component-level reachability manifests, and back them with golden fixtures. | |||
| SCAN-REPLAY-186-001 | DONE (2025-11-26) | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild (src/Scanner/StellaOps.Scanner.WebService, docs/modules/scanner/architecture.md) |
src/Scanner/StellaOps.Scanner.WebService, docs/modules/scanner/architecture.md |
Implement record mode in StellaOps.Scanner.WebService (manifest assembly, policy/feed/tool hash capture, CAS uploads) and document the workflow in docs/modules/scanner/architecture.md with references to docs/replay/DETERMINISTIC_REPLAY.md Section 6. |
|||
| SCAN-REPLAY-186-002 | DOING (2025-11-27) | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild (src/Scanner/StellaOps.Scanner.Worker, docs/modules/scanner/deterministic-execution.md) |
src/Scanner/StellaOps.Scanner.Worker, docs/modules/scanner/deterministic-execution.md |
Update StellaOps.Scanner.Worker analyzers to consume sealed input bundles, enforce deterministic ordering, and contribute Merkle metadata; extend docs/modules/scanner/deterministic-execution.md (new) summarising invariants drawn from docs/replay/DETERMINISTIC_REPLAY.md Section 4. |
|||
| SCANNER-ANALYZERS-DENO-26-001 | DONE | SPRINT_130_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Build the deterministic input normalizer + VFS merger for deno.json(c), import maps, lockfiles, vendor trees, $DENO_DIR, and OCI layers so analyzers have a canonical file view. |
|||
| SCANNER-ANALYZERS-DENO-26-002 | DONE | SPRINT_130_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Implement the module graph resolver covering static/dynamic imports, npm bridge, cache lookups, built-ins, WASM/JSON assertions, and annotate edges with their resolution provenance. | SCANNER-ANALYZERS-DENO-26-001 | ||
| SCANNER-ANALYZERS-DENO-26-003 | DONE | SPRINT_130_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Ship the npm/node compatibility adapter that maps npm: specifiers, evaluates exports conditionals, and logs builtin usage for policy overlays. |
SCANNER-ANALYZERS-DENO-26-002 | ||
| SCANNER-ANALYZERS-DENO-26-004 | DONE | SPRINT_130_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Add the permission/capability analyzer covering FS/net/env/process/crypto/FFI/workers plus dynamic-import + literal fetch heuristics with reason codes. | SCANNER-ANALYZERS-DENO-26-003 | ||
| SCANNER-ANALYZERS-DENO-26-005 | DONE | SPRINT_130_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Build bundle/binary inspectors for eszip and deno compile executables to recover graphs, configs, embedded resources, and snapshots. |
SCANNER-ANALYZERS-DENO-26-004 | ||
| SCANNER-ANALYZERS-DENO-26-006 | DONE | SPRINT_130_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Implement the OCI/container adapter that stitches per-layer Deno caches, vendor trees, and compiled binaries back into provenance-aware analyzer inputs. | SCANNER-ANALYZERS-DENO-26-005 | ||
| SCANNER-ANALYZERS-DENO-26-007 | DONE | SPRINT_130_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Produce AOC-compliant observation writers (entrypoints, modules, capability edges, workers, warnings, binaries) with deterministic reason codes. | SCANNER-ANALYZERS-DENO-26-006 | ||
| SCANNER-ANALYZERS-DENO-26-008 | DONE | SPRINT_130_scanner_surface | Deno Analyzer Guild, QA Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Finalize fixture + benchmark suite (vendor/npm/FFI/worker/dynamic import/bundle/cache/container cases) validating analyzer determinism and performance. | SCANNER-ANALYZERS-DENO-26-007 | ||
| SCANNER-ANALYZERS-DENO-26-009 | DONE (2025-11-24) | 2025-11-24 | SPRINT_0131_0001_0001_scanner_surface | Deno Analyzer Guild, Signals Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Optional runtime evidence hooks (loader/require shim) capturing module loads + permissions during harnessed execution with path hashing. | SCANNER-ANALYZERS-DENO-26-008 | — |
| SCANNER-ANALYZERS-DENO-26-010 | DONE (2025-11-24) | 2025-11-24 | SPRINT_0131_0001_0001_scanner_surface | Deno Analyzer Guild, DevOps Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Package analyzer plug-in, add CLI (stella deno inspect, stella deno resolve, stella deno trace) commands, update Offline Kit docs, ensure Worker integration. |
SCANNER-ANALYZERS-DENO-26-009 | — |
| SCANNER-ANALYZERS-DENO-26-011 | DONE (2025-11-24) | 2025-11-24 | SPRINT_0131_0001_0001_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Policy signal emitter: net/fs/env/ffi/process/crypto capabilities, remote origin list, npm usage, wasm modules, dynamic-import warnings. | SCANNER-ANALYZERS-DENO-26-010 | — |
| SCANNER-ANALYZERS-JAVA-21-005 | TODO | SPRINT_131_scanner_surface | Java Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Framework config extraction: Spring Boot imports, spring.factories, application properties/yaml, Jakarta web.xml & fragments, JAX-RS/JPA/CDI/JAXB configs, logging files, Graal native-image configs. | |||
| SCANNER-ANALYZERS-JAVA-21-006 | TODO | SPRINT_131_scanner_surface | Java Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | JNI/native hint scanner: detect native methods, System.load/Library literals, bundled native libs, Graal JNI configs; emit jni-load edges for native analyzer correlation. |
SCANNER-ANALYZERS-JAVA-21-005 | ||
| SCANNER-ANALYZERS-JAVA-21-007 | TODO | SPRINT_131_scanner_surface | Java Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Signature and manifest metadata collector: verify JAR signature structure, capture signers, manifest loader attributes (Main-Class, Agent-Class, Start-Class, Class-Path). | SCANNER-ANALYZERS-JAVA-21-006 | ||
| SCANNER-ANALYZERS-JAVA-21-008 | BLOCKED | 2025-10-27 | SPRINT_131_scanner_surface | Java Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Implement resolver + AOC writer: produce entrypoints (env profiles, warnings), components (jar_id + semantic ids), edges (jpms, cp, spi, reflect, jni) with reason codes/confidence. | SCANNER-ANALYZERS-JAVA-21-007 | |
| SCANNER-ANALYZERS-JAVA-21-009 | TODO | SPRINT_131_scanner_surface | Java Analyzer Guild, QA Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Author comprehensive fixtures (modular app, boot fat jar, war, ear, MR-jar, jlink image, JNI, reflection heavy, signed jar, microprofile) with golden outputs and perf benchmarks. | SCANNER-ANALYZERS-JAVA-21-008 | ||
| SCANNER-ANALYZERS-JAVA-21-010 | TODO | SPRINT_131_scanner_surface | Java Analyzer Guild, Signals Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Optional runtime ingestion: Java agent + JFR reader capturing class load, ServiceLoader, and System.load events with path scrubbing. Emit append-only runtime edges runtime-class/runtime-spi/runtime-load. |
SCANNER-ANALYZERS-JAVA-21-009 | ||
| SCANNER-ANALYZERS-JAVA-21-011 | TODO | SPRINT_131_scanner_surface | Java Analyzer Guild, DevOps Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Package analyzer as restart-time plug-in (manifest/DI), update Offline Kit docs, add CLI/worker hooks for Java inspection commands. | SCANNER-ANALYZERS-JAVA-21-010 | ||
| SCANNER-ANALYZERS-LANG-11-001 | TODO | SPRINT_131_scanner_surface | StellaOps.Scanner EPDR Guild, Language Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Build entrypoint resolver that maps project/publish artifacts to entrypoint identities (assembly name, MVID, TFM, RID) and environment profiles (publish mode, host kind, probing paths). Output normalized entrypoints[] records with deterministic IDs. |
SCANNER-ANALYZERS-LANG-10-309 | ||
| SCANNER-ANALYZERS-LANG-11-002 | TODO | SPRINT_0132_0001_0001_scanner_surface | StellaOps.Scanner EPDR Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Implement static analyzer (IL + reflection heuristics) capturing AssemblyRef, ModuleRef/PInvoke, DynamicDependency, reflection literals, DI patterns, and custom AssemblyLoadContext probing hints. Emit dependency edges with reason codes and confidence. | SCANNER-ANALYZERS-LANG-11-001 | ||
| SCANNER-ANALYZERS-LANG-11-003 | TODO | SPRINT_0132_0001_0001_scanner_surface | StellaOps.Scanner EPDR Guild, Signals Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Ingest optional runtime evidence (AssemblyLoad, Resolving, P/Invoke) via event listener harness; merge runtime edges with static/declared ones and attach reason codes/confidence. | SCANNER-ANALYZERS-LANG-11-002 | ||
| SCANNER-ANALYZERS-LANG-11-004 | TODO | SPRINT_0132_0001_0001_scanner_surface | StellaOps.Scanner EPDR Guild, SBOM Service Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Produce normalized observation export to Scanner writer: entrypoints + dependency edges + environment profiles (AOC compliant). Wire to SBOM service entrypoint tagging. | SCANNER-ANALYZERS-LANG-11-003 | ||
| SCANNER-ANALYZERS-LANG-11-005 | TODO | SPRINT_0132_0001_0001_scanner_surface | StellaOps.Scanner EPDR Guild, QA Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Add comprehensive fixtures/benchmarks covering framework-dependent, self-contained, single-file, trimmed, NativeAOT, multi-RID scenarios; include explain traces and perf benchmarks vs previous analyzer. | SCANNER-ANALYZERS-LANG-11-004 | ||
| SCANNER-ANALYZERS-NATIVE-20-001 | TODO | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Implement format detector and binary identity model supporting ELF, PE/COFF, and Mach-O (including fat slices). Capture arch, OS, build-id/UUID, interpreter metadata. | |||
| SCANNER-ANALYZERS-NATIVE-20-002 | TODO | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Parse ELF dynamic sections: DT_NEEDED, DT_RPATH, DT_RUNPATH, symbol versions, interpreter, and note build-id. Emit declared dependency records with reason elf-dtneeded and attach version needs. |
SCANNER-ANALYZERS-NATIVE-20-001 | ||
| SCANNER-ANALYZERS-NATIVE-20-003 | TODO | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Parse PE imports, delay-load tables, manifests/SxS metadata, and subsystem flags. Emit edges with reasons pe-import and pe-delayimport, plus SxS policy metadata. |
SCANNER-ANALYZERS-NATIVE-20-002 | ||
| SCANNER-ANALYZERS-NATIVE-20-004 | TODO | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Parse Mach-O load commands (LC_LOAD_DYLIB, LC_REEXPORT_DYLIB, LC_RPATH, LC_UUID, fat headers). Handle @rpath/@loader_path placeholders and slice separation. |
SCANNER-ANALYZERS-NATIVE-20-003 | ||
| SCANNER-ANALYZERS-NATIVE-20-005 | TODO | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Implement resolver engine modeling loader search order for ELF (rpath/runpath/cache/default), PE (SafeDll search + SxS), and Mach-O (@rpath expansion). Works against virtual image roots, producing explain traces. |
SCANNER-ANALYZERS-NATIVE-20-004 | ||
| SCANNER-ANALYZERS-NATIVE-20-006 | TODO | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Build heuristic scanner for dlopen/LoadLibrary strings, plugin ecosystem configs, and Go/Rust static hints. Emit edges with reason_code (string-dlopen, config-plugin, ecosystem-heuristic) and confidence levels. |
SCANNER-ANALYZERS-NATIVE-20-005 | ||
| SCANNER-ANALYZERS-NATIVE-20-007 | TODO | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild, SBOM Service Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Serialize AOC-compliant observations: entrypoints + dependency edges + environment profiles (search paths, interpreter, loader metadata). Integrate with Scanner writer API. | SCANNER-ANALYZERS-NATIVE-20-006 | ||
| SCANNER-ANALYZERS-NATIVE-20-008 | TODO | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild, QA Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Author cross-platform fixtures (ELF dynamic/static, PE delay-load/SxS, Mach-O @rpath, plugin configs) and determinism benchmarks (<25 ms / binary, <250 MB). | SCANNER-ANALYZERS-NATIVE-20-007 | ||
| SCANNER-ANALYZERS-NATIVE-20-009 | TODO | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild, Signals Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Provide optional runtime capture adapters (Linux eBPF dlopen, Windows ETW ImageLoad, macOS dyld interpose) writing append-only runtime evidence. Include redaction/sandbox guidance. |
SCANNER-ANALYZERS-NATIVE-20-008 | ||
| SCANNER-ANALYZERS-NATIVE-20-010 | TODO | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild, DevOps Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Package native analyzer as restart-time plug-in with manifest/DI registration; update Offline Kit bundle + documentation. | SCANNER-ANALYZERS-NATIVE-20-009 | ||
| SCANNER-ANALYZERS-NODE-22-001 | TODO | SPRINT_0132_0001_0001_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Build input normalizer + VFS for Node projects: dirs, tgz, container layers, pnpm store, Yarn PnP zips; detect Node version targets (.nvmrc, .node-version, Dockerfile) and workspace roots deterministically. |
|||
| SCANNER-ANALYZERS-NODE-22-002 | TODO | SPRINT_0132_0001_0001_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Implement entrypoint discovery (bin/main/module/exports/imports, workers, electron, shebang scripts) and condition set builder per entrypoint. | SCANNER-ANALYZERS-NODE-22-001 | ||
| SCANNER-ANALYZERS-NODE-22-003 | TODO | SPRINT_0132_0001_0001_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Parse JS/TS sources for static import, require, import() and string concat cases; flag dynamic patterns with confidence levels; support source map de-bundling. |
SCANNER-ANALYZERS-NODE-22-002 | ||
| SCANNER-ANALYZERS-NODE-22-004 | TODO | SPRINT_0132_0001_0001_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Implement Node resolver engine for CJS + ESM (core modules, exports/imports maps, conditions, extension priorities, self-references) parameterised by node_version. | SCANNER-ANALYZERS-NODE-22-003 | ||
| SCANNER-ANALYZERS-NODE-22-005 | TODO | SPRINT_0132_0001_0001_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Add package manager adapters: Yarn PnP (.pnp.data/.pnp.cjs), pnpm virtual store, npm/Yarn classic hoists; operate entirely in virtual FS. | SCANNER-ANALYZERS-NODE-22-004 | ||
| SCANNER-ANALYZERS-NODE-22-006 | TODO | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Detect bundles + source maps, reconstruct module specifiers, and correlate to original paths; support dual CJS/ESM graphs with conditions. | SCANNER-ANALYZERS-NODE-22-005 | ||
| SCANNER-ANALYZERS-NODE-22-007 | TODO | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Scan for native addons (.node), WASM modules, and core capability signals (child_process, vm, worker_threads); emit hint edges and native metadata. | SCANNER-ANALYZERS-NODE-22-006 | ||
| SCANNER-ANALYZERS-NODE-22-008 | TODO | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Produce AOC-compliant observations: entrypoints, components (pkg/native/wasm), edges (esm-import, cjs-require, exports, json, native-addon, wasm, worker) with reason codes/confidence and resolver traces. | SCANNER-ANALYZERS-NODE-22-007 | ||
| SCANNER-ANALYZERS-NODE-22-009 | TODO | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild, QA Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Author fixture suite + performance benchmarks (npm, pnpm, PnP, bundle, electron, worker) with golden outputs and latency budgets. | SCANNER-ANALYZERS-NODE-22-008 | ||
| SCANNER-ANALYZERS-NODE-22-010 | TODO | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild, Signals Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Implement optional runtime evidence hooks (ESM loader, CJS require hook) with path scrubbing and loader ID hashing; emit runtime-* edges. | SCANNER-ANALYZERS-NODE-22-009 | ||
| SCANNER-ANALYZERS-NODE-22-011 | TODO | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild, DevOps Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Package updated analyzer as restart-time plug-in, expose Scanner CLI (stella node *) commands, refresh Offline Kit documentation. |
SCANNER-ANALYZERS-NODE-22-010 | ||
| SCANNER-ANALYZERS-NODE-22-012 | TODO | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Integrate container filesystem adapter (OCI layers, Dockerfile hints) and record NODE_OPTIONS/env warnings. | SCANNER-ANALYZERS-NODE-22-011 | ||
| SCANNER-ANALYZERS-PHP-27-001 | TODO | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Build input normalizer & VFS for PHP projects: merge source trees, composer manifests, vendor/, php.ini/conf.d, .htaccess, FPM configs, container layers. Detect framework/CMS fingerprints deterministically. |
— | SCSA0101 | |
| SCANNER-ANALYZERS-PHP-27-002 | TODO | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Composer/Autoload analyzer: parse composer.json/lock/installed.json, generate package nodes, autoload edges (psr-4/0/classmap/files), bin entrypoints, composer plugins. | SCANNER-ANALYZERS-PHP-27-001 | ||
| SCANNER-ANALYZERS-PHP-27-003 | TODO | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Include/require graph builder: resolve static includes, capture dynamic include patterns, bootstrap chains, merge with autoload edges. | SCANNER-ANALYZERS-PHP-27-002 | ||
| SCANNER-ANALYZERS-PHP-27-004 | TODO | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Runtime capability scanner: detect exec/fs/net/env/serialization/crypto/database usage, stream wrappers, uploads; record evidence snippets. | SCANNER-ANALYZERS-PHP-27-003 | ||
| SCANNER-ANALYZERS-PHP-27-005 | TODO | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | PHAR/Archive inspector: parse phar manifests/stubs, hash files, detect embedded vendor trees and phar:// usage. | SCANNER-ANALYZERS-PHP-27-004 | ||
| SCANNER-ANALYZERS-PHP-27-006 | TODO | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Framework/CMS surface mapper: extract routes, controllers, middleware, CLI/cron entrypoints for Laravel/Symfony/Slim/WordPress/Drupal/Magento. | SCANNER-ANALYZERS-PHP-27-005 | ||
| SCANNER-ANALYZERS-PHP-27-007 | TODO | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Container & extension detector: parse php.ini/conf.d, map extensions to .so/.dll, collect web server/FPM settings, upload limits, disable_functions. | SCANNER-ANALYZERS-PHP-27-006 | ||
| SCANNER-ANALYZERS-PHP-27-008 | TODO | SPRINT_0134_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Produce AOC-compliant observations: entrypoints, packages, extensions, modules, edges (require/autoload), capabilities, routes, configs. | SCANNER-ANALYZERS-PHP-27-002 | ||
| SCANNER-ANALYZERS-PHP-27-009 | TODO | SPRINT_0134_0001_0001_scanner_surface | PHP Analyzer Guild, QA Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Fixture suite + performance benchmarks (Laravel, Symfony, WordPress, legacy, PHAR, container) with golden outputs. | SCANNER-ANALYZERS-PHP-27-007 | ||
| SCANNER-ANALYZERS-PHP-27-010 | TODO | SPRINT_0134_0001_0001_scanner_surface | PHP Analyzer Guild, Signals Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Optional runtime evidence hooks (if provided) to ingest audit logs or opcode cache stats with path hashing. | SCANNER-ANALYZERS-PHP-27-009 | ||
| SCANNER-ANALYZERS-PHP-27-011 | TODO | SPRINT_0134_0001_0001_scanner_surface | PHP Analyzer Guild, DevOps Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Package analyzer plug-in, add CLI (stella php inspect), refresh Offline Kit documentation. |
SCANNER-ANALYZERS-PHP-27-010 | ||
| SCANNER-ANALYZERS-PHP-27-012 | TODO | SPRINT_0134_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Policy signal emitter: extension requirements/presence, dangerous constructs counters, stream wrapper usage, capability summaries. | SCANNER-ANALYZERS-PHP-27-011 | ||
| SCANNER-ANALYZERS-PYTHON-23-001 | TODO | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Build input normalizer & virtual filesystem for wheels, sdists, editable installs, zipapps, site-packages trees, and container roots. Detect Python version targets (pyproject.toml, runtime.txt, Dockerfile) + virtualenv layout deterministically. |
|||
| SCANNER-ANALYZERS-PYTHON-23-002 | TODO | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Entrypoint discovery: module __main__, console_scripts entry points, scripts, zipapp main, manage.py/gunicorn/celery patterns. Capture invocation context (module vs package, argv wrappers). |
SCANNER-ANALYZERS-PYTHON-23-001 | ||
| SCANNER-ANALYZERS-PYTHON-23-003 | TODO | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Static import graph builder using AST and bytecode fallback. Support import, from ... import, relative imports, importlib.import_module, __import__ with literal args, pkgutil.extend_path. |
SCANNER-ANALYZERS-PYTHON-23-002 | ||
| SCANNER-ANALYZERS-PYTHON-23-004 | TODO | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Python resolver engine (importlib semantics) handling namespace packages (PEP 420), package discovery order, .pth files, sys.path composition, zipimport, and site-packages precedence across virtualenv/container roots. |
SCANNER-ANALYZERS-PYTHON-23-003 | ||
| SCANNER-ANALYZERS-PYTHON-23-005 | TODO | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Packaging adapters: pip editable (.egg-link), Poetry/Flit layout, Conda prefix, .dist-info/RECORD cross-check, container layer overlays. |
SCANNER-ANALYZERS-PYTHON-23-004 | ||
| SCANNER-ANALYZERS-PYTHON-23-006 | TODO | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Detect native extensions (*.so, *.pyd), CFFI modules, ctypes loaders, embedded WASM, and runtime capability signals (subprocess, multiprocessing, ctypes, eval). |
SCANNER-ANALYZERS-PYTHON-23-005 | ||
| SCANNER-ANALYZERS-PYTHON-23-007 | TODO | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Framework/config heuristics: Django, Flask, FastAPI, Celery, AWS Lambda handlers, Gunicorn, Click/Typer CLIs, logging configs, pyproject optional dependencies. Tagged as hints only. | SCANNER-ANALYZERS-PYTHON-23-006 | ||
| SCANNER-ANALYZERS-PYTHON-23-008 | TODO | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Produce AOC-compliant observations: entrypoints, components (modules/packages/native), edges (import, namespace, dynamic-hint, native-extension) with reason codes/confidence and resolver traces. | SCANNER-ANALYZERS-PYTHON-23-007 | ||
| SCANNER-ANALYZERS-PYTHON-23-009 | TODO | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild, QA Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Fixture suite + perf benchmarks covering virtualenv, namespace packages, zipapp, editable installs, containers, lambda handler. | SCANNER-ANALYZERS-PYTHON-23-008 | ||
| SCANNER-ANALYZERS-PYTHON-23-010 | TODO | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild, Signals Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Optional runtime evidence: import hook capturing module load events with path scrubbing, optional bytecode instrumentation for importlib hooks, multiprocessing tracer. |
SCANNER-ANALYZERS-PYTHON-23-009 | ||
| SCANNER-ANALYZERS-PYTHON-23-011 | TODO | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild, DevOps Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Package analyzer plug-in, add CLI commands (stella python inspect), refresh Offline Kit documentation. |
SCANNER-ANALYZERS-PYTHON-23-010 | ||
| SCANNER-ANALYZERS-PYTHON-23-012 | TODO | SPRINT_0135_0001_0001_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Container/zipapp adapter enhancements: parse OCI layers for Python runtime, detect PYTHONPATH/PYTHONHOME env, record warnings for sitecustomize/startup hooks. |
SCANNER-ANALYZERS-PYTHON-23-011 | ||
| SCANNER-ANALYZERS-RUBY-28-001 | TODO | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Build input normalizer & VFS for Ruby projects: merge source trees, Gemfile/Gemfile.lock, vendor/bundle, .gem archives, .bundle/config, Rack configs, containers. Detect framework/job fingerprints deterministically. |
|||
| SCANNER-ANALYZERS-RUBY-28-002 | TODO | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Gem & Bundler analyzer: parse Gemfile/Gemfile.lock, vendor specs, .gem archives, produce package nodes (PURLs), dependency edges, bin scripts, Bundler group metadata. | SCANNER-ANALYZERS-RUBY-28-001 | ||
| SCANNER-ANALYZERS-RUBY-28-003 | TODO | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Require/autoload graph builder: resolve static/dynamic require, require_relative, load; infer Zeitwerk autoload paths and Rack boot chain. | SCANNER-ANALYZERS-RUBY-28-002 | ||
| SCANNER-ANALYZERS-RUBY-28-004 | TODO | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Framework surface mapper: extract routes/controllers/middleware for Rails/Rack/Sinatra/Grape/Hanami; inventory jobs/schedulers (Sidekiq, Resque, ActiveJob, whenever, clockwork). | SCANNER-ANALYZERS-RUBY-28-003 | ||
| SCANNER-ANALYZERS-RUBY-28-005 | TODO | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Capability analyzer: detect os-exec, filesystem, network, serialization, crypto, DB usage, TLS posture, dynamic eval; record evidence snippets with file/line. | SCANNER-ANALYZERS-RUBY-28-004 | ||
| SCANNER-ANALYZERS-RUBY-28-006 | TODO | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Rake task & scheduler analyzer: parse Rakefiles/lib/tasks, capture task names/prereqs/shell commands; parse Sidekiq/whenever/clockwork configs into schedules. | SCANNER-ANALYZERS-RUBY-28-005 | ||
| SCANNER-ANALYZERS-RUBY-28-007 | TODO | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Container/runtime scanner: detect Ruby version, installed gems, native extensions, web server configs in OCI layers. | SCANNER-ANALYZERS-RUBY-28-006 | ||
| SCANNER-ANALYZERS-RUBY-28-008 | TODO | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Produce AOC-compliant observations: entrypoints, packages, modules, edges (require/autoload), routes, jobs, tasks, capabilities, configs, warnings. | SCANNER-ANALYZERS-RUBY-28-007 | ||
| SCANNER-ANALYZERS-RUBY-28-009 | TODO | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild, QA Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Fixture suite + performance benchmarks (Rails, Rack, Sinatra, Sidekiq, legacy, .gem, container) with golden outputs. | SCANNER-ANALYZERS-RUBY-28-008 | ||
| SCANNER-ANALYZERS-RUBY-28-010 | TODO | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild, Signals Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Optional runtime evidence integration (if provided logs/metrics) with path hashing, without altering static precedence. | SCANNER-ANALYZERS-RUBY-28-009 | ||
| SCANNER-ANALYZERS-RUBY-28-011 | TODO | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild, DevOps Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Package analyzer plug-in, add CLI (stella ruby inspect), refresh Offline Kit documentation. |
SCANNER-ANALYZERS-RUBY-28-010 | ||
| SCANNER-ANALYZERS-RUBY-28-012 | TODO | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Policy signal emitter: rubygems drift, native extension flags, dangerous constructs counts, TLS verify posture, dynamic require eval warnings. | SCANNER-ANALYZERS-RUBY-28-011 | ||
| SCANNER-BENCH-62-002 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Product Guild (docs) | |||||
| SCANNER-BENCH-62-003 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Product Guild (docs) | |||||
| SCANNER-BENCH-62-004 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Java Analyzer Guild (docs) | |||||
| SCANNER-BENCH-62-005 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Go Analyzer Guild (docs) | |||||
| SCANNER-BENCH-62-006 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Rust Analyzer Guild (docs) | |||||
| SCANNER-BENCH-62-008 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, EntryTrace Guild (docs) | |||||
| SCANNER-BENCH-62-009 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Policy Guild (docs) | |||||
| SCANNER-CLI-0001 | DONE | 2025-11-10 | SPRINT_0138_0001_0001_scanner_ruby_parity | CLI Guild, Ruby Analyzer Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Coordinate CLI UX/help text for new Ruby verbs and update CLI docs/golden outputs. | SCANNER-ENG-0019 | |
| SCANNER-DET-01 | DONE (2025-12-03) | 2025-12-03 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Scanner Guild | Deterministic compose fixtures landed; docs published. | |||
| SCANNER-DOCS-0003 | TODO | SPRINT_327_docs_modules_scanner | Docs Guild, Product Guild (docs/modules/scanner) | docs/modules/scanner | Gather Windows/macOS analyzer demand signals and record findings in docs/benchmarks/scanner/windows-macos-demand.md for marketing + product readiness. |
|||
| SCANNER-EMIT-15-001 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Emit Guild (src/Scanner/__Libraries/StellaOps.Scanner.Emit) | src/Scanner/__Libraries/StellaOps.Scanner.Emit | Enforce canonical JSON (stella.contentHash, Merkle root metadata, zero timestamps) for fragments and composed CycloneDX inventory/usage BOMs. Documented in docs/modules/scanner/deterministic-sbom-compose.md §2.2. |
SCANNER-SURFACE-04 | ||
| SCANNER-ENG-0001 | TODO | SPRINT_327_docs_modules_scanner | Module Team (docs/modules/scanner) | docs/modules/scanner | Cross-check implementation plan milestones against /docs/implplan/SPRINT_*.md and update module readiness checkpoints. |
|||
| SCANNER-ENG-0002 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Scanner Guild, CLI Guild (docs/modules/scanner) | docs/modules/scanner | Design the Node.js lockfile collector + CLI validator per docs/benchmarks/scanner/scanning-gaps-stella-misses-from-competitors.md, capturing Surface + policy requirements before implementation. |
||
| SCANNER-ENG-0003 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Python Analyzer Guild, CLI Guild (docs/modules/scanner) | docs/modules/scanner | Design Python lockfile + editable-install parity checks with policy predicates and CLI workflow coverage as outlined in the gap analysis. | ||
| SCANNER-ENG-0004 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Java Analyzer Guild, CLI Guild (docs/modules/scanner) | docs/modules/scanner | Design Java lockfile ingestion/validation (Gradle/SBT collectors, CLI verb, policy hooks) to close comparison gaps. | ||
| SCANNER-ENG-0005 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Go Analyzer Guild (docs/modules/scanner) | docs/modules/scanner | Enhance Go stripped-binary fallback inference design, including inferred module metadata + policy integration, per the gap analysis. | ||
| SCANNER-ENG-0006 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Rust Analyzer Guild (docs/modules/scanner) | docs/modules/scanner | Expand Rust fingerprint coverage design (enriched fingerprint catalogue + policy controls) per the comparison matrix. | ||
| SCANNER-ENG-0007 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Scanner Guild, Policy Guild (docs/modules/scanner) | docs/modules/scanner | Design the deterministic secret leak detection pipeline covering rule packaging, Policy Engine integration, and CLI workflow. | ||
| SCANNER-ENG-0008 | TODO | SPRINT_0138_0001_0001_scanner_ruby_parity | EntryTrace Guild, QA Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace) | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | Maintain EntryTrace heuristic cadence per docs/benchmarks/scanner/scanning-gaps-stella-misses-from-competitors.md, including quarterly pattern reviews + explain-trace updates. |
|||
| SCANNER-ENG-0009 | DONE | 2025-11-13 | SPRINT_0138_0001_0001_scanner_ruby_parity | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Ruby analyzer parity shipped: runtime graph + capability signals, observation payload, Mongo-backed ruby.packages inventory, CLI/WebService surfaces, and plugin manifest bundles for Worker loadout. |
SCANNER-ANALYZERS-RUBY-28-001..012 | |
| SCANNER-ENG-0010 | TODO | SPRINT_0138_0001_0001_scanner_ruby_parity | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Ship the PHP analyzer pipeline (composer lock, autoload graph, capability signals) to close comparison gaps. | SCANNER-ANALYZERS-PHP-27-001 | ||
| SCANNER-ENG-0011 | TODO | SPRINT_0138_0001_0001_scanner_ruby_parity | Language Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Scope the Deno runtime analyzer (lockfile resolver, import graphs) based on competitor techniques to extend beyond Sprint 130 coverage. | |||
| SCANNER-ENG-0012 | TODO | SPRINT_0138_0001_0001_scanner_ruby_parity | Language Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Dart) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Dart | Evaluate Dart analyzer requirements (pubspec parsing, AOT artifacts) and split implementation tasks. | |||
| SCANNER-ENG-0013 | TODO | SPRINT_0138_0001_0001_scanner_ruby_parity | Swift Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Swift) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Swift | Plan Swift Package Manager coverage (Package.resolved, xcframeworks, runtime hints) with policy hooks. | |||
| SCANNER-ENG-0014 | TODO | SPRINT_0138_0001_0001_scanner_ruby_parity | Runtime Guild, Zastava Guild (docs/modules/scanner) | docs/modules/scanner | Align Kubernetes/VM target coverage between Scanner and Zastava per comparison findings; publish joint roadmap. | |||
| SCANNER-ENG-0015 | DONE | 2025-11-13 | SPRINT_0138_0001_0001_scanner_ruby_parity | Export Center Guild, Scanner Guild (docs/modules/scanner) | docs/modules/scanner | DSSE/Rekor operator playbook published (docs/modules/scanner/operations/dsse-rekor-operator-guide.md) with config/env tables, rollout phases, runbook snippets, offline verification steps, and SLA/alert guidance. |
||
| SCANNER-ENG-0016 | DONE | 2025-11-10 | SPRINT_0138_0001_0001_scanner_ruby_parity | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | RubyLockCollector and vendor ingestion finalized: Bundler config overrides honoured, workspace lockfiles merged, vendor bundles normalised, and deterministic fixtures added. | SCANNER-ENG-0009 | |
| SCANNER-ENG-0017 | DONE | 2025-11-09 | SPRINT_0138_0001_0001_scanner_ruby_parity | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Build the runtime require/autoload graph builder with tree-sitter Ruby per design §4.4 and integrate EntryTrace hints. | SCANNER-ENG-0016 | |
| SCANNER-ENG-0018 | DONE | 2025-11-09 | SPRINT_0138_0001_0001_scanner_ruby_parity | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Emit Ruby capability + framework surface signals as defined in design §4.5 with policy predicate hooks. | SCANNER-ENG-0017 | |
| SCANNER-ENG-0019 | DONE | 2025-11-13 | SPRINT_0138_0001_0001_scanner_ruby_parity | Ruby Analyzer Guild, CLI Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Ruby CLI verbs now resolve inventories by scan ID, digest, or image reference; Scanner.WebService fallbacks + CLI client encoding ensure --image works for both digests and tagged references, and tests cover the new lookup flow. |
SCANNER-ENG-0016..0018 | |
| SCANNER-ENG-0020 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (docs/modules/scanner) | docs/modules/scanner | Implement Homebrew collector & fragment mapper per design/macos-analyzer.md §3.1. |
|||
| SCANNER-ENG-0021 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (docs/modules/scanner) | docs/modules/scanner | Implement pkgutil receipt collector per design/macos-analyzer.md §3.2. |
|||
| SCANNER-ENG-0022 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Policy Guild (docs/modules/scanner) | docs/modules/scanner | Implement macOS bundle inspector & capability overlays per design/macos-analyzer.md §3.3. |
|||
| SCANNER-ENG-0023 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Offline Kit Guild, Policy Guild (docs/modules/scanner) | docs/modules/scanner | Deliver macOS policy/offline integration per design/macos-analyzer.md §5–6. |
|||
| SCANNER-ENG-0024 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (docs/modules/scanner) | docs/modules/scanner | Implement Windows MSI collector per design/windows-analyzer.md §3.1. |
|||
| SCANNER-ENG-0025 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (docs/modules/scanner) | docs/modules/scanner | Implement WinSxS manifest collector per design/windows-analyzer.md §3.2. |
|||
| SCANNER-ENG-0026 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (docs/modules/scanner) | docs/modules/scanner | Implement Windows Chocolatey & registry collectors per design/windows-analyzer.md §3.3–3.4. |
|||
| SCANNER-ENG-0027 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Policy Guild, Offline Kit Guild (docs/modules/scanner) | docs/modules/scanner | Deliver Windows policy/offline integration per design/windows-analyzer.md §5–6. |
|||
| SCANNER-ENTRYTRACE-18-502 | TODO | SPRINT_0135_0001_0001_scanner_surface | EntryTrace Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace) | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | Expand chain walker with init shim/user-switch/supervisor recognition plus env/workdir accumulation and guarded edges. | SCANNER-ENTRYTRACE-18-508 | ||
| SCANNER-ENTRYTRACE-18-503 | TODO | SPRINT_0135_0001_0001_scanner_surface | EntryTrace Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace) | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | Introduce target classifier + EntryPlan handoff with confidence scoring for ELF/Java/.NET/Node/Python and user/workdir context. | SCANNER-ENTRYTRACE-18-502 | ||
| SCANNER-ENTRYTRACE-18-504 | TODO | SPRINT_0136_0001_0001_scanner_surface | EntryTrace Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace) | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | Emit EntryTrace AOC NDJSON (entrytrace.entry/node/edge/target/warning/capability) and wire CLI/service streaming outputs. |
SCANNER-ENTRYTRACE-18-503 | ||
| SCANNER-ENTRYTRACE-18-505 | TODO | SPRINT_0136_0001_0001_scanner_surface | EntryTrace Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace) | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | Implement process-tree replay (ProcGraph) to reconcile /proc exec chains with static EntryTrace results, collapsing wrappers and emitting agreement/conflict diagnostics. |
SCANNER-ENTRYTRACE-18-504 | ||
| SCANNER-ENTRYTRACE-18-506 | TODO | SPRINT_0136_0001_0001_scanner_surface | EntryTrace Guild, Scanner WebService Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace) | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | Surface EntryTrace graph + confidence via Scanner.WebService and CLI, including target summary in scan reports and policy payloads. | SCANNER-ENTRYTRACE-18-505 | SCSS0102 | |
| SCANNER-ENV-01 | TODO (2025-11-06) | 2025-11-06 | SPRINT_0136_0001_0001_scanner_surface | Scanner Worker Guild | src/Scanner/StellaOps.Scanner.Worker | Replace ad-hoc environment reads with StellaOps.Scanner.Surface.Env helpers for cache roots and CAS endpoints. |
— | SCDE0101 |
| SCANNER-ENV-02 | TODO (2025-11-06) | 2025-11-06 | SPRINT_0136_0001_0001_scanner_surface | Scanner WebService Guild · Ops Guild | src/Scanner/StellaOps.Scanner.WebService | Wire Surface.Env helpers into WebService hosting (cache roots, feature flags) and document configuration. | SCANNER-ENV-01 | SCDE0102 |
| SCANNER-ENV-03 | TODO | SPRINT_0136_0001_0001_scanner_surface | BuildX Plugin Guild | src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin | Adopt Surface.Env helpers for plugin configuration (cache roots, CAS endpoints, feature toggles). | SCANNER-ENV-02 | SCBX0101 | |
| SCANNER-EVENTS-16-301 | BLOCKED (2025-10-26) | 2025-10-26 | SPRINT_0136_0001_0001_scanner_surface | Scanner WebService Guild (src/Scanner/StellaOps.Scanner.WebService) |
src/Scanner/StellaOps.Scanner.WebService | Emit orchestrator-compatible envelopes (scanner.event.*) and update integration tests to verify Notifier ingestion (no Redis queue coupling). |
EVENTS-16-301 | SCEV0101 |
| SCANNER-GRAPH-21-001 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner WebService Guild, Cartographer Guild (src/Scanner/StellaOps.Scanner.WebService) | src/Scanner/StellaOps.Scanner.WebService | Provide webhook/REST endpoint for Cartographer to request policy overlays and runtime evidence for graph nodes, ensuring determinism and tenant scoping. | |||
| SCANNER-LIC-0001 | DONE | 2025-11-10 | SPRINT_0138_0001_0001_scanner_ruby_parity | Scanner Guild, Legal Guild (docs/modules/scanner) | docs/modules/scanner | Tree-sitter licensing captured, NOTICE.md updated, and Offline Kit now mirrors third-party-licenses/ with ruby artifacts. |
SCANNER-ENG-0016 | |
| SCANNER-LNM-21-001 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner WebService Guild, Policy Guild (src/Scanner/StellaOps.Scanner.WebService) | src/Scanner/StellaOps.Scanner.WebService | Update /reports and /policy/runtime payloads to consume advisory/vex linksets, exposing source severity arrays and conflict summaries alongside effective verdicts. |
|||
| SCANNER-LNM-21-002 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner WebService Guild, UI Guild (src/Scanner/StellaOps.Scanner.WebService) | src/Scanner/StellaOps.Scanner.WebService | Add evidence endpoint for Console to fetch linkset summaries with policy overlay for a component/SBOM, including AOC references. | SCANNER-LNM-21-001 | ||
| SCANNER-NATIVE-401-015 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Scanner Worker Guild | src/Scanner/__Libraries/StellaOps.Scanner.Symbols.Native, src/Scanner/__Libraries/StellaOps.Scanner.CallGraph.Native |
Stand up StellaOps.Scanner.Symbols.Native + StellaOps.Scanner.CallGraph.Native (ELF/PE readers, demanglers, probabilistic carving) and publish FuncNode/CallEdge CAS bundles consumed by reachability graphs. |
Requires CAS schema approval from GAPG0101 | SCNA0101 | |
| SCANNER-OPS-0001 | TODO | SPRINT_327_docs_modules_scanner | Ops Guild (docs/modules/scanner) | docs/modules/scanner | Review scanner runbooks/observability assets after the next sprint demo and capture findings inline with sprint notes. | |||
| SCANNER-POLICY-0001 | DONE | 2025-11-10 | SPRINT_0138_0001_0001_scanner_ruby_parity | Policy Guild, Ruby Analyzer Guild (docs/modules/scanner) | docs/modules/scanner | Ruby predicates shipped: Policy Engine exposes sbom.any_component + ruby.*, tests updated, DSL/offline-kit docs refreshed. |
SCANNER-ENG-0018 | |
| SCANNER-SECRETS-03 | TODO | SPRINT_0136_0001_0001_scanner_surface | BuildX Plugin Guild, Security Guild (src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin) | src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin | Use Surface.Secrets to retrieve registry credentials when interacting with CAS/referrers. | SCANNER-SECRETS-02 | ||
| SCANNER-SORT-02 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Core Guild (src/Scanner/__Libraries/StellaOps.Scanner.Core) | src/Scanner/__Libraries/StellaOps.Scanner.Core | Sort layer fragments by digest and components by identity.purl/identity.key before composition; add determinism regression tests. |
SCANNER-EMIT-15-001 | ||
| SCANNER-SURFACE-04 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Worker Guild (src/Scanner/StellaOps.Scanner.Worker) | src/Scanner/StellaOps.Scanner.Worker | DSSE-sign every layer.fragments payload, emit _composition.json, and persist DSSE envelopes so offline kits can replay deterministically (see docs/modules/scanner/deterministic-sbom-compose.md §2.1). |
SCANNER-SURFACE-01; SURFACE-FS-03 | ||
| SCHED-IMPACT-16-303 | DONE | SPRINT_0155_0001_0001_scheduler_i | Scheduler ImpactIndex Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.ImpactIndex) | src/Scheduler/__Libraries/StellaOps.Scheduler.ImpactIndex | Snapshot/compaction + invalidation for removed images; persistence to RocksDB/Redis per architecture. | |||
| SCHED-SURFACE-01 | TODO | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Evaluate Surface.FS pointers when planning delta scans to avoid redundant work and prioritise drift-triggered assets. | |||
| SCHED-SURFACE-02 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scheduler Worker Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Integrate Scheduler worker prefetch using Surface manifest reader and persist manifest pointers with rerun plans. | SURFACE-FS-02; SCHED-SURFACE-01 | ||
| SCHED-VULN-29-001 | DONE | SPRINT_0155_0001_0001_scheduler_i | Scheduler WebService Guild, Findings Ledger Guild (src/Scheduler/StellaOps.Scheduler.WebService) | src/Scheduler/StellaOps.Scheduler.WebService | Expose resolver job APIs (POST /vuln/resolver/jobs, GET /vuln/resolver/jobs/{id}) to trigger candidate recomputation per artifact/policy change with RBAC and rate limits. |
|||
| SCHED-VULN-29-002 | TODO | SPRINT_0155_0001_0001_scheduler_i | Scheduler WebService Guild, Observability Guild (src/Scheduler/StellaOps.Scheduler.WebService) | src/Scheduler/StellaOps.Scheduler.WebService | Provide projector lag metrics endpoint and webhook notifications for backlog breaches consumed by DevOps dashboards. Dependencies: SCHED-VULN-29-001. | |||
| SCHED-WEB-20-002 | TODO | SPRINT_0155_0001_0001_scheduler_i | Scheduler WebService Guild (src/Scheduler/StellaOps.Scheduler.WebService) | src/Scheduler/StellaOps.Scheduler.WebService | Provide simulation trigger endpoint returning diff preview metadata and job state for UI/CLI consumption. | |||
| SCHED-WORKER-21-203 | DONE | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Export metrics (graph_build_seconds, graph_jobs_inflight, overlay_lag_seconds) and structured logs with tenant/graph identifiers. |
|||
| SCHED-WORKER-23-101 | TODO | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Implement policy re-evaluation worker that shards assets, honours rate limits, and updates progress for Console after policy activation events. Dependencies: SCHED-WORKER-21-203. | |||
| SCHED-WORKER-23-102 | TODO | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Add reconciliation job ensuring re-eval completion within SLA, emitting alerts on backlog and persisting status to policy_runs. Dependencies: SCHED-WORKER-23-101. |
|||
| SCHED-WORKER-25-101 | TODO | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Implement exception lifecycle worker handling auto-activation/expiry and publishing exception.* events with retries/backoff. Dependencies: SCHED-WORKER-23-102. |
|||
| SCHED-WORKER-25-102 | TODO | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Add expiring notification job generating digests, marking expiring state, updating metrics/alerts. Dependencies: SCHED-WORKER-25-101. |
|||
| SCHED-WORKER-26-201 | TODO | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild, Signals Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Build reachability joiner worker that combines SBOM snapshots with signals, writes cached facts, and schedules updates on new events. Dependencies: SCHED-WORKER-25-102. | |||
| SCHED-WORKER-26-202 | TODO | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Implement staleness monitor + notifier for outdated reachability facts, publishing warnings and updating dashboards. Dependencies: SCHED-WORKER-26-201. | |||
| SCHED-WORKER-27-301 | TODO | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Policy Registry Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Implement policy batch simulation worker: shard SBOM inventories, invoke Policy Engine, emit partial results, handle retries/backoff, and publish progress events. Dependencies: SCHED-WORKER-26-202. | |||
| SCHED-WORKER-27-302 | TODO | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Build reducer job aggregating shard outputs into final manifests (counts, deltas, samples) and writing to object storage with checksums; emit completion events. Dependencies: SCHED-WORKER-27-301. | |||
| SCHED-WORKER-27-303 | TODO | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Security Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Enforce tenant isolation, scope checks, and attestation integration for simulation jobs; secret scanning pipeline for uploaded policy sources. Dependencies: SCHED-WORKER-27-302. | |||
| SCHED-WORKER-29-001 | TODO | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Findings Ledger Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Implement resolver worker generating candidate findings from inventory + advisory evidence, respecting ecosystem version semantics and path scope; emit jobs for policy evaluation. Dependencies: SCHED-WORKER-27-303. | |||
| SCHED-WORKER-29-002 | TODO | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Build evaluation orchestration worker invoking Policy Engine batch eval, writing results to Findings Ledger projector queue, and handling retries/backoff. Dependencies: SCHED-WORKER-29-001. | |||
| SCHED-WORKER-29-003 | TODO | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Add monitoring for resolver/evaluation backlog, SLA breaches, and export job queue; expose metrics/alerts feeding DevOps dashboards. Dependencies: SCHED-WORKER-29-002. | |||
| SCHED-WORKER-CONSOLE-23-201 | TODO | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Stream run progress events (stage status, tuples processed, SLA hints) to Redis/NATS for Console SSE, with heartbeat, dedupe, and retention policy. Publish metrics + structured logs for queue lag. | |||
| SCHED-WORKER-CONSOLE-23-202 | TODO | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Coordinate evidence bundle jobs (enqueue, track status, cleanup) and expose job manifests to Web gateway; ensure idempotent reruns and cancellation support. Dependencies: SCHED-WORKER-CONSOLE-23-201. | |||
| SCHEDULER-DOCS-0001 | DONE | SPRINT_0328_0001_0001_docs_modules_scheduler | Docs Guild (docs/modules/scheduler) | docs/modules/scheduler | See ./AGENTS.md | |||
| SCHEDULER-ENG-0001 | DONE | SPRINT_0328_0001_0001_docs_modules_scheduler | Module Team (docs/modules/scheduler) | docs/modules/scheduler | Update status via ./AGENTS.md workflow | |||
| SCHEDULER-OPS-0001 | DONE | SPRINT_0328_0001_0001_docs_modules_scheduler | Ops Guild (docs/modules/scheduler) | docs/modules/scheduler | Sync outcomes back to ../.. | |||
| SCHEMA-401-024 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild (src/Signals/StellaOps.Signals, docs/uncertainty/README.md) |
src/Signals/StellaOps.Signals, docs/uncertainty/README.md |
||||
| SCORER-401-025 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild (src/Signals/StellaOps.Signals.Application, docs/uncertainty/README.md) |
src/Signals/StellaOps.Signals.Application, docs/uncertainty/README.md |
||||
| SCORING-401-003 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild (src/Signals/StellaOps.Signals) |
src/Signals/StellaOps.Signals |
||||
| SDK-62-001 | TODO | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild, SDK Generator Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | ||||
| SDK-62-002 | TODO | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | ||||
| SDK-63-001 | TODO | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild, API Governance Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | ||||
| SDK-64-001 | TODO | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild, SDK Release Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | ||||
| SDKGEN-62-001 | TODO | SPRINT_0208_0001_0001_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | Choose/pin generator toolchain, set up language template pipeline, and enforce reproducible builds. | DEVL0101 portal contracts | SDKG0101 | |
| SDKGEN-62-002 | TODO | SPRINT_0208_0001_0001_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | Implement shared post-processing (auth helpers, retries, pagination utilities, telemetry hooks) applied to all languages. Dependencies: SDKGEN-62-001. | SDKGEN-62-001 | SDKG0101 | |
| SDKGEN-63-001 | BLOCKED (2025-11-26) | 2025-11-26 | SPRINT_0208_0001_0001_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | Ship TypeScript SDK alpha with ESM/CJS builds, typed errors, paginator, streaming helpers. Dependencies: SDKGEN-62-002. | 63-004 | SDKG0101 |
| SDKGEN-63-002 | TODO | SPRINT_0208_0001_0001_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | Ship Python SDK alpha (sync/async clients, type hints, upload/download helpers). Dependencies: SDKGEN-63-001. | SDKGEN-63-001 | SDKG0101 | |
| SDKGEN-63-003 | TODO | SPRINT_0208_0001_0001_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | Ship Go SDK alpha with context-first API and streaming helpers. Dependencies: SDKGEN-63-002. | SDKGEN-63-002 | SDKG0101 | |
| SDKGEN-63-004 | TODO | SPRINT_0208_0001_0001_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | Ship Java SDK alpha (builder pattern, HTTP client abstraction). Dependencies: SDKGEN-63-003. | SDKGEN-63-003 | SDKG0101 | |
| SDKGEN-64-001 | TODO | SPRINT_0208_0001_0001_sdk | SDK Generator Guild · CLI Guild | src/Sdk/StellaOps.Sdk.Generator | Switch CLI to consume TS or Go SDK; ensure parity. Dependencies: SDKGEN-63-004. | SDKGEN-63-004 | SDKG0101 | |
| SDKGEN-64-002 | TODO | SPRINT_0208_0001_0001_sdk | SDK Generator Guild · Console Guild | src/Sdk/StellaOps.Sdk.Generator | Integrate SDKs into Console data providers where feasible. Dependencies: SDKGEN-64-001. | SDKGEN-64-001 | SDKG0101 | |
| SDKREL-63-001 | TODO | SPRINT_0208_0001_0001_sdk | SDK Release Guild (src/Sdk/StellaOps.Sdk.Release) | src/Sdk/StellaOps.Sdk.Release | Configure CI pipelines for npm, PyPI, Maven Central staging, and Go proxies with signing and provenance attestations. | |||
| SDKREL-63-002 | TODO | SPRINT_0208_0001_0001_sdk | SDK Release Guild, API Governance Guild (src/Sdk/StellaOps.Sdk.Release) | src/Sdk/StellaOps.Sdk.Release | Integrate changelog automation pulling from OAS diffs and generator metadata. Dependencies: SDKREL-63-001. | |||
| SDKREL-64-001 | TODO | SPRINT_0208_0001_0001_sdk | SDK Release Guild, Notifications Guild (src/Sdk/StellaOps.Sdk.Release) | src/Sdk/StellaOps.Sdk.Release | Hook SDK releases into Notifications Studio with scoped announcements and RSS/Atom feeds. Dependencies: SDKREL-63-002. | |||
| SDKREL-64-002 | TODO | SPRINT_0208_0001_0001_sdk | SDK Release Guild, Export Center Guild (src/Sdk/StellaOps.Sdk.Release) | src/Sdk/StellaOps.Sdk.Release | Add devportal --offline bundle job packaging docs, specs, SDK artifacts for air-gapped users. Dependencies: SDKREL-64-001. |
|||
| SEC-62-001 | TODO | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild, Authority Core (docs) | |||||
| SEC-CRYPTO-90-001 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Produce the RootPack_RU implementation plan, provider strategy (CryptoPro + PKCS#11), and backlog split for sovereign crypto work. | ||
| SEC-CRYPTO-90-002 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Extend signature/catalog constants and configuration schema to recognize GOST12-256/512, regional crypto profiles, and provider preference ordering. |
||
| SEC-CRYPTO-90-003 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Implement StellaOps.Cryptography.Plugin.CryptoPro provider (sign/verify/JWK export) using CryptoPro CSP with deterministic logging/tests. |
||
| SEC-CRYPTO-90-004 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Implement StellaOps.Cryptography.Plugin.Pkcs11Gost provider (Rutoken/JaCarta) via Pkcs11Interop with configurable slot/pin/module handling. |
||
| SEC-CRYPTO-90-005 | DONE | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Add configuration-driven provider selection (crypto.regionalProfiles), CLI diagnostics, and telemetry. |
||
| SEC-CRYPTO-90-006 | DONE | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Build deterministic Streebog/signature harnesses and RootPack audit metadata/runbooks. | ||
| SEC-CRYPTO-90-007 | DONE | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Package RootPack_RU artifacts (plugins, trust anchors, configs) with deployment documentation. | ||
| SEC-CRYPTO-90-008 | DONE | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Audit repository for direct crypto usage bypassing the new abstractions and file remediation tasks. | ||
| SEC-CRYPTO-90-009 | DONE | 2025-11-09 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro) | src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro | Replace the placeholder CryptoPro plug-in with a true CryptoPro CSP implementation (GostCryptography, certificate-store lookup, DER/raw normalization) so RootPack_RU exposes a qualified-signature path. | ||
| SEC-CRYPTO-90-010 | DONE | 2025-11-09 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography + .DependencyInjection) | src/__Libraries/StellaOps.Cryptography + .DependencyInjection | Introduce StellaOpsCryptoOptions / configuration binding for registry profiles/keys and ship an AddStellaOpsCryptoRu(IConfiguration, …) helper so hosts can enable ru-offline via YAML without custom code. |
||
| SEC-CRYPTO-90-011 | DONE | 2025-11-09 | SPRINT_514_sovereign_crypto_enablement | Security & Ops Guilds (src/Tools/StellaOps.CryptoRu.Cli) | src/Tools/StellaOps.CryptoRu.Cli | Build the sovereign crypto CLI (StellaOps.CryptoRu.Cli) to list keys, perform test-sign operations, and emit determinism/audit snapshots referenced in the RootPack docs. |
||
| SEC-CRYPTO-90-012 | BLOCKED (2025-11-27) | Env-gated; no CryptoPro/PKCS#11 runner available | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/__Tests/StellaOps.Cryptography.Tests) | src/__Libraries/__Tests/StellaOps.Cryptography.Tests | Add CryptoPro + PKCS#11 integration tests (env/pin gated) and wire them into scripts/crypto/run-rootpack-ru-tests.sh, covering Streebog vectors and DER/raw signatures. |
||
| SEC-CRYPTO-90-013 | BLOCKED (2025-11-27) | Depends on SEC-CRYPTO-90-021 registry wiring | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Extend the shared crypto stack with sovereign symmetric algorithms (Magma/Kuznyechik) so exports/data-at-rest can request Russian ciphers via the provider registry. | SEC-CRYPTO-90-021 | |
| SEC-CRYPTO-90-014 | TODO | SPRINT_514_sovereign_crypto_enablement | Security + Service Guilds | Update runtime hosts (Authority, Scanner WebService/Worker, Concelier, etc.) to register the RU providers, bind StellaOps:Crypto profiles, and expose configuration toggles per the new options model. |
Wait for AUIN0101 approvals | CRSA0101 | ||
| SEC-CRYPTO-90-015 | TODO | SPRINT_514_sovereign_crypto_enablement | Security + Docs Guild | docs/security/rootpack_ru_*.md | Refresh RootPack/validation documentation once the CLI/config/tests exist (remove TODO callouts, document final workflows). | Depends on #1 | CRSA0101 | |
| SEC-CRYPTO-90-016 | DONE | 2025-11-09 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography.DependencyInjection + .Plugin.CryptoPro) | src/__Libraries/StellaOps.Cryptography.DependencyInjection + .Plugin.CryptoPro | Quarantine CryptoPro dependencies by default until IT.GostCryptography is patched; add MSBuild flag StellaOpsEnableCryptoPro and follow-up plan to re-enable the plug-in once a safe package exists. |
||
| SEC-CRYPTO-90-017 | TODO | SPRINT_514_sovereign_crypto_enablement | Security Guild | third_party/forks + src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro | Vendor third_party/forks/AlexMAS.GostCryptography into the solution build (solution filters, Directory.Build props, CI) so the library compiles with the rest of the repo and publishes artifacts for downstream consumers. |
Needs third_party fork sync | CRSA0101 | |
| SEC-CRYPTO-90-018 | TODO | SPRINT_514_sovereign_crypto_enablement | Security + Docs Guild | docs/security/rootpack_ru_*.md, docs/dev/crypto.md | Update developer/RootPack documentation to describe the new fork, sync steps, and licensing so operators know where the CryptoPro sources live and how to refresh them. | Depends on #3 | CRSA0101 | |
| SEC-CRYPTO-90-019 | TODO | SPRINT_514_sovereign_crypto_enablement | Security Guild | third_party/forks/AlexMAS.GostCryptography | Patch the fork to drop vulnerable System.Security.Cryptography.{Pkcs,Xml} 6.0.0 dependencies (target .NET 8+, adopt fixed BCL packages, re-run tests). |
Needs fork validation | CRSA0101 | |
| SEC-CRYPTO-90-020 | TODO | SPRINT_514_sovereign_crypto_enablement | Security Guild | src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro | Re-point StellaOps.Cryptography.Plugin.CryptoPro to the forked sources (replace NuGet package references, adjust DI wiring) and prove the plugin works end-to-end. |
Depends on #5 | CRSA0101 | |
| SEC-CRYPTO-90-021 | BLOCKED (2025-11-27) | Windows CSP runner pending (depends on 90-020) | SPRINT_514_sovereign_crypto_enablement | Security + QA Guilds | scripts/crypto/**, docs/security/rootpack_ru_validation.md | Validate the forked library + plugin on both Windows (CryptoPro CSP) and Linux (OpenSSL GOST fallback) builds/tests; document any platform-specific prerequisites. | Depends on #6 | CRSA0101 |
| SEC-OBS-50-001 | TODO | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild, Security Guild (docs) | |||||
| SEC2 | DONE | 2025-11-09 | SPRINT_100_identity_signing | Security Guild, Storage Guild (src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard) | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard | |||
| SEC3 | DONE | 2025-11-09 | SPRINT_100_identity_signing | Security Guild, BE-Auth Plugin (src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard) | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard | |||
| SEC5 | DONE | 2025-11-09 | SPRINT_100_identity_signing | Security Guild (src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard) | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard | |||
| SECRETS-01 | DOING | 2025-11-02 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Security Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | |||
| SECRETS-02 | DOING | 2025-11-02 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | SURFACE-SECRETS-01 | ||
| SECRETS-03 | TODO | SPRINT_0136_0001_0001_scanner_surface | BuildX Plugin Guild · Security Guild | src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin | SCANNER-SECRETS-02 | SCANNER-SECRETS-02 | SCBX0101 | |
| SECRETS-04 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | SURFACE-SECRETS-02 | |||
| SECRETS-05 | TODO | SPRINT_0136_0001_0001_scanner_surface | Zastava Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | SURFACE-SECRETS-02 | |||
| SECRETS-06 | TODO | SPRINT_0136_0001_0001_scanner_surface | Ops Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | SURFACE-SECRETS-03 | |||
| SERVER-401-011 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Symbols Guild (src/Symbols/StellaOps.Symbols.Server) |
src/Symbols/StellaOps.Symbols.Server |
||||
| SERVICE-21-001 | BLOCKED | SPRINT_0140_0001_0001_runtime_signals | ||||||
| SERVICE-21-002 | BLOCKED | SPRINT_0140_0001_0001_runtime_signals | ||||||
| SERVICE-21-003 | BLOCKED | SPRINT_0140_0001_0001_runtime_signals | ||||||
| SERVICE-21-004 | BLOCKED | SPRINT_0140_0001_0001_runtime_signals | ||||||
| SERVICE-23-001 | TODO | SPRINT_0140_0001_0001_runtime_signals | ||||||
| SERVICE-23-002 | TODO | SPRINT_0140_0001_0001_runtime_signals | ||||||
| SERVICE-DOCS-0001 | TODO | SPRINT_0326_0001_0001_docs_modules_registry | Docs Guild (docs/modules/registry) | docs/modules/registry | ||||
| SERVICE-ENG-0001 | TODO | SPRINT_0326_0001_0001_docs_modules_registry | Module Team (docs/modules/registry) | docs/modules/registry | ||||
| SERVICE-OPS-0001 | TODO | SPRINT_0326_0001_0001_docs_modules_registry | Ops Guild (docs/modules/registry) | docs/modules/registry | ||||
| SIG-003 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild (src/Signals/StellaOps.Signals, docs/reachability/function-level-evidence.md) |
src/Signals/StellaOps.Signals, docs/reachability/function-level-evidence.md |
||||
| SIG-26-001 | TODO | SPRINT_115_concelier_iv | Concelier Core Guild, Signals Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | ||||
| SIG-26-002 | TODO | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | ||||
| SIG-26-003 | TODO | SPRINT_0211_0001_0003_ui_iii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | ||||
| SIG-26-004 | TODO | SPRINT_0211_0001_0003_ui_iii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | ||||
| SIG-26-005 | TODO | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild, UI Guild (docs) | |||||
| SIG-26-006 | TODO | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild, DevEx/CLI Guild (docs) | |||||
| SIG-26-007 | TODO | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild, BE-Base Platform Guild (docs) | |||||
| SIG-26-008 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, DevOps Guild (docs) | |||||
| SIG-STORE-401-016 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild · BE-Base Platform Guild (src/Signals/StellaOps.Signals, src/__Libraries/StellaOps.Replay.Core) |
src/Signals/StellaOps.Signals, src/__Libraries/StellaOps.Replay.Core |
Introduce shared reachability store collections (func_nodes, call_edges, cve_func_hits), indexes, and repository APIs so Scanner/Signals/Policy can reuse canonical function data. |
|||
| SIGN-CORE-186-004 | DONE | 2025-11-26 | SPRINT_0186_0001_0001_record_deterministic_execution | Signing Guild | src/Signer/StellaOps.Signer, src/__Libraries/StellaOps.Cryptography |
Replace the HMAC demo implementation in StellaOps.Signer with StellaOps.Cryptography providers (keyless + KMS), including provider selection, key material loading, and cosign-compatible DSSE signature output. |
Mirrors #1 | SIGR0101 |
| SIGN-CORE-186-005 | DONE | 2025-11-26 | SPRINT_0186_0001_0001_record_deterministic_execution | Signing Guild | src/Signer/StellaOps.Signer.Core |
Refactor SignerStatementBuilder to support StellaOps predicate types (e.g., stella.ops/promotion@v1) and delegate payload canonicalisation to the Provenance library once available. |
Mirrors #2 | SIGR0101 |
| SIGN-REPLAY-186-003 | TODO | SPRINT_0186_0001_0001_record_deterministic_execution | Signing Guild (src/Signer/StellaOps.Signer, src/Authority/StellaOps.Authority) |
src/Signer/StellaOps.Signer, src/Authority/StellaOps.Authority |
Extend Signer/Authority DSSE flows to cover replay manifest/bundle payload types with multi-profile support; refresh docs/modules/signer/architecture.md and docs/modules/authority/architecture.md to capture the new signing/verification path referencing docs/replay/DETERMINISTIC_REPLAY.md Section 5. |
|||
| SIGN-TEST-186-006 | DONE | 2025-11-26 | SPRINT_0186_0001_0001_record_deterministic_execution | Signing Guild, QA Guild (src/Signer/StellaOps.Signer.Tests) |
src/Signer/StellaOps.Signer.Tests |
Upgrade signer integration tests to run against the real crypto abstraction and fixture predicates (promotion, SBOM, replay), replacing stub tokens/digests with deterministic test data. | ||
| SIGN-VEX-401-018 | DONE | 2025-11-26 | SPRINT_0401_0001_0001_reachability_evidence_chain | Signing Guild (src/Signer/StellaOps.Signer, docs/modules/signer/architecture.md) |
src/Signer/StellaOps.Signer, docs/modules/signer/architecture.md |
Extend Signer predicate catalog with stella.ops/vexDecision@v1, enforce payload policy, and plumb DSSE/Rekor integration for policy decisions. |
||
| SIGNALS-24-001 | DONE | 2025-11-09 | SPRINT_0140_0001_0001_runtime_signals | Host skeleton, RBAC, sealed-mode readiness, /signals/facts/{subject} retrieval, and readiness probes merged; serves as base for downstream ingestion. |
||||
| SIGNALS-24-002 | DOING | 2025-11-07 | SPRINT_0140_0001_0001_runtime_signals | Callgraph ingestion + retrieval APIs are live, but CAS promotion and signed manifest publication remain; cannot close until reachability jobs can trust stored graphs. | ||||
| SIGNALS-24-003 | DOING | 2025-11-09 | SPRINT_0140_0001_0001_runtime_signals | Runtime facts ingestion accepts JSON/NDJSON and gzip streams; provenance/context enrichment and NDJSON-to-AOC wiring still outstanding. | ||||
| SIGNALS-24-004 | BLOCKED | 2025-10-27 | SPRINT_0140_0001_0001_runtime_signals | 24-002/003 | Reachability scoring waits on complete ingestion feeds (24-002/003) plus Authority scope validation. | |||
| SIGNALS-24-005 | BLOCKED | 2025-10-27 | SPRINT_0140_0001_0001_runtime_signals | Cache + signals.fact.updated events depend on scoring outputs; remains idle until 24-004 unblocks. |
||||
| SIGNALS-REACH-201-003 | DOING | 2025-11-08 | SPRINT_400_runtime_facts_static_callgraph_union | Signals Guild (src/Signals/StellaOps.Signals) |
src/Signals/StellaOps.Signals |
Extend Signals ingestion to accept the new multi-language graphs + runtime facts, normalize into reachability_graphs CAS layout, and expose retrieval APIs for Policy/CLI. |
||
| SIGNALS-REACH-201-004 | DOING | 2025-11-08 | SPRINT_400_runtime_facts_static_callgraph_union | Signals Guild · Policy Guild (src/Signals/StellaOps.Signals, src/Policy/StellaOps.Policy.Engine) |
src/Signals/StellaOps.Signals, src/Policy/StellaOps.Policy.Engine |
Build the reachability scoring engine (state/score/confidence), wire Redis caches + signals.fact.updated events, and integrate reachability weights defined in docs/11_DATA_SCHEMAS.md. |
||
| SIGNALS-RUNTIME-401-002 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild (src/Signals/StellaOps.Signals) |
src/Signals/StellaOps.Signals |
Ship /signals/runtime-facts ingestion for NDJSON (and gzip) batches, dedupe hits, and link runtime evidence CAS URIs to callgraph nodes. Include retention + RBAC tests. |
|||
| SIGNALS-SCORING-401-003 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild (src/Signals/StellaOps.Signals) |
src/Signals/StellaOps.Signals |
Extend ReachabilityScoringService with deterministic scoring (static path +0.50, runtime hits +0.30/+0.10 sink, guard penalties, reflection penalty, floor 0.05), persist reachability labels (reachable/conditional/unreachable) and expose /graphs/{scanId} CAS lookups. |
|||
| SIGNER-DOCS-0001 | DONE | 2025-11-05 | SPRINT_0329_0001_0001_docs_modules_signer | Docs Guild (docs/modules/signer) | docs/modules/signer | Validate that docs/modules/signer/README.md captures the latest DSSE/fulcio updates. |
||
| SIGNER-ENG-0001 | DONE | 2025-11-26 | SPRINT_0329_0001_0001_docs_modules_signer | Module Team (docs/modules/signer) | docs/modules/signer | Keep module milestones aligned with signer sprints under /docs/implplan. Updated README with Sprint 0186/0401 completed tasks (SIGN-CORE-186-004/005, SIGN-TEST-186-006, SIGN-VEX-401-018). |
||
| SIGNER-OPS-0001 | TODO | SPRINT_0329_0001_0001_docs_modules_signer | Ops Guild (docs/modules/signer) | docs/modules/signer | Review signer runbooks/observability assets after next sprint demo. | |||
| SORT-02 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Core Guild (src/Scanner/__Libraries/StellaOps.Scanner.Core) | src/Scanner/__Libraries/StellaOps.Scanner.Core | SCANNER-EMIT-15-001 | |||
| ORCH-DOCS-0001 | DONE | SPRINT_0323_0001_0001_docs_modules_orchestrator | Docs Guild (docs/modules/orchestrator) | docs/modules/orchestrator | Refresh orchestrator README + diagrams to reflect job leasing changes and reference the task runner bridge. | |||
| ORCH-ENG-0001 | DONE | SPRINT_0323_0001_0001_docs_modules_orchestrator | Module Team (docs/modules/orchestrator) | docs/modules/orchestrator | Sync into ../.. | |||
| ORCH-OPS-0001 | DONE | SPRINT_0323_0001_0001_docs_modules_orchestrator | Ops Guild (docs/modules/orchestrator) | docs/modules/orchestrator | Document outputs in ./README.md | |||
| SPL-23-001 | TODO | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Language Infrastructure Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | ||||
| SPL-23-002 | TODO | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | POLICY-SPL-23-001 | |||
| SPL-23-003 | TODO | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | POLICY-SPL-23-002 | |||
| SPL-23-004 | DONE (2025-11-26) | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Audit Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | POLICY-SPL-23-003 | Explanation tree emitted from evaluation; persistence follow-up. | ||
| SPL-23-005 | TODO | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, DevEx Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | POLICY-SPL-23-004 | |||
| SPL-24-001 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Signals Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | POLICY-SPL-23-005 | ||
| STORE-401-016 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild · BE-Base Platform Guild (src/Signals/StellaOps.Signals, src/__Libraries/StellaOps.Replay.Core) |
src/Signals/StellaOps.Signals, src/__Libraries/StellaOps.Replay.Core |
||||
| STORE-AOC-19-001 | DONE (2025-11-25) | SPRINT_0119_0001_0005_excititor_v | Excititor Storage Guild (src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo) | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo | ||||
| STORE-AOC-19-002 | DONE (2025-11-25) | SPRINT_0119_0001_0005_excititor_v | Excititor Storage Guild, DevOps Guild (src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo) | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo | ||||
| STORE-AOC-19-005 | TODO | 2025-11-04 | SPRINT_115_concelier_iv | Concelier Storage Guild, DevOps Guild (src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo) | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | |||
| SURFACE-01 | TODO | SPRINT_0140_0001_0001_runtime_signals | ||||||
| SURFACE-02 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scheduler Worker Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | SURFACE-FS-02; SCHED-SURFACE-01 | |||
| SURFACE-04 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Worker Guild (src/Scanner/StellaOps.Scanner.Worker) | src/Scanner/StellaOps.Scanner.Worker | SCANNER-SURFACE-01; SURFACE-FS-03 | |||
| SURFACE-ENV-01 | DONE | 2025-11-13 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Zastava Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | Draft surface-env.md enumerating environment variables, defaults, and air-gap behaviour for Surface consumers. |
— | SCSS0101 |
| SURFACE-ENV-02 | DOING | 2025-11-02 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | Implement strongly-typed env accessors with validation and deterministic logging inside StellaOps.Scanner.Surface.Env. |
SURFACE-ENV-01 | SCSS0101 |
| SURFACE-ENV-03 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | Adopt the env helper across Scanner Worker/WebService/BuildX plug-ins. | SURFACE-ENV-02 | ||
| SURFACE-ENV-04 | TODO | SPRINT_0136_0001_0001_scanner_surface | Zastava Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | Wire env helper into Zastava Observer/Webhook containers. | SURFACE-ENV-02 | ||
| SURFACE-ENV-05 | TODO | SPRINT_0136_0001_0001_scanner_surface | Ops Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | Update Helm/Compose/offline kit templates with new env knobs and documentation. | SURFACE-ENV-03; SURFACE-ENV-04 | ||
| SURFACE-FS-03 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | Integrate Surface.FS writer into Scanner Worker analyzer pipeline to persist layer + entry-trace fragments. | SURFACE-FS-02 | ||
| SURFACE-FS-04 | TODO | SPRINT_0136_0001_0001_scanner_surface | Zastava Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | Integrate Surface.FS reader into Zastava Observer runtime drift loop. | SURFACE-FS-02 | ||
| SURFACE-FS-05 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Scheduler Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | Expose Surface.FS pointers via Scanner WebService reports and coordinate rescan planning with Scheduler. | SURFACE-FS-03 | ||
| SURFACE-FS-06 | TODO | SPRINT_0136_0001_0001_scanner_surface | Docs Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | Update scanner-engine guide and offline kit docs with Surface.FS workflow. | SURFACE-FS-02 | ||
| SURFACE-FS-07 | DONE | 2025-12-04 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | Extend Surface.FS manifest schema with composition.recipe, fragment attestation metadata, and verification helpers per deterministic SBOM spec. |
SCANNER-SURFACE-04 | |
| SURFACE-SECRETS-01 | DOING | 2025-11-02 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Security Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | Produce surface-secrets.md defining secret reference schema, storage backends, scopes, and rotation rules. |
||
| SURFACE-SECRETS-02 | DOING | 2025-11-02 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | Implement StellaOps.Scanner.Surface.Secrets core provider interfaces, secret models, and in-memory test backend. |
SURFACE-SECRETS-01 | |
| SURFACE-SECRETS-03 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | Add Kubernetes/File/Offline backends with deterministic caching and audit hooks. | SURFACE-SECRETS-02 | SCSS0101 | |
| SURFACE-SECRETS-04 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | Integrate Surface.Secrets into Scanner Worker/WebService/BuildX for registry + CAS creds. | SURFACE-SECRETS-02 | ||
| SURFACE-SECRETS-05 | TODO | SPRINT_0136_0001_0001_scanner_surface | Zastava Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | Invoke Surface.Secrets from Zastava Observer/Webhook for CAS & attestation secrets. | SURFACE-SECRETS-02 | ||
| SURFACE-SECRETS-06 | TODO | SPRINT_0136_0001_0001_scanner_surface | Ops Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | Update deployment manifests/offline kit bundles to provision secret references instead of raw values. | SURFACE-SECRETS-03 | ||
| SURFACE-VAL-01 | DOING | 2025-11-01 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Security Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | Define the Surface validation framework (surface-validation.md) covering env/cache/secret checks and extension hooks. |
SURFACE-FS-01; SURFACE-ENV-01 | SCSS0102 |
| SURFACE-VAL-02 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | Implement base validation library with check registry and default validators for env/cached manifests/secret refs. | SURFACE-VAL-01; SURFACE-ENV-02; SURFACE-FS-02 | SCSS0102 | |
| SURFACE-VAL-03 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | Integrate validation pipeline into Scanner analyzers so checks run before processing. | SURFACE-VAL-02 | SCSS0102 | |
| SURFACE-VAL-04 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Zastava Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | Expose validation helpers to Zastava and other runtime consumers for preflight checks. | SURFACE-VAL-02 | SCSS0102 | |
| SURFACE-VAL-05 | TODO | SPRINT_0136_0001_0001_scanner_surface | Docs Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | Document validation extensibility, registration, and customization in scanner-engine guides. | SURFACE-VAL-02 | SCSS0102 | |
| SVC-32-002 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | ||||
| SVC-32-003 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | ||||
| SVC-32-004 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | ||||
| SVC-32-005 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | ||||
| SVC-33-001 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | ||||
| SVC-33-002 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | ||||
| SVC-33-003 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | ||||
| SVC-33-004 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | ||||
| SVC-34-001 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | ||||
| SVC-34-002 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | ||||
| SVC-34-003 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | ||||
| SVC-34-004 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | ||||
| SVC-35-001 | BLOCKED | 2025-10-29 | SPRINT_163_exportcenter_ii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | |||
| SVC-35-002 | TODO | SPRINT_163_exportcenter_ii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | ||||
| SVC-35-003 | TODO | SPRINT_163_exportcenter_ii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | ||||
| SVC-35-004 | TODO | SPRINT_163_exportcenter_ii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | ||||
| SVC-35-005 | TODO | SPRINT_163_exportcenter_ii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | ||||
| SVC-35-006 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | ||||
| SVC-35-101 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | ||||
| SVC-36-001 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | ||||
| SVC-36-002 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | ||||
| SVC-36-003 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | ||||
| SVC-36-004 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | ||||
| SVC-36-101 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | ||||
| SVC-37-001 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | ||||
| SVC-37-002 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | ||||
| SVC-37-003 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | ||||
| SVC-37-004 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | ||||
| SVC-37-101 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | ||||
| SVC-38-002 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | ||||
| SVC-38-003 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | ||||
| SVC-38-004 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | ||||
| SVC-38-101 | TODO | SPRINT_0153_0001_0003_orchestrator_iii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | ||||
| SVC-39-001 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | ||||
| SVC-39-002 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | ||||
| SVC-39-003 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | ||||
| SVC-39-004 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | ||||
| SVC-40-001 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | ||||
| SVC-40-002 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | ||||
| SVC-40-003 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | ||||
| SVC-40-004 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | ||||
| SVC-41-101 | TODO | SPRINT_0153_0001_0003_orchestrator_iii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | ||||
| SVC-42-101 | TODO | SPRINT_0153_0001_0003_orchestrator_iii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | ||||
| SVC-43-001 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | ||||
| SYM-007 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Scanner Worker Guild & Docs Guild (src/Scanner/StellaOps.Scanner.Models, docs/modules/scanner/architecture.md, docs/reachability/function-level-evidence.md) |
src/Scanner/StellaOps.Scanner.Models, docs/modules/scanner/architecture.md, docs/reachability/function-level-evidence.md |
||||
| SYMS-70-003 | TODO | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild, Symbols Guild (docs) | |||||
| SYMS-90-005 | TODO | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild, Symbols Guild (ops/devops) | ops/devops | ||||
| SYMS-BUNDLE-401-014 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Symbols Guild · Ops | src/Symbols/StellaOps.Symbols.Bundle, ops |
Produce deterministic symbol bundles for air-gapped installs (`symbols bundle create | Depends on #1 | RBSY0101 | |
| SYMS-CLIENT-401-012 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Symbols Guild · Scanner Guild | src/Symbols/StellaOps.Symbols.Client, src/Scanner/StellaOps.Scanner.Symbolizer |
Ship StellaOps.Symbols.Client SDK (resolve/upload APIs, platform key derivation for ELF/PDB/Mach-O/JVM/Node, disk LRU cache) and integrate with Scanner.Symbolizer/runtime probes (ref. docs/specs/SYMBOL_MANIFEST_v1.md). |
Depends on #3 | RBSY0101 | |
| SYMS-INGEST-401-013 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Symbols Guild · DevOps Guild | src/Symbols/StellaOps.Symbols.Ingestor.Cli, docs/specs/SYMBOL_MANIFEST_v1.md |
Build symbols ingest CLI to emit DSSE-signed SymbolManifest v1, upload blobs, and register Rekor entries; document GitLab/Gitea pipeline usage. |
Needs manifest updates from #1 | RBSY0101 | |
| SYMS-SERVER-401-011 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Symbols Guild | src/Symbols/StellaOps.Symbols.Server |
Deliver StellaOps.Symbols.Server (REST+gRPC) with DSSE-verified uploads, Mongo/MinIO storage, tenant isolation, and deterministic debugId indexing; publish health/manifest APIs (spec: docs/specs/SYMBOL_MANIFEST_v1.md). |
Depends on #5 | RBSY0101 | |
| TASKRUN-41-001 | DONE (2025-11-30) | 2025-11-30 | SPRINT_0157_0001_0002_taskrunner_blockers | Task Runner Guild | src/TaskRunner/StellaOps.TaskRunner | Bootstrap service, define migrations for pack_runs, pack_run_logs, pack_artifacts, implement run API (create/get/log stream), local executor, approvals pause, artifact capture, and provenance manifest generation. |
Delivered per Task Pack advisory and architecture contract. | ORTR0101 |
| TASKRUN-AIRGAP-56-001 | DONE (2025-11-30) | 2025-11-30 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild · AirGap Policy Guild | src/TaskRunner/StellaOps.TaskRunner | Enforce plan-time validation rejecting steps with non-allowlisted network calls in sealed mode and surface remediation errors. | TASKRUN-41-001 | ORTR0101 |
| TASKRUN-AIRGAP-56-002 | DONE (2025-12-03) | 2025-11-30 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild · AirGap Importer Guild | src/TaskRunner/StellaOps.TaskRunner | Add helper steps for bundle ingestion (checksum verification, staging to object store) with deterministic outputs. | TASKRUN-AIRGAP-56-001 | ORTR0101 |
| TASKRUN-AIRGAP-57-001 | BLOCKED (2025-11-30) | 2025-11-30 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild · AirGap Controller Guild | src/TaskRunner/StellaOps.TaskRunner | Refuse to execute plans when environment sealed=false but declared sealed install; emit advisory timeline events. | TASKRUN-AIRGAP-56-002 | ORTR0101 |
| TASKRUN-AIRGAP-58-001 | BLOCKED (2025-11-30) | 2025-11-30 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild · Evidence Locker Guild | src/TaskRunner/StellaOps.TaskRunner | Capture bundle import job transcripts, hashed inputs, and outputs into portable evidence bundles. | TASKRUN-AIRGAP-57-001 | ORTR0101 |
| TASKRUN-42-001 | BLOCKED (2025-11-25) | 2025-11-25 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild (src/TaskRunner/StellaOps.TaskRunner) |
src/TaskRunner/StellaOps.TaskRunner | Execution engine enhancements (loops/conditionals/maxParallel), simulation mode, policy gate integration, deterministic failure recovery. Blocked: loop/conditional semantics and policy-gate evaluation contract not published. | ORTR0102 | |
