git.stella-ops.org/docs/implplan/archived_sprints_tasks.md

Closed sprint tasks archived from SPRINTS.md on 2025-10-19.

Sprint	Theme	Tasks File Path	Status	Type of Specialist	Task ID	Task Description
Sprint 1	Stabilize In-Progress Foundations	src/Concelier/__Libraries/StellaOps.Concelier.Models/TASKS.md	DONE (2025-10-12)	Team Models & Merge Leads	FEEDMODELS-SCHEMA-01-001	SemVer primitive range-style metadata Instructions to work: DONE Read ./AGENTS.md and src/Concelier/__Libraries/StellaOps.Concelier.Models/AGENTS.md. This task lays the groundwork—complete the SemVer helper updates before teammates pick up FEEDMODELS-SCHEMA-01-002/003 and FEEDMODELS-SCHEMA-02-900. Use ./src/FASTER_MODELING_AND_NORMALIZATION.md for the target rule structure.
Sprint 1	Stabilize In-Progress Foundations	src/Concelier/__Libraries/StellaOps.Concelier.Models/TASKS.md	DONE (2025-10-11)	Team Models & Merge Leads	FEEDMODELS-SCHEMA-01-002	Provenance decision rationale field Instructions to work: AdvisoryProvenance now carries decisionReason and docs/tests were updated. Connectors and merge tasks should populate the field when applying precedence/freshness/tie-breaker logic; see src/Concelier/__Libraries/StellaOps.Concelier.Models/PROVENANCE_GUIDELINES.md for usage guidance.
Sprint 1	Stabilize In-Progress Foundations	src/Concelier/__Libraries/StellaOps.Concelier.Models/TASKS.md	DONE (2025-10-11)	Team Models & Merge Leads	FEEDMODELS-SCHEMA-01-003	Normalized version rules collection Instructions to work: AffectedPackage.NormalizedVersions and supporting comparer/docs/tests shipped. Connector owners must emit rule arrays per ./src/FASTER_MODELING_AND_NORMALIZATION.md and report progress via FEEDMERGE-COORD-02-900 so merge/storage backfills can proceed.
Sprint 1	Stabilize In-Progress Foundations	src/Concelier/__Libraries/StellaOps.Concelier.Models/TASKS.md	DONE (2025-10-12)	Team Models & Merge Leads	FEEDMODELS-SCHEMA-02-900	Range primitives for SemVer/EVR/NEVRA metadata Instructions to work: DONE Read ./AGENTS.md and src/Concelier/__Libraries/StellaOps.Concelier.Models/AGENTS.md before resuming this stalled effort. Confirm helpers align with the new NormalizedVersions representation so connectors finishing in Sprint 2 can emit consistent metadata.
Sprint 1	Stabilize In-Progress Foundations	src/Concelier/__Libraries/StellaOps.Concelier.Normalization/TASKS.md	DONE (2025-10-11)	Team Normalization & Storage Backbone	FEEDNORM-NORM-02-001	SemVer normalized rule emitter Shared SemVerRangeRuleBuilder now outputs primitives + normalized rules per FASTER_MODELING_AND_NORMALIZATION.md; CVE/GHSA connectors consuming the API have verified fixtures.
Sprint 1	Stabilize In-Progress Foundations	src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo/TASKS.md	DONE (2025-10-11)	Team Normalization & Storage Backbone	FEEDSTORAGE-DATA-02-001	Normalized range dual-write + backfill AdvisoryStore dual-writes flattened normalizedVersions when concelier.storage.enableSemVerStyle is set; migration 20251011-semver-style-backfill updates historical records and docs outline the rollout.
Sprint 1	Stabilize In-Progress Foundations	src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo/TASKS.md	DONE (2025-10-11)	Team Normalization & Storage Backbone	FEEDSTORAGE-DATA-02-002	Provenance decision reason persistence Storage now persists provenance.decisionReason for advisories and merge events; tests cover round-trips.
Sprint 1	Stabilize In-Progress Foundations	src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo/TASKS.md	DONE (2025-10-11)	Team Normalization & Storage Backbone	FEEDSTORAGE-DATA-02-003	Normalized versions indexing Bootstrapper seeds compound/sparse indexes for flattened normalized rules and docs/dev/mongo_indices.md documents query guidance.
Sprint 1	Stabilize In-Progress Foundations	src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo/TASKS.md	DONE (2025-10-11)	Team Normalization & Storage Backbone	FEEDSTORAGE-TESTS-02-004	Restore AdvisoryStore build after normalized versions refactor Updated constructors/tests keep storage suites passing with the new feature flag defaults.
Sprint 1	Stabilize In-Progress Foundations	src/Concelier/StellaOps.Concelier.WebService/TASKS.md	DONE (2025-10-12)	Team WebService & Authority	FEEDWEB-ENGINE-01-002	Plumb Authority client resilience options WebService wires authority.resilience.* into AddStellaOpsAuthClient and adds binding coverage via AuthorityClientResilienceOptionsAreBound.
Sprint 1	Stabilize In-Progress Foundations	src/Concelier/StellaOps.Concelier.WebService/TASKS.md	DONE (2025-10-12)	Team WebService & Authority	FEEDWEB-DOCS-01-003	Author ops guidance for resilience tuning Install/runbooks document connected vs air-gapped resilience profiles and monitoring hooks.
Sprint 1	Stabilize In-Progress Foundations	src/Concelier/StellaOps.Concelier.WebService/TASKS.md	DONE (2025-10-12)	Team WebService & Authority	FEEDWEB-DOCS-01-004	Document authority bypass logging patterns Operator guides now call out route/status/subject/clientId/scopes/bypass/remote audit fields and SIEM triggers.
Sprint 1	Stabilize In-Progress Foundations	src/Concelier/StellaOps.Concelier.WebService/TASKS.md	DONE (2025-10-12)	Team WebService & Authority	FEEDWEB-DOCS-01-005	Update Concelier operator guide for enforcement cutoff Install guide reiterates the 2025-12-31 cutoff and links audit signals to the rollout checklist.
Sprint 1	Stabilize In-Progress Foundations	src/Authority/StellaOps.Authority/TASKS.md	DONE (2025-10-11)	Team WebService & Authority	SEC3.HOST	Rate limiter policy binding Authority host now applies configuration-driven fixed windows to /token, /authorize, and /internal/*; integration tests assert 429 + Retry-After headers; docs/config samples refreshed for Docs guild diagrams.
Sprint 1	Stabilize In-Progress Foundations	src/Authority/StellaOps.Authority/TASKS.md	DONE (2025-10-11)	Team WebService & Authority	SEC3.BUILD	Authority rate-limiter follow-through Security.RateLimiting now fronts token/authorize/internal limiters; Authority + Configuration matrices (dotnet test src/Authority/StellaOps.Authority/StellaOps.Authority.sln, dotnet test src/__Libraries/__Tests/StellaOps.Configuration.Tests/StellaOps.Configuration.Tests.csproj) passed on 2025-10-11; awaiting #authority-core broadcast.
Sprint 1	Stabilize In-Progress Foundations	src/Authority/StellaOps.Authority/TASKS.md	DONE (2025-10-14)	Team Authority Platform & Security Guild	AUTHCORE-BUILD-OPENIDDICT / AUTHCORE-STORAGE-DEVICE-TOKENS / AUTHCORE-BOOTSTRAP-INVITES	Address remaining Authority compile blockers (OpenIddict transaction shim, token device document, bootstrap invite cleanup) so dotnet build src/Authority/StellaOps.Authority/StellaOps.Authority.sln returns success.
Sprint 1	Stabilize In-Progress Foundations	src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard/TASKS.md	DONE (2025-10-11)	Team WebService & Authority	PLG6.DOC	Plugin developer guide polish Section 9 now documents rate limiter metadata, config keys, and lockout interplay; YAML samples updated alongside Authority config templates.
Sprint 1	Stabilize In-Progress Foundations	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.CertCc/TASKS.md	DONE (2025-10-11)	Team Connector Resumption – CERT/RedHat	FEEDCONN-CERTCC-02-001	Fetch pipeline & state tracking Summary planner now drives monthly/yearly VINCE fetches, persists pending summaries/notes, and hydrates VINCE detail queue with telemetry. Team instructions: Read ./AGENTS.md and src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.CertCc/AGENTS.md. Coordinate daily with Models/Merge leads so new normalizedVersions output and provenance tags stay aligned with ./src/FASTER_MODELING_AND_NORMALIZATION.md.
Sprint 1	Stabilize In-Progress Foundations	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.CertCc/TASKS.md	DONE (2025-10-11)	Team Connector Resumption – CERT/RedHat	FEEDCONN-CERTCC-02-002	VINCE note detail fetcher Summary planner queues VINCE note detail endpoints, persists raw JSON with SHA/ETag metadata, and records retry/backoff metrics.
Sprint 1	Stabilize In-Progress Foundations	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.CertCc/TASKS.md	DONE (2025-10-11)	Team Connector Resumption – CERT/RedHat	FEEDCONN-CERTCC-02-003	DTO & parser implementation Added VINCE DTO aggregate, Markdown→text sanitizer, vendor/status/vulnerability parsers, and parser regression fixture.
Sprint 1	Stabilize In-Progress Foundations	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.CertCc/TASKS.md	DONE (2025-10-11)	Team Connector Resumption – CERT/RedHat	FEEDCONN-CERTCC-02-004	Canonical mapping & range primitives VINCE DTO aggregate flows through CertCcMapper, emitting vendor range primitives + normalized version rules that persist via _advisoryStore.
Sprint 1	Stabilize In-Progress Foundations	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.CertCc/TASKS.md	DONE (2025-10-12)	Team Connector Resumption – CERT/RedHat	FEEDCONN-CERTCC-02-005	Deterministic fixtures/tests Snapshot harness refreshed 2025-10-12; certcc-*.snapshot.json regenerated and regression suite green without UPDATE flag drift.
Sprint 1	Stabilize In-Progress Foundations	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.CertCc/TASKS.md	DONE (2025-10-12)	Team Connector Resumption – CERT/RedHat	FEEDCONN-CERTCC-02-006	Telemetry & documentation CertCcDiagnostics publishes summary/detail/parse/map metrics (meter StellaOps.Concelier.Connector.CertCc), README documents instruments, and log guidance captured for Ops on 2025-10-12.
Sprint 1	Stabilize In-Progress Foundations	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.CertCc/TASKS.md	DONE (2025-10-12)	Team Connector Resumption – CERT/RedHat	FEEDCONN-CERTCC-02-007	Connector test harness remediation Harness now wires AddSourceCommon, resets FakeTimeProvider, and passes canned-response regression run dated 2025-10-12.
Sprint 1	Stabilize In-Progress Foundations	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.CertCc/TASKS.md	DONE (2025-10-11)	Team Connector Resumption – CERT/RedHat	FEEDCONN-CERTCC-02-008	Snapshot coverage handoff Fixtures regenerated with normalized ranges + provenance fields on 2025-10-11; QA handoff notes published and merge backfill unblocked.
Sprint 1	Stabilize In-Progress Foundations	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.CertCc/TASKS.md	DONE (2025-10-12)	Team Connector Resumption – CERT/RedHat	FEEDCONN-CERTCC-02-012	Schema sync & snapshot regen follow-up Fixtures regenerated with normalizedVersions + provenance decision reasons; handoff notes updated for Merge backfill 2025-10-12.
Sprint 1	Stabilize In-Progress Foundations	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.CertCc/TASKS.md	DONE (2025-10-11)	Team Connector Resumption – CERT/RedHat	FEEDCONN-CERTCC-02-009	Detail/map reintegration plan Staged reintegration plan published in src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.CertCc/FEEDCONN-CERTCC-02-009_PLAN.md; coordinates enablement with FEEDCONN-CERTCC-02-004.
Sprint 1	Stabilize In-Progress Foundations	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.CertCc/TASKS.md	DONE (2025-10-12)	Team Connector Resumption – CERT/RedHat	FEEDCONN-CERTCC-02-010	Partial-detail graceful degradation Detail fetch now tolerates 404/403/410 responses and regression tests cover mixed endpoint availability.
Sprint 1	Stabilize In-Progress Foundations	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Distro.RedHat/TASKS.md	DONE (2025-10-11)	Team Connector Resumption – CERT/RedHat	FEEDCONN-REDHAT-02-001	Fixture validation sweep Instructions to work: Fixtures regenerated post-model-helper rollout; provenance ordering and normalizedVersions scaffolding verified via tests. Conflict resolver deltas logged in src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Distro.RedHat/CONFLICT_RESOLVER_NOTES.md for Sprint 3 consumers.
Sprint 1	Stabilize In-Progress Foundations	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Vndr.Apple/TASKS.md	DONE (2025-10-12)	Team Vendor Apple Specialists	FEEDCONN-APPLE-02-001	Canonical mapping & range primitives Mapper emits SemVer rules (scheme=apple:*); fixtures regenerated with trimmed references + new RSR coverage, update tooling finalized.
Sprint 1	Stabilize In-Progress Foundations	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Vndr.Apple/TASKS.md	DONE (2025-10-11)	Team Vendor Apple Specialists	FEEDCONN-APPLE-02-002	Deterministic fixtures/tests Sanitized live fixtures + regression snapshots wired into tests; normalized rule coverage asserted.
Sprint 1	Stabilize In-Progress Foundations	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Vndr.Apple/TASKS.md	DONE (2025-10-11)	Team Vendor Apple Specialists	FEEDCONN-APPLE-02-003	Telemetry & documentation Apple meter metrics wired into Concelier WebService OpenTelemetry configuration; README and fixtures document normalizedVersions coverage.
Sprint 1	Stabilize In-Progress Foundations	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Vndr.Apple/TASKS.md	DONE (2025-10-12)	Team Vendor Apple Specialists	FEEDCONN-APPLE-02-004	Live HTML regression sweep Sanitised HT125326/HT125328/HT106355/HT214108/HT215500 fixtures recorded and regression tests green on 2025-10-12.
Sprint 1	Stabilize In-Progress Foundations	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Vndr.Apple/TASKS.md	DONE (2025-10-11)	Team Vendor Apple Specialists	FEEDCONN-APPLE-02-005	Fixture regeneration tooling UPDATE_APPLE_FIXTURES=1 flow fetches & rewrites fixtures; README documents usage. Instructions to work: DONE Read ./AGENTS.md and src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Vndr.Apple/AGENTS.md. Resume stalled tasks, ensuring normalizedVersions output and fixtures align with ./src/FASTER_MODELING_AND_NORMALIZATION.md before handing data to the conflict sprint.
Sprint 1	Stabilize In-Progress Foundations	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Ghsa/TASKS.md	DONE (2025-10-12)	Team Connector Normalized Versions Rollout	FEEDCONN-GHSA-02-001	GHSA normalized versions & provenance Team instructions: Read ./AGENTS.md and each module's AGENTS file. Adopt the NormalizedVersions array emitted by the models sprint, wiring provenance decisionReason where merge overrides occur. Follow ./src/FASTER_MODELING_AND_NORMALIZATION.md; report via src/Concelier/__Libraries/StellaOps.Concelier.Merge/TASKS.md (FEEDMERGE-COORD-02-900). Progress 2025-10-11: GHSA/OSV emit normalized arrays with refreshed fixtures; CVE mapper now surfaces SemVer normalized ranges; NVD/KEV adoption pending; outstanding follow-ups include FEEDSTORAGE-DATA-02-001, FEEDMERGE-ENGINE-02-002, and rolling src/Tools/FixtureUpdater updates across connectors.
Sprint 1	Stabilize In-Progress Foundations	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Osv/TASKS.md	DONE (2025-10-12)	Team Connector Normalized Versions Rollout	FEEDCONN-OSV-02-003	OSV normalized versions & freshness
Sprint 1	Stabilize In-Progress Foundations	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Nvd/TASKS.md	DONE (2025-10-12)	Team Connector Normalized Versions Rollout	FEEDCONN-NVD-02-002	NVD normalized versions & timestamps
Sprint 1	Stabilize In-Progress Foundations	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Cve/TASKS.md	DONE (2025-10-12)	Team Connector Normalized Versions Rollout	FEEDCONN-CVE-02-003	CVE normalized versions uplift
Sprint 1	Stabilize In-Progress Foundations	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Kev/TASKS.md	DONE (2025-10-12)	Team Connector Normalized Versions Rollout	FEEDCONN-KEV-02-003	KEV normalized versions propagation
Sprint 1	Stabilize In-Progress Foundations	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Osv/TASKS.md	DONE (2025-10-12)	Team Connector Normalized Versions Rollout	FEEDCONN-OSV-04-003	OSV parity fixture refresh
Sprint 1	Stabilize In-Progress Foundations	src/Concelier/StellaOps.Concelier.WebService/TASKS.md	DONE (2025-10-10)	Team WebService & Authority	FEEDWEB-DOCS-01-001	Document authority toggle & scope requirements Quickstart carries toggle/scope guidance pending docs guild review (no change this sprint).
Sprint 1	Stabilize In-Progress Foundations	src/Concelier/StellaOps.Concelier.WebService/TASKS.md	DONE (2025-10-12)	Team WebService & Authority	FEEDWEB-DOCS-01-003	Author ops guidance for resilience tuning Operator docs now outline connected vs air-gapped resilience profiles and monitoring cues.
Sprint 1	Stabilize In-Progress Foundations	src/Concelier/StellaOps.Concelier.WebService/TASKS.md	DONE (2025-10-12)	Team WebService & Authority	FEEDWEB-DOCS-01-004	Document authority bypass logging patterns Audit logging guidance highlights route/status/subject/clientId/scopes/bypass/remote fields and SIEM alerts.
Sprint 1	Stabilize In-Progress Foundations	src/Concelier/StellaOps.Concelier.WebService/TASKS.md	DONE (2025-10-12)	Team WebService & Authority	FEEDWEB-DOCS-01-005	Update Concelier operator guide for enforcement cutoff Install guide reiterates the 2025-12-31 cutoff and ties audit signals to rollout checks.
Sprint 1	Stabilize In-Progress Foundations	src/Concelier/StellaOps.Concelier.WebService/TASKS.md	DONE (2025-10-11)	Team WebService & Authority	FEEDWEB-OPS-01-006	Rename plugin drop directory to namespaced path Build outputs, tests, and docs now target StellaOps.Concelier.PluginBinaries/StellaOps.Authority.PluginBinaries.
Sprint 1	Stabilize In-Progress Foundations	src/Concelier/StellaOps.Concelier.WebService/TASKS.md	DONE (2025-10-11)	Team WebService & Authority	FEEDWEB-OPS-01-007	Authority resilience adoption Deployment docs and CLI notes explain the LIB5 resilience knobs for rollout. Instructions to work: DONE Read ./AGENTS.md and src/Concelier/StellaOps.Concelier.WebService/AGENTS.md. These items were mid-flight; resume implementation ensuring docs/operators receive timely updates.
Sprint 1	Stabilize In-Progress Foundations	src/Authority/StellaOps.Authority/TASKS.md	DONE (2025-10-11)	Team Authority Platform & Security Guild	AUTHCORE-ENGINE-01-001	CORE8.RL — Rate limiter plumbing validated; integration tests green and docs handoff recorded for middleware ordering + Retry-After headers (see docs/dev/authority-rate-limit-tuning-outline.md for continuing guidance).
Sprint 1	Stabilize In-Progress Foundations	src/__Libraries/StellaOps.Cryptography/TASKS.md	DONE (2025-10-11)	Team Authority Platform & Security Guild	AUTHCRYPTO-ENGINE-01-001	SEC3.A — Shared metadata resolver confirmed via host test run; SEC3.B now unblocked for tuning guidance (outline captured in docs/dev/authority-rate-limit-tuning-outline.md).
Sprint 1	Stabilize In-Progress Foundations	src/__Libraries/StellaOps.Cryptography/TASKS.md	DONE (2025-10-13)	Team Authority Platform & Security Guild	AUTHSEC-DOCS-01-002	SEC3.B — Published docs/security/rate-limits.md with tuning matrix, alert thresholds, and lockout interplay guidance; Docs guild can lift copy into plugin guide.
Sprint 1	Stabilize In-Progress Foundations	src/__Libraries/StellaOps.Cryptography/TASKS.md	DONE (2025-10-14)	Team Authority Platform & Security Guild	AUTHSEC-CRYPTO-02-001	SEC5.B1 — Introduce libsodium signing provider and parity tests to unblock CLI verification enhancements.
Sprint 1	Bootstrap & Replay Hardening	src/__Libraries/StellaOps.Cryptography/TASKS.md	DONE (2025-10-14)	Security Guild	AUTHSEC-CRYPTO-02-004	SEC5.D/E — Finish bootstrap invite lifecycle (API/store/cleanup) and token device heuristics; build currently red due to pending handler integration.
Sprint 1	Developer Tooling	src/Cli/StellaOps.Cli/TASKS.md	DONE (2025-10-15)	DevEx/CLI	AUTHCLI-DIAG-01-001	Surface password policy diagnostics in CLI startup/output so operators see weakened overrides immediately. CLI now loads Authority plug-ins at startup, logs weakened password policies (length/complexity), and regression coverage lives in StellaOps.Cli.Tests/Services/AuthorityDiagnosticsReporterTests.
Sprint 1	Stabilize In-Progress Foundations	src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard/TASKS.md	DONE (2025-10-11)	Team Authority Platform & Security Guild	AUTHPLUG-DOCS-01-001	PLG6.DOC — Developer guide copy + diagrams merged 2025-10-11; limiter guidance incorporated and handed to Docs guild for asset export.
Sprint 2	Connector & Data Implementation Wave	src/Concelier/__Libraries/StellaOps.Concelier.Normalization/TASKS.md	DONE (2025-10-12)	Team Normalization & Storage Backbone	FEEDNORM-NORM-02-001	SemVer normalized rule emitter SemVerRangeRuleBuilder shipped 2025-10-12 with comparator/`
Sprint 2	Connector & Data Implementation Wave	src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo/TASKS.md	DONE (2025-10-11)	Team Normalization & Storage Backbone	FEEDSTORAGE-DATA-02-001	Normalized range dual-write + backfill
Sprint 2	Connector & Data Implementation Wave	src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo/TASKS.md	DONE (2025-10-11)	Team Normalization & Storage Backbone	FEEDSTORAGE-DATA-02-002	Provenance decision reason persistence
Sprint 2	Connector & Data Implementation Wave	src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo/TASKS.md	DONE (2025-10-11)	Team Normalization & Storage Backbone	FEEDSTORAGE-DATA-02-003	Normalized versions indexing Indexes seeded + docs updated 2025-10-11 to cover flattened normalized rules for connector adoption.
Sprint 2	Connector & Data Implementation Wave	src/Concelier/__Libraries/StellaOps.Concelier.Merge/TASKS.md	DONE (2025-10-11)	Team Normalization & Storage Backbone	FEEDMERGE-ENGINE-02-002	Normalized versions union & dedupe Affected package resolver unions/dedupes normalized rules, stamps merge provenance with decisionReason, and tests cover the rollout.
Sprint 2	Connector & Data Implementation Wave	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Ghsa/TASKS.md	DONE (2025-10-11)	Team Connector Expansion – GHSA/NVD/OSV	FEEDCONN-GHSA-02-001	GHSA normalized versions & provenance
Sprint 2	Connector & Data Implementation Wave	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Ghsa/TASKS.md	DONE (2025-10-11)	Team Connector Expansion – GHSA/NVD/OSV	FEEDCONN-GHSA-02-004	GHSA credits & ecosystem severity mapping
Sprint 2	Connector & Data Implementation Wave	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Ghsa/TASKS.md	DONE (2025-10-12)	Team Connector Expansion – GHSA/NVD/OSV	FEEDCONN-GHSA-02-005	GitHub quota monitoring & retries
Sprint 2	Connector & Data Implementation Wave	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Ghsa/TASKS.md	DONE (2025-10-12)	Team Connector Expansion – GHSA/NVD/OSV	FEEDCONN-GHSA-02-006	Production credential & scheduler rollout
Sprint 2	Connector & Data Implementation Wave	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Ghsa/TASKS.md	DONE (2025-10-12)	Team Connector Expansion – GHSA/NVD/OSV	FEEDCONN-GHSA-02-007	Credit parity regression fixtures
Sprint 2	Connector & Data Implementation Wave	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Nvd/TASKS.md	DONE (2025-10-11)	Team Connector Expansion – GHSA/NVD/OSV	FEEDCONN-NVD-02-002	NVD normalized versions & timestamps
Sprint 2	Connector & Data Implementation Wave	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Nvd/TASKS.md	DONE (2025-10-11)	Team Connector Expansion – GHSA/NVD/OSV	FEEDCONN-NVD-02-004	NVD CVSS & CWE precedence payloads
Sprint 2	Connector & Data Implementation Wave	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Nvd/TASKS.md	DONE (2025-10-12)	Team Connector Expansion – GHSA/NVD/OSV	FEEDCONN-NVD-02-005	NVD merge/export parity regression
Sprint 2	Connector & Data Implementation Wave	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Osv/TASKS.md	DONE (2025-10-11)	Team Connector Expansion – GHSA/NVD/OSV	FEEDCONN-OSV-02-003	OSV normalized versions & freshness
Sprint 2	Connector & Data Implementation Wave	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Osv/TASKS.md	DONE (2025-10-11)	Team Connector Expansion – GHSA/NVD/OSV	FEEDCONN-OSV-02-004	OSV references & credits alignment
Sprint 2	Connector & Data Implementation Wave	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Osv/TASKS.md	DONE (2025-10-12)	Team Connector Expansion – GHSA/NVD/OSV	FEEDCONN-OSV-02-005	Fixture updater workflow Resolved 2025-10-12: OSV mapper now derives canonical PURLs for Go + scoped npm packages when raw payloads omit purl; conflict fixtures unchanged for invalid npm names. Verified via dotnet test src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Osv.Tests, src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Ghsa.Tests, src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Nvd.Tests, and backbone normalization/storage suites.
Sprint 2	Connector & Data Implementation Wave	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Acsc/TASKS.md	DONE (2025-10-12)	Team Connector Expansion – Regional & Vendor Feeds	FEEDCONN-ACSC-02-001 … 02-008	Fetch→parse→map pipeline, fixtures, diagnostics, and README finished 2025-10-12; downstream export parity captured via FEEDEXPORT-JSON-04-001 / FEEDEXPORT-TRIVY-04-001 (completed).
Sprint 2	Connector & Data Implementation Wave	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Cccs/TASKS.md	DONE (2025-10-16)	Team Connector Expansion – Regional & Vendor Feeds	FEEDCONN-CCCS-02-001 … 02-008	Observability meter, historical harvest plan, and DOM sanitizer refinements wrapped; ops notes live under docs/modules/concelier/operations/connectors/cccs.md with fixtures validating EN/FR list handling.
Sprint 2	Connector & Data Implementation Wave	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.CertBund/TASKS.md	DONE (2025-10-15)	Team Connector Expansion – Regional & Vendor Feeds	FEEDCONN-CERTBUND-02-001 … 02-008	Telemetry/docs (02-006) and history/locale sweep (02-007) completed alongside pipeline; runbook docs/modules/concelier/operations/connectors/certbund.md captures locale guidance and offline packaging.
Sprint 2	Connector & Data Implementation Wave	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Kisa/TASKS.md	DONE (2025-10-14)	Team Connector Expansion – Regional & Vendor Feeds	FEEDCONN-KISA-02-001 … 02-007	Connector, tests, and telemetry/docs (02-006) finalized; localisation notes in docs/dev/kisa_connector_notes.md complete rollout.
Sprint 2	Connector & Data Implementation Wave	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Ru.Bdu/TASKS.md	DONE (2025-10-14)	Team Connector Expansion – Regional & Vendor Feeds	FEEDCONN-RUBDU-02-001 … 02-008	Fetch/parser/mapper refinements, regression fixtures, telemetry/docs, access options, and trusted root packaging all landed; README documents offline access strategy.
Sprint 2	Connector & Data Implementation Wave	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Ru.Nkcki/TASKS.md	DONE (2025-10-13)	Team Connector Expansion – Regional & Vendor Feeds	FEEDCONN-NKCKI-02-001 … 02-008	Listing fetch, parser, mapper, fixtures, telemetry/docs, and archive plan finished; Mongo2Go/libcrypto dependency resolved via bundled OpenSSL noted in ops guide.
Sprint 2	Connector & Data Implementation Wave	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Ics.Cisa/TASKS.md	DONE (2025-10-16)	Team Connector Expansion – Regional & Vendor Feeds	FEEDCONN-ICSCISA-02-001 … 02-011	Feed parser attachment fixes, SemVer exact values, regression suites, telemetry/docs updates, and handover complete; ops runbook now details attachment verification + proxy usage.
Sprint 2	Connector & Data Implementation Wave	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Vndr.Cisco/TASKS.md	DONE (2025-10-14)	Team Connector Expansion – Regional & Vendor Feeds	FEEDCONN-CISCO-02-001 … 02-007	OAuth fetch pipeline, DTO/mapping, tests, and telemetry/docs shipped; monitoring/export integration follow-ups recorded in Ops docs and exporter backlog (completed).
Sprint 2	Connector & Data Implementation Wave	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Vndr.Msrc/TASKS.md	DONE (2025-10-15)	Team Connector Expansion – Regional & Vendor Feeds	FEEDCONN-MSRC-02-001 … 02-008	Azure AD onboarding (02-008) unblocked fetch/parse/map pipeline; fixtures, telemetry/docs, and Offline Kit guidance published in docs/modules/concelier/operations/connectors/msrc.md.
Sprint 2	Connector & Data Implementation Wave	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Cve/TASKS.md	DONE (2025-10-15)	Team Connector Support & Monitoring	FEEDCONN-CVE-02-001 … 02-002	CVE data-source selection, fetch pipeline, and docs landed 2025-10-10. 2025-10-15: smoke verified using the seeded mirror fallback; connector now logs a warning and pulls from seed-data/cve/ until live CVE Services credentials arrive.
Sprint 2	Connector & Data Implementation Wave	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Kev/TASKS.md	DONE (2025-10-12)	Team Connector Support & Monitoring	FEEDCONN-KEV-02-001 … 02-002	KEV catalog ingestion, fixtures, telemetry, and schema validation completed 2025-10-12; ops dashboard published.
Sprint 2	Connector & Data Implementation Wave	docs/TASKS.md	DONE (2025-10-11)	Team Docs & Knowledge Base	FEEDDOCS-DOCS-01-001	Canonical schema docs refresh Updated canonical schema + provenance guides with SemVer style, normalized version rules, decision reason change log, and migration notes.
Sprint 2	Connector & Data Implementation Wave	docs/TASKS.md	DONE (2025-10-11)	Team Docs & Knowledge Base	FEEDDOCS-DOCS-02-001	Concelier-SemVer Playbook Published merge playbook covering mapper patterns, dedupe flow, indexes, and rollout checklist.
Sprint 2	Connector & Data Implementation Wave	docs/TASKS.md	DONE (2025-10-11)	Team Docs & Knowledge Base	FEEDDOCS-DOCS-02-002	Normalized versions query guide Delivered Mongo index/query addendum with $unwind recipes, dedupe checks, and operational checklist. Instructions to work: DONE Read ./AGENTS.md and docs/AGENTS.md. Document every schema/index/query change produced in Sprint 1-2 leveraging ./src/FASTER_MODELING_AND_NORMALIZATION.md.
Sprint 3	Conflict Resolution Integration & Communications	src/Concelier/__Libraries/StellaOps.Concelier.Core/TASKS.md	DONE (2025-10-11)	Team Core Engine & Storage Analytics	FEEDCORE-ENGINE-03-001	Canonical merger implementation CanonicalMerger ships with freshness/tie-breaker logic, provenance, and unit coverage feeding Merge.
Sprint 3	Conflict Resolution Integration & Communications	src/Concelier/__Libraries/StellaOps.Concelier.Core/TASKS.md	DONE (2025-10-11)	Team Core Engine & Storage Analytics	FEEDCORE-ENGINE-03-002	Field precedence and tie-breaker map Field precedence tables and tie-breaker metrics wired into the canonical merge flow; docs/tests updated. Instructions to work: Read ./AGENTS.md and core AGENTS. Implement the conflict resolver exactly as specified in ./src/DEDUP_CONFLICTS_RESOLUTION_ALGO.md, coordinating with Merge and Storage teammates.
Sprint 3	Conflict Resolution Integration & Communications	src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo/TASKS.md	DONE (2025-10-11)	Team Core Engine & Storage Analytics	FEEDSTORAGE-DATA-03-001	Merge event provenance audit prep Merge events now persist fieldDecisions and analytics-ready provenance snapshots.
Sprint 3	Conflict Resolution Integration & Communications	src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo/TASKS.md	DONE (2025-10-11)	Team Core Engine & Storage Analytics	FEEDSTORAGE-DATA-02-001	Normalized range dual-write + backfill Dual-write/backfill flag delivered; migration + options validated in tests.
Sprint 3	Conflict Resolution Integration & Communications	src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo/TASKS.md	DONE (2025-10-11)	Team Core Engine & Storage Analytics	FEEDSTORAGE-TESTS-02-004	Restore AdvisoryStore build after normalized versions refactor Storage tests adjusted for normalized versions/decision reasons. Instructions to work: Read ./AGENTS.md and storage AGENTS. Extend merge events with decision reasons and analytics views to support the conflict rules, and deliver the dual-write/backfill for NormalizedVersions + decisionReason so connectors can roll out safely.
Sprint 3	Conflict Resolution Integration & Communications	src/Concelier/__Libraries/StellaOps.Concelier.Merge/TASKS.md	DONE (2025-10-11)	Team Merge & QA Enforcement	FEEDMERGE-ENGINE-04-001	GHSA/NVD/OSV conflict rules Merge pipeline consumes CanonicalMerger output prior to precedence merge.
Sprint 3	Conflict Resolution Integration & Communications	src/Concelier/__Libraries/StellaOps.Concelier.Merge/TASKS.md	DONE (2025-10-11)	Team Merge & QA Enforcement	FEEDMERGE-ENGINE-04-002	Override metrics instrumentation Merge events capture per-field decisions; counters/logs align with conflict rules.
Sprint 3	Conflict Resolution Integration & Communications	src/Concelier/__Libraries/StellaOps.Concelier.Merge/TASKS.md	DONE (2025-10-11)	Team Merge & QA Enforcement	FEEDMERGE-ENGINE-04-003	Reference & credit union pipeline Canonical merge preserves unions with updated tests.
Sprint 3	Conflict Resolution Integration & Communications	src/Concelier/__Libraries/StellaOps.Concelier.Merge/TASKS.md	DONE (2025-10-11)	Team Merge & QA Enforcement	FEEDMERGE-QA-04-001	End-to-end conflict regression suite Added regression tests (AdvisoryMergeServiceTests) covering canonical + precedence flow. Instructions to work: Read ./AGENTS.md and merge AGENTS. Integrate the canonical merger, instrument metrics, and deliver comprehensive regression tests following ./src/DEDUP_CONFLICTS_RESOLUTION_ALGO.md.
Sprint 3	Conflict Resolution Integration & Communications	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Ghsa/TASKS.md	DONE (2025-10-12)	Team Connector Regression Fixtures	FEEDCONN-GHSA-04-002	GHSA conflict regression fixtures
Sprint 3	Conflict Resolution Integration & Communications	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Nvd/TASKS.md	DONE (2025-10-12)	Team Connector Regression Fixtures	FEEDCONN-NVD-04-002	NVD conflict regression fixtures
Sprint 3	Conflict Resolution Integration & Communications	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Osv/TASKS.md	DONE (2025-10-12)	Team Connector Regression Fixtures	FEEDCONN-OSV-04-002	OSV conflict regression fixtures Instructions to work: Read ./AGENTS.md and module AGENTS. Produce fixture triples supporting the precedence/tie-breaker paths defined in ./src/DEDUP_CONFLICTS_RESOLUTION_ALGO.md and hand them to Merge QA.
Sprint 3	Conflict Resolution Integration & Communications	docs/TASKS.md	DONE (2025-10-11)	Team Documentation Guild – Conflict Guidance	FEEDDOCS-DOCS-05-001	Concelier Conflict Rules Runbook published at docs/modules/concelier/operations/conflict-resolution.md; metrics/log guidance aligned with Sprint 3 merge counters.
Sprint 3	Conflict Resolution Integration & Communications	docs/TASKS.md	DONE (2025-10-16)	Team Documentation Guild – Conflict Guidance	FEEDDOCS-DOCS-05-002	Conflict runbook ops rollout Ops review completed, alert thresholds applied, and change log appended in docs/modules/concelier/operations/conflict-resolution.md; task closed after connector signals verified.
Sprint 4	Schema Parity & Freshness Alignment	src/Concelier/__Libraries/StellaOps.Concelier.Models/TASKS.md	DONE (2025-10-15)	Team Models & Merge Leads	FEEDMODELS-SCHEMA-04-001	Advisory schema parity (description/CWE/canonical metric) Extend Advisory and related records with description text, CWE collection, and canonical metric pointer; refresh validation + serializer determinism tests.
Sprint 4	Schema Parity & Freshness Alignment	src/Concelier/__Libraries/StellaOps.Concelier.Core/TASKS.md	DONE (2025-10-15)	Team Core Engine & Storage Analytics	FEEDCORE-ENGINE-04-003	Canonical merger parity for new fields Teach CanonicalMerger to populate description, CWEResults, and canonical metric pointer with provenance + regression coverage.
Sprint 4	Schema Parity & Freshness Alignment	src/Concelier/__Libraries/StellaOps.Concelier.Core/TASKS.md	DONE (2025-10-15)	Team Core Engine & Storage Analytics	FEEDCORE-ENGINE-04-004	Reference normalization & freshness instrumentation cleanup Implement URL normalization for reference dedupe, align freshness-sensitive instrumentation, and add analytics tests.
Sprint 4	Schema Parity & Freshness Alignment	src/Concelier/__Libraries/StellaOps.Concelier.Merge/TASKS.md	DONE (2025-10-15)	Team Merge & QA Enforcement	FEEDMERGE-ENGINE-04-004	Merge pipeline parity for new advisory fields Ensure merge service + merge events surface description/CWE/canonical metric decisions with updated metrics/tests.
Sprint 4	Schema Parity & Freshness Alignment	src/Concelier/__Libraries/StellaOps.Concelier.Merge/TASKS.md	DONE (2025-10-15)	Team Merge & QA Enforcement	FEEDMERGE-ENGINE-04-005	Connector coordination for new advisory fields GHSA/NVD/OSV connectors now ship description, CWE, and canonical metric data with refreshed fixtures; merge coordination log updated and exporters notified.
Sprint 4	Schema Parity & Freshness Alignment	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Exporter.Json/TASKS.md	DONE (2025-10-15)	Team Exporters – JSON	FEEDEXPORT-JSON-04-001	Surface new advisory fields in JSON exporter Update schemas/offline bundle + fixtures once model/core parity lands. 2025-10-15: dotnet test src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Exporter.Json.Tests validated canonical metric/CWE emission.
Sprint 4	Schema Parity & Freshness Alignment	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Exporter.TrivyDb/TASKS.md	DONE (2025-10-15)	Team Exporters – Trivy DB	FEEDEXPORT-TRIVY-04-001	Propagate new advisory fields into Trivy DB package Extend Bolt builder, metadata, and regression tests for the expanded schema. 2025-10-15: dotnet test src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Exporter.TrivyDb.Tests confirmed canonical metric/CWE propagation.
Sprint 4	Schema Parity & Freshness Alignment	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Ghsa/TASKS.md	DONE (2025-10-16)	Team Connector Regression Fixtures	FEEDCONN-GHSA-04-004	Harden CVSS fallback so canonical metric ids persist when GitHub omits vectors; extend fixtures and document severity precedence hand-off to Merge.
Sprint 4	Schema Parity & Freshness Alignment	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Osv/TASKS.md	DONE (2025-10-16)	Team Connector Expansion – GHSA/NVD/OSV	FEEDCONN-OSV-04-005	Map OSV advisories lacking CVSS vectors to canonical metric ids/notes and document CWE provenance quirks; schedule parity fixture updates.
Sprint 5	Excititor Core Foundations	src/Excititor/__Libraries/StellaOps.Excititor.Core/TASKS.md	DONE (2025-10-15)	Team Excititor Core & Policy	EXCITITOR-CORE-01-001	Stand up canonical VEX claim/consensus records with deterministic serializers so Storage/Exports share a stable contract.
Sprint 5	Excititor Core Foundations	src/Excititor/__Libraries/StellaOps.Excititor.Core/TASKS.md	DONE (2025-10-15)	Team Excititor Core & Policy	EXCITITOR-CORE-01-002	Implement trust-weighted consensus resolver with baseline policy weights, justification gates, telemetry output, and majority/tie handling.
Sprint 5	Excititor Core Foundations	src/Excititor/__Libraries/StellaOps.Excititor.Core/TASKS.md	DONE (2025-10-15)	Team Excititor Core & Policy	EXCITITOR-CORE-01-003	Publish shared connector/exporter/attestation abstractions and deterministic query signature utilities for cache/attestation workflows.
Sprint 5	Excititor Core Foundations	src/Excititor/__Libraries/StellaOps.Excititor.Policy/TASKS.md	DONE (2025-10-15)	Team Excititor Policy	EXCITITOR-POLICY-01-001	Established policy options & snapshot provider covering baseline weights/overrides.
Sprint 5	Excititor Core Foundations	src/Excititor/__Libraries/StellaOps.Excititor.Policy/TASKS.md	DONE (2025-10-15)	Team Excititor Policy	EXCITITOR-POLICY-01-002	Policy evaluator now feeds consensus resolver with immutable snapshots.
Sprint 5	Excititor Core Foundations	src/Excititor/__Libraries/StellaOps.Excititor.Policy/TASKS.md	DONE (2025-10-16)	Team Excititor Policy	EXCITITOR-POLICY-01-003	Author policy diagnostics, CLI/WebService surfacing, and documentation updates.
Sprint 5	Excititor Core Foundations	src/Excititor/__Libraries/StellaOps.Excititor.Policy/TASKS.md	DONE (2025-10-16)	Team Excititor Policy	EXCITITOR-POLICY-01-004	Implement YAML/JSON schema validation and deterministic diagnostics for operator bundles.
Sprint 5	Excititor Core Foundations	src/Excititor/__Libraries/StellaOps.Excititor.Policy/TASKS.md	DONE (2025-10-16)	Team Excititor Policy	EXCITITOR-POLICY-01-005	Add policy change tracking, snapshot digests, and telemetry/logging hooks.
Sprint 5	Excititor Core Foundations	src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo/TASKS.md	DONE (2025-10-15)	Team Excititor Storage	EXCITITOR-STORAGE-01-001	Mongo mapping registry plus raw/export entities and DI extensions in place.
Sprint 5	Excititor Core Foundations	src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo/TASKS.md	DONE (2025-10-16)	Team Excititor Storage	EXCITITOR-STORAGE-01-004	Build provider/consensus/cache class maps and related collections.
Sprint 5	Excititor Core Foundations	src/Excititor/__Libraries/StellaOps.Excititor.Export/TASKS.md	DONE (2025-10-15)	Team Excititor Export	EXCITITOR-EXPORT-01-001	Export engine delivers cache lookup, manifest creation, and policy integration.
Sprint 5	Excititor Core Foundations	src/Excititor/__Libraries/StellaOps.Excititor.Export/TASKS.md	DONE (2025-10-17)	Team Excititor Export	EXCITITOR-EXPORT-01-004	Connect export engine to attestation client and persist Rekor metadata.
Sprint 5	Excititor Core Foundations	src/Excititor/__Libraries/StellaOps.Excititor.Attestation/TASKS.md	DONE (2025-10-16)	Team Excititor Attestation	EXCITITOR-ATTEST-01-001	Implement in-toto predicate + DSSE builder providing envelopes for export attestation.
Sprint 5	Excititor Core Foundations	src/Excititor/__Libraries/StellaOps.Excititor.Connectors.Abstractions/TASKS.md	DONE (2025-10-17)	Team Excititor Connectors	EXCITITOR-CONN-ABS-01-001	Deliver shared connector context/base classes so provider plug-ins can be activated via WebService/Worker.
Sprint 5	Excititor Core Foundations	src/Excititor/StellaOps.Excititor.WebService/TASKS.md	DONE (2025-10-17)	Team Excititor WebService	EXCITITOR-WEB-01-001	Scaffold minimal API host, DI, and /excititor/status endpoint integrating policy, storage, export, and attestation services.
Sprint 6	Excititor Ingest & Formats	src/Excititor/StellaOps.Excititor.Worker/TASKS.md	DONE (2025-10-17)	Team Excititor Worker	EXCITITOR-WORKER-01-001	Create Worker host with provider scheduling and logging to drive recurring pulls/reconciliation.
Sprint 6	Excititor Ingest & Formats	src/Excititor/__Libraries/StellaOps.Excititor.Formats.CSAF/TASKS.md	DONE (2025-10-17)	Team Excititor Formats	EXCITITOR-FMT-CSAF-01-001	Implement CSAF normalizer foundation translating provider documents into VexClaim entries.
Sprint 6	Excititor Ingest & Formats	src/Excititor/__Libraries/StellaOps.Excititor.Formats.CycloneDX/TASKS.md	DONE (2025-10-17)	Team Excititor Formats	EXCITITOR-FMT-CYCLONE-01-001	Implement CycloneDX VEX normalizer capturing analysis state and component references.
Sprint 6	Excititor Ingest & Formats	src/Excititor/__Libraries/StellaOps.Excititor.Formats.OpenVEX/TASKS.md	DONE (2025-10-17)	Team Excititor Formats	EXCITITOR-FMT-OPENVEX-01-001	Implement OpenVEX normalizer to ingest attestations into canonical claims with provenance.
Sprint 6	Excititor Ingest & Formats	src/Excititor/__Libraries/StellaOps.Excititor.Connectors.RedHat.CSAF/TASKS.md	DONE (2025-10-17)	Team Excititor Connectors – Red Hat	EXCITITOR-CONN-RH-01-001	Ship Red Hat CSAF provider metadata discovery enabling incremental pulls.
Sprint 6	Excititor Ingest & Formats	src/Excititor/__Libraries/StellaOps.Excititor.Connectors.RedHat.CSAF/TASKS.md	DONE (2025-10-17)	Team Excititor Connectors – Red Hat	EXCITITOR-CONN-RH-01-002	Fetch CSAF windows with ETag handling, resume tokens, quarantine on schema errors, and persist raw docs.
Sprint 6	Excititor Ingest & Formats	src/Excititor/__Libraries/StellaOps.Excititor.Connectors.RedHat.CSAF/TASKS.md	DONE (2025-10-17)	Team Excititor Connectors – Red Hat	EXCITITOR-CONN-RH-01-003	Populate provider trust overrides (cosign issuer, identity regex) and provenance hints for policy evaluation/logging.
Sprint 6	Excititor Ingest & Formats	src/Excititor/__Libraries/StellaOps.Excititor.Connectors.RedHat.CSAF/TASKS.md	DONE (2025-10-17)	Team Excititor Connectors – Red Hat	EXCITITOR-CONN-RH-01-004	Persist resume cursors (last updated timestamp/document hashes) in storage and reload during fetch to avoid duplicates.
Sprint 6	Excititor Ingest & Formats	src/Excititor/__Libraries/StellaOps.Excititor.Connectors.RedHat.CSAF/TASKS.md	DONE (2025-10-17)	Team Excititor Connectors – Red Hat	EXCITITOR-CONN-RH-01-005	Register connector in Worker/WebService DI, add scheduled jobs, and document CLI triggers for Red Hat CSAF pulls.
Sprint 6	Excititor Ingest & Formats	src/Excititor/__Libraries/StellaOps.Excititor.Connectors.RedHat.CSAF/TASKS.md	DONE (2025-10-17)	Team Excititor Connectors – Red Hat	EXCITITOR-CONN-RH-01-006	Add CSAF normalization parity fixtures ensuring RHSA-specific metadata is preserved.
