git.stella-ops.org/docs/implplan/SPRINT_7000_SUMMARY.md

# Sprint Epic 7000 - Competitive Moat & Explainable Triage

## Overview

Epic 7000 encompasses two major capability sets:

1. **Competitive Benchmarking** (batch 0001): Verifiable competitive differentiation through benchmarking infrastructure, SBOM lineage semantics, auditor-grade explainability, and integrated three-layer reachability analysis. *Source: 19-Dec-2025 advisory*

2. **Explainable Triage Workflows** (batches 0002-0005): Policy-backed, reachability-informed, runtime-corroborated verdicts with full explainability and auditability. *Source: 21-Dec-2025 advisory*

**IMPLID**: 7000 (Competitive Moat & Explainable Triage)
**Total Sprints**: 12
**Total Tasks**: 68
**Source Advisories**:
- `docs/product-advisories/archived/19-Dec-2025 - Benchmarking Container Scanners Against Stella Ops.md`
- `docs/product-advisories/archived/21-Dec-2025 - Designing Explainable Triage Workflows.md`

---

## Gap Analysis Summary

| Gap | Severity | Sprint | Status |
|-----|----------|--------|--------|
| No competitive benchmarking infrastructure | HIGH | 7000.0001.0001 | TODO |
| SBOM as static document, no lineage/versioning | HIGH | 7000.0001.0002 | TODO |
| No assumption-set or falsifiability tracking | HIGH | 7000.0001.0003 | TODO |
| 3-layer reachability not integrated | MEDIUM | 7000.0001.0004 | TODO |

---

## Epic Structure

### Phase 1: Benchmarking Foundation

| Sprint | Name | Tasks | Priority | Duration |
|--------|------|-------|----------|----------|
| 7000.0001.0001 | [Competitive Benchmarking Infrastructure](SPRINT_7000_0001_0001_competitive_benchmarking.md) | 7 | HIGH | 2 weeks |

**Key Deliverables**:
- Reference corpus with ground-truth annotations
- Comparison harness for Trivy, Grype, Syft
- Precision/recall/F1 metrics
- Claims index with verifiable evidence
- Marketing battlecard generator

---

### Phase 2: SBOM Evolution

| Sprint | Name | Tasks | Priority | Duration |
|--------|------|-------|----------|----------|
| 7000.0001.0002 | [SBOM Lineage & Repository Semantics](SPRINT_7000_0001_0002_sbom_lineage.md) | 7 | HIGH | 2 weeks |

**Key Deliverables**:
- SBOM lineage DAG with content-addressable storage
- Semantic diff engine (component-level deltas)
- Rebuild reproducibility proof manifest
- Lineage traversal API

---

### Phase 3: Explainability Enhancement

| Sprint | Name | Tasks | Priority | Duration |
|--------|------|-------|----------|----------|
| 7000.0001.0003 | [Explainability with Assumptions & Falsifiability](SPRINT_7000_0001_0003_explainability.md) | 7 | HIGH | 2 weeks |

**Key Deliverables**:
- Assumption-set model (compiler flags, runtime config, feature gates)
- Falsifiability criteria ("what would disprove this?")
- Evidence-density confidence scorer
- Updated DSSE predicate schema

---

### Phase 4: Reachability Integration

| Sprint | Name | Tasks | Priority | Duration |
|--------|------|-------|----------|----------|
| 7000.0001.0004 | [Three-Layer Reachability Integration](SPRINT_7000_0001_0004_three_layer_reachability.md) | 7 | MEDIUM | 2 weeks |

**Key Deliverables**:
- `ReachabilityStack` composite model
- Layer 2: Binary loader resolution (ELF/PE)
- Layer 3: Feature flag / config gating
- "All-three-align" exploitability proof

---

## Batch 2: Explainable Triage Foundation

### Phase 5: Confidence & UX

| Sprint | Name | Tasks | Priority |
|--------|------|-------|----------|
| 7000.0002.0001 | [Unified Confidence Model](SPRINT_7000_0002_0001_unified_confidence_model.md) | 5 | HIGH |
| 7000.0002.0002 | [Vulnerability-First UX API](SPRINT_7000_0002_0002_vulnerability_first_ux_api.md) | 5 | HIGH |