| TASKRUN-OAS-61-001 | BLOCKED (2025-11-30) | 2025-11-30 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild · API Contracts Guild | src/TaskRunner/StellaOps.TaskRunner | Document Task Runner APIs (pack runs, logs, approvals) in service OAS, including streaming response schemas and examples. | TASKRUN-41-001 | ORTR0101 |
| TASKRUN-OAS-61-002 | BLOCKED (2025-11-30) | 2025-11-30 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild | src/TaskRunner/StellaOps.TaskRunner | Expose GET /.well-known/openapi returning signed spec metadata, build version, and ETag. |
TASKRUN-OAS-61-001 | ORTR0101 |
| TASKRUN-OAS-62-001 | BLOCKED (2025-11-30) | 2025-11-30 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild · SDK Generator Guild | src/TaskRunner/StellaOps.TaskRunner | Provide SDK examples for pack run lifecycle; ensure SDKs offer streaming log helpers and paginator wrappers. | TASKRUN-OAS-61-002 | ORTR0102 |
| TASKRUN-OAS-63-001 | BLOCKED (2025-11-30) | 2025-11-30 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild · API Governance Guild | src/TaskRunner/StellaOps.TaskRunner | Implement deprecation header support and Sunset handling for legacy pack APIs; emit notifications metadata. | TASKRUN-OAS-62-001 | ORTR0102 |
| TASKRUN-OBS-50-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild | src/TaskRunner/StellaOps.TaskRunner | Adopt telemetry core in Task Runner host + worker executors, ensuring step execution spans/logs include trace_id, tenant_id, run_id, and scrubbed command transcripts. |
ORTR0101 telemetry hooks | ORTR0102 |
| TASKRUN-OBS-51-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild · DevOps Guild | src/TaskRunner/StellaOps.TaskRunner | Emit metrics for step latency, retries, queue depth, sandbox resource usage; define SLOs for pack run completion and failure rate; surface burn-rate alerts to collector/Notifier. Dependencies: TASKRUN-OBS-50-001. | TASKRUN-OBS-50-001 | ORTR0102 |
| TASKRUN-OBS-52-001 | BLOCKED (2025-11-25) | 2025-11-25 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild | src/TaskRunner/StellaOps.TaskRunner | Produce timeline events for pack runs (pack.started, pack.step.completed, pack.failed) containing evidence pointers and policy gate context. Provide dedupe + retry logic. Blocked: timeline event schema and evidence-pointer contract not published. |
TASKRUN-OBS-51-001 | ORTR0102 |
| TASKRUN-OBS-53-001 | BLOCKED (2025-11-25) | 2025-11-25 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild · Evidence Locker Guild | src/TaskRunner/StellaOps.TaskRunner | Capture step transcripts, artifact manifests, environment digests, and policy approvals into evidence locker snapshots; ensure redaction + hash chain coverage. Blocked: waiting on timeline schema/evidence-pointer contract (OBS-52-001). | TASKRUN-OBS-52-001 | ORTR0102 |
| TASKRUN-OBS-54-001 | BLOCKED (2025-11-30) | 2025-11-30 | SPRINT_0158_0001_0002_taskrunner_ii | Task Runner Guild · Provenance Guild | src/TaskRunner/StellaOps.TaskRunner | Generate DSSE attestations for pack runs (subjects = produced artifacts) and expose verification API/CLI integration. Store references in timeline events. | TASKRUN-OBS-53-001 | ORTR0102 |
| TASKRUN-OBS-55-001 | BLOCKED (2025-11-30) | 2025-11-30 | SPRINT_0158_0001_0002_taskrunner_ii | Task Runner Guild · DevOps Guild | src/TaskRunner/StellaOps.TaskRunner | Implement incident mode escalations (extra telemetry, debug artifact capture, retention bump) and align on automatic activation via SLO breach webhooks. | TASKRUN-OBS-54-001 | ORTR0102 |
| TASKRUN-TEN-48-001 | BLOCKED (2025-11-30) | 2025-11-30 | SPRINT_0158_0001_0002_taskrunner_ii | Task Runner Guild | src/TaskRunner/StellaOps.TaskRunner | Require tenant/project context for every pack run, set DB/object-store prefixes, block egress when tenant restricted, and propagate context to steps/logs. | TASKRUN-OBS-53-001; Tenancy policy contract | ORTR0101 |
| TELEMETRY-DOCS-0001 | DONE (2025-11-30) | 2025-11-30 | SPRINT_330_docs_modules_telemetry | Docs Guild | docs/modules/telemetry | Validate that telemetry module docs reflect the new storage stack and isolation rules. | Ops checklist from DVDO0103 | DOTL0101 |
| TELEMETRY-DOCS-0001 | DONE (2025-11-30) | 2025-11-30 | SPRINT_330_docs_modules_telemetry | Docs Guild | docs/modules/telemetry | Validate that telemetry module docs reflect the new storage stack and isolation rules. | Ops checklist from DVDO0103 | DOTL0101 |
| TELEMETRY-ENG-0001 | DONE (2025-11-30) | 2025-11-30 | SPRINT_330_docs_modules_telemetry | Module Team | docs/modules/telemetry | Ensure milestones stay in sync with telemetry sprints in docs/implplan. |
TLTY0101 API review | DOTL0101 |
| TELEMETRY-OBS-50-001 | DONE (2025-11-19) | SPRINT_0170_0001_0001_notifications_telemetry | Telemetry Core Guild | src/Telemetry/StellaOps.Telemetry.Core | Core bootstrap delivered; sample host wiring published (docs/observability/telemetry-bootstrap.md). |
50-002 dashboards | TLTY0101 | |
| TELEMETRY-OBS-50-002 | DONE (2025-11-27) | SPRINT_0170_0001_0001_notifications_telemetry | Telemetry Core Guild | src/Telemetry/StellaOps.Telemetry.Core | Propagation middleware/adapters implemented; tests green. | 50-001 | TLTY0101 | |
| TELEMETRY-OBS-51-001 | DONE (2025-11-27) | 2025-11-27 | SPRINT_0170_0001_0001_notifications_telemetry | Telemetry Core Guild | src/Telemetry/StellaOps.Telemetry.Core | Golden-signal metrics with cardinality guards and exemplars shipped. | 51-002 | TLTY0101 |
| TELEMETRY-OBS-51-002 | DONE (2025-11-27) | 2025-11-27 | SPRINT_0170_0001_0001_notifications_telemetry | Telemetry Core Guild | src/Telemetry/StellaOps.Telemetry.Core | Scrubbing/redaction filters + audit overrides delivered. | 51-001 | TLTY0101 |
| TELEMETRY-OBS-55-001 | DONE (2025-11-27) | SPRINT_0170_0001_0001_notifications_telemetry | Telemetry Core Guild · Observability Guild | src/Telemetry/StellaOps.Telemetry.Core | Incident mode toggle API with sampling/retention tags; activation trail implemented. | 56-001 event schema | TLTY0101 | |
| TELEMETRY-OBS-56-001 | DONE (2025-11-27) | SPRINT_0174_0001_0001_telemetry | Telemetry Core Guild | src/Telemetry/StellaOps.Telemetry.Core | Add sealed-mode telemetry helpers (drift metrics, seal/unseal spans, offline exporters) and ensure hosts can disable external exporters when sealed. Dependencies: TELEMETRY-OBS-55-001. | OBS-55-001 output | TLTY0101 | |
| TELEMETRY-OPS-0001 | DONE (2025-11-30) | 2025-11-30 | SPRINT_330_docs_modules_telemetry | Ops Guild | docs/modules/telemetry | Review telemetry runbooks/observability dashboards post-demo. | DVDO0103 deployment notes | DOTL0101 |
| TEN-47-001 | TODO | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | ||||
| TEN-48-001 | TODO | SPRINT_115_concelier_iv | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | ||||
| TEN-49-001 | TODO | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | ||||
| TEST-186-006 | TODO | SPRINT_0186_0001_0001_record_deterministic_execution | Signing Guild, QA Guild (src/Signer/StellaOps.Signer.Tests) |
src/Signer/StellaOps.Signer.Tests |
||||
| TEST-62-001 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Contract Testing Guild (docs) | |||||
| TIME-57-001 | TODO | SPRINT_0503_0001_0001_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | PROGRAM-STAFF-1001 | ||||
| TIME-57-002 | TODO | SPRINT_510_airgap | Exporter Guild · AirGap Time Guild · CLI Guild | src/AirGap/StellaOps.AirGap.Time | PROGRAM-STAFF-1001 | PROGRAM-STAFF-1001 | AGTM0101 | |
| TIME-58-001 | TODO | SPRINT_510_airgap | AirGap Time Guild | src/AirGap/StellaOps.AirGap.Time | AIRGAP-TIME-58-001 | AIRGAP-TIME-58-001 | AGTM0101 | |
| TIME-58-002 | TODO | SPRINT_510_airgap | AirGap Time Guild · Notifications Guild | src/AirGap/StellaOps.AirGap.Time | TIME-58-001 | TIME-58-001 | AGTM0101 | |
| TIMELINE-OBS-52-001 | TODO | SPRINT_160_export_evidence | Timeline Indexer Guild | Timeline Indexer Guild | ||||
| TIMELINE-OBS-52-002 | TODO | SPRINT_160_export_evidence | Timeline Indexer Guild | Timeline Indexer Guild | ||||
| TIMELINE-OBS-52-003 | TODO | SPRINT_160_export_evidence | Timeline Indexer Guild | Timeline Indexer Guild | ||||
| TIMELINE-OBS-52-004 | TODO | SPRINT_160_export_evidence | Timeline Indexer + Security Guilds | Timeline Indexer + Security Guilds | ||||
| TIMELINE-OBS-53-001 | TODO | SPRINT_160_export_evidence | Timeline Indexer + Evidence Locker Guilds | Timeline Indexer + Evidence Locker Guilds | ||||
| UI-401-027 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | UI Guild · CLI Guild (src/UI/StellaOps.UI, src/Cli/StellaOps.Cli, docs/uncertainty/README.md) |
src/UI/StellaOps.UI, src/Cli/StellaOps.Cli, docs/uncertainty/README.md |
||||
| UI-AOC-19-001 | TODO | SPRINT_0209_0001_0001_ui_i | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Add Sources dashboard tiles showing AOC pass/fail, recent violation codes, and ingest throughput per tenant. | |||
| UI-AOC-19-002 | TODO | SPRINT_0209_0001_0001_ui_i | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Implement violation drill-down view highlighting offending document fields and provenance metadata. Dependencies: UI-AOC-19-001. | |||
| UI-AOC-19-003 | TODO | SPRINT_0209_0001_0001_ui_i | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Add "Verify last 24h" action triggering AOC verifier endpoint and surfacing CLI parity guidance. Dependencies: UI-AOC-19-002. | |||
| UI-CLI-401-007 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | UI & CLI Guilds (src/Cli/StellaOps.Cli, src/UI/StellaOps.UI) |
src/Cli/StellaOps.Cli, src/UI/StellaOps.UI |
Implement CLI stella graph explain + UI explain drawer showing signed call-path, predicates, runtime hits, and DSSE pointers; include counterfactual controls. |
|||
| UI-DOCS-0001 | TODO | SPRINT_331_docs_modules_ui | Docs Guild (docs/modules/ui) | docs/modules/ui | ||||
| UI-ENG-0001 | TODO | SPRINT_331_docs_modules_ui | Module Team (docs/modules/ui) | docs/modules/ui | ||||
| UI-ENTROPY-40-001 | TODO | SPRINT_0209_0001_0001_ui_i | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Visualise entropy analysis per image (layer donut, file heatmaps, """Why risky?""" chips) in Vulnerability Explorer and scan details, including opaque byte ratios and detector hints (see docs/modules/scanner/entropy.md). |
|||
| UI-ENTROPY-40-002 | TODO | SPRINT_0209_0001_0001_ui_i | UI Guild, Policy Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Add policy banners/tooltips explaining entropy penalties (block/warn thresholds, mitigation steps) and link to raw entropy.report.json evidence downloads (docs/modules/scanner/entropy.md). Dependencies: UI-ENTROPY-40-001. |
|||
| UI-EXC-25-001 | TODO | SPRINT_0209_0001_0001_ui_i | UI Guild, Governance Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Build Exception Center (list + kanban) with filters, sorting, workflow transitions, and audit views. | |||
| UI-EXC-25-002 | TODO | SPRINT_0209_0001_0001_ui_i | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Implement exception creation wizard with scope preview, justification templates, timebox guardrails. Dependencies: UI-EXC-25-001. | |||
| UI-EXC-25-003 | TODO | SPRINT_0209_0001_0001_ui_i | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Add inline exception drafting/proposing from Vulnerability Explorer and Graph detail panels with live simulation. Dependencies: UI-EXC-25-002. | |||
| UI-EXC-25-004 | TODO | SPRINT_0209_0001_0001_ui_i | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Surface exception badges, countdown timers, and explain integration across Graph/Vuln Explorer and policy views. Dependencies: UI-EXC-25-003. | |||
| UI-EXC-25-005 | TODO | SPRINT_0209_0001_0001_ui_i | UI Guild, Accessibility Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Add keyboard shortcuts (x,a,r) and ensure screen-reader messaging for approvals/revocations. Dependencies: UI-EXC-25-004. |
|||
| UI-GRAPH-21-001 | TODO | SPRINT_0209_0001_0001_ui_i | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Align Graph Explorer auth configuration with new graph:* scopes; consume scope identifiers from shared StellaOpsScopes exports (via generated SDK/config) instead of hard-coded strings. |
|||
| UI-GRAPH-24-001 | BLOCKED | 2025-12-06 | SPRINT_0209_0001_0001_ui_i | UI Guild, SBOM Service Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Build Graph Explorer canvas with layered/radial layouts, virtualization, zoom/pan, and scope toggles; initial render <1.5s for sample asset. Dependencies: UI-GRAPH-21-001. | Blocked: awaiting generated graph:* scope SDK exports; cannot render canvas deterministically. | |
| UI-GRAPH-24-002 | BLOCKED | 2025-12-06 | SPRINT_0209_0001_0001_ui_i | UI Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement overlays (Policy, Evidence, License, Exposure), simulation toggle, path view, and SBOM diff/time-travel with accessible tooltips/AOC indicators. Dependencies: UI-GRAPH-24-001. | Blocked by UI-GRAPH-24-001 and missing scope exports. | |
| UI-GRAPH-24-003 | BLOCKED | 2025-12-06 | SPRINT_0209_0001_0001_ui_i | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Deliver filters/search panel with facets, saved views, permalinks, and share modal. Dependencies: UI-GRAPH-24-002. | Blocked by UI-GRAPH-24-002. | |
| UI-GRAPH-24-004 | BLOCKED | 2025-12-06 | SPRINT_0209_0001_0001_ui_i | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add side panels (Details, What-if, History) with upgrade simulation integration and SBOM diff viewer. Dependencies: UI-GRAPH-24-003. | Blocked: graph:* scope SDK exports not delivered; canvas chain stalled. | |
| UI-GRAPH-24-006 | BLOCKED | 2025-12-06 | SPRINT_0209_0001_0001_ui_i | UI Guild, Accessibility Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Ensure accessibility (keyboard nav, screen reader labels, contrast), add hotkeys (f,e,.), and analytics instrumentation. Dependencies: UI-GRAPH-24-004. |
Blocked: upstream graph canvas tasks blocked on scope exports. | |
| UI-LNM-22-001 | DONE | 2025-11-27 | SPRINT_0209_0001_0001_ui_i | UI Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Build Evidence panel showing policy decision with advisory observations/linksets side-by-side, conflict badges, AOC chain, and raw doc download links. Docs DOCS-LNM-22-005 waiting on delivered UI for screenshots + flows. |
||
| UI-LNM-22-002 | DONE | 2025-12-04 | SPRINT_0210_0001_0002_ui_ii | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement filters (source, severity bucket, conflict-only, CVSS vector presence) and pagination/lazy loading for large linksets. Docs depend on finalized filtering UX. Dependencies: UI-LNM-22-001. | ||
| UI-LNM-22-003 | DONE | 2025-12-04 | SPRINT_0210_0001_0002_ui_ii | UI Guild, Excititor Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add VEX tab with status/justification summaries, conflict indicators, and export actions. Required for DOCS-LNM-22-005 coverage of VEX evidence tab. Dependencies: UI-LNM-22-002. |
||
| UI-LNM-22-004 | DONE | 2025-12-04 | SPRINT_0210_0001_0002_ui_ii | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Provide permalink + copy-to-clipboard for selected component/linkset/policy combination; ensure high-contrast theme support. Dependencies: UI-LNM-22-003. | ||
| UI-OPS-0001 | TODO | SPRINT_331_docs_modules_ui | Ops Guild (docs/modules/ui) | docs/modules/ui | ||||
| UI-ORCH-32-001 | DONE | 2025-12-04 | SPRINT_0210_0001_0002_ui_ii | UI Guild, Console Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Update Console RBAC mappings to surface Orch.Viewer, request orch:read scope in token flows, and gate dashboard access/messaging accordingly. |
||
| UI-POLICY-13-007 | DONE | 2025-12-04 | SPRINT_0210_0001_0002_ui_ii | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Surface policy confidence metadata (band, age, quiet provenance) on preview and report views. | ||
| UI-POLICY-20-001 | DONE | 2025-12-05 | SPRINT_0210_0001_0002_ui_ii | UI Guild | src/Web/StellaOps.Web | Ship Monaco-based policy editor with DSL syntax highlighting, diagnostics, and checklist sidebar. | POLICY-13-007 | UIPD0101 |
| UI-POLICY-20-002 | DONE | 2025-12-05 | SPRINT_0210_0001_0002_ui_ii | UI Guild | src/Web/StellaOps.Web | Build simulation panel showing before/after counts, severity deltas, deterministic diffs. | UI-POLICY-20-001 | UIPD0101 |
| UI-POLICY-20-003 | DONE | 2025-12-05 | SPRINT_0210_0001_0002_ui_ii | UI/ProdOps Guild | src/Web/StellaOps.Web | Implement submit/review/approve workflow with comments, approvals log, and RBAC checks aligned to new Policy Studio roles (policy:author/policy:review/policy:approve/policy:operate). Dependencies: UI-POLICY-20-002. |
Requires 20-002 results | |
| UI-POLICY-20-004 | DONE | 2025-12-05 | SPRINT_0210_0001_0002_ui_ii | UI Guild · Observability Guild | src/Web/StellaOps.Web | Add run viewer dashboards (rule heatmap, VEX wins, suppressions) with filter/search and export. Dependencies: UI-POLICY-20-003. | Depends on 20-003 | |
| UI-POLICY-23-001 | DONE | 2025-12-05 | SPRINT_0210_0001_0002_ui_ii | UI Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Deliver Policy Editor workspace with pack list, revision history, and scoped metadata cards. Dependencies: UI-POLICY-20-004. | ||
| UI-POLICY-23-002 | DONE | 2025-12-05 | SPRINT_0210_0001_0002_ui_ii | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement YAML editor with schema validation, lint diagnostics, and live canonicalization preview. Dependencies: UI-POLICY-23-001. | ||
| UI-POLICY-23-003 | DONE | 2025-12-05 | SPRINT_0210_0001_0002_ui_ii | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Build guided rule builder (source preferences, severity mapping, VEX precedence, exceptions) with preview JSON output. Dependencies: UI-POLICY-23-002. | ||
| UI-POLICY-23-004 | DONE | 2025-12-05 | SPRINT_0210_0001_0002_ui_ii | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add review/approval workflow UI: checklists, comments, two-person approval indicator, scope scheduling. Dependencies: UI-POLICY-23-003. | ||
| UI-POLICY-23-005 | DONE | 2025-12-05 | SPRINT_0210_0001_0002_ui_ii | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Integrate simulator panel (SBOM/component/advisory selection), run diff vs active policy, show explain tree and overlays. Dependencies: UI-POLICY-23-004. | ||
| UI-POLICY-23-006 | DONE | 2025-12-05 | SPRINT_0210_0001_0002_ui_ii | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement explain view linking to evidence overlays and exceptions; provide export to JSON/PDF. Dependencies: UI-POLICY-23-005. | ||
| UI-POLICY-27-001 | DOING | 2025-12-06 | SPRINT_0211_0001_0003_ui_iii | UI Guild, Product Ops (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Update Console policy workspace RBAC guards, scope requests, and user messaging to reflect the new Policy Studio roles/scopes (policy:author/review/approve/operate/audit/simulate), including Cypress auth stubs and help text. Dependencies: UI-POLICY-23-006. |
||
| UI-POLICY-DET-01 | DONE | 2025-11-27 | SPRINT_0209_0001_0001_ui_i | UI Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Wire policy gate indicators + remediation hints into Release/Policy flows, blocking publishes when determinism checks fail; coordinate with Policy Engine schema updates. Dependencies: UI-SBOM-DET-01. | ||
| UI-SBOM-DET-01 | DONE | 2025-11-27 | SPRINT_0209_0001_0001_ui_i | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add a "Determinism" badge plus drill-down that surfaces fragment hashes, _composition.json, and Merkle root consistency when viewing scan details (per docs/modules/scanner/deterministic-sbom-compose.md). |
||
| UI-SIG-26-001 | BLOCKED | 2025-12-06 | SPRINT_0211_0001_0003_ui_iii | UI Guild, Signals Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add reachability columns/badges to Vulnerability Explorer with filters and tooltips. | Blocked: deterministic reachability fixtures (columns/badges) not delivered by Signals/Graph. | |
| UI-SIG-26-002 | BLOCKED | 2025-12-06 | SPRINT_0211_0001_0003_ui_iii | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Enhance “Why” drawer with call path visualization, reachability timeline, and evidence list. Dependencies: UI-SIG-26-001. | Blocked pending UI-SIG-26-001 outputs and call-path/timeline fixtures. | |
| UI-SIG-26-003 | BLOCKED | 2025-12-06 | SPRINT_0211_0001_0003_ui_iii | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add reachability overlay halos/time slider to SBOM Graph along with state legend. Dependencies: UI-SIG-26-002. | Blocked: overlays depend on upstream fixtures + perf budget. | |
| UI-SIG-26-004 | BLOCKED | 2025-12-06 | SPRINT_0211_0001_0003_ui_iii | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Build Reachability Center view showing asset coverage, missing sensors, and stale facts. Dependencies: UI-SIG-26-003. | Blocked: coverage/sensor fixtures not available; upstream chain blocked. | |
| UNCERTAINTY-POLICY-401-026 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild · Concelier Guild (docs/policy/dsl.md, docs/uncertainty/README.md) |
docs/policy/dsl.md, docs/uncertainty/README.md |
Update policy guidance (Concelier/Excitors) with uncertainty gates (U1/U2/U3), sample YAML rules, and remediation actions. | |||
| UNCERTAINTY-SCHEMA-401-024 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild (src/Signals/StellaOps.Signals, docs/uncertainty/README.md) |
src/Signals/StellaOps.Signals, docs/uncertainty/README.md |
Extend Signals findings with uncertainty.states[], entropy fields, and riskScore; emit FindingUncertaintyUpdated events and persist evidence per docs. |
|||
| UNCERTAINTY-SCORER-401-025 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild (src/Signals/StellaOps.Signals.Application, docs/uncertainty/README.md) |
src/Signals/StellaOps.Signals.Application, docs/uncertainty/README.md |
Implement the entropy-aware risk scorer (riskScore = base × reach × trust × (1 + entropyBoost)) and wire it into finding writes. |
|||
| UNCERTAINTY-UI-401-027 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | UI Guild · CLI Guild (src/UI/StellaOps.UI, src/Cli/StellaOps.Cli, docs/uncertainty/README.md) |
src/UI/StellaOps.UI, src/Cli/StellaOps.Cli, docs/uncertainty/README.md |
Surface uncertainty chips/tooltips in the Console (React UI) + CLI output (risk score + entropy states). | |||
| VAL-01 | DOING | 2025-11-01 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Security Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | SURFACE-FS-01; SURFACE-ENV-01 | ||
| VAL-02 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | SURFACE-VAL-01; SURFACE-ENV-02; SURFACE-FS-02 | |||
| VAL-03 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | SURFACE-VAL-02 | |||
| VAL-04 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Zastava Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | SURFACE-VAL-02 | |||
| VAL-05 | TODO | SPRINT_0136_0001_0001_scanner_surface | Docs Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | SURFACE-VAL-02 | |||
| VERIFY-186-007 | TODO | SPRINT_0186_0001_0001_record_deterministic_execution | Authority Guild, Provenance Guild (src/Authority/StellaOps.Authority, src/Provenance/StellaOps.Provenance.Attestation) |
src/Authority/StellaOps.Authority, src/Provenance/StellaOps.Provenance.Attestation |
||||
| VEX-006 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy, Excititor, UI, CLI & Notify Guilds (docs/modules/excititor/architecture.md, src/Cli/StellaOps.Cli, src/UI/StellaOps.UI, docs/09_API_CLI_REFERENCE.md) |
docs/modules/excititor/architecture.md, src/Cli/StellaOps.Cli, src/UI/StellaOps.UI, docs/09_API_CLI_REFERENCE.md |
||||
| VEX-30-001 | BLOCKED | 2025-11-19 | SPRINT_0212_0001_0001_web_i | Console Guild, BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | |||
| VEX-30-002 | TODO | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | ||||
| VEX-30-003 | TODO | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | ||||
| VEX-30-004 | TODO | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | ||||
| VEX-30-005 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Console Guild (docs) | |||||
| VEX-30-006 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Policy Guild (docs) | DOVX0101 | ||||
| VEX-30-007 | BLOCKED | SPRINT_216_web_v | BE-Base Platform Guild, VEX Lens Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | DOVX0101 | |||
| VEX-30-008 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Security Guild (docs) | DOVX0101 | ||||
| VEX-30-009 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, DevOps Guild (docs) | DOVX0101 | ||||
| VEX-401-006 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild (src/Policy/StellaOps.Policy.Engine, src/Policy/__Libraries/StellaOps.Policy) |
src/Policy/StellaOps.Policy.Engine, src/Policy/__Libraries/StellaOps.Policy |
DOVX0101 | |||
| VEX-401-010 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild (src/Policy/StellaOps.Policy.Engine/Vex, docs/modules/policy/architecture.md, docs/benchmarks/vex-evidence-playbook.md) |
src/Policy/StellaOps.Policy.Engine/Vex, docs/modules/policy/architecture.md, docs/benchmarks/vex-evidence-playbook.md |
DOVX0101 | |||
| VEX-401-011 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | verify | DOVX0101 | ||||
| VEX-401-012 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild (docs/benchmarks/vex-evidence-playbook.md, bench/README.md) |
docs/benchmarks/vex-evidence-playbook.md, bench/README.md |
DOVX0101 | |||
| VEX-401-018 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Signing Guild (src/Signer/StellaOps.Signer, docs/modules/signer/architecture.md) |
src/Signer/StellaOps.Signer, docs/modules/signer/architecture.md |
DOVX0101 | |||
| VEX-CONSENSUS-LENS-DOCS-0001 | TODO | SPRINT_332_docs_modules_vex_lens | Docs Guild (docs/modules/vex-lens) | docs/modules/vex-lens | Refresh VEX Lens module docs with consensus workflow guidance and recent release links. | DOVX0101 | ||
| VEX-CONSENSUS-LENS-DOCS-0002 | TODO | 2025-11-05 | SPRINT_332_docs_modules_vex_lens | Docs Guild (docs/modules/vex-lens) | docs/modules/vex-lens | Pending DOCS-VEX-30-001..004 to add consensus doc cross-links | ||
| VEX-CONSENSUS-LENS-ENG-0001 | TODO | SPRINT_332_docs_modules_vex_lens | Module Team (docs/modules/vex-lens) | docs/modules/vex-lens | Sync into ../.. | |||
| VEX-CONSENSUS-LENS-OPS-0001 | TODO | SPRINT_332_docs_modules_vex_lens | Ops Guild (docs/modules/vex-lens) | docs/modules/vex-lens | Document outputs in ./README.md | |||
| VEX-LENS-ENG-0001 | TODO | SPRINT_332_docs_modules_vex_lens | Module Team (docs/modules/vex-lens) | docs/modules/vex-lens | Keep module milestones synchronized with VEX Lens sprints listed under /docs/implplan. |
|||
| VEX-LENS-OPS-0001 | TODO | SPRINT_332_docs_modules_vex_lens | Ops Guild (docs/modules/vex-lens) | docs/modules/vex-lens | Review VEX Lens runbooks/observability assets post-demo. | |||
| VEXLENS-30-001 | TODO | SPRINT_115_concelier_iv | Concelier WebService Guild · VEX Lens Guild | src/Concelier/StellaOps.Concelier.WebService | — | — | PLVL0101 | |
| VEXLENS-30-002 | TODO | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | Build product mapping library | VEXLENS-30-001 | PLVL0101 | |
| VEXLENS-30-003 | TODO | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · Issuer Directory Guild | src/VexLens/StellaOps.VexLens | Integrate signature verification | VEXLENS-30-002 | PLVL0101 | |
| VEXLENS-30-004 | TODO | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · Policy Guild | src/VexLens/StellaOps.VexLens | Implement trust weighting engine | VEXLENS-30-003 | PLVL0101 | |
| VEXLENS-30-005 | TODO | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | Implement consensus algorithm producing consensus_state, confidence, weights, quorum, rationale; support states: NOT_AFFECTED, AFFECTED, FIXED, UNDER_INVESTIGATION, DISPUTED, INCONCLUSIVE |
VEXLENS-30-004 | PLVL0101 | |
| VEXLENS-30-006 | TODO | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · Findings Ledger Guild | src/VexLens/StellaOps.VexLens | Materialize consensus projection storage with idempotent workers triggered by VEX/Policy changes; expose change events for downstream consumers | VEXLENS-30-005 | PLVL0101 | |
| VEXLENS-30-007 | TODO | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | Expose APIs | VEXLENS-30-006 | PLVL0101 | |
| VEXLENS-30-008 | TODO | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · Policy Guild | src/VexLens/StellaOps.VexLens | Integrate consensus signals with Policy Engine | VEXLENS-30-007 | PLVL0101 | |
| VEXLENS-30-009 | TODO | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · Observability Guild | src/VexLens/StellaOps.VexLens | Instrument metrics | VEXLENS-30-008 | PLVL0101 | |
| VEXLENS-30-010 | TODO | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · QA Guild | src/VexLens/StellaOps.VexLens | Develop unit/property/integration/load tests | VEXLENS-30-009 | PLVL0101 | |
| VEXLENS-30-011 | TODO | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · DevOps Guild | src/VexLens/StellaOps.VexLens | Provide deployment manifests, caching configuration, scaling guides, offline kit seeds, and runbooks | VEXLENS-30-010 | PLVL0103 | |
| VEXLENS-AIAI-31-001 | TODO | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | Expose consensus rationale API enhancements (policy factors, issuer details, mapping issues) for Advisory AI conflict explanations | — | PLVL0103 | |
| VEXLENS-AIAI-31-002 | TODO | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | Provide caching hooks for consensus lookups used by Advisory AI | VEXLENS-AIAI-31-001 | PLVL0103 | |
| VEXLENS-EXPORT-35-001 | TODO | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | Provide consensus snapshot API delivering deterministic JSONL (state, confidence, provenance) for exporter mirror bundles | — | PLVL0103 | |
| VEXLENS-ORCH-33-001 | TODO | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | Register consensus_compute job type with orchestrator, integrate worker SDK, and expose job planning hooks for consensus batches |
— | PLVL0103 | |
| VEXLENS-ORCH-34-001 | TODO | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | Emit consensus completion events into orchestrator run ledger and provenance chain, including confidence metadata | VEXLENS-ORCH-33-001 | PLVL0103 | |
| VULN-29-001 | BLOCKED | 2025-11-19 | SPRINT_0212_0001_0001_web_i | Console Guild, BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | |||
| VULN-29-002 | TODO | SPRINT_0123_0001_0005_excititor_v | Excititor WebService Guild (src/Excititor/StellaOps.Excititor.WebService) | src/Excititor/StellaOps.Excititor.WebService | ||||
| VULN-29-003 | TODO | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | ||||
| VULN-29-004 | TODO | SPRINT_116_concelier_v | Concelier WebService Guild, Observability Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | ||||
| VULN-29-005 | TODO | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | ||||
| VULN-29-006 | TODO | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild, Docs Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | ||||
| VULN-29-007 | TODO | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild, Excititor Guild (docs) | |||||
| VULN-29-008 | TODO | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild, Concelier Guild (docs) | |||||
| VULN-29-009 | TODO | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild, SBOM Service Guild (docs) | |||||
| VULN-29-010 | TODO | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild, Observability Guild (docs) | |||||
| VULN-29-011 | TODO | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild, Security Guild (docs) | |||||
| VULN-29-012 | TODO | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild, Ops Guild (docs) | |||||
| VULN-29-013 | TODO | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild, Deployment Guild (docs) | |||||
| VULN-API-29-001 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Define OpenAPI spec (list/detail/query/simulation/workflow/export), query JSON schema, pagination/grouping contracts, and error codes | PLVA0101 | |
| VULN-API-29-002 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Implement list/query endpoints with policy parameter, grouping, server paging, caching, and cost budgets; tests at tests/TestResults/vuln-explorer/api.trx. |
VULN-API-29-001 | PLVA0101 |
| VULN-API-29-003 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Implement detail endpoint aggregating evidence, policy rationale, paths | VULN-API-29-002 | PLVA0101 |
| VULN-API-29-004 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild, Findings Ledger Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Expose workflow endpoints | VULN-API-29-003 | PLVA0101 | |
| VULN-API-29-005 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild, Policy Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Implement simulation endpoint comparing policy_from vs policy_to, returning diffs without side effects; hook into Policy Engine batch eval |
VULN-API-29-004 | PLVA0101 | |
| VULN-API-29-006 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Integrate resolver results with Graph Explorer: include shortest path metadata, line up deep-link parameters, expose paths array in details |
VULN-API-29-005 | PLVA0101 | |
| VULN-API-29-007 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild, Security Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Enforce RBAC/ABAC scopes; implement CSRF/anti-forgery checks for Console; secure attachment URLs; audit logging | VULN-API-29-006 | PLVA0102 | |
| VULN-API-29-008 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Build export orchestrator producing signed bundles | VULN-API-29-007 | PLVA0102 | |
| VULN-API-29-009 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild, Observability Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Instrument metrics | VULN-API-29-008 | PLVA0102 | |
| VULN-API-29-010 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild, QA Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Provide unit/integration/perf tests | VULN-API-29-009 | PLVA0102 | |
| VULN-API-29-011 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild, DevOps Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Package deployment | VULN-API-29-010 | PLVA0102 | |
| VULNERABILITY-EXPLORER-DOCS-0001 | TODO | SPRINT_334_docs_modules_vuln_explorer | Docs Guild (docs/modules/vuln-explorer) | docs/modules/vuln-explorer | Validate Vuln Explorer module docs against latest roadmap/releases and add evidence links. | DOVL0101 | ||
| VULNERABILITY-EXPLORER-ENG-0001 | TODO | SPRINT_334_docs_modules_vuln_explorer | Module Team (docs/modules/vuln-explorer) | docs/modules/vuln-explorer | Keep sprint alignment notes in sync with Vuln Explorer sprints. | |||
| VULNERABILITY-EXPLORER-OPS-0001 | TODO | SPRINT_334_docs_modules_vuln_explorer | Ops Guild (docs/modules/vuln-explorer) | docs/modules/vuln-explorer | Review runbooks/observability assets after next demo. | |||
| WEB-20-002 | TODO | SPRINT_0155_0001_0001_scheduler_i | Scheduler WebService Guild (src/Scheduler/StellaOps.Scheduler.WebService) | src/Scheduler/StellaOps.Scheduler.WebService | ||||
| WEB-AIAI-31-001 | TODO | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Route /advisory/ai/* endpoints through gateway with RBAC/ABAC, rate limits, and telemetry headers. |
|||
| WEB-AIAI-31-002 | TODO | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Provide batching job handlers and streaming responses for CLI automation with retry/backoff. Dependencies: WEB-AIAI-31-001. | |||
| WEB-AIAI-31-003 | TODO | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild, Observability Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Emit metrics/logs (latency, guardrail blocks, validation failures) and forward anonymized prompt hashes to analytics. Dependencies: WEB-AIAI-31-002. | |||
| WEB-AIRGAP-56-001 | TODO | SPRINT_116_concelier_v | Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | ||||
| WEB-AIRGAP-56-002 | TODO | SPRINT_116_concelier_v | Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | ||||
| WEB-AIRGAP-57-001 | TODO | SPRINT_116_concelier_v | Concelier WebService Guild, AirGap Policy Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | ||||
| WEB-AIRGAP-58-001 | TODO | SPRINT_116_concelier_v | Concelier WebService Guild, AirGap Importer Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | ||||
| WEB-AOC-19-002 | DONE (2025-11-30) | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Ship ProvenanceBuilder, checksum utilities, and signature verification helper integrated with guard logging. Cover DSSE/CMS formats with unit tests. Dependencies: WEB-AOC-19-001. |
|||
| WEB-AOC-19-003 | DONE (2025-11-30) | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild; QA Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Analyzer/guard validation: block forbidden keys, unknown fields, missing provenance/signatures; add frontend fixtures/tests. Depends on WEB-AOC-19-002. | |||
| WEB-AOC-19-003 | TODO | SPRINT_116_concelier_v | QA Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | ||||
| WEB-AOC-19-004 | TODO | SPRINT_116_concelier_v | Concelier WebService Guild, QA Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | ||||
| WEB-AOC-19-005 | TODO | 2025-11-08 | SPRINT_116_concelier_v | Concelier WebService Guild, QA Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | |||
| WEB-AOC-19-006 | TODO | 2025-11-08 | SPRINT_116_concelier_v | Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | |||
| WEB-AOC-19-007 | TODO | 2025-11-08 | SPRINT_116_concelier_v | Concelier WebService Guild, QA Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | |||
| WEB-CONSOLE-23-001 | DONE (2025-11-28) | 2025-11-28 | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild · Product Analytics Guild | src/Web/StellaOps.Web | /console/dashboard and /console/filters aggregates shipped with tenant scoping, deterministic ordering, and 8 unit tests per sprint Execution Log 2025-11-28. |
— | |
| WEB-CONSOLE-23-002 | DOING (2025-12-01) | 2025-12-01 | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild · Scheduler Guild | src/Web/StellaOps.Web | Implementing /console/status polling and /console/runs/{id}/stream SSE/WebSocket proxy with heartbeat/backoff; awaiting storage cleanup to run tests. Dependencies: WEB-CONSOLE-23-001. |
WEB-CONSOLE-23-001 | |
| WEB-CONSOLE-23-003 | DOING | 2025-12-06 | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add /console/exports POST/GET routes coordinating evidence bundle creation, streaming CSV/JSON exports, checksum manifest retrieval, and signed attestation references. Ensure requests honor tenant + policy scopes and expose job tracking metadata. Dependencies: WEB-CONSOLE-23-002. |
Client/models/store/service + unit specs passing (6/6) via Playwright Chromium headless (CHROME_BIN=C:\Users\vlindos\AppData\Local\ms-playwright\chromium-1194\chrome-win\chrome.exe STELLAOPS_CHROMIUM_BIN=%CHROME_BIN% NG_PERSISTENT_BUILD_CACHE=1 node ./node_modules/@angular/cli/bin/ng.js test --watch=false --browsers=ChromeHeadlessOffline --progress=false --include src/app/core/api/console-export.client.spec.ts --include src/app/core/console/console-export.store.spec.ts --include src/app/core/console/console-export.service.spec.ts). Contract still draft; backend wiring pending. |
|
| WEB-CONSOLE-23-004 | BLOCKED | 2025-12-06 | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement /console/search endpoint accepting CVE/GHSA/PURL/SBOM identifiers, performing fan-out queries with caching, ranking, and deterministic tie-breaking. Return typed results for Console navigation; respect result caps and latency SLOs. Dependencies: WEB-CONSOLE-23-003. |
Still blocked pending contract; draft caching/ranking spec published in docs/api/console/search-downloads.md for review. |
|
| WEB-CONSOLE-23-005 | BLOCKED | 2025-12-06 | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild, DevOps Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Serve /console/downloads JSON manifest (images, charts, offline bundles) sourced from signed registry metadata; include integrity hashes, release notes links, and offline instructions. Provide caching headers and documentation. Dependencies: WEB-CONSOLE-23-004. |
Still blocked pending contract; draft manifest example added at docs/api/console/samples/console-download-manifest.json (awaiting sign-off). |
|
| WEB-CONTAINERS-44-001 | DONE | 2025-11-18 | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose /welcome state, config discovery endpoint (safe values), and QUICKSTART_MODE handling for Console banner; add /health/liveness, /health/readiness, /version if missing. |
||
| WEB-CONTAINERS-45-001 | DONE | 2025-11-19 | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Ensure readiness endpoints reflect DB/queue readiness, add feature flag toggles via config map, and document NetworkPolicy ports. Dependencies: WEB-CONTAINERS-44-001. | ||
| WEB-CONTAINERS-46-001 | DONE | 2025-11-19 | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Provide offline-friendly asset serving (no CDN), allow overriding object store endpoints via env, and document fallback behavior. Dependencies: WEB-CONTAINERS-45-001. | ||
| WEB-EXC-25-001 | BLOCKED | 2025-12-06 | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement /exceptions API (create, propose, approve, revoke, list, history) with validation, pagination, and audit logging. |
Draft placeholder docs+sample added (docs/api/console/exception-schema.md, docs/api/console/samples/exception-schema-sample.json); awaiting official schema/scopes/audit rules. |
|
| WEB-EXC-25-002 | BLOCKED | 2025-11-30 | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Extend /policy/effective and /policy/simulate responses to include exception metadata and accept overrides for simulations. Dependencies: WEB-EXC-25-001. |
||
| WEB-EXC-25-003 | TODO | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild, Platform Events Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Publish exception.* events, integrate with notification hooks, enforce rate limits. Dependencies: WEB-EXC-25-002. |
|||
| WEB-EXPORT-35-001 | TODO | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Surface Export Center APIs (profiles/runs/download) through gateway with tenant scoping, streaming support, and viewer/operator scope checks. | |||
| WEB-EXPORT-36-001 | TODO | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add distribution routes (OCI/object storage), manifest/provenance proxies, and signed URL generation. Dependencies: WEB-EXPORT-35-001. | |||
| WEB-EXPORT-37-001 | TODO | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose scheduling, retention, encryption parameters, and verification endpoints with admin scope enforcement and audit logs. Dependencies: WEB-EXPORT-36-001. | |||
| WEB-GRAPH-21-001 | BLOCKED | 2025-10-27 | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild, Graph Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add gateway routes for graph versions/viewport/node/path/diff/export endpoints with tenant enforcement, scope checks, and streaming responses; proxy Policy Engine diff toggles without inline logic. Adopt StellaOpsScopes constants for RBAC enforcement. |
||
| WEB-GRAPH-21-002 | BLOCKED | 2025-10-27 | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement bbox/zoom/path parameter validation, pagination tokens, and deterministic ordering; add contract tests for boundary conditions. Dependencies: WEB-GRAPH-21-001. | ||
| WEB-GRAPH-21-003 | BLOCKED | 2025-10-27 | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild, QA Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Map graph service errors to ERR_Graph_*, support GraphML/JSONL export streaming, and document rate limits. Dependencies: WEB-GRAPH-21-002. |
||
| WEB-GRAPH-21-004 | BLOCKED | 2025-10-27 | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Proxy Policy Engine overlay responses for graph endpoints while keeping gateway stateless; maintain streaming budgets and latency SLOs. Dependencies: WEB-GRAPH-21-003. | ||
| WEB-GRAPH-24-001 | TODO | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Gateway proxy for Graph API and Policy overlays with RBAC, caching, pagination, ETags, and streaming; zero business logic. Dependencies: WEB-GRAPH-21-004. | |||
| WEB-GRAPH-24-002 | TODO | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild; SBOM Service Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | /graph/assets/* endpoints (snapshots, adjacency, search) with pagination, ETags, and tenant scoping as pure proxy. Dependencies: WEB-GRAPH-24-001. |
|||
| WEB-GRAPH-24-003 | TODO | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Embed AOC summaries from overlay services; gateway does not compute derived severity or hints. Dependencies: WEB-GRAPH-24-002. | |||
| WEB-GRAPH-24-004 | TODO | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild; Observability Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Collect gateway metrics/logs (tile latency, proxy errors, overlay cache stats) and forward to dashboards; document sampling strategy. Dependencies: WEB-GRAPH-24-003. | |||
| WEB-LNM-21-001 | TODO | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild, Concelier WebService Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Surface new /advisories/* APIs through gateway with caching, pagination, and RBAC enforcement (advisory:read). |
|||
| WEB-LNM-21-002 | TODO | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild, Excititor WebService Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose /vex/* read APIs with evidence routes and export handlers; map ERR_AGG_* codes. Dependencies: WEB-LNM-21-001. |
|||
| WEB-LNM-21-003 | TODO | SPRINT_0214_0001_0001_web_iii | BE-Base Platform Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Provide combined endpoint for Console to fetch policy result + source evidence (advisory + VEX linksets) for a component. Dependencies: WEB-LNM-21-002. | |||
| WEB-NOTIFY-38-001 | TODO | SPRINT_0214_0001_0001_web_iii | BE-Base Platform Guild | src/Web/StellaOps.Web | Route notifier APIs (/notifications/*) and WS feed through gateway with tenant scoping, viewer/operator scope enforcement, and SSE/WebSocket bridging. |
Depends on #1 for signed ack spec | NOWB0101 | |
| WEB-NOTIFY-39-001 | TODO | SPRINT_0214_0001_0001_web_iii | BE-Base Platform Guild | src/Web/StellaOps.Web | Surface digest scheduling, quiet-hour/throttle management, and simulation APIs; ensure rate limits and audit logging. Dependencies: WEB-NOTIFY-38-001. | WEB-NOTIFY-38-001 | NOWB0101 | |
| WEB-NOTIFY-40-001 | TODO | SPRINT_0214_0001_0001_web_iii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose escalation, localization, channel health, and ack verification endpoints with admin scope enforcement and signed token validation. Dependencies: WEB-NOTIFY-39-001. | |||
| WEB-OAS-61-001 | TODO | SPRINT_0124_0001_0006_excititor_vi | Excititor WebService Guild (src/Excititor/StellaOps.Excititor.WebService) | src/Excititor/StellaOps.Excititor.WebService | ||||
| WEB-OAS-61-002 | TODO | SPRINT_116_concelier_v | Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | ||||
| WEB-OAS-62-001 | TODO | SPRINT_116_concelier_v | Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | ||||
| WEB-OAS-63-001 | TODO | SPRINT_116_concelier_v | Concelier WebService Guild, API Governance Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | ||||
| WEB-OBS-50-001 | TODO | SPRINT_0214_0001_0001_web_iii | BE-Base Platform Guild, Observability Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Integrate StellaOps.Telemetry.Core into gateway host, replace ad-hoc logging, ensure all routes emit trace/span IDs, tenant context, and scrubbed payload previews. |
|||
| WEB-OBS-51-001 | TODO | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Paired with #1 for shared middleware | Paired with #1 for shared middleware | CNOB0102 | |
| WEB-OBS-52-001 | TODO | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Dependent on CLI/VEX readiness (035_CLCI0105) for payload format | Dependent on CLI/VEX readiness (035_CLCI0105) for payload format | CNOB0102 | |
| WEB-OBS-53-001 | TODO | SPRINT_117_concelier_vi | Concelier WebService Guild · Evidence Locker Guild | src/Concelier/StellaOps.Concelier.WebService | Needs Evidence Locker API spec from 002_ATEL0101 | Needs Evidence Locker API spec from 002_ATEL0101 | CNOB0102 | |
| WEB-OBS-54-001 | TODO | SPRINT_117_concelier_vi | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Relies on shared exporter (1039_EXPORT-OBS-54-001) | Relies on shared exporter (1039_EXPORT-OBS-54-001) | CNOB0102 | |
| WEB-OBS-55-001 | TODO | SPRINT_117_concelier_vi | Concelier WebService Guild · DevOps Guild | src/Concelier/StellaOps.Concelier.WebService | Wait for DevOps alert profiles (045_DVDO0103) | Wait for DevOps alert profiles (045_DVDO0103) | CNOB0102 | |
| WEB-OBS-56-001 | TODO | SPRINT_0214_0001_0001_web_iii | BE-Base Platform Guild, AirGap Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Extend telemetry core integration to expose sealed/unsealed status APIs, drift metrics, and Console widgets without leaking sealed-mode secrets. Dependencies: WEB-OBS-55-001. | |||
| WEB-ORCH-32-001 | TODO | SPRINT_0214_0001_0001_web_iii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose `/orchestrator/sources | |||
| WEB-ORCH-33-001 | TODO | SPRINT_0215_0001_0004_web_iv | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add POST action routes (`pause. Dependencies: WEB-ORCH-32-001. | |||
| WEB-ORCH-34-001 | TODO | SPRINT_0215_0001_0004_web_iv | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Surface quotas/backfill APIs, queue/backpressure metrics, and error clustering routes with admin scope enforcement and audit logging. Dependencies: WEB-ORCH-33-001. | |||
| WEB-POLICY-20-001 | TODO | SPRINT_0215_0001_0004_web_iv | BE-Base Platform Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement Policy CRUD/compile/run/simulate/findings/explain endpoints with OpenAPI, tenant scoping, and service identity enforcement. | |||
| WEB-POLICY-20-002 | TODO | SPRINT_0215_0001_0004_web_iv | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add pagination, filtering, sorting, and tenant guards to listings for policies, runs, and findings; include deterministic ordering and query diagnostics. Dependencies: WEB-POLICY-20-001. | |||
| WEB-POLICY-20-003 | TODO | SPRINT_0215_0001_0004_web_iv | BE-Base Platform Guild, QA Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Map engine errors to ERR_POL_* responses with consistent payloads and contract tests; expose correlation IDs in headers. Dependencies: WEB-POLICY-20-002. |
|||
| WEB-POLICY-20-004 | TODO | SPRINT_0215_0001_0004_web_iv | Platform Reliability Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Introduce adaptive rate limiting + quotas for simulation endpoints, expose metrics, and document retry headers. Dependencies: WEB-POLICY-20-003. | |||
| WEB-POLICY-23-001 | BLOCKED | 2025-10-29 | SPRINT_0215_0001_0004_web_iv | BE-Base Platform Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement API endpoints for creating/listing/fetching policy packs and revisions (/policy/packs, /policy/packs/{id}/revisions) with pagination, RBAC, and AOC metadata exposure. (Tracked via Sprint 18.5 gateway tasks.). Dependencies: WEB-POLICY-20-004. |
||
| WEB-POLICY-23-002 | BLOCKED | 2025-10-29 | SPRINT_0215_0001_0004_web_iv | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add activation endpoint with scope windows, conflict checks, and optional 2-person approval integration; emit events on success. (Tracked via Sprint 18.5 gateway tasks.). Dependencies: WEB-POLICY-23-001. | ||
| WEB-POLICY-23-003 | TODO | SPRINT_0215_0001_0004_web_iv | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Provide /policy/simulate and /policy/evaluate endpoints with streaming responses, rate limiting, and error mapping. Dependencies: WEB-POLICY-23-002. |
|||
| WEB-POLICY-23-004 | TODO | SPRINT_0215_0001_0004_web_iv | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose explain history endpoints (/policy/runs, /policy/runs/{id}) including decision tree, sources consulted, and AOC chain. Dependencies: WEB-POLICY-23-003. |
|||
| WEB-POLICY-27-001 | TODO | SPRINT_0215_0001_0004_web_iv | BE-Base Platform Guild | src/Web/StellaOps.Web | Surface Policy Registry APIs (/policy/workspaces, /policy/versions, /policy/reviews, /policy/registry) through gateway with tenant scoping, RBAC, and request validation; ensure streaming downloads for evidence bundles. Dependencies: WEB-POLICY-23-004. |
Needs registry schema | ||
| WEB-POLICY-27-002 | TODO | SPRINT_0215_0001_0004_web_iv | BE-Base Platform Guild | src/Web/StellaOps.Web | Implement review lifecycle endpoints (open, comment, approve/reject) with audit headers, comment pagination, and webhook fan-out. Dependencies: WEB-POLICY-27-001. | Depends on 27-001 | ||
| WEB-POLICY-27-003 | TODO | SPRINT_0215_0001_0004_web_iv | Platform Reliability Guild | src/Web/StellaOps.Web | Expose quick/batch simulation endpoints with SSE progress (/policy/simulations/{runId}/stream), cursor-based result pagination, and manifest download routes. Dependencies: WEB-POLICY-27-002. |
Needs 27-002 | ||
| WEB-POLICY-27-004 | TODO | SPRINT_0215_0001_0004_web_iv | BE/Security Guild | src/Web/StellaOps.Web | Add publish/sign/promote/rollback endpoints with idempotent request IDs, canary parameters, and environment bindings; enforce scope checks and emit structured events. Dependencies: WEB-POLICY-27-003. | Depends on 27-003 | ||
| WEB-POLICY-27-005 | TODO | SPRINT_0215_0001_0004_web_iv | BE/Observability Guild | src/Web/StellaOps.Web | Instrument metrics/logs for compile latency, simulation queue depth, approval latency, promotion actions; expose aggregated dashboards and correlation IDs for Console. Dependencies: WEB-POLICY-27-004. | Needs 27-004 metrics | ||
| WEB-RISK-66-001 | BLOCKED (2025-12-03) | SPRINT_216_web_v | BE-Base Platform Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose risk profile/results endpoints through gateway with tenant scoping, pagination, and rate limiting. Blocked: npm ci hangs; cannot run Angular tests; awaiting stable install env/gateway endpoints. | |||
| WEB-RISK-66-002 | BLOCKED | 2025-12-06 | SPRINT_216_web_v | BE-Base Platform Guild, Risk Engine Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add signed URL handling for explanation blobs and enforce scope checks. Dependencies: WEB-RISK-66-001. | Blocked: upstream WEB-RISK-66-001 stalled (npm ci hangs; gateway endpoints unavailable). | |
| WEB-RISK-67-001 | BLOCKED | 2025-12-06 | SPRINT_216_web_v | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Provide aggregated risk stats (/risk/status) for Console dashboards (counts per severity, last computation). Dependencies: WEB-RISK-66-002. |
Blocked by WEB-RISK-66-002. | |
| WEB-RISK-68-001 | BLOCKED | 2025-12-06 | SPRINT_216_web_v | BE-Base Platform Guild, Notifications Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Emit events on severity transitions via gateway to notifier bus with trace metadata. Dependencies: WEB-RISK-67-001. | Blocked by WEB-RISK-67-001. | |
| WEB-SIG-26-001 | BLOCKED | 2025-12-06 | SPRINT_216_web_v | BE-Base Platform Guild, Signals Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Surface /signals/callgraphs, /signals/facts read/write endpoints with pagination, ETags, and RBAC. |
Blocked: Signals API contract/fixtures not published. | |
| WEB-SIG-26-002 | BLOCKED | 2025-12-06 | SPRINT_216_web_v | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Extend /policy/effective and /vuln/explorer responses to include reachability scores/states and allow filtering. Dependencies: WEB-SIG-26-001. |
Blocked by WEB-SIG-26-001. | |
| WEB-SIG-26-003 | BLOCKED | 2025-12-06 | SPRINT_216_web_v | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add reachability override parameters to /policy/simulate and related APIs for what-if analysis. Dependencies: WEB-SIG-26-002. |
Blocked by WEB-SIG-26-002. | |
| WEB-TEN-47-001 | TODO | SPRINT_216_web_v | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement JWT verification, tenant activation from headers, scope matching, and decision audit emission for all API endpoints. | |||
| WEB-TEN-48-001 | TODO | SPRINT_216_web_v | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Set DB session stella.tenant_id, enforce tenant/project checks on persistence, prefix object storage paths, and stamp audit metadata. Dependencies: WEB-TEN-47-001. |
|||
| WEB-TEN-49-001 | TODO | SPRINT_216_web_v | BE-Base Platform Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Integrate optional ABAC overlay with Policy Engine, expose /audit/decisions API, and support service token minting endpoints. Dependencies: WEB-TEN-48-001. |
|||
| WEB-VEX-30-007 | BLOCKED | 2025-12-06 | SPRINT_216_web_v | BE-Base Platform Guild, VEX Lens Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Route /vex/consensus APIs with tenant RBAC/ABAC, caching, and streaming; surface telemetry and trace IDs without gateway-side overlay logic. |
Blocked: tenant RBAC/ABAC policies + VEX consensus stream contract not finalized. | |
| WEB-VULN-29-001 | BLOCKED | 2025-12-06 | SPRINT_216_web_v | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose /vuln/* endpoints via gateway with tenant scoping, RBAC/ABAC enforcement, anti-forgery headers, and request logging. |
Blocked: tenant scoping model/ABAC overlay not implemented; upstream risk chain stalled. | |
| WEB-VULN-29-002 | BLOCKED | 2025-12-06 | SPRINT_216_web_v | BE-Base Platform Guild, Findings Ledger Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Forward workflow actions to Findings Ledger with idempotency headers and correlation IDs; handle retries/backoff. Dependencies: WEB-VULN-29-001. | Blocked by WEB-VULN-29-001 and awaiting Findings Ledger idempotency headers wiring. | |
| WEB-VULN-29-003 | BLOCKED | 2025-12-06 | SPRINT_216_web_v | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Provide simulation and export orchestration routes with SSE/progress headers, signed download links, and request budgeting. Dependencies: WEB-VULN-29-002. | Blocked by WEB-VULN-29-002 and orchestrator/export contracts. | |
| WEB-VULN-29-004 | BLOCKED | 2025-12-06 | SPRINT_216_web_v | BE-Base Platform Guild, Observability Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Emit gateway metrics/logs (latency, error rates, export duration), propagate query hashes for analytics dashboards. Dependencies: WEB-VULN-29-003. | Blocked by WEB-VULN-29-003; observability specs not delivered. | |
| WORKER-21-203 | TODO | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | ||||
| WORKER-23-101 | TODO | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | ||||
| WORKER-23-102 | TODO | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | ||||
| WORKER-25-101 | TODO | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | ||||
| WORKER-25-102 | TODO | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | ||||
| WORKER-26-201 | TODO | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild, Signals Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | ||||
| WORKER-26-202 | TODO | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | ||||
| WORKER-27-301 | TODO | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Policy Registry Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | ||||
| WORKER-27-302 | TODO | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | ||||
| WORKER-27-303 | TODO | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Security Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | ||||
| WORKER-29-001 | TODO | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Findings Ledger Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | ||||
| WORKER-29-002 | TODO | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | ||||
| WORKER-29-003 | TODO | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | ||||
| WORKER-CONSOLE-23-201 | TODO | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | ||||
| WORKER-CONSOLE-23-202 | TODO | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | ||||
| WORKER-GO-32-001 | DONE | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | Bootstrap Go SDK project with configuration binding, auth headers, job claim/acknowledge client, and smoke sample. | |||
| WORKER-GO-32-002 | DONE | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | Add heartbeat/progress helpers, structured logging hooks, Prometheus metrics, and jittered retry defaults. Dependencies: WORKER-GO-32-001. | |||
| WORKER-GO-33-001 | DONE | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | Implement artifact publish helpers (object storage client, checksum hashing, metadata payload) and idempotency guard. Dependencies: WORKER-GO-32-002. | |||
| WORKER-GO-33-002 | DONE | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | Provide error classification/retry helper, exponential backoff controls, and structured failure reporting to orchestrator. Dependencies: WORKER-GO-33-001. | |||
| WORKER-GO-34-001 | DONE | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | Add backfill range execution helpers, watermark handshake utilities, and artifact dedupe verification for backfills. Dependencies: WORKER-GO-33-002. | |||
| WORKER-PY-32-001 | DONE | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | Bootstrap asyncio-based Python SDK (config, auth headers, job claim/ack) plus sample worker script. | |||
| WORKER-PY-32-002 | DONE | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | Implement heartbeat/progress helpers with structured logging, metrics exporter, and cancellation-safe retries. Dependencies: WORKER-PY-32-001. | |||
| WORKER-PY-33-001 | DONE | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | Add artifact publish/idempotency helpers (object storage adapters, checksum hashing, metadata payload) for Python workers. Dependencies: WORKER-PY-32-002. | |||
| WORKER-PY-33-002 | DONE | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | Provide error classification/backoff helper mapping to orchestrator codes, including jittered retries and structured failure reports. Dependencies: WORKER-PY-33-001. | |||
| WORKER-PY-34-001 | DONE | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | Implement backfill range iteration, watermark handshake, and artifact dedupe verification utilities for Python workers. Dependencies: WORKER-PY-33-002. | |||
| ZAS-002 | TODO | SPRINT_400_runtime_facts_static_callgraph_union | Zastava Observer Guild (src/Zastava/StellaOps.Zastava.Observer, docs/modules/zastava/architecture.md, docs/reachability/function-level-evidence.md) |
src/Zastava/StellaOps.Zastava.Observer, docs/modules/zastava/architecture.md, docs/reachability/function-level-evidence.md |
||||
| ZASTAVA-DOCS-0001 | TODO | SPRINT_335_docs_modules_zastava | Docs Guild (docs/modules/zastava) | docs/modules/zastava | See ./AGENTS.md | |||
| ZASTAVA-ENG-0001 | TODO | SPRINT_335_docs_modules_zastava | Module Team (docs/modules/zastava) | docs/modules/zastava | Update status via ./AGENTS.md workflow | |||
| ZASTAVA-ENV-01 | TODO | SPRINT_0140_0001_0001_runtime_signals | Observer adoption of Surface.Env helpers paused while Surface.FS cache contract finalizes. | |||||
| ZASTAVA-ENV-02 | TODO | SPRINT_0140_0001_0001_runtime_signals | Webhook helper migration follows ENV-01 completion. | |||||
| ZASTAVA-OPS-0001 | TODO | SPRINT_335_docs_modules_zastava | Ops Guild (docs/modules/zastava) | docs/modules/zastava | Sync outcomes back to ../.. | |||
| ZASTAVA-REACH-201-001 | TODO | SPRINT_400_runtime_facts_static_callgraph_union | Zastava Observer Guild (src/Zastava/StellaOps.Zastava.Observer) |
src/Zastava/StellaOps.Zastava.Observer |
Implement runtime symbol sampling in StellaOps.Zastava.Observer (EntryTrace-aware shell AST + build-id capture) and stream ND-JSON batches to Signals /runtime-facts, including CAS pointers for traces. Update runbook + config references. |
|||
| ZASTAVA-SECRETS-01 | TODO | SPRINT_0140_0001_0001_runtime_signals | Surface.Secrets wiring for Observer pending published cache endpoints. | |||||
| ZASTAVA-SECRETS-02 | TODO | SPRINT_0140_0001_0001_runtime_signals | Webhook secret retrieval cascades from SECRETS-01 work. | |||||
| ZASTAVA-SURFACE-01 | TODO | SPRINT_0140_0001_0001_runtime_signals | Surface.FS client integration blocked on Scanner layer metadata; tests ready once packages mirror offline dependencies. | |||||
| ZASTAVA-SURFACE-02 | TODO | SPRINT_0136_0001_0001_scanner_surface | Zastava Observer Guild (src/Zastava/StellaOps.Zastava.Observer) | src/Zastava/StellaOps.Zastava.Observer | Use Surface manifest reader helpers to resolve cas:// pointers and enrich drift diagnostics with manifest provenance. |
SURFACE-FS-02; ZASTAVA-SURFACE-01 | ||
| guard unit tests` | TODO | SPRINT_116_concelier_v | QA Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | Add unit tests for schema validators, forbidden-field guards (ERR_AOC_001/2/6/7), and supersedes chains to keep ingestion append-only. Depends on CONCELIER-WEB-AOC-19-002. |
|||
| store wiring` | TODO | SPRINT_113_concelier_ii | Concelier Storage Guild (src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo) | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | Move large raw payloads to object storage with deterministic pointers, update bootstrapper/offline kit seeds, and guarantee provenance metadata remains intact. Depends on CONCELIER-LNM-21-102. | NOTY0105 | ||
| Task ID | Status | Status Date | Sprint | Owners | Directory | Task Description | Dependencies | New Sprint Name |
| --- | --- | --- | --- | --- | --- | --- | --- | --- |
| PROGRAM-STAFF-1001 | TODO | SPRINT_100_program_management | Program Mgmt Guild | MIRROR-COORD-55-001 | MIRROR-COORD-55-001 | PGMI0101 | ||
| MIRROR-COORD-55-001 | TODO | SPRINT_100_program_management | Program Mgmt Guild · Mirror Creator Guild | — | — | PGMI0101 | ||
| ELOCKER-CONTRACT-2001 | TODO | SPRINT_200_attestation_coord | Evidence Locker Guild | — | — | ATEL0101 | ||
| ATTEST-PLAN-2001 | TODO | SPRINT_200_attestation_coord | Evidence Locker Guild · Excititor Guild | — | — | ATEL0101 | ||
| FEED-REMEDIATION-1001 | TODO | SPRINT_0503_0001_0001_ops_devops_i | Concelier Feed Owners | — | — | FEFC0101 | ||
| MIRROR-DSSE-REV-1501 | TODO | SPRINT_150_mirror_dsse | Mirror Creator Guild · Security Guild · Evidence Locker Guild | — | — | ATEL0101 | ||
| AIRGAP-TIME-CONTRACT-1501 | TODO | SPRINT_150_mirror_time | AirGap Time Guild | — | — | ATMI0102 | ||
| EXPORT-MIRROR-ORCH-1501 | TODO | SPRINT_150_mirror_orch | Exporter Guild · CLI Guild | — | — | ATMI0102 | ||
| AIAI-31-007 | DONE | 2025-11-06 | SPRINT_0111_0001_0001_advisoryai | Advisory AI Guild | src/AdvisoryAI/StellaOps.AdvisoryAI | — | — | ADAI0101 |
| LEDGER-29-006 | TODO | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild | — | — | PLLG0101 | ||
| CARTO-GRAPH-21-002 | DONE | 2025-11-17 | SPRINT_113_concelier_ii | Cartographer Guild | src/Cartographer/Contracts | ATLN0101 approvals | Task #1 schema freeze | CAGR0101 |
| SURFACE-FS-01 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | — | — | SCSS0101 | |
| SURFACE-FS-02 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | — | — | SCSS0101 | |
| SCANNER-ANALYZERS-LANG-10-309 | TODO | SPRINT_131_scanner_surface | Language Analyzer Guild | — | — | SCSA0101 | ||
| SCANNER-ANALYZERS-PHP-27-001 | TODO | SPRINT_131_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | — | — | SCSA0101 | |
| SCANNER-ENTRYTRACE-18-508 | TODO | SPRINT_0136_0001_0001_scanner_surface | EntryTrace Guild | — | — | SCSS0101 | ||
| SCANNER-SECRETS-02 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0136_0001_0001_scanner_surface | Secrets Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | Provider chain implemented (primary + fallback) with DI wiring; tests added (StellaOps.Scanner.Surface.Secrets.Tests). |
SURFACE-SECRETS-01 | SCSS0101 |
| SCANNER-SURFACE-01 | BLOCKED (2025-11-25) | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild | — | — | SCSS0101 | ||
| SCANNER-ANALYZERS-PHP-27-001 | TODO | SPRINT_131_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | — | — | SCSA0101 | |
| SCANNER-ENTRYTRACE-18-508 | TODO | SPRINT_0136_0001_0001_scanner_surface | EntryTrace Guild | — | — | SCSS0101 | ||
| SCANNER-SECRETS-02 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0136_0001_0001_scanner_surface | Secrets Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | Provider chain implemented (primary + fallback) with DI wiring; tests added (StellaOps.Scanner.Surface.Secrets.Tests). |
SURFACE-SECRETS-01 | SCSS0101 |
| SCANNER-SURFACE-01 | BLOCKED (2025-11-25) | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild | — | — | SCSS0101 | ||
| CARTO-GRAPH-21-002 | DONE | 2025-11-17 | SPRINT_113_concelier_ii | Cartographer Guild | src/Cartographer/Contracts | ATLN0101 approvals | Task #1 schema freeze | CAGR0101 |
| POLICY-ENGINE-27-004 | TODO | SPRINT_124_policy_reasoning | Policy Guild | — | — | PLPE0102 | ||
| --JOB-ORCHESTRATOR-DOCS-0001 | TODO | SPRINT_0323_0001_0001_docs_modules_orchestrator | Docs Guild (docs/modules/orchestrator) | docs/modules/orchestrator | ORGR0102 outline | DOOR0101 | ||
| --JOB-ORCH-ENG-0001 | DONE | SPRINT_0323_0001_0001_docs_modules_orchestrator | Module Team (docs/modules/orchestrator) | docs/modules/orchestrator | ORGR0102 outline | DOOR0101 | ||
| --JOB-ORCH-OPS-0001 | DONE | SPRINT_0323_0001_0001_docs_modules_orchestrator | Ops Guild (docs/modules/orchestrator) | docs/modules/orchestrator | DOOR0101 doc structure | DOOR0101 | ||
| 24-001 | DONE | 2025-11-09 | SPRINT_0140_0001_0001_runtime_signals | Signals Guild | src/Signals/StellaOps.Signals | — | — | SGSI0101 |
| 24-002 | DOING | 2025-11-07 | SPRINT_0140_0001_0001_runtime_signals | Signals Guild | src/Signals/StellaOps.Signals | Surface cache availability | Surface cache availability | SGSI0101 |
| 24-003 | DOING | 2025-11-09 | SPRINT_0140_0001_0001_runtime_signals | Signals Guild | src/Signals/StellaOps.Signals | 24-002 + provenance enrichment | 24-002 + provenance enrichment | SGSI0101 |
| 24-004 | BLOCKED | 2025-10-27 | SPRINT_0140_0001_0001_runtime_signals | Signals Guild | src/Signals/StellaOps.Signals | Authority scopes + 24-003 | Authority scopes + 24-003 | SGSI0101 |
| 24-005 | BLOCKED | 2025-10-27 | SPRINT_0140_0001_0001_runtime_signals | Signals Guild | src/Signals/StellaOps.Signals | 24-004 scoring outputs | 24-004 scoring outputs | SGSI0101 |
| 29-007 | DONE | 2025-11-17 | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild · Observability Guild | src/Findings/StellaOps.Findings.Ledger | LEDGER-29-007 | LEDGER-29-006 | PLLG0104 |
| 29-008 | DONE | 2025-11-22 | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild · QA Guild | src/Findings/StellaOps.Findings.Ledger | 29-007 | LEDGER-29-007 | PLLG0104 |
| 29-009 | BLOCKED | 2025-11-17 | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild · DevOps Guild | src/Findings/StellaOps.Findings.Ledger | 29-008 | LEDGER-29-008 | PLLG0104 |
| 30-001 | TODO | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | — | — | PLVL0102 | |
| 30-002 | BLOCKED | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-001 | VEXLENS-30-001 | PLVL0102 |
| 30-003 | BLOCKED | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · Issuer Directory Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-002 | VEXLENS-30-002 | PLVL0102 |
| 30-004 | BLOCKED | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · Policy Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-003 | VEXLENS-30-003 | PLVL0102 |
| 30-005 | BLOCKED | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-004 | VEXLENS-30-004 | PLVL0102 |
| 30-006 | BLOCKED | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · Findings Ledger Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-005 | VEXLENS-30-005 | PLVL0102 |
| 30-007 | BLOCKED | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-006 | VEXLENS-30-006 | PLVL0102 |
| 30-008 | BLOCKED | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · Policy Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-007 | VEXLENS-30-007 | PLVL0102 |
| 30-009 | BLOCKED | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · Observability Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-008 | VEXLENS-30-008 | PLVL0102 |
| 30-010 | BLOCKED | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · QA Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-009 | VEXLENS-30-009 | PLVL0102 |
| 30-011 | BLOCKED | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · DevOps Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-010 | VEXLENS-30-010 | PLVL0103 |
| 31-008 | DONE (2025-11-22) | 2025-11-22 | SPRINT_110_ingestion_evidence | Advisory AI Guild | src/AdvisoryAI/StellaOps.AdvisoryAI | AIAI-31-006; AIAI-31-007 | AIAI-31-006; AIAI-31-007 | ADAI0101 |
| 31-009 | DONE | 2025-11-12 | SPRINT_110_ingestion_evidence | Advisory AI Guild | src/AdvisoryAI/StellaOps.AdvisoryAI | — | — | ADAI0101 |
| 34-101 | DONE | 2025-11-22 | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild | src/Findings/StellaOps.Findings.Ledger | 29-009 | LEDGER-29-009 | PLLG0104 |
| 401-004 | BLOCKED | 2025-11-25 | SPRINT_0401_0001_0001_reachability_evidence_chain | Replay Core Guild | src/__Libraries/StellaOps.Replay.Core |
Signals facts stable (SGSI0101) | Blocked: awaiting SGSI0101 runtime facts + CAS policy from GAP-REP-004 | RPRC0101 |
| 41-001 | DONE (2025-11-30) | 2025-11-30 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild | src/TaskRunner/StellaOps.TaskRunner | — | Contract landed via product advisory 2025-11-29; implemented per docs/modules/taskrunner/architecture.md. |
ORTR0101 |
| 44-001 | TODO | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · DevEx Guild (ops/deployment) | ops/deployment | — | — | DVDO0103 | |
| 44-002 | TODO | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild (ops/deployment) | ops/deployment | 44-001 | 44-001 | DVDO0103 | |
| 44-003 | TODO | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Docs Guild (ops/deployment) | ops/deployment | 44-002 | 44-002 | DVDO0103 | |
| 45-001 | BLOCKED | 2025-11-25 | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment Guild (ops/deployment) | ops/deployment | 44-003 | 44-003 | DVDO0103 |
| 45-002 | BLOCKED | 2025-11-25 | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment Guild · Security Guild (ops/deployment) | ops/deployment | 45-001 | 45-001 | DVDO0103 |
| 45-003 | BLOCKED | 2025-11-25 | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment Guild · Observability Guild (ops/deployment) | ops/deployment | 45-002 | 45-002 | DVDO0103 |
| 50-002 | DOING | SPRINT_0170_0001_0001_notifications_telemetry | Telemetry Core Guild | src/Telemetry/StellaOps.Telemetry.Core | SGSI0101 feed availability | SGSI0101 feed availability | TLTY0101 | |
| 51-002 | BLOCKED | 2025-11-25 | SPRINT_0170_0001_0001_notifications_telemetry | Telemetry Core Guild · Observability Guild · Security Guild | src/Telemetry/StellaOps.Telemetry.Core | OBS-50 baselines | Waiting on OBS-50 baselines and ORCH-OBS-50-001 schemas | TLTY0101 |
| 54-001 | BLOCKED | 2025-11-25 | SPRINT_0503_0001_0001_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | Await PGMI0101 staffing confirmation | Staffing not assigned (PROGRAM-STAFF-1001) | AGCO0101 | |
| 56-001 | BLOCKED | 2025-11-25 | SPRINT_0170_0001_0001_notifications_telemetry | Telemetry Core Guild · Observability Guild | src/Telemetry/StellaOps.Telemetry.Core | SGSI0101 provenance | Blocked: SGSI0101 provenance feed/contract pending | TLTY0101 |
| 58 series | TODO | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild · AirGap Guilds · Evidence Locker Guild | src/Findings/StellaOps.Findings.Ledger | PLLG0102 | |||
| 61-001 | TODO | SPRINT_0511_0001_0001_api | API Governance Guild | src/Api/StellaOps.Api.Governance | — | — | APIG0101 | |
| 61-002 | TODO | SPRINT_0511_0001_0001_api | API Governance Guild | src/Api/StellaOps.Api.Governance | 61-001 | 61-001 | APIG0101 | |
| 62-001 | BLOCKED | 2025-11-25 | SPRINT_206_devportal | DevPortal Guild | src/DevPortal/StellaOps.DevPortal.Site | APIG0101 outputs | Waiting on APIG0101 outputs / API baseline | DEVL0101 |
| 62-002 | BLOCKED | 2025-11-25 | SPRINT_206_devportal | DevPortal Guild | src/DevPortal/StellaOps.DevPortal.Site | 62-001 | Blocked: 62-001 not delivered | DEVL0101 |
| 63-001 | BLOCKED | 2025-11-25 | SPRINT_206_devportal | DevPortal Guild · Platform Guild | src/DevPortal/StellaOps.DevPortal.Site | 62-002 | Blocked: 62-002 outstanding | DEVL0101 |
| 63-002 | BLOCKED | 2025-11-25 | SPRINT_206_devportal | DevPortal Guild · SDK Generator Guild | src/DevPortal/StellaOps.DevPortal.Site | 63-001 | Blocked: 63-001 outstanding | DEVL0101 |
| 63-003 | BLOCKED | 2025-11-25 | SPRINT_0208_0001_0001_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | APIG0101 outputs | Waiting on APIG0101 outputs | SDKG0101 |
| 63-004 | BLOCKED | 2025-11-25 | SPRINT_0208_0001_0001_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | 63-003 | Blocked: 63-003 outstanding | SDKG0101 |
| 64-001 | BLOCKED | 2025-11-25 | SPRINT_206_devportal | DevPortal Guild · Export Center Guild | src/DevPortal/StellaOps.DevPortal.Site | Export profile review | Waiting on export profile review doc | DEVL0101 |
| 64-002 | BLOCKED | 2025-11-25 | SPRINT_160_export_evidence | DevPortal Offline + AirGap Controller Guilds | docs/modules/export-center/devportal-offline.md | Wait for Mirror staffing confirmation (001_PGMI0101) | Wait for Mirror staffing confirmation (001_PGMI0101) | DEVL0102 |
| 73-001 | DONE | 2025-11-03 | SPRINT_100_identity_signing | KMS Guild | src/__Libraries/StellaOps.Cryptography.Kms | Staffing + DSSE contract (PGMI0101, ATEL0101) | Staffing + DSSE contract (PGMI0101, ATEL0101) | KMSI0101 |
| 73-002 | DONE | 2025-11-03 | SPRINT_100_identity_signing | KMS Guild | src/__Libraries/StellaOps.Cryptography.Kms | Depends on #1, FIDO2 profile | FIDO2 | KMSI0101 |
| ADVISORY-AI-DOCS-0001 | TODO | SPRINT_0312_0001_0001_docs_modules_advisory_ai | Docs Guild (docs/modules/advisory-ai) | docs/modules/advisory-ai | Align with ./AGENTS.md | — | DOAI0101 | |
| AI-DOCS-0001 | TODO | SPRINT_0312_0001_0001_docs_modules_advisory_ai | Docs Guild (docs/modules/advisory-ai) | docs/modules/advisory-ai | — | — | DOAI0101 | |
| AI-OPS-0001 | TODO | SPRINT_0312_0001_0001_docs_modules_advisory_ai | Ops Guild (docs/modules/advisory-ai) | docs/modules/advisory-ai | — | — | DOAI0101 | |
| AIAI-31-001 | DONE | 2025-11-09 | SPRINT_110_ingestion_evidence | Excititor Web/Core Guilds | src/AdvisoryAI/StellaOps.AdvisoryAI | Validate Excititor hand-off replay | Validate Excititor hand-off replay | ADAI0102 |
| AIAI-31-002 | DONE | 2025-11-18 | SPRINT_110_ingestion_evidence | Concelier Core · Concelier WebService Guilds | src/AdvisoryAI/StellaOps.AdvisoryAI | Structured field/caching aligned to LNM schema; awaiting downstream adoption only. | CONCELIER-GRAPH-21-001; CARTO-GRAPH-21-002 | ADAI0102 |
| AIAI-31-003 | DONE | 2025-11-12 | SPRINT_110_ingestion_evidence | Concelier Observability Guild | src/AdvisoryAI/StellaOps.AdvisoryAI | Await observability evidence upload | Await observability evidence upload | ADAI0102 |
| AIAI-31-004 | DONE (2025-12-04) | 2025-12-04 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Console Guild | docs/advisory-ai | Guardrail console guide refreshed with deterministic captures plus consolidated hash manifest (docs/advisory-ai/console-fixtures.sha256) and verification steps. |
CONSOLE-VULN-29-001; CONSOLE-VEX-30-001; SBOM-AIAI-31-003 | DOAI0101 |
| AIAI-31-005 | DONE (2025-11-25) | 2025-11-25 | SPRINT_110_ingestion_evidence | Docs Guild | DOCS-AIAI-31-004; CLI-VULN-29-001; CLI-VEX-30-001; POLICY-ENGINE-31-001; DEVOPS-AIAI-31-001 | DOCS-AIAI-31-004; CLI-VULN-29-001; CLI-VEX-30-001; POLICY-ENGINE-31-001; DEVOPS-AIAI-31-001 | DOAI0101 | |
| AIAI-31-006 | DONE | 2025-11-13 | SPRINT_0111_0001_0001_advisoryai | Docs Guild, Policy Guild (docs) | — | — | DOAI0101 | |
| AIAI-31-008 | DONE (2025-11-22) | 2025-11-22 | SPRINT_110_ingestion_evidence | Advisory AI Guild | Remote inference packaging delivered with on-prem container + manifests. | AIAI-31-006; AIAI-31-007 | DOAI0101 | |
| AIAI-31-009 | DONE | 2025-11-12 | SPRINT_110_ingestion_evidence | Advisory AI Guild | Regression suite + AdvisoryAI:Guardrails config landed with perf budgets. |
— | DOAI0101 | |
| AIRGAP-46-001 | TODO | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Offline Kit Guild | ops/deployment | Needs Mirror staffing + DSSE plan (001_PGMI0101, 002_ATEL0101) | Needs Mirror staffing + DSSE plan (001_PGMI0101, 002_ATEL0101) | AGDP0101 | |
| AIRGAP-56 | DONE (2025-11-24) | 2025-11-24 | SPRINT_110_ingestion_evidence | Excititor Guild · AirGap Guilds | docs/modules/airgap/airgap-mode.md | Air-gap ingest parity delivered against frozen LNM schema. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | AGCO0101 |
| AIRGAP-56-001 | DONE (2025-11-24) | 2025-11-24 | SPRINT_110_ingestion_evidence | Exporter Guild · AirGap Time Guild · CLI Guild | docs/modules/airgap/airgap-mode.md | Mirror import helpers and bundle catalog wired for sealed mode. | PROGRAM-STAFF-1001 | AGCO0101 |
| AIRGAP-56-001..58-001 | DONE (2025-11-24) | 2025-11-24 | SPRINT_110_ingestion_evidence | Concelier Core · AirGap Guilds | docs/modules/airgap/airgap-mode.md | Deterministic bundle + manifest/entry-trace and sealed-mode deploy runbook shipped. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ELOCKER-CONTRACT-2001 | AGCO0101 |
| AIRGAP-56-002 | DONE | SPRINT_0170_0001_0001_notifications_telemetry | Notifications Service Guild · DevOps Guild | src/Notify/StellaOps.Notify | NOTY0101 | |||
| AIRGAP-56-003 | TODO | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Exporter Guild | docs/modules/airgap | DOCS-AIRGAP-56-002 | DOCS-AIRGAP-56-002 | AIDG0101 | |
| AIRGAP-56-004 | TODO | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Deployment Guild | docs/modules/airgap | AIRGAP-56-003 | DOCS-AIRGAP-56-003 | AIDG0101 | |
| AIRGAP-57 | DONE (2025-11-24) | 2025-11-24 | SPRINT_110_ingestion_evidence | Excititor Guild · AirGap Guilds | docs/modules/airgap/airgap-mode.md | Air-gap bundle timeline/hooks completed. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | AGCO0101 |
| AIRGAP-57-001 | DONE | 2025-11-08 | SPRINT_100_identity_signing | Authority Core & Security Guild, DevOps Guild (src/Authority/StellaOps.Authority) | src/Authority/StellaOps.Authority | AUTH-AIRGAP-56-001; DEVOPS-AIRGAP-57-002 | KMSI0101 | |
| AIRGAP-57-002 | DOING | 2025-11-08 | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Authority Guild (ops/devops) | ops/devops | DVDO0101 | ||
| AIRGAP-57-003 | TODO | SPRINT_302_docs_tasks_md_ii | Docs Guild · CLI Guild | docs/modules/airgap | CLI & ops inputs | CLI & ops inputs | AIDG0101 | |
| AIRGAP-57-004 | TODO | SPRINT_302_docs_tasks_md_ii | Docs Guild · Ops Guild | docs/modules/airgap | AIRGAP-57-003 | AIRGAP-57-003 | AIDG0101 | |
| AIRGAP-58 | DONE (2025-11-24) | 2025-11-24 | SPRINT_110_ingestion_evidence | Excititor Guild · AirGap Guilds | docs/modules/airgap/airgap-mode.md | Import/export automation delivered for frozen schema. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | AGCO0101 |
| AIRGAP-58-001 | TODO | SPRINT_112_concelier_i | Concelier Core Guild · Evidence Locker Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | AGCN0101 | |||
| AIRGAP-58-002 | TODO | SPRINT_302_docs_tasks_md_ii | Docs Guild, Security Guild (docs) | docs/modules/airgap | AIDG0101 | |||
| AIRGAP-58-003 | TODO | SPRINT_302_docs_tasks_md_ii | Docs Guild, DevEx Guild (docs) | docs/modules/airgap | AIDG0101 | |||
| AIRGAP-58-004 | TODO | SPRINT_302_docs_tasks_md_ii | Docs Guild, Evidence Locker Guild (docs) | docs/modules/airgap | AIDG0101 | |||
| AIRGAP-CTL-56-001 | TODO | SPRINT_510_airgap | AirGap Controller Guild | src/AirGap/StellaOps.AirGap.Controller | Implement airgap_state persistence, seal/unseal state machine, and Authority scope checks (airgap:seal, airgap:status:read). |
ATLN0101 review | AGCT0101 | |
| AIRGAP-CTL-56-002 | TODO | SPRINT_510_airgap | AirGap Controller Guild · DevOps Guild | src/AirGap/StellaOps.AirGap.Controller | Expose GET /system/airgap/status, POST /system/airgap/seal, integrate policy hash validation, and return staleness/time anchor placeholders. Dependencies: AIRGAP-CTL-56-001. |
AIRGAP-CTL-56-001 | AGCT0101 | |
| AIRGAP-CTL-57-001 | TODO | SPRINT_510_airgap | AirGap Controller Guild | src/AirGap/StellaOps.AirGap.Controller | Add startup diagnostics that block application run when sealed flag set but egress policies missing; emit audit + telemetry. Dependencies: AIRGAP-CTL-56-002. | AIRGAP-CTL-56-002 | AGCT0101 | |
| AIRGAP-CTL-57-002 | TODO | SPRINT_510_airgap | AirGap Controller Guild · Observability Guild | src/AirGap/StellaOps.AirGap.Controller | Instrument seal/unseal events with trace/log fields and timeline emission (airgap.sealed, airgap.unsealed). Dependencies: AIRGAP-CTL-57-001. |
AIRGAP-CTL-57-001 | AGCT0101 | |
| AIRGAP-CTL-58-001 | TODO | SPRINT_510_airgap | AirGap Controller Guild · AirGap Time Guild | src/AirGap/StellaOps.AirGap.Controller | Persist time anchor metadata, compute drift seconds, and surface staleness budgets in status API. Dependencies: AIRGAP-CTL-57-002. | AIRGAP-CTL-57-002 | AGCT0101 | |
| AIRGAP-DEVPORT-64-001 | TODO | SPRINT_302_docs_tasks_md_ii | Docs Guild · DevPortal Offline Guild | docs/modules/export-center/devportal-offline.md | Depends on 071_AGCO0101 manifest decisions | Depends on 071_AGCO0101 manifest decisions | DEVL0102 | |
| AIRGAP-IMP-56-001 | TODO | SPRINT_510_airgap | AirGap Importer Guild | src/AirGap/StellaOps.AirGap.Importer | Implement DSSE verification helpers, TUF metadata parser (root.json, snapshot.json, timestamp.json), and Merkle root calculator. |
ATLN0101 approvals | AGIM0101 | |
| AIRGAP-IMP-56-002 | TODO | SPRINT_510_airgap | AirGap Importer Guild · Security Guild | src/AirGap/StellaOps.AirGap.Importer | Introduce root rotation policy validation (dual approval) and signer trust store management. Dependencies: AIRGAP-IMP-56-001. | AIRGAP-IMP-56-001 | AGIM0101 | |
