75f6942769
- Implemented MigrationCategoryTests to validate migration categorization for startup, release, seed, and data migrations. - Added tests for edge cases, including null, empty, and whitespace migration names. - Created StartupMigrationHostTests to verify the behavior of the migration host with real PostgreSQL instances using Testcontainers. - Included tests for migration execution, schema creation, and handling of pending release migrations. - Added SQL migration files for testing: creating a test table, adding a column, a release migration, and seeding data.
14 KiB
BLOCKED Tasks Dependency Tree
Last Updated: 2025-12-04 Purpose: This document maps all BLOCKED tasks and their root causes to help teams prioritize unblocking work.
How to Use This Document
Before starting work on any BLOCKED task, check this tree to understand:
- What is the root blocker (external dependency, missing spec, staffing, etc.)
- What chain of tasks depends on it
- Which team/guild owns the root blocker
Legend
- Root Blocker — External/system cause (missing spec, staffing, disk space, etc.)
- Chained Blocked — Blocked by another BLOCKED task
- Module — Module/guild name
1. SIGNALS & RUNTIME FACTS (SGSI0101) — Critical Path
Root Blocker: PREP-SIGNALS-24-002 (CAS promotion pending)
PREP-SIGNALS-24-002 (CAS promotion pending)
+-- 24-002: Surface cache availability
+-- 24-003: Runtime facts ingestion + provenance enrichment
+-- 24-004: Authority scopes + 24-003
+-- 24-005: 24-004 scoring outputs
Root Blocker: SGSI0101 provenance feed/contract pending
SGSI0101 provenance feed/contract pending
+-- 56-001: Telemetry provenance
+-- 401-004: Replay Core (awaiting runtime facts + GAP-REP-004)
Impact: 6+ tasks in Signals, Telemetry, Replay Core guilds
To Unblock: Deliver CAS promotion and SGSI0101 provenance contract
2. API GOVERNANCE (APIG0101) — DevPortal & SDK Chain
Root Blocker: APIG0101 outputs (API baseline missing)
APIG0101 outputs (API baseline)
+-- 62-001: DevPortal API baseline
| +-- 62-002: Blocked until 62-001
| +-- 63-001: Platform integration
| +-- 63-002: SDK Generator integration
|
+-- 63-003: SDK Generator (APIG0101 outputs)
+-- 63-004: SDK Generator outstanding
Impact: 6 tasks in DevPortal + SDK Generator guilds
To Unblock: Deliver APIG0101 API baseline outputs
3. VEX LENS CHAIN (30-00x Series)
Root Blocker: VEX normalization + issuer directory + API governance specs
VEX normalization + issuer directory + API governance specs
+-- 30-001: VEX Lens base
+-- 30-002
+-- 30-003 (Issuer Directory)
+-- 30-004 (Policy)
+-- 30-005
+-- 30-006 (Findings Ledger)
+-- 30-007
+-- 30-008 (Policy)
+-- 30-009 (Observability)
+-- 30-010 (QA)
+-- 30-011 (DevOps)
Impact: 11 tasks — full VEX Lens series
To Unblock: Publish VEX normalization spec, issuer directory contract, and API governance specs
4. DEPLOYMENT CHAIN (44-xxx to 45-xxx)
Root Blocker: Upstream module releases (service list/version pins)
Upstream module releases (service list/version pins)
+-- 44-001: Compose deployment base
| +-- 44-002
| +-- 44-003
| +-- 45-001
| +-- 45-002 (Security)
| +-- 45-003 (Observability)
|
+-- COMPOSE-44-001 (parallel blocker)
Impact: 7 tasks in Deployment Guild
To Unblock: Publish consolidated service list and version pins from upstream modules
5. AIRGAP ECOSYSTEM
5.1 Controller Chain
Root Blocker: Disk full (workspace cleanup needed)
Disk full (workspace cleanup needed)
+-- AIRGAP-CTL-57-001: Startup diagnostics
+-- AIRGAP-CTL-57-002: Seal/unseal telemetry
+-- AIRGAP-CTL-58-001: Time anchor persistence
5.2 Importer Chain
