stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
d09ebd0b6471d7938b3b8ecba6e06c3768861dfb
git.stella-ops.org/docs/implplan/dependency_missing.csv
master d09ebd0b64
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Refactor sprint planning docs and add templates 
Updated AGENTS.md with implementation planning conventions and stream index. Refactored SPRINT_110_ingestion_evidence.md, SPRINT_125_mirror.md, and SPRINT_300_documentation_process.md to use a topic-oriented template, clarify dependencies, task boards, and checkpoint structure. Archived previous sprint details and added new templates and status snapshot files to docs/implplan.
2025-11-13 19:23:57 +02:00

45 KiB
Raw Blame History

1Sprint Task ID Status Missing dependency
2SPRINT_110_ingestion_evidence AIAI-31-008 TODO AIAI-31-006
3SPRINT_110_ingestion_evidence AIAI-31-008 TODO AIAI-31-007
4SPRINT_110_ingestion_evidence CONCELIER-AIAI-31-002 DOING CARTO-GRAPH-21-002
5SPRINT_110_ingestion_evidence CONCELIER-AIRGAP-56-001..58-001 TODO Evidence Locker attestation contract
6SPRINT_110_ingestion_evidence CONCELIER-AIRGAP-56-001..58-001 TODO Link-Not-Merge schema
7SPRINT_110_ingestion_evidence CONCELIER-ATTEST-73-001 TODO Evidence Locker contract
8SPRINT_110_ingestion_evidence CONCELIER-CONSOLE-23-001..003 TODO Link-Not-Merge schema
9SPRINT_110_ingestion_evidence EXCITITOR-AIAI-31-002 TODO Evidence Locker contract
10SPRINT_110_ingestion_evidence EXCITITOR-AIAI-31-002 TODO Link-Not-Merge schema
11SPRINT_110_ingestion_evidence EXCITITOR-AIRGAP-56 TODO Link-Not-Merge schema
12SPRINT_110_ingestion_evidence EXCITITOR-AIRGAP-56 TODO attestation plan
13SPRINT_110_ingestion_evidence EXCITITOR-ATTEST-01-003 TODO Evidence Locker contract
14SPRINT_110_ingestion_evidence EXCITITOR-CONN-TRUST-01-001 TODO Link-Not-Merge schema
15SPRINT_110_ingestion_evidence EXCITITOR-CONN-TRUST-01-001 TODO attestation plan
16SPRINT_110_ingestion_evidence FEEDCONN-ICSCISA-02-012 BLOCKED Feed owner remediation plan
17SPRINT_110_ingestion_evidence FEEDCONN-KISA-02-008 BLOCKED Feed owner remediation plan
18SPRINT_110_ingestion_evidence MIRROR-CRT-56-001 TODO Staffing decision
19SPRINT_120_policy_reasoning LEDGER-29-007 TODO Instrument metrics (`ledger_write_latency`
20SPRINT_120_policy_reasoning LEDGER-29-007 TODO LEDGER-29-006
21SPRINT_120_policy_reasoning LEDGER-29-007 TODO Merkle anchoring alerts
22SPRINT_120_policy_reasoning LEDGER-29-007 TODO `ledger_events_total`)
23SPRINT_120_policy_reasoning LEDGER-29-007 TODO `projection_lag_seconds`
24SPRINT_120_policy_reasoning LEDGER-29-007 TODO structured logs
25SPRINT_120_policy_reasoning LEDGER-29-008 TODO Develop unit/property/integration tests
26SPRINT_120_policy_reasoning LEDGER-29-008 TODO determinism harness
27SPRINT_120_policy_reasoning LEDGER-29-008 TODO replay/restore tooling
28SPRINT_120_policy_reasoning LEDGER-29-009 TODO Merkle anchor externalization (optional)
29SPRINT_120_policy_reasoning LEDGER-29-009 TODO Provide deployment manifests (Helm/Compose)
30SPRINT_120_policy_reasoning LEDGER-29-009 TODO backup/restore guidance
31SPRINT_120_policy_reasoning LEDGER-34-101 TODO Link orchestrator run ledger exports into Findings Ledger provenance chain
32SPRINT_120_policy_reasoning LEDGER-34-101 TODO index by artifact hash
33SPRINT_120_policy_reasoning LEDGER-AIRGAP-56-001 TODO Record bundle provenance (`bundle_id`
34SPRINT_120_policy_reasoning LEDGER-AIRGAP-56-001 TODO `merkle_root`
35SPRINT_120_policy_reasoning LEDGER-AIRGAP-56-001 TODO `time_anchor`) on ledger events for advisories/VEX/policies imported via Mirror Bundles
36SPRINT_120_policy_reasoning LEDGER-AIRGAP-56-002 TODO Surface staleness metrics for findings
37SPRINT_120_policy_reasoning LEDGER-AIRGAP-56-002 TODO block risk-critical exports when stale beyond thresholds
38SPRINT_120_policy_reasoning LEDGER-AIRGAP-57-001 TODO Link findings evidence snapshots to portable evidence bundles
39SPRINT_120_policy_reasoning LEDGER-AIRGAP-58-001 TODO Emit timeline events for bundle import impacts (new findings
40SPRINT_120_policy_reasoning LEDGER-ATTEST-73-001 TODO Persist pointers from findings to verification reports
41SPRINT_120_policy_reasoning LEDGER-ATTEST-73-001 TODO attestation envelopes for explainability
42SPRINT_121_policy_reasoning LEDGER-ATTEST-73-002 TODO Enable search/filter in findings projections by verification result
43SPRINT_121_policy_reasoning LEDGER-EXPORT-35-001 TODO Provide paginated streaming endpoints for advisories
44SPRINT_121_policy_reasoning LEDGER-EXPORT-35-001 TODO SBOMs
45SPRINT_121_policy_reasoning LEDGER-EXPORT-35-001 TODO VEX
46SPRINT_121_policy_reasoning LEDGER-EXPORT-35-001 TODO findings aligned with export filters
47SPRINT_121_policy_reasoning LEDGER-EXPORT-35-001 TODO including deterministic ordering
48SPRINT_121_policy_reasoning LEDGER-EXPORT-35-001 TODO provenance metadata
49SPRINT_121_policy_reasoning LEDGER-OAS-61-001 TODO Expand Findings Ledger OAS to include projections
50SPRINT_121_policy_reasoning LEDGER-OAS-61-001 TODO evidence lookups
51SPRINT_121_policy_reasoning LEDGER-OAS-61-001 TODO filter parameters with examples
52SPRINT_121_policy_reasoning LEDGER-OAS-61-002 TODO Implement `/.well-known/openapi` endpoint
53SPRINT_121_policy_reasoning LEDGER-OAS-62-001 TODO Provide SDK test cases for findings pagination
54SPRINT_121_policy_reasoning LEDGER-OAS-62-001 TODO evidence links
55SPRINT_121_policy_reasoning LEDGER-OAS-62-001 TODO filtering
56SPRINT_121_policy_reasoning LEDGER-OAS-63-001 TODO Support deprecation headers
57SPRINT_121_policy_reasoning LEDGER-OBS-50-001 TODO Integrate telemetry core within ledger writer/projector services
58SPRINT_121_policy_reasoning LEDGER-OBS-50-001 TODO emitting structured logs