| AIRGAP-IMP-57-001 | TODO | SPRINT_510_airgap | AirGap Importer Guild | src/AirGap/StellaOps.AirGap.Importer | Write bundle_catalog and bundle_items repositories with RLS + deterministic migrations. Dependencies: AIRGAP-IMP-56-002. |
Importer infra | AGIM0101 | |
| AIRGAP-IMP-57-002 | TODO | SPRINT_510_airgap | AirGap Importer Guild · DevOps Guild | src/AirGap/StellaOps.AirGap.Importer | Implement object-store loader storing artifacts under tenant/global mirror paths with Zstandard decompression and checksum validation. Dependencies: AIRGAP-IMP-57-001. | 57-001 | AGIM0101 | |
| AIRGAP-IMP-58-001 | TODO | SPRINT_510_airgap | AirGap Importer Guild · CLI Guild | src/AirGap/StellaOps.AirGap.Importer | Implement API (POST /airgap/import, /airgap/verify) and CLI commands wiring verification + catalog updates, including diff preview. Dependencies: AIRGAP-IMP-57-002. |
CLI contract alignment | AGIM0101 | |
| AIRGAP-IMP-58-002 | TODO | SPRINT_510_airgap | AirGap Importer Guild · Observability Guild | src/AirGap/StellaOps.AirGap.Importer | Emit timeline events (`airgap.import.started. Dependencies: AIRGAP-IMP-58-001. | 58-001 observability | AGIM0101 | |
| AIRGAP-TIME-57-001 | TODO | SPRINT_0503_0001_0001_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | PROGRAM-STAFF-1001; AIRGAP-TIME-CONTRACT-1501 | PROGRAM-STAFF-1001; AIRGAP-TIME-CONTRACT-1501 | ATMI0102 | ||
| AIRGAP-TIME-57-002 | TODO | SPRINT_510_airgap | AirGap Time Guild · Observability Guild | src/AirGap/StellaOps.AirGap.Time | Add telemetry counters for time anchors (airgap_time_anchor_age_seconds) and alerts for approaching thresholds. Dependencies: AIRGAP-TIME-57-001. |
Controller schema | AGTM0101 | |
| AIRGAP-TIME-58-001 | TODO | SPRINT_510_airgap | AirGap Time Guild | src/AirGap/StellaOps.AirGap.Time | Persist drift baseline, compute per-content staleness (advisories, VEX, policy) based on bundle metadata, and surface through controller status API. Dependencies: AIRGAP-TIME-57-002. | 57-002 | AGTM0101 | |
| AIRGAP-TIME-58-002 | TODO | SPRINT_510_airgap | AirGap Time Guild, Notifications Guild (src/AirGap/StellaOps.AirGap.Time) | src/AirGap/StellaOps.AirGap.Time | Emit notifications and timeline events when staleness budgets breached or approaching. Dependencies: AIRGAP-TIME-58-001. | AGTM0101 | ||
| ANALYZERS-DENO-26-001 | DONE | SPRINT_130_scanner_surface | Deno Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Bootstrap analyzer helpers | Bootstrap analyzer helpers | SCSA0201 | |
| ANALYZERS-DENO-26-002 | DONE | SPRINT_130_scanner_surface | Deno Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Depends on #1 | SCANNER-ANALYZERS-DENO-26-001 | SCSA0201 | |
| ANALYZERS-DENO-26-003 | DONE | SPRINT_130_scanner_surface | Deno Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Depends on #2 | SCANNER-ANALYZERS-DENO-26-002 | SCSA0201 | |
| ANALYZERS-DENO-26-004 | DONE | SPRINT_130_scanner_surface | Deno Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Depends on #3 | SCANNER-ANALYZERS-DENO-26-003 | SCSA0201 | |
| ANALYZERS-DENO-26-005 | DONE | SPRINT_130_scanner_surface | Deno Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Depends on #4 | SCANNER-ANALYZERS-DENO-26-004 | SCSA0201 | |
| ANALYZERS-DENO-26-006 | DONE | SPRINT_130_scanner_surface | Deno Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Depends on #5 | SCANNER-ANALYZERS-DENO-26-005 | SCSA0201 | |
| ANALYZERS-DENO-26-007 | DONE | SPRINT_130_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | SCANNER-ANALYZERS-DENO-26-006 | SCANNER-ANALYZERS-DENO-26-006 | SCSA0102 | |
| ANALYZERS-DENO-26-008 | DONE | SPRINT_130_scanner_surface | Deno Analyzer Guild, QA Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | SCANNER-ANALYZERS-DENO-26-007 | SCANNER-ANALYZERS-DENO-26-007 | SCSA0102 | |
| ANALYZERS-DENO-26-009 | TODO | SPRINT_131_scanner_surface | Deno Analyzer Guild, Signals Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | SCANNER-ANALYZERS-DENO-26-008 | SCANNER-ANALYZERS-DENO-26-008 | SCSA0101 | |
| ANALYZERS-DENO-26-010 | TODO | SPRINT_131_scanner_surface | Deno Analyzer Guild, DevOps Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | SCANNER-ANALYZERS-DENO-26-009 | SCANNER-ANALYZERS-DENO-26-009 | SCSA0101 | |
| ANALYZERS-DENO-26-011 | TODO | SPRINT_131_scanner_surface | Deno Analyzer Guild · Signals Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Depends on ANALYZERS-DENO-26-010 + telemetry schema | SCANNER-ANALYZERS-DENO-26-010 | SCSA0202 | |
| ANALYZERS-JAVA-21-005 | TODO | SPRINT_131_scanner_surface | Java Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | SCANNER-ANALYZERS-JAVA-21-004 | SCANNER-ANALYZERS-JAVA-21-004 | SCSA0301 | |
| ANALYZERS-JAVA-21-006 | TODO | SPRINT_131_scanner_surface | Java Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Depends on #1 | SCANNER-ANALYZERS-JAVA-21-005 | SCSA0301 | |
| ANALYZERS-JAVA-21-007 | TODO | SPRINT_131_scanner_surface | Java Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Depends on #2 | SCANNER-ANALYZERS-JAVA-21-006 | SCSA0301 | |
| ANALYZERS-JAVA-21-008 | BLOCKED | 2025-10-27 | SPRINT_131_scanner_surface | Java Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | SCANNER-ANALYZERS-JAVA-21-007 | SCANNER-ANALYZERS-JAVA-21-007 | SCSA0102 |
| ANALYZERS-JAVA-21-009 | TODO | SPRINT_131_scanner_surface | Java Analyzer Guild, QA Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | SCANNER-ANALYZERS-JAVA-21-008 | SCANNER-ANALYZERS-JAVA-21-008 | SCSA0102 | |
| ANALYZERS-JAVA-21-010 | TODO | SPRINT_131_scanner_surface | Java Analyzer Guild, Signals Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | SCANNER-ANALYZERS-JAVA-21-009 | SCANNER-ANALYZERS-JAVA-21-009 | SCSA0101 | |
| ANALYZERS-JAVA-21-011 | TODO | SPRINT_131_scanner_surface | Java Analyzer Guild · DevOps Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Requires SCANNER-ANALYZERS-JAVA-21-010 + DevOps packaging | SCANNER-ANALYZERS-JAVA-21-010 | SCSA0301 | |
| ANALYZERS-LANG-11-001 | TODO | SPRINT_131_scanner_surface | StellaOps.Scanner EPDR Guild · Language Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Requires SCANNER-ANALYZERS-LANG-10-309 artifact | SCANNER-ANALYZERS-LANG-10-309 | SCSA0103 | |
| ANALYZERS-LANG-11-002 | TODO | SPRINT_0132_0001_0001_scanner_surface | StellaOps.Scanner EPDR Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Depends on #1 for shared metadata | SCANNER-ANALYZERS-LANG-11-001 | SCSA0103 | |
| ANALYZERS-LANG-11-003 | TODO | SPRINT_0132_0001_0001_scanner_surface | StellaOps.Scanner EPDR Guild · Signals Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Needs #2 plus Signals schema for entry-trace | SCANNER-ANALYZERS-LANG-11-002 | SCSA0103 | |
| ANALYZERS-LANG-11-004 | TODO | SPRINT_0132_0001_0001_scanner_surface | StellaOps.Scanner EPDR Guild · SBOM Service Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Requires #3 and SBOM service hooks | SCANNER-ANALYZERS-LANG-11-003 | SCSA0103 | |
| ANALYZERS-LANG-11-005 | TODO | SPRINT_0132_0001_0001_scanner_surface | StellaOps.Scanner EPDR Guild · QA Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Depends on #4 for QA fixtures | SCANNER-ANALYZERS-LANG-11-004 | SCSA0103 | |
| ANALYZERS-NATIVE-20-001 | TODO | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Bootstrap native analyzer helpers | Bootstrap native analyzer helpers | SCSA0401 | |
| ANALYZERS-NATIVE-20-002 | TODO | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #1 | SCANNER-ANALYZERS-NATIVE-20-001 | SCSA0401 | |
| ANALYZERS-NATIVE-20-003 | TODO | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #2 | SCANNER-ANALYZERS-NATIVE-20-002 | SCSA0401 | |
| ANALYZERS-NATIVE-20-004 | TODO | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #3 | SCANNER-ANALYZERS-NATIVE-20-003 | SCSA0401 | |
| ANALYZERS-NATIVE-20-005 | TODO | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #4 | SCANNER-ANALYZERS-NATIVE-20-004 | SCSA0401 | |
| ANALYZERS-NATIVE-20-006 | TODO | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #5 | SCANNER-ANALYZERS-NATIVE-20-005 | SCSA0401 | |
| ANALYZERS-NATIVE-20-007 | TODO | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #6 | SCANNER-ANALYZERS-NATIVE-20-006 | SCSA0401 | |
| ANALYZERS-NATIVE-20-008 | TODO | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #7 | SCANNER-ANALYZERS-NATIVE-20-007 | SCSA0401 | |
| ANALYZERS-NATIVE-20-009 | TODO | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #8 | SCANNER-ANALYZERS-NATIVE-20-008 | SCSA0401 | |
| ANALYZERS-NATIVE-20-010 | TODO | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #9 | SCANNER-ANALYZERS-NATIVE-20-009 | SCSA0401 | |
| ANALYZERS-NODE-22-001 | TODO | SPRINT_0132_0001_0001_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Bootstrap Node analyzer helper | Bootstrap Node analyzer helper | SCSA0501 | |
| ANALYZERS-NODE-22-002 | TODO | SPRINT_0132_0001_0001_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #1 | SCANNER-ANALYZERS-NODE-22-001 | SCSA0501 | |
| ANALYZERS-NODE-22-003 | TODO | SPRINT_0132_0001_0001_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #2 | SCANNER-ANALYZERS-NODE-22-002 | SCSA0501 | |
| ANALYZERS-NODE-22-004 | TODO | SPRINT_0132_0001_0001_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #3 | SCANNER-ANALYZERS-NODE-22-003 | SCSA0501 | |
| ANALYZERS-NODE-22-005 | TODO | SPRINT_0132_0001_0001_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #4 | SCANNER-ANALYZERS-NODE-22-004 | SCSA0501 | |
| ANALYZERS-NODE-22-006 | TODO | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #5 | SCANNER-ANALYZERS-NODE-22-005 | SCSA0501 | |
| ANALYZERS-NODE-22-007 | TODO | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #6 | SCANNER-ANALYZERS-NODE-22-006 | SCSA0501 | |
| ANALYZERS-NODE-22-008 | TODO | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #7 | SCANNER-ANALYZERS-NODE-22-007 | SCSA0501 | |
| ANALYZERS-NODE-22-009 | TODO | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild · QA Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #8 | SCANNER-ANALYZERS-NODE-22-008 | SCSA0501 | |
| ANALYZERS-NODE-22-010 | TODO | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild · Signals Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #9 | SCANNER-ANALYZERS-NODE-22-009 | SCSA0501 | |
| ANALYZERS-NODE-22-011 | TODO | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild · DevOps Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on ANALYZERS-NODE-22-010 + DevOps packaging | SCANNER-ANALYZERS-NODE-22-010 | SCSA0502 | |
| ANALYZERS-NODE-22-012 | TODO | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Needs #1 regression fixtures | SCANNER-ANALYZERS-NODE-22-011 | SCSA0502 | |
| ANALYZERS-PHP-27-001 | TODO | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Analyzer helper bootstrap | Analyzer helper bootstrap | SCSA0601 | |
| ANALYZERS-PHP-27-002 | TODO | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | SCANNER-ANALYZERS-PHP-27-001 | SCANNER-ANALYZERS-PHP-27-001 | SCSA0101 | |
| ANALYZERS-PHP-27-003 | TODO | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | SCANNER-ANALYZERS-PHP-27-002 | SCANNER-ANALYZERS-PHP-27-002 | SCSA0101 | |
| ANALYZERS-PHP-27-004 | TODO | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Depends on SCANNER-ANALYZERS-PHP-27-003 | SCANNER-ANALYZERS-PHP-27-003 | SCSA0601 | |
| ANALYZERS-PHP-27-005 | TODO | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Depends on #2 | SCANNER-ANALYZERS-PHP-27-004 | SCSA0601 | |
| ANALYZERS-PHP-27-006 | TODO | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Depends on #3 | SCANNER-ANALYZERS-PHP-27-005 | SCSA0601 | |
| ANALYZERS-PHP-27-007 | TODO | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Depends on #4 | SCANNER-ANALYZERS-PHP-27-006 | SCSA0601 | |
| ANALYZERS-PHP-27-008 | TODO | SPRINT_0134_0001_0001_scanner_surface | PHP Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Depends on #1 + CLI feedback | SCANNER-ANALYZERS-PHP-27-002 | SCSA0601 | |
| ANALYZERS-PHP-27-009 | TODO | SPRINT_0134_0001_0001_scanner_surface | PHP Analyzer Guild · QA Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Depends on #5 | SCANNER-ANALYZERS-PHP-27-007 | SCSA0601 | |
| ANALYZERS-PHP-27-010 | TODO | SPRINT_0134_0001_0001_scanner_surface | PHP Analyzer Guild · Signals Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Depends on #7 | SCANNER-ANALYZERS-PHP-27-009 | SCSA0601 | |
| ANALYZERS-PHP-27-011 | TODO | SPRINT_0134_0001_0001_scanner_surface | PHP Analyzer Guild, DevOps Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | SCANNER-ANALYZERS-PHP-27-010 | SCSA0602 | ||
| ANALYZERS-PHP-27-012 | TODO | SPRINT_0134_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | SCANNER-ANALYZERS-PHP-27-011 | SCSA0602 | ||
| ANALYZERS-PYTHON-23-001 | TODO | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Analyzer helper bootstrap | Analyzer helper bootstrap | SCSA0701 | |
| ANALYZERS-PYTHON-23-002 | TODO | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Depends on #1 | SCANNER-ANALYZERS-PYTHON-23-001 | SCSA0701 | |
| ANALYZERS-PYTHON-23-003 | TODO | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Depends on #2 | SCANNER-ANALYZERS-PYTHON-23-002 | SCSA0701 | |
| ANALYZERS-PYTHON-23-004 | TODO | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Depends on #3 | SCANNER-ANALYZERS-PYTHON-23-003 | SCSA0701 | |
| ANALYZERS-PYTHON-23-005 | TODO | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Depends on #4 | SCANNER-ANALYZERS-PYTHON-23-004 | SCSA0701 | |
| ANALYZERS-PYTHON-23-006 | TODO | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Depends on #5 | SCANNER-ANALYZERS-PYTHON-23-005 | SCSA0701 | |
| ANALYZERS-PYTHON-23-007 | TODO | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | SCANNER-ANALYZERS-PYTHON-23-006 | SCANNER-ANALYZERS-PYTHON-23-006 | SCSA0101 | |
| ANALYZERS-PYTHON-23-008 | TODO | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | SCANNER-ANALYZERS-PYTHON-23-007 | SCANNER-ANALYZERS-PYTHON-23-007 | SCSA0101 | |
| ANALYZERS-PYTHON-23-009 | TODO | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild, QA Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | SCANNER-ANALYZERS-PYTHON-23-008 | SCANNER-ANALYZERS-PYTHON-23-008 | SCSA0101 | |
| ANALYZERS-PYTHON-23-010 | TODO | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild, Signals Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | SCANNER-ANALYZERS-PYTHON-23-009 | SCANNER-ANALYZERS-PYTHON-23-009 | SCSA0102 | |
| ANALYZERS-PYTHON-23-011 | TODO | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild, DevOps Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | SCANNER-ANALYZERS-PYTHON-23-010 | SCANNER-ANALYZERS-PYTHON-23-010 | SCSA0102 | |
| ANALYZERS-PYTHON-23-012 | TODO | SPRINT_0135_0001_0001_scanner_surface | Python Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Needs ANALYZERS-PYTHON-23-011 evidence | SCANNER-ANALYZERS-PYTHON-23-011 | SCSA0702 | |
| ANALYZERS-RUBY-28-001 | TODO | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Bootstrap helper | Bootstrap helper | SCSA0801 | |
| ANALYZERS-RUBY-28-002 | TODO | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #1 | SCANNER-ANALYZERS-RUBY-28-001 | SCSA0801 | |
| ANALYZERS-RUBY-28-003 | TODO | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #2 | SCANNER-ANALYZERS-RUBY-28-002 | SCSA0801 | |
| ANALYZERS-RUBY-28-004 | TODO | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #3 | SCANNER-ANALYZERS-RUBY-28-003 | SCSA0801 | |
| ANALYZERS-RUBY-28-005 | TODO | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #4 | SCANNER-ANALYZERS-RUBY-28-004 | SCSA0801 | |
| ANALYZERS-RUBY-28-006 | TODO | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #5 | SCANNER-ANALYZERS-RUBY-28-005 | SCSA0801 | |
| ANALYZERS-RUBY-28-007 | TODO | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #6 | SCANNER-ANALYZERS-RUBY-28-006 | SCSA0801 | |
| ANALYZERS-RUBY-28-008 | TODO | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #7 | SCANNER-ANALYZERS-RUBY-28-007 | SCSA0801 | |
| ANALYZERS-RUBY-28-009 | TODO | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild · QA Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #8 | SCANNER-ANALYZERS-RUBY-28-008 | SCSA0801 | |
| ANALYZERS-RUBY-28-010 | TODO | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild · Signals Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #9 | SCANNER-ANALYZERS-RUBY-28-009 | SCSA0801 | |
| ANALYZERS-RUBY-28-011 | TODO | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild · DevOps Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on ANALYZERS-RUBY-28-010 | SCANNER-ANALYZERS-RUBY-28-010 | SCSA0802 | |
| ANALYZERS-RUBY-28-012 | TODO | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Needs #1 fixtures | SCANNER-ANALYZERS-RUBY-28-011 | SCSA0802 | |
| AOC-19-001 | TODO | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild | src/Policy/__Libraries/StellaOps.Policy | Review Link-Not-Merge schema | Review Link-Not-Merge schema | PLAO0101 | |
| AOC-19-002 | TODO | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild | src/Policy/__Libraries/StellaOps.Policy | Depends on #1 | POLICY-AOC-19-001 | PLAO0101 | |
| AOC-19-003 | TODO | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild | src/Policy/__Libraries/StellaOps.Policy | Depends on #2 | POLICY-AOC-19-002 | PLAO0101 | |
| AOC-19-004 | TODO | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild | src/Policy/__Libraries/StellaOps.Policy | Depends on #3 | POLICY-AOC-19-003 | PLAO0101 | |
| AOC-19-101 | TODO | 2025-10-28 | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild | ops/devops | Needs helper definitions from PLAO0101 | Needs helper definitions from PLAO0101 | DVAO0101 |
| API-27-001 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Governance decision (APIG0101) | Governance decision (APIG0101) | PLAR0101 | |
| API-27-002 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #1 | REGISTRY-API-27-001 | PLAR0101 | |
| API-27-003 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #2 | REGISTRY-API-27-002 | PLAR0101 | |
| API-27-004 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #3 | REGISTRY-API-27-003 | PLAR0101 | |
| API-27-005 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #4 | REGISTRY-API-27-004 | PLAR0101 | |
| API-27-006 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #5 | REGISTRY-API-27-005 | PLAR0101 | |
| API-27-007 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #6 | REGISTRY-API-27-006 | PLAR0101 | |
| API-27-008 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #7 | REGISTRY-API-27-007 | PLAR0101 | |
| API-27-009 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #8 | REGISTRY-API-27-008 | PLAR0101 | |
| API-27-010 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #9 | REGISTRY-API-27-009 | PLAR0101 | |
| API-28-001 | TODO | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Cartographer schema sign-off | Cartographer schema sign-off | GRAP0101 | |
| API-28-002 | TODO | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #1 | Depends on #1 | GRAP0101 | |
| API-28-003 | TODO | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #2 | Depends on #2 | GRAP0101 | |
| API-28-004 | TODO | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #3 | Depends on #3 | GRAP0101 | |
| API-28-005 | TODO | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #4 | Depends on #4 | GRAP0101 | |
| API-28-006 | TODO | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on GRAP0101 base endpoints | Depends on GRAP0101 base endpoints | GRAP0102 | |
| API-28-007 | TODO | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #1 | Depends on #1 | GRAP0102 | |
| API-28-008 | TODO | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #2 | Depends on #2 | GRAP0102 | |
| API-28-009 | TODO | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #3 | Depends on #3 | GRAP0102 | |
| API-28-010 | TODO | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #4 | Depends on #4 | GRAP0102 | |
| API-28-011 | TODO | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #5 | Depends on #5 | GRAP0102 | |
| API-29-001 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Governance schema (APIG0101) | Governance schema (APIG0101) | VUAP0101 | |
| API-29-002 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #1 | VULN-API-29-001 | VUAP0101 | |
| API-29-003 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #2 | VULN-API-29-002 | VUAP0101 | |
| API-29-004 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #3 | VULN-API-29-003 | VUAP0101 | |
| API-29-005 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #4 | VULN-API-29-004 | VUAP0101 | |
| API-29-006 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #5 | VULN-API-29-005 | VUAP0101 | |
| API-29-007 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #6 | VULN-API-29-006 | VUAP0101 | |
| API-29-008 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #7 | VULN-API-29-007 | VUAP0101 | |
| API-29-009 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #8 | VULN-API-29-008 | VUAP0101 | |
| API-29-010 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #9 | VULN-API-29-009 | VUAP0101 | |
| API-29-011 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild · CLI Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Requires API-29-010 artifacts | VULN-API-29-010 | VUAP0102 | |
| APIGOV-61-001 | TODO | SPRINT_0511_0001_0001_api | API Governance Guild | src/Api/StellaOps.Api.Governance | Configure spectral/linters with Stella rules; add CI job failing on violations. | 61-001 | APIG0101 | |
| APIGOV-61-002 | TODO | SPRINT_0511_0001_0001_api | API Governance Guild | src/Api/StellaOps.Api.Governance | Implement example coverage checker ensuring every operation has at least one request/response example. Dependencies: APIGOV-61-001. | APIGOV-61-001 | APIG0101 | |
| APIGOV-62-001 | TODO | SPRINT_0511_0001_0001_api | API Governance Guild | src/Api/StellaOps.Api.Governance | Build compatibility diff tool producing additive/breaking reports comparing prior release. Dependencies: APIGOV-61-002. | APIGOV-61-002 | APIG0101 | |
| APIGOV-62-002 | TODO | SPRINT_0511_0001_0001_api | API Governance Guild · DevOps Guild | src/Api/StellaOps.Api.Governance | Automate changelog generation and publish signed artifacts to src/Sdk/StellaOps.Sdk.Release pipeline. Dependencies: APIGOV-62-001. |
APIGOV-62-001 | APIG0101 | |
| APIGOV-63-001 | TODO | SPRINT_0511_0001_0001_api | API Governance Guild · Notifications Guild | src/Api/StellaOps.Api.Governance | Integrate deprecation metadata into Notification Studio templates for API sunset events. Dependencies: APIGOV-62-002. | APIGOV-62-002 | APIG0101 | |
| ATTEST-01-003 | DONE (2025-11-23) | 2025-11-23 | SPRINT_110_ingestion_evidence | Excititor Guild · Evidence Locker Guild | src/Attestor/StellaOps.Attestor | Excititor attestation payloads shipped on frozen bundle v1. | EXCITITOR-AIAI-31-002; ELOCKER-CONTRACT-2001 | ATEL0102 |
| ATTEST-73-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_110_ingestion_evidence | Concelier Core · Evidence Locker Guild | src/Attestor/StellaOps.Attestor | Attestation claims builder verified; TRX archived. | CONCELIER-AIAI-31-002; ELOCKER-CONTRACT-2001 | ATEL0102 |
| ATTEST-73-002 | DONE (2025-11-25) | 2025-11-25 | SPRINT_110_ingestion_evidence | Concelier Core · Evidence Locker Guild | src/Attestor/StellaOps.Attestor | Internal verify endpoint validated; TRX archived. | CONCELIER-AIAI-31-002; ELOCKER-CONTRACT-2001 | ATEL0102 |
| ATTEST-73-003 | TODO | SPRINT_302_docs_tasks_md_ii | Docs Guild · Policy Guild | docs/modules/attestor | Wait for ATEL0102 evidence | Wait for ATEL0102 evidence | DOAT0102 | |
| ATTEST-73-004 | TODO | SPRINT_302_docs_tasks_md_ii | Docs Guild · Attestor Service Guild | docs/modules/attestor | Depends on #1 | Depends on #1 | DOAT0102 | |
| ATTEST-74-001 | DOING | SPRINT_0170_0001_0001_notifications_telemetry | Notifications Service Guild · Attestor Service Guild | src/Notify/StellaOps.Notify | Needs DSSE schema sign-off | Needs DSSE schema sign-off | NOTY0102 | |
| ATTEST-74-002 | DOING | SPRINT_0170_0001_0001_notifications_telemetry | Notifications Service Guild | src/Notify/StellaOps.Notify | Depends on #1 | Depends on #1 | NOTY0102 | |
| ATTEST-74-003 | TODO | SPRINT_302_docs_tasks_md_ii | Docs Guild · Attestor Console Guild | docs/modules/attestor | Depends on NOTY0102 | Depends on NOTY0102 | DOAT0102 | |
| ATTEST-74-004 | TODO | SPRINT_302_docs_tasks_md_ii | Docs Guild · CLI Attestor Guild | docs/modules/attestor | Depends on NOTY0102 | Depends on NOTY0102 | DOAT0102 | |
| ATTEST-75-001 | TODO | SPRINT_160_export_evidence | Docs Guild · Export Attestation Guild | docs/modules/attestor | Needs Export bundle schema (ECOB0101) | Needs Export bundle schema (ECOB0101) | DOAT0102 | |
| ATTEST-75-002 | TODO | SPRINT_160_export_evidence | Docs Guild · Security Guild | docs/modules/attestor | Depends on #5 | Depends on #5 | DOAT0102 | |
| ATTEST-REPLAY-187-003 | TODO | SPRINT_0187_0001_0001_evidence_locker_cli_integration | Attestor Guild (src/Attestor/StellaOps.Attestor) | src/Attestor/StellaOps.Attestor, docs/modules/attestor/architecture.md |
Wire Attestor/Rekor anchoring for replay manifests and capture verification APIs; extend docs/modules/attestor/architecture.md with a replay ledger flow referencing docs/replay/DETERMINISTIC_REPLAY.md Section 9. |
Align replay payload schema with RPRC0101 | ATRE0101 | |
| ATTESTOR-DOCS-0001 | DONE | 2025-11-05 | SPRINT_313_docs_modules_attestor | Docs Guild | docs/modules/attestor | Validate that docs/modules/attestor/README.md matches the latest release notes and attestation samples. |
DOAT0102 | |
| ATTESTOR-ENG-0001 | TODO | SPRINT_313_docs_modules_attestor | Module Team | docs/modules/attestor | Cross-check implementation plan milestones against /docs/implplan/SPRINT_*.md and update module readiness checkpoints. |
Depends on #1-6 | DOAT0102 | |
| ATTESTOR-OPS-0001 | TODO | SPRINT_313_docs_modules_attestor | Ops Guild | docs/modules/attestor | Review runbooks/observability assets after the next sprint demo and capture findings inline with sprint notes. | Depends on #1-6 | DOAT0102 | |
| AUTH-AIRGAP-57-001 | DONE (2025-11-08) | 2025-11-08 | SPRINT_100_identity_signing | Authority Core & Security Guild, DevOps Guild (src/Authority/StellaOps.Authority) | src/Authority/StellaOps.Authority | Enforce sealed-mode CI gating by refusing token issuance when declared sealed install lacks sealing confirmation. | AUTH-AIRGAP-56-001; DEVOPS-AIRGAP-57-002 | AUIN0101 |
| AUTH-CRYPTO-90-001 | DOING | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Authority Core & Security Guild | src/Authority/StellaOps.Authority | Migrate Authority signing/key-loading paths (provider registry + crypto hash) so regional bundles can select sovereign providers per docs/security/crypto-routing-audit-2025-11-07.md. | Finalize sovereign crypto keystore plan | AUIN0101 |
| AUTH-DPOP-11-001 | DONE (2025-11-08) | 2025-11-08 | SPRINT_100_identity_signing | Authority Core & Security Guild (src/Authority/StellaOps.Authority) | src/Authority/StellaOps.Authority | DPoP validation now runs for every /token grant, interactive tokens inherit cnf.jkt/sender claims, and docs/tests document the expanded coverage. |
AUTH-AOC-19-002 | AUIN0101 |
| AUTH-MTLS-11-002 | DONE (2025-11-08) | 2025-11-08 | SPRINT_100_identity_signing | Authority Core & Security Guild (src/Authority/StellaOps.Authority) | src/Authority/StellaOps.Authority | Refresh grants now enforce the original client certificate, tokens persist x5t#S256/hex metadata via shared helper, and docs/JWKS guidance call out the mTLS binding expectations. |
AUTH-DPOP-11-001 | AUIN0101 |
| AUTH-PACKS-43-001 | DONE (2025-11-09) | 2025-11-09 | SPRINT_100_identity_signing | Authority Core & Security Guild (src/Authority/StellaOps.Authority) | src/Authority/StellaOps.Authority | Enforce pack signing policies, approval RBAC checks, CLI CI token scopes, and audit logging for approvals. | AUTH-PACKS-41-001; TASKRUN-42-001; ORCH-SVC-42-101 | AUIN0101 |
| AUTH-REACH-401-005 | DONE (2025-11-27) | 2025-11-27 | SPRINT_0401_0001_0001_reachability_evidence_chain | Authority & Signer Guilds | src/Authority/StellaOps.Authority, src/Signer/StellaOps.Signer |
Predicate types exist (stella.ops/vexDecision@v1 etc.); IAuthorityDsseStatementSigner created with ICryptoProviderRegistry; Rekor via existing IRekorClient. | Coordinate with replay reachability owners | AUIN0101 |
| AUTH-VERIFY-186-007 | TODO | SPRINT_0186_0001_0001_record_deterministic_execution | Authority Guild · Provenance Guild | src/Authority/StellaOps.Authority, src/Provenance/StellaOps.Provenance.Attestation |
Expose an Authority-side verification helper/service that validates DSSE signatures and Rekor proofs for promotion attestations using trusted checkpoints, enabling offline audit flows. | Await PROB0101 provenance harness | AUIN0101 | |
| AUTHORITY-DOCS-0001 | TODO | SPRINT_314_docs_modules_authority | Docs Guild (docs/modules/authority) | docs/modules/authority | See ./AGENTS.md | Wait for AUIN0101 sign-off | DOAU0101 | |
| AUTHORITY-ENG-0001 | TODO | SPRINT_314_docs_modules_authority | Module Team (docs/modules/authority) | docs/modules/authority | Update status via ./AGENTS.md workflow | Depends on #1 | DOAU0101 | |
| AUTHORITY-OPS-0001 | TODO | SPRINT_314_docs_modules_authority | Ops Guild (docs/modules/authority) | docs/modules/authority | Sync outcomes back to ../.. | Depends on #1 | DOAU0101 | |
| AUTO-401-019 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Benchmarks Guild | docs/benchmarks/vex-evidence-playbook.md, scripts/bench/** |
Align with PROB0101 schema | Align with PROB0101 schema | RBBN0101 | |
| BACKFILL-401-029 | DOING | SPRINT_0401_0001_0001_reachability_evidence_chain | Platform Guild | docs/provenance/inline-dsse.md, scripts/publish_attestation_with_provenance.sh |
Align output schema with PROB0101 | Align output schema with PROB0101 | RBRE0101 | |
| BENCH-AUTO-401-019 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Benchmarks Guild | docs/benchmarks/vex-evidence-playbook.md, scripts/bench/** |
Create automation to populate bench/findings/**, run baseline scanners (Trivy/Syft/Grype/Snyk/Xray), compute FP/MTTD/repro metrics, and update results/summary.csv. |
Depends on #1 | RBBN0101 | |
| BENCH-GRAPH-21-001 | BLOCKED | 2025-10-27 | SPRINT_512_bench | Bench Guild · Graph Platform Guild | src/Bench/StellaOps.Bench | Build graph viewport/path benchmark harness (50k/100k nodes) measuring Graph API/Indexer latency, memory, and tile cache hit rates. (Executed within Sprint 28 Graph program). | Wait for CAGR0101 outputs | RBBN0102 |
| BENCH-GRAPH-21-002 | BLOCKED | 2025-10-27 | SPRINT_512_bench | Bench Guild · UI Guild | src/Bench/StellaOps.Bench | Add headless UI load benchmark (Playwright) for graph canvas interactions to track render times and FPS budgets. (Executed within Sprint 28 Graph program).. Dependencies: BENCH-GRAPH-21-001. | Depends on #1 | RBBN0102 |
| BENCH-GRAPH-24-002 | TODO | SPRINT_512_bench | Bench Guild · UI Guild | src/Bench/StellaOps.Bench | Implement UI interaction benchmarks (filter/zoom/table operations) citing p95 latency; integrate with perf dashboards. Dependencies: BENCH-GRAPH-21-002. | Align with ORTR0101 job metadata | RBBN0102 | |
| BENCH-IMPACT-16-001 | TODO | SPRINT_512_bench | Bench Guild · Scheduler Team | src/Bench/StellaOps.Bench | ImpactIndex throughput bench (resolve 10k productKeys) + RAM profile. | Needs Scheduler signals from ORTR0102 | RBBN0102 | |
| BENCH-POLICY-20-002 | TODO | SPRINT_512_bench | Bench Guild · Policy Guild | src/Bench/StellaOps.Bench | Add incremental run benchmark measuring delta evaluation vs full; capture SLA compliance. | Wait for PLLG0104 ledger events | RBBN0102 | |
| BENCH-SIG-26-001 | TODO | SPRINT_512_bench | Bench Guild · Signals Guild | src/Bench/StellaOps.Bench | Develop benchmark for reachability scoring pipeline (facts/sec, latency, memory) using synthetic callgraphs/runtime batches. | Needs SGSI0101 runtime feed | RBBN0102 | |
| BENCH-SIG-26-002 | TODO | SPRINT_512_bench | Bench Guild · Policy Guild | src/Bench/StellaOps.Bench | Measure policy evaluation overhead with reachability cache hot/cold; ensure ≤8 ms p95 added latency. Dependencies: BENCH-SIG-26-001. | Depends on #6 | RBBN0102 | |
| BUNDLE-401-014 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Symbols Guild | src/Symbols/StellaOps.Symbols.Bundle |
Needs RBRE0101 provenance payload | Needs RBRE0101 provenance payload | RBSY0101 | |
| BUNDLE-69-001 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | Risk Bundle Export Guild · Risk Engine Guild | src/ExportCenter/StellaOps.ExportCenter.RiskBundles | Align with ATEL0102 DSSE outputs | Align with ATEL0102 DSSE outputs | RBRB0101 | |
| BUNDLE-69-002 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | Risk Bundle Export Guild · DevOps Guild | src/ExportCenter/StellaOps.ExportCenter.RiskBundles | Depends on #1 | Depends on #1 | RBRB0101 | |
| BUNDLE-70-001 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | Risk Bundle Export Guild · CLI Guild | src/ExportCenter/StellaOps.ExportCenter.RiskBundles | Needs CLI export contract from CLCI0104 | Needs CLI export contract from CLCI0104 | RBRB0101 | |
| BUNDLE-70-002 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | Risk Bundle Export Guild · Docs Guild | src/ExportCenter/StellaOps.ExportCenter.RiskBundles | Depends on #3 | Depends on #3 | RBRB0101 | |
| CAS-401-001 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Scanner Worker Guild | src/Scanner/StellaOps.Scanner.Worker |
Wait for RBRE0101 DSSE hashes | Wait for RBRE0101 DSSE hashes | CASC0101 | |
| CCCS-02-009 | TODO | SPRINT_117_concelier_vi | Concelier Connector Guild – CCCS | src/Concelier/__Libraries/StellaOps.Concelier.Connector.Cccs | Implement restart-safe watermark + schema tests. | Confirm CCCS ingest watermark | CCFD0101 | |
| CENTER-ENG-0001 | TODO | SPRINT_320_docs_modules_export_center | Module Team · Export Center Guild | docs/modules/export-center | Wait for RBRB0101 bundle sample | Wait for RBRB0101 bundle sample | DOEC0101 | |
| CENTER-OPS-0001 | TODO | SPRINT_320_docs_modules_export_center | Ops Guild · Export Center Guild | docs/modules/export-center | Depends on #1 | Depends on #1 | DOEC0101 | |
| CERTBUND-02-010 | TODO | SPRINT_117_concelier_vi | Concelier Connector Guild – CertBund | src/Concelier/__Libraries/StellaOps.Concelier.Connector.CertBund | Update parser + CAS hashing. | Align with German CERT schema changes | CCFD0101 | |
| CISCO-02-009 | DOING | 2025-11-08 | SPRINT_117_concelier_vi | Concelier Connector Guild – Cisco | src/Concelier/__Libraries/StellaOps.Concelier.Connector.Vndr.Cisco | Harden retry + provenance logging. | Needs vendor API tokens rotated | CCFD0101 |
| CLI-0001 | DONE | 2025-11-10 | SPRINT_0138_0001_0001_scanner_ruby_parity | CLI Guild, Ruby Analyzer Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | SCANNER-ENG-0019 | SCANNER-ENG-0019 | CLCI0101 |
| CLI-401-007 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | UI & CLI Guilds (src/Cli/StellaOps.Cli, src/UI/StellaOps.UI) |
src/Cli/StellaOps.Cli, src/UI/StellaOps.UI |
— | — | CLCI0101 | |
| CLI-401-021 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | CLI Guild · DevOps Guild (src/Cli/StellaOps.Cli, scripts/ci/attest-*, docs/modules/attestor/architecture.md) |
src/Cli/StellaOps.Cli, scripts/ci/attest-*, docs/modules/attestor/architecture.md |
— | — | CLCI0101 | |
| CLI-41-001 | TODO | SPRINT_303_docs_tasks_md_iii | Docs Guild, DevEx/CLI Guild (docs) | — | — | CLCI0101 | ||
| CLI-42-001 | BLOCKED | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild (docs) | Superseded by DOCS-CLI-42-001; scope not defined separately. | Pending clarified scope | CLCI0101 | |
| CLI-43-002 | TODO | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild, Task Runner Guild (ops/devops) | ops/devops | — | — | CLCI0101 | |
| CLI-43-003 | TODO | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild, DevEx/CLI Guild (ops/devops) | ops/devops | — | — | CLCI0101 | |
| CLI-AIAI-31-001 | BLOCKED | 2025-11-22 | SPRINT_0201_0001_0001_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement stella advise summarize command with JSON/Markdown outputs and citation display. Blocked: upstream Scanner analyzers (Node/Java) fail to compile, preventing CLI tests. |
— | CLCI0101 |
| CLI-AIAI-31-002 | DONE | 2025-11-24 | SPRINT_0201_0001_0001_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement stella advise explain showing conflict narrative and structured rationale. Dependencies: CLI-AIAI-31-001. |
— | CLCI0101 |
| CLI-AIAI-31-003 | DONE | 2025-11-24 | SPRINT_0201_0001_0001_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement stella advise remediate generating remediation plans with --strategy filters and file output. Dependencies: CLI-AIAI-31-002. |
— | CLCI0101 |
| CLI-AIAI-31-004 | TODO | SPRINT_0201_0001_0001_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement stella advise batch for summaries/conflicts/remediation with progress + multi-status responses. Dependencies: CLI-AIAI-31-003. |
— | CLCI0102 | |
| CLI-AIRGAP-56-001 | TODO | SPRINT_0503_0001_0001_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | PROGRAM-STAFF-1001 | PROGRAM-STAFF-1001 | ATMI0102 | ||
| CLI-AIRGAP-56-002 | TODO | SPRINT_0201_0001_0001_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Ensure telemetry propagation under sealed mode (no remote exporters) while preserving correlation IDs; add label AirGapped-Phase-1. Dependencies: CLI-AIRGAP-56-001. |
— | CLCI0102 | |
| CLI-AIRGAP-57-001 | TODO | SPRINT_0201_0001_0001_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Add stella airgap import with diff preview, bundle scope selection (--tenant, --global), audit logging, and progress reporting. Dependencies: CLI-AIRGAP-56-002. |
— | CLCI0102 | |
| CLI-AIRGAP-57-002 | TODO | SPRINT_0201_0001_0001_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Provide `stella airgap seal. Dependencies: CLI-AIRGAP-57-001. | — | CLCI0102 | |
| CLI-AIRGAP-58-001 | TODO | SPRINT_0201_0001_0001_cli_i | DevEx/CLI Guild, Evidence Locker Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement stella airgap export evidence helper for portable evidence packages, including checksum manifest and verification. Dependencies: CLI-AIRGAP-57-002. |
— | CLCI0102 | |
| CLI-ATTEST-73-001 | BLOCKED | 2025-11-22 | SPRINT_0201_0001_0001_cli_i | CLI Attestor Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement stella attest sign (payload selection, subject digest, key reference, output format) using official SDK transport. Blocked: Scanner analyzer compile failures break CLI build; attestor SDK transport contract not provided. |
— | CLCI0102 |
| CLI-ATTEST-73-002 | TODO | SPRINT_0201_0001_0001_cli_i | CLI Attestor Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement stella attest verify with policy selection, explainability output, and JSON/table formatting. Dependencies: CLI-ATTEST-73-001. |
— | CLCI0102 | |
| CLI-ATTEST-74-001 | TODO | SPRINT_0201_0001_0001_cli_i | CLI Attestor Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement stella attest list with filters (subject, type, issuer, scope) and pagination. Dependencies: CLI-ATTEST-73-002. |
— | CLCI0102 | |
| CLI-ATTEST-74-002 | TODO | SPRINT_0201_0001_0001_cli_i | CLI Attestor Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement stella attest fetch to download envelopes and payloads to disk. Dependencies: CLI-ATTEST-74-001. |
— | CLCI0102 | |
| CLI-ATTEST-75-001 | TODO | SPRINT_0201_0001_0001_cli_i | CLI Attestor Guild, KMS Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella attest key create. Dependencies: CLI-ATTEST-74-002. | — | CLCI0102 | |
| CLI-ATTEST-75-002 | TODO | SPRINT_0201_0001_0001_cli_i | CLI Attestor Guild | src/Cli/StellaOps.Cli | Add support for building/verifying attestation bundles in CLI. Dependencies: CLI-ATTEST-75-001. | Wait for ATEL0102 outputs | CLCI0109 | |
| CLI-CORE-41-001 | TODO | SPRINT_0202_0001_0002_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement CLI core features: config precedence, profiles/contexts, auth flows, output renderer (json/yaml/table), error mapping, global flags, telemetry opt-in. | — | CLCI0103 | |
| CLI-DET-01 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · DevEx/CLI Guild | CLI-SBOM-60-001; CLI-SBOM-60-002 | CLI-SBOM-60-001; CLI-SBOM-60-002 | CLCI0103 | |
| CLI-DETER-70-003 | TODO | SPRINT_0202_0001_0002_cli_ii | DevEx/CLI Guild, Scanner Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Provide stella detscore run that executes the determinism harness locally (fixed clock, seeded RNG, canonical hashes) and writes determinism.json, supporting CI/non-zero threshold exit codes (docs/modules/scanner/determinism-score.md). |
— | CLCI0103 | |
| CLI-DETER-70-004 | TODO | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Add stella detscore report to summarise published determinism.json files (overall score, per-image matrix) and integrate with release notes/air-gap kits (docs/modules/scanner/determinism-score.md). Dependencies: CLI-DETER-70-003. |
— | CLCI0103 | |
| CLI-DOCS-0001 | TODO | SPRINT_316_docs_modules_cli | Docs Guild (docs/modules/cli) | docs/modules/cli | See ./AGENTS.md | — | CLCI0103 | |
| CLI-EDITOR-401-004 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | CLI Guild (src/Cli/StellaOps.Cli, docs/policy/lifecycle.md) |
src/Cli/StellaOps.Cli, docs/policy/lifecycle.md |
Enhance stella policy CLI verbs (edit/lint/simulate) to edit Git-backed .dsl files, run local coverage tests, and commit SemVer metadata. |
— | CLCI0103 | |
| CLI-ENG-0001 | TODO | SPRINT_316_docs_modules_cli | Module Team (docs/modules/cli) | docs/modules/cli | Update status via ./AGENTS.md workflow | — | CLCI0103 | |
| CLI-DETER-70-003 | DONE | 2025-11-28 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild, Scanner Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Provide stella detscore run that executes the determinism harness locally (fixed clock, seeded RNG, canonical hashes) and writes determinism.json, supporting CI/non-zero threshold exit codes (docs/modules/scanner/determinism-score.md). |
— | CLCI0103 |
| CLI-EXC-25-001 | DONE | 2025-11-28 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella exceptions list | — | CLCI0103 |
| CLI-EXC-25-002 | DONE | 2025-11-28 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Extend stella policy simulate with --with-exception/--without-exception flags to preview exception impact. Dependencies: CLI-EXC-25-001. |
— | CLCI0103 |
| CLI-EXPORT-35-001 | BLOCKED | 2025-10-29 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella export profiles | CLCI0103 | CLCI0104 |
| CLI-EXPORT-36-001 | BLOCKED | 2025-11-30 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Add distribution commands (stella export distribute, run download --resume enhancements) and improved status polling with progress bars. Dependencies: CLI-EXPORT-35-001. |
— | CLCI0104 |
| CLI-EXPORT-37-001 | BLOCKED | 2025-11-30 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Provide scheduling (stella export schedule), retention, and export verify commands performing signature/hash validation. Dependencies: CLI-EXPORT-36-001. |
— | CLCI0104 |
| CLI-FORENSICS-53-001 | DONE | 2025-11-28 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild, Evidence Locker Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement stella forensic snapshot create --case and snapshot list/show commands invoking evidence locker APIs, surfacing manifest digests, and storing local cache metadata. |
— | CLCI0104 |
| CLI-FORENSICS-54-001 | DONE | 2025-11-28 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild, Provenance Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Provide stella forensic verify <bundle> command validating checksums, DSSE signatures, and timeline chain-of-custody. Support JSON/pretty output and exit codes for CI. Dependencies: CLI-FORENSICS-53-001. |
— | CLCI0104 |
| CLI-FORENSICS-54-002 | DONE | 2025-11-28 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild, Provenance Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement stella forensic attest show <artifact> listing attestation details (signer, timestamp, subjects) and verifying signatures. Dependencies: CLI-FORENSICS-54-001. |
— | CLCI0104 |
| CLI-LNM-22-001 | DONE | 2025-11-28 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement stella advisory obs get/linkset show/export commands with JSON/OSV output, pagination, and conflict display; ensure ERR_AGG_* mapping. |
— | CLCI0103 |
| CLI-LNM-22-002 | DONE | 2025-11-28 | SPRINT_0202_0001_0001_cli_ii | CLI Guild · Concelier Guild | src/Cli/StellaOps.Cli | Implement stella vex obs get/linkset show commands with product filters, status filters, and JSON output for CI usage. Dependencies: CLI-LNM-22-001. |
Needs CCLN0102 API contract | CLCI0109 |
| CLI-NOTIFY-38-001 | BLOCKED | 2025-10-29 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella notify rules | CLCI0103 | CLCI0104 |
| CLI-NOTIFY-39-001 | BLOCKED | 2025-10-29 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Add simulation (stella notify simulate) and digest commands with diff output and schedule triggering, including dry-run mode. Dependencies: CLI-NOTIFY-38-001. |
CLCI0103 | CLCI0104 |
| CLI-NOTIFY-40-001 | BLOCKED | 2025-11-30 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Provide ack token redemption workflow, escalation management, localization previews, and channel health checks. Dependencies: CLI-NOTIFY-39-001. | — | CLCI0104 |
| CLI-OBS-50-001 | DONE | 2025-11-28 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Ensure CLI HTTP client propagates traceparent headers for all commands, prints correlation IDs on failure, and records trace IDs in verbose logs (scrubbed). |
— | CLCI0104 |
| CLI-OBS-51-001 | TODO | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement stella obs top command streaming service health metrics, SLO status, and burn-rate alerts with TUI view and JSON output. Dependencies: CLI-OBS-50-001. |
— | CLCI0105 | |
| CLI-OBS-52-001 | TODO | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add stella obs trace <trace_id> and stella obs logs --from/--to commands that correlate timeline events, logs, and evidence links with pagination + guardrails. Dependencies: CLI-OBS-51-001. |
— | CLCI0105 | |
| CLI-OBS-55-001 | TODO | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild · DevOps Guild | src/Cli/StellaOps.Cli | Add `stella obs incident-mode enable. Dependencies: CLI-OBS-52-001. | — | CLCI0105 | |
| CLI-OPS-0001 | TODO | SPRINT_316_docs_modules_cli | Ops Guild (docs/modules/cli) | docs/modules/cli | Sync outcomes back to ../.. | — | CLCI0105 | |
| CLI-ORCH-32-001 | TODO | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella orch sources | ORGR0101 hand-off | CLCI0105 | |
| CLI-ORCH-33-001 | TODO | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add action verbs (`sources test. Dependencies: CLI-ORCH-32-001. | ORGR0101 hand-off | CLCI0105 | |
| CLI-ORCH-34-001 | TODO | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Provide backfill wizard (--from/--to --dry-run), quota management (`quotas get. Dependencies: CLI-ORCH-33-001. |
ORGR0102 API review | CLCI0105 | |
| CLI-PACKS-42-001 | TODO | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement Task Pack commands (pack plan/run/push/pull/verify) with schema validation, expression sandbox, plan/simulate engine, remote execution. |
— | CLCI0105 | |
| CLI-PACKS-43-001 | TODO | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Deliver advanced pack features (approvals pause/resume, secret injection, localization, man pages, offline cache). Dependencies: CLI-PACKS-42-001. | Offline kit schema sign-off | CLCI0105 | |
| CLI-PACKS-43-002 | TODO | SPRINT_0508_0001_0001_ops_offline_kit | Offline Kit Guild · Packs Registry Guild | ops/offline-kit | Bundle Task Pack samples, registry mirror seeds, Task Runner configs, and CLI binaries with checksums into Offline Kit. | CLI-PACKS-43-001 | CLCI0105 | |
| CLI-PARITY-41-001 | TODO | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Deliver parity command groups (policy, sbom, vuln, vex, advisory, export, orchestrator) with --explain, deterministic outputs, and parity matrix entries. |
— | CLCI0106 | |
| CLI-PARITY-41-002 | TODO | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement notify, aoc, auth command groups, idempotency keys, shell completions, config docs, and parity matrix export tooling. Dependencies: CLI-PARITY-41-001. |
— | CLCI0106 | |
| CLI-POLICY-20-001 | TODO | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add `stella policy new | PLPE0101 completion | CLCI0106 | |
| CLI-POLICY-23-004 | TODO | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add stella policy lint command validating SPL files with compiler diagnostics; support JSON output. Dependencies: CLI-POLICY-20-001. |
PLPE0102 readiness | CLCI0106 | |
| CLI-POLICY-23-006 | TODO | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Provide stella policy history and stella policy explain commands to pull run history and explanation trees. Dependencies: CLI-POLICY-23-005. |
— | CLCI0106 | |
| CLI-POLICY-27-001 | TODO | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement policy workspace commands (stella policy init, edit, lint, compile, test) with template selection, local cache, JSON output, and deterministic temp directories. Dependencies: CLI-POLICY-23-006. |
Ledger API exposure | CLCI0106 | |
| CLI-POLICY-27-002 | TODO | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add submission/review workflow commands (stella policy version bump, submit, review comment, approve, reject) supporting reviewer assignment, changelog capture, and exit codes. Dependencies: CLI-POLICY-27-001. |
CLI-POLICY-27-001 | CLCI0106 | |
| CLI-POLICY-27-003 | TODO | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement stella policy simulate enhancements (quick vs batch, SBOM selectors, heatmap summary, manifest download) with --json and Markdown report output for CI. Dependencies: CLI-POLICY-27-002. |
CLI-POLICY-27-002 | CLCI0106 | |
| CLI-POLICY-27-004 | TODO | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add lifecycle commands for publish/promote/rollback/sign (stella policy publish --sign, promote --env, rollback) with attestation verification and canary arguments. Dependencies: CLI-POLICY-27-003. |
CLI-POLICY-27-003 | CLCI0106 | |
| CLI-POLICY-27-005 | TODO | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild · Docs Guild | src/Cli/StellaOps.Cli | Update CLI reference and samples for Policy Studio including JSON schemas, exit codes, and CI snippets. Dependencies: CLI-POLICY-27-004. | CLI-POLICY-27-004 | CLCI0106 | |
| CLI-POLICY-27-006 | TODO | SPRINT_0204_0001_0004_cli_iv | CLI Guild · Policy Guild | src/Cli/StellaOps.Cli | Update CLI policy profiles/help text to request the new Policy Studio scope family, surface ProblemDetails guidance for invalid_scope, and adjust regression tests for scope failures. Dependencies: CLI-POLICY-27-005. |
Depends on #2 | CLCI0109 | |
| CLI-PROMO-70-001 | TODO | SPRINT_0202_0001_0002_cli_ii | DevEx/CLI Guild · Provenance Guild | src/Cli/StellaOps.Cli | Add stella promotion assemble command that resolves image digests, hashes SBOM/VEX artifacts, fetches Rekor proofs from Attestor, and emits the stella.ops/promotion@v1 JSON payload (see docs/release/promotion-attestations.md). |
Mirror attestation inputs | CLCI0108 | |
| CLI-PROMO-70-002 | TODO | SPRINT_0203_0001_0003_cli_iii | CLI Guild · Marketing Guild | src/Cli/StellaOps.Cli | Implement stella promotion attest / promotion verify commands that sign the promotion payload via Signer, retrieve DSSE bundles from Attestor, and perform offline verification against trusted checkpoints (docs/release/promotion-attestations.md). Dependencies: CLI-PROMO-70-001. |
Needs revised DSSE plan | CLCI0109 | |
| CLI-REPLAY-187-002 | TODO | SPRINT_160_export_evidence | CLI Guild · Replay Guild | src/Cli/StellaOps.Cli |
CLI Guild · docs/modules/cli/architecture.md |
Requires RBRE0101 recorder schema | CLCI0109 | |
| CLI-RISK-66-001 | TODO | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild · Policy Guild | src/Cli/StellaOps.Cli | Implement `stella risk profile list | Ledger scores ready | CLCI0108 | |
| CLI-RISK-66-002 | TODO | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild · Risk Engine Guild | src/Cli/StellaOps.Cli | Ship stella risk simulate supporting SBOM/asset inputs, diff mode, and export to JSON/CSV. Dependencies: CLI-RISK-66-001. |
CLI-RISK-66-001 | CLCI0108 | |
| CLI-RISK-67-001 | TODO | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild · Findings Ledger Guild | src/Cli/StellaOps.Cli | Provide stella risk results with filtering, severity thresholds, explainability fetch. Dependencies: CLI-RISK-66-002. |
CLI-RISK-66-002 | CLCI0108 | |
| CLI-RISK-68-001 | TODO | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild · Export Guild | src/Cli/StellaOps.Cli | Add stella risk bundle verify and integrate with offline risk bundles. Dependencies: CLI-RISK-67-001. |
CLI-RISK-67-001 | CLCI0108 | |
| CLI-SBOM-60-001 | TODO | SPRINT_0203_0001_0003_cli_iii | CLI Guild · Scanner Guild | src/Cli/StellaOps.Cli | Ship stella sbomer layer/compose verbs that capture per-layer fragments, run canonicalization, verify fragment DSSE, and emit _composition.json + Merkle diagnostics (ref docs/modules/scanner/deterministic-sbom-compose.md). Dependencies: CLI-PARITY-41-001, SCANNER-SURFACE-04. |
Wait for CASC0101 manifest | CLSB0101 | |
| CLI-SBOM-60-002 | TODO | SPRINT_0203_0001_0003_cli_iii | CLI Guild | src/Cli/StellaOps.Cli | Add stella sbomer drift --explain + verify commands that rerun composition locally, highlight which arrays/keys broke determinism, and integrate with Offline Kit bundles. Dependencies: CLI-SBOM-60-001. |
Depends on #1 | CLSB0101 | |
| CLI-SDK-62-001 | TODO | SPRINT_0204_0001_0004_cli_iv | CLI Guild · SDK Guild | src/Cli/StellaOps.Cli | Replace bespoke HTTP clients with official SDK (TS/Go) for all CLI commands; ensure modular transport for air-gapped mode. | Align with SDK generator sprint | CLSB0101 | |
| CLI-SDK-62-002 | TODO | SPRINT_0204_0001_0004_cli_iv | CLI Guild | src/Cli/StellaOps.Cli | Update CLI error handling to surface standardized API error envelope with error.code and trace_id. Dependencies: CLI-SDK-62-001. |
Depends on #3 | CLSB0101 | |
| CLI-SDK-63-001 | TODO | SPRINT_0204_0001_0004_cli_iv | CLI Guild | src/Cli/StellaOps.Cli | Expose stella api spec download command retrieving aggregate OAS and verifying checksum/ETag. Dependencies: CLI-SDK-62-002. |
Needs CAS graph (CASC0101) | CLSB0101 | |
| CLI-SDK-64-001 | TODO | SPRINT_0204_0001_0004_cli_iv | CLI Guild | src/Cli/StellaOps.Cli | Add CLI subcommand stella sdk update to fetch latest SDK manifests/changelogs; integrate with Notifications for deprecations. Dependencies: CLI-SDK-63-001. |
Depends on #5 | CLSB0101 | |
| CLI-SIG-26-001 | TODO | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement stella reachability upload-callgraph and stella reachability list/explain commands with streaming upload, pagination, and exit codes. |
ATEL0101 signing plan | CLCI0108 | |
| CLI-SIG-26-002 | TODO | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Extend stella policy simulate with reachability override flags (--reachability-state, --reachability-score). Dependencies: CLI-SIG-26-001. |
CLI-SIG-26-001 | CLCI0108 | |
| CLI-TEN-47-001 | TODO | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement stella login, whoami, tenants list, persistent profiles, secure token storage, and --tenant override with validation. |
— | CLCI0108 | |
| CLI-TEN-49-001 | TODO | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add service account token minting, delegation (stella token delegate), impersonation banner, and audit-friendly logging. Dependencies: CLI-TEN-47-001. |
CLI-TEN-47-001 | CLCI0108 | |
| CLI-VEX-30-001 | TODO | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement stella vex consensus list with filters, paging, policy selection, --json/--csv. |
PLVL0102 completion | CLCI0107 | |
| CLI-VEX-30-002 | TODO | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement stella vex consensus show displaying quorum, evidence, rationale, signature status. Dependencies: CLI-VEX-30-001. |
CLI-VEX-30-001 | CLCI0107 | |
| CLI-VEX-30-003 | TODO | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement stella vex simulate for trust/threshold overrides with JSON diff output. Dependencies: CLI-VEX-30-002. |
CLI-VEX-30-002 | CLCI0107 | |
| CLI-VEX-30-004 | TODO | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement stella vex export for consensus NDJSON bundles with signature verification helper. Dependencies: CLI-VEX-30-003. |
CLI-VEX-30-003 | CLCI0107 | |
| CLI-VEX-401-011 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | CLI Guild | src/Cli/StellaOps.Cli, docs/modules/cli/architecture.md, docs/benchmarks/vex-evidence-playbook.md |
Add `stella decision export | Reachability API exposure | CLCI0107 | |
| CLI-VULN-29-001 | TODO | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement stella vuln list with grouping, paging, filters, --json/--csv, and policy selection. |
— | CLCI0107 | |
| CLI-VULN-29-002 | TODO | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement stella vuln show displaying evidence, policy rationale, paths, ledger summary; support --json for automation. Dependencies: CLI-VULN-29-001. |
CLI-VULN-29-001 | CLCI0107 | |
| CLI-VULN-29-003 | TODO | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add workflow commands (assign, comment, accept-risk, verify-fix, target-fix, reopen) with filter selection (--filter) and idempotent retries. Dependencies: CLI-VULN-29-002. |
CLI-VULN-29-002 | CLCI0107 | |
| CLI-VULN-29-004 | TODO | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement stella vuln simulate producing delta summaries and optional Markdown report for CI. Dependencies: CLI-VULN-29-003. |
CLI-VULN-29-003 | CLCI0107 | |
| CLI-VULN-29-005 | TODO | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add stella vuln export and stella vuln bundle verify commands to trigger/download evidence bundles and verify signatures. Dependencies: CLI-VULN-29-004. |
CLI-VULN-29-004 | CLCI0107 | |
| CLI-VULN-29-006 | TODO | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild · Docs Guild | src/Cli/StellaOps.Cli | Update CLI docs/examples for Vulnerability Explorer with compliance checklist and CI snippets. Dependencies: CLI-VULN-29-005. | CLI-VULN-29-005 | CLCI0108 | |
| CLIENT-401-012 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Symbols Guild | src/Symbols/StellaOps.Symbols.Client, src/Scanner/StellaOps.Scanner.Symbolizer |
Align with symbolizer regression fixtures | Align with symbolizer regression fixtures | RBSY0101 | |
| COMPOSE-44-001 | DOING (dev-mock 2025-12-06) | 2025-12-06 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · DevEx Guild | ops/deployment | Author docker-compose.yml, .env.example, and quickstart.sh with all core services + dependencies (postgres, redis, object-store, queue, otel). |
Waiting on consolidated service list/version pins from upstream module releases | DVCP0101 |
| COMPOSE-44-002 | TODO | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild | ops/deployment | Implement backup.sh and reset.sh scripts with safety prompts and documentation. Dependencies: COMPOSE-44-001. |
Depends on #1 | DVCP0101 | |
| COMPOSE-44-003 | DOING (dev-mock 2025-12-06) | 2025-12-06 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild | ops/deployment | Package seed data container and onboarding wizard toggle (QUICKSTART_MODE), ensuring default creds randomized on first run. Dependencies: COMPOSE-44-002. |
Needs RBRE0101 provenance | DVCP0101 |
| CONCELIER-AIAI-31-002 | DONE | 2025-11-18 | SPRINT_110_ingestion_evidence | Concelier Core · Concelier WebService Guilds | Structured field/caching implementation gated on schema approval. | CONCELIER-GRAPH-21-001; CARTO-GRAPH-21-002 | DOAI0101 | |
| CONCELIER-AIAI-31-003 | DONE | 2025-11-12 | SPRINT_110_ingestion_evidence | Docs Guild · Concelier Observability Guild | docs/modules/concelier/observability.md | Telemetry counters/histograms live for Advisory AI dashboards. | Summarize telemetry evidence | DOCO0101 |
| CONCELIER-AIRGAP-56-001 | DONE (2025-11-24) | SPRINT_112_concelier_i | Concelier Core Guild | src/Concelier/StellaOps.Concelier.WebService/AirGap | Deterministic air-gap bundle builder with manifest + entry-trace hashes. | docs/runbooks/concelier-airgap-bundle-deploy.md | AGCN0101 | |
| CONCELIER-AIRGAP-56-001..58-001 | DONE (2025-11-24) | SPRINT_110_ingestion_evidence | Concelier Core Guild · Evidence Locker Guild | Deterministic NDJSON bundle writer + manifest/entry-trace, validator, sealed-mode deploy runbook delivered. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ELOCKER-CONTRACT-2001 | AGCN0101 | ||
| CONCELIER-AIRGAP-56-002 | DONE (2025-11-24) | SPRINT_112_concelier_i | Concelier Core Guild · AirGap Importer Guild | src/Concelier/StellaOps.Concelier.WebService/AirGap | Bundle validator (hash/order/entry-trace) and tests. | Delivered alongside 56-001 | AGCN0101 | |
| CONCELIER-AIRGAP-57-001 | TODO | SPRINT_112_concelier_i | Concelier Core Guild · AirGap Policy Guild | Feature flag + policy that rejects non-mirror connectors with actionable diagnostics; depends on 56-001. | — | ATLN0102 | ||
| CONCELIER-AIRGAP-57-002 | TODO | SPRINT_112_concelier_i | Concelier Core Guild · AirGap Time Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Compute fetchedAt/publishedAt/clockSource deltas per bundle and expose via observation APIs without mutating evidence; depends on 56-002. |
Wait for AIRGAP-TIME-CONTRACT-1501 | CCAN0101 | |
| CONCELIER-AIRGAP-58-001 | TODO | SPRINT_112_concelier_i | Concelier Core Guild · Evidence Locker Guild | Package advisory observations/linksets + provenance notes (document id + observationPath) into timeline-bound portable bundles with verifier instructions; depends on 57-002. | — | ATLN0102 | ||
| CONCELIER-ATTEST-73-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_110_ingestion_evidence | Concelier Core · Evidence Locker Guild | src/Concelier/StellaOps.Concelier.WebService | Attestation claims builder verified; Core/WebService attestation suites green (TestResults/concelier-attestation/core.trx, web.trx). |
CONCELIER-AIAI-31-002; ELOCKER-CONTRACT-2001 | CCAN0101 |
| CONCELIER-ATTEST-73-002 | DONE (2025-11-25) | 2025-11-25 | SPRINT_110_ingestion_evidence | Concelier Core · Evidence Locker Guild | src/Concelier/StellaOps.Concelier.WebService | Internal /internal/attestations/verify endpoint validated end-to-end; TRX archived under TestResults/concelier-attestation/web.trx. |
CONCELIER-AIAI-31-002; ELOCKER-CONTRACT-2001 | CCAN0101 |
| CONCELIER-CONSOLE-23-001 | TODO | SPRINT_112_concelier_i | Concelier WebService Guild · BE-Base Platform Guild | /console/advisories returns grouped linksets with per-source severity/status chips plus {documentId, observationPath} provenance references (matching GHSA + Red Hat CVE browser expectations); depends on CONCELIER-LNM-21-201/202. |
— | ATLN0102 | ||
| CONCELIER-CONSOLE-23-001..003 | DONE (2025-11-25) | 2025-11-25 | SPRINT_110_ingestion_evidence | Concelier Console Guild | src/Concelier/StellaOps.Concelier.WebService | Console overlays wired to LNM schema; consumption contract published. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002 | CCLN0102 |
| CONCELIER-CONSOLE-23-002 | TODO | SPRINT_112_concelier_i | Concelier WebService Guild | Deterministic “new/modified/conflicting” sets referencing linkset IDs and field paths rather than computed verdicts; depends on 23-001. | — | ATLN0102 | ||
| CONCELIER-CONSOLE-23-003 | TODO | SPRINT_112_concelier_i | Concelier WebService Guild | CVE/GHSA/PURL lookups return observation excerpts, provenance anchors, and cache hints so tenants can preview evidence safely; reuse structured field taxonomy from Workstream A. | — | ATLN0102 | ||
| CONCELIER-CORE-AOC-19-013 | TODO | SPRINT_112_concelier_i | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Expand smoke/e2e suites so Authority tokens + tenant headers are mandatory for ingest/read paths (including the new provenance endpoint). Must assert no merge-side effects and that provenance anchors always round-trip. | Must reference AOC guardrails from docs | AGCN0101 | |
| CONCELIER-DOCS-0001 | DONE | 2025-11-05 | SPRINT_0317_0001_0001_docs_modules_concelier | Docs Guild | docs/modules/concelier | Validate that docs/modules/concelier/README.md reflects the latest release notes and aggregation toggles. |
Reference (baseline) | CCDO0101 |
| CONCELIER-ENG-0001 | DONE | 2025-11-25 | SPRINT_0317_0001_0001_docs_modules_concelier | Module Team · Concelier Guild | docs/modules/concelier | Cross-check implementation plan milestones against /docs/implplan/SPRINT_*.md and update module readiness checkpoints. |
Wait for CCPR0101 validation | CCDO0101 |
| CONCELIER-GRAPH-21-001 | DONE | 2025-11-18 | SPRINT_113_concelier_ii | Concelier Core · Cartographer Guilds | src/Concelier/__Libraries/StellaOps.Concelier.Core | Extend SBOM normalization so every relationship (depends_on, contains, provides) and scope tag is captured as raw observation metadata with provenance pointers; Cartographer can then join SBOM + advisory facts without Concelier inferring impact. | Waiting on Cartographer schema (052_CAGR0101) | AGCN0101 |
| CONCELIER-GRAPH-21-002 | DONE | 2025-11-22 | SPRINT_113_concelier_ii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Publish sbom.observation.updated events whenever new SBOM versions arrive, including tenant/context metadata and advisory references—never send judgments, only facts. Depends on CONCELIER-GRAPH-21-001. |
Depends on #5 outputs | AGCN0101 |
| CONCELIER-GRAPH-24-101 | TODO | SPRINT_113_concelier_ii | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Provide /advisories/summary responses that bundle observation/linkset metadata (aliases, confidence, conflicts) for graph overlays while keeping upstream values intact. Depends on CONCELIER-GRAPH-21-002. |
Wait for CAGR0101 + storage migrations | CCGH0101 | |
| CONCELIER-GRAPH-28-102 | TODO | SPRINT_113_concelier_ii | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Add batch fetch endpoints keyed by component sets so graph tooltips can pull raw observations/linksets efficiently; include provenance + timestamps but no derived severity. Depends on CONCELIER-GRAPH-24-101. | Depends on #1 | CCGH0101 | |
| CONCELIER-LNM-21-001 | DONE | 2025-11-17 | SPRINT_113_concelier_ii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Define the immutable advisory_observations model (per-source fields, version ranges, severity text, provenance metadata, tenant guards) so every ingestion path records raw statements without merge artifacts. |
Needs Link-Not-Merge approval (005_ATLN0101) | AGCN0101 |
| CONCELIER-LNM-21-002 | DONE | 2025-11-22 | SPRINT_113_concelier_ii | Concelier Core Guild · Data Science Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Implement correlation pipelines (alias graph, purl overlap, CVSS vector compare) that output linksets with confidence scores + conflict markers, never collapsing conflicting facts into single values. Depends on CONCELIER-LNM-21-001. | Depends on #7 for precedence rules | AGCN0101 |
| CONCELIER-LNM-21-003 | DONE | 2025-11-22 | SPRINT_0113_0001_0002_concelier_ii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Record disagreements (severity, CVSS, references) on linksets as structured conflict entries so consumers can reason about divergence without Concelier resolving it. Depends on CONCELIER-LNM-21-002. | Completed | AGCN0101 |
| CONCELIER-LNM-21-004 | DONE | 2025-11-27 | SPRINT_0113_0001_0002_concelier_ii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Delete legacy merge/dedup logic, add guardrails/tests to keep ingestion append-only, and document how linksets supersede the old merge outputs. Depends on CONCELIER-LNM-21-003. | Completed | AGCN0101 |
| CONCELIER-LNM-21-005 | DONE | 2025-11-27 | SPRINT_0113_0001_0002_concelier_ii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Emit advisory.linkset.updated events containing delta descriptions + observation ids so downstream evaluators can subscribe deterministically. Depends on CONCELIER-LNM-21-004. |
Completed | CCCO0101 |
| CONCELIER-LNM-21-101 | DONE | 2025-11-27 | SPRINT_0113_0001_0002_concelier_ii | Concelier Storage Guild | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | Provision the Mongo collections (advisory_observations, advisory_linksets) with hashed shard keys, tenant indexes, and TTL for ingest metadata to support Link-Not-Merge at scale. Depends on CONCELIER-LNM-21-005. |
Completed | CCLN0101 |
| CONCELIER-LNM-21-102 | DONE | 2025-11-28 | SPRINT_0113_0001_0002_concelier_ii | Concelier Storage Guild · DevOps Guild | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | Backfill legacy merged advisories into the new observation/linkset collections, seed tombstones for deprecated docs, and provide rollback tooling for Offline Kit operators. Depends on CONCELIER-LNM-21-101. | Completed | CCLN0101 |
| CONCELIER-LNM-21-103 | TODO | SPRINT_113_concelier_ii | Concelier Storage Guild (src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo) | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | Move large raw payloads to object storage with deterministic pointers, update bootstrapper/offline kit seeds, and guarantee provenance metadata remains intact. Depends on CONCELIER-LNM-21-102. | — | ATLN0101 | |
| CONCELIER-LNM-21-201 | TODO | SPRINT_113_concelier_ii | Concelier WebService Guild · Platform Guild | src/Concelier/StellaOps.Concelier.WebService | Add /advisories/observations with filters for alias/purl/source plus strict tenant scopes; responses must only echo upstream values + provenance fields. Depends on CONCELIER-LNM-21-103. |
Wait for storage sprint (CCLN0101) | CCLN0102 | |
| CONCELIER-LNM-21-202 | TODO | SPRINT_113_concelier_ii | Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | Implement /advisories/linksets/export/evidence endpoints surfacing correlation + conflict payloads and ERR_AGG_* error mapping, never exposing synthesis/merge results. Depends on CONCELIER-LNM-21-201. |
— | ATLN0101 | |
| CONCELIER-LNM-21-203 | TODO | SPRINT_113_concelier_ii | Concelier WebService Guild, Platform Events Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | Publish idempotent NATS/Redis events for new observations/linksets with schemas documented for downstream consumers; include tenant + provenance references only. Depends on CONCELIER-LNM-21-202. | — | ATLN0101 | |
| CONCELIER-OAS-61-001 | TODO | SPRINT_114_concelier_iii | Concelier Core + API Contracts Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Update the OpenAPI spec so every observation/linkset/timeline endpoint documents provenance fields, tenant scopes, and AOC guarantees (no consensus fields), giving downstream SDKs unambiguous contracts. | Wait for CCPR0101 policy updates | CCOA0101 | |
| CONCELIER-OAS-61-002 | TODO | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Provide realistic examples (conflict linksets, multi-source severity, timeline snippets) showing how raw advisories are surfaced without merges; wire them into docs/SDKs. Depends on CONCELIER-OAS-61-001. | Depends on #1 | CCOA0101 | |
| CONCELIER-OAS-62-001 | TODO | SPRINT_114_concelier_iii | Concelier Core + SDK Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Add SDK scenarios covering advisory search, pagination, and conflict handling to ensure each language client preserves provenance fields and does not infer verdicts. Depends on CONCELIER-OAS-61-002. | Needs SDK requirements from CLSB0101 | CCOA0101 | |
| CONCELIER-OBS-51-001 | TODO | SPRINT_114_concelier_iii | Concelier Core Guild · DevOps Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Emit ingestion latency, queue depth, and AOC violation metrics with burn-rate alerts so we can prove the evidence pipeline remains healthy without resorting to heuristics. | Wait for 046_TLTY0101 metric schema drop | CNOB0101 | |
| CONCELIER-OBS-52-001 | TODO | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Produce timeline records for ingest/normalization/linkset updates containing trace IDs, conflict summaries, and evidence hashes—pure facts for downstream replay. Depends on CONCELIER-OBS-51-001. | Needs #1 merged to reuse structured logging helpers | CNOB0101 | |
| CONCELIER-OBS-53-001 | TODO | SPRINT_114_concelier_iii | Concelier Core Guild · Evidence Locker Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Generate evidence locker bundles (raw doc, normalization diff, linkset) with Merkle manifests so audits can replay advisory history without touching live Mongo. Depends on CONCELIER-OBS-52-001. | Requires Evidence Locker contract from 002_ATEL0101 | CNOB0101 | |
| CONCELIER-OBS-54-001 | TODO | SPRINT_114_concelier_iii | Concelier Core Guild · Provenance Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Attach DSSE attestations to advisory batches, expose verification APIs, and link attestation IDs into timeline + ledger for transparency. Depends on CONCELIER-OBS-53-001. | Blocked by Link-Not-Merge schema finalization (005_ATLN0101) | CNOB0101 | |
| CONCELIER-OBS-55-001 | TODO | SPRINT_114_concelier_iii | Concelier Core Guild · DevOps Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Implement incident-mode levers (extra sampling, retention overrides, redaction guards) that collect more raw evidence without mutating advisory content. Depends on CONCELIER-OBS-54-001. | Depends on #4 for consistent dimensions | CNOB0101 | |
| CONCELIER-OPS-0001 | DONE | 2025-11-25 | SPRINT_0317_0001_0001_docs_modules_concelier | Ops Guild | docs/modules/concelier | Review runbooks/observability assets after the next sprint demo and capture findings inline with sprint notes. | Depends on #2 | CCDO0101 |
| CONCELIER-ORCH-32-001 | TODO | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Register every advisory connector with the orchestrator (metadata, auth scopes, rate policies) so ingest scheduling is transparent and reproducible. | Wait for CCAN0101 outputs | CCCO0101 | |
| CONCELIER-ORCH-32-002 | TODO | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Adopt the orchestrator worker SDK in ingestion loops, emitting heartbeats/progress/artifact hashes to guarantee deterministic replays. Depends on CONCELIER-ORCH-32-001. | Depends on #1 | CCCO0101 | |
| CONCELIER-ORCH-33-001 | TODO | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Honor orchestrator pause/throttle/retry controls with structured error outputs and persisted checkpoints so operators can intervene without losing evidence. Depends on CONCELIER-ORCH-32-002. | Needs ORTR0102 cues | CCCO0101 | |
| CONCELIER-ORCH-34-001 | TODO | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Execute orchestrator-driven backfills that reuse artifact hashes/signatures, log provenance, and push run metadata to the ledger for audits. Depends on CONCELIER-ORCH-33-001. | Depends on #3 | CCCO0101 | |
| CONCELIER-POLICY-20-001 | TODO | SPRINT_114_concelier_iii | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Provide batch advisory lookup APIs for Policy Engine (purl/advisory filters, tenant scopes, explain metadata) so policy can join raw evidence without Concelier suggesting outcomes. | Wait for storage sprint | CCPR0101 | |
| CONCELIER-POLICY-20-002 | TODO | SPRINT_115_concelier_iv | Concelier Core Guild · Policy Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Expand linkset builders with vendor-specific equivalence tables, NEVRA/PURL normalization, and version-range parsing so policy joins become more accurate without Concelier prioritizing sources. Depends on CONCELIER-POLICY-20-001. | Depends on #1 | CCPR0101 | |
| CONCELIER-POLICY-20-003 | TODO | SPRINT_115_concelier_iv | Concelier Storage Guild | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | Introduce advisory selection cursors + change-stream checkpoints that let Policy Engine process deltas deterministically; include offline migration scripts. Depends on CONCELIER-POLICY-20-002. | Depends on #2 | CCPR0101 | |
| CONCELIER-POLICY-23-001 | TODO | SPRINT_115_concelier_iv | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Add secondary indexes/materialized views (alias, provider severity, correlation confidence) so policy lookups stay fast without caching derived verdicts; document the supported query patterns. Depends on CONCELIER-POLICY-20-003. | Needs RISK series seeds | CCPR0101 | |
| CONCELIER-POLICY-23-002 | TODO | SPRINT_115_concelier_iv | Concelier WebService Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Ensure advisory.linkset.updated events ship with idempotent IDs, confidence summaries, and tenant metadata so policy consumers can replay evidence feeds safely. Depends on CONCELIER-POLICY-23-001. |
Depends on #4 | CCPR0101 | |
| CONCELIER-RISK-66-001 | BLOCKED | 2025-11-23 | SPRINT_115_concelier_iv | Concelier Core · Risk Engine Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Surface vendor-provided CVSS/KEV/fix data exactly as published (with provenance anchors) through provider APIs so risk engines can reason about upstream intent. | POLICY-20-001 outputs; AUTH-TEN-47-001; shared signals library adoption | CCPR0101 |
| CONCELIER-RISK-66-002 | BLOCKED | 2025-11-23 | SPRINT_115_concelier_iv | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Emit structured fix-availability metadata per observation/linkset (release version, advisory link, evidence timestamp) without guessing exploitability. Depends on CONCELIER-RISK-66-001. | CONCELIER-RISK-66-001 | CCPR0101 |
| CONCELIER-RISK-67-001 | BLOCKED | 2025-11-23 | SPRINT_115_concelier_iv | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Publish per-source coverage/conflict metrics (counts, disagreements) so explainers can cite which upstream statements exist; no weighting is applied inside Concelier. Depends on CONCELIER-RISK-66-001. | CONCELIER-RISK-66-001 | CCPR0101 |
| CONCELIER-RISK-68-001 | BLOCKED | 2025-11-23 | SPRINT_115_concelier_iv | Concelier Core + Policy Studio Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Wire advisory signal pickers into Policy Studio so curators can select which raw advisory fields feed policy gating; validation must confirm fields are provenance-backed. Depends on POLICY-RISK-68-001. | POLICY-RISK-68-001; CONCELIER-RISK-66-001 | CCPR0101 |
| CONCELIER-RISK-69-001 | BLOCKED | 2025-11-23 | SPRINT_115_concelier_iv | Concelier Core + Notifications Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Emit notifications when upstream advisory fields change (e.g., fix available) with observation IDs + provenance so Notifications service can alert without inferring severity. Depends on CONCELIER-RISK-66-002. | CONCELIER-RISK-66-002; Notifications contract | CCPR0101 |
| CONCELIER-SIG-26-001 | BLOCKED | 2025-11-23 | SPRINT_115_concelier_iv | Concelier Core + Signals Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Expose upstream-provided affected symbol/function lists via APIs to help reachability scoring; maintain provenance and do not infer exploitability. Depends on SIGNALS-24-002. | SIGNALS-24-002 | CCCO0101 |
| CONCELIER-STORE-AOC-19-005 | TODO | 2025-11-04 | SPRINT_115_concelier_iv | Concelier Storage Guild · DevOps Guild | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | Execute the raw-linkset backfill/rollback plan (docs/dev/raw-linkset-backfill-plan.md) so Mongo + Offline Kit bundles reflect Link-Not-Merge data; rehearse rollback. Depends on CONCELIER-CORE-AOC-19-004. |
Wait for CCLN0101 approval | CCSM0101 |
| CONCELIER-TEN-48-001 | BLOCKED | 2025-11-23 | SPRINT_115_concelier_iv | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Enforce tenant scoping throughout normalization/linking, expose capability endpoint advertising merge=false, and ensure events include tenant IDs. Depends on AUTH-TEN-47-001. |
AUTH-TEN-47-001; POLICY chain | CCCO0101 |
| CONCELIER-VEXLENS-30-001 | BLOCKED | 2025-11-23 | SPRINT_115_concelier_iv | Concelier WebService Guild · VEX Lens Guild | src/Concelier/StellaOps.Concelier.WebService | Guarantee advisory key consistency and cross-links consumed by VEX Lens so consensus explanations can cite Concelier evidence without requesting merges. Depends on CONCELIER-VULN-29-001, VEXLENS-30-005. | VEXLENS-30-005 | PLVL0103 |
| CONCELIER-VULN-29-004 | TODO | SPRINT_116_concelier_v | Concelier WebService Guild · Observability Guild | src/Concelier/StellaOps.Concelier.WebService | Instrument observation/linkset pipelines with metrics for identifier collisions, withdrawn statements, and chunk latencies; stream them to Vuln Explorer without altering evidence payloads. Depends on CONCELIER-VULN-29-001. | Requires CCPR0101 risk feed | CCWO0101 | |
| CONCELIER-WEB-AIRGAP-56-001 | TODO | SPRINT_116_concelier_v | Concelier WebService Guild · AirGap Policy Guild | src/Concelier/StellaOps.Concelier.WebService | Extend ingestion endpoints to register mirror bundle sources, expose bundle catalogs, and enforce sealed-mode by blocking direct internet feeds. | Wait for AGCN0101 proof | CCAW0101 | |
| CONCELIER-WEB-AIRGAP-56-002 | TODO | SPRINT_116_concelier_v | Concelier WebService Guild · AirGap Importer Guild | src/Concelier/StellaOps.Concelier.WebService | Add staleness + bundle provenance metadata to /advisories/observations and /advisories/linksets so operators can see freshness without Excitior deriving outcomes. Depends on CONCELIER-WEB-AIRGAP-56-001. |
Depends on #1 | CCAW0101 | |
| CONCELIER-WEB-AIRGAP-57-001 | TODO | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Map sealed-mode violations to consistent AIRGAP_EGRESS_BLOCKED payloads that explain how to remediate, leaving advisory content untouched. Depends on CONCELIER-WEB-AIRGAP-56-002. |
Needs CCAN0101 time beacons | CCAW0101 | |
| CONCELIER-WEB-AIRGAP-58-001 | TODO | SPRINT_116_concelier_v | Concelier WebService Guild · Evidence Locker Guild | src/Concelier/StellaOps.Concelier.WebService | Emit timeline events for bundle imports (bundle ID, scope, actor) so audit trails capture every evidence change. Depends on CONCELIER-WEB-AIRGAP-57-001. | Depends on #3 | CCAW0101 | |
| CONCELIER-WEB-AOC-19-003 | TODO | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Add unit tests for schema validators, forbidden-field guards (ERR_AOC_001/2/6/7), and supersedes chains to keep ingestion append-only. Depends on CONCELIER-WEB-AOC-19-002. |
Wait for CCSM0101 migration | CCAO0101 | |
| CONCELIER-WEB-AOC-19-004 | TODO | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Create integration tests that ingest large advisory batches (cold/warm), verify reproducible linksets, and record metrics/fixtures for Offline Kit rehearsals. Depends on CONCELIER-WEB-AOC-19-003. | Depends on #1 | CCAO0101 | |
| CONCELIER-WEB-AOC-19-005 | TODO | 2025-11-08 | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Fix /advisories/{key}/chunks test data so pre-seeded raw docs resolve correctly; ensure Mongo migrations stop logging “Unable to locate advisory_raw documents” during tests. Depends on CONCELIER-WEB-AOC-19-002. |
Needs CCPR0101 verdict feed | CCAO0101 |
| CONCELIER-WEB-AOC-19-006 | TODO | 2025-11-08 | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Align default auth/tenant configs with the test fixtures so allowlisted tenants can ingest before forbidden tenants are rejected, closing the gap in AdvisoryIngestEndpoint_RejectsTenantOutsideAllowlist. Depends on CONCELIER-WEB-AOC-19-002. |
Depends on #3 | CCAO0101 |
| CONCELIER-WEB-AOC-19-007 | TODO | 2025-11-08 | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Update AOC verify logic so guard failures emit ERR_AOC_001 (not _004) and keep mapper/guard parity covered by regression tests. Depends on CONCELIER-WEB-AOC-19-002. |
Depends on #4 | CCAO0101 |
| CONCELIER-WEB-OAS-61-002 | TODO | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Ensure every API returns the standardized error envelope and update controllers/tests accordingly (prereq for SDK/doc alignment). | Wait for CCOA0101 spec | CCWO0101 | |
| CONCELIER-WEB-OAS-62-001 | TODO | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Publish curated examples for observations/linksets/conflicts and wire them into the developer portal. Depends on CONCELIER-WEB-OAS-61-002. | Depends on #1 | CCWO0101 | |
| CONCELIER-WEB-OAS-63-001 | TODO | SPRINT_116_concelier_v | Concelier WebService Guild · API Governance Guild | src/Concelier/StellaOps.Concelier.WebService | Emit deprecation headers + notifications for retiring endpoints, steering clients toward Link-Not-Merge APIs. Depends on CONCELIER-WEB-OAS-62-001. | Needs governance approval | CCWO0101 | |
| CONCELIER-WEB-OBS-51-001 | TODO | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Add /obs/concelier/health surfaces for ingest health, queue depth, and SLO status so Console widgets can display real-time evidence pipeline stats. Depends on CONCELIER-WEB-OBS-50-001. |
Need telemetry schema baseline from 046_TLTY0101 | CNOB0102 | |
| CONCELIER-WEB-OBS-52-001 | TODO | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Provide SSE stream /obs/concelier/timeline with paging tokens, guardrails, and audit logging so operators can monitor evidence changes live. Depends on CONCELIER-WEB-OBS-51-001. |
Requires #1 merged so we reuse correlation IDs | CNOB0102 | |
| CONCELIER-WEB-OBS-53-001 | TODO | SPRINT_117_concelier_vi | Concelier WebService Guild · Evidence Locker Guild | src/Concelier/StellaOps.Concelier.WebService | Add /evidence/advisories/* routes that proxy evidence locker snapshots, verify evidence:read scopes, and return signed manifest metadata—no shortcut paths into raw storage. Depends on CONCELIER-WEB-OBS-52-001. |