Root Blocker: Disk space + controller telemetry
Disk space + controller telemetry
+-- AIRGAP-IMP-57-002: Object-store loader
+-- AIRGAP-IMP-58-001: Import API + CLI
+-- AIRGAP-IMP-58-002: Timeline events
5.3 Time Chain
Root Blocker: Controller telemetry + disk space
Controller telemetry + disk space
+-- AIRGAP-TIME-57-002: Time anchor telemetry
+-- AIRGAP-TIME-58-001: Drift baseline
+-- AIRGAP-TIME-58-002: Staleness notifications
5.4 CLI AirGap Chain
Root Blocker: Mirror bundle contract/spec not available
Mirror bundle contract/spec not available
+-- CLI-AIRGAP-56-001: stella mirror create
+-- CLI-AIRGAP-56-002: Telemetry sealed mode
+-- CLI-AIRGAP-57-001: stella airgap import
+-- CLI-AIRGAP-57-002: stella airgap seal
+-- CLI-AIRGAP-58-001: stella airgap export evidence
5.5 Docs AirGap
Root Blocker: CLI airgap contract (CLI-AIRGAP-56/57)
CLI airgap contract (CLI-AIRGAP-56/57)
+-- AIRGAP-57-003: CLI & ops inputs
+-- AIRGAP-57-004: Ops Guild
Impact: 17+ tasks in AirGap ecosystem
To Unblock:
- Clean up disk space
- Publish mirror bundle contract/spec
- Complete CLI-AIRGAP-56-001
6. CLI ATTESTOR CHAIN
Root Blocker: Scanner analyzer compile failures + attestor SDK transport contract
Scanner analyzer compile failures + attestor SDK transport contract
+-- CLI-ATTEST-73-001: stella attest sign
+-- CLI-ATTEST-73-002: stella attest verify
+-- CLI-ATTEST-74-001: stella attest list
+-- CLI-ATTEST-74-002: stella attest fetch
Impact: 4 tasks in CLI Attestor Guild
To Unblock: Fix scanner analyzer compile issues; publish attestor SDK transport contract
7. TASK RUNNER CHAINS
7.1 AirGap
Root Blocker: TASKRUN-AIRGAP-56-002
TASKRUN-AIRGAP-56-002
+-- TASKRUN-AIRGAP-57-001: Sealed environment check
+-- TASKRUN-AIRGAP-58-001: Evidence bundles
7.2 OAS Chain
Root Blocker: TASKRUN-41-001 (DONE - chain should unblock)
TASKRUN-41-001 (DONE)
+-- TASKRUN-OAS-61-001: Task Runner OAS docs
+-- TASKRUN-OAS-61-002: OpenAPI well-known
+-- TASKRUN-OAS-62-001: SDK examples
+-- TASKRUN-OAS-63-001: Deprecation handling
7.3 Observability Chain
Root Blocker: Timeline event schema + evidence-pointer contract
Timeline event schema + evidence-pointer contract
+-- TASKRUN-OBS-52-001: Timeline events
+-- TASKRUN-OBS-53-001: Evidence locker snapshots
+-- TASKRUN-OBS-54-001: DSSE attestations
| +-- TASKRUN-OBS-55-001: Incident mode
+-- TASKRUN-TEN-48-001: Tenant context
Impact: 10+ tasks in Task Runner Guild
To Unblock: Publish timeline event schema and evidence-pointer contract
8. SCANNER CHAINS
Root Blocker: PHP analyzer bootstrap spec/fixtures
PHP analyzer bootstrap spec/fixtures (composer/VFS schema)
+-- SCANNER-ANALYZERS-PHP-27-001
Root Blocker: 18-503/504/505/506 outputs (EntryTrace baseline)
18-503/504/505/506 outputs (EntryTrace baseline)
+-- SCANNER-ENTRYTRACE-18-508
Root Blocker: Task definition/contract missing
Task definition/contract missing
+-- SCANNER-SURFACE-01
Root Blocker: SCANNER-ANALYZERS-JAVA-21-007
SCANNER-ANALYZERS-JAVA-21-007
+-- ANALYZERS-JAVA-21-008
Root Blocker: Local dotnet tests hanging
SCANNER-ANALYZERS-LANG-10-309 (DONE, but local tests hanging)
+-- ANALYZERS-LANG-11-001
Impact: 5 tasks in Scanner Guild
To Unblock:
- Publish PHP analyzer bootstrap spec
- Complete EntryTrace 18-503/504/505/506
- Define SCANNER-SURFACE-01 contract
- Complete JAVA-21-007
- Fix local dotnet test environment
8.1 CLI COMPILE FAILURES (Detailed Analysis)
Analysis Date: 2025-12-04 Status: ✅ RESOLVED (2025-12-04) Resolution: See
docs/implplan/CLI_AUTH_MIGRATION_PLAN.md
The CLI (src/Cli/StellaOps.Cli) had significant API drift from its dependencies. This has been resolved.
