stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 12 Releases Wiki Activity
Files
8768c27f30d4849b4f983ee6121d710c5eba9992
git.stella-ops.org/docs/notifications/gaps-nr1-nr10.md
StellaOps Bot 8768c27f30
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Signals DSSE Sign & Evidence Locker / sign-signals-artifacts (push) Has been cancelled
Details
Signals DSSE Sign & Evidence Locker / verify-signatures (push) Has been cancelled
Details
Add signal contracts for reachability, exploitability, trust, and unknown symbols 
- Introduced `ReachabilityState`, `RuntimeHit`, `ExploitabilitySignal`, `ReachabilitySignal`, `SignalEnvelope`, `SignalType`, `TrustSignal`, and `UnknownSymbolSignal` records to define various signal types and their properties.
- Implemented JSON serialization attributes for proper data interchange.
- Created project files for the new signal contracts library and corresponding test projects.
- Added deterministic test fixtures for micro-interaction testing.
- Included cryptographic keys for secure operations with cosign.
2025-12-05 00:27:00 +02:00

6.4 KiB
Raw Blame History

Notify Gaps NR1NR10 — Remediation Blueprint (source: docs/product-advisories/31-Nov-2025 FINDINGS.md)

Scope

Close NR1NR10 by defining contracts, evidence, and deterministic test hooks for the Notifier runtime (service + worker + offline kit). This doc is the detailed layer referenced by sprint SPRINT_0171_0001_0001_notifier_i and NOTIFY-GAPS-171-014.

Gap requirements, evidence, and tests

ID Requirement Evidence to publish Deterministic tests/fixtures
NR1 Versioned JSON Schemas for event envelopes, rules, templates, channels, receipts, and webhooks; DSSE-signed catalog with canonical hash recipe (BLAKE3-256 over normalized JSON). docs/notifications/schemas/notify-schemas-catalog.json + .dsse.json; docs/notifications/schemas/inputs.lock capturing digests and canonicalization flags. Golden canonicalization harness under tests/notifications/Schemas/SchemaCanonicalizationTests.cs using frozen inputs + hash assertions.
NR2 Tenant scoping + approvals for high-impact rules (escalations, PII, cross-tenant fan-out). Every API and receipt carries tenant_id; RBAC/approvals enforced. RBAC/approval matrix (docs/notifications/security/tenant-approvals.md) listing actions × roles × required approvals. API contract tests in StellaOps.Notifier.Tests/TenantScopeTests.cs plus integration fixtures with mixed-tenant payloads (should reject).
NR3 Deterministic rendering/localization: stable merge-field ordering, UTC ISO-8601 timestamps, locale whitelist, hashed previews recorded in ledger. Rendering fixture pack docs/notifications/fixtures/rendering/*.json; hash ledger samples docs/notifications/fixtures/rendering/index.ndjson with BLAKE3 digests. StellaOps.Notifier.Tests/RenderingDeterminismTests.cs compares golden bodies/subjects across locales/timezones; seeds fixed RNG/time.
NR4 Quotas/backpressure/DLQ: per-tenant/channel quotas, burst budgets, enqueue gating, DLQ schema with redrive + idempotent keys; metrics/alerts for backlog/DLQ growth. Quota policy docs/notifications/operations/quotas.md; DLQ schema docs/notifications/schemas/dlq-notify.schema.json. Worker tests StellaOps.Notifier.Tests/BackpressureAndDlqTests.cs validating quota enforcement, DLQ insertion, redrive idempotency.
NR5 Retry & idempotency: canonical delivery_id (UUIDv7) + dedupe key (event×rule×channel); bounded exponential backoff with jitter; idempotent connectors; ignore out-of-order acks. Retry matrix docs/notifications/operations/retries.md; connector idempotency checklist. StellaOps.Notifier.Tests/RetryPolicyTests.cs + connector harness fixtures demonstrating dedupe across duplicate events.
NR6 Webhook/ack security: HMAC or mTLS/DPoP required; signed ack URLs/tokens with nonce, expiry, audience, single-use; per-tenant allowlists for domains/paths. Security policy docs/notifications/security/webhook-ack-hardening.md; sample signed-ack token format + validation steps. Negative-path tests StellaOps.Notifier.Tests/WebhookSecurityTests.cs covering wrong HMAC, replayed nonce, expired token, disallowed domain.
NR7 Redaction & PII limits: classify template fields; redact secrets/PII in storage/logs; hash sensitive values; size/field allowlists; previews/logs default to redacted variant. Redaction catalog docs/notifications/security/redaction-catalog.md; sample redacted payloads docs/notifications/fixtures/redaction/*.json. StellaOps.Notifier.Tests/RedactionTests.cs asserting stored/preview payloads match redacted expectations.
NR8 Observability SLO alerts: SLOs for delivery latency/success/backlog/DLQ age; standard metrics names; dashboards/alerts/runbooks; traces include tenant/rule/channel IDs with sampling rules. Dashboard JSON docs/notifications/operations/dashboards/notify-slo.json; alert rules docs/notifications/operations/alerts/notify-slo-alerts.yaml; runbook link. StellaOps.Notifier.Tests/ObservabilityContractsTests.cs verifying metric names/labels; trace exemplar fixture docs/notifications/fixtures/traces/sample-trace.json.
NR9 Offline notify-kit with DSSE: bundle schemas, rules/templates, connector configs, verify script, hash list, time-anchor hook; deterministic packaging flags; tenant/env scoping; DSSE-signed manifest. Manifest offline/notifier/notify-kit.manifest.json, DSSE offline/notifier/notify-kit.manifest.dsse.json, hash list offline/notifier/artifact-hashes.json, verify script offline/notifier/verify_notify_kit.sh. Determinism check tests/offline/NotifyKitDeterminismTests.sh (shell) verifying hash list, DSSE, scope enforcement, packaging flags.
NR10 Mandatory simulations & evidence before activation: dry-run against frozen fixtures; DSSE-signed simulation results attached to approvals; regression tests per high-impact rule/template change. Simulation report docs/notifications/simulations/<rule-id>-report.json + DSSE; approval evidence log docs/notifications/simulations/index.ndjson. StellaOps.Notifier.Tests/SimulationGateTests.cs enforcing simulation requirement and evidence linkage before active=true.

Delivery + governance hooks

  • Add the above evidence paths to the NOTIFY-GAPS-171-014 task in docs/implplan/SPRINT_0171_0001_0001_notifier_i.md and mirror status in src/Notifier/StellaOps.Notifier/TASKS.md.
  • When artifacts land, append TRX/fixture links in the sprint Execution Log and reference this doc under Decisions & Risks.
  • Offline kit artefacts must mirror mirror/offline packaging rules (deterministic flags, time-anchor hook, PQ dual-sign toggle) already used by Mirror/Offline sprints.
  • Simulation evidence lives in docs/notifications/simulations/ (index.ndjson + per-rule reports) and is validated by contract tests under Contracts/PolicyDocsCompletenessTests.cs.
  • Contract tests under Contracts/ verify schema catalog ↔ DSSE alignment, fixture hashes, simulation index presence, and offline kit manifest/DSSE consistency.

Next steps

  1. Generate initial schema catalog (notify-schemas-catalog.json) with rule/template/channel/webhook/receipt definitions and run canonicalization harness.
  2. Produce redaction catalog, quotas policy, retry matrix, and security hardening docs referenced above.
  3. Add golden fixtures/tests outlined above and wire CI filters to run determinism + security suites for Notify.
  4. Build notify-kit manifest + DSSE and publish verify_notify_kit.sh aligned with offline bundle policies.