59SPRINT_121_policy_reasoning LEDGER-OBS-50-001 TODO projector replay
60SPRINT_121_policy_reasoning LEDGER-OBS-50-001 TODO query APIs with tenant context
61SPRINT_121_policy_reasoning LEDGER-OBS-50-001 TODO trace spans for ledger append
62SPRINT_121_policy_reasoning LEDGER-OBS-51-001 TODO Publish metrics for ledger latency
63SPRINT_121_policy_reasoning LEDGER-OBS-51-001 TODO event throughput
64SPRINT_121_policy_reasoning LEDGER-OBS-51-001 TODO policy evaluation linkage. Define SLOs (ledger append P95 < 1s
65SPRINT_121_policy_reasoning LEDGER-OBS-51-001 TODO projector lag
66SPRINT_121_policy_reasoning LEDGER-OBS-51-001 TODO replay lag < 30s) with burn-rate alerts
67SPRINT_121_policy_reasoning LEDGER-OBS-52-001 TODO Emit timeline events for ledger writes
68SPRINT_121_policy_reasoning LEDGER-OBS-52-001 TODO `ledger.projection.updated`) with trace ID
69SPRINT_121_policy_reasoning LEDGER-OBS-52-001 TODO policy version
70SPRINT_121_policy_reasoning LEDGER-OBS-52-001 TODO projector commits (`ledger.event.appended`
71SPRINT_121_policy_reasoning LEDGER-OBS-53-001 TODO Persist evidence bundle references (evaluation/job capsules) alongside ledger entries
72SPRINT_121_policy_reasoning LEDGER-OBS-53-001 TODO exposing lookup API linking findings to evidence manifests
73SPRINT_121_policy_reasoning LEDGER-OBS-54-001 TODO Verify attestation references for ledger-derived exports
74SPRINT_121_policy_reasoning LEDGER-OBS-54-001 TODO expose `/ledger/attestations` endpoint returning DSSE verification state
75SPRINT_121_policy_reasoning LEDGER-OBS-55-001 TODO Enhance incident mode to record additional replay diagnostics (lag traces
76SPRINT_121_policy_reasoning LEDGER-OBS-55-001 TODO conflict snapshots)
77SPRINT_121_policy_reasoning LEDGER-PACKS-42-001 TODO CLI offline mode
78SPRINT_121_policy_reasoning LEDGER-PACKS-42-001 TODO Provide snapshot/time-travel APIs
79SPRINT_121_policy_reasoning LEDGER-PACKS-42-001 TODO digestable exports for task pack simulation
80SPRINT_121_policy_reasoning LEDGER-RISK-66-001 TODO Add schema migrations for `risk_score`
81SPRINT_121_policy_reasoning LEDGER-RISK-66-001 TODO `explanation_id`
82SPRINT_121_policy_reasoning LEDGER-RISK-66-001 TODO `profile_version`
83SPRINT_121_policy_reasoning LEDGER-RISK-66-001 TODO `risk_severity`
84SPRINT_121_policy_reasoning LEDGER-RISK-66-001 TODO supporting indexes
85SPRINT_122_policy_reasoning LEDGER-RISK-67-001 TODO Expose query APIs for scored findings with score/severity filters
86SPRINT_122_policy_reasoning LEDGER-RISK-67-001 TODO pagination
87SPRINT_122_policy_reasoning LEDGER-RISK-68-001 TODO Enable export of scored findings
88SPRINT_122_policy_reasoning LEDGER-RISK-69-001 TODO Emit metrics/dashboards for scoring latency
89SPRINT_122_policy_reasoning LEDGER-RISK-69-001 TODO result freshness
90SPRINT_122_policy_reasoning LEDGER-RISK-69-001 TODO severity distribution
91SPRINT_122_policy_reasoning LEDGER-TEN-48-001 TODO Partition ledger tables by tenant/project
92SPRINT_122_policy_reasoning LEDGER-TEN-48-001 TODO enable RLS
93SPRINT_122_policy_reasoning LEDGER-TEN-48-001 TODO stamp audit metadata
94SPRINT_122_policy_reasoning LEDGER-TEN-48-001 TODO update queries/events
95SPRINT_123_policy_reasoning EXPORT-CONSOLE-23-001 TODO Build evidence bundle/export generator producing signed manifests
96SPRINT_123_policy_reasoning EXPORT-CONSOLE-23-001 TODO CSV/JSON replay endpoints
97SPRINT_123_policy_reasoning EXPORT-CONSOLE-23-001 TODO expose progress telemetry
98SPRINT_123_policy_reasoning EXPORT-CONSOLE-23-001 TODO integrate with scheduler jobs
99SPRINT_123_policy_reasoning EXPORT-CONSOLE-23-001 TODO trace attachments
100SPRINT_123_policy_reasoning POLICY-AIRGAP-56-001 TODO Support policy pack imports from Mirror Bundles
101SPRINT_123_policy_reasoning POLICY-AIRGAP-56-001 TODO ensure deterministic caching
102SPRINT_123_policy_reasoning POLICY-AIRGAP-56-001 TODO track `bundle_id` metadata
103SPRINT_123_policy_reasoning POLICY-AIRGAP-57-001 TODO Enforce sealed-mode guardrails in evaluation (no outbound fetch)
104SPRINT_123_policy_reasoning POLICY-AIRGAP-57-002 TODO Annotate rule explanations with staleness information
105SPRINT_123_policy_reasoning POLICY-AIRGAP-57-002 TODO fallback data (cached EPSS
106SPRINT_123_policy_reasoning POLICY-AOC-19-001 TODO Add Roslyn/CI lint preventing ingestion projects from referencing Policy merge/severity helpers
107SPRINT_123_policy_reasoning POLICY-AOC-19-001 TODO block forbidden writes at compile time
108SPRINT_123_policy_reasoning POLICY-AOC-19-003 TODO Update readers/processors to consume only `content.raw`
109SPRINT_123_policy_reasoning POLICY-AOC-19-003 TODO `identifiers`
110SPRINT_123_policy_reasoning POLICY-AOC-19-003 TODO `linkset`. Remove dependencies on legacy normalized fields
111SPRINT_123_policy_reasoning POLICY-AOC-19-004 TODO Add regression tests ensuring policy derived outputs remain deterministic when ingesting revised raw docs (supersedes)
112SPRINT_123_policy_reasoning POLICY-ATTEST-73-001 TODO Introduce VerificationPolicy object: schema
113SPRINT_123_policy_reasoning POLICY-ATTEST-73-001 TODO lifecycle
114SPRINT_123_policy_reasoning POLICY-ATTEST-73-001 TODO persistence
115SPRINT_123_policy_reasoning POLICY-ATTEST-73-001 TODO versioning
116SPRINT_123_policy_reasoning POLICY-ATTEST-73-002 TODO Provide Policy Studio editor with validation
117SPRINT_123_policy_reasoning POLICY-ATTEST-73-002 TODO dry-run simulation
118SPRINT_123_policy_reasoning POLICY-ATTEST-74-001 TODO Integrate verification policies into attestor verification pipeline with caching
119SPRINT_123_policy_reasoning POLICY-CONSOLE-23-001 TODO Optimize findings/explain APIs for Console: cursor-based pagination at scale
