stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
8a72779c16f6c58282f35e1cfe2d8efcf934634b
git.stella-ops.org/docs/implplan/tasks-all.md
StellaOps Bot 8a72779c16 ops: add mock-ready VEX/Vuln runbooks
2025-12-07 00:09:24 +00:00

4414 lines
1.2 MiB
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

| Task ID | Status | Status Date | Sprint | Owners | Directory | Task Description | Dependencies | New Sprint Name |
| --- | --- | --- | --- | --- | --- | --- | --- | --- |
| PROGRAM-STAFF-1001 | DONE (2025-11-24) | 2025-11-24 | SPRINT_0100_0001_0001_program_management | Program Mgmt Guild | | MIRROR-COORD-55-001 | MIRROR-COORD-55-001 | PGMI0101 |
| MIRROR-COORD-55-001 | DONE (2025-11-24) | 2025-11-24 | SPRINT_0100_0001_0001_program_management | Program Mgmt Guild · Mirror Creator Guild | | — | — | PGMI0101 |
| ELOCKER-CONTRACT-2001 | DONE (2025-11-24) | 2025-11-24 | SPRINT_0200_0001_0001_attestation_coord | Evidence Locker Guild | docs/modules/evidence-locker/prep/2025-11-24-evidence-locker-contract.md | — | — | ATEL0101 |
| ATTEST-PLAN-2001 | DONE (2025-11-24) | 2025-11-24 | SPRINT_0200_0001_0001_attestation_coord | Evidence Locker Guild · Excititor Guild | docs/modules/attestor/prep/2025-11-24-attest-plan-2001.md | ELOCKER-CONTRACT-2001 | ATEL0101 |
| FEED-REMEDIATION-1001 | BLOCKED (2025-11-24) | 2025-11-24 | SPRINT_0503_0001_0001_ops_devops_i | Concelier Feed Owners | | Scope missing; needs remediation runbook from feed owners | — | FEFC0101 |
| MIRROR-DSSE-REV-1501 | DONE (2025-11-24) | 2025-11-24 | SPRINT_0150_0001_0001_mirror_dsse | Mirror Creator Guild · Security Guild · Evidence Locker Guild | docs/implplan/updates/2025-11-24-mirror-dsse-rev-1501.md | — | — | ATEL0101 |
| AIRGAP-TIME-CONTRACT-1501 | DONE (2025-11-24) | 2025-11-24 | SPRINT_0150_0001_0002_mirror_time | AirGap Time Guild | docs/implplan/updates/2025-11-24-airgap-time-contract-1501.md | — | — | ATMI0102 |
| EXPORT-MIRROR-ORCH-1501 | DONE (2025-11-24) | 2025-11-24 | SPRINT_0150_0001_0003_mirror_orch | Exporter Guild · CLI Guild | docs/implplan/updates/2025-11-24-export-mirror-orch-1501.md | — | — | ATMI0102 |
| AIAI-31-007 | DONE | 2025-11-06 | SPRINT_0111_0001_0001_advisoryai | Advisory AI Guild | src/AdvisoryAI/StellaOps.AdvisoryAI | — | — | ADAI0101 |
| AGENTS-AIAI-UPDATE | DONE | 2025-11-17 | SPRINT_0111_0001_0001_advisoryai | PM Guild · Advisory AI Guild | src/AdvisoryAI; docs/modules/advisory-ai | Create `src/AdvisoryAI/AGENTS.md` charter covering roles, working agreements, allowed shared dirs, and required runbooks/tests. | docs/modules/advisory-ai/architecture.md; docs/modules/platform/architecture-overview.md | AGNT0101 |
| LEDGER-29-006 | DONE (2025-10-19) | 2025-10-19 | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild | src/Findings/StellaOps.Findings.Ledger | Integrate attachment encryption (KMS envelope), signed URL issuance, CSRF protections for workflow endpoints; see archived tasks note. | LEDGER-29-005 | PLLG0101 |
| CARTO-GRAPH-21-002 | DONE | 2025-11-17 | SPRINT_113_concelier_ii | Cartographer Guild | src/Cartographer/Contracts | ATLN0101 approvals | Task #1 schema freeze | CAGR0101 |
| SURFACE-FS-01 | DONE (2025-11-24) | 2025-11-24 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS) | docs/modules/scanner/design/surface-fs.md | — | — | SCSS0101 |
| SURFACE-FS-02 | DONE (2025-11-24) | 2025-11-24 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | FileSurfaceManifestStore/Reader/Writer, path builder, cache options per `surface-fs.md`. | SURFACE-FS-01 | SCSS0101 |
| SCANNER-ANALYZERS-LANG-10-309 | DONE (2025-10-21) | 2025-10-21 | SPRINT_0131_0001_0001_scanner_surface | Language Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang | Packaged language analyzers as restart-time plug-ins (manifest + host registration); artefacts in Offline Kit bundle. | — | SCSA0101 |
| SCANNER-ANALYZERS-PHP-27-001 | BLOCKED (2025-11-24) | 2025-11-24 | SPRINT_0131_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Waiting on PHP analyzer bootstrap spec/fixtures (composer/VFS schema, offline kit target). | — | SCSA0101 |
| SCANNER-ENTRYTRACE-18-508 | BLOCKED (2025-11-25) | 2025-11-25 | SPRINT_0136_0001_0001_scanner_surface | EntryTrace Guild | | Depends on 18-503/504/505/506 outputs; awaiting upstream EntryTrace baseline. | — | SCSS0101 |
| SCANNER-SECRETS-02 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0136_0001_0001_scanner_surface | Secrets Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | Provider chain implemented (primary + fallback) with DI wiring; tests added (`StellaOps.Scanner.Surface.Secrets.Tests`). | SURFACE-SECRETS-01 | SCSS0101 |
| SCANNER-SURFACE-01 | BLOCKED (2025-11-25) | 2025-11-25 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild | | Task definition/contract missing; needs scope before implementation. | — | SCSS0101 |
| SCANNER-ANALYZERS-PHP-27-001 | BLOCKED (2025-11-24) | 2025-11-24 | SPRINT_0131_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Waiting on PHP analyzer bootstrap spec/fixtures (composer/VFS schema, offline kit target). | — | SCSA0101 |
| SCANNER-ENTRYTRACE-18-508 | BLOCKED (2025-11-25) | 2025-11-25 | SPRINT_0136_0001_0001_scanner_surface | EntryTrace Guild | | Depends on 18-503/504/505/506 outputs; awaiting upstream EntryTrace baseline. | — | SCSS0101 |
| SCANNER-SECRETS-02 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0136_0001_0001_scanner_surface | Secrets Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | Provider chain implemented (primary + fallback) with DI wiring; tests added (`StellaOps.Scanner.Surface.Secrets.Tests`). | SURFACE-SECRETS-01 | SCSS0101 |
| SCANNER-SURFACE-01 | BLOCKED (2025-11-25) | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild | | — | — | SCSS0101 |
| CARTO-GRAPH-21-002 | DONE | 2025-11-17 | SPRINT_113_concelier_ii | Cartographer Guild | src/Cartographer/Contracts | ATLN0101 approvals | Task #1 schema freeze | CAGR0101 |
| POLICY-ENGINE-27-004 | DONE (2025-10-19) | 2025-10-19 | SPRINT_0120_0001_0001_policy_reasoning | Policy Guild (src/Policy/StellaOps.Policy.Engine) | src/Policy/StellaOps.Policy.Engine | Update golden/property tests to cover coverage metadata, symbol tables, explain traces, and complexity limits; fixtures for Registry/Console integration. Completed in Sprint 120 (archived tasks). | POLICY-ENGINE-27-003 | PLPE0102 |
| --JOB-ORCHESTRATOR-DOCS-0001 | DONE (2025-11-19) | 2025-11-19 | SPRINT_0323_0001_0001_docs_modules_orchestrator | Docs Guild (docs/modules/orchestrator) | docs/modules/orchestrator | ORGR0102 outline; mapped to ORCH-DOCS-0001 README/diagram refresh. | — | DOOR0101 |
| --JOB-ORCH-ENG-0001 | DONE | | SPRINT_0323_0001_0001_docs_modules_orchestrator | Module Team (docs/modules/orchestrator) | docs/modules/orchestrator | ORGR0102 outline | | DOOR0101 |
| --JOB-ORCH-OPS-0001 | DONE | | SPRINT_0323_0001_0001_docs_modules_orchestrator | Ops Guild (docs/modules/orchestrator) | docs/modules/orchestrator | DOOR0101 doc structure | | DOOR0101 |
| 24-001 | DONE | 2025-11-09 | SPRINT_0140_0001_0001_runtime_signals | Signals Guild | src/Signals/StellaOps.Signals | — | — | SGSI0101 |
| 24-002 | BLOCKED (2025-11-19) | 2025-11-07 | SPRINT_0140_0001_0001_runtime_signals | Signals Guild | src/Signals/StellaOps.Signals | Surface cache availability | CAS promotion (PREP-SIGNALS-24-002) pending | SGSI0101 |
| 24-003 | BLOCKED (2025-11-19) | 2025-11-09 | SPRINT_0140_0001_0001_runtime_signals | Signals Guild | src/Signals/StellaOps.Signals | Runtime facts ingestion + provenance enrichment | CAS promotion + provenance schema pending | SGSI0101 |
| 24-004 | BLOCKED | 2025-10-27 | SPRINT_0140_0001_0001_runtime_signals | Signals Guild | src/Signals/StellaOps.Signals | Authority scopes + 24-003 | Authority scopes + 24-003 | SGSI0101 |
| 24-005 | BLOCKED | 2025-10-27 | SPRINT_0140_0001_0001_runtime_signals | Signals Guild | src/Signals/StellaOps.Signals | 24-004 scoring outputs | 24-004 scoring outputs | SGSI0101 |
| 29-007 | DONE | 2025-11-17 | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild · Observability Guild | src/Findings/StellaOps.Findings.Ledger | LEDGER-29-007 | LEDGER-29-006 | PLLG0104 |
| 29-008 | DONE | 2025-11-22 | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild · QA Guild | src/Findings/StellaOps.Findings.Ledger | 29-007 | LEDGER-29-007 | PLLG0104 |
| 29-009 | BLOCKED | 2025-11-17 | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild · DevOps Guild | src/Findings/StellaOps.Findings.Ledger | 29-008 | LEDGER-29-008 | PLLG0104 |
| 30-001 | BLOCKED | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | — | Awaiting VEX normalization + issuer directory + API governance specs | PLVL0102 |
| 30-002 | BLOCKED | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-001 | VEXLENS-30-001 | PLVL0102 |
| 30-003 | BLOCKED | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · Issuer Directory Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-002 | VEXLENS-30-002 | PLVL0102 |
| 30-004 | BLOCKED | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · Policy Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-003 | VEXLENS-30-003 | PLVL0102 |
| 30-005 | BLOCKED | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-004 | VEXLENS-30-004 | PLVL0102 |
| 30-006 | BLOCKED | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · Findings Ledger Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-005 | VEXLENS-30-005 | PLVL0102 |
| 30-007 | BLOCKED | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-006 | VEXLENS-30-006 | PLVL0102 |
| 30-008 | BLOCKED | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · Policy Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-007 | VEXLENS-30-007 | PLVL0102 |
| 30-009 | BLOCKED | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · Observability Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-008 | VEXLENS-30-008 | PLVL0102 |
| 30-010 | BLOCKED | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · QA Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-009 | VEXLENS-30-009 | PLVL0102 |
| 30-011 | BLOCKED | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · DevOps Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-010 | VEXLENS-30-010 | PLVL0103 |
| 31-008 | DONE (2025-11-22) | 2025-11-22 | SPRINT_110_ingestion_evidence | Advisory AI Guild | src/AdvisoryAI/StellaOps.AdvisoryAI | Remote inference packaging delivered with on-prem container + manifests. | AIAI-31-006; AIAI-31-007 | ADAI0101 |
| 31-009 | DONE | 2025-11-12 | SPRINT_110_ingestion_evidence | Advisory AI Guild | src/AdvisoryAI/StellaOps.AdvisoryAI | — | — | ADAI0101 |
| 34-101 | DONE | 2025-11-22 | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild | src/Findings/StellaOps.Findings.Ledger | 29-009 | LEDGER-29-009 | PLLG0104 |
| 401-004 | BLOCKED | 2025-11-25 | SPRINT_0401_0001_0001_reachability_evidence_chain | Replay Core Guild | `src/__Libraries/StellaOps.Replay.Core` | Signals facts stable (SGSI0101) | Blocked: awaiting SGSI0101 runtime facts + CAS policy from GAP-REP-004 | RPRC0101 |
| BENCH-DETERMINISM-401-057 | DONE (2025-11-27) | 2025-11-27 | SPRINT_0512_0001_0001_bench | Bench Guild · Signals Guild · Policy Guild | src/Bench/StellaOps.Bench/Determinism | Determinism harness + mock scanner; manifests/results generated; CI workflow `bench-determinism` enforces threshold; defaults to 10 runs; supports frozen feed manifests via DET_EXTRA_INPUTS; offline runner available. | Feed-freeze hash + SBOM/VEX bundle list (SPRINT_0401) | |
| 41-001 | DONE (2025-11-30) | 2025-11-30 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild | src/TaskRunner/StellaOps.TaskRunner | — | Contract implemented per `docs/modules/taskrunner/architecture.md`; run API/storage/provenance ready. | ORTR0101 |
| 44-001 | BLOCKED | 2025-11-25 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · DevEx Guild (ops/deployment) | ops/deployment | — | Waiting on consolidated service list/version pins from upstream module releases (mirrors Compose-44-001 block) | DVDO0103 |
| 44-002 | BLOCKED | 2025-11-25 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild (ops/deployment) | ops/deployment | 44-001 | Blocked until 44-001 unblocks | DVDO0103 |
| 44-003 | BLOCKED | 2025-11-25 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Docs Guild (ops/deployment) | ops/deployment | 44-002 | Blocked until 44-002 unblocks | DVDO0103 |
| 45-001 | BLOCKED | 2025-11-25 | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment Guild (ops/deployment) | ops/deployment | 44-003 | 44-003 | DVDO0103 |
| 45-002 | BLOCKED | 2025-11-25 | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment Guild · Security Guild (ops/deployment) | ops/deployment | 45-001 | 45-001 | DVDO0103 |
| 45-003 | BLOCKED | 2025-11-25 | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment Guild · Observability Guild (ops/deployment) | ops/deployment | 45-002 | 45-002 | DVDO0103 |
| 50-002 | DONE (2025-11-27) | | SPRINT_0170_0001_0001_notifications_telemetry | Telemetry Core Guild | src/Telemetry/StellaOps.Telemetry.Core | SGSI0101 feed availability | SGSI0101 feed availability | TLTY0101 |
| 51-002 | BLOCKED | 2025-11-25 | SPRINT_0170_0001_0001_notifications_telemetry | Telemetry Core Guild · Observability Guild · Security Guild | src/Telemetry/StellaOps.Telemetry.Core | OBS-50 baselines | Waiting on OBS-50 baselines and ORCH-OBS-50-001 schemas | TLTY0101 |
| 54-001 | BLOCKED | 2025-11-25 | SPRINT_0503_0001_0001_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | | Await PGMI0101 staffing confirmation | Staffing not assigned (PROGRAM-STAFF-1001) | AGCO0101 |
| 56-001 | BLOCKED | 2025-11-25 | SPRINT_0170_0001_0001_notifications_telemetry | Telemetry Core Guild · Observability Guild | src/Telemetry/StellaOps.Telemetry.Core | SGSI0101 provenance | Blocked: SGSI0101 provenance feed/contract pending | TLTY0101 |
| 58 series | BLOCKED | 2025-11-25 | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild · AirGap Guilds · Evidence Locker Guild | src/Findings/StellaOps.Findings.Ledger | Placeholder for LEDGER-AIRGAP-56/57/58 chain | Blocked on LEDGER-AIRGAP-56-002 staleness spec and AirGap time anchors | PLLG0102 |
| 61-001 | DONE | 2025-11-18 | SPRINT_0511_0001_0001_api | API Governance Guild | src/Api/StellaOps.Api.Governance | Spectral config + CI lint job | — | APIG0101 |
| 61-002 | DONE | 2025-11-18 | SPRINT_0511_0001_0001_api | API Governance Guild | src/Api/StellaOps.Api.Governance | Example coverage checker | 61-001 | APIG0101 |
| 62-001 | BLOCKED | 2025-11-25 | SPRINT_206_devportal | DevPortal Guild | src/DevPortal/StellaOps.DevPortal.Site | APIG0101 outputs | Waiting on APIG0101 outputs / API baseline | DEVL0101 |
| 62-002 | BLOCKED | 2025-11-25 | SPRINT_206_devportal | DevPortal Guild | src/DevPortal/StellaOps.DevPortal.Site | 62-001 | Blocked: 62-001 not delivered | DEVL0101 |
| 63-001 | BLOCKED | 2025-11-25 | SPRINT_206_devportal | DevPortal Guild · Platform Guild | src/DevPortal/StellaOps.DevPortal.Site | 62-002 | Blocked: 62-002 outstanding | DEVL0101 |
| 63-002 | BLOCKED | 2025-11-25 | SPRINT_206_devportal | DevPortal Guild · SDK Generator Guild | src/DevPortal/StellaOps.DevPortal.Site | 63-001 | Blocked: 63-001 outstanding | DEVL0101 |
| 63-003 | BLOCKED | 2025-11-25 | SPRINT_0208_0001_0001_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | APIG0101 outputs | Waiting on APIG0101 outputs | SDKG0101 |
| 63-004 | BLOCKED | 2025-11-25 | SPRINT_0208_0001_0001_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | 63-003 | Blocked: 63-003 outstanding | SDKG0101 |
| 64-001 | BLOCKED | 2025-11-25 | SPRINT_206_devportal | DevPortal Guild · Export Center Guild | src/DevPortal/StellaOps.DevPortal.Site | Export profile review | Waiting on export profile review doc | DEVL0101 |
| 64-002 | BLOCKED | 2025-11-25 | SPRINT_160_export_evidence | DevPortal Offline + AirGap Controller Guilds | docs/modules/export-center/devportal-offline.md | Wait for Mirror staffing confirmation (001_PGMI0101) | Wait for Mirror staffing confirmation (001_PGMI0101) | DEVL0102 |
| 73-001 | DONE | 2025-11-03 | SPRINT_100_identity_signing | KMS Guild | src/__Libraries/StellaOps.Cryptography.Kms | Staffing + DSSE contract (PGMI0101, ATEL0101) | Staffing + DSSE contract (PGMI0101, ATEL0101) | KMSI0101 |
| 73-002 | DONE | 2025-11-03 | SPRINT_100_identity_signing | KMS Guild | src/__Libraries/StellaOps.Cryptography.Kms | Depends on #1, FIDO2 profile | FIDO2 | KMSI0101 |
| ADVISORY-AI-DOCS-0001 | DONE | 2025-11-24 | SPRINT_0312_0001_0001_docs_modules_advisory_ai | Docs Guild (docs/modules/advisory-ai) | docs/modules/advisory-ai | Align with ./AGENTS.md | — | DOAI0101 |
| AI-DOCS-0001 | DONE | 2025-11-24 | SPRINT_0312_0001_0001_docs_modules_advisory_ai | Docs Guild (docs/modules/advisory-ai) | docs/modules/advisory-ai | Sync into ../.. | — | DOAI0101 |
| AI-OPS-0001 | DONE | 2025-11-24 | SPRINT_0312_0001_0001_docs_modules_advisory_ai | Ops Guild (docs/modules/advisory-ai) | docs/modules/advisory-ai | Document outputs in ./README.md | — | DOAI0101 |
| AIAI-31-001 | DONE | 2025-11-09 | SPRINT_110_ingestion_evidence | Excititor Web/Core Guilds | src/AdvisoryAI/StellaOps.AdvisoryAI | Validate Excititor hand-off replay | Validate Excititor hand-off replay | ADAI0102 |
| AIAI-31-002 | DONE | 2025-11-18 | SPRINT_110_ingestion_evidence | Concelier Core · Concelier WebService Guilds | src/AdvisoryAI/StellaOps.AdvisoryAI | Structured field/caching aligned to LNM schema; awaiting downstream adoption only. | CONCELIER-GRAPH-21-001; CARTO-GRAPH-21-002 | ADAI0102 |
| AIAI-31-003 | DONE | 2025-11-12 | SPRINT_110_ingestion_evidence | Concelier Observability Guild | src/AdvisoryAI/StellaOps.AdvisoryAI | Await observability evidence upload | Await observability evidence upload | ADAI0102 |
| AIAI-31-004 | DONE (2025-12-04) | 2025-12-04 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Console Guild | docs/advisory-ai | Guardrail console guide refreshed with deterministic captures plus consolidated hash manifest (`docs/advisory-ai/console-fixtures.sha256`) and verification steps. | CONSOLE-VULN-29-001; CONSOLE-VEX-30-001; SBOM-AIAI-31-003 | DOAI0101 |
| AIAI-31-005 | DONE (2025-11-25) | 2025-11-25 | SPRINT_110_ingestion_evidence | Docs Guild | | DOCS-AIAI-31-004; CLI-VULN-29-001; CLI-VEX-30-001; POLICY-ENGINE-31-001; DEVOPS-AIAI-31-001 | DOCS-AIAI-31-004; CLI-VULN-29-001; CLI-VEX-30-001; POLICY-ENGINE-31-001; DEVOPS-AIAI-31-001 | DOAI0101 |
| AIAI-31-006 | DONE | 2025-11-13 | SPRINT_0111_0001_0001_advisoryai | Docs Guild, Policy Guild (docs) | | — | — | DOAI0101 |
| AIAI-31-008 | DONE (2025-11-22) | 2025-11-22 | SPRINT_110_ingestion_evidence | Advisory AI Guild | | Remote inference packaging delivered with on-prem container + manifests. | AIAI-31-006; AIAI-31-007 | DOAI0101 |
| AIAI-31-009 | DONE | 2025-11-12 | SPRINT_110_ingestion_evidence | Advisory AI Guild | | Regression suite + `AdvisoryAI:Guardrails` config landed with perf budgets. | — | DOAI0101 |
| AIRGAP-46-001 | BLOCKED | 2025-11-25 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Offline Kit Guild | ops/deployment | Needs Mirror staffing + DSSE plan (001_PGMI0101, 002_ATEL0101) | Waiting on Mirror staffing + DSSE plan (001_PGMI0101, 002_ATEL0101) | AGDP0101 |
| AIRGAP-56 | DONE (2025-11-24) | 2025-11-24 | SPRINT_110_ingestion_evidence | Excititor Guild · AirGap Guilds | docs/modules/airgap/airgap-mode.md | Air-gap ingest parity delivered against frozen LNM schema. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | AGCO0101 |
| AIRGAP-56-001 | DONE (2025-11-24) | 2025-11-24 | SPRINT_110_ingestion_evidence | Exporter Guild · AirGap Time Guild · CLI Guild | docs/modules/airgap/airgap-mode.md | Mirror import helpers and bundle catalog wired for sealed mode. | PROGRAM-STAFF-1001 | AGCO0101 |
| AIRGAP-56-001..58-001 | DONE (2025-11-24) | 2025-11-24 | SPRINT_110_ingestion_evidence | Concelier Core · AirGap Guilds | docs/modules/airgap/airgap-mode.md | Deterministic bundle + manifest/entry-trace and sealed-mode deploy runbook shipped. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ELOCKER-CONTRACT-2001 | AGCO0101 |
| AIRGAP-56-002 | DONE | | SPRINT_0170_0001_0001_notifications_telemetry | Notifications Service Guild · DevOps Guild | src/Notify/StellaOps.Notify | | | NOTY0101 |
| AIRGAP-56-003 | DONE | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Exporter Guild | docs/modules/airgap | DOCS-AIRGAP-56-002 | DOCS-AIRGAP-56-002 | AIDG0101 |
| AIRGAP-56-004 | DONE | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Deployment Guild | docs/modules/airgap | AIRGAP-56-003 | DOCS-AIRGAP-56-003 | AIDG0101 |
| AIRGAP-57 | DONE (2025-11-24) | 2025-11-24 | SPRINT_110_ingestion_evidence | Excititor Guild · AirGap Guilds | docs/modules/airgap/airgap-mode.md | Air-gap bundle timeline/hooks completed. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | AGCO0101 |
| AIRGAP-57-001 | DONE | 2025-11-08 | SPRINT_100_identity_signing | Authority Core & Security Guild, DevOps Guild (src/Authority/StellaOps.Authority) | src/Authority/StellaOps.Authority | | AUTH-AIRGAP-56-001; DEVOPS-AIRGAP-57-002 | KMSI0101 |
| AIRGAP-57-002 | DOING | 2025-11-08 | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Authority Guild (ops/devops) | ops/devops | | | DVDO0101 |
| AIRGAP-57-003 | BLOCKED | 2025-11-25 | SPRINT_302_docs_tasks_md_ii | Docs Guild · CLI Guild | docs/modules/airgap | CLI & ops inputs | Blocked: waiting on CLI airgap contract (CLI-AIRGAP-56/57) and ops inputs | AIDG0101 |
| AIRGAP-57-004 | BLOCKED | 2025-11-25 | SPRINT_302_docs_tasks_md_ii | Docs Guild · Ops Guild | docs/modules/airgap | AIRGAP-57-003 | Blocked: upstream AIRGAP-57-003 | AIDG0101 |
| AIRGAP-58 | DONE (2025-11-24) | 2025-11-24 | SPRINT_110_ingestion_evidence | Excititor Guild · AirGap Guilds | docs/modules/airgap/airgap-mode.md | Import/export automation delivered for frozen schema. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | AGCO0101 |
| AIRGAP-58-001 | BLOCKED | 2025-11-25 | SPRINT_112_concelier_i | Concelier Core Guild · Evidence Locker Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Package advisory observations/linksets + provenance notes into portable bundles with timeline events. | Blocked: waiting on staleness/time-anchor spec (LEDGER-AIRGAP-56-002) and Concelier bundle contract | AGCN0101 |
| AIRGAP-58-002 | BLOCKED | 2025-11-25 | SPRINT_302_docs_tasks_md_ii | Docs Guild, Security Guild (docs) | docs/modules/airgap | | Blocked: waiting on staleness/time-anchor spec and DOCS-AIRGAP-58-001 | AIDG0101 |
| AIRGAP-58-003 | BLOCKED | 2025-11-25 | SPRINT_302_docs_tasks_md_ii | Docs Guild, DevEx Guild (docs) | docs/modules/airgap | | Blocked: waiting on staleness/time-anchor spec and DOCS-AIRGAP-58-001 | AIDG0101 |
| AIRGAP-58-004 | BLOCKED | 2025-11-25 | SPRINT_302_docs_tasks_md_ii | Docs Guild, Evidence Locker Guild (docs) | docs/modules/airgap | | Blocked: waiting on staleness/time-anchor spec and DOCS-AIRGAP-58-001 | AIDG0101 |
| AIRGAP-CTL-56-001 | DONE (2025-11-26) | 2025-11-26 | SPRINT_510_airgap | AirGap Controller Guild | src/AirGap/StellaOps.AirGap.Controller | Implement `airgap_state` persistence, seal/unseal state machine, and Authority scope checks (`airgap:seal`, `airgap:status:read`). | — | AGCT0101 |
| AIRGAP-CTL-56-002 | DONE (2025-11-26) | 2025-11-26 | SPRINT_510_airgap | AirGap Controller Guild · DevOps Guild | src/AirGap/StellaOps.AirGap.Controller | Expose `GET /system/airgap/status`, `POST /system/airgap/seal`, integrate policy hash validation, and return staleness/time anchor placeholders. Dependencies: AIRGAP-CTL-56-001. | — | AGCT0101 |
| AIRGAP-CTL-57-001 | BLOCKED (2025-11-25 · disk full) | 2025-11-25 | SPRINT_510_airgap | AirGap Controller Guild | src/AirGap/StellaOps.AirGap.Controller | Add startup diagnostics that block application run when sealed flag set but egress policies missing; emit audit + telemetry. Dependencies: AIRGAP-CTL-56-002. | Disk full; waiting for workspace cleanup | AGCT0101 |
| AIRGAP-CTL-57-002 | BLOCKED (2025-11-25 · disk full) | 2025-11-25 | SPRINT_510_airgap | AirGap Controller Guild · Observability Guild | src/AirGap/StellaOps.AirGap.Controller | Instrument seal/unseal events with trace/log fields and timeline emission (`airgap.sealed`, `airgap.unsealed`). Dependencies: AIRGAP-CTL-57-001. | Blocked on 57-001 and disk space | AGCT0101 |
| AIRGAP-CTL-58-001 | BLOCKED (2025-11-25 · disk full) | 2025-11-25 | SPRINT_510_airgap | AirGap Controller Guild · AirGap Time Guild | src/AirGap/StellaOps.AirGap.Controller | Persist time anchor metadata, compute drift seconds, and surface staleness budgets in status API. Dependencies: AIRGAP-CTL-57-002. | Blocked on 57-002 and disk space | AGCT0101 |
| AIRGAP-DEVPORT-64-001 | DONE (2025-11-23) | 2025-11-23 | SPRINT_302_docs_tasks_md_ii | Docs Guild · DevPortal Offline Guild | docs/modules/export-center/devportal-offline.md | Depends on 071_AGCO0101 manifest decisions | Depends on 071_AGCO0101 manifest decisions | DEVL0102 |
| AIRGAP-IMP-56-001 | DONE (2025-11-20) | 2025-11-20 | SPRINT_510_airgap | AirGap Importer Guild | src/AirGap/StellaOps.AirGap.Importer | Implement DSSE verification helpers, TUF metadata parser (`root.json`, `snapshot.json`, `timestamp.json`), and Merkle root calculator. | — | AGIM0101 |
| AIRGAP-IMP-56-002 | DONE (2025-11-20) | 2025-11-20 | SPRINT_510_airgap | AirGap Importer Guild · Security Guild | src/AirGap/StellaOps.AirGap.Importer | Introduce root rotation policy validation (dual approval) and signer trust store management. Dependencies: AIRGAP-IMP-56-001. | — | AGIM0101 |
| AIRGAP-IMP-57-001 | DONE (2025-11-20) | 2025-11-20 | SPRINT_510_airgap | AirGap Importer Guild | src/AirGap/StellaOps.AirGap.Importer | Write `bundle_catalog` and `bundle_items` repositories with RLS + deterministic migrations. Dependencies: AIRGAP-IMP-56-002. | — | AGIM0101 |
| AIRGAP-IMP-57-002 | BLOCKED (2025-11-25 · disk full) | 2025-11-25 | SPRINT_510_airgap | AirGap Importer Guild · DevOps Guild | src/AirGap/StellaOps.AirGap.Importer | Implement object-store loader storing artifacts under tenant/global mirror paths with Zstandard decompression and checksum validation. Dependencies: AIRGAP-IMP-57-001. | Blocked on disk space and controller telemetry | AGIM0101 |
| AIRGAP-IMP-58-001 | BLOCKED (2025-11-25) | 2025-11-25 | SPRINT_510_airgap | AirGap Importer Guild · CLI Guild | src/AirGap/StellaOps.AirGap.Importer | Implement API (`POST /airgap/import`, `/airgap/verify`) and CLI commands wiring verification + catalog updates, including diff preview. Dependencies: AIRGAP-IMP-57-002. | Blocked on 57-002 | AGIM0101 |
| AIRGAP-IMP-58-002 | BLOCKED (2025-11-25) | 2025-11-25 | SPRINT_510_airgap | AirGap Importer Guild · Observability Guild | src/AirGap/StellaOps.AirGap.Importer | Emit timeline events (`airgap.import.started`. Dependencies: AIRGAP-IMP-58-001. | Blocked on 58-001 | AGIM0101 |
| AIRGAP-TIME-57-001 | DONE (2025-11-20) | 2025-11-20 | SPRINT_0503_0001_0001_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | src/AirGap/StellaOps.AirGap.Time | PROGRAM-STAFF-1001; AIRGAP-TIME-CONTRACT-1501 | PROGRAM-STAFF-1001; AIRGAP-TIME-CONTRACT-1501 | ATMI0102 |
| AIRGAP-TIME-57-002 | BLOCKED (2025-11-25) | 2025-11-25 | SPRINT_510_airgap | AirGap Time Guild · Observability Guild | src/AirGap/StellaOps.AirGap.Time | Add telemetry counters for time anchors (`airgap_time_anchor_age_seconds`) and alerts for approaching thresholds. Dependencies: AIRGAP-TIME-57-001. | Blocked pending controller telemetry and disk space | AGTM0101 |
| AIRGAP-TIME-58-001 | BLOCKED (2025-11-25) | 2025-11-25 | SPRINT_510_airgap | AirGap Time Guild | src/AirGap/StellaOps.AirGap.Time | Persist drift baseline, compute per-content staleness (advisories, VEX, policy) based on bundle metadata, and surface through controller status API. Dependencies: AIRGAP-TIME-57-002. | Blocked on 57-002 | AGTM0101 |
| AIRGAP-TIME-58-002 | BLOCKED (2025-11-25) | 2025-11-25 | SPRINT_510_airgap | AirGap Time Guild, Notifications Guild (src/AirGap/StellaOps.AirGap.Time) | src/AirGap/StellaOps.AirGap.Time | Emit notifications and timeline events when staleness budgets breached or approaching. Dependencies: AIRGAP-TIME-58-001. | Blocked on 58-001 | AGTM0101 |
| ANALYZERS-DENO-26-001 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Bootstrap analyzer helpers | Bootstrap analyzer helpers | SCSA0201 |
| ANALYZERS-DENO-26-002 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Depends on #1 | SCANNER-ANALYZERS-DENO-26-001 | SCSA0201 |
| ANALYZERS-DENO-26-003 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Depends on #2 | SCANNER-ANALYZERS-DENO-26-002 | SCSA0201 |
| ANALYZERS-DENO-26-004 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Depends on #3 | SCANNER-ANALYZERS-DENO-26-003 | SCSA0201 |
| ANALYZERS-DENO-26-005 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Depends on #4 | SCANNER-ANALYZERS-DENO-26-004 | SCSA0201 |
| ANALYZERS-DENO-26-006 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Depends on #5 | SCANNER-ANALYZERS-DENO-26-005 | SCSA0201 |
| ANALYZERS-DENO-26-007 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | SCANNER-ANALYZERS-DENO-26-006 | SCANNER-ANALYZERS-DENO-26-006 | SCSA0102 |
| ANALYZERS-DENO-26-008 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild, QA Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | SCANNER-ANALYZERS-DENO-26-007 | SCANNER-ANALYZERS-DENO-26-007 | SCSA0102 |
| ANALYZERS-DENO-26-009 | TODO | | SPRINT_131_scanner_surface | Deno Analyzer Guild, Signals Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | SCANNER-ANALYZERS-DENO-26-008 | SCANNER-ANALYZERS-DENO-26-008 | SCSA0101 |
| ANALYZERS-DENO-26-010 | TODO | | SPRINT_131_scanner_surface | Deno Analyzer Guild, DevOps Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | SCANNER-ANALYZERS-DENO-26-009 | SCANNER-ANALYZERS-DENO-26-009 | SCSA0101 |
| ANALYZERS-DENO-26-011 | TODO | | SPRINT_131_scanner_surface | Deno Analyzer Guild · Signals Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Depends on ANALYZERS-DENO-26-010 + telemetry schema | SCANNER-ANALYZERS-DENO-26-010 | SCSA0202 |
| ANALYZERS-JAVA-21-005 | TODO | | SPRINT_131_scanner_surface | Java Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | SCANNER-ANALYZERS-JAVA-21-004 | SCANNER-ANALYZERS-JAVA-21-004 | SCSA0301 |
| ANALYZERS-JAVA-21-006 | TODO | | SPRINT_131_scanner_surface | Java Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Depends on #1 | SCANNER-ANALYZERS-JAVA-21-005 | SCSA0301 |
| ANALYZERS-JAVA-21-007 | TODO | | SPRINT_131_scanner_surface | Java Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Depends on #2 | SCANNER-ANALYZERS-JAVA-21-006 | SCSA0301 |
| ANALYZERS-JAVA-21-008 | BLOCKED | 2025-10-27 | SPRINT_131_scanner_surface | Java Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | SCANNER-ANALYZERS-JAVA-21-007 | SCANNER-ANALYZERS-JAVA-21-007 | SCSA0102 |
| ANALYZERS-JAVA-21-009 | TODO | | SPRINT_131_scanner_surface | Java Analyzer Guild, QA Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | SCANNER-ANALYZERS-JAVA-21-008 | SCANNER-ANALYZERS-JAVA-21-008 | SCSA0102 |
| ANALYZERS-JAVA-21-010 | TODO | | SPRINT_131_scanner_surface | Java Analyzer Guild, Signals Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | SCANNER-ANALYZERS-JAVA-21-009 | SCANNER-ANALYZERS-JAVA-21-009 | SCSA0101 |
| ANALYZERS-JAVA-21-011 | TODO | | SPRINT_131_scanner_surface | Java Analyzer Guild · DevOps Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Requires SCANNER-ANALYZERS-JAVA-21-010 + DevOps packaging | SCANNER-ANALYZERS-JAVA-21-010 | SCSA0301 |
| ANALYZERS-LANG-11-001 | BLOCKED | 2025-11-17 | SPRINT_131_scanner_surface | StellaOps.Scanner EPDR Guild · Language Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Requires SCANNER-ANALYZERS-LANG-10-309 artifact; local dotnet tests hanging, needs clean runner/CI diagnostics | SCANNER-ANALYZERS-LANG-10-309 | SCSA0103 |
| AGENTS-SCANNER-00-001 | DONE | 2025-11-17 | SPRINT_0132_scanner_surface | Project Management Guild · Scanner Guild | src/Scanner | Create or update module-level AGENTS.md covering roles, required docs, allowed shared directories, determinism/testing rules | — | SCSS-GOV-0001 |
| ANALYZERS-LANG-11-002 | TODO | | SPRINT_0132_0001_0001_scanner_surface | StellaOps.Scanner EPDR Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Depends on #1 for shared metadata | SCANNER-ANALYZERS-LANG-11-001 | SCSA0103 |
| ANALYZERS-LANG-11-003 | TODO | | SPRINT_0132_0001_0001_scanner_surface | StellaOps.Scanner EPDR Guild · Signals Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Needs #2 plus Signals schema for entry-trace | SCANNER-ANALYZERS-LANG-11-002 | SCSA0103 |
| ANALYZERS-LANG-11-004 | TODO | | SPRINT_0132_0001_0001_scanner_surface | StellaOps.Scanner EPDR Guild · SBOM Service Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Requires #3 and SBOM service hooks | SCANNER-ANALYZERS-LANG-11-003 | SCSA0103 |
| ANALYZERS-LANG-11-005 | TODO | | SPRINT_0132_0001_0001_scanner_surface | StellaOps.Scanner EPDR Guild · QA Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Depends on #4 for QA fixtures | SCANNER-ANALYZERS-LANG-11-004 | SCSA0103 |
| ANALYZERS-NATIVE-20-001 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Bootstrap native analyzer helpers | Bootstrap native analyzer helpers | SCSA0401 |
| ANALYZERS-NATIVE-20-002 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #1 | SCANNER-ANALYZERS-NATIVE-20-001 | SCSA0401 |
| ANALYZERS-NATIVE-20-003 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #2 | SCANNER-ANALYZERS-NATIVE-20-002 | SCSA0401 |
| ANALYZERS-NATIVE-20-004 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #3 | SCANNER-ANALYZERS-NATIVE-20-003 | SCSA0401 |
| ANALYZERS-NATIVE-20-005 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #4 | SCANNER-ANALYZERS-NATIVE-20-004 | SCSA0401 |
| ANALYZERS-NATIVE-20-006 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #5 | SCANNER-ANALYZERS-NATIVE-20-005 | SCSA0401 |
| ANALYZERS-NATIVE-20-007 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #6 | SCANNER-ANALYZERS-NATIVE-20-006 | SCSA0401 |
| ANALYZERS-NATIVE-20-008 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #7 | SCANNER-ANALYZERS-NATIVE-20-007 | SCSA0401 |
| ANALYZERS-NATIVE-20-009 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #8 | SCANNER-ANALYZERS-NATIVE-20-008 | SCSA0401 |
| ANALYZERS-NATIVE-20-010 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #9 | SCANNER-ANALYZERS-NATIVE-20-009 | SCSA0401 |
| ANALYZERS-NODE-22-001 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Bootstrap Node analyzer helper | Bootstrap Node analyzer helper | SCSA0501 |
| ANALYZERS-NODE-22-002 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #1 | SCANNER-ANALYZERS-NODE-22-001 | SCSA0501 |
| ANALYZERS-NODE-22-003 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #2 | SCANNER-ANALYZERS-NODE-22-002 | SCSA0501 |
| ANALYZERS-NODE-22-004 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #3 | SCANNER-ANALYZERS-NODE-22-003 | SCSA0501 |
| ANALYZERS-NODE-22-005 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #4 | SCANNER-ANALYZERS-NODE-22-004 | SCSA0501 |
| ANALYZERS-NODE-22-006 | TODO | | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #5 | SCANNER-ANALYZERS-NODE-22-005 | SCSA0501 |
| ANALYZERS-NODE-22-007 | TODO | | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #6 | SCANNER-ANALYZERS-NODE-22-006 | SCSA0501 |
| ANALYZERS-NODE-22-008 | TODO | | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #7 | SCANNER-ANALYZERS-NODE-22-007 | SCSA0501 |
| ANALYZERS-NODE-22-009 | TODO | | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild · QA Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #8 | SCANNER-ANALYZERS-NODE-22-008 | SCSA0501 |
| ANALYZERS-NODE-22-010 | TODO | | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild · Signals Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #9 | SCANNER-ANALYZERS-NODE-22-009 | SCSA0501 |
| ANALYZERS-NODE-22-011 | TODO | | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild · DevOps Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on ANALYZERS-NODE-22-010 + DevOps packaging | SCANNER-ANALYZERS-NODE-22-010 | SCSA0502 |
| ANALYZERS-NODE-22-012 | TODO | | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Needs #1 regression fixtures | SCANNER-ANALYZERS-NODE-22-011 | SCSA0502 |
| ANALYZERS-PHP-27-001 | TODO | | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Analyzer helper bootstrap | Analyzer helper bootstrap | SCSA0601 |
| ANALYZERS-PHP-27-002 | TODO | | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | SCANNER-ANALYZERS-PHP-27-001 | SCANNER-ANALYZERS-PHP-27-001 | SCSA0101 |
| ANALYZERS-PHP-27-003 | TODO | | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | SCANNER-ANALYZERS-PHP-27-002 | SCANNER-ANALYZERS-PHP-27-002 | SCSA0101 |
| ANALYZERS-PHP-27-004 | TODO | | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Depends on SCANNER-ANALYZERS-PHP-27-003 | SCANNER-ANALYZERS-PHP-27-003 | SCSA0601 |
| ANALYZERS-PHP-27-005 | TODO | | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Depends on #2 | SCANNER-ANALYZERS-PHP-27-004 | SCSA0601 |
| ANALYZERS-PHP-27-006 | TODO | | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Depends on #3 | SCANNER-ANALYZERS-PHP-27-005 | SCSA0601 |
| ANALYZERS-PHP-27-007 | TODO | | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Depends on #4 | SCANNER-ANALYZERS-PHP-27-006 | SCSA0601 |
| ANALYZERS-PHP-27-008 | TODO | | SPRINT_0134_0001_0001_scanner_surface | PHP Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Depends on #1 + CLI feedback | SCANNER-ANALYZERS-PHP-27-002 | SCSA0601 |
| ANALYZERS-PHP-27-009 | TODO | | SPRINT_0134_0001_0001_scanner_surface | PHP Analyzer Guild · QA Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Depends on #5 | SCANNER-ANALYZERS-PHP-27-007 | SCSA0601 |
| ANALYZERS-PHP-27-010 | TODO | | SPRINT_0134_0001_0001_scanner_surface | PHP Analyzer Guild · Signals Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Depends on #7 | SCANNER-ANALYZERS-PHP-27-009 | SCSA0601 |
| ANALYZERS-PHP-27-011 | TODO | | SPRINT_0134_0001_0001_scanner_surface | PHP Analyzer Guild, DevOps Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | | SCANNER-ANALYZERS-PHP-27-010 | SCSA0602 |
| ANALYZERS-PHP-27-012 | TODO | | SPRINT_0134_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | | SCANNER-ANALYZERS-PHP-27-011 | SCSA0602 |
| ANALYZERS-PYTHON-23-001 | TODO | | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Analyzer helper bootstrap | Analyzer helper bootstrap | SCSA0701 |
| ANALYZERS-PYTHON-23-002 | TODO | | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Depends on #1 | SCANNER-ANALYZERS-PYTHON-23-001 | SCSA0701 |
| ANALYZERS-PYTHON-23-003 | TODO | | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Depends on #2 | SCANNER-ANALYZERS-PYTHON-23-002 | SCSA0701 |
| ANALYZERS-PYTHON-23-004 | TODO | | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Depends on #3 | SCANNER-ANALYZERS-PYTHON-23-003 | SCSA0701 |
| ANALYZERS-PYTHON-23-005 | TODO | | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Depends on #4 | SCANNER-ANALYZERS-PYTHON-23-004 | SCSA0701 |
| ANALYZERS-PYTHON-23-006 | TODO | | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Depends on #5 | SCANNER-ANALYZERS-PYTHON-23-005 | SCSA0701 |
| ANALYZERS-PYTHON-23-007 | TODO | | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | SCANNER-ANALYZERS-PYTHON-23-006 | SCANNER-ANALYZERS-PYTHON-23-006 | SCSA0101 |
| ANALYZERS-PYTHON-23-008 | TODO | | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | SCANNER-ANALYZERS-PYTHON-23-007 | SCANNER-ANALYZERS-PYTHON-23-007 | SCSA0101 |
| ANALYZERS-PYTHON-23-009 | TODO | | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild, QA Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | SCANNER-ANALYZERS-PYTHON-23-008 | SCANNER-ANALYZERS-PYTHON-23-008 | SCSA0101 |
| ANALYZERS-PYTHON-23-010 | TODO | | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild, Signals Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | SCANNER-ANALYZERS-PYTHON-23-009 | SCANNER-ANALYZERS-PYTHON-23-009 | SCSA0102 |
| ANALYZERS-PYTHON-23-011 | TODO | | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild, DevOps Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | SCANNER-ANALYZERS-PYTHON-23-010 | SCANNER-ANALYZERS-PYTHON-23-010 | SCSA0102 |
| ANALYZERS-PYTHON-23-012 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Python Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Needs ANALYZERS-PYTHON-23-011 evidence | SCANNER-ANALYZERS-PYTHON-23-011 | SCSA0702 |
| ANALYZERS-RUBY-28-001 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Bootstrap helper | Bootstrap helper | SCSA0801 |
| ANALYZERS-RUBY-28-002 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #1 | SCANNER-ANALYZERS-RUBY-28-001 | SCSA0801 |
| ANALYZERS-RUBY-28-003 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #2 | SCANNER-ANALYZERS-RUBY-28-002 | SCSA0801 |
| ANALYZERS-RUBY-28-004 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #3 | SCANNER-ANALYZERS-RUBY-28-003 | SCSA0801 |
| ANALYZERS-RUBY-28-005 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #4 | SCANNER-ANALYZERS-RUBY-28-004 | SCSA0801 |
| ANALYZERS-RUBY-28-006 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #5 | SCANNER-ANALYZERS-RUBY-28-005 | SCSA0801 |
| ANALYZERS-RUBY-28-007 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #6 | SCANNER-ANALYZERS-RUBY-28-006 | SCSA0801 |
| ANALYZERS-RUBY-28-008 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #7 | SCANNER-ANALYZERS-RUBY-28-007 | SCSA0801 |
| ANALYZERS-RUBY-28-009 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild · QA Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #8 | SCANNER-ANALYZERS-RUBY-28-008 | SCSA0801 |
| ANALYZERS-RUBY-28-010 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild · Signals Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #9 | SCANNER-ANALYZERS-RUBY-28-009 | SCSA0801 |
| ANALYZERS-RUBY-28-011 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild · DevOps Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on ANALYZERS-RUBY-28-010 | SCANNER-ANALYZERS-RUBY-28-010 | SCSA0802 |
| ANALYZERS-RUBY-28-012 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Needs #1 fixtures | SCANNER-ANALYZERS-RUBY-28-011 | SCSA0802 |
| AOC-19-001 | TODO | | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild | src/Policy/__Libraries/StellaOps.Policy | Review Link-Not-Merge schema | Review Link-Not-Merge schema | PLAO0101 |
| AOC-19-002 | TODO | | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild | src/Policy/__Libraries/StellaOps.Policy | Depends on #1 | POLICY-AOC-19-001 | PLAO0101 |
| AOC-19-003 | TODO | | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild | src/Policy/__Libraries/StellaOps.Policy | Depends on #2 | POLICY-AOC-19-002 | PLAO0101 |
| AOC-19-004 | TODO | | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild | src/Policy/__Libraries/StellaOps.Policy | Depends on #3 | POLICY-AOC-19-003 | PLAO0101 |
| AOC-19-101 | TODO | 2025-10-28 | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild | ops/devops | Needs helper definitions from PLAO0101 | Needs helper definitions from PLAO0101 | DVAO0101 |
| API-27-001 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Governance decision (APIG0101) | Governance decision (APIG0101) | PLAR0101 |
| API-27-002 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #1 | REGISTRY-API-27-001 | PLAR0101 |
| API-27-003 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #2 | REGISTRY-API-27-002 | PLAR0101 |
| API-27-004 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #3 | REGISTRY-API-27-003 | PLAR0101 |
| API-27-005 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #4 | REGISTRY-API-27-004 | PLAR0101 |
| API-27-006 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #5 | REGISTRY-API-27-005 | PLAR0101 |
| API-27-007 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #6 | REGISTRY-API-27-006 | PLAR0101 |
| API-27-008 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #7 | REGISTRY-API-27-007 | PLAR0101 |
| API-27-009 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #8 | REGISTRY-API-27-008 | PLAR0101 |
| API-27-010 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #9 | REGISTRY-API-27-009 | PLAR0101 |
| API-28-001 | TODO | | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Cartographer schema sign-off | Cartographer schema sign-off | GRAP0101 |
| API-28-002 | TODO | | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #1 | Depends on #1 | GRAP0101 |
| API-28-003 | TODO | | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #2 | Depends on #2 | GRAP0101 |
| API-28-004 | TODO | | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #3 | Depends on #3 | GRAP0101 |
| API-28-005 | TODO | | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #4 | Depends on #4 | GRAP0101 |
| API-28-006 | TODO | | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on GRAP0101 base endpoints | Depends on GRAP0101 base endpoints | GRAP0102 |
| API-28-007 | TODO | | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #1 | Depends on #1 | GRAP0102 |
| API-28-008 | TODO | | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #2 | Depends on #2 | GRAP0102 |
| API-28-009 | TODO | | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #3 | Depends on #3 | GRAP0102 |
| API-28-010 | TODO | | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #4 | Depends on #4 | GRAP0102 |
| API-28-011 | TODO | | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #5 | Depends on #5 | GRAP0102 |
| API-29-001 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Governance schema (APIG0101) | Governance schema (APIG0101) | VUAP0101 |
| API-29-002 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #1 | VULN-API-29-001 | VUAP0101 |
| API-29-003 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #2 | VULN-API-29-002 | VUAP0101 |
| API-29-004 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #3 | VULN-API-29-003 | VUAP0101 |
| API-29-005 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #4 | VULN-API-29-004 | VUAP0101 |
| API-29-006 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #5 | VULN-API-29-005 | VUAP0101 |
| API-29-007 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #6 | VULN-API-29-006 | VUAP0101 |
| API-29-008 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #7 | VULN-API-29-007 | VUAP0101 |
| API-29-009 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #8 | VULN-API-29-008 | VUAP0101 |
| API-29-010 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #9 | VULN-API-29-009 | VUAP0101 |
| API-29-011 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild · CLI Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Requires API-29-010 artifacts | VULN-API-29-010 | VUAP0102 |
| APIGOV-61-001 | DONE | 2025-11-18 | SPRINT_0511_0001_0001_api | API Governance Guild | src/Api/StellaOps.Api.Governance | Configure spectral/linters with Stella rules; add CI job failing on violations. | 61-001 | APIG0101 |
| APIGOV-61-002 | TODO | | SPRINT_0511_0001_0001_api | API Governance Guild | src/Api/StellaOps.Api.Governance | Implement example coverage checker ensuring every operation has at least one request/response example. Dependencies: APIGOV-61-001. | APIGOV-61-001 | APIG0101 |
| APIGOV-62-001 | TODO | | SPRINT_0511_0001_0001_api | API Governance Guild | src/Api/StellaOps.Api.Governance | Build compatibility diff tool producing additive/breaking reports comparing prior release. Dependencies: APIGOV-61-002. | APIGOV-61-002 | APIG0101 |
| APIGOV-62-002 | TODO | | SPRINT_0511_0001_0001_api | API Governance Guild · DevOps Guild | src/Api/StellaOps.Api.Governance | Automate changelog generation and publish signed artifacts to `src/Sdk/StellaOps.Sdk.Release` pipeline. Dependencies: APIGOV-62-001. | APIGOV-62-001 | APIG0101 |
| APIGOV-63-001 | TODO | | SPRINT_0511_0001_0001_api | API Governance Guild · Notifications Guild | src/Api/StellaOps.Api.Governance | Integrate deprecation metadata into Notification Studio templates for API sunset events. Dependencies: APIGOV-62-002. | APIGOV-62-002 | APIG0101 |
| ATTEST-01-003 | DONE (2025-11-23) | 2025-11-23 | SPRINT_110_ingestion_evidence | Excititor Guild · Evidence Locker Guild | src/Attestor/StellaOps.Attestor | Excititor attestation payloads shipped on frozen bundle v1. | EXCITITOR-AIAI-31-002; ELOCKER-CONTRACT-2001 | ATEL0102 |
| ATTEST-73-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_110_ingestion_evidence | Concelier Core · Evidence Locker Guild | src/Attestor/StellaOps.Attestor | Attestation claims builder verified; TRX archived. | CONCELIER-AIAI-31-002; ELOCKER-CONTRACT-2001 | ATEL0102 |
| ATTEST-73-002 | DONE (2025-11-25) | 2025-11-25 | SPRINT_110_ingestion_evidence | Concelier Core · Evidence Locker Guild | src/Attestor/StellaOps.Attestor | Internal verify endpoint validated; TRX archived. | CONCELIER-AIAI-31-002; ELOCKER-CONTRACT-2001 | ATEL0102 |
| ATTEST-73-003 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild · Policy Guild | docs/modules/attestor | Wait for ATEL0102 evidence | Wait for ATEL0102 evidence | DOAT0102 |
| ATTEST-73-004 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild · Attestor Service Guild | docs/modules/attestor | Depends on #1 | Depends on #1 | DOAT0102 |
| ATTEST-74-001 | DOING | | SPRINT_0170_0001_0001_notifications_telemetry | Notifications Service Guild · Attestor Service Guild | src/Notify/StellaOps.Notify | Needs DSSE schema sign-off | Needs DSSE schema sign-off | NOTY0102 |
| ATTEST-74-002 | DOING | | SPRINT_0170_0001_0001_notifications_telemetry | Notifications Service Guild | src/Notify/StellaOps.Notify | Depends on #1 | Depends on #1 | NOTY0102 |
| ATTEST-74-003 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild · Attestor Console Guild | docs/modules/attestor | Depends on NOTY0102 | Depends on NOTY0102 | DOAT0102 |
| ATTEST-74-004 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild · CLI Attestor Guild | docs/modules/attestor | Depends on NOTY0102 | Depends on NOTY0102 | DOAT0102 |
| ATTEST-75-001 | TODO | | SPRINT_160_export_evidence | Docs Guild · Export Attestation Guild | docs/modules/attestor | Needs Export bundle schema (ECOB0101) | Needs Export bundle schema (ECOB0101) | DOAT0102 |
| ATTEST-75-002 | TODO | | SPRINT_160_export_evidence | Docs Guild · Security Guild | docs/modules/attestor | Depends on #5 | Depends on #5 | DOAT0102 |
| ATTEST-REPLAY-187-003 | TODO | | SPRINT_0187_0001_0001_evidence_locker_cli_integration | Attestor Guild (src/Attestor/StellaOps.Attestor) | `src/Attestor/StellaOps.Attestor`, `docs/modules/attestor/architecture.md` | Wire Attestor/Rekor anchoring for replay manifests and capture verification APIs; extend `docs/modules/attestor/architecture.md` with a replay ledger flow referencing `docs/replay/DETERMINISTIC_REPLAY.md` Section 9. | Align replay payload schema with RPRC0101 | ATRE0101 |
| ATTESTOR-DOCS-0001 | DONE | 2025-11-05 | SPRINT_313_docs_modules_attestor | Docs Guild | docs/modules/attestor | Validate that `docs/modules/attestor/README.md` matches the latest release notes and attestation samples. | | DOAT0102 |
| ATTESTOR-ENG-0001 | TODO | | SPRINT_313_docs_modules_attestor | Module Team | docs/modules/attestor | Cross-check implementation plan milestones against `/docs/implplan/SPRINT_*.md` and update module readiness checkpoints. | Depends on #1-6 | DOAT0102 |
| ATTESTOR-OPS-0001 | TODO | | SPRINT_313_docs_modules_attestor | Ops Guild | docs/modules/attestor | Review runbooks/observability assets after the next sprint demo and capture findings inline with sprint notes. | Depends on #1-6 | DOAT0102 |
| AUTH-AIRGAP-57-001 | DONE (2025-11-08) | 2025-11-08 | SPRINT_100_identity_signing | Authority Core & Security Guild, DevOps Guild (src/Authority/StellaOps.Authority) | src/Authority/StellaOps.Authority | Enforce sealed-mode CI gating by refusing token issuance when declared sealed install lacks sealing confirmation. | AUTH-AIRGAP-56-001; DEVOPS-AIRGAP-57-002 | AUIN0101 |
| AUTH-CRYPTO-90-001 | DOING | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Authority Core & Security Guild | src/Authority/StellaOps.Authority | Migrate Authority signing/key-loading paths (provider registry + crypto hash) so regional bundles can select sovereign providers per docs/security/crypto-routing-audit-2025-11-07.md. | Finalize sovereign crypto keystore plan | AUIN0101 |
| AUTH-DPOP-11-001 | DONE (2025-11-08) | 2025-11-08 | SPRINT_100_identity_signing | Authority Core & Security Guild (src/Authority/StellaOps.Authority) | src/Authority/StellaOps.Authority | DPoP validation now runs for every `/token` grant, interactive tokens inherit `cnf.jkt`/sender claims, and docs/tests document the expanded coverage. | AUTH-AOC-19-002 | AUIN0101 |
| AUTH-MTLS-11-002 | DONE (2025-11-08) | 2025-11-08 | SPRINT_100_identity_signing | Authority Core & Security Guild (src/Authority/StellaOps.Authority) | src/Authority/StellaOps.Authority | Refresh grants now enforce the original client certificate, tokens persist `x5t#S256`/hex metadata via shared helper, and docs/JWKS guidance call out the mTLS binding expectations. | AUTH-DPOP-11-001 | AUIN0101 |
| AUTH-PACKS-43-001 | DONE (2025-11-09) | 2025-11-09 | SPRINT_100_identity_signing | Authority Core & Security Guild (src/Authority/StellaOps.Authority) | src/Authority/StellaOps.Authority | Enforce pack signing policies, approval RBAC checks, CLI CI token scopes, and audit logging for approvals. | AUTH-PACKS-41-001; TASKRUN-42-001; ORCH-SVC-42-101 | AUIN0101 |
| AUTH-REACH-401-005 | DONE (2025-11-27) | 2025-11-27 | SPRINT_0401_0001_0001_reachability_evidence_chain | Authority & Signer Guilds | `src/Authority/StellaOps.Authority`, `src/Signer/StellaOps.Signer` | Predicate types exist (stella.ops/vexDecision@v1 etc.); IAuthorityDsseStatementSigner created with ICryptoProviderRegistry; Rekor via existing IRekorClient. | Coordinate with replay reachability owners | AUIN0101 |
| AUTH-VERIFY-186-007 | TODO | | SPRINT_0186_0001_0001_record_deterministic_execution | Authority Guild · Provenance Guild | `src/Authority/StellaOps.Authority`, `src/Provenance/StellaOps.Provenance.Attestation` | Expose an Authority-side verification helper/service that validates DSSE signatures and Rekor proofs for promotion attestations using trusted checkpoints, enabling offline audit flows. | Await PROB0101 provenance harness | AUIN0101 |
| AUTHORITY-DOCS-0001 | TODO | | SPRINT_314_docs_modules_authority | Docs Guild (docs/modules/authority) | docs/modules/authority | See ./AGENTS.md | Wait for AUIN0101 sign-off | DOAU0101 |
| AUTHORITY-ENG-0001 | TODO | | SPRINT_314_docs_modules_authority | Module Team (docs/modules/authority) | docs/modules/authority | Update status via ./AGENTS.md workflow | Depends on #1 | DOAU0101 |
| AUTHORITY-OPS-0001 | TODO | | SPRINT_314_docs_modules_authority | Ops Guild (docs/modules/authority) | docs/modules/authority | Sync outcomes back to ../.. | Depends on #1 | DOAU0101 |
| AUTO-401-019 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Benchmarks Guild | `docs/benchmarks/vex-evidence-playbook.md`, `scripts/bench/**` | Align with PROB0101 schema | Align with PROB0101 schema | RBBN0101 |
| BACKFILL-401-029 | DOING | | SPRINT_0401_0001_0001_reachability_evidence_chain | Platform Guild | `docs/provenance/inline-dsse.md`, `scripts/publish_attestation_with_provenance.sh` | Align output schema with PROB0101 | Align output schema with PROB0101 | RBRE0101 |
| BENCH-AUTO-401-019 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Benchmarks Guild | `docs/benchmarks/vex-evidence-playbook.md`, `scripts/bench/**` | Create automation to populate `bench/findings/**`, run baseline scanners (Trivy/Syft/Grype/Snyk/Xray), compute FP/MTTD/repro metrics, and update `results/summary.csv`. | Depends on #1 | RBBN0101 |
| BENCH-GRAPH-21-001 | BLOCKED | 2025-10-27 | SPRINT_512_bench | Bench Guild · Graph Platform Guild | src/Bench/StellaOps.Bench | Build graph viewport/path benchmark harness (50k/100k nodes) measuring Graph API/Indexer latency, memory, and tile cache hit rates. *(Executed within Sprint 28 Graph program).* | Wait for CAGR0101 outputs | RBBN0102 |
| BENCH-GRAPH-21-002 | BLOCKED | 2025-10-27 | SPRINT_512_bench | Bench Guild · UI Guild | src/Bench/StellaOps.Bench | Add headless UI load benchmark (Playwright) for graph canvas interactions to track render times and FPS budgets. *(Executed within Sprint 28 Graph program).*. Dependencies: BENCH-GRAPH-21-001. | Depends on #1 | RBBN0102 |
| BENCH-GRAPH-24-002 | TODO | | SPRINT_512_bench | Bench Guild · UI Guild | src/Bench/StellaOps.Bench | Implement UI interaction benchmarks (filter/zoom/table operations) citing p95 latency; integrate with perf dashboards. Dependencies: BENCH-GRAPH-21-002. | Align with ORTR0101 job metadata | RBBN0102 |
| BENCH-IMPACT-16-001 | TODO | | SPRINT_512_bench | Bench Guild · Scheduler Team | src/Bench/StellaOps.Bench | ImpactIndex throughput bench (resolve 10k productKeys) + RAM profile. | Needs Scheduler signals from ORTR0102 | RBBN0102 |
| BENCH-POLICY-20-002 | TODO | | SPRINT_512_bench | Bench Guild · Policy Guild | src/Bench/StellaOps.Bench | Add incremental run benchmark measuring delta evaluation vs full; capture SLA compliance. | Wait for PLLG0104 ledger events | RBBN0102 |
| BENCH-SIG-26-001 | TODO | | SPRINT_512_bench | Bench Guild · Signals Guild | src/Bench/StellaOps.Bench | Develop benchmark for reachability scoring pipeline (facts/sec, latency, memory) using synthetic callgraphs/runtime batches. | Needs SGSI0101 runtime feed | RBBN0102 |
| BENCH-SIG-26-002 | TODO | | SPRINT_512_bench | Bench Guild · Policy Guild | src/Bench/StellaOps.Bench | Measure policy evaluation overhead with reachability cache hot/cold; ensure ≤8 ms p95 added latency. Dependencies: BENCH-SIG-26-001. | Depends on #6 | RBBN0102 |
| BUNDLE-401-014 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Symbols Guild | `src/Symbols/StellaOps.Symbols.Bundle` | Needs RBRE0101 provenance payload | Needs RBRE0101 provenance payload | RBSY0101 |
| BUNDLE-69-001 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | Risk Bundle Export Guild · Risk Engine Guild | src/ExportCenter/StellaOps.ExportCenter.RiskBundles | Align with ATEL0102 DSSE outputs | Align with ATEL0102 DSSE outputs | RBRB0101 |
| BUNDLE-69-002 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | Risk Bundle Export Guild · DevOps Guild | src/ExportCenter/StellaOps.ExportCenter.RiskBundles | Depends on #1 | Depends on #1 | RBRB0101 |
| BUNDLE-70-001 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | Risk Bundle Export Guild · CLI Guild | src/ExportCenter/StellaOps.ExportCenter.RiskBundles | Needs CLI export contract from CLCI0104 | Needs CLI export contract from CLCI0104 | RBRB0101 |
| BUNDLE-70-002 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | Risk Bundle Export Guild · Docs Guild | src/ExportCenter/StellaOps.ExportCenter.RiskBundles | Depends on #3 | Depends on #3 | RBRB0101 |
| CAS-401-001 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Scanner Worker Guild | `src/Scanner/StellaOps.Scanner.Worker` | Wait for RBRE0101 DSSE hashes | Wait for RBRE0101 DSSE hashes | CASC0101 |
| CCCS-02-009 | TODO | | SPRINT_117_concelier_vi | Concelier Connector Guild CCCS | src/Concelier/__Libraries/StellaOps.Concelier.Connector.Cccs | Implement restart-safe watermark + schema tests. | Confirm CCCS ingest watermark | CCFD0101 |
| CENTER-ENG-0001 | TODO | | SPRINT_320_docs_modules_export_center | Module Team · Export Center Guild | docs/modules/export-center | Wait for RBRB0101 bundle sample | Wait for RBRB0101 bundle sample | DOEC0101 |
| CENTER-OPS-0001 | TODO | | SPRINT_320_docs_modules_export_center | Ops Guild · Export Center Guild | docs/modules/export-center | Depends on #1 | Depends on #1 | DOEC0101 |
| CERTBUND-02-010 | TODO | | SPRINT_117_concelier_vi | Concelier Connector Guild CertBund | src/Concelier/__Libraries/StellaOps.Concelier.Connector.CertBund | Update parser + CAS hashing. | Align with German CERT schema changes | CCFD0101 |
| CISCO-02-009 | DOING | 2025-11-08 | SPRINT_117_concelier_vi | Concelier Connector Guild Cisco | src/Concelier/__Libraries/StellaOps.Concelier.Connector.Vndr.Cisco | Harden retry + provenance logging. | Needs vendor API tokens rotated | CCFD0101 |
| CLI-0001 | DONE | 2025-11-10 | SPRINT_0138_0001_0001_scanner_ruby_parity | CLI Guild, Ruby Analyzer Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | SCANNER-ENG-0019 | SCANNER-ENG-0019 | CLCI0101 |
| CLI-401-007 | BLOCKED | 2025-11-25 | SPRINT_0401_0001_0001_reachability_evidence_chain | UI & CLI Guilds (`src/Cli/StellaOps.Cli`, `src/UI/StellaOps.UI`) | `src/Cli/StellaOps.Cli`, `src/UI/StellaOps.UI` | Awaiting reachability evidence chain contract (policies/schemas) and UI spec | — | CLCI0101 |
| CLI-401-021 | BLOCKED | 2025-11-25 | SPRINT_0401_0001_0001_reachability_evidence_chain | CLI Guild · DevOps Guild (`src/Cli/StellaOps.Cli`, `scripts/ci/attest-*`, `docs/modules/attestor/architecture.md`) | `src/Cli/StellaOps.Cli`, `scripts/ci/attest-*`, `docs/modules/attestor/architecture.md` | Awaiting reachability chain CI/attestor contract and fixtures | — | CLCI0101 |
| CLI-41-001 | BLOCKED | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, DevEx/CLI Guild (docs) | | Superseded by DOCS-CLI-41-001 scope; no separate definition provided. | Pending clarified scope | CLCI0101 |
| CLI-42-001 | BLOCKED | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild (docs) | | Superseded by DOCS-CLI-42-001; scope not defined separately. | Pending clarified scope | CLCI0101 |
| CLI-43-002 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild, Task Runner Guild (ops/devops) | ops/devops | — | — | CLCI0101 |
| CLI-43-003 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild, DevEx/CLI Guild (ops/devops) | ops/devops | — | — | CLCI0101 |
| CLI-AIAI-31-001 | DONE | 2025-11-24 | SPRINT_0201_0001_0001_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella advise summarize` command with JSON/Markdown outputs and citation display. | — | CLCI0101 |
| CLI-AIAI-31-002 | DONE | 2025-11-24 | SPRINT_0201_0001_0001_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella advise explain` showing conflict narrative and structured rationale. Dependencies: CLI-AIAI-31-001. | — | CLCI0101 |
| CLI-AIRGAP-56-001 | BLOCKED | 2025-11-22 | SPRINT_0201_0001_0001_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella mirror create` for air-gap bootstrap. Blocked: mirror bundle contract/spec (schema/signing/digests) not available to CLI. | — | CLCI0102 |
| CLI-AIAI-31-003 | DONE | 2025-11-24 | SPRINT_0201_0001_0001_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella advise remediate` generating remediation plans with `--strategy` filters and file output. Dependencies: CLI-AIAI-31-002. | — | CLCI0101 |
| CLI-AIAI-31-004 | DONE | 2025-11-24 | SPRINT_0201_0001_0001_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella advise batch` for summaries/conflicts/remediation with progress + multi-status responses. Dependencies: CLI-AIAI-31-003. | — | CLCI0102 |
| CLI-AIRGAP-56-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | | PROGRAM-STAFF-1001 | PROGRAM-STAFF-1001 | ATMI0102 |
| CLI-AIRGAP-56-002 | BLOCKED | 2025-11-25 | SPRINT_0201_0001_0001_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Ensure telemetry propagation under sealed mode (no remote exporters) while preserving correlation IDs; add label `AirGapped-Phase-1`. Dependencies: CLI-AIRGAP-56-001. | Blocked: CLI-AIRGAP-56-001 waiting for mirror bundle contract/spec | CLCI0102 |
| CLI-AIRGAP-57-001 | BLOCKED | 2025-11-25 | SPRINT_0201_0001_0001_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Add `stella airgap import` with diff preview, bundle scope selection (`--tenant`, `--global`), audit logging, and progress reporting. Dependencies: CLI-AIRGAP-56-002. | Blocked: upstream CLI-AIRGAP-56-002 | CLCI0102 |
| CLI-AIRGAP-57-002 | BLOCKED | 2025-11-25 | SPRINT_0201_0001_0001_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Provide `stella airgap seal` helper. Dependencies: CLI-AIRGAP-57-001. | Blocked: upstream CLI-AIRGAP-57-001 | CLCI0102 |
| CLI-AIRGAP-58-001 | BLOCKED | 2025-11-25 | SPRINT_0201_0001_0001_cli_i | DevEx/CLI Guild, Evidence Locker Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella airgap export evidence` helper for portable evidence packages, including checksum manifest and verification. Dependencies: CLI-AIRGAP-57-002. | Blocked: upstream CLI-AIRGAP-57-002 | CLCI0102 |
| CLI-ATTEST-73-001 | BLOCKED | 2025-11-22 | SPRINT_0201_0001_0001_cli_i | CLI Attestor Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella attest sign` (payload selection, subject digest, key reference, output format) using official SDK transport. Blocked: Scanner analyzer compile failures break CLI build; attestor SDK transport contract not provided. | — | CLCI0102 |
| CLI-ATTEST-73-002 | BLOCKED | 2025-11-25 | SPRINT_0201_0001_0001_cli_i | CLI Attestor Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella attest verify` with policy selection, explainability output, and JSON/table formatting. Dependencies: CLI-ATTEST-73-001. | Blocked: upstream CLI-ATTEST-73-001 | CLCI0102 |
| CLI-ATTEST-74-001 | BLOCKED | 2025-11-25 | SPRINT_0201_0001_0001_cli_i | CLI Attestor Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella attest list` with filters (subject, type, issuer, scope) and pagination. Dependencies: CLI-ATTEST-73-002. | Blocked: upstream CLI-ATTEST-73-002 | CLCI0102 |
| CLI-ATTEST-74-002 | BLOCKED | 2025-11-25 | SPRINT_0201_0001_0001_cli_i | CLI Attestor Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella attest fetch` to download envelopes and payloads to disk. Dependencies: CLI-ATTEST-74-001. | Blocked: upstream CLI-ATTEST-74-001 | CLCI0102 |
| CLI-ATTEST-75-001 | TODO | | SPRINT_0201_0001_0001_cli_i | CLI Attestor Guild, KMS Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella attest key create. Dependencies: CLI-ATTEST-74-002. | — | CLCI0102 |
| CLI-ATTEST-75-002 | TODO | | SPRINT_0201_0001_0001_cli_i | CLI Attestor Guild | src/Cli/StellaOps.Cli | Add support for building/verifying attestation bundles in CLI. Dependencies: CLI-ATTEST-75-001. | Wait for ATEL0102 outputs | CLCI0109 |
| CLI-CORE-41-001 | TODO | | SPRINT_0202_0001_0002_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement CLI core features: config precedence, profiles/contexts, auth flows, output renderer (json/yaml/table), error mapping, global flags, telemetry opt-in. | — | CLCI0103 |
| CLI-DET-01 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · DevEx/CLI Guild | | CLI-SBOM-60-001; CLI-SBOM-60-002 | CLI-SBOM-60-001; CLI-SBOM-60-002 | CLCI0103 |
| CLI-DETER-70-003 | DONE | 2025-11-28 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild, Scanner Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Provide `stella detscore run` that executes the determinism harness locally (fixed clock, seeded RNG, canonical hashes) and writes `determinism.json`, supporting CI/non-zero threshold exit codes (`docs/modules/scanner/determinism-score.md`). | — | CLCI0103 |
| CLI-DETER-70-004 | TODO | | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Add `stella detscore report` to summarise published `determinism.json` files (overall score, per-image matrix) and integrate with release notes/air-gap kits (`docs/modules/scanner/determinism-score.md`). Dependencies: CLI-DETER-70-003. | — | CLCI0103 |
| CLI-DOCS-0001 | TODO | | SPRINT_316_docs_modules_cli | Docs Guild (docs/modules/cli) | docs/modules/cli | See ./AGENTS.md | — | CLCI0103 |
| CLI-EDITOR-401-004 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | CLI Guild (`src/Cli/StellaOps.Cli`, `docs/policy/lifecycle.md`) | `src/Cli/StellaOps.Cli`, `docs/policy/lifecycle.md` | Enhance `stella policy` CLI verbs (edit/lint/simulate) to edit Git-backed `.dsl` files, run local coverage tests, and commit SemVer metadata. | — | CLCI0103 |
| CLI-ENG-0001 | TODO | | SPRINT_316_docs_modules_cli | Module Team (docs/modules/cli) | docs/modules/cli | Update status via ./AGENTS.md workflow | — | CLCI0103 |
| CLI-EXC-25-001 | DONE | 2025-11-28 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella exceptions list | — | CLCI0103 |
| CLI-EXC-25-002 | DONE | 2025-11-28 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Extend `stella policy simulate` with `--with-exception`/`--without-exception` flags to preview exception impact. Dependencies: CLI-EXC-25-001. | — | CLCI0103 |
| CLI-EXPORT-35-001 | BLOCKED | 2025-10-29 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella export profiles | CLCI0103 | CLCI0104 |
| CLI-EXPORT-36-001 | BLOCKED | 2025-11-30 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Add distribution commands (`stella export distribute`, `run download --resume` enhancements) and improved status polling with progress bars. Dependencies: CLI-EXPORT-35-001. | — | CLCI0104 |
| CLI-EXPORT-37-001 | BLOCKED | 2025-11-30 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Provide scheduling (`stella export schedule`), retention, and `export verify` commands performing signature/hash validation. Dependencies: CLI-EXPORT-36-001. | — | CLCI0104 |
| CLI-FORENSICS-53-001 | DONE | 2025-11-28 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild, Evidence Locker Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella forensic snapshot create --case` and `snapshot list/show` commands invoking evidence locker APIs, surfacing manifest digests, and storing local cache metadata. | — | CLCI0104 |
| CLI-FORENSICS-54-001 | DONE | 2025-11-28 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild, Provenance Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Provide `stella forensic verify <bundle>` command validating checksums, DSSE signatures, and timeline chain-of-custody. Support JSON/pretty output and exit codes for CI. Dependencies: CLI-FORENSICS-53-001. | — | CLCI0104 |
| CLI-FORENSICS-54-002 | DONE | 2025-11-28 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild, Provenance Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella forensic attest show <artifact>` listing attestation details (signer, timestamp, subjects) and verifying signatures. Dependencies: CLI-FORENSICS-54-001. | — | CLCI0104 |
| CLI-LNM-22-001 | DONE | 2025-11-28 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella advisory obs get/linkset show/export` commands with JSON/OSV output, pagination, and conflict display; ensure `ERR_AGG_*` mapping. | — | CLCI0103 |
| CLI-LNM-22-002 | DONE | 2025-11-28 | SPRINT_0202_0001_0001_cli_ii | CLI Guild · Concelier Guild | src/Cli/StellaOps.Cli | Implement `stella vex obs get/linkset show` commands with product filters, status filters, and JSON output for CI usage. Dependencies: CLI-LNM-22-001. | Needs CCLN0102 API contract | CLCI0109 |
| CLI-NOTIFY-38-001 | BLOCKED | 2025-10-29 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella notify rules | CLCI0103 | CLCI0104 |
| CLI-NOTIFY-39-001 | BLOCKED | 2025-10-29 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Add simulation (`stella notify simulate`) and digest commands with diff output and schedule triggering, including dry-run mode. Dependencies: CLI-NOTIFY-38-001. | CLCI0103 | CLCI0104 |
| CLI-NOTIFY-40-001 | BLOCKED | 2025-11-30 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Provide ack token redemption workflow, escalation management, localization previews, and channel health checks. Dependencies: CLI-NOTIFY-39-001. | — | CLCI0104 |
| CLI-OBS-50-001 | DONE | 2025-11-28 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Ensure CLI HTTP client propagates `traceparent` headers for all commands, prints correlation IDs on failure, and records trace IDs in verbose logs (scrubbed). | — | CLCI0104 |
| CLI-OBS-51-001 | TODO | | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella obs top` command streaming service health metrics, SLO status, and burn-rate alerts with TUI view and JSON output. Dependencies: CLI-OBS-50-001. | — | CLCI0105 |
| CLI-OBS-52-001 | TODO | | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add `stella obs trace <trace_id>` and `stella obs logs --from/--to` commands that correlate timeline events, logs, and evidence links with pagination + guardrails. Dependencies: CLI-OBS-51-001. | — | CLCI0105 |
| CLI-OBS-55-001 | TODO | | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild · DevOps Guild | src/Cli/StellaOps.Cli | Add `stella obs incident-mode enable. Dependencies: CLI-OBS-52-001. | — | CLCI0105 |
| CLI-OPS-0001 | TODO | | SPRINT_316_docs_modules_cli | Ops Guild (docs/modules/cli) | docs/modules/cli | Sync outcomes back to ../.. | — | CLCI0105 |
| CLI-ORCH-32-001 | TODO | | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella orch sources | ORGR0101 hand-off | CLCI0105 |
| CLI-ORCH-33-001 | TODO | | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add action verbs (`sources test. Dependencies: CLI-ORCH-32-001. | ORGR0101 hand-off | CLCI0105 |
| CLI-ORCH-34-001 | TODO | | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Provide backfill wizard (`--from/--to --dry-run`), quota management (`quotas get. Dependencies: CLI-ORCH-33-001. | ORGR0102 API review | CLCI0105 |
| CLI-PACKS-42-001 | TODO | | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement Task Pack commands (`pack plan/run/push/pull/verify`) with schema validation, expression sandbox, plan/simulate engine, remote execution. | — | CLCI0105 |
| CLI-PACKS-43-001 | TODO | | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Deliver advanced pack features (approvals pause/resume, secret injection, localization, man pages, offline cache). Dependencies: CLI-PACKS-42-001. | Offline kit schema sign-off | CLCI0105 |
| CLI-PACKS-43-002 | TODO | | SPRINT_0508_0001_0001_ops_offline_kit | Offline Kit Guild · Packs Registry Guild | ops/offline-kit | Bundle Task Pack samples, registry mirror seeds, Task Runner configs, and CLI binaries with checksums into Offline Kit. | CLI-PACKS-43-001 | CLCI0105 |
| CLI-PARITY-41-001 | TODO | | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Deliver parity command groups (`policy`, `sbom`, `vuln`, `vex`, `advisory`, `export`, `orchestrator`) with `--explain`, deterministic outputs, and parity matrix entries. | — | CLCI0106 |
| CLI-PARITY-41-002 | TODO | | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `notify`, `aoc`, `auth` command groups, idempotency keys, shell completions, config docs, and parity matrix export tooling. Dependencies: CLI-PARITY-41-001. | — | CLCI0106 |
| CLI-POLICY-20-001 | TODO | | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add `stella policy new | PLPE0101 completion | CLCI0106 |
| CLI-POLICY-23-004 | TODO | | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add `stella policy lint` command validating SPL files with compiler diagnostics; support JSON output. Dependencies: CLI-POLICY-20-001. | PLPE0102 readiness | CLCI0106 |
| CLI-POLICY-23-006 | TODO | | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Provide `stella policy history` and `stella policy explain` commands to pull run history and explanation trees. Dependencies: CLI-POLICY-23-005. | — | CLCI0106 |
| CLI-POLICY-27-001 | TODO | | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement policy workspace commands (`stella policy init`, `edit`, `lint`, `compile`, `test`) with template selection, local cache, JSON output, and deterministic temp directories. Dependencies: CLI-POLICY-23-006. | Ledger API exposure | CLCI0106 |
| CLI-POLICY-27-002 | TODO | | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add submission/review workflow commands (`stella policy version bump`, `submit`, `review comment`, `approve`, `reject`) supporting reviewer assignment, changelog capture, and exit codes. Dependencies: CLI-POLICY-27-001. | CLI-POLICY-27-001 | CLCI0106 |
| CLI-POLICY-27-003 | TODO | | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella policy simulate` enhancements (quick vs batch, SBOM selectors, heatmap summary, manifest download) with `--json` and Markdown report output for CI. Dependencies: CLI-POLICY-27-002. | CLI-POLICY-27-002 | CLCI0106 |
| CLI-POLICY-27-004 | TODO | | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add lifecycle commands for publish/promote/rollback/sign (`stella policy publish --sign`, `promote --env`, `rollback`) with attestation verification and canary arguments. Dependencies: CLI-POLICY-27-003. | CLI-POLICY-27-003 | CLCI0106 |
| CLI-POLICY-27-005 | TODO | | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild · Docs Guild | src/Cli/StellaOps.Cli | Update CLI reference and samples for Policy Studio including JSON schemas, exit codes, and CI snippets. Dependencies: CLI-POLICY-27-004. | CLI-POLICY-27-004 | CLCI0106 |
| CLI-POLICY-27-006 | TODO | | SPRINT_0204_0001_0004_cli_iv | CLI Guild · Policy Guild | src/Cli/StellaOps.Cli | Update CLI policy profiles/help text to request the new Policy Studio scope family, surface ProblemDetails guidance for `invalid_scope`, and adjust regression tests for scope failures. Dependencies: CLI-POLICY-27-005. | Depends on #2 | CLCI0109 |
| CLI-PROMO-70-001 | TODO | | SPRINT_0202_0001_0002_cli_ii | DevEx/CLI Guild · Provenance Guild | src/Cli/StellaOps.Cli | Add `stella promotion assemble` command that resolves image digests, hashes SBOM/VEX artifacts, fetches Rekor proofs from Attestor, and emits the `stella.ops/promotion@v1` JSON payload (see `docs/release/promotion-attestations.md`). | Mirror attestation inputs | CLCI0108 |
| CLI-PROMO-70-002 | TODO | | SPRINT_0203_0001_0003_cli_iii | CLI Guild · Marketing Guild | src/Cli/StellaOps.Cli | Implement `stella promotion attest` / `promotion verify` commands that sign the promotion payload via Signer, retrieve DSSE bundles from Attestor, and perform offline verification against trusted checkpoints (`docs/release/promotion-attestations.md`). Dependencies: CLI-PROMO-70-001. | Needs revised DSSE plan | CLCI0109 |
| CLI-REPLAY-187-002 | TODO | | SPRINT_160_export_evidence | CLI Guild · Replay Guild | `src/Cli/StellaOps.Cli` | CLI Guild · `docs/modules/cli/architecture.md` | Requires RBRE0101 recorder schema | CLCI0109 |
| CLI-RISK-66-001 | TODO | | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild · Policy Guild | src/Cli/StellaOps.Cli | Implement `stella risk profile list | Ledger scores ready | CLCI0108 |
| CLI-RISK-66-002 | TODO | | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild · Risk Engine Guild | src/Cli/StellaOps.Cli | Ship `stella risk simulate` supporting SBOM/asset inputs, diff mode, and export to JSON/CSV. Dependencies: CLI-RISK-66-001. | CLI-RISK-66-001 | CLCI0108 |
| CLI-RISK-67-001 | TODO | | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild · Findings Ledger Guild | src/Cli/StellaOps.Cli | Provide `stella risk results` with filtering, severity thresholds, explainability fetch. Dependencies: CLI-RISK-66-002. | CLI-RISK-66-002 | CLCI0108 |
| CLI-RISK-68-001 | TODO | | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild · Export Guild | src/Cli/StellaOps.Cli | Add `stella risk bundle verify` and integrate with offline risk bundles. Dependencies: CLI-RISK-67-001. | CLI-RISK-67-001 | CLCI0108 |
| CLI-SBOM-60-001 | TODO | | SPRINT_0203_0001_0003_cli_iii | CLI Guild · Scanner Guild | src/Cli/StellaOps.Cli | Ship `stella sbomer layer`/`compose` verbs that capture per-layer fragments, run canonicalization, verify fragment DSSE, and emit `_composition.json` + Merkle diagnostics (ref `docs/modules/scanner/deterministic-sbom-compose.md`). Dependencies: CLI-PARITY-41-001, SCANNER-SURFACE-04. | Wait for CASC0101 manifest | CLSB0101 |
| CLI-SBOM-60-002 | TODO | | SPRINT_0203_0001_0003_cli_iii | CLI Guild | src/Cli/StellaOps.Cli | Add `stella sbomer drift --explain` + `verify` commands that rerun composition locally, highlight which arrays/keys broke determinism, and integrate with Offline Kit bundles. Dependencies: CLI-SBOM-60-001. | Depends on #1 | CLSB0101 |
| CLI-SDK-62-001 | TODO | | SPRINT_0204_0001_0004_cli_iv | CLI Guild · SDK Guild | src/Cli/StellaOps.Cli | Replace bespoke HTTP clients with official SDK (TS/Go) for all CLI commands; ensure modular transport for air-gapped mode. | Align with SDK generator sprint | CLSB0101 |
| CLI-SDK-62-002 | TODO | | SPRINT_0204_0001_0004_cli_iv | CLI Guild | src/Cli/StellaOps.Cli | Update CLI error handling to surface standardized API error envelope with `error.code` and `trace_id`. Dependencies: CLI-SDK-62-001. | Depends on #3 | CLSB0101 |
| CLI-SDK-63-001 | TODO | | SPRINT_0204_0001_0004_cli_iv | CLI Guild | src/Cli/StellaOps.Cli | Expose `stella api spec download` command retrieving aggregate OAS and verifying checksum/ETag. Dependencies: CLI-SDK-62-002. | Needs CAS graph (CASC0101) | CLSB0101 |
| CLI-SDK-64-001 | TODO | | SPRINT_0204_0001_0004_cli_iv | CLI Guild | src/Cli/StellaOps.Cli | Add CLI subcommand `stella sdk update` to fetch latest SDK manifests/changelogs; integrate with Notifications for deprecations. Dependencies: CLI-SDK-63-001. | Depends on #5 | CLSB0101 |
| CLI-SIG-26-001 | TODO | | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella reachability upload-callgraph` and `stella reachability list/explain` commands with streaming upload, pagination, and exit codes. | ATEL0101 signing plan | CLCI0108 |
| CLI-SIG-26-002 | TODO | | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Extend `stella policy simulate` with reachability override flags (`--reachability-state`, `--reachability-score`). Dependencies: CLI-SIG-26-001. | CLI-SIG-26-001 | CLCI0108 |
| CLI-TEN-47-001 | TODO | | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella login`, `whoami`, `tenants list`, persistent profiles, secure token storage, and `--tenant` override with validation. | — | CLCI0108 |
| CLI-TEN-49-001 | TODO | | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add service account token minting, delegation (`stella token delegate`), impersonation banner, and audit-friendly logging. Dependencies: CLI-TEN-47-001. | CLI-TEN-47-001 | CLCI0108 |
| CLI-VEX-30-001 | TODO | | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella vex consensus list` with filters, paging, policy selection, `--json/--csv`. | PLVL0102 completion | CLCI0107 |
| CLI-VEX-30-002 | TODO | | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella vex consensus show` displaying quorum, evidence, rationale, signature status. Dependencies: CLI-VEX-30-001. | CLI-VEX-30-001 | CLCI0107 |
| CLI-VEX-30-003 | TODO | | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella vex simulate` for trust/threshold overrides with JSON diff output. Dependencies: CLI-VEX-30-002. | CLI-VEX-30-002 | CLCI0107 |
| CLI-VEX-30-004 | TODO | | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella vex export` for consensus NDJSON bundles with signature verification helper. Dependencies: CLI-VEX-30-003. | CLI-VEX-30-003 | CLCI0107 |
| CLI-VEX-401-011 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | CLI Guild | `src/Cli/StellaOps.Cli`, `docs/modules/cli/architecture.md`, `docs/benchmarks/vex-evidence-playbook.md` | Add `stella decision export | Reachability API exposure | CLCI0107 |
| CLI-VULN-29-001 | TODO | | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella vuln list` with grouping, paging, filters, `--json/--csv`, and policy selection. | — | CLCI0107 |
| CLI-VULN-29-002 | TODO | | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella vuln show` displaying evidence, policy rationale, paths, ledger summary; support `--json` for automation. Dependencies: CLI-VULN-29-001. | CLI-VULN-29-001 | CLCI0107 |
| CLI-VULN-29-003 | TODO | | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add workflow commands (`assign`, `comment`, `accept-risk`, `verify-fix`, `target-fix`, `reopen`) with filter selection (`--filter`) and idempotent retries. Dependencies: CLI-VULN-29-002. | CLI-VULN-29-002 | CLCI0107 |
| CLI-VULN-29-004 | TODO | | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella vuln simulate` producing delta summaries and optional Markdown report for CI. Dependencies: CLI-VULN-29-003. | CLI-VULN-29-003 | CLCI0107 |
| CLI-VULN-29-005 | TODO | | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add `stella vuln export` and `stella vuln bundle verify` commands to trigger/download evidence bundles and verify signatures. Dependencies: CLI-VULN-29-004. | CLI-VULN-29-004 | CLCI0107 |
| CLI-VULN-29-006 | TODO | | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild · Docs Guild | src/Cli/StellaOps.Cli | Update CLI docs/examples for Vulnerability Explorer with compliance checklist and CI snippets. Dependencies: CLI-VULN-29-005. | CLI-VULN-29-005 | CLCI0108 |
| CLIENT-401-012 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Symbols Guild | `src/Symbols/StellaOps.Symbols.Client`, `src/Scanner/StellaOps.Scanner.Symbolizer` | Align with symbolizer regression fixtures | Align with symbolizer regression fixtures | RBSY0101 |
| COMPOSE-44-001 | DOING (dev-mock 2025-12-06) | 2025-12-06 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · DevEx Guild | ops/deployment | Author `docker-compose.yml`, `.env.example`, and `quickstart.sh` with all core services + dependencies (postgres, redis, object-store, queue, otel). | Waiting on consolidated service list/version pins from upstream module releases | DVCP0101 |
| COMPOSE-44-002 | TODO | | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild | ops/deployment | Implement `backup.sh` and `reset.sh` scripts with safety prompts and documentation. Dependencies: COMPOSE-44-001. | Depends on #1 | DVCP0101 |
| COMPOSE-44-003 | DOING (dev-mock 2025-12-06) | 2025-12-06 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild | ops/deployment | Package seed data container and onboarding wizard toggle (`QUICKSTART_MODE`), ensuring default creds randomized on first run. Dependencies: COMPOSE-44-002. | Needs RBRE0101 provenance | DVCP0101 |
| CONCELIER-AIAI-31-002 | DONE | 2025-11-18 | SPRINT_110_ingestion_evidence | Concelier Core · Concelier WebService Guilds | | Structured field/caching implementation gated on schema approval. | CONCELIER-GRAPH-21-001; CARTO-GRAPH-21-002 | DOAI0101 |
| CONCELIER-AIAI-31-003 | DONE | 2025-11-12 | SPRINT_110_ingestion_evidence | Docs Guild · Concelier Observability Guild | docs/modules/concelier/observability.md | Telemetry counters/histograms live for Advisory AI dashboards. | Summarize telemetry evidence | DOCO0101 |
| CONCELIER-AIRGAP-56-001 | DONE (2025-11-24) | | SPRINT_112_concelier_i | Concelier Core Guild | src/Concelier/StellaOps.Concelier.WebService/AirGap | Deterministic air-gap bundle builder with manifest + entry-trace hashes. | docs/runbooks/concelier-airgap-bundle-deploy.md | AGCN0101 |
| CONCELIER-AIRGAP-56-001..58-001 | DONE (2025-11-24) | | SPRINT_110_ingestion_evidence | Concelier Core Guild · Evidence Locker Guild | | Deterministic NDJSON bundle writer + manifest/entry-trace, validator, sealed-mode deploy runbook delivered. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ELOCKER-CONTRACT-2001 | AGCN0101 |
| CONCELIER-AIRGAP-56-002 | DONE (2025-11-24) | | SPRINT_112_concelier_i | Concelier Core Guild · AirGap Importer Guild | src/Concelier/StellaOps.Concelier.WebService/AirGap | Bundle validator (hash/order/entry-trace) and tests. | Delivered alongside 56-001 | AGCN0101 |
| CONCELIER-AIRGAP-57-001 | TODO | | SPRINT_112_concelier_i | Concelier Core Guild · AirGap Policy Guild | | Feature flag + policy that rejects non-mirror connectors with actionable diagnostics; depends on 56-001. | — | ATLN0102 |
| CONCELIER-AIRGAP-57-002 | TODO | | SPRINT_112_concelier_i | Concelier Core Guild · AirGap Time Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Compute `fetchedAt/publishedAt/clockSource` deltas per bundle and expose via observation APIs without mutating evidence; depends on 56-002. | Wait for AIRGAP-TIME-CONTRACT-1501 | CCAN0101 |
| CONCELIER-AIRGAP-58-001 | TODO | | SPRINT_112_concelier_i | Concelier Core Guild · Evidence Locker Guild | | Package advisory observations/linksets + provenance notes (document id + observationPath) into timeline-bound portable bundles with verifier instructions; depends on 57-002. | — | ATLN0102 |
| CONCELIER-ATTEST-73-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_110_ingestion_evidence | Concelier Core · Evidence Locker Guild | src/Concelier/StellaOps.Concelier.WebService | Attestation claims builder verified; Core/WebService attestation suites green (`TestResults/concelier-attestation/core.trx`, `web.trx`). | CONCELIER-AIAI-31-002; ELOCKER-CONTRACT-2001 | CCAN0101 |
| CONCELIER-ATTEST-73-002 | DONE (2025-11-25) | 2025-11-25 | SPRINT_110_ingestion_evidence | Concelier Core · Evidence Locker Guild | src/Concelier/StellaOps.Concelier.WebService | Internal `/internal/attestations/verify` endpoint validated end-to-end; TRX archived under `TestResults/concelier-attestation/web.trx`. | CONCELIER-AIAI-31-002; ELOCKER-CONTRACT-2001 | CCAN0101 |
| CONCELIER-CONSOLE-23-001 | TODO | | SPRINT_112_concelier_i | Concelier WebService Guild · BE-Base Platform Guild | | `/console/advisories` returns grouped linksets with per-source severity/status chips plus `{documentId, observationPath}` provenance references (matching GHSA + Red Hat CVE browser expectations); depends on CONCELIER-LNM-21-201/202. | — | ATLN0102 |
| CONCELIER-CONSOLE-23-001..003 | DONE (2025-11-25) | 2025-11-25 | SPRINT_110_ingestion_evidence | Concelier Console Guild | src/Concelier/StellaOps.Concelier.WebService | Console overlays wired to LNM schema; consumption contract published. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002 | CCLN0102 |
| CONCELIER-CONSOLE-23-002 | TODO | | SPRINT_112_concelier_i | Concelier WebService Guild | | Deterministic “new/modified/conflicting” sets referencing linkset IDs and field paths rather than computed verdicts; depends on 23-001. | — | ATLN0102 |
| CONCELIER-CONSOLE-23-003 | TODO | | SPRINT_112_concelier_i | Concelier WebService Guild | | CVE/GHSA/PURL lookups return observation excerpts, provenance anchors, and cache hints so tenants can preview evidence safely; reuse structured field taxonomy from Workstream A. | — | ATLN0102 |
| CONCELIER-CORE-AOC-19-013 | TODO | | SPRINT_112_concelier_i | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Expand smoke/e2e suites so Authority tokens + tenant headers are mandatory for ingest/read paths (including the new provenance endpoint). Must assert no merge-side effects and that provenance anchors always round-trip. | Must reference AOC guardrails from docs | AGCN0101 |
| CONCELIER-DOCS-0001 | DONE | 2025-11-05 | SPRINT_0317_0001_0001_docs_modules_concelier | Docs Guild | docs/modules/concelier | Validate that `docs/modules/concelier/README.md` reflects the latest release notes and aggregation toggles. | Reference (baseline) | CCDO0101 |
| CONCELIER-ENG-0001 | DONE | 2025-11-25 | SPRINT_0317_0001_0001_docs_modules_concelier | Module Team · Concelier Guild | docs/modules/concelier | Cross-check implementation plan milestones against `/docs/implplan/SPRINT_*.md` and update module readiness checkpoints. | Wait for CCPR0101 validation | CCDO0101 |
| CONCELIER-GRAPH-21-001 | DONE | 2025-11-18 | SPRINT_113_concelier_ii | Concelier Core · Cartographer Guilds | src/Concelier/__Libraries/StellaOps.Concelier.Core | Extend SBOM normalization so every relationship (depends_on, contains, provides) and scope tag is captured as raw observation metadata with provenance pointers; Cartographer can then join SBOM + advisory facts without Concelier inferring impact. | Waiting on Cartographer schema (052_CAGR0101) | AGCN0101 |
| CONCELIER-GRAPH-21-002 | DONE | 2025-11-22 | SPRINT_113_concelier_ii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Publish `sbom.observation.updated` events whenever new SBOM versions arrive, including tenant/context metadata and advisory references—never send judgments, only facts. Depends on CONCELIER-GRAPH-21-001; blocked pending Platform Events/Scheduler contract + event publisher. | Depends on #5 outputs | AGCN0101 |
| CONCELIER-GRAPH-24-101 | TODO | | SPRINT_113_concelier_ii | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Provide `/advisories/summary` responses that bundle observation/linkset metadata (aliases, confidence, conflicts) for graph overlays while keeping upstream values intact. Depends on CONCELIER-GRAPH-21-002. | Wait for CAGR0101 + storage migrations | CCGH0101 |
| CONCELIER-GRAPH-28-102 | TODO | | SPRINT_113_concelier_ii | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Add batch fetch endpoints keyed by component sets so graph tooltips can pull raw observations/linksets efficiently; include provenance + timestamps but no derived severity. Depends on CONCELIER-GRAPH-24-101. | Depends on #1 | CCGH0101 |
| CONCELIER-LNM-21-001 | DONE | 2025-11-17 | SPRINT_113_concelier_ii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Define the immutable `advisory_observations` model (per-source fields, version ranges, severity text, provenance metadata, tenant guards) so every ingestion path records raw statements without merge artifacts. | Needs Link-Not-Merge approval (005_ATLN0101) | AGCN0101 |
| CONCELIER-LNM-21-002 | DONE | 2025-11-22 | SPRINT_113_concelier_ii | Concelier Core Guild · Data Science Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Implement correlation pipelines (alias graph, purl overlap, CVSS vector compare) that output linksets with confidence scores + conflict markers, never collapsing conflicting facts into single values. Depends on CONCELIER-LNM-21-001. | Depends on #7 for precedence rules | AGCN0101 |
| CONCELIER-LNM-21-003 | DONE | 2025-11-22 | SPRINT_113_concelier_ii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Record disagreements (severity, CVSS, references) on linksets as structured conflict entries so consumers can reason about divergence without Concelier resolving it. Depends on CONCELIER-LNM-21-002. | Requires #8 heuristics | AGCN0101 |
| CONCELIER-LNM-21-004 | TODO | | SPRINT_113_concelier_ii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Delete legacy merge/dedup logic, add guardrails/tests to keep ingestion append-only, and document how linksets supersede the old merge outputs. Depends on CONCELIER-LNM-21-003. | Depends on #9 | AGCN0101 |
| CONCELIER-LNM-21-005 | TODO | | SPRINT_113_concelier_ii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Emit `advisory.linkset.updated` events containing delta descriptions + observation ids so downstream evaluators can subscribe deterministically. Depends on CONCELIER-LNM-21-004. | Requires CCLN0101 store changes | CCCO0101 |
| CONCELIER-LNM-21-101 | TODO | | SPRINT_113_concelier_ii | Concelier Storage Guild | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | Provision the Mongo collections (`advisory_observations`, `advisory_linksets`) with hashed shard keys, tenant indexes, and TTL for ingest metadata to support Link-Not-Merge at scale. Depends on CONCELIER-LNM-21-005. | Wait for schema freeze | CCLN0101 |
| CONCELIER-LNM-21-102 | TODO | | SPRINT_113_concelier_ii | Concelier Storage Guild · DevOps Guild | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | Backfill legacy merged advisories into the new observation/linkset collections, seed tombstones for deprecated docs, and provide rollback tooling for Offline Kit operators. Depends on CONCELIER-LNM-21-101. | Depends on #1 | CCLN0101 |
| CONCELIER-LNM-21-103 | TODO | | SPRINT_113_concelier_ii | Concelier Storage Guild (src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo) | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | Move large raw payloads to object storage with deterministic pointers, update bootstrapper/offline kit seeds, and guarantee provenance metadata remains intact. Depends on CONCELIER-LNM-21-102. | — | ATLN0101 |
| CONCELIER-LNM-21-201 | TODO | | SPRINT_113_concelier_ii | Concelier WebService Guild · Platform Guild | src/Concelier/StellaOps.Concelier.WebService | Add `/advisories/observations` with filters for alias/purl/source plus strict tenant scopes; responses must only echo upstream values + provenance fields. Depends on CONCELIER-LNM-21-103. | Wait for storage sprint (CCLN0101) | CCLN0102 |
| CONCELIER-LNM-21-202 | TODO | | SPRINT_113_concelier_ii | Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | Implement `/advisories/linksets`/`export`/`evidence` endpoints surfacing correlation + conflict payloads and `ERR_AGG_*` error mapping, never exposing synthesis/merge results. Depends on CONCELIER-LNM-21-201. | — | ATLN0101 |
| CONCELIER-LNM-21-203 | TODO | | SPRINT_113_concelier_ii | Concelier WebService Guild, Platform Events Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | Publish idempotent NATS/Redis events for new observations/linksets with schemas documented for downstream consumers; include tenant + provenance references only. Depends on CONCELIER-LNM-21-202. | — | ATLN0101 |
| CONCELIER-OAS-61-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core + API Contracts Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Update the OpenAPI spec so every observation/linkset/timeline endpoint documents provenance fields, tenant scopes, and AOC guarantees (no consensus fields), giving downstream SDKs unambiguous contracts. | Wait for CCPR0101 policy updates | CCOA0101 |
| CONCELIER-OAS-61-002 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Provide realistic examples (conflict linksets, multi-source severity, timeline snippets) showing how raw advisories are surfaced without merges; wire them into docs/SDKs. Depends on CONCELIER-OAS-61-001. | Depends on #1 | CCOA0101 |
| CONCELIER-OAS-62-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core + SDK Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Add SDK scenarios covering advisory search, pagination, and conflict handling to ensure each language client preserves provenance fields and does not infer verdicts. Depends on CONCELIER-OAS-61-002. | Needs SDK requirements from CLSB0101 | CCOA0101 |
| CONCELIER-OBS-51-001 | DOING | 2025-11-23 | SPRINT_114_concelier_iii | Concelier Core Guild · DevOps Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Emit ingestion latency, queue depth, and AOC violation metrics with burn-rate alerts so we can prove the evidence pipeline remains healthy without resorting to heuristics. | Telemetry schema 046_TLTY0101 published (2025-11-23) | CNOB0101 |
| CONCELIER-OBS-52-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Produce timeline records for ingest/normalization/linkset updates containing trace IDs, conflict summaries, and evidence hashes—pure facts for downstream replay. Depends on CONCELIER-OBS-51-001. | Needs #1 merged to reuse structured logging helpers | CNOB0101 |
| CONCELIER-OBS-53-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild · Evidence Locker Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Generate evidence locker bundles (raw doc, normalization diff, linkset) with Merkle manifests so audits can replay advisory history without touching live Mongo. Depends on CONCELIER-OBS-52-001. | Requires Evidence Locker contract from 002_ATEL0101 | CNOB0101 |
| CONCELIER-OBS-54-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild · Provenance Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Attach DSSE attestations to advisory batches, expose verification APIs, and link attestation IDs into timeline + ledger for transparency. Depends on CONCELIER-OBS-53-001. | Blocked by Link-Not-Merge schema finalization (005_ATLN0101) | CNOB0101 |
| CONCELIER-OBS-55-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild · DevOps Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Implement incident-mode levers (extra sampling, retention overrides, redaction guards) that collect more raw evidence without mutating advisory content. Depends on CONCELIER-OBS-54-001. | Depends on #4 for consistent dimensions | CNOB0101 |
| CONCELIER-OPS-0001 | DONE | 2025-11-25 | SPRINT_0317_0001_0001_docs_modules_concelier | Ops Guild | docs/modules/concelier | Review runbooks/observability assets after the next sprint demo and capture findings inline with sprint notes. | Depends on #2 | CCDO0101 |
| CONCELIER-ORCH-32-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Register every advisory connector with the orchestrator (metadata, auth scopes, rate policies) so ingest scheduling is transparent and reproducible. | Wait for CCAN0101 outputs | CCCO0101 |
| CONCELIER-ORCH-32-002 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Adopt the orchestrator worker SDK in ingestion loops, emitting heartbeats/progress/artifact hashes to guarantee deterministic replays. Depends on CONCELIER-ORCH-32-001. | Depends on #1 | CCCO0101 |
| CONCELIER-ORCH-33-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Honor orchestrator pause/throttle/retry controls with structured error outputs and persisted checkpoints so operators can intervene without losing evidence. Depends on CONCELIER-ORCH-32-002. | Needs ORTR0102 cues | CCCO0101 |
| CONCELIER-ORCH-34-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Execute orchestrator-driven backfills that reuse artifact hashes/signatures, log provenance, and push run metadata to the ledger for audits. Depends on CONCELIER-ORCH-33-001. | Depends on #3 | CCCO0101 |
| CONCELIER-POLICY-20-001 | TODO | | SPRINT_114_concelier_iii | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Provide batch advisory lookup APIs for Policy Engine (purl/advisory filters, tenant scopes, explain metadata) so policy can join raw evidence without Concelier suggesting outcomes. | Wait for storage sprint | CCPR0101 |
| CONCELIER-POLICY-20-002 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild · Policy Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Expand linkset builders with vendor-specific equivalence tables, NEVRA/PURL normalization, and version-range parsing so policy joins become more accurate without Concelier prioritizing sources. Depends on CONCELIER-POLICY-20-001. | Depends on #1 | CCPR0101 |
| CONCELIER-POLICY-20-003 | TODO | | SPRINT_115_concelier_iv | Concelier Storage Guild | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | Introduce advisory selection cursors + change-stream checkpoints that let Policy Engine process deltas deterministically; include offline migration scripts. Depends on CONCELIER-POLICY-20-002. | Depends on #2 | CCPR0101 |
| CONCELIER-POLICY-23-001 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Add secondary indexes/materialized views (alias, provider severity, correlation confidence) so policy lookups stay fast without caching derived verdicts; document the supported query patterns. Depends on CONCELIER-POLICY-20-003. | Needs RISK series seeds | CCPR0101 |
| CONCELIER-POLICY-23-002 | TODO | | SPRINT_115_concelier_iv | Concelier WebService Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Ensure `advisory.linkset.updated` events ship with idempotent IDs, confidence summaries, and tenant metadata so policy consumers can replay evidence feeds safely. Depends on CONCELIER-POLICY-23-001. | Depends on #4 | CCPR0101 |
| CONCELIER-RISK-66-001 | BLOCKED | 2025-11-23 | SPRINT_115_concelier_iv | Concelier Core · Risk Engine Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Surface vendor-provided CVSS/KEV/fix data exactly as published (with provenance anchors) through provider APIs so risk engines can reason about upstream intent. | POLICY-20-001 outputs; AUTH-TEN-47-001; shared signals library adoption | CCPR0101 |
| CONCELIER-RISK-66-002 | BLOCKED | 2025-11-23 | SPRINT_115_concelier_iv | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Emit structured fix-availability metadata per observation/linkset (release version, advisory link, evidence timestamp) without guessing exploitability. Depends on CONCELIER-RISK-66-001. | CONCELIER-RISK-66-001 | CCPR0101 |
| CONCELIER-RISK-67-001 | BLOCKED | 2025-11-23 | SPRINT_115_concelier_iv | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Publish per-source coverage/conflict metrics (counts, disagreements) so explainers can cite which upstream statements exist; no weighting is applied inside Concelier. Depends on CONCELIER-RISK-66-001. | CONCELIER-RISK-66-001 | CCPR0101 |
| CONCELIER-RISK-68-001 | BLOCKED | 2025-11-23 | SPRINT_115_concelier_iv | Concelier Core + Policy Studio Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Wire advisory signal pickers into Policy Studio so curators can select which raw advisory fields feed policy gating; validation must confirm fields are provenance-backed. Depends on POLICY-RISK-68-001. | POLICY-RISK-68-001; CONCELIER-RISK-66-001 | CCPR0101 |
| CONCELIER-RISK-69-001 | BLOCKED | 2025-11-23 | SPRINT_115_concelier_iv | Concelier Core + Notifications Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Emit notifications when upstream advisory fields change (e.g., fix available) with observation IDs + provenance so Notifications service can alert without inferring severity. Depends on CONCELIER-RISK-66-002. | CONCELIER-RISK-66-002; Notifications contract | CCPR0101 |
| CONCELIER-SIG-26-001 | BLOCKED | 2025-11-23 | SPRINT_115_concelier_iv | Concelier Core + Signals Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Expose upstream-provided affected symbol/function lists via APIs to help reachability scoring; maintain provenance and do not infer exploitability. Depends on SIGNALS-24-002. | SIGNALS-24-002 | CCCO0101 |
| CONCELIER-STORE-AOC-19-005 | TODO | 2025-11-04 | SPRINT_115_concelier_iv | Concelier Storage Guild · DevOps Guild | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | Execute the raw-linkset backfill/rollback plan (`docs/dev/raw-linkset-backfill-plan.md`) so Mongo + Offline Kit bundles reflect Link-Not-Merge data; rehearse rollback. Depends on CONCELIER-CORE-AOC-19-004. | Wait for CCLN0101 approval | CCSM0101 |
| CONCELIER-TEN-48-001 | BLOCKED | 2025-11-23 | SPRINT_115_concelier_iv | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Enforce tenant scoping throughout normalization/linking, expose capability endpoint advertising `merge=false`, and ensure events include tenant IDs. Depends on AUTH-TEN-47-001. | AUTH-TEN-47-001; POLICY chain | CCCO0101 |
| CONCELIER-VEXLENS-30-001 | BLOCKED | 2025-11-23 | SPRINT_115_concelier_iv | Concelier WebService Guild · VEX Lens Guild | src/Concelier/StellaOps.Concelier.WebService | Guarantee advisory key consistency and cross-links consumed by VEX Lens so consensus explanations can cite Concelier evidence without requesting merges. Depends on CONCELIER-VULN-29-001, VEXLENS-30-005. | VEXLENS-30-005 | PLVL0103 |
| CONCELIER-VULN-29-004 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild · Observability Guild | src/Concelier/StellaOps.Concelier.WebService | Instrument observation/linkset pipelines with metrics for identifier collisions, withdrawn statements, and chunk latencies; stream them to Vuln Explorer without altering evidence payloads. Depends on CONCELIER-VULN-29-001. | Requires CCPR0101 risk feed | CCWO0101 |
| CONCELIER-WEB-AIRGAP-56-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild · AirGap Policy Guild | src/Concelier/StellaOps.Concelier.WebService | Extend ingestion endpoints to register mirror bundle sources, expose bundle catalogs, and enforce sealed-mode by blocking direct internet feeds. | Wait for AGCN0101 proof | CCAW0101 |
| CONCELIER-WEB-AIRGAP-56-002 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild · AirGap Importer Guild | src/Concelier/StellaOps.Concelier.WebService | Add staleness + bundle provenance metadata to `/advisories/observations` and `/advisories/linksets` so operators can see freshness without Excitior deriving outcomes. Depends on CONCELIER-WEB-AIRGAP-56-001. | Depends on #1 | CCAW0101 |
| CONCELIER-WEB-AIRGAP-57-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Map sealed-mode violations to consistent `AIRGAP_EGRESS_BLOCKED` payloads that explain how to remediate, leaving advisory content untouched. Depends on CONCELIER-WEB-AIRGAP-56-002. | Needs CCAN0101 time beacons | CCAW0101 |
| CONCELIER-WEB-AIRGAP-58-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild · Evidence Locker Guild | src/Concelier/StellaOps.Concelier.WebService | Emit timeline events for bundle imports (bundle ID, scope, actor) so audit trails capture every evidence change. Depends on CONCELIER-WEB-AIRGAP-57-001. | Depends on #3 | CCAW0101 |
| CONCELIER-WEB-AOC-19-003 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Add unit tests for schema validators, forbidden-field guards (`ERR_AOC_001/2/6/7`), and supersedes chains to keep ingestion append-only. Depends on CONCELIER-WEB-AOC-19-002. | Wait for CCSM0101 migration | CCAO0101 |
| CONCELIER-WEB-AOC-19-004 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Create integration tests that ingest large advisory batches (cold/warm), verify reproducible linksets, and record metrics/fixtures for Offline Kit rehearsals. Depends on CONCELIER-WEB-AOC-19-003. | Depends on #1 | CCAO0101 |
| CONCELIER-WEB-AOC-19-005 | TODO | 2025-11-08 | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Fix `/advisories/{key}/chunks` test data so pre-seeded raw docs resolve correctly; ensure Mongo migrations stop logging “Unable to locate advisory_raw documents” during tests. Depends on CONCELIER-WEB-AOC-19-002. | Needs CCPR0101 verdict feed | CCAO0101 |
| CONCELIER-WEB-AOC-19-006 | TODO | 2025-11-08 | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Align default auth/tenant configs with the test fixtures so allowlisted tenants can ingest before forbidden tenants are rejected, closing the gap in `AdvisoryIngestEndpoint_RejectsTenantOutsideAllowlist`. Depends on CONCELIER-WEB-AOC-19-002. | Depends on #3 | CCAO0101 |
| CONCELIER-WEB-AOC-19-007 | TODO | 2025-11-08 | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Update AOC verify logic so guard failures emit `ERR_AOC_001` (not `_004`) and keep mapper/guard parity covered by regression tests. Depends on CONCELIER-WEB-AOC-19-002. | Depends on #4 | CCAO0101 |
| CONCELIER-WEB-OAS-61-002 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Ensure every API returns the standardized error envelope and update controllers/tests accordingly (prereq for SDK/doc alignment). | Wait for CCOA0101 spec | CCWO0101 |
| CONCELIER-WEB-OAS-62-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Publish curated examples for observations/linksets/conflicts and wire them into the developer portal. Depends on CONCELIER-WEB-OAS-61-002. | Depends on #1 | CCWO0101 |
| CONCELIER-WEB-OAS-63-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild · API Governance Guild | src/Concelier/StellaOps.Concelier.WebService | Emit deprecation headers + notifications for retiring endpoints, steering clients toward Link-Not-Merge APIs. Depends on CONCELIER-WEB-OAS-62-001. | Needs governance approval | CCWO0101 |
| CONCELIER-WEB-OBS-51-001 | DONE | 2025-11-23 | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Add `/obs/concelier/health` surfaces for ingest health, queue depth, and SLO status so Console widgets can display real-time evidence pipeline stats. | Telemetry schema 046_TLTY0101 published (2025-11-23) | CNOB0102 |
| CONCELIER-WEB-OBS-52-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Provide SSE stream `/obs/concelier/timeline` with paging tokens, guardrails, and audit logging so operators can monitor evidence changes live. Depends on CONCELIER-WEB-OBS-51-001. | Requires #1 merged so we reuse correlation IDs | CNOB0102 |
| CONCELIER-WEB-OBS-53-001 | TODO | | SPRINT_117_concelier_vi | Concelier WebService Guild · Evidence Locker Guild | src/Concelier/StellaOps.Concelier.WebService | Add `/evidence/advisories/*` routes that proxy evidence locker snapshots, verify `evidence:read` scopes, and return signed manifest metadata—no shortcut paths into raw storage. Depends on CONCELIER-WEB-OBS-52-001. | Blocked on Evidence Locker DSSE feed (002_ATEL0101) | CNOB0102 |
| CONCELIER-WEB-OBS-54-001 | TODO | | SPRINT_117_concelier_vi | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Provide `/attestations/advisories/*` endpoints surfacing DSSE status, verification summary, and provenance chain so CLI/Console can audit trust without hitting databases. Depends on CONCELIER-WEB-OBS-53-001. | Depends on Link-Not-Merge schema (005_ATLN0101) | CNOB0102 |
| CONCELIER-WEB-OBS-55-001 | TODO | | SPRINT_117_concelier_vi | Concelier WebService Guild · DevOps Guild | src/Concelier/StellaOps.Concelier.WebService | Implement incident-mode APIs that coordinate ingest, locker, and orchestrator, capturing activation events + cooldown semantics but leaving evidence untouched. Depends on CONCELIER-WEB-OBS-54-001. | Needs #4 to finalize labels | CNOB0102 |
| CONN-SUSE-01-003 | Team Excititor Connectors SUSE | | SPRINT_0120_0001_0002_excititor_ii | Connector Guild (SUSE) | src/Excititor/__Libraries/StellaOps.Excititor.Connectors.SUSE.RancherVEXHub | EXCITITOR-CONN-SUSE-01-002; EXCITITOR-POLICY-01-001 | EXCITITOR-CONN-SUSE-01-002; EXCITITOR-POLICY-01-001 | EXCN0102 |
| CONN-TRUST-01-001 | DONE (2025-11-22) | 2025-11-22 | SPRINT_110_ingestion_evidence | Excititor + AirGap Guilds | | Connnector trust + air-gap ingest delivered against frozen schema. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | EXCN0102 |
| CONN-UBUNTU-01-003 | Team Excititor Connectors Ubuntu | | SPRINT_0120_0001_0002_excititor_ii | Connector Guild (Ubuntu) | src/Excititor/__Libraries/StellaOps.Excititor.Connectors.Ubuntu.CSAF | EXCITITOR-CONN-UBUNTU-01-002; EXCITITOR-POLICY-01-001 | EXCITITOR-CONN-UBUNTU-01-002; EXCITITOR-POLICY-01-001 | EXCN0102 |
| CONSENSUS-LENS-DOCS-0001 | TODO | | SPRINT_332_docs_modules_vex_lens | Docs Guild | docs/modules/vex-lens | Wait for CCSL0101 panel demo | Wait for CCSL0101 panel demo | CCDL0101 |
| CONSENSUS-LENS-DOCS-0002 | TODO | 2025-11-05 | SPRINT_332_docs_modules_vex_lens | Docs Guild | docs/modules/vex-lens | Depends on #1 | Depends on #1 | CCDL0101 |
| CONSENSUS-LENS-ENG-0001 | TODO | | SPRINT_332_docs_modules_vex_lens | Module Team | docs/modules/vex-lens | Needs CCWO0101 schema | Needs CCWO0101 schema | CCDL0101 |
| CONSENSUS-LENS-OPS-0001 | TODO | | SPRINT_332_docs_modules_vex-lens | Ops Guild | docs/modules/vex-lens | Depends on #3 | Depends on #3 | CCDL0101 |
| CONSOLE-23-001 | TODO | | SPRINT_112_concelier_i | Console Guild | src/Console/StellaOps.Console | Wait for CCWO0101 schema | Wait for CCWO0101 schema | CCSL0101 |
| CONSOLE-23-001..003 | DONE (2025-11-25) | 2025-11-25 | SPRINT_110_ingestion_evidence | Console Guild | src/Console/StellaOps.Console | Console overlays wired to LNM schema; fixtures published. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002 | CCSL0101 |
| CONSOLE-23-002 | TODO | | SPRINT_112_concelier_i | Console Guild | src/Console/StellaOps.Console | Needs LNM graph (CCGH0101) | Needs LNM graph (CCGH0101) | CCSL0101 |
| CONSOLE-23-003 | TODO | | SPRINT_112_concelier_i | Console Guild | src/Console/StellaOps.Console | Depends on #3 | Depends on #3 | CCSL0101 |
| CONSOLE-23-004 | TODO | | SPRINT_0212_0001_0001_web_i | Console Guild | src/Web/StellaOps.Web | Requires CCPR0101 verdicts | Requires CCPR0101 verdicts | CCSL0101 |
| CONSOLE-23-005 | TODO | | SPRINT_0212_0001_0001_web_i | Console Guild | src/Web/StellaOps.Web | Depends on #5 | Depends on #5 | CCSL0101 |
| CONSOLE-OBS-52-001 | TODO | | SPRINT_303_docs_tasks_md_iii | Console Ops Guild | docs/modules/ui | Needs TLTY0101 metrics | Needs TLTY0101 metrics | CCSL0101 |
| CONSOLE-OBS-52-002 | TODO | | SPRINT_303_docs_tasks_md_iii | Console Ops Guild | docs/modules/ui | Depends on #7 | Depends on #7 | CCSL0101 |
| CONSOLE-VEX-30-001 | BLOCKED (2025-12-04) | 2025-12-04 | SPRINT_0212_0001_0001_web_i | Console Guild · VEX Lens Guild | src/Web/StellaOps.Web | Provide `/console/vex/*` APIs streaming VEX statements, justification summaries, and advisory links with SSE refresh hooks. Dependencies: WEB-CONSOLE-23-001 (done 2025-11-28), EXCITITOR-CONSOLE-23-001 (done 2025-11-23); awaiting VEX Lens spec PLVL0103 and SSE envelope validation from Scheduler/Signals alignment. | Needs VEX Lens spec (PLVL0103) | CCSL0101 |
| CONSOLE-VULN-29-001 | BLOCKED (2025-12-04) | 2025-12-04 | SPRINT_0212_0001_0001_web_i | Console Guild | src/Web/StellaOps.Web | Build `/console/vuln/*` APIs and filters surfacing tenant-scoped findings with policy/VEX badges so Docs/UI teams can document workflows. Dependencies: WEB-CONSOLE-23-001 (done 2025-11-28); waiting on Concelier graph schema snapshot from 2025-12-03 freeze review. | Depends on CCWO0101 | CCSL0101 |
| CONTAINERS-44-001 | DONE | 2025-11-18 | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild | src/Web/StellaOps.Web | Wait for DVCP0101 compose template | Wait for DVCP0101 compose template | COWB0101 |
| CONTAINERS-45-001 | DONE | 2025-11-19 | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild | src/Web/StellaOps.Web | Depends on #1 | Depends on #1 | COWB0101 |
| CONTAINERS-46-001 | DONE | 2025-11-19 | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild | src/Web/StellaOps.Web | Needs RBRE0101 hashes | Needs RBRE0101 hashes | COWB0101 |
| CONTRIB-62-001 | TODO | | SPRINT_303_docs_tasks_md_iii | Docs Guild · API Governance Guild | docs/api | Wait for CCWO0101 spec finalization | Wait for CCWO0101 spec finalization | APID0101 |
| CORE-185-001 | TODO | | SPRINT_0185_0001_0001_shared_replay_primitives | Platform Guild | `src/__Libraries/StellaOps.Replay.Core` | Wait for SGSI0101 feed | Wait for SGSI0101 feed | RLRC0101 |
| CORE-185-002 | TODO | | SPRINT_0185_0001_0001_shared_replay_primitives | Platform Guild | src/__Libraries/StellaOps.Replay.Core | Depends on #1 | Depends on #1 | RLRC0101 |
| CORE-185-003 | TODO | | SPRINT_0185_0001_0001_shared_replay_primitives | Platform Data Guild | src/__Libraries/StellaOps.Replay.Core | Depends on #2 | Depends on #2 | RLRC0101 |
| CORE-186-004 | TODO | | SPRINT_0186_0001_0001_record_deterministic_execution | Signing Guild | `src/Signer/StellaOps.Signer`, `src/__Libraries/StellaOps.Cryptography` | Wait for RLRC0101 schema | Wait for RLRC0101 schema | SIGR0101 |
| CORE-186-005 | TODO | | SPRINT_0186_0001_0001_record_deterministic_execution | Signing Guild | `src/Signer/StellaOps.Signer.Core` | Depends on #1 | Depends on #1 | SIGR0101 |
| CORE-41-001 | TODO | | SPRINT_0202_0001_0002_cli_ii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Wait for CASC0101 manifest | Wait for CASC0101 manifest | CLCI0110 |
| CORE-AOC-19-002 | TODO | | SPRINT_0120_0001_0002_excititor_ii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Wait for ATLN schema freeze | Wait for ATLN schema freeze | EXAC0101 |
| CORE-AOC-19-003 | TODO | | SPRINT_0120_0001_0002_excititor_ii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Depends on #1 | Depends on #1 | EXAC0101 |
| CORE-AOC-19-004 | TODO | | SPRINT_0120_0001_0002_excititor_ii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Depends on #2 | Depends on #2 | EXAC0101 |
| CORE-AOC-19-013 | TODO | | SPRINT_112_concelier_i | Concelier Core Guild + Excititor | src/Concelier/__Libraries/StellaOps.Concelier.Core | Needs CCAN0101 DSSE output | Needs CCAN0101 DSSE output | EXAC0101 |
| CRT-56-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator Guild | | Wait for PGMI0101 owner | Wait for PGMI0101 owner | MRCR0101 |
| CRT-56-002 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator · Security Guilds | | Depends on #1 | MIRROR-CRT-56-001; PROV-OBS-53-001 | MRCR0101 |
| CRT-57-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator · AirGap Time Guild | | Needs AIRGAP-TIME-57-001 | MIRROR-CRT-56-001; AIRGAP-TIME-57-001 | MRCR0101 |
| CRT-57-002 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator Guild | | Depends on #3 | MIRROR-CRT-56-001; AIRGAP-TIME-57-001 | MRCR0101 |
| CRT-58-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator + Evidence Locker | | Requires Evidence Locker contract | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | MRCR0101 |
| CRT-58-002 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator + Security Guild | | Depends on #5 | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | MRCR0101 |
| CRYPTO-90-001 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | | | CRSA0101 |
| CRYPTO-90-002 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | | | CRSA0101 |
| CRYPTO-90-003 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | | | CRSA0101 |
| CRYPTO-90-004 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | | | CRSA0101 |
| CRYPTO-90-005 | DONE | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | | | CRSA0101 |
| CRYPTO-90-006 | DONE | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | | | CRSA0101 |
| CRYPTO-90-007 | DONE | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | | | CRSA0101 |
| CRYPTO-90-008 | DONE | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | | | CRSA0101 |
| CRYPTO-90-009 | DONE | 2025-11-09 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro) | src/__Libraries.StellaOps.Cryptography.Plugin.CryptoPro | | | CRSA0101 |
| CRYPTO-90-010 | DONE | 2025-11-09 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography + .DependencyInjection) | src/__Libraries.StellaOps.Cryptography + .DependencyInjection | | | CRSA0101 |
| CRYPTO-90-011 | DONE | 2025-11-09 | SPRINT_514_sovereign_crypto_enablement | Security & Ops Guilds (src/Tools/StellaOps.CryptoRu.Cli) | src/Tools/StellaOps.CryptoRu.Cli | | | CRSA0101 |
| CRYPTO-90-012 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/__Tests/StellaOps.Cryptography.Tests) | src/__Libraries/__Tests.StellaOps.Cryptography.Tests | | | CRSA0101 |
| CRYPTO-90-013 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries.StellaOps.Cryptography | | | CRSA0101 |
| CRYPTO-90-014 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security + Service Guilds | | Wait for AUIN0101 sign-off | Wait for AUIN0101 sign-off | CRYO0101 |
| CRYPTO-90-015 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security + Docs Guild | docs/security/rootpack_ru_*.md | Depends on #1 | Depends on #1 | CRYO0101 |
| CRYPTO-90-016 | DONE | 2025-11-09 | SPRINT_514_sovereign_crypto_enablement | Security Guild | src/__Libraries/StellaOps.Cryptography.DependencyInjection + .Plugin.CryptoPro | Reference (artifact) | Reference (artifact) | CRYO0101 |
| CRYPTO-90-017 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security Guild | third_party/forks + src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro | Needs fork sync | Needs fork sync | CRYO0101 |
| CRYPTO-90-018 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security + Docs Guild | docs/security/rootpack_ru_*.md, docs/dev/crypto.md | Depends on #4 | Depends on #4 | CRYO0101 |
| CRYPTO-90-019 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security Guild | third_party/forks/AlexMAS.GostCryptography | Needs fork validation | Needs fork validation | CRYO0101 |
| CRYPTO-90-020 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security Guild | src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro | Depends on #6 | Depends on #6 | CRYO0101 |
| CRYPTO-90-021 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security + QA Guilds | scripts/crypto/**, docs/security/rootpack_ru_validation.md | Depends on #7 | Depends on #7 | CRYO0101 |
| CTL-56-001 | TODO | | SPRINT_510_airgap | AirGap Controller Guild | src/AirGap/StellaOps.AirGap.Controller | Wait for AGTM0101 schema | Wait for AGTM0101 schema | AGCT0102 |
| CTL-56-002 | TODO | | SPRINT_510_airgap | Controller + DevOps Guilds | src/AirGap/StellaOps.AirGap.Controller | Depends on #1 | Depends on #1 | AGCT0102 |
| CTL-57-001 | TODO | | SPRINT_510_airgap | Controller + Time Guild | src/AirGap/StellaOps.AirGap.Controller | Needs AGTM time anchors | Needs AGTM time anchors | AGCT0102 |
| CTL-57-002 | TODO | | SPRINT_510_airgap | Controller + Observability Guild | src/AirGap/StellaOps.AirGap.Controller | Depends on #3 | Depends on #3 | AGCT0102 |
| CTL-58-001 | TODO | | SPRINT_510_airgap | Controller + Evidence Locker Guild | src/AirGap/StellaOps.AirGap.Controller | Depends on #4 | Depends on #4 | AGCT0102 |
| DEPLOY-AIAI-31-001 | TODO | | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Advisory AI Guild | ops/deployment | Provide Helm/Compose manifests, GPU toggle, scaling/runbook, and offline kit instructions for Advisory AI service + inference container. | Wait for DVCP0101 compose template | DVPL0101 |
| DEPLOY-AIRGAP-46-001 | TODO | | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Offline Kit Guild | ops/deployment | Provide instructions and scripts (`load.sh`) for importing air-gap bundle into private registry; update Offline Kit guide. | Requires #1 artifacts | AGDP0101 |
| DEPLOY-CLI-41-001 | TODO | | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · CLI Guild | ops/deployment | Package CLI release artifacts (tarballs per OS/arch, checksums, signatures, completions, container image) and publish distribution docs. | Wait for CLI observability schema (035_CLCI0105) | AGDP0101 |
| DEPLOY-COMPOSE-44-001 | DOING (dev-mock 2025-12-06) | 2025-12-06 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild | ops/deployment | Finalize Quickstart scripts (`quickstart.sh`, `backup.sh`, `reset.sh`), seed data container, and publish README with imposed rule reminder. | Depends on #1 | DVPL0101 |
| DEPLOY-EXPORT-35-001 | DONE | 2025-10-29 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Export Center Guild | ops/deployment | Helm overlay + docs + example secrets added (`deploy/helm/stellaops/values-export.yaml`, `ops/deployment/export/helm-overlays.md`, `ops/deployment/export/secrets-example.yaml`). | Need exporter DSSE API (002_ATEL0101) | AGDP0101 |
| DEPLOY-EXPORT-36-001 | TODO | | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Export Center Guild | ops/deployment | Document OCI/object storage distribution workflows, registry credential automation, and monitoring hooks for exports. Dependencies: DEPLOY-EXPORT-35-001. | Depends on #4 deliverables | AGDP0101 |
| DEPLOY-HELM-45-001 | TODO | | SPRINT_0501_0001_0001_ops_deployment_i | Deployment + Security Guilds | ops/deployment | Publish Helm install guide and sample values for prod/airgap; integrate with docs site build. | Needs helm chart schema | DVPL0101 |
| DEPLOY-NOTIFY-38-001 | DONE | 2025-10-29 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment + Notify Guilds | ops/deployment | Notifier Helm overlay + secrets/rollout doc + example secrets added (`deploy/helm/stellaops/values-notify.yaml`, `ops/deployment/notify/helm-overlays.md`, `ops/deployment/notify/secrets-example.yaml`). | Depends on #3 | DVPL0101 |
| DEPLOY-ORCH-34-001 | DOING (dev-mock 2025-12-06) | 2025-12-05 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Orchestrator Guild | ops/deployment | Provide orchestrator Helm/Compose manifests, scaling defaults, secret templates, offline kit instructions, and GA rollout/rollback playbook. | Requires ORTR0101 readiness | AGDP0101 |
| DEPLOY-PACKS-42-001 | DOING (dev-mock 2025-12-06) | 2025-12-06 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Packs Registry Guild | ops/deployment | Provide deployment manifests for packs-registry and task-runner services, including Helm/Compose overlays, scaling defaults, and secret templates. | Wait for pack registry schema | AGDP0101 |
| DEPLOY-PACKS-43-001 | DOING (dev-mock 2025-12-06) | 2025-12-06 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Task Runner Guild | ops/deployment | Ship remote Task Runner worker profiles, object storage bootstrap, approval workflow integration, and Offline Kit packaging instructions. Dependencies: DEPLOY-PACKS-42-001. | Needs #7 artifacts | AGDP0101 |
| DEPLOY-POLICY-27-001 | DOING (dev-mock 2025-12-06) | 2025-12-05 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Policy Registry Guild | ops/deployment | Produce Helm/Compose overlays for Policy Registry + simulation workers (migrations, buckets, signing keys, tenancy defaults). | WEPO0101 | DVPL0105 |
| DEPLOY-POLICY-27-002 | DOING (draft 2025-12-06) | 2025-12-06 | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment Guild · Policy Guild | ops/deployment | Drafted `docs/runbooks/policy-incident.md` (publish/promote, freeze, evidence); awaiting policy overlay schema/digests from DEPLOY-POLICY-27-001. | DEPLOY-POLICY-27-001 | DVPL0105 |
| DEPLOY-VEX-30-001 | DOING (dev-mock 2025-12-06) | 2025-12-06 | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment + VEX Lens Guild | ops/deployment | Mock-ready runbook added (`docs/runbooks/vex-ops.md`); awaiting schema/digests for final Helm/Compose overlays. | Wait for CCWO0101 schema | DVPL0101 |
| DEPLOY-VEX-30-002 | DOING (dev-mock 2025-12-06) | 2025-12-06 | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment Guild | ops/deployment | Issuer Directory guidance covered in `docs/runbooks/vex-ops.md`; finalize once DEPLOY-VEX-30-001 pins production values. | Depends on #5 | DVPL0101 |
| DEPLOY-VULN-29-001 | DOING (dev-mock 2025-12-06) | 2025-12-06 | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment + Vuln Guild | ops/deployment | Mock-ready runbook added (`docs/runbooks/vuln-ops.md`); production overlays pending schema/digests. | Needs CCWO0101 | DVPL0101 |
| DEPLOY-VULN-29-002 | DOING (dev-mock 2025-12-06) | 2025-12-06 | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment Guild | ops/deployment | Vuln Explorer API steps captured in `docs/runbooks/vuln-ops.md`; finalize with real pins after DEPLOY-VULN-29-001. | Depends on #7 | DVPL0101 |
| DETER-186-008 | TODO | | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild | `src/Scanner/StellaOps.Scanner.WebService`, `src/Scanner/StellaOps.Scanner.Worker` | Wait for RLRC0101 fixture | Wait for RLRC0101 fixture | SCDT0101 |
| DETER-186-009 | TODO | | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild · QA Guild | `src/Scanner/StellaOps.Scanner.Replay`, `src/Scanner/__Tests` | Depends on #1 | Depends on #1 | SCDT0101 |
| DETER-186-010 | TODO | | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild · Export Center Guild | `src/Scanner/StellaOps.Scanner.WebService`, `docs/modules/scanner/operations/release.md` | Depends on #2 | Depends on #2 | SCDT0101 |
| DETER-70-002 | TODO | | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Scanner Guild | | Needs CASC0101 manifest | Needs CASC0101 manifest | SCDT0101 |
| DETER-70-003 | TODO | | SPRINT_0202_0001_0002_cli_ii | DevEx/CLI Guild · Scanner Guild | src/Cli/StellaOps.Cli | Depends on #4 | Depends on #4 | SCDT0101 |
| DETER-70-004 | TODO | | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Depends on #5 | Depends on #5 | SCDT0101 |
| DEVOPS-AIAI-31-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Advisory AI Guild (ops/devops) | ops/devops | Stand up CI pipelines, inference monitoring, privacy logging review, and perf dashboards for Advisory AI (summaries/conflicts/remediation). | — | DVDO0101 |
| DEVOPS-SPANSINK-31-003 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild · Observability Guild (ops/devops) | ops/devops | Deploy span sink/Signals pipeline for Excititor evidence APIs (31-003) and publish dashboards; unblock traces for `/v1/vex/observations/**`. | — | DVDO0101 |
| DEVOPS-AIRGAP-56-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild (ops/devops) | ops/devops | Ship deny-all egress policies for Kubernetes (NetworkPolicy/eBPF) and docker-compose firewall rules; provide verification script for sealed mode. | — | DVDO0101 |
| DEVOPS-AIRGAP-56-002 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, AirGap Importer Guild (ops/devops) | ops/devops | Provide import tooling for bundle staging: checksum validation, offline object-store loader scripts, removable media guidance. Dependencies: DEVOPS-AIRGAP-56-001. | — | DVDO0101 |
| DEVOPS-AIRGAP-56-003 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Container Distribution Guild (ops/devops) | ops/devops | Build Bootstrap Pack pipeline bundling images/charts, generating checksums, and publishing manifest for offline transfer. Dependencies: DEVOPS-AIRGAP-56-002. | — | DVDO0101 |
| DEVOPS-AIRGAP-57-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Mirror Creator Guild (ops/devops) | ops/devops | Automate Mirror Bundle creation jobs with dual-control approvals, artifact signing, and checksum publication. Dependencies: DEVOPS-AIRGAP-56-003. | — | DVDO0101 |
| DEVOPS-AIRGAP-57-002 | DONE | 2025-11-08 | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Authority Guild (ops/devops) | ops/devops | Sealed-mode smoke wired into CI (`.gitea/workflows/airgap-sealed-ci.yml`) running `ops/devops/airgap/sealed-ci-smoke.sh`. | — | DVDO0101 |
| DEVOPS-AIRGAP-58-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Notifications Guild (ops/devops) | ops/devops | Provide local SMTP/syslog container templates and health checks for sealed environments; integrate into Bootstrap Pack. Dependencies: DEVOPS-AIRGAP-57-002. | — | DVDO0101 |
| DEVOPS-AIRGAP-58-002 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Observability Guild (ops/devops) | ops/devops | Ship sealed-mode observability stack (Prometheus/Grafana/Tempo/Loki) pre-configured with offline dashboards and no remote exporters. Dependencies: DEVOPS-AIRGAP-58-001. | — | DVDO0101 |
| DEVOPS-AOC-19-001 | DONE | 2025-10-26 | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Platform Guild (ops/devops) | ops/devops | AOC guard CI added (`.gitea/workflows/aoc-guard.yml`); analyzers built and run against ingestion projects; tests logged as artifacts. | CCAO0101 | DVDO0101 |
| DEVOPS-AOC-19-002 | DONE | 2025-10-26 | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild (ops/devops) | ops/devops | AOC verify stage added to CI (`aoc-verify` job in `.gitea/workflows/aoc-guard.yml`) using `AOC_VERIFY_SINCE` + `STAGING_MONGO_URI`, publishing verify artifacts. | DEVOPS-AOC-19-001 | DVDO0101 |
| DEVOPS-AOC-19-003 | BLOCKED | 2025-10-26 | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, QA Guild (ops/devops) | ops/devops | Enforce unit test coverage thresholds for AOC guard suites and ensure coverage exported to dashboards. Dependencies: DEVOPS-AOC-19-002. | DEVOPS-AOC-19-002 | DVDO0102 |
| DEVOPS-AOC-19-101 | TODO | 2025-10-28 | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild · Concelier Storage Guild | ops/devops | Draft supersedes backfill rollout (freeze window, dry-run steps, rollback) once advisory_raw idempotency index passes staging verification. Dependencies: DEVOPS-AOC-19-003. | Align with CCOA0101 contract | DVDO0104 |
| DEVOPS-ATTEST-73-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Attestor Service Guild (ops/devops) | ops/devops | Provision CI pipelines for attestor service (lint/test/security scan, seed data) and manage secrets for KMS drivers. | — | DVDO0102 |
| DEVOPS-ATTEST-73-002 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, KMS Guild (ops/devops) | ops/devops | Establish secure storage for signing keys (vault integration, rotation schedule) and audit logging. Dependencies: DEVOPS-ATTEST-73-001. | — | DVDO0102 |
| DEVOPS-ATTEST-74-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Transparency Guild (ops/devops) | ops/devops | Deploy transparency log witness infrastructure and monitoring. Dependencies: DEVOPS-ATTEST-73-002. | — | DVDO0102 |
| DEVOPS-ATTEST-74-002 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild, Export Attestation Guild (ops/devops) | ops/devops | Integrate attestation bundle builds into release/offline pipelines with checksum verification. Dependencies: DEVOPS-ATTEST-74-001. | — | DVDO0102 |