**Key Deliverables**:
- `ConfidenceScore` with 5-factor breakdown (Reachability, Runtime, VEX, Provenance, Policy)
- `FindingSummaryResponse` with verdict chip, confidence chip, one-liner
- `ProofBadges` for visual evidence indicators
- Findings list and detail API endpoints

---

### Phase 6: Visualization APIs

| Sprint | Name | Tasks | Priority |
|--------|------|-------|----------|
| 7000.0003.0001 | [Evidence Graph API](SPRINT_7000_0003_0001_evidence_graph_api.md) | 4 | MEDIUM |
| 7000.0003.0002 | [Reachability Mini-Map API](SPRINT_7000_0003_0002_reachability_minimap_api.md) | 4 | MEDIUM |
| 7000.0003.0003 | [Runtime Timeline API](SPRINT_7000_0003_0003_runtime_timeline_api.md) | 4 | MEDIUM |

**Key Deliverables**:
- Evidence graph with nodes, edges, signature status
- Reachability mini-map with condensed call paths
- Runtime timeline with time-windowed observations and posture

---

### Phase 7: Fidelity & Budgets

| Sprint | Name | Tasks | Priority |
|--------|------|-------|----------|
| 7000.0004.0001 | [Progressive Fidelity Mode](SPRINT_7000_0004_0001_progressive_fidelity.md) | 5 | HIGH |
| 7000.0004.0002 | [Evidence Size Budgets](SPRINT_7000_0004_0002_evidence_size_budgets.md) | 4 | MEDIUM |

**Key Deliverables**:
- `FidelityLevel` enum with Quick/Standard/Deep modes
- Fidelity-aware analyzer orchestration with timeouts
- `EvidenceBudget` with per-scan caps
- Retention tier management (Hot/Warm/Cold/Archive)

---

### Phase 8: Metrics & Observability

| Sprint | Name | Tasks | Priority |
|--------|------|-------|----------|
| 7000.0005.0001 | [Quality KPIs Tracking](SPRINT_7000_0005_0001_quality_kpis_tracking.md) | 5 | MEDIUM |

**Key Deliverables**:
- `TriageQualityKpis` model
- KPI collection and snapshotting
- Dashboard API endpoint

---

## Dependency Graph

```mermaid
graph TD
    subgraph Batch1["Batch 1: Competitive Moat"]
        S7001[7000.0001.0001<br/>Benchmarking]
        S7002[7000.0001.0002<br/>SBOM Lineage]
        S7003[7000.0001.0003<br/>Explainability]
        S7004[7000.0001.0004<br/>3-Layer Reach]

        S7001 --> S7002
        S7002 --> S7004
        S7003 --> S7004
    end

    subgraph Batch2["Batch 2: Explainable Triage"]
        S7021[7000.0002.0001<br/>Confidence Model]
        S7022[7000.0002.0002<br/>UX API]
        S7031[7000.0003.0001<br/>Evidence Graph]
        S7032[7000.0003.0002<br/>Mini-Map]
        S7033[7000.0003.0003<br/>Timeline]
        S7041[7000.0004.0001<br/>Fidelity]
        S7042[7000.0004.0002<br/>Budgets]
        S7051[7000.0005.0001<br/>KPIs]

        S7021 --> S7022
        S7022 --> S7031
        S7022 --> S7032
        S7022 --> S7033
        S7021 --> S7051
    end

    subgraph External["Related Sprints"]
        S4200[4200.0001.0002<br/>VEX Lattice]
        S4500[4500.0002.0001<br/>VEX Conflict Studio]
        S3500[3500 Series<br/>Score Proofs - DONE]
        S4100[4100.0003.0001<br/>Risk Verdict]
    end

    S7001 --> S4500
    S3500 --> S7003
    S7021 --> S4100
```

---

## Integration Points

### Scanner Module
- `StellaOps.Scanner.Benchmark` - New library for competitor comparison
- `StellaOps.Scanner.Emit` - Enhanced with lineage tracking
- `StellaOps.Scanner.Reachability` - 3-layer stack integration

### Policy Module
- `StellaOps.Policy.Explainability` - Assumption-set and falsifiability models

### Attestor Module
- Updated predicate schemas for explainability fields

---

## Success Criteria

### Batch 1: Competitive Moat

#### Sprint 7000.0001.0001 (Benchmarking)
- [ ] 50+ image corpus with ground-truth annotations
- [ ] Automated comparison against Trivy, Grype, Syft
- [ ] Precision/recall metrics published
- [ ] Claims index with evidence links

