c11d87d252
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Export Center CI / export-ci (push) Has been cancelled
- Implement unit tests for RichGraphPublisher to verify graph publishing to CAS. - Implement unit tests for RichGraphWriter to ensure correct writing of canonical graphs and metadata. feat: Implement AOC Guard validation logic - Add AOC Guard validation logic to enforce document structure and field constraints. - Introduce violation codes for various validation errors. - Implement tests for AOC Guard to validate expected behavior. feat: Create Console Status API client and service - Implement ConsoleStatusClient for fetching console status and streaming run events. - Create ConsoleStatusService to manage console status polling and event subscriptions. - Add tests for ConsoleStatusClient to verify API interactions. feat: Develop Console Status component - Create ConsoleStatusComponent for displaying console status and run events. - Implement UI for showing status metrics and handling user interactions. - Add styles for console status display. test: Add tests for Console Status store - Implement tests for ConsoleStatusStore to verify event handling and state management.
1.9 KiB
1.9 KiB
Notifications Severity Transition Events (Web V)
Status
- Draft v0.1 (2025-12-01); to be confirmed at 2025-12-06 checkpoint with Notifications Guild.
Scope
- Event schema for severity transitions emitted by Web gateway to notifier bus (WEB-RISK-68-001).
- Traceability and audit linking for downstream consumers (Console, Observability).
Event Shape
event_type:severity.transition.v1tenant_id: string (slug/UUID)project_id: string | nullfinding_id: string (hash/UUID)risk_id: string | nullfrom_severity: enum [none,info,low,medium,high,critical]to_severity: enum (same as above)transition_reason: string (machine-friendly code)occurred_at: string (UTC ISO-8601)trace_id: string (ULID/UUID)correlation_id: string (UUID/ULID)actor: {subject: string,type:user|service}source:gatewayversion:v1
Delivery & QoS
- Bus topic:
notifications.severity.transition.v1. - At-least-once delivery; consumers must dedupe on
correlation_id + finding_id + to_severity. - Ordering: best-effort per
tenant_id; no cross-tenant ordering guarantee. - Retention: 7 days (proposed); DLQ on permanent failures with same schema plus
error.
Sample Payload
{
"event_type": "severity.transition.v1",
"tenant_id": "acme-tenant",
"project_id": "proj-ops",
"finding_id": "f-7e12d9",
"risk_id": "r-4421",
"from_severity": "medium",
"to_severity": "high",
"transition_reason": "exploit_seen",
"occurred_at": "2025-12-01T10:15:20Z",
"trace_id": "01HXYZABCD1234567890",
"correlation_id": "01HXYZABCD1234567890",
"actor": { "subject": "policy-svc", "type": "service" },
"source": "gateway",
"version": "v1"
}
Open Questions
- Confirm retention period and DLQ topic naming.
- Confirm whether VEX statement link/reference is required in payload.
- Confirm if per-tenant rate limits apply to this topic.