stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
b018949a8d2e6c135925a1f60dbee6b52ad28e3d
git.stella-ops.org/docs/implplan/BLOCKED_DEPENDENCY_TREE.md
master 75f6942769
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Add integration tests for migration categories and execution 
- Implemented MigrationCategoryTests to validate migration categorization for startup, release, seed, and data migrations.
- Added tests for edge cases, including null, empty, and whitespace migration names.
- Created StartupMigrationHostTests to verify the behavior of the migration host with real PostgreSQL instances using Testcontainers.
- Included tests for migration execution, schema creation, and handling of pending release migrations.
- Added SQL migration files for testing: creating a test table, adding a column, a release migration, and seeding data.
2025-12-04 19:10:54 +02:00

503 lines
14 KiB
Markdown
Raw Blame History

# BLOCKED Tasks Dependency Tree
> **Last Updated:** 2025-12-04
> **Purpose:** This document maps all BLOCKED tasks and their root causes to help teams prioritize unblocking work.
## How to Use This Document
Before starting work on any BLOCKED task, check this tree to understand:
1. What is the **root blocker** (external dependency, missing spec, staffing, etc.)
2. What **chain of tasks** depends on it
3. Which team/guild owns the root blocker
---
## Legend
- **Root Blocker** — External/system cause (missing spec, staffing, disk space, etc.)
- **Chained Blocked** — Blocked by another BLOCKED task
- **Module** — Module/guild name
---
## 1. SIGNALS & RUNTIME FACTS (SGSI0101) — Critical Path
**Root Blocker:** `PREP-SIGNALS-24-002` (CAS promotion pending)
```
PREP-SIGNALS-24-002 (CAS promotion pending)
+-- 24-002: Surface cache availability
+-- 24-003: Runtime facts ingestion + provenance enrichment
+-- 24-004: Authority scopes + 24-003
+-- 24-005: 24-004 scoring outputs
```
**Root Blocker:** `SGSI0101 provenance feed/contract pending`
```
SGSI0101 provenance feed/contract pending
+-- 56-001: Telemetry provenance
+-- 401-004: Replay Core (awaiting runtime facts + GAP-REP-004)
```
**Impact:** 6+ tasks in Signals, Telemetry, Replay Core guilds
**To Unblock:** Deliver CAS promotion and SGSI0101 provenance contract
---
## 2. API GOVERNANCE (APIG0101) — DevPortal & SDK Chain
**Root Blocker:** `APIG0101 outputs` (API baseline missing)
```
APIG0101 outputs (API baseline)
+-- 62-001: DevPortal API baseline
| +-- 62-002: Blocked until 62-001
| +-- 63-001: Platform integration
| +-- 63-002: SDK Generator integration
|
+-- 63-003: SDK Generator (APIG0101 outputs)
+-- 63-004: SDK Generator outstanding
```
**Impact:** 6 tasks in DevPortal + SDK Generator guilds
**To Unblock:** Deliver APIG0101 API baseline outputs
---
## 3. VEX LENS CHAIN (30-00x Series)
**Root Blocker:** `VEX normalization + issuer directory + API governance specs`
```
VEX normalization + issuer directory + API governance specs
+-- 30-001: VEX Lens base
+-- 30-002
+-- 30-003 (Issuer Directory)
+-- 30-004 (Policy)
+-- 30-005
+-- 30-006 (Findings Ledger)
+-- 30-007
+-- 30-008 (Policy)
+-- 30-009 (Observability)
+-- 30-010 (QA)
+-- 30-011 (DevOps)
```
**Impact:** 11 tasks — full VEX Lens series
**To Unblock:** Publish VEX normalization spec, issuer directory contract, and API governance specs
---
## 4. DEPLOYMENT CHAIN (44-xxx to 45-xxx)
**Root Blocker:** `Upstream module releases` (service list/version pins)
```
Upstream module releases (service list/version pins)
+-- 44-001: Compose deployment base
| +-- 44-002
| +-- 44-003
| +-- 45-001
| +-- 45-002 (Security)
| +-- 45-003 (Observability)
|
+-- COMPOSE-44-001 (parallel blocker)
```
**Impact:** 7 tasks in Deployment Guild
**To Unblock:** Publish consolidated service list and version pins from upstream modules
---
## 5. AIRGAP ECOSYSTEM
### 5.1 Controller Chain
**Root Blocker:** `Disk full` (workspace cleanup needed)
```
Disk full (workspace cleanup needed)
+-- AIRGAP-CTL-57-001: Startup diagnostics
