babb81af52
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
- Added Deno analyzer with comprehensive metadata and evidence structure. - Created a detailed implementation plan for Sprint 130 focusing on Deno analyzer. - Introduced AdvisoryAiGuardrailOptions for managing guardrail configurations. - Developed GuardrailPhraseLoader for loading blocked phrases from JSON files. - Implemented tests for AdvisoryGuardrailOptions binding and phrase loading. - Enhanced telemetry for Advisory AI with metrics tracking. - Added VexObservationProjectionService for querying VEX observations. - Created extensive tests for VexObservationProjectionService functionality. - Introduced Ruby language analyzer with tests for simple and complex workspaces. - Added Ruby application fixtures for testing purposes.
3.0 KiB
3.0 KiB
Sprint 130 - Scanner & Surface
Phase focus: Scanner.I — Deno analyzer bring-up.
- Depends on: Sprint 110.A · AdvisoryAI (schema + advisory feeds)
- Feeds: Sprint 131 (Scanner.II) once artifacts below land.
Execute the tasks below strictly in order; each artifact unblocks the next analyzer stage.
| Order | Task ID | State | Summary | Owner / Source | Depends On |
|---|---|---|---|---|---|
| 1 | SCANNER-ANALYZERS-DENO-26-001 |
DONE | Build the deterministic input normalizer + VFS merger for deno.json(c), import maps, lockfiles, vendor trees, $DENO_DIR, and OCI layers so analyzers have a canonical file view. |
Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | — |
| 2 | SCANNER-ANALYZERS-DENO-26-002 |
DONE | Implement the module graph resolver covering static/dynamic imports, npm bridge, cache lookups, built-ins, WASM/JSON assertions, and annotate edges with their resolution provenance. | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | SCANNER-ANALYZERS-DENO-26-001 |
| 3 | SCANNER-ANALYZERS-DENO-26-003 |
DONE | Ship the npm/node compatibility adapter that maps npm: specifiers, evaluates exports conditionals, and logs builtin usage for policy overlays. |
Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | SCANNER-ANALYZERS-DENO-26-002 |
| 4 | SCANNER-ANALYZERS-DENO-26-004 |
DONE | Add the permission/capability analyzer covering FS/net/env/process/crypto/FFI/workers plus dynamic-import + literal fetch heuristics with reason codes. | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | SCANNER-ANALYZERS-DENO-26-003 |
| 5 | SCANNER-ANALYZERS-DENO-26-005 |
DONE | Build bundle/binary inspectors for eszip and deno compile executables to recover graphs, configs, embedded resources, and snapshots. |
Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | SCANNER-ANALYZERS-DENO-26-004 |
| 6 | SCANNER-ANALYZERS-DENO-26-006 |
DONE | Implement the OCI/container adapter that stitches per-layer Deno caches, vendor trees, and compiled binaries back into provenance-aware analyzer inputs. | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | SCANNER-ANALYZERS-DENO-26-005 |
| 7 | SCANNER-ANALYZERS-DENO-26-007 |
DONE | Produce AOC-compliant observation writers (entrypoints, modules, capability edges, workers, warnings, binaries) with deterministic reason codes. | Deno Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | SCANNER-ANALYZERS-DENO-26-006 |
| 8 | SCANNER-ANALYZERS-DENO-26-008 |
DOING | Finalize fixture + benchmark suite (vendor/npm/FFI/worker/dynamic import/bundle/cache/container cases) validating analyzer determinism and performance. | Deno Analyzer Guild, QA Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno) | SCANNER-ANALYZERS-DENO-26-007 |
Status 2025-11-12: Task SCANNER-ANALYZERS-DENO-26-008 reopened to diagnose missing vendor-cache edges in the Deno analyzer golden fixture; Codex now DOING to stabilize graph + fixtures before finalizing the sprint.