120SPRINT_123_policy_reasoning POLICY-CONSOLE-23-001 TODO aggregation hints for dashboard cards. Ensure deterministic ordering
121SPRINT_123_policy_reasoning POLICY-CONSOLE-23-001 TODO expose provenance refs
122SPRINT_123_policy_reasoning POLICY-CONSOLE-23-001 TODO global filter parameters (severity bands
123SPRINT_123_policy_reasoning POLICY-CONSOLE-23-001 TODO policy version
124SPRINT_123_policy_reasoning POLICY-CONSOLE-23-001 TODO rule trace summarization
125SPRINT_123_policy_reasoning POLICY-CONSOLE-23-001 TODO time window)
126SPRINT_124_policy_reasoning POLICY-CONSOLE-23-002 TODO Produce simulation diff metadata (before/after counts
127SPRINT_124_policy_reasoning POLICY-CONSOLE-23-002 TODO approval state endpoints consumed by Console policy workspace
128SPRINT_124_policy_reasoning POLICY-CONSOLE-23-002 TODO rule impact summaries)
129SPRINT_124_policy_reasoning POLICY-CONSOLE-23-002 TODO severity deltas
130SPRINT_124_policy_reasoning POLICY-ENGINE-20-002 BLOCKED Build deterministic evaluator honoring lexical/priority order
131SPRINT_124_policy_reasoning POLICY-ENGINE-20-002 BLOCKED first-match semantics
132SPRINT_124_policy_reasoning POLICY-ENGINE-20-002 BLOCKED safe value types (no wall-clock/network access)
133SPRINT_124_policy_reasoning POLICY-ENGINE-20-003 TODO Implement selection joiners resolving SBOM↔advisory↔VEX tuples using linksets
134SPRINT_124_policy_reasoning POLICY-ENGINE-20-003 TODO PURL equivalence tables
135SPRINT_124_policy_reasoning POLICY-ENGINE-20-004 TODO Ship materialization writer that upserts into `effective_finding_{policyId}` with append-only history
136SPRINT_124_policy_reasoning POLICY-ENGINE-20-004 TODO tenant scoping
137SPRINT_124_policy_reasoning POLICY-ENGINE-20-005 TODO Enforce determinism guard banning wall-clock
138SPRINT_124_policy_reasoning POLICY-ENGINE-20-005 TODO RNG
139SPRINT_124_policy_reasoning POLICY-ENGINE-20-006 TODO Implement incremental orchestrator reacting to advisory/vex/SBOM change streams
140SPRINT_124_policy_reasoning POLICY-ENGINE-20-007 TODO Emit structured traces/logs of rule hits with sampling controls
141SPRINT_124_policy_reasoning POLICY-ENGINE-20-007 TODO `vex_overrides_total`)
142SPRINT_124_policy_reasoning POLICY-ENGINE-20-007 TODO metrics (`rules_fired_total`
143SPRINT_124_policy_reasoning POLICY-ENGINE-20-008 TODO Add unit/property/golden/perf suites covering policy compilation
144SPRINT_124_policy_reasoning POLICY-ENGINE-20-008 TODO determinism
145SPRINT_124_policy_reasoning POLICY-ENGINE-20-008 TODO evaluation correctness
146SPRINT_124_policy_reasoning POLICY-ENGINE-20-009 TODO Define Mongo schemas/indexes for `policies`
147SPRINT_124_policy_reasoning POLICY-ENGINE-20-009 TODO `effective_finding_*`
148SPRINT_124_policy_reasoning POLICY-ENGINE-20-009 TODO `policy_runs`
149SPRINT_124_policy_reasoning POLICY-ENGINE-20-009 TODO implement migrations
150SPRINT_124_policy_reasoning POLICY-ENGINE-27-001 TODO Extend compile outputs to include rule coverage metadata
151SPRINT_124_policy_reasoning POLICY-ENGINE-27-001 TODO inline documentation
152SPRINT_124_policy_reasoning POLICY-ENGINE-27-001 TODO rule index for editor autocomplete
153SPRINT_124_policy_reasoning POLICY-ENGINE-27-001 TODO symbol table
154SPRINT_124_policy_reasoning POLICY-ENGINE-27-002 TODO Enhance simulate endpoints to emit rule firing counts
155SPRINT_124_policy_reasoning POLICY-ENGINE-27-002 TODO heatmap aggregates
156SPRINT_124_policy_reasoning POLICY-ENGINE-27-002 TODO sampled explain traces with deterministic ordering
157SPRINT_124_policy_reasoning POLICY-ENGINE-29-001 TODO Implement batch evaluation endpoint (`POST /policy/eval/batch`) returning determinations + rationale chain for sets of `(artifact
158SPRINT_124_policy_reasoning POLICY-ENGINE-29-001 TODO POLICY-ENGINE-27-004
159SPRINT_124_policy_reasoning POLICY-ENGINE-29-001 TODO advisory)` tuples
160SPRINT_124_policy_reasoning POLICY-ENGINE-29-001 TODO purl
161SPRINT_124_policy_reasoning POLICY-ENGINE-29-001 TODO support pagination
162SPRINT_124_policy_reasoning POLICY-ENGINE-29-001 TODO version
163SPRINT_124_policy_reasoning POLICY-ENGINE-29-002 TODO Provide streaming simulation API comparing two policy versions
164SPRINT_124_policy_reasoning POLICY-ENGINE-29-002 TODO returning per-finding deltas without writes
165SPRINT_125_mirror MIRROR-CRT-56-001 TODO Staffing decision
166SPRINT_125_policy_reasoning POLICY-ENGINE-29-003 TODO Surface path/scope awareness in determinations (signal optional/dev/test downgrade
167SPRINT_125_policy_reasoning POLICY-ENGINE-29-004 TODO Add metrics/logs for batch evaluation (latency
168SPRINT_125_policy_reasoning POLICY-ENGINE-29-004 TODO queue depth)
169SPRINT_125_policy_reasoning POLICY-ENGINE-29-004 TODO simulation diff counts
170SPRINT_125_policy_reasoning POLICY-ENGINE-30-001 TODO Define overlay contract for graph nodes/edges (status
171SPRINT_125_policy_reasoning POLICY-ENGINE-30-001 TODO expose projection API for Cartographer
172SPRINT_125_policy_reasoning POLICY-ENGINE-30-001 TODO path relevance)
173SPRINT_125_policy_reasoning POLICY-ENGINE-30-001 TODO rationale refs
174SPRINT_125_policy_reasoning POLICY-ENGINE-30-001 TODO severity
175SPRINT_125_policy_reasoning POLICY-ENGINE-30-002 TODO Implement simulation bridge returning on-the-fly overlays for Cartographer/Graph Explorer when invoking Policy Engine simulate
176SPRINT_125_policy_reasoning POLICY-ENGINE-30-002 TODO ensure no writes
177SPRINT_125_policy_reasoning POLICY-ENGINE-30-101 TODO Surface trust weighting configuration (issuer base weights
178SPRINT_125_policy_reasoning POLICY-ENGINE-30-101 TODO recency decay
