master
96d52884e8
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
- Implemented PolicyDslValidator with command-line options for strict mode and JSON output. - Created PolicySchemaExporter to generate JSON schemas for policy-related models. - Developed PolicySimulationSmoke tool to validate policy simulations against expected outcomes. - Added project files and necessary dependencies for each tool. - Ensured proper error handling and usage instructions across tools.
64 KiB
64 KiB
Docs Guild Task Board (UTC 2025-10-10)
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|---|---|---|---|---|---|
| DOC7.README-INDEX | DONE (2025-10-17) | Docs Guild | — | Refresh index docs (docs/README.md + root README) after architecture dossier split and Offline Kit overhaul. | ✅ ToC reflects new component architecture docs; ✅ root README highlights updated doc set; ✅ Offline Kit guide linked correctly. |
| DOC4.AUTH-PDG | DONE (2025-10-19) | Docs Guild, Plugin Team | PLG6.DOC | Copy-edit docs/dev/31_AUTHORITY_PLUGIN_DEVELOPER_GUIDE.md, export lifecycle diagram, add LDAP RFC cross-link. |
✅ PR merged with polish; ✅ Diagram committed; ✅ Slack handoff posted. |
| DOC1.AUTH | DONE (2025-10-12) | Docs Guild, Authority Core | CORE5B.DOC | Draft docs/11_AUTHORITY.md covering architecture, configuration, bootstrap flows. |
✅ Architecture + config sections approved by Core; ✅ Samples reference latest options; ✅ Offline note added. |
| DOC3.Concelier-Authority | DONE (2025-10-12) | Docs Guild, DevEx | FSR4 | Polish operator/runbook sections (DOC3/DOC5) to document Concelier authority rollout, bypass logging, and enforcement checklist. | ✅ DOC3/DOC5 updated with audit runbook references; ✅ enforcement deadline highlighted; ✅ Docs guild sign-off. |
| DOC5.Concelier-Runbook | DONE (2025-10-12) | Docs Guild | DOC3.Concelier-Authority | Produce dedicated Concelier authority audit runbook covering log fields, monitoring recommendations, and troubleshooting steps. | ✅ Runbook published; ✅ linked from DOC3/DOC5; ✅ alerting guidance included. |
| FEEDDOCS-DOCS-05-001 | DONE (2025-10-11) | Docs Guild | FEEDMERGE-ENGINE-04-001, FEEDMERGE-ENGINE-04-002 | Publish Concelier conflict resolution runbook covering precedence workflow, merge-event auditing, and Sprint 3 metrics. | ✅ docs/ops/concelier-conflict-resolution.md committed; ✅ metrics/log tables align with latest merge code; ✅ Ops alert guidance handed to Concelier team. |
| FEEDDOCS-DOCS-05-002 | DONE (2025-10-16) | Docs Guild, Concelier Ops | FEEDDOCS-DOCS-05-001 | Ops sign-off captured: conflict runbook circulated, alert thresholds tuned, and rollout decisions documented in change log. | ✅ Ops review recorded; ✅ alert thresholds finalised using docs/ops/concelier-authority-audit-runbook.md; ✅ change-log entry linked from runbook once GHSA/NVD/OSV regression fixtures land. |
| DOCS-ADR-09-001 | DONE (2025-10-19) | Docs Guild, DevEx | — | Establish ADR process (docs/adr/0000-template.md) and document usage guidelines. |
Template published; README snippet linking ADR process; announcement posted (docs/updates/2025-10-18-docs-guild.md). |
| DOCS-EVENTS-09-002 | DONE (2025-10-19) | Docs Guild, Platform Events | SCANNER-EVENTS-15-201 | Publish event schema catalog (docs/events/) for scanner.report.ready@1, scheduler.rescan.delta@1, attestor.logged@1. |
Schemas validated (Ajv CI hooked); docs/events/README summarises usage; Platform Events notified via docs/updates/2025-10-18-docs-guild.md. |
| DOCS-EVENTS-09-003 | DONE (2025-10-19) | Docs Guild | DOCS-EVENTS-09-002 | Add human-readable envelope field references and canonical payload samples for published events, including offline validation workflow. | Tables explain common headers/payload segments; versioned sample payloads committed; README links to validation instructions and samples. |
| DOCS-EVENTS-09-004 | DONE (2025-10-19) | Docs Guild, Scanner WebService | SCANNER-EVENTS-15-201 | Refresh scanner event docs to mirror DSSE-backed report fields, document scanner.scan.completed, and capture canonical sample validation. |
Schemas updated for new payload shape; README references DSSE reuse and validation test; samples align with emitted events. |
| PLATFORM-EVENTS-09-401 | DONE (2025-10-21) | Platform Events Guild | DOCS-EVENTS-09-003 | Embed canonical event samples into contract/integration tests and ensure CI validates payloads against published schemas. | Notify models tests now run schema validation against docs/events/*.json, event schemas allow optional attributes, and docs capture the new validation workflow. |
| RUNTIME-GUILD-09-402 | DONE (2025-10-19) | Runtime Guild | SCANNER-POLICY-09-107 | Confirm Scanner WebService surfaces quietedFindingCount and progress hints to runtime consumers; document readiness checklist. |
Runtime verification run captures enriched payload; checklist/doc updates merged; stakeholders acknowledge availability. |
| DOCS-CONCELIER-07-201 | DONE (2025-10-22) | Docs Guild, Concelier WebService | FEEDWEB-DOCS-01-001 | Final editorial review and publish pass for Concelier authority toggle documentation (Quickstart + operator guide). | Review feedback resolved, publish PR merged, release notes updated with documentation pointer. |
| DOCS-RUNTIME-17-004 | DONE (2025-10-26) | Docs Guild, Runtime Guild | SCANNER-EMIT-17-701, ZASTAVA-OBS-17-005, DEVOPS-REL-17-002 | Document build-id workflows: SBOM exposure, runtime event payloads (process.buildId), Scanner /policy/runtime response (buildIds list), debug-store layout, and operator guidance for symbol retrieval. |
Architecture + operator docs updated with build-id sections (Observer, Scanner, CLI), examples show readelf output + debuginfod usage, references linked from Offline Kit/Release guides + CLI help. |
| DOCS-OBS-50-001 | BLOCKED (2025-10-26) | Docs Guild, Observability Guild | TELEMETRY-OBS-50-001 | Publish /docs/observability/overview.md introducing scope, imposed rule banner, architecture diagram, and tenant guarantees. |
Doc merged with imposed rule banner; diagram committed; cross-links to telemetry stack + evidence locker docs. |
Blocked: waiting on telemetry core deliverable (TELEMETRY-OBS-50-001) to finalise architecture details and diagrams. | DOCS-OBS-50-002 | TODO | Docs Guild, Security Guild | TELEMETRY-OBS-50-002 | Author
/docs/observability/telemetry-standards.mddetailing common fields, scrubbing policy, sampling defaults, and redaction override procedure. | Doc merged; imposed rule banner present; examples validated with telemetry fixtures; security review sign-off captured. | | DOCS-OBS-50-003 | TODO | Docs Guild, Observability Guild | TELEMETRY-OBS-50-001 | Create/docs/observability/logging.mdcovering structured log schema, dos/don'ts, tenant isolation, and copyable examples. | Doc merged with banner; sample logs redacted; lint passes; linked from coding standards. | | DOCS-OBS-50-004 | TODO | Docs Guild, Observability Guild | TELEMETRY-OBS-50-002 | Draft/docs/observability/tracing.mdexplaining context propagation, async linking, CLI header usage, and sampling strategies. | Doc merged; imposed rule banner included; diagrams updated; references to CLI/Console features added. | | DOCS-OBS-51-001 | TODO | Docs Guild, DevOps Guild | WEB-OBS-51-001, DEVOPS-OBS-51-001 | Publish/docs/observability/metrics-and-slos.mdcataloging metrics, SLO targets, burn rate policies, and alert runbooks. | Doc merged with banner; SLO tables verified; alert workflows linked to incident runbook. | | DOCS-SEC-OBS-50-001 | TODO | Docs Guild, Security Guild | TELEMETRY-OBS-51-002 | Update/docs/security/redaction-and-privacy.mdto cover telemetry privacy controls, tenant opt-in debug, and imposed rule reminder. | Doc merged; redaction matrix updated; banner present; security sign-off recorded. | | DOCS-INSTALL-50-001 | TODO | Docs Guild, DevOps Guild | DEVOPS-OBS-50-003 | Add/docs/install/telemetry-stack.mdwith collector deployment, exporter options, offline kit notes, and imposed rule banner. | Doc merged; install steps verified on air-gapped