Blocked on Evidence Locker DSSE feed (002_ATEL0101) | CNOB0102 | |
| CONCELIER-WEB-OBS-54-001 | TODO | SPRINT_117_concelier_vi | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Provide /attestations/advisories/* endpoints surfacing DSSE status, verification summary, and provenance chain so CLI/Console can audit trust without hitting databases. Depends on CONCELIER-WEB-OBS-53-001. |
Depends on Link-Not-Merge schema (005_ATLN0101) | CNOB0102 | |
| CONCELIER-WEB-OBS-55-001 | TODO | SPRINT_117_concelier_vi | Concelier WebService Guild · DevOps Guild | src/Concelier/StellaOps.Concelier.WebService | Implement incident-mode APIs that coordinate ingest, locker, and orchestrator, capturing activation events + cooldown semantics but leaving evidence untouched. Depends on CONCELIER-WEB-OBS-54-001. | Needs #4 to finalize labels | CNOB0102 | |
| CONN-SUSE-01-003 | Team Excititor Connectors – SUSE | SPRINT_0120_0001_0002_excititor_ii | Connector Guild (SUSE) | src/Excititor/__Libraries/StellaOps.Excititor.Connectors.SUSE.RancherVEXHub | EXCITITOR-CONN-SUSE-01-002; EXCITITOR-POLICY-01-001 | EXCITITOR-CONN-SUSE-01-002; EXCITITOR-POLICY-01-001 | EXCN0102 | |
| CONN-TRUST-01-001 | DONE (2025-11-22) | 2025-11-22 | SPRINT_110_ingestion_evidence | Excititor + AirGap Guilds | Connector trust + air-gap ingest delivered against frozen schema. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | EXCN0102 | |
| CONN-UBUNTU-01-003 | Team Excititor Connectors – Ubuntu | SPRINT_0120_0001_0002_excititor_ii | Connector Guild (Ubuntu) | src/Excititor/__Libraries/StellaOps.Excititor.Connectors.Ubuntu.CSAF | EXCITITOR-CONN-UBUNTU-01-002; EXCITITOR-POLICY-01-001 | EXCITITOR-CONN-UBUNTU-01-002; EXCITITOR-POLICY-01-001 | EXCN0102 | |
| CONSENSUS-LENS-DOCS-0001 | TODO | SPRINT_332_docs_modules_vex_lens | Docs Guild | docs/modules/vex-lens | Wait for CCSL0101 panel demo | Wait for CCSL0101 panel demo | CCDL0101 | |
| CONSENSUS-LENS-DOCS-0002 | TODO | 2025-11-05 | SPRINT_332_docs_modules_vex_lens | Docs Guild | docs/modules/vex-lens | Depends on #1 | Depends on #1 | CCDL0101 |
| CONSENSUS-LENS-ENG-0001 | TODO | SPRINT_332_docs_modules_vex_lens | Module Team | docs/modules/vex-lens | Needs CCWO0101 schema | Needs CCWO0101 schema | CCDL0101 | |
| CONSENSUS-LENS-OPS-0001 | TODO | SPRINT_332_docs_modules_vex-lens | Ops Guild | docs/modules/vex-lens | Depends on #3 | Depends on #3 | CCDL0101 | |
| CONSOLE-23-001 | TODO | SPRINT_112_concelier_i | Console Guild | src/Console/StellaOps.Console | Wait for CCWO0101 schema | Wait for CCWO0101 schema | CCSL0101 | |
| CONSOLE-23-001..003 | DONE (2025-11-25) | 2025-11-25 | SPRINT_110_ingestion_evidence | Console Guild | src/Console/StellaOps.Console | Console overlays wired to LNM schema; fixtures published. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002 | CCSL0101 |
| CONSOLE-23-002 | TODO | SPRINT_112_concelier_i | Console Guild | src/Console/StellaOps.Console | Needs LNM graph (CCGH0101) | Needs LNM graph (CCGH0101) | CCSL0101 | |
| CONSOLE-23-003 | TODO | SPRINT_112_concelier_i | Console Guild | src/Console/StellaOps.Console | Depends on #3 | Depends on #3 | CCSL0101 | |
| CONSOLE-23-004 | TODO | SPRINT_0212_0001_0001_web_i | Console Guild | src/Web/StellaOps.Web | Requires CCPR0101 verdicts | Requires CCPR0101 verdicts | CCSL0101 | |
| CONSOLE-23-005 | TODO | SPRINT_0212_0001_0001_web_i | Console Guild | src/Web/StellaOps.Web | Depends on #5 | Depends on #5 | CCSL0101 | |
| CONSOLE-OBS-52-001 | TODO | SPRINT_303_docs_tasks_md_iii | Console Ops Guild | docs/modules/ui | Needs TLTY0101 metrics | Needs TLTY0101 metrics | CCSL0101 | |
| CONSOLE-OBS-52-002 | TODO | SPRINT_303_docs_tasks_md_iii | Console Ops Guild | docs/modules/ui | Depends on #7 | Depends on #7 | CCSL0101 | |
| CONSOLE-VEX-30-001 | BLOCKED (2025-12-04) | 2025-12-04 | SPRINT_0212_0001_0001_web_i | Console Guild · VEX Lens Guild | src/Web/StellaOps.Web | Provide /console/vex/* APIs streaming VEX statements, justification summaries, and advisory links with SSE refresh hooks. Dependencies: WEB-CONSOLE-23-001 (done 2025-11-28), EXCITITOR-CONSOLE-23-001 (done 2025-11-23); awaiting VEX Lens spec PLVL0103 and SSE envelope validation from Scheduler/Signals alignment. |
Needs VEX Lens spec (PLVL0103) | CCSL0101 |
| CONSOLE-VULN-29-001 | BLOCKED (2025-12-04) | 2025-12-04 | SPRINT_0212_0001_0001_web_i | Console Guild | src/Web/StellaOps.Web | Build /console/vuln/* APIs and filters surfacing tenant-scoped findings with policy/VEX badges so Docs/UI teams can document workflows. Dependencies: WEB-CONSOLE-23-001 (done 2025-11-28); waiting on Concelier graph schema snapshot from 2025-12-03 freeze review. |
Depends on CCWO0101 | CCSL0101 |
| CONTAINERS-44-001 | DONE | 2025-11-18 | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild | src/Web/StellaOps.Web | Wait for DVCP0101 compose template | Wait for DVCP0101 compose template | COWB0101 |
| CONTAINERS-45-001 | DONE | 2025-11-19 | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild | src/Web/StellaOps.Web | Depends on #1 | Depends on #1 | COWB0101 |
| CONTAINERS-46-001 | DONE | 2025-11-19 | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild | src/Web/StellaOps.Web | Needs RBRE0101 hashes | Needs RBRE0101 hashes | COWB0101 |
| CONTRIB-62-001 | TODO | SPRINT_303_docs_tasks_md_iii | Docs Guild · API Governance Guild | docs/api | Wait for CCWO0101 spec finalization | Wait for CCWO0101 spec finalization | APID0101 | |
| CORE-185-001 | TODO | SPRINT_0185_0001_0001_shared_replay_primitives | Platform Guild | src/__Libraries/StellaOps.Replay.Core |
Wait for SGSI0101 feed | Wait for SGSI0101 feed | RLRC0101 | |
| CORE-185-002 | TODO | SPRINT_0185_0001_0001_shared_replay_primitives | Platform Guild | src/__Libraries/StellaOps.Replay.Core | Depends on #1 | Depends on #1 | RLRC0101 | |
| CORE-185-003 | TODO | SPRINT_0185_0001_0001_shared_replay_primitives | Platform Data Guild | src/__Libraries/StellaOps.Replay.Core | Depends on #2 | Depends on #2 | RLRC0101 | |
| CORE-186-004 | TODO | SPRINT_0186_0001_0001_record_deterministic_execution | Signing Guild | src/Signer/StellaOps.Signer, src/__Libraries/StellaOps.Cryptography |
Wait for RLRC0101 schema | Wait for RLRC0101 schema | SIGR0101 | |
| CORE-186-005 | TODO | SPRINT_0186_0001_0001_record_deterministic_execution | Signing Guild | src/Signer/StellaOps.Signer.Core |
Depends on #1 | Depends on #1 | SIGR0101 | |
| CORE-41-001 | TODO | SPRINT_0202_0001_0002_cli_ii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Wait for CASC0101 manifest | Wait for CASC0101 manifest | CLCI0110 | |
| CORE-AOC-19-002 | TODO | SPRINT_0120_0001_0002_excititor_ii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Wait for ATLN schema freeze | Wait for ATLN schema freeze | EXAC0101 | |
| CORE-AOC-19-003 | TODO | SPRINT_0120_0001_0002_excititor_ii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Depends on #1 | Depends on #1 | EXAC0101 | |
| CORE-AOC-19-004 | TODO | SPRINT_0120_0001_0002_excititor_ii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Depends on #2 | Depends on #2 | EXAC0101 | |
| CORE-AOC-19-013 | TODO | SPRINT_112_concelier_i | Concelier Core Guild + Excititor | src/Concelier/__Libraries/StellaOps.Concelier.Core | Needs CCAN0101 DSSE output | Needs CCAN0101 DSSE output | EXAC0101 | |
| CRT-56-001 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator Guild | Wait for PGMI0101 owner | Wait for PGMI0101 owner | MRCR0101 | ||
| CRT-56-002 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator · Security Guilds | Depends on #1 | MIRROR-CRT-56-001; PROV-OBS-53-001 | MRCR0101 | ||
| CRT-57-001 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator Guild · AirGap Time Guild | Needs AIRGAP-TIME-57-001 | MIRROR-CRT-56-001; AIRGAP-TIME-57-001 | MRCR0101 | ||
| CRT-57-002 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator Guild | Depends on #3 | MIRROR-CRT-56-001; AIRGAP-TIME-57-001 | MRCR0101 | ||
| CRT-58-001 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator + Evidence Locker | Requires Evidence Locker contract | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | MRCR0101 | ||
| CRT-58-002 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator + Security Guild | Depends on #5 | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | MRCR0101 | ||
| CRYPTO-90-001 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | CRSA0101 | ||
| CRYPTO-90-002 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | CRSA0101 | ||
| CRYPTO-90-003 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | CRSA0101 | ||
| CRYPTO-90-004 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | CRSA0101 | ||
| CRYPTO-90-005 | DONE | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | CRSA0101 | ||
| CRYPTO-90-006 | DONE | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | CRSA0101 | ||
| CRYPTO-90-007 | DONE | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | CRSA0101 | ||
| CRYPTO-90-008 | DONE | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | CRSA0101 | ||
| CRYPTO-90-009 | DONE | 2025-11-09 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro) | src/__Libraries.StellaOps.Cryptography.Plugin.CryptoPro | CRSA0101 | ||
| CRYPTO-90-010 | DONE | 2025-11-09 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography + .DependencyInjection) | src/__Libraries.StellaOps.Cryptography + .DependencyInjection | CRSA0101 | ||
| CRYPTO-90-011 | DONE | 2025-11-09 | SPRINT_514_sovereign_crypto_enablement | Security & Ops Guilds (src/Tools/StellaOps.CryptoRu.Cli) | src/Tools/StellaOps.CryptoRu.Cli | CRSA0101 | ||
| CRYPTO-90-012 | TODO | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/__Tests/StellaOps.Cryptography.Tests) | src/__Libraries/__Tests.StellaOps.Cryptography.Tests | CRSA0101 | |||
| CRYPTO-90-013 | TODO | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries.StellaOps.Cryptography | CRSA0101 | |||
| CRYPTO-90-014 | TODO | SPRINT_514_sovereign_crypto_enablement | Security + Service Guilds | Wait for AUIN0101 sign-off | Wait for AUIN0101 sign-off | CRYO0101 | ||
| CRYPTO-90-015 | TODO | SPRINT_514_sovereign_crypto_enablement | Security + Docs Guild | docs/security/rootpack_ru_*.md | Depends on #1 | Depends on #1 | CRYO0101 | |
| CRYPTO-90-016 | DONE | 2025-11-09 | SPRINT_514_sovereign_crypto_enablement | Security Guild | src/__Libraries/StellaOps.Cryptography.DependencyInjection + .Plugin.CryptoPro | Reference (artifact) | Reference (artifact) | CRYO0101 |
| CRYPTO-90-017 | TODO | SPRINT_514_sovereign_crypto_enablement | Security Guild | third_party/forks + src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro | Needs fork sync | Needs fork sync | CRYO0101 | |
| CRYPTO-90-018 | TODO | SPRINT_514_sovereign_crypto_enablement | Security + Docs Guild | docs/security/rootpack_ru_*.md, docs/dev/crypto.md | Depends on #4 | Depends on #4 | CRYO0101 | |
| CRYPTO-90-019 | TODO | SPRINT_514_sovereign_crypto_enablement | Security Guild | third_party/forks/AlexMAS.GostCryptography | Needs fork validation | Needs fork validation | CRYO0101 | |
| CRYPTO-90-020 | TODO | SPRINT_514_sovereign_crypto_enablement | Security Guild | src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro | Depends on #6 | Depends on #6 | CRYO0101 | |
| CRYPTO-90-021 | TODO | SPRINT_514_sovereign_crypto_enablement | Security + QA Guilds | scripts/crypto/**, docs/security/rootpack_ru_validation.md | Depends on #7 | Depends on #7 | CRYO0101 | |
| CTL-56-001 | TODO | SPRINT_510_airgap | AirGap Controller Guild | src/AirGap/StellaOps.AirGap.Controller | Wait for AGTM0101 schema | Wait for AGTM0101 schema | AGCT0102 | |
| CTL-56-002 | TODO | SPRINT_510_airgap | Controller + DevOps Guilds | src/AirGap/StellaOps.AirGap.Controller | Depends on #1 | Depends on #1 | AGCT0102 | |
| CTL-57-001 | TODO | SPRINT_510_airgap | Controller + Time Guild | src/AirGap/StellaOps.AirGap.Controller | Needs AGTM time anchors | Needs AGTM time anchors | AGCT0102 | |
| CTL-57-002 | TODO | SPRINT_510_airgap | Controller + Observability Guild | src/AirGap/StellaOps.AirGap.Controller | Depends on #3 | Depends on #3 | AGCT0102 | |
| CTL-58-001 | TODO | SPRINT_510_airgap | Controller + Evidence Locker Guild | src/AirGap/StellaOps.AirGap.Controller | Depends on #4 | Depends on #4 | AGCT0102 | |
| DEPLOY-AIAI-31-001 | TODO | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Advisory AI Guild | ops/deployment | Provide Helm/Compose manifests, GPU toggle, scaling/runbook, and offline kit instructions for Advisory AI service + inference container. | Wait for DVCP0101 compose template | DVPL0101 | |
| DEPLOY-AIRGAP-46-001 | TODO | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Offline Kit Guild | ops/deployment | Provide instructions and scripts (load.sh) for importing air-gap bundle into private registry; update Offline Kit guide. |
Requires #1 artifacts | AGDP0101 | |
| DEPLOY-CLI-41-001 | TODO | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · CLI Guild | ops/deployment | Package CLI release artifacts (tarballs per OS/arch, checksums, signatures, completions, container image) and publish distribution docs. | Wait for CLI observability schema (035_CLCI0105) | AGDP0101 | |
| DEPLOY-COMPOSE-44-001 | DOING (dev-mock 2025-12-06) | 2025-12-06 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild | ops/deployment | Finalize Quickstart scripts (quickstart.sh, backup.sh, reset.sh), seed data container, and publish README with imposed rule reminder. |
Depends on #1 | DVPL0101 |
| DEPLOY-EXPORT-35-001 | BLOCKED | 2025-10-29 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Export Center Guild | ops/deployment | Package exporter service/worker Helm overlays (download-only), document rollout/rollback, and integrate signing KMS secrets. | Need exporter DSSE API (002_ATEL0101) | AGDP0101 |
| DEPLOY-EXPORT-36-001 | TODO | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Export Center Guild | ops/deployment | Document OCI/object storage distribution workflows, registry credential automation, and monitoring hooks for exports. Dependencies: DEPLOY-EXPORT-35-001. | Depends on #4 deliverables | AGDP0101 | |
| DEPLOY-HELM-45-001 | TODO | SPRINT_0501_0001_0001_ops_deployment_i | Deployment + Security Guilds | ops/deployment | Publish Helm install guide and sample values for prod/airgap; integrate with docs site build. | Needs helm chart schema | DVPL0101 | |
| DEPLOY-NOTIFY-38-001 | TODO | 2025-10-29 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment + Notify Guilds | ops/deployment | Package notifier API/worker Helm overlays (email/chat/webhook), secrets templates, rollout guide. | Depends on #3 | DVPL0101 |
| DEPLOY-ORCH-34-001 | DOING (dev-mock 2025-12-06) | 2025-12-05 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Orchestrator Guild | ops/deployment | Provide orchestrator Helm/Compose manifests, scaling defaults, secret templates, offline kit instructions, and GA rollout/rollback playbook. | Requires ORTR0101 readiness | AGDP0101 |
| DEPLOY-PACKS-42-001 | DOING (dev-mock 2025-12-06) | 2025-12-06 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Packs Registry Guild | ops/deployment | Provide deployment manifests for packs-registry and task-runner services, including Helm/Compose overlays, scaling defaults, and secret templates. | Wait for pack registry schema | AGDP0101 |
| DEPLOY-PACKS-43-001 | DOING (dev-mock 2025-12-06) | 2025-12-06 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Task Runner Guild | ops/deployment | Ship remote Task Runner worker profiles, object storage bootstrap, approval workflow integration, and Offline Kit packaging instructions. Dependencies: DEPLOY-PACKS-42-001. | Needs #7 artifacts | AGDP0101 |
| DEPLOY-POLICY-27-001 | DOING (dev-mock 2025-12-06) | 2025-12-05 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Policy Registry Guild | ops/deployment | Produce Helm/Compose overlays for Policy Registry + simulation workers, including Mongo migrations, object storage buckets, signing key secrets, and tenancy defaults. | Needs registry schema + secrets | AGDP0101 |
| DEPLOY-POLICY-27-002 | DOING (draft 2025-12-06) | 2025-12-06 | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment Guild · Policy Guild | ops/deployment | Drafted docs/runbooks/policy-incident.md (publish/promote, freeze, evidence); finalize once DEPLOY-POLICY-27-001 ships schema/digests. |
Depends on 27-001 | AGDP0101 |
| DEPLOY-VEX-30-001 | DOING (dev-mock 2025-12-06) | 2025-12-06 | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment + VEX Lens Guild | ops/deployment | Mock-ready runbook added (docs/runbooks/vex-ops.md); awaiting schema/digests for final Helm/Compose overlays. |
Wait for CCWO0101 schema | DVPL0101 |
| DEPLOY-VEX-30-002 | DOING (dev-mock 2025-12-06) | 2025-12-06 | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment Guild | ops/deployment | Issuer Directory guidance covered in docs/runbooks/vex-ops.md; finalize once DEPLOY-VEX-30-001 pins production values. |
Depends on #5 | DVPL0101 |
| DEPLOY-VULN-29-001 | DOING (dev-mock 2025-12-06) | 2025-12-06 | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment + Vuln Guild | ops/deployment | Mock-ready runbook added (docs/runbooks/vuln-ops.md); production overlays pending schema/digests. |
Needs CCWO0101 | DVPL0101 |
| DEPLOY-VULN-29-002 | DOING (dev-mock 2025-12-06) | 2025-12-06 | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment Guild | ops/deployment | Vuln Explorer API steps captured in docs/runbooks/vuln-ops.md; finalize with real pins after DEPLOY-VULN-29-001. |
Depends on #7 | DVPL0101 |
| DETER-186-008 | TODO | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild | src/Scanner/StellaOps.Scanner.WebService, src/Scanner/StellaOps.Scanner.Worker |
Wait for RLRC0101 fixture | Wait for RLRC0101 fixture | SCDT0101 | |
| DETER-186-009 | TODO | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild · QA Guild | src/Scanner/StellaOps.Scanner.Replay, src/Scanner/__Tests |
Depends on #1 | Depends on #1 | SCDT0101 | |
| DETER-186-010 | TODO | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild · Export Center Guild | src/Scanner/StellaOps.Scanner.WebService, docs/modules/scanner/operations/release.md |
Depends on #2 | Depends on #2 | SCDT0101 | |
| DETER-70-002 | TODO | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Scanner Guild | Needs CASC0101 manifest | Needs CASC0101 manifest | SCDT0101 | ||
| DETER-70-003 | TODO | SPRINT_0202_0001_0002_cli_ii | DevEx/CLI Guild · Scanner Guild | src/Cli/StellaOps.Cli | Depends on #4 | Depends on #4 | SCDT0101 | |
| DETER-70-004 | TODO | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Depends on #5 | Depends on #5 | SCDT0101 | |
| DEVOPS-AIAI-31-001 | TODO | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Advisory AI Guild (ops/devops) | ops/devops | Stand up CI pipelines, inference monitoring, privacy logging review, and perf dashboards for Advisory AI (summaries/conflicts/remediation). | — | DVDO0101 | |
| DEVOPS-AIRGAP-56-001 | TODO | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild (ops/devops) | ops/devops | Ship deny-all egress policies for Kubernetes (NetworkPolicy/eBPF) and docker-compose firewall rules; provide verification script for sealed mode. | — | DVDO0101 | |
| DEVOPS-AIRGAP-56-002 | TODO | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, AirGap Importer Guild (ops/devops) | ops/devops | Provide import tooling for bundle staging: checksum validation, offline object-store loader scripts, removable media guidance. Dependencies: DEVOPS-AIRGAP-56-001. | — | DVDO0101 | |
| DEVOPS-AIRGAP-56-003 | TODO | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Container Distribution Guild (ops/devops) | ops/devops | Build Bootstrap Pack pipeline bundling images/charts, generating checksums, and publishing manifest for offline transfer. Dependencies: DEVOPS-AIRGAP-56-002. | — | DVDO0101 | |
| DEVOPS-AIRGAP-57-001 | TODO | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Mirror Creator Guild (ops/devops) | ops/devops | Automate Mirror Bundle creation jobs with dual-control approvals, artifact signing, and checksum publication. Dependencies: DEVOPS-AIRGAP-56-003. | — | DVDO0101 | |
| DEVOPS-AIRGAP-57-002 | DOING | 2025-11-08 | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Authority Guild (ops/devops) | ops/devops | Configure sealed-mode CI tests that run services with sealed flag and ensure no egress occurs (iptables + mock DNS). Dependencies: DEVOPS-AIRGAP-57-001. | — | DVDO0101 |
| DEVOPS-AIRGAP-58-001 | TODO | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Notifications Guild (ops/devops) | ops/devops | Provide local SMTP/syslog container templates and health checks for sealed environments; integrate into Bootstrap Pack. Dependencies: DEVOPS-AIRGAP-57-002. | — | DVDO0101 | |
| DEVOPS-AIRGAP-58-002 | TODO | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Observability Guild (ops/devops) | ops/devops | Ship sealed-mode observability stack (Prometheus/Grafana/Tempo/Loki) pre-configured with offline dashboards and no remote exporters. Dependencies: DEVOPS-AIRGAP-58-001. | — | DVDO0101 | |
| DEVOPS-AOC-19-001 | BLOCKED | 2025-10-26 | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Platform Guild (ops/devops) | ops/devops | Integrate the AOC Roslyn analyzer and guard tests into CI, failing builds when ingestion projects attempt banned writes. | CCAO0101 | DVDO0101 |
| DEVOPS-AOC-19-002 | BLOCKED | 2025-10-26 | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild (ops/devops) | ops/devops | Add pipeline stage executing stella aoc verify --since against seeded Mongo snapshots for Concelier + Excititor, publishing violation report artefacts. Dependencies: DEVOPS-AOC-19-001. |
DEVOPS-AOC-19-001 | DVDO0101 |
| DEVOPS-AOC-19-003 | BLOCKED | 2025-10-26 | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, QA Guild (ops/devops) | ops/devops | Enforce unit test coverage thresholds for AOC guard suites and ensure coverage exported to dashboards. Dependencies: DEVOPS-AOC-19-002. | DEVOPS-AOC-19-002 | DVDO0102 |
| DEVOPS-AOC-19-101 | TODO | 2025-10-28 | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild · Concelier Storage Guild | ops/devops | Draft supersedes backfill rollout (freeze window, dry-run steps, rollback) once advisory_raw idempotency index passes staging verification. Dependencies: DEVOPS-AOC-19-003. | Align with CCOA0101 contract | DVDO0104 |
| DEVOPS-ATTEST-73-001 | TODO | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Attestor Service Guild (ops/devops) | ops/devops | Provision CI pipelines for attestor service (lint/test/security scan, seed data) and manage secrets for KMS drivers. | — | DVDO0102 | |
| DEVOPS-ATTEST-73-002 | TODO | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, KMS Guild (ops/devops) | ops/devops | Establish secure storage for signing keys (vault integration, rotation schedule) and audit logging. Dependencies: DEVOPS-ATTEST-73-001. | — | DVDO0102 | |
| DEVOPS-ATTEST-74-001 | TODO | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Transparency Guild (ops/devops) | ops/devops | Deploy transparency log witness infrastructure and monitoring. Dependencies: DEVOPS-ATTEST-73-002. | — | DVDO0102 | |
| DEVOPS-ATTEST-74-002 | TODO | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild, Export Attestation Guild (ops/devops) | ops/devops | Integrate attestation bundle builds into release/offline pipelines with checksum verification. Dependencies: DEVOPS-ATTEST-74-001. | — | DVDO0102 | |
| DEVOPS-ATTEST-75-001 | TODO | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild, Observability Guild (ops/devops) | ops/devops | Add dashboards/alerts for signing latency, verification failures, key rotation events. Dependencies: DEVOPS-ATTEST-74-002. | — | DVDO0102 | |
| DEVOPS-CLI-41-001 | TODO | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild, DevEx/CLI Guild (ops/devops) | ops/devops | Establish CLI build pipeline (multi-platform binaries, SBOM, checksums), parity matrix CI enforcement, and release artifact signing. | — | DVDO0102 | |
| DEVOPS-CLI-42-001 | TODO | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild (ops/devops) | ops/devops | Add CLI golden output tests, parity diff automation, pack run CI harness, and artifact cache for remote mode. Dependencies: DEVOPS-CLI-41-001. | — | DVDO0102 | |
| DEVOPS-CLI-43-002 | TODO | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild, Task Runner Guild (ops/devops) | ops/devops | Implement Task Pack chaos smoke in CI (random failure injection, resume, sealed-mode toggle) and publish evidence bundles for review. Dependencies: DEVOPS-CLI-43-001. | — | DVDO0102 | |
| DEVOPS-CLI-43-003 | TODO | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild, DevEx/CLI Guild (ops/devops) | ops/devops | Integrate CLI golden output/parity diff automation into release gating; export parity report artifact consumed by Console Downloads workspace. Dependencies: DEVOPS-CLI-43-002. | — | DVDO0102 | |
| DEVOPS-CONSOLE-23-001 | DOING (runner+stub 2025-12-07) | 2025-12-07 | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild · Console Guild | ops/devops | Offline runner spec (ops/devops/console/README.md) and manual-only CI skeleton (.gitea/workflows/console-ci.yml) added; awaiting runner cache bake and console approval to enable PR runs. |
Needs runner cache bake | DVDO0104 |
| DEVOPS-CONSOLE-23-002 | TODO | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild | ops/devops | Produce stella-console container build + Helm chart overlays with deterministic digests, SBOM/provenance artefacts, and offline bundle packaging scripts. Dependencies: DEVOPS-CONSOLE-23-001. |
Depends on #2 | DVDO0104 | |
| DEVOPS-CONTAINERS-44-001 | TODO | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild | ops/devops | Automate multi-arch image builds with buildx, SBOM generation, cosign signing, and signature verification in CI. | Wait for COWB0101 base image | DVDO0104 | |
| DEVOPS-CONTAINERS-45-001 | TODO | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild | ops/devops | Add Compose and Helm smoke tests (fresh VM + kind cluster) to CI; publish test artifacts and logs. Dependencies: DEVOPS-CONTAINERS-44-001. | Depends on #4 | DVDO0104 | |
| DEVOPS-CONTAINERS-46-001 | TODO | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild | ops/devops | Build air-gap bundle generator (src/Tools/make-airgap-bundle.sh), produce signed bundle, and verify in CI using private registry. Dependencies: DEVOPS-CONTAINERS-45-001. |
Depends on #5 | DVDO0104 | |
| DEVOPS-DEVPORT-63-001 | TODO | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild · DevPortal Guild | ops/devops | Automate developer portal build pipeline with caching, link & accessibility checks, performance budgets. | Wait for API schema from CCWO0101 | DVDO0105 | |
| DEVOPS-DEVPORT-64-001 | TODO | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild | ops/devops | Schedule devportal --offline nightly builds with checksum validation and artifact retention policies. Dependencies: DEVOPS-DEVPORT-63-001. |
Depends on #1 | DVDO0105 | |
| DEVOPS-DOCS-0001 | TODO | SPRINT_0318_0001_0001_docs_modules_devops | DevOps Docs Guild | docs/modules/devops | See ./AGENTS.md | Needs CCSL0101 console docs | DVDO0105 | |
| DEVOPS-ENG-0001 | TODO | SPRINT_0318_0001_0001_docs_modules_devops | DevOps Engineering Guild | docs/modules/devops | Update status via ./AGENTS.md workflow | Depends on #3 | DVDO0105 | |
| DEVOPS-EXPORT-35-001 | TODO | 2025-10-29 | SPRINT_0504_0001_0001_ops_devops_ii | DevOps · Export Guild | ops/devops | Establish exporter CI pipeline (lint/test/perf smoke), configure object storage fixtures, seed Grafana dashboards, and document bootstrap steps. | Wait for DVPL0101 export deploy | DVDO0105 |
| DEVOPS-EXPORT-36-001 | TODO | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Integrate Trivy compatibility validation, cosign signature checks, trivy module db import smoke tests, OCI distribution verification, and throughput/error dashboards. Dependencies: DEVOPS-EXPORT-35-001. |
Depends on #5 | DVDO0105 | |
| DEVOPS-EXPORT-37-001 | TODO | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Finalize exporter monitoring (failure alerts, verify metrics, retention jobs) and chaos/latency tests ahead of GA. Dependencies: DEVOPS-EXPORT-36-001. | Depends on #6 | DVDO0105 | |
| DEVOPS-GRAPH-24-001 | TODO | SPRINT_0505_0001_0001_ops_devops_iii | DevOps · Graph Guild | ops/devops | Load test graph index/adjacency APIs with 40k-node assets; capture perf dashboards and alert thresholds. | Wait for CCGH0101 endpoint | DVDO0106 | |
| DEVOPS-GRAPH-24-002 | TODO | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Integrate synthetic UI perf runs (Playwright/WebGL metrics) for Graph/Vuln explorers; fail builds on regression. Dependencies: DEVOPS-GRAPH-24-001. | Depends on #1 | DVDO0106 | |
| DEVOPS-GRAPH-24-003 | TODO | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Implement smoke job for simulation endpoints ensuring we stay within SLA (<3s upgrade) and log results. Dependencies: DEVOPS-GRAPH-24-002. | Depends on #2 | DVDO0106 | |
| DEVOPS-LNM-22-001 | TODO | 2025-10-27 | SPRINT_0505_0001_0001_ops_devops_iii | DevOps · Concelier Guild | ops/devops | Run migration/backfill pipelines for advisory observations/linksets in staging, validate counts/conflicts, and automate deployment steps. Awaiting storage backfill tooling. | Needs CCLN0102 API | DVDO0106 |
| DEVOPS-LNM-22-002 | TODO | 2025-10-27 | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Execute VEX observation/linkset backfill with monitoring; ensure NATS/Redis events integrated; document ops runbook. Blocked until Excititor storage migration lands. Dependencies: DEVOPS-LNM-22-001. | Depends on #4 | DVDO0106 |
| DEVOPS-LNM-22-003 | TODO | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Add CI/monitoring coverage for new metrics (advisory_observations_total, linksets_total, etc.) and alerts on ingest-to-API SLA breaches. Dependencies: DEVOPS-LNM-22-002. |
Depends on #5 | DVDO0106 | |
| DEVOPS-OAS-61-001 | TODO | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Add CI stages for OpenAPI linting, validation, and compatibility diff; enforce gating on PRs. | Wait for CCWO0101 spec | DVDO0106 | |
| DEVOPS-OAS-61-002 | TODO | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Integrate mock server + contract test suite into PR and nightly workflows; publish artifacts. Dependencies: DEVOPS-OAS-61-001. | Depends on #7 | DVDO0106 | |
| DEVOPS-OBS-51-001 | TODO | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild · Observability Guild | ops/devops | Implement SLO evaluator service (burn rate calculators, webhook emitters), Grafana dashboards, and alert routing to Notifier. Provide Terraform/Helm automation. Dependencies: DEVOPS-OBS-50-002. | Wait for 045_DVDO0103 alert catalog | DVOB0101 | |
| DEVOPS-OBS-52-001 | TODO | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild · Timeline Indexer Guild | ops/devops | Configure streaming pipeline (NATS/Redis/Kafka) with retention, partitioning, and backpressure tuning for timeline events; add CI validation of schema + rate caps. Dependencies: DEVOPS-OBS-51-001. | Needs #1 merged for shared correlation IDs | DVOB0101 | |
| DEVOPS-OBS-53-001 | TODO | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild · Evidence Locker Guild | ops/devops | Provision object storage with WORM/retention options (S3 Object Lock / MinIO immutability), legal hold automation, and backup/restore scripts for evidence locker. Dependencies: DEVOPS-OBS-52-001. | Depends on DSSE API from 002_ATEL0101 | DVOB0101 | |
| DEVOPS-OBS-54-001 | TODO | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild · Security Guild | ops/devops | Manage provenance signing infrastructure (KMS keys, rotation schedule, timestamp authority integration) and integrate verification jobs into CI. Dependencies: DEVOPS-OBS-53-001. | Requires security sign-off on cardinality budgets | DVOB0101 | |
| DEVOPS-OBS-55-001 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild · Ops Guild | ops/devops | Implement incident mode automation: feature flag service, auto-activation via SLO burn-rate, retention override management, and post-incident reset job. Dependencies: DEVOPS-OBS-54-001. | Relies on #4 to finalize alert dimensions | DVOB0101 | |
| DEVOPS-OFFLINE-17-004 | TODO | 2025-11-23 | SPRINT_0508_0001_0001_ops_offline_kit | DevOps Offline Guild | ops/offline-kit | Release workflow now publishes out/release/debug; run mirror_debug_store.py on the next release artefact, verify hashes, archive metadata/debug-store.json into the Offline Kit. |
Wait for DVPL0101 compose | DVDO0107 |
| DEVOPS-OFFLINE-34-006 | TODO | SPRINT_0508_0001_0001_ops_offline_kit | DevOps Guild | ops/offline-kit | Bundle orchestrator service container, worker SDK samples, Postgres snapshot, and dashboards into Offline Kit with manifest/signature updates. Dependencies: DEVOPS-OFFLINE-17-004. | Depends on #1 | DVDO0107 | |
| DEVOPS-OFFLINE-37-001 | TODO | SPRINT_0508_0001_0001_ops_offline_kit | DevOps Guild | ops/offline-kit | Export Center offline bundles + verification tooling (mirror artefacts, verification CLI, manifest/signature refresh, air-gap import script). Dependencies: DEVOPS-OFFLINE-34-006. | Needs RBRE hashes | DVDO0107 | |
| DEVOPS-OFFLINE-37-002 | TODO | SPRINT_0508_0001_0001_ops_offline_kit | DevOps Guild | ops/offline-kit | Notifier offline packs (sample configs, template/digest packs, dry-run harness) with integrity checks and operator docs. Dependencies: DEVOPS-OFFLINE-37-001. | Depends on #3 | DVDO0107 | |
| DEVOPS-OPENSSL-11-001 | TODO | 2025-11-06 | SPRINT_0505_0001_0001_ops_devops_iii | Security + DevOps Guilds | ops/devops | Package the OpenSSL 1.1 shim (tests/native/openssl-1.1/linux-x64) into test harness output so Mongo2Go suites discover it automatically. |
Wait for CRYO0101 artifacts | DVDO0107 |
| DEVOPS-OPENSSL-11-002 | TODO | 2025-11-06 | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Ensure CI runners and Docker images that execute Mongo2Go tests export LD_LIBRARY_PATH (or embed the shim) to unblock unattended pipelines. Dependencies: DEVOPS-OPENSSL-11-001. |
Depends on #5 | DVDO0107 |
| DEVOPS-OPS-0001 | TODO | SPRINT_0318_0001_0001_docs_modules_devops | DevOps Ops Guild | docs/modules/devops | Sync outcomes back to ../.. | Depends on #1-6 | DVDO0107 | |
| DEVOPS-ORCH-32-001 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | DevOps · Orchestrator Guild | ops/devops | Provision orchestrator Postgres/message-bus infrastructure, add CI smoke deploy, seed Grafana dashboards (queue depth, inflight jobs), and document bootstrap. | Wait for ORTR0102 API | DVDO0108 | |
| DEVOPS-ORCH-33-001 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild | ops/devops | Publish Grafana dashboards/alerts for rate limiter, backpressure, error clustering, and DLQ depth; integrate with on-call rotations. Dependencies: DEVOPS-ORCH-32-001. | Depends on #1 | DVDO0108 | |
| DEVOPS-ORCH-34-001 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild | ops/devops | Harden production monitoring (synthetic probes, burn-rate alerts, replay smoke), document incident response, and prep GA readiness checklist. Dependencies: DEVOPS-ORCH-33-001. | Depends on #2 | DVDO0108 | |
| DEVOPS-POLICY-27-001 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild · CLI Guild | ops/devops | Add CI pipeline stages to run `stella policy lint | Needs CLI lint output | DVDO0108 | |
| DEVOPS-POLICY-27-002 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild · Policy Registry Guild | ops/devops | Provide optional batch simulation CI job (staging inventory) that triggers Registry run, polls results, and posts markdown summary to PR; enforce drift thresholds. Dependencies: DEVOPS-POLICY-27-001. | Depends on 27-001 | DVDO0108 | |
| DEVOPS-POLICY-27-003 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild · Security Guild | ops/devops | Manage signing key material for policy publish pipeline (OIDC workload identity + cosign), rotate keys, and document verification steps; integrate attestation verification stage. Dependencies: DEVOPS-POLICY-27-002. | Needs 27-002 pipeline | DVDO0108 | |
| DEVOPS-POLICY-27-004 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild · Observability Guild | ops/devops | Create dashboards/alerts for policy compile latency, simulation queue depth, approval latency, and promotion outcomes; integrate with on-call playbooks. Dependencies: DEVOPS-POLICY-27-003. | Depends on 27-003 | DVDO0108 | |
| DEVOPS-REL-17-004 | DONE | 2025-11-23 | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Release Guild | ops/devops | Release workflow now uploads out/release/debug as a dedicated artifact and already fails if symbols are missing; build-id manifest enforced. |
Needs DVPL0101 release artifacts | DVDO0108 |
| DEVOPS-RULES-33-001 | TODO | 2025-10-30 | SPRINT_0506_0001_0001_ops_devops_iv | DevOps · Policy Guild | ops/devops | Contracts & Rules anchor: • Gateway proxies only; Policy Engine composes overlays/simulations. • AOC ingestion cannot merge; only lossless canonicalization. • One graph platform: Graph Indexer + Graph API. Cartographer retired. |
Wait for CCPR0101 policy logs | DVDO0109 |
| DEVOPS-SCAN-90-004 | TODO | SPRINT_0505_0001_0001_ops_devops_iii | DevOps · Scanner Guild | ops/devops | Add a CI job that runs the scanner determinism harness against the release matrix (N runs per image), uploads determinism.json, and fails when score < threshold; publish artifact to release notes. Dependencies: SCAN-DETER-186-009/010. |
Needs SCDT0101 fixtures | DVDO0109 | |
| DEVOPS-SDK-63-001 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | DevOps · SDK Guild | ops/devops | Provision registry credentials, signing keys, and secure storage for SDK publishing pipelines. | Depends on #2 | DVDO0109 | |
| DEVOPS-SIG-26-001 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild · Signals Guild | ops/devops | Provision CI/CD pipelines, Helm/Compose manifests for Signals service, including artifact storage and Redis dependencies. | Wait for SGSI0101 metrics | DVDO0110 | |
| DEVOPS-SIG-26-002 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild | ops/devops | Create dashboards/alerts for reachability scoring latency, cache hit rates, sensor staleness. Dependencies: DEVOPS-SIG-26-001. | Depends on #1 | DVDO0110 | |
| DEVOPS-SYMS-90-005 | TODO | SPRINT_0505_0001_0001_ops_devops_iii | DevOps · Symbols Guild | ops/devops | Deploy Symbols.Server (Helm/Terraform), manage MinIO/Mongo storage, configure tenant RBAC/quotas, and wire ingestion CLI into release pipelines with monitoring and backups. Dependencies: SYMS-SERVER-401-011/013. | Needs RBSY0101 bundle | DVDO0110 | |
| DEVOPS-TEN-47-001 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | DevOps · Policy Guild | ops/devops | Add JWKS cache monitoring, signature verification regression tests, and token expiration chaos tests to CI. | Wait for CCPR0101 policy | DVDO0110 | |
| DEVOPS-TEN-48-001 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild | ops/devops | Build integration tests to assert RLS enforcement, tenant-prefixed object storage, and audit event emission; set up lint to prevent raw SQL bypass. Dependencies: DEVOPS-TEN-47-001. | Depends on #4 | DVDO0110 | |
| DEVOPS-TEN-49-001 | DONE (2025-12-03) | 2025-12-03 | SPRINT_0507_0001_0001_ops_devops_v | DevOps Guild | ops/devops | Deploy audit pipeline, scope usage metrics, JWKS outage chaos tests, and tenant load/perf benchmarks. Dependencies: DEVOPS-TEN-48-001. | Depends on #5 | DVDO0110 |
| DEVOPS-VEX-30-001 | DONE (2025-12-02) | 2025-12-02 | SPRINT_0507_0001_0001_ops_devops_v | DevOps Guild · VEX Lens Guild | ops/devops | Provision CI, load tests, dashboards, alerts for VEX Lens and Issuer Directory (compute latency, disputed totals, signature verification rates). | — | PLVL0103 |
| DEVOPS-VULN-29-001 | DONE (2025-12-02) | 2025-12-02 | SPRINT_0507_0001_0001_ops_devops_v | DevOps · Vuln Guild | ops/devops | Provision CI jobs for ledger projector (replay, determinism), set up backups, monitor Merkle anchoring, and automate verification. | Needs DVPL0101 deploy | DVDO0110 |
| DEVOPS-VULN-29-002 | DONE (2025-12-02) | 2025-12-02 | SPRINT_0507_0001_0001_ops_devops_v | DevOps Guild | ops/devops | Configure load/perf tests (5M findings/tenant), query budget enforcement, API SLO dashboards, and alerts for vuln_list_latency and projection_lag. Dependencies: DEVOPS-VULN-29-001. |
Depends on #7 | DVDO0110 |
| DEVOPS-VULN-29-003 | DONE (2025-12-02) | 2025-12-02 | SPRINT_0507_0001_0001_ops_devops_v | DevOps Guild | ops/devops | Instrument analytics pipeline for Vuln Explorer (telemetry ingestion, query hashes), ensure compliance with privacy/PII guardrails, and update observability docs. Dependencies: DEVOPS-VULN-29-002. | Depends on #8 | DVDO0110 |
| DEVPORT-62-001 | TODO | SPRINT_206_devportal | DevPortal Guild | src/DevPortal/StellaOps.DevPortal.Site | Select static site generator, integrate aggregate spec, build navigation + search scaffolding. | 62-001 | DEVL0101 | |
| DEVPORT-62-002 | TODO | SPRINT_206_devportal | DevPortal Guild | src/DevPortal/StellaOps.DevPortal.Site | Implement schema viewer, example rendering, copy-curl snippets, and version selector UI. Dependencies: DEVPORT-62-001. | DEVPORT-62-001 | DEVL0101 | |
| DEVPORT-63-001 | TODO | SPRINT_206_devportal | DevPortal Guild | src/DevPortal/StellaOps.DevPortal.Site | Add Try-It console pointing at sandbox environment with token onboarding and scope info. Dependencies: DEVPORT-62-002. | 63-001 | DEVL0101 | |
| DEVPORT-63-002 | TODO | SPRINT_206_devportal | DevPortal Guild | src/DevPortal/StellaOps.DevPortal.Site | Embed language-specific SDK snippets and quick starts generated from tested examples. Dependencies: DEVPORT-63-001. | DEVPORT-63-001 | DEVL0101 | |
| DEVPORT-64-001 | TODO | SPRINT_206_devportal | DevPortal Guild | src/DevPortal/StellaOps.DevPortal.Site | Provide offline build target bundling HTML, specs, SDK archives; ensure no external assets. Dependencies: DEVPORT-63-002. | 64-001 | DEVL0101 | |
| DEVPORT-64-002 | TODO | SPRINT_206_devportal | Developer Portal Guild (src/DevPortal/StellaOps.DevPortal.Site) | src/DevPortal/StellaOps.DevPortal.Site | Add automated accessibility tests, link checker, and performance budgets. Dependencies: DEVPORT-64-001. | DEVL0102 | ||
| DOC-008 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · Reachability Guild | docs/reachability/function-level-evidence.md, docs/09_API_CLI_REFERENCE.md, docs/api/policy.md |
Wait for replay evidence from 100_RBBN0101 | Wait for replay evidence from 100_RBBN0101 | DORC0101 | |
| DOC-70-001 | DONE | SPRINT_0170_0001_0001_notifications_telemetry | Docs Guild · Notifications Guild | docs | Gather notification doc references | Validate existing notifications doc and migrate notes | DOCP0101 | |
| DOCKER-44-001 | TODO | SPRINT_0507_0001_0001_ops_devops_v | DevOps Guild · Service Owners | ops/devops | Author multi-stage Dockerfiles for all core services (API, Console, Orchestrator, Task Runner, Conseiller, Excitor, Policy, Notify, Export, AI) with non-root users, read-only file systems, and health scripts. | Wait for DVPL0101 compose merge | DVDO0111 | |
| DOCKER-44-002 | TODO | SPRINT_0507_0001_0001_ops_devops_v | DevOps Guild | ops/devops | Generate SBOMs and cosign attestations for each image and integrate verification into CI. Dependencies: DOCKER-44-001. | Depends on #1 | DVDO0111 | |
| DOCKER-44-003 | TODO | SPRINT_0507_0001_0001_ops_devops_v | DevOps Guild | ops/devops | Implement /health/liveness, /health/readiness, /version, /metrics, and ensure capability endpoint returns merge=false for Conseiller/Excitor. Dependencies: DOCKER-44-002. |
Requires SBOM+scan workflow from 137_SCDT0101 | DVDO0111 | |
| DOCS-0001 | DONE | 2025-11-05 | SPRINT_313_docs_modules_attestor | Docs Guild | docs/modules/attestor | Confirm attestor module doc publication | Confirm attestor module doc scope | DOCP0101 |
| DOCS-0002 | TODO | 2025-11-05 | SPRINT_321_docs_modules_graph | Docs Guild (docs/modules/graph) | docs/modules/graph | — | — | DOCL0102 |
| DOCS-0003 | TODO | SPRINT_327_docs_modules_scanner | Docs Guild, Product Guild (docs/modules/scanner) | docs/modules/scanner | — | — | DOCL0102 | |
| DOCS-401-008 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | QA & Docs Guilds (docs, tests/README.md) |
docs, tests/README.md |
— | — | DOCL0102 | |
| DOCS-401-022 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · Attestor Guild (docs/ci/dsse-build-flow.md, docs/modules/attestor/architecture.md) |
docs/ci/dsse-build-flow.md, docs/modules/attestor/architecture.md |
— | — | DOCL0102 | |
| DOCS-AIAI-31-004 | DONE (2025-12-04) | 2025-12-04 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Console Guild | docs/advisory-ai | Guardrail console guide refreshed with deterministic captures plus consolidated hash manifest (docs/advisory-ai/console-fixtures.sha256) and verification steps. |
CONSOLE-VULN-29-001; CONSOLE-VEX-30-001; SBOM-AIAI-31-003 | DOAI0102 |
| DOCS-AIAI-31-005 | DONE (2025-11-25) | 2025-11-25 | SPRINT_110_ingestion_evidence | Docs Guild | CLI/policy/ops docs refreshed with offline hashes and exit codes. | DOCS-AIAI-31-004; CLI-VULN-29-001; CLI-VEX-30-001; POLICY-ENGINE-31-001; DEVOPS-AIAI-31-001 | DOAI0102 | |
| DOCS-AIAI-31-006 | TODO | 2025-11-13 | SPRINT_0111_0001_0001_advisoryai | Docs Guild · Advisory AI Guild | docs/modules/advisory-ai | /docs/policy/assistant-parameters.md now documents inference modes, guardrail phrases, budgets, and cache/queue knobs (POLICY-ENGINE-31-001 inputs captured via AdvisoryAiServiceOptions). |
Need latest telemetry outputs from ADAI0101 | DOAI0104 |
| DOCS-AIAI-31-008 | BLOCKED | 2025-11-18 | SPRINT_0111_0001_0001_advisoryai | Docs Guild · SBOM Service Guild (docs) | docs | Publish /docs/sbom/remediation-heuristics.md (feasibility scoring, blast radius). |
SBOM-AIAI-31-001 projection kit/fixtures | DOAI0104 |
| DOCS-AIAI-31-009 | DONE (2025-11-25) | 2025-11-25 | SPRINT_110_ingestion_evidence | Docs Guild | Docs updated with guardrail/ops addenda and offline hashes. | DOCS-AIAI-31-004; CLI-VULN-29-001; CLI-VEX-30-001; POLICY-ENGINE-31-001; DEVOPS-AIAI-31-001 | DOAI0102 | |
| DOCS-AIRGAP-56-001 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · AirGap Controller Guild | /docs/airgap/overview.md outlining modes, lifecycle, responsibilities, rule banner. |
— | DOAI0102 | |
| DOCS-AIRGAP-56-002 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · DevOps Guild | /docs/airgap/sealing-and-egress.md (network policies, EgressPolicy facade, verification). |
DOCS-AIRGAP-56-001 | DOAI0102 | |
| DOCS-AIRGAP-56-003 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Exporter Guild | bundle format, DSSE/TUF/Merkle validation, workflows | /docs/airgap/mirror-bundles.md (bundle format, DSSE/TUF/Merkle validation, workflows). |
DOCS-AIRGAP-56-002 | DOAI0102 |
| DOCS-AIRGAP-56-004 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Deployment Guild | /docs/airgap/bootstrap.md covering Bootstrap Pack creation + install. |
DOCS-AIRGAP-56-003 | DOAI0102 | |
| DOCS-AIRGAP-57-001 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · AirGap Time Guild | docs/modules/airgap | /docs/airgap/staleness-and-time.md (time anchors, drift, UI indicators). |
DOCS-AIRGAP-56-004 | DOAI0102 |
| DOCS-AIRGAP-57-002 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Console Guild | docs/modules/airgap | /docs/console/airgap.md (sealed badge, import wizard, staleness dashboards). |
DOCS-AIRGAP-57-001 | DOAI0102 |
| DOCS-AIRGAP-57-003 | TODO | SPRINT_302_docs_tasks_md_ii | Docs Guild · CLI Guild | docs/modules/airgap | Publish /docs/modules/cli/guides/airgap.md documenting commands, examples, exit codes. Dependencies: DOCS-AIRGAP-57-002. |
AIDG0101 tasks 3–4 | DOCL0102 | |
| DOCS-AIRGAP-57-004 | TODO | SPRINT_302_docs_tasks_md_ii | Docs Guild · Ops Guild | docs/modules/airgap | Create /docs/airgap/operations.md with runbooks for imports, failure recovery, and auditing. Dependencies: DOCS-AIRGAP-57-003. |
DOCS-AIRGAP-57-003 | DOCL0102 | |
| DOCS-AIRGAP-58-001 | TODO | SPRINT_302_docs_tasks_md_ii | Docs Guild, Product Guild (docs) | Provide /docs/airgap/degradation-matrix.md enumerating feature availability, fallbacks, remediation. Dependencies: DOCS-AIRGAP-57-004. |
— | DOCL0102 | ||
| DOCS-AIRGAP-58-002 | TODO | SPRINT_302_docs_tasks_md_ii | Docs Guild, Security Guild (docs) | Update /docs/security/trust-and-signing.md with DSSE/TUF roots, rotation, and signed time tokens. Dependencies: DOCS-AIRGAP-58-001. |
— | DOCL0102 | ||
| DOCS-AIRGAP-58-003 | TODO | SPRINT_302_docs_tasks_md_ii | Docs Guild · DevEx Guild | docs/modules/airgap | Publish /docs/dev/airgap-contracts.md describing EgressPolicy usage, sealed-mode tests, linting. Dependencies: DOCS-AIRGAP-58-002. |
Need DevEx CLI samples from CLCI0109 | DOAG0101 | |
| DOCS-AIRGAP-58-004 | TODO | SPRINT_302_docs_tasks_md_ii | Docs Guild · Evidence Locker Guild | docs/modules/airgap | Document /docs/airgap/portable-evidence.md for exporting/importing portable evidence bundles across enclaves. Dependencies: DOCS-AIRGAP-58-003. |
Requires Evidence Locker attestation notes from 002_ATEL0101 | DOAG0101 | |
| DOCS-AIRGAP-DEVPORT-64-001 | TODO | SPRINT_302_docs_tasks_md_ii | Docs Guild · DevPortal Offline Guild | docs/modules/export-center/devportal-offline.md | Create /docs/airgap/devportal-offline.md describing offline bundle usage and verification. |
Requires #3 draft | DEVL0102 | |
| DOCS-ATTEST-73-001 | TODO | SPRINT_302_docs_tasks_md_ii | Docs Guild, Attestor Service Guild (docs) | Publish /docs/modules/attestor/overview.md with imposed rule banner. |
— | DOAT0101 | ||
| DOCS-ATTEST-73-002 | DONE | 2025-11-23 | SPRINT_302_docs_tasks_md_ii | Docs Guild, Attestation Payloads Guild (docs) | Write /docs/modules/attestor/payloads.md with schemas/examples. Dependencies: DOCS-ATTEST-73-001. |
— | DOAT0101 | |
| DOCS-ATTEST-73-003 | DONE | 2025-11-23 | SPRINT_302_docs_tasks_md_ii | Docs Guild, Policy Guild (docs) | Publish /docs/modules/attestor/policies.md covering verification policies. Dependencies: DOCS-ATTEST-73-002. |
— | DOAT0101 | |
| DOCS-ATTEST-73-004 | DONE | 2025-11-23 | SPRINT_302_docs_tasks_md_ii | Docs Guild, Attestor Service Guild (docs) | Add /docs/modules/attestor/workflows.md detailing ingest, verify, bulk operations. Dependencies: DOCS-ATTEST-73-003. |
— | DOAT0101 | |
| DOCS-ATTEST-74-001 | DONE | 2025-11-23 | SPRINT_302_docs_tasks_md_ii | Docs Guild, KMS Guild (docs) | Publish /docs/modules/attestor/keys-and-issuers.md. Dependencies: DOCS-ATTEST-73-004. |
— | DOAT0101 | |
| DOCS-ATTEST-74-002 | DONE | 2025-11-23 | SPRINT_302_docs_tasks_md_ii | Docs Guild, Transparency Guild (docs) | Document /docs/modules/attestor/transparency.md with witness usage/offline validation. Dependencies: DOCS-ATTEST-74-001. |
— | DOAT0101 | |
| DOCS-ATTEST-74-003 | DONE | 2025-11-23 | SPRINT_302_docs_tasks_md_ii | Docs Guild, Attestor Console Guild (docs) | Write /docs/console/attestor-ui.md with screenshots/workflows. Dependencies: DOCS-ATTEST-74-002. |
— | DOAT0101 | |
| DOCS-ATTEST-74-004 | DONE | 2025-11-23 | SPRINT_302_docs_tasks_md_ii | Docs Guild, CLI Attestor Guild (docs) | Publish /docs/modules/cli/guides/attest.md covering CLI usage. Dependencies: DOCS-ATTEST-74-003. |
— | DOAT0101 | |
| DOCS-ATTEST-75-001 | DONE | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, Export Attestation Guild (docs) | Add /docs/modules/attestor/airgap.md for attestation bundles. Dependencies: DOCS-ATTEST-74-004. |
— | DOAT0101 | |
| DOCS-ATTEST-75-002 | DONE | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, Security Guild (docs) | Update /docs/security/aoc-invariants.md with attestation invariants. Dependencies: DOCS-ATTEST-75-001. |
— | DOAT0101 | |
| DOCS-CLI-41-001 | DONE | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, DevEx/CLI Guild (docs) | docs/modules/cli/guides | Publish /docs/modules/cli/guides/overview.md, /docs/modules/cli/guides/configuration.md, /docs/modules/cli/guides/output-and-exit-codes.md with imposed rule statements. |
— | DOCL0101 |
| DOCS-CLI-42-001 | DONE | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild (docs) | Publish /docs/modules/cli/guides/parity-matrix.md and command guides under /docs/modules/cli/guides/commands/*.md (policy, sbom, vuln, vex, advisory, export, orchestrator, notify, aoc, auth). Dependencies: DOCS-CLI-41-001. |
— | DOCL0101 | |
| DOCS-CLI-DET-01 | DONE | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · DevEx/CLI Guild | Document stella sbomer verbs (layer, compose, drift, verify) with examples & offline instructions. |
CLI-SBOM-60-001; CLI-SBOM-60-002 | DOCL0101 | |
| DOCS-CLI-FORENSICS-53-001 | DONE | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, DevEx/CLI Guild (docs) | docs/modules/cli/guides | Publish /docs/modules/cli/guides/forensics.md for snapshot/verify/attest commands with sample outputs, imposed rule banner, and offline workflows. |
— | DOCL0101 |
| DOCS-CLI-OBS-52-001 | DONE | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, DevEx/CLI Guild (docs) | docs/modules/cli/guides | Create /docs/modules/cli/guides/observability.md detailing stella obs commands, examples, exit codes, imposed rule banner, and scripting tips. |
— | DOCL0101 |
| DOCS-CONSOLE-OBS-52-001 | BLOCKED | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, Console Guild (docs) | Document /docs/console/observability.md showcasing Observability Hub widgets, trace/log search, imposed rule banner, and accessibility tips. |
Blocked: awaiting Console Observability Hub schemas/widgets from Console Guild | DOCL0101 | |
| DOCS-CONSOLE-OBS-52-002 | BLOCKED | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, Console Guild (docs) | Publish /docs/console/forensics.md covering timeline explorer, evidence viewer, attestation verifier, imposed rule banner, and troubleshooting. Dependencies: DOCS-CONSOLE-OBS-52-001. |
Blocked: upstream DOCS-CONSOLE-OBS-52-001 | DOCL0101 | |
| DOCS-OBS-50-002 | DONE (2025-11-25) | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild, Security Guild (docs) | docs/observability | Author /docs/observability/telemetry-standards.md detailing common fields, scrubbing policy, sampling defaults, and redaction override procedure. |
Docs Guild, Security Guild (docs) | DOOB0101 | |
| DOCS-CONTRIB-62-001 | DONE | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, API Governance Guild (docs) | Publish /docs/contributing/api-contracts.md detailing how to edit OAS, lint rules, compatibility checks. |
— | DOCL0101 | |
| DOCS-DETER-70-002 | TODO | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Scanner Guild | docs/modules/scanner/determinism.md | Document the scanner determinism score process (determinism.json schema, CI harness, replay instructions) under /docs/modules/scanner/determinism-score.md and add a release-notes template entry. Dependencies: SCAN-DETER-186-010, DEVOPS-SCAN-90-004. |
Need deterministic suite notes from 137_SCDT0101 | DOSC0101 | |
| DOCS-DEVPORT-62-001 | DONE | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, Developer Portal Guild (docs) | Document /docs/devportal/publishing.md for build pipeline, offline bundle steps. |
— | DOCL0101 | |
| DOCS-DSL-401-005 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild (docs/policy/dsl.md, docs/policy/lifecycle.md) |
docs/policy/dsl.md, docs/policy/lifecycle.md |
Refresh docs/policy/dsl.md + lifecycle docs with the new syntax, signal dictionary (trust_score, reachability, etc.), authoring workflow, and safety rails (shadow mode, coverage tests). |
— | DOCL0101 |
| DOCS-ENTROPY-70-004 | TODO | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Scanner Guild | docs/modules/scanner/determinism.md | Publish entropy analysis documentation (scoring heuristics, JSON schemas, policy hooks, UI guidance) under docs/modules/scanner/entropy.md and update trust-lattice references. Dependencies: SCAN-ENTROPY-186-011/012, POLICY-RISK-90-001. |
Requires entropy guardrails from 078_SCSA0301 | DOSC0101 | |
| DOCS-EXC-25-001 | BLOCKED | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild | docs/modules/excititor | Author /docs/governance/exceptions.md covering lifecycle, scope patterns, examples, compliance checklist. |
Blocked: waiting on CLEX0101 exception governance spec and UI workflow | DOEX0102 |
| DOCS-EXC-25-002 | BLOCKED | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild | docs/modules/excititor | Publish /docs/governance/approvals-and-routing.md detailing roles, routing matrix, MFA rules, audit trails. Dependencies: DOCS-EXC-25-001. |
Blocked: upstream DOCS-EXC-25-001 | DOEX0102 |
| DOCS-EXC-25-003 | BLOCKED | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild | docs/modules/excititor | Create /docs/api/exceptions.md with endpoints, payloads, errors, idempotency notes. Dependencies: DOCS-EXC-25-002. |
Blocked: upstream DOCS-EXC-25-002 | DOEX0102 |
| DOCS-EXC-25-005 | BLOCKED | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs + Accessibility Guilds | docs/modules/excititor | Write /docs/ui/exception-center.md with UI walkthrough, badges, accessibility, shortcuts. Dependencies: DOCS-EXC-25-003. |
Blocked: upstream DOCS-EXC-25-003 | DOEX0102 |
| DOCS-EXC-25-006 | TODO | SPRINT_303_docs_tasks_md_iii | Docs Guild | docs/modules/excititor | Update /docs/modules/cli/guides/exceptions.md covering command usage and exit codes. Dependencies: DOCS-EXC-25-005. |
CLEX0101 | DOEX0102 | |
| DOCS-EXC-25-007 | TODO | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · DevOps Guild | docs/modules/excititor | Publish /docs/migration/exception-governance.md describing cutover from legacy suppressions, notifications, rollback. Dependencies: DOCS-EXC-25-006. |
UIEX0101 & Ops runbooks | DOEX0102 | |
| DOCS-EXPORT-37-004 | TODO | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Export Center Guild | docs/modules/export-center | Publish /docs/security/export-hardening.md outlining RBAC, tenancy, encryption, redaction, restating imposed rule. |
Wait for ATMI0102 orchestration notes | DOEC0102 | |
| DOCS-EXPORT-37-005 | BLOCKED | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Export Center Guild | docs/modules/export-center | Validate Export Center docs against live Trivy/mirror bundles once implementation lands; refresh examples and CLI snippets accordingly. Dependencies: DOCS-EXPORT-37-004. | Blocked: awaiting live bundle verification | DOEC0102 |
| DOCS-EXPORT-37-101 | TODO | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · DevOps Guild | docs/modules/export-center | Refresh CLI verification sections once stella export verify lands (flags, exit codes, samples). Dependencies: DOCS-EXPORT-37-005. |
Depends on DVDO0105 deployment guide | DOEC0102 | |
| DOCS-EXPORT-37-102 | TODO | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Evidence Locker Guild | docs/modules/export-center | Embed export dashboards/alerts references into provenance/runbook docs after Grafana work ships. Dependencies: DOCS-EXPORT-37-101. | Requires ATEL0102 attestation feed | DOEC0102 | |
| DOCS-FORENSICS-53-001 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Evidence Locker Guild | docs/forensics/evidence-locker.md | Publish /docs/forensics/evidence-locker.md describing bundle formats, WORM options, retention, legal hold, and imposed rule banner. |
— | DOEL0101 |
| DOCS-FORENSICS-53-002 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Provenance Guild | docs/forensics/provenance-attestation.md | Release /docs/forensics/provenance-attestation.md covering DSSE schema, signing process, verification workflow, and imposed rule banner. Dependencies: DOCS-FORENSICS-53-001. |
— | DOEL0101 |
| DOCS-FORENSICS-53-003 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Timeline Indexer Guild | docs/forensics/timeline.md | Publish /docs/forensics/timeline.md with schema, event kinds, filters, query examples, and imposed rule banner. Dependencies: DOCS-FORENSICS-53-002. |
— | DOEL0101 |
| DOCS-GRAPH-24-001 | TODO | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Graph Guild | docs/modules/graph | Author /docs/ui/sbom-graph-explorer.md detailing overlays, filters, saved views, accessibility, and AOC visibility. |
Wait for GRAP0101 contract freeze | DOGR0101 | |
| DOCS-GRAPH-24-002 | TODO | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · UI Guild | docs/modules/graph | Publish /docs/ui/vulnerability-explorer.md covering table usage, grouping, fix suggestions, Why drawer. Dependencies: DOCS-GRAPH-24-001. |
Needs SBOM/VEX dataflow confirmation (PLLG0104) | DOGR0101 | |
| DOCS-GRAPH-24-003 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · SBOM Guild | docs/modules/graph | Create /docs/modules/graph/architecture-index.md describing data model, ingestion pipeline, caches, events. Dependencies: DOCS-GRAPH-24-002. |
Unblocked: SBOM join spec delivered with CARTO-GRAPH-21-002 (2025-11-17). | DOGR0101 |
| DOCS-GRAPH-24-004 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · BE-Base Guild | docs/api/graph.md; docs/api/vuln.md | Document /docs/api/graph.md and /docs/api/vuln.md avec endpoints, parameters, errors, RBAC. Dependencies: DOCS-GRAPH-24-003. |
Require replay hooks from RBBN0101 | DOGR0101 |
| DOCS-GRAPH-24-005 | TODO | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · DevEx/CLI Guild | docs/modules/graph | Update /docs/modules/cli/guides/graph-and-vuln.md covering new CLI commands, exit codes, scripting. Dependencies: DOCS-GRAPH-24-004. |
Wait for CLI samples from CLCI0109 | DOGR0101 | |
| DOCS-GRAPH-24-006 | TODO | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Policy Guild | docs/modules/graph | Write /docs/policy/ui-integration.md explaining overlays, cache usage, simulator contracts. Dependencies: DOCS-GRAPH-24-005. |
Needs policy outputs from PLVL0102 | DOGR0101 | |
| DOCS-GRAPH-24-007 | TODO | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · DevOps Guild | docs/modules/graph | Produce /docs/migration/graph-parity.md with rollout plan, parity checks, fallback guidance. Dependencies: DOCS-GRAPH-24-006. |
Depends on DVDO0108 deployment notes | DOGR0101 | |
| DOCS-INSTALL-44-001 | TODO | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Deployment Guild | docs/install | Publish /docs/install/overview.md and /docs/install/compose-quickstart.md with imposed rule line and copy-ready commands. |
Need DVPL0101 compose schema | DOIS0101 | |
| DOCS-INSTALL-45-001 | TODO | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Deployment Guild | docs/install | Publish /docs/install/helm-prod.md and /docs/install/configuration-reference.md with values tables and imposed rule reminder. Dependencies: DOCS-INSTALL-44-001. |
Wait for updated TLS guidance from 127_SIGR0101 | DOIS0101 | |
| DOCS-INSTALL-46-001 | BLOCKED | 2025-11-25 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Deployment Guild | docs/install | Publish /docs/install/airgap.md, /docs/security/supply-chain.md, /docs/operations/health-and-readiness.md, /docs/release/image-catalog.md, /docs/console/onboarding.md (each with imposed rule). Dependencies: DOCS-INSTALL-45-001. |
Blocked: upstream DOCS-INSTALL-45-001 and 126_RLRC0101 replay hooks | DOIS0101 |
| DOCS-INSTALL-50-001 | BLOCKED | 2025-11-25 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · DevOps Guild | docs/install | Add /docs/install/telemetry-stack.md with collector deployment, exporter options, offline kit notes, and imposed rule banner. Dependencies: DOCS-INSTALL-46-001. |
Blocked: upstream DOCS-INSTALL-46-001; awaiting DevOps offline validation (DVDO0107) | DOIS0101 |
| DOCS-LNM-22-001 | BLOCKED | 2025-10-27 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Concelier Guild | docs/modules/concelier/link-not-merge.md | Author /docs/advisories/aggregation.md covering observation vs linkset, conflict handling, AOC requirements, and reviewer checklist. |
Need final schema text from 005_ATLN0101 | DOLN0101 |
| DOCS-LNM-22-002 | BLOCKED | 2025-10-27 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Excititor Guild | docs/modules/concelier/link-not-merge.md | Publish /docs/vex/aggregation.md describing VEX observation/linkset model, product matching, conflicts. Dependencies: DOCS-LNM-22-001. |
Waiting on Excititor overlay notes | DOLN0101 |
| DOCS-LNM-22-003 | BLOCKED | 2025-10-27 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · BE-Base Guild | docs/modules/concelier/link-not-merge.md | Update /docs/api/advisories.md and /docs/api/vex.md for new endpoints, parameters, errors, exports. Dependencies: DOCS-LNM-22-002. |
Replay hook contract from RBBN0101 | DOLN0101 |
| DOCS-LNM-22-004 | DONE | 2025-11-25 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Policy Guild | docs/modules/concelier/link-not-merge.md | Create /docs/policy/effective-severity.md detailing severity selection strategies from multiple sources. Dependencies: DOCS-LNM-22-003. |
Requires policy binding from PLVL0102 | DOLN0101 |
| DOCS-LNM-22-005 | BLOCKED | 2025-10-27 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · UI Guild | docs/modules/concelier/link-not-merge.md | Document /docs/ui/evidence-panel.md with screenshots, conflict badges, accessibility guidance. Dependencies: DOCS-LNM-22-004. |
UI signals from 124_CCSL0101 | DOLN0101 |
| DOCS-LNM-22-007 | DONE | 2025-11-25 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Observability Guild | docs/modules/concelier/link-not-merge.md | Publish /docs/observability/aggregation.md with metrics/traces/logs/SLOs. Dependencies: DOCS-LNM-22-005. |
Observability wiring from 066_PLOB0101 | DOLN0101 |
| DOCS-LNM-22-008 | DONE (2025-11-03) | 2025-11-03 | SPRINT_117_concelier_vi | Docs Guild · DevOps Guild | docs/modules/concelier/link-not-merge.md | Documented Link-Not-Merge migration plan in docs/migration/no-merge.md; keep synced with ongoing tasks. |
Needs retrospective summary | DOLN0101 |
| DOCS-NOTIFY-40-001 | DONE | 2025-11-25 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Security Guild | docs/modules/notify | Publish /docs/notifications/channels.md, /docs/notifications/escalations.md, /docs/notifications/api.md, /docs/operations/notifier-runbook.md, /docs/security/notifications-hardening.md; each ends with imposed rule line. |
Need tenancy + throttling updates from DVDO0110 | DONO0101 |
| DOCS-OAS-61-001 | DONE | 2025-11-25 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · API Contracts Guild | docs/api/overview.md | Publish /docs/api/overview.md covering auth, tenancy, pagination, idempotency, rate limits with banner. |
Need governance decisions from 049_APIG0101 | DOOA0101 |
| DOCS-OAS-61-002 | BLOCKED | 2025-11-25 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · API Governance Guild | docs/api/oas | Author /docs/api/conventions.md capturing naming, errors, filters, sorting, examples. Dependencies: DOCS-OAS-61-001. |
Blocked: awaiting governance inputs (APIG0101) and example approvals | DOOA0101 |
| DOCS-OAS-61-003 | DONE | 2025-11-25 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · API Governance Guild | docs/api/oas | Publish /docs/api/versioning.md describing SemVer, deprecation headers, migration playbooks. Dependencies: DOCS-OAS-61-002. |
Waiting on lint/tooling export from DVDO0108 | DOOA0101 |
| DOCS-OAS-62-001 | TODO | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · DevPortal Guild | docs/api/oas | Stand up /docs/api/reference/ auto-generated site; integrate with portal nav. Dependencies: DOCS-OAS-61-003. |
Needs DevPortal publishing hooks (050_DEVL0101) | DOOA0101 | |
| DOCS-OBS-50-002 | TODO | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · Security Guild | docs/observability | Author /docs/observability/telemetry-standards.md detailing common fields, scrubbing policy, sampling defaults, and redaction override procedure. |
Need console metric list from 059_CNOB0101 | DOOB0101 | |
| DOCS-OBS-50-003 | TODO | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · Observability Guild | docs/observability | Create /docs/observability/logging.md covering structured log schema, dos/don'ts, tenant isolation, and copyable examples. Dependencies: DOCS-OBS-50-002. |
Waiting on observability ADR from 066_PLOB0101 | DOOB0101 | |
| DOCS-OBS-50-004 | TODO | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · Observability Guild | docs/observability | Draft /docs/observability/tracing.md explaining context propagation, async linking, CLI header usage, and sampling strategies. Dependencies: DOCS-OBS-50-003. |
Requires CNOB dashboards export | DOOB0101 | |
| DOCS-OBS-51-001 | TODO | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · DevOps Guild | docs/observability | Publish /docs/observability/metrics-and-slos.md cataloging metrics, SLO targets, burn rate policies, and alert runbooks. Dependencies: DOCS-OBS-50-004. |
Needs DVOB runbook updates | DOOB0101 | |
| DOCS-ORCH-32-001 | TODO | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · Orchestrator Guild | docs/modules/orchestrator | Author /docs/orchestrator/overview.md covering mission, roles, AOC alignment, governance, with imposed rule reminder. |
Need taskrunner lease ADR from 043_ORTR0101 | DOOR0102 | |
| DOCS-ORCH-32-002 | TODO | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · Orchestrator Guild | docs/modules/orchestrator | Author /docs/orchestrator/architecture.md detailing scheduler, DAGs, rate limits, data model, message bus, storage layout, restating imposed rule. Dependencies: DOCS-ORCH-32-001. |
Depends on ORTR0102 health hooks | DOOR0102 | |
| DOCS-ORCH-33-001 | TODO | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · Scheduler Guild | docs/modules/orchestrator | Publish /docs/orchestrator/api.md (REST/WebSocket endpoints, payloads, error codes) with imposed rule note. Dependencies: DOCS-ORCH-32-002. |
Requires scheduler integration outline | DOOR0102 | |
| DOCS-ORCH-33-002 | TODO | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · DevEx/CLI Guild | docs/modules/orchestrator | Publish /docs/orchestrator/console.md covering screens, a11y, live updates, control actions, reiterating imposed rule. Dependencies: DOCS-ORCH-33-001. |
Wait for CLI samples from 132_CLCI0110 | DOOR0102 | |
| DOCS-ORCH-33-003 | TODO | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · Export Center Guild | docs/modules/orchestrator | Publish /docs/orchestrator/cli.md documenting commands, options, exit codes, streaming output, offline usage, and imposed rule. Dependencies: DOCS-ORCH-33-002. |
Needs Export Center hooks from 069_AGEX0101 | DOOR0102 | |
| DOCS-ORCH-34-001 | TODO | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | Author /docs/orchestrator/run-ledger.md covering ledger schema, provenance chain, audit workflows, with imposed rule reminder. Dependencies: DOCS-ORCH-33-003. |
— | DOCL0102 | ||
| DOCS-ORCH-34-002 | TODO | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | Update /docs/security/secrets-handling.md for orchestrator KMS refs, redaction badges, operator hygiene, reiterating imposed rule. Dependencies: DOCS-ORCH-34-001. |
— | DOCL0102 | ||
| DOCS-ORCH-34-003 | TODO | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · DevOps Guild | docs/modules/orchestrator | Publish /docs/operations/orchestrator-runbook.md (incident playbook, backfill guide, circuit breakers, throttling) with imposed rule statement. Dependencies: DOCS-ORCH-34-002. |
Requires ops checklist from DVDO0108 | DOOR0102 | |
| DOCS-ORCH-34-004 | TODO | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · Observability Guild | docs/modules/orchestrator | Document /docs/schemas/artifacts.md describing artifact kinds, schema versions, hashing, storage layout, restating imposed rule. Dependencies: DOCS-ORCH-34-003. |
Wait for observability dashboards (063_OROB0101) | DOOR0102 | |
| DOCS-ORCH-34-005 | TODO | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · BE-Base Guild | docs/modules/orchestrator | Author /docs/slo/orchestrator-slo.md defining SLOs, burn alerts, measurement, and reiterating imposed rule. Dependencies: DOCS-ORCH-34-004. |
Needs replay linkage from 042_RPRC0101 | DOOR0102 | |
| DOPL0103 | ||||||||
| DOCS-POLICY-23-001 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild | docs/policy/overview.md | Author /docs/policy/overview.md describing SPL philosophy, layering, and glossary with reviewer checklist. |
— | DOPL0103 |
| DOCS-POLICY-23-002 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild | docs/policy/spl-v1.md | Write /docs/policy/spl-v1.md (language reference, JSON Schema, examples). Dependencies: DOCS-POLICY-23-001. |
DOCS-POLICY-23-001 | DOPL0103 |
| DOCS-POLICY-23-003 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild | docs/policy/runtime.md | Produce /docs/policy/runtime.md covering compiler, evaluator, caching, events, SLOs. Dependencies: DOCS-POLICY-23-002. |
— | DOPL0101 |
| DOCS-POLICY-23-004 | TODO | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild · UI Guild | docs/policy/lifecycle.md | Document /docs/policy/editor.md (UI walkthrough, validation, simulation, approvals). Dependencies: DOCS-POLICY-23-003. |
Depends on 23-003 | DOPL0101 | |
| DOCS-POLICY-23-005 | TODO | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild · DevOps Guild | docs/policy/lifecycle.md | Publish /docs/policy/governance.md (roles, scopes, approvals, signing, exceptions). Dependencies: DOCS-POLICY-23-004. |
Depends on DevOps automation (141_DVDO0107) | DOPL0101 | |
| DOCS-POLICY-23-006 | TODO | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild · DevEx/CLI Guild | docs/policy/lifecycle.md | Update /docs/api/policy.md with new endpoints, schemas, errors, pagination. Dependencies: DOCS-POLICY-23-005. |
Wait for CLI commands (132_CLCI0110) | DOPL0101 | |
| DOCS-POLICY-23-007 | TODO | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild · Observability Guild | docs/policy/lifecycle.md | Update /docs/modules/cli/guides/policy.md for lint/simulate/activate/history commands, exit codes. Dependencies: DOCS-POLICY-23-006. |
Requires observability hooks (066_PLOB0101) | DOPL0101 | |
| DOCS-POLICY-23-008 | TODO | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild · Policy Guild | docs/policy/lifecycle.md | Refresh /docs/modules/policy/architecture.md with data model, sequence diagrams, event flows. Dependencies: DOCS-POLICY-23-007. |
Needs waiver examples from 005_ATLN0101 | DOPL0101 | |
| DOCS-POLICY-23-009 | TODO | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild · DevOps Guild | docs/policy/lifecycle.md | Create /docs/migration/policy-parity.md covering dual-run parity plan and rollback. Dependencies: DOCS-POLICY-23-008. |
Need DevOps rollout notes (DVDO0108) | DOPL0102 | |
| DOCS-POLICY-23-010 | TODO | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild · UI Guild | docs/policy/lifecycle.md | Write /docs/ui/explainers.md showing explain trees, evidence overlays, interpretation guidance. Dependencies: DOCS-POLICY-23-009. |
Requires UI overlay screenshots (119_CCAO0101) | DOPL0102 | |
| DOCS-POLICY-27-001 | BLOCKED | 2025-10-27 | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild · Policy Guild | docs/policy/lifecycle.md | Publish /docs/policy/studio-overview.md covering lifecycle, roles, glossary, and compliance checklist. Dependencies: DOCS-POLICY-23-010. |
Waiting on policy version ADR | DOPL0102 |
| DOCS-POLICY-27-002 | BLOCKED | 2025-10-27 | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild · Console Guild | docs/policy/lifecycle.md | Write /docs/policy/authoring.md detailing workspace templates, snippets, lint rules, IDE shortcuts, and best practices. Dependencies: DOCS-POLICY-27-001. |
Needs console integration outline | DOPL0102 |
| DOCS-POLICY-27-003 | BLOCKED | 2025-10-27 | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild · Policy Registry Guild | docs/policy/lifecycle.md | Document /docs/policy/versioning-and-publishing.md (semver rules, attestations, rollback) with compliance checklist. Dependencies: DOCS-POLICY-27-002. |
Requires registry schema from CCWO0101 | DOPL0102 |
| DOCS-POLICY-27-004 | BLOCKED | 2025-10-27 | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild · Scheduler Guild | docs/policy/lifecycle.md | Write /docs/policy/simulation.md covering quick vs batch sim, thresholds, evidence bundles, CLI examples. Dependencies: DOCS-POLICY-27-003. |
Depends on scheduler hooks from 050_DEVL0101 | DOPL0102 |
| DOCS-POLICY-27-005 | BLOCKED | 2025-10-27 | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild · Product Ops | docs/policy/lifecycle.md | Publish /docs/policy/review-and-approval.md with approver requirements, comments, webhooks, audit trail guidance. Dependencies: DOCS-POLICY-27-004. |
Await product ops approvals | DOPL0102 |
| DOCS-POLICY-27-006 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Policy Guild | docs/policy/runs.md | Author /docs/policy/promotion.md covering environments, canary, rollback, and monitoring steps. Dependencies: DOCS-POLICY-27-005. |
Need RLS decision from PLLG0104 | DOPL0103 |
| DOCS-POLICY-27-007 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · CLI Guild | docs/policy/runs.md | Update /docs/policy/cli.md with new commands, JSON schemas, CI usage, and compliance checklist. Dependencies: DOCS-POLICY-27-006. |
Requires CLI samples from 132_CLCI0110 | DOPL0103 |
| DOCS-POLICY-27-008 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Policy Registry Guild | docs/policy/runs.md | Publish /docs/policy/api.md describing Registry endpoints, request/response schemas, errors, and feature flags. Dependencies: DOCS-POLICY-27-007. |
Waiting on registry schema (CCWO0101) | DOPL0103 |
| DOCS-POLICY-27-009 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Security Guild | docs/policy/runs.md | Create /docs/security/policy-attestations.md (signing, verification, rotation). |
Needs security review | POKT0101 |
| DOCS-POLICY-27-010 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Architecture Guild | docs/policy/runs.md | Author /docs/modules/policy/registry-architecture.md (service design, schemas, failure modes). |
Requires architecture review minutes | POKT0101 |
| DOCS-POLICY-27-011 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Observability Guild | docs/policy/runs.md | Publish /docs/observability/policy-telemetry.md with metrics/log tables, dashboards, alerts, and compliance checklist. Dependencies: DOCS-POLICY-27-010. |
Requires observability hooks from 066_PLOB0101 | DOPL0103 |
| DOCS-POLICY-27-012 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Ops Guild | docs/policy/runs.md | Write /docs/runbooks/policy-incident.md detailing rollback, freeze, forensic steps, notifications. Dependencies: DOCS-POLICY-27-011. |
Needs ops playbooks (DVDO0108) | DOPL0103 |
| DOCS-POLICY-27-013 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Policy Guild | docs/policy/runs.md | Update /docs/examples/policy-templates.md with new templates, snippets, and sample policies. Dependencies: DOCS-POLICY-27-012. |
Await policy guild approval | DOPL0103 |
| DOCS-POLICY-27-014 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Policy Registry Guild | docs/policy/runs.md | Refresh /docs/aoc/aoc-guardrails.md to include Studio-specific guardrails and validation scenarios. Dependencies: DOCS-POLICY-27-013. |
Needs policy registry approvals | DOPL0103 |
| DOCS-POLICY-DET-01 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Policy Guild | docs/policy/runs.md | Extend docs/modules/policy/architecture.md with determinism gate semantics and provenance references. |
Depends on deterministic harness (137_SCDT0101) | DOPL0103 |
| DOCS-PROMO-70-001 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Provenance Guild | docs/release/promotion-attestations.md | Publish /docs/release/promotion-attestations.md describing the promotion workflow (CLI commands, Signer/Attestor integration, offline verification) and update /docs/forensics/provenance-attestation.md with the new predicate. Dependencies: PROV-OBS-53-003, CLI-PROMO-70-002. |
— | DOPV0101 |
| DOCS-REACH-201-006 | TODO | SPRINT_400_runtime_facts_static_callgraph_union | Docs Guild · Runtime Evidence Guild | docs/reachability | Author the reachability doc set (docs/signals/reachability.md, callgraph-formats.md, runtime-facts.md, CLI/UI appendices) plus update Zastava + Replay guides with the new evidence and operators’ workflow. |
Needs RBRE0101 provenance hook summary | DORC0101 | |
| DOCS-REPLAY-185-003 | TODO | SPRINT_0185_0001_0001_shared_replay_primitives | Docs Guild · Platform Data Guild | docs/replay | Author docs/data/replay_schema.md detailing replay_runs, replay_bundles, replay_subjects collections, index guidance, and offline sync strategy aligned with Replay CAS. |
Need RPRC0101 API freeze | DORR0101 | |
| DOCS-REPLAY-185-004 | TODO | SPRINT_0185_0001_0001_shared_replay_primitives | Docs Guild | docs/replay | Expand docs/replay/DEVS_GUIDE_REPLAY.md with integration guidance for consuming services (Scanner, Evidence Locker, CLI) and add checklist derived from docs/replay/DETERMINISTIC_REPLAY.md Section 11. |
Depends on #1 | DORR0101 | |
| DOCS-REPLAY-186-004 | TODO | SPRINT_0186_0001_0001_record_deterministic_execution | Docs Guild · Runtime Evidence Guild | docs/replay | Author docs/replay/TEST_STRATEGY.md (golden replay, feed drift, tool upgrade) and link it from both replay docs and Scanner architecture pages. |
Requires deterministic evidence from RBRE0101 | DORR0101 | |
| DOCS-RISK-66-001 | TODO | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Risk Profile Schema Guild | docs/risk | Publish /docs/risk/overview.md covering concepts and glossary. |
Need schema approvals from PLLG0104 | DORS0101 | |
| DOCS-RISK-66-002 | TODO | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Policy Guild | docs/risk | Author /docs/risk/profiles.md (authoring, versioning, scope). Dependencies: DOCS-RISK-66-001. |
Depends on #1 | DORS0101 | |
| DOCS-RISK-66-003 | TODO | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Risk Engine Guild | docs/risk | Publish /docs/risk/factors.md cataloging signals, transforms, reducers, TTLs. Dependencies: DOCS-RISK-66-002. |
Requires engine contract from Risk Engine Guild | DORS0101 | |
| DOCS-RISK-66-004 | TODO | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Risk Engine Guild | docs/risk | Create /docs/risk/formulas.md detailing math, normalization, gating, severity. Dependencies: DOCS-RISK-66-003. |
Needs engine rollout notes | DORS0101 | |
| DOCS-RISK-67-001 | TODO | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Risk Engine Guild | docs/risk | Publish /docs/risk/explainability.md showing artifact schema and UI screenshots. Dependencies: DOCS-RISK-66-004. |
Wait for engine metrics from 066_PLOB0101 | DORS0101 | |
| DOCS-RISK-67-002 | TODO | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · API Guild | docs/risk | Produce /docs/risk/api.md with endpoint reference/examples. Dependencies: DOCS-RISK-67-001. |
Requires API publishing workflow | DORS0101 | |
| DOCS-RISK-67-003 | TODO | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Console Guild | docs/risk | Document /docs/console/risk-ui.md for authoring, simulation, dashboards. Dependencies: DOCS-RISK-67-002. |
Needs console overlay decision | DORS0101 Inputs due 2025-12-09..12 (Md.IX action tracker). | |
| DOCS-RISK-67-004 | TODO | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · CLI Guild | docs/risk | Publish /docs/modules/cli/guides/risk.md covering CLI workflows. Dependencies: DOCS-RISK-67-003. |
Requires CLI samples from 132_CLCI0110 | DORS0101 Inputs due 2025-12-09..12 (Md.IX action tracker). | |
| DOCS-RISK-68-001 | TODO | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Export Guild | docs/risk | Add /docs/airgap/risk-bundles.md for offline factor bundles. Dependencies: DOCS-RISK-67-004. |
Wait for export contract (069_AGEX0101) | DORS0101 Inputs due 2025-12-09..12 (Md.IX action tracker). | |
| DOCS-RISK-68-002 | TODO | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Security Guild | docs/risk | Update /docs/security/aoc-invariants.md with risk scoring provenance guarantees. Dependencies: DOCS-RISK-68-001. |
Requires security approvals | DORS0101 Inputs due 2025-12-09..12 (Md.IX action tracker). | |
| DOCS-RUNBOOK-401-017 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · Ops Guild | docs/runbooks/reachability-runtime.md, docs/reachability/DELIVERY_GUIDE.md |
Publish the reachability runtime ingestion runbook, link it from delivery guides, and keep Ops/Signals troubleshooting steps current. | Need latest reachability metrics from RBBN0101 | DORU0101 | |
| DOCS-RUNBOOK-55-001 | TODO | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Ops Guild | docs/runbooks | Author /docs/runbooks/incidents.md describing incident mode activation, escalation steps, retention impact, verification checklist, and imposed rule banner. |
Requires deployment checklist from DVPL0101 | DORU0101 Inputs due 2025-12-09..12 (Md.IX action tracker). | |
| DOCS-SCANNER-BENCH-62-002 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Product Guild | docs/modules/scanner/benchmarks | Capture customer demand for Windows/macOS analyzer coverage and document outcomes. | Need bench inputs from SCSA0301 | DOSB0101 | |
| DOCS-SCANNER-BENCH-62-003 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Product Guild | docs/modules/scanner/benchmarks | Capture Python lockfile/editable install requirements and document policy guidance. | Depends on #1 | DOSB0101 | |
| DOCS-SCANNER-BENCH-62-004 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Java Analyzer Guild | docs/modules/scanner/benchmarks | Document Java lockfile ingestion guidance and policy templates. | Requires Java analyzer notes | DOSB0101 | |