179SPRINT_125_policy_reasoning POLICY-ENGINE-30-101 TODO scope adjustments) for VEX Lens via Policy Studio + API
180SPRINT_125_policy_reasoning POLICY-ENGINE-30-101 TODO signature modifiers
181SPRINT_125_policy_reasoning POLICY-ENGINE-31-001 TODO Expose policy knobs for Advisory AI (trust presets
182SPRINT_125_policy_reasoning POLICY-ENGINE-31-001 TODO TTLs) via Policy Studio
183SPRINT_125_policy_reasoning POLICY-ENGINE-31-001 TODO plan ranking weights
184SPRINT_125_policy_reasoning POLICY-ENGINE-31-001 TODO temperature
185SPRINT_125_policy_reasoning POLICY-ENGINE-31-001 TODO token limits
186SPRINT_125_policy_reasoning POLICY-ENGINE-31-002 TODO Provide batch endpoint delivering policy context (thresholds
187SPRINT_125_policy_reasoning POLICY-ENGINE-32-101 TODO Define orchestrator `policy_eval` job schema
188SPRINT_125_policy_reasoning POLICY-ENGINE-32-101 TODO idempotency keys
189SPRINT_125_policy_reasoning POLICY-ENGINE-33-101 TODO Implement orchestrator-driven policy evaluation workers using SDK heartbeats
190SPRINT_125_policy_reasoning POLICY-ENGINE-33-101 TODO respecting throttles
191SPRINT_125_policy_reasoning POLICY-ENGINE-34-101 TODO Publish policy run ledger exports + SLO burn-rate metrics to orchestrator
192SPRINT_125_policy_reasoning POLICY-ENGINE-35-201 TODO Expose deterministic policy snapshot API
193SPRINT_125_policy_reasoning POLICY-ENGINE-38-201 TODO Emit enriched policy violation events (decision rationale ids
194SPRINT_125_policy_reasoning POLICY-ENGINE-40-001 TODO Update severity/status evaluation pipelines to consume multiple source severities per linkset
195SPRINT_125_policy_reasoning POLICY-ENGINE-40-001 TODO preferred source
196SPRINT_125_policy_reasoning POLICY-ENGINE-40-001 TODO supporting selection strategies (max
197SPRINT_125_policy_reasoning POLICY-ENGINE-40-002 TODO Accept VEX linkset conflicts
198SPRINT_125_policy_reasoning POLICY-ENGINE-40-002 TODO provide rationale references in effective findings
199SPRINT_126_policy_reasoning POLICY-ENGINE-40-003 TODO Graph Explorer) to request policy decisions with source evidence summaries (top severity sources
200SPRINT_126_policy_reasoning POLICY-ENGINE-40-003 TODO Provide API/SDK utilities for consumers (Web Scanner
201SPRINT_126_policy_reasoning POLICY-ENGINE-50-001 TODO Implement SPL compiler: validate YAML
202SPRINT_126_policy_reasoning POLICY-ENGINE-50-001 TODO canonicalize
203SPRINT_126_policy_reasoning POLICY-ENGINE-50-001 TODO produce signed bundle
204SPRINT_126_policy_reasoning POLICY-ENGINE-50-001 TODO store artifact in object storage
205SPRINT_126_policy_reasoning POLICY-ENGINE-50-002 TODO Build runtime evaluator executing compiled plans over advisory/vex linksets + SBOM asset metadata with deterministic caching (Redis)
206SPRINT_126_policy_reasoning POLICY-ENGINE-50-003 TODO Implement evaluation/compilation metrics
207SPRINT_126_policy_reasoning POLICY-ENGINE-50-003 TODO `policy_compiles_total`
208SPRINT_126_policy_reasoning POLICY-ENGINE-50-003 TODO structured logs (`policy_eval_seconds`
209SPRINT_126_policy_reasoning POLICY-ENGINE-50-003 TODO tracing
210SPRINT_126_policy_reasoning POLICY-ENGINE-50-004 TODO Build event pipeline: subscribe to linkset/SBOM updates
211SPRINT_126_policy_reasoning POLICY-ENGINE-50-004 TODO schedule re-eval jobs
212SPRINT_126_policy_reasoning POLICY-ENGINE-50-005 TODO Design
213SPRINT_126_policy_reasoning POLICY-ENGINE-50-005 TODO TTL
214SPRINT_126_policy_reasoning POLICY-ENGINE-50-005 TODO `policy_artifacts` collections with indexes
215SPRINT_126_policy_reasoning POLICY-ENGINE-50-005 TODO `policy_revisions`
216SPRINT_126_policy_reasoning POLICY-ENGINE-50-005 TODO `policy_runs`
217SPRINT_126_policy_reasoning POLICY-ENGINE-50-005 TODO implement `policy_packs`
218SPRINT_126_policy_reasoning POLICY-ENGINE-50-006 TODO Implement explainer persistence + retrieval APIs linking decisions to explanation tree
219SPRINT_126_policy_reasoning POLICY-ENGINE-50-007 TODO Provide evaluation worker host/DI wiring
220SPRINT_126_policy_reasoning POLICY-ENGINE-60-001 TODO Maintain Redis effective decision maps per asset/snapshot for Graph overlays
221SPRINT_126_policy_reasoning POLICY-ENGINE-60-001 TODO implement versioning
222SPRINT_126_policy_reasoning POLICY-ENGINE-60-002 TODO Expose simulation bridge for Graph What-if APIs
223SPRINT_126_policy_reasoning POLICY-ENGINE-60-002 TODO supporting hypothetical SBOM diffs
224SPRINT_126_policy_reasoning POLICY-ENGINE-70-002 TODO Design
225SPRINT_126_policy_reasoning POLICY-ENGINE-70-002 TODO `exception_bindings`) with indexes
226SPRINT_126_policy_reasoning POLICY-ENGINE-70-002 TODO `exception_reviews`
227SPRINT_126_policy_reasoning POLICY-ENGINE-70-002 TODO create Mongo collections (`exceptions`
228SPRINT_126_policy_reasoning POLICY-ENGINE-70-002 TODO migrations
229SPRINT_126_policy_reasoning POLICY-ENGINE-70-004 TODO Extend metrics/tracing/logging for exception application (latency
230SPRINT_126_policy_reasoning POLICY-ENGINE-70-004 TODO counts
231SPRINT_126_policy_reasoning POLICY-ENGINE-70-004 TODO expiring events)
232SPRINT_126_policy_reasoning POLICY-ENGINE-70-005 TODO Provide APIs/workers hook for exception activation/expiry (auto start/end)
233SPRINT_126_policy_reasoning POLICY-ENGINE-80-001 TODO Integrate reachability/exploitability inputs into evaluation pipeline (state/score/confidence) with caching
234SPRINT_126_policy_reasoning POLICY-RISK-90-001 TODO Ingest entropy penalty inputs from Scanner (`entropy.report.json`
235SPRINT_126_policy_reasoning POLICY-RISK-90-001 TODO `layer_summary.json`)
236SPRINT_126_policy_reasoning POLICY-RISK-90-001 TODO expose explanations/metrics for opaque ratio penalties (`docs/modules/scanner/entropy.md`).