profile; banner present; screenshots attached. | | DOCS-FORENSICS-53-001 | TODO | Docs Guild, Evidence Locker Guild | EVID-OBS-53-003 | Publish/docs/forensics/evidence-locker.mddescribing bundle formats, WORM options, retention, legal hold, and imposed rule banner. | Doc merged; manifest examples validated; banner present; legal hold steps aligned with API. | | DOCS-FORENSICS-53-002 | TODO | Docs Guild, Provenance Guild | PROV-OBS-54-001 | Release/docs/forensics/provenance-attestation.mdcovering DSSE schema, signing process, verification workflow, and imposed rule banner. | Doc merged; sample statements reference fixtures; banner included; verification steps tested. | | DOCS-FORENSICS-53-003 | TODO | Docs Guild, Timeline Indexer Guild | TIMELINE-OBS-52-003 | Publish/docs/forensics/timeline.mdwith schema, event kinds, filters, query examples, and imposed rule banner. | Doc merged; query examples validated; banner present; linked from Console/CLI docs. | | DOCS-CONSOLE-OBS-52-001 | TODO | Docs Guild, Console Guild | CONSOLE-OBS-51-001 | Document/docs/console/observability.mdshowcasing Observability Hub widgets, trace/log search, imposed rule banner, and accessibility tips. | Doc merged; screenshots updated; banner present; navigation steps verified. | | DOCS-CONSOLE-OBS-52-002 | TODO | Docs Guild, Console Guild | CONSOLE-OBS-52-002, CONSOLE-OBS-53-001 | Publish/docs/console/forensics.mdcovering timeline explorer, evidence viewer, attestation verifier, imposed rule banner, and troubleshooting. | Doc merged; banner included; workflows validated via Playwright capture; troubleshooting section populated. | | DOCS-CLI-OBS-52-001 | TODO | Docs Guild, DevEx/CLI Guild | CLI-OBS-52-001 | Create/docs/cli/observability.mddetailingstella obscommands, examples, exit codes, imposed rule banner, and scripting tips. | Doc merged; examples tested; banner included; CLI parity matrix updated. | | DOCS-CLI-FORENSICS-53-001 | TODO | Docs Guild, DevEx/CLI Guild | CLI-FORENSICS-54-001 | Publish/docs/cli/forensics.mdfor snapshot/verify/attest commands with sample outputs, imposed rule banner, and offline workflows. | Doc merged; sample bundles verified; banner present; offline notes cross-linked. | | DOCS-RUNBOOK-55-001 | TODO | Docs Guild, Ops Guild | DEVOPS-OBS-55-001, WEB-OBS-55-001 | Author/docs/runbooks/incidents.mddescribing incident mode activation, escalation steps, retention impact, verification checklist, and imposed rule banner. | Doc merged; runbook rehearsed; banner included; linked from alerts. | | DOCS-AOC-19-001 | DONE (2025-10-26) | Docs Guild, Concelier Guild | CONCELIER-WEB-AOC-19-001, EXCITITOR-WEB-AOC-19-001 | Author/docs/ingestion/aggregation-only-contract.mdcovering philosophy, invariants, schemas, error codes, migration, observability, and security checklist. | New doc published with compliance checklist; cross-links from existing docs added. | | DOCS-AOC-19-002 | DONE (2025-10-26) | Docs Guild, Architecture Guild | DOCS-AOC-19-001 | Update/docs/architecture/overview.mdto include AOC boundary, raw stores, and sequence diagram (fetch → guard → raw insert → policy evaluation). | Overview doc updated with diagrams/text; lint passes; stakeholders sign off. | | DOCS-AOC-19-003 | DONE (2025-10-26) | Docs Guild, Policy Guild | POLICY-AOC-19-003 | Refresh/docs/architecture/policy-engine.mdclarifying ingestion boundary, raw inputs, and policy-only derived data. | Doc highlights raw-only ingestion contract, updated diagrams merge, compliance checklist added. | | DOCS-AOC-19-004 | DONE (2025-10-26) | Docs Guild, UI Guild | UI-AOC-19-001 | Extend/docs/ui/console.mdwith Sources dashboard tiles, violation drill-down workflow, and verification action. | UI doc updated with screenshots/flow descriptions, compliance checklist appended. | DOCS-AOC-19-004: Architecture overview & policy-engine updates landed 2025-10-26; incorporate the new AOC boundary diagrams and metrics references. | DOCS-AOC-19-005 | DONE (2025-10-26) | Docs Guild, CLI Guild | CLI-AOC-19-003 | Update/docs/cli/cli-reference.mdwithstella sources ingest --dry-runandstella aoc verifyusage, exit codes, and offline notes. | CLI reference + quickstart sections updated; examples validated; compliance checklist added. | DOCS-AOC-19-005: New ingestion reference + architecture overview published 2025-10-26; ensure CLI docs link to both and surface AOC exit codes mapping. | DOCS-AOC-19-006 | DONE (2025-10-26) | Docs Guild, Observability Guild | CONCELIER-WEB-AOC-19-002, EXCITITOR-WEB-AOC-19-002 | Document new metrics/traces/log keys in/docs/observability/observability.md. | Observability doc lists new metrics/traces/log fields; dashboards referenced; compliance checklist appended. | | DOCS-AOC-19-007 | DONE (2025-10-26) | Docs Guild, Authority Core | AUTH-AOC-19-001 | Update/docs/security/authority-scopes.mdwith new ingestion scopes and tenancy enforcement notes. | Doc reflects new scopes, sample policies updated, compliance checklist added. | | DOCS-AOC-19-008 | DONE (2025-10-26) | Docs Guild, DevOps Guild | DEVOPS-AOC-19-002 | Refresh/docs/deploy/containers.mdto cover validator enablement, guard env flags, and read-only verify user. | Deploy doc updated; offline kit section mentions validator scripts; compliance checklist appended. | | DOCS-AOC-19-009 | DONE (2025-10-26) | Docs Guild, Authority Core | AUTH-AOC-19-001 | Update AOC docs/samples to reflect newadvisory:*,vex:*, andaoc:verifyscopes. | Docs reference new scopes, samples aligned, compliance checklist updated. |
Air-Gapped Mode (Epic 16)
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|---|---|---|---|---|---|
| DOCS-AIRGAP-56-001 | TODO | Docs Guild, AirGap Controller Guild | AIRGAP-CTL-56-002 | Publish /docs/airgap/overview.md outlining modes, lifecycle, responsibilities, and imposed rule banner. |
Doc merged; banner present; diagrams included. |
| DOCS-AIRGAP-56-002 | TODO | Docs Guild, DevOps Guild | DEVOPS-AIRGAP-56-001 | Author /docs/airgap/sealing-and-egress.md covering network policies, EgressPolicy facade usage, and verification steps. |
Doc merged; examples validated; banner included. |
| DOCS-AIRGAP-56-003 | TODO | Docs Guild, Exporter Guild | EXPORT-AIRGAP-56-001 | Create /docs/airgap/mirror-bundles.md describing bundle format, DSSE/TUF/Merkle validation, creation/import workflows. |
Doc merged; sample commands verified; banner present. |
| DOCS-AIRGAP-56-004 | TODO | Docs Guild, Deployment Guild | DEVOPS-AIRGAP-56-003 | Publish /docs/airgap/bootstrap.md detailing Bootstrap Pack creation, validation, and install procedures. |
Doc merged; checklist appended; screenshots verified. |
| DOCS-AIRGAP-57-001 | TODO | Docs Guild, AirGap Time Guild | AIRGAP-TIME-58-001 | Write /docs/airgap/staleness-and-time.md explaining time anchors, drift policies, staleness budgets, and UI indicators. |
Doc merged; math checked; banner included. |
| DOCS-AIRGAP-57-002 | TODO | Docs Guild, Console Guild | CONSOLE-AIRGAP-57-001 | Publish /docs/console/airgap.md covering sealed badge, import wizard, staleness dashboards. |
Doc merged; screenshots captured; banner present. |
| DOCS-AIRGAP-57-003 | TODO | Docs Guild, CLI Guild | CLI-AIRGAP-57-001 | Publish /docs/cli/airgap.md documenting commands, examples, exit codes. |
Doc merged; examples validated; banner present. |
| DOCS-AIRGAP-57-004 | TODO | Docs Guild, Ops Guild | DEVOPS-AIRGAP-56-002 | Create /docs/airgap/operations.md with runbooks for imports, failure recovery, and auditing. |
Doc merged; runbooks rehearsed; banner included. |
| DOCS-AIRGAP-58-001 | TODO | Docs Guild, Product Guild | CONSOLE-AIRGAP-58-002 | Provide /docs/airgap/degradation-matrix.md enumerating feature availability, fallbacks, remediation. |
Doc merged; matrix reviewed; banner included. |
| DOCS-AIRGAP-58-002 | TODO | Docs Guild, Security Guild | PROV-OBS-54-001 | Update /docs/security/trust-and-signing.md with DSSE/TUF roots, rotation, and signed time tokens. |
Doc merged; security sign-off recorded; banner present. |
