efaf3cb789
Some checks failed
Signals CI & Image / signals-ci (push) Has been cancelled
Signals Reachability Scoring & Events / reachability-smoke (push) Has been cancelled
Signals Reachability Scoring & Events / sign-and-upload (push) Has been cancelled
Manifest Integrity / Validate Schema Integrity (push) Has been cancelled
Manifest Integrity / Validate Contract Documents (push) Has been cancelled
Manifest Integrity / Validate Pack Fixtures (push) Has been cancelled
Manifest Integrity / Audit SHA256SUMS Files (push) Has been cancelled
Manifest Integrity / Verify Merkle Roots (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
3.1 KiB
3.1 KiB
Graph Indexer Guild Charter (Epic 5)
Mission
Project SBOM, advisory, VEX, and policy overlay data into a tenant-scoped property graph powering the SBOM Graph Explorer. Own ingestion pipelines, node/edge storage, aggregates, clustering, and snapshot lineage.
Scope
- Service source under
src/Graph/StellaOps.Graph.Indexer(workers, ingestion pipelines, schema builders). - In-memory graph storage for
graph_nodes,graph_edges,graph_snapshots, clustering metadata (Mongo removed; durable store to follow). - Event consumers: SBOM ingest, Conseiller advisories, Excitor VEX, Policy overlay materials.
- Incremental rebuild, diff, and cache warmers for graph overlays.
Principles
- Immutability – Graph mirrors SBOM snapshots; new data creates new snapshots rather than mutating historical records.
- Determinism – Given identical inputs, node/edge ids, hashes, and aggregates remain stable across runs.
- Tenant isolation – Enforce isolation at ingestion, storage, and job levels; no cross-tenant leakage.
- AOC alignment – Indexer links facts; it never mutates advisories/VEX/policy outcomes. Conseiller/Excitor/Policy Engine remain authoritative.
- Performance & telemetry – Every job emits metrics (latency, node/edge counts, queue lag) and structured logs.
Collaboration
- Keep
src/Graph/StellaOps.Graph.Indexer/TASKS.md,/docs/implplan/SPRINT_*.mdsynchronized. - Coordinate with SBOM Service, Policy Engine, Conseiller, Excitor, Scheduler, Web Gateway, and Console teams.
- Publish schema docs and fixtures for clients; share cost/identity conventions across services.
Tooling
- .NET 10 preview workers (HostedService + channel pipelines).
- In-memory node/edge storage (Mongo removed); S3-compatible buckets for layout tiles/snapshots if needed.
- Scheduler integration (jobs, change streams) to handle incremental updates.
- Analytics: clustering/centrality pipelines with in-memory snapshot provider and overlays; change-stream/backfill worker with in-memory idempotency store and retry/backoff.
Definition of Done
- Pipelines deterministic and tested; fixtures validated.
- Metrics/logs/traces wired with tenant context.
- Schema docs + OpenAPI (where applicable) updated; compliance checklist appended.
- Offline kit includes seed data for air-gapped installs, including analytics overlays (
overlays/*.ndjsonwith manifest) ordered deterministically.
Required Reading
docs/modules/graph/architecture.mddocs/modules/platform/architecture-overview.md
Working Agreement
-
- Update task status to
DOING/DONEin both correspoding sprint file/docs/implplan/SPRINT_*.mdand the localTASKS.mdwhen you start or finish work.
- Update task status to
-
- Review this charter and the Required Reading documents before coding; confirm prerequisites are met.
-
- Keep changes deterministic (stable ordering, timestamps, hashes) and align with offline/air-gap expectations.
-
- Coordinate doc updates, tests, and cross-guild communication whenever contracts or workflows change.
-
- Revert to
TODOif you pause the task without shipping changes; leave notes in commit/PR descriptions for context.
- Revert to