| DOCS-SCANNER-BENCH-62-005 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Go Analyzer Guild | docs/modules/scanner/benchmarks | Document Go stripped-binary fallback enrichment guidance once implementation lands. | Needs Go analyzer results | DOSB0101 | |
| DOCS-SCANNER-BENCH-62-006 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Product Guild | docs/modules/scanner/benchmarks | Document Rust fingerprint enrichment guidance and policy examples. | Requires updated benchmarks from SCSA0601 | DOSB0101 | |
| DOCS-SCANNER-BENCH-62-008 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Platform Data Guild | docs/modules/scanner/benchmarks | Publish EntryTrace explain/heuristic maintenance guide. | Wait for replay hooks (RPRC0101) | DOSB0101 | |
| DOCS-SCANNER-BENCH-62-009 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · DevEx/CLI Guild | docs/modules/scanner/benchmarks | Produce SAST integration documentation (connector framework, policy templates). | Depends on CLI samples (132_CLCI0110) | DOSB0101 | |
| DOCS-SCANNER-DET-01 | DONE (2025-12-03) | 2025-12-03 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Scanner Guild | docs/modules/scanner/benchmarks | /docs/modules/scanner/deterministic-sbom-compose.md plus scan guide updates + fixture bundle (docs/modules/scanner/fixtures/deterministic-compose/). |
Fixtures published via Sprint 0136; harness verified. | DOSB0101 |
| DOCS-SDK-62-001 | TODO | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · SDK Generator Guild | docs/sdk | Publish /docs/sdks/overview.md plus language guides (typescript.md, python.md, go.md, java.md). |
Need SDK toolchain notes from SDKG0101 | DOSK0101 Inputs due 2025-12-09..12 (Md.IX action tracker). | |
| DOCS-SEC-62-001 | TODO | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Security Guild | docs/security | Update /docs/security/auth-scopes.md with OAuth2/PAT scopes, tenancy header usage. |
Need security ADR from DVDO0110 | DOSE0101 Inputs due 2025-12-09..12 (Md.IX action tracker). | |
| DOCS-SEC-OBS-50-001 | TODO | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Security Guild | docs/security | Update /docs/security/redaction-and-privacy.md to cover telemetry privacy controls, tenant opt-in debug, and imposed rule reminder. |
Depends on PLOB0101 metrics | DOSE0101 Inputs due 2025-12-09..12 (Md.IX action tracker). | |
| DOCS-SIG-26-001 | TODO | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Signals Guild | docs/modules/signals | Write /docs/signals/reachability.md covering states, scores, provenance, retention. |
Need SGSI0101 metrics freeze | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). | |
| DOCS-SIG-26-002 | TODO | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Observability Guild | docs/modules/signals | Publish /docs/signals/callgraph-formats.md with schemas and validation errors. Dependencies: DOCS-SIG-26-001. |
Depends on #1 | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). | |
| DOCS-SIG-26-003 | TODO | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Signals Guild | docs/modules/signals | Create /docs/signals/runtime-facts.md detailing agent capabilities, privacy safeguards, opt-in flags. Dependencies: DOCS-SIG-26-002. |
Requires SSE contract from SGSI0101 | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). | |
| DOCS-SIG-26-004 | TODO | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · CLI Guild | docs/modules/signals | Document /docs/policy/signals-weighting.md for SPL predicates and weighting strategies. Dependencies: DOCS-SIG-26-003. |
Needs CLI samples (132_CLCI0110) | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). | |
| DOCS-SIG-26-005 | TODO | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · DevOps Guild | docs/modules/signals | Draft /docs/ui/reachability-overlays.md with badges, timelines, shortcuts. Dependencies: DOCS-SIG-26-004. |
Wait for DevOps rollout plan | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). | |
| DOCS-SIG-26-006 | TODO | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Security Guild | docs/modules/signals | Update /docs/modules/cli/guides/reachability.md for new commands and automation recipes. Dependencies: DOCS-SIG-26-005. |
Requires security guidance (DVDO0110) | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). | |
| DOCS-SIG-26-007 | TODO | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Policy Guild | docs/modules/signals | Publish /docs/api/signals.md covering endpoints, payloads, ETags, errors. Dependencies: DOCS-SIG-26-006. |
Needs policy overlay from PLVL0102 | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). | |
| DOCS-SIG-26-008 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Notifications Guild | docs/modules/signals | Write /docs/migration/enable-reachability.md guiding rollout, fallbacks, monitoring. Dependencies: DOCS-SIG-26-007. |
Depends on notifications hooks (058_NOTY0101) | DOSG0101 | |
| DOCS-SURFACE-01 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Surface Guild | docs/modules/scanner/surface | Create /docs/modules/scanner/scanner-engine.md covering Surface.FS/Env/Secrets workflow between Scanner, Zastava, Scheduler, and Ops. |
Need latest surface emit notes (SCANNER-SURFACE-04) | DOSS0101 | |
| DOCS-SYMS-70-003 | TODO | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Symbols Guild | docs/modules/symbols | Author symbol-server architecture/spec docs (docs/specs/symbols/SYMBOL_MANIFEST_v1.md, API reference, bundle guide) and update reachability guides with symbol lookup workflow and tenant controls. Dependencies: SYMS-SERVER-401-011, SYMS-INGEST-401-013. |
Need RBSY0101 cache notes | DOSY0101 | |
| DOCS-TEN-47-001 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Security Guild | docs/modules/tenancy | Publish /docs/security/tenancy-overview.md and /docs/security/scopes-and-roles.md outlining scope grammar, tenant model, imposed rule reminder. |
Need tenancy ADR from DVDO0110 | DOTN0101 | |
| DOCS-TEN-48-001 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Security Guild | docs/modules/tenancy | Publish /docs/operations/multi-tenancy.md, /docs/operations/rls-and-data-isolation.md, /docs/console/admin-tenants.md. Dependencies: DOCS-TEN-47-001. |
Depends on #1 | DOTN0101 | |
| DOCS-TEN-49-001 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · DevOps Guild | docs/modules/tenancy | Publish /docs/modules/cli/guides/authentication.md, /docs/api/authentication.md, /docs/policy/examples/abac-overlays.md, update /docs/install/configuration-reference.md with new env vars, all ending with imposed rule line. Dependencies: DOCS-TEN-48-001. |
Requires monitoring plan from DVDO0110 | DOTN0101 | |
| DOCS-TEST-62-001 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · SDK Generator Guild | docs/sdk | Author /docs/testing/contract-testing.md covering mock server, replay tests, golden fixtures. |
Depends on #1 | DOSK0101 | |
| DOCS-VEX-30-001 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · VEX Lens Guild | docs/modules/vex-lens | Publish /docs/vex/consensus-overview.md describing purpose, scope, AOC guarantees. |
Need PLVL0102 schema snapshot | DOVX0101 | |
| DOCS-VEX-30-002 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · VEX Lens Guild | docs/modules/vex-lens | Author /docs/vex/consensus-algorithm.md covering normalization, weighting, thresholds, examples. Dependencies: DOCS-VEX-30-001. |
Depends on #1 | DOVX0101 | |
| DOCS-VEX-30-003 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Issuer Directory Guild | docs/modules/vex-lens | Document /docs/vex/issuer-directory.md (issuer management, keys, trust overrides, audit). Dependencies: DOCS-VEX-30-002. |
Requires Issuer Directory inputs | DOVX0101 | |
| DOCS-VEX-30-004 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · VEX Lens Guild | docs/modules/vex-lens | Publish /docs/vex/consensus-api.md with endpoint specs, query params, rate limits. Dependencies: DOCS-VEX-30-003. |
Needs PLVL0102 policy join notes | DOVX0101 | |
| DOCS-VEX-30-005 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Console Guild | docs/modules/vex-lens | Write /docs/vex/consensus-console.md covering UI workflows, filters, conflicts, accessibility. Dependencies: DOCS-VEX-30-004. |
Requires console overlay assets | DOVX0101 | |
| DOCS-VEX-30-006 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Policy Guild | docs/modules/vex-lens | Add /docs/policy/vex-trust-model.md detailing policy knobs, thresholds, simulation. Dependencies: DOCS-VEX-30-005. |
Needs waiver/exception guidance | DOVX0101 | |
| DOCS-VEX-30-007 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · SBOM Service Guild | docs/modules/vex-lens | Publish /docs/sbom/vex-mapping.md (CPE→purl strategy, edge cases, overrides). Dependencies: DOCS-VEX-30-006. |
Depends on SBOM/VEX dataflow spec | DOVX0101 | |
| DOCS-VEX-30-008 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Security Guild | docs/modules/vex-lens | Deliver /docs/security/vex-signatures.md (verification flow, key rotation, audit). Dependencies: DOCS-VEX-30-007. |
Requires security review (DVDO0110) | DOVX0101 | |
| DOCS-VEX-30-009 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · DevOps Guild | docs/modules/vex-lens | Create /docs/runbooks/vex-ops.md for recompute storms, mapping failures, signature errors. Dependencies: DOCS-VEX-30-008. |
Needs DevOps rollout plan | DOVX0101 | |
| DOCS-VEX-401-012 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · VEX Lens Guild | docs/benchmarks/vex-evidence-playbook.md, bench/README.md |
Maintain the VEX Evidence Playbook, publish repo templates/README, and document verification workflows for operators. | Need VEX evidence export from PLVL0102 | DOVB0101 | |
| DOCS-VULN-29-001 | DOING | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Vuln Explorer Guild | docs/modules/vuln-explorer | Publish /docs/vuln/explorer-overview.md covering domain model, identities, AOC guarantees, workflow summary. |
Need GRAP0101 contract | DOVL0101 | |
| DOCS-VULN-29-002 | TODO | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Vuln Explorer Guild | docs/modules/vuln-explorer | Write /docs/vuln/explorer-using-console.md with workflows, screenshots, keyboard shortcuts, saved views, deep links. Dependencies: DOCS-VULN-29-001. |
Depends on #1 | DOVL0101 | |
| DOCS-VULN-29-003 | TODO | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · UI Guild | docs/modules/vuln-explorer | Author /docs/vuln/explorer-api.md (endpoints, query schema, grouping, errors, rate limits). Dependencies: DOCS-VULN-29-002. |
Requires UI assets | DOVL0101 | |
| DOCS-VULN-29-004 | TODO | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Policy Guild | docs/modules/vuln-explorer | Publish /docs/vuln/explorer-cli.md with command reference, samples, exit codes, CI snippets. Dependencies: DOCS-VULN-29-003. |
Needs policy overlay inputs | DOVL0101 | |
| DOCS-VULN-29-005 | TODO | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Security Guild | docs/modules/vuln-explorer | Write /docs/vuln/findings-ledger.md detailing event schema, hashing, Merkle roots, replay tooling. Dependencies: DOCS-VULN-29-004. |
Requires security review | DOVL0101 | |
| DOCS-VULN-29-006 | TODO | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · DevOps Guild | docs/modules/vuln-explorer | Update /docs/policy/vuln-determinations.md for new rationale, signals, simulation semantics. Dependencies: DOCS-VULN-29-005. |
Depends on DevOps rollout plan | DOVL0101 | |
| DOCS-VULN-29-007 | TODO | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · DevEx/CLI Guild | docs/modules/vuln-explorer | Publish /docs/vex/explorer-integration.md covering CSAF mapping, suppression precedence, status semantics. Dependencies: DOCS-VULN-29-006. |
Needs CLI examples (132_CLCI0110) | DOVL0101 | |
| DOCS-VULN-29-008 | TODO | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Export Center Guild | docs/modules/vuln-explorer | Publish /docs/advisories/explorer-integration.md covering key normalization, withdrawn handling, provenance. Dependencies: DOCS-VULN-29-007. |
Need export bundle spec | DOVL0102 | |
| DOCS-VULN-29-009 | TODO | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Security Guild | docs/modules/vuln-explorer | Author /docs/sbom/vuln-resolution.md detailing version semantics, scope, paths, safe version hints. Dependencies: DOCS-VULN-29-008. |
Depends on #1 | DOVL0102 | |
| DOCS-VULN-29-010 | TODO | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · DevOps Guild | docs/modules/vuln-explorer | Publish /docs/observability/vuln-telemetry.md (metrics, logs, tracing, dashboards, SLOs). Dependencies: DOCS-VULN-29-009. |
Requires DevOps automation plan | DOVL0102 | |
| DOCS-VULN-29-011 | TODO | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Notifications Guild | docs/modules/vuln-explorer | Create /docs/security/vuln-rbac.md for roles, ABAC policies, attachment encryption, CSRF. Dependencies: DOCS-VULN-29-010. |
Needs notifications contract | DOVL0102 | |
| DOCS-VULN-29-012 | TODO | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Policy Guild | docs/modules/vuln-explorer | Write /docs/runbooks/vuln-ops.md (projector lag, resolver storms, export failures, policy activation). Dependencies: DOCS-VULN-29-011. |
Requires policy overlay outputs | DOVL0102 | |
| DOCS-VULN-29-013 | TODO | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · DevEx/CLI Guild | docs/modules/vuln-explorer | Update /docs/install/containers.md with Findings Ledger & Vuln Explorer API images, manifests, resource sizing, health checks. Dependencies: DOCS-VULN-29-012. |
Needs CLI/export scripts from 132_CLCI0110 | DOVL0102 | |
| DOWNLOADS-CONSOLE-23-001 | DOING (dev-mock 2025-12-06) | 2025-12-06 | SPRINT_0502_0001_0001_ops_deployment_ii | Docs Guild · Deployment Guild | docs/console | Maintain signed downloads manifest pipeline (images, Helm, offline bundles), publish JSON under deploy/downloads/manifest.json, and document sync cadence for Console + docs parity. |
Need latest console build instructions | DOCN0101 |
| DPOP-11-001 | TODO | 2025-11-08 | SPRINT_100_identity_signing | Docs Guild · Authority Core | src/Authority/StellaOps.Authority | Need DPoP ADR from PGMI0101 | AUTH-AOC-19-002 | DODP0101 |
| DSL-401-005 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · Policy Guild | docs/policy/dsl.md, docs/policy/lifecycle.md |
Depends on PLLG0101 DSL updates | Depends on PLLG0101 DSL updates | DODP0101 | |
| DSSE-CLI-401-021 | DONE | 2025-11-27 | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · CLI Guild | src/Cli/StellaOps.Cli, scripts/ci/attest-*, docs/modules/attestor/architecture.md |
Ship a stella attest CLI (or sample StellaOps.Attestor.Tool) plus GitLab/GitHub workflow snippets that emit DSSE per build step (scan/package/push) using the new library and Authority keys. |
Need CLI updates from latest DSSE release | DODS0101 |
| DSSE-DOCS-401-022 | DONE | 2025-11-27 | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · Attestor Guild | docs/ci/dsse-build-flow.md, docs/modules/attestor/architecture.md |
Document the build-time attestation walkthrough (docs/ci/dsse-build-flow.md): models, helper usage, Authority integration, storage conventions, and verification commands, aligning with the advisory. |
Depends on #1 | DODS0101 |
| DSSE-LIB-401-020 | DONE (2025-11-27) | 2025-11-27 | SPRINT_0401_0001_0001_reachability_evidence_chain | Attestor Guild · Platform Guild | src/Attestor/StellaOps.Attestation, src/Attestor/StellaOps.Attestor.Envelope |
DsseEnvelopeExtensions added with conversion utilities; Envelope types exposed as transitive dependencies; consumers reference only StellaOps.Attestation. | Need attestor library API freeze | DOAL0101 |
| DVOFF-64-002 | TODO | SPRINT_160_export_evidence | DevPortal Offline Guild | docs/modules/export-center/devportal-offline.md | DevPortal Offline + AirGap Controller Guilds | Needs exporter DSSE schema from 002_ATEL0101 | DEVL0102 | |
| EDITOR-401-004 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · CLI Guild | src/Cli/StellaOps.Cli, docs/policy/lifecycle.md |
Gather CLI/editor alignment notes | Gather CLI/editor alignment notes | DOCL0103 | |
| EMIT-15-001 | TODO | SPRINT_0136_0001_0001_scanner_surface | Docs Guild · Scanner Emit Guild | src/Scanner/__Libraries/StellaOps.Scanner.Emit | Need EntryTrace emit notes from SCANNER-SURFACE-04 | SCANNER-SURFACE-04 | DOEM0101 | |
| ENG-0001 | DONE | 2025-11-07 | SPRINT_333_docs_modules_excititor | Docs Guild · Analyzer Guild | docs/modules/excitor | Summarize excititor integration | Summarize excititor integration | DOEN0101 |
| ENG-0002 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Docs Guild · Analyzer Guild | docs/modules/scanner | Link to analyzer doc commits | Link to analyzer doc commits | DOEN0101 |
| ENG-0003 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Docs Guild · Analyzer Guild | docs/modules/scanner | Link to Python analyzer doc | Link to Python analyzer doc | DOEN0101 |
| ENG-0004 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Docs Guild · Analyzer Guild | docs/modules/scanner | Link to Java analyzer doc | Link to Java analyzer doc | DOEN0101 |
| ENG-0005 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Docs Guild · Analyzer Guild | docs/modules/scanner | Link to Go analyzer doc | Link to Go analyzer doc | DOEN0101 |
| ENG-0006 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Docs Guild · Analyzer Guild | docs/modules/scanner | Link to Rust analyzer doc | Link to Rust analyzer doc | DOEN0101 |
| ENG-0007 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Docs Guild · Analyzer Guild | docs/modules/scanner | Multi-analyzer wrap-up | Multi-analyzer wrap-up | DOEN0101 |
| ENG-0008 | TODO | SPRINT_0138_0001_0001_scanner_ruby_parity | Docs Guild · EntryTrace Guild | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | Needs EntryTrace doc from DOEM0101 | Needs EntryTrace doc from DOEM0101 | DOEN0101 | |
| ENG-0009 | TODO | 2025-11-13 | SPRINT_0138_0001_0001_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Requires CLI integration notes | SCANNER-ANALYZERS-RUBY-28-001..012 | DOEN0101 |
| ENG-0010 | TODO | SPRINT_0138_0001_0001_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Need PHP analyzer doc outline | SCANNER-ANALYZERS-PHP-27-001 | DOEN0102 | |
| ENG-0011 | TODO | SPRINT_0138_0001_0001_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Deno analyzer doc | Deno analyzer doc | DOEN0102 | |
| ENG-0012 | TODO | SPRINT_0138_0001_0001_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Dart | EntryTrace doc dependency (DOEM0101) | EntryTrace doc dependency (DOEM0101) | DOEN0102 | |
| ENG-0013 | TODO | SPRINT_0138_0001_0001_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Swift | Swift analyzer doc outline | Swift analyzer doc outline | DOEN0102 | |
| ENG-0014 | TODO | SPRINT_0138_0001_0001_scanner_ruby_parity | Docs Guild · Analyzer Guild | docs/modules/scanner | Runtime/Zastava notes | Runtime/Zastava notes | DOEN0102 | |
| ENG-0015 | DONE | 2025-11-13 | SPRINT_0138_0001_0001_scanner_ruby_parity | Docs Guild · Analyzer Guild | docs/modules/scanner | Summarize export center tie-in | Summarize export center tie-in | DOEN0102 |
| ENG-0016 | DONE | 2025-11-10 | SPRINT_0138_0001_0001_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Analyzer doc evidence | SCANNER-ENG-0009 | DOEN0102 |
| ENG-0017 | DONE | 2025-11-09 | SPRINT_0138_0001_0001_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Analyzer doc evidence | SCANNER-ENG-0016 | DOEN0102 |
| ENG-0018 | DONE | 2025-11-09 | SPRINT_0138_0001_0001_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Analyzer doc evidence | SCANNER-ENG-0017 | DOEN0102 |
| ENG-0019 | DONE | 2025-11-13 | SPRINT_0138_0001_0001_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Analyzer doc evidence | SCANNER-ENG-0016..0018 | DOEN0102 |
| ENG-0020 | TODO | SPRINT_0136_0001_0001_scanner_surface | Docs Guild · Scanner Guild | docs/modules/scanner | Need surface doc context | Need surface doc context | DOEN0103 | |
| ENG-0021 | TODO | SPRINT_0136_0001_0001_scanner_surface | Docs Guild · Scanner Guild | docs/modules/scanner | Same as #1 | Same as #1 | DOEN0103 | |
| ENG-0022 | TODO | SPRINT_0136_0001_0001_scanner_surface | Docs Guild · Scanner Guild | docs/modules/scanner | Policy integration reference | Policy integration reference | DOEN0103 | |
| ENG-0023 | TODO | SPRINT_0136_0001_0001_scanner_surface | Docs Guild · Scanner Guild | docs/modules/scanner | Offline kit/policy integration | Offline kit/policy integration | DOEN0103 | |
| ENG-0024 | TODO | SPRINT_0136_0001_0001_scanner_surface | Docs Guild · Scanner Guild | docs/modules/scanner | Surface doc refresh | Surface doc refresh | DOEN0103 | |
| ENG-0025 | TODO | SPRINT_0136_0001_0001_scanner_surface | Docs Guild · Scanner Guild | docs/modules/scanner | Surface doc refresh | Surface doc refresh | DOEN0103 | |
| ENG-0026 | TODO | SPRINT_0136_0001_0001_scanner_surface | Docs Guild · Scanner Guild | docs/modules/scanner | Surface doc refresh | Surface doc refresh | DOEN0103 | |
| ENG-0027 | TODO | SPRINT_0136_0001_0001_scanner_surface | Docs Guild · Scanner Guild | docs/modules/scanner | Policy/offline integration doc | Policy/offline integration doc | DOEN0103 | |
| ENGINE-20-002 | BLOCKED | 2025-10-26 | SPRINT_124_policy_reasoning | Docs Guild · Policy Guild | src/Policy/StellaOps.Policy.Engine | Need ADR references | Need ADR references | DOPE0101 |
| ENGINE-20-003 | TODO | SPRINT_124_policy_reasoning | Docs Guild · Policy Guild · Concelier & Excititor Guilds | src/Policy/StellaOps.Policy.Engine | Depends on #1 | POLICY-ENGINE-20-002 | DOPE0101 | |
| ENGINE-20-004 | TODO | SPRINT_124_policy_reasoning | Docs Guild · Storage Guild | src/Policy/StellaOps.Policy.Engine | Needs storage notes | POLICY-ENGINE-20-003 | DOPE0101 | |
| ENGINE-20-005 | TODO | SPRINT_124_policy_reasoning | Docs Guild · Policy Runtime Guild | src/Policy/StellaOps.Policy.Engine | Requires policy runtime notes | POLICY-ENGINE-20-004 | DOPE0101 | |
| ENGINE-20-006 | TODO | SPRINT_124_policy_reasoning | Docs Guild · Policy Guild | src/Policy/StellaOps.Policy.Engine | Need runtime ADR | POLICY-ENGINE-20-005 | DOPE0102 | |
| ENGINE-20-007 | TODO | SPRINT_124_policy_reasoning | Docs Guild · Storage Guild | src/Policy/StellaOps.Policy.Engine | Need storage ADR | POLICY-ENGINE-20-006 | DOPE0102 | |
| ENGINE-20-008 | TODO | SPRINT_124_policy_reasoning | Docs Guild · Observability Guild | src/Policy/StellaOps.Policy.Engine | Need observability updates | POLICY-ENGINE-20-007 | DOPE0102 | |
| ENGINE-20-009 | TODO | SPRINT_124_policy_reasoning | Docs Guild · DevOps Guild | src/Policy/StellaOps.Policy.Engine | Need DevOps deployment plan | POLICY-ENGINE-20-008 | DOPE0102 | |
| ENGINE-27-001 | TODO | SPRINT_124_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-20-009 | POLICY-ENGINE-20-009 | DOPE0103 | |
| ENGINE-27-002 | TODO | SPRINT_124_policy_reasoning | Policy + Observability Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-27-001 | POLICY-ENGINE-27-001 | DOPE0103 | |
| ENGINE-29-001 | TODO | SPRINT_124_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-27-004 | POLICY-ENGINE-27-004 | DOPE0103 | |
| ENGINE-29-002 | TODO | SPRINT_124_policy_reasoning | Policy + Findings Ledger Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-29-001 | POLICY-ENGINE-29-001 | DOPE0103 | |
| ENGINE-29-003 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy + SBOM Service Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-29-002 | POLICY-ENGINE-29-002 | DOPE0103 | |
| ENGINE-29-004 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy + Observability Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-29-003 | POLICY-ENGINE-29-003 | DOPE0103 | |
| ENGINE-30-001 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy + Cartographer Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-29-004 | POLICY-ENGINE-29-004 | DOPE0103 | |
| ENGINE-30-002 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy + Cartographer Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-30-001 | POLICY-ENGINE-30-001 | DOPE0103 | |
| ENGINE-30-003 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy + Scheduler Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-30-002 | POLICY-ENGINE-30-002 | DOPE0103 | |
| ENGINE-30-101 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-30-003 | POLICY-ENGINE-30-003 | DOPE0103 | |
| ENGINE-31-001 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-30-101 | POLICY-ENGINE-30-101 | DOPE0104 | |
| ENGINE-31-002 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-31-001 | POLICY-ENGINE-31-001 | DOPE0104 | |
| ENGINE-32-101 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-31-002 | POLICY-ENGINE-31-002 | DOPE0104 | |
| ENGINE-33-101 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-32-101 | POLICY-ENGINE-32-101 | DOPE0104 | |
| ENGINE-34-101 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-33-101 | POLICY-ENGINE-33-101 | DOPE0104 | |
| ENGINE-35-201 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-34-101 | POLICY-ENGINE-34-101 | DOPE0104 | |
| ENGINE-38-201 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-35-201 | POLICY-ENGINE-35-201 | DOPE0104 | |
| ENGINE-40-001 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy + Concelier Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-38-201 | POLICY-ENGINE-38-201 | DOPE0104 | |
| ENGINE-40-002 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy + Excititor Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-40-001 | POLICY-ENGINE-40-001 | DOPE0104 | |
| ENGINE-40-003 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy + Web Scanner Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-40-002 | POLICY-ENGINE-40-002 | DOPE0104 | |
| ENGINE-401-003 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild (src/Policy/StellaOps.Policy.Engine, docs/modules/policy/architecture.md) |
src/Policy/StellaOps.Policy.Engine, docs/modules/policy/architecture.md |
Reachability/forensics appendix referencing DORC0101. | — | DOPE0105 | |
| ENGINE-50-001 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy + Platform Security / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-40-003 | POLICY-ENGINE-40-003 | DOPE0105 | |
| ENGINE-50-002 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy + Runtime Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-50-001 | POLICY-ENGINE-50-001 | DOPE0105 | |
| ENGINE-50-003 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy + Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-50-002 | POLICY-ENGINE-50-002 | DOPE0105 | |
| ENGINE-50-004 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy + Platform Events Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-50-003 | POLICY-ENGINE-50-003 | DOPE0105 | |
| ENGINE-50-005 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy + Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-50-004 | POLICY-ENGINE-50-004 | DOPE0105 | |
| ENGINE-50-006 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy + QA Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-50-005 | POLICY-ENGINE-50-005 | DOPE0105 | |
| ENGINE-50-007 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy + Scheduler Worker Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-50-006 | POLICY-ENGINE-50-006 | DOPE0105 | |
| ENGINE-60-001 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy + SBOM Service Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-50-007 | POLICY-ENGINE-50-007 | DOPE0105 | |
| ENGINE-60-002 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy + BE-Base Platform Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-60-001 | POLICY-ENGINE-60-001 | DOPE0105 | |
| ENGINE-66-001 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Baseline collections + indexes doc. | — | DORG0101 |
| ENGINE-66-002 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-66-001 | RISK-ENGINE-66-001 | DORG0101 | |
| ENGINE-67-001 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk + Concelier Guilds / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-66-002 | RISK-ENGINE-66-002 | DORG0101 |
| ENGINE-67-002 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk + Excititor Guilds / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-67-001 | RISK-ENGINE-67-001 | DORG0101 |
| ENGINE-67-003 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk + Policy Engine Guilds / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-67-002 | RISK-ENGINE-67-002 | DORG0101 |
| ENGINE-68-001 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk + Findings Ledger Guilds / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-67-003 | RISK-ENGINE-67-003 | DORG0101 |
| ENGINE-68-002 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk + API Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-68-001 | RISK-ENGINE-68-001 | DORG0101 |
| ENGINE-69-001 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Risk + Policy Studio Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-68-002 | RISK-ENGINE-68-002 | DORG0101 | |
| ENGINE-69-002 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Risk + Observability Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-69-001 | RISK-ENGINE-69-001 | DORG0101 | |
| ENGINE-70-001 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Risk + Export Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-69-002 | RISK-ENGINE-69-002 | DORG0101 | |
| ENGINE-70-002 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy + Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-60-002 | POLICY-ENGINE-60-002 | DOPE0106 | |
| ENGINE-70-003 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy + Runtime Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-70-002 | POLICY-ENGINE-70-002 | DOPE0106 | |
| ENGINE-70-004 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy + Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-70-003 | POLICY-ENGINE-70-003 | DOPE0106 | |
| ENGINE-70-005 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy + Scheduler Worker Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-70-004 | POLICY-ENGINE-70-004 | DOPE0106 | |
| ENGINE-80-001 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy + Signals Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-70-005 | POLICY-ENGINE-70-005 | DOPE0106 | |
| ENGINE-80-002 | TODO | SPRINT_0127_0001_0001_policy_reasoning | Policy + Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-80-001 | POLICY-ENGINE-80-001 | DOPE0106 | |
| ENGINE-80-003 | TODO | SPRINT_0127_0001_0001_policy_reasoning | Policy + Policy Editor Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-80-002 | POLICY-ENGINE-80-002 | DOPE0106 | |
| ENGINE-80-004 | TODO | SPRINT_0127_0001_0001_policy_reasoning | Policy + Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-80-003 | POLICY-ENGINE-80-003 | DOPE0106 | |
| ENGINE-DOCS-0001 | TODO | SPRINT_0325_0001_0001_docs_modules_policy | Docs Guild (docs/modules/policy) | docs/modules/policy | Refresh module overview + governance ladder. | — | DOPE0107 | |
| ENGINE-ENG-0001 | TODO | SPRINT_0325_0001_0001_docs_modules_policy | Module Team (docs/modules/policy) | docs/modules/policy | Capture engineering guidelines + acceptance tests. | — | DOPE0107 | |
| ENGINE-OPS-0001 | TODO | SPRINT_0325_0001_0001_docs_modules_policy | Ops Guild (docs/modules/policy) | docs/modules/policy | Operations runbook (deploy/rollback) pointer. | — | DOPE0107 | |
| ENTROPY-186-011 | TODO | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild · Provenance Guild | src/Scanner/StellaOps.Scanner.Worker, src/Scanner/__Libraries |
SCANNER-ENTRYTRACE-18-508 | SCANNER-ENTRYTRACE-18-508 | SCDE0101 | |
| ENTROPY-186-012 | TODO | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild · Provenance Guild | src/Scanner/StellaOps.Scanner.WebService, docs/replay/DETERMINISTIC_REPLAY.md |
ENTROPY-186-011 | ENTROPY-186-011 | SCDE0102 | |
| ENTROPY-70-004 | TODO | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Scanner Guild | docs/modules/scanner/determinism.md | ENTROPY-186-011/012 | ENTROPY-186-011/012 | DOSC0102 | |
| ENTRYTRACE-18-502 | TODO | SPRINT_0135_0001_0001_scanner_surface | EntryTrace Guild · Scanner Surface Guild | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | SCANNER-ENTRYTRACE-18-508 | SCANNER-ENTRYTRACE-18-508 | SCET0101 | |
| ENTRYTRACE-18-503 | TODO | SPRINT_0135_0001_0001_scanner_surface | EntryTrace Guild · Scanner Surface Guild | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | ENTRYTRACE-18-502 | ENTRYTRACE-18-502 | SCET0101 | |
| ENTRYTRACE-18-504 | TODO | SPRINT_0136_0001_0001_scanner_surface | EntryTrace Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace) | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | SCANNER-ENTRYTRACE-18-503 | SCANNER-ENTRYTRACE-18-503 | SCSS0102 | |
| ENTRYTRACE-18-505 | TODO | SPRINT_0136_0001_0001_scanner_surface | EntryTrace Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace) | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | SCANNER-ENTRYTRACE-18-504 | SCANNER-ENTRYTRACE-18-504 | SCSS0102 | |
| ENTRYTRACE-18-506 | TODO | SPRINT_0136_0001_0001_scanner_surface | EntryTrace Guild · Scanner WebService Guild | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | ENTRYTRACE-18-505 | ENTRYTRACE-18-505 | SCET0101 | |
| ENV-01 | DONE | 2025-11-13 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Zastava Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | SCEN0101 | ||
| ENV-02 | DOING (2025-11-02) | 2025-11-02 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild · Zastava Guild | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | SURFACE-ENV-01 | SURFACE-ENV-01 | SCEN0101 |
| ENV-03 | TODO | SPRINT_0136_0001_0001_scanner_surface | BuildX Plugin Guild | src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin | SCANNER-ENV-02 | SCANNER-ENV-02 | SCBX0101 | |
| ENV-04 | TODO | SPRINT_0136_0001_0001_scanner_surface | Zastava Guild · Scanner Env Guild | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | SURFACE-ENV-02 | SURFACE-ENV-02 | SCEN0101 | |
| ENV-05 | TODO | SPRINT_0136_0001_0001_scanner_surface | Ops Guild · Scanner Env Guild | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | SURFACE-ENV-03 & SURFACE-ENV-04 | SURFACE-ENV-03; SURFACE-ENV-04 | SCEN0101 | |
| EVENTS-16-301 | BLOCKED (2025-10-26) | 2025-10-26 | SPRINT_0136_0001_0001_scanner_surface | Scanner WebService Guild (src/Scanner/StellaOps.Scanner.WebService) |
src/Scanner/StellaOps.Scanner.WebService | SCDE0102 landing | SCDE0102 landing | SCEV0101 |
| EVID-CRYPTO-90-001 | TODO | SPRINT_160_export_evidence | Evidence Locker + Security Guilds (src/EvidenceLocker/StellaOps.EvidenceLocker) |
src/EvidenceLocker/StellaOps.EvidenceLocker | Evidence Locker + Security Guilds · ICryptoProviderRegistry integration |
ATEL0101 contracts | EVEC0101 | |
| EVID-OBS-54-002 | TODO | SPRINT_161_evidencelocker | Evidence Locker Guild (src/EvidenceLocker/StellaOps.EvidenceLocker) |
src/EvidenceLocker/StellaOps.EvidenceLocker |
Finalize deterministic bundle packaging + DSSE layout per docs/modules/evidence-locker/bundle-packaging.md, ensuring parity with portable/incident modes. |
EVID-CRYPTO-90-001 | EVEC0101 | |
| EVID-REPLAY-187-001 | TODO | SPRINT_160_export_evidence | Evidence Locker Guild · docs/modules/evidence-locker/architecture.md | docs/modules/evidence-locker/architecture.md | Evidence Locker Guild · docs/modules/evidence-locker/architecture.md | EVID-CRYPTO-90-001 | EVEC0101 | |
| EXC-25-001 | TODO | SPRINT_0202_0001_0002_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) |
src/Cli/StellaOps.Cli | DOOR0102 APIs | DOOR0102 APIs | CLEX0101 | |
| EXC-25-002 | TODO | SPRINT_0202_0001_0002_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) |
src/Cli/StellaOps.Cli | EXC-25-001 | EXC-25-001 | CLEX0101 | |
| EXC-25-006 | TODO | SPRINT_303_docs_tasks_md_iii | Docs Guild · DevEx Guild | docs/modules/excititor | CLEX0101 CLI updates | CLEX0101 CLI updates | DOEX0101 | |
| EXC-25-007 | TODO | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · DevOps Guild | docs/modules/excititor | UIEX0101 console outputs | UIEX0101 console outputs | DOEX0101 | |
| EXCITITOR-AIAI-31-001 | DONE | 2025-11-12 | SPRINT_0119_0001_0001_excititor_i | Excititor Web/Core Guilds | src/Excititor/StellaOps.Excititor.WebService | Normalised VEX justification projections shipped. | EXWK0101 | |
| EXCITITOR-AIAI-31-002 | DONE | 2025-11-17 | SPRINT_0119_0001_0001_excititor_i | Excititor Web/Core Guilds | src/Excititor/StellaOps.Excititor.WebService | Chunk API streaming raw statements + signature metadata with tenant/policy filters. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ELOCKER-CONTRACT-2001 | EXAI0101 |
| EXCITITOR-AIAI-31-003 | DONE | 2025-11-17 | SPRINT_0119_0001_0001_excititor_i | Excititor Observability Guild | src/Excititor/StellaOps.Excititor.WebService | Telemetry/guardrail metrics (counters, chunk histograms, signature failure + AOC guard meters); traces pending span sink. | EXCITITOR-AIAI-31-002 | EXAI0101 |
| EXCITITOR-AIAI-31-004 | DONE | 2025-11-18 | SPRINT_0119_0001_0001_excititor_i | Docs Guild · Excititor Guild | docs/modules/excititor/evidence-contract.md | Advisory-AI evidence contract + determinism guarantees and storage mapping. | EXCITITOR-AIAI-31-002 | EXAI0101 |
| EXCITITOR-AIRGAP-56 | DONE (2025-11-22) | 2025-11-22 | SPRINT_110_ingestion_evidence | Excititor Guild · AirGap Guilds | Air-gap ingest parity delivered; connector trust enforced. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | EXAG0101 | |
| EXCITITOR-AIRGAP-56-001 | DOING (2025-11-22) | 2025-11-22 | SPRINT_0119_0001_0001_excititor_i | Excititor Core Guild (src/Excititor/__Libraries/StellaOps.Excititor.Core) |
src/Excititor/__Libraries/StellaOps.Excititor.Core | Wire mirror bundle ingestion paths that preserve upstream digests, bundle IDs, and provenance metadata exactly so offline Advisory-AI/Lens deployments can replay evidence with AOC parity. | EXCITITOR-AIRGAP-56 | EXAG0101 |
| EXCITITOR-AIRGAP-57 | DONE (2025-11-22) | 2025-11-22 | SPRINT_110_ingestion_evidence | Excititor Guild · AirGap Guilds | Time-anchor import path aligned with Evidence Locker contract. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | EXAG0101 | |
| EXCITITOR-AIRGAP-57-001 | DONE (2025-11-24) | 2025-11-22 | SPRINT_0119_0001_0001_excititor_i | Excititor AirGap Policy Guild (src/Excititor/__Libraries/StellaOps.Excititor.Core) |
src/Excititor/__Libraries/StellaOps.Excititor.Core | Enforce sealed-mode policies that disable external connectors, emit actionable remediation errors, and record staleness annotations that Advisory AI can surface as “evidence freshness” signals. Depends on EXCITITOR-AIRGAP-56-001. | EXCITITOR-AIRGAP-57 | EXAG0101 |
| EXCITITOR-AIRGAP-58 | DONE (2025-11-22) | 2025-11-22 | SPRINT_110_ingestion_evidence | Excititor Guild · AirGap Guilds | Import/export automation delivered for frozen schema. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | EXAG0101 | |
| EXCITITOR-AIRGAP-58-001 | DONE (2025-11-24) | 2025-11-22 | SPRINT_0119_0001_0001_excititor_i | Excititor Core + Evidence Locker Guilds | src/Excititor/__Libraries/StellaOps.Excititor.Core | Package tenant-scoped VEX evidence (raw JSON, normalization diff, provenance) into portable bundles tied to timeline events so Advisory AI can hydrate contexts in sealed environments. Depends on EXCITITOR-AIRGAP-57-001. | EXCITITOR-AIRGAP-58 | EXAG0101 |
| EXCITITOR-ATTEST-01-003 | DONE | 2025-11-17 | SPRINT_0119_0001_0001_excititor_i | Excititor Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Attestation verifier harness + diagnostics prove DSSE bundle verification without consensus logic. | EXCITITOR-AIAI-31-002; ELOCKER-CONTRACT-2001 | EXAT0101 |
| EXCITITOR-ATTEST-73-001 | DONE | 2025-11-17 | SPRINT_0119_0001_0001_excititor_i | Excititor Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Attestation payloads emitted with supplier identity, justification summary, and scope metadata for trust chaining. | EXCITITOR-ATTEST-01-003 | EXAT0101 |
| EXCITITOR-ATTEST-73-002 | DONE | 2025-11-17 | SPRINT_0119_0001_0001_excititor_i | Excititor Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | APIs link attestation IDs back to observation/linkset/product tuples for provenance citations without derived verdicts. | EXCITITOR-ATTEST-73-001 | EXAT0101 |
| EXCITITOR-CONN-SUSE-01-003 | TODO | SPRINT_0120_0001_0002_excititor_ii | Excititor Guild (SUSE connector) | src/Excititor/__Libraries/StellaOps.Excititor.Connectors.SUSE.RancherVEXHub | DONE (2025-11-09) – Emit provider trust configuration (signer fingerprints, trust tier notes) into the raw provenance envelope so downstream VEX Lens/Policy components can weigh issuers. Connector must not apply weighting or consensus inside ingestion. | EXCITITOR-CONN-SUSE-01-002; EXCITITOR-POLICY-01-001 | EXCN0101 | |
| EXCITITOR-CONN-TRUST-01-001 | DONE | 2025-11-20 | SPRINT_0119_0001_0001_excititor_i | Excititor Guild · AirGap Guilds | src/Excititor/__Libraries/StellaOps.Excititor.Connectors* | Signer metadata loader/enricher wired for MSRC/Oracle/Ubuntu/OpenVEX connectors; env STELLAOPS_CONNECTOR_SIGNER_METADATA_PATH; docs + sample hash shipped. |
CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | EXCN0101 |
| EXCITITOR-CONN-UBUNTU-01-003 | TODO | SPRINT_0120_0001_0002_excititor_ii | Excititor Guild (Ubuntu connector) | src/Excititor/__Libraries/StellaOps.Excititor.Connectors.Ubuntu.CSAF | DONE (2025-11-09) – Emit Ubuntu signing metadata (GPG fingerprints, issuer trust tier) inside raw provenance artifacts so downstream Policy/VEX Lens consumers can weigh issuers. Connector must remain aggregation-only with no inline weighting. | EXCITITOR-CONN-UBUNTU-01-002 | EXCN0101 | |
| EXCITITOR-CONSOLE-23-001 | DONE (2025-11-23) | SPRINT_0120_0001_0002_excititor_ii | Excititor Guild · Docs Guild | src/Excititor/StellaOps.Excititor.WebService | Expose /console/vex endpoints returning grouped VEX statements per advisory/component with status chips, justification metadata, precedence trace pointers, and tenant-scoped filters for Console explorer. Dependencies: EXCITITOR-LNM-21-201, EXCITITOR-LNM-21-202. |
DOCN0101 | EXCO0101 | |
| EXCITITOR-CONSOLE-23-002 | DONE (2025-11-23) | SPRINT_0120_0001_0002_excititor_ii | Excititor Guild | src/Excititor/StellaOps.Excititor.WebService | Provide aggregated counts for VEX overrides (new, not_affected, revoked) powering Console dashboard + live status ticker; emit metrics for policy explain integration. Dependencies: EXCITITOR-CONSOLE-23-001, EXCITITOR-LNM-21-203. | EXCITITOR-CONSOLE-23-001 | EXCO0101 | |
| EXCITITOR-CONSOLE-23-003 | DONE (2025-11-23) | SPRINT_0120_0001_0002_excititor_ii | Excititor Guild | src/Excititor/StellaOps.Excititor.WebService | Deliver rapid lookup endpoints of VEX by advisory/component for Console global search; ensure response includes provenance and precedence context; include caching and RBAC. Dependencies: EXCITITOR-CONSOLE-23-001. | EXCITITOR-CONSOLE-23-001 | EXCO0101 | |
| EXCITITOR-CORE-AOC-19-002 | TODO | SPRINT_0120_0001_0002_excititor_ii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Implement deterministic extraction of advisory IDs, component PURLs, and references into linkset, capturing reconciled-from metadata for traceability. |
Link-Not-Merge schema | EXCA0101 | |
| EXCITITOR-CORE-AOC-19-003 | TODO | SPRINT_0120_0001_0002_excititor_ii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Enforce (vendor, upstreamId, contentHash, tenant) uniqueness, generate supersedes chains, and ensure append-only versioning of raw VEX documents. Dependencies: EXCITITOR-CORE-AOC-19-002. |
EXCITITOR-CORE-AOC-19-002 | EXCA0101 | |
| EXCITITOR-CORE-AOC-19-004 | TODO | SPRINT_0120_0001_0002_excititor_ii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Excise consensus/merge/severity logic from Excititor ingestion paths, updating exports/tests to rely on Policy Engine materializations instead. Dependencies: EXCITITOR-CORE-AOC-19-003. | EXCITITOR-CORE-AOC-19-003 | EXCA0101 | |
| EXCITITOR-CORE-AOC-19-013 | TODO | SPRINT_0120_0001_0002_excititor_ii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Update Excititor smoke/e2e suites to seed tenant-aware Authority clients and ensure cross-tenant VEX ingestion is rejected. Dependencies: EXCITITOR-CORE-AOC-19-004. | EXCITITOR-CORE-AOC-19-004 | EXCA0101 | |
| EXCITITOR-CRYPTO-90-001 | TODO | SPRINT_0124_0001_0006_excititor_vi | WebService + Security Guilds | src/Excititor/StellaOps.Excititor.WebService | Replace ad-hoc hashing/signing in connectors/exporters/OpenAPI discovery with ICryptoProviderRegistry implementations approved by security so evidence verification stays deterministic across crypto profiles. |
ATEL0101 | EXWS0101 | |
| EXCITITOR-DOCS-0001 | DOING (2025-10-29) | 2025-10-29 | SPRINT_333_docs_modules_excititor | Docs Guild | docs/modules/excititor | See ./AGENTS.md | — | DOEX0102 |
| EXCITITOR-ENG-0001 | TODO | SPRINT_333_docs_modules_excititor | Module Team · Docs Guild | docs/modules/excititor | Update status via ./AGENTS.md workflow | DOEX0101 evidence | DOEX0102 | |
| EXCITITOR-GRAPH-21-001 | TODO | 2025-10-27 | SPRINT_0120_0001_0002_excititor_ii | Excititor Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Provide batched VEX/advisory reference fetches keyed by graph node PURLs so UI inspector can display raw documents and justification metadata. | Link-Not-Merge schema | EXGR0101 |
| EXCITITOR-GRAPH-21-002 | TODO | 2025-10-27 | SPRINT_0120_0001_0002_excititor_ii | Excititor Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Ensure overlay metadata includes VEX justification summaries and document versions for Cartographer overlays; update fixtures/tests. Dependencies: EXCITITOR-GRAPH-21-001. | EXCITITOR-GRAPH-21-001 | EXGR0101 |
| EXCITITOR-GRAPH-21-005 | TODO | 2025-10-27 | SPRINT_0120_0001_0002_excititor_ii | Excititor Guild | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo | Add indexes/materialized views for VEX lookups by PURL/policy to support Cartographer inspector performance; document migrations. Dependencies: EXCITITOR-GRAPH-21-002. | EXCITITOR-GRAPH-21-002 | EXGR0101 |
| EXCITITOR-GRAPH-24-101 | DONE (2025-11-25) | SPRINT_0120_0001_0002_excititor_ii | Excititor Guild | src/Excititor/StellaOps.Excititor.WebService | Provide endpoints delivering VEX status summaries per component/asset for Vuln Explorer integration. Dependencies: EXCITITOR-GRAPH-21-005. | EXCITITOR-GRAPH-21-002 | EXGR0101 | |
| EXCITITOR-GRAPH-24-102 | DONE (2025-11-25) | SPRINT_0120_0001_0002_excititor_ii | Excititor Guild | src/Excititor/StellaOps.Excititor.WebService | Add batch VEX observation retrieval optimized for Graph overlays/tooltips. Dependencies: EXCITITOR-GRAPH-24-101. | EXCITITOR-GRAPH-24-101 | EXGR0101 | |
| EXCITITOR-LNM-21-001 | TODO | SPRINT_0121_0001_0003_excititor_iii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo | Stand up vex_observations and vex_linksets collections with shard keys, tenant guards, and migrations that retire any residual merge-era data without mutating raw content. |
Link-Not-Merge schema | EXLN0101 | |
| EXCITITOR-LNM-21-002 | TODO | SPRINT_0121_0001_0003_excititor_iii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Capture disagreement metadata (status + justification deltas) directly inside linksets with confidence scores so downstream consumers can highlight conflicts without Excititor choosing winners. Depends on EXCITITOR-LNM-21-001. | EXCITITOR-LNM-21-001 | EXLN0101 | |
| EXCITITOR-LNM-21-003 | TODO | SPRINT_0121_0001_0003_excititor_iii | Excititor Core + Platform Events Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Emit vex.linkset.updated events and describe payload shape (observation ids, confidence, conflict summary) so Policy/Lens/UI can subscribe while Excititor stays aggregation-only. Depends on EXCITITOR-LNM-21-002. |
EXCITITOR-LNM-21-002 | EXLN0101 | |
| EXCITITOR-LNM-21-201 | DONE (2025-11-25) | SPRINT_0121_0001_0003_excititor_iii | Excititor WebService Guild | src/Excititor/StellaOps.Excititor.WebService | Ship /vex/observations read endpoints with filters for advisory/product/issuer, strict RBAC, and deterministic pagination (no derived verdict fields). Depends on EXCITITOR-LNM-21-003. |
EXCITITOR-LNM-21-001 | EXLN0101 | |
| EXCITITOR-LNM-21-202 | DONE (2025-11-25) | SPRINT_0121_0001_0003_excititor_iii | Excititor WebService Guild | src/Excititor/StellaOps.Excititor.WebService | Provide /vex/linksets + export endpoints that surface alias mappings, conflict markers, and provenance proofs exactly as stored; errors must map to ERR_AGG_*. Depends on EXCITITOR-LNM-21-201. |
EXCITITOR-LNM-21-201 | EXLN0101 | |
| EXCITITOR-LNM-21-203 | TODO | SPRINT_0121_0001_0003_excititor_iii | Excititor WebService Guild | src/Excititor/StellaOps.Excititor.WebService | Update OpenAPI, SDK smoke tests, and documentation to cover the new observation/linkset endpoints with realistic examples Advisory AI/Lens teams can rely on. Depends on EXCITITOR-LNM-21-202. | EXCITITOR-LNM-21-202 | EXLN0101 | |
| EXCITITOR-OBS-51-001 | TODO | SPRINT_0121_0001_0003_excititor_iii | Excititor Core Guild · DevOps Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Publish ingest latency, scope resolution success, conflict rate, and signature verification metrics plus SLO burn alerts so we can prove Excititor meets the AOC “evidence freshness” mission. | Wait for 046_TLTY0101 span schema | EXOB0101 | |
| EXCITITOR-OBS-52-001 | TODO | SPRINT_0122_0001_0004_excititor_iv | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Emit timeline_event entries for every ingest/linkset change with trace IDs, justification summaries, and evidence hashes so downstream systems can replay the raw facts chronologically. Depends on EXCITITOR-OBS-51-001. |
Needs #1 merged for correlation IDs | EXOB0101 | |
| EXCITITOR-OBS-53-001 | TODO | SPRINT_0122_0001_0004_excititor_iv | Excititor Core Guild · Evidence Locker Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Build locker payloads (raw doc, normalization diff, provenance) and Merkle manifests so sealed-mode sites can audit evidence without Excititor reinterpreting it. Depends on EXCITITOR-OBS-52-001. | Blocked on Evidence Locker DSSE hooks (002_ATEL0101) | EXOB0101 | |
| EXCITITOR-OBS-54-001 | TODO | SPRINT_0122_0001_0004_excititor_iv | Excititor Core Guild · Provenance Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Attach DSSE attestations to every evidence batch, verify chains via Provenance tooling, and surface attestation IDs on timeline events. Depends on EXCITITOR-OBS-53-001. | Requires provenance schema from 005_ATLN0101 | EXOB0101 | |
| EXCITITOR-OPS-0001 | TODO | SPRINT_333_docs_modules_excititor | Ops Guild · Docs Guild | docs/modules/excititor | Sync outcomes back to ../.. | DOEX0101 runbooks | DOEX0102 | |
| EXCITITOR-ORCH-32-001 | TODO | SPRINT_0122_0001_0004_excititor_iv | Excititor Worker Guild (src/Excititor/StellaOps.Excititor.Worker) |
src/Excititor/StellaOps.Excititor.Worker | Adopt the orchestrator worker SDK for Excititor jobs, emitting heartbeats/progress/artifact hashes so ingestion remains deterministic and restartable without reprocessing evidence. | DOOR0102 APIs | EXWS0101 | |
| EXCITITOR-ORCH-33-001 | TODO | SPRINT_0122_0001_0004_excititor_iv | Excititor Worker Guild (src/Excititor/StellaOps.Excititor.Worker) |
src/Excititor/StellaOps.Excititor.Worker | Honor orchestrator pause/throttle/retry commands, persist checkpoints, and classify error outputs to keep ingestion safe under outages. Depends on EXCITITOR-ORCH-32-001. | EXCITITOR-ORCH-32-001 | EXWS0101 | |
| EXCITITOR-POLICY-20-001 | TODO | SPRINT_0122_0001_0004_excititor_iv | WebService Guild | src/Excititor/StellaOps.Excititor.WebService | Provide VEX lookup APIs (PURL/advisory batching, scope filters, tenant enforcement) that Policy Engine uses to join evidence without Excititor performing any verdict logic. Depends on EXCITITOR-AOC-20-004. | DOLN0101 | EXWS0101 | |
| EXCITITOR-POLICY-20-002 | TODO | SPRINT_0122_0001_0004_excititor_iv | Excititor Core Guild (src/Excititor/__Libraries/StellaOps.Excititor.Core) | src/Excititor/__Libraries/StellaOps.Excititor.Core | Enhance linksets with scope resolution + version range metadata so Policy/Reachability can reason about applicability while Excititor continues to report only raw context. Depends on EXCITITOR-POLICY-20-001. | EXWK0101 | ||
| EXCITITOR-RISK-66-001 | TODO | SPRINT_0122_0001_0004_excititor_iv | Excititor Core Guild · Risk Engine Guild (src/Excititor/__Libraries/StellaOps.Excititor.Core) |
src/Excititor/__Libraries/StellaOps.Excititor.Core | Publish risk-engine ready feeds (status, justification, provenance) with zero derived severity so gating services can reference Excititor as a source of truth. Depends on EXCITITOR-POLICY-20-002. | CONCELIER-GRAPH-21-001/002 | EXRS0101 | |
| EXCITITOR-STORE-AOC-19-001 | TODO | SPRINT_0123_0001_0005_excititor_v | Storage Guild (src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo) |
src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo | Ship Mongo JSON Schema + validator tooling (including Offline Kit instructions) so operators can prove Excititor stores only immutable evidence. | Link-Not-Merge schema | EXSM0101 | |
| EXCITITOR-STORE-AOC-19-002 | TODO | SPRINT_0123_0001_0005_excititor_v | Storage + DevOps Guilds (src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo) |
src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo | Create unique indexes, run migrations/backfills, and document rollback steps for the new schema validator. Depends on EXCITITOR-STORE-AOC-19-001. | STORE-AOC-19-001 | EXSM0101 | |
| EXCITITOR-VEXLENS-30-001 | TODO | SPRINT_0123_0001_0005_excititor_v | Excititor WebService Guild · VEX Lens Guild | src/Excititor/StellaOps.Excititor.WebService | Ensure every observation exported to VEX Lens carries issuer hints, signature blobs, product tree snippets, and staleness metadata so the lens can compute consensus without calling back into Excititor. | — | PLVL0103 | |
| EXCITITOR-VULN-29-001 | TODO | SPRINT_0123_0001_0005_excititor_v | Excititor WebService Guild (src/Excititor/StellaOps.Excititor.WebService) |
src/Excititor/StellaOps.Excititor.WebService | Canonicalize advisory/product keys (map to advisory_key, capture scope metadata) while preserving original identifiers in links[]; run backfill + regression tests. |
EXWS0101 | EXVN0101 | |
| EXCITITOR-VULN-29-002 | TODO | SPRINT_0123_0001_0005_excititor_v | Excititor WebService Guild | src/Excititor/StellaOps.Excititor.WebService | Provide /vuln/evidence/vex/{advisory_key} returning tenant-scoped raw statements, provenance, and attestation references for Vuln Explorer evidence tabs. Depends on EXCITITOR-VULN-29-001. |
EXCITITOR-VULN-29-001 | EXVN0101 | |
| EXCITITOR-VULN-29-004 | TODO | SPRINT_0123_0001_0005_excititor_v | Excititor WebService + Observability Guilds | src/Excititor/StellaOps.Excititor.WebService | Add metrics/logs for normalization errors, suppression scopes, withdrawn statements, and feed them to Vuln Explorer + Advisory AI dashboards. Depends on EXCITITOR-VULN-29-002. | EXCITITOR-VULN-29-001 | EXVN0101 | |
| EXCITITOR-WEB-AIRGAP-58-001 | TODO | SPRINT_0124_0001_0006_excititor_vi | WebService Guild · AirGap Guilds | src/Excititor/StellaOps.Excititor.WebService | Emit timeline events + audit logs for mirror bundle imports (bundle ID, scope, actor) and map sealed-mode violations to actionable remediation guidance. | EXAG0101 | EXWS0101 | |
| EXCITITOR-WEB-OAS-61-001 | TODO | SPRINT_0124_0001_0006_excititor_vi | WebService Guild | src/Excititor/StellaOps.Excititor.WebService | Implement /.well-known/openapi with spec version metadata plus standard error envelopes, then update controller/unit tests accordingly. |
DOOR0102 | EXWS0101 | |
| EXCITITOR-WEB-OAS-62-001 | TODO | SPRINT_0124_0001_0006_excititor_vi | WebService Guild · API Governance | src/Excititor/StellaOps.Excititor.WebService | Publish curated examples for the new evidence/attestation/timeline endpoints, emit deprecation headers for legacy routes, and align SDK docs. Depends on EXCITITOR-WEB-OAS-61-001. | EXCITITOR-WEB-OAS-61-001 | EXWS0101 | |
| EXCITITOR-WEB-OBS-52-001 | TODO | SPRINT_0124_0001_0006_excititor_vi | Excititor WebService Guild | src/Excititor/StellaOps.Excititor.WebService | Provide SSE/WebSocket bridges for VEX timeline events with tenant filters, pagination anchors, and guardrails so downstream consoles can monitor raw evidence changes in real time. Depends on EXCITITOR-OBS-52-001. | Wait for 046_TLTY0101 span schema | EXOB0102 | |
| EXCITITOR-WEB-OBS-53-001 | TODO | SPRINT_0124_0001_0006_excititor_vi | Excititor WebService Guild · Evidence Locker Guild | src/Excititor/StellaOps.Excititor.WebService | Expose /evidence/vex/* endpoints that fetch locker bundles, enforce scopes, and surface verification metadata without synthesizing verdicts. Depends on EXCITITOR-WEB-OBS-52-001. |
Requires Evidence Locker DSSE API (002_ATEL0101) | EXOB0102 | |
| EXCITITOR-WEB-OBS-54-001 | TODO | SPRINT_0124_0001_0006_excititor_vi | Excititor WebService Guild | src/Excititor/StellaOps.Excititor.WebService | Add /attestations/vex/* endpoints returning DSSE verification state, builder identity, and chain-of-custody links so consumers never need direct datastore access. Depends on EXCITITOR-WEB-OBS-53-001. |
Dependent on provenance schema (005_ATLN0101) | EXOB0102 | |
| EXCITOR-DOCS-0001 | DONE | 2025-11-07 | SPRINT_333_docs_modules_excititor | Docs Guild (docs/modules/excitor) | docs/modules/excitor | Validate that docs/modules/excitor/README.md matches the latest release notes and consensus beta notes. |
DOXR0101 | |
| EXCITOR-ENG-0001 | DONE | 2025-11-07 | SPRINT_333_docs_modules_excititor | Module Team (docs/modules/excitor) | docs/modules/excitor | Ensure the implementation plan sprint alignment table stays current with SPRINT_200 updates. |
DOXR0101 | |
| EXCITOR-OPS-0001 | DONE | 2025-11-07 | SPRINT_333_docs_modules_excititor | Ops Guild (docs/modules/excitor) | docs/modules/excitor | Review runbooks/observability assets, adding the checklist captured in docs/modules/excitor/mirrors.md. |
DOXR0101 | |
| EXPLORER-DOCS-0001 | TODO | SPRINT_334_docs_modules_vuln_explorer | Docs Guild | docs/modules/vuln-explorer | DOVL0101 outputs | DOVL0101 outputs | DOXR0101 | |
| EXPLORER-ENG-0001 | TODO | SPRINT_334_docs_modules_vuln_explorer | Explorer Module Team | docs/modules/vuln-explorer | DOVL0102 | DOVL0102 | DOXR0101 | |
| EXPLORER-OPS-0001 | TODO | SPRINT_334_docs_modules_vuln_explorer | Ops Guild | docs/modules/vuln-explorer | Explorer Ops runbooks | Explorer Ops runbooks | DOXR0101 | |
| EXPORT-35-001 | TODO | SPRINT_0121_0001_0001_policy_reasoning | Findings Ledger Guild (src/Findings/StellaOps.Findings.Ledger) |
src/Findings/StellaOps.Findings.Ledger | PLLG010x ADRs | PLLG010x ADRs | EVFL0101 | |
| EXPORT-36-001 | TODO | SPRINT_0202_0001_0002_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) |
src/Cli/StellaOps.Cli | Export API spec | Export API spec | EVCL0101 | |
| EXPORT-37-001 | TODO | SPRINT_0202_0001_0002_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) |
src/Cli/StellaOps.Cli | EXPORT-36-001 | EXPORT-36-001 | EVCL0101 | |
| EXPORT-37-004 | TODO | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild | DOCN0101 | DOCN0101 | EVDO0101 | ||
| EXPORT-37-005 | TODO | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs + Export Guilds | EXPORT-37-004 | EXPORT-37-004 | EVDO0101 | ||
| EXPORT-37-101 | TODO | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild | EVCL0101 | EVCL0101 | EVDO0101 | ||
| EXPORT-37-102 | TODO | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild | EXPORT-37-101 | EXPORT-37-101 | EVDO0101 | ||
| EXPORT-AIRGAP-56-001 | TODO | SPRINT_160_export_evidence | Exporter Service Guild · Mirror Guild | Exporter + Mirror Creator + DevOps Guilds | Wait for Deployment bundle shape (068_AGDP0101) | AGEX0101 | ||
| EXPORT-AIRGAP-56-002 | TODO | SPRINT_160_export_evidence | Exporter Service Guild · DevOps Guild | Depends on #1 artifacts | Depends on #1 artifacts | AGEX0101 | ||
| EXPORT-AIRGAP-57-001 | TODO | SPRINT_160_export_evidence | ExportCenter Guild (src/ExportCenter/StellaOps.ExportCenter) |
src/ExportCenter/StellaOps.ExportCenter | Exporter Service + Evidence Locker Guild | EXAG0101 outputs | EVAH0101 | |
| EXPORT-AIRGAP-58-001 | TODO | SPRINT_162_exportcenter_i | ExportCenter Guild · Notifications Guild | src/ExportCenter/StellaOps.ExportCenter | Emit notifications and timeline events when Mirror Bundles or Bootstrap packs are ready for transfer. Dependencies: EXPORT-AIRGAP-57-001. | EXPORT-AIRGAP-57-001 | EVAH0101 | |
| EXPORT-ATTEST-74-001 | TODO | SPRINT_160_export_evidence | ExportCenter + Attestation Guilds | Attestation Bundle + Exporter Guilds | ATEL0101 | EVAH0101 | ||
| EXPORT-ATTEST-74-002 | TODO | SPRINT_160_export_evidence | ExportCenter + Attestation Guilds | EXPORT-ATTEST-74-001 | EXPORT-ATTEST-74-001 | EVAH0101 | ||
| EXPORT-ATTEST-75-001 | TODO | SPRINT_160_export_evidence | ExportCenter + CLI Guilds | Attestation Bundle + CLI + Exporter Guilds | EXPORT-ATTEST-74-001 | EVAH0101 | ||
| EXPORT-ATTEST-75-002 | TODO | SPRINT_160_export_evidence | ExportCenter + CLI Guilds | EXPORT-ATTEST-75-001 | EXPORT-ATTEST-75-001 | EVAH0101 | ||
| EXPORT-CONSOLE-23-001 | TODO | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild, Scheduler Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Build evidence bundle/export generator producing signed manifests, CSV/JSON replay endpoints, and trace attachments; integrate with scheduler jobs and expose progress telemetry | EVOA0101 | ||
| EXPORT-CRYPTO-90-001 | TODO | SPRINT_160_export_evidence | ExportCenter + Security Guilds (src/ExportCenter/StellaOps.ExportCenter) |
src/ExportCenter/StellaOps.ExportCenter | Exporter Service + Security Guilds | Security review | EVOA0101 | |
| EXPORT-OAS-61 | TODO | SPRINT_160_export_evidence | ExportCenter + API Governance | Exporter Service + API Governance + SDK Guilds | OAS spec finalization | EVOA0101 | ||
| EXPORT-OAS-61-001 | TODO | SPRINT_162_exportcenter_i | ExportCenter + API Contracts Guild | src/ExportCenter/StellaOps.ExportCenter | Update Exporter OAS covering profiles, runs, downloads, devportal exports with standard error envelope and examples. | EXPORT-OAS-61 | EVOA0101 | |
| EXPORT-OAS-61-002 | TODO | SPRINT_162_exportcenter_i | ExportCenter + API Guild | src/ExportCenter/StellaOps.ExportCenter | Provide /.well-known/openapi discovery endpoint with version metadata and ETag. Dependencies: EXPORT-OAS-61-001. |
EXPORT-OAS-61 | EVOA0101 | |
| EXPORT-OAS-62 | TODO | SPRINT_160_export_evidence | ExportCenter + API Governance | EXPORT-OAS-61 | EXPORT-OAS-61 | EVOA0101 | ||
| EXPORT-OAS-62-001 | TODO | SPRINT_162_exportcenter_i | ExportCenter + API Guilds (src/ExportCenter/StellaOps.ExportCenter) |
src/ExportCenter/StellaOps.ExportCenter | Ensure SDKs include export profile/run clients with streaming download helpers; add smoke tests. Dependencies: EXPORT-OAS-61-002. | EVOA0101 outputs | EVOA0102 | |
| EXPORT-OAS-63 | TODO | SPRINT_160_export_evidence | Exporter Service Guild · API Governance Guild | Needs API governance sign-off (049_APIG0101) | Needs API governance sign-off (049_APIG0101) | AGEX0101 | ||
| EXPORT-OAS-63-001 | TODO | SPRINT_163_exportcenter_ii | Exporter Service Guild · SDK Guild | src/ExportCenter/StellaOps.ExportCenter | Implement deprecation headers and notifications for legacy export endpoints. Dependencies: EXPORT-OAS-62-001. | Requires #3 schema | AGEX0101 | |
| EXPORT-OBS-50-001 | TODO | SPRINT_163_exportcenter_ii | Exporter Service Guild · Observability Guild | src/ExportCenter/StellaOps.ExportCenter | Adopt telemetry core in exporter service + workers, ensuring spans/logs capture profile id, tenant, artifact counts, distribution type, and trace IDs. | Wait for telemetry schema drop from 046_TLTY0101 | ECOB0101 | |
| EXPORT-OBS-51-001 | TODO | SPRINT_0503_0001_0001_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | Downstream automation awaiting assembler staffing outcome. | PROGRAM-STAFF-1001 | ECOB0101 | ||
| EXPORT-OBS-52-001 | TODO | SPRINT_163_exportcenter_ii | Exporter Service Guild | src/ExportCenter/StellaOps.ExportCenter | Publish timeline events for export lifecycle (export.requested, export.built, export.distributed, export.failed) embedding manifest hashes and evidence refs. Provide dedupe + retry logic. Dependencies: EXPORT-OBS-51-001. |
Requires shared middleware from task #1 | ECOB0101 | |
| EXPORT-OBS-53-001 | TODO | SPRINT_163_exportcenter_ii | Exporter Service Guild · Evidence Locker Guild | src/ExportCenter/StellaOps.ExportCenter | Push export manifests + distribution transcripts to evidence locker bundles, ensuring Merkle root alignment and DSSE pre-sign data available. Dependencies: EXPORT-OBS-52-001. | Blocked on Evidence Locker DSSE API (002_ATEL0101) | ECOB0101 | |
| EXPORT-OBS-54-001 | TODO | SPRINT_163_exportcenter_ii | Exporter Service Guild · Provenance Guild | src/ExportCenter/StellaOps.ExportCenter | Produce DSSE attestations for each export artifact and distribution target, expose verification API /exports/{id}/attestation, and integrate with CLI verify path. Dependencies: EXPORT-OBS-53-001. |
PROGRAM-STAFF-1001; EXPORT-MIRROR-ORCH-1501 | ECOB0101 | |
| EXPORT-OBS-54-002 | TODO | SPRINT_163_exportcenter_ii | Exporter Service Guild · Provenance Guild | src/ExportCenter/StellaOps.ExportCenter | Add promotion attestation assembly to export runs (compute SBOM/VEX digests, embed Rekor proofs, bundle DSSE envelopes) and ensure Offline Kit packaging includes the resulting JSON + DSSE envelopes. Dependencies: EXPORT-OBS-54-001, PROV-OBS-53-003. | Needs #5 for consistent dimensions | ECOB0101 | |
| EXPORT-OBS-55-001 | TODO | SPRINT_163_exportcenter_ii | Exporter Service Guild · DevOps Guild | src/ExportCenter/StellaOps.ExportCenter | Add incident mode enhancements (extra tracing for slow exports, additional debug logs, retention bump). Emit incident activation events to timeline + notifier. Dependencies: EXPORT-OBS-54-001. | Requires DevOps alert templates (045_DVDO0103) | ECOB0101 | |
| EXPORT-RISK-69-001 | TODO | SPRINT_163_exportcenter_ii | Exporter Service Guild · Risk Bundle Guild | src/ExportCenter/StellaOps.ExportCenter | Add Export Center job handler risk-bundle with provider selection, manifest signing, and audit logging. |
Wait for Risk engine inputs (042_RPRC0101) | AGEX0101 | |
| EXPORT-RISK-69-002 | TODO | SPRINT_163_exportcenter_ii | ExportCenter + Risk Guilds | src/ExportCenter/StellaOps.ExportCenter | Enable simulation report exports pulling scored data + explainability snapshots. Dependencies: EXPORT-RISK-69-001. | EXRS0101 outputs | EVRK0101 | |
| EXPORT-RISK-70-001 | TODO | SPRINT_163_exportcenter_ii | ExportCenter + DevOps Guild | src/ExportCenter/StellaOps.ExportCenter | Integrate risk bundle builds into offline kit packaging with checksum verification. Dependencies: EXPORT-RISK-69-002. | EXPORT-RISK-69-002 | EVRK0101 | |
| EXPORT-SVC-35-001 | BLOCKED (2025-10-29) | 2025-10-29 | SPRINT_163_exportcenter_ii | ExportCenter Guild (src/ExportCenter/StellaOps.ExportCenter) |
src/ExportCenter/StellaOps.ExportCenter | Bootstrap exporter service project, configuration, and Postgres migrations for export_profiles, export_runs, export_inputs, export_distributions with tenant scoping + tests. |
Await EVFL0101 evidence feed | ESVC0101 |
| EXPORT-SVC-35-002 | TODO | SPRINT_163_exportcenter_ii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Implement planner + scope resolver translating filters into ledger iterators and orchestrator job payloads; include deterministic sampling and validation. Dependencies: EXPORT-SVC-35-001. | EXPORT-SVC-35-001 | ESVC0101 | |
| EXPORT-SVC-35-003 | TODO | SPRINT_163_exportcenter_ii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Deliver JSON adapters (json:raw, json:policy) with canonical normalization, redaction allowlists, compression, and manifest counts. Dependencies: EXPORT-SVC-35-002. |
EXPORT-SVC-35-001 | ESVC0101 | |
| EXPORT-SVC-35-004 | TODO | SPRINT_163_exportcenter_ii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Build mirror (full) adapter producing filesystem layout, indexes, manifests, and README with download-only distribution. Dependencies: EXPORT-SVC-35-003. | EXPORT-SVC-35-002 | ESVC0101 | |
| EXPORT-SVC-35-005 | TODO | SPRINT_163_exportcenter_ii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Implement manifest/provenance writer and KMS signing/attestation (detached + embedded) for bundle outputs. Dependencies: EXPORT-SVC-35-004. | EXPORT-SVC-35-003 | ESVC0101 | |
| EXPORT-SVC-35-006 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Expose Export API (profiles, runs, download, SSE updates) with audit logging, concurrency controls, and viewer/operator RBAC integration. Dependencies: EXPORT-SVC-35-005. | EXPORT-SVC-35-004 | ESVC0101 | |
| EXPORT-SVC-36-001 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Implement Trivy DB adapter (core) with schema mappings, version flag gating, and validation harness. Dependencies: EXPORT-SVC-35-006. | ESVC0101 outputs | ESVC0102 | |
| EXPORT-SVC-36-002 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Add Trivy Java DB variant with shared manifest entries and adapter regression tests. Dependencies: EXPORT-SVC-36-001. | EXPORT-SVC-36-001 | ESVC0102 | |
| EXPORT-SVC-36-003 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Build OCI distribution engine (manifests, descriptors, annotations) with registry auth support and retries. Dependencies: EXPORT-SVC-36-002. | EXPORT-SVC-36-001 | ESVC0102 | |
| EXPORT-SVC-36-004 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Extend planner/run lifecycle for distribution targets (OCI/object storage) with idempotent metadata updates and retention timestamps. Dependencies: EXPORT-SVC-36-003. | EXPORT-SVC-36-002 | ESVC0102 | |
| EXPORT-SVC-37-001 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Implement mirror delta adapter with base manifest comparison, change set generation, and content-addressed reuse. Dependencies: EXPORT-SVC-36-004. | EXPORT-SVC-35-006 | ESVC0102 | |
| EXPORT-SVC-37-002 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Add bundle encryption (age/AES-GCM), key wrapping via KMS, and verification tooling for encrypted outputs. Dependencies: EXPORT-SVC-37-001. | EXPORT-SVC-37-001 | ESVC0102 | |
| EXPORT-SVC-37-003 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Implement export scheduling (cron/event), retention pruning, retry idempotency, and failure classification. Dependencies: EXPORT-SVC-37-002. | EXPORT-SVC-37-002 | ESVC0103 | |
| EXPORT-SVC-37-004 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Provide verification API to stream manifests/hashes, compute hash+signature checks, and return attest status for CLI/UI. Dependencies: EXPORT-SVC-37-003. | EXPORT-SVC-37-003 | ESVC0103 | |
| EXPORT-SVC-43-001 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Integrate pack run manifests/artifacts into export bundles and CLI verification flows; expose provenance links. Dependencies: EXPORT-SVC-37-004. | EXPORT-SVC-37-004 | ESVC0103 | |
| EXPORT-TEN-48-001 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | ExportCenter + Tenancy Guild | src/ExportCenter/StellaOps.ExportCenter | Prefix artifacts/manifests with tenant/project, enforce scope checks, and prevent cross-tenant exports unless explicitly whitelisted; update provenance. | EXPORT-SVC-37-004 | ESVC0103 | |
| FEEDCONN-CCCS-02-009 | TODO | SPRINT_117_concelier_vi | Concelier Connector Guild – CCCS (src/Concelier/__Libraries/StellaOps.Concelier.Connector.Cccs) | src/Concelier/__Libraries/StellaOps.Concelier.Connector.Cccs | Emit CCCS version ranges into advisory_observations.affected.versions[] with provenance anchors (cccs:{serial}:{index}) and normalized comparison keys per the Link-Not-Merge schema/doc recipes. Depends on CONCELIER-LNM-21-001. |
— | FEFC0101 | |
| FEEDCONN-CERTBUND-02-010 | TODO | SPRINT_117_concelier_vi | Concelier Connector Guild – CertBund (src/Concelier/__Libraries/StellaOps.Concelier.Connector.CertBund) | src/Concelier/__Libraries/StellaOps.Concelier.Connector.CertBund | Translate CERT-Bund product.Versions phrases into normalized ranges + provenance identifiers (certbund:{advisoryId}:{vendor}) while retaining localisation notes; update mapper/tests for Link-Not-Merge. Depends on CONCELIER-LNM-21-001. |
— | FEFC0101 | |
| FEEDCONN-CISCO-02-009 | DOING | 2025-11-08 | SPRINT_117_concelier_vi | Concelier Connector Guild – Cisco (src/Concelier/__Libraries/StellaOps.Concelier.Connector.Vndr.Cisco) | src/Concelier/__Libraries/StellaOps.Concelier.Connector.Vndr.Cisco | Emit Cisco SemVer ranges into the new observation schema with provenance IDs (cisco:{productId}) and deterministic comparison keys; refresh fixtures to remove merge counters. Depends on CONCELIER-LNM-21-001. |
— | FEFC0101 |
| FEEDCONN-ICSCISA-02-012 | BLOCKED | SPRINT_0503_0001_0001_ops_devops_i | Concelier Feed Owners | Overdue provenance refreshes require schedule from feed owners. | FEED-REMEDIATION-1001 | FEFC0101 | ||
| FEEDCONN-KISA-02-008 | BLOCKED | SPRINT_0503_0001_0001_ops_devops_i | Concelier Feed Owners | FEED-REMEDIATION-1001 | FEED-REMEDIATION-1001 | FEFC0101 | ||
| FORENSICS-53-001 | TODO | SPRINT_0202_0001_0002_cli_ii | Forensics Guild | src/Cli/StellaOps.Cli | Replay data set | Replay data set | FONS0101 | |
| FORENSICS-53-002 | TODO | SPRINT_0304_0001_0004_docs_tasks_md_iv | Forensics Guild | FORENSICS-53-001 | FORENSICS-53-001 | FONS0101 | ||
| FORENSICS-53-003 | TODO | SPRINT_0304_0001_0004_docs_tasks_md_iv | Forensics Guild | FORENSICS-53-001 | FORENSICS-53-001 | FONS0101 | ||
| FORENSICS-54-001 | TODO | SPRINT_0202_0001_0002_cli_ii | Forensics Guild | src/Cli/StellaOps.Cli | FORENSICS-53 outputs | FORENSICS-53 outputs | FONS0101 | |
| FORENSICS-54-002 | TODO | SPRINT_0202_0001_0002_cli_ii | Forensics Guild | src/Cli/StellaOps.Cli | FORENSICS-54-001 | FORENSICS-54-001 | FONS0101 | |
| FS-03 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | SURFACE-FS-02 | SURFACE-FS-02 | SFFS0101 | |
| FS-04 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | FS-03 | SURFACE-FS-02 | SFFS0101 | |
| FS-05 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild · Scheduler Guild | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | SURFACE-FS-03 | SURFACE-FS-03 | SFFS0101 | |
| FS-06 | TODO | SPRINT_0136_0001_0001_scanner_surface | Docs Guild | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | SURFACE-FS-02 | SURFACE-FS-02 | SFFS0101 | |
| FS-07 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | SCANNER-SURFACE-04 | SCANNER-SURFACE-04 | SFFS0101 | |
| GAP-DOC-008 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild | docs/reachability/function-level-evidence.md, docs/09_API_CLI_REFERENCE.md, docs/api/policy.md |
Publish the cross-module function-level evidence guide, update API/CLI references with the new code_id fields, and add OpenVEX/replay samples under samples/reachability/**. |
DOAG0101 outputs | GAPG0101 | |
| GAP-POL-005 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild · Docs Guild | src/Policy/StellaOps.Policy.Engine, docs/modules/policy/architecture.md, docs/reachability/function-level-evidence.md |
Ingest reachability facts into Policy Engine, expose reachability.state/confidence in SPL/API, enforce auto-suppress (<0.30) rules, and generate OpenVEX evidence blocks referencing graph hashes + runtime facts with policy thresholds. |
GAP-DOC-008 | GAPG0101 | |
| GAP-REP-004 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild | src/__Libraries/StellaOps.Replay.Core, docs/replay/DETERMINISTIC_REPLAY.md |
Enforce BLAKE3 hashing + CAS registration for graphs/traces before manifest writes, upgrade replay manifest v2 with analyzer versions/policy thresholds, and add deterministic tests. | GAP-DOC-008 | GAPG0101 | |
| GAP-SCAN-001 | DONE (2025-12-03) | SPRINT_400_runtime_facts_static_callgraph_union | Scanner Guild · GAP Guild | src/Scanner/StellaOps.Scanner.Worker, docs/modules/scanner/architecture.md, docs/reachability/function-level-evidence.md |
Implement binary/language symbolizers that emit richgraph-v1 payloads with canonical SymbolID = {file:hash, section, addr, name, linkage} plus code_id anchors, persist graphs to CAS via StellaOps.Scanner.Reachability, and refresh analyzer docs/fixtures. |
GAP-POL-005 | GAPG0101 | |
| GAP-SIG-003 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Security Guild · GAP Guild | src/Signals/StellaOps.Signals, docs/reachability/function-level-evidence.md |
Finish /signals/runtime-facts ingestion, add CAS-backed runtime storage, extend scoring to lattice states (Unknown/NotPresent/Unreachable/Conditional/Reachable/Observed), and emit signals.fact.updated events. Document retention/RBAC. |
GAP-POL-005 | GAPG0101 | |
| GAP-SYM-007 | BLOCKED (2025-11-27) | Waiting on GRAPH-CAS-401-001 schema/hash | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild | src/Scanner/StellaOps.Scanner.Models, docs/modules/scanner/architecture.md, docs/reachability/function-level-evidence.md |
Extend reachability evidence schema/DTOs with demangled symbol hints, symbol.source, confidence, and optional code_block_hash; ensure Scanner SBOM/evidence writers and CLI serializers emit the new fields deterministically. |
GAP-SIG-003 | GAPG0101 |
| GAP-VEX-006 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | VEX Guild | docs/modules/excititor/architecture.md, src/Cli/StellaOps.Cli, src/UI/StellaOps.UI, docs/09_API_CLI_REFERENCE.md |
Wire Policy/Excititor/UI/CLI surfaces so VEX emission and explain drawers show call paths, graph hashes, and runtime hits; add CLI --evidence=graph/--threshold plus Notify template updates. |
GAP-POL-005 | GAPG0101 | |
| GAP-ZAS-002 | TODO | SPRINT_400_runtime_facts_static_callgraph_union | Zastava Guild | src/Zastava/StellaOps.Zastava.Observer, docs/modules/zastava/architecture.md, docs/reachability/function-level-evidence.md |
Stream runtime NDJSON batches carrying {symbol_id, code_id, hit_count, loader_base} plus CAS URIs, capture build-ids/entrypoints, and draft the operator runbook (docs/runbooks/reachability-runtime.md). Integrate with /signals/runtime-facts once Sprint 401 lands ingestion. |
GAP-SCAN-001 | GAPG0101 | |
| GO-32-001 | DONE | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go) |
src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | DOOR0102 APIs | DOOR0102 APIs | GOSD0101 | |
| GO-32-002 | DONE | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | GO-32-001 | GO-32-001 | GOSD0101 | |
| GO-33-001 | DONE | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | GO-32-002 | GO-32-002 | GOSD0101 | |
| GO-33-002 | DONE | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | GO-33-001 | GO-33-001 | GOSD0101 | |
| GO-34-001 | DONE | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | GO-33-002 | GO-33-002 | GOSD0101 | |
| GRAPH-21-001 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner WebService Guild | src/Scanner/StellaOps.Scanner.WebService | Link-Not-Merge schema | Link-Not-Merge schema | GRSC0101 | |
| GRAPH-21-002 | BLOCKED (2025-10-27) | 2025-10-27 | SPRINT_113_concelier_ii | Concelier Core Guild · Scanner Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | GRAPH-21-001 | GRAPH-21-001 | GRSC0101 |
| GRAPH-21-003 | TODO | 2025-10-27 | SPRINT_0213_0001_0002_web_ii | Scanner WebService Guild | src/Web/StellaOps.Web | GRAPH-21-001 | GRAPH-21-001 | GRSC0101 |
| GRAPH-21-004 | TODO | 2025-10-27 | SPRINT_0213_0001_0002_web_ii | Scanner WebService Guild | src/Web/StellaOps.Web | GRAPH-21-002 | GRAPH-21-002 | GRSC0101 |
| GRAPH-21-005 | BLOCKED (2025-10-27) | 2025-10-27 | SPRINT_0120_0001_0002_excititor_ii | Excititor Storage Guild | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo | GRAPH-21-002 | GRAPH-21-002 | GRSC0101 |
| GRAPH-24-005 | TODO | SPRINT_0304_0001_0004_docs_tasks_md_iv | UI Guild | GRAPH-24-003 | GRAPH-24-003 | GRUI0101 | ||
| GRAPH-24-007 | TODO | SPRINT_0304_0001_0004_docs_tasks_md_iv | UI Guild | GRAPH-24-005 | GRAPH-24-005 | GRUI0101 | ||
| GRAPH-24-101 | TODO | SPRINT_113_concelier_ii | UI Guild | src/Concelier/StellaOps.Concelier.WebService | GRAPH-24-001 | GRAPH-24-001 | GRUI0101 | |
| GRAPH-24-102 | TODO | SPRINT_0120_0001_0002_excititor_ii | UI Guild | src/Excititor/StellaOps.Excititor.WebService | GRAPH-24-101 | GRAPH-24-101 | GRUI0101 | |
| GRAPH-28-102 | TODO | SPRINT_113_concelier_ii | Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | GRAPI0101 | |||
| GRAPH-API-28-001 | DONE (2025-11-24) | 2025-11-24 | SPRINT_0207_0001_0001_graph | Graph API Guild (src/Graph/StellaOps.Graph.Api) | src/Graph/StellaOps.Graph.Api | Define OpenAPI + JSON schema for graph search/query/paths/diff/export endpoints, including cost metadata and streaming tile schema. | — | ORGR0101 |
| GRAPH-API-28-002 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0207_0001_0001_graph | Graph API Guild (src/Graph/StellaOps.Graph.Api) | src/Graph/StellaOps.Graph.Api | Implement /graph/search with multi-type index lookup, prefix/exact match, RBAC enforcement, and result ranking + caching. Dependencies: GRAPH-API-28-001. |
— | ORGR0101 |
| GRAPH-API-28-003 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0207_0001_0001_graph | Graph API Guild (src/Graph/StellaOps.Graph.Api) | src/Graph/StellaOps.Graph.Api | Build query planner + cost estimator for /graph/query, stream tiles (nodes/edges/stats) progressively, enforce budgets, provide cursor tokens. Dependencies: GRAPH-API-28-002. |
— | ORGR0101 |
| GRAPH-API-28-004 | TODO | SPRINT_0207_0001_0001_graph | Graph API Guild (src/Graph/StellaOps.Graph.Api) | src/Graph/StellaOps.Graph.Api | Implement /graph/paths with depth ≤6, constraint filters, heuristic shortest path search, and optional policy overlay rendering. Dependencies: GRAPH-API-28-003. |
— | ORGR0101 | |
| GRAPH-API-28-005 | TODO | SPRINT_0207_0001_0001_graph | Graph API Guild (src/Graph/StellaOps.Graph.Api) | src/Graph/StellaOps.Graph.Api | Implement /graph/diff streaming added/removed/changed nodes/edges between SBOM snapshots; include overlay deltas and policy/VEX/advisory metadata. Dependencies: GRAPH-API-28-004. |
— | ORGR0101 | |
| GRAPH-API-28-006 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0207_0001_0001_graph | Graph API Guild (src/Graph/StellaOps.Graph.Api) | src/Graph/StellaOps.Graph.Api | Consume Policy Engine overlay contract (POLICY-ENGINE-30-001..003) and surface advisory/VEX/policy overlays with caching, partial materialization, and explain trace sampling for focused nodes. Dependencies: GRAPH-API-28-005. |
— | ORGR0101 |
| GRAPH-API-28-007 | TODO | SPRINT_0207_0001_0001_graph | Graph API Guild (src/Graph/StellaOps.Graph.Api) |
src/Graph/StellaOps.Graph.Api | Implement exports (graphml, csv, ndjson, png, svg) with async job management, checksum manifests, and streaming downloads. Dependencies: GRAPH-API-28-006. |
ORGR0101 outputs | GRAPI0101 | |
| GRAPH-API-28-008 | TODO | SPRINT_0207_0001_0001_graph | Graph API + Authority Guilds | src/Graph/StellaOps.Graph.Api | Integrate RBAC scopes (graph:read, graph:query, graph:export), tenant headers, audit logging, and rate limiting. Dependencies: GRAPH-API-28-007. |
GRAPH-API-28-007 | GRAPI0101 | |
| GRAPH-API-28-009 | TODO | SPRINT_0207_0001_0001_graph | Graph API + Observability Guilds | src/Graph/StellaOps.Graph.Api | Instrument metrics (graph_tile_latency_seconds, graph_query_budget_denied_total, graph_overlay_cache_hit_ratio), structured logs, and traces per query stage; publish dashboards. Dependencies: GRAPH-API-28-008. |
GRAPH-API-28-007 | GRAPI0101 | |
| GRAPH-API-28-010 | TODO | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Build unit/integration/load tests with synthetic datasets (500k nodes/2M edges), fuzz query validation, verify determinism across runs. Dependencies: GRAPH-API-28-009. | GRAPH-API-28-008 | GRAPI0101 | |
| GRAPH-API-28-011 | TODO | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Provide deployment manifests, offline kit support, API gateway integration docs, and smoke tests. Dependencies: GRAPH-API-28-010. | GRAPH-API-28-009 | GRAPI0101 | |
| GRAPH-CAS-401-001 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Scanner Worker Guild | src/Scanner/StellaOps.Scanner.Worker |
Finalize richgraph schema (richgraph-v1), emit canonical SymbolIDs, compute graph hash (BLAKE3), and store CAS manifests under cas://reachability/graphs/{sha256}. Update Scanner Worker adapters + fixtures. |
Depends on #1 | CASC0101 | |
| GRAPH-DOCS-0001 | DONE (2025-11-05) | 2025-11-05 | SPRINT_321_docs_modules_graph | Docs Guild | docs/modules/graph | Validate that graph module README/diagrams reflect the latest overlay + snapshot updates. | GRAPI0101 evidence | GRDG0101 |
| GRAPH-DOCS-0002 | DONE (2025-11-26) | 2025-11-26 | SPRINT_321_docs_modules_graph | Docs Guild | docs/modules/graph | Pending DOCS-GRAPH-24-003 to add API/query doc cross-links | GRAPI0101 outputs | GRDG0101 |
| GRAPH-ENG-0001 | TODO | SPRINT_321_docs_modules_graph | Module Team | docs/modules/graph | Keep module milestones in sync with /docs/implplan/SPRINT_141_graph.md and related files. |
GRSC0101 | GRDG0101 | |
| GRAPH-INDEX-28-007 | DOING | SPRINT_0140_0001_0001_runtime_signals | — | Running on scanner surface mock bundle v1; will validate again once real caches drop. | — | ORGR0101 | ||
| GRAPH-INDEX-28-008 | TODO | SPRINT_0140_0001_0001_runtime_signals | — | Incremental update/backfill pipeline depends on 28-007 artifacts; retry/backoff plumbing sketched but blocked. | — | ORGR0101 | ||
