stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
d71c81e45d5a129e572dd3e481e7ce43827f0f3d
git.stella-ops.org/docs/implplan/SPRINT_136_scanner_surface.md
master ae69b1a8a1 feat: Add documentation and task tracking for Sprints 508 to 514 in Ops & Offline 
- Created detailed markdown files for Sprints 508 (Ops Offline Kit), 509 (Samples), 510 (AirGap), 511 (Api), 512 (Bench), 513 (Provenance), and 514 (Sovereign Crypto Enablement) outlining tasks, dependencies, and owners.
- Introduced a comprehensive Reachability Evidence Delivery Guide to streamline the reachability signal process.
- Implemented unit tests for Advisory AI to block known injection patterns and redact secrets.
- Added AuthoritySenderConstraintHelper to manage sender constraints in OpenIddict transactions.
2025-11-08 23:18:28 +02:00

4.8 KiB
Raw Blame History

Sprint 136 - Scanner & Surface

Implementation order remains sequential across Sprint 130139. Complete each sprint in order before pulling tasks from the next file.

7. Scanner.VII — Scanner & Surface focus on Scanner (phase VII).

Dependency: Sprint 135 - 6. Scanner.VI — Scanner & Surface focus on Scanner (phase VI).

Task ID State Summary Owner / Source Depends On
SCANNER-ENTRYTRACE-18-504 TODO Emit EntryTrace AOC NDJSON (entrytrace.entry/node/edge/target/warning/capability) and wire CLI/service streaming outputs. EntryTrace Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/TASKS.md) SCANNER-ENTRYTRACE-18-503
SCANNER-ENV-01 TODO (2025-11-06) Replace ad-hoc environment reads with StellaOps.Scanner.Surface.Env helpers for cache roots and CAS endpoints. Scanner Worker Guild (src/Scanner/StellaOps.Scanner.Worker/TASKS.md)
SCANNER-ENV-02 TODO (2025-11-06) Wire Surface.Env helpers into WebService hosting (cache roots, feature flags) and document configuration. Scanner WebService Guild, Ops Guild (src/Scanner/StellaOps.Scanner.WebService/TASKS.md) SCANNER-ENV-01
SCANNER-ENV-03 TODO Adopt Surface.Env helpers for plugin configuration (cache roots, CAS endpoints, feature toggles). BuildX Plugin Guild (src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin/TASKS.md) SCANNER-ENV-02
SCANNER-EVENTS-16-301 BLOCKED (2025-10-26) Emit orchestrator-compatible envelopes (scanner.event.*) and update integration tests to verify Notifier ingestion (no Redis queue coupling). Scanner WebService Guild (src/Scanner/StellaOps.Scanner.WebService/TASKS.md)
SCANNER-GRAPH-21-001 TODO Provide webhook/REST endpoint for Cartographer to request policy overlays and runtime evidence for graph nodes, ensuring determinism and tenant scoping. Scanner WebService Guild, Cartographer Guild (src/Scanner/StellaOps.Scanner.WebService/TASKS.md)
SCANNER-LNM-21-001 TODO Update /reports and /policy/runtime payloads to consume advisory/vex linksets, exposing source severity arrays and conflict summaries alongside effective verdicts. Scanner WebService Guild, Policy Guild (src/Scanner/StellaOps.Scanner.WebService/TASKS.md)
SCANNER-LNM-21-002 TODO Add evidence endpoint for Console to fetch linkset summaries with policy overlay for a component/SBOM, including AOC references. Scanner WebService Guild, UI Guild (src/Scanner/StellaOps.Scanner.WebService/TASKS.md) SCANNER-LNM-21-001
SCANNER-SECRETS-03 TODO Use Surface.Secrets to retrieve registry credentials when interacting with CAS/referrers. BuildX Plugin Guild, Security Guild (src/Scanner/StellaOps.Scanner.Sbomer.BuildXPlugin/TASKS.md) SCANNER-SECRETS-02
SCANNER-ENG-0020 TODO Implement Homebrew collector & fragment mapper per design/macos-analyzer.md §3.1. Scanner Guild (docs/modules/scanner/TASKS.md)
SCANNER-ENG-0021 TODO Implement pkgutil receipt collector per design/macos-analyzer.md §3.2. Scanner Guild (docs/modules/scanner/TASKS.md)
SCANNER-ENG-0022 TODO Implement macOS bundle inspector & capability overlays per design/macos-analyzer.md §3.3. Scanner Guild, Policy Guild (docs/modules/scanner/TASKS.md)
SCANNER-ENG-0023 TODO Deliver macOS policy/offline integration per design/macos-analyzer.md §56. Scanner Guild, Offline Kit Guild, Policy Guild (docs/modules/scanner/TASKS.md)
SCANNER-ENG-0024 TODO Implement Windows MSI collector per design/windows-analyzer.md §3.1. Scanner Guild (docs/modules/scanner/TASKS.md)
SCANNER-ENG-0025 TODO Implement WinSxS manifest collector per design/windows-analyzer.md §3.2. Scanner Guild (docs/modules/scanner/TASKS.md)
SCANNER-ENG-0026 TODO Implement Windows Chocolatey & registry collectors per design/windows-analyzer.md §3.33.4. Scanner Guild (docs/modules/scanner/TASKS.md)
SCANNER-ENG-0027 TODO Deliver Windows policy/offline integration per design/windows-analyzer.md §56. Scanner Guild, Policy Guild, Offline Kit Guild (docs/modules/scanner/TASKS.md)
SCHED-SURFACE-02 TODO Integrate Scheduler worker prefetch using Surface manifest reader and persist manifest pointers with rerun plans. Scheduler Worker Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md) SURFACE-FS-02, SCHED-SURFACE-01. Reference docs/modules/scanner/design/surface-fs-consumers.md §3 for implementation checklist
ZASTAVA-SURFACE-02 TODO Use Surface manifest reader helpers to resolve cas:// pointers and enrich drift diagnostics with manifest provenance. Zastava Observer Guild (src/Zastava/StellaOps.Zastava.Observer/TASKS.md) SURFACE-FS-02, ZASTAVA-SURFACE-01. Reference docs/modules/scanner/design/surface-fs-consumers.md §4 for integration steps