#### Sprint 7000.0001.0002 (SBOM Lineage)
- [ ] SBOM versioning with content-addressable storage
- [ ] Semantic diff between SBOM versions
- [ ] Lineage API operational
- [ ] Deterministic diff output

#### Sprint 7000.0001.0003 (Explainability)
- [ ] Assumption-set tracked for all findings
- [ ] Falsifiability criteria in explainer output
- [ ] Evidence-density confidence scores
- [ ] UI widget for assumption drill-down

#### Sprint 7000.0001.0004 (3-Layer Reachability)
- [ ] All 3 layers integrated in reachability analysis
- [ ] Binary loader resolution for ELF/PE
- [ ] Feature flag gating detection
- [ ] "Structurally proven" exploitability tier

### Batch 2: Explainable Triage

#### Sprint 7000.0002.0001 (Unified Confidence Model)
- [ ] ConfidenceScore model with 5-factor breakdown
- [ ] ConfidenceCalculator service
- [ ] Factor explanations with evidence links
- [ ] Bounded 0.0-1.0 scores

#### Sprint 7000.0002.0002 (Vulnerability-First UX API)
- [ ] FindingSummaryResponse with verdict/confidence chips
- [ ] ProofBadges for visual indicators
- [ ] Findings list and detail endpoints
- [ ] Drill-down into evidence graph

#### Sprint 7000.0003.0001 (Evidence Graph API)
- [ ] EvidenceGraphResponse with nodes and edges
- [ ] Signature status per evidence node
- [ ] Click-through to raw evidence
- [ ] OpenAPI documentation

#### Sprint 7000.0003.0002 (Reachability Mini-Map API)
- [ ] Condensed call paths
- [ ] Entrypoint to vulnerable component visualization
- [ ] Depth-limited graph extraction
- [ ] Path highlighting

#### Sprint 7000.0003.0003 (Runtime Timeline API)
- [ ] Time-windowed observation buckets
- [ ] Posture determination (Supports/Contradicts/Unknown)
- [ ] Significant event extraction
- [ ] Session correlation

#### Sprint 7000.0004.0001 (Progressive Fidelity)
- [ ] FidelityLevel enum (Quick/Standard/Deep)
- [ ] Fidelity-aware analyzer orchestration
- [ ] Configurable timeouts per level
- [ ] Fidelity upgrade endpoint

#### Sprint 7000.0004.0002 (Evidence Size Budgets)
- [ ] Per-scan evidence caps
- [ ] Retention tier management
- [ ] Size tracking and pruning
- [ ] Budget configuration API

#### Sprint 7000.0005.0001 (Quality KPIs)
- [ ] % non-UNKNOWN reachability >80%
- [ ] % runtime corroboration >50%
- [ ] Explainability completeness >95%
- [ ] Dashboard endpoint operational

---

## Module Structure

### Batch 1: Competitive Moat

```
src/Scanner/
├── __Libraries/
│   ├── StellaOps.Scanner.Benchmark/           # NEW: Competitor comparison
│   │   ├── Corpus/                            # Ground-truth corpus
│   │   ├── Harness/                           # Comparison harness
│   │   ├── Metrics/                           # Precision/recall
│   │   └── Claims/                            # Claims index
│   ├── StellaOps.Scanner.Emit/                # ENHANCED
│   │   └── Lineage/                           # SBOM lineage tracking
│   ├── StellaOps.Scanner.Explainability/      # NEW: Assumption/falsifiability
│   └── StellaOps.Scanner.Reachability/        # ENHANCED
│       └── Stack/                             # 3-layer integration

src/Policy/
├── __Libraries/
│   └── StellaOps.Policy.Explainability/       # NEW: Assumption models
```