| DOCS-AIRGAP-58-003 | TODO | Docs Guild, DevEx Guild | AIRGAP-POL-56-001 | Publish /docs/dev/airgap-contracts.md describing EgressPolicy usage, sealed-mode tests, linting. |
Doc merged; sample code validated; banner included. |
| DOCS-AIRGAP-58-004 | TODO | Docs Guild, Evidence Locker Guild | EVID-OBS-55-001 | Document /docs/airgap/portable-evidence.md for exporting/importing portable evidence bundles across enclaves. |
Doc merged; verification steps tested; banner present. |
SDKs & OpenAPI (Epic 17)
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|---|---|---|---|---|---|
| DOCS-OAS-61-001 | TODO | Docs Guild, API Contracts Guild | OAS-61-002 | Publish /docs/api/overview.md covering auth, tenancy, pagination, idempotency, rate limits with banner. |
Doc merged; examples validated; banner present. |
| DOCS-OAS-61-002 | TODO | Docs Guild, API Governance Guild | APIGOV-61-001 | Author /docs/api/conventions.md capturing naming, errors, filters, sorting, examples. |
Doc merged; lint passes; banner included. |
| DOCS-OAS-61-003 | TODO | Docs Guild, API Governance Guild | APIGOV-63-001 | Publish /docs/api/versioning.md describing SemVer, deprecation headers, migration playbooks. |
Doc merged; example headers validated; banner present. |
| DOCS-OAS-62-001 | TODO | Docs Guild, Developer Portal Guild | DEVPORT-62-002 | Stand up /docs/api/reference/ auto-generated site; integrate with portal nav. |
Reference site builds; search works; banner included. |
| DOCS-SDK-62-001 | TODO | Docs Guild, SDK Generator Guild | SDKGEN-63-001 | Publish /docs/sdks/overview.md plus language guides (typescript.md, python.md, go.md, java.md). |
Docs merged; code samples pulled from tested examples; banner present. |
| DOCS-DEVPORT-62-001 | TODO | Docs Guild, Developer Portal Guild | DEVPORT-62-001 | Document /docs/devportal/publishing.md for build pipeline, offline bundle steps. |
Doc merged; cross-links validated; banner included. |
| DOCS-CONTRIB-62-001 | TODO | Docs Guild, API Governance Guild | APIGOV-61-001 | Publish /docs/contributing/api-contracts.md detailing how to edit OAS, lint rules, compatibility checks. |
Doc merged; banner present; examples validated. |
| DOCS-TEST-62-001 | TODO | Docs Guild, Contract Testing Guild | CONTR-62-001 | Author /docs/testing/contract-testing.md covering mock server, replay tests, golden fixtures. |
Doc merged; references to tooling validated; banner present. |
| DOCS-SEC-62-001 | TODO | Docs Guild, Authority Core | AUTH-AIRGAP-56-001 | Update /docs/security/auth-scopes.md with OAuth2/PAT scopes, tenancy header usage. |
Doc merged; scope tables verified; banner included. |
| DOCS-AIRGAP-DEVPORT-64-001 | TODO | Docs Guild, DevPortal Offline Guild | DVOFF-64-001 | Create /docs/airgap/devportal-offline.md describing offline bundle usage and verification. |
Doc merged; verification steps tested; banner present. |
Risk Profiles (Epic 18)
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|---|---|---|---|---|---|
| DOCS-RISK-66-001 | TODO | Docs Guild, Risk Profile Schema Guild | POLICY-RISK-66-001 | Publish /docs/risk/overview.md covering concepts and glossary. |
Doc merged with banner; terminology reviewed. |
| DOCS-RISK-66-002 | TODO | Docs Guild, Policy Guild | POLICY-RISK-66-003 | Author /docs/risk/profiles.md (authoring, versioning, scope). |
Doc merged; schema examples validated; banner present. |
| DOCS-RISK-66-003 | TODO | Docs Guild, Risk Engine Guild | RISK-ENGINE-67-001 | Publish /docs/risk/factors.md cataloging signals, transforms, reducers, TTLs. |
Document merged; tables verified; banner included. |
| DOCS-RISK-66-004 | TODO | Docs Guild, Risk Engine Guild | RISK-ENGINE-66-002 | Create /docs/risk/formulas.md detailing math, normalization, gating, severity. |
Doc merged; equations rendered; banner present. |
| DOCS-RISK-67-001 | TODO | Docs Guild, Risk Engine Guild | RISK-ENGINE-68-001 | Publish /docs/risk/explainability.md showing artifact schema and UI screenshots. |
Doc merged; CLI examples validated; banner included. |
| DOCS-RISK-67-002 | TODO | Docs Guild, API Guild | POLICY-RISK-67-002 | Produce /docs/risk/api.md with endpoint reference/examples. |
Doc merged; OAS examples synced; banner present. |
| DOCS-RISK-67-003 | TODO | Docs Guild, Console Guild | CONSOLE-RISK-66-001 | Document /docs/console/risk-ui.md for authoring, simulation, dashboards. |
Doc merged; screenshots updated; banner included. |
| DOCS-RISK-67-004 | TODO | Docs Guild, CLI Guild | CLI-RISK-66-001 | Publish /docs/cli/risk.md covering CLI workflows. |
Doc merged; command examples validated; banner present. |
| DOCS-RISK-68-001 | TODO | Docs Guild, Export Guild | RISK-BUNDLE-69-001 | Add /docs/airgap/risk-bundles.md for offline factor bundles. |
Doc merged; verification steps confirmed; banner included. |
| DOCS-RISK-68-002 | TODO | Docs Guild, Security Guild | POLICY-RISK-66-003 | Update /docs/security/aoc-invariants.md with risk scoring provenance guarantees. |
Doc merged; audit references updated; banner present. |
Attestor Console (Epic 19)
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|---|---|---|---|---|---|
| DOCS-ATTEST-73-001 | TODO | Docs Guild, Attestor Service Guild | ATTEST-TYPES-73-001 | Publish /docs/attestor/overview.md with imposed rule banner. |
Doc merged; terminology validated. |
| DOCS-ATTEST-73-002 | TODO | Docs Guild, Attestation Payloads Guild | ATTEST-TYPES-73-002 | Write /docs/attestor/payloads.md with schemas/examples. |
Doc merged; examples validated via tests. |
| DOCS-ATTEST-73-003 | TODO | Docs Guild, Policy Guild | POLICY-ATTEST-73-002 | Publish /docs/attestor/policies.md covering verification policies. |
Doc merged; policy examples validated. |
| DOCS-ATTEST-73-004 | TODO | Docs Guild, Attestor Service Guild | ATTESTOR-73-002 | Add /docs/attestor/workflows.md detailing ingest, verify, bulk operations. |
Doc merged; workflows tested. |
| DOCS-ATTEST-74-001 | TODO | Docs Guild, KMS Guild | KMS-73-001 | Publish /docs/attestor/keys-and-issuers.md. |
Doc merged; rotation guidance verified. |
| DOCS-ATTEST-74-002 | TODO | Docs Guild, Transparency Guild | TRANSP-74-001 | Document /docs/attestor/transparency.md with witness usage/offline validation. |
Doc merged; proofs validated. |
| DOCS-ATTEST-74-003 | TODO | Docs Guild, Attestor Console Guild | CONSOLE-ATTEST-73-001 | Write /docs/console/attestor-ui.md with screenshots/workflows. |
Doc merged; screenshots captured; banner present. |
| DOCS-ATTEST-74-004 | TODO | Docs Guild, CLI Attestor Guild | CLI-ATTEST-73-001 | Publish /docs/cli/attest.md covering CLI usage. |
Doc merged; commands validated. |
| DOCS-ATTEST-75-001 | TODO | Docs Guild, Export Attestation Guild | EXPORT-ATTEST-75-002 | Add /docs/attestor/airgap.md for attestation bundles. |
Doc merged; verification steps confirmed. |
| DOCS-ATTEST-75-002 | TODO | Docs Guild, Security Guild | ATTESTOR-73-002 | Update /docs/security/aoc-invariants.md with attestation invariants. |
Doc merged; invariants detailed. |
Policy Engine v2
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|---|---|---|---|---|---|
| DOCS-POLICY-20-001 | DONE (2025-10-26) | Docs Guild, Policy Guild | POLICY-ENGINE-20-000 | Author /docs/policy/overview.md covering concepts, inputs/outputs, determinism, and compliance checklist. |
Doc published with diagrams + glossary; lint passes; checklist included. |
| DOCS-POLICY-20-002 | DONE (2025-10-26) | Docs Guild, Policy Guild | POLICY-ENGINE-20-001 | Write /docs/policy/dsl.md with grammar, built-ins, examples, anti-patterns. |
DSL doc includes grammar tables, examples, compliance checklist; validated against parser tests. |
| DOCS-POLICY-20-003 | DONE (2025-10-26) | Docs Guild, Authority Core | AUTH-POLICY-20-001 | Publish /docs/policy/lifecycle.md describing draft→approve workflow, roles, audit, compliance list. |
Lifecycle doc linked from UI/CLI help; approvals roles documented; checklist appended. |
| DOCS-POLICY-20-004 | DONE (2025-10-26) | Docs Guild, Scheduler Guild | SCHED-MODELS-20-001 | Create /docs/policy/runs.md detailing run modes, incremental mechanics, cursors, replay. |