+-- AIRGAP-CTL-57-002: Seal/unseal telemetry
+-- AIRGAP-CTL-58-001: Time anchor persistence
```
### 5.2 Importer Chain
**Root Blocker:** `Disk space + controller telemetry`
```
Disk space + controller telemetry
+-- AIRGAP-IMP-57-002: Object-store loader
+-- AIRGAP-IMP-58-001: Import API + CLI
+-- AIRGAP-IMP-58-002: Timeline events
```
### 5.3 Time Chain
**Root Blocker:** `Controller telemetry + disk space`
```
Controller telemetry + disk space
+-- AIRGAP-TIME-57-002: Time anchor telemetry
+-- AIRGAP-TIME-58-001: Drift baseline
+-- AIRGAP-TIME-58-002: Staleness notifications
```
### 5.4 CLI AirGap Chain
**Root Blocker:** `Mirror bundle contract/spec` not available
```
Mirror bundle contract/spec not available
+-- CLI-AIRGAP-56-001: stella mirror create
+-- CLI-AIRGAP-56-002: Telemetry sealed mode
+-- CLI-AIRGAP-57-001: stella airgap import
+-- CLI-AIRGAP-57-002: stella airgap seal
+-- CLI-AIRGAP-58-001: stella airgap export evidence
```
### 5.5 Docs AirGap
**Root Blocker:** `CLI airgap contract` (CLI-AIRGAP-56/57)
```
CLI airgap contract (CLI-AIRGAP-56/57)
+-- AIRGAP-57-003: CLI & ops inputs
+-- AIRGAP-57-004: Ops Guild
```
**Impact:** 17+ tasks in AirGap ecosystem
**To Unblock:**
1. Clean up disk space
2. Publish mirror bundle contract/spec
3. Complete CLI-AIRGAP-56-001
---
## 6. CLI ATTESTOR CHAIN
**Root Blocker:** `Scanner analyzer compile failures + attestor SDK transport contract`
```
Scanner analyzer compile failures + attestor SDK transport contract
+-- CLI-ATTEST-73-001: stella attest sign
+-- CLI-ATTEST-73-002: stella attest verify
+-- CLI-ATTEST-74-001: stella attest list
+-- CLI-ATTEST-74-002: stella attest fetch
```
**Impact:** 4 tasks in CLI Attestor Guild
**To Unblock:** Fix scanner analyzer compile issues; publish attestor SDK transport contract
---
## 7. TASK RUNNER CHAINS
### 7.1 AirGap
**Root Blocker:** `TASKRUN-AIRGAP-56-002`
```
TASKRUN-AIRGAP-56-002
+-- TASKRUN-AIRGAP-57-001: Sealed environment check
+-- TASKRUN-AIRGAP-58-001: Evidence bundles
```
### 7.2 OAS Chain
**Root Blocker:** `TASKRUN-41-001` (DONE - chain should unblock)
```
TASKRUN-41-001 (DONE)
+-- TASKRUN-OAS-61-001: Task Runner OAS docs
+-- TASKRUN-OAS-61-002: OpenAPI well-known
+-- TASKRUN-OAS-62-001: SDK examples
+-- TASKRUN-OAS-63-001: Deprecation handling
```
### 7.3 Observability Chain
**Root Blocker:** `Timeline event schema + evidence-pointer contract`
```
Timeline event schema + evidence-pointer contract
+-- TASKRUN-OBS-52-001: Timeline events
+-- TASKRUN-OBS-53-001: Evidence locker snapshots
+-- TASKRUN-OBS-54-001: DSSE attestations
| +-- TASKRUN-OBS-55-001: Incident mode
+-- TASKRUN-TEN-48-001: Tenant context
```
**Impact:** 10+ tasks in Task Runner Guild
**To Unblock:** Publish timeline event schema and evidence-pointer contract
---
## 8. SCANNER CHAINS
**Root Blocker:** `PHP analyzer bootstrap spec/fixtures`
```
PHP analyzer bootstrap spec/fixtures (composer/VFS schema)
+-- SCANNER-ANALYZERS-PHP-27-001
```
**Root Blocker:** `18-503/504/505/506 outputs` (EntryTrace baseline)
```
18-503/504/505/506 outputs (EntryTrace baseline)
+-- SCANNER-ENTRYTRACE-18-508
```
**Root Blocker:** `Task definition/contract missing`
```
Task definition/contract missing
+-- SCANNER-SURFACE-01
```
**Root Blocker:** `SCANNER-ANALYZERS-JAVA-21-007`
```
SCANNER-ANALYZERS-JAVA-21-007
+-- ANALYZERS-JAVA-21-008
```
**Root Blocker:** `Local dotnet tests hanging`
```
SCANNER-ANALYZERS-LANG-10-309 (DONE, but local tests hanging)
+-- ANALYZERS-LANG-11-001
```
**Impact:** 5 tasks in Scanner Guild
**To Unblock:**
1. Publish PHP analyzer bootstrap spec
2. Complete EntryTrace 18-503/504/505/506
3. Define SCANNER-SURFACE-01 contract
4. Complete JAVA-21-007
5. Fix local dotnet test environment
---
## 8.1 CLI COMPILE FAILURES (Detailed Analysis)
> **Analysis Date:** 2025-12-04
> **Status:** ✅ **RESOLVED** (2025-12-04)
> **Resolution:** See `docs/implplan/CLI_AUTH_MIGRATION_PLAN.md`
The CLI (`src/Cli/StellaOps.Cli`) had significant API drift from its dependencies. This has been resolved.