| GRAPH-INDEX-28-009 | TODO | SPRINT_0140_0001_0001_runtime_signals | — | Test/fixture/chaos coverage waits on earlier jobs to exist so determinism checks have data. | — | ORGR0101 | ||
| GRAPH-INDEX-28-010 | TODO | SPRINT_0140_0001_0001_runtime_signals | — | Packaging/offline bundles paused until upstream graph jobs are available to embed. | — | ORGR0101 | ||
| GRAPH-INDEX-28-011 | TODO | 2025-11-04 | SPRINT_0207_0001_0001_graph | Graph Index Guild | src/Graph/StellaOps.Graph.Indexer | Wire SBOM ingest runtime to emit graph snapshot artifacts, add DI factory helpers, and document Mongo/snapshot environment guidance. Dependencies: GRAPH-INDEX-28-002..006. | GRSC0101 outputs | GRIX0101 |
| GRAPH-OPS-0001 | DONE (2025-11-26) | 2025-11-26 | SPRINT_321_docs_modules_graph | Ops Guild | docs/modules/graph | Review graph observability dashboards/runbooks after the next sprint demo. | GRUI0101 | GRDG0101 |
| HELM-45-001 | TODO | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild (ops/deployment) | ops/deployment | GRIX0101 | |||
| HELM-45-002 | TODO | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment Guild, Security Guild (ops/deployment) | ops/deployment | Add TLS/Ingress, NetworkPolicy, PodSecurityContexts, Secrets integration (external secrets), and document security posture. Dependencies: HELM-45-001. | GRIX0101 | ||
| HELM-45-003 | TODO | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment Guild, Observability Guild (ops/deployment) | ops/deployment | Implement HPA, PDB, readiness gates, Prometheus scraping annotations, OTel configuration hooks, and upgrade hooks. Dependencies: HELM-45-002. | GRIX0101 | ||
| ICSCISA-02-012 | BLOCKED | SPRINT_0503_0001_0001_ops_devops_i | Concelier Feed Owners (src/Concelier/__Libraries/StellaOps.Concelier.Core) |
src/Concelier/__Libraries/StellaOps.Concelier.Core | FEED-REMEDIATION-1001 | FEED-REMEDIATION-1001 | CCFD0101 | |
| IMP-56-001 | TODO | SPRINT_510_airgap | AirGap Importer Guild | src/AirGap/StellaOps.AirGap.Importer | Harden base importer pipeline. | EXAG0101 | GRIX0101 | |
| IMP-56-002 | TODO | SPRINT_510_airgap | AirGap Importer + Security Guilds | src/AirGap/StellaOps.AirGap.Importer | IMP-56-001 | IMP-56-001 | IMIM0101 | |
| IMP-57-001 | TODO | SPRINT_510_airgap | AirGap Importer Guild | src/AirGap/StellaOps.AirGap.Importer | IMP-56-002 | IMP-56-002 | IMIM0101 | |
| IMP-57-002 | TODO | SPRINT_510_airgap | AirGap Importer + DevOps Guilds | src/AirGap/StellaOps.AirGap.Importer | IMP-57-001 | IMP-57-001 | IMIM0101 | |
| IMP-58-001 | TODO | SPRINT_510_airgap | AirGap Importer + CLI Guilds | src/AirGap/StellaOps.AirGap.Importer | IMP-57-002 | IMP-57-002 | IMIM0101 | |
| IMP-58-002 | TODO | SPRINT_510_airgap | AirGap Importer + Observability Guilds | src/AirGap/StellaOps.AirGap.Importer | IMP-58-001 | IMP-58-001 | IMIM0101 | |
| IMPACT-16-001 | TODO | SPRINT_512_bench | Bench Guild (src/Bench/StellaOps.Bench) |
src/Bench/StellaOps.Bench | Harden impact scoring + fixtures. | GRSC0101 outputs | IMIM0101 | |
| IMPACT-16-303 | DONE | SPRINT_0155_0001_0001_scheduler_i | Scheduler ImpactIndex Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.ImpactIndex) |
src/Scheduler/__Libraries/StellaOps.Scheduler.ImpactIndex | IMPACT-16-001 | IMPACT-16-001 | IMPT0101 | |
| INDEX-28-007 | TODO | SPRINT_0140_0001_0001_runtime_signals | Graph Index Guild | src/Graph/StellaOps.Graph.Indexer | GRAPH-INDEX-28-011 | GRAPH-INDEX-28-011 | GRIX0101 | |
| INDEX-28-008 | TODO | SPRINT_0140_0001_0001_runtime_signals | Graph Index Guild | src/Graph/StellaOps.Graph.Indexer | INDEX-28-007 | INDEX-28-007 | GRIX0101 | |
| INDEX-28-009 | TODO | SPRINT_0140_0001_0001_runtime_signals | Graph Index Guild | src/Graph/StellaOps.Graph.Indexer | INDEX-28-008 | INDEX-28-008 | GRIX0101 | |
| INDEX-28-010 | TODO | SPRINT_0140_0001_0001_runtime_signals | Graph Indexer Guild (src/Graph/StellaOps.Graph.Indexer) | src/Graph/StellaOps.Graph.Indexer | INDEX-28-009 | GRIX0101 | ||
| INDEX-28-011 | DONE | 2025-11-04 | SPRINT_0207_0001_0001_graph | Graph Indexer Guild (src/Graph/StellaOps.Graph.Indexer) | src/Graph/StellaOps.Graph.Indexer | INDEX-28-010 | GRIX0101 | |
| INDEX-401-030 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Platform + Ops Guilds | docs/provenance/inline-dsse.md, ops/mongo/indices/events_provenance_indices.js |
Needs Ops approval for new Mongo index | Needs Ops approval for new Mongo index | RBRE0101 | |
| INGEST-401-013 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Symbols Guild · DevOps Guild (src/Symbols/StellaOps.Symbols.Ingestor.Cli) |
src/Symbols/StellaOps.Symbols.Ingestor.Cli, docs/specs/SYMBOL_MANIFEST_v1.md |
Implement deterministic ingest + docs. | RBRE0101 inline DSSE | IMPT0101 | |
| INLINE-401-028 | DONE | SPRINT_0401_0001_0001_reachability_evidence_chain | Authority Guild · Feedser Guild (docs/provenance/inline-dsse.md, src/__Libraries/StellaOps.Provenance.Mongo) |
docs/provenance/inline-dsse.md, src/__Libraries/StellaOps.Provenance.Mongo |
INST0101 | |||
| INSTALL-44-001 | TODO | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Ops Guild | DOIS0101 outputs | DOIS0101 outputs | INST0101 | ||
| INSTALL-45-001 | TODO | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Ops Guild | INSTALL-44-001 | INSTALL-44-001 | INST0101 | ||
| INSTALL-46-001 | TODO | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Security Guild | INSTALL-45-001 | INSTALL-45-001 | INST0101 | ||
| INSTALL-50-001 | TODO | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Support Guild | INSTALL-44-001 | INSTALL-44-001 | INST0101 | ||
| KEV providers` | TODO | SPRINT_115_concelier_iv | Concelier Core + Risk Engine Guilds (src/Concelier/__Libraries/StellaOps.Concelier.Core) |
src/Concelier/__Libraries/StellaOps.Concelier.Core | Surface vendor-provided CVSS/KEV/fix data exactly as published (with provenance anchors) through provider APIs so risk engines can reason about upstream intent. | ICSCISA-02-012 | CCFD0101 | |
| KISA-02-008 | BLOCKED | SPRINT_0503_0001_0001_ops_devops_i | Concelier Feed Owners | FEED-REMEDIATION-1001 | LATC0101 | |||
| KMS-73-001 | DONE (2025-11-03) | 2025-11-03 | SPRINT_100_identity_signing | KMS Guild (src/__Libraries/StellaOps.Cryptography.Kms) | src/__Libraries/StellaOps.Cryptography.Kms | AWS/GCP KMS drivers landed with digest-first signing, metadata caching, config samples, and docs/tests green. | AWS/GCP KMS drivers landed with digest-first signing, metadata caching, config samples, and docs/tests green. | KMSI0102 |
| KMS-73-002 | DONE (2025-11-03) | 2025-11-03 | SPRINT_100_identity_signing | KMS Guild (src/__Libraries/StellaOps.Cryptography.Kms) | src/__Libraries/StellaOps.Cryptography.Kms | PKCS#11 + FIDO2 drivers shipped (deterministic digesting, authenticator factories, DI extensions) with docs + xUnit fakes covering sign/verify/export flows. | FIDO2 | KMSI0102 |
| LATTICE-401-023 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Scanner Guild · Policy Guild | docs/reachability/lattice.md, docs/modules/scanner/architecture.md, src/Scanner/StellaOps.Scanner.WebService |
Update reachability/lattice docs + examples. | GRSC0101 & RBRE0101 | LEDG0101 | |
| LEDGER-29-007 | DONE | 2025-11-17 | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild (src/Findings/StellaOps.Findings.Ledger) |
src/Findings/StellaOps.Findings.Ledger | Instrument metrics | LEDGER-29-006 | PLLG0101 |
| LEDGER-29-008 | DONE | 2025-11-22 | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger + QA Guild | src/Findings/StellaOps.Findings.Ledger | Develop unit/property/integration tests, replay/restore tooling, determinism harness, and load tests at 5M findings/tenant | LEDGER-29-007 | PLLG0101 |
| LEDGER-29-009 | BLOCKED | 2025-11-17 | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger + DevOps Guild | src/Findings/StellaOps.Findings.Ledger | Provide deployment manifests | LEDGER-29-008 | PLLG0101 |
| LEDGER-34-101 | TODO | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild | src/Findings/StellaOps.Findings.Ledger | Link orchestrator run ledger exports into Findings Ledger provenance chain, index by artifact hash, and expose audit queries | LEDGER-29-009 | PLLG0101 | |
| LEDGER-AIRGAP-56 | TODO | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger + AirGap Guilds | AirGap ledger schema. | PLLG0102 | PLLG0102 | ||
| LEDGER-AIRGAP-56-001 | TODO | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild | src/Findings/StellaOps.Findings.Ledger | Record bundle provenance (bundle_id, merkle_root, time_anchor) on ledger events for advisories/VEX/policies imported via Mirror Bundles |
LEDGER-AIRGAP-56 | PLLG0102 | |
| LEDGER-AIRGAP-56-002 | TODO | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger + AirGap Time Guild | src/Findings/StellaOps.Findings.Ledger | Surface staleness metrics for findings and block risk-critical exports when stale beyond thresholds; provide remediation messaging | LEDGER-AIRGAP-56-001 | PLLG0102 | |
| LEDGER-AIRGAP-57 | TODO | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild · AirGap Guilds · Evidence Locker Guild | — | — | PLLG0102 | ||
| LEDGER-AIRGAP-57-001 | TODO | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild, Evidence Locker Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Link findings evidence snapshots to portable evidence bundles and ensure cross-enclave verification works | LEDGER-AIRGAP-56-002 | PLLG0102 | |
| LEDGER-AIRGAP-58-001 | TODO | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild, AirGap Controller Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Emit timeline events for bundle import impacts | LEDGER-AIRGAP-57-001 | PLLG0102 | |
| LEDGER-ATTEST-73-001 | TODO | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild, Attestor Service Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Persist pointers from findings to verification reports and attestation envelopes for explainability | — | PLLG0102 | |
| LEDGER-ATTEST-73-002 | BLOCKED | SPRINT_0121_0001_0002_policy_reasoning_blockers | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Enable search/filter in findings projections by verification result and attestation status | LEDGER-ATTEST-73-001 | PLLG0102 | |
| LEDGER-EXPORT-35-001 | TODO | SPRINT_0121_0001_0001_policy_reasoning | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Provide paginated streaming endpoints for advisories, VEX, SBOMs, and findings aligned with export filters, including deterministic ordering and provenance metadata | — | PLLG0101 | |
| LEDGER-OAS-61-001 | BLOCKED | SPRINT_0121_0001_0002_policy_reasoning_blockers | Findings Ledger Guild, API Contracts Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Expand Findings Ledger OAS to include projections, evidence lookups, and filter parameters with examples | — | PLLG0101 | |
| LEDGER-OAS-61-002 | BLOCKED | SPRINT_0121_0001_0002_policy_reasoning_blockers | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Implement /.well-known/openapi endpoint and ensure version metadata matches release |
LEDGER-OAS-61-001 | PLLG0101 | |
| LEDGER-OAS-62-001 | BLOCKED | SPRINT_0121_0001_0002_policy_reasoning_blockers | Findings Ledger Guild, SDK Generator Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Provide SDK test cases for findings pagination, filtering, evidence links; ensure typed models expose provenance | LEDGER-OAS-61-002 | PLLG0101 | |
| LEDGER-OAS-63-001 | BLOCKED | SPRINT_0121_0001_0002_policy_reasoning_blockers | Findings Ledger Guild, API Governance Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Support deprecation headers and Notifications for retiring finding endpoints | LEDGER-OAS-62-001 | PLLG0101 | |
| LEDGER-OBS-50-001 | TODO | SPRINT_0121_0001_0001_policy_reasoning | Findings Ledger Guild, Observability Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Integrate telemetry core within ledger writer/projector services, emitting structured logs and trace spans for ledger append, projector replay, and query APIs with tenant context | — | PLLG0102 | |
| LEDGER-OBS-51-001 | TODO | SPRINT_0121_0001_0001_policy_reasoning | Findings Ledger Guild, DevOps Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Publish metrics for ledger latency, projector lag, event throughput, and policy evaluation linkage. Define SLOs | LEDGER-OBS-50-001 | PLLG0102 | |
| LEDGER-OBS-52-001 | TODO | SPRINT_0121_0001_0001_policy_reasoning | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Emit timeline events for ledger writes and projector commits | LEDGER-OBS-51-001 | PLLG0103 | |
| LEDGER-OBS-53-001 | TODO | SPRINT_0121_0001_0001_policy_reasoning | Findings Ledger Guild, Evidence Locker Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Persist evidence bundle references | LEDGER-OBS-52-001 | PLLG0103 | |
| LEDGER-OBS-54-001 | TODO | SPRINT_0121_0001_0001_policy_reasoning | Findings Ledger Guild, Provenance Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Verify attestation references for ledger-derived exports; expose /ledger/attestations endpoint returning DSSE verification state and chain-of-custody summary |
LEDGER-OBS-53-001 | PLLG0103 | |
| LEDGER-OBS-55-001 | BLOCKED | SPRINT_0121_0001_0002_policy_reasoning_blockers | Findings Ledger Guild, DevOps Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Enhance incident mode to record additional replay diagnostics | LEDGER-OBS-54-001 | PLLG0103 | |
| LEDGER-PACKS-42-001 | BLOCKED | SPRINT_0121_0001_0002_policy_reasoning_blockers | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Provide snapshot/time-travel APIs and digestable exports for task pack simulation and CLI offline mode | — | PLLG0103 | |
| LEDGER-RISK-66-001 | TODO | SPRINT_0121_0001_0001_policy_reasoning | Findings Ledger Guild, Risk Engine Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Add schema migrations for risk_score, risk_severity, profile_version, explanation_id, and supporting indexes |
— | PLLG0103 | |
| LEDGER-RISK-66-002 | TODO | SPRINT_0121_0001_0001_policy_reasoning | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Implement deterministic upsert of scoring results keyed by finding hash/profile version with history audit | LEDGER-RISK-66-001 | PLLG0103 | |
| LEDGER-RISK-67-001 | TODO | SPRINT_122_policy_reasoning | Findings Ledger Guild, Risk Engine Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Expose query APIs for scored findings with score/severity filters, pagination, and explainability links | LEDGER-RISK-66-002 | PLLG0103 | |
| LEDGER-RISK-68-001 | TODO | SPRINT_122_policy_reasoning | Findings Ledger Guild, Export Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Enable export of scored findings and simulation results via Export Center integration | LEDGER-RISK-67-001 | PLLG0103 | |
| LEDGER-RISK-69-001 | TODO | SPRINT_122_policy_reasoning | Findings Ledger Guild, Observability Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Emit metrics/dashboards for scoring latency, result freshness, severity distribution, provider gaps | LEDGER-RISK-68-001 | PLLG0103 | |
| LEDGER-TEN-48-001 | TODO | SPRINT_122_policy_reasoning | Findings Ledger Guild · Tenancy Guild | src/Findings/StellaOps.Findings.Ledger | Partition ledger tables by tenant/project, enable RLS, update queries/events, and stamp audit metadata | LEDGER-29-009 | LEDG0101 | |
| LENS-ENG-0001 | TODO | SPRINT_332_docs_modules_vex_lens | Module Team · Docs Guild | docs/modules/vex-lens | Engineering checklist. | DOVL0101 outputs | LEDG0101 | |
| LENS-OPS-0001 | TODO | SPRINT_332_docs_modules_vex_lens | Ops Guild · Docs Guild | docs/modules/vex-lens | Ops/runbook guidance. | LENS-ENG-0001 | LEDG0101 | |
| LIB-401-001 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild | src/Policy/StellaOps.PolicyDsl, docs/policy/dsl.md |
Update DSL library + docs. | DOAL0101 references | LEDG0101 | |
| LIB-401-002 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild · CLI Guild | tests/Policy/StellaOps.PolicyDsl.Tests, policy/default.dsl, docs/policy/lifecycle.md |
Expand tests/fixtures. | LIB-401-001 | LEDG0101 | |
| LIB-401-020 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild | src/Attestor/StellaOps.Attestation, src/Attestor/StellaOps.Attestor.Envelope |
Publish CAS fixtures + determinism tests. | LIB-401-002 | LEDG0101 | |
| LIC-0001 | TODO | 2025-11-10 | SPRINT_0138_0001_0001_scanner_ruby_parity | Legal Guild · Docs Guild | docs/modules/scanner | Refresh license notes. | SCANNER-ENG-0016 | LEDG0101 |
| LNM-21-001 | TODO | SPRINT_113_concelier_ii | CLI Guild (src/Cli/StellaOps.Cli) |
src/Concelier/__Libraries/StellaOps.Concelier.Core | Implement baseline LNM CLI verb. | DOLN0101 schema | LENS0101 | |
| LNM-21-002 | TODO | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Hash verification support. | LNM-21-001 | LENS0101 | |
| LNM-21-003 | TODO | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Filtering options. | LNM-21-002 | LIBC0101 | |
| LNM-21-004 | TODO | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Multi-bundle diff. | LNM-21-003 | LIBC0101 | |
| LNM-21-005 | TODO | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Export packaging. | LNM-21-004 | LIBC0101 | |
| LNM-21-101 | TODO | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | Deterministic tests. | LNM-21-001 | LIBC0101 | |
| LNM-21-102 | TODO | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | LNM-21-101 | LNM-21-101 | LNMC0101 | |
| LNM-21-103 | TODO | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | LNM-21-102 | LNM-21-102 | LNMC0101 | |
| LNM-21-201 | TODO | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/StellaOps.Concelier.WebService | Bundle validation enhancements. | LNMC0101 outputs | LNMC0101 | |
| LNM-21-202 | TODO | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/StellaOps.Concelier.WebService | Policy linking improvements. | LNM-21-201 | LNMC0101 | |
| LNM-21-203 | TODO | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/StellaOps.Concelier.WebService | Export reporting. | LNM-21-202 | LNMC0101 | |
| LNM-22-001 | TODO | SPRINT_0202_0001_0002_cli_ii | CLI Guild | src/Cli/StellaOps.Cli | CLI/UI shared components. | DOLN0101 | LNMC0101 | |
| LNM-22-002 | TODO | SPRINT_0202_0001_0002_cli_ii | CLI Guild | src/Cli/StellaOps.Cli | Additional filters. | LNM-22-001 | LNMC0101 | |
| LNM-22-003 | TODO | SPRINT_0210_0001_0002_ui_ii | UI Guild (src/UI/StellaOps.UI) |
src/UI/StellaOps.UI | UI ingestion view. | LNM-22-001 | LNMC0101 | |
| LNM-22-004 | TODO | SPRINT_0210_0001_0002_ui_ii | UI Guild | src/UI/StellaOps.UI | UI remediation workflow. | LNM-22-003 | IMPT0101 | |
| LNM-22-005 | BLOCKED (2025-10-27) | 2025-10-27 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs + UI Guild | Docs update for UI flows. | DOCS-LNM-22-004 | IMPT0101 | |
| LNM-22-007 | TODO | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Observability Guild | docs/modules/concelier/link-not-merge.md | Publish /docs/observability/aggregation.md with metrics/traces/logs/SLOs. Dependencies: DOCS-LNM-22-005. |
DOCS-LNM-22-005 | DOLN0102 | |
| LNM-22-008 | DONE | 2025-11-03 | SPRINT_117_concelier_vi | Docs Guild · DevOps Guild | docs/modules/concelier/link-not-merge.md | Document Link-Not-Merge migration playbook updates in docs/migration/no-merge.md, including rollback guidance. |
LNM-22-007 | DOLN0102 |
| MIRROR-CRT-56-001 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator Guild | Deterministic assembler has no owner; kickoff rescheduled to 2025-11-15. | PROGRAM-STAFF-1001 | ATMI0101 | ||
| MIRROR-CRT-56-002 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator · Security Guilds | DSSE/TUF metadata follows assembler baseline. | MIRROR-CRT-56-001; MIRROR-DSSE-REV-1501; PROV-OBS-53-001 | ATMI0101 | ||
| MIRROR-CRT-57-001 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator Guild · AirGap Time Guild | OCI/time-anchor workstreams blocked pending assembler + time contract. | MIRROR-CRT-56-001; AIRGAP-TIME-CONTRACT-1501; AIRGAP-TIME-57-001 | ATMI0101 | ||
| MIRROR-CRT-57-002 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator Guild · AirGap Time Guild | MIRROR-CRT-56-001; AIRGAP-TIME-CONTRACT-1501; AIRGAP-TIME-57-001 | MIRROR-CRT-56-001; AIRGAP-TIME-CONTRACT-1501; AIRGAP-TIME-57-001 | ATMI0101 | ||
| MIRROR-CRT-58-001 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator Guild · CLI Guild · Exporter Guild | CLI + Export automation depends on assembler and DSSE/TUF track. | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | ATMI0101 | ||
| MIRROR-CRT-58-002 | TODO | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator Guild · CLI Guild · Exporter Guild | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | ATMI0101 | ||
| MTLS-11-002 | DONE | 2025-11-08 | SPRINT_100_identity_signing | Authority Core & Security Guild | src/Authority/StellaOps.Authority | Refresh grants enforce original client cert, tokens persist x5t#S256 metadata, docs updated. |
AUTH-DPOP-11-001 | AUIN0102 |
| NATIVE-401-015 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Scanner Worker Guild | src/Scanner/__Libraries/StellaOps.Scanner.Symbols.Native, src/Scanner/__Libraries/StellaOps.Scanner.CallGraph.Native |
Bootstrap Symbols.Native + CallGraph.Native scaffolding and coverage fixtures. | Needs replay requirements from DORR0101 | SCNA0101 | |
| NOTIFY-38-001 | TODO | SPRINT_0214_0001_0001_web_iii | BE-Base Platform Guild | src/Web/StellaOps.Web | Route approval/rule APIs through Web gateway with tenant scopes. | Wait for NOTY0103 approval payload schema | NOWB0101 | |
| NOTIFY-39-001 | TODO | SPRINT_0214_0001_0001_web_iii | BE-Base Platform Guild | src/Web/StellaOps.Web | Surface digest/simulation/quiet-hour controls in Web tier. | Needs correlation outputs from NOTY0105 | NOWB0101 | |
| NOTIFY-40-001 | TODO | SPRINT_0202_0001_0002_cli_ii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement escalations + ack workflows, localization previews, and channel health checks. | NOTIFY-39-001 | NOWC0101 | |
| NOTIFY-AIRGAP-56-002 | DONE | SPRINT_0170_0001_0001_notifications_telemetry | Notifications Service Guild · DevOps Guild | src/Notify/StellaOps.Notify | Ship AirGap-ready notifier bundles (Helm overlays, secrets templates, rollout guide). | MIRROR-CRT-56-001 | NOIA0101 | |
| NOTIFY-ATTEST-74-001 | DOING | SPRINT_0170_0001_0001_notifications_telemetry | Notifications Service Guild · Attestor Service Guild | src/Notify/StellaOps.Notify | Create attestor-driven notification templates + schema docs; publish in /docs/notifications/templates.md. |
ATEL0101 | NOIA0101 | |
| NOTIFY-ATTEST-74-002 | DOING | SPRINT_0170_0001_0001_notifications_telemetry | Notifications Service Guild | src/Notify/StellaOps.Notify | Wire attestor DSSE payload ingestion + Task Runner callbacks for attestation verdicts. | NOTIFY-ATTEST-74-001 | NOIA0101 | |
| NOTIFY-DOC-70-001 | DONE | SPRINT_0170_0001_0001_notifications_telemetry | Notifications Service Guild · DevOps Guild | docs/modules/notify | Keep as reference for documentation/offline-kit parity. | NOTIFY-AIRGAP-56-002 | DONO0102 | |
| NOTIFY-DOCS-0001 | DONE | 2025-11-05 | SPRINT_0322_0001_0001_docs_modules_notify | Docs Guild | docs/modules/notify | Validate module README reflects Notifications Studio pivot and latest release notes. | NOTIFY-DOC-70-001 | DONO0102 |
| NOTIFY-DOCS-0002 | TODO | 2025-11-05 | SPRINT_0322_0001_0001_docs_modules_notify | Docs Guild | docs/modules/notify | Pending NOTIFY-SVC-39-001..004 to document correlation/digests/simulation/quiet hours. | NOTIFY-SVC-39-004 | DONO0102 |
| NOTIFY-ENG-0001 | TODO | SPRINT_0322_0001_0001_docs_modules_notify | Module Team | docs/modules/notify | Keep implementation milestones aligned with /docs/implplan/SPRINT_0171_0001_0001_notifier_i.md onward. |
NOTY0103 | DONO0102 | |
| NOTIFY-OAS-61-001 | DONE (2025-11-17) | SPRINT_0171_0001_0001_notifier_i | Notifications Service Guild · API Governance Guild | docs/api/notifications | Update OpenAPI doc set (rule/incident endpoints) with new schemas + changelog. | NOTY0103 | NOOA0101 | |
| NOTIFY-OAS-61-002 | DONE (2025-11-17) | SPRINT_0171_0001_0001_notifier_i | Notifications Service Guild · SDK Guild | docs/api/notifications | Provide SDK usage examples for rule CRUD, incident ack, and quiet hours; ensure SDK smoke tests. | NOTIFY-OAS-61-001 | NOOA0101 | |
| NOTIFY-OAS-62-001 | DONE (2025-11-17) | SPRINT_0171_0001_0001_notifier_i | Notifications Service Guild · Developer Portal Guild | docs/api/notifications | Publish /docs/api/reference/notifications auto-generated site; integrate with portal nav. |
NOTIFY-OAS-61-002 | NOOA0101 | |
| NOTIFY-OAS-63-001 | DONE (2025-11-17) | SPRINT_0171_0001_0001_notifier_i | Notifications Service Guild · SDK Generator Guild | docs/api/notifications | Provide CLI/UI quickstarts plus recipes referencing new endpoints. | NOTIFY-OAS-61-002 | NOOA0101 | |
| NOTIFY-OBS-51-001 | DONE (2025-11-22) | SPRINT_0171_0001_0001_notifier_i | Notifications Service Guild · Observability Guild | src/Notifier/StellaOps.Notifier | Integrate telemetry SLO webhook sink and routing into Notifier with templates and suppression. | NOTY0104 | NOOB0101 | |
| NOTIFY-OBS-55-001 | DONE (2025-11-22) | SPRINT_0171_0001_0001_notifier_i | Notifications Service Guild · Ops Guild | src/Notifier/StellaOps.Notifier | Incident mode start/stop notifications with evidence links, retention notes, quiet-hour overrides, legal logging. | NOTIFY-OBS-51-001 | NOOB0101 | |
| NOTIFY-OPS-0001 | TODO | SPRINT_0322_0001_0001_docs_modules_notify | Ops Guild · Docs Guild | docs/modules/notify | Review notifier runbooks/observability assets after the next sprint demo and record findings. | NOTIFY-OBS-55-001 | NOOR0101 | |
| NOTIFY-RISK-66-001 | TODO | SPRINT_0171_0001_0001_notifier_i | Notifications Service Guild · Risk Engine Guild · Policy Guild | src/Notifier/StellaOps.Notifier | Policy/Risk metadata export required before implementation. | POLICY-RISK-40-002 | NORR0101 | |
| NOTIFY-RISK-67-001 | TODO | SPRINT_0171_0001_0001_notifier_i | Notifications Service Guild · Policy Guild | src/Notifier/StellaOps.Notifier | Notify stakeholders when risk profiles are published, deprecated, or thresholds change. | NOTIFY-RISK-66-001 | NORR0101 | |
| NOTIFY-RISK-68-001 | TODO | SPRINT_0171_0001_0001_notifier_i | Notifications Service Guild · Risk Engine Guild · Policy Guild | src/Notifier/StellaOps.Notifier | Broadcast severity transitions with trace metadata and attach policy references. | NOTIFY-RISK-67-001 | NORR0101 | |
| NOTIFY-SVC-37-001 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Define pack approval & policy notification contract, including OpenAPI schema, event payloads, resume token mechanics, and security guidance. | Align payload schema with PGMI0101 + ATEL0101 decisions | NOTY0103 | |
| NOTIFY-SVC-37-002 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Implement secure ingestion endpoint, Mongo persistence (pack_approvals), idempotent writes, and audit trail for approval events. Dependencies: NOTIFY-SVC-37-001. |
NOTIFY-SVC-37-001 | NOTY0103 | |
| NOTIFY-SVC-37-003 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Deliver approval/policy templates, routing predicates, and channel dispatch (email/chat/webhook) with deterministic ordering plus ack gating. | NOTIFY-SVC-37-002 | NOTY0103 | |
| NOTIFY-SVC-37-004 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Provide acknowledgement API, Task Runner callback client, metrics for outstanding approvals, and SLA escalations. | NOTIFY-SVC-37-003 | NOTY0103 | |
| NOTIFY-SVC-38-002 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Implement channel adapters (email, chat webhook, generic webhook) with retry policies, health checks, and audit logging. | NOTIFY-SVC-37-004 | NOTY0104 | |
| NOTIFY-SVC-38-003 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Deliver template service (versioned templates, localization scaffolding) and renderer with redaction allowlists, Markdown/HTML/JSON outputs, and provenance links. | NOTIFY-SVC-38-002 | NOTY0104 | |
| NOTIFY-SVC-38-004 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Expose REST + WS APIs (rules CRUD, templates preview, incidents list, ack) with audit logging, RBAC checks, and live feed stream. | NOTIFY-SVC-38-003 | NOTY0104 | |
| NOTIFY-SVC-39-001 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Implement correlation engine with pluggable key expressions/windows, throttler (token buckets), quiet hours/maintenance evaluator, and incident lifecycle. | NOTIFY-SVC-38-004 | NOTY0105 | |
| NOTIFY-SVC-39-002 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Build digest generator (queries, formatting) with schedule runner and distribution manifests. | NOTIFY-SVC-39-001 | NOTY0105 | |
| NOTIFY-SVC-39-003 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Provide simulation engine/API to dry-run rules against historical events, returning correlation explanations. | NOTIFY-SVC-39-002 | NOTY0105 | |
| NOTIFY-SVC-39-004 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Integrate quiet hour calendars and throttles with audit logging plus operator overrides. | NOTIFY-SVC-39-003 | NOTY0105 | |
| NOTIFY-SVC-40-001 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Implement escalations + on-call schedules, ack bridge, PagerDuty/OpsGenie adapters, and CLI/in-app inbox channels. Dependencies: NOTIFY-SVC-39-004. | NOTIFY-SVC-39-004 | NOTY0106 | |
| NOTIFY-SVC-40-002 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Add summary storm breaker notifications, localization bundles, and localization fallback handling. | NOTIFY-SVC-40-001 | NOTY0106 | |
| NOTIFY-SVC-40-003 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Harden security: signed ack links (KMS), webhook HMAC/IP allowlists, tenant isolation fuzz tests, HTML sanitization. | NOTIFY-SVC-40-002 | NOTY0106 | |
| NOTIFY-SVC-40-004 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Finalize observability (metrics/traces for escalations, latency), dead-letter handling, chaos tests for channel outages, and retention policies. | NOTIFY-SVC-40-003 | NOTY0106 | |
| NOTIFY-TEN-48-001 | TODO | SPRINT_0173_0001_0003_notifier_iii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Tenant-scope rules/templates/incidents, RLS on storage, tenant-prefixed channels, and inclusion of tenant context in notifications. | NOTIFY-SVC-40-004 | NOTY0107 | |
| OAS-61 | TODO | SPRINT_160_export_evidence | Exporter Service + API Governance + SDK Guilds | docs/api/oas | Define platform-wide OpenAPI governance + release checklist. | PGMI0101 | DOOA0103 | |
| OAS-61-001 | DOING | SPRINT_0170_0001_0001_notifications_telemetry | API Governance Guild | docs/api/oas | Draft spec updates + changelog text. | OAS-61 | DOOA0103 | |
| OAS-61-002 | TODO | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Align Link-Not-Merge endpoints with new pagination/idempotency rules. | OAS-61 | COAS0101 | |
| OAS-61-003 | TODO | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · API Governance Guild | docs/api/oas | Publish /docs/api/versioning.md describing SemVer, deprecation headers, migration playbooks. |
OAS-61 | DOOA0103 | |
| OAS-62 | TODO | SPRINT_160_export_evidence | Exporter + API Gov + SDK Guilds | docs/api/oas | Document SDK/gen pipeline + offline bundle expectations. | OAS-61 | DOOA0103 | |
| OAS-62-001 | TODO | SPRINT_114_concelier_iii | Concelier Core Guild · SDK Generator Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Generate /docs/api/reference/ data + integrate with SDK scaffolding. |
OAS-61-002 | COAS0101 | |
| OAS-62-002 | TODO | SPRINT_0511_0001_0001_api | API Contracts Guild | src/Api/StellaOps.Api.OpenApi | Add lint rules enforcing pagination, idempotency headers, naming conventions, and example coverage. | OAS-62-001 | AOAS0101 | |
| OAS-63 | TODO | SPRINT_160_export_evidence | Exporter + API Gov + SDK Guilds | docs/api/oas | Define discovery endpoint strategy + lifecycle docs. | OAS-62 | DOOA0103 | |
| OAS-63-001 | TODO | SPRINT_114_concelier_iii | Concelier Core Guild · API Governance Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Implement .well-known/openapi metadata + discovery hints. |
Requires 62-001 outputs | ||
| OBS-50-001 | DOING | SPRINT_0170_0001_0001_notifications_telemetry | Telemetry Core Guild | Implement structured logging + trace propagation defaults across services. | Align scrub rules with Security guild | |||
| OBS-50-002 | DOING | SPRINT_0170_0001_0001_notifications_telemetry | Telemetry Core Guild | Roll out collectors/helm overlays + regression tests for exporters. | Needs 50-001 baseline in main | |||
| OBS-50-003 | TODO | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · Observability Guild | Update collector deployment + metrics catalog docs. | Needs scrubber decisions from TLTY0102 | |||
| OBS-50-004 | TODO | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · Observability Guild | Add SOP for telemetry scrub policies + troubleshooting. | Requires 50-003 outline | |||
| OBS-51-001 | TODO | SPRINT_0503_0001_0001_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | Build SLO bus + queue depth metrics feeding CLI/exporter dashboards. | PROGRAM-STAFF-1001 | |||
| OBS-51-002 | TODO | SPRINT_0170_0001_0001_notifications_telemetry | Telemetry Core Guild · Observability Guild | Enable shadow-mode evaluators + roll into main collectors. | Depends on 51-001 shadow mode | |||
| OBS-52-001 | TODO | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Emit ingest latency/queue/AOC metrics with burn-rate alerts. | Needs ATLN0101 schema | ||
| OBS-52-002 | TODO | SPRINT_160_export_evidence | Timeline Indexer Guild | Configure streaming pipeline (retention/partitioning/backpressure). | Needs Concelier metrics | |||
| OBS-52-003 | TODO | SPRINT_160_export_evidence | Timeline Indexer Guild | Add CI validation + schema enforcement for timeline events. | Depends on 52-002 | |||
| OBS-52-004 | TODO | SPRINT_160_export_evidence | Timeline Indexer + Security Guilds | Harden stream (auth, encryption) + produce DSSE proofs. | Requires 52-003 outputs | |||
| OBS-53-001 | TODO | SPRINT_0503_0001_0001_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | Establish provenance SLO signals + exporter hooks. | PROGRAM-STAFF-1001 | |||
| OBS-53-002 | TODO | SPRINT_0513_0001_0001_provenance | Provenance + Security Guild | src/Provenance/StellaOps.Provenance.Attestation | Add attestation metrics/log scrubbers in Provenance.Attestation. | Depends on 53-001 | ||
| OBS-53-003 | TODO | SPRINT_0513_0001_0001_provenance | Provenance Guild | src/Provenance/StellaOps.Provenance.Attestation | Ship dashboards/tests proving attestation observability. | Requires 53-002 outputs | ||
| OBS-54-001 | TODO | SPRINT_114_concelier_iii | Concelier Core Guild · Provenance Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Needs shared exporter from 1039_EXPORT-OBS-54-001 | Needs shared exporter from 1039_EXPORT-OBS-54-001 | CNOB0101 | |
| OBS-54-002 | TODO | SPRINT_161_evidencelocker | Evidence Locker Guild | src/EvidenceLocker/StellaOps.EvidenceLocker |
Add metrics/logs/alerts for Evidence Locker flows. | Needs provenance metrics | ||
| OBS-55-001 | TODO | SPRINT_114_concelier_iii | Concelier Core & DevOps Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Refresh ops automation/runbooks referencing new metrics. | Depends on 52-001 outputs | ||
| OBS-56-001 | DONE (2025-11-27) | SPRINT_0174_0001_0001_telemetry | Telemetry Core Guild | src/Telemetry/StellaOps.Telemetry.Core | Produce air-gap collector bundle + signed configs/tests. | Needs telemetry baseline from TLTY0102 | ||
| OFFLINE-17-004 | BLOCKED | 2025-10-26 | SPRINT_0508_0001_0001_ops_offline_kit | Offline Kit Guild · DevOps Guild | ops/offline-kit | Repackage release-17 bundle with new DSSE receipts + verification logs. | Needs PROGRAM-STAFF-1001 approvals | |
| OFFLINE-34-006 | TODO | SPRINT_0508_0001_0001_ops_offline_kit | Offline Kit + Orchestrator Guild | ops/offline-kit | Add orchestrator automation bundle + docs to kit. | Requires mirror time anchors | ||
| OFFLINE-37-001 | TODO | SPRINT_0508_0001_0001_ops_offline_kit | Offline Kit + Exporter Guild | ops/offline-kit | Ship export evidence bundle + checksum manifests. | Depends on Export Center artefacts | ||
| OFFLINE-37-002 | TODO | SPRINT_0508_0001_0001_ops_offline_kit | Offline Kit + Notifications Guild | ops/offline-kit | Bundle notifier templates + channel configs for offline ops. | Needs notifier templates from NOIA0101 | ||
| OFFLINE-CONTAINERS-46-001 | TODO | SPRINT_0508_0001_0001_ops_offline_kit | Offline Kit + Deployment Guild | ops/offline-kit | Include container air-gap bundle, verification docs, and mirrored registry instructions inside Offline Kit. | Requires container hardening guidance | ||
| OPENSSL-11-001 | TODO | 2025-11-06 | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild · Build Infra Guild | ops/devops | Rebuild OpenSSL libs + publish reproducible logs/tarballs. | Needs patched toolchain spec | |
| OPENSSL-11-002 | TODO | 2025-11-06 | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild · CI Guild | ops/devops | Update CI images + pipelines with new OpenSSL packages and smoke tests. | Depends on 11-001 artefacts | |
| OPS-0001 | DONE | 2025-11-07 | SPRINT_333_docs_modules_excititor | Ops Guild (docs/modules/excitor) | docs/modules/excitor | |||
| OPS-ENV-01 | TODO | SPRINT_0507_0001_0001_ops_devops_v | DevOps Guild · Scanner Guild | ops/devops | Update deployment manifests (Helm/Compose) and configuration docs to include Surface.Env variables for Scanner and Zastava services. | Needs finalized Surface.Env schema | ||
| OPS-SECRETS-01 | TODO | SPRINT_0507_0001_0001_ops_devops_v | DevOps + Security Guild | ops/devops | Define secret provisioning workflow (Kubernetes, Compose, Offline Kit) for Surface.Secrets references and update runbooks. | Depends on env updates | ||
| OPS-SECRETS-02 | TODO | SPRINT_0507_0001_0001_ops_devops_v | DevOps + Offline Kit Guild | ops/devops | Embed Surface.Secrets material (encrypted bundles, manifests) into offline kit packaging scripts. Dependencies: OPS-SECRETS-01. | Requires 01 workflow | ||
| ORCH-32-001 | TODO | SPRINT_114_concelier_iii | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | — | — | ORGR0102 | |
| ORCH-32-002 | TODO | SPRINT_114_concelier_iii | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | — | — | ORGR0102 | |
| ORCH-33-001 | TODO | SPRINT_114_concelier_iii | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | — | — | ORGR0102 | |
| ORCH-33-002 | TODO | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | — | — | ORGR0102 | ||
| ORCH-33-003 | TODO | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | — | — | ORGR0102 | ||
| ORCH-34-001 | TODO | SPRINT_114_concelier_iii | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | — | — | ORGR0102 | |
| ORCH-34-002 | TODO | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | — | — | ORGR0102 | ||
| ORCH-34-003 | TODO | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | — | — | ORGR0102 | ||
| ORCH-34-004 | TODO | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | — | — | ORGR0102 | ||
| ORCH-34-005 | TODO | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | — | — | ORGR0102 | ||
| ORCH-SVC-32-002 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Implement scheduler DAG planner + dependency resolver, job state machine, and critical-path metadata without yet issuing control actions. Dependencies: ORCH-SVC-32-001. | Needs 32-001 DB | ||
| ORCH-SVC-32-003 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Expose read-only REST APIs (sources, runs, jobs, DAG) with OpenAPI, validation, pagination, and tenant scoping. Dependencies: ORCH-SVC-32-002. | Depends on 32-002 | ||
| ORCH-SVC-32-004 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Implement WebSocket/SSE stream for job/run updates, emit structured metrics counters/histograms, and add health probes. Dependencies: ORCH-SVC-32-003. | Needs 32-003 | ||
| ORCH-SVC-32-005 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Deliver worker claim/heartbeat/progress endpoints capturing artifact metadata/checksums and enforcing idempotency keys. Dependencies: ORCH-SVC-32-004. | Needs 32-004 | ||
| ORCH-SVC-33-001 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Enable `sources test. Dependencies: ORCH-SVC-32-005. | Needs ORSC0101 worker contract | ||
| ORCH-SVC-33-002 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Implement per-source/tenant adaptive token-bucket rate limiter, concurrency caps, and backpressure signals reacting to upstream 429/503. Dependencies: ORCH-SVC-33-001. | Depends on 33-001 | ||
| ORCH-SVC-33-003 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Add watermark/backfill manager with event-time windows, duplicate suppression, dry-run preview endpoint, and safety validations. Dependencies: ORCH-SVC-33-002. | Needs 33-002 | ||
| ORCH-SVC-33-004 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Deliver dead-letter store, replay endpoints, and error classification surfaces with remediation hints + notification hooks. Dependencies: ORCH-SVC-33-003. | Depends on 33-003 | ||
| ORCH-SVC-34-001 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Implement quota management APIs, per-tenant SLO burn-rate computation, and alert budget tracking surfaced via metrics. Dependencies: ORCH-SVC-33-004. | Requires 33-004 | ||
| ORCH-SVC-34-002 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Build audit log + immutable run ledger export with signed manifest support, including provenance chain to artifacts. Dependencies: ORCH-SVC-34-001. | Needs ORCH-SVC-34-001 | ||
| ORCH-SVC-34-003 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Execute perf/scale validation (≥10k pending jobs, dispatch P95 <150 ms) and add autoscaling hooks with health probes. Dependencies: ORCH-SVC-34-002. | Depends on 34-002 | ||
| ORCH-SVC-34-004 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Package orchestrator container, Helm overlays, offline bundle seeds, provenance attestations, and compliance checklist for GA. Dependencies: ORCH-SVC-34-003. | Needs 34-003 | ||
| ORCH-SVC-35-101 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Register export job type with quotas/rate policies, expose telemetry, and ensure exporter workers heartbeat via orchestrator contracts. Dependencies: ORCH-SVC-34-004. |
Depends on 34-004 | ||
| ORCH-SVC-36-101 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Capture distribution metadata and retention timestamps for export jobs, updating dashboards and SSE payloads. Dependencies: ORCH-SVC-35-101. | Needs 35-101 job type registered | ||
| ORCH-SVC-37-101 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Enable scheduled export runs, retention pruning hooks, and failure alerting tied to export job class. Dependencies: ORCH-SVC-36-101. | Depends on 36-101 | ||
| ORCH-SVC-38-101 | DOING | SPRINT_0153_0001_0003_orchestrator_iii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Standardize event envelope (policy/export/job lifecycle) with idempotency keys, ensure export/job failure events published to notifier bus with provenance metadata. Dependencies: ORCH-SVC-37-101. | Needs 37-101 | ||
| ORCH-SVC-41-101 | TODO | SPRINT_0153_0001_0003_orchestrator_iii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Register pack-run job type, persist run metadata, integrate logs/artifacts collection, and expose API for Task Runner scheduling. Dependencies: ORCH-SVC-38-101. |
Depends on 38-101 | ||
| ORCH-SVC-42-101 | TODO | SPRINT_0153_0001_0003_orchestrator_iii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Stream pack run logs via SSE/WS, add manifest endpoints, enforce quotas, and emit pack run events to Notifications Studio. Dependencies: ORCH-SVC-41-101. | Needs 41-101 | ||
| ORCH-TEN-48-001 | TODO | SPRINT_0153_0001_0003_orchestrator_iii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Include tenant_id/project_id in job specs, set DB session context before processing, enforce context on all queries, and reject jobs missing tenant metadata. |
Needs ORSC0104 job metadata | ||
| ORCH-ENG-0001 | DONE | SPRINT_0323_0001_0001_docs_modules_orchestrator | Module Team | docs/modules/orchestrator | Keep sprint milestone alignment notes synced with /docs/implplan/SPRINT_0151_0001_0001_orchestrator_i.md onward. |
Needs ORSC0104 status updates | ||
| ORCH-OPS-0001 | DONE | SPRINT_0323_0001_0001_docs_modules_orchestrator | Ops Guild | docs/modules/orchestrator | Review orchestrator runbooks/observability checklists post-demo. | Requires obs/export docs | ||
| PACKS-42-001 | TODO | SPRINT_0121_0001_0001_policy_reasoning | Findings Ledger Guild | src/Findings/StellaOps.Findings.Ledger | Provide snapshot/time-travel APIs, digestable exports for pack simulation + CLI offline mode. | Needs ORSC0104 event IDs | ||
| PACKS-43-001 | DONE | 2025-11-09 | SPRINT_100_identity_signing | Packs Guild · Authority Guild | src/Authority/StellaOps.Authority | Canonical pack bundle + docs for release 43. | AUTH-PACKS-41-001; TASKRUN-42-001; ORCH-SVC-42-101 | |
| PACKS-43-002 | TODO | SPRINT_0508_0001_0001_ops_offline_kit | Offline Kit Guild, Packs Registry Guild (ops/offline-kit) | ops/offline-kit | ||||
| PACKS-REG-41-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0154_0001_0001_packsregistry | Packs Registry Guild | src/PacksRegistry/StellaOps.PacksRegistry | Implement registry service, migrations for packs_index, parity_matrix, provenance docs; support pack upload/list/get, signature verification, RBAC enforcement, and provenance manifest storage. |
Needs ORSC0104 event feeds | |
| PACKS-REG-42-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0154_0001_0001_packsregistry | Packs Registry Guild | src/PacksRegistry/StellaOps.PacksRegistry | Add version lifecycle (promote/deprecate), tenant allowlists, provenance export, signature rotation, audit logs, and Offline Kit seed support. Dependencies: PACKS-REG-41-001. | Depends on 41-001 | |
| PACKS-REG-43-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0154_0001_0001_packsregistry | Packs Registry Guild | src/PacksRegistry/StellaOps.PacksRegistry | Implement registry mirroring, pack signing policies, attestation integration, and compliance dashboards; integrate with Export Center. Dependencies: PACKS-REG-42-001. | Needs 42-001 | |
| PARITY-41-001 | TODO | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Propagate traceparent/correlation IDs across CLI commands and verbose output. |
Needs NOWB0101 gateway trace headers | ||
| PARITY-41-002 | TODO | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add parity tests + docs ensuring CLI error output matches web/notify formats. | Depends on 41-001 | ||
| PLATFORM-DOCS-0001 | TODO | SPRINT_324_docs_modules_platform | Docs Guild | docs/modules/platform | See ./AGENTS.md | Needs updated wave list | ||
| PLATFORM-ENG-0001 | TODO | SPRINT_324_docs_modules_platform | Module Team | docs/modules/platform | Update status via ./AGENTS.md workflow | Depends on 0001 | ||
| PLATFORM-OPS-0001 | TODO | SPRINT_324_docs_modules_platform | Ops Guild | docs/modules/platform | Sync outcomes back to ../.. | Requires ops checklist inputs | ||
| PLG4-6 | DONE | 2025-11-08 | SPRINT_100_identity_signing | Authority Plugin Guild | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard | DSSE coverage + docs for standard plugin release. | DPO policy review | |
| PLG6 | DONE | 2025-11-03 | SPRINT_100_identity_signing | Authority Plugin Guild | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard | Offline kit parity + docs refresh. | OFFK0101 bundling | |
| PLG7 | DONE | 2025-11-03 | SPRINT_100_identity_signing | Authority Plugin Guild · Security Guild | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard | LDAP plugin capability alignment. | LDAP provisioning spec | |
| PLG7.IMPL-003 | DONE (2025-11-09) | 2025-11-09 | SPRINT_100_identity_signing | BE-Auth Plugin (src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard) | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard | Claims enricher ships with DN map + regex substitutions, Mongo claims cache (TTL + capacity enforcement) wired through DI, plus unit tests covering enrichment + cache eviction. | Claims enricher ships with DN map + regex substitutions, Mongo claims cache (TTL + capacity enforcement) wired through DI, plus unit tests covering enrichment + cache eviction. | |
| PLG7.IMPL-004 | DONE (2025-11-09) | 2025-11-09 | SPRINT_100_identity_signing | BE-Auth Plugin, DevOps Guild (src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Ldap) | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Ldap | LDAP plug-in now ships clientProvisioning.* options, a Mongo-audited LdapClientProvisioningStore, capability gating, and docs/tests covering LDAP writes + cache shims. |
LDAP plug-in now ships clientProvisioning.* options, a Mongo-audited LdapClientProvisioningStore, capability gating, and docs/tests covering LDAP writes + cache shims. |
|
| PLG7.IMPL-005 | DONE (2025-11-09) | 2025-11-09 | SPRINT_100_identity_signing | BE-Auth Plugin, Docs Guild (src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard) | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard | LDAP plug-in docs refreshed (mutual TLS, regex mappings, cache/audit mirror guidance), sample manifest updated, Offline Kit + release notes now reference the bundled plug-in assets. | LDAP plug-in docs refreshed (mutual TLS, regex mappings, cache/audit mirror guidance), sample manifest updated, Offline Kit + release notes now reference the bundled plug-in assets. | |
| PLG7.IMPL-006 | DONE (2025-11-09) | 2025-11-09 | SPRINT_100_identity_signing | BE-Auth Plugin (src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Ldap) | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Ldap | LDAP bootstrap provisioning added (write probe, Mongo audit mirror, capability downgrade + health status) with docs/tests + sample manifest updates. | LDAP bootstrap provisioning added (write probe, Mongo audit mirror, capability downgrade + health status) with docs/tests + sample manifest updates. | |
| POL-005 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild | src/Policy/StellaOps.Policy.Engine, docs/modules/policy/architecture.md, docs/reachability/function-level-evidence.md |
Ingest reachability facts, expose SPL signals, auto-suppress <0.30, emit OpenVEX evidence. | Needs reachability feed GAPG0101 | ||
| POLICY-0001 | DONE | 2025-11-10 | SPRINT_0138_0001_0001_scanner_ruby_parity | Policy Guild, Ruby Analyzer Guild (docs/modules/scanner) | docs/modules/scanner | SCANNER-ENG-0018 | ||
| POLICY-13-007 | TODO | SPRINT_0210_0001_0002_ui_ii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | ||||
| POLICY-20-001 | TODO | SPRINT_114_concelier_iii | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Provide batch advisory lookup APIs for Policy (purl/advisory filters, explain metadata). | Needs latest advisory schemas | ||
| POLICY-20-002 | TODO | SPRINT_115_concelier_iv | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Expand linkset builders with vendor equivalence tables, NEVRA/PURL normalization, version-range parsing. | Depends on 20-001 | ||
| POLICY-20-003 | TODO | SPRINT_115_concelier_iv | Concelier Storage Guild | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | Introduce advisory selection cursors + change-stream checkpoints with offline migration scripts. | Needs 20-002 index/schema | ||
| POLICY-20-004 | TODO | SPRINT_0210_0001_0002_ui_ii | UI Guild | src/UI/StellaOps.UI | Wire UI to new policy evidence APIs, bridging editor + simulation flows. | Needs ORSC0101 APIs | ||
| POLICY-23-001 | TODO | SPRINT_115_concelier_iv | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | ||||
| POLICY-23-002 | TODO | SPRINT_115_concelier_iv | Concelier Core Guild, Platform Events Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | ||||
| POLICY-23-003 | TODO | SPRINT_0210_0001_0002_ui_ii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | ||||
| POLICY-23-004 | TODO | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | ||||
| POLICY-23-005 | TODO | SPRINT_0210_0001_0002_ui_ii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | ||||
| POLICY-23-006 | TODO | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | ||||
| POLICY-23-007 | TODO | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild, DevEx/CLI Guild (docs) | |||||
| POLICY-23-008 | TODO | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild, Architecture Guild (docs) | |||||
| POLICY-23-009 | TODO | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild, DevOps Guild (docs) | |||||
| POLICY-23-010 | TODO | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild, UI Guild (docs) | |||||
| POLICY-27-001 | TODO | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement workspace commands (init, edit, lint, compile, test) with deterministic caches + JSON output. |
Needs CLI pack templates from CLCI0106 | ||
| POLICY-27-002 | TODO | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add submission/review workflow commands (version bump, submit, comment, approve/reject). |
Depends on Policy Registry endpoints | ||
| POLICY-27-003 | TODO | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement stella policy simulate enhancements (quick/batch, SBOM selectors, heatmap diff, JSON/Markdown outputs). |
Waiting on CLPS0101 submission scaffolding | ||
| POLICY-27-004 | TODO | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add lifecycle commands for publish/promote/rollback/sign with attestation checks. | Depends on 27-003 | ||
| POLICY-27-005 | TODO | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild · Docs Guild | src/Cli/StellaOps.Cli | Update CLI refs/samples (JSON schemas, exit codes, CI snippets). | Requires 27-004 output | ||
| POLICY-27-006 | TODO | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Update policy scopes/help text to request new Policy Studio scope family and adjust regression tests. | Needs 27-005 docs | ||
| POLICY-27-007 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild, DevEx/CLI Guild (docs) | ||||
| POLICY-27-008 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild, Policy Registry Guild (docs) | ||||
| POLICY-27-009 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild, Security Guild (docs) | ||||
| POLICY-27-010 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild, Architecture Guild (docs) | ||||
| POLICY-27-011 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild, Observability Guild (docs) | ||||
| POLICY-27-012 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild, Ops Guild (docs) | ||||
| POLICY-27-013 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild, Policy Guild (docs) | ||||
| POLICY-27-014 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild, Policy Registry Guild (docs) | ||||
| POLICY-401-026 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild · Concelier Guild (docs/policy/dsl.md, docs/uncertainty/README.md) |
docs/policy/dsl.md, docs/uncertainty/README.md |
||||
| POLICY-AIRGAP-56-001 | TODO | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild | src/Policy/StellaOps.Policy.Engine | Support policy pack imports from Mirror Bundles, track bundle_id metadata, and ensure deterministic caching |
Needs OFFK0101 bundle schema | ||
| POLICY-AIRGAP-56-002 | TODO | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild · Policy Studio Guild | src/Policy/StellaOps.Policy.Engine | Export policy sub-bundles | POLICY-AIRGAP-56-001 | ||
| POLICY-AIRGAP-57-001 | TODO | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild · Export Center Guild | src/Policy/StellaOps.Policy.Engine | Enforce sealed-mode guardrails in evaluation | POLICY-AIRGAP-56-002 | ||
| POLICY-AIRGAP-57-002 | TODO | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild · Notifications Guild | src/Policy/StellaOps.Policy.Engine | Annotate rule explanations with staleness information and fallback data | POLICY-AIRGAP-57-001 | ||
| POLICY-AIRGAP-58-001 | TODO | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild · Platform Ops | src/Policy/StellaOps.Policy.Engine | Emit notifications when policy packs near staleness thresholds or missing required bundles | POLICY-AIRGAP-57-002 | ||
| POLICY-AOC-19-001 | TODO | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Add Roslyn/CI lint preventing ingestion projects from referencing Policy merge/severity helpers; block forbidden writes at compile time | |||
| POLICY-AOC-19-002 | TODO | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild, Platform Security / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Enforce effective_finding_* write gate ensuring only Policy Engine identity can create/update materializations |
POLICY-AOC-19-001 | ||
| POLICY-AOC-19-003 | TODO | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Update readers/processors to consume only content.raw, identifiers, and linkset. Remove dependencies on legacy normalized fields and refresh fixtures |
POLICY-AOC-19-002 | ||
| POLICY-AOC-19-004 | TODO | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild, QA Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Add regression tests ensuring policy derived outputs remain deterministic when ingesting revised raw docs | POLICY-AOC-19-003 | ||
| POLICY-ATTEST-73-001 | TODO | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild, Attestor Service Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Introduce VerificationPolicy object: schema, persistence, versioning, and lifecycle | |||
| POLICY-ATTEST-73-002 | TODO | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Provide Policy Studio editor with validation, dry-run simulation, and version diff | POLICY-ATTEST-73-001 | ||
| POLICY-ATTEST-74-001 | TODO | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild, Attestor Service Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Integrate verification policies into attestor verification pipeline with caching and waiver support | POLICY-ATTEST-73-002 | ||
| POLICY-ATTEST-74-002 | TODO | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild, Console Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Surface policy evaluations in Console verification reports with rule explanations | POLICY-ATTEST-74-001 | ||
| POLICY-CONSOLE-23-001 | TODO | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild, BE-Base Platform Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Optimize findings/explain APIs for Console: cursor-based pagination at scale, global filter parameters (severity bands, policy version, time window), rule trace summarization, and aggregation hints for dashboard cards. Ensure deterministic ordering and expose provenance refs | |||
| POLICY-CONSOLE-23-002 | TODO | SPRINT_124_policy_reasoning | Policy Guild, Product Ops / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Produce simulation diff metadata | POLICY-CONSOLE-23-001 | ||
| POLICY-ENGINE-20-002 | BLOCKED | 2025-10-26 | SPRINT_124_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Build deterministic evaluator honoring lexical/priority order, first-match semantics, and safe value types (no wall-clock/network access) | PGMI0101 | PLPE0101 |
| POLICY-ENGINE-20-003 | TODO | SPRINT_124_policy_reasoning | Policy Guild, Concelier Core Guild, Excititor Core Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement selection joiners resolving SBOM↔advisory↔VEX tuples using linksets and PURL equivalence tables, with deterministic batching | POLICY-ENGINE-20-002 | PLPE0101 | |
| POLICY-ENGINE-20-004 | TODO | SPRINT_124_policy_reasoning | Policy Guild, Platform Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Ship materialization writer that upserts into effective_finding_{policyId} with append-only history, tenant scoping, and trace references |
POLICY-ENGINE-20-003 | PLPE0101 | |
| POLICY-ENGINE-20-005 | TODO | SPRINT_124_policy_reasoning | Policy Guild, Security Engineering / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Enforce determinism guard banning wall-clock, RNG, and network usage during evaluation via static analysis + runtime sandbox | POLICY-ENGINE-20-004 | PLPE0101 | |
| POLICY-ENGINE-20-006 | TODO | SPRINT_124_policy_reasoning | Policy Guild, Scheduler Worker Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement incremental orchestrator reacting to advisory/vex/SBOM change streams and scheduling partial policy re-evaluations | POLICY-ENGINE-20-005 | PLPE0101 | |
| POLICY-ENGINE-20-007 | TODO | SPRINT_124_policy_reasoning | Policy Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Emit structured traces/logs of rule hits with sampling controls, metrics | POLICY-ENGINE-20-006 | PLPE0101 | |
| POLICY-ENGINE-20-008 | TODO | SPRINT_124_policy_reasoning | Policy Guild, QA Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Add unit/property/golden/perf suites covering policy compilation, evaluation correctness, determinism, and SLA targets | POLICY-ENGINE-20-007 | PLPE0101 | |
| POLICY-ENGINE-20-009 | TODO | SPRINT_124_policy_reasoning | Policy Guild, Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Define Mongo schemas/indexes for policies, policy_runs, and effective_finding_*; implement migrations and tenant enforcement |
POLICY-ENGINE-20-008 | PLPE0101 | |
| POLICY-ENGINE-27-001 | TODO | SPRINT_124_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Extend compile outputs to include rule coverage metadata, symbol table, inline documentation, and rule index for editor autocomplete; persist deterministic hashes | POLICY-ENGINE-20-009 | PLPE0101 | |
| POLICY-ENGINE-27-002 | TODO | SPRINT_124_policy_reasoning | Policy Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Enhance simulate endpoints to emit rule firing counts, heatmap aggregates, sampled explain traces with deterministic ordering, and delta summaries for quick/batch sims | POLICY-ENGINE-27-001 | PLPE0101 | |
| POLICY-ENGINE-29-001 | TODO | SPRINT_124_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement batch evaluation endpoint | POLICY-ENGINE-27-004 | PLPE0102 | |
| POLICY-ENGINE-29-002 | TODO | SPRINT_124_policy_reasoning | Policy Guild, Findings Ledger Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Provide streaming simulation API comparing two policy versions, returning per-finding deltas without writes; align determinism with Vuln Explorer simulation | POLICY-ENGINE-29-001 | PLPE0102 | |
| POLICY-ENGINE-29-003 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild, SBOM Service Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Surface path/scope awareness in determinations | POLICY-ENGINE-29-002 | PLPE0102 | |
| POLICY-ENGINE-29-004 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Add metrics/logs for batch evaluation | POLICY-ENGINE-29-003 | PLPE0102 | |
| POLICY-ENGINE-30-001 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Define overlay contract for graph nodes/edges | POLICY-ENGINE-29-004 | PLPE0102 | |
| POLICY-ENGINE-30-002 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement simulation bridge returning on-the-fly overlays for Cartographer/Graph Explorer when invoking Policy Engine simulate; ensure no writes and deterministic outputs | POLICY-ENGINE-30-001 | PLPE0102 | |
| POLICY-ENGINE-30-003 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild, Scheduler Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Emit change events | POLICY-ENGINE-30-002 | PLPE0102 | |
| POLICY-ENGINE-30-101 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Surface trust weighting configuration | POLICY-ENGINE-30-003 | PLPE0102 | |
| POLICY-ENGINE-31-001 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Expose policy knobs for Advisory AI | POLICY-ENGINE-30-101 | PLPE0102 | |
| POLICY-ENGINE-31-002 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Provide batch endpoint delivering policy context | POLICY-ENGINE-31-001 | PLPE0103 | |
| POLICY-ENGINE-32-101 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Define orchestrator policy_eval job schema, idempotency keys, and enqueue hooks triggered by advisory/VEX/SBOM events |
POLICY-ENGINE-31-002 | PLPE0103 | |
| POLICY-ENGINE-33-101 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement orchestrator-driven policy evaluation workers using SDK heartbeats, respecting throttles, and emitting SLO metrics | POLICY-ENGINE-32-101 | PLPE0103 | |
| POLICY-ENGINE-34-101 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Publish policy run ledger exports + SLO burn-rate metrics to orchestrator; ensure provenance chain links to Findings Ledger | POLICY-ENGINE-33-101 | PLPE0103 | |
| POLICY-ENGINE-35-201 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Expose deterministic policy snapshot API and evaluated findings stream keyed by policy version for exporter consumption | POLICY-ENGINE-34-101 | PLPE0103 | |
| POLICY-ENGINE-38-201 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Emit enriched policy violation events | POLICY-ENGINE-35-201 | PLPE0103 | |
| POLICY-ENGINE-40-001 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild, Concelier Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Update severity/status evaluation pipelines to consume multiple source severities per linkset, supporting selection strategies | POLICY-ENGINE-38-201 | PLPE0103 | |
| POLICY-ENGINE-40-002 | TODO | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild, Excititor Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Accept VEX linkset conflicts and provide rationale references in effective findings; ensure explain traces cite observation IDs | POLICY-ENGINE-40-001 | PLPE0103 | |
| POLICY-ENGINE-40-003 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Web Scanner Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Provide API/SDK utilities for consumers | POLICY-ENGINE-40-002 | PLPE0103 | |
| POLICY-ENGINE-401-003 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild (src/Policy/StellaOps.Policy.Engine, docs/modules/policy/architecture.md) |
src/Policy/StellaOps.Policy.Engine, docs/modules/policy/architecture.md |
Replace in-service DSL compilation with the shared library, support both legacy stella-dsl@1 packs and the new inline syntax, and keep determinism hashes stable. |
— | PLPE0103 | |
| POLICY-ENGINE-50-001 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Platform Security / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement SPL compiler: validate YAML, canonicalize, produce signed bundle, store artifact in object storage, write policy_revisions with AOC metadata |
POLICY-ENGINE-40-003 | PLPE0104 | |
| POLICY-ENGINE-50-002 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Runtime Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Build runtime evaluator executing compiled plans over advisory/vex linksets + SBOM asset metadata with deterministic caching | POLICY-ENGINE-50-001 | PLPE0104 | |
| POLICY-ENGINE-50-003 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement evaluation/compilation metrics, tracing, and structured logs | POLICY-ENGINE-50-002 | PLPE0104 | |
| POLICY-ENGINE-50-004 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Platform Events Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Build event pipeline: subscribe to linkset/SBOM updates, schedule re-eval jobs, emit policy.effective.updated events with diff metadata |
POLICY-ENGINE-50-003 | PLPE0104 | |
| POLICY-ENGINE-50-005 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Design and implement policy_packs, policy_revisions, policy_runs, policy_artifacts collections with indexes, TTL, and tenant scoping |
POLICY-ENGINE-50-004 | PLPE0104 | |
| POLICY-ENGINE-50-006 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, QA Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement explainer persistence + retrieval APIs linking decisions to explanation tree and AOC chain | POLICY-ENGINE-50-005 | PLPE0104 | |
| POLICY-ENGINE-50-007 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Scheduler Worker Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Provide evaluation worker host/DI wiring and job orchestration hooks for batch re-evaluations after policy activation | POLICY-ENGINE-50-006 | PLPE0104 | |
| POLICY-ENGINE-60-001 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, SBOM Service Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Maintain Redis effective decision maps per asset/snapshot for Graph overlays; implement versioning and eviction strategy | POLICY-ENGINE-50-007 | PLPE0104 | |
| POLICY-ENGINE-60-002 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, BE-Base Platform Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Expose simulation bridge for Graph What-if APIs, supporting hypothetical SBOM diffs and draft policies without persisting results | POLICY-ENGINE-60-001 | PLPE0104 | |
| POLICY-ENGINE-70-002 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Design and create Mongo collections | POLICY-ENGINE-60-002 | PLPE0104 | |
| POLICY-ENGINE-70-003 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Runtime Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Build Redis exception decision cache | POLICY-ENGINE-70-002 | ||
| POLICY-ENGINE-70-004 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Extend metrics/tracing/logging for exception application | POLICY-ENGINE-70-003 | ||
| POLICY-ENGINE-70-005 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Scheduler Worker Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Provide APIs/workers hook for exception activation/expiry | POLICY-ENGINE-70-004 | ||
| POLICY-ENGINE-80-001 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Signals Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Integrate reachability/exploitability inputs into evaluation pipeline | POLICY-ENGINE-70-005 | ||
| POLICY-ENGINE-80-002 | TODO | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild, Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Create joining layer to read reachability_facts efficiently |
POLICY-ENGINE-80-001 | ||
| POLICY-ENGINE-80-003 | TODO | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild, Policy Editor Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Extend SPL predicates/actions to reference reachability state/score/confidence; update compiler validation | POLICY-ENGINE-80-002 | ||
| POLICY-ENGINE-80-004 | TODO | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Emit metrics | POLICY-ENGINE-80-003 | ||
| POLICY-LIB-401-001 | DONE (2025-11-27) | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild (src/Policy/StellaOps.PolicyDsl, docs/policy/dsl.md) |
src/Policy/StellaOps.PolicyDsl, docs/policy/dsl.md |
Extract the policy DSL parser/compiler into StellaOps.PolicyDsl, add the lightweight syntax (default action + inline rules), and expose PolicyEngineFactory/SignalContext APIs for reuse. |
Created StellaOps.PolicyDsl library with PolicyEngineFactory, SignalContext, tokenizer, parser, compiler, and IR serialization. | ||
| POLICY-LIB-401-002 | DONE (2025-11-27) | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild, CLI Guild (tests/Policy/StellaOps.PolicyDsl.Tests, policy/default.dsl, docs/policy/lifecycle.md) |
tests/Policy/StellaOps.PolicyDsl.Tests, policy/default.dsl, docs/policy/lifecycle.md |
Ship unit-test harness + sample policy/default.dsl (table-driven cases) and wire stella policy lint/simulate to the shared library. |
Created test harness with 25 unit tests, sample DSL files (minimal.dsl, default.dsl), and wired stella policy lint command to PolicyDsl library. | ||
| POLICY-OBS-50-001 | TODO | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild · Observability Guild | src/Policy/StellaOps.Policy.Engine | Integrate telemetry core into policy API + worker hosts, ensuring spans/logs cover compile/evaluate flows with tenant_id, policy_version, decision_effect, and trace IDs |
Wait for telemetry schema drop (046_TLTY0101) | PLOB0101 | |
| POLICY-OBS-51-001 | TODO | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild · DevOps Guild | src/Policy/StellaOps.Policy.Engine | Emit golden-signal metrics | POLICY-OBS-50-001 | PLOB0101 | |
| POLICY-OBS-52-001 | TODO | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild | src/Policy/StellaOps.Policy.Engine | Emit timeline events policy.evaluate.started, policy.evaluate.completed, policy.decision.recorded with trace IDs, input digests, and rule summary. Provide contract tests and retry semantics |
POLICY-OBS-51-001 | PLOB0101 | |
| POLICY-OBS-53-001 | TODO | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild · Evidence Locker Guild | src/Policy/StellaOps.Policy.Engine | Produce evaluation evidence bundles | POLICY-OBS-52-001 | PLOB0101 | |
| POLICY-OBS-54-001 | TODO | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild · Provenance Guild | src/Policy/StellaOps.Policy.Engine | Generate DSSE attestations for evaluation outputs, expose /evaluations/{id}/attestation, and link attestation IDs in timeline + console. Provide verification harness |
POLICY-OBS-53-001 | PLOB0101 | |
| POLICY-OBS-55-001 | TODO | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild · DevOps Guild | src/Policy/StellaOps.Policy.Engine | Implement incident mode sampling overrides | POLICY-OBS-54-001 | PLOB0101 | |
| POLICY-READINESS-0001 | TODO | SPRINT_0325_0001_0001_docs_modules_policy | Policy Guild (docs/modules/policy) | docs/modules/policy | Capture policy module readiness checklist aligned with current sprint goals. | |||
| POLICY-READINESS-0002 | TODO | SPRINT_0325_0001_0001_docs_modules_policy | Policy Guild (docs/modules/policy) | docs/modules/policy | Track outstanding prerequisites/risk items for policy releases and mirror into sprint updates. | |||
| POLICY-RISK-66-001 | DONE | 2025-11-22 | SPRINT_0127_0001_0001_policy_reasoning | Risk Profile Schema Guild / src/Policy/StellaOps.Policy.RiskProfile | src/Policy/StellaOps.Policy.RiskProfile | Develop initial JSON Schema for RiskProfile (signals, transforms, weights, severity, overrides) with validator stubs | ||
| POLICY-RISK-66-002 | DONE (2025-11-26) | SPRINT_0127_0001_0001_policy_reasoning | Risk Profile Schema Guild / src/Policy/StellaOps.Policy.RiskProfile | src/Policy/StellaOps.Policy.RiskProfile | Implement inheritance/merge logic with conflict detection and deterministic content hashing | POLICY-RISK-66-001 | Canonicalizer/merge + digest, tests added. | |
| POLICY-RISK-66-003 | TODO | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild, Risk Profile Schema Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Integrate RiskProfile schema into Policy Engine configuration, ensuring validation and default profile deployment | POLICY-RISK-66-002 | ||
| POLICY-RISK-66-004 | TODO | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild, Risk Profile Schema Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Extend Policy libraries to load/save RiskProfile documents, compute content hashes, and surface validation diagnostics | POLICY-RISK-66-003 | ||
| POLICY-RISK-67-001 | TODO | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild, Risk Engine Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Trigger scoring jobs on new/updated findings via Policy Engine orchestration hooks | POLICY-RISK-66-004 | ||
| POLICY-RISK-67-002 | BLOCKED (2025-11-26) | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement profile lifecycle APIs | POLICY-RISK-67-001 | Waiting on risk profile contract + schema draft. | |
| POLICY-RISK-67-003 | BLOCKED (2025-11-26) | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Risk Engine Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Provide policy-layer APIs to trigger risk simulations and return distributions/contribution breakdowns | POLICY-RISK-67-002 | Blocked by missing risk profile schema + lifecycle API contract. | |
| POLICY-RISK-68-001 | TODO | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Policy Studio Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Provide simulation API bridging Policy Studio with risk engine; returns distributions and top movers | POLICY-RISK-67-003 | ||
| POLICY-RISK-68-002 | TODO | SPRINT_0128_0001_0001_policy_reasoning | Risk Profile Schema Guild / src/Policy/StellaOps.Policy.RiskProfile | src/Policy/StellaOps.Policy.RiskProfile | Add override/adjustment support with audit metadata and validation for conflicting rules | POLICY-RISK-68-001 | ||
| POLICY-RISK-69-001 | TODO | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Notifications Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Emit events/notifications on profile publish, deprecate, and severity threshold changes | POLICY-RISK-68-002 | ||
| POLICY-RISK-70-001 | TODO | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Export Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Support exporting/importing profiles with signatures for air-gapped bundles | POLICY-RISK-69-001 | ||
| POLICY-RISK-90-001 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Scanner Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Ingest entropy penalty inputs from Scanner (entropy.report.json, layer_summary.json), extend trust algebra with configurable weights/caps, and expose explanations/metrics for opaque ratio penalties (docs/modules/scanner/entropy.md). |
|||
| POLICY-SPL-23-001 | TODO | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Language Infrastructure Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Define SPL v1 YAML + JSON Schema, including advisory rules, VEX precedence, severity mapping, exceptions, and layering metadata. Publish schema resources and validation fixtures | |||
| POLICY-SPL-23-002 | TODO | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Implement canonicalizer that normalizes policy packs | POLICY-SPL-23-001 | ||
| POLICY-SPL-23-003 | DONE (2025-11-26) | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Build policy layering/override engine | POLICY-SPL-23-002 | SplLayeringEngine + tests landed. |
|
| POLICY-SPL-23-004 | TODO | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Audit Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Design explanation tree model | POLICY-SPL-23-003 | ||
| POLICY-SPL-23-005 | TODO | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, DevEx Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Create migration tool to snapshot existing behavior into baseline SPL packs | POLICY-SPL-23-004 | ||
| POLICY-SPL-24-001 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Signals Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Extend SPL schema to expose reachability/exploitability predicates and weighting functions; update documentation and fixtures | POLICY-SPL-23-005 | |
| POLICY-TEN-48-001 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Add tenant_id/project_id columns, enable RLS, update evaluators to require tenant context, and emit rationale IDs including tenant metadata |
|||
| POLICY-VEX-401-006 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild (src/Policy/StellaOps.Policy.Engine, src/Policy/__Libraries/StellaOps.Policy) |
src/Policy/StellaOps.Policy.Engine, src/Policy/__Libraries/StellaOps.Policy |
Policy Engine consumes reachability facts, applies the deterministic score/label buckets (≥0.80 reachable, 0.30–0.79 conditional, <0.30 unreachable), emits OpenVEX with call-path proofs, and updates SPL schema with reachability.state/confidence predicates and suppression gates. |
|||
| POLICY-VEX-401-010 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild (src/Policy/StellaOps.Policy.Engine/Vex, docs/modules/policy/architecture.md, docs/benchmarks/vex-evidence-playbook.md) |
src/Policy/StellaOps.Policy.Engine/Vex, docs/modules/policy/architecture.md, docs/benchmarks/vex-evidence-playbook.md |
Implement VexDecisionEmitter to serialize per-finding OpenVEX, attach evidence hashes, request DSSE signatures, capture Rekor metadata, and publish artifacts following the bench playbook. |
|||
| PROBE-401-010 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Runtime Signals Guild (src/Signals/StellaOps.Signals.Runtime, ops/probes) |
src/Signals/StellaOps.Signals.Runtime, ops/probes |
||||
| PROMO-70-001 | TODO | SPRINT_0202_0001_0002_cli_ii | DevEx/CLI Guild, Provenance Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | ||||
| PROMO-70-002 | TODO | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild, Provenance Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | ||||
| PROV-BACKFILL-401-029 | DONE | 2025-11-27 | SPRINT_0401_0001_0001_reachability_evidence_chain | Platform Guild | docs/provenance/inline-dsse.md, scripts/publish_attestation_with_provenance.sh |
Backfill historical Mongo events with DSSE/Rekor metadata by resolving known attestations per subject digest (wiring ingestion helpers + endpoint tests in progress). | Depends on #1 | RBRE0101 |
| PROV-INDEX-401-030 | DONE | 2025-11-27 | SPRINT_0401_0001_0001_reachability_evidence_chain | Platform + Ops Guilds | docs/provenance/inline-dsse.md, ops/mongo/indices/events_provenance_indices.js |
Deploy provenance indexes (events_by_subject_kind_provenance, etc.) and expose compliance/replay queries. |
Depends on #3 | RBRE0101 |
| PROV-INLINE-401-028 | DONE | SPRINT_0401_0001_0001_reachability_evidence_chain | Authority Guild · Feedser Guild (docs/provenance/inline-dsse.md, src/__Libraries/StellaOps.Provenance.Mongo) |
docs/provenance/inline-dsse.md, src/__Libraries/StellaOps.Provenance.Mongo |
Extend Authority/Feedser event writers to attach inline DSSE + Rekor references on every SBOM/VEX/scan event using StellaOps.Provenance.Mongo. |
|||
| PROV-OBS-53-001 | DONE | 2025-11-17 | SPRINT_0513_0001_0001_provenance | Provenance Guild / src/Provenance/StellaOps.Provenance.Attestation |
src/Provenance/StellaOps.Provenance.Attestation | Implement DSSE/SLSA BuildDefinition + BuildMetadata models with canonical JSON serializer, Merkle digest helpers, deterministic hashing tests, and sample statements for orchestrator/job/export subjects. |
— | PROB0101 |
| PROV-OBS-53-002 | BLOCKED | SPRINT_0513_0001_0001_provenance | Provenance Guild · Security Guild | src/Provenance/StellaOps.Provenance.Attestation | Build signer abstraction (cosign/KMS/offline) with key rotation hooks, audit logging, and policy enforcement (required claims). Provide unit tests using fake signer + real cosign fixture. Dependencies: PROV-OBS-53-001. | Await CI rerun to clear MSB6006 and verify signer abstraction | PROB0101 | |
| PROV-OBS-53-003 | BLOCKED | SPRINT_0513_0001_0001_provenance | Provenance Guild | src/Provenance/StellaOps.Provenance.Attestation | Deliver PromotionAttestationBuilder that materialises the stella.ops/promotion@v1 predicate (image digest, SBOM/VEX materials, promotion metadata, Rekor proof) and feeds canonicalised payload bytes to Signer via StellaOps.Cryptography. |
Blocked on PROV-OBS-53-002 CI verification | PROB0101 | |
| PROV-OBS-54-001 | TODO | SPRINT_0513_0001_0001_provenance | Provenance Guild · Evidence Locker Guild | src/Provenance/StellaOps.Provenance.Attestation | Deliver verification library that validates DSSE signatures, Merkle roots, and timeline chain-of-custody, exposing reusable CLI/service APIs. Include negative-case fixtures and offline timestamp verification. Dependencies: PROV-OBS-53-002. | Starts after PROV-OBS-53-002 clears in CI | PROB0101 | |
| PROV-OBS-54-002 | TODO | SPRINT_0513_0001_0001_provenance | Provenance Guild · DevEx/CLI Guild | src/Provenance/StellaOps.Provenance.Attestation | Generate .NET global tool for local verification + embed command helpers for CLI stella forensic verify. Provide deterministic packaging and offline kit instructions. Dependencies: PROV-OBS-54-001. |
Starts after PROV-OBS-54-001 verification APIs stable | PROB0101 | |
| PY-32-001 | DONE | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | ||||
| PY-32-002 | DONE | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | ||||
| PY-33-001 | DONE | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | ||||
| PY-33-002 | DONE | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | ||||
| PY-34-001 | DONE | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | ||||
| QA-DOCS-401-008 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | QA & Docs Guilds (docs, tests/README.md) |
docs, tests/README.md |
Wire reachbench-2025-expanded fixtures into CI, document CAS layouts + replay steps in docs/reachability/DELIVERY_GUIDE.md, and publish operator runbook for runtime ingestion. |
|||
| QA-REACH-201-007 | TODO | SPRINT_400_runtime_facts_static_callgraph_union | QA Guild (tests/README.md) |
tests/README.md |
Integrate reachbench-2025-expanded fixture pack under tests/reachability/, add evaluator harness tests that validate reachable vs unreachable cases, and wire CI guidance for deterministic runs. |
|||
| REACH-201-001 | TODO | SPRINT_400_runtime_facts_static_callgraph_union | Zastava Observer Guild (src/Zastava/StellaOps.Zastava.Observer) |
src/Zastava/StellaOps.Zastava.Observer |
||||
| REACH-201-002 | DOING | 2025-11-08 | SPRINT_400_runtime_facts_static_callgraph_union | Scanner Worker Guild (src/Scanner/StellaOps.Scanner.Worker) |
src/Scanner/StellaOps.Scanner.Worker |
|||
| REACH-201-003 | DOING | 2025-11-08 | SPRINT_400_runtime_facts_static_callgraph_union | Signals Guild (src/Signals/StellaOps.Signals) |
src/Signals/StellaOps.Signals |
|||
| REACH-201-004 | DOING | 2025-11-08 | SPRINT_400_runtime_facts_static_callgraph_union | Signals Guild · Policy Guild (src/Signals/StellaOps.Signals, src/Policy/StellaOps.Policy.Engine) |
src/Signals/StellaOps.Signals, src/Policy/StellaOps.Policy.Engine |
|||
| REACH-201-005 | DOING | 2025-11-08 | SPRINT_400_runtime_facts_static_callgraph_union | BE-Base Platform Guild (src/__Libraries/StellaOps.Replay.Core) |
src/__Libraries/StellaOps.Replay.Core |
|||
| REACH-201-006 | TODO | SPRINT_400_runtime_facts_static_callgraph_union | Docs Guild (docs) |
|||||
| REACH-201-007 | TODO | SPRINT_400_runtime_facts_static_callgraph_union | QA Guild (tests/README.md) |
tests/README.md |
||||