Sprint 6	Excititor Ingest & Formats	src/Excititor/__Libraries/StellaOps.Excititor.Connectors.Cisco.CSAF/TASKS.md	DONE (2025-10-17)	Team Excititor Connectors – Cisco	EXCITITOR-CONN-CISCO-01-001	Implement Cisco CSAF endpoint discovery/auth to unlock paginated pulls.
Sprint 6	Excititor Ingest & Formats	src/Excititor/__Libraries/StellaOps.Excititor.Connectors.Cisco.CSAF/TASKS.md	DONE (2025-10-17)	Team Excititor Connectors – Cisco	EXCITITOR-CONN-CISCO-01-002	Implement Cisco CSAF paginated fetch loop with dedupe and raw persistence support.
Sprint 6	Excititor Ingest & Formats	src/Excititor/__Libraries/StellaOps.Excititor.Connectors.SUSE.RancherVEXHub/TASKS.md	DONE (2025-10-17)	Team Excititor Connectors – SUSE	EXCITITOR-CONN-SUSE-01-001	Build Rancher VEX Hub discovery/subscription path with offline snapshot support.
Sprint 6	Excititor Ingest & Formats	src/Excititor/__Libraries/StellaOps.Excititor.Connectors.MSRC.CSAF/TASKS.md	DONE (2025-10-17)	Team Excititor Connectors – MSRC	EXCITITOR-CONN-MS-01-001	Deliver AAD onboarding/token cache for MSRC CSAF ingestion.
Sprint 6	Excititor Ingest & Formats	src/Excititor/__Libraries/StellaOps.Excititor.Connectors.Oracle.CSAF/TASKS.md	DONE (2025-10-17)	Team Excititor Connectors – Oracle	EXCITITOR-CONN-ORACLE-01-001	Implement Oracle CSAF catalogue discovery with CPU calendar awareness.
Sprint 6	Excititor Ingest & Formats	src/Excititor/__Libraries/StellaOps.Excititor.Connectors.Ubuntu.CSAF/TASKS.md	DONE (2025-10-17)	Team Excititor Connectors – Ubuntu	EXCITITOR-CONN-UBUNTU-01-001	Implement Ubuntu CSAF discovery and channel selection for USN ingestion.
Sprint 6	Excititor Ingest & Formats	src/Excititor/__Libraries/StellaOps.Excititor.Connectors.OCI.OpenVEX.Attest/TASKS.md	DONE (2025-10-18)	Team Excititor Connectors – OCI	EXCITITOR-CONN-OCI-01-001	Wire OCI discovery/auth to fetch OpenVEX attestations for configured images.
Sprint 6	Excititor Ingest & Formats	src/Excititor/__Libraries/StellaOps.Excititor.Connectors.OCI.OpenVEX.Attest/TASKS.md	DONE (2025-10-18)	Team Excititor Connectors – OCI	EXCITITOR-CONN-OCI-01-002	Attestation fetch & verify loop – download DSSE attestations, trigger verification, handle retries/backoff, persist raw statements.
Sprint 6	Excititor Ingest & Formats	src/Excititor/__Libraries/StellaOps.Excititor.Connectors.OCI.OpenVEX.Attest/TASKS.md	DONE (2025-10-18)	Team Excititor Connectors – OCI	EXCITITOR-CONN-OCI-01-003	Provenance metadata & policy hooks – emit image, subject digest, issuer, and trust metadata for policy weighting/logging.
Sprint 6	Excititor Ingest & Formats	src/Cli/StellaOps.Cli/TASKS.md	DONE (2025-10-18)	DevEx/CLI	EXCITITOR-CLI-01-001	Add excititor CLI verbs bridging to WebService with consistent auth and offline UX.
Sprint 7	Contextual Truth Foundations	src/Excititor/__Libraries/StellaOps.Excititor.Core/TASKS.md	DONE (2025-10-19)	Team Excititor Core & Policy	EXCITITOR-CORE-02-001	Context signal schema prep – extend consensus models with severity/KEV/EPSS fields and update canonical serializers.
Sprint 7	Contextual Truth Foundations	src/Excititor/__Libraries/StellaOps.Excititor.Policy/TASKS.md	DONE (2025-10-19)	Team Excititor Policy	EXCITITOR-POLICY-02-001	Scoring coefficients & weight ceilings – add α/β options, weight boosts, and validation guidance.
Sprint 7	Contextual Truth Foundations	src/Excititor/__Libraries/StellaOps.Excititor.Attestation/TASKS.md	DONE (2025-10-16)	Team Excititor Attestation	EXCITITOR-ATTEST-01-002	Rekor v2 client integration – ship transparency log client with retries and offline queue.
Sprint 9	Scanner Core Foundations	src/Scanner/__Libraries/StellaOps.Scanner.Core/TASKS.md	DONE (2025-10-18)	Team Scanner Core	SCANNER-CORE-09-501	Define shared DTOs (ScanJob, ProgressEvent), error taxonomy, and deterministic ID/timestamp helpers aligning with modules/scanner/architecture.md §3–§4.
Sprint 9	Scanner Core Foundations	src/Scanner/__Libraries/StellaOps.Scanner.Core/TASKS.md	DONE (2025-10-18)	Team Scanner Core	SCANNER-CORE-09-502	Observability helpers (correlation IDs, logging scopes, metric namespacing, deterministic hashes) consumed by WebService/Worker.
Sprint 9	Scanner Core Foundations	src/Scanner/__Libraries/StellaOps.Scanner.Core/TASKS.md	DONE (2025-10-18)	Team Scanner Core	SCANNER-CORE-09-503	Security utilities: Authority client factory, OpTok caching, DPoP verifier, restart-time plug-in guardrails for scanner components.
Sprint 9	Scanner Build-time	src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin/TASKS.md	DONE (2025-10-19)	BuildX Guild	SP9-BLDX-09-001	Buildx driver scaffold + handshake with Scanner.Emit (local CAS).
Sprint 9	Scanner Build-time	src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin/TASKS.md	DONE (2025-10-19)	BuildX Guild	SP9-BLDX-09-002	OCI annotations + provenance hand-off to Attestor.
Sprint 9	Scanner Build-time	src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin/TASKS.md	DONE (2025-10-19)	BuildX Guild	SP9-BLDX-09-003	CI demo: minimal SBOM push & backend report wiring.
Sprint 9	Scanner Build-time	src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin/TASKS.md	DONE (2025-10-19)	BuildX Guild	SP9-BLDX-09-004	Stabilize descriptor nonce derivation so repeated builds emit deterministic placeholders.
Sprint 9	Scanner Build-time	src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin/TASKS.md	DONE (2025-10-19)	BuildX Guild	SP9-BLDX-09-005	Integrate determinism guard into GitHub/Gitea workflows and archive proof artifacts.
Sprint 9	Scanner Core Foundations	src/Scanner/StellaOps.Scanner.WebService/TASKS.md	DONE (2025-10-18)	Team Scanner WebService	SCANNER-WEB-09-101	Minimal API host with Authority enforcement, health/ready endpoints, and restart-time plug-in loader per architecture §1, §4.
Sprint 9	Scanner Core Foundations	src/Scanner/StellaOps.Scanner.WebService/TASKS.md	DONE (2025-10-18)	Team Scanner WebService	SCANNER-WEB-09-102	/api/v1/scans submission/status endpoints with deterministic IDs, validation, and cancellation support.
Sprint 9	Scanner Core Foundations	src/Scanner/StellaOps.Scanner.WebService/TASKS.md	DONE (2025-10-19)	Team Scanner WebService	SCANNER-WEB-09-104	Configuration binding for Mongo, MinIO, queue, feature flags; startup diagnostics and fail-fast policy.
Sprint 9	Scanner Core Foundations	src/Scanner/StellaOps.Scanner.Worker/TASKS.md	DONE (2025-10-19)	Team Scanner Worker	SCANNER-WORKER-09-201	Worker host bootstrap with Authority auth, hosted services, and graceful shutdown semantics.
Sprint 9	Scanner Core Foundations	src/Scanner/StellaOps.Scanner.Worker/TASKS.md	DONE (2025-10-19)	Team Scanner Worker	SCANNER-WORKER-09-202	Lease/heartbeat loop with retry+jitter, poison-job quarantine, structured logging.
Sprint 9	Scanner Core Foundations	src/Scanner/StellaOps.Scanner.Worker/TASKS.md	DONE (2025-10-19)	Team Scanner Worker	SCANNER-WORKER-09-203	Analyzer dispatch skeleton emitting deterministic stage progress and honoring cancellation tokens.
Sprint 9	Scanner Core Foundations	src/Scanner/StellaOps.Scanner.Worker/TASKS.md	DONE (2025-10-19)	Team Scanner Worker	SCANNER-WORKER-09-204	Worker metrics (queue latency, stage duration, failure counts) with OpenTelemetry resource wiring.
Sprint 9	Scanner Core Foundations	src/Scanner/StellaOps.Scanner.Worker/TASKS.md	DONE (2025-10-19)	Team Scanner Worker	SCANNER-WORKER-09-205	Harden heartbeat jitter so lease safety margin stays ≥3× and cover with regression tests + optional live queue smoke run.
Sprint 9	Policy Foundations	src/Policy/__Libraries/StellaOps.Policy/TASKS.md	DONE	Policy Guild	POLICY-CORE-09-001	Policy schema + binder + diagnostics.
Sprint 9	Policy Foundations	src/Policy/__Libraries/StellaOps.Policy/TASKS.md	DONE	Policy Guild	POLICY-CORE-09-002	Policy snapshot store + revision digests.
Sprint 9	Policy Foundations	src/Policy/__Libraries/StellaOps.Policy/TASKS.md	DONE	Policy Guild	POLICY-CORE-09-003	/policy/preview API (image digest → projected verdict diff).
Sprint 9	DevOps Foundations	ops/devops/TASKS.md	DONE (2025-10-19)	DevOps Guild	DEVOPS-HELM-09-001	Helm/Compose environment profiles (dev/staging/airgap) with deterministic digests.
Sprint 9	Docs & Governance	docs/TASKS.md	DONE (2025-10-19)	Docs Guild, DevEx	DOCS-ADR-09-001	Establish ADR process and template.
Sprint 9	Docs & Governance	docs/TASKS.md	DONE (2025-10-19)	Docs Guild, Platform Events	DOCS-EVENTS-09-002	Publish event schema catalog (docs/events/) for critical envelopes.
Sprint 9	Scanner Core Foundations	src/Scanner/__Libraries/StellaOps.Scanner.Storage/TASKS.md	DONE (2025-10-19)	Team Scanner Storage	SCANNER-STORAGE-09-301	Mongo catalog schemas/indexes for images, layers, artifacts, jobs, lifecycle rules plus migrations.
Sprint 9	Scanner Core Foundations	src/Scanner/__Libraries/StellaOps.Scanner.Storage/TASKS.md	DONE (2025-10-19)	Team Scanner Storage	SCANNER-STORAGE-09-302	MinIO layout, immutability policies, client abstraction, and configuration binding.
Sprint 9	Scanner Core Foundations	src/Scanner/__Libraries/StellaOps.Scanner.Storage/TASKS.md	DONE (2025-10-19)	Team Scanner Storage	SCANNER-STORAGE-09-303	Repositories/services with dual-write feature flag, deterministic digests, TTL enforcement tests.
Sprint 9	Scanner Core Foundations	src/Scanner/__Libraries/StellaOps.Scanner.Queue/TASKS.md	DONE (2025-10-19)	Team Scanner Queue	SCANNER-QUEUE-09-401	Queue abstraction + Redis Streams adapter with ack/claim APIs and idempotency tokens.
Sprint 9	Scanner Core Foundations	src/Scanner/__Libraries/StellaOps.Scanner.Queue/TASKS.md	DONE (2025-10-19)	Team Scanner Queue	SCANNER-QUEUE-09-402	Pluggable backend support (Redis, NATS) with configuration binding, health probes, failover docs.
Sprint 9	Scanner Core Foundations	src/Scanner/__Libraries/StellaOps.Scanner.Queue/TASKS.md	DONE (2025-10-19)	Team Scanner Queue	SCANNER-QUEUE-09-403	Retry + dead-letter strategy with structured logs/metrics for offline deployments.
Sprint 1	Stabilize In-Progress Foundations	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Ghsa/TASKS.md	DONE (2025-10-12)	Team Connector Normalized Versions Rollout	FEEDCONN-GHSA-02-001	GHSA normalized versions & provenance Team instructions: Read ./AGENTS.md and each module's AGENTS file. Adopt the NormalizedVersions array emitted by the models sprint, wiring provenance decisionReason where merge overrides occur. Follow ./src/FASTER_MODELING_AND_NORMALIZATION.md; report via src/Concelier/__Libraries/StellaOps.Concelier.Merge/TASKS.md (FEEDMERGE-COORD-02-900). Progress 2025-10-11: GHSA/OSV emit normalized arrays with refreshed fixtures; CVE mapper now surfaces SemVer normalized ranges; NVD/KEV adoption pending; outstanding follow-ups include FEEDSTORAGE-DATA-02-001, FEEDMERGE-ENGINE-02-002, and rolling src/Tools/FixtureUpdater updates across connectors. Progress 2025-10-20: Coordination matrix + rollout dashboard refreshed; upcoming deadlines tracked (Cccs/Cisco 2025-10-21, CertBund 2025-10-22, ICS-CISA 2025-10-23, KISA 2025-10-24) with escalation path documented in FEEDMERGE-COORD-02-900.
Sprint 1	Stabilize In-Progress Foundations	src/Concelier/StellaOps.Concelier.WebService/TASKS.md	DONE (2025-10-19)	Team WebService & Authority	FEEDWEB-OPS-01-006	Rename plugin drop directory to namespaced path Build outputs now point at StellaOps.Concelier.PluginBinaries/StellaOps.Authority.PluginBinaries; defaults/docs/tests updated to reflect the new layout.
Sprint 7	Contextual Truth Foundations	src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo/TASKS.md	DONE (2025-10-19)	Team Excititor Storage	EXCITITOR-STORAGE-02-001	Statement events & scoring signals – immutable VEX statements store, consensus signal fields, and migration 20251019-consensus-signals-statements with tests (dotnet test src/Excititor/__Tests/StellaOps.Excititor.Core.Tests/StellaOps.Excititor.Core.Tests.csproj, dotnet test src/Excititor/__Tests/StellaOps.Excititor.Storage.Mongo.Tests/StellaOps.Excititor.Storage.Mongo.Tests.csproj).
Sprint 7	Contextual Truth Foundations	src/Concelier/__Libraries/StellaOps.Concelier.Core/TASKS.md	DONE (2025-10-19)	Team Core Engine & Storage Analytics	FEEDCORE-ENGINE-07-001	Advisory event log & asOf queries – surface immutable statements and replay capability.
Sprint 7	Contextual Truth Foundations	src/Concelier/StellaOps.Concelier.WebService/TASKS.md	DONE (2025-10-19)	Concelier WebService Guild	FEEDWEB-EVENTS-07-001	Advisory event replay API – expose /concelier/advisories/{key}/replay with asOf filter, hex hashes, and conflict data.
Sprint 7	Contextual Truth Foundations	src/Concelier/__Libraries/StellaOps.Concelier.Merge/TASKS.md	DONE (2025-10-20)	BE-Merge	FEEDMERGE-ENGINE-07-001	Conflict sets & explainers – persist conflict materialization and replay hashes for merge decisions.
Sprint 8	Mongo strengthening	src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo/TASKS.md	DONE (2025-10-19)	Team Normalization & Storage Backbone	FEEDSTORAGE-MONGO-08-001	Causal-consistent Concelier storage sessions Scoped session facilitator registered, repositories accept optional session handles, and replica-set failover tests verify read-your-write + monotonic reads.
Sprint 8	Mongo strengthening	src/Authority/StellaOps.Authority/TASKS.md	DONE (2025-10-19)	Authority Core & Storage Guild	AUTHSTORAGE-MONGO-08-001	Harden Authority Mongo usage Scoped Mongo sessions with majority read/write concerns wired through stores and GraphQL/HTTP pipelines; replica-set election regression validated.
Sprint 8	Mongo strengthening	src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo/TASKS.md	DONE (2025-10-19)	Team Excititor Storage	EXCITITOR-STORAGE-MONGO-08-001	Causal consistency for Excititor repositories Session-scoped repositories shipped with new Mongo records, orchestrators/workers now share scoped sessions, and replica-set failover coverage added via dotnet test src/Excititor/__Tests/StellaOps.Excititor.Storage.Mongo.Tests/StellaOps.Excititor.Storage.Mongo.Tests.csproj.
Sprint 8	Platform Maintenance	src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo/TASKS.md	DONE (2025-10-19)	Team Excititor Storage	EXCITITOR-STORAGE-03-001	Statement backfill tooling – shipped admin backfill endpoint, CLI hook (stellaops excititor backfill-statements), integration tests, and operator runbook (docs/dev/EXCITITOR_STATEMENT_BACKFILL.md).
Sprint 8	Mirror Distribution	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Exporter.Json/TASKS.md	DONE (2025-10-19)	Concelier Export Guild	CONCELIER-EXPORT-08-201	Mirror bundle + domain manifest – produce signed JSON aggregates for *.stella-ops.org mirrors.
Sprint 8	Mirror Distribution	src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Exporter.TrivyDb/TASKS.md	DONE (2025-10-19)	Concelier Export Guild	CONCELIER-EXPORT-08-202	Mirror-ready Trivy DB bundles – mirror options emit per-domain manifests/metadata/db archives with deterministic digests for downstream sync.
Sprint 8	Mirror Distribution	src/Concelier/StellaOps.Concelier.WebService/TASKS.md	DONE (2025-10-20)	Concelier WebService Guild	CONCELIER-WEB-08-201	Mirror distribution endpoints – expose domain-scoped index/download APIs with auth/quota.
Sprint 8	Mirror Distribution	ops/devops/TASKS.md	DONE (2025-10-19)	DevOps Guild	DEVOPS-MIRROR-08-001	Managed mirror deployments for *.stella-ops.org – Helm/Compose overlays, CDN, runbooks.
Sprint 8	Plugin Infrastructure	src/__Libraries/StellaOps.Plugin/TASKS.md	DONE (2025-10-20)	Plugin Platform Guild, Authority Core	PLUGIN-DI-08-003	Refactor Authority identity-provider registry to resolve scoped plugin services on-demand. Introduce factory pattern aligned with scoped lifetimes decided in coordination workshop.
Sprint 8	Plugin Infrastructure	src/__Libraries/StellaOps.Plugin/TASKS.md	DONE (2025-10-20)	Plugin Platform Guild, Authority Core	PLUGIN-DI-08-004	Update Authority plugin loader to activate registrars with DI support and scoped service awareness. Add two-phase initialization allowing scoped dependencies post-container build.
Sprint 8	Plugin Infrastructure	src/__Libraries/StellaOps.Plugin/TASKS.md	DONE (2025-10-20)	Plugin Platform Guild, Authority Core	PLUGIN-DI-08-005	Provide scoped-safe bootstrap execution for Authority plugins. Implement scope-per-run pattern for hosted bootstrap tasks and document migration guidance.
Sprint 10	DevOps Security	ops/devops/TASKS.md	DONE (2025-10-20)	DevOps Guild	DEVOPS-SEC-10-301	Address NU1902/NU1903 advisories for MongoDB.Driver 2.12.0 and SharpCompress 0.23.0; Wave 0A prerequisites confirmed complete before remediation work.
Sprint 11	Signing Chain Bring-up	src/Authority/StellaOps.Authority/TASKS.md	DONE (2025-10-20)	Authority Core & Security Guild	AUTH-DPOP-11-001	Implement DPoP proof validation + nonce handling for high-value audiences per architecture.
Sprint 15	Notify Foundations	src/Notify/StellaOps.Notify.WebService/TASKS.md	DONE (2025-10-19)	Notify WebService Guild	NOTIFY-WEB-15-103	Delivery history & test-send endpoints.
Sprint 15	Notify Foundations	src/Notify/__Libraries/StellaOps.Notify.Connectors.Slack/TASKS.md	DONE (2025-10-20)	Notify Connectors Guild	NOTIFY-CONN-SLACK-15-502	Slack health/test-send support.
Sprint 15	Notify Foundations	src/Notify/__Libraries/StellaOps.Notify.Connectors.Teams/TASKS.md	DONE (2025-10-20)	Notify Connectors Guild	NOTIFY-CONN-TEAMS-15-602	Teams health/test-send support.
Sprint 15	Notify Foundations	src/Notify/__Libraries/StellaOps.Notify.Connectors.Teams/TASKS.md	DONE (2025-10-20)	Notify Connectors Guild	NOTIFY-CONN-TEAMS-15-604	Teams health endpoint metadata alignment.
Sprint 15	Notify Foundations	src/Notify/__Libraries/StellaOps.Notify.Connectors.Slack/TASKS.md	DONE (2025-10-20)	Notify Connectors Guild	NOTIFY-CONN-SLACK-15-503	Package Slack connector as restart-time plug-in (manifest + host registration).
Sprint 15	Notify Foundations	src/Notify/__Libraries/StellaOps.Notify.Connectors.Teams/TASKS.md	DONE (2025-10-20)	Notify Connectors Guild	NOTIFY-CONN-TEAMS-15-603	Package Teams connector as restart-time plug-in (manifest + host registration).
Sprint 15	Notify Foundations	src/Notify/__Libraries/StellaOps.Notify.Connectors.Email/TASKS.md	DONE (2025-10-20)	Notify Connectors Guild	NOTIFY-CONN-EMAIL-15-703	Package Email connector as restart-time plug-in (manifest + host registration).
Sprint 15	Notify Foundations	src/Scanner/StellaOps.Scanner.WebService/TASKS.md	DONE (2025-10-20)	Scanner WebService Guild	SCANNER-EVENTS-15-201	Emit scanner.report.ready + scanner.scan.completed events.
Sprint 15	Notify Foundations	src/Notify/__Libraries/StellaOps.Notify.Connectors.Webhook/TASKS.md	DONE (2025-10-20)	Notify Connectors Guild	NOTIFY-CONN-WEBHOOK-15-803	Package Webhook connector as restart-time plug-in (manifest + host registration).
Sprint 16	Scheduler Intelligence	src/Scheduler/__Libraries/StellaOps.Scheduler.Models/TASKS.md	DONE (2025-10-20)	Scheduler Models Guild	SCHED-MODELS-16-103	Versioning/migration helpers for schedules/runs.
Sprint 16	Scheduler Intelligence	src/Scheduler/__Libraries/StellaOps.Scheduler.Queue/TASKS.md	DONE (2025-10-20)	Scheduler Queue Guild	SCHED-QUEUE-16-401	Queue abstraction + Redis Streams adapter.
Sprint 16	Scheduler Intelligence	src/Scheduler/__Libraries/StellaOps.Scheduler.Queue/TASKS.md	DONE (2025-10-20)	Scheduler Queue Guild	SCHED-QUEUE-16-402	NATS JetStream adapter with health probes.
Sprint 16	Scheduler Intelligence	src/Scheduler/__Libraries/StellaOps.Scheduler.ImpactIndex/TASKS.md	DONE (2025-10-20)	Scheduler ImpactIndex Guild	SCHED-IMPACT-16-300	STUB ImpactIndex ingest/query using fixtures (to be removed by SP16 completion).
This file describe implementation of Stella Ops (docs/README.md). Implementation must respect rules from AGENTS.md (read if you have not).

Sprint	Theme	Tasks File Path	Status	Type of Specialist	Task ID	Task Description
Sprint 7	Contextual Truth Foundations	docs/TASKS.md	DONE (2025-10-22)	Docs Guild, Concelier WebService	DOCS-CONCELIER-07-201	Final editorial review and publish pass for Concelier authority toggle documentation (Quickstart + operator guide).
Sprint 7	Contextual Truth Foundations	src/Excititor/StellaOps.Excititor.WebService/TASKS.md	DONE (2025-10-20)	Team Excititor WebService	EXCITITOR-WEB-01-002	Ingest & reconcile endpoints – scope-enforced /excititor/init, /excititor/ingest/run, /excititor/ingest/resume, /excititor/reconcile; regression via dotnet test … --filter FullyQualifiedName~IngestEndpointsTests.
Sprint 7	Contextual Truth Foundations	src/Excititor/StellaOps.Excititor.WebService/TASKS.md	DONE (2025-10-20)	Team Excititor WebService	EXCITITOR-WEB-01-004	Resolve API & signed responses – expose /excititor/resolve, return signed consensus/score envelopes, document auth.
Sprint 7	Contextual Truth Foundations	src/Excititor/StellaOps.Excititor.Worker/TASKS.md	DONE (2025-10-21)	Team Excititor Worker	EXCITITOR-WORKER-01-004	TTL refresh & stability damper – schedule re-resolve loops and guard against status flapping.
Sprint 7	Contextual Truth Foundations	src/Concelier/__Libraries/StellaOps.Concelier.Core/TASKS.md	DONE (2025-10-21)	Team Core Engine & Data Science	FEEDCORE-ENGINE-07-002	Noise prior computation service – learn false-positive priors and expose deterministic summaries.
Sprint 7	Contextual Truth Foundations	src/Concelier/__Libraries/StellaOps.Concelier.Core/TASKS.md	DONE (2025-10-21)	Team Core Engine & Storage Analytics	FEEDCORE-ENGINE-07-003	Unknown state ledger & confidence seeding – persist unknown flags, seed confidence bands, expose query surface.
Sprint 7	Contextual Truth Foundations	src/Excititor/StellaOps.Excititor.WebService/TASKS.md	DONE (2025-10-19)	Team Excititor WebService	EXCITITOR-WEB-01-005	Mirror distribution endpoints – expose download APIs for downstream Excititor instances.
Sprint 7	Contextual Truth Foundations	src/Excititor/__Libraries/StellaOps.Excititor.Export/TASKS.md	DONE (2025-10-21)	Team Excititor Export	EXCITITOR-EXPORT-01-005	Score & resolve envelope surfaces – include signed consensus/score artifacts in exports.
Sprint 7	Contextual Truth Foundations	src/Excititor/__Libraries/StellaOps.Excititor.Export/TASKS.md	DONE (2025-10-21)	Team Excititor Export	EXCITITOR-EXPORT-01-006	Quiet provenance packaging – attach quieted-by statement IDs, signers, justification codes to exports and attestations.
Sprint 7	Contextual Truth Foundations	src/Excititor/__Libraries/StellaOps.Excititor.Export/TASKS.md	DONE (2025-10-21)	Team Excititor Export	EXCITITOR-EXPORT-01-007	Mirror bundle + domain manifest – publish signed consensus bundles for mirrors.
Sprint 7	Contextual Truth Foundations	src/Excititor/StellaOps.Excititor.Connectors.StellaOpsMirror/TASKS.md	DONE (2025-10-21)	Excititor Connectors – Stella	EXCITITOR-CONN-STELLA-07-001	Excititor mirror connector – ingest signed mirror bundles and map to VexClaims with resume handling.
Sprint 7	Contextual Truth Foundations	src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo/TASKS.md	DONE (2025-10-19)	Team Normalization & Storage Backbone	FEEDSTORAGE-DATA-07-001	Advisory statement & conflict collections – provision Mongo schema/indexes for event-sourced merge.
Sprint 7	Contextual Truth Foundations	src/Web/StellaOps.Web/TASKS.md	DONE (2025-10-21)	UX Specialist, Angular Eng	WEB1.TRIVY-SETTINGS-TESTS	Add headless UI test run (ng test --watch=false) and document prerequisites once Angular tooling is chained up.
Sprint 8	Mirror Distribution	src/Concelier/__Libraries/StellaOps.Concelier.Connector.StellaOpsMirror/TASKS.md	DONE (2025-10-20)	BE-Conn-Stella	FEEDCONN-STELLA-08-001	Concelier mirror connector – fetch mirror manifest, verify signatures, and hydrate canonical DTOs with resume support.
Sprint 8	Mirror Distribution	src/Concelier/__Libraries/StellaOps.Concelier.Connector.StellaOpsMirror/TASKS.md	DONE (2025-10-20)	BE-Conn-Stella	FEEDCONN-STELLA-08-002	Map mirror payloads into canonical advisory DTOs with provenance referencing mirror domain + original source metadata.
Sprint 8	Mirror Distribution	src/Concelier/__Libraries/StellaOps.Concelier.Connector.StellaOpsMirror/TASKS.md	DONE (2025-10-20)	BE-Conn-Stella	FEEDCONN-STELLA-08-003	Add incremental cursor + resume support (per-export fingerprint) and document configuration for downstream Concelier instances.
Sprint 8	Plugin Infrastructure	src/__Libraries/StellaOps.Plugin/TASKS.md	DONE (2025-10-21)	Plugin Platform Guild	PLUGIN-DI-08-001	Scoped service support in plugin bootstrap – added dynamic plugin tests ensuring [ServiceBinding] metadata flows through plugin hosts and remains idempotent.
Sprint 8	Plugin Infrastructure	src/__Libraries/StellaOps.Plugin/TASKS.md	DONE (2025-10-20)	Plugin Platform Guild, Authority Core	PLUGIN-DI-08-002.COORD	Authority scoped-service integration handshake Workshop concluded 2025-10-20 15:00–16:05 UTC; decisions + follow-ups recorded in docs/dev/authority-plugin-di-coordination.md.
Sprint 8	Plugin Infrastructure	src/__Libraries/StellaOps.Plugin/TASKS.md	DONE (2025-10-20)	Plugin Platform Guild, Authority Core	PLUGIN-DI-08-002	Authority plugin integration updates – scoped identity-provider services with registry handles; regression coverage via scoped registrar/unit tests.
Sprint 8	Plugin Infrastructure	src/Authority/StellaOps.Authority/TASKS.md	DONE (2025-10-20)	Authority Core, Plugin Platform Guild	AUTH-PLUGIN-COORD-08-002	Coordinate scoped-service adoption for Authority plug-in registrars Workshop notes and follow-up backlog captured 2025-10-20 in docs/dev/authority-plugin-di-coordination.md.
Sprint 9	Scanner Core Foundations	src/Scanner/StellaOps.Scanner.WebService/TASKS.md	DONE (2025-10-19)	Team Scanner WebService	SCANNER-WEB-09-103	Progress streaming (SSE/JSONL) with correlation IDs and ISO-8601 UTC timestamps, documented in API reference.
Sprint 9	Scanner Core Foundations	src/Scanner/StellaOps.Scanner.WebService/TASKS.md	DONE (2025-10-19)	Team Scanner WebService	SCANNER-POLICY-09-105	Policy snapshot loader + schema + OpenAPI (YAML ignore rules, VEX include/exclude, vendor precedence).
Sprint 9	Scanner Core Foundations	src/Scanner/StellaOps.Scanner.WebService/TASKS.md	DONE (2025-10-19)	Team Scanner WebService	SCANNER-POLICY-09-106	/reports verdict assembly (Conselier+Excitor+Policy) + signed response envelope.
Sprint 9	Scanner Core Foundations	src/Scanner/StellaOps.Scanner.WebService/TASKS.md	DONE (2025-10-19)	Team Scanner WebService	SCANNER-POLICY-09-107	Expose score inputs, config version, and quiet provenance in /reports JSON and signed payload.
Sprint 9	DevOps Foundations	ops/devops/TASKS.md	DONE (2025-10-21)	DevOps Guild, Scanner WebService Guild	DEVOPS-SCANNER-09-204	Surface SCANNER__EVENTS__* env config across Compose/Helm and document overrides.
Sprint 9	DevOps Foundations	ops/devops/TASKS.md	DONE (2025-10-21)	DevOps Guild, Notify Guild	DEVOPS-SCANNER-09-205	Notify smoke job validates Redis stream + Notify deliveries after staging deploys.
Sprint 9	Policy Foundations	src/Policy/__Libraries/StellaOps.Policy/TASKS.md	DONE (2025-10-19)	Policy Guild	POLICY-CORE-09-004	Versioned scoring config with schema validation, trust table, and golden fixtures.
Sprint 9	Policy Foundations	src/Policy/__Libraries/StellaOps.Policy/TASKS.md	DONE (2025-10-19)	Policy Guild	POLICY-CORE-09-005	Scoring/quiet engine – compute score, enforce VEX-only quiet rules, emit inputs and provenance.
Sprint 9	Policy Foundations	src/Policy/__Libraries/StellaOps.Policy/TASKS.md	DONE (2025-10-19)	Policy Guild	POLICY-CORE-09-006	Unknown state & confidence decay – deterministic bands surfaced in policy outputs.
Sprint 9	Docs & Governance	docs/TASKS.md	DONE (2025-10-21)	Platform Events Guild	PLATFORM-EVENTS-09-401	Embed canonical event samples into contract/integration tests and ensure CI validates payloads against published schemas.
Sprint 10	Benchmarks	src/Bench/StellaOps.Bench/TASKS.md	DONE (2025-10-21)	Bench Guild, Language Analyzer Guild	BENCH-SCANNER-10-002	Wire real language analyzers into bench harness & refresh baselines post-implementation.
Sprint 10	Scanner Analyzers & SBOM	src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang/TASKS.md	DONE (2025-10-21)	Language Analyzer Guild	SCANNER-ANALYZERS-LANG-10-302	Node analyzer handling workspaces/symlinks emitting pkg:npm.
Sprint 10	Scanner Analyzers & SBOM	src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang/TASKS.md	DONE (2025-10-21)	Language Analyzer Guild	SCANNER-ANALYZERS-LANG-10-303	Python analyzer reading *.dist-info, RECORD hashes, entry points.
Sprint 10	Scanner Analyzers & SBOM	src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang/TASKS.md	DONE (2025-10-22)	Language Analyzer Guild	SCANNER-ANALYZERS-LANG-10-304	Go analyzer leveraging buildinfo for pkg:golang components.
Sprint 10	Scanner Analyzers & SBOM	src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Go/TASKS.md	DONE (2025-10-22)	Language Analyzer Guild	SCANNER-ANALYZERS-LANG-10-304E	Plumb Go heuristic counter into Scanner metrics pipeline and alerting.
Sprint 10	Scanner Analyzers & SBOM	src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang/TASKS.md	DONE (2025-10-22)	Language Analyzer Guild	SCANNER-ANALYZERS-LANG-10-305	.NET analyzer parsing *.deps.json, assembly metadata, RID variants.
Sprint 10	Scanner Analyzers & SBOM	src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang/TASKS.md	DONE (2025-10-22)	Language Analyzer Guild	SCANNER-ANALYZERS-LANG-10-306	Rust analyzer detecting crates or falling back to bin:{sha256}.
Sprint 10	Scanner Analyzers & SBOM	src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang/TASKS.md	DONE (2025-10-19)	Language Analyzer Guild	SCANNER-ANALYZERS-LANG-10-307	Shared language evidence helpers + usage flag propagation.
Sprint 10	Scanner Analyzers & SBOM	src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang/TASKS.md	DONE (2025-10-19)	Language Analyzer Guild	SCANNER-ANALYZERS-LANG-10-308	Determinism + fixture harness for language analyzers.
Sprint 10	Scanner Analyzers & SBOM	src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang/TASKS.md	DONE (2025-10-21)	Language Analyzer Guild	SCANNER-ANALYZERS-LANG-10-309	Package language analyzers as restart-time plug-ins (manifest + host registration).
Sprint 10	Scanner Analyzers & SBOM	src/Scanner/__Libraries/StellaOps.Scanner.Emit/TASKS.md	DONE (2025-10-22)	Emit Guild	SCANNER-EMIT-10-601	Compose inventory SBOM (CycloneDX JSON/Protobuf) from layer fragments.
Sprint 10	Scanner Analyzers & SBOM	src/Scanner/__Libraries/StellaOps.Scanner.Emit/TASKS.md	DONE (2025-10-22)	Emit Guild	SCANNER-EMIT-10-602	Compose usage SBOM leveraging EntryTrace to flag actual usage.
Sprint 10	Scanner Analyzers & SBOM	src/Scanner/__Libraries/StellaOps.Scanner.Emit/TASKS.md	DONE (2025-10-22)	Emit Guild	SCANNER-EMIT-10-603	Generate BOM index sidecar (purl table + roaring bitmap + usage flag).
Sprint 10	Scanner Analyzers & SBOM	src/Scanner/__Libraries/StellaOps.Scanner.Emit/TASKS.md	DONE (2025-10-22)	Emit Guild	SCANNER-EMIT-10-604	Package artifacts for export + attestation with deterministic manifests.
Sprint 10	Scanner Analyzers & SBOM	src/Scanner/__Libraries/StellaOps.Scanner.Emit/TASKS.md	DONE (2025-10-22)	Emit Guild	SCANNER-EMIT-10-605	Emit BOM-Index sidecar schema/fixtures (CRITICAL PATH for SP16).
Sprint 10	Scanner Analyzers & SBOM	src/Scanner/__Libraries/StellaOps.Scanner.Emit/TASKS.md	DONE (2025-10-22)	Emit Guild	SCANNER-EMIT-10-606	Usage view bit flags integrated with EntryTrace.
Sprint 10	Scanner Analyzers & SBOM	src/Scanner/__Libraries/StellaOps.Scanner.Emit/TASKS.md	DONE (2025-10-22)	Emit Guild	SCANNER-EMIT-10-607	Embed scoring inputs, confidence band, and quiet provenance in CycloneDX/DSSE artifacts.
Sprint 10	Scanner Analyzers & SBOM	src/Scanner/__Libraries/StellaOps.Scanner.Cache/TASKS.md	DONE (2025-10-19)	Scanner Cache Guild	SCANNER-CACHE-10-101	Implement layer cache store keyed by layer digest with metadata retention per architecture §3.3.
Sprint 10	Scanner Analyzers & SBOM	src/Scanner/__Libraries/StellaOps.Scanner.Cache/TASKS.md	DONE (2025-10-19)	Scanner Cache Guild	SCANNER-CACHE-10-102	Build file CAS with dedupe, TTL enforcement, and offline import/export hooks.
Sprint 10	Scanner Analyzers & SBOM	src/Scanner/__Libraries/StellaOps.Scanner.Cache/TASKS.md	DONE (2025-10-19)	Scanner Cache Guild	SCANNER-CACHE-10-103	Expose cache metrics/logging and configuration toggles for warm/cold thresholds.
Sprint 10	Scanner Analyzers & SBOM	src/Scanner/__Libraries/StellaOps.Scanner.Cache/TASKS.md	DONE (2025-10-19)	Scanner Cache Guild	SCANNER-CACHE-10-104	Implement cache invalidation workflows (layer delete, TTL expiry, diff invalidation).
Sprint 10	Scanner Analyzers & SBOM	src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.OS/TASKS.md	DONE (2025-10-19)	OS Analyzer Guild	SCANNER-ANALYZERS-OS-10-201	Alpine/apk analyzer emitting deterministic components with provenance.
Sprint 10	Scanner Analyzers & SBOM	src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.OS/TASKS.md	DONE (2025-10-19)	OS Analyzer Guild	SCANNER-ANALYZERS-OS-10-202	Debian/dpkg analyzer mapping packages to purl identity with evidence.
Sprint 10	Scanner Analyzers & SBOM	src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.OS/TASKS.md	DONE (2025-10-19)	OS Analyzer Guild	SCANNER-ANALYZERS-OS-10-203	RPM analyzer capturing EVR, file listings, provenance.
Sprint 10	Scanner Analyzers & SBOM	src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.OS/TASKS.md	DONE (2025-10-19)	OS Analyzer Guild	SCANNER-ANALYZERS-OS-10-204	Shared OS evidence helpers for package identity + provenance.
Sprint 10	Scanner Analyzers & SBOM	src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.OS/TASKS.md	DONE (2025-10-19)	OS Analyzer Guild	SCANNER-ANALYZERS-OS-10-205	Vendor metadata enrichment (source packages, license, CVE hints).
Sprint 10	Scanner Analyzers & SBOM	src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.OS/TASKS.md	DONE (2025-10-19)	OS Analyzer Guild	SCANNER-ANALYZERS-OS-10-206	Determinism harness + fixtures for OS analyzers.
Sprint 10	Scanner Analyzers & SBOM	src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.OS/TASKS.md	DONE (2025-10-19)	OS Analyzer Guild	SCANNER-ANALYZERS-OS-10-207	Package OS analyzers as restart-time plug-ins (manifest + host registration).
Sprint 10	Scanner Analyzers & SBOM	src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang/TASKS.md	DONE (2025-10-19)	Language Analyzer Guild	SCANNER-ANALYZERS-LANG-10-301	Java analyzer emitting pkg:maven with provenance.
Sprint 10	Scanner Analyzers & SBOM	src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/TASKS.md	DONE (2025-10-19)	EntryTrace Guild	SCANNER-ENTRYTRACE-10-401	POSIX shell AST parser with deterministic output.
Sprint 10	Scanner Analyzers & SBOM	src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/TASKS.md	DONE (2025-10-19)	EntryTrace Guild	SCANNER-ENTRYTRACE-10-402	Command resolution across layered rootfs with evidence attribution.
Sprint 10	Scanner Analyzers & SBOM	src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/TASKS.md	DONE (2025-10-19)	EntryTrace Guild	SCANNER-ENTRYTRACE-10-403	Interpreter tracing for shell wrappers to Python/Node/Java launchers.
Sprint 10	Scanner Analyzers & SBOM	src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/TASKS.md	DONE (2025-10-19)	EntryTrace Guild	SCANNER-ENTRYTRACE-10-404	Python entry analyzer (venv shebang, module invocation, usage flag).
Sprint 10	Scanner Analyzers & SBOM	src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/TASKS.md	DONE (2025-10-19)	EntryTrace Guild	SCANNER-ENTRYTRACE-10-405	Node/Java launcher analyzer capturing script/jar targets.
Sprint 10	Scanner Analyzers & SBOM	src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/TASKS.md	DONE (2025-10-19)	EntryTrace Guild	SCANNER-ENTRYTRACE-10-406	Explainability + diagnostics for unresolved constructs with metrics.
Sprint 10	Scanner Analyzers & SBOM	src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/TASKS.md	DONE (2025-10-19)	EntryTrace Guild	SCANNER-ENTRYTRACE-10-407	Package EntryTrace analyzers as restart-time plug-ins (manifest + host registration).
Sprint 10	Scanner Analyzers & SBOM	src/Scanner/__Libraries/StellaOps.Scanner.Diff/TASKS.md	DONE (2025-10-19)	Diff Guild	SCANNER-DIFF-10-501	Build component differ tracking add/remove/version changes with deterministic ordering.
Sprint 10	Scanner Analyzers & SBOM	src/Scanner/__Libraries/StellaOps.Scanner.Diff/TASKS.md	DONE (2025-10-19)	Diff Guild	SCANNER-DIFF-10-502	Attribute diffs to introducing/removing layers including provenance evidence.
Sprint 10	Scanner Analyzers & SBOM	src/Scanner/__Libraries/StellaOps.Scanner.Diff/TASKS.md	DONE (2025-10-19)	Diff Guild	SCANNER-DIFF-10-503	Produce JSON diff output for inventory vs usage views aligned with API contract.
Sprint 10	Samples	samples/TASKS.md	DONE (2025-10-20)	Samples Guild, Scanner Team	SAMPLES-10-001	Sample images with SBOM/BOM-Index sidecars.
Sprint 10	DevOps Perf	ops/devops/TASKS.md	DONE (2025-10-22)	DevOps Guild	DEVOPS-PERF-10-001	Perf smoke job ensuring <5 s SBOM compose.
Sprint 10	DevOps Perf	ops/devops/TASKS.md	DONE (2025-10-23)	DevOps Guild	DEVOPS-PERF-10-002	Publish analyzer bench metrics to Grafana/perf workbook and alarm on ≥20 % regressions.
Sprint 10	Policy Samples	samples/TASKS.md	DONE (2025-10-23)	Samples Guild, Policy Guild	SAMPLES-13-004	Add policy preview/report fixtures showing confidence bands and unknown-age tags.
Sprint 10	Policy Samples	src/Web/StellaOps.Web/TASKS.md	DONE (2025-10-23)	UI Guild	WEB-POLICY-FIXTURES-10-001	Wire policy preview/report doc fixtures into UI harness (test utility or Storybook substitute) with type bindings and validation guard so UI stays aligned with documented payloads.
Sprint 11	Signing Chain Bring-up	src/Signer/StellaOps.Signer/TASKS.md	DONE (2025-10-21)	Signer Guild	SIGNER-API-11-101	/sign/dsse pipeline with Authority auth, PoE introspection, release verification, DSSE signing.
Sprint 11	Signing Chain Bring-up	src/Signer/StellaOps.Signer/TASKS.md	DONE (2025-10-21)	Signer Guild	SIGNER-REF-11-102	/verify/referrers endpoint with OCI lookup, caching, and policy enforcement.
Sprint 11	Signing Chain Bring-up	src/Signer/StellaOps.Signer/TASKS.md	DONE (2025-10-21)	Signer Guild	SIGNER-QUOTA-11-103	Enforce plan quotas, concurrency/QPS limits, artifact size caps with metrics/audit logs.
Sprint 11	Signing Chain Bring-up	src/Authority/StellaOps.Authority/TASKS.md	DONE (2025-10-23)	Authority Core & Security Guild	AUTH-MTLS-11-002	Add OAuth mTLS client credential support with certificate-bound tokens and introspection updates.
Sprint 12	Runtime Guardrails	src/Scanner/StellaOps.Scanner.WebService/TASKS.md	DONE (2025-10-20)	Scanner WebService Guild	SCANNER-RUNTIME-12-301	/runtime/events ingestion endpoint with validation, batching, storage hooks.
Sprint 13	UX & CLI Experience	src/Cli/StellaOps.Cli/TASKS.md	DONE (2025-10-21)	DevEx/CLI	CLI-OFFLINE-13-006	Implement offline kit pull/import/status commands with integrity checks.
Sprint 13	UX & CLI Experience	src/Cli/StellaOps.Cli/TASKS.md	DONE (2025-10-22)	DevEx/CLI	CLI-PLUGIN-13-007	Package non-core CLI verbs as restart-time plug-ins (manifest + loader tests).
Sprint 13	UX & CLI Experience	src/Web/StellaOps.Web/TASKS.md	DONE (2025-10-21)	UX Specialist, Angular Eng, DevEx	WEB1.DEPS-13-001	Stabilise Angular workspace dependencies for headless CI installs (npm install, Chromium handling, docs).
Sprint 16	Scheduler Intelligence	src/Scheduler/__Libraries/StellaOps.Scheduler.Queue/TASKS.md	DONE (2025-10-20)	Scheduler Queue Guild	SCHED-QUEUE-16-403	Dead-letter handling + metrics.
Sprint 18	Launch Readiness	ops/offline-kit/TASKS.md	DONE (2025-10-22)	Offline Kit Guild, Scanner Guild	DEVOPS-OFFLINE-18-004	Rebuild Offline Kit bundle with Go analyzer plug-in and refreshed manifest/signature set.
This file describe implementation of Stella Ops (docs/README.md). Implementation must respect rules from AGENTS.md (read if you have not).

Sprint	Theme	Tasks File Path	Status	Type of Specialist	Task ID	Task Description
Sprint 11	Signing Chain Bring-up	src/Attestor/StellaOps.Attestor/TASKS.md	DONE (2025-10-19)	Attestor Guild	ATTESTOR-API-11-201	/rekor/entries submission pipeline with dedupe, proof acquisition, and persistence.
Sprint 11	Signing Chain Bring-up	src/Attestor/StellaOps.Attestor/TASKS.md	DONE (2025-10-19)	Attestor Guild	ATTESTOR-VERIFY-11-202	/rekor/verify + retrieval endpoints validating signatures and Merkle proofs.
Sprint 11	Signing Chain Bring-up	src/Attestor/StellaOps.Attestor/TASKS.md	DONE (2025-10-19)	Attestor Guild	ATTESTOR-OBS-11-203	Telemetry, alerting, mTLS hardening, and archive workflow for Attestor.
Sprint 11	Storage Platform Hardening	src/Scanner/__Libraries/StellaOps.Scanner.Storage/TASKS.md	DONE (2025-10-23)	Scanner Storage Guild	SCANNER-STORAGE-11-401	Migrate scanner object storage integration from MinIO to RustFS with data migration plan.