Remediation Summary (All Fixed)
| Library | Issue | Status |
|---|---|---|
StellaOps.Auth.Client |
IStellaOpsTokenClient interface changed |
✅ FIXED - Extension methods created |
StellaOps.Cli.Output |
CliError constructor change |
✅ FIXED |
System.CommandLine |
API changes in 2.0.0-beta5+ | ✅ FIXED |
Spectre.Console |
Table.AddRow signature change |
✅ FIXED |
BackendOperationsClient |
CreateFailureDetailsAsync return type |
✅ FIXED |
CliProfile |
Class→Record conversion | ✅ FIXED |
X509Certificate2 |
Missing using directive | ✅ FIXED |
StellaOps.PolicyDsl |
PolicyIssue properties changed |
✅ FIXED |
CommandHandlers |
Method signature mismatches | ✅ FIXED |
Build Result
Build succeeded with 0 errors, 6 warnings (warnings are non-blocking)
Previously Blocked Tasks (Now Unblocked)
CLI Compile Failures (RESOLVED)
+-- CLI-ATTEST-73-001: stella attest sign → UNBLOCKED
+-- CLI-ATTEST-73-002: stella attest verify → UNBLOCKED
+-- CLI-AIAI-31-001: Advisory AI CLI integration → UNBLOCKED
+-- CLI-AIRGAP-56-001: stella mirror create → UNBLOCKED
+-- CLI-401-007: Reachability evidence chain → UNBLOCKED
+-- CLI-401-021: Reachability chain CI/attestor → UNBLOCKED
Key Changes Made
- Created
src/Cli/StellaOps.Cli/Extensions/StellaOpsTokenClientExtensions.cswith compatibility shims - Updated 8 service files to use new Auth.Client API pattern
- Fixed CommandFactory.cs method call argument order/types
- Updated PolicyDiagnostic model (Path instead of Line/Column/Span/Suggestion)
- Fixed CommandHandlers.cs static type and diagnostic rendering
9. CONCELIER RISK CHAIN
Root Blocker: POLICY-20-001 outputs + AUTH-TEN-47-001 + shared signals library
POLICY-20-001 + AUTH-TEN-47-001 + shared signals library
+-- CONCELIER-RISK-66-001: Vendor CVSS/KEV data
+-- CONCELIER-RISK-66-002: Fix-availability metadata
+-- CONCELIER-RISK-67-001: Coverage/conflict metrics
+-- CONCELIER-RISK-68-001: Advisory signal pickers
+-- CONCELIER-RISK-69-001 (continues)
Impact: 5+ tasks in Concelier Core Guild
To Unblock: Complete POLICY-20-001, AUTH-TEN-47-001, and adopt shared signals library
10. WEB/GRAPH CHAIN
Root Blocker: Upstream dependencies (unspecified)
Upstream dependencies
+-- WEB-GRAPH-21-001: Graph gateway routes
+-- WEB-GRAPH-21-002: Parameter validation
+-- WEB-GRAPH-21-003: Error mapping
+-- WEB-GRAPH-21-004: Policy Engine proxy
Root Blocker: WEB-POLICY-20-004
WEB-POLICY-20-004
+-- WEB-POLICY-23-001: Policy packs API
+-- WEB-POLICY-23-002: Activation endpoint
Impact: 6 tasks in BE-Base Platform Guild
To Unblock: Complete WEB-POLICY-20-004 and upstream graph dependencies
11. STAFFING / PROGRAM MANAGEMENT BLOCKERS
Root Blocker: PGMI0101 staffing confirmation
PGMI0101 staffing confirmation
+-- 54-001: Exporter/AirGap/CLI coordination
+-- 64-002: DevPortal Offline
+-- AIRGAP-46-001: Mirror staffing + DSSE plan
Root Blocker: PROGRAM-STAFF-1001 (staffing not assigned)
PROGRAM-STAFF-1001 (staffing not assigned)