237SPRINT_126_policy_reasoning POLICY-RISK-90-001 TODO extend trust algebra with configurable weights/caps
238SPRINT_127_policy_reasoning POLICY-ENGINE-80-002 TODO Create joining layer to read `reachability_facts` efficiently (indexes
239SPRINT_127_policy_reasoning POLICY-ENGINE-80-002 TODO projections)
240SPRINT_127_policy_reasoning POLICY-ENGINE-80-003 TODO Extend SPL predicates/actions to reference reachability state/score/confidence
241SPRINT_127_policy_reasoning POLICY-ENGINE-80-004 TODO Emit metrics (`policy_reachability_applied_total`
242SPRINT_127_policy_reasoning POLICY-ENGINE-80-004 TODO `policy_reachability_cache_hit_ratio`)
243SPRINT_127_policy_reasoning POLICY-OBS-50-001 TODO Integrate telemetry core into policy API + worker hosts
244SPRINT_127_policy_reasoning POLICY-OBS-50-001 TODO `decision_effect`
245SPRINT_127_policy_reasoning POLICY-OBS-50-001 TODO `policy_version`
246SPRINT_127_policy_reasoning POLICY-OBS-50-001 TODO ensuring spans/logs cover compile/evaluate flows with `tenant_id`
247SPRINT_127_policy_reasoning POLICY-OBS-50-001 TODO trace IDs
248SPRINT_127_policy_reasoning POLICY-OBS-51-001 TODO Emit golden-signal metrics (compile latency
249SPRINT_127_policy_reasoning POLICY-OBS-51-001 TODO evaluate latency
250SPRINT_127_policy_reasoning POLICY-OBS-51-001 TODO override counts)
251SPRINT_127_policy_reasoning POLICY-OBS-51-001 TODO rule hits
252SPRINT_127_policy_reasoning POLICY-OBS-52-001 TODO Emit timeline events `policy.evaluate.started`
253SPRINT_127_policy_reasoning POLICY-OBS-52-001 TODO `policy.decision.recorded` with trace IDs
254SPRINT_127_policy_reasoning POLICY-OBS-52-001 TODO `policy.evaluate.completed`
255SPRINT_127_policy_reasoning POLICY-OBS-52-001 TODO input digests
256SPRINT_127_policy_reasoning POLICY-OBS-52-001 TODO rule summary. Provide contract tests
257SPRINT_127_policy_reasoning POLICY-OBS-53-001 TODO Produce evaluation evidence bundles (inputs slice
258SPRINT_127_policy_reasoning POLICY-OBS-53-001 TODO config snapshot) through evidence locker integration
259SPRINT_127_policy_reasoning POLICY-OBS-53-001 TODO engine version
260SPRINT_127_policy_reasoning POLICY-OBS-53-001 TODO rule trace
261SPRINT_127_policy_reasoning POLICY-OBS-54-001 TODO Generate DSSE attestations for evaluation outputs
262SPRINT_127_policy_reasoning POLICY-OBS-54-001 TODO expose `/evaluations/{id}/attestation`
263SPRINT_127_policy_reasoning POLICY-OBS-55-001 TODO Implement incident mode sampling overrides (full rule trace capture
264SPRINT_127_policy_reasoning POLICY-OBS-55-001 TODO extended retention) with auto-activation on SLO breach
265SPRINT_127_policy_reasoning POLICY-RISK-66-001 TODO Develop initial JSON Schema for RiskProfile (signals
266SPRINT_127_policy_reasoning POLICY-RISK-66-001 TODO overrides) with validator stubs
267SPRINT_127_policy_reasoning POLICY-RISK-66-001 TODO severity
268SPRINT_127_policy_reasoning POLICY-RISK-66-001 TODO transforms
269SPRINT_127_policy_reasoning POLICY-RISK-66-001 TODO weights
270SPRINT_127_policy_reasoning POLICY-RISK-66-002 TODO Implement inheritance/merge logic with conflict detection
271SPRINT_127_policy_reasoning POLICY-RISK-66-003 TODO Integrate RiskProfile schema into Policy Engine configuration
272SPRINT_127_policy_reasoning POLICY-RISK-66-003 TODO ensuring validation
273SPRINT_127_policy_reasoning POLICY-RISK-66-004 TODO Extend Policy libraries to load/save RiskProfile documents
274SPRINT_127_policy_reasoning POLICY-RISK-66-004 TODO compute content hashes
275SPRINT_127_policy_reasoning POLICY-RISK-67-001 TODO Integrate profile storage
276SPRINT_128_policy_reasoning POLICY-RISK-67-002 TODO Implement profile lifecycle APIs (`/risk/profiles` create/publish/deprecate)
277SPRINT_128_policy_reasoning POLICY-RISK-67-002 TODO Publish `.well-known/risk-profile-schema` endpoint
278SPRINT_128_policy_reasoning POLICY-RISK-67-003 TODO Provide policy-layer APIs to trigger risk simulations
279SPRINT_128_policy_reasoning POLICY-RISK-68-001 TODO Implement scope selectors
280SPRINT_128_policy_reasoning POLICY-RISK-68-001 TODO Provide simulation API bridging Policy Studio with risk engine
281SPRINT_128_policy_reasoning POLICY-RISK-68-001 TODO precedence rules
282SPRINT_128_policy_reasoning POLICY-RISK-68-001 TODO returns distributions
283SPRINT_128_policy_reasoning POLICY-RISK-68-002 TODO Add override/adjustment support with audit metadata
284SPRINT_128_policy_reasoning POLICY-RISK-69-001 TODO Emit events/notifications on profile publish
285SPRINT_128_policy_reasoning POLICY-RISK-69-001 TODO deprecate
286SPRINT_128_policy_reasoning POLICY-SPL-23-001 TODO Define SPL v1 YAML + JSON Schema
287SPRINT_128_policy_reasoning POLICY-SPL-23-001 TODO VEX precedence
288SPRINT_128_policy_reasoning POLICY-SPL-23-001 TODO exceptions
289SPRINT_128_policy_reasoning POLICY-SPL-23-001 TODO including advisory rules
290SPRINT_128_policy_reasoning POLICY-SPL-23-001 TODO layering metadata. Publish schema resources
291SPRINT_128_policy_reasoning POLICY-SPL-23-001 TODO severity mapping
292SPRINT_128_policy_reasoning POLICY-SPL-23-001 TODO validation fixtures
293SPRINT_128_policy_reasoning POLICY-SPL-23-002 TODO Implement canonicalizer that normalizes policy packs (ordering
294SPRINT_128_policy_reasoning POLICY-SPL-23-002 TODO computes content hash
295SPRINT_128_policy_reasoning POLICY-SPL-23-002 TODO defaults)
296SPRINT_128_policy_reasoning POLICY-SPL-23-003 TODO Build policy layering/override engine (global/org/project/env/exception) with field-level precedence matrices
297SPRINT_128_policy_reasoning POLICY-SPL-23-004 TODO Design explanation tree model (rule hits
298SPRINT_128_policy_reasoning POLICY-SPL-23-004 TODO UI
