stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
ba4c935182406c64d22111f005ecd9528bc27250
git.stella-ops.org/docs/implplan/SPRINT_126_policy_reasoning.md
master ae69b1a8a1 feat: Add documentation and task tracking for Sprints 508 to 514 in Ops & Offline 
- Created detailed markdown files for Sprints 508 (Ops Offline Kit), 509 (Samples), 510 (AirGap), 511 (Api), 512 (Bench), 513 (Provenance), and 514 (Sovereign Crypto Enablement) outlining tasks, dependencies, and owners.
- Introduced a comprehensive Reachability Evidence Delivery Guide to streamline the reachability signal process.
- Implemented unit tests for Advisory AI to block known injection patterns and redact secrets.
- Added AuthoritySenderConstraintHelper to manage sender constraints in OpenIddict transactions.
2025-11-08 23:18:28 +02:00

4.6 KiB
Raw Blame History

Sprint 126 - Policy & Reasoning

Last updated: November 8, 2025. Implementation order is DOING → TODO → BLOCKED.

Focus areas below were split out of the previous combined sprint; execute sections in order unless noted.

Policy.IV

Dependency: Sprint 120.C - Policy.III (must land before this track). Focus: Policy & Reasoning focus on Policy (phase IV).

# Task ID & handle State Key dependency / next step Owners
1 POLICY-ENGINE-40-003 TODO Provide API/SDK utilities for consumers (Web Scanner, Graph Explorer) to request policy decisions with source evidence summaries (top severity sources, conflict counts) (Deps: POLICY-ENGINE-40-002) Policy Guild, Web Scanner Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md
2 POLICY-ENGINE-50-001 TODO Implement SPL compiler: validate YAML, canonicalize, produce signed bundle, store artifact in object storage, write policy_revisions with AOC metadata (Deps: POLICY-ENGINE-40-003) Policy Guild, Platform Security / src/Policy/StellaOps.Policy.Engine/TASKS.md
3 POLICY-ENGINE-50-002 TODO Build runtime evaluator executing compiled plans over advisory/vex linksets + SBOM asset metadata with deterministic caching (Redis) and fallback path (Deps: POLICY-ENGINE-50-001) Policy Guild, Runtime Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md
4 POLICY-ENGINE-50-003 TODO Implement evaluation/compilation metrics, tracing, and structured logs (policy_eval_seconds, policy_compiles_total, explanation sampling) (Deps: POLICY-ENGINE-50-002) Policy Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md
5 POLICY-ENGINE-50-004 TODO Build event pipeline: subscribe to linkset/SBOM updates, schedule re-eval jobs, emit policy.effective.updated events with diff metadata (Deps: POLICY-ENGINE-50-003) Policy Guild, Platform Events Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md
6 POLICY-ENGINE-50-005 TODO Design and implement policy_packs, policy_revisions, policy_runs, policy_artifacts collections with indexes, TTL, and tenant scoping (Deps: POLICY-ENGINE-50-004) Policy Guild, Storage Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md
7 POLICY-ENGINE-50-006 TODO Implement explainer persistence + retrieval APIs linking decisions to explanation tree and AOC chain (Deps: POLICY-ENGINE-50-005) Policy Guild, QA Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md
8 POLICY-ENGINE-50-007 TODO Provide evaluation worker host/DI wiring and job orchestration hooks for batch re-evaluations after policy activation (Deps: POLICY-ENGINE-50-006) Policy Guild, Scheduler Worker Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md
9 POLICY-ENGINE-60-001 TODO Maintain Redis effective decision maps per asset/snapshot for Graph overlays; implement versioning and eviction strategy (Deps: POLICY-ENGINE-50-007) Policy Guild, SBOM Service Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md
10 POLICY-ENGINE-60-002 TODO Expose simulation bridge for Graph What-if APIs, supporting hypothetical SBOM diffs and draft policies without persisting results (Deps: POLICY-ENGINE-60-001) Policy Guild, BE-Base Platform Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md
11 POLICY-ENGINE-70-002 TODO Design and create Mongo collections (exceptions, exception_reviews, exception_bindings) with indexes and migrations; expose repository APIs (Deps: POLICY-ENGINE-60-002) Policy Guild, Storage Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md
12 POLICY-ENGINE-70-003 TODO Build Redis exception decision cache (exceptions_effective_map) with warm/invalidation logic reacting to exception.* events (Deps: POLICY-ENGINE-70-002) Policy Guild, Runtime Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md
13 POLICY-ENGINE-70-004 TODO Extend metrics/tracing/logging for exception application (latency, counts, expiring events) and include AOC references in logs (Deps: POLICY-ENGINE-70-003) Policy Guild, Observability Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md
14 POLICY-ENGINE-70-005 TODO Provide APIs/workers hook for exception activation/expiry (auto start/end) and event emission (exception.activated/expired) (Deps: POLICY-ENGINE-70-004) Policy Guild, Scheduler Worker Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md
15 POLICY-ENGINE-80-001 TODO Integrate reachability/exploitability inputs into evaluation pipeline (state/score/confidence) with caching and explain support (Deps: POLICY-ENGINE-70-005) Policy Guild, Signals Guild / src/Policy/StellaOps.Policy.Engine/TASKS.md