Sprint 11	UI Integration	src/UI/StellaOps.UI/TASKS.md	DONE (2025-10-23)	UI Guild	UI-ATTEST-11-005	Attestation visibility (Rekor id, status) on Scan Detail.
Sprint 12	Runtime Guardrails	src/Zastava/__Libraries/StellaOps.Zastava.Core/TASKS.md	DONE (2025-10-23)	Zastava Core Guild	ZASTAVA-CORE-12-201	Define runtime event/admission DTOs, hashing helpers, and versioning strategy.
Sprint 12	Runtime Guardrails	src/Zastava/__Libraries/StellaOps.Zastava.Core/TASKS.md	DONE (2025-10-23)	Zastava Core Guild	ZASTAVA-CORE-12-202	Provide configuration/logging/metrics utilities shared by Observer/Webhook.
Sprint 12	Runtime Guardrails	src/Zastava/__Libraries/StellaOps.Zastava.Core/TASKS.md	DONE (2025-10-23)	Zastava Core Guild	ZASTAVA-CORE-12-203	Authority client helpers, OpTok caching, and security guardrails for runtime services.
Sprint 12	Runtime Guardrails	src/Zastava/__Libraries/StellaOps.Zastava.Core/TASKS.md	DONE (2025-10-23)	Zastava Core Guild	ZASTAVA-OPS-12-204	Operational runbooks, alert rules, and dashboard exports for runtime plane.
Sprint 12	Runtime Guardrails	src/Zastava/StellaOps.Zastava.Observer/TASKS.md	DONE (2025-10-24)	Zastava Observer Guild	ZASTAVA-OBS-12-001	Container lifecycle watcher emitting deterministic runtime events with buffering.
Sprint 12	Runtime Guardrails	src/Zastava/StellaOps.Zastava.Observer/TASKS.md	DONE (2025-10-24)	Zastava Observer Guild	ZASTAVA-OBS-12-002	Capture entrypoint traces + loaded libraries, hashing binaries and linking to baseline SBOM.
Sprint 12	Runtime Guardrails	src/Zastava/StellaOps.Zastava.Observer/TASKS.md	DONE (2025-10-24)	Zastava Observer Guild	ZASTAVA-OBS-12-003	Posture checks for signatures/SBOM/attestation with offline caching.
Sprint 12	Runtime Guardrails	src/Zastava/StellaOps.Zastava.Observer/TASKS.md	DONE (2025-10-24)	Zastava Observer Guild	ZASTAVA-OBS-12-004	Batch /runtime/events submissions with disk-backed buffer and rate limits.
Sprint 12	Runtime Guardrails	src/Zastava/StellaOps.Zastava.Webhook/TASKS.md	DONE (2025-10-24)	Zastava Webhook Guild	ZASTAVA-WEBHOOK-12-101	Admission controller host with TLS bootstrap and Authority auth.
Sprint 12	Runtime Guardrails	src/Zastava/StellaOps.Zastava.Webhook/TASKS.md	DONE (2025-10-24)	Zastava Webhook Guild	ZASTAVA-WEBHOOK-12-102	Query Scanner /policy/runtime, resolve digests, enforce verdicts.
Sprint 12	Runtime Guardrails	src/Zastava/StellaOps.Zastava.Webhook/TASKS.md	DONE (2025-10-24)	Zastava Webhook Guild	ZASTAVA-WEBHOOK-12-103	Caching, fail-open/closed toggles, metrics/logging for admission decisions.
Sprint 12	Runtime Guardrails	src/Zastava/StellaOps.Zastava.Webhook/TASKS.md	DONE (2025-10-24)	Zastava Webhook Guild	ZASTAVA-WEBHOOK-12-104	Wire /admission endpoint to runtime policy client and emit allow/deny envelopes.
Sprint 12	Runtime Guardrails	src/Scanner/StellaOps.Scanner.WebService/TASKS.md	DONE (2025-10-24)	Scanner WebService Guild	SCANNER-RUNTIME-12-302	/policy/runtime endpoint joining SBOM baseline + policy verdict, returning admission guidance.
Sprint 12	Runtime Guardrails	src/Scanner/StellaOps.Scanner.WebService/TASKS.md	DONE (2025-10-24)	Scanner WebService Guild	SCANNER-RUNTIME-12-303	Align /policy/runtime verdicts with canonical policy evaluation (Conselier/Excitor).
Sprint 12	Runtime Guardrails	src/Scanner/StellaOps.Scanner.WebService/TASKS.md	DONE (2025-10-24)	Scanner WebService Guild	SCANNER-RUNTIME-12-304	Integrate attestation verification into runtime policy metadata.
Sprint 12	Runtime Guardrails	src/Scanner/StellaOps.Scanner.WebService/TASKS.md	DONE (2025-10-24)	Scanner WebService Guild	SCANNER-RUNTIME-12-305	Deliver shared fixtures + e2e validation with Zastava/CLI teams.
Sprint 13	UX & CLI Experience	src/UI/StellaOps.UI/TASKS.md	DONE (2025-10-23)	UI Guild	UI-AUTH-13-001	Integrate Authority OIDC + DPoP flows with session management.
Sprint 13	UX & CLI Experience	src/UI/StellaOps.UI/TASKS.md	DONE (2025-10-25)	UI Guild	UI-NOTIFY-13-006	Notify panel: channels/rules CRUD, deliveries view, test send.
Sprint 13	Platform Reliability	ops/devops/TASKS.md	DONE (2025-10-25)	DevOps Guild, Platform Leads	DEVOPS-NUGET-13-001	Wire up .NET 10 preview feeds/local mirrors so dotnet restore succeeds offline; document updated NuGet bootstrap.
Sprint 15	Notify Foundations	src/Notify/__Libraries/StellaOps.Notify.Queue/TASKS.md	DONE (2025-10-23)	Notify Queue Guild	NOTIFY-QUEUE-15-401	Bus abstraction + Redis Streams adapter with ordering/idempotency.
Sprint 15	Notify Foundations	src/Notify/__Libraries/StellaOps.Notify.Queue/TASKS.md	DONE (2025-10-23)	Notify Queue Guild	NOTIFY-QUEUE-15-402	NATS JetStream adapter with health probes and failover.
Sprint 15	Notify Foundations	src/Notify/__Libraries/StellaOps.Notify.Queue/TASKS.md	DONE (2025-10-23)	Notify Queue Guild	NOTIFY-QUEUE-15-403	Delivery queue with retry/dead-letter + metrics.
Sprint 15	Notify Foundations	src/Notify/StellaOps.Notify.Worker/TASKS.md	DONE (2025-10-23)	Notify Worker Guild	NOTIFY-WORKER-15-201	Bus subscription + leasing loop with backoff.
Sprint 17	Symbol Intelligence & Forensics	src/Zastava/StellaOps.Zastava.Observer/TASKS.md	DONE (2025-10-25)	Zastava Observer Guild	ZASTAVA-OBS-17-005	Collect GNU build-id during runtime observation and attach it to emitted events.
Sprint 17	Symbol Intelligence & Forensics	src/Scanner/StellaOps.Scanner.WebService/TASKS.md	DONE (2025-10-25)	Scanner WebService Guild	SCANNER-RUNTIME-17-401	Persist runtime build-id observations and expose them for debug-symbol correlation.
This file describe implementation of Stella Ops (docs/README.md). Implementation must respect rules from AGENTS.md (read if you have not).

Sprint	Theme	Tasks File Path	Status	Type of Specialist	Task ID	Task Description
Sprint 13	Platform Reliability	ops/devops/TASKS.md	DONE (2025-10-26)	DevOps Guild	DEVOPS-NUGET-13-002	Ensure all solutions/projects prioritize local-nuget before public feeds and add restore-order validation.
Sprint 13	Platform Reliability	ops/devops/TASKS.md	DONE (2025-10-26)	DevOps Guild, Platform Leads	DEVOPS-NUGET-13-003	Upgrade Microsoft.* dependencies pinned to 8.* to their latest .NET 10 (or 9.x) releases and refresh guidance.
Sprint 14	Release & Offline Ops	ops/deployment/TASKS.md	DONE (2025-10-26)	Deployment Guild	DEVOPS-OPS-14-003	Deployment/update/rollback automation and channel management documentation.
Sprint 14	Release & Offline Ops	ops/devops/TASKS.md	DONE (2025-10-26)	DevOps Guild	DEVOPS-REL-14-001	Deterministic build/release pipeline with SBOM/provenance, signing, and manifest generation.
Sprint 14	Release & Offline Ops	ops/devops/TASKS.md	DONE (2025-10-26)	DevOps Guild, Scanner Guild	DEVOPS-REL-14-004	Extend release/offline smoke jobs to cover Python analyzer plug-ins (warm/cold, determinism, signing).
Sprint 14	Release & Offline Ops	ops/licensing/TASKS.md	DONE (2025-10-26)	Licensing Guild	DEVOPS-LIC-14-004	Registry token service tied to Authority, plan gating, revocation handling, monitoring.
Sprint 14	Release & Offline Ops	ops/offline-kit/TASKS.md	DONE (2025-10-26)	Offline Kit Guild	DEVOPS-OFFLINE-14-002	Offline kit packaging workflow with integrity verification and documentation.
Sprint 15	Benchmarks	src/Bench/StellaOps.Bench/TASKS.md	DONE (2025-10-26)	Bench Guild, Notify Team	BENCH-NOTIFY-15-001	Notify dispatch throughput bench with results CSV.
Sprint 16	Scheduler Intelligence	src/Scheduler/__Libraries/StellaOps.Scheduler.Models/TASKS.md	DONE (2025-10-19)	Scheduler Models Guild	SCHED-MODELS-16-101	Define Scheduler DTOs & validation.
Sprint 16	Scheduler Intelligence	src/Scheduler/__Libraries/StellaOps.Scheduler.Models/TASKS.md	DONE (2025-10-19)	Scheduler Models Guild	SCHED-MODELS-16-102	Publish schema docs/sample payloads.
Sprint 16	Scheduler Intelligence	src/Scheduler/__Libraries/StellaOps.Scheduler.Storage.Mongo/TASKS.md	DONE (2025-10-19)	Scheduler Storage Guild	SCHED-STORAGE-16-201	Mongo schemas/indexes for Scheduler state.
Sprint 16	Scheduler Intelligence	src/Scheduler/__Libraries/StellaOps.Scheduler.Storage.Mongo/TASKS.md	DONE (2025-10-26)	Scheduler Storage Guild	SCHED-STORAGE-16-202	Repositories with tenant scoping, TTL, causal consistency.
Sprint 16	Scheduler Intelligence	src/Scheduler/__Libraries/StellaOps.Scheduler.Storage.Mongo/TASKS.md	DONE (2025-10-26)	Scheduler Storage Guild	SCHED-STORAGE-16-203	Audit/run stats materialization for UI.
Sprint 16	Scheduler Intelligence	src/Scheduler/__Libraries/StellaOps.Scheduler.ImpactIndex/TASKS.md	DONE (2025-10-26)	Scheduler ImpactIndex Guild	SCHED-IMPACT-16-302	Query APIs for ResolveByPurls/ResolveByVulns/ResolveAll.
Sprint 16	Scheduler Intelligence	src/Scheduler/__Libraries/StellaOps.Scheduler.ImpactIndex/TASKS.md	DONE (2025-10-26)	Scheduler ImpactIndex Guild	SCHED-IMPACT-16-301	Ingest BOM-Index into roaring bitmap store.
Sprint 16	Scheduler Intelligence	src/Scheduler/StellaOps.Scheduler.WebService/TASKS.md	DONE (2025-10-26)	Scheduler WebService Guild	SCHED-WEB-16-102	Schedules CRUD (cron validation, pause/resume, audit).
Sprint 16	Scheduler Intelligence	src/Scheduler/StellaOps.Scheduler.WebService/TASKS.md	DONE (2025-10-26)	Scheduler WebService Guild	SCHED-WEB-16-103	Runs API (list/detail/cancel) + impact previews.
Sprint 16	Scheduler Intelligence	src/Scheduler/StellaOps.Scheduler.WebService/TASKS.md	DONE (2025-10-27)	Scheduler WebService Guild	SCHED-WEB-16-104	Conselier/Excitor webhook handlers with security enforcement.
Sprint 17	Symbol Intelligence & Forensics	docs/TASKS.md	DONE (2025-10-26)	Docs Guild	DOCS-RUNTIME-17-004	Document build-id workflows for SBOMs, runtime events, and debug-store usage.
Sprint 17	Symbol Intelligence & Forensics	ops/devops/TASKS.md	DONE (2025-10-26)	DevOps Guild	DEVOPS-REL-17-002	Ship stripped debug artifacts organised by build-id within release/offline kits.
Sprint 17	Symbol Intelligence & Forensics	ops/offline-kit/TASKS.md	DONE (2025-10-26)	Offline Kit Guild, DevOps Guild	DEVOPS-OFFLINE-17-003	Mirror release debug-store artefacts into Offline Kit packaging and document validation.
Sprint 17	Symbol Intelligence & Forensics	src/Scanner/__Libraries/StellaOps.Scanner.Emit/TASKS.md	DONE (2025-10-26)	Emit Guild	SCANNER-EMIT-17-701	Record GNU build-id for ELF components and surface it in SBOM/diff outputs.
Sprint 18	Launch Readiness	ops/devops/TASKS.md	DONE (2025-10-26)	DevOps Guild	DEVOPS-LAUNCH-18-001	Production launch cutover rehearsal and runbook publication.
Sprint 18	Launch Readiness	ops/offline-kit/TASKS.md	DONE (2025-10-26)	Offline Kit Guild, Scanner Guild	DEVOPS-OFFLINE-18-005	Rebuild Offline Kit with Python analyzer artefacts and refreshed manifest/signature pair.
Sprint 19	Aggregation-Only Contract Enforcement	docs/TASKS.md	DONE (2025-10-26)	Docs Guild	DOCS-AOC-19-001	Publish aggregation-only contract reference documentation.
Sprint 19	Aggregation-Only Contract Enforcement	docs/TASKS.md	DONE (2025-10-26)	Docs Guild, Architecture Guild	DOCS-AOC-19-002	Update architecture overview with AOC boundary diagrams.
Sprint 19	Aggregation-Only Contract Enforcement	docs/TASKS.md	DONE (2025-10-26)	Docs Guild, Policy Guild	DOCS-AOC-19-003	Refresh policy engine doc with raw ingestion constraints.
Sprint 19	Aggregation-Only Contract Enforcement	docs/TASKS.md	DONE (2025-10-26)	Docs Guild, UI Guild	DOCS-AOC-19-004	Document console AOC dashboard and drill-down flow.
Sprint 19	Aggregation-Only Contract Enforcement	docs/TASKS.md	DONE (2025-10-26)	Docs Guild, CLI Guild	DOCS-AOC-19-005	Document CLI AOC commands and exit codes.
Sprint 19	Aggregation-Only Contract Enforcement	docs/TASKS.md	DONE (2025-10-26)	Docs Guild, Observability Guild	DOCS-AOC-19-006	Document new AOC metrics, traces, and logs.
Sprint 19	Aggregation-Only Contract Enforcement	docs/TASKS.md	DONE (2025-10-26)	Docs Guild, Authority Core	DOCS-AOC-19-007	Document new Authority scopes and tenancy enforcement.
Sprint 19	Aggregation-Only Contract Enforcement	docs/TASKS.md	DONE (2025-10-26)	Docs Guild, DevOps Guild	DOCS-AOC-19-008	Update deployment guide with validator enablement and verify user guidance.
Sprint 19	Aggregation-Only Contract Enforcement	src/Authority/StellaOps.Authority/TASKS.md	DONE (2025-10-26)	Authority Core & Security Guild	AUTH-AOC-19-001	Introduce new ingestion/auth scopes across Authority.
Sprint 20	Policy Engine v2	docs/TASKS.md	DONE (2025-10-26)	Docs Guild	DOCS-POLICY-20-001	Publish /docs/policy/overview.md with compliance checklist.
Sprint 20	Policy Engine v2	docs/TASKS.md	DONE (2025-10-26)	Docs Guild	DOCS-POLICY-20-002	Document DSL grammar + examples in /docs/policy/dsl.md.
Sprint 20	Policy Engine v2	docs/TASKS.md	DONE (2025-10-26)	Docs Guild, Authority Core	DOCS-POLICY-20-003	Write /docs/policy/lifecycle.md covering workflow + roles.
Sprint 20	Policy Engine v2	docs/TASKS.md	DONE (2025-10-26)	Docs Guild, Scheduler Guild	DOCS-POLICY-20-004	Document policy run modes + cursors in /docs/policy/runs.md.
Sprint 20	Policy Engine v2	docs/TASKS.md	DONE (2025-10-26)	Docs Guild, Platform Guild	DOCS-POLICY-20-005	Produce /docs/api/policy.md with endpoint schemas + errors.
Sprint 20	Policy Engine v2	docs/TASKS.md	DONE (2025-10-26)	Docs Guild, CLI Guild	DOCS-POLICY-20-006	Author /docs/modules/cli/guides/policy.md with commands, exit codes, JSON output.
Sprint 20	Policy Engine v2	docs/TASKS.md	DONE (2025-10-26)	Docs Guild, UI Guild	DOCS-POLICY-20-007	Create /docs/ui/policy-editor.md covering editor, simulation, approvals.
Sprint 20	Policy Engine v2	docs/TASKS.md	DONE (2025-10-26)	Docs Guild, Architecture Guild	DOCS-POLICY-20-008	Publish /docs/modules/policy/architecture.md with sequence diagrams.
Sprint 20	Policy Engine v2	docs/TASKS.md	DONE (2025-10-26)	Docs Guild, Observability Guild	DOCS-POLICY-20-009	Document metrics/traces/logs in /docs/observability/policy.md.
Sprint 20	Policy Engine v2	docs/TASKS.md	DONE (2025-10-26)	Docs Guild, Security Guild	DOCS-POLICY-20-010	Publish /docs/security/policy-governance.md for scopes + approvals.
Sprint 20	Policy Engine v2	docs/TASKS.md	DONE (2025-10-26)	Docs Guild, Policy Guild	DOCS-POLICY-20-011	Add example policies under /docs/examples/policies/ with commentary.
Sprint 20	Policy Engine v2	docs/TASKS.md	DONE (2025-10-26)	Docs Guild, Support Guild	DOCS-POLICY-20-012	Draft /docs/faq/policy-faq.md covering conflicts, determinism, pitfalls.
Sprint 20	Policy Engine v2	ops/devops/TASKS.md	DONE (2025-10-26)	DevOps Guild	DEVOPS-POLICY-20-001	Add DSL lint + compile checks to CI pipelines.
Sprint 20	Policy Engine v2	ops/devops/TASKS.md	DONE (2025-10-26)	DevOps Guild, QA Guild	DEVOPS-POLICY-20-003	Add determinism CI job diffing repeated policy runs.
Sprint 20	Policy Engine v2	samples/TASKS.md	DONE (2025-10-26)	Samples Guild, Policy Guild	SAMPLES-POLICY-20-001	Commit baseline/serverless/internal-only policy samples + fixtures.
Sprint 20	Policy Engine v2	samples/TASKS.md	DONE (2025-10-26)	Samples Guild, UI Guild	SAMPLES-POLICY-20-002	Produce simulation diff fixtures for UI/CLI tests.
Sprint 20	Policy Engine v2	src/Authority/StellaOps.Authority/TASKS.md	DONE (2025-10-26)	Authority Core & Security Guild	AUTH-POLICY-20-001	Add new policy scopes (policy:*, findings:read, effective:write).
Sprint 20	Policy Engine v2	src/Authority/StellaOps.Authority/TASKS.md	DONE (2025-10-26)	Authority Core & Security Guild	AUTH-POLICY-20-002	Enforce Policy Engine service identity and scope checks at gateway.
Sprint 20	Policy Engine v2	src/Authority/StellaOps.Authority/TASKS.md	DONE (2025-10-26)	Authority Core & Docs Guild	AUTH-POLICY-20-003	Update Authority docs/config samples for policy scopes + workflows.
Sprint 20	Policy Engine v2	src/Bench/StellaOps.Bench/TASKS.md	DONE (2025-10-26)	Bench Guild, Policy Guild	BENCH-POLICY-20-001	Create policy evaluation benchmark suite + baseline metrics.
Sprint 20	Policy Engine v2	src/Policy/StellaOps.Policy.Engine/TASKS.md	DONE (2025-10-26)	Policy Guild, Platform Guild	POLICY-ENGINE-20-000	Spin up new Policy Engine service host with DI bootstrap and Authority wiring.
Sprint 20	Policy Engine v2	src/Policy/StellaOps.Policy.Engine/TASKS.md	DONE (2025-10-26)	Policy Guild	POLICY-ENGINE-20-001	Deliver stella-dsl@1 parser + IR compiler with diagnostics and checksums.
Sprint 20	Policy Engine v2	src/Scheduler/__Libraries/StellaOps.Scheduler.Models/TASKS.md	DONE (2025-10-26)	Scheduler Models Guild	SCHED-MODELS-20-001	Define policy run/diff DTOs + validation helpers.
Sprint 21	Graph Explorer v1	src/Authority/StellaOps.Authority/TASKS.md	DONE (2025-10-26)	Authority Core Guild	AUTH-GRAPH-21-001	Introduce graph scopes (graph:*) with configuration binding and defaults.
Sprint 21	Graph Explorer v1	src/Authority/StellaOps.Authority/TASKS.md	DONE (2025-10-26)	Authority Core Guild	AUTH-GRAPH-21-002	Enforce graph scopes/identities at gateway with tenant propagation.
Sprint 21	Graph Explorer v1	src/Authority/StellaOps.Authority/TASKS.md	DONE (2025-10-26)	Authority Core & Docs Guild	AUTH-GRAPH-21-003	Update security docs/config samples for graph access and least privilege.
Sprint 21	Graph Explorer v1	src/Scheduler/__Libraries/StellaOps.Scheduler.Models/TASKS.md	DONE (2025-10-26)	Scheduler Models Guild	SCHED-MODELS-21-001	Define job DTOs for graph builds/overlay refresh (GraphBuildJob, GraphOverlayJob) with deterministic serialization and status enums; document in src/Scheduler/__Libraries/StellaOps.Scheduler.Models/docs/SCHED-MODELS-21-001-GRAPH-JOBS.md.
Sprint 21	Graph Explorer v1	src/Scheduler/__Libraries/StellaOps.Scheduler.Models/TASKS.md	DONE (2025-10-26)	Scheduler Models Guild	SCHED-MODELS-21-002	Publish schema docs/sample payloads for graph job lifecycle.
Sprint 22	Link-Not-Merge v1	src/Bench/StellaOps.Bench/TASKS.md	DONE (2025-10-26)	Bench Guild	BENCH-LNM-22-001	Benchmark advisory observation ingest/correlation throughput.
Sprint 22	Link-Not-Merge v1	src/Bench/StellaOps.Bench/TASKS.md	DONE (2025-10-26)	Bench Guild	BENCH-LNM-22-002	Benchmark VEX ingest/correlation latency and event emission.
Sprint 23	StellaOps Console	docs/TASKS.md	DONE (2025-10-26)	Docs Guild	DOCS-CONSOLE-23-001	Publish /docs/ui/console-overview.md (IA, tenant model, filters, AOC alignment).
Sprint 23	StellaOps Console	docs/TASKS.md	DONE (2025-10-26)	Docs Guild	DOCS-CONSOLE-23-002	Author /docs/ui/navigation.md with route map, filters, keyboard shortcuts, deep links.
Sprint 23	StellaOps Console	docs/TASKS.md	DONE (2025-10-26)	Docs Guild	DOCS-CONSOLE-23-003	Document /docs/ui/sbom-explorer.md covering catalog, graph, overlays, exports.
Sprint 23	StellaOps Console	docs/TASKS.md	DONE (2025-10-26)	Docs Guild	DOCS-CONSOLE-23-004	Produce /docs/ui/advisories-and-vex.md detailing aggregation-not-merge UX.
Sprint 23	StellaOps Console	docs/TASKS.md	DONE (2025-10-26)	Docs Guild	DOCS-CONSOLE-23-005	Write /docs/ui/findings.md with filters, explain, exports, CLI parity notes.
Sprint 23	StellaOps Console	docs/TASKS.md	DONE (2025-10-26)	Docs Guild	DOCS-CONSOLE-23-006	Publish /docs/ui/policies.md (editor, simulation, approvals, RBAC).
Sprint 23	StellaOps Console	docs/TASKS.md	DONE (2025-10-26)	Docs Guild	DOCS-CONSOLE-23-007	Document /docs/ui/runs.md with SSE monitoring, diff, retries, evidence downloads.
Sprint 23	StellaOps Console	docs/TASKS.md	DONE (2025-10-26)	Docs Guild	DOCS-CONSOLE-23-008	Draft /docs/ui/admin.md covering tenants, roles, tokens, integrations, fresh-auth.
Sprint 23	StellaOps Console	docs/TASKS.md	DONE (2025-10-27)	Docs Guild	DOCS-CONSOLE-23-009	Publish /docs/ui/downloads.md aligning manifest with commands and offline flow.
Sprint 23	StellaOps Console	docs/TASKS.md	DONE (2025-10-27)	Docs Guild, Deployment Guild, Console Guild	DOCS-CONSOLE-23-010	Write /docs/deploy/console.md (Helm, ingress, TLS, env vars, health checks).
Sprint 28	Graph Explorer	src/Scheduler/StellaOps.Scheduler.WebService/TASKS.md	DONE (2025-10-26)	Scheduler WebService Guild	SCHED-WEB-21-001	Provide graph build/overlay job APIs; see docs/SCHED-WEB-21-001-GRAPH-APIS.md.
Sprint 28	Graph Explorer	src/Scheduler/StellaOps.Scheduler.WebService/TASKS.md	DONE (2025-10-26)	Scheduler WebService Guild	SCHED-WEB-21-002	Provide overlay lag metrics endpoint/webhook; see docs/SCHED-WEB-21-001-GRAPH-APIS.md.
Sprint 28	Graph Explorer	src/Scheduler/StellaOps.Scheduler.WebService/TASKS.md	DONE (2025-10-26)	Scheduler WebService Guild, Authority Core Guild	SCHED-WEB-21-003	Replace header auth with Authority scopes using StellaOpsScopes; dev fallback only when Scheduler:Authority:Enabled=false.
Sprint 50	Observability & Forensics Phase 1 – Baseline Telemetry	ops/devops/TASKS.md	DONE (2025-10-26)	DevOps Guild	DEVOPS-OBS-50-001	Deploy default OpenTelemetry collector manifests with secure OTLP pipeline.
Sprint 50	Observability & Forensics Phase 1 – Baseline Telemetry	ops/devops/TASKS.md	DONE (2025-10-26)	DevOps Guild	DEVOPS-OBS-50-003	Package telemetry stack configs for offline/air-gapped installs with signatures.
Sprint 16	Scheduler Intelligence	src/Scheduler/StellaOps.Scheduler.WebService/TASKS.md	DONE (2025-10-27)	Scheduler WebService Guild	SCHED-WEB-16-101	Minimal API host with Authority enforcement.
Sprint 16	Scheduler Intelligence	src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md	DONE (2025-10-27)	Scheduler Worker Guild	SCHED-WORKER-16-202	ImpactIndex targeting and shard planning.
This file describe implementation of Stella Ops (docs/README.md). Implementation must respect rules from AGENTS.md (read if you have not).

Sprint	Theme	Tasks File Path	Status	Type of Specialist	Task ID	Task Description
Sprint 16	Scheduler Intelligence	src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md	DONE (2025-10-27)	Scheduler Worker Guild	SCHED-WORKER-16-203	Runner execution invoking Scanner analysis/content refresh.
Sprint 16	Scheduler Intelligence	src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md	DONE (2025-10-27)	Scheduler Worker Guild	SCHED-WORKER-16-204	Emit rescan/report events for Notify/UI.
Sprint 16	Scheduler Intelligence	src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md	DONE (2025-10-27)	Scheduler Worker Guild	SCHED-WORKER-16-205	Metrics/telemetry for Scheduler planners/runners.
Sprint 19	Aggregation-Only Contract Enforcement	src/Authority/StellaOps.Authority/TASKS.md	DONE (2025-10-27)	Authority Core & Security Guild	AUTH-AOC-19-002	Enforce tenant claim propagation and cross-tenant guardrails.

AUTH-AOC-19-002: Tenant metadata now flows through rate limiter/audit/token persistence; password grant scope/tenant enforcement landed. Docs/stakeholder walkthrough pending. 2025-10-27 Update: Ingestion scopes require tenant assignment; access tokens propagate tenant claims and reject cross-tenant mismatches with coverage. | Sprint 19 | Aggregation-Only Contract Enforcement | src/Authority/StellaOps.Authority/TASKS.md | DONE (2025-10-27) | Authority Core & Docs Guild | AUTH-AOC-19-003 | Update Authority docs/config samples for new scopes. | AUTH-AOC-19-003: Scope catalogue, console/CLI docs, and sample config updated to require aoc:verify plus read scopes; verification clients now explicitly include tenant hints. Authority test run remains blocked on Concelier build failure (ImmutableHashSet<string?>), previously noted under AUTH-AOC-19-002. | Sprint 19 | Aggregation-Only Contract Enforcement | src/Concelier/StellaOps.Concelier.WebService/TASKS.md | DONE (2025-10-28) | Concelier WebService Guild | CONCELIER-WEB-AOC-19-001 | Implement raw advisory ingestion endpoints with AOC guard and verifier. | | Sprint 19 | Aggregation-Only Contract Enforcement | src/Excititor/StellaOps.Excititor.Worker/TASKS.md | DONE (2025-10-28) | QA Guild | EXCITITOR-WORKER-AOC-19-003 | Expand worker tests for deterministic batching and restart safety. | | Sprint 20 | Policy Engine v2 | ops/devops/TASKS.md | DONE (2025-10-27) | DevOps Guild, Scheduler Guild, CLI Guild | DEVOPS-POLICY-20-004 | Automate policy schema exports and change notifications for CLI consumers. | | Sprint 20 | Policy Engine v2 | src/Cli/StellaOps.Cli/TASKS.md | DONE (2025-10-27) | DevEx/CLI Guild | CLI-POLICY-20-002 | Implement stella policy simulate with diff outputs + exit codes. | | Sprint 21 | Graph Explorer v1 | src/Cartographer/StellaOps.Cartographer/TASKS.md | DONE (2025-10-27) | Cartographer Guild | CARTO-GRAPH-21-010 | Replace hard-coded graph:* scope strings with shared constants once graph services integrate. | | Sprint 21 | Graph Explorer v1 | src/Scheduler/StellaOps.Scheduler.WebService/TASKS.md | DONE (2025-10-26) | Scheduler WebService Guild | SCHED-WEB-21-002 | Expose overlay lag metrics and job completion hooks for Cartographer. | | Sprint 23 | StellaOps Console | docs/TASKS.md | DONE (2025-10-28) | Docs Guild | DOCS-CONSOLE-23-011 | Update /docs/install/docker.md to include console image, compose/Helm/offline examples. | | Sprint 23 | StellaOps Console | docs/TASKS.md | DONE (2025-10-28) | Docs Guild | DOCS-CONSOLE-23-012 | Publish /docs/security/console-security.md covering OIDC, scopes, CSP, evidence handling. | | Sprint 23 | StellaOps Console | docs/TASKS.md | DONE (2025-10-28) | Docs Guild | DOCS-CONSOLE-23-013 | Write /docs/observability/ui-telemetry.md cataloguing metrics/logs/dashboards/alerts. | | Sprint 23 | StellaOps Console | docs/TASKS.md | DONE (2025-10-28) | Docs Guild | DOCS-CONSOLE-23-014 | Maintain /docs/cli-vs-ui-parity.md matrix with CI drift detection guidance. | | Sprint 23 | StellaOps Console | docs/TASKS.md | DONE (2025-10-28) | Docs Guild | DOCS-CONSOLE-23-016 | Refresh /docs/accessibility.md with console keyboard flows, tokens, testing tools.
2025-10-28: Published guide covering keyboard matrix, screen-reader behaviour, colour tokens, testing workflow, offline guidance, and compliance checklist. | | Sprint 25 | Exceptions v1 | docs/TASKS.md | DONE (2025-10-27) | Docs Guild | DOCS-EXC-25-004 | Document policy exception effects + simulation. | | Sprint 25 | Exceptions v1 | src/Policy/StellaOps.Policy.Engine/TASKS.md | DONE (2025-10-27) | Policy Guild | POLICY-ENGINE-70-001 | Add exception evaluation layer with specificity + effects. | | Sprint 25 | Exceptions v1 | src/Policy/__Libraries/StellaOps.Policy/TASKS.md | DONE (2025-10-27) | Policy Guild | POLICY-EXC-25-001 | Extend SPL schema to reference exception effects and routing. | This file describe implementation of Stella Ops (docs/README.md). Implementation must respect rules from AGENTS.md (read if you have not).

Sprint	Theme	Tasks File Path	Status	Type of Specialist	Task ID	Task Description
Sprint 16	Scheduler Intelligence	src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md	DOING (2025-10-27)	Scheduler Worker Guild	SCHED-WORKER-16-201	Planner loop (cron/event triggers, leases, fairness).
Sprint 17	Symbol Intelligence & Forensics	ops/offline-kit/TASKS.md	BLOCKED (2025-10-26)	Offline Kit Guild, DevOps Guild	DEVOPS-OFFLINE-17-004	Run mirror_debug_store.py once release artefacts exist and archive verification evidence with the Offline Kit.
Sprint 17	Symbol Intelligence & Forensics	ops/devops/TASKS.md	BLOCKED (2025-10-26)	DevOps Guild	DEVOPS-REL-17-004	Ensure release workflow publishes out/release/debug (build-id tree + manifest) and fails when symbols are missing.

