stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
885ce86af47f000b1f8e5e44b9b2ab919c1f2021
git.stella-ops.org/docs/implplan/SPRINT_132_scanner_surface.md
StellaOps Bot 909d9b6220
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
up
2025-12-01 21:16:22 +02:00

8.5 KiB
Raw Blame History

Sprint 132 · Scanner & Surface

Topic & Scope

  • Phase III of Scanner & Surface: harden language analyzers with focus on Node.js VFS/resolution and complete remaining surface capture.
  • Implementation order stays sequential across Sprint 130139; complete upstream sprint 131 items before pulling parallel work.
  • Working directory: src/Scanner (language analyzers under src/Scanner/__Libraries).

Dependencies & Concurrency

  • Upstream: Sprint 131 (SCANNER-ANALYZERS-LANG-11-001 foundation for .NET analyzer heuristics).
  • Completed native analyzer stream (NATIVE-20-xxx) provides resolver patterns; reuse determinism and explain-trace patterns.

Documentation Prerequisites

  • docs/modules/scanner/architecture.md
  • docs/modules/platform/architecture-overview.md
  • src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node/AGENTS.md

Delivery Tracker

# Task ID Status Key dependency / next step Owners Task Definition
1 SCANNER-ANALYZERS-LANG-11-002 BLOCKED Await SCANNER-ANALYZERS-LANG-11-001 foundation from Sprint 131 StellaOps.Scanner EPDR Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet) Implement static analyzer (IL + reflection heuristics) capturing AssemblyRef, ModuleRef/PInvoke, DynamicDependency, reflection literals, DI patterns, and custom AssemblyLoadContext probing hints. Emit dependency edges with reason codes and confidence.
2 SCANNER-ANALYZERS-LANG-11-003 BLOCKED Depends on 11-002; runtime evidence harness pending StellaOps.Scanner EPDR Guild, Signals Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet) Ingest optional runtime evidence (AssemblyLoad, Resolving, P/Invoke) via event listener harness; merge runtime edges with static/declared ones and attach reason codes/confidence.
3 SCANNER-ANALYZERS-LANG-11-004 BLOCKED Depends on 11-003 StellaOps.Scanner EPDR Guild, SBOM Service Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet) Produce normalized observation export to Scanner writer: entrypoints + dependency edges + environment profiles (AOC compliant). Wire to SBOM service entrypoint tagging.
4 SCANNER-ANALYZERS-LANG-11-005 BLOCKED Depends on 11-004 StellaOps.Scanner EPDR Guild, QA Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet) Add comprehensive fixtures/benchmarks covering framework-dependent, self-contained, single-file, trimmed, NativeAOT, multi-RID scenarios; include explain traces and perf benchmarks vs previous analyzer.
5 SCANNER-ANALYZERS-NATIVE-20-001 DONE Native Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) Implement format detector and binary identity model supporting ELF, PE/COFF, and Mach-O (including fat slices). Capture arch, OS, build-id/UUID, interpreter metadata.
6 SCANNER-ANALYZERS-NATIVE-20-002 DONE Native Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) Parse ELF dynamic sections: DT_NEEDED, DT_RPATH, DT_RUNPATH, symbol versions, interpreter, and note build-id. Emit declared dependency records with reason elf-dtneeded and attach version needs.
7 SCANNER-ANALYZERS-NATIVE-20-003 DONE Native Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) Parse PE imports, delay-load tables, manifests/SxS metadata, and subsystem flags. Emit edges with reasons pe-import and pe-delayimport, plus SxS policy metadata.
8 SCANNER-ANALYZERS-NATIVE-20-004 DONE Native Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) Parse Mach-O load commands (LC_LOAD_DYLIB, LC_REEXPORT_DYLIB, LC_RPATH, LC_UUID, fat headers). Handle @rpath/@loader_path placeholders and slice separation.
9 SCANNER-ANALYZERS-NATIVE-20-005 DONE Native Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) Implement resolver engine modeling loader search order for ELF (rpath/runpath/cache/default), PE (SafeDll search + SxS), and Mach-O (@rpath expansion). Works against virtual image roots, producing explain traces.