Run doc includes sequence diagrams + compliance checklist; cross-links to scheduler docs. |
| DOCS-POLICY-20-005 | DONE (2025-10-26) | Docs Guild, BE-Base Platform Guild | WEB-POLICY-20-001 | Draft /docs/api/policy.md describing endpoints, schemas, error codes. |
API doc validated against OpenAPI; examples included; checklist appended. |
| DOCS-POLICY-20-006 | DONE (2025-10-26) | Docs Guild, DevEx/CLI Guild | CLI-POLICY-20-002 | Produce /docs/cli/policy.md with command usage, exit codes, JSON output contracts. |
CLI doc includes examples, exit codes, compliance checklist. |
| DOCS-POLICY-20-007 | DONE (2025-10-26) | Docs Guild, UI Guild | UI-POLICY-20-001 | Document /docs/ui/policy-editor.md covering editor, simulation, diff workflows, approvals. |
UI doc includes screenshots/placeholders, accessibility notes, compliance checklist. |
| DOCS-POLICY-20-008 | DONE (2025-10-26) | Docs Guild, Architecture Guild | POLICY-ENGINE-20-003 | Write /docs/architecture/policy-engine.md (new epic content) with sequence diagrams, selection strategy, schema. |
Architecture doc merged with diagrams; compliance checklist appended; references updated. |
| DOCS-POLICY-20-009 | DONE (2025-10-26) | Docs Guild, Observability Guild | POLICY-ENGINE-20-007 | Add /docs/observability/policy.md for metrics/traces/logs, sample dashboards. |
Observability doc includes metrics tables, dashboard screenshots, checklist. |
| DOCS-POLICY-20-010 | DONE (2025-10-26) | Docs Guild, Security Guild | AUTH-POLICY-20-002 | Publish /docs/security/policy-governance.md covering scopes, approvals, tenancy, least privilege. |
Security doc merged; compliance checklist appended; reviewed by Security Guild. |
| DOCS-POLICY-20-011 | DONE (2025-10-26) | Docs Guild, Policy Guild | POLICY-ENGINE-20-001 | Populate /docs/examples/policies/ with baseline/serverless/internal-only samples and commentary. |
Example policies committed with explanations; lint passes; compliance checklist per file. |
| DOCS-POLICY-20-012 | DONE (2025-10-26) | Docs Guild, Support Guild | WEB-POLICY-20-003 | Draft /docs/faq/policy-faq.md addressing common pitfalls, VEX conflicts, determinism issues. |
FAQ published with Q/A entries, cross-links, compliance checklist. |
Graph Explorer v1
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|---|
Link-Not-Merge v1
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|---|---|---|---|---|---|
| DOCS-LNM-22-001 | TODO | Docs Guild, Concelier Guild | CONCELIER-LNM-21-001..003 | Author /docs/advisories/aggregation.md covering observation vs linkset, conflict handling, AOC requirements, and reviewer checklist. |
Doc merged with examples + checklist; lint passes. |
| DOCS-LNM-22-002 | TODO | Docs Guild, Excititor Guild | EXCITITOR-LNM-21-001..003 | Publish /docs/vex/aggregation.md describing VEX observation/linkset model, product matching, conflicts. |
Doc merged with fixtures; checklist appended. |
| DOCS-LNM-22-003 | TODO | Docs Guild, BE-Base Platform Guild | WEB-LNM-21-001..003 | Update /docs/api/advisories.md and /docs/api/vex.md for new endpoints, parameters, errors, exports. |
API docs aligned with OpenAPI; examples validated. |
| DOCS-LNM-22-004 | TODO | Docs Guild, Policy Guild | POLICY-ENGINE-40-001 | Create /docs/policy/effective-severity.md detailing severity selection strategies from multiple sources. |
Doc merged with policy examples; checklist included. |
| DOCS-LNM-22-005 | TODO | Docs Guild, UI Guild | UI-LNM-22-001..003 | Document /docs/ui/evidence-panel.md with screenshots, conflict badges, accessibility guidance. |
UI doc merged; accessibility checklist completed. |
StellaOps Console (Sprint 23)
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|---|---|---|---|---|---|
| DOCS-CONSOLE-23-001 | DONE (2025-10-26) | Docs Guild, Console Guild | CONSOLE-CORE-23-004 | Publish /docs/ui/console-overview.md covering IA, tenant model, global filters, and AOC alignment with compliance checklist. |
Doc merged with diagrams + overview tables; checklist appended; Console Guild sign-off. |
| DOCS-CONSOLE-23-002 | DONE (2025-10-26) | Docs Guild, Console Guild | DOCS-CONSOLE-23-001 | Author /docs/ui/navigation.md detailing routes, breadcrumbs, keyboard shortcuts, deep links, and tenant context switching. |
Navigation doc merged with shortcut tables and screenshots; accessibility checklist satisfied. |
| DOCS-CONSOLE-23-003 | DONE (2025-10-26) | Docs Guild, SBOM Service Guild, Console Guild | SBOM-CONSOLE-23-001, CONSOLE-FEAT-23-102 | Document /docs/ui/sbom-explorer.md (catalog, detail, graph overlays, exports) including compliance checklist and performance tips. |
Doc merged with annotated screenshots, export instructions, and overlay examples; checklist appended. |
| DOCS-CONSOLE-23-004 | DONE (2025-10-26) | Docs Guild, Concelier Guild, Excititor Guild | CONCELIER-CONSOLE-23-001, EXCITITOR-CONSOLE-23-001 | Produce /docs/ui/advisories-and-vex.md explaining aggregation-not-merge, conflict indicators, raw viewers, and provenance banners. |
Doc merged; raw JSON examples included; compliance checklist complete. |
| DOCS-CONSOLE-23-005 | DONE (2025-10-26) | Docs Guild, Policy Guild | POLICY-CONSOLE-23-001, CONSOLE-FEAT-23-104 | Write /docs/ui/findings.md describing filters, saved views, explain drawer, exports, and CLI parity callouts. |
Doc merged with filter matrix + explain walkthrough; checklist appended. |
| DOCS-CONSOLE-23-006 | DONE (2025-10-26) | Docs Guild, Policy Guild, Product Ops | POLICY-CONSOLE-23-002, CONSOLE-FEAT-23-105 | Publish /docs/ui/policies.md with editor, simulation, approvals, compliance checklist, and RBAC mapping. |
Doc merged; Monaco screenshots + simulation diff examples included; approval flow described; checklist appended. |
| DOCS-CONSOLE-23-007 | DONE (2025-10-26) | Docs Guild, Scheduler Guild | SCHED-CONSOLE-23-001, CONSOLE-FEAT-23-106 | Document /docs/ui/runs.md covering queues, live progress, diffs, retries, evidence downloads, and troubleshooting. |
Doc merged with SSE troubleshooting, metrics references, compliance checklist. |
| DOCS-CONSOLE-23-008 | DONE (2025-10-26) | Docs Guild, Authority Guild | AUTH-CONSOLE-23-002, CONSOLE-FEAT-23-108 | Draft /docs/ui/admin.md describing users/roles, tenants, tokens, integrations, fresh-auth prompts, and RBAC mapping. |
Doc merged with tables for scopes vs roles, screenshots, compliance checklist. |
| DOCS-CONSOLE-23-009 | DONE (2025-10-27) | Docs Guild, DevOps Guild | DOWNLOADS-CONSOLE-23-001, CONSOLE-FEAT-23-109 | Publish /docs/ui/downloads.md listing product images, commands, offline instructions, parity with CLI, and compliance checklist. |
Doc merged; manifest sample included; copy-to-clipboard guidance documented; checklist complete. |
| DOCS-CONSOLE-23-010 | DONE (2025-10-27) | Docs Guild, Deployment Guild, Console Guild | DEVOPS-CONSOLE-23-002, CONSOLE-REL-23-301 | Write /docs/deploy/console.md (Helm, ingress, TLS, CSP, env vars, health checks) with compliance checklist. |
Deploy doc merged; templates validated; CSP guidance included; checklist appended. |
| DOCS-CONSOLE-23-011 | DOING (2025-10-27) | Docs Guild, Deployment Guild | DOCS-CONSOLE-23-010 | Update /docs/install/docker.md to cover Console image, Compose/Helm usage, offline tarballs, parity with CLI. |
Doc updated with new sections; commands validated; compliance checklist appended. |
| DOCS-CONSOLE-23-012 | TODO | Docs Guild, Security Guild | AUTH-CONSOLE-23-003, WEB-CONSOLE-23-002 | Publish /docs/security/console-security.md detailing OIDC flows, scopes, CSP, fresh-auth, evidence handling, and compliance checklist. |
Security doc merged; threat model notes included; checklist appended. |
| DOCS-CONSOLE-23-013 | TODO | Docs Guild, Observability Guild | TELEMETRY-CONSOLE-23-001, CONSOLE-QA-23-403 | Write /docs/observability/ui-telemetry.md cataloguing metrics/logs/traces, dashboards, alerts, and feature flags. |
Doc merged with instrumentation tables, dashboard screenshots, checklist appended. |
| DOCS-CONSOLE-23-014 | TODO | Docs Guild, Console Guild, CLI Guild | CONSOLE-DOC-23-502 | Maintain /docs/cli-vs-ui-parity.md matrix and integrate CI check guidance. |