DOCS-AOC-19-004: Architecture overview & policy-engine docs refreshed 2025-10-26 — reuse new AOC boundary diagram + metrics guidance. DOCS-AOC-19-005: Link to the new AOC reference and architecture overview; include exit code table sourced from those docs. | Sprint 19 | Aggregation-Only Contract Enforcement | ops/devops/TASKS.md | BLOCKED (2025-10-26) | DevOps Guild, Platform Guild | DEVOPS-AOC-19-001 | Integrate AOC analyzer/guard enforcement into CI pipelines. | | Sprint 19 | Aggregation-Only Contract Enforcement | ops/devops/TASKS.md | BLOCKED (2025-10-26) | DevOps Guild | DEVOPS-AOC-19-002 | Add CI stage running stella aoc verify against seeded snapshots. | | Sprint 19 | Aggregation-Only Contract Enforcement | ops/devops/TASKS.md | BLOCKED (2025-10-26) | DevOps Guild, QA Guild | DEVOPS-AOC-19-003 | Enforce guard coverage thresholds and export metrics to dashboards. | | Sprint 19 | Aggregation-Only Contract Enforcement | src/Cli/StellaOps.Cli/TASKS.md | DOING (2025-10-27) | DevEx/CLI Guild | CLI-AOC-19-001 | Implement stella sources ingest --dry-run command. | | Sprint 19 | Aggregation-Only Contract Enforcement | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-AOC-19-002 | Implement stella aoc verify command with exit codes. | | Sprint 19 | Aggregation-Only Contract Enforcement | src/Cli/StellaOps.Cli/TASKS.md | TODO | Docs/CLI Guild | CLI-AOC-19-003 | Update CLI reference and quickstart docs for new AOC commands. | | Sprint 19 | Aggregation-Only Contract Enforcement | src/Concelier/__Libraries/StellaOps.Concelier.Core/TASKS.md | TODO | Concelier Core Guild | CONCELIER-CORE-AOC-19-001 | Implement AOC repository guard rejecting forbidden fields. | | Sprint 19 | Aggregation-Only Contract Enforcement | src/Concelier/__Libraries/StellaOps.Concelier.Core/TASKS.md | TODO | Concelier Core Guild | CONCELIER-CORE-AOC-19-002 | Deliver deterministic linkset extraction for advisories. | | Sprint 19 | Aggregation-Only Contract Enforcement | src/Concelier/__Libraries/StellaOps.Concelier.Core/TASKS.md | TODO | Concelier Core Guild | CONCELIER-CORE-AOC-19-003 | Enforce idempotent append-only upsert with supersedes pointers. | | Sprint 19 | Aggregation-Only Contract Enforcement | src/Concelier/__Libraries/StellaOps.Concelier.Core/TASKS.md | DOING (2025-10-28) | Concelier Core Guild | CONCELIER-CORE-AOC-19-004 | Remove ingestion normalization; defer derived logic to Policy Engine. | | Sprint 19 | Aggregation-Only Contract Enforcement | src/Concelier/__Libraries/StellaOps.Concelier.Core/TASKS.md | TODO | Concelier Core Guild | CONCELIER-CORE-AOC-19-013 | Extend smoke coverage to validate tenant-scoped Authority tokens and cross-tenant rejection. | | Sprint 19 | Aggregation-Only Contract Enforcement | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo/TASKS.md | TODO | Concelier Storage Guild | CONCELIER-STORE-AOC-19-001 | Add Mongo schema validator for advisory_raw. | | Sprint 19 | Aggregation-Only Contract Enforcement | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo/TASKS.md | TODO | Concelier Storage Guild | CONCELIER-STORE-AOC-19-002 | Create idempotency unique index backed by migration scripts. | | Sprint 19 | Aggregation-Only Contract Enforcement | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo/TASKS.md | TODO | Concelier Storage Guild | CONCELIER-STORE-AOC-19-003 | Deliver append-only migration/backfill plan with supersedes chaining. | | Sprint 19 | Aggregation-Only Contract Enforcement | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo/TASKS.md | TODO | Concelier Storage Guild, DevOps Guild | CONCELIER-STORE-AOC-19-004 | Document validator deployment steps for online/offline clusters. | | Sprint 19 | Aggregation-Only Contract Enforcement | src/Concelier/StellaOps.Concelier.WebService/TASKS.md | TODO | Concelier WebService Guild, Observability Guild | CONCELIER-WEB-AOC-19-002 | Emit AOC observability metrics, traces, and structured logs. | | Sprint 19 | Aggregation-Only Contract Enforcement | src/Concelier/StellaOps.Concelier.WebService/TASKS.md | TODO | QA Guild | CONCELIER-WEB-AOC-19-003 | Add schema/guard unit tests covering AOC error codes. | | Sprint 19 | Aggregation-Only Contract Enforcement | src/Concelier/StellaOps.Concelier.WebService/TASKS.md | TODO | Concelier WebService Guild, QA Guild | CONCELIER-WEB-AOC-19-004 | Build integration suite validating deterministic ingest under load. | | Sprint 19 | Aggregation-Only Contract Enforcement | src/Excititor/__Libraries/StellaOps.Excititor.Core/TASKS.md | TODO | Excititor Core Guild | EXCITITOR-CORE-AOC-19-001 | Introduce VEX repository guard enforcing AOC invariants. | | Sprint 19 | Aggregation-Only Contract Enforcement | src/Excititor/__Libraries/StellaOps.Excititor.Core/TASKS.md | TODO | Excititor Core Guild | EXCITITOR-CORE-AOC-19-002 | Build deterministic VEX linkset extraction. | | Sprint 19 | Aggregation-Only Contract Enforcement | src/Excititor/__Libraries/StellaOps.Excititor.Core/TASKS.md | TODO | Excititor Core Guild | EXCITITOR-CORE-AOC-19-003 | Enforce append-only idempotent VEX raw upserts. | | Sprint 19 | Aggregation-Only Contract Enforcement | src/Excititor/__Libraries/StellaOps.Excititor.Core/TASKS.md | TODO | Excititor Core Guild | EXCITITOR-CORE-AOC-19-004 | Remove ingestion consensus logic; rely on Policy Engine. | | Sprint 19 | Aggregation-Only Contract Enforcement | src/Excititor/__Libraries/StellaOps.Excititor.Core/TASKS.md | TODO | Excititor Core Guild | EXCITITOR-CORE-AOC-19-013 | Update smoke suites to enforce tenant-scoped Authority tokens and cross-tenant VEX rejection. | | Sprint 19 | Aggregation-Only Contract Enforcement | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo/TASKS.md | TODO | Excititor Storage Guild | EXCITITOR-STORE-AOC-19-001 | Add Mongo schema validator for vex_raw. | | Sprint 19 | Aggregation-Only Contract Enforcement | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo/TASKS.md | TODO | Excititor Storage Guild | EXCITITOR-STORE-AOC-19-002 | Create idempotency unique index for VEX raw documents. | | Sprint 19 | Aggregation-Only Contract Enforcement | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo/TASKS.md | TODO | Excititor Storage Guild | EXCITITOR-STORE-AOC-19-003 | Deliver append-only migration/backfill for VEX raw collections. | | Sprint 19 | Aggregation-Only Contract Enforcement | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo/TASKS.md | TODO | Excititor Storage Guild, DevOps Guild | EXCITITOR-STORE-AOC-19-004 | Document validator deployment for Excititor clusters/offline kit. | | Sprint 19 | Aggregation-Only Contract Enforcement | src/Excititor/StellaOps.Excititor.WebService/TASKS.md | TODO | Excititor WebService Guild | EXCITITOR-WEB-AOC-19-001 | Implement raw VEX ingestion and AOC verifier endpoints. | | Sprint 19 | Aggregation-Only Contract Enforcement | src/Excititor/StellaOps.Excititor.WebService/TASKS.md | TODO | Excititor WebService Guild, Observability Guild | EXCITITOR-WEB-AOC-19-002 | Emit AOC metrics/traces/logging for Excititor ingestion. | | Sprint 19 | Aggregation-Only Contract Enforcement | src/Excititor/StellaOps.Excititor.WebService/TASKS.md | TODO | QA Guild | EXCITITOR-WEB-AOC-19-003 | Add AOC guard test harness for VEX schemas. | | Sprint 19 | Aggregation-Only Contract Enforcement | src/Excititor/StellaOps.Excititor.WebService/TASKS.md | TODO | Excititor WebService Guild, QA Guild | EXCITITOR-WEB-AOC-19-004 | Validate large VEX ingest runs and CLI verification parity. | | Sprint 41 | Surface Sharing Foundations | src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS/TASKS.md | TODO | Scanner Guild, Zastava Guild | SURFACE-FS-01 | Author Surface.FS cache specification and cross-module contract. | | Sprint 41 | Surface Sharing Foundations | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Env/TASKS.md | TODO | Scanner Guild, Ops Guild, Zastava Guild | SURFACE-ENV-01 | Draft Surface.Env variable matrix for Scanner/Zastava deployments. | | Sprint 41 | Surface Sharing Foundations | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets/TASKS.md | TODO | Scanner Guild, Security Guild, Zastava Guild | SURFACE-SECRETS-01 | Define Surface.Secrets schema and rotation guidance. | | Sprint 41 | Surface Sharing Foundations | src/Scanner/__Libraries/StellaOps.Scanner.Surface.Validation/TASKS.md | TODO | Scanner Guild, Security Guild | SURFACE-VAL-01 | Design validator framework for shared Surface checks and extensibility. | | Sprint 19 | Aggregation-Only Contract Enforcement | src/Excititor/StellaOps.Excititor.Worker/TASKS.md | TODO | Excititor Worker Guild | EXCITITOR-WORKER-AOC-19-001 | Rewire worker to persist raw VEX docs with guard enforcement. | | Sprint 19 | Aggregation-Only Contract Enforcement | src/Excititor/StellaOps.Excititor.Worker/TASKS.md | TODO | Excititor Worker Guild | EXCITITOR-WORKER-AOC-19-002 | Enforce signature/checksum verification prior to raw writes. | | Sprint 19 | Aggregation-Only Contract Enforcement | src/Policy/__Libraries/StellaOps.Policy/TASKS.md | TODO | Policy Guild | POLICY-AOC-19-001 | Add lint preventing ingestion modules from referencing Policy-only helpers. | | Sprint 19 | Aggregation-Only Contract Enforcement | src/Policy/__Libraries/StellaOps.Policy/TASKS.md | TODO | Policy Guild, Security Guild | POLICY-AOC-19-002 | Enforce Policy-only writes to effective_finding_* collections. | | Sprint 19 | Aggregation-Only Contract Enforcement | src/Policy/__Libraries/StellaOps.Policy/TASKS.md | TODO | Policy Guild | POLICY-AOC-19-003 | Update Policy readers to consume only raw document fields. | | Sprint 19 | Aggregation-Only Contract Enforcement | src/Policy/__Libraries/StellaOps.Policy/TASKS.md | TODO | Policy Guild, QA Guild | POLICY-AOC-19-004 | Add determinism tests for raw-driven policy recomputation. | | Sprint 19 | Aggregation-Only Contract Enforcement | src/UI/StellaOps.UI/TASKS.md | TODO | UI Guild | UI-AOC-19-001 | Add Sources dashboard tiles surfacing AOC status and violations. | | Sprint 19 | Aggregation-Only Contract Enforcement | src/UI/StellaOps.UI/TASKS.md | TODO | UI Guild | UI-AOC-19-002 | Build violation drill-down view for offending documents. | | Sprint 19 | Aggregation-Only Contract Enforcement | src/UI/StellaOps.UI/TASKS.md | TODO | UI Guild | UI-AOC-19-003 | Wire "Verify last 24h" action and CLI parity messaging. | | Sprint 19 | Aggregation-Only Contract Enforcement | src/Web/StellaOps.Web/TASKS.md | DOING (2025-10-26) | BE-Base Platform Guild | WEB-AOC-19-001 | Provide shared AOC forbidden key set and guard middleware. | | Sprint 19 | Aggregation-Only Contract Enforcement | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-AOC-19-002 | Ship provenance builder and signature helpers for ingestion services. | | Sprint 19 | Aggregation-Only Contract Enforcement | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild, QA Guild | WEB-AOC-19-003 | Author analyzer + shared test fixtures for guard compliance. | | Sprint 20 | Policy Engine v2 | ops/devops/TASKS.md | BLOCKED (waiting on POLICY-ENGINE-20-006) | DevOps Guild | DEVOPS-POLICY-20-002 | Run stella policy simulate CI stage against golden SBOMs. | | Sprint 20 | Policy Engine v2 | src/Bench/StellaOps.Bench/TASKS.md | BLOCKED (waiting on SCHED-WORKER-20-302) | Bench Guild, Scheduler Guild | BENCH-POLICY-20-002 | Add incremental run benchmark capturing delta SLA compliance. | | Sprint 20 | Policy Engine v2 | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild, Docs Guild | CLI-POLICY-20-003 | Extend stella findings commands with policy filters and explain view. | 2025-10-27: Backend helpers drafted but command integration/tests pending; task reset to TODO awaiting follow-up. | Sprint 20 | Policy Engine v2 | src/Concelier/__Libraries/StellaOps.Concelier.Core/TASKS.md | TODO | Concelier Core Guild | CONCELIER-POLICY-20-002 | Strengthen linkset builders with equivalence tables + range parsing. | | Sprint 20 | Policy Engine v2 | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo/TASKS.md | TODO | Concelier Storage Guild | CONCELIER-POLICY-20-003 | Add advisory selection cursors + change-stream checkpoints for policy runs. | | Sprint 20 | Policy Engine v2 | src/Concelier/StellaOps.Concelier.WebService/TASKS.md | TODO | Concelier WebService Guild | CONCELIER-POLICY-20-001 | Provide advisory selection endpoints for policy engine (batch PURL/ID). | | Sprint 20 | Policy Engine v2 | src/Excititor/__Libraries/StellaOps.Excititor.Core/TASKS.md | TODO | Excititor Core Guild | EXCITITOR-POLICY-20-002 | Enhance VEX linkset scope + version resolution for policy accuracy. | | Sprint 20 | Policy Engine v2 | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo/TASKS.md | TODO | Excititor Storage Guild | EXCITITOR-POLICY-20-003 | Introduce VEX selection cursors + change-stream checkpoints. | | Sprint 20 | Policy Engine v2 | src/Excititor/StellaOps.Excititor.WebService/TASKS.md | TODO | Excititor WebService Guild | EXCITITOR-POLICY-20-001 | Ship VEX selection APIs aligned with policy join requirements. | | Sprint 20 | Policy Engine v2 | src/Policy/StellaOps.Policy.Engine/TASKS.md | BLOCKED (2025-10-26) | Policy Guild | POLICY-ENGINE-20-002 | Implement deterministic rule evaluator with priority/first-match semantics. | | Sprint 20 | Policy Engine v2 | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild, Concelier Core, Excititor Core | POLICY-ENGINE-20-003 | Build SBOM↔advisory↔VEX linkset joiners with deterministic batching. | | Sprint 20 | Policy Engine v2 | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild, Storage Guild | POLICY-ENGINE-20-004 | Materialize effective findings with append-only history and tenant scoping. | | Sprint 20 | Policy Engine v2 | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild, Security Guild | POLICY-ENGINE-20-005 | Enforce determinism guard banning wall-clock, RNG, and network usage. | | Sprint 20 | Policy Engine v2 | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild, Scheduler Guild | POLICY-ENGINE-20-006 | Implement incremental orchestrator reacting to change streams. | | Sprint 20 | Policy Engine v2 | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild, Observability Guild | POLICY-ENGINE-20-007 | Emit policy metrics, traces, and sampled rule-hit logs. | | Sprint 20 | Policy Engine v2 | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild, QA Guild | POLICY-ENGINE-20-008 | Add unit/property/golden/perf suites verifying determinism + SLA. | | Sprint 20 | Policy Engine v2 | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild, Storage Guild | POLICY-ENGINE-20-009 | Define Mongo schemas/indexes + migrations for policies/runs/findings. | | Sprint 20 | Policy Engine v2 | src/Scheduler/__Libraries/StellaOps.Scheduler.Models/TASKS.md | TODO | Scheduler Models Guild | SCHED-MODELS-20-002 | Update schema docs with policy run lifecycle samples. | | Sprint 20 | Policy Engine v2 | src/Scheduler/StellaOps.Scheduler.WebService/TASKS.md | TODO | Scheduler WebService Guild | SCHED-WEB-20-001 | Expose policy run scheduling APIs with scope enforcement. | | Sprint 20 | Policy Engine v2 | src/Scheduler/StellaOps.Scheduler.WebService/TASKS.md | TODO | Scheduler WebService Guild | SCHED-WEB-20-002 | Provide simulation trigger endpoint returning diff metadata. | | Sprint 20 | Policy Engine v2 | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md | TODO | Scheduler Worker Guild | SCHED-WORKER-20-301 | Schedule policy runs via API with idempotent job tracking. | | Sprint 20 | Policy Engine v2 | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md | TODO | Scheduler Worker Guild | SCHED-WORKER-20-302 | Implement delta targeting leveraging change streams + policy metadata. | | Sprint 20 | Policy Engine v2 | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md | TODO | Scheduler Worker Guild, Observability Guild | SCHED-WORKER-20-303 | Expose policy scheduling metrics/logs with policy/run identifiers. | | Sprint 20 | Policy Engine v2 | src/UI/StellaOps.UI/TASKS.md | TODO | UI Guild | UI-POLICY-20-001 | Ship Monaco-based policy editor with inline diagnostics + checklists. | | Sprint 20 | Policy Engine v2 | src/UI/StellaOps.UI/TASKS.md | TODO | UI Guild | UI-POLICY-20-002 | Build simulation panel with deterministic diff rendering + virtualization. | | Sprint 20 | Policy Engine v2 | src/UI/StellaOps.UI/TASKS.md | TODO | UI Guild, Product Ops | UI-POLICY-20-003 | Implement submit/review/approve workflow with RBAC + audit trail. | | Sprint 20 | Policy Engine v2 | src/UI/StellaOps.UI/TASKS.md | TODO | UI Guild, Observability Guild | UI-POLICY-20-004 | Add run dashboards (heatmap/VEX wins/suppressions) with export. | | Sprint 20 | Policy Engine v2 | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-POLICY-20-001 | Implement Policy CRUD/compile/run/simulate/findings/explain endpoints. | | Sprint 20 | Policy Engine v2 | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-POLICY-20-002 | Add pagination, filters, deterministic ordering to policy listings. | | Sprint 20 | Policy Engine v2 | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild, QA Guild | WEB-POLICY-20-003 | Map engine errors to ERR_POL_* responses with contract tests. | | Sprint 20 | Policy Engine v2 | src/Web/StellaOps.Web/TASKS.md | TODO | Platform Reliability Guild | WEB-POLICY-20-004 | Introduce rate limits/quotas + metrics for simulation endpoints. | | Sprint 21 | Graph Explorer v1 | src/Bench/StellaOps.Bench/TASKS.md | BLOCKED (2025-10-27) | Bench Guild, Graph Platform Guild | BENCH-GRAPH-21-001 | Graph viewport/path perf harness (50k/100k nodes) measuring Graph API/Indexer latency and cache hit rates. Executed within Sprint 28 Graph program. Upstream Graph API/indexer contracts (GRAPH-API-28-003, GRAPH-INDEX-28-006) still pending, so benchmarks cannot target stable endpoints yet. | | Sprint 21 | Graph Explorer v1 | src/Bench/StellaOps.Bench/TASKS.md | BLOCKED (2025-10-27) | Bench Guild, UI Guild | BENCH-GRAPH-21-002 | Headless UI load benchmark for graph canvas interactions (Playwright) tracking render FPS budgets. Executed within Sprint 28 Graph program. Depends on BENCH-GRAPH-21-001 and UI Graph Explorer (UI-GRAPH-24-001), both pending. | | Sprint 21 | Graph Explorer v1 | src/Concelier/__Libraries/StellaOps.Concelier.Core/TASKS.md | BLOCKED (2025-10-27) | Concelier Core Guild | CONCELIER-GRAPH-21-001 | Enrich SBOM normalization with relationships, scopes, entrypoint annotations for Cartographer. Requires finalized schemas from CONCELIER-POLICY-20-002 and Cartographer event contract (CARTO-GRAPH-21-002). | | Sprint 21 | Graph Explorer v1 | src/Concelier/__Libraries/StellaOps.Concelier.Core/TASKS.md | BLOCKED (2025-10-27) | Concelier Core & Scheduler Guilds | CONCELIER-GRAPH-21-002 | Publish SBOM change events with tenant metadata for graph builds. Awaiting projection schema from CONCELIER-GRAPH-21-001 and Cartographer webhook expectations. | | Sprint 21 | Graph Explorer v1 | src/Excititor/__Libraries/StellaOps.Excititor.Core/TASKS.md | BLOCKED (2025-10-27) | Excititor Core Guild | EXCITITOR-GRAPH-21-001 | Deliver batched VEX/advisory fetch helpers for inspector linkouts. Waiting on linkset enrichment (EXCITITOR-POLICY-20-002) and Cartographer inspector contract (CARTO-GRAPH-21-005). | | Sprint 21 | Graph Explorer v1 | src/Excititor/__Libraries/StellaOps.Excititor.Core/TASKS.md | BLOCKED (2025-10-27) | Excititor Core Guild | EXCITITOR-GRAPH-21-002 | Enrich overlay metadata with VEX justification summaries for graph overlays. Depends on EXCITITOR-GRAPH-21-001 and Policy overlay schema (POLICY-ENGINE-30-001). | | Sprint 21 | Graph Explorer v1 | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo/TASKS.md | BLOCKED (2025-10-27) | Excititor Storage Guild | EXCITITOR-GRAPH-21-005 | Create indexes/materialized views for VEX lookups by PURL/policy. Awaiting access pattern specs from EXCITITOR-GRAPH-21-001. | | Sprint 21 | Graph Explorer v1 | src/SbomService/StellaOps.SbomService/TASKS.md | BLOCKED (2025-10-27) | SBOM Service Guild | SBOM-SERVICE-21-001 | Expose normalized SBOM projection API with relationships, scopes, entrypoints. Waiting on Concelier projection schema (CONCELIER-GRAPH-21-001). | | Sprint 21 | Graph Explorer v1 | src/SbomService/StellaOps.SbomService/TASKS.md | BLOCKED (2025-10-27) | SBOM Service & Scheduler Guilds | SBOM-SERVICE-21-002 | Emit SBOM version change events for Cartographer build queue. Depends on SBOM projection API (SBOM-SERVICE-21-001) and Scheduler contracts. | | Sprint 21 | Graph Explorer v1 | src/SbomService/StellaOps.SbomService/TASKS.md | BLOCKED (2025-10-27) | SBOM Service Guild | SBOM-SERVICE-21-003 | Provide entrypoint management API with tenant overrides. Blocked by SBOM projection API contract. | | Sprint 21 | Graph Explorer v1 | src/SbomService/StellaOps.SbomService/TASKS.md | BLOCKED (2025-10-27) | SBOM Service & Observability Guilds | SBOM-SERVICE-21-004 | Add metrics/traces/logs for SBOM projections. Requires projection pipeline from SBOM-SERVICE-21-001. | | Sprint 21 | Graph Explorer v1 | src/Web/StellaOps.Web/TASKS.md | BLOCKED (2025-10-27) | BE-Base Platform Guild | WEB-GRAPH-21-001 | Add gateway routes for graph APIs with scope enforcement and streaming. Upstream Graph API (GRAPH-API-28-003) and Authority scope work (AUTH-VULN-24-001) pending. | | Sprint 21 | Graph Explorer v1 | src/Web/StellaOps.Web/TASKS.md | BLOCKED (2025-10-27) | BE-Base Platform Guild | WEB-GRAPH-21-002 | Implement bbox/zoom/path validation and pagination for graph endpoints. Depends on core proxy routes. | | Sprint 21 | Graph Explorer v1 | src/Web/StellaOps.Web/TASKS.md | BLOCKED (2025-10-27) | BE-Base Platform & QA Guilds | WEB-GRAPH-21-003 | Map graph errors to ERR_Graph_* and support export streaming. Requires WEB-GRAPH-21-001. | | Sprint 21 | Graph Explorer v1 | src/Web/StellaOps.Web/TASKS.md | BLOCKED (2025-10-27) | BE-Base & Policy Guilds | WEB-GRAPH-21-004 | Wire Policy Engine simulation overlays into graph responses. Waiting on Graph routes and Policy overlay schema (POLICY-ENGINE-30-002). | | Sprint 22 | Link-Not-Merge v1 | docs/TASKS.md | BLOCKED (2025-10-27) | Docs Guild | DOCS-LNM-22-001 | Publish advisories aggregation doc with observation/linkset philosophy. | Blocked by CONCELIER-LNM-21-001..003; draft doc exists but final alignment waits for schema/API delivery. | Sprint 22 | Link-Not-Merge v1 | docs/TASKS.md | BLOCKED (2025-10-27) | Docs Guild | DOCS-LNM-22-002 | Publish VEX aggregation doc describing observation/linkset flow. | Blocked by EXCITITOR-LNM-21-001..003; draft doc staged pending observation/linkset implementation. | Sprint 22 | Link-Not-Merge v1 | docs/TASKS.md | BLOCKED (2025-10-27) | Docs Guild | DOCS-LNM-22-005 | Document UI evidence panel with conflict badges/AOC drill-down. | Blocked by UI-LNM-22-001..003; need shipping UI to capture screenshots and finalize guidance. | Sprint 22 | Link-Not-Merge v1 | ops/devops/TASKS.md | BLOCKED (2025-10-27) | DevOps Guild | DEVOPS-LNM-22-001 | Execute advisory observation/linkset migration/backfill and automation. | | Sprint 22 | Link-Not-Merge v1 | ops/devops/TASKS.md | BLOCKED (2025-10-27) | DevOps Guild | DEVOPS-LNM-22-002 | Run VEX observation/linkset migration/backfill with monitoring/runbook. | | Sprint 22 | Link-Not-Merge v1 | samples/TASKS.md | BLOCKED (2025-10-27) | Samples Guild | SAMPLES-LNM-22-001 | Add advisory observation/linkset fixtures with conflicts. | | Sprint 22 | Link-Not-Merge v1 | samples/TASKS.md | BLOCKED (2025-10-27) | Samples Guild | SAMPLES-LNM-22-002 | Add VEX observation/linkset fixtures with status disagreements. | | Sprint 22 | Link-Not-Merge v1 | src/Authority/StellaOps.Authority/TASKS.md | TODO | Authority Core Guild | AUTH-AOC-22-001 | Roll out new advisory/vex ingest/read scopes. | | Sprint 22 | Link-Not-Merge v1 | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-LNM-22-001 | Implement advisory observation/linkset CLI commands with JSON/OSV export. | | Sprint 22 | Link-Not-Merge v1 | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-LNM-22-002 | Implement VEX observation/linkset CLI commands. | | Sprint 22 | Link-Not-Merge v1 | src/Concelier/__Libraries/StellaOps.Concelier.Core/TASKS.md | TODO | Concelier Core Guild | CONCELIER-LNM-21-001 | Define immutable advisory observation schema with AOC metadata. | | Sprint 22 | Link-Not-Merge v1 | src/Concelier/__Libraries/StellaOps.Concelier.Core/TASKS.md | TODO | Concelier Core Guild, Data Science Guild | CONCELIER-LNM-21-002 | Implement advisory linkset builder with correlation signals/conflicts. | | Sprint 22 | Link-Not-Merge v1 | src/Concelier/__Libraries/StellaOps.Concelier.Merge/TASKS.md | TODO | BE-Merge | MERGE-LNM-21-002 | Deprecate merge service and enforce observation-only pipeline. | | Sprint 22 | Link-Not-Merge v1 | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo/TASKS.md | TODO | Concelier Storage Guild | CONCELIER-LNM-21-101 | Provision observations/linksets collections and indexes. | | Sprint 22 | Link-Not-Merge v1 | src/Concelier/__Libraries/StellaOps.Concelier.Storage.Mongo/TASKS.md | TODO | Concelier Storage & DevOps Guilds | CONCELIER-LNM-21-102 | Backfill legacy merged advisories into observations/linksets with rollback tooling. | | Sprint 22 | Link-Not-Merge v1 | src/Concelier/StellaOps.Concelier.WebService/TASKS.md | TODO | Concelier WebService Guild | CONCELIER-LNM-21-201 | Ship advisory observation read APIs with pagination/RBAC. | | Sprint 22 | Link-Not-Merge v1 | src/Concelier/StellaOps.Concelier.WebService/TASKS.md | TODO | Concelier WebService Guild | CONCELIER-LNM-21-202 | Implement advisory linkset read/export/evidence endpoints mapped to ERR_AGG_*. | | Sprint 22 | Link-Not-Merge v1 | src/Excititor/__Libraries/StellaOps.Excititor.Core/TASKS.md | TODO | Excititor Core Guild | EXCITITOR-LNM-21-001 | Define immutable VEX observation model. | | Sprint 22 | Link-Not-Merge v1 | src/Excititor/__Libraries/StellaOps.Excititor.Core/TASKS.md | TODO | Excititor Core Guild | EXCITITOR-LNM-21-002 | Build VEX linkset correlator with confidence/conflict recording. | | Sprint 22 | Link-Not-Merge v1 | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo/TASKS.md | TODO | Excititor Storage Guild | EXCITITOR-LNM-21-101 | Provision VEX observation/linkset collections and indexes. | | Sprint 22 | Link-Not-Merge v1 | src/Excititor/__Libraries/StellaOps.Excititor.Storage.Mongo/TASKS.md | TODO | Excititor Storage & DevOps Guilds | EXCITITOR-LNM-21-102 | Backfill legacy VEX data into observations/linksets with rollback scripts. | | Sprint 22 | Link-Not-Merge v1 | src/Excititor/StellaOps.Excititor.WebService/TASKS.md | TODO | Excititor WebService Guild | EXCITITOR-LNM-21-201 | Expose VEX observation APIs with filters/pagination and RBAC. | | Sprint 22 | Link-Not-Merge v1 | src/Excititor/StellaOps.Excititor.WebService/TASKS.md | TODO | Excititor WebService Guild | EXCITITOR-LNM-21-202 | Implement VEX linkset endpoints + exports with evidence payloads. | | Sprint 22 | Link-Not-Merge v1 | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild | POLICY-ENGINE-40-001 | Update severity selection to handle multiple source severities per linkset. | | Sprint 22 | Link-Not-Merge v1 | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild, Excititor Guild | POLICY-ENGINE-40-002 | Integrate VEX linkset conflicts into effective findings/explain traces. | | Sprint 22 | Link-Not-Merge v1 | src/Scanner/StellaOps.Scanner.WebService/TASKS.md | TODO | Scanner WebService Guild | SCANNER-LNM-21-001 | Update report/runtime payloads to consume linksets and surface source evidence. | | Sprint 22 | Link-Not-Merge v1 | src/UI/StellaOps.UI/TASKS.md | TODO | UI Guild | UI-LNM-22-001 | Deliver Evidence panel with policy banner and source observations. | | Sprint 22 | Link-Not-Merge v1 | src/UI/StellaOps.UI/TASKS.md | TODO | UI Guild | UI-LNM-22-003 | Add VEX evidence tab with conflict indicators and exports. | | Sprint 22 | Link-Not-Merge v1 | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-LNM-21-001 | Surface advisory observation/linkset APIs through gateway with RBAC. | | Sprint 22 | Link-Not-Merge v1 | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-LNM-21-002 | Expose VEX observation/linkset endpoints with export handling. | | Sprint 23 | StellaOps Console | docs/TASKS.md | TODO | Docs Guild | DOCS-CONSOLE-23-015 | Produce /docs/architecture/console.md describing packages, data flow, SSE design. | | Sprint 23 | StellaOps Console | docs/TASKS.md | TODO | Docs Guild | DOCS-CONSOLE-23-017 | Create /docs/examples/ui-tours.md walkthroughs with annotated screenshots/GIFs. | | Sprint 23 | StellaOps Console | docs/TASKS.md | TODO | Docs Guild | DOCS-CONSOLE-23-018 | Execute console security checklist and record Security Guild sign-off. | | Sprint 23 | StellaOps Console | ops/deployment/TASKS.md | TODO | Deployment Guild | DOWNLOADS-CONSOLE-23-001 | Maintain signed downloads manifest pipeline feeding Console + docs parity checks. | | Sprint 23 | StellaOps Console | ops/devops/TASKS.md | BLOCKED (2025-10-26) | DevOps Guild | DEVOPS-CONSOLE-23-001 | Stand up console CI pipeline (pnpm cache, lint, tests, Playwright, Lighthouse, offline runners). | | Sprint 23 | StellaOps Console | ops/devops/TASKS.md | TODO | DevOps Guild | DEVOPS-CONSOLE-23-002 | Deliver stella-console container + Helm overlays with SBOM/provenance and offline packaging. | | Sprint 23 | StellaOps Console | src/Authority/StellaOps.Authority/TASKS.md | TODO | Authority Core & Security Guild | AUTH-CONSOLE-23-001 | Register Console OIDC client with PKCE, scopes, short-lived tokens, and offline defaults. | | Sprint 23 | StellaOps Console | src/Authority/StellaOps.Authority/TASKS.md | TODO | Authority Core & Security Guild | AUTH-CONSOLE-23-002 | Provide tenant catalog/user profile endpoints with audit logging and fresh-auth requirements. | | Sprint 23 | StellaOps Console | src/Authority/StellaOps.Authority/TASKS.md | TODO | Authority Core & Docs Guild | AUTH-CONSOLE-23-003 | Update security docs/sample configs for Console flows, CSP, and session policies. | | Sprint 23 | StellaOps Console | src/Concelier/StellaOps.Concelier.WebService/TASKS.md | TODO | Concelier WebService Guild | CONCELIER-CONSOLE-23-001 | Surface /console/advisories aggregation views with per-source metadata and filters. | | Sprint 23 | StellaOps Console | src/Concelier/StellaOps.Concelier.WebService/TASKS.md | TODO | Concelier WebService Guild | CONCELIER-CONSOLE-23-002 | Provide advisory delta metrics API for dashboard + live status ticker. | | Sprint 23 | StellaOps Console | src/Concelier/StellaOps.Concelier.WebService/TASKS.md | TODO | Concelier WebService Guild | CONCELIER-CONSOLE-23-003 | Add search helpers for CVE/GHSA/PURL lookups returning evidence fragments. | | Sprint 23 | StellaOps Console | src/Excititor/StellaOps.Excititor.WebService/TASKS.md | TODO | Excititor WebService Guild | EXCITITOR-CONSOLE-23-001 | Expose /console/vex aggregation endpoints with precedence and provenance. | | Sprint 23 | StellaOps Console | src/Excititor/StellaOps.Excititor.WebService/TASKS.md | TODO | Excititor WebService Guild | EXCITITOR-CONSOLE-23-002 | Publish VEX override delta metrics feeding dashboard/status ticker. | | Sprint 23 | StellaOps Console | src/Excititor/StellaOps.Excititor.WebService/TASKS.md | TODO | Excititor WebService Guild | EXCITITOR-CONSOLE-23-003 | Implement VEX search helpers for global search and explain drill-downs. | | Sprint 23 | StellaOps Console | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild, Scheduler Guild | EXPORT-CONSOLE-23-001 | Implement evidence bundle/export generator with signed manifests and telemetry. | | Sprint 23 | StellaOps Console | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild | POLICY-CONSOLE-23-001 | Optimize findings/explain APIs for Console filters, aggregation hints, and provenance traces. | | Sprint 23 | StellaOps Console | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild, Product Ops | POLICY-CONSOLE-23-002 | Expose simulation diff + approval state metadata for policy workspace scenarios. | | Sprint 23 | StellaOps Console | src/SbomService/StellaOps.SbomService/TASKS.md | TODO | SBOM Service Guild | SBOM-CONSOLE-23-001 | Deliver Console SBOM catalog API with filters, evaluation metadata, and raw projections. | | Sprint 23 | StellaOps Console | src/SbomService/StellaOps.SbomService/TASKS.md | TODO | SBOM Service Guild | SBOM-CONSOLE-23-002 | Provide component lookup/neighborhood endpoints for global search and overlays. | | Sprint 23 | StellaOps Console | src/Scheduler/StellaOps.Scheduler.WebService/TASKS.md | TODO | Scheduler WebService Guild | SCHED-CONSOLE-23-001 | Extend runs API with SSE progress, queue lag summaries, RBAC actions, and history pagination. | | Sprint 23 | StellaOps Console | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md | TODO | Scheduler Worker Guild | SCHED-WORKER-CONSOLE-23-201 | Stream run progress events with heartbeat/dedupe for Console SSE consumers. | | Sprint 23 | StellaOps Console | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md | TODO | Scheduler Worker Guild | SCHED-WORKER-CONSOLE-23-202 | Coordinate evidence bundle job queueing, status tracking, cancellation, and retention. | | Sprint 23 | StellaOps Console | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-CONSOLE-23-001 | Ship /console/dashboard + /console/filters aggregates with tenant scoping and deterministic totals. | | Sprint 23 | StellaOps Console | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild, Scheduler Guild | WEB-CONSOLE-23-002 | Provide /console/status polling and /console/runs/{id}/stream SSE proxy with heartbeat/backoff. | | Sprint 23 | StellaOps Console | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild, Policy Guild | WEB-CONSOLE-23-003 | Expose /console/exports orchestration for evidence bundles, CSV/JSON streaming, manifest retrieval. | | Sprint 23 | StellaOps Console | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-CONSOLE-23-004 | Implement /console/search fan-out router for CVE/GHSA/PURL/SBOM lookups with caching and RBAC. | | Sprint 23 | StellaOps Console | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild, DevOps Guild | WEB-CONSOLE-23-005 | Serve /console/downloads manifest with signed image metadata and offline guidance. | | Sprint 24 | Graph & Vuln Explorer v1 | src/Authority/StellaOps.Authority/TASKS.md | TODO | Authority Core Guild | AUTH-VULN-24-001 | Extend scopes (vuln:view/vuln:investigate/vuln:operate/vuln:audit) and signed permalinks. | 2025-10-27: Scope enforcement spike paused; no production change landed. | Sprint 24 | Graph & Vuln Explorer v1 | src/Concelier/__Libraries/StellaOps.Concelier.Core/TASKS.md | TODO | Concelier Core Guild | CONCELIER-GRAPH-24-001 | Surface raw advisory observations/linksets for overlay services (no derived aggregation in ingestion). | 2025-10-27: Prototype not merged (query layer + CLI consumer under review); resetting to TODO. | Sprint 24 | Graph & Vuln Explorer v1 | src/Excititor/__Libraries/StellaOps.Excititor.Core/TASKS.md | TODO | Excititor Core Guild | EXCITITOR-GRAPH-24-001 | Surface raw VEX statements/linksets for overlay services (no suppression/precedence logic here). | | Sprint 24 | Graph & Vuln Explorer v1 | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild | POLICY-ENGINE-60-001 | Maintain Redis effective decision maps for overlays. | | Sprint 24 | Graph & Vuln Explorer v1 | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild | POLICY-ENGINE-60-002 | Provide simulation bridge for graph what-if APIs. | | Sprint 24 | Graph & Vuln Explorer v1 | src/UI/StellaOps.UI/TASKS.md | TODO | UI Guild | UI-GRAPH-24-001 | Build Graph Explorer canvas with virtualization. | | Sprint 24 | Graph & Vuln Explorer v1 | src/UI/StellaOps.UI/TASKS.md | TODO | UI Guild | UI-GRAPH-24-002 | Implement overlays (Policy/Evidence/License/Exposure). | | Sprint 25 | Exceptions v1 | docs/TASKS.md | TODO | Docs Guild | DOCS-EXC-25-001 | Document exception governance concepts/workflow. | | Sprint 25 | Exceptions v1 | docs/TASKS.md | TODO | Docs Guild | DOCS-EXC-25-002 | Document approvals routing / MFA requirements. | | Sprint 25 | Exceptions v1 | docs/TASKS.md | TODO | Docs Guild | DOCS-EXC-25-003 | Publish API documentation for exceptions endpoints. | | Sprint 25 | Exceptions v1 | docs/TASKS.md | TODO | Docs Guild | DOCS-EXC-25-005 | Document UI exception center + badges. | | Sprint 25 | Exceptions v1 | docs/TASKS.md | TODO | Docs Guild | DOCS-EXC-25-006 | Update CLI docs for exception commands. | | Sprint 25 | Exceptions v1 | docs/TASKS.md | TODO | Docs Guild | DOCS-EXC-25-007 | Write migration guide for governed exceptions. | | Sprint 25 | Exceptions v1 | src/Authority/StellaOps.Authority/TASKS.md | TODO | Authority Core Guild | AUTH-EXC-25-001 | Introduce exception scopes and routing matrix with MFA. | | Sprint 25 | Exceptions v1 | src/Authority/StellaOps.Authority/TASKS.md | TODO | Authority Core & Docs Guild | AUTH-EXC-25-002 | Update docs/config samples for exception governance. | | Sprint 25 | Exceptions v1 | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-EXC-25-001 | Implement CLI exception workflow commands. | | Sprint 25 | Exceptions v1 | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-EXC-25-002 | Extend policy simulate with exception overrides. | | Sprint 25 | Exceptions v1 | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild | POLICY-ENGINE-70-002 | Create exception collections/bindings storage + repos. | | Sprint 25 | Exceptions v1 | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild | POLICY-ENGINE-70-003 | Implement Redis exception cache + invalidation. | | Sprint 25 | Exceptions v1 | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild | POLICY-ENGINE-70-004 | Add metrics/tracing/logging for exception application. | | Sprint 25 | Exceptions v1 | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild | POLICY-ENGINE-70-005 | Hook workers/events for activation/expiry. | | Sprint 25 | Exceptions v1 | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md | TODO | Scheduler Worker Guild | SCHED-WORKER-25-101 | Implement exception lifecycle worker for activation/expiry. | | Sprint 25 | Exceptions v1 | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md | TODO | Scheduler Worker Guild | SCHED-WORKER-25-102 | Add expiring notification job & metrics. | | Sprint 25 | Exceptions v1 | src/UI/StellaOps.UI/TASKS.md | TODO | UI Guild | UI-EXC-25-001 | Deliver Exception Center (list/kanban) with workflows. | | Sprint 25 | Exceptions v1 | src/UI/StellaOps.UI/TASKS.md | TODO | UI Guild | UI-EXC-25-002 | Build exception creation wizard with scope/timebox guardrails. | | Sprint 25 | Exceptions v1 | src/UI/StellaOps.UI/TASKS.md | TODO | UI Guild | UI-EXC-25-003 | Add inline exception drafting/proposing from explorers. | | Sprint 25 | Exceptions v1 | src/UI/StellaOps.UI/TASKS.md | TODO | UI Guild | UI-EXC-25-004 | Surface badges/countdowns/explain integration. | | Sprint 25 | Exceptions v1 | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-EXC-25-001 | Ship exception CRUD + workflow API endpoints. | | Sprint 25 | Exceptions v1 | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-EXC-25-002 | Extend policy endpoints to include exception metadata. | | Sprint 25 | Exceptions v1 | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-EXC-25-003 | Emit exception events/notifications with rate limits. | | Sprint 26 | Reachability v1 | docs/TASKS.md | TODO | Docs Guild | DOCS-SIG-26-001 | Document reachability concepts and scoring. | | Sprint 26 | Reachability v1 | docs/TASKS.md | TODO | Docs Guild | DOCS-SIG-26-002 | Document callgraph formats. | | Sprint 26 | Reachability v1 | docs/TASKS.md | TODO | Docs Guild | DOCS-SIG-26-003 | Document runtime facts ingestion. | | Sprint 26 | Reachability v1 | docs/TASKS.md | TODO | Docs Guild | DOCS-SIG-26-004 | Document policy weighting for signals. | | Sprint 26 | Reachability v1 | docs/TASKS.md | TODO | Docs Guild | DOCS-SIG-26-005 | Document UI overlays/timelines. | | Sprint 26 | Reachability v1 | docs/TASKS.md | TODO | Docs Guild | DOCS-SIG-26-006 | Document CLI reachability commands. | | Sprint 26 | Reachability v1 | docs/TASKS.md | TODO | Docs Guild | DOCS-SIG-26-007 | Publish API docs for signals endpoints. | | Sprint 26 | Reachability v1 | docs/TASKS.md | TODO | Docs Guild | DOCS-SIG-26-008 | Write migration guide for enabling reachability. | | Sprint 26 | Reachability v1 | ops/devops/TASKS.md | TODO | DevOps Guild | DEVOPS-SIG-26-001 | Provision pipelines/deployments for Signals service. | | Sprint 26 | Reachability v1 | ops/devops/TASKS.md | TODO | DevOps Guild | DEVOPS-SIG-26-002 | Add dashboards/alerts for reachability metrics. | | Sprint 26 | Reachability v1 | src/Authority/StellaOps.Authority/TASKS.md | TODO | Authority Core Guild | AUTH-SIG-26-001 | Add signals scopes/roles + AOC requirements. | | Sprint 26 | Reachability v1 | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-SIG-26-001 | Implement reachability CLI commands (upload/list/explain). | | Sprint 26 | Reachability v1 | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-SIG-26-002 | Add reachability overrides to policy simulate. | | Sprint 26 | Reachability v1 | src/Concelier/__Libraries/StellaOps.Concelier.Core/TASKS.md | TODO | Concelier Core Guild | CONCELIER-SIG-26-001 | Expose advisory symbol metadata for signals scoring. | | Sprint 26 | Reachability v1 | src/Excititor/__Libraries/StellaOps.Excititor.Core/TASKS.md | TODO | Excititor Core Guild | EXCITITOR-SIG-26-001 | Surface vendor exploitability hints to Signals. | | Sprint 26 | Reachability v1 | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild | POLICY-ENGINE-80-001 | Integrate reachability inputs into policy evaluation and explainers. | | Sprint 26 | Reachability v1 | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild | POLICY-ENGINE-80-002 | Optimize reachability fact retrieval + cache. | | Sprint 26 | Reachability v1 | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild | POLICY-ENGINE-80-003 | Update SPL compiler for reachability predicates. | | Sprint 26 | Reachability v1 | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild | POLICY-ENGINE-80-004 | Emit reachability metrics/traces. | | Sprint 26 | Reachability v1 | src/Policy/__Libraries/StellaOps.Policy/TASKS.md | TODO | Policy Guild | POLICY-SPL-24-001 | Extend SPL schema with reachability predicates/actions. | | Sprint 26 | Reachability v1 | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md | TODO | Scheduler Worker Guild | SCHED-WORKER-26-201 | Implement reachability joiner worker. | | Sprint 26 | Reachability v1 | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md | TODO | Scheduler Worker Guild | SCHED-WORKER-26-202 | Implement staleness monitor + notifications. | | Sprint 26 | Reachability v1 | src/Signals/StellaOps.Signals/TASKS.md | BLOCKED (2025-10-27) | Signals Guild, Authority Guild | SIGNALS-24-001 | Stand up Signals API skeleton with RBAC + health checks. Host scaffold ready, waiting on AUTH-SIG-26-001 to finalize scope issuance and tenant enforcement. | | Sprint 26 | Reachability v1 | src/Signals/StellaOps.Signals/TASKS.md | BLOCKED (2025-10-27) | Signals Guild | SIGNALS-24-002 | Implement callgraph ingestion/normalization pipeline. Waiting on SIGNALS-24-001 skeleton deployment. | | Sprint 26 | Reachability v1 | src/Signals/StellaOps.Signals/TASKS.md | BLOCKED (2025-10-27) | Signals Guild | SIGNALS-24-003 | Ingest runtime facts and persist context data with AOC provenance. Depends on SIGNALS-24-001 base host. | | Sprint 26 | Reachability v1 | src/Signals/StellaOps.Signals/TASKS.md | BLOCKED (2025-10-27) | Signals Guild | SIGNALS-24-004 | Deliver reachability scoring engine writing reachability facts. Blocked until ingestion pipelines unblock. | | Sprint 26 | Reachability v1 | src/Signals/StellaOps.Signals/TASKS.md | BLOCKED (2025-10-27) | Signals Guild | SIGNALS-24-005 | Implement caches + signals events. Downstream of SIGNALS-24-004. | | Sprint 26 | Reachability v1 | src/UI/StellaOps.UI/TASKS.md | TODO | UI Guild | UI-SIG-26-001 | Add reachability columns/badges to Vulnerability Explorer. | | Sprint 26 | Reachability v1 | src/UI/StellaOps.UI/TASKS.md | TODO | UI Guild | UI-SIG-26-002 | Enhance Why drawer with call path/timeline. | | Sprint 26 | Reachability v1 | src/UI/StellaOps.UI/TASKS.md | TODO | UI Guild | UI-SIG-26-003 | Add reachability overlay/time slider to SBOM Graph. | | Sprint 26 | Reachability v1 | src/UI/StellaOps.UI/TASKS.md | TODO | UI Guild | UI-SIG-26-004 | Build Reachability Center + missing sensor view. | | Sprint 26 | Reachability v1 | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-SIG-26-001 | Expose signals proxy endpoints with pagination and RBAC. | | Sprint 26 | Reachability v1 | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-SIG-26-002 | Join reachability data into policy/vuln responses. | | Sprint 26 | Reachability v1 | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-SIG-26-003 | Support reachability overrides in simulate APIs. | | Sprint 27 | Policy Studio | docs/TASKS.md | BLOCKED (2025-10-27) | Docs & Policy Guilds | DOCS-POLICY-27-001 | Publish /docs/policy/studio-overview.md with lifecycle + roles. | Blocked by REGISTRY-API-27-001 and POLICY-ENGINE-27-001; revisit once spec and compile enrichments land. | Sprint 27 | Policy Studio | docs/TASKS.md | BLOCKED (2025-10-27) | Docs & Console Guilds | DOCS-POLICY-27-002 | Write /docs/policy/authoring.md with templates/snippets/lint rules. | Blocked by CONSOLE-STUDIO-27-001 pending; waiting on Studio authoring UX. | Sprint 27 | Policy Studio | docs/TASKS.md | BLOCKED (2025-10-27) | Docs & Policy Registry Guilds | DOCS-POLICY-27-003 | Document /docs/policy/versioning-and-publishing.md. | Blocked by REGISTRY-API-27-007 pending publish/sign pipeline. | Sprint 27 | Policy Studio | docs/TASKS.md | BLOCKED (2025-10-27) | Docs & Scheduler Guilds | DOCS-POLICY-27-004 | Publish /docs/policy/simulation.md with quick vs batch guidance. | Blocked by REGISTRY-API-27-005/SCHED-WORKER-27-301 pending batch simulation. | Sprint 27 | Policy Studio | docs/TASKS.md | BLOCKED (2025-10-27) | Docs & Product Ops | DOCS-POLICY-27-005 | Author /docs/policy/review-and-approval.md. | Blocked by REGISTRY-API-27-006 review workflow outstanding. | Sprint 27 | Policy Studio | docs/TASKS.md | BLOCKED (2025-10-27) | Docs & Policy Guilds | DOCS-POLICY-27-006 | Publish /docs/policy/promotion.md covering canary + rollback. | Blocked by REGISTRY-API-27-008 promotion APIs not ready. | Sprint 27 | Policy Studio | docs/TASKS.md | BLOCKED (2025-10-27) | Docs & DevEx/CLI Guilds | DOCS-POLICY-27-007 | Update /docs/policy/cli.md with new commands + JSON schemas. | Blocked by CLI-POLICY-27-001..004 CLI commands missing. | Sprint 27 | Policy Studio | docs/TASKS.md | BLOCKED (2025-10-27) | Docs & Policy Registry Guilds | DOCS-POLICY-27-008 | Publish /docs/policy/api.md aligning with Registry OpenAPI. | Blocked by Registry OpenAPI (REGISTRY-API-27-001..008) incomplete. | Sprint 27 | Policy Studio | docs/TASKS.md | BLOCKED (2025-10-27) | Docs & Security Guilds | DOCS-POLICY-27-009 | Create /docs/security/policy-attestations.md. | Blocked by AUTH-POLICY-27-002 signing integration pending. | Sprint 27 | Policy Studio | docs/TASKS.md | BLOCKED (2025-10-27) | Docs & Architecture Guilds | DOCS-POLICY-27-010 | Write /docs/architecture/policy-registry.md. | Blocked by REGISTRY-API-27-001 & SCHED-WORKER-27-301 not delivered. | Sprint 27 | Policy Studio | docs/TASKS.md | BLOCKED (2025-10-27) | Docs & Observability Guilds | DOCS-POLICY-27-011 | Publish /docs/observability/policy-telemetry.md. | Blocked by DEVOPS-POLICY-27-004 observability work outstanding. | Sprint 27 | Policy Studio | docs/TASKS.md | BLOCKED (2025-10-27) | Docs & Ops Guilds | DOCS-POLICY-27-012 | Write /docs/runbooks/policy-incident.md. | Blocked by DEPLOY-POLICY-27-002 ops playbooks pending. | Sprint 27 | Policy Studio | docs/TASKS.md | BLOCKED (2025-10-27) | Docs & Policy Guilds | DOCS-POLICY-27-013 | Update /docs/examples/policy-templates.md. | Blocked by CONSOLE-STUDIO-27-001/REGISTRY-API-27-002 templates missing. | Sprint 27 | Policy Studio | docs/TASKS.md | BLOCKED (2025-10-27) | Docs & Policy Registry Guilds | DOCS-POLICY-27-014 | Refresh /docs/aoc/aoc-guardrails.md with Studio guardrails. | Blocked by REGISTRY-API-27-003 & WEB-POLICY-27-001 guardrails not implemented. | Sprint 27 | Policy Studio | ops/deployment/TASKS.md | TODO | Deployment & Policy Registry Guilds | DEPLOY-POLICY-27-001 | Create Helm/Compose overlays for Policy Registry + workers with signing config. | | Sprint 27 | Policy Studio | ops/deployment/TASKS.md | TODO | Deployment & Policy Guilds | DEPLOY-POLICY-27-002 | Document policy rollout/rollback playbooks in runbook. | | Sprint 27 | Policy Studio | ops/devops/TASKS.md | TODO | DevOps Guild | DEVOPS-POLICY-27-001 | Add CI stage for policy lint/compile/test + secret scanning and artifacts. | | Sprint 27 | Policy Studio | ops/devops/TASKS.md | TODO | DevOps & Policy Registry Guilds | DEVOPS-POLICY-27-002 | Provide optional batch simulation CI job with drift gating + PR comment. | | Sprint 27 | Policy Studio | ops/devops/TASKS.md | TODO | DevOps & Security Guilds | DEVOPS-POLICY-27-003 | Manage signing keys + attestation verification in pipelines. | | Sprint 27 | Policy Studio | ops/devops/TASKS.md | TODO | DevOps & Observability Guilds | DEVOPS-POLICY-27-004 | Build dashboards/alerts for compile latency, queue depth, approvals, promotions. | | Sprint 27 | Policy Studio | src/Authority/StellaOps.Authority/TASKS.md | TODO | Authority Core Guild | AUTH-POLICY-27-001 | Define Policy Studio roles/scopes for author/review/approve/operate/audit. | | Sprint 27 | Policy Studio | src/Authority/StellaOps.Authority/TASKS.md | TODO | Authority Core & Security Guilds | AUTH-POLICY-27-002 | Wire signing service + fresh-auth enforcement for publish/promote. | | Sprint 27 | Policy Studio | src/Authority/StellaOps.Authority/TASKS.md | TODO | Authority Core & Docs Guild | AUTH-POLICY-27-003 | Update authority configuration/docs for Policy Studio roles & signing. | | Sprint 27 | Policy Studio | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-POLICY-27-001 | Implement policy workspace CLI commands (init, lint, compile, test). | | Sprint 27 | Policy Studio | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-POLICY-27-002 | Add version bump, submit, review/approve CLI workflow commands. | | Sprint 27 | Policy Studio | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-POLICY-27-003 | Extend simulate command for quick/batch runs, manifests, CI reports. | | Sprint 27 | Policy Studio | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-POLICY-27-004 | Implement publish/promote/rollback/sign CLI lifecycle commands. | | Sprint 27 | Policy Studio | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI & Docs Guilds | CLI-POLICY-27-005 | Update CLI docs/reference for Policy Studio commands and schemas. | | Sprint 27 | Policy Studio | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild | POLICY-ENGINE-27-001 | Return rule coverage, symbol table, docs, hashes from compile endpoint. | | Sprint 27 | Policy Studio | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild | POLICY-ENGINE-27-002 | Enhance simulate outputs with heatmap, explain traces, delta summaries. | | Sprint 27 | Policy Studio | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild | POLICY-ENGINE-27-003 | Enforce complexity/time limits with diagnostics. | | Sprint 27 | Policy Studio | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild | POLICY-ENGINE-27-004 | Update tests/fixtures for coverage, symbol table, explain, complexity. | | Sprint 27 | Policy Studio | src/Policy/StellaOps.Policy.Registry/TASKS.md | TODO | Policy Registry Guild | REGISTRY-API-27-001 | Define Policy Registry OpenAPI spec for workspaces, versions, reviews, simulations, promotions, attestations. | | Sprint 27 | Policy Studio | src/Policy/StellaOps.Policy.Registry/TASKS.md | TODO | Policy Registry Guild | REGISTRY-API-27-002 | Implement workspace storage + CRUD with tenant retention policies. | | Sprint 27 | Policy Studio | src/Policy/StellaOps.Policy.Registry/TASKS.md | TODO | Policy Registry Guild | REGISTRY-API-27-003 | Integrate compile pipeline storing diagnostics, symbol tables, complexity metrics. | | Sprint 27 | Policy Studio | src/Policy/StellaOps.Policy.Registry/TASKS.md | TODO | Policy Registry Guild | REGISTRY-API-27-004 | Deliver quick simulation API with limits and deterministic outputs. | | Sprint 27 | Policy Studio | src/Policy/StellaOps.Policy.Registry/TASKS.md | TODO | Policy Registry & Scheduler Guilds | REGISTRY-API-27-005 | Build batch simulation orchestration, reduction, and evidence bundle storage. | | Sprint 27 | Policy Studio | src/Policy/StellaOps.Policy.Registry/TASKS.md | TODO | Policy Registry Guild | REGISTRY-API-27-006 | Implement review workflow with comments, required approvers, webhooks. | | Sprint 27 | Policy Studio | src/Policy/StellaOps.Policy.Registry/TASKS.md | TODO | Policy Registry & Security Guilds | REGISTRY-API-27-007 | Ship publish/sign pipeline with attestations, immutable versions. | | Sprint 27 | Policy Studio | src/Policy/StellaOps.Policy.Registry/TASKS.md | TODO | Policy Registry Guild | REGISTRY-API-27-008 | Implement promotion/canary bindings per tenant/environment with rollback. | | Sprint 27 | Policy Studio | src/Policy/StellaOps.Policy.Registry/TASKS.md | TODO | Policy Registry & Observability Guilds | REGISTRY-API-27-009 | Instrument metrics/logs/traces for compile, simulation, approval latency. | | Sprint 27 | Policy Studio | src/Policy/StellaOps.Policy.Registry/TASKS.md | TODO | Policy Registry & QA Guilds | REGISTRY-API-27-010 | Build unit/integration/load test suites and seeded fixtures. | | Sprint 27 | Policy Studio | src/Scheduler/StellaOps.Scheduler.WebService/TASKS.md | TODO | Scheduler WebService Guild | SCHED-CONSOLE-27-001 | Provide policy simulation orchestration endpoints with SSE + RBAC. | | Sprint 27 | Policy Studio | src/Scheduler/StellaOps.Scheduler.WebService/TASKS.md | TODO | Scheduler WebService & Observability Guilds | SCHED-CONSOLE-27-002 | Emit policy simulation telemetry endpoints/metrics + webhooks. | | Sprint 27 | Policy Studio | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md | TODO | Scheduler Worker Guild | SCHED-WORKER-27-301 | Implement batch simulation worker sharding SBOMs with retries/backoff. | | Sprint 27 | Policy Studio | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md | TODO | Scheduler Worker Guild | SCHED-WORKER-27-302 | Build reducer job aggregating shard outputs into manifests with checksums. | | Sprint 27 | Policy Studio | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md | TODO | Scheduler Worker & Security Guilds | SCHED-WORKER-27-303 | Enforce tenant isolation/attestation integration and secret scanning for jobs. | | Sprint 27 | Policy Studio | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-POLICY-27-001 | Proxy Policy Registry APIs with tenant scoping, RBAC, evidence streaming. | | Sprint 27 | Policy Studio | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-POLICY-27-002 | Implement review lifecycle routes with audit logs and webhooks. | | Sprint 27 | Policy Studio | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform & Scheduler Guilds | WEB-POLICY-27-003 | Expose quick/batch simulation endpoints with SSE progress + manifests. | | Sprint 27 | Policy Studio | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform & Security Guilds | WEB-POLICY-27-004 | Add publish/promote/rollback endpoints with canary + signing enforcement. | | Sprint 27 | Policy Studio | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform & Observability Guilds | WEB-POLICY-27-005 | Instrument Policy Studio metrics/logs for dashboards. | | Sprint 28 | Graph Explorer | docs/TASKS.md | TODO | Docs & SBOM Guilds | DOCS-GRAPH-28-001 | Publish /docs/sbom/graph-explorer-overview.md. | | Sprint 28 | Graph Explorer | docs/TASKS.md | TODO | Docs & Console Guilds | DOCS-GRAPH-28-002 | Write /docs/sbom/graph-using-the-console.md with walkthrough + accessibility tips. | | Sprint 28 | Graph Explorer | docs/TASKS.md | TODO | Docs & Graph API Guilds | DOCS-GRAPH-28-003 | Document /docs/sbom/graph-query-language.md (JSON schema, cost rules). | | Sprint 28 | Graph Explorer | docs/TASKS.md | TODO | Docs & Graph API Guilds | DOCS-GRAPH-28-004 | Publish /docs/sbom/graph-api.md endpoints + streaming guidance. | | Sprint 28 | Graph Explorer | docs/TASKS.md | TODO | Docs & CLI Guilds | DOCS-GRAPH-28-005 | Produce /docs/sbom/graph-cli.md command reference. | | Sprint 28 | Graph Explorer | docs/TASKS.md | TODO | Docs & Policy Guilds | DOCS-GRAPH-28-006 | Publish /docs/policy/graph-overlays.md. | | Sprint 28 | Graph Explorer | docs/TASKS.md | TODO | Docs & Excitor Guilds | DOCS-GRAPH-28-007 | Document /docs/vex/graph-integration.md. | | Sprint 28 | Graph Explorer | docs/TASKS.md | TODO | Docs & Concelier Guilds | DOCS-GRAPH-28-008 | Document /docs/advisories/graph-integration.md. | | Sprint 28 | Graph Explorer | docs/TASKS.md | TODO | Docs & Architecture Guilds | DOCS-GRAPH-28-009 | Author /docs/architecture/graph-services.md. | | Sprint 28 | Graph Explorer | docs/TASKS.md | TODO | Docs & Observability Guilds | DOCS-GRAPH-28-010 | Publish /docs/observability/graph-telemetry.md. | | Sprint 28 | Graph Explorer | docs/TASKS.md | TODO | Docs & Ops Guilds | DOCS-GRAPH-28-011 | Write /docs/runbooks/graph-incidents.md. | | Sprint 28 | Graph Explorer | docs/TASKS.md | TODO | Docs & Security Guilds | DOCS-GRAPH-28-012 | Create /docs/security/graph-rbac.md. | | Sprint 28 | Graph Explorer | ops/deployment/TASKS.md | TODO | Deployment Guild | DEPLOY-GRAPH-28-001 | Provide deployment/offline instructions for Graph Indexer/API, including cache seeds. | | Sprint 28 | Graph Explorer | ops/devops/TASKS.md | TODO | DevOps Guild | DEVOPS-GRAPH-28-001 | Configure load/perf tests, query budget alerts, and CI smoke for graph APIs. | | Sprint 28 | Graph Explorer | ops/devops/TASKS.md | TODO | DevOps & Security Guilds | DEVOPS-GRAPH-28-002 | Implement caching/backpressure limits, rate limiting configs, and runaway query kill switches. | | Sprint 28 | Graph Explorer | ops/devops/TASKS.md | TODO | DevOps & Observability Guilds | DEVOPS-GRAPH-28-003 | Build dashboards/alerts for tile latency, query denials, memory pressure. | | Sprint 28 | Graph Explorer | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-GRAPH-28-001 | Ship stella sbom graph subcommands (search, query, paths, diff, impacted, export) with JSON output + exit codes. | | Sprint 28 | Graph Explorer | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-GRAPH-28-002 | Add saved query management + deep link helpers to CLI. | | Sprint 28 | Graph Explorer | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-GRAPH-28-003 | Update CLI docs/examples for Graph Explorer commands. | | Sprint 28 | Graph Explorer | src/Concelier/StellaOps.Concelier.WebService/TASKS.md | TODO | Concelier WebService Guild | CONCELIER-GRAPH-24-101 | Deliver advisory summary API feeding graph tooltips. | | Sprint 28 | Graph Explorer | src/Concelier/StellaOps.Concelier.WebService/TASKS.md | TODO | Concelier WebService Guild | CONCELIER-GRAPH-28-102 | Add batch fetch for advisory observations/linksets keyed by component sets to feed Graph overlay tooltips efficiently. | | Sprint 28 | Graph Explorer | src/Concelier/StellaOps.Concelier.WebService/TASKS.md | TODO | Concelier WebService Guild | WEB-LNM-21-001 | Provide advisory observation endpoints optimized for graph overlays. | | Sprint 28 | Graph Explorer | src/Excititor/StellaOps.Excititor.WebService/TASKS.md | TODO | Excititor WebService Guild | EXCITITOR-GRAPH-24-101 | Provide VEX summary API for Graph Explorer inspector overlays. | | Sprint 28 | Graph Explorer | src/Graph/StellaOps.Graph.Api/TASKS.md | TODO | Graph API Guild | GRAPH-API-28-001 | Publish Graph API OpenAPI + JSON schemas for queries/tiles. | | Sprint 28 | Graph Explorer | src/Graph/StellaOps.Graph.Api/TASKS.md | TODO | Graph API Guild | GRAPH-API-28-002 | Implement /graph/search with caching and RBAC. | | Sprint 28 | Graph Explorer | src/Graph/StellaOps.Graph.Api/TASKS.md | TODO | Graph API Guild | GRAPH-API-28-003 | Build query planner + streaming tile pipeline with budgets. | | Sprint 28 | Graph Explorer | src/Graph/StellaOps.Graph.Api/TASKS.md | TODO | Graph API Guild | GRAPH-API-28-004 | Deliver /graph/paths with depth limits and policy overlay support. | | Sprint 28 | Graph Explorer | src/Graph/StellaOps.Graph.Api/TASKS.md | TODO | Graph API Guild | GRAPH-API-28-005 | Implement /graph/diff streaming adds/removes/changes for SBOM snapshots. | | Sprint 28 | Graph Explorer | src/Graph/StellaOps.Graph.Api/TASKS.md | TODO | Graph API Guild | GRAPH-API-28-006 | Compose advisory/VEX/policy overlays with caching + explain sampling. | | Sprint 28 | Graph Explorer | src/Graph/StellaOps.Graph.Api/TASKS.md | TODO | Graph API Guild | GRAPH-API-28-007 | Provide export jobs (GraphML/CSV/NDJSON/PNG/SVG) with manifests. | | Sprint 28 | Graph Explorer | src/Graph/StellaOps.Graph.Api/TASKS.md | TODO | Graph API & Authority Guilds | GRAPH-API-28-008 | Enforce RBAC scopes, tenant headers, audit logging, rate limits. | | Sprint 28 | Graph Explorer | src/Graph/StellaOps.Graph.Api/TASKS.md | TODO | Graph API & Observability Guilds | GRAPH-API-28-009 | Instrument metrics/logs/traces; publish dashboards. | | Sprint 28 | Graph Explorer | src/Graph/StellaOps.Graph.Api/TASKS.md | TODO | Graph API & QA Guilds | GRAPH-API-28-010 | Build unit/integration/load tests with synthetic datasets. | | Sprint 28 | Graph Explorer | src/Graph/StellaOps.Graph.Api/TASKS.md | TODO | Graph API & DevOps Guilds | GRAPH-API-28-011 | Ship deployment/offline manifests + gateway integration docs. | | Sprint 28 | Graph Explorer | src/Graph/StellaOps.Graph.Indexer/TASKS.md | TODO | Graph Indexer Guild | GRAPH-INDEX-28-001 | Define node/edge schemas, identity rules, and fixtures for graph ingestion. | | Sprint 28 | Graph Explorer | src/Graph/StellaOps.Graph.Indexer/TASKS.md | TODO | Graph Indexer Guild | GRAPH-INDEX-28-002 | Implement SBOM ingest consumer generating artifact/package/file nodes & edges. | | Sprint 28 | Graph Explorer | src/Graph/StellaOps.Graph.Indexer/TASKS.md | TODO | Graph Indexer Guild | GRAPH-INDEX-28-003 | Serve advisory overlay tiles from Conseiller linksets (no mutation of raw node/edge stores). | | Sprint 28 | Graph Explorer | src/Graph/StellaOps.Graph.Indexer/TASKS.md | TODO | Graph Indexer Guild | GRAPH-INDEX-28-004 | Integrate VEX statements for vex_exempts edges with precedence metadata. | | Sprint 28 | Graph Explorer | src/Graph/StellaOps.Graph.Indexer/TASKS.md | TODO | Graph Indexer & Policy Guilds | GRAPH-INDEX-28-005 | Hydrate policy overlay nodes/edges referencing determinations + explains. | | Sprint 28 | Graph Explorer | src/Graph/StellaOps.Graph.Indexer/TASKS.md | TODO | Graph Indexer Guild | GRAPH-INDEX-28-006 | Produce graph snapshots per SBOM with lineage for diff jobs. | | Sprint 28 | Graph Explorer | src/Graph/StellaOps.Graph.Indexer/TASKS.md | TODO | Graph Indexer & Observability Guilds | GRAPH-INDEX-28-007 | Run clustering/centrality background jobs and persist cluster ids. | | Sprint 28 | Graph Explorer | src/Graph/StellaOps.Graph.Indexer/TASKS.md | TODO | Graph Indexer Guild | GRAPH-INDEX-28-008 | Build incremental/backfill pipeline with change streams, retries, backlog metrics. | | Sprint 28 | Graph Explorer | src/Graph/StellaOps.Graph.Indexer/TASKS.md | TODO | Graph Indexer & QA Guilds | GRAPH-INDEX-28-009 | Extend tests/perf fixtures ensuring determinism on large graphs. | | Sprint 28 | Graph Explorer | src/Graph/StellaOps.Graph.Indexer/TASKS.md | TODO | Graph Indexer & DevOps Guilds | GRAPH-INDEX-28-010 | Provide deployment/offline artifacts and docs for Graph Indexer. | | Sprint 28 | Graph Explorer | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild | POLICY-ENGINE-30-001 | Finalize graph overlay contract + projection API. | | Sprint 28 | Graph Explorer | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild | POLICY-ENGINE-30-002 | Implement simulation overlay bridge for Graph Explorer queries. | | Sprint 28 | Graph Explorer | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy & Scheduler Guilds | POLICY-ENGINE-30-003 | Emit change events for effective findings supporting graph overlays. | | Sprint 28 | Graph Explorer | src/Scheduler/StellaOps.Scheduler.WebService/TASKS.md | DOING (2025-10-26) | Scheduler WebService Guild, Scheduler Storage Guild | SCHED-WEB-21-004 | Persist graph jobs + emit completion events/webhook. | | Sprint 28 | Graph Explorer | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md | TODO | Scheduler Worker Guild | SCHED-WORKER-21-201 | Run graph build worker for SBOM snapshots with retries/backoff. | | Sprint 28 | Graph Explorer | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md | TODO | Scheduler Worker Guild | SCHED-WORKER-21-202 | Execute overlay refresh worker subscribing to change events. | | Sprint 28 | Graph Explorer | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md | TODO | Scheduler Worker & Observability Guilds | SCHED-WORKER-21-203 | Emit metrics/logs for graph build/overlay jobs. | | Sprint 28 | Graph Explorer | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-GRAPH-24-001 | Route /graph/* APIs through gateway with tenant scoping and RBAC. | | Sprint 28 | Graph Explorer | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-GRAPH-24-002 | Maintain overlay proxy routes to dedicated services (Policy/Vuln API), ensuring caching + RBAC only. | | Sprint 28 | Graph Explorer | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform & Observability Guilds | WEB-GRAPH-24-004 | Add Graph Explorer telemetry endpoints and metrics aggregation. | | Sprint 29 | Vulnerability Explorer | docs/TASKS.md | TODO | Docs Guild | DOCS-VULN-29-001 | Publish /docs/vuln/explorer-overview.md. | | Sprint 29 | Vulnerability Explorer | docs/TASKS.md | TODO | Docs & Console Guilds | DOCS-VULN-29-002 | Write /docs/vuln/explorer-using-console.md. | | Sprint 29 | Vulnerability Explorer | docs/TASKS.md | TODO | Docs Guild | DOCS-VULN-29-003 | Author /docs/vuln/explorer-api.md. | | Sprint 29 | Vulnerability Explorer | docs/TASKS.md | TODO | Docs Guild | DOCS-VULN-29-004 | Publish /docs/vuln/explorer-cli.md. | | Sprint 29 | Vulnerability Explorer | docs/TASKS.md | TODO | Docs & Ledger Guilds | DOCS-VULN-29-005 | Document Findings Ledger (/docs/vuln/findings-ledger.md). | | Sprint 29 | Vulnerability Explorer | docs/TASKS.md | TODO | Docs & Policy Guilds | DOCS-VULN-29-006 | Update /docs/policy/vuln-determinations.md. | | Sprint 29 | Vulnerability Explorer | docs/TASKS.md | TODO | Docs & Excititor Guilds | DOCS-VULN-29-007 | Publish /docs/vex/explorer-integration.md. | | Sprint 29 | Vulnerability Explorer | docs/TASKS.md | TODO | Docs & Concelier Guilds | DOCS-VULN-29-008 | Publish /docs/advisories/explorer-integration.md. | | Sprint 29 | Vulnerability Explorer | docs/TASKS.md | TODO | Docs & SBOM Guilds | DOCS-VULN-29-009 | Publish /docs/sbom/vuln-resolution.md. | | Sprint 29 | Vulnerability Explorer | docs/TASKS.md | TODO | Docs & Observability Guilds | DOCS-VULN-29-010 | Publish /docs/observability/vuln-telemetry.md. | | Sprint 29 | Vulnerability Explorer | docs/TASKS.md | TODO | Docs & Security Guilds | DOCS-VULN-29-011 | Publish /docs/security/vuln-rbac.md. | | Sprint 29 | Vulnerability Explorer | docs/TASKS.md | TODO | Docs & Ops Guilds | DOCS-VULN-29-012 | Publish /docs/runbooks/vuln-ops.md. | | Sprint 29 | Vulnerability Explorer | docs/TASKS.md | TODO | Docs & Deployment Guilds | DOCS-VULN-29-013 | Update /docs/install/containers.md with Findings Ledger & Vuln Explorer API. | | Sprint 29 | Vulnerability Explorer | ops/deployment/TASKS.md | TODO | Deployment & Findings Ledger Guilds | DEPLOY-VULN-29-001 | Provide deployments for Findings Ledger/projector with migrations/backups. | | Sprint 29 | Vulnerability Explorer | ops/deployment/TASKS.md | TODO | Deployment & Vuln Explorer API Guilds | DEPLOY-VULN-29-002 | Package Vuln Explorer API deployments/health checks/offline kit notes. | | Sprint 29 | Vulnerability Explorer | ops/devops/TASKS.md | TODO | DevOps & Findings Ledger Guilds | DEVOPS-VULN-29-001 | Set up CI/backups/anchoring monitoring for Findings Ledger. | | Sprint 29 | Vulnerability Explorer | ops/devops/TASKS.md | TODO | DevOps & Vuln Explorer API Guilds | DEVOPS-VULN-29-002 | Configure Vuln Explorer perf tests, budgets, dashboards, alerts. | | Sprint 29 | Vulnerability Explorer | ops/devops/TASKS.md | TODO | DevOps & Console Guilds | DEVOPS-VULN-29-003 | Integrate Vuln Explorer telemetry pipeline with privacy safeguards + dashboards. | | Sprint 29 | Vulnerability Explorer | src/Authority/StellaOps.Authority/TASKS.md | TODO | Authority Core & Security Guild | AUTH-VULN-29-001 | Define Vuln Explorer RBAC/ABAC scopes and issuer metadata. | | Sprint 29 | Vulnerability Explorer | src/Authority/StellaOps.Authority/TASKS.md | TODO | Authority Core & Security Guild | AUTH-VULN-29-002 | Enforce CSRF, attachment signing, and audit logging referencing ledger hashes. | | Sprint 29 | Vulnerability Explorer | src/Authority/StellaOps.Authority/TASKS.md | TODO | Authority Core & Docs Guild | AUTH-VULN-29-003 | Update docs/config samples for Vuln Explorer roles and security posture. | | Sprint 29 | Vulnerability Explorer | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-VULN-29-001 | Implement stella vuln list with grouping, filters, JSON/CSV output. | | Sprint 29 | Vulnerability Explorer | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-VULN-29-002 | Implement stella vuln show with evidence/policy/path display. | | Sprint 29 | Vulnerability Explorer | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-VULN-29-003 | Add workflow CLI commands (assign/comment/accept-risk/verify-fix/target-fix/reopen). | | Sprint 29 | Vulnerability Explorer | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-VULN-29-004 | Implement stella vuln simulate producing diff summaries/Markdown. | | Sprint 29 | Vulnerability Explorer | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-VULN-29-005 | Implement stella vuln export and bundle signature verification. | | Sprint 29 | Vulnerability Explorer | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI & Docs Guilds | CLI-VULN-29-006 | Update CLI docs/examples for Vulnerability Explorer commands. | | Sprint 29 | Vulnerability Explorer | src/Concelier/StellaOps.Concelier.WebService/TASKS.md | TODO | Concelier WebService Guild | CONCELIER-VULN-29-001 | Canonicalize (lossless) advisory identifiers, persist links[], backfill, and expose raw payload snapshots (no merge/derived fields). | | Sprint 29 | Vulnerability Explorer | src/Concelier/StellaOps.Concelier.WebService/TASKS.md | TODO | Concelier WebService Guild | CONCELIER-VULN-29-002 | Provide advisory evidence retrieval endpoint for Vuln Explorer. | | Sprint 29 | Vulnerability Explorer | src/Concelier/StellaOps.Concelier.WebService/TASKS.md | TODO | Concelier WebService & Observability Guilds | CONCELIER-VULN-29-004 | Add metrics/logs/events for advisory normalization supporting resolver. | | Sprint 29 | Vulnerability Explorer | src/Excititor/StellaOps.Excititor.WebService/TASKS.md | TODO | Excititor WebService Guild | EXCITITOR-VULN-29-001 | Canonicalize (lossless) VEX keys and product scopes with backfill + links (no merge/suppression). | | Sprint 29 | Vulnerability Explorer | src/Excititor/StellaOps.Excititor.WebService/TASKS.md | TODO | Excititor WebService Guild | EXCITITOR-VULN-29-002 | Expose VEX evidence retrieval endpoint for Explorer evidence tabs. | | Sprint 29 | Vulnerability Explorer | src/Excititor/StellaOps.Excititor.WebService/TASKS.md | TODO | Excititor WebService & Observability Guilds | EXCITITOR-VULN-29-004 | Instrument metrics/logs for VEX normalization and suppression events. | | Sprint 29 | Vulnerability Explorer | src/Findings/StellaOps.Findings.Ledger/TASKS.md | TODO | Findings Ledger Guild | LEDGER-29-001 | Design ledger & projection schemas, hashing strategy, and migrations for Findings Ledger. | | Sprint 29 | Vulnerability Explorer | src/Findings/StellaOps.Findings.Ledger/TASKS.md | TODO | Findings Ledger Guild | LEDGER-29-002 | Implement ledger write API with hash chaining and Merkle root anchoring job. | | Sprint 29 | Vulnerability Explorer | src/Findings/StellaOps.Findings.Ledger/TASKS.md | TODO | Findings Ledger & Scheduler Guilds | LEDGER-29-003 | Build projector worker deriving findings_projection with idempotent replay. | | Sprint 29 | Vulnerability Explorer | src/Findings/StellaOps.Findings.Ledger/TASKS.md | TODO | Findings Ledger & Policy Guilds | LEDGER-29-004 | Integrate Policy Engine batch evaluation into projector with rationale caching. | | Sprint 29 | Vulnerability Explorer | src/Findings/StellaOps.Findings.Ledger/TASKS.md | TODO | Findings Ledger Guild | LEDGER-29-005 | Implement workflow mutation endpoints producing ledger events (assign/comment/accept-risk/etc.). | | Sprint 29 | Vulnerability Explorer | src/Findings/StellaOps.Findings.Ledger/TASKS.md | TODO | Findings Ledger & Security Guilds | LEDGER-29-006 | Add attachment encryption, signed URLs, and CSRF protections for workflow endpoints. | | Sprint 29 | Vulnerability Explorer | src/Findings/StellaOps.Findings.Ledger/TASKS.md | TODO | Findings Ledger & Observability Guilds | LEDGER-29-007 | Instrument ledger metrics/logs/alerts (write latency, projection lag, anchoring). | | Sprint 29 | Vulnerability Explorer | src/Findings/StellaOps.Findings.Ledger/TASKS.md | TODO | Findings Ledger & QA Guilds | LEDGER-29-008 | Provide replay/determinism/load tests for ledger/projector pipelines. | | Sprint 29 | Vulnerability Explorer | src/Findings/StellaOps.Findings.Ledger/TASKS.md | TODO | Findings Ledger & DevOps Guilds | LEDGER-29-009 | Deliver deployment/offline artefacts, backup/restore, Merkle anchoring guidance. | | Sprint 29 | Vulnerability Explorer | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild | POLICY-ENGINE-29-001 | Implement policy batch evaluation endpoint returning determinations + rationale. | | Sprint 29 | Vulnerability Explorer | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild | POLICY-ENGINE-29-002 | Provide simulation diff API for Vuln Explorer comparisons. | | Sprint 29 | Vulnerability Explorer | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild | POLICY-ENGINE-29-003 | Include path/scope annotations in determinations for Explorer. | | Sprint 29 | Vulnerability Explorer | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild & Observability Guild | POLICY-ENGINE-29-004 | Add telemetry for batch evaluation + simulation jobs. | | Sprint 29 | Vulnerability Explorer | src/SbomService/StellaOps.SbomService/TASKS.md | TODO | SBOM Service Guild | SBOM-VULN-29-001 | Emit inventory evidence with scope/runtime/path/safe version hints; publish change events. | | Sprint 29 | Vulnerability Explorer | src/SbomService/StellaOps.SbomService/TASKS.md | TODO | SBOM Service & Findings Ledger Guilds | SBOM-VULN-29-002 | Provide resolver feed for candidate generation with idempotent delivery. | | Sprint 29 | Vulnerability Explorer | src/Scheduler/StellaOps.Scheduler.WebService/TASKS.md | TODO | Scheduler WebService Guild | SCHED-VULN-29-001 | Expose resolver job APIs + status monitoring for Vuln Explorer recomputation. | | Sprint 29 | Vulnerability Explorer | src/Scheduler/StellaOps.Scheduler.WebService/TASKS.md | TODO | Scheduler WebService & Observability Guilds | SCHED-VULN-29-002 | Provide projector lag metrics endpoint + webhook notifications. | | Sprint 29 | Vulnerability Explorer | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md | TODO | Scheduler Worker Guild | SCHED-WORKER-29-001 | Implement resolver worker applying ecosystem version semantics and path scope. | | Sprint 29 | Vulnerability Explorer | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md | TODO | Scheduler Worker Guild | SCHED-WORKER-29-002 | Implement evaluation worker invoking Policy Engine and updating ledger queues. | | Sprint 29 | Vulnerability Explorer | src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md | TODO | Scheduler Worker & Observability Guilds | SCHED-WORKER-29-003 | Add monitoring for resolver/evaluation backlog and SLA alerts. | | Sprint 29 | Vulnerability Explorer | src/VulnExplorer/StellaOps.VulnExplorer.Api/TASKS.md | TODO | Vuln Explorer API Guild | VULN-API-29-001 | Publish Vuln Explorer OpenAPI + query schemas. | | Sprint 29 | Vulnerability Explorer | src/VulnExplorer/StellaOps.VulnExplorer.Api/TASKS.md | TODO | Vuln Explorer API Guild | VULN-API-29-002 | Implement list/query endpoints with grouping, paging, cost budgets. | | Sprint 29 | Vulnerability Explorer | src/VulnExplorer/StellaOps.VulnExplorer.Api/TASKS.md | TODO | Vuln Explorer API Guild | VULN-API-29-003 | Implement detail endpoint combining evidence, policy rationale, paths, history. | | Sprint 29 | Vulnerability Explorer | src/VulnExplorer/StellaOps.VulnExplorer.Api/TASKS.md | TODO | Vuln Explorer API & Findings Ledger Guilds | VULN-API-29-004 | Expose workflow APIs writing ledger events with validation + idempotency. | | Sprint 29 | Vulnerability Explorer | src/VulnExplorer/StellaOps.VulnExplorer.Api/TASKS.md | TODO | Vuln Explorer API & Policy Guilds | VULN-API-29-005 | Implement policy simulation endpoint producing diffs without side effects. | | Sprint 29 | Vulnerability Explorer | src/VulnExplorer/StellaOps.VulnExplorer.Api/TASKS.md | TODO | Vuln Explorer API Guild | VULN-API-29-006 | Integrate Graph Explorer paths metadata and deep-link parameters. | | Sprint 29 | Vulnerability Explorer | src/VulnExplorer/StellaOps.VulnExplorer.Api/TASKS.md | TODO | Vuln Explorer API & Security Guilds | VULN-API-29-007 | Enforce RBAC/ABAC, CSRF, attachment security, and audit logging. | | Sprint 29 | Vulnerability Explorer | src/VulnExplorer/StellaOps.VulnExplorer.Api/TASKS.md | TODO | Vuln Explorer API Guild | VULN-API-29-008 | Provide evidence bundle export job with signing + manifests. | | Sprint 29 | Vulnerability Explorer | src/VulnExplorer/StellaOps.VulnExplorer.Api/TASKS.md | TODO | Vuln Explorer API & Observability Guilds | VULN-API-29-009 | Instrument API telemetry (latency, workflow counts, exports). | | Sprint 29 | Vulnerability Explorer | src/VulnExplorer/StellaOps.VulnExplorer.Api/TASKS.md | TODO | Vuln Explorer API & QA Guilds | VULN-API-29-010 | Deliver unit/integration/perf/determinism tests for Vuln Explorer API. | | Sprint 29 | Vulnerability Explorer | src/VulnExplorer/StellaOps.VulnExplorer.Api/TASKS.md | TODO | Vuln Explorer API & DevOps Guilds | VULN-API-29-011 | Ship deployment/offline manifests, health checks, scaling docs. | | Sprint 29 | Vulnerability Explorer | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-VULN-29-001 | Route /vuln/* APIs with tenant RBAC, ABAC, anti-forgery enforcement. | | Sprint 29 | Vulnerability Explorer | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-VULN-29-002 | Proxy workflow calls to Findings Ledger with correlation IDs + retries. | | Sprint 29 | Vulnerability Explorer | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-VULN-29-003 | Expose simulation/export orchestration with SSE/progress + signed links. | | Sprint 29 | Vulnerability Explorer | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform & Observability Guilds | WEB-VULN-29-004 | Aggregate Vuln Explorer telemetry (latency, errors, exports). | | Sprint 30 | VEX Lens | docs/TASKS.md | TODO | Docs Guild | DOCS-VEX-30-001 | Publish /docs/vex/consensus-overview.md. | | Sprint 30 | VEX Lens | docs/TASKS.md | TODO | Docs Guild | DOCS-VEX-30-002 | Write /docs/vex/consensus-algorithm.md. | | Sprint 30 | VEX Lens | docs/TASKS.md | TODO | Docs Guild | DOCS-VEX-30-003 | Document /docs/vex/issuer-directory.md. | | Sprint 30 | VEX Lens | docs/TASKS.md | TODO | Docs Guild | DOCS-VEX-30-004 | Publish /docs/vex/consensus-api.md. | | Sprint 30 | VEX Lens | docs/TASKS.md | TODO | Docs Guild | DOCS-VEX-30-005 | Create /docs/vex/consensus-console.md. | | Sprint 30 | VEX Lens | docs/TASKS.md | TODO | Docs Guild | DOCS-VEX-30-006 | Add /docs/policy/vex-trust-model.md. | | Sprint 30 | VEX Lens | docs/TASKS.md | TODO | Docs Guild | DOCS-VEX-30-007 | Author /docs/sbom/vex-mapping.md. | | Sprint 30 | VEX Lens | docs/TASKS.md | TODO | Docs Guild | DOCS-VEX-30-008 | Publish /docs/security/vex-signatures.md. | | Sprint 30 | VEX Lens | docs/TASKS.md | TODO | Docs Guild | DOCS-VEX-30-009 | Write /docs/runbooks/vex-ops.md. | | Sprint 30 | VEX Lens | ops/devops/TASKS.md | TODO | DevOps Guild | VEXLENS-30-009, ISSUER-30-005 | Set up CI/perf/telemetry dashboards for VEX Lens and Issuer Directory. | | Sprint 30 | VEX Lens | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | VEXLENS-30-007 | Implement stella vex consensus CLI commands with list/show/simulate/export. | | Sprint 30 | VEX Lens | src/Concelier/StellaOps.Concelier.WebService/TASKS.md | TODO | Concelier WebService Guild, VEX Lens Guild | CONCELIER-VEXLENS-30-001 | Guarantee advisory key consistency and provide cross-links for consensus rationale (VEX Lens). | | Sprint 30 | VEX Lens | src/Excititor/StellaOps.Excititor.WebService/TASKS.md | TODO | Excititor WebService Guild | EXCITITOR-VULN-29-001 | Ensure VEX evidence includes issuer hints, signatures, product trees for Lens consumption. | | Sprint 30 | VEX Lens | src/IssuerDirectory/StellaOps.IssuerDirectory/TASKS.md | TODO | Issuer Directory Guild | ISSUER-30-001 | Implement issuer CRUD API with RBAC and audit logs. | | Sprint 30 | VEX Lens | src/IssuerDirectory/StellaOps.IssuerDirectory/TASKS.md | TODO | Issuer Directory & Security Guilds | ISSUER-30-002 | Implement key management endpoints with expiry enforcement. | | Sprint 30 | VEX Lens | src/IssuerDirectory/StellaOps.IssuerDirectory/TASKS.md | TODO | Issuer Directory & Policy Guilds | ISSUER-30-003 | Provide trust weight override APIs with audit trails. | | Sprint 30 | VEX Lens | src/IssuerDirectory/StellaOps.IssuerDirectory/TASKS.md | TODO | Issuer Directory & VEX Lens Guilds | ISSUER-30-004 | Integrate issuer data into signature verification clients. | | Sprint 30 | VEX Lens | src/IssuerDirectory/StellaOps.IssuerDirectory/TASKS.md | TODO | Issuer Directory & Observability Guilds | ISSUER-30-005 | Instrument issuer change metrics/logs and dashboards. | | Sprint 30 | VEX Lens | src/IssuerDirectory/StellaOps.IssuerDirectory/TASKS.md | TODO | Issuer Directory & DevOps Guilds | ISSUER-30-006 | Provide deployment/backup/offline docs for Issuer Directory. | | Sprint 30 | VEX Lens | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild | POLICY-ENGINE-30-101 | Surface trust weighting configuration (issuer weights, modifiers, decay) for VEX Lens via Policy Studio/API. | | Sprint 30 | VEX Lens | src/VexLens/StellaOps.VexLens/TASKS.md | TODO | VEX Lens Guild | VEXLENS-30-001 | Implement VEX normalization pipeline (CSAF, OpenVEX, CycloneDX) with deterministic outputs. | | Sprint 30 | VEX Lens | src/VexLens/StellaOps.VexLens/TASKS.md | TODO | VEX Lens Guild | VEXLENS-30-002 | Build product mapping library aligning CSAF product trees to purls/versions with scope scoring. | | Sprint 30 | VEX Lens | src/VexLens/StellaOps.VexLens/TASKS.md | TODO | VEX Lens & Issuer Directory Guilds | VEXLENS-30-003 | Integrate signature verification using issuer keys; annotate evidence. | | Sprint 30 | VEX Lens | src/VexLens/StellaOps.VexLens/TASKS.md | TODO | VEX Lens & Policy Guilds | VEXLENS-30-004 | Implement trust weighting functions configurable via policy. | | Sprint 30 | VEX Lens | src/VexLens/StellaOps.VexLens/TASKS.md | TODO | VEX Lens Guild | VEXLENS-30-005 | Implement consensus algorithm producing state, confidence, rationale, and quorum. | | Sprint 30 | VEX Lens | src/VexLens/StellaOps.VexLens/TASKS.md | TODO | VEX Lens & Findings Ledger Guilds | VEXLENS-30-006 | Materialize consensus projections and change events. | | Sprint 30 | VEX Lens | src/VexLens/StellaOps.VexLens/TASKS.md | TODO | VEX Lens Guild | VEXLENS-30-007 | Deliver query/detail/simulation/export APIs with budgets and OpenAPI docs. | | Sprint 30 | VEX Lens | src/VexLens/StellaOps.VexLens/TASKS.md | TODO | VEX Lens & Policy Guilds | VEXLENS-30-008 | Integrate consensus signals with Policy Engine and Vuln Explorer. | | Sprint 30 | VEX Lens | src/VexLens/StellaOps.VexLens/TASKS.md | TODO | VEX Lens & Observability Guilds | VEXLENS-30-009 | Instrument metrics/logs/traces; publish dashboards/alerts. | | Sprint 30 | VEX Lens | src/VexLens/StellaOps.VexLens/TASKS.md | TODO | VEX Lens & QA Guilds | VEXLENS-30-010 | Build unit/property/integration/load tests and determinism harness. | | Sprint 30 | VEX Lens | src/VexLens/StellaOps.VexLens/TASKS.md | TODO | VEX Lens & DevOps Guilds | VEXLENS-30-011 | Provide deployment manifests, scaling guides, offline seeds, runbooks. | | Sprint 30 | VEX Lens | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild, VEX Lens Guild | WEB-VEX-30-007 | Route /vex/consensus APIs via gateway with RBAC/ABAC, caching, and telemetry (proxy-only). | | Sprint 31 | Advisory AI | docs/TASKS.md | TODO | Docs Guild | DOCS-AIAI-31-001 | Publish Advisory AI overview doc. | | Sprint 31 | Advisory AI | docs/TASKS.md | TODO | Docs Guild | DOCS-AIAI-31-002 | Publish architecture doc for Advisory AI. | | Sprint 31 | Advisory AI | docs/TASKS.md | TODO | Docs Guild | DOCS-AIAI-31-003..009 | Complete API/Console/CLI/Policy/Security/SBOM/Runbook docs. | | Sprint 31 | Advisory AI | ops/deployment/TASKS.md | TODO | Deployment Guild | DEPLOY-AIAI-31-001 | Provide Advisory AI deployment/offline guidance. | | Sprint 31 | Advisory AI | ops/devops/TASKS.md | TODO | DevOps Guild | DEVOPS-AIAI-31-001 | Provision CI/perf/telemetry for Advisory AI. | | Sprint 31 | Advisory AI | src/AdvisoryAI/StellaOps.AdvisoryAI/TASKS.md | TODO | Advisory AI Guild | AIAI-31-001 | Implement advisory/VEX retrievers with paragraph anchors and citations. | | Sprint 31 | Advisory AI | src/AdvisoryAI/StellaOps.AdvisoryAI/TASKS.md | TODO | Advisory AI Guild | AIAI-31-002 | Build SBOM context retriever and blast radius estimator. | | Sprint 31 | Advisory AI | src/AdvisoryAI/StellaOps.AdvisoryAI/TASKS.md | TODO | Advisory AI Guild | AIAI-31-003 | Deliver deterministic toolset (version checks, dependency analysis, policy lookup). | | Sprint 31 | Advisory AI | src/AdvisoryAI/StellaOps.AdvisoryAI/TASKS.md | TODO | Advisory AI Guild | AIAI-31-004 | Orchestrator with task templates, tool chaining, caching. | | Sprint 31 | Advisory AI | src/AdvisoryAI/StellaOps.AdvisoryAI/TASKS.md | TODO | Advisory AI & Security Guilds | AIAI-31-005 | Guardrails (redaction, injection defense, output validation). | | Sprint 31 | Advisory AI | src/AdvisoryAI/StellaOps.AdvisoryAI/TASKS.md | TODO | Advisory AI Guild | AIAI-31-006 | Expose REST/batch APIs with RBAC and OpenAPI. | | Sprint 31 | Advisory AI | src/AdvisoryAI/StellaOps.AdvisoryAI/TASKS.md | TODO | Advisory AI & Observability Guilds | AIAI-31-007 | Instrument metrics/logs/traces and dashboards. | | Sprint 31 | Advisory AI | src/AdvisoryAI/StellaOps.AdvisoryAI/TASKS.md | TODO | Advisory AI & DevOps Guilds | AIAI-31-008 | Package inference + deployment manifests/flags. | | Sprint 31 | Advisory AI | src/AdvisoryAI/StellaOps.AdvisoryAI/TASKS.md | TODO | Advisory AI & QA Guilds | AIAI-31-009 | Build golden/injection/perf tests ensuring determinism. | | Sprint 31 | Advisory AI | src/Authority/StellaOps.Authority/TASKS.md | TODO | Authority Core & Security Guild | AUTH-AIAI-31-001 | Define Advisory AI scopes and remote inference toggles. | | Sprint 31 | Advisory AI | src/Authority/StellaOps.Authority/TASKS.md | TODO | Authority Core & Security Guild | AUTH-AIAI-31-002 | Enforce prompt logging and consent/audit flows. | | Sprint 31 | Advisory AI | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-AIAI-31-001 | Implement stella advise * CLI commands leveraging Advisory AI orchestration and policy scopes. | | Sprint 31 | Advisory AI | src/Concelier/StellaOps.Concelier.WebService/TASKS.md | TODO | Concelier WebService Guild | CONCELIER-AIAI-31-001 | Expose advisory chunk API with paragraph anchors. | | Sprint 31 | Advisory AI | src/Excititor/StellaOps.Excititor.WebService/TASKS.md | TODO | Excititor WebService Guild | EXCITITOR-AIAI-31-001 | Provide VEX chunks with justifications and signatures. | | Sprint 31 | Advisory AI | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild | POLICY-ENGINE-31-001 | Provide policy knobs for Advisory AI. | | Sprint 31 | Advisory AI | src/SbomService/StellaOps.SbomService/TASKS.md | TODO | SBOM Service Guild | SBOM-AIAI-31-001 | Deliver SBOM path/timeline endpoints for Advisory AI. | | Sprint 31 | Advisory AI | src/VexLens/StellaOps.VexLens/TASKS.md | TODO | VEX Lens Guild | VEXLENS-AIAI-31-001 | Expose enriched rationale API for conflict explanations. | | Sprint 31 | Advisory AI | src/VexLens/StellaOps.VexLens/TASKS.md | TODO | VEX Lens Guild | VEXLENS-AIAI-31-002 | Provide batching/caching hooks for Advisory AI. | | Sprint 31 | Advisory AI | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-AIAI-31-001 | Route /advisory/ai/* APIs with