stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
885ce86af47f000b1f8e5e44b9b2ab919c1f2021
git.stella-ops.org/docs/implplan/SPRINT_300_documentation_process.md
StellaOps Bot 44171930ff
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
devportal-offline / build-offline (push) Has been cancelled
Details
feat: Add UI benchmark driver and scenarios for graph interactions 
- Introduced `ui_bench_driver.mjs` to read scenarios and fixture manifest, generating a deterministic run plan.
- Created `ui_bench_plan.md` outlining the purpose, scope, and next steps for the benchmark.
- Added `ui_bench_scenarios.json` containing various scenarios for graph UI interactions.
- Implemented tests for CLI commands, ensuring bundle verification and telemetry defaults.
- Developed schemas for orchestrator components, including replay manifests and event envelopes.
- Added mock API for risk management, including listing and statistics functionalities.
- Implemented models for risk profiles and query options to support the new API.
2025-12-02 01:28:17 +02:00

13 KiB
Raw Blame History

Sprint 300 · Documentation & Process

Topic & Scope

  • Govern the documentation process ladder, ensuring Docs Tasks Md.I (Sprint 301) and subsequent Md phases stay sequenced and resourced.
  • Coordinate module dossier refreshes once Docs Tasks Md ladder has progressed enough to support them.

Dependencies & Concurrency

  • Requires upstream enablement from Sprint 100.A (Attestor), Sprint 110.A (Advisory AI), Sprint 120.A (AirGap), Sprint 130.A (Scanner), Sprint 140.A (Graph), Sprint 150.A (Orchestrator), Sprint 160.A (Evidence Locker), Sprint 170.A (Notifier), Sprint 180.A (CLI), and Sprint 190.A (Ops Deployment).
  • Streams in the 300 decade stay independent once their prerequisites are met; do not let 300-series sprints depend on each other within the same decade.

Documentation Prerequisites

  • docs/implplan/README.md
  • docs/modules/platform/architecture-overview.md
  • docs/README.md