Matrix published with parity status, CI workflow documented, compliance checklist appended. |
| DOCS-CONSOLE-23-015 | TODO | Docs Guild, Architecture Guild | CONSOLE-CORE-23-001, WEB-CONSOLE-23-001 | Produce /docs/architecture/console.md describing frontend packages, data flow diagrams, SSE design, performance budgets. |
Architecture doc merged with diagrams + compliance checklist; reviewers approve. |
| DOCS-CONSOLE-23-016 | TODO | Docs Guild, Accessibility Guild | CONSOLE-QA-23-402, CONSOLE-FEAT-23-102 | Refresh /docs/accessibility.md with Console-specific keyboard flows, color tokens, testing tools, and compliance checklist updates. |
Accessibility doc updated; audits referenced; checklist appended. |
| DOCS-CONSOLE-23-017 | TODO | Docs Guild, Console Guild | CONSOLE-FEAT-23-101..109 | Create /docs/examples/ui-tours.md providing triage, audit, policy rollout walkthroughs with annotated screenshots and GIFs. |
UI tours doc merged; media assets stored; compliance checklist appended. |
| DOCS-LNM-22-006 | TODO | Docs Guild, Architecture Guild | CONCELIER-LNM-21-001..005, EXCITITOR-LNM-21-001..005 | Refresh /docs/architecture/conseiller.md and /docs/architecture/excitator.md describing observation/linkset pipelines and event contracts. |
Architecture docs updated with diagrams; checklist appended. |
| DOCS-LNM-22-007 | TODO | Docs Guild, Observability Guild | CONCELIER-LNM-21-005, EXCITITOR-LNM-21-005, DEVOPS-LNM-22-002 | Publish /docs/observability/aggregation.md with metrics/traces/logs/SLOs. |
Observability doc merged; dashboards referenced; checklist appended. |
| DOCS-LNM-22-008 | TODO | Docs Guild, DevOps Guild | MERGE-LNM-21-001, CONCELIER-LNM-21-102 | Write /docs/migration/no-merge.md describing migration plan, backfill steps, rollback, feature flags. |
Migration doc approved by stakeholders; checklist appended. |
Policy Engine + Editor v1
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|---|---|---|---|---|---|
| DOCS-POLICY-23-001 | TODO | Docs Guild, Policy Guild | POLICY-SPL-23-001..003 | Author /docs/policy/overview.md describing SPL philosophy, layering, and glossary with reviewer checklist. |
Doc merged; lint passes; checklist appended. |
| DOCS-POLICY-23-002 | TODO | Docs Guild, Policy Guild | POLICY-SPL-23-001 | Write /docs/policy/spl-v1.md (language reference, JSON Schema, examples). |
Reference published with schema snippets; checklist completed. |
| DOCS-POLICY-23-003 | TODO | Docs Guild, Policy Guild | POLICY-ENGINE-50-001..004 | Produce /docs/policy/runtime.md covering compiler, evaluator, caching, events, SLOs. |
Runtime doc merged with diagrams; observability references included. |
| DOCS-POLICY-23-004 | TODO | Docs Guild, UI Guild | UI-POLICY-23-001..006 | Document /docs/policy/editor.md (UI walkthrough, validation, simulation, approvals). |
Editor doc merged with screenshots; accessibility checklist satisfied. |
| DOCS-POLICY-23-005 | TODO | Docs Guild, Security Guild | AUTH-POLICY-23-001..002 | Publish /docs/policy/governance.md (roles, scopes, approvals, signing, exceptions). |
Governance doc merged; checklist appended. |
| DOCS-POLICY-23-006 | TODO | Docs Guild, BE-Base Platform Guild | WEB-POLICY-23-001..004 | Update /docs/api/policy.md with new endpoints, schemas, errors, pagination. |
API doc aligns with OpenAPI; examples validated; checklist included. |
| DOCS-POLICY-23-007 | TODO | Docs Guild, DevEx/CLI Guild | CLI-POLICY-23-004..006 | Update /docs/cli/policy.md for lint/simulate/activate/history commands, exit codes. |
CLI doc updated; samples verified; checklist appended. |
| DOCS-POLICY-23-008 | TODO | Docs Guild, Architecture Guild | POLICY-ENGINE-50-005..006 | Refresh /docs/architecture/policy-engine.md with data model, sequence diagrams, event flows. |
Architecture doc merged with diagrams; checklist appended. |
| DOCS-POLICY-23-009 | TODO | Docs Guild, DevOps Guild | MERGE-LNM-21-001, DEVOPS-LNM-22-001 | Create /docs/migration/policy-parity.md covering dual-run parity plan and rollback. |
Migration doc approved; checklist appended. |
| DOCS-POLICY-23-010 | TODO | Docs Guild, UI Guild | UI-POLICY-23-006 | Write /docs/ui/explainers.md showing explain trees, evidence overlays, interpretation guidance. |
Doc merged with annotated screenshots; checklist appended. |
Graph & Vuln Explorer v1
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|---|---|---|---|---|---|
| DOCS-GRAPH-24-001 | TODO | Docs Guild, UI Guild | UI-GRAPH-24-001..006 | Author /docs/ui/sbom-graph-explorer.md detailing overlays, filters, saved views, accessibility, and AOC visibility. |
Doc merged; screenshots included; checklist appended. |
| DOCS-GRAPH-24-002 | TODO | Docs Guild, UI Guild | UI-GRAPH-24-005 | Publish /docs/ui/vulnerability-explorer.md covering table usage, grouping, fix suggestions, Why drawer. |
Doc merged with annotated images; accessibility checklist satisfied. |
| DOCS-GRAPH-24-003 | TODO | Docs Guild, SBOM Service Guild | SBOM-GRAPH-24-001..003 | Create /docs/architecture/graph-index.md describing data model, ingestion pipeline, caches, events. |
Architecture doc merged with diagrams; checklist appended. |
| DOCS-GRAPH-24-004 | TODO | Docs Guild, BE-Base Platform Guild | WEB-GRAPH-24-001..003 | Document /docs/api/graph.md and /docs/api/vuln.md avec endpoints, parameters, errors, RBAC. |
API docs aligned with OpenAPI; examples validated; checklist appended. |
| DOCS-GRAPH-24-005 | TODO | Docs Guild, DevEx/CLI Guild | CLI-GRAPH-24-001..003 | Update /docs/cli/graph-and-vuln.md covering new CLI commands, exit codes, scripting. |
CLI doc merged; examples tested; checklist appended. |
| DOCS-GRAPH-24-006 | TODO | Docs Guild, Policy Guild | POLICY-ENGINE-60-001..002 | Write /docs/policy/ui-integration.md explaining overlays, cache usage, simulator contracts. |
Doc merged; references cross-linked; checklist appended. |
| DOCS-GRAPH-24-007 | TODO | Docs Guild, DevOps Guild | DEVOPS-GRAPH-24-001..003 | Produce /docs/migration/graph-parity.md with rollout plan, parity checks, fallback guidance. |
Migration doc approved; checklist appended. |
Exceptions v1
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|---|---|---|---|---|---|
| DOCS-EXC-25-001 | TODO | Docs Guild, Governance Guild | WEB-EXC-25-001 | Author /docs/governance/exceptions.md covering lifecycle, scope patterns, examples, compliance checklist. |
Doc merged; reviewers sign off; checklist included. |
| DOCS-EXC-25-002 | TODO | Docs Guild, Authority Core | AUTH-EXC-25-001 | Publish /docs/governance/approvals-and-routing.md detailing roles, routing matrix, MFA rules, audit trails. |
Doc merged; routing examples validated; checklist appended. |
| DOCS-EXC-25-003 | TODO | Docs Guild, BE-Base Platform Guild | WEB-EXC-25-001..003 | Create /docs/api/exceptions.md with endpoints, payloads, errors, idempotency notes. |
API doc aligned with OpenAPI; examples tested; checklist appended. |
| DOCS-EXC-25-004 | TODO | Docs Guild, Policy Guild | POLICY-ENGINE-70-001 | Document /docs/policy/exception-effects.md explaining evaluation order, conflicts, simulation. |
Doc merged; tests cross-referenced; checklist appended. |
| DOCS-EXC-25-005 | TODO | Docs Guild, UI Guild | UI-EXC-25-001..004 | Write /docs/ui/exception-center.md with UI walkthrough, badges, accessibility, shortcuts. |
Doc merged with screenshots; accessibility checklist completed. |
| DOCS-EXC-25-006 | TODO | Docs Guild, DevEx/CLI Guild | CLI-EXC-25-001..002 | Update /docs/cli/exceptions.md covering command usage and exit codes. |
CLI doc updated; examples validated; checklist appended. |
| DOCS-EXC-25-007 | TODO | Docs Guild, DevOps Guild | SCHED-WORKER-25-101, DEVOPS-GRAPH-24-003 | Publish /docs/migration/exception-governance.md describing cutover from legacy suppressions, notifications, rollback. |
Migration doc approved; checklist included. |
Update statuses (TODO/DOING/REVIEW/DONE/BLOCKED) as progress changes. Keep guides in sync with configuration samples under
etc/.
