ae69b1a8a1
- Created detailed markdown files for Sprints 508 (Ops Offline Kit), 509 (Samples), 510 (AirGap), 511 (Api), 512 (Bench), 513 (Provenance), and 514 (Sovereign Crypto Enablement) outlining tasks, dependencies, and owners. - Introduced a comprehensive Reachability Evidence Delivery Guide to streamline the reachability signal process. - Implemented unit tests for Advisory AI to block known injection patterns and redact secrets. - Added AuthoritySenderConstraintHelper to manage sender constraints in OpenIddict transactions.
4.5 KiB
4.5 KiB
Sprint 125 - Policy & Reasoning
Last updated: November 8, 2025. Implementation order is DOING → TODO → BLOCKED.
Focus areas below were split out of the previous combined sprint; execute sections in order unless noted.
Policy.III
Dependency: Sprint 120.C - Policy.II (must land before this track). Focus: Policy & Reasoning focus on Policy (phase III).
| # | Task ID & handle | State | Key dependency / next step | Owners |
|---|---|---|---|---|
| 1 | POLICY-ENGINE-29-003 | TODO | Surface path/scope awareness in determinations (signal optional/dev/test downgrade, runtime boost) for Vuln Explorer display (Deps: POLICY-ENGINE-29-002) | Policy Guild, SBOM Service Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md |
| 2 | POLICY-ENGINE-29-004 | TODO | Add metrics/logs for batch evaluation (latency, queue depth) and simulation diff counts; update dashboards (Deps: POLICY-ENGINE-29-003) | Policy Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md |
| 3 | POLICY-ENGINE-30-001 | TODO | Define overlay contract for graph nodes/edges (status, severity, rationale refs, path relevance), expose projection API for Cartographer, and document schema versioning (Deps: POLICY-ENGINE-29-004) | Policy Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md |
| 4 | POLICY-ENGINE-30-002 | TODO | Implement simulation bridge returning on-the-fly overlays for Cartographer/Graph Explorer when invoking Policy Engine simulate; ensure no writes and deterministic outputs (Deps: POLICY-ENGINE-30-001) | Policy Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md |
| 5 | POLICY-ENGINE-30-003 | TODO | Emit change events (policy.effective.updated) with graph-friendly payloads so Cartographer overlay worker refreshes nodes/edges within 2 minutes (Deps: POLICY-ENGINE-30-002) |
Policy Guild, Scheduler Guild, Cartographer Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md |
| 6 | POLICY-ENGINE-30-101 | TODO | Surface trust weighting configuration (issuer base weights, signature modifiers, recency decay, scope adjustments) for VEX Lens via Policy Studio + API; ensure deterministic evaluation (Deps: POLICY-ENGINE-30-003) | Policy Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md |
| 7 | POLICY-ENGINE-31-001 | TODO | Expose policy knobs for Advisory AI (trust presets, temperature, token limits, plan ranking weights, TTLs) via Policy Studio and config APIs (Deps: POLICY-ENGINE-30-101) | Policy Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md |
| 8 | POLICY-ENGINE-31-002 | TODO | Provide batch endpoint delivering policy context (thresholds, obligations) consumed by Advisory AI remediation planner (Deps: POLICY-ENGINE-31-001) | Policy Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md |
| 9 | POLICY-ENGINE-32-101 | TODO | Define orchestrator policy_eval job schema, idempotency keys, and enqueue hooks triggered by advisory/VEX/SBOM events (Deps: POLICY-ENGINE-31-002) |
Policy Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md |
| 10 | POLICY-ENGINE-33-101 | TODO | Implement orchestrator-driven policy evaluation workers using SDK heartbeats, respecting throttles, and emitting SLO metrics (Deps: POLICY-ENGINE-32-101) | Policy Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md |
| 11 | POLICY-ENGINE-34-101 | TODO | Publish policy run ledger exports + SLO burn-rate metrics to orchestrator; ensure provenance chain links to Findings Ledger (Deps: POLICY-ENGINE-33-101) | Policy Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md |
| 12 | POLICY-ENGINE-35-201 | TODO | Expose deterministic policy snapshot API and evaluated findings stream keyed by policy version for exporter consumption (Deps: POLICY-ENGINE-34-101) | Policy Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md |
| 13 | POLICY-ENGINE-38-201 | TODO | Emit enriched policy violation events (decision rationale ids, risk bands) via orchestrator event bus for Notifications Studio (Deps: POLICY-ENGINE-35-201) | Policy Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md |
| 14 | POLICY-ENGINE-40-001 | TODO | Update severity/status evaluation pipelines to consume multiple source severities per linkset, supporting selection strategies (max, preferred source, policy-defined) (Deps: POLICY-ENGINE-38-201) | Policy Guild, Concelier Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md |
| 15 | POLICY-ENGINE-40-002 | TODO | Accept VEX linkset conflicts and provide rationale references in effective findings; ensure explain traces cite observation IDs (Deps: POLICY-ENGINE-40-001) | Policy Guild, Excititor Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md |