Task Board

Stream Status Owner(s) Dependencies Notes
200.A Docs Tasks.md ladder (Sprint 301 onwards) BLOCKED (2025-11-19) Docs Guild · Ops Guild Attestor 100.A; Advisory AI 110.A; AirGap 120.A; Scanner 130.A; Graph 140.A; Orchestrator 150.A; EvidenceLocker 160.A; Notifier 170.A; CLI 180.A; Ops Deployment 190.A Awaiting upstream artefacts (SBOM/CLI/Policy/AirGap determinism) before Md.I template rollout can continue.
200.B Module dossiers (Sprints 312335) TODO Docs Guild · Module Guild owners Docs Tasks Md ladder to at least Md.II; Ops deployment evidence Stays queued until Docs Tasks Md ladder provides updated process + assets.
Developer quickstart advisory sync TODO Docs Guild 29-Nov-2025 advisory + onboarding doc draft Publish the onboarding quickstart advisory + docs/onboarding/dev-quickstart.md, update docs/README.md, modules/platform/architecture-overview.md, and ADVISORY_INDEX.md, and confirm sprint/AGENTS references per the advisory workflow.
Acceptance tests guardrails sync TODO Docs Guild · QA Guild 29-Nov-2025 advisory + checklist draft Publish the Acceptance Tests Pack advisory, cross-link to sprint/guardrail docs, and capture sprint board checklist for CI/DB/rew definitions. Track AT1AT10 gaps (see 31-Nov-2025 FINDINGS.md); align schema/signing/offline pack + reporting SLOs.
AT-GAPS-300-012 TODO Docs Guild · QA Guild 29-Nov-2025 acceptance pack Close AT1AT10: signed acceptance-pack schema, deterministic fixtures/seeds, expanded coverage (admission/VEX/auth), DSSE provenance + offline guardrail-pack, gating threshold schema, replay parity checks, policy DSSE negative tests, PITR rehearsal automation, and SLO-backed reporting.
SBOM-VEX-GAPS-300-013 TODO Platform Guild · Docs Guild · Evidence/Policy Guilds 29-Nov-2025 SBOM→VEX blueprint Close BP1BP10: signed schemas + chain hash recipe, predicate alignment, inputs.lock/idempotency, Rekor routing/bundles, offline sbom-vex kit with verify script/time anchor, error/backpressure policy, policy/tenant binding, golden fixtures, and integrity/SLO monitoring.
SCA-FIXTURE-GAPS-300-014 TODO Docs Guild · QA Guild · Scanner Guild 29-Nov-2025 SCA failure catalogue Close FC1FC10: signed deterministic fixture pack, seeds/UTC builds, expanded coverage (DB/schema drift, parity checks, VEX/graph drift, offline updater), result schema, offline/no-network mode, tool/version matrix, reporting SLOs, CI wiring, provenance/licensing notes, and README links in AGENTS/sprints.
ONBOARD-GAPS-300-015 TODO Docs Guild · DevOnboarding Guild 29-Nov-2025 mid-level .NET onboarding Close OB1OB10: expand quick-start with prerequisites/offline steps, determinism/DSSE/secret handling, DB matrix, UI gap note, linked starter issues, Rekor/mirror workflow, contribution checklist, and doc cross-links; publish updated doc and references in AGENTS/sprints.
EVIDENCE-PATTERNS-GAPS-300-016 TODO Docs Guild · UI Guild · Policy/Export Guilds 30-Nov-2025 comparative evidence patterns Close CE1CE10: evidence/suppression/export schemas with canonical rules, unified suppression/VEX model, justification/expiry taxonomy, offline evidence-kit, a11y requirements, observability metrics, suppressed visibility policy, fixtures, and versioned change control.
ECOSYS-FIXTURES-GAPS-300-017 TODO QA Guild · Scanner Guild · Docs Guild 30-Nov-2025 ecosystem reality test cases Close ET1ET10: signed fixture pack + expected-result schema, deterministic builds/seeds, secret-leak assertions, offline/no-network enforcement, version matrix + DB pinning, SBOM parity thresholds, CI ownership/SLOs, provenance/licensing, retention/redaction policy, and ID/CVSS normalization utilities.
