75f6942769
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
- Implemented MigrationCategoryTests to validate migration categorization for startup, release, seed, and data migrations. - Added tests for edge cases, including null, empty, and whitespace migration names. - Created StartupMigrationHostTests to verify the behavior of the migration host with real PostgreSQL instances using Testcontainers. - Included tests for migration execution, schema creation, and handling of pending release migrations. - Added SQL migration files for testing: creating a test table, adding a column, a release migration, and seeding data.
3.5 KiB
3.5 KiB
Sprint 0123 · Excititor Ingestion & Evidence (Phase V)
Topic & Scope
- Feed VEX Lens and Vuln Explorer with enriched, canonical evidence while keeping Excititor aggregation-only.
- Lock raw storage validation/idempotency and ship portable evidence bundles plus mirror registration APIs for air-gapped parity.
- Working directory:
src/Excititor(WebService, Core, Storage.Mongo) and docs/airgap.
Dependencies & Concurrency
- Depends on Phase IV outputs (timeline/locker/attestation) and mirror registration contract.
- Concurrency: storage validators/indexes first; VEX Lens/Vuln endpoints rely on canonicalization; portable bundles depend on mirror registration endpoints.
Documentation Prerequisites
- docs/modules/excititor/architecture.md
- docs/modules/excititor/implementation_plan.md
- docs/airgap/portable-evidence-bundle-verification.md
- Excititor AGENTS.md files (WebService, Core, Storage)
BLOCKED Tasks: Before working on BLOCKED tasks, review BLOCKED_DEPENDENCY_TREE.md for root blockers and dependencies.
Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
|---|---|---|---|---|---|
| 1 | EXCITITOR-VEXLENS-30-001 | DONE | None | Excititor WebService Guild · VEX Lens Guild | Export observations to VEX Lens with issuer hints, signature blobs, product tree snippets, staleness metadata; no consensus logic. |
| 2 | EXCITITOR-VULN-29-001 | DONE | None | Excititor WebService Guild | Canonicalize advisory/product keys (advisory_key), preserve originals in links[]; backfill + tests. |
| 3 | EXCITITOR-VULN-29-002 | DONE | Depends on 29-001 | Excititor WebService Guild | /vuln/evidence/vex/{advisory_key} returning tenant-scoped raw statements + provenance + attestation references; cursor pagination. |
| 4 | EXCITITOR-VULN-29-004 | DONE | Depends on 29-002 | Excititor WebService Guild · Observability Guild | Metrics/logs for normalization errors, suppression scopes, withdrawn statements for Vuln Explorer + Advisory AI dashboards. |
| 5 | EXCITITOR-STORE-AOC-19-001 | DONE | None | Excititor Storage Guild | Mongo JSON Schema validator for vex_raw; offline kit instructions. |
| 6 | EXCITITOR-STORE-AOC-19-002 | DONE | Depends on 19-001 | Excititor Storage Guild · DevOps Guild | Unique indexes/migrations/rollback steps for new validator. |
| 7 | EXCITITOR-AIRGAP-56-001 | DONE | None | Excititor WebService Guild · AirGap Importer Guild | Mirror bundle registration + provenance exposure, sealed-mode error mapping, staleness metrics. |
| 8 | EXCITITOR-AIRGAP-58-001 | DONE | Depends on 56-001 | Excititor Core Guild · Evidence Locker Guild | Portable evidence bundles linked to timeline + attestation metadata; verifier docs for Advisory AI. |
Execution Log
| Date (UTC) | Update | Owner |
|---|---|---|
| 2025-12-03 | Normalised sprint to standard template; working directory set; preserved statuses. | Planning |
Decisions & Risks
- Aggregation-only posture retained: exports and APIs do not compute verdicts.
- Validator rollout could impact ingestion; staged with rollback docs. Ensure unique indexes deployed before enabling enforcement.
- Portable bundle contents and mirror registration must stay aligned with Evidence Locker schemas; refresh docs/tests if schema evolves.
Next Checkpoints
- Re-run bundle verification scripts after any Evidence Locker manifest changes.
- Validate VEX Lens/Vuln Explorer still ingest canonicalized keys after downstream schema tweaks.