299SPRINT_128_policy_reasoning POLICY-SPL-23-004 TODO decisions)
300SPRINT_128_policy_reasoning POLICY-SPL-23-004 TODO inputs
301SPRINT_128_policy_reasoning POLICY-SPL-23-004 TODO persistence structures reused by runtime
302SPRINT_128_policy_reasoning POLICY-SPL-23-005 TODO Create migration tool to snapshot existing behavior into baseline SPL packs (`org.core.baseline`)
303SPRINT_128_policy_reasoning POLICY-SPL-23-005 TODO including policy docs
304SPRINT_128_policy_reasoning POLICY-SPL-24-001 TODO Extend SPL schema to expose reachability/exploitability predicates
305SPRINT_128_policy_reasoning POLICY-SPL-24-001 TODO update documentation
306SPRINT_128_policy_reasoning POLICY-SPL-24-001 TODO weighting functions
307SPRINT_129_policy_reasoning POLICY-TEN-48-001 TODO Add `tenant_id`/`project_id` columns
308SPRINT_129_policy_reasoning POLICY-TEN-48-001 TODO emit rationale IDs including tenant metadata
309SPRINT_129_policy_reasoning POLICY-TEN-48-001 TODO enable RLS
310SPRINT_129_policy_reasoning POLICY-TEN-48-001 TODO update evaluators to require tenant context
311SPRINT_129_policy_reasoning REGISTRY-API-27-001 TODO Define OpenAPI specification covering workspaces
312SPRINT_129_policy_reasoning REGISTRY-API-27-001 TODO attestations
313SPRINT_129_policy_reasoning REGISTRY-API-27-001 TODO promotions
314SPRINT_129_policy_reasoning REGISTRY-API-27-001 TODO publish typed clients for Console/CLI
315SPRINT_129_policy_reasoning REGISTRY-API-27-001 TODO reviews
316SPRINT_129_policy_reasoning REGISTRY-API-27-001 TODO simulations
317SPRINT_129_policy_reasoning REGISTRY-API-27-001 TODO versions
318SPRINT_129_policy_reasoning REGISTRY-API-27-002 TODO Implement workspace storage (Mongo collections
319SPRINT_129_policy_reasoning REGISTRY-API-27-002 TODO diff history
320SPRINT_129_policy_reasoning REGISTRY-API-27-002 TODO object storage buckets) with CRUD endpoints
321SPRINT_129_policy_reasoning REGISTRY-API-27-003 TODO Integrate compile endpoint: forward source bundle to Policy Engine
322SPRINT_129_policy_reasoning REGISTRY-API-27-003 TODO persist diagnostics
323SPRINT_129_policy_reasoning REGISTRY-API-27-003 TODO rule index
324SPRINT_129_policy_reasoning REGISTRY-API-27-003 TODO symbol table
325SPRINT_129_policy_reasoning REGISTRY-API-27-004 TODO Implement quick simulation API with request limits (sample size
326SPRINT_129_policy_reasoning REGISTRY-API-27-004 TODO heatmap
327SPRINT_129_policy_reasoning REGISTRY-API-27-004 TODO returning counts
328SPRINT_129_policy_reasoning REGISTRY-API-27-004 TODO timeouts)
329SPRINT_129_policy_reasoning REGISTRY-API-27-005 TODO Build batch simulation orchestration: enqueue shards
330SPRINT_129_policy_reasoning REGISTRY-API-27-005 TODO collect partials
331SPRINT_129_policy_reasoning REGISTRY-API-27-005 TODO reduce deltas
332SPRINT_129_policy_reasoning REGISTRY-API-27-006 TODO Implement review workflow (comments
333SPRINT_129_policy_reasoning REGISTRY-API-27-006 TODO required approvers
334SPRINT_129_policy_reasoning REGISTRY-API-27-006 TODO status transitions) with audit trails
335SPRINT_129_policy_reasoning REGISTRY-API-27-006 TODO votes
336SPRINT_129_policy_reasoning REGISTRY-API-27-007 TODO Implement publish pipeline: sign source/compiled digests
337SPRINT_129_policy_reasoning REGISTRY-API-27-007 TODO create attestations
338SPRINT_129_policy_reasoning REGISTRY-API-27-007 TODO mark version immutable
339SPRINT_129_policy_reasoning REGISTRY-API-27-008 TODO Implement promotion bindings per tenant/environment with canary subsets
340SPRINT_129_policy_reasoning REGISTRY-API-27-008 TODO rollback path
341SPRINT_129_policy_reasoning REGISTRY-API-27-009 TODO Instrument metrics/logs/traces (compile time
342SPRINT_129_policy_reasoning REGISTRY-API-27-009 TODO approval latency)
343SPRINT_129_policy_reasoning REGISTRY-API-27-009 TODO diagnostics rate
344SPRINT_129_policy_reasoning REGISTRY-API-27-009 TODO sim queue depth
345SPRINT_129_policy_reasoning REGISTRY-API-27-010 TODO Build unit/integration/load test suites for compile/sim/review/publish/promote flows
346SPRINT_129_policy_reasoning RISK-ENGINE-66-001 TODO Scaffold scoring service (job queue
347SPRINT_129_policy_reasoning RISK-ENGINE-66-001 TODO provider registry) with deterministic execution harness
348SPRINT_129_policy_reasoning RISK-ENGINE-66-001 TODO worker loop
349SPRINT_129_policy_reasoning RISK-ENGINE-66-002 TODO Implement default transforms (linear
350SPRINT_129_policy_reasoning RISK-ENGINE-66-002 TODO clamping
351SPRINT_129_policy_reasoning RISK-ENGINE-66-002 TODO gating
352SPRINT_129_policy_reasoning RISK-ENGINE-66-002 TODO logistic
353SPRINT_129_policy_reasoning RISK-ENGINE-66-002 TODO minmax
354SPRINT_129_policy_reasoning RISK-ENGINE-66-002 TODO piecewise)
355SPRINT_129_policy_reasoning RISK-ENGINE-67-001 TODO Integrate CVSS
356SPRINT_129_policy_reasoning RISK-ENGINE-67-001 TODO KEV providers pulling data from Conseiller
357SPRINT_129_policy_reasoning RISK-ENGINE-67-001 TODO `any`
358SPRINT_129_policy_reasoning RISK-ENGINE-67-001 TODO implement reducers (`max`
359SPRINT_129_policy_reasoning RISK-ENGINE-67-002 TODO Integrate VEX gate provider
360SPRINT_129_policy_reasoning RISK-ENGINE-67-003 TODO Add fix availability
361SPRINT_129_policy_reasoning RISK-ENGINE-67-003 TODO asset criticality
362SPRINT_129_policy_reasoning RISK-ENGINE-68-001 TODO Persist scoring results + explanation pointers to Findings Ledger
363SPRINT_129_policy_reasoning RISK-ENGINE-68-002 TODO Expose APIs (`/risk/jobs`
364SPRINT_129_policy_reasoning RISK-ENGINE-68-002 TODO `/risk/results/{id}/explanation`)
365SPRINT_129_policy_reasoning RISK-ENGINE-68-002 TODO `/risk/results`
366SPRINT_129_policy_reasoning RISK-ENGINE-68-002 TODO filtering