IMPLEMENTOR-GAPS-300-018 TODO Docs Guild · Platform Guild 30-Nov-2025 implementor guidelines Close IG1IG10: enforceable checklist + CI gates, schema/versioning change control, determinism/offline/secret/provenance requirements, perf/quota tests, boundary rules, and AGENTS/sprint linkages.
STANDUP-GAPS-300-019 TODO Docs Guild · Ops Guild 30-Nov-2025 standup sprint kickstarters Close SK1SK10: kickstarter template alignment with sprint template, readiness evidence checklist, dependency ledger with owners/SLOs, time-box/exit rules, async/offline workflow, Execution Log updates, decisions/risks delta capture, metrics (blocker clear rate/latency), role assignment, and lint/checks to enforce completion.
ARCHIVED-GAPS-300-020 TODO Docs Guild · Architecture Guild 1523 Nov archived advisories Decide which archived advisories to revive; close AR-* gaps (see 31-Nov-2025 FINDINGS.md per-advisory table): publish canonical schemas/recipes (provenance, reachability, PURL/Build-ID), licensing/manifest rules, determinism seeds/SLOs, redaction/isolation, changelog/checkpoint signing, supersede duplicates (SBOM-Provenance-Spine, archived VB reachability), and document PostgreSQL storage blueprint guardrails.
Plugin architecture gaps remediation TODO Docs Guild · Module Guilds (Authority/Scanner/Concelier) 28-Nov-2025 plugin advisory Close PL1PL10 from 31-Nov-2025 FINDINGS.md: publish signed schemas/capability catalog, sandbox/resource limits, provenance/SBOM + DSSE verification, determinism harness, compatibility matrix, dependency/secret rules, crash kill-switch, offline kit packaging/verify script, and signed plugin index with revocation/CVE data.
CVSS v4.0 momentum sync TODO Docs Guild 29-Nov-2025 advisory + briefing draft Publish the CVSS v4.0 momentum briefing, highlight adoption signals, and link to sprint decisions for SPRINT_0190.* and docs coverage.
SBOM→VEX proof blueprint sync TODO Docs Guild 29-Nov-2025 advisory + blueprint draft Publish the SBOM→VEX blueprint, link to platform/blueprint docs, and capture diagram/stub updates for DSSE/Rekor/VEX.
SCA failure catalogue sync TODO Docs Guild 29-Nov-2025 advisory + catalogue draft Publish the SCA failure catalogue, reference the concrete regressions, and tie the test-vector guidance back into sprint risk logs.
Implementor guidelines sync TODO Docs Guild 30-Nov-2025 advisory + checklist draft Publish the Implementor Guidelines advisory, note the checklist extraction, and mention the doc in sprint/AGENTS references.
Rekor receipt checklist sync TODO Docs Guild 30-Nov-2025 advisory + checklist draft Publish the Rekor Receipt Checklist, update module docs (Authority/Sbomer/Vexer) with ownership map, highlight offline metadata requirements.
Unknowns decay/triage sync TODO Docs Guild 30-Nov-2025 advisory + heuristic draft Publish the Unknowns Decay & Triage brief, link to UnknownsRegistry docs, and capture UI artifacts for cards + queue exports.
Ecosystem reality test cases sync TODO Docs Guild 30-Nov-2025 advisory + test spec draft Publish the Ecosystem Reality Test Cases advisory, link each incident to an acceptance test, and note exported artifacts/commands.
Standup sprint kickstarters sync TODO Docs Guild 30-Nov-2025 advisory + task plan draft Publish the Standup Sprint Kickstarters advisory, surface ticket names, and tie the tasks into MSC sprint logs.
Evidence + suppression pattern sync TODO Docs Guild 30-Nov-2025 advisory + comparison draft Publish the Comparative Evidence Patterns advisory, highlight the UX/data-model takeaways, and reference doc links per tool.