| DEVOPS-ATTEST-75-001 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild, Observability Guild (ops/devops) | ops/devops | Add dashboards/alerts for signing latency, verification failures, key rotation events. Dependencies: DEVOPS-ATTEST-74-002. | — | DVDO0102 |
| DEVOPS-CLI-41-001 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild, DevEx/CLI Guild (ops/devops) | ops/devops | Establish CLI build pipeline (multi-platform binaries, SBOM, checksums), parity matrix CI enforcement, and release artifact signing. | — | DVDO0102 |
| DEVOPS-CLI-42-001 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild (ops/devops) | ops/devops | Add CLI golden output tests, parity diff automation, pack run CI harness, and artifact cache for remote mode. Dependencies: DEVOPS-CLI-41-001. | — | DVDO0102 |
| DEVOPS-CLI-43-002 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild, Task Runner Guild (ops/devops) | ops/devops | Implement Task Pack chaos smoke in CI (random failure injection, resume, sealed-mode toggle) and publish evidence bundles for review. Dependencies: DEVOPS-CLI-43-001. | — | DVDO0102 |
| DEVOPS-CLI-43-003 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild, DevEx/CLI Guild (ops/devops) | ops/devops | Integrate CLI golden output/parity diff automation into release gating; export parity report artifact consumed by Console Downloads workspace. Dependencies: DEVOPS-CLI-43-002. | — | DVDO0102 |
| DEVOPS-CONSOLE-23-001 | DONE | 2025-10-26 | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild · Console Guild | ops/devops | Console CI contract + workflow added (`.gitea/workflows/console-ci.yml`); offline-first pnpm cache, lint/type/unit, Storybook a11y, Playwright, Lighthouse budgets, SBOM artifacts uploaded. | Needs CCWO0101 API schema | DVDO0104 |
| DEVOPS-CONSOLE-23-002 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild | ops/devops | Produce `stella-console` container build + Helm chart overlays with deterministic digests, SBOM/provenance artefacts, and offline bundle packaging scripts. Dependencies: DEVOPS-CONSOLE-23-001. | Depends on #2 | DVDO0104 |
| DEVOPS-CONTAINERS-44-001 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild | ops/devops | Automate multi-arch image builds with buildx, SBOM generation, cosign signing, and signature verification in CI. | Wait for COWB0101 base image | DVDO0104 |
| DEVOPS-CONTAINERS-45-001 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild | ops/devops | Add Compose and Helm smoke tests (fresh VM + kind cluster) to CI; publish test artifacts and logs. Dependencies: DEVOPS-CONTAINERS-44-001. | Depends on #4 | DVDO0104 |
| DEVOPS-CONTAINERS-46-001 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild | ops/devops | Build air-gap bundle generator (`src/Tools/make-airgap-bundle.sh`), produce signed bundle, and verify in CI using private registry. Dependencies: DEVOPS-CONTAINERS-45-001. | Depends on #5 | DVDO0104 |
| DEVOPS-DEVPORT-63-001 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild · DevPortal Guild | ops/devops | Automate developer portal build pipeline with caching, link & accessibility checks, performance budgets. | Wait for API schema from CCWO0101 | DVDO0105 |
| DEVOPS-DEVPORT-64-001 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild | ops/devops | Schedule `devportal --offline` nightly builds with checksum validation and artifact retention policies. Dependencies: DEVOPS-DEVPORT-63-001. | Depends on #1 | DVDO0105 |
| DEVOPS-DOCS-0001 | TODO | | SPRINT_0318_0001_0001_docs_modules_devops | DevOps Docs Guild | docs/modules/devops | See ./AGENTS.md | Needs CCSL0101 console docs | DVDO0105 |
| DEVOPS-ENG-0001 | TODO | | SPRINT_0318_0001_0001_docs_modules_devops | DevOps Engineering Guild | docs/modules/devops | Update status via ./AGENTS.md workflow | Depends on #3 | DVDO0105 |
| DEVOPS-EXPORT-35-001 | DONE | 2025-10-29 | SPRINT_0504_0001_0001_ops_devops_ii | DevOps · Export Guild | ops/devops | CI contract drafted and fixtures added (`ops/devops/export/minio-compose.yml`, `seed-minio.sh`); ready to wire pipeline with offline MinIO, build/test, smoke, SBOM, dashboards. | Wait for DVPL0101 export deploy | DVDO0105 |
| DEVOPS-EXPORT-36-001 | DONE | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Export CI workflow added (`.gitea/workflows/export-ci.yml`) running build/test, MinIO fixture, Trivy/OCI smoke, SBOM artifacts. | Depends on #5 | DVDO0105 |
| DEVOPS-EXPORT-37-001 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Finalize exporter monitoring (failure alerts, verify metrics, retention jobs) and chaos/latency tests ahead of GA. Dependencies: DEVOPS-EXPORT-36-001. | Depends on #6 | DVDO0105 |
| DEVOPS-GRAPH-24-001 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps · Graph Guild | ops/devops | Load test graph index/adjacency APIs with 40k-node assets; capture perf dashboards and alert thresholds. | Wait for CCGH0101 endpoint | DVDO0106 |
| DEVOPS-GRAPH-24-002 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Integrate synthetic UI perf runs (Playwright/WebGL metrics) for Graph/Vuln explorers; fail builds on regression. Dependencies: DEVOPS-GRAPH-24-001. | Depends on #1 | DVDO0106 |
| DEVOPS-GRAPH-24-003 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Implement smoke job for simulation endpoints ensuring we stay within SLA (<3s upgrade) and log results. Dependencies: DEVOPS-GRAPH-24-002. | Depends on #2 | DVDO0106 |
| DEVOPS-LNM-22-001 | DONE | 2025-10-27 | SPRINT_0505_0001_0001_ops_devops_iii | DevOps · Concelier Guild | ops/devops | Backfill plan + validation scripts + dispatchable CI (`.gitea/workflows/lnm-backfill.yml`) added; ready to run on staging snapshot. | Needs CCLN0102 API | DVDO0106 |
| DEVOPS-LNM-22-002 | DONE | 2025-10-27 | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | VEX backfill dispatcher added (`.gitea/workflows/lnm-vex-backfill.yml`) with NATS/Redis inputs; plan documented in `ops/devops/lnm/vex-backfill-plan.md`. | Depends on #4 | DVDO0106 |
| DEVOPS-LNM-22-003 | DONE | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Metrics/alert scaffold plus CI check (`ops/devops/lnm/metrics-ci-check.sh`) added; ready for Grafana import. | Depends on #5 | DVDO0106 |
| DEVOPS-OAS-61-001 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Add CI stages for OpenAPI linting, validation, and compatibility diff; enforce gating on PRs. | Wait for CCWO0101 spec | DVDO0106 |
| DEVOPS-OAS-61-002 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Integrate mock server + contract test suite into PR and nightly workflows; publish artifacts. Dependencies: DEVOPS-OAS-61-001. | Depends on #7 | DVDO0106 |
| DEVOPS-OBS-51-001 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild · Observability Guild | ops/devops | Implement SLO evaluator service (burn rate calculators, webhook emitters), Grafana dashboards, and alert routing to Notifier. Provide Terraform/Helm automation. Dependencies: DEVOPS-OBS-50-002. | Wait for 045_DVDO0103 alert catalog | DVOB0101 |
| DEVOPS-OBS-52-001 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild · Timeline Indexer Guild | ops/devops | Configure streaming pipeline (NATS/Redis/Kafka) with retention, partitioning, and backpressure tuning for timeline events; add CI validation of schema + rate caps. Dependencies: DEVOPS-OBS-51-001. | Needs #1 merged for shared correlation IDs | DVOB0101 |
| DEVOPS-OBS-53-001 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild · Evidence Locker Guild | ops/devops | Provision object storage with WORM/retention options (S3 Object Lock / MinIO immutability), legal hold automation, and backup/restore scripts for evidence locker. Dependencies: DEVOPS-OBS-52-001. | Depends on DSSE API from 002_ATEL0101 | DVOB0101 |
| DEVOPS-OBS-54-001 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild · Security Guild | ops/devops | Manage provenance signing infrastructure (KMS keys, rotation schedule, timestamp authority integration) and integrate verification jobs into CI. Dependencies: DEVOPS-OBS-53-001. | Requires security sign-off on cardinality budgets | DVOB0101 |
| DEVOPS-OBS-55-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild · Ops Guild | ops/devops | Implement incident mode automation: feature flag service, auto-activation via SLO burn-rate, retention override management, and post-incident reset job. Dependencies: DEVOPS-OBS-54-001. | Relies on #4 to finalize alert dimensions | DVOB0101 |
| DEVOPS-OFFLINE-17-004 | DONE | 2025-11-23 | SPRINT_0508_0001_0001_ops_offline_kit | DevOps Offline Guild | ops/offline-kit | Mirrored release debug store via `mirror_debug_store.py`; summary at `out/offline-kit/metadata/debug-store.json`. | Wait for DVPL0101 compose | DVDO0107 |
| DEVOPS-OFFLINE-34-006 | TODO | | SPRINT_0508_0001_0001_ops_offline_kit | DevOps Guild | ops/offline-kit | Bundle orchestrator service container, worker SDK samples, Postgres snapshot, and dashboards into Offline Kit with manifest/signature updates. Dependencies: DEVOPS-OFFLINE-17-004. | Depends on #1 | DVDO0107 |
| DEVOPS-OFFLINE-37-001 | TODO | | SPRINT_0508_0001_0001_ops_offline_kit | DevOps Guild | ops/offline-kit | Export Center offline bundles + verification tooling (mirror artefacts, verification CLI, manifest/signature refresh, air-gap import script). Dependencies: DEVOPS-OFFLINE-34-006. | Needs RBRE hashes | DVDO0107 |
| DEVOPS-OFFLINE-37-002 | TODO | | SPRINT_0508_0001_0001_ops_offline_kit | DevOps Guild | ops/offline-kit | Notifier offline packs (sample configs, template/digest packs, dry-run harness) with integrity checks and operator docs. Dependencies: DEVOPS-OFFLINE-37-001. | Depends on #3 | DVDO0107 |
| DEVOPS-OPENSSL-11-001 | TODO | 2025-11-06 | SPRINT_0505_0001_0001_ops_devops_iii | Security + DevOps Guilds | ops/devops | Package the OpenSSL 1.1 shim (`tests/native/openssl-1.1/linux-x64`) into test harness output so Mongo2Go suites discover it automatically. | Wait for CRYO0101 artifacts | DVDO0107 |
| DEVOPS-OPENSSL-11-002 | TODO | 2025-11-06 | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Ensure CI runners and Docker images that execute Mongo2Go tests export `LD_LIBRARY_PATH` (or embed the shim) to unblock unattended pipelines. Dependencies: DEVOPS-OPENSSL-11-001. | Depends on #5 | DVDO0107 |
| DEVOPS-OPS-0001 | TODO | | SPRINT_0318_0001_0001_docs_modules_devops | DevOps Ops Guild | docs/modules/devops | Sync outcomes back to ../.. | Depends on #1-6 | DVDO0107 |
| DEVOPS-ORCH-32-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps · Orchestrator Guild | ops/devops | Provision orchestrator Postgres/message-bus infrastructure, add CI smoke deploy, seed Grafana dashboards (queue depth, inflight jobs), and document bootstrap. | Wait for ORTR0102 API | DVDO0108 |
| DEVOPS-ORCH-33-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild | ops/devops | Publish Grafana dashboards/alerts for rate limiter, backpressure, error clustering, and DLQ depth; integrate with on-call rotations. Dependencies: DEVOPS-ORCH-32-001. | Depends on #1 | DVDO0108 |
| DEVOPS-ORCH-34-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild | ops/devops | Harden production monitoring (synthetic probes, burn-rate alerts, replay smoke), document incident response, and prep GA readiness checklist. Dependencies: DEVOPS-ORCH-33-001. | Depends on #2 | DVDO0108 |
| DEVOPS-POLICY-27-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild · CLI Guild | ops/devops | Add CI stages to run `stella policy lint/simulate`, enforce deterministic logs + caching. | CLPS0102 | DVPL0104 |
| DEVOPS-POLICY-27-002 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild · Policy Registry Guild | ops/devops | Provide optional batch simulation CI job that triggers registry run, polls results, posts markdown summary. | DEVOPS-POLICY-27-001 | DVPL0104 |
| DEVOPS-POLICY-27-003 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild · Security Guild | ops/devops | Manage signing key material for policy publish pipeline; rotate keys, add attestation verification stage. | DEVOPS-POLICY-27-002 | DVPL0104 |
| DEVOPS-POLICY-27-004 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild · Observability Guild | ops/devops | Create dashboards/alerts for policy compile latency, simulation queue depth, promotion outcomes. | DEVOPS-POLICY-27-003 | DVPL0104 |
| DEVOPS-REL-17-004 | DONE | 2025-11-23 | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Release Guild | ops/devops | Release workflow now uploads `out/release/debug` as a dedicated artifact and already fails if symbols are missing; build-id manifest enforced. | Needs DVPL0101 release artifacts | DVDO0108 |
| DEVOPS-RULES-33-001 | TODO | 2025-10-30 | SPRINT_0506_0001_0001_ops_devops_iv | DevOps · Policy Guild | ops/devops | Contracts & Rules anchor:<br>• Gateway proxies only; Policy Engine composes overlays/simulations.<br>• AOC ingestion cannot merge; only lossless canonicalization.<br>• One graph platform: Graph Indexer + Graph API. Cartographer retired. | Wait for CCPR0101 policy logs | DVDO0109 |
| DEVOPS-SCAN-90-004 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps · Scanner Guild | ops/devops | Add a CI job that runs the scanner determinism harness against the release matrix (N runs per image), uploads `determinism.json`, and fails when score < threshold; publish artifact to release notes. Dependencies: SCAN-DETER-186-009/010. | Needs SCDT0101 fixtures | DVDO0109 |
| DEVOPS-SDK-63-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps · SDK Guild | ops/devops | Provision registry credentials, signing keys, and secure storage for SDK publishing pipelines. | Depends on #2 | DVDO0109 |
| DEVOPS-SIG-26-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild · Signals Guild | ops/devops | Provision CI/CD pipelines, Helm/Compose manifests for Signals service, including artifact storage and Redis dependencies. | Wait for SGSI0101 metrics | DVDO0110 |
| DEVOPS-SIG-26-002 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild | ops/devops | Create dashboards/alerts for reachability scoring latency, cache hit rates, sensor staleness. Dependencies: DEVOPS-SIG-26-001. | Depends on #1 | DVDO0110 |
| DEVOPS-SYMS-90-005 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps · Symbols Guild | ops/devops | Deploy Symbols.Server (Helm/Terraform), manage MinIO/Mongo storage, configure tenant RBAC/quotas, and wire ingestion CLI into release pipelines with monitoring and backups. Dependencies: SYMS-SERVER-401-011/013. | Needs RBSY0101 bundle | DVDO0110 |
| DEVOPS-TEN-47-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps · Policy Guild | ops/devops | Add JWKS cache monitoring, signature verification regression tests, and token expiration chaos tests to CI. | Wait for CCPR0101 policy | DVDO0110 |
| DEVOPS-TEN-48-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild | ops/devops | Build integration tests to assert RLS enforcement, tenant-prefixed object storage, and audit event emission; set up lint to prevent raw SQL bypass. Dependencies: DEVOPS-TEN-47-001. | Depends on #4 | DVDO0110 |
| DEVOPS-TEN-49-001 | DONE (2025-12-03) | 2025-12-03 | SPRINT_0507_0001_0001_ops_devops_v | DevOps Guild | ops/devops | Deploy audit pipeline, scope usage metrics, JWKS outage chaos tests, and tenant load/perf benchmarks. Dependencies: DEVOPS-TEN-48-001. | Depends on #5 | DVDO0110 |
| DEVOPS-VEX-30-001 | DONE (2025-12-02) | 2025-12-02 | SPRINT_0507_0001_0001_ops_devops_v | DevOps Guild · VEX Lens Guild | ops/devops | Provision CI, load tests, dashboards, alerts for VEX Lens and Issuer Directory (compute latency, disputed totals, signature verification rates). | — | PLVL0103 |
| DEVOPS-VULN-29-001 | DONE (2025-12-02) | 2025-12-02 | SPRINT_0507_0001_0001_ops_devops_v | DevOps · Vuln Guild | ops/devops | Provision CI jobs for ledger projector (replay, determinism), set up backups, monitor Merkle anchoring, and automate verification. | Needs DVPL0101 deploy | DVDO0110 |
| DEVOPS-VULN-29-002 | DONE (2025-12-02) | 2025-12-02 | SPRINT_0507_0001_0001_ops_devops_v | DevOps Guild | ops/devops | Configure load/perf tests (5M findings/tenant), query budget enforcement, API SLO dashboards, and alerts for `vuln_list_latency` and `projection_lag`. Dependencies: DEVOPS-VULN-29-001. | Depends on #7 | DVDO0110 |
| DEVOPS-VULN-29-003 | DONE (2025-12-02) | 2025-12-02 | SPRINT_0507_0001_0001_ops_devops_v | DevOps Guild | ops/devops | Instrument analytics pipeline for Vuln Explorer (telemetry ingestion, query hashes), ensure compliance with privacy/PII guardrails, and update observability docs. Dependencies: DEVOPS-VULN-29-002. | Depends on #8 | DVDO0110 |
| DEVPORT-62-001 | TODO | | SPRINT_206_devportal | DevPortal Guild | src/DevPortal/StellaOps.DevPortal.Site | Select static site generator, integrate aggregate spec, build navigation + search scaffolding. | 62-001 | DEVL0101 |
| DEVPORT-62-002 | TODO | | SPRINT_206_devportal | DevPortal Guild | src/DevPortal/StellaOps.DevPortal.Site | Implement schema viewer, example rendering, copy-curl snippets, and version selector UI. Dependencies: DEVPORT-62-001. | DEVPORT-62-001 | DEVL0101 |
| DEVPORT-63-001 | TODO | | SPRINT_206_devportal | DevPortal Guild | src/DevPortal/StellaOps.DevPortal.Site | Add Try-It console pointing at sandbox environment with token onboarding and scope info. Dependencies: DEVPORT-62-002. | 63-001 | DEVL0101 |
| DEVPORT-63-002 | TODO | | SPRINT_206_devportal | DevPortal Guild | src/DevPortal/StellaOps.DevPortal.Site | Embed language-specific SDK snippets and quick starts generated from tested examples. Dependencies: DEVPORT-63-001. | DEVPORT-63-001 | DEVL0101 |
| DEVPORT-64-001 | TODO | | SPRINT_206_devportal | DevPortal Guild | src/DevPortal/StellaOps.DevPortal.Site | Provide offline build target bundling HTML, specs, SDK archives; ensure no external assets. Dependencies: DEVPORT-63-002. | 64-001 | DEVL0101 |
| DEVPORT-64-002 | TODO | | SPRINT_206_devportal | Developer Portal Guild (src/DevPortal/StellaOps.DevPortal.Site) | src/DevPortal/StellaOps.DevPortal.Site | Add automated accessibility tests, link checker, and performance budgets. Dependencies: DEVPORT-64-001. | | DEVL0102 |
| DOC-008 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · Reachability Guild | `docs/reachability/function-level-evidence.md`, `docs/09_API_CLI_REFERENCE.md`, `docs/api/policy.md` | Wait for replay evidence from 100_RBBN0101 | Wait for replay evidence from 100_RBBN0101 | DORC0101 |
| DOC-70-001 | DONE | | SPRINT_0170_0001_0001_notifications_telemetry | Docs Guild · Notifications Guild | docs | Gather notification doc references | Validate existing notifications doc and migrate notes | DOCP0101 |
| DOCKER-44-001 | TODO | | SPRINT_0507_0001_0001_ops_devops_v | DevOps Guild · Service Owners | ops/devops | Author multi-stage Dockerfiles for all core services (API, Console, Orchestrator, Task Runner, Conseiller, Excitor, Policy, Notify, Export, AI) with non-root users, read-only file systems, and health scripts. | Wait for DVPL0101 compose merge | DVDO0111 |
| DOCKER-44-002 | TODO | | SPRINT_0507_0001_0001_ops_devops_v | DevOps Guild | ops/devops | Generate SBOMs and cosign attestations for each image and integrate verification into CI. Dependencies: DOCKER-44-001. | Depends on #1 | DVDO0111 |
| DOCKER-44-003 | TODO | | SPRINT_0507_0001_0001_ops_devops_v | DevOps Guild | ops/devops | Implement `/health/liveness`, `/health/readiness`, `/version`, `/metrics`, and ensure capability endpoint returns `merge=false` for Conseiller/Excitor. Dependencies: DOCKER-44-002. | Requires SBOM+scan workflow from 137_SCDT0101 | DVDO0111 |
| DOCS-0001 | DONE | 2025-11-05 | SPRINT_313_docs_modules_attestor | Docs Guild | docs/modules/attestor | Confirm attestor module doc publication | Confirm attestor module doc scope | DOCP0101 |
| DOCS-0002 | TODO | 2025-11-05 | SPRINT_321_docs_modules_graph | Docs Guild (docs/modules/graph) | docs/modules/graph | — | — | DOCL0102 |
| DOCS-0003 | TODO | | SPRINT_327_docs_modules_scanner | Docs Guild, Product Guild (docs/modules/scanner) | docs/modules/scanner | — | — | DOCL0102 |
| DOCS-401-008 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | QA & Docs Guilds (`docs`, `tests/README.md`) | `docs`, `tests/README.md` | — | — | DOCL0102 |
| DOCS-401-022 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · Attestor Guild (`docs/ci/dsse-build-flow.md`, `docs/modules/attestor/architecture.md`) | `docs/ci/dsse-build-flow.md`, `docs/modules/attestor/architecture.md` | — | — | DOCL0102 |
| DOCS-AIAI-31-004 | DONE (2025-12-04) | 2025-12-04 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Console Guild | docs/advisory-ai | Guardrail console guide refreshed with deterministic captures plus consolidated hash manifest (`docs/advisory-ai/console-fixtures.sha256`) and verification steps. | CONSOLE-VULN-29-001; CONSOLE-VEX-30-001; SBOM-AIAI-31-003 | DOAI0102 |
| DOCS-AIAI-31-005 | DONE (2025-11-25) | 2025-11-25 | SPRINT_110_ingestion_evidence | Docs Guild | | CLI/policy/ops docs refreshed with offline hashes and exit codes. | DOCS-AIAI-31-004; CLI-VULN-29-001; CLI-VEX-30-001; POLICY-ENGINE-31-001; DEVOPS-AIAI-31-001 | DOAI0102 |
| DOCS-AIAI-31-006 | TODO | 2025-11-13 | SPRINT_0111_0001_0001_advisoryai | Docs Guild · Advisory AI Guild | docs/modules/advisory-ai | `/docs/policy/assistant-parameters.md` now documents inference modes, guardrail phrases, budgets, and cache/queue knobs (POLICY-ENGINE-31-001 inputs captured via `AdvisoryAiServiceOptions`). | Need latest telemetry outputs from ADAI0101 | DOAI0104 |
| DOCS-AIAI-31-008 | BLOCKED | 2025-11-18 | SPRINT_0111_0001_0001_advisoryai | Docs Guild · SBOM Service Guild (docs) | docs | Publish `/docs/sbom/remediation-heuristics.md` (feasibility scoring, blast radius). | SBOM-AIAI-31-001 projection kit/fixtures | DOAI0104 |
| DOCS-AIAI-31-009 | DONE (2025-11-25) | 2025-11-25 | SPRINT_110_ingestion_evidence | Docs Guild | | Docs updated with guardrail/ops addenda and offline hashes. | DOCS-AIAI-31-004; CLI-VULN-29-001; CLI-VEX-30-001; POLICY-ENGINE-31-001; DEVOPS-AIAI-31-001 | DOAI0102 |
| DOCS-AIRGAP-56-001 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · AirGap Controller Guild | | `/docs/airgap/overview.md` outlining modes, lifecycle, responsibilities, rule banner. | — | DOAI0102 |
| DOCS-AIRGAP-56-002 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · DevOps Guild | | `/docs/airgap/sealing-and-egress.md` (network policies, EgressPolicy facade, verification). | DOCS-AIRGAP-56-001 | DOAI0102 |
| DOCS-AIRGAP-56-003 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Exporter Guild | bundle format, DSSE/TUF/Merkle validation, workflows | `/docs/airgap/mirror-bundles.md` (bundle format, DSSE/TUF/Merkle validation, workflows). | DOCS-AIRGAP-56-002 | DOAI0102 |
| DOCS-AIRGAP-56-004 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Deployment Guild | | `/docs/airgap/bootstrap.md` covering Bootstrap Pack creation + install. | DOCS-AIRGAP-56-003 | DOAI0102 |
| DOCS-AIRGAP-57-001 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · AirGap Time Guild | docs/modules/airgap | `/docs/airgap/staleness-and-time.md` (time anchors, drift, UI indicators). | DOCS-AIRGAP-56-004 | DOAI0102 |
| DOCS-AIRGAP-57-002 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Console Guild | docs/modules/airgap | `/docs/console/airgap.md` (sealed badge, import wizard, staleness dashboards). | DOCS-AIRGAP-57-001 | DOAI0102 |
| DOCS-AIRGAP-57-003 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild · CLI Guild | docs/modules/airgap | Publish `/docs/modules/cli/guides/airgap.md` documenting commands, examples, exit codes. Dependencies: DOCS-AIRGAP-57-002. | AIDG0101 tasks 34 | DOCL0102 |
| DOCS-AIRGAP-57-004 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild · Ops Guild | docs/modules/airgap | Create `/docs/airgap/operations.md` with runbooks for imports, failure recovery, and auditing. Dependencies: DOCS-AIRGAP-57-003. | DOCS-AIRGAP-57-003 | DOCL0102 |
| DOCS-AIRGAP-58-001 | BLOCKED | 2025-11-25 | SPRINT_302_docs_tasks_md_ii | Docs Guild, Product Guild (docs) | | Provide `/docs/airgap/degradation-matrix.md` enumerating feature availability, fallbacks, remediation. Dependencies: DOCS-AIRGAP-57-004. | Blocked: waiting on staleness/time-anchor spec and AirGap controller/importer timelines | DOCL0102 |
| DOCS-AIRGAP-58-002 | BLOCKED | 2025-11-25 | SPRINT_302_docs_tasks_md_ii | Docs Guild, Security Guild (docs) | | Update `/docs/security/trust-and-signing.md` with DSSE/TUF roots, rotation, and signed time tokens. Dependencies: DOCS-AIRGAP-58-001. | Blocked: DOCS-AIRGAP-58-001 awaiting staleness/time-anchor spec | DOCL0102 |
| DOCS-AIRGAP-58-003 | BLOCKED | 2025-11-25 | SPRINT_302_docs_tasks_md_ii | Docs Guild · DevEx Guild | docs/modules/airgap | Publish `/docs/dev/airgap-contracts.md` describing EgressPolicy usage, sealed-mode tests, linting. Dependencies: DOCS-AIRGAP-58-002. | Blocked: DOCS-AIRGAP-58-002 outstanding | DOAG0101 |
| DOCS-AIRGAP-58-004 | BLOCKED | 2025-11-25 | SPRINT_302_docs_tasks_md_ii | Docs Guild · Evidence Locker Guild | docs/modules/airgap | Document `/docs/airgap/portable-evidence.md` for exporting/importing portable evidence bundles across enclaves. Dependencies: DOCS-AIRGAP-58-003. | Blocked: DOCS-AIRGAP-58-003 outstanding; needs Evidence Locker attestation notes (002_ATEL0101) | DOAG0101 |
| DOCS-AIRGAP-DEVPORT-64-001 | DONE (2025-11-23) | 2025-11-23 | SPRINT_302_docs_tasks_md_ii | Docs Guild · DevPortal Offline Guild | docs/modules/export-center/devportal-offline.md | Create `/docs/airgap/devportal-offline.md` describing offline bundle usage and verification. | Requires #3 draft | DEVL0102 |
| DOCS-ATTEST-73-001 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild, Attestor Service Guild (docs) | | Publish `/docs/modules/attestor/overview.md` with imposed rule banner. | — | DOAT0101 |
| DOCS-ATTEST-73-002 | DONE | 2025-11-23 | SPRINT_302_docs_tasks_md_ii | Docs Guild, Attestation Payloads Guild (docs) | | Write `/docs/modules/attestor/payloads.md` with schemas/examples. Dependencies: DOCS-ATTEST-73-001. | — | DOAT0101 |
| DOCS-ATTEST-73-003 | DONE | 2025-11-23 | SPRINT_302_docs_tasks_md_ii | Docs Guild, Policy Guild (docs) | | Publish `/docs/modules/attestor/policies.md` covering verification policies. Dependencies: DOCS-ATTEST-73-002. | — | DOAT0101 |
| DOCS-ATTEST-73-004 | DONE | 2025-11-23 | SPRINT_302_docs_tasks_md_ii | Docs Guild, Attestor Service Guild (docs) | | Add `/docs/modules/attestor/workflows.md` detailing ingest, verify, bulk operations. Dependencies: DOCS-ATTEST-73-003. | — | DOAT0101 |
| DOCS-ATTEST-74-001 | DONE | 2025-11-23 | SPRINT_302_docs_tasks_md_ii | Docs Guild, KMS Guild (docs) | | Publish `/docs/modules/attestor/keys-and-issuers.md`. Dependencies: DOCS-ATTEST-73-004. | — | DOAT0101 |
| DOCS-ATTEST-74-002 | DONE | 2025-11-23 | SPRINT_302_docs_tasks_md_ii | Docs Guild, Transparency Guild (docs) | | Document `/docs/modules/attestor/transparency.md` with witness usage/offline validation. Dependencies: DOCS-ATTEST-74-001. | — | DOAT0101 |
| DOCS-ATTEST-74-003 | DONE | 2025-11-23 | SPRINT_302_docs_tasks_md_ii | Docs Guild, Attestor Console Guild (docs) | | Write `/docs/console/attestor-ui.md` with screenshots/workflows. Dependencies: DOCS-ATTEST-74-002. | — | DOAT0101 |
| DOCS-ATTEST-74-004 | DONE | 2025-11-23 | SPRINT_302_docs_tasks_md_ii | Docs Guild, CLI Attestor Guild (docs) | | Publish `/docs/modules/cli/guides/attest.md` covering CLI usage. Dependencies: DOCS-ATTEST-74-003. | — | DOAT0101 |
| DOCS-ATTEST-75-001 | DONE | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, Export Attestation Guild (docs) | | Add `/docs/modules/attestor/airgap.md` for attestation bundles. Dependencies: DOCS-ATTEST-74-004. | — | DOAT0101 |
| DOCS-ATTEST-75-002 | DONE | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, Security Guild (docs) | | Update `/docs/security/aoc-invariants.md` with attestation invariants. Dependencies: DOCS-ATTEST-75-001. | — | DOAT0101 |
| DOCS-CLI-41-001 | DONE | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, DevEx/CLI Guild (docs) | docs/modules/cli/guides | Publish `/docs/modules/cli/guides/overview.md`, `/docs/modules/cli/guides/configuration.md`, `/docs/modules/cli/guides/output-and-exit-codes.md` with imposed rule statements. | — | DOCL0101 |
| DOCS-CLI-42-001 | DONE | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild (docs) | docs/modules/cli/guides | Publish `/docs/modules/cli/guides/parity-matrix.md` and command guides under `/docs/modules/cli/guides/commands/*.md` (policy, sbom, vuln, vex, advisory, export, orchestrator, notify, aoc, auth). Dependencies: DOCS-CLI-41-001. | — | DOCL0101 |
| DOCS-CLI-DET-01 | DONE | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · DevEx/CLI Guild | | Document `stella sbomer` verbs (`layer`, `compose`, `drift`, `verify`) with examples & offline instructions. | CLI-SBOM-60-001; CLI-SBOM-60-002 | DOCL0101 |
| DOCS-CLI-FORENSICS-53-001 | DONE | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, DevEx/CLI Guild (docs) | docs/modules/cli/guides | Publish `/docs/modules/cli/guides/forensics.md` for snapshot/verify/attest commands with sample outputs, imposed rule banner, and offline workflows. | — | DOCL0101 |
| DOCS-CLI-OBS-52-001 | DONE | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, DevEx/CLI Guild (docs) | docs/modules/cli/guides | Create `/docs/modules/cli/guides/observability.md` detailing `stella obs` commands, examples, exit codes, imposed rule banner, and scripting tips. | — | DOCL0101 |
| DOCS-CONSOLE-OBS-52-001 | BLOCKED | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, Console Guild (docs) | | Document `/docs/console/observability.md` showcasing Observability Hub widgets, trace/log search, imposed rule banner, and accessibility tips. | Blocked: awaiting Console Observability Hub schemas/widgets from Console Guild | DOCL0101 |
| DOCS-CONSOLE-OBS-52-002 | BLOCKED | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, Console Guild (docs) | | Publish `/docs/console/forensics.md` covering timeline explorer, evidence viewer, attestation verifier, imposed rule banner, and troubleshooting. Dependencies: DOCS-CONSOLE-OBS-52-001. | Blocked: upstream DOCS-CONSOLE-OBS-52-001 | DOCL0101 |
| DOCS-CONTRIB-62-001 | DONE | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, API Governance Guild (docs) | docs/contributing/api-contracts.md | Publish `/docs/contributing/api-contracts.md` detailing how to edit OAS, lint rules, compatibility checks. | — | DOCL0101 |
| DOCS-DETER-70-002 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Scanner Guild | docs/modules/scanner/determinism-score.md | Document the scanner determinism score process (`determinism.json` schema, CI harness, replay instructions) under `/docs/modules/scanner/determinism-score.md` and add a release-notes template entry. Dependencies: SCAN-DETER-186-010, DEVOPS-SCAN-90-004. | — | DOSC0101 |
| DOCS-DEVPORT-62-001 | DONE | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, Developer Portal Guild (docs) | docs/devportal/publishing.md | Document `/docs/devportal/publishing.md` for build pipeline, offline bundle steps. | — | DOCL0101 |
| DOCS-DSL-401-005 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild (`docs/policy/dsl.md`, `docs/policy/lifecycle.md`) | `docs/policy/dsl.md`, `docs/policy/lifecycle.md` | Refresh `docs/policy/dsl.md` + lifecycle docs with the new syntax, signal dictionary (`trust_score`, `reachability`, etc.), authoring workflow, and safety rails (shadow mode, coverage tests). | — | DOCL0101 |
| DOCS-ENTROPY-70-004 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Scanner Guild | docs/modules/scanner/entropy.md | Publish entropy analysis documentation (scoring heuristics, JSON schemas, policy hooks, UI guidance) under `docs/modules/scanner/entropy.md` and update trust-lattice references. Dependencies: SCAN-ENTROPY-186-011/012, POLICY-RISK-90-001. | — | DOSC0101 |
| DOCS-EXC-25-001 | BLOCKED | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild | docs/modules/excititor | Author `/docs/governance/exceptions.md` covering lifecycle, scope patterns, examples, compliance checklist. | Blocked: waiting on CLEX0101 exception governance spec and UI workflow | DOEX0102 |
| DOCS-EXC-25-002 | BLOCKED | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild | docs/modules/excititor | Publish `/docs/governance/approvals-and-routing.md` detailing roles, routing matrix, MFA rules, audit trails. Dependencies: DOCS-EXC-25-001. | Blocked: upstream DOCS-EXC-25-001 | DOEX0102 |
| DOCS-EXC-25-003 | BLOCKED | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild | docs/modules/excititor | Create `/docs/api/exceptions.md` with endpoints, payloads, errors, idempotency notes. Dependencies: DOCS-EXC-25-002. | Blocked: upstream DOCS-EXC-25-002 | DOEX0102 |
| DOCS-EXC-25-005 | BLOCKED | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs + Accessibility Guilds | docs/modules/excititor | Write `/docs/ui/exception-center.md` with UI walkthrough, badges, accessibility, shortcuts. Dependencies: DOCS-EXC-25-003. | Blocked: upstream DOCS-EXC-25-003 | DOEX0102 |
| DOCS-EXC-25-006 | TODO | | SPRINT_303_docs_tasks_md_iii | Docs Guild | docs/modules/excititor | Update `/docs/modules/cli/guides/exceptions.md` covering command usage and exit codes. Dependencies: DOCS-EXC-25-005. | CLEX0101 | DOEX0102 |
| DOCS-EXC-25-007 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · DevOps Guild | docs/migration/exception-governance.md | Publish `/docs/migration/exception-governance.md` describing cutover from legacy suppressions, notifications, rollback. Dependencies: DOCS-EXC-25-006. | — | DOEX0102 |
| DOCS-EXPORT-37-004 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Export Center Guild | docs/security/export-hardening.md | Publish `/docs/security/export-hardening.md` outlining RBAC, tenancy, encryption, redaction, restating imposed rule. | — | DOEC0102 |
| DOCS-EXPORT-37-005 | BLOCKED | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Export Center Guild | docs/modules/export-center | Validate Export Center docs against live Trivy/mirror bundles once implementation lands; refresh examples and CLI snippets accordingly. Dependencies: DOCS-EXPORT-37-004. | Blocked: awaiting live bundle verification | DOEC0102 |
| DOCS-EXPORT-37-101 | BLOCKED | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · DevOps Guild | docs/modules/export-center | Refresh CLI verification sections once `stella export verify` lands (flags, exit codes, samples). Dependencies: DOCS-EXPORT-37-005. | Blocked: 37-005 pending live bundle validation | DOEC0102 |
| DOCS-EXPORT-37-102 | BLOCKED | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Evidence Locker Guild | docs/modules/export-center | Embed export dashboards/alerts references into provenance/runbook docs after Grafana work ships. Dependencies: DOCS-EXPORT-37-101. | Blocked: 37-101 blocked on live bundle validation | DOEC0102 |
| DOCS-FORENSICS-53-001 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Evidence Locker Guild | docs/forensics/evidence-locker.md | Publish `/docs/forensics/evidence-locker.md` describing bundle formats, WORM options, retention, legal hold, and imposed rule banner. | — | DOEL0101 |
| DOCS-FORENSICS-53-002 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Provenance Guild | docs/forensics/provenance-attestation.md | Release `/docs/forensics/provenance-attestation.md` covering DSSE schema, signing process, verification workflow, and imposed rule banner. Dependencies: DOCS-FORENSICS-53-001. | — | DOEL0101 |
| DOCS-FORENSICS-53-003 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Timeline Indexer Guild | docs/forensics/timeline.md | Publish `/docs/forensics/timeline.md` with schema, event kinds, filters, query examples, and imposed rule banner. Dependencies: DOCS-FORENSICS-53-002. | — | DOEL0101 |
| DOCS-GRAPH-24-001 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Graph Guild | docs/ui/sbom-graph-explorer.md | Author `/docs/ui/sbom-graph-explorer.md` detailing overlays, filters, saved views, accessibility, and AOC visibility. | — | DOGR0101 |
| DOCS-GRAPH-24-002 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · UI Guild | docs/ui/vulnerability-explorer.md | Publish `/docs/ui/vulnerability-explorer.md` covering table usage, grouping, fix suggestions, Why drawer. Dependencies: DOCS-GRAPH-24-001. | — | DOGR0101 |
| DOCS-GRAPH-24-003 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · SBOM Guild | docs/modules/graph | Create `/docs/modules/graph/architecture-index.md` describing data model, ingestion pipeline, caches, events. Dependencies: DOCS-GRAPH-24-002. | Unblocked: SBOM join spec delivered with CARTO-GRAPH-21-002 (2025-11-17). | DOGR0101 |
| DOCS-GRAPH-24-004 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · BE-Base Guild | docs/api/graph.md; docs/api/vuln.md | Document `/docs/api/graph.md` and `/docs/api/vuln.md` avec endpoints, parameters, errors, RBAC. Dependencies: DOCS-GRAPH-24-003. | Require replay hooks from RBBN0101 | DOGR0101 |
| DOCS-GRAPH-24-005 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · DevEx/CLI Guild | docs/modules/graph | Update `/docs/modules/cli/guides/graph-and-vuln.md` covering new CLI commands, exit codes, scripting. Dependencies: DOCS-GRAPH-24-004. | — | DOGR0101 |
| DOCS-GRAPH-24-006 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Policy Guild | docs/policy/ui-integration.md | Write `/docs/policy/ui-integration.md` explaining overlays, cache usage, simulator contracts. Dependencies: DOCS-GRAPH-24-005. | — | DOGR0101 |
| DOCS-GRAPH-24-007 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · DevOps Guild | docs/migration/graph-parity.md | Produce `/docs/migration/graph-parity.md` with rollout plan, parity checks, fallback guidance. Dependencies: DOCS-GRAPH-24-006. | — | DOGR0101 |
| DOCS-INSTALL-44-001 | BLOCKED | 2025-11-25 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Deployment Guild | docs/install | Publish `/docs/install/overview.md` and `/docs/install/compose-quickstart.md` with imposed rule line and copy-ready commands. | Blocked: waiting on DVPL0101 compose schema + service list/version pins | DOIS0101 |
| DOCS-INSTALL-45-001 | BLOCKED | 2025-11-25 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Deployment Guild | docs/install | Publish `/docs/install/helm-prod.md` and `/docs/install/configuration-reference.md` with values tables and imposed rule reminder. Dependencies: DOCS-INSTALL-44-001. | Blocked: upstream DOCS-INSTALL-44-001 and TLS guidance (127_SIGR0101) | DOIS0101 |
| DOCS-INSTALL-46-001 | BLOCKED | 2025-11-25 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Deployment Guild | docs/install | Publish `/docs/install/airgap.md`, `/docs/security/supply-chain.md`, `/docs/operations/health-and-readiness.md`, `/docs/release/image-catalog.md`, `/docs/console/onboarding.md` (each with imposed rule). Dependencies: DOCS-INSTALL-45-001. | Blocked: upstream DOCS-INSTALL-45-001 and 126_RLRC0101 replay hooks | DOIS0101 |
| DOCS-INSTALL-50-001 | BLOCKED | 2025-11-25 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · DevOps Guild | docs/install | Add `/docs/install/telemetry-stack.md` with collector deployment, exporter options, offline kit notes, and imposed rule banner. Dependencies: DOCS-INSTALL-46-001. | Blocked: upstream DOCS-INSTALL-46-001; awaiting DevOps offline validation (DVDO0107) | DOIS0101 |
| DOCS-LNM-22-001 | BLOCKED | 2025-10-27 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Concelier Guild | docs/modules/concelier/link-not-merge.md | Author `/docs/advisories/aggregation.md` covering observation vs linkset, conflict handling, AOC requirements, and reviewer checklist. | Need final schema text from 005_ATLN0101 | DOLN0101 |
| DOCS-LNM-22-002 | BLOCKED | 2025-10-27 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Excititor Guild | docs/modules/concelier/link-not-merge.md | Publish `/docs/vex/aggregation.md` describing VEX observation/linkset model, product matching, conflicts. Dependencies: DOCS-LNM-22-001. | Waiting on Excititor overlay notes | DOLN0101 |
| DOCS-LNM-22-003 | BLOCKED | 2025-10-27 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · BE-Base Guild | docs/modules/concelier/link-not-merge.md | Update `/docs/api/advisories.md` and `/docs/api/vex.md` for new endpoints, parameters, errors, exports. Dependencies: DOCS-LNM-22-002. | Replay hook contract from RBBN0101 | DOLN0101 |
| DOCS-LNM-22-004 | DONE | 2025-11-25 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Policy Guild | docs/modules/concelier/link-not-merge.md | Create `/docs/policy/effective-severity.md` detailing severity selection strategies from multiple sources. Dependencies: DOCS-LNM-22-003. | Requires policy binding from PLVL0102 | DOLN0101 |
| DOCS-LNM-22-005 | BLOCKED | 2025-10-27 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · UI Guild | docs/modules/concelier/link-not-merge.md | Document `/docs/ui/evidence-panel.md` with screenshots, conflict badges, accessibility guidance. Dependencies: DOCS-LNM-22-004. | UI signals from 124_CCSL0101 | DOLN0101 |
| DOCS-LNM-22-007 | DONE | 2025-11-25 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Observability Guild | docs/modules/concelier/link-not-merge.md | Publish `/docs/observability/aggregation.md` with metrics/traces/logs/SLOs. Dependencies: DOCS-LNM-22-005. | Observability wiring from 066_PLOB0101 | DOLN0101 |
| DOCS-LNM-22-008 | DONE (2025-11-03) | 2025-11-03 | SPRINT_117_concelier_vi | Docs Guild · DevOps Guild | docs/modules/concelier/link-not-merge.md | Documented Link-Not-Merge migration plan in `docs/migration/no-merge.md`; keep synced with ongoing tasks. | Needs retrospective summary | DOLN0101 |
| DOCS-NOTIFY-40-001 | DONE | 2025-11-25 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Security Guild | docs/modules/notify | Publish `/docs/notifications/channels.md`, `/docs/notifications/escalations.md`, `/docs/notifications/api.md`, `/docs/operations/notifier-runbook.md`, `/docs/security/notifications-hardening.md`; each ends with imposed rule line. | Need tenancy + throttling updates from DVDO0110 | DONO0101 |
| DOCS-OAS-61-001 | DONE | 2025-11-25 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · API Contracts Guild | docs/api/overview.md | Publish `/docs/api/overview.md` covering auth, tenancy, pagination, idempotency, rate limits with banner. | Need governance decisions from 049_APIG0101 | DOOA0101 |
| DOCS-OAS-61-002 | BLOCKED | 2025-11-25 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · API Governance Guild | docs/api/oas | Author `/docs/api/conventions.md` capturing naming, errors, filters, sorting, examples. Dependencies: DOCS-OAS-61-001. | Blocked: awaiting governance inputs (APIG0101) and example approvals | DOOA0101 |
| DOCS-OAS-61-003 | DONE | 2025-11-25 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · API Governance Guild | docs/api/oas | Publish `/docs/api/versioning.md` describing SemVer, deprecation headers, migration playbooks. Dependencies: DOCS-OAS-61-002. | Waiting on lint/tooling export from DVDO0108 | DOOA0101 |
| DOCS-OAS-62-001 | TODO | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · DevPortal Guild | docs/api/oas | Stand up `/docs/api/reference/` auto-generated site; integrate with portal nav. Dependencies: DOCS-OAS-61-003. | Needs DevPortal publishing hooks (050_DEVL0101) | DOOA0101 |
| DOCS-OBS-50-002 | TODO | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · Security Guild | docs/observability | Author `/docs/observability/telemetry-standards.md` detailing common fields, scrubbing policy, sampling defaults, and redaction override procedure. | Need console metric list from 059_CNOB0101 | DOOB0101 |
| DOCS-OBS-50-003 | TODO | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · Observability Guild | docs/observability | Create `/docs/observability/logging.md` covering structured log schema, dos/don'ts, tenant isolation, and copyable examples. Dependencies: DOCS-OBS-50-002. | Waiting on observability ADR from 066_PLOB0101 | DOOB0101 |
| DOCS-OBS-50-004 | TODO | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · Observability Guild | docs/observability | Draft `/docs/observability/tracing.md` explaining context propagation, async linking, CLI header usage, and sampling strategies. Dependencies: DOCS-OBS-50-003. | Requires CNOB dashboards export | DOOB0101 |
| DOCS-OBS-51-001 | TODO | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · DevOps Guild | docs/observability | Publish `/docs/observability/metrics-and-slos.md` cataloging metrics, SLO targets, burn rate policies, and alert runbooks. Dependencies: DOCS-OBS-50-004. | Needs DVOB runbook updates | DOOB0101 |
| DOCS-ORCH-32-001 | TODO | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · Orchestrator Guild | docs/modules/orchestrator | Author `/docs/orchestrator/overview.md` covering mission, roles, AOC alignment, governance, with imposed rule reminder. | Need taskrunner lease ADR from 043_ORTR0101 | DOOR0102 |
| DOCS-ORCH-32-002 | TODO | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · Orchestrator Guild | docs/modules/orchestrator | Author `/docs/orchestrator/architecture.md` detailing scheduler, DAGs, rate limits, data model, message bus, storage layout, restating imposed rule. Dependencies: DOCS-ORCH-32-001. | Depends on ORTR0102 health hooks | DOOR0102 |
| DOCS-ORCH-33-001 | TODO | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · Scheduler Guild | docs/modules/orchestrator | Publish `/docs/orchestrator/api.md` (REST/WebSocket endpoints, payloads, error codes) with imposed rule note. Dependencies: DOCS-ORCH-32-002. | Requires scheduler integration outline | DOOR0102 |
| DOCS-ORCH-33-002 | TODO | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · DevEx/CLI Guild | docs/modules/orchestrator | Publish `/docs/orchestrator/console.md` covering screens, a11y, live updates, control actions, reiterating imposed rule. Dependencies: DOCS-ORCH-33-001. | Wait for CLI samples from 132_CLCI0110 | DOOR0102 |
| DOCS-ORCH-33-003 | TODO | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · Export Center Guild | docs/modules/orchestrator | Publish `/docs/orchestrator/cli.md` documenting commands, options, exit codes, streaming output, offline usage, and imposed rule. Dependencies: DOCS-ORCH-33-002. | Needs Export Center hooks from 069_AGEX0101 | DOOR0102 |
| DOCS-ORCH-34-001 | TODO | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | | Author `/docs/orchestrator/run-ledger.md` covering ledger schema, provenance chain, audit workflows, with imposed rule reminder. Dependencies: DOCS-ORCH-33-003. | — | DOCL0102 |
| DOCS-ORCH-34-002 | TODO | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | | Update `/docs/security/secrets-handling.md` for orchestrator KMS refs, redaction badges, operator hygiene, reiterating imposed rule. Dependencies: DOCS-ORCH-34-001. | — | DOCL0102 |
| DOCS-ORCH-34-003 | TODO | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · DevOps Guild | docs/modules/orchestrator | Publish `/docs/operations/orchestrator-runbook.md` (incident playbook, backfill guide, circuit breakers, throttling) with imposed rule statement. Dependencies: DOCS-ORCH-34-002. | Requires ops checklist from DVDO0108 | DOOR0102 |
| DOCS-ORCH-34-004 | TODO | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · Observability Guild | docs/modules/orchestrator | Document `/docs/schemas/artifacts.md` describing artifact kinds, schema versions, hashing, storage layout, restating imposed rule. Dependencies: DOCS-ORCH-34-003. | Wait for observability dashboards (063_OROB0101) | DOOR0102 |
| DOCS-ORCH-34-005 | TODO | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · BE-Base Guild | docs/modules/orchestrator | Author `/docs/slo/orchestrator-slo.md` defining SLOs, burn alerts, measurement, and reiterating imposed rule. Dependencies: DOCS-ORCH-34-004. | Needs replay linkage from 042_RPRC0101 | DOOR0102 |
| DOCS-POLICY-23-003 | TODO | | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild | docs/policy/lifecycle.md | Produce `/docs/policy/runtime.md` covering compiler, evaluator, caching, events, SLOs. Dependencies: DOCS-POLICY-23-002. | DOCS-POLICY-23-002 | POKT0101 |
| DOCS-POLICY-23-004 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild · UI Guild | docs/policy/editor.md | Document `/docs/policy/editor.md` (UI walkthrough, validation, simulation, approvals). Dependencies: DOCS-POLICY-23-003. | DOCS-POLICY-23-003 | POKT0101 |
| DOCS-POLICY-23-005 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild · DevOps Guild | docs/policy/governance.md | Publish `/docs/policy/governance.md` (roles, scopes, approvals, signing, exceptions). Dependencies: DOCS-POLICY-23-004. | — | DOPL0101 |
| DOCS-POLICY-23-006 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild · DevEx/CLI Guild | docs/policy/api.md | Update `/docs/api/policy.md` with new endpoints, schemas, errors, pagination. Dependencies: DOCS-POLICY-23-005. | — | DOPL0101 |
| DOCS-POLICY-23-007 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild · Observability Guild | docs/modules/cli/guides/policy.md | Update `/docs/modules/cli/guides/policy.md` for lint/simulate/activate/history commands, exit codes. Dependencies: DOCS-POLICY-23-006. | — | DOPL0101 |
| DOCS-POLICY-23-008 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild · Policy Guild | docs/modules/policy/architecture.md | Refresh `/docs/modules/policy/architecture.md` with data model, sequence diagrams, event flows. Dependencies: DOCS-POLICY-23-007. | — | DOPL0101 |
| DOCS-POLICY-23-009 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild · DevOps Guild | docs/migration/policy-parity.md | Create `/docs/migration/policy-parity.md` covering dual-run parity plan and rollback. Dependencies: DOCS-POLICY-23-008. | — | DOPL0102 |
| DOCS-POLICY-23-010 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild · UI Guild | docs/ui/explainers.md | Write `/docs/ui/explainers.md` showing explain trees, evidence overlays, interpretation guidance. Dependencies: DOCS-POLICY-23-009. | — | DOPL0102 |
| DOCS-POLICY-27-007 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · CLI Guild | docs/policy/runs.md | Update `/docs/policy/cli.md` with new commands, JSON schemas, CI usage, compliance checklist. Dependencies: DOCS-POLICY-27-006. | CLI samples from CLPS0102 | POKT0101 |
| DOCS-POLICY-27-008 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Policy Registry Guild | docs/policy/runs.md | Publish `/docs/policy/packs.md` covering pack imports/promotions/rollback. | Waiting on registry schema | POKT0101 |
| DOCS-POLICY-27-003 | BLOCKED | 2025-10-27 | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild · Policy Registry Guild | docs/policy/lifecycle.md | Document `/docs/policy/versioning-and-publishing.md` (semver rules, attestations, rollback) with compliance checklist. Dependencies: DOCS-POLICY-27-002. | Requires registry schema from CCWO0101 | DOPL0102 |
| DOCS-POLICY-27-004 | BLOCKED | 2025-10-27 | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild · Scheduler Guild | docs/policy/lifecycle.md | Write `/docs/policy/simulation.md` covering quick vs batch sim, thresholds, evidence bundles, CLI examples. Dependencies: DOCS-POLICY-27-003. | Depends on scheduler hooks from 050_DEVL0101 | DOPL0102 |
| DOCS-POLICY-27-005 | BLOCKED | 2025-10-27 | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild · Product Ops | docs/policy/lifecycle.md | Publish `/docs/policy/review-and-approval.md` with approver requirements, comments, webhooks, audit trail guidance. Dependencies: DOCS-POLICY-27-004. | Await product ops approvals | DOPL0102 |
| DOCS-POLICY-27-006 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Policy Guild | docs/policy/runs.md | Author `/docs/policy/promotion.md` covering environments, canary, rollback, and monitoring steps. Dependencies: DOCS-POLICY-27-005. | Need RLS decision from PLLG0104 | DOPL0103 |
| DOCS-POLICY-27-007 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · CLI Guild | docs/policy/runs.md | Update `/docs/policy/cli.md` with new commands, JSON schemas, CI usage, and compliance checklist. Dependencies: DOCS-POLICY-27-006. | Requires CLI samples from 132_CLCI0110 | DOPL0103 |
| DOCS-POLICY-27-008 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Policy Registry Guild | docs/policy/runs.md | Publish `/docs/policy/api.md` describing Registry endpoints, request/response schemas, errors, and feature flags. Dependencies: DOCS-POLICY-27-007. | Waiting on registry schema (CCWO0101) | DOPL0103 |
| DOCS-POLICY-27-009 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Security Guild | docs/policy/runs.md | Create `/docs/security/policy-attestations.md` covering signing, verification, key rotation, and compliance checklist. Dependencies: DOCS-POLICY-27-008. | Needs security review outputs | DOPL0103 |
| DOCS-POLICY-27-010 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Architecture Guild | docs/policy/runs.md | Author `/docs/modules/policy/registry-architecture.md` (service design, schemas, queues, failure modes) with diagrams and checklist. Dependencies: DOCS-POLICY-27-009. | Depends on architecture review minutes | DOPL0103 |
| DOCS-POLICY-27-011 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Observability Guild | docs/policy/runs.md | Publish `/docs/observability/policy-telemetry.md` with metrics/log tables, dashboards, alerts, and compliance checklist. Dependencies: DOCS-POLICY-27-010. | Requires observability hooks from 066_PLOB0101 | DOPL0103 |
| DOCS-POLICY-27-012 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Ops Guild | docs/policy/runs.md | Write `/docs/runbooks/policy-incident.md` detailing rollback, freeze, forensic steps, notifications. Dependencies: DOCS-POLICY-27-011. | Needs ops playbooks (DVDO0108) | DOPL0103 |
| DOCS-POLICY-27-013 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Policy Guild | docs/policy/runs.md | Update `/docs/examples/policy-templates.md` with new templates, snippets, and sample policies. Dependencies: DOCS-POLICY-27-012. | Await policy guild approval | DOPL0103 |
| DOCS-POLICY-27-014 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Policy Registry Guild | docs/policy/runs.md | Refresh `/docs/aoc/aoc-guardrails.md` to include Studio-specific guardrails and validation scenarios. Dependencies: DOCS-POLICY-27-013. | Needs policy registry approvals | DOPL0103 |
| DOCS-POLICY-DET-01 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Policy Guild | docs/policy/runs.md | Extend `docs/modules/policy/architecture.md` with determinism gate semantics and provenance references. | Depends on deterministic harness (137_SCDT0101) | DOPL0103 |
| DOCS-PROMO-70-001 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Provenance Guild | docs/release/promotion-attestations.md | Publish `/docs/release/promotion-attestations.md` describing the promotion workflow (CLI commands, Signer/Attestor integration, offline verification) and update `/docs/forensics/provenance-attestation.md` with the new predicate. Dependencies: PROV-OBS-53-003, CLI-PROMO-70-002. | — | DOPV0101 |
| DOCS-REACH-201-006 | TODO | | SPRINT_400_runtime_facts_static_callgraph_union | Docs Guild · Runtime Evidence Guild | docs/reachability | Author the reachability doc set (`docs/signals/reachability.md`, `callgraph-formats.md`, `runtime-facts.md`, CLI/UI appendices) plus update Zastava + Replay guides with the new evidence and operators workflow. | Needs RBRE0101 provenance hook summary | DORC0101 |
| DOCS-REPLAY-185-003 | TODO | | SPRINT_0185_0001_0001_shared_replay_primitives | Docs Guild · Platform Data Guild | docs/replay | Author `docs/data/replay_schema.md` detailing `replay_runs`, `replay_bundles`, `replay_subjects` collections, index guidance, and offline sync strategy aligned with Replay CAS. | Need RPRC0101 API freeze | DORR0101 |
| DOCS-REPLAY-185-004 | TODO | | SPRINT_0185_0001_0001_shared_replay_primitives | Docs Guild | docs/replay | Expand `docs/replay/DEVS_GUIDE_REPLAY.md` with integration guidance for consuming services (Scanner, Evidence Locker, CLI) and add checklist derived from `docs/replay/DETERMINISTIC_REPLAY.md` Section 11. | Depends on #1 | DORR0101 |
| DOCS-REPLAY-186-004 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0186_0001_0001_record_deterministic_execution | Docs Guild · Runtime Evidence Guild | docs/replay/TEST_STRATEGY.md | Author `docs/replay/TEST_STRATEGY.md` (golden replay, feed drift, tool upgrade) and link it from both replay docs and Scanner architecture pages. | — | DORR0101 |
| DOCS-RISK-66-001 | TODO | | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Risk Profile Schema Guild | docs/risk | Publish `/docs/risk/overview.md` covering concepts and glossary. | Need schema approvals from PLLG0104 | DORS0101 |
| DOCS-RISK-66-002 | TODO | | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Policy Guild | docs/risk | Author `/docs/risk/profiles.md` (authoring, versioning, scope). Dependencies: DOCS-RISK-66-001. | Depends on #1 | DORS0101 |
| DOCS-RISK-66-003 | TODO | | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Risk Engine Guild | docs/risk | Publish `/docs/risk/factors.md` cataloging signals, transforms, reducers, TTLs. Dependencies: DOCS-RISK-66-002. | Requires engine contract from Risk Engine Guild | DORS0101 |
| DOCS-RISK-66-004 | TODO | | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Risk Engine Guild | docs/risk | Create `/docs/risk/formulas.md` detailing math, normalization, gating, severity. Dependencies: DOCS-RISK-66-003. | Needs engine rollout notes | DORS0101 |
| DOCS-RISK-67-001 | TODO | | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Risk Engine Guild | docs/risk | Publish `/docs/risk/explainability.md` showing artifact schema and UI screenshots. Dependencies: DOCS-RISK-66-004. | Wait for engine metrics from 066_PLOB0101 | DORS0101 |
| DOCS-RISK-67-002 | TODO | | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · API Guild | docs/risk | Produce `/docs/risk/api.md` with endpoint reference/examples. Dependencies: DOCS-RISK-67-001. | Requires API publishing workflow | DORS0101 |
| DOCS-RISK-67-003 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Console Guild | docs/risk | Document `/docs/console/risk-ui.md` for authoring, simulation, dashboards. Dependencies: DOCS-RISK-67-002. | Needs console overlay decision | DORS0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-RISK-67-004 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · CLI Guild | docs/risk | Publish `/docs/modules/cli/guides/risk.md` covering CLI workflows. Dependencies: DOCS-RISK-67-003. | Requires CLI samples from 132_CLCI0110 | DORS0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-RISK-68-001 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Export Guild | docs/risk | Add `/docs/airgap/risk-bundles.md` for offline factor bundles. Dependencies: DOCS-RISK-67-004. | Wait for export contract (069_AGEX0101) | DORS0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-RISK-68-002 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Security Guild | docs/risk | Update `/docs/security/aoc-invariants.md` with risk scoring provenance guarantees. Dependencies: DOCS-RISK-68-001. | Requires security approvals | DORS0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-RUNBOOK-401-017 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · Ops Guild | `docs/runbooks/reachability-runtime.md`, `docs/reachability/DELIVERY_GUIDE.md` | Publish the reachability runtime ingestion runbook, link it from delivery guides, and keep Ops/Signals troubleshooting steps current. | — | DORU0101 |
| DOCS-RUNBOOK-55-001 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Ops Guild | docs/runbooks | Author `/docs/runbooks/incidents.md` describing incident mode activation, escalation steps, retention impact, verification checklist, and imposed rule banner. | Requires deployment checklist from DVPL0101 | DORU0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-SCANNER-BENCH-62-002 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Product Guild | docs/modules/scanner/benchmarks | Capture customer demand for Windows/macOS analyzer coverage and document outcomes. | Need bench inputs from SCSA0301 | DOSB0101 |
| DOCS-SCANNER-BENCH-62-003 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Product Guild | docs/modules/scanner/benchmarks | Capture Python lockfile/editable install requirements and document policy guidance. | Depends on #1 | DOSB0101 |
| DOCS-SCANNER-BENCH-62-004 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Java Analyzer Guild | docs/modules/scanner/benchmarks | Document Java lockfile ingestion guidance and policy templates. | Requires Java analyzer notes | DOSB0101 |
| DOCS-SCANNER-BENCH-62-005 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Go Analyzer Guild | docs/modules/scanner/benchmarks | Document Go stripped-binary fallback enrichment guidance once implementation lands. | Needs Go analyzer results | DOSB0101 |
| DOCS-SCANNER-BENCH-62-006 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Product Guild | docs/modules/scanner/benchmarks | Document Rust fingerprint enrichment guidance and policy examples. | Requires updated benchmarks from SCSA0601 | DOSB0101 |
| DOCS-SCANNER-BENCH-62-008 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Platform Data Guild | docs/modules/scanner/benchmarks | Publish EntryTrace explain/heuristic maintenance guide. | Wait for replay hooks (RPRC0101) | DOSB0101 |
| DOCS-SCANNER-BENCH-62-009 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · DevEx/CLI Guild | docs/modules/scanner/benchmarks | Produce SAST integration documentation (connector framework, policy templates). | Depends on CLI samples (132_CLCI0110) | DOSB0101 |
| DOCS-SCANNER-DET-01 | DONE (2025-12-03) | 2025-12-03 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Scanner Guild | docs/modules/scanner/benchmarks | `/docs/modules/scanner/deterministic-sbom-compose.md` plus scan guide updates + fixture bundle (`docs/modules/scanner/fixtures/deterministic-compose/`). | Fixtures published via Sprint 0136; harness verified. | DOSB0101 |
| DOCS-SDK-62-001 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · SDK Generator Guild | docs/sdk | Publish `/docs/sdks/overview.md` plus language guides (`typescript.md`, `python.md`, `go.md`, `java.md`). | Need SDK toolchain notes from SDKG0101 | DOSK0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-SEC-62-001 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Security Guild | docs/security | Update `/docs/security/auth-scopes.md` with OAuth2/PAT scopes, tenancy header usage. | Need security ADR from DVDO0110 | DOSE0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-SEC-OBS-50-001 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Security Guild | docs/security | Update `/docs/security/redaction-and-privacy.md` to cover telemetry privacy controls, tenant opt-in debug, and imposed rule reminder. | Depends on PLOB0101 metrics | DOSE0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-SIG-26-001 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Signals Guild | docs/modules/signals | Write `/docs/signals/reachability.md` covering states, scores, provenance, retention. | Need SGSI0101 metrics freeze | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-SIG-26-002 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Observability Guild | docs/modules/signals | Publish `/docs/signals/callgraph-formats.md` with schemas and validation errors. Dependencies: DOCS-SIG-26-001. | Depends on #1 | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-SIG-26-003 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Signals Guild | docs/modules/signals | Create `/docs/signals/runtime-facts.md` detailing agent capabilities, privacy safeguards, opt-in flags. Dependencies: DOCS-SIG-26-002. | Requires SSE contract from SGSI0101 | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-SIG-26-004 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · CLI Guild | docs/modules/signals | Document `/docs/policy/signals-weighting.md` for SPL predicates and weighting strategies. Dependencies: DOCS-SIG-26-003. | Needs CLI samples (132_CLCI0110) | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-SIG-26-005 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · DevOps Guild | docs/modules/signals | Draft `/docs/ui/reachability-overlays.md` with badges, timelines, shortcuts. Dependencies: DOCS-SIG-26-004. | Wait for DevOps rollout plan | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-SIG-26-006 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Security Guild | docs/modules/signals | Update `/docs/modules/cli/guides/reachability.md` for new commands and automation recipes. Dependencies: DOCS-SIG-26-005. | Requires security guidance (DVDO0110) | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-SIG-26-007 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Policy Guild | docs/modules/signals | Publish `/docs/api/signals.md` covering endpoints, payloads, ETags, errors. Dependencies: DOCS-SIG-26-006. | Needs policy overlay from PLVL0102 | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-SIG-26-008 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Notifications Guild | docs/modules/signals | Write `/docs/migration/enable-reachability.md` guiding rollout, fallbacks, monitoring. Dependencies: DOCS-SIG-26-007. | Depends on notifications hooks (058_NOTY0101) | DOSG0101 |
| DOCS-SURFACE-01 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Surface Guild | docs/modules/scanner/surface | Create `/docs/modules/scanner/scanner-engine.md` covering Surface.FS/Env/Secrets workflow between Scanner, Zastava, Scheduler, and Ops. | Need latest surface emit notes (SCANNER-SURFACE-04) | DOSS0101 |
| DOCS-SYMS-70-003 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Symbols Guild | docs/specs/symbols/SYMBOL_MANIFEST_v1.md | Author symbol-server architecture/spec docs (`docs/specs/symbols/SYMBOL_MANIFEST_v1.md`, API reference, bundle guide) and update reachability guides with symbol lookup workflow and tenant controls. Dependencies: SYMS-SERVER-401-011, SYMS-INGEST-401-013. | — | DOSY0101 |
| DOCS-TEN-47-001 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Security Guild | docs/modules/tenancy | Publish `/docs/security/tenancy-overview.md` and `/docs/security/scopes-and-roles.md` outlining scope grammar, tenant model, imposed rule reminder. | Need tenancy ADR from DVDO0110 | DOTN0101 |
| DOCS-TEN-48-001 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Security Guild | docs/modules/tenancy | Publish `/docs/operations/multi-tenancy.md`, `/docs/operations/rls-and-data-isolation.md`, `/docs/console/admin-tenants.md`. Dependencies: DOCS-TEN-47-001. | Depends on #1 | DOTN0101 |
| DOCS-TEN-49-001 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · DevOps Guild | docs/modules/tenancy | Publish `/docs/modules/cli/guides/authentication.md`, `/docs/api/authentication.md`, `/docs/policy/examples/abac-overlays.md`, update `/docs/install/configuration-reference.md` with new env vars, all ending with imposed rule line. Dependencies: DOCS-TEN-48-001. | Requires monitoring plan from DVDO0110 | DOTN0101 |
| DOCS-TEST-62-001 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · SDK Generator Guild | docs/sdk | Author `/docs/testing/contract-testing.md` covering mock server, replay tests, golden fixtures. | Depends on #1 | DOSK0101 |
| DOCS-VEX-30-001 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · VEX Lens Guild | docs/modules/vex-lens | Publish `/docs/vex/consensus-overview.md` describing purpose, scope, AOC guarantees. | Need PLVL0102 schema snapshot | DOVX0101 |
| DOCS-VEX-30-002 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · VEX Lens Guild | docs/modules/vex-lens | Author `/docs/vex/consensus-algorithm.md` covering normalization, weighting, thresholds, examples. Dependencies: DOCS-VEX-30-001. | Depends on #1 | DOVX0101 |
| DOCS-VEX-30-003 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Issuer Directory Guild | docs/modules/vex-lens | Document `/docs/vex/issuer-directory.md` (issuer management, keys, trust overrides, audit). Dependencies: DOCS-VEX-30-002. | Requires Issuer Directory inputs | DOVX0101 |
| DOCS-VEX-30-004 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · VEX Lens Guild | docs/modules/vex-lens | Publish `/docs/vex/consensus-api.md` with endpoint specs, query params, rate limits. Dependencies: DOCS-VEX-30-003. | Needs PLVL0102 policy join notes | DOVX0101 |
| DOCS-VEX-30-005 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Console Guild | docs/modules/vex-lens | Write `/docs/vex/consensus-console.md` covering UI workflows, filters, conflicts, accessibility. Dependencies: DOCS-VEX-30-004. | Requires console overlay assets | DOVX0101 |
| DOCS-VEX-30-006 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Policy Guild | docs/modules/vex-lens | Add `/docs/policy/vex-trust-model.md` detailing policy knobs, thresholds, simulation. Dependencies: DOCS-VEX-30-005. | Needs waiver/exception guidance | DOVX0101 |
| DOCS-VEX-30-007 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · SBOM Service Guild | docs/modules/vex-lens | Publish `/docs/sbom/vex-mapping.md` (CPE→purl strategy, edge cases, overrides). Dependencies: DOCS-VEX-30-006. | Depends on SBOM/VEX dataflow spec | DOVX0101 |
| DOCS-VEX-30-008 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Security Guild | docs/modules/vex-lens | Deliver `/docs/security/vex-signatures.md` (verification flow, key rotation, audit). Dependencies: DOCS-VEX-30-007. | Requires security review (DVDO0110) | DOVX0101 |
| DOCS-VEX-30-009 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · DevOps Guild | docs/modules/vex-lens | Create `/docs/runbooks/vex-ops.md` for recompute storms, mapping failures, signature errors. Dependencies: DOCS-VEX-30-008. | Needs DevOps rollout plan | DOVX0101 |
| DOCS-VEX-401-012 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · VEX Lens Guild | `docs/benchmarks/vex-evidence-playbook.md`, `bench/README.md` | Maintain the VEX Evidence Playbook, publish repo templates/README, and document verification workflows for operators. | Need VEX evidence export from PLVL0102 | DOVB0101 |
| DOCS-VULN-29-001 | DOING | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Vuln Explorer Guild | docs/modules/vuln-explorer | Publish `/docs/vuln/explorer-overview.md` covering domain model, identities, AOC guarantees, workflow summary. | Need GRAP0101 contract | DOVL0101 |
| DOCS-VULN-29-002 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Vuln Explorer Guild | docs/modules/vuln-explorer | Write `/docs/vuln/explorer-using-console.md` with workflows, screenshots, keyboard shortcuts, saved views, deep links. Dependencies: DOCS-VULN-29-001. | Depends on #1 | DOVL0101 |
| DOCS-VULN-29-003 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · UI Guild | docs/modules/vuln-explorer | Author `/docs/vuln/explorer-api.md` (endpoints, query schema, grouping, errors, rate limits). Dependencies: DOCS-VULN-29-002. | Requires UI assets | DOVL0101 |
| DOCS-VULN-29-004 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Policy Guild | docs/modules/vuln-explorer | Publish `/docs/vuln/explorer-cli.md` with command reference, samples, exit codes, CI snippets. Dependencies: DOCS-VULN-29-003. | Needs policy overlay inputs | DOVL0101 |
| DOCS-VULN-29-005 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Security Guild | docs/modules/vuln-explorer | Write `/docs/vuln/findings-ledger.md` detailing event schema, hashing, Merkle roots, replay tooling. Dependencies: DOCS-VULN-29-004. | Requires security review | DOVL0101 |
| DOCS-VULN-29-006 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · DevOps Guild | docs/modules/vuln-explorer | Update `/docs/policy/vuln-determinations.md` for new rationale, signals, simulation semantics. Dependencies: DOCS-VULN-29-005. | Depends on DevOps rollout plan | DOVL0101 |
| DOCS-VULN-29-007 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · DevEx/CLI Guild | docs/modules/vuln-explorer | Publish `/docs/vex/explorer-integration.md` covering CSAF mapping, suppression precedence, status semantics. Dependencies: DOCS-VULN-29-006. | Needs CLI examples (132_CLCI0110) | DOVL0101 |
| DOCS-VULN-29-008 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Export Center Guild | docs/modules/vuln-explorer | Publish `/docs/advisories/explorer-integration.md` covering key normalization, withdrawn handling, provenance. Dependencies: DOCS-VULN-29-007. | Need export bundle spec | DOVL0102 |
| DOCS-VULN-29-009 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Security Guild | docs/modules/vuln-explorer | Author `/docs/sbom/vuln-resolution.md` detailing version semantics, scope, paths, safe version hints. Dependencies: DOCS-VULN-29-008. | Depends on #1 | DOVL0102 |
| DOCS-VULN-29-010 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · DevOps Guild | docs/modules/vuln-explorer | Publish `/docs/observability/vuln-telemetry.md` (metrics, logs, tracing, dashboards, SLOs). Dependencies: DOCS-VULN-29-009. | Requires DevOps automation plan | DOVL0102 |
| DOCS-VULN-29-011 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Notifications Guild | docs/modules/vuln-explorer | Create `/docs/security/vuln-rbac.md` for roles, ABAC policies, attachment encryption, CSRF. Dependencies: DOCS-VULN-29-010. | Needs notifications contract | DOVL0102 |
| DOCS-VULN-29-012 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Policy Guild | docs/modules/vuln-explorer | Write `/docs/runbooks/vuln-ops.md` (projector lag, resolver storms, export failures, policy activation). Dependencies: DOCS-VULN-29-011. | Requires policy overlay outputs | DOVL0102 |
| DOCS-VULN-29-013 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · DevEx/CLI Guild | docs/modules/vuln-explorer | Update `/docs/install/containers.md` with Findings Ledger & Vuln Explorer API images, manifests, resource sizing, health checks. Dependencies: DOCS-VULN-29-012. | Needs CLI/export scripts from 132_CLCI0110 | DOVL0102 |
| DOWNLOADS-CONSOLE-23-001 | DOING (dev-mock 2025-12-06) | 2025-12-06 | SPRINT_0502_0001_0001_ops_deployment_ii | Docs Guild · Deployment Guild | docs/console | Maintain signed downloads manifest pipeline (images, Helm, offline bundles), publish JSON under `deploy/downloads/manifest.json`, and document sync cadence for Console + docs parity. | Need latest console build instructions | DOCN0101 |
| DPOP-11-001 | TODO | 2025-11-08 | SPRINT_100_identity_signing | Docs Guild · Authority Core | src/Authority/StellaOps.Authority | Need DPoP ADR from PGMI0101 | AUTH-AOC-19-002 | DODP0101 |
| DSL-401-005 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · Policy Guild | `docs/policy/dsl.md`, `docs/policy/lifecycle.md` | Depends on PLLG0101 DSL updates | Depends on PLLG0101 DSL updates | DODP0101 |
| DSSE-CLI-401-021 | DONE | 2025-11-27 | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · CLI Guild | `src/Cli/StellaOps.Cli`, `scripts/ci/attest-*`, `docs/modules/attestor/architecture.md` | Ship a `stella attest` CLI (or sample `StellaOps.Attestor.Tool`) plus GitLab/GitHub workflow snippets that emit DSSE per build step (scan/package/push) using the new library and Authority keys. | Need CLI updates from latest DSSE release | DODS0101 |
| DSSE-DOCS-401-022 | DONE | 2025-11-27 | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · Attestor Guild | `docs/ci/dsse-build-flow.md`, `docs/modules/attestor/architecture.md` | Document the build-time attestation walkthrough (`docs/ci/dsse-build-flow.md`): models, helper usage, Authority integration, storage conventions, and verification commands, aligning with the advisory. | Depends on #1 | DODS0101 |
| DSSE-LIB-401-020 | DONE (2025-11-27) | 2025-11-27 | SPRINT_0401_0001_0001_reachability_evidence_chain | Attestor Guild · Platform Guild | `src/Attestor/StellaOps.Attestation`, `src/Attestor/StellaOps.Attestor.Envelope` | DsseEnvelopeExtensions added with conversion utilities; Envelope types exposed as transitive dependencies; consumers reference only StellaOps.Attestation. | Need attestor library API freeze | DOAL0101 |
| DVOFF-64-002 | TODO | | SPRINT_160_export_evidence | DevPortal Offline Guild | docs/modules/export-center/devportal-offline.md | DevPortal Offline + AirGap Controller Guilds | Needs exporter DSSE schema from 002_ATEL0101 | DEVL0102 |
| EDITOR-401-004 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · CLI Guild | `src/Cli/StellaOps.Cli`, `docs/policy/lifecycle.md` | Gather CLI/editor alignment notes | Gather CLI/editor alignment notes | DOCL0103 |
| EMIT-15-001 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Docs Guild · Scanner Emit Guild | src/Scanner/__Libraries/StellaOps.Scanner.Emit | Need EntryTrace emit notes from SCANNER-SURFACE-04 | SCANNER-SURFACE-04 | DOEM0101 |
| ENG-0001 | DONE | 2025-11-07 | SPRINT_333_docs_modules_excititor | Docs Guild · Analyzer Guild | docs/modules/excitor | Summarize excititor integration | Summarize excititor integration | DOEN0101 |
| ENG-0002 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Docs Guild · Analyzer Guild | docs/modules/scanner | Link to analyzer doc commits | Link to analyzer doc commits | DOEN0101 |
| ENG-0003 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Docs Guild · Analyzer Guild | docs/modules/scanner | Link to Python analyzer doc | Link to Python analyzer doc | DOEN0101 |
| ENG-0004 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Docs Guild · Analyzer Guild | docs/modules/scanner | Link to Java analyzer doc | Link to Java analyzer doc | DOEN0101 |
| ENG-0005 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Docs Guild · Analyzer Guild | docs/modules/scanner | Link to Go analyzer doc | Link to Go analyzer doc | DOEN0101 |
| ENG-0006 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Docs Guild · Analyzer Guild | docs/modules/scanner | Link to Rust analyzer doc | Link to Rust analyzer doc | DOEN0101 |
| ENG-0007 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Docs Guild · Analyzer Guild | docs/modules/scanner | Multi-analyzer wrap-up | Multi-analyzer wrap-up | DOEN0101 |
| ENG-0008 | TODO | | SPRINT_0138_0001_0001_scanner_ruby_parity | Docs Guild · EntryTrace Guild | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | Needs EntryTrace doc from DOEM0101 | Needs EntryTrace doc from DOEM0101 | DOEN0101 |
| ENG-0009 | TODO | 2025-11-13 | SPRINT_0138_0001_0001_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Requires CLI integration notes | SCANNER-ANALYZERS-RUBY-28-001..012 | DOEN0101 |
| ENG-0010 | TODO | | SPRINT_0138_0001_0001_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Need PHP analyzer doc outline | SCANNER-ANALYZERS-PHP-27-001 | DOEN0102 |
| ENG-0011 | TODO | | SPRINT_0138_0001_0001_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Deno analyzer doc | Deno analyzer doc | DOEN0102 |
| ENG-0012 | TODO | | SPRINT_0138_0001_0001_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Dart | EntryTrace doc dependency (DOEM0101) | EntryTrace doc dependency (DOEM0101) | DOEN0102 |
| ENG-0013 | TODO | | SPRINT_0138_0001_0001_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Swift | Swift analyzer doc outline | Swift analyzer doc outline | DOEN0102 |
| ENG-0014 | TODO | | SPRINT_0138_0001_0001_scanner_ruby_parity | Docs Guild · Analyzer Guild | docs/modules/scanner | Runtime/Zastava notes | Runtime/Zastava notes | DOEN0102 |
| ENG-0015 | DONE | 2025-11-13 | SPRINT_0138_0001_0001_scanner_ruby_parity | Docs Guild · Analyzer Guild | docs/modules/scanner | Summarize export center tie-in | Summarize export center tie-in | DOEN0102 |
| ENG-0016 | DONE | 2025-11-10 | SPRINT_0138_0001_0001_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Analyzer doc evidence | SCANNER-ENG-0009 | DOEN0102 |
| ENG-0017 | DONE | 2025-11-09 | SPRINT_0138_0001_0001_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Analyzer doc evidence | SCANNER-ENG-0016 | DOEN0102 |
| ENG-0018 | DONE | 2025-11-09 | SPRINT_0138_0001_0001_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Analyzer doc evidence | SCANNER-ENG-0017 | DOEN0102 |
| ENG-0019 | DONE | 2025-11-13 | SPRINT_0138_0001_0001_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Analyzer doc evidence | SCANNER-ENG-0016..0018 | DOEN0102 |
| ENG-0020 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Docs Guild · Scanner Guild | docs/modules/scanner | Need surface doc context | Need surface doc context | DOEN0103 |
| ENG-0021 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Docs Guild · Scanner Guild | docs/modules/scanner | Same as #1 | Same as #1 | DOEN0103 |
| ENG-0022 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Docs Guild · Scanner Guild | docs/modules/scanner | Policy integration reference | Policy integration reference | DOEN0103 |
| ENG-0023 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Docs Guild · Scanner Guild | docs/modules/scanner | Offline kit/policy integration | Offline kit/policy integration | DOEN0103 |
| ENG-0024 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Docs Guild · Scanner Guild | docs/modules/scanner | Surface doc refresh | Surface doc refresh | DOEN0103 |
| ENG-0025 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Docs Guild · Scanner Guild | docs/modules/scanner | Surface doc refresh | Surface doc refresh | DOEN0103 |
| ENG-0026 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Docs Guild · Scanner Guild | docs/modules/scanner | Surface doc refresh | Surface doc refresh | DOEN0103 |
| ENG-0027 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Docs Guild · Scanner Guild | docs/modules/scanner | Policy/offline integration doc | Policy/offline integration doc | DOEN0103 |
| ENGINE-20-002 | BLOCKED | 2025-10-26 | SPRINT_124_policy_reasoning | Docs Guild · Policy Guild | src/Policy/StellaOps.Policy.Engine | Need ADR references | Need ADR references | DOPE0101 |
| ENGINE-20-003 | TODO | | SPRINT_124_policy_reasoning | Docs Guild · Policy Guild · Concelier & Excititor Guilds | src/Policy/StellaOps.Policy.Engine | Depends on #1 | POLICY-ENGINE-20-002 | DOPE0101 |
| ENGINE-20-004 | TODO | | SPRINT_124_policy_reasoning | Docs Guild · Storage Guild | src/Policy/StellaOps.Policy.Engine | Needs storage notes | POLICY-ENGINE-20-003 | DOPE0101 |
| ENGINE-20-005 | TODO | | SPRINT_124_policy_reasoning | Docs Guild · Policy Runtime Guild | src/Policy/StellaOps.Policy.Engine | Requires policy runtime notes | POLICY-ENGINE-20-004 | DOPE0101 |
| ENGINE-20-006 | TODO | | SPRINT_124_policy_reasoning | Docs Guild · Policy Guild | src/Policy/StellaOps.Policy.Engine | Need runtime ADR | POLICY-ENGINE-20-005 | DOPE0102 |
| ENGINE-20-007 | TODO | | SPRINT_124_policy_reasoning | Docs Guild · Storage Guild | src/Policy/StellaOps.Policy.Engine | Need storage ADR | POLICY-ENGINE-20-006 | DOPE0102 |
| ENGINE-20-008 | TODO | | SPRINT_124_policy_reasoning | Docs Guild · Observability Guild | src/Policy/StellaOps.Policy.Engine | Need observability updates | POLICY-ENGINE-20-007 | DOPE0102 |
| ENGINE-20-009 | TODO | | SPRINT_124_policy_reasoning | Docs Guild · DevOps Guild | src/Policy/StellaOps.Policy.Engine | Need DevOps deployment plan | POLICY-ENGINE-20-008 | DOPE0102 |
| ENGINE-27-001 | TODO | | SPRINT_124_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-20-009 | POLICY-ENGINE-20-009 | DOPE0103 |
| ENGINE-27-002 | TODO | | SPRINT_124_policy_reasoning | Policy + Observability Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-27-001 | POLICY-ENGINE-27-001 | DOPE0103 |
| ENGINE-29-001 | TODO | | SPRINT_124_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-27-004 | POLICY-ENGINE-27-004 | DOPE0103 |
| ENGINE-29-002 | TODO | | SPRINT_124_policy_reasoning | Policy + Findings Ledger Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-29-001 | POLICY-ENGINE-29-001 | DOPE0103 |
| ENGINE-29-003 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy + SBOM Service Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-29-002 | POLICY-ENGINE-29-002 | DOPE0103 |
| ENGINE-29-004 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy + Observability Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-29-003 | POLICY-ENGINE-29-003 | DOPE0103 |
| ENGINE-30-001 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy + Cartographer Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-29-004 | POLICY-ENGINE-29-004 | DOPE0103 |
| ENGINE-30-002 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy + Cartographer Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-30-001 | POLICY-ENGINE-30-001 | DOPE0103 |
| ENGINE-30-003 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy + Scheduler Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-30-002 | POLICY-ENGINE-30-002 | DOPE0103 |
| ENGINE-30-101 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-30-003 | POLICY-ENGINE-30-003 | DOPE0103 |
| ENGINE-31-001 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-30-101 | POLICY-ENGINE-30-101 | DOPE0104 |
| ENGINE-31-002 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-31-001 | POLICY-ENGINE-31-001 | DOPE0104 |
| ENGINE-32-101 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-31-002 | POLICY-ENGINE-31-002 | DOPE0104 |
| ENGINE-33-101 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-32-101 | POLICY-ENGINE-32-101 | DOPE0104 |
| ENGINE-34-101 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-33-101 | POLICY-ENGINE-33-101 | DOPE0104 |
| ENGINE-35-201 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-34-101 | POLICY-ENGINE-34-101 | DOPE0104 |
| ENGINE-38-201 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-35-201 | POLICY-ENGINE-35-201 | DOPE0104 |
| ENGINE-40-001 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy + Concelier Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-38-201 | POLICY-ENGINE-38-201 | DOPE0104 |
| ENGINE-40-002 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy + Excititor Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-40-001 | POLICY-ENGINE-40-001 | DOPE0104 |
| ENGINE-40-003 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy + Web Scanner Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-40-002 | POLICY-ENGINE-40-002 | DOPE0104 |
| ENGINE-401-003 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild (`src/Policy/StellaOps.Policy.Engine`, `docs/modules/policy/architecture.md`) | `src/Policy/StellaOps.Policy.Engine`, `docs/modules/policy/architecture.md` | Reachability/forensics appendix referencing DORC0101. | — | DOPE0105 |
| ENGINE-50-001 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy + Platform Security / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-40-003 | POLICY-ENGINE-40-003 | DOPE0105 |
| ENGINE-50-002 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy + Runtime Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-50-001 | POLICY-ENGINE-50-001 | DOPE0105 |
| ENGINE-50-003 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy + Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-50-002 | POLICY-ENGINE-50-002 | DOPE0105 |
| ENGINE-50-004 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy + Platform Events Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-50-003 | POLICY-ENGINE-50-003 | DOPE0105 |
| ENGINE-50-005 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy + Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-50-004 | POLICY-ENGINE-50-004 | DOPE0105 |
| ENGINE-50-006 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy + QA Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-50-005 | POLICY-ENGINE-50-005 | DOPE0105 |
| ENGINE-50-007 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy + Scheduler Worker Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-50-006 | POLICY-ENGINE-50-006 | DOPE0105 |
| ENGINE-60-001 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy + SBOM Service Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-50-007 | POLICY-ENGINE-50-007 | DOPE0105 |
| ENGINE-60-002 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy + BE-Base Platform Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-60-001 | POLICY-ENGINE-60-001 | DOPE0105 |
| ENGINE-66-001 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Baseline collections + indexes doc. | — | DORG0101 |
| ENGINE-66-002 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-66-001 | RISK-ENGINE-66-001 | DORG0101 |
| ENGINE-67-001 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk + Concelier Guilds / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-66-002 | RISK-ENGINE-66-002 | DORG0101 |
| ENGINE-67-002 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk + Excititor Guilds / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-67-001 | RISK-ENGINE-67-001 | DORG0101 |
| ENGINE-67-003 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk + Policy Engine Guilds / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-67-002 | RISK-ENGINE-67-002 | DORG0101 |
| ENGINE-68-001 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk + Findings Ledger Guilds / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-67-003 | RISK-ENGINE-67-003 | DORG0101 |
| ENGINE-68-002 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk + API Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-68-001 | RISK-ENGINE-68-001 | DORG0101 |
| ENGINE-69-001 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Risk + Policy Studio Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-68-002 | RISK-ENGINE-68-002 | DORG0101 |
| ENGINE-69-002 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Risk + Observability Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-69-001 | RISK-ENGINE-69-001 | DORG0101 |
| ENGINE-70-001 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Risk + Export Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-69-002 | RISK-ENGINE-69-002 | DORG0101 |
| ENGINE-70-002 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy + Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-60-002 | POLICY-ENGINE-60-002 | DOPE0106 |
| ENGINE-70-003 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy + Runtime Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-70-002 | POLICY-ENGINE-70-002 | DOPE0106 |
| ENGINE-70-004 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy + Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-70-003 | POLICY-ENGINE-70-003 | DOPE0106 |
| ENGINE-70-005 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy + Scheduler Worker Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-70-004 | POLICY-ENGINE-70-004 | DOPE0106 |
| ENGINE-80-001 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy + Signals Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-70-005 | POLICY-ENGINE-70-005 | DOPE0106 |
| ENGINE-80-002 | TODO | | SPRINT_0127_0001_0001_policy_reasoning | Policy + Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-80-001 | POLICY-ENGINE-80-001 | DOPE0106 |
| ENGINE-80-003 | BLOCKED (2025-11-26) | | SPRINT_0127_0001_0001_policy_reasoning | Policy + Policy Editor Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-80-002 | POLICY-ENGINE-80-002 | DOPE0106 |
| ENGINE-80-004 | TODO | | SPRINT_0127_0001_0001_policy_reasoning | Policy + Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-80-003 | POLICY-ENGINE-80-003 | DOPE0106 |
| ENGINE-DOCS-0001 | TODO | | SPRINT_0325_0001_0001_docs_modules_policy | Docs Guild (docs/modules/policy) | docs/modules/policy | Refresh module overview + governance ladder. | — | DOPE0107 |
| ENGINE-ENG-0001 | TODO | | SPRINT_0325_0001_0001_docs_modules_policy | Module Team (docs/modules/policy) | docs/modules/policy | Capture engineering guidelines + acceptance tests. | — | DOPE0107 |
| ENGINE-OPS-0001 | TODO | | SPRINT_0325_0001_0001_docs_modules_policy | Ops Guild (docs/modules/policy) | docs/modules/policy | Operations runbook (deploy/rollback) pointer. | — | DOPE0107 |
| ENTROPY-186-011 | TODO | | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild · Provenance Guild | `src/Scanner/StellaOps.Scanner.Worker`, `src/Scanner/__Libraries` | SCANNER-ENTRYTRACE-18-508 | SCANNER-ENTRYTRACE-18-508 | SCDE0101 |
| ENTROPY-186-012 | TODO | | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild · Provenance Guild | `src/Scanner/StellaOps.Scanner.WebService`, `docs/replay/DETERMINISTIC_REPLAY.md` | ENTROPY-186-011 | ENTROPY-186-011 | SCDE0102 |
| ENTROPY-40-001 | TODO | | SPRINT_0209_0001_0001_ui_i | UI Guild | src/UI/StellaOps.UI | ENTROPY-186-011 | ENTROPY-186-011 | UIDO0101 |
| ENTROPY-40-002 | TODO | | SPRINT_0209_0001_0001_ui_i | UI Guild Policy Guild | src/UI/StellaOps.UI | ENTROPY-40-001 & ENTROPY-186-012 | ENTROPY-40-001 | UIDO0101 |
| ENTROPY-70-004 | TODO | | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Scanner Guild | docs/modules/scanner/determinism.md | ENTROPY-186-011/012 | ENTROPY-186-011/012 | DOSC0102 |
| ENTRYTRACE-18-502 | TODO | | SPRINT_0135_0001_0001_scanner_surface | EntryTrace Guild · Scanner Surface Guild | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | SCANNER-ENTRYTRACE-18-508 | SCANNER-ENTRYTRACE-18-508 | SCET0101 |
| ENTRYTRACE-18-503 | TODO | | SPRINT_0135_0001_0001_scanner_surface | EntryTrace Guild · Scanner Surface Guild | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | ENTRYTRACE-18-502 | ENTRYTRACE-18-502 | SCET0101 |
| ENTRYTRACE-18-504 | TODO | | SPRINT_0136_0001_0001_scanner_surface | EntryTrace Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace) | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | SCANNER-ENTRYTRACE-18-503 | SCANNER-ENTRYTRACE-18-503 | SCSS0102 |
| ENTRYTRACE-18-505 | TODO | | SPRINT_0136_0001_0001_scanner_surface | EntryTrace Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace) | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | SCANNER-ENTRYTRACE-18-504 | SCANNER-ENTRYTRACE-18-504 | SCSS0102 |
| ENTRYTRACE-18-506 | TODO | | SPRINT_0136_0001_0001_scanner_surface | EntryTrace Guild · Scanner WebService Guild | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | ENTRYTRACE-18-505 | ENTRYTRACE-18-505 | SCET0101 |
| ENV-01 | DONE | 2025-11-13 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Zastava Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | | | SCEN0101 |
| ENV-02 | DOING (2025-11-02) | 2025-11-02 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild · Zastava Guild | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | SURFACE-ENV-01 | SURFACE-ENV-01 | SCEN0101 |
| ENV-03 | TODO | | SPRINT_0136_0001_0001_scanner_surface | BuildX Plugin Guild | src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin | SCANNER-ENV-02 | SCANNER-ENV-02 | SCBX0101 |
| ENV-04 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Zastava Guild · Scanner Env Guild | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | SURFACE-ENV-02 | SURFACE-ENV-02 | SCEN0101 |
| ENV-05 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Ops Guild · Scanner Env Guild | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | SURFACE-ENV-03 & SURFACE-ENV-04 | SURFACE-ENV-03; SURFACE-ENV-04 | SCEN0101 |
| EVENTS-16-301 | BLOCKED (2025-10-26) | 2025-10-26 | SPRINT_0136_0001_0001_scanner_surface | Scanner WebService Guild (`src/Scanner/StellaOps.Scanner.WebService`) | src/Scanner/StellaOps.Scanner.WebService | SCDE0102 landing | SCDE0102 landing | SCEV0101 |
| EVID-CRYPTO-90-001 | TODO | | SPRINT_160_export_evidence | Evidence Locker + Security Guilds (`src/EvidenceLocker/StellaOps.EvidenceLocker`) | src/EvidenceLocker/StellaOps.EvidenceLocker | Evidence Locker + Security Guilds · `ICryptoProviderRegistry` integration | ATEL0101 contracts | EVEC0101 |
| EVID-OBS-54-002 | TODO | | SPRINT_161_evidencelocker | Evidence Locker Guild (`src/EvidenceLocker/StellaOps.EvidenceLocker`) | `src/EvidenceLocker/StellaOps.EvidenceLocker` | Finalize deterministic bundle packaging + DSSE layout per `docs/modules/evidence-locker/bundle-packaging.md`, ensuring parity with portable/incident modes. | EVID-CRYPTO-90-001 | EVEC0101 |
| EVID-REPLAY-187-001 | TODO | | SPRINT_160_export_evidence | Evidence Locker Guild · docs/modules/evidence-locker/architecture.md | docs/modules/evidence-locker/architecture.md | Evidence Locker Guild · docs/modules/evidence-locker/architecture.md | EVID-CRYPTO-90-001 | EVEC0101 |
| EXC-25-001 | TODO | | SPRINT_0202_0001_0002_cli_ii | DevEx/CLI Guild (`src/Cli/StellaOps.Cli`) | src/Cli/StellaOps.Cli | DOOR0102 APIs | DOOR0102 APIs | CLEX0101 |
| EXC-25-002 | TODO | | SPRINT_0202_0001_0002_cli_ii | DevEx/CLI Guild (`src/Cli/StellaOps.Cli`) | src/Cli/StellaOps.Cli | EXC-25-001 | EXC-25-001 | CLEX0101 |
| EXC-25-003 | TODO | | SPRINT_0209_0001_0001_ui_i | UI Guild (`src/UI/StellaOps.UI`) | src/UI/StellaOps.UI | DOOR0102 APIs | DOOR0102 APIs | UIEX0101 |
| EXC-25-004 | TODO | | SPRINT_0209_0001_0001_ui_i | UI Guild (`src/UI/StellaOps.UI`) | src/UI/StellaOps.UI | EXC-25-003 | EXC-25-003 | UIEX0101 |
| EXC-25-005 | TODO | | SPRINT_0209_0001_0001_ui_i | UI + Accessibility Guilds (`src/UI/StellaOps.UI`) | src/UI/StellaOps.UI | EXC-25-003 | EXC-25-003 | UIEX0101 |
| EXC-25-006 | TODO | | SPRINT_303_docs_tasks_md_iii | Docs Guild · DevEx Guild | docs/modules/excititor | CLEX0101 CLI updates | CLEX0101 CLI updates | DOEX0101 |
| EXC-25-007 | TODO | | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · DevOps Guild | docs/modules/excititor | UIEX0101 console outputs | UIEX0101 console outputs | DOEX0101 |
| EXCITITOR-ATTEST-73-001 | DONE | 2025-11-17 | SPRINT_0119_0001_0001_excititor_i | Excititor Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Attestation payloads emitted with supplier identity, justification summary, and scope metadata for trust chaining. | EXCITITOR-ATTEST-01-003 | EXAT0101 |
| EXCITITOR-ATTEST-73-002 | DONE | 2025-11-17 | SPRINT_0119_0001_0001_excititor_i | Excititor Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | APIs link attestation IDs back to observation/linkset/product tuples for provenance citations without derived verdicts. | EXCITITOR-ATTEST-73-001 | EXAT0101 |
| EXCITITOR-CONN-SUSE-01-003 | TODO | | SPRINT_0120_0001_0002_excititor_ii | Excititor Guild (SUSE connector) | src/Excititor/__Libraries/StellaOps.Excititor.Connectors.SUSE.RancherVEXHub | DONE (2025-11-09) Emit provider trust configuration (signer fingerprints, trust tier notes) into the raw provenance envelope so downstream VEX Lens/Policy components can weigh issuers. Connector must not apply weighting or consensus inside ingestion. | EXCITITOR-CONN-SUSE-01-002; EXCITITOR-POLICY-01-001 | EXCN0101 |
| EXCITITOR-CONN-TRUST-01-001 | DONE | 2025-11-20 | SPRINT_0119_0001_0001_excititor_i | Excititor Guild · AirGap Guilds | src/Excititor/__Libraries/StellaOps.Excititor.Connectors* | Signer metadata loader/enricher wired for MSRC/Oracle/Ubuntu/OpenVEX connectors; env `STELLAOPS_CONNECTOR_SIGNER_METADATA_PATH`; docs + sample hash shipped. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | EXCN0101 |
| EXCITITOR-CONN-UBUNTU-01-003 | TODO | | SPRINT_0120_0001_0002_excititor_ii | Excititor Guild (Ubuntu connector) | src/Excititor/__Libraries/StellaOps.Excititor.Connectors.Ubuntu.CSAF | DONE (2025-11-09) Emit Ubuntu signing metadata (GPG fingerprints, issuer trust tier) inside raw provenance artifacts so downstream Policy/VEX Lens consumers can weigh issuers. Connector must remain aggregation-only with no inline weighting. | EXCITITOR-CONN-UBUNTU-01-002 | EXCN0101 |
| EXCITITOR-CONSOLE-23-001 | DONE (2025-11-23) | | SPRINT_0120_0001_0002_excititor_ii | Excititor Guild · Docs Guild | src/Excititor/StellaOps.Excititor.WebService | Expose `/console/vex` endpoints returning grouped VEX statements per advisory/component with status chips, justification metadata, precedence trace pointers, and tenant-scoped filters for Console explorer. Dependencies: EXCITITOR-LNM-21-201, EXCITITOR-LNM-21-202. | DOCN0101 | EXCO0101 |
| EXCITITOR-CONSOLE-23-002 | DONE (2025-11-23) | | SPRINT_0120_0001_0002_excititor_ii | Excititor Guild | src/Excititor/StellaOps.Excititor.WebService | Provide aggregated counts for VEX overrides (new, not_affected, revoked) powering Console dashboard + live status ticker; emit metrics for policy explain integration. Dependencies: EXCITITOR-CONSOLE-23-001, EXCITITOR-LNM-21-203. | EXCITITOR-CONSOLE-23-001 | EXCO0101 |
| EXCITITOR-CONSOLE-23-003 | DONE (2025-11-23) | | SPRINT_0120_0001_0002_excititor_ii | Excititor Guild | src/Excititor/StellaOps.Excititor.WebService | Deliver rapid lookup endpoints of VEX by advisory/component for Console global search; ensure response includes provenance and precedence context; include caching and RBAC. Dependencies: EXCITITOR-CONSOLE-23-001. | EXCITITOR-CONSOLE-23-001 | EXCO0101 |
| EXCITITOR-CORE-AOC-19-002 | TODO | | SPRINT_0120_0001_0002_excititor_ii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Implement deterministic extraction of advisory IDs, component PURLs, and references into `linkset`, capturing reconciled-from metadata for traceability. | Link-Not-Merge schema | EXCA0101 |
| EXCITITOR-CORE-AOC-19-003 | TODO | | SPRINT_0120_0001_0002_excititor_ii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Enforce `(vendor, upstreamId, contentHash, tenant)` uniqueness, generate supersedes chains, and ensure append-only versioning of raw VEX documents. Dependencies: EXCITITOR-CORE-AOC-19-002. | EXCITITOR-CORE-AOC-19-002 | EXCA0101 |
| EXCITITOR-CORE-AOC-19-004 | TODO | | SPRINT_0120_0001_0002_excititor_ii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Excise consensus/merge/severity logic from Excititor ingestion paths, updating exports/tests to rely on Policy Engine materializations instead. Dependencies: EXCITITOR-CORE-AOC-19-003. | EXCITITOR-CORE-AOC-19-003 | EXCA0101 |
| EXCITITOR-CORE-AOC-19-013 | TODO | | SPRINT_0120_0001_0002_excititor_ii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Update Excititor smoke/e2e suites to seed tenant-aware Authority clients and ensure cross-tenant VEX ingestion is rejected. Dependencies: EXCITITOR-CORE-AOC-19-004. | EXCITITOR-CORE-AOC-19-004 | EXCA0101 |
| EXCITITOR-CRYPTO-90-001 | TODO | | SPRINT_0124_0001_0006_excititor_vi | WebService + Security Guilds | src/Excititor/StellaOps.Excititor.WebService | Replace ad-hoc hashing/signing in connectors/exporters/OpenAPI discovery with `ICryptoProviderRegistry` implementations approved by security so evidence verification stays deterministic across crypto profiles. | ATEL0101 | EXWS0101 |
| EXCITITOR-DOCS-0001 | DOING (2025-10-29) | 2025-10-29 | SPRINT_333_docs_modules_excititor | Docs Guild | docs/modules/excititor | See ./AGENTS.md | — | DOEX0102 |
| EXCITITOR-ENG-0001 | TODO | | SPRINT_333_docs_modules_excititor | Module Team · Docs Guild | docs/modules/excititor | Update status via ./AGENTS.md workflow | DOEX0101 evidence | DOEX0102 |
| EXCITITOR-GRAPH-21-001 | TODO | 2025-10-27 | SPRINT_0120_0001_0002_excititor_ii | Excititor Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Provide batched VEX/advisory reference fetches keyed by graph node PURLs so UI inspector can display raw documents and justification metadata. | Link-Not-Merge schema | EXGR0101 |
| EXCITITOR-GRAPH-21-002 | TODO | 2025-10-27 | SPRINT_0120_0001_0002_excititor_ii | Excititor Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Ensure overlay metadata includes VEX justification summaries and document versions for Cartographer overlays; update fixtures/tests. Dependencies: EXCITITOR-GRAPH-21-001. | EXCITITOR-GRAPH-21-001 | EXGR0101 |
| EXCITITOR-GRAPH-21-005 | TODO | 2025-10-27 | SPRINT_0120_0001_0002_excititor_ii | Excititor Guild | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo | Add indexes/materialized views for VEX lookups by PURL/policy to support Cartographer inspector performance; document migrations. Dependencies: EXCITITOR-GRAPH-21-002. | EXCITITOR-GRAPH-21-002 | EXGR0101 |
| EXCITITOR-GRAPH-24-101 | DONE (2025-11-25) | | SPRINT_0120_0001_0002_excititor_ii | Excititor Guild | src/Excititor/StellaOps.Excititor.WebService | Provide endpoints delivering VEX status summaries per component/asset for Vuln Explorer integration. Dependencies: EXCITITOR-GRAPH-21-005. | EXCITITOR-GRAPH-21-002 | EXGR0101 |
| EXCITITOR-GRAPH-24-102 | DONE (2025-11-25) | | SPRINT_0120_0001_0002_excititor_ii | Excititor Guild | src/Excititor/StellaOps.Excititor.WebService | Add batch VEX observation retrieval optimized for Graph overlays/tooltips. Dependencies: EXCITITOR-GRAPH-24-101. | EXCITITOR-GRAPH-24-101 | EXGR0101 |
| EXCITITOR-LNM-21-001 | TODO | | SPRINT_0121_0001_0003_excititor_iii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo | Stand up `vex_observations` and `vex_linksets` collections with shard keys, tenant guards, and migrations that retire any residual merge-era data without mutating raw content. | Link-Not-Merge schema | EXLN0101 |
| EXCITITOR-LNM-21-002 | TODO | | SPRINT_0121_0001_0003_excititor_iii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Capture disagreement metadata (status + justification deltas) directly inside linksets with confidence scores so downstream consumers can highlight conflicts without Excititor choosing winners. Depends on EXCITITOR-LNM-21-001. | EXCITITOR-LNM-21-001 | EXLN0101 |
| EXCITITOR-LNM-21-003 | TODO | | SPRINT_0121_0001_0003_excititor_iii | Excititor Core + Platform Events Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Emit `vex.linkset.updated` events and describe payload shape (observation ids, confidence, conflict summary) so Policy/Lens/UI can subscribe while Excititor stays aggregation-only. Depends on EXCITITOR-LNM-21-002. | EXCITITOR-LNM-21-002 | EXLN0101 |
| EXCITITOR-LNM-21-201 | DONE (2025-11-25) | | SPRINT_0121_0001_0003_excititor_iii | Excititor WebService Guild | src/Excititor/StellaOps.Excititor.WebService | Ship `/vex/observations` read endpoints with filters for advisory/product/issuer, strict RBAC, and deterministic pagination (no derived verdict fields). Depends on EXCITITOR-LNM-21-003. | EXCITITOR-LNM-21-001 | EXLN0101 |
| EXCITITOR-LNM-21-202 | DONE (2025-11-25) | | SPRINT_0121_0001_0003_excititor_iii | Excititor WebService Guild | src/Excititor/StellaOps.Excititor.WebService | Provide `/vex/linksets` + export endpoints that surface alias mappings, conflict markers, and provenance proofs exactly as stored; errors must map to `ERR_AGG_*`. Depends on EXCITITOR-LNM-21-201. | EXCITITOR-LNM-21-201 | EXLN0101 |
| EXCITITOR-LNM-21-203 | DONE (2025-11-23) | | SPRINT_0121_0001_0003_excititor_iii | Excititor WebService Guild | src/Excititor/StellaOps.Excititor.WebService | Update OpenAPI, SDK smoke tests, and documentation to cover the new observation/linkset endpoints with realistic examples Advisory AI/Lens teams can rely on. Depends on EXCITITOR-LNM-21-202. | EXCITITOR-LNM-21-202 | EXLN0101 |
| EXCITITOR-OBS-51-001 | DONE (2025-11-23) | | SPRINT_0121_0001_0003_excititor_iii | Excititor Core Guild · DevOps Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Publish ingest latency, scope resolution success, conflict rate, and signature verification metrics plus SLO burn alerts so we can prove Excititor meets the AOC “evidence freshness” mission. | Wait for 046_TLTY0101 span schema | EXOB0101 |
| EXCITITOR-OBS-52-001 | DONE (2025-11-24) | | SPRINT_0119_0001_0006_excititor_vi | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Emit `timeline_event` entries for every ingest/linkset change with trace IDs, justification summaries, and evidence hashes so downstream systems can replay the raw facts chronologically. Depends on EXCITITOR-OBS-51-001. | Needs #1 merged for correlation IDs | EXOB0101 |
| EXCITITOR-OBS-53-001 | TODO | | SPRINT_0122_0001_0004_excititor_iv | Excititor Core Guild · Evidence Locker Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Build locker payloads (raw doc, normalization diff, provenance) and Merkle manifests so sealed-mode sites can audit evidence without Excititor reinterpreting it. Depends on EXCITITOR-OBS-52-001. | Blocked on Evidence Locker DSSE hooks (002_ATEL0101) | EXOB0101 |
| EXCITITOR-OBS-54-001 | TODO | | SPRINT_0122_0001_0004_excititor_iv | Excititor Core Guild · Provenance Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Attach DSSE attestations to every evidence batch, verify chains via Provenance tooling, and surface attestation IDs on timeline events. Depends on EXCITITOR-OBS-53-001. | Requires provenance schema from 005_ATLN0101 | EXOB0101 |
| EXCITITOR-OPS-0001 | TODO | | SPRINT_333_docs_modules_excititor | Ops Guild · Docs Guild | docs/modules/excititor | Sync outcomes back to ../.. | DOEX0101 runbooks | DOEX0102 |
| EXCITITOR-ORCH-32-001 | TODO | | SPRINT_0122_0001_0004_excititor_iv | Excititor Worker Guild (`src/Excititor/StellaOps.Excititor.Worker`) | src/Excititor/StellaOps.Excititor.Worker | Adopt the orchestrator worker SDK for Excititor jobs, emitting heartbeats/progress/artifact hashes so ingestion remains deterministic and restartable without reprocessing evidence. | DOOR0102 APIs | EXWS0101 |
| EXCITITOR-ORCH-33-001 | TODO | | SPRINT_0122_0001_0004_excititor_iv | Excititor Worker Guild (`src/Excititor/StellaOps.Excititor.Worker`) | src/Excititor/StellaOps.Excititor.Worker | Honor orchestrator pause/throttle/retry commands, persist checkpoints, and classify error outputs to keep ingestion safe under outages. Depends on EXCITITOR-ORCH-32-001. | EXCITITOR-ORCH-32-001 | EXWS0101 |
| EXCITITOR-POLICY-20-001 | TODO | | SPRINT_0122_0001_0004_excititor_iv | WebService Guild | src/Excititor/StellaOps.Excititor.WebService | Provide VEX lookup APIs (PURL/advisory batching, scope filters, tenant enforcement) that Policy Engine uses to join evidence without Excititor performing any verdict logic. Depends on EXCITITOR-AOC-20-004. | DOLN0101 | EXWS0101 |
| EXCITITOR-POLICY-20-002 | TODO | | SPRINT_0122_0001_0004_excititor_iv | Excititor Core Guild (src/Excititor/__Libraries/StellaOps.Excititor.Core) | src/Excititor/__Libraries/StellaOps.Excititor.Core | Enhance linksets with scope resolution + version range metadata so Policy/Reachability can reason about applicability while Excititor continues to report only raw context. Depends on EXCITITOR-POLICY-20-001. | | EXWK0101 |
| EXCITITOR-RISK-66-001 | TODO | | SPRINT_0122_0001_0004_excititor_iv | Excititor Core Guild · Risk Engine Guild (`src/Excititor/__Libraries/StellaOps.Excititor.Core`) | src/Excititor/__Libraries/StellaOps.Excititor.Core | Publish risk-engine ready feeds (status, justification, provenance) with zero derived severity so gating services can reference Excititor as a source of truth. Depends on EXCITITOR-POLICY-20-002. | CONCELIER-GRAPH-21-001/002 | EXRS0101 |
| EXCITITOR-STORE-AOC-19-001 | DONE (2025-11-25) | | SPRINT_0119_0001_0005_excititor_v | Storage Guild (`src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo`) | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo | Ship Mongo JSON Schema + validator tooling (including Offline Kit instructions) so operators can prove Excititor stores only immutable evidence. | Link-Not-Merge schema | EXSM0101 |
| EXCITITOR-STORE-AOC-19-002 | DONE (2025-11-25) | | SPRINT_0119_0001_0005_excititor_v | Storage + DevOps Guilds (`src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo`) | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo | Create unique indexes, run migrations/backfills, and document rollback steps for the new schema validator. Depends on EXCITITOR-STORE-AOC-19-001. | EXCITITOR-STORE-AOC-19-001 | EXSM0101 |
| EXCITITOR-VEXLENS-30-001 | BLOCKED (2025-11-25) | Await VEX Lens field list / examples | SPRINT_0119_0001_0005_excititor_v | Excititor WebService Guild · VEX Lens Guild | src/Excititor/StellaOps.Excititor.WebService | Ensure every observation exported to VEX Lens carries issuer hints, signature blobs, product tree snippets, and staleness metadata so the lens can compute consensus without calling back into Excititor. | — | PLVL0103 |
| EXCITITOR-VULN-29-001 | BLOCKED (2025-11-23) | Waiting on advisory_key canonicalization spec | SPRINT_0119_0001_0005_excititor_v | Excititor WebService Guild (`src/Excititor/StellaOps.Excititor.WebService`) | src/Excititor/StellaOps.Excititor.WebService | Canonicalize advisory/product keys (map to `advisory_key`, capture scope metadata) while preserving original identifiers in `links[]`; run backfill + regression tests. | EXWS0101 | EXVN0101 |
| EXCITITOR-VULN-29-002 | BLOCKED (2025-11-23) | Blocked on EXCITITOR-VULN-29-001 | SPRINT_0119_0001_0005_excititor_v | Excititor WebService Guild | src/Excititor/StellaOps.Excititor.WebService | Provide `/vuln/evidence/vex/{advisory_key}` returning tenant-scoped raw statements, provenance, and attestation references for Vuln Explorer evidence tabs. Depends on EXCITITOR-VULN-29-001. | EXCITITOR-VULN-29-001 | EXVN0101 |
| EXCITITOR-VULN-29-004 | BLOCKED (2025-11-23) | Blocked on EXCITITOR-VULN-29-002 | SPRINT_0119_0001_0005_excititor_v | Excititor WebService + Observability Guilds | src/Excititor/StellaOps.Excititor.WebService | Add metrics/logs for normalization errors, suppression scopes, withdrawn statements, and feed them to Vuln Explorer + Advisory AI dashboards. Depends on EXCITITOR-VULN-29-002. | EXCITITOR-VULN-29-001 | EXVN0101 |
| EXCITITOR-WEB-AIRGAP-58-001 | TODO | | SPRINT_0124_0001_0006_excititor_vi | WebService Guild · AirGap Guilds | src/Excititor/StellaOps.Excititor.WebService | Emit timeline events + audit logs for mirror bundle imports (bundle ID, scope, actor) and map sealed-mode violations to actionable remediation guidance. | EXAG0101 | EXWS0101 |
| EXCITITOR-WEB-OAS-61-001 | TODO | | SPRINT_0124_0001_0006_excititor_vi | WebService Guild | src/Excititor/StellaOps.Excititor.WebService | Implement `/.well-known/openapi` with spec version metadata plus standard error envelopes, then update controller/unit tests accordingly. | DOOR0102 | EXWS0101 |
| EXCITITOR-WEB-OAS-62-001 | TODO | | SPRINT_0124_0001_0006_excititor_vi | WebService Guild · API Governance | src/Excititor/StellaOps.Excititor.WebService | Publish curated examples for the new evidence/attestation/timeline endpoints, emit deprecation headers for legacy routes, and align SDK docs. Depends on EXCITITOR-WEB-OAS-61-001. | EXCITITOR-WEB-OAS-61-001 | EXWS0101 |
| EXCITITOR-WEB-OBS-52-001 | TODO | | SPRINT_0124_0001_0006_excititor_vi | Excititor WebService Guild | src/Excititor/StellaOps.Excititor.WebService | Provide SSE/WebSocket bridges for VEX timeline events with tenant filters, pagination anchors, and guardrails so downstream consoles can monitor raw evidence changes in real time. Depends on EXCITITOR-OBS-52-001. | Wait for 046_TLTY0101 span schema | EXOB0102 |
| EXCITITOR-WEB-OBS-53-001 | TODO | | SPRINT_0124_0001_0006_excititor_vi | Excititor WebService Guild · Evidence Locker Guild | src/Excititor/StellaOps.Excititor.WebService | Expose `/evidence/vex/*` endpoints that fetch locker bundles, enforce scopes, and surface verification metadata without synthesizing verdicts. Depends on EXCITITOR-WEB-OBS-52-001. | Requires Evidence Locker DSSE API (002_ATEL0101) | EXOB0102 |
| EXCITITOR-WEB-OBS-54-001 | TODO | | SPRINT_0124_0001_0006_excititor_vi | Excititor WebService Guild | src/Excititor/StellaOps.Excititor.WebService | Add `/attestations/vex/*` endpoints returning DSSE verification state, builder identity, and chain-of-custody links so consumers never need direct datastore access. Depends on EXCITITOR-WEB-OBS-53-001. | Dependent on provenance schema (005_ATLN0101) | EXOB0102 |
| EXCITOR-DOCS-0001 | DONE | 2025-11-07 | SPRINT_333_docs_modules_excititor | Docs Guild (docs/modules/excitor) | docs/modules/excitor | Validate that `docs/modules/excitor/README.md` matches the latest release notes and consensus beta notes. | | DOXR0101 |
| EXCITOR-ENG-0001 | DONE | 2025-11-07 | SPRINT_333_docs_modules_excititor | Module Team (docs/modules/excitor) | docs/modules/excitor | Ensure the implementation plan sprint alignment table stays current with `SPRINT_200` updates. | | DOXR0101 |
| EXCITOR-OPS-0001 | DONE | 2025-11-07 | SPRINT_333_docs_modules_excititor | Ops Guild (docs/modules/excitor) | docs/modules/excitor | Review runbooks/observability assets, adding the checklist captured in `docs/modules/excitor/mirrors.md`. | | DOXR0101 |
| EXPLORER-DOCS-0001 | TODO | | SPRINT_334_docs_modules_vuln_explorer | Docs Guild | docs/modules/vuln-explorer | DOVL0101 outputs | DOVL0101 outputs | DOXR0101 |
| EXPLORER-ENG-0001 | TODO | | SPRINT_334_docs_modules_vuln_explorer | Explorer Module Team | docs/modules/vuln-explorer | DOVL0102 | DOVL0102 | DOXR0101 |
| EXPLORER-OPS-0001 | TODO | | SPRINT_334_docs_modules_vuln_explorer | Ops Guild | docs/modules/vuln-explorer | Explorer Ops runbooks | Explorer Ops runbooks | DOXR0101 |
| EXPORT-35-001 | TODO | | SPRINT_0121_0001_0001_policy_reasoning | Findings Ledger Guild (`src/Findings/StellaOps.Findings.Ledger`) | src/Findings/StellaOps.Findings.Ledger | PLLG010x ADRs | PLLG010x ADRs | EVFL0101 |
| EXPORT-36-001 | TODO | | SPRINT_0202_0001_0002_cli_ii | DevEx/CLI Guild (`src/Cli/StellaOps.Cli`) | src/Cli/StellaOps.Cli | Export API spec | Export API spec | EVCL0101 |
| EXPORT-37-001 | TODO | | SPRINT_0202_0001_0002_cli_ii | DevEx/CLI Guild (`src/Cli/StellaOps.Cli`) | src/Cli/StellaOps.Cli | EXPORT-36-001 | EXPORT-36-001 | EVCL0101 |
| EXPORT-37-004 | TODO | | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild | | DOCN0101 | DOCN0101 | EVDO0101 |
| EXPORT-37-005 | TODO | | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs + Export Guilds | | EXPORT-37-004 | EXPORT-37-004 | EVDO0101 |
| EXPORT-37-101 | TODO | | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild | | EVCL0101 | EVCL0101 | EVDO0101 |
| EXPORT-37-102 | TODO | | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild | | EXPORT-37-101 | EXPORT-37-101 | EVDO0101 |
| EXPORT-AIRGAP-56-001 | TODO | | SPRINT_160_export_evidence | Exporter Service Guild · Mirror Guild | | Exporter + Mirror Creator + DevOps Guilds | Wait for Deployment bundle shape (068_AGDP0101) | AGEX0101 |
| EXPORT-AIRGAP-56-002 | TODO | | SPRINT_160_export_evidence | Exporter Service Guild · DevOps Guild | | Depends on #1 artifacts | Depends on #1 artifacts | AGEX0101 |
| EXPORT-AIRGAP-57-001 | TODO | | SPRINT_160_export_evidence | ExportCenter Guild (`src/ExportCenter/StellaOps.ExportCenter`) | src/ExportCenter/StellaOps.ExportCenter | Exporter Service + Evidence Locker Guild | EXAG0101 outputs | EVAH0101 |
| EXPORT-AIRGAP-58-001 | TODO | | SPRINT_162_exportcenter_i | ExportCenter Guild · Notifications Guild | src/ExportCenter/StellaOps.ExportCenter | Emit notifications and timeline events when Mirror Bundles or Bootstrap packs are ready for transfer. Dependencies: EXPORT-AIRGAP-57-001. | EXPORT-AIRGAP-57-001 | EVAH0101 |
| EXPORT-ATTEST-74-001 | TODO | | SPRINT_160_export_evidence | ExportCenter + Attestation Guilds | | Attestation Bundle + Exporter Guilds | ATEL0101 | EVAH0101 |
| EXPORT-ATTEST-74-002 | TODO | | SPRINT_160_export_evidence | ExportCenter + Attestation Guilds | | EXPORT-ATTEST-74-001 | EXPORT-ATTEST-74-001 | EVAH0101 |
| EXPORT-ATTEST-75-001 | TODO | | SPRINT_160_export_evidence | ExportCenter + CLI Guilds | | Attestation Bundle + CLI + Exporter Guilds | EXPORT-ATTEST-74-001 | EVAH0101 |
| EXPORT-ATTEST-75-002 | TODO | | SPRINT_160_export_evidence | ExportCenter + CLI Guilds | | EXPORT-ATTEST-75-001 | EXPORT-ATTEST-75-001 | EVAH0101 |
| EXPORT-CONSOLE-23-001 | TODO | | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild, Scheduler Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Build evidence bundle/export generator producing signed manifests, CSV/JSON replay endpoints, and trace attachments; integrate with scheduler jobs and expose progress telemetry | | EVOA0101 |
| EXPORT-CRYPTO-90-001 | TODO | | SPRINT_160_export_evidence | ExportCenter + Security Guilds (`src/ExportCenter/StellaOps.ExportCenter`) | src/ExportCenter/StellaOps.ExportCenter | Exporter Service + Security Guilds | Security review | EVOA0101 |
| EXPORT-OAS-61 | TODO | | SPRINT_160_export_evidence | ExportCenter + API Governance | | Exporter Service + API Governance + SDK Guilds | OAS spec finalization | EVOA0101 |
| EXPORT-OAS-61-001 | TODO | | SPRINT_162_exportcenter_i | ExportCenter + API Contracts Guild | src/ExportCenter/StellaOps.ExportCenter | Update Exporter OAS covering profiles, runs, downloads, devportal exports with standard error envelope and examples. | EXPORT-OAS-61 | EVOA0101 |
| EXPORT-OAS-61-002 | TODO | | SPRINT_162_exportcenter_i | ExportCenter + API Guild | src/ExportCenter/StellaOps.ExportCenter | Provide `/.well-known/openapi` discovery endpoint with version metadata and ETag. Dependencies: EXPORT-OAS-61-001. | EXPORT-OAS-61 | EVOA0101 |
| EXPORT-OAS-62 | TODO | | SPRINT_160_export_evidence | ExportCenter + API Governance | | EXPORT-OAS-61 | EXPORT-OAS-61 | EVOA0101 |
| EXPORT-OAS-62-001 | TODO | | SPRINT_162_exportcenter_i | ExportCenter + API Guilds (`src/ExportCenter/StellaOps.ExportCenter`) | src/ExportCenter/StellaOps.ExportCenter | Ensure SDKs include export profile/run clients with streaming download helpers; add smoke tests. Dependencies: EXPORT-OAS-61-002. | EVOA0101 outputs | EVOA0102 |
| EXPORT-OAS-63 | TODO | | SPRINT_160_export_evidence | Exporter Service Guild · API Governance Guild | | Needs API governance sign-off (049_APIG0101) | Needs API governance sign-off (049_APIG0101) | AGEX0101 |
| EXPORT-OAS-63-001 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild · SDK Guild | src/ExportCenter/StellaOps.ExportCenter | Implement deprecation headers and notifications for legacy export endpoints. Dependencies: EXPORT-OAS-62-001. | Requires #3 schema | AGEX0101 |
| EXPORT-OBS-50-001 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild · Observability Guild | src/ExportCenter/StellaOps.ExportCenter | Adopt telemetry core in exporter service + workers, ensuring spans/logs capture profile id, tenant, artifact counts, distribution type, and trace IDs. | Wait for telemetry schema drop from 046_TLTY0101 | ECOB0101 |
| EXPORT-OBS-51-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | | Downstream automation awaiting assembler staffing outcome. | PROGRAM-STAFF-1001 | ECOB0101 |
| EXPORT-OBS-52-001 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild | src/ExportCenter/StellaOps.ExportCenter | Publish timeline events for export lifecycle (`export.requested`, `export.built`, `export.distributed`, `export.failed`) embedding manifest hashes and evidence refs. Provide dedupe + retry logic. Dependencies: EXPORT-OBS-51-001. | Requires shared middleware from task #1 | ECOB0101 |
| EXPORT-OBS-53-001 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild · Evidence Locker Guild | src/ExportCenter/StellaOps.ExportCenter | Push export manifests + distribution transcripts to evidence locker bundles, ensuring Merkle root alignment and DSSE pre-sign data available. Dependencies: EXPORT-OBS-52-001. | Blocked on Evidence Locker DSSE API (002_ATEL0101) | ECOB0101 |
| EXPORT-OBS-54-001 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild · Provenance Guild | src/ExportCenter/StellaOps.ExportCenter | Produce DSSE attestations for each export artifact and distribution target, expose verification API `/exports/{id}/attestation`, and integrate with CLI verify path. Dependencies: EXPORT-OBS-53-001. | PROGRAM-STAFF-1001; EXPORT-MIRROR-ORCH-1501 | ECOB0101 |
| EXPORT-OBS-54-002 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild · Provenance Guild | src/ExportCenter/StellaOps.ExportCenter | Add promotion attestation assembly to export runs (compute SBOM/VEX digests, embed Rekor proofs, bundle DSSE envelopes) and ensure Offline Kit packaging includes the resulting JSON + DSSE envelopes. Dependencies: EXPORT-OBS-54-001, PROV-OBS-53-003. | Needs #5 for consistent dimensions | ECOB0101 |
| EXPORT-OBS-55-001 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild · DevOps Guild | src/ExportCenter/StellaOps.ExportCenter | Add incident mode enhancements (extra tracing for slow exports, additional debug logs, retention bump). Emit incident activation events to timeline + notifier. Dependencies: EXPORT-OBS-54-001. | Requires DevOps alert templates (045_DVDO0103) | ECOB0101 |
| EXPORT-RISK-69-001 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild · Risk Bundle Guild | src/ExportCenter/StellaOps.ExportCenter | Add Export Center job handler `risk-bundle` with provider selection, manifest signing, and audit logging. | Wait for Risk engine inputs (042_RPRC0101) | AGEX0101 |
| EXPORT-RISK-69-002 | TODO | | SPRINT_163_exportcenter_ii | ExportCenter + Risk Guilds | src/ExportCenter/StellaOps.ExportCenter | Enable simulation report exports pulling scored data + explainability snapshots. Dependencies: EXPORT-RISK-69-001. | EXRS0101 outputs | EVRK0101 |
| EXPORT-RISK-70-001 | TODO | | SPRINT_163_exportcenter_ii | ExportCenter + DevOps Guild | src/ExportCenter/StellaOps.ExportCenter | Integrate risk bundle builds into offline kit packaging with checksum verification. Dependencies: EXPORT-RISK-69-002. | EXPORT-RISK-69-002 | EVRK0101 |
| EXPORT-SVC-35-001 | BLOCKED (2025-10-29) | 2025-10-29 | SPRINT_163_exportcenter_ii | ExportCenter Guild (`src/ExportCenter/StellaOps.ExportCenter`) | src/ExportCenter/StellaOps.ExportCenter | Bootstrap exporter service project, configuration, and Postgres migrations for `export_profiles`, `export_runs`, `export_inputs`, `export_distributions` with tenant scoping + tests. | Await EVFL0101 evidence feed | ESVC0101 |
| EXPORT-SVC-35-002 | TODO | | SPRINT_163_exportcenter_ii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Implement planner + scope resolver translating filters into ledger iterators and orchestrator job payloads; include deterministic sampling and validation. Dependencies: EXPORT-SVC-35-001. | EXPORT-SVC-35-001 | ESVC0101 |
| EXPORT-SVC-35-003 | TODO | | SPRINT_163_exportcenter_ii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Deliver JSON adapters (`json:raw`, `json:policy`) with canonical normalization, redaction allowlists, compression, and manifest counts. Dependencies: EXPORT-SVC-35-002. | EXPORT-SVC-35-001 | ESVC0101 |
| EXPORT-SVC-35-004 | TODO | | SPRINT_163_exportcenter_ii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Build mirror (full) adapter producing filesystem layout, indexes, manifests, and README with download-only distribution. Dependencies: EXPORT-SVC-35-003. | EXPORT-SVC-35-002 | ESVC0101 |
| EXPORT-SVC-35-005 | TODO | | SPRINT_163_exportcenter_ii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Implement manifest/provenance writer and KMS signing/attestation (detached + embedded) for bundle outputs. Dependencies: EXPORT-SVC-35-004. | EXPORT-SVC-35-003 | ESVC0101 |
| EXPORT-SVC-35-006 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Expose Export API (profiles, runs, download, SSE updates) with audit logging, concurrency controls, and viewer/operator RBAC integration. Dependencies: EXPORT-SVC-35-005. | EXPORT-SVC-35-004 | ESVC0101 |
| EXPORT-SVC-36-001 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Implement Trivy DB adapter (core) with schema mappings, version flag gating, and validation harness. Dependencies: EXPORT-SVC-35-006. | ESVC0101 outputs | ESVC0102 |
| EXPORT-SVC-36-002 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Add Trivy Java DB variant with shared manifest entries and adapter regression tests. Dependencies: EXPORT-SVC-36-001. | EXPORT-SVC-36-001 | ESVC0102 |
| EXPORT-SVC-36-003 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Build OCI distribution engine (manifests, descriptors, annotations) with registry auth support and retries. Dependencies: EXPORT-SVC-36-002. | EXPORT-SVC-36-001 | ESVC0102 |
| EXPORT-SVC-36-004 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Extend planner/run lifecycle for distribution targets (OCI/object storage) with idempotent metadata updates and retention timestamps. Dependencies: EXPORT-SVC-36-003. | EXPORT-SVC-36-002 | ESVC0102 |
| EXPORT-SVC-37-001 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Implement mirror delta adapter with base manifest comparison, change set generation, and content-addressed reuse. Dependencies: EXPORT-SVC-36-004. | EXPORT-SVC-35-006 | ESVC0102 |
| EXPORT-SVC-37-002 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Add bundle encryption (age/AES-GCM), key wrapping via KMS, and verification tooling for encrypted outputs. Dependencies: EXPORT-SVC-37-001. | EXPORT-SVC-37-001 | ESVC0102 |
| EXPORT-SVC-37-003 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Implement export scheduling (cron/event), retention pruning, retry idempotency, and failure classification. Dependencies: EXPORT-SVC-37-002. | EXPORT-SVC-37-002 | ESVC0103 |
| EXPORT-SVC-37-004 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Provide verification API to stream manifests/hashes, compute hash+signature checks, and return attest status for CLI/UI. Dependencies: EXPORT-SVC-37-003. | EXPORT-SVC-37-003 | ESVC0103 |
| EXPORT-SVC-43-001 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Integrate pack run manifests/artifacts into export bundles and CLI verification flows; expose provenance links. Dependencies: EXPORT-SVC-37-004. | EXPORT-SVC-37-004 | ESVC0103 |
| EXPORT-TEN-48-001 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | ExportCenter + Tenancy Guild | src/ExportCenter/StellaOps.ExportCenter | Prefix artifacts/manifests with tenant/project, enforce scope checks, and prevent cross-tenant exports unless explicitly whitelisted; update provenance. | EXPORT-SVC-37-004 | ESVC0103 |
| FEEDCONN-CCCS-02-009 | TODO | | SPRINT_117_concelier_vi | Concelier Connector Guild CCCS (src/Concelier/__Libraries/StellaOps.Concelier.Connector.Cccs) | src/Concelier/__Libraries/StellaOps.Concelier.Connector.Cccs | Emit CCCS version ranges into `advisory_observations.affected.versions[]` with provenance anchors (`cccs:{serial}:{index}`) and normalized comparison keys per the Link-Not-Merge schema/doc recipes. Depends on CONCELIER-LNM-21-001. | — | FEFC0101 |
| FEEDCONN-CERTBUND-02-010 | TODO | | SPRINT_117_concelier_vi | Concelier Connector Guild CertBund (src/Concelier/__Libraries/StellaOps.Concelier.Connector.CertBund) | src/Concelier/__Libraries/StellaOps.Concelier.Connector.CertBund | Translate CERT-Bund `product.Versions` phrases into normalized ranges + provenance identifiers (`certbund:{advisoryId}:{vendor}`) while retaining localisation notes; update mapper/tests for Link-Not-Merge. Depends on CONCELIER-LNM-21-001. | — | FEFC0101 |
| FEEDCONN-CISCO-02-009 | DOING | 2025-11-08 | SPRINT_117_concelier_vi | Concelier Connector Guild Cisco (src/Concelier/__Libraries/StellaOps.Concelier.Connector.Vndr.Cisco) | src/Concelier/__Libraries/StellaOps.Concelier.Connector.Vndr.Cisco | Emit Cisco SemVer ranges into the new observation schema with provenance IDs (`cisco:{productId}`) and deterministic comparison keys; refresh fixtures to remove merge counters. Depends on CONCELIER-LNM-21-001. | — | FEFC0101 |
| FEEDCONN-ICSCISA-02-012 | BLOCKED | | SPRINT_0503_0001_0001_ops_devops_i | Concelier Feed Owners | | Overdue provenance refreshes require schedule from feed owners. | FEED-REMEDIATION-1001 | FEFC0101 |
| FEEDCONN-KISA-02-008 | BLOCKED | | SPRINT_0503_0001_0001_ops_devops_i | Concelier Feed Owners | | FEED-REMEDIATION-1001 | FEED-REMEDIATION-1001 | FEFC0101 |
| FORENSICS-53-001 | TODO | | SPRINT_0202_0001_0002_cli_ii | Forensics Guild | src/Cli/StellaOps.Cli | Replay data set | Replay data set | FONS0101 |
| FORENSICS-53-002 | TODO | | SPRINT_0304_0001_0004_docs_tasks_md_iv | Forensics Guild | | FORENSICS-53-001 | FORENSICS-53-001 | FONS0101 |
| FORENSICS-53-003 | TODO | | SPRINT_0304_0001_0004_docs_tasks_md_iv | Forensics Guild | | FORENSICS-53-001 | FORENSICS-53-001 | FONS0101 |
| FORENSICS-54-001 | TODO | | SPRINT_0202_0001_0002_cli_ii | Forensics Guild | src/Cli/StellaOps.Cli | FORENSICS-53 outputs | FORENSICS-53 outputs | FONS0101 |
| FORENSICS-54-002 | TODO | | SPRINT_0202_0001_0002_cli_ii | Forensics Guild | src/Cli/StellaOps.Cli | FORENSICS-54-001 | FORENSICS-54-001 | FONS0101 |
| FS-03 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | SURFACE-FS-02 | SURFACE-FS-02 | SFFS0101 |
| FS-04 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | FS-03 | SURFACE-FS-02 | SFFS0101 |
| FS-05 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild · Scheduler Guild | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | SURFACE-FS-03 | SURFACE-FS-03 | SFFS0101 |
| FS-06 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Docs Guild | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | SURFACE-FS-02 | SURFACE-FS-02 | SFFS0101 |
| FS-07 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | SCANNER-SURFACE-04 | SCANNER-SURFACE-04 | SFFS0101 |
| GAP-DOC-008 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild | `docs/reachability/function-level-evidence.md`, `docs/09_API_CLI_REFERENCE.md`, `docs/api/policy.md` | Publish the cross-module function-level evidence guide, update API/CLI references with the new `code_id` fields, and add OpenVEX/replay samples under `samples/reachability/**`. | DOAG0101 outputs | GAPG0101 |
| GAP-POL-005 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild · Docs Guild | `src/Policy/StellaOps.Policy.Engine`, `docs/modules/policy/architecture.md`, `docs/reachability/function-level-evidence.md` | Ingest reachability facts into Policy Engine, expose `reachability.state/confidence` in SPL/API, enforce auto-suppress (<0.30) rules, and generate OpenVEX evidence blocks referencing graph hashes + runtime facts with policy thresholds. | GAP-DOC-008 | GAPG0101 |
| GAP-REP-004 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild | `src/__Libraries/StellaOps.Replay.Core`, `docs/replay/DETERMINISTIC_REPLAY.md` | Enforce BLAKE3 hashing + CAS registration for graphs/traces before manifest writes, upgrade replay manifest v2 with analyzer versions/policy thresholds, and add deterministic tests. | GAP-DOC-008 | GAPG0101 |
| GAP-SCAN-001 | DONE (2025-12-03) | | SPRINT_400_runtime_facts_static_callgraph_union | Scanner Guild · GAP Guild | `src/Scanner/StellaOps.Scanner.Worker`, `docs/modules/scanner/architecture.md`, `docs/reachability/function-level-evidence.md` | Implement binary/language symbolizers that emit `richgraph-v1` payloads with canonical `SymbolID = {file:hash, section, addr, name, linkage}` plus `code_id` anchors, persist graphs to CAS via `StellaOps.Scanner.Reachability`, and refresh analyzer docs/fixtures. | GAP-POL-005 | GAPG0101 |
| GAP-SIG-003 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Security Guild · GAP Guild | `src/Signals/StellaOps.Signals`, `docs/reachability/function-level-evidence.md` | Finish `/signals/runtime-facts` ingestion, add CAS-backed runtime storage, extend scoring to lattice states (`Unknown/NotPresent/Unreachable/Conditional/Reachable/Observed`), and emit `signals.fact.updated` events. Document retention/RBAC. | GAP-POL-005 | GAPG0101 |
| GAP-SYM-007 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild | `src/Scanner/StellaOps.Scanner.Models`, `docs/modules/scanner/architecture.md`, `docs/reachability/function-level-evidence.md` | Extend reachability evidence schema/DTOs with demangled symbol hints, `symbol.source`, confidence, and optional `code_block_hash`; ensure Scanner SBOM/evidence writers and CLI serializers emit the new fields deterministically. | GAP-SIG-003 | GAPG0101 |