### Remediation Summary (All Fixed)
| Library | Issue | Status |
|---------|-------|--------|
| `StellaOps.Auth.Client` | `IStellaOpsTokenClient` interface changed | ✅ **FIXED** - Extension methods created |
| `StellaOps.Cli.Output` | `CliError` constructor change | ✅ **FIXED** |
| `System.CommandLine` | API changes in 2.0.0-beta5+ | ✅ **FIXED** |
| `Spectre.Console` | `Table.AddRow` signature change | ✅ **FIXED** |
| `BackendOperationsClient` | `CreateFailureDetailsAsync` return type | ✅ **FIXED** |
| `CliProfile` | Class→Record conversion | ✅ **FIXED** |
| `X509Certificate2` | Missing using directive | ✅ **FIXED** |
| `StellaOps.PolicyDsl` | `PolicyIssue` properties changed | ✅ **FIXED** |
| `CommandHandlers` | Method signature mismatches | ✅ **FIXED** |
### Build Result
**Build succeeded with 0 errors, 6 warnings** (warnings are non-blocking)
### Previously Blocked Tasks (Now Unblocked)
```
CLI Compile Failures (RESOLVED)
+-- CLI-ATTEST-73-001: stella attest sign → UNBLOCKED
+-- CLI-ATTEST-73-002: stella attest verify → UNBLOCKED
+-- CLI-AIAI-31-001: Advisory AI CLI integration → UNBLOCKED
+-- CLI-AIRGAP-56-001: stella mirror create → UNBLOCKED
+-- CLI-401-007: Reachability evidence chain → UNBLOCKED
+-- CLI-401-021: Reachability chain CI/attestor → UNBLOCKED
```
### Key Changes Made
1. Created `src/Cli/StellaOps.Cli/Extensions/StellaOpsTokenClientExtensions.cs` with compatibility shims
2. Updated 8 service files to use new Auth.Client API pattern
3. Fixed CommandFactory.cs method call argument order/types
4. Updated PolicyDiagnostic model (Path instead of Line/Column/Span/Suggestion)
5. Fixed CommandHandlers.cs static type and diagnostic rendering
---
## 9. CONCELIER RISK CHAIN
**Root Blocker:** `POLICY-20-001 outputs + AUTH-TEN-47-001 + shared signals library`
```
POLICY-20-001 + AUTH-TEN-47-001 + shared signals library
+-- CONCELIER-RISK-66-001: Vendor CVSS/KEV data
+-- CONCELIER-RISK-66-002: Fix-availability metadata
+-- CONCELIER-RISK-67-001: Coverage/conflict metrics
+-- CONCELIER-RISK-68-001: Advisory signal pickers
+-- CONCELIER-RISK-69-001 (continues)
```
**Impact:** 5+ tasks in Concelier Core Guild
**To Unblock:** Complete POLICY-20-001, AUTH-TEN-47-001, and adopt shared signals library
---
## 10. WEB/GRAPH CHAIN
**Root Blocker:** Upstream dependencies (unspecified)
```
Upstream dependencies
+-- WEB-GRAPH-21-001: Graph gateway routes
+-- WEB-GRAPH-21-002: Parameter validation
+-- WEB-GRAPH-21-003: Error mapping
+-- WEB-GRAPH-21-004: Policy Engine proxy
```
**Root Blocker:** `WEB-POLICY-20-004`
```
WEB-POLICY-20-004
+-- WEB-POLICY-23-001: Policy packs API
+-- WEB-POLICY-23-002: Activation endpoint
```
**Impact:** 6 tasks in BE-Base Platform Guild
**To Unblock:** Complete WEB-POLICY-20-004 and upstream graph dependencies
---
## 11. STAFFING / PROGRAM MANAGEMENT BLOCKERS
**Root Blocker:** `PGMI0101 staffing confirmation`
```
PGMI0101 staffing confirmation
+-- 54-001: Exporter/AirGap/CLI coordination
+-- 64-002: DevPortal Offline
+-- AIRGAP-46-001: Mirror staffing + DSSE plan
```
**Root Blocker:** `PROGRAM-STAFF-1001` (staffing not assigned)
```
PROGRAM-STAFF-1001 (staffing not assigned)
+-- 54-001 (same as above)