RBAC/telemetry. | | Sprint 31 | Advisory AI | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-AIAI-31-002 | Provide batch orchestration and retry handling for Advisory AI. | | Sprint 31 | Advisory AI | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-AIAI-31-003 | Emit Advisory AI gateway telemetry/audit logs. | | Sprint 32 | Orchestrator Dashboard | docs/TASKS.md | TODO | Docs Guild | DOCS-ORCH-32-001 | Author /docs/orchestrator/overview.md covering mission, roles, AOC alignment, and imposed rule reminder. | | Sprint 32 | Orchestrator Dashboard | docs/TASKS.md | TODO | Docs Guild | DOCS-ORCH-32-002 | Author /docs/orchestrator/architecture.md detailing scheduler, DAGs, rate limits, and data model. | | Sprint 32 | Orchestrator Dashboard | ops/devops/TASKS.md | TODO | DevOps Guild | DEVOPS-ORCH-32-001 | Provision staging Postgres/message-bus charts, CI smoke deploy, and baseline dashboards for queue depth and inflight jobs. | | Sprint 32 | Orchestrator Dashboard | src/Authority/StellaOps.Authority/TASKS.md | TODO | Authority Core & Security Guild | AUTH-ORCH-32-001 | Introduce orch:read scope and Orch.Viewer role with metadata, discovery docs, and offline defaults. | | Sprint 32 | Orchestrator Dashboard | src/Concelier/__Libraries/StellaOps.Concelier.Core/TASKS.md | TODO | Concelier Core Guild | CONCELIER-ORCH-32-001 | Register Concelier sources with orchestrator, publish schedules/rate policies, and seed metadata. | | Sprint 32 | Orchestrator Dashboard | src/Concelier/__Libraries/StellaOps.Concelier.Core/TASKS.md | TODO | Concelier Core Guild | CONCELIER-ORCH-32-002 | Embed worker SDK into Concelier ingestion loops emitting progress, heartbeats, and artifact hashes. | | Sprint 32 | Orchestrator Dashboard | src/Excititor/StellaOps.Excititor.Worker/TASKS.md | TODO | Excititor Worker Guild | EXCITITOR-ORCH-32-001 | Adopt worker SDK in Excititor worker with job claim/heartbeat and artifact summary emission. | | Sprint 32 | Orchestrator Dashboard | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go/TASKS.md | TODO | Worker SDK Guild | WORKER-GO-32-001 | Bootstrap Go worker SDK (client config, job claim, acknowledgement flow) with integration tests. | | Sprint 32 | Orchestrator Dashboard | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go/TASKS.md | TODO | Worker SDK Guild | WORKER-GO-32-002 | Add heartbeat/progress helpers, structured logging, and default metrics exporters to Go SDK. | | Sprint 32 | Orchestrator Dashboard | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python/TASKS.md | TODO | Worker SDK Guild | WORKER-PY-32-001 | Bootstrap Python async SDK with job claim/config adapters and sample worker. | | Sprint 32 | Orchestrator Dashboard | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python/TASKS.md | TODO | Worker SDK Guild | WORKER-PY-32-002 | Implement heartbeat/progress helpers and logging/metrics instrumentation for Python workers. | | Sprint 32 | Orchestrator Dashboard | src/Orchestrator/StellaOps.Orchestrator/TASKS.md | TODO | Orchestrator Service Guild | ORCH-SVC-32-001 | Bootstrap orchestrator service with Postgres schema/migrations for sources, runs, jobs, dag_edges, artifacts, quotas, schedules. | | Sprint 32 | Orchestrator Dashboard | src/Orchestrator/StellaOps.Orchestrator/TASKS.md | TODO | Orchestrator Service Guild | ORCH-SVC-32-002 | Implement scheduler DAG planner, dependency resolver, and job state machine for read-only tracking. | | Sprint 32 | Orchestrator Dashboard | src/Orchestrator/StellaOps.Orchestrator/TASKS.md | TODO | Orchestrator Service Guild | ORCH-SVC-32-003 | Expose read-only REST APIs (sources, runs, jobs, DAG) with OpenAPI + validation. | | Sprint 32 | Orchestrator Dashboard | src/Orchestrator/StellaOps.Orchestrator/TASKS.md | TODO | Orchestrator Service Guild | ORCH-SVC-32-004 | Ship WebSocket/SSE live update stream and metrics counters/histograms for job lifecycle. | | Sprint 32 | Orchestrator Dashboard | src/Orchestrator/StellaOps.Orchestrator/TASKS.md | TODO | Orchestrator Service Guild | ORCH-SVC-32-005 | Deliver worker claim/heartbeat/progress endpoints capturing artifact metadata and checksums. | | Sprint 32 | Orchestrator Dashboard | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild | POLICY-ENGINE-32-101 | Define orchestrator policy_eval job contract, idempotency keys, and enqueue hooks for change events. | | Sprint 32 | Orchestrator Dashboard | src/SbomService/StellaOps.SbomService/TASKS.md | TODO | SBOM Service Guild | SBOM-ORCH-32-001 | Integrate orchestrator job IDs into SBOM ingest/index pipelines with artifact hashing and status updates. | | Sprint 32 | Orchestrator Dashboard | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-ORCH-32-001 | Expose read-only orchestrator APIs via gateway with tenant scoping, caching headers, and rate limits. | | Sprint 33 | Orchestrator Dashboard | docs/TASKS.md | TODO | Docs Guild | DOCS-ORCH-33-001 | Author /docs/orchestrator/api.md with endpoints, WebSocket events, error codes, and imposed rule reminder. | | Sprint 33 | Orchestrator Dashboard | docs/TASKS.md | TODO | Docs Guild | DOCS-ORCH-33-002 | Author /docs/orchestrator/console.md covering screens, accessibility, and live updates. | | Sprint 33 | Orchestrator Dashboard | docs/TASKS.md | TODO | Docs Guild | DOCS-ORCH-33-003 | Author /docs/orchestrator/cli.md with command reference, examples, and exit codes. | | Sprint 33 | Governance & Rules | ops/devops/TASKS.md | REVIEW (2025-10-30) | DevOps Guild, Platform Leads | DEVOPS-RULES-33-001 | Contracts & Rules anchor (gateway proxy-only; Policy Engine overlays/simulations; AOC ingestion canonicalization; Graph Indexer + Graph API as sole platform). | | Sprint 33 | Orchestrator Dashboard | ops/devops/TASKS.md | TODO | DevOps Guild | DEVOPS-ORCH-33-001 | Publish Grafana dashboards for rate-limit/backpressure/error clustering and configure alert rules with runbooks. | | Sprint 33 | Orchestrator Dashboard | src/Authority/StellaOps.Authority/TASKS.md | TODO | Authority Core & Security Guild | AUTH-ORCH-33-001 | Add Orch.Operator role, control action scopes, and enforce reason/ticket field capture. | | Sprint 33 | Orchestrator Dashboard | src/Concelier/__Libraries/StellaOps.Concelier.Core/TASKS.md | TODO | Concelier Core Guild | CONCELIER-ORCH-33-001 | Wire orchestrator control hooks (pause, throttle, retry) into Concelier workers with safe checkpoints. | | Sprint 33 | Orchestrator Dashboard | src/Excititor/StellaOps.Excititor.Worker/TASKS.md | TODO | Excititor Worker Guild | EXCITITOR-ORCH-33-001 | Honor orchestrator throttles, classify VEX errors, and emit retry-safe checkpoints in Excititor worker. | | Sprint 33 | Orchestrator Dashboard | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go/TASKS.md | TODO | Worker SDK Guild | WORKER-GO-33-001 | Add artifact upload helpers (object store + checksum) and idempotency guard to Go SDK. | | Sprint 33 | Orchestrator Dashboard | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go/TASKS.md | TODO | Worker SDK Guild | WORKER-GO-33-002 | Implement error classification/retry helper and structured failure report in Go SDK. | | Sprint 33 | Orchestrator Dashboard | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python/TASKS.md | TODO | Worker SDK Guild | WORKER-PY-33-001 | Add artifact publish/idempotency features to Python SDK with object store integration. | | Sprint 33 | Orchestrator Dashboard | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python/TASKS.md | TODO | Worker SDK Guild | WORKER-PY-33-002 | Expose error classification/retry/backoff helpers in Python SDK with structured logging. | | Sprint 33 | Orchestrator Dashboard | src/Orchestrator/StellaOps.Orchestrator/TASKS.md | TODO | Orchestrator Service Guild | ORCH-SVC-33-001 | Enable source/job control actions (test, pause/resume, retry/cancel/prioritize) with RBAC and audit hooks. | | Sprint 33 | Orchestrator Dashboard | src/Orchestrator/StellaOps.Orchestrator/TASKS.md | TODO | Orchestrator Service Guild | ORCH-SVC-33-002 | Implement adaptive token-bucket rate limiter and concurrency caps reacting to upstream 429/503 signals. | | Sprint 33 | Orchestrator Dashboard | src/Orchestrator/StellaOps.Orchestrator/TASKS.md | TODO | Orchestrator Service Guild | ORCH-SVC-33-003 | Add watermark/backfill manager with event-time windows, duplicate suppression, and preview API. | | Sprint 33 | Orchestrator Dashboard | src/Orchestrator/StellaOps.Orchestrator/TASKS.md | TODO | Orchestrator Service Guild | ORCH-SVC-33-004 | Deliver dead-letter storage, replay endpoints, and surfaced error classes with remediation hints. | | Sprint 33 | Orchestrator Dashboard | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild | POLICY-ENGINE-33-101 | Implement orchestrator-driven policy evaluation workers with heartbeats, SLO metrics, and rate limit awareness. | | Sprint 33 | Orchestrator Dashboard | src/SbomService/StellaOps.SbomService/TASKS.md | TODO | SBOM Service Guild | SBOM-ORCH-33-001 | Report SBOM ingest backpressure metrics and support orchestrator pause/resume/backfill signals. | | Sprint 33 | Orchestrator Dashboard | src/VexLens/StellaOps.VexLens/TASKS.md | TODO | VEX Lens Guild | VEXLENS-ORCH-33-001 | Expose consensus_compute orchestrator job type and integrate VEX Lens worker for diff batches. | | Sprint 33 | Orchestrator Dashboard | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-ORCH-33-001 | Add control endpoints (actions/backfill) and SSE bridging with permission checks and error mapping. | | Sprint 34 | Orchestrator Dashboard | docs/TASKS.md | TODO | Docs Guild | DOCS-ORCH-34-001 | Author /docs/orchestrator/run-ledger.md describing provenance export format and audits. | | Sprint 34 | Orchestrator Dashboard | docs/TASKS.md | TODO | Docs Guild | DOCS-ORCH-34-002 | Author /docs/security/secrets-handling.md covering KMS refs, redaction, and operator hygiene. | | Sprint 34 | Orchestrator Dashboard | docs/TASKS.md | TODO | Docs Guild | DOCS-ORCH-34-003 | Author /docs/operations/orchestrator-runbook.md (failures, backfill guide, circuit breakers). | | Sprint 34 | Orchestrator Dashboard | docs/TASKS.md | TODO | Docs Guild | DOCS-ORCH-34-004 | Author /docs/schemas/artifacts.md detailing artifact kinds, schema versions, hashing, storage layout. | | Sprint 34 | Orchestrator Dashboard | docs/TASKS.md | TODO | Docs Guild | DOCS-ORCH-34-005 | Author /docs/slo/orchestrator-slo.md defining SLOs, burn alerts, and measurement strategy. | | Sprint 34 | Orchestrator Dashboard | ops/deployment/TASKS.md | TODO | Deployment Guild | DEPLOY-ORCH-34-001 | Provide Helm/Compose manifests, scaling defaults, and offline kit instructions for orchestrator service. | | Sprint 34 | Orchestrator Dashboard | ops/devops/TASKS.md | TODO | DevOps Guild | DEVOPS-ORCH-34-001 | Harden production dashboards/alerts, synthetic probes, and incident response playbooks for orchestrator. | | Sprint 34 | Orchestrator Dashboard | ops/offline-kit/TASKS.md | TODO | Offline Kit Guild | DEVOPS-OFFLINE-34-006 | Bundle orchestrator service, worker SDK samples, and Postgres snapshot into Offline Kit with integrity checks. | | Sprint 34 | Orchestrator Dashboard | src/Authority/StellaOps.Authority/TASKS.md | TODO | Authority Core & Security Guild | AUTH-ORCH-34-001 | Add Orch.Admin role for quotas/backfills, enforce audit reason requirements, update docs and offline defaults. | | Sprint 34 | Orchestrator Dashboard | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-ORCH-34-001 | Implement backfill wizard and quota management commands with dry-run preview and guardrails. | | Sprint 34 | Orchestrator Dashboard | src/Concelier/__Libraries/StellaOps.Concelier.Core/TASKS.md | TODO | Concelier Core Guild | CONCELIER-ORCH-34-001 | Implement orchestrator-driven backfills for advisory sources with idempotent artifact reuse and ledger linkage. | | Sprint 34 | Orchestrator Dashboard | src/Excititor/StellaOps.Excititor.Worker/TASKS.md | TODO | Excititor Worker Guild | EXCITITOR-ORCH-34-001 | Support orchestrator backfills and circuit breaker resets for Excititor sources with auditing. | | Sprint 34 | Orchestrator Dashboard | src/Findings/StellaOps.Findings.Ledger/TASKS.md | TODO | Findings Ledger Guild | LEDGER-34-101 | Link orchestrator run ledger entries into Findings Ledger provenance export and audit queries. | | Sprint 34 | Orchestrator Dashboard | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go/TASKS.md | TODO | Worker SDK Guild | WORKER-GO-34-001 | Add backfill range execution, watermark handshake, and artifact dedupe verification to Go SDK. | | Sprint 34 | Orchestrator Dashboard | src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python/TASKS.md | TODO | Worker SDK Guild | WORKER-PY-34-001 | Add backfill support and deterministic artifact dedupe validation to Python SDK. | | Sprint 34 | Orchestrator Dashboard | src/Orchestrator/StellaOps.Orchestrator/TASKS.md | TODO | Orchestrator Service Guild | ORCH-SVC-34-001 | Implement quota management APIs, SLO burn-rate computation, and alert budget tracking. | | Sprint 34 | Orchestrator Dashboard | src/Orchestrator/StellaOps.Orchestrator/TASKS.md | TODO | Orchestrator Service Guild | ORCH-SVC-34-002 | Build audit log and immutable run ledger export with signed manifest support. | | Sprint 34 | Orchestrator Dashboard | src/Orchestrator/StellaOps.Orchestrator/TASKS.md | TODO | Orchestrator Service Guild | ORCH-SVC-34-003 | Run perf/scale validation (10k jobs, dispatch <150 ms) and add autoscaling hooks. | | Sprint 34 | Orchestrator Dashboard | src/Orchestrator/StellaOps.Orchestrator/TASKS.md | TODO | Orchestrator Service Guild | ORCH-SVC-34-004 | Package orchestrator container, Helm overlays, offline bundle seeds, and provenance attestations. | | Sprint 34 | Orchestrator Dashboard | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild | POLICY-ENGINE-34-101 | Expose policy eval run ledger exports and SLO burn metrics to orchestrator. | | Sprint 34 | Orchestrator Dashboard | src/SbomService/StellaOps.SbomService/TASKS.md | TODO | SBOM Service Guild | SBOM-ORCH-34-001 | Enable SBOM backfill and watermark reconciliation; emit coverage metrics and flood guard. | | Sprint 34 | Orchestrator Dashboard | src/VexLens/StellaOps.VexLens/TASKS.md | TODO | VEX Lens Guild | VEXLENS-ORCH-34-001 | Integrate consensus compute completion events with orchestrator ledger and provenance outputs. | | Sprint 34 | Orchestrator Dashboard | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-ORCH-34-001 | Expose quotas/backfill/queue metrics endpoints, throttle toggles, and error clustering APIs. | | Sprint 35 | EPDR Foundations | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet/TASKS.md | TODO | Scanner EPDR Guild | SCANNER-ANALYZERS-LANG-11-001 | Build entrypoint resolver (identity + environment profiles) and emit normalized entrypoint records. | | Sprint 35 | EPDR Foundations | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet/TASKS.md | TODO | Scanner EPDR Guild | SCANNER-ANALYZERS-LANG-11-002 | Static IL/reflection/ALC heuristics producing dependency edges with reason codes and confidence. | | Sprint 35 | EPDR Foundations | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet/TASKS.md | TODO | Scanner EPDR Guild, Signals Guild | SCANNER-ANALYZERS-LANG-11-003 | Runtime loader/PInvoke signal ingestion merged with static/declared edges (confidence & explain). | | Sprint 35 | Export Center Phase 1 | docs/TASKS.md | TODO | Docs Guild | DOCS-EXPORT-35-001 | Author /docs/modules/export-center/overview.md with purpose, profiles, security, and imposed rule reminder. | | Sprint 35 | Export Center Phase 1 | docs/TASKS.md | TODO | Docs Guild | DOCS-EXPORT-35-002 | Author /docs/modules/export-center/architecture.md detailing service components, adapters, manifests, signing, and distribution. | | Sprint 35 | Export Center Phase 1 | docs/TASKS.md | TODO | Docs Guild | DOCS-EXPORT-35-003 | Publish /docs/modules/export-center/profiles.md covering schemas, examples, and compatibility. | | Sprint 35 | Export Center Phase 1 | ops/deployment/TASKS.md | TODO | Deployment Guild | DEPLOY-EXPORT-35-001 | Package exporter service/worker containers, Helm overlays (download-only), and rollout guide. | | Sprint 35 | Export Center Phase 1 | ops/devops/TASKS.md | TODO | DevOps Guild | DEVOPS-EXPORT-35-001 | Create exporter CI pipeline (lint/test/perf smoke), object storage fixtures, and initial Grafana dashboards. | | Sprint 35 | Export Center Phase 1 | src/ExportCenter/StellaOps.ExportCenter/TASKS.md | TODO | Exporter Service Guild | EXPORT-SVC-35-001 | Bootstrap exporter service, configuration, and migrations for export profiles/runs/inputs/distributions with tenant scopes. | | Sprint 35 | Export Center Phase 1 | src/ExportCenter/StellaOps.ExportCenter/TASKS.md | TODO | Exporter Service Guild | EXPORT-SVC-35-002 | Implement planner resolving filters to iterators and orchestrator job contract with deterministic sampling. | | Sprint 35 | Export Center Phase 1 | src/ExportCenter/StellaOps.ExportCenter/TASKS.md | TODO | Exporter Service Guild | EXPORT-SVC-35-003 | Deliver JSON adapters (raw/policy) with canonical normalization, redaction enforcement, and zstd writers. | | Sprint 35 | Export Center Phase 1 | src/ExportCenter/StellaOps.ExportCenter/TASKS.md | TODO | Exporter Service Guild | EXPORT-SVC-35-004 | Build mirror (full) adapter producing filesystem layout, manifests, and bundle assembly for download profile. | | Sprint 35 | Export Center Phase 1 | src/ExportCenter/StellaOps.ExportCenter/TASKS.md | TODO | Exporter Service Guild | EXPORT-SVC-35-005 | Implement manifest/provenance writer and KMS signing/attestation for export bundles. | | Sprint 35 | Export Center Phase 1 | src/ExportCenter/StellaOps.ExportCenter/TASKS.md | TODO | Exporter Service Guild | EXPORT-SVC-35-006 | Expose Export API (profiles, runs, download) with SSE updates, concurrency controls, and audit logging. | | Sprint 35 | Export Center Phase 1 | src/Findings/StellaOps.Findings.Ledger/TASKS.md | TODO | Findings Ledger Guild | LEDGER-EXPORT-35-001 | Provide paginated streaming endpoints for advisories, VEX, SBOMs, and findings filtered by scope selectors. | | Sprint 35 | Export Center Phase 1 | src/Orchestrator/StellaOps.Orchestrator/TASKS.md | TODO | Orchestrator Service Guild | ORCH-SVC-35-101 | Register export job type, quotas, and rate policies; surface export job telemetry for scheduler. | | Sprint 35 | Export Center Phase 1 | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild | POLICY-ENGINE-35-201 | Expose deterministic policy snapshot + evaluated findings endpoint aligned with Export Center requirements. | | Sprint 35 | Export Center Phase 1 | src/VexLens/StellaOps.VexLens/TASKS.md | TODO | VEX Lens Guild | VEXLENS-EXPORT-35-001 | Publish consensus snapshot API delivering deterministic JSON for export consumption. | | Sprint 35 | Export Center Phase 1 | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-EXPORT-35-001 | Route Export Center APIs through gateway with tenant scoping, viewer/operator scopes, and streaming downloads. | | Sprint 36 | EPDR Observations | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet/TASKS.md | TODO | Scanner EPDR Guild, SBOM Service Guild | SCANNER-ANALYZERS-LANG-11-004 | Normalize EPDR output to Scanner observation writer (entrypoints + edges + env profiles). | | Sprint 36 | EPDR Observations | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.DotNet/TASKS.md | TODO | Scanner EPDR Guild, QA Guild | SCANNER-ANALYZERS-LANG-11-005 | End-to-end fixtures/benchmarks covering publish modes, RIDs, trimming, NativeAOT with explain traces. | | Sprint 36 | Export Center Phase 2 | docs/TASKS.md | TODO | Docs Guild | DOCS-EXPORT-36-004 | Author /docs/modules/export-center/api.md with endpoint examples and imposed rule note. | | Sprint 36 | Export Center Phase 2 | docs/TASKS.md | TODO | Docs Guild | DOCS-EXPORT-36-005 | Publish /docs/modules/export-center/cli.md covering commands, scripts, verification, and imposed rule reminder. | | Sprint 36 | Export Center Phase 2 | docs/TASKS.md | TODO | Docs Guild | DOCS-EXPORT-36-006 | Write /docs/modules/export-center/trivy-adapter.md detailing mappings, compatibility, and test matrix. | | Sprint 36 | Export Center Phase 2 | ops/deployment/TASKS.md | TODO | Deployment Guild | DEPLOY-EXPORT-36-001 | Document registry credentials, OCI push workflows, and automation for export distributions. | | Sprint 36 | Export Center Phase 2 | ops/devops/TASKS.md | TODO | DevOps Guild | DEVOPS-EXPORT-36-001 | Integrate Trivy compatibility validation, OCI push smoke tests, and metrics dashboards for export throughput. | | Sprint 36 | Export Center Phase 2 | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-EXPORT-36-001 | Add stella export distribute (OCI/objstore), run download --resume, and status polling enhancements. | | Sprint 36 | Export Center Phase 2 | src/ExportCenter/StellaOps.ExportCenter/TASKS.md | TODO | Exporter Service Guild | EXPORT-SVC-36-001 | Implement Trivy DB adapter (core) with schema mapping, validation, and compatibility gating. | | Sprint 36 | Export Center Phase 2 | src/ExportCenter/StellaOps.ExportCenter/TASKS.md | TODO | Exporter Service Guild | EXPORT-SVC-36-002 | Add Trivy Java DB variant, shared manifest entries, and adapter regression tests. | | Sprint 36 | Export Center Phase 2 | src/ExportCenter/StellaOps.ExportCenter/TASKS.md | TODO | Exporter Service Guild | EXPORT-SVC-36-003 | Build OCI distribution engine for exports with descriptor annotations and registry auth handling. | | Sprint 36 | Export Center Phase 2 | src/ExportCenter/StellaOps.ExportCenter/TASKS.md | TODO | Exporter Service Guild | EXPORT-SVC-36-004 | Extend planner/run lifecycle for OCI/object storage distributions with retry + idempotency. | | Sprint 36 | Export Center Phase 2 | src/Orchestrator/StellaOps.Orchestrator/TASKS.md | TODO | Orchestrator Service Guild | ORCH-SVC-36-101 | Add distribution job follow-ups, retention metadata, and metrics for export runs. | | Sprint 36 | Export Center Phase 2 | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-EXPORT-36-001 | Expose distribution endpoints (OCI/object storage) and manifest/provenance download proxies with RBAC. | | Sprint 37 | Export Center Phase 3 | docs/TASKS.md | TODO | Docs Guild | DOCS-EXPORT-37-001 | Publish /docs/modules/export-center/mirror-bundles.md detailing layouts, deltas, encryption, imposed rule reminder. | | Sprint 37 | Export Center Phase 3 | docs/TASKS.md | TODO | Docs Guild | DOCS-EXPORT-37-002 | Publish /docs/modules/export-center/provenance-and-signing.md covering manifests, attestation, verification. | | Sprint 37 | Export Center Phase 3 | docs/TASKS.md | TODO | Docs Guild | DOCS-EXPORT-37-003 | Publish /docs/operations/export-runbook.md for failures, tuning, capacity, with imposed rule note. | | Sprint 37 | Export Center Phase 3 | docs/TASKS.md | TODO | Docs Guild | DOCS-EXPORT-37-004 | Publish /docs/security/export-hardening.md covering RBAC, isolation, encryption, and imposed rule. | | Sprint 37 | Export Center Phase 3 | ops/devops/TASKS.md | TODO | DevOps Guild | DEVOPS-EXPORT-37-001 | Finalize dashboards/alerts for exports (failure, verify), retention jobs, and chaos testing harness. | | Sprint 37 | Export Center Phase 3 | ops/offline-kit/TASKS.md | TODO | Offline Kit Guild | DEVOPS-OFFLINE-37-001 | Package Export Center mirror bundles + verification tooling into Offline Kit with manifest/signature updates. | | Sprint 37 | Export Center Phase 3 | src/Authority/StellaOps.Authority/TASKS.md | TODO | Authority Core & Security Guild | AUTH-EXPORT-37-001 | Add Export.Admin scope enforcement for retention, encryption keys, and scheduling APIs. | | Sprint 37 | Export Center Phase 3 | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-EXPORT-37-001 | Implement stella export schedule, run verify, and bundle verification tooling with signature/hash checks. | | Sprint 37 | Export Center Phase 3 | src/ExportCenter/StellaOps.ExportCenter/TASKS.md | TODO | Exporter Service Guild | EXPORT-SVC-37-001 | Implement mirror delta adapter, base export linkage, and content-addressed reuse. | | Sprint 37 | Export Center Phase 3 | src/ExportCenter/StellaOps.ExportCenter/TASKS.md | TODO | Exporter Service Guild | EXPORT-SVC-37-002 | Add bundle encryption, key wrapping with KMS, and verification tooling for encrypted exports. | | Sprint 37 | Export Center Phase 3 | src/ExportCenter/StellaOps.ExportCenter/TASKS.md | TODO | Exporter Service Guild | EXPORT-SVC-37-003 | Deliver scheduling/retention engine (cron/event triggers), audit trails, and retry idempotency enhancements. | | Sprint 37 | Export Center Phase 3 | src/ExportCenter/StellaOps.ExportCenter/TASKS.md | TODO | Exporter Service Guild | EXPORT-SVC-37-004 | Provide export verification API and CLI integration, including hash/signature validation endpoints. | | Sprint 37 | Export Center Phase 3 | src/Orchestrator/StellaOps.Orchestrator/TASKS.md | TODO | Orchestrator Service Guild | ORCH-SVC-37-101 | Enable scheduled export runs, retention pruning hooks, and failure alerting integration. | | Sprint 37 | Export Center Phase 3 | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-EXPORT-37-001 | Surface scheduling, retention, and verification endpoints plus encryption parameter handling. | | Sprint 37 | Native Analyzer Core | src/Scanner/StellaOps.Scanner.Analyzers.Native/TASKS.md | TODO | Native Analyzer Guild | SCANNER-ANALYZERS-NATIVE-20-001 | Format detector & binary identity for ELF/PE/Mach-O (multi-slice) with stable entrypoint IDs. | | Sprint 37 | Native Analyzer Core | src/Scanner/StellaOps.Scanner.Analyzers.Native/TASKS.md | TODO | Native Analyzer Guild | SCANNER-ANALYZERS-NATIVE-20-002 | ELF dynamic parser emitting dtneeded edges, runpath metadata, symbol version needs. | | Sprint 37 | Native Analyzer Core | src/Scanner/StellaOps.Scanner.Analyzers.Native/TASKS.md | TODO | Native Analyzer Guild | SCANNER-ANALYZERS-NATIVE-20-003 | PE import + delay-load + SxS manifest parsing producing reason-coded edges. | | Sprint 37 | Native Analyzer Core | src/Scanner/StellaOps.Scanner.Analyzers.Native/TASKS.md | TODO | Native Analyzer Guild | SCANNER-ANALYZERS-NATIVE-20-004 | Mach-O load command parsing with @rpath expansion and slice handling. | | Sprint 37 | Native Analyzer Core | src/Scanner/StellaOps.Scanner.Analyzers.Native/TASKS.md | TODO | Native Analyzer Guild | SCANNER-ANALYZERS-NATIVE-20-005 | Cross-platform resolver engine modeling search order/explain traces for ELF/PE/Mach-O. | | Sprint 37 | Native Analyzer Core | src/Scanner/StellaOps.Scanner.Analyzers.Native/TASKS.md | TODO | Native Analyzer Guild | SCANNER-ANALYZERS-NATIVE-20-006 | Heuristic scanner for dlopen/LoadLibrary strings, plugin configs, ecosystem hints with confidence tags. | | Sprint 38 | Native Observation Pipeline | src/Scanner/StellaOps.Scanner.Analyzers.Native/TASKS.md | TODO | Native Analyzer Guild | SCANNER-ANALYZERS-NATIVE-20-007 | Serialize entrypoints/edges/env profiles to Scanner writer (AOC-compliant observations). | | Sprint 38 | Native Observation Pipeline | src/Scanner/StellaOps.Scanner.Analyzers.Native/TASKS.md | TODO | Native Analyzer Guild, QA Guild | SCANNER-ANALYZERS-NATIVE-20-008 | Fixture suite + determinism benchmarks for native analyzer across linux/windows/macos. | | Sprint 38 | Native Observation Pipeline | src/Scanner/StellaOps.Scanner.Analyzers.Native/TASKS.md | TODO | Native Analyzer Guild, Signals Guild | SCANNER-ANALYZERS-NATIVE-20-009 | Optional runtime capture adapters (eBPF/ETW/dyld) producing runtime-load edges with redaction. | | Sprint 38 | Native Observation Pipeline | src/Scanner/StellaOps.Scanner.Analyzers.Native/TASKS.md | TODO | Native Analyzer Guild, DevOps Guild | SCANNER-ANALYZERS-NATIVE-20-010 | Package native analyzer plug-in + Offline Kit updates and restart-time loading. | | Sprint 38 | Notifications Studio Phase 1 | docs/TASKS.md | TODO | Docs Guild | DOCS-NOTIFY-38-001 | Publish /docs/notifications/overview.md and /docs/notifications/architecture.md ending with imposed rule statement. | | Sprint 38 | Notifications Studio Phase 1 | ops/deployment/TASKS.md | TODO | Deployment Guild | DEPLOY-NOTIFY-38-001 | Package notifier API/worker Helm overlays (email/chat/webhook), secrets templates, rollout guide. | | Sprint 38 | Notifications Studio Phase 1 | ops/devops/TASKS.md | TODO | DevOps Guild | DEVOPS-NOTIFY-38-001 | Stand up notifier CI pipelines, event bus fixtures, base dashboards for events/notifications latency. | | Sprint 38 | Notifications Studio Phase 1 | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-NOTIFY-38-001 | Implement stella notify rule/template/incident commands (list/create/test/ack) with file-based inputs. | | Sprint 38 | Notifications Studio Phase 1 | src/Notifier/StellaOps.Notifier/TASKS.md | TODO | Notifications Service Guild | NOTIFY-SVC-38-001 | Bootstrap notifier service, migrations for notif tables, event ingestion, and rule engine foundation (policy violations + job failures). | | Sprint 38 | Notifications Studio Phase 1 | src/Notifier/StellaOps.Notifier/TASKS.md | TODO | Notifications Service Guild | NOTIFY-SVC-38-002 | Implement channel adapters (email, chat-webhook, generic webhook) with retry and audit logging. | | Sprint 38 | Notifications Studio Phase 1 | src/Notifier/StellaOps.Notifier/TASKS.md | TODO | Notifications Service Guild | NOTIFY-SVC-38-003 | Deliver template service (versioning, preview), rendering pipeline with redaction, and provenance links. | | Sprint 38 | Notifications Studio Phase 1 | src/Notifier/StellaOps.Notifier/TASKS.md | TODO | Notifications Service Guild | NOTIFY-SVC-38-004 | Expose initial API (rules CRUD, templates, incidents list, ack) and live feed WS stream. | | Sprint 38 | Notifications Studio Phase 1 | src/Orchestrator/StellaOps.Orchestrator/TASKS.md | TODO | Orchestrator Service Guild | ORCH-SVC-38-101 | Standardize event envelope publication (policy/export/job lifecycle) with idempotency keys for notifier ingestion. | | Sprint 38 | Notifications Studio Phase 1 | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild | POLICY-ENGINE-38-201 | Emit enriched violation events including rationale IDs via orchestrator bus. | | Sprint 38 | Notifications Studio Phase 1 | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-NOTIFY-38-001 | Route notifier APIs through gateway with tenant scoping and operator scopes. | | Sprint 39 | Java Analyzer Core | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/TASKS.md | TODO | Java Analyzer Guild | SCANNER-ANALYZERS-JAVA-21-001 | Java input normalizer (jar/war/ear/fat/jmod/jimage) with MR overlay selection. | | Sprint 39 | Java Analyzer Core | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/TASKS.md | TODO | Java Analyzer Guild | SCANNER-ANALYZERS-JAVA-21-002 | Module/classpath builder with duplicate & split-package detection. | | Sprint 39 | Java Analyzer Core | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/TASKS.md | TODO | Java Analyzer Guild | SCANNER-ANALYZERS-JAVA-21-003 | SPI scanner & provider selection with warnings. | | Sprint 39 | Java Analyzer Core | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/TASKS.md | DONE | Java Analyzer Guild | SCANNER-ANALYZERS-JAVA-21-004 | Reflection/TCCL heuristics emitting reason-coded edges. | | Sprint 39 | Java Analyzer Core | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/TASKS.md | TODO | Java Analyzer Guild | SCANNER-ANALYZERS-JAVA-21-005 | Framework config extraction (Spring, Jakarta, MicroProfile, logging, Graal configs). | | Sprint 39 | Java Analyzer Core | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/TASKS.md | TODO | Java Analyzer Guild | SCANNER-ANALYZERS-JAVA-21-006 | JNI/native hint detection for Java artifacts. | | Sprint 39 | Java Analyzer Core | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/TASKS.md | TODO | Java Analyzer Guild | SCANNER-ANALYZERS-JAVA-21-007 | Manifest/signature metadata collector (main/start/agent classes, signers). | | Sprint 39 | Notifications Studio Phase 2 | docs/TASKS.md | TODO | Docs Guild | DOCS-NOTIFY-39-002 | Publish /docs/notifications/rules.md, /templates.md, /digests.md with imposed rule reminder. | | Sprint 39 | Notifications Studio Phase 2 | ops/devops/TASKS.md | TODO | DevOps Guild | DEVOPS-NOTIFY-39-002 | Add throttling/quiet-hours dashboards, digest job monitoring, and storm breaker alerts. | | Sprint 39 | Notifications Studio Phase 2 | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-NOTIFY-39-001 | Add simulation/digest CLI verbs and advanced filtering for incidents. | | Sprint 39 | Notifications Studio Phase 2 | src/Findings/StellaOps.Findings.Ledger/TASKS.md | TODO | Findings Ledger Guild | LEDGER-NOTIFY-39-001 | Optimize digest queries and provide API for notifier to fetch unresolved policy violations/SBOM deltas. | | Sprint 39 | Notifications Studio Phase 2 | src/Notifier/StellaOps.Notifier/TASKS.md | TODO | Notifications Service Guild | NOTIFY-SVC-39-001 | Implement correlation engine, throttling, quiet hours/maintenance evaluator, and incident state machine. | | Sprint 39 | Notifications Studio Phase 2 | src/Notifier/StellaOps.Notifier/TASKS.md | TODO | Notifications Service Guild | NOTIFY-SVC-39-002 | Add digests generator with Findings Ledger queries and distribution (email/chat). | | Sprint 39 | Notifications Studio Phase 2 | src/Notifier/StellaOps.Notifier/TASKS.md | TODO | Notifications Service Guild | NOTIFY-SVC-39-003 | Provide simulation engine and API for rule dry-run against historical events. | | Sprint 39 | Notifications Studio Phase 2 | src/Notifier/StellaOps.Notifier/TASKS.md | TODO | Notifications Service Guild | NOTIFY-SVC-39-004 | Integrate quiet hours calendars and default throttles with audit logging. | | Sprint 39 | Notifications Studio Phase 2 | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-NOTIFY-39-001 | Surface digest scheduling, simulation, and throttle management endpoints via gateway. | | Sprint 40 | Java Observation & Runtime | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/TASKS.md | TODO | Java Analyzer Guild | SCANNER-ANALYZERS-JAVA-21-008 | Observation writer producing entrypoints/components/edges with warnings. | | Sprint 40 | Java Observation & Runtime | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/TASKS.md | TODO | Java Analyzer Guild, QA Guild | SCANNER-ANALYZERS-JAVA-21-009 | Fixture suite + determinism/perf benchmarks for Java analyzer. | | Sprint 40 | Java Observation & Runtime | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/TASKS.md | TODO | Java Analyzer Guild, Signals Guild | SCANNER-ANALYZERS-JAVA-21-010 | Optional runtime ingestion via agent/JFR producing runtime edges. | | Sprint 40 | Java Observation & Runtime | src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/TASKS.md | TODO | Java Analyzer Guild, DevOps Guild | SCANNER-ANALYZERS-JAVA-21-011 | Package Java analyzer plug-in + Offline Kit/CLI updates. | | Sprint 40 | Notifications Studio Phase 3 | docs/TASKS.md | TODO | Docs Guild | DOCS-NOTIFY-40-001 | Publish /docs/notifications/channels.md, /escalations.md, /api.md, /operations/notifier-runbook.md, /security/notifications-hardening.md with imposed rule lines. | | Sprint 40 | Notifications Studio Phase 3 | ops/deployment/TASKS.md | TODO | Deployment Guild | DEPLOY-NOTIFY-40-001 | Package notifier escalations + localization deployment overlays, signed ack token rotation scripts, and rollback guidance. | | Sprint 40 | Notifications Studio Phase 3 | ops/devops/TASKS.md | TODO | DevOps Guild | DEVOPS-NOTIFY-40-001 | Finalize notifier dashboards/alerts (escalation failures, ack latency), chaos testing harness, and channel health monitoring. | | Sprint 40 | Notifications Studio Phase 3 | ops/offline-kit/TASKS.md | CARRY (no scope change) | Offline Kit Guild | DEVOPS-OFFLINE-37-002 | Carry from Sprint 37: Notifier offline packs (sample configs, template/digest packs, dry-run harness) with integrity checks. | | Sprint 40 | Notifications Studio Phase 3 | src/Authority/StellaOps.Authority/TASKS.md | TODO | Authority Core & Security Guild | AUTH-NOTIFY-40-001 | Enforce ack token signing/rotation, webhook allowlists, and admin-only escalation settings. | | Sprint 40 | Notifications Studio Phase 3 | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-NOTIFY-40-001 | Implement ack token redemption, escalation management, localization previews. | | Sprint 40 | Notifications Studio Phase 3 | src/Notifier/StellaOps.Notifier/TASKS.md | TODO | Notifications Service Guild | NOTIFY-SVC-40-001 | Implement escalations, on-call schedules, ack bridge, PagerDuty/OpsGenie adapters, and localization bundles. | | Sprint 40 | Notifications Studio Phase 3 | src/Notifier/StellaOps.Notifier/TASKS.md | TODO | Notifications Service Guild | NOTIFY-SVC-40-002 | Add CLI inbox/in-app feed channels and summary storm breaker notifications. | | Sprint 40 | Notifications Studio Phase 3 | src/Notifier/StellaOps.Notifier/TASKS.md | TODO | Notifications Service Guild | NOTIFY-SVC-40-003 | Harden security: signed ack links, webhook HMAC/IP allowlists, tenant isolation fuzzing, localization fallback. | | Sprint 40 | Notifications Studio Phase 3 | src/Notifier/StellaOps.Notifier/TASKS.md | TODO | Notifications Service Guild | NOTIFY-SVC-40-004 | Finalize observability (incident metrics, escalation latency) and chaos tests for channel outages. | | Sprint 40 | Notifications Studio Phase 3 | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-NOTIFY-40-001 | Expose escalation, localization, channel health endpoints and verification of signed links. | | Sprint 41 | CLI Parity & Task Packs Phase 1 | docs/TASKS.md | TODO | Docs Guild | DOCS-CLI-41-001 | Publish /docs/modules/cli/guides/overview.md, /cli/configuration.md, /cli/output-and-exit-codes.md (with imposed rule). | | Sprint 41 | CLI Parity & Task Packs Phase 1 | ops/deployment/TASKS.md | TODO | Deployment Guild | DEPLOY-CLI-41-001 | Package CLI release artifacts (tarballs, completions, container image) with distribution docs. | | Sprint 41 | CLI Parity & Task Packs Phase 1 | ops/devops/TASKS.md | TODO | DevOps Guild | DEVOPS-CLI-41-001 | Establish CLI build pipeline (multi-platform binaries, SBOM, checksums) and parity matrix CI enforcement. | | Sprint 41 | CLI Parity & Task Packs Phase 1 | src/Authority/StellaOps.Authority/TASKS.md | TODO | Authority Core & Security Guild | AUTH-PACKS-41-001 | Define CLI SSO scopes and Packs (Packs.Read/Write/Run/Approve) roles; update discovery/offline defaults. | | Sprint 41 | CLI Parity & Task Packs Phase 1 | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-CORE-41-001 | Implement CLI config/auth foundation, global flags, output renderer, and error/exit code mapping. | | Sprint 41 | CLI Parity & Task Packs Phase 1 | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-PARITY-41-001 | Deliver parity command groups (policy, sbom, vuln, vex, advisory, export, orchestrator) with JSON/table outputs and --explain. | | Sprint 41 | CLI Parity & Task Packs Phase 1 | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-PARITY-41-002 | Implement notify, aoc, auth command groups, idempotency keys, completions, and parity matrix export. | | Sprint 41 | CLI Parity & Task Packs Phase 1 | src/Orchestrator/StellaOps.Orchestrator/TASKS.md | TODO | Orchestrator Service Guild | ORCH-SVC-41-101 | Register pack-run job type, integrate logs/artifacts, expose pack run metadata. | | Sprint 41 | CLI Parity & Task Packs Phase 1 | src/PacksRegistry/StellaOps.PacksRegistry/TASKS.md | TODO | Packs Registry Guild | PACKS-REG-41-001 | Implement packs index API, signature verification, provenance storage, and RBAC. | | Sprint 41 | CLI Parity & Task Packs Phase 1 | src/TaskRunner/StellaOps.TaskRunner/TASKS.md | TODO | Task Runner Guild | TASKRUN-41-001 | Bootstrap Task Runner service, migrations, run API, local executor, approvals pause, artifact capture. | | Sprint 42 | CLI Parity & Task Packs Phase 2 | docs/TASKS.md | TODO | Docs Guild | DOCS-CLI-42-001 | Publish /docs/modules/cli/guides/parity-matrix.md, /cli/commands/*.md, /docs/task-packs/spec.md (imposed rule). | | Sprint 42 | CLI Parity & Task Packs Phase 2 | ops/devops/TASKS.md | TODO | DevOps Guild | DEVOPS-CLI-42-001 | Add CLI golden output tests, parity diff automation, and pack run CI harness. | | Sprint 42 | CLI Parity & Task Packs Phase 2 | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-PACKS-42-001 | Implement Task Pack CLI commands (pack plan/run/push/pull/verify) with plan/simulate engine and expression sandbox. | | Sprint 42 | CLI Parity & Task Packs Phase 2 | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-PARITY-41-001..002 | Close parity gaps for Notifications, Policy Studio advanced features, SBOM graph, Vuln Explorer; parity matrix green. | | Sprint 42 | CLI Parity & Task Packs Phase 2 | src/Findings/StellaOps.Findings.Ledger/TASKS.md | TODO | Findings Ledger Guild | LEDGER-PACKS-42-001 | Expose snapshot/time-travel APIs for CLI offline mode and pack simulation. | | Sprint 42 | CLI Parity & Task Packs Phase 2 | src/Orchestrator/StellaOps.Orchestrator/TASKS.md | TODO | Orchestrator Service Guild | ORCH-SVC-42-101 | Stream pack run logs via SSE/WS, expose artifact manifests, enforce pack run quotas. | | Sprint 42 | CLI Parity & Task Packs Phase 2 | src/PacksRegistry/StellaOps.PacksRegistry/TASKS.md | TODO | Packs Registry Guild | PACKS-REG-42-001 | Support pack version lifecycle, tenant allowlists, provenance export, signature rotation. | | Sprint 42 | CLI Parity & Task Packs Phase 2 | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild | POLICY-ENGINE-42-201 | Provide stable rationale IDs/APIs for CLI --explain and pack policy gates. | | Sprint 42 | CLI Parity & Task Packs Phase 2 | src/TaskRunner/StellaOps.TaskRunner/TASKS.md | TODO | Task Runner Guild | TASKRUN-42-001 | Add loops, conditionals, maxParallel, outputs, simulation mode, policy gates in Task Runner. | | Sprint 43 | CLI Parity & Task Packs Phase 3 | docs/TASKS.md | TODO | Docs Guild | DOCS-PACKS-43-001 | Publish /docs/task-packs/authoring-guide.md, /registry.md, /runbook.md, /security/pack-signing-and-rbac.md, /operations/cli-release-and-packaging.md (imposed rule). | | Sprint 43 | CLI Parity & Task Packs Phase 3 | ops/devops/TASKS.md | TODO | DevOps Guild | DEVOPS-CLI-43-001 | Finalize multi-platform release automation, SBOM signing, parity gate enforcement, pack run chaos tests. | | Sprint 43 | CLI Parity & Task Packs Phase 3 | src/Authority/StellaOps.Authority/TASKS.md | TODO | Authority Core & Security Guild | AUTH-PACKS-41-001 | Enforce pack signing policies, approval RBAC, CLI token scopes for CI headless runs. | | Sprint 43 | CLI Parity & Task Packs Phase 3 | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-PACKS-42-001 | Deliver advanced pack features (approvals pause/resume, remote streaming, secret injection), localization, man pages. | | Sprint 43 | CLI Parity & Task Packs Phase 3 | src/ExportCenter/StellaOps.ExportCenter/TASKS.md | TODO | Exporter Service Guild | EXPORT-SVC-35-005, PACKS-REG-41-001 | Integrate pack run manifests into export bundles and CLI verify flows. | | Sprint 43 | CLI Parity & Task Packs Phase 3 | src/PacksRegistry/StellaOps.PacksRegistry/TASKS.md | TODO | Packs Registry Guild | PACKS-REG-42-001 | Enforce pack signing policies, audit trails, registry mirroring, Offline Kit support. | | Sprint 43 | CLI Parity & Task Packs Phase 3 | src/TaskRunner/StellaOps.TaskRunner/TASKS.md | TODO | Task Runner Guild | TASKRUN-42-001 | Implement approvals workflow, notifications integration, remote artifact uploads, chaos resilience. | | Sprint 44 | Containerized Distribution Phase 1 | docs/TASKS.md | TODO | Docs Guild | DOCS-INSTALL-44-001 | Publish install overview + Compose Quickstart docs (imposed rule). | | Sprint 44 | Containerized Distribution Phase 1 | ops/deployment/TASKS.md | TODO | Deployment Guild | COMPOSE-44-001 | Deliver Quickstart Compose stack with seed data and quickstart script. | | Sprint 44 | Containerized Distribution Phase 1 | ops/deployment/TASKS.md | TODO | Deployment Guild | COMPOSE-44-002 | Provide backup/reset scripts with guardrails and documentation. | | Sprint 44 | Containerized Distribution Phase 1 | ops/deployment/TASKS.md | TODO | Deployment Guild | COMPOSE-44-003 | Implement seed job and onboarding wizard toggle (QUICKSTART_MODE). | | Sprint 44 | Containerized Distribution Phase 1 | ops/deployment/TASKS.md | TODO | Deployment Guild | DEPLOY-COMPOSE-44-001 | Finalize Quickstart scripts and README. | | Sprint 44 | Containerized Distribution Phase 1 | ops/devops/TASKS.md | TODO | DevOps Guild | DEVOPS-CONTAINERS-44-001 | Automate multi-arch