10 SCANNER-ANALYZERS-NATIVE-20-006 DONE Native Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) Build heuristic scanner for dlopen/LoadLibrary strings, plugin ecosystem configs, and Go/Rust static hints. Emit edges with reason_code (string-dlopen, config-plugin, ecosystem-heuristic) and confidence levels.
11 SCANNER-ANALYZERS-NATIVE-20-007 DONE Native Analyzer Guild, SBOM Service Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) Serialize AOC-compliant observations: entrypoints + dependency edges + environment profiles (search paths, interpreter, loader metadata). Integrate with Scanner writer API.
12 SCANNER-ANALYZERS-NATIVE-20-008 DONE Native Analyzer Guild, QA Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) Author cross-platform fixtures (ELF dynamic/static, PE delay-load/SxS, Mach-O @rpath, plugin configs) and determinism benchmarks (<25 ms / binary, <250 MB).
13 SCANNER-ANALYZERS-NATIVE-20-009 DONE Native Analyzer Guild, Signals Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) Provide optional runtime capture adapters (Linux eBPF dlopen, Windows ETW ImageLoad, macOS dyld interpose) writing append-only runtime evidence. Include redaction/sandbox guidance.
14 SCANNER-ANALYZERS-NATIVE-20-010 DONE Native Analyzer Guild, DevOps Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) Package native analyzer as restart-time plug-in with manifest/DI registration; update Offline Kit bundle + documentation.
15 SCANNER-ANALYZERS-NODE-22-001 DONE VFS/input normalizer implemented for dirs/tgz/container layers/pnpm/Yarn PnP; Node version detection wired Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) Build input normalizer + VFS for Node projects: dirs, tgz, container layers, pnpm store, Yarn PnP zips; detect Node version targets and workspace roots deterministically.
16 SCANNER-ANALYZERS-NODE-22-002 DONE Entrypoint discovery expanded; condition sets emitted Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) Implement entrypoint discovery (bin/main/module/exports/imports, workers, electron, shebang scripts) and condition set builder per entrypoint.
17 SCANNER-ANALYZERS-NODE-22-003 DONE Import walker supports dynamic patterns + source maps with confidence tagging Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) Parse JS/TS sources for static import, require, import() and string concat cases; flag dynamic patterns with confidence levels; support source map de-bundling.
18 SCANNER-ANALYZERS-NODE-22-004 DONE Node resolver engine integrated (core modules, exports/imports maps, extension precedence, self refs) Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) Implement Node resolver engine for CJS + ESM (core modules, exports/imports maps, conditions, extension priorities, self-references) parameterised by node_version.
19 SCANNER-ANALYZERS-NODE-22-005 DONE Yarn PnP + pnpm virtual store adapters operational via VFS Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) Add package manager adapters: Yarn PnP (.pnp.data/.pnp.cjs), pnpm virtual store, npm/Yarn classic hoists; operate entirely in virtual FS.

Execution Log

Date (UTC) Update Owner
2025-12-01 Normalized sprint file to standard template; preserved existing tasks and statuses. Planning
2025-12-01 Started Node stream tasks 22-001 → 22-005 (Scanner & Surface phase III). Node Analyzer Guild
2025-12-01 Completed Node stream tasks 22-001 → 22-005; VFS/resolver/import walker shipped with updated fixtures and tests. Node Analyzer Guild

Decisions & Risks

  • DotNet analyzer stream (11-002 → 11-005) remains blocked pending foundation task SCANNER-ANALYZERS-LANG-11-001 from Sprint 131.
  • Native analyzer stream (NATIVE-20-001 → NATIVE-20-010) completed with 165 passing tests; serves as reference for determinism and resolver explain traces.
  • Missing components for Sprint 132 (Node stream): VFS for container layers/pnpm/Yarn PnP, exports/imports condition builder, dynamic import analysis with confidence, Node resolver, pnpm virtual store adapter.

Next Checkpoints

  • None scheduled; align asynchronously with upstream Sprint 131 completion and Node guild milestones.