```
**Impact:** 3 tasks
**To Unblock:** Confirm staffing assignments via Program Management Guild
---
## 12. BENCHMARK CHAIN
**Root Blocker:** `CAGR0101 outputs` (Graph platform)
```
CAGR0101 outputs (Graph platform)
+-- BENCH-GRAPH-21-001: Graph benchmark harness
+-- BENCH-GRAPH-21-002: UI load benchmark
```
**Impact:** 2 tasks in Bench Guild
**To Unblock:** Complete CAGR0101 Graph platform outputs
---
## 13. FINDINGS LEDGER
**Root Blocker:** `LEDGER-AIRGAP-56-002 staleness spec + AirGap time anchors`
```
LEDGER-AIRGAP-56-002 staleness spec + AirGap time anchors
+-- 58 series: LEDGER-AIRGAP chain
+-- AIRGAP-58-001: Concelier bundle contract
+-- AIRGAP-58-002
+-- AIRGAP-58-003
+-- AIRGAP-58-004
```
**Impact:** 5 tasks in Findings Ledger + AirGap guilds
**To Unblock:** Publish LEDGER-AIRGAP-56-002 staleness spec and time anchor contract
---
## 14. MISCELLANEOUS BLOCKED TASKS
| Task ID | Root Blocker | Guild |
|---------|--------------|-------|
| FEED-REMEDIATION-1001 | Scope missing; needs remediation runbook | Concelier Feed Owners |
| CLI-41-001 | Pending clarified scope | Docs/DevEx Guild |
| CLI-42-001 | Pending clarified scope | Docs Guild |
| CLI-AIAI-31-001 | Scanner analyzers compile failures | DevEx/CLI Guild |
| CLI-401-007 | Reachability evidence chain contract | UI & CLI Guilds |
| CLI-401-021 | Reachability chain CI/attestor contract | CLI/DevOps Guild |
| SVC-35-001 | Unspecified | Exporter Service Guild |
| VEX-30-001 | Unspecified | Console/BE-Base Guild |
| VULN-29-001 | Unspecified | Console/BE-Base Guild |
| WEB-RISK-66-001 | npm ci hangs; Angular tests broken | BE-Base/Policy Guild |
| CONCELIER-LNM-21-003 | Requires #8 heuristics | Concelier Core Guild |
---
## Summary Statistics
| Root Blocker Category | Root Blockers | Downstream Tasks |
|----------------------|---------------|------------------|
| SGSI0101 (Signals/Runtime) | 2 | ~6 |
| APIG0101 (API Governance) | 1 | 6 |
| VEX Specs | 1 | 11 |
| Deployment/Compose | 1 | 7 |
| AirGap Ecosystem | 4 | 17+ |
| Scanner Compile/Specs | 5 | 5 |
| Task Runner Contracts | 3 | 10+ |
| Staffing/Program Mgmt | 2 | 3 |
| Disk Full | 1 | 6 |
| Graph/Policy Upstream | 2 | 6 |
| Miscellaneous | 11 | 11 |
**Total BLOCKED tasks:** ~100+
---
## Priority Unblocking Actions
These root blockers, if resolved, will unblock the most downstream tasks:
1. **SGSI0101** — Unblocks Signals chain + Telemetry + Replay Core (~6 tasks)
2. **APIG0101** — Unblocks DevPortal + SDK Generator (6 tasks)
3. **VEX normalization spec** — Unblocks 11 VEX Lens tasks
4. **Mirror bundle contract** — Unblocks CLI AirGap + Importer chains (~8 tasks)
5. **Disk cleanup** — Unblocks AirGap Controller/Time chains (6 tasks)
6. **Scanner analyzer fixes** — Unblocks CLI Attestor + Advisory AI (5+ tasks)
7. **Upstream module releases** — Unblocks Deployment chain (7 tasks)
8. **Timeline event schema** — Unblocks Task Runner Observability (5 tasks)
---
## Cross-Reference
- Sprint files reference this document for BLOCKED task context
- Update this file when root blockers are resolved
- Notify dependent guilds when unblocking occurs
Reference in New Issue View Git Blame Copy Permalink