d099a90f9b
- Added Program.cs to set up the web application with Serilog for logging, health check endpoints, and a placeholder admission endpoint. - Configured Kestrel server to use TLS 1.3 and handle client certificates appropriately. - Created StellaOps.Zastava.Webhook.csproj with necessary dependencies including Serilog and Polly. - Documented tasks in TASKS.md for the Zastava Webhook project, outlining current work and exit criteria for each task.
4.9 KiB
4.9 KiB
If you are working on this file you need to read docs/ARCHITECTURE_EXCITITOR.md and ./AGENTS.md).
TASKS
| Task | Owner(s) | Depends on | Notes |
|---|---|---|---|
| Bootstrap configuration fallback (env → appsettings{{.json/.yaml}}) | DevEx/CLI | Core | DONE – CLI loads API_KEY/STELLAOPS_BACKEND_URL from environment or local settings, defaulting to empty strings when unset. |
| Introduce command host & routing skeleton | DevEx/CLI | Configuration | DONE – System.CommandLine (v2.0.0-beta5) router stitched with scanner, scan, db, and config verbs. |
| Scanner artifact download/install commands | Ops Integrator | Backend contracts | DONE – scanner download caches bundles, validates SHA-256 (plus optional RSA signature), installs via docker load, persists metadata, and retries with exponential backoff. |
| Scan execution & result upload workflow | Ops Integrator, QA | Scanner cmd | DONE – scan run drives container scans against directories, emits artefacts in ResultsDirectory, auto-uploads on success, and scan upload covers manual retries. |
| Concelier DB operations passthrough | DevEx/CLI | Backend, Concelier APIs | DONE – `db fetch |
| CLI observability & tests | QA | Command host | DONE – Added console logging defaults & configuration bootstrap tests; future metrics hooks tracked separately. |
| Authority auth commands | DevEx/CLI | Auth libraries | DONE – auth login/logout/status wrap the shared auth client, manage token cache, and surface status messages. |
| Document authority workflow in CLI help & quickstart | Docs/CLI | Authority auth commands | DONE (2025-10-10) – CLI help now surfaces Authority config fields and docs/09 + docs/10 describe env vars, auth login/status flow, and cache location. |
| Authority whoami command | DevEx/CLI | Authority auth commands | DONE (2025-10-10) – Added auth whoami verb that displays subject/audience/expiry from cached tokens and handles opaque tokens gracefully. |
| Expose auth client resilience settings | DevEx/CLI | Auth libraries LIB5 | DONE (2025-10-10) – CLI options now bind resilience knobs, AddStellaOpsAuthClient honours them, and tests cover env overrides. |
| Document advanced Authority tuning | Docs/CLI | Expose auth client resilience settings | DONE (2025-10-10) – docs/09 and docs/10 describe retry/offline settings with env examples and point to the integration guide. |
| Surface password policy diagnostics in CLI output | DevEx/CLI, Security Guild | AUTHSEC-CRYPTO-02-004 | DONE (2025-10-15) – CLI startup runs the Authority plug-in analyzer, logs weakened password policy warnings with manifest paths, added unit tests (dotnet test src/StellaOps.Cli.Tests) and updated docs/09 with remediation guidance. |
EXCITITOR-CLI-01-001 – Add excititor command group |
DevEx/CLI | EXCITITOR-WEB-01-001 | DONE (2025-10-18) – Introduced excititor verbs (init/pull/resume/list-providers/export/verify/reconcile) with token-auth backend calls, provenance-friendly logging, and regression coverage. |
| EXCITITOR-CLI-01-002 – Export download & attestation UX | DevEx/CLI | EXCITITOR-CLI-01-001, EXCITITOR-EXPORT-01-001 | DONE (2025-10-19) – CLI export prints digest/size/Rekor metadata, --output downloads with SHA-256 verification + cache reuse, and unit coverage validated via dotnet test src/StellaOps.Cli.Tests. |
| EXCITITOR-CLI-01-003 – CLI docs & examples for Excititor | Docs/CLI | EXCITITOR-CLI-01-001 | DOING (2025-10-19) – Update docs/09_API_CLI_REFERENCE.md and quickstart snippets to cover Excititor verbs, offline guidance, and attestation verification workflow. |
| CLI-RUNTIME-13-005 – Runtime policy test verbs | DevEx/CLI | SCANNER-RUNTIME-12-302, ZASTAVA-WEBHOOK-12-102 | DONE (2025-10-19) – Added runtime policy test command (stdin/file support, JSON output), backend client method + typed models, verdict table output, docs/tests updated (dotnet test src/StellaOps.Cli.Tests). |
| CLI-OFFLINE-13-006 – Offline kit workflows | DevEx/CLI | DEVOPS-OFFLINE-14-002 | TODO – Implement offline kit pull/import/status commands with integrity checks, resumable downloads, and doc updates. |
| CLI-PLUGIN-13-007 – Plugin packaging | DevEx/CLI | CLI-RUNTIME-13-005, CLI-OFFLINE-13-006 | TODO – Package non-core verbs as restart-time plug-ins (manifest + loader updates, tests ensuring no hot reload). |
| CLI-RUNTIME-13-008 – Runtime policy contract sync | DevEx/CLI, Scanner WebService Guild | SCANNER-RUNTIME-12-302 | TODO – Once /api/v1/scanner/policy/runtime exits TODO, verify CLI output against final schema (field names, metadata) and update formatter/tests if the contract moves. Capture joint review notes in docs/09 and link Scanner task sign-off. |
| CLI-RUNTIME-13-009 – Runtime policy smoke fixture | DevEx/CLI, QA Guild | CLI-RUNTIME-13-005 | TODO – Build Spectre test harness exercising runtime policy test against a stubbed backend to lock output shape (table + --json) and guard regressions. Integrate into dotnet test suite. |