| REACH-401-005 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Authority & Signer Guilds (src/Authority/StellaOps.Authority, src/Signer/StellaOps.Signer) |
src/Authority/StellaOps.Authority, src/Signer/StellaOps.Signer |
||||
| REACH-401-009 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Scanner Worker Guild (src/Scanner/StellaOps.Scanner.Worker, src/Scanner/__Libraries) |
src/Scanner/StellaOps.Scanner.Worker, src/Scanner/__Libraries |
||||
| REACH-LATTICE-401-023 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Scanner Guild · Policy Guild (docs/reachability/lattice.md, docs/modules/scanner/architecture.md, src/Scanner/StellaOps.Scanner.WebService) |
docs/reachability/lattice.md, docs/modules/scanner/architecture.md, src/Scanner/StellaOps.Scanner.WebService |
Define the reachability lattice model (ReachState, EvidenceKind, MitigationKind, scoring policy) in Scanner docs + code; ensure evidence joins write to the event graph schema. |
|||
| READINESS-0001 | TODO | SPRINT_0325_0001_0001_docs_modules_policy | Policy Guild (docs/modules/policy) | docs/modules/policy | ||||
| READINESS-0002 | TODO | SPRINT_0325_0001_0001_docs_modules_policy | Policy Guild (docs/modules/policy) | docs/modules/policy | ||||
| RECIPES-DOCS-0001 | TODO | SPRINT_315_docs_modules_ci | Docs Guild (docs/modules/ci) | docs/modules/ci | ||||
| RECIPES-ENG-0001 | TODO | SPRINT_315_docs_modules_ci | Module Team (docs/modules/ci) | docs/modules/ci | ||||
| RECIPES-OPS-0001 | TODO | SPRINT_315_docs_modules_ci | Ops Guild (docs/modules/ci) | docs/modules/ci | ||||
| REG-41-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0154_0001_0001_packsregistry | Packs Registry Guild (src/PacksRegistry/StellaOps.PacksRegistry) | src/PacksRegistry/StellaOps.PacksRegistry | |||
| REG-42-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0154_0001_0001_packsregistry | Packs Registry Guild (src/PacksRegistry/StellaOps.PacksRegistry) | src/PacksRegistry/StellaOps.PacksRegistry | |||
| REG-43-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0154_0001_0001_packsregistry | Packs Registry Guild (src/PacksRegistry/StellaOps.PacksRegistry) | src/PacksRegistry/StellaOps.PacksRegistry | |||
| REGISTRY-API-27-001 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Define OpenAPI specification covering workspaces, versions, reviews, simulations, promotions, and attestations; publish typed clients for Console/CLI | |||
| REGISTRY-API-27-002 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Implement workspace storage | REGISTRY-API-27-001 | ||
| REGISTRY-API-27-003 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Integrate compile endpoint: forward source bundle to Policy Engine, persist diagnostics, symbol table, rule index, and complexity metrics | REGISTRY-API-27-002 | ||
| REGISTRY-API-27-004 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Implement quick simulation API with request limits | REGISTRY-API-27-003 | ||
| REGISTRY-API-27-005 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild, Scheduler Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Build batch simulation orchestration: enqueue shards, collect partials, reduce deltas, produce evidence bundles + signed manifest | REGISTRY-API-27-004 | ||
| REGISTRY-API-27-006 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Implement review workflow | REGISTRY-API-27-005 | ||
| REGISTRY-API-27-007 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild, Security Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Implement publish pipeline: sign source/compiled digests, create attestations, mark version immutable, emit events | REGISTRY-API-27-006 | ||
| REGISTRY-API-27-008 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Implement promotion bindings per tenant/environment with canary subsets, rollback path, and environment history | REGISTRY-API-27-007 | ||
| REGISTRY-API-27-009 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild, Observability Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Instrument metrics/logs/traces | REGISTRY-API-27-008 | ||
| REGISTRY-API-27-010 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild, QA Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Build unit/integration/load test suites for compile/sim/review/publish/promote flows; provide seeded fixtures for CI | REGISTRY-API-27-009 | ||
| REL-17-004 | BLOCKED | 2025-10-26 | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild (ops/devops) | ops/devops | |||
| REP-004 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | BE-Base Platform Guild (src/__Libraries/StellaOps.Replay.Core, docs/replay/DETERMINISTIC_REPLAY.md) |
src/__Libraries/StellaOps.Replay.Core, docs/replay/DETERMINISTIC_REPLAY.md |
||||
| REPLAY-185-003 | TODO | SPRINT_0185_0001_0001_shared_replay_primitives | Docs Guild, Platform Data Guild (docs) | |||||
| REPLAY-185-004 | TODO | SPRINT_0185_0001_0001_shared_replay_primitives | Docs Guild (docs) | |||||
| REPLAY-186-001 | TODO | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild (src/Scanner/StellaOps.Scanner.WebService, docs/modules/scanner/architecture.md) |
src/Scanner/StellaOps.Scanner.WebService, docs/modules/scanner/architecture.md |
||||
| REPLAY-186-002 | TODO | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild (src/Scanner/StellaOps.Scanner.Worker, docs/modules/scanner/deterministic-execution.md) |
src/Scanner/StellaOps.Scanner.Worker, docs/modules/scanner/deterministic-execution.md |
||||
| REPLAY-186-003 | TODO | SPRINT_0186_0001_0001_record_deterministic_execution | Signing Guild (src/Signer/StellaOps.Signer, src/Authority/StellaOps.Authority) |
src/Signer/StellaOps.Signer, src/Authority/StellaOps.Authority |
||||
| REPLAY-186-004 | TODO | SPRINT_0186_0001_0001_record_deterministic_execution | Docs Guild (docs) |
|||||
| REPLAY-187-001 | TODO | SPRINT_160_export_evidence | Evidence Locker Guild · docs/modules/evidence-locker/architecture.md | docs/modules/evidence-locker/architecture.md | ||||
| REPLAY-187-002 | TODO | SPRINT_160_export_evidence | CLI Guild · docs/modules/cli/architecture.md |
docs/modules/cli/architecture.md | ||||
| REPLAY-187-003 | TODO | SPRINT_0187_0001_0001_evidence_locker_cli_integration | Attestor Guild (src/Attestor/StellaOps.Attestor, docs/modules/attestor/architecture.md) |
src/Attestor/StellaOps.Attestor, docs/modules/attestor/architecture.md |
||||
| REPLAY-187-004 | TODO | SPRINT_160_export_evidence | Docs/Ops Guild · /docs/runbooks/replay_ops.md |
docs/runbooks/replay_ops.md | ||||
| REPLAY-401-004 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | BE-Base Platform Guild (src/__Libraries/StellaOps.Replay.Core) |
src/__Libraries/StellaOps.Replay.Core |
Bump replay manifest to v2 (feeds, analyzers, policies), have ReachabilityReplayWriter enforce CAS registration + hash sorting, and add deterministic tests to tests/reachability/StellaOps.Reachability.FixtureTests. |
|||
| REPLAY-CORE-185-001 | TODO | SPRINT_0185_0001_0001_shared_replay_primitives | Platform Guild | src/__Libraries/StellaOps.Replay.Core |
Scaffold StellaOps.Replay.Core with manifest schema types, canonical JSON rules, Merkle utilities, and DSSE payload builders; add AGENTS.md/TASKS.md for the new library; cross-reference docs/replay/DETERMINISTIC_REPLAY.md section 3 when updating the library charter. |
Mirrors #1 | RLRC0101 | |
| REPLAY-CORE-185-002 | TODO | SPRINT_0185_0001_0001_shared_replay_primitives | Platform Guild | src/__Libraries/StellaOps.Replay.Core | Implement deterministic bundle writer (tar.zst, CAS naming) and hashing abstractions, updating docs/modules/platform/architecture-overview.md with a “Replay CAS” subsection that documents layout/retention expectations. |
Mirrors #2 | RLRC0101 | |
| REPLAY-CORE-185-003 | TODO | SPRINT_0185_0001_0001_shared_replay_primitives | Platform Data Guild | src/__Libraries/StellaOps.Replay.Core | Define Mongo collections (replay_runs, replay_bundles, replay_subjects) and indices, then author docs/data/replay_schema.md detailing schema fields, constraints, and offline sync strategy. |
Mirrors #3 | RLRC0101 | |
| REPLAY-REACH-201-005 | DOING | 2025-11-08 | SPRINT_400_runtime_facts_static_callgraph_union | BE-Base Platform Guild (src/__Libraries/StellaOps.Replay.Core) |
src/__Libraries/StellaOps.Replay.Core |
Update StellaOps.Replay.Core manifest schema + bundle writer so replay packs capture reachability graphs, runtime traces, analyzer versions, and evidence hashes; document new CAS namespace. |
||
| RISK-66-001 | TODO | SPRINT_115_concelier_iv | Concelier Core Guild, Risk Engine Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | ||||
| RISK-66-002 | TODO | SPRINT_115_concelier_iv | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | ||||
| RISK-66-003 | TODO | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild, Risk Profile Schema Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-RISK-66-002 | |||
| RISK-66-004 | TODO | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild, Risk Profile Schema Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | POLICY-RISK-66-003 | |||
| RISK-67-001 | TODO | SPRINT_115_concelier_iv | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | ||||
| RISK-67-002 | TODO | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-RISK-67-001 | |||
| RISK-67-003 | BLOCKED (2025-11-26) | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Risk Engine Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | POLICY-RISK-67-002 | Blocked by missing risk profile schema + lifecycle API contract. | ||
| RISK-67-004 | TODO | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild, CLI Guild (docs) | |||||
| RISK-68-001 | TODO | SPRINT_115_concelier_iv | Concelier Core Guild, Policy Studio Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | ||||
| RISK-68-002 | TODO | SPRINT_0128_0001_0001_policy_reasoning | Risk Profile Schema Guild / src/Policy/StellaOps.Policy.RiskProfile | src/Policy/StellaOps.Policy.RiskProfile | POLICY-RISK-68-001 | |||
| RISK-69-001 | TODO | SPRINT_115_concelier_iv | Concelier Core Guild, Notifications Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | ||||
| RISK-69-002 | TODO | SPRINT_163_exportcenter_ii | Exporter Service Guild, Risk Engine Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | ||||
| RISK-70-001 | TODO | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Export Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-RISK-69-001 | |||
| RISK-90-001 | TODO | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Scanner Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | ||||
| RISK-BUNDLE-69-001 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | Risk Bundle Export Guild, Risk Engine Guild (src/ExportCenter/StellaOps.ExportCenter.RiskBundles) | src/ExportCenter/StellaOps.ExportCenter.RiskBundles | Implement stella export risk-bundle job producing tarball with provider datasets, manifests, and DSSE signatures. |
|||
| RISK-BUNDLE-69-002 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | Risk Bundle Export Guild, DevOps Guild (src/ExportCenter/StellaOps.ExportCenter.RiskBundles) | src/ExportCenter/StellaOps.ExportCenter.RiskBundles | Integrate bundle job into CI/offline kit pipelines with checksum publication. Dependencies: RISK-BUNDLE-69-001. | |||
| RISK-BUNDLE-70-001 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | Risk Bundle Export Guild, CLI Guild (src/ExportCenter/StellaOps.ExportCenter.RiskBundles) | src/ExportCenter/StellaOps.ExportCenter.RiskBundles | Provide CLI stella risk bundle verify command to validate bundles before import. Dependencies: RISK-BUNDLE-69-002. |
|||
| RISK-BUNDLE-70-002 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | Risk Bundle Export Guild, Docs Guild (src/ExportCenter/StellaOps.ExportCenter.RiskBundles) | src/ExportCenter/StellaOps.ExportCenter.RiskBundles | Publish /docs/airgap/risk-bundles.md detailing build/import/verification workflows. Dependencies: RISK-BUNDLE-70-001. |
|||
| RISK-ENGINE-66-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Scaffold scoring service (job queue, worker loop, provider registry) with deterministic execution harness | ||
| RISK-ENGINE-66-002 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Implement default transforms | RISK-ENGINE-66-001 | |
| RISK-ENGINE-67-001 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild, Concelier Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Integrate CVSS and KEV providers pulling data from Conseiller; implement reducers | RISK-ENGINE-66-002 | |
| RISK-ENGINE-67-002 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild, Excitor Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Integrate VEX gate provider and ensure gating short-circuits scoring as configured | RISK-ENGINE-67-001 | ||
| RISK-ENGINE-67-003 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild, Policy Engine Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Add fix availability, asset criticality, and internet exposure providers with caching + TTL enforcement | RISK-ENGINE-67-002 | |
| RISK-ENGINE-68-001 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild, Findings Ledger Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Persist scoring results + explanation pointers to Findings Ledger; handle incremental updates via input hash | RISK-ENGINE-67-003 | |
| RISK-ENGINE-68-002 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild, API Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Expose APIs | RISK-ENGINE-68-001 | |
| RISK-ENGINE-69-001 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild, Policy Studio Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Implement simulation mode producing distributions and top movers without mutating ledger | RISK-ENGINE-68-002 | ||
| RISK-ENGINE-69-002 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild, Observability Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Add telemetry | RISK-ENGINE-69-001 | ||
| RISK-ENGINE-70-001 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild, Export Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Support offline provider bundles with manifest verification and missing-data reporting | RISK-ENGINE-69-002 | ||
| RISK-ENGINE-70-002 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild, Observability Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Integrate runtime evidence provider and reachability provider outputs with caching + TTL | RISK-ENGINE-70-001 | ||
| RULES-33-001 | REVIEW (2025-10-30) | 2025-10-30 | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild, Platform Leads (ops/devops) | ops/devops | |||
| RUNBOOK-401-017 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · Ops Guild (docs/runbooks/reachability-runtime.md, docs/reachability/DELIVERY_GUIDE.md) |
docs/runbooks/reachability-runtime.md, docs/reachability/DELIVERY_GUIDE.md |
||||
| RUNBOOK-55-001 | TODO | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild, Ops Guild (docs) | |||||
| RUNBOOK-REPLAY-187-004 | TODO | SPRINT_160_export_evidence | Docs/Ops Guild · /docs/runbooks/replay_ops.md |
docs/runbooks/replay_ops.md | Docs/Ops Guild · /docs/runbooks/replay_ops.md |
|||
| RUNTIME-401-002 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild (src/Signals/StellaOps.Signals) |
src/Signals/StellaOps.Signals |
||||
| RUNTIME-PROBE-401-010 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Runtime Signals Guild (src/Signals/StellaOps.Signals.Runtime, ops/probes) |
src/Signals/StellaOps.Signals.Runtime, ops/probes |
Implement lightweight runtime probes (EventPipe/.NET, JFR/JVM) that capture method enter events for the target components, package them as CAS traces, and feed them into the Signals ingestion pipeline. | |||
| SAMPLES-GRAPH-24-003 | DONE (2025-12-02) | SPRINT_509_samples | Samples Guild, SBOM Service Guild (samples) | Generate large-scale SBOM graph fixture (≈40k nodes) with policy overlay snapshot for performance/perf regression suites. | ||||
| SAMPLES-GRAPH-24-004 | DONE (2025-12-02) | SPRINT_509_samples | Samples Guild, UI Guild (samples) | Create vulnerability explorer JSON/CSV fixtures capturing conflicting evidence and policy outputs for UI/CLI automated tests. Dependencies: SAMPLES-GRAPH-24-003 (delivered at samples/graph/graph-40k). | ||||
| SAMPLES-LNM-22-001 | BLOCKED | 2025-10-27 | SPRINT_509_samples | Samples Guild, Concelier Guild (samples) | Create advisory observation/linkset fixtures (NVD, GHSA, OSV disagreements) for API/CLI/UI tests with documented conflicts. Waiting on finalized schema/linkset outputs. | |||
| SAMPLES-LNM-22-002 | BLOCKED | 2025-10-27 | SPRINT_509_samples | Samples Guild, Excititor Guild (samples) | Produce VEX observation/linkset fixtures demonstrating status conflicts and path relevance; include raw blobs. Pending Excititor observation/linkset implementation. Dependencies: SAMPLES-LNM-22-001. | |||
| SBOM-60-001 | TODO | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | ||||
| SBOM-60-002 | TODO | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | ||||
| SBOM-AIAI-31-001 | TODO | SPRINT_0140_0001_0001_runtime_signals | — | Advisory AI path/timeline endpoints specced; awaiting projection schema finalization. | — | DOAI0101 | ||
| SBOM-AIAI-31-002 | TODO | SPRINT_0140_0001_0001_runtime_signals | Metrics/dashboards tied to 31-001; blocked on the same schema availability. | |||||
| SBOM-AIAI-31-003 | BLOCKED | 2025-11-18 | SPRINT_0111_0001_0001_advisoryai | SBOM Service Guild · Advisory AI Guild (src/SbomService/StellaOps.SbomService) | src/SbomService/StellaOps.SbomService | Publish the Advisory AI hand-off kit for /v1/sbom/context, share base URL/API key + tenant header contract, and run a joint end-to-end retrieval smoke test with Advisory AI. |
SBOM-AIAI-31-001 projection kit/fixtures | ADAI0101 |
| SBOM-CONSOLE-23-001 | TODO | SPRINT_0140_0001_0001_runtime_signals | Console catalog API draft complete; depends on Concelier/Cartographer payload definitions. | |||||
| SBOM-CONSOLE-23-002 | TODO | SPRINT_0140_0001_0001_runtime_signals | Global component lookup API needs 23-001 responses + cache hints before work can start. | |||||
| SBOM-ORCH-32-001 | TODO | SPRINT_0140_0001_0001_runtime_signals | Orchestrator registration is sequenced after projection schema because payload shapes map into job metadata. | |||||
| SBOM-ORCH-33-001 | TODO | SPRINT_0140_0001_0001_runtime_signals | Backpressure/telemetry features depend on 32-001 workers. | |||||
| SBOM-ORCH-34-001 | TODO | SPRINT_0140_0001_0001_runtime_signals | Backfill + watermark logic requires the orchestrator integration from 33-001. | |||||
| SBOM-SERVICE-21-001 | DONE | 2025-11-23 | SPRINT_0140_0001_0001_runtime_signals | SBOM Service Guild | src/SbomService/StellaOps.SbomService | Projection read API delivered with fixture-backed hash and tenant enforcement; tests passing post WAF config + duplicate package cleanup. | CONCELIER-GRAPH-21-001; CARTO-GRAPH-21-002 | |
| SBOM-SERVICE-21-002 | TODO | SPRINT_0140_0001_0001_runtime_signals | Change events hinge on 21-001 response contract; no work underway. | |||||
| SBOM-SERVICE-21-003 | TODO | SPRINT_0140_0001_0001_runtime_signals | Entry point/service node management blocked behind 21-002 event outputs. | |||||
| SBOM-SERVICE-21-004 | TODO | SPRINT_0140_0001_0001_runtime_signals | Observability wiring follows projection + event pipelines; on hold. | |||||
| SBOM-SERVICE-23-001 | TODO | SPRINT_0140_0001_0001_runtime_signals | Asset metadata extensions queued once 21-004 observability baseline exists. | |||||
| SBOM-SERVICE-23-002 | TODO | SPRINT_0140_0001_0001_runtime_signals | Asset update events depend on 23-001 schema. | |||||
| SBOM-VULN-29-001 | TODO | SPRINT_0140_0001_0001_runtime_signals | Inventory evidence feed deferred until projection schema + runtime align. | |||||
| SBOM-VULN-29-002 | TODO | SPRINT_0140_0001_0001_runtime_signals | Resolver feed requires 29-001 event payloads. | |||||
| SCAN-001 | TODO | SPRINT_400_runtime_facts_static_callgraph_union | Scanner Worker Guild (src/Scanner/StellaOps.Scanner.Worker, docs/modules/scanner/architecture.md, docs/reachability/function-level-evidence.md) |
src/Scanner/StellaOps.Scanner.Worker, docs/modules/scanner/architecture.md, docs/reachability/function-level-evidence.md |
||||
| SCAN-90-004 | TODO | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild, Scanner Guild (ops/devops) | ops/devops | ||||
| SCAN-DETER-186-008 | DONE (2025-11-26) | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild · Provenance Guild | src/Scanner/StellaOps.Scanner.WebService, src/Scanner/StellaOps.Scanner.Worker |
Add deterministic execution switches to Scanner (fixed clock, RNG seed, concurrency cap, feed/policy snapshot pins, log filtering) available via CLI/env/config so repeated runs stay hermetic. | ENTROPY-186-012 & SCANNER-ENV-02 | SCDE0102 | |
| SCAN-DETER-186-009 | TODO | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild, QA Guild (src/Scanner/StellaOps.Scanner.Replay, src/Scanner/__Tests) |
src/Scanner/StellaOps.Scanner.Replay, src/Scanner/__Tests |
Build a determinism harness that replays N scans per image, canonicalises SBOM/VEX/findings/log outputs, and records per-run hash matrices (see docs/modules/scanner/determinism-score.md). |
|||
| SCAN-DETER-186-010 | TODO | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild, Export Center Guild (src/Scanner/StellaOps.Scanner.WebService, docs/modules/scanner/operations/release.md) |
src/Scanner/StellaOps.Scanner.WebService, docs/modules/scanner/operations/release.md |
Emit and publish determinism.json (scores, artifact hashes, non-identical diffs) alongside each scanner release via CAS/object storage APIs (documented in docs/modules/scanner/determinism-score.md). |
|||
| SCAN-ENTROPY-186-011 | DONE (2025-11-26) | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild (src/Scanner/StellaOps.Scanner.Worker, src/Scanner/__Libraries) |
src/Scanner/StellaOps.Scanner.Worker, src/Scanner/__Libraries |
Implement entropy analysis for ELF/PE/Mach-O executables and large opaque blobs (sliding-window metrics, section heuristics), flagging high-entropy regions and recording offsets/hints (see docs/modules/scanner/entropy.md). |
|||
| SCAN-ENTROPY-186-012 | DONE (2025-11-26) | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild, Provenance Guild (src/Scanner/StellaOps.Scanner.WebService, docs/replay/DETERMINISTIC_REPLAY.md) |
src/Scanner/StellaOps.Scanner.WebService, docs/replay/DETERMINISTIC_REPLAY.md |
Generate entropy.report.json and image-level penalties, attach evidence to scan manifests/attestations, and expose opaque ratios for downstream policy engines (docs/modules/scanner/entropy.md). |
|||
| SCAN-REACH-201-002 | DOING | 2025-11-08 | SPRINT_400_runtime_facts_static_callgraph_union | Scanner Worker Guild (src/Scanner/StellaOps.Scanner.Worker) |
src/Scanner/StellaOps.Scanner.Worker |
Ship language-aware static lifters (JVM, .NET/Roslyn+IL, Go SSA, Node/Deno TS AST, Rust MIR, Swift SIL, shell/binary analyzers) in Scanner Worker; emit canonical SymbolIDs, CAS-stored graphs, and attach reachability tags to SBOM components. | ||
| SCAN-REACH-401-009 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Scanner Worker Guild (src/Scanner/StellaOps.Scanner.Worker, src/Scanner/__Libraries) |
src/Scanner/StellaOps.Scanner.Worker, src/Scanner/__Libraries |
Ship .NET/JVM symbolizers and call-graph generators (roots, edges, framework adapters), merge results into component-level reachability manifests, and back them with golden fixtures. | |||
| SCAN-REPLAY-186-001 | DONE (2025-11-26) | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild (src/Scanner/StellaOps.Scanner.WebService, docs/modules/scanner/architecture.md) |
src/Scanner/StellaOps.Scanner.WebService, docs/modules/scanner/architecture.md |
Implement record mode in StellaOps.Scanner.WebService (manifest assembly, policy/feed/tool hash capture, CAS uploads) and document the workflow in docs/modules/scanner/architecture.md with references to docs/replay/DETERMINISTIC_REPLAY.md Section 6. |
|||
| SCAN-REPLAY-186-002 | TODO | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild (src/Scanner/StellaOps.Scanner.Worker, docs/modules/scanner/deterministic-execution.md) |
src/Scanner/StellaOps.Scanner.Worker, docs/modules/scanner/deterministic-execution.md |
Update StellaOps.Scanner.Worker analyzers to consume sealed input bundles, enforce deterministic ordering, and contribute Merkle metadata; extend docs/modules/scanner/deterministic-execution.md (new) summarising invariants drawn from docs/replay/DETERMINISTIC_REPLAY.md Section 4. |
|||
| SCANNER-ANALYZERS-DENO-26-001 | DONE | SPRINT_130_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Build the deterministic input normalizer + VFS merger for deno.json(c), import maps, lockfiles, vendor trees, $DENO_DIR, and OCI layers so analyzers have a canonical file view. |
|||
| SCANNER-ANALYZERS-DENO-26-002 | DONE | SPRINT_130_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Implement the module graph resolver covering static/dynamic imports, npm bridge, cache lookups, built-ins, WASM/JSON assertions, and annotate edges with their resolution provenance. | SCANNER-ANALYZERS-DENO-26-001 | ||
| SCANNER-ANALYZERS-DENO-26-003 | DONE | SPRINT_130_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Ship the npm/node compatibility adapter that maps npm: specifiers, evaluates exports conditionals, and logs builtin usage for policy overlays. |
SCANNER-ANALYZERS-DENO-26-002 | ||
| SCANNER-ANALYZERS-DENO-26-004 | DONE | SPRINT_130_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Add the permission/capability analyzer covering FS/net/env/process/crypto/FFI/workers plus dynamic-import + literal fetch heuristics with reason codes. | SCANNER-ANALYZERS-DENO-26-003 | ||
| SCANNER-ANALYZERS-DENO-26-005 | DONE | SPRINT_130_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Build bundle/binary inspectors for eszip and deno compile executables to recover graphs, configs, embedded resources, and snapshots. |
SCANNER-ANALYZERS-DENO-26-004 | ||
| SCANNER-ANALYZERS-DENO-26-006 | DONE | SPRINT_130_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Implement the OCI/container adapter that stitches per-layer Deno caches, vendor trees, and compiled binaries back into provenance-aware analyzer inputs. | SCANNER-ANALYZERS-DENO-26-005 | ||
| SCANNER-ANALYZERS-DENO-26-007 | DONE | SPRINT_130_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Produce AOC-compliant observation writers (entrypoints, modules, capability edges, workers, warnings, binaries) with deterministic reason codes. | SCANNER-ANALYZERS-DENO-26-006 | ||
| SCANNER-ANALYZERS-DENO-26-008 | DONE | SPRINT_130_scanner_surface | Deno Analyzer Guild, QA Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Finalize fixture + benchmark suite (vendor/npm/FFI/worker/dynamic import/bundle/cache/container cases) validating analyzer determinism and performance. | SCANNER-ANALYZERS-DENO-26-007 | ||
| SCANNER-ANALYZERS-DENO-26-009 | TODO | SPRINT_131_scanner_surface | Deno Analyzer Guild, Signals Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Optional runtime evidence hooks (loader/require shim) capturing module loads + permissions during harnessed execution with path hashing. | SCANNER-ANALYZERS-DENO-26-008 | ||
| SCANNER-ANALYZERS-DENO-26-010 | TODO | SPRINT_131_scanner_surface | Deno Analyzer Guild, DevOps Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Package analyzer plug-in, add CLI (stella deno inspect, stella deno resolve, stella deno trace) commands, update Offline Kit docs, ensure Worker integration. |
SCANNER-ANALYZERS-DENO-26-009 | ||
| SCANNER-ANALYZERS-DENO-26-011 | TODO | SPRINT_131_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Policy signal emitter: net/fs/env/ffi/process/crypto capabilities, remote origin list, npm usage, wasm modules, dynamic-import warnings. | SCANNER-ANALYZERS-DENO-26-010 | ||
| SCANNER-ANALYZERS-JAVA-21-005 | TODO | SPRINT_131_scanner_surface | Java Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Framework config extraction: Spring Boot imports, spring.factories, application properties/yaml, Jakarta web.xml & fragments, JAX-RS/JPA/CDI/JAXB configs, logging files, Graal native-image configs. | |||
| SCANNER-ANALYZERS-JAVA-21-006 | TODO | SPRINT_131_scanner_surface | Java Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | JNI/native hint scanner: detect native methods, System.load/Library literals, bundled native libs, Graal JNI configs; emit jni-load edges for native analyzer correlation. |
SCANNER-ANALYZERS-JAVA-21-005 | ||
| SCANNER-ANALYZERS-JAVA-21-007 | TODO | SPRINT_131_scanner_surface | Java Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Signature and manifest metadata collector: verify JAR signature structure, capture signers, manifest loader attributes (Main-Class, Agent-Class, Start-Class, Class-Path). | SCANNER-ANALYZERS-JAVA-21-006 | ||
| SCANNER-ANALYZERS-JAVA-21-008 | BLOCKED | 2025-10-27 | SPRINT_131_scanner_surface | Java Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Implement resolver + AOC writer: produce entrypoints (env profiles, warnings), components (jar_id + semantic ids), edges (jpms, cp, spi, reflect, jni) with reason codes/confidence. | SCANNER-ANALYZERS-JAVA-21-007 | |
| SCANNER-ANALYZERS-JAVA-21-009 | TODO | SPRINT_131_scanner_surface | Java Analyzer Guild, QA Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Author comprehensive fixtures (modular app, boot fat jar, war, ear, MR-jar, jlink image, JNI, reflection heavy, signed jar, microprofile) with golden outputs and perf benchmarks. | SCANNER-ANALYZERS-JAVA-21-008 | ||
| SCANNER-ANALYZERS-JAVA-21-010 | TODO | SPRINT_131_scanner_surface | Java Analyzer Guild, Signals Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Optional runtime ingestion: Java agent + JFR reader capturing class load, ServiceLoader, and System.load events with path scrubbing. Emit append-only runtime edges runtime-class/runtime-spi/runtime-load. |
SCANNER-ANALYZERS-JAVA-21-009 | ||
| SCANNER-ANALYZERS-JAVA-21-011 | TODO | SPRINT_131_scanner_surface | Java Analyzer Guild, DevOps Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Package analyzer as restart-time plug-in (manifest/DI), update Offline Kit docs, add CLI/worker hooks for Java inspection commands. | SCANNER-ANALYZERS-JAVA-21-010 | ||
| SCANNER-ANALYZERS-LANG-11-001 | TODO | SPRINT_131_scanner_surface | StellaOps.Scanner EPDR Guild, Language Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Build entrypoint resolver that maps project/publish artifacts to entrypoint identities (assembly name, MVID, TFM, RID) and environment profiles (publish mode, host kind, probing paths). Output normalized entrypoints[] records with deterministic IDs. |
SCANNER-ANALYZERS-LANG-10-309 | ||
| SCANNER-ANALYZERS-LANG-11-002 | TODO | SPRINT_0132_0001_0001_scanner_surface | StellaOps.Scanner EPDR Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Implement static analyzer (IL + reflection heuristics) capturing AssemblyRef, ModuleRef/PInvoke, DynamicDependency, reflection literals, DI patterns, and custom AssemblyLoadContext probing hints. Emit dependency edges with reason codes and confidence. | SCANNER-ANALYZERS-LANG-11-001 | ||
| SCANNER-ANALYZERS-LANG-11-003 | TODO | SPRINT_0132_0001_0001_scanner_surface | StellaOps.Scanner EPDR Guild, Signals Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Ingest optional runtime evidence (AssemblyLoad, Resolving, P/Invoke) via event listener harness; merge runtime edges with static/declared ones and attach reason codes/confidence. | SCANNER-ANALYZERS-LANG-11-002 | ||
| SCANNER-ANALYZERS-LANG-11-004 | TODO | SPRINT_0132_0001_0001_scanner_surface | StellaOps.Scanner EPDR Guild, SBOM Service Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Produce normalized observation export to Scanner writer: entrypoints + dependency edges + environment profiles (AOC compliant). Wire to SBOM service entrypoint tagging. | SCANNER-ANALYZERS-LANG-11-003 | ||
| SCANNER-ANALYZERS-LANG-11-005 | TODO | SPRINT_0132_0001_0001_scanner_surface | StellaOps.Scanner EPDR Guild, QA Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Add comprehensive fixtures/benchmarks covering framework-dependent, self-contained, single-file, trimmed, NativeAOT, multi-RID scenarios; include explain traces and perf benchmarks vs previous analyzer. | SCANNER-ANALYZERS-LANG-11-004 | ||
| SCANNER-ANALYZERS-NATIVE-20-001 | TODO | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Implement format detector and binary identity model supporting ELF, PE/COFF, and Mach-O (including fat slices). Capture arch, OS, build-id/UUID, interpreter metadata. | |||
| SCANNER-ANALYZERS-NATIVE-20-002 | TODO | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Parse ELF dynamic sections: DT_NEEDED, DT_RPATH, DT_RUNPATH, symbol versions, interpreter, and note build-id. Emit declared dependency records with reason elf-dtneeded and attach version needs. |
SCANNER-ANALYZERS-NATIVE-20-001 | ||
| SCANNER-ANALYZERS-NATIVE-20-003 | TODO | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Parse PE imports, delay-load tables, manifests/SxS metadata, and subsystem flags. Emit edges with reasons pe-import and pe-delayimport, plus SxS policy metadata. |
SCANNER-ANALYZERS-NATIVE-20-002 | ||
| SCANNER-ANALYZERS-NATIVE-20-004 | TODO | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Parse Mach-O load commands (LC_LOAD_DYLIB, LC_REEXPORT_DYLIB, LC_RPATH, LC_UUID, fat headers). Handle @rpath/@loader_path placeholders and slice separation. |
SCANNER-ANALYZERS-NATIVE-20-003 | ||
| SCANNER-ANALYZERS-NATIVE-20-005 | TODO | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Implement resolver engine modeling loader search order for ELF (rpath/runpath/cache/default), PE (SafeDll search + SxS), and Mach-O (@rpath expansion). Works against virtual image roots, producing explain traces. |
SCANNER-ANALYZERS-NATIVE-20-004 | ||
| SCANNER-ANALYZERS-NATIVE-20-006 | TODO | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Build heuristic scanner for dlopen/LoadLibrary strings, plugin ecosystem configs, and Go/Rust static hints. Emit edges with reason_code (string-dlopen, config-plugin, ecosystem-heuristic) and confidence levels. |
SCANNER-ANALYZERS-NATIVE-20-005 | ||
| SCANNER-ANALYZERS-NATIVE-20-007 | TODO | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild, SBOM Service Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Serialize AOC-compliant observations: entrypoints + dependency edges + environment profiles (search paths, interpreter, loader metadata). Integrate with Scanner writer API. | SCANNER-ANALYZERS-NATIVE-20-006 | ||
| SCANNER-ANALYZERS-NATIVE-20-008 | TODO | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild, QA Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Author cross-platform fixtures (ELF dynamic/static, PE delay-load/SxS, Mach-O @rpath, plugin configs) and determinism benchmarks (<25 ms / binary, <250 MB). | SCANNER-ANALYZERS-NATIVE-20-007 | ||
| SCANNER-ANALYZERS-NATIVE-20-009 | TODO | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild, Signals Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Provide optional runtime capture adapters (Linux eBPF dlopen, Windows ETW ImageLoad, macOS dyld interpose) writing append-only runtime evidence. Include redaction/sandbox guidance. |
SCANNER-ANALYZERS-NATIVE-20-008 | ||
| SCANNER-ANALYZERS-NATIVE-20-010 | TODO | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild, DevOps Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Package native analyzer as restart-time plug-in with manifest/DI registration; update Offline Kit bundle + documentation. | SCANNER-ANALYZERS-NATIVE-20-009 | ||
| SCANNER-ANALYZERS-NODE-22-001 | TODO | SPRINT_0132_0001_0001_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Build input normalizer + VFS for Node projects: dirs, tgz, container layers, pnpm store, Yarn PnP zips; detect Node version targets (.nvmrc, .node-version, Dockerfile) and workspace roots deterministically. |
|||
| SCANNER-ANALYZERS-NODE-22-002 | TODO | SPRINT_0132_0001_0001_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Implement entrypoint discovery (bin/main/module/exports/imports, workers, electron, shebang scripts) and condition set builder per entrypoint. | SCANNER-ANALYZERS-NODE-22-001 | ||
| SCANNER-ANALYZERS-NODE-22-003 | TODO | SPRINT_0132_0001_0001_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Parse JS/TS sources for static import, require, import() and string concat cases; flag dynamic patterns with confidence levels; support source map de-bundling. |
SCANNER-ANALYZERS-NODE-22-002 | ||
| SCANNER-ANALYZERS-NODE-22-004 | TODO | SPRINT_0132_0001_0001_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Implement Node resolver engine for CJS + ESM (core modules, exports/imports maps, conditions, extension priorities, self-references) parameterised by node_version. | SCANNER-ANALYZERS-NODE-22-003 | ||
| SCANNER-ANALYZERS-NODE-22-005 | TODO | SPRINT_0132_0001_0001_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Add package manager adapters: Yarn PnP (.pnp.data/.pnp.cjs), pnpm virtual store, npm/Yarn classic hoists; operate entirely in virtual FS. | SCANNER-ANALYZERS-NODE-22-004 | ||
| SCANNER-ANALYZERS-NODE-22-006 | TODO | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Detect bundles + source maps, reconstruct module specifiers, and correlate to original paths; support dual CJS/ESM graphs with conditions. | SCANNER-ANALYZERS-NODE-22-005 | ||
| SCANNER-ANALYZERS-NODE-22-007 | TODO | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Scan for native addons (.node), WASM modules, and core capability signals (child_process, vm, worker_threads); emit hint edges and native metadata. | SCANNER-ANALYZERS-NODE-22-006 | ||
| SCANNER-ANALYZERS-NODE-22-008 | TODO | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Produce AOC-compliant observations: entrypoints, components (pkg/native/wasm), edges (esm-import, cjs-require, exports, json, native-addon, wasm, worker) with reason codes/confidence and resolver traces. | SCANNER-ANALYZERS-NODE-22-007 | ||
| SCANNER-ANALYZERS-NODE-22-009 | TODO | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild, QA Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Author fixture suite + performance benchmarks (npm, pnpm, PnP, bundle, electron, worker) with golden outputs and latency budgets. | SCANNER-ANALYZERS-NODE-22-008 | ||
| SCANNER-ANALYZERS-NODE-22-010 | TODO | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild, Signals Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Implement optional runtime evidence hooks (ESM loader, CJS require hook) with path scrubbing and loader ID hashing; emit runtime-* edges. | SCANNER-ANALYZERS-NODE-22-009 | ||
| SCANNER-ANALYZERS-NODE-22-011 | TODO | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild, DevOps Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Package updated analyzer as restart-time plug-in, expose Scanner CLI (stella node *) commands, refresh Offline Kit documentation. |
SCANNER-ANALYZERS-NODE-22-010 | ||
| SCANNER-ANALYZERS-NODE-22-012 | TODO | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Integrate container filesystem adapter (OCI layers, Dockerfile hints) and record NODE_OPTIONS/env warnings. | SCANNER-ANALYZERS-NODE-22-011 | ||
| SCANNER-ANALYZERS-PHP-27-001 | TODO | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Build input normalizer & VFS for PHP projects: merge source trees, composer manifests, vendor/, php.ini/conf.d, .htaccess, FPM configs, container layers. Detect framework/CMS fingerprints deterministically. |
— | SCSA0101 | |
| SCANNER-ANALYZERS-PHP-27-002 | TODO | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Composer/Autoload analyzer: parse composer.json/lock/installed.json, generate package nodes, autoload edges (psr-4/0/classmap/files), bin entrypoints, composer plugins. | SCANNER-ANALYZERS-PHP-27-001 | ||
| SCANNER-ANALYZERS-PHP-27-003 | TODO | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Include/require graph builder: resolve static includes, capture dynamic include patterns, bootstrap chains, merge with autoload edges. | SCANNER-ANALYZERS-PHP-27-002 | ||
| SCANNER-ANALYZERS-PHP-27-004 | TODO | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Runtime capability scanner: detect exec/fs/net/env/serialization/crypto/database usage, stream wrappers, uploads; record evidence snippets. | SCANNER-ANALYZERS-PHP-27-003 | ||
| SCANNER-ANALYZERS-PHP-27-005 | TODO | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | PHAR/Archive inspector: parse phar manifests/stubs, hash files, detect embedded vendor trees and phar:// usage. | SCANNER-ANALYZERS-PHP-27-004 | ||
| SCANNER-ANALYZERS-PHP-27-006 | TODO | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Framework/CMS surface mapper: extract routes, controllers, middleware, CLI/cron entrypoints for Laravel/Symfony/Slim/WordPress/Drupal/Magento. | SCANNER-ANALYZERS-PHP-27-005 | ||
| SCANNER-ANALYZERS-PHP-27-007 | TODO | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Container & extension detector: parse php.ini/conf.d, map extensions to .so/.dll, collect web server/FPM settings, upload limits, disable_functions. | SCANNER-ANALYZERS-PHP-27-006 | ||
| SCANNER-ANALYZERS-PHP-27-008 | TODO | SPRINT_0134_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Produce AOC-compliant observations: entrypoints, packages, extensions, modules, edges (require/autoload), capabilities, routes, configs. | SCANNER-ANALYZERS-PHP-27-002 | ||
| SCANNER-ANALYZERS-PHP-27-009 | TODO | SPRINT_0134_0001_0001_scanner_surface | PHP Analyzer Guild, QA Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Fixture suite + performance benchmarks (Laravel, Symfony, WordPress, legacy, PHAR, container) with golden outputs. | SCANNER-ANALYZERS-PHP-27-007 | ||
| SCANNER-ANALYZERS-PHP-27-010 | TODO | SPRINT_0134_0001_0001_scanner_surface | PHP Analyzer Guild, Signals Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Optional runtime evidence hooks (if provided) to ingest audit logs or opcode cache stats with path hashing. | SCANNER-ANALYZERS-PHP-27-009 | ||
| SCANNER-ANALYZERS-PHP-27-011 | TODO | SPRINT_0134_0001_0001_scanner_surface | PHP Analyzer Guild, DevOps Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Package analyzer plug-in, add CLI (stella php inspect), refresh Offline Kit documentation. |
SCANNER-ANALYZERS-PHP-27-010 | ||
| SCANNER-ANALYZERS-PHP-27-012 | TODO | SPRINT_0134_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Policy signal emitter: extension requirements/presence, dangerous constructs counters, stream wrapper usage, capability summaries. | SCANNER-ANALYZERS-PHP-27-011 | ||
| SCANNER-ANALYZERS-PYTHON-23-001 | TODO | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Build input normalizer & virtual filesystem for wheels, sdists, editable installs, zipapps, site-packages trees, and container roots. Detect Python version targets (pyproject.toml, runtime.txt, Dockerfile) + virtualenv layout deterministically. |
|||
| SCANNER-ANALYZERS-PYTHON-23-002 | TODO | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Entrypoint discovery: module __main__, console_scripts entry points, scripts, zipapp main, manage.py/gunicorn/celery patterns. Capture invocation context (module vs package, argv wrappers). |
SCANNER-ANALYZERS-PYTHON-23-001 | ||
| SCANNER-ANALYZERS-PYTHON-23-003 | TODO | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Static import graph builder using AST and bytecode fallback. Support import, from ... import, relative imports, importlib.import_module, __import__ with literal args, pkgutil.extend_path. |
SCANNER-ANALYZERS-PYTHON-23-002 | ||
| SCANNER-ANALYZERS-PYTHON-23-004 | TODO | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Python resolver engine (importlib semantics) handling namespace packages (PEP 420), package discovery order, .pth files, sys.path composition, zipimport, and site-packages precedence across virtualenv/container roots. |
SCANNER-ANALYZERS-PYTHON-23-003 | ||
| SCANNER-ANALYZERS-PYTHON-23-005 | TODO | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Packaging adapters: pip editable (.egg-link), Poetry/Flit layout, Conda prefix, .dist-info/RECORD cross-check, container layer overlays. |
SCANNER-ANALYZERS-PYTHON-23-004 | ||
| SCANNER-ANALYZERS-PYTHON-23-006 | TODO | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Detect native extensions (*.so, *.pyd), CFFI modules, ctypes loaders, embedded WASM, and runtime capability signals (subprocess, multiprocessing, ctypes, eval). |
SCANNER-ANALYZERS-PYTHON-23-005 | ||
| SCANNER-ANALYZERS-PYTHON-23-007 | TODO | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Framework/config heuristics: Django, Flask, FastAPI, Celery, AWS Lambda handlers, Gunicorn, Click/Typer CLIs, logging configs, pyproject optional dependencies. Tagged as hints only. | SCANNER-ANALYZERS-PYTHON-23-006 | ||
| SCANNER-ANALYZERS-PYTHON-23-008 | TODO | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Produce AOC-compliant observations: entrypoints, components (modules/packages/native), edges (import, namespace, dynamic-hint, native-extension) with reason codes/confidence and resolver traces. | SCANNER-ANALYZERS-PYTHON-23-007 | ||
| SCANNER-ANALYZERS-PYTHON-23-009 | TODO | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild, QA Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Fixture suite + perf benchmarks covering virtualenv, namespace packages, zipapp, editable installs, containers, lambda handler. | SCANNER-ANALYZERS-PYTHON-23-008 | ||
| SCANNER-ANALYZERS-PYTHON-23-010 | TODO | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild, Signals Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Optional runtime evidence: import hook capturing module load events with path scrubbing, optional bytecode instrumentation for importlib hooks, multiprocessing tracer. |
SCANNER-ANALYZERS-PYTHON-23-009 | ||
| SCANNER-ANALYZERS-PYTHON-23-011 | TODO | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild, DevOps Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Package analyzer plug-in, add CLI commands (stella python inspect), refresh Offline Kit documentation. |
SCANNER-ANALYZERS-PYTHON-23-010 | ||
| SCANNER-ANALYZERS-PYTHON-23-012 | TODO | SPRINT_0135_0001_0001_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Container/zipapp adapter enhancements: parse OCI layers for Python runtime, detect PYTHONPATH/PYTHONHOME env, record warnings for sitecustomize/startup hooks. |
SCANNER-ANALYZERS-PYTHON-23-011 | ||
| SCANNER-ANALYZERS-RUBY-28-001 | TODO | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Build input normalizer & VFS for Ruby projects: merge source trees, Gemfile/Gemfile.lock, vendor/bundle, .gem archives, .bundle/config, Rack configs, containers. Detect framework/job fingerprints deterministically. |
|||
| SCANNER-ANALYZERS-RUBY-28-002 | TODO | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Gem & Bundler analyzer: parse Gemfile/Gemfile.lock, vendor specs, .gem archives, produce package nodes (PURLs), dependency edges, bin scripts, Bundler group metadata. | SCANNER-ANALYZERS-RUBY-28-001 | ||
| SCANNER-ANALYZERS-RUBY-28-003 | TODO | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Require/autoload graph builder: resolve static/dynamic require, require_relative, load; infer Zeitwerk autoload paths and Rack boot chain. | SCANNER-ANALYZERS-RUBY-28-002 | ||
| SCANNER-ANALYZERS-RUBY-28-004 | TODO | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Framework surface mapper: extract routes/controllers/middleware for Rails/Rack/Sinatra/Grape/Hanami; inventory jobs/schedulers (Sidekiq, Resque, ActiveJob, whenever, clockwork). | SCANNER-ANALYZERS-RUBY-28-003 | ||
| SCANNER-ANALYZERS-RUBY-28-005 | TODO | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Capability analyzer: detect os-exec, filesystem, network, serialization, crypto, DB usage, TLS posture, dynamic eval; record evidence snippets with file/line. | SCANNER-ANALYZERS-RUBY-28-004 | ||
| SCANNER-ANALYZERS-RUBY-28-006 | TODO | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Rake task & scheduler analyzer: parse Rakefiles/lib/tasks, capture task names/prereqs/shell commands; parse Sidekiq/whenever/clockwork configs into schedules. | SCANNER-ANALYZERS-RUBY-28-005 | ||
| SCANNER-ANALYZERS-RUBY-28-007 | TODO | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Container/runtime scanner: detect Ruby version, installed gems, native extensions, web server configs in OCI layers. | SCANNER-ANALYZERS-RUBY-28-006 | ||
| SCANNER-ANALYZERS-RUBY-28-008 | TODO | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Produce AOC-compliant observations: entrypoints, packages, modules, edges (require/autoload), routes, jobs, tasks, capabilities, configs, warnings. | SCANNER-ANALYZERS-RUBY-28-007 | ||
| SCANNER-ANALYZERS-RUBY-28-009 | TODO | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild, QA Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Fixture suite + performance benchmarks (Rails, Rack, Sinatra, Sidekiq, legacy, .gem, container) with golden outputs. | SCANNER-ANALYZERS-RUBY-28-008 | ||
| SCANNER-ANALYZERS-RUBY-28-010 | TODO | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild, Signals Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Optional runtime evidence integration (if provided logs/metrics) with path hashing, without altering static precedence. | SCANNER-ANALYZERS-RUBY-28-009 | ||
| SCANNER-ANALYZERS-RUBY-28-011 | TODO | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild, DevOps Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Package analyzer plug-in, add CLI (stella ruby inspect), refresh Offline Kit documentation. |
SCANNER-ANALYZERS-RUBY-28-010 | ||
| SCANNER-ANALYZERS-RUBY-28-012 | TODO | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Policy signal emitter: rubygems drift, native extension flags, dangerous constructs counts, TLS verify posture, dynamic require eval warnings. | SCANNER-ANALYZERS-RUBY-28-011 | ||
| SCANNER-BENCH-62-002 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Product Guild (docs) | |||||
| SCANNER-BENCH-62-003 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Product Guild (docs) | |||||
| SCANNER-BENCH-62-004 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Java Analyzer Guild (docs) | |||||
| SCANNER-BENCH-62-005 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Go Analyzer Guild (docs) | |||||
| SCANNER-BENCH-62-006 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Rust Analyzer Guild (docs) | |||||
| SCANNER-BENCH-62-008 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, EntryTrace Guild (docs) | |||||
| SCANNER-BENCH-62-009 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Policy Guild (docs) | |||||
| SCANNER-CLI-0001 | DONE | 2025-11-10 | SPRINT_0138_0001_0001_scanner_ruby_parity | CLI Guild, Ruby Analyzer Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Coordinate CLI UX/help text for new Ruby verbs and update CLI docs/golden outputs. | SCANNER-ENG-0019 | |
| SCANNER-DET-01 | DONE (2025-12-03) | 2025-12-03 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Scanner Guild | Deterministic compose fixtures landed; docs published. | |||
| SCANNER-DOCS-0003 | TODO | SPRINT_327_docs_modules_scanner | Docs Guild, Product Guild (docs/modules/scanner) | docs/modules/scanner | Gather Windows/macOS analyzer demand signals and record findings in docs/benchmarks/scanner/windows-macos-demand.md for marketing + product readiness. |
|||
| SCANNER-EMIT-15-001 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Emit Guild (src/Scanner/__Libraries/StellaOps.Scanner.Emit) | src/Scanner/__Libraries/StellaOps.Scanner.Emit | Enforce canonical JSON (stella.contentHash, Merkle root metadata, zero timestamps) for fragments and composed CycloneDX inventory/usage BOMs. Documented in docs/modules/scanner/deterministic-sbom-compose.md §2.2. |
SCANNER-SURFACE-04 | ||
| SCANNER-ENG-0001 | TODO | SPRINT_327_docs_modules_scanner | Module Team (docs/modules/scanner) | docs/modules/scanner | Cross-check implementation plan milestones against /docs/implplan/SPRINT_*.md and update module readiness checkpoints. |
|||
| SCANNER-ENG-0002 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Scanner Guild, CLI Guild (docs/modules/scanner) | docs/modules/scanner | Design the Node.js lockfile collector + CLI validator per docs/benchmarks/scanner/scanning-gaps-stella-misses-from-competitors.md, capturing Surface + policy requirements before implementation. |
||
| SCANNER-ENG-0003 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Python Analyzer Guild, CLI Guild (docs/modules/scanner) | docs/modules/scanner | Design Python lockfile + editable-install parity checks with policy predicates and CLI workflow coverage as outlined in the gap analysis. | ||
| SCANNER-ENG-0004 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Java Analyzer Guild, CLI Guild (docs/modules/scanner) | docs/modules/scanner | Design Java lockfile ingestion/validation (Gradle/SBT collectors, CLI verb, policy hooks) to close comparison gaps. | ||
| SCANNER-ENG-0005 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Go Analyzer Guild (docs/modules/scanner) | docs/modules/scanner | Enhance Go stripped-binary fallback inference design, including inferred module metadata + policy integration, per the gap analysis. | ||
| SCANNER-ENG-0006 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Rust Analyzer Guild (docs/modules/scanner) | docs/modules/scanner | Expand Rust fingerprint coverage design (enriched fingerprint catalogue + policy controls) per the comparison matrix. | ||
| SCANNER-ENG-0007 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Scanner Guild, Policy Guild (docs/modules/scanner) | docs/modules/scanner | Design the deterministic secret leak detection pipeline covering rule packaging, Policy Engine integration, and CLI workflow. | ||
| SCANNER-ENG-0008 | TODO | SPRINT_0138_0001_0001_scanner_ruby_parity | EntryTrace Guild, QA Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace) | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | Maintain EntryTrace heuristic cadence per docs/benchmarks/scanner/scanning-gaps-stella-misses-from-competitors.md, including quarterly pattern reviews + explain-trace updates. |
|||
| SCANNER-ENG-0009 | DONE | 2025-11-13 | SPRINT_0138_0001_0001_scanner_ruby_parity | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Ruby analyzer parity shipped: runtime graph + capability signals, observation payload, Mongo-backed ruby.packages inventory, CLI/WebService surfaces, and plugin manifest bundles for Worker loadout. |
SCANNER-ANALYZERS-RUBY-28-001..012 | |
| SCANNER-ENG-0010 | TODO | SPRINT_0138_0001_0001_scanner_ruby_parity | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Ship the PHP analyzer pipeline (composer lock, autoload graph, capability signals) to close comparison gaps. | SCANNER-ANALYZERS-PHP-27-001 | ||
| SCANNER-ENG-0011 | TODO | SPRINT_0138_0001_0001_scanner_ruby_parity | Language Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Scope the Deno runtime analyzer (lockfile resolver, import graphs) based on competitor techniques to extend beyond Sprint 130 coverage. | |||
| SCANNER-ENG-0012 | TODO | SPRINT_0138_0001_0001_scanner_ruby_parity | Language Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Dart) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Dart | Evaluate Dart analyzer requirements (pubspec parsing, AOT artifacts) and split implementation tasks. | |||
| SCANNER-ENG-0013 | TODO | SPRINT_0138_0001_0001_scanner_ruby_parity | Swift Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Swift) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Swift | Plan Swift Package Manager coverage (Package.resolved, xcframeworks, runtime hints) with policy hooks. | |||
| SCANNER-ENG-0014 | TODO | SPRINT_0138_0001_0001_scanner_ruby_parity | Runtime Guild, Zastava Guild (docs/modules/scanner) | docs/modules/scanner | Align Kubernetes/VM target coverage between Scanner and Zastava per comparison findings; publish joint roadmap. | |||
| SCANNER-ENG-0015 | DONE | 2025-11-13 | SPRINT_0138_0001_0001_scanner_ruby_parity | Export Center Guild, Scanner Guild (docs/modules/scanner) | docs/modules/scanner | DSSE/Rekor operator playbook published (docs/modules/scanner/operations/dsse-rekor-operator-guide.md) with config/env tables, rollout phases, runbook snippets, offline verification steps, and SLA/alert guidance. |
||
| SCANNER-ENG-0016 | DONE | 2025-11-10 | SPRINT_0138_0001_0001_scanner_ruby_parity | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | RubyLockCollector and vendor ingestion finalized: Bundler config overrides honoured, workspace lockfiles merged, vendor bundles normalised, and deterministic fixtures added. | SCANNER-ENG-0009 | |
| SCANNER-ENG-0017 | DONE | 2025-11-09 | SPRINT_0138_0001_0001_scanner_ruby_parity | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Build the runtime require/autoload graph builder with tree-sitter Ruby per design §4.4 and integrate EntryTrace hints. | SCANNER-ENG-0016 | |
| SCANNER-ENG-0018 | DONE | 2025-11-09 | SPRINT_0138_0001_0001_scanner_ruby_parity | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Emit Ruby capability + framework surface signals as defined in design §4.5 with policy predicate hooks. | SCANNER-ENG-0017 | |
| SCANNER-ENG-0019 | DONE | 2025-11-13 | SPRINT_0138_0001_0001_scanner_ruby_parity | Ruby Analyzer Guild, CLI Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Ruby CLI verbs now resolve inventories by scan ID, digest, or image reference; Scanner.WebService fallbacks + CLI client encoding ensure --image works for both digests and tagged references, and tests cover the new lookup flow. |
SCANNER-ENG-0016..0018 | |
| SCANNER-ENG-0020 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (docs/modules/scanner) | docs/modules/scanner | Implement Homebrew collector & fragment mapper per design/macos-analyzer.md §3.1. |
|||
| SCANNER-ENG-0021 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (docs/modules/scanner) | docs/modules/scanner | Implement pkgutil receipt collector per design/macos-analyzer.md §3.2. |
|||
| SCANNER-ENG-0022 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Policy Guild (docs/modules/scanner) | docs/modules/scanner | Implement macOS bundle inspector & capability overlays per design/macos-analyzer.md §3.3. |
|||
| SCANNER-ENG-0023 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Offline Kit Guild, Policy Guild (docs/modules/scanner) | docs/modules/scanner | Deliver macOS policy/offline integration per design/macos-analyzer.md §5–6. |
|||
| SCANNER-ENG-0024 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (docs/modules/scanner) | docs/modules/scanner | Implement Windows MSI collector per design/windows-analyzer.md §3.1. |
|||
| SCANNER-ENG-0025 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (docs/modules/scanner) | docs/modules/scanner | Implement WinSxS manifest collector per design/windows-analyzer.md §3.2. |
|||
| SCANNER-ENG-0026 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (docs/modules/scanner) | docs/modules/scanner | Implement Windows Chocolatey & registry collectors per design/windows-analyzer.md §3.3–3.4. |
|||
| SCANNER-ENG-0027 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Policy Guild, Offline Kit Guild (docs/modules/scanner) | docs/modules/scanner | Deliver Windows policy/offline integration per design/windows-analyzer.md §5–6. |
|||
| SCANNER-ENTRYTRACE-18-502 | TODO | SPRINT_0135_0001_0001_scanner_surface | EntryTrace Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace) | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | Expand chain walker with init shim/user-switch/supervisor recognition plus env/workdir accumulation and guarded edges. | SCANNER-ENTRYTRACE-18-508 | ||
| SCANNER-ENTRYTRACE-18-503 | TODO | SPRINT_0135_0001_0001_scanner_surface | EntryTrace Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace) | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | Introduce target classifier + EntryPlan handoff with confidence scoring for ELF/Java/.NET/Node/Python and user/workdir context. | SCANNER-ENTRYTRACE-18-502 | ||
| SCANNER-ENTRYTRACE-18-504 | TODO | SPRINT_0136_0001_0001_scanner_surface | EntryTrace Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace) | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | Emit EntryTrace AOC NDJSON (entrytrace.entry/node/edge/target/warning/capability) and wire CLI/service streaming outputs. |
SCANNER-ENTRYTRACE-18-503 | ||
| SCANNER-ENTRYTRACE-18-505 | TODO | SPRINT_0136_0001_0001_scanner_surface | EntryTrace Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace) | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | Implement process-tree replay (ProcGraph) to reconcile /proc exec chains with static EntryTrace results, collapsing wrappers and emitting agreement/conflict diagnostics. |
SCANNER-ENTRYTRACE-18-504 | ||
| SCANNER-ENTRYTRACE-18-506 | TODO | SPRINT_0136_0001_0001_scanner_surface | EntryTrace Guild, Scanner WebService Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace) | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | Surface EntryTrace graph + confidence via Scanner.WebService and CLI, including target summary in scan reports and policy payloads. | SCANNER-ENTRYTRACE-18-505 | SCSS0102 | |
| SCANNER-ENV-01 | TODO (2025-11-06) | 2025-11-06 | SPRINT_0136_0001_0001_scanner_surface | Scanner Worker Guild | src/Scanner/StellaOps.Scanner.Worker | Replace ad-hoc environment reads with StellaOps.Scanner.Surface.Env helpers for cache roots and CAS endpoints. |
— | SCDE0101 |
| SCANNER-ENV-02 | TODO (2025-11-06) | 2025-11-06 | SPRINT_0136_0001_0001_scanner_surface | Scanner WebService Guild · Ops Guild | src/Scanner/StellaOps.Scanner.WebService | Wire Surface.Env helpers into WebService hosting (cache roots, feature flags) and document configuration. | SCANNER-ENV-01 | SCDE0102 |
| SCANNER-ENV-03 | TODO | SPRINT_0136_0001_0001_scanner_surface | BuildX Plugin Guild | src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin | Adopt Surface.Env helpers for plugin configuration (cache roots, CAS endpoints, feature toggles). | SCANNER-ENV-02 | SCBX0101 | |
| SCANNER-EVENTS-16-301 | BLOCKED (2025-10-26) | 2025-10-26 | SPRINT_0136_0001_0001_scanner_surface | Scanner WebService Guild (src/Scanner/StellaOps.Scanner.WebService) |
src/Scanner/StellaOps.Scanner.WebService | Emit orchestrator-compatible envelopes (scanner.event.*) and update integration tests to verify Notifier ingestion (no Redis queue coupling). |
EVENTS-16-301 | SCEV0101 |
| SCANNER-GRAPH-21-001 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner WebService Guild, Cartographer Guild (src/Scanner/StellaOps.Scanner.WebService) | src/Scanner/StellaOps.Scanner.WebService | Provide webhook/REST endpoint for Cartographer to request policy overlays and runtime evidence for graph nodes, ensuring determinism and tenant scoping. | |||
| SCANNER-LIC-0001 | DONE | 2025-11-10 | SPRINT_0138_0001_0001_scanner_ruby_parity | Scanner Guild, Legal Guild (docs/modules/scanner) | docs/modules/scanner | Tree-sitter licensing captured, NOTICE.md updated, and Offline Kit now mirrors third-party-licenses/ with ruby artifacts. |
SCANNER-ENG-0016 | |
| SCANNER-LNM-21-001 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner WebService Guild, Policy Guild (src/Scanner/StellaOps.Scanner.WebService) | src/Scanner/StellaOps.Scanner.WebService | Update /reports and /policy/runtime payloads to consume advisory/vex linksets, exposing source severity arrays and conflict summaries alongside effective verdicts. |
|||
| SCANNER-LNM-21-002 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner WebService Guild, UI Guild (src/Scanner/StellaOps.Scanner.WebService) | src/Scanner/StellaOps.Scanner.WebService | Add evidence endpoint for Console to fetch linkset summaries with policy overlay for a component/SBOM, including AOC references. | SCANNER-LNM-21-001 | ||
| SCANNER-NATIVE-401-015 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Scanner Worker Guild | src/Scanner/__Libraries/StellaOps.Scanner.Symbols.Native, src/Scanner/__Libraries/StellaOps.Scanner.CallGraph.Native |
Stand up StellaOps.Scanner.Symbols.Native + StellaOps.Scanner.CallGraph.Native (ELF/PE readers, demanglers, probabilistic carving) and publish FuncNode/CallEdge CAS bundles consumed by reachability graphs. |
Requires CAS schema approval from GAPG0101 | SCNA0101 | |
| SCANNER-OPS-0001 | TODO | SPRINT_327_docs_modules_scanner | Ops Guild (docs/modules/scanner) | docs/modules/scanner | Review scanner runbooks/observability assets after the next sprint demo and capture findings inline with sprint notes. | |||
| SCANNER-POLICY-0001 | DONE | 2025-11-10 | SPRINT_0138_0001_0001_scanner_ruby_parity | Policy Guild, Ruby Analyzer Guild (docs/modules/scanner) | docs/modules/scanner | Ruby predicates shipped: Policy Engine exposes sbom.any_component + ruby.*, tests updated, DSL/offline-kit docs refreshed. |
SCANNER-ENG-0018 | |
| SCANNER-SECRETS-03 | TODO | SPRINT_0136_0001_0001_scanner_surface | BuildX Plugin Guild, Security Guild (src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin) | src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin | Use Surface.Secrets to retrieve registry credentials when interacting with CAS/referrers. | SCANNER-SECRETS-02 | ||
| SCANNER-SORT-02 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Core Guild (src/Scanner/__Libraries/StellaOps.Scanner.Core) | src/Scanner/__Libraries/StellaOps.Scanner.Core | Sort layer fragments by digest and components by identity.purl/identity.key before composition; add determinism regression tests. |
SCANNER-EMIT-15-001 | ||
| SCANNER-SURFACE-04 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Worker Guild (src/Scanner/StellaOps.Scanner.Worker) | src/Scanner/StellaOps.Scanner.Worker | DSSE-sign every layer.fragments payload, emit _composition.json, and persist DSSE envelopes so offline kits can replay deterministically (see docs/modules/scanner/deterministic-sbom-compose.md §2.1). |
SCANNER-SURFACE-01; SURFACE-FS-03 | ||
| SCHED-IMPACT-16-303 | DONE | SPRINT_0155_0001_0001_scheduler_i | Scheduler ImpactIndex Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.ImpactIndex) | src/Scheduler/__Libraries/StellaOps.Scheduler.ImpactIndex | Snapshot/compaction + invalidation for removed images; persistence to RocksDB/Redis per architecture. | |||
| SCHED-SURFACE-01 | TODO | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Evaluate Surface.FS pointers when planning delta scans to avoid redundant work and prioritise drift-triggered assets. | |||
| SCHED-SURFACE-02 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scheduler Worker Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Integrate Scheduler worker prefetch using Surface manifest reader and persist manifest pointers with rerun plans. | SURFACE-FS-02; SCHED-SURFACE-01 | ||
| SCHED-VULN-29-001 | DONE | SPRINT_0155_0001_0001_scheduler_i | Scheduler WebService Guild, Findings Ledger Guild (src/Scheduler/StellaOps.Scheduler.WebService) | src/Scheduler/StellaOps.Scheduler.WebService | Expose resolver job APIs (POST /vuln/resolver/jobs, GET /vuln/resolver/jobs/{id}) to trigger candidate recomputation per artifact/policy change with RBAC and rate limits. |
|||
| SCHED-VULN-29-002 | TODO | SPRINT_0155_0001_0001_scheduler_i | Scheduler WebService Guild, Observability Guild (src/Scheduler/StellaOps.Scheduler.WebService) | src/Scheduler/StellaOps.Scheduler.WebService | Provide projector lag metrics endpoint and webhook notifications for backlog breaches consumed by DevOps dashboards. Dependencies: SCHED-VULN-29-001. | |||
| SCHED-WEB-20-002 | TODO | SPRINT_0155_0001_0001_scheduler_i | Scheduler WebService Guild (src/Scheduler/StellaOps.Scheduler.WebService) | src/Scheduler/StellaOps.Scheduler.WebService | Provide simulation trigger endpoint returning diff preview metadata and job state for UI/CLI consumption. | |||
| SCHED-WORKER-21-203 | DONE | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Export metrics (graph_build_seconds, graph_jobs_inflight, overlay_lag_seconds) and structured logs with tenant/graph identifiers. |
|||
| SCHED-WORKER-23-101 | TODO | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Implement policy re-evaluation worker that shards assets, honours rate limits, and updates progress for Console after policy activation events. Dependencies: SCHED-WORKER-21-203. | |||
| SCHED-WORKER-23-102 | TODO | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Add reconciliation job ensuring re-eval completion within SLA, emitting alerts on backlog and persisting status to policy_runs. Dependencies: SCHED-WORKER-23-101. |
|||
| SCHED-WORKER-25-101 | TODO | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Implement exception lifecycle worker handling auto-activation/expiry and publishing exception.* events with retries/backoff. Dependencies: SCHED-WORKER-23-102. |
|||
| SCHED-WORKER-25-102 | TODO | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Add expiring notification job generating digests, marking expiring state, updating metrics/alerts. Dependencies: SCHED-WORKER-25-101. |
|||
| SCHED-WORKER-26-201 | TODO | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild, Signals Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Build reachability joiner worker that combines SBOM snapshots with signals, writes cached facts, and schedules updates on new events. Dependencies: SCHED-WORKER-25-102. | |||
| SCHED-WORKER-26-202 | TODO | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Implement staleness monitor + notifier for outdated reachability facts, publishing warnings and updating dashboards. Dependencies: SCHED-WORKER-26-201. | |||
| SCHED-WORKER-27-301 | TODO | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Policy Registry Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Implement policy batch simulation worker: shard SBOM inventories, invoke Policy Engine, emit partial results, handle retries/backoff, and publish progress events. Dependencies: SCHED-WORKER-26-202. | |||
| SCHED-WORKER-27-302 | TODO | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Build reducer job aggregating shard outputs into final manifests (counts, deltas, samples) and writing to object storage with checksums; emit completion events. Dependencies: SCHED-WORKER-27-301. | |||
| SCHED-WORKER-27-303 | TODO | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Security Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Enforce tenant isolation, scope checks, and attestation integration for simulation jobs; secret scanning pipeline for uploaded policy sources. Dependencies: SCHED-WORKER-27-302. | |||
| SCHED-WORKER-29-001 | TODO | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Findings Ledger Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Implement resolver worker generating candidate findings from inventory + advisory evidence, respecting ecosystem version semantics and path scope; emit jobs for policy evaluation. Dependencies: SCHED-WORKER-27-303. | |||
| SCHED-WORKER-29-002 | TODO | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Build evaluation orchestration worker invoking Policy Engine batch eval, writing results to Findings Ledger projector queue, and handling retries/backoff. Dependencies: SCHED-WORKER-29-001. | |||
| SCHED-WORKER-29-003 | TODO | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Add monitoring for resolver/evaluation backlog, SLA breaches, and export job queue; expose metrics/alerts feeding DevOps dashboards. Dependencies: SCHED-WORKER-29-002. | |||
| SCHED-WORKER-CONSOLE-23-201 | TODO | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Stream run progress events (stage status, tuples processed, SLA hints) to Redis/NATS for Console SSE, with heartbeat, dedupe, and retention policy. Publish metrics + structured logs for queue lag. | |||
| SCHED-WORKER-CONSOLE-23-202 | TODO | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Coordinate evidence bundle jobs (enqueue, track status, cleanup) and expose job manifests to Web gateway; ensure idempotent reruns and cancellation support. Dependencies: SCHED-WORKER-CONSOLE-23-201. | |||
| SCHEDULER-DOCS-0001 | DONE | SPRINT_0328_0001_0001_docs_modules_scheduler | Docs Guild (docs/modules/scheduler) | docs/modules/scheduler | See ./AGENTS.md | |||
| SCHEDULER-ENG-0001 | DONE | SPRINT_0328_0001_0001_docs_modules_scheduler | Module Team (docs/modules/scheduler) | docs/modules/scheduler | Update status via ./AGENTS.md workflow | |||
| SCHEDULER-OPS-0001 | DONE | SPRINT_0328_0001_0001_docs_modules_scheduler | Ops Guild (docs/modules/scheduler) | docs/modules/scheduler | Sync outcomes back to ../.. | |||
| SCHEMA-401-024 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild (src/Signals/StellaOps.Signals, docs/uncertainty/README.md) |
src/Signals/StellaOps.Signals, docs/uncertainty/README.md |
||||
| SCORER-401-025 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild (src/Signals/StellaOps.Signals.Application, docs/uncertainty/README.md) |
src/Signals/StellaOps.Signals.Application, docs/uncertainty/README.md |
||||
| SCORING-401-003 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild (src/Signals/StellaOps.Signals) |
src/Signals/StellaOps.Signals |
||||
| SDK-62-001 | TODO | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild, SDK Generator Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | ||||
| SDK-62-002 | TODO | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | ||||
| SDK-63-001 | TODO | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild, API Governance Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | ||||
| SDK-64-001 | TODO | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild, SDK Release Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | ||||
| SDKGEN-62-001 | TODO | SPRINT_0208_0001_0001_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | Choose/pin generator toolchain, set up language template pipeline, and enforce reproducible builds. | DEVL0101 portal contracts | SDKG0101 | |
| SDKGEN-62-002 | TODO | SPRINT_0208_0001_0001_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | Implement shared post-processing (auth helpers, retries, pagination utilities, telemetry hooks) applied to all languages. Dependencies: SDKGEN-62-001. | SDKGEN-62-001 | SDKG0101 | |
| SDKGEN-63-001 | TODO | SPRINT_0208_0001_0001_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | Ship TypeScript SDK alpha with ESM/CJS builds, typed errors, paginator, streaming helpers. Dependencies: SDKGEN-62-002. | 63-004 | SDKG0101 | |
| SDKGEN-63-002 | TODO | SPRINT_0208_0001_0001_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | Ship Python SDK alpha (sync/async clients, type hints, upload/download helpers). Dependencies: SDKGEN-63-001. | SDKGEN-63-001 | SDKG0101 | |
| SDKGEN-63-003 | TODO | SPRINT_0208_0001_0001_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | Ship Go SDK alpha with context-first API and streaming helpers. Dependencies: SDKGEN-63-002. | SDKGEN-63-002 | SDKG0101 | |
| SDKGEN-63-004 | TODO | SPRINT_0208_0001_0001_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | Ship Java SDK alpha (builder pattern, HTTP client abstraction). Dependencies: SDKGEN-63-003. | SDKGEN-63-003 | SDKG0101 | |
| SDKGEN-64-001 | TODO | SPRINT_0208_0001_0001_sdk | SDK Generator Guild · CLI Guild | src/Sdk/StellaOps.Sdk.Generator | Switch CLI to consume TS or Go SDK; ensure parity. Dependencies: SDKGEN-63-004. | SDKGEN-63-004 | SDKG0101 | |
| SDKGEN-64-002 | TODO | SPRINT_0208_0001_0001_sdk | SDK Generator Guild · Console Guild | src/Sdk/StellaOps.Sdk.Generator | Integrate SDKs into Console data providers where feasible. Dependencies: SDKGEN-64-001. | SDKGEN-64-001 | SDKG0101 | |
| SDKREL-63-001 | TODO | SPRINT_0208_0001_0001_sdk | SDK Release Guild (src/Sdk/StellaOps.Sdk.Release) | src/Sdk/StellaOps.Sdk.Release | Configure CI pipelines for npm, PyPI, Maven Central staging, and Go proxies with signing and provenance attestations. | |||
| SDKREL-63-002 | TODO | SPRINT_0208_0001_0001_sdk | SDK Release Guild, API Governance Guild (src/Sdk/StellaOps.Sdk.Release) | src/Sdk/StellaOps.Sdk.Release | Integrate changelog automation pulling from OAS diffs and generator metadata. Dependencies: SDKREL-63-001. | |||
| SDKREL-64-001 | TODO | SPRINT_0208_0001_0001_sdk | SDK Release Guild, Notifications Guild (src/Sdk/StellaOps.Sdk.Release) | src/Sdk/StellaOps.Sdk.Release | Hook SDK releases into Notifications Studio with scoped announcements and RSS/Atom feeds. Dependencies: SDKREL-63-002. | |||
| SDKREL-64-002 | TODO | SPRINT_0208_0001_0001_sdk | SDK Release Guild, Export Center Guild (src/Sdk/StellaOps.Sdk.Release) | src/Sdk/StellaOps.Sdk.Release | Add devportal --offline bundle job packaging docs, specs, SDK artifacts for air-gapped users. Dependencies: SDKREL-64-001. |
|||
| SEC-62-001 | TODO | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild, Authority Core (docs) | |||||
| SEC-CRYPTO-90-001 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Produce the RootPack_RU implementation plan, provider strategy (CryptoPro + PKCS#11), and backlog split for sovereign crypto work. | ||
| SEC-CRYPTO-90-002 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Extend signature/catalog constants and configuration schema to recognize GOST12-256/512, regional crypto profiles, and provider preference ordering. |
||
| SEC-CRYPTO-90-003 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Implement StellaOps.Cryptography.Plugin.CryptoPro provider (sign/verify/JWK export) using CryptoPro CSP with deterministic logging/tests. |
||
| SEC-CRYPTO-90-004 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Implement StellaOps.Cryptography.Plugin.Pkcs11Gost provider (Rutoken/JaCarta) via Pkcs11Interop with configurable slot/pin/module handling. |
||
| SEC-CRYPTO-90-005 | DONE | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Add configuration-driven provider selection (crypto.regionalProfiles), CLI diagnostics, and telemetry. |
||
| SEC-CRYPTO-90-006 | DONE | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Build deterministic Streebog/signature harnesses and RootPack audit metadata/runbooks. | ||
| SEC-CRYPTO-90-007 | DONE | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Package RootPack_RU artifacts (plugins, trust anchors, configs) with deployment documentation. | ||
| SEC-CRYPTO-90-008 | DONE | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Audit repository for direct crypto usage bypassing the new abstractions and file remediation tasks. | ||
| SEC-CRYPTO-90-009 | DONE | 2025-11-09 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro) | src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro | Replace the placeholder CryptoPro plug-in with a true CryptoPro CSP implementation (GostCryptography, certificate-store lookup, DER/raw normalization) so RootPack_RU exposes a qualified-signature path. | ||
| SEC-CRYPTO-90-010 | DONE | 2025-11-09 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography + .DependencyInjection) | src/__Libraries/StellaOps.Cryptography + .DependencyInjection | Introduce StellaOpsCryptoOptions / configuration binding for registry profiles/keys and ship an AddStellaOpsCryptoRu(IConfiguration, …) helper so hosts can enable ru-offline via YAML without custom code. |
||
| SEC-CRYPTO-90-011 | DONE | 2025-11-09 | SPRINT_514_sovereign_crypto_enablement | Security & Ops Guilds (src/Tools/StellaOps.CryptoRu.Cli) | src/Tools/StellaOps.CryptoRu.Cli | Build the sovereign crypto CLI (StellaOps.CryptoRu.Cli) to list keys, perform test-sign operations, and emit determinism/audit snapshots referenced in the RootPack docs. |
||
| SEC-CRYPTO-90-012 | TODO | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/__Tests/StellaOps.Cryptography.Tests) | src/__Libraries/__Tests/StellaOps.Cryptography.Tests | Add CryptoPro + PKCS#11 integration tests (env/pin gated) and wire them into scripts/crypto/run-rootpack-ru-tests.sh, covering Streebog vectors and DER/raw signatures. |
|||
| SEC-CRYPTO-90-013 | TODO | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Extend the shared crypto stack with sovereign symmetric algorithms (Magma/Kuznyechik) so exports/data-at-rest can request Russian ciphers via the provider registry. | |||
| SEC-CRYPTO-90-014 | TODO | SPRINT_514_sovereign_crypto_enablement | Security + Service Guilds | Update runtime hosts (Authority, Scanner WebService/Worker, Concelier, etc.) to register the RU providers, bind StellaOps:Crypto profiles, and expose configuration toggles per the new options model. |
Wait for AUIN0101 approvals | CRSA0101 | ||
| SEC-CRYPTO-90-015 | TODO | SPRINT_514_sovereign_crypto_enablement | Security + Docs Guild | docs/security/rootpack_ru_*.md | Refresh RootPack/validation documentation once the CLI/config/tests exist (remove TODO callouts, document final workflows). | Depends on #1 | CRSA0101 | |
| SEC-CRYPTO-90-016 | DONE | 2025-11-09 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography.DependencyInjection + .Plugin.CryptoPro) | src/__Libraries/StellaOps.Cryptography.DependencyInjection + .Plugin.CryptoPro | Quarantine CryptoPro dependencies by default until IT.GostCryptography is patched; add MSBuild flag StellaOpsEnableCryptoPro and follow-up plan to re-enable the plug-in once a safe package exists. |
||
| SEC-CRYPTO-90-017 | TODO | SPRINT_514_sovereign_crypto_enablement | Security Guild | third_party/forks + src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro | Vendor third_party/forks/AlexMAS.GostCryptography into the solution build (solution filters, Directory.Build props, CI) so the library compiles with the rest of the repo and publishes artifacts for downstream consumers. |
Needs third_party fork sync | CRSA0101 | |
| SEC-CRYPTO-90-018 | TODO | SPRINT_514_sovereign_crypto_enablement | Security + Docs Guild | docs/security/rootpack_ru_*.md, docs/dev/crypto.md | Update developer/RootPack documentation to describe the new fork, sync steps, and licensing so operators know where the CryptoPro sources live and how to refresh them. | Depends on #3 | CRSA0101 | |
| SEC-CRYPTO-90-019 | TODO | SPRINT_514_sovereign_crypto_enablement | Security Guild | third_party/forks/AlexMAS.GostCryptography | Patch the fork to drop vulnerable System.Security.Cryptography.{Pkcs,Xml} 6.0.0 dependencies (target .NET 8+, adopt fixed BCL packages, re-run tests). |
Needs fork validation | CRSA0101 | |
| SEC-CRYPTO-90-020 | TODO | SPRINT_514_sovereign_crypto_enablement | Security Guild | src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro | Re-point StellaOps.Cryptography.Plugin.CryptoPro to the forked sources (replace NuGet package references, adjust DI wiring) and prove the plugin works end-to-end. |
Depends on #5 | CRSA0101 | |
| SEC-CRYPTO-90-021 | TODO | SPRINT_514_sovereign_crypto_enablement | Security + QA Guilds | scripts/crypto/**, docs/security/rootpack_ru_validation.md | Validate the forked library + plugin on both Windows (CryptoPro CSP) and Linux (OpenSSL GOST fallback) builds/tests; document any platform-specific prerequisites. | Depends on #6 | CRSA0101 | |
| SEC-OBS-50-001 | TODO | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild, Security Guild (docs) | |||||
| SEC2 | DONE | 2025-11-09 | SPRINT_100_identity_signing | Security Guild, Storage Guild (src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard) | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard | |||
| SEC3 | DONE | 2025-11-09 | SPRINT_100_identity_signing | Security Guild, BE-Auth Plugin (src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard) | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard | |||
| SEC5 | DONE | 2025-11-09 | SPRINT_100_identity_signing | Security Guild (src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard) | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard | |||
| SECRETS-01 | DOING | 2025-11-02 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Security Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | |||
| SECRETS-02 | DOING | 2025-11-02 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | SURFACE-SECRETS-01 | ||
| SECRETS-03 | TODO | SPRINT_0136_0001_0001_scanner_surface | BuildX Plugin Guild · Security Guild | src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin | SCANNER-SECRETS-02 | SCANNER-SECRETS-02 | SCBX0101 | |
| SECRETS-04 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | SURFACE-SECRETS-02 | |||
| SECRETS-05 | TODO | SPRINT_0136_0001_0001_scanner_surface | Zastava Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | SURFACE-SECRETS-02 | |||
| SECRETS-06 | TODO | SPRINT_0136_0001_0001_scanner_surface | Ops Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | SURFACE-SECRETS-03 | |||
| SERVER-401-011 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Symbols Guild (src/Symbols/StellaOps.Symbols.Server) |
src/Symbols/StellaOps.Symbols.Server |
||||
| SERVICE-21-001 | BLOCKED | SPRINT_0140_0001_0001_runtime_signals | ||||||
| SERVICE-21-002 | BLOCKED | SPRINT_0140_0001_0001_runtime_signals | ||||||
| SERVICE-21-003 | BLOCKED | SPRINT_0140_0001_0001_runtime_signals | ||||||
| SERVICE-21-004 | BLOCKED | SPRINT_0140_0001_0001_runtime_signals | ||||||
| SERVICE-23-001 | TODO | SPRINT_0140_0001_0001_runtime_signals | ||||||
| SERVICE-23-002 | TODO | SPRINT_0140_0001_0001_runtime_signals | ||||||
| SERVICE-DOCS-0001 | TODO | SPRINT_0326_0001_0001_docs_modules_registry | Docs Guild (docs/modules/registry) | docs/modules/registry | ||||
| SERVICE-ENG-0001 | TODO | SPRINT_0326_0001_0001_docs_modules_registry | Module Team (docs/modules/registry) | docs/modules/registry | ||||
