b444284be5
Archive completed sprint documentation and deliverables: ## SPRINT_3500 - Proof of Exposure (PoE) Implementation (COMPLETE ✅) - Windows filesystem hash sanitization (colon → underscore) - Namespace conflict resolution (Subgraph → PoESubgraph) - Mock test improvements with It.IsAny<>() - Direct orchestrator unit tests - 8/8 PoE tests passing (100% success) - Archived to: docs/implplan/archived/2025-12-23-sprint-3500-poe/ ## SPRINT_7100.0001 - Proof-Driven Moats Core (COMPLETE ✅) - Four-tier backport detection system - 9 production modules (4,044 LOC) - Binary fingerprinting (TLSH + instruction hashing) - VEX integration with proof-carrying verdicts - 42+ unit tests passing (100% success) - Archived to: docs/implplan/archived/2025-12-23-sprint-7100-proof-moats/ ## SPRINT_7100.0002 - Proof Moats Storage Layer (COMPLETE ✅) - PostgreSQL repository implementations - Database migrations (4 evidence tables + audit) - Test data seed scripts (12 evidence records, 3 CVEs) - Integration tests with Testcontainers - <100ms proof generation performance - Archived to: docs/implplan/archived/2025-12-23-sprint-7100-proof-moats/ ## SPRINT_3000_0200 - Authority Admin & Branding (COMPLETE ✅) - Console admin RBAC UI components - Branding editor with tenant isolation - Authority backend endpoints - Archived to: docs/implplan/archived/ ## Additional Documentation - CLI command reference and compliance guides - Module architecture docs (26 modules documented) - Data schemas and contracts - Operations runbooks - Security risk models - Product roadmap All archived sprints achieved 100% completion of planned deliverables. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
34 lines
1.1 KiB
Markdown
34 lines
1.1 KiB
Markdown
# Roadmap and requirements
|
|
|
|
This document consolidates high level requirements and the public roadmap.
|
|
Implementation detail belongs in module architecture and ADRs.
|
|
|
|
System requirements (high level)
|
|
- Ingest SBOM formats: Trivy JSON, SPDX JSON, CycloneDX JSON.
|
|
- Auto detect SBOM type when missing.
|
|
- Cache and reuse layer analysis for delta scans.
|
|
- Enforce daily quota with HTTP 429 and reset at UTC midnight.
|
|
- Policy engine evaluates YAML rules and supports history.
|
|
- Hot load plugins without service restart.
|
|
- Offline first: no required internet access at runtime.
|
|
|
|
Non functional requirements (high level)
|
|
- Deterministic outputs and replayability.
|
|
- P95 cold scan and warm scan targets.
|
|
- TLS for inter service traffic.
|
|
- Observability for scan and policy metrics.
|
|
|
|
Roadmap
|
|
- Public milestones live on the project site.
|
|
|
|
Feature matrix (summary)
|
|
- Free tier includes core SBOM ingestion, policy, registry, and UI.
|
|
- Reachability DSSE and advanced attestation are staged.
|
|
- Offline update kits and sovereign crypto profiles are first class.
|
|
|
|
Related references
|
|
- docs/05_SYSTEM_REQUIREMENTS_SPEC.md
|
|
- docs/04_FEATURE_MATRIX.md
|
|
- docs/05_ROADMAP.md
|
|
- docs/03_VISION.md
|