Execution Log

Date (UTC) Update Owner
2025-11-13 Sprint 300 switched to topic-oriented template; Docs Tasks Md ladder marked DOING to reflect ongoing restructuring work. Docs Guild
2025-11-19 Marked Docs Tasks Md ladder BLOCKED pending upstream artefacts for Md.I dossier rollouts. Implementer
2025-11-30 Added the 29-Nov-2025 Developer Quickstart advisory, docs/onboarding/dev-quickstart.md, and cross-links (README/platform/ADVISORY_INDEX); created this advisory sync task row. Docs Guild
2025-11-30 Added the 29-Nov-2025 Acceptance Tests Pack advisory and checklist; noted new task row for guardrail sprint artifacts. Docs Guild
2025-11-30 Added the 29-Nov-2025 CVSS v4.0 Momentum advisory and indexed the adoption briefing; noted sprint sync row for CVSS momentum context. Docs Guild
2025-11-30 Added the 29-Nov-2025 SCA Failure Catalogue advisory and indexed the concrete test vectors; noted sprint sync row for failure catalog references. Docs Guild
2025-11-30 Added the 29-Nov-2025 SBOM→VEX Proof Blueprint advisory and outlined diagram/stub follow-up; logged sprint sync row for the blueprint. Docs Guild
2025-12-01 Added SCA-FIXTURE-GAPS-300-014 to track FC1FC10 remediation from 31-Nov-2025 FINDINGS.md; status TODO pending fixture pack/signing/offline gating. Project Mgmt
2025-12-01 Added ONBOARD-GAPS-300-015 to track OB1OB10 remediation from 31-Nov-2025 FINDINGS.md; status TODO pending quick-start expansion and cross-links. Project Mgmt
2025-12-01 Added EVIDENCE-PATTERNS-GAPS-300-016 to track CE1CE10 remediation from 31-Nov-2025 FINDINGS.md; status TODO pending evidence/suppression schema work and offline kit design. Project Mgmt
2025-12-01 Added ECOSYS-FIXTURES-GAPS-300-017 to track ET1ET10 remediation from 31-Nov-2025 FINDINGS.md; status TODO pending fixture pack creation and CI wiring. Project Mgmt
2025-12-01 Added IMPLEMENTOR-GAPS-300-018 to track IG1IG10 remediation from 31-Nov-2025 FINDINGS.md; status TODO pending enforceable checklist/CI gates rollout. Project Mgmt
2025-12-01 Added STANDUP-GAPS-300-019 to track SK1SK10 remediation from 31-Nov-2025 FINDINGS.md; status TODO pending kickstarter template updates, async/offline workflows, metrics, and lint enforcement. Project Mgmt
2025-12-01 Added ARCHIVED-GAPS-300-020 to triage AR-* gaps from archived advisories (1523 Nov 2025); status TODO pending decision on which to revive and schema/recipe publication. Project Mgmt
2025-11-30 Added the 30-Nov-2025 Rekor Receipt Checklist advisory and noted the ownership/action map for Authority/Sbomer/Vexer. Docs Guild
2025-11-30 Added the 30-Nov-2025 Ecosystem Reality Test Cases advisory (credential leak, Trivy offline DB, SBOM parity, Grype divergence) and logged the acceptance test intent. Docs Guild
2025-11-30 Added the 30-Nov-2025 Unknowns Decay & Triage advisory and noted UI + export artifacts for UnknownsRegistry + queues. Docs Guild
2025-11-30 Added the 30-Nov-2025 Standup Sprint Kickstarters advisory, highlighting the three unblocker tasks/tickets and the proposed owners. Docs Guild
2025-11-30 Added the 30-Nov-2025 Comparative Evidence Patterns advisory and recorded cross-tool evidence/suppression nuggets for UX designers. Docs Guild
2025-11-30 Added the 30-Nov-2025 Implementor Guidelines advisory and checked the docs + sprint sync references; the row stays TODO until docs link updates finish. Docs Guild
2025-12-01 Added AT-GAPS-300-012 to track AT1AT10 remediation from 31-Nov-2025 FINDINGS.md; status TODO pending schema/signing/offline pack updates. Project Mgmt
2025-12-01 Added SBOM-VEX-GAPS-300-013 to track BP1BP10 remediation from 31-Nov-2025 FINDINGS.md; status TODO pending chain schema/hash publication and sbom-vex kit design. Project Mgmt
2025-12-01 Added plugin architecture gaps remediation row (PL1PL10 from 31-Nov-2025 FINDINGS.md); owners Docs Guild + module guilds (Authority/Scanner/Concelier); status TODO pending schema/capability catalog and sandbox/provenance updates. Project Mgmt

Decisions & Risks

Item Type Owner(s) Due Notes
Confirm sequencing gates between Md.I and module dossiers Decision Docs Guild · Module guild leads 2025-11-18 Needed before opening 312335 sprints.
Risk: Docs capacity constrained while Md.I remains open Risk Docs Guild Ongoing Track velocity; request backup writers if Md.I exceeds 2-week window.

Next Checkpoints

Date (UTC) Session Goal Owner(s)
2025-11-15 Docs ladder stand-up Review Md.I progress, confirm readiness to open Md.II (Sprint 302). Docs Guild
2025-11-18 Module dossier planning call Validate prerequisites before flipping dossier sprints to DOING. Docs Guild · Module guild leads

Appendix

  • Prior version archived at docs/implplan/archived/SPRINT_300_documentation_process_2025-11-13.md.