| GAP-VEX-006 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | VEX Guild | `docs/modules/excititor/architecture.md`, `src/Cli/StellaOps.Cli`, `src/UI/StellaOps.UI`, `docs/09_API_CLI_REFERENCE.md` | Wire Policy/Excititor/UI/CLI surfaces so VEX emission and explain drawers show call paths, graph hashes, and runtime hits; add CLI `--evidence=graph`/`--threshold` plus Notify template updates. | GAP-POL-005 | GAPG0101 |
| GAP-ZAS-002 | TODO | | SPRINT_400_runtime_facts_static_callgraph_union | Zastava Guild | `src/Zastava/StellaOps.Zastava.Observer`, `docs/modules/zastava/architecture.md`, `docs/reachability/function-level-evidence.md` | Stream runtime NDJSON batches carrying `{symbol_id, code_id, hit_count, loader_base}` plus CAS URIs, capture build-ids/entrypoints, and draft the operator runbook (`docs/runbooks/reachability-runtime.md`). Integrate with `/signals/runtime-facts` once Sprint401 lands ingestion. | GAP-SCAN-001 | GAPG0101 |
| GO-32-001 | DONE | | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (`src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go`) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | DOOR0102 APIs | DOOR0102 APIs | GOSD0101 |
| GO-32-002 | DONE | | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | GO-32-001 | GO-32-001 | GOSD0101 |
| GO-33-001 | DONE | | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | GO-32-002 | GO-32-002 | GOSD0101 |
| GO-33-002 | DONE | | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | GO-33-001 | GO-33-001 | GOSD0101 |
| GO-34-001 | DONE | | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | GO-33-002 | GO-33-002 | GOSD0101 |
| GRAPH-21-001 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner WebService Guild | src/Scanner/StellaOps.Scanner.WebService | Link-Not-Merge schema | Link-Not-Merge schema | GRSC0101 |
| GRAPH-21-002 | BLOCKED (2025-10-27) | 2025-10-27 | SPRINT_113_concelier_ii | Concelier Core Guild · Scanner Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | GRAPH-21-001 | GRAPH-21-001 | GRSC0101 |
| GRAPH-21-003 | TODO | 2025-10-27 | SPRINT_0213_0001_0002_web_ii | Scanner WebService Guild | src/Web/StellaOps.Web | GRAPH-21-001 | GRAPH-21-001 | GRSC0101 |
| GRAPH-21-004 | TODO | 2025-10-27 | SPRINT_0213_0001_0002_web_ii | Scanner WebService Guild | src/Web/StellaOps.Web | GRAPH-21-002 | GRAPH-21-002 | GRSC0101 |
| GRAPH-21-005 | BLOCKED (2025-10-27) | 2025-10-27 | SPRINT_0120_0001_0002_excititor_ii | Excititor Storage Guild | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo | GRAPH-21-002 | GRAPH-21-002 | GRSC0101 |
| GRAPH-24-001 | TODO | | SPRINT_0209_0001_0001_ui_i | UI Guild (`src/UI/StellaOps.UI`) | src/UI/StellaOps.UI | GRSC0101 outputs | GRSC0101 outputs | GRUI0101 |
| GRAPH-24-002 | TODO | | SPRINT_0209_0001_0001_ui_i | UI Guild | src/UI/StellaOps.UI | GRAPH-24-001 | GRAPH-24-001 | GRUI0101 |
| GRAPH-24-003 | TODO | | SPRINT_0209_0001_0001_ui_i | UI Guild | src/UI/StellaOps.UI | GRAPH-24-001 | GRAPH-24-001 | GRUI0101 |
| GRAPH-24-004 | TODO | | SPRINT_0209_0001_0001_ui_i | UI Guild | src/UI/StellaOps.UI | GRAPH-24-002 | GRAPH-24-002 | GRUI0101 |
| GRAPH-24-005 | TODO | | SPRINT_0304_0001_0004_docs_tasks_md_iv | UI Guild | | GRAPH-24-003 | GRAPH-24-003 | GRUI0101 |
| GRAPH-24-006 | TODO | | SPRINT_0209_0001_0001_ui_i | UI Guild | src/UI/StellaOps.UI | GRAPH-24-004 | GRAPH-24-004 | GRUI0101 |
| GRAPH-24-007 | TODO | | SPRINT_0304_0001_0004_docs_tasks_md_iv | UI Guild | | GRAPH-24-005 | GRAPH-24-005 | GRUI0101 |
| GRAPH-24-101 | TODO | | SPRINT_113_concelier_ii | UI Guild | src/Concelier/StellaOps.Concelier.WebService | GRAPH-24-001 | GRAPH-24-001 | GRUI0101 |
| GRAPH-24-102 | TODO | | SPRINT_0120_0001_0002_excititor_ii | UI Guild | src/Excititor/StellaOps.Excititor.WebService | GRAPH-24-101 | GRAPH-24-101 | GRUI0101 |
| GRAPH-28-102 | TODO | | SPRINT_113_concelier_ii | Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | GRAPI0101 |
| GRAPH-API-28-001 | DONE (2025-11-24) | 2025-11-24 | SPRINT_0207_0001_0001_graph | Graph API Guild (src/Graph/StellaOps.Graph.Api) | src/Graph/StellaOps.Graph.Api | Define OpenAPI + JSON schema for graph search/query/paths/diff/export endpoints, including cost metadata and streaming tile schema. | — | ORGR0101 |
| GRAPH-API-28-002 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0207_0001_0001_graph | Graph API Guild (src/Graph/StellaOps.Graph.Api) | src/Graph/StellaOps.Graph.Api | Implement `/graph/search` with multi-type index lookup, prefix/exact match, RBAC enforcement, and result ranking + caching. Dependencies: GRAPH-API-28-001. | — | ORGR0101 |
| GRAPH-API-28-003 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0207_0001_0001_graph | Graph API Guild (src/Graph/StellaOps.Graph.Api) | src/Graph/StellaOps.Graph.Api | Build query planner + cost estimator for `/graph/query`, stream tiles (nodes/edges/stats) progressively, enforce budgets, provide cursor tokens. Dependencies: GRAPH-API-28-002. | — | ORGR0101 |
| GRAPH-API-28-004 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0207_0001_0001_graph | Graph API Guild (src/Graph/StellaOps.Graph.Api) | src/Graph/StellaOps.Graph.Api | Implement `/graph/paths` with depth ≤6, constraint filters, heuristic shortest path search, and optional policy overlay rendering. Dependencies: GRAPH-API-28-003. | — | ORGR0101 |
| GRAPH-API-28-005 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0207_0001_0001_graph | Graph API Guild (src/Graph/StellaOps.Graph.Api) | src/Graph/StellaOps.Graph.Api | Implement `/graph/diff` streaming added/removed/changed nodes/edges between SBOM snapshots; include overlay deltas and policy/VEX/advisory metadata. Dependencies: GRAPH-API-28-004. | — | ORGR0101 |
| GRAPH-API-28-006 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0207_0001_0001_graph | Graph API Guild (src/Graph/StellaOps.Graph.Api) | src/Graph/StellaOps.Graph.Api | Consume Policy Engine overlay contract (`POLICY-ENGINE-30-001..003`) and surface advisory/VEX/policy overlays with caching, partial materialization, and explain trace sampling for focused nodes. Dependencies: GRAPH-API-28-005. | — | ORGR0101 |
| GRAPH-API-28-007 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0207_0001_0001_graph | Graph API Guild (`src/Graph/StellaOps.Graph.Api`) | src/Graph/StellaOps.Graph.Api | Implement exports (`graphml`, `csv`, `ndjson`, `png`, `svg`) with async job management, checksum manifests, and streaming downloads. Dependencies: GRAPH-API-28-006. | ORGR0101 outputs | GRAPI0101 |
| GRAPH-API-28-008 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0207_0001_0001_graph | Graph API + Authority Guilds | src/Graph/StellaOps.Graph.Api | Integrate RBAC scopes (`graph:read`, `graph:query`, `graph:export`), tenant headers, audit logging, and rate limiting. Dependencies: GRAPH-API-28-007. | GRAPH-API-28-007 | GRAPI0101 |
| GRAPH-API-28-009 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0207_0001_0001_graph | Graph API + Observability Guilds | src/Graph/StellaOps.Graph.Api | Instrument metrics (`graph_tile_latency_seconds`, `graph_query_budget_denied_total`, `graph_overlay_cache_hit_ratio`), structured logs, and traces per query stage; publish dashboards. Dependencies: GRAPH-API-28-008. | GRAPH-API-28-007 | GRAPI0101 |
| GRAPH-API-28-010 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Build unit/integration/load tests with synthetic datasets (500k nodes/2M edges), fuzz query validation, verify determinism across runs. Dependencies: GRAPH-API-28-009. | GRAPH-API-28-008 | GRAPI0101 |
| GRAPH-API-28-011 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Provide deployment manifests, offline kit support, API gateway integration docs, and smoke tests. Dependencies: GRAPH-API-28-010. | GRAPH-API-28-009 | GRAPI0101 |
| GRAPH-CAS-401-001 | BLOCKED (2025-11-27) | Await richgraph-v1 schema + CAS layout | SPRINT_0401_0001_0001_reachability_evidence_chain | Scanner Worker Guild | `src/Scanner/StellaOps.Scanner.Worker` | Finalize richgraph schema (`richgraph-v1`), emit canonical SymbolIDs, compute graph hash (BLAKE3), and store CAS manifests under `cas://reachability/graphs/{sha256}`. Update Scanner Worker adapters + fixtures. | Depends on #1 | CASC0101 |
| GRAPH-DOCS-0001 | DONE (2025-11-05) | 2025-11-05 | SPRINT_321_docs_modules_graph | Docs Guild | docs/modules/graph | Validate that graph module README/diagrams reflect the latest overlay + snapshot updates. | GRAPI0101 evidence | GRDG0101 |
| GRAPH-DOCS-0002 | DONE (2025-11-26) | 2025-11-26 | SPRINT_321_docs_modules_graph | Docs Guild | docs/modules/graph | Pending DOCS-GRAPH-24-003 to add API/query doc cross-links | GRAPI0101 outputs | GRDG0101 |
| GRAPH-ENG-0001 | TODO | | SPRINT_321_docs_modules_graph | Module Team | docs/modules/graph | Keep module milestones in sync with `/docs/implplan/SPRINT_141_graph.md` and related files. | GRSC0101 | GRDG0101 |
| GRAPH-INDEX-28-007 | DOING | | SPRINT_0140_0001_0001_runtime_signals | — | | Running on scanner surface mock bundle v1; will validate again once real caches drop. | — | ORGR0101 |
| GRAPH-INDEX-28-008 | TODO | | SPRINT_0140_0001_0001_runtime_signals | — | | Incremental update/backfill pipeline depends on 28-007 artifacts; retry/backoff plumbing sketched but blocked. | — | ORGR0101 |
| GRAPH-INDEX-28-009 | TODO | | SPRINT_0140_0001_0001_runtime_signals | — | | Test/fixture/chaos coverage waits on earlier jobs to exist so determinism checks have data. | — | ORGR0101 |
| GRAPH-INDEX-28-010 | TODO | | SPRINT_0140_0001_0001_runtime_signals | — | | Packaging/offline bundles paused until upstream graph jobs are available to embed. | — | ORGR0101 |
| GRAPH-INDEX-28-011 | TODO | 2025-11-04 | SPRINT_0207_0001_0001_graph | Graph Index Guild | src/Graph/StellaOps.Graph.Indexer | Wire SBOM ingest runtime to emit graph snapshot artifacts, add DI factory helpers, and document Mongo/snapshot environment guidance. Dependencies: GRAPH-INDEX-28-002..006. | GRSC0101 outputs | GRIX0101 |
| GRAPH-OPS-0001 | DONE (2025-11-26) | 2025-11-26 | SPRINT_321_docs_modules_graph | Ops Guild | docs/modules/graph | Review graph observability dashboards/runbooks after the next sprint demo. | GRUI0101 | GRDG0101 |
| HELM-45-001 | TODO | | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild (ops/deployment) | ops/deployment | | | GRIX0101 |
| HELM-45-002 | TODO | | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment Guild, Security Guild (ops/deployment) | ops/deployment | Add TLS/Ingress, NetworkPolicy, PodSecurityContexts, Secrets integration (external secrets), and document security posture. Dependencies: HELM-45-001. | | GRIX0101 |
| HELM-45-003 | TODO | | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment Guild, Observability Guild (ops/deployment) | ops/deployment | Implement HPA, PDB, readiness gates, Prometheus scraping annotations, OTel configuration hooks, and upgrade hooks. Dependencies: HELM-45-002. | | GRIX0101 |
| ICSCISA-02-012 | BLOCKED | | SPRINT_0503_0001_0001_ops_devops_i | Concelier Feed Owners (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | src/Concelier/__Libraries/StellaOps.Concelier.Core | FEED-REMEDIATION-1001 | FEED-REMEDIATION-1001 | CCFD0101 |
| IMP-56-001 | TODO | | SPRINT_510_airgap | AirGap Importer Guild | src/AirGap/StellaOps.AirGap.Importer | Harden base importer pipeline. | EXAG0101 | GRIX0101 |
| IMP-56-002 | TODO | | SPRINT_510_airgap | AirGap Importer + Security Guilds | src/AirGap/StellaOps.AirGap.Importer | IMP-56-001 | IMP-56-001 | IMIM0101 |
| IMP-57-001 | TODO | | SPRINT_510_airgap | AirGap Importer Guild | src/AirGap/StellaOps.AirGap.Importer | IMP-56-002 | IMP-56-002 | IMIM0101 |
| IMP-57-002 | TODO | | SPRINT_510_airgap | AirGap Importer + DevOps Guilds | src/AirGap/StellaOps.AirGap.Importer | IMP-57-001 | IMP-57-001 | IMIM0101 |
| IMP-58-001 | TODO | | SPRINT_510_airgap | AirGap Importer + CLI Guilds | src/AirGap/StellaOps.AirGap.Importer | IMP-57-002 | IMP-57-002 | IMIM0101 |
| IMP-58-002 | TODO | | SPRINT_510_airgap | AirGap Importer + Observability Guilds | src/AirGap/StellaOps.AirGap.Importer | IMP-58-001 | IMP-58-001 | IMIM0101 |
| IMPACT-16-001 | TODO | | SPRINT_512_bench | Bench Guild (`src/Bench/StellaOps.Bench`) | src/Bench/StellaOps.Bench | Harden impact scoring + fixtures. | GRSC0101 outputs | IMIM0101 |
| IMPACT-16-303 | DONE | | SPRINT_0155_0001_0001_scheduler_i | Scheduler ImpactIndex Guild (`src/Scheduler/__Libraries/StellaOps.Scheduler.ImpactIndex`) | src/Scheduler/__Libraries/StellaOps.Scheduler.ImpactIndex | IMPACT-16-001 | IMPACT-16-001 | IMPT0101 |
| INDEX-28-007 | TODO | | SPRINT_0140_0001_0001_runtime_signals | Graph Index Guild | src/Graph/StellaOps.Graph.Indexer | GRAPH-INDEX-28-011 | GRAPH-INDEX-28-011 | GRIX0101 |
| INDEX-28-008 | TODO | | SPRINT_0140_0001_0001_runtime_signals | Graph Index Guild | src/Graph/StellaOps.Graph.Indexer | INDEX-28-007 | INDEX-28-007 | GRIX0101 |
| INDEX-28-009 | TODO | | SPRINT_0140_0001_0001_runtime_signals | Graph Index Guild | src/Graph/StellaOps.Graph.Indexer | INDEX-28-008 | INDEX-28-008 | GRIX0101 |
| INDEX-28-010 | TODO | | SPRINT_0140_0001_0001_runtime_signals | Graph Indexer Guild (src/Graph/StellaOps.Graph.Indexer) | src/Graph/StellaOps.Graph.Indexer | | INDEX-28-009 | GRIX0101 |
| INDEX-28-011 | DONE | 2025-11-04 | SPRINT_0207_0001_0001_graph | Graph Indexer Guild (src/Graph/StellaOps.Graph.Indexer) | src/Graph/StellaOps.Graph.Indexer | | INDEX-28-010 | GRIX0101 |
| INDEX-401-030 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Platform + Ops Guilds | `docs/provenance/inline-dsse.md`, `ops/mongo/indices/events_provenance_indices.js` | Needs Ops approval for new Mongo index | Needs Ops approval for new Mongo index | RBRE0101 |
| INGEST-401-013 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Symbols Guild · DevOps Guild (`src/Symbols/StellaOps.Symbols.Ingestor.Cli`) | `src/Symbols/StellaOps.Symbols.Ingestor.Cli`, `docs/specs/SYMBOL_MANIFEST_v1.md` | Implement deterministic ingest + docs. | RBRE0101 inline DSSE | IMPT0101 |
| INLINE-401-028 | DONE | | SPRINT_0401_0001_0001_reachability_evidence_chain | Authority Guild · Feedser Guild (`docs/provenance/inline-dsse.md`, `src/__Libraries/StellaOps.Provenance.Mongo`) | `docs/provenance/inline-dsse.md`, `src/__Libraries/StellaOps.Provenance.Mongo` | | | INST0101 |
| INSTALL-44-001 | TODO | | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Ops Guild | | DOIS0101 outputs | DOIS0101 outputs | INST0101 |
| INSTALL-45-001 | TODO | | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Ops Guild | | INSTALL-44-001 | INSTALL-44-001 | INST0101 |
| INSTALL-46-001 | TODO | | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Security Guild | | INSTALL-45-001 | INSTALL-45-001 | INST0101 |
| INSTALL-50-001 | TODO | | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Support Guild | | INSTALL-44-001 | INSTALL-44-001 | INST0101 |
| KEV providers` | TODO | | SPRINT_115_concelier_iv | Concelier Core + Risk Engine Guilds (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | src/Concelier/__Libraries/StellaOps.Concelier.Core | Surface vendor-provided CVSS/KEV/fix data exactly as published (with provenance anchors) through provider APIs so risk engines can reason about upstream intent. | ICSCISA-02-012 | CCFD0101 |
| KISA-02-008 | BLOCKED | | SPRINT_0503_0001_0001_ops_devops_i | Concelier Feed Owners | | | FEED-REMEDIATION-1001 | LATC0101 |
| KMS-73-001 | DONE (2025-11-03) | 2025-11-03 | SPRINT_100_identity_signing | KMS Guild (src/__Libraries/StellaOps.Cryptography.Kms) | src/__Libraries/StellaOps.Cryptography.Kms | AWS/GCP KMS drivers landed with digest-first signing, metadata caching, config samples, and docs/tests green. | AWS/GCP KMS drivers landed with digest-first signing, metadata caching, config samples, and docs/tests green. | KMSI0102 |
| KMS-73-002 | DONE (2025-11-03) | 2025-11-03 | SPRINT_100_identity_signing | KMS Guild (src/__Libraries/StellaOps.Cryptography.Kms) | src/__Libraries/StellaOps.Cryptography.Kms | PKCS#11 + FIDO2 drivers shipped (deterministic digesting, authenticator factories, DI extensions) with docs + xUnit fakes covering sign/verify/export flows. | FIDO2 | KMSI0102 |
| LATTICE-401-023 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Scanner Guild · Policy Guild | `docs/reachability/lattice.md`, `docs/modules/scanner/architecture.md`, `src/Scanner/StellaOps.Scanner.WebService` | Update reachability/lattice docs + examples. | GRSC0101 & RBRE0101 | LEDG0101 |
| LEDGER-29-007 | DONE | 2025-11-17 | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild (`src/Findings/StellaOps.Findings.Ledger`) | src/Findings/StellaOps.Findings.Ledger | Instrument metrics | LEDGER-29-006 | PLLG0101 |
| LEDGER-29-008 | DONE | 2025-11-22 | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger + QA Guild | src/Findings/StellaOps.Findings.Ledger | Develop unit/property/integration tests, replay/restore tooling, determinism harness, and load tests at 5M findings/tenant | LEDGER-29-007 | PLLG0101 |
| LEDGER-29-009 | BLOCKED | 2025-11-17 | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger + DevOps Guild | src/Findings/StellaOps.Findings.Ledger | Provide deployment manifests | LEDGER-29-008 | PLLG0101 |
| LEDGER-34-101 | TODO | | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild | src/Findings/StellaOps.Findings.Ledger | Link orchestrator run ledger exports into Findings Ledger provenance chain, index by artifact hash, and expose audit queries | LEDGER-29-009 | PLLG0101 |
| LEDGER-AIRGAP-56 | TODO | | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger + AirGap Guilds | | AirGap ledger schema. | PLLG0102 | PLLG0102 |
| LEDGER-AIRGAP-56-001 | TODO | | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild | src/Findings/StellaOps.Findings.Ledger | Record bundle provenance (`bundle_id`, `merkle_root`, `time_anchor`) on ledger events for advisories/VEX/policies imported via Mirror Bundles | LEDGER-AIRGAP-56 | PLLG0102 |
| LEDGER-AIRGAP-56-002 | TODO | | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger + AirGap Time Guild | src/Findings/StellaOps.Findings.Ledger | Surface staleness metrics for findings and block risk-critical exports when stale beyond thresholds; provide remediation messaging | LEDGER-AIRGAP-56-001 | PLLG0102 |
| LEDGER-AIRGAP-57 | TODO | | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild · AirGap Guilds · Evidence Locker Guild | | — | — | PLLG0102 |
| LEDGER-AIRGAP-57-001 | TODO | | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild, Evidence Locker Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Link findings evidence snapshots to portable evidence bundles and ensure cross-enclave verification works | LEDGER-AIRGAP-56-002 | PLLG0102 |
| LEDGER-AIRGAP-58-001 | TODO | | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild, AirGap Controller Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Emit timeline events for bundle import impacts | LEDGER-AIRGAP-57-001 | PLLG0102 |
| LEDGER-ATTEST-73-001 | TODO | | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild, Attestor Service Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Persist pointers from findings to verification reports and attestation envelopes for explainability | — | PLLG0102 |
| LEDGER-ATTEST-73-002 | BLOCKED | | SPRINT_0121_0001_0002_policy_reasoning_blockers | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Enable search/filter in findings projections by verification result and attestation status | LEDGER-ATTEST-73-001 | PLLG0102 |
| LEDGER-EXPORT-35-001 | TODO | | SPRINT_0121_0001_0001_policy_reasoning | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Provide paginated streaming endpoints for advisories, VEX, SBOMs, and findings aligned with export filters, including deterministic ordering and provenance metadata | — | PLLG0101 |
| LEDGER-OAS-61-001 | BLOCKED | | SPRINT_0121_0001_0002_policy_reasoning_blockers | Findings Ledger Guild, API Contracts Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Expand Findings Ledger OAS to include projections, evidence lookups, and filter parameters with examples | — | PLLG0101 |
| LEDGER-OAS-61-002 | BLOCKED | | SPRINT_0121_0001_0002_policy_reasoning_blockers | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Implement `/.well-known/openapi` endpoint and ensure version metadata matches release | LEDGER-OAS-61-001 | PLLG0101 |
| LEDGER-OAS-62-001 | BLOCKED | | SPRINT_0121_0001_0002_policy_reasoning_blockers | Findings Ledger Guild, SDK Generator Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Provide SDK test cases for findings pagination, filtering, evidence links; ensure typed models expose provenance | LEDGER-OAS-61-002 | PLLG0101 |
| LEDGER-OAS-63-001 | BLOCKED | | SPRINT_0121_0001_0002_policy_reasoning_blockers | Findings Ledger Guild, API Governance Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Support deprecation headers and Notifications for retiring finding endpoints | LEDGER-OAS-62-001 | PLLG0101 |
| LEDGER-OBS-50-001 | TODO | | SPRINT_0121_0001_0001_policy_reasoning | Findings Ledger Guild, Observability Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Integrate telemetry core within ledger writer/projector services, emitting structured logs and trace spans for ledger append, projector replay, and query APIs with tenant context | — | PLLG0102 |
| LEDGER-OBS-51-001 | TODO | | SPRINT_0121_0001_0001_policy_reasoning | Findings Ledger Guild, DevOps Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Publish metrics for ledger latency, projector lag, event throughput, and policy evaluation linkage. Define SLOs | LEDGER-OBS-50-001 | PLLG0102 |
| LEDGER-OBS-52-001 | TODO | | SPRINT_0121_0001_0001_policy_reasoning | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Emit timeline events for ledger writes and projector commits | LEDGER-OBS-51-001 | PLLG0103 |
| LEDGER-OBS-53-001 | TODO | | SPRINT_0121_0001_0001_policy_reasoning | Findings Ledger Guild, Evidence Locker Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Persist evidence bundle references | LEDGER-OBS-52-001 | PLLG0103 |
| LEDGER-OBS-54-001 | TODO | | SPRINT_0121_0001_0001_policy_reasoning | Findings Ledger Guild, Provenance Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Verify attestation references for ledger-derived exports; expose `/ledger/attestations` endpoint returning DSSE verification state and chain-of-custody summary | LEDGER-OBS-53-001 | PLLG0103 |
| LEDGER-OBS-55-001 | BLOCKED | | SPRINT_0121_0001_0002_policy_reasoning_blockers | Findings Ledger Guild, DevOps Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Enhance incident mode to record additional replay diagnostics | LEDGER-OBS-54-001 | PLLG0103 |
| LEDGER-PACKS-42-001 | BLOCKED | | SPRINT_0121_0001_0002_policy_reasoning_blockers | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Provide snapshot/time-travel APIs and digestable exports for task pack simulation and CLI offline mode | — | PLLG0103 |
| LEDGER-RISK-66-001 | TODO | | SPRINT_0121_0001_0001_policy_reasoning | Findings Ledger Guild, Risk Engine Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Add schema migrations for `risk_score`, `risk_severity`, `profile_version`, `explanation_id`, and supporting indexes | — | PLLG0103 |
| LEDGER-RISK-66-002 | TODO | | SPRINT_0121_0001_0001_policy_reasoning | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Implement deterministic upsert of scoring results keyed by finding hash/profile version with history audit | LEDGER-RISK-66-001 | PLLG0103 |
| LEDGER-RISK-67-001 | TODO | | SPRINT_122_policy_reasoning | Findings Ledger Guild, Risk Engine Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Expose query APIs for scored findings with score/severity filters, pagination, and explainability links | LEDGER-RISK-66-002 | PLLG0103 |
| LEDGER-RISK-68-001 | TODO | | SPRINT_122_policy_reasoning | Findings Ledger Guild, Export Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Enable export of scored findings and simulation results via Export Center integration | LEDGER-RISK-67-001 | PLLG0103 |
| LEDGER-RISK-69-001 | TODO | | SPRINT_122_policy_reasoning | Findings Ledger Guild, Observability Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Emit metrics/dashboards for scoring latency, result freshness, severity distribution, provider gaps | LEDGER-RISK-68-001 | PLLG0103 |
| LEDGER-TEN-48-001 | TODO | | SPRINT_122_policy_reasoning | Findings Ledger Guild · Tenancy Guild | src/Findings/StellaOps.Findings.Ledger | Partition ledger tables by tenant/project, enable RLS, update queries/events, and stamp audit metadata | LEDGER-29-009 | LEDG0101 |
| LENS-ENG-0001 | TODO | | SPRINT_332_docs_modules_vex_lens | Module Team · Docs Guild | docs/modules/vex-lens | Engineering checklist. | DOVL0101 outputs | LEDG0101 |
| LENS-OPS-0001 | TODO | | SPRINT_332_docs_modules_vex_lens | Ops Guild · Docs Guild | docs/modules/vex-lens | Ops/runbook guidance. | LENS-ENG-0001 | LEDG0101 |
| LIB-401-001 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild | `src/Policy/StellaOps.PolicyDsl`, `docs/policy/dsl.md` | Update DSL library + docs. | DOAL0101 references | LEDG0101 |
| LIB-401-002 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild · CLI Guild | `tests/Policy/StellaOps.PolicyDsl.Tests`, `policy/default.dsl`, `docs/policy/lifecycle.md` | Expand tests/fixtures. | LIB-401-001 | LEDG0101 |
| LIB-401-020 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild | `src/Attestor/StellaOps.Attestation`, `src/Attestor/StellaOps.Attestor.Envelope` | Publish CAS fixtures + determinism tests. | LIB-401-002 | LEDG0101 |
| LIC-0001 | TODO | 2025-11-10 | SPRINT_0138_0001_0001_scanner_ruby_parity | Legal Guild · Docs Guild | docs/modules/scanner | Refresh license notes. | SCANNER-ENG-0016 | LEDG0101 |
| LNM-21-001 | TODO | | SPRINT_113_concelier_ii | CLI Guild (`src/Cli/StellaOps.Cli`) | src/Concelier/__Libraries/StellaOps.Concelier.Core | Implement baseline LNM CLI verb. | DOLN0101 schema | LENS0101 |
| LNM-21-002 | TODO | | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Hash verification support. | LNM-21-001 | LENS0101 |
| LNM-21-003 | TODO | | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Filtering options. | LNM-21-002 | LIBC0101 |
| LNM-21-004 | TODO | | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Multi-bundle diff. | LNM-21-003 | LIBC0101 |
| LNM-21-005 | TODO | | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Export packaging. | LNM-21-004 | LIBC0101 |
| LNM-21-101 | TODO | | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | Deterministic tests. | LNM-21-001 | LIBC0101 |
| LNM-21-102 | TODO | | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | LNM-21-101 | LNM-21-101 | LNMC0101 |
| LNM-21-103 | TODO | | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | LNM-21-102 | LNM-21-102 | LNMC0101 |
| LNM-21-201 | TODO | | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/StellaOps.Concelier.WebService | Bundle validation enhancements. | LNMC0101 outputs | LNMC0101 |
| LNM-21-202 | TODO | | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/StellaOps.Concelier.WebService | Policy linking improvements. | LNM-21-201 | LNMC0101 |
| LNM-21-203 | TODO | | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/StellaOps.Concelier.WebService | Export reporting. | LNM-21-202 | LNMC0101 |
| LNM-22-001 | TODO | | SPRINT_0202_0001_0002_cli_ii | CLI Guild | src/Cli/StellaOps.Cli | CLI/UI shared components. | DOLN0101 | LNMC0101 |
| LNM-22-002 | TODO | | SPRINT_0202_0001_0002_cli_ii | CLI Guild | src/Cli/StellaOps.Cli | Additional filters. | LNM-22-001 | LNMC0101 |
| LNM-22-003 | TODO | | SPRINT_0210_0001_0002_ui_ii | UI Guild (`src/UI/StellaOps.UI`) | src/UI/StellaOps.UI | UI ingestion view. | LNM-22-001 | LNMC0101 |
| LNM-22-004 | TODO | | SPRINT_0210_0001_0002_ui_ii | UI Guild | src/UI/StellaOps.UI | UI remediation workflow. | LNM-22-003 | IMPT0101 |
| LNM-22-005 | BLOCKED (2025-10-27) | 2025-10-27 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs + UI Guild | | Docs update for UI flows. | DOCS-LNM-22-004 | IMPT0101 |
| LNM-22-007 | TODO | | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Observability Guild | docs/modules/concelier/link-not-merge.md | Publish `/docs/observability/aggregation.md` with metrics/traces/logs/SLOs. Dependencies: DOCS-LNM-22-005. | DOCS-LNM-22-005 | DOLN0102 |
| LNM-22-008 | DONE | 2025-11-03 | SPRINT_117_concelier_vi | Docs Guild · DevOps Guild | docs/modules/concelier/link-not-merge.md | Document Link-Not-Merge migration playbook updates in `docs/migration/no-merge.md`, including rollback guidance. | LNM-22-007 | DOLN0102 |
| MIRROR-CRT-56-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator Guild | | Deterministic assembler has no owner; kickoff rescheduled to 2025-11-15. | PROGRAM-STAFF-1001 | ATMI0101 |
| MIRROR-CRT-56-002 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator · Security Guilds | | DSSE/TUF metadata follows assembler baseline. | MIRROR-CRT-56-001; MIRROR-DSSE-REV-1501; PROV-OBS-53-001 | ATMI0101 |
| MIRROR-CRT-57-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator Guild · AirGap Time Guild | | OCI/time-anchor workstreams blocked pending assembler + time contract. | MIRROR-CRT-56-001; AIRGAP-TIME-CONTRACT-1501; AIRGAP-TIME-57-001 | ATMI0101 |
| MIRROR-CRT-57-002 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator Guild · AirGap Time Guild | | MIRROR-CRT-56-001; AIRGAP-TIME-CONTRACT-1501; AIRGAP-TIME-57-001 | MIRROR-CRT-56-001; AIRGAP-TIME-CONTRACT-1501; AIRGAP-TIME-57-001 | ATMI0101 |
| MIRROR-CRT-58-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator Guild · CLI Guild · Exporter Guild | | CLI + Export automation depends on assembler and DSSE/TUF track. | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | ATMI0101 |
| MIRROR-CRT-58-002 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator Guild · CLI Guild · Exporter Guild | | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | ATMI0101 |
| MTLS-11-002 | DONE | 2025-11-08 | SPRINT_100_identity_signing | Authority Core & Security Guild | src/Authority/StellaOps.Authority | Refresh grants enforce original client cert, tokens persist `x5t#S256` metadata, docs updated. | AUTH-DPOP-11-001 | AUIN0102 |
| NATIVE-401-015 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Scanner Worker Guild | `src/Scanner/__Libraries/StellaOps.Scanner.Symbols.Native`, `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph.Native` | Bootstrap Symbols.Native + CallGraph.Native scaffolding and coverage fixtures. | Needs replay requirements from DORR0101 | SCNA0101 |
| NOTIFY-38-001 | TODO | | SPRINT_0214_0001_0001_web_iii | BE-Base Platform Guild | src/Web/StellaOps.Web | Route approval/rule APIs through Web gateway with tenant scopes. | Wait for NOTY0103 approval payload schema | NOWB0101 |
| NOTIFY-39-001 | TODO | | SPRINT_0214_0001_0001_web_iii | BE-Base Platform Guild | src/Web/StellaOps.Web | Surface digest/simulation/quiet-hour controls in Web tier. | Needs correlation outputs from NOTY0105 | NOWB0101 |
| NOTIFY-40-001 | TODO | | SPRINT_0202_0001_0002_cli_ii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement escalations + ack workflows, localization previews, and channel health checks. | NOTIFY-39-001 | NOWC0101 |
| NOTIFY-AIRGAP-56-002 | DONE | | SPRINT_0170_0001_0001_notifications_telemetry | Notifications Service Guild · DevOps Guild | src/Notify/StellaOps.Notify | Ship AirGap-ready notifier bundles (Helm overlays, secrets templates, rollout guide). | MIRROR-CRT-56-001 | NOIA0101 |
| NOTIFY-ATTEST-74-001 | DOING | | SPRINT_0170_0001_0001_notifications_telemetry | Notifications Service Guild · Attestor Service Guild | src/Notify/StellaOps.Notify | Create attestor-driven notification templates + schema docs; publish in `/docs/notifications/templates.md`. | ATEL0101 | NOIA0101 |
| NOTIFY-ATTEST-74-002 | DOING | | SPRINT_0170_0001_0001_notifications_telemetry | Notifications Service Guild | src/Notify/StellaOps.Notify | Wire attestor DSSE payload ingestion + Task Runner callbacks for attestation verdicts. | NOTIFY-ATTEST-74-001 | NOIA0101 |
| NOTIFY-DOC-70-001 | DONE | | SPRINT_0170_0001_0001_notifications_telemetry | Notifications Service Guild · DevOps Guild | docs/modules/notify | Keep as reference for documentation/offline-kit parity. | NOTIFY-AIRGAP-56-002 | DONO0102 |
| NOTIFY-DOCS-0001 | DONE | 2025-11-05 | SPRINT_0322_0001_0001_docs_modules_notify | Docs Guild | docs/modules/notify | Validate module README reflects Notifications Studio pivot and latest release notes. | NOTIFY-DOC-70-001 | DONO0102 |
| NOTIFY-DOCS-0002 | TODO | 2025-11-05 | SPRINT_0322_0001_0001_docs_modules_notify | Docs Guild | docs/modules/notify | Pending NOTIFY-SVC-39-001..004 to document correlation/digests/simulation/quiet hours. | NOTIFY-SVC-39-004 | DONO0102 |
| NOTIFY-ENG-0001 | TODO | | SPRINT_0322_0001_0001_docs_modules_notify | Module Team | docs/modules/notify | Keep implementation milestones aligned with `/docs/implplan/SPRINT_0171_0001_0001_notifier_i.md` onward. | NOTY0103 | DONO0102 |
| NOTIFY-OAS-61-001 | DONE (2025-11-17) | | SPRINT_0171_0001_0001_notifier_i | Notifications Service Guild · API Governance Guild | docs/api/notifications | Update OpenAPI doc set (rule/incident endpoints) with new schemas + changelog. | NOTY0103 | NOOA0101 |
| NOTIFY-OAS-61-002 | DONE (2025-11-17) | | SPRINT_0171_0001_0001_notifier_i | Notifications Service Guild · SDK Guild | docs/api/notifications | Provide SDK usage examples for rule CRUD, incident ack, and quiet hours; ensure SDK smoke tests. | NOTIFY-OAS-61-001 | NOOA0101 |
| NOTIFY-OAS-62-001 | DONE (2025-11-17) | | SPRINT_0171_0001_0001_notifier_i | Notifications Service Guild · Developer Portal Guild | docs/api/notifications | Publish `/docs/api/reference/notifications` auto-generated site; integrate with portal nav. | NOTIFY-OAS-61-002 | NOOA0101 |
| NOTIFY-OAS-63-001 | DONE (2025-11-17) | | SPRINT_0171_0001_0001_notifier_i | Notifications Service Guild · SDK Generator Guild | docs/api/notifications | Provide CLI/UI quickstarts plus recipes referencing new endpoints. | NOTIFY-OAS-61-002 | NOOA0101 |
| NOTIFY-OBS-51-001 | DONE (2025-11-22) | | SPRINT_0171_0001_0001_notifier_i | Notifications Service Guild · Observability Guild | src/Notifier/StellaOps.Notifier | Integrate SLO evaluator webhooks into Notifier rules; templates/routing/suppression; sample policies. | NOTY0104 | NOOB0101 |
| NOTIFY-OBS-55-001 | DONE (2025-11-22) | | SPRINT_0171_0001_0001_notifier_i | Notifications Service Guild · Ops Guild | src/Notifier/StellaOps.Notifier | Incident mode start/stop notifications with evidence links, retention notes, quiet-hour overrides, legal logging. | NOTIFY-OBS-51-001 | NOOB0101 |
| NOTIFY-OPS-0001 | TODO | | SPRINT_0322_0001_0001_docs_modules_notify | Ops Guild · Docs Guild | docs/modules/notify | Review notifier runbooks/observability assets after the next sprint demo and record findings. | NOTIFY-OBS-55-001 | NOOR0101 |
| NOTIFY-RISK-66-001 | BLOCKED (2025-11-22) | | SPRINT_0171_0001_0001_notifier_i | Notifications Service Guild · Risk Engine Guild · Policy Guild | src/Notifier/StellaOps.Notifier | Policy/Risk metadata export (POLICY-RISK-40-002) not yet delivered. | POLICY-RISK-40-002 | NORR0101 |
| NOTIFY-RISK-67-001 | BLOCKED (2025-11-22) | | SPRINT_0171_0001_0001_notifier_i | Notifications Service Guild · Policy Guild | src/Notifier/StellaOps.Notifier | Depends on NOTIFY-RISK-66-001. | NOTIFY-RISK-66-001 | NORR0101 |
| NOTIFY-RISK-68-001 | BLOCKED (2025-11-22) | | SPRINT_0171_0001_0001_notifier_i | Notifications Service Guild · Risk Engine Guild · Policy Guild | src/Notifier/StellaOps.Notifier | Depends on NOTIFY-RISK-67-001. | NOTIFY-RISK-67-001 | NORR0101 |
| NOTIFY-SVC-37-001 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Define pack approval & policy notification contract, including OpenAPI schema, event payloads, resume token mechanics, and security guidance. | Align payload schema with PGMI0101 + ATEL0101 decisions | NOTY0103 |
| NOTIFY-SVC-37-002 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Implement secure ingestion endpoint, Mongo persistence (`pack_approvals`), idempotent writes, and audit trail for approval events. Dependencies: NOTIFY-SVC-37-001. | NOTIFY-SVC-37-001 | NOTY0103 |
| NOTIFY-SVC-37-003 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Deliver approval/policy templates, routing predicates, and channel dispatch (email/chat/webhook) with deterministic ordering plus ack gating. | NOTIFY-SVC-37-002 | NOTY0103 |
| NOTIFY-SVC-37-004 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Provide acknowledgement API, Task Runner callback client, metrics for outstanding approvals, and SLA escalations. | NOTIFY-SVC-37-003 | NOTY0103 |
| NOTIFY-SVC-38-002 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Implement channel adapters (email, chat webhook, generic webhook) with retry policies, health checks, and audit logging. | NOTIFY-SVC-37-004 | NOTY0104 |
| NOTIFY-SVC-38-003 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Deliver template service (versioned templates, localization scaffolding) and renderer with redaction allowlists, Markdown/HTML/JSON outputs, and provenance links. | NOTIFY-SVC-38-002 | NOTY0104 |
| NOTIFY-SVC-38-004 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Expose REST + WS APIs (rules CRUD, templates preview, incidents list, ack) with audit logging, RBAC checks, and live feed stream. | NOTIFY-SVC-38-003 | NOTY0104 |
| NOTIFY-SVC-39-001 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Implement correlation engine with pluggable key expressions/windows, throttler (token buckets), quiet hours/maintenance evaluator, and incident lifecycle. | NOTIFY-SVC-38-004 | NOTY0105 |
| NOTIFY-SVC-39-002 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Build digest generator (queries, formatting) with schedule runner and distribution manifests. | NOTIFY-SVC-39-001 | NOTY0105 |
| NOTIFY-SVC-39-003 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Provide simulation engine/API to dry-run rules against historical events, returning correlation explanations. | NOTIFY-SVC-39-002 | NOTY0105 |
| NOTIFY-SVC-39-004 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Integrate quiet hour calendars and throttles with audit logging plus operator overrides. | NOTIFY-SVC-39-003 | NOTY0105 |
| NOTIFY-SVC-40-001 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Implement escalations + on-call schedules, ack bridge, PagerDuty/OpsGenie adapters, and CLI/in-app inbox channels. Dependencies: NOTIFY-SVC-39-004. | NOTIFY-SVC-39-004 | NOTY0106 |
| NOTIFY-SVC-40-002 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Add summary storm breaker notifications, localization bundles, and localization fallback handling. | NOTIFY-SVC-40-001 | NOTY0106 |
| NOTIFY-SVC-40-003 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Harden security: signed ack links (KMS), webhook HMAC/IP allowlists, tenant isolation fuzz tests, HTML sanitization. | NOTIFY-SVC-40-002 | NOTY0106 |
| NOTIFY-SVC-40-004 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Finalize observability (metrics/traces for escalations, latency), dead-letter handling, chaos tests for channel outages, and retention policies. | NOTIFY-SVC-40-003 | NOTY0106 |
| NOTIFY-TEN-48-001 | TODO | | SPRINT_0173_0001_0003_notifier_iii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Tenant-scope rules/templates/incidents, RLS on storage, tenant-prefixed channels, and inclusion of tenant context in notifications. | NOTIFY-SVC-40-004 | NOTY0107 |
| OAS-61 | TODO | | SPRINT_160_export_evidence | Exporter Service + API Governance + SDK Guilds | docs/api/oas | Define platform-wide OpenAPI governance + release checklist. | PGMI0101 | DOOA0103 |
| OAS-61-001 | DOING | | SPRINT_0170_0001_0001_notifications_telemetry | API Governance Guild | docs/api/oas | Draft spec updates + changelog text. | OAS-61 | DOOA0103 |
| OAS-61-002 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Align Link-Not-Merge endpoints with new pagination/idempotency rules. | OAS-61 | COAS0101 |
| OAS-61-003 | TODO | | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · API Governance Guild | docs/api/oas | Publish `/docs/api/versioning.md` describing SemVer, deprecation headers, migration playbooks. | OAS-61 | DOOA0103 |
| OAS-62 | TODO | | SPRINT_160_export_evidence | Exporter + API Gov + SDK Guilds | docs/api/oas | Document SDK/gen pipeline + offline bundle expectations. | OAS-61 | DOOA0103 |
| OAS-62-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild · SDK Generator Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Generate `/docs/api/reference/` data + integrate with SDK scaffolding. | OAS-61-002 | COAS0101 |
| OAS-62-002 | TODO | | SPRINT_0511_0001_0001_api | API Contracts Guild | src/Api/StellaOps.Api.OpenApi | Add lint rules enforcing pagination, idempotency headers, naming conventions, and example coverage. | OAS-62-001 | AOAS0101 |
| OAS-63 | TODO | | SPRINT_160_export_evidence | Exporter + API Gov + SDK Guilds | docs/api/oas | Define discovery endpoint strategy + lifecycle docs. | OAS-62 | DOOA0103 |
| OAS-63-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild · API Governance Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Add `.well-known/openapi` metadata/discovery hints. | OAS-62-001 | COAS0101 |
| OBS-50-001 | DOING | | SPRINT_0170_0001_0001_notifications_telemetry | Telemetry Core Guild | src/Telemetry/StellaOps.Telemetry.Core | Implement structured logging, trace propagation, and scrub policies for core services. | TLTY0101 | TLTY0102 |
| OBS-50-002 | DOING | | SPRINT_0170_0001_0001_notifications_telemetry | Telemetry Core Guild | src/Telemetry/StellaOps.Telemetry.Core | Roll out Helm/collector bundles plus validation tests and DSSE artefacts for telemetry exporters. | OBS-50-001 | TLTY0102 |
| OBS-50-003 | TODO | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · Observability Guild | docs/observability | Publish `/docs/observability/collector-deploy.md` with telemetry baseline + offline flows. | OBS-50-001 | DOOB0102 |
| OBS-50-004 | TODO | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · Observability Guild | docs/observability | Document scrub policy/SOPs (`/docs/observability/scrub-policy.md`). | OBS-50-003 | DOOB0102 |
| OBS-51-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | ops/devops/telemetry | Build shared SLO bus (queue depth, time-anchor drift) feeding exporter/CLI dashboards. | PROGRAM-STAFF-1001 | OBAG0101 |
| OBS-51-002 | TODO | | SPRINT_0170_0001_0001_notifications_telemetry | Telemetry Core Guild · Observability Guild | ops/devops/telemetry | Run shadow-mode evaluators + roll metrics into collectors + alert webhooks. | OBS-51-001 | OBAG0101 |
| OBS-52-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Emit ingest latency, queue depth, and AOC violation metrics with burn-rate alerts. | ATLN0101 | CNOB0103 |
| OBS-52-002 | TODO | | SPRINT_160_export_evidence | Timeline Indexer Guild | src/Timeline/StellaOps.TimelineIndexer | Configure streaming pipeline (retention/backpressure) for timeline events. | OBS-52-001 | TLIX0101 |
| OBS-52-003 | TODO | | SPRINT_160_export_evidence | Timeline Indexer Guild | src/Timeline/StellaOps.TimelineIndexer | Add CI validation + schema enforcement for timeline events. | OBS-52-002 | TLIX0101 |
| OBS-52-004 | TODO | | SPRINT_160_export_evidence | Timeline Indexer + Security Guilds | src/Timeline/StellaOps.TimelineIndexer | Harden streaming pipeline with auth/encryption + DSSE proofs. | OBS-52-003 | TLIX0101 |
| OBS-53-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | ops/devops/telemetry | Establish provenance SLO signals + exporter hooks. | PROGRAM-STAFF-1001 | PROB0102 |
| OBS-53-002 | TODO | | SPRINT_0513_0001_0001_provenance | Provenance + Security Guild | src/Provenance/StellaOps.Provenance.Attestation | Add attestation metrics + scrubbed logs referencing DSSE bundles. | OBS-53-001 | PROB0102 |
| OBS-53-003 | TODO | | SPRINT_0513_0001_0001_provenance | Provenance Guild | src/Provenance/StellaOps.Provenance.Attestation | Ship dashboards/tests proving attestation observability. | OBS-53-002 | PROB0102 |
| OBS-54-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild · Provenance Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Needs shared exporter from 1039_EXPORT-OBS-54-001 | Needs shared exporter from 1039_EXPORT-OBS-54-001 | CNOB0101 |
| OBS-54-002 | TODO | | SPRINT_161_evidencelocker | Evidence Locker Guild | src/EvidenceLocker/StellaOps.EvidenceLocker | Instrument Evidence Locker ingest/publish flows with metrics/logs + alerts. | OBS-53-002 | ELOC0102 |
| OBS-55-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core & DevOps Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Refresh ops automation/runbooks referencing new observability signals. | OBS-52-001 | CNOB0103 |
| OBS-56-001 | DONE (2025-11-27) | | SPRINT_0174_0001_0001_telemetry | Telemetry Core Guild | src/Telemetry/StellaOps.Telemetry.Core | Generate signed air-gap telemetry bundles + validation tests. | OBS-50-002 | TLTY0103 |
| OFFLINE-17-004 | BLOCKED | 2025-10-26 | SPRINT_0508_0001_0001_ops_offline_kit | Offline Kit Guild · DevOps Guild | ops/offline-kit | Repackage release-17 bundle with DSSE receipts + verification logs. | PROGRAM-STAFF-1001 | OFFK0101 |
| OFFLINE-34-006 | TODO | | SPRINT_0508_0001_0001_ops_offline_kit | Offline Kit + Orchestrator Guild | ops/offline-kit | Add orchestrator automation + docs to Offline Kit release 34. | ATMI0102 | OFFK0101 |
| OFFLINE-37-001 | TODO | | SPRINT_0508_0001_0001_ops_offline_kit | Offline Kit + Exporter Guild | ops/offline-kit | Ship export evidence bundle + checksum manifests for release 37. | EXPORT-MIRROR-ORCH-1501 | OFFK0101 |
| OFFLINE-37-002 | TODO | | SPRINT_0508_0001_0001_ops_offline_kit | Offline Kit + Notifications Guild | ops/offline-kit | Package notifier templates/channel configs for offline ops (release 37). | NOTY0103 | OFFK0101 |
| OFFLINE-CONTAINERS-46-001 | TODO | | SPRINT_0508_0001_0001_ops_offline_kit | Offline Kit + Deployment Guild | ops/offline-kit | Include container air-gap bundle, verification docs, and mirrored registry instructions. | OFFLINE-37-001 | OFFK0101 |
| OPENSSL-11-001 | TODO | 2025-11-06 | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild · Build Infra Guild | ops/devops | Rebuild OpenSSL toolchain with sovereign crypto patches + publish reproducible logs. | KMSI0102 | OPEN0101 |
| OPENSSL-11-002 | TODO | 2025-11-06 | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild · CI Guild | ops/devops | Update CI/container images with new OpenSSL packages + smoke tests. | OPENSSL-11-001 | OPEN0101 |
| OPS-0001 | DONE | 2025-11-07 | SPRINT_333_docs_modules_excititor | Ops Guild (docs/modules/excitor) | docs/modules/excitor | | | |
| OPS-ENV-01 | TODO | | SPRINT_0507_0001_0001_ops_devops_v | DevOps Guild · Scanner Guild | ops/devops | Update Helm/Compose manifests + docs to include Surface.Env variables for Scanner/Zastava. | SCSS0101 | DOPS0101 |
| OPS-SECRETS-01 | TODO | | SPRINT_0507_0001_0001_ops_devops_v | DevOps + Security Guild | ops/devops | Define secret provisioning workflow (Kubernetes, Compose, Offline Kit) for Surface.Secrets references and update runbooks. | OPS-ENV-01 | DOPS0101 |
| OPS-SECRETS-02 | TODO | | SPRINT_0507_0001_0001_ops_devops_v | DevOps + Offline Kit Guild | ops/devops | Embed Surface.Secrets bundles (encrypted) into Offline Kit packaging scripts. | OPS-SECRETS-01 | DOPS0101 |
| ORCH-32-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | — | — | ORGR0102 |
| ORCH-32-002 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | — | — | ORGR0102 |
| ORCH-33-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | — | — | ORGR0102 |
| ORCH-33-002 | TODO | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | | — | — | ORGR0102 |
| ORCH-33-003 | TODO | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | | — | — | ORGR0102 |
| ORCH-34-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | — | — | ORGR0102 |
| ORCH-34-002 | TODO | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | | — | — | ORGR0102 |
| ORCH-34-003 | TODO | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | | — | — | ORGR0102 |
| ORCH-34-004 | TODO | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | | — | — | ORGR0102 |
| ORCH-34-005 | TODO | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | | — | — | ORGR0102 |
| ORCH-AIRGAP-56-001 | BLOCKED (2025-11-19) | 2025-11-19 | SPRINT_0151_0001_0001_orchestrator_i | Orchestrator Service Guild · AirGap Policy Guild | src/Orchestrator/StellaOps.Orchestrator | Enforce job descriptors to declare network intents; flag/reject external endpoints in sealed mode before scheduling. | PREP-ORCH-AIRGAP-56-001-AWAIT-SPRINT-0120-A-A | ORAG0101 |
| ORCH-AIRGAP-56-002 | BLOCKED (2025-11-19) | 2025-11-19 | SPRINT_0151_0001_0001_orchestrator_i | Orchestrator Service Guild · AirGap Controller Guild | src/Orchestrator/StellaOps.Orchestrator | Surface sealing status and staleness in scheduling decisions; block runs when budgets are exceeded. | PREP-ORCH-AIRGAP-56-002-UPSTREAM-56-001-BLOCK | ORAG0101 |
| ORCH-AIRGAP-57-001 | BLOCKED (2025-11-19) | 2025-11-19 | SPRINT_0151_0001_0001_orchestrator_i | Orchestrator Service Guild · Mirror Creator Guild | src/Orchestrator/StellaOps.Orchestrator | Add job type `mirror.bundle` to orchestrate bundle creation in connected environments with audit + provenance outputs. | PREP-ORCH-AIRGAP-57-001-UPSTREAM-56-002-BLOCK | ORAG0101 |
| ORCH-AIRGAP-58-001 | BLOCKED (2025-11-19) | 2025-11-19 | SPRINT_0151_0001_0001_orchestrator_i | Orchestrator Service Guild · Evidence Locker Guild | src/Orchestrator/StellaOps.Orchestrator | Capture import/export operations as timeline/evidence entries, ensuring chain-of-custody for mirror + portable evidence jobs. | PREP-ORCH-AIRGAP-58-001-UPSTREAM-57-001-BLOCK | ORAG0101 |
| ORCH-OAS-61-001 | DONE (2025-11-30) | 2025-11-30 | SPRINT_0151_0001_0001_orchestrator_i | Orchestrator Service Guild · API Contracts Guild | src/Orchestrator/StellaOps.Orchestrator | Document orchestrator endpoints in per-service OAS with standardized pagination, idempotency, and error envelope examples. | PREP-ORCH-OAS-61-001-ORCHESTRATOR-TELEMETRY-C | OROA0101 |
| ORCH-OAS-61-002 | DONE (2025-11-30) | 2025-11-30 | SPRINT_0151_0001_0001_orchestrator_i | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Implement `GET /.well-known/openapi` and align version metadata with runtime build. | PREP-ORCH-OAS-61-002-DEPENDS-ON-61-001 | OROA0101 |
| ORCH-OAS-62-001 | DONE (2025-11-30) | 2025-11-30 | SPRINT_0151_0001_0001_orchestrator_i | Orchestrator Service Guild · SDK Generator Guild | src/Orchestrator/StellaOps.Orchestrator | Ensure SDK paginators/operations support orchestrator job APIs; add SDK smoke tests for schedule/retry (pack-run). | PREP-ORCH-OAS-62-001-DEPENDS-ON-61-002 | OROA0101 |
| ORCH-OAS-63-001 | DONE (2025-11-30) | 2025-11-30 | SPRINT_0151_0001_0001_orchestrator_i | Orchestrator Service Guild · API Governance Guild | src/Orchestrator/StellaOps.Orchestrator | Emit deprecation headers and documentation for legacy orchestrator endpoints; update notifications metadata. | PREP-ORCH-OAS-63-001-DEPENDS-ON-62-001 | OROA0101 |
| ORCH-OBS-50-001 | BLOCKED (2025-11-19) | 2025-11-19 | SPRINT_0151_0001_0001_orchestrator_i | Orchestrator Service Guild · Observability Guild | src/Orchestrator/StellaOps.Orchestrator | Wire `StellaOps.Telemetry.Core` into orchestrator host, instrument schedulers and control APIs with trace spans, structured logs, and exemplar metrics; ensure tenant/job metadata is recorded for every span/log. | PREP-ORCH-OBS-50-001-TELEMETRY-CORE-SPRINT-01 | OROB0101 |
| ORCH-OBS-51-001 | BLOCKED (2025-11-19) | 2025-11-19 | SPRINT_0151_0001_0001_orchestrator_i | Orchestrator Service Guild · DevOps Guild | src/Orchestrator/StellaOps.Orchestrator | Publish golden-signal metrics (dispatch latency, queue depth, failure rate), define job/tenant SLOs, and emit burn-rate alerts to collector + Notifications; provide Grafana dashboards + alert rules. | PREP-ORCH-OBS-51-001-DEPENDS-ON-50-001-TELEME | OROB0101 |
| ORCH-OBS-52-001 | BLOCKED (2025-11-19) | 2025-11-19 | SPRINT_0151_0001_0001_orchestrator_i | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Emit `timeline_event` objects for job lifecycle (`job.scheduled`, `job.started`, `job.completed`, `job.failed`) including trace IDs, run IDs, tenant/project, and causal metadata; add contract tests and Kafka/NATS emitter with retries. | PREP-ORCH-OBS-52-001-DEPENDS-ON-51-001-REQUIR | OROB0101 |
| ORCH-OBS-53-001 | BLOCKED (2025-11-19) | 2025-11-19 | SPRINT_0151_0001_0001_orchestrator_i | Orchestrator Service Guild · Evidence Locker Guild | src/Orchestrator/StellaOps.Orchestrator | Generate job capsule inputs for evidence locker (payload digests, worker image, config hash, log manifest) and invoke locker snapshot hooks on completion/failure; enforce redaction guard. | PREP-ORCH-OBS-53-001-DEPENDS-ON-52-001-EVIDEN | OROB0101 |
| ORCH-OBS-54-001 | BLOCKED (2025-11-19) | 2025-11-19 | SPRINT_0151_0001_0001_orchestrator_i | Orchestrator Service Guild · Provenance Guild | src/Orchestrator/StellaOps.Orchestrator | Produce DSSE attestations for orchestrator-scheduled jobs (subject = job capsule) and store references in timeline + evidence locker; provide verification endpoint `/jobs/{id}/attestation`. | PREP-ORCH-OBS-54-001-DEPENDS-ON-53-001 | OROB0101 |
| ORCH-OBS-55-001 | BLOCKED (2025-11-19) | 2025-11-19 | SPRINT_0151_0001_0001_orchestrator_i | Orchestrator Service Guild · DevOps Guild | src/Orchestrator/StellaOps.Orchestrator | Implement incident mode hooks (sampling overrides, extended retention, additional debug spans) and automatic activation on SLO burn-rate breach; emit activation/deactivation events to timeline + Notifier. | PREP-ORCH-OBS-55-001-DEPENDS-ON-54-001-INCIDE | OROB0101 |
| ORCH-SVC-32-001 | DONE (2025-11-28) | 2025-11-28 | SPRINT_0151_0001_0001_orchestrator_i | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Bootstrap service project/config and Postgres schema/migrations for `sources`, `runs`, `jobs`, `dag_edges`, `artifacts`, `quotas`, `schedules`. | — | ORSC0101 |
| ORCH-GAPS-151-016 | DOING (2025-12-01) | 2025-12-01 | SPRINT_0151_0001_0001_orchestrator_i | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Close OR1OR10 gaps from `31-Nov-2025 FINDINGS.md`: signed schemas + hashes, replay inputs.lock, heartbeat/lease governance, DAG validation, quotas/breakers, security bindings, ordered/backpressured fan-out, audit-bundle schema/verify script, SLO alerts, TaskRunner integrity (artifact/log hashing + DSSE linkage). | Schema/catalog refresh | |
| ORCH-SVC-32-002 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Implement scheduler DAG planner + job state machine. | ORCH-SVC-32-001 | ORSC0101 |
| ORCH-SVC-32-003 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Expose REST APIs (sources/runs/jobs) w/ validation + tenant scope. | ORCH-SVC-32-002 | ORSC0101 |
| ORCH-SVC-32-004 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Implement SSE/WS streams + metrics/health probes. | ORCH-SVC-32-003 | ORSC0101 |
| ORCH-SVC-32-005 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Deliver worker claim/heartbeat/progress endpoints w/ idempotency. | ORCH-SVC-32-004 | ORSC0101 |
| ORCH-SVC-33-001 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Enable `sources test` pipeline + scaffolding. | ORCH-SVC-32-005 | ORSC0102 |
| ORCH-SVC-33-002 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Implement adaptive rate limiter/concurrency caps/backpressure. | ORCH-SVC-33-001 | ORSC0102 |
| ORCH-SVC-33-003 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Add watermark/backfill manager + preview endpoint. | ORCH-SVC-33-002 | ORSC0102 |
| ORCH-SVC-33-004 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Deliver dead-letter store + replay APIs + error classifications. | ORCH-SVC-33-003 | ORSC0102 |
| ORCH-SVC-34-001 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Implement quota management APIs + SLO burn-rate tracking. | ORCH-SVC-33-004 | ORSC0102 |
| ORCH-SVC-34-002 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Build audit log + immutable run ledger export with signed manifests. | ORCH-SVC-34-001 | ORSC0103 |
| ORCH-SVC-34-003 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Execute perf/scale validation + autoscaling hooks. | ORCH-SVC-34-002 | ORSC0103 |
| ORCH-SVC-34-004 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Package orchestrator container, Helm overlays, offline bundle seeds, attestations. | ORCH-SVC-34-003 | ORSC0103 |
| ORCH-SVC-35-101 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Register `export` job type with quotas, telemetry, and worker contract hooks. | ORCH-SVC-34-004 | ORSC0103 |
| ORCH-SVC-36-101 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Capture export job distribution metadata + retention timestamps for dashboards + SSE payloads. | ORCH-SVC-35-101 | ORSC0104 |
| ORCH-SVC-37-101 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Enable scheduled export runs, retention pruning, failure alerting for export jobs. | ORCH-SVC-36-101 | ORSC0104 |
| ORCH-SVC-38-101 | DOING | | SPRINT_0153_0001_0003_orchestrator_iii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Standardize event envelope, publish failure events to notifier bus with provenance metadata. | ORCH-SVC-37-101 | ORSC0104 |
| ORCH-SVC-41-101 | TODO | | SPRINT_0153_0001_0003_orchestrator_iii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Register `pack-run` job type, persist metadata, wire Task Runner API. | ORCH-SVC-38-101 | ORSC0104 |
| ORCH-SVC-42-101 | TODO | | SPRINT_0153_0001_0003_orchestrator_iii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Stream pack run logs via SSE, enforce quotas, emit notifier events. | ORCH-SVC-41-101 | ORSC0104 |
| ORCH-TEN-48-001 | TODO | | SPRINT_0153_0001_0003_orchestrator_iii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Include tenant/project IDs in job specs + DB session context; enforce queries + reject missing metadata. | ORCH-SVC-42-101 | ORTN0101 |
| ORCH-ENG-0001 | DONE | | SPRINT_0323_0001_0001_docs_modules_orchestrator | Module Team | docs/modules/orchestrator | Keep sprint milestone alignment notes synced with latest ORSC/ORAG/OROA changes. | ORSC0104 | DOOR0103 |
| ORCH-OPS-0001 | DONE | | SPRINT_0323_0001_0001_docs_modules_orchestrator | Ops Guild | docs/modules/orchestrator | Review orchestrator runbooks/observability checklists after new demos. | ORSC0104 | DOOR0103 |
| PACKS-42-001 | TODO | | SPRINT_0121_0001_0001_policy_reasoning | Findings Ledger Guild | src/Findings/StellaOps.Findings.Ledger | Provide snapshot/time-travel APIs and digestable exports for Task Pack simulation + CLI offline mode. | PLLG0103 | PKLD0101 |
| PACKS-43-001 | DONE | 2025-11-09 | SPRINT_100_identity_signing | Packs Guild · Authority Guild | src/Authority/StellaOps.Authority | Finalized Pack release 43 (signing, release notes, artefacts). | AUTH-PACKS-41-001; TASKRUN-42-001; ORCH-SVC-42-101 | PACK0101 |
| PACKS-43-002 | TODO | | SPRINT_0508_0001_0001_ops_offline_kit | Offline Kit Guild, Packs Registry Guild (ops/offline-kit) | ops/offline-kit | Bundle packs registry artifacts, runbooks, and verification docs into Offline Kit release 43. | OFFLINE-37-001 | OFFK0101 |
| PACKS-REG-41-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0154_0001_0001_packsregistry | Packs Registry Guild | src/PacksRegistry/StellaOps.PacksRegistry | Implement registry API/storage, version lifecycle, provenance export. | ORCH-SVC-42-101 | PKRG0101 |
| PACKS-REG-42-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0154_0001_0001_packsregistry | Packs Registry Guild | src/PacksRegistry/StellaOps.PacksRegistry | Add tenant allowlists, signature rotation, audit logs, Offline Kit seed support. | PACKS-REG-41-001 | PKRG0101 |
| PACKS-REG-43-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0154_0001_0001_packsregistry | Packs Registry Guild | src/PacksRegistry/StellaOps.PacksRegistry | Implement mirroring, pack signing policies, compliance dashboards, Export Center integration. | PACKS-REG-42-001 | PKRG0101 |
| PARITY-41-001 | TODO | | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Ensure CLI HTTP client propagates `traceparent` headers for all commands, prints correlation IDs on failure, and records trace IDs in verbose logs. | NOWB0101 | CLPR0101 |
| PARITY-41-002 | TODO | | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add parity tests ensuring CLI outputs match notifier/web error formats and capture verification docs. | PARITY-41-001 | CLPR0101 |
| PLATFORM-DOCS-0001 | TODO | | SPRINT_324_docs_modules_platform | Docs Guild | docs/modules/platform | Refresh architecture/gov doc per new sprint planning rules. | execution-waves.md | DOPF0101 |
| PLATFORM-ENG-0001 | TODO | | SPRINT_324_docs_modules_platform | Module Team | docs/modules/platform | Update engineering status + AGENTS workflow references. | PLATFORM-DOCS-0001 | DOPF0101 |
| PLATFORM-OPS-0001 | TODO | | SPRINT_324_docs_modules_platform | Ops Guild | docs/modules/platform | Sync ops runbooks/outcomes with new platform charter. | PLATFORM-DOCS-0001 | DOPF0101 |
| PLG4-6 | DONE | 2025-11-08 | SPRINT_100_identity_signing | Authority Plugin Guild | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard | DSSE+docs coverage for standard plugin release. | DPO policy review | PLGN0101 |
| PLG6 | DONE | 2025-11-03 | SPRINT_100_identity_signing | Authority Plugin Guild | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard | Offline kit parity + docs refresh. | OFFK0101 bundling | PLGN0101 |
| PLG7 | DONE | 2025-11-03 | SPRINT_100_identity_signing | Authority Plugin Guild · Security Guild | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard | LDAP plugin capabilities aligned to provisioning spec. | LDAP provisioning spec | PLGN0101 |
| PLG7.IMPL-003 | DONE (2025-11-09) | 2025-11-09 | SPRINT_100_identity_signing | BE-Auth Plugin (src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard) | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard | Claims enricher + Mongo cache tests. | Claims enricher ships with DN map + regex substitutions, Mongo claims cache (TTL + capacity enforcement) wired through DI, plus unit tests covering enrichment + cache eviction. | PLGN0101 |
| PLG7.IMPL-004 | DONE (2025-11-09) | 2025-11-09 | SPRINT_100_identity_signing | BE-Auth Plugin, DevOps Guild (src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Ldap) | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Ldap | LDAP client provisioning store, capability gating, docs/tests. | LDAP plug-in now ships `clientProvisioning.*` options, a Mongo-audited `LdapClientProvisioningStore`, capability gating, and docs/tests covering LDAP writes + cache shims. | PLGN0101 |
| PLG7.IMPL-005 | DONE (2025-11-09) | 2025-11-09 | SPRINT_100_identity_signing | BE-Auth Plugin, Docs Guild (src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard) | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard | LDAP docs refresh + sample manifest updates. | LDAP plug-in docs refreshed (mutual TLS, regex mappings, cache/audit mirror guidance), sample manifest updated, Offline Kit + release notes now reference the bundled plug-in assets. | PLGN0101 |
| PLG7.IMPL-006 | DONE (2025-11-09) | 2025-11-09 | SPRINT_100_identity_signing | BE-Auth Plugin (src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Ldap) | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Ldap | LDAP bootstrap provisioning + health status + docs. | LDAP bootstrap provisioning added (write probe, Mongo audit mirror, capability downgrade + health status) with docs/tests + sample manifest updates. | PLGN0101 |
| POL-005 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild | `src/Policy/StellaOps.Policy.Engine`, `docs/modules/policy/architecture.md`, `docs/reachability/function-level-evidence.md` | Ingest reachability facts, expose `reachability.state/confidence`, auto-suppress low confidence, emit OpenVEX evidence. | GAPG0101 | PORE0101 |
| POLICY-0001 | DONE | 2025-11-10 | SPRINT_0138_0001_0001_scanner_ruby_parity | Policy Guild, Ruby Analyzer Guild (docs/modules/scanner) | docs/modules/scanner | | SCANNER-ENG-0018 | |
| POLICY-13-007 | TODO | | SPRINT_0210_0001_0002_ui_ii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | | | |
| POLICY-20-001 | TODO | | SPRINT_114_concelier_iii | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Provide batch advisory lookup APIs for Policy Engine (purl/advisory filters, tenant scopes, explain metadata). | ATLN0101 | CCPR0102 |
| POLICY-20-002 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Expand linkset builders with vendor equivalence tables, NEVRA/PURL normalization, version-range parsing. | POLICY-20-001 | CCPR0102 |
| POLICY-20-003 | TODO | | SPRINT_115_concelier_iv | Concelier Storage Guild | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | Introduce advisory selection cursors + change-stream checkpoints with offline migration scripts. | POLICY-20-002 | CCPR0102 |
| POLICY-20-004 | TODO | | SPRINT_0210_0001_0002_ui_ii | UI Guild | src/UI/StellaOps.UI | Implement Policy Studio UI surfaces wiring to new APIs (editor, simulation, dashboards). | ORSC0101 | UIPD0101 |
| POLICY-23-001 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | Add secondary indexes/materialized views (alias, severity, confidence) for fast policy lookups. | POLICY-20-003 | CCPR0102 |
| POLICY-23-002 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild, Platform Events Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | Ensure `advisory.linkset.updated` events carry idempotent IDs/confidence summaries/tenant metadata for replay. | POLICY-23-001 | CCPR0102 |
| POLICY-23-003 | TODO | | SPRINT_0210_0001_0002_ui_ii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | | | |
| POLICY-23-004 | TODO | | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | |
| POLICY-23-005 | TODO | | SPRINT_0210_0001_0002_ui_ii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | | | |
| POLICY-23-006 | TODO | | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | |
| POLICY-23-007 | TODO | | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild, DevEx/CLI Guild (docs) | | | | |
| POLICY-23-008 | TODO | | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild, Architecture Guild (docs) | | | | |
| POLICY-23-009 | TODO | | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild, DevOps Guild (docs) | | | | |
| POLICY-23-010 | TODO | | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild, UI Guild (docs) | | | | |
| POLICY-27-001 | TODO | | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement policy workspace commands (`stella policy init/edit/lint/compile/test`) with template selection, local cache, JSON output, deterministic temp dirs. | CLI-POLICY-23-006 | CLPS0101 |
| POLICY-27-002 | TODO | | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add submission/review workflow commands (`version bump`, `submit`, `review comment`, `approve`, `reject`) with reviewer assignment + changelog capture. | POLICY-27-001 | CLPS0101 |
| POLICY-27-003 | TODO | | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella policy simulate` enhancements (quick/batch, SBOM selectors, heatmap summaries, JSON/Markdown outputs). | POLICY-27-002 | CLPS0102 |
| POLICY-27-004 | TODO | | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add publish/promote/rollback/sign commands with attestation checks and canary args. | POLICY-27-003 | CLPS0102 |
| POLICY-27-005 | TODO | | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild · Docs Guild | src/Cli/StellaOps.Cli | Update CLI docs/samples for Policy Studio (JSON schemas, exit codes, CI snippets). | POLICY-27-004 | CLPS0102 |
| POLICY-27-006 | TODO | | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Update CLI policy scopes/help text to request new Policy Studio scopes and adjust regression tests. | POLICY-27-005 | CLPS0102 |
| POLICY-27-007 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild, DevEx/CLI Guild (docs) | | | | |
| POLICY-27-008 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild, Policy Registry Guild (docs) | | | | |
| POLICY-27-009 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild, Security Guild (docs) | | | | |
| POLICY-27-010 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild, Architecture Guild (docs) | | | | |
| POLICY-27-011 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild, Observability Guild (docs) | | | | |
| POLICY-27-012 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild, Ops Guild (docs) | | | | |
| POLICY-27-013 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild, Policy Guild (docs) | | | | |
| POLICY-27-014 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild, Policy Registry Guild (docs) | | | | |
| POLICY-401-026 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild · Concelier Guild (`docs/policy/dsl.md`, `docs/uncertainty/README.md`) | `docs/policy/dsl.md`, `docs/uncertainty/README.md` | | | |
| POLICY-AIRGAP-56-001 | TODO | | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild | src/Policy/StellaOps.Policy.Engine | Support policy pack imports from mirror bundles, track `bundle_id` metadata, deterministic caching. | OFFK0101 | POAI0101 |
| POLICY-AIRGAP-56-002 | TODO | | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild · Policy Studio Guild | src/Policy/StellaOps.Policy.Engine | Export policy sub-bundles with version metadata + checksums. | POLICY-AIRGAP-56-001 | POAI0101 |
| POLICY-AIRGAP-57-001 | TODO | | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild · Export Center Guild | src/Policy.StellaOps.Policy.Engine | Mirror policy pack changes into Offline Kit, produce DSSE receipts. | POLICY-AIRGAP-56-002 | POAI0101 |
| POLICY-AIRGAP-57-002 | TODO | | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild · Notifications Guild | src/Policy/StellaOps.Policy.Engine | Emit notifier events for mirror/export lifecycle. | POLICY-AIRGAP-57-001 | POAI0101 |
| POLICY-AIRGAP-58-001 | TODO | | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild · Platform Ops | docs/policy/airgap.md | Document sealed-mode policy deploy checklist + automation. | POLICY-AIRGAP-57-002 | POAI0101 |
| POLICY-AOC-19-001 | TODO | | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Add Roslyn/CI lint preventing ingestion projects from referencing Policy merge/severity helpers; block forbidden writes at compile time | | |
| POLICY-AOC-19-002 | TODO | | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild, Platform Security / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Enforce `effective_finding_*` write gate ensuring only Policy Engine identity can create/update materializations | POLICY-AOC-19-001 | |
| POLICY-AOC-19-003 | TODO | | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Update readers/processors to consume only `content.raw`, `identifiers`, and `linkset`. Remove dependencies on legacy normalized fields and refresh fixtures | POLICY-AOC-19-002 | |
| POLICY-AOC-19-004 | TODO | | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild, QA Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Add regression tests ensuring policy derived outputs remain deterministic when ingesting revised raw docs | POLICY-AOC-19-003 | |
| POLICY-ATTEST-73-001 | TODO | | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild, Attestor Service Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Introduce VerificationPolicy object: schema, persistence, versioning, and lifecycle | | |
| POLICY-ATTEST-73-002 | TODO | | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Provide Policy Studio editor with validation, dry-run simulation, and version diff | POLICY-ATTEST-73-001 | |
| POLICY-ATTEST-74-001 | TODO | | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild, Attestor Service Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Integrate verification policies into attestor verification pipeline with caching and waiver support | POLICY-ATTEST-73-002 | |
| POLICY-ATTEST-74-002 | TODO | | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild, Console Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Surface policy evaluations in Console verification reports with rule explanations | POLICY-ATTEST-74-001 | |
| POLICY-CONSOLE-23-001 | TODO | | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild, BE-Base Platform Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Optimize findings/explain APIs for Console: cursor-based pagination at scale, global filter parameters (severity bands, policy version, time window), rule trace summarization, and aggregation hints for dashboard cards. Ensure deterministic ordering and expose provenance refs | | |
| POLICY-CONSOLE-23-002 | TODO | | SPRINT_124_policy_reasoning | Policy Guild, Product Ops / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Produce simulation diff metadata | POLICY-CONSOLE-23-001 | |
| POLICY-DET-01 | TODO | | SPRINT_0209_0001_0001_ui_i | UI Guild, Policy Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | | | |
| POLICY-ENGINE-20-002 | BLOCKED | 2025-10-26 | SPRINT_124_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Build deterministic evaluator honoring lexical/priority order, first-match semantics, and safe value types (no wall-clock/network access) | PGMI0101 | PLPE0101 |
| POLICY-ENGINE-20-003 | TODO | | SPRINT_124_policy_reasoning | Policy Guild, Concelier Core Guild, Excititor Core Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement selection joiners resolving SBOM↔advisory↔VEX tuples using linksets and PURL equivalence tables, with deterministic batching | POLICY-ENGINE-20-002 | PLPE0101 |
| POLICY-ENGINE-20-004 | TODO | | SPRINT_124_policy_reasoning | Policy Guild, Platform Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Ship materialization writer that upserts into `effective_finding_{policyId}` with append-only history, tenant scoping, and trace references | POLICY-ENGINE-20-003 | PLPE0101 |
| POLICY-ENGINE-20-005 | TODO | | SPRINT_124_policy_reasoning | Policy Guild, Security Engineering / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Enforce determinism guard banning wall-clock, RNG, and network usage during evaluation via static analysis + runtime sandbox | POLICY-ENGINE-20-004 | PLPE0101 |
| POLICY-ENGINE-20-006 | TODO | | SPRINT_124_policy_reasoning | Policy Guild, Scheduler Worker Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement incremental orchestrator reacting to advisory/vex/SBOM change streams and scheduling partial policy re-evaluations | POLICY-ENGINE-20-005 | PLPE0101 |
| POLICY-ENGINE-20-007 | TODO | | SPRINT_124_policy_reasoning | Policy Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Emit structured traces/logs of rule hits with sampling controls, metrics | POLICY-ENGINE-20-006 | PLPE0101 |
| POLICY-ENGINE-20-008 | TODO | | SPRINT_124_policy_reasoning | Policy Guild, QA Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Add unit/property/golden/perf suites covering policy compilation, evaluation correctness, determinism, and SLA targets | POLICY-ENGINE-20-007 | PLPE0101 |
| POLICY-ENGINE-20-009 | TODO | | SPRINT_124_policy_reasoning | Policy Guild, Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Define Mongo schemas/indexes for `policies`, `policy_runs`, and `effective_finding_*`; implement migrations and tenant enforcement | POLICY-ENGINE-20-008 | PLPE0101 |
| POLICY-ENGINE-27-001 | TODO | | SPRINT_124_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Extend compile outputs to include rule coverage metadata, symbol table, inline documentation, and rule index for editor autocomplete; persist deterministic hashes | POLICY-ENGINE-20-009 | PLPE0101 |
| POLICY-ENGINE-27-002 | TODO | | SPRINT_124_policy_reasoning | Policy Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Enhance simulate endpoints to emit rule firing counts, heatmap aggregates, sampled explain traces with deterministic ordering, and delta summaries for quick/batch sims | POLICY-ENGINE-27-001 | PLPE0101 |
| POLICY-ENGINE-29-001 | TODO | | SPRINT_124_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement batch evaluation endpoint | POLICY-ENGINE-27-004 | PLPE0102 |
| POLICY-ENGINE-29-002 | TODO | | SPRINT_124_policy_reasoning | Policy Guild, Findings Ledger Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Provide streaming simulation API comparing two policy versions, returning per-finding deltas without writes; align determinism with Vuln Explorer simulation | POLICY-ENGINE-29-001 | PLPE0102 |
| POLICY-ENGINE-29-003 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild, SBOM Service Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Surface path/scope awareness in determinations | POLICY-ENGINE-29-002 | PLPE0102 |
| POLICY-ENGINE-29-004 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Add metrics/logs for batch evaluation | POLICY-ENGINE-29-003 | PLPE0102 |
| POLICY-ENGINE-30-001 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Define overlay contract for graph nodes/edges | POLICY-ENGINE-29-004 | PLPE0102 |
| POLICY-ENGINE-30-002 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement simulation bridge returning on-the-fly overlays for Cartographer/Graph Explorer when invoking Policy Engine simulate; ensure no writes and deterministic outputs | POLICY-ENGINE-30-001 | PLPE0102 |
| POLICY-ENGINE-30-003 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild, Scheduler Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Emit change events | POLICY-ENGINE-30-002 | PLPE0102 |
| POLICY-ENGINE-30-101 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Surface trust weighting configuration | POLICY-ENGINE-30-003 | PLPE0102 |
| POLICY-ENGINE-31-001 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Expose policy knobs for Advisory AI | POLICY-ENGINE-30-101 | PLPE0102 |
| POLICY-ENGINE-31-002 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Provide batch endpoint delivering policy context | POLICY-ENGINE-31-001 | PLPE0103 |
| POLICY-ENGINE-32-101 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Define orchestrator `policy_eval` job schema, idempotency keys, and enqueue hooks triggered by advisory/VEX/SBOM events | POLICY-ENGINE-31-002 | PLPE0103 |
| POLICY-ENGINE-33-101 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement orchestrator-driven policy evaluation workers using SDK heartbeats, respecting throttles, and emitting SLO metrics | POLICY-ENGINE-32-101 | PLPE0103 |
| POLICY-ENGINE-34-101 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Publish policy run ledger exports + SLO burn-rate metrics to orchestrator; ensure provenance chain links to Findings Ledger | POLICY-ENGINE-33-101 | PLPE0103 |
| POLICY-ENGINE-35-201 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Expose deterministic policy snapshot API and evaluated findings stream keyed by policy version for exporter consumption | POLICY-ENGINE-34-101 | PLPE0103 |
| POLICY-ENGINE-38-201 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Emit enriched policy violation events | POLICY-ENGINE-35-201 | PLPE0103 |
| POLICY-ENGINE-40-001 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild, Concelier Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Update severity/status evaluation pipelines to consume multiple source severities per linkset, supporting selection strategies | POLICY-ENGINE-38-201 | PLPE0103 |
| POLICY-ENGINE-40-002 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild, Excititor Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Accept VEX linkset conflicts and provide rationale references in effective findings; ensure explain traces cite observation IDs | POLICY-ENGINE-40-001 | PLPE0103 |
| POLICY-ENGINE-40-003 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Web Scanner Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Provide API/SDK utilities for consumers | POLICY-ENGINE-40-002 | PLPE0103 |
| POLICY-ENGINE-401-003 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild (`src/Policy/StellaOps.Policy.Engine`, `docs/modules/policy/architecture.md`) | `src/Policy/StellaOps.Policy.Engine`, `docs/modules/policy/architecture.md` | Replace in-service DSL compilation with the shared library, support both legacy `stella-dsl@1` packs and the new inline syntax, and keep determinism hashes stable. | — | PLPE0103 |
| POLICY-ENGINE-50-001 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Platform Security / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement SPL compiler: validate YAML, canonicalize, produce signed bundle, store artifact in object storage, write `policy_revisions` with AOC metadata | POLICY-ENGINE-40-003 | PLPE0104 |
| POLICY-ENGINE-50-002 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Runtime Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Build runtime evaluator executing compiled plans over advisory/vex linksets + SBOM asset metadata with deterministic caching | POLICY-ENGINE-50-001 | PLPE0104 |
| POLICY-ENGINE-50-003 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement evaluation/compilation metrics, tracing, and structured logs | POLICY-ENGINE-50-002 | PLPE0104 |
| POLICY-ENGINE-50-004 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Platform Events Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Build event pipeline: subscribe to linkset/SBOM updates, schedule re-eval jobs, emit `policy.effective.updated` events with diff metadata | POLICY-ENGINE-50-003 | PLPE0104 |
| POLICY-ENGINE-50-005 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Design and implement `policy_packs`, `policy_revisions`, `policy_runs`, `policy_artifacts` collections with indexes, TTL, and tenant scoping | POLICY-ENGINE-50-004 | PLPE0104 |
| POLICY-ENGINE-50-006 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, QA Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement explainer persistence + retrieval APIs linking decisions to explanation tree and AOC chain | POLICY-ENGINE-50-005 | PLPE0104 |
| POLICY-ENGINE-50-007 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Scheduler Worker Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Provide evaluation worker host/DI wiring and job orchestration hooks for batch re-evaluations after policy activation | POLICY-ENGINE-50-006 | PLPE0104 |
| POLICY-ENGINE-60-001 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, SBOM Service Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Maintain Redis effective decision maps per asset/snapshot for Graph overlays; implement versioning and eviction strategy | POLICY-ENGINE-50-007 | PLPE0104 |
| POLICY-ENGINE-60-002 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, BE-Base Platform Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Expose simulation bridge for Graph What-if APIs, supporting hypothetical SBOM diffs and draft policies without persisting results | POLICY-ENGINE-60-001 | PLPE0104 |
| POLICY-ENGINE-70-002 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Design and create Mongo collections | POLICY-ENGINE-60-002 | PLPE0104 |
| POLICY-ENGINE-70-003 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Runtime Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Build Redis exception decision cache | POLICY-ENGINE-70-002 | |
| POLICY-ENGINE-70-004 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Extend metrics/tracing/logging for exception application | POLICY-ENGINE-70-003 | |
| POLICY-ENGINE-70-005 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Scheduler Worker Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Provide APIs/workers hook for exception activation/expiry | POLICY-ENGINE-70-004 | |
| POLICY-ENGINE-80-001 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Signals Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Integrate reachability/exploitability inputs into evaluation pipeline | POLICY-ENGINE-70-005 | |
| POLICY-ENGINE-80-002 | BLOCKED (2025-11-26) | | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild, Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Create joining layer to read `reachability_facts` efficiently | POLICY-ENGINE-80-001 | Waiting on reachability input contract (80-001). |
| POLICY-ENGINE-80-003 | BLOCKED (2025-11-26) | | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild, Policy Editor Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Extend SPL predicates/actions to reference reachability state/score/confidence; update compiler validation | POLICY-ENGINE-80-002 | Blocked by reachability inputs/80-002. |
| POLICY-ENGINE-80-004 | TODO | | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Emit metrics | POLICY-ENGINE-80-003 | |
| POLICY-LIB-401-001 | DONE (2025-11-27) | | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild (`src/Policy/StellaOps.PolicyDsl`, `docs/policy/dsl.md`) | `src/Policy/StellaOps.PolicyDsl`, `docs/policy/dsl.md` | Extract the policy DSL parser/compiler into `StellaOps.PolicyDsl`, add the lightweight syntax (default action + inline rules), and expose `PolicyEngineFactory`/`SignalContext` APIs for reuse. | | Created StellaOps.PolicyDsl library with PolicyEngineFactory, SignalContext, tokenizer, parser, compiler, and IR serialization. |
| POLICY-LIB-401-002 | DONE (2025-11-27) | | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild, CLI Guild (`tests/Policy/StellaOps.PolicyDsl.Tests`, `policy/default.dsl`, `docs/policy/lifecycle.md`) | `tests/Policy/StellaOps.PolicyDsl.Tests`, `policy/default.dsl`, `docs/policy/lifecycle.md` | Ship unit-test harness + sample `policy/default.dsl` (table-driven cases) and wire `stella policy lint/simulate` to the shared library. | | Created test harness with 25 unit tests, sample DSL files (minimal.dsl, default.dsl), and wired stella policy lint command to PolicyDsl library. |
| POLICY-OBS-50-001 | TODO | | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild · Observability Guild | src/Policy/StellaOps.Policy.Engine | Integrate telemetry core into policy API + worker hosts, ensuring spans/logs cover compile/evaluate flows with `tenant_id`, `policy_version`, `decision_effect`, and trace IDs | Wait for telemetry schema drop (046_TLTY0101) | PLOB0101 |
| POLICY-OBS-51-001 | TODO | | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild · DevOps Guild | src/Policy/StellaOps.Policy.Engine | Emit golden-signal metrics | POLICY-OBS-50-001 | PLOB0101 |
| POLICY-OBS-52-001 | TODO | | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild | src/Policy/StellaOps.Policy.Engine | Emit timeline events `policy.evaluate.started`, `policy.evaluate.completed`, `policy.decision.recorded` with trace IDs, input digests, and rule summary. Provide contract tests and retry semantics | POLICY-OBS-51-001 | PLOB0101 |
| POLICY-OBS-53-001 | TODO | | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild · Evidence Locker Guild | src/Policy/StellaOps.Policy.Engine | Produce evaluation evidence bundles | POLICY-OBS-52-001 | PLOB0101 |
| POLICY-OBS-54-001 | TODO | | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild · Provenance Guild | src/Policy/StellaOps.Policy.Engine | Generate DSSE attestations for evaluation outputs, expose `/evaluations/{id}/attestation`, and link attestation IDs in timeline + console. Provide verification harness | POLICY-OBS-53-001 | PLOB0101 |
| POLICY-OBS-55-001 | TODO | | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild · DevOps Guild | src/Policy/StellaOps.Policy.Engine | Implement incident mode sampling overrides | POLICY-OBS-54-001 | PLOB0101 |
| POLICY-READINESS-0001 | TODO | | SPRINT_0325_0001_0001_docs_modules_policy | Policy Guild (docs/modules/policy) | docs/modules/policy | Capture policy module readiness checklist aligned with current sprint goals. | | |
| POLICY-READINESS-0002 | TODO | | SPRINT_0325_0001_0001_docs_modules_policy | Policy Guild (docs/modules/policy) | docs/modules/policy | Track outstanding prerequisites/risk items for policy releases and mirror into sprint updates. | | |
| POLICY-RISK-66-001 | DONE | 2025-11-22 | SPRINT_0127_0001_0001_policy_reasoning | Risk Profile Schema Guild / src/Policy/StellaOps.Policy.RiskProfile | src/Policy/StellaOps.Policy.RiskProfile | Develop initial JSON Schema for RiskProfile (signals, transforms, weights, severity, overrides) with validator stubs | | |
| POLICY-RISK-66-002 | DONE (2025-11-26) | | SPRINT_0127_0001_0001_policy_reasoning | Risk Profile Schema Guild / src/Policy/StellaOps.Policy.RiskProfile | src/Policy/StellaOps.Policy.RiskProfile | Implement inheritance/merge logic with conflict detection and deterministic content hashing | POLICY-RISK-66-001 | Canonicalizer/merge + digest, tests added. |
| POLICY-RISK-66-003 | BLOCKED (2025-11-26) | | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild, Risk Profile Schema Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Integrate RiskProfile schema into Policy Engine configuration, ensuring validation and default profile deployment | POLICY-RISK-66-002 | Waiting on reachability input contract (80-001) and engine config shape. |
| POLICY-RISK-66-004 | TODO | | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild, Risk Profile Schema Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Extend Policy libraries to load/save RiskProfile documents, compute content hashes, and surface validation diagnostics | POLICY-RISK-66-003 | |
| POLICY-RISK-67-001 | TODO | | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild, Risk Engine Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Trigger scoring jobs on new/updated findings via Policy Engine orchestration hooks | POLICY-RISK-66-004 | |
| POLICY-RISK-67-002 | BLOCKED (2025-11-26) | | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement profile lifecycle APIs | POLICY-RISK-67-001 | Waiting on risk profile contract + schema draft. |
| POLICY-RISK-67-003 | BLOCKED (2025-11-26) | | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Risk Engine Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Provide policy-layer APIs to trigger risk simulations and return distributions/contribution breakdowns | POLICY-RISK-67-002 | Blocked by missing risk profile schema + lifecycle API contract. |
| POLICY-RISK-68-001 | TODO | | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Policy Studio Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Provide simulation API bridging Policy Studio with risk engine; returns distributions and top movers | POLICY-RISK-67-003 | |
| POLICY-RISK-68-002 | TODO | | SPRINT_0128_0001_0001_policy_reasoning | Risk Profile Schema Guild / src/Policy/StellaOps.Policy.RiskProfile | src/Policy/StellaOps.Policy.RiskProfile | Add override/adjustment support with audit metadata and validation for conflicting rules | POLICY-RISK-68-001 | |
| POLICY-RISK-69-001 | TODO | | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Notifications Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Emit events/notifications on profile publish, deprecate, and severity threshold changes | POLICY-RISK-68-002 | |
| POLICY-RISK-70-001 | TODO | | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Export Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Support exporting/importing profiles with signatures for air-gapped bundles | POLICY-RISK-69-001 | |
| POLICY-RISK-90-001 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Scanner Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Ingest entropy penalty inputs from Scanner (`entropy.report.json`, `layer_summary.json`), extend trust algebra with configurable weights/caps, and expose explanations/metrics for opaque ratio penalties (`docs/modules/scanner/entropy.md`). | | |
| POLICY-SPL-23-001 | TODO | | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Language Infrastructure Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Define SPL v1 YAML + JSON Schema, including advisory rules, VEX precedence, severity mapping, exceptions, and layering metadata. Publish schema resources and validation fixtures | | |
| POLICY-SPL-23-002 | TODO | | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Implement canonicalizer that normalizes policy packs | POLICY-SPL-23-001 | |
| POLICY-SPL-23-003 | DONE (2025-11-26) | | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Build policy layering/override engine | POLICY-SPL-23-002 | `SplLayeringEngine` + tests landed. |
| POLICY-SPL-23-004 | DONE (2025-11-26) | | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Audit Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Design explanation tree model | POLICY-SPL-23-003 | Explanation tree emitted from evaluation; persistence follow-up. |
| POLICY-SPL-23-005 | DONE (2025-11-26) | | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, DevEx Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Create migration tool to snapshot existing behavior into baseline SPL packs | POLICY-SPL-23-004 | `SplMigrationTool` emits canonical SPL JSON from PolicyDocument. |
| POLICY-SPL-24-001 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Signals Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Extend SPL schema to expose reachability/exploitability predicates and weighting functions; update documentation and fixtures | POLICY-SPL-23-005 | |
| POLICY-TEN-48-001 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Add `tenant_id`/`project_id` columns, enable RLS, update evaluators to require tenant context, and emit rationale IDs including tenant metadata | | |
| POLICY-VEX-401-006 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild (`src/Policy/StellaOps.Policy.Engine`, `src/Policy/__Libraries/StellaOps.Policy`) | `src/Policy/StellaOps.Policy.Engine`, `src/Policy/__Libraries/StellaOps.Policy` | Policy Engine consumes reachability facts, applies the deterministic score/label buckets (≥0.80 reachable, 0.300.79 conditional, <0.30 unreachable), emits OpenVEX with call-path proofs, and updates SPL schema with `reachability.state/confidence` predicates and suppression gates. | | |
| POLICY-VEX-401-010 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild (`src/Policy/StellaOps.Policy.Engine/Vex`, `docs/modules/policy/architecture.md`, `docs/benchmarks/vex-evidence-playbook.md`) | `src/Policy/StellaOps.Policy.Engine/Vex`, `docs/modules/policy/architecture.md`, `docs/benchmarks/vex-evidence-playbook.md` | Implement `VexDecisionEmitter` to serialize per-finding OpenVEX, attach evidence hashes, request DSSE signatures, capture Rekor metadata, and publish artifacts following the bench playbook. | | |
| PROBE-401-010 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Runtime Signals Guild (`src/Signals/StellaOps.Signals.Runtime`, `ops/probes`) | `src/Signals/StellaOps.Signals.Runtime`, `ops/probes` | | | |
| PROMO-70-001 | TODO | | SPRINT_0202_0001_0002_cli_ii | DevEx/CLI Guild, Provenance Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | |
| PROMO-70-002 | TODO | | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild, Provenance Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | |
| PROV-BACKFILL-401-029 | DONE | 2025-11-27 | SPRINT_0401_0001_0001_reachability_evidence_chain | Platform Guild | `docs/provenance/inline-dsse.md`, `scripts/publish_attestation_with_provenance.sh` | Backfill historical Mongo events with DSSE/Rekor metadata by resolving known attestations per subject digest (wiring ingestion helpers + endpoint tests in progress). | Depends on #1 | RBRE0101 |
| PROV-INDEX-401-030 | DONE | 2025-11-27 | SPRINT_0401_0001_0001_reachability_evidence_chain | Platform + Ops Guilds | `docs/provenance/inline-dsse.md`, `ops/mongo/indices/events_provenance_indices.js` | Deploy provenance indexes (`events_by_subject_kind_provenance`, etc.) and expose compliance/replay queries. | Depends on #3 | RBRE0101 |
| PROV-INLINE-401-028 | DONE | | SPRINT_0401_0001_0001_reachability_evidence_chain | Authority Guild · Feedser Guild (`docs/provenance/inline-dsse.md`, `src/__Libraries/StellaOps.Provenance.Mongo`) | `docs/provenance/inline-dsse.md`, `src/__Libraries/StellaOps.Provenance.Mongo` | Extend Authority/Feedser event writers to attach inline DSSE + Rekor references on every SBOM/VEX/scan event using `StellaOps.Provenance.Mongo`. | | |
| PROV-OBS-53-001 | DONE | 2025-11-17 | SPRINT_0513_0001_0001_provenance | Provenance Guild / `src/Provenance/StellaOps.Provenance.Attestation` | src/Provenance/StellaOps.Provenance.Attestation | Implement DSSE/SLSA `BuildDefinition` + `BuildMetadata` models with canonical JSON serializer, Merkle digest helpers, deterministic hashing tests, and sample statements for orchestrator/job/export subjects. | — | PROB0101 |
| PROV-OBS-53-002 | BLOCKED | | SPRINT_0513_0001_0001_provenance | Provenance Guild · Security Guild | src/Provenance/StellaOps.Provenance.Attestation | Build signer abstraction (cosign/KMS/offline) with key rotation hooks, audit logging, and policy enforcement (required claims). Provide unit tests using fake signer + real cosign fixture. Dependencies: PROV-OBS-53-001. | Await CI rerun to clear MSB6006 and verify signer abstraction | PROB0101 |
| PROV-OBS-53-003 | BLOCKED | | SPRINT_0513_0001_0001_provenance | Provenance Guild | src/Provenance/StellaOps.Provenance.Attestation | Deliver `PromotionAttestationBuilder` that materialises the `stella.ops/promotion@v1` predicate (image digest, SBOM/VEX materials, promotion metadata, Rekor proof) and feeds canonicalised payload bytes to Signer via StellaOps.Cryptography. | Blocked on PROV-OBS-53-002 CI verification | PROB0101 |
| PROV-OBS-54-001 | TODO | | SPRINT_0513_0001_0001_provenance | Provenance Guild · Evidence Locker Guild | src/Provenance/StellaOps.Provenance.Attestation | Deliver verification library that validates DSSE signatures, Merkle roots, and timeline chain-of-custody, exposing reusable CLI/service APIs. Include negative-case fixtures and offline timestamp verification. Dependencies: PROV-OBS-53-002. | Starts after PROV-OBS-53-002 clears in CI | PROB0101 |
| PROV-OBS-54-002 | TODO | | SPRINT_0513_0001_0001_provenance | Provenance Guild · DevEx/CLI Guild | src/Provenance/StellaOps.Provenance.Attestation | Generate .NET global tool for local verification + embed command helpers for CLI `stella forensic verify`. Provide deterministic packaging and offline kit instructions. Dependencies: PROV-OBS-54-001. | Starts after PROV-OBS-54-001 verification APIs stable | PROB0101 |
| PY-32-001 | DONE | | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | | | |
| PY-32-002 | DONE | | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | | | |
| PY-33-001 | DONE | | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | | | |
| PY-33-002 | DONE | | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | | | |
| PY-34-001 | DONE | | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | | | |
| QA-DOCS-401-008 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | QA & Docs Guilds (`docs`, `tests/README.md`) | `docs`, `tests/README.md` | Wire `reachbench-2025-expanded` fixtures into CI, document CAS layouts + replay steps in `docs/reachability/DELIVERY_GUIDE.md`, and publish operator runbook for runtime ingestion. | | |
| QA-REACH-201-007 | TODO | | SPRINT_400_runtime_facts_static_callgraph_union | QA Guild (`tests/README.md`) | `tests/README.md` | Integrate `reachbench-2025-expanded` fixture pack under `tests/reachability/`, add evaluator harness tests that validate reachable vs unreachable cases, and wire CI guidance for deterministic runs. | | |
| REACH-201-001 | TODO | | SPRINT_400_runtime_facts_static_callgraph_union | Zastava Observer Guild (`src/Zastava/StellaOps.Zastava.Observer`) | `src/Zastava/StellaOps.Zastava.Observer` | | | |
| REACH-201-002 | DOING | 2025-11-08 | SPRINT_400_runtime_facts_static_callgraph_union | Scanner Worker Guild (`src/Scanner/StellaOps.Scanner.Worker`) | `src/Scanner/StellaOps.Scanner.Worker` | | | |
| REACH-201-003 | DOING | 2025-11-08 | SPRINT_400_runtime_facts_static_callgraph_union | Signals Guild (`src/Signals/StellaOps.Signals`) | `src/Signals/StellaOps.Signals` | | | |
| REACH-201-004 | DOING | 2025-11-08 | SPRINT_400_runtime_facts_static_callgraph_union | Signals Guild · Policy Guild (`src/Signals/StellaOps.Signals`, `src/Policy/StellaOps.Policy.Engine`) | `src/Signals/StellaOps.Signals`, `src/Policy/StellaOps.Policy.Engine` | | | |
| REACH-201-005 | DOING | 2025-11-08 | SPRINT_400_runtime_facts_static_callgraph_union | BE-Base Platform Guild (`src/__Libraries/StellaOps.Replay.Core`) | `src/__Libraries/StellaOps.Replay.Core` | | | |
| REACH-201-006 | TODO | | SPRINT_400_runtime_facts_static_callgraph_union | Docs Guild (`docs`) | | | | |
| REACH-201-007 | TODO | | SPRINT_400_runtime_facts_static_callgraph_union | QA Guild (`tests/README.md`) | `tests/README.md` | | | |
| REACH-401-005 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Authority & Signer Guilds (`src/Authority/StellaOps.Authority`, `src/Signer/StellaOps.Signer`) | `src/Authority/StellaOps.Authority`, `src/Signer/StellaOps.Signer` | | | |
| REACH-401-009 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Scanner Worker Guild (`src/Scanner/StellaOps.Scanner.Worker`, `src/Scanner/__Libraries`) | `src/Scanner/StellaOps.Scanner.Worker`, `src/Scanner/__Libraries` | | | |
| REACH-LATTICE-401-023 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Scanner Guild · Policy Guild (`docs/reachability/lattice.md`, `docs/modules/scanner/architecture.md`, `src/Scanner/StellaOps.Scanner.WebService`) | `docs/reachability/lattice.md`, `docs/modules/scanner/architecture.md`, `src/Scanner/StellaOps.Scanner.WebService` | Define the reachability lattice model (`ReachState`, `EvidenceKind`, `MitigationKind`, scoring policy) in Scanner docs + code; ensure evidence joins write to the event graph schema. | | |
| READINESS-0001 | TODO | | SPRINT_0325_0001_0001_docs_modules_policy | Policy Guild (docs/modules/policy) | docs/modules/policy | | | |
| READINESS-0002 | TODO | | SPRINT_0325_0001_0001_docs_modules_policy | Policy Guild (docs/modules/policy) | docs/modules/policy | | | |
| RECIPES-DOCS-0001 | TODO | | SPRINT_315_docs_modules_ci | Docs Guild (docs/modules/ci) | docs/modules/ci | | | |
| RECIPES-ENG-0001 | TODO | | SPRINT_315_docs_modules_ci | Module Team (docs/modules/ci) | docs/modules/ci | | | |
| RECIPES-OPS-0001 | TODO | | SPRINT_315_docs_modules_ci | Ops Guild (docs/modules/ci) | docs/modules/ci | | | |
| REG-41-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0154_0001_0001_packsregistry | Packs Registry Guild (src/PacksRegistry/StellaOps.PacksRegistry) | src/PacksRegistry/StellaOps.PacksRegistry | | | |
| REG-42-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0154_0001_0001_packsregistry | Packs Registry Guild (src/PacksRegistry/StellaOps.PacksRegistry) | src/PacksRegistry/StellaOps.PacksRegistry | | | |
| REG-43-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0154_0001_0001_packsregistry | Packs Registry Guild (src/PacksRegistry/StellaOps.PacksRegistry) | src/PacksRegistry/StellaOps.PacksRegistry | | | |
| REGISTRY-API-27-001 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Define OpenAPI specification covering workspaces, versions, reviews, simulations, promotions, and attestations; publish typed clients for Console/CLI | | |
| REGISTRY-API-27-002 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Implement workspace storage | REGISTRY-API-27-001 | |
| REGISTRY-API-27-003 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Integrate compile endpoint: forward source bundle to Policy Engine, persist diagnostics, symbol table, rule index, and complexity metrics | REGISTRY-API-27-002 | |
| REGISTRY-API-27-004 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Implement quick simulation API with request limits | REGISTRY-API-27-003 | |
| REGISTRY-API-27-005 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild, Scheduler Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Build batch simulation orchestration: enqueue shards, collect partials, reduce deltas, produce evidence bundles + signed manifest | REGISTRY-API-27-004 | |
| REGISTRY-API-27-006 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Implement review workflow | REGISTRY-API-27-005 | |
| REGISTRY-API-27-007 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild, Security Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Implement publish pipeline: sign source/compiled digests, create attestations, mark version immutable, emit events | REGISTRY-API-27-006 | |
| REGISTRY-API-27-008 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Implement promotion bindings per tenant/environment with canary subsets, rollback path, and environment history | REGISTRY-API-27-007 | |
| REGISTRY-API-27-009 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild, Observability Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Instrument metrics/logs/traces | REGISTRY-API-27-008 | |
| REGISTRY-API-27-010 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild, QA Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Build unit/integration/load test suites for compile/sim/review/publish/promote flows; provide seeded fixtures for CI | REGISTRY-API-27-009 | |
| REL-17-004 | BLOCKED | 2025-10-26 | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild (ops/devops) | ops/devops | | | |
| REP-004 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | BE-Base Platform Guild (`src/__Libraries/StellaOps.Replay.Core`, `docs/replay/DETERMINISTIC_REPLAY.md`) | `src/__Libraries/StellaOps.Replay.Core`, `docs/replay/DETERMINISTIC_REPLAY.md` | | | |
| REPLAY-185-003 | TODO | | SPRINT_0185_0001_0001_shared_replay_primitives | Docs Guild, Platform Data Guild (docs) | | | | |
| REPLAY-185-004 | TODO | | SPRINT_0185_0001_0001_shared_replay_primitives | Docs Guild (docs) | | | | |
| REPLAY-186-001 | TODO | | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild (`src/Scanner/StellaOps.Scanner.WebService`, `docs/modules/scanner/architecture.md`) | `src/Scanner/StellaOps.Scanner.WebService`, `docs/modules/scanner/architecture.md` | | | |
| REPLAY-186-002 | TODO | | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild (`src/Scanner/StellaOps.Scanner.Worker`, `docs/modules/scanner/deterministic-execution.md`) | `src/Scanner/StellaOps.Scanner.Worker`, `docs/modules/scanner/deterministic-execution.md` | | | |
| REPLAY-186-003 | TODO | | SPRINT_0186_0001_0001_record_deterministic_execution | Signing Guild (`src/Signer/StellaOps.Signer`, `src/Authority/StellaOps.Authority`) | `src/Signer/StellaOps.Signer`, `src/Authority/StellaOps.Authority` | | | |
| REPLAY-186-004 | TODO | | SPRINT_0186_0001_0001_record_deterministic_execution | Docs Guild (`docs`) | | | | |
| REPLAY-187-001 | TODO | | SPRINT_160_export_evidence | Evidence Locker Guild · docs/modules/evidence-locker/architecture.md | docs/modules/evidence-locker/architecture.md | | | |
| REPLAY-187-002 | TODO | | SPRINT_160_export_evidence | CLI Guild · `docs/modules/cli/architecture.md` | docs/modules/cli/architecture.md | | | |
| REPLAY-187-003 | TODO | | SPRINT_0187_0001_0001_evidence_locker_cli_integration | Attestor Guild (`src/Attestor/StellaOps.Attestor`, `docs/modules/attestor/architecture.md`) | `src/Attestor/StellaOps.Attestor`, `docs/modules/attestor/architecture.md` | | | |
| REPLAY-187-004 | TODO | | SPRINT_160_export_evidence | Docs/Ops Guild · `/docs/runbooks/replay_ops.md` | docs/runbooks/replay_ops.md | | | |
| REPLAY-401-004 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | BE-Base Platform Guild (`src/__Libraries/StellaOps.Replay.Core`) | `src/__Libraries/StellaOps.Replay.Core` | Bump replay manifest to v2 (feeds, analyzers, policies), have `ReachabilityReplayWriter` enforce CAS registration + hash sorting, and add deterministic tests to `tests/reachability/StellaOps.Reachability.FixtureTests`. | | |
| REPLAY-CORE-185-001 | TODO | | SPRINT_0185_0001_0001_shared_replay_primitives | Platform Guild | `src/__Libraries/StellaOps.Replay.Core` | Scaffold `StellaOps.Replay.Core` with manifest schema types, canonical JSON rules, Merkle utilities, and DSSE payload builders; add `AGENTS.md`/`TASKS.md` for the new library; cross-reference `docs/replay/DETERMINISTIC_REPLAY.md` section 3 when updating the library charter. | Mirrors #1 | RLRC0101 |
| REPLAY-CORE-185-002 | TODO | | SPRINT_0185_0001_0001_shared_replay_primitives | Platform Guild | src/__Libraries/StellaOps.Replay.Core | Implement deterministic bundle writer (tar.zst, CAS naming) and hashing abstractions, updating `docs/modules/platform/architecture-overview.md` with a “Replay CAS” subsection that documents layout/retention expectations. | Mirrors #2 | RLRC0101 |
| REPLAY-CORE-185-003 | TODO | | SPRINT_0185_0001_0001_shared_replay_primitives | Platform Data Guild | src/__Libraries/StellaOps.Replay.Core | Define Mongo collections (`replay_runs`, `replay_bundles`, `replay_subjects`) and indices, then author `docs/data/replay_schema.md` detailing schema fields, constraints, and offline sync strategy. | Mirrors #3 | RLRC0101 |
| REPLAY-REACH-201-005 | DOING | 2025-11-08 | SPRINT_400_runtime_facts_static_callgraph_union | BE-Base Platform Guild (`src/__Libraries/StellaOps.Replay.Core`) | `src/__Libraries/StellaOps.Replay.Core` | Update `StellaOps.Replay.Core` manifest schema + bundle writer so replay packs capture reachability graphs, runtime traces, analyzer versions, and evidence hashes; document new CAS namespace. | | |
| RISK-66-001 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild, Risk Engine Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | | | |
| RISK-66-002 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | | | |
| RISK-66-003 | TODO | | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild, Risk Profile Schema Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | | POLICY-RISK-66-002 | |
| RISK-66-004 | TODO | | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild, Risk Profile Schema Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | | POLICY-RISK-66-003 | |
| RISK-67-001 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | | | |
| RISK-67-002 | TODO | | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | | POLICY-RISK-67-001 | |
| RISK-67-003 | BLOCKED (2025-11-26) | | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Risk Engine Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | | POLICY-RISK-67-002 | Blocked by missing risk profile schema + lifecycle API contract. |
| RISK-67-004 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild, CLI Guild (docs) | | | | |
| RISK-68-001 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild, Policy Studio Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | | | |
| RISK-68-002 | TODO | | SPRINT_0128_0001_0001_policy_reasoning | Risk Profile Schema Guild / src/Policy/StellaOps.Policy.RiskProfile | src/Policy/StellaOps.Policy.RiskProfile | | POLICY-RISK-68-001 | |
| RISK-69-001 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild, Notifications Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | | | |
| RISK-69-002 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild, Risk Engine Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | |
| RISK-70-001 | TODO | | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Export Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | | POLICY-RISK-69-001 | |
| RISK-90-001 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Scanner Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | | | |
| RISK-BUNDLE-69-001 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | Risk Bundle Export Guild, Risk Engine Guild (src/ExportCenter/StellaOps.ExportCenter.RiskBundles) | src/ExportCenter/StellaOps.ExportCenter.RiskBundles | Implement `stella export risk-bundle` job producing tarball with provider datasets, manifests, and DSSE signatures. | | |
| RISK-BUNDLE-69-002 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | Risk Bundle Export Guild, DevOps Guild (src/ExportCenter/StellaOps.ExportCenter.RiskBundles) | src/ExportCenter/StellaOps.ExportCenter.RiskBundles | Integrate bundle job into CI/offline kit pipelines with checksum publication. Dependencies: RISK-BUNDLE-69-001. | | |
| RISK-BUNDLE-70-001 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | Risk Bundle Export Guild, CLI Guild (src/ExportCenter/StellaOps.ExportCenter.RiskBundles) | src/ExportCenter/StellaOps.ExportCenter.RiskBundles | Provide CLI `stella risk bundle verify` command to validate bundles before import. Dependencies: RISK-BUNDLE-69-002. | | |
| RISK-BUNDLE-70-002 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | Risk Bundle Export Guild, Docs Guild (src/ExportCenter/StellaOps.ExportCenter.RiskBundles) | src/ExportCenter/StellaOps.ExportCenter.RiskBundles | Publish `/docs/airgap/risk-bundles.md` detailing build/import/verification workflows. Dependencies: RISK-BUNDLE-70-001. | | |
| RISK-ENGINE-66-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Scaffold scoring service (job queue, worker loop, provider registry) with deterministic execution harness | | |
| RISK-ENGINE-66-002 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Implement default transforms | RISK-ENGINE-66-001 | |
| RISK-ENGINE-67-001 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild, Concelier Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Integrate CVSS and KEV providers pulling data from Conseiller; implement reducers | RISK-ENGINE-66-002 | |
| RISK-ENGINE-67-002 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild, Excitor Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Integrate VEX gate provider and ensure gating short-circuits scoring as configured | RISK-ENGINE-67-001 | |
| RISK-ENGINE-67-003 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild, Policy Engine Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Add fix availability, asset criticality, and internet exposure providers with caching + TTL enforcement | RISK-ENGINE-67-002 | |
| RISK-ENGINE-68-001 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild, Findings Ledger Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Persist scoring results + explanation pointers to Findings Ledger; handle incremental updates via input hash | RISK-ENGINE-67-003 | |
| RISK-ENGINE-68-002 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild, API Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Expose APIs | RISK-ENGINE-68-001 | |
| RISK-ENGINE-69-001 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild, Policy Studio Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Implement simulation mode producing distributions and top movers without mutating ledger | RISK-ENGINE-68-002 | |
| RISK-ENGINE-69-002 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild, Observability Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Add telemetry | RISK-ENGINE-69-001 | |
| RISK-ENGINE-70-001 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild, Export Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Support offline provider bundles with manifest verification and missing-data reporting | RISK-ENGINE-69-002 | |
| RISK-ENGINE-70-002 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild, Observability Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Integrate runtime evidence provider and reachability provider outputs with caching + TTL | RISK-ENGINE-70-001 | |
| RULES-33-001 | REVIEW (2025-10-30) | 2025-10-30 | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild, Platform Leads (ops/devops) | ops/devops | | | |
| RUNBOOK-401-017 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · Ops Guild (`docs/runbooks/reachability-runtime.md`, `docs/reachability/DELIVERY_GUIDE.md`) | `docs/runbooks/reachability-runtime.md`, `docs/reachability/DELIVERY_GUIDE.md` | | | |
| RUNBOOK-55-001 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild, Ops Guild (docs) | | | | |
| RUNBOOK-REPLAY-187-004 | TODO | | SPRINT_160_export_evidence | Docs/Ops Guild · `/docs/runbooks/replay_ops.md` | docs/runbooks/replay_ops.md | Docs/Ops Guild · `/docs/runbooks/replay_ops.md` | | |
| RUNTIME-401-002 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild (`src/Signals/StellaOps.Signals`) | `src/Signals/StellaOps.Signals` | | | |
| RUNTIME-PROBE-401-010 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Runtime Signals Guild (`src/Signals/StellaOps.Signals.Runtime`, `ops/probes`) | `src/Signals/StellaOps.Signals.Runtime`, `ops/probes` | Implement lightweight runtime probes (EventPipe/.NET, JFR/JVM) that capture method enter events for the target components, package them as CAS traces, and feed them into the Signals ingestion pipeline. | | |
| SAMPLES-GRAPH-24-003 | DONE (2025-12-02) | | SPRINT_509_samples | Samples Guild, SBOM Service Guild (samples) | | Generate large-scale SBOM graph fixture (≈40k nodes) with policy overlay snapshot for performance/perf regression suites. | | |
| SAMPLES-GRAPH-24-004 | DONE (2025-12-02) | | SPRINT_509_samples | Samples Guild, UI Guild (samples) | | Create vulnerability explorer JSON/CSV fixtures capturing conflicting evidence and policy outputs for UI/CLI automated tests. Dependencies: SAMPLES-GRAPH-24-003 (delivered at samples/graph/graph-40k). | | |
| SAMPLES-LNM-22-001 | BLOCKED | 2025-10-27 | SPRINT_509_samples | Samples Guild, Concelier Guild (samples) | | Create advisory observation/linkset fixtures (NVD, GHSA, OSV disagreements) for API/CLI/UI tests with documented conflicts. Waiting on finalized schema/linkset outputs. | | |
| SAMPLES-LNM-22-002 | BLOCKED | 2025-10-27 | SPRINT_509_samples | Samples Guild, Excititor Guild (samples) | | Produce VEX observation/linkset fixtures demonstrating status conflicts and path relevance; include raw blobs. Pending Excititor observation/linkset implementation. Dependencies: SAMPLES-LNM-22-001. | | |
| SBOM-60-001 | TODO | | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | |
| SBOM-60-002 | TODO | | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | |
| SBOM-AIAI-31-001 | TODO | | SPRINT_0140_0001_0001_runtime_signals | — | | Advisory AI path/timeline endpoints specced; awaiting projection schema finalization. | — | DOAI0101 |
| SBOM-AIAI-31-002 | TODO | | SPRINT_0140_0001_0001_runtime_signals | | | Metrics/dashboards tied to 31-001; blocked on the same schema availability. | | |
| SBOM-AIAI-31-003 | BLOCKED | 2025-11-18 | SPRINT_0111_0001_0001_advisoryai | SBOM Service Guild · Advisory AI Guild (src/SbomService/StellaOps.SbomService) | src/SbomService/StellaOps.SbomService | Publish the Advisory AI hand-off kit for `/v1/sbom/context`, share base URL/API key + tenant header contract, and run a joint end-to-end retrieval smoke test with Advisory AI. | SBOM-AIAI-31-001 projection kit/fixtures | ADAI0101 |
| SBOM-CONSOLE-23-001 | TODO | | SPRINT_0140_0001_0001_runtime_signals | | | Console catalog API draft complete; depends on Concelier/Cartographer payload definitions. | | |
| SBOM-CONSOLE-23-002 | TODO | | SPRINT_0140_0001_0001_runtime_signals | | | Global component lookup API needs 23-001 responses + cache hints before work can start. | | |
| SBOM-DET-01 | TODO | | SPRINT_0209_0001_0001_ui_i | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | | | |
| SBOM-ORCH-32-001 | TODO | | SPRINT_0140_0001_0001_runtime_signals | | | Orchestrator registration is sequenced after projection schema because payload shapes map into job metadata. | | |
| SBOM-ORCH-33-001 | TODO | | SPRINT_0140_0001_0001_runtime_signals | | | Backpressure/telemetry features depend on 32-001 workers. | | |
| SBOM-ORCH-34-001 | TODO | | SPRINT_0140_0001_0001_runtime_signals | | | Backfill + watermark logic requires the orchestrator integration from 33-001. | | |
| SBOM-SERVICE-21-001 | DONE | 2025-11-23 | SPRINT_0140_0001_0001_runtime_signals | SBOM Service Guild | src/SbomService/StellaOps.SbomService | Projection read API wired with in-memory fallback + WAF config; `dotnet test --filter ProjectionEndpointTests` now passes (400/200 paths) and duplicate test package warnings cleared. | CONCELIER-GRAPH-21-001; CARTO-GRAPH-21-002 |
| SBOM-SERVICE-21-002 | TODO | | SPRINT_0142_0001_0001_sbomservice | | | Depends on 21-001; events/replay tooling to follow once fixtures land. | | |
| SBOM-SERVICE-21-003 | TODO | | SPRINT_0142_0001_0001_sbomservice | | | Entrypoint/service node management, pending 21-002 events. | | |
| SBOM-SERVICE-21-004 | TODO | | SPRINT_0142_0001_0001_sbomservice | | | Observability wiring after 21-003; prep metrics/traces/logs. | | |
| SBOM-SERVICE-23-001 | TODO | | SPRINT_0140_0001_0001_runtime_signals | | | Asset metadata extensions queued once 21-004 observability baseline exists. | | |
| SBOM-SERVICE-23-002 | TODO | | SPRINT_0140_0001_0001_runtime_signals | | | Asset update events depend on 23-001 schema. | | |
| SBOM-VULN-29-001 | TODO | | SPRINT_0140_0001_0001_runtime_signals | | | Inventory evidence feed deferred until projection schema + runtime align. | | |
| SBOM-VULN-29-002 | TODO | | SPRINT_0140_0001_0001_runtime_signals | | | Resolver feed requires 29-001 event payloads. | | |
| SCAN-001 | TODO | | SPRINT_400_runtime_facts_static_callgraph_union | Scanner Worker Guild (`src/Scanner/StellaOps.Scanner.Worker`, `docs/modules/scanner/architecture.md`, `docs/reachability/function-level-evidence.md`) | `src/Scanner/StellaOps.Scanner.Worker`, `docs/modules/scanner/architecture.md`, `docs/reachability/function-level-evidence.md` | | | |
| SCAN-90-004 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild, Scanner Guild (ops/devops) | ops/devops | | | |
| SCAN-DETER-186-008 | DONE (2025-11-26) | | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild · Provenance Guild | `src/Scanner/StellaOps.Scanner.WebService`, `src/Scanner/StellaOps.Scanner.Worker` | Add deterministic execution switches to Scanner (fixed clock, RNG seed, concurrency cap, feed/policy snapshot pins, log filtering) available via CLI/env/config so repeated runs stay hermetic. | ENTROPY-186-012 & SCANNER-ENV-02 | SCDE0102 |
| SCAN-DETER-186-009 | DONE (2025-11-27) | | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild, QA Guild (`src/Scanner/StellaOps.Scanner.Replay`, `src/Scanner/__Tests`) | `src/Scanner/StellaOps.Scanner.Replay`, `src/Scanner/__Tests` | Build a determinism harness that replays N scans per image, canonicalises SBOM/VEX/findings/log outputs, and records per-run hash matrices (see `docs/modules/scanner/determinism-score.md`). | | |
| SCAN-DETER-186-010 | DONE (2025-11-27) | | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild, Export Center Guild (`src/Scanner/StellaOps.Scanner.WebService`, `docs/modules/scanner/operations/release.md`) | `src/Scanner/StellaOps.Scanner.WebService`, `docs/modules/scanner/operations/release.md` | Emit and publish `determinism.json` (scores, artifact hashes, non-identical diffs) alongside each scanner release via CAS/object storage APIs (documented in `docs/modules/scanner/determinism-score.md`). | | |
| SCAN-ENTROPY-186-011 | DONE (2025-11-26) | | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild (`src/Scanner/StellaOps.Scanner.Worker`, `src/Scanner/__Libraries`) | `src/Scanner/StellaOps.Scanner.Worker`, `src/Scanner/__Libraries` | Implement entropy analysis for ELF/PE/Mach-O executables and large opaque blobs (sliding-window metrics, section heuristics), flagging high-entropy regions and recording offsets/hints (see `docs/modules/scanner/entropy.md`). | | |
| SCAN-ENTROPY-186-012 | DONE (2025-11-26) | | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild, Provenance Guild (`src/Scanner/StellaOps.Scanner.WebService`, `docs/replay/DETERMINISTIC_REPLAY.md`) | `src/Scanner/StellaOps.Scanner.WebService`, `docs/replay/DETERMINISTIC_REPLAY.md` | Generate `entropy.report.json` and image-level penalties, attach evidence to scan manifests/attestations, and expose opaque ratios for downstream policy engines (`docs/modules/scanner/entropy.md`). | | |
| SCAN-REACH-201-002 | DOING | 2025-11-08 | SPRINT_400_runtime_facts_static_callgraph_union | Scanner Worker Guild (`src/Scanner/StellaOps.Scanner.Worker`) | `src/Scanner/StellaOps.Scanner.Worker` | Ship language-aware static lifters (JVM, .NET/Roslyn+IL, Go SSA, Node/Deno TS AST, Rust MIR, Swift SIL, shell/binary analyzers) in Scanner Worker; emit canonical SymbolIDs, CAS-stored graphs, and attach reachability tags to SBOM components. | | |
| SCAN-REACH-401-009 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Scanner Worker Guild (`src/Scanner/StellaOps.Scanner.Worker`, `src/Scanner/__Libraries`) | `src/Scanner/StellaOps.Scanner.Worker`, `src/Scanner/__Libraries` | Ship .NET/JVM symbolizers and call-graph generators (roots, edges, framework adapters), merge results into component-level reachability manifests, and back them with golden fixtures. | | |
| SCAN-REPLAY-186-001 | DONE (2025-11-26) | | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild (`src/Scanner/StellaOps.Scanner.WebService`, `docs/modules/scanner/architecture.md`) | `src/Scanner/StellaOps.Scanner.WebService`, `docs/modules/scanner/architecture.md` | Implement `record` mode in `StellaOps.Scanner.WebService` (manifest assembly, policy/feed/tool hash capture, CAS uploads) and document the workflow in `docs/modules/scanner/architecture.md` with references to `docs/replay/DETERMINISTIC_REPLAY.md` Section 6. | | |
| SCAN-REPLAY-186-002 | DOING (2025-11-27) | | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild (`src/Scanner/StellaOps.Scanner.Worker`, `docs/modules/scanner/deterministic-execution.md`) | `src/Scanner/StellaOps.Scanner.Worker`, `docs/modules/scanner/deterministic-execution.md` | Update `StellaOps.Scanner.Worker` analyzers to consume sealed input bundles, enforce deterministic ordering, and contribute Merkle metadata; extend `docs/modules/scanner/deterministic-execution.md` (new) summarising invariants drawn from `docs/replay/DETERMINISTIC_REPLAY.md` Section 4. | | |
| SCANNER-ANALYZERS-DENO-26-001 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Build the deterministic input normalizer + VFS merger for `deno.json(c)`, import maps, lockfiles, vendor trees, `$DENO_DIR`, and OCI layers so analyzers have a canonical file view. | | |
| SCANNER-ANALYZERS-DENO-26-002 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Implement the module graph resolver covering static/dynamic imports, npm bridge, cache lookups, built-ins, WASM/JSON assertions, and annotate edges with their resolution provenance. | SCANNER-ANALYZERS-DENO-26-001 | |
| SCANNER-ANALYZERS-DENO-26-003 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Ship the npm/node compatibility adapter that maps `npm:` specifiers, evaluates `exports` conditionals, and logs builtin usage for policy overlays. | SCANNER-ANALYZERS-DENO-26-002 | |
| SCANNER-ANALYZERS-DENO-26-004 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Add the permission/capability analyzer covering FS/net/env/process/crypto/FFI/workers plus dynamic-import + literal fetch heuristics with reason codes. | SCANNER-ANALYZERS-DENO-26-003 | |
| SCANNER-ANALYZERS-DENO-26-005 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Build bundle/binary inspectors for eszip and `deno compile` executables to recover graphs, configs, embedded resources, and snapshots. | SCANNER-ANALYZERS-DENO-26-004 | |
| SCANNER-ANALYZERS-DENO-26-006 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Implement the OCI/container adapter that stitches per-layer Deno caches, vendor trees, and compiled binaries back into provenance-aware analyzer inputs. | SCANNER-ANALYZERS-DENO-26-005 | |
| SCANNER-ANALYZERS-DENO-26-007 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Produce AOC-compliant observation writers (entrypoints, modules, capability edges, workers, warnings, binaries) with deterministic reason codes. | SCANNER-ANALYZERS-DENO-26-006 | |
| SCANNER-ANALYZERS-DENO-26-008 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild, QA Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Finalize fixture + benchmark suite (vendor/npm/FFI/worker/dynamic import/bundle/cache/container cases) validating analyzer determinism and performance. | SCANNER-ANALYZERS-DENO-26-007 | |
| SCANNER-ANALYZERS-DENO-26-009 | DONE (2025-11-24) | 2025-11-24 | SPRINT_0131_0001_0001_scanner_surface | Deno Analyzer Guild, Signals Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Optional runtime evidence hooks (loader/require shim) capturing module loads + permissions during harnessed execution with path hashing. | SCANNER-ANALYZERS-DENO-26-008 | — |
| SCANNER-ANALYZERS-DENO-26-010 | DONE (2025-11-24) | 2025-11-24 | SPRINT_0131_0001_0001_scanner_surface | Deno Analyzer Guild, DevOps Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Package analyzer plug-in, add CLI (`stella deno inspect`, `stella deno resolve`, `stella deno trace`) commands, update Offline Kit docs, ensure Worker integration. | SCANNER-ANALYZERS-DENO-26-009 | — |
| SCANNER-ANALYZERS-DENO-26-011 | DONE (2025-11-24) | 2025-11-24 | SPRINT_0131_0001_0001_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Policy signal emitter: net/fs/env/ffi/process/crypto capabilities, remote origin list, npm usage, wasm modules, dynamic-import warnings. | SCANNER-ANALYZERS-DENO-26-010 | — |
| SCANNER-ANALYZERS-JAVA-21-005 | TODO | | SPRINT_131_scanner_surface | Java Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Framework config extraction: Spring Boot imports, spring.factories, application properties/yaml, Jakarta web.xml & fragments, JAX-RS/JPA/CDI/JAXB configs, logging files, Graal native-image configs. | | |
| SCANNER-ANALYZERS-JAVA-21-006 | TODO | | SPRINT_131_scanner_surface | Java Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | JNI/native hint scanner: detect native methods, System.load/Library literals, bundled native libs, Graal JNI configs; emit `jni-load` edges for native analyzer correlation. | SCANNER-ANALYZERS-JAVA-21-005 | |
| SCANNER-ANALYZERS-JAVA-21-007 | TODO | | SPRINT_131_scanner_surface | Java Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Signature and manifest metadata collector: verify JAR signature structure, capture signers, manifest loader attributes (Main-Class, Agent-Class, Start-Class, Class-Path). | SCANNER-ANALYZERS-JAVA-21-006 | |
| SCANNER-ANALYZERS-JAVA-21-008 | BLOCKED | 2025-10-27 | SPRINT_131_scanner_surface | Java Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Implement resolver + AOC writer: produce entrypoints (env profiles, warnings), components (jar_id + semantic ids), edges (jpms, cp, spi, reflect, jni) with reason codes/confidence. | SCANNER-ANALYZERS-JAVA-21-007 | |
| SCANNER-ANALYZERS-JAVA-21-009 | TODO | | SPRINT_131_scanner_surface | Java Analyzer Guild, QA Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Author comprehensive fixtures (modular app, boot fat jar, war, ear, MR-jar, jlink image, JNI, reflection heavy, signed jar, microprofile) with golden outputs and perf benchmarks. | SCANNER-ANALYZERS-JAVA-21-008 | |
| SCANNER-ANALYZERS-JAVA-21-010 | TODO | | SPRINT_131_scanner_surface | Java Analyzer Guild, Signals Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Optional runtime ingestion: Java agent + JFR reader capturing class load, ServiceLoader, and System.load events with path scrubbing. Emit append-only runtime edges `runtime-class`/`runtime-spi`/`runtime-load`. | SCANNER-ANALYZERS-JAVA-21-009 | |
| SCANNER-ANALYZERS-JAVA-21-011 | TODO | | SPRINT_131_scanner_surface | Java Analyzer Guild, DevOps Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Package analyzer as restart-time plug-in (manifest/DI), update Offline Kit docs, add CLI/worker hooks for Java inspection commands. | SCANNER-ANALYZERS-JAVA-21-010 | |
| SCANNER-ANALYZERS-LANG-11-001 | TODO | | SPRINT_131_scanner_surface | StellaOps.Scanner EPDR Guild, Language Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Build entrypoint resolver that maps project/publish artifacts to entrypoint identities (assembly name, MVID, TFM, RID) and environment profiles (publish mode, host kind, probing paths). Output normalized `entrypoints[]` records with deterministic IDs. | SCANNER-ANALYZERS-LANG-10-309 | |
| SCANNER-ANALYZERS-LANG-11-002 | TODO | | SPRINT_0132_0001_0001_scanner_surface | StellaOps.Scanner EPDR Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Implement static analyzer (IL + reflection heuristics) capturing AssemblyRef, ModuleRef/PInvoke, DynamicDependency, reflection literals, DI patterns, and custom AssemblyLoadContext probing hints. Emit dependency edges with reason codes and confidence. | SCANNER-ANALYZERS-LANG-11-001 | |
| SCANNER-ANALYZERS-LANG-11-003 | TODO | | SPRINT_0132_0001_0001_scanner_surface | StellaOps.Scanner EPDR Guild, Signals Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Ingest optional runtime evidence (AssemblyLoad, Resolving, P/Invoke) via event listener harness; merge runtime edges with static/declared ones and attach reason codes/confidence. | SCANNER-ANALYZERS-LANG-11-002 | |
| SCANNER-ANALYZERS-LANG-11-004 | TODO | | SPRINT_0132_0001_0001_scanner_surface | StellaOps.Scanner EPDR Guild, SBOM Service Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Produce normalized observation export to Scanner writer: entrypoints + dependency edges + environment profiles (AOC compliant). Wire to SBOM service entrypoint tagging. | SCANNER-ANALYZERS-LANG-11-003 | |
| SCANNER-ANALYZERS-LANG-11-005 | TODO | | SPRINT_0132_0001_0001_scanner_surface | StellaOps.Scanner EPDR Guild, QA Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Add comprehensive fixtures/benchmarks covering framework-dependent, self-contained, single-file, trimmed, NativeAOT, multi-RID scenarios; include explain traces and perf benchmarks vs previous analyzer. | SCANNER-ANALYZERS-LANG-11-004 | |
| SCANNER-ANALYZERS-NATIVE-20-001 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Implement format detector and binary identity model supporting ELF, PE/COFF, and Mach-O (including fat slices). Capture arch, OS, build-id/UUID, interpreter metadata. | | |
| SCANNER-ANALYZERS-NATIVE-20-002 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Parse ELF dynamic sections: `DT_NEEDED`, `DT_RPATH`, `DT_RUNPATH`, symbol versions, interpreter, and note build-id. Emit declared dependency records with reason `elf-dtneeded` and attach version needs. | SCANNER-ANALYZERS-NATIVE-20-001 | |
| SCANNER-ANALYZERS-NATIVE-20-003 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Parse PE imports, delay-load tables, manifests/SxS metadata, and subsystem flags. Emit edges with reasons `pe-import` and `pe-delayimport`, plus SxS policy metadata. | SCANNER-ANALYZERS-NATIVE-20-002 | |
| SCANNER-ANALYZERS-NATIVE-20-004 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Parse Mach-O load commands (`LC_LOAD_DYLIB`, `LC_REEXPORT_DYLIB`, `LC_RPATH`, `LC_UUID`, fat headers). Handle `@rpath/@loader_path` placeholders and slice separation. | SCANNER-ANALYZERS-NATIVE-20-003 | |
| SCANNER-ANALYZERS-NATIVE-20-005 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Implement resolver engine modeling loader search order for ELF (rpath/runpath/cache/default), PE (SafeDll search + SxS), and Mach-O (`@rpath` expansion). Works against virtual image roots, producing explain traces. | SCANNER-ANALYZERS-NATIVE-20-004 | |
| SCANNER-ANALYZERS-NATIVE-20-006 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Build heuristic scanner for `dlopen`/`LoadLibrary` strings, plugin ecosystem configs, and Go/Rust static hints. Emit edges with `reason_code` (`string-dlopen`, `config-plugin`, `ecosystem-heuristic`) and confidence levels. | SCANNER-ANALYZERS-NATIVE-20-005 | |
