4.1 KiB
4.1 KiB
If you are working on this file you need to read docs/ARCHITECTURE_EXCITITOR.md and ./AGENTS.md).
TASKS
| Task | Owner(s) | Depends on | Notes |
|---|---|---|---|
| Bootstrap configuration fallback (env → appsettings{{.json/.yaml}}) | DevEx/CLI | Core | DONE – CLI loads API_KEY/STELLAOPS_BACKEND_URL from environment or local settings, defaulting to empty strings when unset. |
| Introduce command host & routing skeleton | DevEx/CLI | Configuration | DONE – System.CommandLine (v2.0.0-beta5) router stitched with scanner, scan, db, and config verbs. |
| Scanner artifact download/install commands | Ops Integrator | Backend contracts | DONE – scanner download caches bundles, validates SHA-256 (plus optional RSA signature), installs via docker load, persists metadata, and retries with exponential backoff. |
| Scan execution & result upload workflow | Ops Integrator, QA | Scanner cmd | DONE – scan run drives container scans against directories, emits artefacts in ResultsDirectory, auto-uploads on success, and scan upload covers manual retries. |
| Concelier DB operations passthrough | DevEx/CLI | Backend, Concelier APIs | DONE – `db fetch |
| CLI observability & tests | QA | Command host | DONE – Added console logging defaults & configuration bootstrap tests; future metrics hooks tracked separately. |
| Authority auth commands | DevEx/CLI | Auth libraries | DONE – auth login/logout/status wrap the shared auth client, manage token cache, and surface status messages. |
| Document authority workflow in CLI help & quickstart | Docs/CLI | Authority auth commands | DONE (2025-10-10) – CLI help now surfaces Authority config fields and docs/09 + docs/10 describe env vars, auth login/status flow, and cache location. |
| Authority whoami command | DevEx/CLI | Authority auth commands | DONE (2025-10-10) – Added auth whoami verb that displays subject/audience/expiry from cached tokens and handles opaque tokens gracefully. |
| Expose auth client resilience settings | DevEx/CLI | Auth libraries LIB5 | DONE (2025-10-10) – CLI options now bind resilience knobs, AddStellaOpsAuthClient honours them, and tests cover env overrides. |
| Document advanced Authority tuning | Docs/CLI | Expose auth client resilience settings | DONE (2025-10-10) – docs/09 and docs/10 describe retry/offline settings with env examples and point to the integration guide. |
| Surface password policy diagnostics in CLI output | DevEx/CLI, Security Guild | AUTHSEC-CRYPTO-02-004 | DONE (2025-10-15) – CLI startup runs the Authority plug-in analyzer, logs weakened password policy warnings with manifest paths, added unit tests (dotnet test src/StellaOps.Cli.Tests) and updated docs/09 with remediation guidance. |
EXCITITOR-CLI-01-001 – Add excititor command group |
DevEx/CLI | EXCITITOR-WEB-01-001 | DONE (2025-10-18) – Introduced excititor verbs (init/pull/resume/list-providers/export/verify/reconcile) with token-auth backend calls, provenance-friendly logging, and regression coverage. |
| EXCITITOR-CLI-01-002 – Export download & attestation UX | DevEx/CLI | EXCITITOR-CLI-01-001, EXCITITOR-EXPORT-01-001 | TODO – Display export metadata (sha256, size, Rekor link), support optional artifact download path, and handle cache hits gracefully. |
| EXCITITOR-CLI-01-003 – CLI docs & examples for Excititor | Docs/CLI | EXCITITOR-CLI-01-001 | TODO – Update docs/09_API_CLI_REFERENCE.md and quickstart snippets to cover Excititor verbs, offline guidance, and attestation verification workflow. |
| CLI-RUNTIME-13-005 – Runtime policy test verbs | DevEx/CLI | SCANNER-RUNTIME-12-302, ZASTAVA-WEBHOOK-12-102 | TODO – Add runtime policy test and related verbs to query /policy/runtime, display verdicts/TTL/reasons, and support batch inputs. |
| CLI-OFFLINE-13-006 – Offline kit workflows | DevEx/CLI | DEVOPS-OFFLINE-14-002 | TODO – Implement offline kit pull/import/status commands with integrity checks, resumable downloads, and doc updates. |
| CLI-PLUGIN-13-007 – Plugin packaging | DevEx/CLI | CLI-RUNTIME-13-005, CLI-OFFLINE-13-006 | TODO – Package non-core verbs as restart-time plug-ins (manifest + loader updates, tests ensuring no hot reload). |