+-- 54-001 (same as above)
Impact: 3 tasks
To Unblock: Confirm staffing assignments via Program Management Guild
12. BENCHMARK CHAIN
Root Blocker: CAGR0101 outputs (Graph platform)
CAGR0101 outputs (Graph platform)
+-- BENCH-GRAPH-21-001: Graph benchmark harness
+-- BENCH-GRAPH-21-002: UI load benchmark
Impact: 2 tasks in Bench Guild
To Unblock: Complete CAGR0101 Graph platform outputs
13. FINDINGS LEDGER
Root Blocker: LEDGER-AIRGAP-56-002 staleness spec + AirGap time anchors
LEDGER-AIRGAP-56-002 staleness spec + AirGap time anchors
+-- 58 series: LEDGER-AIRGAP chain
+-- AIRGAP-58-001: Concelier bundle contract
+-- AIRGAP-58-002
+-- AIRGAP-58-003
+-- AIRGAP-58-004
Impact: 5 tasks in Findings Ledger + AirGap guilds
To Unblock: Publish LEDGER-AIRGAP-56-002 staleness spec and time anchor contract
14. MISCELLANEOUS BLOCKED TASKS
| Task ID | Root Blocker | Guild |
|---|---|---|
| FEED-REMEDIATION-1001 | Scope missing; needs remediation runbook | Concelier Feed Owners |
| CLI-41-001 | Pending clarified scope | Docs/DevEx Guild |
| CLI-42-001 | Pending clarified scope | Docs Guild |
| CLI-AIAI-31-001 | Scanner analyzers compile failures | DevEx/CLI Guild |
| CLI-401-007 | Reachability evidence chain contract | UI & CLI Guilds |
| CLI-401-021 | Reachability chain CI/attestor contract | CLI/DevOps Guild |
| SVC-35-001 | Unspecified | Exporter Service Guild |
| VEX-30-001 | Unspecified | Console/BE-Base Guild |
| VULN-29-001 | Unspecified | Console/BE-Base Guild |
| WEB-RISK-66-001 | npm ci hangs; Angular tests broken | BE-Base/Policy Guild |
| CONCELIER-LNM-21-003 | Requires #8 heuristics | Concelier Core Guild |
Summary Statistics
| Root Blocker Category | Root Blockers | Downstream Tasks |
|---|---|---|
| SGSI0101 (Signals/Runtime) | 2 | ~6 |
| APIG0101 (API Governance) | 1 | 6 |
| VEX Specs | 1 | 11 |
| Deployment/Compose | 1 | 7 |
| AirGap Ecosystem | 4 | 17+ |
| Scanner Compile/Specs | 5 | 5 |
| Task Runner Contracts | 3 | 10+ |
| Staffing/Program Mgmt | 2 | 3 |
| Disk Full | 1 | 6 |
| Graph/Policy Upstream | 2 | 6 |
| Miscellaneous | 11 | 11 |
Total BLOCKED tasks: ~100+
Priority Unblocking Actions
These root blockers, if resolved, will unblock the most downstream tasks:
- SGSI0101 — Unblocks Signals chain + Telemetry + Replay Core (~6 tasks)
- APIG0101 — Unblocks DevPortal + SDK Generator (6 tasks)
- VEX normalization spec — Unblocks 11 VEX Lens tasks
- Mirror bundle contract — Unblocks CLI AirGap + Importer chains (~8 tasks)
- Disk cleanup — Unblocks AirGap Controller/Time chains (6 tasks)
- Scanner analyzer fixes — Unblocks CLI Attestor + Advisory AI (5+ tasks)
- Upstream module releases — Unblocks Deployment chain (7 tasks)
- Timeline event schema — Unblocks Task Runner Observability (5 tasks)
Cross-Reference
- Sprint files reference this document for BLOCKED task context
- Update this file when root blockers are resolved
- Notify dependent guilds when unblocking occurs