Remark (2025-10-13, DOC4.AUTH-PDG): Rate limit guide published (
docs/security/rate-limits.md) and handed to plugin docs team for diagram uplift once PLG6.DIAGRAM lands.
Orchestrator Dashboard (Epic 9)
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|---|---|---|---|---|---|
| DOCS-ORCH-32-001 | TODO | Docs Guild | ORCH-SVC-32-001, AUTH-ORCH-32-001 | Author /docs/orchestrator/overview.md covering mission, roles, AOC alignment, governance, with imposed rule reminder. |
Doc merged with diagrams; imposed rule statement included; entry linked from docs index. |
| DOCS-ORCH-32-002 | TODO | Docs Guild | ORCH-SVC-32-002 | Author /docs/orchestrator/architecture.md detailing scheduler, DAGs, rate limits, data model, message bus, storage layout, restating imposed rule. |
Architecture doc merged; diagrams reviewed; imposed rule noted. |
| DOCS-ORCH-33-001 | TODO | Docs Guild | ORCH-SVC-33-001..004, WEB-ORCH-33-001 | Publish /docs/orchestrator/api.md (REST/WebSocket endpoints, payloads, error codes) with imposed rule note. |
API doc merged; examples validated; imposed rule appended. |
| DOCS-ORCH-33-002 | TODO | Docs Guild | CONSOLE-ORCH-32-002, CONSOLE-ORCH-33-001..002 | Publish /docs/orchestrator/console.md covering screens, a11y, live updates, control actions, reiterating imposed rule. |
Console doc merged with screenshots; accessibility checklist done; imposed rule statement present. |
| DOCS-ORCH-33-003 | TODO | Docs Guild | CLI-ORCH-33-001 | Publish /docs/orchestrator/cli.md documenting commands, options, exit codes, streaming output, offline usage, and imposed rule. |
CLI doc merged; examples tested; imposed rule appended. |
| DOCS-ORCH-34-001 | TODO | Docs Guild | ORCH-SVC-34-002, LEDGER-34-101 | Author /docs/orchestrator/run-ledger.md covering ledger schema, provenance chain, audit workflows, with imposed rule reminder. |
Run-ledger doc merged; payload samples validated; imposed rule included; cross-links added. |
| DOCS-ORCH-34-002 | TODO | Docs Guild | AUTH-ORCH-32-001, AUTH-ORCH-34-001 | Update /docs/security/secrets-handling.md for orchestrator KMS refs, redaction badges, operator hygiene, reiterating imposed rule. |
Security doc merged; checklists updated; imposed rule restated; references from Console/CLI docs added. |
| DOCS-ORCH-34-003 | TODO | Docs Guild | ORCH-SVC-33-003, ORCH-SVC-34-001, DEVOPS-ORCH-34-001 | Publish /docs/operations/orchestrator-runbook.md (incident playbook, backfill guide, circuit breakers, throttling) with imposed rule statement. |
Runbook merged; steps validated with DevOps; imposed rule included; runbook linked from ops index. |
| DOCS-ORCH-34-004 | TODO | Docs Guild | ORCH-SVC-32-005, WORKER-GO-33-001, WORKER-PY-33-001 | Document /docs/schemas/artifacts.md describing artifact kinds, schema versions, hashing, storage layout, restating imposed rule. |
Schema doc merged; JSON schema provided; imposed rule included; sample payload validated. |
| DOCS-ORCH-34-005 | TODO | Docs Guild | ORCH-SVC-34-001, DEVOPS-ORCH-34-001 | Author /docs/slo/orchestrator-slo.md defining SLOs, burn alerts, measurement, and reiterating imposed rule. |
SLO doc merged; dashboard screenshots embedded; imposed rule appended; alerts documented. |
Export Center (Epic 10)
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|---|---|---|---|---|---|
| DOCS-EXPORT-35-001 | TODO | Docs Guild | EXPORT-SVC-35-001..006 | Author /docs/export-center/overview.md covering purpose, profiles, security, AOC alignment, surfaces, ending with imposed rule statement. |
Doc merged with diagrams/examples; imposed rule line present; index updated. |
| DOCS-EXPORT-35-002 | TODO | Docs Guild | EXPORT-SVC-35-002..005 | Publish /docs/export-center/architecture.md describing planner, adapters, manifests, signing, distribution flows, restating imposed rule. |
Architecture doc merged; sequence diagrams included; rule statement appended. |
| DOCS-EXPORT-35-003 | TODO | Docs Guild | EXPORT-SVC-35-003..004 | Publish /docs/export-center/profiles.md detailing schema fields, examples, compatibility, and imposed rule reminder. |
Profiles doc merged; JSON schemas linked; imposed rule noted. |
| DOCS-EXPORT-36-004 | TODO | Docs Guild | EXPORT-SVC-36-001..004, WEB-EXPORT-36-001 | Publish /docs/export-center/api.md covering endpoints, payloads, errors, and mention imposed rule. |
API doc merged; examples validated; rule included. |
| DOCS-EXPORT-36-005 | TODO | Docs Guild | CLI-EXPORT-35-001, CLI-EXPORT-36-001 | Publish /docs/export-center/cli.md with command reference, CI scripts, verification steps, restating imposed rule. |
CLI doc merged; script snippets tested; rule appended. |
| DOCS-EXPORT-36-006 | TODO | Docs Guild | EXPORT-SVC-36-001, DEVOPS-EXPORT-36-001 | Publish /docs/export-center/trivy-adapter.md covering field mappings, compatibility matrix, and imposed rule reminder. |
Doc merged; mapping tables validated; rule included. |
| DOCS-EXPORT-37-001 | TODO | Docs Guild | EXPORT-SVC-37-001, DEVOPS-EXPORT-37-001 | Publish /docs/export-center/mirror-bundles.md describing filesystem/OCI layouts, delta/encryption, import guide, ending with imposed rule. |
Doc merged; diagrams provided; verification steps tested; rule stated. |
| DOCS-EXPORT-37-002 | TODO | Docs Guild | EXPORT-SVC-35-005, EXPORT-SVC-37-002 | Publish /docs/export-center/provenance-and-signing.md detailing manifests, attestation flow, verification, reiterating imposed rule. |
Doc merged; signature examples validated; rule appended. |
| DOCS-EXPORT-37-003 | TODO | Docs Guild | DEVOPS-EXPORT-37-001 | Publish /docs/operations/export-runbook.md covering failures, tuning, capacity planning, with imposed rule reminder. |
Runbook merged; procedures validated; rule included. |
| DOCS-EXPORT-37-004 | TODO | Docs Guild | AUTH-EXPORT-37-001, EXPORT-SVC-37-002 | Publish /docs/security/export-hardening.md outlining RBAC, tenancy, encryption, redaction, restating imposed rule. |
Security doc merged; checklist updated; rule appended. |
Reachability v1
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|---|---|---|---|---|---|
| DOCS-SIG-26-001 | TODO | Docs Guild, Signals Guild | SIGNALS-24-004 | Write /docs/signals/reachability.md covering states, scores, provenance, retention. |
Doc merged with diagrams/examples; checklist appended. |
| DOCS-SIG-26-002 | TODO | Docs Guild, Signals Guild | SIGNALS-24-002 | Publish /docs/signals/callgraph-formats.md with schemas and validation errors. |
Doc merged; examples tested; checklist included. |
| DOCS-SIG-26-003 | TODO | Docs Guild, Runtime Guild | SIGNALS-24-003 | Create /docs/signals/runtime-facts.md detailing agent capabilities, privacy safeguards, opt-in flags. |
Doc merged; privacy review done; checklist appended. |
| DOCS-SIG-26-004 | TODO | Docs Guild, Policy Guild | POLICY-ENGINE-80-001 | Document /docs/policy/signals-weighting.md for SPL predicates and weighting strategies. |
Doc merged; sample policies validated; checklist appended. |
| DOCS-SIG-26-005 | TODO | Docs Guild, UI Guild | UI-SIG-26-001..003 | Draft /docs/ui/reachability-overlays.md with badges, timelines, shortcuts. |
Doc merged with screenshots; accessibility checklist completed. |
| DOCS-SIG-26-006 | TODO | Docs Guild, DevEx/CLI Guild | CLI-SIG-26-001..002 | Update /docs/cli/reachability.md for new commands and automation recipes. |
Doc merged; examples verified; checklist appended. |
| DOCS-SIG-26-007 | TODO | Docs Guild, BE-Base Platform Guild | WEB-SIG-26-001..003 | Publish /docs/api/signals.md covering endpoints, payloads, ETags, errors. |
API doc aligned with OpenAPI; examples tested; checklist appended. |
| DOCS-SIG-26-008 | TODO | Docs Guild, DevOps Guild | DEVOPS-SIG-26-001..002 | Write /docs/migration/enable-reachability.md guiding rollout, fallbacks, monitoring. |
Migration doc approved; checklist appended. |
Policy Studio (Sprint 27)
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|---|---|---|---|---|---|
