stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
d519782a8f0b30f425c9b6ae0f316b19259972a2
git.stella-ops.org/docs/modules/evidence-locker/prep/2025-11-20-schema-readiness-blockers.md
master d519782a8f
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
prep docs and service updates
2025-11-21 06:56:36 +00:00

2.2 KiB
Raw Blame History

Evidence Locker Schema Readiness Prep — PREP-EVIDENCE-LOCKER-GUILD-BLOCKED-SCHEMAS-NO

Status: Draft (2025-11-20) Owners: Planning · Evidence Locker Guild · AdvisoryAI Guild · Orchestrator/Notifications Guild Scope: Capture the exact signals still missing to unfreeze Evidence Locker replay/bundle schemas, so downstream implementation can proceed without ambiguity.

Outstanding upstream artefacts (must land before new DOING status)

  • AdvisoryAI evidence bundle schema + payload notes (Sprint 110.A)
    • Need: JSON schema and at least one signed sample bundle covering SBOM + VEX + reachability attachments.
    • Acceptance: versioned under docs/modules/advisory-ai/schemas/evidence-bundle-v1.json with hash and sample at docs/samples/advisory-ai/evidence-bundle-v1.json.
  • Orchestrator + Notifications capsule envelopes (Sprint 150.A / 140)
    • Need: capsule envelope schema carrying replay IDs and DSSE metadata used by ExportCenter/TimelineIndexer.
    • Acceptance: schema at docs/events/orchestrator-scanner-events.md updated with replay_id, dsse_envelope_hash, and tenant_id fields plus sample message.
  • Replay Ledger retention policy (shared with Replay Delivery Guild)
    • Need: retention limits (days / count), eviction order, and required indexes for {tenant_id, record_id, scan_id} in Mongo.
    • Acceptance: recorded in docs/replay/DETERMINISTIC_REPLAY.md section 8 with deterministic eviction rules.

Ready-to-start criteria for Evidence Locker tasks

  • Both schemas above are versioned and checksummed.
  • Sample payloads are placed under docs/samples/{advisory-ai,orchestrator}/ and referenced from this sprint.
  • Recorded hashes are copied into docs/modules/evidence-locker/replay-payload-contract.md (section 5 once available).

Temporary guidance until freeze

  • Keep Evidence Locker tasks BLOCKED for code changes; only doc prep allowed.
  • Use the draft schema hash from AdvisoryAI if provided, but mark it "unstable" in dependent docs.
  • Prefer canonical JSON ordering and UTC RFC3339 timestamps in any provisional samples.

Handoff

Use this document as the prep artefact for PREP-EVIDENCE-LOCKER-GUILD-BLOCKED-SCHEMAS-NO. Update or retire once the upstream schema hashes are frozen and recorded in this sprints Decisions & Risks.