367SPRINT_129_policy_reasoning RISK-ENGINE-68-002 TODO include pagination
368SPRINT_129_policy_reasoning RISK-ENGINE-69-001 TODO Implement simulation mode producing distributions
369SPRINT_129_policy_reasoning RISK-ENGINE-69-002 TODO Add telemetry (spans
370SPRINT_129_policy_reasoning RISK-ENGINE-69-002 TODO cache hits
371SPRINT_129_policy_reasoning RISK-ENGINE-69-002 TODO job throughput
372SPRINT_129_policy_reasoning RISK-ENGINE-69-002 TODO logs) for provider latency
373SPRINT_129_policy_reasoning RISK-ENGINE-69-002 TODO metrics
374SPRINT_129_policy_reasoning RISK-ENGINE-70-001 TODO Support offline provider bundles with manifest verification
375SPRINT_129_policy_reasoning RISK-ENGINE-70-002 TODO Integrate runtime evidence provider
376SPRINT_129_policy_reasoning VEXLENS-30-001 TODO CycloneDX VEX (status mapping
377SPRINT_129_policy_reasoning VEXLENS-30-001 TODO Implement normalization pipeline for CSAF VEX
378SPRINT_129_policy_reasoning VEXLENS-30-001 TODO OpenVEX
379SPRINT_129_policy_reasoning VEXLENS-30-001 TODO justification mapping
380SPRINT_129_policy_reasoning VEXLENS-30-001 TODO product tree parsing)
381SPRINT_129_policy_reasoning VEXLENS-30-002 TODO CPE2.3
382SPRINT_129_policy_reasoning VEXLENS-30-003 TODO DSSE
383SPRINT_129_policy_reasoning VEXLENS-30-003 TODO Integrate signature verification (Ed25519
384SPRINT_129_policy_reasoning VEXLENS-30-003 TODO PKIX) using issuer keys
385SPRINT_129_policy_reasoning VEXLENS-30-003 TODO annotate evidence with verification state
386SPRINT_129_policy_reasoning VEXLENS-30-004 TODO Implement trust weighting engine (issuer base weights
387SPRINT_129_policy_reasoning VEXLENS-30-004 TODO justification modifiers
388SPRINT_129_policy_reasoning VEXLENS-30-004 TODO recency decay
389SPRINT_129_policy_reasoning VEXLENS-30-004 TODO signature modifiers
390SPRINT_129_policy_reasoning VEXLENS-30-005 TODO AFFECTED
391SPRINT_129_policy_reasoning VEXLENS-30-005 TODO DISPUTED
392SPRINT_129_policy_reasoning VEXLENS-30-005 TODO FIXED
393SPRINT_129_policy_reasoning VEXLENS-30-005 TODO Implement consensus algorithm producing `consensus_state`
394SPRINT_129_policy_reasoning VEXLENS-30-005 TODO UNDER_INVESTIGATION
395SPRINT_129_policy_reasoning VEXLENS-30-005 TODO `confidence`
396SPRINT_129_policy_reasoning VEXLENS-30-005 TODO `quorum`
397SPRINT_129_policy_reasoning VEXLENS-30-005 TODO `rationale`
398SPRINT_129_policy_reasoning VEXLENS-30-005 TODO `weights`
399SPRINT_129_policy_reasoning VEXLENS-30-005 TODO support states: NOT_AFFECTED
400SPRINT_129_policy_reasoning VEXLENS-30-006 TODO Materialize consensus projection storage with idempotent workers triggered by VEX/Policy changes
401SPRINT_129_policy_reasoning VEXLENS-30-007 TODO Expose APIs (`/vex/consensus`
402SPRINT_129_policy_reasoning VEXLENS-30-007 TODO `/vex/consensus/export`) with pagination
403SPRINT_129_policy_reasoning VEXLENS-30-007 TODO `/vex/consensus/query`
404SPRINT_129_policy_reasoning VEXLENS-30-007 TODO `/vex/consensus/simulate`
405SPRINT_129_policy_reasoning VEXLENS-30-007 TODO `/vex/consensus/{id}`
406SPRINT_129_policy_reasoning VEXLENS-30-007 TODO cost budgets
407SPRINT_129_policy_reasoning VEXLENS-30-008 TODO Integrate consensus signals with Policy Engine (thresholds
408SPRINT_129_policy_reasoning VEXLENS-30-008 TODO simulation inputs)
409SPRINT_129_policy_reasoning VEXLENS-30-008 TODO suppression
410SPRINT_129_policy_reasoning VEXLENS-30-009 TODO Instrument metrics (`vex_consensus_compute_latency`
411SPRINT_129_policy_reasoning VEXLENS-30-009 TODO `vex_consensus_disputed_total`
412SPRINT_129_policy_reasoning VEXLENS-30-009 TODO `vex_signature_verification_rate`)
413SPRINT_129_policy_reasoning VEXLENS-30-009 TODO structured logs
414SPRINT_129_policy_reasoning VEXLENS-30-009 TODO traces
415SPRINT_129_policy_reasoning VEXLENS-30-010 TODO Develop unit/property/integration/load tests (10M records)
416SPRINT_129_policy_reasoning VEXLENS-30-010 TODO determinism harness
417SPRINT_129_policy_reasoning VEXLENS-30-011 TODO Provide deployment manifests
418SPRINT_129_policy_reasoning VEXLENS-30-011 TODO caching configuration
419SPRINT_129_policy_reasoning VEXLENS-30-011 TODO offline kit seeds
420SPRINT_129_policy_reasoning VEXLENS-30-011 TODO scaling guides
421SPRINT_129_policy_reasoning VEXLENS-AIAI-31-001 TODO Expose consensus rationale API enhancements (policy factors
422SPRINT_129_policy_reasoning VEXLENS-AIAI-31-001 TODO issuer details
423SPRINT_129_policy_reasoning VEXLENS-AIAI-31-001 TODO mapping issues) for Advisory AI conflict explanations
424SPRINT_129_policy_reasoning VEXLENS-AIAI-31-002 TODO Provide caching hooks for consensus lookups used by Advisory AI (batch endpoints
425SPRINT_129_policy_reasoning VEXLENS-EXPORT-35-001 TODO Provide consensus snapshot API delivering deterministic JSONL (state
426SPRINT_129_policy_reasoning VEXLENS-EXPORT-35-001 TODO confidence
427SPRINT_129_policy_reasoning VEXLENS-EXPORT-35-001 TODO provenance) for exporter mirror bundles
428SPRINT_129_policy_reasoning VEXLENS-ORCH-33-001 TODO Register `consensus_compute` job type with orchestrator
429SPRINT_129_policy_reasoning VEXLENS-ORCH-33-001 TODO expose job planning hooks for consensus batches
430SPRINT_129_policy_reasoning VEXLENS-ORCH-33-001 TODO integrate worker SDK
431SPRINT_129_policy_reasoning VEXLENS-ORCH-34-001 TODO Emit consensus completion events into orchestrator run ledger
432SPRINT_129_policy_reasoning VEXLENS-ORCH-34-001 TODO provenance chain
433SPRINT_129_policy_reasoning VULN-API-29-001 TODO Define OpenAPI spec (list/detail/query/simulation/workflow/export)
434SPRINT_129_policy_reasoning VULN-API-29-001 TODO error codes
435SPRINT_129_policy_reasoning VULN-API-29-001 TODO pagination/grouping contracts