| SCANNER-ANALYZERS-NATIVE-20-007 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild, SBOM Service Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Serialize AOC-compliant observations: entrypoints + dependency edges + environment profiles (search paths, interpreter, loader metadata). Integrate with Scanner writer API. | SCANNER-ANALYZERS-NATIVE-20-006 | |
| SCANNER-ANALYZERS-NATIVE-20-008 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild, QA Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Author cross-platform fixtures (ELF dynamic/static, PE delay-load/SxS, Mach-O @rpath, plugin configs) and determinism benchmarks (<25 ms / binary, <250 MB). | SCANNER-ANALYZERS-NATIVE-20-007 | |
| SCANNER-ANALYZERS-NATIVE-20-009 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild, Signals Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Provide optional runtime capture adapters (Linux eBPF `dlopen`, Windows ETW ImageLoad, macOS dyld interpose) writing append-only runtime evidence. Include redaction/sandbox guidance. | SCANNER-ANALYZERS-NATIVE-20-008 | |
| SCANNER-ANALYZERS-NATIVE-20-010 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild, DevOps Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Package native analyzer as restart-time plug-in with manifest/DI registration; update Offline Kit bundle + documentation. | SCANNER-ANALYZERS-NATIVE-20-009 | |
| SCANNER-ANALYZERS-NODE-22-001 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Build input normalizer + VFS for Node projects: dirs, tgz, container layers, pnpm store, Yarn PnP zips; detect Node version targets (`.nvmrc`, `.node-version`, Dockerfile) and workspace roots deterministically. | | |
| SCANNER-ANALYZERS-NODE-22-002 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Implement entrypoint discovery (bin/main/module/exports/imports, workers, electron, shebang scripts) and condition set builder per entrypoint. | SCANNER-ANALYZERS-NODE-22-001 | |
| SCANNER-ANALYZERS-NODE-22-003 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Parse JS/TS sources for static `import`, `require`, `import()` and string concat cases; flag dynamic patterns with confidence levels; support source map de-bundling. | SCANNER-ANALYZERS-NODE-22-002 | |
| SCANNER-ANALYZERS-NODE-22-004 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Implement Node resolver engine for CJS + ESM (core modules, exports/imports maps, conditions, extension priorities, self-references) parameterised by node_version. | SCANNER-ANALYZERS-NODE-22-003 | |
| SCANNER-ANALYZERS-NODE-22-005 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Add package manager adapters: Yarn PnP (.pnp.data/.pnp.cjs), pnpm virtual store, npm/Yarn classic hoists; operate entirely in virtual FS. | SCANNER-ANALYZERS-NODE-22-004 | |
| SCANNER-ANALYZERS-NODE-22-006 | TODO | | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Detect bundles + source maps, reconstruct module specifiers, and correlate to original paths; support dual CJS/ESM graphs with conditions. | SCANNER-ANALYZERS-NODE-22-005 | |
| SCANNER-ANALYZERS-NODE-22-007 | TODO | | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Scan for native addons (.node), WASM modules, and core capability signals (child_process, vm, worker_threads); emit hint edges and native metadata. | SCANNER-ANALYZERS-NODE-22-006 | |
| SCANNER-ANALYZERS-NODE-22-008 | TODO | | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Produce AOC-compliant observations: entrypoints, components (pkg/native/wasm), edges (esm-import, cjs-require, exports, json, native-addon, wasm, worker) with reason codes/confidence and resolver traces. | SCANNER-ANALYZERS-NODE-22-007 | |
| SCANNER-ANALYZERS-NODE-22-009 | TODO | | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild, QA Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Author fixture suite + performance benchmarks (npm, pnpm, PnP, bundle, electron, worker) with golden outputs and latency budgets. | SCANNER-ANALYZERS-NODE-22-008 | |
| SCANNER-ANALYZERS-NODE-22-010 | TODO | | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild, Signals Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Implement optional runtime evidence hooks (ESM loader, CJS require hook) with path scrubbing and loader ID hashing; emit runtime-* edges. | SCANNER-ANALYZERS-NODE-22-009 | |
| SCANNER-ANALYZERS-NODE-22-011 | TODO | | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild, DevOps Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Package updated analyzer as restart-time plug-in, expose Scanner CLI (`stella node *`) commands, refresh Offline Kit documentation. | SCANNER-ANALYZERS-NODE-22-010 | |
| SCANNER-ANALYZERS-NODE-22-012 | TODO | | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Integrate container filesystem adapter (OCI layers, Dockerfile hints) and record NODE_OPTIONS/env warnings. | SCANNER-ANALYZERS-NODE-22-011 | |
| SCANNER-ANALYZERS-PHP-27-001 | TODO | | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Build input normalizer & VFS for PHP projects: merge source trees, composer manifests, vendor/, php.ini/conf.d, `.htaccess`, FPM configs, container layers. Detect framework/CMS fingerprints deterministically. | — | SCSA0101 |
| SCANNER-ANALYZERS-PHP-27-002 | TODO | | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Composer/Autoload analyzer: parse composer.json/lock/installed.json, generate package nodes, autoload edges (psr-4/0/classmap/files), bin entrypoints, composer plugins. | SCANNER-ANALYZERS-PHP-27-001 | |
| SCANNER-ANALYZERS-PHP-27-003 | TODO | | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Include/require graph builder: resolve static includes, capture dynamic include patterns, bootstrap chains, merge with autoload edges. | SCANNER-ANALYZERS-PHP-27-002 | |
| SCANNER-ANALYZERS-PHP-27-004 | TODO | | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Runtime capability scanner: detect exec/fs/net/env/serialization/crypto/database usage, stream wrappers, uploads; record evidence snippets. | SCANNER-ANALYZERS-PHP-27-003 | |
| SCANNER-ANALYZERS-PHP-27-005 | TODO | | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | PHAR/Archive inspector: parse phar manifests/stubs, hash files, detect embedded vendor trees and phar:// usage. | SCANNER-ANALYZERS-PHP-27-004 | |
| SCANNER-ANALYZERS-PHP-27-006 | TODO | | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Framework/CMS surface mapper: extract routes, controllers, middleware, CLI/cron entrypoints for Laravel/Symfony/Slim/WordPress/Drupal/Magento. | SCANNER-ANALYZERS-PHP-27-005 | |
| SCANNER-ANALYZERS-PHP-27-007 | TODO | | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Container & extension detector: parse php.ini/conf.d, map extensions to .so/.dll, collect web server/FPM settings, upload limits, disable_functions. | SCANNER-ANALYZERS-PHP-27-006 | |
| SCANNER-ANALYZERS-PHP-27-008 | TODO | | SPRINT_0134_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Produce AOC-compliant observations: entrypoints, packages, extensions, modules, edges (require/autoload), capabilities, routes, configs. | SCANNER-ANALYZERS-PHP-27-002 | |
| SCANNER-ANALYZERS-PHP-27-009 | TODO | | SPRINT_0134_0001_0001_scanner_surface | PHP Analyzer Guild, QA Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Fixture suite + performance benchmarks (Laravel, Symfony, WordPress, legacy, PHAR, container) with golden outputs. | SCANNER-ANALYZERS-PHP-27-007 | |
| SCANNER-ANALYZERS-PHP-27-010 | TODO | | SPRINT_0134_0001_0001_scanner_surface | PHP Analyzer Guild, Signals Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Optional runtime evidence hooks (if provided) to ingest audit logs or opcode cache stats with path hashing. | SCANNER-ANALYZERS-PHP-27-009 | |
| SCANNER-ANALYZERS-PHP-27-011 | TODO | | SPRINT_0134_0001_0001_scanner_surface | PHP Analyzer Guild, DevOps Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Package analyzer plug-in, add CLI (`stella php inspect`), refresh Offline Kit documentation. | SCANNER-ANALYZERS-PHP-27-010 | |
| SCANNER-ANALYZERS-PHP-27-012 | TODO | | SPRINT_0134_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Policy signal emitter: extension requirements/presence, dangerous constructs counters, stream wrapper usage, capability summaries. | SCANNER-ANALYZERS-PHP-27-011 | |
| SCANNER-ANALYZERS-PYTHON-23-001 | TODO | | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Build input normalizer & virtual filesystem for wheels, sdists, editable installs, zipapps, site-packages trees, and container roots. Detect Python version targets (`pyproject.toml`, `runtime.txt`, Dockerfile) + virtualenv layout deterministically. | | |
| SCANNER-ANALYZERS-PYTHON-23-002 | TODO | | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Entrypoint discovery: module `__main__`, console_scripts entry points, `scripts`, zipapp main, `manage.py`/gunicorn/celery patterns. Capture invocation context (module vs package, argv wrappers). | SCANNER-ANALYZERS-PYTHON-23-001 | |
| SCANNER-ANALYZERS-PYTHON-23-003 | TODO | | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Static import graph builder using AST and bytecode fallback. Support `import`, `from ... import`, relative imports, `importlib.import_module`, `__import__` with literal args, `pkgutil.extend_path`. | SCANNER-ANALYZERS-PYTHON-23-002 | |
| SCANNER-ANALYZERS-PYTHON-23-004 | TODO | | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Python resolver engine (importlib semantics) handling namespace packages (PEP 420), package discovery order, `.pth` files, `sys.path` composition, zipimport, and site-packages precedence across virtualenv/container roots. | SCANNER-ANALYZERS-PYTHON-23-003 | |
| SCANNER-ANALYZERS-PYTHON-23-005 | TODO | | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Packaging adapters: pip editable (`.egg-link`), Poetry/Flit layout, Conda prefix, `.dist-info/RECORD` cross-check, container layer overlays. | SCANNER-ANALYZERS-PYTHON-23-004 | |
| SCANNER-ANALYZERS-PYTHON-23-006 | TODO | | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Detect native extensions (`*.so`, `*.pyd`), CFFI modules, ctypes loaders, embedded WASM, and runtime capability signals (subprocess, multiprocessing, ctypes, eval). | SCANNER-ANALYZERS-PYTHON-23-005 | |
| SCANNER-ANALYZERS-PYTHON-23-007 | TODO | | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Framework/config heuristics: Django, Flask, FastAPI, Celery, AWS Lambda handlers, Gunicorn, Click/Typer CLIs, logging configs, pyproject optional dependencies. Tagged as hints only. | SCANNER-ANALYZERS-PYTHON-23-006 | |
| SCANNER-ANALYZERS-PYTHON-23-008 | TODO | | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Produce AOC-compliant observations: entrypoints, components (modules/packages/native), edges (import, namespace, dynamic-hint, native-extension) with reason codes/confidence and resolver traces. | SCANNER-ANALYZERS-PYTHON-23-007 | |
| SCANNER-ANALYZERS-PYTHON-23-009 | TODO | | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild, QA Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Fixture suite + perf benchmarks covering virtualenv, namespace packages, zipapp, editable installs, containers, lambda handler. | SCANNER-ANALYZERS-PYTHON-23-008 | |
| SCANNER-ANALYZERS-PYTHON-23-010 | TODO | | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild, Signals Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Optional runtime evidence: import hook capturing module load events with path scrubbing, optional bytecode instrumentation for `importlib` hooks, multiprocessing tracer. | SCANNER-ANALYZERS-PYTHON-23-009 | |
| SCANNER-ANALYZERS-PYTHON-23-011 | TODO | | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild, DevOps Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Package analyzer plug-in, add CLI commands (`stella python inspect`), refresh Offline Kit documentation. | SCANNER-ANALYZERS-PYTHON-23-010 | |
| SCANNER-ANALYZERS-PYTHON-23-012 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Container/zipapp adapter enhancements: parse OCI layers for Python runtime, detect `PYTHONPATH`/`PYTHONHOME` env, record warnings for sitecustomize/startup hooks. | SCANNER-ANALYZERS-PYTHON-23-011 | |
| SCANNER-ANALYZERS-RUBY-28-001 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Build input normalizer & VFS for Ruby projects: merge source trees, Gemfile/Gemfile.lock, vendor/bundle, .gem archives, `.bundle/config`, Rack configs, containers. Detect framework/job fingerprints deterministically. | | |
| SCANNER-ANALYZERS-RUBY-28-002 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Gem & Bundler analyzer: parse Gemfile/Gemfile.lock, vendor specs, .gem archives, produce package nodes (PURLs), dependency edges, bin scripts, Bundler group metadata. | SCANNER-ANALYZERS-RUBY-28-001 | |
| SCANNER-ANALYZERS-RUBY-28-003 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Require/autoload graph builder: resolve static/dynamic require, require_relative, load; infer Zeitwerk autoload paths and Rack boot chain. | SCANNER-ANALYZERS-RUBY-28-002 | |
| SCANNER-ANALYZERS-RUBY-28-004 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Framework surface mapper: extract routes/controllers/middleware for Rails/Rack/Sinatra/Grape/Hanami; inventory jobs/schedulers (Sidekiq, Resque, ActiveJob, whenever, clockwork). | SCANNER-ANALYZERS-RUBY-28-003 | |
| SCANNER-ANALYZERS-RUBY-28-005 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Capability analyzer: detect os-exec, filesystem, network, serialization, crypto, DB usage, TLS posture, dynamic eval; record evidence snippets with file/line. | SCANNER-ANALYZERS-RUBY-28-004 | |
| SCANNER-ANALYZERS-RUBY-28-006 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Rake task & scheduler analyzer: parse Rakefiles/lib/tasks, capture task names/prereqs/shell commands; parse Sidekiq/whenever/clockwork configs into schedules. | SCANNER-ANALYZERS-RUBY-28-005 | |
| SCANNER-ANALYZERS-RUBY-28-007 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Container/runtime scanner: detect Ruby version, installed gems, native extensions, web server configs in OCI layers. | SCANNER-ANALYZERS-RUBY-28-006 | |
| SCANNER-ANALYZERS-RUBY-28-008 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Produce AOC-compliant observations: entrypoints, packages, modules, edges (require/autoload), routes, jobs, tasks, capabilities, configs, warnings. | SCANNER-ANALYZERS-RUBY-28-007 | |
| SCANNER-ANALYZERS-RUBY-28-009 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild, QA Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Fixture suite + performance benchmarks (Rails, Rack, Sinatra, Sidekiq, legacy, .gem, container) with golden outputs. | SCANNER-ANALYZERS-RUBY-28-008 | |
| SCANNER-ANALYZERS-RUBY-28-010 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild, Signals Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Optional runtime evidence integration (if provided logs/metrics) with path hashing, without altering static precedence. | SCANNER-ANALYZERS-RUBY-28-009 | |
| SCANNER-ANALYZERS-RUBY-28-011 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild, DevOps Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Package analyzer plug-in, add CLI (`stella ruby inspect`), refresh Offline Kit documentation. | SCANNER-ANALYZERS-RUBY-28-010 | |
| SCANNER-ANALYZERS-RUBY-28-012 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Policy signal emitter: rubygems drift, native extension flags, dangerous constructs counts, TLS verify posture, dynamic require eval warnings. | SCANNER-ANALYZERS-RUBY-28-011 | |
| SCANNER-BENCH-62-002 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Product Guild (docs) | | | | |
| SCANNER-BENCH-62-003 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Product Guild (docs) | | | | |
| SCANNER-BENCH-62-004 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Java Analyzer Guild (docs) | | | | |
| SCANNER-BENCH-62-005 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Go Analyzer Guild (docs) | | | | |
| SCANNER-BENCH-62-006 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Rust Analyzer Guild (docs) | | | | |
| SCANNER-BENCH-62-008 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, EntryTrace Guild (docs) | | | | |
| SCANNER-BENCH-62-009 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Policy Guild (docs) | | | | |
| SCANNER-CLI-0001 | DONE | 2025-11-10 | SPRINT_0138_0001_0001_scanner_ruby_parity | CLI Guild, Ruby Analyzer Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Coordinate CLI UX/help text for new Ruby verbs and update CLI docs/golden outputs. | SCANNER-ENG-0019 | |
| SCANNER-DET-01 | DONE (2025-12-03) | 2025-12-03 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Scanner Guild | | Deterministic compose fixtures landed; docs published. | |
| SCANNER-DOCS-0003 | TODO | | SPRINT_327_docs_modules_scanner | Docs Guild, Product Guild (docs/modules/scanner) | docs/modules/scanner | Gather Windows/macOS analyzer demand signals and record findings in `docs/benchmarks/scanner/windows-macos-demand.md` for marketing + product readiness. | | |
| SCANNER-EMIT-15-001 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Emit Guild (src/Scanner/__Libraries/StellaOps.Scanner.Emit) | src/Scanner/__Libraries/StellaOps.Scanner.Emit | Enforce canonical JSON (`stella.contentHash`, Merkle root metadata, zero timestamps) for fragments and composed CycloneDX inventory/usage BOMs. Documented in `docs/modules/scanner/deterministic-sbom-compose.md` §2.2. | SCANNER-SURFACE-04 | |
| SCANNER-ENG-0001 | TODO | | SPRINT_327_docs_modules_scanner | Module Team (docs/modules/scanner) | docs/modules/scanner | Cross-check implementation plan milestones against `/docs/implplan/SPRINT_*.md` and update module readiness checkpoints. | | |
| SCANNER-ENG-0002 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Scanner Guild, CLI Guild (docs/modules/scanner) | docs/modules/scanner | Design the Node.js lockfile collector + CLI validator per `docs/benchmarks/scanner/scanning-gaps-stella-misses-from-competitors.md`, capturing Surface + policy requirements before implementation. | | |
| SCANNER-ENG-0003 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Python Analyzer Guild, CLI Guild (docs/modules/scanner) | docs/modules/scanner | Design Python lockfile + editable-install parity checks with policy predicates and CLI workflow coverage as outlined in the gap analysis. | | |
| SCANNER-ENG-0004 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Java Analyzer Guild, CLI Guild (docs/modules/scanner) | docs/modules/scanner | Design Java lockfile ingestion/validation (Gradle/SBT collectors, CLI verb, policy hooks) to close comparison gaps. | | |
| SCANNER-ENG-0005 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Go Analyzer Guild (docs/modules/scanner) | docs/modules/scanner | Enhance Go stripped-binary fallback inference design, including inferred module metadata + policy integration, per the gap analysis. | | |
| SCANNER-ENG-0006 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Rust Analyzer Guild (docs/modules/scanner) | docs/modules/scanner | Expand Rust fingerprint coverage design (enriched fingerprint catalogue + policy controls) per the comparison matrix. | | |
| SCANNER-ENG-0007 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Scanner Guild, Policy Guild (docs/modules/scanner) | docs/modules/scanner | Design the deterministic secret leak detection pipeline covering rule packaging, Policy Engine integration, and CLI workflow. | | |
| SCANNER-ENG-0008 | TODO | | SPRINT_0138_0001_0001_scanner_ruby_parity | EntryTrace Guild, QA Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace) | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | Maintain EntryTrace heuristic cadence per `docs/benchmarks/scanner/scanning-gaps-stella-misses-from-competitors.md`, including quarterly pattern reviews + explain-trace updates. | | |
| SCANNER-ENG-0009 | DONE | 2025-11-13 | SPRINT_0138_0001_0001_scanner_ruby_parity | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Ruby analyzer parity shipped: runtime graph + capability signals, observation payload, Mongo-backed `ruby.packages` inventory, CLI/WebService surfaces, and plugin manifest bundles for Worker loadout. | SCANNER-ANALYZERS-RUBY-28-001..012 | |
| SCANNER-ENG-0010 | TODO | | SPRINT_0138_0001_0001_scanner_ruby_parity | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Ship the PHP analyzer pipeline (composer lock, autoload graph, capability signals) to close comparison gaps. | SCANNER-ANALYZERS-PHP-27-001 | |
| SCANNER-ENG-0011 | TODO | | SPRINT_0138_0001_0001_scanner_ruby_parity | Language Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Scope the Deno runtime analyzer (lockfile resolver, import graphs) based on competitor techniques to extend beyond Sprint 130 coverage. | | |
| SCANNER-ENG-0012 | TODO | | SPRINT_0138_0001_0001_scanner_ruby_parity | Language Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Dart) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Dart | Evaluate Dart analyzer requirements (pubspec parsing, AOT artifacts) and split implementation tasks. | | |
| SCANNER-ENG-0013 | TODO | | SPRINT_0138_0001_0001_scanner_ruby_parity | Swift Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Swift) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Swift | Plan Swift Package Manager coverage (Package.resolved, xcframeworks, runtime hints) with policy hooks. | | |
| SCANNER-ENG-0014 | TODO | | SPRINT_0138_0001_0001_scanner_ruby_parity | Runtime Guild, Zastava Guild (docs/modules/scanner) | docs/modules/scanner | Align Kubernetes/VM target coverage between Scanner and Zastava per comparison findings; publish joint roadmap. | | |
| SCANNER-ENG-0015 | DONE | 2025-11-13 | SPRINT_0138_0001_0001_scanner_ruby_parity | Export Center Guild, Scanner Guild (docs/modules/scanner) | docs/modules/scanner | DSSE/Rekor operator playbook published (`docs/modules/scanner/operations/dsse-rekor-operator-guide.md`) with config/env tables, rollout phases, runbook snippets, offline verification steps, and SLA/alert guidance. | | |
| SCANNER-ENG-0016 | DONE | 2025-11-10 | SPRINT_0138_0001_0001_scanner_ruby_parity | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | RubyLockCollector and vendor ingestion finalized: Bundler config overrides honoured, workspace lockfiles merged, vendor bundles normalised, and deterministic fixtures added. | SCANNER-ENG-0009 | |
| SCANNER-ENG-0017 | DONE | 2025-11-09 | SPRINT_0138_0001_0001_scanner_ruby_parity | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Build the runtime require/autoload graph builder with tree-sitter Ruby per design §4.4 and integrate EntryTrace hints. | SCANNER-ENG-0016 | |
| SCANNER-ENG-0018 | DONE | 2025-11-09 | SPRINT_0138_0001_0001_scanner_ruby_parity | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Emit Ruby capability + framework surface signals as defined in design §4.5 with policy predicate hooks. | SCANNER-ENG-0017 | |
| SCANNER-ENG-0019 | DONE | 2025-11-13 | SPRINT_0138_0001_0001_scanner_ruby_parity | Ruby Analyzer Guild, CLI Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Ruby CLI verbs now resolve inventories by scan ID, digest, or image reference; Scanner.WebService fallbacks + CLI client encoding ensure `--image` works for both digests and tagged references, and tests cover the new lookup flow. | SCANNER-ENG-0016..0018 | |
| SCANNER-ENG-0020 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (docs/modules/scanner) | docs/modules/scanner | Implement Homebrew collector & fragment mapper per `design/macos-analyzer.md` §3.1. | | |
| SCANNER-ENG-0021 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (docs/modules/scanner) | docs/modules/scanner | Implement pkgutil receipt collector per `design/macos-analyzer.md` §3.2. | | |
| SCANNER-ENG-0022 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Policy Guild (docs/modules/scanner) | docs/modules/scanner | Implement macOS bundle inspector & capability overlays per `design/macos-analyzer.md` §3.3. | | |
| SCANNER-ENG-0023 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Offline Kit Guild, Policy Guild (docs/modules/scanner) | docs/modules/scanner | Deliver macOS policy/offline integration per `design/macos-analyzer.md` §56. | | |
| SCANNER-ENG-0024 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (docs/modules/scanner) | docs/modules/scanner | Implement Windows MSI collector per `design/windows-analyzer.md` §3.1. | | |
| SCANNER-ENG-0025 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (docs/modules/scanner) | docs/modules/scanner | Implement WinSxS manifest collector per `design/windows-analyzer.md` §3.2. | | |
| SCANNER-ENG-0026 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (docs/modules/scanner) | docs/modules/scanner | Implement Windows Chocolatey & registry collectors per `design/windows-analyzer.md` §3.33.4. | | |
| SCANNER-ENG-0027 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Policy Guild, Offline Kit Guild (docs/modules/scanner) | docs/modules/scanner | Deliver Windows policy/offline integration per `design/windows-analyzer.md` §56. | | |
| SCANNER-ENTRYTRACE-18-502 | TODO | | SPRINT_0135_0001_0001_scanner_surface | EntryTrace Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace) | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | Expand chain walker with init shim/user-switch/supervisor recognition plus env/workdir accumulation and guarded edges. | SCANNER-ENTRYTRACE-18-508 | |
| SCANNER-ENTRYTRACE-18-503 | TODO | | SPRINT_0135_0001_0001_scanner_surface | EntryTrace Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace) | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | Introduce target classifier + EntryPlan handoff with confidence scoring for ELF/Java/.NET/Node/Python and user/workdir context. | SCANNER-ENTRYTRACE-18-502 | |
| SCANNER-ENTRYTRACE-18-504 | TODO | | SPRINT_0136_0001_0001_scanner_surface | EntryTrace Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace) | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | Emit EntryTrace AOC NDJSON (`entrytrace.entry/node/edge/target/warning/capability`) and wire CLI/service streaming outputs. | SCANNER-ENTRYTRACE-18-503 | |
| SCANNER-ENTRYTRACE-18-505 | TODO | | SPRINT_0136_0001_0001_scanner_surface | EntryTrace Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace) | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | Implement process-tree replay (ProcGraph) to reconcile `/proc` exec chains with static EntryTrace results, collapsing wrappers and emitting agreement/conflict diagnostics. | SCANNER-ENTRYTRACE-18-504 | |
| SCANNER-ENTRYTRACE-18-506 | TODO | | SPRINT_0136_0001_0001_scanner_surface | EntryTrace Guild, Scanner WebService Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace) | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | Surface EntryTrace graph + confidence via Scanner.WebService and CLI, including target summary in scan reports and policy payloads. | SCANNER-ENTRYTRACE-18-505 | SCSS0102 |
| SCANNER-ENV-01 | TODO (2025-11-06) | 2025-11-06 | SPRINT_0136_0001_0001_scanner_surface | Scanner Worker Guild | src/Scanner/StellaOps.Scanner.Worker | Replace ad-hoc environment reads with `StellaOps.Scanner.Surface.Env` helpers for cache roots and CAS endpoints. | — | SCDE0101 |
| SCANNER-ENV-02 | TODO (2025-11-06) | 2025-11-06 | SPRINT_0136_0001_0001_scanner_surface | Scanner WebService Guild · Ops Guild | src/Scanner/StellaOps.Scanner.WebService | Wire Surface.Env helpers into WebService hosting (cache roots, feature flags) and document configuration. | SCANNER-ENV-01 | SCDE0102 |
| SCANNER-ENV-03 | TODO | | SPRINT_0136_0001_0001_scanner_surface | BuildX Plugin Guild | src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin | Adopt Surface.Env helpers for plugin configuration (cache roots, CAS endpoints, feature toggles). | SCANNER-ENV-02 | SCBX0101 |
| SCANNER-EVENTS-16-301 | BLOCKED (2025-10-26) | 2025-10-26 | SPRINT_0136_0001_0001_scanner_surface | Scanner WebService Guild (`src/Scanner/StellaOps.Scanner.WebService`) | src/Scanner/StellaOps.Scanner.WebService | Emit orchestrator-compatible envelopes (`scanner.event.*`) and update integration tests to verify Notifier ingestion (no Redis queue coupling). | EVENTS-16-301 | SCEV0101 |
| SCANNER-GRAPH-21-001 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner WebService Guild, Cartographer Guild (src/Scanner/StellaOps.Scanner.WebService) | src/Scanner/StellaOps.Scanner.WebService | Provide webhook/REST endpoint for Cartographer to request policy overlays and runtime evidence for graph nodes, ensuring determinism and tenant scoping. | | |
| SCANNER-LIC-0001 | DONE | 2025-11-10 | SPRINT_0138_0001_0001_scanner_ruby_parity | Scanner Guild, Legal Guild (docs/modules/scanner) | docs/modules/scanner | Tree-sitter licensing captured, `NOTICE.md` updated, and Offline Kit now mirrors `third-party-licenses/` with ruby artifacts. | SCANNER-ENG-0016 | |
| SCANNER-LNM-21-001 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner WebService Guild, Policy Guild (src/Scanner/StellaOps.Scanner.WebService) | src/Scanner/StellaOps.Scanner.WebService | Update `/reports` and `/policy/runtime` payloads to consume advisory/vex linksets, exposing source severity arrays and conflict summaries alongside effective verdicts. | | |
| SCANNER-LNM-21-002 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner WebService Guild, UI Guild (src/Scanner/StellaOps.Scanner.WebService) | src/Scanner/StellaOps.Scanner.WebService | Add evidence endpoint for Console to fetch linkset summaries with policy overlay for a component/SBOM, including AOC references. | SCANNER-LNM-21-001 | |
| SCANNER-NATIVE-401-015 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Scanner Worker Guild | `src/Scanner/__Libraries/StellaOps.Scanner.Symbols.Native`, `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph.Native` | Stand up `StellaOps.Scanner.Symbols.Native` + `StellaOps.Scanner.CallGraph.Native` (ELF/PE readers, demanglers, probabilistic carving) and publish `FuncNode`/`CallEdge` CAS bundles consumed by reachability graphs. | Requires CAS schema approval from GAPG0101 | SCNA0101 |
| SCANNER-OPS-0001 | TODO | | SPRINT_327_docs_modules_scanner | Ops Guild (docs/modules/scanner) | docs/modules/scanner | Review scanner runbooks/observability assets after the next sprint demo and capture findings inline with sprint notes. | | |
| SCANNER-POLICY-0001 | DONE | 2025-11-10 | SPRINT_0138_0001_0001_scanner_ruby_parity | Policy Guild, Ruby Analyzer Guild (docs/modules/scanner) | docs/modules/scanner | Ruby predicates shipped: Policy Engine exposes `sbom.any_component` + `ruby.*`, tests updated, DSL/offline-kit docs refreshed. | SCANNER-ENG-0018 | |
| SCANNER-SECRETS-03 | TODO | | SPRINT_0136_0001_0001_scanner_surface | BuildX Plugin Guild, Security Guild (src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin) | src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin | Use Surface.Secrets to retrieve registry credentials when interacting with CAS/referrers. | SCANNER-SECRETS-02 | |
| SCANNER-SORT-02 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Core Guild (src/Scanner/__Libraries/StellaOps.Scanner.Core) | src/Scanner/__Libraries/StellaOps.Scanner.Core | Sort layer fragments by digest and components by `identity.purl`/`identity.key` before composition; add determinism regression tests. | SCANNER-EMIT-15-001 | |
| SCANNER-SURFACE-04 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Worker Guild (src/Scanner/StellaOps.Scanner.Worker) | src/Scanner/StellaOps.Scanner.Worker | DSSE-sign every `layer.fragments` payload, emit `_composition.json`, and persist DSSE envelopes so offline kits can replay deterministically (see `docs/modules/scanner/deterministic-sbom-compose.md` §2.1). | SCANNER-SURFACE-01; SURFACE-FS-03 | |
| SCHED-IMPACT-16-303 | DONE | | SPRINT_0155_0001_0001_scheduler_i | Scheduler ImpactIndex Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.ImpactIndex) | src/Scheduler/__Libraries/StellaOps.Scheduler.ImpactIndex | Snapshot/compaction + invalidation for removed images; persistence to RocksDB/Redis per architecture. | | |
| SCHED-SURFACE-01 | TODO | | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Evaluate Surface.FS pointers when planning delta scans to avoid redundant work and prioritise drift-triggered assets. | | |
| SCHED-SURFACE-02 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scheduler Worker Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Integrate Scheduler worker prefetch using Surface manifest reader and persist manifest pointers with rerun plans. | SURFACE-FS-02; SCHED-SURFACE-01 | |
| SCHED-VULN-29-001 | DONE | | SPRINT_0155_0001_0001_scheduler_i | Scheduler WebService Guild, Findings Ledger Guild (src/Scheduler/StellaOps.Scheduler.WebService) | src/Scheduler/StellaOps.Scheduler.WebService | Expose resolver job APIs (`POST /vuln/resolver/jobs`, `GET /vuln/resolver/jobs/{id}`) to trigger candidate recomputation per artifact/policy change with RBAC and rate limits. | | |
| SCHED-VULN-29-002 | TODO | | SPRINT_0155_0001_0001_scheduler_i | Scheduler WebService Guild, Observability Guild (src/Scheduler/StellaOps.Scheduler.WebService) | src/Scheduler/StellaOps.Scheduler.WebService | Provide projector lag metrics endpoint and webhook notifications for backlog breaches consumed by DevOps dashboards. Dependencies: SCHED-VULN-29-001. | | |
| SCHED-WEB-20-002 | TODO | | SPRINT_0155_0001_0001_scheduler_i | Scheduler WebService Guild (src/Scheduler/StellaOps.Scheduler.WebService) | src/Scheduler/StellaOps.Scheduler.WebService | Provide simulation trigger endpoint returning diff preview metadata and job state for UI/CLI consumption. | | |
| SCHED-WORKER-21-203 | DONE | | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Export metrics (`graph_build_seconds`, `graph_jobs_inflight`, `overlay_lag_seconds`) and structured logs with tenant/graph identifiers. | | |
| SCHED-WORKER-23-101 | TODO | | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Implement policy re-evaluation worker that shards assets, honours rate limits, and updates progress for Console after policy activation events. Dependencies: SCHED-WORKER-21-203. | | |
| SCHED-WORKER-23-102 | TODO | | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Add reconciliation job ensuring re-eval completion within SLA, emitting alerts on backlog and persisting status to `policy_runs`. Dependencies: SCHED-WORKER-23-101. | | |
| SCHED-WORKER-25-101 | TODO | | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Implement exception lifecycle worker handling auto-activation/expiry and publishing `exception.*` events with retries/backoff. Dependencies: SCHED-WORKER-23-102. | | |
| SCHED-WORKER-25-102 | TODO | | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Add expiring notification job generating digests, marking `expiring` state, updating metrics/alerts. Dependencies: SCHED-WORKER-25-101. | | |
| SCHED-WORKER-26-201 | TODO | | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild, Signals Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Build reachability joiner worker that combines SBOM snapshots with signals, writes cached facts, and schedules updates on new events. Dependencies: SCHED-WORKER-25-102. | | |
| SCHED-WORKER-26-202 | TODO | | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Implement staleness monitor + notifier for outdated reachability facts, publishing warnings and updating dashboards. Dependencies: SCHED-WORKER-26-201. | | |
| SCHED-WORKER-27-301 | TODO | | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Policy Registry Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Implement policy batch simulation worker: shard SBOM inventories, invoke Policy Engine, emit partial results, handle retries/backoff, and publish progress events. Dependencies: SCHED-WORKER-26-202. | | |
| SCHED-WORKER-27-302 | TODO | | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Build reducer job aggregating shard outputs into final manifests (counts, deltas, samples) and writing to object storage with checksums; emit completion events. Dependencies: SCHED-WORKER-27-301. | | |
| SCHED-WORKER-27-303 | TODO | | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Security Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Enforce tenant isolation, scope checks, and attestation integration for simulation jobs; secret scanning pipeline for uploaded policy sources. Dependencies: SCHED-WORKER-27-302. | | |
| SCHED-WORKER-29-001 | TODO | | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Findings Ledger Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Implement resolver worker generating candidate findings from inventory + advisory evidence, respecting ecosystem version semantics and path scope; emit jobs for policy evaluation. Dependencies: SCHED-WORKER-27-303. | | |
| SCHED-WORKER-29-002 | TODO | | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Build evaluation orchestration worker invoking Policy Engine batch eval, writing results to Findings Ledger projector queue, and handling retries/backoff. Dependencies: SCHED-WORKER-29-001. | | |
| SCHED-WORKER-29-003 | TODO | | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Add monitoring for resolver/evaluation backlog, SLA breaches, and export job queue; expose metrics/alerts feeding DevOps dashboards. Dependencies: SCHED-WORKER-29-002. | | |
| SCHED-WORKER-CONSOLE-23-201 | TODO | | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Stream run progress events (stage status, tuples processed, SLA hints) to Redis/NATS for Console SSE, with heartbeat, dedupe, and retention policy. Publish metrics + structured logs for queue lag. | | |
| SCHED-WORKER-CONSOLE-23-202 | TODO | | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Coordinate evidence bundle jobs (enqueue, track status, cleanup) and expose job manifests to Web gateway; ensure idempotent reruns and cancellation support. Dependencies: SCHED-WORKER-CONSOLE-23-201. | | |
| SCHEDULER-DOCS-0001 | DONE | | SPRINT_0328_0001_0001_docs_modules_scheduler | Docs Guild (docs/modules/scheduler) | docs/modules/scheduler | See ./AGENTS.md | | |
| SCHEDULER-ENG-0001 | DONE | | SPRINT_0328_0001_0001_docs_modules_scheduler | Module Team (docs/modules/scheduler) | docs/modules/scheduler | Update status via ./AGENTS.md workflow | | |
| SCHEDULER-OPS-0001 | DONE | | SPRINT_0328_0001_0001_docs_modules_scheduler | Ops Guild (docs/modules/scheduler) | docs/modules/scheduler | Sync outcomes back to ../.. | | |
| SCHEMA-401-024 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild (`src/Signals/StellaOps.Signals`, `docs/uncertainty/README.md`) | `src/Signals/StellaOps.Signals`, `docs/uncertainty/README.md` | | | |
| SCORER-401-025 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild (`src/Signals/StellaOps.Signals.Application`, `docs/uncertainty/README.md`) | `src/Signals/StellaOps.Signals.Application`, `docs/uncertainty/README.md` | | | |
| SCORING-401-003 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild (`src/Signals/StellaOps.Signals`) | `src/Signals/StellaOps.Signals` | | | |
| SDK-62-001 | TODO | | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild, SDK Generator Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | |
| SDK-62-002 | TODO | | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | |
| SDK-63-001 | TODO | | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild, API Governance Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | |
| SDK-64-001 | TODO | | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild, SDK Release Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | |
| SDKGEN-62-001 | TODO | | SPRINT_0208_0001_0001_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | Choose/pin generator toolchain, set up language template pipeline, and enforce reproducible builds. | DEVL0101 portal contracts | SDKG0101 |
| SDKGEN-62-002 | TODO | | SPRINT_0208_0001_0001_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | Implement shared post-processing (auth helpers, retries, pagination utilities, telemetry hooks) applied to all languages. Dependencies: SDKGEN-62-001. | SDKGEN-62-001 | SDKG0101 |
| SDKGEN-63-001 | BLOCKED (2025-11-26) | 2025-11-26 | SPRINT_0208_0001_0001_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | Ship TypeScript SDK alpha with ESM/CJS builds, typed errors, paginator, streaming helpers. Dependencies: SDKGEN-62-002. | 63-004 | SDKG0101 |
| SDKGEN-63-002 | TODO | | SPRINT_0208_0001_0001_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | Ship Python SDK alpha (sync/async clients, type hints, upload/download helpers). Dependencies: SDKGEN-63-001. | SDKGEN-63-001 | SDKG0101 |
| SDKGEN-63-003 | TODO | | SPRINT_0208_0001_0001_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | Ship Go SDK alpha with context-first API and streaming helpers. Dependencies: SDKGEN-63-002. | SDKGEN-63-002 | SDKG0101 |
| SDKGEN-63-004 | TODO | | SPRINT_0208_0001_0001_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | Ship Java SDK alpha (builder pattern, HTTP client abstraction). Dependencies: SDKGEN-63-003. | SDKGEN-63-003 | SDKG0101 |
| SDKGEN-64-001 | TODO | | SPRINT_0208_0001_0001_sdk | SDK Generator Guild · CLI Guild | src/Sdk/StellaOps.Sdk.Generator | Switch CLI to consume TS or Go SDK; ensure parity. Dependencies: SDKGEN-63-004. | SDKGEN-63-004 | SDKG0101 |
| SDKGEN-64-002 | TODO | | SPRINT_0208_0001_0001_sdk | SDK Generator Guild · Console Guild | src/Sdk/StellaOps.Sdk.Generator | Integrate SDKs into Console data providers where feasible. Dependencies: SDKGEN-64-001. | SDKGEN-64-001 | SDKG0101 |
| SDKREL-63-001 | TODO | | SPRINT_0208_0001_0001_sdk | SDK Release Guild (src/Sdk/StellaOps.Sdk.Release) | src/Sdk/StellaOps.Sdk.Release | Configure CI pipelines for npm, PyPI, Maven Central staging, and Go proxies with signing and provenance attestations. | | |
| SDKREL-63-002 | TODO | | SPRINT_0208_0001_0001_sdk | SDK Release Guild, API Governance Guild (src/Sdk/StellaOps.Sdk.Release) | src/Sdk/StellaOps.Sdk.Release | Integrate changelog automation pulling from OAS diffs and generator metadata. Dependencies: SDKREL-63-001. | | |
| SDKREL-64-001 | TODO | | SPRINT_0208_0001_0001_sdk | SDK Release Guild, Notifications Guild (src/Sdk/StellaOps.Sdk.Release) | src/Sdk/StellaOps.Sdk.Release | Hook SDK releases into Notifications Studio with scoped announcements and RSS/Atom feeds. Dependencies: SDKREL-63-002. | | |
| SDKREL-64-002 | TODO | | SPRINT_0208_0001_0001_sdk | SDK Release Guild, Export Center Guild (src/Sdk/StellaOps.Sdk.Release) | src/Sdk/StellaOps.Sdk.Release | Add `devportal --offline` bundle job packaging docs, specs, SDK artifacts for air-gapped users. Dependencies: SDKREL-64-001. | | |
| SEC-62-001 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild, Authority Core (docs) | | | | |
| SEC-CRYPTO-90-001 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Produce the RootPack_RU implementation plan, provider strategy (CryptoPro + PKCS#11), and backlog split for sovereign crypto work. | | |
| SEC-CRYPTO-90-002 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Extend signature/catalog constants and configuration schema to recognize `GOST12-256/512`, regional crypto profiles, and provider preference ordering. | | |
| SEC-CRYPTO-90-003 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Implement `StellaOps.Cryptography.Plugin.CryptoPro` provider (sign/verify/JWK export) using CryptoPro CSP with deterministic logging/tests. | | |
| SEC-CRYPTO-90-004 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Implement `StellaOps.Cryptography.Plugin.Pkcs11Gost` provider (Rutoken/JaCarta) via Pkcs11Interop with configurable slot/pin/module handling. | | |
| SEC-CRYPTO-90-005 | DONE | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Add configuration-driven provider selection (`crypto.regionalProfiles`), CLI diagnostics, and telemetry. | | |
| SEC-CRYPTO-90-006 | DONE | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Build deterministic Streebog/signature harnesses and RootPack audit metadata/runbooks. | | |
| SEC-CRYPTO-90-007 | DONE | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Package RootPack_RU artifacts (plugins, trust anchors, configs) with deployment documentation. | | |
| SEC-CRYPTO-90-008 | DONE | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Audit repository for direct crypto usage bypassing the new abstractions and file remediation tasks. | | |
| SEC-CRYPTO-90-009 | DONE | 2025-11-09 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro) | src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro | Replace the placeholder CryptoPro plug-in with a true CryptoPro CSP implementation (GostCryptography, certificate-store lookup, DER/raw normalization) so RootPack_RU exposes a qualified-signature path. | | |
| SEC-CRYPTO-90-010 | DONE | 2025-11-09 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography + .DependencyInjection) | src/__Libraries/StellaOps.Cryptography + .DependencyInjection | Introduce `StellaOpsCryptoOptions` / configuration binding for registry profiles/keys and ship an `AddStellaOpsCryptoRu(IConfiguration, …)` helper so hosts can enable `ru-offline` via YAML without custom code. | | |
| SEC-CRYPTO-90-011 | DONE | 2025-11-09 | SPRINT_514_sovereign_crypto_enablement | Security & Ops Guilds (src/Tools/StellaOps.CryptoRu.Cli) | src/Tools/StellaOps.CryptoRu.Cli | Build the sovereign crypto CLI (`StellaOps.CryptoRu.Cli`) to list keys, perform test-sign operations, and emit determinism/audit snapshots referenced in the RootPack docs. | | |
| SEC-CRYPTO-90-012 | BLOCKED (2025-11-27) | Env-gated; no CryptoPro/PKCS#11 runner available | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/__Tests/StellaOps.Cryptography.Tests) | src/__Libraries/__Tests/StellaOps.Cryptography.Tests | Add CryptoPro + PKCS#11 integration tests (env/pin gated) and wire them into `scripts/crypto/run-rootpack-ru-tests.sh`, covering Streebog vectors and DER/raw signatures. | | |
| SEC-CRYPTO-90-013 | BLOCKED (2025-11-27) | Depends on SEC-CRYPTO-90-021 registry wiring | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Extend the shared crypto stack with sovereign symmetric algorithms (Magma/Kuznyechik) so exports/data-at-rest can request Russian ciphers via the provider registry. | SEC-CRYPTO-90-021 | |
| SEC-CRYPTO-90-014 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security + Service Guilds | | Update runtime hosts (Authority, Scanner WebService/Worker, Concelier, etc.) to register the RU providers, bind `StellaOps:Crypto` profiles, and expose configuration toggles per the new options model. | Wait for AUIN0101 approvals | CRSA0101 |
| SEC-CRYPTO-90-015 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security + Docs Guild | docs/security/rootpack_ru_*.md | Refresh RootPack/validation documentation once the CLI/config/tests exist (remove TODO callouts, document final workflows). | Depends on #1 | CRSA0101 |
| SEC-CRYPTO-90-016 | DONE | 2025-11-09 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography.DependencyInjection + .Plugin.CryptoPro) | src/__Libraries/StellaOps.Cryptography.DependencyInjection + .Plugin.CryptoPro | Quarantine CryptoPro dependencies by default until IT.GostCryptography is patched; add MSBuild flag `StellaOpsEnableCryptoPro` and follow-up plan to re-enable the plug-in once a safe package exists. | | |
| SEC-CRYPTO-90-017 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security Guild | third_party/forks + src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro | Vendor `third_party/forks/AlexMAS.GostCryptography` into the solution build (solution filters, Directory.Build props, CI) so the library compiles with the rest of the repo and publishes artifacts for downstream consumers. | Needs third_party fork sync | CRSA0101 |
| SEC-CRYPTO-90-018 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security + Docs Guild | docs/security/rootpack_ru_*.md, docs/dev/crypto.md | Update developer/RootPack documentation to describe the new fork, sync steps, and licensing so operators know where the CryptoPro sources live and how to refresh them. | Depends on #3 | CRSA0101 |
| SEC-CRYPTO-90-019 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security Guild | third_party/forks/AlexMAS.GostCryptography | Patch the fork to drop vulnerable `System.Security.Cryptography.{Pkcs,Xml}` 6.0.0 dependencies (target .NET 8+, adopt fixed BCL packages, re-run tests). | Needs fork validation | CRSA0101 |
| SEC-CRYPTO-90-020 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security Guild | src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro | Re-point `StellaOps.Cryptography.Plugin.CryptoPro` to the forked sources (replace NuGet package references, adjust DI wiring) and prove the plugin works end-to-end. | Depends on #5 | CRSA0101 |
| SEC-CRYPTO-90-021 | BLOCKED (2025-11-27) | Windows CSP runner pending (depends on 90-020) | SPRINT_514_sovereign_crypto_enablement | Security + QA Guilds | scripts/crypto/**, docs/security/rootpack_ru_validation.md | Validate the forked library + plugin on both Windows (CryptoPro CSP) and Linux (OpenSSL GOST fallback) builds/tests; document any platform-specific prerequisites. | Depends on #6 | CRSA0101 |
| SEC-OBS-50-001 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild, Security Guild (docs) | | | | |
| SEC2 | DONE | 2025-11-09 | SPRINT_100_identity_signing | Security Guild, Storage Guild (src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard) | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard | | | |
| SEC3 | DONE | 2025-11-09 | SPRINT_100_identity_signing | Security Guild, BE-Auth Plugin (src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard) | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard | | | |
| SEC5 | DONE | 2025-11-09 | SPRINT_100_identity_signing | Security Guild (src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard) | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard | | | |
| SECRETS-01 | DOING | 2025-11-02 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Security Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | | | |
| SECRETS-02 | DOING | 2025-11-02 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | | SURFACE-SECRETS-01 | |
| SECRETS-03 | TODO | | SPRINT_0136_0001_0001_scanner_surface | BuildX Plugin Guild · Security Guild | src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin | SCANNER-SECRETS-02 | SCANNER-SECRETS-02 | SCBX0101 |
| SECRETS-04 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | | SURFACE-SECRETS-02 | |
| SECRETS-05 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Zastava Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | | SURFACE-SECRETS-02 | |
| SECRETS-06 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Ops Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | | SURFACE-SECRETS-03 | |
| SERVER-401-011 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Symbols Guild (`src/Symbols/StellaOps.Symbols.Server`) | `src/Symbols/StellaOps.Symbols.Server` | | | |
| SERVICE-21-001 | BLOCKED | | SPRINT_0140_0001_0001_runtime_signals | | | | | |
| SERVICE-21-002 | BLOCKED | | SPRINT_0140_0001_0001_runtime_signals | | | | | |
| SERVICE-21-003 | BLOCKED | | SPRINT_0140_0001_0001_runtime_signals | | | | | |
| SERVICE-21-004 | BLOCKED | | SPRINT_0140_0001_0001_runtime_signals | | | | | |
| SERVICE-23-001 | TODO | | SPRINT_0140_0001_0001_runtime_signals | | | | | |
| SERVICE-23-002 | TODO | | SPRINT_0140_0001_0001_runtime_signals | | | | | |
| SERVICE-DOCS-0001 | TODO | | SPRINT_0326_0001_0001_docs_modules_registry | Docs Guild (docs/modules/registry) | docs/modules/registry | | | |
| SERVICE-ENG-0001 | TODO | | SPRINT_0326_0001_0001_docs_modules_registry | Module Team (docs/modules/registry) | docs/modules/registry | | | |
| SERVICE-OPS-0001 | TODO | | SPRINT_0326_0001_0001_docs_modules_registry | Ops Guild (docs/modules/registry) | docs/modules/registry | | | |
| SIG-003 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild (`src/Signals/StellaOps.Signals`, `docs/reachability/function-level-evidence.md`) | `src/Signals/StellaOps.Signals`, `docs/reachability/function-level-evidence.md` | | | |
| SIG-26-001 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild, Signals Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | | | |
| SIG-26-002 | TODO | | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | |
| SIG-26-003 | TODO | | SPRINT_0211_0001_0003_ui_iii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | | | |
| SIG-26-004 | TODO | | SPRINT_0211_0001_0003_ui_iii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | | | |
| SIG-26-005 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild, UI Guild (docs) | | | | |
| SIG-26-006 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild, DevEx/CLI Guild (docs) | | | | |
| SIG-26-007 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild, BE-Base Platform Guild (docs) | | | | |
| SIG-26-008 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, DevOps Guild (docs) | | | | |
| SIG-STORE-401-016 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild · BE-Base Platform Guild (`src/Signals/StellaOps.Signals`, `src/__Libraries/StellaOps.Replay.Core`) | `src/Signals/StellaOps.Signals`, `src/__Libraries/StellaOps.Replay.Core` | Introduce shared reachability store collections (`func_nodes`, `call_edges`, `cve_func_hits`), indexes, and repository APIs so Scanner/Signals/Policy can reuse canonical function data. | | |
| SIGN-CORE-186-004 | DONE | 2025-11-26 | SPRINT_0186_0001_0001_record_deterministic_execution | Signing Guild | `src/Signer/StellaOps.Signer`, `src/__Libraries/StellaOps.Cryptography` | Replace the HMAC demo implementation in `StellaOps.Signer` with StellaOps.Cryptography providers (keyless + KMS), including provider selection, key material loading, and cosign-compatible DSSE signature output. | Mirrors #1 | SIGR0101 |
| SIGN-CORE-186-005 | DONE | 2025-11-26 | SPRINT_0186_0001_0001_record_deterministic_execution | Signing Guild | `src/Signer/StellaOps.Signer.Core` | Refactor `SignerStatementBuilder` to support StellaOps predicate types (e.g., `stella.ops/promotion@v1`) and delegate payload canonicalisation to the Provenance library once available. | Mirrors #2 | SIGR0101 |
| SIGN-REPLAY-186-003 | TODO | | SPRINT_0186_0001_0001_record_deterministic_execution | Signing Guild (`src/Signer/StellaOps.Signer`, `src/Authority/StellaOps.Authority`) | `src/Signer/StellaOps.Signer`, `src/Authority/StellaOps.Authority` | Extend Signer/Authority DSSE flows to cover replay manifest/bundle payload types with multi-profile support; refresh `docs/modules/signer/architecture.md` and `docs/modules/authority/architecture.md` to capture the new signing/verification path referencing `docs/replay/DETERMINISTIC_REPLAY.md` Section 5. | | |
| SIGN-TEST-186-006 | DONE | 2025-11-26 | SPRINT_0186_0001_0001_record_deterministic_execution | Signing Guild, QA Guild (`src/Signer/StellaOps.Signer.Tests`) | `src/Signer/StellaOps.Signer.Tests` | Upgrade signer integration tests to run against the real crypto abstraction and fixture predicates (promotion, SBOM, replay), replacing stub tokens/digests with deterministic test data. | | |
| SIGN-VEX-401-018 | DONE | 2025-11-26 | SPRINT_0401_0001_0001_reachability_evidence_chain | Signing Guild (`src/Signer/StellaOps.Signer`, `docs/modules/signer/architecture.md`) | `src/Signer/StellaOps.Signer`, `docs/modules/signer/architecture.md` | Extend Signer predicate catalog with `stella.ops/vexDecision@v1`, enforce payload policy, and plumb DSSE/Rekor integration for policy decisions. | | |
| SIGNALS-24-001 | DONE | 2025-11-09 | SPRINT_0140_0001_0001_runtime_signals | | | Host skeleton, RBAC, sealed-mode readiness, `/signals/facts/{subject}` retrieval, and readiness probes merged; serves as base for downstream ingestion. | | |
| SIGNALS-24-002 | DOING | 2025-11-07 | SPRINT_0140_0001_0001_runtime_signals | | | Callgraph ingestion + retrieval APIs are live, but CAS promotion and signed manifest publication remain; cannot close until reachability jobs can trust stored graphs. | | |
| SIGNALS-24-003 | DOING | 2025-11-09 | SPRINT_0140_0001_0001_runtime_signals | | | Runtime facts ingestion accepts JSON/NDJSON and gzip streams; provenance/context enrichment and NDJSON-to-AOC wiring still outstanding. | | |
| SIGNALS-24-004 | BLOCKED | 2025-10-27 | SPRINT_0140_0001_0001_runtime_signals | | 24-002/003 | Reachability scoring waits on complete ingestion feeds (24-002/003) plus Authority scope validation. | | |
| SIGNALS-24-005 | BLOCKED | 2025-10-27 | SPRINT_0140_0001_0001_runtime_signals | | | Cache + `signals.fact.updated` events depend on scoring outputs; remains idle until 24-004 unblocks. | | |
| SIGNALS-REACH-201-003 | DOING | 2025-11-08 | SPRINT_400_runtime_facts_static_callgraph_union | Signals Guild (`src/Signals/StellaOps.Signals`) | `src/Signals/StellaOps.Signals` | Extend Signals ingestion to accept the new multi-language graphs + runtime facts, normalize into `reachability_graphs` CAS layout, and expose retrieval APIs for Policy/CLI. | | |
| SIGNALS-REACH-201-004 | DOING | 2025-11-08 | SPRINT_400_runtime_facts_static_callgraph_union | Signals Guild · Policy Guild (`src/Signals/StellaOps.Signals`, `src/Policy/StellaOps.Policy.Engine`) | `src/Signals/StellaOps.Signals`, `src/Policy/StellaOps.Policy.Engine` | Build the reachability scoring engine (state/score/confidence), wire Redis caches + `signals.fact.updated` events, and integrate reachability weights defined in `docs/11_DATA_SCHEMAS.md`. | | |
| SIGNALS-RUNTIME-401-002 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild (`src/Signals/StellaOps.Signals`) | `src/Signals/StellaOps.Signals` | Ship `/signals/runtime-facts` ingestion for NDJSON (and gzip) batches, dedupe hits, and link runtime evidence CAS URIs to callgraph nodes. Include retention + RBAC tests. | | |
| SIGNALS-SCORING-401-003 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild (`src/Signals/StellaOps.Signals`) | `src/Signals/StellaOps.Signals` | Extend `ReachabilityScoringService` with deterministic scoring (static path +0.50, runtime hits +0.30/+0.10 sink, guard penalties, reflection penalty, floor 0.05), persist reachability labels (`reachable/conditional/unreachable`) and expose `/graphs/{scanId}` CAS lookups. | | |
| SIGNER-DOCS-0001 | DONE | 2025-11-05 | SPRINT_0329_0001_0001_docs_modules_signer | Docs Guild (docs/modules/signer) | docs/modules/signer | Validate that `docs/modules/signer/README.md` captures the latest DSSE/fulcio updates. | | |
| SIGNER-ENG-0001 | DONE | 2025-11-26 | SPRINT_0329_0001_0001_docs_modules_signer | Module Team (docs/modules/signer) | docs/modules/signer | Keep module milestones aligned with signer sprints under `/docs/implplan`. Updated README with Sprint 0186/0401 completed tasks (SIGN-CORE-186-004/005, SIGN-TEST-186-006, SIGN-VEX-401-018). | | |
| SIGNER-OPS-0001 | TODO | | SPRINT_0329_0001_0001_docs_modules_signer | Ops Guild (docs/modules/signer) | docs/modules/signer | Review signer runbooks/observability assets after next sprint demo. | | |
| SORT-02 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Core Guild (src/Scanner/__Libraries/StellaOps.Scanner.Core) | src/Scanner/__Libraries/StellaOps.Scanner.Core | | SCANNER-EMIT-15-001 | |
| ORCH-DOCS-0001 | DONE | | SPRINT_0323_0001_0001_docs_modules_orchestrator | Docs Guild (docs/modules/orchestrator) | docs/modules/orchestrator | Refresh orchestrator README + diagrams to reflect job leasing changes and reference the task runner bridge. | | |
| ORCH-ENG-0001 | DONE | | SPRINT_0323_0001_0001_docs_modules_orchestrator | Module Team (docs/modules/orchestrator) | docs/modules/orchestrator | Sync into ../.. | | |
| ORCH-OPS-0001 | DONE | | SPRINT_0323_0001_0001_docs_modules_orchestrator | Ops Guild (docs/modules/orchestrator) | docs/modules/orchestrator | Document outputs in ./README.md | | |
| SPL-23-001 | TODO | | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Language Infrastructure Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | | | |
| SPL-23-002 | TODO | | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | | POLICY-SPL-23-001 | |
| SPL-23-003 | TODO | | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | | POLICY-SPL-23-002 | |
| SPL-23-004 | DONE (2025-11-26) | | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Audit Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | | POLICY-SPL-23-003 | Explanation tree emitted from evaluation; persistence follow-up. |
| SPL-23-005 | TODO | | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, DevEx Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | | POLICY-SPL-23-004 | |
| SPL-24-001 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Signals Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | | POLICY-SPL-23-005 | |
| STORE-401-016 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild · BE-Base Platform Guild (`src/Signals/StellaOps.Signals`, `src/__Libraries/StellaOps.Replay.Core`) | `src/Signals/StellaOps.Signals`, `src/__Libraries/StellaOps.Replay.Core` | | | |
| STORE-AOC-19-001 | DONE (2025-11-25) | | SPRINT_0119_0001_0005_excititor_v | Excititor Storage Guild (src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo) | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo | | | |
| STORE-AOC-19-002 | DONE (2025-11-25) | | SPRINT_0119_0001_0005_excititor_v | Excititor Storage Guild, DevOps Guild (src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo) | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo | | | |
| STORE-AOC-19-005 | TODO | 2025-11-04 | SPRINT_115_concelier_iv | Concelier Storage Guild, DevOps Guild (src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo) | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | | | |
| SURFACE-01 | TODO | | SPRINT_0140_0001_0001_runtime_signals | | | | | |
| SURFACE-02 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scheduler Worker Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | SURFACE-FS-02; SCHED-SURFACE-01 | |
| SURFACE-04 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Worker Guild (src/Scanner/StellaOps.Scanner.Worker) | src/Scanner/StellaOps.Scanner.Worker | | SCANNER-SURFACE-01; SURFACE-FS-03 | |
| SURFACE-ENV-01 | DONE | 2025-11-13 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Zastava Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | Draft `surface-env.md` enumerating environment variables, defaults, and air-gap behaviour for Surface consumers. | — | SCSS0101 |
| SURFACE-ENV-02 | DOING | 2025-11-02 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | Implement strongly-typed env accessors with validation and deterministic logging inside `StellaOps.Scanner.Surface.Env`. | SURFACE-ENV-01 | SCSS0101 |
| SURFACE-ENV-03 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | Adopt the env helper across Scanner Worker/WebService/BuildX plug-ins. | SURFACE-ENV-02 | |
| SURFACE-ENV-04 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Zastava Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | Wire env helper into Zastava Observer/Webhook containers. | SURFACE-ENV-02 | |
| SURFACE-ENV-05 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Ops Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | Update Helm/Compose/offline kit templates with new env knobs and documentation. | SURFACE-ENV-03; SURFACE-ENV-04 | |
| SURFACE-FS-03 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | Integrate Surface.FS writer into Scanner Worker analyzer pipeline to persist layer + entry-trace fragments. | SURFACE-FS-02 | |
| SURFACE-FS-04 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Zastava Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | Integrate Surface.FS reader into Zastava Observer runtime drift loop. | SURFACE-FS-02 | |
| SURFACE-FS-05 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Scheduler Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | Expose Surface.FS pointers via Scanner WebService reports and coordinate rescan planning with Scheduler. | SURFACE-FS-03 | |
| SURFACE-FS-06 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Docs Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | Update scanner-engine guide and offline kit docs with Surface.FS workflow. | SURFACE-FS-02 | |
| SURFACE-FS-07 | DONE | 2025-12-04 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | Extend Surface.FS manifest schema with `composition.recipe`, fragment attestation metadata, and verification helpers per deterministic SBOM spec. | SCANNER-SURFACE-04 | |
| SURFACE-SECRETS-01 | DOING | 2025-11-02 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Security Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | Produce `surface-secrets.md` defining secret reference schema, storage backends, scopes, and rotation rules. | | |
| SURFACE-SECRETS-02 | DOING | 2025-11-02 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | Implement `StellaOps.Scanner.Surface.Secrets` core provider interfaces, secret models, and in-memory test backend. | SURFACE-SECRETS-01 | |
| SURFACE-SECRETS-03 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | Add Kubernetes/File/Offline backends with deterministic caching and audit hooks. | SURFACE-SECRETS-02 | SCSS0101 |
| SURFACE-SECRETS-04 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | Integrate Surface.Secrets into Scanner Worker/WebService/BuildX for registry + CAS creds. | SURFACE-SECRETS-02 | |
| SURFACE-SECRETS-05 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Zastava Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | Invoke Surface.Secrets from Zastava Observer/Webhook for CAS & attestation secrets. | SURFACE-SECRETS-02 | |
| SURFACE-SECRETS-06 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Ops Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | Update deployment manifests/offline kit bundles to provision secret references instead of raw values. | SURFACE-SECRETS-03 | |
| SURFACE-VAL-01 | DOING | 2025-11-01 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Security Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | Define the Surface validation framework (`surface-validation.md`) covering env/cache/secret checks and extension hooks. | SURFACE-FS-01; SURFACE-ENV-01 | SCSS0102 |
| SURFACE-VAL-02 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | Implement base validation library with check registry and default validators for env/cached manifests/secret refs. | SURFACE-VAL-01; SURFACE-ENV-02; SURFACE-FS-02 | SCSS0102 |
| SURFACE-VAL-03 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | Integrate validation pipeline into Scanner analyzers so checks run before processing. | SURFACE-VAL-02 | SCSS0102 |
| SURFACE-VAL-04 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Zastava Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | Expose validation helpers to Zastava and other runtime consumers for preflight checks. | SURFACE-VAL-02 | SCSS0102 |
| SURFACE-VAL-05 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Docs Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | Document validation extensibility, registration, and customization in scanner-engine guides. | SURFACE-VAL-02 | SCSS0102 |
| SVC-32-002 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | |
| SVC-32-003 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | |
| SVC-32-004 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | |
| SVC-32-005 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | |
| SVC-33-001 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | |
| SVC-33-002 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | |
| SVC-33-003 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | |
| SVC-33-004 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | |
| SVC-34-001 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | |
| SVC-34-002 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | |
| SVC-34-003 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | |
| SVC-34-004 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | |
| SVC-35-001 | BLOCKED | 2025-10-29 | SPRINT_163_exportcenter_ii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | |
| SVC-35-002 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | |
| SVC-35-003 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | |
| SVC-35-004 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | |
| SVC-35-005 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | |
| SVC-35-006 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | |
| SVC-35-101 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | |
| SVC-36-001 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | |
| SVC-36-002 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | |
| SVC-36-003 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | |
| SVC-36-004 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | |
| SVC-36-101 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | |
| SVC-37-001 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | |
| SVC-37-002 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | |
| SVC-37-003 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | |
| SVC-37-004 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | |
| SVC-37-101 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | |
| SVC-38-002 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | | | |
| SVC-38-003 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | | | |
| SVC-38-004 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | | | |
| SVC-38-101 | TODO | | SPRINT_0153_0001_0003_orchestrator_iii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | |
| SVC-39-001 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | | | |
| SVC-39-002 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | | | |
| SVC-39-003 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | | | |
| SVC-39-004 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | | | |
| SVC-40-001 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | | | |
| SVC-40-002 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | | | |
| SVC-40-003 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | | | |
| SVC-40-004 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | | | |
| SVC-41-101 | TODO | | SPRINT_0153_0001_0003_orchestrator_iii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | |
| SVC-42-101 | TODO | | SPRINT_0153_0001_0003_orchestrator_iii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | |
| SVC-43-001 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | |
| SYM-007 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Scanner Worker Guild & Docs Guild (`src/Scanner/StellaOps.Scanner.Models`, `docs/modules/scanner/architecture.md`, `docs/reachability/function-level-evidence.md`) | `src/Scanner/StellaOps.Scanner.Models`, `docs/modules/scanner/architecture.md`, `docs/reachability/function-level-evidence.md` | | | |
| SYMS-70-003 | TODO | | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild, Symbols Guild (docs) | | | | |
| SYMS-90-005 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild, Symbols Guild (ops/devops) | ops/devops | | | |
| SYMS-BUNDLE-401-014 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Symbols Guild · Ops | `src/Symbols/StellaOps.Symbols.Bundle`, `ops` | Produce deterministic symbol bundles for air-gapped installs (`symbols bundle create | Depends on #1 | RBSY0101 |
| SYMS-CLIENT-401-012 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Symbols Guild · Scanner Guild | `src/Symbols/StellaOps.Symbols.Client`, `src/Scanner/StellaOps.Scanner.Symbolizer` | Ship `StellaOps.Symbols.Client` SDK (resolve/upload APIs, platform key derivation for ELF/PDB/Mach-O/JVM/Node, disk LRU cache) and integrate with Scanner.Symbolizer/runtime probes (ref. `docs/specs/SYMBOL_MANIFEST_v1.md`). | Depends on #3 | RBSY0101 |
| SYMS-INGEST-401-013 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Symbols Guild · DevOps Guild | `src/Symbols/StellaOps.Symbols.Ingestor.Cli`, `docs/specs/SYMBOL_MANIFEST_v1.md` | Build `symbols ingest` CLI to emit DSSE-signed `SymbolManifest v1`, upload blobs, and register Rekor entries; document GitLab/Gitea pipeline usage. | Needs manifest updates from #1 | RBSY0101 |
| SYMS-SERVER-401-011 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Symbols Guild | `src/Symbols/StellaOps.Symbols.Server` | Deliver `StellaOps.Symbols.Server` (REST+gRPC) with DSSE-verified uploads, Mongo/MinIO storage, tenant isolation, and deterministic debugId indexing; publish health/manifest APIs (spec: `docs/specs/SYMBOL_MANIFEST_v1.md`). | Depends on #5 | RBSY0101 |
| TASKRUN-41-001 | DONE (2025-11-30) | 2025-11-30 | SPRINT_0157_0001_0002_taskrunner_blockers | Task Runner Guild | src/TaskRunner/StellaOps.TaskRunner | Bootstrap service, define migrations for `pack_runs`, `pack_run_logs`, `pack_artifacts`, implement run API (create/get/log stream), local executor, approvals pause, artifact capture, and provenance manifest generation. | Delivered per Task Pack advisory and architecture contract. | ORTR0101 |
| TASKRUN-AIRGAP-56-001 | DONE (2025-11-30) | 2025-11-30 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild · AirGap Policy Guild | src/TaskRunner/StellaOps.TaskRunner | Enforce plan-time validation rejecting steps with non-allowlisted network calls in sealed mode and surface remediation errors. | TASKRUN-41-001 | ORTR0101 |
| TASKRUN-AIRGAP-56-002 | DONE (2025-12-03) | 2025-11-30 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild · AirGap Importer Guild | src/TaskRunner/StellaOps.TaskRunner | Add helper steps for bundle ingestion (checksum verification, staging to object store) with deterministic outputs. | TASKRUN-AIRGAP-56-001 | ORTR0101 |
| TASKRUN-AIRGAP-57-001 | BLOCKED (2025-11-30) | 2025-11-30 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild · AirGap Controller Guild | src/TaskRunner/StellaOps.TaskRunner | Refuse to execute plans when environment sealed=false but declared sealed install; emit advisory timeline events. | TASKRUN-AIRGAP-56-002 | ORTR0101 |
| TASKRUN-AIRGAP-58-001 | BLOCKED (2025-11-30) | 2025-11-30 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild · Evidence Locker Guild | src/TaskRunner/StellaOps.TaskRunner | Capture bundle import job transcripts, hashed inputs, and outputs into portable evidence bundles. | TASKRUN-AIRGAP-57-001 | ORTR0101 |
| TASKRUN-42-001 | BLOCKED (2025-11-25) | 2025-11-25 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild (`src/TaskRunner/StellaOps.TaskRunner`) | src/TaskRunner/StellaOps.TaskRunner | Execution engine enhancements (loops/conditionals/maxParallel), simulation mode, policy gate integration, deterministic failure recovery. Blocked: loop/conditional semantics and policy-gate evaluation contract not published. | | ORTR0102 |
| TASKRUN-OAS-61-001 | BLOCKED (2025-11-30) | 2025-11-30 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild · API Contracts Guild | src/TaskRunner/StellaOps.TaskRunner | Document Task Runner APIs (pack runs, logs, approvals) in service OAS, including streaming response schemas and examples. | TASKRUN-41-001 | ORTR0101 |
| TASKRUN-OAS-61-002 | BLOCKED (2025-11-30) | 2025-11-30 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild | src/TaskRunner/StellaOps.TaskRunner | Expose `GET /.well-known/openapi` returning signed spec metadata, build version, and ETag. | TASKRUN-OAS-61-001 | ORTR0101 |
| TASKRUN-OAS-62-001 | BLOCKED (2025-11-30) | 2025-11-30 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild · SDK Generator Guild | src/TaskRunner/StellaOps.TaskRunner | Provide SDK examples for pack run lifecycle; ensure SDKs offer streaming log helpers and paginator wrappers. | TASKRUN-OAS-61-002 | ORTR0102 |
| TASKRUN-OAS-63-001 | BLOCKED (2025-11-30) | 2025-11-30 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild · API Governance Guild | src/TaskRunner/StellaOps.TaskRunner | Implement deprecation header support and Sunset handling for legacy pack APIs; emit notifications metadata. | TASKRUN-OAS-62-001 | ORTR0102 |
| TASKRUN-OBS-50-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild | src/TaskRunner/StellaOps.TaskRunner | Adopt telemetry core in Task Runner host + worker executors, ensuring step execution spans/logs include `trace_id`, `tenant_id`, `run_id`, and scrubbed command transcripts. | ORTR0101 telemetry hooks | ORTR0102 |
| TASKRUN-OBS-51-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild · DevOps Guild | src/TaskRunner/StellaOps.TaskRunner | Emit metrics for step latency, retries, queue depth, sandbox resource usage; define SLOs for pack run completion and failure rate; surface burn-rate alerts to collector/Notifier. Dependencies: TASKRUN-OBS-50-001. | TASKRUN-OBS-50-001 | ORTR0102 |
| TASKRUN-OBS-52-001 | BLOCKED (2025-11-25) | 2025-11-25 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild | src/TaskRunner/StellaOps.TaskRunner | Produce timeline events for pack runs (`pack.started`, `pack.step.completed`, `pack.failed`) containing evidence pointers and policy gate context. Provide dedupe + retry logic. Blocked: timeline event schema and evidence-pointer contract not published. | TASKRUN-OBS-51-001 | ORTR0102 |
| TASKRUN-OBS-53-001 | BLOCKED (2025-11-25) | 2025-11-25 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild · Evidence Locker Guild | src/TaskRunner/StellaOps.TaskRunner | Capture step transcripts, artifact manifests, environment digests, and policy approvals into evidence locker snapshots; ensure redaction + hash chain coverage. Blocked: waiting on timeline schema/evidence-pointer contract (OBS-52-001). | TASKRUN-OBS-52-001 | ORTR0102 |
| TASKRUN-OBS-54-001 | BLOCKED (2025-11-30) | 2025-11-30 | SPRINT_0158_0001_0002_taskrunner_ii | Task Runner Guild · Provenance Guild | src/TaskRunner/StellaOps.TaskRunner | Generate DSSE attestations for pack runs (subjects = produced artifacts) and expose verification API/CLI integration. Store references in timeline events. | TASKRUN-OBS-53-001 | ORTR0102 |
| TASKRUN-OBS-55-001 | BLOCKED (2025-11-30) | 2025-11-30 | SPRINT_0158_0001_0002_taskrunner_ii | Task Runner Guild · DevOps Guild | src/TaskRunner/StellaOps.TaskRunner | Implement incident mode escalations (extra telemetry, debug artifact capture, retention bump) and align on automatic activation via SLO breach webhooks. | TASKRUN-OBS-54-001 | ORTR0102 |
| TASKRUN-TEN-48-001 | BLOCKED (2025-11-30) | 2025-11-30 | SPRINT_0158_0001_0002_taskrunner_ii | Task Runner Guild | src/TaskRunner/StellaOps.TaskRunner | Require tenant/project context for every pack run, set DB/object-store prefixes, block egress when tenant restricted, and propagate context to steps/logs. | TASKRUN-OBS-53-001; Tenancy policy contract | ORTR0101 |
| TELEMETRY-DOCS-0001 | DONE (2025-11-30) | 2025-11-30 | SPRINT_330_docs_modules_telemetry | Docs Guild | docs/modules/telemetry | Validate that telemetry module docs reflect the new storage stack and isolation rules. | Ops checklist from DVDO0103 | DOTL0101 |
| TELEMETRY-DOCS-0001 | DONE (2025-11-30) | 2025-11-30 | SPRINT_330_docs_modules_telemetry | Docs Guild | docs/modules/telemetry | Validate that telemetry module docs reflect the new storage stack and isolation rules. | Ops checklist from DVDO0103 | DOTL0101 |
| TELEMETRY-ENG-0001 | DONE (2025-11-30) | 2025-11-30 | SPRINT_330_docs_modules_telemetry | Module Team | docs/modules/telemetry | Ensure milestones stay in sync with telemetry sprints in `docs/implplan`. | TLTY0101 API review | DOTL0101 |
| TELEMETRY-OBS-50-001 | DONE (2025-11-19) | | SPRINT_0170_0001_0001_notifications_telemetry | Telemetry Core Guild | src/Telemetry/StellaOps.Telemetry.Core | Core bootstrap delivered; sample host wiring published (`docs/observability/telemetry-bootstrap.md`). | 50-002 dashboards | TLTY0101 |
| TELEMETRY-OBS-50-002 | DONE (2025-11-27) | | SPRINT_0170_0001_0001_notifications_telemetry | Telemetry Core Guild | src/Telemetry/StellaOps.Telemetry.Core | Propagation middleware/adapters implemented; tests green. | 50-001 | TLTY0101 |
| TELEMETRY-OBS-51-001 | DONE (2025-11-27) | 2025-11-27 | SPRINT_0170_0001_0001_notifications_telemetry | Telemetry Core Guild | src/Telemetry/StellaOps.Telemetry.Core | Golden-signal metrics with cardinality guards and exemplars shipped. | 51-002 | TLTY0101 |
| TELEMETRY-OBS-51-002 | DONE (2025-11-27) | 2025-11-27 | SPRINT_0170_0001_0001_notifications_telemetry | Telemetry Core Guild | src/Telemetry/StellaOps.Telemetry.Core | Scrubbing/redaction filters + audit overrides delivered. | 51-001 | TLTY0101 |
| TELEMETRY-OBS-55-001 | DONE (2025-11-27) | | SPRINT_0170_0001_0001_notifications_telemetry | Telemetry Core Guild · Observability Guild | src/Telemetry/StellaOps.Telemetry.Core | Incident mode toggle API with sampling/retention tags; activation trail implemented. | 56-001 event schema | TLTY0101 |
| TELEMETRY-OBS-56-001 | DONE (2025-11-27) | | SPRINT_0174_0001_0001_telemetry | Telemetry Core Guild | src/Telemetry/StellaOps.Telemetry.Core | Add sealed-mode telemetry helpers (drift metrics, seal/unseal spans, offline exporters) and ensure hosts can disable external exporters when sealed. Dependencies: TELEMETRY-OBS-55-001. | OBS-55-001 output | TLTY0101 |
| TELEMETRY-OPS-0001 | DONE (2025-11-30) | 2025-11-30 | SPRINT_330_docs_modules_telemetry | Ops Guild | docs/modules/telemetry | Review telemetry runbooks/observability dashboards post-demo. | DVDO0103 deployment notes | DOTL0101 |
| TEN-47-001 | TODO | | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | |
| TEN-48-001 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | | | |
| TEN-49-001 | TODO | | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | |
| TEST-186-006 | TODO | | SPRINT_0186_0001_0001_record_deterministic_execution | Signing Guild, QA Guild (`src/Signer/StellaOps.Signer.Tests`) | `src/Signer/StellaOps.Signer.Tests` | | | |
| TEST-62-001 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Contract Testing Guild (docs) | | | | |
| TIME-57-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | | | PROGRAM-STAFF-1001 | |
| TIME-57-002 | TODO | | SPRINT_510_airgap | Exporter Guild · AirGap Time Guild · CLI Guild | src/AirGap/StellaOps.AirGap.Time | PROGRAM-STAFF-1001 | PROGRAM-STAFF-1001 | AGTM0101 |
| TIME-58-001 | TODO | | SPRINT_510_airgap | AirGap Time Guild | src/AirGap/StellaOps.AirGap.Time | AIRGAP-TIME-58-001 | AIRGAP-TIME-58-001 | AGTM0101 |
| TIME-58-002 | TODO | | SPRINT_510_airgap | AirGap Time Guild · Notifications Guild | src/AirGap/StellaOps.AirGap.Time | TIME-58-001 | TIME-58-001 | AGTM0101 |
| TIMELINE-OBS-52-001 | TODO | | SPRINT_160_export_evidence | Timeline Indexer Guild | | Timeline Indexer Guild | | |
| TIMELINE-OBS-52-002 | TODO | | SPRINT_160_export_evidence | Timeline Indexer Guild | | Timeline Indexer Guild | | |
| TIMELINE-OBS-52-003 | TODO | | SPRINT_160_export_evidence | Timeline Indexer Guild | | Timeline Indexer Guild | | |
| TIMELINE-OBS-52-004 | TODO | | SPRINT_160_export_evidence | Timeline Indexer + Security Guilds | | Timeline Indexer + Security Guilds | | |
| TIMELINE-OBS-53-001 | TODO | | SPRINT_160_export_evidence | Timeline Indexer + Evidence Locker Guilds | | Timeline Indexer + Evidence Locker Guilds | | |
| UI-401-027 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | UI Guild · CLI Guild (`src/UI/StellaOps.UI`, `src/Cli/StellaOps.Cli`, `docs/uncertainty/README.md`) | `src/UI/StellaOps.UI`, `src/Cli/StellaOps.Cli`, `docs/uncertainty/README.md` | | | |
| UI-AOC-19-001 | TODO | | SPRINT_0209_0001_0001_ui_i | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Add Sources dashboard tiles showing AOC pass/fail, recent violation codes, and ingest throughput per tenant. | | |
| UI-AOC-19-002 | TODO | | SPRINT_0209_0001_0001_ui_i | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Implement violation drill-down view highlighting offending document fields and provenance metadata. Dependencies: UI-AOC-19-001. | | |
| UI-AOC-19-003 | TODO | | SPRINT_0209_0001_0001_ui_i | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Add "Verify last 24h" action triggering AOC verifier endpoint and surfacing CLI parity guidance. Dependencies: UI-AOC-19-002. | | |
| UI-CLI-401-007 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | UI & CLI Guilds (`src/Cli/StellaOps.Cli`, `src/UI/StellaOps.UI`) | `src/Cli/StellaOps.Cli`, `src/UI/StellaOps.UI` | Implement CLI `stella graph explain` + UI explain drawer showing signed call-path, predicates, runtime hits, and DSSE pointers; include counterfactual controls. | | |
| UI-DOCS-0001 | TODO | | SPRINT_331_docs_modules_ui | Docs Guild (docs/modules/ui) | docs/modules/ui | | | |
| UI-ENG-0001 | TODO | | SPRINT_331_docs_modules_ui | Module Team (docs/modules/ui) | docs/modules/ui | | | |
| UI-ENTROPY-40-001 | TODO | | SPRINT_0209_0001_0001_ui_i | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Visualise entropy analysis per image (layer donut, file heatmaps, """Why risky?""" chips) in Vulnerability Explorer and scan details, including opaque byte ratios and detector hints (see `docs/modules/scanner/entropy.md`). | | |
| UI-ENTROPY-40-002 | TODO | | SPRINT_0209_0001_0001_ui_i | UI Guild, Policy Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Add policy banners/tooltips explaining entropy penalties (block/warn thresholds, mitigation steps) and link to raw `entropy.report.json` evidence downloads (`docs/modules/scanner/entropy.md`). Dependencies: UI-ENTROPY-40-001. | | |
| UI-EXC-25-001 | TODO | | SPRINT_0209_0001_0001_ui_i | UI Guild, Governance Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Build Exception Center (list + kanban) with filters, sorting, workflow transitions, and audit views. | | |
| UI-EXC-25-002 | TODO | | SPRINT_0209_0001_0001_ui_i | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Implement exception creation wizard with scope preview, justification templates, timebox guardrails. Dependencies: UI-EXC-25-001. | | |
| UI-EXC-25-003 | TODO | | SPRINT_0209_0001_0001_ui_i | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Add inline exception drafting/proposing from Vulnerability Explorer and Graph detail panels with live simulation. Dependencies: UI-EXC-25-002. | | |
| UI-EXC-25-004 | TODO | | SPRINT_0209_0001_0001_ui_i | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Surface exception badges, countdown timers, and explain integration across Graph/Vuln Explorer and policy views. Dependencies: UI-EXC-25-003. | | |
| UI-EXC-25-005 | TODO | | SPRINT_0209_0001_0001_ui_i | UI Guild, Accessibility Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Add keyboard shortcuts (`x`,`a`,`r`) and ensure screen-reader messaging for approvals/revocations. Dependencies: UI-EXC-25-004. | | |
| UI-GRAPH-21-001 | TODO | | SPRINT_0209_0001_0001_ui_i | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | Align Graph Explorer auth configuration with new `graph:*` scopes; consume scope identifiers from shared `StellaOpsScopes` exports (via generated SDK/config) instead of hard-coded strings. | | |
| UI-GRAPH-24-001 | BLOCKED | 2025-12-06 | SPRINT_0209_0001_0001_ui_i | UI Guild, SBOM Service Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Build Graph Explorer canvas with layered/radial layouts, virtualization, zoom/pan, and scope toggles; initial render <1.5s for sample asset. Dependencies: UI-GRAPH-21-001. | | Blocked: awaiting generated graph:* scope SDK exports; cannot render canvas deterministically. |
| UI-GRAPH-24-002 | BLOCKED | 2025-12-06 | SPRINT_0209_0001_0001_ui_i | UI Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement overlays (Policy, Evidence, License, Exposure), simulation toggle, path view, and SBOM diff/time-travel with accessible tooltips/AOC indicators. Dependencies: UI-GRAPH-24-001. | | Blocked by UI-GRAPH-24-001 and missing scope exports. |
| UI-GRAPH-24-003 | BLOCKED | 2025-12-06 | SPRINT_0209_0001_0001_ui_i | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Deliver filters/search panel with facets, saved views, permalinks, and share modal. Dependencies: UI-GRAPH-24-002. | | Blocked by UI-GRAPH-24-002. |
| UI-GRAPH-24-004 | BLOCKED | 2025-12-06 | SPRINT_0209_0001_0001_ui_i | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add side panels (Details, What-if, History) with upgrade simulation integration and SBOM diff viewer. Dependencies: UI-GRAPH-24-003. | | Blocked: graph:* scope SDK exports not delivered; canvas chain stalled. |
| UI-GRAPH-24-006 | BLOCKED | 2025-12-06 | SPRINT_0209_0001_0001_ui_i | UI Guild, Accessibility Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Ensure accessibility (keyboard nav, screen reader labels, contrast), add hotkeys (`f`,`e`,`.`), and analytics instrumentation. Dependencies: UI-GRAPH-24-004. | | Blocked: upstream graph canvas tasks blocked on scope exports. |
| UI-LNM-22-001 | DONE | 2025-11-27 | SPRINT_0209_0001_0001_ui_i | UI Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Build Evidence panel showing policy decision with advisory observations/linksets side-by-side, conflict badges, AOC chain, and raw doc download links. Docs `DOCS-LNM-22-005` waiting on delivered UI for screenshots + flows. | | |
| UI-LNM-22-002 | DONE | 2025-12-04 | SPRINT_0210_0001_0002_ui_ii | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement filters (source, severity bucket, conflict-only, CVSS vector presence) and pagination/lazy loading for large linksets. Docs depend on finalized filtering UX. Dependencies: UI-LNM-22-001. | | |
| UI-LNM-22-003 | DONE | 2025-12-04 | SPRINT_0210_0001_0002_ui_ii | UI Guild, Excititor Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add VEX tab with status/justification summaries, conflict indicators, and export actions. Required for `DOCS-LNM-22-005` coverage of VEX evidence tab. Dependencies: UI-LNM-22-002. | | |
| UI-LNM-22-004 | DONE | 2025-12-04 | SPRINT_0210_0001_0002_ui_ii | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Provide permalink + copy-to-clipboard for selected component/linkset/policy combination; ensure high-contrast theme support. Dependencies: UI-LNM-22-003. | | |
| UI-OPS-0001 | TODO | | SPRINT_331_docs_modules_ui | Ops Guild (docs/modules/ui) | docs/modules/ui | | | |
| UI-ORCH-32-001 | DONE | 2025-12-04 | SPRINT_0210_0001_0002_ui_ii | UI Guild, Console Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Update Console RBAC mappings to surface `Orch.Viewer`, request `orch:read` scope in token flows, and gate dashboard access/messaging accordingly. | | |
| UI-POLICY-13-007 | DONE | 2025-12-04 | SPRINT_0210_0001_0002_ui_ii | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Surface policy confidence metadata (band, age, quiet provenance) on preview and report views. | | |
| UI-POLICY-20-001 | DONE | 2025-12-05 | SPRINT_0210_0001_0002_ui_ii | UI Guild | src/Web/StellaOps.Web | Ship Monaco-based policy editor with DSL syntax highlighting, diagnostics, and checklist sidebar. | POLICY-13-007 | UIPD0101 |
| UI-POLICY-20-002 | DONE | 2025-12-05 | SPRINT_0210_0001_0002_ui_ii | UI Guild | src/Web/StellaOps.Web | Build simulation panel showing before/after counts, severity deltas, deterministic diffs. | UI-POLICY-20-001 | UIPD0101 |
| UI-POLICY-20-003 | DONE | 2025-12-05 | SPRINT_0210_0001_0002_ui_ii | UI/ProdOps Guild | src/Web/StellaOps.Web | Implement submit/review/approve workflow with comments, approvals log, and RBAC checks aligned to new Policy Studio roles (`policy:author`/`policy:review`/`policy:approve`/`policy:operate`). Dependencies: UI-POLICY-20-002. | Requires 20-002 results | |
| UI-POLICY-20-004 | DONE | 2025-12-05 | SPRINT_0210_0001_0002_ui_ii | UI Guild · Observability Guild | src/Web/StellaOps.Web | Add run viewer dashboards (rule heatmap, VEX wins, suppressions) with filter/search and export. Dependencies: UI-POLICY-20-003. | Depends on 20-003 | |
| UI-POLICY-23-001 | DONE | 2025-12-05 | SPRINT_0210_0001_0002_ui_ii | UI Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Deliver Policy Editor workspace with pack list, revision history, and scoped metadata cards. Dependencies: UI-POLICY-20-004. | | |
| UI-POLICY-23-002 | DONE | 2025-12-05 | SPRINT_0210_0001_0002_ui_ii | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement YAML editor with schema validation, lint diagnostics, and live canonicalization preview. Dependencies: UI-POLICY-23-001. | | |
| UI-POLICY-23-003 | DONE | 2025-12-05 | SPRINT_0210_0001_0002_ui_ii | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Build guided rule builder (source preferences, severity mapping, VEX precedence, exceptions) with preview JSON output. Dependencies: UI-POLICY-23-002. | | |
| UI-POLICY-23-004 | DONE | 2025-12-05 | SPRINT_0210_0001_0002_ui_ii | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add review/approval workflow UI: checklists, comments, two-person approval indicator, scope scheduling. Dependencies: UI-POLICY-23-003. | | |
| UI-POLICY-23-005 | DONE | 2025-12-05 | SPRINT_0210_0001_0002_ui_ii | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Integrate simulator panel (SBOM/component/advisory selection), run diff vs active policy, show explain tree and overlays. Dependencies: UI-POLICY-23-004. | | |
| UI-POLICY-23-006 | DONE | 2025-12-05 | SPRINT_0210_0001_0002_ui_ii | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement explain view linking to evidence overlays and exceptions; provide export to JSON/PDF. Dependencies: UI-POLICY-23-005. | | |
| UI-POLICY-27-001 | DOING | 2025-12-06 | SPRINT_0211_0001_0003_ui_iii | UI Guild, Product Ops (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Update Console policy workspace RBAC guards, scope requests, and user messaging to reflect the new Policy Studio roles/scopes (`policy:author/review/approve/operate/audit/simulate`), including Cypress auth stubs and help text. Dependencies: UI-POLICY-23-006. | | |
| UI-POLICY-DET-01 | DONE | 2025-11-27 | SPRINT_0209_0001_0001_ui_i | UI Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Wire policy gate indicators + remediation hints into Release/Policy flows, blocking publishes when determinism checks fail; coordinate with Policy Engine schema updates. Dependencies: UI-SBOM-DET-01. | | |
| UI-SBOM-DET-01 | DONE | 2025-11-27 | SPRINT_0209_0001_0001_ui_i | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add a "Determinism" badge plus drill-down that surfaces fragment hashes, `_composition.json`, and Merkle root consistency when viewing scan details (per `docs/modules/scanner/deterministic-sbom-compose.md`). | | |
| UI-SIG-26-001 | BLOCKED | 2025-12-06 | SPRINT_0211_0001_0003_ui_iii | UI Guild, Signals Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add reachability columns/badges to Vulnerability Explorer with filters and tooltips. | | Blocked: deterministic reachability fixtures (columns/badges) not delivered by Signals/Graph. |
| UI-SIG-26-002 | BLOCKED | 2025-12-06 | SPRINT_0211_0001_0003_ui_iii | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Enhance “Why” drawer with call path visualization, reachability timeline, and evidence list. Dependencies: UI-SIG-26-001. | | Blocked pending UI-SIG-26-001 outputs and call-path/timeline fixtures. |
| UI-SIG-26-003 | BLOCKED | 2025-12-06 | SPRINT_0211_0001_0003_ui_iii | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add reachability overlay halos/time slider to SBOM Graph along with state legend. Dependencies: UI-SIG-26-002. | | Blocked: overlays depend on upstream fixtures + perf budget. |
| UI-SIG-26-004 | BLOCKED | 2025-12-06 | SPRINT_0211_0001_0003_ui_iii | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Build Reachability Center view showing asset coverage, missing sensors, and stale facts. Dependencies: UI-SIG-26-003. | | Blocked: coverage/sensor fixtures not available; upstream chain blocked. |
| UNCERTAINTY-POLICY-401-026 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild · Concelier Guild (`docs/policy/dsl.md`, `docs/uncertainty/README.md`) | `docs/policy/dsl.md`, `docs/uncertainty/README.md` | Update policy guidance (Concelier/Excitors) with uncertainty gates (U1/U2/U3), sample YAML rules, and remediation actions. | | |
| UNCERTAINTY-SCHEMA-401-024 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild (`src/Signals/StellaOps.Signals`, `docs/uncertainty/README.md`) | `src/Signals/StellaOps.Signals`, `docs/uncertainty/README.md` | Extend Signals findings with `uncertainty.states[]`, entropy fields, and `riskScore`; emit `FindingUncertaintyUpdated` events and persist evidence per docs. | | |
| UNCERTAINTY-SCORER-401-025 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild (`src/Signals/StellaOps.Signals.Application`, `docs/uncertainty/README.md`) | `src/Signals/StellaOps.Signals.Application`, `docs/uncertainty/README.md` | Implement the entropy-aware risk scorer (`riskScore = base × reach × trust × (1 + entropyBoost)`) and wire it into finding writes. | | |
| UNCERTAINTY-UI-401-027 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | UI Guild · CLI Guild (`src/UI/StellaOps.UI`, `src/Cli/StellaOps.Cli`, `docs/uncertainty/README.md`) | `src/UI/StellaOps.UI`, `src/Cli/StellaOps.Cli`, `docs/uncertainty/README.md` | Surface uncertainty chips/tooltips in the Console (React UI) + CLI output (risk score + entropy states). | | |
| VAL-01 | DOING | 2025-11-01 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Security Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | | SURFACE-FS-01; SURFACE-ENV-01 | |
| VAL-02 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | | SURFACE-VAL-01; SURFACE-ENV-02; SURFACE-FS-02 | |
| VAL-03 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | | SURFACE-VAL-02 | |
| VAL-04 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Zastava Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | | SURFACE-VAL-02 | |
| VAL-05 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Docs Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | | SURFACE-VAL-02 | |
| VERIFY-186-007 | TODO | | SPRINT_0186_0001_0001_record_deterministic_execution | Authority Guild, Provenance Guild (`src/Authority/StellaOps.Authority`, `src/Provenance/StellaOps.Provenance.Attestation`) | `src/Authority/StellaOps.Authority`, `src/Provenance/StellaOps.Provenance.Attestation` | | | |
| VEX-006 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy, Excititor, UI, CLI & Notify Guilds (`docs/modules/excititor/architecture.md`, `src/Cli/StellaOps.Cli`, `src/UI/StellaOps.UI`, `docs/09_API_CLI_REFERENCE.md`) | `docs/modules/excititor/architecture.md`, `src/Cli/StellaOps.Cli`, `src/UI/StellaOps.UI`, `docs/09_API_CLI_REFERENCE.md` | | | |
| VEX-30-001 | BLOCKED | 2025-11-19 | SPRINT_0212_0001_0001_web_i | Console Guild, BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | | | |
| VEX-30-002 | TODO | | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | |
| VEX-30-003 | TODO | | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | |
| VEX-30-004 | TODO | | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | |
| VEX-30-005 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Console Guild (docs) | | | | |
| VEX-30-006 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Policy Guild (docs) | | | | DOVX0101 |
| VEX-30-007 | BLOCKED | | SPRINT_216_web_v | BE-Base Platform Guild, VEX Lens Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | | | DOVX0101 |
| VEX-30-008 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Security Guild (docs) | | | | DOVX0101 |
| VEX-30-009 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, DevOps Guild (docs) | | | | DOVX0101 |
| VEX-401-006 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild (`src/Policy/StellaOps.Policy.Engine`, `src/Policy/__Libraries/StellaOps.Policy`) | `src/Policy/StellaOps.Policy.Engine`, `src/Policy/__Libraries/StellaOps.Policy` | | | DOVX0101 |
| VEX-401-010 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild (`src/Policy/StellaOps.Policy.Engine/Vex`, `docs/modules/policy/architecture.md`, `docs/benchmarks/vex-evidence-playbook.md`) | `src/Policy/StellaOps.Policy.Engine/Vex`, `docs/modules/policy/architecture.md`, `docs/benchmarks/vex-evidence-playbook.md` | | | DOVX0101 |
| VEX-401-011 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | verify | | | | DOVX0101 |
| VEX-401-012 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild (`docs/benchmarks/vex-evidence-playbook.md`, `bench/README.md`) | `docs/benchmarks/vex-evidence-playbook.md`, `bench/README.md` | | | DOVX0101 |
| VEX-401-018 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Signing Guild (`src/Signer/StellaOps.Signer`, `docs/modules/signer/architecture.md`) | `src/Signer/StellaOps.Signer`, `docs/modules/signer/architecture.md` | | | DOVX0101 |
| VEX-CONSENSUS-LENS-DOCS-0001 | TODO | | SPRINT_332_docs_modules_vex_lens | Docs Guild (docs/modules/vex-lens) | docs/modules/vex-lens | Refresh VEX Lens module docs with consensus workflow guidance and recent release links. | | DOVX0101 |
| VEX-CONSENSUS-LENS-DOCS-0002 | TODO | 2025-11-05 | SPRINT_332_docs_modules_vex_lens | Docs Guild (docs/modules/vex-lens) | docs/modules/vex-lens | Pending DOCS-VEX-30-001..004 to add consensus doc cross-links | | |
| VEX-CONSENSUS-LENS-ENG-0001 | TODO | | SPRINT_332_docs_modules_vex_lens | Module Team (docs/modules/vex-lens) | docs/modules/vex-lens | Sync into ../.. | | |
| VEX-CONSENSUS-LENS-OPS-0001 | TODO | | SPRINT_332_docs_modules_vex_lens | Ops Guild (docs/modules/vex-lens) | docs/modules/vex-lens | Document outputs in ./README.md | | |
| VEX-LENS-ENG-0001 | TODO | | SPRINT_332_docs_modules_vex_lens | Module Team (docs/modules/vex-lens) | docs/modules/vex-lens | Keep module milestones synchronized with VEX Lens sprints listed under `/docs/implplan`. | | |
| VEX-LENS-OPS-0001 | TODO | | SPRINT_332_docs_modules_vex_lens | Ops Guild (docs/modules/vex-lens) | docs/modules/vex-lens | Review VEX Lens runbooks/observability assets post-demo. | | |
| VEXLENS-30-001 | TODO | | SPRINT_115_concelier_iv | Concelier WebService Guild · VEX Lens Guild | src/Concelier/StellaOps.Concelier.WebService | — | — | PLVL0101 |
| VEXLENS-30-002 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | Build product mapping library | VEXLENS-30-001 | PLVL0101 |
| VEXLENS-30-003 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · Issuer Directory Guild | src/VexLens/StellaOps.VexLens | Integrate signature verification | VEXLENS-30-002 | PLVL0101 |
| VEXLENS-30-004 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · Policy Guild | src/VexLens/StellaOps.VexLens | Implement trust weighting engine | VEXLENS-30-003 | PLVL0101 |
| VEXLENS-30-005 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | Implement consensus algorithm producing `consensus_state`, `confidence`, `weights`, `quorum`, `rationale`; support states: NOT_AFFECTED, AFFECTED, FIXED, UNDER_INVESTIGATION, DISPUTED, INCONCLUSIVE | VEXLENS-30-004 | PLVL0101 |
| VEXLENS-30-006 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · Findings Ledger Guild | src/VexLens/StellaOps.VexLens | Materialize consensus projection storage with idempotent workers triggered by VEX/Policy changes; expose change events for downstream consumers | VEXLENS-30-005 | PLVL0101 |
| VEXLENS-30-007 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | Expose APIs | VEXLENS-30-006 | PLVL0101 |
| VEXLENS-30-008 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · Policy Guild | src/VexLens/StellaOps.VexLens | Integrate consensus signals with Policy Engine | VEXLENS-30-007 | PLVL0101 |
| VEXLENS-30-009 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · Observability Guild | src/VexLens/StellaOps.VexLens | Instrument metrics | VEXLENS-30-008 | PLVL0101 |
| VEXLENS-30-010 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · QA Guild | src/VexLens/StellaOps.VexLens | Develop unit/property/integration/load tests | VEXLENS-30-009 | PLVL0101 |
| VEXLENS-30-011 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · DevOps Guild | src/VexLens/StellaOps.VexLens | Provide deployment manifests, caching configuration, scaling guides, offline kit seeds, and runbooks | VEXLENS-30-010 | PLVL0103 |
| VEXLENS-AIAI-31-001 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | Expose consensus rationale API enhancements (policy factors, issuer details, mapping issues) for Advisory AI conflict explanations | — | PLVL0103 |
| VEXLENS-AIAI-31-002 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | Provide caching hooks for consensus lookups used by Advisory AI | VEXLENS-AIAI-31-001 | PLVL0103 |
| VEXLENS-EXPORT-35-001 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | Provide consensus snapshot API delivering deterministic JSONL (state, confidence, provenance) for exporter mirror bundles | — | PLVL0103 |
| VEXLENS-ORCH-33-001 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | Register `consensus_compute` job type with orchestrator, integrate worker SDK, and expose job planning hooks for consensus batches | — | PLVL0103 |
| VEXLENS-ORCH-34-001 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | Emit consensus completion events into orchestrator run ledger and provenance chain, including confidence metadata | VEXLENS-ORCH-33-001 | PLVL0103 |
| VULN-29-001 | BLOCKED | 2025-11-19 | SPRINT_0212_0001_0001_web_i | Console Guild, BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | | | |
| VULN-29-002 | TODO | | SPRINT_0123_0001_0005_excititor_v | Excititor WebService Guild (src/Excititor/StellaOps.Excititor.WebService) | src/Excititor/StellaOps.Excititor.WebService | | | |
| VULN-29-003 | TODO | | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | |
| VULN-29-004 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild, Observability Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | |
| VULN-29-005 | TODO | | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | |
| VULN-29-006 | TODO | | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild, Docs Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | |
| VULN-29-007 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild, Excititor Guild (docs) | | | | |
| VULN-29-008 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild, Concelier Guild (docs) | | | | |
| VULN-29-009 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild, SBOM Service Guild (docs) | | | | |
| VULN-29-010 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild, Observability Guild (docs) | | | | |
| VULN-29-011 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild, Security Guild (docs) | | | | |
| VULN-29-012 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild, Ops Guild (docs) | | | | |
| VULN-29-013 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild, Deployment Guild (docs) | | | | |
| VULN-API-29-001 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Define OpenAPI spec (list/detail/query/simulation/workflow/export), query JSON schema, pagination/grouping contracts, and error codes | | PLVA0101 |
| VULN-API-29-002 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Implement list/query endpoints with policy parameter, grouping, server paging, caching, and cost budgets; tests at `tests/TestResults/vuln-explorer/api.trx`. | VULN-API-29-001 | PLVA0101 |
| VULN-API-29-003 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Implement detail endpoint aggregating evidence, policy rationale, paths | VULN-API-29-002 | PLVA0101 |
| VULN-API-29-004 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild, Findings Ledger Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Expose workflow endpoints | VULN-API-29-003 | PLVA0101 |
| VULN-API-29-005 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild, Policy Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Implement simulation endpoint comparing `policy_from` vs `policy_to`, returning diffs without side effects; hook into Policy Engine batch eval | VULN-API-29-004 | PLVA0101 |
| VULN-API-29-006 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Integrate resolver results with Graph Explorer: include shortest path metadata, line up deep-link parameters, expose `paths` array in details | VULN-API-29-005 | PLVA0101 |
| VULN-API-29-007 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild, Security Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Enforce RBAC/ABAC scopes; implement CSRF/anti-forgery checks for Console; secure attachment URLs; audit logging | VULN-API-29-006 | PLVA0102 |
| VULN-API-29-008 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Build export orchestrator producing signed bundles | VULN-API-29-007 | PLVA0102 |
| VULN-API-29-009 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild, Observability Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Instrument metrics | VULN-API-29-008 | PLVA0102 |
| VULN-API-29-010 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild, QA Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Provide unit/integration/perf tests | VULN-API-29-009 | PLVA0102 |
| VULN-API-29-011 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild, DevOps Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Package deployment | VULN-API-29-010 | PLVA0102 |
| VULNERABILITY-EXPLORER-DOCS-0001 | TODO | | SPRINT_334_docs_modules_vuln_explorer | Docs Guild (docs/modules/vuln-explorer) | docs/modules/vuln-explorer | Validate Vuln Explorer module docs against latest roadmap/releases and add evidence links. | | DOVL0101 |
| VULNERABILITY-EXPLORER-ENG-0001 | TODO | | SPRINT_334_docs_modules_vuln_explorer | Module Team (docs/modules/vuln-explorer) | docs/modules/vuln-explorer | Keep sprint alignment notes in sync with Vuln Explorer sprints. | | |
| VULNERABILITY-EXPLORER-OPS-0001 | TODO | | SPRINT_334_docs_modules_vuln_explorer | Ops Guild (docs/modules/vuln-explorer) | docs/modules/vuln-explorer | Review runbooks/observability assets after next demo. | | |
| WEB-20-002 | TODO | | SPRINT_0155_0001_0001_scheduler_i | Scheduler WebService Guild (src/Scheduler/StellaOps.Scheduler.WebService) | src/Scheduler/StellaOps.Scheduler.WebService | | | |
| WEB-AIAI-31-001 | TODO | | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Route `/advisory/ai/*` endpoints through gateway with RBAC/ABAC, rate limits, and telemetry headers. | | |
| WEB-AIAI-31-002 | TODO | | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Provide batching job handlers and streaming responses for CLI automation with retry/backoff. Dependencies: WEB-AIAI-31-001. | | |
| WEB-AIAI-31-003 | TODO | | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild, Observability Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Emit metrics/logs (latency, guardrail blocks, validation failures) and forward anonymized prompt hashes to analytics. Dependencies: WEB-AIAI-31-002. | | |
| WEB-AIRGAP-56-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | |
| WEB-AIRGAP-56-002 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | |
| WEB-AIRGAP-57-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild, AirGap Policy Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | |
| WEB-AIRGAP-58-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild, AirGap Importer Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | |
| WEB-AOC-19-002 | DONE (2025-11-30) | | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Ship `ProvenanceBuilder`, checksum utilities, and signature verification helper integrated with guard logging. Cover DSSE/CMS formats with unit tests. Dependencies: WEB-AOC-19-001. | | |
| WEB-AOC-19-003 | DONE (2025-11-30) | | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild; QA Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Analyzer/guard validation: block forbidden keys, unknown fields, missing provenance/signatures; add frontend fixtures/tests. Depends on WEB-AOC-19-002. | | |
| WEB-AOC-19-003 | TODO | | SPRINT_116_concelier_v | QA Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | |
| WEB-AOC-19-004 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild, QA Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | |
| WEB-AOC-19-005 | TODO | 2025-11-08 | SPRINT_116_concelier_v | Concelier WebService Guild, QA Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | |
| WEB-AOC-19-006 | TODO | 2025-11-08 | SPRINT_116_concelier_v | Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | |
| WEB-AOC-19-007 | TODO | 2025-11-08 | SPRINT_116_concelier_v | Concelier WebService Guild, QA Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | |
| WEB-CONSOLE-23-001 | DONE (2025-11-28) | 2025-11-28 | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild · Product Analytics Guild | src/Web/StellaOps.Web | `/console/dashboard` and `/console/filters` aggregates shipped with tenant scoping, deterministic ordering, and 8 unit tests per sprint Execution Log 2025-11-28. | — | |
| WEB-CONSOLE-23-002 | DOING (2025-12-01) | 2025-12-01 | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild · Scheduler Guild | src/Web/StellaOps.Web | Implementing `/console/status` polling and `/console/runs/{id}/stream` SSE/WebSocket proxy with heartbeat/backoff; awaiting storage cleanup to run tests. Dependencies: WEB-CONSOLE-23-001. | WEB-CONSOLE-23-001 | |
| WEB-CONSOLE-23-003 | DOING | 2025-12-06 | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add `/console/exports` POST/GET routes coordinating evidence bundle creation, streaming CSV/JSON exports, checksum manifest retrieval, and signed attestation references. Ensure requests honor tenant + policy scopes and expose job tracking metadata. Dependencies: WEB-CONSOLE-23-002. | | Client/models + unit spec added; contract draft + samples published; tests pending PTY restore. |
| WEB-CONSOLE-23-004 | BLOCKED | 2025-12-06 | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement `/console/search` endpoint accepting CVE/GHSA/PURL/SBOM identifiers, performing fan-out queries with caching, ranking, and deterministic tie-breaking. Return typed results for Console navigation; respect result caps and latency SLOs. Dependencies: WEB-CONSOLE-23-003. | | Blocked by WEB-CONSOLE-23-003 contract. |
| WEB-CONSOLE-23-005 | BLOCKED | 2025-12-06 | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild, DevOps Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Serve `/console/downloads` JSON manifest (images, charts, offline bundles) sourced from signed registry metadata; include integrity hashes, release notes links, and offline instructions. Provide caching headers and documentation. Dependencies: WEB-CONSOLE-23-004. | | Blocked by WEB-CONSOLE-23-004; download manifest format not defined. |
| WEB-CONTAINERS-44-001 | DONE | 2025-11-18 | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose `/welcome` state, config discovery endpoint (safe values), and `QUICKSTART_MODE` handling for Console banner; add `/health/liveness`, `/health/readiness`, `/version` if missing. | | |
| WEB-CONTAINERS-45-001 | DONE | 2025-11-19 | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Ensure readiness endpoints reflect DB/queue readiness, add feature flag toggles via config map, and document NetworkPolicy ports. Dependencies: WEB-CONTAINERS-44-001. | | |
| WEB-CONTAINERS-46-001 | DONE | 2025-11-19 | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Provide offline-friendly asset serving (no CDN), allow overriding object store endpoints via env, and document fallback behavior. Dependencies: WEB-CONTAINERS-45-001. | | |
| WEB-EXC-25-001 | BLOCKED | 2025-12-06 | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement `/exceptions` API (create, propose, approve, revoke, list, history) with validation, pagination, and audit logging. | | Draft placeholder docs+sample added (`docs/api/console/exception-schema.md`, `docs/api/console/samples/exception-schema-sample.json`); awaiting official schema/scopes/audit rules. |
| WEB-EXC-25-002 | BLOCKED | 2025-11-30 | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Extend `/policy/effective` and `/policy/simulate` responses to include exception metadata and accept overrides for simulations. Dependencies: WEB-EXC-25-001. | | |
| WEB-EXC-25-003 | TODO | | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild, Platform Events Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Publish `exception.*` events, integrate with notification hooks, enforce rate limits. Dependencies: WEB-EXC-25-002. | | |
| WEB-EXPORT-35-001 | TODO | | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Surface Export Center APIs (profiles/runs/download) through gateway with tenant scoping, streaming support, and viewer/operator scope checks. | | |
| WEB-EXPORT-36-001 | TODO | | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add distribution routes (OCI/object storage), manifest/provenance proxies, and signed URL generation. Dependencies: WEB-EXPORT-35-001. | | |
| WEB-EXPORT-37-001 | TODO | | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose scheduling, retention, encryption parameters, and verification endpoints with admin scope enforcement and audit logs. Dependencies: WEB-EXPORT-36-001. | | |
| WEB-GRAPH-21-001 | BLOCKED | 2025-10-27 | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild, Graph Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add gateway routes for graph versions/viewport/node/path/diff/export endpoints with tenant enforcement, scope checks, and streaming responses; proxy Policy Engine diff toggles without inline logic. Adopt `StellaOpsScopes` constants for RBAC enforcement. | | |
| WEB-GRAPH-21-002 | BLOCKED | 2025-10-27 | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement bbox/zoom/path parameter validation, pagination tokens, and deterministic ordering; add contract tests for boundary conditions. Dependencies: WEB-GRAPH-21-001. | | |
| WEB-GRAPH-21-003 | BLOCKED | 2025-10-27 | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild, QA Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Map graph service errors to `ERR_Graph_*`, support GraphML/JSONL export streaming, and document rate limits. Dependencies: WEB-GRAPH-21-002. | | |
| WEB-GRAPH-21-004 | BLOCKED | 2025-10-27 | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Proxy Policy Engine overlay responses for graph endpoints while keeping gateway stateless; maintain streaming budgets and latency SLOs. Dependencies: WEB-GRAPH-21-003. | | |
| WEB-GRAPH-24-001 | TODO | | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Gateway proxy for Graph API and Policy overlays with RBAC, caching, pagination, ETags, and streaming; zero business logic. Dependencies: WEB-GRAPH-21-004. | | |
| WEB-GRAPH-24-002 | TODO | | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild; SBOM Service Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | `/graph/assets/*` endpoints (snapshots, adjacency, search) with pagination, ETags, and tenant scoping as pure proxy. Dependencies: WEB-GRAPH-24-001. | | |
| WEB-GRAPH-24-003 | TODO | | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Embed AOC summaries from overlay services; gateway does not compute derived severity or hints. Dependencies: WEB-GRAPH-24-002. | | |
| WEB-GRAPH-24-004 | TODO | | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild; Observability Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Collect gateway metrics/logs (tile latency, proxy errors, overlay cache stats) and forward to dashboards; document sampling strategy. Dependencies: WEB-GRAPH-24-003. | | |
| WEB-LNM-21-001 | TODO | | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild, Concelier WebService Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Surface new `/advisories/*` APIs through gateway with caching, pagination, and RBAC enforcement (`advisory:read`). | | |
| WEB-LNM-21-002 | TODO | | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild, Excititor WebService Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose `/vex/*` read APIs with evidence routes and export handlers; map `ERR_AGG_*` codes. Dependencies: WEB-LNM-21-001. | | |
| WEB-LNM-21-003 | TODO | | SPRINT_0214_0001_0001_web_iii | BE-Base Platform Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Provide combined endpoint for Console to fetch policy result + source evidence (advisory + VEX linksets) for a component. Dependencies: WEB-LNM-21-002. | | |
| WEB-NOTIFY-38-001 | TODO | | SPRINT_0214_0001_0001_web_iii | BE-Base Platform Guild | src/Web/StellaOps.Web | Route notifier APIs (`/notifications/*`) and WS feed through gateway with tenant scoping, viewer/operator scope enforcement, and SSE/WebSocket bridging. | Depends on #1 for signed ack spec | NOWB0101 |
| WEB-NOTIFY-39-001 | TODO | | SPRINT_0214_0001_0001_web_iii | BE-Base Platform Guild | src/Web/StellaOps.Web | Surface digest scheduling, quiet-hour/throttle management, and simulation APIs; ensure rate limits and audit logging. Dependencies: WEB-NOTIFY-38-001. | WEB-NOTIFY-38-001 | NOWB0101 |
| WEB-NOTIFY-40-001 | TODO | | SPRINT_0214_0001_0001_web_iii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose escalation, localization, channel health, and ack verification endpoints with admin scope enforcement and signed token validation. Dependencies: WEB-NOTIFY-39-001. | | |
| WEB-OAS-61-001 | TODO | | SPRINT_0124_0001_0006_excititor_vi | Excititor WebService Guild (src/Excititor/StellaOps.Excititor.WebService) | src/Excititor/StellaOps.Excititor.WebService | | | |
| WEB-OAS-61-002 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | |
| WEB-OAS-62-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | |
| WEB-OAS-63-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild, API Governance Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | |
| WEB-OBS-50-001 | TODO | | SPRINT_0214_0001_0001_web_iii | BE-Base Platform Guild, Observability Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Integrate `StellaOps.Telemetry.Core` into gateway host, replace ad-hoc logging, ensure all routes emit trace/span IDs, tenant context, and scrubbed payload previews. | | |
| WEB-OBS-51-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Paired with #1 for shared middleware | Paired with #1 for shared middleware | CNOB0102 |
| WEB-OBS-52-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Dependent on CLI/VEX readiness (035_CLCI0105) for payload format | Dependent on CLI/VEX readiness (035_CLCI0105) for payload format | CNOB0102 |
| WEB-OBS-53-001 | TODO | | SPRINT_117_concelier_vi | Concelier WebService Guild · Evidence Locker Guild | src/Concelier/StellaOps.Concelier.WebService | Needs Evidence Locker API spec from 002_ATEL0101 | Needs Evidence Locker API spec from 002_ATEL0101 | CNOB0102 |
| WEB-OBS-54-001 | TODO | | SPRINT_117_concelier_vi | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Relies on shared exporter (1039_EXPORT-OBS-54-001) | Relies on shared exporter (1039_EXPORT-OBS-54-001) | CNOB0102 |
| WEB-OBS-55-001 | TODO | | SPRINT_117_concelier_vi | Concelier WebService Guild · DevOps Guild | src/Concelier/StellaOps.Concelier.WebService | Wait for DevOps alert profiles (045_DVDO0103) | Wait for DevOps alert profiles (045_DVDO0103) | CNOB0102 |
| WEB-OBS-56-001 | TODO | | SPRINT_0214_0001_0001_web_iii | BE-Base Platform Guild, AirGap Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Extend telemetry core integration to expose sealed/unsealed status APIs, drift metrics, and Console widgets without leaking sealed-mode secrets. Dependencies: WEB-OBS-55-001. | | |
| WEB-ORCH-32-001 | TODO | | SPRINT_0214_0001_0001_web_iii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose `/orchestrator/sources | | |
| WEB-ORCH-33-001 | TODO | | SPRINT_0215_0001_0004_web_iv | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add POST action routes (`pause. Dependencies: WEB-ORCH-32-001. | | |
| WEB-ORCH-34-001 | TODO | | SPRINT_0215_0001_0004_web_iv | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Surface quotas/backfill APIs, queue/backpressure metrics, and error clustering routes with admin scope enforcement and audit logging. Dependencies: WEB-ORCH-33-001. | | |
| WEB-POLICY-20-001 | TODO | | SPRINT_0215_0001_0004_web_iv | BE-Base Platform Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement Policy CRUD/compile/run/simulate/findings/explain endpoints with OpenAPI, tenant scoping, and service identity enforcement. | | |
| WEB-POLICY-20-002 | TODO | | SPRINT_0215_0001_0004_web_iv | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add pagination, filtering, sorting, and tenant guards to listings for policies, runs, and findings; include deterministic ordering and query diagnostics. Dependencies: WEB-POLICY-20-001. | | |
| WEB-POLICY-20-003 | TODO | | SPRINT_0215_0001_0004_web_iv | BE-Base Platform Guild, QA Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Map engine errors to `ERR_POL_*` responses with consistent payloads and contract tests; expose correlation IDs in headers. Dependencies: WEB-POLICY-20-002. | | |
| WEB-POLICY-20-004 | TODO | | SPRINT_0215_0001_0004_web_iv | Platform Reliability Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Introduce adaptive rate limiting + quotas for simulation endpoints, expose metrics, and document retry headers. Dependencies: WEB-POLICY-20-003. | | |
| WEB-POLICY-23-001 | BLOCKED | 2025-10-29 | SPRINT_0215_0001_0004_web_iv | BE-Base Platform Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement API endpoints for creating/listing/fetching policy packs and revisions (`/policy/packs`, `/policy/packs/{id}/revisions`) with pagination, RBAC, and AOC metadata exposure. (Tracked via Sprint 18.5 gateway tasks.). Dependencies: WEB-POLICY-20-004. | | |
| WEB-POLICY-23-002 | BLOCKED | 2025-10-29 | SPRINT_0215_0001_0004_web_iv | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add activation endpoint with scope windows, conflict checks, and optional 2-person approval integration; emit events on success. (Tracked via Sprint 18.5 gateway tasks.). Dependencies: WEB-POLICY-23-001. | | |
| WEB-POLICY-23-003 | TODO | | SPRINT_0215_0001_0004_web_iv | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Provide `/policy/simulate` and `/policy/evaluate` endpoints with streaming responses, rate limiting, and error mapping. Dependencies: WEB-POLICY-23-002. | | |
| WEB-POLICY-23-004 | TODO | | SPRINT_0215_0001_0004_web_iv | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose explain history endpoints (`/policy/runs`, `/policy/runs/{id}`) including decision tree, sources consulted, and AOC chain. Dependencies: WEB-POLICY-23-003. | | |
| WEB-POLICY-27-001 | TODO | | SPRINT_0215_0001_0004_web_iv | BE-Base Platform Guild | src/Web/StellaOps.Web | Surface Policy Registry APIs (`/policy/workspaces`, `/policy/versions`, `/policy/reviews`, `/policy/registry`) through gateway with tenant scoping, RBAC, and request validation; ensure streaming downloads for evidence bundles. Dependencies: WEB-POLICY-23-004. | Needs registry schema | |
| WEB-POLICY-27-002 | TODO | | SPRINT_0215_0001_0004_web_iv | BE-Base Platform Guild | src/Web/StellaOps.Web | Implement review lifecycle endpoints (open, comment, approve/reject) with audit headers, comment pagination, and webhook fan-out. Dependencies: WEB-POLICY-27-001. | Depends on 27-001 | |
| WEB-POLICY-27-003 | TODO | | SPRINT_0215_0001_0004_web_iv | Platform Reliability Guild | src/Web/StellaOps.Web | Expose quick/batch simulation endpoints with SSE progress (`/policy/simulations/{runId}/stream`), cursor-based result pagination, and manifest download routes. Dependencies: WEB-POLICY-27-002. | Needs 27-002 | |
| WEB-POLICY-27-004 | TODO | | SPRINT_0215_0001_0004_web_iv | BE/Security Guild | src/Web/StellaOps.Web | Add publish/sign/promote/rollback endpoints with idempotent request IDs, canary parameters, and environment bindings; enforce scope checks and emit structured events. Dependencies: WEB-POLICY-27-003. | Depends on 27-003 | |
| WEB-POLICY-27-005 | TODO | | SPRINT_0215_0001_0004_web_iv | BE/Observability Guild | src/Web/StellaOps.Web | Instrument metrics/logs for compile latency, simulation queue depth, approval latency, promotion actions; expose aggregated dashboards and correlation IDs for Console. Dependencies: WEB-POLICY-27-004. | Needs 27-004 metrics | |
| WEB-RISK-66-001 | BLOCKED (2025-12-03) | | SPRINT_216_web_v | BE-Base Platform Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose risk profile/results endpoints through gateway with tenant scoping, pagination, and rate limiting. Blocked: npm ci hangs; cannot run Angular tests; awaiting stable install env/gateway endpoints. | | |
| WEB-RISK-66-002 | BLOCKED | 2025-12-06 | SPRINT_216_web_v | BE-Base Platform Guild, Risk Engine Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add signed URL handling for explanation blobs and enforce scope checks. Dependencies: WEB-RISK-66-001. | | Blocked: upstream WEB-RISK-66-001 stalled (npm ci hangs; gateway endpoints unavailable). |
| WEB-RISK-67-001 | BLOCKED | 2025-12-06 | SPRINT_216_web_v | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Provide aggregated risk stats (`/risk/status`) for Console dashboards (counts per severity, last computation). Dependencies: WEB-RISK-66-002. | | Blocked by WEB-RISK-66-002. |
| WEB-RISK-68-001 | BLOCKED | 2025-12-06 | SPRINT_216_web_v | BE-Base Platform Guild, Notifications Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Emit events on severity transitions via gateway to notifier bus with trace metadata. Dependencies: WEB-RISK-67-001. | | Blocked by WEB-RISK-67-001. |
| WEB-SIG-26-001 | BLOCKED | 2025-12-06 | SPRINT_216_web_v | BE-Base Platform Guild, Signals Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Surface `/signals/callgraphs`, `/signals/facts` read/write endpoints with pagination, ETags, and RBAC. | | Blocked: Signals API contract/fixtures not published. |
| WEB-SIG-26-002 | BLOCKED | 2025-12-06 | SPRINT_216_web_v | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Extend `/policy/effective` and `/vuln/explorer` responses to include reachability scores/states and allow filtering. Dependencies: WEB-SIG-26-001. | | Blocked by WEB-SIG-26-001. |
| WEB-SIG-26-003 | BLOCKED | 2025-12-06 | SPRINT_216_web_v | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add reachability override parameters to `/policy/simulate` and related APIs for what-if analysis. Dependencies: WEB-SIG-26-002. | | Blocked by WEB-SIG-26-002. |
| WEB-TEN-47-001 | TODO | | SPRINT_216_web_v | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement JWT verification, tenant activation from headers, scope matching, and decision audit emission for all API endpoints. | | |
| WEB-TEN-48-001 | TODO | | SPRINT_216_web_v | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Set DB session `stella.tenant_id`, enforce tenant/project checks on persistence, prefix object storage paths, and stamp audit metadata. Dependencies: WEB-TEN-47-001. | | |
| WEB-TEN-49-001 | TODO | | SPRINT_216_web_v | BE-Base Platform Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Integrate optional ABAC overlay with Policy Engine, expose `/audit/decisions` API, and support service token minting endpoints. Dependencies: WEB-TEN-48-001. | | |
| WEB-VEX-30-007 | BLOCKED | 2025-12-06 | SPRINT_216_web_v | BE-Base Platform Guild, VEX Lens Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Route `/vex/consensus` APIs with tenant RBAC/ABAC, caching, and streaming; surface telemetry and trace IDs without gateway-side overlay logic. | | Blocked: tenant RBAC/ABAC policies + VEX consensus stream contract not finalized. |
| WEB-VULN-29-001 | BLOCKED | 2025-12-06 | SPRINT_216_web_v | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose `/vuln/*` endpoints via gateway with tenant scoping, RBAC/ABAC enforcement, anti-forgery headers, and request logging. | | Blocked: tenant scoping model/ABAC overlay not implemented; upstream risk chain stalled. |
| WEB-VULN-29-002 | BLOCKED | 2025-12-06 | SPRINT_216_web_v | BE-Base Platform Guild, Findings Ledger Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Forward workflow actions to Findings Ledger with idempotency headers and correlation IDs; handle retries/backoff. Dependencies: WEB-VULN-29-001. | | Blocked by WEB-VULN-29-001 and awaiting Findings Ledger idempotency headers wiring. |
| WEB-VULN-29-003 | BLOCKED | 2025-12-06 | SPRINT_216_web_v | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Provide simulation and export orchestration routes with SSE/progress headers, signed download links, and request budgeting. Dependencies: WEB-VULN-29-002. | | Blocked by WEB-VULN-29-002 and orchestrator/export contracts. |
| WEB-VULN-29-004 | BLOCKED | 2025-12-06 | SPRINT_216_web_v | BE-Base Platform Guild, Observability Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Emit gateway metrics/logs (latency, error rates, export duration), propagate query hashes for analytics dashboards. Dependencies: WEB-VULN-29-003. | | Blocked by WEB-VULN-29-003; observability specs not delivered. |
| WORKER-21-203 | TODO | | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | |
| WORKER-23-101 | TODO | | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | |
| WORKER-23-102 | TODO | | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | |
| WORKER-25-101 | TODO | | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | |
| WORKER-25-102 | TODO | | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | |
| WORKER-26-201 | TODO | | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild, Signals Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | |
| WORKER-26-202 | TODO | | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | |
| WORKER-27-301 | TODO | | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Policy Registry Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | |
| WORKER-27-302 | TODO | | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | |
| WORKER-27-303 | TODO | | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Security Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | |
| WORKER-29-001 | TODO | | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Findings Ledger Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | |
| WORKER-29-002 | TODO | | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | |
| WORKER-29-003 | TODO | | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | |
| WORKER-CONSOLE-23-201 | TODO | | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | |
| WORKER-CONSOLE-23-202 | TODO | | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | |
| WORKER-GO-32-001 | DONE | | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | Bootstrap Go SDK project with configuration binding, auth headers, job claim/acknowledge client, and smoke sample. | | |
| WORKER-GO-32-002 | DONE | | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | Add heartbeat/progress helpers, structured logging hooks, Prometheus metrics, and jittered retry defaults. Dependencies: WORKER-GO-32-001. | | |
| WORKER-GO-33-001 | DONE | | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | Implement artifact publish helpers (object storage client, checksum hashing, metadata payload) and idempotency guard. Dependencies: WORKER-GO-32-002. | | |
| WORKER-GO-33-002 | DONE | | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | Provide error classification/retry helper, exponential backoff controls, and structured failure reporting to orchestrator. Dependencies: WORKER-GO-33-001. | | |
| WORKER-GO-34-001 | DONE | | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | Add backfill range execution helpers, watermark handshake utilities, and artifact dedupe verification for backfills. Dependencies: WORKER-GO-33-002. | | |
