stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity
Files
df66ce10c30ac49280fca28cabdd737542aac662
git.stella-ops.org/docs/modules/findings-ledger/implementation_plan.md
master 7943cfb3af chore(docs+devops): cross-module doc sync + sprint archival moves + compose updates 
Bundled pre-session doc + ops work:
- docs/modules/**: sync across advisory-ai, airgap, cli, excititor,
  export-center, findings-ledger, notifier, notify, platform, router,
  sbom-service, ui, web (architectural + operational updates)
- docs/features/**: updates to checked excititor vex pipeline,
  developer workspace, quick verify drawer
- docs top-level: README, quickstart, API_CLI_REFERENCE, UI_GUIDE,
  code-of-conduct/TESTING_PRACTICES updates
- docs/qa/feature-checks/: FLOW.md + excititor state update
- docs/implplan/: remaining sprint updates + new Concelier source
  credentials sprint (SPRINT_20260422_003)
- docs-archived/implplan/: 30 sprint archival moves (ElkSharp series,
  misc completed sprints)
- devops/compose: .env + services compose + env example + router gateway
  config updates

File-level granularity preserved.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-22 16:06:39 +03:00

2.7 KiB
Raw Blame History

Findings Ledger Implementation Plan

Purpose

Define the delivery plan for the Findings Ledger service, replay harness, observability, and air-gap provenance so audits can verify deterministic state reconstruction.

Active work

  • Runtime fake-removal work for Findings/RiskEngine was completed under docs/implplan/SPRINT_20260415_006_DOCS_policy_findings_signer_real_backend_cutover.md.
  • Use docs/modules/findings-ledger/gaps-FL1-FL10.md for the remaining product-capability remediation backlog.

Current host posture

  • RiskEngine.WebService now runs against PostgreSQL outside Testing; in-memory result stores are test-only.
  • Findings.Ledger.WebService non-testing hosts no longer fabricate scoring/webhook/runtime/VulnExplorer write state. Retired compatibility writes fail with truthful 501 problem+json, while explicit Testing harnesses inject the in-memory compatibility stores needed by focused integration tests.
  • The standalone StellaOps.VulnExplorer.Api host remains retired; no separate fake backend was reintroduced for legacy write flows.

Near-term deliverables

  • Observability baselines: metrics, logs, traces, dashboards, and alert rules per docs/modules/findings-ledger/observability.md.
  • Determinism harness: replay CLI, fixtures, and signed reports per docs/modules/findings-ledger/replay-harness.md.
  • Deployment collateral: Compose/Helm overlays, migrations, and backup/restore runbooks per docs/modules/findings-ledger/deployment.md.
  • Provenance extensions: air-gap bundle metadata, staleness enforcement, and sealed-mode timeline entries per docs/modules/findings-ledger/airgap-provenance.md.

Dependencies

  • Observability schema approval for metrics and dashboards.
  • Orchestrator export schema freeze for provenance linkage.
  • QA lab capacity for >=5M findings/tenant replay harness.
  • DevOps review of Compose/Helm overlays and offline kit packaging.

Evidence of completion

  • src/Findings/StellaOps.Findings.Ledger and src/Findings/tools/LedgerReplayHarness updated with deterministic behavior and tests.
  • Replay harness reports (harness-report.json + DSSE) stored under approved offline kit locations.
  • Dashboard JSON and alert rules committed under offline/telemetry/dashboards/ledger or ops/devops/findings-ledger/**.
  • Deployment and backup guidance validated against docs/modules/findings-ledger/deployment.md.

Reference docs

  • docs/modules/findings-ledger/schema.md
  • docs/modules/findings-ledger/replay-harness.md
  • docs/modules/findings-ledger/observability.md
  • docs/modules/findings-ledger/deployment.md
  • docs/modules/findings-ledger/airgap-provenance.md
  • docs/modules/findings-ledger/workflow-inference.md