| DOCS-POLICY-27-001 | TODO | Docs Guild, Policy Guild | REGISTRY-API-27-001, POLICY-ENGINE-27-001 | Publish /docs/policy/studio-overview.md covering lifecycle, roles, glossary, and compliance checklist. |
Doc merged with diagrams + lifecycle table; checklist appended; stakeholders sign off. |
| DOCS-POLICY-27-002 | TODO | Docs Guild, Console Guild | CONSOLE-STUDIO-27-001 | Write /docs/policy/authoring.md detailing workspace templates, snippets, lint rules, IDE shortcuts, and best practices. |
Authoring doc includes annotated screenshots, snippet catalog, compliance checklist. |
| DOCS-POLICY-27-003 | TODO | Docs Guild, Policy Registry Guild | REGISTRY-API-27-007 | Document /docs/policy/versioning-and-publishing.md (semver rules, attestations, rollback) with compliance checklist. |
Doc merged with flow diagrams; attestation steps documented; checklist appended. |
| DOCS-POLICY-27-004 | TODO | Docs Guild, Scheduler Guild | REGISTRY-API-27-005, SCHED-WORKER-27-301 | Write /docs/policy/simulation.md covering quick vs batch sim, thresholds, evidence bundles, CLI examples. |
Simulation doc includes charts, sample manifests, checklist appended. |
| DOCS-POLICY-27-005 | TODO | Docs Guild, Product Ops | REGISTRY-API-27-006 | Publish /docs/policy/review-and-approval.md with approver requirements, comments, webhooks, audit trail guidance. |
Doc merged with role matrix + webhook schema; checklist appended. |
| DOCS-POLICY-27-006 | TODO | Docs Guild, Policy Guild | REGISTRY-API-27-008 | Author /docs/policy/promotion.md covering environments, canary, rollback, and monitoring steps. |
Promotion doc includes examples + checklist; verified by Policy Ops. |
| DOCS-POLICY-27-007 | TODO | Docs Guild, DevEx/CLI Guild | CLI-POLICY-27-001..004 | Update /docs/policy/cli.md with new commands, JSON schemas, CI usage, and compliance checklist. |
CLI doc merged with transcripts; schema references validated; checklist appended. |
| DOCS-POLICY-27-008 | TODO | Docs Guild, Policy Registry Guild | REGISTRY-API-27-001..008 | Publish /docs/policy/api.md describing Registry endpoints, request/response schemas, errors, and feature flags. |
API doc aligned with OpenAPI; examples validated; checklist appended. |
| DOCS-POLICY-27-009 | TODO | Docs Guild, Security Guild | AUTH-POLICY-27-002 | Create /docs/security/policy-attestations.md covering signing, verification, key rotation, and compliance checklist. |
Security doc approved by Security Guild; verifier steps documented; checklist appended. |
| DOCS-POLICY-27-010 | TODO | Docs Guild, Architecture Guild | REGISTRY-API-27-001, SCHED-WORKER-27-301 | Author /docs/architecture/policy-registry.md (service design, schemas, queues, failure modes) with diagrams and checklist. |
Architecture doc merged; diagrams committed; checklist appended. |
| DOCS-POLICY-27-011 | TODO | Docs Guild, Observability Guild | DEVOPS-POLICY-27-004 | Publish /docs/observability/policy-telemetry.md with metrics/log tables, dashboards, alerts, and compliance checklist. |
Observability doc merged; dashboards linked; checklist appended. |
| DOCS-POLICY-27-012 | TODO | Docs Guild, Ops Guild | DEPLOY-POLICY-27-002 | Write /docs/runbooks/policy-incident.md detailing rollback, freeze, forensic steps, notifications. |
Runbook merged; rehearsal recorded; checklist appended. |
| DOCS-POLICY-27-013 | TODO | Docs Guild, Policy Guild | CONSOLE-STUDIO-27-001, REGISTRY-API-27-002 | Update /docs/examples/policy-templates.md with new templates, snippets, and sample policies. |
Examples committed with commentary; lint passes; checklist appended. |
| DOCS-POLICY-27-014 | TODO | Docs Guild, Policy Registry Guild | REGISTRY-API-27-003, WEB-POLICY-27-001 | Refresh /docs/aoc/aoc-guardrails.md to include Studio-specific guardrails and validation scenarios. |
Doc updated with Studio guardrails; compliance checklist appended. |
Vulnerability Explorer (Sprint 29)
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|---|---|---|---|---|---|
| DOCS-VULN-29-001 | TODO | Docs Guild, Vuln Explorer Guild | VULN-API-29-001 | Publish /docs/vuln/explorer-overview.md covering domain model, identities, AOC guarantees, workflow summary. |
Doc merged with diagrams/table; compliance checklist appended. |
| DOCS-VULN-29-002 | TODO | Docs Guild, Console Guild | CONSOLE-VULN-29-001..006 | Write /docs/vuln/explorer-using-console.md with workflows, screenshots, keyboard shortcuts, saved views, deep links. |
Doc merged; images stored; WCAG notes included; checklist appended. |
| DOCS-VULN-29-003 | TODO | Docs Guild, Vuln Explorer API Guild | VULN-API-29-001..009 | Author /docs/vuln/explorer-api.md (endpoints, query schema, grouping, errors, rate limits). |
Doc aligned with OpenAPI; examples validated; checklist appended. |
| DOCS-VULN-29-004 | TODO | Docs Guild, DevEx/CLI Guild | CLI-VULN-29-001..005 | Publish /docs/vuln/explorer-cli.md with command reference, samples, exit codes, CI snippets. |
CLI doc merged; transcripts/JSON outputs validated; checklist appended. |
| DOCS-VULN-29-005 | TODO | Docs Guild, Findings Ledger Guild | LEDGER-29-001..009 | Write /docs/vuln/findings-ledger.md detailing event schema, hashing, Merkle roots, replay tooling. |
Doc merged; compliance checklist appended; audit team sign-off. |
| DOCS-VULN-29-006 | TODO | Docs Guild, Policy Guild | POLICY-ENGINE-29-001..003 | Update /docs/policy/vuln-determinations.md for new rationale, signals, simulation semantics. |
Doc updated; examples validated; checklist appended. |
| DOCS-VULN-29-007 | TODO | Docs Guild, Excititor Guild | EXCITITOR-VULN-29-001..004 | Publish /docs/vex/explorer-integration.md covering CSAF mapping, suppression precedence, status semantics. |
Doc merged; compliance checklist appended. |
| DOCS-VULN-29-008 | TODO | Docs Guild, Concelier Guild | CONCELIER-VULN-29-001..004 | Publish /docs/advisories/explorer-integration.md covering key normalization, withdrawn handling, provenance. |
Doc merged; checklist appended. |
| DOCS-VULN-29-009 | TODO | Docs Guild, SBOM Service Guild | SBOM-VULN-29-001..002 | Author /docs/sbom/vuln-resolution.md detailing version semantics, scope, paths, safe version hints. |
Doc merged; ecosystem tables validated; checklist appended. |
| DOCS-VULN-29-010 | TODO | Docs Guild, Observability Guild | VULN-API-29-009, DEVOPS-VULN-29-002 | Publish /docs/observability/vuln-telemetry.md (metrics, logs, tracing, dashboards, SLOs). |
Doc merged; dashboards linked; checklist appended. |
| DOCS-VULN-29-011 | TODO | Docs Guild, Security Guild | AUTH-VULN-29-001..003 | Create /docs/security/vuln-rbac.md for roles, ABAC policies, attachment encryption, CSRF. |
Security doc approved; checklist appended. |
| DOCS-VULN-29-012 | TODO | Docs Guild, Ops Guild | DEVOPS-VULN-29-002, SCHED-WORKER-29-003 | Write /docs/runbooks/vuln-ops.md (projector lag, resolver storms, export failures, policy activation). |
Runbook merged; rehearsal recorded; checklist appended. |
| DOCS-VULN-29-013 | TODO | Docs Guild, Deployment Guild | DEPLOY-VULN-29-001..002 | Update /docs/install/containers.md with Findings Ledger & Vuln Explorer API images, manifests, resource sizing, health checks. |
Install doc updated; validation commands included; checklist appended. |
VEX Lens (Sprint 30)
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|---|---|---|---|---|---|
| DOCS-VEX-30-001 | TODO | Docs Guild, VEX Lens Guild | VEXLENS-30-005 | Publish /docs/vex/consensus-overview.md describing purpose, scope, AOC guarantees. |
Doc merged with diagrams/terminology tables; compliance checklist appended. |
| DOCS-VEX-30-002 | TODO | Docs Guild, VEX Lens Guild | VEXLENS-30-005 | Author /docs/vex/consensus-algorithm.md covering normalization, weighting, thresholds, examples. |
Doc merged; math reviewed by Policy; checklist appended. |
