stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
d870da18ce194c6a5f1a6d71abea36205d9fb276
git.stella-ops.org/src/VexLens/StellaOps.VexLens/TASKS.md
master d870da18ce Restructure solution layout by module
2025-10-28 15:10:40 +02:00

5.7 KiB
Raw Blame History

VEX Lens Task Board — Epic 7: VEX Consensus Lens

ID Status Owner(s) Depends on Description Exit Criteria
VEXLENS-30-001 TODO VEX Lens Guild EXCITITOR-LNM-21-001, CONCELIER-LNM-21-001 Implement normalization pipeline for CSAF VEX, OpenVEX, CycloneDX VEX (status mapping, justification mapping, product tree parsing). Normalization outputs deterministic canonical JSON; fixtures cover formats; unit tests pass.
VEXLENS-30-002 TODO VEX Lens Guild VEXLENS-30-001, SBOM-VULN-29-001 Build product mapping library (CPE/CPE2.3/vendor tokens → purl/version) with scope quality scoring and path metadata. Mapping library handles target ecosystems with property tests; scope scores recorded; docs updated.
VEXLENS-30-003 TODO VEX Lens Guild, Issuer Directory Guild ISSUER-30-001 Integrate signature verification (Ed25519, DSSE, PKIX) using issuer keys, annotate evidence with verification state and failure reasons. Signatures verified; failures logged; tests cover signed/unsigned/expired cases.
VEXLENS-30-004 TODO VEX Lens Guild, Policy Guild POLICY-ENGINE-30-101 Implement trust weighting engine (issuer base weights, signature modifiers, recency decay, justification modifiers, scope score adjustments) controlled by policy config. Weighting functions configurable; policy overrides applied; unit tests validate formulas.
VEXLENS-30-005 TODO VEX Lens Guild VEXLENS-30-001..004 Implement consensus algorithm producing consensus_state, confidence, weights, quorum, rationale; support states: NOT_AFFECTED, AFFECTED, FIXED, UNDER_INVESTIGATION, DISPUTED, INCONCLUSIVE. Algorithm deterministic; unit/property tests cover conflict scenarios; rationale includes top evidences; docs drafted.
VEXLENS-30-006 TODO VEX Lens Guild, Findings Ledger Guild VEXLENS-30-005, LEDGER-29-003 Materialize consensus projection storage with idempotent workers triggered by VEX/Policy changes; expose change events for downstream consumers. Projection generated for fixtures; backpressure metrics recorded; replay harness passes.
VEXLENS-30-007 TODO VEX Lens Guild VEXLENS-30-006 Expose APIs (/vex/consensus, /vex/consensus/query, /vex/consensus/{id}, /vex/consensus/simulate, /vex/consensus/export) with pagination, cost budgets, and OpenAPI docs. APIs deployed with schema validation; integration tests cover filters/simulation/export; rate limits enforced.
VEXLENS-30-008 TODO VEX Lens Guild, Policy Guild VEXLENS-30-006, POLICY-ENGINE-30-101 Integrate consensus signals with Policy Engine (thresholds, suppression, simulation inputs) and Vuln Explorer detail view. Policy consumes consensus via documented contract; Vuln Explorer shows consensus chip; e2e tests confirm suppression behavior.
VEXLENS-30-009 TODO VEX Lens Guild, Observability Guild VEXLENS-30-006..008 Instrument metrics (vex_consensus_compute_latency, vex_consensus_disputed_total, vex_signature_verification_rate), structured logs, and traces; publish dashboards/alerts. Metrics/traces live; dashboards approved; alert thresholds configured.
VEXLENS-30-010 TODO VEX Lens Guild, QA Guild VEXLENS-30-001..008 Develop unit/property/integration/load tests (10M records), determinism harness, fuzz testing for malformed product trees. Test suites green; load tests documented; determinism harness validated across two runs.
VEXLENS-30-011 TODO VEX Lens Guild, DevOps Guild VEXLENS-30-006..009 Provide deployment manifests, caching configuration, scaling guides, offline kit seeds, and runbooks. Deployment docs merged; smoke deploy validated; offline kit updated; runbooks published.

Advisory AI (Sprint 31)

ID Status Owner(s) Depends on Description Exit Criteria
VEXLENS-AIAI-31-001 TODO VEX Lens Guild VEXLENS-30-005 Expose consensus rationale API enhancements (policy factors, issuer details, mapping issues) for Advisory AI conflict explanations. API returns structured factors; docs updated; integration tests cover tuples.
VEXLENS-AIAI-31-002 TODO VEX Lens Guild VEXLENS-30-006 Provide caching hooks for consensus lookups used by Advisory AI (batch endpoints, TTL hints). Batch API published; caches instrumented; telemetry recorded.

Orchestrator Dashboard

ID Status Owner(s) Depends on Description Exit Criteria
VEXLENS-ORCH-33-001 TODO VEX Lens Guild ORCH-SVC-32-001, ORCH-SVC-32-003, ORCH-SVC-33-001 Register consensus_compute job type with orchestrator, integrate worker SDK, and expose job planning hooks for consensus batches. Job type documented; worker consumes orchestrator jobs; tests cover pause/retry; metrics exported.
VEXLENS-ORCH-34-001 TODO VEX Lens Guild VEXLENS-ORCH-33-001, ORCH-SVC-34-002, ORCH-SVC-34-001 Emit consensus completion events into orchestrator run ledger and provenance chain, including confidence metadata. Ledger export includes consensus entries; events contain provenance; integration tests validate chain; docs cross-link to run-ledger.

Export Center (Epic 10)

ID Status Owner(s) Depends on Description Exit Criteria
VEXLENS-EXPORT-35-001 TODO VEX Lens Guild VEXLENS-30-006, LEDGER-EXPORT-35-001 Provide consensus snapshot API delivering deterministic JSONL (state, confidence, provenance) for exporter mirror bundles. Snapshot endpoint deployed; determinism tests pass; schema documented; metrics/logs instrumented.