| WORKER-PY-32-001 | DONE | | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | Bootstrap asyncio-based Python SDK (config, auth headers, job claim/ack) plus sample worker script. | | |
| WORKER-PY-32-002 | DONE | | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | Implement heartbeat/progress helpers with structured logging, metrics exporter, and cancellation-safe retries. Dependencies: WORKER-PY-32-001. | | |
| WORKER-PY-33-001 | DONE | | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | Add artifact publish/idempotency helpers (object storage adapters, checksum hashing, metadata payload) for Python workers. Dependencies: WORKER-PY-32-002. | | |
| WORKER-PY-33-002 | DONE | | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | Provide error classification/backoff helper mapping to orchestrator codes, including jittered retries and structured failure reports. Dependencies: WORKER-PY-33-001. | | |
| WORKER-PY-34-001 | DONE | | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | Implement backfill range iteration, watermark handshake, and artifact dedupe verification utilities for Python workers. Dependencies: WORKER-PY-33-002. | | |
| ZAS-002 | TODO | | SPRINT_400_runtime_facts_static_callgraph_union | Zastava Observer Guild (`src/Zastava/StellaOps.Zastava.Observer`, `docs/modules/zastava/architecture.md`, `docs/reachability/function-level-evidence.md`) | `src/Zastava/StellaOps.Zastava.Observer`, `docs/modules/zastava/architecture.md`, `docs/reachability/function-level-evidence.md` | | | |
| ZASTAVA-DOCS-0001 | TODO | | SPRINT_335_docs_modules_zastava | Docs Guild (docs/modules/zastava) | docs/modules/zastava | See ./AGENTS.md | | |
| ZASTAVA-ENG-0001 | TODO | | SPRINT_335_docs_modules_zastava | Module Team (docs/modules/zastava) | docs/modules/zastava | Update status via ./AGENTS.md workflow | | |
| ZASTAVA-ENV-01 | TODO | | SPRINT_0140_0001_0001_runtime_signals | | | Observer adoption of Surface.Env helpers paused while Surface.FS cache contract finalizes. | | |
| ZASTAVA-ENV-02 | TODO | | SPRINT_0140_0001_0001_runtime_signals | | | Webhook helper migration follows ENV-01 completion. | | |
| ZASTAVA-OPS-0001 | TODO | | SPRINT_335_docs_modules_zastava | Ops Guild (docs/modules/zastava) | docs/modules/zastava | Sync outcomes back to ../.. | | |
| ZASTAVA-REACH-201-001 | TODO | | SPRINT_400_runtime_facts_static_callgraph_union | Zastava Observer Guild (`src/Zastava/StellaOps.Zastava.Observer`) | `src/Zastava/StellaOps.Zastava.Observer` | Implement runtime symbol sampling in `StellaOps.Zastava.Observer` (EntryTrace-aware shell AST + build-id capture) and stream ND-JSON batches to Signals `/runtime-facts`, including CAS pointers for traces. Update runbook + config references. | | |
| ZASTAVA-SECRETS-01 | TODO | | SPRINT_0140_0001_0001_runtime_signals | | | Surface.Secrets wiring for Observer pending published cache endpoints. | | |
| ZASTAVA-SECRETS-02 | TODO | | SPRINT_0140_0001_0001_runtime_signals | | | Webhook secret retrieval cascades from SECRETS-01 work. | | |
| ZASTAVA-SURFACE-01 | TODO | | SPRINT_0140_0001_0001_runtime_signals | | | Surface.FS client integration blocked on Scanner layer metadata; tests ready once packages mirror offline dependencies. | | |
| ZASTAVA-SURFACE-02 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Zastava Observer Guild (src/Zastava/StellaOps.Zastava.Observer) | src/Zastava/StellaOps.Zastava.Observer | Use Surface manifest reader helpers to resolve `cas://` pointers and enrich drift diagnostics with manifest provenance. | SURFACE-FS-02; ZASTAVA-SURFACE-01 | |
| guard unit tests` | TODO | | SPRINT_116_concelier_v | QA Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | Add unit tests for schema validators, forbidden-field guards (`ERR_AOC_001/2/6/7`), and supersedes chains to keep ingestion append-only. Depends on CONCELIER-WEB-AOC-19-002. | | |
| store wiring` | TODO | | SPRINT_113_concelier_ii | Concelier Storage Guild (src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo) | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | Move large raw payloads to object storage with deterministic pointers, update bootstrapper/offline kit seeds, and guarantee provenance metadata remains intact. Depends on CONCELIER-LNM-21-102. | | NOTY0105 |
| Task ID | Status | Status Date | Sprint | Owners | Directory | Task Description | Dependencies | New Sprint Name |
| --- | --- | --- | --- | --- | --- | --- | --- | --- |
| PROGRAM-STAFF-1001 | TODO | | SPRINT_100_program_management | Program Mgmt Guild | | MIRROR-COORD-55-001 | MIRROR-COORD-55-001 | PGMI0101 |
| MIRROR-COORD-55-001 | TODO | | SPRINT_100_program_management | Program Mgmt Guild · Mirror Creator Guild | | — | — | PGMI0101 |
| ELOCKER-CONTRACT-2001 | TODO | | SPRINT_200_attestation_coord | Evidence Locker Guild | | — | — | ATEL0101 |
| ATTEST-PLAN-2001 | TODO | | SPRINT_200_attestation_coord | Evidence Locker Guild · Excititor Guild | | — | — | ATEL0101 |
| FEED-REMEDIATION-1001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | Concelier Feed Owners | | — | — | FEFC0101 |
| MIRROR-DSSE-REV-1501 | TODO | | SPRINT_150_mirror_dsse | Mirror Creator Guild · Security Guild · Evidence Locker Guild | | — | — | ATEL0101 |
| AIRGAP-TIME-CONTRACT-1501 | TODO | | SPRINT_150_mirror_time | AirGap Time Guild | | — | — | ATMI0102 |
| EXPORT-MIRROR-ORCH-1501 | TODO | | SPRINT_150_mirror_orch | Exporter Guild · CLI Guild | | — | — | ATMI0102 |
| AIAI-31-007 | DONE | 2025-11-06 | SPRINT_0111_0001_0001_advisoryai | Advisory AI Guild | src/AdvisoryAI/StellaOps.AdvisoryAI | — | — | ADAI0101 |
| LEDGER-29-006 | TODO | | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild | | — | — | PLLG0101 |
| CARTO-GRAPH-21-002 | DONE | 2025-11-17 | SPRINT_113_concelier_ii | Cartographer Guild | src/Cartographer/Contracts | ATLN0101 approvals | Task #1 schema freeze | CAGR0101 |
| SURFACE-FS-01 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | — | — | SCSS0101 |
| SURFACE-FS-02 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | — | — | SCSS0101 |
| SCANNER-ANALYZERS-LANG-10-309 | TODO | | SPRINT_131_scanner_surface | Language Analyzer Guild | | — | — | SCSA0101 |
| SCANNER-ANALYZERS-PHP-27-001 | TODO | | SPRINT_131_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | — | — | SCSA0101 |
| SCANNER-ENTRYTRACE-18-508 | TODO | | SPRINT_0136_0001_0001_scanner_surface | EntryTrace Guild | | — | — | SCSS0101 |
| SCANNER-SECRETS-02 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0136_0001_0001_scanner_surface | Secrets Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | Provider chain implemented (primary + fallback) with DI wiring; tests added (`StellaOps.Scanner.Surface.Secrets.Tests`). | SURFACE-SECRETS-01 | SCSS0101 |
| SCANNER-SURFACE-01 | BLOCKED (2025-11-25) | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild | | — | — | SCSS0101 |
| SCANNER-ANALYZERS-PHP-27-001 | TODO | | SPRINT_131_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | — | — | SCSA0101 |
| SCANNER-ENTRYTRACE-18-508 | TODO | | SPRINT_0136_0001_0001_scanner_surface | EntryTrace Guild | | — | — | SCSS0101 |
| SCANNER-SECRETS-02 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0136_0001_0001_scanner_surface | Secrets Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | Provider chain implemented (primary + fallback) with DI wiring; tests added (`StellaOps.Scanner.Surface.Secrets.Tests`). | SURFACE-SECRETS-01 | SCSS0101 |
| SCANNER-SURFACE-01 | BLOCKED (2025-11-25) | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild | | — | — | SCSS0101 |
| CARTO-GRAPH-21-002 | DONE | 2025-11-17 | SPRINT_113_concelier_ii | Cartographer Guild | src/Cartographer/Contracts | ATLN0101 approvals | Task #1 schema freeze | CAGR0101 |
| POLICY-ENGINE-27-004 | TODO | | SPRINT_124_policy_reasoning | Policy Guild | | — | — | PLPE0102 |
| --JOB-ORCHESTRATOR-DOCS-0001 | TODO | | SPRINT_0323_0001_0001_docs_modules_orchestrator | Docs Guild (docs/modules/orchestrator) | docs/modules/orchestrator | ORGR0102 outline | | DOOR0101 |
| --JOB-ORCH-ENG-0001 | DONE | | SPRINT_0323_0001_0001_docs_modules_orchestrator | Module Team (docs/modules/orchestrator) | docs/modules/orchestrator | ORGR0102 outline | | DOOR0101 |
| --JOB-ORCH-OPS-0001 | DONE | | SPRINT_0323_0001_0001_docs_modules_orchestrator | Ops Guild (docs/modules/orchestrator) | docs/modules/orchestrator | DOOR0101 doc structure | | DOOR0101 |
| 24-001 | DONE | 2025-11-09 | SPRINT_0140_0001_0001_runtime_signals | Signals Guild | src/Signals/StellaOps.Signals | — | — | SGSI0101 |
| 24-002 | DOING | 2025-11-07 | SPRINT_0140_0001_0001_runtime_signals | Signals Guild | src/Signals/StellaOps.Signals | Surface cache availability | Surface cache availability | SGSI0101 |
| 24-003 | DOING | 2025-11-09 | SPRINT_0140_0001_0001_runtime_signals | Signals Guild | src/Signals/StellaOps.Signals | 24-002 + provenance enrichment | 24-002 + provenance enrichment | SGSI0101 |
| 24-004 | BLOCKED | 2025-10-27 | SPRINT_0140_0001_0001_runtime_signals | Signals Guild | src/Signals/StellaOps.Signals | Authority scopes + 24-003 | Authority scopes + 24-003 | SGSI0101 |
| 24-005 | BLOCKED | 2025-10-27 | SPRINT_0140_0001_0001_runtime_signals | Signals Guild | src/Signals/StellaOps.Signals | 24-004 scoring outputs | 24-004 scoring outputs | SGSI0101 |
| 29-007 | DONE | 2025-11-17 | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild · Observability Guild | src/Findings/StellaOps.Findings.Ledger | LEDGER-29-007 | LEDGER-29-006 | PLLG0104 |
| 29-008 | DONE | 2025-11-22 | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild · QA Guild | src/Findings/StellaOps.Findings.Ledger | 29-007 | LEDGER-29-007 | PLLG0104 |
| 29-009 | BLOCKED | 2025-11-17 | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild · DevOps Guild | src/Findings/StellaOps.Findings.Ledger | 29-008 | LEDGER-29-008 | PLLG0104 |
| 30-001 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | — | — | PLVL0102 |
| 30-002 | BLOCKED | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-001 | VEXLENS-30-001 | PLVL0102 |
| 30-003 | BLOCKED | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · Issuer Directory Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-002 | VEXLENS-30-002 | PLVL0102 |
| 30-004 | BLOCKED | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · Policy Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-003 | VEXLENS-30-003 | PLVL0102 |
| 30-005 | BLOCKED | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-004 | VEXLENS-30-004 | PLVL0102 |
| 30-006 | BLOCKED | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · Findings Ledger Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-005 | VEXLENS-30-005 | PLVL0102 |
| 30-007 | BLOCKED | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-006 | VEXLENS-30-006 | PLVL0102 |
| 30-008 | BLOCKED | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · Policy Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-007 | VEXLENS-30-007 | PLVL0102 |
| 30-009 | BLOCKED | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · Observability Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-008 | VEXLENS-30-008 | PLVL0102 |
| 30-010 | BLOCKED | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · QA Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-009 | VEXLENS-30-009 | PLVL0102 |
| 30-011 | BLOCKED | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · DevOps Guild | src/VexLens/StellaOps.VexLens | VEXLENS-30-010 | VEXLENS-30-010 | PLVL0103 |
| 31-008 | DONE (2025-11-22) | 2025-11-22 | SPRINT_110_ingestion_evidence | Advisory AI Guild | src/AdvisoryAI/StellaOps.AdvisoryAI | AIAI-31-006; AIAI-31-007 | AIAI-31-006; AIAI-31-007 | ADAI0101 |
| 31-009 | DONE | 2025-11-12 | SPRINT_110_ingestion_evidence | Advisory AI Guild | src/AdvisoryAI/StellaOps.AdvisoryAI | — | — | ADAI0101 |
| 34-101 | DONE | 2025-11-22 | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild | src/Findings/StellaOps.Findings.Ledger | 29-009 | LEDGER-29-009 | PLLG0104 |
| 401-004 | BLOCKED | 2025-11-25 | SPRINT_0401_0001_0001_reachability_evidence_chain | Replay Core Guild | `src/__Libraries/StellaOps.Replay.Core` | Signals facts stable (SGSI0101) | Blocked: awaiting SGSI0101 runtime facts + CAS policy from GAP-REP-004 | RPRC0101 |
| 41-001 | DONE (2025-11-30) | 2025-11-30 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild | src/TaskRunner/StellaOps.TaskRunner | — | Contract landed via product advisory 2025-11-29; implemented per `docs/modules/taskrunner/architecture.md`. | ORTR0101 |
| 44-001 | TODO | | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · DevEx Guild (ops/deployment) | ops/deployment | — | — | DVDO0103 |
| 44-002 | TODO | | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild (ops/deployment) | ops/deployment | 44-001 | 44-001 | DVDO0103 |
| 44-003 | TODO | | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Docs Guild (ops/deployment) | ops/deployment | 44-002 | 44-002 | DVDO0103 |
| 45-001 | BLOCKED | 2025-11-25 | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment Guild (ops/deployment) | ops/deployment | 44-003 | 44-003 | DVDO0103 |
| 45-002 | BLOCKED | 2025-11-25 | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment Guild · Security Guild (ops/deployment) | ops/deployment | 45-001 | 45-001 | DVDO0103 |
| 45-003 | BLOCKED | 2025-11-25 | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment Guild · Observability Guild (ops/deployment) | ops/deployment | 45-002 | 45-002 | DVDO0103 |
| 50-002 | DOING | | SPRINT_0170_0001_0001_notifications_telemetry | Telemetry Core Guild | src/Telemetry/StellaOps.Telemetry.Core | SGSI0101 feed availability | SGSI0101 feed availability | TLTY0101 |
| 51-002 | BLOCKED | 2025-11-25 | SPRINT_0170_0001_0001_notifications_telemetry | Telemetry Core Guild · Observability Guild · Security Guild | src/Telemetry/StellaOps.Telemetry.Core | OBS-50 baselines | Waiting on OBS-50 baselines and ORCH-OBS-50-001 schemas | TLTY0101 |
| 54-001 | BLOCKED | 2025-11-25 | SPRINT_0503_0001_0001_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | | Await PGMI0101 staffing confirmation | Staffing not assigned (PROGRAM-STAFF-1001) | AGCO0101 |
| 56-001 | BLOCKED | 2025-11-25 | SPRINT_0170_0001_0001_notifications_telemetry | Telemetry Core Guild · Observability Guild | src/Telemetry/StellaOps.Telemetry.Core | SGSI0101 provenance | Blocked: SGSI0101 provenance feed/contract pending | TLTY0101 |
| 58 series | TODO | | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild · AirGap Guilds · Evidence Locker Guild | src/Findings/StellaOps.Findings.Ledger | | | PLLG0102 |
| 61-001 | TODO | | SPRINT_0511_0001_0001_api | API Governance Guild | src/Api/StellaOps.Api.Governance | — | — | APIG0101 |
| 61-002 | TODO | | SPRINT_0511_0001_0001_api | API Governance Guild | src/Api/StellaOps.Api.Governance | 61-001 | 61-001 | APIG0101 |
| 62-001 | BLOCKED | 2025-11-25 | SPRINT_206_devportal | DevPortal Guild | src/DevPortal/StellaOps.DevPortal.Site | APIG0101 outputs | Waiting on APIG0101 outputs / API baseline | DEVL0101 |
| 62-002 | BLOCKED | 2025-11-25 | SPRINT_206_devportal | DevPortal Guild | src/DevPortal/StellaOps.DevPortal.Site | 62-001 | Blocked: 62-001 not delivered | DEVL0101 |
| 63-001 | BLOCKED | 2025-11-25 | SPRINT_206_devportal | DevPortal Guild · Platform Guild | src/DevPortal/StellaOps.DevPortal.Site | 62-002 | Blocked: 62-002 outstanding | DEVL0101 |
| 63-002 | BLOCKED | 2025-11-25 | SPRINT_206_devportal | DevPortal Guild · SDK Generator Guild | src/DevPortal/StellaOps.DevPortal.Site | 63-001 | Blocked: 63-001 outstanding | DEVL0101 |
| 63-003 | BLOCKED | 2025-11-25 | SPRINT_0208_0001_0001_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | APIG0101 outputs | Waiting on APIG0101 outputs | SDKG0101 |
| 63-004 | BLOCKED | 2025-11-25 | SPRINT_0208_0001_0001_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | 63-003 | Blocked: 63-003 outstanding | SDKG0101 |
| 64-001 | BLOCKED | 2025-11-25 | SPRINT_206_devportal | DevPortal Guild · Export Center Guild | src/DevPortal/StellaOps.DevPortal.Site | Export profile review | Waiting on export profile review doc | DEVL0101 |
| 64-002 | BLOCKED | 2025-11-25 | SPRINT_160_export_evidence | DevPortal Offline + AirGap Controller Guilds | docs/modules/export-center/devportal-offline.md | Wait for Mirror staffing confirmation (001_PGMI0101) | Wait for Mirror staffing confirmation (001_PGMI0101) | DEVL0102 |
| 73-001 | DONE | 2025-11-03 | SPRINT_100_identity_signing | KMS Guild | src/__Libraries/StellaOps.Cryptography.Kms | Staffing + DSSE contract (PGMI0101, ATEL0101) | Staffing + DSSE contract (PGMI0101, ATEL0101) | KMSI0101 |
| 73-002 | DONE | 2025-11-03 | SPRINT_100_identity_signing | KMS Guild | src/__Libraries/StellaOps.Cryptography.Kms | Depends on #1, FIDO2 profile | FIDO2 | KMSI0101 |
| ADVISORY-AI-DOCS-0001 | TODO | | SPRINT_0312_0001_0001_docs_modules_advisory_ai | Docs Guild (docs/modules/advisory-ai) | docs/modules/advisory-ai | Align with ./AGENTS.md | — | DOAI0101 |
| AI-DOCS-0001 | TODO | | SPRINT_0312_0001_0001_docs_modules_advisory_ai | Docs Guild (docs/modules/advisory-ai) | docs/modules/advisory-ai | — | — | DOAI0101 |
| AI-OPS-0001 | TODO | | SPRINT_0312_0001_0001_docs_modules_advisory_ai | Ops Guild (docs/modules/advisory-ai) | docs/modules/advisory-ai | — | — | DOAI0101 |
| AIAI-31-001 | DONE | 2025-11-09 | SPRINT_110_ingestion_evidence | Excititor Web/Core Guilds | src/AdvisoryAI/StellaOps.AdvisoryAI | Validate Excititor hand-off replay | Validate Excititor hand-off replay | ADAI0102 |
| AIAI-31-002 | DONE | 2025-11-18 | SPRINT_110_ingestion_evidence | Concelier Core · Concelier WebService Guilds | src/AdvisoryAI/StellaOps.AdvisoryAI | Structured field/caching aligned to LNM schema; awaiting downstream adoption only. | CONCELIER-GRAPH-21-001; CARTO-GRAPH-21-002 | ADAI0102 |
| AIAI-31-003 | DONE | 2025-11-12 | SPRINT_110_ingestion_evidence | Concelier Observability Guild | src/AdvisoryAI/StellaOps.AdvisoryAI | Await observability evidence upload | Await observability evidence upload | ADAI0102 |
| AIAI-31-004 | DONE (2025-12-04) | 2025-12-04 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Console Guild | docs/advisory-ai | Guardrail console guide refreshed with deterministic captures plus consolidated hash manifest (`docs/advisory-ai/console-fixtures.sha256`) and verification steps. | CONSOLE-VULN-29-001; CONSOLE-VEX-30-001; SBOM-AIAI-31-003 | DOAI0101 |
| AIAI-31-005 | DONE (2025-11-25) | 2025-11-25 | SPRINT_110_ingestion_evidence | Docs Guild | | DOCS-AIAI-31-004; CLI-VULN-29-001; CLI-VEX-30-001; POLICY-ENGINE-31-001; DEVOPS-AIAI-31-001 | DOCS-AIAI-31-004; CLI-VULN-29-001; CLI-VEX-30-001; POLICY-ENGINE-31-001; DEVOPS-AIAI-31-001 | DOAI0101 |
| AIAI-31-006 | DONE | 2025-11-13 | SPRINT_0111_0001_0001_advisoryai | Docs Guild, Policy Guild (docs) | | — | — | DOAI0101 |
| AIAI-31-008 | DONE (2025-11-22) | 2025-11-22 | SPRINT_110_ingestion_evidence | Advisory AI Guild | | Remote inference packaging delivered with on-prem container + manifests. | AIAI-31-006; AIAI-31-007 | DOAI0101 |
| AIAI-31-009 | DONE | 2025-11-12 | SPRINT_110_ingestion_evidence | Advisory AI Guild | | Regression suite + `AdvisoryAI:Guardrails` config landed with perf budgets. | — | DOAI0101 |
| AIRGAP-46-001 | TODO | | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Offline Kit Guild | ops/deployment | Needs Mirror staffing + DSSE plan (001_PGMI0101, 002_ATEL0101) | Needs Mirror staffing + DSSE plan (001_PGMI0101, 002_ATEL0101) | AGDP0101 |
| AIRGAP-56 | DONE (2025-11-24) | 2025-11-24 | SPRINT_110_ingestion_evidence | Excititor Guild · AirGap Guilds | docs/modules/airgap/airgap-mode.md | Air-gap ingest parity delivered against frozen LNM schema. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | AGCO0101 |
| AIRGAP-56-001 | DONE (2025-11-24) | 2025-11-24 | SPRINT_110_ingestion_evidence | Exporter Guild · AirGap Time Guild · CLI Guild | docs/modules/airgap/airgap-mode.md | Mirror import helpers and bundle catalog wired for sealed mode. | PROGRAM-STAFF-1001 | AGCO0101 |
| AIRGAP-56-001..58-001 | DONE (2025-11-24) | 2025-11-24 | SPRINT_110_ingestion_evidence | Concelier Core · AirGap Guilds | docs/modules/airgap/airgap-mode.md | Deterministic bundle + manifest/entry-trace and sealed-mode deploy runbook shipped. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ELOCKER-CONTRACT-2001 | AGCO0101 |
| AIRGAP-56-002 | DONE | | SPRINT_0170_0001_0001_notifications_telemetry | Notifications Service Guild · DevOps Guild | src/Notify/StellaOps.Notify | | | NOTY0101 |
| AIRGAP-56-003 | TODO | | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Exporter Guild | docs/modules/airgap | DOCS-AIRGAP-56-002 | DOCS-AIRGAP-56-002 | AIDG0101 |
| AIRGAP-56-004 | TODO | | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Deployment Guild | docs/modules/airgap | AIRGAP-56-003 | DOCS-AIRGAP-56-003 | AIDG0101 |
| AIRGAP-57 | DONE (2025-11-24) | 2025-11-24 | SPRINT_110_ingestion_evidence | Excititor Guild · AirGap Guilds | docs/modules/airgap/airgap-mode.md | Air-gap bundle timeline/hooks completed. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | AGCO0101 |
| AIRGAP-57-001 | DONE | 2025-11-08 | SPRINT_100_identity_signing | Authority Core & Security Guild, DevOps Guild (src/Authority/StellaOps.Authority) | src/Authority/StellaOps.Authority | | AUTH-AIRGAP-56-001; DEVOPS-AIRGAP-57-002 | KMSI0101 |
| AIRGAP-57-002 | DOING | 2025-11-08 | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Authority Guild (ops/devops) | ops/devops | | | DVDO0101 |
| AIRGAP-57-003 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild · CLI Guild | docs/modules/airgap | CLI & ops inputs | CLI & ops inputs | AIDG0101 |
| AIRGAP-57-004 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild · Ops Guild | docs/modules/airgap | AIRGAP-57-003 | AIRGAP-57-003 | AIDG0101 |
| AIRGAP-58 | DONE (2025-11-24) | 2025-11-24 | SPRINT_110_ingestion_evidence | Excititor Guild · AirGap Guilds | docs/modules/airgap/airgap-mode.md | Import/export automation delivered for frozen schema. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | AGCO0101 |
| AIRGAP-58-001 | TODO | | SPRINT_112_concelier_i | Concelier Core Guild · Evidence Locker Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | | | AGCN0101 |
| AIRGAP-58-002 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild, Security Guild (docs) | docs/modules/airgap | | | AIDG0101 |
| AIRGAP-58-003 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild, DevEx Guild (docs) | docs/modules/airgap | | | AIDG0101 |
| AIRGAP-58-004 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild, Evidence Locker Guild (docs) | docs/modules/airgap | | | AIDG0101 |
| AIRGAP-CTL-56-001 | TODO | | SPRINT_510_airgap | AirGap Controller Guild | src/AirGap/StellaOps.AirGap.Controller | Implement `airgap_state` persistence, seal/unseal state machine, and Authority scope checks (`airgap:seal`, `airgap:status:read`). | ATLN0101 review | AGCT0101 |
| AIRGAP-CTL-56-002 | TODO | | SPRINT_510_airgap | AirGap Controller Guild · DevOps Guild | src/AirGap/StellaOps.AirGap.Controller | Expose `GET /system/airgap/status`, `POST /system/airgap/seal`, integrate policy hash validation, and return staleness/time anchor placeholders. Dependencies: AIRGAP-CTL-56-001. | AIRGAP-CTL-56-001 | AGCT0101 |
| AIRGAP-CTL-57-001 | TODO | | SPRINT_510_airgap | AirGap Controller Guild | src/AirGap/StellaOps.AirGap.Controller | Add startup diagnostics that block application run when sealed flag set but egress policies missing; emit audit + telemetry. Dependencies: AIRGAP-CTL-56-002. | AIRGAP-CTL-56-002 | AGCT0101 |
| AIRGAP-CTL-57-002 | TODO | | SPRINT_510_airgap | AirGap Controller Guild · Observability Guild | src/AirGap/StellaOps.AirGap.Controller | Instrument seal/unseal events with trace/log fields and timeline emission (`airgap.sealed`, `airgap.unsealed`). Dependencies: AIRGAP-CTL-57-001. | AIRGAP-CTL-57-001 | AGCT0101 |
| AIRGAP-CTL-58-001 | TODO | | SPRINT_510_airgap | AirGap Controller Guild · AirGap Time Guild | src/AirGap/StellaOps.AirGap.Controller | Persist time anchor metadata, compute drift seconds, and surface staleness budgets in status API. Dependencies: AIRGAP-CTL-57-002. | AIRGAP-CTL-57-002 | AGCT0101 |
| AIRGAP-DEVPORT-64-001 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild · DevPortal Offline Guild | docs/modules/export-center/devportal-offline.md | Depends on 071_AGCO0101 manifest decisions | Depends on 071_AGCO0101 manifest decisions | DEVL0102 |
| AIRGAP-IMP-56-001 | TODO | | SPRINT_510_airgap | AirGap Importer Guild | src/AirGap/StellaOps.AirGap.Importer | Implement DSSE verification helpers, TUF metadata parser (`root.json`, `snapshot.json`, `timestamp.json`), and Merkle root calculator. | ATLN0101 approvals | AGIM0101 |
| AIRGAP-IMP-56-002 | TODO | | SPRINT_510_airgap | AirGap Importer Guild · Security Guild | src/AirGap/StellaOps.AirGap.Importer | Introduce root rotation policy validation (dual approval) and signer trust store management. Dependencies: AIRGAP-IMP-56-001. | AIRGAP-IMP-56-001 | AGIM0101 |
| AIRGAP-IMP-57-001 | TODO | | SPRINT_510_airgap | AirGap Importer Guild | src/AirGap/StellaOps.AirGap.Importer | Write `bundle_catalog` and `bundle_items` repositories with RLS + deterministic migrations. Dependencies: AIRGAP-IMP-56-002. | Importer infra | AGIM0101 |
| AIRGAP-IMP-57-002 | TODO | | SPRINT_510_airgap | AirGap Importer Guild · DevOps Guild | src/AirGap/StellaOps.AirGap.Importer | Implement object-store loader storing artifacts under tenant/global mirror paths with Zstandard decompression and checksum validation. Dependencies: AIRGAP-IMP-57-001. | 57-001 | AGIM0101 |
| AIRGAP-IMP-58-001 | TODO | | SPRINT_510_airgap | AirGap Importer Guild · CLI Guild | src/AirGap/StellaOps.AirGap.Importer | Implement API (`POST /airgap/import`, `/airgap/verify`) and CLI commands wiring verification + catalog updates, including diff preview. Dependencies: AIRGAP-IMP-57-002. | CLI contract alignment | AGIM0101 |
| AIRGAP-IMP-58-002 | TODO | | SPRINT_510_airgap | AirGap Importer Guild · Observability Guild | src/AirGap/StellaOps.AirGap.Importer | Emit timeline events (`airgap.import.started. Dependencies: AIRGAP-IMP-58-001. | 58-001 observability | AGIM0101 |
| AIRGAP-TIME-57-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | | PROGRAM-STAFF-1001; AIRGAP-TIME-CONTRACT-1501 | PROGRAM-STAFF-1001; AIRGAP-TIME-CONTRACT-1501 | ATMI0102 |
| AIRGAP-TIME-57-002 | TODO | | SPRINT_510_airgap | AirGap Time Guild · Observability Guild | src/AirGap/StellaOps.AirGap.Time | Add telemetry counters for time anchors (`airgap_time_anchor_age_seconds`) and alerts for approaching thresholds. Dependencies: AIRGAP-TIME-57-001. | Controller schema | AGTM0101 |
| AIRGAP-TIME-58-001 | TODO | | SPRINT_510_airgap | AirGap Time Guild | src/AirGap/StellaOps.AirGap.Time | Persist drift baseline, compute per-content staleness (advisories, VEX, policy) based on bundle metadata, and surface through controller status API. Dependencies: AIRGAP-TIME-57-002. | 57-002 | AGTM0101 |
| AIRGAP-TIME-58-002 | TODO | | SPRINT_510_airgap | AirGap Time Guild, Notifications Guild (src/AirGap/StellaOps.AirGap.Time) | src/AirGap/StellaOps.AirGap.Time | Emit notifications and timeline events when staleness budgets breached or approaching. Dependencies: AIRGAP-TIME-58-001. | | AGTM0101 |
| ANALYZERS-DENO-26-001 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Bootstrap analyzer helpers | Bootstrap analyzer helpers | SCSA0201 |
| ANALYZERS-DENO-26-002 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Depends on #1 | SCANNER-ANALYZERS-DENO-26-001 | SCSA0201 |
| ANALYZERS-DENO-26-003 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Depends on #2 | SCANNER-ANALYZERS-DENO-26-002 | SCSA0201 |
| ANALYZERS-DENO-26-004 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Depends on #3 | SCANNER-ANALYZERS-DENO-26-003 | SCSA0201 |
| ANALYZERS-DENO-26-005 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Depends on #4 | SCANNER-ANALYZERS-DENO-26-004 | SCSA0201 |
| ANALYZERS-DENO-26-006 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Depends on #5 | SCANNER-ANALYZERS-DENO-26-005 | SCSA0201 |
| ANALYZERS-DENO-26-007 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | SCANNER-ANALYZERS-DENO-26-006 | SCANNER-ANALYZERS-DENO-26-006 | SCSA0102 |
| ANALYZERS-DENO-26-008 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild, QA Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | SCANNER-ANALYZERS-DENO-26-007 | SCANNER-ANALYZERS-DENO-26-007 | SCSA0102 |
| ANALYZERS-DENO-26-009 | TODO | | SPRINT_131_scanner_surface | Deno Analyzer Guild, Signals Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | SCANNER-ANALYZERS-DENO-26-008 | SCANNER-ANALYZERS-DENO-26-008 | SCSA0101 |
| ANALYZERS-DENO-26-010 | TODO | | SPRINT_131_scanner_surface | Deno Analyzer Guild, DevOps Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | SCANNER-ANALYZERS-DENO-26-009 | SCANNER-ANALYZERS-DENO-26-009 | SCSA0101 |
| ANALYZERS-DENO-26-011 | TODO | | SPRINT_131_scanner_surface | Deno Analyzer Guild · Signals Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Depends on ANALYZERS-DENO-26-010 + telemetry schema | SCANNER-ANALYZERS-DENO-26-010 | SCSA0202 |
| ANALYZERS-JAVA-21-005 | TODO | | SPRINT_131_scanner_surface | Java Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | SCANNER-ANALYZERS-JAVA-21-004 | SCANNER-ANALYZERS-JAVA-21-004 | SCSA0301 |
| ANALYZERS-JAVA-21-006 | TODO | | SPRINT_131_scanner_surface | Java Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Depends on #1 | SCANNER-ANALYZERS-JAVA-21-005 | SCSA0301 |
| ANALYZERS-JAVA-21-007 | TODO | | SPRINT_131_scanner_surface | Java Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Depends on #2 | SCANNER-ANALYZERS-JAVA-21-006 | SCSA0301 |
| ANALYZERS-JAVA-21-008 | BLOCKED | 2025-10-27 | SPRINT_131_scanner_surface | Java Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | SCANNER-ANALYZERS-JAVA-21-007 | SCANNER-ANALYZERS-JAVA-21-007 | SCSA0102 |
| ANALYZERS-JAVA-21-009 | TODO | | SPRINT_131_scanner_surface | Java Analyzer Guild, QA Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | SCANNER-ANALYZERS-JAVA-21-008 | SCANNER-ANALYZERS-JAVA-21-008 | SCSA0102 |
| ANALYZERS-JAVA-21-010 | TODO | | SPRINT_131_scanner_surface | Java Analyzer Guild, Signals Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | SCANNER-ANALYZERS-JAVA-21-009 | SCANNER-ANALYZERS-JAVA-21-009 | SCSA0101 |
| ANALYZERS-JAVA-21-011 | TODO | | SPRINT_131_scanner_surface | Java Analyzer Guild · DevOps Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Requires SCANNER-ANALYZERS-JAVA-21-010 + DevOps packaging | SCANNER-ANALYZERS-JAVA-21-010 | SCSA0301 |
| ANALYZERS-LANG-11-001 | TODO | | SPRINT_131_scanner_surface | StellaOps.Scanner EPDR Guild · Language Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Requires SCANNER-ANALYZERS-LANG-10-309 artifact | SCANNER-ANALYZERS-LANG-10-309 | SCSA0103 |
| ANALYZERS-LANG-11-002 | TODO | | SPRINT_0132_0001_0001_scanner_surface | StellaOps.Scanner EPDR Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Depends on #1 for shared metadata | SCANNER-ANALYZERS-LANG-11-001 | SCSA0103 |
| ANALYZERS-LANG-11-003 | TODO | | SPRINT_0132_0001_0001_scanner_surface | StellaOps.Scanner EPDR Guild · Signals Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Needs #2 plus Signals schema for entry-trace | SCANNER-ANALYZERS-LANG-11-002 | SCSA0103 |
| ANALYZERS-LANG-11-004 | TODO | | SPRINT_0132_0001_0001_scanner_surface | StellaOps.Scanner EPDR Guild · SBOM Service Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Requires #3 and SBOM service hooks | SCANNER-ANALYZERS-LANG-11-003 | SCSA0103 |
| ANALYZERS-LANG-11-005 | TODO | | SPRINT_0132_0001_0001_scanner_surface | StellaOps.Scanner EPDR Guild · QA Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Depends on #4 for QA fixtures | SCANNER-ANALYZERS-LANG-11-004 | SCSA0103 |
| ANALYZERS-NATIVE-20-001 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Bootstrap native analyzer helpers | Bootstrap native analyzer helpers | SCSA0401 |
| ANALYZERS-NATIVE-20-002 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #1 | SCANNER-ANALYZERS-NATIVE-20-001 | SCSA0401 |
| ANALYZERS-NATIVE-20-003 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #2 | SCANNER-ANALYZERS-NATIVE-20-002 | SCSA0401 |
| ANALYZERS-NATIVE-20-004 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #3 | SCANNER-ANALYZERS-NATIVE-20-003 | SCSA0401 |
| ANALYZERS-NATIVE-20-005 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #4 | SCANNER-ANALYZERS-NATIVE-20-004 | SCSA0401 |
| ANALYZERS-NATIVE-20-006 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #5 | SCANNER-ANALYZERS-NATIVE-20-005 | SCSA0401 |
| ANALYZERS-NATIVE-20-007 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #6 | SCANNER-ANALYZERS-NATIVE-20-006 | SCSA0401 |
| ANALYZERS-NATIVE-20-008 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #7 | SCANNER-ANALYZERS-NATIVE-20-007 | SCSA0401 |
| ANALYZERS-NATIVE-20-009 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #8 | SCANNER-ANALYZERS-NATIVE-20-008 | SCSA0401 |
| ANALYZERS-NATIVE-20-010 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Native | Depends on #9 | SCANNER-ANALYZERS-NATIVE-20-009 | SCSA0401 |
| ANALYZERS-NODE-22-001 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Bootstrap Node analyzer helper | Bootstrap Node analyzer helper | SCSA0501 |
| ANALYZERS-NODE-22-002 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #1 | SCANNER-ANALYZERS-NODE-22-001 | SCSA0501 |
| ANALYZERS-NODE-22-003 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #2 | SCANNER-ANALYZERS-NODE-22-002 | SCSA0501 |
| ANALYZERS-NODE-22-004 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #3 | SCANNER-ANALYZERS-NODE-22-003 | SCSA0501 |
| ANALYZERS-NODE-22-005 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #4 | SCANNER-ANALYZERS-NODE-22-004 | SCSA0501 |
| ANALYZERS-NODE-22-006 | TODO | | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #5 | SCANNER-ANALYZERS-NODE-22-005 | SCSA0501 |
| ANALYZERS-NODE-22-007 | TODO | | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #6 | SCANNER-ANALYZERS-NODE-22-006 | SCSA0501 |
| ANALYZERS-NODE-22-008 | TODO | | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #7 | SCANNER-ANALYZERS-NODE-22-007 | SCSA0501 |
| ANALYZERS-NODE-22-009 | TODO | | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild · QA Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #8 | SCANNER-ANALYZERS-NODE-22-008 | SCSA0501 |
| ANALYZERS-NODE-22-010 | TODO | | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild · Signals Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on #9 | SCANNER-ANALYZERS-NODE-22-009 | SCSA0501 |
| ANALYZERS-NODE-22-011 | TODO | | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild · DevOps Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Depends on ANALYZERS-NODE-22-010 + DevOps packaging | SCANNER-ANALYZERS-NODE-22-010 | SCSA0502 |
| ANALYZERS-NODE-22-012 | TODO | | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Needs #1 regression fixtures | SCANNER-ANALYZERS-NODE-22-011 | SCSA0502 |
| ANALYZERS-PHP-27-001 | TODO | | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Analyzer helper bootstrap | Analyzer helper bootstrap | SCSA0601 |
| ANALYZERS-PHP-27-002 | TODO | | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | SCANNER-ANALYZERS-PHP-27-001 | SCANNER-ANALYZERS-PHP-27-001 | SCSA0101 |
| ANALYZERS-PHP-27-003 | TODO | | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | SCANNER-ANALYZERS-PHP-27-002 | SCANNER-ANALYZERS-PHP-27-002 | SCSA0101 |
| ANALYZERS-PHP-27-004 | TODO | | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Depends on SCANNER-ANALYZERS-PHP-27-003 | SCANNER-ANALYZERS-PHP-27-003 | SCSA0601 |
| ANALYZERS-PHP-27-005 | TODO | | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Depends on #2 | SCANNER-ANALYZERS-PHP-27-004 | SCSA0601 |
| ANALYZERS-PHP-27-006 | TODO | | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Depends on #3 | SCANNER-ANALYZERS-PHP-27-005 | SCSA0601 |
| ANALYZERS-PHP-27-007 | TODO | | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Depends on #4 | SCANNER-ANALYZERS-PHP-27-006 | SCSA0601 |
| ANALYZERS-PHP-27-008 | TODO | | SPRINT_0134_0001_0001_scanner_surface | PHP Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Depends on #1 + CLI feedback | SCANNER-ANALYZERS-PHP-27-002 | SCSA0601 |
| ANALYZERS-PHP-27-009 | TODO | | SPRINT_0134_0001_0001_scanner_surface | PHP Analyzer Guild · QA Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Depends on #5 | SCANNER-ANALYZERS-PHP-27-007 | SCSA0601 |
| ANALYZERS-PHP-27-010 | TODO | | SPRINT_0134_0001_0001_scanner_surface | PHP Analyzer Guild · Signals Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Depends on #7 | SCANNER-ANALYZERS-PHP-27-009 | SCSA0601 |
| ANALYZERS-PHP-27-011 | TODO | | SPRINT_0134_0001_0001_scanner_surface | PHP Analyzer Guild, DevOps Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | | SCANNER-ANALYZERS-PHP-27-010 | SCSA0602 |
| ANALYZERS-PHP-27-012 | TODO | | SPRINT_0134_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | | SCANNER-ANALYZERS-PHP-27-011 | SCSA0602 |
| ANALYZERS-PYTHON-23-001 | TODO | | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Analyzer helper bootstrap | Analyzer helper bootstrap | SCSA0701 |
| ANALYZERS-PYTHON-23-002 | TODO | | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Depends on #1 | SCANNER-ANALYZERS-PYTHON-23-001 | SCSA0701 |
| ANALYZERS-PYTHON-23-003 | TODO | | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Depends on #2 | SCANNER-ANALYZERS-PYTHON-23-002 | SCSA0701 |
| ANALYZERS-PYTHON-23-004 | TODO | | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Depends on #3 | SCANNER-ANALYZERS-PYTHON-23-003 | SCSA0701 |
| ANALYZERS-PYTHON-23-005 | TODO | | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Depends on #4 | SCANNER-ANALYZERS-PYTHON-23-004 | SCSA0701 |
| ANALYZERS-PYTHON-23-006 | TODO | | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Depends on #5 | SCANNER-ANALYZERS-PYTHON-23-005 | SCSA0701 |
| ANALYZERS-PYTHON-23-007 | TODO | | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | SCANNER-ANALYZERS-PYTHON-23-006 | SCANNER-ANALYZERS-PYTHON-23-006 | SCSA0101 |
| ANALYZERS-PYTHON-23-008 | TODO | | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | SCANNER-ANALYZERS-PYTHON-23-007 | SCANNER-ANALYZERS-PYTHON-23-007 | SCSA0101 |
| ANALYZERS-PYTHON-23-009 | TODO | | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild, QA Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | SCANNER-ANALYZERS-PYTHON-23-008 | SCANNER-ANALYZERS-PYTHON-23-008 | SCSA0101 |
| ANALYZERS-PYTHON-23-010 | TODO | | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild, Signals Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | SCANNER-ANALYZERS-PYTHON-23-009 | SCANNER-ANALYZERS-PYTHON-23-009 | SCSA0102 |
| ANALYZERS-PYTHON-23-011 | TODO | | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild, DevOps Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | SCANNER-ANALYZERS-PYTHON-23-010 | SCANNER-ANALYZERS-PYTHON-23-010 | SCSA0102 |
| ANALYZERS-PYTHON-23-012 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Python Analyzer Guild | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Needs ANALYZERS-PYTHON-23-011 evidence | SCANNER-ANALYZERS-PYTHON-23-011 | SCSA0702 |
| ANALYZERS-RUBY-28-001 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Bootstrap helper | Bootstrap helper | SCSA0801 |
| ANALYZERS-RUBY-28-002 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #1 | SCANNER-ANALYZERS-RUBY-28-001 | SCSA0801 |
| ANALYZERS-RUBY-28-003 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #2 | SCANNER-ANALYZERS-RUBY-28-002 | SCSA0801 |
| ANALYZERS-RUBY-28-004 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #3 | SCANNER-ANALYZERS-RUBY-28-003 | SCSA0801 |
| ANALYZERS-RUBY-28-005 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #4 | SCANNER-ANALYZERS-RUBY-28-004 | SCSA0801 |
| ANALYZERS-RUBY-28-006 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #5 | SCANNER-ANALYZERS-RUBY-28-005 | SCSA0801 |
| ANALYZERS-RUBY-28-007 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #6 | SCANNER-ANALYZERS-RUBY-28-006 | SCSA0801 |
| ANALYZERS-RUBY-28-008 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #7 | SCANNER-ANALYZERS-RUBY-28-007 | SCSA0801 |
| ANALYZERS-RUBY-28-009 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild · QA Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #8 | SCANNER-ANALYZERS-RUBY-28-008 | SCSA0801 |
| ANALYZERS-RUBY-28-010 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild · Signals Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on #9 | SCANNER-ANALYZERS-RUBY-28-009 | SCSA0801 |
| ANALYZERS-RUBY-28-011 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild · DevOps Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Depends on ANALYZERS-RUBY-28-010 | SCANNER-ANALYZERS-RUBY-28-010 | SCSA0802 |
| ANALYZERS-RUBY-28-012 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Needs #1 fixtures | SCANNER-ANALYZERS-RUBY-28-011 | SCSA0802 |
| AOC-19-001 | TODO | | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild | src/Policy/__Libraries/StellaOps.Policy | Review Link-Not-Merge schema | Review Link-Not-Merge schema | PLAO0101 |
| AOC-19-002 | TODO | | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild | src/Policy/__Libraries/StellaOps.Policy | Depends on #1 | POLICY-AOC-19-001 | PLAO0101 |
| AOC-19-003 | TODO | | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild | src/Policy/__Libraries/StellaOps.Policy | Depends on #2 | POLICY-AOC-19-002 | PLAO0101 |
| AOC-19-004 | TODO | | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild | src/Policy/__Libraries/StellaOps.Policy | Depends on #3 | POLICY-AOC-19-003 | PLAO0101 |
| AOC-19-101 | TODO | 2025-10-28 | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild | ops/devops | Needs helper definitions from PLAO0101 | Needs helper definitions from PLAO0101 | DVAO0101 |
| API-27-001 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Governance decision (APIG0101) | Governance decision (APIG0101) | PLAR0101 |
| API-27-002 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #1 | REGISTRY-API-27-001 | PLAR0101 |
| API-27-003 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #2 | REGISTRY-API-27-002 | PLAR0101 |
| API-27-004 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #3 | REGISTRY-API-27-003 | PLAR0101 |
| API-27-005 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #4 | REGISTRY-API-27-004 | PLAR0101 |
| API-27-006 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #5 | REGISTRY-API-27-005 | PLAR0101 |
| API-27-007 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #6 | REGISTRY-API-27-006 | PLAR0101 |
| API-27-008 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #7 | REGISTRY-API-27-007 | PLAR0101 |
| API-27-009 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #8 | REGISTRY-API-27-008 | PLAR0101 |
| API-27-010 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild | src/Policy/StellaOps.Policy.Registry | Depends on #9 | REGISTRY-API-27-009 | PLAR0101 |
| API-28-001 | TODO | | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Cartographer schema sign-off | Cartographer schema sign-off | GRAP0101 |
| API-28-002 | TODO | | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #1 | Depends on #1 | GRAP0101 |
| API-28-003 | TODO | | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #2 | Depends on #2 | GRAP0101 |
| API-28-004 | TODO | | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #3 | Depends on #3 | GRAP0101 |
| API-28-005 | TODO | | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #4 | Depends on #4 | GRAP0101 |
| API-28-006 | TODO | | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on GRAP0101 base endpoints | Depends on GRAP0101 base endpoints | GRAP0102 |
| API-28-007 | TODO | | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #1 | Depends on #1 | GRAP0102 |
| API-28-008 | TODO | | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #2 | Depends on #2 | GRAP0102 |
| API-28-009 | TODO | | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #3 | Depends on #3 | GRAP0102 |
| API-28-010 | TODO | | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #4 | Depends on #4 | GRAP0102 |
| API-28-011 | TODO | | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Depends on #5 | Depends on #5 | GRAP0102 |
| API-29-001 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Governance schema (APIG0101) | Governance schema (APIG0101) | VUAP0101 |
| API-29-002 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #1 | VULN-API-29-001 | VUAP0101 |
| API-29-003 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #2 | VULN-API-29-002 | VUAP0101 |
| API-29-004 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #3 | VULN-API-29-003 | VUAP0101 |
| API-29-005 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #4 | VULN-API-29-004 | VUAP0101 |
| API-29-006 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #5 | VULN-API-29-005 | VUAP0101 |
| API-29-007 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #6 | VULN-API-29-006 | VUAP0101 |
| API-29-008 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #7 | VULN-API-29-007 | VUAP0101 |
| API-29-009 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #8 | VULN-API-29-008 | VUAP0101 |
| API-29-010 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Depends on #9 | VULN-API-29-009 | VUAP0101 |
| API-29-011 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild · CLI Guild | src/VulnExplorer/StellaOps.VulnExplorer.Api | Requires API-29-010 artifacts | VULN-API-29-010 | VUAP0102 |
| APIGOV-61-001 | TODO | | SPRINT_0511_0001_0001_api | API Governance Guild | src/Api/StellaOps.Api.Governance | Configure spectral/linters with Stella rules; add CI job failing on violations. | 61-001 | APIG0101 |
| APIGOV-61-002 | TODO | | SPRINT_0511_0001_0001_api | API Governance Guild | src/Api/StellaOps.Api.Governance | Implement example coverage checker ensuring every operation has at least one request/response example. Dependencies: APIGOV-61-001. | APIGOV-61-001 | APIG0101 |
| APIGOV-62-001 | TODO | | SPRINT_0511_0001_0001_api | API Governance Guild | src/Api/StellaOps.Api.Governance | Build compatibility diff tool producing additive/breaking reports comparing prior release. Dependencies: APIGOV-61-002. | APIGOV-61-002 | APIG0101 |
| APIGOV-62-002 | TODO | | SPRINT_0511_0001_0001_api | API Governance Guild · DevOps Guild | src/Api/StellaOps.Api.Governance | Automate changelog generation and publish signed artifacts to `src/Sdk/StellaOps.Sdk.Release` pipeline. Dependencies: APIGOV-62-001. | APIGOV-62-001 | APIG0101 |
| APIGOV-63-001 | TODO | | SPRINT_0511_0001_0001_api | API Governance Guild · Notifications Guild | src/Api/StellaOps.Api.Governance | Integrate deprecation metadata into Notification Studio templates for API sunset events. Dependencies: APIGOV-62-002. | APIGOV-62-002 | APIG0101 |
| ATTEST-01-003 | DONE (2025-11-23) | 2025-11-23 | SPRINT_110_ingestion_evidence | Excititor Guild · Evidence Locker Guild | src/Attestor/StellaOps.Attestor | Excititor attestation payloads shipped on frozen bundle v1. | EXCITITOR-AIAI-31-002; ELOCKER-CONTRACT-2001 | ATEL0102 |
| ATTEST-73-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_110_ingestion_evidence | Concelier Core · Evidence Locker Guild | src/Attestor/StellaOps.Attestor | Attestation claims builder verified; TRX archived. | CONCELIER-AIAI-31-002; ELOCKER-CONTRACT-2001 | ATEL0102 |
| ATTEST-73-002 | DONE (2025-11-25) | 2025-11-25 | SPRINT_110_ingestion_evidence | Concelier Core · Evidence Locker Guild | src/Attestor/StellaOps.Attestor | Internal verify endpoint validated; TRX archived. | CONCELIER-AIAI-31-002; ELOCKER-CONTRACT-2001 | ATEL0102 |
| ATTEST-73-003 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild · Policy Guild | docs/modules/attestor | Wait for ATEL0102 evidence | Wait for ATEL0102 evidence | DOAT0102 |
| ATTEST-73-004 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild · Attestor Service Guild | docs/modules/attestor | Depends on #1 | Depends on #1 | DOAT0102 |
| ATTEST-74-001 | DOING | | SPRINT_0170_0001_0001_notifications_telemetry | Notifications Service Guild · Attestor Service Guild | src/Notify/StellaOps.Notify | Needs DSSE schema sign-off | Needs DSSE schema sign-off | NOTY0102 |
| ATTEST-74-002 | DOING | | SPRINT_0170_0001_0001_notifications_telemetry | Notifications Service Guild | src/Notify/StellaOps.Notify | Depends on #1 | Depends on #1 | NOTY0102 |
| ATTEST-74-003 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild · Attestor Console Guild | docs/modules/attestor | Depends on NOTY0102 | Depends on NOTY0102 | DOAT0102 |
| ATTEST-74-004 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild · CLI Attestor Guild | docs/modules/attestor | Depends on NOTY0102 | Depends on NOTY0102 | DOAT0102 |
| ATTEST-75-001 | TODO | | SPRINT_160_export_evidence | Docs Guild · Export Attestation Guild | docs/modules/attestor | Needs Export bundle schema (ECOB0101) | Needs Export bundle schema (ECOB0101) | DOAT0102 |
| ATTEST-75-002 | TODO | | SPRINT_160_export_evidence | Docs Guild · Security Guild | docs/modules/attestor | Depends on #5 | Depends on #5 | DOAT0102 |
| ATTEST-REPLAY-187-003 | TODO | | SPRINT_0187_0001_0001_evidence_locker_cli_integration | Attestor Guild (src/Attestor/StellaOps.Attestor) | `src/Attestor/StellaOps.Attestor`, `docs/modules/attestor/architecture.md` | Wire Attestor/Rekor anchoring for replay manifests and capture verification APIs; extend `docs/modules/attestor/architecture.md` with a replay ledger flow referencing `docs/replay/DETERMINISTIC_REPLAY.md` Section 9. | Align replay payload schema with RPRC0101 | ATRE0101 |
| ATTESTOR-DOCS-0001 | DONE | 2025-11-05 | SPRINT_313_docs_modules_attestor | Docs Guild | docs/modules/attestor | Validate that `docs/modules/attestor/README.md` matches the latest release notes and attestation samples. | | DOAT0102 |
| ATTESTOR-ENG-0001 | TODO | | SPRINT_313_docs_modules_attestor | Module Team | docs/modules/attestor | Cross-check implementation plan milestones against `/docs/implplan/SPRINT_*.md` and update module readiness checkpoints. | Depends on #1-6 | DOAT0102 |
| ATTESTOR-OPS-0001 | TODO | | SPRINT_313_docs_modules_attestor | Ops Guild | docs/modules/attestor | Review runbooks/observability assets after the next sprint demo and capture findings inline with sprint notes. | Depends on #1-6 | DOAT0102 |
| AUTH-AIRGAP-57-001 | DONE (2025-11-08) | 2025-11-08 | SPRINT_100_identity_signing | Authority Core & Security Guild, DevOps Guild (src/Authority/StellaOps.Authority) | src/Authority/StellaOps.Authority | Enforce sealed-mode CI gating by refusing token issuance when declared sealed install lacks sealing confirmation. | AUTH-AIRGAP-56-001; DEVOPS-AIRGAP-57-002 | AUIN0101 |
| AUTH-CRYPTO-90-001 | DOING | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Authority Core & Security Guild | src/Authority/StellaOps.Authority | Migrate Authority signing/key-loading paths (provider registry + crypto hash) so regional bundles can select sovereign providers per docs/security/crypto-routing-audit-2025-11-07.md. | Finalize sovereign crypto keystore plan | AUIN0101 |
| AUTH-DPOP-11-001 | DONE (2025-11-08) | 2025-11-08 | SPRINT_100_identity_signing | Authority Core & Security Guild (src/Authority/StellaOps.Authority) | src/Authority/StellaOps.Authority | DPoP validation now runs for every `/token` grant, interactive tokens inherit `cnf.jkt`/sender claims, and docs/tests document the expanded coverage. | AUTH-AOC-19-002 | AUIN0101 |
| AUTH-MTLS-11-002 | DONE (2025-11-08) | 2025-11-08 | SPRINT_100_identity_signing | Authority Core & Security Guild (src/Authority/StellaOps.Authority) | src/Authority/StellaOps.Authority | Refresh grants now enforce the original client certificate, tokens persist `x5t#S256`/hex metadata via shared helper, and docs/JWKS guidance call out the mTLS binding expectations. | AUTH-DPOP-11-001 | AUIN0101 |
| AUTH-PACKS-43-001 | DONE (2025-11-09) | 2025-11-09 | SPRINT_100_identity_signing | Authority Core & Security Guild (src/Authority/StellaOps.Authority) | src/Authority/StellaOps.Authority | Enforce pack signing policies, approval RBAC checks, CLI CI token scopes, and audit logging for approvals. | AUTH-PACKS-41-001; TASKRUN-42-001; ORCH-SVC-42-101 | AUIN0101 |
| AUTH-REACH-401-005 | DONE (2025-11-27) | 2025-11-27 | SPRINT_0401_0001_0001_reachability_evidence_chain | Authority & Signer Guilds | `src/Authority/StellaOps.Authority`, `src/Signer/StellaOps.Signer` | Predicate types exist (stella.ops/vexDecision@v1 etc.); IAuthorityDsseStatementSigner created with ICryptoProviderRegistry; Rekor via existing IRekorClient. | Coordinate with replay reachability owners | AUIN0101 |
| AUTH-VERIFY-186-007 | TODO | | SPRINT_0186_0001_0001_record_deterministic_execution | Authority Guild · Provenance Guild | `src/Authority/StellaOps.Authority`, `src/Provenance/StellaOps.Provenance.Attestation` | Expose an Authority-side verification helper/service that validates DSSE signatures and Rekor proofs for promotion attestations using trusted checkpoints, enabling offline audit flows. | Await PROB0101 provenance harness | AUIN0101 |
| AUTHORITY-DOCS-0001 | TODO | | SPRINT_314_docs_modules_authority | Docs Guild (docs/modules/authority) | docs/modules/authority | See ./AGENTS.md | Wait for AUIN0101 sign-off | DOAU0101 |
| AUTHORITY-ENG-0001 | TODO | | SPRINT_314_docs_modules_authority | Module Team (docs/modules/authority) | docs/modules/authority | Update status via ./AGENTS.md workflow | Depends on #1 | DOAU0101 |
| AUTHORITY-OPS-0001 | TODO | | SPRINT_314_docs_modules_authority | Ops Guild (docs/modules/authority) | docs/modules/authority | Sync outcomes back to ../.. | Depends on #1 | DOAU0101 |
| AUTO-401-019 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Benchmarks Guild | `docs/benchmarks/vex-evidence-playbook.md`, `scripts/bench/**` | Align with PROB0101 schema | Align with PROB0101 schema | RBBN0101 |
| BACKFILL-401-029 | DOING | | SPRINT_0401_0001_0001_reachability_evidence_chain | Platform Guild | `docs/provenance/inline-dsse.md`, `scripts/publish_attestation_with_provenance.sh` | Align output schema with PROB0101 | Align output schema with PROB0101 | RBRE0101 |
| BENCH-AUTO-401-019 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Benchmarks Guild | `docs/benchmarks/vex-evidence-playbook.md`, `scripts/bench/**` | Create automation to populate `bench/findings/**`, run baseline scanners (Trivy/Syft/Grype/Snyk/Xray), compute FP/MTTD/repro metrics, and update `results/summary.csv`. | Depends on #1 | RBBN0101 |
| BENCH-GRAPH-21-001 | BLOCKED | 2025-10-27 | SPRINT_512_bench | Bench Guild · Graph Platform Guild | src/Bench/StellaOps.Bench | Build graph viewport/path benchmark harness (50k/100k nodes) measuring Graph API/Indexer latency, memory, and tile cache hit rates. *(Executed within Sprint 28 Graph program).* | Wait for CAGR0101 outputs | RBBN0102 |
| BENCH-GRAPH-21-002 | BLOCKED | 2025-10-27 | SPRINT_512_bench | Bench Guild · UI Guild | src/Bench/StellaOps.Bench | Add headless UI load benchmark (Playwright) for graph canvas interactions to track render times and FPS budgets. *(Executed within Sprint 28 Graph program).*. Dependencies: BENCH-GRAPH-21-001. | Depends on #1 | RBBN0102 |
| BENCH-GRAPH-24-002 | TODO | | SPRINT_512_bench | Bench Guild · UI Guild | src/Bench/StellaOps.Bench | Implement UI interaction benchmarks (filter/zoom/table operations) citing p95 latency; integrate with perf dashboards. Dependencies: BENCH-GRAPH-21-002. | Align with ORTR0101 job metadata | RBBN0102 |
| BENCH-IMPACT-16-001 | TODO | | SPRINT_512_bench | Bench Guild · Scheduler Team | src/Bench/StellaOps.Bench | ImpactIndex throughput bench (resolve 10k productKeys) + RAM profile. | Needs Scheduler signals from ORTR0102 | RBBN0102 |
| BENCH-POLICY-20-002 | TODO | | SPRINT_512_bench | Bench Guild · Policy Guild | src/Bench/StellaOps.Bench | Add incremental run benchmark measuring delta evaluation vs full; capture SLA compliance. | Wait for PLLG0104 ledger events | RBBN0102 |
| BENCH-SIG-26-001 | TODO | | SPRINT_512_bench | Bench Guild · Signals Guild | src/Bench/StellaOps.Bench | Develop benchmark for reachability scoring pipeline (facts/sec, latency, memory) using synthetic callgraphs/runtime batches. | Needs SGSI0101 runtime feed | RBBN0102 |
| BENCH-SIG-26-002 | TODO | | SPRINT_512_bench | Bench Guild · Policy Guild | src/Bench/StellaOps.Bench | Measure policy evaluation overhead with reachability cache hot/cold; ensure ≤8 ms p95 added latency. Dependencies: BENCH-SIG-26-001. | Depends on #6 | RBBN0102 |
| BUNDLE-401-014 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Symbols Guild | `src/Symbols/StellaOps.Symbols.Bundle` | Needs RBRE0101 provenance payload | Needs RBRE0101 provenance payload | RBSY0101 |
| BUNDLE-69-001 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | Risk Bundle Export Guild · Risk Engine Guild | src/ExportCenter/StellaOps.ExportCenter.RiskBundles | Align with ATEL0102 DSSE outputs | Align with ATEL0102 DSSE outputs | RBRB0101 |
| BUNDLE-69-002 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | Risk Bundle Export Guild · DevOps Guild | src/ExportCenter/StellaOps.ExportCenter.RiskBundles | Depends on #1 | Depends on #1 | RBRB0101 |
| BUNDLE-70-001 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | Risk Bundle Export Guild · CLI Guild | src/ExportCenter/StellaOps.ExportCenter.RiskBundles | Needs CLI export contract from CLCI0104 | Needs CLI export contract from CLCI0104 | RBRB0101 |
| BUNDLE-70-002 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | Risk Bundle Export Guild · Docs Guild | src/ExportCenter/StellaOps.ExportCenter.RiskBundles | Depends on #3 | Depends on #3 | RBRB0101 |
| CAS-401-001 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Scanner Worker Guild | `src/Scanner/StellaOps.Scanner.Worker` | Wait for RBRE0101 DSSE hashes | Wait for RBRE0101 DSSE hashes | CASC0101 |
| CCCS-02-009 | TODO | | SPRINT_117_concelier_vi | Concelier Connector Guild CCCS | src/Concelier/__Libraries/StellaOps.Concelier.Connector.Cccs | Implement restart-safe watermark + schema tests. | Confirm CCCS ingest watermark | CCFD0101 |
| CENTER-ENG-0001 | TODO | | SPRINT_320_docs_modules_export_center | Module Team · Export Center Guild | docs/modules/export-center | Wait for RBRB0101 bundle sample | Wait for RBRB0101 bundle sample | DOEC0101 |
| CENTER-OPS-0001 | TODO | | SPRINT_320_docs_modules_export_center | Ops Guild · Export Center Guild | docs/modules/export-center | Depends on #1 | Depends on #1 | DOEC0101 |
| CERTBUND-02-010 | TODO | | SPRINT_117_concelier_vi | Concelier Connector Guild CertBund | src/Concelier/__Libraries/StellaOps.Concelier.Connector.CertBund | Update parser + CAS hashing. | Align with German CERT schema changes | CCFD0101 |
| CISCO-02-009 | DOING | 2025-11-08 | SPRINT_117_concelier_vi | Concelier Connector Guild Cisco | src/Concelier/__Libraries/StellaOps.Concelier.Connector.Vndr.Cisco | Harden retry + provenance logging. | Needs vendor API tokens rotated | CCFD0101 |
| CLI-0001 | DONE | 2025-11-10 | SPRINT_0138_0001_0001_scanner_ruby_parity | CLI Guild, Ruby Analyzer Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | SCANNER-ENG-0019 | SCANNER-ENG-0019 | CLCI0101 |
| CLI-401-007 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | UI & CLI Guilds (`src/Cli/StellaOps.Cli`, `src/UI/StellaOps.UI`) | `src/Cli/StellaOps.Cli`, `src/UI/StellaOps.UI` | — | — | CLCI0101 |
| CLI-401-021 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | CLI Guild · DevOps Guild (`src/Cli/StellaOps.Cli`, `scripts/ci/attest-*`, `docs/modules/attestor/architecture.md`) | `src/Cli/StellaOps.Cli`, `scripts/ci/attest-*`, `docs/modules/attestor/architecture.md` | — | — | CLCI0101 |
| CLI-41-001 | TODO | | SPRINT_303_docs_tasks_md_iii | Docs Guild, DevEx/CLI Guild (docs) | | — | — | CLCI0101 |
| CLI-42-001 | BLOCKED | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild (docs) | | Superseded by DOCS-CLI-42-001; scope not defined separately. | Pending clarified scope | CLCI0101 |
| CLI-43-002 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild, Task Runner Guild (ops/devops) | ops/devops | — | — | CLCI0101 |
| CLI-43-003 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild, DevEx/CLI Guild (ops/devops) | ops/devops | — | — | CLCI0101 |
| CLI-AIAI-31-001 | BLOCKED | 2025-11-22 | SPRINT_0201_0001_0001_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella advise summarize` command with JSON/Markdown outputs and citation display. Blocked: upstream Scanner analyzers (Node/Java) fail to compile, preventing CLI tests. | — | CLCI0101 |
| CLI-AIAI-31-002 | DONE | 2025-11-24 | SPRINT_0201_0001_0001_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella advise explain` showing conflict narrative and structured rationale. Dependencies: CLI-AIAI-31-001. | — | CLCI0101 |
| CLI-AIAI-31-003 | DONE | 2025-11-24 | SPRINT_0201_0001_0001_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella advise remediate` generating remediation plans with `--strategy` filters and file output. Dependencies: CLI-AIAI-31-002. | — | CLCI0101 |
| CLI-AIAI-31-004 | TODO | | SPRINT_0201_0001_0001_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella advise batch` for summaries/conflicts/remediation with progress + multi-status responses. Dependencies: CLI-AIAI-31-003. | — | CLCI0102 |
| CLI-AIRGAP-56-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | | PROGRAM-STAFF-1001 | PROGRAM-STAFF-1001 | ATMI0102 |
| CLI-AIRGAP-56-002 | TODO | | SPRINT_0201_0001_0001_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Ensure telemetry propagation under sealed mode (no remote exporters) while preserving correlation IDs; add label `AirGapped-Phase-1`. Dependencies: CLI-AIRGAP-56-001. | — | CLCI0102 |
| CLI-AIRGAP-57-001 | TODO | | SPRINT_0201_0001_0001_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Add `stella airgap import` with diff preview, bundle scope selection (`--tenant`, `--global`), audit logging, and progress reporting. Dependencies: CLI-AIRGAP-56-002. | — | CLCI0102 |
| CLI-AIRGAP-57-002 | TODO | | SPRINT_0201_0001_0001_cli_i | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Provide `stella airgap seal. Dependencies: CLI-AIRGAP-57-001. | — | CLCI0102 |
| CLI-AIRGAP-58-001 | TODO | | SPRINT_0201_0001_0001_cli_i | DevEx/CLI Guild, Evidence Locker Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella airgap export evidence` helper for portable evidence packages, including checksum manifest and verification. Dependencies: CLI-AIRGAP-57-002. | — | CLCI0102 |
| CLI-ATTEST-73-001 | BLOCKED | 2025-11-22 | SPRINT_0201_0001_0001_cli_i | CLI Attestor Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella attest sign` (payload selection, subject digest, key reference, output format) using official SDK transport. Blocked: Scanner analyzer compile failures break CLI build; attestor SDK transport contract not provided. | — | CLCI0102 |
| CLI-ATTEST-73-002 | TODO | | SPRINT_0201_0001_0001_cli_i | CLI Attestor Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella attest verify` with policy selection, explainability output, and JSON/table formatting. Dependencies: CLI-ATTEST-73-001. | — | CLCI0102 |
| CLI-ATTEST-74-001 | TODO | | SPRINT_0201_0001_0001_cli_i | CLI Attestor Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella attest list` with filters (subject, type, issuer, scope) and pagination. Dependencies: CLI-ATTEST-73-002. | — | CLCI0102 |
| CLI-ATTEST-74-002 | TODO | | SPRINT_0201_0001_0001_cli_i | CLI Attestor Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella attest fetch` to download envelopes and payloads to disk. Dependencies: CLI-ATTEST-74-001. | — | CLCI0102 |
| CLI-ATTEST-75-001 | TODO | | SPRINT_0201_0001_0001_cli_i | CLI Attestor Guild, KMS Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella attest key create. Dependencies: CLI-ATTEST-74-002. | — | CLCI0102 |
| CLI-ATTEST-75-002 | TODO | | SPRINT_0201_0001_0001_cli_i | CLI Attestor Guild | src/Cli/StellaOps.Cli | Add support for building/verifying attestation bundles in CLI. Dependencies: CLI-ATTEST-75-001. | Wait for ATEL0102 outputs | CLCI0109 |
| CLI-CORE-41-001 | TODO | | SPRINT_0202_0001_0002_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement CLI core features: config precedence, profiles/contexts, auth flows, output renderer (json/yaml/table), error mapping, global flags, telemetry opt-in. | — | CLCI0103 |
| CLI-DET-01 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · DevEx/CLI Guild | | CLI-SBOM-60-001; CLI-SBOM-60-002 | CLI-SBOM-60-001; CLI-SBOM-60-002 | CLCI0103 |
| CLI-DETER-70-003 | TODO | | SPRINT_0202_0001_0002_cli_ii | DevEx/CLI Guild, Scanner Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Provide `stella detscore run` that executes the determinism harness locally (fixed clock, seeded RNG, canonical hashes) and writes `determinism.json`, supporting CI/non-zero threshold exit codes (`docs/modules/scanner/determinism-score.md`). | — | CLCI0103 |
| CLI-DETER-70-004 | TODO | | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Add `stella detscore report` to summarise published `determinism.json` files (overall score, per-image matrix) and integrate with release notes/air-gap kits (`docs/modules/scanner/determinism-score.md`). Dependencies: CLI-DETER-70-003. | — | CLCI0103 |
| CLI-DOCS-0001 | TODO | | SPRINT_316_docs_modules_cli | Docs Guild (docs/modules/cli) | docs/modules/cli | See ./AGENTS.md | — | CLCI0103 |
| CLI-EDITOR-401-004 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | CLI Guild (`src/Cli/StellaOps.Cli`, `docs/policy/lifecycle.md`) | `src/Cli/StellaOps.Cli`, `docs/policy/lifecycle.md` | Enhance `stella policy` CLI verbs (edit/lint/simulate) to edit Git-backed `.dsl` files, run local coverage tests, and commit SemVer metadata. | — | CLCI0103 |
| CLI-ENG-0001 | TODO | | SPRINT_316_docs_modules_cli | Module Team (docs/modules/cli) | docs/modules/cli | Update status via ./AGENTS.md workflow | — | CLCI0103 |
| CLI-DETER-70-003 | DONE | 2025-11-28 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild, Scanner Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Provide `stella detscore run` that executes the determinism harness locally (fixed clock, seeded RNG, canonical hashes) and writes `determinism.json`, supporting CI/non-zero threshold exit codes (`docs/modules/scanner/determinism-score.md`). | — | CLCI0103 |
| CLI-EXC-25-001 | DONE | 2025-11-28 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella exceptions list | — | CLCI0103 |
| CLI-EXC-25-002 | DONE | 2025-11-28 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Extend `stella policy simulate` with `--with-exception`/`--without-exception` flags to preview exception impact. Dependencies: CLI-EXC-25-001. | — | CLCI0103 |
| CLI-EXPORT-35-001 | BLOCKED | 2025-10-29 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella export profiles | CLCI0103 | CLCI0104 |
| CLI-EXPORT-36-001 | BLOCKED | 2025-11-30 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Add distribution commands (`stella export distribute`, `run download --resume` enhancements) and improved status polling with progress bars. Dependencies: CLI-EXPORT-35-001. | — | CLCI0104 |
| CLI-EXPORT-37-001 | BLOCKED | 2025-11-30 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Provide scheduling (`stella export schedule`), retention, and `export verify` commands performing signature/hash validation. Dependencies: CLI-EXPORT-36-001. | — | CLCI0104 |
| CLI-FORENSICS-53-001 | DONE | 2025-11-28 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild, Evidence Locker Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella forensic snapshot create --case` and `snapshot list/show` commands invoking evidence locker APIs, surfacing manifest digests, and storing local cache metadata. | — | CLCI0104 |
| CLI-FORENSICS-54-001 | DONE | 2025-11-28 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild, Provenance Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Provide `stella forensic verify <bundle>` command validating checksums, DSSE signatures, and timeline chain-of-custody. Support JSON/pretty output and exit codes for CI. Dependencies: CLI-FORENSICS-53-001. | — | CLCI0104 |
| CLI-FORENSICS-54-002 | DONE | 2025-11-28 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild, Provenance Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella forensic attest show <artifact>` listing attestation details (signer, timestamp, subjects) and verifying signatures. Dependencies: CLI-FORENSICS-54-001. | — | CLCI0104 |
| CLI-LNM-22-001 | DONE | 2025-11-28 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella advisory obs get/linkset show/export` commands with JSON/OSV output, pagination, and conflict display; ensure `ERR_AGG_*` mapping. | — | CLCI0103 |
| CLI-LNM-22-002 | DONE | 2025-11-28 | SPRINT_0202_0001_0001_cli_ii | CLI Guild · Concelier Guild | src/Cli/StellaOps.Cli | Implement `stella vex obs get/linkset show` commands with product filters, status filters, and JSON output for CI usage. Dependencies: CLI-LNM-22-001. | Needs CCLN0102 API contract | CLCI0109 |
| CLI-NOTIFY-38-001 | BLOCKED | 2025-10-29 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella notify rules | CLCI0103 | CLCI0104 |
| CLI-NOTIFY-39-001 | BLOCKED | 2025-10-29 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Add simulation (`stella notify simulate`) and digest commands with diff output and schedule triggering, including dry-run mode. Dependencies: CLI-NOTIFY-38-001. | CLCI0103 | CLCI0104 |
| CLI-NOTIFY-40-001 | BLOCKED | 2025-11-30 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Provide ack token redemption workflow, escalation management, localization previews, and channel health checks. Dependencies: CLI-NOTIFY-39-001. | — | CLCI0104 |
| CLI-OBS-50-001 | DONE | 2025-11-28 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Ensure CLI HTTP client propagates `traceparent` headers for all commands, prints correlation IDs on failure, and records trace IDs in verbose logs (scrubbed). | — | CLCI0104 |
| CLI-OBS-51-001 | TODO | | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella obs top` command streaming service health metrics, SLO status, and burn-rate alerts with TUI view and JSON output. Dependencies: CLI-OBS-50-001. | — | CLCI0105 |
| CLI-OBS-52-001 | TODO | | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add `stella obs trace <trace_id>` and `stella obs logs --from/--to` commands that correlate timeline events, logs, and evidence links with pagination + guardrails. Dependencies: CLI-OBS-51-001. | — | CLCI0105 |
| CLI-OBS-55-001 | TODO | | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild · DevOps Guild | src/Cli/StellaOps.Cli | Add `stella obs incident-mode enable. Dependencies: CLI-OBS-52-001. | — | CLCI0105 |
| CLI-OPS-0001 | TODO | | SPRINT_316_docs_modules_cli | Ops Guild (docs/modules/cli) | docs/modules/cli | Sync outcomes back to ../.. | — | CLCI0105 |
| CLI-ORCH-32-001 | TODO | | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella orch sources | ORGR0101 hand-off | CLCI0105 |
| CLI-ORCH-33-001 | TODO | | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add action verbs (`sources test. Dependencies: CLI-ORCH-32-001. | ORGR0101 hand-off | CLCI0105 |
| CLI-ORCH-34-001 | TODO | | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Provide backfill wizard (`--from/--to --dry-run`), quota management (`quotas get. Dependencies: CLI-ORCH-33-001. | ORGR0102 API review | CLCI0105 |
| CLI-PACKS-42-001 | TODO | | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement Task Pack commands (`pack plan/run/push/pull/verify`) with schema validation, expression sandbox, plan/simulate engine, remote execution. | — | CLCI0105 |
| CLI-PACKS-43-001 | TODO | | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Deliver advanced pack features (approvals pause/resume, secret injection, localization, man pages, offline cache). Dependencies: CLI-PACKS-42-001. | Offline kit schema sign-off | CLCI0105 |
| CLI-PACKS-43-002 | TODO | | SPRINT_0508_0001_0001_ops_offline_kit | Offline Kit Guild · Packs Registry Guild | ops/offline-kit | Bundle Task Pack samples, registry mirror seeds, Task Runner configs, and CLI binaries with checksums into Offline Kit. | CLI-PACKS-43-001 | CLCI0105 |
| CLI-PARITY-41-001 | TODO | | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Deliver parity command groups (`policy`, `sbom`, `vuln`, `vex`, `advisory`, `export`, `orchestrator`) with `--explain`, deterministic outputs, and parity matrix entries. | — | CLCI0106 |
| CLI-PARITY-41-002 | TODO | | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `notify`, `aoc`, `auth` command groups, idempotency keys, shell completions, config docs, and parity matrix export tooling. Dependencies: CLI-PARITY-41-001. | — | CLCI0106 |
| CLI-POLICY-20-001 | TODO | | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add `stella policy new | PLPE0101 completion | CLCI0106 |
| CLI-POLICY-23-004 | TODO | | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add `stella policy lint` command validating SPL files with compiler diagnostics; support JSON output. Dependencies: CLI-POLICY-20-001. | PLPE0102 readiness | CLCI0106 |
| CLI-POLICY-23-006 | TODO | | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Provide `stella policy history` and `stella policy explain` commands to pull run history and explanation trees. Dependencies: CLI-POLICY-23-005. | — | CLCI0106 |
| CLI-POLICY-27-001 | TODO | | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement policy workspace commands (`stella policy init`, `edit`, `lint`, `compile`, `test`) with template selection, local cache, JSON output, and deterministic temp directories. Dependencies: CLI-POLICY-23-006. | Ledger API exposure | CLCI0106 |
| CLI-POLICY-27-002 | TODO | | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add submission/review workflow commands (`stella policy version bump`, `submit`, `review comment`, `approve`, `reject`) supporting reviewer assignment, changelog capture, and exit codes. Dependencies: CLI-POLICY-27-001. | CLI-POLICY-27-001 | CLCI0106 |
| CLI-POLICY-27-003 | TODO | | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella policy simulate` enhancements (quick vs batch, SBOM selectors, heatmap summary, manifest download) with `--json` and Markdown report output for CI. Dependencies: CLI-POLICY-27-002. | CLI-POLICY-27-002 | CLCI0106 |
| CLI-POLICY-27-004 | TODO | | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add lifecycle commands for publish/promote/rollback/sign (`stella policy publish --sign`, `promote --env`, `rollback`) with attestation verification and canary arguments. Dependencies: CLI-POLICY-27-003. | CLI-POLICY-27-003 | CLCI0106 |
| CLI-POLICY-27-005 | TODO | | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild · Docs Guild | src/Cli/StellaOps.Cli | Update CLI reference and samples for Policy Studio including JSON schemas, exit codes, and CI snippets. Dependencies: CLI-POLICY-27-004. | CLI-POLICY-27-004 | CLCI0106 |
| CLI-POLICY-27-006 | TODO | | SPRINT_0204_0001_0004_cli_iv | CLI Guild · Policy Guild | src/Cli/StellaOps.Cli | Update CLI policy profiles/help text to request the new Policy Studio scope family, surface ProblemDetails guidance for `invalid_scope`, and adjust regression tests for scope failures. Dependencies: CLI-POLICY-27-005. | Depends on #2 | CLCI0109 |
| CLI-PROMO-70-001 | TODO | | SPRINT_0202_0001_0002_cli_ii | DevEx/CLI Guild · Provenance Guild | src/Cli/StellaOps.Cli | Add `stella promotion assemble` command that resolves image digests, hashes SBOM/VEX artifacts, fetches Rekor proofs from Attestor, and emits the `stella.ops/promotion@v1` JSON payload (see `docs/release/promotion-attestations.md`). | Mirror attestation inputs | CLCI0108 |
| CLI-PROMO-70-002 | TODO | | SPRINT_0203_0001_0003_cli_iii | CLI Guild · Marketing Guild | src/Cli/StellaOps.Cli | Implement `stella promotion attest` / `promotion verify` commands that sign the promotion payload via Signer, retrieve DSSE bundles from Attestor, and perform offline verification against trusted checkpoints (`docs/release/promotion-attestations.md`). Dependencies: CLI-PROMO-70-001. | Needs revised DSSE plan | CLCI0109 |
| CLI-REPLAY-187-002 | TODO | | SPRINT_160_export_evidence | CLI Guild · Replay Guild | `src/Cli/StellaOps.Cli` | CLI Guild · `docs/modules/cli/architecture.md` | Requires RBRE0101 recorder schema | CLCI0109 |
| CLI-RISK-66-001 | TODO | | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild · Policy Guild | src/Cli/StellaOps.Cli | Implement `stella risk profile list | Ledger scores ready | CLCI0108 |
| CLI-RISK-66-002 | TODO | | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild · Risk Engine Guild | src/Cli/StellaOps.Cli | Ship `stella risk simulate` supporting SBOM/asset inputs, diff mode, and export to JSON/CSV. Dependencies: CLI-RISK-66-001. | CLI-RISK-66-001 | CLCI0108 |
| CLI-RISK-67-001 | TODO | | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild · Findings Ledger Guild | src/Cli/StellaOps.Cli | Provide `stella risk results` with filtering, severity thresholds, explainability fetch. Dependencies: CLI-RISK-66-002. | CLI-RISK-66-002 | CLCI0108 |
| CLI-RISK-68-001 | TODO | | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild · Export Guild | src/Cli/StellaOps.Cli | Add `stella risk bundle verify` and integrate with offline risk bundles. Dependencies: CLI-RISK-67-001. | CLI-RISK-67-001 | CLCI0108 |
| CLI-SBOM-60-001 | TODO | | SPRINT_0203_0001_0003_cli_iii | CLI Guild · Scanner Guild | src/Cli/StellaOps.Cli | Ship `stella sbomer layer`/`compose` verbs that capture per-layer fragments, run canonicalization, verify fragment DSSE, and emit `_composition.json` + Merkle diagnostics (ref `docs/modules/scanner/deterministic-sbom-compose.md`). Dependencies: CLI-PARITY-41-001, SCANNER-SURFACE-04. | Wait for CASC0101 manifest | CLSB0101 |
| CLI-SBOM-60-002 | TODO | | SPRINT_0203_0001_0003_cli_iii | CLI Guild | src/Cli/StellaOps.Cli | Add `stella sbomer drift --explain` + `verify` commands that rerun composition locally, highlight which arrays/keys broke determinism, and integrate with Offline Kit bundles. Dependencies: CLI-SBOM-60-001. | Depends on #1 | CLSB0101 |
| CLI-SDK-62-001 | TODO | | SPRINT_0204_0001_0004_cli_iv | CLI Guild · SDK Guild | src/Cli/StellaOps.Cli | Replace bespoke HTTP clients with official SDK (TS/Go) for all CLI commands; ensure modular transport for air-gapped mode. | Align with SDK generator sprint | CLSB0101 |
| CLI-SDK-62-002 | TODO | | SPRINT_0204_0001_0004_cli_iv | CLI Guild | src/Cli/StellaOps.Cli | Update CLI error handling to surface standardized API error envelope with `error.code` and `trace_id`. Dependencies: CLI-SDK-62-001. | Depends on #3 | CLSB0101 |
| CLI-SDK-63-001 | TODO | | SPRINT_0204_0001_0004_cli_iv | CLI Guild | src/Cli/StellaOps.Cli | Expose `stella api spec download` command retrieving aggregate OAS and verifying checksum/ETag. Dependencies: CLI-SDK-62-002. | Needs CAS graph (CASC0101) | CLSB0101 |
| CLI-SDK-64-001 | TODO | | SPRINT_0204_0001_0004_cli_iv | CLI Guild | src/Cli/StellaOps.Cli | Add CLI subcommand `stella sdk update` to fetch latest SDK manifests/changelogs; integrate with Notifications for deprecations. Dependencies: CLI-SDK-63-001. | Depends on #5 | CLSB0101 |
| CLI-SIG-26-001 | TODO | | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella reachability upload-callgraph` and `stella reachability list/explain` commands with streaming upload, pagination, and exit codes. | ATEL0101 signing plan | CLCI0108 |
| CLI-SIG-26-002 | TODO | | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Extend `stella policy simulate` with reachability override flags (`--reachability-state`, `--reachability-score`). Dependencies: CLI-SIG-26-001. | CLI-SIG-26-001 | CLCI0108 |
| CLI-TEN-47-001 | TODO | | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella login`, `whoami`, `tenants list`, persistent profiles, secure token storage, and `--tenant` override with validation. | — | CLCI0108 |
| CLI-TEN-49-001 | TODO | | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add service account token minting, delegation (`stella token delegate`), impersonation banner, and audit-friendly logging. Dependencies: CLI-TEN-47-001. | CLI-TEN-47-001 | CLCI0108 |
| CLI-VEX-30-001 | TODO | | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella vex consensus list` with filters, paging, policy selection, `--json/--csv`. | PLVL0102 completion | CLCI0107 |
| CLI-VEX-30-002 | TODO | | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella vex consensus show` displaying quorum, evidence, rationale, signature status. Dependencies: CLI-VEX-30-001. | CLI-VEX-30-001 | CLCI0107 |
| CLI-VEX-30-003 | TODO | | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella vex simulate` for trust/threshold overrides with JSON diff output. Dependencies: CLI-VEX-30-002. | CLI-VEX-30-002 | CLCI0107 |
| CLI-VEX-30-004 | TODO | | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella vex export` for consensus NDJSON bundles with signature verification helper. Dependencies: CLI-VEX-30-003. | CLI-VEX-30-003 | CLCI0107 |
| CLI-VEX-401-011 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | CLI Guild | `src/Cli/StellaOps.Cli`, `docs/modules/cli/architecture.md`, `docs/benchmarks/vex-evidence-playbook.md` | Add `stella decision export | Reachability API exposure | CLCI0107 |
| CLI-VULN-29-001 | TODO | | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella vuln list` with grouping, paging, filters, `--json/--csv`, and policy selection. | — | CLCI0107 |
| CLI-VULN-29-002 | TODO | | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella vuln show` displaying evidence, policy rationale, paths, ledger summary; support `--json` for automation. Dependencies: CLI-VULN-29-001. | CLI-VULN-29-001 | CLCI0107 |
| CLI-VULN-29-003 | TODO | | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add workflow commands (`assign`, `comment`, `accept-risk`, `verify-fix`, `target-fix`, `reopen`) with filter selection (`--filter`) and idempotent retries. Dependencies: CLI-VULN-29-002. | CLI-VULN-29-002 | CLCI0107 |
| CLI-VULN-29-004 | TODO | | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella vuln simulate` producing delta summaries and optional Markdown report for CI. Dependencies: CLI-VULN-29-003. | CLI-VULN-29-003 | CLCI0107 |
| CLI-VULN-29-005 | TODO | | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add `stella vuln export` and `stella vuln bundle verify` commands to trigger/download evidence bundles and verify signatures. Dependencies: CLI-VULN-29-004. | CLI-VULN-29-004 | CLCI0107 |
| CLI-VULN-29-006 | TODO | | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild · Docs Guild | src/Cli/StellaOps.Cli | Update CLI docs/examples for Vulnerability Explorer with compliance checklist and CI snippets. Dependencies: CLI-VULN-29-005. | CLI-VULN-29-005 | CLCI0108 |
| CLIENT-401-012 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Symbols Guild | `src/Symbols/StellaOps.Symbols.Client`, `src/Scanner/StellaOps.Scanner.Symbolizer` | Align with symbolizer regression fixtures | Align with symbolizer regression fixtures | RBSY0101 |
| COMPOSE-44-001 | DOING (dev-mock 2025-12-06) | 2025-12-06 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · DevEx Guild | ops/deployment | Author `docker-compose.yml`, `.env.example`, and `quickstart.sh` with all core services + dependencies (postgres, redis, object-store, queue, otel). | Waiting on consolidated service list/version pins from upstream module releases | DVCP0101 |
| COMPOSE-44-002 | TODO | | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild | ops/deployment | Implement `backup.sh` and `reset.sh` scripts with safety prompts and documentation. Dependencies: COMPOSE-44-001. | Depends on #1 | DVCP0101 |
| COMPOSE-44-003 | DOING (dev-mock 2025-12-06) | 2025-12-06 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild | ops/deployment | Package seed data container and onboarding wizard toggle (`QUICKSTART_MODE`), ensuring default creds randomized on first run. Dependencies: COMPOSE-44-002. | Needs RBRE0101 provenance | DVCP0101 |
| CONCELIER-AIAI-31-002 | DONE | 2025-11-18 | SPRINT_110_ingestion_evidence | Concelier Core · Concelier WebService Guilds | | Structured field/caching implementation gated on schema approval. | CONCELIER-GRAPH-21-001; CARTO-GRAPH-21-002 | DOAI0101 |
| CONCELIER-AIAI-31-003 | DONE | 2025-11-12 | SPRINT_110_ingestion_evidence | Docs Guild · Concelier Observability Guild | docs/modules/concelier/observability.md | Telemetry counters/histograms live for Advisory AI dashboards. | Summarize telemetry evidence | DOCO0101 |
| CONCELIER-AIRGAP-56-001 | DONE (2025-11-24) | | SPRINT_112_concelier_i | Concelier Core Guild | src/Concelier/StellaOps.Concelier.WebService/AirGap | Deterministic air-gap bundle builder with manifest + entry-trace hashes. | docs/runbooks/concelier-airgap-bundle-deploy.md | AGCN0101 |
| CONCELIER-AIRGAP-56-001..58-001 | DONE (2025-11-24) | | SPRINT_110_ingestion_evidence | Concelier Core Guild · Evidence Locker Guild | | Deterministic NDJSON bundle writer + manifest/entry-trace, validator, sealed-mode deploy runbook delivered. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ELOCKER-CONTRACT-2001 | AGCN0101 |
| CONCELIER-AIRGAP-56-002 | DONE (2025-11-24) | | SPRINT_112_concelier_i | Concelier Core Guild · AirGap Importer Guild | src/Concelier/StellaOps.Concelier.WebService/AirGap | Bundle validator (hash/order/entry-trace) and tests. | Delivered alongside 56-001 | AGCN0101 |
| CONCELIER-AIRGAP-57-001 | TODO | | SPRINT_112_concelier_i | Concelier Core Guild · AirGap Policy Guild | | Feature flag + policy that rejects non-mirror connectors with actionable diagnostics; depends on 56-001. | — | ATLN0102 |
| CONCELIER-AIRGAP-57-002 | TODO | | SPRINT_112_concelier_i | Concelier Core Guild · AirGap Time Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Compute `fetchedAt/publishedAt/clockSource` deltas per bundle and expose via observation APIs without mutating evidence; depends on 56-002. | Wait for AIRGAP-TIME-CONTRACT-1501 | CCAN0101 |
| CONCELIER-AIRGAP-58-001 | TODO | | SPRINT_112_concelier_i | Concelier Core Guild · Evidence Locker Guild | | Package advisory observations/linksets + provenance notes (document id + observationPath) into timeline-bound portable bundles with verifier instructions; depends on 57-002. | — | ATLN0102 |
| CONCELIER-ATTEST-73-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_110_ingestion_evidence | Concelier Core · Evidence Locker Guild | src/Concelier/StellaOps.Concelier.WebService | Attestation claims builder verified; Core/WebService attestation suites green (`TestResults/concelier-attestation/core.trx`, `web.trx`). | CONCELIER-AIAI-31-002; ELOCKER-CONTRACT-2001 | CCAN0101 |
| CONCELIER-ATTEST-73-002 | DONE (2025-11-25) | 2025-11-25 | SPRINT_110_ingestion_evidence | Concelier Core · Evidence Locker Guild | src/Concelier/StellaOps.Concelier.WebService | Internal `/internal/attestations/verify` endpoint validated end-to-end; TRX archived under `TestResults/concelier-attestation/web.trx`. | CONCELIER-AIAI-31-002; ELOCKER-CONTRACT-2001 | CCAN0101 |
| CONCELIER-CONSOLE-23-001 | TODO | | SPRINT_112_concelier_i | Concelier WebService Guild · BE-Base Platform Guild | | `/console/advisories` returns grouped linksets with per-source severity/status chips plus `{documentId, observationPath}` provenance references (matching GHSA + Red Hat CVE browser expectations); depends on CONCELIER-LNM-21-201/202. | — | ATLN0102 |
| CONCELIER-CONSOLE-23-001..003 | DONE (2025-11-25) | 2025-11-25 | SPRINT_110_ingestion_evidence | Concelier Console Guild | src/Concelier/StellaOps.Concelier.WebService | Console overlays wired to LNM schema; consumption contract published. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002 | CCLN0102 |
| CONCELIER-CONSOLE-23-002 | TODO | | SPRINT_112_concelier_i | Concelier WebService Guild | | Deterministic “new/modified/conflicting” sets referencing linkset IDs and field paths rather than computed verdicts; depends on 23-001. | — | ATLN0102 |
| CONCELIER-CONSOLE-23-003 | TODO | | SPRINT_112_concelier_i | Concelier WebService Guild | | CVE/GHSA/PURL lookups return observation excerpts, provenance anchors, and cache hints so tenants can preview evidence safely; reuse structured field taxonomy from Workstream A. | — | ATLN0102 |
| CONCELIER-CORE-AOC-19-013 | TODO | | SPRINT_112_concelier_i | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Expand smoke/e2e suites so Authority tokens + tenant headers are mandatory for ingest/read paths (including the new provenance endpoint). Must assert no merge-side effects and that provenance anchors always round-trip. | Must reference AOC guardrails from docs | AGCN0101 |
| CONCELIER-DOCS-0001 | DONE | 2025-11-05 | SPRINT_0317_0001_0001_docs_modules_concelier | Docs Guild | docs/modules/concelier | Validate that `docs/modules/concelier/README.md` reflects the latest release notes and aggregation toggles. | Reference (baseline) | CCDO0101 |
| CONCELIER-ENG-0001 | DONE | 2025-11-25 | SPRINT_0317_0001_0001_docs_modules_concelier | Module Team · Concelier Guild | docs/modules/concelier | Cross-check implementation plan milestones against `/docs/implplan/SPRINT_*.md` and update module readiness checkpoints. | Wait for CCPR0101 validation | CCDO0101 |
| CONCELIER-GRAPH-21-001 | DONE | 2025-11-18 | SPRINT_113_concelier_ii | Concelier Core · Cartographer Guilds | src/Concelier/__Libraries/StellaOps.Concelier.Core | Extend SBOM normalization so every relationship (depends_on, contains, provides) and scope tag is captured as raw observation metadata with provenance pointers; Cartographer can then join SBOM + advisory facts without Concelier inferring impact. | Waiting on Cartographer schema (052_CAGR0101) | AGCN0101 |
| CONCELIER-GRAPH-21-002 | DONE | 2025-11-22 | SPRINT_113_concelier_ii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Publish `sbom.observation.updated` events whenever new SBOM versions arrive, including tenant/context metadata and advisory references—never send judgments, only facts. Depends on CONCELIER-GRAPH-21-001. | Depends on #5 outputs | AGCN0101 |
| CONCELIER-GRAPH-24-101 | TODO | | SPRINT_113_concelier_ii | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Provide `/advisories/summary` responses that bundle observation/linkset metadata (aliases, confidence, conflicts) for graph overlays while keeping upstream values intact. Depends on CONCELIER-GRAPH-21-002. | Wait for CAGR0101 + storage migrations | CCGH0101 |
| CONCELIER-GRAPH-28-102 | TODO | | SPRINT_113_concelier_ii | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Add batch fetch endpoints keyed by component sets so graph tooltips can pull raw observations/linksets efficiently; include provenance + timestamps but no derived severity. Depends on CONCELIER-GRAPH-24-101. | Depends on #1 | CCGH0101 |
| CONCELIER-LNM-21-001 | DONE | 2025-11-17 | SPRINT_113_concelier_ii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Define the immutable `advisory_observations` model (per-source fields, version ranges, severity text, provenance metadata, tenant guards) so every ingestion path records raw statements without merge artifacts. | Needs Link-Not-Merge approval (005_ATLN0101) | AGCN0101 |
| CONCELIER-LNM-21-002 | DONE | 2025-11-22 | SPRINT_113_concelier_ii | Concelier Core Guild · Data Science Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Implement correlation pipelines (alias graph, purl overlap, CVSS vector compare) that output linksets with confidence scores + conflict markers, never collapsing conflicting facts into single values. Depends on CONCELIER-LNM-21-001. | Depends on #7 for precedence rules | AGCN0101 |
| CONCELIER-LNM-21-003 | DONE | 2025-11-22 | SPRINT_0113_0001_0002_concelier_ii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Record disagreements (severity, CVSS, references) on linksets as structured conflict entries so consumers can reason about divergence without Concelier resolving it. Depends on CONCELIER-LNM-21-002. | Completed | AGCN0101 |
| CONCELIER-LNM-21-004 | DONE | 2025-11-27 | SPRINT_0113_0001_0002_concelier_ii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Delete legacy merge/dedup logic, add guardrails/tests to keep ingestion append-only, and document how linksets supersede the old merge outputs. Depends on CONCELIER-LNM-21-003. | Completed | AGCN0101 |
| CONCELIER-LNM-21-005 | DONE | 2025-11-27 | SPRINT_0113_0001_0002_concelier_ii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Emit `advisory.linkset.updated` events containing delta descriptions + observation ids so downstream evaluators can subscribe deterministically. Depends on CONCELIER-LNM-21-004. | Completed | CCCO0101 |
| CONCELIER-LNM-21-101 | DONE | 2025-11-27 | SPRINT_0113_0001_0002_concelier_ii | Concelier Storage Guild | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | Provision the Mongo collections (`advisory_observations`, `advisory_linksets`) with hashed shard keys, tenant indexes, and TTL for ingest metadata to support Link-Not-Merge at scale. Depends on CONCELIER-LNM-21-005. | Completed | CCLN0101 |
| CONCELIER-LNM-21-102 | DONE | 2025-11-28 | SPRINT_0113_0001_0002_concelier_ii | Concelier Storage Guild · DevOps Guild | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | Backfill legacy merged advisories into the new observation/linkset collections, seed tombstones for deprecated docs, and provide rollback tooling for Offline Kit operators. Depends on CONCELIER-LNM-21-101. | Completed | CCLN0101 |
| CONCELIER-LNM-21-103 | TODO | | SPRINT_113_concelier_ii | Concelier Storage Guild (src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo) | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | Move large raw payloads to object storage with deterministic pointers, update bootstrapper/offline kit seeds, and guarantee provenance metadata remains intact. Depends on CONCELIER-LNM-21-102. | — | ATLN0101 |
| CONCELIER-LNM-21-201 | TODO | | SPRINT_113_concelier_ii | Concelier WebService Guild · Platform Guild | src/Concelier/StellaOps.Concelier.WebService | Add `/advisories/observations` with filters for alias/purl/source plus strict tenant scopes; responses must only echo upstream values + provenance fields. Depends on CONCELIER-LNM-21-103. | Wait for storage sprint (CCLN0101) | CCLN0102 |
| CONCELIER-LNM-21-202 | TODO | | SPRINT_113_concelier_ii | Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | Implement `/advisories/linksets`/`export`/`evidence` endpoints surfacing correlation + conflict payloads and `ERR_AGG_*` error mapping, never exposing synthesis/merge results. Depends on CONCELIER-LNM-21-201. | — | ATLN0101 |
| CONCELIER-LNM-21-203 | TODO | | SPRINT_113_concelier_ii | Concelier WebService Guild, Platform Events Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | Publish idempotent NATS/Redis events for new observations/linksets with schemas documented for downstream consumers; include tenant + provenance references only. Depends on CONCELIER-LNM-21-202. | — | ATLN0101 |
| CONCELIER-OAS-61-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core + API Contracts Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Update the OpenAPI spec so every observation/linkset/timeline endpoint documents provenance fields, tenant scopes, and AOC guarantees (no consensus fields), giving downstream SDKs unambiguous contracts. | Wait for CCPR0101 policy updates | CCOA0101 |
| CONCELIER-OAS-61-002 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Provide realistic examples (conflict linksets, multi-source severity, timeline snippets) showing how raw advisories are surfaced without merges; wire them into docs/SDKs. Depends on CONCELIER-OAS-61-001. | Depends on #1 | CCOA0101 |
| CONCELIER-OAS-62-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core + SDK Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Add SDK scenarios covering advisory search, pagination, and conflict handling to ensure each language client preserves provenance fields and does not infer verdicts. Depends on CONCELIER-OAS-61-002. | Needs SDK requirements from CLSB0101 | CCOA0101 |
| CONCELIER-OBS-51-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild · DevOps Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Emit ingestion latency, queue depth, and AOC violation metrics with burn-rate alerts so we can prove the evidence pipeline remains healthy without resorting to heuristics. | Wait for 046_TLTY0101 metric schema drop | CNOB0101 |
| CONCELIER-OBS-52-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Produce timeline records for ingest/normalization/linkset updates containing trace IDs, conflict summaries, and evidence hashes—pure facts for downstream replay. Depends on CONCELIER-OBS-51-001. | Needs #1 merged to reuse structured logging helpers | CNOB0101 |
| CONCELIER-OBS-53-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild · Evidence Locker Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Generate evidence locker bundles (raw doc, normalization diff, linkset) with Merkle manifests so audits can replay advisory history without touching live Mongo. Depends on CONCELIER-OBS-52-001. | Requires Evidence Locker contract from 002_ATEL0101 | CNOB0101 |
| CONCELIER-OBS-54-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild · Provenance Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Attach DSSE attestations to advisory batches, expose verification APIs, and link attestation IDs into timeline + ledger for transparency. Depends on CONCELIER-OBS-53-001. | Blocked by Link-Not-Merge schema finalization (005_ATLN0101) | CNOB0101 |
| CONCELIER-OBS-55-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild · DevOps Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Implement incident-mode levers (extra sampling, retention overrides, redaction guards) that collect more raw evidence without mutating advisory content. Depends on CONCELIER-OBS-54-001. | Depends on #4 for consistent dimensions | CNOB0101 |
| CONCELIER-OPS-0001 | DONE | 2025-11-25 | SPRINT_0317_0001_0001_docs_modules_concelier | Ops Guild | docs/modules/concelier | Review runbooks/observability assets after the next sprint demo and capture findings inline with sprint notes. | Depends on #2 | CCDO0101 |
| CONCELIER-ORCH-32-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Register every advisory connector with the orchestrator (metadata, auth scopes, rate policies) so ingest scheduling is transparent and reproducible. | Wait for CCAN0101 outputs | CCCO0101 |
| CONCELIER-ORCH-32-002 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Adopt the orchestrator worker SDK in ingestion loops, emitting heartbeats/progress/artifact hashes to guarantee deterministic replays. Depends on CONCELIER-ORCH-32-001. | Depends on #1 | CCCO0101 |
| CONCELIER-ORCH-33-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Honor orchestrator pause/throttle/retry controls with structured error outputs and persisted checkpoints so operators can intervene without losing evidence. Depends on CONCELIER-ORCH-32-002. | Needs ORTR0102 cues | CCCO0101 |
| CONCELIER-ORCH-34-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Execute orchestrator-driven backfills that reuse artifact hashes/signatures, log provenance, and push run metadata to the ledger for audits. Depends on CONCELIER-ORCH-33-001. | Depends on #3 | CCCO0101 |
| CONCELIER-POLICY-20-001 | TODO | | SPRINT_114_concelier_iii | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Provide batch advisory lookup APIs for Policy Engine (purl/advisory filters, tenant scopes, explain metadata) so policy can join raw evidence without Concelier suggesting outcomes. | Wait for storage sprint | CCPR0101 |
| CONCELIER-POLICY-20-002 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild · Policy Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Expand linkset builders with vendor-specific equivalence tables, NEVRA/PURL normalization, and version-range parsing so policy joins become more accurate without Concelier prioritizing sources. Depends on CONCELIER-POLICY-20-001. | Depends on #1 | CCPR0101 |
| CONCELIER-POLICY-20-003 | TODO | | SPRINT_115_concelier_iv | Concelier Storage Guild | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | Introduce advisory selection cursors + change-stream checkpoints that let Policy Engine process deltas deterministically; include offline migration scripts. Depends on CONCELIER-POLICY-20-002. | Depends on #2 | CCPR0101 |
| CONCELIER-POLICY-23-001 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Add secondary indexes/materialized views (alias, provider severity, correlation confidence) so policy lookups stay fast without caching derived verdicts; document the supported query patterns. Depends on CONCELIER-POLICY-20-003. | Needs RISK series seeds | CCPR0101 |
| CONCELIER-POLICY-23-002 | TODO | | SPRINT_115_concelier_iv | Concelier WebService Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Ensure `advisory.linkset.updated` events ship with idempotent IDs, confidence summaries, and tenant metadata so policy consumers can replay evidence feeds safely. Depends on CONCELIER-POLICY-23-001. | Depends on #4 | CCPR0101 |
| CONCELIER-RISK-66-001 | BLOCKED | 2025-11-23 | SPRINT_115_concelier_iv | Concelier Core · Risk Engine Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Surface vendor-provided CVSS/KEV/fix data exactly as published (with provenance anchors) through provider APIs so risk engines can reason about upstream intent. | POLICY-20-001 outputs; AUTH-TEN-47-001; shared signals library adoption | CCPR0101 |
| CONCELIER-RISK-66-002 | BLOCKED | 2025-11-23 | SPRINT_115_concelier_iv | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Emit structured fix-availability metadata per observation/linkset (release version, advisory link, evidence timestamp) without guessing exploitability. Depends on CONCELIER-RISK-66-001. | CONCELIER-RISK-66-001 | CCPR0101 |
| CONCELIER-RISK-67-001 | BLOCKED | 2025-11-23 | SPRINT_115_concelier_iv | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Publish per-source coverage/conflict metrics (counts, disagreements) so explainers can cite which upstream statements exist; no weighting is applied inside Concelier. Depends on CONCELIER-RISK-66-001. | CONCELIER-RISK-66-001 | CCPR0101 |
| CONCELIER-RISK-68-001 | BLOCKED | 2025-11-23 | SPRINT_115_concelier_iv | Concelier Core + Policy Studio Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Wire advisory signal pickers into Policy Studio so curators can select which raw advisory fields feed policy gating; validation must confirm fields are provenance-backed. Depends on POLICY-RISK-68-001. | POLICY-RISK-68-001; CONCELIER-RISK-66-001 | CCPR0101 |
| CONCELIER-RISK-69-001 | BLOCKED | 2025-11-23 | SPRINT_115_concelier_iv | Concelier Core + Notifications Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Emit notifications when upstream advisory fields change (e.g., fix available) with observation IDs + provenance so Notifications service can alert without inferring severity. Depends on CONCELIER-RISK-66-002. | CONCELIER-RISK-66-002; Notifications contract | CCPR0101 |
| CONCELIER-SIG-26-001 | BLOCKED | 2025-11-23 | SPRINT_115_concelier_iv | Concelier Core + Signals Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Expose upstream-provided affected symbol/function lists via APIs to help reachability scoring; maintain provenance and do not infer exploitability. Depends on SIGNALS-24-002. | SIGNALS-24-002 | CCCO0101 |
| CONCELIER-STORE-AOC-19-005 | TODO | 2025-11-04 | SPRINT_115_concelier_iv | Concelier Storage Guild · DevOps Guild | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | Execute the raw-linkset backfill/rollback plan (`docs/dev/raw-linkset-backfill-plan.md`) so Mongo + Offline Kit bundles reflect Link-Not-Merge data; rehearse rollback. Depends on CONCELIER-CORE-AOC-19-004. | Wait for CCLN0101 approval | CCSM0101 |
| CONCELIER-TEN-48-001 | BLOCKED | 2025-11-23 | SPRINT_115_concelier_iv | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Enforce tenant scoping throughout normalization/linking, expose capability endpoint advertising `merge=false`, and ensure events include tenant IDs. Depends on AUTH-TEN-47-001. | AUTH-TEN-47-001; POLICY chain | CCCO0101 |
| CONCELIER-VEXLENS-30-001 | BLOCKED | 2025-11-23 | SPRINT_115_concelier_iv | Concelier WebService Guild · VEX Lens Guild | src/Concelier/StellaOps.Concelier.WebService | Guarantee advisory key consistency and cross-links consumed by VEX Lens so consensus explanations can cite Concelier evidence without requesting merges. Depends on CONCELIER-VULN-29-001, VEXLENS-30-005. | VEXLENS-30-005 | PLVL0103 |
| CONCELIER-VULN-29-004 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild · Observability Guild | src/Concelier/StellaOps.Concelier.WebService | Instrument observation/linkset pipelines with metrics for identifier collisions, withdrawn statements, and chunk latencies; stream them to Vuln Explorer without altering evidence payloads. Depends on CONCELIER-VULN-29-001. | Requires CCPR0101 risk feed | CCWO0101 |
| CONCELIER-WEB-AIRGAP-56-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild · AirGap Policy Guild | src/Concelier/StellaOps.Concelier.WebService | Extend ingestion endpoints to register mirror bundle sources, expose bundle catalogs, and enforce sealed-mode by blocking direct internet feeds. | Wait for AGCN0101 proof | CCAW0101 |
| CONCELIER-WEB-AIRGAP-56-002 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild · AirGap Importer Guild | src/Concelier/StellaOps.Concelier.WebService | Add staleness + bundle provenance metadata to `/advisories/observations` and `/advisories/linksets` so operators can see freshness without Excitior deriving outcomes. Depends on CONCELIER-WEB-AIRGAP-56-001. | Depends on #1 | CCAW0101 |
| CONCELIER-WEB-AIRGAP-57-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Map sealed-mode violations to consistent `AIRGAP_EGRESS_BLOCKED` payloads that explain how to remediate, leaving advisory content untouched. Depends on CONCELIER-WEB-AIRGAP-56-002. | Needs CCAN0101 time beacons | CCAW0101 |
| CONCELIER-WEB-AIRGAP-58-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild · Evidence Locker Guild | src/Concelier/StellaOps.Concelier.WebService | Emit timeline events for bundle imports (bundle ID, scope, actor) so audit trails capture every evidence change. Depends on CONCELIER-WEB-AIRGAP-57-001. | Depends on #3 | CCAW0101 |
| CONCELIER-WEB-AOC-19-003 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Add unit tests for schema validators, forbidden-field guards (`ERR_AOC_001/2/6/7`), and supersedes chains to keep ingestion append-only. Depends on CONCELIER-WEB-AOC-19-002. | Wait for CCSM0101 migration | CCAO0101 |
| CONCELIER-WEB-AOC-19-004 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Create integration tests that ingest large advisory batches (cold/warm), verify reproducible linksets, and record metrics/fixtures for Offline Kit rehearsals. Depends on CONCELIER-WEB-AOC-19-003. | Depends on #1 | CCAO0101 |
| CONCELIER-WEB-AOC-19-005 | TODO | 2025-11-08 | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Fix `/advisories/{key}/chunks` test data so pre-seeded raw docs resolve correctly; ensure Mongo migrations stop logging “Unable to locate advisory_raw documents” during tests. Depends on CONCELIER-WEB-AOC-19-002. | Needs CCPR0101 verdict feed | CCAO0101 |
| CONCELIER-WEB-AOC-19-006 | TODO | 2025-11-08 | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Align default auth/tenant configs with the test fixtures so allowlisted tenants can ingest before forbidden tenants are rejected, closing the gap in `AdvisoryIngestEndpoint_RejectsTenantOutsideAllowlist`. Depends on CONCELIER-WEB-AOC-19-002. | Depends on #3 | CCAO0101 |
| CONCELIER-WEB-AOC-19-007 | TODO | 2025-11-08 | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Update AOC verify logic so guard failures emit `ERR_AOC_001` (not `_004`) and keep mapper/guard parity covered by regression tests. Depends on CONCELIER-WEB-AOC-19-002. | Depends on #4 | CCAO0101 |
| CONCELIER-WEB-OAS-61-002 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Ensure every API returns the standardized error envelope and update controllers/tests accordingly (prereq for SDK/doc alignment). | Wait for CCOA0101 spec | CCWO0101 |
| CONCELIER-WEB-OAS-62-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Publish curated examples for observations/linksets/conflicts and wire them into the developer portal. Depends on CONCELIER-WEB-OAS-61-002. | Depends on #1 | CCWO0101 |
| CONCELIER-WEB-OAS-63-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild · API Governance Guild | src/Concelier/StellaOps.Concelier.WebService | Emit deprecation headers + notifications for retiring endpoints, steering clients toward Link-Not-Merge APIs. Depends on CONCELIER-WEB-OAS-62-001. | Needs governance approval | CCWO0101 |
| CONCELIER-WEB-OBS-51-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Add `/obs/concelier/health` surfaces for ingest health, queue depth, and SLO status so Console widgets can display real-time evidence pipeline stats. Depends on CONCELIER-WEB-OBS-50-001. | Need telemetry schema baseline from 046_TLTY0101 | CNOB0102 |
| CONCELIER-WEB-OBS-52-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Provide SSE stream `/obs/concelier/timeline` with paging tokens, guardrails, and audit logging so operators can monitor evidence changes live. Depends on CONCELIER-WEB-OBS-51-001. | Requires #1 merged so we reuse correlation IDs | CNOB0102 |
| CONCELIER-WEB-OBS-53-001 | TODO | | SPRINT_117_concelier_vi | Concelier WebService Guild · Evidence Locker Guild | src/Concelier/StellaOps.Concelier.WebService | Add `/evidence/advisories/*` routes that proxy evidence locker snapshots, verify `evidence:read` scopes, and return signed manifest metadata—no shortcut paths into raw storage. Depends on CONCELIER-WEB-OBS-52-001. | Blocked on Evidence Locker DSSE feed (002_ATEL0101) | CNOB0102 |
| CONCELIER-WEB-OBS-54-001 | TODO | | SPRINT_117_concelier_vi | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Provide `/attestations/advisories/*` endpoints surfacing DSSE status, verification summary, and provenance chain so CLI/Console can audit trust without hitting databases. Depends on CONCELIER-WEB-OBS-53-001. | Depends on Link-Not-Merge schema (005_ATLN0101) | CNOB0102 |
| CONCELIER-WEB-OBS-55-001 | TODO | | SPRINT_117_concelier_vi | Concelier WebService Guild · DevOps Guild | src/Concelier/StellaOps.Concelier.WebService | Implement incident-mode APIs that coordinate ingest, locker, and orchestrator, capturing activation events + cooldown semantics but leaving evidence untouched. Depends on CONCELIER-WEB-OBS-54-001. | Needs #4 to finalize labels | CNOB0102 |
| CONN-SUSE-01-003 | Team Excititor Connectors SUSE | | SPRINT_0120_0001_0002_excititor_ii | Connector Guild (SUSE) | src/Excititor/__Libraries/StellaOps.Excititor.Connectors.SUSE.RancherVEXHub | EXCITITOR-CONN-SUSE-01-002; EXCITITOR-POLICY-01-001 | EXCITITOR-CONN-SUSE-01-002; EXCITITOR-POLICY-01-001 | EXCN0102 |
| CONN-TRUST-01-001 | DONE (2025-11-22) | 2025-11-22 | SPRINT_110_ingestion_evidence | Excititor + AirGap Guilds | | Connector trust + air-gap ingest delivered against frozen schema. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | EXCN0102 |
| CONN-UBUNTU-01-003 | Team Excititor Connectors Ubuntu | | SPRINT_0120_0001_0002_excititor_ii | Connector Guild (Ubuntu) | src/Excititor/__Libraries/StellaOps.Excititor.Connectors.Ubuntu.CSAF | EXCITITOR-CONN-UBUNTU-01-002; EXCITITOR-POLICY-01-001 | EXCITITOR-CONN-UBUNTU-01-002; EXCITITOR-POLICY-01-001 | EXCN0102 |
| CONSENSUS-LENS-DOCS-0001 | TODO | | SPRINT_332_docs_modules_vex_lens | Docs Guild | docs/modules/vex-lens | Wait for CCSL0101 panel demo | Wait for CCSL0101 panel demo | CCDL0101 |
| CONSENSUS-LENS-DOCS-0002 | TODO | 2025-11-05 | SPRINT_332_docs_modules_vex_lens | Docs Guild | docs/modules/vex-lens | Depends on #1 | Depends on #1 | CCDL0101 |
| CONSENSUS-LENS-ENG-0001 | TODO | | SPRINT_332_docs_modules_vex_lens | Module Team | docs/modules/vex-lens | Needs CCWO0101 schema | Needs CCWO0101 schema | CCDL0101 |
| CONSENSUS-LENS-OPS-0001 | TODO | | SPRINT_332_docs_modules_vex-lens | Ops Guild | docs/modules/vex-lens | Depends on #3 | Depends on #3 | CCDL0101 |
| CONSOLE-23-001 | TODO | | SPRINT_112_concelier_i | Console Guild | src/Console/StellaOps.Console | Wait for CCWO0101 schema | Wait for CCWO0101 schema | CCSL0101 |
| CONSOLE-23-001..003 | DONE (2025-11-25) | 2025-11-25 | SPRINT_110_ingestion_evidence | Console Guild | src/Console/StellaOps.Console | Console overlays wired to LNM schema; fixtures published. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002 | CCSL0101 |
| CONSOLE-23-002 | TODO | | SPRINT_112_concelier_i | Console Guild | src/Console/StellaOps.Console | Needs LNM graph (CCGH0101) | Needs LNM graph (CCGH0101) | CCSL0101 |
| CONSOLE-23-003 | TODO | | SPRINT_112_concelier_i | Console Guild | src/Console/StellaOps.Console | Depends on #3 | Depends on #3 | CCSL0101 |
| CONSOLE-23-004 | TODO | | SPRINT_0212_0001_0001_web_i | Console Guild | src/Web/StellaOps.Web | Requires CCPR0101 verdicts | Requires CCPR0101 verdicts | CCSL0101 |
| CONSOLE-23-005 | TODO | | SPRINT_0212_0001_0001_web_i | Console Guild | src/Web/StellaOps.Web | Depends on #5 | Depends on #5 | CCSL0101 |
| CONSOLE-OBS-52-001 | TODO | | SPRINT_303_docs_tasks_md_iii | Console Ops Guild | docs/modules/ui | Needs TLTY0101 metrics | Needs TLTY0101 metrics | CCSL0101 |
| CONSOLE-OBS-52-002 | TODO | | SPRINT_303_docs_tasks_md_iii | Console Ops Guild | docs/modules/ui | Depends on #7 | Depends on #7 | CCSL0101 |
| CONSOLE-VEX-30-001 | BLOCKED (2025-12-04) | 2025-12-04 | SPRINT_0212_0001_0001_web_i | Console Guild · VEX Lens Guild | src/Web/StellaOps.Web | Provide `/console/vex/*` APIs streaming VEX statements, justification summaries, and advisory links with SSE refresh hooks. Dependencies: WEB-CONSOLE-23-001 (done 2025-11-28), EXCITITOR-CONSOLE-23-001 (done 2025-11-23); awaiting VEX Lens spec PLVL0103 and SSE envelope validation from Scheduler/Signals alignment. | Needs VEX Lens spec (PLVL0103) | CCSL0101 |
| CONSOLE-VULN-29-001 | BLOCKED (2025-12-04) | 2025-12-04 | SPRINT_0212_0001_0001_web_i | Console Guild | src/Web/StellaOps.Web | Build `/console/vuln/*` APIs and filters surfacing tenant-scoped findings with policy/VEX badges so Docs/UI teams can document workflows. Dependencies: WEB-CONSOLE-23-001 (done 2025-11-28); waiting on Concelier graph schema snapshot from 2025-12-03 freeze review. | Depends on CCWO0101 | CCSL0101 |
| CONTAINERS-44-001 | DONE | 2025-11-18 | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild | src/Web/StellaOps.Web | Wait for DVCP0101 compose template | Wait for DVCP0101 compose template | COWB0101 |
| CONTAINERS-45-001 | DONE | 2025-11-19 | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild | src/Web/StellaOps.Web | Depends on #1 | Depends on #1 | COWB0101 |
| CONTAINERS-46-001 | DONE | 2025-11-19 | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild | src/Web/StellaOps.Web | Needs RBRE0101 hashes | Needs RBRE0101 hashes | COWB0101 |
| CONTRIB-62-001 | TODO | | SPRINT_303_docs_tasks_md_iii | Docs Guild · API Governance Guild | docs/api | Wait for CCWO0101 spec finalization | Wait for CCWO0101 spec finalization | APID0101 |
| CORE-185-001 | TODO | | SPRINT_0185_0001_0001_shared_replay_primitives | Platform Guild | `src/__Libraries/StellaOps.Replay.Core` | Wait for SGSI0101 feed | Wait for SGSI0101 feed | RLRC0101 |
| CORE-185-002 | TODO | | SPRINT_0185_0001_0001_shared_replay_primitives | Platform Guild | src/__Libraries/StellaOps.Replay.Core | Depends on #1 | Depends on #1 | RLRC0101 |
| CORE-185-003 | TODO | | SPRINT_0185_0001_0001_shared_replay_primitives | Platform Data Guild | src/__Libraries/StellaOps.Replay.Core | Depends on #2 | Depends on #2 | RLRC0101 |
| CORE-186-004 | TODO | | SPRINT_0186_0001_0001_record_deterministic_execution | Signing Guild | `src/Signer/StellaOps.Signer`, `src/__Libraries/StellaOps.Cryptography` | Wait for RLRC0101 schema | Wait for RLRC0101 schema | SIGR0101 |
| CORE-186-005 | TODO | | SPRINT_0186_0001_0001_record_deterministic_execution | Signing Guild | `src/Signer/StellaOps.Signer.Core` | Depends on #1 | Depends on #1 | SIGR0101 |
| CORE-41-001 | TODO | | SPRINT_0202_0001_0002_cli_ii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Wait for CASC0101 manifest | Wait for CASC0101 manifest | CLCI0110 |
| CORE-AOC-19-002 | TODO | | SPRINT_0120_0001_0002_excititor_ii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Wait for ATLN schema freeze | Wait for ATLN schema freeze | EXAC0101 |
| CORE-AOC-19-003 | TODO | | SPRINT_0120_0001_0002_excititor_ii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Depends on #1 | Depends on #1 | EXAC0101 |
| CORE-AOC-19-004 | TODO | | SPRINT_0120_0001_0002_excititor_ii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Depends on #2 | Depends on #2 | EXAC0101 |
| CORE-AOC-19-013 | TODO | | SPRINT_112_concelier_i | Concelier Core Guild + Excititor | src/Concelier/__Libraries/StellaOps.Concelier.Core | Needs CCAN0101 DSSE output | Needs CCAN0101 DSSE output | EXAC0101 |
| CRT-56-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator Guild | | Wait for PGMI0101 owner | Wait for PGMI0101 owner | MRCR0101 |
| CRT-56-002 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator · Security Guilds | | Depends on #1 | MIRROR-CRT-56-001; PROV-OBS-53-001 | MRCR0101 |
| CRT-57-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator Guild · AirGap Time Guild | | Needs AIRGAP-TIME-57-001 | MIRROR-CRT-56-001; AIRGAP-TIME-57-001 | MRCR0101 |
| CRT-57-002 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator Guild | | Depends on #3 | MIRROR-CRT-56-001; AIRGAP-TIME-57-001 | MRCR0101 |
| CRT-58-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator + Evidence Locker | | Requires Evidence Locker contract | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | MRCR0101 |
| CRT-58-002 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator + Security Guild | | Depends on #5 | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | MRCR0101 |
| CRYPTO-90-001 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | | | CRSA0101 |
| CRYPTO-90-002 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | | | CRSA0101 |
| CRYPTO-90-003 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | | | CRSA0101 |
| CRYPTO-90-004 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | | | CRSA0101 |
| CRYPTO-90-005 | DONE | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | | | CRSA0101 |
| CRYPTO-90-006 | DONE | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | | | CRSA0101 |
| CRYPTO-90-007 | DONE | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | | | CRSA0101 |
| CRYPTO-90-008 | DONE | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | | | CRSA0101 |
| CRYPTO-90-009 | DONE | 2025-11-09 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro) | src/__Libraries.StellaOps.Cryptography.Plugin.CryptoPro | | | CRSA0101 |
| CRYPTO-90-010 | DONE | 2025-11-09 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography + .DependencyInjection) | src/__Libraries.StellaOps.Cryptography + .DependencyInjection | | | CRSA0101 |
| CRYPTO-90-011 | DONE | 2025-11-09 | SPRINT_514_sovereign_crypto_enablement | Security & Ops Guilds (src/Tools/StellaOps.CryptoRu.Cli) | src/Tools/StellaOps.CryptoRu.Cli | | | CRSA0101 |
| CRYPTO-90-012 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/__Tests/StellaOps.Cryptography.Tests) | src/__Libraries/__Tests.StellaOps.Cryptography.Tests | | | CRSA0101 |
| CRYPTO-90-013 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries.StellaOps.Cryptography | | | CRSA0101 |
| CRYPTO-90-014 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security + Service Guilds | | Wait for AUIN0101 sign-off | Wait for AUIN0101 sign-off | CRYO0101 |
| CRYPTO-90-015 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security + Docs Guild | docs/security/rootpack_ru_*.md | Depends on #1 | Depends on #1 | CRYO0101 |
| CRYPTO-90-016 | DONE | 2025-11-09 | SPRINT_514_sovereign_crypto_enablement | Security Guild | src/__Libraries/StellaOps.Cryptography.DependencyInjection + .Plugin.CryptoPro | Reference (artifact) | Reference (artifact) | CRYO0101 |
| CRYPTO-90-017 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security Guild | third_party/forks + src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro | Needs fork sync | Needs fork sync | CRYO0101 |
| CRYPTO-90-018 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security + Docs Guild | docs/security/rootpack_ru_*.md, docs/dev/crypto.md | Depends on #4 | Depends on #4 | CRYO0101 |
| CRYPTO-90-019 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security Guild | third_party/forks/AlexMAS.GostCryptography | Needs fork validation | Needs fork validation | CRYO0101 |
| CRYPTO-90-020 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security Guild | src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro | Depends on #6 | Depends on #6 | CRYO0101 |
| CRYPTO-90-021 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security + QA Guilds | scripts/crypto/**, docs/security/rootpack_ru_validation.md | Depends on #7 | Depends on #7 | CRYO0101 |
| CTL-56-001 | TODO | | SPRINT_510_airgap | AirGap Controller Guild | src/AirGap/StellaOps.AirGap.Controller | Wait for AGTM0101 schema | Wait for AGTM0101 schema | AGCT0102 |
| CTL-56-002 | TODO | | SPRINT_510_airgap | Controller + DevOps Guilds | src/AirGap/StellaOps.AirGap.Controller | Depends on #1 | Depends on #1 | AGCT0102 |
| CTL-57-001 | TODO | | SPRINT_510_airgap | Controller + Time Guild | src/AirGap/StellaOps.AirGap.Controller | Needs AGTM time anchors | Needs AGTM time anchors | AGCT0102 |
| CTL-57-002 | TODO | | SPRINT_510_airgap | Controller + Observability Guild | src/AirGap/StellaOps.AirGap.Controller | Depends on #3 | Depends on #3 | AGCT0102 |
| CTL-58-001 | TODO | | SPRINT_510_airgap | Controller + Evidence Locker Guild | src/AirGap/StellaOps.AirGap.Controller | Depends on #4 | Depends on #4 | AGCT0102 |
| DEPLOY-AIAI-31-001 | TODO | | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Advisory AI Guild | ops/deployment | Provide Helm/Compose manifests, GPU toggle, scaling/runbook, and offline kit instructions for Advisory AI service + inference container. | Wait for DVCP0101 compose template | DVPL0101 |
| DEPLOY-AIRGAP-46-001 | TODO | | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Offline Kit Guild | ops/deployment | Provide instructions and scripts (`load.sh`) for importing air-gap bundle into private registry; update Offline Kit guide. | Requires #1 artifacts | AGDP0101 |
| DEPLOY-CLI-41-001 | TODO | | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · CLI Guild | ops/deployment | Package CLI release artifacts (tarballs per OS/arch, checksums, signatures, completions, container image) and publish distribution docs. | Wait for CLI observability schema (035_CLCI0105) | AGDP0101 |
| DEPLOY-COMPOSE-44-001 | DOING (dev-mock 2025-12-06) | 2025-12-06 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild | ops/deployment | Finalize Quickstart scripts (`quickstart.sh`, `backup.sh`, `reset.sh`), seed data container, and publish README with imposed rule reminder. | Depends on #1 | DVPL0101 |
| DEPLOY-EXPORT-35-001 | BLOCKED | 2025-10-29 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Export Center Guild | ops/deployment | Package exporter service/worker Helm overlays (download-only), document rollout/rollback, and integrate signing KMS secrets. | Need exporter DSSE API (002_ATEL0101) | AGDP0101 |
| DEPLOY-EXPORT-36-001 | TODO | | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Export Center Guild | ops/deployment | Document OCI/object storage distribution workflows, registry credential automation, and monitoring hooks for exports. Dependencies: DEPLOY-EXPORT-35-001. | Depends on #4 deliverables | AGDP0101 |
| DEPLOY-HELM-45-001 | TODO | | SPRINT_0501_0001_0001_ops_deployment_i | Deployment + Security Guilds | ops/deployment | Publish Helm install guide and sample values for prod/airgap; integrate with docs site build. | Needs helm chart schema | DVPL0101 |
| DEPLOY-NOTIFY-38-001 | TODO | 2025-10-29 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment + Notify Guilds | ops/deployment | Package notifier API/worker Helm overlays (email/chat/webhook), secrets templates, rollout guide. | Depends on #3 | DVPL0101 |
| DEPLOY-ORCH-34-001 | DOING (dev-mock 2025-12-06) | 2025-12-05 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Orchestrator Guild | ops/deployment | Provide orchestrator Helm/Compose manifests, scaling defaults, secret templates, offline kit instructions, and GA rollout/rollback playbook. | Requires ORTR0101 readiness | AGDP0101 |
| DEPLOY-PACKS-42-001 | DOING (dev-mock 2025-12-06) | 2025-12-06 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Packs Registry Guild | ops/deployment | Provide deployment manifests for packs-registry and task-runner services, including Helm/Compose overlays, scaling defaults, and secret templates. | Wait for pack registry schema | AGDP0101 |
| DEPLOY-PACKS-43-001 | DOING (dev-mock 2025-12-06) | 2025-12-06 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Task Runner Guild | ops/deployment | Ship remote Task Runner worker profiles, object storage bootstrap, approval workflow integration, and Offline Kit packaging instructions. Dependencies: DEPLOY-PACKS-42-001. | Needs #7 artifacts | AGDP0101 |
| DEPLOY-POLICY-27-001 | DOING (dev-mock 2025-12-06) | 2025-12-05 | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild · Policy Registry Guild | ops/deployment | Produce Helm/Compose overlays for Policy Registry + simulation workers, including Mongo migrations, object storage buckets, signing key secrets, and tenancy defaults. | Needs registry schema + secrets | AGDP0101 |
| DEPLOY-POLICY-27-002 | DOING (draft 2025-12-06) | 2025-12-06 | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment Guild · Policy Guild | ops/deployment | Drafted `docs/runbooks/policy-incident.md` (publish/promote, freeze, evidence); finalize once DEPLOY-POLICY-27-001 ships schema/digests. | Depends on 27-001 | AGDP0101 |
| DEPLOY-VEX-30-001 | DOING (dev-mock 2025-12-06) | 2025-12-06 | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment + VEX Lens Guild | ops/deployment | Mock-ready runbook added (`docs/runbooks/vex-ops.md`); awaiting schema/digests for final Helm/Compose overlays. | Wait for CCWO0101 schema | DVPL0101 |
| DEPLOY-VEX-30-002 | DOING (dev-mock 2025-12-06) | 2025-12-06 | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment Guild | ops/deployment | Issuer Directory guidance covered in `docs/runbooks/vex-ops.md`; finalize once DEPLOY-VEX-30-001 pins production values. | Depends on #5 | DVPL0101 |
| DEPLOY-VULN-29-001 | DOING (dev-mock 2025-12-06) | 2025-12-06 | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment + Vuln Guild | ops/deployment | Mock-ready runbook added (`docs/runbooks/vuln-ops.md`); production overlays pending schema/digests. | Needs CCWO0101 | DVPL0101 |
| DEPLOY-VULN-29-002 | DOING (dev-mock 2025-12-06) | 2025-12-06 | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment Guild | ops/deployment | Vuln Explorer API steps captured in `docs/runbooks/vuln-ops.md`; finalize with real pins after DEPLOY-VULN-29-001. | Depends on #7 | DVPL0101 |
| DETER-186-008 | TODO | | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild | `src/Scanner/StellaOps.Scanner.WebService`, `src/Scanner/StellaOps.Scanner.Worker` | Wait for RLRC0101 fixture | Wait for RLRC0101 fixture | SCDT0101 |
| DETER-186-009 | TODO | | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild · QA Guild | `src/Scanner/StellaOps.Scanner.Replay`, `src/Scanner/__Tests` | Depends on #1 | Depends on #1 | SCDT0101 |
| DETER-186-010 | TODO | | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild · Export Center Guild | `src/Scanner/StellaOps.Scanner.WebService`, `docs/modules/scanner/operations/release.md` | Depends on #2 | Depends on #2 | SCDT0101 |
| DETER-70-002 | TODO | | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Scanner Guild | | Needs CASC0101 manifest | Needs CASC0101 manifest | SCDT0101 |
| DETER-70-003 | TODO | | SPRINT_0202_0001_0002_cli_ii | DevEx/CLI Guild · Scanner Guild | src/Cli/StellaOps.Cli | Depends on #4 | Depends on #4 | SCDT0101 |
| DETER-70-004 | TODO | | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Depends on #5 | Depends on #5 | SCDT0101 |
| DEVOPS-AIAI-31-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Advisory AI Guild (ops/devops) | ops/devops | Stand up CI pipelines, inference monitoring, privacy logging review, and perf dashboards for Advisory AI (summaries/conflicts/remediation). | — | DVDO0101 |
| DEVOPS-AIRGAP-56-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild (ops/devops) | ops/devops | Ship deny-all egress policies for Kubernetes (NetworkPolicy/eBPF) and docker-compose firewall rules; provide verification script for sealed mode. | — | DVDO0101 |
| DEVOPS-AIRGAP-56-002 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, AirGap Importer Guild (ops/devops) | ops/devops | Provide import tooling for bundle staging: checksum validation, offline object-store loader scripts, removable media guidance. Dependencies: DEVOPS-AIRGAP-56-001. | — | DVDO0101 |
| DEVOPS-AIRGAP-56-003 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Container Distribution Guild (ops/devops) | ops/devops | Build Bootstrap Pack pipeline bundling images/charts, generating checksums, and publishing manifest for offline transfer. Dependencies: DEVOPS-AIRGAP-56-002. | — | DVDO0101 |
| DEVOPS-AIRGAP-57-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Mirror Creator Guild (ops/devops) | ops/devops | Automate Mirror Bundle creation jobs with dual-control approvals, artifact signing, and checksum publication. Dependencies: DEVOPS-AIRGAP-56-003. | — | DVDO0101 |
| DEVOPS-AIRGAP-57-002 | DOING | 2025-11-08 | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Authority Guild (ops/devops) | ops/devops | Configure sealed-mode CI tests that run services with sealed flag and ensure no egress occurs (iptables + mock DNS). Dependencies: DEVOPS-AIRGAP-57-001. | — | DVDO0101 |
| DEVOPS-AIRGAP-58-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Notifications Guild (ops/devops) | ops/devops | Provide local SMTP/syslog container templates and health checks for sealed environments; integrate into Bootstrap Pack. Dependencies: DEVOPS-AIRGAP-57-002. | — | DVDO0101 |
| DEVOPS-AIRGAP-58-002 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Observability Guild (ops/devops) | ops/devops | Ship sealed-mode observability stack (Prometheus/Grafana/Tempo/Loki) pre-configured with offline dashboards and no remote exporters. Dependencies: DEVOPS-AIRGAP-58-001. | — | DVDO0101 |
| DEVOPS-AOC-19-001 | BLOCKED | 2025-10-26 | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Platform Guild (ops/devops) | ops/devops | Integrate the AOC Roslyn analyzer and guard tests into CI, failing builds when ingestion projects attempt banned writes. | CCAO0101 | DVDO0101 |
| DEVOPS-AOC-19-002 | BLOCKED | 2025-10-26 | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild (ops/devops) | ops/devops | Add pipeline stage executing `stella aoc verify --since` against seeded Mongo snapshots for Concelier + Excititor, publishing violation report artefacts. Dependencies: DEVOPS-AOC-19-001. | DEVOPS-AOC-19-001 | DVDO0101 |
| DEVOPS-AOC-19-003 | BLOCKED | 2025-10-26 | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, QA Guild (ops/devops) | ops/devops | Enforce unit test coverage thresholds for AOC guard suites and ensure coverage exported to dashboards. Dependencies: DEVOPS-AOC-19-002. | DEVOPS-AOC-19-002 | DVDO0102 |
| DEVOPS-AOC-19-101 | TODO | 2025-10-28 | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild · Concelier Storage Guild | ops/devops | Draft supersedes backfill rollout (freeze window, dry-run steps, rollback) once advisory_raw idempotency index passes staging verification. Dependencies: DEVOPS-AOC-19-003. | Align with CCOA0101 contract | DVDO0104 |
| DEVOPS-ATTEST-73-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Attestor Service Guild (ops/devops) | ops/devops | Provision CI pipelines for attestor service (lint/test/security scan, seed data) and manage secrets for KMS drivers. | — | DVDO0102 |
| DEVOPS-ATTEST-73-002 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, KMS Guild (ops/devops) | ops/devops | Establish secure storage for signing keys (vault integration, rotation schedule) and audit logging. Dependencies: DEVOPS-ATTEST-73-001. | — | DVDO0102 |
| DEVOPS-ATTEST-74-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | DevOps Guild, Transparency Guild (ops/devops) | ops/devops | Deploy transparency log witness infrastructure and monitoring. Dependencies: DEVOPS-ATTEST-73-002. | — | DVDO0102 |
| DEVOPS-ATTEST-74-002 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild, Export Attestation Guild (ops/devops) | ops/devops | Integrate attestation bundle builds into release/offline pipelines with checksum verification. Dependencies: DEVOPS-ATTEST-74-001. | — | DVDO0102 |
| DEVOPS-ATTEST-75-001 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild, Observability Guild (ops/devops) | ops/devops | Add dashboards/alerts for signing latency, verification failures, key rotation events. Dependencies: DEVOPS-ATTEST-74-002. | — | DVDO0102 |
| DEVOPS-CLI-41-001 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild, DevEx/CLI Guild (ops/devops) | ops/devops | Establish CLI build pipeline (multi-platform binaries, SBOM, checksums), parity matrix CI enforcement, and release artifact signing. | — | DVDO0102 |
| DEVOPS-CLI-42-001 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild (ops/devops) | ops/devops | Add CLI golden output tests, parity diff automation, pack run CI harness, and artifact cache for remote mode. Dependencies: DEVOPS-CLI-41-001. | — | DVDO0102 |
| DEVOPS-CLI-43-002 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild, Task Runner Guild (ops/devops) | ops/devops | Implement Task Pack chaos smoke in CI (random failure injection, resume, sealed-mode toggle) and publish evidence bundles for review. Dependencies: DEVOPS-CLI-43-001. | — | DVDO0102 |
| DEVOPS-CLI-43-003 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild, DevEx/CLI Guild (ops/devops) | ops/devops | Integrate CLI golden output/parity diff automation into release gating; export parity report artifact consumed by Console Downloads workspace. Dependencies: DEVOPS-CLI-43-002. | — | DVDO0102 |
| DEVOPS-CONSOLE-23-001 | TODO | 2025-10-26 | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild · Console Guild | ops/devops | Add console CI workflow (pnpm cache, lint, type-check, unit, Storybook a11y, Playwright, Lighthouse) with offline runners and artifact retention for screenshots/reports. | Needs CCWO0101 API schema | DVDO0104 |