builds with SBOM/signature pipeline. | | Sprint 44 | Containerized Distribution Phase 1 | ops/devops/TASKS.md | TODO | DevOps Guild | DOCKER-44-001 | Author multi-stage Dockerfiles with non-root users, read-only FS, and health scripts for all services. | | Sprint 44 | Containerized Distribution Phase 1 | ops/devops/TASKS.md | TODO | DevOps Guild | DOCKER-44-002 | Generate SBOMs and cosign attestations for each image; integrate signature verification in CI. | | Sprint 44 | Containerized Distribution Phase 1 | ops/devops/TASKS.md | TODO | DevOps Guild | DOCKER-44-003 | Ensure /health/*, /version, /metrics, and capability endpoints (merge=false) are exposed across services. | | Sprint 44 | Containerized Distribution Phase 1 | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-CONTAINERS-44-001 | Expose config discovery and quickstart handling with health/version endpoints. | | Sprint 45 | Containerized Distribution Phase 2 | docs/TASKS.md | TODO | Docs Guild | DOCS-INSTALL-45-001 | Publish Helm production + configuration reference docs (imposed rule). | | Sprint 45 | Containerized Distribution Phase 2 | ops/deployment/TASKS.md | TODO | Deployment Guild | DEPLOY-HELM-45-001 | Publish Helm install guide and sample values. | | Sprint 45 | Containerized Distribution Phase 2 | ops/deployment/TASKS.md | TODO | Deployment Guild | HELM-45-001 | Scaffold Helm chart with component toggles and pinned digests. | | Sprint 45 | Containerized Distribution Phase 2 | ops/deployment/TASKS.md | TODO | Deployment Guild | HELM-45-002 | Add security features (TLS, NetworkPolicy, Secrets integration). | | Sprint 45 | Containerized Distribution Phase 2 | ops/deployment/TASKS.md | TODO | Deployment Guild | HELM-45-003 | Implement HPA, PDB, readiness gates, and observability hooks. | | Sprint 45 | Containerized Distribution Phase 2 | ops/devops/TASKS.md | TODO | DevOps Guild | DEVOPS-CONTAINERS-45-001 | Add Compose/Helm smoke tests to CI. | | Sprint 45 | Containerized Distribution Phase 2 | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-CONTAINERS-45-001 | Ensure readiness endpoints and config toggles support Helm deployments. | | Sprint 46 | Containerized Distribution Phase 3 | docs/TASKS.md | TODO | Docs Guild | DOCS-INSTALL-46-001 | Publish air-gap, supply chain, health/readiness, image catalog, console onboarding docs (imposed rule). | | Sprint 46 | Containerized Distribution Phase 3 | ops/deployment/TASKS.md | TODO | Deployment Guild | DEPLOY-AIRGAP-46-001 | Provide air-gap load script and docs. | | Sprint 46 | Containerized Distribution Phase 3 | ops/devops/TASKS.md | TODO | DevOps Guild | DEVOPS-CONTAINERS-46-001 | Build signed air-gap bundle and verify in CI. | | Sprint 46 | Containerized Distribution Phase 3 | ops/offline-kit/TASKS.md | TODO | Offline Kit Guild | OFFLINE-CONTAINERS-46-001 | Include air-gap bundle and instructions in Offline Kit. | | Sprint 46 | Containerized Distribution Phase 3 | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-CONTAINERS-46-001 | Harden offline mode and document fallback behavior. | | Sprint 47 | Authority-Backed Scopes & Tenancy Phase 1 | docs/TASKS.md | TODO | Docs Guild | DOCS-TEN-47-001 | Publish /docs/security/tenancy-overview.md and /docs/security/scopes-and-roles.md (imposed rule). | | Sprint 47 | Authority-Backed Scopes & Tenancy Phase 1 | ops/devops/TASKS.md | TODO | DevOps Guild | DEVOPS-TEN-47-001 | Integrate JWKS caching, signature verification tests, and auth regression suite into CI. | | Sprint 47 | Authority-Backed Scopes & Tenancy Phase 1 | src/Authority/StellaOps.Authority/TASKS.md | TODO | Authority Core & Security Guild | AUTH-TEN-47-001 | Implement unified JWT/ODIC config, scope grammar, tenant/project claims, and JWKS caching in Authority. | | Sprint 47 | Authority-Backed Scopes & Tenancy Phase 1 | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-TEN-47-001 | Ship stella login, whoami, tenants list, and tenant flag persistence with secure token storage. | | Sprint 47 | Authority-Backed Scopes & Tenancy Phase 1 | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-TEN-47-001 | Add auth middleware (token verification, tenant activation, scope checks) and structured 403 responses. | | Sprint 48 | Authority-Backed Scopes & Tenancy Phase 2 | docs/TASKS.md | TODO | Docs Guild | DOCS-TEN-48-001 | Publish /docs/operations/multi-tenancy.md, /docs/operations/rls-and-data-isolation.md, /docs/console/admin-tenants.md (imposed rule). | | Sprint 48 | Authority-Backed Scopes & Tenancy Phase 2 | ops/devops/TASKS.md | TODO | DevOps Guild | DEVOPS-TEN-48-001 | Write integration tests for RLS enforcement, tenant audit stream, and object store prefix checks. | | Sprint 48 | Authority-Backed Scopes & Tenancy Phase 2 | src/Concelier/__Libraries/StellaOps.Concelier.Core/TASKS.md | TODO | Concelier Core Guild | CONCELIER-TEN-48-001 | Ensure advisory linkers operate per tenant with RLS, enforce aggregation-only capability endpoint. | | Sprint 48 | Authority-Backed Scopes & Tenancy Phase 2 | src/Excititor/__Libraries/StellaOps.Excititor.Core/TASKS.md | TODO | Excititor Core Guild | EXCITITOR-TEN-48-001 | Same as above for VEX linkers; enforce capability endpoint merge=false. | | Sprint 48 | Authority-Backed Scopes & Tenancy Phase 2 | src/ExportCenter/StellaOps.ExportCenter/TASKS.md | TODO | Exporter Service Guild | EXPORT-TEN-48-001 | Add tenant prefixes to manifests/artifacts, enforce scope checks, and block cross-tenant exports by default. | | Sprint 48 | Authority-Backed Scopes & Tenancy Phase 2 | src/Findings/StellaOps.Findings.Ledger/TASKS.md | TODO | Findings Ledger Guild | LEDGER-TEN-48-001 | Partition findings by tenant/project, enable RLS, and update queries/events to include tenant context. | | Sprint 48 | Authority-Backed Scopes & Tenancy Phase 2 | src/Notifier/StellaOps.Notifier/TASKS.md | TODO | Notifications Service Guild | NOTIFY-TEN-48-001 | Tenant-scope notification rules, incidents, and outbound channels; update storage schemas. | | Sprint 48 | Authority-Backed Scopes & Tenancy Phase 2 | src/Orchestrator/StellaOps.Orchestrator/TASKS.md | TODO | Orchestrator Service Guild | ORCH-TEN-48-001 | Stamp jobs with tenant/project, set DB session context, and reject jobs without context. | | Sprint 48 | Authority-Backed Scopes & Tenancy Phase 2 | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild | POLICY-TEN-48-001 | Add tenant_id/project_id to policy data, enable Postgres RLS, and expose rationale IDs with tenant context. | | Sprint 48 | Authority-Backed Scopes & Tenancy Phase 2 | src/TaskRunner/StellaOps.TaskRunner/TASKS.md | TODO | Task Runner Guild | TASKRUN-TEN-48-001 | Propagate tenant/project to all steps, enforce object store prefix, and validate before execution. | | Sprint 48 | Authority-Backed Scopes & Tenancy Phase 2 | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-TEN-48-001 | Enforce tenant context through persistence (DB GUC, object store prefix), add request annotations, and emit audit events. | | Sprint 49 | Authority-Backed Scopes & Tenancy Phase 3 | docs/TASKS.md | TODO | Docs Guild | DOCS-TEN-49-001 | Publish /docs/modules/cli/guides/authentication.md, /docs/api/authentication.md, /docs/policy/examples/abac-overlays.md, /docs/install/configuration-reference.md updates (imposed rule). | | Sprint 49 | Authority-Backed Scopes & Tenancy Phase 3 | ops/devops/TASKS.md | TODO | DevOps Guild | DEVOPS-TEN-49-001 | Implement audit log pipeline, monitor scope usage, chaos tests for JWKS outage, and tenant load/perf tests. | | Sprint 49 | Authority-Backed Scopes & Tenancy Phase 3 | src/Authority/StellaOps.Authority/TASKS.md | TODO | Authority Core & Security Guild | AUTH-TEN-49-001 | Implement service accounts, delegation tokens (act chain), per-tenant quotas, and audit log streaming. | | Sprint 49 | Authority-Backed Scopes & Tenancy Phase 3 | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-TEN-49-001 | Add service account token minting, delegation, and --impersonate banner/controls. | | Sprint 49 | Authority-Backed Scopes & Tenancy Phase 3 | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-TEN-49-001 | Integrate ABAC policy overlay (optional), expose audit API, and support service token minting endpoints. | | Sprint 50 | Observability & Forensics Phase 1 – Baseline Telemetry | docs/TASKS.md | TODO | Docs Guild | DOCS-INSTALL-50-001 | Add /docs/install/telemetry-stack.md for collector deployment and offline packaging. | | Sprint 50 | Observability & Forensics Phase 1 – Baseline Telemetry | docs/TASKS.md | BLOCKED (2025-10-26) | Docs Guild | DOCS-OBS-50-001 | Author /docs/observability/overview.md with imposed rule banner and architecture context. | | Sprint 50 | Observability & Forensics Phase 1 – Baseline Telemetry | docs/TASKS.md | TODO | Docs Guild | DOCS-OBS-50-002 | Document telemetry standards (fields, scrubbing, sampling) under /docs/observability/telemetry-standards.md. | | Sprint 50 | Observability & Forensics Phase 1 – Baseline Telemetry | docs/TASKS.md | TODO | Docs Guild | DOCS-OBS-50-003 | Publish structured logging guide /docs/observability/logging.md with examples and imposed rule banner. | | Sprint 50 | Observability & Forensics Phase 1 – Baseline Telemetry | docs/TASKS.md | TODO | Docs Guild | DOCS-OBS-50-004 | Publish tracing guide /docs/observability/tracing.md covering context propagation and sampling. | | Sprint 50 | Observability & Forensics Phase 1 – Baseline Telemetry | docs/TASKS.md | TODO | Docs Guild | DOCS-SEC-OBS-50-001 | Update /docs/security/redaction-and-privacy.md for telemetry privacy controls. | | Sprint 50 | Observability & Forensics Phase 1 – Baseline Telemetry | ops/devops/TASKS.md | DOING (2025-10-26) | DevOps Guild | DEVOPS-OBS-50-002 | Stand up multi-tenant metrics/logs/traces backends with retention and isolation. | Staging rollout plan recorded in docs/modules/telemetry/operations/storage.md; waiting on Authority-issued tokens and namespace bootstrap. | Sprint 50 | Observability & Forensics Phase 1 – Baseline Telemetry | src/Authority/StellaOps.Authority/TASKS.md | DOING (2025-11-01) | Authority Core & Security Guild | AUTH-OBS-50-001 | Introduce observability/timeline/evidence/attestation scopes and update discovery metadata. | | Sprint 50 | Observability & Forensics Phase 1 – Baseline Telemetry | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-OBS-50-001 | Propagate trace headers from CLI commands and print correlation IDs. | | Sprint 50 | Observability & Forensics Phase 1 – Baseline Telemetry | src/Concelier/__Libraries/StellaOps.Concelier.Core/TASKS.md | TODO | Concelier Core Guild | CONCELIER-OBS-50-001 | Replace ad-hoc logging with telemetry core across advisory ingestion/linking. | | Sprint 50 | Observability & Forensics Phase 1 – Baseline Telemetry | src/Concelier/StellaOps.Concelier.WebService/TASKS.md | TODO | Concelier WebService Guild | CONCELIER-WEB-OBS-50-001 | Adopt telemetry core in Concelier APIs and surface correlation IDs. | | Sprint 50 | Observability & Forensics Phase 1 – Baseline Telemetry | src/Excititor/__Libraries/StellaOps.Excititor.Core/TASKS.md | TODO | Excititor Core Guild | EXCITITOR-OBS-50-001 | Integrate telemetry core into VEX ingestion/linking with scope metadata. | | Sprint 50 | Observability & Forensics Phase 1 – Baseline Telemetry | src/Excititor/StellaOps.Excititor.WebService/TASKS.md | TODO | Excititor WebService Guild | EXCITITOR-WEB-OBS-50-001 | Add telemetry core to VEX APIs and emit trace headers. | | Sprint 50 | Observability & Forensics Phase 1 – Baseline Telemetry | src/ExportCenter/StellaOps.ExportCenter/TASKS.md | TODO | Exporter Service Guild | EXPORT-OBS-50-001 | Enable telemetry core in export planner/workers capturing bundle metadata. | | Sprint 50 | Observability & Forensics Phase 1 – Baseline Telemetry | src/Findings/StellaOps.Findings.Ledger/TASKS.md | TODO | Findings Ledger Guild | LEDGER-OBS-50-001 | Wire telemetry core through ledger writer/projector for append/replay operations. | | Sprint 50 | Observability & Forensics Phase 1 – Baseline Telemetry | src/Orchestrator/StellaOps.Orchestrator/TASKS.md | TODO | Orchestrator Service Guild | ORCH-OBS-50-001 | Instrument orchestrator scheduler/control APIs with telemetry core spans/logs. | | Sprint 50 | Observability & Forensics Phase 1 – Baseline Telemetry | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild | POLICY-OBS-50-001 | Instrument policy compile/evaluate flows with telemetry core spans/logs. | | Sprint 50 | Observability & Forensics Phase 1 – Baseline Telemetry | src/TaskRunner/StellaOps.TaskRunner/TASKS.md | TODO | Task Runner Guild | TASKRUN-OBS-50-001 | Adopt telemetry core in Task Runner host and workers with scrubbed transcripts. | | Sprint 50 | Observability & Forensics Phase 1 – Baseline Telemetry | src/Telemetry/StellaOps.Telemetry.Core/TASKS.md | TODO | Observability Guild | TELEMETRY-OBS-50-001 | Bootstrap telemetry core library with structured logging, OTLP exporters, and deterministic bootstrap. | | Sprint 50 | Observability & Forensics Phase 1 – Baseline Telemetry | src/Telemetry/StellaOps.Telemetry.Core/TASKS.md | TODO | Observability Guild | TELEMETRY-OBS-50-002 | Deliver context propagation middleware for HTTP/gRPC/jobs/CLI carrying trace + tenant metadata. | | Sprint 50 | Observability & Forensics Phase 1 – Baseline Telemetry | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-OBS-50-001 | Integrate telemetry core into gateway and emit structured traces/logs for all routes. | | Sprint 51 | Observability & Forensics Phase 2 – SLOs & Dashboards | docs/TASKS.md | TODO | Docs Guild | DOCS-OBS-51-001 | Publish /docs/observability/metrics-and-slos.md with alert policies. | | Sprint 51 | Observability & Forensics Phase 2 – SLOs & Dashboards | ops/devops/TASKS.md | TODO | DevOps Guild | DEVOPS-OBS-51-001 | Deploy SLO evaluator service, dashboards, and alert routing. | | Sprint 51 | Observability & Forensics Phase 2 – SLOs & Dashboards | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-OBS-51-001 | Implement stella obs top streaming health metrics command. | | Sprint 51 | Observability & Forensics Phase 2 – SLOs & Dashboards | src/Concelier/__Libraries/StellaOps.Concelier.Core/TASKS.md | TODO | Concelier Core Guild | CONCELIER-OBS-51-001 | Emit ingest latency metrics + SLO thresholds for advisories. | | Sprint 51 | Observability & Forensics Phase 2 – SLOs & Dashboards | src/Excititor/__Libraries/StellaOps.Excititor.Core/TASKS.md | TODO | Excititor Core Guild | EXCITITOR-OBS-51-001 | Provide VEX ingest metrics and SLO burn-rate automation. | | Sprint 51 | Observability & Forensics Phase 2 – SLOs & Dashboards | src/ExportCenter/StellaOps.ExportCenter/TASKS.md | TODO | Exporter Service Guild | EXPORT-OBS-51-001 | Capture export planner/bundle latency metrics and SLOs. | | Sprint 51 | Observability & Forensics Phase 2 – SLOs & Dashboards | src/Findings/StellaOps.Findings.Ledger/TASKS.md | TODO | Findings Ledger Guild | LEDGER-OBS-51-001 | Add ledger/projector metrics dashboards and burn-rate policies. | | Sprint 51 | Observability & Forensics Phase 2 – SLOs & Dashboards | src/Notifier/StellaOps.Notifier/TASKS.md | TODO | Notifications Service Guild | NOTIFY-OBS-51-001 | Ingest SLO burn-rate webhooks and deliver observability alerts. | | Sprint 51 | Observability & Forensics Phase 2 – SLOs & Dashboards | src/Orchestrator/StellaOps.Orchestrator/TASKS.md | TODO | Orchestrator Service Guild | ORCH-OBS-51-001 | Publish orchestration metrics, SLOs, and burn-rate alerts. | | Sprint 51 | Observability & Forensics Phase 2 – SLOs & Dashboards | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild | POLICY-OBS-51-001 | Publish policy evaluation metrics + dashboards meeting SLO targets. | | Sprint 51 | Observability & Forensics Phase 2 – SLOs & Dashboards | src/TaskRunner/StellaOps.TaskRunner/TASKS.md | TODO | Task Runner Guild | TASKRUN-OBS-51-001 | Emit task runner golden-signal metrics and SLO alerts. | | Sprint 51 | Observability & Forensics Phase 2 – SLOs & Dashboards | src/Telemetry/StellaOps.Telemetry.Core/TASKS.md | TODO | Observability Guild | TELEMETRY-OBS-51-001 | Ship metrics helpers + exemplar guards for golden signals. | | Sprint 51 | Observability & Forensics Phase 2 – SLOs & Dashboards | src/Telemetry/StellaOps.Telemetry.Core/TASKS.md | TODO | Security Guild | TELEMETRY-OBS-51-002 | Implement logging scrubbing and tenant debug override controls. | | Sprint 51 | Observability & Forensics Phase 2 – SLOs & Dashboards | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-OBS-51-001 | Expose /obs/health and /obs/slo aggregations for services. | | Sprint 52 | Observability & Forensics Phase 3 – Timeline & Decision Logs | docs/TASKS.md | TODO | Docs Guild | DOCS-CLI-OBS-52-001 | Document stella obs CLI commands and scripting patterns. | | Sprint 52 | Observability & Forensics Phase 3 – Timeline & Decision Logs | docs/TASKS.md | TODO | Docs Guild | DOCS-CONSOLE-OBS-52-001 | Document Console observability hub and trace/log search workflows. | | Sprint 52 | Observability & Forensics Phase 3 – Timeline & Decision Logs | docs/TASKS.md | TODO | Docs Guild | DOCS-CONSOLE-OBS-52-002 | Publish Console forensics/timeline guidance with imposed rule banner. | | Sprint 52 | Observability & Forensics Phase 3 – Timeline & Decision Logs | ops/devops/TASKS.md | TODO | DevOps Guild | DEVOPS-OBS-52-001 | Configure streaming pipelines and schema validation for timeline events. | | Sprint 52 | Observability & Forensics Phase 3 – Timeline & Decision Logs | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-OBS-52-001 | Add stella obs trace + log commands correlating timeline data. | | Sprint 52 | Observability & Forensics Phase 3 – Timeline & Decision Logs | src/Concelier/__Libraries/StellaOps.Concelier.Core/TASKS.md | TODO | Concelier Core Guild | CONCELIER-OBS-52-001 | Emit advisory ingest/link timeline events with provenance metadata. | | Sprint 52 | Observability & Forensics Phase 3 – Timeline & Decision Logs | src/Concelier/StellaOps.Concelier.WebService/TASKS.md | TODO | Concelier WebService Guild | CONCELIER-WEB-OBS-52-001 | Provide SSE bridge for advisory timeline events. | | Sprint 52 | Observability & Forensics Phase 3 – Timeline & Decision Logs | src/Excititor/__Libraries/StellaOps.Excititor.Core/TASKS.md | TODO | Excititor Core Guild | EXCITITOR-OBS-52-001 | Emit VEX ingest/link timeline events with justification info. | | Sprint 52 | Observability & Forensics Phase 3 – Timeline & Decision Logs | src/Excititor/StellaOps.Excititor.WebService/TASKS.md | TODO | Excititor WebService Guild | EXCITITOR-WEB-OBS-52-001 | Stream VEX timeline updates to clients with tenant filters. | | Sprint 52 | Observability & Forensics Phase 3 – Timeline & Decision Logs | src/ExportCenter/StellaOps.ExportCenter/TASKS.md | TODO | Exporter Service Guild | EXPORT-OBS-52-001 | Publish export lifecycle events into timeline. | | Sprint 52 | Observability & Forensics Phase 3 – Timeline & Decision Logs | src/Findings/StellaOps.Findings.Ledger/TASKS.md | TODO | Findings Ledger Guild | LEDGER-OBS-52-001 | Record ledger append/projection events into timeline stream. | | Sprint 52 | Observability & Forensics Phase 3 – Timeline & Decision Logs | src/Orchestrator/StellaOps.Orchestrator/TASKS.md | TODO | Orchestrator Service Guild | ORCH-OBS-52-001 | Emit job lifecycle timeline events with tenant/project metadata. | | Sprint 52 | Observability & Forensics Phase 3 – Timeline & Decision Logs | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild | POLICY-OBS-52-001 | Emit policy decision timeline events with rule summaries and trace IDs. | | Sprint 52 | Observability & Forensics Phase 3 – Timeline & Decision Logs | src/TaskRunner/StellaOps.TaskRunner/TASKS.md | TODO | Task Runner Guild | TASKRUN-OBS-52-001 | Emit pack run timeline events and dedupe logic. | | Sprint 52 | Observability & Forensics Phase 3 – Timeline & Decision Logs | src/TimelineIndexer/StellaOps.TimelineIndexer/TASKS.md | TODO | Timeline Indexer Guild | TIMELINE-OBS-52-001 | Bootstrap timeline indexer service and schema with RLS scaffolding. | | Sprint 52 | Observability & Forensics Phase 3 – Timeline & Decision Logs | src/TimelineIndexer/StellaOps.TimelineIndexer/TASKS.md | TODO | Timeline Indexer Guild | TIMELINE-OBS-52-002 | Implement event ingestion pipeline with ordering and dedupe. | | Sprint 52 | Observability & Forensics Phase 3 – Timeline & Decision Logs | src/TimelineIndexer/StellaOps.TimelineIndexer/TASKS.md | TODO | Timeline Indexer Guild | TIMELINE-OBS-52-003 | Expose timeline query APIs with tenant filters and pagination. | | Sprint 52 | Observability & Forensics Phase 3 – Timeline & Decision Logs | src/TimelineIndexer/StellaOps.TimelineIndexer/TASKS.md | TODO | Security Guild | TIMELINE-OBS-52-004 | Finalize RLS + scope enforcement and audit logging for timeline reads. | | Sprint 52 | Observability & Forensics Phase 3 – Timeline & Decision Logs | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-OBS-52-001 | Provide trace/log proxy endpoints bridging to timeline + log store. | | Sprint 53 | Observability & Forensics Phase 4 – Evidence Locker | docs/TASKS.md | TODO | Docs Guild | DOCS-CLI-FORENSICS-53-001 | Document stella forensic CLI workflows with sample bundles. | | Sprint 53 | Observability & Forensics Phase 4 – Evidence Locker | docs/TASKS.md | TODO | Docs Guild | DOCS-FORENSICS-53-001 | Publish /docs/forensics/evidence-locker.md covering bundles, WORM, legal holds. | | Sprint 53 | Observability & Forensics Phase 4 – Evidence Locker | docs/TASKS.md | TODO | Docs Guild | DOCS-FORENSICS-53-003 | Publish /docs/forensics/timeline.md with schema and query examples. | | Sprint 53 | Observability & Forensics Phase 4 – Evidence Locker | ops/devops/TASKS.md | TODO | DevOps Guild | DEVOPS-OBS-53-001 | Provision WORM-capable storage, legal hold automation, and backup/restore scripts for evidence locker. | | Sprint 53 | Observability & Forensics Phase 4 – Evidence Locker | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-FORENSICS-53-001 | Ship stella forensic snapshot commands invoking evidence locker. | | Sprint 53 | Observability & Forensics Phase 4 – Evidence Locker | src/Concelier/__Libraries/StellaOps.Concelier.Core/TASKS.md | TODO | Concelier Core Guild | CONCELIER-OBS-53-001 | Generate advisory evidence payloads (raw doc, linkset diff) for locker. | | Sprint 53 | Observability & Forensics Phase 4 – Evidence Locker | src/Concelier/StellaOps.Concelier.WebService/TASKS.md | TODO | Concelier WebService Guild | CONCELIER-WEB-OBS-53-001 | Add /evidence/advisories/* gateway endpoints consuming locker APIs. | | Sprint 53 | Observability & Forensics Phase 4 – Evidence Locker | src/EvidenceLocker/StellaOps.EvidenceLocker/TASKS.md | TODO | Evidence Locker Guild | EVID-OBS-53-001 | Bootstrap evidence locker service with schema, storage abstraction, and RLS. | | Sprint 53 | Observability & Forensics Phase 4 – Evidence Locker | src/EvidenceLocker/StellaOps.EvidenceLocker/TASKS.md | TODO | Evidence Locker Guild | EVID-OBS-53-002 | Implement bundle builders for evaluation, job, and export snapshots. | | Sprint 53 | Observability & Forensics Phase 4 – Evidence Locker | src/EvidenceLocker/StellaOps.EvidenceLocker/TASKS.md | TODO | Evidence Locker Guild | EVID-OBS-53-003 | Expose evidence APIs (create/get/verify/hold) with audit + quotas. | | Sprint 53 | Observability & Forensics Phase 4 – Evidence Locker | src/Excititor/__Libraries/StellaOps.Excititor.Core/TASKS.md | TODO | Excititor Core Guild | EXCITITOR-OBS-53-001 | Produce VEX evidence payloads and push to locker. | | Sprint 53 | Observability & Forensics Phase 4 – Evidence Locker | src/Excititor/StellaOps.Excititor.WebService/TASKS.md | TODO | Excititor WebService Guild | EXCITITOR-WEB-OBS-53-001 | Expose /evidence/vex/* endpoints retrieving locker bundles. | | Sprint 53 | Observability & Forensics Phase 4 – Evidence Locker | src/ExportCenter/StellaOps.ExportCenter/TASKS.md | TODO | Exporter Service Guild | EXPORT-OBS-53-001 | Store export manifests + transcripts within evidence bundles. | | Sprint 53 | Observability & Forensics Phase 4 – Evidence Locker | src/Findings/StellaOps.Findings.Ledger/TASKS.md | TODO | Findings Ledger Guild | LEDGER-OBS-53-001 | Persist evidence bundle references alongside ledger entries and expose lookup API. | | Sprint 53 | Observability & Forensics Phase 4 – Evidence Locker | src/Orchestrator/StellaOps.Orchestrator/TASKS.md | TODO | Orchestrator Service Guild | ORCH-OBS-53-001 | Attach job capsules + manifests to evidence locker snapshots. | | Sprint 53 | Observability & Forensics Phase 4 – Evidence Locker | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild | POLICY-OBS-53-001 | Build evaluation evidence bundles (inputs, rule traces, engine version). | | Sprint 53 | Observability & Forensics Phase 4 – Evidence Locker | src/TaskRunner/StellaOps.TaskRunner/TASKS.md | TODO | Task Runner Guild | TASKRUN-OBS-53-001 | Capture step transcripts and manifests into evidence bundles. | | Sprint 53 | Observability & Forensics Phase 4 – Evidence Locker | src/TimelineIndexer/StellaOps.TimelineIndexer/TASKS.md | TODO | Timeline Indexer Guild | TIMELINE-OBS-53-001 | Link timeline events to evidence bundle digests and expose evidence lookup endpoint. | | Sprint 54 | Observability & Forensics Phase 5 – Provenance & Verification | docs/TASKS.md | TODO | Docs Guild | DOCS-FORENSICS-53-002 | Publish /docs/forensics/provenance-attestation.md covering signing + verification. | | Sprint 54 | Observability & Forensics Phase 5 – Provenance & Verification | ops/devops/TASKS.md | TODO | DevOps Guild | DEVOPS-OBS-54-001 | Manage provenance signing infrastructure (KMS keys, timestamp authority) and CI verification. | | Sprint 54 | Observability & Forensics Phase 5 – Provenance & Verification | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-FORENSICS-54-001 | Implement stella forensic verify command verifying bundles + signatures. | | Sprint 54 | Observability & Forensics Phase 5 – Provenance & Verification | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-FORENSICS-54-002 | Add stella forensic attest show command with signer/timestamp details. | | Sprint 54 | Observability & Forensics Phase 5 – Provenance & Verification | src/Concelier/__Libraries/StellaOps.Concelier.Core/TASKS.md | TODO | Concelier Core Guild | CONCELIER-OBS-54-001 | Sign advisory batches with DSSE attestations and expose verification. | | Sprint 54 | Observability & Forensics Phase 5 – Provenance & Verification | src/Concelier/StellaOps.Concelier.WebService/TASKS.md | TODO | Concelier WebService Guild | CONCELIER-WEB-OBS-54-001 | Add /attestations/advisories/* endpoints surfacing verification metadata. | | Sprint 54 | Observability & Forensics Phase 5 – Provenance & Verification | src/EvidenceLocker/StellaOps.EvidenceLocker/TASKS.md | TODO | Evidence Locker Guild | EVID-OBS-54-001 | Attach DSSE signing/timestamping to evidence bundles and emit timeline hooks. | | Sprint 54 | Observability & Forensics Phase 5 – Provenance & Verification | src/EvidenceLocker/StellaOps.EvidenceLocker/TASKS.md | TODO | Evidence Locker Guild | EVID-OBS-54-002 | Provide bundle packaging + offline verification fixtures. | | Sprint 54 | Observability & Forensics Phase 5 – Provenance & Verification | src/Excititor/__Libraries/StellaOps.Excititor.Core/TASKS.md | TODO | Excititor Core Guild | EXCITITOR-OBS-54-001 | Produce VEX batch attestations linking to timeline/ledger. | | Sprint 54 | Observability & Forensics Phase 5 – Provenance & Verification | src/Excititor/StellaOps.Excititor.WebService/TASKS.md | TODO | Excititor WebService Guild | EXCITITOR-WEB-OBS-54-001 | Expose /attestations/vex/* endpoints with verification summaries. | | Sprint 54 | Observability & Forensics Phase 5 – Provenance & Verification | src/ExportCenter/StellaOps.ExportCenter/TASKS.md | TODO | Exporter Service Guild | EXPORT-OBS-54-001 | Produce export attestation manifests and CLI verification hooks. | | Sprint 54 | Observability & Forensics Phase 5 – Provenance & Verification | src/Orchestrator/StellaOps.Orchestrator/TASKS.md | TODO | Orchestrator Service Guild | ORCH-OBS-54-001 | Produce DSSE attestations for jobs and surface verification endpoint. | | Sprint 54 | Observability & Forensics Phase 5 – Provenance & Verification | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild | POLICY-OBS-54-001 | Generate DSSE attestations for policy evaluations and expose verification API. | | Sprint 54 | Observability & Forensics Phase 5 – Provenance & Verification | src/Provenance/StellaOps.Provenance.Attestation/TASKS.md | TODO | Provenance Guild | PROV-OBS-53-001 | Implement DSSE/SLSA models with deterministic serializer + test vectors. | | Sprint 54 | Observability & Forensics Phase 5 – Provenance & Verification | src/Provenance/StellaOps.Provenance.Attestation/TASKS.md | TODO | Provenance Guild | PROV-OBS-53-002 | Build signer abstraction (cosign/KMS/offline) with policy enforcement. | | Sprint 54 | Observability & Forensics Phase 5 – Provenance & Verification | src/Provenance/StellaOps.Provenance.Attestation/TASKS.md | TODO | Provenance Guild | PROV-OBS-54-001 | Deliver verification library validating DSSE signatures + Merkle roots. | | Sprint 54 | Observability & Forensics Phase 5 – Provenance & Verification | src/Provenance/StellaOps.Provenance.Attestation/TASKS.md | TODO | Provenance Guild, DevEx/CLI Guild | PROV-OBS-54-002 | Package provenance verification tool for CLI integration and offline use. | | Sprint 54 | Observability & Forensics Phase 5 – Provenance & Verification | src/TaskRunner/StellaOps.TaskRunner/TASKS.md | TODO | Task Runner Guild | TASKRUN-OBS-54-001 | Generate pack run attestations and link to timeline/evidence. | | Sprint 55 | Observability & Forensics Phase 6 – Incident Mode | docs/TASKS.md | TODO | Docs Guild | DOCS-RUNBOOK-55-001 | Publish /docs/runbooks/incidents.md covering activation, escalation, and verification checklist. | | Sprint 55 | Observability & Forensics Phase 6 – Incident Mode | ops/devops/TASKS.md | TODO | DevOps Guild | DEVOPS-OBS-55-001 | Automate incident mode activation via SLO alerts, retention override management, and reset job. | | Sprint 55 | Observability & Forensics Phase 6 – Incident Mode | src/Authority/StellaOps.Authority/TASKS.md | DOING (2025-11-01) | Authority Core & Security Guild | AUTH-OBS-55-001 | Enforce obs:incident scope with fresh-auth requirement and audit export for toggles. | | Sprint 55 | Observability & Forensics Phase 6 – Incident Mode | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-OBS-55-001 | Ship stella obs incident-mode commands with safeguards and audit logging. | | Sprint 55 | Observability & Forensics Phase 6 – Incident Mode | src/Concelier/__Libraries/StellaOps.Concelier.Core/TASKS.md | TODO | Concelier Core Guild | CONCELIER-OBS-55-001 | Increase sampling and raw payload retention under incident mode with redaction guards. | | Sprint 55 | Observability & Forensics Phase 6 – Incident Mode | src/Concelier/StellaOps.Concelier.WebService/TASKS.md | TODO | Concelier WebService Guild | CONCELIER-WEB-OBS-55-001 | Provide incident mode toggle endpoints and propagate to services. | | Sprint 55 | Observability & Forensics Phase 6 – Incident Mode | src/EvidenceLocker/StellaOps.EvidenceLocker/TASKS.md | TODO | Evidence Locker Guild | EVID-OBS-55-001 | Extend evidence retention + activation events for incident windows. | | Sprint 55 | Observability & Forensics Phase 6 – Incident Mode | src/Excititor/__Libraries/StellaOps.Excititor.Core/TASKS.md | TODO | Excititor Core Guild | EXCITITOR-OBS-55-001 | Enable incident sampling + retention overrides for VEX pipelines. | | Sprint 55 | Observability & Forensics Phase 6 – Incident Mode | src/Excititor/StellaOps.Excititor.WebService/TASKS.md | TODO | Excititor WebService Guild | EXCITITOR-WEB-OBS-55-001 | Add incident mode APIs for VEX services with audit + guardrails. | | Sprint 55 | Observability & Forensics Phase 6 – Incident Mode | src/ExportCenter/StellaOps.ExportCenter/TASKS.md | TODO | Exporter Service Guild | EXPORT-OBS-55-001 | Increase export telemetry + debug retention during incident mode and emit events. | | Sprint 55 | Observability & Forensics Phase 6 – Incident Mode | src/Findings/StellaOps.Findings.Ledger/TASKS.md | TODO | Findings Ledger Guild | LEDGER-OBS-55-001 | Extend retention and diagnostics capture during incident mode. | | Sprint 55 | Observability & Forensics Phase 6 – Incident Mode | src/Notifier/StellaOps.Notifier/TASKS.md | TODO | Notifications Service Guild | NOTIFY-OBS-55-001 | Send incident mode start/stop notifications with quick links to evidence/timeline. | | Sprint 55 | Observability & Forensics Phase 6 – Incident Mode | src/Orchestrator/StellaOps.Orchestrator/TASKS.md | TODO | Orchestrator Service Guild | ORCH-OBS-55-001 | Increase telemetry + evidence capture during incident mode and emit activation events. | | Sprint 55 | Observability & Forensics Phase 6 – Incident Mode | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild | POLICY-OBS-55-001 | Capture full rule traces + retention bump on incident activation with timeline events. | | Sprint 55 | Observability & Forensics Phase 6 – Incident Mode | src/TaskRunner/StellaOps.TaskRunner/TASKS.md | TODO | Task Runner Guild | TASKRUN-OBS-55-001 | Capture extra debug data + notifications for incident mode runs. | | Sprint 55 | Observability & Forensics Phase 6 – Incident Mode | src/Telemetry/StellaOps.Telemetry.Core/TASKS.md | TODO | Observability Guild | TELEMETRY-OBS-55-001 | Implement incident mode sampling toggle API with activation audit trail. | | Sprint 55 | Observability & Forensics Phase 6 – Incident Mode | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-OBS-55-001 | Deliver /obs/incident-mode control endpoints with audit + retention previews. | | Sprint 56 | Air-Gapped Mode Phase 1 – Sealing Foundations | docs/TASKS.md | TODO | Docs Guild | DOCS-AIRGAP-56-001 | Publish /docs/airgap/overview.md. | | Sprint 56 | Air-Gapped Mode Phase 1 – Sealing Foundations | docs/TASKS.md | TODO | Docs Guild | DOCS-AIRGAP-56-002 | Document sealing and egress controls. | | Sprint 56 | Air-Gapped Mode Phase 1 – Sealing Foundations | docs/TASKS.md | TODO | Docs Guild | DOCS-AIRGAP-56-003 | Publish mirror bundles guide. | | Sprint 56 | Air-Gapped Mode Phase 1 – Sealing Foundations | docs/TASKS.md | TODO | Docs Guild | DOCS-AIRGAP-56-004 | Publish bootstrap pack guide. | | Sprint 56 | Air-Gapped Mode Phase 1 – Sealing Foundations | ops/devops/TASKS.md | TODO | DevOps Guild | DEVOPS-AIRGAP-56-001 | Publish deny-all egress policies and verification script for sealed environments. | | Sprint 56 | Air-Gapped Mode Phase 1 – Sealing Foundations | ops/devops/TASKS.md | TODO | DevOps Guild | DEVOPS-AIRGAP-56-002 | Provide bundle staging/import scripts for air-gapped object stores. | | Sprint 56 | Air-Gapped Mode Phase 1 – Sealing Foundations | ops/devops/TASKS.md | TODO | DevOps Guild | DEVOPS-AIRGAP-56-003 | Build Bootstrap Pack pipeline bundling images/charts with checksums. | | Sprint 56 | Air-Gapped Mode Phase 1 – Sealing Foundations | src/AirGap/StellaOps.AirGap.Controller/TASKS.md | TODO | AirGap Controller Guild | AIRGAP-CTL-56-001 | Implement sealing state machine, persistence, and RBAC scopes for air-gapped status. | | Sprint 56 | Air-Gapped Mode Phase 1 – Sealing Foundations | src/AirGap/StellaOps.AirGap.Controller/TASKS.md | TODO | AirGap Controller Guild | AIRGAP-CTL-56-002 | Expose seal/status APIs with policy hash validation and staleness placeholders. | | Sprint 56 | Air-Gapped Mode Phase 1 – Sealing Foundations | src/AirGap/StellaOps.AirGap.Importer/TASKS.md | TODO | AirGap Importer Guild | AIRGAP-IMP-56-001 | Implement DSSE/TUF/Merkle verification helpers. | | Sprint 56 | Air-Gapped Mode Phase 1 – Sealing Foundations | src/AirGap/StellaOps.AirGap.Importer/TASKS.md | TODO | AirGap Importer Guild | AIRGAP-IMP-56-002 | Enforce root rotation policy for bundles. | | Sprint 56 | Air-Gapped Mode Phase 1 – Sealing Foundations | src/AirGap/StellaOps.AirGap.Policy/TASKS.md | TODO | AirGap Policy Guild | AIRGAP-POL-56-001 | Ship EgressPolicy facade with sealed/unsealed enforcement and remediation errors. | | Sprint 56 | Air-Gapped Mode Phase 1 – Sealing Foundations | src/AirGap/StellaOps.AirGap.Policy/TASKS.md | TODO | AirGap Policy Guild | AIRGAP-POL-56-002 | Deliver Roslyn analyzer blocking raw HTTP clients; wire into CI. | | Sprint 56 | Air-Gapped Mode Phase 1 – Sealing Foundations | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-AIRGAP-56-001 | Implement mirror create/verify and airgap verify commands. | | Sprint 56 | Air-Gapped Mode Phase 1 – Sealing Foundations | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-OBS-50-001 | Ensure telemetry propagation for sealed logging. | | Sprint 56 | Air-Gapped Mode Phase 1 – Sealing Foundations | src/Concelier/__Libraries/StellaOps.Concelier.Core/TASKS.md | TODO | Concelier Core Guild | CONCELIER-AIRGAP-56-001 | Add mirror ingestion adapters preserving source metadata. | | Sprint 56 | Air-Gapped Mode Phase 1 – Sealing Foundations | src/Excititor/__Libraries/StellaOps.Excititor.Core/TASKS.md | TODO | Excititor Core Guild | EXCITITOR-AIRGAP-56-001 | Add VEX mirror ingestion adapters. | | Sprint 56 | Air-Gapped Mode Phase 1 – Sealing Foundations | src/ExportCenter/StellaOps.ExportCenter/TASKS.md | TODO | Exporter Service Guild | EXPORT-AIRGAP-56-001 | Extend export center to build mirror bundles. | | Sprint 56 | Air-Gapped Mode Phase 1 – Sealing Foundations | src/Mirror/StellaOps.Mirror.Creator/TASKS.md | TODO | Mirror Creator Guild | MIRROR-CRT-56-001 | Build deterministic bundle assembler (advisories/vex/policy). | | Sprint 56 | Air-Gapped Mode Phase 1 – Sealing Foundations | src/Orchestrator/StellaOps.Orchestrator/TASKS.md | TODO | Orchestrator Service Guild | ORCH-AIRGAP-56-001 | Validate jobs against sealed-mode restrictions. | | Sprint 56 | Air-Gapped Mode Phase 1 – Sealing Foundations | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild | POLICY-AIRGAP-56-001 | Accept policy packs from bundles with provenance tracking. | | Sprint 56 | Air-Gapped Mode Phase 1 – Sealing Foundations | src/TaskRunner/StellaOps.TaskRunner/TASKS.md | TODO | Task Runner Guild | TASKRUN-AIRGAP-56-001 | Enforce sealed-mode plan validation for network calls. | | Sprint 56 | Air-Gapped Mode Phase 1 – Sealing Foundations | src/Telemetry/StellaOps.Telemetry.Core/TASKS.md | TODO | Observability Guild | TELEMETRY-OBS-56-001 | (Carry) Extend telemetry core with sealed-mode hooks before integration. | | Sprint 56 | Air-Gapped Mode Phase 1 – Sealing Foundations | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-OBS-56-001 | Extend telemetry core usage for sealed-mode status surfaces (seal/unseal dashboards, drift signals). | | Sprint 57 | Air-Gapped Mode Phase 2 – Mirror Bundles & Imports | docs/TASKS.md | TODO | Docs Guild | DOCS-AIRGAP-57-001 | Publish staleness/time doc. | | Sprint 57 | Air-Gapped Mode Phase 2 – Mirror Bundles & Imports | docs/TASKS.md | TODO | Docs Guild | DOCS-AIRGAP-57-002 | Publish console airgap doc. | | Sprint 57 | Air-Gapped Mode Phase 2 – Mirror Bundles & Imports | docs/TASKS.md | TODO | Docs Guild | DOCS-AIRGAP-57-003 | Publish CLI airgap doc. | | Sprint 57 | Air-Gapped Mode Phase 2 – Mirror Bundles & Imports | docs/TASKS.md | TODO | Docs Guild | DOCS-AIRGAP-57-004 | Publish airgap operations runbook. | | Sprint 57 | Air-Gapped Mode Phase 2 – Mirror Bundles & Imports | ops/devops/TASKS.md | TODO | DevOps Guild | DEVOPS-AIRGAP-57-001 | Automate mirror bundle creation with approvals. | | Sprint 57 | Air-Gapped Mode Phase 2 – Mirror Bundles & Imports | ops/devops/TASKS.md | TODO | DevOps Guild | DEVOPS-AIRGAP-57-002 | Run sealed-mode CI suite enforcing zero egress. | | Sprint 57 | Air-Gapped Mode Phase 2 – Mirror Bundles & Imports | src/AirGap/StellaOps.AirGap.Importer/TASKS.md | TODO | AirGap Importer Guild | AIRGAP-IMP-57-001 | Implement bundle catalog with RLS + migrations. | | Sprint 57 | Air-Gapped Mode Phase 2 – Mirror Bundles & Imports | src/AirGap/StellaOps.AirGap.Importer/TASKS.md | TODO | AirGap Importer Guild | AIRGAP-IMP-57-002 | Load artifacts into object store with checksum verification. | | Sprint 57 | Air-Gapped Mode Phase 2 – Mirror Bundles & Imports | src/AirGap/StellaOps.AirGap.Policy/TASKS.md | TODO | AirGap Policy Guild | AIRGAP-POL-57-001 | Adopt EgressPolicy in core services. | | Sprint 57 | Air-Gapped Mode Phase 2 – Mirror Bundles & Imports | src/AirGap/StellaOps.AirGap.Policy/TASKS.md | TODO | AirGap Policy Guild | AIRGAP-POL-57-002 | Enforce Task Runner job plan validation. | | Sprint 57 | Air-Gapped Mode Phase 2 – Mirror Bundles & Imports | src/AirGap/StellaOps.AirGap.Time/TASKS.md | TODO | AirGap Time Guild | AIRGAP-TIME-57-001 | Parse signed time tokens and expose normalized anchors. | | Sprint 57 | Air-Gapped Mode Phase 2 – Mirror Bundles & Imports | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-AIRGAP-57-001 | Complete airgap import CLI with diff preview. | | Sprint 57 | Air-Gapped Mode Phase 2 – Mirror Bundles & Imports | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-AIRGAP-57-002 | Ship seal/status CLI commands. | | Sprint 57 | Air-Gapped Mode Phase 2 – Mirror Bundles & Imports | src/ExportCenter/StellaOps.ExportCenter/TASKS.md | TODO | Exporter Service Guild | EXPORT-AIRGAP-56-002 | Deliver bootstrap pack artifacts. | | Sprint 57 | Air-Gapped Mode Phase 2 – Mirror Bundles & Imports | src/Mirror/StellaOps.Mirror.Creator/TASKS.md | TODO | Mirror Creator Guild | MIRROR-CRT-57-001 | Add OCI image support to mirror bundles. | | Sprint 57 | Air-Gapped Mode Phase 2 – Mirror Bundles & Imports | src/Mirror/StellaOps.Mirror.Creator/TASKS.md | TODO | Mirror Creator Guild | MIRROR-CRT-57-002 | Embed signed time anchors in bundles. | | Sprint 57 | Air-Gapped Mode Phase 2 – Mirror Bundles & Imports | src/Notifier/StellaOps.Notifier/TASKS.md | TODO | Notifications Service Guild | NOTIFY-AIRGAP-56-001 | Lock notifications to enclave-safe channels. | | Sprint 57 | Air-Gapped Mode Phase 2 – Mirror Bundles & Imports | src/Orchestrator/StellaOps.Orchestrator/TASKS.md | TODO | Orchestrator Service Guild | ORCH-AIRGAP-56-002 | Integrate sealing status + staleness into scheduling. | | Sprint 57 | Air-Gapped Mode Phase 2 – Mirror Bundles & Imports | src/TaskRunner/StellaOps.TaskRunner/TASKS.md | TODO | Task Runner Guild | TASKRUN-AIRGAP-56-002 | Provide bundle ingestion helper steps. | | Sprint 58 | Air-Gapped Mode Phase 3 – Staleness & Enforcement | docs/TASKS.md | TODO | Docs Guild | DOCS-AIRGAP-58-001 | Publish degradation matrix doc. | | Sprint 58 | Air-Gapped Mode Phase 3 – Staleness & Enforcement | docs/TASKS.md | TODO | Docs Guild | DOCS-AIRGAP-58-002 | Update trust & signing doc for DSSE/TUF roots. | | Sprint 58 | Air-Gapped Mode Phase 3 – Staleness & Enforcement | docs/TASKS.md | TODO | Docs Guild | DOCS-AIRGAP-58-003 | Publish developer airgap contracts doc. | | Sprint 58 | Air-Gapped Mode Phase 3 – Staleness & Enforcement | docs/TASKS.md | TODO | Docs Guild | DOCS-AIRGAP-58-004 | Document portable evidence workflows. | | Sprint 58 | Air-Gapped Mode Phase 3 – Staleness & Enforcement | src/AirGap/StellaOps.AirGap.Controller/TASKS.md | TODO | AirGap Controller Guild | AIRGAP-CTL-58-001 | Persist time anchor data and expose drift metrics. | | Sprint 58 | Air-Gapped Mode Phase 3 – Staleness & Enforcement | src/AirGap/StellaOps.AirGap.Policy/TASKS.md | TODO | AirGap Policy Guild | AIRGAP-POL-58-001 | Disable remote observability exporters in sealed mode. | | Sprint 58 | Air-Gapped Mode Phase 3 – Staleness & Enforcement | src/AirGap/StellaOps.AirGap.Policy/TASKS.md | TODO | AirGap Policy Guild | AIRGAP-POL-58-002 | Add CLI sealed-mode guard. | | Sprint 58 | Air-Gapped Mode Phase 3 – Staleness & Enforcement | src/AirGap/StellaOps.AirGap.Time/TASKS.md | TODO | AirGap Time Guild | AIRGAP-TIME-58-001 | Compute drift/staleness metrics and surface via controller status. | | Sprint 58 | Air-Gapped Mode Phase 3 – Staleness & Enforcement | src/AirGap/StellaOps.AirGap.Time/TASKS.md | TODO | AirGap Time Guild | AIRGAP-TIME-58-002 | Emit notifications/events for staleness budgets. | | Sprint 58 | Air-Gapped Mode Phase 3 – Staleness & Enforcement | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-AIRGAP-58-001 | Ship portable evidence export helper. | | Sprint 58 | Air-Gapped Mode Phase 3 – Staleness & Enforcement | src/Concelier/__Libraries/StellaOps.Concelier.Core/TASKS.md | TODO | Concelier Core Guild | CONCELIER-AIRGAP-57-002 | Annotate advisories with staleness metadata. | | Sprint 58 | Air-Gapped