git.stella-ops.org/docs/implplan/SPRINT_0154_0001_0001_packsregistry.md

Sprint 0154-0001-0001 · Packs Registry (Scheduling & Automation 150.B)

Topic & Scope

• Stand up Packs Registry service: indexing, provenance storage, signature verification, and lifecycle management.
• Add version lifecycle (promote/deprecate), provenance exports, mirroring, attestation integration, and compliance dashboards.
• Keep registry offline-friendly with RBAC, audit logs, and Offline Kit seed support.
• Working directory: src/PacksRegistry/StellaOps.PacksRegistry.

Dependencies & Concurrency

• Upstream: Sprint 120.A (AirGap), 130.A (Scanner), 140.A (Graph) provide pack metadata and graph inputs.
• Concurrency: execution followed table order; all tasks now DONE.

Documentation Prerequisites

• docs/README.md
• docs/07_HIGH_LEVEL_ARCHITECTURE.md
• docs/modules/platform/architecture-overview.md
• docs/modules/graph/architecture.md
• docs/modules/devops/architecture.md
• Any PacksRegistry AGENTS.md (if present under src/PacksRegistry).

BLOCKED Tasks: Before working on BLOCKED tasks, review BLOCKED_DEPENDENCY_TREE.md for root blockers and dependencies.

Delivery Tracker

#	Task ID	Status	Key dependency / next step	Owners	Task Definition
1	PACKS-REG-41-001	DONE (2025-11-25)	Start registry service + migrations.	Packs Registry Guild (src/PacksRegistry/StellaOps.PacksRegistry)	Implement registry service, migrations (packs_index, parity_matrix, provenance docs); upload/list/get; signature verification; RBAC; provenance manifest storage.
2	PACKS-REG-42-001	DONE (2025-11-25)	Depends on 41-001.	Packs Registry Guild	Version lifecycle (promote/deprecate), tenant allowlists, provenance export, signature rotation, audit logs, Offline Kit seed support.
3	PACKS-REG-43-001	DONE (2025-11-25)	Depends on 42-001.	Packs Registry Guild	Registry mirroring, pack signing policies, attestation integration, compliance dashboards; integrate with Export Center.

Wave Coordination

• Single wave (150.B Packs Registry). Parallel waves tracked under Sprint 150 umbrella are out of scope here.

Wave Detail Snapshots

• 150.B Packs Registry — all Delivery Tracker items marked DONE as of 2025-11-25.

Interlocks

• Upstream contracts from AirGap/Scanner/Graph (Sprint 120.A/130.A/140.A) assumed stable; re-open risk if schemas change.

Action Tracker

Action	Owner	Status	Due	Notes
None open	–	N/A	–	Completed tasks cover current scope.

Upcoming Checkpoints

• Schedule kickoff once staffing confirmed (date TBD).

Decisions & Risks

• Registry relies on upstream pack metadata/graph contracts; keep schema aligned before migrations run.
• Ensure offline posture: signature verification, provenance storage, audit logs, and Offline Kit seeds are mandatory before GA.

Execution Log

Date (UTC)	Update	Owner
2025-11-08	Sprint stub created; awaiting staffing.	Planning
2025-11-19	Normalized sprint to standard template and renamed from SPRINT_154_packsregistry.md to SPRINT_0154_0001_0001_packsregistry.md; content preserved.	Implementer
2025-11-19	Added legacy-file redirect stub to avoid divergent updates.	Implementer
2025-11-24	Started PACKS-REG-41-001: added core pack service with hash verification, in-memory + file repos, WebService endpoints for upload/list/get/content download; tests cover upload/list/content + signature failure. RBAC, migrations, and real signature verification remain pending.	Implementer
2025-11-24	Added API-key guard, RSA signature verifier option, tenant checks, provenance upload/digest/storage, and /provenance download; integration + RSA verifier tests added.	Implementer
2025-11-24	Exposed digest headers on downloads, added manifest endpoint, health check, and documented auth/tenant rules in PacksRegistry AGENTS.	Implementer
2025-11-24	Added Mongo option with initializer ensuring packs/blobs/parity collections + indexes; configurable collections via PacksRegistry:Mongo.	Implementer
2025-11-24	Added Pack Manifest OpenAPI stub (src/PacksRegistry/StellaOps.PacksRegistry/StellaOps.PacksRegistry.WebService/OpenApi/pack-manifest.openapi.json) covering manifest response/auth headers.	Implementer
2025-11-24	Added parity matrix scaffolding: parity model/service/repos (memory/file/mongo) and endpoints /api/v1/packs/{id}/parity (GET/POST) with auth/tenant enforcement; tests updated.	Implementer
2025-11-24	Added packs OpenAPI stub (OpenApi/packs.openapi.json) documenting upload/list/get/content/provenance/manifest/parity endpoints and auth headers.	Implementer
2025-11-25	Started PACKS-REG-42-001 to add lifecycle/rbac hardening, provenance export, signature rotation, audit logs, and offline seed support.	Implementer
2025-11-25	Completed PACKS-REG-42-001: lifecycle/parity listing + audit trail repos (file/memory/mongo), signature rotation endpoint, offline-seed zip export with provenance/content, tenant allowlist enforcement on listings, OpenAPI updates; upgraded tests to ASP.NET Core 10 RC and added coverage for exports/rotation.	Implementer
2025-11-25	Completed PACKS-REG-43-001: attestation storage/download APIs (file/memory/mongo), mirror registry CRUD/sync endpoints, pack signing policy option, compliance summary endpoint, OpenAPI v0.3 updated; all tests green.	Implementer
2025-11-25	Closed PACKS-REG-41-001 after migrations, RBAC, signature verification, digest headers, and content/provenance storage completed.	Implementer
2025-11-30	Re-applied legacy file redirect stub and added template sections (wave/interlocks/action tracker/upcoming checkpoints); no task status changes.	Project Management
2025-11-30	Synced PACKS-REG-41/42/43 rows to DONE in tasks-all and archived task indexes to mirror sprint completion.	Project Management
2025-11-30	Ran StellaOps.PacksRegistry.Tests (net10.0) — restore from local feed succeeded; 8 tests passed, 0 failed.	Implementer