| DEVOPS-CONSOLE-23-002 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild | ops/devops | Produce `stella-console` container build + Helm chart overlays with deterministic digests, SBOM/provenance artefacts, and offline bundle packaging scripts. Dependencies: DEVOPS-CONSOLE-23-001. | Depends on #2 | DVDO0104 |
| DEVOPS-CONTAINERS-44-001 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild | ops/devops | Automate multi-arch image builds with buildx, SBOM generation, cosign signing, and signature verification in CI. | Wait for COWB0101 base image | DVDO0104 |
| DEVOPS-CONTAINERS-45-001 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild | ops/devops | Add Compose and Helm smoke tests (fresh VM + kind cluster) to CI; publish test artifacts and logs. Dependencies: DEVOPS-CONTAINERS-44-001. | Depends on #4 | DVDO0104 |
| DEVOPS-CONTAINERS-46-001 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild | ops/devops | Build air-gap bundle generator (`src/Tools/make-airgap-bundle.sh`), produce signed bundle, and verify in CI using private registry. Dependencies: DEVOPS-CONTAINERS-45-001. | Depends on #5 | DVDO0104 |
| DEVOPS-DEVPORT-63-001 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild · DevPortal Guild | ops/devops | Automate developer portal build pipeline with caching, link & accessibility checks, performance budgets. | Wait for API schema from CCWO0101 | DVDO0105 |
| DEVOPS-DEVPORT-64-001 | TODO | | SPRINT_0504_0001_0001_ops_devops_ii | DevOps Guild | ops/devops | Schedule `devportal --offline` nightly builds with checksum validation and artifact retention policies. Dependencies: DEVOPS-DEVPORT-63-001. | Depends on #1 | DVDO0105 |
| DEVOPS-DOCS-0001 | TODO | | SPRINT_0318_0001_0001_docs_modules_devops | DevOps Docs Guild | docs/modules/devops | See ./AGENTS.md | Needs CCSL0101 console docs | DVDO0105 |
| DEVOPS-ENG-0001 | TODO | | SPRINT_0318_0001_0001_docs_modules_devops | DevOps Engineering Guild | docs/modules/devops | Update status via ./AGENTS.md workflow | Depends on #3 | DVDO0105 |
| DEVOPS-EXPORT-35-001 | TODO | 2025-10-29 | SPRINT_0504_0001_0001_ops_devops_ii | DevOps · Export Guild | ops/devops | Establish exporter CI pipeline (lint/test/perf smoke), configure object storage fixtures, seed Grafana dashboards, and document bootstrap steps. | Wait for DVPL0101 export deploy | DVDO0105 |
| DEVOPS-EXPORT-36-001 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Integrate Trivy compatibility validation, cosign signature checks, `trivy module db import` smoke tests, OCI distribution verification, and throughput/error dashboards. Dependencies: DEVOPS-EXPORT-35-001. | Depends on #5 | DVDO0105 |
| DEVOPS-EXPORT-37-001 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Finalize exporter monitoring (failure alerts, verify metrics, retention jobs) and chaos/latency tests ahead of GA. Dependencies: DEVOPS-EXPORT-36-001. | Depends on #6 | DVDO0105 |
| DEVOPS-GRAPH-24-001 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps · Graph Guild | ops/devops | Load test graph index/adjacency APIs with 40k-node assets; capture perf dashboards and alert thresholds. | Wait for CCGH0101 endpoint | DVDO0106 |
| DEVOPS-GRAPH-24-002 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Integrate synthetic UI perf runs (Playwright/WebGL metrics) for Graph/Vuln explorers; fail builds on regression. Dependencies: DEVOPS-GRAPH-24-001. | Depends on #1 | DVDO0106 |
| DEVOPS-GRAPH-24-003 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Implement smoke job for simulation endpoints ensuring we stay within SLA (<3s upgrade) and log results. Dependencies: DEVOPS-GRAPH-24-002. | Depends on #2 | DVDO0106 |
| DEVOPS-LNM-22-001 | TODO | 2025-10-27 | SPRINT_0505_0001_0001_ops_devops_iii | DevOps · Concelier Guild | ops/devops | Run migration/backfill pipelines for advisory observations/linksets in staging, validate counts/conflicts, and automate deployment steps. Awaiting storage backfill tooling. | Needs CCLN0102 API | DVDO0106 |
| DEVOPS-LNM-22-002 | TODO | 2025-10-27 | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Execute VEX observation/linkset backfill with monitoring; ensure NATS/Redis events integrated; document ops runbook. Blocked until Excititor storage migration lands. Dependencies: DEVOPS-LNM-22-001. | Depends on #4 | DVDO0106 |
| DEVOPS-LNM-22-003 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Add CI/monitoring coverage for new metrics (`advisory_observations_total`, `linksets_total`, etc.) and alerts on ingest-to-API SLA breaches. Dependencies: DEVOPS-LNM-22-002. | Depends on #5 | DVDO0106 |
| DEVOPS-OAS-61-001 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Add CI stages for OpenAPI linting, validation, and compatibility diff; enforce gating on PRs. | Wait for CCWO0101 spec | DVDO0106 |
| DEVOPS-OAS-61-002 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Integrate mock server + contract test suite into PR and nightly workflows; publish artifacts. Dependencies: DEVOPS-OAS-61-001. | Depends on #7 | DVDO0106 |
| DEVOPS-OBS-51-001 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild · Observability Guild | ops/devops | Implement SLO evaluator service (burn rate calculators, webhook emitters), Grafana dashboards, and alert routing to Notifier. Provide Terraform/Helm automation. Dependencies: DEVOPS-OBS-50-002. | Wait for 045_DVDO0103 alert catalog | DVOB0101 |
| DEVOPS-OBS-52-001 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild · Timeline Indexer Guild | ops/devops | Configure streaming pipeline (NATS/Redis/Kafka) with retention, partitioning, and backpressure tuning for timeline events; add CI validation of schema + rate caps. Dependencies: DEVOPS-OBS-51-001. | Needs #1 merged for shared correlation IDs | DVOB0101 |
| DEVOPS-OBS-53-001 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild · Evidence Locker Guild | ops/devops | Provision object storage with WORM/retention options (S3 Object Lock / MinIO immutability), legal hold automation, and backup/restore scripts for evidence locker. Dependencies: DEVOPS-OBS-52-001. | Depends on DSSE API from 002_ATEL0101 | DVOB0101 |
| DEVOPS-OBS-54-001 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild · Security Guild | ops/devops | Manage provenance signing infrastructure (KMS keys, rotation schedule, timestamp authority integration) and integrate verification jobs into CI. Dependencies: DEVOPS-OBS-53-001. | Requires security sign-off on cardinality budgets | DVOB0101 |
| DEVOPS-OBS-55-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild · Ops Guild | ops/devops | Implement incident mode automation: feature flag service, auto-activation via SLO burn-rate, retention override management, and post-incident reset job. Dependencies: DEVOPS-OBS-54-001. | Relies on #4 to finalize alert dimensions | DVOB0101 |
| DEVOPS-OFFLINE-17-004 | TODO | 2025-11-23 | SPRINT_0508_0001_0001_ops_offline_kit | DevOps Offline Guild | ops/offline-kit | Release workflow now publishes `out/release/debug`; run `mirror_debug_store.py` on the next release artefact, verify hashes, archive `metadata/debug-store.json` into the Offline Kit. | Wait for DVPL0101 compose | DVDO0107 |
| DEVOPS-OFFLINE-34-006 | TODO | | SPRINT_0508_0001_0001_ops_offline_kit | DevOps Guild | ops/offline-kit | Bundle orchestrator service container, worker SDK samples, Postgres snapshot, and dashboards into Offline Kit with manifest/signature updates. Dependencies: DEVOPS-OFFLINE-17-004. | Depends on #1 | DVDO0107 |
| DEVOPS-OFFLINE-37-001 | TODO | | SPRINT_0508_0001_0001_ops_offline_kit | DevOps Guild | ops/offline-kit | Export Center offline bundles + verification tooling (mirror artefacts, verification CLI, manifest/signature refresh, air-gap import script). Dependencies: DEVOPS-OFFLINE-34-006. | Needs RBRE hashes | DVDO0107 |
| DEVOPS-OFFLINE-37-002 | TODO | | SPRINT_0508_0001_0001_ops_offline_kit | DevOps Guild | ops/offline-kit | Notifier offline packs (sample configs, template/digest packs, dry-run harness) with integrity checks and operator docs. Dependencies: DEVOPS-OFFLINE-37-001. | Depends on #3 | DVDO0107 |
| DEVOPS-OPENSSL-11-001 | TODO | 2025-11-06 | SPRINT_0505_0001_0001_ops_devops_iii | Security + DevOps Guilds | ops/devops | Package the OpenSSL 1.1 shim (`tests/native/openssl-1.1/linux-x64`) into test harness output so Mongo2Go suites discover it automatically. | Wait for CRYO0101 artifacts | DVDO0107 |
| DEVOPS-OPENSSL-11-002 | TODO | 2025-11-06 | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild | ops/devops | Ensure CI runners and Docker images that execute Mongo2Go tests export `LD_LIBRARY_PATH` (or embed the shim) to unblock unattended pipelines. Dependencies: DEVOPS-OPENSSL-11-001. | Depends on #5 | DVDO0107 |
| DEVOPS-OPS-0001 | TODO | | SPRINT_0318_0001_0001_docs_modules_devops | DevOps Ops Guild | docs/modules/devops | Sync outcomes back to ../.. | Depends on #1-6 | DVDO0107 |
| DEVOPS-ORCH-32-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps · Orchestrator Guild | ops/devops | Provision orchestrator Postgres/message-bus infrastructure, add CI smoke deploy, seed Grafana dashboards (queue depth, inflight jobs), and document bootstrap. | Wait for ORTR0102 API | DVDO0108 |
| DEVOPS-ORCH-33-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild | ops/devops | Publish Grafana dashboards/alerts for rate limiter, backpressure, error clustering, and DLQ depth; integrate with on-call rotations. Dependencies: DEVOPS-ORCH-32-001. | Depends on #1 | DVDO0108 |
| DEVOPS-ORCH-34-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild | ops/devops | Harden production monitoring (synthetic probes, burn-rate alerts, replay smoke), document incident response, and prep GA readiness checklist. Dependencies: DEVOPS-ORCH-33-001. | Depends on #2 | DVDO0108 |
| DEVOPS-POLICY-27-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild · CLI Guild | ops/devops | Add CI pipeline stages to run `stella policy lint | Needs CLI lint output | DVDO0108 |
| DEVOPS-POLICY-27-002 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild · Policy Registry Guild | ops/devops | Provide optional batch simulation CI job (staging inventory) that triggers Registry run, polls results, and posts markdown summary to PR; enforce drift thresholds. Dependencies: DEVOPS-POLICY-27-001. | Depends on 27-001 | DVDO0108 |
| DEVOPS-POLICY-27-003 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild · Security Guild | ops/devops | Manage signing key material for policy publish pipeline (OIDC workload identity + cosign), rotate keys, and document verification steps; integrate attestation verification stage. Dependencies: DEVOPS-POLICY-27-002. | Needs 27-002 pipeline | DVDO0108 |
| DEVOPS-POLICY-27-004 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild · Observability Guild | ops/devops | Create dashboards/alerts for policy compile latency, simulation queue depth, approval latency, and promotion outcomes; integrate with on-call playbooks. Dependencies: DEVOPS-POLICY-27-003. | Depends on 27-003 | DVDO0108 |
| DEVOPS-REL-17-004 | DONE | 2025-11-23 | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Release Guild | ops/devops | Release workflow now uploads `out/release/debug` as a dedicated artifact and already fails if symbols are missing; build-id manifest enforced. | Needs DVPL0101 release artifacts | DVDO0108 |
| DEVOPS-RULES-33-001 | TODO | 2025-10-30 | SPRINT_0506_0001_0001_ops_devops_iv | DevOps · Policy Guild | ops/devops | Contracts & Rules anchor:<br>• Gateway proxies only; Policy Engine composes overlays/simulations.<br>• AOC ingestion cannot merge; only lossless canonicalization.<br>• One graph platform: Graph Indexer + Graph API. Cartographer retired. | Wait for CCPR0101 policy logs | DVDO0109 |
| DEVOPS-SCAN-90-004 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps · Scanner Guild | ops/devops | Add a CI job that runs the scanner determinism harness against the release matrix (N runs per image), uploads `determinism.json`, and fails when score < threshold; publish artifact to release notes. Dependencies: SCAN-DETER-186-009/010. | Needs SCDT0101 fixtures | DVDO0109 |
| DEVOPS-SDK-63-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps · SDK Guild | ops/devops | Provision registry credentials, signing keys, and secure storage for SDK publishing pipelines. | Depends on #2 | DVDO0109 |
| DEVOPS-SIG-26-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild · Signals Guild | ops/devops | Provision CI/CD pipelines, Helm/Compose manifests for Signals service, including artifact storage and Redis dependencies. | Wait for SGSI0101 metrics | DVDO0110 |
| DEVOPS-SIG-26-002 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild | ops/devops | Create dashboards/alerts for reachability scoring latency, cache hit rates, sensor staleness. Dependencies: DEVOPS-SIG-26-001. | Depends on #1 | DVDO0110 |
| DEVOPS-SYMS-90-005 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps · Symbols Guild | ops/devops | Deploy Symbols.Server (Helm/Terraform), manage MinIO/Mongo storage, configure tenant RBAC/quotas, and wire ingestion CLI into release pipelines with monitoring and backups. Dependencies: SYMS-SERVER-401-011/013. | Needs RBSY0101 bundle | DVDO0110 |
| DEVOPS-TEN-47-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps · Policy Guild | ops/devops | Add JWKS cache monitoring, signature verification regression tests, and token expiration chaos tests to CI. | Wait for CCPR0101 policy | DVDO0110 |
| DEVOPS-TEN-48-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild | ops/devops | Build integration tests to assert RLS enforcement, tenant-prefixed object storage, and audit event emission; set up lint to prevent raw SQL bypass. Dependencies: DEVOPS-TEN-47-001. | Depends on #4 | DVDO0110 |
| DEVOPS-TEN-49-001 | DONE (2025-12-03) | 2025-12-03 | SPRINT_0507_0001_0001_ops_devops_v | DevOps Guild | ops/devops | Deploy audit pipeline, scope usage metrics, JWKS outage chaos tests, and tenant load/perf benchmarks. Dependencies: DEVOPS-TEN-48-001. | Depends on #5 | DVDO0110 |
| DEVOPS-VEX-30-001 | DONE (2025-12-02) | 2025-12-02 | SPRINT_0507_0001_0001_ops_devops_v | DevOps Guild · VEX Lens Guild | ops/devops | Provision CI, load tests, dashboards, alerts for VEX Lens and Issuer Directory (compute latency, disputed totals, signature verification rates). | — | PLVL0103 |
| DEVOPS-VULN-29-001 | DONE (2025-12-02) | 2025-12-02 | SPRINT_0507_0001_0001_ops_devops_v | DevOps · Vuln Guild | ops/devops | Provision CI jobs for ledger projector (replay, determinism), set up backups, monitor Merkle anchoring, and automate verification. | Needs DVPL0101 deploy | DVDO0110 |
| DEVOPS-VULN-29-002 | DONE (2025-12-02) | 2025-12-02 | SPRINT_0507_0001_0001_ops_devops_v | DevOps Guild | ops/devops | Configure load/perf tests (5M findings/tenant), query budget enforcement, API SLO dashboards, and alerts for `vuln_list_latency` and `projection_lag`. Dependencies: DEVOPS-VULN-29-001. | Depends on #7 | DVDO0110 |
| DEVOPS-VULN-29-003 | DONE (2025-12-02) | 2025-12-02 | SPRINT_0507_0001_0001_ops_devops_v | DevOps Guild | ops/devops | Instrument analytics pipeline for Vuln Explorer (telemetry ingestion, query hashes), ensure compliance with privacy/PII guardrails, and update observability docs. Dependencies: DEVOPS-VULN-29-002. | Depends on #8 | DVDO0110 |
| DEVPORT-62-001 | TODO | | SPRINT_206_devportal | DevPortal Guild | src/DevPortal/StellaOps.DevPortal.Site | Select static site generator, integrate aggregate spec, build navigation + search scaffolding. | 62-001 | DEVL0101 |
| DEVPORT-62-002 | TODO | | SPRINT_206_devportal | DevPortal Guild | src/DevPortal/StellaOps.DevPortal.Site | Implement schema viewer, example rendering, copy-curl snippets, and version selector UI. Dependencies: DEVPORT-62-001. | DEVPORT-62-001 | DEVL0101 |
| DEVPORT-63-001 | TODO | | SPRINT_206_devportal | DevPortal Guild | src/DevPortal/StellaOps.DevPortal.Site | Add Try-It console pointing at sandbox environment with token onboarding and scope info. Dependencies: DEVPORT-62-002. | 63-001 | DEVL0101 |
| DEVPORT-63-002 | TODO | | SPRINT_206_devportal | DevPortal Guild | src/DevPortal/StellaOps.DevPortal.Site | Embed language-specific SDK snippets and quick starts generated from tested examples. Dependencies: DEVPORT-63-001. | DEVPORT-63-001 | DEVL0101 |
| DEVPORT-64-001 | TODO | | SPRINT_206_devportal | DevPortal Guild | src/DevPortal/StellaOps.DevPortal.Site | Provide offline build target bundling HTML, specs, SDK archives; ensure no external assets. Dependencies: DEVPORT-63-002. | 64-001 | DEVL0101 |
| DEVPORT-64-002 | TODO | | SPRINT_206_devportal | Developer Portal Guild (src/DevPortal/StellaOps.DevPortal.Site) | src/DevPortal/StellaOps.DevPortal.Site | Add automated accessibility tests, link checker, and performance budgets. Dependencies: DEVPORT-64-001. | | DEVL0102 |
| DOC-008 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · Reachability Guild | `docs/reachability/function-level-evidence.md`, `docs/09_API_CLI_REFERENCE.md`, `docs/api/policy.md` | Wait for replay evidence from 100_RBBN0101 | Wait for replay evidence from 100_RBBN0101 | DORC0101 |
| DOC-70-001 | DONE | | SPRINT_0170_0001_0001_notifications_telemetry | Docs Guild · Notifications Guild | docs | Gather notification doc references | Validate existing notifications doc and migrate notes | DOCP0101 |
| DOCKER-44-001 | TODO | | SPRINT_0507_0001_0001_ops_devops_v | DevOps Guild · Service Owners | ops/devops | Author multi-stage Dockerfiles for all core services (API, Console, Orchestrator, Task Runner, Conseiller, Excitor, Policy, Notify, Export, AI) with non-root users, read-only file systems, and health scripts. | Wait for DVPL0101 compose merge | DVDO0111 |
| DOCKER-44-002 | TODO | | SPRINT_0507_0001_0001_ops_devops_v | DevOps Guild | ops/devops | Generate SBOMs and cosign attestations for each image and integrate verification into CI. Dependencies: DOCKER-44-001. | Depends on #1 | DVDO0111 |
| DOCKER-44-003 | TODO | | SPRINT_0507_0001_0001_ops_devops_v | DevOps Guild | ops/devops | Implement `/health/liveness`, `/health/readiness`, `/version`, `/metrics`, and ensure capability endpoint returns `merge=false` for Conseiller/Excitor. Dependencies: DOCKER-44-002. | Requires SBOM+scan workflow from 137_SCDT0101 | DVDO0111 |
| DOCS-0001 | DONE | 2025-11-05 | SPRINT_313_docs_modules_attestor | Docs Guild | docs/modules/attestor | Confirm attestor module doc publication | Confirm attestor module doc scope | DOCP0101 |
| DOCS-0002 | TODO | 2025-11-05 | SPRINT_321_docs_modules_graph | Docs Guild (docs/modules/graph) | docs/modules/graph | — | — | DOCL0102 |
| DOCS-0003 | TODO | | SPRINT_327_docs_modules_scanner | Docs Guild, Product Guild (docs/modules/scanner) | docs/modules/scanner | — | — | DOCL0102 |
| DOCS-401-008 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | QA & Docs Guilds (`docs`, `tests/README.md`) | `docs`, `tests/README.md` | — | — | DOCL0102 |
| DOCS-401-022 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · Attestor Guild (`docs/ci/dsse-build-flow.md`, `docs/modules/attestor/architecture.md`) | `docs/ci/dsse-build-flow.md`, `docs/modules/attestor/architecture.md` | — | — | DOCL0102 |
| DOCS-AIAI-31-004 | DONE (2025-12-04) | 2025-12-04 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Console Guild | docs/advisory-ai | Guardrail console guide refreshed with deterministic captures plus consolidated hash manifest (`docs/advisory-ai/console-fixtures.sha256`) and verification steps. | CONSOLE-VULN-29-001; CONSOLE-VEX-30-001; SBOM-AIAI-31-003 | DOAI0102 |
| DOCS-AIAI-31-005 | DONE (2025-11-25) | 2025-11-25 | SPRINT_110_ingestion_evidence | Docs Guild | | CLI/policy/ops docs refreshed with offline hashes and exit codes. | DOCS-AIAI-31-004; CLI-VULN-29-001; CLI-VEX-30-001; POLICY-ENGINE-31-001; DEVOPS-AIAI-31-001 | DOAI0102 |
| DOCS-AIAI-31-006 | TODO | 2025-11-13 | SPRINT_0111_0001_0001_advisoryai | Docs Guild · Advisory AI Guild | docs/modules/advisory-ai | `/docs/policy/assistant-parameters.md` now documents inference modes, guardrail phrases, budgets, and cache/queue knobs (POLICY-ENGINE-31-001 inputs captured via `AdvisoryAiServiceOptions`). | Need latest telemetry outputs from ADAI0101 | DOAI0104 |
| DOCS-AIAI-31-008 | BLOCKED | 2025-11-18 | SPRINT_0111_0001_0001_advisoryai | Docs Guild · SBOM Service Guild (docs) | docs | Publish `/docs/sbom/remediation-heuristics.md` (feasibility scoring, blast radius). | SBOM-AIAI-31-001 projection kit/fixtures | DOAI0104 |
| DOCS-AIAI-31-009 | DONE (2025-11-25) | 2025-11-25 | SPRINT_110_ingestion_evidence | Docs Guild | | Docs updated with guardrail/ops addenda and offline hashes. | DOCS-AIAI-31-004; CLI-VULN-29-001; CLI-VEX-30-001; POLICY-ENGINE-31-001; DEVOPS-AIAI-31-001 | DOAI0102 |
| DOCS-AIRGAP-56-001 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · AirGap Controller Guild | | `/docs/airgap/overview.md` outlining modes, lifecycle, responsibilities, rule banner. | — | DOAI0102 |
| DOCS-AIRGAP-56-002 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · DevOps Guild | | `/docs/airgap/sealing-and-egress.md` (network policies, EgressPolicy facade, verification). | DOCS-AIRGAP-56-001 | DOAI0102 |
| DOCS-AIRGAP-56-003 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Exporter Guild | bundle format, DSSE/TUF/Merkle validation, workflows | `/docs/airgap/mirror-bundles.md` (bundle format, DSSE/TUF/Merkle validation, workflows). | DOCS-AIRGAP-56-002 | DOAI0102 |
| DOCS-AIRGAP-56-004 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Deployment Guild | | `/docs/airgap/bootstrap.md` covering Bootstrap Pack creation + install. | DOCS-AIRGAP-56-003 | DOAI0102 |
| DOCS-AIRGAP-57-001 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · AirGap Time Guild | docs/modules/airgap | `/docs/airgap/staleness-and-time.md` (time anchors, drift, UI indicators). | DOCS-AIRGAP-56-004 | DOAI0102 |
| DOCS-AIRGAP-57-002 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Console Guild | docs/modules/airgap | `/docs/console/airgap.md` (sealed badge, import wizard, staleness dashboards). | DOCS-AIRGAP-57-001 | DOAI0102 |
| DOCS-AIRGAP-57-003 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild · CLI Guild | docs/modules/airgap | Publish `/docs/modules/cli/guides/airgap.md` documenting commands, examples, exit codes. Dependencies: DOCS-AIRGAP-57-002. | AIDG0101 tasks 34 | DOCL0102 |
| DOCS-AIRGAP-57-004 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild · Ops Guild | docs/modules/airgap | Create `/docs/airgap/operations.md` with runbooks for imports, failure recovery, and auditing. Dependencies: DOCS-AIRGAP-57-003. | DOCS-AIRGAP-57-003 | DOCL0102 |
| DOCS-AIRGAP-58-001 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild, Product Guild (docs) | | Provide `/docs/airgap/degradation-matrix.md` enumerating feature availability, fallbacks, remediation. Dependencies: DOCS-AIRGAP-57-004. | — | DOCL0102 |
| DOCS-AIRGAP-58-002 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild, Security Guild (docs) | | Update `/docs/security/trust-and-signing.md` with DSSE/TUF roots, rotation, and signed time tokens. Dependencies: DOCS-AIRGAP-58-001. | — | DOCL0102 |
| DOCS-AIRGAP-58-003 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild · DevEx Guild | docs/modules/airgap | Publish `/docs/dev/airgap-contracts.md` describing EgressPolicy usage, sealed-mode tests, linting. Dependencies: DOCS-AIRGAP-58-002. | Need DevEx CLI samples from CLCI0109 | DOAG0101 |
| DOCS-AIRGAP-58-004 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild · Evidence Locker Guild | docs/modules/airgap | Document `/docs/airgap/portable-evidence.md` for exporting/importing portable evidence bundles across enclaves. Dependencies: DOCS-AIRGAP-58-003. | Requires Evidence Locker attestation notes from 002_ATEL0101 | DOAG0101 |
| DOCS-AIRGAP-DEVPORT-64-001 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild · DevPortal Offline Guild | docs/modules/export-center/devportal-offline.md | Create `/docs/airgap/devportal-offline.md` describing offline bundle usage and verification. | Requires #3 draft | DEVL0102 |
| DOCS-ATTEST-73-001 | TODO | | SPRINT_302_docs_tasks_md_ii | Docs Guild, Attestor Service Guild (docs) | | Publish `/docs/modules/attestor/overview.md` with imposed rule banner. | — | DOAT0101 |
| DOCS-ATTEST-73-002 | DONE | 2025-11-23 | SPRINT_302_docs_tasks_md_ii | Docs Guild, Attestation Payloads Guild (docs) | | Write `/docs/modules/attestor/payloads.md` with schemas/examples. Dependencies: DOCS-ATTEST-73-001. | — | DOAT0101 |
| DOCS-ATTEST-73-003 | DONE | 2025-11-23 | SPRINT_302_docs_tasks_md_ii | Docs Guild, Policy Guild (docs) | | Publish `/docs/modules/attestor/policies.md` covering verification policies. Dependencies: DOCS-ATTEST-73-002. | — | DOAT0101 |
| DOCS-ATTEST-73-004 | DONE | 2025-11-23 | SPRINT_302_docs_tasks_md_ii | Docs Guild, Attestor Service Guild (docs) | | Add `/docs/modules/attestor/workflows.md` detailing ingest, verify, bulk operations. Dependencies: DOCS-ATTEST-73-003. | — | DOAT0101 |
| DOCS-ATTEST-74-001 | DONE | 2025-11-23 | SPRINT_302_docs_tasks_md_ii | Docs Guild, KMS Guild (docs) | | Publish `/docs/modules/attestor/keys-and-issuers.md`. Dependencies: DOCS-ATTEST-73-004. | — | DOAT0101 |
| DOCS-ATTEST-74-002 | DONE | 2025-11-23 | SPRINT_302_docs_tasks_md_ii | Docs Guild, Transparency Guild (docs) | | Document `/docs/modules/attestor/transparency.md` with witness usage/offline validation. Dependencies: DOCS-ATTEST-74-001. | — | DOAT0101 |
| DOCS-ATTEST-74-003 | DONE | 2025-11-23 | SPRINT_302_docs_tasks_md_ii | Docs Guild, Attestor Console Guild (docs) | | Write `/docs/console/attestor-ui.md` with screenshots/workflows. Dependencies: DOCS-ATTEST-74-002. | — | DOAT0101 |
| DOCS-ATTEST-74-004 | DONE | 2025-11-23 | SPRINT_302_docs_tasks_md_ii | Docs Guild, CLI Attestor Guild (docs) | | Publish `/docs/modules/cli/guides/attest.md` covering CLI usage. Dependencies: DOCS-ATTEST-74-003. | — | DOAT0101 |
| DOCS-ATTEST-75-001 | DONE | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, Export Attestation Guild (docs) | | Add `/docs/modules/attestor/airgap.md` for attestation bundles. Dependencies: DOCS-ATTEST-74-004. | — | DOAT0101 |
| DOCS-ATTEST-75-002 | DONE | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, Security Guild (docs) | | Update `/docs/security/aoc-invariants.md` with attestation invariants. Dependencies: DOCS-ATTEST-75-001. | — | DOAT0101 |
| DOCS-CLI-41-001 | DONE | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, DevEx/CLI Guild (docs) | docs/modules/cli/guides | Publish `/docs/modules/cli/guides/overview.md`, `/docs/modules/cli/guides/configuration.md`, `/docs/modules/cli/guides/output-and-exit-codes.md` with imposed rule statements. | — | DOCL0101 |
| DOCS-CLI-42-001 | DONE | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild (docs) | | Publish `/docs/modules/cli/guides/parity-matrix.md` and command guides under `/docs/modules/cli/guides/commands/*.md` (policy, sbom, vuln, vex, advisory, export, orchestrator, notify, aoc, auth). Dependencies: DOCS-CLI-41-001. | — | DOCL0101 |
| DOCS-CLI-DET-01 | DONE | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · DevEx/CLI Guild | | Document `stella sbomer` verbs (`layer`, `compose`, `drift`, `verify`) with examples & offline instructions. | CLI-SBOM-60-001; CLI-SBOM-60-002 | DOCL0101 |
| DOCS-CLI-FORENSICS-53-001 | DONE | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, DevEx/CLI Guild (docs) | docs/modules/cli/guides | Publish `/docs/modules/cli/guides/forensics.md` for snapshot/verify/attest commands with sample outputs, imposed rule banner, and offline workflows. | — | DOCL0101 |
| DOCS-CLI-OBS-52-001 | DONE | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, DevEx/CLI Guild (docs) | docs/modules/cli/guides | Create `/docs/modules/cli/guides/observability.md` detailing `stella obs` commands, examples, exit codes, imposed rule banner, and scripting tips. | — | DOCL0101 |
| DOCS-CONSOLE-OBS-52-001 | BLOCKED | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, Console Guild (docs) | | Document `/docs/console/observability.md` showcasing Observability Hub widgets, trace/log search, imposed rule banner, and accessibility tips. | Blocked: awaiting Console Observability Hub schemas/widgets from Console Guild | DOCL0101 |
| DOCS-CONSOLE-OBS-52-002 | BLOCKED | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, Console Guild (docs) | | Publish `/docs/console/forensics.md` covering timeline explorer, evidence viewer, attestation verifier, imposed rule banner, and troubleshooting. Dependencies: DOCS-CONSOLE-OBS-52-001. | Blocked: upstream DOCS-CONSOLE-OBS-52-001 | DOCL0101 |
| DOCS-OBS-50-002 | DONE (2025-11-25) | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild, Security Guild (docs) | docs/observability | Author `/docs/observability/telemetry-standards.md` detailing common fields, scrubbing policy, sampling defaults, and redaction override procedure. | Docs Guild, Security Guild (docs) | DOOB0101 |
| DOCS-CONTRIB-62-001 | DONE | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, API Governance Guild (docs) | | Publish `/docs/contributing/api-contracts.md` detailing how to edit OAS, lint rules, compatibility checks. | — | DOCL0101 |
| DOCS-DETER-70-002 | TODO | | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Scanner Guild | docs/modules/scanner/determinism.md | Document the scanner determinism score process (`determinism.json` schema, CI harness, replay instructions) under `/docs/modules/scanner/determinism-score.md` and add a release-notes template entry. Dependencies: SCAN-DETER-186-010, DEVOPS-SCAN-90-004. | Need deterministic suite notes from 137_SCDT0101 | DOSC0101 |
| DOCS-DEVPORT-62-001 | DONE | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, Developer Portal Guild (docs) | | Document `/docs/devportal/publishing.md` for build pipeline, offline bundle steps. | — | DOCL0101 |
| DOCS-DSL-401-005 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild (`docs/policy/dsl.md`, `docs/policy/lifecycle.md`) | `docs/policy/dsl.md`, `docs/policy/lifecycle.md` | Refresh `docs/policy/dsl.md` + lifecycle docs with the new syntax, signal dictionary (`trust_score`, `reachability`, etc.), authoring workflow, and safety rails (shadow mode, coverage tests). | — | DOCL0101 |
| DOCS-ENTROPY-70-004 | TODO | | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Scanner Guild | docs/modules/scanner/determinism.md | Publish entropy analysis documentation (scoring heuristics, JSON schemas, policy hooks, UI guidance) under `docs/modules/scanner/entropy.md` and update trust-lattice references. Dependencies: SCAN-ENTROPY-186-011/012, POLICY-RISK-90-001. | Requires entropy guardrails from 078_SCSA0301 | DOSC0101 |
| DOCS-EXC-25-001 | BLOCKED | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild | docs/modules/excititor | Author `/docs/governance/exceptions.md` covering lifecycle, scope patterns, examples, compliance checklist. | Blocked: waiting on CLEX0101 exception governance spec and UI workflow | DOEX0102 |
| DOCS-EXC-25-002 | BLOCKED | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild | docs/modules/excititor | Publish `/docs/governance/approvals-and-routing.md` detailing roles, routing matrix, MFA rules, audit trails. Dependencies: DOCS-EXC-25-001. | Blocked: upstream DOCS-EXC-25-001 | DOEX0102 |
| DOCS-EXC-25-003 | BLOCKED | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild | docs/modules/excititor | Create `/docs/api/exceptions.md` with endpoints, payloads, errors, idempotency notes. Dependencies: DOCS-EXC-25-002. | Blocked: upstream DOCS-EXC-25-002 | DOEX0102 |
| DOCS-EXC-25-005 | BLOCKED | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs + Accessibility Guilds | docs/modules/excititor | Write `/docs/ui/exception-center.md` with UI walkthrough, badges, accessibility, shortcuts. Dependencies: DOCS-EXC-25-003. | Blocked: upstream DOCS-EXC-25-003 | DOEX0102 |
| DOCS-EXC-25-006 | TODO | | SPRINT_303_docs_tasks_md_iii | Docs Guild | docs/modules/excititor | Update `/docs/modules/cli/guides/exceptions.md` covering command usage and exit codes. Dependencies: DOCS-EXC-25-005. | CLEX0101 | DOEX0102 |
| DOCS-EXC-25-007 | TODO | | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · DevOps Guild | docs/modules/excititor | Publish `/docs/migration/exception-governance.md` describing cutover from legacy suppressions, notifications, rollback. Dependencies: DOCS-EXC-25-006. | UIEX0101 & Ops runbooks | DOEX0102 |
| DOCS-EXPORT-37-004 | TODO | | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Export Center Guild | docs/modules/export-center | Publish `/docs/security/export-hardening.md` outlining RBAC, tenancy, encryption, redaction, restating imposed rule. | Wait for ATMI0102 orchestration notes | DOEC0102 |
| DOCS-EXPORT-37-005 | BLOCKED | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Export Center Guild | docs/modules/export-center | Validate Export Center docs against live Trivy/mirror bundles once implementation lands; refresh examples and CLI snippets accordingly. Dependencies: DOCS-EXPORT-37-004. | Blocked: awaiting live bundle verification | DOEC0102 |
| DOCS-EXPORT-37-101 | TODO | | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · DevOps Guild | docs/modules/export-center | Refresh CLI verification sections once `stella export verify` lands (flags, exit codes, samples). Dependencies: DOCS-EXPORT-37-005. | Depends on DVDO0105 deployment guide | DOEC0102 |
| DOCS-EXPORT-37-102 | TODO | | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Evidence Locker Guild | docs/modules/export-center | Embed export dashboards/alerts references into provenance/runbook docs after Grafana work ships. Dependencies: DOCS-EXPORT-37-101. | Requires ATEL0102 attestation feed | DOEC0102 |
| DOCS-FORENSICS-53-001 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Evidence Locker Guild | docs/forensics/evidence-locker.md | Publish `/docs/forensics/evidence-locker.md` describing bundle formats, WORM options, retention, legal hold, and imposed rule banner. | — | DOEL0101 |
| DOCS-FORENSICS-53-002 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Provenance Guild | docs/forensics/provenance-attestation.md | Release `/docs/forensics/provenance-attestation.md` covering DSSE schema, signing process, verification workflow, and imposed rule banner. Dependencies: DOCS-FORENSICS-53-001. | — | DOEL0101 |
| DOCS-FORENSICS-53-003 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Timeline Indexer Guild | docs/forensics/timeline.md | Publish `/docs/forensics/timeline.md` with schema, event kinds, filters, query examples, and imposed rule banner. Dependencies: DOCS-FORENSICS-53-002. | — | DOEL0101 |
| DOCS-GRAPH-24-001 | TODO | | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Graph Guild | docs/modules/graph | Author `/docs/ui/sbom-graph-explorer.md` detailing overlays, filters, saved views, accessibility, and AOC visibility. | Wait for GRAP0101 contract freeze | DOGR0101 |
| DOCS-GRAPH-24-002 | TODO | | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · UI Guild | docs/modules/graph | Publish `/docs/ui/vulnerability-explorer.md` covering table usage, grouping, fix suggestions, Why drawer. Dependencies: DOCS-GRAPH-24-001. | Needs SBOM/VEX dataflow confirmation (PLLG0104) | DOGR0101 |
| DOCS-GRAPH-24-003 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · SBOM Guild | docs/modules/graph | Create `/docs/modules/graph/architecture-index.md` describing data model, ingestion pipeline, caches, events. Dependencies: DOCS-GRAPH-24-002. | Unblocked: SBOM join spec delivered with CARTO-GRAPH-21-002 (2025-11-17). | DOGR0101 |
| DOCS-GRAPH-24-004 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · BE-Base Guild | docs/api/graph.md; docs/api/vuln.md | Document `/docs/api/graph.md` and `/docs/api/vuln.md` avec endpoints, parameters, errors, RBAC. Dependencies: DOCS-GRAPH-24-003. | Require replay hooks from RBBN0101 | DOGR0101 |
| DOCS-GRAPH-24-005 | TODO | | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · DevEx/CLI Guild | docs/modules/graph | Update `/docs/modules/cli/guides/graph-and-vuln.md` covering new CLI commands, exit codes, scripting. Dependencies: DOCS-GRAPH-24-004. | Wait for CLI samples from CLCI0109 | DOGR0101 |
| DOCS-GRAPH-24-006 | TODO | | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Policy Guild | docs/modules/graph | Write `/docs/policy/ui-integration.md` explaining overlays, cache usage, simulator contracts. Dependencies: DOCS-GRAPH-24-005. | Needs policy outputs from PLVL0102 | DOGR0101 |
| DOCS-GRAPH-24-007 | TODO | | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · DevOps Guild | docs/modules/graph | Produce `/docs/migration/graph-parity.md` with rollout plan, parity checks, fallback guidance. Dependencies: DOCS-GRAPH-24-006. | Depends on DVDO0108 deployment notes | DOGR0101 |
| DOCS-INSTALL-44-001 | TODO | | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Deployment Guild | docs/install | Publish `/docs/install/overview.md` and `/docs/install/compose-quickstart.md` with imposed rule line and copy-ready commands. | Need DVPL0101 compose schema | DOIS0101 |
| DOCS-INSTALL-45-001 | TODO | | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Deployment Guild | docs/install | Publish `/docs/install/helm-prod.md` and `/docs/install/configuration-reference.md` with values tables and imposed rule reminder. Dependencies: DOCS-INSTALL-44-001. | Wait for updated TLS guidance from 127_SIGR0101 | DOIS0101 |
| DOCS-INSTALL-46-001 | BLOCKED | 2025-11-25 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Deployment Guild | docs/install | Publish `/docs/install/airgap.md`, `/docs/security/supply-chain.md`, `/docs/operations/health-and-readiness.md`, `/docs/release/image-catalog.md`, `/docs/console/onboarding.md` (each with imposed rule). Dependencies: DOCS-INSTALL-45-001. | Blocked: upstream DOCS-INSTALL-45-001 and 126_RLRC0101 replay hooks | DOIS0101 |
| DOCS-INSTALL-50-001 | BLOCKED | 2025-11-25 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · DevOps Guild | docs/install | Add `/docs/install/telemetry-stack.md` with collector deployment, exporter options, offline kit notes, and imposed rule banner. Dependencies: DOCS-INSTALL-46-001. | Blocked: upstream DOCS-INSTALL-46-001; awaiting DevOps offline validation (DVDO0107) | DOIS0101 |
| DOCS-LNM-22-001 | BLOCKED | 2025-10-27 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Concelier Guild | docs/modules/concelier/link-not-merge.md | Author `/docs/advisories/aggregation.md` covering observation vs linkset, conflict handling, AOC requirements, and reviewer checklist. | Need final schema text from 005_ATLN0101 | DOLN0101 |
| DOCS-LNM-22-002 | BLOCKED | 2025-10-27 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Excititor Guild | docs/modules/concelier/link-not-merge.md | Publish `/docs/vex/aggregation.md` describing VEX observation/linkset model, product matching, conflicts. Dependencies: DOCS-LNM-22-001. | Waiting on Excititor overlay notes | DOLN0101 |
| DOCS-LNM-22-003 | BLOCKED | 2025-10-27 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · BE-Base Guild | docs/modules/concelier/link-not-merge.md | Update `/docs/api/advisories.md` and `/docs/api/vex.md` for new endpoints, parameters, errors, exports. Dependencies: DOCS-LNM-22-002. | Replay hook contract from RBBN0101 | DOLN0101 |
| DOCS-LNM-22-004 | DONE | 2025-11-25 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Policy Guild | docs/modules/concelier/link-not-merge.md | Create `/docs/policy/effective-severity.md` detailing severity selection strategies from multiple sources. Dependencies: DOCS-LNM-22-003. | Requires policy binding from PLVL0102 | DOLN0101 |
| DOCS-LNM-22-005 | BLOCKED | 2025-10-27 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · UI Guild | docs/modules/concelier/link-not-merge.md | Document `/docs/ui/evidence-panel.md` with screenshots, conflict badges, accessibility guidance. Dependencies: DOCS-LNM-22-004. | UI signals from 124_CCSL0101 | DOLN0101 |
| DOCS-LNM-22-007 | DONE | 2025-11-25 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Observability Guild | docs/modules/concelier/link-not-merge.md | Publish `/docs/observability/aggregation.md` with metrics/traces/logs/SLOs. Dependencies: DOCS-LNM-22-005. | Observability wiring from 066_PLOB0101 | DOLN0101 |
| DOCS-LNM-22-008 | DONE (2025-11-03) | 2025-11-03 | SPRINT_117_concelier_vi | Docs Guild · DevOps Guild | docs/modules/concelier/link-not-merge.md | Documented Link-Not-Merge migration plan in `docs/migration/no-merge.md`; keep synced with ongoing tasks. | Needs retrospective summary | DOLN0101 |
| DOCS-NOTIFY-40-001 | DONE | 2025-11-25 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Security Guild | docs/modules/notify | Publish `/docs/notifications/channels.md`, `/docs/notifications/escalations.md`, `/docs/notifications/api.md`, `/docs/operations/notifier-runbook.md`, `/docs/security/notifications-hardening.md`; each ends with imposed rule line. | Need tenancy + throttling updates from DVDO0110 | DONO0101 |
| DOCS-OAS-61-001 | DONE | 2025-11-25 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · API Contracts Guild | docs/api/overview.md | Publish `/docs/api/overview.md` covering auth, tenancy, pagination, idempotency, rate limits with banner. | Need governance decisions from 049_APIG0101 | DOOA0101 |
| DOCS-OAS-61-002 | BLOCKED | 2025-11-25 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · API Governance Guild | docs/api/oas | Author `/docs/api/conventions.md` capturing naming, errors, filters, sorting, examples. Dependencies: DOCS-OAS-61-001. | Blocked: awaiting governance inputs (APIG0101) and example approvals | DOOA0101 |
| DOCS-OAS-61-003 | DONE | 2025-11-25 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · API Governance Guild | docs/api/oas | Publish `/docs/api/versioning.md` describing SemVer, deprecation headers, migration playbooks. Dependencies: DOCS-OAS-61-002. | Waiting on lint/tooling export from DVDO0108 | DOOA0101 |
| DOCS-OAS-62-001 | TODO | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · DevPortal Guild | docs/api/oas | Stand up `/docs/api/reference/` auto-generated site; integrate with portal nav. Dependencies: DOCS-OAS-61-003. | Needs DevPortal publishing hooks (050_DEVL0101) | DOOA0101 |
| DOCS-OBS-50-002 | TODO | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · Security Guild | docs/observability | Author `/docs/observability/telemetry-standards.md` detailing common fields, scrubbing policy, sampling defaults, and redaction override procedure. | Need console metric list from 059_CNOB0101 | DOOB0101 |
| DOCS-OBS-50-003 | TODO | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · Observability Guild | docs/observability | Create `/docs/observability/logging.md` covering structured log schema, dos/don'ts, tenant isolation, and copyable examples. Dependencies: DOCS-OBS-50-002. | Waiting on observability ADR from 066_PLOB0101 | DOOB0101 |
| DOCS-OBS-50-004 | TODO | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · Observability Guild | docs/observability | Draft `/docs/observability/tracing.md` explaining context propagation, async linking, CLI header usage, and sampling strategies. Dependencies: DOCS-OBS-50-003. | Requires CNOB dashboards export | DOOB0101 |
| DOCS-OBS-51-001 | TODO | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · DevOps Guild | docs/observability | Publish `/docs/observability/metrics-and-slos.md` cataloging metrics, SLO targets, burn rate policies, and alert runbooks. Dependencies: DOCS-OBS-50-004. | Needs DVOB runbook updates | DOOB0101 |
| DOCS-ORCH-32-001 | TODO | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · Orchestrator Guild | docs/modules/orchestrator | Author `/docs/orchestrator/overview.md` covering mission, roles, AOC alignment, governance, with imposed rule reminder. | Need taskrunner lease ADR from 043_ORTR0101 | DOOR0102 |
| DOCS-ORCH-32-002 | TODO | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · Orchestrator Guild | docs/modules/orchestrator | Author `/docs/orchestrator/architecture.md` detailing scheduler, DAGs, rate limits, data model, message bus, storage layout, restating imposed rule. Dependencies: DOCS-ORCH-32-001. | Depends on ORTR0102 health hooks | DOOR0102 |
| DOCS-ORCH-33-001 | TODO | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · Scheduler Guild | docs/modules/orchestrator | Publish `/docs/orchestrator/api.md` (REST/WebSocket endpoints, payloads, error codes) with imposed rule note. Dependencies: DOCS-ORCH-32-002. | Requires scheduler integration outline | DOOR0102 |
| DOCS-ORCH-33-002 | TODO | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · DevEx/CLI Guild | docs/modules/orchestrator | Publish `/docs/orchestrator/console.md` covering screens, a11y, live updates, control actions, reiterating imposed rule. Dependencies: DOCS-ORCH-33-001. | Wait for CLI samples from 132_CLCI0110 | DOOR0102 |
| DOCS-ORCH-33-003 | TODO | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · Export Center Guild | docs/modules/orchestrator | Publish `/docs/orchestrator/cli.md` documenting commands, options, exit codes, streaming output, offline usage, and imposed rule. Dependencies: DOCS-ORCH-33-002. | Needs Export Center hooks from 069_AGEX0101 | DOOR0102 |
| DOCS-ORCH-34-001 | TODO | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | | Author `/docs/orchestrator/run-ledger.md` covering ledger schema, provenance chain, audit workflows, with imposed rule reminder. Dependencies: DOCS-ORCH-33-003. | — | DOCL0102 |
| DOCS-ORCH-34-002 | TODO | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | | Update `/docs/security/secrets-handling.md` for orchestrator KMS refs, redaction badges, operator hygiene, reiterating imposed rule. Dependencies: DOCS-ORCH-34-001. | — | DOCL0102 |
| DOCS-ORCH-34-003 | TODO | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · DevOps Guild | docs/modules/orchestrator | Publish `/docs/operations/orchestrator-runbook.md` (incident playbook, backfill guide, circuit breakers, throttling) with imposed rule statement. Dependencies: DOCS-ORCH-34-002. | Requires ops checklist from DVDO0108 | DOOR0102 |
| DOCS-ORCH-34-004 | TODO | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · Observability Guild | docs/modules/orchestrator | Document `/docs/schemas/artifacts.md` describing artifact kinds, schema versions, hashing, storage layout, restating imposed rule. Dependencies: DOCS-ORCH-34-003. | Wait for observability dashboards (063_OROB0101) | DOOR0102 |
| DOCS-ORCH-34-005 | TODO | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · BE-Base Guild | docs/modules/orchestrator | Author `/docs/slo/orchestrator-slo.md` defining SLOs, burn alerts, measurement, and reiterating imposed rule. Dependencies: DOCS-ORCH-34-004. | Needs replay linkage from 042_RPRC0101 | DOOR0102 |
| | DOPL0103 | | | | | | | |
| DOCS-POLICY-23-001 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild | docs/policy/overview.md | Author `/docs/policy/overview.md` describing SPL philosophy, layering, and glossary with reviewer checklist. | — | DOPL0103 |
| DOCS-POLICY-23-002 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild | docs/policy/spl-v1.md | Write `/docs/policy/spl-v1.md` (language reference, JSON Schema, examples). Dependencies: DOCS-POLICY-23-001. | DOCS-POLICY-23-001 | DOPL0103 |
| DOCS-POLICY-23-003 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild | docs/policy/runtime.md | Produce `/docs/policy/runtime.md` covering compiler, evaluator, caching, events, SLOs. Dependencies: DOCS-POLICY-23-002. | — | DOPL0101 |
| DOCS-POLICY-23-004 | TODO | | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild · UI Guild | docs/policy/lifecycle.md | Document `/docs/policy/editor.md` (UI walkthrough, validation, simulation, approvals). Dependencies: DOCS-POLICY-23-003. | Depends on 23-003 | DOPL0101 |
| DOCS-POLICY-23-005 | TODO | | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild · DevOps Guild | docs/policy/lifecycle.md | Publish `/docs/policy/governance.md` (roles, scopes, approvals, signing, exceptions). Dependencies: DOCS-POLICY-23-004. | Depends on DevOps automation (141_DVDO0107) | DOPL0101 |
| DOCS-POLICY-23-006 | TODO | | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild · DevEx/CLI Guild | docs/policy/lifecycle.md | Update `/docs/api/policy.md` with new endpoints, schemas, errors, pagination. Dependencies: DOCS-POLICY-23-005. | Wait for CLI commands (132_CLCI0110) | DOPL0101 |
| DOCS-POLICY-23-007 | TODO | | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild · Observability Guild | docs/policy/lifecycle.md | Update `/docs/modules/cli/guides/policy.md` for lint/simulate/activate/history commands, exit codes. Dependencies: DOCS-POLICY-23-006. | Requires observability hooks (066_PLOB0101) | DOPL0101 |
| DOCS-POLICY-23-008 | TODO | | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild · Policy Guild | docs/policy/lifecycle.md | Refresh `/docs/modules/policy/architecture.md` with data model, sequence diagrams, event flows. Dependencies: DOCS-POLICY-23-007. | Needs waiver examples from 005_ATLN0101 | DOPL0101 |
| DOCS-POLICY-23-009 | TODO | | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild · DevOps Guild | docs/policy/lifecycle.md | Create `/docs/migration/policy-parity.md` covering dual-run parity plan and rollback. Dependencies: DOCS-POLICY-23-008. | Need DevOps rollout notes (DVDO0108) | DOPL0102 |
| DOCS-POLICY-23-010 | TODO | | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild · UI Guild | docs/policy/lifecycle.md | Write `/docs/ui/explainers.md` showing explain trees, evidence overlays, interpretation guidance. Dependencies: DOCS-POLICY-23-009. | Requires UI overlay screenshots (119_CCAO0101) | DOPL0102 |
| DOCS-POLICY-27-001 | BLOCKED | 2025-10-27 | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild · Policy Guild | docs/policy/lifecycle.md | Publish `/docs/policy/studio-overview.md` covering lifecycle, roles, glossary, and compliance checklist. Dependencies: DOCS-POLICY-23-010. | Waiting on policy version ADR | DOPL0102 |
| DOCS-POLICY-27-002 | BLOCKED | 2025-10-27 | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild · Console Guild | docs/policy/lifecycle.md | Write `/docs/policy/authoring.md` detailing workspace templates, snippets, lint rules, IDE shortcuts, and best practices. Dependencies: DOCS-POLICY-27-001. | Needs console integration outline | DOPL0102 |
| DOCS-POLICY-27-003 | BLOCKED | 2025-10-27 | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild · Policy Registry Guild | docs/policy/lifecycle.md | Document `/docs/policy/versioning-and-publishing.md` (semver rules, attestations, rollback) with compliance checklist. Dependencies: DOCS-POLICY-27-002. | Requires registry schema from CCWO0101 | DOPL0102 |
| DOCS-POLICY-27-004 | BLOCKED | 2025-10-27 | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild · Scheduler Guild | docs/policy/lifecycle.md | Write `/docs/policy/simulation.md` covering quick vs batch sim, thresholds, evidence bundles, CLI examples. Dependencies: DOCS-POLICY-27-003. | Depends on scheduler hooks from 050_DEVL0101 | DOPL0102 |
| DOCS-POLICY-27-005 | BLOCKED | 2025-10-27 | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild · Product Ops | docs/policy/lifecycle.md | Publish `/docs/policy/review-and-approval.md` with approver requirements, comments, webhooks, audit trail guidance. Dependencies: DOCS-POLICY-27-004. | Await product ops approvals | DOPL0102 |
| DOCS-POLICY-27-006 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Policy Guild | docs/policy/runs.md | Author `/docs/policy/promotion.md` covering environments, canary, rollback, and monitoring steps. Dependencies: DOCS-POLICY-27-005. | Need RLS decision from PLLG0104 | DOPL0103 |
| DOCS-POLICY-27-007 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · CLI Guild | docs/policy/runs.md | Update `/docs/policy/cli.md` with new commands, JSON schemas, CI usage, and compliance checklist. Dependencies: DOCS-POLICY-27-006. | Requires CLI samples from 132_CLCI0110 | DOPL0103 |
| DOCS-POLICY-27-008 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Policy Registry Guild | docs/policy/runs.md | Publish `/docs/policy/api.md` describing Registry endpoints, request/response schemas, errors, and feature flags. Dependencies: DOCS-POLICY-27-007. | Waiting on registry schema (CCWO0101) | DOPL0103 |
| DOCS-POLICY-27-009 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Security Guild | docs/policy/runs.md | Create `/docs/security/policy-attestations.md` (signing, verification, rotation). | Needs security review | POKT0101 |
| DOCS-POLICY-27-010 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Architecture Guild | docs/policy/runs.md | Author `/docs/modules/policy/registry-architecture.md` (service design, schemas, failure modes). | Requires architecture review minutes | POKT0101 |
| DOCS-POLICY-27-011 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Observability Guild | docs/policy/runs.md | Publish `/docs/observability/policy-telemetry.md` with metrics/log tables, dashboards, alerts, and compliance checklist. Dependencies: DOCS-POLICY-27-010. | Requires observability hooks from 066_PLOB0101 | DOPL0103 |
| DOCS-POLICY-27-012 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Ops Guild | docs/policy/runs.md | Write `/docs/runbooks/policy-incident.md` detailing rollback, freeze, forensic steps, notifications. Dependencies: DOCS-POLICY-27-011. | Needs ops playbooks (DVDO0108) | DOPL0103 |
| DOCS-POLICY-27-013 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Policy Guild | docs/policy/runs.md | Update `/docs/examples/policy-templates.md` with new templates, snippets, and sample policies. Dependencies: DOCS-POLICY-27-012. | Await policy guild approval | DOPL0103 |
| DOCS-POLICY-27-014 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Policy Registry Guild | docs/policy/runs.md | Refresh `/docs/aoc/aoc-guardrails.md` to include Studio-specific guardrails and validation scenarios. Dependencies: DOCS-POLICY-27-013. | Needs policy registry approvals | DOPL0103 |
| DOCS-POLICY-DET-01 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Policy Guild | docs/policy/runs.md | Extend `docs/modules/policy/architecture.md` with determinism gate semantics and provenance references. | Depends on deterministic harness (137_SCDT0101) | DOPL0103 |
| DOCS-PROMO-70-001 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Provenance Guild | docs/release/promotion-attestations.md | Publish `/docs/release/promotion-attestations.md` describing the promotion workflow (CLI commands, Signer/Attestor integration, offline verification) and update `/docs/forensics/provenance-attestation.md` with the new predicate. Dependencies: PROV-OBS-53-003, CLI-PROMO-70-002. | — | DOPV0101 |
| DOCS-REACH-201-006 | TODO | | SPRINT_400_runtime_facts_static_callgraph_union | Docs Guild · Runtime Evidence Guild | docs/reachability | Author the reachability doc set (`docs/signals/reachability.md`, `callgraph-formats.md`, `runtime-facts.md`, CLI/UI appendices) plus update Zastava + Replay guides with the new evidence and operators workflow. | Needs RBRE0101 provenance hook summary | DORC0101 |
| DOCS-REPLAY-185-003 | TODO | | SPRINT_0185_0001_0001_shared_replay_primitives | Docs Guild · Platform Data Guild | docs/replay | Author `docs/data/replay_schema.md` detailing `replay_runs`, `replay_bundles`, `replay_subjects` collections, index guidance, and offline sync strategy aligned with Replay CAS. | Need RPRC0101 API freeze | DORR0101 |
| DOCS-REPLAY-185-004 | TODO | | SPRINT_0185_0001_0001_shared_replay_primitives | Docs Guild | docs/replay | Expand `docs/replay/DEVS_GUIDE_REPLAY.md` with integration guidance for consuming services (Scanner, Evidence Locker, CLI) and add checklist derived from `docs/replay/DETERMINISTIC_REPLAY.md` Section 11. | Depends on #1 | DORR0101 |
| DOCS-REPLAY-186-004 | TODO | | SPRINT_0186_0001_0001_record_deterministic_execution | Docs Guild · Runtime Evidence Guild | docs/replay | Author `docs/replay/TEST_STRATEGY.md` (golden replay, feed drift, tool upgrade) and link it from both replay docs and Scanner architecture pages. | Requires deterministic evidence from RBRE0101 | DORR0101 |
| DOCS-RISK-66-001 | TODO | | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Risk Profile Schema Guild | docs/risk | Publish `/docs/risk/overview.md` covering concepts and glossary. | Need schema approvals from PLLG0104 | DORS0101 |
| DOCS-RISK-66-002 | TODO | | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Policy Guild | docs/risk | Author `/docs/risk/profiles.md` (authoring, versioning, scope). Dependencies: DOCS-RISK-66-001. | Depends on #1 | DORS0101 |
| DOCS-RISK-66-003 | TODO | | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Risk Engine Guild | docs/risk | Publish `/docs/risk/factors.md` cataloging signals, transforms, reducers, TTLs. Dependencies: DOCS-RISK-66-002. | Requires engine contract from Risk Engine Guild | DORS0101 |
| DOCS-RISK-66-004 | TODO | | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Risk Engine Guild | docs/risk | Create `/docs/risk/formulas.md` detailing math, normalization, gating, severity. Dependencies: DOCS-RISK-66-003. | Needs engine rollout notes | DORS0101 |
| DOCS-RISK-67-001 | TODO | | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Risk Engine Guild | docs/risk | Publish `/docs/risk/explainability.md` showing artifact schema and UI screenshots. Dependencies: DOCS-RISK-66-004. | Wait for engine metrics from 066_PLOB0101 | DORS0101 |
| DOCS-RISK-67-002 | TODO | | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · API Guild | docs/risk | Produce `/docs/risk/api.md` with endpoint reference/examples. Dependencies: DOCS-RISK-67-001. | Requires API publishing workflow | DORS0101 |
| DOCS-RISK-67-003 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Console Guild | docs/risk | Document `/docs/console/risk-ui.md` for authoring, simulation, dashboards. Dependencies: DOCS-RISK-67-002. | Needs console overlay decision | DORS0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-RISK-67-004 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · CLI Guild | docs/risk | Publish `/docs/modules/cli/guides/risk.md` covering CLI workflows. Dependencies: DOCS-RISK-67-003. | Requires CLI samples from 132_CLCI0110 | DORS0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-RISK-68-001 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Export Guild | docs/risk | Add `/docs/airgap/risk-bundles.md` for offline factor bundles. Dependencies: DOCS-RISK-67-004. | Wait for export contract (069_AGEX0101) | DORS0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-RISK-68-002 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Security Guild | docs/risk | Update `/docs/security/aoc-invariants.md` with risk scoring provenance guarantees. Dependencies: DOCS-RISK-68-001. | Requires security approvals | DORS0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-RUNBOOK-401-017 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · Ops Guild | `docs/runbooks/reachability-runtime.md`, `docs/reachability/DELIVERY_GUIDE.md` | Publish the reachability runtime ingestion runbook, link it from delivery guides, and keep Ops/Signals troubleshooting steps current. | Need latest reachability metrics from RBBN0101 | DORU0101 |
| DOCS-RUNBOOK-55-001 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Ops Guild | docs/runbooks | Author `/docs/runbooks/incidents.md` describing incident mode activation, escalation steps, retention impact, verification checklist, and imposed rule banner. | Requires deployment checklist from DVPL0101 | DORU0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-SCANNER-BENCH-62-002 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Product Guild | docs/modules/scanner/benchmarks | Capture customer demand for Windows/macOS analyzer coverage and document outcomes. | Need bench inputs from SCSA0301 | DOSB0101 |
| DOCS-SCANNER-BENCH-62-003 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Product Guild | docs/modules/scanner/benchmarks | Capture Python lockfile/editable install requirements and document policy guidance. | Depends on #1 | DOSB0101 |
| DOCS-SCANNER-BENCH-62-004 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Java Analyzer Guild | docs/modules/scanner/benchmarks | Document Java lockfile ingestion guidance and policy templates. | Requires Java analyzer notes | DOSB0101 |
| DOCS-SCANNER-BENCH-62-005 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Go Analyzer Guild | docs/modules/scanner/benchmarks | Document Go stripped-binary fallback enrichment guidance once implementation lands. | Needs Go analyzer results | DOSB0101 |
| DOCS-SCANNER-BENCH-62-006 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Product Guild | docs/modules/scanner/benchmarks | Document Rust fingerprint enrichment guidance and policy examples. | Requires updated benchmarks from SCSA0601 | DOSB0101 |
| DOCS-SCANNER-BENCH-62-008 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Platform Data Guild | docs/modules/scanner/benchmarks | Publish EntryTrace explain/heuristic maintenance guide. | Wait for replay hooks (RPRC0101) | DOSB0101 |
| DOCS-SCANNER-BENCH-62-009 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · DevEx/CLI Guild | docs/modules/scanner/benchmarks | Produce SAST integration documentation (connector framework, policy templates). | Depends on CLI samples (132_CLCI0110) | DOSB0101 |
| DOCS-SCANNER-DET-01 | DONE (2025-12-03) | 2025-12-03 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Scanner Guild | docs/modules/scanner/benchmarks | `/docs/modules/scanner/deterministic-sbom-compose.md` plus scan guide updates + fixture bundle (`docs/modules/scanner/fixtures/deterministic-compose/`). | Fixtures published via Sprint 0136; harness verified. | DOSB0101 |
| DOCS-SDK-62-001 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · SDK Generator Guild | docs/sdk | Publish `/docs/sdks/overview.md` plus language guides (`typescript.md`, `python.md`, `go.md`, `java.md`). | Need SDK toolchain notes from SDKG0101 | DOSK0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-SEC-62-001 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Security Guild | docs/security | Update `/docs/security/auth-scopes.md` with OAuth2/PAT scopes, tenancy header usage. | Need security ADR from DVDO0110 | DOSE0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-SEC-OBS-50-001 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Security Guild | docs/security | Update `/docs/security/redaction-and-privacy.md` to cover telemetry privacy controls, tenant opt-in debug, and imposed rule reminder. | Depends on PLOB0101 metrics | DOSE0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-SIG-26-001 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Signals Guild | docs/modules/signals | Write `/docs/signals/reachability.md` covering states, scores, provenance, retention. | Need SGSI0101 metrics freeze | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-SIG-26-002 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Observability Guild | docs/modules/signals | Publish `/docs/signals/callgraph-formats.md` with schemas and validation errors. Dependencies: DOCS-SIG-26-001. | Depends on #1 | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-SIG-26-003 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Signals Guild | docs/modules/signals | Create `/docs/signals/runtime-facts.md` detailing agent capabilities, privacy safeguards, opt-in flags. Dependencies: DOCS-SIG-26-002. | Requires SSE contract from SGSI0101 | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-SIG-26-004 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · CLI Guild | docs/modules/signals | Document `/docs/policy/signals-weighting.md` for SPL predicates and weighting strategies. Dependencies: DOCS-SIG-26-003. | Needs CLI samples (132_CLCI0110) | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-SIG-26-005 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · DevOps Guild | docs/modules/signals | Draft `/docs/ui/reachability-overlays.md` with badges, timelines, shortcuts. Dependencies: DOCS-SIG-26-004. | Wait for DevOps rollout plan | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-SIG-26-006 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Security Guild | docs/modules/signals | Update `/docs/modules/cli/guides/reachability.md` for new commands and automation recipes. Dependencies: DOCS-SIG-26-005. | Requires security guidance (DVDO0110) | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-SIG-26-007 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Policy Guild | docs/modules/signals | Publish `/docs/api/signals.md` covering endpoints, payloads, ETags, errors. Dependencies: DOCS-SIG-26-006. | Needs policy overlay from PLVL0102 | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
| DOCS-SIG-26-008 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Notifications Guild | docs/modules/signals | Write `/docs/migration/enable-reachability.md` guiding rollout, fallbacks, monitoring. Dependencies: DOCS-SIG-26-007. | Depends on notifications hooks (058_NOTY0101) | DOSG0101 |
| DOCS-SURFACE-01 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Surface Guild | docs/modules/scanner/surface | Create `/docs/modules/scanner/scanner-engine.md` covering Surface.FS/Env/Secrets workflow between Scanner, Zastava, Scheduler, and Ops. | Need latest surface emit notes (SCANNER-SURFACE-04) | DOSS0101 |
| DOCS-SYMS-70-003 | TODO | | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Symbols Guild | docs/modules/symbols | Author symbol-server architecture/spec docs (`docs/specs/symbols/SYMBOL_MANIFEST_v1.md`, API reference, bundle guide) and update reachability guides with symbol lookup workflow and tenant controls. Dependencies: SYMS-SERVER-401-011, SYMS-INGEST-401-013. | Need RBSY0101 cache notes | DOSY0101 |
| DOCS-TEN-47-001 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Security Guild | docs/modules/tenancy | Publish `/docs/security/tenancy-overview.md` and `/docs/security/scopes-and-roles.md` outlining scope grammar, tenant model, imposed rule reminder. | Need tenancy ADR from DVDO0110 | DOTN0101 |
| DOCS-TEN-48-001 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Security Guild | docs/modules/tenancy | Publish `/docs/operations/multi-tenancy.md`, `/docs/operations/rls-and-data-isolation.md`, `/docs/console/admin-tenants.md`. Dependencies: DOCS-TEN-47-001. | Depends on #1 | DOTN0101 |
| DOCS-TEN-49-001 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · DevOps Guild | docs/modules/tenancy | Publish `/docs/modules/cli/guides/authentication.md`, `/docs/api/authentication.md`, `/docs/policy/examples/abac-overlays.md`, update `/docs/install/configuration-reference.md` with new env vars, all ending with imposed rule line. Dependencies: DOCS-TEN-48-001. | Requires monitoring plan from DVDO0110 | DOTN0101 |
| DOCS-TEST-62-001 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · SDK Generator Guild | docs/sdk | Author `/docs/testing/contract-testing.md` covering mock server, replay tests, golden fixtures. | Depends on #1 | DOSK0101 |
| DOCS-VEX-30-001 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · VEX Lens Guild | docs/modules/vex-lens | Publish `/docs/vex/consensus-overview.md` describing purpose, scope, AOC guarantees. | Need PLVL0102 schema snapshot | DOVX0101 |
| DOCS-VEX-30-002 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · VEX Lens Guild | docs/modules/vex-lens | Author `/docs/vex/consensus-algorithm.md` covering normalization, weighting, thresholds, examples. Dependencies: DOCS-VEX-30-001. | Depends on #1 | DOVX0101 |
| DOCS-VEX-30-003 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Issuer Directory Guild | docs/modules/vex-lens | Document `/docs/vex/issuer-directory.md` (issuer management, keys, trust overrides, audit). Dependencies: DOCS-VEX-30-002. | Requires Issuer Directory inputs | DOVX0101 |
| DOCS-VEX-30-004 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · VEX Lens Guild | docs/modules/vex-lens | Publish `/docs/vex/consensus-api.md` with endpoint specs, query params, rate limits. Dependencies: DOCS-VEX-30-003. | Needs PLVL0102 policy join notes | DOVX0101 |
| DOCS-VEX-30-005 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Console Guild | docs/modules/vex-lens | Write `/docs/vex/consensus-console.md` covering UI workflows, filters, conflicts, accessibility. Dependencies: DOCS-VEX-30-004. | Requires console overlay assets | DOVX0101 |
| DOCS-VEX-30-006 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Policy Guild | docs/modules/vex-lens | Add `/docs/policy/vex-trust-model.md` detailing policy knobs, thresholds, simulation. Dependencies: DOCS-VEX-30-005. | Needs waiver/exception guidance | DOVX0101 |
| DOCS-VEX-30-007 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · SBOM Service Guild | docs/modules/vex-lens | Publish `/docs/sbom/vex-mapping.md` (CPE→purl strategy, edge cases, overrides). Dependencies: DOCS-VEX-30-006. | Depends on SBOM/VEX dataflow spec | DOVX0101 |
| DOCS-VEX-30-008 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Security Guild | docs/modules/vex-lens | Deliver `/docs/security/vex-signatures.md` (verification flow, key rotation, audit). Dependencies: DOCS-VEX-30-007. | Requires security review (DVDO0110) | DOVX0101 |
| DOCS-VEX-30-009 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · DevOps Guild | docs/modules/vex-lens | Create `/docs/runbooks/vex-ops.md` for recompute storms, mapping failures, signature errors. Dependencies: DOCS-VEX-30-008. | Needs DevOps rollout plan | DOVX0101 |
| DOCS-VEX-401-012 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · VEX Lens Guild | `docs/benchmarks/vex-evidence-playbook.md`, `bench/README.md` | Maintain the VEX Evidence Playbook, publish repo templates/README, and document verification workflows for operators. | Need VEX evidence export from PLVL0102 | DOVB0101 |
| DOCS-VULN-29-001 | DOING | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Vuln Explorer Guild | docs/modules/vuln-explorer | Publish `/docs/vuln/explorer-overview.md` covering domain model, identities, AOC guarantees, workflow summary. | Need GRAP0101 contract | DOVL0101 |
| DOCS-VULN-29-002 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Vuln Explorer Guild | docs/modules/vuln-explorer | Write `/docs/vuln/explorer-using-console.md` with workflows, screenshots, keyboard shortcuts, saved views, deep links. Dependencies: DOCS-VULN-29-001. | Depends on #1 | DOVL0101 |
| DOCS-VULN-29-003 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · UI Guild | docs/modules/vuln-explorer | Author `/docs/vuln/explorer-api.md` (endpoints, query schema, grouping, errors, rate limits). Dependencies: DOCS-VULN-29-002. | Requires UI assets | DOVL0101 |
| DOCS-VULN-29-004 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Policy Guild | docs/modules/vuln-explorer | Publish `/docs/vuln/explorer-cli.md` with command reference, samples, exit codes, CI snippets. Dependencies: DOCS-VULN-29-003. | Needs policy overlay inputs | DOVL0101 |
| DOCS-VULN-29-005 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Security Guild | docs/modules/vuln-explorer | Write `/docs/vuln/findings-ledger.md` detailing event schema, hashing, Merkle roots, replay tooling. Dependencies: DOCS-VULN-29-004. | Requires security review | DOVL0101 |
| DOCS-VULN-29-006 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · DevOps Guild | docs/modules/vuln-explorer | Update `/docs/policy/vuln-determinations.md` for new rationale, signals, simulation semantics. Dependencies: DOCS-VULN-29-005. | Depends on DevOps rollout plan | DOVL0101 |
| DOCS-VULN-29-007 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · DevEx/CLI Guild | docs/modules/vuln-explorer | Publish `/docs/vex/explorer-integration.md` covering CSAF mapping, suppression precedence, status semantics. Dependencies: DOCS-VULN-29-006. | Needs CLI examples (132_CLCI0110) | DOVL0101 |
| DOCS-VULN-29-008 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Export Center Guild | docs/modules/vuln-explorer | Publish `/docs/advisories/explorer-integration.md` covering key normalization, withdrawn handling, provenance. Dependencies: DOCS-VULN-29-007. | Need export bundle spec | DOVL0102 |
| DOCS-VULN-29-009 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Security Guild | docs/modules/vuln-explorer | Author `/docs/sbom/vuln-resolution.md` detailing version semantics, scope, paths, safe version hints. Dependencies: DOCS-VULN-29-008. | Depends on #1 | DOVL0102 |
| DOCS-VULN-29-010 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · DevOps Guild | docs/modules/vuln-explorer | Publish `/docs/observability/vuln-telemetry.md` (metrics, logs, tracing, dashboards, SLOs). Dependencies: DOCS-VULN-29-009. | Requires DevOps automation plan | DOVL0102 |
| DOCS-VULN-29-011 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Notifications Guild | docs/modules/vuln-explorer | Create `/docs/security/vuln-rbac.md` for roles, ABAC policies, attachment encryption, CSRF. Dependencies: DOCS-VULN-29-010. | Needs notifications contract | DOVL0102 |
| DOCS-VULN-29-012 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Policy Guild | docs/modules/vuln-explorer | Write `/docs/runbooks/vuln-ops.md` (projector lag, resolver storms, export failures, policy activation). Dependencies: DOCS-VULN-29-011. | Requires policy overlay outputs | DOVL0102 |
| DOCS-VULN-29-013 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · DevEx/CLI Guild | docs/modules/vuln-explorer | Update `/docs/install/containers.md` with Findings Ledger & Vuln Explorer API images, manifests, resource sizing, health checks. Dependencies: DOCS-VULN-29-012. | Needs CLI/export scripts from 132_CLCI0110 | DOVL0102 |
| DOWNLOADS-CONSOLE-23-001 | DOING (dev-mock 2025-12-06) | 2025-12-06 | SPRINT_0502_0001_0001_ops_deployment_ii | Docs Guild · Deployment Guild | docs/console | Maintain signed downloads manifest pipeline (images, Helm, offline bundles), publish JSON under `deploy/downloads/manifest.json`, and document sync cadence for Console + docs parity. | Need latest console build instructions | DOCN0101 |
| DPOP-11-001 | TODO | 2025-11-08 | SPRINT_100_identity_signing | Docs Guild · Authority Core | src/Authority/StellaOps.Authority | Need DPoP ADR from PGMI0101 | AUTH-AOC-19-002 | DODP0101 |
| DSL-401-005 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · Policy Guild | `docs/policy/dsl.md`, `docs/policy/lifecycle.md` | Depends on PLLG0101 DSL updates | Depends on PLLG0101 DSL updates | DODP0101 |
| DSSE-CLI-401-021 | DONE | 2025-11-27 | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · CLI Guild | `src/Cli/StellaOps.Cli`, `scripts/ci/attest-*`, `docs/modules/attestor/architecture.md` | Ship a `stella attest` CLI (or sample `StellaOps.Attestor.Tool`) plus GitLab/GitHub workflow snippets that emit DSSE per build step (scan/package/push) using the new library and Authority keys. | Need CLI updates from latest DSSE release | DODS0101 |
| DSSE-DOCS-401-022 | DONE | 2025-11-27 | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · Attestor Guild | `docs/ci/dsse-build-flow.md`, `docs/modules/attestor/architecture.md` | Document the build-time attestation walkthrough (`docs/ci/dsse-build-flow.md`): models, helper usage, Authority integration, storage conventions, and verification commands, aligning with the advisory. | Depends on #1 | DODS0101 |
| DSSE-LIB-401-020 | DONE (2025-11-27) | 2025-11-27 | SPRINT_0401_0001_0001_reachability_evidence_chain | Attestor Guild · Platform Guild | `src/Attestor/StellaOps.Attestation`, `src/Attestor/StellaOps.Attestor.Envelope` | DsseEnvelopeExtensions added with conversion utilities; Envelope types exposed as transitive dependencies; consumers reference only StellaOps.Attestation. | Need attestor library API freeze | DOAL0101 |
| DVOFF-64-002 | TODO | | SPRINT_160_export_evidence | DevPortal Offline Guild | docs/modules/export-center/devportal-offline.md | DevPortal Offline + AirGap Controller Guilds | Needs exporter DSSE schema from 002_ATEL0101 | DEVL0102 |
| EDITOR-401-004 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · CLI Guild | `src/Cli/StellaOps.Cli`, `docs/policy/lifecycle.md` | Gather CLI/editor alignment notes | Gather CLI/editor alignment notes | DOCL0103 |
| EMIT-15-001 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Docs Guild · Scanner Emit Guild | src/Scanner/__Libraries/StellaOps.Scanner.Emit | Need EntryTrace emit notes from SCANNER-SURFACE-04 | SCANNER-SURFACE-04 | DOEM0101 |
| ENG-0001 | DONE | 2025-11-07 | SPRINT_333_docs_modules_excititor | Docs Guild · Analyzer Guild | docs/modules/excitor | Summarize excititor integration | Summarize excititor integration | DOEN0101 |
| ENG-0002 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Docs Guild · Analyzer Guild | docs/modules/scanner | Link to analyzer doc commits | Link to analyzer doc commits | DOEN0101 |
| ENG-0003 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Docs Guild · Analyzer Guild | docs/modules/scanner | Link to Python analyzer doc | Link to Python analyzer doc | DOEN0101 |
| ENG-0004 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Docs Guild · Analyzer Guild | docs/modules/scanner | Link to Java analyzer doc | Link to Java analyzer doc | DOEN0101 |
| ENG-0005 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Docs Guild · Analyzer Guild | docs/modules/scanner | Link to Go analyzer doc | Link to Go analyzer doc | DOEN0101 |
| ENG-0006 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Docs Guild · Analyzer Guild | docs/modules/scanner | Link to Rust analyzer doc | Link to Rust analyzer doc | DOEN0101 |
| ENG-0007 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Docs Guild · Analyzer Guild | docs/modules/scanner | Multi-analyzer wrap-up | Multi-analyzer wrap-up | DOEN0101 |
| ENG-0008 | TODO | | SPRINT_0138_0001_0001_scanner_ruby_parity | Docs Guild · EntryTrace Guild | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | Needs EntryTrace doc from DOEM0101 | Needs EntryTrace doc from DOEM0101 | DOEN0101 |
| ENG-0009 | TODO | 2025-11-13 | SPRINT_0138_0001_0001_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Requires CLI integration notes | SCANNER-ANALYZERS-RUBY-28-001..012 | DOEN0101 |
| ENG-0010 | TODO | | SPRINT_0138_0001_0001_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Need PHP analyzer doc outline | SCANNER-ANALYZERS-PHP-27-001 | DOEN0102 |
| ENG-0011 | TODO | | SPRINT_0138_0001_0001_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Deno analyzer doc | Deno analyzer doc | DOEN0102 |
| ENG-0012 | TODO | | SPRINT_0138_0001_0001_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Dart | EntryTrace doc dependency (DOEM0101) | EntryTrace doc dependency (DOEM0101) | DOEN0102 |
| ENG-0013 | TODO | | SPRINT_0138_0001_0001_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Swift | Swift analyzer doc outline | Swift analyzer doc outline | DOEN0102 |
| ENG-0014 | TODO | | SPRINT_0138_0001_0001_scanner_ruby_parity | Docs Guild · Analyzer Guild | docs/modules/scanner | Runtime/Zastava notes | Runtime/Zastava notes | DOEN0102 |
| ENG-0015 | DONE | 2025-11-13 | SPRINT_0138_0001_0001_scanner_ruby_parity | Docs Guild · Analyzer Guild | docs/modules/scanner | Summarize export center tie-in | Summarize export center tie-in | DOEN0102 |
| ENG-0016 | DONE | 2025-11-10 | SPRINT_0138_0001_0001_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Analyzer doc evidence | SCANNER-ENG-0009 | DOEN0102 |
| ENG-0017 | DONE | 2025-11-09 | SPRINT_0138_0001_0001_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Analyzer doc evidence | SCANNER-ENG-0016 | DOEN0102 |
| ENG-0018 | DONE | 2025-11-09 | SPRINT_0138_0001_0001_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Analyzer doc evidence | SCANNER-ENG-0017 | DOEN0102 |
| ENG-0019 | DONE | 2025-11-13 | SPRINT_0138_0001_0001_scanner_ruby_parity | Docs Guild · Analyzer Guild | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Analyzer doc evidence | SCANNER-ENG-0016..0018 | DOEN0102 |
| ENG-0020 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Docs Guild · Scanner Guild | docs/modules/scanner | Need surface doc context | Need surface doc context | DOEN0103 |
| ENG-0021 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Docs Guild · Scanner Guild | docs/modules/scanner | Same as #1 | Same as #1 | DOEN0103 |
| ENG-0022 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Docs Guild · Scanner Guild | docs/modules/scanner | Policy integration reference | Policy integration reference | DOEN0103 |
| ENG-0023 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Docs Guild · Scanner Guild | docs/modules/scanner | Offline kit/policy integration | Offline kit/policy integration | DOEN0103 |
| ENG-0024 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Docs Guild · Scanner Guild | docs/modules/scanner | Surface doc refresh | Surface doc refresh | DOEN0103 |
| ENG-0025 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Docs Guild · Scanner Guild | docs/modules/scanner | Surface doc refresh | Surface doc refresh | DOEN0103 |
| ENG-0026 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Docs Guild · Scanner Guild | docs/modules/scanner | Surface doc refresh | Surface doc refresh | DOEN0103 |
| ENG-0027 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Docs Guild · Scanner Guild | docs/modules/scanner | Policy/offline integration doc | Policy/offline integration doc | DOEN0103 |
| ENGINE-20-002 | BLOCKED | 2025-10-26 | SPRINT_124_policy_reasoning | Docs Guild · Policy Guild | src/Policy/StellaOps.Policy.Engine | Need ADR references | Need ADR references | DOPE0101 |
| ENGINE-20-003 | TODO | | SPRINT_124_policy_reasoning | Docs Guild · Policy Guild · Concelier & Excititor Guilds | src/Policy/StellaOps.Policy.Engine | Depends on #1 | POLICY-ENGINE-20-002 | DOPE0101 |
| ENGINE-20-004 | TODO | | SPRINT_124_policy_reasoning | Docs Guild · Storage Guild | src/Policy/StellaOps.Policy.Engine | Needs storage notes | POLICY-ENGINE-20-003 | DOPE0101 |
| ENGINE-20-005 | TODO | | SPRINT_124_policy_reasoning | Docs Guild · Policy Runtime Guild | src/Policy/StellaOps.Policy.Engine | Requires policy runtime notes | POLICY-ENGINE-20-004 | DOPE0101 |
| ENGINE-20-006 | TODO | | SPRINT_124_policy_reasoning | Docs Guild · Policy Guild | src/Policy/StellaOps.Policy.Engine | Need runtime ADR | POLICY-ENGINE-20-005 | DOPE0102 |
| ENGINE-20-007 | TODO | | SPRINT_124_policy_reasoning | Docs Guild · Storage Guild | src/Policy/StellaOps.Policy.Engine | Need storage ADR | POLICY-ENGINE-20-006 | DOPE0102 |
| ENGINE-20-008 | TODO | | SPRINT_124_policy_reasoning | Docs Guild · Observability Guild | src/Policy/StellaOps.Policy.Engine | Need observability updates | POLICY-ENGINE-20-007 | DOPE0102 |
| ENGINE-20-009 | TODO | | SPRINT_124_policy_reasoning | Docs Guild · DevOps Guild | src/Policy/StellaOps.Policy.Engine | Need DevOps deployment plan | POLICY-ENGINE-20-008 | DOPE0102 |
| ENGINE-27-001 | TODO | | SPRINT_124_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-20-009 | POLICY-ENGINE-20-009 | DOPE0103 |
| ENGINE-27-002 | TODO | | SPRINT_124_policy_reasoning | Policy + Observability Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-27-001 | POLICY-ENGINE-27-001 | DOPE0103 |
| ENGINE-29-001 | TODO | | SPRINT_124_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-27-004 | POLICY-ENGINE-27-004 | DOPE0103 |
| ENGINE-29-002 | TODO | | SPRINT_124_policy_reasoning | Policy + Findings Ledger Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-29-001 | POLICY-ENGINE-29-001 | DOPE0103 |
| ENGINE-29-003 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy + SBOM Service Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-29-002 | POLICY-ENGINE-29-002 | DOPE0103 |
| ENGINE-29-004 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy + Observability Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-29-003 | POLICY-ENGINE-29-003 | DOPE0103 |
| ENGINE-30-001 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy + Cartographer Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-29-004 | POLICY-ENGINE-29-004 | DOPE0103 |
| ENGINE-30-002 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy + Cartographer Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-30-001 | POLICY-ENGINE-30-001 | DOPE0103 |
| ENGINE-30-003 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy + Scheduler Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-30-002 | POLICY-ENGINE-30-002 | DOPE0103 |
| ENGINE-30-101 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-30-003 | POLICY-ENGINE-30-003 | DOPE0103 |
| ENGINE-31-001 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-30-101 | POLICY-ENGINE-30-101 | DOPE0104 |
| ENGINE-31-002 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-31-001 | POLICY-ENGINE-31-001 | DOPE0104 |
| ENGINE-32-101 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-31-002 | POLICY-ENGINE-31-002 | DOPE0104 |
| ENGINE-33-101 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-32-101 | POLICY-ENGINE-32-101 | DOPE0104 |
| ENGINE-34-101 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-33-101 | POLICY-ENGINE-33-101 | DOPE0104 |
| ENGINE-35-201 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-34-101 | POLICY-ENGINE-34-101 | DOPE0104 |
| ENGINE-38-201 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-35-201 | POLICY-ENGINE-35-201 | DOPE0104 |
| ENGINE-40-001 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy + Concelier Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-38-201 | POLICY-ENGINE-38-201 | DOPE0104 |
| ENGINE-40-002 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy + Excititor Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-40-001 | POLICY-ENGINE-40-001 | DOPE0104 |
| ENGINE-40-003 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy + Web Scanner Guilds / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-40-002 | POLICY-ENGINE-40-002 | DOPE0104 |
| ENGINE-401-003 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild (`src/Policy/StellaOps.Policy.Engine`, `docs/modules/policy/architecture.md`) | `src/Policy/StellaOps.Policy.Engine`, `docs/modules/policy/architecture.md` | Reachability/forensics appendix referencing DORC0101. | — | DOPE0105 |
| ENGINE-50-001 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy + Platform Security / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-40-003 | POLICY-ENGINE-40-003 | DOPE0105 |
| ENGINE-50-002 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy + Runtime Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-50-001 | POLICY-ENGINE-50-001 | DOPE0105 |
| ENGINE-50-003 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy + Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-50-002 | POLICY-ENGINE-50-002 | DOPE0105 |
| ENGINE-50-004 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy + Platform Events Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-50-003 | POLICY-ENGINE-50-003 | DOPE0105 |
| ENGINE-50-005 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy + Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-50-004 | POLICY-ENGINE-50-004 | DOPE0105 |
| ENGINE-50-006 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy + QA Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-50-005 | POLICY-ENGINE-50-005 | DOPE0105 |
| ENGINE-50-007 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy + Scheduler Worker Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-50-006 | POLICY-ENGINE-50-006 | DOPE0105 |
| ENGINE-60-001 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy + SBOM Service Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-50-007 | POLICY-ENGINE-50-007 | DOPE0105 |
| ENGINE-60-002 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy + BE-Base Platform Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-60-001 | POLICY-ENGINE-60-001 | DOPE0105 |
| ENGINE-66-001 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Baseline collections + indexes doc. | — | DORG0101 |
| ENGINE-66-002 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-66-001 | RISK-ENGINE-66-001 | DORG0101 |
| ENGINE-67-001 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk + Concelier Guilds / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-66-002 | RISK-ENGINE-66-002 | DORG0101 |
| ENGINE-67-002 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk + Excititor Guilds / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-67-001 | RISK-ENGINE-67-001 | DORG0101 |
| ENGINE-67-003 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk + Policy Engine Guilds / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-67-002 | RISK-ENGINE-67-002 | DORG0101 |
| ENGINE-68-001 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk + Findings Ledger Guilds / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-67-003 | RISK-ENGINE-67-003 | DORG0101 |
| ENGINE-68-002 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk + API Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-68-001 | RISK-ENGINE-68-001 | DORG0101 |
| ENGINE-69-001 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Risk + Policy Studio Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-68-002 | RISK-ENGINE-68-002 | DORG0101 |
| ENGINE-69-002 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Risk + Observability Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-69-001 | RISK-ENGINE-69-001 | DORG0101 |
| ENGINE-70-001 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Risk + Export Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | RISK-ENGINE-69-002 | RISK-ENGINE-69-002 | DORG0101 |
| ENGINE-70-002 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy + Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-60-002 | POLICY-ENGINE-60-002 | DOPE0106 |
| ENGINE-70-003 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy + Runtime Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-70-002 | POLICY-ENGINE-70-002 | DOPE0106 |
| ENGINE-70-004 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy + Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-70-003 | POLICY-ENGINE-70-003 | DOPE0106 |
| ENGINE-70-005 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy + Scheduler Worker Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-70-004 | POLICY-ENGINE-70-004 | DOPE0106 |
| ENGINE-80-001 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy + Signals Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-70-005 | POLICY-ENGINE-70-005 | DOPE0106 |
| ENGINE-80-002 | TODO | | SPRINT_0127_0001_0001_policy_reasoning | Policy + Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-80-001 | POLICY-ENGINE-80-001 | DOPE0106 |
| ENGINE-80-003 | TODO | | SPRINT_0127_0001_0001_policy_reasoning | Policy + Policy Editor Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-80-002 | POLICY-ENGINE-80-002 | DOPE0106 |
| ENGINE-80-004 | TODO | | SPRINT_0127_0001_0001_policy_reasoning | Policy + Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | POLICY-ENGINE-80-003 | POLICY-ENGINE-80-003 | DOPE0106 |
| ENGINE-DOCS-0001 | TODO | | SPRINT_0325_0001_0001_docs_modules_policy | Docs Guild (docs/modules/policy) | docs/modules/policy | Refresh module overview + governance ladder. | — | DOPE0107 |
| ENGINE-ENG-0001 | TODO | | SPRINT_0325_0001_0001_docs_modules_policy | Module Team (docs/modules/policy) | docs/modules/policy | Capture engineering guidelines + acceptance tests. | — | DOPE0107 |
| ENGINE-OPS-0001 | TODO | | SPRINT_0325_0001_0001_docs_modules_policy | Ops Guild (docs/modules/policy) | docs/modules/policy | Operations runbook (deploy/rollback) pointer. | — | DOPE0107 |
| ENTROPY-186-011 | TODO | | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild · Provenance Guild | `src/Scanner/StellaOps.Scanner.Worker`, `src/Scanner/__Libraries` | SCANNER-ENTRYTRACE-18-508 | SCANNER-ENTRYTRACE-18-508 | SCDE0101 |
| ENTROPY-186-012 | TODO | | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild · Provenance Guild | `src/Scanner/StellaOps.Scanner.WebService`, `docs/replay/DETERMINISTIC_REPLAY.md` | ENTROPY-186-011 | ENTROPY-186-011 | SCDE0102 |
| ENTROPY-70-004 | TODO | | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · Scanner Guild | docs/modules/scanner/determinism.md | ENTROPY-186-011/012 | ENTROPY-186-011/012 | DOSC0102 |
| ENTRYTRACE-18-502 | TODO | | SPRINT_0135_0001_0001_scanner_surface | EntryTrace Guild · Scanner Surface Guild | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | SCANNER-ENTRYTRACE-18-508 | SCANNER-ENTRYTRACE-18-508 | SCET0101 |
| ENTRYTRACE-18-503 | TODO | | SPRINT_0135_0001_0001_scanner_surface | EntryTrace Guild · Scanner Surface Guild | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | ENTRYTRACE-18-502 | ENTRYTRACE-18-502 | SCET0101 |
| ENTRYTRACE-18-504 | TODO | | SPRINT_0136_0001_0001_scanner_surface | EntryTrace Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace) | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | SCANNER-ENTRYTRACE-18-503 | SCANNER-ENTRYTRACE-18-503 | SCSS0102 |
| ENTRYTRACE-18-505 | TODO | | SPRINT_0136_0001_0001_scanner_surface | EntryTrace Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace) | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | SCANNER-ENTRYTRACE-18-504 | SCANNER-ENTRYTRACE-18-504 | SCSS0102 |
| ENTRYTRACE-18-506 | TODO | | SPRINT_0136_0001_0001_scanner_surface | EntryTrace Guild · Scanner WebService Guild | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | ENTRYTRACE-18-505 | ENTRYTRACE-18-505 | SCET0101 |
| ENV-01 | DONE | 2025-11-13 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Zastava Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | | | SCEN0101 |
| ENV-02 | DOING (2025-11-02) | 2025-11-02 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild · Zastava Guild | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | SURFACE-ENV-01 | SURFACE-ENV-01 | SCEN0101 |
| ENV-03 | TODO | | SPRINT_0136_0001_0001_scanner_surface | BuildX Plugin Guild | src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin | SCANNER-ENV-02 | SCANNER-ENV-02 | SCBX0101 |
| ENV-04 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Zastava Guild · Scanner Env Guild | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | SURFACE-ENV-02 | SURFACE-ENV-02 | SCEN0101 |
| ENV-05 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Ops Guild · Scanner Env Guild | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | SURFACE-ENV-03 & SURFACE-ENV-04 | SURFACE-ENV-03; SURFACE-ENV-04 | SCEN0101 |
| EVENTS-16-301 | BLOCKED (2025-10-26) | 2025-10-26 | SPRINT_0136_0001_0001_scanner_surface | Scanner WebService Guild (`src/Scanner/StellaOps.Scanner.WebService`) | src/Scanner/StellaOps.Scanner.WebService | SCDE0102 landing | SCDE0102 landing | SCEV0101 |
| EVID-CRYPTO-90-001 | TODO | | SPRINT_160_export_evidence | Evidence Locker + Security Guilds (`src/EvidenceLocker/StellaOps.EvidenceLocker`) | src/EvidenceLocker/StellaOps.EvidenceLocker | Evidence Locker + Security Guilds · `ICryptoProviderRegistry` integration | ATEL0101 contracts | EVEC0101 |
| EVID-OBS-54-002 | TODO | | SPRINT_161_evidencelocker | Evidence Locker Guild (`src/EvidenceLocker/StellaOps.EvidenceLocker`) | `src/EvidenceLocker/StellaOps.EvidenceLocker` | Finalize deterministic bundle packaging + DSSE layout per `docs/modules/evidence-locker/bundle-packaging.md`, ensuring parity with portable/incident modes. | EVID-CRYPTO-90-001 | EVEC0101 |
| EVID-REPLAY-187-001 | TODO | | SPRINT_160_export_evidence | Evidence Locker Guild · docs/modules/evidence-locker/architecture.md | docs/modules/evidence-locker/architecture.md | Evidence Locker Guild · docs/modules/evidence-locker/architecture.md | EVID-CRYPTO-90-001 | EVEC0101 |
| EXC-25-001 | TODO | | SPRINT_0202_0001_0002_cli_ii | DevEx/CLI Guild (`src/Cli/StellaOps.Cli`) | src/Cli/StellaOps.Cli | DOOR0102 APIs | DOOR0102 APIs | CLEX0101 |
| EXC-25-002 | TODO | | SPRINT_0202_0001_0002_cli_ii | DevEx/CLI Guild (`src/Cli/StellaOps.Cli`) | src/Cli/StellaOps.Cli | EXC-25-001 | EXC-25-001 | CLEX0101 |
| EXC-25-006 | TODO | | SPRINT_303_docs_tasks_md_iii | Docs Guild · DevEx Guild | docs/modules/excititor | CLEX0101 CLI updates | CLEX0101 CLI updates | DOEX0101 |
| EXC-25-007 | TODO | | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild · DevOps Guild | docs/modules/excititor | UIEX0101 console outputs | UIEX0101 console outputs | DOEX0101 |
| EXCITITOR-AIAI-31-001 | DONE | 2025-11-12 | SPRINT_0119_0001_0001_excititor_i | Excititor Web/Core Guilds | src/Excititor/StellaOps.Excititor.WebService | Normalised VEX justification projections shipped. | | EXWK0101 |
| EXCITITOR-AIAI-31-002 | DONE | 2025-11-17 | SPRINT_0119_0001_0001_excititor_i | Excititor Web/Core Guilds | src/Excititor/StellaOps.Excititor.WebService | Chunk API streaming raw statements + signature metadata with tenant/policy filters. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ELOCKER-CONTRACT-2001 | EXAI0101 |
| EXCITITOR-AIAI-31-003 | DONE | 2025-11-17 | SPRINT_0119_0001_0001_excititor_i | Excititor Observability Guild | src/Excititor/StellaOps.Excititor.WebService | Telemetry/guardrail metrics (counters, chunk histograms, signature failure + AOC guard meters); traces pending span sink. | EXCITITOR-AIAI-31-002 | EXAI0101 |
| EXCITITOR-AIAI-31-004 | DONE | 2025-11-18 | SPRINT_0119_0001_0001_excititor_i | Docs Guild · Excititor Guild | docs/modules/excititor/evidence-contract.md | Advisory-AI evidence contract + determinism guarantees and storage mapping. | EXCITITOR-AIAI-31-002 | EXAI0101 |
| EXCITITOR-AIRGAP-56 | DONE (2025-11-22) | 2025-11-22 | SPRINT_110_ingestion_evidence | Excititor Guild · AirGap Guilds | | Air-gap ingest parity delivered; connector trust enforced. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | EXAG0101 |
| EXCITITOR-AIRGAP-56-001 | DOING (2025-11-22) | 2025-11-22 | SPRINT_0119_0001_0001_excititor_i | Excititor Core Guild (`src/Excititor/__Libraries/StellaOps.Excititor.Core`) | src/Excititor/__Libraries/StellaOps.Excititor.Core | Wire mirror bundle ingestion paths that preserve upstream digests, bundle IDs, and provenance metadata exactly so offline Advisory-AI/Lens deployments can replay evidence with AOC parity. | EXCITITOR-AIRGAP-56 | EXAG0101 |
| EXCITITOR-AIRGAP-57 | DONE (2025-11-22) | 2025-11-22 | SPRINT_110_ingestion_evidence | Excititor Guild · AirGap Guilds | | Time-anchor import path aligned with Evidence Locker contract. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | EXAG0101 |
| EXCITITOR-AIRGAP-57-001 | DONE (2025-11-24) | 2025-11-22 | SPRINT_0119_0001_0001_excititor_i | Excititor AirGap Policy Guild (`src/Excititor/__Libraries/StellaOps.Excititor.Core`) | src/Excititor/__Libraries/StellaOps.Excititor.Core | Enforce sealed-mode policies that disable external connectors, emit actionable remediation errors, and record staleness annotations that Advisory AI can surface as “evidence freshness” signals. Depends on EXCITITOR-AIRGAP-56-001. | EXCITITOR-AIRGAP-57 | EXAG0101 |
| EXCITITOR-AIRGAP-58 | DONE (2025-11-22) | 2025-11-22 | SPRINT_110_ingestion_evidence | Excititor Guild · AirGap Guilds | | Import/export automation delivered for frozen schema. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | EXAG0101 |
| EXCITITOR-AIRGAP-58-001 | DONE (2025-11-24) | 2025-11-22 | SPRINT_0119_0001_0001_excititor_i | Excititor Core + Evidence Locker Guilds | src/Excititor/__Libraries/StellaOps.Excititor.Core | Package tenant-scoped VEX evidence (raw JSON, normalization diff, provenance) into portable bundles tied to timeline events so Advisory AI can hydrate contexts in sealed environments. Depends on EXCITITOR-AIRGAP-57-001. | EXCITITOR-AIRGAP-58 | EXAG0101 |
| EXCITITOR-ATTEST-01-003 | DONE | 2025-11-17 | SPRINT_0119_0001_0001_excititor_i | Excititor Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Attestation verifier harness + diagnostics prove DSSE bundle verification without consensus logic. | EXCITITOR-AIAI-31-002; ELOCKER-CONTRACT-2001 | EXAT0101 |
| EXCITITOR-ATTEST-73-001 | DONE | 2025-11-17 | SPRINT_0119_0001_0001_excititor_i | Excititor Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Attestation payloads emitted with supplier identity, justification summary, and scope metadata for trust chaining. | EXCITITOR-ATTEST-01-003 | EXAT0101 |
| EXCITITOR-ATTEST-73-002 | DONE | 2025-11-17 | SPRINT_0119_0001_0001_excititor_i | Excititor Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | APIs link attestation IDs back to observation/linkset/product tuples for provenance citations without derived verdicts. | EXCITITOR-ATTEST-73-001 | EXAT0101 |
| EXCITITOR-CONN-SUSE-01-003 | TODO | | SPRINT_0120_0001_0002_excititor_ii | Excititor Guild (SUSE connector) | src/Excititor/__Libraries/StellaOps.Excititor.Connectors.SUSE.RancherVEXHub | DONE (2025-11-09) Emit provider trust configuration (signer fingerprints, trust tier notes) into the raw provenance envelope so downstream VEX Lens/Policy components can weigh issuers. Connector must not apply weighting or consensus inside ingestion. | EXCITITOR-CONN-SUSE-01-002; EXCITITOR-POLICY-01-001 | EXCN0101 |
| EXCITITOR-CONN-TRUST-01-001 | DONE | 2025-11-20 | SPRINT_0119_0001_0001_excititor_i | Excititor Guild · AirGap Guilds | src/Excititor/__Libraries/StellaOps.Excititor.Connectors* | Signer metadata loader/enricher wired for MSRC/Oracle/Ubuntu/OpenVEX connectors; env `STELLAOPS_CONNECTOR_SIGNER_METADATA_PATH`; docs + sample hash shipped. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | EXCN0101 |
| EXCITITOR-CONN-UBUNTU-01-003 | TODO | | SPRINT_0120_0001_0002_excititor_ii | Excititor Guild (Ubuntu connector) | src/Excititor/__Libraries/StellaOps.Excititor.Connectors.Ubuntu.CSAF | DONE (2025-11-09) Emit Ubuntu signing metadata (GPG fingerprints, issuer trust tier) inside raw provenance artifacts so downstream Policy/VEX Lens consumers can weigh issuers. Connector must remain aggregation-only with no inline weighting. | EXCITITOR-CONN-UBUNTU-01-002 | EXCN0101 |
| EXCITITOR-CONSOLE-23-001 | DONE (2025-11-23) | | SPRINT_0120_0001_0002_excititor_ii | Excititor Guild · Docs Guild | src/Excititor/StellaOps.Excititor.WebService | Expose `/console/vex` endpoints returning grouped VEX statements per advisory/component with status chips, justification metadata, precedence trace pointers, and tenant-scoped filters for Console explorer. Dependencies: EXCITITOR-LNM-21-201, EXCITITOR-LNM-21-202. | DOCN0101 | EXCO0101 |
| EXCITITOR-CONSOLE-23-002 | DONE (2025-11-23) | | SPRINT_0120_0001_0002_excititor_ii | Excititor Guild | src/Excititor/StellaOps.Excititor.WebService | Provide aggregated counts for VEX overrides (new, not_affected, revoked) powering Console dashboard + live status ticker; emit metrics for policy explain integration. Dependencies: EXCITITOR-CONSOLE-23-001, EXCITITOR-LNM-21-203. | EXCITITOR-CONSOLE-23-001 | EXCO0101 |
| EXCITITOR-CONSOLE-23-003 | DONE (2025-11-23) | | SPRINT_0120_0001_0002_excititor_ii | Excititor Guild | src/Excititor/StellaOps.Excititor.WebService | Deliver rapid lookup endpoints of VEX by advisory/component for Console global search; ensure response includes provenance and precedence context; include caching and RBAC. Dependencies: EXCITITOR-CONSOLE-23-001. | EXCITITOR-CONSOLE-23-001 | EXCO0101 |
| EXCITITOR-CORE-AOC-19-002 | TODO | | SPRINT_0120_0001_0002_excititor_ii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Implement deterministic extraction of advisory IDs, component PURLs, and references into `linkset`, capturing reconciled-from metadata for traceability. | Link-Not-Merge schema | EXCA0101 |
| EXCITITOR-CORE-AOC-19-003 | TODO | | SPRINT_0120_0001_0002_excititor_ii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Enforce `(vendor, upstreamId, contentHash, tenant)` uniqueness, generate supersedes chains, and ensure append-only versioning of raw VEX documents. Dependencies: EXCITITOR-CORE-AOC-19-002. | EXCITITOR-CORE-AOC-19-002 | EXCA0101 |
| EXCITITOR-CORE-AOC-19-004 | TODO | | SPRINT_0120_0001_0002_excititor_ii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Excise consensus/merge/severity logic from Excititor ingestion paths, updating exports/tests to rely on Policy Engine materializations instead. Dependencies: EXCITITOR-CORE-AOC-19-003. | EXCITITOR-CORE-AOC-19-003 | EXCA0101 |
| EXCITITOR-CORE-AOC-19-013 | TODO | | SPRINT_0120_0001_0002_excititor_ii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Update Excititor smoke/e2e suites to seed tenant-aware Authority clients and ensure cross-tenant VEX ingestion is rejected. Dependencies: EXCITITOR-CORE-AOC-19-004. | EXCITITOR-CORE-AOC-19-004 | EXCA0101 |
| EXCITITOR-CRYPTO-90-001 | TODO | | SPRINT_0124_0001_0006_excititor_vi | WebService + Security Guilds | src/Excititor/StellaOps.Excititor.WebService | Replace ad-hoc hashing/signing in connectors/exporters/OpenAPI discovery with `ICryptoProviderRegistry` implementations approved by security so evidence verification stays deterministic across crypto profiles. | ATEL0101 | EXWS0101 |
| EXCITITOR-DOCS-0001 | DOING (2025-10-29) | 2025-10-29 | SPRINT_333_docs_modules_excititor | Docs Guild | docs/modules/excititor | See ./AGENTS.md | — | DOEX0102 |
| EXCITITOR-ENG-0001 | TODO | | SPRINT_333_docs_modules_excititor | Module Team · Docs Guild | docs/modules/excititor | Update status via ./AGENTS.md workflow | DOEX0101 evidence | DOEX0102 |
| EXCITITOR-GRAPH-21-001 | TODO | 2025-10-27 | SPRINT_0120_0001_0002_excititor_ii | Excititor Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Provide batched VEX/advisory reference fetches keyed by graph node PURLs so UI inspector can display raw documents and justification metadata. | Link-Not-Merge schema | EXGR0101 |
| EXCITITOR-GRAPH-21-002 | TODO | 2025-10-27 | SPRINT_0120_0001_0002_excititor_ii | Excititor Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Ensure overlay metadata includes VEX justification summaries and document versions for Cartographer overlays; update fixtures/tests. Dependencies: EXCITITOR-GRAPH-21-001. | EXCITITOR-GRAPH-21-001 | EXGR0101 |
| EXCITITOR-GRAPH-21-005 | TODO | 2025-10-27 | SPRINT_0120_0001_0002_excititor_ii | Excititor Guild | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo | Add indexes/materialized views for VEX lookups by PURL/policy to support Cartographer inspector performance; document migrations. Dependencies: EXCITITOR-GRAPH-21-002. | EXCITITOR-GRAPH-21-002 | EXGR0101 |
| EXCITITOR-GRAPH-24-101 | DONE (2025-11-25) | | SPRINT_0120_0001_0002_excititor_ii | Excititor Guild | src/Excititor/StellaOps.Excititor.WebService | Provide endpoints delivering VEX status summaries per component/asset for Vuln Explorer integration. Dependencies: EXCITITOR-GRAPH-21-005. | EXCITITOR-GRAPH-21-002 | EXGR0101 |
| EXCITITOR-GRAPH-24-102 | DONE (2025-11-25) | | SPRINT_0120_0001_0002_excititor_ii | Excititor Guild | src/Excititor/StellaOps.Excititor.WebService | Add batch VEX observation retrieval optimized for Graph overlays/tooltips. Dependencies: EXCITITOR-GRAPH-24-101. | EXCITITOR-GRAPH-24-101 | EXGR0101 |
| EXCITITOR-LNM-21-001 | TODO | | SPRINT_0121_0001_0003_excititor_iii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo | Stand up `vex_observations` and `vex_linksets` collections with shard keys, tenant guards, and migrations that retire any residual merge-era data without mutating raw content. | Link-Not-Merge schema | EXLN0101 |
| EXCITITOR-LNM-21-002 | TODO | | SPRINT_0121_0001_0003_excititor_iii | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Capture disagreement metadata (status + justification deltas) directly inside linksets with confidence scores so downstream consumers can highlight conflicts without Excititor choosing winners. Depends on EXCITITOR-LNM-21-001. | EXCITITOR-LNM-21-001 | EXLN0101 |
| EXCITITOR-LNM-21-003 | TODO | | SPRINT_0121_0001_0003_excititor_iii | Excititor Core + Platform Events Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Emit `vex.linkset.updated` events and describe payload shape (observation ids, confidence, conflict summary) so Policy/Lens/UI can subscribe while Excititor stays aggregation-only. Depends on EXCITITOR-LNM-21-002. | EXCITITOR-LNM-21-002 | EXLN0101 |
| EXCITITOR-LNM-21-201 | DONE (2025-11-25) | | SPRINT_0121_0001_0003_excititor_iii | Excititor WebService Guild | src/Excititor/StellaOps.Excititor.WebService | Ship `/vex/observations` read endpoints with filters for advisory/product/issuer, strict RBAC, and deterministic pagination (no derived verdict fields). Depends on EXCITITOR-LNM-21-003. | EXCITITOR-LNM-21-001 | EXLN0101 |
| EXCITITOR-LNM-21-202 | DONE (2025-11-25) | | SPRINT_0121_0001_0003_excititor_iii | Excititor WebService Guild | src/Excititor/StellaOps.Excititor.WebService | Provide `/vex/linksets` + export endpoints that surface alias mappings, conflict markers, and provenance proofs exactly as stored; errors must map to `ERR_AGG_*`. Depends on EXCITITOR-LNM-21-201. | EXCITITOR-LNM-21-201 | EXLN0101 |
| EXCITITOR-LNM-21-203 | TODO | | SPRINT_0121_0001_0003_excititor_iii | Excititor WebService Guild | src/Excititor/StellaOps.Excititor.WebService | Update OpenAPI, SDK smoke tests, and documentation to cover the new observation/linkset endpoints with realistic examples Advisory AI/Lens teams can rely on. Depends on EXCITITOR-LNM-21-202. | EXCITITOR-LNM-21-202 | EXLN0101 |
| EXCITITOR-OBS-51-001 | TODO | | SPRINT_0121_0001_0003_excititor_iii | Excititor Core Guild · DevOps Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Publish ingest latency, scope resolution success, conflict rate, and signature verification metrics plus SLO burn alerts so we can prove Excititor meets the AOC “evidence freshness” mission. | Wait for 046_TLTY0101 span schema | EXOB0101 |
| EXCITITOR-OBS-52-001 | TODO | | SPRINT_0122_0001_0004_excititor_iv | Excititor Core Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Emit `timeline_event` entries for every ingest/linkset change with trace IDs, justification summaries, and evidence hashes so downstream systems can replay the raw facts chronologically. Depends on EXCITITOR-OBS-51-001. | Needs #1 merged for correlation IDs | EXOB0101 |
| EXCITITOR-OBS-53-001 | TODO | | SPRINT_0122_0001_0004_excititor_iv | Excititor Core Guild · Evidence Locker Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Build locker payloads (raw doc, normalization diff, provenance) and Merkle manifests so sealed-mode sites can audit evidence without Excititor reinterpreting it. Depends on EXCITITOR-OBS-52-001. | Blocked on Evidence Locker DSSE hooks (002_ATEL0101) | EXOB0101 |
| EXCITITOR-OBS-54-001 | TODO | | SPRINT_0122_0001_0004_excititor_iv | Excititor Core Guild · Provenance Guild | src/Excititor/__Libraries/StellaOps.Excititor.Core | Attach DSSE attestations to every evidence batch, verify chains via Provenance tooling, and surface attestation IDs on timeline events. Depends on EXCITITOR-OBS-53-001. | Requires provenance schema from 005_ATLN0101 | EXOB0101 |
| EXCITITOR-OPS-0001 | TODO | | SPRINT_333_docs_modules_excititor | Ops Guild · Docs Guild | docs/modules/excititor | Sync outcomes back to ../.. | DOEX0101 runbooks | DOEX0102 |
| EXCITITOR-ORCH-32-001 | TODO | | SPRINT_0122_0001_0004_excititor_iv | Excititor Worker Guild (`src/Excititor/StellaOps.Excititor.Worker`) | src/Excititor/StellaOps.Excititor.Worker | Adopt the orchestrator worker SDK for Excititor jobs, emitting heartbeats/progress/artifact hashes so ingestion remains deterministic and restartable without reprocessing evidence. | DOOR0102 APIs | EXWS0101 |
| EXCITITOR-ORCH-33-001 | TODO | | SPRINT_0122_0001_0004_excititor_iv | Excititor Worker Guild (`src/Excititor/StellaOps.Excititor.Worker`) | src/Excititor/StellaOps.Excititor.Worker | Honor orchestrator pause/throttle/retry commands, persist checkpoints, and classify error outputs to keep ingestion safe under outages. Depends on EXCITITOR-ORCH-32-001. | EXCITITOR-ORCH-32-001 | EXWS0101 |
| EXCITITOR-POLICY-20-001 | TODO | | SPRINT_0122_0001_0004_excititor_iv | WebService Guild | src/Excititor/StellaOps.Excititor.WebService | Provide VEX lookup APIs (PURL/advisory batching, scope filters, tenant enforcement) that Policy Engine uses to join evidence without Excititor performing any verdict logic. Depends on EXCITITOR-AOC-20-004. | DOLN0101 | EXWS0101 |
| EXCITITOR-POLICY-20-002 | TODO | | SPRINT_0122_0001_0004_excititor_iv | Excititor Core Guild (src/Excititor/__Libraries/StellaOps.Excititor.Core) | src/Excititor/__Libraries/StellaOps.Excititor.Core | Enhance linksets with scope resolution + version range metadata so Policy/Reachability can reason about applicability while Excititor continues to report only raw context. Depends on EXCITITOR-POLICY-20-001. | | EXWK0101 |
| EXCITITOR-RISK-66-001 | TODO | | SPRINT_0122_0001_0004_excititor_iv | Excititor Core Guild · Risk Engine Guild (`src/Excititor/__Libraries/StellaOps.Excititor.Core`) | src/Excititor/__Libraries/StellaOps.Excititor.Core | Publish risk-engine ready feeds (status, justification, provenance) with zero derived severity so gating services can reference Excititor as a source of truth. Depends on EXCITITOR-POLICY-20-002. | CONCELIER-GRAPH-21-001/002 | EXRS0101 |
| EXCITITOR-STORE-AOC-19-001 | TODO | | SPRINT_0123_0001_0005_excititor_v | Storage Guild (`src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo`) | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo | Ship Mongo JSON Schema + validator tooling (including Offline Kit instructions) so operators can prove Excititor stores only immutable evidence. | Link-Not-Merge schema | EXSM0101 |
| EXCITITOR-STORE-AOC-19-002 | TODO | | SPRINT_0123_0001_0005_excititor_v | Storage + DevOps Guilds (`src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo`) | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo | Create unique indexes, run migrations/backfills, and document rollback steps for the new schema validator. Depends on EXCITITOR-STORE-AOC-19-001. | STORE-AOC-19-001 | EXSM0101 |
| EXCITITOR-VEXLENS-30-001 | TODO | | SPRINT_0123_0001_0005_excititor_v | Excititor WebService Guild · VEX Lens Guild | src/Excititor/StellaOps.Excititor.WebService | Ensure every observation exported to VEX Lens carries issuer hints, signature blobs, product tree snippets, and staleness metadata so the lens can compute consensus without calling back into Excititor. | — | PLVL0103 |
| EXCITITOR-VULN-29-001 | TODO | | SPRINT_0123_0001_0005_excititor_v | Excititor WebService Guild (`src/Excititor/StellaOps.Excititor.WebService`) | src/Excititor/StellaOps.Excititor.WebService | Canonicalize advisory/product keys (map to `advisory_key`, capture scope metadata) while preserving original identifiers in `links[]`; run backfill + regression tests. | EXWS0101 | EXVN0101 |
| EXCITITOR-VULN-29-002 | TODO | | SPRINT_0123_0001_0005_excititor_v | Excititor WebService Guild | src/Excititor/StellaOps.Excititor.WebService | Provide `/vuln/evidence/vex/{advisory_key}` returning tenant-scoped raw statements, provenance, and attestation references for Vuln Explorer evidence tabs. Depends on EXCITITOR-VULN-29-001. | EXCITITOR-VULN-29-001 | EXVN0101 |
| EXCITITOR-VULN-29-004 | TODO | | SPRINT_0123_0001_0005_excititor_v | Excititor WebService + Observability Guilds | src/Excititor/StellaOps.Excititor.WebService | Add metrics/logs for normalization errors, suppression scopes, withdrawn statements, and feed them to Vuln Explorer + Advisory AI dashboards. Depends on EXCITITOR-VULN-29-002. | EXCITITOR-VULN-29-001 | EXVN0101 |
| EXCITITOR-WEB-AIRGAP-58-001 | TODO | | SPRINT_0124_0001_0006_excititor_vi | WebService Guild · AirGap Guilds | src/Excititor/StellaOps.Excititor.WebService | Emit timeline events + audit logs for mirror bundle imports (bundle ID, scope, actor) and map sealed-mode violations to actionable remediation guidance. | EXAG0101 | EXWS0101 |
| EXCITITOR-WEB-OAS-61-001 | TODO | | SPRINT_0124_0001_0006_excititor_vi | WebService Guild | src/Excititor/StellaOps.Excititor.WebService | Implement `/.well-known/openapi` with spec version metadata plus standard error envelopes, then update controller/unit tests accordingly. | DOOR0102 | EXWS0101 |
| EXCITITOR-WEB-OAS-62-001 | TODO | | SPRINT_0124_0001_0006_excititor_vi | WebService Guild · API Governance | src/Excititor/StellaOps.Excititor.WebService | Publish curated examples for the new evidence/attestation/timeline endpoints, emit deprecation headers for legacy routes, and align SDK docs. Depends on EXCITITOR-WEB-OAS-61-001. | EXCITITOR-WEB-OAS-61-001 | EXWS0101 |
| EXCITITOR-WEB-OBS-52-001 | TODO | | SPRINT_0124_0001_0006_excititor_vi | Excititor WebService Guild | src/Excititor/StellaOps.Excititor.WebService | Provide SSE/WebSocket bridges for VEX timeline events with tenant filters, pagination anchors, and guardrails so downstream consoles can monitor raw evidence changes in real time. Depends on EXCITITOR-OBS-52-001. | Wait for 046_TLTY0101 span schema | EXOB0102 |
| EXCITITOR-WEB-OBS-53-001 | TODO | | SPRINT_0124_0001_0006_excititor_vi | Excititor WebService Guild · Evidence Locker Guild | src/Excititor/StellaOps.Excititor.WebService | Expose `/evidence/vex/*` endpoints that fetch locker bundles, enforce scopes, and surface verification metadata without synthesizing verdicts. Depends on EXCITITOR-WEB-OBS-52-001. | Requires Evidence Locker DSSE API (002_ATEL0101) | EXOB0102 |
| EXCITITOR-WEB-OBS-54-001 | TODO | | SPRINT_0124_0001_0006_excititor_vi | Excititor WebService Guild | src/Excititor/StellaOps.Excititor.WebService | Add `/attestations/vex/*` endpoints returning DSSE verification state, builder identity, and chain-of-custody links so consumers never need direct datastore access. Depends on EXCITITOR-WEB-OBS-53-001. | Dependent on provenance schema (005_ATLN0101) | EXOB0102 |
| EXCITOR-DOCS-0001 | DONE | 2025-11-07 | SPRINT_333_docs_modules_excititor | Docs Guild (docs/modules/excitor) | docs/modules/excitor | Validate that `docs/modules/excitor/README.md` matches the latest release notes and consensus beta notes. | | DOXR0101 |
| EXCITOR-ENG-0001 | DONE | 2025-11-07 | SPRINT_333_docs_modules_excititor | Module Team (docs/modules/excitor) | docs/modules/excitor | Ensure the implementation plan sprint alignment table stays current with `SPRINT_200` updates. | | DOXR0101 |
| EXCITOR-OPS-0001 | DONE | 2025-11-07 | SPRINT_333_docs_modules_excititor | Ops Guild (docs/modules/excitor) | docs/modules/excitor | Review runbooks/observability assets, adding the checklist captured in `docs/modules/excitor/mirrors.md`. | | DOXR0101 |
| EXPLORER-DOCS-0001 | TODO | | SPRINT_334_docs_modules_vuln_explorer | Docs Guild | docs/modules/vuln-explorer | DOVL0101 outputs | DOVL0101 outputs | DOXR0101 |
| EXPLORER-ENG-0001 | TODO | | SPRINT_334_docs_modules_vuln_explorer | Explorer Module Team | docs/modules/vuln-explorer | DOVL0102 | DOVL0102 | DOXR0101 |
| EXPLORER-OPS-0001 | TODO | | SPRINT_334_docs_modules_vuln_explorer | Ops Guild | docs/modules/vuln-explorer | Explorer Ops runbooks | Explorer Ops runbooks | DOXR0101 |
| EXPORT-35-001 | TODO | | SPRINT_0121_0001_0001_policy_reasoning | Findings Ledger Guild (`src/Findings/StellaOps.Findings.Ledger`) | src/Findings/StellaOps.Findings.Ledger | PLLG010x ADRs | PLLG010x ADRs | EVFL0101 |
| EXPORT-36-001 | TODO | | SPRINT_0202_0001_0002_cli_ii | DevEx/CLI Guild (`src/Cli/StellaOps.Cli`) | src/Cli/StellaOps.Cli | Export API spec | Export API spec | EVCL0101 |
| EXPORT-37-001 | TODO | | SPRINT_0202_0001_0002_cli_ii | DevEx/CLI Guild (`src/Cli/StellaOps.Cli`) | src/Cli/StellaOps.Cli | EXPORT-36-001 | EXPORT-36-001 | EVCL0101 |
| EXPORT-37-004 | TODO | | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild | | DOCN0101 | DOCN0101 | EVDO0101 |
| EXPORT-37-005 | TODO | | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs + Export Guilds | | EXPORT-37-004 | EXPORT-37-004 | EVDO0101 |
| EXPORT-37-101 | TODO | | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild | | EVCL0101 | EVCL0101 | EVDO0101 |
| EXPORT-37-102 | TODO | | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild | | EXPORT-37-101 | EXPORT-37-101 | EVDO0101 |
| EXPORT-AIRGAP-56-001 | TODO | | SPRINT_160_export_evidence | Exporter Service Guild · Mirror Guild | | Exporter + Mirror Creator + DevOps Guilds | Wait for Deployment bundle shape (068_AGDP0101) | AGEX0101 |
| EXPORT-AIRGAP-56-002 | TODO | | SPRINT_160_export_evidence | Exporter Service Guild · DevOps Guild | | Depends on #1 artifacts | Depends on #1 artifacts | AGEX0101 |
| EXPORT-AIRGAP-57-001 | TODO | | SPRINT_160_export_evidence | ExportCenter Guild (`src/ExportCenter/StellaOps.ExportCenter`) | src/ExportCenter/StellaOps.ExportCenter | Exporter Service + Evidence Locker Guild | EXAG0101 outputs | EVAH0101 |
| EXPORT-AIRGAP-58-001 | TODO | | SPRINT_162_exportcenter_i | ExportCenter Guild · Notifications Guild | src/ExportCenter/StellaOps.ExportCenter | Emit notifications and timeline events when Mirror Bundles or Bootstrap packs are ready for transfer. Dependencies: EXPORT-AIRGAP-57-001. | EXPORT-AIRGAP-57-001 | EVAH0101 |
| EXPORT-ATTEST-74-001 | TODO | | SPRINT_160_export_evidence | ExportCenter + Attestation Guilds | | Attestation Bundle + Exporter Guilds | ATEL0101 | EVAH0101 |
| EXPORT-ATTEST-74-002 | TODO | | SPRINT_160_export_evidence | ExportCenter + Attestation Guilds | | EXPORT-ATTEST-74-001 | EXPORT-ATTEST-74-001 | EVAH0101 |
| EXPORT-ATTEST-75-001 | TODO | | SPRINT_160_export_evidence | ExportCenter + CLI Guilds | | Attestation Bundle + CLI + Exporter Guilds | EXPORT-ATTEST-74-001 | EVAH0101 |
| EXPORT-ATTEST-75-002 | TODO | | SPRINT_160_export_evidence | ExportCenter + CLI Guilds | | EXPORT-ATTEST-75-001 | EXPORT-ATTEST-75-001 | EVAH0101 |
| EXPORT-CONSOLE-23-001 | TODO | | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild, Scheduler Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Build evidence bundle/export generator producing signed manifests, CSV/JSON replay endpoints, and trace attachments; integrate with scheduler jobs and expose progress telemetry | | EVOA0101 |
| EXPORT-CRYPTO-90-001 | TODO | | SPRINT_160_export_evidence | ExportCenter + Security Guilds (`src/ExportCenter/StellaOps.ExportCenter`) | src/ExportCenter/StellaOps.ExportCenter | Exporter Service + Security Guilds | Security review | EVOA0101 |
| EXPORT-OAS-61 | TODO | | SPRINT_160_export_evidence | ExportCenter + API Governance | | Exporter Service + API Governance + SDK Guilds | OAS spec finalization | EVOA0101 |
| EXPORT-OAS-61-001 | TODO | | SPRINT_162_exportcenter_i | ExportCenter + API Contracts Guild | src/ExportCenter/StellaOps.ExportCenter | Update Exporter OAS covering profiles, runs, downloads, devportal exports with standard error envelope and examples. | EXPORT-OAS-61 | EVOA0101 |
| EXPORT-OAS-61-002 | TODO | | SPRINT_162_exportcenter_i | ExportCenter + API Guild | src/ExportCenter/StellaOps.ExportCenter | Provide `/.well-known/openapi` discovery endpoint with version metadata and ETag. Dependencies: EXPORT-OAS-61-001. | EXPORT-OAS-61 | EVOA0101 |
| EXPORT-OAS-62 | TODO | | SPRINT_160_export_evidence | ExportCenter + API Governance | | EXPORT-OAS-61 | EXPORT-OAS-61 | EVOA0101 |
| EXPORT-OAS-62-001 | TODO | | SPRINT_162_exportcenter_i | ExportCenter + API Guilds (`src/ExportCenter/StellaOps.ExportCenter`) | src/ExportCenter/StellaOps.ExportCenter | Ensure SDKs include export profile/run clients with streaming download helpers; add smoke tests. Dependencies: EXPORT-OAS-61-002. | EVOA0101 outputs | EVOA0102 |
| EXPORT-OAS-63 | TODO | | SPRINT_160_export_evidence | Exporter Service Guild · API Governance Guild | | Needs API governance sign-off (049_APIG0101) | Needs API governance sign-off (049_APIG0101) | AGEX0101 |
| EXPORT-OAS-63-001 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild · SDK Guild | src/ExportCenter/StellaOps.ExportCenter | Implement deprecation headers and notifications for legacy export endpoints. Dependencies: EXPORT-OAS-62-001. | Requires #3 schema | AGEX0101 |
| EXPORT-OBS-50-001 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild · Observability Guild | src/ExportCenter/StellaOps.ExportCenter | Adopt telemetry core in exporter service + workers, ensuring spans/logs capture profile id, tenant, artifact counts, distribution type, and trace IDs. | Wait for telemetry schema drop from 046_TLTY0101 | ECOB0101 |
| EXPORT-OBS-51-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | | Downstream automation awaiting assembler staffing outcome. | PROGRAM-STAFF-1001 | ECOB0101 |
| EXPORT-OBS-52-001 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild | src/ExportCenter/StellaOps.ExportCenter | Publish timeline events for export lifecycle (`export.requested`, `export.built`, `export.distributed`, `export.failed`) embedding manifest hashes and evidence refs. Provide dedupe + retry logic. Dependencies: EXPORT-OBS-51-001. | Requires shared middleware from task #1 | ECOB0101 |
| EXPORT-OBS-53-001 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild · Evidence Locker Guild | src/ExportCenter/StellaOps.ExportCenter | Push export manifests + distribution transcripts to evidence locker bundles, ensuring Merkle root alignment and DSSE pre-sign data available. Dependencies: EXPORT-OBS-52-001. | Blocked on Evidence Locker DSSE API (002_ATEL0101) | ECOB0101 |
| EXPORT-OBS-54-001 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild · Provenance Guild | src/ExportCenter/StellaOps.ExportCenter | Produce DSSE attestations for each export artifact and distribution target, expose verification API `/exports/{id}/attestation`, and integrate with CLI verify path. Dependencies: EXPORT-OBS-53-001. | PROGRAM-STAFF-1001; EXPORT-MIRROR-ORCH-1501 | ECOB0101 |
| EXPORT-OBS-54-002 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild · Provenance Guild | src/ExportCenter/StellaOps.ExportCenter | Add promotion attestation assembly to export runs (compute SBOM/VEX digests, embed Rekor proofs, bundle DSSE envelopes) and ensure Offline Kit packaging includes the resulting JSON + DSSE envelopes. Dependencies: EXPORT-OBS-54-001, PROV-OBS-53-003. | Needs #5 for consistent dimensions | ECOB0101 |
| EXPORT-OBS-55-001 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild · DevOps Guild | src/ExportCenter/StellaOps.ExportCenter | Add incident mode enhancements (extra tracing for slow exports, additional debug logs, retention bump). Emit incident activation events to timeline + notifier. Dependencies: EXPORT-OBS-54-001. | Requires DevOps alert templates (045_DVDO0103) | ECOB0101 |
| EXPORT-RISK-69-001 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild · Risk Bundle Guild | src/ExportCenter/StellaOps.ExportCenter | Add Export Center job handler `risk-bundle` with provider selection, manifest signing, and audit logging. | Wait for Risk engine inputs (042_RPRC0101) | AGEX0101 |
| EXPORT-RISK-69-002 | TODO | | SPRINT_163_exportcenter_ii | ExportCenter + Risk Guilds | src/ExportCenter/StellaOps.ExportCenter | Enable simulation report exports pulling scored data + explainability snapshots. Dependencies: EXPORT-RISK-69-001. | EXRS0101 outputs | EVRK0101 |
| EXPORT-RISK-70-001 | TODO | | SPRINT_163_exportcenter_ii | ExportCenter + DevOps Guild | src/ExportCenter/StellaOps.ExportCenter | Integrate risk bundle builds into offline kit packaging with checksum verification. Dependencies: EXPORT-RISK-69-002. | EXPORT-RISK-69-002 | EVRK0101 |
| EXPORT-SVC-35-001 | BLOCKED (2025-10-29) | 2025-10-29 | SPRINT_163_exportcenter_ii | ExportCenter Guild (`src/ExportCenter/StellaOps.ExportCenter`) | src/ExportCenter/StellaOps.ExportCenter | Bootstrap exporter service project, configuration, and Postgres migrations for `export_profiles`, `export_runs`, `export_inputs`, `export_distributions` with tenant scoping + tests. | Await EVFL0101 evidence feed | ESVC0101 |
| EXPORT-SVC-35-002 | TODO | | SPRINT_163_exportcenter_ii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Implement planner + scope resolver translating filters into ledger iterators and orchestrator job payloads; include deterministic sampling and validation. Dependencies: EXPORT-SVC-35-001. | EXPORT-SVC-35-001 | ESVC0101 |
| EXPORT-SVC-35-003 | TODO | | SPRINT_163_exportcenter_ii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Deliver JSON adapters (`json:raw`, `json:policy`) with canonical normalization, redaction allowlists, compression, and manifest counts. Dependencies: EXPORT-SVC-35-002. | EXPORT-SVC-35-001 | ESVC0101 |
| EXPORT-SVC-35-004 | TODO | | SPRINT_163_exportcenter_ii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Build mirror (full) adapter producing filesystem layout, indexes, manifests, and README with download-only distribution. Dependencies: EXPORT-SVC-35-003. | EXPORT-SVC-35-002 | ESVC0101 |
| EXPORT-SVC-35-005 | TODO | | SPRINT_163_exportcenter_ii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Implement manifest/provenance writer and KMS signing/attestation (detached + embedded) for bundle outputs. Dependencies: EXPORT-SVC-35-004. | EXPORT-SVC-35-003 | ESVC0101 |
| EXPORT-SVC-35-006 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Expose Export API (profiles, runs, download, SSE updates) with audit logging, concurrency controls, and viewer/operator RBAC integration. Dependencies: EXPORT-SVC-35-005. | EXPORT-SVC-35-004 | ESVC0101 |
| EXPORT-SVC-36-001 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Implement Trivy DB adapter (core) with schema mappings, version flag gating, and validation harness. Dependencies: EXPORT-SVC-35-006. | ESVC0101 outputs | ESVC0102 |
| EXPORT-SVC-36-002 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Add Trivy Java DB variant with shared manifest entries and adapter regression tests. Dependencies: EXPORT-SVC-36-001. | EXPORT-SVC-36-001 | ESVC0102 |
| EXPORT-SVC-36-003 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Build OCI distribution engine (manifests, descriptors, annotations) with registry auth support and retries. Dependencies: EXPORT-SVC-36-002. | EXPORT-SVC-36-001 | ESVC0102 |
| EXPORT-SVC-36-004 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Extend planner/run lifecycle for distribution targets (OCI/object storage) with idempotent metadata updates and retention timestamps. Dependencies: EXPORT-SVC-36-003. | EXPORT-SVC-36-002 | ESVC0102 |
| EXPORT-SVC-37-001 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Implement mirror delta adapter with base manifest comparison, change set generation, and content-addressed reuse. Dependencies: EXPORT-SVC-36-004. | EXPORT-SVC-35-006 | ESVC0102 |
| EXPORT-SVC-37-002 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Add bundle encryption (age/AES-GCM), key wrapping via KMS, and verification tooling for encrypted outputs. Dependencies: EXPORT-SVC-37-001. | EXPORT-SVC-37-001 | ESVC0102 |
| EXPORT-SVC-37-003 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Implement export scheduling (cron/event), retention pruning, retry idempotency, and failure classification. Dependencies: EXPORT-SVC-37-002. | EXPORT-SVC-37-002 | ESVC0103 |
| EXPORT-SVC-37-004 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Provide verification API to stream manifests/hashes, compute hash+signature checks, and return attest status for CLI/UI. Dependencies: EXPORT-SVC-37-003. | EXPORT-SVC-37-003 | ESVC0103 |
| EXPORT-SVC-43-001 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | ExportCenter Guild | src/ExportCenter/StellaOps.ExportCenter | Integrate pack run manifests/artifacts into export bundles and CLI verification flows; expose provenance links. Dependencies: EXPORT-SVC-37-004. | EXPORT-SVC-37-004 | ESVC0103 |
| EXPORT-TEN-48-001 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | ExportCenter + Tenancy Guild | src/ExportCenter/StellaOps.ExportCenter | Prefix artifacts/manifests with tenant/project, enforce scope checks, and prevent cross-tenant exports unless explicitly whitelisted; update provenance. | EXPORT-SVC-37-004 | ESVC0103 |
| FEEDCONN-CCCS-02-009 | TODO | | SPRINT_117_concelier_vi | Concelier Connector Guild CCCS (src/Concelier/__Libraries/StellaOps.Concelier.Connector.Cccs) | src/Concelier/__Libraries/StellaOps.Concelier.Connector.Cccs | Emit CCCS version ranges into `advisory_observations.affected.versions[]` with provenance anchors (`cccs:{serial}:{index}`) and normalized comparison keys per the Link-Not-Merge schema/doc recipes. Depends on CONCELIER-LNM-21-001. | — | FEFC0101 |
| FEEDCONN-CERTBUND-02-010 | TODO | | SPRINT_117_concelier_vi | Concelier Connector Guild CertBund (src/Concelier/__Libraries/StellaOps.Concelier.Connector.CertBund) | src/Concelier/__Libraries/StellaOps.Concelier.Connector.CertBund | Translate CERT-Bund `product.Versions` phrases into normalized ranges + provenance identifiers (`certbund:{advisoryId}:{vendor}`) while retaining localisation notes; update mapper/tests for Link-Not-Merge. Depends on CONCELIER-LNM-21-001. | — | FEFC0101 |
| FEEDCONN-CISCO-02-009 | DOING | 2025-11-08 | SPRINT_117_concelier_vi | Concelier Connector Guild Cisco (src/Concelier/__Libraries/StellaOps.Concelier.Connector.Vndr.Cisco) | src/Concelier/__Libraries/StellaOps.Concelier.Connector.Vndr.Cisco | Emit Cisco SemVer ranges into the new observation schema with provenance IDs (`cisco:{productId}`) and deterministic comparison keys; refresh fixtures to remove merge counters. Depends on CONCELIER-LNM-21-001. | — | FEFC0101 |
| FEEDCONN-ICSCISA-02-012 | BLOCKED | | SPRINT_0503_0001_0001_ops_devops_i | Concelier Feed Owners | | Overdue provenance refreshes require schedule from feed owners. | FEED-REMEDIATION-1001 | FEFC0101 |
| FEEDCONN-KISA-02-008 | BLOCKED | | SPRINT_0503_0001_0001_ops_devops_i | Concelier Feed Owners | | FEED-REMEDIATION-1001 | FEED-REMEDIATION-1001 | FEFC0101 |
| FORENSICS-53-001 | TODO | | SPRINT_0202_0001_0002_cli_ii | Forensics Guild | src/Cli/StellaOps.Cli | Replay data set | Replay data set | FONS0101 |
| FORENSICS-53-002 | TODO | | SPRINT_0304_0001_0004_docs_tasks_md_iv | Forensics Guild | | FORENSICS-53-001 | FORENSICS-53-001 | FONS0101 |
| FORENSICS-53-003 | TODO | | SPRINT_0304_0001_0004_docs_tasks_md_iv | Forensics Guild | | FORENSICS-53-001 | FORENSICS-53-001 | FONS0101 |
| FORENSICS-54-001 | TODO | | SPRINT_0202_0001_0002_cli_ii | Forensics Guild | src/Cli/StellaOps.Cli | FORENSICS-53 outputs | FORENSICS-53 outputs | FONS0101 |
| FORENSICS-54-002 | TODO | | SPRINT_0202_0001_0002_cli_ii | Forensics Guild | src/Cli/StellaOps.Cli | FORENSICS-54-001 | FORENSICS-54-001 | FONS0101 |
| FS-03 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | SURFACE-FS-02 | SURFACE-FS-02 | SFFS0101 |
| FS-04 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | FS-03 | SURFACE-FS-02 | SFFS0101 |
| FS-05 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild · Scheduler Guild | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | SURFACE-FS-03 | SURFACE-FS-03 | SFFS0101 |
| FS-06 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Docs Guild | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | SURFACE-FS-02 | SURFACE-FS-02 | SFFS0101 |
| FS-07 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | SCANNER-SURFACE-04 | SCANNER-SURFACE-04 | SFFS0101 |