| SERVICE-OPS-0001 | TODO | SPRINT_0326_0001_0001_docs_modules_registry | Ops Guild (docs/modules/registry) | docs/modules/registry | ||||
| SIG-003 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild (src/Signals/StellaOps.Signals, docs/reachability/function-level-evidence.md) |
src/Signals/StellaOps.Signals, docs/reachability/function-level-evidence.md |
||||
| SIG-26-001 | TODO | SPRINT_115_concelier_iv | Concelier Core Guild, Signals Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | ||||
| SIG-26-002 | TODO | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | ||||
| SIG-26-003 | TODO | SPRINT_0211_0001_0003_ui_iii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | ||||
| SIG-26-004 | TODO | SPRINT_0211_0001_0003_ui_iii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | ||||
| SIG-26-005 | TODO | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild, UI Guild (docs) | |||||
| SIG-26-006 | TODO | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild, DevEx/CLI Guild (docs) | |||||
| SIG-26-007 | TODO | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild, BE-Base Platform Guild (docs) | |||||
| SIG-26-008 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, DevOps Guild (docs) | |||||
| SIG-STORE-401-016 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild · BE-Base Platform Guild (src/Signals/StellaOps.Signals, src/__Libraries/StellaOps.Replay.Core) |
src/Signals/StellaOps.Signals, src/__Libraries/StellaOps.Replay.Core |
Introduce shared reachability store collections (func_nodes, call_edges, cve_func_hits), indexes, and repository APIs so Scanner/Signals/Policy can reuse canonical function data. |
|||
| SIGN-CORE-186-004 | DONE | 2025-11-26 | SPRINT_0186_0001_0001_record_deterministic_execution | Signing Guild | src/Signer/StellaOps.Signer, src/__Libraries/StellaOps.Cryptography |
Replace the HMAC demo implementation in StellaOps.Signer with StellaOps.Cryptography providers (keyless + KMS), including provider selection, key material loading, and cosign-compatible DSSE signature output. |
Mirrors #1 | SIGR0101 |
| SIGN-CORE-186-005 | DONE | 2025-11-26 | SPRINT_0186_0001_0001_record_deterministic_execution | Signing Guild | src/Signer/StellaOps.Signer.Core |
Refactor SignerStatementBuilder to support StellaOps predicate types (e.g., stella.ops/promotion@v1) and delegate payload canonicalisation to the Provenance library once available. |
Mirrors #2 | SIGR0101 |
| SIGN-REPLAY-186-003 | TODO | SPRINT_0186_0001_0001_record_deterministic_execution | Signing Guild (src/Signer/StellaOps.Signer, src/Authority/StellaOps.Authority) |
src/Signer/StellaOps.Signer, src/Authority/StellaOps.Authority |
Extend Signer/Authority DSSE flows to cover replay manifest/bundle payload types with multi-profile support; refresh docs/modules/signer/architecture.md and docs/modules/authority/architecture.md to capture the new signing/verification path referencing docs/replay/DETERMINISTIC_REPLAY.md Section 5. |
|||
| SIGN-TEST-186-006 | DONE | 2025-11-26 | SPRINT_0186_0001_0001_record_deterministic_execution | Signing Guild, QA Guild (src/Signer/StellaOps.Signer.Tests) |
src/Signer/StellaOps.Signer.Tests |
Upgrade signer integration tests to run against the real crypto abstraction and fixture predicates (promotion, SBOM, replay), replacing stub tokens/digests with deterministic test data. | ||
| SIGN-VEX-401-018 | DONE | 2025-11-26 | SPRINT_0401_0001_0001_reachability_evidence_chain | Signing Guild (src/Signer/StellaOps.Signer, docs/modules/signer/architecture.md) |
src/Signer/StellaOps.Signer, docs/modules/signer/architecture.md |
Extend Signer predicate catalog with stella.ops/vexDecision@v1, enforce payload policy, and plumb DSSE/Rekor integration for policy decisions. |
||
| SIGNALS-24-001 | DONE | 2025-11-09 | SPRINT_0140_0001_0001_runtime_signals | Host skeleton, RBAC, sealed-mode readiness, /signals/facts/{subject} retrieval, and readiness probes merged; serves as base for downstream ingestion. |
||||
| SIGNALS-24-002 | DOING | 2025-11-07 | SPRINT_0140_0001_0001_runtime_signals | Callgraph ingestion + retrieval APIs are live, but CAS promotion and signed manifest publication remain; cannot close until reachability jobs can trust stored graphs. | ||||
| SIGNALS-24-003 | DOING | 2025-11-09 | SPRINT_0140_0001_0001_runtime_signals | Runtime facts ingestion accepts JSON/NDJSON and gzip streams; provenance/context enrichment and NDJSON-to-AOC wiring still outstanding. | ||||
| SIGNALS-24-004 | BLOCKED | 2025-10-27 | SPRINT_0140_0001_0001_runtime_signals | 24-002/003 | Reachability scoring waits on complete ingestion feeds (24-002/003) plus Authority scope validation. | |||
| SIGNALS-24-005 | BLOCKED | 2025-10-27 | SPRINT_0140_0001_0001_runtime_signals | Cache + signals.fact.updated events depend on scoring outputs; remains idle until 24-004 unblocks. |
||||
| SIGNALS-REACH-201-003 | DOING | 2025-11-08 | SPRINT_400_runtime_facts_static_callgraph_union | Signals Guild (src/Signals/StellaOps.Signals) |
src/Signals/StellaOps.Signals |
Extend Signals ingestion to accept the new multi-language graphs + runtime facts, normalize into reachability_graphs CAS layout, and expose retrieval APIs for Policy/CLI. |
||
| SIGNALS-REACH-201-004 | DOING | 2025-11-08 | SPRINT_400_runtime_facts_static_callgraph_union | Signals Guild · Policy Guild (src/Signals/StellaOps.Signals, src/Policy/StellaOps.Policy.Engine) |
src/Signals/StellaOps.Signals, src/Policy/StellaOps.Policy.Engine |
Build the reachability scoring engine (state/score/confidence), wire Redis caches + signals.fact.updated events, and integrate reachability weights defined in docs/11_DATA_SCHEMAS.md. |
||
| SIGNALS-RUNTIME-401-002 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild (src/Signals/StellaOps.Signals) |
src/Signals/StellaOps.Signals |
Ship /signals/runtime-facts ingestion for NDJSON (and gzip) batches, dedupe hits, and link runtime evidence CAS URIs to callgraph nodes. Include retention + RBAC tests. |
|||
| SIGNALS-SCORING-401-003 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild (src/Signals/StellaOps.Signals) |
src/Signals/StellaOps.Signals |
Extend ReachabilityScoringService with deterministic scoring (static path +0.50, runtime hits +0.30/+0.10 sink, guard penalties, reflection penalty, floor 0.05), persist reachability labels (reachable/conditional/unreachable) and expose /graphs/{scanId} CAS lookups. |
|||
| SIGNER-DOCS-0001 | DONE | 2025-11-05 | SPRINT_0329_0001_0001_docs_modules_signer | Docs Guild (docs/modules/signer) | docs/modules/signer | Validate that docs/modules/signer/README.md captures the latest DSSE/fulcio updates. |
||
| SIGNER-ENG-0001 | DONE | 2025-11-26 | SPRINT_0329_0001_0001_docs_modules_signer | Module Team (docs/modules/signer) | docs/modules/signer | Keep module milestones aligned with signer sprints under /docs/implplan. Updated README with Sprint 0186/0401 completed tasks (SIGN-CORE-186-004/005, SIGN-TEST-186-006, SIGN-VEX-401-018). |
||
| SIGNER-OPS-0001 | TODO | SPRINT_0329_0001_0001_docs_modules_signer | Ops Guild (docs/modules/signer) | docs/modules/signer | Review signer runbooks/observability assets after next sprint demo. | |||
| SORT-02 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Core Guild (src/Scanner/__Libraries/StellaOps.Scanner.Core) | src/Scanner/__Libraries/StellaOps.Scanner.Core | SCANNER-EMIT-15-001 | |||
| ORCH-DOCS-0001 | DONE | SPRINT_0323_0001_0001_docs_modules_orchestrator | Docs Guild (docs/modules/orchestrator) | docs/modules/orchestrator | Refresh orchestrator README + diagrams to reflect job leasing changes and reference the task runner bridge. | |||
| ORCH-ENG-0001 | DONE | SPRINT_0323_0001_0001_docs_modules_orchestrator | Module Team (docs/modules/orchestrator) | docs/modules/orchestrator | Sync into ../.. | |||
| ORCH-OPS-0001 | DONE | SPRINT_0323_0001_0001_docs_modules_orchestrator | Ops Guild (docs/modules/orchestrator) | docs/modules/orchestrator | Document outputs in ./README.md | |||
| SPL-23-001 | TODO | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Language Infrastructure Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | ||||
| SPL-23-002 | TODO | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | POLICY-SPL-23-001 | |||
| SPL-23-003 | TODO | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | POLICY-SPL-23-002 | |||
| SPL-23-004 | TODO | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Audit Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | POLICY-SPL-23-003 | |||
| SPL-23-005 | TODO | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, DevEx Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | POLICY-SPL-23-004 | |||
| SPL-24-001 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Signals Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | POLICY-SPL-23-005 | ||
| STORE-401-016 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild · BE-Base Platform Guild (src/Signals/StellaOps.Signals, src/__Libraries/StellaOps.Replay.Core) |
src/Signals/StellaOps.Signals, src/__Libraries/StellaOps.Replay.Core |
||||
| STORE-AOC-19-001 | TODO | SPRINT_0123_0001_0005_excititor_v | Excititor Storage Guild (src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo) | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo | ||||
| STORE-AOC-19-002 | TODO | SPRINT_0123_0001_0005_excititor_v | Excititor Storage Guild, DevOps Guild (src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo) | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo | ||||
| STORE-AOC-19-005 | TODO | 2025-11-04 | SPRINT_115_concelier_iv | Concelier Storage Guild, DevOps Guild (src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo) | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | |||
| SURFACE-01 | TODO | SPRINT_0140_0001_0001_runtime_signals | ||||||
| SURFACE-02 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scheduler Worker Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | SURFACE-FS-02; SCHED-SURFACE-01 | |||
| SURFACE-04 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Worker Guild (src/Scanner/StellaOps.Scanner.Worker) | src/Scanner/StellaOps.Scanner.Worker | SCANNER-SURFACE-01; SURFACE-FS-03 | |||
| SURFACE-ENV-01 | DONE | 2025-11-13 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Zastava Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | Draft surface-env.md enumerating environment variables, defaults, and air-gap behaviour for Surface consumers. |
— | SCSS0101 |
| SURFACE-ENV-02 | DOING | 2025-11-02 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | Implement strongly-typed env accessors with validation and deterministic logging inside StellaOps.Scanner.Surface.Env. |
SURFACE-ENV-01 | SCSS0101 |
| SURFACE-ENV-03 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | Adopt the env helper across Scanner Worker/WebService/BuildX plug-ins. | SURFACE-ENV-02 | ||
| SURFACE-ENV-04 | TODO | SPRINT_0136_0001_0001_scanner_surface | Zastava Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | Wire env helper into Zastava Observer/Webhook containers. | SURFACE-ENV-02 | ||
| SURFACE-ENV-05 | TODO | SPRINT_0136_0001_0001_scanner_surface | Ops Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | Update Helm/Compose/offline kit templates with new env knobs and documentation. | SURFACE-ENV-03; SURFACE-ENV-04 | ||
| SURFACE-FS-03 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | Integrate Surface.FS writer into Scanner Worker analyzer pipeline to persist layer + entry-trace fragments. | SURFACE-FS-02 | ||
| SURFACE-FS-04 | TODO | SPRINT_0136_0001_0001_scanner_surface | Zastava Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | Integrate Surface.FS reader into Zastava Observer runtime drift loop. | SURFACE-FS-02 | ||
| SURFACE-FS-05 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Scheduler Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | Expose Surface.FS pointers via Scanner WebService reports and coordinate rescan planning with Scheduler. | SURFACE-FS-03 | ||
| SURFACE-FS-06 | TODO | SPRINT_0136_0001_0001_scanner_surface | Docs Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | Update scanner-engine guide and offline kit docs with Surface.FS workflow. | SURFACE-FS-02 | ||
| SURFACE-FS-07 | DONE | 2025-12-04 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | Extend Surface.FS manifest schema with composition.recipe, fragment attestation metadata, and verification helpers per deterministic SBOM spec. |
SCANNER-SURFACE-04 | |
| SURFACE-SECRETS-01 | DOING | 2025-11-02 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Security Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | Produce surface-secrets.md defining secret reference schema, storage backends, scopes, and rotation rules. |
||
| SURFACE-SECRETS-02 | DOING | 2025-11-02 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | Implement StellaOps.Scanner.Surface.Secrets core provider interfaces, secret models, and in-memory test backend. |
SURFACE-SECRETS-01 | |
| SURFACE-SECRETS-03 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | Add Kubernetes/File/Offline backends with deterministic caching and audit hooks. | SURFACE-SECRETS-02 | SCSS0101 | |
| SURFACE-SECRETS-04 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | Integrate Surface.Secrets into Scanner Worker/WebService/BuildX for registry + CAS creds. | SURFACE-SECRETS-02 | ||
| SURFACE-SECRETS-05 | TODO | SPRINT_0136_0001_0001_scanner_surface | Zastava Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | Invoke Surface.Secrets from Zastava Observer/Webhook for CAS & attestation secrets. | SURFACE-SECRETS-02 | ||
| SURFACE-SECRETS-06 | TODO | SPRINT_0136_0001_0001_scanner_surface | Ops Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | Update deployment manifests/offline kit bundles to provision secret references instead of raw values. | SURFACE-SECRETS-03 | ||
| SURFACE-VAL-01 | DOING | 2025-11-01 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Security Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | Define the Surface validation framework (surface-validation.md) covering env/cache/secret checks and extension hooks. |
SURFACE-FS-01; SURFACE-ENV-01 | SCSS0102 |
| SURFACE-VAL-02 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | Implement base validation library with check registry and default validators for env/cached manifests/secret refs. | SURFACE-VAL-01; SURFACE-ENV-02; SURFACE-FS-02 | SCSS0102 | |
| SURFACE-VAL-03 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | Integrate validation pipeline into Scanner analyzers so checks run before processing. | SURFACE-VAL-02 | SCSS0102 | |
| SURFACE-VAL-04 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Zastava Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | Expose validation helpers to Zastava and other runtime consumers for preflight checks. | SURFACE-VAL-02 | SCSS0102 | |
| SURFACE-VAL-05 | TODO | SPRINT_0136_0001_0001_scanner_surface | Docs Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | Document validation extensibility, registration, and customization in scanner-engine guides. | SURFACE-VAL-02 | SCSS0102 | |
| SVC-32-002 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | ||||
| SVC-32-003 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | ||||
| SVC-32-004 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | ||||
| SVC-32-005 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | ||||
| SVC-33-001 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | ||||
| SVC-33-002 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | ||||
| SVC-33-003 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | ||||
| SVC-33-004 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | ||||
| SVC-34-001 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | ||||
| SVC-34-002 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | ||||
| SVC-34-003 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | ||||
| SVC-34-004 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | ||||
| SVC-35-001 | BLOCKED | 2025-10-29 | SPRINT_163_exportcenter_ii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | |||
| SVC-35-002 | TODO | SPRINT_163_exportcenter_ii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | ||||
| SVC-35-003 | TODO | SPRINT_163_exportcenter_ii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | ||||
| SVC-35-004 | TODO | SPRINT_163_exportcenter_ii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | ||||
| SVC-35-005 | TODO | SPRINT_163_exportcenter_ii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | ||||
| SVC-35-006 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | ||||
| SVC-35-101 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | ||||
| SVC-36-001 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | ||||
| SVC-36-002 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | ||||
| SVC-36-003 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | ||||
| SVC-36-004 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | ||||
| SVC-36-101 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | ||||
| SVC-37-001 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | ||||
| SVC-37-002 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | ||||
| SVC-37-003 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | ||||
| SVC-37-004 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | ||||
| SVC-37-101 | TODO | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | ||||
| SVC-38-002 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | ||||
| SVC-38-003 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | ||||
| SVC-38-004 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | ||||
| SVC-38-101 | TODO | SPRINT_0153_0001_0003_orchestrator_iii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | ||||
| SVC-39-001 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | ||||
| SVC-39-002 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | ||||
| SVC-39-003 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | ||||
| SVC-39-004 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | ||||
| SVC-40-001 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | ||||
| SVC-40-002 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | ||||
| SVC-40-003 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | ||||
| SVC-40-004 | TODO | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | ||||
| SVC-41-101 | TODO | SPRINT_0153_0001_0003_orchestrator_iii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | ||||
| SVC-42-101 | TODO | SPRINT_0153_0001_0003_orchestrator_iii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | ||||
| SVC-43-001 | TODO | SPRINT_0164_0001_0003_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | ||||
| SYM-007 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Scanner Worker Guild & Docs Guild (src/Scanner/StellaOps.Scanner.Models, docs/modules/scanner/architecture.md, docs/reachability/function-level-evidence.md) |
src/Scanner/StellaOps.Scanner.Models, docs/modules/scanner/architecture.md, docs/reachability/function-level-evidence.md |
||||
| SYMS-70-003 | TODO | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild, Symbols Guild (docs) | |||||
| SYMS-90-005 | TODO | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild, Symbols Guild (ops/devops) | ops/devops | ||||
| SYMS-BUNDLE-401-014 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Symbols Guild · Ops | src/Symbols/StellaOps.Symbols.Bundle, ops |
Produce deterministic symbol bundles for air-gapped installs (`symbols bundle create | Depends on #1 | RBSY0101 | |
| SYMS-CLIENT-401-012 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Symbols Guild · Scanner Guild | src/Symbols/StellaOps.Symbols.Client, src/Scanner/StellaOps.Scanner.Symbolizer |
Ship StellaOps.Symbols.Client SDK (resolve/upload APIs, platform key derivation for ELF/PDB/Mach-O/JVM/Node, disk LRU cache) and integrate with Scanner.Symbolizer/runtime probes (ref. docs/specs/SYMBOL_MANIFEST_v1.md). |
Depends on #3 | RBSY0101 | |
| SYMS-INGEST-401-013 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Symbols Guild · DevOps Guild | src/Symbols/StellaOps.Symbols.Ingestor.Cli, docs/specs/SYMBOL_MANIFEST_v1.md |
Build symbols ingest CLI to emit DSSE-signed SymbolManifest v1, upload blobs, and register Rekor entries; document GitLab/Gitea pipeline usage. |
Needs manifest updates from #1 | RBSY0101 | |
| SYMS-SERVER-401-011 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Symbols Guild | src/Symbols/StellaOps.Symbols.Server |
Deliver StellaOps.Symbols.Server (REST+gRPC) with DSSE-verified uploads, Mongo/MinIO storage, tenant isolation, and deterministic debugId indexing; publish health/manifest APIs (spec: docs/specs/SYMBOL_MANIFEST_v1.md). |
Depends on #5 | RBSY0101 | |
| TASKRUN-41-001 | DONE (2025-11-30) | 2025-11-30 | SPRINT_0157_0001_0002_taskrunner_blockers | Task Runner Guild | src/TaskRunner/StellaOps.TaskRunner | Bootstrap service, define migrations for pack_runs, pack_run_logs, pack_artifacts, implement run API (create/get/log stream), local executor, approvals pause, artifact capture, and provenance manifest generation. |
Delivered per Task Pack advisory and architecture contract. | ORTR0101 |
| TASKRUN-AIRGAP-56-001 | DONE (2025-11-30) | 2025-11-30 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild · AirGap Policy Guild | src/TaskRunner/StellaOps.TaskRunner | Enforce plan-time validation rejecting steps with non-allowlisted network calls in sealed mode and surface remediation errors. | TASKRUN-41-001 | ORTR0101 |
| TASKRUN-AIRGAP-56-002 | DONE (2025-12-03) | 2025-11-30 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild · AirGap Importer Guild | src/TaskRunner/StellaOps.TaskRunner | Add helper steps for bundle ingestion (checksum verification, staging to object store) with deterministic outputs. | TASKRUN-AIRGAP-56-001 | ORTR0101 |
| TASKRUN-AIRGAP-57-001 | BLOCKED (2025-11-30) | 2025-11-30 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild · AirGap Controller Guild | src/TaskRunner/StellaOps.TaskRunner | Refuse to execute plans when environment sealed=false but declared sealed install; emit advisory timeline events. | TASKRUN-AIRGAP-56-002 | ORTR0101 |
| TASKRUN-AIRGAP-58-001 | BLOCKED (2025-11-30) | 2025-11-30 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild · Evidence Locker Guild | src/TaskRunner/StellaOps.TaskRunner | Capture bundle import job transcripts, hashed inputs, and outputs into portable evidence bundles. | TASKRUN-AIRGAP-57-001 | ORTR0101 |
| TASKRUN-OAS-61-001 | BLOCKED (2025-11-30) | 2025-11-30 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild · API Contracts Guild | src/TaskRunner/StellaOps.TaskRunner | Document Task Runner APIs (pack runs, logs, approvals) in service OAS, including streaming response schemas and examples. | TASKRUN-41-001 | ORTR0101 |
| TASKRUN-OAS-61-002 | BLOCKED (2025-11-30) | 2025-11-30 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild | src/TaskRunner/StellaOps.TaskRunner | Expose GET /.well-known/openapi returning signed spec metadata, build version, and ETag. |
TASKRUN-OAS-61-001 | ORTR0101 |
| TASKRUN-OAS-62-001 | BLOCKED (2025-11-30) | 2025-11-30 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild · SDK Generator Guild | src/TaskRunner/StellaOps.TaskRunner | Provide SDK examples for pack run lifecycle; ensure SDKs offer streaming log helpers and paginator wrappers. | TASKRUN-OAS-61-002 | ORTR0102 |
| TASKRUN-OAS-63-001 | BLOCKED (2025-11-30) | 2025-11-30 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild · API Governance Guild | src/TaskRunner/StellaOps.TaskRunner | Implement deprecation header support and Sunset handling for legacy pack APIs; emit notifications metadata. | TASKRUN-OAS-62-001 | ORTR0102 |
| TASKRUN-OBS-50-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild | src/TaskRunner/StellaOps.TaskRunner | Adopt telemetry core in Task Runner host + worker executors, ensuring step execution spans/logs include trace_id, tenant_id, run_id, and scrubbed command transcripts. |
ORTR0101 telemetry hooks | ORTR0102 |
| TASKRUN-OBS-51-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild · DevOps Guild | src/TaskRunner/StellaOps.TaskRunner | Emit metrics for step latency, retries, queue depth, sandbox resource usage; define SLOs for pack run completion and failure rate; surface burn-rate alerts to collector/Notifier. Dependencies: TASKRUN-OBS-50-001. | TASKRUN-OBS-50-001 | ORTR0102 |
| TASKRUN-OBS-52-001 | BLOCKED (2025-11-25) | 2025-11-25 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild | src/TaskRunner/StellaOps.TaskRunner | Produce timeline events for pack runs (pack.started, pack.step.completed, pack.failed) containing evidence pointers and policy gate context. Provide dedupe + retry logic. Blocked: timeline event schema and evidence-pointer contract not published. |
TASKRUN-OBS-51-001 | ORTR0102 |
| TASKRUN-OBS-53-001 | BLOCKED (2025-11-25) | 2025-11-25 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild · Evidence Locker Guild | src/TaskRunner/StellaOps.TaskRunner | Capture step transcripts, artifact manifests, environment digests, and policy approvals into evidence locker snapshots; ensure redaction + hash chain coverage. Blocked: waiting on timeline schema/evidence-pointer contract (OBS-52-001). | TASKRUN-OBS-52-001 | ORTR0102 |
| TASKRUN-TEN-48-001 | BLOCKED (2025-11-30) | 2025-11-30 | SPRINT_0158_0001_0002_taskrunner_ii | Task Runner Guild | src/TaskRunner/StellaOps.TaskRunner | Require tenant/project context for every pack run, set DB/object-store prefixes, block egress when tenant restricted, and propagate context to steps/logs. | TASKRUN-OBS-53-001; Tenancy policy contract | ORTR0101 |
| TELEMETRY-DOCS-0001 | DONE (2025-11-30) | 2025-11-30 | SPRINT_330_docs_modules_telemetry | Docs Guild | docs/modules/telemetry | Validate that telemetry module docs reflect the new storage stack and isolation rules. | Ops checklist from DVDO0103 | DOTL0101 |
| TELEMETRY-DOCS-0001 | DONE (2025-11-30) | 2025-11-30 | SPRINT_330_docs_modules_telemetry | Docs Guild | docs/modules/telemetry | Validate that telemetry module docs reflect the new storage stack and isolation rules. | Ops checklist from DVDO0103 | DOTL0101 |
| TELEMETRY-ENG-0001 | DONE (2025-11-30) | 2025-11-30 | SPRINT_330_docs_modules_telemetry | Module Team | docs/modules/telemetry | Ensure milestones stay in sync with telemetry sprints in docs/implplan. |
TLTY0101 API review | DOTL0101 |
| TELEMETRY-OBS-51-001 | DONE (2025-11-27) | 2025-11-27 | SPRINT_0170_0001_0001_notifications_telemetry | Telemetry Core Guild | src/Telemetry/StellaOps.Telemetry.Core | Golden-signal metrics with cardinality guards and exemplars shipped. | 51-002 | TLTY0101 |
| TELEMETRY-OBS-51-002 | DONE (2025-11-27) | 2025-11-27 | SPRINT_0170_0001_0001_notifications_telemetry | Telemetry Core Guild | src/Telemetry/StellaOps.Telemetry.Core | Scrubbing/redaction filters + audit overrides delivered. | 51-001 | TLTY0101 |
| TELEMETRY-OBS-55-001 | DONE (2025-11-27) | SPRINT_0170_0001_0001_notifications_telemetry | Telemetry Core Guild · Observability Guild | src/Telemetry/StellaOps.Telemetry.Core | Incident mode toggle API with sampling/retention tags; activation trail implemented. | 56-001 event schema | TLTY0101 | |
| TELEMETRY-OBS-56-001 | DONE (2025-11-27) | SPRINT_0174_0001_0001_telemetry | Telemetry Core Guild | src/Telemetry/StellaOps.Telemetry.Core | Add sealed-mode telemetry helpers (drift metrics, seal/unseal spans, offline exporters) and ensure hosts can disable external exporters when sealed. Dependencies: TELEMETRY-OBS-55-001. | OBS-55-001 output | TLTY0101 | |
| TELEMETRY-OPS-0001 | DONE (2025-11-30) | 2025-11-30 | SPRINT_330_docs_modules_telemetry | Ops Guild | docs/modules/telemetry | Review telemetry runbooks/observability dashboards post-demo. | DVDO0103 deployment notes | DOTL0101 |
| TEN-47-001 | TODO | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | ||||
| TEN-48-001 | TODO | SPRINT_115_concelier_iv | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | ||||
| TEN-49-001 | TODO | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | ||||
| TEST-186-006 | TODO | SPRINT_0186_0001_0001_record_deterministic_execution | Signing Guild, QA Guild (src/Signer/StellaOps.Signer.Tests) |
src/Signer/StellaOps.Signer.Tests |
||||
| TEST-62-001 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Contract Testing Guild (docs) | |||||
| TIME-57-001 | TODO | SPRINT_0503_0001_0001_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | PROGRAM-STAFF-1001 | ||||
| TIME-57-002 | TODO | SPRINT_510_airgap | Exporter Guild · AirGap Time Guild · CLI Guild | src/AirGap/StellaOps.AirGap.Time | PROGRAM-STAFF-1001 | PROGRAM-STAFF-1001 | AGTM0101 | |
| TIME-58-001 | TODO | SPRINT_510_airgap | AirGap Time Guild | src/AirGap/StellaOps.AirGap.Time | AIRGAP-TIME-58-001 | AIRGAP-TIME-58-001 | AGTM0101 | |
| TIME-58-002 | TODO | SPRINT_510_airgap | AirGap Time Guild · Notifications Guild | src/AirGap/StellaOps.AirGap.Time | TIME-58-001 | TIME-58-001 | AGTM0101 | |
| TIMELINE-OBS-52-001 | TODO | SPRINT_160_export_evidence | Timeline Indexer Guild | Timeline Indexer Guild | ||||
| TIMELINE-OBS-52-002 | TODO | SPRINT_160_export_evidence | Timeline Indexer Guild | Timeline Indexer Guild | ||||
| TIMELINE-OBS-52-003 | TODO | SPRINT_160_export_evidence | Timeline Indexer Guild | Timeline Indexer Guild | ||||
| TIMELINE-OBS-52-004 | TODO | SPRINT_160_export_evidence | Timeline Indexer + Security Guilds | Timeline Indexer + Security Guilds | ||||
| TIMELINE-OBS-53-001 | TODO | SPRINT_160_export_evidence | Timeline Indexer + Evidence Locker Guilds | Timeline Indexer + Evidence Locker Guilds | ||||
| UI-401-027 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | UI Guild · CLI Guild (src/UI/StellaOps.UI, src/Cli/StellaOps.Cli, docs/uncertainty/README.md) |
src/UI/StellaOps.UI, src/Cli/StellaOps.Cli, docs/uncertainty/README.md |
||||
| UI-CLI-401-007 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | UI & CLI Guilds (src/Cli/StellaOps.Cli, src/UI/StellaOps.UI) |
src/Cli/StellaOps.Cli, src/UI/StellaOps.UI |
Implement CLI stella graph explain + UI explain drawer showing signed call-path, predicates, runtime hits, and DSSE pointers; include counterfactual controls. |
|||
| UI-DOCS-0001 | TODO | SPRINT_331_docs_modules_ui | Docs Guild (docs/modules/ui) | docs/modules/ui | ||||
| UI-ENG-0001 | TODO | SPRINT_331_docs_modules_ui | Module Team (docs/modules/ui) | docs/modules/ui | ||||
| UI-LNM-22-002 | DONE | 2025-12-04 | SPRINT_0210_0001_0002_ui_ii | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement filters (source, severity bucket, conflict-only, CVSS vector presence) and pagination/lazy loading for large linksets. Docs depend on finalized filtering UX. Dependencies: UI-LNM-22-001. | ||
| UI-LNM-22-003 | DONE | 2025-12-04 | SPRINT_0210_0001_0002_ui_ii | UI Guild, Excititor Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add VEX tab with status/justification summaries, conflict indicators, and export actions. Required for DOCS-LNM-22-005 coverage of VEX evidence tab. Dependencies: UI-LNM-22-002. |
||
| UI-LNM-22-004 | DONE | 2025-12-04 | SPRINT_0210_0001_0002_ui_ii | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Provide permalink + copy-to-clipboard for selected component/linkset/policy combination; ensure high-contrast theme support. Dependencies: UI-LNM-22-003. | ||
| UI-OPS-0001 | TODO | SPRINT_331_docs_modules_ui | Ops Guild (docs/modules/ui) | docs/modules/ui | ||||
| UI-ORCH-32-001 | DONE | 2025-12-04 | SPRINT_0210_0001_0002_ui_ii | UI Guild, Console Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Update Console RBAC mappings to surface Orch.Viewer, request orch:read scope in token flows, and gate dashboard access/messaging accordingly. |
||
| UI-POLICY-13-007 | DONE | 2025-12-04 | SPRINT_0210_0001_0002_ui_ii | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Surface policy confidence metadata (band, age, quiet provenance) on preview and report views. | ||
| UI-POLICY-20-001 | DONE | 2025-12-05 | SPRINT_0210_0001_0002_ui_ii | UI Guild | src/Web/StellaOps.Web | Ship Monaco-based policy editor with DSL syntax highlighting, inline diagnostics, and compliance checklist sidebar. Dependencies: UI-POLICY-13-007. | Depends on Policy DSL schema | |
| UI-POLICY-20-002 | DONE | 2025-12-05 | SPRINT_0210_0001_0002_ui_ii | UI Guild | src/Web/StellaOps.Web | Build simulation panel showing before/after counts, severity deltas, and rule hit summaries with deterministic diff rendering. Dependencies: UI-POLICY-20-001. | Needs 20-001 editor events | |
| UI-POLICY-20-003 | DONE | 2025-12-05 | SPRINT_0210_0001_0002_ui_ii | UI/ProdOps Guild | src/Web/StellaOps.Web | Implement submit/review/approve workflow with comments, approvals log, RBAC. | UI-POLICY-20-002 | UIPD0101 |
| UI-POLICY-20-004 | DONE | 2025-12-05 | SPRINT_0210_0001_0002_ui_ii | UI Guild · Observability Guild | src/Web/StellaOps.Web | Add run viewer dashboards (rule heatmap, VEX wins, suppressions) with filters/export. | UI-POLICY-20-003 | UIPD0101 |
| UI-POLICY-23-001 | DONE | 2025-12-05 | SPRINT_0210_0001_0002_ui_ii | UI Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Deliver Policy Editor workspace with pack list, revision history, and scoped metadata cards. Dependencies: UI-POLICY-20-004. | ||
| UI-POLICY-23-002 | DONE | 2025-12-05 | SPRINT_0210_0001_0002_ui_ii | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement YAML editor with schema validation, lint diagnostics, and live canonicalization preview. Dependencies: UI-POLICY-23-001. | ||
| UI-POLICY-23-003 | DONE | 2025-12-05 | SPRINT_0210_0001_0002_ui_ii | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Build guided rule builder (source preferences, severity mapping, VEX precedence, exceptions) with preview JSON output. Dependencies: UI-POLICY-23-002. | ||
| UI-POLICY-23-004 | DONE | 2025-12-05 | SPRINT_0210_0001_0002_ui_ii | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add review/approval workflow UI: checklists, comments, two-person approval indicator, scope scheduling. Dependencies: UI-POLICY-23-003. | ||
| UI-POLICY-23-005 | DONE | 2025-12-05 | SPRINT_0210_0001_0002_ui_ii | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Integrate simulator panel (SBOM/component/advisory selection), run diff vs active policy, show explain tree and overlays. Dependencies: UI-POLICY-23-004. | ||
| UI-POLICY-23-006 | DONE | 2025-12-05 | SPRINT_0210_0001_0002_ui_ii | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement explain view linking to evidence overlays and exceptions; provide export to JSON/PDF. Dependencies: UI-POLICY-23-005. | ||
| UI-POLICY-27-001 | DOING | 2025-12-06 | SPRINT_0211_0001_0003_ui_iii | UI Guild, Product Ops (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Update Console policy workspace RBAC guards, scope requests, and user messaging to reflect the new Policy Studio roles/scopes (policy:author/review/approve/operate/audit/simulate), including Cypress auth stubs and help text. Dependencies: UI-POLICY-23-006. |
||
| UI-SIG-26-001 | BLOCKED | 2025-12-06 | SPRINT_0211_0001_0003_ui_iii | UI Guild, Signals Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add reachability columns/badges to Vulnerability Explorer with filters and tooltips. | Blocked: deterministic reachability fixtures (columns/badges) not delivered by Signals/Graph. | |
| UI-SIG-26-002 | BLOCKED | 2025-12-06 | SPRINT_0211_0001_0003_ui_iii | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Enhance “Why” drawer with call path visualization, reachability timeline, and evidence list. Dependencies: UI-SIG-26-001. | Blocked pending UI-SIG-26-001 outputs and call-path/timeline fixtures. | |
| UI-SIG-26-003 | BLOCKED | 2025-12-06 | SPRINT_0211_0001_0003_ui_iii | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add reachability overlay halos/time slider to SBOM Graph along with state legend. Dependencies: UI-SIG-26-002. | Blocked: overlays depend on upstream fixtures + perf budget. | |
| UI-SIG-26-004 | BLOCKED | 2025-12-06 | SPRINT_0211_0001_0003_ui_iii | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Build Reachability Center view showing asset coverage, missing sensors, and stale facts. Dependencies: UI-SIG-26-003. | Blocked: coverage/sensor fixtures not available; upstream chain blocked. | |
| UNCERTAINTY-POLICY-401-026 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild · Concelier Guild (docs/policy/dsl.md, docs/uncertainty/README.md) |
docs/policy/dsl.md, docs/uncertainty/README.md |
Update policy guidance (Concelier/Excitors) with uncertainty gates (U1/U2/U3), sample YAML rules, and remediation actions. | |||
| UNCERTAINTY-SCHEMA-401-024 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild (src/Signals/StellaOps.Signals, docs/uncertainty/README.md) |
src/Signals/StellaOps.Signals, docs/uncertainty/README.md |
Extend Signals findings with uncertainty.states[], entropy fields, and riskScore; emit FindingUncertaintyUpdated events and persist evidence per docs. |
|||
| UNCERTAINTY-SCORER-401-025 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild (src/Signals/StellaOps.Signals.Application, docs/uncertainty/README.md) |
src/Signals/StellaOps.Signals.Application, docs/uncertainty/README.md |
Implement the entropy-aware risk scorer (riskScore = base × reach × trust × (1 + entropyBoost)) and wire it into finding writes. |
|||
| UNCERTAINTY-UI-401-027 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | UI Guild · CLI Guild (src/UI/StellaOps.UI, src/Cli/StellaOps.Cli, docs/uncertainty/README.md) |
src/UI/StellaOps.UI, src/Cli/StellaOps.Cli, docs/uncertainty/README.md |
Surface uncertainty chips/tooltips in the Console (React UI) + CLI output (risk score + entropy states). | |||
| VAL-01 | DOING | 2025-11-01 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Security Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | SURFACE-FS-01; SURFACE-ENV-01 | ||
| VAL-02 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | SURFACE-VAL-01; SURFACE-ENV-02; SURFACE-FS-02 | |||
| VAL-03 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | SURFACE-VAL-02 | |||
| VAL-04 | TODO | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Zastava Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | SURFACE-VAL-02 | |||
| VAL-05 | TODO | SPRINT_0136_0001_0001_scanner_surface | Docs Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | SURFACE-VAL-02 | |||
| VERIFY-186-007 | TODO | SPRINT_0186_0001_0001_record_deterministic_execution | Authority Guild, Provenance Guild (src/Authority/StellaOps.Authority, src/Provenance/StellaOps.Provenance.Attestation) |
src/Authority/StellaOps.Authority, src/Provenance/StellaOps.Provenance.Attestation |
||||
| VEX-006 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy, Excititor, UI, CLI & Notify Guilds (docs/modules/excititor/architecture.md, src/Cli/StellaOps.Cli, src/UI/StellaOps.UI, docs/09_API_CLI_REFERENCE.md) |
docs/modules/excititor/architecture.md, src/Cli/StellaOps.Cli, src/UI/StellaOps.UI, docs/09_API_CLI_REFERENCE.md |
||||
| VEX-30-001 | BLOCKED | 2025-11-19 | SPRINT_0212_0001_0001_web_i | Console Guild, BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | |||
| VEX-30-002 | TODO | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | ||||
| VEX-30-003 | TODO | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | ||||
| VEX-30-004 | TODO | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | ||||
| VEX-30-005 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Console Guild (docs) | |||||
| VEX-30-006 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Policy Guild (docs) | DOVX0101 | ||||
| VEX-30-007 | BLOCKED | SPRINT_216_web_v | BE-Base Platform Guild, VEX Lens Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | DOVX0101 | |||
| VEX-30-008 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Security Guild (docs) | DOVX0101 | ||||
| VEX-30-009 | DOING | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, DevOps Guild (docs) | DOVX0101 | ||||
| VEX-401-006 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild (src/Policy/StellaOps.Policy.Engine, src/Policy/__Libraries/StellaOps.Policy) |
src/Policy/StellaOps.Policy.Engine, src/Policy/__Libraries/StellaOps.Policy |
DOVX0101 | |||
| VEX-401-010 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild (src/Policy/StellaOps.Policy.Engine/Vex, docs/modules/policy/architecture.md, docs/benchmarks/vex-evidence-playbook.md) |
src/Policy/StellaOps.Policy.Engine/Vex, docs/modules/policy/architecture.md, docs/benchmarks/vex-evidence-playbook.md |
DOVX0101 | |||
| VEX-401-011 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | verify | DOVX0101 | ||||
| VEX-401-012 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild (docs/benchmarks/vex-evidence-playbook.md, bench/README.md) |
docs/benchmarks/vex-evidence-playbook.md, bench/README.md |
DOVX0101 | |||
| VEX-401-018 | TODO | SPRINT_0401_0001_0001_reachability_evidence_chain | Signing Guild (src/Signer/StellaOps.Signer, docs/modules/signer/architecture.md) |
src/Signer/StellaOps.Signer, docs/modules/signer/architecture.md |
DOVX0101 | |||
| VEX-CONSENSUS-LENS-DOCS-0001 | TODO | SPRINT_332_docs_modules_vex_lens | Docs Guild (docs/modules/vex-lens) | docs/modules/vex-lens | Refresh VEX Lens module docs with consensus workflow guidance and recent release links. | DOVX0101 | ||
| VEX-CONSENSUS-LENS-DOCS-0002 | TODO | 2025-11-05 | SPRINT_332_docs_modules_vex_lens | Docs Guild (docs/modules/vex-lens) | docs/modules/vex-lens | Pending DOCS-VEX-30-001..004 to add consensus doc cross-links | ||
| VEX-CONSENSUS-LENS-ENG-0001 | TODO | SPRINT_332_docs_modules_vex_lens | Module Team (docs/modules/vex-lens) | docs/modules/vex-lens | Sync into ../.. | |||
| VEX-CONSENSUS-LENS-OPS-0001 | TODO | SPRINT_332_docs_modules_vex_lens | Ops Guild (docs/modules/vex-lens) | docs/modules/vex-lens | Document outputs in ./README.md | |||
| VEX-LENS-ENG-0001 | TODO | SPRINT_332_docs_modules_vex_lens | Module Team (docs/modules/vex-lens) | docs/modules/vex-lens | Keep module milestones synchronized with VEX Lens sprints listed under /docs/implplan. |
|||
| VEX-LENS-OPS-0001 | TODO | SPRINT_332_docs_modules_vex_lens | Ops Guild (docs/modules/vex-lens) | docs/modules/vex-lens | Review VEX Lens runbooks/observability assets post-demo. | |||
| VEXLENS-30-001 | TODO | SPRINT_115_concelier_iv | Concelier WebService Guild · VEX Lens Guild | src/Concelier/StellaOps.Concelier.WebService | — | — | PLVL0101 | |
| VEXLENS-30-002 | TODO | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | Build product mapping library | VEXLENS-30-001 | PLVL0101 | |
| VEXLENS-30-003 | TODO | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · Issuer Directory Guild | src/VexLens/StellaOps.VexLens | Integrate signature verification | VEXLENS-30-002 | PLVL0101 | |
| VEXLENS-30-004 | TODO | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · Policy Guild | src/VexLens/StellaOps.VexLens | Implement trust weighting engine | VEXLENS-30-003 | PLVL0101 | |
| VEXLENS-30-005 | TODO | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | Implement consensus algorithm producing consensus_state, confidence, weights, quorum, rationale; support states: NOT_AFFECTED, AFFECTED, FIXED, UNDER_INVESTIGATION, DISPUTED, INCONCLUSIVE |
VEXLENS-30-004 | PLVL0101 | |
| VEXLENS-30-006 | TODO | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · Findings Ledger Guild | src/VexLens/StellaOps.VexLens | Materialize consensus projection storage with idempotent workers triggered by VEX/Policy changes; expose change events for downstream consumers | VEXLENS-30-005 | PLVL0101 | |
| VEXLENS-30-007 | TODO | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | Expose APIs | VEXLENS-30-006 | PLVL0101 | |
| VEXLENS-30-008 | TODO | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · Policy Guild | src/VexLens/StellaOps.VexLens | Integrate consensus signals with Policy Engine | VEXLENS-30-007 | PLVL0101 | |
| VEXLENS-30-009 | TODO | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · Observability Guild | src/VexLens/StellaOps.VexLens | Instrument metrics | VEXLENS-30-008 | PLVL0101 | |
| VEXLENS-30-010 | TODO | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · QA Guild | src/VexLens/StellaOps.VexLens | Develop unit/property/integration/load tests | VEXLENS-30-009 | PLVL0101 | |
| VEXLENS-30-011 | TODO | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · DevOps Guild | src/VexLens/StellaOps.VexLens | Provide deployment manifests, caching configuration, scaling guides, offline kit seeds, and runbooks | VEXLENS-30-010 | PLVL0103 | |
| VEXLENS-AIAI-31-001 | TODO | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | Expose consensus rationale API enhancements (policy factors, issuer details, mapping issues) for Advisory AI conflict explanations | — | PLVL0103 | |
| VEXLENS-AIAI-31-002 | TODO | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | Provide caching hooks for consensus lookups used by Advisory AI | VEXLENS-AIAI-31-001 | PLVL0103 | |
| VEXLENS-EXPORT-35-001 | TODO | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | Provide consensus snapshot API delivering deterministic JSONL (state, confidence, provenance) for exporter mirror bundles | — | PLVL0103 | |
| VEXLENS-ORCH-33-001 | TODO | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | Register consensus_compute job type with orchestrator, integrate worker SDK, and expose job planning hooks for consensus batches |
— | PLVL0103 | |
| VEXLENS-ORCH-34-001 | TODO | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | Emit consensus completion events into orchestrator run ledger and provenance chain, including confidence metadata | VEXLENS-ORCH-33-001 | PLVL0103 | |
| VULN-29-001 | BLOCKED | 2025-11-19 | SPRINT_0212_0001_0001_web_i | Console Guild, BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | |||
| VULN-29-002 | TODO | SPRINT_0123_0001_0005_excititor_v | Excititor WebService Guild (src/Excititor/StellaOps.Excititor.WebService) | src/Excititor/StellaOps.Excititor.WebService | ||||
| VULN-29-003 | TODO | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | ||||
| VULN-29-004 | TODO | SPRINT_116_concelier_v | Concelier WebService Guild, Observability Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | ||||
| VULN-29-005 | TODO | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | ||||
| VULN-29-006 | TODO | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild, Docs Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | ||||
| VULN-29-007 | TODO | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild, Excititor Guild (docs) | |||||
| VULN-29-008 | TODO | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild, Concelier Guild (docs) | |||||
| VULN-29-009 | TODO | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild, SBOM Service Guild (docs) | |||||
| VULN-29-010 | TODO | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild, Observability Guild (docs) | |||||
| VULN-29-011 | TODO | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild, Security Guild (docs) | |||||
| VULN-29-012 | TODO | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild, Ops Guild (docs) | |||||
| VULN-29-013 | TODO | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild, Deployment Guild (docs) | |||||
| VULN-API-29-001 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Define OpenAPI spec (list/detail/query/simulation/workflow/export), query JSON schema, pagination/grouping contracts, and error codes | PLVA0101 | |
| VULN-API-29-002 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Implement list/query endpoints with policy parameter, grouping, server paging, caching, and cost budgets; tests at tests/TestResults/vuln-explorer/api.trx. |
VULN-API-29-001 | PLVA0101 |
| VULN-API-29-003 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Implement detail endpoint aggregating evidence, policy rationale, paths | VULN-API-29-002 | PLVA0101 | |
| VULN-API-29-004 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild, Findings Ledger Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Expose workflow endpoints | VULN-API-29-003 | PLVA0101 | |
| VULN-API-29-005 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild, Policy Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Implement simulation endpoint comparing policy_from vs policy_to, returning diffs without side effects; hook into Policy Engine batch eval |
VULN-API-29-004 | PLVA0101 | |
| VULN-API-29-006 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Integrate resolver results with Graph Explorer: include shortest path metadata, line up deep-link parameters, expose paths array in details |
VULN-API-29-005 | PLVA0101 | |
| VULN-API-29-007 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild, Security Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Enforce RBAC/ABAC scopes; implement CSRF/anti-forgery checks for Console; secure attachment URLs; audit logging | VULN-API-29-006 | PLVA0102 | |
| VULN-API-29-008 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Build export orchestrator producing signed bundles | VULN-API-29-007 | PLVA0102 | |
| VULN-API-29-009 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild, Observability Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Instrument metrics | VULN-API-29-008 | PLVA0102 | |
| VULN-API-29-010 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild, QA Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Provide unit/integration/perf tests | VULN-API-29-009 | PLVA0102 | |
| VULN-API-29-011 | TODO | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild, DevOps Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Package deployment | VULN-API-29-010 | PLVA0102 | |
| VULNERABILITY-EXPLORER-DOCS-0001 | TODO | SPRINT_334_docs_modules_vuln_explorer | Docs Guild (docs/modules/vuln-explorer) | docs/modules/vuln-explorer | Validate Vuln Explorer module docs against latest roadmap/releases and add evidence links. | DOVL0101 | ||
| VULNERABILITY-EXPLORER-ENG-0001 | TODO | SPRINT_334_docs_modules_vuln_explorer | Module Team (docs/modules/vuln-explorer) | docs/modules/vuln-explorer | Keep sprint alignment notes in sync with Vuln Explorer sprints. | |||
| VULNERABILITY-EXPLORER-OPS-0001 | TODO | SPRINT_334_docs_modules_vuln_explorer | Ops Guild (docs/modules/vuln-explorer) | docs/modules/vuln-explorer | Review runbooks/observability assets after next demo. | |||
| WEB-20-002 | TODO | SPRINT_0155_0001_0001_scheduler_i | Scheduler WebService Guild (src/Scheduler/StellaOps.Scheduler.WebService) | src/Scheduler/StellaOps.Scheduler.WebService | ||||
| WEB-AIAI-31-001 | TODO | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Route /advisory/ai/* endpoints through gateway with RBAC/ABAC, rate limits, and telemetry headers. |
|||
| WEB-AIAI-31-002 | TODO | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Provide batching job handlers and streaming responses for CLI automation with retry/backoff. Dependencies: WEB-AIAI-31-001. | |||
| WEB-AIAI-31-003 | TODO | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild, Observability Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Emit metrics/logs (latency, guardrail blocks, validation failures) and forward anonymized prompt hashes to analytics. Dependencies: WEB-AIAI-31-002. | |||
| WEB-AIRGAP-56-001 | TODO | SPRINT_116_concelier_v | Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | ||||
| WEB-AIRGAP-56-002 | TODO | SPRINT_116_concelier_v | Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | ||||
| WEB-AIRGAP-57-001 | TODO | SPRINT_116_concelier_v | Concelier WebService Guild, AirGap Policy Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | ||||
| WEB-AIRGAP-58-001 | TODO | SPRINT_116_concelier_v | Concelier WebService Guild, AirGap Importer Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | ||||
| WEB-AOC-19-002 | DONE (2025-11-30) | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Ship ProvenanceBuilder, checksum utilities, and signature verification helper integrated with guard logging. Cover DSSE/CMS formats with unit tests. Dependencies: WEB-AOC-19-001. |
|||
| WEB-AOC-19-003 | TODO | SPRINT_116_concelier_v | QA Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | ||||
| WEB-AOC-19-004 | TODO | SPRINT_116_concelier_v | Concelier WebService Guild, QA Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | ||||
| WEB-AOC-19-005 | TODO | 2025-11-08 | SPRINT_116_concelier_v | Concelier WebService Guild, QA Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | |||
| WEB-AOC-19-006 | TODO | 2025-11-08 | SPRINT_116_concelier_v | Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | |||
| WEB-AOC-19-007 | TODO | 2025-11-08 | SPRINT_116_concelier_v | Concelier WebService Guild, QA Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | |||
| WEB-CONSOLE-23-001 | DONE (2025-11-28) | 2025-11-28 | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild · Product Analytics Guild | src/Web/StellaOps.Web | /console/dashboard and /console/filters aggregates shipped with tenant scoping, deterministic ordering, and 8 unit tests per sprint Execution Log 2025-11-28. |
— | |
| WEB-CONSOLE-23-002 | DOING (2025-12-01) | 2025-12-01 | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild · Scheduler Guild | src/Web/StellaOps.Web | Implementing /console/status polling and /console/runs/{id}/stream SSE/WebSocket proxy with heartbeat/backoff; awaiting storage cleanup to run tests. Dependencies: WEB-CONSOLE-23-001. |
WEB-CONSOLE-23-001 | |
| WEB-CONSOLE-23-003 | DOING | 2025-12-06 | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add /console/exports POST/GET routes coordinating evidence bundle creation, streaming CSV/JSON exports, checksum manifest retrieval, and signed attestation references. Ensure requests honor tenant + policy scopes and expose job tracking metadata. Dependencies: WEB-CONSOLE-23-002. |
Same as above row (2112): client/models/store/service shipped; unit specs passing via Playwright headless command; backend/export contract still pending guild sign-off. | |
| WEB-CONSOLE-23-004 | BLOCKED | 2025-12-06 | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement /console/search endpoint accepting CVE/GHSA/PURL/SBOM identifiers, performing fan-out queries with caching, ranking, and deterministic tie-breaking. Return typed results for Console navigation; respect result caps and latency SLOs. Dependencies: WEB-CONSOLE-23-003. |
Still blocked pending contract; draft caching/ranking spec published in docs/api/console/search-downloads.md for review. |
|
| WEB-CONSOLE-23-005 | BLOCKED | 2025-12-06 | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild, DevOps Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Serve /console/downloads JSON manifest (images, charts, offline bundles) sourced from signed registry metadata; include integrity hashes, release notes links, and offline instructions. Provide caching headers and documentation. Dependencies: WEB-CONSOLE-23-004. |
Still blocked pending contract; draft manifest example added at docs/api/console/samples/console-download-manifest.json (awaiting sign-off). |
|
| WEB-CONTAINERS-44-001 | DONE | 2025-11-18 | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose /welcome state, config discovery endpoint (safe values), and QUICKSTART_MODE handling for Console banner; add /health/liveness, /health/readiness, /version if missing. |
||
| WEB-CONTAINERS-45-001 | DONE | 2025-11-19 | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Ensure readiness endpoints reflect DB/queue readiness, add feature flag toggles via config map, and document NetworkPolicy ports. Dependencies: WEB-CONTAINERS-44-001. | ||
| WEB-CONTAINERS-46-001 | DONE | 2025-11-19 | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Provide offline-friendly asset serving (no CDN), allow overriding object store endpoints via env, and document fallback behavior. Dependencies: WEB-CONTAINERS-45-001. | ||
| WEB-EXC-25-001 | BLOCKED | 2025-12-06 | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement /exceptions API (create, propose, approve, revoke, list, history) with validation, pagination, and audit logging. |
Waiting on exception schema + policy scopes and audit requirements. | |
| WEB-EXC-25-002 | BLOCKED | 2025-11-30 | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Extend /policy/effective and /policy/simulate responses to include exception metadata and accept overrides for simulations. Dependencies: WEB-EXC-25-001. |
||
| WEB-EXC-25-003 | TODO | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild, Platform Events Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Publish exception.* events, integrate with notification hooks, enforce rate limits. Dependencies: WEB-EXC-25-002. |
|||
| WEB-EXPORT-35-001 | TODO | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Surface Export Center APIs (profiles/runs/download) through gateway with tenant scoping, streaming support, and viewer/operator scope checks. | |||
| WEB-EXPORT-36-001 | TODO | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add distribution routes (OCI/object storage), manifest/provenance proxies, and signed URL generation. Dependencies: WEB-EXPORT-35-001. | |||
| WEB-EXPORT-37-001 | TODO | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose scheduling, retention, encryption parameters, and verification endpoints with admin scope enforcement and audit logs. Dependencies: WEB-EXPORT-36-001. | |||
| WEB-GRAPH-21-001 | BLOCKED | 2025-10-27 | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild, Graph Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add gateway routes for graph versions/viewport/node/path/diff/export endpoints with tenant enforcement, scope checks, and streaming responses; proxy Policy Engine diff toggles without inline logic. Adopt StellaOpsScopes constants for RBAC enforcement. |
||
| WEB-GRAPH-21-002 | BLOCKED | 2025-10-27 | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement bbox/zoom/path parameter validation, pagination tokens, and deterministic ordering; add contract tests for boundary conditions. Dependencies: WEB-GRAPH-21-001. | ||
| WEB-GRAPH-21-003 | BLOCKED | 2025-10-27 | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild, QA Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Map graph service errors to ERR_Graph_*, support GraphML/JSONL export streaming, and document rate limits. Dependencies: WEB-GRAPH-21-002. |
||
| WEB-GRAPH-21-004 | BLOCKED | 2025-10-27 | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Proxy Policy Engine overlay responses for graph endpoints while keeping gateway stateless; maintain streaming budgets and latency SLOs. Dependencies: WEB-GRAPH-21-003. | ||
| WEB-GRAPH-24-001 | TODO | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Gateway proxy for Graph API and Policy overlays with RBAC, caching, pagination, ETags, and streaming; zero business logic. Dependencies: WEB-GRAPH-21-004. | |||
| WEB-GRAPH-24-002 | TODO | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild; SBOM Service Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | /graph/assets/* endpoints (snapshots, adjacency, search) with pagination, ETags, and tenant scoping as pure proxy. Dependencies: WEB-GRAPH-24-001. |
|||
| WEB-GRAPH-24-003 | TODO | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Embed AOC summaries from overlay services; gateway does not compute derived severity or hints. Dependencies: WEB-GRAPH-24-002. | |||
| WEB-GRAPH-24-004 | TODO | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild; Observability Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Collect gateway metrics/logs (tile latency, proxy errors, overlay cache stats) and forward to dashboards; document sampling strategy. Dependencies: WEB-GRAPH-24-003. | |||
| WEB-LNM-21-001 | TODO | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild, Concelier WebService Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Surface new /advisories/* APIs through gateway with caching, pagination, and RBAC enforcement (advisory:read). |
|||
| WEB-LNM-21-002 | TODO | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild, Excititor WebService Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose /vex/* read APIs with evidence routes and export handlers; map ERR_AGG_* codes. Dependencies: WEB-LNM-21-001. |
|||
| WEB-LNM-21-003 | TODO | SPRINT_0214_0001_0001_web_iii | BE-Base Platform Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Provide combined endpoint for Console to fetch policy result + source evidence (advisory + VEX linksets) for a component. Dependencies: WEB-LNM-21-002. | |||
| WEB-NOTIFY-38-001 | TODO | SPRINT_0214_0001_0001_web_iii | BE-Base Platform Guild | src/Web/StellaOps.Web | Route notifier APIs (/notifications/*) and WS feed through gateway with tenant scoping, viewer/operator scope enforcement, and SSE/WebSocket bridging. |
Depends on #1 for signed ack spec | NOWB0101 | |
| WEB-NOTIFY-39-001 | TODO | SPRINT_0214_0001_0001_web_iii | BE-Base Platform Guild | src/Web/StellaOps.Web | Surface digest scheduling, quiet-hour/throttle management, and simulation APIs; ensure rate limits and audit logging. Dependencies: WEB-NOTIFY-38-001. | WEB-NOTIFY-38-001 | NOWB0101 | |
| WEB-NOTIFY-40-001 | TODO | SPRINT_0214_0001_0001_web_iii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose escalation, localization, channel health, and ack verification endpoints with admin scope enforcement and signed token validation. Dependencies: WEB-NOTIFY-39-001. | |||
| WEB-OAS-61-001 | TODO | SPRINT_0124_0001_0006_excititor_vi | Excititor WebService Guild (src/Excititor/StellaOps.Excititor.WebService) | src/Excititor/StellaOps.Excititor.WebService | ||||
| WEB-OAS-61-002 | TODO | SPRINT_116_concelier_v | Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | ||||
| WEB-OAS-62-001 | TODO | SPRINT_116_concelier_v | Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | ||||
| WEB-OAS-63-001 | TODO | SPRINT_116_concelier_v | Concelier WebService Guild, API Governance Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | ||||
| WEB-OBS-50-001 | TODO | SPRINT_0214_0001_0001_web_iii | BE-Base Platform Guild, Observability Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Integrate StellaOps.Telemetry.Core into gateway host, replace ad-hoc logging, ensure all routes emit trace/span IDs, tenant context, and scrubbed payload previews. |
|||
| WEB-OBS-51-001 | TODO | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Paired with #1 for shared middleware | Paired with #1 for shared middleware | CNOB0102 | |
| WEB-OBS-52-001 | TODO | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Dependent on CLI/VEX readiness (035_CLCI0105) for payload format | Dependent on CLI/VEX readiness (035_CLCI0105) for payload format | CNOB0102 | |
| WEB-OBS-53-001 | TODO | SPRINT_117_concelier_vi | Concelier WebService Guild · Evidence Locker Guild | src/Concelier/StellaOps.Concelier.WebService | Needs Evidence Locker API spec from 002_ATEL0101 | Needs Evidence Locker API spec from 002_ATEL0101 | CNOB0102 | |
| WEB-OBS-54-001 | TODO | SPRINT_117_concelier_vi | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Relies on shared exporter (1039_EXPORT-OBS-54-001) | Relies on shared exporter (1039_EXPORT-OBS-54-001) | CNOB0102 | |
| WEB-OBS-55-001 | TODO | SPRINT_117_concelier_vi | Concelier WebService Guild · DevOps Guild | src/Concelier/StellaOps.Concelier.WebService | Wait for DevOps alert profiles (045_DVDO0103) | Wait for DevOps alert profiles (045_DVDO0103) | CNOB0102 | |
| WEB-OBS-56-001 | TODO | SPRINT_0214_0001_0001_web_iii | BE-Base Platform Guild, AirGap Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Extend telemetry core integration to expose sealed/unsealed status APIs, drift metrics, and Console widgets without leaking sealed-mode secrets. Dependencies: WEB-OBS-55-001. | |||
| WEB-ORCH-32-001 | TODO | SPRINT_0214_0001_0001_web_iii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose `/orchestrator/sources | |||
| WEB-ORCH-33-001 | TODO | SPRINT_0215_0001_0004_web_iv | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add POST action routes (`pause. Dependencies: WEB-ORCH-32-001. | |||
| WEB-ORCH-34-001 | TODO | SPRINT_0215_0001_0004_web_iv | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Surface quotas/backfill APIs, queue/backpressure metrics, and error clustering routes with admin scope enforcement and audit logging. Dependencies: WEB-ORCH-33-001. | |||
| WEB-POLICY-20-001 | TODO | SPRINT_0215_0001_0004_web_iv | BE-Base Platform Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement Policy CRUD/compile/run/simulate/findings/explain endpoints with OpenAPI, tenant scoping, and service identity enforcement. | |||
| WEB-POLICY-20-002 | TODO | SPRINT_0215_0001_0004_web_iv | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add pagination, filtering, sorting, and tenant guards to listings for policies, runs, and findings; include deterministic ordering and query diagnostics. Dependencies: WEB-POLICY-20-001. | |||
| WEB-POLICY-20-003 | TODO | SPRINT_0215_0001_0004_web_iv | BE-Base Platform Guild, QA Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Map engine errors to ERR_POL_* responses with consistent payloads and contract tests; expose correlation IDs in headers. Dependencies: WEB-POLICY-20-002. |
|||
| WEB-POLICY-20-004 | TODO | SPRINT_0215_0001_0004_web_iv | Platform Reliability Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Introduce adaptive rate limiting + quotas for simulation endpoints, expose metrics, and document retry headers. Dependencies: WEB-POLICY-20-003. | |||
| WEB-POLICY-23-001 | BLOCKED | 2025-10-29 | SPRINT_0215_0001_0004_web_iv | BE-Base Platform Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement API endpoints for creating/listing/fetching policy packs and revisions (/policy/packs, /policy/packs/{id}/revisions) with pagination, RBAC, and AOC metadata exposure. (Tracked via Sprint 18.5 gateway tasks.). Dependencies: WEB-POLICY-20-004. |
||
| WEB-POLICY-23-002 | BLOCKED | 2025-10-29 | SPRINT_0215_0001_0004_web_iv | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add activation endpoint with scope windows, conflict checks, and optional 2-person approval integration; emit events on success. (Tracked via Sprint 18.5 gateway tasks.). Dependencies: WEB-POLICY-23-001. | ||
| WEB-POLICY-23-003 | TODO | SPRINT_0215_0001_0004_web_iv | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Provide /policy/simulate and /policy/evaluate endpoints with streaming responses, rate limiting, and error mapping. Dependencies: WEB-POLICY-23-002. |
|||
| WEB-POLICY-23-004 | TODO | SPRINT_0215_0001_0004_web_iv | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose explain history endpoints (/policy/runs, /policy/runs/{id}) including decision tree, sources consulted, and AOC chain. Dependencies: WEB-POLICY-23-003. |
|||
| WEB-POLICY-27-001 | TODO | SPRINT_0215_0001_0004_web_iv | BE-Base Platform Guild | src/Web/StellaOps.Web | Surface Policy Registry APIs (/policy/workspaces, /policy/versions, /policy/reviews, /policy/registry) with tenant scoping, RBAC, validation. |
WEB-POLICY-23-004 | WEPO0101 | |
| WEB-POLICY-27-002 | TODO | SPRINT_0215_0001_0004_web_iv | BE-Base Platform Guild | src/Web/StellaOps.Web | Implement review lifecycle endpoints (open/comment/approve/reject) with audit headers + webhooks. | WEB-POLICY-27-001 | WEPO0101 | |
| WEB-POLICY-27-003 | TODO | SPRINT_0215_0001_0004_web_iv | Platform Reliability Guild | src/Web/StellaOps.Web | Provide quick/batch simulation endpoints with SSE progress + result pagination. | WEB-POLICY-27-002 | WEPO0101 | |
| WEB-POLICY-27-004 | TODO | SPRINT_0215_0001_0004_web_iv | BE/Security Guild | src/Web/StellaOps.Web | Add publish/sign/promote/rollback endpoints w/ idempotent request IDs, canary params, scope enforcement, events. | WEB-POLICY-27-003 | WEPO0101 | |
| WEB-POLICY-27-005 | TODO | SPRINT_0215_0001_0004_web_iv | BE/Observability Guild | src/Web/StellaOps.Web | Instrument metrics/logs for compile latency, simulation queue, approval latency, promotion actions. | WEB-POLICY-27-004 | WEPO0101 | |
| WEB-RISK-66-001 | BLOCKED (2025-12-03) | SPRINT_216_web_v | BE-Base Platform Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose risk profile/results endpoints through gateway with tenant scoping, pagination, and rate limiting. | npm ci hangs; gateway endpoints unavailable. | ||
| WEB-RISK-66-002 | BLOCKED | 2025-12-06 | SPRINT_216_web_v | BE-Base Platform Guild, Risk Engine Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add signed URL handling for explanation blobs and enforce scope checks. Dependencies: WEB-RISK-66-001. | Blocked by WEB-RISK-66-001. | |
| WEB-RISK-67-001 | BLOCKED | 2025-12-06 | SPRINT_216_web_v | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Provide aggregated risk stats (/risk/status) for Console dashboards (counts per severity, last computation). Dependencies: WEB-RISK-66-002. |
Blocked by WEB-RISK-66-002. | |
| WEB-RISK-68-001 | BLOCKED | 2025-12-06 | SPRINT_216_web_v | BE-Base Platform Guild, Notifications Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Emit events on severity transitions via gateway to notifier bus with trace metadata. Dependencies: WEB-RISK-67-001. | Blocked by WEB-RISK-67-001. | |
| WEB-SIG-26-001 | BLOCKED | 2025-12-06 | SPRINT_216_web_v | BE-Base Platform Guild, Signals Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Surface /signals/callgraphs, /signals/facts read/write endpoints with pagination, ETags, and RBAC. |
Blocked: Signals API contract/fixtures not published. | |
| WEB-SIG-26-002 | BLOCKED | 2025-12-06 | SPRINT_216_web_v | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Extend /policy/effective and /vuln/explorer responses to include reachability scores/states and allow filtering. Dependencies: WEB-SIG-26-001. |
Blocked by WEB-SIG-26-001. | |
| WEB-SIG-26-003 | BLOCKED | 2025-12-06 | SPRINT_216_web_v | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add reachability override parameters to /policy/simulate and related APIs for what-if analysis. Dependencies: WEB-SIG-26-002. |
Blocked by WEB-SIG-26-002. | |
| WEB-TEN-47-001 | TODO | SPRINT_216_web_v | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement JWT verification, tenant activation from headers, scope matching, and decision audit emission for all API endpoints. | |||
| WEB-TEN-48-001 | TODO | SPRINT_216_web_v | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Set DB session stella.tenant_id, enforce tenant/project checks on persistence, prefix object storage paths, and stamp audit metadata. Dependencies: WEB-TEN-47-001. |
|||
| WEB-TEN-49-001 | TODO | SPRINT_216_web_v | BE-Base Platform Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Integrate optional ABAC overlay with Policy Engine, expose /audit/decisions API, and support service token minting endpoints. Dependencies: WEB-TEN-48-001. |
|||
| WEB-VEX-30-007 | BLOCKED | 2025-12-06 | SPRINT_216_web_v | BE-Base Platform Guild, VEX Lens Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Route /vex/consensus APIs with tenant RBAC/ABAC, caching, and streaming; surface telemetry and trace IDs without gateway-side overlay logic. |
Blocked: tenant RBAC/ABAC policies + VEX consensus stream contract not finalized. | |
| WEB-VULN-29-001 | BLOCKED | 2025-12-06 | SPRINT_216_web_v | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose /vuln/* endpoints via gateway with tenant scoping, RBAC/ABAC enforcement, anti-forgery headers, and request logging. |
Blocked: tenant scoping model/ABAC overlay not implemented; upstream risk chain stalled. | |
| WEB-VULN-29-002 | BLOCKED | 2025-12-06 | SPRINT_216_web_v | BE-Base Platform Guild, Findings Ledger Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Forward workflow actions to Findings Ledger with idempotency headers and correlation IDs; handle retries/backoff. Dependencies: WEB-VULN-29-001. | Blocked by WEB-VULN-29-001 and awaiting Findings Ledger idempotency headers wiring. | |
| WEB-VULN-29-003 | BLOCKED | 2025-12-06 | SPRINT_216_web_v | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Provide simulation and export orchestration routes with SSE/progress headers, signed download links, and request budgeting. Dependencies: WEB-VULN-29-002. | Blocked by WEB-VULN-29-002 and orchestrator/export contracts. | |
| WEB-VULN-29-004 | BLOCKED | 2025-12-06 | SPRINT_216_web_v | BE-Base Platform Guild, Observability Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Emit gateway metrics/logs (latency, error rates, export duration), propagate query hashes for analytics dashboards. Dependencies: WEB-VULN-29-003. | Blocked by WEB-VULN-29-003; observability specs not delivered. | |
| WORKER-21-203 | TODO | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | ||||
| WORKER-23-101 | TODO | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | ||||
| WORKER-23-102 | TODO | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | ||||
| WORKER-25-101 | TODO | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | ||||
| WORKER-25-102 | TODO | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | ||||
| WORKER-26-201 | TODO | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild, Signals Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | ||||
| WORKER-26-202 | TODO | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | ||||
| WORKER-27-301 | TODO | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Policy Registry Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | ||||
| WORKER-27-302 | TODO | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | ||||
| WORKER-27-303 | TODO | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Security Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | ||||
| WORKER-29-001 | TODO | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Findings Ledger Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | ||||
| WORKER-29-002 | TODO | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | ||||
| WORKER-29-003 | TODO | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | ||||
| WORKER-CONSOLE-23-201 | TODO | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | ||||
| WORKER-CONSOLE-23-202 | TODO | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | ||||
| WORKER-GO-32-001 | DONE | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | Bootstrap Go SDK project with configuration binding, auth headers, job claim/acknowledge client, and smoke sample. | |||
| WORKER-GO-32-002 | DONE | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | Add heartbeat/progress helpers, structured logging hooks, Prometheus metrics, and jittered retry defaults. Dependencies: WORKER-GO-32-001. | |||
| WORKER-GO-33-001 | DONE | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | Implement artifact publish helpers (object storage client, checksum hashing, metadata payload) and idempotency guard. Dependencies: WORKER-GO-32-002. | |||
| WORKER-GO-33-002 | DONE | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | Provide error classification/retry helper, exponential backoff controls, and structured failure reporting to orchestrator. Dependencies: WORKER-GO-33-001. | |||
| WORKER-GO-34-001 | DONE | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | Add backfill range execution helpers, watermark handshake utilities, and artifact dedupe verification for backfills. Dependencies: WORKER-GO-33-002. | |||
| WORKER-PY-32-001 | DONE | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | Bootstrap asyncio-based Python SDK (config, auth headers, job claim/ack) plus sample worker script. | |||
| WORKER-PY-32-002 | DONE | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | Implement heartbeat/progress helpers with structured logging, metrics exporter, and cancellation-safe retries. Dependencies: WORKER-PY-32-001. | |||
| WORKER-PY-33-001 | DONE | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | Add artifact publish/idempotency helpers (object storage adapters, checksum hashing, metadata payload) for Python workers. Dependencies: WORKER-PY-32-002. | |||
| WORKER-PY-33-002 | DONE | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | Provide error classification/backoff helper mapping to orchestrator codes, including jittered retries and structured failure reports. Dependencies: WORKER-PY-33-001. | |||
| WORKER-PY-34-001 | DONE | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | Implement backfill range iteration, watermark handshake, and artifact dedupe verification utilities for Python workers. Dependencies: WORKER-PY-33-002. | |||
| ZAS-002 | TODO | SPRINT_400_runtime_facts_static_callgraph_union | Zastava Observer Guild (src/Zastava/StellaOps.Zastava.Observer, docs/modules/zastava/architecture.md, docs/reachability/function-level-evidence.md) |
src/Zastava/StellaOps.Zastava.Observer, docs/modules/zastava/architecture.md, docs/reachability/function-level-evidence.md |
||||
| ZASTAVA-DOCS-0001 | TODO | SPRINT_335_docs_modules_zastava | Docs Guild (docs/modules/zastava) | docs/modules/zastava | See ./AGENTS.md | |||
| ZASTAVA-ENG-0001 | TODO | SPRINT_335_docs_modules_zastava | Module Team (docs/modules/zastava) | docs/modules/zastava | Update status via ./AGENTS.md workflow | |||
| ZASTAVA-ENV-01 | TODO | SPRINT_0140_0001_0001_runtime_signals | Observer adoption of Surface.Env helpers paused while Surface.FS cache contract finalizes. | |||||
| ZASTAVA-ENV-02 | TODO | SPRINT_0140_0001_0001_runtime_signals | Webhook helper migration follows ENV-01 completion. | |||||
| ZASTAVA-OPS-0001 | TODO | SPRINT_335_docs_modules_zastava | Ops Guild (docs/modules/zastava) | docs/modules/zastava | Sync outcomes back to ../.. | |||
| ZASTAVA-REACH-201-001 | TODO | SPRINT_400_runtime_facts_static_callgraph_union | Zastava Observer Guild (src/Zastava/StellaOps.Zastava.Observer) |
src/Zastava/StellaOps.Zastava.Observer |
Implement runtime symbol sampling in StellaOps.Zastava.Observer (EntryTrace-aware shell AST + build-id capture) and stream ND-JSON batches to Signals /runtime-facts, including CAS pointers for traces. Update runbook + config references. |
|||
| ZASTAVA-SECRETS-01 | TODO | SPRINT_0140_0001_0001_runtime_signals | Surface.Secrets wiring for Observer pending published cache endpoints. | |||||
| ZASTAVA-SECRETS-02 | TODO | SPRINT_0140_0001_0001_runtime_signals | Webhook secret retrieval cascades from SECRETS-01 work. | |||||
| ZASTAVA-SURFACE-01 | TODO | SPRINT_0140_0001_0001_runtime_signals | Surface.FS client integration blocked on Scanner layer metadata; tests ready once packages mirror offline dependencies. | |||||
| ZASTAVA-SURFACE-02 | TODO | SPRINT_0136_0001_0001_scanner_surface | Zastava Observer Guild (src/Zastava/StellaOps.Zastava.Observer) | src/Zastava/StellaOps.Zastava.Observer | Use Surface manifest reader helpers to resolve cas:// pointers and enrich drift diagnostics with manifest provenance. |
SURFACE-FS-02; ZASTAVA-SURFACE-01 | ||
| guard unit tests` | TODO | SPRINT_116_concelier_v | QA Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | Add unit tests for schema validators, forbidden-field guards (ERR_AOC_001/2/6/7), and supersedes chains to keep ingestion append-only. Depends on CONCELIER-WEB-AOC-19-002. |
|||
| store wiring` | TODO | SPRINT_113_concelier_ii | Concelier Storage Guild (src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo) | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | Move large raw payloads to object storage with deterministic pointers, update bootstrapper/offline kit seeds, and guarantee provenance metadata remains intact. Depends on CONCELIER-LNM-21-102. | NOTY0105 | ||
| DOCS-OBS-50-003 | DONE (2025-11-25) | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild, Observability Guild (docs) | docs/observability | Create /docs/observability/logging.md covering structured log schema, dos/don'ts, tenant isolation, and copyable examples. Dependencies: DOCS-OBS-50-002. |
Waiting on observability ADR from 066_PLOB0101 | DOOB0101 | |
| DOCS-OBS-50-003 | DONE (2025-11-25) | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild, Observability Guild (docs) | Create /docs/observability/logging.md covering structured log schema, dos/don'ts, tenant isolation, and copyable examples. Dependencies: DOCS-OBS-50-002. |
Waiting on observability ADR from 066_PLOB0101 | DOOB0101 | ||
| DOCS-OBS-50-004 | DONE (2025-11-25) | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild, Observability Guild (docs) | Draft /docs/observability/tracing.md explaining context propagation, async linking, CLI header usage, and sampling strategies. Dependencies: DOCS-OBS-50-003. |
— | DOOB0101 | ||
| DOCS-OBS-51-001 | DONE (2025-11-25) | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild, DevOps Guild (docs) | Publish /docs/observability/metrics-and-slos.md cataloging metrics, SLO targets, burn rate policies, and alert runbooks. Dependencies: DOCS-OBS-50-004. |
— | DOOB0101 | ||
| DOCS-ORCH-32-001 | DONE (2025-11-25) | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | docs/orchestrator/overview.md | Author /docs/orchestrator/overview.md covering mission, roles, AOC alignment, governance, with imposed rule reminder. |
— | DOOR0102 | |
| DOCS-ORCH-32-002 | DONE (2025-11-25) | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | docs/orchestrator/architecture.md | Author /docs/orchestrator/architecture.md detailing scheduler, DAGs, rate limits, data model, message bus, storage layout, restating imposed rule. Dependencies: DOCS-ORCH-32-001. |
— | DOOR0102 | |
| DOCS-ORCH-33-001 | DONE (2025-11-25) | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | docs/orchestrator/api.md | Publish /docs/orchestrator/api.md (REST/WebSocket endpoints, payloads, error codes) with imposed rule note. Dependencies: DOCS-ORCH-32-002. |
— | DOOR0102 | |
| DOCS-ORCH-33-002 | DONE (2025-11-25) | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | docs/orchestrator/console.md | Publish /docs/orchestrator/console.md covering screens, a11y, live updates, control actions, reiterating imposed rule. Dependencies: DOCS-ORCH-33-001. |
— | DOOR0102 | |
| DOCS-ORCH-33-003 | DONE (2025-11-25) | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | docs/orchestrator/cli.md | Publish /docs/orchestrator/cli.md documenting commands, options, exit codes, streaming output, offline usage, and imposed rule. Dependencies: DOCS-ORCH-33-002. |
— | DOOR0102 | |
| DOCS-ORCH-34-001 | DONE (2025-11-25) | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | docs/orchestrator/run-ledger.md | Author /docs/orchestrator/run-ledger.md covering ledger schema, provenance chain, audit workflows, with imposed rule reminder. Dependencies: DOCS-ORCH-33-003. |
— | DOOR0102 | |
| DOCS-ORCH-34-002 | DONE (2025-11-25) | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | docs/security/secrets-handling.md | Update /docs/security/secrets-handling.md for orchestrator KMS refs, redaction badges, operator hygiene, reiterating imposed rule. Dependencies: DOCS-ORCH-34-001. |
— | DOOR0102 | |
| DOCS-ORCH-34-003 | DONE (2025-11-25) | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | docs/operations/orchestrator-runbook.md | Publish /docs/operations/orchestrator-runbook.md (incident playbook, backfill guide, circuit breakers, throttling) with imposed rule statement. Dependencies: DOCS-ORCH-34-002. |
— | DOOR0102 | |
| DOCS-ORCH-34-004 | DONE (2025-11-25) | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | docs/schemas/artifacts.md | Document /docs/schemas/artifacts.md describing artifact kinds, schema versions, hashing, storage layout, restating imposed rule. Dependencies: DOCS-ORCH-34-003. |
— | DOOR0102 | |
| DOCS-ORCH-34-005 | DONE (2025-11-25) | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | docs/slo/orchestrator-slo.md | Author /docs/slo/orchestrator-slo.md defining SLOs, burn alerts, measurement, and reiterating imposed rule. Dependencies: DOCS-ORCH-34-004. |
— | DOOR0102 | |
| DOCS-OAS-62-001 | DONE (2025-11-25) | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild, Developer Portal Guild (docs) | docs/api/reference/README.md | Stand up /docs/api/reference/ auto-generated site; integrate with portal nav. Dependencies: DOCS-OAS-61-003. |
— | DOOA0101 | |
| CI RECIPES-DOCS-0001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0315_0001_0001_docs_modules_ci | Docs Guild (docs/modules/ci) | docs/modules/ci | Update module charter docs (AGENTS/README/architecture/implementation_plan) with determinism + offline posture; sprint normalized. | — | |
| CI RECIPES-ENG-0001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0315_0001_0001_docs_modules_ci | Module Team (docs/modules/ci) | docs/modules/ci | Establish TASKS board and status mirroring rules for CI Recipes contributors. | CI RECIPES-DOCS-0001 | |
| CI RECIPES-OPS-0001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0315_0001_0001_docs_modules_ci | Ops Guild (docs/modules/ci) | docs/modules/ci | Sync outcomes back to sprint + legacy filename stub; ensure references resolve to normalized sprint path. | CI RECIPES-DOCS-0001; CI RECIPES-ENG-0001 | |
| WEB-TEN-47-CONTRACT | DONE (2025-12-01) | 2025-12-01 | SPRINT_0216_0001_0001_web_v | BE-Base Platform Guild | docs/api/gateway/tenant-auth.md | Publish gateway routing + tenant header/ABAC contract (headers, scopes, samples, audit notes). | — | — |
| WEB-VULN-29-LEDGER-DOC | DONE (2025-12-01) | 2025-12-01 | SPRINT_0216_0001_0001_web_v | Findings Ledger Guild · BE-Base Platform Guild | docs/api/gateway/findings-ledger-proxy.md | Capture idempotency + correlation header contract for Findings Ledger proxy and retries/backoff defaults. | — | — |
| WEB-RISK-68-NOTIFY-DOC | DONE (2025-12-01) | 2025-12-01 | SPRINT_0216_0001_0001_web_v | Notifications Guild · BE-Base Platform Guild | docs/api/gateway/notifications-severity.md | Document severity transition event schema (fields, trace metadata) for notifier bus integration. | — | — |