stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
98934170ca04cc3646c3606bee05fe15fc9be520
git.stella-ops.org/docs/implplan/SPRINT_0144_0001_0001_zastava.md
StellaOps Bot dd0067ea0b
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
Refactor code structure for improved readability and maintainability
2025-12-06 21:48:12 +02:00

2.5 KiB
Raw Blame History

Sprint 144 - Runtime & Signals · 140.D) Zastava

Topic & Scope

  • Runtime & Signals focus on Zastava — observer and webhook Surface integration.
  • Keep cache/env/secrets wiring aligned with Surface helpers and enforce Surface.FS for admission decisions.
  • Working directory: src/Zastava (Observer + Webhook).

Dependencies & Concurrency

  • Depends on Sprint 120.A - AirGap and Sprint 130.A - Scanner.
  • For any BLOCKED tasks, review BLOCKED_DEPENDENCY_TREE.md before resuming work.

Documentation Prerequisites

  • docs/README.md
  • docs/modules/platform/architecture-overview.md
  • docs/modules/zastava/architecture.md

Delivery Tracker

# Task ID Status Key dependency / next step Owners Task Definition
1 ZASTAVA-ENV-01 DONE Surface.Env helpers available Zastava Observer Guild (src/Zastava/StellaOps.Zastava.Observer) Adopt Surface.Env helpers for cache endpoints, secret refs, and feature toggles.
2 ZASTAVA-ENV-02 DONE Depends on ZASTAVA-ENV-01 Zastava Webhook Guild (src/Zastava/StellaOps.Zastava.Webhook) Switch webhook configuration to Surface.Env helpers for cache endpoint, secret refs, and feature toggles.
3 ZASTAVA-SECRETS-01 DONE Completed Zastava Observer Guild; Security Guild (src/Zastava/StellaOps.Zastava.Observer) Retrieve CAS/attestation access via Surface.Secrets instead of inline secret stores.
4 ZASTAVA-SECRETS-02 DONE Depends on ZASTAVA-SECRETS-01 Zastava Webhook Guild; Security Guild (src/Zastava/StellaOps.Zastava.Webhook) Retrieve attestation verification secrets via Surface.Secrets.
5 ZASTAVA-SURFACE-01 DONE Tests verified 2025-11-27 Zastava Observer Guild (src/Zastava/StellaOps.Zastava.Observer) Integrate Surface.FS client for runtime drift detection (cached layer hashes/entry traces). Observer unit tests now pass; offline local-nuget copies required for gRPC packages.
6 ZASTAVA-SURFACE-02 DONE Depends on ZASTAVA-SURFACE-01 Zastava Webhook Guild (src/Zastava/StellaOps.Zastava.Webhook) Enforce Surface.FS availability during admission (deny when cache missing/stale) and embed pointer checks in webhook response.

Execution Log

Date (UTC) Update Owner

Decisions & Risks

  • All Zastava runtime/signal tasks completed; Surface.FS integration verified.
  • No open blockers; revisit Surface.FS/offline cache freshness if Scanner deliverables change.

Next Checkpoints

  • Archived 2025-12-06; no further checkpoints scheduled.