| DOCS-VEX-30-003 | TODO | Docs Guild, Issuer Directory Guild | ISSUER-30-001..003 | Document /docs/vex/issuer-directory.md (issuer management, keys, trust overrides, audit). |
Doc merged; security review done; checklist appended. |
| DOCS-VEX-30-004 | TODO | Docs Guild, VEX Lens Guild | VEXLENS-30-007 | Publish /docs/vex/consensus-api.md with endpoint specs, query params, rate limits. |
API doc aligned with OpenAPI; examples validated; checklist appended. |
| DOCS-VEX-30-005 | TODO | Docs Guild, Console Guild | CONSOLE-VEX-30-001 | Write /docs/vex/consensus-console.md covering UI workflows, filters, conflicts, accessibility. |
Doc merged; screenshots added; checklist appended. |
| DOCS-VEX-30-006 | TODO | Docs Guild, Policy Guild | POLICY-ENGINE-29-001, VEXLENS-30-004 | Add /docs/policy/vex-trust-model.md detailing policy knobs, thresholds, simulation. |
Doc merged; policy review completed; checklist appended. |
| DOCS-VEX-30-007 | TODO | Docs Guild, SBOM Service Guild | VEXLENS-30-002 | Publish /docs/sbom/vex-mapping.md (CPE→purl strategy, edge cases, overrides). |
Doc merged; mapping tables validated; checklist appended. |
| DOCS-VEX-30-008 | TODO | Docs Guild, Security Guild | ISSUER-30-002, VEXLENS-30-003 | Deliver /docs/security/vex-signatures.md (verification flow, key rotation, audit). |
Doc approved by Security; checklist appended. |
| DOCS-VEX-30-009 | TODO | Docs Guild, DevOps Guild | VEXLENS-30-009, DEVOPS-VEX-30-001 | Create /docs/runbooks/vex-ops.md for recompute storms, mapping failures, signature errors. |
Runbook merged; rehearsal logged; checklist appended. |
Advisory AI (Sprint 31)
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|---|---|---|---|---|---|
| DOCS-AIAI-31-001 | TODO | Docs Guild, Advisory AI Guild | AIAI-31-006 | Publish /docs/advisory-ai/overview.md covering capabilities, guardrails, RBAC. |
Doc merged with diagrams; compliance checklist appended. |
| DOCS-AIAI-31-002 | TODO | Docs Guild, Advisory AI Guild | AIAI-31-004 | Author /docs/advisory-ai/architecture.md detailing RAG pipeline, deterministics, caching, model options. |
Doc merged; architecture review done; checklist appended. |
| DOCS-AIAI-31-003 | TODO | Docs Guild, Advisory AI Guild | AIAI-31-006 | Write /docs/advisory-ai/api.md describing endpoints, schemas, errors, rate limits. |
API doc aligned with OpenAPI; examples validated; checklist appended. |
| DOCS-AIAI-31-004 | TODO | Docs Guild, Console Guild | CONSOLE-VULN-29-001, CONSOLE-VEX-30-001 | Create /docs/advisory-ai/console.md with screenshots, a11y notes, copy-as-ticket instructions. |
Doc merged; images stored; checklist appended. |
| DOCS-AIAI-31-005 | TODO | Docs Guild, DevEx/CLI Guild | CLI-VULN-29-001, CLI-VEX-30-001 | Publish /docs/advisory-ai/cli.md covering commands, exit codes, scripting patterns. |
Doc merged; examples tested; checklist appended. |
| DOCS-AIAI-31-006 | TODO | Docs Guild, Policy Guild | POLICY-ENGINE-31-001 | Update /docs/policy/assistant-parameters.md covering temperature, token limits, ranking weights, TTLs. |
Doc merged; policy review done; checklist appended. |
| DOCS-AIAI-31-007 | TODO | Docs Guild, Security Guild | AIAI-31-005 | Write /docs/security/assistant-guardrails.md detailing redaction, injection defense, logging. |
Doc approved by Security; checklist appended. |
| DOCS-AIAI-31-008 | TODO | Docs Guild, SBOM Service Guild | SBOM-AIAI-31-001 | Publish /docs/sbom/remediation-heuristics.md (feasibility scoring, blast radius). |
Doc merged; heuristics reviewed; checklist appended. |
| DOCS-AIAI-31-009 | TODO | Docs Guild, DevOps Guild | DEVOPS-AIAI-31-001 | Create /docs/runbooks/assistant-ops.md for warmup, cache priming, model outages, scaling. |
Runbook merged; rehearsal logged; checklist appended. |
Notifications Studio
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|---|---|---|---|---|---|
| DOCS-NOTIFY-38-001 | TODO | Docs Guild, Notifications Service Guild | NOTIFY-SVC-38-001..004 | Publish /docs/notifications/overview.md and /docs/notifications/architecture.md, each ending with imposed rule reminder. |
Docs merged; diagrams verified; imposed rule appended. |
| DOCS-NOTIFY-39-002 | TODO | Docs Guild, Notifications Service Guild | NOTIFY-SVC-39-001..004 | Publish /docs/notifications/rules.md, /docs/notifications/templates.md, /docs/notifications/digests.md with examples and imposed rule line. |
Docs merged; examples validated; imposed rule appended. |
| DOCS-NOTIFY-40-001 | TODO | Docs Guild, Security Guild | AUTH-NOTIFY-38-001, NOTIFY-SVC-40-001..004 | Publish /docs/notifications/channels.md, /docs/notifications/escalations.md, /docs/notifications/api.md, /docs/operations/notifier-runbook.md, /docs/security/notifications-hardening.md; each ends with imposed rule line. |
Docs merged; accessibility checks passed; imposed rule appended. |
CLI Parity & Task Packs
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|---|---|---|---|---|---|
| DOCS-CLI-41-001 | TODO | Docs Guild, DevEx/CLI Guild | CLI-CORE-41-001 | Publish /docs/cli/overview.md, /docs/cli/configuration.md, /docs/cli/output-and-exit-codes.md with imposed rule statements. |
Docs merged; examples verified; imposed rule appended. |
| DOCS-CLI-42-001 | TODO | Docs Guild | DOCS-CLI-41-001, CLI-PARITY-41-001 | Publish /docs/cli/parity-matrix.md and command guides under /docs/cli/commands/*.md (policy, sbom, vuln, vex, advisory, export, orchestrator, notify, aoc, auth). |
Guides merged; parity automation documented; imposed rule appended. |
| DOCS-PACKS-43-001 | TODO | Docs Guild, Task Runner Guild | PACKS-REG-42-001, TASKRUN-42-001 | Publish /docs/task-packs/spec.md, /docs/task-packs/authoring-guide.md, /docs/task-packs/registry.md, /docs/task-packs/runbook.md, /docs/security/pack-signing-and-rbac.md, /docs/operations/cli-release-and-packaging.md with imposed rule statements. |
Docs merged; tutorials validated; imposed rule appended; cross-links added. |
Containerized Distribution (Epic 13)
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|---|---|---|---|---|---|
| DOCS-INSTALL-44-001 | TODO | Docs Guild, Deployment Guild | COMPOSE-44-001 | Publish /docs/install/overview.md and /docs/install/compose-quickstart.md with imposed rule line and copy-ready commands. |
Docs merged; screenshots/commands verified; imposed rule appended. |
| DOCS-INSTALL-45-001 | TODO | Docs Guild, Deployment Guild | HELM-45-001 | Publish /docs/install/helm-prod.md and /docs/install/configuration-reference.md with values tables and imposed rule reminder. |
Docs merged; configuration matrix verified; imposed rule appended. |
| DOCS-INSTALL-46-001 | TODO | Docs Guild, Security Guild | DEPLOY-PACKS-43-001, CLI-PACKS-43-001 | Publish /docs/install/airgap.md, /docs/security/supply-chain.md, /docs/operations/health-and-readiness.md, /docs/release/image-catalog.md, /docs/console/onboarding.md (each with imposed rule). |
Docs merged; checksum/signature sections validated; imposed rule appended. |
Authority-Backed Scopes & Tenancy (Epic 14)
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|---|---|---|---|---|---|
| DOCS-TEN-47-001 | TODO | Docs Guild, Authority Core | AUTH-TEN-47-001 | Publish /docs/security/tenancy-overview.md and /docs/security/scopes-and-roles.md outlining scope grammar, tenant model, imposed rule reminder. |
Docs merged; diagrams included; imposed rule appended. |
| DOCS-TEN-48-001 | TODO | Docs Guild, Platform Ops | WEB-TEN-48-001 | Publish /docs/operations/multi-tenancy.md, /docs/operations/rls-and-data-isolation.md, /docs/console/admin-tenants.md. |
Docs merged; examples validated; imposed rule appended. |
| DOCS-TEN-49-001 | TODO | Docs & DevEx Guilds | CLI-TEN-47-001, AUTH-TEN-49-001 | Publish /docs/cli/authentication.md, /docs/api/authentication.md, /docs/policy/examples/abac-overlays.md, update /docs/install/configuration-reference.md with new env vars, all ending with imposed rule line. |
Docs merged; command examples verified; imposed rule appended. |