436SPRINT_129_policy_reasoning VULN-API-29-001 TODO query JSON schema
437SPRINT_129_policy_reasoning VULN-API-29-002 TODO Implement list/query endpoints with policy parameter
438SPRINT_129_policy_reasoning VULN-API-29-002 TODO caching
439SPRINT_129_policy_reasoning VULN-API-29-002 TODO grouping
440SPRINT_129_policy_reasoning VULN-API-29-002 TODO server paging
441SPRINT_129_policy_reasoning VULN-API-29-003 TODO Implement detail endpoint aggregating evidence
442SPRINT_129_policy_reasoning VULN-API-29-003 TODO paths (Graph Explorer deep link)
443SPRINT_129_policy_reasoning VULN-API-29-003 TODO policy rationale
444SPRINT_129_policy_reasoning VULN-API-29-004 TODO Expose workflow endpoints (assign
445SPRINT_129_policy_reasoning VULN-API-29-004 TODO accept-risk
446SPRINT_129_policy_reasoning VULN-API-29-004 TODO comment
447SPRINT_129_policy_reasoning VULN-API-29-004 TODO target-fix
448SPRINT_129_policy_reasoning VULN-API-29-004 TODO verify-fix
449SPRINT_129_policy_reasoning VULN-API-29-005 TODO Implement simulation endpoint comparing `policy_from` vs `policy_to`
450SPRINT_129_policy_reasoning VULN-API-29-005 TODO returning diffs without side effects
451SPRINT_129_policy_reasoning VULN-API-29-006 TODO Integrate resolver results with Graph Explorer: include shortest path metadata
452SPRINT_129_policy_reasoning VULN-API-29-006 TODO line up deep-link parameters
453SPRINT_129_policy_reasoning VULN-API-29-007 TODO Enforce RBAC/ABAC scopes
454SPRINT_129_policy_reasoning VULN-API-29-007 TODO implement CSRF/anti-forgery checks for Console
455SPRINT_129_policy_reasoning VULN-API-29-007 TODO secure attachment URLs
456SPRINT_129_policy_reasoning VULN-API-29-008 TODO Build export orchestrator producing signed bundles (manifest
457SPRINT_129_policy_reasoning VULN-API-29-008 TODO NDJSON
458SPRINT_129_policy_reasoning VULN-API-29-008 TODO checksums
459SPRINT_129_policy_reasoning VULN-API-29-008 TODO signature). Integrate with Findings Ledger for evidence
460SPRINT_129_policy_reasoning VULN-API-29-009 TODO Instrument metrics (`vuln_list_latency`
461SPRINT_129_policy_reasoning VULN-API-29-009 TODO `vuln_export_duration`
462SPRINT_129_policy_reasoning VULN-API-29-009 TODO `vuln_simulation_latency`
463SPRINT_129_policy_reasoning VULN-API-29-009 TODO `vuln_workflow_events_total`)
464SPRINT_129_policy_reasoning VULN-API-29-009 TODO structured logs
465SPRINT_129_policy_reasoning VULN-API-29-009 TODO traces
466SPRINT_129_policy_reasoning VULN-API-29-010 TODO Provide unit/integration/perf tests (5M findings)
467SPRINT_129_policy_reasoning VULN-API-29-010 TODO fuzz query validation
468SPRINT_129_policy_reasoning VULN-API-29-011 TODO CI smoke
469SPRINT_129_policy_reasoning VULN-API-29-011 TODO Package deployment (Helm/Compose)
470SPRINT_129_policy_reasoning VULN-API-29-011 TODO health checks
471SPRINT_129_policy_reasoning VULN-API-29-011 TODO offline kit steps
472SPRINT_131_scanner_surface SCANNER-ANALYZERS-DENO-26-009 TODO SCANNER-ANALYZERS-DENO-26-008
473SPRINT_131_scanner_surface SCANNER-ANALYZERS-JAVA-21-005 TODO
474SPRINT_131_scanner_surface SCANNER-ANALYZERS-LANG-11-001 TODO SCANNER-ANALYZERS-LANG-10-309
475SPRINT_132_scanner_surface SCANNER-ANALYZERS-NATIVE-20-001 TODO
476SPRINT_132_scanner_surface SCANNER-ANALYZERS-NODE-22-001 TODO
477SPRINT_133_scanner_surface SCANNER-ANALYZERS-PHP-27-001 TODO
478SPRINT_134_scanner_surface SCANNER-ANALYZERS-PYTHON-23-001 TODO
479SPRINT_135_scanner_surface SCANNER-ANALYZERS-RUBY-28-001 TODO
480SPRINT_135_scanner_surface SCANNER-ENTRYTRACE-18-502 TODO SCANNER-ENTRYTRACE-18-508
481SPRINT_136_scanner_surface SCANNER-ENG-0020 TODO
482SPRINT_136_scanner_surface SCANNER-ENG-0021 TODO
483SPRINT_136_scanner_surface SCANNER-ENG-0022 TODO
484SPRINT_136_scanner_surface SCANNER-ENG-0023 TODO
485SPRINT_136_scanner_surface SCANNER-ENG-0024 TODO
486SPRINT_136_scanner_surface SCANNER-ENG-0025 TODO
487SPRINT_136_scanner_surface SCANNER-ENG-0026 TODO
488SPRINT_136_scanner_surface SCANNER-ENG-0027 TODO
489SPRINT_136_scanner_surface SCANNER-ENV-01 TODO
490SPRINT_136_scanner_surface SCANNER-EVENTS-16-301 BLOCKED
491SPRINT_136_scanner_surface SCANNER-GRAPH-21-001 TODO
492SPRINT_136_scanner_surface SCANNER-LNM-21-001 TODO
493SPRINT_136_scanner_surface SCANNER-SECRETS-03 TODO SCANNER-SECRETS-02
494SPRINT_136_scanner_surface SCANNER-SURFACE-04 TODO SCANNER-SURFACE-01
495SPRINT_136_scanner_surface SCHED-SURFACE-02 TODO SURFACE-FS-02
496SPRINT_136_scanner_surface SURFACE-FS-03 TODO SURFACE-FS-02
497SPRINT_136_scanner_surface SURFACE-FS-04 TODO SURFACE-FS-02
498SPRINT_136_scanner_surface SURFACE-FS-06 TODO SURFACE-FS-02..05
499SPRINT_136_scanner_surface SURFACE-SECRETS-01 DOING
500SPRINT_136_scanner_surface SURFACE-VAL-01 DOING SURFACE-FS-01
501SPRINT_136_scanner_surface SURFACE-VAL-02 TODO SURFACE-FS-02
502SPRINT_136_scanner_surface ZASTAVA-SURFACE-02 TODO SURFACE-FS-02
503SPRINT_138_scanner_ruby_parity SCANNER-ENG-0008 TODO
504SPRINT_138_scanner_ruby_parity SCANNER-ENG-0010 TODO SCANNER-ANALYZERS-PHP-27-001..012
505SPRINT_138_scanner_ruby_parity SCANNER-ENG-0011 TODO
506SPRINT_138_scanner_ruby_parity SCANNER-ENG-0012 TODO
507SPRINT_138_scanner_ruby_parity SCANNER-ENG-0013 TODO
508SPRINT_138_scanner_ruby_parity SCANNER-ENG-0014 TODO
509SPRINT_301_docs_tasks_md_i DOCS-AIAI-31-004 DOING DOCS-AIAI-31-003
510SPRINT_301_docs_tasks_md_i DOCS-AIAI-31-008 BLOCKED DOCS-AIAI-31-007
511SPRINT_301_docs_tasks_md_i DOCS-AIRGAP-56-001 TODO
512SPRINT_301_docs_tasks_md_i DOCS-POLICY-DET-01 TODO POLICY-DET backlog
513SPRINT_301_docs_tasks_md_i DOCS-SCANNER-DET-01 DOING Sprint 136 outputs
514SPRINT_301_docs_tasks_md_i DOCS-SCANNER-DET-01 DOING scanner determinism fixtures