Mode Phase 3 – Staleness & Enforcement | src/Excititor/__Libraries/StellaOps.Excititor.Core/TASKS.md | TODO | Excititor Core Guild | EXCITITOR-AIRGAP-57-002 | Annotate VEX statements with staleness metadata. | | Sprint 58 | Air-Gapped Mode Phase 3 – Staleness & Enforcement | src/ExportCenter/StellaOps.ExportCenter/TASKS.md | TODO | Exporter Service Guild | EXPORT-AIRGAP-57-001 | Add portable evidence export integration. | | Sprint 58 | Air-Gapped Mode Phase 3 – Staleness & Enforcement | src/Notifier/StellaOps.Notifier/TASKS.md | TODO | Notifications Service Guild | NOTIFY-AIRGAP-57-001 | Notify on drift/staleness thresholds. | | Sprint 58 | Air-Gapped Mode Phase 3 – Staleness & Enforcement | src/Orchestrator/StellaOps.Orchestrator/TASKS.md | TODO | Orchestrator Service Guild | ORCH-AIRGAP-58-001 | Link import/export jobs to timeline/evidence. | | Sprint 58 | Air-Gapped Mode Phase 3 – Staleness & Enforcement | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild | POLICY-AIRGAP-57-002 | Show degradation fallback info in explain traces. | | Sprint 58 | Air-Gapped Mode Phase 3 – Staleness & Enforcement | src/TaskRunner/StellaOps.TaskRunner/TASKS.md | TODO | Task Runner Guild | TASKRUN-AIRGAP-58-001 | Capture import job evidence transcripts. | | Sprint 59 | Air-Gapped Mode Phase 4 – Deterministic Jobs & Enforcement | src/Concelier/StellaOps.Concelier.WebService/TASKS.md | TODO | Concelier WebService Guild | CONCELIER-WEB-AIRGAP-57-001 | Map sealed-mode violations to standard errors. | | Sprint 59 | Air-Gapped Mode Phase 4 – Deterministic Jobs & Enforcement | src/Excititor/StellaOps.Excititor.WebService/TASKS.md | TODO | Excititor WebService Guild | EXCITITOR-WEB-AIRGAP-57-001 | Map sealed-mode violations to standard errors. | | Sprint 59 | Air-Gapped Mode Phase 4 – Deterministic Jobs & Enforcement | src/ExportCenter/StellaOps.ExportCenter/TASKS.md | TODO | Exporter Service Guild | EXPORT-AIRGAP-58-001 | Emit notifications/timeline for bundle readiness. | | Sprint 59 | Air-Gapped Mode Phase 4 – Deterministic Jobs & Enforcement | src/Findings/StellaOps.Findings.Ledger/TASKS.md | TODO | Findings Ledger Guild | LEDGER-AIRGAP-56-002 | Enforce staleness thresholds for findings exports. | | Sprint 59 | Air-Gapped Mode Phase 4 – Deterministic Jobs & Enforcement | src/Notifier/StellaOps.Notifier/TASKS.md | TODO | Notifications Service Guild | NOTIFY-AIRGAP-58-001 | Notify on portable evidence exports. | | Sprint 59 | Air-Gapped Mode Phase 4 – Deterministic Jobs & Enforcement | src/Orchestrator/StellaOps.Orchestrator/TASKS.md | TODO | Orchestrator Service Guild | ORCH-AIRGAP-57-001 | Automate mirror bundle job scheduling with audit provenance. | | Sprint 59 | Air-Gapped Mode Phase 4 – Deterministic Jobs & Enforcement | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild | POLICY-AIRGAP-57-001 | Enforce sealed-mode guardrails inside evaluation engine. | | Sprint 59 | Air-Gapped Mode Phase 4 – Deterministic Jobs & Enforcement | src/TaskRunner/StellaOps.TaskRunner/TASKS.md | TODO | Task Runner Guild | TASKRUN-AIRGAP-57-001 | Block execution when seal state mismatched; emit timeline events. | | Sprint 60 | Air-Gapped Mode Phase 5 – Evidence Portability & UX | docs/TASKS.md | TODO | Docs Guild | DOCS-AIRGAP-58-004 | Document portable evidence workflows. | | Sprint 60 | Air-Gapped Mode Phase 5 – Evidence Portability & UX | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-AIRGAP-58-001 | Finalize portable evidence CLI workflow with verification. | | Sprint 60 | Air-Gapped Mode Phase 5 – Evidence Portability & UX | src/Concelier/StellaOps.Concelier.WebService/TASKS.md | TODO | Concelier WebService Guild | CONCELIER-WEB-AIRGAP-58-001 | Emit timeline events for bundle imports. | | Sprint 60 | Air-Gapped Mode Phase 5 – Evidence Portability & UX | src/EvidenceLocker/StellaOps.EvidenceLocker/TASKS.md | TODO | Evidence Locker Guild | EVID-OBS-60-001 | Deliver portable evidence export flow for sealed environments with checksum manifest and offline verification script. | | Sprint 60 | Air-Gapped Mode Phase 5 – Evidence Portability & UX | src/Excititor/StellaOps.Excititor.WebService/TASKS.md | TODO | Excititor WebService Guild | EXCITITOR-WEB-AIRGAP-58-001 | Emit timeline events for VEX bundle imports. | | Sprint 60 | Air-Gapped Mode Phase 5 – Evidence Portability & UX | src/Findings/StellaOps.Findings.Ledger/TASKS.md | TODO | Findings Ledger Guild | LEDGER-AIRGAP-57-001 | Link findings to portable evidence bundles. | | Sprint 60 | Air-Gapped Mode Phase 5 – Evidence Portability & UX | src/Notifier/StellaOps.Notifier/TASKS.md | TODO | Notifications Service Guild | NOTIFY-AIRGAP-58-001 | (Carry) Portable evidence notifications. | | Sprint 60 | Air-Gapped Mode Phase 5 – Evidence Portability & UX | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild | POLICY-AIRGAP-58-001 | Notify on stale policy packs and guide remediation. | | Sprint 61 | SDKs & OpenAPI Phase 1 – Contract Foundations | docs/TASKS.md | TODO | Docs Guild | DOCS-OAS-61-001 | Publish /docs/api/overview.md. | | Sprint 61 | SDKs & OpenAPI Phase 1 – Contract Foundations | docs/TASKS.md | TODO | Docs Guild | DOCS-OAS-61-002 | Publish /docs/api/conventions.md. | | Sprint 61 | SDKs & OpenAPI Phase 1 – Contract Foundations | docs/TASKS.md | TODO | Docs Guild | DOCS-OAS-61-003 | Publish /docs/api/versioning.md. | | Sprint 61 | SDKs & OpenAPI Phase 1 – Contract Foundations | ops/devops/TASKS.md | TODO | DevOps Guild | DEVOPS-OAS-61-001 | Add OAS lint/validation/diff stages to CI. | | Sprint 61 | SDKs & OpenAPI Phase 1 – Contract Foundations | src/Api/StellaOps.Api.Governance/TASKS.md | TODO | API Governance Guild | APIGOV-61-001 | Configure lint rules and CI enforcement. | | Sprint 61 | SDKs & OpenAPI Phase 1 – Contract Foundations | src/Api/StellaOps.Api.Governance/TASKS.md | TODO | API Governance Guild | APIGOV-61-002 | Enforce example coverage in CI. | | Sprint 61 | SDKs & OpenAPI Phase 1 – Contract Foundations | src/Api/StellaOps.Api.OpenApi/TASKS.md | TODO | API Contracts Guild | OAS-61-001 | Scaffold per-service OpenAPI skeletons with shared components. | | Sprint 61 | SDKs & OpenAPI Phase 1 – Contract Foundations | src/Api/StellaOps.Api.OpenApi/TASKS.md | TODO | API Contracts Guild | OAS-61-002 | Build aggregate composer and integrate into CI. | | Sprint 61 | SDKs & OpenAPI Phase 1 – Contract Foundations | src/Authority/StellaOps.Authority/TASKS.md | TODO | Authority Core & Security Guild | AUTH-OAS-61-001 | Document Authority authentication APIs in OAS. | | Sprint 61 | SDKs & OpenAPI Phase 1 – Contract Foundations | src/Authority/StellaOps.Authority/TASKS.md | TODO | Authority Core & Security Guild | AUTH-OAS-61-002 | Provide Authority discovery endpoint. | | Sprint 61 | SDKs & OpenAPI Phase 1 – Contract Foundations | src/Concelier/__Libraries/StellaOps.Concelier.Core/TASKS.md | TODO | Concelier Core Guild | CONCELIER-OAS-61-001 | Update advisory OAS coverage. | | Sprint 61 | SDKs & OpenAPI Phase 1 – Contract Foundations | src/Concelier/__Libraries/StellaOps.Concelier.Core/TASKS.md | TODO | Concelier Core Guild | CONCELIER-OAS-61-002 | Populate advisory examples. | | Sprint 61 | SDKs & OpenAPI Phase 1 – Contract Foundations | src/Concelier/StellaOps.Concelier.WebService/TASKS.md | TODO | Concelier WebService Guild | CONCELIER-WEB-OAS-61-001 | Implement Concelier discovery endpoint. | | Sprint 61 | SDKs & OpenAPI Phase 1 – Contract Foundations | src/Concelier/StellaOps.Concelier.WebService/TASKS.md | TODO | Concelier WebService Guild | CONCELIER-WEB-OAS-61-002 | Standardize error envelope. | | Sprint 61 | SDKs & OpenAPI Phase 1 – Contract Foundations | src/Excititor/__Libraries/StellaOps.Excititor.Core/TASKS.md | TODO | Excititor Core Guild | EXCITITOR-OAS-61-001 | Update VEX OAS coverage. | | Sprint 61 | SDKs & OpenAPI Phase 1 – Contract Foundations | src/Excititor/__Libraries/StellaOps.Excititor.Core/TASKS.md | TODO | Excititor Core Guild | EXCITITOR-OAS-61-002 | Provide VEX examples. | | Sprint 61 | SDKs & OpenAPI Phase 1 – Contract Foundations | src/Excititor/StellaOps.Excititor.WebService/TASKS.md | TODO | Excititor WebService Guild | EXCITITOR-WEB-OAS-61-001 | Implement discovery endpoint. | | Sprint 61 | SDKs & OpenAPI Phase 1 – Contract Foundations | src/Excititor/StellaOps.Excititor.WebService/TASKS.md | TODO | Excititor WebService Guild | EXCITITOR-WEB-OAS-61-002 | Migrate errors to standard envelope. | | Sprint 61 | SDKs & OpenAPI Phase 1 – Contract Foundations | src/ExportCenter/StellaOps.ExportCenter/TASKS.md | TODO | Exporter Service Guild | EXPORT-OAS-61-001 | Update Exporter spec coverage. | | Sprint 61 | SDKs & OpenAPI Phase 1 – Contract Foundations | src/ExportCenter/StellaOps.ExportCenter/TASKS.md | TODO | Exporter Service Guild | EXPORT-OAS-61-002 | Implement Exporter discovery endpoint. | | Sprint 61 | SDKs & OpenAPI Phase 1 – Contract Foundations | src/Findings/StellaOps.Findings.Ledger/TASKS.md | TODO | Findings Ledger Guild | LEDGER-OAS-61-001 | Expand Findings Ledger spec coverage. | | Sprint 61 | SDKs & OpenAPI Phase 1 – Contract Foundations | src/Findings/StellaOps.Findings.Ledger/TASKS.md | TODO | Findings Ledger Guild | LEDGER-OAS-61-002 | Provide ledger discovery endpoint. | | Sprint 61 | SDKs & OpenAPI Phase 1 – Contract Foundations | src/Notifier/StellaOps.Notifier/TASKS.md | TODO | Notifications Service Guild | NOTIFY-OAS-61-001 | Update notifier spec coverage. | | Sprint 61 | SDKs & OpenAPI Phase 1 – Contract Foundations | src/Notifier/StellaOps.Notifier/TASKS.md | TODO | Notifications Service Guild | NOTIFY-OAS-61-002 | Implement notifier discovery endpoint. | | Sprint 61 | SDKs & OpenAPI Phase 1 – Contract Foundations | src/Orchestrator/StellaOps.Orchestrator/TASKS.md | TODO | Orchestrator Service Guild | ORCH-OAS-61-001 | Extend Orchestrator spec coverage. | | Sprint 61 | SDKs & OpenAPI Phase 1 – Contract Foundations | src/Orchestrator/StellaOps.Orchestrator/TASKS.md | TODO | Orchestrator Service Guild | ORCH-OAS-61-002 | Provide orchestrator discovery endpoint. | | Sprint 61 | SDKs & OpenAPI Phase 1 – Contract Foundations | src/TaskRunner/StellaOps.TaskRunner/TASKS.md | TODO | Task Runner Guild | TASKRUN-OAS-61-001 | Document Task Runner APIs in OAS. | | Sprint 61 | SDKs & OpenAPI Phase 1 – Contract Foundations | src/TaskRunner/StellaOps.TaskRunner/TASKS.md | TODO | Task Runner Guild | TASKRUN-OAS-61-002 | Expose Task Runner discovery endpoint. | | Sprint 61 | SDKs & OpenAPI Phase 1 – Contract Foundations | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-OAS-61-001 | Implement gateway discovery endpoint. | | Sprint 61 | SDKs & OpenAPI Phase 1 – Contract Foundations | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-OAS-61-002 | Standardize error envelope across gateway. | | Sprint 62 | SDKs & OpenAPI Phase 2 – Examples & Portal | docs/TASKS.md | TODO | Docs Guild | DOCS-CONTRIB-62-001 | Publish API contracts contributing guide. | | Sprint 62 | SDKs & OpenAPI Phase 2 – Examples & Portal | docs/TASKS.md | TODO | Docs Guild | DOCS-DEVPORT-62-001 | Document dev portal publishing. | | Sprint 62 | SDKs & OpenAPI Phase 2 – Examples & Portal | docs/TASKS.md | TODO | Docs Guild | DOCS-OAS-62-001 | Deploy /docs/api/reference/ generated site. | | Sprint 62 | SDKs & OpenAPI Phase 2 – Examples & Portal | docs/TASKS.md | TODO | Docs Guild | DOCS-SDK-62-001 | Publish SDK overview + language guides. | | Sprint 62 | SDKs & OpenAPI Phase 2 – Examples & Portal | docs/TASKS.md | TODO | Docs Guild | DOCS-SEC-62-001 | Update auth scopes documentation. | | Sprint 62 | SDKs & OpenAPI Phase 2 – Examples & Portal | docs/TASKS.md | TODO | Docs Guild | DOCS-TEST-62-001 | Publish contract testing doc. | | Sprint 62 | SDKs & OpenAPI Phase 2 – Examples & Portal | src/Api/StellaOps.Api.Governance/TASKS.md | TODO | API Governance Guild | APIGOV-62-001 | Implement compatibility diff tool. | | Sprint 62 | SDKs & OpenAPI Phase 2 – Examples & Portal | src/Api/StellaOps.Api.OpenApi/TASKS.md | TODO | API Contracts Guild | OAS-62-001 | Populate examples for top endpoints. | | Sprint 62 | SDKs & OpenAPI Phase 2 – Examples & Portal | src/Authority/StellaOps.Authority/TASKS.md | TODO | Authority Core & Security Guild | AUTH-OAS-62-001 | Provide SDK auth helpers/tests. | | Sprint 62 | SDKs & OpenAPI Phase 2 – Examples & Portal | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-SDK-62-001 | Migrate CLI to official SDK. | | Sprint 62 | SDKs & OpenAPI Phase 2 – Examples & Portal | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-SDK-62-002 | Update CLI error handling for new envelope. | | Sprint 62 | SDKs & OpenAPI Phase 2 – Examples & Portal | src/Concelier/__Libraries/StellaOps.Concelier.Core/TASKS.md | TODO | Concelier Core Guild | CONCELIER-OAS-62-001 | Add SDK smoke tests for advisory APIs. | | Sprint 62 | SDKs & OpenAPI Phase 2 – Examples & Portal | src/Concelier/StellaOps.Concelier.WebService/TASKS.md | TODO | Concelier WebService Guild | CONCELIER-WEB-OAS-62-001 | Add advisory API examples. | | Sprint 62 | SDKs & OpenAPI Phase 2 – Examples & Portal | src/DevPortal/StellaOps.DevPortal.Site/TASKS.md | TODO | Developer Portal Guild | DEVPORT-62-001 | Build static generator with nav/search. | | Sprint 62 | SDKs & OpenAPI Phase 2 – Examples & Portal | src/DevPortal/StellaOps.DevPortal.Site/TASKS.md | TODO | Developer Portal Guild | DEVPORT-62-002 | Add schema viewer, examples, version selector. | | Sprint 62 | SDKs & OpenAPI Phase 2 – Examples & Portal | src/Excititor/__Libraries/StellaOps.Excititor.Core/TASKS.md | TODO | Excititor Core Guild | EXCITITOR-OAS-62-001 | Add SDK tests for VEX APIs. | | Sprint 62 | SDKs & OpenAPI Phase 2 – Examples & Portal | src/Excititor/StellaOps.Excititor.WebService/TASKS.md | TODO | Excititor WebService Guild | EXCITITOR-WEB-OAS-62-001 | Provide VEX API examples. | | Sprint 62 | SDKs & OpenAPI Phase 2 – Examples & Portal | src/ExportCenter/StellaOps.ExportCenter/TASKS.md | TODO | Exporter Service Guild | EXPORT-OAS-62-001 | Ensure SDK streaming helpers for exports. | | Sprint 62 | SDKs & OpenAPI Phase 2 – Examples & Portal | src/Findings/StellaOps.Findings.Ledger/TASKS.md | TODO | Findings Ledger Guild | LEDGER-OAS-62-001 | Provide SDK tests for ledger APIs. | | Sprint 62 | SDKs & OpenAPI Phase 2 – Examples & Portal | src/Notifier/StellaOps.Notifier/TASKS.md | TODO | Notifications Service Guild | NOTIFY-OAS-62-001 | Provide SDK examples for notifier APIs. | | Sprint 62 | SDKs & OpenAPI Phase 2 – Examples & Portal | src/Sdk/StellaOps.Sdk.Generator/TASKS.md | TODO | SDK Generator Guild | SDKGEN-62-001 | Establish generator framework. | | Sprint 62 | SDKs & OpenAPI Phase 2 – Examples & Portal | src/Sdk/StellaOps.Sdk.Generator/TASKS.md | TODO | SDK Generator Guild | SDKGEN-62-002 | Implement shared post-processing helpers. | | Sprint 62 | SDKs & OpenAPI Phase 2 – Examples & Portal | src/TaskRunner/StellaOps.TaskRunner/TASKS.md | TODO | Task Runner Guild | TASKRUN-OAS-62-001 | Provide SDK examples for pack runs. | | Sprint 62 | SDKs & OpenAPI Phase 2 – Examples & Portal | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-OAS-62-001 | Align pagination/idempotency behaviors. | | Sprint 62 | SDKs & OpenAPI Phase 2 – Examples & Portal | test/contract/TASKS.md | TODO | Contract Testing Guild | CONTR-62-001 | Generate mock server fixtures. | | Sprint 62 | SDKs & OpenAPI Phase 2 – Examples & Portal | test/contract/TASKS.md | TODO | Contract Testing Guild | CONTR-62-002 | Integrate mock server into CI. | | Sprint 63 | SDKs & OpenAPI Phase 3 – SDK Alpha & Try-It | docs/TASKS.md | TODO | Docs Guild | DOCS-TEST-62-001 | (Carry) ensure contract testing doc final. | | Sprint 63 | SDKs & OpenAPI Phase 3 – SDK Alpha & Try-It | src/Api/StellaOps.Api.Governance/TASKS.md | TODO | API Governance Guild | APIGOV-63-001 | Integrate compatibility diff gating. | | Sprint 63 | SDKs & OpenAPI Phase 3 – SDK Alpha & Try-It | src/Api/StellaOps.Api.OpenApi/TASKS.md | TODO | API Contracts Guild | OAS-63-001 | Compatibility diff support. | | Sprint 63 | SDKs & OpenAPI Phase 3 – SDK Alpha & Try-It | src/Api/StellaOps.Api.OpenApi/TASKS.md | TODO | API Contracts Guild | OAS-63-002 | Define discovery schema metadata. | | Sprint 63 | SDKs & OpenAPI Phase 3 – SDK Alpha & Try-It | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-SDK-63-001 | Add CLI spec download command. | | Sprint 63 | SDKs & OpenAPI Phase 3 – SDK Alpha & Try-It | src/DevPortal/StellaOps.DevPortal.Site/TASKS.md | TODO | Developer Portal Guild | DEVPORT-63-001 | Add Try-It console. | | Sprint 63 | SDKs & OpenAPI Phase 3 – SDK Alpha & Try-It | src/DevPortal/StellaOps.DevPortal.Site/TASKS.md | TODO | Developer Portal Guild | DEVPORT-63-002 | Embed SDK snippets/quick starts. | | Sprint 63 | SDKs & OpenAPI Phase 3 – SDK Alpha & Try-It | src/Sdk/StellaOps.Sdk.Generator/TASKS.md | TODO | SDK Generator Guild | SDKGEN-63-001 | Release TypeScript SDK alpha. | | Sprint 63 | SDKs & OpenAPI Phase 3 – SDK Alpha & Try-It | src/Sdk/StellaOps.Sdk.Generator/TASKS.md | TODO | SDK Generator Guild | SDKGEN-63-002 | Release Python SDK alpha. | | Sprint 63 | SDKs & OpenAPI Phase 3 – SDK Alpha & Try-It | src/Sdk/StellaOps.Sdk.Generator/TASKS.md | TODO | SDK Generator Guild | SDKGEN-63-003 | Release Go SDK alpha. | | Sprint 63 | SDKs & OpenAPI Phase 3 – SDK Alpha & Try-It | src/Sdk/StellaOps.Sdk.Generator/TASKS.md | TODO | SDK Generator Guild | SDKGEN-63-004 | Release Java SDK alpha. | | Sprint 63 | SDKs & OpenAPI Phase 3 – SDK Alpha & Try-It | src/Sdk/StellaOps.Sdk.Release/TASKS.md | TODO | SDK Release Guild | SDKREL-63-001 | Configure SDK release pipelines. | | Sprint 63 | SDKs & OpenAPI Phase 3 – SDK Alpha & Try-It | src/Sdk/StellaOps.Sdk.Release/TASKS.md | TODO | SDK Release Guild | SDKREL-63-002 | Automate changelogs from OAS diffs. | | Sprint 63 | SDKs & OpenAPI Phase 3 – SDK Alpha & Try-It | test/contract/TASKS.md | TODO | Contract Testing Guild | CONTR-63-001 | Build replay harness for drift detection. | | Sprint 63 | SDKs & OpenAPI Phase 3 – SDK Alpha & Try-It | test/contract/TASKS.md | TODO | Contract Testing Guild | CONTR-63-002 | Emit contract testing metrics. | | Sprint 64 | SDKs & OpenAPI Phase 4 – Harden & Offline Bundles | docs/TASKS.md | TODO | Docs Guild | DOCS-AIRGAP-DEVPORT-64-001 | Document devportal offline usage. | | Sprint 64 | SDKs & OpenAPI Phase 4 – Harden & Offline Bundles | ops/devops/TASKS.md | TODO | DevOps Guild | DEVOPS-DEVPORT-63-001 | Automate developer portal pipeline. | | Sprint 64 | SDKs & OpenAPI Phase 4 – Harden & Offline Bundles | ops/devops/TASKS.md | TODO | DevOps Guild | DEVOPS-DEVPORT-64-001 | Schedule offline bundle builds. | | Sprint 64 | SDKs & OpenAPI Phase 4 – Harden & Offline Bundles | src/DevPortal/StellaOps.DevPortal.Site/TASKS.md | TODO | Developer Portal Guild | DEVPORT-64-001 | Offline portal build. | | Sprint 64 | SDKs & OpenAPI Phase 4 – Harden & Offline Bundles | src/DevPortal/StellaOps.DevPortal.Site/TASKS.md | TODO | Developer Portal Guild | DEVPORT-64-002 | Add accessibility/performance checks. | | Sprint 64 | SDKs & OpenAPI Phase 4 – Harden & Offline Bundles | src/ExportCenter/StellaOps.ExportCenter.DevPortalOffline/TASKS.md | TODO | DevPortal Offline Guild | DVOFF-64-001 | Implement devportal offline export job. | | Sprint 64 | SDKs & OpenAPI Phase 4 – Harden & Offline Bundles | src/ExportCenter/StellaOps.ExportCenter.DevPortalOffline/TASKS.md | TODO | DevPortal Offline Guild | DVOFF-64-002 | Provide verification CLI. | | Sprint 64 | SDKs & OpenAPI Phase 4 – Harden & Offline Bundles | src/Sdk/StellaOps.Sdk.Generator/TASKS.md | TODO | SDK Generator Guild | SDKGEN-64-001 | Migrate CLI to SDK. | | Sprint 64 | SDKs & OpenAPI Phase 4 – Harden & Offline Bundles | src/Sdk/StellaOps.Sdk.Generator/TASKS.md | TODO | SDK Generator Guild | SDKGEN-64-002 | Integrate SDKs into Console. | | Sprint 64 | SDKs & OpenAPI Phase 4 – Harden & Offline Bundles | src/Sdk/StellaOps.Sdk.Release/TASKS.md | TODO | SDK Release Guild | SDKREL-64-001 | Hook SDK releases to Notifications. | | Sprint 64 | SDKs & OpenAPI Phase 4 – Harden & Offline Bundles | src/Sdk/StellaOps.Sdk.Release/TASKS.md | TODO | SDK Release Guild | SDKREL-64-002 | Produce devportal offline bundle. | | Sprint 65 | SDKs & OpenAPI Phase 5 – Deprecation & Notifications | docs/TASKS.md | TODO | Docs Guild | DOCS-AIRGAP-DEVPORT-64-001 | (Carry) ensure offline doc published; update as necessary. | | Sprint 65 | SDKs & OpenAPI Phase 5 – Deprecation & Notifications | src/Api/StellaOps.Api.Governance/TASKS.md | TODO | API Governance Guild | APIGOV-63-001 | (Carry) compatibility gating monitoring. | | Sprint 65 | SDKs & OpenAPI Phase 5 – Deprecation & Notifications | src/Authority/StellaOps.Authority/TASKS.md | DONE (2025-11-01) | Authority Core & Security Guild | AUTH-OAS-63-001 | Deprecation headers for auth endpoints. | | Sprint 65 | SDKs & OpenAPI Phase 5 – Deprecation & Notifications | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-SDK-64-001 | SDK update awareness command. | | Sprint 65 | SDKs & OpenAPI Phase 5 – Deprecation & Notifications | src/Concelier/__Libraries/StellaOps.Concelier.Core/TASKS.md | TODO | Concelier Core Guild | CONCELIER-OAS-63-001 | Deprecation metadata for Concelier APIs. | | Sprint 65 | SDKs & OpenAPI Phase 5 – Deprecation & Notifications | src/Excititor/__Libraries/StellaOps.Excititor.Core/TASKS.md | TODO | Excititor Core Guild | EXCITITOR-OAS-63-001 | Deprecation metadata for VEX APIs. | | Sprint 65 | SDKs & OpenAPI Phase 5 – Deprecation & Notifications | src/ExportCenter/StellaOps.ExportCenter/TASKS.md | TODO | Exporter Service Guild | EXPORT-OAS-63-001 | Deprecation headers for exporter APIs. | | Sprint 65 | SDKs & OpenAPI Phase 5 – Deprecation & Notifications | src/Findings/StellaOps.Findings.Ledger/TASKS.md | TODO | Findings Ledger Guild | LEDGER-OAS-63-001 | Deprecation headers for ledger APIs. | | Sprint 65 | SDKs & OpenAPI Phase 5 – Deprecation & Notifications | src/Notifier/StellaOps.Notifier/TASKS.md | TODO | Notifications Service Guild | NOTIFY-OAS-63-001 | Emit deprecation notifications. | | Sprint 65 | SDKs & OpenAPI Phase 5 – Deprecation & Notifications | src/Orchestrator/StellaOps.Orchestrator/TASKS.md | TODO | Orchestrator Service Guild | ORCH-OAS-63-001 | Add orchestrator deprecation headers. | | Sprint 65 | SDKs & OpenAPI Phase 5 – Deprecation & Notifications | src/Sdk/StellaOps.Sdk.Release/TASKS.md | TODO | SDK Release Guild | SDKREL-64-001 | Production rollout of notifications feed. | | Sprint 65 | SDKs & OpenAPI Phase 5 – Deprecation & Notifications | src/TaskRunner/StellaOps.TaskRunner/TASKS.md | TODO | Task Runner Guild | TASKRUN-OAS-63-001 | Add Task Runner deprecation headers. | | Sprint 65 | SDKs & OpenAPI Phase 5 – Deprecation & Notifications | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-OAS-63-001 | Implement deprecation headers in gateway. | | Sprint 66 | Risk Profiles Phase 1 – Foundations | docs/TASKS.md | TODO | Docs Guild | DOCS-RISK-66-001 | Publish /docs/risk/overview.md. | | Sprint 66 | Risk Profiles Phase 1 – Foundations | docs/TASKS.md | TODO | Docs Guild | DOCS-RISK-66-002 | Publish /docs/risk/profiles.md. | | Sprint 66 | Risk Profiles Phase 1 – Foundations | docs/TASKS.md | TODO | Docs Guild | DOCS-RISK-66-003 | Publish /docs/risk/factors.md. | | Sprint 66 | Risk Profiles Phase 1 – Foundations | docs/TASKS.md | TODO | Docs Guild | DOCS-RISK-66-004 | Publish /docs/risk/formulas.md. | | Sprint 66 | Risk Profiles Phase 1 – Foundations | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-RISK-66-001 | Implement CLI profile management commands. | | Sprint 66 | Risk Profiles Phase 1 – Foundations | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-RISK-66-002 | Implement CLI simulation command. | | Sprint 66 | Risk Profiles Phase 1 – Foundations | src/Concelier/__Libraries/StellaOps.Concelier.Core/TASKS.md | TODO | Concelier Core Guild | CONCELIER-RISK-66-001 | Expose CVSS/KEV provider data. | | Sprint 66 | Risk Profiles Phase 1 – Foundations | src/Concelier/__Libraries/StellaOps.Concelier.Core/TASKS.md | TODO | Concelier Core Guild | CONCELIER-RISK-66-002 | Provide fix availability signals. | | Sprint 66 | Risk Profiles Phase 1 – Foundations | src/Excititor/__Libraries/StellaOps.Excititor.Core/TASKS.md | TODO | Excititor Core Guild | EXCITITOR-RISK-66-001 | Supply VEX gating data to risk engine. | | Sprint 66 | Risk Profiles Phase 1 – Foundations | src/Excititor/__Libraries/StellaOps.Excititor.Core/TASKS.md | TODO | Excititor Core Guild | EXCITITOR-RISK-66-002 | Provide reachability inputs. | | Sprint 66 | Risk Profiles Phase 1 – Foundations | src/Findings/StellaOps.Findings.Ledger/TASKS.md | TODO | Findings Ledger Guild | LEDGER-RISK-66-001 | Add risk scoring columns/indexes. | | Sprint 66 | Risk Profiles Phase 1 – Foundations | src/Findings/StellaOps.Findings.Ledger/TASKS.md | TODO | Findings Ledger Guild | LEDGER-RISK-66-002 | Implement deterministic scoring upserts. | | Sprint 66 | Risk Profiles Phase 1 – Foundations | src/Notifier/StellaOps.Notifier/TASKS.md | TODO | Notifications Service Guild | NOTIFY-RISK-66-001 | Create risk severity alert templates. | | Sprint 66 | Risk Profiles Phase 1 – Foundations | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild | POLICY-RISK-66-003 | Integrate schema validation into Policy Engine. | | Sprint 66 | Risk Profiles Phase 1 – Foundations | src/Policy/StellaOps.Policy.RiskProfile/TASKS.md | TODO | Risk Profile Schema Guild | POLICY-RISK-66-001 | Deliver RiskProfile schema + validators. | | Sprint 66 | Risk Profiles Phase 1 – Foundations | src/Policy/StellaOps.Policy.RiskProfile/TASKS.md | TODO | Risk Profile Schema Guild | POLICY-RISK-66-002 | Implement inheritance/merge and hashing. | | Sprint 66 | Risk Profiles Phase 1 – Foundations | src/Policy/__Libraries/StellaOps.Policy/TASKS.md | TODO | Policy Guild | POLICY-RISK-66-004 | Extend Policy libraries for RiskProfile handling. | | Sprint 66 | Risk Profiles Phase 1 – Foundations | src/RiskEngine/StellaOps.RiskEngine/TASKS.md | TODO | Risk Engine Guild | RISK-ENGINE-66-001 | Scaffold risk engine queue/worker/registry. | | Sprint 66 | Risk Profiles Phase 1 – Foundations | src/RiskEngine/StellaOps.RiskEngine/TASKS.md | TODO | Risk Engine Guild | RISK-ENGINE-66-002 | Implement transforms/gates/contribution calculator. | | Sprint 66 | Risk Profiles Phase 1 – Foundations | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-RISK-66-001 | Expose risk API routing in gateway. | | Sprint 66 | Risk Profiles Phase 1 – Foundations | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-RISK-66-002 | Handle explainability downloads. | | Sprint 67 | Risk Profiles Phase 2 – Providers & Lifecycle | docs/TASKS.md | TODO | Docs Guild | DOCS-RISK-67-001 | Publish explainability doc. | | Sprint 67 | Risk Profiles Phase 2 – Providers & Lifecycle | docs/TASKS.md | TODO | Docs Guild | DOCS-RISK-67-002 | Publish risk API doc. | | Sprint 67 | Risk Profiles Phase 2 – Providers & Lifecycle | docs/TASKS.md | TODO | Docs Guild | DOCS-RISK-67-003 | Publish console risk UI doc. | | Sprint 67 | Risk Profiles Phase 2 – Providers & Lifecycle | docs/TASKS.md | TODO | Docs Guild | DOCS-RISK-67-004 | Publish CLI risk doc. | | Sprint 67 | Risk Profiles Phase 2 – Providers & Lifecycle | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-RISK-67-001 | Provide risk results query command. | | Sprint 67 | Risk Profiles Phase 2 – Providers & Lifecycle | src/Concelier/__Libraries/StellaOps.Concelier.Core/TASKS.md | TODO | Concelier Core Guild | CONCELIER-RISK-67-001 | Add source consensus metrics. | | Sprint 67 | Risk Profiles Phase 2 – Providers & Lifecycle | src/Excititor/__Libraries/StellaOps.Excititor.Core/TASKS.md | TODO | Excititor Core Guild | EXCITITOR-RISK-67-001 | Add VEX explainability metadata. | | Sprint 67 | Risk Profiles Phase 2 – Providers & Lifecycle | src/Notifier/StellaOps.Notifier/TASKS.md | TODO | Notifications Service Guild | NOTIFY-RISK-67-001 | Notify on profile publish/deprecate. | | Sprint 67 | Risk Profiles Phase 2 – Providers & Lifecycle | src/Notifier/StellaOps.Notifier/TASKS.md | TODO | Notifications Service Guild | NOTIFY-RISK-68-001 | (Prep) risk routing settings seeds. | | Sprint 67 | Risk Profiles Phase 2 – Providers & Lifecycle | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild | POLICY-RISK-67-001 | Enqueue scoring on new findings. | | Sprint 67 | Risk Profiles Phase 2 – Providers & Lifecycle | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild | POLICY-RISK-67-002 | Deliver profile lifecycle APIs. | | Sprint 67 | Risk Profiles Phase 2 – Providers & Lifecycle | src/Policy/StellaOps.Policy.RiskProfile/TASKS.md | TODO | Risk Profile Schema Guild | POLICY-RISK-67-001 | Integrate profiles into policy store lifecycle. | | Sprint 67 | Risk Profiles Phase 2 – Providers & Lifecycle | src/Policy/StellaOps.Policy.RiskProfile/TASKS.md | TODO | Risk Profile Schema Guild | POLICY-RISK-67-002 | Publish schema endpoint + validation tooling. | | Sprint 67 | Risk Profiles Phase 2 – Providers & Lifecycle | src/Policy/__Libraries/StellaOps.Policy/TASKS.md | TODO | Policy Guild | POLICY-RISK-67-003 | Provide simulation orchestration APIs. | | Sprint 67 | Risk Profiles Phase 2 – Providers & Lifecycle | src/RiskEngine/StellaOps.RiskEngine/TASKS.md | TODO | Risk Engine Guild | RISK-ENGINE-67-001 | Integrate CVSS/KEV providers. | | Sprint 67 | Risk Profiles Phase 2 – Providers & Lifecycle | src/RiskEngine/StellaOps.RiskEngine/TASKS.md | TODO | Risk Engine Guild | RISK-ENGINE-67-002 | Integrate VEX gate provider. | | Sprint 67 | Risk Profiles Phase 2 – Providers & Lifecycle | src/RiskEngine/StellaOps.RiskEngine/TASKS.md | TODO | Risk Engine Guild | RISK-ENGINE-67-003 | Add fix availability/criticality/exposure providers. | | Sprint 67 | Risk Profiles Phase 2 – Providers & Lifecycle | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-RISK-67-001 | Provide risk status endpoint. | | Sprint 68 | Risk Profiles Phase 3 – APIs & Ledger | docs/TASKS.md | TODO | Docs Guild | DOCS-RISK-68-001 | Publish risk bundle doc. | | Sprint 68 | Risk Profiles Phase 3 – APIs & Ledger | docs/TASKS.md | TODO | Docs Guild | DOCS-RISK-68-002 | Update AOC invariants doc. | | Sprint 68 | Risk Profiles Phase 3 – APIs & Ledger | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-RISK-68-001 | Add risk bundle verification command. | | Sprint 68 | Risk Profiles Phase 3 – APIs & Ledger | src/Findings/StellaOps.Findings.Ledger/TASKS.md | TODO | Findings Ledger Guild | LEDGER-RISK-67-001 | Provide scored findings query API. | | Sprint 68 | Risk Profiles Phase 3 – APIs & Ledger | src/Findings/StellaOps.Findings.Ledger/TASKS.md | TODO | Findings Ledger Guild | LEDGER-RISK-68-001 | Enable scored findings export. | | Sprint 68 | Risk Profiles Phase 3 – APIs & Ledger | src/Notifier/StellaOps.Notifier/TASKS.md | TODO | Notifications Service Guild | NOTIFY-RISK-68-001 | Configure risk notification routing UI/logic. | | Sprint 68 | Risk Profiles Phase 3 – APIs & Ledger | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild | POLICY-RISK-68-001 | Ship simulation API endpoint. | | Sprint 68 | Risk Profiles Phase 3 – APIs & Ledger | src/Policy/__Libraries/StellaOps.Policy/TASKS.md | TODO | Policy Guild | POLICY-RISK-68-002 | Support profile export/import. | | Sprint 68 | Risk Profiles Phase 3 – APIs & Ledger | src/RiskEngine/StellaOps.RiskEngine/TASKS.md | TODO | Risk Engine Guild | RISK-ENGINE-68-001 | Persist scoring results & explanations. | | Sprint 68 | Risk Profiles Phase 3 – APIs & Ledger | src/RiskEngine/StellaOps.RiskEngine/TASKS.md | TODO | Risk Engine Guild | RISK-ENGINE-68-002 | Expose jobs/results/explanations APIs. | | Sprint 68 | Risk Profiles Phase 3 – APIs & Ledger | src/Web/StellaOps.Web/TASKS.md | TODO | BE-Base Platform Guild | WEB-RISK-68-001 | Emit severity transition events via gateway. | | Sprint 69 | Risk Profiles Phase 4 – Simulation & Reporting | docs/TASKS.md | TODO | Docs Guild | DOCS-RISK-67-001..004 | (Carry) ensure docs updated from simulation release. | | Sprint 69 | Risk Profiles Phase 4 – Simulation & Reporting | src/ExportCenter/StellaOps.ExportCenter.RiskBundles/TASKS.md | TODO | Risk Bundle Export Guild | RISK-BUNDLE-69-001 | Build risk bundle. | | Sprint 69 | Risk Profiles Phase 4 – Simulation & Reporting | src/ExportCenter/StellaOps.ExportCenter.RiskBundles/TASKS.md | TODO | Risk Bundle Export Guild | RISK-BUNDLE-69-002 | Integrate bundle into pipelines. | | Sprint 69 | Risk Profiles Phase 4 – Simulation & Reporting | src/ExportCenter/StellaOps.ExportCenter/TASKS.md | TODO | Exporter Service Guild | EXPORT-RISK-69-002 | Enable simulation report exports. | | Sprint 69 | Risk Profiles Phase 4 – Simulation & Reporting | src/Notifier/StellaOps.Notifier/TASKS.md | TODO | Notifications Service Guild | NOTIFY-RISK-66-001 | (Completion) finalize severity alert templates. | | Sprint 69 | Risk Profiles Phase 4 – Simulation & Reporting | src/RiskEngine/StellaOps.RiskEngine/TASKS.md | TODO | Risk Engine Guild | RISK-ENGINE-69-001 | Implement simulation mode. | | Sprint 69 | Risk Profiles Phase 4 – Simulation & Reporting | src/RiskEngine/StellaOps.RiskEngine/TASKS.md | TODO | Risk Engine Guild | RISK-ENGINE-69-002 | Add telemetry/metrics dashboards. | | Sprint 70 | Risk Profiles Phase 5 – Air-Gap & Advanced Factors | docs/TASKS.md | TODO | Docs Guild | DOCS-RISK-68-001 | (Carry) finalize risk bundle doc after verification CLI. | | Sprint 70 | Risk Profiles Phase 5 – Air-Gap & Advanced Factors | src/ExportCenter/StellaOps.ExportCenter.RiskBundles/TASKS.md | TODO | Risk Bundle Export Guild | RISK-BUNDLE-70-001 | Provide bundle verification CLI. | | Sprint 70 | Risk Profiles Phase 5 – Air-Gap & Advanced Factors | src/ExportCenter/StellaOps.ExportCenter.RiskBundles/TASKS.md | TODO | Risk Bundle Export Guild | RISK-BUNDLE-70-002 | Publish documentation. | | Sprint 70 | Risk Profiles Phase 5 – Air-Gap & Advanced Factors | src/ExportCenter/StellaOps.ExportCenter/TASKS.md | TODO | Exporter Service Guild | EXPORT-RISK-70-001 | Integrate risk bundle into offline kit. | | Sprint 70 | Risk Profiles Phase 5 – Air-Gap & Advanced Factors | src/Notifier/StellaOps.Notifier/TASKS.md | TODO | Notifications Service Guild | NOTIFY-RISK-68-001 | Finalize risk alert routing UI. | | Sprint 70 | Risk Profiles Phase 5 – Air-Gap & Advanced Factors | src/RiskEngine/StellaOps.RiskEngine/TASKS.md | TODO | Risk Engine Guild | RISK-ENGINE-70-001 | Support offline provider bundles. | | Sprint 70 | Risk Profiles Phase 5 – Air-Gap & Advanced Factors | src/RiskEngine/StellaOps.RiskEngine/TASKS.md | TODO | Risk Engine Guild | RISK-ENGINE-70-002 | Integrate runtime/reachability providers. | | Sprint 71 | Risk Profiles Phase 6 – Quality & Performance | docs/TASKS.md | TODO | Docs Guild | DOCS-RISK-67-001..68-002 | Final editorial pass on risk documentation set. | | Sprint 71 | Risk Profiles Phase 6 – Quality & Performance | src/Cli/StellaOps.Cli/TASKS.md | TODO | DevEx/CLI Guild | CLI-RISK-66-001..68-001 | Harden CLI commands with integration tests and error handling. | | Sprint 71 | Risk Profiles Phase 6 – Quality & Performance | src/Findings/StellaOps.Findings.Ledger/TASKS.md | TODO | Findings Ledger Guild | LEDGER-RISK-69-001 | Finalize dashboards and alerts for scoring latency. | | Sprint 71 | Risk Profiles Phase 6 – Quality & Performance | src/Notifier/StellaOps.Notifier/TASKS.md | TODO | Notifications Service Guild | NOTIFY-RISK-68-001 | Tune routing/quiet hour dedupe for risk alerts. | | Sprint 71 | Risk Profiles Phase 6 – Quality & Performance | src/RiskEngine/StellaOps.RiskEngine/TASKS.md | TODO | Risk Engine Guild | RISK-ENGINE-69-002 | Optimize performance, cache, and incremental scoring; validate SLOs. | | Sprint 72 | Attestor Console Phase 1 – Foundations | ops/devops/TASKS.md | TODO | DevOps Guild | DEVOPS-ATTEST-73-001 | (Prep) align CI secrets for Attestor service. | | Sprint 72 | Attestor Console Phase 1 – Foundations | src/Attestor/StellaOps.Attestor.Envelope/TASKS.md | TODO | Envelope Guild | ATTEST-ENVELOPE-72-001 | Implement DSSE canonicalization and hashing helpers. | | Sprint 72 | Attestor Console Phase 1 – Foundations | src/Attestor/StellaOps.Attestor.Envelope/TASKS.md | TODO | Envelope Guild | ATTEST-ENVELOPE-72-002 | Support compact/expanded output and detached payloads. | | Sprint 72 | Attestor Console Phase 1 – Foundations | src/Attestor/StellaOps.Attestor.Types/TASKS.md | DONE | Attestation Payloads Guild | ATTEST-TYPES-72-001 | Draft schemas for all attestation payload types. | | Sprint 72 | Attestor Console Phase 1 – Foundations | src/Attestor/StellaOps.Attestor.Types/TASKS.md | DONE | Attestation Payloads Guild | ATTEST-TYPES-72-002 | Generate models/validators from schemas. | | Sprint 72 | Attestor Console Phase 1 – Foundations | src/Attestor/StellaOps.Attestor/TASKS.md | TODO | Attestor Service Guild | ATTESTOR-72-001 | Scaffold attestor service skeleton. | | Sprint 72 | Attestor Console Phase 1 – Foundations | src/Attestor/StellaOps.Attestor/TASKS.md | TODO | Attestor Service Guild | ATTESTOR-72-002 | Implement attestation store + storage integration. | | Sprint 72 | Attestor Console Phase 1 – Foundations | src/__Libraries/StellaOps.Cryptography.Kms/TASKS.md | DONE | KMS Guild | KMS-72-001 | Implement KMS interface + file driver. | | Sprint 73 | Attestor CLI Phase 2 – Signing & Policies | src/Cli/StellaOps.Cli/TASKS.md | TODO | CLI Attestor Guild | CLI-ATTEST-73-001 | Implement stella attest sign (payload selection, subject digest, key reference, output format) using official SDK transport. | | Sprint 73 | Attestor CLI Phase 2 – Signing & Policies | src/Cli/StellaOps.Cli/TASKS.md | TODO | CLI Attestor Guild | CLI-ATTEST-73-002 | Implement stella attest verify with policy selection, explainability output, and JSON/table formatting. | | Sprint 73 | Attestor Console Phase 2 – Signing & Policies | docs/TASKS.md | TODO | Docs Guild | DOCS-ATTEST-73-001 | Publish attestor overview. | | Sprint 73 | Attestor Console Phase 2 – Signing & Policies | docs/TASKS.md | DONE | Docs Guild | DOCS-ATTEST-73-002 | Publish payload docs. | | Sprint 73 | Attestor Console Phase 2 – Signing & Policies | docs/TASKS.md | TODO | Docs Guild | DOCS-ATTEST-73-003 | Publish policies doc. | | Sprint 73 | Attestor Console Phase 2 – Signing & Policies | docs/TASKS.md | TODO | Docs Guild | DOCS-ATTEST-73-004 | Publish workflows doc. | | Sprint 73 | Attestor Console Phase 2 – Signing & Policies | src/Attestor/StellaOps.Attestor.Envelope/TASKS.md | TODO | Envelope Guild | ATTEST-ENVELOPE-73-001 | Add signing/verification helpers with KMS integration. | | Sprint 73 | Attestor Console Phase 2 – Signing & Policies | src/Attestor/StellaOps.Attestor.Types/TASKS.md | DONE | Attestation Payloads Guild | ATTEST-TYPES-73-001 | Create golden payload fixtures. | | Sprint 73 | Attestor Console Phase 2 – Signing & Policies | src/Attestor/StellaOps.Attestor/TASKS.md | DOING | Attestor Service Guild | ATTESTOR-73-001 | Ship signing endpoint. | | Sprint 73 | Attestor Console Phase 2 – Signing & Policies | src/Attestor/StellaOps.Attestor/TASKS.md | TODO | Attestor Service Guild | ATTESTOR-73-002 | Ship verification pipeline and reports. | | Sprint 73 | Attestor Console Phase 2 – Signing & Policies | src/Attestor/StellaOps.Attestor/TASKS.md | TODO | Attestor Service Guild | ATTESTOR-73-003 | Implement list/fetch APIs. | | Sprint 73 | Attestor Console Phase 2 – Signing & Policies | src/__Libraries/StellaOps.Cryptography.Kms/TASKS.md | DONE (2025-10-30) | KMS Guild | KMS-72-002 | CLI support for key import/export. | | Sprint 73 | Attestor Console Phase 2 – Signing & Policies | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild | POLICY-ATTEST-73-001 | Implement VerificationPolicy lifecycle. | | Sprint 73 | Attestor Console Phase 2 – Signing & Policies | src/Policy/StellaOps.Policy.Engine/TASKS.md | TODO | Policy Guild | POLICY-ATTEST-73-002 | Surface policies in Policy Studio. | | Sprint 74 | Attestor CLI Phase 3 – Transparency & Chain of Custody | src/Cli/StellaOps.Cli/TASKS.md | TODO | CLI Attestor Guild | CLI-ATTEST-74-001 | Implement stella attest list with filters (subject, type, issuer, scope) and pagination. | | Sprint 74 | Attestor CLI Phase 3 – Transparency & Chain of Custody | src/Cli/StellaOps.Cli/TASKS.md | TODO | CLI Attestor Guild | CLI-ATTEST-74-002 | Implement stella attest fetch to download envelopes and payloads to disk. | | Sprint 74 | Attestor Console Phase 3 – Transparency & Chain of Custody | docs/TASKS.md | TODO | Docs Guild | DOCS-ATTEST-74-001 | Publish keys & issuers doc. | | Sprint 74 | Attestor Console Phase 3 – Transparency & Chain of Custody | docs/TASKS.md | TODO | Docs Guild | DOCS-ATTEST-74-002 | Publish transparency doc. | | Sprint 74 | Attestor Console Phase 3 – Transparency & Chain of Custody | docs/TASKS.md | TODO | Docs Guild | DOCS-ATTEST-74-003 | Publish console attestor UI doc. | | Sprint 74 | Attestor Console Phase 3 – Transparency & Chain of Custody | docs/TASKS.md | TODO | Docs Guild | DOCS-ATTEST-74-004 | Publish CLI attest doc. | | Sprint 74 | Attestor Console Phase 3 – Transparency & Chain of Custody | ops/devops/TASKS.md | TODO | DevOps Guild | DEVOPS-ATTEST-74-001 | Deploy transparency witness infra. | | Sprint 74 | Attestor Console Phase 3 – Transparency & Chain of Custody | src/Attestor/StellaOps.Attestor.Envelope/TASKS.md | TODO | Envelope Guild | ATTEST-ENVELOPE-73-002 | Run fuzz tests for envelope handling. | | Sprint 74 | Attestor Console Phase 3 – Transparency & Chain of Custody | src/Attestor/StellaOps.Attestor.Verify/TASKS.md | TODO | Verification Guild | ATTEST-VERIFY-74-001 | Add telemetry for verification pipeline. | | Sprint 74 | Attestor Console Phase 3 – Transparency & Chain of Custody | src/Attestor/StellaOps.Attestor.Verify/TASKS.md | TODO | Verification Guild | ATTEST-VERIFY-74-002 | Document verification explainability. | | Sprint 74 | Attestor Console Phase 3 – Transparency & Chain of Custody | src/Attestor/StellaOps.Attestor/TASKS.md | DOING | Attestor Service Guild | ATTESTOR-74-001 | Integrate transparency witness client. | | Sprint 74 | Attestor Console Phase 3 – Transparency & Chain of Custody | src/Attestor/StellaOps.Attestor/TASKS.md | TODO | Attestor Service Guild | ATTESTOR-74-002 | Implement bulk verification worker. | | Sprint 74 | Attestor Console Phase 3 – Transparency & Chain of Custody | src/ExportCenter/StellaOps.ExportCenter.AttestationBundles/TASKS.md | TODO | Attestation Bundle Guild | EXPORT-ATTEST-74-001 | Build attestation bundle export job. | | Sprint 74 | Attestor Console Phase 3 – Transparency & Chain of Custody | src/Notifier/StellaOps.Notifier/TASKS.md | TODO | Notifications Service Guild | NOTIFY-ATTEST-74-001 | Add verification/key notifications. | | Sprint 74 | Attestor Console Phase 3 – Transparency & Chain of Custody | src/Notifier/StellaOps.Notifier/TASKS.md | TODO | Notifications Service Guild | NOTIFY-ATTEST-74-002 | Notify key rotation/revocation. | | Sprint 75 | Attestor CLI Phase 4 – Air Gap & Bulk | src/Cli/StellaOps.Cli/TASKS.md | TODO | CLI Attestor Guild, Export Guild | CLI-ATTEST-75-002 | Add support for building/verifying attestation bundles in CLI. | | Sprint 75 | Attestor Console Phase 4 – Air Gap & Bulk | docs/TASKS.md | TODO | Docs Guild | DOCS-ATTEST-75-001 | Publish attestor airgap doc. | | Sprint 75 | Attestor Console Phase 4 – Air Gap & Bulk | docs/TASKS.md | TODO | Docs Guild | DOCS-ATTEST-75-002 | Update AOC invariants for attestations. | | Sprint 75 | Attestor Console Phase 4 – Air Gap & Bulk | ops/devops/TASKS.md | TODO | DevOps Guild | DEVOPS-ATTEST-74-002 | Integrate bundle builds into release/offline pipelines. | | Sprint 75 | Attestor Console Phase 4 – Air Gap & Bulk | ops/devops/TASKS.md | TODO | DevOps Guild | DEVOPS-ATTEST-75-001 | Dashboards/alerts for attestor metrics. | | Sprint 75 | Attestor Console Phase 4 – Air Gap & Bulk | src/Attestor/StellaOps.Attestor/TASKS.md | TODO | Attestor Service Guild | ATTESTOR-75-001 | Support attestation bundle export/import for air gap. | | Sprint 75 | Attestor Console Phase 4 – Air Gap & Bulk | src/Attestor/StellaOps.Attestor/TASKS.md | DONE | Attestor Service Guild | ATTESTOR-75-002 | Harden APIs (rate limits, fuzz tests, threat model actions). | | Sprint 75 | Attestor Console Phase 4 – Air Gap & Bulk | src/ExportCenter/StellaOps.ExportCenter.AttestationBundles/TASKS.md | TODO | Attestation Bundle Guild | EXPORT-ATTEST-75-001 | CLI bundle verify/import. | | Sprint 75 | Attestor Console Phase 4 – Air Gap & Bulk | src/ExportCenter/StellaOps.ExportCenter.AttestationBundles/TASKS.md | TODO | Attestation Bundle Guild | EXPORT-ATTEST-75-002 | Document attestor airgap workflow. |