| GAP-DOC-008 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild | `docs/reachability/function-level-evidence.md`, `docs/09_API_CLI_REFERENCE.md`, `docs/api/policy.md` | Publish the cross-module function-level evidence guide, update API/CLI references with the new `code_id` fields, and add OpenVEX/replay samples under `samples/reachability/**`. | DOAG0101 outputs | GAPG0101 |
| GAP-POL-005 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild · Docs Guild | `src/Policy/StellaOps.Policy.Engine`, `docs/modules/policy/architecture.md`, `docs/reachability/function-level-evidence.md` | Ingest reachability facts into Policy Engine, expose `reachability.state/confidence` in SPL/API, enforce auto-suppress (<0.30) rules, and generate OpenVEX evidence blocks referencing graph hashes + runtime facts with policy thresholds. | GAP-DOC-008 | GAPG0101 |
| GAP-REP-004 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild | `src/__Libraries/StellaOps.Replay.Core`, `docs/replay/DETERMINISTIC_REPLAY.md` | Enforce BLAKE3 hashing + CAS registration for graphs/traces before manifest writes, upgrade replay manifest v2 with analyzer versions/policy thresholds, and add deterministic tests. | GAP-DOC-008 | GAPG0101 |
| GAP-SCAN-001 | DONE (2025-12-03) | | SPRINT_400_runtime_facts_static_callgraph_union | Scanner Guild · GAP Guild | `src/Scanner/StellaOps.Scanner.Worker`, `docs/modules/scanner/architecture.md`, `docs/reachability/function-level-evidence.md` | Implement binary/language symbolizers that emit `richgraph-v1` payloads with canonical `SymbolID = {file:hash, section, addr, name, linkage}` plus `code_id` anchors, persist graphs to CAS via `StellaOps.Scanner.Reachability`, and refresh analyzer docs/fixtures. | GAP-POL-005 | GAPG0101 |
| GAP-SIG-003 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Security Guild · GAP Guild | `src/Signals/StellaOps.Signals`, `docs/reachability/function-level-evidence.md` | Finish `/signals/runtime-facts` ingestion, add CAS-backed runtime storage, extend scoring to lattice states (`Unknown/NotPresent/Unreachable/Conditional/Reachable/Observed`), and emit `signals.fact.updated` events. Document retention/RBAC. | GAP-POL-005 | GAPG0101 |
| GAP-SYM-007 | BLOCKED (2025-11-27) | Waiting on GRAPH-CAS-401-001 schema/hash | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild | `src/Scanner/StellaOps.Scanner.Models`, `docs/modules/scanner/architecture.md`, `docs/reachability/function-level-evidence.md` | Extend reachability evidence schema/DTOs with demangled symbol hints, `symbol.source`, confidence, and optional `code_block_hash`; ensure Scanner SBOM/evidence writers and CLI serializers emit the new fields deterministically. | GAP-SIG-003 | GAPG0101 |
| GAP-VEX-006 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | VEX Guild | `docs/modules/excititor/architecture.md`, `src/Cli/StellaOps.Cli`, `src/UI/StellaOps.UI`, `docs/09_API_CLI_REFERENCE.md` | Wire Policy/Excititor/UI/CLI surfaces so VEX emission and explain drawers show call paths, graph hashes, and runtime hits; add CLI `--evidence=graph`/`--threshold` plus Notify template updates. | GAP-POL-005 | GAPG0101 |
| GAP-ZAS-002 | TODO | | SPRINT_400_runtime_facts_static_callgraph_union | Zastava Guild | `src/Zastava/StellaOps.Zastava.Observer`, `docs/modules/zastava/architecture.md`, `docs/reachability/function-level-evidence.md` | Stream runtime NDJSON batches carrying `{symbol_id, code_id, hit_count, loader_base}` plus CAS URIs, capture build-ids/entrypoints, and draft the operator runbook (`docs/runbooks/reachability-runtime.md`). Integrate with `/signals/runtime-facts` once Sprint401 lands ingestion. | GAP-SCAN-001 | GAPG0101 |
| GO-32-001 | DONE | | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (`src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go`) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | DOOR0102 APIs | DOOR0102 APIs | GOSD0101 |
| GO-32-002 | DONE | | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | GO-32-001 | GO-32-001 | GOSD0101 |
| GO-33-001 | DONE | | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | GO-32-002 | GO-32-002 | GOSD0101 |
| GO-33-002 | DONE | | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | GO-33-001 | GO-33-001 | GOSD0101 |
| GO-34-001 | DONE | | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | GO-33-002 | GO-33-002 | GOSD0101 |
| GRAPH-21-001 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner WebService Guild | src/Scanner/StellaOps.Scanner.WebService | Link-Not-Merge schema | Link-Not-Merge schema | GRSC0101 |
| GRAPH-21-002 | BLOCKED (2025-10-27) | 2025-10-27 | SPRINT_113_concelier_ii | Concelier Core Guild · Scanner Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | GRAPH-21-001 | GRAPH-21-001 | GRSC0101 |
| GRAPH-21-003 | TODO | 2025-10-27 | SPRINT_0213_0001_0002_web_ii | Scanner WebService Guild | src/Web/StellaOps.Web | GRAPH-21-001 | GRAPH-21-001 | GRSC0101 |
| GRAPH-21-004 | TODO | 2025-10-27 | SPRINT_0213_0001_0002_web_ii | Scanner WebService Guild | src/Web/StellaOps.Web | GRAPH-21-002 | GRAPH-21-002 | GRSC0101 |
| GRAPH-21-005 | BLOCKED (2025-10-27) | 2025-10-27 | SPRINT_0120_0001_0002_excititor_ii | Excititor Storage Guild | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo | GRAPH-21-002 | GRAPH-21-002 | GRSC0101 |
| GRAPH-24-005 | TODO | | SPRINT_0304_0001_0004_docs_tasks_md_iv | UI Guild | | GRAPH-24-003 | GRAPH-24-003 | GRUI0101 |
| GRAPH-24-007 | TODO | | SPRINT_0304_0001_0004_docs_tasks_md_iv | UI Guild | | GRAPH-24-005 | GRAPH-24-005 | GRUI0101 |
| GRAPH-24-101 | TODO | | SPRINT_113_concelier_ii | UI Guild | src/Concelier/StellaOps.Concelier.WebService | GRAPH-24-001 | GRAPH-24-001 | GRUI0101 |
| GRAPH-24-102 | TODO | | SPRINT_0120_0001_0002_excititor_ii | UI Guild | src/Excititor/StellaOps.Excititor.WebService | GRAPH-24-101 | GRAPH-24-101 | GRUI0101 |
| GRAPH-28-102 | TODO | | SPRINT_113_concelier_ii | Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | GRAPI0101 |
| GRAPH-API-28-001 | DONE (2025-11-24) | 2025-11-24 | SPRINT_0207_0001_0001_graph | Graph API Guild (src/Graph/StellaOps.Graph.Api) | src/Graph/StellaOps.Graph.Api | Define OpenAPI + JSON schema for graph search/query/paths/diff/export endpoints, including cost metadata and streaming tile schema. | — | ORGR0101 |
| GRAPH-API-28-002 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0207_0001_0001_graph | Graph API Guild (src/Graph/StellaOps.Graph.Api) | src/Graph/StellaOps.Graph.Api | Implement `/graph/search` with multi-type index lookup, prefix/exact match, RBAC enforcement, and result ranking + caching. Dependencies: GRAPH-API-28-001. | — | ORGR0101 |
| GRAPH-API-28-003 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0207_0001_0001_graph | Graph API Guild (src/Graph/StellaOps.Graph.Api) | src/Graph/StellaOps.Graph.Api | Build query planner + cost estimator for `/graph/query`, stream tiles (nodes/edges/stats) progressively, enforce budgets, provide cursor tokens. Dependencies: GRAPH-API-28-002. | — | ORGR0101 |
| GRAPH-API-28-004 | TODO | | SPRINT_0207_0001_0001_graph | Graph API Guild (src/Graph/StellaOps.Graph.Api) | src/Graph/StellaOps.Graph.Api | Implement `/graph/paths` with depth ≤6, constraint filters, heuristic shortest path search, and optional policy overlay rendering. Dependencies: GRAPH-API-28-003. | — | ORGR0101 |
| GRAPH-API-28-005 | TODO | | SPRINT_0207_0001_0001_graph | Graph API Guild (src/Graph/StellaOps.Graph.Api) | src/Graph/StellaOps.Graph.Api | Implement `/graph/diff` streaming added/removed/changed nodes/edges between SBOM snapshots; include overlay deltas and policy/VEX/advisory metadata. Dependencies: GRAPH-API-28-004. | — | ORGR0101 |
| GRAPH-API-28-006 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0207_0001_0001_graph | Graph API Guild (src/Graph/StellaOps.Graph.Api) | src/Graph/StellaOps.Graph.Api | Consume Policy Engine overlay contract (`POLICY-ENGINE-30-001..003`) and surface advisory/VEX/policy overlays with caching, partial materialization, and explain trace sampling for focused nodes. Dependencies: GRAPH-API-28-005. | — | ORGR0101 |
| GRAPH-API-28-007 | TODO | | SPRINT_0207_0001_0001_graph | Graph API Guild (`src/Graph/StellaOps.Graph.Api`) | src/Graph/StellaOps.Graph.Api | Implement exports (`graphml`, `csv`, `ndjson`, `png`, `svg`) with async job management, checksum manifests, and streaming downloads. Dependencies: GRAPH-API-28-006. | ORGR0101 outputs | GRAPI0101 |
| GRAPH-API-28-008 | TODO | | SPRINT_0207_0001_0001_graph | Graph API + Authority Guilds | src/Graph/StellaOps.Graph.Api | Integrate RBAC scopes (`graph:read`, `graph:query`, `graph:export`), tenant headers, audit logging, and rate limiting. Dependencies: GRAPH-API-28-007. | GRAPH-API-28-007 | GRAPI0101 |
| GRAPH-API-28-009 | TODO | | SPRINT_0207_0001_0001_graph | Graph API + Observability Guilds | src/Graph/StellaOps.Graph.Api | Instrument metrics (`graph_tile_latency_seconds`, `graph_query_budget_denied_total`, `graph_overlay_cache_hit_ratio`), structured logs, and traces per query stage; publish dashboards. Dependencies: GRAPH-API-28-008. | GRAPH-API-28-007 | GRAPI0101 |
| GRAPH-API-28-010 | TODO | | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Build unit/integration/load tests with synthetic datasets (500k nodes/2M edges), fuzz query validation, verify determinism across runs. Dependencies: GRAPH-API-28-009. | GRAPH-API-28-008 | GRAPI0101 |
| GRAPH-API-28-011 | TODO | | SPRINT_0207_0001_0001_graph | Graph API Guild | src/Graph/StellaOps.Graph.Api | Provide deployment manifests, offline kit support, API gateway integration docs, and smoke tests. Dependencies: GRAPH-API-28-010. | GRAPH-API-28-009 | GRAPI0101 |
| GRAPH-CAS-401-001 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Scanner Worker Guild | `src/Scanner/StellaOps.Scanner.Worker` | Finalize richgraph schema (`richgraph-v1`), emit canonical SymbolIDs, compute graph hash (BLAKE3), and store CAS manifests under `cas://reachability/graphs/{sha256}`. Update Scanner Worker adapters + fixtures. | Depends on #1 | CASC0101 |
| GRAPH-DOCS-0001 | DONE (2025-11-05) | 2025-11-05 | SPRINT_321_docs_modules_graph | Docs Guild | docs/modules/graph | Validate that graph module README/diagrams reflect the latest overlay + snapshot updates. | GRAPI0101 evidence | GRDG0101 |
| GRAPH-DOCS-0002 | DONE (2025-11-26) | 2025-11-26 | SPRINT_321_docs_modules_graph | Docs Guild | docs/modules/graph | Pending DOCS-GRAPH-24-003 to add API/query doc cross-links | GRAPI0101 outputs | GRDG0101 |
| GRAPH-ENG-0001 | TODO | | SPRINT_321_docs_modules_graph | Module Team | docs/modules/graph | Keep module milestones in sync with `/docs/implplan/SPRINT_141_graph.md` and related files. | GRSC0101 | GRDG0101 |
| GRAPH-INDEX-28-007 | DOING | | SPRINT_0140_0001_0001_runtime_signals | — | | Running on scanner surface mock bundle v1; will validate again once real caches drop. | — | ORGR0101 |
| GRAPH-INDEX-28-008 | TODO | | SPRINT_0140_0001_0001_runtime_signals | — | | Incremental update/backfill pipeline depends on 28-007 artifacts; retry/backoff plumbing sketched but blocked. | — | ORGR0101 |
| GRAPH-INDEX-28-009 | TODO | | SPRINT_0140_0001_0001_runtime_signals | — | | Test/fixture/chaos coverage waits on earlier jobs to exist so determinism checks have data. | — | ORGR0101 |
| GRAPH-INDEX-28-010 | TODO | | SPRINT_0140_0001_0001_runtime_signals | — | | Packaging/offline bundles paused until upstream graph jobs are available to embed. | — | ORGR0101 |
| GRAPH-INDEX-28-011 | TODO | 2025-11-04 | SPRINT_0207_0001_0001_graph | Graph Index Guild | src/Graph/StellaOps.Graph.Indexer | Wire SBOM ingest runtime to emit graph snapshot artifacts, add DI factory helpers, and document Mongo/snapshot environment guidance. Dependencies: GRAPH-INDEX-28-002..006. | GRSC0101 outputs | GRIX0101 |
| GRAPH-OPS-0001 | DONE (2025-11-26) | 2025-11-26 | SPRINT_321_docs_modules_graph | Ops Guild | docs/modules/graph | Review graph observability dashboards/runbooks after the next sprint demo. | GRUI0101 | GRDG0101 |
| HELM-45-001 | TODO | | SPRINT_0501_0001_0001_ops_deployment_i | Deployment Guild (ops/deployment) | ops/deployment | | | GRIX0101 |
| HELM-45-002 | TODO | | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment Guild, Security Guild (ops/deployment) | ops/deployment | Add TLS/Ingress, NetworkPolicy, PodSecurityContexts, Secrets integration (external secrets), and document security posture. Dependencies: HELM-45-001. | | GRIX0101 |
| HELM-45-003 | TODO | | SPRINT_0502_0001_0001_ops_deployment_ii | Deployment Guild, Observability Guild (ops/deployment) | ops/deployment | Implement HPA, PDB, readiness gates, Prometheus scraping annotations, OTel configuration hooks, and upgrade hooks. Dependencies: HELM-45-002. | | GRIX0101 |
| ICSCISA-02-012 | BLOCKED | | SPRINT_0503_0001_0001_ops_devops_i | Concelier Feed Owners (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | src/Concelier/__Libraries/StellaOps.Concelier.Core | FEED-REMEDIATION-1001 | FEED-REMEDIATION-1001 | CCFD0101 |
| IMP-56-001 | TODO | | SPRINT_510_airgap | AirGap Importer Guild | src/AirGap/StellaOps.AirGap.Importer | Harden base importer pipeline. | EXAG0101 | GRIX0101 |
| IMP-56-002 | TODO | | SPRINT_510_airgap | AirGap Importer + Security Guilds | src/AirGap/StellaOps.AirGap.Importer | IMP-56-001 | IMP-56-001 | IMIM0101 |
| IMP-57-001 | TODO | | SPRINT_510_airgap | AirGap Importer Guild | src/AirGap/StellaOps.AirGap.Importer | IMP-56-002 | IMP-56-002 | IMIM0101 |
| IMP-57-002 | TODO | | SPRINT_510_airgap | AirGap Importer + DevOps Guilds | src/AirGap/StellaOps.AirGap.Importer | IMP-57-001 | IMP-57-001 | IMIM0101 |
| IMP-58-001 | TODO | | SPRINT_510_airgap | AirGap Importer + CLI Guilds | src/AirGap/StellaOps.AirGap.Importer | IMP-57-002 | IMP-57-002 | IMIM0101 |
| IMP-58-002 | TODO | | SPRINT_510_airgap | AirGap Importer + Observability Guilds | src/AirGap/StellaOps.AirGap.Importer | IMP-58-001 | IMP-58-001 | IMIM0101 |
| IMPACT-16-001 | TODO | | SPRINT_512_bench | Bench Guild (`src/Bench/StellaOps.Bench`) | src/Bench/StellaOps.Bench | Harden impact scoring + fixtures. | GRSC0101 outputs | IMIM0101 |
| IMPACT-16-303 | DONE | | SPRINT_0155_0001_0001_scheduler_i | Scheduler ImpactIndex Guild (`src/Scheduler/__Libraries/StellaOps.Scheduler.ImpactIndex`) | src/Scheduler/__Libraries/StellaOps.Scheduler.ImpactIndex | IMPACT-16-001 | IMPACT-16-001 | IMPT0101 |
| INDEX-28-007 | TODO | | SPRINT_0140_0001_0001_runtime_signals | Graph Index Guild | src/Graph/StellaOps.Graph.Indexer | GRAPH-INDEX-28-011 | GRAPH-INDEX-28-011 | GRIX0101 |
| INDEX-28-008 | TODO | | SPRINT_0140_0001_0001_runtime_signals | Graph Index Guild | src/Graph/StellaOps.Graph.Indexer | INDEX-28-007 | INDEX-28-007 | GRIX0101 |
| INDEX-28-009 | TODO | | SPRINT_0140_0001_0001_runtime_signals | Graph Index Guild | src/Graph/StellaOps.Graph.Indexer | INDEX-28-008 | INDEX-28-008 | GRIX0101 |
| INDEX-28-010 | TODO | | SPRINT_0140_0001_0001_runtime_signals | Graph Indexer Guild (src/Graph/StellaOps.Graph.Indexer) | src/Graph/StellaOps.Graph.Indexer | | INDEX-28-009 | GRIX0101 |
| INDEX-28-011 | DONE | 2025-11-04 | SPRINT_0207_0001_0001_graph | Graph Indexer Guild (src/Graph/StellaOps.Graph.Indexer) | src/Graph/StellaOps.Graph.Indexer | | INDEX-28-010 | GRIX0101 |
| INDEX-401-030 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Platform + Ops Guilds | `docs/provenance/inline-dsse.md`, `ops/mongo/indices/events_provenance_indices.js` | Needs Ops approval for new Mongo index | Needs Ops approval for new Mongo index | RBRE0101 |
| INGEST-401-013 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Symbols Guild · DevOps Guild (`src/Symbols/StellaOps.Symbols.Ingestor.Cli`) | `src/Symbols/StellaOps.Symbols.Ingestor.Cli`, `docs/specs/SYMBOL_MANIFEST_v1.md` | Implement deterministic ingest + docs. | RBRE0101 inline DSSE | IMPT0101 |
| INLINE-401-028 | DONE | | SPRINT_0401_0001_0001_reachability_evidence_chain | Authority Guild · Feedser Guild (`docs/provenance/inline-dsse.md`, `src/__Libraries/StellaOps.Provenance.Mongo`) | `docs/provenance/inline-dsse.md`, `src/__Libraries/StellaOps.Provenance.Mongo` | | | INST0101 |
| INSTALL-44-001 | TODO | | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Ops Guild | | DOIS0101 outputs | DOIS0101 outputs | INST0101 |
| INSTALL-45-001 | TODO | | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Ops Guild | | INSTALL-44-001 | INSTALL-44-001 | INST0101 |
| INSTALL-46-001 | TODO | | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Security Guild | | INSTALL-45-001 | INSTALL-45-001 | INST0101 |
| INSTALL-50-001 | TODO | | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Support Guild | | INSTALL-44-001 | INSTALL-44-001 | INST0101 |
| KEV providers` | TODO | | SPRINT_115_concelier_iv | Concelier Core + Risk Engine Guilds (`src/Concelier/__Libraries/StellaOps.Concelier.Core`) | src/Concelier/__Libraries/StellaOps.Concelier.Core | Surface vendor-provided CVSS/KEV/fix data exactly as published (with provenance anchors) through provider APIs so risk engines can reason about upstream intent. | ICSCISA-02-012 | CCFD0101 |
| KISA-02-008 | BLOCKED | | SPRINT_0503_0001_0001_ops_devops_i | Concelier Feed Owners | | | FEED-REMEDIATION-1001 | LATC0101 |
| KMS-73-001 | DONE (2025-11-03) | 2025-11-03 | SPRINT_100_identity_signing | KMS Guild (src/__Libraries/StellaOps.Cryptography.Kms) | src/__Libraries/StellaOps.Cryptography.Kms | AWS/GCP KMS drivers landed with digest-first signing, metadata caching, config samples, and docs/tests green. | AWS/GCP KMS drivers landed with digest-first signing, metadata caching, config samples, and docs/tests green. | KMSI0102 |
| KMS-73-002 | DONE (2025-11-03) | 2025-11-03 | SPRINT_100_identity_signing | KMS Guild (src/__Libraries/StellaOps.Cryptography.Kms) | src/__Libraries/StellaOps.Cryptography.Kms | PKCS#11 + FIDO2 drivers shipped (deterministic digesting, authenticator factories, DI extensions) with docs + xUnit fakes covering sign/verify/export flows. | FIDO2 | KMSI0102 |
| LATTICE-401-023 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Scanner Guild · Policy Guild | `docs/reachability/lattice.md`, `docs/modules/scanner/architecture.md`, `src/Scanner/StellaOps.Scanner.WebService` | Update reachability/lattice docs + examples. | GRSC0101 & RBRE0101 | LEDG0101 |
| LEDGER-29-007 | DONE | 2025-11-17 | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild (`src/Findings/StellaOps.Findings.Ledger`) | src/Findings/StellaOps.Findings.Ledger | Instrument metrics | LEDGER-29-006 | PLLG0101 |
| LEDGER-29-008 | DONE | 2025-11-22 | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger + QA Guild | src/Findings/StellaOps.Findings.Ledger | Develop unit/property/integration tests, replay/restore tooling, determinism harness, and load tests at 5M findings/tenant | LEDGER-29-007 | PLLG0101 |
| LEDGER-29-009 | BLOCKED | 2025-11-17 | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger + DevOps Guild | src/Findings/StellaOps.Findings.Ledger | Provide deployment manifests | LEDGER-29-008 | PLLG0101 |
| LEDGER-34-101 | TODO | | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild | src/Findings/StellaOps.Findings.Ledger | Link orchestrator run ledger exports into Findings Ledger provenance chain, index by artifact hash, and expose audit queries | LEDGER-29-009 | PLLG0101 |
| LEDGER-AIRGAP-56 | TODO | | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger + AirGap Guilds | | AirGap ledger schema. | PLLG0102 | PLLG0102 |
| LEDGER-AIRGAP-56-001 | TODO | | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild | src/Findings/StellaOps.Findings.Ledger | Record bundle provenance (`bundle_id`, `merkle_root`, `time_anchor`) on ledger events for advisories/VEX/policies imported via Mirror Bundles | LEDGER-AIRGAP-56 | PLLG0102 |
| LEDGER-AIRGAP-56-002 | TODO | | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger + AirGap Time Guild | src/Findings/StellaOps.Findings.Ledger | Surface staleness metrics for findings and block risk-critical exports when stale beyond thresholds; provide remediation messaging | LEDGER-AIRGAP-56-001 | PLLG0102 |
| LEDGER-AIRGAP-57 | TODO | | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild · AirGap Guilds · Evidence Locker Guild | | — | — | PLLG0102 |
| LEDGER-AIRGAP-57-001 | TODO | | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild, Evidence Locker Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Link findings evidence snapshots to portable evidence bundles and ensure cross-enclave verification works | LEDGER-AIRGAP-56-002 | PLLG0102 |
| LEDGER-AIRGAP-58-001 | TODO | | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild, AirGap Controller Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Emit timeline events for bundle import impacts | LEDGER-AIRGAP-57-001 | PLLG0102 |
| LEDGER-ATTEST-73-001 | TODO | | SPRINT_0120_0001_0001_policy_reasoning | Findings Ledger Guild, Attestor Service Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Persist pointers from findings to verification reports and attestation envelopes for explainability | — | PLLG0102 |
| LEDGER-ATTEST-73-002 | BLOCKED | | SPRINT_0121_0001_0002_policy_reasoning_blockers | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Enable search/filter in findings projections by verification result and attestation status | LEDGER-ATTEST-73-001 | PLLG0102 |
| LEDGER-EXPORT-35-001 | TODO | | SPRINT_0121_0001_0001_policy_reasoning | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Provide paginated streaming endpoints for advisories, VEX, SBOMs, and findings aligned with export filters, including deterministic ordering and provenance metadata | — | PLLG0101 |
| LEDGER-OAS-61-001 | BLOCKED | | SPRINT_0121_0001_0002_policy_reasoning_blockers | Findings Ledger Guild, API Contracts Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Expand Findings Ledger OAS to include projections, evidence lookups, and filter parameters with examples | — | PLLG0101 |
| LEDGER-OAS-61-002 | BLOCKED | | SPRINT_0121_0001_0002_policy_reasoning_blockers | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Implement `/.well-known/openapi` endpoint and ensure version metadata matches release | LEDGER-OAS-61-001 | PLLG0101 |
| LEDGER-OAS-62-001 | BLOCKED | | SPRINT_0121_0001_0002_policy_reasoning_blockers | Findings Ledger Guild, SDK Generator Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Provide SDK test cases for findings pagination, filtering, evidence links; ensure typed models expose provenance | LEDGER-OAS-61-002 | PLLG0101 |
| LEDGER-OAS-63-001 | BLOCKED | | SPRINT_0121_0001_0002_policy_reasoning_blockers | Findings Ledger Guild, API Governance Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Support deprecation headers and Notifications for retiring finding endpoints | LEDGER-OAS-62-001 | PLLG0101 |
| LEDGER-OBS-50-001 | TODO | | SPRINT_0121_0001_0001_policy_reasoning | Findings Ledger Guild, Observability Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Integrate telemetry core within ledger writer/projector services, emitting structured logs and trace spans for ledger append, projector replay, and query APIs with tenant context | — | PLLG0102 |
| LEDGER-OBS-51-001 | TODO | | SPRINT_0121_0001_0001_policy_reasoning | Findings Ledger Guild, DevOps Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Publish metrics for ledger latency, projector lag, event throughput, and policy evaluation linkage. Define SLOs | LEDGER-OBS-50-001 | PLLG0102 |
| LEDGER-OBS-52-001 | TODO | | SPRINT_0121_0001_0001_policy_reasoning | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Emit timeline events for ledger writes and projector commits | LEDGER-OBS-51-001 | PLLG0103 |
| LEDGER-OBS-53-001 | TODO | | SPRINT_0121_0001_0001_policy_reasoning | Findings Ledger Guild, Evidence Locker Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Persist evidence bundle references | LEDGER-OBS-52-001 | PLLG0103 |
| LEDGER-OBS-54-001 | TODO | | SPRINT_0121_0001_0001_policy_reasoning | Findings Ledger Guild, Provenance Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Verify attestation references for ledger-derived exports; expose `/ledger/attestations` endpoint returning DSSE verification state and chain-of-custody summary | LEDGER-OBS-53-001 | PLLG0103 |
| LEDGER-OBS-55-001 | BLOCKED | | SPRINT_0121_0001_0002_policy_reasoning_blockers | Findings Ledger Guild, DevOps Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Enhance incident mode to record additional replay diagnostics | LEDGER-OBS-54-001 | PLLG0103 |
| LEDGER-PACKS-42-001 | BLOCKED | | SPRINT_0121_0001_0002_policy_reasoning_blockers | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Provide snapshot/time-travel APIs and digestable exports for task pack simulation and CLI offline mode | — | PLLG0103 |
| LEDGER-RISK-66-001 | TODO | | SPRINT_0121_0001_0001_policy_reasoning | Findings Ledger Guild, Risk Engine Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Add schema migrations for `risk_score`, `risk_severity`, `profile_version`, `explanation_id`, and supporting indexes | — | PLLG0103 |
| LEDGER-RISK-66-002 | TODO | | SPRINT_0121_0001_0001_policy_reasoning | Findings Ledger Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Implement deterministic upsert of scoring results keyed by finding hash/profile version with history audit | LEDGER-RISK-66-001 | PLLG0103 |
| LEDGER-RISK-67-001 | TODO | | SPRINT_122_policy_reasoning | Findings Ledger Guild, Risk Engine Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Expose query APIs for scored findings with score/severity filters, pagination, and explainability links | LEDGER-RISK-66-002 | PLLG0103 |
| LEDGER-RISK-68-001 | TODO | | SPRINT_122_policy_reasoning | Findings Ledger Guild, Export Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Enable export of scored findings and simulation results via Export Center integration | LEDGER-RISK-67-001 | PLLG0103 |
| LEDGER-RISK-69-001 | TODO | | SPRINT_122_policy_reasoning | Findings Ledger Guild, Observability Guild / src/Findings/StellaOps.Findings.Ledger | src/Findings/StellaOps.Findings.Ledger | Emit metrics/dashboards for scoring latency, result freshness, severity distribution, provider gaps | LEDGER-RISK-68-001 | PLLG0103 |
| LEDGER-TEN-48-001 | TODO | | SPRINT_122_policy_reasoning | Findings Ledger Guild · Tenancy Guild | src/Findings/StellaOps.Findings.Ledger | Partition ledger tables by tenant/project, enable RLS, update queries/events, and stamp audit metadata | LEDGER-29-009 | LEDG0101 |
| LENS-ENG-0001 | TODO | | SPRINT_332_docs_modules_vex_lens | Module Team · Docs Guild | docs/modules/vex-lens | Engineering checklist. | DOVL0101 outputs | LEDG0101 |
| LENS-OPS-0001 | TODO | | SPRINT_332_docs_modules_vex_lens | Ops Guild · Docs Guild | docs/modules/vex-lens | Ops/runbook guidance. | LENS-ENG-0001 | LEDG0101 |
| LIB-401-001 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild | `src/Policy/StellaOps.PolicyDsl`, `docs/policy/dsl.md` | Update DSL library + docs. | DOAL0101 references | LEDG0101 |
| LIB-401-002 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild · CLI Guild | `tests/Policy/StellaOps.PolicyDsl.Tests`, `policy/default.dsl`, `docs/policy/lifecycle.md` | Expand tests/fixtures. | LIB-401-001 | LEDG0101 |
| LIB-401-020 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild | `src/Attestor/StellaOps.Attestation`, `src/Attestor/StellaOps.Attestor.Envelope` | Publish CAS fixtures + determinism tests. | LIB-401-002 | LEDG0101 |
| LIC-0001 | TODO | 2025-11-10 | SPRINT_0138_0001_0001_scanner_ruby_parity | Legal Guild · Docs Guild | docs/modules/scanner | Refresh license notes. | SCANNER-ENG-0016 | LEDG0101 |
| LNM-21-001 | TODO | | SPRINT_113_concelier_ii | CLI Guild (`src/Cli/StellaOps.Cli`) | src/Concelier/__Libraries/StellaOps.Concelier.Core | Implement baseline LNM CLI verb. | DOLN0101 schema | LENS0101 |
| LNM-21-002 | TODO | | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Hash verification support. | LNM-21-001 | LENS0101 |
| LNM-21-003 | TODO | | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Filtering options. | LNM-21-002 | LIBC0101 |
| LNM-21-004 | TODO | | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Multi-bundle diff. | LNM-21-003 | LIBC0101 |
| LNM-21-005 | TODO | | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Export packaging. | LNM-21-004 | LIBC0101 |
| LNM-21-101 | TODO | | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | Deterministic tests. | LNM-21-001 | LIBC0101 |
| LNM-21-102 | TODO | | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | LNM-21-101 | LNM-21-101 | LNMC0101 |
| LNM-21-103 | TODO | | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | LNM-21-102 | LNM-21-102 | LNMC0101 |
| LNM-21-201 | TODO | | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/StellaOps.Concelier.WebService | Bundle validation enhancements. | LNMC0101 outputs | LNMC0101 |
| LNM-21-202 | TODO | | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/StellaOps.Concelier.WebService | Policy linking improvements. | LNM-21-201 | LNMC0101 |
| LNM-21-203 | TODO | | SPRINT_113_concelier_ii | CLI Guild | src/Concelier/StellaOps.Concelier.WebService | Export reporting. | LNM-21-202 | LNMC0101 |
| LNM-22-001 | TODO | | SPRINT_0202_0001_0002_cli_ii | CLI Guild | src/Cli/StellaOps.Cli | CLI/UI shared components. | DOLN0101 | LNMC0101 |
| LNM-22-002 | TODO | | SPRINT_0202_0001_0002_cli_ii | CLI Guild | src/Cli/StellaOps.Cli | Additional filters. | LNM-22-001 | LNMC0101 |
| LNM-22-003 | TODO | | SPRINT_0210_0001_0002_ui_ii | UI Guild (`src/UI/StellaOps.UI`) | src/UI/StellaOps.UI | UI ingestion view. | LNM-22-001 | LNMC0101 |
| LNM-22-004 | TODO | | SPRINT_0210_0001_0002_ui_ii | UI Guild | src/UI/StellaOps.UI | UI remediation workflow. | LNM-22-003 | IMPT0101 |
| LNM-22-005 | BLOCKED (2025-10-27) | 2025-10-27 | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs + UI Guild | | Docs update for UI flows. | DOCS-LNM-22-004 | IMPT0101 |
| LNM-22-007 | TODO | | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · Observability Guild | docs/modules/concelier/link-not-merge.md | Publish `/docs/observability/aggregation.md` with metrics/traces/logs/SLOs. Dependencies: DOCS-LNM-22-005. | DOCS-LNM-22-005 | DOLN0102 |
| LNM-22-008 | DONE | 2025-11-03 | SPRINT_117_concelier_vi | Docs Guild · DevOps Guild | docs/modules/concelier/link-not-merge.md | Document Link-Not-Merge migration playbook updates in `docs/migration/no-merge.md`, including rollback guidance. | LNM-22-007 | DOLN0102 |
| MIRROR-CRT-56-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator Guild | | Deterministic assembler has no owner; kickoff rescheduled to 2025-11-15. | PROGRAM-STAFF-1001 | ATMI0101 |
| MIRROR-CRT-56-002 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator · Security Guilds | | DSSE/TUF metadata follows assembler baseline. | MIRROR-CRT-56-001; MIRROR-DSSE-REV-1501; PROV-OBS-53-001 | ATMI0101 |
| MIRROR-CRT-57-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator Guild · AirGap Time Guild | | OCI/time-anchor workstreams blocked pending assembler + time contract. | MIRROR-CRT-56-001; AIRGAP-TIME-CONTRACT-1501; AIRGAP-TIME-57-001 | ATMI0101 |
| MIRROR-CRT-57-002 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator Guild · AirGap Time Guild | | MIRROR-CRT-56-001; AIRGAP-TIME-CONTRACT-1501; AIRGAP-TIME-57-001 | MIRROR-CRT-56-001; AIRGAP-TIME-CONTRACT-1501; AIRGAP-TIME-57-001 | ATMI0101 |
| MIRROR-CRT-58-001 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator Guild · CLI Guild · Exporter Guild | | CLI + Export automation depends on assembler and DSSE/TUF track. | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | ATMI0101 |
| MIRROR-CRT-58-002 | TODO | | SPRINT_0506_0001_0001_ops_devops_iv | Mirror Creator Guild · CLI Guild · Exporter Guild | | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | MIRROR-CRT-56-001; EXPORT-OBS-54-001; CLI-AIRGAP-56-001 | ATMI0101 |
| MTLS-11-002 | DONE | 2025-11-08 | SPRINT_100_identity_signing | Authority Core & Security Guild | src/Authority/StellaOps.Authority | Refresh grants enforce original client cert, tokens persist `x5t#S256` metadata, docs updated. | AUTH-DPOP-11-001 | AUIN0102 |
| NATIVE-401-015 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Scanner Worker Guild | `src/Scanner/__Libraries/StellaOps.Scanner.Symbols.Native`, `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph.Native` | Bootstrap Symbols.Native + CallGraph.Native scaffolding and coverage fixtures. | Needs replay requirements from DORR0101 | SCNA0101 |
| NOTIFY-38-001 | TODO | | SPRINT_0214_0001_0001_web_iii | BE-Base Platform Guild | src/Web/StellaOps.Web | Route approval/rule APIs through Web gateway with tenant scopes. | Wait for NOTY0103 approval payload schema | NOWB0101 |
| NOTIFY-39-001 | TODO | | SPRINT_0214_0001_0001_web_iii | BE-Base Platform Guild | src/Web/StellaOps.Web | Surface digest/simulation/quiet-hour controls in Web tier. | Needs correlation outputs from NOTY0105 | NOWB0101 |
| NOTIFY-40-001 | TODO | | SPRINT_0202_0001_0002_cli_ii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement escalations + ack workflows, localization previews, and channel health checks. | NOTIFY-39-001 | NOWC0101 |
| NOTIFY-AIRGAP-56-002 | DONE | | SPRINT_0170_0001_0001_notifications_telemetry | Notifications Service Guild · DevOps Guild | src/Notify/StellaOps.Notify | Ship AirGap-ready notifier bundles (Helm overlays, secrets templates, rollout guide). | MIRROR-CRT-56-001 | NOIA0101 |
| NOTIFY-ATTEST-74-001 | DOING | | SPRINT_0170_0001_0001_notifications_telemetry | Notifications Service Guild · Attestor Service Guild | src/Notify/StellaOps.Notify | Create attestor-driven notification templates + schema docs; publish in `/docs/notifications/templates.md`. | ATEL0101 | NOIA0101 |
| NOTIFY-ATTEST-74-002 | DOING | | SPRINT_0170_0001_0001_notifications_telemetry | Notifications Service Guild | src/Notify/StellaOps.Notify | Wire attestor DSSE payload ingestion + Task Runner callbacks for attestation verdicts. | NOTIFY-ATTEST-74-001 | NOIA0101 |
| NOTIFY-DOC-70-001 | DONE | | SPRINT_0170_0001_0001_notifications_telemetry | Notifications Service Guild · DevOps Guild | docs/modules/notify | Keep as reference for documentation/offline-kit parity. | NOTIFY-AIRGAP-56-002 | DONO0102 |
| NOTIFY-DOCS-0001 | DONE | 2025-11-05 | SPRINT_0322_0001_0001_docs_modules_notify | Docs Guild | docs/modules/notify | Validate module README reflects Notifications Studio pivot and latest release notes. | NOTIFY-DOC-70-001 | DONO0102 |
| NOTIFY-DOCS-0002 | TODO | 2025-11-05 | SPRINT_0322_0001_0001_docs_modules_notify | Docs Guild | docs/modules/notify | Pending NOTIFY-SVC-39-001..004 to document correlation/digests/simulation/quiet hours. | NOTIFY-SVC-39-004 | DONO0102 |
| NOTIFY-ENG-0001 | TODO | | SPRINT_0322_0001_0001_docs_modules_notify | Module Team | docs/modules/notify | Keep implementation milestones aligned with `/docs/implplan/SPRINT_0171_0001_0001_notifier_i.md` onward. | NOTY0103 | DONO0102 |
| NOTIFY-OAS-61-001 | DONE (2025-11-17) | | SPRINT_0171_0001_0001_notifier_i | Notifications Service Guild · API Governance Guild | docs/api/notifications | Update OpenAPI doc set (rule/incident endpoints) with new schemas + changelog. | NOTY0103 | NOOA0101 |
| NOTIFY-OAS-61-002 | DONE (2025-11-17) | | SPRINT_0171_0001_0001_notifier_i | Notifications Service Guild · SDK Guild | docs/api/notifications | Provide SDK usage examples for rule CRUD, incident ack, and quiet hours; ensure SDK smoke tests. | NOTIFY-OAS-61-001 | NOOA0101 |
| NOTIFY-OAS-62-001 | DONE (2025-11-17) | | SPRINT_0171_0001_0001_notifier_i | Notifications Service Guild · Developer Portal Guild | docs/api/notifications | Publish `/docs/api/reference/notifications` auto-generated site; integrate with portal nav. | NOTIFY-OAS-61-002 | NOOA0101 |
| NOTIFY-OAS-63-001 | DONE (2025-11-17) | | SPRINT_0171_0001_0001_notifier_i | Notifications Service Guild · SDK Generator Guild | docs/api/notifications | Provide CLI/UI quickstarts plus recipes referencing new endpoints. | NOTIFY-OAS-61-002 | NOOA0101 |
| NOTIFY-OBS-51-001 | DONE (2025-11-22) | | SPRINT_0171_0001_0001_notifier_i | Notifications Service Guild · Observability Guild | src/Notifier/StellaOps.Notifier | Integrate telemetry SLO webhook sink and routing into Notifier with templates and suppression. | NOTY0104 | NOOB0101 |
| NOTIFY-OBS-55-001 | DONE (2025-11-22) | | SPRINT_0171_0001_0001_notifier_i | Notifications Service Guild · Ops Guild | src/Notifier/StellaOps.Notifier | Incident mode start/stop notifications with evidence links, retention notes, quiet-hour overrides, legal logging. | NOTIFY-OBS-51-001 | NOOB0101 |
| NOTIFY-OPS-0001 | TODO | | SPRINT_0322_0001_0001_docs_modules_notify | Ops Guild · Docs Guild | docs/modules/notify | Review notifier runbooks/observability assets after the next sprint demo and record findings. | NOTIFY-OBS-55-001 | NOOR0101 |
| NOTIFY-RISK-66-001 | TODO | | SPRINT_0171_0001_0001_notifier_i | Notifications Service Guild · Risk Engine Guild · Policy Guild | src/Notifier/StellaOps.Notifier | Policy/Risk metadata export required before implementation. | POLICY-RISK-40-002 | NORR0101 |
| NOTIFY-RISK-67-001 | TODO | | SPRINT_0171_0001_0001_notifier_i | Notifications Service Guild · Policy Guild | src/Notifier/StellaOps.Notifier | Notify stakeholders when risk profiles are published, deprecated, or thresholds change. | NOTIFY-RISK-66-001 | NORR0101 |
| NOTIFY-RISK-68-001 | TODO | | SPRINT_0171_0001_0001_notifier_i | Notifications Service Guild · Risk Engine Guild · Policy Guild | src/Notifier/StellaOps.Notifier | Broadcast severity transitions with trace metadata and attach policy references. | NOTIFY-RISK-67-001 | NORR0101 |
| NOTIFY-SVC-37-001 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Define pack approval & policy notification contract, including OpenAPI schema, event payloads, resume token mechanics, and security guidance. | Align payload schema with PGMI0101 + ATEL0101 decisions | NOTY0103 |
| NOTIFY-SVC-37-002 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Implement secure ingestion endpoint, Mongo persistence (`pack_approvals`), idempotent writes, and audit trail for approval events. Dependencies: NOTIFY-SVC-37-001. | NOTIFY-SVC-37-001 | NOTY0103 |
| NOTIFY-SVC-37-003 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Deliver approval/policy templates, routing predicates, and channel dispatch (email/chat/webhook) with deterministic ordering plus ack gating. | NOTIFY-SVC-37-002 | NOTY0103 |
| NOTIFY-SVC-37-004 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Provide acknowledgement API, Task Runner callback client, metrics for outstanding approvals, and SLA escalations. | NOTIFY-SVC-37-003 | NOTY0103 |
| NOTIFY-SVC-38-002 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Implement channel adapters (email, chat webhook, generic webhook) with retry policies, health checks, and audit logging. | NOTIFY-SVC-37-004 | NOTY0104 |
| NOTIFY-SVC-38-003 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Deliver template service (versioned templates, localization scaffolding) and renderer with redaction allowlists, Markdown/HTML/JSON outputs, and provenance links. | NOTIFY-SVC-38-002 | NOTY0104 |
| NOTIFY-SVC-38-004 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Expose REST + WS APIs (rules CRUD, templates preview, incidents list, ack) with audit logging, RBAC checks, and live feed stream. | NOTIFY-SVC-38-003 | NOTY0104 |
| NOTIFY-SVC-39-001 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Implement correlation engine with pluggable key expressions/windows, throttler (token buckets), quiet hours/maintenance evaluator, and incident lifecycle. | NOTIFY-SVC-38-004 | NOTY0105 |
| NOTIFY-SVC-39-002 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Build digest generator (queries, formatting) with schedule runner and distribution manifests. | NOTIFY-SVC-39-001 | NOTY0105 |
| NOTIFY-SVC-39-003 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Provide simulation engine/API to dry-run rules against historical events, returning correlation explanations. | NOTIFY-SVC-39-002 | NOTY0105 |
| NOTIFY-SVC-39-004 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Integrate quiet hour calendars and throttles with audit logging plus operator overrides. | NOTIFY-SVC-39-003 | NOTY0105 |
| NOTIFY-SVC-40-001 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Implement escalations + on-call schedules, ack bridge, PagerDuty/OpsGenie adapters, and CLI/in-app inbox channels. Dependencies: NOTIFY-SVC-39-004. | NOTIFY-SVC-39-004 | NOTY0106 |
| NOTIFY-SVC-40-002 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Add summary storm breaker notifications, localization bundles, and localization fallback handling. | NOTIFY-SVC-40-001 | NOTY0106 |
| NOTIFY-SVC-40-003 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Harden security: signed ack links (KMS), webhook HMAC/IP allowlists, tenant isolation fuzz tests, HTML sanitization. | NOTIFY-SVC-40-002 | NOTY0106 |
| NOTIFY-SVC-40-004 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Finalize observability (metrics/traces for escalations, latency), dead-letter handling, chaos tests for channel outages, and retention policies. | NOTIFY-SVC-40-003 | NOTY0106 |
| NOTIFY-TEN-48-001 | TODO | | SPRINT_0173_0001_0003_notifier_iii | Notifications Service Guild | src/Notifier/StellaOps.Notifier | Tenant-scope rules/templates/incidents, RLS on storage, tenant-prefixed channels, and inclusion of tenant context in notifications. | NOTIFY-SVC-40-004 | NOTY0107 |
| OAS-61 | TODO | | SPRINT_160_export_evidence | Exporter Service + API Governance + SDK Guilds | docs/api/oas | Define platform-wide OpenAPI governance + release checklist. | PGMI0101 | DOOA0103 |
| OAS-61-001 | DOING | | SPRINT_0170_0001_0001_notifications_telemetry | API Governance Guild | docs/api/oas | Draft spec updates + changelog text. | OAS-61 | DOOA0103 |
| OAS-61-002 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Align Link-Not-Merge endpoints with new pagination/idempotency rules. | OAS-61 | COAS0101 |
| OAS-61-003 | TODO | | SPRINT_0305_0001_0005_docs_tasks_md_v | Docs Guild · API Governance Guild | docs/api/oas | Publish `/docs/api/versioning.md` describing SemVer, deprecation headers, migration playbooks. | OAS-61 | DOOA0103 |
| OAS-62 | TODO | | SPRINT_160_export_evidence | Exporter + API Gov + SDK Guilds | docs/api/oas | Document SDK/gen pipeline + offline bundle expectations. | OAS-61 | DOOA0103 |
| OAS-62-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild · SDK Generator Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Generate `/docs/api/reference/` data + integrate with SDK scaffolding. | OAS-61-002 | COAS0101 |
| OAS-62-002 | TODO | | SPRINT_0511_0001_0001_api | API Contracts Guild | src/Api/StellaOps.Api.OpenApi | Add lint rules enforcing pagination, idempotency headers, naming conventions, and example coverage. | OAS-62-001 | AOAS0101 |
| OAS-63 | TODO | | SPRINT_160_export_evidence | Exporter + API Gov + SDK Guilds | docs/api/oas | Define discovery endpoint strategy + lifecycle docs. | OAS-62 | DOOA0103 |
| OAS-63-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild · API Governance Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Implement `.well-known/openapi` metadata + discovery hints. | Requires 62-001 outputs | |
| OBS-50-001 | DOING | | SPRINT_0170_0001_0001_notifications_telemetry | Telemetry Core Guild | | Implement structured logging + trace propagation defaults across services. | Align scrub rules with Security guild | |
| OBS-50-002 | DOING | | SPRINT_0170_0001_0001_notifications_telemetry | Telemetry Core Guild | | Roll out collectors/helm overlays + regression tests for exporters. | Needs 50-001 baseline in main | |
| OBS-50-003 | TODO | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · Observability Guild | | Update collector deployment + metrics catalog docs. | Needs scrubber decisions from TLTY0102 | |
| OBS-50-004 | TODO | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild · Observability Guild | | Add SOP for telemetry scrub policies + troubleshooting. | Requires 50-003 outline | |
| OBS-51-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | | Build SLO bus + queue depth metrics feeding CLI/exporter dashboards. | PROGRAM-STAFF-1001 | |
| OBS-51-002 | TODO | | SPRINT_0170_0001_0001_notifications_telemetry | Telemetry Core Guild · Observability Guild | | Enable shadow-mode evaluators + roll into main collectors. | Depends on 51-001 shadow mode | |
| OBS-52-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Emit ingest latency/queue/AOC metrics with burn-rate alerts. | Needs ATLN0101 schema | |
| OBS-52-002 | TODO | | SPRINT_160_export_evidence | Timeline Indexer Guild | | Configure streaming pipeline (retention/partitioning/backpressure). | Needs Concelier metrics | |
| OBS-52-003 | TODO | | SPRINT_160_export_evidence | Timeline Indexer Guild | | Add CI validation + schema enforcement for timeline events. | Depends on 52-002 | |
| OBS-52-004 | TODO | | SPRINT_160_export_evidence | Timeline Indexer + Security Guilds | | Harden stream (auth, encryption) + produce DSSE proofs. | Requires 52-003 outputs | |
| OBS-53-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | | Establish provenance SLO signals + exporter hooks. | PROGRAM-STAFF-1001 | |
| OBS-53-002 | TODO | | SPRINT_0513_0001_0001_provenance | Provenance + Security Guild | src/Provenance/StellaOps.Provenance.Attestation | Add attestation metrics/log scrubbers in Provenance.Attestation. | Depends on 53-001 | |
| OBS-53-003 | TODO | | SPRINT_0513_0001_0001_provenance | Provenance Guild | src/Provenance/StellaOps.Provenance.Attestation | Ship dashboards/tests proving attestation observability. | Requires 53-002 outputs | |
| OBS-54-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild · Provenance Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Needs shared exporter from 1039_EXPORT-OBS-54-001 | Needs shared exporter from 1039_EXPORT-OBS-54-001 | CNOB0101 |
| OBS-54-002 | TODO | | SPRINT_161_evidencelocker | Evidence Locker Guild | `src/EvidenceLocker/StellaOps.EvidenceLocker` | Add metrics/logs/alerts for Evidence Locker flows. | Needs provenance metrics | |
| OBS-55-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core & DevOps Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Refresh ops automation/runbooks referencing new metrics. | Depends on 52-001 outputs | |
| OBS-56-001 | DONE (2025-11-27) | | SPRINT_0174_0001_0001_telemetry | Telemetry Core Guild | src/Telemetry/StellaOps.Telemetry.Core | Produce air-gap collector bundle + signed configs/tests. | Needs telemetry baseline from TLTY0102 | |
| OFFLINE-17-004 | BLOCKED | 2025-10-26 | SPRINT_0508_0001_0001_ops_offline_kit | Offline Kit Guild · DevOps Guild | ops/offline-kit | Repackage release-17 bundle with new DSSE receipts + verification logs. | Needs PROGRAM-STAFF-1001 approvals | |
| OFFLINE-34-006 | TODO | | SPRINT_0508_0001_0001_ops_offline_kit | Offline Kit + Orchestrator Guild | ops/offline-kit | Add orchestrator automation bundle + docs to kit. | Requires mirror time anchors | |
| OFFLINE-37-001 | TODO | | SPRINT_0508_0001_0001_ops_offline_kit | Offline Kit + Exporter Guild | ops/offline-kit | Ship export evidence bundle + checksum manifests. | Depends on Export Center artefacts | |
| OFFLINE-37-002 | TODO | | SPRINT_0508_0001_0001_ops_offline_kit | Offline Kit + Notifications Guild | ops/offline-kit | Bundle notifier templates + channel configs for offline ops. | Needs notifier templates from NOIA0101 | |
| OFFLINE-CONTAINERS-46-001 | TODO | | SPRINT_0508_0001_0001_ops_offline_kit | Offline Kit + Deployment Guild | ops/offline-kit | Include container air-gap bundle, verification docs, and mirrored registry instructions inside Offline Kit. | Requires container hardening guidance | |
| OPENSSL-11-001 | TODO | 2025-11-06 | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild · Build Infra Guild | ops/devops | Rebuild OpenSSL libs + publish reproducible logs/tarballs. | Needs patched toolchain spec | |
| OPENSSL-11-002 | TODO | 2025-11-06 | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild · CI Guild | ops/devops | Update CI images + pipelines with new OpenSSL packages and smoke tests. | Depends on 11-001 artefacts | |
| OPS-0001 | DONE | 2025-11-07 | SPRINT_333_docs_modules_excititor | Ops Guild (docs/modules/excitor) | docs/modules/excitor | | | |
| OPS-ENV-01 | TODO | | SPRINT_0507_0001_0001_ops_devops_v | DevOps Guild · Scanner Guild | ops/devops | Update deployment manifests (Helm/Compose) and configuration docs to include Surface.Env variables for Scanner and Zastava services. | Needs finalized Surface.Env schema | |
| OPS-SECRETS-01 | TODO | | SPRINT_0507_0001_0001_ops_devops_v | DevOps + Security Guild | ops/devops | Define secret provisioning workflow (Kubernetes, Compose, Offline Kit) for Surface.Secrets references and update runbooks. | Depends on env updates | |
| OPS-SECRETS-02 | TODO | | SPRINT_0507_0001_0001_ops_devops_v | DevOps + Offline Kit Guild | ops/devops | Embed Surface.Secrets material (encrypted bundles, manifests) into offline kit packaging scripts. Dependencies: OPS-SECRETS-01. | Requires 01 workflow | |
| ORCH-32-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | — | — | ORGR0102 |
| ORCH-32-002 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | — | — | ORGR0102 |
| ORCH-33-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | — | — | ORGR0102 |
| ORCH-33-002 | TODO | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | | — | — | ORGR0102 |
| ORCH-33-003 | TODO | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | | — | — | ORGR0102 |
| ORCH-34-001 | TODO | | SPRINT_114_concelier_iii | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | — | — | ORGR0102 |
| ORCH-34-002 | TODO | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | | — | — | ORGR0102 |
| ORCH-34-003 | TODO | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | | — | — | ORGR0102 |
| ORCH-34-004 | TODO | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | | — | — | ORGR0102 |
| ORCH-34-005 | TODO | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | | — | — | ORGR0102 |
| ORCH-SVC-32-002 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Implement scheduler DAG planner + dependency resolver, job state machine, and critical-path metadata without yet issuing control actions. Dependencies: ORCH-SVC-32-001. | Needs 32-001 DB | |
| ORCH-SVC-32-003 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Expose read-only REST APIs (sources, runs, jobs, DAG) with OpenAPI, validation, pagination, and tenant scoping. Dependencies: ORCH-SVC-32-002. | Depends on 32-002 | |
| ORCH-SVC-32-004 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Implement WebSocket/SSE stream for job/run updates, emit structured metrics counters/histograms, and add health probes. Dependencies: ORCH-SVC-32-003. | Needs 32-003 | |
| ORCH-SVC-32-005 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Deliver worker claim/heartbeat/progress endpoints capturing artifact metadata/checksums and enforcing idempotency keys. Dependencies: ORCH-SVC-32-004. | Needs 32-004 | |
| ORCH-SVC-33-001 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Enable `sources test. Dependencies: ORCH-SVC-32-005. | Needs ORSC0101 worker contract | |
| ORCH-SVC-33-002 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Implement per-source/tenant adaptive token-bucket rate limiter, concurrency caps, and backpressure signals reacting to upstream 429/503. Dependencies: ORCH-SVC-33-001. | Depends on 33-001 | |
| ORCH-SVC-33-003 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Add watermark/backfill manager with event-time windows, duplicate suppression, dry-run preview endpoint, and safety validations. Dependencies: ORCH-SVC-33-002. | Needs 33-002 | |
| ORCH-SVC-33-004 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Deliver dead-letter store, replay endpoints, and error classification surfaces with remediation hints + notification hooks. Dependencies: ORCH-SVC-33-003. | Depends on 33-003 | |
| ORCH-SVC-34-001 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Implement quota management APIs, per-tenant SLO burn-rate computation, and alert budget tracking surfaced via metrics. Dependencies: ORCH-SVC-33-004. | Requires 33-004 | |
| ORCH-SVC-34-002 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Build audit log + immutable run ledger export with signed manifest support, including provenance chain to artifacts. Dependencies: ORCH-SVC-34-001. | Needs ORCH-SVC-34-001 | |
| ORCH-SVC-34-003 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Execute perf/scale validation (≥10k pending jobs, dispatch P95 <150ms) and add autoscaling hooks with health probes. Dependencies: ORCH-SVC-34-002. | Depends on 34-002 | |
| ORCH-SVC-34-004 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Package orchestrator container, Helm overlays, offline bundle seeds, provenance attestations, and compliance checklist for GA. Dependencies: ORCH-SVC-34-003. | Needs 34-003 | |
| ORCH-SVC-35-101 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Register `export` job type with quotas/rate policies, expose telemetry, and ensure exporter workers heartbeat via orchestrator contracts. Dependencies: ORCH-SVC-34-004. | Depends on 34-004 | |
| ORCH-SVC-36-101 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Capture distribution metadata and retention timestamps for export jobs, updating dashboards and SSE payloads. Dependencies: ORCH-SVC-35-101. | Needs 35-101 job type registered | |
| ORCH-SVC-37-101 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Enable scheduled export runs, retention pruning hooks, and failure alerting tied to export job class. Dependencies: ORCH-SVC-36-101. | Depends on 36-101 | |
| ORCH-SVC-38-101 | DOING | | SPRINT_0153_0001_0003_orchestrator_iii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Standardize event envelope (policy/export/job lifecycle) with idempotency keys, ensure export/job failure events published to notifier bus with provenance metadata. Dependencies: ORCH-SVC-37-101. | Needs 37-101 | |
| ORCH-SVC-41-101 | TODO | | SPRINT_0153_0001_0003_orchestrator_iii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Register `pack-run` job type, persist run metadata, integrate logs/artifacts collection, and expose API for Task Runner scheduling. Dependencies: ORCH-SVC-38-101. | Depends on 38-101 | |
| ORCH-SVC-42-101 | TODO | | SPRINT_0153_0001_0003_orchestrator_iii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Stream pack run logs via SSE/WS, add manifest endpoints, enforce quotas, and emit pack run events to Notifications Studio. Dependencies: ORCH-SVC-41-101. | Needs 41-101 | |
| ORCH-TEN-48-001 | TODO | | SPRINT_0153_0001_0003_orchestrator_iii | Orchestrator Service Guild | src/Orchestrator/StellaOps.Orchestrator | Include `tenant_id`/`project_id` in job specs, set DB session context before processing, enforce context on all queries, and reject jobs missing tenant metadata. | Needs ORSC0104 job metadata | |
| ORCH-ENG-0001 | DONE | | SPRINT_0323_0001_0001_docs_modules_orchestrator | Module Team | docs/modules/orchestrator | Keep sprint milestone alignment notes synced with `/docs/implplan/SPRINT_0151_0001_0001_orchestrator_i.md` onward. | Needs ORSC0104 status updates | |
| ORCH-OPS-0001 | DONE | | SPRINT_0323_0001_0001_docs_modules_orchestrator | Ops Guild | docs/modules/orchestrator | Review orchestrator runbooks/observability checklists post-demo. | Requires obs/export docs | |
| PACKS-42-001 | TODO | | SPRINT_0121_0001_0001_policy_reasoning | Findings Ledger Guild | src/Findings/StellaOps.Findings.Ledger | Provide snapshot/time-travel APIs, digestable exports for pack simulation + CLI offline mode. | Needs ORSC0104 event IDs | |
| PACKS-43-001 | DONE | 2025-11-09 | SPRINT_100_identity_signing | Packs Guild · Authority Guild | src/Authority/StellaOps.Authority | Canonical pack bundle + docs for release 43. | AUTH-PACKS-41-001; TASKRUN-42-001; ORCH-SVC-42-101 | |
| PACKS-43-002 | TODO | | SPRINT_0508_0001_0001_ops_offline_kit | Offline Kit Guild, Packs Registry Guild (ops/offline-kit) | ops/offline-kit | | | |
| PACKS-REG-41-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0154_0001_0001_packsregistry | Packs Registry Guild | src/PacksRegistry/StellaOps.PacksRegistry | Implement registry service, migrations for `packs_index`, `parity_matrix`, provenance docs; support pack upload/list/get, signature verification, RBAC enforcement, and provenance manifest storage. | Needs ORSC0104 event feeds | |
| PACKS-REG-42-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0154_0001_0001_packsregistry | Packs Registry Guild | src/PacksRegistry/StellaOps.PacksRegistry | Add version lifecycle (promote/deprecate), tenant allowlists, provenance export, signature rotation, audit logs, and Offline Kit seed support. Dependencies: PACKS-REG-41-001. | Depends on 41-001 | |
| PACKS-REG-43-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0154_0001_0001_packsregistry | Packs Registry Guild | src/PacksRegistry/StellaOps.PacksRegistry | Implement registry mirroring, pack signing policies, attestation integration, and compliance dashboards; integrate with Export Center. Dependencies: PACKS-REG-42-001. | Needs 42-001 | |
| PARITY-41-001 | TODO | | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Propagate `traceparent`/correlation IDs across CLI commands and verbose output. | Needs NOWB0101 gateway trace headers | |
| PARITY-41-002 | TODO | | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add parity tests + docs ensuring CLI error output matches web/notify formats. | Depends on 41-001 | |
| PLATFORM-DOCS-0001 | TODO | | SPRINT_324_docs_modules_platform | Docs Guild | docs/modules/platform | See ./AGENTS.md | Needs updated wave list | |
| PLATFORM-ENG-0001 | TODO | | SPRINT_324_docs_modules_platform | Module Team | docs/modules/platform | Update status via ./AGENTS.md workflow | Depends on 0001 | |
| PLATFORM-OPS-0001 | TODO | | SPRINT_324_docs_modules_platform | Ops Guild | docs/modules/platform | Sync outcomes back to ../.. | Requires ops checklist inputs | |
| PLG4-6 | DONE | 2025-11-08 | SPRINT_100_identity_signing | Authority Plugin Guild | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard | DSSE coverage + docs for standard plugin release. | DPO policy review | |
| PLG6 | DONE | 2025-11-03 | SPRINT_100_identity_signing | Authority Plugin Guild | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard | Offline kit parity + docs refresh. | OFFK0101 bundling | |
| PLG7 | DONE | 2025-11-03 | SPRINT_100_identity_signing | Authority Plugin Guild · Security Guild | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard | LDAP plugin capability alignment. | LDAP provisioning spec | |
| PLG7.IMPL-003 | DONE (2025-11-09) | 2025-11-09 | SPRINT_100_identity_signing | BE-Auth Plugin (src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard) | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard | Claims enricher ships with DN map + regex substitutions, Mongo claims cache (TTL + capacity enforcement) wired through DI, plus unit tests covering enrichment + cache eviction. | Claims enricher ships with DN map + regex substitutions, Mongo claims cache (TTL + capacity enforcement) wired through DI, plus unit tests covering enrichment + cache eviction. | |
| PLG7.IMPL-004 | DONE (2025-11-09) | 2025-11-09 | SPRINT_100_identity_signing | BE-Auth Plugin, DevOps Guild (src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Ldap) | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Ldap | LDAP plug-in now ships `clientProvisioning.*` options, a Mongo-audited `LdapClientProvisioningStore`, capability gating, and docs/tests covering LDAP writes + cache shims. | LDAP plug-in now ships `clientProvisioning.*` options, a Mongo-audited `LdapClientProvisioningStore`, capability gating, and docs/tests covering LDAP writes + cache shims. | |
| PLG7.IMPL-005 | DONE (2025-11-09) | 2025-11-09 | SPRINT_100_identity_signing | BE-Auth Plugin, Docs Guild (src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard) | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard | LDAP plug-in docs refreshed (mutual TLS, regex mappings, cache/audit mirror guidance), sample manifest updated, Offline Kit + release notes now reference the bundled plug-in assets. | LDAP plug-in docs refreshed (mutual TLS, regex mappings, cache/audit mirror guidance), sample manifest updated, Offline Kit + release notes now reference the bundled plug-in assets. | |
| PLG7.IMPL-006 | DONE (2025-11-09) | 2025-11-09 | SPRINT_100_identity_signing | BE-Auth Plugin (src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Ldap) | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Ldap | LDAP bootstrap provisioning added (write probe, Mongo audit mirror, capability downgrade + health status) with docs/tests + sample manifest updates. | LDAP bootstrap provisioning added (write probe, Mongo audit mirror, capability downgrade + health status) with docs/tests + sample manifest updates. | |
| POL-005 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild | `src/Policy/StellaOps.Policy.Engine`, `docs/modules/policy/architecture.md`, `docs/reachability/function-level-evidence.md` | Ingest reachability facts, expose SPL signals, auto-suppress <0.30, emit OpenVEX evidence. | Needs reachability feed GAPG0101 | |
| POLICY-0001 | DONE | 2025-11-10 | SPRINT_0138_0001_0001_scanner_ruby_parity | Policy Guild, Ruby Analyzer Guild (docs/modules/scanner) | docs/modules/scanner | | SCANNER-ENG-0018 | |
| POLICY-13-007 | TODO | | SPRINT_0210_0001_0002_ui_ii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | | | |
| POLICY-20-001 | TODO | | SPRINT_114_concelier_iii | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Provide batch advisory lookup APIs for Policy (purl/advisory filters, explain metadata). | Needs latest advisory schemas | |
| POLICY-20-002 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild | src/Concelier/__Libraries/StellaOps.Concelier.Core | Expand linkset builders with vendor equivalence tables, NEVRA/PURL normalization, version-range parsing. | Depends on 20-001 | |
| POLICY-20-003 | TODO | | SPRINT_115_concelier_iv | Concelier Storage Guild | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | Introduce advisory selection cursors + change-stream checkpoints with offline migration scripts. | Needs 20-002 index/schema | |
| POLICY-20-004 | TODO | | SPRINT_0210_0001_0002_ui_ii | UI Guild | src/UI/StellaOps.UI | Wire UI to new policy evidence APIs, bridging editor + simulation flows. | Needs ORSC0101 APIs | |
| POLICY-23-001 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | | | |
| POLICY-23-002 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild, Platform Events Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | | | |
| POLICY-23-003 | TODO | | SPRINT_0210_0001_0002_ui_ii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | | | |
| POLICY-23-004 | TODO | | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | |
| POLICY-23-005 | TODO | | SPRINT_0210_0001_0002_ui_ii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | | | |
| POLICY-23-006 | TODO | | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | |
| POLICY-23-007 | TODO | | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild, DevEx/CLI Guild (docs) | | | | |
| POLICY-23-008 | TODO | | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild, Architecture Guild (docs) | | | | |
| POLICY-23-009 | TODO | | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild, DevOps Guild (docs) | | | | |
| POLICY-23-010 | TODO | | SPRINT_0307_0001_0007_docs_tasks_md_vii | Docs Guild, UI Guild (docs) | | | | |
| POLICY-27-001 | TODO | | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement workspace commands (`init`, `edit`, `lint`, `compile`, `test`) with deterministic caches + JSON output. | Needs CLI pack templates from CLCI0106 | |
| POLICY-27-002 | TODO | | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add submission/review workflow commands (`version bump`, `submit`, `comment`, `approve/reject`). | Depends on Policy Registry endpoints | |
| POLICY-27-003 | TODO | | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Implement `stella policy simulate` enhancements (quick/batch, SBOM selectors, heatmap diff, JSON/Markdown outputs). | Waiting on CLPS0101 submission scaffolding | |
| POLICY-27-004 | TODO | | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Add lifecycle commands for publish/promote/rollback/sign with attestation checks. | Depends on 27-003 | |
| POLICY-27-005 | TODO | | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild · Docs Guild | src/Cli/StellaOps.Cli | Update CLI refs/samples (JSON schemas, exit codes, CI snippets). | Requires 27-004 output | |
| POLICY-27-006 | TODO | | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild | src/Cli/StellaOps.Cli | Update policy scopes/help text to request new Policy Studio scope family and adjust regression tests. | Needs 27-005 docs | |
| POLICY-27-007 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild, DevEx/CLI Guild (docs) | | | | |
| POLICY-27-008 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild, Policy Registry Guild (docs) | | | | |
| POLICY-27-009 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild, Security Guild (docs) | | | | |
| POLICY-27-010 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild, Architecture Guild (docs) | | | | |
| POLICY-27-011 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild, Observability Guild (docs) | | | | |
| POLICY-27-012 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild, Ops Guild (docs) | | | | |
| POLICY-27-013 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild, Policy Guild (docs) | | | | |
| POLICY-27-014 | BLOCKED | 2025-10-27 | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild, Policy Registry Guild (docs) | | | | |
| POLICY-401-026 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild · Concelier Guild (`docs/policy/dsl.md`, `docs/uncertainty/README.md`) | `docs/policy/dsl.md`, `docs/uncertainty/README.md` | | | |
| POLICY-AIRGAP-56-001 | TODO | | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild | src/Policy/StellaOps.Policy.Engine | Support policy pack imports from Mirror Bundles, track `bundle_id` metadata, and ensure deterministic caching | Needs OFFK0101 bundle schema | |
| POLICY-AIRGAP-56-002 | TODO | | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild · Policy Studio Guild | src/Policy/StellaOps.Policy.Engine | Export policy sub-bundles | POLICY-AIRGAP-56-001 | |
| POLICY-AIRGAP-57-001 | TODO | | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild · Export Center Guild | src/Policy/StellaOps.Policy.Engine | Enforce sealed-mode guardrails in evaluation | POLICY-AIRGAP-56-002 | |
| POLICY-AIRGAP-57-002 | TODO | | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild · Notifications Guild | src/Policy/StellaOps.Policy.Engine | Annotate rule explanations with staleness information and fallback data | POLICY-AIRGAP-57-001 | |
| POLICY-AIRGAP-58-001 | TODO | | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild · Platform Ops | src/Policy/StellaOps.Policy.Engine | Emit notifications when policy packs near staleness thresholds or missing required bundles | POLICY-AIRGAP-57-002 | |
| POLICY-AOC-19-001 | TODO | | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Add Roslyn/CI lint preventing ingestion projects from referencing Policy merge/severity helpers; block forbidden writes at compile time | | |
| POLICY-AOC-19-002 | TODO | | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild, Platform Security / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Enforce `effective_finding_*` write gate ensuring only Policy Engine identity can create/update materializations | POLICY-AOC-19-001 | |
| POLICY-AOC-19-003 | TODO | | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Update readers/processors to consume only `content.raw`, `identifiers`, and `linkset`. Remove dependencies on legacy normalized fields and refresh fixtures | POLICY-AOC-19-002 | |
| POLICY-AOC-19-004 | TODO | | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild, QA Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Add regression tests ensuring policy derived outputs remain deterministic when ingesting revised raw docs | POLICY-AOC-19-003 | |
| POLICY-ATTEST-73-001 | TODO | | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild, Attestor Service Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Introduce VerificationPolicy object: schema, persistence, versioning, and lifecycle | | |
| POLICY-ATTEST-73-002 | TODO | | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Provide Policy Studio editor with validation, dry-run simulation, and version diff | POLICY-ATTEST-73-001 | |
| POLICY-ATTEST-74-001 | TODO | | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild, Attestor Service Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Integrate verification policies into attestor verification pipeline with caching and waiver support | POLICY-ATTEST-73-002 | |
| POLICY-ATTEST-74-002 | TODO | | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild, Console Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Surface policy evaluations in Console verification reports with rule explanations | POLICY-ATTEST-74-001 | |
| POLICY-CONSOLE-23-001 | TODO | | SPRINT_0123_0001_0001_policy_reasoning | Policy Guild, BE-Base Platform Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Optimize findings/explain APIs for Console: cursor-based pagination at scale, global filter parameters (severity bands, policy version, time window), rule trace summarization, and aggregation hints for dashboard cards. Ensure deterministic ordering and expose provenance refs | | |
| POLICY-CONSOLE-23-002 | TODO | | SPRINT_124_policy_reasoning | Policy Guild, Product Ops / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Produce simulation diff metadata | POLICY-CONSOLE-23-001 | |
| POLICY-ENGINE-20-002 | BLOCKED | 2025-10-26 | SPRINT_124_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Build deterministic evaluator honoring lexical/priority order, first-match semantics, and safe value types (no wall-clock/network access) | PGMI0101 | PLPE0101 |
| POLICY-ENGINE-20-003 | TODO | | SPRINT_124_policy_reasoning | Policy Guild, Concelier Core Guild, Excititor Core Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement selection joiners resolving SBOM↔advisory↔VEX tuples using linksets and PURL equivalence tables, with deterministic batching | POLICY-ENGINE-20-002 | PLPE0101 |
| POLICY-ENGINE-20-004 | TODO | | SPRINT_124_policy_reasoning | Policy Guild, Platform Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Ship materialization writer that upserts into `effective_finding_{policyId}` with append-only history, tenant scoping, and trace references | POLICY-ENGINE-20-003 | PLPE0101 |
| POLICY-ENGINE-20-005 | TODO | | SPRINT_124_policy_reasoning | Policy Guild, Security Engineering / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Enforce determinism guard banning wall-clock, RNG, and network usage during evaluation via static analysis + runtime sandbox | POLICY-ENGINE-20-004 | PLPE0101 |
| POLICY-ENGINE-20-006 | TODO | | SPRINT_124_policy_reasoning | Policy Guild, Scheduler Worker Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement incremental orchestrator reacting to advisory/vex/SBOM change streams and scheduling partial policy re-evaluations | POLICY-ENGINE-20-005 | PLPE0101 |
| POLICY-ENGINE-20-007 | TODO | | SPRINT_124_policy_reasoning | Policy Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Emit structured traces/logs of rule hits with sampling controls, metrics | POLICY-ENGINE-20-006 | PLPE0101 |
| POLICY-ENGINE-20-008 | TODO | | SPRINT_124_policy_reasoning | Policy Guild, QA Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Add unit/property/golden/perf suites covering policy compilation, evaluation correctness, determinism, and SLA targets | POLICY-ENGINE-20-007 | PLPE0101 |
| POLICY-ENGINE-20-009 | TODO | | SPRINT_124_policy_reasoning | Policy Guild, Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Define Mongo schemas/indexes for `policies`, `policy_runs`, and `effective_finding_*`; implement migrations and tenant enforcement | POLICY-ENGINE-20-008 | PLPE0101 |
| POLICY-ENGINE-27-001 | TODO | | SPRINT_124_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Extend compile outputs to include rule coverage metadata, symbol table, inline documentation, and rule index for editor autocomplete; persist deterministic hashes | POLICY-ENGINE-20-009 | PLPE0101 |
| POLICY-ENGINE-27-002 | TODO | | SPRINT_124_policy_reasoning | Policy Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Enhance simulate endpoints to emit rule firing counts, heatmap aggregates, sampled explain traces with deterministic ordering, and delta summaries for quick/batch sims | POLICY-ENGINE-27-001 | PLPE0101 |
| POLICY-ENGINE-29-001 | TODO | | SPRINT_124_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement batch evaluation endpoint | POLICY-ENGINE-27-004 | PLPE0102 |
| POLICY-ENGINE-29-002 | TODO | | SPRINT_124_policy_reasoning | Policy Guild, Findings Ledger Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Provide streaming simulation API comparing two policy versions, returning per-finding deltas without writes; align determinism with Vuln Explorer simulation | POLICY-ENGINE-29-001 | PLPE0102 |
| POLICY-ENGINE-29-003 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild, SBOM Service Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Surface path/scope awareness in determinations | POLICY-ENGINE-29-002 | PLPE0102 |
| POLICY-ENGINE-29-004 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Add metrics/logs for batch evaluation | POLICY-ENGINE-29-003 | PLPE0102 |
| POLICY-ENGINE-30-001 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Define overlay contract for graph nodes/edges | POLICY-ENGINE-29-004 | PLPE0102 |
| POLICY-ENGINE-30-002 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement simulation bridge returning on-the-fly overlays for Cartographer/Graph Explorer when invoking Policy Engine simulate; ensure no writes and deterministic outputs | POLICY-ENGINE-30-001 | PLPE0102 |
| POLICY-ENGINE-30-003 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild, Scheduler Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Emit change events | POLICY-ENGINE-30-002 | PLPE0102 |
| POLICY-ENGINE-30-101 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Surface trust weighting configuration | POLICY-ENGINE-30-003 | PLPE0102 |
| POLICY-ENGINE-31-001 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Expose policy knobs for Advisory AI | POLICY-ENGINE-30-101 | PLPE0102 |
| POLICY-ENGINE-31-002 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Provide batch endpoint delivering policy context | POLICY-ENGINE-31-001 | PLPE0103 |
| POLICY-ENGINE-32-101 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Define orchestrator `policy_eval` job schema, idempotency keys, and enqueue hooks triggered by advisory/VEX/SBOM events | POLICY-ENGINE-31-002 | PLPE0103 |
| POLICY-ENGINE-33-101 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement orchestrator-driven policy evaluation workers using SDK heartbeats, respecting throttles, and emitting SLO metrics | POLICY-ENGINE-32-101 | PLPE0103 |
| POLICY-ENGINE-34-101 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Publish policy run ledger exports + SLO burn-rate metrics to orchestrator; ensure provenance chain links to Findings Ledger | POLICY-ENGINE-33-101 | PLPE0103 |
| POLICY-ENGINE-35-201 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Expose deterministic policy snapshot API and evaluated findings stream keyed by policy version for exporter consumption | POLICY-ENGINE-34-101 | PLPE0103 |
| POLICY-ENGINE-38-201 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Emit enriched policy violation events | POLICY-ENGINE-35-201 | PLPE0103 |
| POLICY-ENGINE-40-001 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild, Concelier Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Update severity/status evaluation pipelines to consume multiple source severities per linkset, supporting selection strategies | POLICY-ENGINE-38-201 | PLPE0103 |
| POLICY-ENGINE-40-002 | TODO | | SPRINT_0125_0001_0001_policy_reasoning | Policy Guild, Excititor Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Accept VEX linkset conflicts and provide rationale references in effective findings; ensure explain traces cite observation IDs | POLICY-ENGINE-40-001 | PLPE0103 |
| POLICY-ENGINE-40-003 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Web Scanner Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Provide API/SDK utilities for consumers | POLICY-ENGINE-40-002 | PLPE0103 |
| POLICY-ENGINE-401-003 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild (`src/Policy/StellaOps.Policy.Engine`, `docs/modules/policy/architecture.md`) | `src/Policy/StellaOps.Policy.Engine`, `docs/modules/policy/architecture.md` | Replace in-service DSL compilation with the shared library, support both legacy `stella-dsl@1` packs and the new inline syntax, and keep determinism hashes stable. | — | PLPE0103 |
| POLICY-ENGINE-50-001 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Platform Security / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement SPL compiler: validate YAML, canonicalize, produce signed bundle, store artifact in object storage, write `policy_revisions` with AOC metadata | POLICY-ENGINE-40-003 | PLPE0104 |
| POLICY-ENGINE-50-002 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Runtime Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Build runtime evaluator executing compiled plans over advisory/vex linksets + SBOM asset metadata with deterministic caching | POLICY-ENGINE-50-001 | PLPE0104 |
| POLICY-ENGINE-50-003 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement evaluation/compilation metrics, tracing, and structured logs | POLICY-ENGINE-50-002 | PLPE0104 |
| POLICY-ENGINE-50-004 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Platform Events Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Build event pipeline: subscribe to linkset/SBOM updates, schedule re-eval jobs, emit `policy.effective.updated` events with diff metadata | POLICY-ENGINE-50-003 | PLPE0104 |
| POLICY-ENGINE-50-005 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Design and implement `policy_packs`, `policy_revisions`, `policy_runs`, `policy_artifacts` collections with indexes, TTL, and tenant scoping | POLICY-ENGINE-50-004 | PLPE0104 |
| POLICY-ENGINE-50-006 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, QA Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement explainer persistence + retrieval APIs linking decisions to explanation tree and AOC chain | POLICY-ENGINE-50-005 | PLPE0104 |
| POLICY-ENGINE-50-007 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Scheduler Worker Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Provide evaluation worker host/DI wiring and job orchestration hooks for batch re-evaluations after policy activation | POLICY-ENGINE-50-006 | PLPE0104 |
| POLICY-ENGINE-60-001 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, SBOM Service Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Maintain Redis effective decision maps per asset/snapshot for Graph overlays; implement versioning and eviction strategy | POLICY-ENGINE-50-007 | PLPE0104 |
| POLICY-ENGINE-60-002 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, BE-Base Platform Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Expose simulation bridge for Graph What-if APIs, supporting hypothetical SBOM diffs and draft policies without persisting results | POLICY-ENGINE-60-001 | PLPE0104 |
| POLICY-ENGINE-70-002 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Design and create Mongo collections | POLICY-ENGINE-60-002 | PLPE0104 |
| POLICY-ENGINE-70-003 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Runtime Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Build Redis exception decision cache | POLICY-ENGINE-70-002 | |
| POLICY-ENGINE-70-004 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Extend metrics/tracing/logging for exception application | POLICY-ENGINE-70-003 | |
| POLICY-ENGINE-70-005 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Scheduler Worker Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Provide APIs/workers hook for exception activation/expiry | POLICY-ENGINE-70-004 | |
| POLICY-ENGINE-80-001 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Signals Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Integrate reachability/exploitability inputs into evaluation pipeline | POLICY-ENGINE-70-005 | |
| POLICY-ENGINE-80-002 | TODO | | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild, Storage Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Create joining layer to read `reachability_facts` efficiently | POLICY-ENGINE-80-001 | |
| POLICY-ENGINE-80-003 | TODO | | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild, Policy Editor Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Extend SPL predicates/actions to reference reachability state/score/confidence; update compiler validation | POLICY-ENGINE-80-002 | |
| POLICY-ENGINE-80-004 | TODO | | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Emit metrics | POLICY-ENGINE-80-003 | |
| POLICY-LIB-401-001 | DONE (2025-11-27) | | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild (`src/Policy/StellaOps.PolicyDsl`, `docs/policy/dsl.md`) | `src/Policy/StellaOps.PolicyDsl`, `docs/policy/dsl.md` | Extract the policy DSL parser/compiler into `StellaOps.PolicyDsl`, add the lightweight syntax (default action + inline rules), and expose `PolicyEngineFactory`/`SignalContext` APIs for reuse. | | Created StellaOps.PolicyDsl library with PolicyEngineFactory, SignalContext, tokenizer, parser, compiler, and IR serialization. |
| POLICY-LIB-401-002 | DONE (2025-11-27) | | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild, CLI Guild (`tests/Policy/StellaOps.PolicyDsl.Tests`, `policy/default.dsl`, `docs/policy/lifecycle.md`) | `tests/Policy/StellaOps.PolicyDsl.Tests`, `policy/default.dsl`, `docs/policy/lifecycle.md` | Ship unit-test harness + sample `policy/default.dsl` (table-driven cases) and wire `stella policy lint/simulate` to the shared library. | | Created test harness with 25 unit tests, sample DSL files (minimal.dsl, default.dsl), and wired stella policy lint command to PolicyDsl library. |
| POLICY-OBS-50-001 | TODO | | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild · Observability Guild | src/Policy/StellaOps.Policy.Engine | Integrate telemetry core into policy API + worker hosts, ensuring spans/logs cover compile/evaluate flows with `tenant_id`, `policy_version`, `decision_effect`, and trace IDs | Wait for telemetry schema drop (046_TLTY0101) | PLOB0101 |
| POLICY-OBS-51-001 | TODO | | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild · DevOps Guild | src/Policy/StellaOps.Policy.Engine | Emit golden-signal metrics | POLICY-OBS-50-001 | PLOB0101 |
| POLICY-OBS-52-001 | TODO | | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild | src/Policy/StellaOps.Policy.Engine | Emit timeline events `policy.evaluate.started`, `policy.evaluate.completed`, `policy.decision.recorded` with trace IDs, input digests, and rule summary. Provide contract tests and retry semantics | POLICY-OBS-51-001 | PLOB0101 |
| POLICY-OBS-53-001 | TODO | | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild · Evidence Locker Guild | src/Policy/StellaOps.Policy.Engine | Produce evaluation evidence bundles | POLICY-OBS-52-001 | PLOB0101 |
| POLICY-OBS-54-001 | TODO | | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild · Provenance Guild | src/Policy/StellaOps.Policy.Engine | Generate DSSE attestations for evaluation outputs, expose `/evaluations/{id}/attestation`, and link attestation IDs in timeline + console. Provide verification harness | POLICY-OBS-53-001 | PLOB0101 |
| POLICY-OBS-55-001 | TODO | | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild · DevOps Guild | src/Policy/StellaOps.Policy.Engine | Implement incident mode sampling overrides | POLICY-OBS-54-001 | PLOB0101 |
| POLICY-READINESS-0001 | TODO | | SPRINT_0325_0001_0001_docs_modules_policy | Policy Guild (docs/modules/policy) | docs/modules/policy | Capture policy module readiness checklist aligned with current sprint goals. | | |
| POLICY-READINESS-0002 | TODO | | SPRINT_0325_0001_0001_docs_modules_policy | Policy Guild (docs/modules/policy) | docs/modules/policy | Track outstanding prerequisites/risk items for policy releases and mirror into sprint updates. | | |
| POLICY-RISK-66-001 | DONE | 2025-11-22 | SPRINT_0127_0001_0001_policy_reasoning | Risk Profile Schema Guild / src/Policy/StellaOps.Policy.RiskProfile | src/Policy/StellaOps.Policy.RiskProfile | Develop initial JSON Schema for RiskProfile (signals, transforms, weights, severity, overrides) with validator stubs | | |
| POLICY-RISK-66-002 | DONE (2025-11-26) | | SPRINT_0127_0001_0001_policy_reasoning | Risk Profile Schema Guild / src/Policy/StellaOps.Policy.RiskProfile | src/Policy/StellaOps.Policy.RiskProfile | Implement inheritance/merge logic with conflict detection and deterministic content hashing | POLICY-RISK-66-001 | Canonicalizer/merge + digest, tests added. |
| POLICY-RISK-66-003 | TODO | | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild, Risk Profile Schema Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Integrate RiskProfile schema into Policy Engine configuration, ensuring validation and default profile deployment | POLICY-RISK-66-002 | |
| POLICY-RISK-66-004 | TODO | | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild, Risk Profile Schema Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Extend Policy libraries to load/save RiskProfile documents, compute content hashes, and surface validation diagnostics | POLICY-RISK-66-003 | |
| POLICY-RISK-67-001 | TODO | | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild, Risk Engine Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Trigger scoring jobs on new/updated findings via Policy Engine orchestration hooks | POLICY-RISK-66-004 | |
| POLICY-RISK-67-002 | BLOCKED (2025-11-26) | | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Implement profile lifecycle APIs | POLICY-RISK-67-001 | Waiting on risk profile contract + schema draft. |
| POLICY-RISK-67-003 | BLOCKED (2025-11-26) | | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Risk Engine Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Provide policy-layer APIs to trigger risk simulations and return distributions/contribution breakdowns | POLICY-RISK-67-002 | Blocked by missing risk profile schema + lifecycle API contract. |
| POLICY-RISK-68-001 | TODO | | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Policy Studio Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Provide simulation API bridging Policy Studio with risk engine; returns distributions and top movers | POLICY-RISK-67-003 | |
| POLICY-RISK-68-002 | TODO | | SPRINT_0128_0001_0001_policy_reasoning | Risk Profile Schema Guild / src/Policy/StellaOps.Policy.RiskProfile | src/Policy/StellaOps.Policy.RiskProfile | Add override/adjustment support with audit metadata and validation for conflicting rules | POLICY-RISK-68-001 | |
| POLICY-RISK-69-001 | TODO | | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Notifications Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Emit events/notifications on profile publish, deprecate, and severity threshold changes | POLICY-RISK-68-002 | |
| POLICY-RISK-70-001 | TODO | | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Export Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Support exporting/importing profiles with signatures for air-gapped bundles | POLICY-RISK-69-001 | |
| POLICY-RISK-90-001 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Scanner Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Ingest entropy penalty inputs from Scanner (`entropy.report.json`, `layer_summary.json`), extend trust algebra with configurable weights/caps, and expose explanations/metrics for opaque ratio penalties (`docs/modules/scanner/entropy.md`). | | |
| POLICY-SPL-23-001 | TODO | | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Language Infrastructure Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Define SPL v1 YAML + JSON Schema, including advisory rules, VEX precedence, severity mapping, exceptions, and layering metadata. Publish schema resources and validation fixtures | | |
| POLICY-SPL-23-002 | TODO | | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Implement canonicalizer that normalizes policy packs | POLICY-SPL-23-001 | |
| POLICY-SPL-23-003 | DONE (2025-11-26) | | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Build policy layering/override engine | POLICY-SPL-23-002 | `SplLayeringEngine` + tests landed. |
| POLICY-SPL-23-004 | TODO | | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Audit Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Design explanation tree model | POLICY-SPL-23-003 | |
| POLICY-SPL-23-005 | TODO | | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, DevEx Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Create migration tool to snapshot existing behavior into baseline SPL packs | POLICY-SPL-23-004 | |
| POLICY-SPL-24-001 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Signals Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | Extend SPL schema to expose reachability/exploitability predicates and weighting functions; update documentation and fixtures | POLICY-SPL-23-005 | |
| POLICY-TEN-48-001 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | Add `tenant_id`/`project_id` columns, enable RLS, update evaluators to require tenant context, and emit rationale IDs including tenant metadata | | |
| POLICY-VEX-401-006 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild (`src/Policy/StellaOps.Policy.Engine`, `src/Policy/__Libraries/StellaOps.Policy`) | `src/Policy/StellaOps.Policy.Engine`, `src/Policy/__Libraries/StellaOps.Policy` | Policy Engine consumes reachability facts, applies the deterministic score/label buckets (≥0.80 reachable, 0.300.79 conditional, <0.30 unreachable), emits OpenVEX with call-path proofs, and updates SPL schema with `reachability.state/confidence` predicates and suppression gates. | | |
| POLICY-VEX-401-010 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild (`src/Policy/StellaOps.Policy.Engine/Vex`, `docs/modules/policy/architecture.md`, `docs/benchmarks/vex-evidence-playbook.md`) | `src/Policy/StellaOps.Policy.Engine/Vex`, `docs/modules/policy/architecture.md`, `docs/benchmarks/vex-evidence-playbook.md` | Implement `VexDecisionEmitter` to serialize per-finding OpenVEX, attach evidence hashes, request DSSE signatures, capture Rekor metadata, and publish artifacts following the bench playbook. | | |
| PROBE-401-010 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Runtime Signals Guild (`src/Signals/StellaOps.Signals.Runtime`, `ops/probes`) | `src/Signals/StellaOps.Signals.Runtime`, `ops/probes` | | | |
| PROMO-70-001 | TODO | | SPRINT_0202_0001_0002_cli_ii | DevEx/CLI Guild, Provenance Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | |
| PROMO-70-002 | TODO | | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild, Provenance Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | |
| PROV-BACKFILL-401-029 | DONE | 2025-11-27 | SPRINT_0401_0001_0001_reachability_evidence_chain | Platform Guild | `docs/provenance/inline-dsse.md`, `scripts/publish_attestation_with_provenance.sh` | Backfill historical Mongo events with DSSE/Rekor metadata by resolving known attestations per subject digest (wiring ingestion helpers + endpoint tests in progress). | Depends on #1 | RBRE0101 |
| PROV-INDEX-401-030 | DONE | 2025-11-27 | SPRINT_0401_0001_0001_reachability_evidence_chain | Platform + Ops Guilds | `docs/provenance/inline-dsse.md`, `ops/mongo/indices/events_provenance_indices.js` | Deploy provenance indexes (`events_by_subject_kind_provenance`, etc.) and expose compliance/replay queries. | Depends on #3 | RBRE0101 |
| PROV-INLINE-401-028 | DONE | | SPRINT_0401_0001_0001_reachability_evidence_chain | Authority Guild · Feedser Guild (`docs/provenance/inline-dsse.md`, `src/__Libraries/StellaOps.Provenance.Mongo`) | `docs/provenance/inline-dsse.md`, `src/__Libraries/StellaOps.Provenance.Mongo` | Extend Authority/Feedser event writers to attach inline DSSE + Rekor references on every SBOM/VEX/scan event using `StellaOps.Provenance.Mongo`. | | |
| PROV-OBS-53-001 | DONE | 2025-11-17 | SPRINT_0513_0001_0001_provenance | Provenance Guild / `src/Provenance/StellaOps.Provenance.Attestation` | src/Provenance/StellaOps.Provenance.Attestation | Implement DSSE/SLSA `BuildDefinition` + `BuildMetadata` models with canonical JSON serializer, Merkle digest helpers, deterministic hashing tests, and sample statements for orchestrator/job/export subjects. | — | PROB0101 |
| PROV-OBS-53-002 | BLOCKED | | SPRINT_0513_0001_0001_provenance | Provenance Guild · Security Guild | src/Provenance/StellaOps.Provenance.Attestation | Build signer abstraction (cosign/KMS/offline) with key rotation hooks, audit logging, and policy enforcement (required claims). Provide unit tests using fake signer + real cosign fixture. Dependencies: PROV-OBS-53-001. | Await CI rerun to clear MSB6006 and verify signer abstraction | PROB0101 |
| PROV-OBS-53-003 | BLOCKED | | SPRINT_0513_0001_0001_provenance | Provenance Guild | src/Provenance/StellaOps.Provenance.Attestation | Deliver `PromotionAttestationBuilder` that materialises the `stella.ops/promotion@v1` predicate (image digest, SBOM/VEX materials, promotion metadata, Rekor proof) and feeds canonicalised payload bytes to Signer via StellaOps.Cryptography. | Blocked on PROV-OBS-53-002 CI verification | PROB0101 |
| PROV-OBS-54-001 | TODO | | SPRINT_0513_0001_0001_provenance | Provenance Guild · Evidence Locker Guild | src/Provenance/StellaOps.Provenance.Attestation | Deliver verification library that validates DSSE signatures, Merkle roots, and timeline chain-of-custody, exposing reusable CLI/service APIs. Include negative-case fixtures and offline timestamp verification. Dependencies: PROV-OBS-53-002. | Starts after PROV-OBS-53-002 clears in CI | PROB0101 |
| PROV-OBS-54-002 | TODO | | SPRINT_0513_0001_0001_provenance | Provenance Guild · DevEx/CLI Guild | src/Provenance/StellaOps.Provenance.Attestation | Generate .NET global tool for local verification + embed command helpers for CLI `stella forensic verify`. Provide deterministic packaging and offline kit instructions. Dependencies: PROV-OBS-54-001. | Starts after PROV-OBS-54-001 verification APIs stable | PROB0101 |
| PY-32-001 | DONE | | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | | | |
| PY-32-002 | DONE | | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | | | |
| PY-33-001 | DONE | | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | | | |
| PY-33-002 | DONE | | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | | | |
| PY-34-001 | DONE | | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | | | |
| QA-DOCS-401-008 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | QA & Docs Guilds (`docs`, `tests/README.md`) | `docs`, `tests/README.md` | Wire `reachbench-2025-expanded` fixtures into CI, document CAS layouts + replay steps in `docs/reachability/DELIVERY_GUIDE.md`, and publish operator runbook for runtime ingestion. | | |
| QA-REACH-201-007 | TODO | | SPRINT_400_runtime_facts_static_callgraph_union | QA Guild (`tests/README.md`) | `tests/README.md` | Integrate `reachbench-2025-expanded` fixture pack under `tests/reachability/`, add evaluator harness tests that validate reachable vs unreachable cases, and wire CI guidance for deterministic runs. | | |
| REACH-201-001 | TODO | | SPRINT_400_runtime_facts_static_callgraph_union | Zastava Observer Guild (`src/Zastava/StellaOps.Zastava.Observer`) | `src/Zastava/StellaOps.Zastava.Observer` | | | |
| REACH-201-002 | DOING | 2025-11-08 | SPRINT_400_runtime_facts_static_callgraph_union | Scanner Worker Guild (`src/Scanner/StellaOps.Scanner.Worker`) | `src/Scanner/StellaOps.Scanner.Worker` | | | |
| REACH-201-003 | DOING | 2025-11-08 | SPRINT_400_runtime_facts_static_callgraph_union | Signals Guild (`src/Signals/StellaOps.Signals`) | `src/Signals/StellaOps.Signals` | | | |
| REACH-201-004 | DOING | 2025-11-08 | SPRINT_400_runtime_facts_static_callgraph_union | Signals Guild · Policy Guild (`src/Signals/StellaOps.Signals`, `src/Policy/StellaOps.Policy.Engine`) | `src/Signals/StellaOps.Signals`, `src/Policy/StellaOps.Policy.Engine` | | | |
| REACH-201-005 | DOING | 2025-11-08 | SPRINT_400_runtime_facts_static_callgraph_union | BE-Base Platform Guild (`src/__Libraries/StellaOps.Replay.Core`) | `src/__Libraries/StellaOps.Replay.Core` | | | |
| REACH-201-006 | TODO | | SPRINT_400_runtime_facts_static_callgraph_union | Docs Guild (`docs`) | | | | |
| REACH-201-007 | TODO | | SPRINT_400_runtime_facts_static_callgraph_union | QA Guild (`tests/README.md`) | `tests/README.md` | | | |
| REACH-401-005 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Authority & Signer Guilds (`src/Authority/StellaOps.Authority`, `src/Signer/StellaOps.Signer`) | `src/Authority/StellaOps.Authority`, `src/Signer/StellaOps.Signer` | | | |
| REACH-401-009 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Scanner Worker Guild (`src/Scanner/StellaOps.Scanner.Worker`, `src/Scanner/__Libraries`) | `src/Scanner/StellaOps.Scanner.Worker`, `src/Scanner/__Libraries` | | | |
| REACH-LATTICE-401-023 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Scanner Guild · Policy Guild (`docs/reachability/lattice.md`, `docs/modules/scanner/architecture.md`, `src/Scanner/StellaOps.Scanner.WebService`) | `docs/reachability/lattice.md`, `docs/modules/scanner/architecture.md`, `src/Scanner/StellaOps.Scanner.WebService` | Define the reachability lattice model (`ReachState`, `EvidenceKind`, `MitigationKind`, scoring policy) in Scanner docs + code; ensure evidence joins write to the event graph schema. | | |
| READINESS-0001 | TODO | | SPRINT_0325_0001_0001_docs_modules_policy | Policy Guild (docs/modules/policy) | docs/modules/policy | | | |
| READINESS-0002 | TODO | | SPRINT_0325_0001_0001_docs_modules_policy | Policy Guild (docs/modules/policy) | docs/modules/policy | | | |
| RECIPES-DOCS-0001 | TODO | | SPRINT_315_docs_modules_ci | Docs Guild (docs/modules/ci) | docs/modules/ci | | | |
| RECIPES-ENG-0001 | TODO | | SPRINT_315_docs_modules_ci | Module Team (docs/modules/ci) | docs/modules/ci | | | |
| RECIPES-OPS-0001 | TODO | | SPRINT_315_docs_modules_ci | Ops Guild (docs/modules/ci) | docs/modules/ci | | | |
| REG-41-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0154_0001_0001_packsregistry | Packs Registry Guild (src/PacksRegistry/StellaOps.PacksRegistry) | src/PacksRegistry/StellaOps.PacksRegistry | | | |
| REG-42-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0154_0001_0001_packsregistry | Packs Registry Guild (src/PacksRegistry/StellaOps.PacksRegistry) | src/PacksRegistry/StellaOps.PacksRegistry | | | |
| REG-43-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0154_0001_0001_packsregistry | Packs Registry Guild (src/PacksRegistry/StellaOps.PacksRegistry) | src/PacksRegistry/StellaOps.PacksRegistry | | | |
| REGISTRY-API-27-001 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Define OpenAPI specification covering workspaces, versions, reviews, simulations, promotions, and attestations; publish typed clients for Console/CLI | | |
| REGISTRY-API-27-002 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Implement workspace storage | REGISTRY-API-27-001 | |
| REGISTRY-API-27-003 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Integrate compile endpoint: forward source bundle to Policy Engine, persist diagnostics, symbol table, rule index, and complexity metrics | REGISTRY-API-27-002 | |
| REGISTRY-API-27-004 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Implement quick simulation API with request limits | REGISTRY-API-27-003 | |
| REGISTRY-API-27-005 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild, Scheduler Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Build batch simulation orchestration: enqueue shards, collect partials, reduce deltas, produce evidence bundles + signed manifest | REGISTRY-API-27-004 | |
| REGISTRY-API-27-006 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Implement review workflow | REGISTRY-API-27-005 | |
| REGISTRY-API-27-007 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild, Security Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Implement publish pipeline: sign source/compiled digests, create attestations, mark version immutable, emit events | REGISTRY-API-27-006 | |
| REGISTRY-API-27-008 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Implement promotion bindings per tenant/environment with canary subsets, rollback path, and environment history | REGISTRY-API-27-007 | |
| REGISTRY-API-27-009 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild, Observability Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Instrument metrics/logs/traces | REGISTRY-API-27-008 | |
| REGISTRY-API-27-010 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Policy Registry Guild, QA Guild / src/Policy/StellaOps.Policy.Registry | src/Policy/StellaOps.Policy.Registry | Build unit/integration/load test suites for compile/sim/review/publish/promote flows; provide seeded fixtures for CI | REGISTRY-API-27-009 | |
| REL-17-004 | BLOCKED | 2025-10-26 | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild (ops/devops) | ops/devops | | | |
| REP-004 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | BE-Base Platform Guild (`src/__Libraries/StellaOps.Replay.Core`, `docs/replay/DETERMINISTIC_REPLAY.md`) | `src/__Libraries/StellaOps.Replay.Core`, `docs/replay/DETERMINISTIC_REPLAY.md` | | | |
| REPLAY-185-003 | TODO | | SPRINT_0185_0001_0001_shared_replay_primitives | Docs Guild, Platform Data Guild (docs) | | | | |
| REPLAY-185-004 | TODO | | SPRINT_0185_0001_0001_shared_replay_primitives | Docs Guild (docs) | | | | |
| REPLAY-186-001 | TODO | | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild (`src/Scanner/StellaOps.Scanner.WebService`, `docs/modules/scanner/architecture.md`) | `src/Scanner/StellaOps.Scanner.WebService`, `docs/modules/scanner/architecture.md` | | | |
| REPLAY-186-002 | TODO | | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild (`src/Scanner/StellaOps.Scanner.Worker`, `docs/modules/scanner/deterministic-execution.md`) | `src/Scanner/StellaOps.Scanner.Worker`, `docs/modules/scanner/deterministic-execution.md` | | | |
| REPLAY-186-003 | TODO | | SPRINT_0186_0001_0001_record_deterministic_execution | Signing Guild (`src/Signer/StellaOps.Signer`, `src/Authority/StellaOps.Authority`) | `src/Signer/StellaOps.Signer`, `src/Authority/StellaOps.Authority` | | | |
| REPLAY-186-004 | TODO | | SPRINT_0186_0001_0001_record_deterministic_execution | Docs Guild (`docs`) | | | | |
| REPLAY-187-001 | TODO | | SPRINT_160_export_evidence | Evidence Locker Guild · docs/modules/evidence-locker/architecture.md | docs/modules/evidence-locker/architecture.md | | | |
| REPLAY-187-002 | TODO | | SPRINT_160_export_evidence | CLI Guild · `docs/modules/cli/architecture.md` | docs/modules/cli/architecture.md | | | |
| REPLAY-187-003 | TODO | | SPRINT_0187_0001_0001_evidence_locker_cli_integration | Attestor Guild (`src/Attestor/StellaOps.Attestor`, `docs/modules/attestor/architecture.md`) | `src/Attestor/StellaOps.Attestor`, `docs/modules/attestor/architecture.md` | | | |
| REPLAY-187-004 | TODO | | SPRINT_160_export_evidence | Docs/Ops Guild · `/docs/runbooks/replay_ops.md` | docs/runbooks/replay_ops.md | | | |
| REPLAY-401-004 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | BE-Base Platform Guild (`src/__Libraries/StellaOps.Replay.Core`) | `src/__Libraries/StellaOps.Replay.Core` | Bump replay manifest to v2 (feeds, analyzers, policies), have `ReachabilityReplayWriter` enforce CAS registration + hash sorting, and add deterministic tests to `tests/reachability/StellaOps.Reachability.FixtureTests`. | | |
| REPLAY-CORE-185-001 | TODO | | SPRINT_0185_0001_0001_shared_replay_primitives | Platform Guild | `src/__Libraries/StellaOps.Replay.Core` | Scaffold `StellaOps.Replay.Core` with manifest schema types, canonical JSON rules, Merkle utilities, and DSSE payload builders; add `AGENTS.md`/`TASKS.md` for the new library; cross-reference `docs/replay/DETERMINISTIC_REPLAY.md` section 3 when updating the library charter. | Mirrors #1 | RLRC0101 |
| REPLAY-CORE-185-002 | TODO | | SPRINT_0185_0001_0001_shared_replay_primitives | Platform Guild | src/__Libraries/StellaOps.Replay.Core | Implement deterministic bundle writer (tar.zst, CAS naming) and hashing abstractions, updating `docs/modules/platform/architecture-overview.md` with a “Replay CAS” subsection that documents layout/retention expectations. | Mirrors #2 | RLRC0101 |
| REPLAY-CORE-185-003 | TODO | | SPRINT_0185_0001_0001_shared_replay_primitives | Platform Data Guild | src/__Libraries/StellaOps.Replay.Core | Define Mongo collections (`replay_runs`, `replay_bundles`, `replay_subjects`) and indices, then author `docs/data/replay_schema.md` detailing schema fields, constraints, and offline sync strategy. | Mirrors #3 | RLRC0101 |
| REPLAY-REACH-201-005 | DOING | 2025-11-08 | SPRINT_400_runtime_facts_static_callgraph_union | BE-Base Platform Guild (`src/__Libraries/StellaOps.Replay.Core`) | `src/__Libraries/StellaOps.Replay.Core` | Update `StellaOps.Replay.Core` manifest schema + bundle writer so replay packs capture reachability graphs, runtime traces, analyzer versions, and evidence hashes; document new CAS namespace. | | |
| RISK-66-001 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild, Risk Engine Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | | | |
| RISK-66-002 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | | | |
| RISK-66-003 | TODO | | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild, Risk Profile Schema Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | | POLICY-RISK-66-002 | |
| RISK-66-004 | TODO | | SPRINT_0127_0001_0001_policy_reasoning | Policy Guild, Risk Profile Schema Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | | POLICY-RISK-66-003 | |
| RISK-67-001 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | | | |
| RISK-67-002 | TODO | | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | | POLICY-RISK-67-001 | |
| RISK-67-003 | BLOCKED (2025-11-26) | | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Risk Engine Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | | POLICY-RISK-67-002 | Blocked by missing risk profile schema + lifecycle API contract. |
| RISK-67-004 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild, CLI Guild (docs) | | | | |
| RISK-68-001 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild, Policy Studio Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | | | |
| RISK-68-002 | TODO | | SPRINT_0128_0001_0001_policy_reasoning | Risk Profile Schema Guild / src/Policy/StellaOps.Policy.RiskProfile | src/Policy/StellaOps.Policy.RiskProfile | | POLICY-RISK-68-001 | |
| RISK-69-001 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild, Notifications Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | | | |
| RISK-69-002 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild, Risk Engine Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | |
| RISK-70-001 | TODO | | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Export Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | | POLICY-RISK-69-001 | |
| RISK-90-001 | TODO | | SPRINT_0126_0001_0001_policy_reasoning | Policy Guild, Scanner Guild / src/Policy/StellaOps.Policy.Engine | src/Policy/StellaOps.Policy.Engine | | | |
| RISK-BUNDLE-69-001 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | Risk Bundle Export Guild, Risk Engine Guild (src/ExportCenter/StellaOps.ExportCenter.RiskBundles) | src/ExportCenter/StellaOps.ExportCenter.RiskBundles | Implement `stella export risk-bundle` job producing tarball with provider datasets, manifests, and DSSE signatures. | | |
| RISK-BUNDLE-69-002 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | Risk Bundle Export Guild, DevOps Guild (src/ExportCenter/StellaOps.ExportCenter.RiskBundles) | src/ExportCenter/StellaOps.ExportCenter.RiskBundles | Integrate bundle job into CI/offline kit pipelines with checksum publication. Dependencies: RISK-BUNDLE-69-001. | | |
| RISK-BUNDLE-70-001 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | Risk Bundle Export Guild, CLI Guild (src/ExportCenter/StellaOps.ExportCenter.RiskBundles) | src/ExportCenter/StellaOps.ExportCenter.RiskBundles | Provide CLI `stella risk bundle verify` command to validate bundles before import. Dependencies: RISK-BUNDLE-69-002. | | |
| RISK-BUNDLE-70-002 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | Risk Bundle Export Guild, Docs Guild (src/ExportCenter/StellaOps.ExportCenter.RiskBundles) | src/ExportCenter/StellaOps.ExportCenter.RiskBundles | Publish `/docs/airgap/risk-bundles.md` detailing build/import/verification workflows. Dependencies: RISK-BUNDLE-70-001. | | |
| RISK-ENGINE-66-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Scaffold scoring service (job queue, worker loop, provider registry) with deterministic execution harness | | |
| RISK-ENGINE-66-002 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Implement default transforms | RISK-ENGINE-66-001 | |
| RISK-ENGINE-67-001 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild, Concelier Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Integrate CVSS and KEV providers pulling data from Conseiller; implement reducers | RISK-ENGINE-66-002 | |
| RISK-ENGINE-67-002 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild, Excitor Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Integrate VEX gate provider and ensure gating short-circuits scoring as configured | RISK-ENGINE-67-001 | |
| RISK-ENGINE-67-003 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild, Policy Engine Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Add fix availability, asset criticality, and internet exposure providers with caching + TTL enforcement | RISK-ENGINE-67-002 | |
| RISK-ENGINE-68-001 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild, Findings Ledger Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Persist scoring results + explanation pointers to Findings Ledger; handle incremental updates via input hash | RISK-ENGINE-67-003 | |
| RISK-ENGINE-68-002 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild, API Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Expose APIs | RISK-ENGINE-68-001 | |
| RISK-ENGINE-69-001 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild, Policy Studio Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Implement simulation mode producing distributions and top movers without mutating ledger | RISK-ENGINE-68-002 | |
| RISK-ENGINE-69-002 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild, Observability Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Add telemetry | RISK-ENGINE-69-001 | |
| RISK-ENGINE-70-001 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild, Export Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Support offline provider bundles with manifest verification and missing-data reporting | RISK-ENGINE-69-002 | |
| RISK-ENGINE-70-002 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Risk Engine Guild, Observability Guild / src/RiskEngine/StellaOps.RiskEngine | src/RiskEngine/StellaOps.RiskEngine | Integrate runtime evidence provider and reachability provider outputs with caching + TTL | RISK-ENGINE-70-001 | |
| RULES-33-001 | REVIEW (2025-10-30) | 2025-10-30 | SPRINT_0506_0001_0001_ops_devops_iv | DevOps Guild, Platform Leads (ops/devops) | ops/devops | | | |
| RUNBOOK-401-017 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · Ops Guild (`docs/runbooks/reachability-runtime.md`, `docs/reachability/DELIVERY_GUIDE.md`) | `docs/runbooks/reachability-runtime.md`, `docs/reachability/DELIVERY_GUIDE.md` | | | |
| RUNBOOK-55-001 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild, Ops Guild (docs) | | | | |
| RUNBOOK-REPLAY-187-004 | TODO | | SPRINT_160_export_evidence | Docs/Ops Guild · `/docs/runbooks/replay_ops.md` | docs/runbooks/replay_ops.md | Docs/Ops Guild · `/docs/runbooks/replay_ops.md` | | |
| RUNTIME-401-002 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild (`src/Signals/StellaOps.Signals`) | `src/Signals/StellaOps.Signals` | | | |
| RUNTIME-PROBE-401-010 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Runtime Signals Guild (`src/Signals/StellaOps.Signals.Runtime`, `ops/probes`) | `src/Signals/StellaOps.Signals.Runtime`, `ops/probes` | Implement lightweight runtime probes (EventPipe/.NET, JFR/JVM) that capture method enter events for the target components, package them as CAS traces, and feed them into the Signals ingestion pipeline. | | |
| SAMPLES-GRAPH-24-003 | DONE (2025-12-02) | | SPRINT_509_samples | Samples Guild, SBOM Service Guild (samples) | | Generate large-scale SBOM graph fixture (≈40k nodes) with policy overlay snapshot for performance/perf regression suites. | | |
| SAMPLES-GRAPH-24-004 | DONE (2025-12-02) | | SPRINT_509_samples | Samples Guild, UI Guild (samples) | | Create vulnerability explorer JSON/CSV fixtures capturing conflicting evidence and policy outputs for UI/CLI automated tests. Dependencies: SAMPLES-GRAPH-24-003 (delivered at samples/graph/graph-40k). | | |
| SAMPLES-LNM-22-001 | BLOCKED | 2025-10-27 | SPRINT_509_samples | Samples Guild, Concelier Guild (samples) | | Create advisory observation/linkset fixtures (NVD, GHSA, OSV disagreements) for API/CLI/UI tests with documented conflicts. Waiting on finalized schema/linkset outputs. | | |
| SAMPLES-LNM-22-002 | BLOCKED | 2025-10-27 | SPRINT_509_samples | Samples Guild, Excititor Guild (samples) | | Produce VEX observation/linkset fixtures demonstrating status conflicts and path relevance; include raw blobs. Pending Excititor observation/linkset implementation. Dependencies: SAMPLES-LNM-22-001. | | |
| SBOM-60-001 | TODO | | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | |
| SBOM-60-002 | TODO | | SPRINT_0203_0001_0003_cli_iii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | |
| SBOM-AIAI-31-001 | TODO | | SPRINT_0140_0001_0001_runtime_signals | — | | Advisory AI path/timeline endpoints specced; awaiting projection schema finalization. | — | DOAI0101 |
| SBOM-AIAI-31-002 | TODO | | SPRINT_0140_0001_0001_runtime_signals | | | Metrics/dashboards tied to 31-001; blocked on the same schema availability. | | |
| SBOM-AIAI-31-003 | BLOCKED | 2025-11-18 | SPRINT_0111_0001_0001_advisoryai | SBOM Service Guild · Advisory AI Guild (src/SbomService/StellaOps.SbomService) | src/SbomService/StellaOps.SbomService | Publish the Advisory AI hand-off kit for `/v1/sbom/context`, share base URL/API key + tenant header contract, and run a joint end-to-end retrieval smoke test with Advisory AI. | SBOM-AIAI-31-001 projection kit/fixtures | ADAI0101 |
| SBOM-CONSOLE-23-001 | TODO | | SPRINT_0140_0001_0001_runtime_signals | | | Console catalog API draft complete; depends on Concelier/Cartographer payload definitions. | | |
| SBOM-CONSOLE-23-002 | TODO | | SPRINT_0140_0001_0001_runtime_signals | | | Global component lookup API needs 23-001 responses + cache hints before work can start. | | |
| SBOM-ORCH-32-001 | TODO | | SPRINT_0140_0001_0001_runtime_signals | | | Orchestrator registration is sequenced after projection schema because payload shapes map into job metadata. | | |
| SBOM-ORCH-33-001 | TODO | | SPRINT_0140_0001_0001_runtime_signals | | | Backpressure/telemetry features depend on 32-001 workers. | | |
| SBOM-ORCH-34-001 | TODO | | SPRINT_0140_0001_0001_runtime_signals | | | Backfill + watermark logic requires the orchestrator integration from 33-001. | | |
| SBOM-SERVICE-21-001 | DONE | 2025-11-23 | SPRINT_0140_0001_0001_runtime_signals | SBOM Service Guild | src/SbomService/StellaOps.SbomService | Projection read API delivered with fixture-backed hash and tenant enforcement; tests passing post WAF config + duplicate package cleanup. | CONCELIER-GRAPH-21-001; CARTO-GRAPH-21-002 |
| SBOM-SERVICE-21-002 | TODO | | SPRINT_0140_0001_0001_runtime_signals | | | Change events hinge on 21-001 response contract; no work underway. | | |
| SBOM-SERVICE-21-003 | TODO | | SPRINT_0140_0001_0001_runtime_signals | | | Entry point/service node management blocked behind 21-002 event outputs. | | |
| SBOM-SERVICE-21-004 | TODO | | SPRINT_0140_0001_0001_runtime_signals | | | Observability wiring follows projection + event pipelines; on hold. | | |
| SBOM-SERVICE-23-001 | TODO | | SPRINT_0140_0001_0001_runtime_signals | | | Asset metadata extensions queued once 21-004 observability baseline exists. | | |
| SBOM-SERVICE-23-002 | TODO | | SPRINT_0140_0001_0001_runtime_signals | | | Asset update events depend on 23-001 schema. | | |
| SBOM-VULN-29-001 | TODO | | SPRINT_0140_0001_0001_runtime_signals | | | Inventory evidence feed deferred until projection schema + runtime align. | | |
| SBOM-VULN-29-002 | TODO | | SPRINT_0140_0001_0001_runtime_signals | | | Resolver feed requires 29-001 event payloads. | | |
| SCAN-001 | TODO | | SPRINT_400_runtime_facts_static_callgraph_union | Scanner Worker Guild (`src/Scanner/StellaOps.Scanner.Worker`, `docs/modules/scanner/architecture.md`, `docs/reachability/function-level-evidence.md`) | `src/Scanner/StellaOps.Scanner.Worker`, `docs/modules/scanner/architecture.md`, `docs/reachability/function-level-evidence.md` | | | |
| SCAN-90-004 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild, Scanner Guild (ops/devops) | ops/devops | | | |
| SCAN-DETER-186-008 | DONE (2025-11-26) | | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild · Provenance Guild | `src/Scanner/StellaOps.Scanner.WebService`, `src/Scanner/StellaOps.Scanner.Worker` | Add deterministic execution switches to Scanner (fixed clock, RNG seed, concurrency cap, feed/policy snapshot pins, log filtering) available via CLI/env/config so repeated runs stay hermetic. | ENTROPY-186-012 & SCANNER-ENV-02 | SCDE0102 |
| SCAN-DETER-186-009 | TODO | | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild, QA Guild (`src/Scanner/StellaOps.Scanner.Replay`, `src/Scanner/__Tests`) | `src/Scanner/StellaOps.Scanner.Replay`, `src/Scanner/__Tests` | Build a determinism harness that replays N scans per image, canonicalises SBOM/VEX/findings/log outputs, and records per-run hash matrices (see `docs/modules/scanner/determinism-score.md`). | | |
| SCAN-DETER-186-010 | TODO | | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild, Export Center Guild (`src/Scanner/StellaOps.Scanner.WebService`, `docs/modules/scanner/operations/release.md`) | `src/Scanner/StellaOps.Scanner.WebService`, `docs/modules/scanner/operations/release.md` | Emit and publish `determinism.json` (scores, artifact hashes, non-identical diffs) alongside each scanner release via CAS/object storage APIs (documented in `docs/modules/scanner/determinism-score.md`). | | |
| SCAN-ENTROPY-186-011 | DONE (2025-11-26) | | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild (`src/Scanner/StellaOps.Scanner.Worker`, `src/Scanner/__Libraries`) | `src/Scanner/StellaOps.Scanner.Worker`, `src/Scanner/__Libraries` | Implement entropy analysis for ELF/PE/Mach-O executables and large opaque blobs (sliding-window metrics, section heuristics), flagging high-entropy regions and recording offsets/hints (see `docs/modules/scanner/entropy.md`). | | |
| SCAN-ENTROPY-186-012 | DONE (2025-11-26) | | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild, Provenance Guild (`src/Scanner/StellaOps.Scanner.WebService`, `docs/replay/DETERMINISTIC_REPLAY.md`) | `src/Scanner/StellaOps.Scanner.WebService`, `docs/replay/DETERMINISTIC_REPLAY.md` | Generate `entropy.report.json` and image-level penalties, attach evidence to scan manifests/attestations, and expose opaque ratios for downstream policy engines (`docs/modules/scanner/entropy.md`). | | |
| SCAN-REACH-201-002 | DOING | 2025-11-08 | SPRINT_400_runtime_facts_static_callgraph_union | Scanner Worker Guild (`src/Scanner/StellaOps.Scanner.Worker`) | `src/Scanner/StellaOps.Scanner.Worker` | Ship language-aware static lifters (JVM, .NET/Roslyn+IL, Go SSA, Node/Deno TS AST, Rust MIR, Swift SIL, shell/binary analyzers) in Scanner Worker; emit canonical SymbolIDs, CAS-stored graphs, and attach reachability tags to SBOM components. | | |
| SCAN-REACH-401-009 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Scanner Worker Guild (`src/Scanner/StellaOps.Scanner.Worker`, `src/Scanner/__Libraries`) | `src/Scanner/StellaOps.Scanner.Worker`, `src/Scanner/__Libraries` | Ship .NET/JVM symbolizers and call-graph generators (roots, edges, framework adapters), merge results into component-level reachability manifests, and back them with golden fixtures. | | |
| SCAN-REPLAY-186-001 | DONE (2025-11-26) | | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild (`src/Scanner/StellaOps.Scanner.WebService`, `docs/modules/scanner/architecture.md`) | `src/Scanner/StellaOps.Scanner.WebService`, `docs/modules/scanner/architecture.md` | Implement `record` mode in `StellaOps.Scanner.WebService` (manifest assembly, policy/feed/tool hash capture, CAS uploads) and document the workflow in `docs/modules/scanner/architecture.md` with references to `docs/replay/DETERMINISTIC_REPLAY.md` Section 6. | | |
| SCAN-REPLAY-186-002 | TODO | | SPRINT_0186_0001_0001_record_deterministic_execution | Scanner Guild (`src/Scanner/StellaOps.Scanner.Worker`, `docs/modules/scanner/deterministic-execution.md`) | `src/Scanner/StellaOps.Scanner.Worker`, `docs/modules/scanner/deterministic-execution.md` | Update `StellaOps.Scanner.Worker` analyzers to consume sealed input bundles, enforce deterministic ordering, and contribute Merkle metadata; extend `docs/modules/scanner/deterministic-execution.md` (new) summarising invariants drawn from `docs/replay/DETERMINISTIC_REPLAY.md` Section 4. | | |
| SCANNER-ANALYZERS-DENO-26-001 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Build the deterministic input normalizer + VFS merger for `deno.json(c)`, import maps, lockfiles, vendor trees, `$DENO_DIR`, and OCI layers so analyzers have a canonical file view. | | |
| SCANNER-ANALYZERS-DENO-26-002 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Implement the module graph resolver covering static/dynamic imports, npm bridge, cache lookups, built-ins, WASM/JSON assertions, and annotate edges with their resolution provenance. | SCANNER-ANALYZERS-DENO-26-001 | |
| SCANNER-ANALYZERS-DENO-26-003 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Ship the npm/node compatibility adapter that maps `npm:` specifiers, evaluates `exports` conditionals, and logs builtin usage for policy overlays. | SCANNER-ANALYZERS-DENO-26-002 | |
| SCANNER-ANALYZERS-DENO-26-004 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Add the permission/capability analyzer covering FS/net/env/process/crypto/FFI/workers plus dynamic-import + literal fetch heuristics with reason codes. | SCANNER-ANALYZERS-DENO-26-003 | |
| SCANNER-ANALYZERS-DENO-26-005 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Build bundle/binary inspectors for eszip and `deno compile` executables to recover graphs, configs, embedded resources, and snapshots. | SCANNER-ANALYZERS-DENO-26-004 | |
| SCANNER-ANALYZERS-DENO-26-006 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Implement the OCI/container adapter that stitches per-layer Deno caches, vendor trees, and compiled binaries back into provenance-aware analyzer inputs. | SCANNER-ANALYZERS-DENO-26-005 | |
| SCANNER-ANALYZERS-DENO-26-007 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Produce AOC-compliant observation writers (entrypoints, modules, capability edges, workers, warnings, binaries) with deterministic reason codes. | SCANNER-ANALYZERS-DENO-26-006 | |
| SCANNER-ANALYZERS-DENO-26-008 | DONE | | SPRINT_130_scanner_surface | Deno Analyzer Guild, QA Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Finalize fixture + benchmark suite (vendor/npm/FFI/worker/dynamic import/bundle/cache/container cases) validating analyzer determinism and performance. | SCANNER-ANALYZERS-DENO-26-007 | |
| SCANNER-ANALYZERS-DENO-26-009 | TODO | | SPRINT_131_scanner_surface | Deno Analyzer Guild, Signals Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Optional runtime evidence hooks (loader/require shim) capturing module loads + permissions during harnessed execution with path hashing. | SCANNER-ANALYZERS-DENO-26-008 | |
| SCANNER-ANALYZERS-DENO-26-010 | TODO | | SPRINT_131_scanner_surface | Deno Analyzer Guild, DevOps Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Package analyzer plug-in, add CLI (`stella deno inspect`, `stella deno resolve`, `stella deno trace`) commands, update Offline Kit docs, ensure Worker integration. | SCANNER-ANALYZERS-DENO-26-009 | |
| SCANNER-ANALYZERS-DENO-26-011 | TODO | | SPRINT_131_scanner_surface | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Policy signal emitter: net/fs/env/ffi/process/crypto capabilities, remote origin list, npm usage, wasm modules, dynamic-import warnings. | SCANNER-ANALYZERS-DENO-26-010 | |
| SCANNER-ANALYZERS-JAVA-21-005 | TODO | | SPRINT_131_scanner_surface | Java Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Framework config extraction: Spring Boot imports, spring.factories, application properties/yaml, Jakarta web.xml & fragments, JAX-RS/JPA/CDI/JAXB configs, logging files, Graal native-image configs. | | |
| SCANNER-ANALYZERS-JAVA-21-006 | TODO | | SPRINT_131_scanner_surface | Java Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | JNI/native hint scanner: detect native methods, System.load/Library literals, bundled native libs, Graal JNI configs; emit `jni-load` edges for native analyzer correlation. | SCANNER-ANALYZERS-JAVA-21-005 | |
| SCANNER-ANALYZERS-JAVA-21-007 | TODO | | SPRINT_131_scanner_surface | Java Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Signature and manifest metadata collector: verify JAR signature structure, capture signers, manifest loader attributes (Main-Class, Agent-Class, Start-Class, Class-Path). | SCANNER-ANALYZERS-JAVA-21-006 | |
| SCANNER-ANALYZERS-JAVA-21-008 | BLOCKED | 2025-10-27 | SPRINT_131_scanner_surface | Java Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Implement resolver + AOC writer: produce entrypoints (env profiles, warnings), components (jar_id + semantic ids), edges (jpms, cp, spi, reflect, jni) with reason codes/confidence. | SCANNER-ANALYZERS-JAVA-21-007 | |
| SCANNER-ANALYZERS-JAVA-21-009 | TODO | | SPRINT_131_scanner_surface | Java Analyzer Guild, QA Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Author comprehensive fixtures (modular app, boot fat jar, war, ear, MR-jar, jlink image, JNI, reflection heavy, signed jar, microprofile) with golden outputs and perf benchmarks. | SCANNER-ANALYZERS-JAVA-21-008 | |
| SCANNER-ANALYZERS-JAVA-21-010 | TODO | | SPRINT_131_scanner_surface | Java Analyzer Guild, Signals Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Optional runtime ingestion: Java agent + JFR reader capturing class load, ServiceLoader, and System.load events with path scrubbing. Emit append-only runtime edges `runtime-class`/`runtime-spi`/`runtime-load`. | SCANNER-ANALYZERS-JAVA-21-009 | |
| SCANNER-ANALYZERS-JAVA-21-011 | TODO | | SPRINT_131_scanner_surface | Java Analyzer Guild, DevOps Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java | Package analyzer as restart-time plug-in (manifest/DI), update Offline Kit docs, add CLI/worker hooks for Java inspection commands. | SCANNER-ANALYZERS-JAVA-21-010 | |
| SCANNER-ANALYZERS-LANG-11-001 | TODO | | SPRINT_131_scanner_surface | StellaOps.Scanner EPDR Guild, Language Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Build entrypoint resolver that maps project/publish artifacts to entrypoint identities (assembly name, MVID, TFM, RID) and environment profiles (publish mode, host kind, probing paths). Output normalized `entrypoints[]` records with deterministic IDs. | SCANNER-ANALYZERS-LANG-10-309 | |
| SCANNER-ANALYZERS-LANG-11-002 | TODO | | SPRINT_0132_0001_0001_scanner_surface | StellaOps.Scanner EPDR Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Implement static analyzer (IL + reflection heuristics) capturing AssemblyRef, ModuleRef/PInvoke, DynamicDependency, reflection literals, DI patterns, and custom AssemblyLoadContext probing hints. Emit dependency edges with reason codes and confidence. | SCANNER-ANALYZERS-LANG-11-001 | |
| SCANNER-ANALYZERS-LANG-11-003 | TODO | | SPRINT_0132_0001_0001_scanner_surface | StellaOps.Scanner EPDR Guild, Signals Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Ingest optional runtime evidence (AssemblyLoad, Resolving, P/Invoke) via event listener harness; merge runtime edges with static/declared ones and attach reason codes/confidence. | SCANNER-ANALYZERS-LANG-11-002 | |
| SCANNER-ANALYZERS-LANG-11-004 | TODO | | SPRINT_0132_0001_0001_scanner_surface | StellaOps.Scanner EPDR Guild, SBOM Service Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Produce normalized observation export to Scanner writer: entrypoints + dependency edges + environment profiles (AOC compliant). Wire to SBOM service entrypoint tagging. | SCANNER-ANALYZERS-LANG-11-003 | |
| SCANNER-ANALYZERS-LANG-11-005 | TODO | | SPRINT_0132_0001_0001_scanner_surface | StellaOps.Scanner EPDR Guild, QA Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet | Add comprehensive fixtures/benchmarks covering framework-dependent, self-contained, single-file, trimmed, NativeAOT, multi-RID scenarios; include explain traces and perf benchmarks vs previous analyzer. | SCANNER-ANALYZERS-LANG-11-004 | |
| SCANNER-ANALYZERS-NATIVE-20-001 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Implement format detector and binary identity model supporting ELF, PE/COFF, and Mach-O (including fat slices). Capture arch, OS, build-id/UUID, interpreter metadata. | | |
| SCANNER-ANALYZERS-NATIVE-20-002 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Parse ELF dynamic sections: `DT_NEEDED`, `DT_RPATH`, `DT_RUNPATH`, symbol versions, interpreter, and note build-id. Emit declared dependency records with reason `elf-dtneeded` and attach version needs. | SCANNER-ANALYZERS-NATIVE-20-001 | |
| SCANNER-ANALYZERS-NATIVE-20-003 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Parse PE imports, delay-load tables, manifests/SxS metadata, and subsystem flags. Emit edges with reasons `pe-import` and `pe-delayimport`, plus SxS policy metadata. | SCANNER-ANALYZERS-NATIVE-20-002 | |
| SCANNER-ANALYZERS-NATIVE-20-004 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Parse Mach-O load commands (`LC_LOAD_DYLIB`, `LC_REEXPORT_DYLIB`, `LC_RPATH`, `LC_UUID`, fat headers). Handle `@rpath/@loader_path` placeholders and slice separation. | SCANNER-ANALYZERS-NATIVE-20-003 | |
| SCANNER-ANALYZERS-NATIVE-20-005 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Implement resolver engine modeling loader search order for ELF (rpath/runpath/cache/default), PE (SafeDll search + SxS), and Mach-O (`@rpath` expansion). Works against virtual image roots, producing explain traces. | SCANNER-ANALYZERS-NATIVE-20-004 | |
| SCANNER-ANALYZERS-NATIVE-20-006 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Build heuristic scanner for `dlopen`/`LoadLibrary` strings, plugin ecosystem configs, and Go/Rust static hints. Emit edges with `reason_code` (`string-dlopen`, `config-plugin`, `ecosystem-heuristic`) and confidence levels. | SCANNER-ANALYZERS-NATIVE-20-005 | |
| SCANNER-ANALYZERS-NATIVE-20-007 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild, SBOM Service Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Serialize AOC-compliant observations: entrypoints + dependency edges + environment profiles (search paths, interpreter, loader metadata). Integrate with Scanner writer API. | SCANNER-ANALYZERS-NATIVE-20-006 | |
| SCANNER-ANALYZERS-NATIVE-20-008 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild, QA Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Author cross-platform fixtures (ELF dynamic/static, PE delay-load/SxS, Mach-O @rpath, plugin configs) and determinism benchmarks (<25 ms / binary, <250 MB). | SCANNER-ANALYZERS-NATIVE-20-007 | |
| SCANNER-ANALYZERS-NATIVE-20-009 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild, Signals Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Provide optional runtime capture adapters (Linux eBPF `dlopen`, Windows ETW ImageLoad, macOS dyld interpose) writing append-only runtime evidence. Include redaction/sandbox guidance. | SCANNER-ANALYZERS-NATIVE-20-008 | |
| SCANNER-ANALYZERS-NATIVE-20-010 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Native Analyzer Guild, DevOps Guild (src/Scanner/StellaOps.Scanner.Analyzers.Native) | src/Scanner/StellaOps.Scanner.Analyzers.Native | Package native analyzer as restart-time plug-in with manifest/DI registration; update Offline Kit bundle + documentation. | SCANNER-ANALYZERS-NATIVE-20-009 | |
| SCANNER-ANALYZERS-NODE-22-001 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Build input normalizer + VFS for Node projects: dirs, tgz, container layers, pnpm store, Yarn PnP zips; detect Node version targets (`.nvmrc`, `.node-version`, Dockerfile) and workspace roots deterministically. | | |
| SCANNER-ANALYZERS-NODE-22-002 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Implement entrypoint discovery (bin/main/module/exports/imports, workers, electron, shebang scripts) and condition set builder per entrypoint. | SCANNER-ANALYZERS-NODE-22-001 | |
| SCANNER-ANALYZERS-NODE-22-003 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Parse JS/TS sources for static `import`, `require`, `import()` and string concat cases; flag dynamic patterns with confidence levels; support source map de-bundling. | SCANNER-ANALYZERS-NODE-22-002 | |
| SCANNER-ANALYZERS-NODE-22-004 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Implement Node resolver engine for CJS + ESM (core modules, exports/imports maps, conditions, extension priorities, self-references) parameterised by node_version. | SCANNER-ANALYZERS-NODE-22-003 | |
| SCANNER-ANALYZERS-NODE-22-005 | TODO | | SPRINT_0132_0001_0001_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Add package manager adapters: Yarn PnP (.pnp.data/.pnp.cjs), pnpm virtual store, npm/Yarn classic hoists; operate entirely in virtual FS. | SCANNER-ANALYZERS-NODE-22-004 | |
| SCANNER-ANALYZERS-NODE-22-006 | TODO | | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Detect bundles + source maps, reconstruct module specifiers, and correlate to original paths; support dual CJS/ESM graphs with conditions. | SCANNER-ANALYZERS-NODE-22-005 | |
| SCANNER-ANALYZERS-NODE-22-007 | TODO | | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Scan for native addons (.node), WASM modules, and core capability signals (child_process, vm, worker_threads); emit hint edges and native metadata. | SCANNER-ANALYZERS-NODE-22-006 | |
