ae69b1a8a1
- Created detailed markdown files for Sprints 508 (Ops Offline Kit), 509 (Samples), 510 (AirGap), 511 (Api), 512 (Bench), 513 (Provenance), and 514 (Sovereign Crypto Enablement) outlining tasks, dependencies, and owners. - Introduced a comprehensive Reachability Evidence Delivery Guide to streamline the reachability signal process. - Implemented unit tests for Advisory AI to block known injection patterns and redact secrets. - Added AuthoritySenderConstraintHelper to manage sender constraints in OpenIddict transactions.
4.9 KiB
4.9 KiB
Sprint 135 - Scanner & Surface
Implementation order remains sequential across Sprint 130–139. Complete each sprint in order before pulling tasks from the next file.
6. Scanner.VI — Scanner & Surface focus on Scanner (phase VI).
Dependency: Sprint 134 - 5. Scanner.V — Scanner & Surface focus on Scanner (phase V).
| Task ID | State | Summary | Owner / Source | Depends On |
|---|---|---|---|---|
SCANNER-ANALYZERS-PYTHON-23-012 |
TODO | Container/zipapp adapter enhancements: parse OCI layers for Python runtime, detect PYTHONPATH/PYTHONHOME env, record warnings for sitecustomize/startup hooks. |
Python Analyzer Guild (src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python/TASKS.md) | SCANNER-ANALYZERS-PYTHON-23-011 |
SCANNER-ANALYZERS-RUBY-28-001 |
TODO | Build input normalizer & VFS for Ruby projects: merge source trees, Gemfile/Gemfile.lock, vendor/bundle, .gem archives, .bundle/config, Rack configs, containers. Detect framework/job fingerprints deterministically. |
Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby/TASKS.md) | — |
SCANNER-ANALYZERS-RUBY-28-002 |
TODO | Gem & Bundler analyzer: parse Gemfile/Gemfile.lock, vendor specs, .gem archives, produce package nodes (PURLs), dependency edges, bin scripts, Bundler group metadata. | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby/TASKS.md) | SCANNER-ANALYZERS-RUBY-28-001 |
SCANNER-ANALYZERS-RUBY-28-003 |
TODO | Require/autoload graph builder: resolve static/dynamic require, require_relative, load; infer Zeitwerk autoload paths and Rack boot chain. | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby/TASKS.md) | SCANNER-ANALYZERS-RUBY-28-002 |
SCANNER-ANALYZERS-RUBY-28-004 |
TODO | Framework surface mapper: extract routes/controllers/middleware for Rails/Rack/Sinatra/Grape/Hanami; inventory jobs/schedulers (Sidekiq, Resque, ActiveJob, whenever, clockwork). | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby/TASKS.md) | SCANNER-ANALYZERS-RUBY-28-003 |
SCANNER-ANALYZERS-RUBY-28-005 |
TODO | Capability analyzer: detect os-exec, filesystem, network, serialization, crypto, DB usage, TLS posture, dynamic eval; record evidence snippets with file/line. | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby/TASKS.md) | SCANNER-ANALYZERS-RUBY-28-004 |
SCANNER-ANALYZERS-RUBY-28-006 |
TODO | Rake task & scheduler analyzer: parse Rakefiles/lib/tasks, capture task names/prereqs/shell commands; parse Sidekiq/whenever/clockwork configs into schedules. | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby/TASKS.md) | SCANNER-ANALYZERS-RUBY-28-005 |
SCANNER-ANALYZERS-RUBY-28-007 |
TODO | Container/runtime scanner: detect Ruby version, installed gems, native extensions, web server configs in OCI layers. | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby/TASKS.md) | SCANNER-ANALYZERS-RUBY-28-006 |
SCANNER-ANALYZERS-RUBY-28-008 |
TODO | Produce AOC-compliant observations: entrypoints, packages, modules, edges (require/autoload), routes, jobs, tasks, capabilities, configs, warnings. | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby/TASKS.md) | SCANNER-ANALYZERS-RUBY-28-007 |
SCANNER-ANALYZERS-RUBY-28-009 |
TODO | Fixture suite + performance benchmarks (Rails, Rack, Sinatra, Sidekiq, legacy, .gem, container) with golden outputs. | Ruby Analyzer Guild, QA Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby/TASKS.md) | SCANNER-ANALYZERS-RUBY-28-008 |
SCANNER-ANALYZERS-RUBY-28-010 |
TODO | Optional runtime evidence integration (if provided logs/metrics) with path hashing, without altering static precedence. | Ruby Analyzer Guild, Signals Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby/TASKS.md) | SCANNER-ANALYZERS-RUBY-28-009 |
SCANNER-ANALYZERS-RUBY-28-011 |
TODO | Package analyzer plug-in, add CLI (stella ruby inspect), refresh Offline Kit documentation. |
Ruby Analyzer Guild, DevOps Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby/TASKS.md) | SCANNER-ANALYZERS-RUBY-28-010 |
SCANNER-ANALYZERS-RUBY-28-012 |
TODO | Policy signal emitter: rubygems drift, native extension flags, dangerous constructs counts, TLS verify posture, dynamic require eval warnings. | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby/TASKS.md) | SCANNER-ANALYZERS-RUBY-28-011 |
SCANNER-ENTRYTRACE-18-502 |
TODO | Expand chain walker with init shim/user-switch/supervisor recognition plus env/workdir accumulation and guarded edges. | EntryTrace Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/TASKS.md) | SCANNER-ENTRYTRACE-18-508 |
SCANNER-ENTRYTRACE-18-503 |
TODO | Introduce target classifier + EntryPlan handoff with confidence scoring for ELF/Java/.NET/Node/Python and user/workdir context. | EntryTrace Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/TASKS.md) | SCANNER-ENTRYTRACE-18-502 |