### Batch 2: Explainable Triage

```
src/
├── Policy/
│   └── __Libraries/
│       └── StellaOps.Policy.Confidence/       # NEW: Confidence model
│           ├── Models/
│           │   ├── ConfidenceScore.cs
│           │   └── ConfidenceFactor.cs
│           └── Services/
│               └── ConfidenceCalculator.cs
├── Scanner/
│   └── __Libraries/
│       └── StellaOps.Scanner.Orchestration/   # NEW: Fidelity orchestration
│           └── Fidelity/
│               ├── FidelityLevel.cs
│               └── FidelityAwareAnalyzer.cs
├── Findings/
│   └── StellaOps.Findings.WebService/         # EXTEND: UX APIs
│       ├── Contracts/
│       │   ├── FindingSummaryResponse.cs
│       │   ├── EvidenceGraphResponse.cs
│       │   ├── ReachabilityMiniMap.cs
│       │   └── RuntimeTimeline.cs
│       └── Endpoints/
│           ├── FindingsEndpoints.cs
│           ├── EvidenceGraphEndpoints.cs
│           ├── ReachabilityMapEndpoints.cs
│           └── RuntimeTimelineEndpoints.cs
├── Evidence/                                   # NEW: Evidence management
│   └── StellaOps.Evidence/
│       ├── Budgets/
│       └── Retention/
└── Metrics/                                    # NEW: KPI tracking
    └── StellaOps.Metrics/
        └── Kpi/
            ├── TriageQualityKpis.cs
            └── KpiCollector.cs
```

---

## Documentation Created

### Batch 1: Competitive Moat

| Document | Location | Purpose |
|----------|----------|---------|
| Sprint Summary | `docs/implplan/SPRINT_7000_SUMMARY.md` | This file |
| Benchmarking Sprint | `docs/implplan/SPRINT_7000_0001_0001_competitive_benchmarking.md` | Sprint details |
| SBOM Lineage Sprint | `docs/implplan/SPRINT_7000_0001_0002_sbom_lineage.md` | Sprint details |
| Explainability Sprint | `docs/implplan/SPRINT_7000_0001_0003_explainability.md` | Sprint details |
| 3-Layer Reachability Sprint | `docs/implplan/SPRINT_7000_0001_0004_three_layer_reachability.md` | Sprint details |
| Claims Index | `docs/claims-index.md` | Verifiable competitive claims |
| Benchmark Architecture | `docs/modules/benchmark/architecture.md` | Module dossier |

### Batch 2: Explainable Triage

| Document | Location | Purpose |
|----------|----------|---------|
| Implementation Plan | `docs/modules/platform/explainable-triage-implementation-plan.md` | High-level plan |
| Unified Confidence Model | `docs/implplan/SPRINT_7000_0002_0001_unified_confidence_model.md` | Sprint details |
| Vulnerability-First UX API | `docs/implplan/SPRINT_7000_0002_0002_vulnerability_first_ux_api.md` | Sprint details |
| Evidence Graph API | `docs/implplan/SPRINT_7000_0003_0001_evidence_graph_api.md` | Sprint details |
| Reachability Mini-Map API | `docs/implplan/SPRINT_7000_0003_0002_reachability_minimap_api.md` | Sprint details |
| Runtime Timeline API | `docs/implplan/SPRINT_7000_0003_0003_runtime_timeline_api.md` | Sprint details |
| Progressive Fidelity Mode | `docs/implplan/SPRINT_7000_0004_0001_progressive_fidelity.md` | Sprint details |
| Evidence Size Budgets | `docs/implplan/SPRINT_7000_0004_0002_evidence_size_budgets.md` | Sprint details |
| Quality KPIs Tracking | `docs/implplan/SPRINT_7000_0005_0001_quality_kpis_tracking.md` | Sprint details |

---

## Related Work

### Completed (Leverage)
- **Sprint 3500**: Score Proofs, Unknowns Registry, Reachability foundations
- **Sprint 3600**: CycloneDX 1.7, SPDX 3.0.1 generation
- **EntryTrace**: Semantic, temporal, mesh, binary intelligence

### In Progress (Coordinate)
- **Sprint 4100**: Unknowns decay, knowledge snapshots
- **Sprint 4200**: Triage API, policy lattice
- **Sprint 5100**: Comprehensive testing strategy
- **Sprint 6000**: BinaryIndex module

### Planned (Accelerate)
- **Sprint 4500.0002.0001**: VEX Conflict Studio

---

## Execution Log

| Date (UTC) | Update | Owner |
|------------|--------|-------|
| 2025-12-22 | Batch 1 (Competitive Moat) created from 19-Dec-2025 advisory. 4 sprints defined. | Agent |
| 2025-12-22 | Batch 2 (Explainable Triage) added from 21-Dec-2025 advisory. 8 sprints defined (73 story points). | Claude |

---

**Epic Status**: PLANNING (0/12 sprints complete)