| SCANNER-ANALYZERS-NODE-22-008 | TODO | | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Produce AOC-compliant observations: entrypoints, components (pkg/native/wasm), edges (esm-import, cjs-require, exports, json, native-addon, wasm, worker) with reason codes/confidence and resolver traces. | SCANNER-ANALYZERS-NODE-22-007 | |
| SCANNER-ANALYZERS-NODE-22-009 | TODO | | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild, QA Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Author fixture suite + performance benchmarks (npm, pnpm, PnP, bundle, electron, worker) with golden outputs and latency budgets. | SCANNER-ANALYZERS-NODE-22-008 | |
| SCANNER-ANALYZERS-NODE-22-010 | TODO | | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild, Signals Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Implement optional runtime evidence hooks (ESM loader, CJS require hook) with path scrubbing and loader ID hashing; emit runtime-* edges. | SCANNER-ANALYZERS-NODE-22-009 | |
| SCANNER-ANALYZERS-NODE-22-011 | TODO | | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild, DevOps Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Package updated analyzer as restart-time plug-in, expose Scanner CLI (`stella node *`) commands, refresh Offline Kit documentation. | SCANNER-ANALYZERS-NODE-22-010 | |
| SCANNER-ANALYZERS-NODE-22-012 | TODO | | SPRINT_0133_0001_0001_scanner_surface | Node Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node | Integrate container filesystem adapter (OCI layers, Dockerfile hints) and record NODE_OPTIONS/env warnings. | SCANNER-ANALYZERS-NODE-22-011 | |
| SCANNER-ANALYZERS-PHP-27-001 | TODO | | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Build input normalizer & VFS for PHP projects: merge source trees, composer manifests, vendor/, php.ini/conf.d, `.htaccess`, FPM configs, container layers. Detect framework/CMS fingerprints deterministically. | — | SCSA0101 |
| SCANNER-ANALYZERS-PHP-27-002 | TODO | | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Composer/Autoload analyzer: parse composer.json/lock/installed.json, generate package nodes, autoload edges (psr-4/0/classmap/files), bin entrypoints, composer plugins. | SCANNER-ANALYZERS-PHP-27-001 | |
| SCANNER-ANALYZERS-PHP-27-003 | TODO | | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Include/require graph builder: resolve static includes, capture dynamic include patterns, bootstrap chains, merge with autoload edges. | SCANNER-ANALYZERS-PHP-27-002 | |
| SCANNER-ANALYZERS-PHP-27-004 | TODO | | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Runtime capability scanner: detect exec/fs/net/env/serialization/crypto/database usage, stream wrappers, uploads; record evidence snippets. | SCANNER-ANALYZERS-PHP-27-003 | |
| SCANNER-ANALYZERS-PHP-27-005 | TODO | | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | PHAR/Archive inspector: parse phar manifests/stubs, hash files, detect embedded vendor trees and phar:// usage. | SCANNER-ANALYZERS-PHP-27-004 | |
| SCANNER-ANALYZERS-PHP-27-006 | TODO | | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Framework/CMS surface mapper: extract routes, controllers, middleware, CLI/cron entrypoints for Laravel/Symfony/Slim/WordPress/Drupal/Magento. | SCANNER-ANALYZERS-PHP-27-005 | |
| SCANNER-ANALYZERS-PHP-27-007 | TODO | | SPRINT_0133_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Container & extension detector: parse php.ini/conf.d, map extensions to .so/.dll, collect web server/FPM settings, upload limits, disable_functions. | SCANNER-ANALYZERS-PHP-27-006 | |
| SCANNER-ANALYZERS-PHP-27-008 | TODO | | SPRINT_0134_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Produce AOC-compliant observations: entrypoints, packages, extensions, modules, edges (require/autoload), capabilities, routes, configs. | SCANNER-ANALYZERS-PHP-27-002 | |
| SCANNER-ANALYZERS-PHP-27-009 | TODO | | SPRINT_0134_0001_0001_scanner_surface | PHP Analyzer Guild, QA Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Fixture suite + performance benchmarks (Laravel, Symfony, WordPress, legacy, PHAR, container) with golden outputs. | SCANNER-ANALYZERS-PHP-27-007 | |
| SCANNER-ANALYZERS-PHP-27-010 | TODO | | SPRINT_0134_0001_0001_scanner_surface | PHP Analyzer Guild, Signals Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Optional runtime evidence hooks (if provided) to ingest audit logs or opcode cache stats with path hashing. | SCANNER-ANALYZERS-PHP-27-009 | |
| SCANNER-ANALYZERS-PHP-27-011 | TODO | | SPRINT_0134_0001_0001_scanner_surface | PHP Analyzer Guild, DevOps Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Package analyzer plug-in, add CLI (`stella php inspect`), refresh Offline Kit documentation. | SCANNER-ANALYZERS-PHP-27-010 | |
| SCANNER-ANALYZERS-PHP-27-012 | TODO | | SPRINT_0134_0001_0001_scanner_surface | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Policy signal emitter: extension requirements/presence, dangerous constructs counters, stream wrapper usage, capability summaries. | SCANNER-ANALYZERS-PHP-27-011 | |
| SCANNER-ANALYZERS-PYTHON-23-001 | TODO | | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Build input normalizer & virtual filesystem for wheels, sdists, editable installs, zipapps, site-packages trees, and container roots. Detect Python version targets (`pyproject.toml`, `runtime.txt`, Dockerfile) + virtualenv layout deterministically. | | |
| SCANNER-ANALYZERS-PYTHON-23-002 | TODO | | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Entrypoint discovery: module `__main__`, console_scripts entry points, `scripts`, zipapp main, `manage.py`/gunicorn/celery patterns. Capture invocation context (module vs package, argv wrappers). | SCANNER-ANALYZERS-PYTHON-23-001 | |
| SCANNER-ANALYZERS-PYTHON-23-003 | TODO | | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Static import graph builder using AST and bytecode fallback. Support `import`, `from ... import`, relative imports, `importlib.import_module`, `__import__` with literal args, `pkgutil.extend_path`. | SCANNER-ANALYZERS-PYTHON-23-002 | |
| SCANNER-ANALYZERS-PYTHON-23-004 | TODO | | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Python resolver engine (importlib semantics) handling namespace packages (PEP 420), package discovery order, `.pth` files, `sys.path` composition, zipimport, and site-packages precedence across virtualenv/container roots. | SCANNER-ANALYZERS-PYTHON-23-003 | |
| SCANNER-ANALYZERS-PYTHON-23-005 | TODO | | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Packaging adapters: pip editable (`.egg-link`), Poetry/Flit layout, Conda prefix, `.dist-info/RECORD` cross-check, container layer overlays. | SCANNER-ANALYZERS-PYTHON-23-004 | |
| SCANNER-ANALYZERS-PYTHON-23-006 | TODO | | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Detect native extensions (`*.so`, `*.pyd`), CFFI modules, ctypes loaders, embedded WASM, and runtime capability signals (subprocess, multiprocessing, ctypes, eval). | SCANNER-ANALYZERS-PYTHON-23-005 | |
| SCANNER-ANALYZERS-PYTHON-23-007 | TODO | | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Framework/config heuristics: Django, Flask, FastAPI, Celery, AWS Lambda handlers, Gunicorn, Click/Typer CLIs, logging configs, pyproject optional dependencies. Tagged as hints only. | SCANNER-ANALYZERS-PYTHON-23-006 | |
| SCANNER-ANALYZERS-PYTHON-23-008 | TODO | | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Produce AOC-compliant observations: entrypoints, components (modules/packages/native), edges (import, namespace, dynamic-hint, native-extension) with reason codes/confidence and resolver traces. | SCANNER-ANALYZERS-PYTHON-23-007 | |
| SCANNER-ANALYZERS-PYTHON-23-009 | TODO | | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild, QA Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Fixture suite + perf benchmarks covering virtualenv, namespace packages, zipapp, editable installs, containers, lambda handler. | SCANNER-ANALYZERS-PYTHON-23-008 | |
| SCANNER-ANALYZERS-PYTHON-23-010 | TODO | | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild, Signals Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Optional runtime evidence: import hook capturing module load events with path scrubbing, optional bytecode instrumentation for `importlib` hooks, multiprocessing tracer. | SCANNER-ANALYZERS-PYTHON-23-009 | |
| SCANNER-ANALYZERS-PYTHON-23-011 | TODO | | SPRINT_0134_0001_0001_scanner_surface | Python Analyzer Guild, DevOps Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Package analyzer plug-in, add CLI commands (`stella python inspect`), refresh Offline Kit documentation. | SCANNER-ANALYZERS-PYTHON-23-010 | |
| SCANNER-ANALYZERS-PYTHON-23-012 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python) | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python | Container/zipapp adapter enhancements: parse OCI layers for Python runtime, detect `PYTHONPATH`/`PYTHONHOME` env, record warnings for sitecustomize/startup hooks. | SCANNER-ANALYZERS-PYTHON-23-011 | |
| SCANNER-ANALYZERS-RUBY-28-001 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Build input normalizer & VFS for Ruby projects: merge source trees, Gemfile/Gemfile.lock, vendor/bundle, .gem archives, `.bundle/config`, Rack configs, containers. Detect framework/job fingerprints deterministically. | | |
| SCANNER-ANALYZERS-RUBY-28-002 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Gem & Bundler analyzer: parse Gemfile/Gemfile.lock, vendor specs, .gem archives, produce package nodes (PURLs), dependency edges, bin scripts, Bundler group metadata. | SCANNER-ANALYZERS-RUBY-28-001 | |
| SCANNER-ANALYZERS-RUBY-28-003 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Require/autoload graph builder: resolve static/dynamic require, require_relative, load; infer Zeitwerk autoload paths and Rack boot chain. | SCANNER-ANALYZERS-RUBY-28-002 | |
| SCANNER-ANALYZERS-RUBY-28-004 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Framework surface mapper: extract routes/controllers/middleware for Rails/Rack/Sinatra/Grape/Hanami; inventory jobs/schedulers (Sidekiq, Resque, ActiveJob, whenever, clockwork). | SCANNER-ANALYZERS-RUBY-28-003 | |
| SCANNER-ANALYZERS-RUBY-28-005 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Capability analyzer: detect os-exec, filesystem, network, serialization, crypto, DB usage, TLS posture, dynamic eval; record evidence snippets with file/line. | SCANNER-ANALYZERS-RUBY-28-004 | |
| SCANNER-ANALYZERS-RUBY-28-006 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Rake task & scheduler analyzer: parse Rakefiles/lib/tasks, capture task names/prereqs/shell commands; parse Sidekiq/whenever/clockwork configs into schedules. | SCANNER-ANALYZERS-RUBY-28-005 | |
| SCANNER-ANALYZERS-RUBY-28-007 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Container/runtime scanner: detect Ruby version, installed gems, native extensions, web server configs in OCI layers. | SCANNER-ANALYZERS-RUBY-28-006 | |
| SCANNER-ANALYZERS-RUBY-28-008 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Produce AOC-compliant observations: entrypoints, packages, modules, edges (require/autoload), routes, jobs, tasks, capabilities, configs, warnings. | SCANNER-ANALYZERS-RUBY-28-007 | |
| SCANNER-ANALYZERS-RUBY-28-009 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild, QA Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Fixture suite + performance benchmarks (Rails, Rack, Sinatra, Sidekiq, legacy, .gem, container) with golden outputs. | SCANNER-ANALYZERS-RUBY-28-008 | |
| SCANNER-ANALYZERS-RUBY-28-010 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild, Signals Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Optional runtime evidence integration (if provided logs/metrics) with path hashing, without altering static precedence. | SCANNER-ANALYZERS-RUBY-28-009 | |
| SCANNER-ANALYZERS-RUBY-28-011 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild, DevOps Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Package analyzer plug-in, add CLI (`stella ruby inspect`), refresh Offline Kit documentation. | SCANNER-ANALYZERS-RUBY-28-010 | |
| SCANNER-ANALYZERS-RUBY-28-012 | TODO | | SPRINT_0135_0001_0001_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Policy signal emitter: rubygems drift, native extension flags, dangerous constructs counts, TLS verify posture, dynamic require eval warnings. | SCANNER-ANALYZERS-RUBY-28-011 | |
| SCANNER-BENCH-62-002 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Product Guild (docs) | | | | |
| SCANNER-BENCH-62-003 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Product Guild (docs) | | | | |
| SCANNER-BENCH-62-004 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Java Analyzer Guild (docs) | | | | |
| SCANNER-BENCH-62-005 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Go Analyzer Guild (docs) | | | | |
| SCANNER-BENCH-62-006 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Rust Analyzer Guild (docs) | | | | |
| SCANNER-BENCH-62-008 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, EntryTrace Guild (docs) | | | | |
| SCANNER-BENCH-62-009 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Policy Guild (docs) | | | | |
| SCANNER-CLI-0001 | DONE | 2025-11-10 | SPRINT_0138_0001_0001_scanner_ruby_parity | CLI Guild, Ruby Analyzer Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Coordinate CLI UX/help text for new Ruby verbs and update CLI docs/golden outputs. | SCANNER-ENG-0019 | |
| SCANNER-DET-01 | DONE (2025-12-03) | 2025-12-03 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Scanner Guild | | Deterministic compose fixtures landed; docs published. | |
| SCANNER-DOCS-0003 | TODO | | SPRINT_327_docs_modules_scanner | Docs Guild, Product Guild (docs/modules/scanner) | docs/modules/scanner | Gather Windows/macOS analyzer demand signals and record findings in `docs/benchmarks/scanner/windows-macos-demand.md` for marketing + product readiness. | | |
| SCANNER-EMIT-15-001 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Emit Guild (src/Scanner/__Libraries/StellaOps.Scanner.Emit) | src/Scanner/__Libraries/StellaOps.Scanner.Emit | Enforce canonical JSON (`stella.contentHash`, Merkle root metadata, zero timestamps) for fragments and composed CycloneDX inventory/usage BOMs. Documented in `docs/modules/scanner/deterministic-sbom-compose.md` §2.2. | SCANNER-SURFACE-04 | |
| SCANNER-ENG-0001 | TODO | | SPRINT_327_docs_modules_scanner | Module Team (docs/modules/scanner) | docs/modules/scanner | Cross-check implementation plan milestones against `/docs/implplan/SPRINT_*.md` and update module readiness checkpoints. | | |
| SCANNER-ENG-0002 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Scanner Guild, CLI Guild (docs/modules/scanner) | docs/modules/scanner | Design the Node.js lockfile collector + CLI validator per `docs/benchmarks/scanner/scanning-gaps-stella-misses-from-competitors.md`, capturing Surface + policy requirements before implementation. | | |
| SCANNER-ENG-0003 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Python Analyzer Guild, CLI Guild (docs/modules/scanner) | docs/modules/scanner | Design Python lockfile + editable-install parity checks with policy predicates and CLI workflow coverage as outlined in the gap analysis. | | |
| SCANNER-ENG-0004 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Java Analyzer Guild, CLI Guild (docs/modules/scanner) | docs/modules/scanner | Design Java lockfile ingestion/validation (Gradle/SBT collectors, CLI verb, policy hooks) to close comparison gaps. | | |
| SCANNER-ENG-0005 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Go Analyzer Guild (docs/modules/scanner) | docs/modules/scanner | Enhance Go stripped-binary fallback inference design, including inferred module metadata + policy integration, per the gap analysis. | | |
| SCANNER-ENG-0006 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Rust Analyzer Guild (docs/modules/scanner) | docs/modules/scanner | Expand Rust fingerprint coverage design (enriched fingerprint catalogue + policy controls) per the comparison matrix. | | |
| SCANNER-ENG-0007 | DONE | 2025-11-09 | SPRINT_137_scanner_gap_design | Scanner Guild, Policy Guild (docs/modules/scanner) | docs/modules/scanner | Design the deterministic secret leak detection pipeline covering rule packaging, Policy Engine integration, and CLI workflow. | | |
| SCANNER-ENG-0008 | TODO | | SPRINT_0138_0001_0001_scanner_ruby_parity | EntryTrace Guild, QA Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace) | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | Maintain EntryTrace heuristic cadence per `docs/benchmarks/scanner/scanning-gaps-stella-misses-from-competitors.md`, including quarterly pattern reviews + explain-trace updates. | | |
| SCANNER-ENG-0009 | DONE | 2025-11-13 | SPRINT_0138_0001_0001_scanner_ruby_parity | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Ruby analyzer parity shipped: runtime graph + capability signals, observation payload, Mongo-backed `ruby.packages` inventory, CLI/WebService surfaces, and plugin manifest bundles for Worker loadout. | SCANNER-ANALYZERS-RUBY-28-001..012 | |
| SCANNER-ENG-0010 | TODO | | SPRINT_0138_0001_0001_scanner_ruby_parity | PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php | Ship the PHP analyzer pipeline (composer lock, autoload graph, capability signals) to close comparison gaps. | SCANNER-ANALYZERS-PHP-27-001 | |
| SCANNER-ENG-0011 | TODO | | SPRINT_0138_0001_0001_scanner_ruby_parity | Language Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno | Scope the Deno runtime analyzer (lockfile resolver, import graphs) based on competitor techniques to extend beyond Sprint 130 coverage. | | |
| SCANNER-ENG-0012 | TODO | | SPRINT_0138_0001_0001_scanner_ruby_parity | Language Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Dart) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Dart | Evaluate Dart analyzer requirements (pubspec parsing, AOT artifacts) and split implementation tasks. | | |
| SCANNER-ENG-0013 | TODO | | SPRINT_0138_0001_0001_scanner_ruby_parity | Swift Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Swift) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Swift | Plan Swift Package Manager coverage (Package.resolved, xcframeworks, runtime hints) with policy hooks. | | |
| SCANNER-ENG-0014 | TODO | | SPRINT_0138_0001_0001_scanner_ruby_parity | Runtime Guild, Zastava Guild (docs/modules/scanner) | docs/modules/scanner | Align Kubernetes/VM target coverage between Scanner and Zastava per comparison findings; publish joint roadmap. | | |
| SCANNER-ENG-0015 | DONE | 2025-11-13 | SPRINT_0138_0001_0001_scanner_ruby_parity | Export Center Guild, Scanner Guild (docs/modules/scanner) | docs/modules/scanner | DSSE/Rekor operator playbook published (`docs/modules/scanner/operations/dsse-rekor-operator-guide.md`) with config/env tables, rollout phases, runbook snippets, offline verification steps, and SLA/alert guidance. | | |
| SCANNER-ENG-0016 | DONE | 2025-11-10 | SPRINT_0138_0001_0001_scanner_ruby_parity | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | RubyLockCollector and vendor ingestion finalized: Bundler config overrides honoured, workspace lockfiles merged, vendor bundles normalised, and deterministic fixtures added. | SCANNER-ENG-0009 | |
| SCANNER-ENG-0017 | DONE | 2025-11-09 | SPRINT_0138_0001_0001_scanner_ruby_parity | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Build the runtime require/autoload graph builder with tree-sitter Ruby per design §4.4 and integrate EntryTrace hints. | SCANNER-ENG-0016 | |
| SCANNER-ENG-0018 | DONE | 2025-11-09 | SPRINT_0138_0001_0001_scanner_ruby_parity | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Emit Ruby capability + framework surface signals as defined in design §4.5 with policy predicate hooks. | SCANNER-ENG-0017 | |
| SCANNER-ENG-0019 | DONE | 2025-11-13 | SPRINT_0138_0001_0001_scanner_ruby_parity | Ruby Analyzer Guild, CLI Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Ruby CLI verbs now resolve inventories by scan ID, digest, or image reference; Scanner.WebService fallbacks + CLI client encoding ensure `--image` works for both digests and tagged references, and tests cover the new lookup flow. | SCANNER-ENG-0016..0018 | |
| SCANNER-ENG-0020 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (docs/modules/scanner) | docs/modules/scanner | Implement Homebrew collector & fragment mapper per `design/macos-analyzer.md` §3.1. | | |
| SCANNER-ENG-0021 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (docs/modules/scanner) | docs/modules/scanner | Implement pkgutil receipt collector per `design/macos-analyzer.md` §3.2. | | |
| SCANNER-ENG-0022 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Policy Guild (docs/modules/scanner) | docs/modules/scanner | Implement macOS bundle inspector & capability overlays per `design/macos-analyzer.md` §3.3. | | |
| SCANNER-ENG-0023 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Offline Kit Guild, Policy Guild (docs/modules/scanner) | docs/modules/scanner | Deliver macOS policy/offline integration per `design/macos-analyzer.md` §56. | | |
| SCANNER-ENG-0024 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (docs/modules/scanner) | docs/modules/scanner | Implement Windows MSI collector per `design/windows-analyzer.md` §3.1. | | |
| SCANNER-ENG-0025 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (docs/modules/scanner) | docs/modules/scanner | Implement WinSxS manifest collector per `design/windows-analyzer.md` §3.2. | | |
| SCANNER-ENG-0026 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (docs/modules/scanner) | docs/modules/scanner | Implement Windows Chocolatey & registry collectors per `design/windows-analyzer.md` §3.33.4. | | |
| SCANNER-ENG-0027 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Policy Guild, Offline Kit Guild (docs/modules/scanner) | docs/modules/scanner | Deliver Windows policy/offline integration per `design/windows-analyzer.md` §56. | | |
| SCANNER-ENTRYTRACE-18-502 | TODO | | SPRINT_0135_0001_0001_scanner_surface | EntryTrace Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace) | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | Expand chain walker with init shim/user-switch/supervisor recognition plus env/workdir accumulation and guarded edges. | SCANNER-ENTRYTRACE-18-508 | |
| SCANNER-ENTRYTRACE-18-503 | TODO | | SPRINT_0135_0001_0001_scanner_surface | EntryTrace Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace) | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | Introduce target classifier + EntryPlan handoff with confidence scoring for ELF/Java/.NET/Node/Python and user/workdir context. | SCANNER-ENTRYTRACE-18-502 | |
| SCANNER-ENTRYTRACE-18-504 | TODO | | SPRINT_0136_0001_0001_scanner_surface | EntryTrace Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace) | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | Emit EntryTrace AOC NDJSON (`entrytrace.entry/node/edge/target/warning/capability`) and wire CLI/service streaming outputs. | SCANNER-ENTRYTRACE-18-503 | |
| SCANNER-ENTRYTRACE-18-505 | TODO | | SPRINT_0136_0001_0001_scanner_surface | EntryTrace Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace) | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | Implement process-tree replay (ProcGraph) to reconcile `/proc` exec chains with static EntryTrace results, collapsing wrappers and emitting agreement/conflict diagnostics. | SCANNER-ENTRYTRACE-18-504 | |
| SCANNER-ENTRYTRACE-18-506 | TODO | | SPRINT_0136_0001_0001_scanner_surface | EntryTrace Guild, Scanner WebService Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace) | src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace | Surface EntryTrace graph + confidence via Scanner.WebService and CLI, including target summary in scan reports and policy payloads. | SCANNER-ENTRYTRACE-18-505 | SCSS0102 |
| SCANNER-ENV-01 | TODO (2025-11-06) | 2025-11-06 | SPRINT_0136_0001_0001_scanner_surface | Scanner Worker Guild | src/Scanner/StellaOps.Scanner.Worker | Replace ad-hoc environment reads with `StellaOps.Scanner.Surface.Env` helpers for cache roots and CAS endpoints. | — | SCDE0101 |
| SCANNER-ENV-02 | TODO (2025-11-06) | 2025-11-06 | SPRINT_0136_0001_0001_scanner_surface | Scanner WebService Guild · Ops Guild | src/Scanner/StellaOps.Scanner.WebService | Wire Surface.Env helpers into WebService hosting (cache roots, feature flags) and document configuration. | SCANNER-ENV-01 | SCDE0102 |
| SCANNER-ENV-03 | TODO | | SPRINT_0136_0001_0001_scanner_surface | BuildX Plugin Guild | src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin | Adopt Surface.Env helpers for plugin configuration (cache roots, CAS endpoints, feature toggles). | SCANNER-ENV-02 | SCBX0101 |
| SCANNER-EVENTS-16-301 | BLOCKED (2025-10-26) | 2025-10-26 | SPRINT_0136_0001_0001_scanner_surface | Scanner WebService Guild (`src/Scanner/StellaOps.Scanner.WebService`) | src/Scanner/StellaOps.Scanner.WebService | Emit orchestrator-compatible envelopes (`scanner.event.*`) and update integration tests to verify Notifier ingestion (no Redis queue coupling). | EVENTS-16-301 | SCEV0101 |
| SCANNER-GRAPH-21-001 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner WebService Guild, Cartographer Guild (src/Scanner/StellaOps.Scanner.WebService) | src/Scanner/StellaOps.Scanner.WebService | Provide webhook/REST endpoint for Cartographer to request policy overlays and runtime evidence for graph nodes, ensuring determinism and tenant scoping. | | |
| SCANNER-LIC-0001 | DONE | 2025-11-10 | SPRINT_0138_0001_0001_scanner_ruby_parity | Scanner Guild, Legal Guild (docs/modules/scanner) | docs/modules/scanner | Tree-sitter licensing captured, `NOTICE.md` updated, and Offline Kit now mirrors `third-party-licenses/` with ruby artifacts. | SCANNER-ENG-0016 | |
| SCANNER-LNM-21-001 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner WebService Guild, Policy Guild (src/Scanner/StellaOps.Scanner.WebService) | src/Scanner/StellaOps.Scanner.WebService | Update `/reports` and `/policy/runtime` payloads to consume advisory/vex linksets, exposing source severity arrays and conflict summaries alongside effective verdicts. | | |
| SCANNER-LNM-21-002 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner WebService Guild, UI Guild (src/Scanner/StellaOps.Scanner.WebService) | src/Scanner/StellaOps.Scanner.WebService | Add evidence endpoint for Console to fetch linkset summaries with policy overlay for a component/SBOM, including AOC references. | SCANNER-LNM-21-001 | |
| SCANNER-NATIVE-401-015 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Scanner Worker Guild | `src/Scanner/__Libraries/StellaOps.Scanner.Symbols.Native`, `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph.Native` | Stand up `StellaOps.Scanner.Symbols.Native` + `StellaOps.Scanner.CallGraph.Native` (ELF/PE readers, demanglers, probabilistic carving) and publish `FuncNode`/`CallEdge` CAS bundles consumed by reachability graphs. | Requires CAS schema approval from GAPG0101 | SCNA0101 |
| SCANNER-OPS-0001 | TODO | | SPRINT_327_docs_modules_scanner | Ops Guild (docs/modules/scanner) | docs/modules/scanner | Review scanner runbooks/observability assets after the next sprint demo and capture findings inline with sprint notes. | | |
| SCANNER-POLICY-0001 | DONE | 2025-11-10 | SPRINT_0138_0001_0001_scanner_ruby_parity | Policy Guild, Ruby Analyzer Guild (docs/modules/scanner) | docs/modules/scanner | Ruby predicates shipped: Policy Engine exposes `sbom.any_component` + `ruby.*`, tests updated, DSL/offline-kit docs refreshed. | SCANNER-ENG-0018 | |
| SCANNER-SECRETS-03 | TODO | | SPRINT_0136_0001_0001_scanner_surface | BuildX Plugin Guild, Security Guild (src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin) | src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin | Use Surface.Secrets to retrieve registry credentials when interacting with CAS/referrers. | SCANNER-SECRETS-02 | |
| SCANNER-SORT-02 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Core Guild (src/Scanner/__Libraries/StellaOps.Scanner.Core) | src/Scanner/__Libraries/StellaOps.Scanner.Core | Sort layer fragments by digest and components by `identity.purl`/`identity.key` before composition; add determinism regression tests. | SCANNER-EMIT-15-001 | |
| SCANNER-SURFACE-04 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Worker Guild (src/Scanner/StellaOps.Scanner.Worker) | src/Scanner/StellaOps.Scanner.Worker | DSSE-sign every `layer.fragments` payload, emit `_composition.json`, and persist DSSE envelopes so offline kits can replay deterministically (see `docs/modules/scanner/deterministic-sbom-compose.md` §2.1). | SCANNER-SURFACE-01; SURFACE-FS-03 | |
| SCHED-IMPACT-16-303 | DONE | | SPRINT_0155_0001_0001_scheduler_i | Scheduler ImpactIndex Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.ImpactIndex) | src/Scheduler/__Libraries/StellaOps.Scheduler.ImpactIndex | Snapshot/compaction + invalidation for removed images; persistence to RocksDB/Redis per architecture. | | |
| SCHED-SURFACE-01 | TODO | | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Evaluate Surface.FS pointers when planning delta scans to avoid redundant work and prioritise drift-triggered assets. | | |
| SCHED-SURFACE-02 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scheduler Worker Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Integrate Scheduler worker prefetch using Surface manifest reader and persist manifest pointers with rerun plans. | SURFACE-FS-02; SCHED-SURFACE-01 | |
| SCHED-VULN-29-001 | DONE | | SPRINT_0155_0001_0001_scheduler_i | Scheduler WebService Guild, Findings Ledger Guild (src/Scheduler/StellaOps.Scheduler.WebService) | src/Scheduler/StellaOps.Scheduler.WebService | Expose resolver job APIs (`POST /vuln/resolver/jobs`, `GET /vuln/resolver/jobs/{id}`) to trigger candidate recomputation per artifact/policy change with RBAC and rate limits. | | |
| SCHED-VULN-29-002 | TODO | | SPRINT_0155_0001_0001_scheduler_i | Scheduler WebService Guild, Observability Guild (src/Scheduler/StellaOps.Scheduler.WebService) | src/Scheduler/StellaOps.Scheduler.WebService | Provide projector lag metrics endpoint and webhook notifications for backlog breaches consumed by DevOps dashboards. Dependencies: SCHED-VULN-29-001. | | |
| SCHED-WEB-20-002 | TODO | | SPRINT_0155_0001_0001_scheduler_i | Scheduler WebService Guild (src/Scheduler/StellaOps.Scheduler.WebService) | src/Scheduler/StellaOps.Scheduler.WebService | Provide simulation trigger endpoint returning diff preview metadata and job state for UI/CLI consumption. | | |
| SCHED-WORKER-21-203 | DONE | | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Export metrics (`graph_build_seconds`, `graph_jobs_inflight`, `overlay_lag_seconds`) and structured logs with tenant/graph identifiers. | | |
| SCHED-WORKER-23-101 | TODO | | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Implement policy re-evaluation worker that shards assets, honours rate limits, and updates progress for Console after policy activation events. Dependencies: SCHED-WORKER-21-203. | | |
| SCHED-WORKER-23-102 | TODO | | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Add reconciliation job ensuring re-eval completion within SLA, emitting alerts on backlog and persisting status to `policy_runs`. Dependencies: SCHED-WORKER-23-101. | | |
| SCHED-WORKER-25-101 | TODO | | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Implement exception lifecycle worker handling auto-activation/expiry and publishing `exception.*` events with retries/backoff. Dependencies: SCHED-WORKER-23-102. | | |
| SCHED-WORKER-25-102 | TODO | | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Add expiring notification job generating digests, marking `expiring` state, updating metrics/alerts. Dependencies: SCHED-WORKER-25-101. | | |
| SCHED-WORKER-26-201 | TODO | | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild, Signals Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Build reachability joiner worker that combines SBOM snapshots with signals, writes cached facts, and schedules updates on new events. Dependencies: SCHED-WORKER-25-102. | | |
| SCHED-WORKER-26-202 | TODO | | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Implement staleness monitor + notifier for outdated reachability facts, publishing warnings and updating dashboards. Dependencies: SCHED-WORKER-26-201. | | |
| SCHED-WORKER-27-301 | TODO | | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Policy Registry Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Implement policy batch simulation worker: shard SBOM inventories, invoke Policy Engine, emit partial results, handle retries/backoff, and publish progress events. Dependencies: SCHED-WORKER-26-202. | | |
| SCHED-WORKER-27-302 | TODO | | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Build reducer job aggregating shard outputs into final manifests (counts, deltas, samples) and writing to object storage with checksums; emit completion events. Dependencies: SCHED-WORKER-27-301. | | |
| SCHED-WORKER-27-303 | TODO | | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Security Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Enforce tenant isolation, scope checks, and attestation integration for simulation jobs; secret scanning pipeline for uploaded policy sources. Dependencies: SCHED-WORKER-27-302. | | |
| SCHED-WORKER-29-001 | TODO | | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Findings Ledger Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Implement resolver worker generating candidate findings from inventory + advisory evidence, respecting ecosystem version semantics and path scope; emit jobs for policy evaluation. Dependencies: SCHED-WORKER-27-303. | | |
| SCHED-WORKER-29-002 | TODO | | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Build evaluation orchestration worker invoking Policy Engine batch eval, writing results to Findings Ledger projector queue, and handling retries/backoff. Dependencies: SCHED-WORKER-29-001. | | |
| SCHED-WORKER-29-003 | TODO | | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Add monitoring for resolver/evaluation backlog, SLA breaches, and export job queue; expose metrics/alerts feeding DevOps dashboards. Dependencies: SCHED-WORKER-29-002. | | |
| SCHED-WORKER-CONSOLE-23-201 | TODO | | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Stream run progress events (stage status, tuples processed, SLA hints) to Redis/NATS for Console SSE, with heartbeat, dedupe, and retention policy. Publish metrics + structured logs for queue lag. | | |
| SCHED-WORKER-CONSOLE-23-202 | TODO | | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | Coordinate evidence bundle jobs (enqueue, track status, cleanup) and expose job manifests to Web gateway; ensure idempotent reruns and cancellation support. Dependencies: SCHED-WORKER-CONSOLE-23-201. | | |
| SCHEDULER-DOCS-0001 | DONE | | SPRINT_0328_0001_0001_docs_modules_scheduler | Docs Guild (docs/modules/scheduler) | docs/modules/scheduler | See ./AGENTS.md | | |
| SCHEDULER-ENG-0001 | DONE | | SPRINT_0328_0001_0001_docs_modules_scheduler | Module Team (docs/modules/scheduler) | docs/modules/scheduler | Update status via ./AGENTS.md workflow | | |
| SCHEDULER-OPS-0001 | DONE | | SPRINT_0328_0001_0001_docs_modules_scheduler | Ops Guild (docs/modules/scheduler) | docs/modules/scheduler | Sync outcomes back to ../.. | | |
| SCHEMA-401-024 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild (`src/Signals/StellaOps.Signals`, `docs/uncertainty/README.md`) | `src/Signals/StellaOps.Signals`, `docs/uncertainty/README.md` | | | |
| SCORER-401-025 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild (`src/Signals/StellaOps.Signals.Application`, `docs/uncertainty/README.md`) | `src/Signals/StellaOps.Signals.Application`, `docs/uncertainty/README.md` | | | |
| SCORING-401-003 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild (`src/Signals/StellaOps.Signals`) | `src/Signals/StellaOps.Signals` | | | |
| SDK-62-001 | TODO | | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild, SDK Generator Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | |
| SDK-62-002 | TODO | | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | |
| SDK-63-001 | TODO | | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild, API Governance Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | |
| SDK-64-001 | TODO | | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild, SDK Release Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | |
| SDKGEN-62-001 | TODO | | SPRINT_0208_0001_0001_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | Choose/pin generator toolchain, set up language template pipeline, and enforce reproducible builds. | DEVL0101 portal contracts | SDKG0101 |
| SDKGEN-62-002 | TODO | | SPRINT_0208_0001_0001_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | Implement shared post-processing (auth helpers, retries, pagination utilities, telemetry hooks) applied to all languages. Dependencies: SDKGEN-62-001. | SDKGEN-62-001 | SDKG0101 |
| SDKGEN-63-001 | TODO | | SPRINT_0208_0001_0001_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | Ship TypeScript SDK alpha with ESM/CJS builds, typed errors, paginator, streaming helpers. Dependencies: SDKGEN-62-002. | 63-004 | SDKG0101 |
| SDKGEN-63-002 | TODO | | SPRINT_0208_0001_0001_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | Ship Python SDK alpha (sync/async clients, type hints, upload/download helpers). Dependencies: SDKGEN-63-001. | SDKGEN-63-001 | SDKG0101 |
| SDKGEN-63-003 | TODO | | SPRINT_0208_0001_0001_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | Ship Go SDK alpha with context-first API and streaming helpers. Dependencies: SDKGEN-63-002. | SDKGEN-63-002 | SDKG0101 |
| SDKGEN-63-004 | TODO | | SPRINT_0208_0001_0001_sdk | SDK Generator Guild | src/Sdk/StellaOps.Sdk.Generator | Ship Java SDK alpha (builder pattern, HTTP client abstraction). Dependencies: SDKGEN-63-003. | SDKGEN-63-003 | SDKG0101 |
| SDKGEN-64-001 | TODO | | SPRINT_0208_0001_0001_sdk | SDK Generator Guild · CLI Guild | src/Sdk/StellaOps.Sdk.Generator | Switch CLI to consume TS or Go SDK; ensure parity. Dependencies: SDKGEN-63-004. | SDKGEN-63-004 | SDKG0101 |
| SDKGEN-64-002 | TODO | | SPRINT_0208_0001_0001_sdk | SDK Generator Guild · Console Guild | src/Sdk/StellaOps.Sdk.Generator | Integrate SDKs into Console data providers where feasible. Dependencies: SDKGEN-64-001. | SDKGEN-64-001 | SDKG0101 |
| SDKREL-63-001 | TODO | | SPRINT_0208_0001_0001_sdk | SDK Release Guild (src/Sdk/StellaOps.Sdk.Release) | src/Sdk/StellaOps.Sdk.Release | Configure CI pipelines for npm, PyPI, Maven Central staging, and Go proxies with signing and provenance attestations. | | |
| SDKREL-63-002 | TODO | | SPRINT_0208_0001_0001_sdk | SDK Release Guild, API Governance Guild (src/Sdk/StellaOps.Sdk.Release) | src/Sdk/StellaOps.Sdk.Release | Integrate changelog automation pulling from OAS diffs and generator metadata. Dependencies: SDKREL-63-001. | | |
| SDKREL-64-001 | TODO | | SPRINT_0208_0001_0001_sdk | SDK Release Guild, Notifications Guild (src/Sdk/StellaOps.Sdk.Release) | src/Sdk/StellaOps.Sdk.Release | Hook SDK releases into Notifications Studio with scoped announcements and RSS/Atom feeds. Dependencies: SDKREL-63-002. | | |
| SDKREL-64-002 | TODO | | SPRINT_0208_0001_0001_sdk | SDK Release Guild, Export Center Guild (src/Sdk/StellaOps.Sdk.Release) | src/Sdk/StellaOps.Sdk.Release | Add `devportal --offline` bundle job packaging docs, specs, SDK artifacts for air-gapped users. Dependencies: SDKREL-64-001. | | |
| SEC-62-001 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild, Authority Core (docs) | | | | |
| SEC-CRYPTO-90-001 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Produce the RootPack_RU implementation plan, provider strategy (CryptoPro + PKCS#11), and backlog split for sovereign crypto work. | | |
| SEC-CRYPTO-90-002 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Extend signature/catalog constants and configuration schema to recognize `GOST12-256/512`, regional crypto profiles, and provider preference ordering. | | |
| SEC-CRYPTO-90-003 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Implement `StellaOps.Cryptography.Plugin.CryptoPro` provider (sign/verify/JWK export) using CryptoPro CSP with deterministic logging/tests. | | |
| SEC-CRYPTO-90-004 | DONE | 2025-11-07 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Implement `StellaOps.Cryptography.Plugin.Pkcs11Gost` provider (Rutoken/JaCarta) via Pkcs11Interop with configurable slot/pin/module handling. | | |
| SEC-CRYPTO-90-005 | DONE | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Add configuration-driven provider selection (`crypto.regionalProfiles`), CLI diagnostics, and telemetry. | | |
| SEC-CRYPTO-90-006 | DONE | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Build deterministic Streebog/signature harnesses and RootPack audit metadata/runbooks. | | |
| SEC-CRYPTO-90-007 | DONE | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Package RootPack_RU artifacts (plugins, trust anchors, configs) with deployment documentation. | | |
| SEC-CRYPTO-90-008 | DONE | 2025-11-08 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Audit repository for direct crypto usage bypassing the new abstractions and file remediation tasks. | | |
| SEC-CRYPTO-90-009 | DONE | 2025-11-09 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro) | src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro | Replace the placeholder CryptoPro plug-in with a true CryptoPro CSP implementation (GostCryptography, certificate-store lookup, DER/raw normalization) so RootPack_RU exposes a qualified-signature path. | | |
| SEC-CRYPTO-90-010 | DONE | 2025-11-09 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography + .DependencyInjection) | src/__Libraries/StellaOps.Cryptography + .DependencyInjection | Introduce `StellaOpsCryptoOptions` / configuration binding for registry profiles/keys and ship an `AddStellaOpsCryptoRu(IConfiguration, …)` helper so hosts can enable `ru-offline` via YAML without custom code. | | |
| SEC-CRYPTO-90-011 | DONE | 2025-11-09 | SPRINT_514_sovereign_crypto_enablement | Security & Ops Guilds (src/Tools/StellaOps.CryptoRu.Cli) | src/Tools/StellaOps.CryptoRu.Cli | Build the sovereign crypto CLI (`StellaOps.CryptoRu.Cli`) to list keys, perform test-sign operations, and emit determinism/audit snapshots referenced in the RootPack docs. | | |
| SEC-CRYPTO-90-012 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/__Tests/StellaOps.Cryptography.Tests) | src/__Libraries/__Tests/StellaOps.Cryptography.Tests | Add CryptoPro + PKCS#11 integration tests (env/pin gated) and wire them into `scripts/crypto/run-rootpack-ru-tests.sh`, covering Streebog vectors and DER/raw signatures. | | |
| SEC-CRYPTO-90-013 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography) | src/__Libraries/StellaOps.Cryptography | Extend the shared crypto stack with sovereign symmetric algorithms (Magma/Kuznyechik) so exports/data-at-rest can request Russian ciphers via the provider registry. | | |
| SEC-CRYPTO-90-014 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security + Service Guilds | | Update runtime hosts (Authority, Scanner WebService/Worker, Concelier, etc.) to register the RU providers, bind `StellaOps:Crypto` profiles, and expose configuration toggles per the new options model. | Wait for AUIN0101 approvals | CRSA0101 |
| SEC-CRYPTO-90-015 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security + Docs Guild | docs/security/rootpack_ru_*.md | Refresh RootPack/validation documentation once the CLI/config/tests exist (remove TODO callouts, document final workflows). | Depends on #1 | CRSA0101 |
| SEC-CRYPTO-90-016 | DONE | 2025-11-09 | SPRINT_514_sovereign_crypto_enablement | Security Guild (src/__Libraries/StellaOps.Cryptography.DependencyInjection + .Plugin.CryptoPro) | src/__Libraries/StellaOps.Cryptography.DependencyInjection + .Plugin.CryptoPro | Quarantine CryptoPro dependencies by default until IT.GostCryptography is patched; add MSBuild flag `StellaOpsEnableCryptoPro` and follow-up plan to re-enable the plug-in once a safe package exists. | | |
| SEC-CRYPTO-90-017 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security Guild | third_party/forks + src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro | Vendor `third_party/forks/AlexMAS.GostCryptography` into the solution build (solution filters, Directory.Build props, CI) so the library compiles with the rest of the repo and publishes artifacts for downstream consumers. | Needs third_party fork sync | CRSA0101 |
| SEC-CRYPTO-90-018 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security + Docs Guild | docs/security/rootpack_ru_*.md, docs/dev/crypto.md | Update developer/RootPack documentation to describe the new fork, sync steps, and licensing so operators know where the CryptoPro sources live and how to refresh them. | Depends on #3 | CRSA0101 |
| SEC-CRYPTO-90-019 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security Guild | third_party/forks/AlexMAS.GostCryptography | Patch the fork to drop vulnerable `System.Security.Cryptography.{Pkcs,Xml}` 6.0.0 dependencies (target .NET 8+, adopt fixed BCL packages, re-run tests). | Needs fork validation | CRSA0101 |
| SEC-CRYPTO-90-020 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security Guild | src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro | Re-point `StellaOps.Cryptography.Plugin.CryptoPro` to the forked sources (replace NuGet package references, adjust DI wiring) and prove the plugin works end-to-end. | Depends on #5 | CRSA0101 |
| SEC-CRYPTO-90-021 | TODO | | SPRINT_514_sovereign_crypto_enablement | Security + QA Guilds | scripts/crypto/**, docs/security/rootpack_ru_validation.md | Validate the forked library + plugin on both Windows (CryptoPro CSP) and Linux (OpenSSL GOST fallback) builds/tests; document any platform-specific prerequisites. | Depends on #6 | CRSA0101 |
| SEC-OBS-50-001 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild, Security Guild (docs) | | | | |
| SEC2 | DONE | 2025-11-09 | SPRINT_100_identity_signing | Security Guild, Storage Guild (src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard) | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard | | | |
| SEC3 | DONE | 2025-11-09 | SPRINT_100_identity_signing | Security Guild, BE-Auth Plugin (src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard) | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard | | | |
| SEC5 | DONE | 2025-11-09 | SPRINT_100_identity_signing | Security Guild (src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard) | src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard | | | |
| SECRETS-01 | DOING | 2025-11-02 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Security Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | | | |
| SECRETS-02 | DOING | 2025-11-02 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | | SURFACE-SECRETS-01 | |
| SECRETS-03 | TODO | | SPRINT_0136_0001_0001_scanner_surface | BuildX Plugin Guild · Security Guild | src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin | SCANNER-SECRETS-02 | SCANNER-SECRETS-02 | SCBX0101 |
| SECRETS-04 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | | SURFACE-SECRETS-02 | |
| SECRETS-05 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Zastava Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | | SURFACE-SECRETS-02 | |
| SECRETS-06 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Ops Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | | SURFACE-SECRETS-03 | |
| SERVER-401-011 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Symbols Guild (`src/Symbols/StellaOps.Symbols.Server`) | `src/Symbols/StellaOps.Symbols.Server` | | | |
| SERVICE-21-001 | BLOCKED | | SPRINT_0140_0001_0001_runtime_signals | | | | | |
| SERVICE-21-002 | BLOCKED | | SPRINT_0140_0001_0001_runtime_signals | | | | | |
| SERVICE-21-003 | BLOCKED | | SPRINT_0140_0001_0001_runtime_signals | | | | | |
| SERVICE-21-004 | BLOCKED | | SPRINT_0140_0001_0001_runtime_signals | | | | | |
| SERVICE-23-001 | TODO | | SPRINT_0140_0001_0001_runtime_signals | | | | | |
| SERVICE-23-002 | TODO | | SPRINT_0140_0001_0001_runtime_signals | | | | | |
| SERVICE-DOCS-0001 | TODO | | SPRINT_0326_0001_0001_docs_modules_registry | Docs Guild (docs/modules/registry) | docs/modules/registry | | | |
| SERVICE-ENG-0001 | TODO | | SPRINT_0326_0001_0001_docs_modules_registry | Module Team (docs/modules/registry) | docs/modules/registry | | | |
| SERVICE-OPS-0001 | TODO | | SPRINT_0326_0001_0001_docs_modules_registry | Ops Guild (docs/modules/registry) | docs/modules/registry | | | |
| SIG-003 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild (`src/Signals/StellaOps.Signals`, `docs/reachability/function-level-evidence.md`) | `src/Signals/StellaOps.Signals`, `docs/reachability/function-level-evidence.md` | | | |
| SIG-26-001 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild, Signals Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | | | |
| SIG-26-002 | TODO | | SPRINT_0204_0001_0004_cli_iv | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | |
| SIG-26-003 | TODO | | SPRINT_0211_0001_0003_ui_iii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | | | |
| SIG-26-004 | TODO | | SPRINT_0211_0001_0003_ui_iii | UI Guild (src/UI/StellaOps.UI) | src/UI/StellaOps.UI | | | |
| SIG-26-005 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild, UI Guild (docs) | | | | |
| SIG-26-006 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild, DevEx/CLI Guild (docs) | | | | |
| SIG-26-007 | TODO | | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild, BE-Base Platform Guild (docs) | | | | |
| SIG-26-008 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, DevOps Guild (docs) | | | | |
| SIG-STORE-401-016 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild · BE-Base Platform Guild (`src/Signals/StellaOps.Signals`, `src/__Libraries/StellaOps.Replay.Core`) | `src/Signals/StellaOps.Signals`, `src/__Libraries/StellaOps.Replay.Core` | Introduce shared reachability store collections (`func_nodes`, `call_edges`, `cve_func_hits`), indexes, and repository APIs so Scanner/Signals/Policy can reuse canonical function data. | | |
| SIGN-CORE-186-004 | DONE | 2025-11-26 | SPRINT_0186_0001_0001_record_deterministic_execution | Signing Guild | `src/Signer/StellaOps.Signer`, `src/__Libraries/StellaOps.Cryptography` | Replace the HMAC demo implementation in `StellaOps.Signer` with StellaOps.Cryptography providers (keyless + KMS), including provider selection, key material loading, and cosign-compatible DSSE signature output. | Mirrors #1 | SIGR0101 |
| SIGN-CORE-186-005 | DONE | 2025-11-26 | SPRINT_0186_0001_0001_record_deterministic_execution | Signing Guild | `src/Signer/StellaOps.Signer.Core` | Refactor `SignerStatementBuilder` to support StellaOps predicate types (e.g., `stella.ops/promotion@v1`) and delegate payload canonicalisation to the Provenance library once available. | Mirrors #2 | SIGR0101 |
| SIGN-REPLAY-186-003 | TODO | | SPRINT_0186_0001_0001_record_deterministic_execution | Signing Guild (`src/Signer/StellaOps.Signer`, `src/Authority/StellaOps.Authority`) | `src/Signer/StellaOps.Signer`, `src/Authority/StellaOps.Authority` | Extend Signer/Authority DSSE flows to cover replay manifest/bundle payload types with multi-profile support; refresh `docs/modules/signer/architecture.md` and `docs/modules/authority/architecture.md` to capture the new signing/verification path referencing `docs/replay/DETERMINISTIC_REPLAY.md` Section 5. | | |
| SIGN-TEST-186-006 | DONE | 2025-11-26 | SPRINT_0186_0001_0001_record_deterministic_execution | Signing Guild, QA Guild (`src/Signer/StellaOps.Signer.Tests`) | `src/Signer/StellaOps.Signer.Tests` | Upgrade signer integration tests to run against the real crypto abstraction and fixture predicates (promotion, SBOM, replay), replacing stub tokens/digests with deterministic test data. | | |
| SIGN-VEX-401-018 | DONE | 2025-11-26 | SPRINT_0401_0001_0001_reachability_evidence_chain | Signing Guild (`src/Signer/StellaOps.Signer`, `docs/modules/signer/architecture.md`) | `src/Signer/StellaOps.Signer`, `docs/modules/signer/architecture.md` | Extend Signer predicate catalog with `stella.ops/vexDecision@v1`, enforce payload policy, and plumb DSSE/Rekor integration for policy decisions. | | |
| SIGNALS-24-001 | DONE | 2025-11-09 | SPRINT_0140_0001_0001_runtime_signals | | | Host skeleton, RBAC, sealed-mode readiness, `/signals/facts/{subject}` retrieval, and readiness probes merged; serves as base for downstream ingestion. | | |
| SIGNALS-24-002 | DOING | 2025-11-07 | SPRINT_0140_0001_0001_runtime_signals | | | Callgraph ingestion + retrieval APIs are live, but CAS promotion and signed manifest publication remain; cannot close until reachability jobs can trust stored graphs. | | |
| SIGNALS-24-003 | DOING | 2025-11-09 | SPRINT_0140_0001_0001_runtime_signals | | | Runtime facts ingestion accepts JSON/NDJSON and gzip streams; provenance/context enrichment and NDJSON-to-AOC wiring still outstanding. | | |
| SIGNALS-24-004 | BLOCKED | 2025-10-27 | SPRINT_0140_0001_0001_runtime_signals | | 24-002/003 | Reachability scoring waits on complete ingestion feeds (24-002/003) plus Authority scope validation. | | |
| SIGNALS-24-005 | BLOCKED | 2025-10-27 | SPRINT_0140_0001_0001_runtime_signals | | | Cache + `signals.fact.updated` events depend on scoring outputs; remains idle until 24-004 unblocks. | | |
| SIGNALS-REACH-201-003 | DOING | 2025-11-08 | SPRINT_400_runtime_facts_static_callgraph_union | Signals Guild (`src/Signals/StellaOps.Signals`) | `src/Signals/StellaOps.Signals` | Extend Signals ingestion to accept the new multi-language graphs + runtime facts, normalize into `reachability_graphs` CAS layout, and expose retrieval APIs for Policy/CLI. | | |
| SIGNALS-REACH-201-004 | DOING | 2025-11-08 | SPRINT_400_runtime_facts_static_callgraph_union | Signals Guild · Policy Guild (`src/Signals/StellaOps.Signals`, `src/Policy/StellaOps.Policy.Engine`) | `src/Signals/StellaOps.Signals`, `src/Policy/StellaOps.Policy.Engine` | Build the reachability scoring engine (state/score/confidence), wire Redis caches + `signals.fact.updated` events, and integrate reachability weights defined in `docs/11_DATA_SCHEMAS.md`. | | |
| SIGNALS-RUNTIME-401-002 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild (`src/Signals/StellaOps.Signals`) | `src/Signals/StellaOps.Signals` | Ship `/signals/runtime-facts` ingestion for NDJSON (and gzip) batches, dedupe hits, and link runtime evidence CAS URIs to callgraph nodes. Include retention + RBAC tests. | | |
| SIGNALS-SCORING-401-003 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild (`src/Signals/StellaOps.Signals`) | `src/Signals/StellaOps.Signals` | Extend `ReachabilityScoringService` with deterministic scoring (static path +0.50, runtime hits +0.30/+0.10 sink, guard penalties, reflection penalty, floor 0.05), persist reachability labels (`reachable/conditional/unreachable`) and expose `/graphs/{scanId}` CAS lookups. | | |
| SIGNER-DOCS-0001 | DONE | 2025-11-05 | SPRINT_0329_0001_0001_docs_modules_signer | Docs Guild (docs/modules/signer) | docs/modules/signer | Validate that `docs/modules/signer/README.md` captures the latest DSSE/fulcio updates. | | |
| SIGNER-ENG-0001 | DONE | 2025-11-26 | SPRINT_0329_0001_0001_docs_modules_signer | Module Team (docs/modules/signer) | docs/modules/signer | Keep module milestones aligned with signer sprints under `/docs/implplan`. Updated README with Sprint 0186/0401 completed tasks (SIGN-CORE-186-004/005, SIGN-TEST-186-006, SIGN-VEX-401-018). | | |
| SIGNER-OPS-0001 | TODO | | SPRINT_0329_0001_0001_docs_modules_signer | Ops Guild (docs/modules/signer) | docs/modules/signer | Review signer runbooks/observability assets after next sprint demo. | | |
| SORT-02 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Core Guild (src/Scanner/__Libraries/StellaOps.Scanner.Core) | src/Scanner/__Libraries/StellaOps.Scanner.Core | | SCANNER-EMIT-15-001 | |
| ORCH-DOCS-0001 | DONE | | SPRINT_0323_0001_0001_docs_modules_orchestrator | Docs Guild (docs/modules/orchestrator) | docs/modules/orchestrator | Refresh orchestrator README + diagrams to reflect job leasing changes and reference the task runner bridge. | | |
| ORCH-ENG-0001 | DONE | | SPRINT_0323_0001_0001_docs_modules_orchestrator | Module Team (docs/modules/orchestrator) | docs/modules/orchestrator | Sync into ../.. | | |
| ORCH-OPS-0001 | DONE | | SPRINT_0323_0001_0001_docs_modules_orchestrator | Ops Guild (docs/modules/orchestrator) | docs/modules/orchestrator | Document outputs in ./README.md | | |
| SPL-23-001 | TODO | | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Language Infrastructure Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | | | |
| SPL-23-002 | TODO | | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | | POLICY-SPL-23-001 | |
| SPL-23-003 | TODO | | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | | POLICY-SPL-23-002 | |
| SPL-23-004 | TODO | | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Audit Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | | POLICY-SPL-23-003 | |
| SPL-23-005 | TODO | | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, DevEx Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | | POLICY-SPL-23-004 | |
| SPL-24-001 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0128_0001_0001_policy_reasoning | Policy Guild, Signals Guild / src/Policy/__Libraries/StellaOps.Policy | src/Policy/__Libraries/StellaOps.Policy | | POLICY-SPL-23-005 | |
| STORE-401-016 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild · BE-Base Platform Guild (`src/Signals/StellaOps.Signals`, `src/__Libraries/StellaOps.Replay.Core`) | `src/Signals/StellaOps.Signals`, `src/__Libraries/StellaOps.Replay.Core` | | | |
| STORE-AOC-19-001 | TODO | | SPRINT_0123_0001_0005_excititor_v | Excititor Storage Guild (src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo) | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo | | | |
| STORE-AOC-19-002 | TODO | | SPRINT_0123_0001_0005_excititor_v | Excititor Storage Guild, DevOps Guild (src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo) | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo | | | |
| STORE-AOC-19-005 | TODO | 2025-11-04 | SPRINT_115_concelier_iv | Concelier Storage Guild, DevOps Guild (src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo) | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | | | |
| SURFACE-01 | TODO | | SPRINT_0140_0001_0001_runtime_signals | | | | | |
| SURFACE-02 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scheduler Worker Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | SURFACE-FS-02; SCHED-SURFACE-01 | |
| SURFACE-04 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Worker Guild (src/Scanner/StellaOps.Scanner.Worker) | src/Scanner/StellaOps.Scanner.Worker | | SCANNER-SURFACE-01; SURFACE-FS-03 | |
| SURFACE-ENV-01 | DONE | 2025-11-13 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Zastava Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | Draft `surface-env.md` enumerating environment variables, defaults, and air-gap behaviour for Surface consumers. | — | SCSS0101 |
| SURFACE-ENV-02 | DOING | 2025-11-02 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | Implement strongly-typed env accessors with validation and deterministic logging inside `StellaOps.Scanner.Surface.Env`. | SURFACE-ENV-01 | SCSS0101 |
| SURFACE-ENV-03 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | Adopt the env helper across Scanner Worker/WebService/BuildX plug-ins. | SURFACE-ENV-02 | |
| SURFACE-ENV-04 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Zastava Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | Wire env helper into Zastava Observer/Webhook containers. | SURFACE-ENV-02 | |
| SURFACE-ENV-05 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Ops Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env | Update Helm/Compose/offline kit templates with new env knobs and documentation. | SURFACE-ENV-03; SURFACE-ENV-04 | |
| SURFACE-FS-03 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | Integrate Surface.FS writer into Scanner Worker analyzer pipeline to persist layer + entry-trace fragments. | SURFACE-FS-02 | |
| SURFACE-FS-04 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Zastava Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | Integrate Surface.FS reader into Zastava Observer runtime drift loop. | SURFACE-FS-02 | |
| SURFACE-FS-05 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Scheduler Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | Expose Surface.FS pointers via Scanner WebService reports and coordinate rescan planning with Scheduler. | SURFACE-FS-03 | |
| SURFACE-FS-06 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Docs Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | Update scanner-engine guide and offline kit docs with Surface.FS workflow. | SURFACE-FS-02 | |
| SURFACE-FS-07 | DONE | 2025-12-04 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS | Extend Surface.FS manifest schema with `composition.recipe`, fragment attestation metadata, and verification helpers per deterministic SBOM spec. | SCANNER-SURFACE-04 | |
| SURFACE-SECRETS-01 | DOING | 2025-11-02 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Security Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | Produce `surface-secrets.md` defining secret reference schema, storage backends, scopes, and rotation rules. | | |
| SURFACE-SECRETS-02 | DOING | 2025-11-02 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | Implement `StellaOps.Scanner.Surface.Secrets` core provider interfaces, secret models, and in-memory test backend. | SURFACE-SECRETS-01 | |
| SURFACE-SECRETS-03 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | Add Kubernetes/File/Offline backends with deterministic caching and audit hooks. | SURFACE-SECRETS-02 | SCSS0101 |
| SURFACE-SECRETS-04 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | Integrate Surface.Secrets into Scanner Worker/WebService/BuildX for registry + CAS creds. | SURFACE-SECRETS-02 | |
| SURFACE-SECRETS-05 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Zastava Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | Invoke Surface.Secrets from Zastava Observer/Webhook for CAS & attestation secrets. | SURFACE-SECRETS-02 | |
| SURFACE-SECRETS-06 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Ops Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets | Update deployment manifests/offline kit bundles to provision secret references instead of raw values. | SURFACE-SECRETS-03 | |
| SURFACE-VAL-01 | DOING | 2025-11-01 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Security Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | Define the Surface validation framework (`surface-validation.md`) covering env/cache/secret checks and extension hooks. | SURFACE-FS-01; SURFACE-ENV-01 | SCSS0102 |
| SURFACE-VAL-02 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | Implement base validation library with check registry and default validators for env/cached manifests/secret refs. | SURFACE-VAL-01; SURFACE-ENV-02; SURFACE-FS-02 | SCSS0102 |
| SURFACE-VAL-03 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | Integrate validation pipeline into Scanner analyzers so checks run before processing. | SURFACE-VAL-02 | SCSS0102 |
| SURFACE-VAL-04 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Zastava Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | Expose validation helpers to Zastava and other runtime consumers for preflight checks. | SURFACE-VAL-02 | SCSS0102 |
| SURFACE-VAL-05 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Docs Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | Document validation extensibility, registration, and customization in scanner-engine guides. | SURFACE-VAL-02 | SCSS0102 |
| SVC-32-002 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | |
| SVC-32-003 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | |
| SVC-32-004 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | |
| SVC-32-005 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | |
| SVC-33-001 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | |
| SVC-33-002 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | |
| SVC-33-003 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | |
| SVC-33-004 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | |
| SVC-34-001 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | |
| SVC-34-002 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | |
| SVC-34-003 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | |
| SVC-34-004 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | |
| SVC-35-001 | BLOCKED | 2025-10-29 | SPRINT_163_exportcenter_ii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | |
| SVC-35-002 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | |
| SVC-35-003 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | |
| SVC-35-004 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | |
| SVC-35-005 | TODO | | SPRINT_163_exportcenter_ii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | |
| SVC-35-006 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | |
| SVC-35-101 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | |
| SVC-36-001 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | |
| SVC-36-002 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | |
| SVC-36-003 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | |
| SVC-36-004 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | |
| SVC-36-101 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | |
| SVC-37-001 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | |
| SVC-37-002 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | |
| SVC-37-003 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | |
| SVC-37-004 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | |
| SVC-37-101 | TODO | | SPRINT_0152_0001_0002_orchestrator_ii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | |
| SVC-38-002 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | | | |
| SVC-38-003 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | | | |
| SVC-38-004 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | | | |
| SVC-38-101 | TODO | | SPRINT_0153_0001_0003_orchestrator_iii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | |
| SVC-39-001 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | | | |
| SVC-39-002 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | | | |
| SVC-39-003 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | | | |
| SVC-39-004 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | | | |
| SVC-40-001 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | | | |
| SVC-40-002 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | | | |
| SVC-40-003 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | | | |
| SVC-40-004 | TODO | | SPRINT_0172_0001_0002_notifier_ii | Notifications Service Guild (src/Notifier/StellaOps.Notifier) | src/Notifier/StellaOps.Notifier | | | |
| SVC-41-101 | TODO | | SPRINT_0153_0001_0003_orchestrator_iii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | |
| SVC-42-101 | TODO | | SPRINT_0153_0001_0003_orchestrator_iii | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator) | src/Orchestrator/StellaOps.Orchestrator | | | |
| SVC-43-001 | TODO | | SPRINT_0164_0001_0003_exportcenter_iii | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter) | src/ExportCenter/StellaOps.ExportCenter | | | |
| SYM-007 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Scanner Worker Guild & Docs Guild (`src/Scanner/StellaOps.Scanner.Models`, `docs/modules/scanner/architecture.md`, `docs/reachability/function-level-evidence.md`) | `src/Scanner/StellaOps.Scanner.Models`, `docs/modules/scanner/architecture.md`, `docs/reachability/function-level-evidence.md` | | | |
| SYMS-70-003 | TODO | | SPRINT_0304_0001_0004_docs_tasks_md_iv | Docs Guild, Symbols Guild (docs) | | | | |
| SYMS-90-005 | TODO | | SPRINT_0505_0001_0001_ops_devops_iii | DevOps Guild, Symbols Guild (ops/devops) | ops/devops | | | |
| SYMS-BUNDLE-401-014 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Symbols Guild · Ops | `src/Symbols/StellaOps.Symbols.Bundle`, `ops` | Produce deterministic symbol bundles for air-gapped installs (`symbols bundle create | Depends on #1 | RBSY0101 |
| SYMS-CLIENT-401-012 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Symbols Guild · Scanner Guild | `src/Symbols/StellaOps.Symbols.Client`, `src/Scanner/StellaOps.Scanner.Symbolizer` | Ship `StellaOps.Symbols.Client` SDK (resolve/upload APIs, platform key derivation for ELF/PDB/Mach-O/JVM/Node, disk LRU cache) and integrate with Scanner.Symbolizer/runtime probes (ref. `docs/specs/SYMBOL_MANIFEST_v1.md`). | Depends on #3 | RBSY0101 |
| SYMS-INGEST-401-013 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Symbols Guild · DevOps Guild | `src/Symbols/StellaOps.Symbols.Ingestor.Cli`, `docs/specs/SYMBOL_MANIFEST_v1.md` | Build `symbols ingest` CLI to emit DSSE-signed `SymbolManifest v1`, upload blobs, and register Rekor entries; document GitLab/Gitea pipeline usage. | Needs manifest updates from #1 | RBSY0101 |
| SYMS-SERVER-401-011 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Symbols Guild | `src/Symbols/StellaOps.Symbols.Server` | Deliver `StellaOps.Symbols.Server` (REST+gRPC) with DSSE-verified uploads, Mongo/MinIO storage, tenant isolation, and deterministic debugId indexing; publish health/manifest APIs (spec: `docs/specs/SYMBOL_MANIFEST_v1.md`). | Depends on #5 | RBSY0101 |
| TASKRUN-41-001 | DONE (2025-11-30) | 2025-11-30 | SPRINT_0157_0001_0002_taskrunner_blockers | Task Runner Guild | src/TaskRunner/StellaOps.TaskRunner | Bootstrap service, define migrations for `pack_runs`, `pack_run_logs`, `pack_artifacts`, implement run API (create/get/log stream), local executor, approvals pause, artifact capture, and provenance manifest generation. | Delivered per Task Pack advisory and architecture contract. | ORTR0101 |
| TASKRUN-AIRGAP-56-001 | DONE (2025-11-30) | 2025-11-30 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild · AirGap Policy Guild | src/TaskRunner/StellaOps.TaskRunner | Enforce plan-time validation rejecting steps with non-allowlisted network calls in sealed mode and surface remediation errors. | TASKRUN-41-001 | ORTR0101 |
| TASKRUN-AIRGAP-56-002 | DONE (2025-12-03) | 2025-11-30 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild · AirGap Importer Guild | src/TaskRunner/StellaOps.TaskRunner | Add helper steps for bundle ingestion (checksum verification, staging to object store) with deterministic outputs. | TASKRUN-AIRGAP-56-001 | ORTR0101 |
| TASKRUN-AIRGAP-57-001 | BLOCKED (2025-11-30) | 2025-11-30 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild · AirGap Controller Guild | src/TaskRunner/StellaOps.TaskRunner | Refuse to execute plans when environment sealed=false but declared sealed install; emit advisory timeline events. | TASKRUN-AIRGAP-56-002 | ORTR0101 |
| TASKRUN-AIRGAP-58-001 | BLOCKED (2025-11-30) | 2025-11-30 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild · Evidence Locker Guild | src/TaskRunner/StellaOps.TaskRunner | Capture bundle import job transcripts, hashed inputs, and outputs into portable evidence bundles. | TASKRUN-AIRGAP-57-001 | ORTR0101 |
| TASKRUN-OAS-61-001 | BLOCKED (2025-11-30) | 2025-11-30 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild · API Contracts Guild | src/TaskRunner/StellaOps.TaskRunner | Document Task Runner APIs (pack runs, logs, approvals) in service OAS, including streaming response schemas and examples. | TASKRUN-41-001 | ORTR0101 |
| TASKRUN-OAS-61-002 | BLOCKED (2025-11-30) | 2025-11-30 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild | src/TaskRunner/StellaOps.TaskRunner | Expose `GET /.well-known/openapi` returning signed spec metadata, build version, and ETag. | TASKRUN-OAS-61-001 | ORTR0101 |
| TASKRUN-OAS-62-001 | BLOCKED (2025-11-30) | 2025-11-30 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild · SDK Generator Guild | src/TaskRunner/StellaOps.TaskRunner | Provide SDK examples for pack run lifecycle; ensure SDKs offer streaming log helpers and paginator wrappers. | TASKRUN-OAS-61-002 | ORTR0102 |
| TASKRUN-OAS-63-001 | BLOCKED (2025-11-30) | 2025-11-30 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild · API Governance Guild | src/TaskRunner/StellaOps.TaskRunner | Implement deprecation header support and Sunset handling for legacy pack APIs; emit notifications metadata. | TASKRUN-OAS-62-001 | ORTR0102 |
| TASKRUN-OBS-50-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild | src/TaskRunner/StellaOps.TaskRunner | Adopt telemetry core in Task Runner host + worker executors, ensuring step execution spans/logs include `trace_id`, `tenant_id`, `run_id`, and scrubbed command transcripts. | ORTR0101 telemetry hooks | ORTR0102 |
| TASKRUN-OBS-51-001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild · DevOps Guild | src/TaskRunner/StellaOps.TaskRunner | Emit metrics for step latency, retries, queue depth, sandbox resource usage; define SLOs for pack run completion and failure rate; surface burn-rate alerts to collector/Notifier. Dependencies: TASKRUN-OBS-50-001. | TASKRUN-OBS-50-001 | ORTR0102 |
| TASKRUN-OBS-52-001 | BLOCKED (2025-11-25) | 2025-11-25 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild | src/TaskRunner/StellaOps.TaskRunner | Produce timeline events for pack runs (`pack.started`, `pack.step.completed`, `pack.failed`) containing evidence pointers and policy gate context. Provide dedupe + retry logic. Blocked: timeline event schema and evidence-pointer contract not published. | TASKRUN-OBS-51-001 | ORTR0102 |
| TASKRUN-OBS-53-001 | BLOCKED (2025-11-25) | 2025-11-25 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild · Evidence Locker Guild | src/TaskRunner/StellaOps.TaskRunner | Capture step transcripts, artifact manifests, environment digests, and policy approvals into evidence locker snapshots; ensure redaction + hash chain coverage. Blocked: waiting on timeline schema/evidence-pointer contract (OBS-52-001). | TASKRUN-OBS-52-001 | ORTR0102 |
| TASKRUN-TEN-48-001 | BLOCKED (2025-11-30) | 2025-11-30 | SPRINT_0158_0001_0002_taskrunner_ii | Task Runner Guild | src/TaskRunner/StellaOps.TaskRunner | Require tenant/project context for every pack run, set DB/object-store prefixes, block egress when tenant restricted, and propagate context to steps/logs. | TASKRUN-OBS-53-001; Tenancy policy contract | ORTR0101 |
| TELEMETRY-DOCS-0001 | DONE (2025-11-30) | 2025-11-30 | SPRINT_330_docs_modules_telemetry | Docs Guild | docs/modules/telemetry | Validate that telemetry module docs reflect the new storage stack and isolation rules. | Ops checklist from DVDO0103 | DOTL0101 |
| TELEMETRY-DOCS-0001 | DONE (2025-11-30) | 2025-11-30 | SPRINT_330_docs_modules_telemetry | Docs Guild | docs/modules/telemetry | Validate that telemetry module docs reflect the new storage stack and isolation rules. | Ops checklist from DVDO0103 | DOTL0101 |
| TELEMETRY-ENG-0001 | DONE (2025-11-30) | 2025-11-30 | SPRINT_330_docs_modules_telemetry | Module Team | docs/modules/telemetry | Ensure milestones stay in sync with telemetry sprints in `docs/implplan`. | TLTY0101 API review | DOTL0101 |
| TELEMETRY-OBS-51-001 | DONE (2025-11-27) | 2025-11-27 | SPRINT_0170_0001_0001_notifications_telemetry | Telemetry Core Guild | src/Telemetry/StellaOps.Telemetry.Core | Golden-signal metrics with cardinality guards and exemplars shipped. | 51-002 | TLTY0101 |
| TELEMETRY-OBS-51-002 | DONE (2025-11-27) | 2025-11-27 | SPRINT_0170_0001_0001_notifications_telemetry | Telemetry Core Guild | src/Telemetry/StellaOps.Telemetry.Core | Scrubbing/redaction filters + audit overrides delivered. | 51-001 | TLTY0101 |
| TELEMETRY-OBS-55-001 | DONE (2025-11-27) | | SPRINT_0170_0001_0001_notifications_telemetry | Telemetry Core Guild · Observability Guild | src/Telemetry/StellaOps.Telemetry.Core | Incident mode toggle API with sampling/retention tags; activation trail implemented. | 56-001 event schema | TLTY0101 |
| TELEMETRY-OBS-56-001 | DONE (2025-11-27) | | SPRINT_0174_0001_0001_telemetry | Telemetry Core Guild | src/Telemetry/StellaOps.Telemetry.Core | Add sealed-mode telemetry helpers (drift metrics, seal/unseal spans, offline exporters) and ensure hosts can disable external exporters when sealed. Dependencies: TELEMETRY-OBS-55-001. | OBS-55-001 output | TLTY0101 |
| TELEMETRY-OPS-0001 | DONE (2025-11-30) | 2025-11-30 | SPRINT_330_docs_modules_telemetry | Ops Guild | docs/modules/telemetry | Review telemetry runbooks/observability dashboards post-demo. | DVDO0103 deployment notes | DOTL0101 |
| TEN-47-001 | TODO | | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | |
| TEN-48-001 | TODO | | SPRINT_115_concelier_iv | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core | | | |
| TEN-49-001 | TODO | | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | |
| TEST-186-006 | TODO | | SPRINT_0186_0001_0001_record_deterministic_execution | Signing Guild, QA Guild (`src/Signer/StellaOps.Signer.Tests`) | `src/Signer/StellaOps.Signer.Tests` | | | |
| TEST-62-001 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Contract Testing Guild (docs) | | | | |
| TIME-57-001 | TODO | | SPRINT_0503_0001_0001_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild | | | PROGRAM-STAFF-1001 | |
| TIME-57-002 | TODO | | SPRINT_510_airgap | Exporter Guild · AirGap Time Guild · CLI Guild | src/AirGap/StellaOps.AirGap.Time | PROGRAM-STAFF-1001 | PROGRAM-STAFF-1001 | AGTM0101 |
| TIME-58-001 | TODO | | SPRINT_510_airgap | AirGap Time Guild | src/AirGap/StellaOps.AirGap.Time | AIRGAP-TIME-58-001 | AIRGAP-TIME-58-001 | AGTM0101 |
| TIME-58-002 | TODO | | SPRINT_510_airgap | AirGap Time Guild · Notifications Guild | src/AirGap/StellaOps.AirGap.Time | TIME-58-001 | TIME-58-001 | AGTM0101 |
| TIMELINE-OBS-52-001 | TODO | | SPRINT_160_export_evidence | Timeline Indexer Guild | | Timeline Indexer Guild | | |
| TIMELINE-OBS-52-002 | TODO | | SPRINT_160_export_evidence | Timeline Indexer Guild | | Timeline Indexer Guild | | |
| TIMELINE-OBS-52-003 | TODO | | SPRINT_160_export_evidence | Timeline Indexer Guild | | Timeline Indexer Guild | | |
| TIMELINE-OBS-52-004 | TODO | | SPRINT_160_export_evidence | Timeline Indexer + Security Guilds | | Timeline Indexer + Security Guilds | | |
| TIMELINE-OBS-53-001 | TODO | | SPRINT_160_export_evidence | Timeline Indexer + Evidence Locker Guilds | | Timeline Indexer + Evidence Locker Guilds | | |
| UI-401-027 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | UI Guild · CLI Guild (`src/UI/StellaOps.UI`, `src/Cli/StellaOps.Cli`, `docs/uncertainty/README.md`) | `src/UI/StellaOps.UI`, `src/Cli/StellaOps.Cli`, `docs/uncertainty/README.md` | | | |
| UI-CLI-401-007 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | UI & CLI Guilds (`src/Cli/StellaOps.Cli`, `src/UI/StellaOps.UI`) | `src/Cli/StellaOps.Cli`, `src/UI/StellaOps.UI` | Implement CLI `stella graph explain` + UI explain drawer showing signed call-path, predicates, runtime hits, and DSSE pointers; include counterfactual controls. | | |
| UI-DOCS-0001 | TODO | | SPRINT_331_docs_modules_ui | Docs Guild (docs/modules/ui) | docs/modules/ui | | | |
| UI-ENG-0001 | TODO | | SPRINT_331_docs_modules_ui | Module Team (docs/modules/ui) | docs/modules/ui | | | |
| UI-LNM-22-002 | DONE | 2025-12-04 | SPRINT_0210_0001_0002_ui_ii | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement filters (source, severity bucket, conflict-only, CVSS vector presence) and pagination/lazy loading for large linksets. Docs depend on finalized filtering UX. Dependencies: UI-LNM-22-001. | | |
| UI-LNM-22-003 | DONE | 2025-12-04 | SPRINT_0210_0001_0002_ui_ii | UI Guild, Excititor Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add VEX tab with status/justification summaries, conflict indicators, and export actions. Required for `DOCS-LNM-22-005` coverage of VEX evidence tab. Dependencies: UI-LNM-22-002. | | |
| UI-LNM-22-004 | DONE | 2025-12-04 | SPRINT_0210_0001_0002_ui_ii | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Provide permalink + copy-to-clipboard for selected component/linkset/policy combination; ensure high-contrast theme support. Dependencies: UI-LNM-22-003. | | |
| UI-OPS-0001 | TODO | | SPRINT_331_docs_modules_ui | Ops Guild (docs/modules/ui) | docs/modules/ui | | | |
| UI-ORCH-32-001 | DONE | 2025-12-04 | SPRINT_0210_0001_0002_ui_ii | UI Guild, Console Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Update Console RBAC mappings to surface `Orch.Viewer`, request `orch:read` scope in token flows, and gate dashboard access/messaging accordingly. | | |
| UI-POLICY-13-007 | DONE | 2025-12-04 | SPRINT_0210_0001_0002_ui_ii | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Surface policy confidence metadata (band, age, quiet provenance) on preview and report views. | | |
| UI-POLICY-20-001 | DONE | 2025-12-05 | SPRINT_0210_0001_0002_ui_ii | UI Guild | src/Web/StellaOps.Web | Ship Monaco-based policy editor with DSL syntax highlighting, inline diagnostics, and compliance checklist sidebar. Dependencies: UI-POLICY-13-007. | Depends on Policy DSL schema | |
| UI-POLICY-20-002 | DONE | 2025-12-05 | SPRINT_0210_0001_0002_ui_ii | UI Guild | src/Web/StellaOps.Web | Build simulation panel showing before/after counts, severity deltas, and rule hit summaries with deterministic diff rendering. Dependencies: UI-POLICY-20-001. | Needs 20-001 editor events | |
| UI-POLICY-20-003 | DONE | 2025-12-05 | SPRINT_0210_0001_0002_ui_ii | UI/ProdOps Guild | src/Web/StellaOps.Web | Implement submit/review/approve workflow with comments, approvals log, RBAC. | UI-POLICY-20-002 | UIPD0101 |
| UI-POLICY-20-004 | DONE | 2025-12-05 | SPRINT_0210_0001_0002_ui_ii | UI Guild · Observability Guild | src/Web/StellaOps.Web | Add run viewer dashboards (rule heatmap, VEX wins, suppressions) with filters/export. | UI-POLICY-20-003 | UIPD0101 |
| UI-POLICY-23-001 | DONE | 2025-12-05 | SPRINT_0210_0001_0002_ui_ii | UI Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Deliver Policy Editor workspace with pack list, revision history, and scoped metadata cards. Dependencies: UI-POLICY-20-004. | | |
| UI-POLICY-23-002 | DONE | 2025-12-05 | SPRINT_0210_0001_0002_ui_ii | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement YAML editor with schema validation, lint diagnostics, and live canonicalization preview. Dependencies: UI-POLICY-23-001. | | |
| UI-POLICY-23-003 | DONE | 2025-12-05 | SPRINT_0210_0001_0002_ui_ii | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Build guided rule builder (source preferences, severity mapping, VEX precedence, exceptions) with preview JSON output. Dependencies: UI-POLICY-23-002. | | |
| UI-POLICY-23-004 | DONE | 2025-12-05 | SPRINT_0210_0001_0002_ui_ii | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add review/approval workflow UI: checklists, comments, two-person approval indicator, scope scheduling. Dependencies: UI-POLICY-23-003. | | |
| UI-POLICY-23-005 | DONE | 2025-12-05 | SPRINT_0210_0001_0002_ui_ii | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Integrate simulator panel (SBOM/component/advisory selection), run diff vs active policy, show explain tree and overlays. Dependencies: UI-POLICY-23-004. | | |
| UI-POLICY-23-006 | DONE | 2025-12-05 | SPRINT_0210_0001_0002_ui_ii | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement explain view linking to evidence overlays and exceptions; provide export to JSON/PDF. Dependencies: UI-POLICY-23-005. | | |
| UI-POLICY-27-001 | DOING | 2025-12-06 | SPRINT_0211_0001_0003_ui_iii | UI Guild, Product Ops (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Update Console policy workspace RBAC guards, scope requests, and user messaging to reflect the new Policy Studio roles/scopes (`policy:author/review/approve/operate/audit/simulate`), including Cypress auth stubs and help text. Dependencies: UI-POLICY-23-006. | | |
| UI-SIG-26-001 | BLOCKED | 2025-12-06 | SPRINT_0211_0001_0003_ui_iii | UI Guild, Signals Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add reachability columns/badges to Vulnerability Explorer with filters and tooltips. | | Blocked: deterministic reachability fixtures (columns/badges) not delivered by Signals/Graph. |
| UI-SIG-26-002 | BLOCKED | 2025-12-06 | SPRINT_0211_0001_0003_ui_iii | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Enhance “Why” drawer with call path visualization, reachability timeline, and evidence list. Dependencies: UI-SIG-26-001. | | Blocked pending UI-SIG-26-001 outputs and call-path/timeline fixtures. |
| UI-SIG-26-003 | BLOCKED | 2025-12-06 | SPRINT_0211_0001_0003_ui_iii | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add reachability overlay halos/time slider to SBOM Graph along with state legend. Dependencies: UI-SIG-26-002. | | Blocked: overlays depend on upstream fixtures + perf budget. |
| UI-SIG-26-004 | BLOCKED | 2025-12-06 | SPRINT_0211_0001_0003_ui_iii | UI Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Build Reachability Center view showing asset coverage, missing sensors, and stale facts. Dependencies: UI-SIG-26-003. | | Blocked: coverage/sensor fixtures not available; upstream chain blocked. |
| UNCERTAINTY-POLICY-401-026 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild · Concelier Guild (`docs/policy/dsl.md`, `docs/uncertainty/README.md`) | `docs/policy/dsl.md`, `docs/uncertainty/README.md` | Update policy guidance (Concelier/Excitors) with uncertainty gates (U1/U2/U3), sample YAML rules, and remediation actions. | | |
| UNCERTAINTY-SCHEMA-401-024 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild (`src/Signals/StellaOps.Signals`, `docs/uncertainty/README.md`) | `src/Signals/StellaOps.Signals`, `docs/uncertainty/README.md` | Extend Signals findings with `uncertainty.states[]`, entropy fields, and `riskScore`; emit `FindingUncertaintyUpdated` events and persist evidence per docs. | | |
| UNCERTAINTY-SCORER-401-025 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild (`src/Signals/StellaOps.Signals.Application`, `docs/uncertainty/README.md`) | `src/Signals/StellaOps.Signals.Application`, `docs/uncertainty/README.md` | Implement the entropy-aware risk scorer (`riskScore = base × reach × trust × (1 + entropyBoost)`) and wire it into finding writes. | | |
| UNCERTAINTY-UI-401-027 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | UI Guild · CLI Guild (`src/UI/StellaOps.UI`, `src/Cli/StellaOps.Cli`, `docs/uncertainty/README.md`) | `src/UI/StellaOps.UI`, `src/Cli/StellaOps.Cli`, `docs/uncertainty/README.md` | Surface uncertainty chips/tooltips in the Console (React UI) + CLI output (risk score + entropy states). | | |
| VAL-01 | DOING | 2025-11-01 | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Security Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | | SURFACE-FS-01; SURFACE-ENV-01 | |
| VAL-02 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | | SURFACE-VAL-01; SURFACE-ENV-02; SURFACE-FS-02 | |
| VAL-03 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | | SURFACE-VAL-02 | |
| VAL-04 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Scanner Guild, Zastava Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | | SURFACE-VAL-02 | |
| VAL-05 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Docs Guild (src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation) | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation | | SURFACE-VAL-02 | |
| VERIFY-186-007 | TODO | | SPRINT_0186_0001_0001_record_deterministic_execution | Authority Guild, Provenance Guild (`src/Authority/StellaOps.Authority`, `src/Provenance/StellaOps.Provenance.Attestation`) | `src/Authority/StellaOps.Authority`, `src/Provenance/StellaOps.Provenance.Attestation` | | | |
| VEX-006 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy, Excititor, UI, CLI & Notify Guilds (`docs/modules/excititor/architecture.md`, `src/Cli/StellaOps.Cli`, `src/UI/StellaOps.UI`, `docs/09_API_CLI_REFERENCE.md`) | `docs/modules/excititor/architecture.md`, `src/Cli/StellaOps.Cli`, `src/UI/StellaOps.UI`, `docs/09_API_CLI_REFERENCE.md` | | | |
| VEX-30-001 | BLOCKED | 2025-11-19 | SPRINT_0212_0001_0001_web_i | Console Guild, BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | | | |
| VEX-30-002 | TODO | | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | |
| VEX-30-003 | TODO | | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | |
| VEX-30-004 | TODO | | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | |
| VEX-30-005 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Console Guild (docs) | | | | |
| VEX-30-006 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Policy Guild (docs) | | | | DOVX0101 |
| VEX-30-007 | BLOCKED | | SPRINT_216_web_v | BE-Base Platform Guild, VEX Lens Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | | | DOVX0101 |
| VEX-30-008 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Security Guild (docs) | | | | DOVX0101 |
| VEX-30-009 | DOING | | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, DevOps Guild (docs) | | | | DOVX0101 |
| VEX-401-006 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild (`src/Policy/StellaOps.Policy.Engine`, `src/Policy/__Libraries/StellaOps.Policy`) | `src/Policy/StellaOps.Policy.Engine`, `src/Policy/__Libraries/StellaOps.Policy` | | | DOVX0101 |
| VEX-401-010 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild (`src/Policy/StellaOps.Policy.Engine/Vex`, `docs/modules/policy/architecture.md`, `docs/benchmarks/vex-evidence-playbook.md`) | `src/Policy/StellaOps.Policy.Engine/Vex`, `docs/modules/policy/architecture.md`, `docs/benchmarks/vex-evidence-playbook.md` | | | DOVX0101 |
| VEX-401-011 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | verify | | | | DOVX0101 |
| VEX-401-012 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild (`docs/benchmarks/vex-evidence-playbook.md`, `bench/README.md`) | `docs/benchmarks/vex-evidence-playbook.md`, `bench/README.md` | | | DOVX0101 |
| VEX-401-018 | TODO | | SPRINT_0401_0001_0001_reachability_evidence_chain | Signing Guild (`src/Signer/StellaOps.Signer`, `docs/modules/signer/architecture.md`) | `src/Signer/StellaOps.Signer`, `docs/modules/signer/architecture.md` | | | DOVX0101 |
| VEX-CONSENSUS-LENS-DOCS-0001 | TODO | | SPRINT_332_docs_modules_vex_lens | Docs Guild (docs/modules/vex-lens) | docs/modules/vex-lens | Refresh VEX Lens module docs with consensus workflow guidance and recent release links. | | DOVX0101 |
| VEX-CONSENSUS-LENS-DOCS-0002 | TODO | 2025-11-05 | SPRINT_332_docs_modules_vex_lens | Docs Guild (docs/modules/vex-lens) | docs/modules/vex-lens | Pending DOCS-VEX-30-001..004 to add consensus doc cross-links | | |
| VEX-CONSENSUS-LENS-ENG-0001 | TODO | | SPRINT_332_docs_modules_vex_lens | Module Team (docs/modules/vex-lens) | docs/modules/vex-lens | Sync into ../.. | | |
| VEX-CONSENSUS-LENS-OPS-0001 | TODO | | SPRINT_332_docs_modules_vex_lens | Ops Guild (docs/modules/vex-lens) | docs/modules/vex-lens | Document outputs in ./README.md | | |
| VEX-LENS-ENG-0001 | TODO | | SPRINT_332_docs_modules_vex_lens | Module Team (docs/modules/vex-lens) | docs/modules/vex-lens | Keep module milestones synchronized with VEX Lens sprints listed under `/docs/implplan`. | | |
| VEX-LENS-OPS-0001 | TODO | | SPRINT_332_docs_modules_vex_lens | Ops Guild (docs/modules/vex-lens) | docs/modules/vex-lens | Review VEX Lens runbooks/observability assets post-demo. | | |
| VEXLENS-30-001 | TODO | | SPRINT_115_concelier_iv | Concelier WebService Guild · VEX Lens Guild | src/Concelier/StellaOps.Concelier.WebService | — | — | PLVL0101 |
| VEXLENS-30-002 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | Build product mapping library | VEXLENS-30-001 | PLVL0101 |
| VEXLENS-30-003 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · Issuer Directory Guild | src/VexLens/StellaOps.VexLens | Integrate signature verification | VEXLENS-30-002 | PLVL0101 |
| VEXLENS-30-004 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · Policy Guild | src/VexLens/StellaOps.VexLens | Implement trust weighting engine | VEXLENS-30-003 | PLVL0101 |
| VEXLENS-30-005 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | Implement consensus algorithm producing `consensus_state`, `confidence`, `weights`, `quorum`, `rationale`; support states: NOT_AFFECTED, AFFECTED, FIXED, UNDER_INVESTIGATION, DISPUTED, INCONCLUSIVE | VEXLENS-30-004 | PLVL0101 |
| VEXLENS-30-006 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · Findings Ledger Guild | src/VexLens/StellaOps.VexLens | Materialize consensus projection storage with idempotent workers triggered by VEX/Policy changes; expose change events for downstream consumers | VEXLENS-30-005 | PLVL0101 |
| VEXLENS-30-007 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | Expose APIs | VEXLENS-30-006 | PLVL0101 |
| VEXLENS-30-008 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · Policy Guild | src/VexLens/StellaOps.VexLens | Integrate consensus signals with Policy Engine | VEXLENS-30-007 | PLVL0101 |
| VEXLENS-30-009 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · Observability Guild | src/VexLens/StellaOps.VexLens | Instrument metrics | VEXLENS-30-008 | PLVL0101 |
| VEXLENS-30-010 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · QA Guild | src/VexLens/StellaOps.VexLens | Develop unit/property/integration/load tests | VEXLENS-30-009 | PLVL0101 |
| VEXLENS-30-011 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild · DevOps Guild | src/VexLens/StellaOps.VexLens | Provide deployment manifests, caching configuration, scaling guides, offline kit seeds, and runbooks | VEXLENS-30-010 | PLVL0103 |
| VEXLENS-AIAI-31-001 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | Expose consensus rationale API enhancements (policy factors, issuer details, mapping issues) for Advisory AI conflict explanations | — | PLVL0103 |
| VEXLENS-AIAI-31-002 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | Provide caching hooks for consensus lookups used by Advisory AI | VEXLENS-AIAI-31-001 | PLVL0103 |
| VEXLENS-EXPORT-35-001 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | Provide consensus snapshot API delivering deterministic JSONL (state, confidence, provenance) for exporter mirror bundles | — | PLVL0103 |
| VEXLENS-ORCH-33-001 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | Register `consensus_compute` job type with orchestrator, integrate worker SDK, and expose job planning hooks for consensus batches | — | PLVL0103 |
| VEXLENS-ORCH-34-001 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | VEX Lens Guild | src/VexLens/StellaOps.VexLens | Emit consensus completion events into orchestrator run ledger and provenance chain, including confidence metadata | VEXLENS-ORCH-33-001 | PLVL0103 |
| VULN-29-001 | BLOCKED | 2025-11-19 | SPRINT_0212_0001_0001_web_i | Console Guild, BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | | | |
| VULN-29-002 | TODO | | SPRINT_0123_0001_0005_excititor_v | Excititor WebService Guild (src/Excititor/StellaOps.Excititor.WebService) | src/Excititor/StellaOps.Excititor.WebService | | | |
| VULN-29-003 | TODO | | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | |
| VULN-29-004 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild, Observability Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | |
| VULN-29-005 | TODO | | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | |
| VULN-29-006 | TODO | | SPRINT_0205_0001_0005_cli_v | DevEx/CLI Guild, Docs Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | | | |
| VULN-29-007 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild, Excititor Guild (docs) | | | | |
| VULN-29-008 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild, Concelier Guild (docs) | | | | |
| VULN-29-009 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild, SBOM Service Guild (docs) | | | | |
| VULN-29-010 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild, Observability Guild (docs) | | | | |
| VULN-29-011 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild, Security Guild (docs) | | | | |
| VULN-29-012 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild, Ops Guild (docs) | | | | |
| VULN-29-013 | TODO | | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild, Deployment Guild (docs) | | | | |
| VULN-API-29-001 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Define OpenAPI spec (list/detail/query/simulation/workflow/export), query JSON schema, pagination/grouping contracts, and error codes | | PLVA0101 |
| VULN-API-29-002 | DONE | 2025-11-25 | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Implement list/query endpoints with policy parameter, grouping, server paging, caching, and cost budgets; tests at `tests/TestResults/vuln-explorer/api.trx`. | VULN-API-29-001 | PLVA0101 |
| VULN-API-29-003 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Implement detail endpoint aggregating evidence, policy rationale, paths | VULN-API-29-002 | PLVA0101 |
| VULN-API-29-004 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild, Findings Ledger Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Expose workflow endpoints | VULN-API-29-003 | PLVA0101 |
| VULN-API-29-005 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild, Policy Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Implement simulation endpoint comparing `policy_from` vs `policy_to`, returning diffs without side effects; hook into Policy Engine batch eval | VULN-API-29-004 | PLVA0101 |
| VULN-API-29-006 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Integrate resolver results with Graph Explorer: include shortest path metadata, line up deep-link parameters, expose `paths` array in details | VULN-API-29-005 | PLVA0101 |
| VULN-API-29-007 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild, Security Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Enforce RBAC/ABAC scopes; implement CSRF/anti-forgery checks for Console; secure attachment URLs; audit logging | VULN-API-29-006 | PLVA0102 |
| VULN-API-29-008 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Build export orchestrator producing signed bundles | VULN-API-29-007 | PLVA0102 |
| VULN-API-29-009 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild, Observability Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Instrument metrics | VULN-API-29-008 | PLVA0102 |
| VULN-API-29-010 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild, QA Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Provide unit/integration/perf tests | VULN-API-29-009 | PLVA0102 |
| VULN-API-29-011 | TODO | | SPRINT_0129_0001_0001_policy_reasoning | Vuln Explorer API Guild, DevOps Guild / src/VulnExplorer/StellaOps.VulnExplorer.Api | src/VulnExplorer/StellaOps.VulnExplorer.Api | Package deployment | VULN-API-29-010 | PLVA0102 |
| VULNERABILITY-EXPLORER-DOCS-0001 | TODO | | SPRINT_334_docs_modules_vuln_explorer | Docs Guild (docs/modules/vuln-explorer) | docs/modules/vuln-explorer | Validate Vuln Explorer module docs against latest roadmap/releases and add evidence links. | | DOVL0101 |
| VULNERABILITY-EXPLORER-ENG-0001 | TODO | | SPRINT_334_docs_modules_vuln_explorer | Module Team (docs/modules/vuln-explorer) | docs/modules/vuln-explorer | Keep sprint alignment notes in sync with Vuln Explorer sprints. | | |
| VULNERABILITY-EXPLORER-OPS-0001 | TODO | | SPRINT_334_docs_modules_vuln_explorer | Ops Guild (docs/modules/vuln-explorer) | docs/modules/vuln-explorer | Review runbooks/observability assets after next demo. | | |
| WEB-20-002 | TODO | | SPRINT_0155_0001_0001_scheduler_i | Scheduler WebService Guild (src/Scheduler/StellaOps.Scheduler.WebService) | src/Scheduler/StellaOps.Scheduler.WebService | | | |
| WEB-AIAI-31-001 | TODO | | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Route `/advisory/ai/*` endpoints through gateway with RBAC/ABAC, rate limits, and telemetry headers. | | |
| WEB-AIAI-31-002 | TODO | | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Provide batching job handlers and streaming responses for CLI automation with retry/backoff. Dependencies: WEB-AIAI-31-001. | | |
| WEB-AIAI-31-003 | TODO | | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild, Observability Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Emit metrics/logs (latency, guardrail blocks, validation failures) and forward anonymized prompt hashes to analytics. Dependencies: WEB-AIAI-31-002. | | |
| WEB-AIRGAP-56-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | |
| WEB-AIRGAP-56-002 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | |
| WEB-AIRGAP-57-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild, AirGap Policy Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | |
| WEB-AIRGAP-58-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild, AirGap Importer Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | |
| WEB-AOC-19-002 | DONE (2025-11-30) | | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Ship `ProvenanceBuilder`, checksum utilities, and signature verification helper integrated with guard logging. Cover DSSE/CMS formats with unit tests. Dependencies: WEB-AOC-19-001. | | |
| WEB-AOC-19-003 | TODO | | SPRINT_116_concelier_v | QA Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | |
| WEB-AOC-19-004 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild, QA Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | |
| WEB-AOC-19-005 | TODO | 2025-11-08 | SPRINT_116_concelier_v | Concelier WebService Guild, QA Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | |
| WEB-AOC-19-006 | TODO | 2025-11-08 | SPRINT_116_concelier_v | Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | |
| WEB-AOC-19-007 | TODO | 2025-11-08 | SPRINT_116_concelier_v | Concelier WebService Guild, QA Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | |
| WEB-CONSOLE-23-001 | DONE (2025-11-28) | 2025-11-28 | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild · Product Analytics Guild | src/Web/StellaOps.Web | `/console/dashboard` and `/console/filters` aggregates shipped with tenant scoping, deterministic ordering, and 8 unit tests per sprint Execution Log 2025-11-28. | — | |
| WEB-CONSOLE-23-002 | DOING (2025-12-01) | 2025-12-01 | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild · Scheduler Guild | src/Web/StellaOps.Web | Implementing `/console/status` polling and `/console/runs/{id}/stream` SSE/WebSocket proxy with heartbeat/backoff; awaiting storage cleanup to run tests. Dependencies: WEB-CONSOLE-23-001. | WEB-CONSOLE-23-001 | |
| WEB-CONSOLE-23-003 | BLOCKED | 2025-12-06 | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add `/console/exports` POST/GET routes coordinating evidence bundle creation, streaming CSV/JSON exports, checksum manifest retrieval, and signed attestation references. Ensure requests honor tenant + policy scopes and expose job tracking metadata. Dependencies: WEB-CONSOLE-23-002. | | Waiting on bundle orchestration flow/manifest schema + streaming budget from Policy Guild. |
| WEB-CONSOLE-23-004 | BLOCKED | 2025-12-06 | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement `/console/search` endpoint accepting CVE/GHSA/PURL/SBOM identifiers, performing fan-out queries with caching, ranking, and deterministic tie-breaking. Return typed results for Console navigation; respect result caps and latency SLOs. Dependencies: WEB-CONSOLE-23-003. | | Blocked by WEB-CONSOLE-23-003 contract. |
| WEB-CONSOLE-23-005 | BLOCKED | 2025-12-06 | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild, DevOps Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Serve `/console/downloads` JSON manifest (images, charts, offline bundles) sourced from signed registry metadata; include integrity hashes, release notes links, and offline instructions. Provide caching headers and documentation. Dependencies: WEB-CONSOLE-23-004. | | Blocked by WEB-CONSOLE-23-004; download manifest format not defined. |
| WEB-CONTAINERS-44-001 | DONE | 2025-11-18 | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose `/welcome` state, config discovery endpoint (safe values), and `QUICKSTART_MODE` handling for Console banner; add `/health/liveness`, `/health/readiness`, `/version` if missing. | | |
| WEB-CONTAINERS-45-001 | DONE | 2025-11-19 | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Ensure readiness endpoints reflect DB/queue readiness, add feature flag toggles via config map, and document NetworkPolicy ports. Dependencies: WEB-CONTAINERS-44-001. | | |
| WEB-CONTAINERS-46-001 | DONE | 2025-11-19 | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Provide offline-friendly asset serving (no CDN), allow overriding object store endpoints via env, and document fallback behavior. Dependencies: WEB-CONTAINERS-45-001. | | |
| WEB-EXC-25-001 | BLOCKED | 2025-12-06 | SPRINT_0212_0001_0001_web_i | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement `/exceptions` API (create, propose, approve, revoke, list, history) with validation, pagination, and audit logging. | | Waiting on exception schema + policy scopes and audit requirements. |
| WEB-EXC-25-002 | BLOCKED | 2025-11-30 | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Extend `/policy/effective` and `/policy/simulate` responses to include exception metadata and accept overrides for simulations. Dependencies: WEB-EXC-25-001. | | |
| WEB-EXC-25-003 | TODO | | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild, Platform Events Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Publish `exception.*` events, integrate with notification hooks, enforce rate limits. Dependencies: WEB-EXC-25-002. | | |
| WEB-EXPORT-35-001 | TODO | | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Surface Export Center APIs (profiles/runs/download) through gateway with tenant scoping, streaming support, and viewer/operator scope checks. | | |
| WEB-EXPORT-36-001 | TODO | | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add distribution routes (OCI/object storage), manifest/provenance proxies, and signed URL generation. Dependencies: WEB-EXPORT-35-001. | | |
| WEB-EXPORT-37-001 | TODO | | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose scheduling, retention, encryption parameters, and verification endpoints with admin scope enforcement and audit logs. Dependencies: WEB-EXPORT-36-001. | | |
| WEB-GRAPH-21-001 | BLOCKED | 2025-10-27 | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild, Graph Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add gateway routes for graph versions/viewport/node/path/diff/export endpoints with tenant enforcement, scope checks, and streaming responses; proxy Policy Engine diff toggles without inline logic. Adopt `StellaOpsScopes` constants for RBAC enforcement. | | |
| WEB-GRAPH-21-002 | BLOCKED | 2025-10-27 | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement bbox/zoom/path parameter validation, pagination tokens, and deterministic ordering; add contract tests for boundary conditions. Dependencies: WEB-GRAPH-21-001. | | |
| WEB-GRAPH-21-003 | BLOCKED | 2025-10-27 | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild, QA Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Map graph service errors to `ERR_Graph_*`, support GraphML/JSONL export streaming, and document rate limits. Dependencies: WEB-GRAPH-21-002. | | |
| WEB-GRAPH-21-004 | BLOCKED | 2025-10-27 | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Proxy Policy Engine overlay responses for graph endpoints while keeping gateway stateless; maintain streaming budgets and latency SLOs. Dependencies: WEB-GRAPH-21-003. | | |
| WEB-GRAPH-24-001 | TODO | | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Gateway proxy for Graph API and Policy overlays with RBAC, caching, pagination, ETags, and streaming; zero business logic. Dependencies: WEB-GRAPH-21-004. | | |
| WEB-GRAPH-24-002 | TODO | | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild; SBOM Service Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | `/graph/assets/*` endpoints (snapshots, adjacency, search) with pagination, ETags, and tenant scoping as pure proxy. Dependencies: WEB-GRAPH-24-001. | | |
| WEB-GRAPH-24-003 | TODO | | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Embed AOC summaries from overlay services; gateway does not compute derived severity or hints. Dependencies: WEB-GRAPH-24-002. | | |
| WEB-GRAPH-24-004 | TODO | | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild; Observability Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Collect gateway metrics/logs (tile latency, proxy errors, overlay cache stats) and forward to dashboards; document sampling strategy. Dependencies: WEB-GRAPH-24-003. | | |
| WEB-LNM-21-001 | TODO | | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild, Concelier WebService Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Surface new `/advisories/*` APIs through gateway with caching, pagination, and RBAC enforcement (`advisory:read`). | | |
| WEB-LNM-21-002 | TODO | | SPRINT_0213_0001_0002_web_ii | BE-Base Platform Guild, Excititor WebService Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose `/vex/*` read APIs with evidence routes and export handlers; map `ERR_AGG_*` codes. Dependencies: WEB-LNM-21-001. | | |
| WEB-LNM-21-003 | TODO | | SPRINT_0214_0001_0001_web_iii | BE-Base Platform Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Provide combined endpoint for Console to fetch policy result + source evidence (advisory + VEX linksets) for a component. Dependencies: WEB-LNM-21-002. | | |
| WEB-NOTIFY-38-001 | TODO | | SPRINT_0214_0001_0001_web_iii | BE-Base Platform Guild | src/Web/StellaOps.Web | Route notifier APIs (`/notifications/*`) and WS feed through gateway with tenant scoping, viewer/operator scope enforcement, and SSE/WebSocket bridging. | Depends on #1 for signed ack spec | NOWB0101 |
| WEB-NOTIFY-39-001 | TODO | | SPRINT_0214_0001_0001_web_iii | BE-Base Platform Guild | src/Web/StellaOps.Web | Surface digest scheduling, quiet-hour/throttle management, and simulation APIs; ensure rate limits and audit logging. Dependencies: WEB-NOTIFY-38-001. | WEB-NOTIFY-38-001 | NOWB0101 |
| WEB-NOTIFY-40-001 | TODO | | SPRINT_0214_0001_0001_web_iii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose escalation, localization, channel health, and ack verification endpoints with admin scope enforcement and signed token validation. Dependencies: WEB-NOTIFY-39-001. | | |
| WEB-OAS-61-001 | TODO | | SPRINT_0124_0001_0006_excititor_vi | Excititor WebService Guild (src/Excititor/StellaOps.Excititor.WebService) | src/Excititor/StellaOps.Excititor.WebService | | | |
| WEB-OAS-61-002 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | |
| WEB-OAS-62-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | |
| WEB-OAS-63-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild, API Governance Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | | | |
| WEB-OBS-50-001 | TODO | | SPRINT_0214_0001_0001_web_iii | BE-Base Platform Guild, Observability Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Integrate `StellaOps.Telemetry.Core` into gateway host, replace ad-hoc logging, ensure all routes emit trace/span IDs, tenant context, and scrubbed payload previews. | | |
| WEB-OBS-51-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Paired with #1 for shared middleware | Paired with #1 for shared middleware | CNOB0102 |
| WEB-OBS-52-001 | TODO | | SPRINT_116_concelier_v | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Dependent on CLI/VEX readiness (035_CLCI0105) for payload format | Dependent on CLI/VEX readiness (035_CLCI0105) for payload format | CNOB0102 |
| WEB-OBS-53-001 | TODO | | SPRINT_117_concelier_vi | Concelier WebService Guild · Evidence Locker Guild | src/Concelier/StellaOps.Concelier.WebService | Needs Evidence Locker API spec from 002_ATEL0101 | Needs Evidence Locker API spec from 002_ATEL0101 | CNOB0102 |
| WEB-OBS-54-001 | TODO | | SPRINT_117_concelier_vi | Concelier WebService Guild | src/Concelier/StellaOps.Concelier.WebService | Relies on shared exporter (1039_EXPORT-OBS-54-001) | Relies on shared exporter (1039_EXPORT-OBS-54-001) | CNOB0102 |
| WEB-OBS-55-001 | TODO | | SPRINT_117_concelier_vi | Concelier WebService Guild · DevOps Guild | src/Concelier/StellaOps.Concelier.WebService | Wait for DevOps alert profiles (045_DVDO0103) | Wait for DevOps alert profiles (045_DVDO0103) | CNOB0102 |
| WEB-OBS-56-001 | TODO | | SPRINT_0214_0001_0001_web_iii | BE-Base Platform Guild, AirGap Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Extend telemetry core integration to expose sealed/unsealed status APIs, drift metrics, and Console widgets without leaking sealed-mode secrets. Dependencies: WEB-OBS-55-001. | | |
| WEB-ORCH-32-001 | TODO | | SPRINT_0214_0001_0001_web_iii | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose `/orchestrator/sources | | |
| WEB-ORCH-33-001 | TODO | | SPRINT_0215_0001_0004_web_iv | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add POST action routes (`pause. Dependencies: WEB-ORCH-32-001. | | |
| WEB-ORCH-34-001 | TODO | | SPRINT_0215_0001_0004_web_iv | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Surface quotas/backfill APIs, queue/backpressure metrics, and error clustering routes with admin scope enforcement and audit logging. Dependencies: WEB-ORCH-33-001. | | |
| WEB-POLICY-20-001 | TODO | | SPRINT_0215_0001_0004_web_iv | BE-Base Platform Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement Policy CRUD/compile/run/simulate/findings/explain endpoints with OpenAPI, tenant scoping, and service identity enforcement. | | |
| WEB-POLICY-20-002 | TODO | | SPRINT_0215_0001_0004_web_iv | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add pagination, filtering, sorting, and tenant guards to listings for policies, runs, and findings; include deterministic ordering and query diagnostics. Dependencies: WEB-POLICY-20-001. | | |
| WEB-POLICY-20-003 | TODO | | SPRINT_0215_0001_0004_web_iv | BE-Base Platform Guild, QA Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Map engine errors to `ERR_POL_*` responses with consistent payloads and contract tests; expose correlation IDs in headers. Dependencies: WEB-POLICY-20-002. | | |
| WEB-POLICY-20-004 | TODO | | SPRINT_0215_0001_0004_web_iv | Platform Reliability Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Introduce adaptive rate limiting + quotas for simulation endpoints, expose metrics, and document retry headers. Dependencies: WEB-POLICY-20-003. | | |
| WEB-POLICY-23-001 | BLOCKED | 2025-10-29 | SPRINT_0215_0001_0004_web_iv | BE-Base Platform Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement API endpoints for creating/listing/fetching policy packs and revisions (`/policy/packs`, `/policy/packs/{id}/revisions`) with pagination, RBAC, and AOC metadata exposure. (Tracked via Sprint 18.5 gateway tasks.). Dependencies: WEB-POLICY-20-004. | | |
| WEB-POLICY-23-002 | BLOCKED | 2025-10-29 | SPRINT_0215_0001_0004_web_iv | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add activation endpoint with scope windows, conflict checks, and optional 2-person approval integration; emit events on success. (Tracked via Sprint 18.5 gateway tasks.). Dependencies: WEB-POLICY-23-001. | | |
| WEB-POLICY-23-003 | TODO | | SPRINT_0215_0001_0004_web_iv | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Provide `/policy/simulate` and `/policy/evaluate` endpoints with streaming responses, rate limiting, and error mapping. Dependencies: WEB-POLICY-23-002. | | |
| WEB-POLICY-23-004 | TODO | | SPRINT_0215_0001_0004_web_iv | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose explain history endpoints (`/policy/runs`, `/policy/runs/{id}`) including decision tree, sources consulted, and AOC chain. Dependencies: WEB-POLICY-23-003. | | |
| WEB-POLICY-27-001 | TODO | | SPRINT_0215_0001_0004_web_iv | BE-Base Platform Guild | src/Web/StellaOps.Web | Surface Policy Registry APIs (`/policy/workspaces`, `/policy/versions`, `/policy/reviews`, `/policy/registry`) with tenant scoping, RBAC, validation. | WEB-POLICY-23-004 | WEPO0101 |
| WEB-POLICY-27-002 | TODO | | SPRINT_0215_0001_0004_web_iv | BE-Base Platform Guild | src/Web/StellaOps.Web | Implement review lifecycle endpoints (open/comment/approve/reject) with audit headers + webhooks. | WEB-POLICY-27-001 | WEPO0101 |
| WEB-POLICY-27-003 | TODO | | SPRINT_0215_0001_0004_web_iv | Platform Reliability Guild | src/Web/StellaOps.Web | Provide quick/batch simulation endpoints with SSE progress + result pagination. | WEB-POLICY-27-002 | WEPO0101 |
| WEB-POLICY-27-004 | TODO | | SPRINT_0215_0001_0004_web_iv | BE/Security Guild | src/Web/StellaOps.Web | Add publish/sign/promote/rollback endpoints w/ idempotent request IDs, canary params, scope enforcement, events. | WEB-POLICY-27-003 | WEPO0101 |
| WEB-POLICY-27-005 | TODO | | SPRINT_0215_0001_0004_web_iv | BE/Observability Guild | src/Web/StellaOps.Web | Instrument metrics/logs for compile latency, simulation queue, approval latency, promotion actions. | WEB-POLICY-27-004 | WEPO0101 |
| WEB-RISK-66-001 | BLOCKED (2025-12-03) | | SPRINT_216_web_v | BE-Base Platform Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose risk profile/results endpoints through gateway with tenant scoping, pagination, and rate limiting. | | npm ci hangs; gateway endpoints unavailable. |
| WEB-RISK-66-002 | BLOCKED | 2025-12-06 | SPRINT_216_web_v | BE-Base Platform Guild, Risk Engine Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add signed URL handling for explanation blobs and enforce scope checks. Dependencies: WEB-RISK-66-001. | | Blocked by WEB-RISK-66-001. |
| WEB-RISK-67-001 | BLOCKED | 2025-12-06 | SPRINT_216_web_v | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Provide aggregated risk stats (`/risk/status`) for Console dashboards (counts per severity, last computation). Dependencies: WEB-RISK-66-002. | | Blocked by WEB-RISK-66-002. |
| WEB-RISK-68-001 | BLOCKED | 2025-12-06 | SPRINT_216_web_v | BE-Base Platform Guild, Notifications Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Emit events on severity transitions via gateway to notifier bus with trace metadata. Dependencies: WEB-RISK-67-001. | | Blocked by WEB-RISK-67-001. |
| WEB-SIG-26-001 | BLOCKED | 2025-12-06 | SPRINT_216_web_v | BE-Base Platform Guild, Signals Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Surface `/signals/callgraphs`, `/signals/facts` read/write endpoints with pagination, ETags, and RBAC. | | Blocked: Signals API contract/fixtures not published. |
| WEB-SIG-26-002 | BLOCKED | 2025-12-06 | SPRINT_216_web_v | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Extend `/policy/effective` and `/vuln/explorer` responses to include reachability scores/states and allow filtering. Dependencies: WEB-SIG-26-001. | | Blocked by WEB-SIG-26-001. |
| WEB-SIG-26-003 | BLOCKED | 2025-12-06 | SPRINT_216_web_v | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Add reachability override parameters to `/policy/simulate` and related APIs for what-if analysis. Dependencies: WEB-SIG-26-002. | | Blocked by WEB-SIG-26-002. |
| WEB-TEN-47-001 | TODO | | SPRINT_216_web_v | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Implement JWT verification, tenant activation from headers, scope matching, and decision audit emission for all API endpoints. | | |
| WEB-TEN-48-001 | TODO | | SPRINT_216_web_v | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Set DB session `stella.tenant_id`, enforce tenant/project checks on persistence, prefix object storage paths, and stamp audit metadata. Dependencies: WEB-TEN-47-001. | | |
| WEB-TEN-49-001 | TODO | | SPRINT_216_web_v | BE-Base Platform Guild, Policy Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Integrate optional ABAC overlay with Policy Engine, expose `/audit/decisions` API, and support service token minting endpoints. Dependencies: WEB-TEN-48-001. | | |
| WEB-VEX-30-007 | BLOCKED | 2025-12-06 | SPRINT_216_web_v | BE-Base Platform Guild, VEX Lens Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Route `/vex/consensus` APIs with tenant RBAC/ABAC, caching, and streaming; surface telemetry and trace IDs without gateway-side overlay logic. | | Blocked: tenant RBAC/ABAC policies + VEX consensus stream contract not finalized. |
| WEB-VULN-29-001 | BLOCKED | 2025-12-06 | SPRINT_216_web_v | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Expose `/vuln/*` endpoints via gateway with tenant scoping, RBAC/ABAC enforcement, anti-forgery headers, and request logging. | | Blocked: tenant scoping model/ABAC overlay not implemented; upstream risk chain stalled. |
| WEB-VULN-29-002 | BLOCKED | 2025-12-06 | SPRINT_216_web_v | BE-Base Platform Guild, Findings Ledger Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Forward workflow actions to Findings Ledger with idempotency headers and correlation IDs; handle retries/backoff. Dependencies: WEB-VULN-29-001. | | Blocked by WEB-VULN-29-001 and awaiting Findings Ledger idempotency headers wiring. |
| WEB-VULN-29-003 | BLOCKED | 2025-12-06 | SPRINT_216_web_v | BE-Base Platform Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Provide simulation and export orchestration routes with SSE/progress headers, signed download links, and request budgeting. Dependencies: WEB-VULN-29-002. | | Blocked by WEB-VULN-29-002 and orchestrator/export contracts. |
| WEB-VULN-29-004 | BLOCKED | 2025-12-06 | SPRINT_216_web_v | BE-Base Platform Guild, Observability Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web | Emit gateway metrics/logs (latency, error rates, export duration), propagate query hashes for analytics dashboards. Dependencies: WEB-VULN-29-003. | | Blocked by WEB-VULN-29-003; observability specs not delivered. |
| WORKER-21-203 | TODO | | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | |
| WORKER-23-101 | TODO | | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | |
| WORKER-23-102 | TODO | | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | |
| WORKER-25-101 | TODO | | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | |
| WORKER-25-102 | TODO | | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | |
| WORKER-26-201 | TODO | | SPRINT_0155_0001_0001_scheduler_i | Scheduler Worker Guild, Signals Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | |
| WORKER-26-202 | TODO | | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | |
| WORKER-27-301 | TODO | | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Policy Registry Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | |
| WORKER-27-302 | TODO | | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | |
| WORKER-27-303 | TODO | | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Security Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | |
| WORKER-29-001 | TODO | | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Findings Ledger Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | |
| WORKER-29-002 | TODO | | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | |
| WORKER-29-003 | TODO | | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | |
| WORKER-CONSOLE-23-201 | TODO | | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | |
| WORKER-CONSOLE-23-202 | TODO | | SPRINT_0156_0001_0002_scheduler_ii | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker) | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker | | | |
| WORKER-GO-32-001 | DONE | | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | Bootstrap Go SDK project with configuration binding, auth headers, job claim/acknowledge client, and smoke sample. | | |
| WORKER-GO-32-002 | DONE | | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | Add heartbeat/progress helpers, structured logging hooks, Prometheus metrics, and jittered retry defaults. Dependencies: WORKER-GO-32-001. | | |
| WORKER-GO-33-001 | DONE | | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | Implement artifact publish helpers (object storage client, checksum hashing, metadata payload) and idempotency guard. Dependencies: WORKER-GO-32-002. | | |
| WORKER-GO-33-002 | DONE | | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | Provide error classification/retry helper, exponential backoff controls, and structured failure reporting to orchestrator. Dependencies: WORKER-GO-33-001. | | |
| WORKER-GO-34-001 | DONE | | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go | Add backfill range execution helpers, watermark handshake utilities, and artifact dedupe verification for backfills. Dependencies: WORKER-GO-33-002. | | |
| WORKER-PY-32-001 | DONE | | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | Bootstrap asyncio-based Python SDK (config, auth headers, job claim/ack) plus sample worker script. | | |
| WORKER-PY-32-002 | DONE | | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | Implement heartbeat/progress helpers with structured logging, metrics exporter, and cancellation-safe retries. Dependencies: WORKER-PY-32-001. | | |
| WORKER-PY-33-001 | DONE | | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | Add artifact publish/idempotency helpers (object storage adapters, checksum hashing, metadata payload) for Python workers. Dependencies: WORKER-PY-32-002. | | |
| WORKER-PY-33-002 | DONE | | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | Provide error classification/backoff helper mapping to orchestrator codes, including jittered retries and structured failure reports. Dependencies: WORKER-PY-33-001. | | |
| WORKER-PY-34-001 | DONE | | SPRINT_0153_0001_0003_orchestrator_iii | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python) | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python | Implement backfill range iteration, watermark handshake, and artifact dedupe verification utilities for Python workers. Dependencies: WORKER-PY-33-002. | | |
| ZAS-002 | TODO | | SPRINT_400_runtime_facts_static_callgraph_union | Zastava Observer Guild (`src/Zastava/StellaOps.Zastava.Observer`, `docs/modules/zastava/architecture.md`, `docs/reachability/function-level-evidence.md`) | `src/Zastava/StellaOps.Zastava.Observer`, `docs/modules/zastava/architecture.md`, `docs/reachability/function-level-evidence.md` | | | |
| ZASTAVA-DOCS-0001 | TODO | | SPRINT_335_docs_modules_zastava | Docs Guild (docs/modules/zastava) | docs/modules/zastava | See ./AGENTS.md | | |
| ZASTAVA-ENG-0001 | TODO | | SPRINT_335_docs_modules_zastava | Module Team (docs/modules/zastava) | docs/modules/zastava | Update status via ./AGENTS.md workflow | | |
| ZASTAVA-ENV-01 | TODO | | SPRINT_0140_0001_0001_runtime_signals | | | Observer adoption of Surface.Env helpers paused while Surface.FS cache contract finalizes. | | |
| ZASTAVA-ENV-02 | TODO | | SPRINT_0140_0001_0001_runtime_signals | | | Webhook helper migration follows ENV-01 completion. | | |
| ZASTAVA-OPS-0001 | TODO | | SPRINT_335_docs_modules_zastava | Ops Guild (docs/modules/zastava) | docs/modules/zastava | Sync outcomes back to ../.. | | |
| ZASTAVA-REACH-201-001 | TODO | | SPRINT_400_runtime_facts_static_callgraph_union | Zastava Observer Guild (`src/Zastava/StellaOps.Zastava.Observer`) | `src/Zastava/StellaOps.Zastava.Observer` | Implement runtime symbol sampling in `StellaOps.Zastava.Observer` (EntryTrace-aware shell AST + build-id capture) and stream ND-JSON batches to Signals `/runtime-facts`, including CAS pointers for traces. Update runbook + config references. | | |
| ZASTAVA-SECRETS-01 | TODO | | SPRINT_0140_0001_0001_runtime_signals | | | Surface.Secrets wiring for Observer pending published cache endpoints. | | |
| ZASTAVA-SECRETS-02 | TODO | | SPRINT_0140_0001_0001_runtime_signals | | | Webhook secret retrieval cascades from SECRETS-01 work. | | |
| ZASTAVA-SURFACE-01 | TODO | | SPRINT_0140_0001_0001_runtime_signals | | | Surface.FS client integration blocked on Scanner layer metadata; tests ready once packages mirror offline dependencies. | | |
| ZASTAVA-SURFACE-02 | TODO | | SPRINT_0136_0001_0001_scanner_surface | Zastava Observer Guild (src/Zastava/StellaOps.Zastava.Observer) | src/Zastava/StellaOps.Zastava.Observer | Use Surface manifest reader helpers to resolve `cas://` pointers and enrich drift diagnostics with manifest provenance. | SURFACE-FS-02; ZASTAVA-SURFACE-01 | |
| guard unit tests` | TODO | | SPRINT_116_concelier_v | QA Guild (src/Concelier/StellaOps.Concelier.WebService) | src/Concelier/StellaOps.Concelier.WebService | Add unit tests for schema validators, forbidden-field guards (`ERR_AOC_001/2/6/7`), and supersedes chains to keep ingestion append-only. Depends on CONCELIER-WEB-AOC-19-002. | | |
| store wiring` | TODO | | SPRINT_113_concelier_ii | Concelier Storage Guild (src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo) | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo | Move large raw payloads to object storage with deterministic pointers, update bootstrapper/offline kit seeds, and guarantee provenance metadata remains intact. Depends on CONCELIER-LNM-21-102. | | NOTY0105 |
| DOCS-OBS-50-003 | DONE (2025-11-25) | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild, Observability Guild (docs) | docs/observability | Create `/docs/observability/logging.md` covering structured log schema, dos/don'ts, tenant isolation, and copyable examples. Dependencies: DOCS-OBS-50-002. | Waiting on observability ADR from 066_PLOB0101 | DOOB0101 |
| DOCS-OBS-50-003 | DONE (2025-11-25) | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild, Observability Guild (docs) | | Create `/docs/observability/logging.md` covering structured log schema, dos/don'ts, tenant isolation, and copyable examples. Dependencies: DOCS-OBS-50-002. | Waiting on observability ADR from 066_PLOB0101 | DOOB0101 |
| DOCS-OBS-50-004 | DONE (2025-11-25) | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild, Observability Guild (docs) | | Draft `/docs/observability/tracing.md` explaining context propagation, async linking, CLI header usage, and sampling strategies. Dependencies: DOCS-OBS-50-003. | — | DOOB0101 |
| DOCS-OBS-51-001 | DONE (2025-11-25) | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild, DevOps Guild (docs) | | Publish `/docs/observability/metrics-and-slos.md` cataloging metrics, SLO targets, burn rate policies, and alert runbooks. Dependencies: DOCS-OBS-50-004. | — | DOOB0101 |
| DOCS-ORCH-32-001 | DONE (2025-11-25) | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | docs/orchestrator/overview.md | Author `/docs/orchestrator/overview.md` covering mission, roles, AOC alignment, governance, with imposed rule reminder. | — | DOOR0102 |
| DOCS-ORCH-32-002 | DONE (2025-11-25) | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | docs/orchestrator/architecture.md | Author `/docs/orchestrator/architecture.md` detailing scheduler, DAGs, rate limits, data model, message bus, storage layout, restating imposed rule. Dependencies: DOCS-ORCH-32-001. | — | DOOR0102 |
| DOCS-ORCH-33-001 | DONE (2025-11-25) | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | docs/orchestrator/api.md | Publish `/docs/orchestrator/api.md` (REST/WebSocket endpoints, payloads, error codes) with imposed rule note. Dependencies: DOCS-ORCH-32-002. | — | DOOR0102 |
| DOCS-ORCH-33-002 | DONE (2025-11-25) | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | docs/orchestrator/console.md | Publish `/docs/orchestrator/console.md` covering screens, a11y, live updates, control actions, reiterating imposed rule. Dependencies: DOCS-ORCH-33-001. | — | DOOR0102 |
| DOCS-ORCH-33-003 | DONE (2025-11-25) | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | docs/orchestrator/cli.md | Publish `/docs/orchestrator/cli.md` documenting commands, options, exit codes, streaming output, offline usage, and imposed rule. Dependencies: DOCS-ORCH-33-002. | — | DOOR0102 |
| DOCS-ORCH-34-001 | DONE (2025-11-25) | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | docs/orchestrator/run-ledger.md | Author `/docs/orchestrator/run-ledger.md` covering ledger schema, provenance chain, audit workflows, with imposed rule reminder. Dependencies: DOCS-ORCH-33-003. | — | DOOR0102 |
| DOCS-ORCH-34-002 | DONE (2025-11-25) | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | docs/security/secrets-handling.md | Update `/docs/security/secrets-handling.md` for orchestrator KMS refs, redaction badges, operator hygiene, reiterating imposed rule. Dependencies: DOCS-ORCH-34-001. | — | DOOR0102 |
| DOCS-ORCH-34-003 | DONE (2025-11-25) | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | docs/operations/orchestrator-runbook.md | Publish `/docs/operations/orchestrator-runbook.md` (incident playbook, backfill guide, circuit breakers, throttling) with imposed rule statement. Dependencies: DOCS-ORCH-34-002. | — | DOOR0102 |
| DOCS-ORCH-34-004 | DONE (2025-11-25) | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | docs/schemas/artifacts.md | Document `/docs/schemas/artifacts.md` describing artifact kinds, schema versions, hashing, storage layout, restating imposed rule. Dependencies: DOCS-ORCH-34-003. | — | DOOR0102 |
| DOCS-ORCH-34-005 | DONE (2025-11-25) | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild (docs) | docs/slo/orchestrator-slo.md | Author `/docs/slo/orchestrator-slo.md` defining SLOs, burn alerts, measurement, and reiterating imposed rule. Dependencies: DOCS-ORCH-34-004. | — | DOOR0102 |
| DOCS-OAS-62-001 | DONE (2025-11-25) | | SPRINT_0306_0001_0006_docs_tasks_md_vi | Docs Guild, Developer Portal Guild (docs) | docs/api/reference/README.md | Stand up `/docs/api/reference/` auto-generated site; integrate with portal nav. Dependencies: DOCS-OAS-61-003. | — | DOOA0101 |
| CI RECIPES-DOCS-0001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0315_0001_0001_docs_modules_ci | Docs Guild (docs/modules/ci) | docs/modules/ci | Update module charter docs (AGENTS/README/architecture/implementation_plan) with determinism + offline posture; sprint normalized. | — | |
| CI RECIPES-ENG-0001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0315_0001_0001_docs_modules_ci | Module Team (docs/modules/ci) | docs/modules/ci | Establish TASKS board and status mirroring rules for CI Recipes contributors. | CI RECIPES-DOCS-0001 | |
| CI RECIPES-OPS-0001 | DONE (2025-11-25) | 2025-11-25 | SPRINT_0315_0001_0001_docs_modules_ci | Ops Guild (docs/modules/ci) | docs/modules/ci | Sync outcomes back to sprint + legacy filename stub; ensure references resolve to normalized sprint path. | CI RECIPES-DOCS-0001; CI RECIPES-ENG-0001 | |
| WEB-TEN-47-CONTRACT | DONE (2025-12-01) | 2025-12-01 | SPRINT_0216_0001_0001_web_v | BE-Base Platform Guild | docs/api/gateway/tenant-auth.md | Publish gateway routing + tenant header/ABAC contract (headers, scopes, samples, audit notes). | — | — |
| WEB-VULN-29-LEDGER-DOC | DONE (2025-12-01) | 2025-12-01 | SPRINT_0216_0001_0001_web_v | Findings Ledger Guild · BE-Base Platform Guild | docs/api/gateway/findings-ledger-proxy.md | Capture idempotency + correlation header contract for Findings Ledger proxy and retries/backoff defaults. | — | — |
| WEB-RISK-68-NOTIFY-DOC | DONE (2025-12-01) | 2025-12-01 | SPRINT_0216_0001_0001_web_v | Notifications Guild · BE-Base Platform Guild | docs/api/gateway/notifications-severity.md | Document severity transition event schema (fields, trace metadata) for notifier bus integration. | — | — |
Reference in New Issue View Git Blame Copy Permalink